From 954c01728e0c7485b72c9a5d5737e5f6bd0cf0b9 Mon Sep 17 00:00:00 2001 From: Heimdal Import User Date: Mon, 11 Jul 2005 01:16:55 +0000 Subject: r8302: import mini HEIMDAL into the tree (This used to be commit 118be28a7aef233799956615a99d1a2a74dac175) --- source4/heimdal/kdc/524.c | 395 ++ source4/heimdal/kdc/default_config.c | 61 + source4/heimdal/kdc/headers.h | 101 + source4/heimdal/kdc/kaserver.c | 908 +++++ source4/heimdal/kdc/kdc-protos.h | 68 + source4/heimdal/kdc/kdc.h | 81 + source4/heimdal/kdc/kdc_locl.h | 154 + source4/heimdal/kdc/kerberos4.c | 783 ++++ source4/heimdal/kdc/kerberos5.c | 2422 +++++++++++ source4/heimdal/kdc/log.c | 89 + source4/heimdal/kdc/misc.c | 84 + source4/heimdal/kdc/pkinit.c | 1607 ++++++++ source4/heimdal/kdc/process.c | 117 + source4/heimdal/kdc/rx.h | 79 + source4/heimdal/lib/asn1/asn1-common.h | 22 + source4/heimdal/lib/asn1/asn1_err.et | 20 + source4/heimdal/lib/asn1/der.h | 180 + source4/heimdal/lib/asn1/der_cmp.c | 54 + source4/heimdal/lib/asn1/der_copy.c | 68 + source4/heimdal/lib/asn1/der_free.c | 57 + source4/heimdal/lib/asn1/der_get.c | 533 +++ source4/heimdal/lib/asn1/der_length.c | 175 + source4/heimdal/lib/asn1/der_locl.h | 59 + source4/heimdal/lib/asn1/der_put.c | 467 +++ source4/heimdal/lib/asn1/gen.c | 510 +++ source4/heimdal/lib/asn1/gen_copy.c | 157 + source4/heimdal/lib/asn1/gen_decode.c | 419 ++ source4/heimdal/lib/asn1/gen_encode.c | 287 ++ source4/heimdal/lib/asn1/gen_free.c | 143 + source4/heimdal/lib/asn1/gen_glue.c | 147 + source4/heimdal/lib/asn1/gen_length.c | 188 + source4/heimdal/lib/asn1/gen_locl.h | 77 + source4/heimdal/lib/asn1/hash.c | 207 + source4/heimdal/lib/asn1/hash.h | 87 + source4/heimdal/lib/asn1/k5.asn1 | 590 +++ source4/heimdal/lib/asn1/lex.h | 41 + source4/heimdal/lib/asn1/lex.l | 186 + source4/heimdal/lib/asn1/main.c | 90 + source4/heimdal/lib/asn1/parse.y | 295 ++ source4/heimdal/lib/asn1/symbol.c | 90 + source4/heimdal/lib/asn1/symbol.h | 99 + source4/heimdal/lib/asn1/timegm.c | 71 + source4/heimdal/lib/com_err/com_err.c | 172 + source4/heimdal/lib/com_err/com_err.h | 66 + source4/heimdal/lib/com_err/com_right.h | 58 + source4/heimdal/lib/com_err/compile_et.c | 236 ++ source4/heimdal/lib/com_err/compile_et.h | 80 + source4/heimdal/lib/com_err/error.c | 91 + source4/heimdal/lib/com_err/lex.h | 39 + source4/heimdal/lib/com_err/lex.l | 128 + source4/heimdal/lib/com_err/parse.y | 173 + source4/heimdal/lib/des/aes.c | 124 + source4/heimdal/lib/des/aes.h | 60 + source4/heimdal/lib/des/des-tables.h | 196 + source4/heimdal/lib/des/des.c | 954 +++++ source4/heimdal/lib/des/des.h | 92 + source4/heimdal/lib/des/hash.h | 71 + source4/heimdal/lib/des/md4.c | 250 ++ source4/heimdal/lib/des/md4.h | 51 + source4/heimdal/lib/des/md5.c | 274 ++ source4/heimdal/lib/des/md5.h | 51 + source4/heimdal/lib/des/rc2.c | 243 ++ source4/heimdal/lib/des/rc2.h | 61 + source4/heimdal/lib/des/rc4.c | 82 + source4/heimdal/lib/des/rc4.h | 42 + source4/heimdal/lib/des/rijndael-alg-fst.c | 1231 ++++++ source4/heimdal/lib/des/rijndael-alg-fst.h | 40 + source4/heimdal/lib/des/rnd_keys.c | 503 +++ source4/heimdal/lib/des/sha.c | 300 ++ source4/heimdal/lib/des/sha.h | 51 + source4/heimdal/lib/des/ui.c | 154 + source4/heimdal/lib/gssapi/8003.c | 246 ++ source4/heimdal/lib/gssapi/accept_sec_context.c | 1118 ++++++ source4/heimdal/lib/gssapi/acquire_cred.c | 376 ++ source4/heimdal/lib/gssapi/add_oid_set_member.c | 69 + source4/heimdal/lib/gssapi/address_to_krb5addr.c | 76 + source4/heimdal/lib/gssapi/arcfour.c | 660 +++ source4/heimdal/lib/gssapi/arcfour.h | 74 + source4/heimdal/lib/gssapi/ccache_name.c | 80 + source4/heimdal/lib/gssapi/cfx.c | 841 ++++ source4/heimdal/lib/gssapi/cfx.h | 104 + source4/heimdal/lib/gssapi/compat.c | 154 + source4/heimdal/lib/gssapi/context_time.c | 87 + source4/heimdal/lib/gssapi/copy_ccache.c | 134 + source4/heimdal/lib/gssapi/create_emtpy_oid_set.c | 52 + source4/heimdal/lib/gssapi/decapsulate.c | 209 + source4/heimdal/lib/gssapi/delete_sec_context.c | 77 + source4/heimdal/lib/gssapi/display_name.c | 73 + source4/heimdal/lib/gssapi/display_status.c | 208 + source4/heimdal/lib/gssapi/duplicate_name.c | 59 + source4/heimdal/lib/gssapi/encapsulate.c | 153 + source4/heimdal/lib/gssapi/external.c | 270 ++ source4/heimdal/lib/gssapi/get_mic.c | 302 ++ source4/heimdal/lib/gssapi/gssapi.h | 826 ++++ source4/heimdal/lib/gssapi/gssapi_locl.h | 295 ++ source4/heimdal/lib/gssapi/import_name.c | 229 ++ source4/heimdal/lib/gssapi/init.c | 111 + source4/heimdal/lib/gssapi/init_sec_context.c | 1261 ++++++ source4/heimdal/lib/gssapi/inquire_cred.c | 123 + source4/heimdal/lib/gssapi/release_buffer.c | 48 + source4/heimdal/lib/gssapi/release_cred.c | 73 + source4/heimdal/lib/gssapi/release_name.c | 50 + source4/heimdal/lib/gssapi/release_oid_set.c | 49 + source4/heimdal/lib/gssapi/sequence.c | 189 + source4/heimdal/lib/gssapi/spnego.asn1 | 42 + source4/heimdal/lib/gssapi/test_oid_set_member.c | 55 + source4/heimdal/lib/gssapi/unwrap.c | 413 ++ source4/heimdal/lib/gssapi/verify_mic.c | 336 ++ source4/heimdal/lib/gssapi/wrap.c | 533 +++ source4/heimdal/lib/hdb/db.c | 306 ++ source4/heimdal/lib/hdb/hdb-private.h | 25 + source4/heimdal/lib/hdb/hdb-protos.h | 247 ++ source4/heimdal/lib/hdb/hdb.asn1 | 70 + source4/heimdal/lib/hdb/hdb.c | 373 ++ source4/heimdal/lib/hdb/hdb.h | 102 + source4/heimdal/lib/hdb/hdb_err.et | 27 + source4/heimdal/lib/hdb/hdb_locl.h | 67 + source4/heimdal/lib/hdb/keys.c | 393 ++ source4/heimdal/lib/hdb/ndbm.c | 369 ++ source4/heimdal/lib/krb5/acache.c | 781 ++++ source4/heimdal/lib/krb5/add_et_list.c | 50 + source4/heimdal/lib/krb5/addr_families.c | 1180 ++++++ source4/heimdal/lib/krb5/appdefault.c | 142 + source4/heimdal/lib/krb5/asn1_glue.c | 59 + source4/heimdal/lib/krb5/auth_context.c | 517 +++ source4/heimdal/lib/krb5/build_ap_req.c | 76 + source4/heimdal/lib/krb5/build_auth.c | 205 + source4/heimdal/lib/krb5/cache.c | 657 +++ source4/heimdal/lib/krb5/changepw.c | 816 ++++ source4/heimdal/lib/krb5/codec.c | 196 + source4/heimdal/lib/krb5/config_file.c | 773 ++++ source4/heimdal/lib/krb5/config_file_netinfo.c | 180 + source4/heimdal/lib/krb5/constants.c | 43 + source4/heimdal/lib/krb5/context.c | 663 ++++ source4/heimdal/lib/krb5/copy_host_realm.c | 69 + source4/heimdal/lib/krb5/crc.c | 71 + source4/heimdal/lib/krb5/creds.c | 215 + source4/heimdal/lib/krb5/crypto.c | 4410 +++++++++++++++++++++ source4/heimdal/lib/krb5/data.c | 119 + source4/heimdal/lib/krb5/eai_to_heim_errno.c | 98 + source4/heimdal/lib/krb5/error_string.c | 109 + source4/heimdal/lib/krb5/expand_hostname.c | 153 + source4/heimdal/lib/krb5/fcache.c | 718 ++++ source4/heimdal/lib/krb5/free.c | 53 + source4/heimdal/lib/krb5/free_host_realm.c | 54 + source4/heimdal/lib/krb5/generate_seq_number.c | 62 + source4/heimdal/lib/krb5/generate_subkey.c | 72 + source4/heimdal/lib/krb5/get_addrs.c | 291 ++ source4/heimdal/lib/krb5/get_cred.c | 909 +++++ source4/heimdal/lib/krb5/get_default_principal.c | 115 + source4/heimdal/lib/krb5/get_default_realm.c | 84 + source4/heimdal/lib/krb5/get_for_creds.c | 427 ++ source4/heimdal/lib/krb5/get_host_realm.c | 220 + source4/heimdal/lib/krb5/get_in_tkt.c | 823 ++++ source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c | 99 + source4/heimdal/lib/krb5/get_port.c | 54 + source4/heimdal/lib/krb5/heim_err.et | 44 + source4/heimdal/lib/krb5/heim_threads.h | 175 + source4/heimdal/lib/krb5/init_creds.c | 331 ++ source4/heimdal/lib/krb5/init_creds_pw.c | 1554 ++++++++ source4/heimdal/lib/krb5/k524_err.et | 20 + source4/heimdal/lib/krb5/kcm.c | 1095 +++++ source4/heimdal/lib/krb5/keyblock.c | 133 + source4/heimdal/lib/krb5/keytab.c | 491 +++ source4/heimdal/lib/krb5/keytab_any.c | 256 ++ source4/heimdal/lib/krb5/keytab_file.c | 678 ++++ source4/heimdal/lib/krb5/keytab_keyfile.c | 389 ++ source4/heimdal/lib/krb5/keytab_krb4.c | 443 +++ source4/heimdal/lib/krb5/keytab_memory.c | 229 ++ source4/heimdal/lib/krb5/krb5-private.h | 358 ++ source4/heimdal/lib/krb5/krb5-protos.h | 3407 ++++++++++++++++ source4/heimdal/lib/krb5/krb5-v4compat.h | 176 + source4/heimdal/lib/krb5/krb5.h | 754 ++++ source4/heimdal/lib/krb5/krb5_ccapi.h | 215 + source4/heimdal/lib/krb5/krb5_err.et | 258 ++ source4/heimdal/lib/krb5/krb5_locl.h | 188 + source4/heimdal/lib/krb5/krbhst.c | 861 ++++ source4/heimdal/lib/krb5/log.c | 467 +++ source4/heimdal/lib/krb5/mcache.c | 353 ++ source4/heimdal/lib/krb5/misc.c | 36 + source4/heimdal/lib/krb5/mit_glue.c | 327 ++ source4/heimdal/lib/krb5/mk_error.c | 92 + source4/heimdal/lib/krb5/mk_priv.c | 153 + source4/heimdal/lib/krb5/mk_rep.c | 126 + source4/heimdal/lib/krb5/mk_req.c | 116 + source4/heimdal/lib/krb5/mk_req_ext.c | 180 + source4/heimdal/lib/krb5/n-fold.c | 126 + source4/heimdal/lib/krb5/padata.c | 66 + source4/heimdal/lib/krb5/pkinit.c | 2583 ++++++++++++ source4/heimdal/lib/krb5/principal.c | 1125 ++++++ source4/heimdal/lib/krb5/rd_cred.c | 299 ++ source4/heimdal/lib/krb5/rd_error.c | 121 + source4/heimdal/lib/krb5/rd_priv.c | 176 + source4/heimdal/lib/krb5/rd_rep.c | 133 + source4/heimdal/lib/krb5/rd_req.c | 649 +++ source4/heimdal/lib/krb5/replay.c | 304 ++ source4/heimdal/lib/krb5/send_to_kdc.c | 416 ++ source4/heimdal/lib/krb5/set_default_realm.c | 90 + source4/heimdal/lib/krb5/store-int.h | 47 + source4/heimdal/lib/krb5/store.c | 888 +++++ source4/heimdal/lib/krb5/store_emem.c | 132 + source4/heimdal/lib/krb5/store_fd.c | 95 + source4/heimdal/lib/krb5/store_mem.c | 119 + source4/heimdal/lib/krb5/ticket.c | 125 + source4/heimdal/lib/krb5/time.c | 114 + source4/heimdal/lib/krb5/transited.c | 481 +++ source4/heimdal/lib/krb5/v4_glue.c | 922 +++++ source4/heimdal/lib/krb5/version.c | 43 + source4/heimdal/lib/krb5/warn.c | 205 + source4/heimdal/lib/roken/base64.c | 136 + source4/heimdal/lib/roken/base64.h | 53 + source4/heimdal/lib/roken/bswap.c | 61 + source4/heimdal/lib/roken/emalloc.c | 56 + source4/heimdal/lib/roken/get_window_size.c | 102 + source4/heimdal/lib/roken/getarg.c | 595 +++ source4/heimdal/lib/roken/getarg.h | 102 + source4/heimdal/lib/roken/getifaddrs.c | 1186 ++++++ source4/heimdal/lib/roken/getprogname.c | 51 + source4/heimdal/lib/roken/h_errno.c | 41 + source4/heimdal/lib/roken/issuid.c | 59 + source4/heimdal/lib/roken/net_read.c | 74 + source4/heimdal/lib/roken/net_write.c | 72 + source4/heimdal/lib/roken/parse_time.c | 78 + source4/heimdal/lib/roken/parse_time.h | 59 + source4/heimdal/lib/roken/parse_units.c | 330 ++ source4/heimdal/lib/roken/parse_units.h | 79 + source4/heimdal/lib/roken/print_version.c | 78 + source4/heimdal/lib/roken/resolve.c | 690 ++++ source4/heimdal/lib/roken/resolve.h | 298 ++ source4/heimdal/lib/roken/roken-common.h | 399 ++ source4/heimdal/lib/roken/roken.h | 688 ++++ source4/heimdal/lib/roken/roken_gethostby.c | 274 ++ source4/heimdal/lib/roken/setprogname.c | 61 + source4/heimdal/lib/roken/signal.c | 80 + source4/heimdal/lib/roken/strlwr.c | 53 + source4/heimdal/lib/roken/strpool.c | 111 + source4/heimdal/lib/roken/strsep_copy.c | 69 + source4/heimdal/lib/roken/strupr.c | 53 + source4/heimdal/lib/roken/vis.c | 330 ++ source4/heimdal/lib/roken/vis.hin | 98 + 240 files changed, 75318 insertions(+) create mode 100644 source4/heimdal/kdc/524.c create mode 100644 source4/heimdal/kdc/default_config.c create mode 100644 source4/heimdal/kdc/headers.h create mode 100644 source4/heimdal/kdc/kaserver.c create mode 100644 source4/heimdal/kdc/kdc-protos.h create mode 100644 source4/heimdal/kdc/kdc.h create mode 100644 source4/heimdal/kdc/kdc_locl.h create mode 100644 source4/heimdal/kdc/kerberos4.c create mode 100644 source4/heimdal/kdc/kerberos5.c create mode 100644 source4/heimdal/kdc/log.c create mode 100644 source4/heimdal/kdc/misc.c create mode 100755 source4/heimdal/kdc/pkinit.c create mode 100644 source4/heimdal/kdc/process.c create mode 100644 source4/heimdal/kdc/rx.h create mode 100644 source4/heimdal/lib/asn1/asn1-common.h create mode 100644 source4/heimdal/lib/asn1/asn1_err.et create mode 100644 source4/heimdal/lib/asn1/der.h create mode 100755 source4/heimdal/lib/asn1/der_cmp.c create mode 100644 source4/heimdal/lib/asn1/der_copy.c create mode 100644 source4/heimdal/lib/asn1/der_free.c create mode 100644 source4/heimdal/lib/asn1/der_get.c create mode 100644 source4/heimdal/lib/asn1/der_length.c create mode 100644 source4/heimdal/lib/asn1/der_locl.h create mode 100644 source4/heimdal/lib/asn1/der_put.c create mode 100644 source4/heimdal/lib/asn1/gen.c create mode 100644 source4/heimdal/lib/asn1/gen_copy.c create mode 100644 source4/heimdal/lib/asn1/gen_decode.c create mode 100644 source4/heimdal/lib/asn1/gen_encode.c create mode 100644 source4/heimdal/lib/asn1/gen_free.c create mode 100644 source4/heimdal/lib/asn1/gen_glue.c create mode 100644 source4/heimdal/lib/asn1/gen_length.c create mode 100644 source4/heimdal/lib/asn1/gen_locl.h create mode 100644 source4/heimdal/lib/asn1/hash.c create mode 100644 source4/heimdal/lib/asn1/hash.h create mode 100644 source4/heimdal/lib/asn1/k5.asn1 create mode 100644 source4/heimdal/lib/asn1/lex.h create mode 100644 source4/heimdal/lib/asn1/lex.l create mode 100644 source4/heimdal/lib/asn1/main.c create mode 100644 source4/heimdal/lib/asn1/parse.y create mode 100644 source4/heimdal/lib/asn1/symbol.c create mode 100644 source4/heimdal/lib/asn1/symbol.h create mode 100644 source4/heimdal/lib/asn1/timegm.c create mode 100644 source4/heimdal/lib/com_err/com_err.c create mode 100644 source4/heimdal/lib/com_err/com_err.h create mode 100644 source4/heimdal/lib/com_err/com_right.h create mode 100644 source4/heimdal/lib/com_err/compile_et.c create mode 100644 source4/heimdal/lib/com_err/compile_et.h create mode 100644 source4/heimdal/lib/com_err/error.c create mode 100644 source4/heimdal/lib/com_err/lex.h create mode 100644 source4/heimdal/lib/com_err/lex.l create mode 100644 source4/heimdal/lib/com_err/parse.y create mode 100755 source4/heimdal/lib/des/aes.c create mode 100755 source4/heimdal/lib/des/aes.h create mode 100644 source4/heimdal/lib/des/des-tables.h create mode 100644 source4/heimdal/lib/des/des.c create mode 100644 source4/heimdal/lib/des/des.h create mode 100644 source4/heimdal/lib/des/hash.h create mode 100644 source4/heimdal/lib/des/md4.c create mode 100644 source4/heimdal/lib/des/md4.h create mode 100644 source4/heimdal/lib/des/md5.c create mode 100644 source4/heimdal/lib/des/md5.h create mode 100755 source4/heimdal/lib/des/rc2.c create mode 100755 source4/heimdal/lib/des/rc2.h create mode 100755 source4/heimdal/lib/des/rc4.c create mode 100644 source4/heimdal/lib/des/rc4.h create mode 100755 source4/heimdal/lib/des/rijndael-alg-fst.c create mode 100755 source4/heimdal/lib/des/rijndael-alg-fst.h create mode 100644 source4/heimdal/lib/des/rnd_keys.c create mode 100644 source4/heimdal/lib/des/sha.c create mode 100644 source4/heimdal/lib/des/sha.h create mode 100644 source4/heimdal/lib/des/ui.c create mode 100644 source4/heimdal/lib/gssapi/8003.c create mode 100644 source4/heimdal/lib/gssapi/accept_sec_context.c create mode 100644 source4/heimdal/lib/gssapi/acquire_cred.c create mode 100644 source4/heimdal/lib/gssapi/add_oid_set_member.c create mode 100644 source4/heimdal/lib/gssapi/address_to_krb5addr.c create mode 100644 source4/heimdal/lib/gssapi/arcfour.c create mode 100644 source4/heimdal/lib/gssapi/arcfour.h create mode 100755 source4/heimdal/lib/gssapi/ccache_name.c create mode 100755 source4/heimdal/lib/gssapi/cfx.c create mode 100755 source4/heimdal/lib/gssapi/cfx.h create mode 100644 source4/heimdal/lib/gssapi/compat.c create mode 100644 source4/heimdal/lib/gssapi/context_time.c create mode 100644 source4/heimdal/lib/gssapi/copy_ccache.c create mode 100644 source4/heimdal/lib/gssapi/create_emtpy_oid_set.c create mode 100644 source4/heimdal/lib/gssapi/decapsulate.c create mode 100644 source4/heimdal/lib/gssapi/delete_sec_context.c create mode 100644 source4/heimdal/lib/gssapi/display_name.c create mode 100644 source4/heimdal/lib/gssapi/display_status.c create mode 100644 source4/heimdal/lib/gssapi/duplicate_name.c create mode 100644 source4/heimdal/lib/gssapi/encapsulate.c create mode 100644 source4/heimdal/lib/gssapi/external.c create mode 100644 source4/heimdal/lib/gssapi/get_mic.c create mode 100644 source4/heimdal/lib/gssapi/gssapi.h create mode 100644 source4/heimdal/lib/gssapi/gssapi_locl.h create mode 100644 source4/heimdal/lib/gssapi/import_name.c create mode 100644 source4/heimdal/lib/gssapi/init.c create mode 100644 source4/heimdal/lib/gssapi/init_sec_context.c create mode 100644 source4/heimdal/lib/gssapi/inquire_cred.c create mode 100644 source4/heimdal/lib/gssapi/release_buffer.c create mode 100644 source4/heimdal/lib/gssapi/release_cred.c create mode 100644 source4/heimdal/lib/gssapi/release_name.c create mode 100644 source4/heimdal/lib/gssapi/release_oid_set.c create mode 100755 source4/heimdal/lib/gssapi/sequence.c create mode 100755 source4/heimdal/lib/gssapi/spnego.asn1 create mode 100644 source4/heimdal/lib/gssapi/test_oid_set_member.c create mode 100644 source4/heimdal/lib/gssapi/unwrap.c create mode 100644 source4/heimdal/lib/gssapi/verify_mic.c create mode 100644 source4/heimdal/lib/gssapi/wrap.c create mode 100644 source4/heimdal/lib/hdb/db.c create mode 100644 source4/heimdal/lib/hdb/hdb-private.h create mode 100644 source4/heimdal/lib/hdb/hdb-protos.h create mode 100644 source4/heimdal/lib/hdb/hdb.asn1 create mode 100644 source4/heimdal/lib/hdb/hdb.c create mode 100644 source4/heimdal/lib/hdb/hdb.h create mode 100644 source4/heimdal/lib/hdb/hdb_err.et create mode 100644 source4/heimdal/lib/hdb/hdb_locl.h create mode 100644 source4/heimdal/lib/hdb/keys.c create mode 100644 source4/heimdal/lib/hdb/ndbm.c create mode 100644 source4/heimdal/lib/krb5/acache.c create mode 100644 source4/heimdal/lib/krb5/add_et_list.c create mode 100644 source4/heimdal/lib/krb5/addr_families.c create mode 100644 source4/heimdal/lib/krb5/appdefault.c create mode 100644 source4/heimdal/lib/krb5/asn1_glue.c create mode 100644 source4/heimdal/lib/krb5/auth_context.c create mode 100644 source4/heimdal/lib/krb5/build_ap_req.c create mode 100644 source4/heimdal/lib/krb5/build_auth.c create mode 100644 source4/heimdal/lib/krb5/cache.c create mode 100644 source4/heimdal/lib/krb5/changepw.c create mode 100644 source4/heimdal/lib/krb5/codec.c create mode 100644 source4/heimdal/lib/krb5/config_file.c create mode 100644 source4/heimdal/lib/krb5/config_file_netinfo.c create mode 100644 source4/heimdal/lib/krb5/constants.c create mode 100644 source4/heimdal/lib/krb5/context.c create mode 100644 source4/heimdal/lib/krb5/copy_host_realm.c create mode 100644 source4/heimdal/lib/krb5/crc.c create mode 100644 source4/heimdal/lib/krb5/creds.c create mode 100644 source4/heimdal/lib/krb5/crypto.c create mode 100644 source4/heimdal/lib/krb5/data.c create mode 100644 source4/heimdal/lib/krb5/eai_to_heim_errno.c create mode 100644 source4/heimdal/lib/krb5/error_string.c create mode 100644 source4/heimdal/lib/krb5/expand_hostname.c create mode 100644 source4/heimdal/lib/krb5/fcache.c create mode 100644 source4/heimdal/lib/krb5/free.c create mode 100644 source4/heimdal/lib/krb5/free_host_realm.c create mode 100644 source4/heimdal/lib/krb5/generate_seq_number.c create mode 100644 source4/heimdal/lib/krb5/generate_subkey.c create mode 100644 source4/heimdal/lib/krb5/get_addrs.c create mode 100644 source4/heimdal/lib/krb5/get_cred.c create mode 100644 source4/heimdal/lib/krb5/get_default_principal.c create mode 100644 source4/heimdal/lib/krb5/get_default_realm.c create mode 100644 source4/heimdal/lib/krb5/get_for_creds.c create mode 100644 source4/heimdal/lib/krb5/get_host_realm.c create mode 100644 source4/heimdal/lib/krb5/get_in_tkt.c create mode 100644 source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c create mode 100644 source4/heimdal/lib/krb5/get_port.c create mode 100644 source4/heimdal/lib/krb5/heim_err.et create mode 100755 source4/heimdal/lib/krb5/heim_threads.h create mode 100644 source4/heimdal/lib/krb5/init_creds.c create mode 100644 source4/heimdal/lib/krb5/init_creds_pw.c create mode 100644 source4/heimdal/lib/krb5/k524_err.et create mode 100644 source4/heimdal/lib/krb5/kcm.c create mode 100644 source4/heimdal/lib/krb5/keyblock.c create mode 100644 source4/heimdal/lib/krb5/keytab.c create mode 100644 source4/heimdal/lib/krb5/keytab_any.c create mode 100644 source4/heimdal/lib/krb5/keytab_file.c create mode 100644 source4/heimdal/lib/krb5/keytab_keyfile.c create mode 100644 source4/heimdal/lib/krb5/keytab_krb4.c create mode 100644 source4/heimdal/lib/krb5/keytab_memory.c create mode 100644 source4/heimdal/lib/krb5/krb5-private.h create mode 100644 source4/heimdal/lib/krb5/krb5-protos.h create mode 100644 source4/heimdal/lib/krb5/krb5-v4compat.h create mode 100644 source4/heimdal/lib/krb5/krb5.h create mode 100644 source4/heimdal/lib/krb5/krb5_ccapi.h create mode 100644 source4/heimdal/lib/krb5/krb5_err.et create mode 100644 source4/heimdal/lib/krb5/krb5_locl.h create mode 100644 source4/heimdal/lib/krb5/krbhst.c create mode 100644 source4/heimdal/lib/krb5/log.c create mode 100644 source4/heimdal/lib/krb5/mcache.c create mode 100644 source4/heimdal/lib/krb5/misc.c create mode 100755 source4/heimdal/lib/krb5/mit_glue.c create mode 100644 source4/heimdal/lib/krb5/mk_error.c create mode 100644 source4/heimdal/lib/krb5/mk_priv.c create mode 100644 source4/heimdal/lib/krb5/mk_rep.c create mode 100644 source4/heimdal/lib/krb5/mk_req.c create mode 100644 source4/heimdal/lib/krb5/mk_req_ext.c create mode 100644 source4/heimdal/lib/krb5/n-fold.c create mode 100644 source4/heimdal/lib/krb5/padata.c create mode 100755 source4/heimdal/lib/krb5/pkinit.c create mode 100644 source4/heimdal/lib/krb5/principal.c create mode 100644 source4/heimdal/lib/krb5/rd_cred.c create mode 100644 source4/heimdal/lib/krb5/rd_error.c create mode 100644 source4/heimdal/lib/krb5/rd_priv.c create mode 100644 source4/heimdal/lib/krb5/rd_rep.c create mode 100644 source4/heimdal/lib/krb5/rd_req.c create mode 100644 source4/heimdal/lib/krb5/replay.c create mode 100644 source4/heimdal/lib/krb5/send_to_kdc.c create mode 100644 source4/heimdal/lib/krb5/set_default_realm.c create mode 100644 source4/heimdal/lib/krb5/store-int.h create mode 100644 source4/heimdal/lib/krb5/store.c create mode 100644 source4/heimdal/lib/krb5/store_emem.c create mode 100644 source4/heimdal/lib/krb5/store_fd.c create mode 100644 source4/heimdal/lib/krb5/store_mem.c create mode 100644 source4/heimdal/lib/krb5/ticket.c create mode 100644 source4/heimdal/lib/krb5/time.c create mode 100644 source4/heimdal/lib/krb5/transited.c create mode 100644 source4/heimdal/lib/krb5/v4_glue.c create mode 100644 source4/heimdal/lib/krb5/version.c create mode 100644 source4/heimdal/lib/krb5/warn.c create mode 100644 source4/heimdal/lib/roken/base64.c create mode 100644 source4/heimdal/lib/roken/base64.h create mode 100644 source4/heimdal/lib/roken/bswap.c create mode 100644 source4/heimdal/lib/roken/emalloc.c create mode 100644 source4/heimdal/lib/roken/get_window_size.c create mode 100644 source4/heimdal/lib/roken/getarg.c create mode 100644 source4/heimdal/lib/roken/getarg.h create mode 100644 source4/heimdal/lib/roken/getifaddrs.c create mode 100644 source4/heimdal/lib/roken/getprogname.c create mode 100644 source4/heimdal/lib/roken/h_errno.c create mode 100644 source4/heimdal/lib/roken/issuid.c create mode 100644 source4/heimdal/lib/roken/net_read.c create mode 100644 source4/heimdal/lib/roken/net_write.c create mode 100644 source4/heimdal/lib/roken/parse_time.c create mode 100644 source4/heimdal/lib/roken/parse_time.h create mode 100644 source4/heimdal/lib/roken/parse_units.c create mode 100644 source4/heimdal/lib/roken/parse_units.h create mode 100644 source4/heimdal/lib/roken/print_version.c create mode 100644 source4/heimdal/lib/roken/resolve.c create mode 100644 source4/heimdal/lib/roken/resolve.h create mode 100644 source4/heimdal/lib/roken/roken-common.h create mode 100644 source4/heimdal/lib/roken/roken.h create mode 100644 source4/heimdal/lib/roken/roken_gethostby.c create mode 100644 source4/heimdal/lib/roken/setprogname.c create mode 100644 source4/heimdal/lib/roken/signal.c create mode 100644 source4/heimdal/lib/roken/strlwr.c create mode 100644 source4/heimdal/lib/roken/strpool.c create mode 100644 source4/heimdal/lib/roken/strsep_copy.c create mode 100644 source4/heimdal/lib/roken/strupr.c create mode 100644 source4/heimdal/lib/roken/vis.c create mode 100644 source4/heimdal/lib/roken/vis.hin (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/524.c b/source4/heimdal/kdc/524.c new file mode 100644 index 0000000000..497539b2e0 --- /dev/null +++ b/source4/heimdal/kdc/524.c @@ -0,0 +1,395 @@ +/* + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdc_locl.h" + +RCSID("$Id: 524.c,v 1.34 2005/06/30 01:47:35 lha Exp $"); + +#include + +/* + * fetch the server from `t', returning the name in malloced memory in + * `spn' and the entry itself in `server' + */ + +static krb5_error_code +fetch_server (krb5_context context, + krb5_kdc_configuration *config, + const Ticket *t, + char **spn, + hdb_entry **server, + const char *from) +{ + krb5_error_code ret; + krb5_principal sprinc; + + ret = _krb5_principalname2krb5_principal(&sprinc, t->sname, t->realm); + if (ret) { + kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s", + krb5_get_err_text(context, ret)); + return ret; + } + ret = krb5_unparse_name(context, sprinc, spn); + if (ret) { + krb5_free_principal(context, sprinc); + kdc_log(context, config, 0, "krb5_unparse_name: %s", + krb5_get_err_text(context, ret)); + return ret; + } + ret = _kdc_db_fetch(context, config, sprinc, HDB_ENT_TYPE_SERVER, server); + krb5_free_principal(context, sprinc); + if (ret) { + kdc_log(context, config, 0, + "Request to convert ticket from %s for unknown principal %s: %s", + from, *spn, krb5_get_err_text(context, ret)); + if (ret == HDB_ERR_NOENTRY) + ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; + return ret; + } + return 0; +} + +static krb5_error_code +log_524 (krb5_context context, + krb5_kdc_configuration *config, + const EncTicketPart *et, + const char *from, + const char *spn) +{ + krb5_principal client; + char *cpn; + krb5_error_code ret; + + ret = _krb5_principalname2krb5_principal(&client, et->cname, et->crealm); + if (ret) { + kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s", + krb5_get_err_text (context, ret)); + return ret; + } + ret = krb5_unparse_name(context, client, &cpn); + if (ret) { + krb5_free_principal(context, client); + kdc_log(context, config, 0, "krb5_unparse_name: %s", + krb5_get_err_text (context, ret)); + return ret; + } + kdc_log(context, config, 1, "524-REQ %s from %s for %s", cpn, from, spn); + free(cpn); + krb5_free_principal(context, client); + return 0; +} + +static krb5_error_code +verify_flags (krb5_context context, + krb5_kdc_configuration *config, + const EncTicketPart *et, + const char *spn) +{ + if(et->endtime < kdc_time){ + kdc_log(context, config, 0, "Ticket expired (%s)", spn); + return KRB5KRB_AP_ERR_TKT_EXPIRED; + } + if(et->flags.invalid){ + kdc_log(context, config, 0, "Ticket not valid (%s)", spn); + return KRB5KRB_AP_ERR_TKT_NYV; + } + return 0; +} + +/* + * set the `et->caddr' to the most appropriate address to use, where + * `addr' is the address the request was received from. + */ + +static krb5_error_code +set_address (krb5_context context, + krb5_kdc_configuration *config, + EncTicketPart *et, + struct sockaddr *addr, + const char *from) +{ + krb5_error_code ret; + krb5_address *v4_addr; + + v4_addr = malloc (sizeof(*v4_addr)); + if (v4_addr == NULL) + return ENOMEM; + + ret = krb5_sockaddr2address(context, addr, v4_addr); + if(ret) { + free (v4_addr); + kdc_log(context, config, 0, "Failed to convert address (%s)", from); + return ret; + } + + if (et->caddr && !krb5_address_search (context, v4_addr, et->caddr)) { + kdc_log(context, config, 0, "Incorrect network address (%s)", from); + krb5_free_address(context, v4_addr); + free (v4_addr); + return KRB5KRB_AP_ERR_BADADDR; + } + if(v4_addr->addr_type == KRB5_ADDRESS_INET) { + /* we need to collapse the addresses in the ticket to a + single address; best guess is to use the address the + connection came from */ + + if (et->caddr != NULL) { + free_HostAddresses(et->caddr); + } else { + et->caddr = malloc (sizeof (*et->caddr)); + if (et->caddr == NULL) { + krb5_free_address(context, v4_addr); + free(v4_addr); + return ENOMEM; + } + } + et->caddr->val = v4_addr; + et->caddr->len = 1; + } else { + krb5_free_address(context, v4_addr); + free(v4_addr); + } + return 0; +} + + +static krb5_error_code +encrypt_v4_ticket(krb5_context context, + krb5_kdc_configuration *config, + void *buf, + size_t len, + krb5_keyblock *skey, + EncryptedData *reply) +{ + krb5_crypto crypto; + krb5_error_code ret; + ret = krb5_crypto_init(context, skey, ETYPE_DES_PCBC_NONE, &crypto); + if (ret) { + free(buf); + kdc_log(context, config, 0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + return ret; + } + + ret = krb5_encrypt_EncryptedData(context, + crypto, + KRB5_KU_TICKET, + buf, + len, + 0, + reply); + krb5_crypto_destroy(context, crypto); + if(ret) { + kdc_log(context, config, 0, "Failed to encrypt data: %s", + krb5_get_err_text(context, ret)); + return ret; + } + return 0; +} + +static krb5_error_code +encode_524_response(krb5_context context, + krb5_kdc_configuration *config, + const char *spn, const EncTicketPart et, + const Ticket *t, hdb_entry *server, + EncryptedData *ticket, int *kvno) +{ + krb5_error_code ret; + int use_2b; + size_t len; + + use_2b = krb5_config_get_bool(context, NULL, "kdc", "use_2b", spn, NULL); + if(use_2b) { + ASN1_MALLOC_ENCODE(EncryptedData, + ticket->cipher.data, ticket->cipher.length, + &t->enc_part, &len, ret); + + if (ret) { + kdc_log(context, config, 0, + "Failed to encode v4 (2b) ticket (%s)", spn); + return ret; + } + + ticket->etype = 0; + ticket->kvno = NULL; + *kvno = 213; /* 2b's use this magic kvno */ + } else { + unsigned char buf[MAX_KTXT_LEN + 4 * 4]; + Key *skey; + + if (!config->enable_v4_cross_realm && strcmp (et.crealm, t->realm) != 0) { + kdc_log(context, config, 0, "524 cross-realm %s -> %s disabled", et.crealm, + t->realm); + return KRB5KDC_ERR_POLICY; + } + + ret = _kdc_encode_v4_ticket(context, config, + buf + sizeof(buf) - 1, sizeof(buf), + &et, &t->sname, &len); + if(ret){ + kdc_log(context, config, 0, + "Failed to encode v4 ticket (%s)", spn); + return ret; + } + ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey); + if(ret){ + kdc_log(context, config, 0, + "no suitable DES key for server (%s)", spn); + return ret; + } + ret = encrypt_v4_ticket(context, config, buf + sizeof(buf) - len, len, + &skey->key, ticket); + if(ret){ + kdc_log(context, config, 0, + "Failed to encrypt v4 ticket (%s)", spn); + return ret; + } + *kvno = server->kvno; + } + + return 0; +} + +/* + * process a 5->4 request, based on `t', and received `from, addr', + * returning the reply in `reply' + */ + +krb5_error_code +_kdc_do_524(krb5_context context, + krb5_kdc_configuration *config, + const Ticket *t, krb5_data *reply, + const char *from, struct sockaddr *addr) +{ + krb5_error_code ret = 0; + krb5_crypto crypto; + hdb_entry *server = NULL; + Key *skey; + krb5_data et_data; + EncTicketPart et; + EncryptedData ticket; + krb5_storage *sp; + char *spn = NULL; + unsigned char buf[MAX_KTXT_LEN + 4 * 4]; + size_t len; + int kvno = 0; + + if(!config->enable_524) { + ret = KRB5KDC_ERR_POLICY; + kdc_log(context, config, 0, + "Rejected ticket conversion request from %s", from); + goto out; + } + + ret = fetch_server (context, config, t, &spn, &server, from); + if (ret) { + goto out; + } + + ret = hdb_enctype2key(context, server, t->enc_part.etype, &skey); + if(ret){ + kdc_log(context, config, 0, + "No suitable key found for server (%s) from %s", spn, from); + goto out; + } + ret = krb5_crypto_init(context, &skey->key, 0, &crypto); + if (ret) { + kdc_log(context, config, 0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + goto out; + } + ret = krb5_decrypt_EncryptedData (context, + crypto, + KRB5_KU_TICKET, + &t->enc_part, + &et_data); + krb5_crypto_destroy(context, crypto); + if(ret){ + kdc_log(context, config, 0, + "Failed to decrypt ticket from %s for %s", from, spn); + goto out; + } + ret = krb5_decode_EncTicketPart(context, et_data.data, et_data.length, + &et, &len); + krb5_data_free(&et_data); + if(ret){ + kdc_log(context, config, 0, + "Failed to decode ticket from %s for %s", from, spn); + goto out; + } + + ret = log_524 (context, config, &et, from, spn); + if (ret) { + free_EncTicketPart(&et); + goto out; + } + + ret = verify_flags (context, config, &et, spn); + if (ret) { + free_EncTicketPart(&et); + goto out; + } + + ret = set_address (context, config, &et, addr, from); + if (ret) { + free_EncTicketPart(&et); + goto out; + } + + ret = encode_524_response(context, config, spn, et, t, + server, &ticket, &kvno); + free_EncTicketPart(&et); + + out: + /* make reply */ + memset(buf, 0, sizeof(buf)); + sp = krb5_storage_from_mem(buf, sizeof(buf)); + krb5_store_int32(sp, ret); + if(ret == 0){ + krb5_store_int32(sp, kvno); + krb5_store_data(sp, ticket.cipher); + /* Aargh! This is coded as a KTEXT_ST. */ + krb5_storage_seek(sp, MAX_KTXT_LEN - ticket.cipher.length, SEEK_CUR); + krb5_store_int32(sp, 0); /* mbz */ + free_EncryptedData(&ticket); + } + ret = krb5_storage_to_data(sp, reply); + reply->length = krb5_storage_seek(sp, 0, SEEK_CUR); + krb5_storage_free(sp); + + if(spn) + free(spn); + if(server) + _kdc_free_ent (context, server); + return ret; +} diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c new file mode 100644 index 0000000000..5152fe9ab1 --- /dev/null +++ b/source4/heimdal/kdc/default_config.c @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2005 Andrew Bartlett + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdc_locl.h" + +/* + * Setup some of the defaults for the KDC configuration. + * + * Note: Caller must also fill in: + * - db + * - num_db + * - logf + * +*/ + +void +krb5_kdc_default_config(krb5_kdc_configuration *config) +{ + config->require_preauth = TRUE; + config->kdc_warn_pwexpire = -1; + config->encode_as_rep_as_tgs_rep = FALSE; /* bug compatibility */ + config->check_ticket_addresses = TRUE; + config->allow_null_ticket_addresses = TRUE; + config->allow_anonymous = FALSE; + config->trpolicy = TRPOLICY_ALWAYS_CHECK; + config->enable_v4 = FALSE; + config->enable_kaserver = FALSE; + config->enable_524 = FALSE; /* overriden by enable_v4 in configure()) */ + config->enable_v4_cross_realm = FALSE; + config->enable_pkinit = FALSE; + config->enable_pkinit_princ_in_cert = TRUE; + config->db = NULL; + config->num_db = 0; + config->logf = NULL; +} diff --git a/source4/heimdal/kdc/headers.h b/source4/heimdal/kdc/headers.h new file mode 100644 index 0000000000..86f162aa94 --- /dev/null +++ b/source4/heimdal/kdc/headers.h @@ -0,0 +1,101 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: headers.h,v 1.16 2005/04/24 13:49:00 lha Exp $ + */ + +#ifndef __HEADERS_H__ +#define __HEADERS_H__ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETINET_IN6_H +#include +#endif +#ifdef HAVE_NETINET6_IN6_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_UTIL_H +#include +#endif +#ifdef HAVE_LIBUTIL_H +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include /* copy_octet_string */ + +#undef ALLOC +#define ALLOC(X) ((X) = malloc(sizeof(*(X)))) +#undef ALLOC_SEQ +#define ALLOC_SEQ(X, N) do { (X)->len = (N); \ +(X)->val = calloc((X)->len, sizeof(*(X)->val)); } while(0) + +#endif /* __HEADERS_H__ */ diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c new file mode 100644 index 0000000000..4a9bd87cb6 --- /dev/null +++ b/source4/heimdal/kdc/kaserver.c @@ -0,0 +1,908 @@ +/* + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdc_locl.h" + +RCSID("$Id: kaserver.c,v 1.30 2005/06/30 01:49:39 lha Exp $"); + +#include +#include + +#define KA_AUTHENTICATION_SERVICE 731 +#define KA_TICKET_GRANTING_SERVICE 732 +#define KA_MAINTENANCE_SERVICE 733 + +#define AUTHENTICATE_OLD 1 +#define CHANGEPASSWORD 2 +#define GETTICKET_OLD 3 +#define SETPASSWORD 4 +#define SETFIELDS 5 +#define CREATEUSER 6 +#define DELETEUSER 7 +#define GETENTRY 8 +#define LISTENTRY 9 +#define GETSTATS 10 +#define DEBUG 11 +#define GETPASSWORD 12 +#define GETRANDOMKEY 13 +#define AUTHENTICATE 21 +#define AUTHENTICATE_V2 22 +#define GETTICKET 23 + +/* XXX - Where do we get these? */ + +#define RXGEN_OPCODE (-455) + +#define KADATABASEINCONSISTENT (180480L) +#define KAEXIST (180481L) +#define KAIO (180482L) +#define KACREATEFAIL (180483L) +#define KANOENT (180484L) +#define KAEMPTY (180485L) +#define KABADNAME (180486L) +#define KABADINDEX (180487L) +#define KANOAUTH (180488L) +#define KAANSWERTOOLONG (180489L) +#define KABADREQUEST (180490L) +#define KAOLDINTERFACE (180491L) +#define KABADARGUMENT (180492L) +#define KABADCMD (180493L) +#define KANOKEYS (180494L) +#define KAREADPW (180495L) +#define KABADKEY (180496L) +#define KAUBIKINIT (180497L) +#define KAUBIKCALL (180498L) +#define KABADPROTOCOL (180499L) +#define KANOCELLS (180500L) +#define KANOCELL (180501L) +#define KATOOMANYUBIKS (180502L) +#define KATOOMANYKEYS (180503L) +#define KABADTICKET (180504L) +#define KAUNKNOWNKEY (180505L) +#define KAKEYCACHEINVALID (180506L) +#define KABADSERVER (180507L) +#define KABADUSER (180508L) +#define KABADCPW (180509L) +#define KABADCREATE (180510L) +#define KANOTICKET (180511L) +#define KAASSOCUSER (180512L) +#define KANOTSPECIAL (180513L) +#define KACLOCKSKEW (180514L) +#define KANORECURSE (180515L) +#define KARXFAIL (180516L) +#define KANULLPASSWORD (180517L) +#define KAINTERNALERROR (180518L) +#define KAPWEXPIRED (180519L) +#define KAREUSED (180520L) +#define KATOOSOON (180521L) +#define KALOCKED (180522L) + +static void +decode_rx_header (krb5_storage *sp, + struct rx_header *h) +{ + krb5_ret_int32(sp, &h->epoch); + krb5_ret_int32(sp, &h->connid); + krb5_ret_int32(sp, &h->callid); + krb5_ret_int32(sp, &h->seqno); + krb5_ret_int32(sp, &h->serialno); + krb5_ret_int8(sp, &h->type); + krb5_ret_int8(sp, &h->flags); + krb5_ret_int8(sp, &h->status); + krb5_ret_int8(sp, &h->secindex); + krb5_ret_int16(sp, &h->reserved); + krb5_ret_int16(sp, &h->serviceid); +} + +static void +encode_rx_header (struct rx_header *h, + krb5_storage *sp) +{ + krb5_store_int32(sp, h->epoch); + krb5_store_int32(sp, h->connid); + krb5_store_int32(sp, h->callid); + krb5_store_int32(sp, h->seqno); + krb5_store_int32(sp, h->serialno); + krb5_store_int8(sp, h->type); + krb5_store_int8(sp, h->flags); + krb5_store_int8(sp, h->status); + krb5_store_int8(sp, h->secindex); + krb5_store_int16(sp, h->reserved); + krb5_store_int16(sp, h->serviceid); +} + +static void +init_reply_header (struct rx_header *hdr, + struct rx_header *reply_hdr, + u_char type, + u_char flags) +{ + reply_hdr->epoch = hdr->epoch; + reply_hdr->connid = hdr->connid; + reply_hdr->callid = hdr->callid; + reply_hdr->seqno = 1; + reply_hdr->serialno = 1; + reply_hdr->type = type; + reply_hdr->flags = flags; + reply_hdr->status = 0; + reply_hdr->secindex = 0; + reply_hdr->reserved = 0; + reply_hdr->serviceid = hdr->serviceid; +} + +static void +make_error_reply (struct rx_header *hdr, + u_int32_t ret, + krb5_data *reply) + +{ + krb5_storage *sp; + struct rx_header reply_hdr; + + init_reply_header (hdr, &reply_hdr, HT_ABORT, HF_LAST); + sp = krb5_storage_emem(); + encode_rx_header (&reply_hdr, sp); + krb5_store_int32(sp, ret); + krb5_storage_to_data (sp, reply); + krb5_storage_free (sp); +} + +static krb5_error_code +krb5_ret_xdr_data(krb5_storage *sp, + krb5_data *data) +{ + int ret; + int size; + ret = krb5_ret_int32(sp, &size); + if(ret) + return ret; + if(size < 0) + return ERANGE; + data->length = size; + if (size) { + u_char foo[4]; + size_t pad = (4 - size % 4) % 4; + + data->data = malloc(size); + if (data->data == NULL) + return ENOMEM; + ret = krb5_storage_read(sp, data->data, size); + if(ret != size) + return (ret < 0)? errno : KRB5_CC_END; + if (pad) { + ret = krb5_storage_read(sp, foo, pad); + if (ret != pad) + return (ret < 0)? errno : KRB5_CC_END; + } + } else + data->data = NULL; + return 0; +} + +static krb5_error_code +krb5_store_xdr_data(krb5_storage *sp, + krb5_data data) +{ + u_char zero[4] = {0, 0, 0, 0}; + int ret; + size_t pad; + + ret = krb5_store_int32(sp, data.length); + if(ret < 0) + return ret; + ret = krb5_storage_write(sp, data.data, data.length); + if(ret != data.length){ + if(ret < 0) + return errno; + return KRB5_CC_END; + } + pad = (4 - data.length % 4) % 4; + if (pad) { + ret = krb5_storage_write(sp, zero, pad); + if (ret != pad) { + if (ret < 0) + return errno; + return KRB5_CC_END; + } + } + return 0; +} + + +static krb5_error_code +create_reply_ticket (krb5_context context, + struct rx_header *hdr, + Key *skey, + char *name, char *instance, char *realm, + struct sockaddr_in *addr, + int life, + int kvno, + int32_t max_seq_len, + const char *sname, const char *sinstance, + u_int32_t challenge, + const char *label, + krb5_keyblock *key, + krb5_data *reply) +{ + krb5_data ticket; + krb5_keyblock session; + krb5_storage *sp; + krb5_data enc_data; + struct rx_header reply_hdr; + char zero[8]; + size_t pad; + unsigned fyrtiosjuelva; + + /* create the ticket */ + + krb5_generate_random_keyblock(context, ETYPE_DES_PCBC_NONE, &session); + + _krb5_krb_create_ticket(context, + 0, + name, + instance, + realm, + addr->sin_addr.s_addr, + &session, + life, + kdc_time, + sname, + sinstance, + &skey->key, + &ticket); + + /* create the encrypted part of the reply */ + sp = krb5_storage_emem (); + krb5_generate_random_block(&fyrtiosjuelva, sizeof(fyrtiosjuelva)); + fyrtiosjuelva &= 0xffffffff; + krb5_store_int32 (sp, fyrtiosjuelva); + krb5_store_int32 (sp, challenge); + krb5_storage_write (sp, session.keyvalue.data, 8); + krb5_free_keyblock_contents(context, &session); + krb5_store_int32 (sp, kdc_time); + krb5_store_int32 (sp, kdc_time + _krb5_krb_life_to_time (0, life)); + krb5_store_int32 (sp, kvno); + krb5_store_int32 (sp, ticket.length); + krb5_store_stringz (sp, name); + krb5_store_stringz (sp, instance); +#if 1 /* XXX - Why shouldn't the realm go here? */ + krb5_store_stringz (sp, ""); +#else + krb5_store_stringz (sp, realm); +#endif + krb5_store_stringz (sp, sname); + krb5_store_stringz (sp, sinstance); + krb5_storage_write (sp, ticket.data, ticket.length); + krb5_storage_write (sp, label, strlen(label)); + + /* pad to DES block */ + memset (zero, 0, sizeof(zero)); + pad = (8 - krb5_storage_seek (sp, 0, SEEK_CUR) % 8) % 8; + krb5_storage_write (sp, zero, pad); + + krb5_storage_to_data (sp, &enc_data); + krb5_storage_free (sp); + + if (enc_data.length > max_seq_len) { + krb5_data_free (&enc_data); + make_error_reply (hdr, KAANSWERTOOLONG, reply); + return 0; + } + + /* encrypt it */ + { + DES_key_schedule schedule; + DES_cblock deskey; + + memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); + DES_set_key (&deskey, &schedule); + DES_pcbc_encrypt (enc_data.data, + enc_data.data, + enc_data.length, + &schedule, + &deskey, + DES_ENCRYPT); + memset (&schedule, 0, sizeof(schedule)); + memset (&deskey, 0, sizeof(deskey)); + } + + /* create the reply packet */ + init_reply_header (hdr, &reply_hdr, HT_DATA, HF_LAST); + sp = krb5_storage_emem (); + encode_rx_header (&reply_hdr, sp); + krb5_store_int32 (sp, max_seq_len); + krb5_store_xdr_data (sp, enc_data); + krb5_data_free (&enc_data); + krb5_storage_to_data (sp, reply); + krb5_storage_free (sp); + return 0; +} + +static krb5_error_code +unparse_auth_args (krb5_storage *sp, + char **name, + char **instance, + time_t *start_time, + time_t *end_time, + krb5_data *request, + int32_t *max_seq_len) +{ + krb5_data data; + int32_t tmp; + + krb5_ret_xdr_data (sp, &data); + *name = malloc(data.length + 1); + if (*name == NULL) + return ENOMEM; + memcpy (*name, data.data, data.length); + (*name)[data.length] = '\0'; + krb5_data_free (&data); + + krb5_ret_xdr_data (sp, &data); + *instance = malloc(data.length + 1); + if (*instance == NULL) { + free (*name); + return ENOMEM; + } + memcpy (*instance, data.data, data.length); + (*instance)[data.length] = '\0'; + krb5_data_free (&data); + + krb5_ret_int32 (sp, &tmp); + *start_time = tmp; + krb5_ret_int32 (sp, &tmp); + *end_time = tmp; + krb5_ret_xdr_data (sp, request); + krb5_ret_int32 (sp, max_seq_len); + /* ignore the rest */ + return 0; +} + +static void +do_authenticate (krb5_context context, + krb5_kdc_configuration *config, + struct rx_header *hdr, + krb5_storage *sp, + struct sockaddr_in *addr, + const char *from, + krb5_data *reply) +{ + krb5_error_code ret; + char *name = NULL; + char *instance = NULL; + time_t start_time; + time_t end_time; + krb5_data request; + int32_t max_seq_len; + hdb_entry *client_entry = NULL; + hdb_entry *server_entry = NULL; + Key *ckey = NULL; + Key *skey = NULL; + krb5_storage *reply_sp; + time_t max_life; + u_int8_t life; + int32_t chal; + char client_name[256]; + char server_name[256]; + + krb5_data_zero (&request); + + ret = unparse_auth_args (sp, &name, &instance, &start_time, &end_time, + &request, &max_seq_len); + if (ret != 0 || request.length < 8) { + make_error_reply (hdr, KABADREQUEST, reply); + goto out; + } + + snprintf (client_name, sizeof(client_name), "%s.%s@%s", + name, instance, config->v4_realm); + snprintf (server_name, sizeof(server_name), "%s.%s@%s", + "krbtgt", config->v4_realm, config->v4_realm); + + kdc_log(context, config, 0, "AS-REQ (kaserver) %s from %s for %s", + client_name, from, server_name); + + ret = _kdc_db_fetch4 (context, config, name, instance, + config->v4_realm, HDB_ENT_TYPE_CLIENT, + &client_entry); + if (ret) { + kdc_log(context, config, 0, "Client not found in database: %s: %s", + client_name, krb5_get_err_text(context, ret)); + make_error_reply (hdr, KANOENT, reply); + goto out; + } + + ret = _kdc_db_fetch4 (context, config, "krbtgt", + config->v4_realm, config->v4_realm, + HDB_ENT_TYPE_SERVER, &server_entry); + if (ret) { + kdc_log(context, config, 0, "Server not found in database: %s: %s", + server_name, krb5_get_err_text(context, ret)); + make_error_reply (hdr, KANOENT, reply); + goto out; + } + + ret = _kdc_check_flags (context, config, + client_entry, client_name, + server_entry, server_name, + TRUE); + if (ret) { + make_error_reply (hdr, KAPWEXPIRED, reply); + goto out; + } + + /* find a DES key */ + ret = _kdc_get_des_key(context, client_entry, FALSE, TRUE, &ckey); + if(ret){ + kdc_log(context, config, 0, "no suitable DES key for client"); + make_error_reply (hdr, KANOKEYS, reply); + goto out; + } + + /* find a DES key */ + ret = _kdc_get_des_key(context, server_entry, TRUE, TRUE, &skey); + if(ret){ + kdc_log(context, config, 0, "no suitable DES key for server"); + make_error_reply (hdr, KANOKEYS, reply); + goto out; + } + + { + DES_cblock key; + DES_key_schedule schedule; + + /* try to decode the `request' */ + memcpy (&key, ckey->key.keyvalue.data, sizeof(key)); + DES_set_key (&key, &schedule); + DES_pcbc_encrypt (request.data, + request.data, + request.length, + &schedule, + &key, + DES_DECRYPT); + memset (&schedule, 0, sizeof(schedule)); + memset (&key, 0, sizeof(key)); + } + + /* check for the magic label */ + if (memcmp ((char *)request.data + 4, "gTGS", 4) != 0) { + kdc_log(context, config, 0, "preauth failed for %s", client_name); + make_error_reply (hdr, KABADREQUEST, reply); + goto out; + } + + reply_sp = krb5_storage_from_mem (request.data, 4); + krb5_ret_int32 (reply_sp, &chal); + krb5_storage_free (reply_sp); + + if (abs(chal - kdc_time) > context->max_skew) { + make_error_reply (hdr, KACLOCKSKEW, reply); + goto out; + } + + /* life */ + max_life = end_time - kdc_time; + /* end_time - kdc_time can sometimes be non-positive due to slight + time skew between client and server. Let's make sure it is postive */ + if(max_life < 1) + max_life = 1; + if (client_entry->max_life) + max_life = min(max_life, *client_entry->max_life); + if (server_entry->max_life) + max_life = min(max_life, *server_entry->max_life); + + life = krb_time_to_life(kdc_time, kdc_time + max_life); + + create_reply_ticket (context, + hdr, skey, + name, instance, config->v4_realm, + addr, life, server_entry->kvno, + max_seq_len, + "krbtgt", config->v4_realm, + chal + 1, "tgsT", + &ckey->key, reply); + + out: + if (request.length) { + memset (request.data, 0, request.length); + krb5_data_free (&request); + } + if (name) + free (name); + if (instance) + free (instance); + if (client_entry) + _kdc_free_ent (context, client_entry); + if (server_entry) + _kdc_free_ent (context, server_entry); +} + +static krb5_error_code +unparse_getticket_args (krb5_storage *sp, + int *kvno, + char **auth_domain, + krb5_data *ticket, + char **name, + char **instance, + krb5_data *times, + int32_t *max_seq_len) +{ + krb5_data data; + int32_t tmp; + + krb5_ret_int32 (sp, &tmp); + *kvno = tmp; + + krb5_ret_xdr_data (sp, &data); + *auth_domain = malloc(data.length + 1); + if (*auth_domain == NULL) + return ENOMEM; + memcpy (*auth_domain, data.data, data.length); + (*auth_domain)[data.length] = '\0'; + krb5_data_free (&data); + + krb5_ret_xdr_data (sp, ticket); + + krb5_ret_xdr_data (sp, &data); + *name = malloc(data.length + 1); + if (*name == NULL) { + free (*auth_domain); + return ENOMEM; + } + memcpy (*name, data.data, data.length); + (*name)[data.length] = '\0'; + krb5_data_free (&data); + + krb5_ret_xdr_data (sp, &data); + *instance = malloc(data.length + 1); + if (*instance == NULL) { + free (*auth_domain); + free (*name); + return ENOMEM; + } + memcpy (*instance, data.data, data.length); + (*instance)[data.length] = '\0'; + krb5_data_free (&data); + + krb5_ret_xdr_data (sp, times); + + krb5_ret_int32 (sp, max_seq_len); + /* ignore the rest */ + return 0; +} + +static void +do_getticket (krb5_context context, + krb5_kdc_configuration *config, + struct rx_header *hdr, + krb5_storage *sp, + struct sockaddr_in *addr, + const char *from, + krb5_data *reply) +{ + krb5_error_code ret; + int kvno; + char *auth_domain = NULL; + krb5_data aticket; + char *name = NULL; + char *instance = NULL; + krb5_data times; + int32_t max_seq_len; + hdb_entry *server_entry = NULL; + hdb_entry *client_entry = NULL; + hdb_entry *krbtgt_entry = NULL; + Key *kkey = NULL; + Key *skey = NULL; + DES_cblock key; + DES_key_schedule schedule; + DES_cblock session; + time_t max_life; + int8_t life; + time_t start_time, end_time; + char server_name[256]; + char client_name[256]; + struct _krb5_krb_auth_data ad; + + krb5_data_zero (&aticket); + krb5_data_zero (×); + + memset(&ad, 0, sizeof(ad)); + + unparse_getticket_args (sp, &kvno, &auth_domain, &aticket, + &name, &instance, ×, &max_seq_len); + if (times.length < 8) { + make_error_reply (hdr, KABADREQUEST, reply); + goto out; + + } + + snprintf (server_name, sizeof(server_name), + "%s.%s@%s", name, instance, config->v4_realm); + + ret = _kdc_db_fetch4 (context, config, name, instance, + config->v4_realm, HDB_ENT_TYPE_SERVER, + &server_entry); + if (ret) { + kdc_log(context, config, 0, "Server not found in database: %s: %s", + server_name, krb5_get_err_text(context, ret)); + make_error_reply (hdr, KANOENT, reply); + goto out; + } + + ret = _kdc_db_fetch4 (context, config, "krbtgt", + config->v4_realm, config->v4_realm, + HDB_ENT_TYPE_CLIENT, &krbtgt_entry); + if (ret) { + kdc_log(context, config, 0, + "Server not found in database: %s.%s@%s: %s", + "krbtgt", config->v4_realm, config->v4_realm, + krb5_get_err_text(context, ret)); + make_error_reply (hdr, KANOENT, reply); + goto out; + } + + /* find a DES key */ + ret = _kdc_get_des_key(context, krbtgt_entry, TRUE, TRUE, &kkey); + if(ret){ + kdc_log(context, config, 0, "no suitable DES key for krbtgt"); + make_error_reply (hdr, KANOKEYS, reply); + goto out; + } + + /* find a DES key */ + ret = _kdc_get_des_key(context, server_entry, TRUE, TRUE, &skey); + if(ret){ + kdc_log(context, config, 0, "no suitable DES key for server"); + make_error_reply (hdr, KANOKEYS, reply); + goto out; + } + + /* decrypt the incoming ticket */ + memcpy (&key, kkey->key.keyvalue.data, sizeof(key)); + + /* unpack the ticket */ + { + char *sname = NULL; + char *sinstance = NULL; + + ret = _krb5_krb_decomp_ticket(context, &aticket, &kkey->key, + config->v4_realm, &sname, + &sinstance, &ad); + if (ret) { + kdc_log(context, config, 0, + "kaserver: decomp failed for %s.%s with %d", + sname, sinstance, ret); + make_error_reply (hdr, KABADTICKET, reply); + goto out; + } + + if (strcmp (sname, "krbtgt") != 0 + || strcmp (sinstance, config->v4_realm) != 0) { + kdc_log(context, config, 0, "no TGT: %s.%s for %s.%s@%s", + sname, sinstance, + ad.pname, ad.pinst, ad.prealm); + make_error_reply (hdr, KABADTICKET, reply); + free(sname); + free(sinstance); + goto out; + } + free(sname); + free(sinstance); + + if (kdc_time > _krb5_krb_life_to_time(ad.time_sec, ad.life)) { + kdc_log(context, config, 0, "TGT expired: %s.%s@%s", + ad.pname, ad.pinst, ad.prealm); + make_error_reply (hdr, KABADTICKET, reply); + goto out; + } + } + + snprintf (client_name, sizeof(client_name), + "%s.%s@%s", ad.pname, ad.pinst, ad.prealm); + + kdc_log(context, config, 0, "TGS-REQ (kaserver) %s from %s for %s", + client_name, from, server_name); + + ret = _kdc_db_fetch4 (context, config, + ad.pname, ad.pinst, ad.prealm, + HDB_ENT_TYPE_CLIENT, &client_entry); + if(ret && ret != HDB_ERR_NOENTRY) { + kdc_log(context, config, 0, + "Client not found in database: (krb4) %s: %s", + client_name, krb5_get_err_text(context, ret)); + make_error_reply (hdr, KANOENT, reply); + goto out; + } + if (client_entry == NULL && strcmp(ad.prealm, config->v4_realm) == 0) { + kdc_log(context, config, 0, + "Local client not found in database: (krb4) " + "%s", client_name); + make_error_reply (hdr, KANOENT, reply); + goto out; + } + + ret = _kdc_check_flags (context, config, + client_entry, client_name, + server_entry, server_name, + FALSE); + if (ret) { + make_error_reply (hdr, KAPWEXPIRED, reply); + goto out; + } + + /* decrypt the times */ + memcpy(&session, ad.session.keyvalue.data, sizeof(session)); + DES_set_key (&session, &schedule); + DES_ecb_encrypt (times.data, + times.data, + &schedule, + DES_DECRYPT); + memset (&schedule, 0, sizeof(schedule)); + memset (&session, 0, sizeof(session)); + + /* and extract them */ + { + krb5_storage *tsp; + int32_t tmp; + + tsp = krb5_storage_from_mem (times.data, times.length); + krb5_ret_int32 (tsp, &tmp); + start_time = tmp; + krb5_ret_int32 (tsp, &tmp); + end_time = tmp; + krb5_storage_free (tsp); + } + + /* life */ + max_life = end_time - kdc_time; + /* end_time - kdc_time can sometimes be non-positive due to slight + time skew between client and server. Let's make sure it is postive */ + if(max_life < 1) + max_life = 1; + if (krbtgt_entry->max_life) + max_life = min(max_life, *krbtgt_entry->max_life); + if (server_entry->max_life) + max_life = min(max_life, *server_entry->max_life); + /* if this is a cross realm request, the client_entry will likely + be NULL */ + if (client_entry && client_entry->max_life) + max_life = min(max_life, *client_entry->max_life); + + life = _krb5_krb_time_to_life(kdc_time, kdc_time + max_life); + + create_reply_ticket (context, + hdr, skey, + ad.pname, ad.pinst, ad.prealm, + addr, life, server_entry->kvno, + max_seq_len, + name, instance, + 0, "gtkt", + &ad.session, reply); + + out: + _krb5_krb_free_auth_data(context, &ad); + if (aticket.length) { + memset (aticket.data, 0, aticket.length); + krb5_data_free (&aticket); + } + if (times.length) { + memset (times.data, 0, times.length); + krb5_data_free (×); + } + if (auth_domain) + free (auth_domain); + if (name) + free (name); + if (instance) + free (instance); + if (krbtgt_entry) + _kdc_free_ent (context, krbtgt_entry); + if (server_entry) + _kdc_free_ent (context, server_entry); +} + +krb5_error_code +_kdc_do_kaserver(krb5_context context, + krb5_kdc_configuration *config, + unsigned char *buf, + size_t len, + krb5_data *reply, + const char *from, + struct sockaddr_in *addr) +{ + krb5_error_code ret = 0; + struct rx_header hdr; + u_int32_t op; + krb5_storage *sp; + + if (len < RX_HEADER_SIZE) + return -1; + sp = krb5_storage_from_mem (buf, len); + + decode_rx_header (sp, &hdr); + buf += RX_HEADER_SIZE; + len -= RX_HEADER_SIZE; + + switch (hdr.type) { + case HT_DATA : + break; + case HT_ACK : + case HT_BUSY : + case HT_ABORT : + case HT_ACKALL : + case HT_CHAL : + case HT_RESP : + case HT_DEBUG : + default: + /* drop */ + goto out; + } + + + if (hdr.serviceid != KA_AUTHENTICATION_SERVICE + && hdr.serviceid != KA_TICKET_GRANTING_SERVICE) { + ret = -1; + goto out; + } + + krb5_ret_int32(sp, &op); + switch (op) { + case AUTHENTICATE : + case AUTHENTICATE_V2 : + do_authenticate (context, config, &hdr, sp, addr, from, reply); + break; + case GETTICKET : + do_getticket (context, config, &hdr, sp, addr, from, reply); + break; + case AUTHENTICATE_OLD : + case CHANGEPASSWORD : + case GETTICKET_OLD : + case SETPASSWORD : + case SETFIELDS : + case CREATEUSER : + case DELETEUSER : + case GETENTRY : + case LISTENTRY : + case GETSTATS : + case DEBUG : + case GETPASSWORD : + case GETRANDOMKEY : + default : + make_error_reply (&hdr, RXGEN_OPCODE, reply); + break; + } + +out: + krb5_storage_free (sp); + return ret; +} diff --git a/source4/heimdal/kdc/kdc-protos.h b/source4/heimdal/kdc/kdc-protos.h new file mode 100644 index 0000000000..5967f933f3 --- /dev/null +++ b/source4/heimdal/kdc/kdc-protos.h @@ -0,0 +1,68 @@ +/* This is a generated file */ +#ifndef __kdc_protos_h__ +#define __kdc_protos_h__ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +void +kdc_log ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + int /*level*/, + const char */*fmt*/, + ...); + +char* +kdc_log_msg ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + int /*level*/, + const char */*fmt*/, + ...); + +char* +kdc_log_msg_va ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + int /*level*/, + const char */*fmt*/, + va_list /*ap*/); + +void +kdc_openlog ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/); + +void +krb5_kdc_default_config (krb5_kdc_configuration */*config*/); + +int +krb5_kdc_process_generic_request ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + unsigned char */*buf*/, + size_t /*len*/, + krb5_data */*reply*/, + krb5_boolean */*prependlength*/, + const char */*from*/, + struct sockaddr */*addr*/); + +int +krb5_kdc_process_krb5_request ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + unsigned char */*buf*/, + size_t /*len*/, + krb5_data */*reply*/, + const char */*from*/, + struct sockaddr */*addr*/); + +#ifdef __cplusplus +} +#endif + +#endif /* __kdc_protos_h__ */ diff --git a/source4/heimdal/kdc/kdc.h b/source4/heimdal/kdc/kdc.h new file mode 100644 index 0000000000..f186983cef --- /dev/null +++ b/source4/heimdal/kdc/kdc.h @@ -0,0 +1,81 @@ +/* + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * + * Copyright (c) 2005 Andrew Bartlett + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: kdc.h,v 1.4 2005/06/30 01:50:42 lha Exp $ + */ + +#ifndef __KDC_H__ +#define __KDC_H__ + +#include + +enum krb5_kdc_trpolicy { + TRPOLICY_ALWAYS_CHECK, + TRPOLICY_ALLOW_PER_PRINCIPAL, + TRPOLICY_ALWAYS_HONOUR_REQUEST +}; + +typedef struct krb5_kdc_configuration { + krb5_boolean require_preauth; /* require preauth for all principals */ + time_t kdc_warn_pwexpire; /* time before expiration to print a warning */ + + struct HDB **db; + int num_db; + + krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */ + + krb5_boolean check_ticket_addresses; + krb5_boolean allow_null_ticket_addresses; + krb5_boolean allow_anonymous; + enum krb5_kdc_trpolicy trpolicy; + + char *v4_realm; + krb5_boolean enable_v4; + krb5_boolean enable_kaserver; + + krb5_boolean enable_524; + krb5_boolean enable_v4_cross_realm; + + krb5_boolean enable_pkinit; + krb5_boolean enable_pkinit_princ_in_cert; + + krb5_log_facility *logf; +} krb5_kdc_configuration; + +#include + +#endif diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h new file mode 100644 index 0000000000..d347c6080c --- /dev/null +++ b/source4/heimdal/kdc/kdc_locl.h @@ -0,0 +1,154 @@ +/* + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: kdc_locl.h,v 1.71 2005/07/01 15:36:16 lha Exp $ + */ + +#ifndef __KDC_LOCL_H__ +#define __KDC_LOCL_H__ + +#include "headers.h" +#include "kdc.h" + +extern sig_atomic_t exit_flag; +extern size_t max_request; +extern const char *port_str; +extern krb5_addresses explicit_addresses; + +extern int enable_http; + +#define DETACH_IS_DEFAULT FALSE + +extern int detach_from_console; + +#define _PATH_KDC_CONF HDB_DB_DIR "/kdc.conf" +#define DEFAULT_LOG_DEST "0-1/FILE:" HDB_DB_DIR "/kdc.log" + +extern struct timeval _kdc_now; +#define kdc_time (_kdc_now.tv_sec) + +krb5_error_code +_kdc_as_rep(krb5_context context, + krb5_kdc_configuration *config, + KDC_REQ*, krb5_data*, const char*, struct sockaddr*); + +krb5_kdc_configuration * +configure(krb5_context context, int argc, char **argv); + +krb5_error_code +_kdc_db_fetch(krb5_context, krb5_kdc_configuration *, + krb5_principal, enum hdb_ent_type, hdb_entry **); + +void +_kdc_free_ent(krb5_context context, hdb_entry *); + +void +loop(krb5_context context, krb5_kdc_configuration *config); + +krb5_error_code +_kdc_tgs_rep (krb5_context context, + krb5_kdc_configuration *config, + KDC_REQ*, krb5_data*, const char*, struct sockaddr *); + +krb5_error_code +_kdc_check_flags(krb5_context context, + krb5_kdc_configuration *config, + hdb_entry *client, const char *client_name, + hdb_entry *server, const char *server_name, + krb5_boolean is_as_req); + +krb5_error_code +_kdc_get_des_key(krb5_context context, hdb_entry*, + krb5_boolean, krb5_boolean, Key**); + +krb5_error_code +_kdc_encode_v4_ticket(krb5_context context, + krb5_kdc_configuration *config, + void *buf, size_t len, const EncTicketPart *et, + const PrincipalName *service, size_t *size); +krb5_error_code +_kdc_do_524(krb5_context context, + krb5_kdc_configuration *config, + const Ticket *t, krb5_data *reply, + const char *from, struct sockaddr *addr); + + +#ifdef PKINIT +typedef struct pk_client_params pk_client_params; +krb5_error_code _kdc_pk_initialize(krb5_context, + krb5_kdc_configuration *, + const char *, + const char *); +krb5_error_code _kdc_pk_rd_padata(krb5_context, krb5_kdc_configuration *, + KDC_REQ *, PA_DATA *, pk_client_params **); +krb5_error_code _kdc_pk_mk_pa_reply(krb5_context, + krb5_kdc_configuration *, + pk_client_params *, + const hdb_entry *, + const KDC_REQ *, + krb5_keyblock **, + METHOD_DATA *); +krb5_error_code _kdc_pk_check_client(krb5_context, + krb5_kdc_configuration *, + krb5_principal, + const hdb_entry *, + pk_client_params *, char **); +void _kdc_pk_free_client_param(krb5_context, pk_client_params *); +#endif + +/* + * Kerberos 4 + */ + +krb5_error_code +_kdc_db_fetch4 (krb5_context context, + krb5_kdc_configuration *config, + const char*, const char*, const char*, enum hdb_ent_type, hdb_entry**); + +krb5_error_code +_kdc_do_version4 (krb5_context context, + krb5_kdc_configuration *config, + unsigned char*, size_t, krb5_data*, const char*, + struct sockaddr_in*); +int +_kdc_maybe_version4(unsigned char*, int); + +krb5_error_code +_kdc_do_kaserver (krb5_context context, + krb5_kdc_configuration *config, + unsigned char*, size_t, krb5_data*, + const char*, struct sockaddr_in*); + + +#endif /* __KDC_LOCL_H__ */ diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c new file mode 100644 index 0000000000..a81fbb7b59 --- /dev/null +++ b/source4/heimdal/kdc/kerberos4.c @@ -0,0 +1,783 @@ +/* + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdc_locl.h" + +#include + +RCSID("$Id: kerberos4.c,v 1.54 2005/06/30 01:51:43 lha Exp $"); + +#ifndef swap32 +static u_int32_t +swap32(u_int32_t x) +{ + return ((x << 24) & 0xff000000) | + ((x << 8) & 0xff0000) | + ((x >> 8) & 0xff00) | + ((x >> 24) & 0xff); +} +#endif /* swap32 */ + +int +_kdc_maybe_version4(unsigned char *buf, int len) +{ + return len > 0 && *buf == 4; +} + +static void +make_err_reply(krb5_context context, krb5_data *reply, + int code, const char *msg) +{ + _krb5_krb_cr_err_reply(context, "", "", "", + kdc_time, code, msg, reply); +} + +static krb5_boolean +valid_princ(krb5_context context, + void *funcctx, + krb5_principal princ) +{ + krb5_kdc_configuration *config = funcctx; + krb5_error_code ret; + char *s; + hdb_entry *ent; + + ret = krb5_unparse_name(context, princ, &s); + if (ret) + return FALSE; + ret = _kdc_db_fetch(context, config, princ, HDB_ENT_TYPE_ANY, &ent); + if (ret) { + kdc_log(context, config, 7, "Lookup %s failed: %s", s, + krb5_get_err_text (context, ret)); + free(s); + return FALSE; + } + kdc_log(context, config, 7, "Lookup %s succeeded", s); + free(s); + _kdc_free_ent(context, ent); + return TRUE; +} + +krb5_error_code +_kdc_db_fetch4(krb5_context context, + krb5_kdc_configuration *config, + const char *name, const char *instance, const char *realm, + enum hdb_ent_type ent_type, + hdb_entry **ent) +{ + krb5_principal p; + krb5_error_code ret; + + ret = krb5_425_conv_principal_ext2(context, name, instance, realm, + valid_princ, config, 0, &p); + if(ret) + return ret; + ret = _kdc_db_fetch(context, config, p, ent_type, ent); + krb5_free_principal(context, p); + return ret; +} + +#define RCHECK(X, L) if(X){make_err_reply(context, reply, KFAILURE, "Packet too short"); goto L;} + +/* + * Process the v4 request in `buf, len' (received from `addr' + * (with string `from'). + * Return an error code and a reply in `reply'. + */ + +krb5_error_code +_kdc_do_version4(krb5_context context, + krb5_kdc_configuration *config, + unsigned char *buf, + size_t len, + krb5_data *reply, + const char *from, + struct sockaddr_in *addr) +{ + krb5_storage *sp; + krb5_error_code ret; + hdb_entry *client = NULL, *server = NULL; + Key *ckey, *skey; + int8_t pvno; + int8_t msg_type; + int lsb; + char *name = NULL, *inst = NULL, *realm = NULL; + char *sname = NULL, *sinst = NULL; + int32_t req_time; + time_t max_life; + u_int8_t life; + char client_name[256]; + char server_name[256]; + + if(!config->enable_v4) { + kdc_log(context, config, 0, + "Rejected version 4 request from %s", from); + make_err_reply(context, reply, KDC_GEN_ERR, "function not enabled"); + return 0; + } + + sp = krb5_storage_from_mem(buf, len); + RCHECK(krb5_ret_int8(sp, &pvno), out); + if(pvno != 4){ + kdc_log(context, config, 0, + "Protocol version mismatch (krb4) (%d)", pvno); + make_err_reply(context, reply, KDC_PKT_VER, "protocol mismatch"); + goto out; + } + RCHECK(krb5_ret_int8(sp, &msg_type), out); + lsb = msg_type & 1; + msg_type &= ~1; + switch(msg_type){ + case AUTH_MSG_KDC_REQUEST: { + krb5_data ticket, cipher; + krb5_keyblock session; + + krb5_data_zero(&ticket); + krb5_data_zero(&cipher); + + RCHECK(krb5_ret_stringz(sp, &name), out1); + RCHECK(krb5_ret_stringz(sp, &inst), out1); + RCHECK(krb5_ret_stringz(sp, &realm), out1); + RCHECK(krb5_ret_int32(sp, &req_time), out1); + if(lsb) + req_time = swap32(req_time); + RCHECK(krb5_ret_int8(sp, &life), out1); + RCHECK(krb5_ret_stringz(sp, &sname), out1); + RCHECK(krb5_ret_stringz(sp, &sinst), out1); + snprintf (client_name, sizeof(client_name), + "%s.%s@%s", name, inst, realm); + snprintf (server_name, sizeof(server_name), + "%s.%s@%s", sname, sinst, config->v4_realm); + + kdc_log(context, config, 0, "AS-REQ (krb4) %s from %s for %s", + client_name, from, server_name); + + ret = _kdc_db_fetch4(context, config, name, inst, realm, HDB_ENT_TYPE_CLIENT, &client); + if(ret) { + kdc_log(context, config, 0, "Client not found in database: %s: %s", + client_name, krb5_get_err_text(context, ret)); + make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, + "principal unknown"); + goto out1; + } + ret = _kdc_db_fetch4(context, config, sname, sinst, + config->v4_realm, HDB_ENT_TYPE_SERVER, &server); + if(ret){ + kdc_log(context, config, 0, "Server not found in database: %s: %s", + server_name, krb5_get_err_text(context, ret)); + make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, + "principal unknown"); + goto out1; + } + + ret = _kdc_check_flags (context, config, + client, client_name, + server, server_name, + TRUE); + if (ret) { + /* good error code? */ + make_err_reply(context, reply, KERB_ERR_NAME_EXP, + "operation not allowed"); + goto out1; + } + + /* + * There's no way to do pre-authentication in v4 and thus no + * good error code to return if preauthentication is required. + */ + + if (config->require_preauth + || client->flags.require_preauth + || server->flags.require_preauth) { + kdc_log(context, config, 0, + "Pre-authentication required for v4-request: " + "%s for %s", + client_name, server_name); + make_err_reply(context, reply, KERB_ERR_NULL_KEY, + "preauth required"); + goto out1; + } + + ret = _kdc_get_des_key(context, client, FALSE, FALSE, &ckey); + if(ret){ + kdc_log(context, config, 0, "no suitable DES key for client"); + make_err_reply(context, reply, KDC_NULL_KEY, + "no suitable DES key for client"); + goto out1; + } + +#if 0 + /* this is not necessary with the new code in libkrb */ + /* find a properly salted key */ + while(ckey->salt == NULL || ckey->salt->salt.length != 0) + ret = hdb_next_keytype2key(context, client, KEYTYPE_DES, &ckey); + if(ret){ + kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s", + name, inst, realm); + make_err_reply(context, reply, KDC_NULL_KEY, + "No version-4 salted key in database"); + goto out1; + } +#endif + + ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey); + if(ret){ + kdc_log(context, config, 0, "no suitable DES key for server"); + /* XXX */ + make_err_reply(context, reply, KDC_NULL_KEY, + "no suitable DES key for server"); + goto out1; + } + + max_life = _krb5_krb_life_to_time(0, life); + if(client->max_life) + max_life = min(max_life, *client->max_life); + if(server->max_life) + max_life = min(max_life, *server->max_life); + + life = krb_time_to_life(kdc_time, kdc_time + max_life); + + ret = krb5_generate_random_keyblock(context, + ETYPE_DES_PCBC_NONE, + &session); + if (ret) { + make_err_reply(context, reply, KFAILURE, + "Not enough random i KDC"); + goto out1; + } + + ret = _krb5_krb_create_ticket(context, + 0, + name, + inst, + config->v4_realm, + addr->sin_addr.s_addr, + &session, + life, + kdc_time, + sname, + sinst, + &skey->key, + &ticket); + if (ret) { + krb5_free_keyblock_contents(context, &session); + make_err_reply(context, reply, KFAILURE, + "failed to create v4 ticket"); + goto out1; + } + + ret = _krb5_krb_create_ciph(context, + &session, + sname, + sinst, + config->v4_realm, + life, + server->kvno % 255, + &ticket, + kdc_time, + &ckey->key, + &cipher); + krb5_free_keyblock_contents(context, &session); + krb5_data_free(&ticket); + if (ret) { + make_err_reply(context, reply, KFAILURE, + "Failed to create v4 cipher"); + goto out1; + } + + ret = _krb5_krb_create_auth_reply(context, + name, + inst, + realm, + req_time, + 0, + client->pw_end ? *client->pw_end : 0, + client->kvno % 256, + &cipher, + reply); + krb5_data_free(&cipher); + + out1: + break; + } + case AUTH_MSG_APPL_REQUEST: { + struct _krb5_krb_auth_data ad; + int8_t kvno; + int8_t ticket_len; + int8_t req_len; + krb5_data auth; + int32_t address; + size_t pos; + krb5_principal tgt_princ = NULL; + hdb_entry *tgt = NULL; + Key *tkey; + time_t max_end, actual_end, issue_time; + + memset(&ad, 0, sizeof(ad)); + krb5_data_zero(&auth); + + RCHECK(krb5_ret_int8(sp, &kvno), out2); + RCHECK(krb5_ret_stringz(sp, &realm), out2); + + ret = krb5_425_conv_principal(context, "krbtgt", realm, + config->v4_realm, + &tgt_princ); + if(ret){ + kdc_log(context, config, 0, + "Converting krbtgt principal (krb4): %s", + krb5_get_err_text(context, ret)); + make_err_reply(context, reply, KFAILURE, + "Failed to convert v4 principal (krbtgt)"); + goto out2; + } + + ret = _kdc_db_fetch(context, config, tgt_princ, HDB_ENT_TYPE_SERVER, &tgt); + if(ret){ + char *s; + s = kdc_log_msg(context, config, 0, "Ticket-granting ticket not " + "found in database (krb4): krbtgt.%s@%s: %s", + realm, config->v4_realm, + krb5_get_err_text(context, ret)); + make_err_reply(context, reply, KFAILURE, s); + free(s); + goto out2; + } + + if(tgt->kvno % 256 != kvno){ + kdc_log(context, config, 0, + "tgs-req (krb4) with old kvno %d (current %d) for " + "krbtgt.%s@%s", kvno, tgt->kvno % 256, + realm, config->v4_realm); + make_err_reply(context, reply, KDC_AUTH_EXP, + "old krbtgt kvno used"); + goto out2; + } + + ret = _kdc_get_des_key(context, tgt, TRUE, FALSE, &tkey); + if(ret){ + kdc_log(context, config, 0, + "no suitable DES key for krbtgt (krb4)"); + /* XXX */ + make_err_reply(context, reply, KDC_NULL_KEY, + "no suitable DES key for krbtgt"); + goto out2; + } + + RCHECK(krb5_ret_int8(sp, &ticket_len), out2); + RCHECK(krb5_ret_int8(sp, &req_len), out2); + + pos = krb5_storage_seek(sp, ticket_len + req_len, SEEK_CUR); + + auth.data = buf; + auth.length = pos; + + if (config->check_ticket_addresses) + address = addr->sin_addr.s_addr; + else + address = 0; + + ret = _krb5_krb_rd_req(context, &auth, "krbtgt", realm, + config->v4_realm, + address, &tkey->key, &ad); + if(ret){ + kdc_log(context, config, 0, "krb_rd_req: %d", ret); + make_err_reply(context, reply, ret, "failed to parse request"); + goto out2; + } + + RCHECK(krb5_ret_int32(sp, &req_time), out2); + if(lsb) + req_time = swap32(req_time); + RCHECK(krb5_ret_int8(sp, &life), out2); + RCHECK(krb5_ret_stringz(sp, &sname), out2); + RCHECK(krb5_ret_stringz(sp, &sinst), out2); + snprintf (server_name, sizeof(server_name), + "%s.%s@%s", + sname, sinst, config->v4_realm); + snprintf (client_name, sizeof(client_name), + "%s.%s@%s", + ad.pname, ad.pinst, ad.prealm); + + kdc_log(context, config, 0, "TGS-REQ (krb4) %s from %s for %s", + client_name, from, server_name); + + if(strcmp(ad.prealm, realm)){ + kdc_log(context, config, 0, + "Can't hop realms (krb4) %s -> %s", realm, ad.prealm); + make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, + "Can't hop realms"); + goto out2; + } + + if (!config->enable_v4_cross_realm && strcmp(realm, config->v4_realm) != 0) { + kdc_log(context, config, 0, + "krb4 Cross-realm %s -> %s disabled", + realm, config->v4_realm); + make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, + "Can't hop realms"); + goto out2; + } + + if(strcmp(sname, "changepw") == 0){ + kdc_log(context, config, 0, + "Bad request for changepw ticket (krb4)"); + make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, + "Can't authorize password change based on TGT"); + goto out2; + } + + ret = _kdc_db_fetch4(context, config, ad.pname, ad.pinst, ad.prealm, HDB_ENT_TYPE_CLIENT, &client); + if(ret && ret != HDB_ERR_NOENTRY) { + char *s; + s = kdc_log_msg(context, config, 0, + "Client not found in database: (krb4) %s: %s", + client_name, krb5_get_err_text(context, ret)); + make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, s); + free(s); + goto out2; + } + if (client == NULL && strcmp(ad.prealm, config->v4_realm) == 0) { + char *s; + s = kdc_log_msg(context, config, 0, + "Local client not found in database: (krb4) " + "%s", client_name); + make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, s); + free(s); + goto out2; + } + + ret = _kdc_db_fetch4(context, config, sname, sinst, config->v4_realm, + HDB_ENT_TYPE_SERVER, &server); + if(ret){ + char *s; + s = kdc_log_msg(context, config, 0, + "Server not found in database (krb4): %s: %s", + server_name, krb5_get_err_text(context, ret)); + make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, s); + free(s); + goto out2; + } + + ret = _kdc_check_flags (context, config, + client, client_name, + server, server_name, + FALSE); + if (ret) { + /* good error code? */ + make_err_reply(context, reply, KERB_ERR_NAME_EXP, + "operation not allowed"); + goto out2; + } + + ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey); + if(ret){ + kdc_log(context, config, 0, + "no suitable DES key for server (krb4)"); + /* XXX */ + make_err_reply(context, reply, KDC_NULL_KEY, + "no suitable DES key for server"); + goto out2; + } + + max_end = _krb5_krb_life_to_time(ad.time_sec, ad.life); + max_end = min(max_end, _krb5_krb_life_to_time(kdc_time, life)); + if(server->max_life) + max_end = min(max_end, kdc_time + *server->max_life); + if(client && client->max_life) + max_end = min(max_end, kdc_time + *client->max_life); + life = min(life, krb_time_to_life(kdc_time, max_end)); + + issue_time = kdc_time; + actual_end = _krb5_krb_life_to_time(issue_time, life); + while (actual_end > max_end && life > 1) { + /* move them into the next earlier lifetime bracket */ + life--; + actual_end = _krb5_krb_life_to_time(issue_time, life); + } + if (actual_end > max_end) { + /* if life <= 1 and it's still too long, backdate the ticket */ + issue_time -= actual_end - max_end; + } + + { + krb5_data ticket, cipher; + krb5_keyblock session; + + krb5_data_zero(&ticket); + krb5_data_zero(&cipher); + + ret = krb5_generate_random_keyblock(context, + ETYPE_DES_PCBC_NONE, + &session); + if (ret) { + make_err_reply(context, reply, KFAILURE, + "Not enough random i KDC"); + goto out2; + } + + ret = _krb5_krb_create_ticket(context, + 0, + ad.pname, + ad.pinst, + ad.prealm, + addr->sin_addr.s_addr, + &session, + life, + issue_time, + sname, + sinst, + &skey->key, + &ticket); + if (ret) { + krb5_free_keyblock_contents(context, &session); + make_err_reply(context, reply, KFAILURE, + "failed to create v4 ticket"); + goto out2; + } + + ret = _krb5_krb_create_ciph(context, + &session, + sname, + sinst, + config->v4_realm, + life, + server->kvno % 255, + &ticket, + issue_time, + &ad.session, + &cipher); + krb5_free_keyblock_contents(context, &session); + if (ret) { + make_err_reply(context, reply, KFAILURE, + "failed to create v4 cipher"); + goto out2; + } + + ret = _krb5_krb_create_auth_reply(context, + ad.pname, + ad.pinst, + ad.prealm, + req_time, + 0, + 0, + 0, + &cipher, + reply); + krb5_data_free(&cipher); + } + out2: + _krb5_krb_free_auth_data(context, &ad); + if(tgt_princ) + krb5_free_principal(context, tgt_princ); + if(tgt) + _kdc_free_ent(context, tgt); + break; + } + case AUTH_MSG_ERR_REPLY: + break; + default: + kdc_log(context, config, 0, "Unknown message type (krb4): %d from %s", + msg_type, from); + + make_err_reply(context, reply, KFAILURE, "Unknown message type"); + } + out: + if(name) + free(name); + if(inst) + free(inst); + if(realm) + free(realm); + if(sname) + free(sname); + if(sinst) + free(sinst); + if(client) + _kdc_free_ent(context, client); + if(server) + _kdc_free_ent(context, server); + krb5_storage_free(sp); + return 0; +} + +krb5_error_code +_kdc_encode_v4_ticket(krb5_context context, + krb5_kdc_configuration *config, + void *buf, size_t len, const EncTicketPart *et, + const PrincipalName *service, size_t *size) +{ + krb5_storage *sp; + krb5_error_code ret; + char name[40], inst[40], realm[40]; + char sname[40], sinst[40]; + + { + krb5_principal princ; + _krb5_principalname2krb5_principal(&princ, + *service, + et->crealm); + ret = krb5_524_conv_principal(context, + princ, + sname, + sinst, + realm); + krb5_free_principal(context, princ); + if(ret) + return ret; + + _krb5_principalname2krb5_principal(&princ, + et->cname, + et->crealm); + + ret = krb5_524_conv_principal(context, + princ, + name, + inst, + realm); + krb5_free_principal(context, princ); + } + if(ret) + return ret; + + sp = krb5_storage_emem(); + + krb5_store_int8(sp, 0); /* flags */ + krb5_store_stringz(sp, name); + krb5_store_stringz(sp, inst); + krb5_store_stringz(sp, realm); + { + unsigned char tmp[4] = { 0, 0, 0, 0 }; + int i; + if(et->caddr){ + for(i = 0; i < et->caddr->len; i++) + if(et->caddr->val[i].addr_type == AF_INET && + et->caddr->val[i].address.length == 4){ + memcpy(tmp, et->caddr->val[i].address.data, 4); + break; + } + } + krb5_storage_write(sp, tmp, sizeof(tmp)); + } + + if((et->key.keytype != ETYPE_DES_CBC_MD5 && + et->key.keytype != ETYPE_DES_CBC_MD4 && + et->key.keytype != ETYPE_DES_CBC_CRC) || + et->key.keyvalue.length != 8) + return -1; + krb5_storage_write(sp, et->key.keyvalue.data, 8); + + { + time_t start = et->starttime ? *et->starttime : et->authtime; + krb5_store_int8(sp, krb_time_to_life(start, et->endtime)); + krb5_store_int32(sp, start); + } + + krb5_store_stringz(sp, sname); + krb5_store_stringz(sp, sinst); + + { + krb5_data data; + krb5_storage_to_data(sp, &data); + krb5_storage_free(sp); + *size = (data.length + 7) & ~7; /* pad to 8 bytes */ + if(*size > len) + return -1; + memset((unsigned char*)buf - *size + 1, 0, *size); + memcpy((unsigned char*)buf - *size + 1, data.data, data.length); + krb5_data_free(&data); + } + return 0; +} + +krb5_error_code +_kdc_get_des_key(krb5_context context, + hdb_entry *principal, krb5_boolean is_server, + krb5_boolean prefer_afs_key, Key **ret_key) +{ + Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL; + int i; + krb5_enctype etypes[] = { ETYPE_DES_CBC_MD5, + ETYPE_DES_CBC_MD4, + ETYPE_DES_CBC_CRC }; + + for(i = 0; + i < sizeof(etypes)/sizeof(etypes[0]) + && (v5_key == NULL || v4_key == NULL || + afs_key == NULL || server_key == NULL); + ++i) { + Key *key = NULL; + while(hdb_next_enctype2key(context, principal, etypes[i], &key) == 0) { + if(key->salt == NULL) { + if(v5_key == NULL) + v5_key = key; + } else if(key->salt->type == hdb_pw_salt && + key->salt->salt.length == 0) { + if(v4_key == NULL) + v4_key = key; + } else if(key->salt->type == hdb_afs3_salt) { + if(afs_key == NULL) + afs_key = key; + } else if(server_key == NULL) + server_key = key; + } + } + + if(prefer_afs_key) { + if(afs_key) + *ret_key = afs_key; + else if(v4_key) + *ret_key = v4_key; + else if(v5_key) + *ret_key = v5_key; + else if(is_server && server_key) + *ret_key = server_key; + else + return KERB_ERR_NULL_KEY; + } else { + if(v4_key) + *ret_key = v4_key; + else if(afs_key) + *ret_key = afs_key; + else if(v5_key) + *ret_key = v5_key; + else if(is_server && server_key) + *ret_key = server_key; + else + return KERB_ERR_NULL_KEY; + } + + if((*ret_key)->key.keyvalue.length == 0) + return KERB_ERR_NULL_KEY; + return 0; +} + diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c new file mode 100644 index 0000000000..122c9ab780 --- /dev/null +++ b/source4/heimdal/kdc/kerberos5.c @@ -0,0 +1,2422 @@ +/* + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdc_locl.h" +#ifdef _SAMBA_BUILD_ +#include "kdc/pac-glue.h" +#endif + +RCSID("$Id: kerberos5.c,v 1.177 2005/06/15 11:34:53 lha Exp $"); + +#define MAX_TIME ((time_t)((1U << 31) - 1)) + +static void +fix_time(time_t **t) +{ + if(*t == NULL){ + ALLOC(*t); + **t = MAX_TIME; + } + if(**t == 0) **t = MAX_TIME; /* fix for old clients */ +} + +static int +realloc_method_data(METHOD_DATA *md) +{ + PA_DATA *pa; + pa = realloc(md->val, (md->len + 1) * sizeof(*md->val)); + if(pa == NULL) + return ENOMEM; + md->val = pa; + md->len++; + return 0; +} + +static void +set_salt_padata (METHOD_DATA *md, Salt *salt) +{ + if (salt) { + realloc_method_data(md); + md->val[md->len - 1].padata_type = salt->type; + copy_octet_string(&salt->salt, + &md->val[md->len - 1].padata_value); + } +} + +static PA_DATA* +find_padata(KDC_REQ *req, int *start, int type) +{ + while(*start < req->padata->len){ + (*start)++; + if(req->padata->val[*start - 1].padata_type == type) + return &req->padata->val[*start - 1]; + } + return NULL; +} + +/* + * return the first appropriate key of `princ' in `ret_key'. Look for + * all the etypes in (`etypes', `len'), stopping as soon as we find + * one, but preferring one that has default salt + */ + +static krb5_error_code +find_etype(krb5_context context, hdb_entry *princ, + krb5_enctype *etypes, unsigned len, + Key **ret_key, krb5_enctype *ret_etype) +{ + int i; + krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP; + + for(i = 0; ret != 0 && i < len ; i++) { + Key *key = NULL; + + if (krb5_enctype_valid(context, etypes[i]) != 0) + continue; + + while (hdb_next_enctype2key(context, princ, etypes[i], &key) == 0) { + if (key->key.keyvalue.length == 0) { + ret = KRB5KDC_ERR_NULL_KEY; + continue; + } + *ret_key = key; + *ret_etype = etypes[i]; + ret = 0; + if (key->salt == NULL) + return ret; + } + } + return ret; +} + +static krb5_error_code +find_keys(krb5_context context, + krb5_kdc_configuration *config, + hdb_entry *client, + hdb_entry *server, + Key **ckey, + krb5_enctype *cetype, + Key **skey, + krb5_enctype *setype, + krb5_enctype *etypes, + unsigned num_etypes) +{ + char unparse_name[] = "krb5_unparse_name failed"; + krb5_error_code ret; + char *name; + + if(client){ + /* find client key */ + ret = find_etype(context, client, etypes, num_etypes, ckey, cetype); + if (ret) { + if (krb5_unparse_name(context, client->principal, &name) != 0) + name = unparse_name; + kdc_log(context, config, 0, + "Client (%s) has no support for etypes", name); + if (name != unparse_name) + free(name); + return ret; + } + } + + if(server){ + /* find server key */ + ret = find_etype(context, server, etypes, num_etypes, skey, setype); + if (ret) { + if (krb5_unparse_name(context, server->principal, &name) != 0) + name = unparse_name; + kdc_log(context, config, 0, + "Server (%s) has no support for etypes", name); + if (name != unparse_name) + free(name); + return ret; + } + } + return 0; +} + +static krb5_error_code +make_anonymous_principalname (PrincipalName *pn) +{ + pn->name_type = KRB5_NT_PRINCIPAL; + pn->name_string.len = 1; + pn->name_string.val = malloc(sizeof(*pn->name_string.val)); + if (pn->name_string.val == NULL) + return ENOMEM; + pn->name_string.val[0] = strdup("anonymous"); + if (pn->name_string.val[0] == NULL) { + free(pn->name_string.val); + pn->name_string.val = NULL; + return ENOMEM; + } + return 0; +} + +static void +log_timestamp(krb5_context context, + krb5_kdc_configuration *config, + const char *type, + KerberosTime authtime, KerberosTime *starttime, + KerberosTime endtime, KerberosTime *renew_till) +{ + char atime[100], stime[100], etime[100], rtime[100]; + + krb5_format_time(context, authtime, atime, sizeof(atime), TRUE); + if (starttime) + krb5_format_time(context, *starttime, stime, sizeof(stime), TRUE); + else + strlcpy(stime, "unset", sizeof(stime)); + krb5_format_time(context, endtime, etime, sizeof(etime), TRUE); + if (renew_till) + krb5_format_time(context, *renew_till, rtime, sizeof(rtime), TRUE); + else + strlcpy(rtime, "unset", sizeof(rtime)); + + kdc_log(context, config, 5, + "%s authtime: %s starttime: %s endtype: %s renew till: %s", + type, atime, stime, etime, rtime); +} + +static krb5_error_code +encode_reply(krb5_context context, + krb5_kdc_configuration *config, + KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek, + krb5_enctype etype, + int skvno, EncryptionKey *skey, + int ckvno, EncryptionKey *ckey, + const char **e_text, + krb5_data *reply) +{ + unsigned char *buf; + size_t buf_size; + size_t len; + krb5_error_code ret; + krb5_crypto crypto; + + ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret); + if(ret) { + kdc_log(context, config, 0, "Failed to encode ticket: %s", + krb5_get_err_text(context, ret)); + return ret; + } + if(buf_size != len) { + free(buf); + kdc_log(context, config, 0, "Internal error in ASN.1 encoder"); + *e_text = "KDC internal error"; + return KRB5KRB_ERR_GENERIC; + } + + ret = krb5_crypto_init(context, skey, etype, &crypto); + if (ret) { + free(buf); + kdc_log(context, config, 0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + return ret; + } + + ret = krb5_encrypt_EncryptedData(context, + crypto, + KRB5_KU_TICKET, + buf, + len, + skvno, + &rep->ticket.enc_part); + free(buf); + krb5_crypto_destroy(context, crypto); + if(ret) { + kdc_log(context, config, 0, "Failed to encrypt data: %s", + krb5_get_err_text(context, ret)); + return ret; + } + + if(rep->msg_type == krb_as_rep && !config->encode_as_rep_as_tgs_rep) + ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret); + else + ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret); + if(ret) { + kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", + krb5_get_err_text(context, ret)); + return ret; + } + if(buf_size != len) { + free(buf); + kdc_log(context, config, 0, "Internal error in ASN.1 encoder"); + *e_text = "KDC internal error"; + return KRB5KRB_ERR_GENERIC; + } + ret = krb5_crypto_init(context, ckey, 0, &crypto); + if (ret) { + free(buf); + kdc_log(context, config, 0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + return ret; + } + if(rep->msg_type == krb_as_rep) { + krb5_encrypt_EncryptedData(context, + crypto, + KRB5_KU_AS_REP_ENC_PART, + buf, + len, + ckvno, + &rep->enc_part); + free(buf); + ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret); + } else { + krb5_encrypt_EncryptedData(context, + crypto, + KRB5_KU_TGS_REP_ENC_PART_SESSION, + buf, + len, + ckvno, + &rep->enc_part); + free(buf); + ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret); + } + krb5_crypto_destroy(context, crypto); + if(ret) { + kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", + krb5_get_err_text(context, ret)); + return ret; + } + if(buf_size != len) { + free(buf); + kdc_log(context, config, 0, "Internal error in ASN.1 encoder"); + *e_text = "KDC internal error"; + return KRB5KRB_ERR_GENERIC; + } + reply->data = buf; + reply->length = buf_size; + return 0; +} + +static krb5_error_code +make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key) +{ + ent->etype = key->key.keytype; + if(key->salt){ + ALLOC(ent->salttype); +#if 0 + if(key->salt->type == hdb_pw_salt) + *ent->salttype = 0; /* or 1? or NULL? */ + else if(key->salt->type == hdb_afs3_salt) + *ent->salttype = 2; + else { + kdc_log(context, config, 0, "unknown salt-type: %d", + key->salt->type); + return KRB5KRB_ERR_GENERIC; + } + /* according to `the specs', we can't send a salt if + we have AFS3 salted key, but that requires that you + *know* what cell you are using (e.g by assuming + that the cell is the same as the realm in lower + case) */ +#else + *ent->salttype = key->salt->type; +#endif + krb5_copy_data(context, &key->salt->salt, + &ent->salt); + } else { + /* we return no salt type at all, as that should indicate + * the default salt type and make everybody happy. some + * systems (like w2k) dislike being told the salt type + * here. */ + + ent->salttype = NULL; + ent->salt = NULL; + } + return 0; +} + +static krb5_error_code +get_pa_etype_info(krb5_context context, + krb5_kdc_configuration *config, + METHOD_DATA *md, hdb_entry *client, + ENCTYPE *etypes, unsigned int etypes_len) +{ + krb5_error_code ret = 0; + int i, j; + unsigned int n = 0; + ETYPE_INFO pa; + unsigned char *buf; + size_t len; + + + pa.len = client->keys.len; + if(pa.len > UINT_MAX/sizeof(*pa.val)) + return ERANGE; + pa.val = malloc(pa.len * sizeof(*pa.val)); + if(pa.val == NULL) + return ENOMEM; + memset(pa.val, 0, pa.len * sizeof(*pa.val)); + + for(j = 0; j < etypes_len; j++) { + for (i = 0; i < n; i++) + if (pa.val[i].etype == etypes[j]) + goto skip1; + for(i = 0; i < client->keys.len; i++) { + if(client->keys.val[i].key.keytype == etypes[j]) { + if (krb5_enctype_valid(context, etypes[j]) != 0) + continue; + if((ret = make_etype_info_entry(context, + &pa.val[n++], + &client->keys.val[i])) != 0) { + free_ETYPE_INFO(&pa); + return ret; + } + } + } + skip1:; + } + for(i = 0; i < client->keys.len; i++) { + for(j = 0; j < etypes_len; j++) { + if(client->keys.val[i].key.keytype == etypes[j]) + goto skip2; + } + if (krb5_enctype_valid(context, client->keys.val[i].key.keytype) != 0) + continue; + if((ret = make_etype_info_entry(context, + &pa.val[n++], + &client->keys.val[i])) != 0) { + free_ETYPE_INFO(&pa); + return ret; + } + skip2:; + } + + if(n != pa.len) { + char *name; + ret = krb5_unparse_name(context, client->principal, &name); + if (ret) + name = ""; + kdc_log(context, config, 0, "internal error in get_pa_etype_info(%s): %d != %d", + name, n, pa.len); + if (ret == 0) + free(name); + pa.len = n; + } + + ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret); + free_ETYPE_INFO(&pa); + if(ret) + return ret; + ret = realloc_method_data(md); + if(ret) { + free(buf); + return ret; + } + md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO; + md->val[md->len - 1].padata_value.length = len; + md->val[md->len - 1].padata_value.data = buf; + return 0; +} + +/* + * + */ + +extern int _krb5_AES_string_to_default_iterator; + +static krb5_error_code +make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key) +{ + ent->etype = key->key.keytype; + if(key->salt) { + ALLOC(ent->salt); + if (ent->salt == NULL) + return ENOMEM; + *ent->salt = malloc(key->salt->salt.length + 1); + if (*ent->salt == NULL) { + free(ent->salt); + ent->salt = NULL; + return ENOMEM; + } + memcpy(*ent->salt, key->salt->salt.data, key->salt->salt.length); + (*ent->salt)[key->salt->salt.length] = '\0'; + } else + ent->salt = NULL; + + ent->s2kparams = NULL; + + switch (key->key.keytype) { + case KEYTYPE_AES128: + case KEYTYPE_AES256: + ALLOC(ent->s2kparams); + if (ent->s2kparams == NULL) + return ENOMEM; + ent->s2kparams->length = 4; + ent->s2kparams->data = malloc(ent->s2kparams->length); + if (ent->s2kparams->data == NULL) { + free(ent->s2kparams); + ent->s2kparams = NULL; + return ENOMEM; + } + _krb5_put_int(ent->s2kparams->data, + _krb5_AES_string_to_default_iterator, + ent->s2kparams->length); + break; + default: + break; + } + return 0; +} + +/* + * Return 1 if the client have only older enctypes, this is for + * determining if the server should send ETYPE_INFO2 or not. + */ + +static int +only_older_enctype_p(const KDC_REQ *req) +{ + int i; + + for(i = 0; i < req->req_body.etype.len; i++) { + switch (req->req_body.etype.val[i]) { + case ETYPE_DES_CBC_CRC: + case ETYPE_DES_CBC_MD4: + case ETYPE_DES_CBC_MD5: + case ETYPE_DES3_CBC_SHA1: + case ETYPE_ARCFOUR_HMAC_MD5: + case ETYPE_ARCFOUR_HMAC_MD5_56: + break; + default: + return 0; + } + } + return 1; +} + +/* + * + */ + +static krb5_error_code +get_pa_etype_info2(krb5_context context, + krb5_kdc_configuration *config, + METHOD_DATA *md, hdb_entry *client, + ENCTYPE *etypes, unsigned int etypes_len) +{ + krb5_error_code ret = 0; + int i, j; + unsigned int n = 0; + ETYPE_INFO2 pa; + unsigned char *buf; + size_t len; + + pa.len = client->keys.len; + if(pa.len > UINT_MAX/sizeof(*pa.val)) + return ERANGE; + pa.val = malloc(pa.len * sizeof(*pa.val)); + if(pa.val == NULL) + return ENOMEM; + memset(pa.val, 0, pa.len * sizeof(*pa.val)); + + for(j = 0; j < etypes_len; j++) { + for (i = 0; i < n; i++) + if (pa.val[i].etype == etypes[j]) + goto skip1; + for(i = 0; i < client->keys.len; i++) { + if(client->keys.val[i].key.keytype == etypes[j]) { + if (krb5_enctype_valid(context, etypes[j]) != 0) + continue; + if((ret = make_etype_info2_entry(&pa.val[n++], + &client->keys.val[i])) != 0) { + free_ETYPE_INFO2(&pa); + return ret; + } + } + } + skip1:; + } + for(i = 0; i < client->keys.len; i++) { + for(j = 0; j < etypes_len; j++) { + if(client->keys.val[i].key.keytype == etypes[j]) + goto skip2; + } + if (krb5_enctype_valid(context, client->keys.val[i].key.keytype) != 0) + continue; + if((ret = make_etype_info2_entry(&pa.val[n++], + &client->keys.val[i])) != 0) { + free_ETYPE_INFO2(&pa); + return ret; + } + skip2:; + } + + if(n != pa.len) { + char *name; + ret = krb5_unparse_name(context, client->principal, &name); + if (ret) + name = ""; + kdc_log(context, config, 0, "internal error in get_pa_etype_info2(%s): %d != %d", + name, n, pa.len); + if (ret == 0) + free(name); + pa.len = n; + } + + ASN1_MALLOC_ENCODE(ETYPE_INFO2, buf, len, &pa, &len, ret); + free_ETYPE_INFO2(&pa); + if(ret) + return ret; + ret = realloc_method_data(md); + if(ret) { + free(buf); + return ret; + } + md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO2; + md->val[md->len - 1].padata_value.length = len; + md->val[md->len - 1].padata_value.data = buf; + return 0; +} + +/* + * verify the flags on `client' and `server', returning 0 + * if they are OK and generating an error messages and returning + * and error code otherwise. + */ + +krb5_error_code +_kdc_check_flags(krb5_context context, + krb5_kdc_configuration *config, + hdb_entry *client, const char *client_name, + hdb_entry *server, const char *server_name, + krb5_boolean is_as_req) +{ + if(client != NULL) { + /* check client */ + if (client->flags.invalid) { + kdc_log(context, config, 0, + "Client (%s) has invalid bit set", client_name); + return KRB5KDC_ERR_POLICY; + } + + if(!client->flags.client){ + kdc_log(context, config, 0, + "Principal may not act as client -- %s", + client_name); + return KRB5KDC_ERR_POLICY; + } + + if (client->valid_start && *client->valid_start > kdc_time) { + kdc_log(context, config, 0, "Client not yet valid -- %s", client_name); + return KRB5KDC_ERR_CLIENT_NOTYET; + } + + if (client->valid_end && *client->valid_end < kdc_time) { + kdc_log(context, config, 0, "Client expired -- %s", client_name); + return KRB5KDC_ERR_NAME_EXP; + } + + if (client->pw_end && *client->pw_end < kdc_time + && !server->flags.change_pw) { + kdc_log(context, config, 0, "Client's key has expired -- %s", client_name); + return KRB5KDC_ERR_KEY_EXPIRED; + } + } + + /* check server */ + + if (server != NULL) { + if (server->flags.invalid) { + kdc_log(context, config, 0, "Server has invalid flag set -- %s", server_name); + return KRB5KDC_ERR_POLICY; + } + + if(!server->flags.server){ + kdc_log(context, config, 0, "Principal may not act as server -- %s", + server_name); + return KRB5KDC_ERR_POLICY; + } + + if(!is_as_req && server->flags.initial) { + kdc_log(context, config, 0, "AS-REQ is required for server -- %s", server_name); + return KRB5KDC_ERR_POLICY; + } + + if (server->valid_start && *server->valid_start > kdc_time) { + kdc_log(context, config, 0, "Server not yet valid -- %s", server_name); + return KRB5KDC_ERR_SERVICE_NOTYET; + } + + if (server->valid_end && *server->valid_end < kdc_time) { + kdc_log(context, config, 0, "Server expired -- %s", server_name); + return KRB5KDC_ERR_SERVICE_EXP; + } + + if (server->pw_end && *server->pw_end < kdc_time) { + kdc_log(context, config, 0, "Server's key has expired -- %s", server_name); + return KRB5KDC_ERR_KEY_EXPIRED; + } + } + return 0; +} + +/* + * Return TRUE if `from' is part of `addresses' taking into consideration + * the configuration variables that tells us how strict we should be about + * these checks + */ + +static krb5_boolean +check_addresses(krb5_context context, + krb5_kdc_configuration *config, + HostAddresses *addresses, const struct sockaddr *from) +{ + krb5_error_code ret; + krb5_address addr; + krb5_boolean result; + + if(config->check_ticket_addresses == 0) + return TRUE; + + if(addresses == NULL) + return config->allow_null_ticket_addresses; + + ret = krb5_sockaddr2address (context, from, &addr); + if(ret) + return FALSE; + + result = krb5_address_search(context, &addr, addresses); + krb5_free_address (context, &addr); + return result; +} + +krb5_error_code +_kdc_as_rep(krb5_context context, + krb5_kdc_configuration *config, + KDC_REQ *req, + krb5_data *reply, + const char *from, + struct sockaddr *from_addr) +{ + KDC_REQ_BODY *b = &req->req_body; + AS_REP rep; + KDCOptions f = b->kdc_options; + hdb_entry *client = NULL, *server = NULL; + krb5_enctype cetype, setype; + EncTicketPart et; + EncKDCRepPart ek; + krb5_principal client_princ = NULL, server_princ = NULL; + char *client_name = NULL, *server_name = NULL; + krb5_error_code ret = 0; + const char *e_text = NULL; + krb5_crypto crypto; + Key *ckey, *skey; + EncryptionKey *reply_key; +#ifdef PKINIT + pk_client_params *pkp = NULL; +#endif + + memset(&rep, 0, sizeof(rep)); + + if(b->sname == NULL){ + ret = KRB5KRB_ERR_GENERIC; + e_text = "No server in request"; + } else{ + _krb5_principalname2krb5_principal (&server_princ, + *(b->sname), b->realm); + ret = krb5_unparse_name(context, server_princ, &server_name); + } + if (ret) { + kdc_log(context, config, 0, "AS-REQ malformed server name from %s", from); + goto out; + } + + if(b->cname == NULL){ + ret = KRB5KRB_ERR_GENERIC; + e_text = "No client in request"; + } else { + _krb5_principalname2krb5_principal (&client_princ, + *(b->cname), b->realm); + ret = krb5_unparse_name(context, client_princ, &client_name); + } + if (ret) { + kdc_log(context, config, 0, "AS-REQ malformed client name from %s", from); + goto out; + } + + kdc_log(context, config, 0, "AS-REQ %s from %s for %s", + client_name, from, server_name); + + ret = _kdc_db_fetch(context, config, client_princ, HDB_ENT_TYPE_CLIENT, &client); + if(ret){ + kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name, + krb5_get_err_text(context, ret)); + ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; + goto out; + } + + ret = _kdc_db_fetch(context, config, server_princ, HDB_ENT_TYPE_SERVER, &server); + if(ret){ + kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name, + krb5_get_err_text(context, ret)); + ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; + goto out; + } + + ret = _kdc_check_flags(context, config, + client, client_name, + server, server_name, + TRUE); + if(ret) + goto out; + + memset(&et, 0, sizeof(et)); + memset(&ek, 0, sizeof(ek)); + + if(req->padata){ + int i = 0; + PA_DATA *pa; + int found_pa = 0; + +#ifdef PKINIT + kdc_log(context, config, 5, + "Looking for PKINIT pa-data -- %s", client_name); + + e_text = "No PKINIT PA found"; + + i = 0; + if ((pa = find_padata(req, &i, KRB5_PADATA_PK_AS_REQ))) + ; + if (pa == NULL) { + i = 0; + if((pa = find_padata(req, &i, KRB5_PADATA_PK_AS_REQ_19))) + ; + } + if (pa == NULL) { + i = 0; + if((pa = find_padata(req, &i, KRB5_PADATA_PK_AS_REQ_WIN))) + ; + } + if (pa) { + char *client_cert = NULL; + + ret = _kdc_pk_rd_padata(context, config, req, pa, &pkp); + if (ret) { + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + kdc_log(context, config, 5, + "Failed to decode PKINIT PA-DATA -- %s", + client_name); + goto ts_enc; + } + if (ret == 0 && pkp == NULL) + goto ts_enc; + + ret = _kdc_pk_check_client(context, + config, + client_princ, + client, + pkp, + &client_cert); + if (ret) { + e_text = "PKINIT certificate not allowed to " + "impersonate principal"; + _kdc_pk_free_client_param(context, pkp); + pkp = NULL; + goto ts_enc; + } + found_pa = 1; + et.flags.pre_authent = 1; + kdc_log(context, config, 2, + "PKINIT pre-authentication succeeded -- %s using %s", + client_name, client_cert); + free(client_cert); + if (pkp) + goto preauth_done; + } + ts_enc: +#endif + kdc_log(context, config, 5, "Looking for ENC-TS pa-data -- %s", + client_name); + + i = 0; + e_text = "No ENC-TS found"; + while((pa = find_padata(req, &i, KRB5_PADATA_ENC_TIMESTAMP))){ + krb5_data ts_data; + PA_ENC_TS_ENC p; + size_t len; + EncryptedData enc_data; + Key *pa_key; + + found_pa = 1; + + ret = decode_EncryptedData(pa->padata_value.data, + pa->padata_value.length, + &enc_data, + &len); + if (ret) { + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + kdc_log(context, config, 5, "Failed to decode PA-DATA -- %s", + client_name); + goto out; + } + + ret = hdb_enctype2key(context, client, enc_data.etype, &pa_key); + if(ret){ + char *estr; + e_text = "No key matches pa-data"; + ret = KRB5KDC_ERR_PREAUTH_FAILED; + if(krb5_enctype_to_string(context, enc_data.etype, &estr)) + estr = NULL; + if(estr == NULL) + kdc_log(context, config, 5, + "No client key matching pa-data (%d) -- %s", + enc_data.etype, client_name); + else + kdc_log(context, config, 5, + "No client key matching pa-data (%s) -- %s", + estr, client_name); + free(estr); + + free_EncryptedData(&enc_data); + continue; + } + + try_next_key: + ret = krb5_crypto_init(context, &pa_key->key, 0, &crypto); + if (ret) { + kdc_log(context, config, 0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + free_EncryptedData(&enc_data); + continue; + } + + ret = krb5_decrypt_EncryptedData (context, + crypto, + KRB5_KU_PA_ENC_TIMESTAMP, + &enc_data, + &ts_data); + krb5_crypto_destroy(context, crypto); + if(ret){ + if(hdb_next_enctype2key(context, client, + enc_data.etype, &pa_key) == 0) + goto try_next_key; + free_EncryptedData(&enc_data); + e_text = "Failed to decrypt PA-DATA"; + kdc_log(context, config, + 5, "Failed to decrypt PA-DATA -- %s", + client_name); + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + continue; + } + free_EncryptedData(&enc_data); + ret = decode_PA_ENC_TS_ENC(ts_data.data, + ts_data.length, + &p, + &len); + krb5_data_free(&ts_data); + if(ret){ + e_text = "Failed to decode PA-ENC-TS-ENC"; + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + kdc_log(context, config, + 5, "Failed to decode PA-ENC-TS_ENC -- %s", + client_name); + continue; + } + free_PA_ENC_TS_ENC(&p); + if (abs(kdc_time - p.patimestamp) > context->max_skew) { + ret = KRB5KDC_ERR_PREAUTH_FAILED; + e_text = "Too large time skew"; + kdc_log(context, config, 0, + "Too large time skew -- %s", client_name); + goto out; + } + et.flags.pre_authent = 1; + kdc_log(context, config, 2, + "ENC-TS Pre-authentication succeeded -- %s", + client_name); + break; + } +#ifdef PKINIT + preauth_done: +#endif + if(found_pa == 0 && config->require_preauth) + goto use_pa; + /* We come here if we found a pa-enc-timestamp, but if there + was some problem with it, other than too large skew */ + if(found_pa && et.flags.pre_authent == 0){ + kdc_log(context, config, 0, "%s -- %s", e_text, client_name); + e_text = NULL; + goto out; + } + }else if (config->require_preauth + || client->flags.require_preauth + || server->flags.require_preauth) { + METHOD_DATA method_data; + PA_DATA *pa; + unsigned char *buf; + size_t len; + krb5_data foo_data; + + use_pa: + method_data.len = 0; + method_data.val = NULL; + + ret = realloc_method_data(&method_data); + pa = &method_data.val[method_data.len-1]; + pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP; + pa->padata_value.length = 0; + pa->padata_value.data = NULL; + +#ifdef PKINIT + ret = realloc_method_data(&method_data); + pa = &method_data.val[method_data.len-1]; + pa->padata_type = KRB5_PADATA_PK_AS_REQ; + pa->padata_value.length = 0; + pa->padata_value.data = NULL; + + ret = realloc_method_data(&method_data); + pa = &method_data.val[method_data.len-1]; + pa->padata_type = KRB5_PADATA_PK_AS_REQ_19; + pa->padata_value.length = 0; + pa->padata_value.data = NULL; +#endif + + /* XXX check ret */ + if (only_older_enctype_p(req)) + ret = get_pa_etype_info(context, config, &method_data, client, + b->etype.val, b->etype.len); + /* XXX check ret */ + ret = get_pa_etype_info2(context, config, &method_data, client, + b->etype.val, b->etype.len); + + + ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret); + free_METHOD_DATA(&method_data); + foo_data.data = buf; + foo_data.length = len; + + ret = KRB5KDC_ERR_PREAUTH_REQUIRED; + krb5_mk_error(context, + ret, + "Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ", + &foo_data, + client_princ, + server_princ, + NULL, + NULL, + reply); + free(buf); + kdc_log(context, config, 0, + "No preauth found, returning PREAUTH-REQUIRED -- %s", + client_name); + ret = 0; + goto out2; + } + + ret = find_keys(context, config, + client, server, &ckey, &cetype, &skey, &setype, + b->etype.val, b->etype.len); + if(ret) { + kdc_log(context, config, 0, "Server/client has no support for etypes"); + goto out; + } + + { + struct rk_strpool *p = NULL; + char *str; + int i; + + for (i = 0; i < b->etype.len; i++) { + ret = krb5_enctype_to_string(context, b->etype.val[i], &str); + if (ret == 0) { + p = rk_strpoolprintf(p, "%s", str); + free(str); + } else + p = rk_strpoolprintf(p, "%d", b->etype.val[i]); + if (p && i + 1 < b->etype.len) + p = rk_strpoolprintf(p, ", "); + if (p == NULL) { + kdc_log(context, config, 0, "out of meory"); + goto out; + } + } + str = rk_strpoolcollect(p); + kdc_log(context, config, 0, "Client supported enctypes: %s", str); + free(str); + } + { + char *cet; + char *set; + + ret = krb5_enctype_to_string(context, cetype, &cet); + if(ret == 0) { + ret = krb5_enctype_to_string(context, setype, &set); + if (ret == 0) { + kdc_log(context, config, 5, "Using %s/%s", cet, set); + free(set); + } + free(cet); + } + if (ret != 0) + kdc_log(context, config, 5, "Using e-types %d/%d", cetype, setype); + } + + { + char str[128]; + unparse_flags(KDCOptions2int(f), asn1_KDCOptions_units(), + str, sizeof(str)); + if(*str) + kdc_log(context, config, 2, "Requested flags: %s", str); + } + + + if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey + || (f.request_anonymous && !config->allow_anonymous)) { + ret = KRB5KDC_ERR_BADOPTION; + kdc_log(context, config, 0, "Bad KDC options -- %s", client_name); + goto out; + } + + rep.pvno = 5; + rep.msg_type = krb_as_rep; + copy_Realm(&client->principal->realm, &rep.crealm); + if (f.request_anonymous) + make_anonymous_principalname (&rep.cname); + else + _krb5_principal2principalname(&rep.cname, + client->principal); + rep.ticket.tkt_vno = 5; + copy_Realm(&server->principal->realm, &rep.ticket.realm); + _krb5_principal2principalname(&rep.ticket.sname, + server->principal); + + et.flags.initial = 1; + if(client->flags.forwardable && server->flags.forwardable) + et.flags.forwardable = f.forwardable; + else if (f.forwardable) { + ret = KRB5KDC_ERR_POLICY; + kdc_log(context, config, 0, + "Ticket may not be forwardable -- %s", client_name); + goto out; + } + if(client->flags.proxiable && server->flags.proxiable) + et.flags.proxiable = f.proxiable; + else if (f.proxiable) { + ret = KRB5KDC_ERR_POLICY; + kdc_log(context, config, 0, + "Ticket may not be proxiable -- %s", client_name); + goto out; + } + if(client->flags.postdate && server->flags.postdate) + et.flags.may_postdate = f.allow_postdate; + else if (f.allow_postdate){ + ret = KRB5KDC_ERR_POLICY; + kdc_log(context, config, 0, + "Ticket may not be postdatable -- %s", client_name); + goto out; + } + + /* check for valid set of addresses */ + if(!check_addresses(context, config, b->addresses, from_addr)) { + ret = KRB5KRB_AP_ERR_BADADDR; + kdc_log(context, config, 0, + "Bad address list requested -- %s", client_name); + goto out; + } + + krb5_generate_random_keyblock(context, setype, &et.key); + copy_PrincipalName(&rep.cname, &et.cname); + copy_Realm(&rep.crealm, &et.crealm); + + { + time_t start; + time_t t; + + start = et.authtime = kdc_time; + + if(f.postdated && req->req_body.from){ + ALLOC(et.starttime); + start = *et.starttime = *req->req_body.from; + et.flags.invalid = 1; + et.flags.postdated = 1; /* XXX ??? */ + } + fix_time(&b->till); + t = *b->till; + + /* be careful not overflowing */ + + if(client->max_life) + t = start + min(t - start, *client->max_life); + if(server->max_life) + t = start + min(t - start, *server->max_life); +#if 0 + t = min(t, start + realm->max_life); +#endif + et.endtime = t; + if(f.renewable_ok && et.endtime < *b->till){ + f.renewable = 1; + if(b->rtime == NULL){ + ALLOC(b->rtime); + *b->rtime = 0; + } + if(*b->rtime < *b->till) + *b->rtime = *b->till; + } + if(f.renewable && b->rtime){ + t = *b->rtime; + if(t == 0) + t = MAX_TIME; + if(client->max_renew) + t = start + min(t - start, *client->max_renew); + if(server->max_renew) + t = start + min(t - start, *server->max_renew); +#if 0 + t = min(t, start + realm->max_renew); +#endif + ALLOC(et.renew_till); + *et.renew_till = t; + et.flags.renewable = 1; + } + } + + if (f.request_anonymous) + et.flags.anonymous = 1; + + if(b->addresses){ + ALLOC(et.caddr); + copy_HostAddresses(b->addresses, et.caddr); + } + + et.transited.tr_type = DOMAIN_X500_COMPRESS; + krb5_data_zero(&et.transited.contents); + + copy_EncryptionKey(&et.key, &ek.key); + + /* The MIT ASN.1 library (obviously) doesn't tell lengths encoded + * as 0 and as 0x80 (meaning indefinite length) apart, and is thus + * incapable of correctly decoding SEQUENCE OF's of zero length. + * + * To fix this, always send at least one no-op last_req + * + * If there's a pw_end or valid_end we will use that, + * otherwise just a dummy lr. + */ + ek.last_req.val = malloc(2 * sizeof(*ek.last_req.val)); + ek.last_req.len = 0; + if (client->pw_end + && (config->kdc_warn_pwexpire == 0 + || kdc_time + config->kdc_warn_pwexpire <= *client->pw_end)) { + ek.last_req.val[ek.last_req.len].lr_type = LR_PW_EXPTIME; + ek.last_req.val[ek.last_req.len].lr_value = *client->pw_end; + ++ek.last_req.len; + } + if (client->valid_end) { + ek.last_req.val[ek.last_req.len].lr_type = LR_ACCT_EXPTIME; + ek.last_req.val[ek.last_req.len].lr_value = *client->valid_end; + ++ek.last_req.len; + } + if (ek.last_req.len == 0) { + ek.last_req.val[ek.last_req.len].lr_type = LR_NONE; + ek.last_req.val[ek.last_req.len].lr_value = 0; + ++ek.last_req.len; + } + ek.nonce = b->nonce; + if (client->valid_end || client->pw_end) { + ALLOC(ek.key_expiration); + if (client->valid_end) { + if (client->pw_end) + *ek.key_expiration = min(*client->valid_end, *client->pw_end); + else + *ek.key_expiration = *client->valid_end; + } else + *ek.key_expiration = *client->pw_end; + } else + ek.key_expiration = NULL; + ek.flags = et.flags; + ek.authtime = et.authtime; + if (et.starttime) { + ALLOC(ek.starttime); + *ek.starttime = *et.starttime; + } + ek.endtime = et.endtime; + if (et.renew_till) { + ALLOC(ek.renew_till); + *ek.renew_till = *et.renew_till; + } + copy_Realm(&rep.ticket.realm, &ek.srealm); + copy_PrincipalName(&rep.ticket.sname, &ek.sname); + if(et.caddr){ + ALLOC(ek.caddr); + copy_HostAddresses(et.caddr, ek.caddr); + } + + ALLOC(rep.padata); + rep.padata->len = 0; + rep.padata->val = NULL; + + reply_key = &ckey->key; +#if PKINIT + if (pkp) { + ret = _kdc_pk_mk_pa_reply(context, config, pkp, client, req, + &reply_key, rep.padata); + if (ret) + goto out; + } +#endif + + set_salt_padata (rep.padata, ckey->salt); + + if (rep.padata->len == 0) { + free(rep.padata); + rep.padata = NULL; + } + + log_timestamp(context, config, "AS-REQ", et.authtime, et.starttime, + et.endtime, et.renew_till); + + ret = encode_reply(context, config, + &rep, &et, &ek, setype, server->kvno, &skey->key, + client->kvno, reply_key, &e_text, reply); + free_EncTicketPart(&et); + free_EncKDCRepPart(&ek); + out: + free_AS_REP(&rep); + if(ret){ + krb5_mk_error(context, + ret, + e_text, + NULL, + client_princ, + server_princ, + NULL, + NULL, + reply); + ret = 0; + } + out2: +#ifdef PKINIT + if (pkp) + _kdc_pk_free_client_param(context, pkp); +#endif + if (client_princ) + krb5_free_principal(context, client_princ); + free(client_name); + if (server_princ) + krb5_free_principal(context, server_princ); + free(server_name); + if(client) + _kdc_free_ent(context, client); + if(server) + _kdc_free_ent(context, server); + return ret; +} + + +static krb5_error_code +check_tgs_flags(krb5_context context, + krb5_kdc_configuration *config, + KDC_REQ_BODY *b, EncTicketPart *tgt, EncTicketPart *et) +{ + KDCOptions f = b->kdc_options; + + if(f.validate){ + if(!tgt->flags.invalid || tgt->starttime == NULL){ + kdc_log(context, config, 0, "Bad request to validate ticket"); + return KRB5KDC_ERR_BADOPTION; + } + if(*tgt->starttime > kdc_time){ + kdc_log(context, config, 0, "Early request to validate ticket"); + return KRB5KRB_AP_ERR_TKT_NYV; + } + /* XXX tkt = tgt */ + et->flags.invalid = 0; + }else if(tgt->flags.invalid){ + kdc_log(context, config, 0, "Ticket-granting ticket has INVALID flag set"); + return KRB5KRB_AP_ERR_TKT_INVALID; + } + + if(f.forwardable){ + if(!tgt->flags.forwardable){ + kdc_log(context, config, 0, "Bad request for forwardable ticket"); + return KRB5KDC_ERR_BADOPTION; + } + et->flags.forwardable = 1; + } + if(f.forwarded){ + if(!tgt->flags.forwardable){ + kdc_log(context, config, 0, "Request to forward non-forwardable ticket"); + return KRB5KDC_ERR_BADOPTION; + } + et->flags.forwarded = 1; + et->caddr = b->addresses; + } + if(tgt->flags.forwarded) + et->flags.forwarded = 1; + + if(f.proxiable){ + if(!tgt->flags.proxiable){ + kdc_log(context, config, 0, + "Bad request for proxiable ticket"); + return KRB5KDC_ERR_BADOPTION; + } + et->flags.proxiable = 1; + } + if(f.proxy){ + if(!tgt->flags.proxiable){ + kdc_log(context, config, 0, + "Request to proxy non-proxiable ticket"); + return KRB5KDC_ERR_BADOPTION; + } + et->flags.proxy = 1; + et->caddr = b->addresses; + } + if(tgt->flags.proxy) + et->flags.proxy = 1; + + if(f.allow_postdate){ + if(!tgt->flags.may_postdate){ + kdc_log(context, config, 0, + "Bad request for post-datable ticket"); + return KRB5KDC_ERR_BADOPTION; + } + et->flags.may_postdate = 1; + } + if(f.postdated){ + if(!tgt->flags.may_postdate){ + kdc_log(context, config, 0, + "Bad request for postdated ticket"); + return KRB5KDC_ERR_BADOPTION; + } + if(b->from) + *et->starttime = *b->from; + et->flags.postdated = 1; + et->flags.invalid = 1; + }else if(b->from && *b->from > kdc_time + context->max_skew){ + kdc_log(context, config, 0, "Ticket cannot be postdated"); + return KRB5KDC_ERR_CANNOT_POSTDATE; + } + + if(f.renewable){ + if(!tgt->flags.renewable){ + kdc_log(context, config, 0, + "Bad request for renewable ticket"); + return KRB5KDC_ERR_BADOPTION; + } + et->flags.renewable = 1; + ALLOC(et->renew_till); + fix_time(&b->rtime); + *et->renew_till = *b->rtime; + } + if(f.renew){ + time_t old_life; + if(!tgt->flags.renewable || tgt->renew_till == NULL){ + kdc_log(context, config, 0, + "Request to renew non-renewable ticket"); + return KRB5KDC_ERR_BADOPTION; + } + old_life = tgt->endtime; + if(tgt->starttime) + old_life -= *tgt->starttime; + else + old_life -= tgt->authtime; + et->endtime = *et->starttime + old_life; + if (et->renew_till != NULL) + et->endtime = min(*et->renew_till, et->endtime); + } + + /* checks for excess flags */ + if(f.request_anonymous && !config->allow_anonymous){ + kdc_log(context, config, 0, + "Request for anonymous ticket"); + return KRB5KDC_ERR_BADOPTION; + } + return 0; +} + +static krb5_error_code +fix_transited_encoding(krb5_context context, + krb5_kdc_configuration *config, + krb5_boolean check_policy, + TransitedEncoding *tr, + EncTicketPart *et, + const char *client_realm, + const char *server_realm, + const char *tgt_realm) +{ + krb5_error_code ret = 0; + char **realms, **tmp; + int num_realms; + int i; + + if(tr->tr_type != DOMAIN_X500_COMPRESS) { + kdc_log(context, config, 0, + "Unknown transited type: %u", tr->tr_type); + return KRB5KDC_ERR_TRTYPE_NOSUPP; + } + + ret = krb5_domain_x500_decode(context, + tr->contents, + &realms, + &num_realms, + client_realm, + server_realm); + if(ret){ + krb5_warn(context, ret, + "Decoding transited encoding"); + return ret; + } + if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) { + /* not us, so add the previous realm to transited set */ + if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) { + ret = ERANGE; + goto free_realms; + } + tmp = realloc(realms, (num_realms + 1) * sizeof(*realms)); + if(tmp == NULL){ + ret = ENOMEM; + goto free_realms; + } + realms = tmp; + realms[num_realms] = strdup(tgt_realm); + if(realms[num_realms] == NULL){ + ret = ENOMEM; + goto free_realms; + } + num_realms++; + } + if(num_realms == 0) { + if(strcmp(client_realm, server_realm)) + kdc_log(context, config, 0, + "cross-realm %s -> %s", client_realm, server_realm); + } else { + size_t l = 0; + char *rs; + for(i = 0; i < num_realms; i++) + l += strlen(realms[i]) + 2; + rs = malloc(l); + if(rs != NULL) { + *rs = '\0'; + for(i = 0; i < num_realms; i++) { + if(i > 0) + strlcat(rs, ", ", l); + strlcat(rs, realms[i], l); + } + kdc_log(context, config, 0, + "cross-realm %s -> %s via [%s]", + client_realm, server_realm, rs); + free(rs); + } + } + if(check_policy) { + ret = krb5_check_transited(context, client_realm, + server_realm, + realms, num_realms, NULL); + if(ret) { + krb5_warn(context, ret, "cross-realm %s -> %s", + client_realm, server_realm); + goto free_realms; + } + et->flags.transited_policy_checked = 1; + } + et->transited.tr_type = DOMAIN_X500_COMPRESS; + ret = krb5_domain_x500_encode(realms, num_realms, &et->transited.contents); + if(ret) + krb5_warn(context, ret, "Encoding transited encoding"); + free_realms: + for(i = 0; i < num_realms; i++) + free(realms[i]); + free(realms); + return ret; +} + + +static krb5_error_code +tgs_make_reply(krb5_context context, + krb5_kdc_configuration *config, + KDC_REQ_BODY *b, + EncTicketPart *tgt, + EncTicketPart *adtkt, + AuthorizationData *auth_data, + hdb_entry *server, + hdb_entry *client, + krb5_principal client_principal, + hdb_entry *krbtgt, + EncryptionKey *tgtkey, + krb5_enctype cetype, + const char **e_text, + krb5_data *reply) +{ + KDC_REP rep; + EncKDCRepPart ek; + EncTicketPart et; + KDCOptions f = b->kdc_options; + krb5_error_code ret; + krb5_enctype etype; + Key *skey; + EncryptionKey *ekey; + + if(adtkt) { + int i; + krb5_keytype kt; + ekey = &adtkt->key; + for(i = 0; i < b->etype.len; i++){ + ret = krb5_enctype_to_keytype(context, b->etype.val[i], &kt); + if(ret) + continue; + if(adtkt->key.keytype == kt) + break; + } + if(i == b->etype.len) + return KRB5KDC_ERR_ETYPE_NOSUPP; + etype = b->etype.val[i]; + }else{ + ret = find_keys(context, config, + NULL, server, NULL, NULL, &skey, &etype, + b->etype.val, b->etype.len); + if(ret) { + kdc_log(context, config, 0, "Server has no support for etypes"); + return ret; + } + ekey = &skey->key; + } + + memset(&rep, 0, sizeof(rep)); + memset(&et, 0, sizeof(et)); + memset(&ek, 0, sizeof(ek)); + + rep.pvno = 5; + rep.msg_type = krb_tgs_rep; + + et.authtime = tgt->authtime; + fix_time(&b->till); + et.endtime = min(tgt->endtime, *b->till); + ALLOC(et.starttime); + *et.starttime = kdc_time; + + ret = check_tgs_flags(context, config, b, tgt, &et); + if(ret) + goto out; + + /* We should check the transited encoding if: + 1) the request doesn't ask not to be checked + 2) globally enforcing a check + 3) principal requires checking + 4) we allow non-check per-principal, but principal isn't marked as allowing this + 5) we don't globally allow this + */ + +#define GLOBAL_FORCE_TRANSITED_CHECK \ + (config->trpolicy == TRPOLICY_ALWAYS_CHECK) +#define GLOBAL_ALLOW_PER_PRINCIPAL \ + (config->trpolicy == TRPOLICY_ALLOW_PER_PRINCIPAL) +#define GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK \ + (config->trpolicy == TRPOLICY_ALWAYS_HONOUR_REQUEST) + +/* these will consult the database in future release */ +#define PRINCIPAL_FORCE_TRANSITED_CHECK(P) 0 +#define PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(P) 0 + + ret = fix_transited_encoding(context, config, + !f.disable_transited_check || + GLOBAL_FORCE_TRANSITED_CHECK || + PRINCIPAL_FORCE_TRANSITED_CHECK(server) || + !((GLOBAL_ALLOW_PER_PRINCIPAL && + PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(server)) || + GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK), + &tgt->transited, &et, + *krb5_princ_realm(context, client_principal), + *krb5_princ_realm(context, server->principal), + *krb5_princ_realm(context, krbtgt->principal)); + if(ret) + goto out; + + copy_Realm(krb5_princ_realm(context, server->principal), + &rep.ticket.realm); + _krb5_principal2principalname(&rep.ticket.sname, server->principal); + copy_Realm(&tgt->crealm, &rep.crealm); + if (f.request_anonymous) + make_anonymous_principalname (&tgt->cname); + else + copy_PrincipalName(&tgt->cname, &rep.cname); + rep.ticket.tkt_vno = 5; + + ek.caddr = et.caddr; + if(et.caddr == NULL) + et.caddr = tgt->caddr; + + { + time_t life; + life = et.endtime - *et.starttime; + if(client && client->max_life) + life = min(life, *client->max_life); + if(server->max_life) + life = min(life, *server->max_life); + et.endtime = *et.starttime + life; + } + if(f.renewable_ok && tgt->flags.renewable && + et.renew_till == NULL && et.endtime < *b->till){ + et.flags.renewable = 1; + ALLOC(et.renew_till); + *et.renew_till = *b->till; + } + if(et.renew_till){ + time_t renew; + renew = *et.renew_till - et.authtime; + if(client && client->max_renew) + renew = min(renew, *client->max_renew); + if(server->max_renew) + renew = min(renew, *server->max_renew); + *et.renew_till = et.authtime + renew; + } + + if(et.renew_till){ + *et.renew_till = min(*et.renew_till, *tgt->renew_till); + *et.starttime = min(*et.starttime, *et.renew_till); + et.endtime = min(et.endtime, *et.renew_till); + } + + *et.starttime = min(*et.starttime, et.endtime); + + if(*et.starttime == et.endtime){ + ret = KRB5KDC_ERR_NEVER_VALID; + goto out; + } + if(et.renew_till && et.endtime == *et.renew_till){ + free(et.renew_till); + et.renew_till = NULL; + et.flags.renewable = 0; + } + + et.flags.pre_authent = tgt->flags.pre_authent; + et.flags.hw_authent = tgt->flags.hw_authent; + et.flags.anonymous = tgt->flags.anonymous; + et.flags.ok_as_delegate = server->flags.ok_as_delegate; + +#ifdef _SAMBA_BUILD_ + + { + + unsigned char *buf; + size_t buf_size; + size_t len; + + krb5_data pac; + AD_IF_RELEVANT *if_relevant; + ALLOC(if_relevant); + if_relevant->len = 1; + if_relevant->val = malloc(sizeof(*if_relevant->val)); + if_relevant->val[0].ad_type = KRB5_AUTHDATA_WIN2K_PAC; + if_relevant->val[0].ad_data.data = NULL; + if_relevant->val[0].ad_data.length = 0; + + /* Get PAC from Samba */ + ret = samba_get_pac(context, config, + client->principal, + tgtkey, + ekey, + &pac); + if (ret) { + free_AuthorizationData(if_relevant); + goto out; + } + + /* pac.data will be freed with this */ + if_relevant->val[0].ad_data.data = pac.data; + if_relevant->val[0].ad_data.length = pac.length; + + ASN1_MALLOC_ENCODE(AuthorizationData, buf, buf_size, if_relevant, &len, ret); + + auth_data = NULL; + ALLOC(auth_data); + auth_data->len = 1; + auth_data->val = malloc(sizeof(*auth_data->val)); + auth_data->val[0].ad_type = KRB5_AUTHDATA_IF_RELEVANT; + auth_data->val[0].ad_data.length = len; + auth_data->val[0].ad_data.data = buf; + if (ret) { + goto out; + } + } + +#endif + /* XXX Check enc-authorization-data */ + et.authorization_data = auth_data; + + krb5_generate_random_keyblock(context, etype, &et.key); + et.crealm = tgt->crealm; + et.cname = tgt->cname; + + ek.key = et.key; + /* MIT must have at least one last_req */ + ek.last_req.len = 1; + ek.last_req.val = calloc(1, sizeof(*ek.last_req.val)); + ek.nonce = b->nonce; + ek.flags = et.flags; + ek.authtime = et.authtime; + ek.starttime = et.starttime; + ek.endtime = et.endtime; + ek.renew_till = et.renew_till; + ek.srealm = rep.ticket.realm; + ek.sname = rep.ticket.sname; + + log_timestamp(context, config, "TGS-REQ", et.authtime, et.starttime, + et.endtime, et.renew_till); + + /* It is somewhat unclear where the etype in the following + encryption should come from. What we have is a session + key in the passed tgt, and a list of preferred etypes + *for the new ticket*. Should we pick the best possible + etype, given the keytype in the tgt, or should we look + at the etype list here as well? What if the tgt + session key is DES3 and we want a ticket with a (say) + CAST session key. Should the DES3 etype be added to the + etype list, even if we don't want a session key with + DES3? */ + ret = encode_reply(context, config, + &rep, &et, &ek, etype, adtkt ? 0 : server->kvno, ekey, + 0, &tgt->key, e_text, reply); + out: + free_TGS_REP(&rep); + free_TransitedEncoding(&et.transited); + if(et.starttime) + free(et.starttime); + if(et.renew_till) + free(et.renew_till); + free_LastReq(&ek.last_req); + memset(et.key.keyvalue.data, 0, et.key.keyvalue.length); + free_EncryptionKey(&et.key); + return ret; +} + +static krb5_error_code +tgs_check_authenticator(krb5_context context, + krb5_kdc_configuration *config, + krb5_auth_context ac, + KDC_REQ_BODY *b, + const char **e_text, + krb5_keyblock *key) +{ + krb5_authenticator auth; + size_t len; + unsigned char *buf; + size_t buf_size; + krb5_error_code ret; + krb5_crypto crypto; + + krb5_auth_con_getauthenticator(context, ac, &auth); + if(auth->cksum == NULL){ + kdc_log(context, config, 0, "No authenticator in request"); + ret = KRB5KRB_AP_ERR_INAPP_CKSUM; + goto out; + } + /* + * according to RFC1510 it doesn't need to be keyed, + * but according to the latest draft it needs to. + */ + if ( +#if 0 +!krb5_checksum_is_keyed(context, auth->cksum->cksumtype) + || +#endif + !krb5_checksum_is_collision_proof(context, auth->cksum->cksumtype)) { + kdc_log(context, config, 0, "Bad checksum type in authenticator: %d", + auth->cksum->cksumtype); + ret = KRB5KRB_AP_ERR_INAPP_CKSUM; + goto out; + } + + /* XXX should not re-encode this */ + ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, b, &len, ret); + if(ret){ + kdc_log(context, config, 0, "Failed to encode KDC-REQ-BODY: %s", + krb5_get_err_text(context, ret)); + goto out; + } + if(buf_size != len) { + free(buf); + kdc_log(context, config, 0, "Internal error in ASN.1 encoder"); + *e_text = "KDC internal error"; + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) { + free(buf); + kdc_log(context, config, 0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + goto out; + } + ret = krb5_verify_checksum(context, + crypto, + KRB5_KU_TGS_REQ_AUTH_CKSUM, + buf, + len, + auth->cksum); + free(buf); + krb5_crypto_destroy(context, crypto); + if(ret){ + kdc_log(context, config, 0, "Failed to verify checksum: %s", + krb5_get_err_text(context, ret)); + } +out: + free_Authenticator(auth); + free(auth); + return ret; +} + +/* + * return the realm of a krbtgt-ticket or NULL + */ + +static Realm +get_krbtgt_realm(const PrincipalName *p) +{ + if(p->name_string.len == 2 + && strcmp(p->name_string.val[0], KRB5_TGS_NAME) == 0) + return p->name_string.val[1]; + else + return NULL; +} + +static const char * +find_rpath(krb5_context context, Realm crealm, Realm srealm) +{ + const char *new_realm = krb5_config_get_string(context, + NULL, + "capaths", + crealm, + srealm, + NULL); + return new_realm; +} + + +static krb5_boolean +need_referral(krb5_context context, krb5_principal server, krb5_realm **realms) +{ + if(server->name.name_type != KRB5_NT_SRV_INST || + server->name.name_string.len != 2) + return FALSE; + + return _krb5_get_host_realm_int(context, server->name.name_string.val[1], + FALSE, realms) == 0; +} + +static krb5_error_code +tgs_rep2(krb5_context context, + krb5_kdc_configuration *config, + KDC_REQ_BODY *b, + PA_DATA *tgs_req, + krb5_data *reply, + const char *from, + const struct sockaddr *from_addr, + time_t **csec, + int **cusec) +{ + krb5_ap_req ap_req; + krb5_error_code ret; + krb5_principal princ; + krb5_auth_context ac = NULL; + krb5_ticket *ticket = NULL; + krb5_flags ap_req_options; + krb5_flags verify_ap_req_flags; + const char *e_text = NULL; + krb5_crypto crypto; + + hdb_entry *krbtgt = NULL; + EncTicketPart *tgt; + Key *tkey; + krb5_enctype cetype; + krb5_principal cp = NULL; + krb5_principal sp = NULL; + AuthorizationData *auth_data = NULL; + + *csec = NULL; + *cusec = NULL; + + memset(&ap_req, 0, sizeof(ap_req)); + ret = krb5_decode_ap_req(context, &tgs_req->padata_value, &ap_req); + if(ret){ + kdc_log(context, config, 0, "Failed to decode AP-REQ: %s", + krb5_get_err_text(context, ret)); + goto out2; + } + + if(!get_krbtgt_realm(&ap_req.ticket.sname)){ + /* XXX check for ticket.sname == req.sname */ + kdc_log(context, config, 0, "PA-DATA is not a ticket-granting ticket"); + ret = KRB5KDC_ERR_POLICY; /* ? */ + goto out2; + } + + _krb5_principalname2krb5_principal(&princ, + ap_req.ticket.sname, + ap_req.ticket.realm); + + ret = _kdc_db_fetch(context, config, princ, HDB_ENT_TYPE_SERVER, &krbtgt); + + if(ret) { + char *p; + ret = krb5_unparse_name(context, princ, &p); + if (ret != 0) + p = ""; + krb5_free_principal(context, princ); + kdc_log(context, config, 0, + "Ticket-granting ticket not found in database: %s: %s", + p, krb5_get_err_text(context, ret)); + if (ret == 0) + free(p); + ret = KRB5KRB_AP_ERR_NOT_US; + goto out2; + } + + if(ap_req.ticket.enc_part.kvno && + *ap_req.ticket.enc_part.kvno != krbtgt->kvno){ + char *p; + + ret = krb5_unparse_name (context, princ, &p); + krb5_free_principal(context, princ); + if (ret != 0) + p = ""; + kdc_log(context, config, 0, + "Ticket kvno = %d, DB kvno = %d (%s)", + *ap_req.ticket.enc_part.kvno, + krbtgt->kvno, + p); + if (ret == 0) + free (p); + ret = KRB5KRB_AP_ERR_BADKEYVER; + goto out2; + } + + ret = hdb_enctype2key(context, krbtgt, ap_req.ticket.enc_part.etype, &tkey); + if(ret){ + char *str; + krb5_enctype_to_string(context, ap_req.ticket.enc_part.etype, &str); + kdc_log(context, config, 0, + "No server key found for %s", str); + free(str); + ret = KRB5KRB_AP_ERR_BADKEYVER; + goto out2; + } + + if (b->kdc_options.validate) + verify_ap_req_flags = KRB5_VERIFY_AP_REQ_IGNORE_INVALID; + else + verify_ap_req_flags = 0; + + ret = krb5_verify_ap_req2(context, + &ac, + &ap_req, + princ, + &tkey->key, + verify_ap_req_flags, + &ap_req_options, + &ticket, + KRB5_KU_TGS_REQ_AUTH); + + krb5_free_principal(context, princ); + if(ret) { + kdc_log(context, config, 0, "Failed to verify AP-REQ: %s", + krb5_get_err_text(context, ret)); + goto out2; + } + + { + krb5_authenticator auth; + + ret = krb5_auth_con_getauthenticator(context, ac, &auth); + if (ret == 0) { + *csec = malloc(sizeof(**csec)); + if (*csec == NULL) { + krb5_free_authenticator(context, &auth); + kdc_log(context, config, 0, "malloc failed"); + goto out2; + } + **csec = auth->ctime; + *cusec = malloc(sizeof(**cusec)); + if (*cusec == NULL) { + krb5_free_authenticator(context, &auth); + kdc_log(context, config, 0, "malloc failed"); + goto out2; + } + **csec = auth->cusec; + krb5_free_authenticator(context, &auth); + } + } + + cetype = ap_req.authenticator.etype; + + tgt = &ticket->ticket; + + ret = tgs_check_authenticator(context, config, + ac, b, &e_text, &tgt->key); + + if (b->enc_authorization_data) { + krb5_keyblock *subkey; + krb5_data ad; + ret = krb5_auth_con_getremotesubkey(context, + ac, + &subkey); + if(ret){ + krb5_auth_con_free(context, ac); + kdc_log(context, config, 0, "Failed to get remote subkey: %s", + krb5_get_err_text(context, ret)); + goto out2; + } + if(subkey == NULL){ + ret = krb5_auth_con_getkey(context, ac, &subkey); + if(ret) { + krb5_auth_con_free(context, ac); + kdc_log(context, config, 0, "Failed to get session key: %s", + krb5_get_err_text(context, ret)); + goto out2; + } + } + if(subkey == NULL){ + krb5_auth_con_free(context, ac); + kdc_log(context, config, 0, + "Failed to get key for enc-authorization-data"); + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ + goto out2; + } + ret = krb5_crypto_init(context, subkey, 0, &crypto); + if (ret) { + krb5_auth_con_free(context, ac); + kdc_log(context, config, 0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + goto out2; + } + ret = krb5_decrypt_EncryptedData (context, + crypto, + KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY, + b->enc_authorization_data, + &ad); + krb5_crypto_destroy(context, crypto); + if(ret){ + krb5_auth_con_free(context, ac); + kdc_log(context, config, 0, "Failed to decrypt enc-authorization-data"); + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ + goto out2; + } + krb5_free_keyblock(context, subkey); + ALLOC(auth_data); + ret = decode_AuthorizationData(ad.data, ad.length, auth_data, NULL); + if(ret){ + krb5_auth_con_free(context, ac); + free(auth_data); + auth_data = NULL; + kdc_log(context, config, 0, "Failed to decode authorization data"); + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ + goto out2; + } + } + + krb5_auth_con_free(context, ac); + + if(ret){ + kdc_log(context, config, 0, "Failed to verify authenticator: %s", + krb5_get_err_text(context, ret)); + goto out2; + } + + { + PrincipalName *s; + Realm r; + char *spn = NULL, *cpn = NULL; + hdb_entry *server = NULL, *client = NULL; + int nloop = 0; + EncTicketPart adtkt; + char opt_str[128]; + + s = b->sname; + r = b->realm; + if(b->kdc_options.enc_tkt_in_skey){ + Ticket *t; + hdb_entry *uu; + krb5_principal p; + Key *uukey; + + if(b->additional_tickets == NULL || + b->additional_tickets->len == 0){ + ret = KRB5KDC_ERR_BADOPTION; /* ? */ + kdc_log(context, config, 0, + "No second ticket present in request"); + goto out; + } + t = &b->additional_tickets->val[0]; + if(!get_krbtgt_realm(&t->sname)){ + kdc_log(context, config, 0, + "Additional ticket is not a ticket-granting ticket"); + ret = KRB5KDC_ERR_POLICY; + goto out2; + } + _krb5_principalname2krb5_principal(&p, t->sname, t->realm); + ret = _kdc_db_fetch(context, config, p, HDB_ENT_TYPE_SERVER, &uu); + krb5_free_principal(context, p); + if(ret){ + if (ret == HDB_ERR_NOENTRY) + ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; + goto out; + } + ret = hdb_enctype2key(context, uu, t->enc_part.etype, &uukey); + if(ret){ + ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */ + goto out; + } + ret = krb5_decrypt_ticket(context, t, &uukey->key, &adtkt, 0); + + if(ret) + goto out; + s = &adtkt.cname; + r = adtkt.crealm; + } + + _krb5_principalname2krb5_principal(&sp, *s, r); + ret = krb5_unparse_name(context, sp, &spn); + if (ret) + goto out; + _krb5_principalname2krb5_principal(&cp, tgt->cname, tgt->crealm); + ret = krb5_unparse_name(context, cp, &cpn); + if (ret) + goto out; + unparse_flags (KDCOptions2int(b->kdc_options), + asn1_KDCOptions_units(), + opt_str, sizeof(opt_str)); + if(*opt_str) + kdc_log(context, config, 0, + "TGS-REQ %s from %s for %s [%s]", + cpn, from, spn, opt_str); + else + kdc_log(context, config, 0, + "TGS-REQ %s from %s for %s", cpn, from, spn); + server_lookup: + ret = _kdc_db_fetch(context, config, sp, HDB_ENT_TYPE_SERVER, &server); + + if(ret){ + const char *new_rlm; + Realm req_rlm; + krb5_realm *realms; + + if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) { + if(nloop++ < 2) { + new_rlm = find_rpath(context, tgt->crealm, req_rlm); + if(new_rlm) { + kdc_log(context, config, 5, "krbtgt for realm %s not found, trying %s", + req_rlm, new_rlm); + krb5_free_principal(context, sp); + free(spn); + krb5_make_principal(context, &sp, r, + KRB5_TGS_NAME, new_rlm, NULL); + ret = krb5_unparse_name(context, sp, &spn); + if (ret) + goto out; + goto server_lookup; + } + } + } else if(need_referral(context, sp, &realms)) { + if (strcmp(realms[0], sp->realm) != 0) { + kdc_log(context, config, 5, + "Returning a referral to realm %s for " + "server %s that was not found", + realms[0], spn); + krb5_free_principal(context, sp); + free(spn); + krb5_make_principal(context, &sp, r, KRB5_TGS_NAME, + realms[0], NULL); + ret = krb5_unparse_name(context, sp, &spn); + if (ret) + goto out; + krb5_free_host_realm(context, realms); + goto server_lookup; + } + krb5_free_host_realm(context, realms); + } + kdc_log(context, config, 0, + "Server not found in database: %s: %s", spn, + krb5_get_err_text(context, ret)); + if (ret == HDB_ERR_NOENTRY) + ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; + goto out; + } + + ret = _kdc_db_fetch(context, config, cp, HDB_ENT_TYPE_CLIENT, &client); + if(ret) + kdc_log(context, config, 1, "Client not found in database: %s: %s", + cpn, krb5_get_err_text(context, ret)); +#if 0 + /* XXX check client only if same realm as krbtgt-instance */ + if(ret){ + kdc_log(context, config, 0, + "Client not found in database: %s: %s", + cpn, krb5_get_err_text(context, ret)); + if (ret == HDB_ERR_NOENTRY) + ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; + goto out; + } +#endif + + if(strcmp(krb5_principal_get_realm(context, sp), + krb5_principal_get_comp_string(context, krbtgt->principal, 1)) != 0) { + char *tpn; + ret = krb5_unparse_name(context, krbtgt->principal, &tpn); + kdc_log(context, config, 0, + "Request with wrong krbtgt: %s", + (ret == 0) ? tpn : ""); + if(ret == 0) + free(tpn); + ret = KRB5KRB_AP_ERR_NOT_US; + goto out; + + } + + ret = _kdc_check_flags(context, config, + client, cpn, + server, spn, + FALSE); + if(ret) + goto out; + + if((b->kdc_options.validate || b->kdc_options.renew) && + !krb5_principal_compare(context, + krbtgt->principal, + server->principal)){ + kdc_log(context, config, 0, "Inconsistent request."); + ret = KRB5KDC_ERR_SERVER_NOMATCH; + goto out; + } + + /* check for valid set of addresses */ + if(!check_addresses(context, config, tgt->caddr, from_addr)) { + ret = KRB5KRB_AP_ERR_BADADDR; + kdc_log(context, config, 0, "Request from wrong address"); + goto out; + } + + ret = tgs_make_reply(context, config, + b, + tgt, + b->kdc_options.enc_tkt_in_skey ? &adtkt : NULL, + auth_data, + server, + client, + cp, + krbtgt, + &tkey->key, + cetype, + &e_text, + reply); + + out: + free(spn); + free(cpn); + + if(server) + _kdc_free_ent(context, server); + if(client) + _kdc_free_ent(context, client); + } + out2: + if(ret) { + krb5_mk_error(context, + ret, + e_text, + NULL, + cp, + sp, + NULL, + NULL, + reply); + free(*csec); + free(*cusec); + *csec = NULL; + *cusec = NULL; + } + krb5_free_principal(context, cp); + krb5_free_principal(context, sp); + if (ticket) + krb5_free_ticket(context, ticket); + free_AP_REQ(&ap_req); + if(auth_data){ + free_AuthorizationData(auth_data); + free(auth_data); + } + + if(krbtgt) + _kdc_free_ent(context, krbtgt); + + return ret; +} + + +krb5_error_code +_kdc_tgs_rep(krb5_context context, + krb5_kdc_configuration *config, + KDC_REQ *req, + krb5_data *data, + const char *from, + struct sockaddr *from_addr) +{ + krb5_error_code ret; + int i = 0; + PA_DATA *tgs_req = NULL; + time_t *csec = NULL; + int *cusec = NULL; + + if(req->padata == NULL){ + ret = KRB5KDC_ERR_PREAUTH_REQUIRED; /* XXX ??? */ + kdc_log(context, config, 0, + "TGS-REQ from %s without PA-DATA", from); + goto out; + } + + tgs_req = find_padata(req, &i, KRB5_PADATA_TGS_REQ); + + if(tgs_req == NULL){ + ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; + + kdc_log(context, config, 0, + "TGS-REQ from %s without PA-TGS-REQ", from); + goto out; + } + ret = tgs_rep2(context, config, + &req->req_body, tgs_req, data, from, from_addr, + &csec, &cusec); +out: + if(ret && data->data == NULL){ + krb5_mk_error(context, + ret, + NULL, + NULL, + NULL, + NULL, + csec, + cusec, + data); + } + free(csec); + free(cusec); + return 0; +} diff --git a/source4/heimdal/kdc/log.c b/source4/heimdal/kdc/log.c new file mode 100644 index 0000000000..c316b0c5f8 --- /dev/null +++ b/source4/heimdal/kdc/log.c @@ -0,0 +1,89 @@ +/* + * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdc_locl.h" +RCSID("$Id: log.c,v 1.16 2005/06/30 01:52:48 lha Exp $"); + +void +kdc_openlog(krb5_context context, + krb5_kdc_configuration *config) +{ + char **s = NULL, **p; + krb5_initlog(context, "kdc", &config->logf); + s = krb5_config_get_strings(context, NULL, "kdc", "logging", NULL); + if(s == NULL) + s = krb5_config_get_strings(context, NULL, "logging", "kdc", NULL); + if(s){ + for(p = s; *p; p++) + krb5_addlog_dest(context, config->logf, *p); + krb5_config_free_strings(s); + }else + krb5_addlog_dest(context, config->logf, DEFAULT_LOG_DEST); + krb5_set_warn_dest(context, config->logf); +} + +char* +kdc_log_msg_va(krb5_context context, + krb5_kdc_configuration *config, + int level, const char *fmt, va_list ap) +{ + char *msg; + krb5_vlog_msg(context, config->logf, &msg, level, fmt, ap); + return msg; +} + +char* +kdc_log_msg(krb5_context context, + krb5_kdc_configuration *config, + int level, const char *fmt, ...) +{ + va_list ap; + char *s; + va_start(ap, fmt); + s = kdc_log_msg_va(context, config, level, fmt, ap); + va_end(ap); + return s; +} + +void +kdc_log(krb5_context context, + krb5_kdc_configuration *config, + int level, const char *fmt, ...) +{ + va_list ap; + char *s; + va_start(ap, fmt); + s = kdc_log_msg_va(context, config, level, fmt, ap); + if(s) free(s); + va_end(ap); +} diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c new file mode 100644 index 0000000000..5a251607b6 --- /dev/null +++ b/source4/heimdal/kdc/misc.c @@ -0,0 +1,84 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdc_locl.h" + +RCSID("$Id: misc.c,v 1.25 2005/06/30 01:53:48 lha Exp $"); + +struct timeval _kdc_now; + +krb5_error_code +_kdc_db_fetch(krb5_context context, + krb5_kdc_configuration *config, + krb5_principal principal, enum hdb_ent_type ent_type, + hdb_entry **h) +{ + hdb_entry *ent; + krb5_error_code ret = HDB_ERR_NOENTRY; + int i; + + ent = malloc (sizeof (*ent)); + if (ent == NULL) + return ENOMEM; + ent->principal = principal; + + for(i = 0; i < config->num_db; i++) { + ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0); + if (ret) { + kdc_log(context, config, 0, "Failed to open database: %s", + krb5_get_err_text(context, ret)); + continue; + } + ret = config->db[i]->hdb_fetch(context, + config->db[i], + HDB_F_DECRYPT, + principal, + ent_type, + ent); + config->db[i]->hdb_close(context, config->db[i]); + if(ret == 0) { + *h = ent; + return 0; + } + } + free(ent); + return ret; +} + +void +_kdc_free_ent(krb5_context context, hdb_entry *ent) +{ + hdb_free_entry (context, ent); + free (ent); +} + diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c new file mode 100755 index 0000000000..d83e1d3b2e --- /dev/null +++ b/source4/heimdal/kdc/pkinit.c @@ -0,0 +1,1607 @@ +/* + * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdc_locl.h" + +RCSID("$Id: pkinit.c,v 1.36 2005/07/01 15:37:24 lha Exp $"); + +#ifdef PKINIT + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +/* XXX copied from lib/krb5/pkinit.c */ +struct krb5_pk_identity { + EVP_PKEY *private_key; + STACK_OF(X509) *cert; + STACK_OF(X509) *trusted_certs; + STACK_OF(X509_CRL) *crls; + ENGINE *engine; +}; + +/* XXX copied from lib/krb5/pkinit.c */ +struct krb5_pk_cert { + X509 *cert; +}; + +enum pkinit_type { + PKINIT_COMPAT_WIN2K = 1, + PKINIT_COMPAT_19 = 2, + PKINIT_COMPAT_25 = 3 +}; + +struct pk_client_params { + enum pkinit_type type; + BIGNUM *dh_public_key; + struct krb5_pk_cert *certificate; + unsigned nonce; + DH *dh; + EncryptionKey reply_key; +}; + +struct pk_principal_mapping { + unsigned int len; + struct pk_allowed_princ { + krb5_principal principal; + char *subject; + } *val; +}; + +/* XXX copied from lib/krb5/pkinit.c */ +#define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \ +{ \ + unsigned char *p; \ + (BL) = i2d_##T((S), NULL); \ + if ((BL) <= 0) { \ + (R) = EINVAL; \ + } else { \ + (B) = malloc((BL)); \ + if ((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + p = (B); \ + (R) = 0; \ + (BL) = i2d_##T((S), &p); \ + if ((BL) <= 0) { \ + free((B)); \ + (R) = ASN1_OVERRUN; \ + } \ + } \ + } \ +} + +static struct krb5_pk_identity *kdc_identity; +static struct pk_principal_mapping principal_mappings; + +/* + * + */ + +static krb5_error_code +pk_check_pkauthenticator_win2k(krb5_context context, + PKAuthenticator_Win2k *a, + KDC_REQ *req) +{ + krb5_timestamp now; + + krb5_timeofday (context, &now); + + /* XXX cusec */ + if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) { + krb5_clear_error_string(context); + return KRB5KRB_AP_ERR_SKEW; + } + return 0; +} + +static krb5_error_code +pk_check_pkauthenticator_19(krb5_context context, + PKAuthenticator_19 *a, + KDC_REQ *req) +{ + u_char *buf = NULL; + size_t buf_size; + krb5_error_code ret; + size_t len; + krb5_timestamp now; + + krb5_timeofday (context, &now); + + /* XXX cusec */ + if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) { + krb5_clear_error_string(context); + return KRB5KRB_AP_ERR_SKEW; + } + + if (a->paChecksum.cksumtype != CKSUMTYPE_RSA_MD5 && + a->paChecksum.cksumtype != CKSUMTYPE_SHA1) + { + krb5_clear_error_string(context); + ret = KRB5KRB_ERR_GENERIC; + } + + ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, &req->req_body, &len, ret); + if (ret) { + krb5_clear_error_string(context); + return ret; + } + if (buf_size != len) + krb5_abortx(context, "Internal error in ASN.1 encoder"); + + ret = krb5_verify_checksum(context, NULL, 0, buf, len, + &a->paChecksum); + if (ret) + krb5_clear_error_string(context); + + free(buf); + return ret; +} + +static krb5_error_code +pk_check_pkauthenticator(krb5_context context, + PKAuthenticator *a, + KDC_REQ *req) +{ + u_char *buf = NULL; + size_t buf_size; + krb5_error_code ret; + size_t len; + krb5_timestamp now; + Checksum checksum; + + krb5_timeofday (context, &now); + + /* XXX cusec */ + if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) { + krb5_clear_error_string(context); + return KRB5KRB_AP_ERR_SKEW; + } + + ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, &req->req_body, &len, ret); + if (ret) { + krb5_clear_error_string(context); + return ret; + } + if (buf_size != len) + krb5_abortx(context, "Internal error in ASN.1 encoder"); + + ret = krb5_create_checksum(context, + NULL, + 0, + CKSUMTYPE_SHA1, + buf, + len, + &checksum); + free(buf); + if (ret) { + krb5_clear_error_string(context); + return ret; + } + + if (a->paChecksum.length != checksum.checksum.length || + memcmp(a->paChecksum.data, checksum.checksum.data, + checksum.checksum.length) != 0) + { + krb5_clear_error_string(context); + ret = KRB5KRB_ERR_GENERIC; + } + free_Checksum(&checksum); + + return ret; +} + +static krb5_error_code +pk_encrypt_key(krb5_context context, + krb5_keyblock *key, + EVP_PKEY *public_key, + krb5_data *encrypted_key, + const heim_oid **oid) +{ + krb5_error_code ret; + + encrypted_key->length = EVP_PKEY_size(public_key); + + if (encrypted_key->length < key->keyvalue.length + 11) { /* XXX */ + krb5_set_error_string(context, "pkinit: encrypted key too long"); + return KRB5KRB_ERR_GENERIC; + } + + encrypted_key->data = malloc(encrypted_key->length); + if (encrypted_key->data == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + ret = EVP_PKEY_encrypt(encrypted_key->data, + key->keyvalue.data, + key->keyvalue.length, + public_key); + if (ret < 0) { + free(encrypted_key->data); + krb5_set_error_string(context, "Can't encrypt key: %s", + ERR_error_string(ERR_get_error(), NULL)); + return KRB5KRB_ERR_GENERIC; + } + if (encrypted_key->length != ret) + krb5_abortx(context, "size of EVP_PKEY_size is not the " + "size of the output"); + + *oid = oid_id_pkcs1_rsaEncryption(); + + return 0; +} + +void +_kdc_pk_free_client_param(krb5_context context, + pk_client_params *client_params) +{ + if (client_params->certificate) + _krb5_pk_cert_free(client_params->certificate); + if (client_params->dh) + DH_free(client_params->dh); + if (client_params->dh_public_key) + BN_free(client_params->dh_public_key); + krb5_free_keyblock_contents(context, &client_params->reply_key); + memset(client_params, 0, sizeof(*client_params)); + free(client_params); +} + +static krb5_error_code +check_dh_params(DH *dh) +{ + /* XXX check the DH parameters come from 1st or 2nd Oeakley Group */ + return 0; +} + +static krb5_error_code +generate_dh_keyblock(krb5_context context, pk_client_params *client_params, + krb5_enctype enctype, krb5_keyblock *reply_key) +{ + unsigned char *dh_gen_key = NULL; + krb5_keyblock key; + int dh_gen_keylen; + krb5_error_code ret; + + memset(&key, 0, sizeof(key)); + + dh_gen_key = malloc(DH_size(client_params->dh)); + if (dh_gen_key == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + goto out; + } + + if (!DH_generate_key(client_params->dh)) { + krb5_set_error_string(context, "Can't generate Diffie-Hellman " + "keys (%s)", + ERR_error_string(ERR_get_error(), NULL)); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + if (client_params->dh_public_key == NULL) { + krb5_set_error_string(context, "dh_public_key"); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + + dh_gen_keylen = DH_compute_key(dh_gen_key, + client_params->dh_public_key, + client_params->dh); + if (dh_gen_keylen == -1) { + krb5_set_error_string(context, "Can't compute Diffie-Hellman key (%s)", + ERR_error_string(ERR_get_error(), NULL)); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + + ret = krb5_random_to_key(context, enctype, + dh_gen_key, dh_gen_keylen, &key); + + if (ret) { + krb5_set_error_string(context, + "pkinit - can't create key from DH key"); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + ret = krb5_copy_keyblock_contents(context, &key, reply_key); + + out: + if (dh_gen_key) + free(dh_gen_key); + if (key.keyvalue.data) + krb5_free_keyblock_contents(context, &key); + + return ret; +} + +static BIGNUM * +integer_to_BN(krb5_context context, const char *field, heim_integer *f) +{ + BIGNUM *bn; + + bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL); + if (bn == NULL) { + krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field); + return NULL; + } + bn->neg = f->negative; + return bn; +} + +static krb5_error_code +get_dh_param(krb5_context context, SubjectPublicKeyInfo *dh_key_info, + pk_client_params *client_params) +{ + DomainParameters dhparam; + DH *dh = NULL; + krb5_error_code ret; + int dhret; + + memset(&dhparam, 0, sizeof(dhparam)); + + if (heim_oid_cmp(&dh_key_info->algorithm.algorithm, oid_id_dhpublicnumber())) { + krb5_set_error_string(context, + "PKINIT invalid oid in clientPublicValue"); + return KRB5_BADMSGTYPE; + } + + if (dh_key_info->algorithm.parameters == NULL) { + krb5_set_error_string(context, "PKINIT missing algorithm parameter " + "in clientPublicValue"); + return KRB5_BADMSGTYPE; + } + + ret = decode_DomainParameters(dh_key_info->algorithm.parameters->data, + dh_key_info->algorithm.parameters->length, + &dhparam, + NULL); + if (ret) { + krb5_set_error_string(context, "Can't decode algorithm " + "parameters in clientPublicValue"); + goto out; + } + + dh = DH_new(); + if (dh == NULL) { + krb5_set_error_string(context, "Cannot create DH structure (%s)", + ERR_error_string(ERR_get_error(), NULL)); + ret = ENOMEM; + goto out; + } + ret = KRB5_BADMSGTYPE; + dh->p = integer_to_BN(context, "DH prime", &dhparam.p); + if (dh->p == NULL) + goto out; + dh->g = integer_to_BN(context, "DH base", &dhparam.g); + if (dh->g == NULL) + goto out; + dh->q = integer_to_BN(context, "DH p-1 factor", &dhparam.q); + if (dh->g == NULL) + goto out; + + { + heim_integer glue; + glue.data = dh_key_info->subjectPublicKey.data; + glue.length = dh_key_info->subjectPublicKey.length; + + client_params->dh_public_key = integer_to_BN(context, + "subjectPublicKey", + &glue); + if (client_params->dh_public_key == NULL) { + krb5_clear_error_string(context); + goto out; + } + } + + if (DH_check(dh, &dhret) != 1) { + krb5_set_error_string(context, "PKINIT DH data not ok: %s", + ERR_error_string(ERR_get_error(), NULL)); + ret = KRB5_KDC_ERR_KEY_SIZE; + goto out; + } + + client_params->dh = dh; + dh = NULL; + ret = 0; + + out: + if (dh) + DH_free(dh); + free_DomainParameters(&dhparam); + return ret; +} + +#if 0 +/* + * XXX We only need this function if there are several certs for the + * KDC to choose from, and right now, we can't handle that so punt for + * now. + * + * If client has sent a list of CA's trusted by him, make sure our + * CA is in the list. + * + */ + +static void +verify_trusted_ca(PA_PK_AS_REQ_19 *r) +{ + + if (r.trustedCertifiers != NULL) { + X509_NAME *kdc_issuer; + X509 *kdc_cert; + + kdc_cert = sk_X509_value(kdc_identity->cert, 0); + kdc_issuer = X509_get_issuer_name(kdc_cert); + + /* XXX will work for heirarchical CA's ? */ + /* XXX also serial_number should be compared */ + + ret = KRB5_KDC_ERR_KDC_NOT_TRUSTED; + for (i = 0; i < r.trustedCertifiers->len; i++) { + TrustedCA_19 *ca = &r.trustedCertifiers->val[i]; + + switch (ca->element) { + case choice_TrustedCA_19_caName: { + X509_NAME *name; + unsigned char *p; + + p = ca->u.caName.data; + name = d2i_X509_NAME(NULL, &p, ca->u.caName.length); + if (name == NULL) /* XXX should this be a failure instead ? */ + break; + if (X509_NAME_cmp(name, kdc_issuer) == 0) + ret = 0; + X509_NAME_free(name); + break; + } + case choice_TrustedCA_19_issuerAndSerial: + /* IssuerAndSerialNumber issuerAndSerial */ + break; + default: + break; + } + if (ret == 0) + break; + } + if (ret) + goto out; + } +} +#endif /* 0 */ + +krb5_error_code +_kdc_pk_rd_padata(krb5_context context, + krb5_kdc_configuration *config, + KDC_REQ *req, + PA_DATA *pa, + pk_client_params **ret_params) +{ + pk_client_params *client_params; + krb5_error_code ret; + heim_oid eContentType = { 0, NULL }; + krb5_data eContent = { 0, NULL }; + krb5_data signed_content = { 0, NULL }; + const char *type = "unknown type"; + const heim_oid *pa_contentType; + + *ret_params = NULL; + + if (!config->enable_pkinit) { + krb5_clear_error_string(context); + return 0; + } + + client_params = malloc(sizeof(*client_params)); + if (client_params == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + memset(client_params, 0, sizeof(*client_params)); + + if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) { + PA_PK_AS_REQ_Win2k r; + ContentInfo info; + + type = "PK-INIT-Win2k"; + pa_contentType = oid_id_pkcs7_data(); + + ret = decode_PA_PK_AS_REQ_Win2k(pa->padata_value.data, + pa->padata_value.length, + &r, + NULL); + if (ret) { + krb5_set_error_string(context, "Can't decode " + "PK-AS-REQ-Win2k: %d", ret); + goto out; + } + + ret = decode_ContentInfo(r.signed_auth_pack.data, + r.signed_auth_pack.length, &info, NULL); + free_PA_PK_AS_REQ_Win2k(&r); + if (ret) { + krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret); + goto out; + } + + if (heim_oid_cmp(&info.contentType, oid_id_pkcs7_signedData())) { + krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content " + "type oid"); + free_ContentInfo(&info); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + + if (info.content == NULL) { + krb5_set_error_string(context, + "PK-AS-REQ-Win2k no signed auth pack"); + free_ContentInfo(&info); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + + signed_content.data = malloc(info.content->length); + if (signed_content.data == NULL) { + ret = ENOMEM; + free_ContentInfo(&info); + krb5_set_error_string(context, "PK-AS-REQ-Win2k out of memory"); + goto out; + } + signed_content.length = info.content->length; + memcpy(signed_content.data, info.content->data, signed_content.length); + + free_ContentInfo(&info); + + } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_19) { + PA_PK_AS_REQ_19 r; + + type = "PK-INIT-19"; + pa_contentType = oid_id_pkauthdata(); + + ret = decode_PA_PK_AS_REQ_19(pa->padata_value.data, + pa->padata_value.length, + &r, + NULL); + if (ret) { + krb5_set_error_string(context, "Can't decode " + "PK-AS-REQ-19: %d", ret); + goto out; + } + + if (heim_oid_cmp(&r.signedAuthPack.contentType, + oid_id_pkcs7_signedData())) + { + krb5_set_error_string(context, "PK-AS-REQ-19 invalid content " + "type oid"); + free_PA_PK_AS_REQ_19(&r); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + + if (r.signedAuthPack.content == NULL) { + krb5_set_error_string(context, "PK-AS-REQ-19 no signed auth pack"); + free_PA_PK_AS_REQ_19(&r); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + + signed_content.data = malloc(r.signedAuthPack.content->length); + if (signed_content.data == NULL) { + ret = ENOMEM; + free_PA_PK_AS_REQ_19(&r); + krb5_set_error_string(context, "PK-AS-REQ-19 out of memory"); + goto out; + } + signed_content.length = r.signedAuthPack.content->length; + memcpy(signed_content.data, r.signedAuthPack.content->data, + signed_content.length); + + free_PA_PK_AS_REQ_19(&r); + } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) { + PA_PK_AS_REQ r; + ContentInfo info; + + type = "PK-INIT-25"; + pa_contentType = oid_id_pkauthdata(); + + ret = decode_PA_PK_AS_REQ(pa->padata_value.data, + pa->padata_value.length, + &r, + NULL); + if (ret) { + krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret); + goto out; + } + + ret = decode_ContentInfo(r.signedAuthPack.data, + r.signedAuthPack.length, &info, NULL); + if (ret) { + krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret); + goto out; + } + + if (heim_oid_cmp(&info.contentType, oid_id_pkcs7_signedData())) { + krb5_set_error_string(context, "PK-AS-REQ invalid content " + "type oid"); + free_ContentInfo(&info); + free_PA_PK_AS_REQ(&r); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + + if (info.content == NULL) { + krb5_set_error_string(context, "PK-AS-REQ no signed auth pack"); + free_PA_PK_AS_REQ(&r); + free_ContentInfo(&info); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + + signed_content.data = malloc(info.content->length); + if (signed_content.data == NULL) { + ret = ENOMEM; + free_ContentInfo(&info); + free_PA_PK_AS_REQ(&r); + krb5_set_error_string(context, "PK-AS-REQ out of memory"); + goto out; + } + signed_content.length = info.content->length; + memcpy(signed_content.data, info.content->data, signed_content.length); + + free_ContentInfo(&info); + free_PA_PK_AS_REQ(&r); + + } else { + krb5_clear_error_string(context); + ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; + goto out; + } + + ret = _krb5_pk_verify_sign(context, + signed_content.data, + signed_content.length, + kdc_identity, + &eContentType, + &eContent, + &client_params->certificate); + if (ret) + goto out; + + /* Signature is correct, now verify the signed message */ + if (heim_oid_cmp(&eContentType, pa_contentType)) { + krb5_set_error_string(context, "got wrong oid for pkauthdata"); + ret = KRB5_BADMSGTYPE; + goto out; + } + + if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) { + AuthPack_Win2k ap; + + ret = decode_AuthPack_Win2k(eContent.data, + eContent.length, + &ap, + NULL); + if (ret) { + krb5_set_error_string(context, "can't decode AuthPack: %d", ret); + goto out; + } + + ret = pk_check_pkauthenticator_win2k(context, + &ap.pkAuthenticator, + req); + if (ret) { + free_AuthPack_Win2k(&ap); + goto out; + } + + client_params->type = PKINIT_COMPAT_WIN2K; + client_params->nonce = ap.pkAuthenticator.nonce; + + if (ap.clientPublicValue) { + krb5_set_error_string(context, "DH not supported for windows"); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + free_AuthPack_Win2k(&ap); + + } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_19) { + AuthPack_19 ap; + + ret = decode_AuthPack_19(eContent.data, + eContent.length, + &ap, + NULL); + if (ret) { + krb5_set_error_string(context, "can't decode AuthPack: %d", ret); + free_AuthPack_19(&ap); + goto out; + } + + ret = pk_check_pkauthenticator_19(context, + &ap.pkAuthenticator, + req); + if (ret) { + free_AuthPack_19(&ap); + goto out; + } + + client_params->type = PKINIT_COMPAT_19; + client_params->nonce = ap.pkAuthenticator.nonce; + + if (ap.clientPublicValue) { + ret = get_dh_param(context, ap.clientPublicValue, client_params); + if (ret) { + free_AuthPack_19(&ap); + goto out; + } + } + free_AuthPack_19(&ap); + } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) { + AuthPack ap; + + ret = decode_AuthPack(eContent.data, + eContent.length, + &ap, + NULL); + if (ret) { + krb5_set_error_string(context, "can't decode AuthPack: %d", ret); + free_AuthPack(&ap); + goto out; + } + + ret = pk_check_pkauthenticator(context, + &ap.pkAuthenticator, + req); + if (ret) { + free_AuthPack(&ap); + goto out; + } + + client_params->type = PKINIT_COMPAT_25; + client_params->nonce = ap.pkAuthenticator.nonce; + + if (ap.clientPublicValue) { + krb5_set_error_string(context, "PK-INIT, no support for DH"); + ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; + free_AuthPack(&ap); + goto out; + } + free_AuthPack(&ap); + } else + krb5_abortx(context, "internal pkinit error"); + + /* + * Remaining fields (ie kdcCert and encryptionCert) in the request + * are ignored for now. + */ + + kdc_log(context, config, 0, "PK-INIT request of type %s", type); + + out: + + if (signed_content.data) + free(signed_content.data); + krb5_data_free(&eContent); + free_oid(&eContentType); + if (ret) + _kdc_pk_free_client_param(context, client_params); + else + *ret_params = client_params; + return ret; +} + +/* + * + */ + +static krb5_error_code +BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) +{ + integer->length = BN_num_bytes(bn); + integer->data = malloc(integer->length); + if (integer->data == NULL) { + krb5_clear_error_string(context); + return ENOMEM; + } + BN_bn2bin(bn, integer->data); + integer->negative = bn->neg; + return 0; +} + +static krb5_error_code +pk_mk_pa_reply_enckey(krb5_context context, + pk_client_params *client_params, + const KDC_REQ *req, + krb5_keyblock *reply_key, + ContentInfo *content_info) +{ + KeyTransRecipientInfo *ri; + EnvelopedData ed; + krb5_error_code ret; + krb5_crypto crypto = NULL; + krb5_data buf, sd_data, enc_sd_data, iv, params; + krb5_keyblock tmp_key; + krb5_enctype enveloped_enctype; + X509_NAME *issuer_name; + heim_integer *serial; + size_t size; + AlgorithmIdentifier *enc_alg; + int i; + + krb5_data_zero(&enc_sd_data); + krb5_data_zero(&sd_data); + krb5_data_zero(&iv); + + memset(&tmp_key, 0, sizeof(tmp_key)); + memset(&ed, 0, sizeof(ed)); + + /* default to DES3 if client doesn't tell us */ + enveloped_enctype = ETYPE_DES3_CBC_NONE_CMS; + + for (i = 0; i < req->req_body.etype.len; i++) { + switch(req->req_body.etype.val[i]) { + case 15: /* des-ede3-cbc-Env-OID */ + enveloped_enctype = ETYPE_DES3_CBC_NONE_CMS; + break; + default: + break; + } + } + + ret = krb5_generate_random_keyblock(context, enveloped_enctype, &tmp_key); + if (ret) + goto out; + + ret = krb5_crypto_init(context, &tmp_key, 0, &crypto); + if (ret) + goto out; + + + ret = krb5_crypto_getblocksize(context, crypto, &iv.length); + if (ret) + goto out; + + ret = krb5_data_alloc(&iv, iv.length); + if (ret) { + krb5_set_error_string(context, "malloc out of memory"); + goto out; + } + + krb5_generate_random_block(iv.data, iv.length); + + enc_alg = &ed.encryptedContentInfo.contentEncryptionAlgorithm; + + ret = krb5_enctype_to_oid(context, enveloped_enctype, &enc_alg->algorithm); + if (ret) + goto out; + + ret = krb5_crypto_set_params(context, crypto, &iv, ¶ms); + if (ret) + goto out; + + ALLOC(enc_alg->parameters); + if (enc_alg->parameters == NULL) { + krb5_data_free(¶ms); + krb5_set_error_string(context, "malloc out of memory"); + return ENOMEM; + } + enc_alg->parameters->data = params.data; + enc_alg->parameters->length = params.length; + + if (client_params->type == PKINIT_COMPAT_WIN2K || client_params->type == PKINIT_COMPAT_19 || client_params->type == PKINIT_COMPAT_25) { + ReplyKeyPack kp; + memset(&kp, 0, sizeof(kp)); + + ret = copy_EncryptionKey(reply_key, &kp.replyKey); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + kp.nonce = client_params->nonce; + + ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret); + free_ReplyKeyPack(&kp); + } else { + krb5_abortx(context, "internal pkinit error"); + } + if (ret) { + krb5_set_error_string(context, "ASN.1 encoding of ReplyKeyPack " + "failed (%d)", ret); + goto out; + } + if (buf.length != size) + krb5_abortx(context, "Internal ASN.1 encoder error"); + + /* + * CRL's are not transfered -- should be ? + */ + + ret = _krb5_pk_create_sign(context, + oid_id_pkrkeydata(), + &buf, + kdc_identity, + &sd_data); + krb5_data_free(&buf); + if (ret) + goto out; + + ret = krb5_encrypt_ivec(context, crypto, 0, + sd_data.data, sd_data.length, + &enc_sd_data, + iv.data); + + ALLOC_SEQ(&ed.recipientInfos, 1); + if (ed.recipientInfos.val == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + ri = &ed.recipientInfos.val[0]; + + ri->version = 0; + ri->rid.element = choice_CMSIdentifier_issuerAndSerialNumber; + + issuer_name = X509_get_issuer_name(client_params->certificate->cert); + OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, buf.data, buf.length, + issuer_name, ret); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + ret = decode_Name(buf.data, buf.length, + &ri->rid.u.issuerAndSerialNumber.issuer, + NULL); + free(buf.data); + if (ret) { + krb5_set_error_string(context, "pkinit: failed to parse Name"); + goto out; + } + + serial = &ri->rid.u.issuerAndSerialNumber.serialNumber; + { + ASN1_INTEGER *isn; + BIGNUM *bn; + + isn = X509_get_serialNumber(client_params->certificate->cert); + bn = ASN1_INTEGER_to_BN(isn, NULL); + if (bn == NULL) { + ret = ENOMEM; + krb5_clear_error_string(context); + goto out; + } + ret = BN_to_integer(context, bn, serial); + BN_free(bn); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + } + + { + const heim_oid *pk_enc_key_oid; + krb5_data enc_tmp_key; + + ret = pk_encrypt_key(context, &tmp_key, + X509_get_pubkey(client_params->certificate->cert), + &enc_tmp_key, + &pk_enc_key_oid); + if (ret) + goto out; + + ri->encryptedKey.length = enc_tmp_key.length; + ri->encryptedKey.data = enc_tmp_key.data; + + ret = copy_oid(pk_enc_key_oid, &ri->keyEncryptionAlgorithm.algorithm); + if (ret) + goto out; + } + + /* + * + */ + + ed.version = 0; + ed.originatorInfo = NULL; + + ret = copy_oid(oid_id_pkcs7_signedData(), &ed.encryptedContentInfo.contentType); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + + ALLOC(ed.encryptedContentInfo.encryptedContent); + if (ed.encryptedContentInfo.encryptedContent == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + ed.encryptedContentInfo.encryptedContent->data = enc_sd_data.data; + ed.encryptedContentInfo.encryptedContent->length = enc_sd_data.length; + krb5_data_zero(&enc_sd_data); + + ed.unprotectedAttrs = NULL; + + ASN1_MALLOC_ENCODE(EnvelopedData, buf.data, buf.length, &ed, &size, ret); + if (ret) { + krb5_set_error_string(context, + "ASN.1 encoding of EnvelopedData failed (%d)", + ret); + goto out; + } + + ret = _krb5_pk_mk_ContentInfo(context, + &buf, + oid_id_pkcs7_envelopedData(), + content_info); + krb5_data_free(&buf); + + out: + if (crypto) + krb5_crypto_destroy(context, crypto); + krb5_free_keyblock_contents(context, &tmp_key); + krb5_data_free(&enc_sd_data); + krb5_data_free(&iv); + free_EnvelopedData(&ed); + + return ret; +} + +/* + * + */ + +static krb5_error_code +pk_mk_pa_reply_dh(krb5_context context, + DH *kdc_dh, + pk_client_params *client_params, + krb5_keyblock *reply_key, + ContentInfo *content_info) +{ + ASN1_INTEGER *dh_pub_key = NULL; + KDCDHKeyInfo dh_info; + krb5_error_code ret; + SignedData sd; + krb5_data buf, sd_buf; + size_t size; + + memset(&dh_info, 0, sizeof(dh_info)); + memset(&sd, 0, sizeof(sd)); + krb5_data_zero(&buf); + krb5_data_zero(&sd_buf); + + dh_pub_key = BN_to_ASN1_INTEGER(kdc_dh->pub_key, NULL); + if (dh_pub_key == NULL) { + krb5_set_error_string(context, "BN_to_ASN1_INTEGER() failed (%s)", + ERR_error_string(ERR_get_error(), NULL)); + ret = ENOMEM; + goto out; + } + + OPENSSL_ASN1_MALLOC_ENCODE(ASN1_INTEGER, buf.data, buf.length, dh_pub_key, + ret); + ASN1_INTEGER_free(dh_pub_key); + if (ret) { + krb5_set_error_string(context, "Encoding of ASN1_INTEGER failed (%s)", + ERR_error_string(ERR_get_error(), NULL)); + goto out; + } + + dh_info.subjectPublicKey.length = buf.length * 8; + dh_info.subjectPublicKey.data = buf.data; + + dh_info.nonce = client_params->nonce; + + ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size, + ret); + if (ret) { + krb5_set_error_string(context, "ASN.1 encoding of " + "KdcDHKeyInfo failed (%d)", ret); + goto out; + } + if (buf.length != size) + krb5_abortx(context, "Internal ASN.1 encoder error"); + + /* + * Create the SignedData structure and sign the KdcDHKeyInfo + * filled in above + */ + + ret = _krb5_pk_create_sign(context, + oid_id_pkdhkeydata(), + &buf, + kdc_identity, + &sd_buf); + krb5_data_free(&buf); + if (ret) + goto out; + + ret = _krb5_pk_mk_ContentInfo(context, &sd_buf, oid_id_pkcs7_signedData(), + content_info); + krb5_data_free(&sd_buf); + + out: + free_KDCDHKeyInfo(&dh_info); + + return ret; +} + +/* + * + */ + +krb5_error_code +_kdc_pk_mk_pa_reply(krb5_context context, + krb5_kdc_configuration *config, + pk_client_params *client_params, + const hdb_entry *client, + const KDC_REQ *req, + krb5_keyblock **reply_key, + METHOD_DATA *md) +{ + krb5_error_code ret; + void *buf; + size_t len, size; + krb5_enctype enctype; + int pa_type; + int i; + + if (!config->enable_pkinit) { + krb5_clear_error_string(context); + return 0; + } + + if (req->req_body.etype.len > 0) { + for (i = 0; i < req->req_body.etype.len; i++) + if (krb5_enctype_valid(context, req->req_body.etype.val[i]) == 0) + break; + if (req->req_body.etype.len <= i) { + ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_string(context, + "No valid enctype available from client"); + goto out; + } + enctype = req->req_body.etype.val[i]; + } else + enctype = ETYPE_DES3_CBC_SHA1; + + if (client_params->type == PKINIT_COMPAT_25) { + PA_PK_AS_REP rep; + + pa_type = KRB5_PADATA_PK_AS_REP; + + memset(&rep, 0, sizeof(rep)); + + if (client_params->dh == NULL) { + rep.element = choice_PA_PK_AS_REP_encKeyPack; + ContentInfo info; + + krb5_generate_random_keyblock(context, enctype, + &client_params->reply_key); + ret = pk_mk_pa_reply_enckey(context, + client_params, + req, + &client_params->reply_key, + &info); + if (ret) { + free_PA_PK_AS_REP(&rep); + goto out; + } + ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data, + rep.u.encKeyPack.length, &info, &size, + ret); + free_ContentInfo(&info); + if (ret) { + krb5_set_error_string(context, "encoding of Key ContentInfo " + "failed %d", ret); + free_PA_PK_AS_REP(&rep); + goto out; + } + if (rep.u.encKeyPack.length != size) + krb5_abortx(context, "Internal ASN.1 encoder error"); + + } else { + krb5_set_error_string(context, "DH -25 not implemented"); + ret = KRB5KRB_ERR_GENERIC; + } + if (ret) { + free_PA_PK_AS_REP(&rep); + goto out; + } + + ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret); + free_PA_PK_AS_REP(&rep); + if (ret) { + krb5_set_error_string(context, "encode PA-PK-AS-REP failed %d", + ret); + goto out; + } + if (len != size) + krb5_abortx(context, "Internal ASN.1 encoder error"); + + } else if (client_params->type == PKINIT_COMPAT_19) { + PA_PK_AS_REP_19 rep; + + pa_type = KRB5_PADATA_PK_AS_REP_19; + + memset(&rep, 0, sizeof(rep)); + + if (client_params->dh == NULL) { + rep.element = choice_PA_PK_AS_REP_19_encKeyPack; + krb5_generate_random_keyblock(context, enctype, + &client_params->reply_key); + ret = pk_mk_pa_reply_enckey(context, + client_params, + req, + &client_params->reply_key, + &rep.u.encKeyPack); + } else { + rep.element = choice_PA_PK_AS_REP_19_dhSignedData; + + ret = check_dh_params(client_params->dh); + if (ret) + return ret; + + ret = generate_dh_keyblock(context, client_params, enctype, + &client_params->reply_key); + if (ret) + return ret; + + ret = pk_mk_pa_reply_dh(context, client_params->dh, + client_params, + &client_params->reply_key, + &rep.u.dhSignedData); + } + if (ret) { + free_PA_PK_AS_REP_19(&rep); + goto out; + } + + ASN1_MALLOC_ENCODE(PA_PK_AS_REP_19, buf, len, &rep, &size, ret); + free_PA_PK_AS_REP_19(&rep); + if (ret) { + krb5_set_error_string(context, + "encode PA-PK-AS-REP-19 failed %d", ret); + goto out; + } + if (len != size) + krb5_abortx(context, "Internal ASN.1 encoder error"); + } else if (client_params->type == PKINIT_COMPAT_WIN2K) { + PA_PK_AS_REP_Win2k rep; + + pa_type = KRB5_PADATA_PK_AS_REP_19; + + memset(&rep, 0, sizeof(rep)); + + if (client_params->dh) { + krb5_set_error_string(context, "DH -25 not implemented"); + ret = KRB5KRB_ERR_GENERIC; + } else { + rep.element = choice_PA_PK_AS_REP_encKeyPack; + ContentInfo info; + + krb5_generate_random_keyblock(context, enctype, + &client_params->reply_key); + ret = pk_mk_pa_reply_enckey(context, + client_params, + req, + &client_params->reply_key, + &info); + if (ret) { + free_PA_PK_AS_REP_Win2k(&rep); + goto out; + } + ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data, + rep.u.encKeyPack.length, &info, &size, + ret); + free_ContentInfo(&info); + if (ret) { + krb5_set_error_string(context, "encoding of Key ContentInfo " + "failed %d", ret); + free_PA_PK_AS_REP_Win2k(&rep); + goto out; + } + if (rep.u.encKeyPack.length != size) + krb5_abortx(context, "Internal ASN.1 encoder error"); + + } + if (ret) { + free_PA_PK_AS_REP_Win2k(&rep); + goto out; + } + + ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret); + free_PA_PK_AS_REP_Win2k(&rep); + if (ret) { + krb5_set_error_string(context, + "encode PA-PK-AS-REP-Win2k failed %d", ret); + goto out; + } + if (len != size) + krb5_abortx(context, "Internal ASN.1 encoder error"); + + } else + krb5_abortx(context, "PK-INIT internal error"); + + + ret = krb5_padata_add(context, md, pa_type, buf, len); + if (ret) { + krb5_set_error_string(context, "failed adding " + "PA-PK-AS-REP-19 %d", ret); + free(buf); + } + out: + if (ret == 0) + *reply_key = &client_params->reply_key; + return ret; +} + +static int +pk_principal_from_X509(krb5_context context, + krb5_kdc_configuration *config, + struct krb5_pk_cert *client_cert, + krb5_principal *principal) +{ + krb5_error_code ret; + GENERAL_NAMES *gens; + GENERAL_NAME *gen; + ASN1_OBJECT *obj; + int i; + + *principal = NULL; + + obj = OBJ_txt2obj("1.3.6.1.5.2.2",1); + + gens = X509_get_ext_d2i(client_cert->cert, NID_subject_alt_name, + NULL, NULL); + if (gens == NULL) + return 1; + + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { + KRB5PrincipalName kn; + size_t len, size; + void *p; + + gen = sk_GENERAL_NAME_value(gens, i); + if (gen->type != GEN_OTHERNAME) + continue; + + if(OBJ_cmp(obj, gen->d.otherName->type_id) != 0) + continue; + + p = ASN1_STRING_data(gen->d.otherName->value->value.sequence); + len = ASN1_STRING_length(gen->d.otherName->value->value.sequence); + + ret = decode_KRB5PrincipalName(p, len, &kn, &size); + if (ret) { + kdc_log(context, config, 0, + "Decoding kerberos name in certificate failed: %s", + krb5_get_err_text(context, ret)); + continue; + } + + *principal = malloc(sizeof(**principal)); + if (*principal == NULL) { + free_KRB5PrincipalName(&kn); + return 1; + } + + (*principal)->name = kn.principalName; + (*principal)->realm = kn.realm; + return 0; + } + return 1; +} + + +/* XXX match with issuer too ? */ + +krb5_error_code +_kdc_pk_check_client(krb5_context context, + krb5_kdc_configuration *config, + krb5_principal client_princ, + const hdb_entry *client, + pk_client_params *client_params, + char **subject_name) +{ + struct krb5_pk_cert *client_cert = client_params->certificate; + krb5_principal cert_princ; + X509_NAME *name; + char *subject = NULL; + krb5_error_code ret; + krb5_boolean b; + int i; + + *subject_name = NULL; + + name = X509_get_subject_name(client_cert->cert); + if (name == NULL) { + krb5_set_error_string(context, "PKINIT can't get subject name"); + return ENOMEM; + } + subject = X509_NAME_oneline(name, NULL, 0); + if (subject == NULL) { + krb5_set_error_string(context, "PKINIT can't get subject name"); + return ENOMEM; + } + *subject_name = strdup(subject); + if (*subject_name == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + OPENSSL_free(subject); + + if (config->enable_pkinit_princ_in_cert) { + ret = pk_principal_from_X509(context, config, + client_cert, &cert_princ); + if (ret == 0) { + b = krb5_principal_compare(context, client_princ, cert_princ); + krb5_free_principal(context, cert_princ); + if (b == TRUE) + return 0; + } + } + + for (i = 0; i < principal_mappings.len; i++) { + b = krb5_principal_compare(context, + client_princ, + principal_mappings.val[i].principal); + if (b == FALSE) + continue; + if (strcmp(principal_mappings.val[i].subject, *subject_name) != 0) + continue; + return 0; + } + free(*subject_name); + *subject_name = NULL; + krb5_set_error_string(context, "PKINIT no matching principals"); + return KRB5_KDC_ERROR_CLIENT_NAME_MISMATCH; +} + +static krb5_error_code +add_principal_mapping(krb5_context context, + const char *principal_name, + const char * subject) +{ + struct pk_allowed_princ *tmp; + krb5_principal principal; + krb5_error_code ret; + + tmp = realloc(principal_mappings.val, + (principal_mappings.len + 1) * sizeof(*tmp)); + if (tmp == NULL) + return ENOMEM; + principal_mappings.val = tmp; + + ret = krb5_parse_name(context, principal_name, &principal); + if (ret) + return ret; + + principal_mappings.val[principal_mappings.len].principal = principal; + + principal_mappings.val[principal_mappings.len].subject = strdup(subject); + if (principal_mappings.val[principal_mappings.len].subject == NULL) { + krb5_free_principal(context, principal); + return ENOMEM; + } + principal_mappings.len++; + + return 0; +} + + +krb5_error_code +_kdc_pk_initialize(krb5_context context, + krb5_kdc_configuration *config, + const char *user_id, + const char *x509_anchors) +{ + const char *mapping_file; + krb5_error_code ret; + char buf[1024]; + unsigned long lineno = 0; + FILE *f; + + principal_mappings.len = 0; + principal_mappings.val = NULL; + + ret = _krb5_pk_load_openssl_id(context, + &kdc_identity, + user_id, + x509_anchors, + NULL, + NULL, + NULL); + if (ret) { + krb5_warn(context, ret, "PKINIT: failed to load"); + config->enable_pkinit = 0; + return ret; + } + + mapping_file = krb5_config_get_string_default(context, + NULL, + HDB_DB_DIR "/pki-mapping", + "kdc", + "pki-mappings-file", + NULL); + f = fopen(mapping_file, "r"); + if (f == NULL) { + krb5_warnx(context, "PKINIT: failed to load mappings file %s", + mapping_file); + return 0; + } + + while (fgets(buf, sizeof(buf), f) != NULL) { + char *subject_name, *p; + + buf[strcspn(buf, "\n")] = '\0'; + lineno++; + + p = buf + strspn(buf, " \t"); + + if (*p == '#' || *p == '\0') + continue; + + subject_name = strchr(p, ':'); + if (subject_name == NULL) { + krb5_warnx(context, "pkinit mapping file line %lu " + "missing \":\" :%s", + lineno, buf); + continue; + } + *subject_name++ = '\0'; + + ret = add_principal_mapping(context, p, subject_name); + if (ret) { + krb5_warn(context, ret, "failed to add line %lu \":\" :%s\n", + lineno, buf); + continue; + } + } + + fclose(f); + + return 0; +} + +#endif /* PKINIT */ diff --git a/source4/heimdal/kdc/process.c b/source4/heimdal/kdc/process.c new file mode 100644 index 0000000000..22cf23c48d --- /dev/null +++ b/source4/heimdal/kdc/process.c @@ -0,0 +1,117 @@ +/* + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdc_locl.h" + +RCSID("$Id: process.c,v 1.2 2005/06/30 01:54:49 lha Exp $"); + +/* + * handle the request in `buf, len', from `addr' (or `from' as a string), + * sending a reply in `reply'. + */ + +int +krb5_kdc_process_generic_request(krb5_context context, + krb5_kdc_configuration *config, + unsigned char *buf, + size_t len, + krb5_data *reply, + krb5_boolean *prependlength, + const char *from, + struct sockaddr *addr) +{ + KDC_REQ req; + Ticket ticket; + krb5_error_code ret; + size_t i; + + gettimeofday(&_kdc_now, NULL); + if(decode_AS_REQ(buf, len, &req, &i) == 0){ + ret = _kdc_as_rep(context, config, &req, reply, from, addr); + free_AS_REQ(&req); + return ret; + }else if(decode_TGS_REQ(buf, len, &req, &i) == 0){ + ret = _kdc_tgs_rep(context, config, &req, reply, from, addr); + free_TGS_REQ(&req); + return ret; + }else if(decode_Ticket(buf, len, &ticket, &i) == 0){ + ret = _kdc_do_524(context, config, &ticket, reply, from, addr); + free_Ticket(&ticket); + return ret; + } else if(_kdc_maybe_version4(buf, len)){ + *prependlength = FALSE; /* elbitapmoc sdrawkcab XXX */ + _kdc_do_version4(context, config, buf, len, reply, from, + (struct sockaddr_in*)addr); + return 0; + } else if (config->enable_kaserver) { + ret = _kdc_do_kaserver(context, config, buf, len, reply, from, + (struct sockaddr_in*)addr); + return ret; + } + + return -1; +} + +/* + * handle the request in `buf, len', from `addr' (or `from' as a string), + * sending a reply in `reply'. + * + * This only processes krb5 requests + */ + +int +krb5_kdc_process_krb5_request(krb5_context context, + krb5_kdc_configuration *config, + unsigned char *buf, + size_t len, + krb5_data *reply, + const char *from, + struct sockaddr *addr) +{ + KDC_REQ req; + krb5_error_code ret; + size_t i; + + gettimeofday(&_kdc_now, NULL); + if(decode_AS_REQ(buf, len, &req, &i) == 0){ + ret = _kdc_as_rep(context, config, &req, reply, from, addr); + free_AS_REQ(&req); + return ret; + }else if(decode_TGS_REQ(buf, len, &req, &i) == 0){ + ret = _kdc_tgs_rep(context, config, &req, reply, from, addr); + free_TGS_REQ(&req); + return ret; + } + return -1; +} diff --git a/source4/heimdal/kdc/rx.h b/source4/heimdal/kdc/rx.h new file mode 100644 index 0000000000..ab8ec80523 --- /dev/null +++ b/source4/heimdal/kdc/rx.h @@ -0,0 +1,79 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: rx.h,v 1.4 1999/12/02 17:05:00 joda Exp $ */ + +#ifndef __RX_H__ +#define __RX_H__ + +/* header of a RPC packet */ + +enum rx_header_type { + HT_DATA = 1, + HT_ACK = 2, + HT_BUSY = 3, + HT_ABORT = 4, + HT_ACKALL = 5, + HT_CHAL = 6, + HT_RESP = 7, + HT_DEBUG = 8 +}; + +/* For flags in header */ + +enum rx_header_flag { + HF_CLIENT_INITIATED = 1, + HF_REQ_ACK = 2, + HF_LAST = 4, + HF_MORE = 8 +}; + +struct rx_header { + u_int32_t epoch; + u_int32_t connid; /* And channel ID */ + u_int32_t callid; + u_int32_t seqno; + u_int32_t serialno; + u_char type; + u_char flags; + u_char status; + u_char secindex; + u_int16_t reserved; /* ??? verifier? */ + u_int16_t serviceid; +/* This should be the other way around according to everything but */ +/* tcpdump */ +}; + +#define RX_HEADER_SIZE 28 + +#endif /* __RX_H__ */ diff --git a/source4/heimdal/lib/asn1/asn1-common.h b/source4/heimdal/lib/asn1/asn1-common.h new file mode 100644 index 0000000000..4560b1b29c --- /dev/null +++ b/source4/heimdal/lib/asn1/asn1-common.h @@ -0,0 +1,22 @@ +/* $Id: asn1-common.h,v 1.4 2003/07/15 13:57:31 lha Exp $ */ + +#include +#include + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +typedef struct heim_octet_string { + size_t length; + void *data; +} heim_octet_string; + +typedef char *heim_general_string; +typedef char *heim_utf8_string; + +typedef struct heim_oid { + size_t length; + unsigned *components; +} heim_oid; + +#endif diff --git a/source4/heimdal/lib/asn1/asn1_err.et b/source4/heimdal/lib/asn1/asn1_err.et new file mode 100644 index 0000000000..8f1f272ccc --- /dev/null +++ b/source4/heimdal/lib/asn1/asn1_err.et @@ -0,0 +1,20 @@ +# +# Error messages for the asn.1 library +# +# This might look like a com_err file, but is not +# +id "$Id: asn1_err.et,v 1.5 1998/02/16 16:17:17 joda Exp $" + +error_table asn1 +prefix ASN1 +error_code BAD_TIMEFORMAT, "ASN.1 failed call to system time library" +error_code MISSING_FIELD, "ASN.1 structure is missing a required field" +error_code MISPLACED_FIELD, "ASN.1 unexpected field number" +error_code TYPE_MISMATCH, "ASN.1 type numbers are inconsistent" +error_code OVERFLOW, "ASN.1 value too large" +error_code OVERRUN, "ASN.1 encoding ended unexpectedly" +error_code BAD_ID, "ASN.1 identifier doesn't match expected value" +error_code BAD_LENGTH, "ASN.1 length doesn't match expected value" +error_code BAD_FORMAT, "ASN.1 badly-formatted encoding" +error_code PARSE_ERROR, "ASN.1 parse error" +end diff --git a/source4/heimdal/lib/asn1/der.h b/source4/heimdal/lib/asn1/der.h new file mode 100644 index 0000000000..6c80842ff8 --- /dev/null +++ b/source4/heimdal/lib/asn1/der.h @@ -0,0 +1,180 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: der.h,v 1.28 2005/05/29 14:23:00 lha Exp $ */ + +#ifndef __DER_H__ +#define __DER_H__ + +#include + +typedef enum { + ASN1_C_UNIV = 0, + ASN1_C_APPL = 1, + ASN1_C_CONTEXT = 2 , + ASN1_C_PRIVATE = 3 +} Der_class; + +typedef enum {PRIM = 0, CONS = 1} Der_type; + +/* Universal tags */ + +enum { + UT_Boolean = 1, + UT_Integer = 2, + UT_BitString = 3, + UT_OctetString = 4, + UT_Null = 5, + UT_OID = 6, + UT_Enumerated = 10, + UT_UTF8String = 12, + UT_Sequence = 16, + UT_Set = 17, + UT_PrintableString = 19, + UT_IA5String = 22, + UT_UTCTime = 23, + UT_GeneralizedTime = 24, + UT_VisibleString = 26, + UT_GeneralString = 27 +}; + +#define ASN1_INDEFINITE 0xdce0deed + +#ifndef HAVE_TIMEGM +time_t timegm (struct tm *); +#endif + +int time2generalizedtime (time_t t, heim_octet_string *s); + +int der_get_int (const unsigned char *p, size_t len, int *ret, size_t *size); +int der_get_length (const unsigned char *p, size_t len, + size_t *val, size_t *size); +int der_get_boolean (const unsigned char *p, size_t len, + int *data, size_t *size); +int der_get_general_string (const unsigned char *p, size_t len, + heim_general_string *str, size_t *size); +int der_get_octet_string (const unsigned char *p, size_t len, + heim_octet_string *data, size_t *size); +int der_get_oid (const unsigned char *p, size_t len, + heim_oid *data, size_t *size); +int der_get_tag (const unsigned char *p, size_t len, + Der_class *class, Der_type *type, + int *tag, size_t *size); + +int der_match_tag (const unsigned char *p, size_t len, + Der_class class, Der_type type, + int tag, size_t *size); +int der_match_tag_and_length (const unsigned char *p, size_t len, + Der_class class, Der_type type, int tag, + size_t *length_ret, size_t *size); + +int decode_boolean (const unsigned char*, size_t, int*, size_t*); +int decode_integer (const unsigned char*, size_t, int*, size_t*); +int decode_unsigned (const unsigned char*, size_t, unsigned*, size_t*); +int decode_enumerated (const unsigned char*, size_t, unsigned*, size_t*); +int decode_general_string (const unsigned char*, size_t, + heim_general_string*, size_t*); +int decode_oid (const unsigned char *p, size_t len, + heim_oid *k, size_t *size); +int decode_octet_string (const unsigned char*, size_t, + heim_octet_string*, size_t*); +int decode_generalized_time (const unsigned char*, size_t, time_t*, size_t*); +int decode_nulltype (const unsigned char*, size_t, size_t*); +int decode_utf8string (const unsigned char*, size_t, + heim_utf8_string*, size_t*); + +int der_put_int (unsigned char *p, size_t len, int val, size_t*); +int der_put_length (unsigned char *p, size_t len, size_t val, size_t*); +int der_put_boolean (unsigned char *p, size_t len, const int *data, size_t*); +int der_put_general_string (unsigned char *p, size_t len, + const heim_general_string *str, size_t*); +int der_put_octet_string (unsigned char *p, size_t len, + const heim_octet_string *data, size_t*); +int der_put_oid (unsigned char *p, size_t len, + const heim_oid *data, size_t *size); +int der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type, + int tag, size_t*); +int der_put_length_and_tag (unsigned char*, size_t, size_t, + Der_class, Der_type, int, size_t*); + +int encode_boolean (unsigned char *p, size_t len, + const int *data, size_t*); +int encode_integer (unsigned char *p, size_t len, + const int *data, size_t*); +int encode_unsigned (unsigned char *p, size_t len, + const unsigned *data, size_t*); +int encode_enumerated (unsigned char *p, size_t len, + const unsigned *data, size_t*); +int encode_general_string (unsigned char *p, size_t len, + const heim_general_string *data, size_t*); +int encode_octet_string (unsigned char *p, size_t len, + const heim_octet_string *k, size_t*); +int encode_oid (unsigned char *p, size_t len, + const heim_oid *k, size_t*); +int encode_generalized_time (unsigned char *p, size_t len, + const time_t *t, size_t*); +int encode_nulltype (unsigned char*, size_t, size_t*); +int encode_utf8string (unsigned char*, size_t, + const heim_utf8_string*, size_t*); + +void free_integer (int *num); +void free_general_string (heim_general_string *str); +void free_octet_string (heim_octet_string *k); +void free_oid (heim_oid *k); +void free_generalized_time (time_t *t); +void free_utf8string (heim_utf8_string*); + +size_t length_len (size_t len); +size_t length_boolean (const int *data); +size_t length_integer (const int *data); +size_t length_unsigned (const unsigned *data); +size_t length_enumerated (const unsigned *data); +size_t length_general_string (const heim_general_string *data); +size_t length_octet_string (const heim_octet_string *k); +size_t length_oid (const heim_oid *k); +size_t length_generalized_time (const time_t *t); +size_t length_nulltype (void); +size_t length_utf8string (const heim_utf8_string*); + +int copy_general_string (const heim_general_string *, heim_general_string *); +int copy_octet_string (const heim_octet_string *, heim_octet_string *); +int copy_oid (const heim_oid *from, heim_oid *to); +int copy_nulltype (void *, void *); +int copy_utf8string (const heim_utf8_string*, heim_utf8_string*); + +int heim_oid_cmp(const heim_oid *, const heim_oid *); +int heim_octet_string_cmp(const heim_octet_string *,const heim_octet_string *); + +int fix_dce(size_t reallen, size_t *len); + +#endif /* __DER_H__ */ diff --git a/source4/heimdal/lib/asn1/der_cmp.c b/source4/heimdal/lib/asn1/der_cmp.c new file mode 100755 index 0000000000..a5ed7ff2b3 --- /dev/null +++ b/source4/heimdal/lib/asn1/der_cmp.c @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "der_locl.h" + +RCSID("$Id: der_cmp.c,v 1.2 2004/04/26 20:54:02 lha Exp $"); + +int +heim_oid_cmp(const heim_oid *p, const heim_oid *q) +{ + if (p->length != q->length) + return p->length - q->length; + return memcmp(p->components, + q->components, + p->length * sizeof(*p->components)); +} + +int +heim_octet_string_cmp(const heim_octet_string *p, const heim_octet_string *q) +{ + if (p->length != q->length) + return p->length - q->length; + return memcmp(p->data, q->data, p->length); +} diff --git a/source4/heimdal/lib/asn1/der_copy.c b/source4/heimdal/lib/asn1/der_copy.c new file mode 100644 index 0000000000..936691120a --- /dev/null +++ b/source4/heimdal/lib/asn1/der_copy.c @@ -0,0 +1,68 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "der_locl.h" + +RCSID("$Id: der_copy.c,v 1.12 2003/11/07 07:39:43 lha Exp $"); + +int +copy_general_string (const heim_general_string *from, heim_general_string *to) +{ + *to = strdup(*from); + if(*to == NULL) + return ENOMEM; + return 0; +} + +int +copy_octet_string (const heim_octet_string *from, heim_octet_string *to) +{ + to->length = from->length; + to->data = malloc(to->length); + if(to->length != 0 && to->data == NULL) + return ENOMEM; + memcpy(to->data, from->data, to->length); + return 0; +} + +int +copy_oid (const heim_oid *from, heim_oid *to) +{ + to->length = from->length; + to->components = malloc(to->length * sizeof(*to->components)); + if (to->length != 0 && to->components == NULL) + return ENOMEM; + memcpy(to->components, from->components, + to->length * sizeof(*to->components)); + return 0; +} diff --git a/source4/heimdal/lib/asn1/der_free.c b/source4/heimdal/lib/asn1/der_free.c new file mode 100644 index 0000000000..bec41b1ee1 --- /dev/null +++ b/source4/heimdal/lib/asn1/der_free.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "der_locl.h" + +RCSID("$Id: der_free.c,v 1.10 2003/08/20 16:18:49 joda Exp $"); + +void +free_general_string (heim_general_string *str) +{ + free(*str); + *str = NULL; +} + +void +free_octet_string (heim_octet_string *k) +{ + free(k->data); + k->data = NULL; +} + +void +free_oid (heim_oid *k) +{ + free(k->components); + k->components = NULL; +} diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c new file mode 100644 index 0000000000..d33d3ca9ef --- /dev/null +++ b/source4/heimdal/lib/asn1/der_get.c @@ -0,0 +1,533 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "der_locl.h" + +RCSID("$Id: der_get.c,v 1.39 2005/05/29 14:23:00 lha Exp $"); + +#include + +/* + * All decoding functions take a pointer `p' to first position in + * which to read, from the left, `len' which means the maximum number + * of characters we are able to read, `ret' were the value will be + * returned and `size' where the number of used bytes is stored. + * Either 0 or an error code is returned. + */ + +static int +der_get_unsigned (const unsigned char *p, size_t len, + unsigned *ret, size_t *size) +{ + unsigned val = 0; + size_t oldlen = len; + + while (len--) + val = val * 256 + *p++; + *ret = val; + if(size) *size = oldlen; + return 0; +} + +int +der_get_int (const unsigned char *p, size_t len, + int *ret, size_t *size) +{ + int val = 0; + size_t oldlen = len; + + if (len > 0) { + val = (signed char)*p++; + while (--len) + val = val * 256 + *p++; + } + *ret = val; + if(size) *size = oldlen; + return 0; +} + +int +der_get_boolean(const unsigned char *p, size_t len, int *data, size_t *size) +{ + if(len < 1) + return ASN1_OVERRUN; + if(*p != 0) + *data = 1; + else + *data = 0; + *size = 1; + return 0; +} + +int +der_get_length (const unsigned char *p, size_t len, + size_t *val, size_t *size) +{ + size_t v; + + if (len <= 0) + return ASN1_OVERRUN; + --len; + v = *p++; + if (v < 128) { + *val = v; + if(size) *size = 1; + } else { + int e; + size_t l; + unsigned tmp; + + if(v == 0x80){ + *val = ASN1_INDEFINITE; + if(size) *size = 1; + return 0; + } + v &= 0x7F; + if (len < v) + return ASN1_OVERRUN; + e = der_get_unsigned (p, v, &tmp, &l); + if(e) return e; + *val = tmp; + if(size) *size = l + 1; + } + return 0; +} + +int +der_get_general_string (const unsigned char *p, size_t len, + heim_general_string *str, size_t *size) +{ + char *s; + + s = malloc (len + 1); + if (s == NULL) + return ENOMEM; + memcpy (s, p, len); + s[len] = '\0'; + *str = s; + if(size) *size = len; + return 0; +} + +int +der_get_octet_string (const unsigned char *p, size_t len, + heim_octet_string *data, size_t *size) +{ + data->length = len; + data->data = malloc(len); + if (data->data == NULL && data->length != 0) + return ENOMEM; + memcpy (data->data, p, len); + if(size) *size = len; + return 0; +} + +int +der_get_oid (const unsigned char *p, size_t len, + heim_oid *data, size_t *size) +{ + int n; + size_t oldlen = len; + + if (len < 1) + return ASN1_OVERRUN; + + data->components = malloc((len + 1) * sizeof(*data->components)); + if (data->components == NULL) + return ENOMEM; + data->components[0] = (*p) / 40; + data->components[1] = (*p) % 40; + --len; + ++p; + for (n = 2; len > 0; ++n) { + unsigned u = 0; + + do { + --len; + u = u * 128 + (*p++ % 128); + } while (len > 0 && p[-1] & 0x80); + data->components[n] = u; + } + if (len > 0 && p[-1] & 0x80) { + free_oid (data); + return ASN1_OVERRUN; + } + data->length = n; + if (size) + *size = oldlen; + return 0; +} + +int +der_get_tag (const unsigned char *p, size_t len, + Der_class *class, Der_type *type, + int *tag, size_t *size) +{ + if (len < 1) + return ASN1_OVERRUN; + *class = (Der_class)(((*p) >> 6) & 0x03); + *type = (Der_type)(((*p) >> 5) & 0x01); + *tag = (*p) & 0x1F; + if(size) *size = 1; + return 0; +} + +int +der_match_tag (const unsigned char *p, size_t len, + Der_class class, Der_type type, + int tag, size_t *size) +{ + size_t l; + Der_class thisclass; + Der_type thistype; + int thistag; + int e; + + e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l); + if (e) return e; + if (class != thisclass || type != thistype) + return ASN1_BAD_ID; + if(tag > thistag) + return ASN1_MISPLACED_FIELD; + if(tag < thistag) + return ASN1_MISSING_FIELD; + if(size) *size = l; + return 0; +} + +int +der_match_tag_and_length (const unsigned char *p, size_t len, + Der_class class, Der_type type, int tag, + size_t *length_ret, size_t *size) +{ + size_t l, ret = 0; + int e; + + e = der_match_tag (p, len, class, type, tag, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + + e = der_get_length (p, len, length_ret, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + if(size) *size = ret; + return 0; +} + +int +decode_boolean (const unsigned char *p, size_t len, + int *num, size_t *size) +{ + size_t ret = 0; + size_t l, reallen; + int e; + + e = der_match_tag (p, len, ASN1_C_UNIV, PRIM, UT_Boolean, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + + e = der_get_length (p, len, &reallen, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + if (reallen > len) + return ASN1_OVERRUN; + + e = der_get_boolean (p, reallen, num, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + if(size) *size = ret; + return 0; +} + +int +decode_integer (const unsigned char *p, size_t len, + int *num, size_t *size) +{ + size_t ret = 0; + size_t l, reallen; + int e; + + e = der_match_tag (p, len, ASN1_C_UNIV, PRIM, UT_Integer, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + + e = der_get_length (p, len, &reallen, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + if (reallen > len) + return ASN1_OVERRUN; + + e = der_get_int (p, reallen, num, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + if(size) *size = ret; + return 0; +} + +int +decode_unsigned (const unsigned char *p, size_t len, + unsigned *num, size_t *size) +{ + size_t ret = 0; + size_t l, reallen; + int e; + + e = der_match_tag (p, len, ASN1_C_UNIV, PRIM, UT_Integer, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + + e = der_get_length (p, len, &reallen, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + if (reallen > len) + return ASN1_OVERRUN; + + e = der_get_unsigned (p, reallen, num, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + if(size) *size = ret; + return 0; +} + +int +decode_enumerated (const unsigned char *p, size_t len, + unsigned *num, size_t *size) +{ + size_t ret = 0; + size_t l, reallen; + int e; + + e = der_match_tag (p, len, ASN1_C_UNIV, PRIM, UT_Enumerated, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + + e = der_get_length (p, len, &reallen, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + if (reallen > len) + return ASN1_OVERRUN; + + e = der_get_int (p, reallen, num, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + if(size) *size = ret; + return 0; +} + +int +decode_general_string (const unsigned char *p, size_t len, + heim_general_string *str, size_t *size) +{ + size_t ret = 0; + size_t l, reallen; + int e; + + e = der_match_tag (p, len, ASN1_C_UNIV, PRIM, UT_GeneralString, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + + e = der_get_length (p, len, &reallen, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + if (len < reallen) + return ASN1_OVERRUN; + + e = der_get_general_string (p, reallen, str, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + if(size) *size = ret; + return 0; +} + +int +decode_octet_string (const unsigned char *p, size_t len, + heim_octet_string *k, size_t *size) +{ + size_t ret = 0; + size_t l, reallen; + int e; + + e = der_match_tag (p, len, ASN1_C_UNIV, PRIM, UT_OctetString, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + + e = der_get_length (p, len, &reallen, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + if (len < reallen) + return ASN1_OVERRUN; + + e = der_get_octet_string (p, reallen, k, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + if(size) *size = ret; + return 0; +} + +int +decode_oid (const unsigned char *p, size_t len, + heim_oid *k, size_t *size) +{ + size_t ret = 0; + size_t l, reallen; + int e; + + e = der_match_tag (p, len, ASN1_C_UNIV, PRIM, UT_OID, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + + e = der_get_length (p, len, &reallen, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + if (len < reallen) + return ASN1_OVERRUN; + + e = der_get_oid (p, reallen, k, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + if(size) *size = ret; + return 0; +} + +static void +generalizedtime2time (const char *s, time_t *t) +{ + struct tm tm; + + memset(&tm, 0, sizeof(tm)); + sscanf (s, "%04d%02d%02d%02d%02d%02dZ", + &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, + &tm.tm_min, &tm.tm_sec); + tm.tm_year -= 1900; + tm.tm_mon -= 1; + *t = timegm (&tm); +} + +int +decode_generalized_time (const unsigned char *p, size_t len, + time_t *t, size_t *size) +{ + heim_octet_string k; + char *times; + size_t ret = 0; + size_t l, reallen; + int e; + + e = der_match_tag (p, len, ASN1_C_UNIV, PRIM, UT_GeneralizedTime, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + + e = der_get_length (p, len, &reallen, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + if (len < reallen) + return ASN1_OVERRUN; + + e = der_get_octet_string (p, reallen, &k, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + times = realloc(k.data, k.length + 1); + if (times == NULL){ + free(k.data); + return ENOMEM; + } + times[k.length] = 0; + generalizedtime2time (times, t); + free (times); + if(size) *size = ret; + return 0; +} + + +int +fix_dce(size_t reallen, size_t *len) +{ + if(reallen == ASN1_INDEFINITE) + return 1; + if(*len < reallen) + return -1; + *len = reallen; + return 0; +} diff --git a/source4/heimdal/lib/asn1/der_length.c b/source4/heimdal/lib/asn1/der_length.c new file mode 100644 index 0000000000..cb07254a67 --- /dev/null +++ b/source4/heimdal/lib/asn1/der_length.c @@ -0,0 +1,175 @@ +/* + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "der_locl.h" + +RCSID("$Id: der_length.c,v 1.16 2004/02/07 14:27:59 lha Exp $"); + +size_t +_heim_len_unsigned (unsigned val) +{ + size_t ret = 0; + + do { + ++ret; + val /= 256; + } while (val); + return ret; +} + +size_t +_heim_len_int (int val) +{ + unsigned char q; + size_t ret = 0; + + if (val >= 0) { + do { + q = val % 256; + ret++; + val /= 256; + } while(val); + if(q >= 128) + ret++; + } else { + val = ~val; + do { + q = ~(val % 256); + ret++; + val /= 256; + } while(val); + if(q < 128) + ret++; + } + return ret; +} + +static size_t +len_oid (const heim_oid *oid) +{ + size_t ret = 1; + int n; + + for (n = 2; n < oid->length; ++n) { + unsigned u = oid->components[n]; + + ++ret; + u /= 128; + while (u > 0) { + ++ret; + u /= 128; + } + } + return ret; +} + +size_t +length_len (size_t len) +{ + if (len < 128) + return 1; + else + return _heim_len_unsigned (len) + 1; +} + +size_t +length_boolean (const int *data) +{ + return 1 + length_len(1) + 1; +} + +size_t +length_integer (const int *data) +{ + size_t len = _heim_len_int (*data); + + return 1 + length_len(len) + len; +} + +size_t +length_unsigned (const unsigned *data) +{ + unsigned val = *data; + size_t len = 0; + + while (val > 255) { + ++len; + val /= 256; + } + len++; + if (val >= 128) + len++; + return 1 + length_len(len) + len; +} + +size_t +length_enumerated (const unsigned *data) +{ + size_t len = _heim_len_int (*data); + + return 1 + length_len(len) + len; +} + +size_t +length_general_string (const heim_general_string *data) +{ + char *str = *data; + size_t len = strlen(str); + return 1 + length_len(len) + len; +} + +size_t +length_octet_string (const heim_octet_string *k) +{ + return 1 + length_len(k->length) + k->length; +} + +size_t +length_oid (const heim_oid *k) +{ + size_t len = len_oid (k); + + return 1 + length_len(len) + len; +} + +size_t +length_generalized_time (const time_t *t) +{ + heim_octet_string k; + size_t ret; + + time2generalizedtime (*t, &k); + ret = 1 + length_len(k.length) + k.length; + free (k.data); + return ret; +} diff --git a/source4/heimdal/lib/asn1/der_locl.h b/source4/heimdal/lib/asn1/der_locl.h new file mode 100644 index 0000000000..67e1e877f6 --- /dev/null +++ b/source4/heimdal/lib/asn1/der_locl.h @@ -0,0 +1,59 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: der_locl.h,v 1.5 2004/02/07 14:16:53 lha Exp $ */ + +#ifndef __DER_LOCL_H__ +#define __DER_LOCL_H__ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +size_t _heim_len_unsigned (unsigned); +size_t _heim_len_int (int); + +#endif /* __DER_LOCL_H__ */ diff --git a/source4/heimdal/lib/asn1/der_put.c b/source4/heimdal/lib/asn1/der_put.c new file mode 100644 index 0000000000..687dedd09f --- /dev/null +++ b/source4/heimdal/lib/asn1/der_put.c @@ -0,0 +1,467 @@ +/* + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "der_locl.h" + +RCSID("$Id: der_put.c,v 1.32 2005/05/29 14:23:01 lha Exp $"); + +/* + * All encoding functions take a pointer `p' to first position in + * which to write, from the right, `len' which means the maximum + * number of characters we are able to write. The function returns + * the number of characters written in `size' (if non-NULL). + * The return value is 0 or an error. + */ + +static int +der_put_unsigned (unsigned char *p, size_t len, unsigned val, size_t *size) +{ + unsigned char *base = p; + + if (val) { + while (len > 0 && val) { + *p-- = val % 256; + val /= 256; + --len; + } + if (val != 0) + return ASN1_OVERFLOW; + else { + *size = base - p; + return 0; + } + } else if (len < 1) + return ASN1_OVERFLOW; + else { + *p = 0; + *size = 1; + return 0; + } +} + +int +der_put_int (unsigned char *p, size_t len, int val, size_t *size) +{ + unsigned char *base = p; + + if(val >= 0) { + do { + if(len < 1) + return ASN1_OVERFLOW; + *p-- = val % 256; + len--; + val /= 256; + } while(val); + if(p[1] >= 128) { + if(len < 1) + return ASN1_OVERFLOW; + *p-- = 0; + len--; + } + } else { + val = ~val; + do { + if(len < 1) + return ASN1_OVERFLOW; + *p-- = ~(val % 256); + len--; + val /= 256; + } while(val); + if(p[1] < 128) { + if(len < 1) + return ASN1_OVERFLOW; + *p-- = 0xff; + len--; + } + } + *size = base - p; + return 0; +} + + +int +der_put_length (unsigned char *p, size_t len, size_t val, size_t *size) +{ + if (len < 1) + return ASN1_OVERFLOW; + if (val < 128) { + *p = val; + *size = 1; + return 0; + } else { + size_t l; + int e; + + e = der_put_unsigned (p, len - 1, val, &l); + if (e) + return e; + p -= l; + *p = 0x80 | l; + *size = l + 1; + return 0; + } +} + +int +der_put_boolean(unsigned char *p, size_t len, const int *data, size_t *size) +{ + if(len < 1) + return ASN1_OVERFLOW; + if(*data != 0) + *p = 0xff; + else + *p = 0; + *size = 1; + return 0; +} + +int +der_put_general_string (unsigned char *p, size_t len, + const heim_general_string *str, size_t *size) +{ + size_t slen = strlen(*str); + + if (len < slen) + return ASN1_OVERFLOW; + p -= slen; + len -= slen; + memcpy (p+1, *str, slen); + *size = slen; + return 0; +} + +int +der_put_octet_string (unsigned char *p, size_t len, + const heim_octet_string *data, size_t *size) +{ + if (len < data->length) + return ASN1_OVERFLOW; + p -= data->length; + len -= data->length; + memcpy (p+1, data->data, data->length); + *size = data->length; + return 0; +} + +int +der_put_oid (unsigned char *p, size_t len, + const heim_oid *data, size_t *size) +{ + unsigned char *base = p; + int n; + + for (n = data->length - 1; n >= 2; --n) { + unsigned u = data->components[n]; + + if (len < 1) + return ASN1_OVERFLOW; + *p-- = u % 128; + u /= 128; + --len; + while (u > 0) { + if (len < 1) + return ASN1_OVERFLOW; + *p-- = 128 + u % 128; + u /= 128; + --len; + } + } + if (len < 1) + return ASN1_OVERFLOW; + *p-- = 40 * data->components[0] + data->components[1]; + *size = base - p; + return 0; +} + +int +der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type, + int tag, size_t *size) +{ + if (len < 1) + return ASN1_OVERFLOW; + *p = (class << 6) | (type << 5) | tag; /* XXX */ + *size = 1; + return 0; +} + +int +der_put_length_and_tag (unsigned char *p, size_t len, size_t len_val, + Der_class class, Der_type type, int tag, size_t *size) +{ + size_t ret = 0; + size_t l; + int e; + + e = der_put_length (p, len, len_val, &l); + if(e) + return e; + p -= l; + len -= l; + ret += l; + e = der_put_tag (p, len, class, type, tag, &l); + if(e) + return e; + p -= l; + len -= l; + ret += l; + *size = ret; + return 0; +} + +int +encode_boolean (unsigned char *p, size_t len, const int *data, + size_t *size) +{ + size_t ret = 0; + size_t l; + int e; + + e = der_put_boolean (p, len, data, &l); + if(e) + return e; + p -= l; + len -= l; + ret += l; + e = der_put_length_and_tag (p, len, l, ASN1_C_UNIV, PRIM, UT_Boolean, &l); + if (e) + return e; + p -= l; + len -= l; + ret += l; + *size = ret; + return 0; +} + +int +encode_integer (unsigned char *p, size_t len, const int *data, size_t *size) +{ + int num = *data; + size_t ret = 0; + size_t l; + int e; + + e = der_put_int (p, len, num, &l); + if(e) + return e; + p -= l; + len -= l; + ret += l; + e = der_put_length_and_tag (p, len, l, ASN1_C_UNIV, PRIM, UT_Integer, &l); + if (e) + return e; + p -= l; + len -= l; + ret += l; + *size = ret; + return 0; +} + +int +encode_unsigned (unsigned char *p, size_t len, const unsigned *data, + size_t *size) +{ + unsigned num = *data; + size_t ret = 0; + size_t l; + int e; + + e = der_put_unsigned (p, len, num, &l); + if(e) + return e; + p -= l; + len -= l; + ret += l; + /* if first octet has msb set, we need to pad with a zero byte */ + if(p[1] >= 128) { + if(len == 0) + return ASN1_OVERFLOW; + *p-- = 0; + len--; + ret++; + l++; + } + e = der_put_length_and_tag (p, len, l, ASN1_C_UNIV, PRIM, UT_Integer, &l); + if (e) + return e; + p -= l; + len -= l; + ret += l; + *size = ret; + return 0; +} + +int +encode_enumerated (unsigned char *p, size_t len, const unsigned *data, + size_t *size) +{ + unsigned num = *data; + size_t ret = 0; + size_t l; + int e; + + e = der_put_int (p, len, num, &l); + if(e) + return e; + p -= l; + len -= l; + ret += l; + e = der_put_length_and_tag (p, len, l, ASN1_C_UNIV, PRIM, UT_Enumerated, &l); + if (e) + return e; + p -= l; + len -= l; + ret += l; + *size = ret; + return 0; +} + +int +encode_general_string (unsigned char *p, size_t len, + const heim_general_string *data, size_t *size) +{ + size_t ret = 0; + size_t l; + int e; + + e = der_put_general_string (p, len, data, &l); + if (e) + return e; + p -= l; + len -= l; + ret += l; + e = der_put_length_and_tag (p, len, l, ASN1_C_UNIV, PRIM, UT_GeneralString, &l); + if (e) + return e; + p -= l; + len -= l; + ret += l; + *size = ret; + return 0; +} + +int +encode_octet_string (unsigned char *p, size_t len, + const heim_octet_string *k, size_t *size) +{ + size_t ret = 0; + size_t l; + int e; + + e = der_put_octet_string (p, len, k, &l); + if (e) + return e; + p -= l; + len -= l; + ret += l; + e = der_put_length_and_tag (p, len, l, ASN1_C_UNIV, PRIM, UT_OctetString, &l); + if (e) + return e; + p -= l; + len -= l; + ret += l; + *size = ret; + return 0; +} + +int +encode_oid(unsigned char *p, size_t len, + const heim_oid *k, size_t *size) +{ + size_t ret = 0; + size_t l; + int e; + + e = der_put_oid (p, len, k, &l); + if (e) + return e; + p -= l; + len -= l; + ret += l; + e = der_put_length_and_tag (p, len, l, ASN1_C_UNIV, PRIM, UT_OID, &l); + if (e) + return e; + p -= l; + len -= l; + ret += l; + *size = ret; + return 0; +} + +int +time2generalizedtime (time_t t, heim_octet_string *s) +{ + struct tm *tm; + size_t len; + + len = 15; + + s->data = malloc(len + 1); + if (s->data == NULL) + return ENOMEM; + s->length = len; + tm = gmtime (&t); + snprintf (s->data, len + 1, "%04d%02d%02d%02d%02d%02dZ", + tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, + tm->tm_hour, tm->tm_min, tm->tm_sec); + return 0; +} + +int +encode_generalized_time (unsigned char *p, size_t len, + const time_t *t, size_t *size) +{ + size_t ret = 0; + size_t l; + heim_octet_string k; + int e; + + e = time2generalizedtime (*t, &k); + if (e) + return e; + e = der_put_octet_string (p, len, &k, &l); + free (k.data); + if (e) + return e; + p -= l; + len -= l; + ret += l; + e = der_put_length_and_tag (p, len, k.length, ASN1_C_UNIV, PRIM, + UT_GeneralizedTime, &l); + if (e) + return e; + p -= l; + len -= l; + ret += l; + *size = ret; + return 0; +} diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c new file mode 100644 index 0000000000..67cc5ce65a --- /dev/null +++ b/source4/heimdal/lib/asn1/gen.c @@ -0,0 +1,510 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gen_locl.h" + +RCSID("$Id: gen.c,v 1.59 2005/06/16 19:58:15 lha Exp $"); + +FILE *headerfile, *codefile, *logfile; + +#define STEM "asn1" + +static const char *orig_filename; +static char *header; +static char *headerbase; + +/* + * list of all IMPORTs + */ + +struct import { + const char *module; + struct import *next; +}; + +static struct import *imports = NULL; + +void +add_import (const char *module) +{ + struct import *tmp = emalloc (sizeof(*tmp)); + + tmp->module = module; + tmp->next = imports; + imports = tmp; +} + +const char * +get_filename (void) +{ + return orig_filename; +} + +static int unique_number; + +void +unique_reset(void) +{ + unique_number = 0; +} + +int +unique_get_next(void) +{ + return unique_number++; +} + +void +init_generate (const char *filename, const char *base) +{ + orig_filename = filename; + if(base) + asprintf(&headerbase, "%s", base); + else + headerbase = strdup(STEM); + asprintf(&header, "%s.h", headerbase); + headerfile = fopen (header, "w"); + if (headerfile == NULL) + err (1, "open %s", header); + fprintf (headerfile, + "/* Generated from %s */\n" + "/* Do not edit */\n\n", + filename); + fprintf (headerfile, + "#ifndef __%s_h__\n" + "#define __%s_h__\n\n", headerbase, headerbase); + fprintf (headerfile, + "#include \n" + "#include \n\n"); +#ifndef HAVE_TIMEGM + fprintf (headerfile, "time_t timegm (struct tm*);\n\n"); +#endif + fprintf (headerfile, + "#ifndef __asn1_common_definitions__\n" + "#define __asn1_common_definitions__\n\n"); + fprintf (headerfile, + "typedef struct heim_octet_string {\n" + " size_t length;\n" + " void *data;\n" + "} heim_octet_string;\n\n"); + fprintf (headerfile, + "typedef char *heim_general_string;\n\n" + ); + fprintf (headerfile, + "typedef char *heim_utf8_string;\n\n" + ); + fprintf (headerfile, + "typedef struct heim_oid {\n" + " size_t length;\n" + " unsigned *components;\n" + "} heim_oid;\n\n"); + fputs("#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \\\n" + " do { \\\n" + " (BL) = length_##T((S)); \\\n" + " (B) = malloc((BL)); \\\n" + " if((B) == NULL) { \\\n" + " (R) = ENOMEM; \\\n" + " } else { \\\n" + " (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \\\n" + " (S), (L)); \\\n" + " if((R) != 0) { \\\n" + " free((B)); \\\n" + " (B) = NULL; \\\n" + " } \\\n" + " } \\\n" + " } while (0)\n\n", + headerfile); + fprintf (headerfile, "#endif\n\n"); + logfile = fopen(STEM "_files", "w"); + if (logfile == NULL) + err (1, "open " STEM "_files"); +} + +void +close_generate (void) +{ + fprintf (headerfile, "#endif /* __%s_h__ */\n", headerbase); + + fclose (headerfile); + fprintf (logfile, "\n"); + fclose (logfile); +} + +void +generate_constant (const Symbol *s) +{ + fprintf (headerfile, "enum { %s = %d };\n\n", + s->gen_name, s->constant); +} + +static void +space(int level) +{ + while(level-- > 0) + fprintf(headerfile, " "); +} + +static void +define_asn1 (int level, Type *t) +{ + switch (t->type) { + case TType: + space(level); + fprintf (headerfile, "%s", t->symbol->name); + break; + case TInteger: + space(level); + fprintf (headerfile, "INTEGER"); + break; + case TUInteger: + space(level); + fprintf (headerfile, "UNSIGNED INTEGER"); + break; + case TOctetString: + space(level); + fprintf (headerfile, "OCTET STRING"); + break; + case TOID : + space(level); + fprintf(headerfile, "OBJECT IDENTIFIER"); + break; + case TBitString: { + Member *m; + int tag = -1; + + space(level); + fprintf (headerfile, "BIT STRING {\n"); + for (m = t->members; m && m->val != tag; m = m->next) { + if (tag == -1) + tag = m->val; + space(level + 1); + fprintf (headerfile, "%s(%d)%s\n", m->name, m->val, + m->next->val == tag?"":","); + + } + space(level); + fprintf (headerfile, "}"); + break; + } + case TEnumerated : { + Member *m; + int tag = -1; + + space(level); + fprintf (headerfile, "ENUMERATED {\n"); + for (m = t->members; m && m->val != tag; m = m->next) { + if (tag == -1) + tag = m->val; + space(level + 1); + fprintf (headerfile, "%s(%d)%s\n", m->name, m->val, + m->next->val == tag?"":","); + + } + space(level); + fprintf (headerfile, "}"); + break; + } + case TSequence: { + Member *m; + int tag; + int max_width = 0; + + space(level); + fprintf (headerfile, "SEQUENCE {\n"); + for (m = t->members, tag = -1; m && m->val != tag; m = m->next) { + if (tag == -1) + tag = m->val; + if(strlen(m->name) + (m->val > 9) > max_width) + max_width = strlen(m->name) + (m->val > 9); + } + max_width += 3 + 2; + if(max_width < 16) max_width = 16; + for (m = t->members, tag = -1 ; m && m->val != tag; m = m->next) { + int width; + if (tag == -1) + tag = m->val; + space(level + 1); + fprintf(headerfile, "%s[%d]", m->name, m->val); + width = max_width - strlen(m->name) - 3 - (m->val > 9) - 2; + fprintf(headerfile, "%*s", width, ""); + define_asn1(level + 1, m->type); + if(m->optional) + fprintf(headerfile, " OPTIONAL"); + if(m->next->val != tag) + fprintf (headerfile, ","); + fprintf (headerfile, "\n"); + } + space(level); + fprintf (headerfile, "}"); + break; + } + case TSequenceOf: { + space(level); + fprintf (headerfile, "SEQUENCE OF "); + define_asn1 (0, t->subtype); + break; + } + case TGeneralizedTime: + space(level); + fprintf (headerfile, "GeneralizedTime"); + break; + case TGeneralString: + space(level); + fprintf (headerfile, "GeneralString"); + break; + case TApplication: + fprintf (headerfile, "[APPLICATION %d] ", t->application); + define_asn1 (level, t->subtype); + break; + case TBoolean: + space(level); + fprintf (headerfile, "BOOLEAN"); + break; + case TUTF8String: + space(level); + fprintf (headerfile, "UTF8String"); + break; + case TNull: + space(level); + fprintf (headerfile, "NULL"); + break; + default: + abort (); + } +} + +static void +define_type (int level, const char *name, Type *t, int typedefp) +{ + switch (t->type) { + case TType: + space(level); + fprintf (headerfile, "%s %s;\n", t->symbol->gen_name, name); + break; + case TInteger: + space(level); + if(t->members == NULL) { + fprintf (headerfile, "int %s;\n", name); + } else { + Member *m; + int tag = -1; + fprintf (headerfile, "enum %s {\n", typedefp ? name : ""); + for (m = t->members; m && m->val != tag; m = m->next) { + if(tag == -1) + tag = m->val; + space (level + 1); + fprintf(headerfile, "%s = %d%s\n", m->gen_name, m->val, + m->next->val == tag ? "" : ","); + } + fprintf (headerfile, "} %s;\n", name); + } + break; + case TUInteger: + space(level); + fprintf (headerfile, "unsigned int %s;\n", name); + break; + case TOctetString: + space(level); + fprintf (headerfile, "heim_octet_string %s;\n", name); + break; + case TOID : + space(level); + fprintf (headerfile, "heim_oid %s;\n", name); + break; + case TBitString: { + Member *m; + Type i; + int tag = -1; + + i.type = TUInteger; + space(level); + fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); + for (m = t->members; m && m->val != tag; m = m->next) { + char *n; + + asprintf (&n, "%s:1", m->gen_name); + define_type (level + 1, n, &i, FALSE); + free (n); + if (tag == -1) + tag = m->val; + } + space(level); + fprintf (headerfile, "} %s;\n\n", name); + break; + } + case TEnumerated: { + Member *m; + int tag = -1; + + space(level); + fprintf (headerfile, "enum %s {\n", typedefp ? name : ""); + for (m = t->members; m && m->val != tag; m = m->next) { + if (tag == -1) + tag = m->val; + space(level + 1); + fprintf (headerfile, "%s = %d%s\n", m->gen_name, m->val, + m->next->val == tag ? "" : ","); + } + space(level); + fprintf (headerfile, "} %s;\n\n", name); + break; + } + case TSequence: { + Member *m; + int tag = -1; + + space(level); + fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); + for (m = t->members; m && m->val != tag; m = m->next) { + if (m->optional) { + char *n; + + asprintf (&n, "*%s", m->gen_name); + define_type (level + 1, n, m->type, FALSE); + free (n); + } else + define_type (level + 1, m->gen_name, m->type, FALSE); + if (tag == -1) + tag = m->val; + } + space(level); + fprintf (headerfile, "} %s;\n", name); + break; + } + case TSequenceOf: { + Type i; + + i.type = TUInteger; + i.application = 0; + + space(level); + fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); + define_type (level + 1, "len", &i, FALSE); + define_type (level + 1, "*val", t->subtype, FALSE); + space(level); + fprintf (headerfile, "} %s;\n", name); + break; + } + case TGeneralizedTime: + space(level); + fprintf (headerfile, "time_t %s;\n", name); + break; + case TGeneralString: + space(level); + fprintf (headerfile, "heim_general_string %s;\n", name); + break; + case TUTF8String: + space(level); + fprintf (headerfile, "heim_utf8_string %s;\n", name); + break; + case TBoolean: + space(level); + fprintf (headerfile, "int %s;\n", name); + break; + case TNull: + space(level); + fprintf (headerfile, "NULL %s;\n", name); + break; + case TApplication: + define_type (level, name, t->subtype, FALSE); + break; + default: + abort (); + } +} + +static void +generate_type_header (const Symbol *s) +{ + fprintf (headerfile, "/*\n"); + fprintf (headerfile, "%s ::= ", s->name); + define_asn1 (0, s->type); + fprintf (headerfile, "\n*/\n\n"); + + fprintf (headerfile, "typedef "); + define_type (0, s->gen_name, s->type, TRUE); + + fprintf (headerfile, "\n"); +} + + +void +generate_type (const Symbol *s) +{ + struct import *i; + char *filename; + + asprintf (&filename, "%s_%s.x", STEM, s->gen_name); + codefile = fopen (filename, "w"); + if (codefile == NULL) + err (1, "fopen %s", filename); + fprintf(logfile, "%s ", filename); + free(filename); + fprintf (codefile, + "/* Generated from %s */\n" + "/* Do not edit */\n\n" + "#include \n" + "#include \n" + "#include \n" + "#include \n" + "#include \n", + orig_filename); + + for (i = imports; i != NULL; i = i->next) + fprintf (codefile, + "#include <%s_asn1.h>\n", + i->module); + fprintf (codefile, + "#include <%s.h>\n", + headerbase); + fprintf (codefile, + "#include \n" + "#include \n" + "#include \n\n"); + + if (s->stype == Stype && s->type->type == TChoice) { + fprintf(codefile, + "/* CHOICE */\n" + "int asn1_%s_dummy_holder = 1;\n", s->gen_name); + } else { + generate_type_header (s); + generate_type_encode (s); + generate_type_decode (s); + generate_type_free (s); + generate_type_length (s); + generate_type_copy (s); + generate_glue (s); + } + fprintf(headerfile, "\n\n"); + fclose(codefile); +} diff --git a/source4/heimdal/lib/asn1/gen_copy.c b/source4/heimdal/lib/asn1/gen_copy.c new file mode 100644 index 0000000000..a8421fea6a --- /dev/null +++ b/source4/heimdal/lib/asn1/gen_copy.c @@ -0,0 +1,157 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gen_locl.h" + +RCSID("$Id: gen_copy.c,v 1.15 2005/06/16 20:03:38 lha Exp $"); + +static void +copy_primitive (const char *typename, const char *from, const char *to) +{ + fprintf (codefile, "if(copy_%s(%s, %s)) return ENOMEM;\n", + typename, from, to); +} + +static void +copy_type (const char *from, const char *to, const Type *t) +{ + switch (t->type) { + case TType: +#if 0 + copy_type (from, to, t->symbol->type); +#endif + fprintf (codefile, "if(copy_%s(%s, %s)) return ENOMEM;\n", + t->symbol->gen_name, from, to); + break; + case TInteger: + case TUInteger: + case TBoolean: + case TEnumerated : + fprintf(codefile, "*(%s) = *(%s);\n", to, from); + break; + case TOctetString: + copy_primitive ("octet_string", from, to); + break; + case TOID: + copy_primitive ("oid", from, to); + break; + case TBitString: { + fprintf(codefile, "*(%s) = *(%s);\n", to, from); + break; + } + case TSequence: { + Member *m; + int tag = -1; + + if (t->members == NULL) + break; + + for (m = t->members; m && tag != m->val; m = m->next) { + char *fn; + char *tn; + + asprintf (&fn, "%s(%s)->%s", + m->optional ? "" : "&", from, m->gen_name); + asprintf (&tn, "%s(%s)->%s", + m->optional ? "" : "&", to, m->gen_name); + if(m->optional){ + fprintf(codefile, "if(%s) {\n", fn); + fprintf(codefile, "%s = malloc(sizeof(*%s));\n", tn, tn); + fprintf(codefile, "if(%s == NULL) return ENOMEM;\n", tn); + } + copy_type (fn, tn, m->type); + if(m->optional){ + fprintf(codefile, "}else\n"); + fprintf(codefile, "%s = NULL;\n", tn); + } + if (tag == -1) + tag = m->val; + free (fn); + free (tn); + } + break; + } + case TSequenceOf: { + char *f; + char *T; + + fprintf (codefile, "if(((%s)->val = " + "malloc((%s)->len * sizeof(*(%s)->val))) == NULL && (%s)->len != 0)\n", + to, from, to, from); + fprintf (codefile, "return ENOMEM;\n"); + fprintf(codefile, + "for((%s)->len = 0; (%s)->len < (%s)->len; (%s)->len++){\n", + to, to, from, to); + asprintf(&f, "&(%s)->val[(%s)->len]", from, to); + asprintf(&T, "&(%s)->val[(%s)->len]", to, to); + copy_type(f, T, t->subtype); + fprintf(codefile, "}\n"); + free(f); + free(T); + break; + } + case TGeneralizedTime: + fprintf(codefile, "*(%s) = *(%s);\n", to, from); + break; + case TGeneralString: + copy_primitive ("general_string", from, to); + break; + case TUTF8String: + copy_primitive ("utf8string", from, to); + break; + case TNull: + break; + case TApplication: + copy_type (from, to, t->subtype); + break; + default : + abort (); + } +} + +void +generate_type_copy (const Symbol *s) +{ + fprintf (headerfile, + "int copy_%s (const %s *, %s *);\n", + s->gen_name, s->gen_name, s->gen_name); + + fprintf (codefile, "int\n" + "copy_%s(const %s *from, %s *to)\n" + "{\n", + s->gen_name, s->gen_name, s->gen_name); + + copy_type ("from", "to", s->type); + fprintf (codefile, "return 0;\n}\n\n"); +} + diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c new file mode 100644 index 0000000000..f49593dbcf --- /dev/null +++ b/source4/heimdal/lib/asn1/gen_decode.c @@ -0,0 +1,419 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gen_locl.h" + +RCSID("$Id: gen_decode.c,v 1.21 2005/05/29 14:23:01 lha Exp $"); + +static void +decode_primitive (const char *typename, const char *name) +{ + fprintf (codefile, + "e = decode_%s(p, len, %s, &l);\n" + "FORW;\n", + typename, + name); +} + +static void +decode_type (const char *name, const Type *t) +{ + switch (t->type) { + case TType: +#if 0 + decode_type (name, t->symbol->type); +#endif + fprintf (codefile, + "e = decode_%s(p, len, %s, &l);\n" + "FORW;\n", + t->symbol->gen_name, name); + break; + case TInteger: + if(t->members == NULL) + decode_primitive ("integer", name); + else { + char *s; + asprintf(&s, "(int*)%s", name); + if(s == NULL) + errx (1, "out of memory"); + decode_primitive ("integer", s); + free(s); + } + break; + case TUInteger: + decode_primitive ("unsigned", name); + break; + case TEnumerated: + decode_primitive ("enumerated", name); + break; + case TOctetString: + decode_primitive ("octet_string", name); + break; + case TOID : + decode_primitive ("oid", name); + break; + case TBitString: { + Member *m; + int tag = -1; + int pos; + + fprintf (codefile, + "e = der_match_tag_and_length (p, len, ASN1_C_UNIV, PRIM, UT_BitString," + "&reallen, &l);\n" + "FORW;\n" + "if(len < reallen)\n" + "return ASN1_OVERRUN;\n" + "p++;\n" + "len--;\n" + "reallen--;\n" + "ret++;\n"); + pos = 0; + for (m = t->members; m && tag != m->val; m = m->next) { + while (m->val / 8 > pos / 8) { + fprintf (codefile, + "p++; len--; reallen--; ret++;\n"); + pos += 8; + } + fprintf (codefile, + "%s->%s = (*p >> %d) & 1;\n", + name, m->gen_name, 7 - m->val % 8); + if (tag == -1) + tag = m->val; + } + fprintf (codefile, + "p += reallen; len -= reallen; ret += reallen;\n"); + break; + } + case TSequence: { + Member *m; + int tag = -1; + int fd_counter = unique_get_next(); + int fd_counter_inner = unique_get_next(); + + if (t->members == NULL) + break; + + fprintf (codefile, + "e = der_match_tag_and_length (p, len, ASN1_C_UNIV, CONS, UT_Sequence," + "&reallen, &l);\n" + "FORW;\n" + "{\n" + "int dce_fix%d;\n" + "if((dce_fix%d = fix_dce(reallen, &len)) < 0)\n" + "return ASN1_BAD_FORMAT;\n", + fd_counter, fd_counter); + + for (m = t->members; m && tag != m->val; m = m->next) { + char *s; + + asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name); + if (0 && m->type->type == TType){ + if(m->optional) + fprintf (codefile, + "%s = malloc(sizeof(*%s));\n" + "if(%s == NULL) return ENOMEM;\n", s, s, s); + fprintf (codefile, + "e = decode_seq_%s(p, len, %d, %d, %s, &l);\n", + m->type->symbol->gen_name, + m->val, + m->optional, + s); + if(m->optional) + fprintf (codefile, + "if (e == ASN1_MISSING_FIELD) {\n" + "free(%s);\n" + "%s = NULL;\n" + "e = l = 0;\n" + "}\n", + s, s); + + fprintf (codefile, "FORW;\n"); + + }else{ + fprintf (codefile, "{\n" + "size_t newlen, oldlen;\n\n" + "e = der_match_tag (p, len, ASN1_C_CONTEXT, CONS, %d, &l);\n", + m->val); + fprintf (codefile, + "if (e)\n"); + if(m->optional) + /* XXX should look at e */ + fprintf (codefile, + "%s = NULL;\n", s); + else + fprintf (codefile, + "return e;\n"); + fprintf (codefile, + "else {\n"); + fprintf (codefile, + "p += l;\n" + "len -= l;\n" + "ret += l;\n" + "e = der_get_length (p, len, &newlen, &l);\n" + "FORW;\n" + "{\n" + + "int dce_fix%d;\n" + "oldlen = len;\n" + "if((dce_fix%d = fix_dce(newlen, &len)) < 0)" + "return ASN1_BAD_FORMAT;\n", + fd_counter_inner, + fd_counter_inner); + if (m->optional) + fprintf (codefile, + "%s = malloc(sizeof(*%s));\n" + "if(%s == NULL) return ENOMEM;\n", s, s, s); + decode_type (s, m->type); + fprintf (codefile, + "if(dce_fix%d){\n" + "e = der_match_tag_and_length (p, len, " + "(Der_class)0, (Der_type)0, 0, &reallen, &l);\n" + "FORW;\n" + "}else \n" + "len = oldlen - newlen;\n" + "}\n" + "}\n", + fd_counter_inner); + fprintf (codefile, + "}\n"); + } + if (tag == -1) + tag = m->val; + free (s); + } + fprintf(codefile, + "if(dce_fix%d){\n" + "e = der_match_tag_and_length (p, len, " + "(Der_class)0, (Der_type)0, 0, &reallen, &l);\n" + "FORW;\n" + "}\n" + "}\n", + fd_counter); + + break; + } + case TSequenceOf: { + char *n; + int oldret_counter = unique_get_next(); + + fprintf (codefile, + "e = der_match_tag_and_length (p, len, ASN1_C_UNIV, CONS, UT_Sequence," + "&reallen, &l);\n" + "FORW;\n" + "if(len < reallen)\n" + "return ASN1_OVERRUN;\n" + "len = reallen;\n"); + + fprintf (codefile, + "{\n" + "size_t origlen = len;\n" + "int oldret%d = ret;\n" + "ret = 0;\n" + "(%s)->len = 0;\n" + "(%s)->val = NULL;\n" + "while(ret < origlen) {\n" + "(%s)->len++;\n" + "(%s)->val = realloc((%s)->val, sizeof(*((%s)->val)) * (%s)->len);\n", + oldret_counter, name, name, name, name, name, name, name); + asprintf (&n, "&(%s)->val[(%s)->len-1]", name, name); + decode_type (n, t->subtype); + fprintf (codefile, + "len = origlen - ret;\n" + "}\n" + "ret += oldret%d;\n" + "}\n", + oldret_counter); + free (n); + break; + } + case TGeneralizedTime: + decode_primitive ("generalized_time", name); + break; + case TGeneralString: + decode_primitive ("general_string", name); + break; + case TUTF8String: + decode_primitive ("utf8string", name); + break; + case TNull: + fprintf (codefile, + "e = decode_nulltype(p, len, &l);\n" + "FORW;\n"); + break; + case TApplication: + fprintf (codefile, + "e = der_match_tag_and_length (p, len, ASN1_C_APPL, CONS, %d, " + "&reallen, &l);\n" + "FORW;\n" + "{\n" + "int dce_fix;\n" + "if((dce_fix = fix_dce(reallen, &len)) < 0)\n" + "return ASN1_BAD_FORMAT;\n", + t->application); + decode_type (name, t->subtype); + fprintf(codefile, + "if(dce_fix){\n" + "e = der_match_tag_and_length (p, len, " + "(Der_class)0, (Der_type)0, 0, &reallen, &l);\n" + "FORW;\n" + "}\n" + "}\n"); + + break; + case TBoolean: + decode_primitive ("boolean", name); + break; + default : + abort (); + } +} + +void +generate_type_decode (const Symbol *s) +{ + unique_reset(); + fprintf (headerfile, + "int " + "decode_%s(const unsigned char *, size_t, %s *, size_t *);\n", + s->gen_name, s->gen_name); + + fprintf (codefile, "#define FORW " + "if(e) goto fail; " + "p += l; " + "len -= l; " + "ret += l\n\n"); + + + fprintf (codefile, "int\n" + "decode_%s(const unsigned char *p," + " size_t len, %s *data, size_t *size)\n" + "{\n", + s->gen_name, s->gen_name); + + switch (s->type->type) { + case TInteger: + case TUInteger: + case TBoolean: + case TOctetString: + case TOID: + case TGeneralizedTime: + case TGeneralString: + case TUTF8String: + case TNull: + case TEnumerated: + case TBitString: + case TSequence: + case TSequenceOf: + case TApplication: + case TType: + fprintf (codefile, + "size_t ret = 0, reallen;\n" + "size_t l;\n" + "int e;\n\n"); + fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); + fprintf (codefile, "reallen = 0;\n"); /* hack to avoid `unused variable' */ + + decode_type ("data", s->type); + fprintf (codefile, + "if(size) *size = ret;\n" + "return 0;\n"); + fprintf (codefile, + "fail:\n" + "free_%s(data);\n" + "return e;\n", + s->gen_name); + break; + default: + abort (); + } + fprintf (codefile, "}\n\n"); +} + +void +generate_seq_type_decode (const Symbol *s) +{ + fprintf (headerfile, + "int decode_seq_%s(const unsigned char *, size_t, int, int, " + "%s *, size_t *);\n", + s->gen_name, s->gen_name); + + fprintf (codefile, "int\n" + "decode_seq_%s(const unsigned char *p, size_t len, int tag, " + "int optional, %s *data, size_t *size)\n" + "{\n", + s->gen_name, s->gen_name); + + fprintf (codefile, + "size_t newlen, oldlen;\n" + "size_t l, ret = 0;\n" + "int e;\n" + "int dce_fix;\n"); + + fprintf (codefile, + "e = der_match_tag(p, len, ASN1_C_CONTEXT, CONS, tag, &l);\n" + "if (e)\n" + "return e;\n"); + fprintf (codefile, + "p += l;\n" + "len -= l;\n" + "ret += l;\n" + "e = der_get_length(p, len, &newlen, &l);\n" + "if (e)\n" + "return e;\n" + "p += l;\n" + "len -= l;\n" + "ret += l;\n" + "oldlen = len;\n" + "if ((dce_fix = fix_dce(newlen, &len)) < 0)\n" + "return ASN1_BAD_FORMAT;\n" + "e = decode_%s(p, len, data, &l);\n" + "if (e)\n" + "return e;\n" + "p += l;\n" + "len -= l;\n" + "ret += l;\n" + "if (dce_fix) {\n" + "size_t reallen;\n\n" + "e = der_match_tag_and_length(p, len, " + "(Der_class)0, (Der_type)0, 0, &reallen, &l);\n" + "if (e)\n" + "return e;\n" + "ret += l;\n" + "}\n", + s->gen_name); + fprintf (codefile, + "if(size) *size = ret;\n" + "return 0;\n"); + + fprintf (codefile, "}\n\n"); +} diff --git a/source4/heimdal/lib/asn1/gen_encode.c b/source4/heimdal/lib/asn1/gen_encode.c new file mode 100644 index 0000000000..e77bcc559c --- /dev/null +++ b/source4/heimdal/lib/asn1/gen_encode.c @@ -0,0 +1,287 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gen_locl.h" + +RCSID("$Id: gen_encode.c,v 1.15 2005/05/29 14:23:01 lha Exp $"); + +static void +encode_primitive (const char *typename, const char *name) +{ + fprintf (codefile, + "e = encode_%s(p, len, %s, &l);\n" + "BACK;\n", + typename, + name); +} + +static void +encode_type (const char *name, const Type *t) +{ + switch (t->type) { + case TType: +#if 0 + encode_type (name, t->symbol->type); +#endif + fprintf (codefile, + "e = encode_%s(p, len, %s, &l);\n" + "BACK;\n", + t->symbol->gen_name, name); + break; + case TInteger: + if(t->members == NULL) + encode_primitive ("integer", name); + else { + char *s; + asprintf(&s, "(const int*)%s", name); + if(s == NULL) + errx(1, "out of memory"); + encode_primitive ("integer", s); + free(s); + } + break; + case TUInteger: + encode_primitive ("unsigned", name); + break; + case TOctetString: + encode_primitive ("octet_string", name); + break; + case TOID : + encode_primitive ("oid", name); + break; + case TBitString: { + Member *m; + int pos; + int rest; + int tag = -1; + + if (t->members == NULL) + break; + + fprintf (codefile, "{\n" + "unsigned char c = 0;\n"); + pos = t->members->prev->val; + /* fix for buggy MIT (and OSF?) code */ + if (pos > 31) + abort (); + /* + * It seems that if we do not always set pos to 31 here, the MIT + * code will do the wrong thing. + * + * I hate ASN.1 (and DER), but I hate it even more when everybody + * has to screw it up differently. + */ + pos = 31; + rest = 7 - (pos % 8); + + for (m = t->members->prev; m && tag != m->val; m = m->prev) { + while (m->val / 8 < pos / 8) { + fprintf (codefile, + "*p-- = c; len--; ret++;\n" + "c = 0;\n"); + pos -= 8; + } + fprintf (codefile, + "if(%s->%s) c |= 1<<%d;\n", name, m->gen_name, + 7 - m->val % 8); + + if (tag == -1) + tag = m->val; + } + + fprintf (codefile, + "*p-- = c;\n" + "*p-- = %d;\n" + "len -= 2;\n" + "ret += 2;\n" + "}\n\n" + "e = der_put_length_and_tag (p, len, ret, ASN1_C_UNIV, PRIM," + "UT_BitString, &l);\n" + "BACK;\n", + rest); + break; + } + case TEnumerated : { + encode_primitive ("enumerated", name); + break; + } + case TSequence: { + Member *m; + int tag = -1; + int oldret_counter = unique_get_next(); + + if (t->members == NULL) + break; + + for (m = t->members->prev; m && tag != m->val; m = m->prev) { + char *s; + + asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name); + if (m->optional) + fprintf (codefile, + "if(%s)\n", + s); +#if 1 + fprintf (codefile, "{\n" + "int oldret%d = ret;\n" + "ret = 0;\n", + oldret_counter); +#endif + encode_type (s, m->type); + fprintf (codefile, + "e = der_put_length_and_tag (p, len, ret, ASN1_C_CONTEXT, CONS, " + "%d, &l);\n" + "BACK;\n", + m->val); +#if 1 + fprintf (codefile, + "ret += oldret%d;\n" + "}\n", + oldret_counter); +#endif + if (tag == -1) + tag = m->val; + free (s); + } + fprintf (codefile, + "e = der_put_length_and_tag (p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l);\n" + "BACK;\n"); + break; + } + case TSequenceOf: { + int oldret_counter = unique_get_next(); + char *n; + + fprintf (codefile, + "for(i = (%s)->len - 1; i >= 0; --i) {\n" +#if 1 + "int oldret%d = ret;\n" + "ret = 0;\n", +#else + , +#endif + name, oldret_counter); + asprintf (&n, "&(%s)->val[i]", name); + encode_type (n, t->subtype); + fprintf (codefile, +#if 1 + "ret += oldret%d;\n" +#endif + "}\n" + "e = der_put_length_and_tag (p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l);\n" + "BACK;\n" +#if 1 + , oldret_counter +#endif + ); + free (n); + break; + } + case TGeneralizedTime: + encode_primitive ("generalized_time", name); + break; + case TGeneralString: + encode_primitive ("general_string", name); + break; + case TUTF8String: + encode_primitive ("utf8string", name); + break; + case TNull: + fprintf (codefile, + "e = encode_nulltype(p, len, &l);\n" + "BACK;\n"); + break; + case TApplication: + encode_type (name, t->subtype); + fprintf (codefile, + "e = der_put_length_and_tag (p, len, ret, ASN1_C_APPL, CONS, %d, &l);\n" + "BACK;\n", + t->application); + break; + case TBoolean: + encode_primitive ("boolean", name); + break; + default: + abort (); + } +} + +void +generate_type_encode (const Symbol *s) +{ + fprintf (headerfile, + "int " + "encode_%s(unsigned char *, size_t, const %s *, size_t *);\n", + s->gen_name, s->gen_name); + + fprintf (codefile, "#define BACK if (e) return e; p -= l; len -= l; ret += l\n\n"); + + + fprintf (codefile, "int\n" + "encode_%s(unsigned char *p, size_t len," + " const %s *data, size_t *size)\n" + "{\n", + s->gen_name, s->gen_name); + + switch (s->type->type) { + case TInteger: + case TUInteger: + case TBoolean: + case TOctetString: + case TGeneralizedTime: + case TGeneralString: + case TUTF8String: + case TNull: + case TBitString: + case TEnumerated: + case TOID: + case TSequence: + case TSequenceOf: + case TApplication: + case TType: + fprintf (codefile, + "size_t ret = 0;\n" + "size_t l;\n" + "int i, e;\n\n"); + fprintf(codefile, "i = 0;\n"); /* hack to avoid `unused variable' */ + + encode_type("data", s->type); + + fprintf (codefile, "*size = ret;\n" + "return 0;\n"); + break; + default: + abort (); + } + fprintf (codefile, "}\n\n"); +} diff --git a/source4/heimdal/lib/asn1/gen_free.c b/source4/heimdal/lib/asn1/gen_free.c new file mode 100644 index 0000000000..9665d074fd --- /dev/null +++ b/source4/heimdal/lib/asn1/gen_free.c @@ -0,0 +1,143 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gen_locl.h" + +RCSID("$Id: gen_free.c,v 1.12 2003/10/03 00:28:08 lha Exp $"); + +static void +free_primitive (const char *typename, const char *name) +{ + fprintf (codefile, "free_%s(%s);\n", typename, name); +} + +static void +free_type (const char *name, const Type *t) +{ + switch (t->type) { + case TType: +#if 0 + free_type (name, t->symbol->type); +#endif + fprintf (codefile, "free_%s(%s);\n", t->symbol->gen_name, name); + break; + case TInteger: + case TUInteger: + case TBoolean: + case TEnumerated : + break; + case TOctetString: + free_primitive ("octet_string", name); + break; + case TOID : + free_primitive ("oid", name); + break; + case TBitString: { + break; + } + case TSequence: { + Member *m; + int tag = -1; + + if (t->members == NULL) + break; + + for (m = t->members; m && tag != m->val; m = m->next) { + char *s; + + asprintf (&s, "%s(%s)->%s", + m->optional ? "" : "&", name, m->gen_name); + if(m->optional) + fprintf(codefile, "if(%s) {\n", s); + free_type (s, m->type); + if(m->optional) + fprintf(codefile, + "free(%s);\n" + "%s = NULL;\n" + "}\n", s, s); + if (tag == -1) + tag = m->val; + free (s); + } + break; + } + case TSequenceOf: { + char *n; + + fprintf (codefile, "while((%s)->len){\n", name); + asprintf (&n, "&(%s)->val[(%s)->len-1]", name, name); + free_type(n, t->subtype); + fprintf(codefile, + "(%s)->len--;\n" + "}\n", + name); + fprintf(codefile, + "free((%s)->val);\n" + "(%s)->val = NULL;\n", name, name); + free(n); + break; + } + case TGeneralizedTime: + break; + case TGeneralString: + free_primitive ("general_string", name); + break; + case TUTF8String: + free_primitive ("utf8string", name); + break; + case TNull: + break; + case TApplication: + free_type (name, t->subtype); + break; + default : + abort (); + } +} + +void +generate_type_free (const Symbol *s) +{ + fprintf (headerfile, + "void free_%s (%s *);\n", + s->gen_name, s->gen_name); + + fprintf (codefile, "void\n" + "free_%s(%s *data)\n" + "{\n", + s->gen_name, s->gen_name); + + free_type ("data", s->type); + fprintf (codefile, "}\n\n"); +} + diff --git a/source4/heimdal/lib/asn1/gen_glue.c b/source4/heimdal/lib/asn1/gen_glue.c new file mode 100644 index 0000000000..6ab4725502 --- /dev/null +++ b/source4/heimdal/lib/asn1/gen_glue.c @@ -0,0 +1,147 @@ +/* + * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gen_locl.h" + +RCSID("$Id: gen_glue.c,v 1.8 2005/04/25 18:07:07 lha Exp $"); + +static void +generate_2int (const Symbol *s) +{ + Type *t = s->type; + Member *m; + int tag = -1; + + fprintf (headerfile, + "unsigned %s2int(%s);\n", + s->gen_name, s->gen_name); + + fprintf (codefile, + "unsigned %s2int(%s f)\n" + "{\n" + "unsigned r = 0;\n", + s->gen_name, s->gen_name); + + for (m = t->members; m && m->val != tag; m = m->next) { + fprintf (codefile, "if(f.%s) r |= (1U << %d);\n", + m->gen_name, m->val); + + if (tag == -1) + tag = m->val; + } + fprintf (codefile, "return r;\n" + "}\n\n"); +} + +static void +generate_int2 (const Symbol *s) +{ + Type *t = s->type; + Member *m; + int tag = -1; + + fprintf (headerfile, + "%s int2%s(unsigned);\n", + s->gen_name, s->gen_name); + + fprintf (codefile, + "%s int2%s(unsigned n)\n" + "{\n" + "\t%s flags;\n\n", + s->gen_name, s->gen_name, s->gen_name); + + for (m = t->members; m && m->val != tag; m = m->next) { + fprintf (codefile, "\tflags.%s = (n >> %d) & 1;\n", + m->gen_name, m->val); + + if (tag == -1) + tag = m->val; + } + fprintf (codefile, "\treturn flags;\n" + "}\n\n"); +} + +/* + * This depends on the bit string being declared in increasing order + */ + +static void +generate_units (const Symbol *s) +{ + Type *t = s->type; + Member *m; + int tag = -1; + + fprintf (headerfile, + "const struct units * asn1_%s_units(void);", + s->gen_name); + + fprintf (codefile, + "static struct units %s_units[] = {\n", + s->gen_name); + + if(t->members) + for (m = t->members->prev; m && m->val != tag; m = m->prev) { + fprintf (codefile, + "\t{\"%s\",\t1U << %d},\n", m->gen_name, m->val); + + if (tag == -1) + tag = m->val; + } + + fprintf (codefile, + "\t{NULL,\t0}\n" + "};\n\n"); + + fprintf (codefile, + "const struct units * asn1_%s_units(void){\n" + "return %s_units;\n" + "}\n\n", + s->gen_name, s->gen_name); + + +} + +void +generate_glue (const Symbol *s) +{ + switch(s->type->type) { + case TBitString : + generate_2int (s); + generate_int2 (s); + generate_units (s); + break; + default : + break; + } +} diff --git a/source4/heimdal/lib/asn1/gen_length.c b/source4/heimdal/lib/asn1/gen_length.c new file mode 100644 index 0000000000..c6ea0f701a --- /dev/null +++ b/source4/heimdal/lib/asn1/gen_length.c @@ -0,0 +1,188 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gen_locl.h" + +RCSID("$Id: gen_length.c,v 1.14 2004/01/19 17:54:33 lha Exp $"); + +static void +length_primitive (const char *typename, + const char *name, + const char *variable) +{ + fprintf (codefile, "%s += length_%s(%s);\n", variable, typename, name); +} + +static void +length_type (const char *name, const Type *t, const char *variable) +{ + switch (t->type) { + case TType: +#if 0 + length_type (name, t->symbol->type); +#endif + fprintf (codefile, "%s += length_%s(%s);\n", + variable, t->symbol->gen_name, name); + break; + case TInteger: + if(t->members == NULL) + length_primitive ("integer", name, variable); + else { + char *s; + asprintf(&s, "(const int*)%s", name); + if(s == NULL) + errx (1, "out of memory"); + length_primitive ("integer", s, variable); + free(s); + } + break; + case TUInteger: + length_primitive ("unsigned", name, variable); + break; + case TEnumerated : + length_primitive ("enumerated", name, variable); + break; + case TOctetString: + length_primitive ("octet_string", name, variable); + break; + case TOID : + length_primitive ("oid", name, variable); + break; + case TBitString: { + /* + * XXX - Hope this is correct + * look at TBitString case in `encode_type' + */ + fprintf (codefile, "%s += 7;\n", variable); + break; + } + case TSequence: { + Member *m; + int tag = -1; + int oldret_counter = unique_get_next(); + + if (t->members == NULL) + break; + + for (m = t->members; m && tag != m->val; m = m->next) { + char *s; + + asprintf (&s, "%s(%s)->%s", + m->optional ? "" : "&", name, m->gen_name); + if (m->optional) + fprintf (codefile, "if(%s)", s); + fprintf (codefile, "{\n" + "int oldret%d = %s;\n" + "%s = 0;\n", oldret_counter, variable, variable); + length_type (s, m->type, "ret"); + fprintf (codefile, "%s += 1 + length_len(%s) + oldret%d;\n", + variable, variable, oldret_counter); + fprintf (codefile, "}\n"); + if (tag == -1) + tag = m->val; + free (s); + } + fprintf (codefile, + "%s += 1 + length_len(%s);\n", variable, variable); + break; + } + case TSequenceOf: { + char *n; + int oldret_counter = unique_get_next(); + int oldret_counter_inner = unique_get_next(); + + fprintf (codefile, + "{\n" + "int oldret%d = %s;\n" + "int i;\n" + "%s = 0;\n", + oldret_counter, variable, variable); + + fprintf (codefile, "for(i = (%s)->len - 1; i >= 0; --i){\n", name); + fprintf (codefile, "int oldret%d = %s;\n" + "%s = 0;\n", oldret_counter_inner, variable, variable); + asprintf (&n, "&(%s)->val[i]", name); + length_type(n, t->subtype, variable); + fprintf (codefile, "%s += oldret%d;\n", + variable, oldret_counter_inner); + fprintf (codefile, "}\n"); + + fprintf (codefile, + "%s += 1 + length_len(%s) + oldret%d;\n" + "}\n", variable, variable, oldret_counter); + free(n); + break; + } + case TGeneralizedTime: + length_primitive ("generalized_time", name, variable); + break; + case TGeneralString: + length_primitive ("general_string", name, variable); + break; + case TUTF8String: + length_primitive ("utf8string", name, variable); + break; + case TNull: + fprintf (codefile, "%s += length_nulltype();\n", variable); + break; + case TApplication: + length_type (name, t->subtype, variable); + fprintf (codefile, "ret += 1 + length_len (ret);\n"); + break; + case TBoolean: + length_primitive ("boolean", name, variable); + break; + default : + abort (); + } +} + +void +generate_type_length (const Symbol *s) +{ + unique_reset(); + fprintf (headerfile, + "size_t length_%s(const %s *);\n", + s->gen_name, s->gen_name); + + fprintf (codefile, + "size_t\n" + "length_%s(const %s *data)\n" + "{\n" + "size_t ret = 0;\n", + s->gen_name, s->gen_name); + + length_type ("data", s->type, "ret"); + fprintf (codefile, "return ret;\n}\n\n"); +} + diff --git a/source4/heimdal/lib/asn1/gen_locl.h b/source4/heimdal/lib/asn1/gen_locl.h new file mode 100644 index 0000000000..adaf8539f5 --- /dev/null +++ b/source4/heimdal/lib/asn1/gen_locl.h @@ -0,0 +1,77 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: gen_locl.h,v 1.10 2005/06/16 19:58:58 lha Exp $ */ + +#ifndef __GEN_LOCL_H__ +#define __GEN_LOCL_H__ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "hash.h" +#include "symbol.h" + +void generate_type (const Symbol *); +void generate_constant (const Symbol *); +void generate_type_encode (const Symbol *s); +void generate_type_decode (const Symbol *s); +void generate_seq_type_decode (const Symbol *s); +void generate_type_free (const Symbol *s); +void generate_type_length (const Symbol *s); +void generate_type_copy (const Symbol *s); +void generate_type_maybe (const Symbol *s); +void generate_glue (const Symbol *s); + +void unique_reset(void); +int unique_get_next(void); + +void init_generate (const char *filename, const char *basename); +const char *get_filename (void); +void close_generate(void); +void add_import(const char *module); +int yyparse(void); + +extern FILE *headerfile, *codefile, *logfile; + +#endif /* __GEN_LOCL_H__ */ diff --git a/source4/heimdal/lib/asn1/hash.c b/source4/heimdal/lib/asn1/hash.c new file mode 100644 index 0000000000..54be897c01 --- /dev/null +++ b/source4/heimdal/lib/asn1/hash.c @@ -0,0 +1,207 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * Hash table functions + */ + +#include "gen_locl.h" + +RCSID("$Id: hash.c,v 1.9 2005/01/08 22:55:26 lha Exp $"); + +static Hashentry *_search(Hashtab * htab, /* The hash table */ + void *ptr); /* And key */ + +Hashtab * +hashtabnew(int sz, + int (*cmp) (void *, void *), + unsigned (*hash) (void *)) +{ + Hashtab *htab; + int i; + + assert(sz > 0); + + htab = (Hashtab *) malloc(sizeof(Hashtab) + (sz - 1) * sizeof(Hashentry *)); + for (i = 0; i < sz; ++i) + htab->tab[i] = NULL; + + if (htab == NULL) { + return NULL; + } else { + htab->cmp = cmp; + htab->hash = hash; + htab->sz = sz; + return htab; + } +} + +/* Intern search function */ + +static Hashentry * +_search(Hashtab * htab, void *ptr) +{ + Hashentry *hptr; + + assert(htab && ptr); + + for (hptr = htab->tab[(*htab->hash) (ptr) % htab->sz]; + hptr; + hptr = hptr->next) + if ((*htab->cmp) (ptr, hptr->ptr) == 0) + break; + return hptr; +} + +/* Search for element in hash table */ + +void * +hashtabsearch(Hashtab * htab, void *ptr) +{ + Hashentry *tmp; + + tmp = _search(htab, ptr); + return tmp ? tmp->ptr : tmp; +} + +/* add element to hash table */ +/* if already there, set new value */ +/* !NULL if succesful */ + +void * +hashtabadd(Hashtab * htab, void *ptr) +{ + Hashentry *h = _search(htab, ptr); + Hashentry **tabptr; + + assert(htab && ptr); + + if (h) + free((void *) h->ptr); + else { + h = (Hashentry *) malloc(sizeof(Hashentry)); + if (h == NULL) { + return NULL; + } + tabptr = &htab->tab[(*htab->hash) (ptr) % htab->sz]; + h->next = *tabptr; + *tabptr = h; + h->prev = tabptr; + if (h->next) + h->next->prev = &h->next; + } + h->ptr = ptr; + return h; +} + +/* delete element with key key. Iff freep, free Hashentry->ptr */ + +int +_hashtabdel(Hashtab * htab, void *ptr, int freep) +{ + Hashentry *h; + + assert(htab && ptr); + + h = _search(htab, ptr); + if (h) { + if (freep) + free(h->ptr); + if ((*(h->prev) = h->next)) + h->next->prev = h->prev; + free(h); + return 0; + } else + return -1; +} + +/* Do something for each element */ + +void +hashtabforeach(Hashtab * htab, int (*func) (void *ptr, void *arg), + void *arg) +{ + Hashentry **h, *g; + + assert(htab); + + for (h = htab->tab; h < &htab->tab[htab->sz]; ++h) + for (g = *h; g; g = g->next) + if ((*func) (g->ptr, arg)) + return; +} + +/* standard hash-functions for strings */ + +unsigned +hashadd(const char *s) +{ /* Standard hash function */ + unsigned i; + + assert(s); + + for (i = 0; *s; ++s) + i += *s; + return i; +} + +unsigned +hashcaseadd(const char *s) +{ /* Standard hash function */ + unsigned i; + + assert(s); + + for (i = 0; *s; ++s) + i += toupper((unsigned char)*s); + return i; +} + +#define TWELVE (sizeof(unsigned)) +#define SEVENTYFIVE (6*sizeof(unsigned)) +#define HIGH_BITS (~((unsigned)(~0) >> TWELVE)) + +unsigned +hashjpw(const char *ss) +{ /* another hash function */ + unsigned h = 0; + unsigned g; + const unsigned char *s = (const unsigned char *)ss; + + for (; *s; ++s) { + h = (h << TWELVE) + *s; + if ((g = h & HIGH_BITS)) + h = (h ^ (g >> SEVENTYFIVE)) & ~HIGH_BITS; + } + return h; +} diff --git a/source4/heimdal/lib/asn1/hash.h b/source4/heimdal/lib/asn1/hash.h new file mode 100644 index 0000000000..b54e10234a --- /dev/null +++ b/source4/heimdal/lib/asn1/hash.h @@ -0,0 +1,87 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * hash.h. Header file for hash table functions + */ + +/* $Id: hash.h,v 1.3 1999/12/02 17:05:02 joda Exp $ */ + +struct hashentry { /* Entry in bucket */ + struct hashentry **prev; + struct hashentry *next; + void *ptr; +}; + +typedef struct hashentry Hashentry; + +struct hashtab { /* Hash table */ + int (*cmp)(void *, void *); /* Compare function */ + unsigned (*hash)(void *); /* hash function */ + int sz; /* Size */ + Hashentry *tab[1]; /* The table */ +}; + +typedef struct hashtab Hashtab; + +/* prototypes */ + +Hashtab *hashtabnew(int sz, + int (*cmp)(void *, void *), + unsigned (*hash)(void *)); /* Make new hash table */ + +void *hashtabsearch(Hashtab *htab, /* The hash table */ + void *ptr); /* The key */ + + +void *hashtabadd(Hashtab *htab, /* The hash table */ + void *ptr); /* The element */ + +int _hashtabdel(Hashtab *htab, /* The table */ + void *ptr, /* Key */ + int freep); /* Free data part? */ + +void hashtabforeach(Hashtab *htab, + int (*func)(void *ptr, void *arg), + void *arg); + +unsigned hashadd(const char *s); /* Standard hash function */ +unsigned hashcaseadd(const char *s); /* Standard hash function */ +unsigned hashjpw(const char *s); /* another hash function */ + +/* macros */ + + /* Don't free space */ +#define hashtabdel(htab,key) _hashtabdel(htab,key,FALSE) + +#define hashtabfree(htab,key) _hashtabdel(htab,key,TRUE) /* Do! */ diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1 new file mode 100644 index 0000000000..802c0a4c77 --- /dev/null +++ b/source4/heimdal/lib/asn1/k5.asn1 @@ -0,0 +1,590 @@ +-- $Id: k5.asn1,v 1.43 2005/06/17 04:58:59 lha Exp $ + +KERBEROS5 DEFINITIONS ::= +BEGIN + +NAME-TYPE ::= INTEGER { + KRB5_NT_UNKNOWN(0), -- Name type not known + KRB5_NT_PRINCIPAL(1), -- Just the name of the principal as in + KRB5_NT_SRV_INST(2), -- Service and other unique instance (krbtgt) + KRB5_NT_SRV_HST(3), -- Service with host name as instance + KRB5_NT_SRV_XHST(4), -- Service with host as remaining components + KRB5_NT_UID(5), -- Unique ID + KRB5_NT_X500_PRINCIPAL(6), -- PKINIT + KRB5_NT_ENTERPRISE(10) -- May be mapped to principal name +} + +-- message types + +MESSAGE-TYPE ::= INTEGER { + krb-as-req(10), -- Request for initial authentication + krb-as-rep(11), -- Response to KRB_AS_REQ request + krb-tgs-req(12), -- Request for authentication based on TGT + krb-tgs-rep(13), -- Response to KRB_TGS_REQ request + krb-ap-req(14), -- application request to server + krb-ap-rep(15), -- Response to KRB_AP_REQ_MUTUAL + krb-safe(20), -- Safe (checksummed) application message + krb-priv(21), -- Private (encrypted) application message + krb-cred(22), -- Private (encrypted) message to forward credentials + krb-error(30) -- Error response +} + + +-- pa-data types + +PADATA-TYPE ::= INTEGER { + KRB5-PADATA-NONE(0), + KRB5-PADATA-TGS-REQ(1), + KRB5-PADATA-AP-REQ(1), + KRB5-PADATA-ENC-TIMESTAMP(2), + KRB5-PADATA-PW-SALT(3), + KRB5-PADATA-ENC-UNIX-TIME(5), + KRB5-PADATA-SANDIA-SECUREID(6), + KRB5-PADATA-SESAME(7), + KRB5-PADATA-OSF-DCE(8), + KRB5-PADATA-CYBERSAFE-SECUREID(9), + KRB5-PADATA-AFS3-SALT(10), + KRB5-PADATA-ETYPE-INFO(11), + KRB5-PADATA-SAM-CHALLENGE(12), -- (sam/otp) + KRB5-PADATA-SAM-RESPONSE(13), -- (sam/otp) + KRB5-PADATA-PK-AS-REQ-19(14), -- (PKINIT-19) + KRB5-PADATA-PK-AS-REP-19(15), -- (PKINIT-19) + KRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25) + KRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25) + KRB5-PADATA-ETYPE-INFO2(19), + KRB5-PADATA-USE-SPECIFIED-KVNO(20), + KRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp) + KRB5-PADATA-GET-FROM-TYPED-DATA(22), + KRB5-PADATA-SAM-ETYPE-INFO(23), + KRB5-PADATA-SERVER-REFERRAL(25), + KRB5-PADATA-TD-KRB-PRINCIPAL(102), -- PrincipalName + KRB5-PADATA-TD-KRB-REALM(103), -- Realm + KRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS(104), -- PKINIT + KRB5-PADATA-PK-TD-CERTIFICATE-INDEX(105), -- PKINIT + KRB5-PADATA-TD-APP-DEFINED-ERROR(106), -- application specific + KRB5-PADATA-TD-REQ-NONCE(107), -- INTEGER + KRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER + KRB5-PADATA-PA-PAC-REQUEST(128) -- jbrezak@exchange.microsoft.com +} + +AUTHDATA-TYPE ::= INTEGER { + KRB5-AUTHDATA-IF-RELEVANT(1), + KRB5-AUTHDATA-INTENDED-FOR_SERVER(2), + KRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS(3), + KRB5-AUTHDATA-KDC-ISSUED(4), + KRB5-AUTHDATA-AND-OR(5), + KRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS(6), + KRB5-AUTHDATA-IN-TICKET-EXTENSIONS(7), + KRB5-AUTHDATA-MANDATORY-FOR-KDC(8), + KRB5-AUTHDATA-OSF-DCE(64), + KRB5-AUTHDATA-SESAME(65), + KRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66), + KRB5-AUTHDATA-WIN2K-PAC(128), + KRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129) -- Authenticator only +} + +-- checksumtypes + +CKSUMTYPE ::= INTEGER { + CKSUMTYPE_NONE(0), + CKSUMTYPE_CRC32(1), + CKSUMTYPE_RSA_MD4(2), + CKSUMTYPE_RSA_MD4_DES(3), + CKSUMTYPE_DES_MAC(4), + CKSUMTYPE_DES_MAC_K(5), + CKSUMTYPE_RSA_MD4_DES_K(6), + CKSUMTYPE_RSA_MD5(7), + CKSUMTYPE_RSA_MD5_DES(8), + CKSUMTYPE_RSA_MD5_DES3(9), + CKSUMTYPE_SHA1_OTHER(10), + CKSUMTYPE_HMAC_SHA1_DES3(12), + CKSUMTYPE_SHA1(14), + CKSUMTYPE_HMAC_SHA1_96_AES_128(15), + CKSUMTYPE_HMAC_SHA1_96_AES_256(16), + CKSUMTYPE_GSSAPI(0x8003), + CKSUMTYPE_HMAC_MD5(-138), -- unofficial microsoft number + CKSUMTYPE_HMAC_MD5_ENC(-1138) -- even more unofficial +} + +--enctypes +ENCTYPE ::= INTEGER { + ETYPE_NULL(0), + ETYPE_DES_CBC_CRC(1), + ETYPE_DES_CBC_MD4(2), + ETYPE_DES_CBC_MD5(3), + ETYPE_DES3_CBC_MD5(5), + ETYPE_OLD_DES3_CBC_SHA1(7), + ETYPE_SIGN_DSA_GENERATE(8), + ETYPE_ENCRYPT_RSA_PRIV(9), + ETYPE_ENCRYPT_RSA_PUB(10), + ETYPE_DES3_CBC_SHA1(16), -- with key derivation + ETYPE_AES128_CTS_HMAC_SHA1_96(17), + ETYPE_AES256_CTS_HMAC_SHA1_96(18), + ETYPE_ARCFOUR_HMAC_MD5(23), + ETYPE_ARCFOUR_HMAC_MD5_56(24), + ETYPE_ENCTYPE_PK_CROSS(48), +-- these are for Heimdal internal use + ETYPE_DES_CBC_NONE(-0x1000), + ETYPE_DES3_CBC_NONE(-0x1001), + ETYPE_DES_CFB64_NONE(-0x1002), + ETYPE_DES_PCBC_NONE(-0x1003), + ETYPE_DIGEST_MD5_NONE(-0x1004), -- private use, lukeh@padl.com + ETYPE_CRAM_MD5_NONE(-0x1005), -- private use, lukeh@padl.com + ETYPE_RC2_CBC_NONE(-0x1006), + ETYPE_AES128_CBC_NONE(-0x1007), + ETYPE_AES192_CBC_NONE(-0x1008), + ETYPE_AES256_CBC_NONE(-0x1009), + ETYPE_DES3_CBC_NONE_CMS(-0x100a) +} + +-- this is sugar to make something ASN1 does not have: unsigned + +UNSIGNED ::= INTEGER (0..4294967295) + +KerberosString ::= GeneralString + +Realm ::= GeneralString +PrincipalName ::= SEQUENCE { + name-type[0] NAME-TYPE, + name-string[1] SEQUENCE OF GeneralString +} + +-- this is not part of RFC1510 +Principal ::= SEQUENCE { + name[0] PrincipalName, + realm[1] Realm +} + +HostAddress ::= SEQUENCE { + addr-type[0] INTEGER, + address[1] OCTET STRING +} + +-- This is from RFC1510. +-- +-- HostAddresses ::= SEQUENCE OF SEQUENCE { +-- addr-type[0] INTEGER, +-- address[1] OCTET STRING +-- } + +-- This seems much better. +HostAddresses ::= SEQUENCE OF HostAddress + + +KerberosTime ::= GeneralizedTime -- Specifying UTC time zone (Z) + +AuthorizationData ::= SEQUENCE OF SEQUENCE { + ad-type[0] INTEGER, + ad-data[1] OCTET STRING +} + +APOptions ::= BIT STRING { + reserved(0), + use-session-key(1), + mutual-required(2) +} + +TicketFlags ::= BIT STRING { + reserved(0), + forwardable(1), + forwarded(2), + proxiable(3), + proxy(4), + may-postdate(5), + postdated(6), + invalid(7), + renewable(8), + initial(9), + pre-authent(10), + hw-authent(11), + transited-policy-checked(12), + ok-as-delegate(13), + anonymous(14) +} + +KDCOptions ::= BIT STRING { + reserved(0), + forwardable(1), + forwarded(2), + proxiable(3), + proxy(4), + allow-postdate(5), + postdated(6), + unused7(7), + renewable(8), + unused9(9), + unused10(10), + unused11(11), + request-anonymous(14), + canonicalize(15), + disable-transited-check(26), + renewable-ok(27), + enc-tkt-in-skey(28), + renew(30), + validate(31) +} + +LR-TYPE ::= INTEGER { + LR_NONE(0), -- no information + LR_INITIAL_TGT(1), -- last initial TGT request + LR_INITIAL(2), -- last initial request + LR_ISSUE_USE_TGT(3), -- time of newest TGT used + LR_RENEWAL(4), -- time of last renewal + LR_REQUEST(5), -- time of last request (of any type) + LR_PW_EXPTIME(6), -- expiration time of password + LR_ACCT_EXPTIME(7) -- expiration time of account +} + +LastReq ::= SEQUENCE OF SEQUENCE { + lr-type[0] LR-TYPE, + lr-value[1] KerberosTime +} + + +EncryptedData ::= SEQUENCE { + etype[0] ENCTYPE, -- EncryptionType + kvno[1] INTEGER OPTIONAL, + cipher[2] OCTET STRING -- ciphertext +} + +EncryptionKey ::= SEQUENCE { + keytype[0] INTEGER, + keyvalue[1] OCTET STRING +} + +-- encoded Transited field +TransitedEncoding ::= SEQUENCE { + tr-type[0] INTEGER, -- must be registered + contents[1] OCTET STRING +} + +Ticket ::= [APPLICATION 1] SEQUENCE { + tkt-vno[0] INTEGER, + realm[1] Realm, + sname[2] PrincipalName, + enc-part[3] EncryptedData +} +-- Encrypted part of ticket +EncTicketPart ::= [APPLICATION 3] SEQUENCE { + flags[0] TicketFlags, + key[1] EncryptionKey, + crealm[2] Realm, + cname[3] PrincipalName, + transited[4] TransitedEncoding, + authtime[5] KerberosTime, + starttime[6] KerberosTime OPTIONAL, + endtime[7] KerberosTime, + renew-till[8] KerberosTime OPTIONAL, + caddr[9] HostAddresses OPTIONAL, + authorization-data[10] AuthorizationData OPTIONAL +} + +Checksum ::= SEQUENCE { + cksumtype[0] CKSUMTYPE, + checksum[1] OCTET STRING +} + +Authenticator ::= [APPLICATION 2] SEQUENCE { + authenticator-vno[0] INTEGER, + crealm[1] Realm, + cname[2] PrincipalName, + cksum[3] Checksum OPTIONAL, + cusec[4] INTEGER, + ctime[5] KerberosTime, + subkey[6] EncryptionKey OPTIONAL, + seq-number[7] UNSIGNED OPTIONAL, + authorization-data[8] AuthorizationData OPTIONAL + } + +PA-DATA ::= SEQUENCE { + -- might be encoded AP-REQ + padata-type[1] PADATA-TYPE, + padata-value[2] OCTET STRING +} + +ETYPE-INFO-ENTRY ::= SEQUENCE { + etype[0] ENCTYPE, + salt[1] OCTET STRING OPTIONAL, + salttype[2] INTEGER OPTIONAL +} + +ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY + +ETYPE-INFO2-ENTRY ::= SEQUENCE { + etype[0] ENCTYPE, + salt[1] KerberosString OPTIONAL, + s2kparams[2] OCTET STRING OPTIONAL +} + +ETYPE-INFO2 ::= SEQUENCE OF ETYPE-INFO2-ENTRY + +METHOD-DATA ::= SEQUENCE OF PA-DATA + +KDC-REQ-BODY ::= SEQUENCE { + kdc-options[0] KDCOptions, + cname[1] PrincipalName OPTIONAL, -- Used only in AS-REQ + realm[2] Realm, -- Server's realm + -- Also client's in AS-REQ + sname[3] PrincipalName OPTIONAL, + from[4] KerberosTime OPTIONAL, + till[5] KerberosTime OPTIONAL, + rtime[6] KerberosTime OPTIONAL, + nonce[7] INTEGER, + etype[8] SEQUENCE OF ENCTYPE, -- EncryptionType, + -- in preference order + addresses[9] HostAddresses OPTIONAL, + enc-authorization-data[10] EncryptedData OPTIONAL, + -- Encrypted AuthorizationData encoding + additional-tickets[11] SEQUENCE OF Ticket OPTIONAL +} + +KDC-REQ ::= SEQUENCE { + pvno[1] INTEGER, + msg-type[2] MESSAGE-TYPE, + padata[3] METHOD-DATA OPTIONAL, + req-body[4] KDC-REQ-BODY +} + +AS-REQ ::= [APPLICATION 10] KDC-REQ +TGS-REQ ::= [APPLICATION 12] KDC-REQ + +-- padata-type ::= PA-ENC-TIMESTAMP +-- padata-value ::= EncryptedData - PA-ENC-TS-ENC + +PA-ENC-TS-ENC ::= SEQUENCE { + patimestamp[0] KerberosTime, -- client's time + pausec[1] INTEGER OPTIONAL +} + +-- draft-brezak-win2k-krb-authz-01 +PA-PAC-REQUEST ::= SEQUENCE { + include-pac[0] BOOLEAN -- Indicates whether a PAC + -- should be included or not +} + +KDC-REP ::= SEQUENCE { + pvno[0] INTEGER, + msg-type[1] MESSAGE-TYPE, + padata[2] METHOD-DATA OPTIONAL, + crealm[3] Realm, + cname[4] PrincipalName, + ticket[5] Ticket, + enc-part[6] EncryptedData +} + +AS-REP ::= [APPLICATION 11] KDC-REP +TGS-REP ::= [APPLICATION 13] KDC-REP + +EncKDCRepPart ::= SEQUENCE { + key[0] EncryptionKey, + last-req[1] LastReq, + nonce[2] INTEGER, + key-expiration[3] KerberosTime OPTIONAL, + flags[4] TicketFlags, + authtime[5] KerberosTime, + starttime[6] KerberosTime OPTIONAL, + endtime[7] KerberosTime, + renew-till[8] KerberosTime OPTIONAL, + srealm[9] Realm, + sname[10] PrincipalName, + caddr[11] HostAddresses OPTIONAL +} + +EncASRepPart ::= [APPLICATION 25] EncKDCRepPart +EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart + +AP-REQ ::= [APPLICATION 14] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] MESSAGE-TYPE, + ap-options[2] APOptions, + ticket[3] Ticket, + authenticator[4] EncryptedData +} + +AP-REP ::= [APPLICATION 15] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] MESSAGE-TYPE, + enc-part[2] EncryptedData +} + +EncAPRepPart ::= [APPLICATION 27] SEQUENCE { + ctime[0] KerberosTime, + cusec[1] INTEGER, + subkey[2] EncryptionKey OPTIONAL, + seq-number[3] UNSIGNED OPTIONAL +} + +KRB-SAFE-BODY ::= SEQUENCE { + user-data[0] OCTET STRING, + timestamp[1] KerberosTime OPTIONAL, + usec[2] INTEGER OPTIONAL, + seq-number[3] UNSIGNED OPTIONAL, + s-address[4] HostAddress OPTIONAL, + r-address[5] HostAddress OPTIONAL +} + +KRB-SAFE ::= [APPLICATION 20] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] MESSAGE-TYPE, + safe-body[2] KRB-SAFE-BODY, + cksum[3] Checksum +} + +KRB-PRIV ::= [APPLICATION 21] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] MESSAGE-TYPE, + enc-part[3] EncryptedData +} +EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE { + user-data[0] OCTET STRING, + timestamp[1] KerberosTime OPTIONAL, + usec[2] INTEGER OPTIONAL, + seq-number[3] UNSIGNED OPTIONAL, + s-address[4] HostAddress OPTIONAL, -- sender's addr + r-address[5] HostAddress OPTIONAL -- recip's addr +} + +KRB-CRED ::= [APPLICATION 22] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] MESSAGE-TYPE, -- KRB_CRED + tickets[2] SEQUENCE OF Ticket, + enc-part[3] EncryptedData +} + +KrbCredInfo ::= SEQUENCE { + key[0] EncryptionKey, + prealm[1] Realm OPTIONAL, + pname[2] PrincipalName OPTIONAL, + flags[3] TicketFlags OPTIONAL, + authtime[4] KerberosTime OPTIONAL, + starttime[5] KerberosTime OPTIONAL, + endtime[6] KerberosTime OPTIONAL, + renew-till[7] KerberosTime OPTIONAL, + srealm[8] Realm OPTIONAL, + sname[9] PrincipalName OPTIONAL, + caddr[10] HostAddresses OPTIONAL +} + +EncKrbCredPart ::= [APPLICATION 29] SEQUENCE { + ticket-info[0] SEQUENCE OF KrbCredInfo, + nonce[1] INTEGER OPTIONAL, + timestamp[2] KerberosTime OPTIONAL, + usec[3] INTEGER OPTIONAL, + s-address[4] HostAddress OPTIONAL, + r-address[5] HostAddress OPTIONAL +} + +KRB-ERROR ::= [APPLICATION 30] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] MESSAGE-TYPE, + ctime[2] KerberosTime OPTIONAL, + cusec[3] INTEGER OPTIONAL, + stime[4] KerberosTime, + susec[5] INTEGER, + error-code[6] INTEGER, + crealm[7] Realm OPTIONAL, + cname[8] PrincipalName OPTIONAL, + realm[9] Realm, -- Correct realm + sname[10] PrincipalName, -- Correct name + e-text[11] GeneralString OPTIONAL, + e-data[12] OCTET STRING OPTIONAL +} + +ChangePasswdDataMS ::= SEQUENCE { + newpasswd[0] OCTET STRING, + targname[1] PrincipalName OPTIONAL, + targrealm[2] Realm OPTIONAL +} + +EtypeList ::= SEQUENCE OF INTEGER + -- the client's proposed enctype list in + -- decreasing preference order, favorite choice first + +krb5-pvno INTEGER ::= 5 -- current Kerberos protocol version number + +-- transited encodings + +DOMAIN-X500-COMPRESS INTEGER ::= 1 + +-- authorization data primitives + +AD-IF-RELEVANT ::= AuthorizationData + +AD-KDCIssued ::= SEQUENCE { + ad-checksum[0] Checksum, + i-realm[1] Realm OPTIONAL, + i-sname[2] PrincipalName OPTIONAL, + elements[3] AuthorizationData +} + +AD-AND-OR ::= SEQUENCE { + condition-count[0] INTEGER, + elements[1] AuthorizationData +} + +AD-MANDATORY-FOR-KDC ::= AuthorizationData + +-- PA-SAM-RESPONSE-2/PA-SAM-RESPONSE-2 + +PA-SAM-TYPE ::= INTEGER { + PA_SAM_TYPE_ENIGMA(1), -- Enigma Logic + PA_SAM_TYPE_DIGI_PATH(2), -- Digital Pathways + PA_SAM_TYPE_SKEY_K0(3), -- S/key where KDC has key 0 + PA_SAM_TYPE_SKEY(4), -- Traditional S/Key + PA_SAM_TYPE_SECURID(5), -- Security Dynamics + PA_SAM_TYPE_CRYPTOCARD(6) -- CRYPTOCard +} + +PA-SAM-REDIRECT ::= HostAddresses + +SAMFlags ::= BIT STRING { + use-sad-as-key(0), + send-encrypted-sad(1), + must-pk-encrypt-sad(2) +} + +PA-SAM-CHALLENGE-2-BODY ::= SEQUENCE { + sam-type[0] INTEGER, + sam-flags[1] SAMFlags, + sam-type-name[2] GeneralString OPTIONAL, + sam-track-id[3] GeneralString OPTIONAL, + sam-challenge-label[4] GeneralString OPTIONAL, + sam-challenge[5] GeneralString OPTIONAL, + sam-response-prompt[6] GeneralString OPTIONAL, + sam-pk-for-sad[7] EncryptionKey OPTIONAL, + sam-nonce[8] INTEGER, + sam-etype[9] INTEGER, + ... +} + +PA-SAM-CHALLENGE-2 ::= SEQUENCE { + sam-body[0] PA-SAM-CHALLENGE-2-BODY, + sam-cksum[1] SEQUENCE OF Checksum, -- (1..MAX) + ... +} + +PA-SAM-RESPONSE-2 ::= SEQUENCE { + sam-type[0] INTEGER, + sam-flags[1] SAMFlags, + sam-track-id[2] GeneralString OPTIONAL, + sam-enc-nonce-or-sad[3] EncryptedData, -- PA-ENC-SAM-RESPONSE-ENC + sam-nonce[4] INTEGER, + ... +} + +PA-ENC-SAM-RESPONSE-ENC ::= SEQUENCE { + sam-nonce[0] INTEGER, + sam-sad[1] GeneralString OPTIONAL, + ... +} + +RC2CBCParameter ::= SEQUENCE { + rc2ParameterVersion [0] INTEGER, + iv [1] OCTET STRING -- exactly 8 octets +} + +CBCParameter ::= OCTET STRING + +END + +-- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1 diff --git a/source4/heimdal/lib/asn1/lex.h b/source4/heimdal/lib/asn1/lex.h new file mode 100644 index 0000000000..9f5cadf92b --- /dev/null +++ b/source4/heimdal/lib/asn1/lex.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: lex.h,v 1.5 2000/07/01 20:21:34 assar Exp $ */ + +#include + +void error_message (const char *, ...) +__attribute__ ((format (printf, 1, 2))); + +int yylex(void); diff --git a/source4/heimdal/lib/asn1/lex.l b/source4/heimdal/lib/asn1/lex.l new file mode 100644 index 0000000000..f0c123404a --- /dev/null +++ b/source4/heimdal/lib/asn1/lex.l @@ -0,0 +1,186 @@ +%{ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: lex.l,v 1.25 2005/06/16 19:58:35 lha Exp $ */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#undef ECHO +#include "symbol.h" +#include "parse.h" +#include "lex.h" +#include "gen_locl.h" + +static unsigned lineno = 1; + +#define YY_NO_UNPUT + +#undef ECHO + +static void handle_comment(int type); + +%} + + +%% +INTEGER { return INTEGER; } +BOOLEAN { return BOOLEAN; } +IMPORTS { return IMPORTS; } +FROM { return FROM; } +SEQUENCE { return SEQUENCE; } +CHOICE { return CHOICE; } +OF { return OF; } +OCTET { return OCTET; } +STRING { return STRING; } +GeneralizedTime { return GeneralizedTime; } +GeneralString { return GeneralString; } +UTF8String { return UTF8String; } +NULL { return NULLTYPE; } +BIT { return BIT; } +APPLICATION { return APPLICATION; } +OPTIONAL { return OPTIONAL; } +BEGIN { return TBEGIN; } +END { return END; } +DEFAULT { return DEFAULT; } +DEFINITIONS { return DEFINITIONS; } +ENUMERATED { return ENUMERATED; } +EXTERNAL { return EXTERNAL; } +OBJECT { return OBJECT; } +IDENTIFIER { return IDENTIFIER; } +[-,;{}()|\"] { return *yytext; } +"[" { return *yytext; } +"]" { return *yytext; } +::= { return EEQUAL; } +-- { handle_comment(0); } +\/\* { handle_comment(1); } +0x[0-9A-Fa-f]+|[0-9]+ { char *e, *y = yytext; + yylval.constant = strtol((const char *)yytext, + &e, 0); + if(e == y) + error_message("malformed constant (%s)", yytext); + else + return CONSTANT; + } +[A-Za-z][-A-Za-z0-9_]* { + yylval.name = strdup ((const char *)yytext); + return IDENT; + } +[ \t] ; +\n { ++lineno; } +\.\.\. { return DOTDOTDOT; } +\.\. { return DOTDOT; } +. { error_message("Ignoring char(%c)\n", *yytext); } +%% + +#ifndef yywrap /* XXX */ +int +yywrap () +{ + return 1; +} +#endif + +void +error_message (const char *format, ...) +{ + va_list args; + + va_start (args, format); + fprintf (stderr, "%s:%d: ", get_filename(), lineno); + vfprintf (stderr, format, args); + va_end (args); +} + +static void +handle_comment(int type) +{ + int c; + int start_lineno = lineno; + if(type == 0) { + int f = 0; + while((c = input()) != EOF) { + if(f && c == '-') + return; + if(c == '-') { + f = 1; + continue; + } + if(c == '\n') { + lineno++; + return; + } + f = 0; + } + } else { + int level = 1; + int seen_star = 0; + int seen_slash = 0; + while((c = input()) != EOF) { + if(c == '/') { + if(seen_star) { + if(--level == 0) + return; + seen_star = 0; + continue; + } + seen_slash = 1; + continue; + } + if(c == '*') { + if(seen_slash) { + level++; + seen_star = seen_slash = 0; + continue; + } + seen_star = 1; + continue; + } + seen_star = seen_slash = 0; + if(c == '\n') { + lineno++; + continue; + } + } + } + if(c == EOF) + error_message("unterminated comment, possibly started on line %d\n", start_lineno); +} diff --git a/source4/heimdal/lib/asn1/main.c b/source4/heimdal/lib/asn1/main.c new file mode 100644 index 0000000000..afa164ea81 --- /dev/null +++ b/source4/heimdal/lib/asn1/main.c @@ -0,0 +1,90 @@ +/* + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gen_locl.h" +#include + +RCSID("$Id: main.c,v 1.13 2005/06/16 20:05:31 lha Exp $"); + +extern FILE *yyin; + +int version_flag; +int help_flag; +struct getargs args[] = { + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; +int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage(int code) +{ + arg_printusage(args, num_args, NULL, "[asn1-file [name]]"); + exit(code); +} + +int +main(int argc, char **argv) +{ + int ret; + const char *file; + const char *name = NULL; + int optidx = 0; + + setprogname(argv[0]); + if(getarg(args, num_args, argc, argv, &optidx)) + usage(1); + if(help_flag) + usage(0); + if(version_flag) { + print_version(NULL); + exit(0); + } + if (argc == optidx) { + file = "stdin"; + name = "stdin"; + yyin = stdin; + } else { + file = argv[optidx]; + yyin = fopen (file, "r"); + if (yyin == NULL) + err (1, "open %s", file); + name = argv[optidx + 1]; + } + + init_generate (file, name); + initsym (); + ret = yyparse (); + close_generate (); + return ret; +} diff --git a/source4/heimdal/lib/asn1/parse.y b/source4/heimdal/lib/asn1/parse.y new file mode 100644 index 0000000000..ab83d451c5 --- /dev/null +++ b/source4/heimdal/lib/asn1/parse.y @@ -0,0 +1,295 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: parse.y,v 1.23 2004/10/13 17:41:48 lha Exp $ */ + +%{ +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include "symbol.h" +#include "lex.h" +#include "gen_locl.h" + +RCSID("$Id: parse.y,v 1.23 2004/10/13 17:41:48 lha Exp $"); + +static Type *new_type (Typetype t); +void yyerror (char *); + +static void append (Member *l, Member *r); + +%} + +%union { + int constant; + char *name; + Type *type; + Member *member; + char *defval; +} + +%token INTEGER SEQUENCE CHOICE OF OCTET STRING GeneralizedTime GeneralString +%token BIT APPLICATION OPTIONAL EEQUAL TBEGIN END DEFINITIONS ENUMERATED +%token UTF8String NULLTYPE +%token EXTERNAL DEFAULT +%token DOTDOT DOTDOTDOT +%token BOOLEAN +%token IMPORTS FROM +%token OBJECT IDENTIFIER +%token IDENT +%token CONSTANT + +%type constant optional2 +%type type +%type memberdecls memberdecl memberdeclstart bitdecls bitdecl + +%type defvalue + +%start envelope + +%% + +envelope : IDENT DEFINITIONS EEQUAL TBEGIN specification END {} + ; + +specification : + | specification declaration + ; + +declaration : imports_decl + | type_decl + | constant_decl + ; + +referencenames : IDENT ',' referencenames + { + Symbol *s = addsym($1); + s->stype = Stype; + } + | IDENT + { + Symbol *s = addsym($1); + s->stype = Stype; + } + ; + +imports_decl : IMPORTS referencenames FROM IDENT ';' + { add_import($4); } + ; + +type_decl : IDENT EEQUAL type + { + Symbol *s = addsym ($1); + s->stype = Stype; + s->type = $3; + generate_type (s); + } + ; + +constant_decl : IDENT type EEQUAL constant + { + Symbol *s = addsym ($1); + s->stype = SConstant; + s->constant = $4; + generate_constant (s); + } + ; + +type : INTEGER { $$ = new_type(TInteger); } + | INTEGER '(' constant DOTDOT constant ')' { + if($3 != 0) + error_message("Only 0 supported as low range"); + if($5 != INT_MIN && $5 != UINT_MAX && $5 != INT_MAX) + error_message("Only %u supported as high range", + UINT_MAX); + $$ = new_type(TUInteger); + } + | INTEGER '{' bitdecls '}' + { + $$ = new_type(TInteger); + $$->members = $3; + } + | OBJECT IDENTIFIER { $$ = new_type(TOID); } + | ENUMERATED '{' bitdecls '}' + { + $$ = new_type(TEnumerated); + $$->members = $3; + } + | OCTET STRING { $$ = new_type(TOctetString); } + | GeneralString { $$ = new_type(TGeneralString); } + | UTF8String { $$ = new_type(TUTF8String); } + | NULLTYPE { $$ = new_type(TNull); } + | GeneralizedTime { $$ = new_type(TGeneralizedTime); } + | SEQUENCE OF type + { + $$ = new_type(TSequenceOf); + $$->subtype = $3; + } + | SEQUENCE '{' memberdecls '}' + { + $$ = new_type(TSequence); + $$->members = $3; + } + | CHOICE '{' memberdecls '}' + { + $$ = new_type(TChoice); + $$->members = $3; + } + | BIT STRING '{' bitdecls '}' + { + $$ = new_type(TBitString); + $$->members = $4; + } + | IDENT + { + Symbol *s = addsym($1); + $$ = new_type(TType); + if(s->stype != Stype) + error_message ("%s is not a type\n", $1); + else + $$->symbol = s; + } + | '[' APPLICATION constant ']' type + { + $$ = new_type(TApplication); + $$->subtype = $5; + $$->application = $3; + } + | BOOLEAN { $$ = new_type(TBoolean); } + ; + +memberdecls : { $$ = NULL; } + | memberdecl { $$ = $1; } + | memberdecls ',' DOTDOTDOT { $$ = $1; } + | memberdecls ',' memberdecl { $$ = $1; append($$, $3); } + ; + +memberdeclstart : IDENT '[' constant ']' type + { + $$ = malloc(sizeof(*$$)); + $$->name = $1; + $$->gen_name = strdup($1); + output_name ($$->gen_name); + $$->val = $3; + $$->optional = 0; + $$->defval = NULL; + $$->type = $5; + $$->next = $$->prev = $$; + } + ; + + +memberdecl : memberdeclstart optional2 + { $1->optional = $2 ; $$ = $1; } + | memberdeclstart defvalue + { $1->defval = $2 ; $$ = $1; } + | memberdeclstart + { $$ = $1; } + ; + + +optional2 : OPTIONAL { $$ = 1; } + ; + +defvalue : DEFAULT constant + { asprintf(&$$, "%d", $2); } + | DEFAULT '"' IDENT '"' + { $$ = strdup ($3); } + ; + +bitdecls : { $$ = NULL; } + | bitdecl { $$ = $1; } + | bitdecls ',' DOTDOTDOT { $$ = $1; } + | bitdecls ',' bitdecl { $$ = $1; append($$, $3); } + ; + +bitdecl : IDENT '(' constant ')' + { + $$ = malloc(sizeof(*$$)); + $$->name = $1; + $$->gen_name = strdup($1); + output_name ($$->gen_name); + $$->val = $3; + $$->optional = 0; + $$->type = NULL; + $$->prev = $$->next = $$; + } + ; + +constant : CONSTANT { $$ = $1; } + | '-' CONSTANT { $$ = -$2; } + | IDENT { + Symbol *s = addsym($1); + if(s->stype != SConstant) + error_message ("%s is not a constant\n", + s->name); + else + $$ = s->constant; + } + ; +%% + +void +yyerror (char *s) +{ + error_message ("%s\n", s); +} + +static Type * +new_type (Typetype tt) +{ + Type *t = malloc(sizeof(*t)); + if (t == NULL) { + error_message ("out of memory in malloc(%lu)", + (unsigned long)sizeof(*t)); + exit (1); + } + t->type = tt; + t->application = 0; + t->members = NULL; + t->subtype = NULL; + t->symbol = NULL; + return t; +} + +static void +append (Member *l, Member *r) +{ + l->prev->next = r; + r->prev = l->prev; + l->prev = r; + r->next = l; +} diff --git a/source4/heimdal/lib/asn1/symbol.c b/source4/heimdal/lib/asn1/symbol.c new file mode 100644 index 0000000000..5f69c10925 --- /dev/null +++ b/source4/heimdal/lib/asn1/symbol.c @@ -0,0 +1,90 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gen_locl.h" + +RCSID("$Id: symbol.c,v 1.9 2001/09/25 13:39:27 assar Exp $"); + +static Hashtab *htab; + +static int +cmp (void *a, void *b) +{ + Symbol *s1 = (Symbol *)a; + Symbol *s2 = (Symbol *)b; + + return strcmp (s1->name, s2->name); +} + +static unsigned +hash (void *a) +{ + Symbol *s = (Symbol *)a; + + return hashjpw (s->name); +} + +void +initsym (void) +{ + htab = hashtabnew (101, cmp, hash); +} + + +void +output_name (char *s) +{ + char *p; + + for (p = s; *p; ++p) + if (*p == '-') + *p = '_'; +} + +Symbol* +addsym (char *name) +{ + Symbol key, *s; + + key.name = name; + s = (Symbol *)hashtabsearch (htab, (void *)&key); + if (s == NULL) { + s = (Symbol *)malloc (sizeof (*s)); + s->name = name; + s->gen_name = strdup(name); + output_name (s->gen_name); + s->stype = SUndefined; + hashtabadd (htab, s); + } + return s; +} diff --git a/source4/heimdal/lib/asn1/symbol.h b/source4/heimdal/lib/asn1/symbol.h new file mode 100644 index 0000000000..443935cc05 --- /dev/null +++ b/source4/heimdal/lib/asn1/symbol.h @@ -0,0 +1,99 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: symbol.h,v 1.11 2003/10/03 00:28:29 lha Exp $ */ + +#ifndef _SYMBOL_H +#define _SYMBOL_H + +enum typetype { + TApplication, + TBitString, + TBoolean, + TChoice, + TEnumerated, + TGeneralString, + TGeneralizedTime, + TInteger, + TNull, + TOID, + TOctetString, + TSequence, + TSequenceOf, + TType, + TUInteger, + TUTF8String +}; + +typedef enum typetype Typetype; + +struct type; + +struct member { + char *name; + char *gen_name; + int val; + int optional; + struct type *type; + struct member *next, *prev; + char *defval; +}; + +typedef struct member Member; + +struct symbol; + +struct type { + Typetype type; + int application; + Member *members; + struct type *subtype; + struct symbol *symbol; +}; + +typedef struct type Type; + +struct symbol { + char *name; + char *gen_name; + enum { SUndefined, SConstant, Stype } stype; + int constant; + Type *type; +}; + +typedef struct symbol Symbol; + +void initsym (void); +Symbol *addsym (char *); +void output_name (char *); +#endif diff --git a/source4/heimdal/lib/asn1/timegm.c b/source4/heimdal/lib/asn1/timegm.c new file mode 100644 index 0000000000..bdc997fa44 --- /dev/null +++ b/source4/heimdal/lib/asn1/timegm.c @@ -0,0 +1,71 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "der_locl.h" + +RCSID("$Id: timegm.c,v 1.7 1999/12/02 17:05:02 joda Exp $"); + +#ifndef HAVE_TIMEGM + +static int +is_leap(unsigned y) +{ + y += 1900; + return (y % 4) == 0 && ((y % 100) != 0 || (y % 400) == 0); +} + +time_t +timegm (struct tm *tm) +{ + static const unsigned ndays[2][12] ={ + {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}, + {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}}; + time_t res = 0; + unsigned i; + + for (i = 70; i < tm->tm_year; ++i) + res += is_leap(i) ? 366 : 365; + + for (i = 0; i < tm->tm_mon; ++i) + res += ndays[is_leap(tm->tm_year)][i]; + res += tm->tm_mday - 1; + res *= 24; + res += tm->tm_hour; + res *= 60; + res += tm->tm_min; + res *= 60; + res += tm->tm_sec; + return res; +} + +#endif /* HAVE_TIMEGM */ diff --git a/source4/heimdal/lib/com_err/com_err.c b/source4/heimdal/lib/com_err/com_err.c new file mode 100644 index 0000000000..0462fdcc03 --- /dev/null +++ b/source4/heimdal/lib/com_err/com_err.c @@ -0,0 +1,172 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: com_err.c,v 1.19 2005/04/24 19:42:39 lha Exp $"); +#endif +#include +#include +#include +#include +#include "com_err.h" + +struct et_list *_et_list = NULL; + + +const char * +error_message (long code) +{ + static char msg[128]; + const char *p = com_right(_et_list, code); + if (p == NULL) { + if (code < 0) + snprintf(msg, sizeof(msg), "Unknown error %ld", code); + else + p = strerror(code); + } + if (p != NULL && *p != '\0') { + strlcpy(msg, p, sizeof(msg)); + } else + snprintf(msg, sizeof(msg), "Unknown error %ld", code); + return msg; +} + +int +init_error_table(const char **msgs, long base, int count) +{ + initialize_error_table_r(&_et_list, msgs, count, base); + return 0; +} + +static void +default_proc (const char *whoami, long code, const char *fmt, va_list args) + __attribute__((__format__(__printf__, 3, 0))); + +static void +default_proc (const char *whoami, long code, const char *fmt, va_list args) +{ + if (whoami) + fprintf(stderr, "%s: ", whoami); + if (code) + fprintf(stderr, "%s ", error_message(code)); + if (fmt) + vfprintf(stderr, fmt, args); + fprintf(stderr, "\r\n"); /* ??? */ +} + +static errf com_err_hook = default_proc; + +void +com_err_va (const char *whoami, + long code, + const char *fmt, + va_list args) +{ + (*com_err_hook) (whoami, code, fmt, args); +} + +void +com_err (const char *whoami, + long code, + const char *fmt, + ...) +{ + va_list ap; + va_start(ap, fmt); + com_err_va (whoami, code, fmt, ap); + va_end(ap); +} + +errf +set_com_err_hook (errf new) +{ + errf old = com_err_hook; + + if (new) + com_err_hook = new; + else + com_err_hook = default_proc; + + return old; +} + +errf +reset_com_err_hook (void) +{ + return set_com_err_hook(NULL); +} + +#define ERRCODE_RANGE 8 /* # of bits to shift table number */ +#define BITS_PER_CHAR 6 /* # bits to shift per character in name */ + +static const char char_set[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"; + +static char buf[6]; + +const char * +error_table_name(int num) +{ + int ch; + int i; + char *p; + + /* num = aa aaa abb bbb bcc ccc cdd ddd d?? ??? ??? */ + p = buf; + num >>= ERRCODE_RANGE; + /* num = ?? ??? ??? aaa aaa bbb bbb ccc ccc ddd ddd */ + num &= 077777777; + /* num = 00 000 000 aaa aaa bbb bbb ccc ccc ddd ddd */ + for (i = 4; i >= 0; i--) { + ch = (num >> BITS_PER_CHAR * i) & ((1 << BITS_PER_CHAR) - 1); + if (ch != 0) + *p++ = char_set[ch-1]; + } + *p = '\0'; + return(buf); +} + +void +add_to_error_table(struct et_list *new_table) +{ + struct et_list *et; + + for (et = _et_list; et; et = et->next) { + if (et->table->base == new_table->table->base) + return; + } + + new_table->next = _et_list; + _et_list = new_table; +} diff --git a/source4/heimdal/lib/com_err/com_err.h b/source4/heimdal/lib/com_err/com_err.h new file mode 100644 index 0000000000..fe7441108a --- /dev/null +++ b/source4/heimdal/lib/com_err/com_err.h @@ -0,0 +1,66 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: com_err.h,v 1.11 2005/07/07 14:58:07 lha Exp $ */ + +/* MIT compatible com_err library */ + +#ifndef __COM_ERR_H__ +#define __COM_ERR_H__ + +#include +#include + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(X) +#endif + +typedef void (*errf) (const char *, long, const char *, va_list); + +const char * error_message (long); +int init_error_table (const char**, long, int); + +void com_err_va (const char *, long, const char *, va_list) + __attribute__((format(printf, 3, 0))); + +void com_err (const char *, long, const char *, ...) + __attribute__((format(printf, 3, 4))); + +errf set_com_err_hook (errf); +errf reset_com_err_hook (void); + +const char *error_table_name (int num); + +void add_to_error_table (struct et_list *new_table); + +#endif /* __COM_ERR_H__ */ diff --git a/source4/heimdal/lib/com_err/com_right.h b/source4/heimdal/lib/com_err/com_right.h new file mode 100644 index 0000000000..7e7d342e2c --- /dev/null +++ b/source4/heimdal/lib/com_err/com_right.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: com_right.h,v 1.12 2005/02/03 08:43:01 lha Exp $ */ + +#ifndef __COM_RIGHT_H__ +#define __COM_RIGHT_H__ + +#ifdef __STDC__ +#include +#endif + +struct error_table { + char const * const * msgs; + long base; + int n_msgs; +}; +struct et_list { + struct et_list *next; + struct error_table *table; +}; +extern struct et_list *_et_list; + +const char *com_right (struct et_list *list, long code); +void initialize_error_table_r (struct et_list **, const char **, int, long); +void free_error_table (struct et_list *); + +#endif /* __COM_RIGHT_H__ */ diff --git a/source4/heimdal/lib/com_err/compile_et.c b/source4/heimdal/lib/com_err/compile_et.c new file mode 100644 index 0000000000..1b472d8e0f --- /dev/null +++ b/source4/heimdal/lib/com_err/compile_et.c @@ -0,0 +1,236 @@ +/* + * Copyright (c) 1998-2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#undef ROKEN_RENAME +#include "compile_et.h" +#include + +RCSID("$Id: compile_et.c,v 1.19 2005/06/16 19:21:00 lha Exp $"); + +#include +#include +#include "parse.h" + +int numerror; +extern FILE *yyin; + +extern void yyparse(void); + +long base_id; +int number; +char *prefix; +char *id_str; + +char name[128]; +char Basename[128]; + +#ifdef YYDEBUG +extern int yydebug = 1; +#endif + +char *filename; +char hfn[128]; +char cfn[128]; + +struct error_code *codes = NULL; + +static int +generate_c(void) +{ + int n; + struct error_code *ec; + + FILE *c_file = fopen(cfn, "w"); + if(c_file == NULL) + return 1; + + fprintf(c_file, "/* Generated from %s */\n", filename); + if(id_str) + fprintf(c_file, "/* %s */\n", id_str); + fprintf(c_file, "\n"); + fprintf(c_file, "#include \n"); + fprintf(c_file, "#include \n"); + fprintf(c_file, "#include \"%s\"\n", hfn); + fprintf(c_file, "\n"); + + fprintf(c_file, "static const char *%s_error_strings[] = {\n", name); + + for(ec = codes, n = 0; ec; ec = ec->next, n++) { + while(n < ec->number) { + fprintf(c_file, "\t/* %03d */ \"Reserved %s error (%d)\",\n", + n, name, n); + n++; + + } + fprintf(c_file, "\t/* %03d */ \"%s\",\n", ec->number, ec->string); + } + + fprintf(c_file, "\tNULL\n"); + fprintf(c_file, "};\n"); + fprintf(c_file, "\n"); + fprintf(c_file, "#define num_errors %d\n", number); + fprintf(c_file, "\n"); + fprintf(c_file, + "void initialize_%s_error_table_r(struct et_list **list)\n", + name); + fprintf(c_file, "{\n"); + fprintf(c_file, + " initialize_error_table_r(list, %s_error_strings, " + "num_errors, ERROR_TABLE_BASE_%s);\n", name, name); + fprintf(c_file, "}\n"); + fprintf(c_file, "\n"); + fprintf(c_file, "void initialize_%s_error_table(void)\n", name); + fprintf(c_file, "{\n"); + fprintf(c_file, + " init_error_table(%s_error_strings, ERROR_TABLE_BASE_%s, " + "num_errors);\n", name, name); + fprintf(c_file, "}\n"); + + fclose(c_file); + return 0; +} + +static int +generate_h(void) +{ + struct error_code *ec; + char fn[128]; + FILE *h_file = fopen(hfn, "w"); + char *p; + + if(h_file == NULL) + return 1; + + snprintf(fn, sizeof(fn), "__%s__", hfn); + for(p = fn; *p; p++) + if(!isalnum((unsigned char)*p)) + *p = '_'; + + fprintf(h_file, "/* Generated from %s */\n", filename); + if(id_str) + fprintf(h_file, "/* %s */\n", id_str); + fprintf(h_file, "\n"); + fprintf(h_file, "#ifndef %s\n", fn); + fprintf(h_file, "#define %s\n", fn); + fprintf(h_file, "\n"); + fprintf(h_file, "struct et_list;\n"); + fprintf(h_file, "\n"); + fprintf(h_file, + "void initialize_%s_error_table_r(struct et_list **);\n", + name); + fprintf(h_file, "\n"); + fprintf(h_file, "void initialize_%s_error_table(void);\n", name); + fprintf(h_file, "#define init_%s_err_tbl initialize_%s_error_table\n", + name, name); + fprintf(h_file, "\n"); + fprintf(h_file, "typedef enum %s_error_number{\n", name); + + for(ec = codes; ec; ec = ec->next) { + fprintf(h_file, "\t%s = %ld%s\n", ec->name, base_id + ec->number, + (ec->next != NULL) ? "," : ""); + } + + fprintf(h_file, "} %s_error_number;\n", name); + fprintf(h_file, "\n"); + fprintf(h_file, "#define ERROR_TABLE_BASE_%s %ld\n", name, base_id); + fprintf(h_file, "\n"); + fprintf(h_file, "#endif /* %s */\n", fn); + + + fclose(h_file); + return 0; +} + +static int +generate(void) +{ + return generate_c() || generate_h(); +} + +int version_flag; +int help_flag; +struct getargs args[] = { + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; +int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage(int code) +{ + arg_printusage(args, num_args, NULL, "error-table"); + exit(code); +} + +int +main(int argc, char **argv) +{ + char *p; + int optidx = 0; + + setprogname(argv[0]); + if(getarg(args, num_args, argc, argv, &optidx)) + usage(1); + if(help_flag) + usage(0); + if(version_flag) { + print_version(NULL); + exit(0); + } + + if(optidx == argc) + usage(1); + filename = argv[optidx]; + yyin = fopen(filename, "r"); + if(yyin == NULL) + err(1, "%s", filename); + + + p = strrchr(filename, '/'); + if(p) + p++; + else + p = filename; + strlcpy(Basename, p, sizeof(Basename)); + + Basename[strcspn(Basename, ".")] = '\0'; + + snprintf(hfn, sizeof(hfn), "%s.h", Basename); + snprintf(cfn, sizeof(cfn), "%s.c", Basename); + + yyparse(); + if(numerror) + return 1; + + return generate(); +} diff --git a/source4/heimdal/lib/com_err/compile_et.h b/source4/heimdal/lib/com_err/compile_et.h new file mode 100644 index 0000000000..6da8c59322 --- /dev/null +++ b/source4/heimdal/lib/com_err/compile_et.h @@ -0,0 +1,80 @@ +/* + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: compile_et.h,v 1.8 2005/06/16 19:21:26 lha Exp $ */ + +#ifndef __COMPILE_ET_H__ +#define __COMPILE_ET_H__ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +extern long base_id; +extern int number; +extern char *prefix; +extern char name[128]; +extern char *id_str; +extern char *filename; +extern int numerror; + +struct error_code { + unsigned number; + char *name; + char *string; + struct error_code *next, **tail; +}; + +extern struct error_code *codes; + +#define APPEND(L, V) \ +do { \ + if((L) == NULL) { \ + (L) = (V); \ + (L)->tail = &(V)->next; \ + (L)->next = NULL; \ + }else{ \ + *(L)->tail = (V); \ + (L)->tail = &(V)->next; \ + } \ +}while(0) + +#endif /* __COMPILE_ET_H__ */ diff --git a/source4/heimdal/lib/com_err/error.c b/source4/heimdal/lib/com_err/error.c new file mode 100644 index 0000000000..b22f25b41a --- /dev/null +++ b/source4/heimdal/lib/com_err/error.c @@ -0,0 +1,91 @@ +/* + * Copyright (c) 1997, 1998, 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: error.c,v 1.15 2001/02/28 20:00:13 joda Exp $"); +#endif +#include +#include +#include +#include + +const char * +com_right(struct et_list *list, long code) +{ + struct et_list *p; + for (p = list; p; p = p->next) { + if (code >= p->table->base && code < p->table->base + p->table->n_msgs) + return p->table->msgs[code - p->table->base]; + } + return NULL; +} + +struct foobar { + struct et_list etl; + struct error_table et; +}; + +void +initialize_error_table_r(struct et_list **list, + const char **messages, + int num_errors, + long base) +{ + struct et_list *et, **end; + struct foobar *f; + for (end = list, et = *list; et; end = &et->next, et = et->next) + if (et->table->msgs == messages) + return; + f = malloc(sizeof(*f)); + if (f == NULL) + return; + et = &f->etl; + et->table = &f->et; + et->table->msgs = messages; + et->table->n_msgs = num_errors; + et->table->base = base; + et->next = NULL; + *end = et; +} + + +void +free_error_table(struct et_list *et) +{ + while(et){ + struct et_list *p = et; + et = et->next; + free(p); + } +} diff --git a/source4/heimdal/lib/com_err/lex.h b/source4/heimdal/lib/com_err/lex.h new file mode 100644 index 0000000000..9912bf4f09 --- /dev/null +++ b/source4/heimdal/lib/com_err/lex.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: lex.h,v 1.1 2000/06/22 00:42:52 assar Exp $ */ + +void error_message (const char *, ...) +__attribute__ ((format (printf, 1, 2))); + +int yylex(void); diff --git a/source4/heimdal/lib/com_err/lex.l b/source4/heimdal/lib/com_err/lex.l new file mode 100644 index 0000000000..d60e67c136 --- /dev/null +++ b/source4/heimdal/lib/com_err/lex.l @@ -0,0 +1,128 @@ +%{ +/* + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * This is to handle the definition of this symbol in some AIX + * headers, which will conflict with the definition that lex will + * generate for it. It's only a problem for AIX lex. + */ + +#undef ECHO + +#include "compile_et.h" +#include "parse.h" +#include "lex.h" + +RCSID("$Id: lex.l,v 1.8 2005/05/16 08:52:54 lha Exp $"); + +static unsigned lineno = 1; +static int getstring(void); + +#define YY_NO_UNPUT + +#undef ECHO + +%} + + +%% +et { return ET; } +error_table { return ET; } +ec { return EC; } +error_code { return EC; } +prefix { return PREFIX; } +index { return INDEX; } +id { return ID; } +end { return END; } +[0-9]+ { yylval.number = atoi(yytext); return NUMBER; } +#[^\n]* ; +[ \t] ; +\n { lineno++; } +\" { return getstring(); } +[a-zA-Z0-9_]+ { yylval.string = strdup(yytext); return STRING; } +. { return *yytext; } +%% + +#ifndef yywrap /* XXX */ +int +yywrap () +{ + return 1; +} +#endif + +static int +getstring(void) +{ + char x[128]; + int i = 0; + int c; + int quote = 0; + while(i < sizeof(x) - 1 && (c = input()) != EOF){ + if(quote) { + x[i++] = c; + quote = 0; + continue; + } + if(c == '\n'){ + error_message("unterminated string"); + lineno++; + break; + } + if(c == '\\'){ + quote++; + continue; + } + if(c == '\"') + break; + x[i++] = c; + } + x[i] = '\0'; + yylval.string = strdup(x); + if (yylval.string == NULL) + err(1, "malloc"); + return STRING; +} + +void +error_message (const char *format, ...) +{ + va_list args; + + va_start (args, format); + fprintf (stderr, "%s:%d:", filename, lineno); + vfprintf (stderr, format, args); + va_end (args); + numerror++; +} diff --git a/source4/heimdal/lib/com_err/parse.y b/source4/heimdal/lib/com_err/parse.y new file mode 100644 index 0000000000..6174d6ae7f --- /dev/null +++ b/source4/heimdal/lib/com_err/parse.y @@ -0,0 +1,173 @@ +%{ +/* + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "compile_et.h" +#include "lex.h" + +RCSID("$Id: parse.y,v 1.15 2005/06/16 19:21:42 lha Exp $"); + +void yyerror (char *s); +static long name2number(const char *str); + +extern char *yytext; + +/* This is for bison */ + +#if !defined(alloca) && !defined(HAVE_ALLOCA) +#define alloca(x) malloc(x) +#endif + +%} + +%union { + char *string; + int number; +} + +%token ET INDEX PREFIX EC ID END +%token STRING +%token NUMBER + +%% + +file : /* */ + | header statements + ; + +header : id et + | et + ; + +id : ID STRING + { + id_str = $2; + } + ; + +et : ET STRING + { + base_id = name2number($2); + strlcpy(name, $2, sizeof(name)); + free($2); + } + | ET STRING STRING + { + base_id = name2number($2); + strlcpy(name, $3, sizeof(name)); + free($2); + free($3); + } + ; + +statements : statement + | statements statement + ; + +statement : INDEX NUMBER + { + number = $2; + } + | PREFIX STRING + { + free(prefix); + asprintf (&prefix, "%s_", $2); + if (prefix == NULL) + errx(1, "malloc"); + free($2); + } + | PREFIX + { + prefix = realloc(prefix, 1); + if (prefix == NULL) + errx(1, "malloc"); + *prefix = '\0'; + } + | EC STRING ',' STRING + { + struct error_code *ec = malloc(sizeof(*ec)); + + if (ec == NULL) + errx(1, "malloc"); + + ec->next = NULL; + ec->number = number; + if(prefix && *prefix != '\0') { + asprintf (&ec->name, "%s%s", prefix, $2); + if (ec->name == NULL) + errx(1, "malloc"); + free($2); + } else + ec->name = $2; + ec->string = $4; + APPEND(codes, ec); + number++; + } + | END + { + YYACCEPT; + } + ; + +%% + +static long +name2number(const char *str) +{ + const char *p; + long num = 0; + const char *x = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz0123456789_"; + if(strlen(str) > 4) { + yyerror("table name too long"); + return 0; + } + for(p = str; *p; p++){ + char *q = strchr(x, *p); + if(q == NULL) { + yyerror("invalid character in table name"); + return 0; + } + num = (num << 6) + (q - x) + 1; + } + num <<= 8; + if(num > 0x7fffffff) + num = -(0xffffffff - num + 1); + return num; +} + +void +yyerror (char *s) +{ + error_message ("%s\n", s); +} diff --git a/source4/heimdal/lib/des/aes.c b/source4/heimdal/lib/des/aes.c new file mode 100755 index 0000000000..5e0069de9d --- /dev/null +++ b/source4/heimdal/lib/des/aes.c @@ -0,0 +1,124 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: aes.c,v 1.5 2005/06/18 22:46:35 lha Exp $"); +#endif + +#ifdef KRB5 +#include +#endif + +#include + +#include "rijndael-alg-fst.h" +#include "aes.h" + +int +AES_set_encrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key) +{ + key->rounds = rijndaelKeySetupEnc(key->key, userkey, bits); + if (key->rounds == 0) + return -1; + return 0; +} + +int +AES_set_decrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key) +{ + key->rounds = rijndaelKeySetupDec(key->key, userkey, bits); + if (key->rounds == 0) + return -1; + return 0; +} + +void +AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) +{ + rijndaelEncrypt(key->key, key->rounds, in, out); +} + +void +AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) +{ + rijndaelDecrypt(key->key, key->rounds, in, out); +} + +void +AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + unsigned long size, const AES_KEY *key, + unsigned char *iv, int forward_encrypt) +{ + unsigned char tmp[AES_BLOCK_SIZE]; + int i; + + if (forward_encrypt) { + while (size >= AES_BLOCK_SIZE) { + for (i = 0; i < AES_BLOCK_SIZE; i++) + tmp[i] = in[i] ^ iv[i]; + AES_encrypt(tmp, out, key); + memcpy(iv, out, AES_BLOCK_SIZE); + size -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + if (size) { + for (i = 0; i < size; i++) + tmp[i] = in[i] ^ iv[i]; + for (i = size; i < AES_BLOCK_SIZE; i++) + tmp[i] = iv[i]; + AES_encrypt(tmp, out, key); + memcpy(iv, out, AES_BLOCK_SIZE); + } + } else { + while (size >= AES_BLOCK_SIZE) { + memcpy(tmp, in, AES_BLOCK_SIZE); + AES_decrypt(tmp, out, key); + for (i = 0; i < AES_BLOCK_SIZE; i++) + out[i] ^= iv[i]; + memcpy(iv, tmp, AES_BLOCK_SIZE); + size -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + if (size) { + memcpy(tmp, in, AES_BLOCK_SIZE); + AES_decrypt(tmp, out, key); + for (i = 0; i < size; i++) + out[i] ^= iv[i]; + memcpy(iv, tmp, AES_BLOCK_SIZE); + } + } +} diff --git a/source4/heimdal/lib/des/aes.h b/source4/heimdal/lib/des/aes.h new file mode 100755 index 0000000000..ef72b0add7 --- /dev/null +++ b/source4/heimdal/lib/des/aes.h @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2003-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: aes.h,v 1.4 2005/04/10 19:09:47 lha Exp $ */ + +#ifndef HEIM_AES_H +#define HEIM_AES_H 1 + +#define AES_BLOCK_SIZE 16 +#define AES_MAXNR 14 + +#define AES_ENCRYPT 1 +#define AES_DECRYPT 0 + +typedef struct aes_key { + u_int32_t key[(AES_MAXNR+1)*4]; + int rounds; +} AES_KEY; + +int AES_set_encrypt_key(const unsigned char *, const int, AES_KEY *); +int AES_set_decrypt_key(const unsigned char *, const int, AES_KEY *); + +void AES_encrypt(const unsigned char *, unsigned char *, const AES_KEY *); +void AES_decrypt(const unsigned char *, unsigned char *, const AES_KEY *); + +void AES_cbc_encrypt(const unsigned char *, unsigned char *, + const unsigned long, const AES_KEY *, + unsigned char *, int); + +#endif /* HEIM_AES_H */ diff --git a/source4/heimdal/lib/des/des-tables.h b/source4/heimdal/lib/des/des-tables.h new file mode 100644 index 0000000000..03854ec174 --- /dev/null +++ b/source4/heimdal/lib/des/des-tables.h @@ -0,0 +1,196 @@ +/* GENERATE FILE from gen-des.pl, do not edit */ + +/* pc1_c_3 bit pattern 5 13 21 */ +static int pc1_c_3[8] = { + 0x00000000, 0x00000010, 0x00001000, 0x00001010, + 0x00100000, 0x00100010, 0x00101000, 0x00101010 +}; +/* pc1_c_4 bit pattern 1 9 17 25 */ +static int pc1_c_4[16] = { + 0x00000000, 0x00000001, 0x00000100, 0x00000101, + 0x00010000, 0x00010001, 0x00010100, 0x00010101, + 0x01000000, 0x01000001, 0x01000100, 0x01000101, + 0x01010000, 0x01010001, 0x01010100, 0x01010101 +}; +/* pc1_d_3 bit pattern 49 41 33 */ +static int pc1_d_3[8] = { + 0x00000000, 0x01000000, 0x00010000, 0x01010000, + 0x00000100, 0x01000100, 0x00010100, 0x01010100 +}; +/* pc1_d_4 bit pattern 57 53 45 37 */ +static int pc1_d_4[16] = { + 0x00000000, 0x00100000, 0x00001000, 0x00101000, + 0x00000010, 0x00100010, 0x00001010, 0x00101010, + 0x00000001, 0x00100001, 0x00001001, 0x00101001, + 0x00000011, 0x00100011, 0x00001011, 0x00101011 +}; +/* pc2_c_1 bit pattern 5 24 7 16 6 10 */ +static int pc2_c_1[64] = { + 0x00000000, 0x00004000, 0x00040000, 0x00044000, + 0x00000100, 0x00004100, 0x00040100, 0x00044100, + 0x00020000, 0x00024000, 0x00060000, 0x00064000, + 0x00020100, 0x00024100, 0x00060100, 0x00064100, + 0x00000001, 0x00004001, 0x00040001, 0x00044001, + 0x00000101, 0x00004101, 0x00040101, 0x00044101, + 0x00020001, 0x00024001, 0x00060001, 0x00064001, + 0x00020101, 0x00024101, 0x00060101, 0x00064101, + 0x00080000, 0x00084000, 0x000c0000, 0x000c4000, + 0x00080100, 0x00084100, 0x000c0100, 0x000c4100, + 0x000a0000, 0x000a4000, 0x000e0000, 0x000e4000, + 0x000a0100, 0x000a4100, 0x000e0100, 0x000e4100, + 0x00080001, 0x00084001, 0x000c0001, 0x000c4001, + 0x00080101, 0x00084101, 0x000c0101, 0x000c4101, + 0x000a0001, 0x000a4001, 0x000e0001, 0x000e4001, + 0x000a0101, 0x000a4101, 0x000e0101, 0x000e4101 +}; +/* pc2_c_2 bit pattern 20 18 12 3 15 23 */ +static int pc2_c_2[64] = { + 0x00000000, 0x00000002, 0x00000200, 0x00000202, + 0x00200000, 0x00200002, 0x00200200, 0x00200202, + 0x00001000, 0x00001002, 0x00001200, 0x00001202, + 0x00201000, 0x00201002, 0x00201200, 0x00201202, + 0x00000040, 0x00000042, 0x00000240, 0x00000242, + 0x00200040, 0x00200042, 0x00200240, 0x00200242, + 0x00001040, 0x00001042, 0x00001240, 0x00001242, + 0x00201040, 0x00201042, 0x00201240, 0x00201242, + 0x00000010, 0x00000012, 0x00000210, 0x00000212, + 0x00200010, 0x00200012, 0x00200210, 0x00200212, + 0x00001010, 0x00001012, 0x00001210, 0x00001212, + 0x00201010, 0x00201012, 0x00201210, 0x00201212, + 0x00000050, 0x00000052, 0x00000250, 0x00000252, + 0x00200050, 0x00200052, 0x00200250, 0x00200252, + 0x00001050, 0x00001052, 0x00001250, 0x00001252, + 0x00201050, 0x00201052, 0x00201250, 0x00201252 +}; +/* pc2_c_3 bit pattern 1 9 19 2 14 22 */ +static int pc2_c_3[64] = { + 0x00000000, 0x00000004, 0x00000400, 0x00000404, + 0x00400000, 0x00400004, 0x00400400, 0x00400404, + 0x00000020, 0x00000024, 0x00000420, 0x00000424, + 0x00400020, 0x00400024, 0x00400420, 0x00400424, + 0x00008000, 0x00008004, 0x00008400, 0x00008404, + 0x00408000, 0x00408004, 0x00408400, 0x00408404, + 0x00008020, 0x00008024, 0x00008420, 0x00008424, + 0x00408020, 0x00408024, 0x00408420, 0x00408424, + 0x00800000, 0x00800004, 0x00800400, 0x00800404, + 0x00c00000, 0x00c00004, 0x00c00400, 0x00c00404, + 0x00800020, 0x00800024, 0x00800420, 0x00800424, + 0x00c00020, 0x00c00024, 0x00c00420, 0x00c00424, + 0x00808000, 0x00808004, 0x00808400, 0x00808404, + 0x00c08000, 0x00c08004, 0x00c08400, 0x00c08404, + 0x00808020, 0x00808024, 0x00808420, 0x00808424, + 0x00c08020, 0x00c08024, 0x00c08420, 0x00c08424 +}; +/* pc2_c_4 bit pattern 11 13 4 17 21 8 */ +static int pc2_c_4[64] = { + 0x00000000, 0x00010000, 0x00000008, 0x00010008, + 0x00000080, 0x00010080, 0x00000088, 0x00010088, + 0x00100000, 0x00110000, 0x00100008, 0x00110008, + 0x00100080, 0x00110080, 0x00100088, 0x00110088, + 0x00000800, 0x00010800, 0x00000808, 0x00010808, + 0x00000880, 0x00010880, 0x00000888, 0x00010888, + 0x00100800, 0x00110800, 0x00100808, 0x00110808, + 0x00100880, 0x00110880, 0x00100888, 0x00110888, + 0x00002000, 0x00012000, 0x00002008, 0x00012008, + 0x00002080, 0x00012080, 0x00002088, 0x00012088, + 0x00102000, 0x00112000, 0x00102008, 0x00112008, + 0x00102080, 0x00112080, 0x00102088, 0x00112088, + 0x00002800, 0x00012800, 0x00002808, 0x00012808, + 0x00002880, 0x00012880, 0x00002888, 0x00012888, + 0x00102800, 0x00112800, 0x00102808, 0x00112808, + 0x00102880, 0x00112880, 0x00102888, 0x00112888 +}; +/* pc2_d_1 bit pattern 51 35 31 52 39 45 */ +static int pc2_d_1[64] = { + 0x00000000, 0x00000080, 0x00002000, 0x00002080, + 0x00000001, 0x00000081, 0x00002001, 0x00002081, + 0x00200000, 0x00200080, 0x00202000, 0x00202080, + 0x00200001, 0x00200081, 0x00202001, 0x00202081, + 0x00020000, 0x00020080, 0x00022000, 0x00022080, + 0x00020001, 0x00020081, 0x00022001, 0x00022081, + 0x00220000, 0x00220080, 0x00222000, 0x00222080, + 0x00220001, 0x00220081, 0x00222001, 0x00222081, + 0x00000002, 0x00000082, 0x00002002, 0x00002082, + 0x00000003, 0x00000083, 0x00002003, 0x00002083, + 0x00200002, 0x00200082, 0x00202002, 0x00202082, + 0x00200003, 0x00200083, 0x00202003, 0x00202083, + 0x00020002, 0x00020082, 0x00022002, 0x00022082, + 0x00020003, 0x00020083, 0x00022003, 0x00022083, + 0x00220002, 0x00220082, 0x00222002, 0x00222082, + 0x00220003, 0x00220083, 0x00222003, 0x00222083 +}; +/* pc2_d_2 bit pattern 50 32 43 36 29 48 */ +static int pc2_d_2[64] = { + 0x00000000, 0x00000010, 0x00800000, 0x00800010, + 0x00010000, 0x00010010, 0x00810000, 0x00810010, + 0x00000200, 0x00000210, 0x00800200, 0x00800210, + 0x00010200, 0x00010210, 0x00810200, 0x00810210, + 0x00100000, 0x00100010, 0x00900000, 0x00900010, + 0x00110000, 0x00110010, 0x00910000, 0x00910010, + 0x00100200, 0x00100210, 0x00900200, 0x00900210, + 0x00110200, 0x00110210, 0x00910200, 0x00910210, + 0x00000004, 0x00000014, 0x00800004, 0x00800014, + 0x00010004, 0x00010014, 0x00810004, 0x00810014, + 0x00000204, 0x00000214, 0x00800204, 0x00800214, + 0x00010204, 0x00010214, 0x00810204, 0x00810214, + 0x00100004, 0x00100014, 0x00900004, 0x00900014, + 0x00110004, 0x00110014, 0x00910004, 0x00910014, + 0x00100204, 0x00100214, 0x00900204, 0x00900214, + 0x00110204, 0x00110214, 0x00910204, 0x00910214 +}; +/* pc2_d_3 bit pattern 41 38 47 33 40 42 */ +static int pc2_d_3[64] = { + 0x00000000, 0x00000400, 0x00001000, 0x00001400, + 0x00080000, 0x00080400, 0x00081000, 0x00081400, + 0x00000020, 0x00000420, 0x00001020, 0x00001420, + 0x00080020, 0x00080420, 0x00081020, 0x00081420, + 0x00004000, 0x00004400, 0x00005000, 0x00005400, + 0x00084000, 0x00084400, 0x00085000, 0x00085400, + 0x00004020, 0x00004420, 0x00005020, 0x00005420, + 0x00084020, 0x00084420, 0x00085020, 0x00085420, + 0x00000800, 0x00000c00, 0x00001800, 0x00001c00, + 0x00080800, 0x00080c00, 0x00081800, 0x00081c00, + 0x00000820, 0x00000c20, 0x00001820, 0x00001c20, + 0x00080820, 0x00080c20, 0x00081820, 0x00081c20, + 0x00004800, 0x00004c00, 0x00005800, 0x00005c00, + 0x00084800, 0x00084c00, 0x00085800, 0x00085c00, + 0x00004820, 0x00004c20, 0x00005820, 0x00005c20, + 0x00084820, 0x00084c20, 0x00085820, 0x00085c20 +}; +/* pc2_d_4 bit pattern 49 37 30 46 34 44 */ +static int pc2_d_4[64] = { + 0x00000000, 0x00000100, 0x00040000, 0x00040100, + 0x00000040, 0x00000140, 0x00040040, 0x00040140, + 0x00400000, 0x00400100, 0x00440000, 0x00440100, + 0x00400040, 0x00400140, 0x00440040, 0x00440140, + 0x00008000, 0x00008100, 0x00048000, 0x00048100, + 0x00008040, 0x00008140, 0x00048040, 0x00048140, + 0x00408000, 0x00408100, 0x00448000, 0x00448100, + 0x00408040, 0x00408140, 0x00448040, 0x00448140, + 0x00000008, 0x00000108, 0x00040008, 0x00040108, + 0x00000048, 0x00000148, 0x00040048, 0x00040148, + 0x00400008, 0x00400108, 0x00440008, 0x00440108, + 0x00400048, 0x00400148, 0x00440048, 0x00440148, + 0x00008008, 0x00008108, 0x00048008, 0x00048108, + 0x00008048, 0x00008148, 0x00048048, 0x00048148, + 0x00408008, 0x00408108, 0x00448008, 0x00448108, + 0x00408048, 0x00408148, 0x00448048, 0x00448148 +}; +static unsigned char odd_parity[256] = { + 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, + 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, + 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, + 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, + 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, + 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, + 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110, +112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127, +128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143, +145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158, +161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174, +176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191, +193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206, +208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223, +224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239, +241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254, + }; diff --git a/source4/heimdal/lib/des/des.c b/source4/heimdal/lib/des/des.c new file mode 100644 index 0000000000..66d2bf4f4e --- /dev/null +++ b/source4/heimdal/lib/des/des.c @@ -0,0 +1,954 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * The document that got me started for real was "Efficient + * Implementation of the Data Encryption Standard" by Dag Arne Osvik. + * I never got to the PC1 transformation was working, instead I used + * table-lookup was used for all key schedule setup. The document was + * very useful since it de-mystified other implementations for me. + * + * The core DES function (SBOX + P transformation) is from Richard + * Outerbridge public domain DES implementation. My sanity is saved + * thanks to his work. Thank you Richard. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: des.c,v 1.14 2005/06/18 22:47:17 lha Exp $"); +#endif + +#include +#include +#include +#include + +#include "des.h" + +static void desx(uint32_t [2], DES_key_schedule *, int); +static void IP(uint32_t [2]); +static void FP(uint32_t [2]); + +#include "des-tables.h" + +#define ROTATE_LEFT28(x,one) \ + if (one) { \ + x = ( ((x)<<(1)) & 0xffffffe) | ((x) >> 27); \ + } else { \ + x = ( ((x)<<(2)) & 0xffffffc) | ((x) >> 26); \ + } + +/* + * + */ + +int +DES_set_odd_parity(DES_cblock *key) +{ + int i; + for (i = 0; i < DES_CBLOCK_LEN; i++) + (*key)[i] = odd_parity[(*key)[i]]; + return 0; +} + +/* + * + */ + +/* FIPS 74 */ +static DES_cblock weak_keys[] = { + {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, /* weak keys */ + {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE}, + {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E}, + {0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1}, + {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE}, /* semi-weak keys */ + {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01}, + {0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1}, + {0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E}, + {0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1}, + {0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01}, + {0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE}, + {0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E}, + {0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E}, + {0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01}, + {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE}, + {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1} +}; + +int +DES_is_weak_key(DES_cblock *key) +{ + int i; + + for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) { + if (memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0) + return 1; + } + return 0; +} + + +/* + * + */ + +int +DES_set_key(DES_cblock *key, DES_key_schedule *ks) +{ + uint32_t t1, t2; + uint32_t c, d; + int shifts[16] = { 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1 }; + uint32_t *k = &ks->ks[0]; + int i; + + t1 = (*key)[0] << 24 | (*key)[1] << 16 | (*key)[2] << 8 | (*key)[3]; + t2 = (*key)[4] << 24 | (*key)[5] << 16 | (*key)[6] << 8 | (*key)[7]; + + c = (pc1_c_3[(t1 >> (5 )) & 0x7] << 3) + | (pc1_c_3[(t1 >> (5 + 8 )) & 0x7] << 2) + | (pc1_c_3[(t1 >> (5 + 8 + 8 )) & 0x7] << 1) + | (pc1_c_3[(t1 >> (5 + 8 + 8 + 8)) & 0x7] << 0) + | (pc1_c_4[(t2 >> (4 )) & 0xf] << 3) + | (pc1_c_4[(t2 >> (4 + 8 )) & 0xf] << 2) + | (pc1_c_4[(t2 >> (4 + 8 + 8 )) & 0xf] << 1) + | (pc1_c_4[(t2 >> (4 + 8 + 8 + 8)) & 0xf] << 0); + + + d = (pc1_d_3[(t2 >> (1 )) & 0x7] << 3) + | (pc1_d_3[(t2 >> (1 + 8 )) & 0x7] << 2) + | (pc1_d_3[(t2 >> (1 + 8 + 8 )) & 0x7] << 1) + | (pc1_d_3[(t2 >> (1 + 8 + 8 + 8)) & 0x7] << 0) + | (pc1_d_4[(t1 >> (1 )) & 0xf] << 3) + | (pc1_d_4[(t1 >> (1 + 8 )) & 0xf] << 2) + | (pc1_d_4[(t1 >> (1 + 8 + 8 )) & 0xf] << 1) + | (pc1_d_4[(t1 >> (1 + 8 + 8 + 8)) & 0xf] << 0); + + for (i = 0; i < 16; i++) { + uint32_t kc, kd; + + ROTATE_LEFT28(c, shifts[i]); + ROTATE_LEFT28(d, shifts[i]); + + kc = pc2_c_1[(c >> 22) & 0x3f] | + pc2_c_2[((c >> 16) & 0x30) | ((c >> 15) & 0xf)] | + pc2_c_3[((c >> 9 ) & 0x3c) | ((c >> 8 ) & 0x3)] | + pc2_c_4[((c >> 2 ) & 0x20) | ((c >> 1) & 0x18) | (c & 0x7)]; + kd = pc2_d_1[(d >> 22) & 0x3f] | + pc2_d_2[((d >> 15) & 0x30) | ((d >> 14) & 0xf)] | + pc2_d_3[ (d >> 7 ) & 0x3f] | + pc2_d_4[((d >> 1 ) & 0x3c) | ((d ) & 0x3)]; + + /* Change to byte order used by the S boxes */ + *k = (kc & 0x00fc0000L) << 6; + *k |= (kc & 0x00000fc0L) << 10; + *k |= (kd & 0x00fc0000L) >> 10; + *k++ |= (kd & 0x00000fc0L) >> 6; + *k = (kc & 0x0003f000L) << 12; + *k |= (kc & 0x0000003fL) << 16; + *k |= (kd & 0x0003f000L) >> 4; + *k++ |= (kd & 0x0000003fL); + } + + return 0; +} + +/* + * + */ + +int +DES_set_key_checked(DES_cblock *key, DES_key_schedule *ks) +{ + if (DES_is_weak_key(key)) { + memset(ks, 0, sizeof(*ks)); + return 1; + } + return DES_set_key(key, ks); +} + +/* + * Compatibility function for eay libdes + */ + +int +DES_key_sched(DES_cblock *key, DES_key_schedule *ks) +{ + return DES_set_key(key, ks); +} + +/* + * + */ + +static void +load(const unsigned char *b, uint32_t v[2]) +{ + v[0] = b[0] << 24; + v[0] |= b[1] << 16; + v[0] |= b[2] << 8; + v[0] |= b[3] << 0; + v[1] = b[4] << 24; + v[1] |= b[5] << 16; + v[1] |= b[6] << 8; + v[1] |= b[7] << 0; +} + +static void +store(const uint32_t v[2], unsigned char *b) +{ + b[0] = (v[0] >> 24) & 0xff; + b[1] = (v[0] >> 16) & 0xff; + b[2] = (v[0] >> 8) & 0xff; + b[3] = (v[0] >> 0) & 0xff; + b[4] = (v[1] >> 24) & 0xff; + b[5] = (v[1] >> 16) & 0xff; + b[6] = (v[1] >> 8) & 0xff; + b[7] = (v[1] >> 0) & 0xff; +} + +/* + * + */ + +void +DES_encrypt(uint32_t u[2], DES_key_schedule *ks, int forward_encrypt) +{ + IP(u); + desx(u, ks, forward_encrypt); + FP(u); +} + +/* + * + */ + +void +DES_ecb_encrypt(DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks, int forward_encrypt) +{ + uint32_t u[2]; + load(*input, u); + DES_encrypt(u, ks, forward_encrypt); + store(u, *output); +} + +/* + * + */ + +void +DES_cbc_encrypt(unsigned char *input, unsigned char *output, long length, + DES_key_schedule *ks, DES_cblock *iv, int forward_encrypt) +{ + uint32_t u[2]; + uint32_t uiv[2]; + + load(*iv, uiv); + + if (forward_encrypt) { + while (length >= DES_CBLOCK_LEN) { + load(input, u); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + DES_encrypt(u, ks, 1); + uiv[0] = u[0]; uiv[1] = u[1]; + store(u, output); + + length -= DES_CBLOCK_LEN; + input += DES_CBLOCK_LEN; + output += DES_CBLOCK_LEN; + } + if (length) { + unsigned char tmp[DES_CBLOCK_LEN]; + memcpy(tmp, input, length); + memset(tmp + length, 0, DES_CBLOCK_LEN - length); + load(tmp, u); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + DES_encrypt(u, ks, 1); + store(u, output); + } + } else { + uint32_t t[2]; + while (length >= DES_CBLOCK_LEN) { + load(input, u); + t[0] = u[0]; t[1] = u[1]; + DES_encrypt(u, ks, 0); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + store(u, output); + uiv[0] = t[0]; uiv[1] = t[1]; + + length -= DES_CBLOCK_LEN; + input += DES_CBLOCK_LEN; + output += DES_CBLOCK_LEN; + } + if (length) { + unsigned char tmp[DES_CBLOCK_LEN]; + memcpy(tmp, input, length); + memset(tmp + length, 0, DES_CBLOCK_LEN - length); + load(tmp, u); + DES_encrypt(u, ks, 0); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + store(u, output); + } + } + uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0; +} + +/* + * + */ + +void +DES_pcbc_encrypt(unsigned char *input, unsigned char *output, long length, + DES_key_schedule *ks, DES_cblock *iv, int forward_encrypt) +{ + uint32_t u[2]; + uint32_t uiv[2]; + + load(*iv, uiv); + + if (forward_encrypt) { + uint32_t t[2]; + while (length >= DES_CBLOCK_LEN) { + load(input, u); + t[0] = u[0]; t[1] = u[1]; + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + DES_encrypt(u, ks, 1); + uiv[0] = u[0] ^ t[0]; uiv[1] = u[1] ^ t[1]; + store(u, output); + + length -= DES_CBLOCK_LEN; + input += DES_CBLOCK_LEN; + output += DES_CBLOCK_LEN; + } + if (length) { + unsigned char tmp[DES_CBLOCK_LEN]; + memcpy(tmp, input, length); + memset(tmp + length, 0, DES_CBLOCK_LEN - length); + load(tmp, u); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + DES_encrypt(u, ks, 1); + store(u, output); + } + } else { + uint32_t t[2]; + while (length >= DES_CBLOCK_LEN) { + load(input, u); + t[0] = u[0]; t[1] = u[1]; + DES_encrypt(u, ks, 0); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + store(u, output); + uiv[0] = t[0] ^ u[0]; uiv[1] = t[1] ^ u[1]; + + length -= DES_CBLOCK_LEN; + input += DES_CBLOCK_LEN; + output += DES_CBLOCK_LEN; + } + if (length) { + unsigned char tmp[DES_CBLOCK_LEN]; + memcpy(tmp, input, length); + memset(tmp + length, 0, DES_CBLOCK_LEN - length); + load(tmp, u); + DES_encrypt(u, ks, 0); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + } + } + uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0; +} + +/* + * + */ + +static void +_des3_encrypt(uint32_t u[2], DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, int forward_encrypt) +{ + IP(u); + if (forward_encrypt) { + desx(u, ks1, 1); /* IP + FP cancel out each other */ + desx(u, ks2, 0); + desx(u, ks3, 1); + } else { + desx(u, ks3, 0); + desx(u, ks2, 1); + desx(u, ks1, 0); + } + FP(u); +} + +/* + * + */ + +void +DES_ecb3_encrypt(DES_cblock *input, + DES_cblock *output, + DES_key_schedule *ks1, + DES_key_schedule *ks2, + DES_key_schedule *ks3, + int forward_encrypt) +{ + uint32_t u[2]; + load(*input, u); + _des3_encrypt(u, ks1, ks2, ks3, forward_encrypt); + store(u, *output); + return; +} + +/* + * + */ + +void +DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *iv, int forward_encrypt) +{ + uint32_t u[2]; + uint32_t uiv[2]; + + load(*iv, uiv); + + if (forward_encrypt) { + while (length >= DES_CBLOCK_LEN) { + load(input, u); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + _des3_encrypt(u, ks1, ks2, ks3, 1); + uiv[0] = u[0]; uiv[1] = u[1]; + store(u, output); + + length -= DES_CBLOCK_LEN; + input += DES_CBLOCK_LEN; + output += DES_CBLOCK_LEN; + } + if (length) { + unsigned char tmp[DES_CBLOCK_LEN]; + memcpy(tmp, input, length); + memset(tmp + length, 0, DES_CBLOCK_LEN - length); + load(tmp, u); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + _des3_encrypt(u, ks1, ks2, ks3, 1); + store(u, output); + } + } else { + uint32_t t[2]; + while (length >= DES_CBLOCK_LEN) { + load(input, u); + t[0] = u[0]; t[1] = u[1]; + _des3_encrypt(u, ks1, ks2, ks3, 0); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + store(u, output); + uiv[0] = t[0]; uiv[1] = t[1]; + + length -= DES_CBLOCK_LEN; + input += DES_CBLOCK_LEN; + output += DES_CBLOCK_LEN; + } + if (length) { + unsigned char tmp[DES_CBLOCK_LEN]; + memcpy(tmp, input, length); + memset(tmp + length, 0, DES_CBLOCK_LEN - length); + load(tmp, u); + _des3_encrypt(u, ks1, ks2, ks3, 0); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + store(u, output); + } + } + store(uiv, *iv); + uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0; +} + +/* + * + */ + +void +DES_cfb64_encrypt(unsigned char *input, unsigned char *output, + long length, DES_key_schedule *ks, DES_cblock *iv, + int *num, int forward_encrypt) +{ + unsigned char tmp[DES_CBLOCK_LEN]; + uint32_t uiv[2]; + + load(*iv, uiv); + + if (forward_encrypt) { + int i = *num; + + while (length > 0) { + if (i == 0) + DES_encrypt(uiv, ks, 1); + store(uiv, tmp); + for (; i < DES_CBLOCK_LEN && i < length; i++) { + output[i] = tmp[i] ^ input[i]; + } + if (i == DES_CBLOCK_LEN) + load(output, uiv); + output += i; + input += i; + length -= i; + if (i == DES_CBLOCK_LEN) + i = 0; + } + store(uiv, *iv); + *num = i; + } else { + int i = *num; + unsigned char c; + + while (length > 0) { + if (i == 0) { + DES_encrypt(uiv, ks, 1); + store(uiv, tmp); + } + for (; i < DES_CBLOCK_LEN && i < length; i++) { + c = input[i]; + output[i] = tmp[i] ^ input[i]; + (*iv)[i] = c; + } + output += i; + input += i; + length -= i; + if (i == DES_CBLOCK_LEN) { + i = 0; + load(*iv, uiv); + } + } + store(uiv, *iv); + *num = i; + } +} + +/* + * + */ + +uint32_t +DES_cbc_cksum(const unsigned char *input, DES_cblock *output, + long length, DES_key_schedule *ks, DES_cblock *iv) +{ + uint32_t uiv[2]; + uint32_t u[2] = { 0, 0 }; + + load(*iv, uiv); + + while (length >= DES_CBLOCK_LEN) { + load(input, u); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + DES_encrypt(u, ks, 1); + uiv[0] = u[0]; uiv[1] = u[1]; + + length -= DES_CBLOCK_LEN; + input += DES_CBLOCK_LEN; + } + if (length) { + unsigned char tmp[DES_CBLOCK_LEN]; + memcpy(tmp, input, length); + memset(tmp + length, 0, DES_CBLOCK_LEN - length); + load(tmp, u); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + DES_encrypt(u, ks, 1); + } + if (output) + store(u, *output); + + uiv[0] = 0; u[0] = 0; uiv[1] = 0; + return u[1]; +} + +/* + * + */ + +static unsigned char +bitswap8(unsigned char b) +{ + unsigned char r = 0; + int i; + for (i = 0; i < 8; i++) { + r = r << 1 | (b & 1); + b = b >> 1; + } + return r; +} + +void +DES_string_to_key(const char *str, DES_cblock *key) +{ + const unsigned char *s; + unsigned char *k; + DES_key_schedule ks; + size_t i, len; + + memset(key, 0, sizeof(*key)); + k = *key; + s = (const unsigned char *)str; + + len = strlen(str); + for (i = 0; i < len; i++) { + if ((i % 16) < 8) + k[i % 8] ^= s[i] << 1; + else + k[7 - (i % 8)] ^= bitswap8(s[i]); + } + DES_set_odd_parity(key); + if (DES_is_weak_key(key)) + k[7] ^= 0xF0; + DES_set_key(key, &ks); + DES_cbc_cksum(s, key, len, &ks, key); + memset(&ks, 0, sizeof(ks)); + DES_set_odd_parity(key); + if (DES_is_weak_key(key)) + k[7] ^= 0xF0; +} + +/* + * + */ + +int +DES_read_password(DES_cblock *key, char *prompt, int verify) +{ + char buf[512]; + int ret; + + ret = UI_UTIL_read_pw_string(buf, sizeof(buf) - 1, prompt, verify); + if (ret == 0) + DES_string_to_key(buf, key); + return ret; +} + +/* + * + */ + + +void +_DES_ipfp_test(void) +{ + DES_cblock k = "\x01\x02\x04\x08\x10\x20\x40\x80", k2; + uint32_t u[2] = { 1, 0 }; + IP(u); + FP(u); + IP(u); + FP(u); + if (u[0] != 1 || u[1] != 0) + abort(); + + load(k, u); + store(u, k2); + if (memcmp(k, k2, 8) != 0) + abort(); +} + +/* D3DES (V5.09) - + * + * A portable, public domain, version of the Data Encryption Standard. + * + * Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge. + * Thanks to: Dan Hoey for his excellent Initial and Inverse permutation + * code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis + * Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau, + * for humouring me on. + * + * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge. + * (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992. + */ + +static uint32_t SP1[64] = { + 0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, + 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, + 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, + 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, + 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, + 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, + 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, + 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L, + 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, + 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, + 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, + 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, + 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, + 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, + 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, + 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L }; + +static uint32_t SP2[64] = { + 0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, + 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, + 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, + 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, + 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, + 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, + 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, + 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L, + 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, + 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, + 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, + 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, + 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, + 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, + 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, + 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L }; + +static uint32_t SP3[64] = { + 0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, + 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, + 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, + 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, + 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, + 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, + 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, + 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L, + 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, + 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, + 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, + 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, + 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, + 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, + 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, + 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L }; + +static uint32_t SP4[64] = { + 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, + 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, + 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, + 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, + 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, + 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, + 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, + 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L, + 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, + 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, + 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, + 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, + 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, + 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, + 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, + 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L }; + +static uint32_t SP5[64] = { + 0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, + 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, + 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, + 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, + 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, + 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, + 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, + 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L, + 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, + 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, + 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, + 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, + 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, + 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, + 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, + 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L }; + +static uint32_t SP6[64] = { + 0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, + 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, + 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, + 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, + 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, + 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, + 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, + 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L, + 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, + 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, + 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, + 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, + 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, + 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, + 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, + 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L }; + +static uint32_t SP7[64] = { + 0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, + 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, + 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, + 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, + 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, + 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, + 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, + 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L, + 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, + 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, + 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, + 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, + 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, + 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, + 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, + 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L }; + +static uint32_t SP8[64] = { + 0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, + 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, + 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, + 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, + 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, + 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, + 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, + 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L, + 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, + 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, + 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, + 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, + 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, + 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, + 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, + 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L }; + +static void +IP(uint32_t v[2]) +{ + uint32_t work; + + work = ((v[0] >> 4) ^ v[1]) & 0x0f0f0f0fL; + v[1] ^= work; + v[0] ^= (work << 4); + work = ((v[0] >> 16) ^ v[1]) & 0x0000ffffL; + v[1] ^= work; + v[0] ^= (work << 16); + work = ((v[1] >> 2) ^ v[0]) & 0x33333333L; + v[0] ^= work; + v[1] ^= (work << 2); + work = ((v[1] >> 8) ^ v[0]) & 0x00ff00ffL; + v[0] ^= work; + v[1] ^= (work << 8); + v[1] = ((v[1] << 1) | ((v[1] >> 31) & 1L)) & 0xffffffffL; + work = (v[0] ^ v[1]) & 0xaaaaaaaaL; + v[0] ^= work; + v[1] ^= work; + v[0] = ((v[0] << 1) | ((v[0] >> 31) & 1L)) & 0xffffffffL; +} + +static void +FP(uint32_t v[2]) +{ + uint32_t work; + + v[0] = (v[0] << 31) | (v[0] >> 1); + work = (v[1] ^ v[0]) & 0xaaaaaaaaL; + v[1] ^= work; + v[0] ^= work; + v[1] = (v[1] << 31) | (v[1] >> 1); + work = ((v[1] >> 8) ^ v[0]) & 0x00ff00ffL; + v[0] ^= work; + v[1] ^= (work << 8); + work = ((v[1] >> 2) ^ v[0]) & 0x33333333L; + v[0] ^= work; + v[1] ^= (work << 2); + work = ((v[0] >> 16) ^ v[1]) & 0x0000ffffL; + v[1] ^= work; + v[0] ^= (work << 16); + work = ((v[0] >> 4) ^ v[1]) & 0x0f0f0f0fL; + v[1] ^= work; + v[0] ^= (work << 4); +} + +static void +desx(uint32_t block[2], DES_key_schedule *ks, int forward_encrypt) +{ + uint32_t *keys; + uint32_t fval, work, right, left; + int round; + + left = block[0]; + right = block[1]; + + if (forward_encrypt) { + keys = &ks->ks[0]; + + for( round = 0; round < 8; round++ ) { + work = (right << 28) | (right >> 4); + work ^= *keys++; + fval = SP7[ work & 0x3fL]; + fval |= SP5[(work >> 8) & 0x3fL]; + fval |= SP3[(work >> 16) & 0x3fL]; + fval |= SP1[(work >> 24) & 0x3fL]; + work = right ^ *keys++; + fval |= SP8[ work & 0x3fL]; + fval |= SP6[(work >> 8) & 0x3fL]; + fval |= SP4[(work >> 16) & 0x3fL]; + fval |= SP2[(work >> 24) & 0x3fL]; + left ^= fval; + work = (left << 28) | (left >> 4); + work ^= *keys++; + fval = SP7[ work & 0x3fL]; + fval |= SP5[(work >> 8) & 0x3fL]; + fval |= SP3[(work >> 16) & 0x3fL]; + fval |= SP1[(work >> 24) & 0x3fL]; + work = left ^ *keys++; + fval |= SP8[ work & 0x3fL]; + fval |= SP6[(work >> 8) & 0x3fL]; + fval |= SP4[(work >> 16) & 0x3fL]; + fval |= SP2[(work >> 24) & 0x3fL]; + right ^= fval; + } + } else { + keys = &ks->ks[30]; + + for( round = 0; round < 8; round++ ) { + work = (right << 28) | (right >> 4); + work ^= *keys++; + fval = SP7[ work & 0x3fL]; + fval |= SP5[(work >> 8) & 0x3fL]; + fval |= SP3[(work >> 16) & 0x3fL]; + fval |= SP1[(work >> 24) & 0x3fL]; + work = right ^ *keys++; + fval |= SP8[ work & 0x3fL]; + fval |= SP6[(work >> 8) & 0x3fL]; + fval |= SP4[(work >> 16) & 0x3fL]; + fval |= SP2[(work >> 24) & 0x3fL]; + left ^= fval; + work = (left << 28) | (left >> 4); + keys -= 4; + work ^= *keys++; + fval = SP7[ work & 0x3fL]; + fval |= SP5[(work >> 8) & 0x3fL]; + fval |= SP3[(work >> 16) & 0x3fL]; + fval |= SP1[(work >> 24) & 0x3fL]; + work = left ^ *keys++; + fval |= SP8[ work & 0x3fL]; + fval |= SP6[(work >> 8) & 0x3fL]; + fval |= SP4[(work >> 16) & 0x3fL]; + fval |= SP2[(work >> 24) & 0x3fL]; + right ^= fval; + keys -= 4; + } + } + block[0] = right; + block[1] = left; +} diff --git a/source4/heimdal/lib/des/des.h b/source4/heimdal/lib/des/des.h new file mode 100644 index 0000000000..378c77572c --- /dev/null +++ b/source4/heimdal/lib/des/des.h @@ -0,0 +1,92 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: des.h,v 1.23 2005/04/30 14:09:50 lha Exp $ */ + +#ifndef _DESperate_H +#define _DESperate_H 1 + +#define DES_CBLOCK_LEN 8 +#define DES_KEY_SZ 8 + +#define DES_ENCRYPT 1 +#define DES_DECRYPT 0 + +typedef unsigned char DES_cblock[DES_CBLOCK_LEN]; +typedef struct DES_key_schedule +{ + uint32_t ks[32]; +} DES_key_schedule; + +int DES_set_odd_parity(DES_cblock *); +int DES_is_weak_key(DES_cblock *); +int DES_set_key(DES_cblock *, DES_key_schedule *); +int DES_set_key_checked(DES_cblock *, DES_key_schedule *); +int DES_key_sched(DES_cblock *, DES_key_schedule *); +int DES_new_random_key(DES_cblock *); +void DES_string_to_key(const char *, DES_cblock *); +int DES_read_password(DES_cblock *, char *, int); + +int UI_UTIL_read_pw_string(char *, int, const char *, int); /* XXX */ + +void DES_rand_data(unsigned char *, int); +void DES_set_random_generator_seed(DES_cblock *); +void DES_generate_random_block(DES_cblock *); +void DES_set_sequence_number(unsigned char *); +void DES_init_random_number_generator(DES_cblock *); +void DES_random_key(DES_cblock *); + + +void DES_encrypt(uint32_t [2], DES_key_schedule *, int); +void DES_ecb_encrypt(DES_cblock *, DES_cblock *, DES_key_schedule *, int); +void DES_ecb3_encrypt(DES_cblock *,DES_cblock *, DES_key_schedule *, + DES_key_schedule *, DES_key_schedule *, int); +void DES_pcbc_encrypt(unsigned char *, unsigned char *, long, + DES_key_schedule *, DES_cblock *, int); +void DES_cbc_encrypt(unsigned char *, unsigned char *, long, + DES_key_schedule *, DES_cblock *, int); +void DES_ede3_cbc_encrypt(const unsigned char *, unsigned char *, long, + DES_key_schedule *, DES_key_schedule *, + DES_key_schedule *, DES_cblock *, int); +void DES_cfb64_encrypt(unsigned char *, unsigned char *, long, + DES_key_schedule *, DES_cblock *, int *, int); + + +uint32_t DES_cbc_cksum(const unsigned char *, DES_cblock *, + long, DES_key_schedule *, DES_cblock *); + + +void _DES_ipfp_test(void); + + +#endif /* _DESperate_H */ diff --git a/source4/heimdal/lib/des/hash.h b/source4/heimdal/lib/des/hash.h new file mode 100644 index 0000000000..24217a27a5 --- /dev/null +++ b/source4/heimdal/lib/des/hash.h @@ -0,0 +1,71 @@ +/* + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +/* $Id: hash.h,v 1.3 2005/04/27 11:53:48 lha Exp $ */ + +/* stuff in common between md4, md5, and sha1 */ + +#ifndef __hash_h__ +#define __hash_h__ + +#include +#include +#include +#ifdef KRB5 +#include +#endif + +#ifndef min +#define min(a,b) (((a)>(b))?(b):(a)) +#endif + +/* Vector Crays doesn't have a good 32-bit type, or more precisely, + int32_t as defined by isn't 32 bits, and we don't + want to depend in being able to redefine this type. To cope with + this we have to clamp the result in some places to [0,2^32); no + need to do this on other machines. Did I say this was a mess? + */ + +#ifdef _CRAY +#define CRAYFIX(X) ((X) & 0xffffffff) +#else +#define CRAYFIX(X) (X) +#endif + +static inline u_int32_t +cshift (u_int32_t x, unsigned int n) +{ + x = CRAYFIX(x); + return CRAYFIX((x << n) | (x >> (32 - n))); +} + +#endif /* __hash_h__ */ diff --git a/source4/heimdal/lib/des/md4.c b/source4/heimdal/lib/des/md4.c new file mode 100644 index 0000000000..693b8f5c76 --- /dev/null +++ b/source4/heimdal/lib/des/md4.c @@ -0,0 +1,250 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: md4.c,v 1.17 2005/04/27 11:54:56 lha Exp $"); +#endif + +#include "hash.h" +#include "md4.h" + +#define A m->counter[0] +#define B m->counter[1] +#define C m->counter[2] +#define D m->counter[3] +#define X data + +void +MD4_Init (struct md4 *m) +{ + m->sz[0] = 0; + m->sz[1] = 0; + D = 0x10325476; + C = 0x98badcfe; + B = 0xefcdab89; + A = 0x67452301; +} + +#define F(x,y,z) CRAYFIX((x & y) | (~x & z)) +#define G(x,y,z) ((x & y) | (x & z) | (y & z)) +#define H(x,y,z) (x ^ y ^ z) + +#define DOIT(a,b,c,d,k,s,i,OP) \ +a = cshift(a + OP(b,c,d) + X[k] + i, s) + +#define DO1(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,F) +#define DO2(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,G) +#define DO3(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,H) + +static inline void +calc (struct md4 *m, u_int32_t *data) +{ + u_int32_t AA, BB, CC, DD; + + AA = A; + BB = B; + CC = C; + DD = D; + + /* Round 1 */ + + DO1(A,B,C,D,0,3,0); + DO1(D,A,B,C,1,7,0); + DO1(C,D,A,B,2,11,0); + DO1(B,C,D,A,3,19,0); + + DO1(A,B,C,D,4,3,0); + DO1(D,A,B,C,5,7,0); + DO1(C,D,A,B,6,11,0); + DO1(B,C,D,A,7,19,0); + + DO1(A,B,C,D,8,3,0); + DO1(D,A,B,C,9,7,0); + DO1(C,D,A,B,10,11,0); + DO1(B,C,D,A,11,19,0); + + DO1(A,B,C,D,12,3,0); + DO1(D,A,B,C,13,7,0); + DO1(C,D,A,B,14,11,0); + DO1(B,C,D,A,15,19,0); + + /* Round 2 */ + + DO2(A,B,C,D,0,3,0x5A827999); + DO2(D,A,B,C,4,5,0x5A827999); + DO2(C,D,A,B,8,9,0x5A827999); + DO2(B,C,D,A,12,13,0x5A827999); + + DO2(A,B,C,D,1,3,0x5A827999); + DO2(D,A,B,C,5,5,0x5A827999); + DO2(C,D,A,B,9,9,0x5A827999); + DO2(B,C,D,A,13,13,0x5A827999); + + DO2(A,B,C,D,2,3,0x5A827999); + DO2(D,A,B,C,6,5,0x5A827999); + DO2(C,D,A,B,10,9,0x5A827999); + DO2(B,C,D,A,14,13,0x5A827999); + + DO2(A,B,C,D,3,3,0x5A827999); + DO2(D,A,B,C,7,5,0x5A827999); + DO2(C,D,A,B,11,9,0x5A827999); + DO2(B,C,D,A,15,13,0x5A827999); + + /* Round 3 */ + + DO3(A,B,C,D,0,3,0x6ED9EBA1); + DO3(D,A,B,C,8,9,0x6ED9EBA1); + DO3(C,D,A,B,4,11,0x6ED9EBA1); + DO3(B,C,D,A,12,15,0x6ED9EBA1); + + DO3(A,B,C,D,2,3,0x6ED9EBA1); + DO3(D,A,B,C,10,9,0x6ED9EBA1); + DO3(C,D,A,B,6,11,0x6ED9EBA1); + DO3(B,C,D,A,14,15,0x6ED9EBA1); + + DO3(A,B,C,D,1,3,0x6ED9EBA1); + DO3(D,A,B,C,9,9,0x6ED9EBA1); + DO3(C,D,A,B,5,11,0x6ED9EBA1); + DO3(B,C,D,A,13,15,0x6ED9EBA1); + + DO3(A,B,C,D,3,3,0x6ED9EBA1); + DO3(D,A,B,C,11,9,0x6ED9EBA1); + DO3(C,D,A,B,7,11,0x6ED9EBA1); + DO3(B,C,D,A,15,15,0x6ED9EBA1); + + A += AA; + B += BB; + C += CC; + D += DD; +} + +/* + * From `Performance analysis of MD5' by Joseph D. Touch + */ + +#if defined(WORDS_BIGENDIAN) +static inline u_int32_t +swap_u_int32_t (u_int32_t t) +{ + u_int32_t temp1, temp2; + + temp1 = cshift(t, 16); + temp2 = temp1 >> 8; + temp1 &= 0x00ff00ff; + temp2 &= 0x00ff00ff; + temp1 <<= 8; + return temp1 | temp2; +} +#endif + +struct x32{ + unsigned int a:32; + unsigned int b:32; +}; + +void +MD4_Update (struct md4 *m, const void *v, size_t len) +{ + const unsigned char *p = v; + size_t old_sz = m->sz[0]; + size_t offset; + + m->sz[0] += len * 8; + if (m->sz[0] < old_sz) + ++m->sz[1]; + offset = (old_sz / 8) % 64; + while(len > 0) { + size_t l = min(len, 64 - offset); + memcpy(m->save + offset, p, l); + offset += l; + p += l; + len -= l; + if(offset == 64) { +#if defined(WORDS_BIGENDIAN) + int i; + u_int32_t current[16]; + struct x32 *u = (struct x32*)m->save; + for(i = 0; i < 8; i++){ + current[2*i+0] = swap_u_int32_t(u[i].a); + current[2*i+1] = swap_u_int32_t(u[i].b); + } + calc(m, current); +#else + calc(m, (u_int32_t*)m->save); +#endif + offset = 0; + } + } +} + +void +MD4_Final (void *res, struct md4 *m) +{ + unsigned char zeros[72]; + unsigned offset = (m->sz[0] / 8) % 64; + unsigned int dstart = (120 - offset - 1) % 64 + 1; + + *zeros = 0x80; + memset (zeros + 1, 0, sizeof(zeros) - 1); + zeros[dstart+0] = (m->sz[0] >> 0) & 0xff; + zeros[dstart+1] = (m->sz[0] >> 8) & 0xff; + zeros[dstart+2] = (m->sz[0] >> 16) & 0xff; + zeros[dstart+3] = (m->sz[0] >> 24) & 0xff; + zeros[dstart+4] = (m->sz[1] >> 0) & 0xff; + zeros[dstart+5] = (m->sz[1] >> 8) & 0xff; + zeros[dstart+6] = (m->sz[1] >> 16) & 0xff; + zeros[dstart+7] = (m->sz[1] >> 24) & 0xff; + MD4_Update (m, zeros, dstart + 8); + { + int i; + unsigned char *r = (unsigned char *)res; + + for (i = 0; i < 4; ++i) { + r[4*i] = m->counter[i] & 0xFF; + r[4*i+1] = (m->counter[i] >> 8) & 0xFF; + r[4*i+2] = (m->counter[i] >> 16) & 0xFF; + r[4*i+3] = (m->counter[i] >> 24) & 0xFF; + } + } +#if 0 + { + int i; + u_int32_t *r = (u_int32_t *)res; + + for (i = 0; i < 4; ++i) + r[i] = swap_u_int32_t (m->counter[i]); + } +#endif +} diff --git a/source4/heimdal/lib/des/md4.h b/source4/heimdal/lib/des/md4.h new file mode 100644 index 0000000000..92147c8489 --- /dev/null +++ b/source4/heimdal/lib/des/md4.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: md4.h,v 1.9 2005/04/10 19:12:38 lha Exp $ */ + +#ifndef HEIM_MD4_H +#define HEIM_MD4_H 1 + +struct md4 { + unsigned int sz[2]; + u_int32_t counter[4]; + unsigned char save[64]; +}; + +typedef struct md4 MD4_CTX; + +void MD4_Init (struct md4 *m); +void MD4_Update (struct md4 *m, const void *p, size_t len); +void MD4_Final (void *res, struct md4 *m); + +#endif /* HEIM_MD4_H */ diff --git a/source4/heimdal/lib/des/md5.c b/source4/heimdal/lib/des/md5.c new file mode 100644 index 0000000000..d5b7c245f6 --- /dev/null +++ b/source4/heimdal/lib/des/md5.c @@ -0,0 +1,274 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: md5.c,v 1.17 2005/04/27 11:54:35 lha Exp $"); +#endif + +#include "hash.h" +#include "md5.h" + +#define A m->counter[0] +#define B m->counter[1] +#define C m->counter[2] +#define D m->counter[3] +#define X data + +void +MD5_Init (struct md5 *m) +{ + m->sz[0] = 0; + m->sz[1] = 0; + D = 0x10325476; + C = 0x98badcfe; + B = 0xefcdab89; + A = 0x67452301; +} + +#define F(x,y,z) CRAYFIX((x & y) | (~x & z)) +#define G(x,y,z) CRAYFIX((x & z) | (y & ~z)) +#define H(x,y,z) (x ^ y ^ z) +#define I(x,y,z) CRAYFIX(y ^ (x | ~z)) + +#define DOIT(a,b,c,d,k,s,i,OP) \ +a = b + cshift(a + OP(b,c,d) + X[k] + (i), s) + +#define DO1(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,F) +#define DO2(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,G) +#define DO3(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,H) +#define DO4(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,I) + +static inline void +calc (struct md5 *m, u_int32_t *data) +{ + u_int32_t AA, BB, CC, DD; + + AA = A; + BB = B; + CC = C; + DD = D; + + /* Round 1 */ + + DO1(A,B,C,D,0,7,0xd76aa478); + DO1(D,A,B,C,1,12,0xe8c7b756); + DO1(C,D,A,B,2,17,0x242070db); + DO1(B,C,D,A,3,22,0xc1bdceee); + + DO1(A,B,C,D,4,7,0xf57c0faf); + DO1(D,A,B,C,5,12,0x4787c62a); + DO1(C,D,A,B,6,17,0xa8304613); + DO1(B,C,D,A,7,22,0xfd469501); + + DO1(A,B,C,D,8,7,0x698098d8); + DO1(D,A,B,C,9,12,0x8b44f7af); + DO1(C,D,A,B,10,17,0xffff5bb1); + DO1(B,C,D,A,11,22,0x895cd7be); + + DO1(A,B,C,D,12,7,0x6b901122); + DO1(D,A,B,C,13,12,0xfd987193); + DO1(C,D,A,B,14,17,0xa679438e); + DO1(B,C,D,A,15,22,0x49b40821); + + /* Round 2 */ + + DO2(A,B,C,D,1,5,0xf61e2562); + DO2(D,A,B,C,6,9,0xc040b340); + DO2(C,D,A,B,11,14,0x265e5a51); + DO2(B,C,D,A,0,20,0xe9b6c7aa); + + DO2(A,B,C,D,5,5,0xd62f105d); + DO2(D,A,B,C,10,9,0x2441453); + DO2(C,D,A,B,15,14,0xd8a1e681); + DO2(B,C,D,A,4,20,0xe7d3fbc8); + + DO2(A,B,C,D,9,5,0x21e1cde6); + DO2(D,A,B,C,14,9,0xc33707d6); + DO2(C,D,A,B,3,14,0xf4d50d87); + DO2(B,C,D,A,8,20,0x455a14ed); + + DO2(A,B,C,D,13,5,0xa9e3e905); + DO2(D,A,B,C,2,9,0xfcefa3f8); + DO2(C,D,A,B,7,14,0x676f02d9); + DO2(B,C,D,A,12,20,0x8d2a4c8a); + + /* Round 3 */ + + DO3(A,B,C,D,5,4,0xfffa3942); + DO3(D,A,B,C,8,11,0x8771f681); + DO3(C,D,A,B,11,16,0x6d9d6122); + DO3(B,C,D,A,14,23,0xfde5380c); + + DO3(A,B,C,D,1,4,0xa4beea44); + DO3(D,A,B,C,4,11,0x4bdecfa9); + DO3(C,D,A,B,7,16,0xf6bb4b60); + DO3(B,C,D,A,10,23,0xbebfbc70); + + DO3(A,B,C,D,13,4,0x289b7ec6); + DO3(D,A,B,C,0,11,0xeaa127fa); + DO3(C,D,A,B,3,16,0xd4ef3085); + DO3(B,C,D,A,6,23,0x4881d05); + + DO3(A,B,C,D,9,4,0xd9d4d039); + DO3(D,A,B,C,12,11,0xe6db99e5); + DO3(C,D,A,B,15,16,0x1fa27cf8); + DO3(B,C,D,A,2,23,0xc4ac5665); + + /* Round 4 */ + + DO4(A,B,C,D,0,6,0xf4292244); + DO4(D,A,B,C,7,10,0x432aff97); + DO4(C,D,A,B,14,15,0xab9423a7); + DO4(B,C,D,A,5,21,0xfc93a039); + + DO4(A,B,C,D,12,6,0x655b59c3); + DO4(D,A,B,C,3,10,0x8f0ccc92); + DO4(C,D,A,B,10,15,0xffeff47d); + DO4(B,C,D,A,1,21,0x85845dd1); + + DO4(A,B,C,D,8,6,0x6fa87e4f); + DO4(D,A,B,C,15,10,0xfe2ce6e0); + DO4(C,D,A,B,6,15,0xa3014314); + DO4(B,C,D,A,13,21,0x4e0811a1); + + DO4(A,B,C,D,4,6,0xf7537e82); + DO4(D,A,B,C,11,10,0xbd3af235); + DO4(C,D,A,B,2,15,0x2ad7d2bb); + DO4(B,C,D,A,9,21,0xeb86d391); + + A += AA; + B += BB; + C += CC; + D += DD; +} + +/* + * From `Performance analysis of MD5' by Joseph D. Touch + */ + +#if defined(WORDS_BIGENDIAN) +static inline u_int32_t +swap_u_int32_t (u_int32_t t) +{ + u_int32_t temp1, temp2; + + temp1 = cshift(t, 16); + temp2 = temp1 >> 8; + temp1 &= 0x00ff00ff; + temp2 &= 0x00ff00ff; + temp1 <<= 8; + return temp1 | temp2; +} +#endif + +struct x32{ + unsigned int a:32; + unsigned int b:32; +}; + +void +MD5_Update (struct md5 *m, const void *v, size_t len) +{ + const unsigned char *p = v; + size_t old_sz = m->sz[0]; + size_t offset; + + m->sz[0] += len * 8; + if (m->sz[0] < old_sz) + ++m->sz[1]; + offset = (old_sz / 8) % 64; + while(len > 0){ + size_t l = min(len, 64 - offset); + memcpy(m->save + offset, p, l); + offset += l; + p += l; + len -= l; + if(offset == 64){ +#if defined(WORDS_BIGENDIAN) + int i; + u_int32_t current[16]; + struct x32 *u = (struct x32*)m->save; + for(i = 0; i < 8; i++){ + current[2*i+0] = swap_u_int32_t(u[i].a); + current[2*i+1] = swap_u_int32_t(u[i].b); + } + calc(m, current); +#else + calc(m, (u_int32_t*)m->save); +#endif + offset = 0; + } + } +} + +void +MD5_Final (void *res, struct md5 *m) +{ + unsigned char zeros[72]; + unsigned offset = (m->sz[0] / 8) % 64; + unsigned int dstart = (120 - offset - 1) % 64 + 1; + + *zeros = 0x80; + memset (zeros + 1, 0, sizeof(zeros) - 1); + zeros[dstart+0] = (m->sz[0] >> 0) & 0xff; + zeros[dstart+1] = (m->sz[0] >> 8) & 0xff; + zeros[dstart+2] = (m->sz[0] >> 16) & 0xff; + zeros[dstart+3] = (m->sz[0] >> 24) & 0xff; + zeros[dstart+4] = (m->sz[1] >> 0) & 0xff; + zeros[dstart+5] = (m->sz[1] >> 8) & 0xff; + zeros[dstart+6] = (m->sz[1] >> 16) & 0xff; + zeros[dstart+7] = (m->sz[1] >> 24) & 0xff; + MD5_Update (m, zeros, dstart + 8); + { + int i; + unsigned char *r = (unsigned char *)res; + + for (i = 0; i < 4; ++i) { + r[4*i] = m->counter[i] & 0xFF; + r[4*i+1] = (m->counter[i] >> 8) & 0xFF; + r[4*i+2] = (m->counter[i] >> 16) & 0xFF; + r[4*i+3] = (m->counter[i] >> 24) & 0xFF; + } + } +#if 0 + { + int i; + u_int32_t *r = (u_int32_t *)res; + + for (i = 0; i < 4; ++i) + r[i] = swap_u_int32_t (m->counter[i]); + } +#endif +} diff --git a/source4/heimdal/lib/des/md5.h b/source4/heimdal/lib/des/md5.h new file mode 100644 index 0000000000..c0463e02d7 --- /dev/null +++ b/source4/heimdal/lib/des/md5.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: md5.h,v 1.9 2005/04/10 19:14:34 lha Exp $ */ + +#ifndef HEIM_MD5_H +#define HEIM_MD5_H 1 + +struct md5 { + unsigned int sz[2]; + u_int32_t counter[4]; + unsigned char save[64]; +}; + +typedef struct md5 MD5_CTX; + +void MD5_Init (struct md5 *m); +void MD5_Update (struct md5 *m, const void *p, size_t len); +void MD5_Final (void *res, struct md5 *m); /* u_int32_t res[4] */ + +#endif /* HEIM_MD5_H */ diff --git a/source4/heimdal/lib/des/rc2.c b/source4/heimdal/lib/des/rc2.c new file mode 100755 index 0000000000..4b4b53d52c --- /dev/null +++ b/source4/heimdal/lib/des/rc2.c @@ -0,0 +1,243 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: rc2.c,v 1.6 2005/06/18 22:47:33 lha Exp $"); +#endif + +#include "rc2.h" +#include +#include +#include + +/* + * Implemented from Peter Gutmann's "Specification for Ron Rivests Cipher No.2" + * rfc2268 and "On the Design and Security of RC2" was also useful. + */ + +static unsigned int Sbox[256] = { + 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, + 0x28, 0xe9, 0xfd, 0x79, 0x4a, 0xa0, 0xd8, 0x9d, + 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, + 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2, + 0x17, 0x9a, 0x59, 0xf5, 0x87, 0xb3, 0x4f, 0x13, + 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32, + 0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, + 0xf0, 0x95, 0x21, 0x22, 0x5c, 0x6b, 0x4e, 0x82, + 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, + 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc, + 0x12, 0x75, 0xca, 0x1f, 0x3b, 0xbe, 0xe4, 0xd1, + 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26, + 0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, + 0x27, 0xf2, 0x1d, 0x9b, 0xbc, 0x94, 0x43, 0x03, + 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, + 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, + 0x08, 0xe8, 0xea, 0xde, 0x80, 0x52, 0xee, 0xf7, + 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a, + 0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, + 0x4b, 0x9f, 0xd0, 0x5e, 0x04, 0x18, 0xa4, 0xec, + 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, + 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, + 0x99, 0x7c, 0x3a, 0x85, 0x23, 0xb8, 0xb4, 0x7a, + 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31, + 0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, + 0x05, 0xdf, 0x29, 0x10, 0x67, 0x6c, 0xba, 0xc9, + 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, + 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9, + 0x0d, 0x38, 0x34, 0x1b, 0xab, 0x33, 0xff, 0xb0, + 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e, + 0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, + 0x0a, 0xa6, 0x20, 0x68, 0xfe, 0x7f, 0xc1, 0xad +}; + +void +RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) +{ + unsigned char k[128]; + int j, T8, TM; + + if (len > 128) + len = 128; + if (bits <= 0 || bits > 1024) + bits = 1024; + + for (j = 0; j < len; j++) + k[j] = data[j]; + for (; j < 128; j++) + k[j] = Sbox[(k[j - len] + k[j - 1]) & 0xff]; + + T8 = (bits + 7) / 8; + j = (8*T8 - bits); + TM = 0xff >> j; + + k[128 - T8] = Sbox[k[128 - T8] & TM]; + + for (j = 127 - T8; j >= 0; j--) + k[j] = Sbox[k[j + 1] ^ k[j + T8]]; + + for (j = 0; j < 64; j++) + key->data[j] = k[(j * 2) + 0] | (k[(j * 2) + 1] << 8); + memset(k, 0, sizeof(k)); +} + +#define ROT16L(w,n) ((w<>(16-n))) +#define ROT16R(w,n) ((w>>n)|(w<<(16-n))) + +void +RC2_encryptc(unsigned char *in, unsigned char *out, const RC2_KEY *key) +{ + int i, j; + int w0, w1, w2, w3; + int t0, t1, t2, t3; + + w0 = in[0] | (in[1] << 8); + w1 = in[2] | (in[3] << 8); + w2 = in[4] | (in[5] << 8); + w3 = in[6] | (in[7] << 8); + + for (i = 0; i < 16; i++) { + j = i * 4; + t0 = (w0 + (w1 & ~w3) + (w2 & w3) + key->data[j + 0]) & 0xffff; + w0 = ROT16L(t0, 1); + t1 = (w1 + (w2 & ~w0) + (w3 & w0) + key->data[j + 1]) & 0xffff; + w1 = ROT16L(t1, 2); + t2 = (w2 + (w3 & ~w1) + (w0 & w1) + key->data[j + 2]) & 0xffff; + w2 = ROT16L(t2, 3); + t3 = (w3 + (w0 & ~w2) + (w1 & w2) + key->data[j + 3]) & 0xffff; + w3 = ROT16L(t3, 5); + if(i == 4 || i == 10) { + w0 += key->data[w3 & 63]; + w1 += key->data[w0 & 63]; + w2 += key->data[w1 & 63]; + w3 += key->data[w2 & 63]; + } + } + + out[0] = w0 & 0xff; + out[1] = (w0 >> 8) & 0xff; + out[2] = w1 & 0xff; + out[3] = (w1 >> 8) & 0xff; + out[4] = w2 & 0xff; + out[5] = (w2 >> 8) & 0xff; + out[6] = w3 & 0xff; + out[7] = (w3 >> 8) & 0xff; +} + +void +RC2_decryptc(unsigned char *in, unsigned char *out, const RC2_KEY *key) +{ + int i, j; + int w0, w1, w2, w3; + int t0, t1, t2, t3; + + w0 = in[0] | (in[1] << 8); + w1 = in[2] | (in[3] << 8); + w2 = in[4] | (in[5] << 8); + w3 = in[6] | (in[7] << 8); + + for (i = 15; i >= 0; i--) { + j = i * 4; + + if(i == 4 || i == 10) { + w3 = (w3 - key->data[w2 & 63]) & 0xffff; + w2 = (w2 - key->data[w1 & 63]) & 0xffff; + w1 = (w1 - key->data[w0 & 63]) & 0xffff; + w0 = (w0 - key->data[w3 & 63]) & 0xffff; + } + + t3 = ROT16R(w3, 5); + w3 = (t3 - (w0 & ~w2) - (w1 & w2) - key->data[j + 3]) & 0xffff; + t2 = ROT16R(w2, 3); + w2 = (t2 - (w3 & ~w1) - (w0 & w1) - key->data[j + 2]) & 0xffff; + t1 = ROT16R(w1, 2); + w1 = (t1 - (w2 & ~w0) - (w3 & w0) - key->data[j + 1]) & 0xffff; + t0 = ROT16R(w0, 1); + w0 = (t0 - (w1 & ~w3) - (w2 & w3) - key->data[j + 0]) & 0xffff; + + } + out[0] = w0 & 0xff; + out[1] = (w0 >> 8) & 0xff; + out[2] = w1 & 0xff; + out[3] = (w1 >> 8) & 0xff; + out[4] = w2 & 0xff; + out[5] = (w2 >> 8) & 0xff; + out[6] = w3 & 0xff; + out[7] = (w3 >> 8) & 0xff; +} + +void +RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long size, + RC2_KEY *key, unsigned char *iv, int forward_encrypt) +{ + unsigned char tmp[RC2_BLOCK_SIZE]; + int i; + + if (forward_encrypt) { + while (size >= RC2_BLOCK_SIZE) { + for (i = 0; i < RC2_BLOCK_SIZE; i++) + tmp[i] = in[i] ^ iv[i]; + RC2_encryptc(tmp, out, key); + memcpy(iv, out, RC2_BLOCK_SIZE); + size -= RC2_BLOCK_SIZE; + in += RC2_BLOCK_SIZE; + out += RC2_BLOCK_SIZE; + } + if (size) { + for (i = 0; i < size; i++) + tmp[i] = in[i] ^ iv[i]; + for (i = size; i < RC2_BLOCK_SIZE; i++) + tmp[i] = iv[i]; + RC2_encryptc(tmp, out, key); + memcpy(iv, out, RC2_BLOCK_SIZE); + } + } else { + while (size >= RC2_BLOCK_SIZE) { + memcpy(tmp, in, RC2_BLOCK_SIZE); + RC2_decryptc(tmp, out, key); + for (i = 0; i < RC2_BLOCK_SIZE; i++) + out[i] ^= iv[i]; + memcpy(iv, tmp, RC2_BLOCK_SIZE); + size -= RC2_BLOCK_SIZE; + in += RC2_BLOCK_SIZE; + out += RC2_BLOCK_SIZE; + } + if (size) { + memcpy(tmp, in, RC2_BLOCK_SIZE); + RC2_decryptc(tmp, out, key); + for (i = 0; i < size; i++) + out[i] ^= iv[i]; + memcpy(iv, tmp, RC2_BLOCK_SIZE); + } + } +} diff --git a/source4/heimdal/lib/des/rc2.h b/source4/heimdal/lib/des/rc2.h new file mode 100755 index 0000000000..3ff44dca01 --- /dev/null +++ b/source4/heimdal/lib/des/rc2.h @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: rc2.h,v 1.1 2004/04/23 19:23:00 lha Exp $ */ + +#define RC2_ENCRYPT 1 +#define RC2_DECRYPT 0 + +#define RC2_BLOCK_SIZE 8 +#define RC2_BLOCK RC2_BLOCK_SIZE +#define RC2_KEY_LENGTH 16 + +typedef struct rc2_key { + unsigned int data[64]; +} RC2_KEY; + +#ifdef __cplusplus +extern "C" { +#endif + +void RC2_set_key(RC2_KEY *, int, const unsigned char *,int); + +void RC2_encryptc(unsigned char *, unsigned char *, const RC2_KEY *); +void RC2_decryptc(unsigned char *, unsigned char *, const RC2_KEY *); + +void RC2_cbc_encrypt(const unsigned char *, unsigned char *, long, + RC2_KEY *, unsigned char *, int); + +#ifdef __cplusplus +} +#endif diff --git a/source4/heimdal/lib/des/rc4.c b/source4/heimdal/lib/des/rc4.c new file mode 100755 index 0000000000..17d4b021ff --- /dev/null +++ b/source4/heimdal/lib/des/rc4.c @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* implemented from description in draft-kaukonen-cipher-arcfour-03.txt */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: rc4.c,v 1.1 2004/03/25 16:40:59 lha Exp $"); +#endif + +#include + +#define SWAP(k,x,y) \ +{ unsigned int _t; \ + _t = k->state[x]; \ + k->state[x] = k->state[y]; \ + k->state[y] = _t; \ +} + +void +RC4_set_key(RC4_KEY *key, const int len, unsigned char *data) +{ + int i, j; + + for (i = 0; i < 256; i++) + key->state[i] = i; + for (i = 0, j = 0; i < 256; i++) { + j = (j + key->state[i] + data[i % len]) % 256; + SWAP(key, i, j); + } + key->x = key->y = 0; +} + +void +RC4(RC4_KEY *key, const int len, const unsigned char *in, unsigned char *out) +{ + int i, t; + unsigned x, y; + + x = key->x; + y = key->y; + for (i = 0; i < len; i++) { + x = (x + 1) % 256; + y = (y + key->state[x]) % 256; + SWAP(key, x, y); + t = (key->state[x] + key->state[y]) % 256; + *out++ = key->state[t] ^ *in++; + } + key->x = x; + key->y = y; +} diff --git a/source4/heimdal/lib/des/rc4.h b/source4/heimdal/lib/des/rc4.h new file mode 100644 index 0000000000..a39e79f236 --- /dev/null +++ b/source4/heimdal/lib/des/rc4.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: rc4.h,v 1.3 2004/03/25 16:39:58 lha Exp $ */ + +typedef struct rc4_key { + unsigned int x, y; + unsigned int state[256]; +} RC4_KEY; + +void RC4_set_key(RC4_KEY *, const int, unsigned char *); +void RC4(RC4_KEY *, const int, const unsigned char *, unsigned char *); diff --git a/source4/heimdal/lib/des/rijndael-alg-fst.c b/source4/heimdal/lib/des/rijndael-alg-fst.c new file mode 100755 index 0000000000..65b36ab741 --- /dev/null +++ b/source4/heimdal/lib/des/rijndael-alg-fst.c @@ -0,0 +1,1231 @@ +/* $NetBSD: rijndael-alg-fst.c,v 1.5 2001/11/13 01:40:10 lukem Exp $ */ +/* $KAME: rijndael-alg-fst.c,v 1.10 2003/07/15 10:47:16 itojun Exp $ */ +/** + * rijndael-alg-fst.c + * + * @version 3.0 (December 2000) + * + * Optimised ANSI C code for the Rijndael cipher (now AES) + * + * @author Vincent Rijmen + * @author Antoon Bosselaers + * @author Paulo Barreto + * + * This code is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* "$NetBSD: rijndael-alg-fst.c,v 1.5 2001/11/13 01:40:10 lukem Exp $" */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: rijndael-alg-fst.c,v 1.2 2004/06/02 20:09:48 lha Exp $"); +#endif + +#ifdef KRB5 +#include +#endif + +#include + +/* the file should not be used from outside */ +typedef u_int8_t u8; +typedef u_int16_t u16; +typedef u_int32_t u32; + +/* +Te0[x] = S [x].[02, 01, 01, 03]; +Te1[x] = S [x].[03, 02, 01, 01]; +Te2[x] = S [x].[01, 03, 02, 01]; +Te3[x] = S [x].[01, 01, 03, 02]; +Te4[x] = S [x].[01, 01, 01, 01]; + +Td0[x] = Si[x].[0e, 09, 0d, 0b]; +Td1[x] = Si[x].[0b, 0e, 09, 0d]; +Td2[x] = Si[x].[0d, 0b, 0e, 09]; +Td3[x] = Si[x].[09, 0d, 0b, 0e]; +Td4[x] = Si[x].[01, 01, 01, 01]; +*/ + +static const u32 Te0[256] = { + 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, + 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, + 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, + 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, + 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, + 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, + 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, + 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, + 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, + 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, + 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, + 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, + 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, + 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, + 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, + 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, + 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, + 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, + 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, + 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, + 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, + 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, + 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, + 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, + 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, + 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, + 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, + 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, + 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, + 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, + 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, + 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, + 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, + 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, + 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, + 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, + 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, + 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, + 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, + 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, + 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, + 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, + 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, + 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, + 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, + 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, + 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, + 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, + 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, + 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, + 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, + 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, + 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, + 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, + 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, + 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, + 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, + 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, + 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, + 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, + 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, + 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, + 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, + 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, +}; +static const u32 Te1[256] = { + 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, + 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, + 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, + 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, + 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, + 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, + 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, + 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, + 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, + 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, + 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, + 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, + 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, + 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, + 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, + 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, + 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, + 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, + 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, + 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, + 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, + 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, + 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, + 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, + 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, + 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, + 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, + 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, + 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, + 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, + 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, + 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, + 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, + 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, + 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, + 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, + 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, + 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, + 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, + 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, + 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, + 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, + 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, + 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, + 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, + 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, + 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, + 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, + 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, + 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, + 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, + 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, + 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, + 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, + 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, + 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, + 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, + 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, + 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, + 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, + 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, + 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, + 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, + 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, +}; +static const u32 Te2[256] = { + 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, + 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, + 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, + 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, + 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, + 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, + 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, + 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, + 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, + 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, + 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, + 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, + 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, + 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, + 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, + 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, + 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, + 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, + 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, + 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, + 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, + 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, + 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, + 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, + 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, + 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, + 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, + 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, + 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, + 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, + 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, + 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, + 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, + 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, + 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, + 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, + 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, + 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, + 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, + 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, + 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, + 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, + 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, + 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, + 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, + 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, + 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, + 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, + 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, + 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, + 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, + 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, + 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, + 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, + 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, + 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, + 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, + 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, + 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, + 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, + 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, + 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, + 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, + 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, +}; +static const u32 Te3[256] = { + + 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, + 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, + 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, + 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, + 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, + 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, + 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, + 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, + 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, + 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, + 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, + 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, + 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, + 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, + 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, + 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, + 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, + 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, + 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, + 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, + 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, + 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, + 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, + 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, + 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, + 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, + 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, + 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, + 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, + 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, + 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, + 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, + 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, + 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, + 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, + 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, + 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, + 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, + 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, + 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, + 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, + 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, + 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, + 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, + 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, + 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, + 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, + 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, + 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, + 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, + 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, + 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, + 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, + 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, + 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, + 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, + 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, + 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, + 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, + 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, + 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, + 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, + 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, + 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, +}; +static const u32 Te4[256] = { + 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, + 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, + 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, + 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, + 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, + 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, + 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, + 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, + 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, + 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, + 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, + 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, + 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, + 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, + 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, + 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, + 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, + 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, + 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, + 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, + 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, + 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, + 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, + 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, + 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, + 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, + 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, + 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, + 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, + 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, + 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, + 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, + 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, + 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, + 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, + 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, + 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, + 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, + 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, + 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, + 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, + 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, + 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, + 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, + 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, + 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, + 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, + 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, + 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, + 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, + 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, + 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, + 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, + 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, + 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, + 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, + 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, + 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, + 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, + 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, + 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, + 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, + 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, + 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, +}; +static const u32 Td0[256] = { + 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, + 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, + 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, + 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, + 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, + 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, + 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, + 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, + 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, + 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, + 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, + 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, + 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, + 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, + 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, + 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, + 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, + 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, + 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, + 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, + 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, + 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, + 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, + 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, + 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, + 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, + 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, + 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, + 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, + 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, + 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, + 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, + 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, + 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, + 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, + 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, + 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, + 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, + 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, + 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, + 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, + 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, + 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, + 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, + 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, + 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, + 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, + 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, + 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, + 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, + 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, + 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, + 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, + 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, + 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, + 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, + 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, + 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, + 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, + 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, + 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, + 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, + 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, + 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, +}; +static const u32 Td1[256] = { + 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, + 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, + 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, + 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, + 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, + 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, + 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, + 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, + 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, + 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, + 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, + 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, + 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, + 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, + 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, + 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, + 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, + 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, + 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, + 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, + 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, + 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, + 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, + 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, + 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, + 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, + 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, + 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, + 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, + 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, + 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, + 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, + 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, + 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, + 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, + 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, + 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, + 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, + 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, + 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, + 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, + 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, + 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, + 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, + 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, + 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, + 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, + 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, + 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, + 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, + 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, + 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, + 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, + 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, + 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, + 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, + 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, + 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, + 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, + 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, + 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, + 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, + 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, + 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, +}; +static const u32 Td2[256] = { + 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, + 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, + 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, + 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, + 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, + 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, + 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, + 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, + 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, + 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, + 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, + 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, + 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, + 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, + 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, + 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, + 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, + 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, + 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, + 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, + + 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, + 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, + 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, + 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, + 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, + 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, + 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, + 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, + 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, + 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, + 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, + 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, + 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, + 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, + 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, + 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, + 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, + 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, + 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, + 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, + 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, + 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, + 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, + 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, + 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, + 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, + 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, + 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, + 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, + 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, + 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, + 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, + 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, + 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, + 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, + 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, + 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, + 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, + 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, + 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, + 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, + 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, + 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, + 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, +}; +static const u32 Td3[256] = { + 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, + 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, + 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, + 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, + 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, + 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, + 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, + 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, + 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, + 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, + 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, + 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, + 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, + 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, + 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, + 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, + 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, + 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, + 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, + 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, + 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, + 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, + 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, + 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, + 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, + 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, + 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, + 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, + 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, + 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, + 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, + 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, + 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, + 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, + 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, + 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, + 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, + 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, + 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, + 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, + 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, + 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, + 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, + 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, + 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, + 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, + 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, + 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, + 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, + 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, + 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, + 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, + 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, + 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, + 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, + 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, + 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, + 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, + 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, + 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, + 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, + 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, + 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, + 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, +}; +static const u32 Td4[256] = { + 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, + 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, + 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, + 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, + 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, + 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, + 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, + 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, + 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, + 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, + 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, + 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, + 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, + 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, + 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, + 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, + 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, + 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, + 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, + 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, + 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, + 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, + 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, + 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, + 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, + 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, + 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, + 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, + 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, + 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, + 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, + 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, + 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, + 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, + 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, + 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, + 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, + 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, + 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, + 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, + 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, + 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, + 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, + 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, + 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, + 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, + 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, + 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, + 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, + 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, + 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, + 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, + 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, + 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, + 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, + 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, + 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, + 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, + 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, + 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, + 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, + 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, + 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, + 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU, +}; +static const u32 rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000, + 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ +}; + +#define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) + +#ifdef _MSC_VER +#define GETU32(p) SWAP(*((u32 *)(p))) +#define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } +#else +#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) +#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } +#endif + +/** + * Expand the cipher key into the encryption key schedule. + * + * @return the number of rounds for the given cipher key size. + */ +int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) { + int i = 0; + u32 temp; + + rk[0] = GETU32(cipherKey ); + rk[1] = GETU32(cipherKey + 4); + rk[2] = GETU32(cipherKey + 8); + rk[3] = GETU32(cipherKey + 12); + if (keyBits == 128) { + for (;;) { + temp = rk[3]; + rk[4] = rk[0] ^ + (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te4[(temp ) & 0xff] & 0x0000ff00) ^ + (Te4[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + if (++i == 10) { + return 10; + } + rk += 4; + } + } + rk[4] = GETU32(cipherKey + 16); + rk[5] = GETU32(cipherKey + 20); + if (keyBits == 192) { + for (;;) { + temp = rk[ 5]; + rk[ 6] = rk[ 0] ^ + (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te4[(temp ) & 0xff] & 0x0000ff00) ^ + (Te4[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[ 7] = rk[ 1] ^ rk[ 6]; + rk[ 8] = rk[ 2] ^ rk[ 7]; + rk[ 9] = rk[ 3] ^ rk[ 8]; + if (++i == 8) { + return 12; + } + rk[10] = rk[ 4] ^ rk[ 9]; + rk[11] = rk[ 5] ^ rk[10]; + rk += 6; + } + } + rk[6] = GETU32(cipherKey + 24); + rk[7] = GETU32(cipherKey + 28); + if (keyBits == 256) { + for (;;) { + temp = rk[ 7]; + rk[ 8] = rk[ 0] ^ + (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te4[(temp ) & 0xff] & 0x0000ff00) ^ + (Te4[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[ 9] = rk[ 1] ^ rk[ 8]; + rk[10] = rk[ 2] ^ rk[ 9]; + rk[11] = rk[ 3] ^ rk[10]; + if (++i == 7) { + return 14; + } + temp = rk[11]; + rk[12] = rk[ 4] ^ + (Te4[(temp >> 24) ] & 0xff000000) ^ + (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(temp ) & 0xff] & 0x000000ff); + rk[13] = rk[ 5] ^ rk[12]; + rk[14] = rk[ 6] ^ rk[13]; + rk[15] = rk[ 7] ^ rk[14]; + + rk += 8; + } + } + return 0; +} + +/** + * Expand the cipher key into the decryption key schedule. + * + * @return the number of rounds for the given cipher key size. + */ +int rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) { + int Nr, i, j; + u32 temp; + + /* expand the cipher key: */ + Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits); + /* invert the order of the round keys: */ + for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) { + temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; + temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; + temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; + temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; + } + /* apply the inverse MixColumn transform to all round keys but the first and the last: */ + for (i = 1; i < Nr; i++) { + rk += 4; + rk[0] = + Td0[Te4[(rk[0] >> 24) ] & 0xff] ^ + Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[0] ) & 0xff] & 0xff]; + rk[1] = + Td0[Te4[(rk[1] >> 24) ] & 0xff] ^ + Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[1] ) & 0xff] & 0xff]; + rk[2] = + Td0[Te4[(rk[2] >> 24) ] & 0xff] ^ + Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[2] ) & 0xff] & 0xff]; + rk[3] = + Td0[Te4[(rk[3] >> 24) ] & 0xff] ^ + Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[3] ) & 0xff] & 0xff]; + } + return Nr; +} + +void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]) { + u32 s0, s1, s2, s3, t0, t1, t2, t3; +#ifndef FULL_UNROLL + int r; +#endif /* ?FULL_UNROLL */ + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(pt ) ^ rk[0]; + s1 = GETU32(pt + 4) ^ rk[1]; + s2 = GETU32(pt + 8) ^ rk[2]; + s3 = GETU32(pt + 12) ^ rk[3]; +#ifdef FULL_UNROLL + /* round 1: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; + /* round 2: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; + /* round 3: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; + /* round 4: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; + /* round 5: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; + /* round 6: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; + /* round 7: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; + /* round 8: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; + /* round 9: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; + if (Nr > 10) { + /* round 10: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43]; + /* round 11: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47]; + if (Nr > 12) { + /* round 12: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51]; + /* round 13: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55]; + } + } + rk += Nr << 2; +#else /* !FULL_UNROLL */ + /* + * Nr - 1 full rounds: + */ + r = Nr >> 1; + for (;;) { + t0 = + Te0[(s0 >> 24) ] ^ + Te1[(s1 >> 16) & 0xff] ^ + Te2[(s2 >> 8) & 0xff] ^ + Te3[(s3 ) & 0xff] ^ + rk[4]; + t1 = + Te0[(s1 >> 24) ] ^ + Te1[(s2 >> 16) & 0xff] ^ + Te2[(s3 >> 8) & 0xff] ^ + Te3[(s0 ) & 0xff] ^ + rk[5]; + t2 = + Te0[(s2 >> 24) ] ^ + Te1[(s3 >> 16) & 0xff] ^ + Te2[(s0 >> 8) & 0xff] ^ + Te3[(s1 ) & 0xff] ^ + rk[6]; + t3 = + Te0[(s3 >> 24) ] ^ + Te1[(s0 >> 16) & 0xff] ^ + Te2[(s1 >> 8) & 0xff] ^ + Te3[(s2 ) & 0xff] ^ + rk[7]; + + rk += 8; + if (--r == 0) { + break; + } + + s0 = + Te0[(t0 >> 24) ] ^ + Te1[(t1 >> 16) & 0xff] ^ + Te2[(t2 >> 8) & 0xff] ^ + Te3[(t3 ) & 0xff] ^ + rk[0]; + s1 = + Te0[(t1 >> 24) ] ^ + Te1[(t2 >> 16) & 0xff] ^ + Te2[(t3 >> 8) & 0xff] ^ + Te3[(t0 ) & 0xff] ^ + rk[1]; + s2 = + Te0[(t2 >> 24) ] ^ + Te1[(t3 >> 16) & 0xff] ^ + Te2[(t0 >> 8) & 0xff] ^ + Te3[(t1 ) & 0xff] ^ + rk[2]; + s3 = + Te0[(t3 >> 24) ] ^ + Te1[(t0 >> 16) & 0xff] ^ + Te2[(t1 >> 8) & 0xff] ^ + Te3[(t2 ) & 0xff] ^ + rk[3]; + } +#endif /* ?FULL_UNROLL */ + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = + (Te4[(t0 >> 24) ] & 0xff000000) ^ + (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t3 ) & 0xff] & 0x000000ff) ^ + rk[0]; + PUTU32(ct , s0); + s1 = + (Te4[(t1 >> 24) ] & 0xff000000) ^ + (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t0 ) & 0xff] & 0x000000ff) ^ + rk[1]; + PUTU32(ct + 4, s1); + s2 = + (Te4[(t2 >> 24) ] & 0xff000000) ^ + (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t1 ) & 0xff] & 0x000000ff) ^ + rk[2]; + PUTU32(ct + 8, s2); + s3 = + (Te4[(t3 >> 24) ] & 0xff000000) ^ + (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t2 ) & 0xff] & 0x000000ff) ^ + rk[3]; + PUTU32(ct + 12, s3); +} + +void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]) { + u32 s0, s1, s2, s3, t0, t1, t2, t3; +#ifndef FULL_UNROLL + int r; +#endif /* ?FULL_UNROLL */ + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(ct ) ^ rk[0]; + s1 = GETU32(ct + 4) ^ rk[1]; + s2 = GETU32(ct + 8) ^ rk[2]; + s3 = GETU32(ct + 12) ^ rk[3]; +#ifdef FULL_UNROLL + /* round 1: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7]; + /* round 2: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11]; + /* round 3: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15]; + /* round 4: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19]; + /* round 5: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23]; + /* round 6: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27]; + /* round 7: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31]; + /* round 8: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35]; + /* round 9: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39]; + if (Nr > 10) { + /* round 10: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43]; + /* round 11: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47]; + if (Nr > 12) { + /* round 12: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51]; + /* round 13: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; + } + } + rk += Nr << 2; +#else /* !FULL_UNROLL */ + /* + * Nr - 1 full rounds: + */ + r = Nr >> 1; + for (;;) { + t0 = + Td0[(s0 >> 24) ] ^ + Td1[(s3 >> 16) & 0xff] ^ + Td2[(s2 >> 8) & 0xff] ^ + Td3[(s1 ) & 0xff] ^ + rk[4]; + t1 = + Td0[(s1 >> 24) ] ^ + Td1[(s0 >> 16) & 0xff] ^ + Td2[(s3 >> 8) & 0xff] ^ + Td3[(s2 ) & 0xff] ^ + rk[5]; + t2 = + Td0[(s2 >> 24) ] ^ + Td1[(s1 >> 16) & 0xff] ^ + Td2[(s0 >> 8) & 0xff] ^ + Td3[(s3 ) & 0xff] ^ + rk[6]; + t3 = + Td0[(s3 >> 24) ] ^ + Td1[(s2 >> 16) & 0xff] ^ + Td2[(s1 >> 8) & 0xff] ^ + Td3[(s0 ) & 0xff] ^ + rk[7]; + + rk += 8; + if (--r == 0) { + break; + } + + s0 = + Td0[(t0 >> 24) ] ^ + Td1[(t3 >> 16) & 0xff] ^ + Td2[(t2 >> 8) & 0xff] ^ + Td3[(t1 ) & 0xff] ^ + rk[0]; + s1 = + Td0[(t1 >> 24) ] ^ + Td1[(t0 >> 16) & 0xff] ^ + Td2[(t3 >> 8) & 0xff] ^ + Td3[(t2 ) & 0xff] ^ + rk[1]; + s2 = + Td0[(t2 >> 24) ] ^ + Td1[(t1 >> 16) & 0xff] ^ + Td2[(t0 >> 8) & 0xff] ^ + Td3[(t3 ) & 0xff] ^ + rk[2]; + s3 = + Td0[(t3 >> 24) ] ^ + Td1[(t2 >> 16) & 0xff] ^ + Td2[(t1 >> 8) & 0xff] ^ + Td3[(t0 ) & 0xff] ^ + rk[3]; + } +#endif /* ?FULL_UNROLL */ + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = + (Td4[(t0 >> 24) ] & 0xff000000) ^ + (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t1 ) & 0xff] & 0x000000ff) ^ + rk[0]; + PUTU32(pt , s0); + s1 = + (Td4[(t1 >> 24) ] & 0xff000000) ^ + (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t2 ) & 0xff] & 0x000000ff) ^ + rk[1]; + PUTU32(pt + 4, s1); + s2 = + (Td4[(t2 >> 24) ] & 0xff000000) ^ + (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t3 ) & 0xff] & 0x000000ff) ^ + rk[2]; + PUTU32(pt + 8, s2); + s3 = + (Td4[(t3 >> 24) ] & 0xff000000) ^ + (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t0 ) & 0xff] & 0x000000ff) ^ + rk[3]; + PUTU32(pt + 12, s3); +} diff --git a/source4/heimdal/lib/des/rijndael-alg-fst.h b/source4/heimdal/lib/des/rijndael-alg-fst.h new file mode 100755 index 0000000000..028111094d --- /dev/null +++ b/source4/heimdal/lib/des/rijndael-alg-fst.h @@ -0,0 +1,40 @@ +/* $NetBSD: rijndael-alg-fst.h,v 1.2 2000/10/02 17:19:15 itojun Exp $ */ +/* $KAME: rijndael-alg-fst.h,v 1.5 2003/07/15 10:47:16 itojun Exp $ */ +/** + * rijndael-alg-fst.h + * + * @version 3.0 (December 2000) + * + * Optimised ANSI C code for the Rijndael cipher (now AES) + * + * @author Vincent Rijmen + * @author Antoon Bosselaers + * @author Paulo Barreto + * + * This code is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef __RIJNDAEL_ALG_FST_H +#define __RIJNDAEL_ALG_FST_H + +#define RIJNDAEL_MAXKC (256/32) +#define RIJNDAEL_MAXKB (256/8) +#define RIJNDAEL_MAXNR 14 + +int rijndaelKeySetupEnc(u_int32_t rk[/*4*(Nr + 1)*/], const u_int8_t cipherKey[], int keyBits); +int rijndaelKeySetupDec(u_int32_t rk[/*4*(Nr + 1)*/], const u_int8_t cipherKey[], int keyBits); +void rijndaelEncrypt(const u_int32_t rk[/*4*(Nr + 1)*/], int Nr, const u_int8_t pt[16], u_int8_t ct[16]); +void rijndaelDecrypt(const u_int32_t rk[/*4*(Nr + 1)*/], int Nr, const u_int8_t ct[16], u_int8_t pt[16]); + +#endif /* __RIJNDAEL_ALG_FST_H */ diff --git a/source4/heimdal/lib/des/rnd_keys.c b/source4/heimdal/lib/des/rnd_keys.c new file mode 100644 index 0000000000..49d8838a10 --- /dev/null +++ b/source4/heimdal/lib/des/rnd_keys.c @@ -0,0 +1,503 @@ +/* + * Copyright (c) 1995, 1996, 1997, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: rnd_keys.c,v 1.68 2005/06/29 22:28:10 lha Exp $"); +#endif + +#ifdef KRB5 +#include +#endif +#include + +#include +#include + +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif + +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_IO_H +#include +#endif + +#ifdef HAVE_SIGNAL_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif + +/* + * Generate "random" data by checksumming a file. + * + * Returns -1 if there were any problems with permissions or I/O + * errors. + */ +static +int +sumFile (const char *name, int len, void *res) +{ + u_int32_t sum[2] = { 0, 0 }; + u_int32_t buf[1024*2]; + int fd, i; + + fd = open (name, 0); + if (fd < 0) + return -1; + + while (len > 0) + { + int n = read(fd, buf, sizeof(buf)); + if (n < 0) + { + close(fd); + return n; + } + for (i = 0; i < (n/sizeof(buf[0])); i++) + { + sum[0] += buf[i]; + i++; + sum[1] += buf[i]; + } + len -= n; + } + close (fd); + memcpy (res, &sum, sizeof(sum)); + return 0; +} + +#if 0 +static +int +md5sumFile (const char *name, int len, int32_t sum[4]) +{ + int32_t buf[1024*2]; + int fd, cnt; + struct md5 md5; + + fd = open (name, 0); + if (fd < 0) + return -1; + + md5_init(&md5); + while (len > 0) + { + int n = read(fd, buf, sizeof(buf)); + if (n < 0) + { + close(fd); + return n; + } + md5_update(&md5, buf, n); + len -= n; + } + md5_finito(&md5, (unsigned char *)sum); + close (fd); + return 0; +} +#endif + +/* + * Create a sequence of random 64 bit blocks. + * The sequence is indexed with a long long and + * based on an initial des key used as a seed. + */ +static DES_key_schedule sequence_seed; +static u_int32_t sequence_index[2]; + +/* + * Random number generator based on ideas from truerand in cryptolib + * as described on page 424 in Applied Cryptography 2 ed. by Bruce + * Schneier. + */ + +static volatile int counter; +static volatile unsigned char *gdata; /* Global data */ +static volatile int igdata; /* Index into global data */ +static int gsize; + +#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__) +/* Visual C++ 4.0 (Windows95/NT) */ + +static +RETSIGTYPE +sigALRM(int sig) +{ + if (igdata < gsize) + gdata[igdata++] ^= counter & 0xff; + +#ifndef HAVE_SIGACTION + signal(SIGALRM, sigALRM); /* Reinstall SysV signal handler */ +#endif + SIGRETURN(0); +} + +#endif + +#if !defined(HAVE_RANDOM) && defined(HAVE_RAND) +#ifndef srandom +#define srandom srand +#endif +#ifndef random +#define random rand +#endif +#endif + +#if !defined(HAVE_SETITIMER) || defined(WIN32) || defined(__EMX__) || defined(__OS2__) || defined(__CYGWIN32__) +static void +des_not_rand_data(unsigned char *data, int size) +{ + int i; + + srandom (time (NULL)); + + for(i = 0; i < size; ++i) + data[i] ^= random() % 0x100; +} +#endif + +#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__) + +#ifndef HAVE_SETITIMER +static void +pacemaker(struct timeval *tv) +{ + fd_set fds; + pid_t pid; + pid = getppid(); + while(1){ + FD_ZERO(&fds); + FD_SET(0, &fds); + select(1, &fds, NULL, NULL, tv); + kill(pid, SIGALRM); + } +} +#endif + +#ifdef HAVE_SIGACTION +/* XXX ugly hack, should perhaps use function from roken */ +static RETSIGTYPE +(*fake_signal(int sig, RETSIGTYPE (*f)(int)))(int) +{ + struct sigaction sa, osa; + sa.sa_handler = f; + sa.sa_flags = 0; + sigemptyset(&sa.sa_mask); + sigaction(sig, &sa, &osa); + return osa.sa_handler; +} +#define signal(S, F) fake_signal((S), (F)) +#endif + +/* + * Generate size bytes of "random" data using timed interrupts. + * It takes about 40ms/byte random data. + * It's not neccessary to be root to run it. + */ +void +DES_rand_data(unsigned char *data, int size) +{ + struct itimerval tv, otv; + RETSIGTYPE (*osa)(int); + int i, j; +#ifndef HAVE_SETITIMER + RETSIGTYPE (*ochld)(int); + pid_t pid; +#endif + const char *rnd_devices[] = {"/dev/random", + "/dev/srandom", + "/dev/urandom", + "/dev/arandom", + NULL}; + const char **p; + + for(p = rnd_devices; *p; p++) { + int fd = open(*p, O_RDONLY | O_NDELAY); + + if(fd >= 0 && read(fd, data, size) == size) { + close(fd); + return; + } + close(fd); + } + + /* Paranoia? Initialize data from /dev/mem if we can read it. */ + if (size >= 8) + sumFile("/dev/mem", (1024*1024*2), data); + + gdata = data; + gsize = size; + igdata = 0; + + osa = signal(SIGALRM, sigALRM); + + /* Start timer */ + tv.it_value.tv_sec = 0; + tv.it_value.tv_usec = 10 * 1000; /* 10 ms */ + tv.it_interval = tv.it_value; +#ifdef HAVE_SETITIMER + setitimer(ITIMER_REAL, &tv, &otv); +#else + ochld = signal(SIGCHLD, SIG_IGN); + pid = fork(); + if(pid == -1){ + signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL); + des_not_rand_data(data, size); + return; + } + if(pid == 0) + pacemaker(&tv.it_interval); +#endif + + for(i = 0; i < 4; i++) { + for (igdata = 0; igdata < size;) /* igdata++ in sigALRM */ + counter++; + for (j = 0; j < size; j++) /* Only use 2 bits each lap */ + gdata[j] = (gdata[j]>>2) | (gdata[j]<<6); + } +#ifdef HAVE_SETITIMER + setitimer(ITIMER_REAL, &otv, 0); +#else + kill(pid, SIGKILL); + while(waitpid(pid, NULL, 0) != pid); + signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL); +#endif + signal(SIGALRM, osa != SIG_ERR ? osa : SIG_DFL); +} +#else +void +DES_rand_data(unsigned char *p, int s) +{ + des_not_rand_data (p, s); +} +#endif + +void +DES_generate_random_block(DES_cblock *block) +{ + DES_rand_data((unsigned char *)block, sizeof(*block)); +} + +void +DES_rand_data_key(DES_cblock *key); + +/* + * Generate a "random" DES key. + */ +void +DES_rand_data_key(DES_cblock *key) +{ + unsigned char data[8]; + DES_key_schedule sched; + do { + DES_rand_data(data, sizeof(data)); + DES_rand_data((unsigned char*)key, sizeof(DES_cblock)); + DES_set_odd_parity(key); + DES_set_key(key, &sched); + DES_ecb_encrypt(&data, key, &sched, DES_ENCRYPT); + memset(&data, 0, sizeof(data)); + memset(&sched, 0, sizeof(sched)); + DES_set_odd_parity(key); + } while(DES_is_weak_key(key)); +} + +/* + * Generate "random" data by checksumming /dev/mem + * + * It's neccessary to be root to run it. Returns -1 if there were any + * problems with permissions. + */ +int +DES_mem_rand8(unsigned char *data); + +int +DES_mem_rand8(unsigned char *data) +{ + return 1; +} + +/* + * In case the generator does not get initialized use this as fallback. + */ +static int initialized; + +static void +do_initialize(void) +{ + DES_cblock default_seed; + do { + DES_generate_random_block(&default_seed); + DES_set_odd_parity(&default_seed); + } while (DES_is_weak_key(&default_seed)); + DES_init_random_number_generator(&default_seed); +} + +#define zero_long_long(ll) do { ll[0] = ll[1] = 0; } while (0) + +#define incr_long_long(ll) do { if (++ll[0] == 0) ++ll[1]; } while (0) + +#define set_sequence_number(ll) \ +memcpy((char *)sequence_index, (ll), sizeof(sequence_index)); + +/* + * Set the sequnce number to this value (a long long). + */ +void +DES_set_sequence_number(unsigned char *ll) +{ + set_sequence_number(ll); +} + +/* + * Set the generator seed and reset the sequence number to 0. + */ +void +DES_set_random_generator_seed(DES_cblock *seed) +{ + DES_set_key(seed, &sequence_seed); + zero_long_long(sequence_index); + initialized = 1; +} + +/* + * Generate a sequence of random des keys + * using the random block sequence, fixup + * parity and skip weak keys. + */ +int +DES_new_random_key(DES_cblock *key) +{ + if (!initialized) + do_initialize(); + + do { + DES_ecb_encrypt((DES_cblock *) sequence_index, + key, + &sequence_seed, + DES_ENCRYPT); + incr_long_long(sequence_index); + /* random key must have odd parity and not be weak */ + DES_set_odd_parity(key); + } while (DES_is_weak_key(key)); + return(0); +} + +/* + * des_init_random_number_generator: + * + * Initialize the sequence of random 64 bit blocks. The input seed + * can be a secret key since it should be well hidden and is also not + * kept. + * + */ +void +DES_init_random_number_generator(DES_cblock *seed) +{ + struct timeval now; + DES_cblock uniq; + DES_cblock new_key; + + gettimeofday(&now, (struct timezone *)0); + DES_generate_random_block(&uniq); + + /* Pick a unique random key from the shared sequence. */ + DES_set_random_generator_seed(seed); + set_sequence_number((unsigned char *)&uniq); + DES_new_random_key(&new_key); + + /* Select a new nonshared sequence, */ + DES_set_random_generator_seed(&new_key); + + /* and use the current time to pick a key for the new sequence. */ + set_sequence_number((unsigned char *)&now); + DES_new_random_key(&new_key); + DES_set_random_generator_seed(&new_key); +} + +/* This is for backwards compatibility. */ +void +DES_random_key(DES_cblock *ret) +{ + DES_new_random_key(ret); +} + +#ifdef TESTRUN +int +main() +{ + unsigned char data[8]; + int i; + + while (1) + { + if (sumFile("/dev/mem", (1024*1024*8), data) != 0) + { perror("sumFile"); exit(1); } + for (i = 0; i < 8; i++) + printf("%02x", data[i]); + printf("\n"); + } +} +#endif + +#ifdef TESTRUN2 +int +main() +{ + DES_cblock data; + int i; + + while (1) + { + do_initialize(); + DES_random_key(data); + for (i = 0; i < 8; i++) + printf("%02x", data[i]); + printf("\n"); + } +} +#endif diff --git a/source4/heimdal/lib/des/sha.c b/source4/heimdal/lib/des/sha.c new file mode 100644 index 0000000000..ca6c1c16d4 --- /dev/null +++ b/source4/heimdal/lib/des/sha.c @@ -0,0 +1,300 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: sha.c,v 1.18 2005/04/27 11:55:05 lha Exp $"); +#endif + +#include "hash.h" +#include "sha.h" + +#define A m->counter[0] +#define B m->counter[1] +#define C m->counter[2] +#define D m->counter[3] +#define E m->counter[4] +#define X data + +void +SHA1_Init (struct sha *m) +{ + m->sz[0] = 0; + m->sz[1] = 0; + A = 0x67452301; + B = 0xefcdab89; + C = 0x98badcfe; + D = 0x10325476; + E = 0xc3d2e1f0; +} + + +#define F0(x,y,z) CRAYFIX((x & y) | (~x & z)) +#define F1(x,y,z) (x ^ y ^ z) +#define F2(x,y,z) ((x & y) | (x & z) | (y & z)) +#define F3(x,y,z) F1(x,y,z) + +#define K0 0x5a827999 +#define K1 0x6ed9eba1 +#define K2 0x8f1bbcdc +#define K3 0xca62c1d6 + +#define DO(t,f,k) \ +do { \ + u_int32_t temp; \ + \ + temp = cshift(AA, 5) + f(BB,CC,DD) + EE + data[t] + k; \ + EE = DD; \ + DD = CC; \ + CC = cshift(BB, 30); \ + BB = AA; \ + AA = temp; \ +} while(0) + +static inline void +calc (struct sha *m, u_int32_t *in) +{ + u_int32_t AA, BB, CC, DD, EE; + u_int32_t data[80]; + int i; + + AA = A; + BB = B; + CC = C; + DD = D; + EE = E; + + for (i = 0; i < 16; ++i) + data[i] = in[i]; + for (i = 16; i < 80; ++i) + data[i] = cshift(data[i-3] ^ data[i-8] ^ data[i-14] ^ data[i-16], 1); + + /* t=[0,19] */ + + DO(0,F0,K0); + DO(1,F0,K0); + DO(2,F0,K0); + DO(3,F0,K0); + DO(4,F0,K0); + DO(5,F0,K0); + DO(6,F0,K0); + DO(7,F0,K0); + DO(8,F0,K0); + DO(9,F0,K0); + DO(10,F0,K0); + DO(11,F0,K0); + DO(12,F0,K0); + DO(13,F0,K0); + DO(14,F0,K0); + DO(15,F0,K0); + DO(16,F0,K0); + DO(17,F0,K0); + DO(18,F0,K0); + DO(19,F0,K0); + + /* t=[20,39] */ + + DO(20,F1,K1); + DO(21,F1,K1); + DO(22,F1,K1); + DO(23,F1,K1); + DO(24,F1,K1); + DO(25,F1,K1); + DO(26,F1,K1); + DO(27,F1,K1); + DO(28,F1,K1); + DO(29,F1,K1); + DO(30,F1,K1); + DO(31,F1,K1); + DO(32,F1,K1); + DO(33,F1,K1); + DO(34,F1,K1); + DO(35,F1,K1); + DO(36,F1,K1); + DO(37,F1,K1); + DO(38,F1,K1); + DO(39,F1,K1); + + /* t=[40,59] */ + + DO(40,F2,K2); + DO(41,F2,K2); + DO(42,F2,K2); + DO(43,F2,K2); + DO(44,F2,K2); + DO(45,F2,K2); + DO(46,F2,K2); + DO(47,F2,K2); + DO(48,F2,K2); + DO(49,F2,K2); + DO(50,F2,K2); + DO(51,F2,K2); + DO(52,F2,K2); + DO(53,F2,K2); + DO(54,F2,K2); + DO(55,F2,K2); + DO(56,F2,K2); + DO(57,F2,K2); + DO(58,F2,K2); + DO(59,F2,K2); + + /* t=[60,79] */ + + DO(60,F3,K3); + DO(61,F3,K3); + DO(62,F3,K3); + DO(63,F3,K3); + DO(64,F3,K3); + DO(65,F3,K3); + DO(66,F3,K3); + DO(67,F3,K3); + DO(68,F3,K3); + DO(69,F3,K3); + DO(70,F3,K3); + DO(71,F3,K3); + DO(72,F3,K3); + DO(73,F3,K3); + DO(74,F3,K3); + DO(75,F3,K3); + DO(76,F3,K3); + DO(77,F3,K3); + DO(78,F3,K3); + DO(79,F3,K3); + + A += AA; + B += BB; + C += CC; + D += DD; + E += EE; +} + +/* + * From `Performance analysis of MD5' by Joseph D. Touch + */ + +#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) +static inline u_int32_t +swap_u_int32_t (u_int32_t t) +{ +#define ROL(x,n) ((x)<<(n))|((x)>>(32-(n))) + u_int32_t temp1, temp2; + + temp1 = cshift(t, 16); + temp2 = temp1 >> 8; + temp1 &= 0x00ff00ff; + temp2 &= 0x00ff00ff; + temp1 <<= 8; + return temp1 | temp2; +} +#endif + +struct x32{ + unsigned int a:32; + unsigned int b:32; +}; + +void +SHA1_Update (struct sha *m, const void *v, size_t len) +{ + const unsigned char *p = v; + size_t old_sz = m->sz[0]; + size_t offset; + + m->sz[0] += len * 8; + if (m->sz[0] < old_sz) + ++m->sz[1]; + offset = (old_sz / 8) % 64; + while(len > 0){ + size_t l = min(len, 64 - offset); + memcpy(m->save + offset, p, l); + offset += l; + p += l; + len -= l; + if(offset == 64){ +#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) + int i; + u_int32_t current[16]; + struct x32 *u = (struct x32*)m->save; + for(i = 0; i < 8; i++){ + current[2*i+0] = swap_u_int32_t(u[i].a); + current[2*i+1] = swap_u_int32_t(u[i].b); + } + calc(m, current); +#else + calc(m, (u_int32_t*)m->save); +#endif + offset = 0; + } + } +} + +void +SHA1_Final (void *res, struct sha *m) +{ + unsigned char zeros[72]; + unsigned offset = (m->sz[0] / 8) % 64; + unsigned int dstart = (120 - offset - 1) % 64 + 1; + + *zeros = 0x80; + memset (zeros + 1, 0, sizeof(zeros) - 1); + zeros[dstart+7] = (m->sz[0] >> 0) & 0xff; + zeros[dstart+6] = (m->sz[0] >> 8) & 0xff; + zeros[dstart+5] = (m->sz[0] >> 16) & 0xff; + zeros[dstart+4] = (m->sz[0] >> 24) & 0xff; + zeros[dstart+3] = (m->sz[1] >> 0) & 0xff; + zeros[dstart+2] = (m->sz[1] >> 8) & 0xff; + zeros[dstart+1] = (m->sz[1] >> 16) & 0xff; + zeros[dstart+0] = (m->sz[1] >> 24) & 0xff; + SHA1_Update (m, zeros, dstart + 8); + { + int i; + unsigned char *r = (unsigned char*)res; + + for (i = 0; i < 5; ++i) { + r[4*i+3] = m->counter[i] & 0xFF; + r[4*i+2] = (m->counter[i] >> 8) & 0xFF; + r[4*i+1] = (m->counter[i] >> 16) & 0xFF; + r[4*i] = (m->counter[i] >> 24) & 0xFF; + } + } +#if 0 + { + int i; + u_int32_t *r = (u_int32_t *)res; + + for (i = 0; i < 5; ++i) + r[i] = swap_u_int32_t (m->counter[i]); + } +#endif +} diff --git a/source4/heimdal/lib/des/sha.h b/source4/heimdal/lib/des/sha.h new file mode 100644 index 0000000000..77d84fbe6f --- /dev/null +++ b/source4/heimdal/lib/des/sha.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: sha.h,v 1.8 2005/04/10 19:18:13 lha Exp $ */ + +#ifndef HEIM_SHA_H +#define HEIM_SHA_H 1 + +struct sha { + unsigned int sz[2]; + u_int32_t counter[5]; + unsigned char save[64]; +}; + +typedef struct sha SHA_CTX; + +void SHA1_Init (struct sha *m); +void SHA1_Update (struct sha *m, const void *v, size_t len); +void SHA1_Final (void *res, struct sha *m); + +#endif /* HEIM_SHA_H */ diff --git a/source4/heimdal/lib/des/ui.c b/source4/heimdal/lib/des/ui.c new file mode 100644 index 0000000000..92538735c4 --- /dev/null +++ b/source4/heimdal/lib/des/ui.c @@ -0,0 +1,154 @@ +/* + * Copyright (c) 1997 - 2000, 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: ui.c,v 1.4 2005/04/30 14:10:18 lha Exp $"); +#endif + +#include +#include +#include +#include +#include +#include + +#include + +static sig_atomic_t intr_flag; + +static void +intr(int sig) +{ + intr_flag++; +} + +static int +read_string(const char *preprompt, const char *prompt, + char *buf, size_t len, int echo) +{ + struct sigaction sigs[47]; + struct sigaction sa; + FILE *tty; + int ret = 0; + int of = 0; + int i; + int c; + char *p; + + struct termios t_new, t_old; + + memset(&sa, 0, sizeof(sa)); + sa.sa_handler = intr; + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; + for(i = 0; i < sizeof(sigs) / sizeof(sigs[0]); i++) + if (i != SIGALRM) sigaction(i, &sa, &sigs[i]); + + if((tty = fopen("/dev/tty", "r")) == NULL) + tty = stdin; + + fprintf(stderr, "%s%s", preprompt, prompt); + fflush(stderr); + + if(echo == 0){ + tcgetattr(fileno(tty), &t_old); + memcpy(&t_new, &t_old, sizeof(t_new)); + t_new.c_lflag &= ~ECHO; + tcsetattr(fileno(tty), TCSANOW, &t_new); + } + intr_flag = 0; + p = buf; + while(intr_flag == 0){ + c = getc(tty); + if(c == EOF){ + if(!ferror(tty)) + ret = 1; + break; + } + if(c == '\n') + break; + if(of == 0) + *p++ = c; + of = (p == buf + len); + } + if(of) + p--; + *p = 0; + + if(echo == 0){ + printf("\n"); + tcsetattr(fileno(tty), TCSANOW, &t_old); + } + + if(tty != stdin) + fclose(tty); + + for(i = 0; i < sizeof(sigs) / sizeof(sigs[0]); i++) + if (i != SIGALRM) sigaction(i, &sigs[i], NULL); + + if(ret) + return -3; + if(intr_flag) + return -2; + if(of) + return -1; + return 0; +} + +int +UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify) +{ + int ret; + + ret = read_string("", prompt, buf, length, 0); + if (ret) + return ret; + + if (verify) { + char *buf2; + buf2 = malloc(length); + if (buf2 == NULL) + return 1; + + ret = read_string("Verify password - ", prompt, buf2, length, 0); + if (ret) { + free(buf2); + return ret; + } + if (strcmp(buf2, buf) != 0) + ret = 1; + free(buf2); + } + return ret; +} diff --git a/source4/heimdal/lib/gssapi/8003.c b/source4/heimdal/lib/gssapi/8003.c new file mode 100644 index 0000000000..b60d2608e2 --- /dev/null +++ b/source4/heimdal/lib/gssapi/8003.c @@ -0,0 +1,246 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: 8003.c,v 1.17 2005/04/01 08:55:36 lha Exp $"); + +krb5_error_code +gssapi_encode_om_uint32(OM_uint32 n, u_char *p) +{ + p[0] = (n >> 0) & 0xFF; + p[1] = (n >> 8) & 0xFF; + p[2] = (n >> 16) & 0xFF; + p[3] = (n >> 24) & 0xFF; + return 0; +} + +krb5_error_code +gssapi_encode_be_om_uint32(OM_uint32 n, u_char *p) +{ + p[0] = (n >> 24) & 0xFF; + p[1] = (n >> 16) & 0xFF; + p[2] = (n >> 8) & 0xFF; + p[3] = (n >> 0) & 0xFF; + return 0; +} + +krb5_error_code +gssapi_decode_om_uint32(u_char *p, OM_uint32 *n) +{ + *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); + return 0; +} + +krb5_error_code +gssapi_decode_be_om_uint32(u_char *p, OM_uint32 *n) +{ + *n = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0); + return 0; +} + +static krb5_error_code +hash_input_chan_bindings (const gss_channel_bindings_t b, + u_char *p) +{ + u_char num[4]; + MD5_CTX md5; + + MD5_Init(&md5); + gssapi_encode_om_uint32 (b->initiator_addrtype, num); + MD5_Update (&md5, num, sizeof(num)); + gssapi_encode_om_uint32 (b->initiator_address.length, num); + MD5_Update (&md5, num, sizeof(num)); + if (b->initiator_address.length) + MD5_Update (&md5, + b->initiator_address.value, + b->initiator_address.length); + gssapi_encode_om_uint32 (b->acceptor_addrtype, num); + MD5_Update (&md5, num, sizeof(num)); + gssapi_encode_om_uint32 (b->acceptor_address.length, num); + MD5_Update (&md5, num, sizeof(num)); + if (b->acceptor_address.length) + MD5_Update (&md5, + b->acceptor_address.value, + b->acceptor_address.length); + gssapi_encode_om_uint32 (b->application_data.length, num); + MD5_Update (&md5, num, sizeof(num)); + if (b->application_data.length) + MD5_Update (&md5, + b->application_data.value, + b->application_data.length); + MD5_Final (p, &md5); + return 0; +} + +/* + * create a checksum over the chanel bindings in + * `input_chan_bindings', `flags' and `fwd_data' and return it in + * `result' + */ + +OM_uint32 +gssapi_krb5_create_8003_checksum ( + OM_uint32 *minor_status, + const gss_channel_bindings_t input_chan_bindings, + OM_uint32 flags, + const krb5_data *fwd_data, + Checksum *result) +{ + u_char *p; + + /* + * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value + * field's format) */ + result->cksumtype = CKSUMTYPE_GSSAPI; + if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) + result->checksum.length = 24 + 4 + fwd_data->length; + else + result->checksum.length = 24; + result->checksum.data = malloc (result->checksum.length); + if (result->checksum.data == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = result->checksum.data; + gssapi_encode_om_uint32 (16, p); + p += 4; + if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) { + memset (p, 0, 16); + } else { + hash_input_chan_bindings (input_chan_bindings, p); + } + p += 16; + gssapi_encode_om_uint32 (flags, p); + p += 4; + + if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) { + + *p++ = (1 >> 0) & 0xFF; /* DlgOpt */ /* == 1 */ + *p++ = (1 >> 8) & 0xFF; /* DlgOpt */ /* == 0 */ + *p++ = (fwd_data->length >> 0) & 0xFF; /* Dlgth */ + *p++ = (fwd_data->length >> 8) & 0xFF; /* Dlgth */ + memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length); + + p += fwd_data->length; + } + + return GSS_S_COMPLETE; +} + +/* + * verify the checksum in `cksum' over `input_chan_bindings' + * returning `flags' and `fwd_data' + */ + +OM_uint32 +gssapi_krb5_verify_8003_checksum( + OM_uint32 *minor_status, + const gss_channel_bindings_t input_chan_bindings, + const Checksum *cksum, + OM_uint32 *flags, + krb5_data *fwd_data) +{ + unsigned char hash[16]; + unsigned char *p; + OM_uint32 length; + int DlgOpt; + static unsigned char zeros[16]; + + if (cksum == NULL) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + + /* XXX should handle checksums > 24 bytes */ + if(cksum->cksumtype != CKSUMTYPE_GSSAPI || cksum->checksum.length < 24) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + + p = cksum->checksum.data; + gssapi_decode_om_uint32(p, &length); + if(length != sizeof(hash)) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + + p += 4; + + if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS + && memcmp(p, zeros, sizeof(zeros)) != 0) { + if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + if(memcmp(hash, p, sizeof(hash)) != 0) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + } + + p += sizeof(hash); + + gssapi_decode_om_uint32(p, flags); + p += 4; + + if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) { + if(cksum->checksum.length < 28) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + + DlgOpt = (p[0] << 0) | (p[1] << 8); + p += 2; + if (DlgOpt != 1) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + + fwd_data->length = (p[0] << 0) | (p[1] << 8); + p += 2; + if(cksum->checksum.length < 28 + fwd_data->length) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + fwd_data->data = malloc(fwd_data->length); + if (fwd_data->data == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(fwd_data->data, p, fwd_data->length); + } + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/accept_sec_context.c b/source4/heimdal/lib/gssapi/accept_sec_context.c new file mode 100644 index 0000000000..6672f3fc67 --- /dev/null +++ b/source4/heimdal/lib/gssapi/accept_sec_context.c @@ -0,0 +1,1118 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: accept_sec_context.c,v 1.53 2005/05/29 15:12:41 lha Exp $"); + +HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER; +krb5_keytab gssapi_krb5_keytab; + +OM_uint32 +gsskrb5_register_acceptor_identity (const char *identity) +{ + krb5_error_code ret; + + ret = gssapi_krb5_init(); + if(ret) + return GSS_S_FAILURE; + + HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex); + + if(gssapi_krb5_keytab != NULL) { + krb5_kt_close(gssapi_krb5_context, gssapi_krb5_keytab); + gssapi_krb5_keytab = NULL; + } + if (identity == NULL) { + ret = krb5_kt_default(gssapi_krb5_context, &gssapi_krb5_keytab); + } else { + char *p; + + asprintf(&p, "FILE:%s", identity); + if(p == NULL) { + HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); + return GSS_S_FAILURE; + } + ret = krb5_kt_resolve(gssapi_krb5_context, p, &gssapi_krb5_keytab); + free(p); + } + HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); + if(ret) + return GSS_S_FAILURE; + return GSS_S_COMPLETE; +} + +void +gsskrb5_is_cfx(gss_ctx_id_t context_handle, int *is_cfx) +{ + krb5_keyblock *key; + int acceptor = (context_handle->more_flags & LOCAL) == 0; + + if (acceptor) { + if (context_handle->auth_context->local_subkey) + key = context_handle->auth_context->local_subkey; + else + key = context_handle->auth_context->remote_subkey; + } else { + if (context_handle->auth_context->remote_subkey) + key = context_handle->auth_context->remote_subkey; + else + key = context_handle->auth_context->local_subkey; + } + if (key == NULL) + key = context_handle->auth_context->keyblock; + + if (key == NULL) + return; + + switch (key->keytype) { + case ETYPE_DES_CBC_CRC: + case ETYPE_DES_CBC_MD4: + case ETYPE_DES_CBC_MD5: + case ETYPE_DES3_CBC_MD5: + case ETYPE_DES3_CBC_SHA1: + case ETYPE_ARCFOUR_HMAC_MD5: + case ETYPE_ARCFOUR_HMAC_MD5_56: + break; + default : + *is_cfx = 1; + if ((acceptor && context_handle->auth_context->local_subkey) || + (!acceptor && context_handle->auth_context->remote_subkey)) + context_handle->more_flags |= ACCEPTOR_SUBKEY; + break; + } +} + + +static OM_uint32 +gsskrb5_accept_delegated_token + (OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + gss_cred_id_t * delegated_cred_handle) +{ + krb5_data *fwd_data = &(*context_handle)->fwd_data; + OM_uint32 *flags = &(*context_handle)->flags; + krb5_principal principal = (*context_handle)->source; + krb5_ccache ccache = NULL; + krb5_error_code kret; + int32_t ac_flags, ret; + gss_cred_id_t handle = NULL; + + if (delegated_cred_handle == NULL) { + /* XXX Create a new delegated_cred_handle? */ + + ret = 0; + + kret = krb5_cc_default (gssapi_krb5_context, &ccache); + if (kret) { + *flags &= ~GSS_C_DELEG_FLAG; + goto end_fwd; + } + } else { + + *delegated_cred_handle = NULL; + + handle = calloc(1, sizeof(*handle)); + if (handle == NULL) { + ret = GSS_S_FAILURE; + *minor_status = ENOMEM; + krb5_set_error_string(gssapi_krb5_context, "out of memory"); + gssapi_krb5_set_error_string(); + *flags &= ~GSS_C_DELEG_FLAG; + goto end_fwd; + } + if ((ret = gss_duplicate_name(minor_status, principal, + &handle->principal)) != 0) { + *flags &= ~GSS_C_DELEG_FLAG; + ret = 0; + goto end_fwd; + } + kret = krb5_cc_gen_new (gssapi_krb5_context, + &krb5_mcc_ops, + &handle->ccache); + if (kret) { + *flags &= ~GSS_C_DELEG_FLAG; + ret = 0; + goto end_fwd; + } + ccache = handle->ccache; + + ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); + if (ret) { + *flags &= ~GSS_C_DELEG_FLAG; + goto end_fwd; + } + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &handle->mechanisms); + if (ret) { + *flags &= ~GSS_C_DELEG_FLAG; + goto end_fwd; + } + } + + kret = krb5_cc_initialize(gssapi_krb5_context, ccache, principal); + if (kret) { + *flags &= ~GSS_C_DELEG_FLAG; + ret = 0; + goto end_fwd; + } + + krb5_auth_con_removeflags(gssapi_krb5_context, + (*context_handle)->auth_context, + KRB5_AUTH_CONTEXT_DO_TIME, + &ac_flags); + kret = krb5_rd_cred2(gssapi_krb5_context, + (*context_handle)->auth_context, + ccache, + fwd_data); + if (kret) + gssapi_krb5_set_error_string(); + krb5_auth_con_setflags(gssapi_krb5_context, + (*context_handle)->auth_context, + ac_flags); + if (kret) { + *flags &= ~GSS_C_DELEG_FLAG; + ret = GSS_S_FAILURE; + *minor_status = kret; + goto end_fwd; + } + end_fwd: + /* if there was some kind of failure, clean up internal structures */ + if ((*flags & GSS_C_DELEG_FLAG) == 0) { + if (handle) { + if (handle->principal) + gss_release_name(minor_status, &handle->principal); + if (handle->mechanisms) + gss_release_oid_set(NULL, &handle->mechanisms); + if (handle->ccache) + krb5_cc_destroy(gssapi_krb5_context, handle->ccache); + free(handle); + handle = NULL; + } + } + if (delegated_cred_handle == NULL) { + if (ccache) + krb5_cc_close(gssapi_krb5_context, ccache); + } + if (handle) + *delegated_cred_handle = handle; + + return ret; +} + +static OM_uint32 +gsskrb5_acceptor_ready( + OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + gss_cred_id_t * delegated_cred_handle) +{ + OM_uint32 ret; + int32_t seq_number; + int is_cfx = 0; + u_int32_t flags = (*context_handle)->flags; + + krb5_auth_getremoteseqnumber (gssapi_krb5_context, + (*context_handle)->auth_context, + &seq_number); + + gsskrb5_is_cfx(*context_handle, &is_cfx); + + ret = _gssapi_msg_order_create(minor_status, + &(*context_handle)->order, + _gssapi_msg_order_f(flags), + seq_number, 0, is_cfx); + if (ret) return ret; + + if (!(flags & GSS_C_MUTUAL_FLAG) && _gssapi_msg_order_f(flags)) { + krb5_auth_con_setlocalseqnumber(gssapi_krb5_context, + (*context_handle)->auth_context, + seq_number); + } + + /* + * We should handle the delegation ticket, in case it's there + */ + if ((*context_handle)->fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) { + ret = gsskrb5_accept_delegated_token(minor_status, + context_handle, + delegated_cred_handle); + if (ret) return ret; + } + + (*context_handle)->state = ACCEPTOR_READY; + (*context_handle)->more_flags |= OPEN; + + return GSS_S_COMPLETE; +} + +static OM_uint32 +gsskrb5_acceptor_start( + OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t * src_name, + gss_OID * mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec, + gss_cred_id_t * delegated_cred_handle) +{ + krb5_error_code kret; + OM_uint32 ret = GSS_S_COMPLETE; + krb5_data indata; + krb5_flags ap_options; + OM_uint32 flags; + krb5_ticket *ticket = NULL; + krb5_keytab keytab = NULL; + krb5_keyblock *keyblock = NULL; + int no_wrap = 0; + + /* + * TODO: check the channel_bindings + */ + + /* + * We need a sequence number + */ + krb5_auth_con_addflags(gssapi_krb5_context, + (*context_handle)->auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE, + NULL); + + /* + * We need remove the decapsulate only when GSS_C_DCE_STYLE isn't in use + */ + ret = gssapi_krb5_decapsulate(minor_status, + input_token,&indata, + "\x01\x00", + GSS_KRB5_MECHANISM); + if (ret) { + /* No OID wrapping apparently available. */ + no_wrap = 1; + indata.length = input_token->length; + indata.data = input_token->value; + } + + /* + * We need to get our keytab + */ + if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) { + if (gssapi_krb5_keytab != NULL) { + keytab = gssapi_krb5_keytab; + } + } else { + keytab = acceptor_cred_handle->keytab; + } + + /* + * We need to check the ticket and create the AP-REP packet + */ + kret = krb5_rd_req_return_keyblock(gssapi_krb5_context, + &(*context_handle)->auth_context, + &indata, + (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred_handle->principal, + keytab, + &ap_options, + &ticket, + &keyblock); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + + /* + * We need to remember some data on the context_handle + */ + (*context_handle)->ticket = ticket; + (*context_handle)->service_keyblock = keyblock; + (*context_handle)->lifetime = ticket->ticket.endtime; + + /* + * We need to copy the principal names to the context and the calling layer + */ + kret = krb5_copy_principal(gssapi_krb5_context, + ticket->client, + &(*context_handle)->source); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + + kret = krb5_copy_principal(gssapi_krb5_context, + ticket->server, + &(*context_handle)->target); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + + /* + * We need to setup some compat stuff, this assumes that context_handle->target is already set + */ + ret = _gss_DES3_get_mic_compat(minor_status, *context_handle); + if (ret) return ret; + + /* + * We need to get the flags out of the 8003 checksum + */ + { + krb5_authenticator authenticator; + + kret = krb5_auth_con_getauthenticator(gssapi_krb5_context, + (*context_handle)->auth_context, + &authenticator); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + + ret = gssapi_krb5_verify_8003_checksum(minor_status, + input_chan_bindings, + authenticator->cksum, + &flags, + &(*context_handle)->fwd_data); + krb5_free_authenticator(gssapi_krb5_context, &authenticator); + if (ret) return ret; + } + + /* And remember them for later */ + (*context_handle)->flags = flags; + + if(flags & GSS_C_MUTUAL_FLAG) { + int is_cfx = 0; + krb5_data outbuf; + + gsskrb5_is_cfx(*context_handle, &is_cfx); + + if (is_cfx || (ap_options & AP_OPTS_USE_SUBKEY)) { + kret = krb5_auth_con_addflags(gssapi_krb5_context, + (*context_handle)->auth_context, + KRB5_AUTH_CONTEXT_USE_SUBKEY, + NULL); + (*context_handle)->more_flags |= ACCEPTOR_SUBKEY; + } + + kret = krb5_mk_rep(gssapi_krb5_context, + (*context_handle)->auth_context, + &outbuf); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + + if (!(flags & GSS_C_DCE_STYLE)) { + ret = gssapi_krb5_encapsulate(minor_status, + &outbuf, + output_token, + "\x02\x00", + GSS_KRB5_MECHANISM); + krb5_data_free (&outbuf); + if (ret) return ret; + } else { + output_token->length = outbuf.length; + output_token->value = outbuf.data; + } + } + + /* + * We need to set the return value for the calling layer + */ + if (ret_flags) *ret_flags = flags; + + if (time_rec) { + ret = gssapi_lifetime_left(minor_status, + (*context_handle)->lifetime, + time_rec); + if (ret) return ret; + } + + if (src_name) { + kret = krb5_copy_principal(gssapi_krb5_context, + (*context_handle)->source, + src_name); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + } + + /* + * When GSS_C_DCE_STYLE is in use, we need ask for a AP-REP from the client + */ + if (flags & GSS_C_DCE_STYLE) { + (*context_handle)->state = ACCEPTOR_WAIT_FOR_DCESTYLE; + return GSS_S_CONTINUE_NEEDED; + } + + return gsskrb5_acceptor_ready(minor_status, context_handle, delegated_cred_handle); +} + +static OM_uint32 +gsskrb5_acceptor_wait_for_dcestyle( + OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t * src_name, + gss_OID * mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec, + gss_cred_id_t * delegated_cred_handle) +{ + OM_uint32 ret; + krb5_error_code kret; + krb5_data inbuf; + OM_uint32 r_seq_number; + OM_uint32 l_seq_number; + + /* We know it's GSS_C_DCE_STYLE so we don't need to decapsulate the AP_REP */ + inbuf.length = input_token->length; + inbuf.data = input_token->value; + + /* + * We need to remeber the old remote seq_number, then check if the client has replied with our local seq_number, + * and then reset the remote seq_number to the old value + */ + { + kret = krb5_auth_con_getlocalseqnumber(gssapi_krb5_context, + (*context_handle)->auth_context, + &l_seq_number); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_auth_getremoteseqnumber(gssapi_krb5_context, + (*context_handle)->auth_context, + &r_seq_number); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_auth_con_setremoteseqnumber(gssapi_krb5_context, + (*context_handle)->auth_context, + l_seq_number); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + } + + /* We need to verify the AP_REP, but we need to flag that this + is DCE_STYLE, so don't check the timestamps this time + */ + { + krb5_ap_rep_enc_part *repl; + + kret = _krb5_rd_rep_type(gssapi_krb5_context, + (*context_handle)->auth_context, + &inbuf, + &repl, + TRUE); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + krb5_free_ap_rep_enc_part(gssapi_krb5_context, repl); + } + + /* We need to check the liftime */ + { + OM_uint32 lifetime_rec; + + ret = gssapi_lifetime_left(minor_status, + (*context_handle)->lifetime, + &lifetime_rec); + if (ret) return ret; + + if (lifetime_rec == 0) { + return GSS_S_CONTEXT_EXPIRED; + } + + if (time_rec) *time_rec = lifetime_rec; + } + + /* We need to give the caller the flags which are in use */ + if (ret_flags) *ret_flags = (*context_handle)->flags; + + if (src_name) { + kret = krb5_copy_principal(gssapi_krb5_context, + (*context_handle)->source, + src_name); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + } + + /* + * After the krb5_rd_rep() the remote and local seq_number should be the same, + * because the client just replies the seq_number from our AP-REP in its AP-REP, + * but then the client uses the seq_number from its AP-REQ for GSS_wrap() + */ + { + OM_uint32 tmp_r_seq_number; + OM_uint32 l_seq_number; + + kret = krb5_auth_getremoteseqnumber(gssapi_krb5_context, + (*context_handle)->auth_context, + &tmp_r_seq_number); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_auth_con_getlocalseqnumber(gssapi_krb5_context, + (*context_handle)->auth_context, + &l_seq_number); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + /* + * Here we check if the client has responsed with our local seq_number, + */ + if (tmp_r_seq_number != l_seq_number) { + return GSS_S_UNSEQ_TOKEN; + } + } + + /* + * We need to reset the remote seq_number, because the client will use, + * the old one for the GSS_wrap() calls + */ + { + kret = krb5_auth_con_setremoteseqnumber(gssapi_krb5_context, + (*context_handle)->auth_context, + r_seq_number); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + } + + return gsskrb5_acceptor_ready(minor_status, context_handle, delegated_cred_handle); +} + +static OM_uint32 +gsskrb5_accept_sec_context( + OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t * src_name, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec, + gss_cred_id_t * delegated_cred_handle) +{ + OM_uint32 ret; + + if (*context_handle == GSS_C_NO_CONTEXT) { + ret = _gsskrb5_create_ctx(minor_status, + context_handle, + input_chan_bindings, + ACCEPTOR_START); + if (ret) return ret; + } + + if (actual_mech_type) *actual_mech_type = GSS_KRB5_MECHANISM; + + HEIMDAL_MUTEX_lock(&(*context_handle)->ctx_id_mutex); + + switch ((*context_handle)->state) { + case ACCEPTOR_START: + ret = gsskrb5_acceptor_start(minor_status, + context_handle, + acceptor_cred_handle, + input_token, + input_chan_bindings, + src_name, + actual_mech_type, + output_token, + ret_flags, + time_rec, + delegated_cred_handle); + break; + case ACCEPTOR_WAIT_FOR_DCESTYLE: + ret = gsskrb5_acceptor_wait_for_dcestyle(minor_status, + context_handle, + acceptor_cred_handle, + input_token, + input_chan_bindings, + src_name, + actual_mech_type, + output_token, + ret_flags, + time_rec, + delegated_cred_handle); + break; + case ACCEPTOR_READY: + /* this function should not be called after it has returned GSS_S_COMPLETE */ + ret = GSS_S_BAD_STATUS; + break; + default: + /* TODO: is this correct here? --metze */ + ret = GSS_S_BAD_STATUS; + break; + } + + HEIMDAL_MUTEX_unlock(&(*context_handle)->ctx_id_mutex); + + return ret; +} + +static OM_uint32 +code_NegTokenArg(OM_uint32 *minor_status, + const NegTokenTarg *targ, + krb5_data *data, + u_char **ret_buf) +{ + OM_uint32 ret; + u_char *buf; + size_t buf_size, buf_len; + + buf_size = 1024; + buf = malloc(buf_size); + if (buf == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + do { + ret = encode_NegTokenTarg(buf + buf_size - 1, + buf_size, + targ, &buf_len); + if (ret == 0) { + size_t tmp; + + ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, + buf_size - buf_len, + buf_len, + ASN1_C_CONTEXT, + CONS, + 1, + &tmp); + if (ret == 0) + buf_len += tmp; + } + if (ret) { + if (ret == ASN1_OVERFLOW) { + u_char *tmp; + + buf_size *= 2; + tmp = realloc (buf, buf_size); + if (tmp == NULL) { + *minor_status = ENOMEM; + free(buf); + return GSS_S_FAILURE; + } + buf = tmp; + } else { + *minor_status = ret; + free(buf); + return GSS_S_FAILURE; + } + } + } while (ret == ASN1_OVERFLOW); + + data->data = buf + buf_size - buf_len; + data->length = buf_len; + *ret_buf = buf; + return GSS_S_COMPLETE; +} + +static OM_uint32 +send_reject (OM_uint32 *minor_status, + gss_buffer_t output_token) +{ + NegTokenTarg targ; + krb5_data data; + u_char *buf; + OM_uint32 ret; + + ALLOC(targ.negResult, 1); + if (targ.negResult == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + *(targ.negResult) = reject; + targ.supportedMech = NULL; + targ.responseToken = NULL; + targ.mechListMIC = NULL; + + ret = code_NegTokenArg (minor_status, &targ, &data, &buf); + free_NegTokenTarg(&targ); + if (ret) + return ret; + +#if 0 + ret = _gssapi_encapsulate(minor_status, + &data, + output_token, + GSS_SPNEGO_MECHANISM); +#else + output_token->value = malloc(data.length); + if (output_token->value == NULL) { + *minor_status = ENOMEM; + ret = GSS_S_FAILURE; + } else { + output_token->length = data.length; + memcpy(output_token->value, data.data, output_token->length); + } +#endif + free(buf); + if (ret) + return ret; + return GSS_S_BAD_MECH; +} + +static OM_uint32 +send_accept (OM_uint32 *minor_status, + OM_uint32 major_status, + gss_buffer_t output_token, + gss_buffer_t mech_token, + gss_ctx_id_t context_handle, + const MechTypeList *mechtypelist) +{ + NegTokenTarg targ; + krb5_data data; + u_char *buf; + OM_uint32 ret; + gss_buffer_desc mech_buf, mech_mic_buf; + krb5_boolean require_mic; + + memset(&targ, 0, sizeof(targ)); + ALLOC(targ.negResult, 1); + if (targ.negResult == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + *(targ.negResult) = accept_completed; + + ALLOC(targ.supportedMech, 1); + if (targ.supportedMech == NULL) { + free_NegTokenTarg(&targ); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + ret = der_get_oid(GSS_KRB5_MECHANISM->elements, + GSS_KRB5_MECHANISM->length, + targ.supportedMech, + NULL); + if (ret) { + free_NegTokenTarg(&targ); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + if (mech_token != NULL && mech_token->length != 0) { + ALLOC(targ.responseToken, 1); + if (targ.responseToken == NULL) { + free_NegTokenTarg(&targ); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + targ.responseToken->length = mech_token->length; + targ.responseToken->data = mech_token->value; + mech_token->length = 0; + mech_token->value = NULL; + } else { + targ.responseToken = NULL; + } + + ret = _gss_spnego_require_mechlist_mic(minor_status, context_handle, + &require_mic); + if (ret) { + free_NegTokenTarg(&targ); + return ret; + } + + if (major_status == GSS_S_COMPLETE && require_mic) { + size_t buf_len; + + ALLOC(targ.mechListMIC, 1); + if (targ.mechListMIC == NULL) { + free_NegTokenTarg(&targ); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + ASN1_MALLOC_ENCODE(MechTypeList, mech_buf.value, mech_buf.length, + mechtypelist, &buf_len, ret); + if (ret) { + free_NegTokenTarg(&targ); + return ret; + } + if (mech_buf.length != buf_len) + abort(); + + ret = gss_get_mic(minor_status, context_handle, 0, &mech_buf, + &mech_mic_buf); + free (mech_buf.value); + if (ret) { + free_NegTokenTarg(&targ); + return ret; + } + + targ.mechListMIC->length = mech_mic_buf.length; + targ.mechListMIC->data = mech_mic_buf.value; + } else + targ.mechListMIC = NULL; + + ret = code_NegTokenArg (minor_status, &targ, &data, &buf); + free_NegTokenTarg(&targ); + if (ret) + return ret; + +#if 0 + ret = _gssapi_encapsulate(minor_status, + &data, + output_token, + GSS_SPNEGO_MECHANISM); +#else + output_token->value = malloc(data.length); + if (output_token->value == NULL) { + *minor_status = ENOMEM; + ret = GSS_S_FAILURE; + } else { + output_token->length = data.length; + memcpy(output_token->value, data.data, output_token->length); + } +#endif + free(buf); + if (ret) + return ret; + return GSS_S_COMPLETE; +} + +static OM_uint32 +spnego_accept_sec_context + (OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token_buffer, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t * src_name, + gss_OID * mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec, + gss_cred_id_t * delegated_cred_handle + ) +{ + OM_uint32 ret, ret2; + NegTokenInit ni; + size_t ni_len; + int i; + int found = 0; + krb5_data data; + size_t len, taglen; + + output_token->length = 0; + output_token->value = NULL; + + ret = _gssapi_decapsulate (minor_status, + input_token_buffer, + &data, + GSS_SPNEGO_MECHANISM); + if (ret) + return ret; + + ret = der_match_tag_and_length(data.data, data.length, + ASN1_C_CONTEXT, CONS, 0, &len, &taglen); + if (ret) + return ret; + + if(len > data.length - taglen) + return ASN1_OVERRUN; + + ret = decode_NegTokenInit((const char *)data.data + taglen, len, + &ni, &ni_len); + if (ret) + return GSS_S_DEFECTIVE_TOKEN; + + if (ni.mechTypes == NULL) { + free_NegTokenInit(&ni); + return send_reject (minor_status, output_token); + } + + for (i = 0; !found && i < ni.mechTypes->len; ++i) { + char mechbuf[17]; + size_t mech_len; + + ret = der_put_oid (mechbuf + sizeof(mechbuf) - 1, + sizeof(mechbuf), + &ni.mechTypes->val[i], + &mech_len); + if (ret) { + free_NegTokenInit(&ni); + return GSS_S_DEFECTIVE_TOKEN; + } + if (mech_len == GSS_KRB5_MECHANISM->length + && memcmp(GSS_KRB5_MECHANISM->elements, + mechbuf + sizeof(mechbuf) - mech_len, + mech_len) == 0) + found = 1; + } + if (found) { + gss_buffer_desc ibuf, obuf; + gss_buffer_t ot = NULL; + OM_uint32 minor; + + if (ni.mechToken != NULL) { + ibuf.length = ni.mechToken->length; + ibuf.value = ni.mechToken->data; + + ret = gsskrb5_accept_sec_context(&minor, + context_handle, + acceptor_cred_handle, + &ibuf, + input_chan_bindings, + src_name, + mech_type, + &obuf, + ret_flags, + time_rec, + delegated_cred_handle); + if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) { + ot = &obuf; + } else { + free_NegTokenInit(&ni); + send_reject (minor_status, output_token); + return ret; + } + } + ret2 = send_accept (minor_status, ret, output_token, ot, + *context_handle, ni.mechTypes); + if (ret2 != GSS_S_COMPLETE) + ret = ret2; + if (ot != NULL) + gss_release_buffer(&minor, ot); + free_NegTokenInit(&ni); + return ret; + } else { + free_NegTokenInit(&ni); + return send_reject (minor_status, output_token); + } +} + +OM_uint32 +gss_accept_sec_context( + OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t * src_name, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec, + gss_cred_id_t * delegated_cred_handle) +{ + ssize_t mech_len; + const u_char *p; + + GSSAPI_KRB5_INIT (); + + *minor_status = 0; + + if (src_name) *src_name = GSS_C_NO_NAME; + if (actual_mech_type) *actual_mech_type = GSS_C_NO_OID; + + output_token->length = 0; + output_token->value = NULL; + + if (ret_flags) *ret_flags = 0; + if (time_rec) *time_rec = 0; + if (delegated_cred_handle) *delegated_cred_handle = NULL; + + mech_len = gssapi_krb5_get_mech(input_token->value, + input_token->length, + &p); + + /* This could be 'dce style' kerberos, where the OID is missing :-( */ + if ((mech_len < 0) || (mech_len == GSS_KRB5_MECHANISM->length + && memcmp(p, GSS_KRB5_MECHANISM->elements, mech_len) == 0)) { + return gsskrb5_accept_sec_context(minor_status, + context_handle, + acceptor_cred_handle, + input_token, + input_chan_bindings, + src_name, + actual_mech_type, + output_token, + ret_flags, + time_rec, + delegated_cred_handle); + } else if (mech_len == GSS_SPNEGO_MECHANISM->length + && memcmp(p, GSS_SPNEGO_MECHANISM->elements, mech_len) == 0) { + return spnego_accept_sec_context(minor_status, + context_handle, + acceptor_cred_handle, + input_token, + input_chan_bindings, + src_name, + actual_mech_type, + output_token, + ret_flags, + time_rec, + delegated_cred_handle); + } + + return GSS_S_BAD_MECH; +} diff --git a/source4/heimdal/lib/gssapi/acquire_cred.c b/source4/heimdal/lib/gssapi/acquire_cred.c new file mode 100644 index 0000000000..6ded413626 --- /dev/null +++ b/source4/heimdal/lib/gssapi/acquire_cred.c @@ -0,0 +1,376 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: acquire_cred.c,v 1.22 2005/01/05 02:32:26 lukeh Exp $"); + +static krb5_error_code +get_keytab(krb5_context context, krb5_keytab *keytab) +{ + char kt_name[256]; + krb5_error_code kret; + + HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex); + + if (gssapi_krb5_keytab != NULL) { + kret = krb5_kt_get_name(context, + gssapi_krb5_keytab, + kt_name, sizeof(kt_name)); + if (kret == 0) + kret = krb5_kt_resolve(context, kt_name, keytab); + } else + kret = krb5_kt_default(context, keytab); + + HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); + + return (kret); +} + +static OM_uint32 acquire_initiator_cred + (OM_uint32 * minor_status, + krb5_context context, + krb5_keytab keytab, + krb5_ccache ccache, + const gss_name_t desired_name, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t handle, + gss_OID_set * actual_mechs, + OM_uint32 * time_rec + ) +{ + OM_uint32 ret; + krb5_creds cred; + krb5_principal def_princ; + krb5_get_init_creds_opt *opt; + krb5_error_code kret; + krb5_boolean made_ccache = FALSE; + krb5_boolean made_keytab = FALSE; + + def_princ = NULL; + ret = GSS_S_FAILURE; + memset(&cred, 0, sizeof(cred)); + + if (ccache == NULL) { + kret = krb5_cc_default(context, &ccache); + if (kret) + goto end; + made_ccache = TRUE; + } + kret = krb5_cc_get_principal(context, ccache, + &def_princ); + if (kret != 0) { + /* we'll try to use a keytab below */ + krb5_cc_destroy(context, ccache); + made_ccache = FALSE; + ccache = NULL; + kret = 0; + } else if (handle->principal == NULL) { + kret = krb5_copy_principal(context, def_princ, + &handle->principal); + if (kret) + goto end; + } else if (handle->principal != NULL && + krb5_principal_compare(context, handle->principal, + def_princ) == FALSE) { + /* Before failing, lets check the keytab */ + krb5_free_principal(context, def_princ); + def_princ = NULL; + } + if (def_princ == NULL) { + /* We have no existing credentials cache, + * so attempt to get a TGT using a keytab. + */ + if (handle->principal == NULL) { + kret = krb5_get_default_principal(context, + &handle->principal); + if (kret) + goto end; + } + if (keytab != NULL) { + kret = get_keytab(context, &keytab); + if (kret) + goto end; + made_keytab = TRUE; + } + kret = krb5_get_init_creds_opt_alloc(context, &opt); + if (kret) + goto end; + kret = krb5_get_init_creds_keytab(context, &cred, + handle->principal, keytab, 0, NULL, opt); + krb5_get_init_creds_opt_free(opt); + if (kret) + goto end; + if (ccache == NULL) { + kret = krb5_cc_gen_new(context, &krb5_mcc_ops, + &ccache); + if (kret) + goto end; + made_ccache = TRUE; + } + kret = krb5_cc_initialize(context, ccache, cred.client); + if (kret) + goto end; + kret = krb5_cc_store_cred(context, ccache, &cred); + if (kret) + goto end; + handle->lifetime = cred.times.endtime; + } else { + krb5_creds in_cred, *out_cred; + krb5_const_realm realm; + + memset(&in_cred, 0, sizeof(in_cred)); + in_cred.client = handle->principal; + + realm = krb5_principal_get_realm(context, + handle->principal); + if (realm == NULL) { + kret = KRB5_PRINC_NOMATCH; /* XXX */ + goto end; + } + + kret = krb5_make_principal(context, &in_cred.server, + realm, KRB5_TGS_NAME, realm, NULL); + if (kret) + goto end; + + kret = krb5_get_credentials(context, 0, + ccache, &in_cred, &out_cred); + krb5_free_principal(context, in_cred.server); + if (kret) + goto end; + + handle->lifetime = out_cred->times.endtime; + krb5_free_creds(context, out_cred); + } + + handle->ccache = ccache; + handle->made_ccache = made_ccache; + ret = GSS_S_COMPLETE; + +end: + if (cred.client != NULL) + krb5_free_cred_contents(context, &cred); + if (def_princ != NULL) + krb5_free_principal(context, def_princ); + if (made_keytab) + krb5_kt_close(context, keytab); + if (ret != GSS_S_COMPLETE) { + if (made_ccache) + krb5_cc_close(context, ccache); + if (kret != 0) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + } + } + return (ret); +} + +static OM_uint32 acquire_acceptor_cred + (OM_uint32 * minor_status, + krb5_context context, + krb5_keytab keytab, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t handle, + gss_OID_set * actual_mechs, + OM_uint32 * time_rec + ) +{ + OM_uint32 ret; + krb5_error_code kret; + + kret = 0; + ret = GSS_S_FAILURE; + if (keytab == NULL) { + kret = get_keytab(context, &handle->keytab); + if (kret) + goto end; + handle->made_keytab = TRUE; + } else { + handle->keytab = keytab; + handle->made_keytab = FALSE; + } + ret = GSS_S_COMPLETE; + +end: + if (ret != GSS_S_COMPLETE) { + if (handle->made_keytab) + krb5_kt_close(context, handle->keytab); + if (kret != 0) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + } + } + return (ret); +} + +OM_uint32 gsskrb5_acquire_cred + (OM_uint32 * minor_status, + struct krb5_keytab_data *keytab, + struct krb5_ccache_data *ccache, + const gss_name_t desired_name, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t * output_cred_handle, + gss_OID_set * actual_mechs, + OM_uint32 * time_rec + ) +{ + gss_cred_id_t handle; + OM_uint32 ret; + + if (cred_usage != GSS_C_ACCEPT && cred_usage != GSS_C_INITIATE && cred_usage != GSS_C_BOTH) { + *minor_status = GSS_KRB5_S_G_BAD_USAGE; + return GSS_S_FAILURE; + } + + GSSAPI_KRB5_INIT (); + + *output_cred_handle = NULL; + if (time_rec) + *time_rec = 0; + if (actual_mechs) + *actual_mechs = GSS_C_NO_OID_SET; + + if (desired_mechs) { + int present = 0; + + ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + desired_mechs, &present); + if (ret) + return ret; + if (!present) { + *minor_status = 0; + return GSS_S_BAD_MECH; + } + } + + handle = (gss_cred_id_t)malloc(sizeof(*handle)); + if (handle == GSS_C_NO_CREDENTIAL) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + + memset(handle, 0, sizeof (*handle)); + HEIMDAL_MUTEX_init(&handle->cred_id_mutex); + + if (desired_name != GSS_C_NO_NAME) { + ret = gss_duplicate_name(minor_status, desired_name, + &handle->principal); + if (ret != GSS_S_COMPLETE) { + HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); + free(handle); + return (ret); + } + } + if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) { + ret = acquire_initiator_cred(minor_status, gssapi_krb5_context, + keytab, ccache, + desired_name, time_req, + desired_mechs, cred_usage, + handle, actual_mechs, time_rec); + if (ret != GSS_S_COMPLETE) { + HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); + krb5_free_principal(gssapi_krb5_context, handle->principal); + free(handle); + return (ret); + } + } + if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) { + ret = acquire_acceptor_cred(minor_status, gssapi_krb5_context, + keytab, time_req, + desired_mechs, cred_usage, + handle, actual_mechs, time_rec); + if (ret != GSS_S_COMPLETE) { + HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); + krb5_free_principal(gssapi_krb5_context, handle->principal); + free(handle); + return (ret); + } + } + ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); + if (ret == GSS_S_COMPLETE) + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &handle->mechanisms); + if (ret == GSS_S_COMPLETE) + ret = gss_inquire_cred(minor_status, handle, NULL, time_rec, NULL, + actual_mechs); + if (ret != GSS_S_COMPLETE) { + if (handle->mechanisms != NULL) + gss_release_oid_set(NULL, &handle->mechanisms); + HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); + krb5_free_principal(gssapi_krb5_context, handle->principal); + free(handle); + return (ret); + } + *minor_status = 0; + if (time_rec) { + ret = gssapi_lifetime_left(minor_status, + handle->lifetime, + time_rec); + + if (ret) + return ret; + } + handle->usage = cred_usage; + + *output_cred_handle = handle; + return (GSS_S_COMPLETE); +} + +OM_uint32 gss_acquire_cred + (OM_uint32 * minor_status, + const gss_name_t desired_name, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t * output_cred_handle, + gss_OID_set * actual_mechs, + OM_uint32 * time_rec + ) +{ + return gsskrb5_acquire_cred(minor_status, + NULL, NULL, + desired_name, + time_req, + desired_mechs, + cred_usage, + output_cred_handle, + actual_mechs, + time_rec); +} diff --git a/source4/heimdal/lib/gssapi/add_oid_set_member.c b/source4/heimdal/lib/gssapi/add_oid_set_member.c new file mode 100644 index 0000000000..ed654fc8c5 --- /dev/null +++ b/source4/heimdal/lib/gssapi/add_oid_set_member.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: add_oid_set_member.c,v 1.8 2003/03/16 17:50:49 lha Exp $"); + +OM_uint32 gss_add_oid_set_member ( + OM_uint32 * minor_status, + const gss_OID member_oid, + gss_OID_set * oid_set + ) +{ + gss_OID tmp; + size_t n; + OM_uint32 res; + int present; + + res = gss_test_oid_set_member(minor_status, member_oid, *oid_set, &present); + if (res != GSS_S_COMPLETE) + return res; + + if (present) { + *minor_status = 0; + return GSS_S_COMPLETE; + } + + n = (*oid_set)->count + 1; + tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc)); + if (tmp == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + (*oid_set)->elements = tmp; + (*oid_set)->count = n; + (*oid_set)->elements[n-1] = *member_oid; + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/address_to_krb5addr.c b/source4/heimdal/lib/gssapi/address_to_krb5addr.c new file mode 100644 index 0000000000..13a6825f55 --- /dev/null +++ b/source4/heimdal/lib/gssapi/address_to_krb5addr.c @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +#include + +krb5_error_code +gss_address_to_krb5addr(OM_uint32 gss_addr_type, + gss_buffer_desc *gss_addr, + int16_t port, + krb5_address *address) +{ + int addr_type; + struct sockaddr sa; + krb5_socklen_t sa_size = sizeof(sa); + krb5_error_code problem; + + if (gss_addr == NULL) + return GSS_S_FAILURE; + + switch (gss_addr_type) { +#ifdef HAVE_IPV6 + case GSS_C_AF_INET6: addr_type = AF_INET6; + break; +#endif /* HAVE_IPV6 */ + + case GSS_C_AF_INET: addr_type = AF_INET; + break; + default: + return GSS_S_FAILURE; + } + + problem = krb5_h_addr2sockaddr (gssapi_krb5_context, + addr_type, + gss_addr->value, + &sa, + &sa_size, + port); + if (problem) + return GSS_S_FAILURE; + + problem = krb5_sockaddr2address (gssapi_krb5_context, &sa, address); + + return problem; +} diff --git a/source4/heimdal/lib/gssapi/arcfour.c b/source4/heimdal/lib/gssapi/arcfour.c new file mode 100644 index 0000000000..5edcee08ec --- /dev/null +++ b/source4/heimdal/lib/gssapi/arcfour.c @@ -0,0 +1,660 @@ +/* + * Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: arcfour.c,v 1.17 2005/05/06 07:13:32 lha Exp $"); + +/* + * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt + * + * The arcfour message have the following formats: + * + * MIC token + * TOK_ID[2] = 01 01 + * SGN_ALG[2] = 11 00 + * Filler[4] + * SND_SEQ[8] + * SGN_CKSUM[8] + * + * WRAP token + * TOK_ID[2] = 02 01 + * SGN_ALG[2]; + * SEAL_ALG[2] + * Filler[2] + * SND_SEQ[2] + * SGN_CKSUM[8] + * Confounder[8] + */ + + +static krb5_error_code +arcfour_mic_key(krb5_context context, krb5_keyblock *key, + void *cksum_data, size_t cksum_size, + void *key6_data, size_t key6_size) +{ + krb5_error_code ret; + + Checksum cksum_k5; + krb5_keyblock key5; + char k5_data[16]; + + Checksum cksum_k6; + + char T[4]; + + memset(T, 0, 4); + cksum_k5.checksum.data = k5_data; + cksum_k5.checksum.length = sizeof(k5_data); + + if (key->keytype == KEYTYPE_ARCFOUR_56) { + char L40[14] = "fortybits"; + + memcpy(L40 + 10, T, sizeof(T)); + ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5, + L40, 14, 0, key, &cksum_k5); + memset(&k5_data[7], 0xAB, 9); + } else { + ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5, + T, 4, 0, key, &cksum_k5); + } + if (ret) + return ret; + + key5.keytype = KEYTYPE_ARCFOUR; + key5.keyvalue = cksum_k5.checksum; + + cksum_k6.checksum.data = key6_data; + cksum_k6.checksum.length = key6_size; + + return krb5_hmac(context, CKSUMTYPE_RSA_MD5, + cksum_data, cksum_size, 0, &key5, &cksum_k6); +} + + +static krb5_error_code +arcfour_mic_cksum(krb5_keyblock *key, unsigned usage, + u_char *sgn_cksum, size_t sgn_cksum_sz, + const char *v1, size_t l1, + const void *v2, size_t l2, + const void *v3, size_t l3) +{ + Checksum CKSUM; + u_char *ptr; + size_t len; + krb5_crypto crypto; + krb5_error_code ret; + + assert(sgn_cksum_sz == 8); + + len = l1 + l2 + l3; + + ptr = malloc(len); + if (ptr == NULL) + return ENOMEM; + + memcpy(ptr, v1, l1); + memcpy(ptr + l1, v2, l2); + memcpy(ptr + l1 + l2, v3, l3); + + ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); + if (ret) { + free(ptr); + return ret; + } + + ret = krb5_create_checksum(gssapi_krb5_context, + crypto, + usage, + 0, + ptr, len, + &CKSUM); + free(ptr); + if (ret == 0) { + memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz); + free_Checksum(&CKSUM); + } + krb5_crypto_destroy(gssapi_krb5_context, crypto); + + return ret; +} + + +OM_uint32 +_gssapi_get_mic_arcfour(OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token, + krb5_keyblock *key) +{ + krb5_error_code ret; + int32_t seq_number; + size_t len, total_len; + u_char k6_data[16], *p0, *p; + RC4_KEY rc4_key; + + gssapi_krb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM); + + message_token->length = total_len; + message_token->value = malloc (total_len); + if (message_token->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p0 = _gssapi_make_mech_header(message_token->value, + len, + GSS_KRB5_MECHANISM); + p = p0; + + *p++ = 0x01; /* TOK_ID */ + *p++ = 0x01; + *p++ = 0x11; /* SGN_ALG */ + *p++ = 0x00; + *p++ = 0xff; /* Filler */ + *p++ = 0xff; + *p++ = 0xff; + *p++ = 0xff; + + p = NULL; + + ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN, + p0 + 16, 8, /* SGN_CKSUM */ + p0, 8, /* TOK_ID, SGN_ALG, Filer */ + message_buffer->value, message_buffer->length, + NULL, 0); + if (ret) { + gss_release_buffer(minor_status, message_token); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = arcfour_mic_key(gssapi_krb5_context, key, + p0 + 16, 8, /* SGN_CKSUM */ + k6_data, sizeof(k6_data)); + if (ret) { + gss_release_buffer(minor_status, message_token); + *minor_status = ret; + return GSS_S_FAILURE; + } + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + &seq_number); + p = p0 + 8; /* SND_SEQ */ + gssapi_encode_be_om_uint32(seq_number, p); + + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4); + + RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); + RC4 (&rc4_key, 8, p, p); + + memset(&rc4_key, 0, sizeof(rc4_key)); + memset(k6_data, 0, sizeof(k6_data)); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + + +OM_uint32 +_gssapi_verify_mic_arcfour(OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state, + krb5_keyblock *key, + char *type) +{ + krb5_error_code ret; + int32_t seq_number; + OM_uint32 omret; + char cksum_data[8], k6_data[16], SND_SEQ[8]; + u_char *p; + int cmp; + + if (qop_state) + *qop_state = 0; + + p = token_buffer->value; + omret = gssapi_krb5_verify_header (&p, + token_buffer->length, + type, + GSS_KRB5_MECHANISM); + if (omret) + return omret; + + if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */ + return GSS_S_BAD_SIG; + p += 2; + if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) + return GSS_S_BAD_MIC; + p += 4; + + ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN, + cksum_data, sizeof(cksum_data), + p - 8, 8, + message_buffer->value, message_buffer->length, + NULL, 0); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = arcfour_mic_key(gssapi_krb5_context, key, + cksum_data, sizeof(cksum_data), + k6_data, sizeof(k6_data)); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + cmp = memcmp(cksum_data, p + 8, 8); + if (cmp) { + *minor_status = 0; + return GSS_S_BAD_MIC; + } + + { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); + RC4 (&rc4_key, 8, p, SND_SEQ); + + memset(&rc4_key, 0, sizeof(rc4_key)); + memset(k6_data, 0, sizeof(k6_data)); + } + + gssapi_decode_be_om_uint32(SND_SEQ, &seq_number); + + if (context_handle->more_flags & LOCAL) + cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4); + else + cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4); + + memset(SND_SEQ, 0, sizeof(SND_SEQ)); + if (cmp != 0) { + *minor_status = 0; + return GSS_S_BAD_MIC; + } + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + omret = _gssapi_msg_order_check(context_handle->order, seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + if (omret) + return omret; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +_gssapi_wrap_arcfour(OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int * conf_state, + gss_buffer_t output_message_buffer, + krb5_keyblock *key) +{ + u_char Klocaldata[16], k6_data[16], *p, *p0; + size_t len, total_len, datalen; + krb5_keyblock Klocal; + krb5_error_code ret; + int32_t seq_number; + + if (conf_state) + *conf_state = 0; + + datalen = input_message_buffer->length; + len = GSS_ARCFOUR_WRAP_TOKEN_SIZE; + /* if GSS_C_DCE_STYLE is in use: + * - we only need to encapsulate the WRAP token + * - we should not add padding + */ + if (!(context_handle->flags & GSS_C_DCE_STYLE)) { + datalen += 1 /* padding */; + len += datalen; + } + _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); + if (context_handle->flags & GSS_C_DCE_STYLE) { + total_len += datalen; + } + + output_message_buffer->length = total_len; + output_message_buffer->value = malloc (total_len); + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p0 = _gssapi_make_mech_header(output_message_buffer->value, + len, + GSS_KRB5_MECHANISM); + p = p0; + + *p++ = 0x02; /* TOK_ID */ + *p++ = 0x01; + *p++ = 0x11; /* SGN_ALG */ + *p++ = 0x00; + if (conf_req_flag) { + *p++ = 0x10; /* SEAL_ALG */ + *p++ = 0x00; + } else { + *p++ = 0xff; /* SEAL_ALG */ + *p++ = 0xff; + } + *p++ = 0xff; /* Filler */ + *p++ = 0xff; + + p = NULL; + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + &seq_number); + + gssapi_encode_be_om_uint32(seq_number, p0 + 8); + + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + memset (p0 + 8 + 4, + (context_handle->more_flags & LOCAL) ? 0 : 0xff, + 4); + + krb5_generate_random_block(p0 + 24, 8); /* fill in Confounder */ + + /* p points to data */ + p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE; + memcpy(p, input_message_buffer->value, input_message_buffer->length); + /* only add padding when GSS_C_DCE_STYLE is not in use */ + if (!(context_handle->flags & GSS_C_DCE_STYLE)) { + p[input_message_buffer->length] = 1; /* PADDING */ + } + + ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL, + p0 + 16, 8, /* SGN_CKSUM */ + p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */ + p0 + 24, 8, /* Confounder */ + p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, + datalen); + if (ret) { + *minor_status = ret; + gss_release_buffer(minor_status, output_message_buffer); + return GSS_S_FAILURE; + } + + { + int i; + + Klocal.keytype = key->keytype; + Klocal.keyvalue.data = Klocaldata; + Klocal.keyvalue.length = sizeof(Klocaldata); + + for (i = 0; i < 16; i++) + Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0; + } + ret = arcfour_mic_key(gssapi_krb5_context, &Klocal, + p0 + 8, 4, /* SND_SEQ */ + k6_data, sizeof(k6_data)); + memset(Klocaldata, 0, sizeof(Klocaldata)); + if (ret) { + gss_release_buffer(minor_status, output_message_buffer); + *minor_status = ret; + return GSS_S_FAILURE; + } + + + if(conf_req_flag) { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); + /* XXX ? */ + RC4 (&rc4_key, 8 + datalen, p0 + 24, p0 + 24); /* Confounder + data */ + memset(&rc4_key, 0, sizeof(rc4_key)); + } + memset(k6_data, 0, sizeof(k6_data)); + + ret = arcfour_mic_key(gssapi_krb5_context, key, + p0 + 16, 8, /* SGN_CKSUM */ + k6_data, sizeof(k6_data)); + if (ret) { + gss_release_buffer(minor_status, output_message_buffer); + *minor_status = ret; + return GSS_S_FAILURE; + } + + { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); + RC4 (&rc4_key, 8, p0 + 8, p0 + 8); /* SND_SEQ */ + memset(&rc4_key, 0, sizeof(rc4_key)); + memset(k6_data, 0, sizeof(k6_data)); + } + + if (conf_state) + *conf_state = conf_req_flag; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state, + krb5_keyblock *key) +{ + u_char Klocaldata[16]; + krb5_keyblock Klocal; + krb5_error_code ret; + int32_t seq_number; + size_t len, datalen; + OM_uint32 omret; + char k6_data[16], SND_SEQ[8], Confounder[8]; + char cksum_data[8]; + u_char *p, *p0; + int cmp; + int conf_flag; + size_t padlen = 0; + + if (conf_state) + *conf_state = 0; + if (qop_state) + *qop_state = 0; + + p0 = input_message_buffer->value; + len = input_message_buffer->length; + /* if we have GSS_C_DCE_STYLE in use, we only need to decapsulate the WRAP token */ + if (context_handle->flags & GSS_C_DCE_STYLE) { + if (input_message_buffer->length < (GSS_ARCFOUR_WRAP_TOKEN_OFFSET+GSS_ARCFOUR_WRAP_TOKEN_SIZE)) { + return GSS_S_BAD_MECH; + } + len = GSS_ARCFOUR_WRAP_TOKEN_OFFSET+GSS_ARCFOUR_WRAP_TOKEN_SIZE; + } + omret = _gssapi_verify_mech_header(&p0, + len, + GSS_KRB5_MECHANISM); + if (omret) + return omret; + p = p0; + + datalen = input_message_buffer->length - + (p - ((u_char *)input_message_buffer->value)) - + GSS_ARCFOUR_WRAP_TOKEN_SIZE; + + if (memcmp(p, "\x02\x01", 2) != 0) + return GSS_S_BAD_SIG; + p += 2; + if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */ + return GSS_S_BAD_SIG; + p += 2; + + if (memcmp (p, "\x10\x00", 2) == 0) + conf_flag = 1; + else if (memcmp (p, "\xff\xff", 2) == 0) + conf_flag = 0; + else + return GSS_S_BAD_SIG; + + p += 2; + if (memcmp (p, "\xff\xff", 2) != 0) + return GSS_S_BAD_MIC; + p = NULL; + + ret = arcfour_mic_key(gssapi_krb5_context, key, + p0 + 16, 8, /* SGN_CKSUM */ + k6_data, sizeof(k6_data)); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); + RC4 (&rc4_key, 8, p0 + 8, SND_SEQ); /* SND_SEQ */ + memset(&rc4_key, 0, sizeof(rc4_key)); + memset(k6_data, 0, sizeof(k6_data)); + } + + gssapi_decode_be_om_uint32(SND_SEQ, &seq_number); + + if (context_handle->more_flags & LOCAL) + cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4); + else + cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4); + + if (cmp != 0) { + *minor_status = 0; + return GSS_S_BAD_MIC; + } + + { + int i; + + Klocal.keytype = key->keytype; + Klocal.keyvalue.data = Klocaldata; + Klocal.keyvalue.length = sizeof(Klocaldata); + + for (i = 0; i < 16; i++) + Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0; + } + ret = arcfour_mic_key(gssapi_krb5_context, &Klocal, + SND_SEQ, 4, + k6_data, sizeof(k6_data)); + memset(Klocaldata, 0, sizeof(Klocaldata)); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + output_message_buffer->value = malloc(datalen); + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + output_message_buffer->length = datalen; + + if(conf_flag) { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); + RC4 (&rc4_key, 8, p0 + 24, Confounder); /* Confounder */ + RC4 (&rc4_key, datalen, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, + output_message_buffer->value); + memset(&rc4_key, 0, sizeof(rc4_key)); + } else { + memcpy(Confounder, p0 + 24, 8); /* Confounder */ + memcpy(output_message_buffer->value, + p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, + datalen); + } + memset(k6_data, 0, sizeof(k6_data)); + + if (!(context_handle->flags & GSS_C_DCE_STYLE)) { + ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen); + if (ret) { + gss_release_buffer(minor_status, output_message_buffer); + *minor_status = 0; + return ret; + } + output_message_buffer->length -= padlen; + } + + ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL, + cksum_data, sizeof(cksum_data), + p0, 8, + Confounder, sizeof(Confounder), + output_message_buffer->value, + output_message_buffer->length + padlen); + if (ret) { + gss_release_buffer(minor_status, output_message_buffer); + *minor_status = ret; + return GSS_S_FAILURE; + } + + cmp = memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */ + if (cmp) { + gss_release_buffer(minor_status, output_message_buffer); + *minor_status = 0; + return GSS_S_BAD_MIC; + } + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + omret = _gssapi_msg_order_check(context_handle->order, seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + if (omret) + return omret; + + if (conf_state) + *conf_state = conf_flag; + + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/arcfour.h b/source4/heimdal/lib/gssapi/arcfour.h new file mode 100644 index 0000000000..5acfcad29d --- /dev/null +++ b/source4/heimdal/lib/gssapi/arcfour.h @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: arcfour.h,v 1.5 2004/03/07 22:30:57 lha Exp $ */ + +#ifndef GSSAPI_ARCFOUR_H_ +#define GSSAPI_ARCFOUR_H_ 1 + +#define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32 +#define GSS_ARCFOUR_WRAP_TOKEN_OFFSET 13 + +OM_uint32 _gssapi_wrap_arcfour(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int *conf_state, + gss_buffer_t output_message_buffer, + krb5_keyblock *key); + +OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state, + krb5_keyblock *key); + +OM_uint32 _gssapi_get_mic_arcfour(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token, + krb5_keyblock *key); + +OM_uint32 _gssapi_verify_mic_arcfour(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t *qop_state, + krb5_keyblock *key, + char *type); + +#endif /* GSSAPI_ARCFOUR_H_ */ diff --git a/source4/heimdal/lib/gssapi/ccache_name.c b/source4/heimdal/lib/gssapi/ccache_name.c new file mode 100755 index 0000000000..3bebb83c1f --- /dev/null +++ b/source4/heimdal/lib/gssapi/ccache_name.c @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: ccache_name.c,v 1.2 2005/06/16 20:38:49 lha Exp $"); + +char *last_out_name; + +OM_uint32 +gss_krb5_ccache_name(OM_uint32 *minor_status, + const char *name, + const char **out_name) +{ + krb5_error_code kret; + + *minor_status = 0; + + GSSAPI_KRB5_INIT(); + + if (out_name) { + const char *n; + + if (last_out_name) { + free(last_out_name); + last_out_name = NULL; + } + + n = krb5_cc_default_name(gssapi_krb5_context); + if (n == NULL) { + *minor_status = ENOMEM; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + last_out_name = strdup(n); + if (last_out_name == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + *out_name = last_out_name; + } + + kret = krb5_cc_set_default_name(gssapi_krb5_context, name); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/cfx.c b/source4/heimdal/lib/gssapi/cfx.c new file mode 100755 index 0000000000..75b6a8bcfa --- /dev/null +++ b/source4/heimdal/lib/gssapi/cfx.c @@ -0,0 +1,841 @@ +/* + * Copyright (c) 2003, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: cfx.c,v 1.17 2005/04/27 17:47:32 lha Exp $"); + +/* + * Implementation of draft-ietf-krb-wg-gssapi-cfx-06.txt + */ + +#define CFXSentByAcceptor (1 << 0) +#define CFXSealed (1 << 1) +#define CFXAcceptorSubkey (1 << 2) + +static krb5_error_code +wrap_length_cfx(krb5_crypto crypto, + int conf_req_flag, + size_t input_length, + size_t *output_length, + size_t *cksumsize, + u_int16_t *padlength) +{ + krb5_error_code ret; + krb5_cksumtype type; + + /* 16-byte header is always first */ + *output_length = sizeof(gss_cfx_wrap_token_desc); + *padlength = 0; + + ret = krb5_crypto_get_checksum_type(gssapi_krb5_context, crypto, &type); + if (ret) { + return ret; + } + + ret = krb5_checksumsize(gssapi_krb5_context, type, cksumsize); + if (ret) { + return ret; + } + + if (conf_req_flag) { + size_t padsize; + + /* Header is concatenated with data before encryption */ + input_length += sizeof(gss_cfx_wrap_token_desc); + + ret = krb5_crypto_getpadsize(gssapi_krb5_context, crypto, &padsize); + if (ret) { + return ret; + } + if (padsize > 1) { + /* XXX check this */ + *padlength = padsize - (input_length % padsize); + } + + /* We add the pad ourselves (noted here for completeness only) */ + input_length += *padlength; + + *output_length += krb5_get_wrapped_length(gssapi_krb5_context, + crypto, input_length); + } else { + /* Checksum is concatenated with data */ + *output_length += input_length + *cksumsize; + } + + assert(*output_length > input_length); + + return 0; +} + +OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_output_size, + OM_uint32 *max_input_size, + krb5_keyblock *key) +{ + krb5_error_code ret; + krb5_crypto crypto; + u_int16_t padlength; + size_t output_length, cksumsize; + + ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = wrap_length_cfx(crypto, conf_req_flag, + req_output_size, + &output_length, &cksumsize, &padlength); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + return GSS_S_FAILURE; + } + + if (output_length < req_output_size) { + *max_input_size = (req_output_size - output_length); + *max_input_size -= padlength; + } else { + /* Should this return an error? */ + *max_input_size = 0; + } + + krb5_crypto_destroy(gssapi_krb5_context, crypto); + + return GSS_S_COMPLETE; +} + +/* + * Rotate "rrc" bytes to the front or back + */ + +static krb5_error_code +rrc_rotate(void *data, size_t len, u_int16_t rrc, krb5_boolean unrotate) +{ + u_char *tmp; + size_t left; + char buf[256]; + + if (len == 0) + return 0; + + rrc %= len; + + if (rrc == 0) + return 0; + + left = len - rrc; + + if (rrc <= sizeof(buf)) { + tmp = buf; + } else { + tmp = malloc(rrc); + if (tmp == NULL) + return ENOMEM; + } + + if (unrotate) { + memcpy(tmp, data, rrc); + memmove(data, (u_char *)data + rrc, left); + memcpy((u_char *)data + left, tmp, rrc); + } else { + memcpy(tmp, (u_char *)data + left, rrc); + memmove((u_char *)data + rrc, data, left); + memcpy(data, tmp, rrc); + } + + if (rrc > sizeof(buf)) + free(tmp); + + return 0; +} + +OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int *conf_state, + gss_buffer_t output_message_buffer, + krb5_keyblock *key) +{ + krb5_crypto crypto; + gss_cfx_wrap_token token; + krb5_error_code ret; + unsigned usage; + krb5_data cipher; + size_t wrapped_len, cksumsize; + u_int16_t padlength, rrc = 0; + OM_uint32 seq_number; + u_char *p; + + ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = wrap_length_cfx(crypto, conf_req_flag, + input_message_buffer->length, + &wrapped_len, &cksumsize, &padlength); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + return GSS_S_FAILURE; + } + + /* Always rotate encrypted token (if any) and checksum to header */ + rrc = (conf_req_flag ? sizeof(*token) : 0) + (u_int16_t)cksumsize; + + output_message_buffer->length = wrapped_len; + output_message_buffer->value = malloc(output_message_buffer->length); + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + return GSS_S_FAILURE; + } + + p = output_message_buffer->value; + token = (gss_cfx_wrap_token)p; + token->TOK_ID[0] = 0x05; + token->TOK_ID[1] = 0x04; + token->Flags = 0; + token->Filler = 0xFF; + if ((context_handle->more_flags & LOCAL) == 0) + token->Flags |= CFXSentByAcceptor; + if (context_handle->more_flags & ACCEPTOR_SUBKEY) + token->Flags |= CFXAcceptorSubkey; + if (conf_req_flag) { + /* + * In Wrap tokens with confidentiality, the EC field is + * used to encode the size (in bytes) of the random filler. + */ + token->Flags |= CFXSealed; + token->EC[0] = (padlength >> 8) & 0xFF; + token->EC[1] = (padlength >> 0) & 0xFF; + } else { + /* + * In Wrap tokens without confidentiality, the EC field is + * used to encode the size (in bytes) of the trailing + * checksum. + * + * This is not used in the checksum calcuation itself, + * because the checksum length could potentially vary + * depending on the data length. + */ + token->EC[0] = 0; + token->EC[1] = 0; + } + + /* + * In Wrap tokens that provide for confidentiality, the RRC + * field in the header contains the hex value 00 00 before + * encryption. + * + * In Wrap tokens that do not provide for confidentiality, + * both the EC and RRC fields in the appended checksum + * contain the hex value 00 00 for the purpose of calculating + * the checksum. + */ + token->RRC[0] = 0; + token->RRC[1] = 0; + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + krb5_auth_con_getlocalseqnumber(gssapi_krb5_context, + context_handle->auth_context, + &seq_number); + gssapi_encode_be_om_uint32(0, &token->SND_SEQ[0]); + gssapi_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]); + krb5_auth_con_setlocalseqnumber(gssapi_krb5_context, + context_handle->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + /* + * If confidentiality is requested, the token header is + * appended to the plaintext before encryption; the resulting + * token is {"header" | encrypt(plaintext | pad | "header")}. + * + * If no confidentiality is requested, the checksum is + * calculated over the plaintext concatenated with the + * token header. + */ + if (context_handle->more_flags & LOCAL) { + usage = KRB5_KU_USAGE_INITIATOR_SEAL; + } else { + usage = KRB5_KU_USAGE_ACCEPTOR_SEAL; + } + + if (conf_req_flag) { + /* + * Any necessary padding is added here to ensure that the + * encrypted token header is always at the end of the + * ciphertext. + * + * The specification does not require that the padding + * bytes are initialized. + */ + p += sizeof(*token); + memcpy(p, input_message_buffer->value, input_message_buffer->length); + memset(p + input_message_buffer->length, 0xFF, padlength); + memcpy(p + input_message_buffer->length + padlength, + token, sizeof(*token)); + + ret = krb5_encrypt(gssapi_krb5_context, crypto, + usage, p, + input_message_buffer->length + padlength + + sizeof(*token), + &cipher); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + gss_release_buffer(minor_status, output_message_buffer); + return GSS_S_FAILURE; + } + assert(sizeof(*token) + cipher.length == wrapped_len); + token->RRC[0] = (rrc >> 8) & 0xFF; + token->RRC[1] = (rrc >> 0) & 0xFF; + + ret = rrc_rotate(cipher.data, cipher.length, rrc, FALSE); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + gss_release_buffer(minor_status, output_message_buffer); + return GSS_S_FAILURE; + } + memcpy(p, cipher.data, cipher.length); + krb5_data_free(&cipher); + } else { + char *buf; + Checksum cksum; + + buf = malloc(input_message_buffer->length + sizeof(*token)); + if (buf == NULL) { + *minor_status = ENOMEM; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + gss_release_buffer(minor_status, output_message_buffer); + return GSS_S_FAILURE; + } + memcpy(buf, input_message_buffer->value, input_message_buffer->length); + memcpy(buf + input_message_buffer->length, token, sizeof(*token)); + + ret = krb5_create_checksum(gssapi_krb5_context, crypto, + usage, 0, buf, + input_message_buffer->length + + sizeof(*token), + &cksum); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + gss_release_buffer(minor_status, output_message_buffer); + free(buf); + return GSS_S_FAILURE; + } + + free(buf); + + assert(cksum.checksum.length == cksumsize); + token->EC[0] = (cksum.checksum.length >> 8) & 0xFF; + token->EC[1] = (cksum.checksum.length >> 0) & 0xFF; + token->RRC[0] = (rrc >> 8) & 0xFF; + token->RRC[1] = (rrc >> 0) & 0xFF; + + p += sizeof(*token); + memcpy(p, input_message_buffer->value, input_message_buffer->length); + memcpy(p + input_message_buffer->length, + cksum.checksum.data, cksum.checksum.length); + + ret = rrc_rotate(p, + input_message_buffer->length + cksum.checksum.length, rrc, FALSE); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + gss_release_buffer(minor_status, output_message_buffer); + free_Checksum(&cksum); + return GSS_S_FAILURE; + } + free_Checksum(&cksum); + } + + krb5_crypto_destroy(gssapi_krb5_context, crypto); + + if (conf_state != NULL) { + *conf_state = conf_req_flag; + } + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state, + krb5_keyblock *key) +{ + krb5_crypto crypto; + gss_cfx_wrap_token token; + u_char token_flags; + krb5_error_code ret; + unsigned usage; + krb5_data data; + u_int16_t ec, rrc; + OM_uint32 seq_number_lo, seq_number_hi; + size_t len; + u_char *p; + + *minor_status = 0; + + if (input_message_buffer->length < sizeof(*token)) { + return GSS_S_DEFECTIVE_TOKEN; + } + + p = input_message_buffer->value; + + token = (gss_cfx_wrap_token)p; + + if (token->TOK_ID[0] != 0x05 || token->TOK_ID[1] != 0x04) { + return GSS_S_DEFECTIVE_TOKEN; + } + + /* Ignore unknown flags */ + token_flags = token->Flags & + (CFXSentByAcceptor | CFXSealed | CFXAcceptorSubkey); + + if (token_flags & CFXSentByAcceptor) { + if ((context_handle->more_flags & LOCAL) == 0) + return GSS_S_DEFECTIVE_TOKEN; + } + + if (context_handle->more_flags & ACCEPTOR_SUBKEY) { + if ((token_flags & CFXAcceptorSubkey) == 0) + return GSS_S_DEFECTIVE_TOKEN; + } else { + if (token_flags & CFXAcceptorSubkey) + return GSS_S_DEFECTIVE_TOKEN; + } + + if (token->Filler != 0xFF) { + return GSS_S_DEFECTIVE_TOKEN; + } + + if (conf_state != NULL) { + *conf_state = (token_flags & CFXSealed) ? 1 : 0; + } + + ec = (token->EC[0] << 8) | token->EC[1]; + rrc = (token->RRC[0] << 8) | token->RRC[1]; + + /* + * Check sequence number + */ + gssapi_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi); + gssapi_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo); + if (seq_number_hi) { + /* no support for 64-bit sequence numbers */ + *minor_status = ERANGE; + return GSS_S_UNSEQ_TOKEN; + } + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + ret = _gssapi_msg_order_check(context_handle->order, seq_number_lo); + if (ret != 0) { + *minor_status = 0; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + gss_release_buffer(minor_status, output_message_buffer); + return ret; + } + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + /* + * Decrypt and/or verify checksum + */ + ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + return GSS_S_FAILURE; + } + + if (context_handle->more_flags & LOCAL) { + usage = KRB5_KU_USAGE_ACCEPTOR_SEAL; + } else { + usage = KRB5_KU_USAGE_INITIATOR_SEAL; + } + + p += sizeof(*token); + len = input_message_buffer->length; + len -= (p - (u_char *)input_message_buffer->value); + + /* Rotate by RRC; bogus to do this in-place XXX */ + *minor_status = rrc_rotate(p, len, rrc, TRUE); + if (*minor_status != 0) { + krb5_crypto_destroy(gssapi_krb5_context, crypto); + return GSS_S_FAILURE; + } + + if (token_flags & CFXSealed) { + ret = krb5_decrypt(gssapi_krb5_context, crypto, usage, + p, len, &data); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + return GSS_S_BAD_MIC; + } + + /* Check that there is room for the pad and token header */ + if (data.length < ec + sizeof(*token)) { + krb5_crypto_destroy(gssapi_krb5_context, crypto); + krb5_data_free(&data); + return GSS_S_DEFECTIVE_TOKEN; + } + p = data.data; + p += data.length - sizeof(*token); + + /* RRC is unprotected; don't modify input buffer */ + ((gss_cfx_wrap_token)p)->RRC[0] = token->RRC[0]; + ((gss_cfx_wrap_token)p)->RRC[1] = token->RRC[1]; + + /* Check the integrity of the header */ + if (memcmp(p, token, sizeof(*token)) != 0) { + krb5_crypto_destroy(gssapi_krb5_context, crypto); + krb5_data_free(&data); + return GSS_S_BAD_MIC; + } + + output_message_buffer->value = data.data; + output_message_buffer->length = data.length - ec - sizeof(*token); + } else { + Checksum cksum; + + /* Determine checksum type */ + ret = krb5_crypto_get_checksum_type(gssapi_krb5_context, + crypto, &cksum.cksumtype); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + return GSS_S_FAILURE; + } + + cksum.checksum.length = ec; + + /* Check we have at least as much data as the checksum */ + if (len < cksum.checksum.length) { + *minor_status = ERANGE; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + return GSS_S_BAD_MIC; + } + + /* Length now is of the plaintext only, no checksum */ + len -= cksum.checksum.length; + cksum.checksum.data = p + len; + + output_message_buffer->length = len; /* for later */ + output_message_buffer->value = malloc(len + sizeof(*token)); + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + return GSS_S_FAILURE; + } + + /* Checksum is over (plaintext-data | "header") */ + memcpy(output_message_buffer->value, p, len); + memcpy((u_char *)output_message_buffer->value + len, + token, sizeof(*token)); + + /* EC is not included in checksum calculation */ + token = (gss_cfx_wrap_token)((u_char *)output_message_buffer->value + + len); + token->EC[0] = 0; + token->EC[1] = 0; + token->RRC[0] = 0; + token->RRC[1] = 0; + + ret = krb5_verify_checksum(gssapi_krb5_context, crypto, + usage, + output_message_buffer->value, + len + sizeof(*token), + &cksum); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + gss_release_buffer(minor_status, output_message_buffer); + return GSS_S_BAD_MIC; + } + } + + krb5_crypto_destroy(gssapi_krb5_context, crypto); + + if (qop_state != NULL) { + *qop_state = GSS_C_QOP_DEFAULT; + } + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token, + krb5_keyblock *key) +{ + krb5_crypto crypto; + gss_cfx_mic_token token; + krb5_error_code ret; + unsigned usage; + Checksum cksum; + u_char *buf; + size_t len; + OM_uint32 seq_number; + + ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + return GSS_S_FAILURE; + } + + len = message_buffer->length + sizeof(*token); + buf = malloc(len); + if (buf == NULL) { + *minor_status = ENOMEM; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + return GSS_S_FAILURE; + } + + memcpy(buf, message_buffer->value, message_buffer->length); + + token = (gss_cfx_mic_token)(buf + message_buffer->length); + token->TOK_ID[0] = 0x04; + token->TOK_ID[1] = 0x04; + token->Flags = 0; + if ((context_handle->more_flags & LOCAL) == 0) + token->Flags |= CFXSentByAcceptor; + if (context_handle->more_flags & ACCEPTOR_SUBKEY) + token->Flags |= CFXAcceptorSubkey; + memset(token->Filler, 0xFF, 5); + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + krb5_auth_con_getlocalseqnumber(gssapi_krb5_context, + context_handle->auth_context, + &seq_number); + gssapi_encode_be_om_uint32(0, &token->SND_SEQ[0]); + gssapi_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]); + krb5_auth_con_setlocalseqnumber(gssapi_krb5_context, + context_handle->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + if (context_handle->more_flags & LOCAL) { + usage = KRB5_KU_USAGE_INITIATOR_SIGN; + } else { + usage = KRB5_KU_USAGE_ACCEPTOR_SIGN; + } + + ret = krb5_create_checksum(gssapi_krb5_context, crypto, + usage, 0, buf, len, &cksum); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + free(buf); + return GSS_S_FAILURE; + } + krb5_crypto_destroy(gssapi_krb5_context, crypto); + + /* Determine MIC length */ + message_token->length = sizeof(*token) + cksum.checksum.length; + message_token->value = malloc(message_token->length); + if (message_token->value == NULL) { + *minor_status = ENOMEM; + free_Checksum(&cksum); + free(buf); + return GSS_S_FAILURE; + } + + /* Token is { "header" | get_mic("header" | plaintext-data) } */ + memcpy(message_token->value, token, sizeof(*token)); + memcpy((u_char *)message_token->value + sizeof(*token), + cksum.checksum.data, cksum.checksum.length); + + free_Checksum(&cksum); + free(buf); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t *qop_state, + krb5_keyblock *key) +{ + krb5_crypto crypto; + gss_cfx_mic_token token; + u_char token_flags; + krb5_error_code ret; + unsigned usage; + OM_uint32 seq_number_lo, seq_number_hi; + u_char *buf, *p; + Checksum cksum; + + *minor_status = 0; + + if (token_buffer->length < sizeof(*token)) { + return GSS_S_DEFECTIVE_TOKEN; + } + + p = token_buffer->value; + + token = (gss_cfx_mic_token)p; + + if (token->TOK_ID[0] != 0x04 || token->TOK_ID[1] != 0x04) { + return GSS_S_DEFECTIVE_TOKEN; + } + + /* Ignore unknown flags */ + token_flags = token->Flags & (CFXSentByAcceptor | CFXAcceptorSubkey); + + if (token_flags & CFXSentByAcceptor) { + if ((context_handle->more_flags & LOCAL) == 0) + return GSS_S_DEFECTIVE_TOKEN; + } + if (context_handle->more_flags & ACCEPTOR_SUBKEY) { + if ((token_flags & CFXAcceptorSubkey) == 0) + return GSS_S_DEFECTIVE_TOKEN; + } else { + if (token_flags & CFXAcceptorSubkey) + return GSS_S_DEFECTIVE_TOKEN; + } + + if (memcmp(token->Filler, "\xff\xff\xff\xff\xff", 5) != 0) { + return GSS_S_DEFECTIVE_TOKEN; + } + + /* + * Check sequence number + */ + gssapi_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi); + gssapi_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo); + if (seq_number_hi) { + *minor_status = ERANGE; + return GSS_S_UNSEQ_TOKEN; + } + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + ret = _gssapi_msg_order_check(context_handle->order, seq_number_lo); + if (ret != 0) { + *minor_status = 0; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return ret; + } + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + /* + * Verify checksum + */ + ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_crypto_get_checksum_type(gssapi_krb5_context, crypto, + &cksum.cksumtype); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + return GSS_S_FAILURE; + } + + cksum.checksum.data = p + sizeof(*token); + cksum.checksum.length = token_buffer->length - sizeof(*token); + + if (context_handle->more_flags & LOCAL) { + usage = KRB5_KU_USAGE_ACCEPTOR_SIGN; + } else { + usage = KRB5_KU_USAGE_INITIATOR_SIGN; + } + + buf = malloc(message_buffer->length + sizeof(*token)); + if (buf == NULL) { + *minor_status = ENOMEM; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + return GSS_S_FAILURE; + } + memcpy(buf, message_buffer->value, message_buffer->length); + memcpy(buf + message_buffer->length, token, sizeof(*token)); + + ret = krb5_verify_checksum(gssapi_krb5_context, crypto, + usage, + buf, + sizeof(*token) + message_buffer->length, + &cksum); + if (ret != 0) { + gssapi_krb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(gssapi_krb5_context, crypto); + free(buf); + return GSS_S_BAD_MIC; + } + + free(buf); + + if (qop_state != NULL) { + *qop_state = GSS_C_QOP_DEFAULT; + } + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/cfx.h b/source4/heimdal/lib/gssapi/cfx.h new file mode 100755 index 0000000000..a587cb9d97 --- /dev/null +++ b/source4/heimdal/lib/gssapi/cfx.h @@ -0,0 +1,104 @@ +/* + * Copyright (c) 2003, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: cfx.h,v 1.5 2003/09/22 21:48:35 lha Exp $ */ + +#ifndef GSSAPI_CFX_H_ +#define GSSAPI_CFX_H_ 1 + +/* + * Implementation of draft-ietf-krb-wg-gssapi-cfx-01.txt + */ + +typedef struct gss_cfx_mic_token_desc_struct { + u_char TOK_ID[2]; /* 04 04 */ + u_char Flags; + u_char Filler[5]; + u_char SND_SEQ[8]; +} gss_cfx_mic_token_desc, *gss_cfx_mic_token; + +typedef struct gss_cfx_wrap_token_desc_struct { + u_char TOK_ID[2]; /* 04 05 */ + u_char Flags; + u_char Filler; + u_char EC[2]; + u_char RRC[2]; + u_char SND_SEQ[8]; +} gss_cfx_wrap_token_desc, *gss_cfx_wrap_token; + +typedef struct gss_cfx_delete_token_desc_struct { + u_char TOK_ID[2]; /* 05 04 */ + u_char Flags; + u_char Filler[5]; + u_char SND_SEQ[8]; +} gss_cfx_delete_token_desc, *gss_cfx_delete_token; + +OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_output_size, + OM_uint32 *max_input_size, + krb5_keyblock *key); + +OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int *conf_state, + gss_buffer_t output_message_buffer, + krb5_keyblock *key); + +OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state, + krb5_keyblock *key); + +OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token, + krb5_keyblock *key); + +OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t *qop_state, + krb5_keyblock *key); + +#endif /* GSSAPI_CFX_H_ */ diff --git a/source4/heimdal/lib/gssapi/compat.c b/source4/heimdal/lib/gssapi/compat.c new file mode 100644 index 0000000000..5605c48023 --- /dev/null +++ b/source4/heimdal/lib/gssapi/compat.c @@ -0,0 +1,154 @@ +/* + * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: compat.c,v 1.10 2005/05/30 20:51:51 lha Exp $"); + + +krb5_error_code +_gss_check_compat(OM_uint32 *minor_status, gss_name_t name, + const char *option, krb5_boolean *compat, + krb5_boolean match_val) +{ + krb5_error_code ret = 0; + char **p, **q; + krb5_principal match; + + + p = krb5_config_get_strings(gssapi_krb5_context, NULL, "gssapi", + option, NULL); + if(p == NULL) + return 0; + + match = NULL; + for(q = p; *q; q++) { + ret = krb5_parse_name(gssapi_krb5_context, *q, &match); + if (ret) + break; + + if (krb5_principal_match(gssapi_krb5_context, name, match)) { + *compat = match_val; + break; + } + + krb5_free_principal(gssapi_krb5_context, match); + match = NULL; + } + if (match) + krb5_free_principal(gssapi_krb5_context, match); + krb5_config_free_strings(p); + + if (ret) { + if (minor_status) + *minor_status = ret; + return GSS_S_FAILURE; + } + + return 0; +} + +/* + * ctx->ctx_id_mutex is assumed to be locked + */ + +OM_uint32 +_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx) +{ + krb5_boolean use_compat = FALSE; + OM_uint32 ret; + + if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) { + ret = _gss_check_compat(minor_status, ctx->target, + "broken_des3_mic", &use_compat, TRUE); + if (ret) + return ret; + ret = _gss_check_compat(minor_status, ctx->target, + "correct_des3_mic", &use_compat, FALSE); + if (ret) + return ret; + + if (use_compat) + ctx->more_flags |= COMPAT_OLD_DES3; + ctx->more_flags |= COMPAT_OLD_DES3_SELECTED; + } + return 0; +} + +OM_uint32 +gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on) +{ + *minor_status = 0; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + if (on) { + ctx->more_flags |= COMPAT_OLD_DES3; + } else { + ctx->more_flags &= ~COMPAT_OLD_DES3; + } + ctx->more_flags |= COMPAT_OLD_DES3_SELECTED; + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + return 0; +} + +/* + * For compatability with the Windows SPNEGO implementation, the + * default is to ignore the mechListMIC unless the initiator specified + * CFX or configured in krb5.conf with the option + * [gssapi]require_mechlist_mic=target-principal-pattern. + * The option is valid for both initiator and acceptor. + */ +OM_uint32 +_gss_spnego_require_mechlist_mic(OM_uint32 *minor_status, + gss_ctx_id_t ctx, + krb5_boolean *require_mic) +{ + OM_uint32 ret; + int is_cfx = 0; + + gsskrb5_is_cfx(ctx, &is_cfx); + if (is_cfx) { + /* CFX session key was used */ + *require_mic = TRUE; + } else { + *require_mic = FALSE; + ret = _gss_check_compat(minor_status, ctx->target, + "require_mechlist_mic", + require_mic, TRUE); + if (ret) + return ret; + } + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/context_time.c b/source4/heimdal/lib/gssapi/context_time.c new file mode 100644 index 0000000000..e13480c85e --- /dev/null +++ b/source4/heimdal/lib/gssapi/context_time.c @@ -0,0 +1,87 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: context_time.c,v 1.10 2003/06/03 15:08:00 lha Exp $"); + +OM_uint32 +gssapi_lifetime_left(OM_uint32 *minor_status, + OM_uint32 lifetime, + OM_uint32 *lifetime_rec) +{ + krb5_timestamp timeret; + krb5_error_code kret; + + kret = krb5_timeofday(gssapi_krb5_context, &timeret); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + + if (lifetime < timeret) + *lifetime_rec = 0; + else + *lifetime_rec = lifetime - timeret; + + return GSS_S_COMPLETE; +} + + +OM_uint32 gss_context_time + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + OM_uint32 * time_rec + ) +{ + OM_uint32 lifetime; + OM_uint32 major_status; + + GSSAPI_KRB5_INIT (); + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + lifetime = context_handle->lifetime; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + major_status = gssapi_lifetime_left(minor_status, lifetime, time_rec); + if (major_status != GSS_S_COMPLETE) + return major_status; + + *minor_status = 0; + + if (*time_rec == 0) + return GSS_S_CONTEXT_EXPIRED; + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/copy_ccache.c b/source4/heimdal/lib/gssapi/copy_ccache.c new file mode 100644 index 0000000000..4f2b3f4895 --- /dev/null +++ b/source4/heimdal/lib/gssapi/copy_ccache.c @@ -0,0 +1,134 @@ +/* + * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: copy_ccache.c,v 1.7 2003/09/01 15:11:09 lha Exp $"); + +OM_uint32 +gss_krb5_copy_ccache(OM_uint32 *minor_status, + gss_cred_id_t cred, + krb5_ccache out) +{ + krb5_error_code kret; + + HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); + + if (cred->ccache == NULL) { + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, out); + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int ad_type, + gss_buffer_t ad_data) +{ + krb5_error_code ret; + krb5_data data; + + ad_data->value = NULL; + ad_data->length = 0; + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + if (context_handle->ticket == NULL) { + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + ret = krb5_ticket_get_authorization_data_type(gssapi_krb5_context, + context_handle->ticket, + ad_type, + &data); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + ad_data->value = malloc(data.length); + if (ad_data->value == NULL) { + krb5_data_free(&data); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + ad_data->length = data.length; + memcpy(ad_data->value, data.data, ad_data->length); + krb5_data_free(&data); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 gss_krb5_copy_service_keyblock + (OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + struct EncryptionKey **out) +{ + krb5_error_code ret; + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + if (context_handle->service_keyblock == NULL) { + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + ret = krb5_copy_keyblock(gssapi_krb5_context, + context_handle->service_keyblock, + out); + + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/create_emtpy_oid_set.c b/source4/heimdal/lib/gssapi/create_emtpy_oid_set.c new file mode 100644 index 0000000000..1a25e0d781 --- /dev/null +++ b/source4/heimdal/lib/gssapi/create_emtpy_oid_set.c @@ -0,0 +1,52 @@ +/* + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: create_emtpy_oid_set.c,v 1.5 2003/03/16 17:47:07 lha Exp $"); + +OM_uint32 gss_create_empty_oid_set ( + OM_uint32 * minor_status, + gss_OID_set * oid_set + ) +{ + *oid_set = malloc(sizeof(**oid_set)); + if (*oid_set == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + (*oid_set)->count = 0; + (*oid_set)->elements = NULL; + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/decapsulate.c b/source4/heimdal/lib/gssapi/decapsulate.c new file mode 100644 index 0000000000..90e037f09b --- /dev/null +++ b/source4/heimdal/lib/gssapi/decapsulate.c @@ -0,0 +1,209 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: decapsulate.c,v 1.12 2005/06/16 20:40:49 lha Exp $"); + +/* + * return the length of the mechanism in token or -1 + * (which implies that the token was bad - GSS_S_DEFECTIVE_TOKEN + */ + +ssize_t +gssapi_krb5_get_mech (const u_char *ptr, + size_t total_len, + const u_char **mech_ret) +{ + size_t len, len_len, mech_len, foo; + const u_char *p = ptr; + int e; + + if (total_len < 1) + return -1; + if (*p++ != 0x60) + return -1; + e = der_get_length (p, total_len - 1, &len, &len_len); + if (e || 1 + len_len + len != total_len) + return -1; + p += len_len; + if (*p++ != 0x06) + return -1; + e = der_get_length (p, total_len - 1 - len_len - 1, + &mech_len, &foo); + if (e) + return -1; + p += foo; + *mech_ret = p; + return mech_len; +} + +OM_uint32 +_gssapi_verify_mech_header(u_char **str, + size_t total_len, + gss_OID mech) +{ + const u_char *p; + ssize_t mech_len; + + mech_len = gssapi_krb5_get_mech (*str, total_len, &p); + if (mech_len < 0) + return GSS_S_DEFECTIVE_TOKEN; + + if (mech_len != mech->length) + return GSS_S_BAD_MECH; + if (memcmp(p, + mech->elements, + mech->length) != 0) + return GSS_S_BAD_MECH; + p += mech_len; + *str = rk_UNCONST(p); + return GSS_S_COMPLETE; +} + +OM_uint32 +gssapi_krb5_verify_header(u_char **str, + size_t total_len, + const u_char *type, + gss_OID oid) +{ + OM_uint32 ret; + size_t len; + u_char *p = *str; + + ret = _gssapi_verify_mech_header(str, total_len, oid); + if (ret) + return ret; + + len = total_len - (*str - p); + + if (len < 2) + return GSS_S_DEFECTIVE_TOKEN; + + if (memcmp (*str, type, 2) != 0) + return GSS_S_DEFECTIVE_TOKEN; + *str += 2; + + return 0; +} + +/* + * Remove the GSS-API wrapping from `in_token' giving `out_data. + * Does not copy data, so just free `in_token'. + */ + +OM_uint32 +_gssapi_decapsulate( + OM_uint32 *minor_status, + gss_buffer_t input_token_buffer, + krb5_data *out_data, + const gss_OID mech +) +{ + u_char *p; + OM_uint32 ret; + + p = input_token_buffer->value; + ret = _gssapi_verify_mech_header(&p, + input_token_buffer->length, + mech); + if (ret) { + *minor_status = 0; + return ret; + } + + out_data->length = input_token_buffer->length - + (p - (u_char *)input_token_buffer->value); + out_data->data = p; + return GSS_S_COMPLETE; +} + +/* + * Remove the GSS-API wrapping from `in_token' giving `out_data. + * Does not copy data, so just free `in_token'. + */ + +OM_uint32 +gssapi_krb5_decapsulate(OM_uint32 *minor_status, + gss_buffer_t input_token_buffer, + krb5_data *out_data, + const char *type, + gss_OID oid) +{ + u_char *p; + OM_uint32 ret; + + p = input_token_buffer->value; + ret = gssapi_krb5_verify_header(&p, + input_token_buffer->length, + type, + oid); + if (ret) { + *minor_status = 0; + return ret; + } + + out_data->length = input_token_buffer->length - + (p - (u_char *)input_token_buffer->value); + out_data->data = p; + return GSS_S_COMPLETE; +} + +/* + * Verify padding of a gss wrapped message and return its length. + */ + +OM_uint32 +_gssapi_verify_pad(gss_buffer_t wrapped_token, + size_t datalen, + size_t *padlen) +{ + u_char *pad; + size_t padlength; + int i; + + pad = (u_char *)wrapped_token->value + wrapped_token->length - 1; + padlength = *pad; + + if (padlength > datalen) + return GSS_S_BAD_MECH; + + for (i = padlength; i > 0 && *pad == padlength; i--, pad--) + ; + if (i != 0) + return GSS_S_BAD_MIC; + + *padlen = padlength; + + return 0; +} diff --git a/source4/heimdal/lib/gssapi/delete_sec_context.c b/source4/heimdal/lib/gssapi/delete_sec_context.c new file mode 100644 index 0000000000..83658fa76c --- /dev/null +++ b/source4/heimdal/lib/gssapi/delete_sec_context.c @@ -0,0 +1,77 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: delete_sec_context.c,v 1.15 2005/04/27 17:48:17 lha Exp $"); + +OM_uint32 gss_delete_sec_context + (OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + gss_buffer_t output_token + ) +{ + GSSAPI_KRB5_INIT (); + + if (output_token) { + output_token->length = 0; + output_token->value = NULL; + } + + HEIMDAL_MUTEX_lock(&(*context_handle)->ctx_id_mutex); + + krb5_auth_con_free (gssapi_krb5_context, + (*context_handle)->auth_context); + if((*context_handle)->source) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->source); + if((*context_handle)->target) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->target); + if ((*context_handle)->ticket) + krb5_free_ticket (gssapi_krb5_context, + (*context_handle)->ticket); + if ((*context_handle)->service_keyblock) + krb5_free_keyblock (gssapi_krb5_context, + (*context_handle)->service_keyblock); + if((*context_handle)->order) + _gssapi_msg_order_destroy(&(*context_handle)->order); + + HEIMDAL_MUTEX_unlock(&(*context_handle)->ctx_id_mutex); + HEIMDAL_MUTEX_destroy(&(*context_handle)->ctx_id_mutex); + memset(*context_handle, 0, sizeof(**context_handle)); + free (*context_handle); + *context_handle = GSS_C_NO_CONTEXT; + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/display_name.c b/source4/heimdal/lib/gssapi/display_name.c new file mode 100644 index 0000000000..27a232fd3c --- /dev/null +++ b/source4/heimdal/lib/gssapi/display_name.c @@ -0,0 +1,73 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: display_name.c,v 1.9 2003/03/16 17:46:11 lha Exp $"); + +OM_uint32 gss_display_name + (OM_uint32 * minor_status, + const gss_name_t input_name, + gss_buffer_t output_name_buffer, + gss_OID * output_name_type + ) +{ + krb5_error_code kret; + char *buf; + size_t len; + + GSSAPI_KRB5_INIT (); + kret = krb5_unparse_name (gssapi_krb5_context, + input_name, + &buf); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + len = strlen (buf); + output_name_buffer->length = len; + output_name_buffer->value = malloc(len + 1); + if (output_name_buffer->value == NULL) { + free (buf); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy (output_name_buffer->value, buf, len); + ((char *)output_name_buffer->value)[len] = '\0'; + free (buf); + if (output_name_type) + *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME; + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/display_status.c b/source4/heimdal/lib/gssapi/display_status.c new file mode 100644 index 0000000000..2c84628266 --- /dev/null +++ b/source4/heimdal/lib/gssapi/display_status.c @@ -0,0 +1,208 @@ +/* + * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: display_status.c,v 1.12 2005/03/16 13:15:03 lha Exp $"); + +static char * +calling_error(OM_uint32 v) +{ + static char *msgs[] = { + NULL, /* 0 */ + "A required input parameter could not be read.", /* */ + "A required output parameter could not be written.", /* */ + "A parameter was malformed" + }; + + v >>= GSS_C_CALLING_ERROR_OFFSET; + + if (v == 0) + return ""; + else if (v >= sizeof(msgs)/sizeof(*msgs)) + return "unknown calling error"; + else + return msgs[v]; +} + +static char * +routine_error(OM_uint32 v) +{ + static char *msgs[] = { + NULL, /* 0 */ + "An unsupported mechanism was requested", + "An invalid name was supplied", + "A supplied name was of an unsupported type", + "Incorrect channel bindings were supplied", + "An invalid status code was supplied", + "A token had an invalid MIC", + "No credentials were supplied, " + "or the credentials were unavailable or inaccessible.", + "No context has been established", + "A token was invalid", + "A credential was invalid", + "The referenced credentials have expired", + "The context has expired", + "Miscellaneous failure (see text)", + "The quality-of-protection requested could not be provide", + "The operation is forbidden by local security policy", + "The operation or option is not available", + "The requested credential element already exists", + "The provided name was not a mechanism name.", + }; + + v >>= GSS_C_ROUTINE_ERROR_OFFSET; + + if (v == 0) + return ""; + else if (v >= sizeof(msgs)/sizeof(*msgs)) + return "unknown routine error"; + else + return msgs[v]; +} + +static char * +supplementary_error(OM_uint32 v) +{ + static char *msgs[] = { + "normal completion", + "continuation call to routine required", + "duplicate per-message token detected", + "timed-out per-message token detected", + "reordered (early) per-message token detected", + "skipped predecessor token(s) detected" + }; + + v >>= GSS_C_SUPPLEMENTARY_OFFSET; + + if (v >= sizeof(msgs)/sizeof(*msgs)) + return "unknown routine error"; + else + return msgs[v]; +} + +void +gssapi_krb5_set_error_string (void) +{ + struct gssapi_thr_context *ctx = gssapi_get_thread_context(1); + char *e; + + if (ctx == NULL) + return; + HEIMDAL_MUTEX_lock(&ctx->mutex); + if (ctx->error_string) + free(ctx->error_string); + e = krb5_get_error_string(gssapi_krb5_context); + if (e == NULL) + ctx->error_string = NULL; + else { + /* ignore failures, will use status code instead */ + ctx->error_string = strdup(e); + krb5_free_error_string(gssapi_krb5_context, e); + } + HEIMDAL_MUTEX_unlock(&ctx->mutex); +} + +char * +gssapi_krb5_get_error_string (void) +{ + struct gssapi_thr_context *ctx = gssapi_get_thread_context(0); + char *ret; + + if (ctx == NULL) + return NULL; + HEIMDAL_MUTEX_lock(&ctx->mutex); + ret = ctx->error_string; + ctx->error_string = NULL; + HEIMDAL_MUTEX_unlock(&ctx->mutex); + return ret; +} + +OM_uint32 gss_display_status + (OM_uint32 *minor_status, + OM_uint32 status_value, + int status_type, + const gss_OID mech_type, + OM_uint32 *message_context, + gss_buffer_t status_string) +{ + char *buf; + + GSSAPI_KRB5_INIT (); + + status_string->length = 0; + status_string->value = NULL; + + if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 && + gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) { + *minor_status = 0; + return GSS_C_GSS_CODE; + } + + if (status_type == GSS_C_GSS_CODE) { + if (GSS_SUPPLEMENTARY_INFO(status_value)) + asprintf(&buf, "%s", + supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value))); + else + asprintf (&buf, "%s %s", + calling_error(GSS_CALLING_ERROR(status_value)), + routine_error(GSS_ROUTINE_ERROR(status_value))); + } else if (status_type == GSS_C_MECH_CODE) { + buf = gssapi_krb5_get_error_string (); + if (buf == NULL) { + const char *tmp = krb5_get_err_text (gssapi_krb5_context, + status_value); + if (tmp == NULL) + asprintf(&buf, "unknown mech error-code %u", + (unsigned)status_value); + else + buf = strdup(tmp); + } + } else { + *minor_status = EINVAL; + return GSS_S_BAD_STATUS; + } + + if (buf == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + *message_context = 0; + *minor_status = 0; + + status_string->length = strlen(buf); + status_string->value = buf; + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/duplicate_name.c b/source4/heimdal/lib/gssapi/duplicate_name.c new file mode 100644 index 0000000000..2b54e90ec8 --- /dev/null +++ b/source4/heimdal/lib/gssapi/duplicate_name.c @@ -0,0 +1,59 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: duplicate_name.c,v 1.7 2003/03/16 17:44:26 lha Exp $"); + +OM_uint32 gss_duplicate_name ( + OM_uint32 * minor_status, + const gss_name_t src_name, + gss_name_t * dest_name + ) +{ + krb5_error_code kret; + + GSSAPI_KRB5_INIT (); + + kret = krb5_copy_principal (gssapi_krb5_context, + src_name, + dest_name); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } else { + *minor_status = 0; + return GSS_S_COMPLETE; + } +} diff --git a/source4/heimdal/lib/gssapi/encapsulate.c b/source4/heimdal/lib/gssapi/encapsulate.c new file mode 100644 index 0000000000..4d488a6c42 --- /dev/null +++ b/source4/heimdal/lib/gssapi/encapsulate.c @@ -0,0 +1,153 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: encapsulate.c,v 1.8 2003/09/04 18:08:55 lha Exp $"); + +void +_gssapi_encap_length (size_t data_len, + size_t *len, + size_t *total_len, + const gss_OID mech) +{ + size_t len_len; + + *len = 1 + 1 + mech->length + data_len; + + len_len = length_len(*len); + + *total_len = 1 + len_len + *len; +} + +void +gssapi_krb5_encap_length (size_t data_len, + size_t *len, + size_t *total_len, + const gss_OID mech) +{ + _gssapi_encap_length(data_len + 2, len, total_len, mech); +} + +u_char * +gssapi_krb5_make_header (u_char *p, + size_t len, + const u_char *type, + const gss_OID mech) +{ + p = _gssapi_make_mech_header(p, len, mech); + memcpy (p, type, 2); + p += 2; + return p; +} + +u_char * +_gssapi_make_mech_header(u_char *p, + size_t len, + const gss_OID mech) +{ + int e; + size_t len_len, foo; + + *p++ = 0x60; + len_len = length_len(len); + e = der_put_length (p + len_len - 1, len_len, len, &foo); + if(e || foo != len_len) + abort (); + p += len_len; + *p++ = 0x06; + *p++ = mech->length; + memcpy (p, mech->elements, mech->length); + p += mech->length; + return p; +} + +/* + * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings. + */ + +OM_uint32 +_gssapi_encapsulate( + OM_uint32 *minor_status, + const krb5_data *in_data, + gss_buffer_t output_token, + const gss_OID mech +) +{ + size_t len, outer_len; + u_char *p; + + _gssapi_encap_length (in_data->length, &len, &outer_len, mech); + + output_token->length = outer_len; + output_token->value = malloc (outer_len); + if (output_token->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = _gssapi_make_mech_header (output_token->value, len, mech); + memcpy (p, in_data->data, in_data->length); + return GSS_S_COMPLETE; +} + +/* + * Give it a krb5_data and it will encapsulate with extra GSS-API krb5 + * wrappings. + */ + +OM_uint32 +gssapi_krb5_encapsulate( + OM_uint32 *minor_status, + const krb5_data *in_data, + gss_buffer_t output_token, + const u_char *type, + const gss_OID mech +) +{ + size_t len, outer_len; + u_char *p; + + gssapi_krb5_encap_length (in_data->length, &len, &outer_len, mech); + + output_token->length = outer_len; + output_token->value = malloc (outer_len); + if (output_token->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = gssapi_krb5_make_header (output_token->value, len, type, mech); + memcpy (p, in_data->data, in_data->length); + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/external.c b/source4/heimdal/lib/gssapi/external.c new file mode 100644 index 0000000000..f3e97181e6 --- /dev/null +++ b/source4/heimdal/lib/gssapi/external.c @@ -0,0 +1,270 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: external.c,v 1.6 2003/09/08 15:34:19 lha Exp $"); + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x01"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant + * GSS_C_NT_USER_NAME should be initialized to point + * to that gss_OID_desc. + */ + +static gss_OID_desc gss_c_nt_user_name_oid_desc = +{10, (void *)"\x2a\x86\x48\x86\xf7\x12" + "\x01\x02\x01\x01"}; + +gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x02"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. + * The constant GSS_C_NT_MACHINE_UID_NAME should be + * initialized to point to that gss_OID_desc. + */ + +static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc = +{10, (void *)"\x2a\x86\x48\x86\xf7\x12" + "\x01\x02\x01\x02"}; + +gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x03"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. + * The constant GSS_C_NT_STRING_UID_NAME should be + * initialized to point to that gss_OID_desc. + */ + +static gss_OID_desc gss_c_nt_string_uid_name_oid_desc = +{10, (void *)"\x2a\x86\x48\x86\xf7\x12" + "\x01\x02\x01\x03"}; + +gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, + * corresponding to an object-identifier value of + * {iso(1) org(3) dod(6) internet(1) security(5) + * nametypes(6) gss-host-based-services(2)). The constant + * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point + * to that gss_OID_desc. This is a deprecated OID value, and + * implementations wishing to support hostbased-service names + * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, + * defined below, to identify such names; + * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym + * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input + * parameter, but should not be emitted by GSS-API + * implementations + */ + +static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc = +{6, (void *)"\x2b\x06\x01\x05\x06\x02"}; + +gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x04"}, corresponding to an + * object-identifier value of {iso(1) member-body(2) + * Unites States(840) mit(113554) infosys(1) gssapi(2) + * generic(1) service_name(4)}. The constant + * GSS_C_NT_HOSTBASED_SERVICE should be initialized + * to point to that gss_OID_desc. + */ +static gss_OID_desc gss_c_nt_hostbased_service_oid_desc = +{10, (void *)"\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04"}; + +gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, + * corresponding to an object identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 3(gss-anonymous-name)}. The constant + * and GSS_C_NT_ANONYMOUS should be initialized to point + * to that gss_OID_desc. + */ + +static gss_OID_desc gss_c_nt_anonymous_oid_desc = +{6, (void *)"\x2b\x06\01\x05\x06\x03"}; + +gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, + * corresponding to an object-identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 4(gss-api-exported-name)}. The constant + * GSS_C_NT_EXPORT_NAME should be initialized to point + * to that gss_OID_desc. + */ + +static gss_OID_desc gss_c_nt_export_name_oid_desc = +{6, (void *)"\x2b\x06\x01\x05\x06\x04"}; + +gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc; + +/* + * This name form shall be represented by the Object Identifier {iso(1) + * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) + * krb5(2) krb5_name(1)}. The recommended symbolic name for this type + * is "GSS_KRB5_NT_PRINCIPAL_NAME". + */ + +static gss_OID_desc gss_krb5_nt_principal_name_oid_desc = +{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"}; + +gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc; + +/* + * This name form shall be represented by the Object Identifier {iso(1) + * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) + * generic(1) user_name(1)}. The recommended symbolic name for this + * type is "GSS_KRB5_NT_USER_NAME". + */ + +gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; + +/* + * This name form shall be represented by the Object Identifier {iso(1) + * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) + * generic(1) machine_uid_name(2)}. The recommended symbolic name for + * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". + */ + +gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; + +/* + * This name form shall be represented by the Object Identifier {iso(1) + * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) + * generic(1) string_uid_name(3)}. The recommended symbolic name for + * this type is "GSS_KRB5_NT_STRING_UID_NAME". + */ + +gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; + +/* + * To support ongoing experimentation, testing, and evolution of the + * specification, the Kerberos V5 GSS-API mechanism as defined in this + * and any successor memos will be identified with the following Object + * Identifier, as defined in RFC-1510, until the specification is + * advanced to the level of Proposed Standard RFC: + * + * {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)} + * + * Upon advancement to the level of Proposed Standard RFC, the Kerberos + * V5 GSS-API mechanism will be identified by an Object Identifier + * having the value: + * + * {iso(1) member-body(2) United States(840) mit(113554) infosys(1) + * gssapi(2) krb5(2)} + */ + +#if 0 /* This is the old OID */ + +static gss_OID_desc gss_krb5_mechanism_oid_desc = +{5, (void *)"\x2b\x05\x01\x05\x02"}; + +#endif + +static gss_OID_desc gss_krb5_mechanism_oid_desc = +{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; + +gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc; + +/* + * RFC2478, SPNEGO: + * The security mechanism of the initial + * negotiation token is identified by the Object Identifier + * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). + */ + +static gss_OID_desc gss_spnego_mechanism_oid_desc = +{6, (void *)"\x2b\x06\x01\x05\x05\x02"}; + +gss_OID GSS_SPNEGO_MECHANISM = &gss_spnego_mechanism_oid_desc; + +/* + * draft-ietf-cat-iakerb-09, IAKERB: + * The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance + * with the mechanism proposed by SPNEGO [7] for negotiating protocol + * variations, is: {iso(1) org(3) dod(6) internet(1) security(5) + * mechanisms(5) iakerb(10) iakerbProxyProtocol(1)}. The proposed + * mechanism ID for IAKERB minimum messages GSS-API Kerberos, in + * accordance with the mechanism proposed by SPNEGO for negotiating + * protocol variations, is: {iso(1) org(3) dod(6) internet(1) + * security(5) mechanisms(5) iakerb(10) + * iakerbMinimumMessagesProtocol(2)}. + */ + +static gss_OID_desc gss_iakerb_proxy_mechanism_oid_desc = +{7, (void *)"\x2b\x06\x01\x05\x05\x0a\x01"}; + +gss_OID GSS_IAKERB_PROXY_MECHANISM = &gss_iakerb_proxy_mechanism_oid_desc; + +static gss_OID_desc gss_iakerb_min_msg_mechanism_oid_desc = +{7, (void *)"\x2b\x06\x01\x05\x05\x0a\x02"}; + +gss_OID GSS_IAKERB_MIN_MSG_MECHANISM = &gss_iakerb_min_msg_mechanism_oid_desc; + +/* + * Context for krb5 calls. + */ + +krb5_context gssapi_krb5_context; diff --git a/source4/heimdal/lib/gssapi/get_mic.c b/source4/heimdal/lib/gssapi/get_mic.c new file mode 100644 index 0000000000..1c950e95d9 --- /dev/null +++ b/source4/heimdal/lib/gssapi/get_mic.c @@ -0,0 +1,302 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: get_mic.c,v 1.29 2005/01/05 02:52:12 lukeh Exp $"); + +static OM_uint32 +mic_des + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token, + krb5_keyblock *key + ) +{ + u_char *p; + MD5_CTX md5; + u_char hash[16]; + DES_key_schedule schedule; + DES_cblock deskey; + DES_cblock zero; + int32_t seq_number; + size_t len, total_len; + + gssapi_krb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM); + + message_token->length = total_len; + message_token->value = malloc (total_len); + if (message_token->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = gssapi_krb5_make_header(message_token->value, + len, + "\x01\x01", /* TOK_ID */ + GSS_KRB5_MECHANISM); + + memcpy (p, "\x00\x00", 2); /* SGN_ALG = DES MAC MD5 */ + p += 2; + + memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */ + p += 4; + + /* Fill in later (SND-SEQ) */ + memset (p, 0, 16); + p += 16; + + /* checksum */ + MD5_Init (&md5); + MD5_Update (&md5, p - 24, 8); + MD5_Update (&md5, message_buffer->value, message_buffer->length); + MD5_Final (hash, &md5); + + memset (&zero, 0, sizeof(zero)); + memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); + DES_set_key (&deskey, &schedule); + DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), + &schedule, &zero); + memcpy (p - 8, hash, 8); /* SGN_CKSUM */ + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + /* sequence number */ + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + &seq_number); + + p -= 16; /* SND_SEQ */ + p[0] = (seq_number >> 0) & 0xFF; + p[1] = (seq_number >> 8) & 0xFF; + p[2] = (seq_number >> 16) & 0xFF; + p[3] = (seq_number >> 24) & 0xFF; + memset (p + 4, + (context_handle->more_flags & LOCAL) ? 0 : 0xFF, + 4); + + DES_set_key (&deskey, &schedule); + DES_cbc_encrypt ((void *)p, (void *)p, 8, + &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT); + + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +static OM_uint32 +mic_des3 + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token, + krb5_keyblock *key + ) +{ + u_char *p; + Checksum cksum; + u_char seq[8]; + + int32_t seq_number; + size_t len, total_len; + + krb5_crypto crypto; + krb5_error_code kret; + krb5_data encdata; + char *tmp; + char ivec[8]; + + gssapi_krb5_encap_length (36, &len, &total_len, GSS_KRB5_MECHANISM); + + message_token->length = total_len; + message_token->value = malloc (total_len); + if (message_token->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = gssapi_krb5_make_header(message_token->value, + len, + "\x01\x01", /* TOK-ID */ + GSS_KRB5_MECHANISM); + + memcpy (p, "\x04\x00", 2); /* SGN_ALG = HMAC SHA1 DES3-KD */ + p += 2; + + memcpy (p, "\xff\xff\xff\xff", 4); /* filler */ + p += 4; + + /* this should be done in parts */ + + tmp = malloc (message_buffer->length + 8); + if (tmp == NULL) { + free (message_token->value); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy (tmp, p - 8, 8); + memcpy (tmp + 8, message_buffer->value, message_buffer->length); + + kret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); + if (kret) { + free (message_token->value); + free (tmp); + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_create_checksum (gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SIGN, + 0, + tmp, + message_buffer->length + 8, + &cksum); + free (tmp); + krb5_crypto_destroy (gssapi_krb5_context, crypto); + if (kret) { + free (message_token->value); + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + memcpy (p + 8, cksum.checksum.data, cksum.checksum.length); + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + /* sequence number */ + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + &seq_number); + + seq[0] = (seq_number >> 0) & 0xFF; + seq[1] = (seq_number >> 8) & 0xFF; + seq[2] = (seq_number >> 16) & 0xFF; + seq[3] = (seq_number >> 24) & 0xFF; + memset (seq + 4, + (context_handle->more_flags & LOCAL) ? 0 : 0xFF, + 4); + + kret = krb5_crypto_init(gssapi_krb5_context, key, + ETYPE_DES3_CBC_NONE, &crypto); + if (kret) { + free (message_token->value); + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + if (context_handle->more_flags & COMPAT_OLD_DES3) + memset(ivec, 0, 8); + else + memcpy(ivec, p + 8, 8); + + kret = krb5_encrypt_ivec (gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + seq, 8, &encdata, ivec); + krb5_crypto_destroy (gssapi_krb5_context, crypto); + if (kret) { + free (message_token->value); + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + assert (encdata.length == 8); + + memcpy (p, encdata.data, encdata.length); + krb5_data_free (&encdata); + + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + free_Checksum (&cksum); + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 gss_get_mic + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token + ) +{ + krb5_keyblock *key; + OM_uint32 ret; + krb5_keytype keytype; + + ret = gss_krb5_get_subkey(context_handle, &key); + if (ret) { + gssapi_krb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); + + switch (keytype) { + case KEYTYPE_DES : + ret = mic_des (minor_status, context_handle, qop_req, + message_buffer, message_token, key); + break; + case KEYTYPE_DES3 : + ret = mic_des3 (minor_status, context_handle, qop_req, + message_buffer, message_token, key); + break; + case KEYTYPE_ARCFOUR: + case KEYTYPE_ARCFOUR_56: + ret = _gssapi_get_mic_arcfour (minor_status, context_handle, qop_req, + message_buffer, message_token, key); + break; + default : + ret = _gssapi_mic_cfx (minor_status, context_handle, qop_req, + message_buffer, message_token, key); + break; + } + krb5_free_keyblock (gssapi_krb5_context, key); + return ret; +} diff --git a/source4/heimdal/lib/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi.h new file mode 100644 index 0000000000..5712581d3f --- /dev/null +++ b/source4/heimdal/lib/gssapi/gssapi.h @@ -0,0 +1,826 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: gssapi.h,v 1.37 2005/02/21 08:48:15 lukeh Exp $ */ + +#ifndef GSSAPI_H_ +#define GSSAPI_H_ + +/* + * First, include stddef.h to get size_t defined. + */ +#include + +#include + +/* + * Now define the three implementation-dependent types. + */ + +typedef u_int32_t OM_uint32; + +typedef u_int32_t gss_uint32; + +/* + * This is to avoid having to include + */ + +struct krb5_auth_context_data; + +struct Principal; + +/* typedef void *gss_name_t; */ + +typedef struct Principal *gss_name_t; + +struct gss_ctx_id_t_desc_struct; +typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t; + +typedef struct gss_OID_desc_struct { + OM_uint32 length; + void *elements; +} gss_OID_desc, *gss_OID; + +typedef struct gss_OID_set_desc_struct { + size_t count; + gss_OID elements; +} gss_OID_set_desc, *gss_OID_set; + +struct krb5_keytab_data; + +struct krb5_ccache_data; + +typedef int gss_cred_usage_t; + +struct gss_cred_id_t_desc_struct; +typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t; + +typedef struct gss_buffer_desc_struct { + size_t length; + void *value; +} gss_buffer_desc, *gss_buffer_t; + +typedef struct gss_channel_bindings_struct { + OM_uint32 initiator_addrtype; + gss_buffer_desc initiator_address; + OM_uint32 acceptor_addrtype; + gss_buffer_desc acceptor_address; + gss_buffer_desc application_data; +} *gss_channel_bindings_t; + +/* + * For now, define a QOP-type as an OM_uint32 + */ +typedef OM_uint32 gss_qop_t; + +/* + * Flag bits for context-level services. + */ +#define GSS_C_DELEG_FLAG 1 /* 0x00000001 */ +#define GSS_C_MUTUAL_FLAG 2 /* 0x00000002 */ +#define GSS_C_REPLAY_FLAG 4 /* 0x00000004 */ +#define GSS_C_SEQUENCE_FLAG 8 /* 0x00000008 */ +#define GSS_C_CONF_FLAG 16 /* 0x00000010 */ +#define GSS_C_INTEG_FLAG 32 /* 0x00000020 */ +#define GSS_C_ANON_FLAG 64 /* 0x00000040 */ +#define GSS_C_PROT_READY_FLAG 128 /* 0x00000080 */ +#define GSS_C_TRANS_FLAG 256 /* 0x00000100 */ + +/* these are from draft-brezak-win2k-krb-rc4-hmac-04.txt */ +#define GSS_C_DCE_STYLE 4096 /* 0x00001000 */ +#define GSS_C_IDENTIFY_FLAG 8192 /* 0x00002000 */ +#define GSS_C_EXTENDED_ERROR_FLAG 16384 /* 0x00004000 */ + +/* + * Credential usage options + */ +#define GSS_C_BOTH 0 +#define GSS_C_INITIATE 1 +#define GSS_C_ACCEPT 2 + +/* + * Status code types for gss_display_status + */ +#define GSS_C_GSS_CODE 1 +#define GSS_C_MECH_CODE 2 + +/* + * The constant definitions for channel-bindings address families + */ +#define GSS_C_AF_UNSPEC 0 +#define GSS_C_AF_LOCAL 1 +#define GSS_C_AF_INET 2 +#define GSS_C_AF_IMPLINK 3 +#define GSS_C_AF_PUP 4 +#define GSS_C_AF_CHAOS 5 +#define GSS_C_AF_NS 6 +#define GSS_C_AF_NBS 7 +#define GSS_C_AF_ECMA 8 +#define GSS_C_AF_DATAKIT 9 +#define GSS_C_AF_CCITT 10 +#define GSS_C_AF_SNA 11 +#define GSS_C_AF_DECnet 12 +#define GSS_C_AF_DLI 13 +#define GSS_C_AF_LAT 14 +#define GSS_C_AF_HYLINK 15 +#define GSS_C_AF_APPLETALK 16 +#define GSS_C_AF_BSC 17 +#define GSS_C_AF_DSS 18 +#define GSS_C_AF_OSI 19 +#define GSS_C_AF_X25 21 +#define GSS_C_AF_INET6 24 + +#define GSS_C_AF_NULLADDR 255 + +/* + * Various Null values + */ +#define GSS_C_NO_NAME ((gss_name_t) 0) +#define GSS_C_NO_BUFFER ((gss_buffer_t) 0) +#define GSS_C_NO_OID ((gss_OID) 0) +#define GSS_C_NO_OID_SET ((gss_OID_set) 0) +#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) +#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) +#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) +#define GSS_C_EMPTY_BUFFER {0, NULL} + +/* + * Some alternate names for a couple of the above + * values. These are defined for V1 compatibility. + */ +#define GSS_C_NULL_OID GSS_C_NO_OID +#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET + +/* + * Define the default Quality of Protection for per-message + * services. Note that an implementation that offers multiple + * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero + * (as done here) to mean "default protection", or to a specific + * explicit QOP value. However, a value of 0 should always be + * interpreted by a GSSAPI implementation as a request for the + * default protection level. + */ +#define GSS_C_QOP_DEFAULT 0 + +#define GSS_KRB5_CONF_C_QOP_DES 0x0100 +#define GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200 + +/* + * Expiration time of 2^32-1 seconds means infinite lifetime for a + * credential or security context + */ +#define GSS_C_INDEFINITE 0xfffffffful + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x01"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant + * GSS_C_NT_USER_NAME should be initialized to point + * to that gss_OID_desc. + */ +extern gss_OID GSS_C_NT_USER_NAME; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x02"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. + * The constant GSS_C_NT_MACHINE_UID_NAME should be + * initialized to point to that gss_OID_desc. + */ +extern gss_OID GSS_C_NT_MACHINE_UID_NAME; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x03"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. + * The constant GSS_C_NT_STRING_UID_NAME should be + * initialized to point to that gss_OID_desc. + */ +extern gss_OID GSS_C_NT_STRING_UID_NAME; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, + * corresponding to an object-identifier value of + * {iso(1) org(3) dod(6) internet(1) security(5) + * nametypes(6) gss-host-based-services(2)). The constant + * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point + * to that gss_OID_desc. This is a deprecated OID value, and + * implementations wishing to support hostbased-service names + * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, + * defined below, to identify such names; + * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym + * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input + * parameter, but should not be emitted by GSS-API + * implementations + */ +extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x04"}, corresponding to an + * object-identifier value of {iso(1) member-body(2) + * Unites States(840) mit(113554) infosys(1) gssapi(2) + * generic(1) service_name(4)}. The constant + * GSS_C_NT_HOSTBASED_SERVICE should be initialized + * to point to that gss_OID_desc. + */ +extern gss_OID GSS_C_NT_HOSTBASED_SERVICE; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, + * corresponding to an object identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 3(gss-anonymous-name)}. The constant + * and GSS_C_NT_ANONYMOUS should be initialized to point + * to that gss_OID_desc. + */ +extern gss_OID GSS_C_NT_ANONYMOUS; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, + * corresponding to an object-identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 4(gss-api-exported-name)}. The constant + * GSS_C_NT_EXPORT_NAME should be initialized to point + * to that gss_OID_desc. + */ +extern gss_OID GSS_C_NT_EXPORT_NAME; + +/* + * RFC2478, SPNEGO: + * The security mechanism of the initial + * negotiation token is identified by the Object Identifier + * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). + */ +extern gss_OID GSS_SPNEGO_MECHANISM; + +/* + * This if for kerberos5 names. + */ + +extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME; +extern gss_OID GSS_KRB5_NT_USER_NAME; +extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME; +extern gss_OID GSS_KRB5_NT_STRING_UID_NAME; + +extern gss_OID GSS_KRB5_MECHANISM; + +/* for compatibility with MIT api */ + +#define gss_mech_krb5 GSS_KRB5_MECHANISM +#define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME + +/* Major status codes */ + +#define GSS_S_COMPLETE 0 + +/* + * Some "helper" definitions to make the status code macros obvious. + */ +#define GSS_C_CALLING_ERROR_OFFSET 24 +#define GSS_C_ROUTINE_ERROR_OFFSET 16 +#define GSS_C_SUPPLEMENTARY_OFFSET 0 +#define GSS_C_CALLING_ERROR_MASK 0377ul +#define GSS_C_ROUTINE_ERROR_MASK 0377ul +#define GSS_C_SUPPLEMENTARY_MASK 0177777ul + +/* + * The macros that test status codes for error conditions. + * Note that the GSS_ERROR() macro has changed slightly from + * the V1 GSSAPI so that it now evaluates its argument + * only once. + */ +#define GSS_CALLING_ERROR(x) \ + (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) +#define GSS_ROUTINE_ERROR(x) \ + (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) +#define GSS_SUPPLEMENTARY_INFO(x) \ + (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) +#define GSS_ERROR(x) \ + (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ + (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) + +/* + * Now the actual status code definitions + */ + +/* + * Calling errors: + */ +#define GSS_S_CALL_INACCESSIBLE_READ \ + (1ul << GSS_C_CALLING_ERROR_OFFSET) +#define GSS_S_CALL_INACCESSIBLE_WRITE \ + (2ul << GSS_C_CALLING_ERROR_OFFSET) +#define GSS_S_CALL_BAD_STRUCTURE \ + (3ul << GSS_C_CALLING_ERROR_OFFSET) + +/* + * Routine errors: + */ +#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET) + +#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_MIC GSS_S_BAD_SIG +#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET) + +/* + * Supplementary info bits: + */ +#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) +#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) +#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) +#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) +#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) + +/* + * From RFC1964: + * + * 4.1.1. Non-Kerberos-specific codes + */ + +#define GSS_KRB5_S_G_BAD_SERVICE_NAME 1 + /* "No @ in SERVICE-NAME name string" */ +#define GSS_KRB5_S_G_BAD_STRING_UID 2 + /* "STRING-UID-NAME contains nondigits" */ +#define GSS_KRB5_S_G_NOUSER 3 + /* "UID does not resolve to username" */ +#define GSS_KRB5_S_G_VALIDATE_FAILED 4 + /* "Validation error" */ +#define GSS_KRB5_S_G_BUFFER_ALLOC 5 + /* "Couldn't allocate gss_buffer_t data" */ +#define GSS_KRB5_S_G_BAD_MSG_CTX 6 + /* "Message context invalid" */ +#define GSS_KRB5_S_G_WRONG_SIZE 7 + /* "Buffer is the wrong size" */ +#define GSS_KRB5_S_G_BAD_USAGE 8 + /* "Credential usage type is unknown" */ +#define GSS_KRB5_S_G_UNKNOWN_QOP 9 + /* "Unknown quality of protection specified" */ + + /* + * 4.1.2. Kerberos-specific-codes + */ + +#define GSS_KRB5_S_KG_CCACHE_NOMATCH 10 + /* "Principal in credential cache does not match desired name" */ +#define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11 + /* "No principal in keytab matches desired name" */ +#define GSS_KRB5_S_KG_TGT_MISSING 12 + /* "Credential cache has no TGT" */ +#define GSS_KRB5_S_KG_NO_SUBKEY 13 + /* "Authenticator has no subkey" */ +#define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14 + /* "Context is already fully established" */ +#define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15 + /* "Unknown signature type in token" */ +#define GSS_KRB5_S_KG_BAD_LENGTH 16 + /* "Invalid field length in token" */ +#define GSS_KRB5_S_KG_CTX_INCOMPLETE 17 + /* "Attempt to use incomplete security context" */ + +/* + * Finally, function prototypes for the GSS-API routines. + */ + + +OM_uint32 gss_acquire_cred + (OM_uint32 * /*minor_status*/, + const gss_name_t /*desired_name*/, + OM_uint32 /*time_req*/, + const gss_OID_set /*desired_mechs*/, + gss_cred_usage_t /*cred_usage*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * /*time_rec*/ + ); + +OM_uint32 gss_release_cred + (OM_uint32 * /*minor_status*/, + gss_cred_id_t * /*cred_handle*/ + ); + +OM_uint32 gss_init_sec_context + (OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*initiator_cred_handle*/, + gss_ctx_id_t * /*context_handle*/, + const gss_name_t /*target_name*/, + const gss_OID /*mech_type*/, + OM_uint32 /*req_flags*/, + OM_uint32 /*time_req*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + const gss_buffer_t /*input_token*/, + gss_OID * /*actual_mech_type*/, + gss_buffer_t /*output_token*/, + OM_uint32 * /*ret_flags*/, + OM_uint32 * /*time_rec*/ + ); + +OM_uint32 gss_accept_sec_context + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + const gss_cred_id_t /*acceptor_cred_handle*/, + const gss_buffer_t /*input_token_buffer*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + gss_name_t * /*src_name*/, + gss_OID * /*mech_type*/, + gss_buffer_t /*output_token*/, + OM_uint32 * /*ret_flags*/, + OM_uint32 * /*time_rec*/, + gss_cred_id_t * /*delegated_cred_handle*/ + ); + +OM_uint32 gss_process_context_token + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t /*token_buffer*/ + ); + +OM_uint32 gss_delete_sec_context + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + gss_buffer_t /*output_token*/ + ); + +OM_uint32 gss_context_time + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + OM_uint32 * /*time_rec*/ + ); + +OM_uint32 gss_get_mic + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*message_buffer*/, + gss_buffer_t /*message_token*/ + ); + +OM_uint32 gss_verify_mic + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t /*message_buffer*/, + const gss_buffer_t /*token_buffer*/, + gss_qop_t * /*qop_state*/ + ); + +OM_uint32 gss_wrap + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*input_message_buffer*/, + int * /*conf_state*/, + gss_buffer_t /*output_message_buffer*/ + ); + +OM_uint32 gss_unwrap + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*output_message_buffer*/, + int * /*conf_state*/, + gss_qop_t * /*qop_state*/ + ); + +OM_uint32 gss_display_status + (OM_uint32 * /*minor_status*/, + OM_uint32 /*status_value*/, + int /*status_type*/, + const gss_OID /*mech_type*/, + OM_uint32 * /*message_context*/, + gss_buffer_t /*status_string*/ + ); + +OM_uint32 gss_indicate_mechs + (OM_uint32 * /*minor_status*/, + gss_OID_set * /*mech_set*/ + ); + +OM_uint32 gss_compare_name + (OM_uint32 * /*minor_status*/, + const gss_name_t /*name1*/, + const gss_name_t /*name2*/, + int * /*name_equal*/ + ); + +OM_uint32 gss_display_name + (OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_buffer_t /*output_name_buffer*/, + gss_OID * /*output_name_type*/ + ); + +OM_uint32 gss_import_name + (OM_uint32 * /*minor_status*/, + const gss_buffer_t /*input_name_buffer*/, + const gss_OID /*input_name_type*/, + gss_name_t * /*output_name*/ + ); + +OM_uint32 gss_export_name + (OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_buffer_t /*exported_name*/ + ); + +OM_uint32 gss_release_name + (OM_uint32 * /*minor_status*/, + gss_name_t * /*input_name*/ + ); + +OM_uint32 gss_release_buffer + (OM_uint32 * /*minor_status*/, + gss_buffer_t /*buffer*/ + ); + +OM_uint32 gss_release_oid_set + (OM_uint32 * /*minor_status*/, + gss_OID_set * /*set*/ + ); + +OM_uint32 gss_inquire_cred + (OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*cred_handle*/, + gss_name_t * /*name*/, + OM_uint32 * /*lifetime*/, + gss_cred_usage_t * /*cred_usage*/, + gss_OID_set * /*mechanisms*/ + ); + +OM_uint32 gss_inquire_context ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + gss_name_t * /*src_name*/, + gss_name_t * /*targ_name*/, + OM_uint32 * /*lifetime_rec*/, + gss_OID * /*mech_type*/, + OM_uint32 * /*ctx_flags*/, + int * /*locally_initiated*/, + int * /*open_context*/ + ); + +OM_uint32 gss_wrap_size_limit ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + OM_uint32 /*req_output_size*/, + OM_uint32 * /*max_input_size*/ + ); + +OM_uint32 gss_add_cred ( + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*input_cred_handle*/, + const gss_name_t /*desired_name*/, + const gss_OID /*desired_mech*/, + gss_cred_usage_t /*cred_usage*/, + OM_uint32 /*initiator_time_req*/, + OM_uint32 /*acceptor_time_req*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * /*initiator_time_rec*/, + OM_uint32 * /*acceptor_time_rec*/ + ); + +OM_uint32 gss_inquire_cred_by_mech ( + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*cred_handle*/, + const gss_OID /*mech_type*/, + gss_name_t * /*name*/, + OM_uint32 * /*initiator_lifetime*/, + OM_uint32 * /*acceptor_lifetime*/, + gss_cred_usage_t * /*cred_usage*/ + ); + +OM_uint32 gss_export_sec_context ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + gss_buffer_t /*interprocess_token*/ + ); + +OM_uint32 gss_import_sec_context ( + OM_uint32 * /*minor_status*/, + const gss_buffer_t /*interprocess_token*/, + gss_ctx_id_t * /*context_handle*/ + ); + +OM_uint32 gss_create_empty_oid_set ( + OM_uint32 * /*minor_status*/, + gss_OID_set * /*oid_set*/ + ); + +OM_uint32 gss_add_oid_set_member ( + OM_uint32 * /*minor_status*/, + const gss_OID /*member_oid*/, + gss_OID_set * /*oid_set*/ + ); + +OM_uint32 gss_test_oid_set_member ( + OM_uint32 * /*minor_status*/, + const gss_OID /*member*/, + const gss_OID_set /*set*/, + int * /*present*/ + ); + +OM_uint32 gss_inquire_names_for_mech ( + OM_uint32 * /*minor_status*/, + const gss_OID /*mechanism*/, + gss_OID_set * /*name_types*/ + ); + +OM_uint32 gss_inquire_mechs_for_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_OID_set * /*mech_types*/ + ); + +OM_uint32 gss_canonicalize_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + const gss_OID /*mech_type*/, + gss_name_t * /*output_name*/ + ); + +OM_uint32 gss_duplicate_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*src_name*/, + gss_name_t * /*dest_name*/ + ); + +/* + * The following routines are obsolete variants of gss_get_mic, + * gss_verify_mic, gss_wrap and gss_unwrap. They should be + * provided by GSSAPI V2 implementations for backwards + * compatibility with V1 applications. Distinct entrypoints + * (as opposed to #defines) should be provided, both to allow + * GSSAPI V1 applications to link against GSSAPI V2 implementations, + * and to retain the slight parameter type differences between the + * obsolete versions of these routines and their current forms. + */ + +OM_uint32 gss_sign + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*qop_req*/, + gss_buffer_t /*message_buffer*/, + gss_buffer_t /*message_token*/ + ); + +OM_uint32 gss_verify + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + gss_buffer_t /*message_buffer*/, + gss_buffer_t /*token_buffer*/, + int * /*qop_state*/ + ); + +OM_uint32 gss_seal + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + int /*qop_req*/, + gss_buffer_t /*input_message_buffer*/, + int * /*conf_state*/, + gss_buffer_t /*output_message_buffer*/ + ); + +OM_uint32 gss_unseal + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*output_message_buffer*/, + int * /*conf_state*/, + int * /*qop_state*/ + ); + +/* + * kerberos mechanism specific functions + */ + +OM_uint32 gsskrb5_acquire_cred + (OM_uint32 * minor_status, + struct krb5_keytab_data *keytab, + struct krb5_ccache_data *ccache, + const gss_name_t desired_name, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t * output_cred_handle, + gss_OID_set * actual_mechs, + OM_uint32 * time_rec + ); + +OM_uint32 +gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, + const char * /*name */, + const char ** /*out_name */); + +OM_uint32 gsskrb5_register_acceptor_identity + (const char */*identity*/); + +OM_uint32 gss_krb5_copy_ccache + (OM_uint32 */*minor*/, + gss_cred_id_t /*cred*/, + struct krb5_ccache_data */*out*/); + +OM_uint32 gss_krb5_copy_service_keyblock + (OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + struct EncryptionKey **out); + +OM_uint32 gss_krb5_get_tkt_flags + (OM_uint32 */*minor*/, + gss_ctx_id_t /*context_handle*/, + OM_uint32 */*tkt_flags*/); + +OM_uint32 +gsskrb5_extract_authz_data_from_sec_context + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*ad_type*/, + gss_buffer_t /*ad_data*/); +OM_uint32 +gsskrb5_get_initiator_subkey + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t context_handle, + gss_buffer_t /* subkey */); + +#define GSS_C_KRB5_COMPAT_DES3_MIC 1 + +OM_uint32 +gss_krb5_compat_des3_mic(OM_uint32 *, gss_ctx_id_t, int); + +#ifdef __cplusplus +} +#endif + +#endif /* GSSAPI_H_ */ diff --git a/source4/heimdal/lib/gssapi/gssapi_locl.h b/source4/heimdal/lib/gssapi/gssapi_locl.h new file mode 100644 index 0000000000..47a37e4657 --- /dev/null +++ b/source4/heimdal/lib/gssapi/gssapi_locl.h @@ -0,0 +1,295 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: gssapi_locl.h,v 1.40 2005/06/16 20:34:03 lha Exp $ */ + +#ifndef GSSAPI_LOCL_H +#define GSSAPI_LOCL_H + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include "cfx.h" +#include "arcfour.h" + +#include "spnego_asn1.h" + +/* + * + */ + +struct gss_msg_order; + +typedef struct gss_ctx_id_t_desc_struct { + struct krb5_auth_context_data *auth_context; + gss_name_t source, target; + enum gss_ctx_id_t_state { + INITIATOR_START = 1, INITIATOR_WAIT_FOR_MUTAL = 2, INITIATOR_READY= 3, + ACCEPTOR_START = 11, ACCEPTOR_WAIT_FOR_DCESTYLE = 12, ACCEPTOR_READY = 13 + } state; + OM_uint32 flags; + enum {LOCAL = 1, + OPEN = 2, + COMPAT_OLD_DES3 = 4, + COMPAT_OLD_DES3_SELECTED = 8, + ACCEPTOR_SUBKEY = 16 + } more_flags; + struct krb5_ticket *ticket; + krb5_keyblock *service_keyblock; + krb5_data fwd_data; + OM_uint32 lifetime; + HEIMDAL_MUTEX ctx_id_mutex; + struct gss_msg_order *order; +} gss_ctx_id_t_desc; + +typedef struct gss_cred_id_t_desc_struct { + gss_name_t principal; + krb5_boolean made_keytab; + struct krb5_keytab_data *keytab; + OM_uint32 lifetime; + gss_cred_usage_t usage; + gss_OID_set mechanisms; + krb5_boolean made_ccache; + struct krb5_ccache_data *ccache; + HEIMDAL_MUTEX cred_id_mutex; +} gss_cred_id_t_desc; + +/* + * + */ + +extern krb5_context gssapi_krb5_context; + +extern krb5_keytab gssapi_krb5_keytab; +extern HEIMDAL_MUTEX gssapi_keytab_mutex; + +struct gssapi_thr_context { + HEIMDAL_MUTEX mutex; + char *error_string; +}; + +/* + * Prototypes + */ + +krb5_error_code gssapi_krb5_init (void); + +#define GSSAPI_KRB5_INIT() do { \ + krb5_error_code kret_gss_init; \ + if((kret_gss_init = gssapi_krb5_init ()) != 0) { \ + *minor_status = kret_gss_init; \ + return GSS_S_FAILURE; \ + } \ +} while (0) + +struct gssapi_thr_context * +gssapi_get_thread_context(int); + +OM_uint32 +_gsskrb5_create_ctx( + OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + const gss_channel_bindings_t input_chan_bindings, + enum gss_ctx_id_t_state state); + +void +gsskrb5_is_cfx(gss_ctx_id_t, int *); + +OM_uint32 +gssapi_krb5_create_8003_checksum ( + OM_uint32 *minor_status, + const gss_channel_bindings_t input_chan_bindings, + OM_uint32 flags, + const krb5_data *fwd_data, + Checksum *result); + +OM_uint32 +gssapi_krb5_verify_8003_checksum ( + OM_uint32 *minor_status, + const gss_channel_bindings_t input_chan_bindings, + const Checksum *cksum, + OM_uint32 *flags, + krb5_data *fwd_data); + +void +_gssapi_encap_length (size_t data_len, + size_t *len, + size_t *total_len, + const gss_OID mech); + +void +gssapi_krb5_encap_length (size_t data_len, + size_t *len, + size_t *total_len, + const gss_OID mech); + + + +OM_uint32 +_gssapi_encapsulate(OM_uint32 *minor_status, + const krb5_data *in_data, + gss_buffer_t output_token, + const gss_OID mech); + + +OM_uint32 +gssapi_krb5_encapsulate(OM_uint32 *minor_status, + const krb5_data *in_data, + gss_buffer_t output_token, + const u_char *type, + const gss_OID mech); + +OM_uint32 +gssapi_krb5_decapsulate(OM_uint32 *minor_status, + gss_buffer_t input_token_buffer, + krb5_data *out_data, + const char *type, + gss_OID oid); + +u_char * +gssapi_krb5_make_header (u_char *p, + size_t len, + const u_char *type, + const gss_OID mech); + +u_char * +_gssapi_make_mech_header(u_char *p, + size_t len, + const gss_OID mech); + +OM_uint32 +_gssapi_verify_mech_header(u_char **str, + size_t total_len, + gss_OID oid); + +OM_uint32 +gssapi_krb5_verify_header(u_char **str, + size_t total_len, + const u_char *type, + gss_OID oid); + +OM_uint32 +_gssapi_decapsulate(OM_uint32 *minor_status, + gss_buffer_t input_token_buffer, + krb5_data *out_data, + const gss_OID mech); + + +ssize_t +gssapi_krb5_get_mech (const u_char *, size_t, const u_char **); + +OM_uint32 +_gssapi_verify_pad(gss_buffer_t, size_t, size_t *); + +OM_uint32 +gss_verify_mic_internal(OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state, + char * type); + +OM_uint32 +gss_krb5_get_subkey(const gss_ctx_id_t context_handle, + krb5_keyblock **key); + +krb5_error_code +gss_address_to_krb5addr(OM_uint32 gss_addr_type, + gss_buffer_desc *gss_addr, + int16_t port, + krb5_address *address); + +/* sec_context flags */ + +#define SC_LOCAL_ADDRESS 0x01 +#define SC_REMOTE_ADDRESS 0x02 +#define SC_KEYBLOCK 0x04 +#define SC_LOCAL_SUBKEY 0x08 +#define SC_REMOTE_SUBKEY 0x10 + +int +gss_oid_equal(const gss_OID a, const gss_OID b); + +void +gssapi_krb5_set_error_string (void); + +char * +gssapi_krb5_get_error_string (void); + +OM_uint32 +_gss_DES3_get_mic_compat(OM_uint32 *, gss_ctx_id_t); + +OM_uint32 +_gss_spnego_require_mechlist_mic(OM_uint32 *, gss_ctx_id_t, krb5_boolean *); + +krb5_error_code +_gss_check_compat(OM_uint32 *, gss_name_t, const char *, + krb5_boolean *, krb5_boolean); + +OM_uint32 +gssapi_lifetime_left(OM_uint32 *, OM_uint32, OM_uint32 *); + +/* sequence */ + +OM_uint32 +_gssapi_msg_order_create(OM_uint32 *, struct gss_msg_order **, + OM_uint32, OM_uint32, OM_uint32, int); +OM_uint32 +_gssapi_msg_order_destroy(struct gss_msg_order **); + +OM_uint32 +_gssapi_msg_order_check(struct gss_msg_order *, OM_uint32); + +OM_uint32 +_gssapi_msg_order_f(OM_uint32); + +/* 8003 */ + +krb5_error_code +gssapi_encode_om_uint32(OM_uint32, u_char *); + +krb5_error_code +gssapi_encode_be_om_uint32(OM_uint32, u_char *); + +krb5_error_code +gssapi_decode_om_uint32(u_char *, OM_uint32 *); + +krb5_error_code +gssapi_decode_be_om_uint32(u_char *, OM_uint32 *); + +#endif diff --git a/source4/heimdal/lib/gssapi/import_name.c b/source4/heimdal/lib/gssapi/import_name.c new file mode 100644 index 0000000000..423e757146 --- /dev/null +++ b/source4/heimdal/lib/gssapi/import_name.c @@ -0,0 +1,229 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: import_name.c,v 1.13 2003/03/16 17:33:31 lha Exp $"); + +static OM_uint32 +parse_krb5_name (OM_uint32 *minor_status, + const char *name, + gss_name_t *output_name) +{ + krb5_error_code kerr; + + kerr = krb5_parse_name (gssapi_krb5_context, name, output_name); + + if (kerr == 0) + return GSS_S_COMPLETE; + else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { + gssapi_krb5_set_error_string (); + *minor_status = kerr; + return GSS_S_BAD_NAME; + } else { + gssapi_krb5_set_error_string (); + *minor_status = kerr; + return GSS_S_FAILURE; + } +} + +static OM_uint32 +import_krb5_name (OM_uint32 *minor_status, + const gss_buffer_t input_name_buffer, + gss_name_t *output_name) +{ + OM_uint32 ret; + char *tmp; + + tmp = malloc (input_name_buffer->length + 1); + if (tmp == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy (tmp, + input_name_buffer->value, + input_name_buffer->length); + tmp[input_name_buffer->length] = '\0'; + + ret = parse_krb5_name(minor_status, tmp, output_name); + free(tmp); + + return ret; +} + +static OM_uint32 +import_hostbased_name (OM_uint32 *minor_status, + const gss_buffer_t input_name_buffer, + gss_name_t *output_name) +{ + krb5_error_code kerr; + char *tmp; + char *p; + char *host; + char local_hostname[MAXHOSTNAMELEN]; + + *output_name = NULL; + + tmp = malloc (input_name_buffer->length + 1); + if (tmp == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy (tmp, + input_name_buffer->value, + input_name_buffer->length); + tmp[input_name_buffer->length] = '\0'; + + p = strchr (tmp, '@'); + if (p != NULL) { + *p = '\0'; + host = p + 1; + } else { + if (gethostname(local_hostname, sizeof(local_hostname)) < 0) { + *minor_status = errno; + free (tmp); + return GSS_S_FAILURE; + } + host = local_hostname; + } + + kerr = krb5_sname_to_principal (gssapi_krb5_context, + host, + tmp, + KRB5_NT_SRV_HST, + output_name); + free (tmp); + *minor_status = kerr; + if (kerr == 0) + return GSS_S_COMPLETE; + else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { + gssapi_krb5_set_error_string (); + *minor_status = kerr; + return GSS_S_BAD_NAME; + } else { + gssapi_krb5_set_error_string (); + *minor_status = kerr; + return GSS_S_FAILURE; + } +} + +static OM_uint32 +import_export_name (OM_uint32 *minor_status, + const gss_buffer_t input_name_buffer, + gss_name_t *output_name) +{ + unsigned char *p; + uint32_t length; + OM_uint32 ret; + char *name; + + if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length) + return GSS_S_BAD_NAME; + + /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */ + + p = input_name_buffer->value; + + if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 || + p[3] != GSS_KRB5_MECHANISM->length + 2 || + p[4] != 0x06 || + p[5] != GSS_KRB5_MECHANISM->length || + memcmp(&p[6], GSS_KRB5_MECHANISM->elements, + GSS_KRB5_MECHANISM->length) != 0) + return GSS_S_BAD_NAME; + + p += 6 + GSS_KRB5_MECHANISM->length; + + length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3]; + p += 4; + + if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length) + return GSS_S_BAD_NAME; + + name = malloc(length + 1); + if (name == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(name, p, length); + name[length] = '\0'; + + ret = parse_krb5_name(minor_status, name, output_name); + free(name); + + return ret; +} + +int +gss_oid_equal(const gss_OID a, const gss_OID b) +{ + if (a == b) + return 1; + else if (a == GSS_C_NO_OID || b == GSS_C_NO_OID || a->length != b->length) + return 0; + else + return memcmp(a->elements, b->elements, a->length) == 0; +} + +OM_uint32 gss_import_name + (OM_uint32 * minor_status, + const gss_buffer_t input_name_buffer, + const gss_OID input_name_type, + gss_name_t * output_name + ) +{ + GSSAPI_KRB5_INIT (); + + *minor_status = 0; + *output_name = GSS_C_NO_NAME; + + if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE)) + return import_hostbased_name (minor_status, + input_name_buffer, + output_name); + else if (gss_oid_equal(input_name_type, GSS_C_NO_OID) + || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME) + || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) + /* default printable syntax */ + return import_krb5_name (minor_status, + input_name_buffer, + output_name); + else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) { + return import_export_name(minor_status, + input_name_buffer, + output_name); + } else { + *minor_status = 0; + return GSS_S_BAD_NAMETYPE; + } +} diff --git a/source4/heimdal/lib/gssapi/init.c b/source4/heimdal/lib/gssapi/init.c new file mode 100644 index 0000000000..37f46624ae --- /dev/null +++ b/source4/heimdal/lib/gssapi/init.c @@ -0,0 +1,111 @@ +/* + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: init.c,v 1.7 2003/07/22 19:50:11 lha Exp $"); + +static HEIMDAL_MUTEX gssapi_krb5_context_mutex = HEIMDAL_MUTEX_INITIALIZER; +static int created_key; +static HEIMDAL_thread_key gssapi_context_key; + +static void +gssapi_destroy_thread_context(void *ptr) +{ + struct gssapi_thr_context *ctx = ptr; + + if (ctx == NULL) + return; + if (ctx->error_string) + free(ctx->error_string); + HEIMDAL_MUTEX_destroy(&ctx->mutex); + free(ctx); +} + + +struct gssapi_thr_context * +gssapi_get_thread_context(int createp) +{ + struct gssapi_thr_context *ctx; + int ret; + + HEIMDAL_MUTEX_lock(&gssapi_krb5_context_mutex); + + if (!created_key) + abort(); + ctx = HEIMDAL_getspecific(gssapi_context_key); + if (ctx == NULL) { + if (!createp) + goto fail; + ctx = malloc(sizeof(*ctx)); + if (ctx == NULL) + goto fail; + ctx->error_string = NULL; + HEIMDAL_MUTEX_init(&ctx->mutex); + HEIMDAL_setspecific(gssapi_context_key, ctx, ret); + if (ret) + goto fail; + } + HEIMDAL_MUTEX_unlock(&gssapi_krb5_context_mutex); + return ctx; + fail: + HEIMDAL_MUTEX_unlock(&gssapi_krb5_context_mutex); + if (ctx) + free(ctx); + return NULL; +} + +krb5_error_code +gssapi_krb5_init (void) +{ + krb5_error_code ret = 0; + + HEIMDAL_MUTEX_lock(&gssapi_krb5_context_mutex); + + if(gssapi_krb5_context == NULL) + ret = krb5_init_context (&gssapi_krb5_context); + if (ret == 0 && !created_key) { + HEIMDAL_key_create(&gssapi_context_key, + gssapi_destroy_thread_context, + ret); + if (ret) { + krb5_free_context(gssapi_krb5_context); + gssapi_krb5_context = NULL; + } else + created_key = 1; + } + + HEIMDAL_MUTEX_unlock(&gssapi_krb5_context_mutex); + + return ret; +} diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c new file mode 100644 index 0000000000..c7e4aa50d6 --- /dev/null +++ b/source4/heimdal/lib/gssapi/init_sec_context.c @@ -0,0 +1,1261 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: init_sec_context.c,v 1.57 2005/05/30 20:58:29 lha Exp $"); + +/* + * copy the addresses from `input_chan_bindings' (if any) to + * the auth context `ac' + */ + +static OM_uint32 +gsskrb5_set_addresses( + krb5_auth_context ac, + const gss_channel_bindings_t input_chan_bindings) +{ + /* Port numbers are expected to be in application_data.value, + * initator's port first */ + + krb5_address initiator_addr, acceptor_addr; + krb5_error_code kret; + + if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS + || input_chan_bindings->application_data.length != + 2 * sizeof(ac->local_port)) + return 0; + + memset(&initiator_addr, 0, sizeof(initiator_addr)); + memset(&acceptor_addr, 0, sizeof(acceptor_addr)); + + ac->local_port = + *(int16_t *) input_chan_bindings->application_data.value; + + ac->remote_port = + *((int16_t *) input_chan_bindings->application_data.value + 1); + + kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype, + &input_chan_bindings->acceptor_address, + ac->remote_port, + &acceptor_addr); + if (kret) + return kret; + + kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype, + &input_chan_bindings->initiator_address, + ac->local_port, + &initiator_addr); + if (kret) { + krb5_free_address (gssapi_krb5_context, &acceptor_addr); + return kret; + } + + kret = krb5_auth_con_setaddrs(gssapi_krb5_context, + ac, + &initiator_addr, /* local address */ + &acceptor_addr); /* remote address */ + + krb5_free_address (gssapi_krb5_context, &initiator_addr); + krb5_free_address (gssapi_krb5_context, &acceptor_addr); + +#if 0 + free(input_chan_bindings->application_data.value); + input_chan_bindings->application_data.value = NULL; + input_chan_bindings->application_data.length = 0; +#endif + + return kret; +} + +OM_uint32 +_gsskrb5_create_ctx( + OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + const gss_channel_bindings_t input_chan_bindings, + enum gss_ctx_id_t_state state) +{ + krb5_error_code kret; + + *context_handle = malloc(sizeof(**context_handle)); + if (*context_handle == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + (*context_handle)->auth_context = NULL; + (*context_handle)->source = NULL; + (*context_handle)->target = NULL; + (*context_handle)->state = state; + (*context_handle)->flags = 0; + (*context_handle)->more_flags = 0; + (*context_handle)->service_keyblock = NULL; + (*context_handle)->ticket = NULL; + krb5_data_zero(&(*context_handle)->fwd_data); + (*context_handle)->lifetime = GSS_C_INDEFINITE; + (*context_handle)->order = NULL; + HEIMDAL_MUTEX_init(&(*context_handle)->ctx_id_mutex); + + kret = krb5_auth_con_init (gssapi_krb5_context, + &(*context_handle)->auth_context); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + + HEIMDAL_MUTEX_destroy(&(*context_handle)->ctx_id_mutex); + + return GSS_S_FAILURE; + } + + kret = gsskrb5_set_addresses((*context_handle)->auth_context, + input_chan_bindings); + if (kret) { + *minor_status = kret; + + HEIMDAL_MUTEX_destroy(&(*context_handle)->ctx_id_mutex); + + krb5_auth_con_free(gssapi_krb5_context, (*context_handle)->auth_context); + + return GSS_S_BAD_BINDINGS; + } + + return GSS_S_COMPLETE; +} + +static OM_uint32 +gsskrb5_get_creds( + OM_uint32 * minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + OM_uint32 time_req, + OM_uint32 * time_rec, + krb5_creds ** cred) +{ + OM_uint32 ret; + krb5_error_code kret; + krb5_creds this_cred; + krb5_ccache ccache = NULL; + OM_uint32 lifetime_rec; + + *cred = NULL; + + if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) { + kret = krb5_cc_default (gssapi_krb5_context, &ccache); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + } else { + ccache = initiator_cred_handle->ccache; + } + + kret = krb5_cc_get_principal(gssapi_krb5_context, + ccache, + &(*context_handle)->source); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_copy_principal(gssapi_krb5_context, + target_name, + &(*context_handle)->target); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + memset(&this_cred, 0, sizeof(this_cred)); + this_cred.client = (*context_handle)->source; + this_cred.server = (*context_handle)->target; + + if (time_req && time_req != GSS_C_INDEFINITE) { + krb5_timestamp ts; + + krb5_timeofday (gssapi_krb5_context, &ts); + this_cred.times.endtime = ts + time_req; + } else { + this_cred.times.endtime = 0; + } + + this_cred.session.keytype = KEYTYPE_NULL; + + kret = krb5_get_credentials(gssapi_krb5_context, + 0, + ccache, + &this_cred, + cred); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + (*context_handle)->lifetime = (*cred)->times.endtime; + + ret = gssapi_lifetime_left(minor_status, + (*context_handle)->lifetime, + &lifetime_rec); + if (ret) return ret; + + if (lifetime_rec == 0) { + *minor_status = 0; + return GSS_S_CONTEXT_EXPIRED; + } + + if (time_rec) *time_rec = lifetime_rec; + + if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) { + krb5_cc_close(gssapi_krb5_context, ccache); + } + + return GSS_S_COMPLETE; +} + +static OM_uint32 +gsskrb5_initiator_ready( + OM_uint32 * minor_status, + gss_ctx_id_t * context_handle) +{ + OM_uint32 ret; + int32_t seq_number; + int is_cfx = 0; + u_int32_t flags = (*context_handle)->flags; + + krb5_auth_getremoteseqnumber (gssapi_krb5_context, + (*context_handle)->auth_context, + &seq_number); + + gsskrb5_is_cfx(*context_handle, &is_cfx); + + ret = _gssapi_msg_order_create(minor_status, + &(*context_handle)->order, + _gssapi_msg_order_f(flags), + seq_number, 0, is_cfx); + if (ret) return ret; + + (*context_handle)->state = INITIATOR_READY; + (*context_handle)->more_flags |= OPEN; + + return GSS_S_COMPLETE; +} + +/* + * handle delegated creds in init-sec-context + */ + +static void +gsskrb5_do_delegation( + krb5_auth_context ac, + krb5_ccache ccache, + krb5_creds *cred, + const gss_name_t target_name, + krb5_data *fwd_data, + int *flags) +{ + krb5_creds creds; + krb5_kdc_flags fwd_flags; + krb5_error_code kret; + + memset (&creds, 0, sizeof(creds)); + krb5_data_zero (fwd_data); + + kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, &creds.client); + if (kret) + goto out; + + kret = krb5_build_principal(gssapi_krb5_context, + &creds.server, + strlen(creds.client->realm), + creds.client->realm, + KRB5_TGS_NAME, + creds.client->realm, + NULL); + if (kret) + goto out; + + creds.times.endtime = 0; + + fwd_flags.i = 0; + fwd_flags.b.forwarded = 1; + fwd_flags.b.forwardable = 1; + + if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/ + target_name->name.name_string.len < 2) + goto out; + + kret = krb5_get_forwarded_creds(gssapi_krb5_context, + ac, + ccache, + fwd_flags.i, + target_name->name.name_string.val[1], + &creds, + fwd_data); + + out: + if (kret) + *flags &= ~GSS_C_DELEG_FLAG; + else + *flags |= GSS_C_DELEG_FLAG; + + if (creds.client) + krb5_free_principal(gssapi_krb5_context, creds.client); + if (creds.server) + krb5_free_principal(gssapi_krb5_context, creds.server); +} + +/* + * first stage of init-sec-context + */ + +static OM_uint32 +gsskrb5_initiator_start( + OM_uint32 * minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec) +{ + OM_uint32 ret = GSS_S_FAILURE; + krb5_error_code kret; + krb5_flags ap_options; + krb5_creds *cred = NULL; + krb5_data outbuf; + krb5_ccache ccache = NULL; + u_int32_t flags; + krb5_data authenticator; + Checksum cksum; + krb5_enctype enctype; + krb5_data fwd_data; + + krb5_data_zero(&outbuf); + krb5_data_zero(&fwd_data); + + (*context_handle)->more_flags |= LOCAL; + + /* We need to get the credentials for the requested target */ + ret = gsskrb5_get_creds(minor_status, + initiator_cred_handle, + context_handle, + target_name, + time_req, + time_rec, + &cred); + if (ret) return ret; + + /* + * We need to setup some compat stuff, this assumes that context_handle->target is already set + */ + ret = _gss_DES3_get_mic_compat(minor_status, *context_handle); + if (ret) return ret; + + /* + * We need a sequence number + */ + + krb5_auth_con_addflags(gssapi_krb5_context, + (*context_handle)->auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE, + NULL); + + /* We need the key and a random local subkey */ + { + kret = krb5_auth_con_setkey(gssapi_krb5_context, + (*context_handle)->auth_context, + &cred->session); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context, + (*context_handle)->auth_context, + &cred->session); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + } + + /* We need to prepare the flags used for this context */ + { + flags = 0; + ap_options = 0; + + if (req_flags & GSS_C_DELEG_FLAG) { + gsskrb5_do_delegation((*context_handle)->auth_context, + ccache, cred, target_name, &fwd_data, &flags); + } + + if (req_flags & GSS_C_MUTUAL_FLAG) { + flags |= GSS_C_MUTUAL_FLAG; + ap_options |= AP_OPTS_MUTUAL_REQUIRED; + } + + if (req_flags & GSS_C_REPLAY_FLAG) { + flags |= GSS_C_REPLAY_FLAG; + } + + if (req_flags & GSS_C_SEQUENCE_FLAG) { + flags |= GSS_C_SEQUENCE_FLAG; + } + + if (req_flags & GSS_C_ANON_FLAG) { + ;/* XXX */ + } + + if (req_flags & GSS_C_DCE_STYLE) { + flags |= GSS_C_DCE_STYLE; + /* GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG */ + flags |= GSS_C_MUTUAL_FLAG; + ap_options |= AP_OPTS_MUTUAL_REQUIRED; + } + + if (req_flags & GSS_C_IDENTIFY_FLAG) { + flags |= GSS_C_IDENTIFY_FLAG; + } + + if (req_flags & GSS_C_EXTENDED_ERROR_FLAG) { + flags |= GSS_C_EXTENDED_ERROR_FLAG; + } + + /* TODO: why are this always there? --metze */ + flags |= GSS_C_CONF_FLAG; + flags |= GSS_C_INTEG_FLAG; + flags |= GSS_C_TRANS_FLAG; + + if (ret_flags) *ret_flags = flags; + (*context_handle)->flags = flags; + } + + /* We need to generate the 8003 checksum */ + { + ret = gssapi_krb5_create_8003_checksum(minor_status, + input_chan_bindings, + flags, + &fwd_data, + &cksum); + krb5_data_free (&fwd_data); + if (ret) return ret; + } + + enctype = (*context_handle)->auth_context->keyblock->keytype; + + /* We need to create an Authenticator */ + { + kret = krb5_build_authenticator (gssapi_krb5_context, + (*context_handle)->auth_context, + enctype, + cred, + &cksum, + NULL, + &authenticator, + KRB5_KU_AP_REQ_AUTH); + free_Checksum(&cksum); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + } + + /* We need to create the AP_REQ */ + { + kret = krb5_build_ap_req(gssapi_krb5_context, + enctype, + cred, + ap_options, + authenticator, + &outbuf); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + } + + /* We need to encapsulate the AP_REQ if GSS_C_DCE_STYLE isn't in use */ + { + if (!(flags & GSS_C_DCE_STYLE)) { + ret = gssapi_krb5_encapsulate(minor_status, &outbuf, output_token, + "\x01\x00", GSS_KRB5_MECHANISM); + krb5_data_free (&outbuf); + if (ret) return ret; + } else { + output_token->length = outbuf.length; + output_token->value = outbuf.data; + } + } + + /* We no longer need the creds */ + krb5_free_creds(gssapi_krb5_context, cred); + + /* We are done if GSS_C_MUTUAL_FLAG is in use */ + if (flags & GSS_C_MUTUAL_FLAG) { + (*context_handle)->state = INITIATOR_WAIT_FOR_MUTAL; + return GSS_S_CONTINUE_NEEDED; + } + + return gsskrb5_initiator_ready(minor_status, context_handle); +} + +static OM_uint32 +gsskrb5_initiator_wait_for_mutual( + OM_uint32 * minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec) +{ + OM_uint32 ret; + krb5_error_code kret; + krb5_data inbuf; + u_int32_t flags = (*context_handle)->flags; + OM_uint32 l_seq_number; + OM_uint32 r_seq_number; + + /* We need to decapsulate the AP_REP if GSS_C_DCE_STYLE isn't in use */ + { + if (!(flags & GSS_C_DCE_STYLE)) { + ret = gssapi_krb5_decapsulate(minor_status, input_token, &inbuf, + "\x02\x00", GSS_KRB5_MECHANISM); + if (ret) return ret; + } else { + inbuf.length = input_token->length; + inbuf.data = input_token->value; + } + } + + /* We need to verify the AP_REP */ + { + krb5_ap_rep_enc_part *repl; + + kret = krb5_rd_rep(gssapi_krb5_context, + (*context_handle)->auth_context, + &inbuf, + &repl); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + krb5_free_ap_rep_enc_part(gssapi_krb5_context, repl); + } + + /* We need to check the liftime */ + { + OM_uint32 lifetime_rec; + + ret = gssapi_lifetime_left(minor_status, + (*context_handle)->lifetime, + &lifetime_rec); + if (ret) return ret; + + if (lifetime_rec == 0) { + return GSS_S_CONTEXT_EXPIRED; + } + + if (time_rec) *time_rec = lifetime_rec; + } + + /* We need to give the caller the flags which are in use */ + if (ret_flags) *ret_flags = (*context_handle)->flags; + + /* We are done here if GSS_C_DCE_STYLE isn't in use */ + if (!(flags & GSS_C_DCE_STYLE)) { + return gsskrb5_initiator_ready(minor_status, context_handle); + } + + /* + * We need to set the local seq_number to the remote one just for the krb5_mk_rep(), + * and then we need to use the old local seq_number again for the GSS_Wrap() messages + */ + { + kret = krb5_auth_getremoteseqnumber(gssapi_krb5_context, + (*context_handle)->auth_context, + &r_seq_number); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_auth_con_getlocalseqnumber(gssapi_krb5_context, + (*context_handle)->auth_context, + &l_seq_number); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_auth_con_setlocalseqnumber(gssapi_krb5_context, + (*context_handle)->auth_context, + r_seq_number); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + } + + /* We need to create an AP_REP */ + { + krb5_data outbuf; + + kret = krb5_mk_rep(gssapi_krb5_context, + (*context_handle)->auth_context, + &outbuf); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + output_token->length = outbuf.length; + output_token->value = outbuf.data; + } + + /* We need to reset the local seq_number */ + { + kret = krb5_auth_con_setlocalseqnumber(gssapi_krb5_context, + (*context_handle)->auth_context, + l_seq_number); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + } + + return gsskrb5_initiator_ready(minor_status, context_handle); +} + +static OM_uint32 +gsskrb5_init_sec_context( + OM_uint32 * minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec) +{ + OM_uint32 ret; + + if (*context_handle == GSS_C_NO_CONTEXT) { + ret = _gsskrb5_create_ctx(minor_status, + context_handle, + input_chan_bindings, + INITIATOR_START); + if (ret) return ret; + } + + if (actual_mech_type) *actual_mech_type = GSS_KRB5_MECHANISM; + + HEIMDAL_MUTEX_lock(&(*context_handle)->ctx_id_mutex); + + switch ((*context_handle)->state) { + case INITIATOR_START: + ret = gsskrb5_initiator_start(minor_status, + initiator_cred_handle, + context_handle, + target_name, + mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + output_token, + ret_flags, + time_rec); + break; + case INITIATOR_WAIT_FOR_MUTAL: + ret = gsskrb5_initiator_wait_for_mutual(minor_status, + initiator_cred_handle, + context_handle, + target_name, + mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + output_token, + ret_flags, + time_rec); + break; + case INITIATOR_READY: + /* should this be GSS_S_BAD_STATUS ? --metze */ + + /* We need to check the liftime */ + { + OM_uint32 lifetime_rec; + + ret = gssapi_lifetime_left(minor_status, + (*context_handle)->lifetime, + &lifetime_rec); + if (ret) break; + + if (lifetime_rec == 0) { + *minor_status = 0; + ret = GSS_S_CONTEXT_EXPIRED; + break; + } + + if (time_rec) *time_rec = lifetime_rec; + } + + /* We need to give the caller the flags which are in use */ + if (ret_flags) *ret_flags = (*context_handle)->flags; + + ret = GSS_S_COMPLETE; + break; + default: + /* TODO: is this correct here? --metze */ + ret = GSS_S_BAD_STATUS; + break; + } + + HEIMDAL_MUTEX_unlock(&(*context_handle)->ctx_id_mutex); + + return ret; +} + +static OM_uint32 +spnego_reply + (OM_uint32 * minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec + ) +{ + OM_uint32 ret; + krb5_data indata; + NegTokenTarg targ; + u_char oidbuf[17]; + size_t oidlen; + gss_buffer_desc sub_token; + ssize_t mech_len; + const u_char *p; + size_t len, taglen; + krb5_boolean require_mic; + + output_token->length = 0; + output_token->value = NULL; + + /* + * SPNEGO doesn't include gss wrapping on SubsequentContextToken + * like the Kerberos 5 mech does. But lets check for it anyway. + */ + + mech_len = gssapi_krb5_get_mech (input_token->value, + input_token->length, + &p); + + if (mech_len < 0) { + indata.data = input_token->value; + indata.length = input_token->length; + } else if (mech_len == GSS_KRB5_MECHANISM->length + && memcmp(GSS_KRB5_MECHANISM->elements, p, mech_len) == 0) + return gsskrb5_init_sec_context (minor_status, + initiator_cred_handle, + context_handle, + target_name, + GSS_KRB5_MECHANISM, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); + else if (mech_len == GSS_SPNEGO_MECHANISM->length + && memcmp(GSS_SPNEGO_MECHANISM->elements, p, mech_len) == 0){ + ret = _gssapi_decapsulate (minor_status, + input_token, + &indata, + GSS_SPNEGO_MECHANISM); + if (ret) + return ret; + } else + return GSS_S_BAD_MECH; + + ret = der_match_tag_and_length((const char *)indata.data, + indata.length, + ASN1_C_CONTEXT, CONS, 1, &len, &taglen); + if (ret) + return ret; + + if(len > indata.length - taglen) + return ASN1_OVERRUN; + + ret = decode_NegTokenTarg((const char *)indata.data + taglen, + len, &targ, NULL); + if (ret) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + if (targ.negResult == NULL + || *(targ.negResult) == reject + || targ.supportedMech == NULL) { + free_NegTokenTarg(&targ); + return GSS_S_BAD_MECH; + } + + ret = der_put_oid(oidbuf + sizeof(oidbuf) - 1, + sizeof(oidbuf), + targ.supportedMech, + &oidlen); + if (ret || oidlen != GSS_KRB5_MECHANISM->length + || memcmp(oidbuf + sizeof(oidbuf) - oidlen, + GSS_KRB5_MECHANISM->elements, + oidlen) != 0) { + free_NegTokenTarg(&targ); + return GSS_S_BAD_MECH; + } + + if (targ.responseToken != NULL) { + sub_token.length = targ.responseToken->length; + sub_token.value = targ.responseToken->data; + } else { + sub_token.length = 0; + sub_token.value = NULL; + } + + ret = gsskrb5_init_sec_context(minor_status, + initiator_cred_handle, + context_handle, + target_name, + GSS_KRB5_MECHANISM, + req_flags, + time_req, + input_chan_bindings, + &sub_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); + if (ret) { + free_NegTokenTarg(&targ); + return ret; + } + + /* + * Verify the mechListMIC if CFX was used; or if local policy + * dictated so. + */ + ret = _gss_spnego_require_mechlist_mic(minor_status, *context_handle, + &require_mic); + if (ret) { + free_NegTokenTarg(&targ); + return ret; + } + + if (require_mic) { + MechTypeList mechlist; + MechType m0; + size_t buf_len; + gss_buffer_desc mic_buf, mech_buf; + + if (targ.mechListMIC == NULL) { + free_NegTokenTarg(&targ); + *minor_status = 0; + return GSS_S_BAD_MIC; + } + + mechlist.len = 1; + mechlist.val = &m0; + + ret = der_get_oid(GSS_KRB5_MECHANISM->elements, + GSS_KRB5_MECHANISM->length, + &m0, + NULL); + if (ret) { + free_NegTokenTarg(&targ); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + ASN1_MALLOC_ENCODE(MechTypeList, mech_buf.value, mech_buf.length, + &mechlist, &buf_len, ret); + if (ret) { + free_NegTokenTarg(&targ); + free_oid(&m0); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + if (mech_buf.length != buf_len) + abort(); + + mic_buf.length = targ.mechListMIC->length; + mic_buf.value = targ.mechListMIC->data; + + ret = gss_verify_mic(minor_status, *context_handle, + &mech_buf, &mic_buf, NULL); + free(mech_buf.value); + free_oid(&m0); + } + free_NegTokenTarg(&targ); + return ret; +} + +static OM_uint32 +spnego_initial + (OM_uint32 * minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec + ) +{ + NegTokenInit ni; + int ret; + OM_uint32 sub, minor; + gss_buffer_desc mech_token; + u_char *buf; + size_t buf_size, buf_len; + krb5_data data; +#if 1 + size_t ni_len; +#endif + + memset (&ni, 0, sizeof(ni)); + + ALLOC(ni.mechTypes, 1); + if (ni.mechTypes == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + ALLOC_SEQ(ni.mechTypes, 1); + if (ni.mechTypes->val == NULL) { + free_NegTokenInit(&ni); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + ret = der_get_oid(GSS_KRB5_MECHANISM->elements, + GSS_KRB5_MECHANISM->length, + &ni.mechTypes->val[0], + NULL); + if (ret) { + free_NegTokenInit(&ni); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + +#if 0 + ALLOC(ni.reqFlags, 1); + if (ni.reqFlags == NULL) { + free_NegTokenInit(&ni); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + ni.reqFlags->delegFlag = req_flags & GSS_C_DELEG_FLAG; + ni.reqFlags->mutualFlag = req_flags & GSS_C_MUTUAL_FLAG; + ni.reqFlags->replayFlag = req_flags & GSS_C_REPLAY_FLAG; + ni.reqFlags->sequenceFlag = req_flags & GSS_C_SEQUENCE_FLAG; + ni.reqFlags->anonFlag = req_flags & GSS_C_ANON_FLAG; + ni.reqFlags->confFlag = req_flags & GSS_C_CONF_FLAG; + ni.reqFlags->integFlag = req_flags & GSS_C_INTEG_FLAG; +#else + ni.reqFlags = NULL; +#endif + + sub = gsskrb5_init_sec_context(&minor, + initiator_cred_handle, + context_handle, + target_name, + GSS_KRB5_MECHANISM, + req_flags, + time_req, + input_chan_bindings, + GSS_C_NO_BUFFER, + actual_mech_type, + &mech_token, + ret_flags, + time_rec); + if (GSS_ERROR(sub)) { + free_NegTokenInit(&ni); + return sub; + } + if (mech_token.length != 0) { + ALLOC(ni.mechToken, 1); + if (ni.mechToken == NULL) { + free_NegTokenInit(&ni); + gss_release_buffer(&minor, &mech_token); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + ni.mechToken->length = mech_token.length; + ni.mechToken->data = malloc(mech_token.length); + if (ni.mechToken->data == NULL && mech_token.length != 0) { + free_NegTokenInit(&ni); + gss_release_buffer(&minor, &mech_token); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(ni.mechToken->data, mech_token.value, mech_token.length); + gss_release_buffer(&minor, &mech_token); + } else + ni.mechToken = NULL; + + /* XXX ignore mech list mic for now */ + ni.mechListMIC = NULL; + + +#if 0 + { + int ret; + NegotiationToken nt; + + nt.element = choice_NegotiationToken_negTokenInit; + nt.u.negTokenInit = ni; + + ASN1_MALLOC_ENCODE(NegotiationToken, buf, buf_size, + &nt, &buf_len, ret); + if (buf_size != buf_len) + abort(); + } +#else + ni_len = length_NegTokenInit(&ni); + buf_size = 1 + length_len(ni_len) + ni_len; + + buf = malloc(buf_size); + if (buf == NULL) { + free_NegTokenInit(&ni); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + ret = encode_NegTokenInit(buf + buf_size - 1, + ni_len, + &ni, &buf_len); + if (ret == 0 && ni_len != buf_len) + abort(); + + if (ret == 0) { + size_t tmp; + + ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, + buf_size - buf_len, + buf_len, + ASN1_C_CONTEXT, + CONS, + 0, + &tmp); + if (ret == 0 && tmp + buf_len != buf_size) + abort(); + } + if (ret) { + *minor_status = ret; + free(buf); + free_NegTokenInit(&ni); + return GSS_S_FAILURE; + } + +#endif + data.data = buf; + data.length = buf_size; + + free_NegTokenInit(&ni); + if (ret) + return ret; + + sub = _gssapi_encapsulate(minor_status, + &data, + output_token, + GSS_SPNEGO_MECHANISM); + free (buf); + + if (sub) + return sub; + + return GSS_S_CONTINUE_NEEDED; +} + +static OM_uint32 +spnego_init_sec_context + (OM_uint32 * minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec + ) +{ + if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) + return spnego_initial (minor_status, + initiator_cred_handle, + context_handle, + target_name, + mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); + else + return spnego_reply (minor_status, + initiator_cred_handle, + context_handle, + target_name, + mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); +} + +/* + * gss_init_sec_context + */ + +OM_uint32 gss_init_sec_context( + OM_uint32 * minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec) +{ + GSSAPI_KRB5_INIT (); + + *minor_status = 0; + + if (actual_mech_type) *actual_mech_type = GSS_C_NO_OID; + + output_token->length = 0; + output_token->value = NULL; + + if (ret_flags) *ret_flags = 0; + if (time_rec) *time_rec = 0; + + if (target_name == GSS_C_NO_NAME) return GSS_S_BAD_NAME; + + if (mech_type == GSS_C_NO_OID || + gss_oid_equal(mech_type, GSS_KRB5_MECHANISM)) { + return gsskrb5_init_sec_context(minor_status, + initiator_cred_handle, + context_handle, + target_name, + mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); + } else if (gss_oid_equal(mech_type, GSS_SPNEGO_MECHANISM)) { + return spnego_init_sec_context (minor_status, + initiator_cred_handle, + context_handle, + target_name, + mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); + } + + return GSS_S_BAD_MECH; +} diff --git a/source4/heimdal/lib/gssapi/inquire_cred.c b/source4/heimdal/lib/gssapi/inquire_cred.c new file mode 100644 index 0000000000..9ed1ff4cc4 --- /dev/null +++ b/source4/heimdal/lib/gssapi/inquire_cred.c @@ -0,0 +1,123 @@ +/* + * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: inquire_cred.c,v 1.7 2004/11/30 19:27:11 lha Exp $"); + +OM_uint32 gss_inquire_cred + (OM_uint32 * minor_status, + const gss_cred_id_t cred_handle, + gss_name_t * name, + OM_uint32 * lifetime, + gss_cred_usage_t * cred_usage, + gss_OID_set * mechanisms + ) +{ + gss_cred_id_t cred; + OM_uint32 ret; + + *minor_status = 0; + + if (name) + *name = NULL; + if (mechanisms) + *mechanisms = GSS_C_NO_OID_SET; + + if (cred_handle == GSS_C_NO_CREDENTIAL) { + ret = gss_acquire_cred(minor_status, + GSS_C_NO_NAME, + GSS_C_INDEFINITE, + GSS_C_NO_OID_SET, + GSS_C_BOTH, + &cred, + NULL, + NULL); + if (ret) + return ret; + } else + cred = (gss_cred_id_t)cred_handle; + + HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); + + if (name != NULL) { + if (cred->principal != NULL) { + ret = gss_duplicate_name(minor_status, cred->principal, + name); + if (ret) + goto out; + } else if (cred->usage == GSS_C_ACCEPT) { + *minor_status = krb5_sname_to_principal(gssapi_krb5_context, NULL, + NULL, KRB5_NT_SRV_HST, name); + if (*minor_status) { + ret = GSS_S_FAILURE; + goto out; + } + } else { + *minor_status = krb5_get_default_principal(gssapi_krb5_context, + name); + if (*minor_status) { + ret = GSS_S_FAILURE; + goto out; + } + } + } + if (lifetime != NULL) { + ret = gssapi_lifetime_left(minor_status, + cred->lifetime, + lifetime); + if (ret) + goto out; + } + if (cred_usage != NULL) + *cred_usage = cred->usage; + + if (mechanisms != NULL) { + ret = gss_create_empty_oid_set(minor_status, mechanisms); + if (ret) + goto out; + ret = gss_add_oid_set_member(minor_status, + &cred->mechanisms->elements[0], + mechanisms); + if (ret) + goto out; + } + ret = GSS_S_COMPLETE; + out: + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + + if (cred_handle == GSS_C_NO_CREDENTIAL) + ret = gss_release_cred(minor_status, &cred); + + return ret; +} diff --git a/source4/heimdal/lib/gssapi/release_buffer.c b/source4/heimdal/lib/gssapi/release_buffer.c new file mode 100644 index 0000000000..258b76f627 --- /dev/null +++ b/source4/heimdal/lib/gssapi/release_buffer.c @@ -0,0 +1,48 @@ +/* + * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: release_buffer.c,v 1.5 2003/03/16 17:58:20 lha Exp $"); + +OM_uint32 gss_release_buffer + (OM_uint32 * minor_status, + gss_buffer_t buffer + ) +{ + *minor_status = 0; + free (buffer->value); + buffer->value = NULL; + buffer->length = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/release_cred.c b/source4/heimdal/lib/gssapi/release_cred.c new file mode 100644 index 0000000000..8ae65dd528 --- /dev/null +++ b/source4/heimdal/lib/gssapi/release_cred.c @@ -0,0 +1,73 @@ +/* + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: release_cred.c,v 1.10 2003/10/07 00:51:46 lha Exp $"); + +OM_uint32 gss_release_cred + (OM_uint32 * minor_status, + gss_cred_id_t * cred_handle + ) +{ + *minor_status = 0; + + if (*cred_handle == GSS_C_NO_CREDENTIAL) { + return GSS_S_COMPLETE; + } + + GSSAPI_KRB5_INIT (); + + HEIMDAL_MUTEX_lock(&(*cred_handle)->cred_id_mutex); + + if ((*cred_handle)->principal != NULL) + krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); + if ((*cred_handle)->made_keytab) + krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab); + if ((*cred_handle)->made_ccache) { + const krb5_cc_ops *ops; + ops = krb5_cc_get_ops(gssapi_krb5_context, (*cred_handle)->ccache); + if (ops == &krb5_mcc_ops) + krb5_cc_destroy(gssapi_krb5_context, (*cred_handle)->ccache); + else + krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache); + } + gss_release_oid_set(NULL, &(*cred_handle)->mechanisms); + HEIMDAL_MUTEX_unlock(&(*cred_handle)->cred_id_mutex); + HEIMDAL_MUTEX_destroy(&(*cred_handle)->cred_id_mutex); + memset(*cred_handle, 0, sizeof(**cred_handle)); + free(*cred_handle); + *cred_handle = GSS_C_NO_CREDENTIAL; + return GSS_S_COMPLETE; +} + diff --git a/source4/heimdal/lib/gssapi/release_name.c b/source4/heimdal/lib/gssapi/release_name.c new file mode 100644 index 0000000000..6894ffae49 --- /dev/null +++ b/source4/heimdal/lib/gssapi/release_name.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: release_name.c,v 1.7 2003/03/16 17:52:48 lha Exp $"); + +OM_uint32 gss_release_name + (OM_uint32 * minor_status, + gss_name_t * input_name + ) +{ + GSSAPI_KRB5_INIT (); + if (minor_status) + *minor_status = 0; + krb5_free_principal(gssapi_krb5_context, + *input_name); + *input_name = GSS_C_NO_NAME; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/release_oid_set.c b/source4/heimdal/lib/gssapi/release_oid_set.c new file mode 100644 index 0000000000..04eb01565f --- /dev/null +++ b/source4/heimdal/lib/gssapi/release_oid_set.c @@ -0,0 +1,49 @@ +/* + * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: release_oid_set.c,v 1.5 2003/03/16 17:53:25 lha Exp $"); + +OM_uint32 gss_release_oid_set + (OM_uint32 * minor_status, + gss_OID_set * set + ) +{ + if (minor_status) + *minor_status = 0; + free ((*set)->elements); + free (*set); + *set = GSS_C_NO_OID_SET; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/sequence.c b/source4/heimdal/lib/gssapi/sequence.c new file mode 100755 index 0000000000..973fc6ad05 --- /dev/null +++ b/source4/heimdal/lib/gssapi/sequence.c @@ -0,0 +1,189 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: sequence.c,v 1.5 2005/04/27 17:49:43 lha Exp $"); + +#define DEFAULT_JITTER_WINDOW 20 + +struct gss_msg_order { + OM_uint32 flags; + OM_uint32 start; + OM_uint32 length; + OM_uint32 jitter_window; + OM_uint32 first_seq; + OM_uint32 elem[1]; +}; + +/* + * + */ + +OM_uint32 +_gssapi_msg_order_create(OM_uint32 *minor_status, + struct gss_msg_order **o, + OM_uint32 flags, + OM_uint32 seq_num, + OM_uint32 jitter_window, + int use_64) +{ + size_t len; + + if (jitter_window == 0) + jitter_window = DEFAULT_JITTER_WINDOW; + + len = jitter_window * sizeof((*o)->elem[0]); + len += sizeof(**o); + len -= sizeof((*o)->elem[0]); + + *o = malloc(len); + if (*o == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memset(*o, 0, len); + (*o)->flags = flags; + (*o)->length = 0; + (*o)->first_seq = seq_num; + (*o)->jitter_window = jitter_window; + (*o)->elem[0] = seq_num - 1; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +_gssapi_msg_order_destroy(struct gss_msg_order **m) +{ + free(*m); + *m = NULL; + return GSS_S_COMPLETE; +} + +static void +elem_set(struct gss_msg_order *o, unsigned int slot, OM_uint32 val) +{ + o->elem[slot % o->jitter_window] = val; +} + +static void +elem_insert(struct gss_msg_order *o, + unsigned int after_slot, + OM_uint32 seq_num) +{ + assert(o->jitter_window > after_slot); + + if (o->length > after_slot) + memmove(&o->elem[after_slot + 1], &o->elem[after_slot], + (o->length - after_slot - 1) * sizeof(o->elem[0])); + + elem_set(o, after_slot, seq_num); + + if (o->length < o->jitter_window) + o->length++; +} + +/* rule 1: expected sequence number */ +/* rule 2: > expected sequence number */ +/* rule 3: seqnum < seqnum(first) */ +/* rule 4+5: seqnum in [seqnum(first),seqnum(last)] */ + +OM_uint32 +_gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num) +{ + OM_uint32 r; + int i; + + if (o == NULL) + return GSS_S_COMPLETE; + + if ((o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG)) == 0) + return GSS_S_COMPLETE; + + /* check if the packet is the next in order */ + if (o->elem[0] == seq_num - 1) { + elem_insert(o, 0, seq_num); + return GSS_S_COMPLETE; + } + + r = (o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG))==GSS_C_REPLAY_FLAG; + + /* sequence number larger then largest sequence number + * or smaller then the first sequence number */ + if (seq_num > o->elem[0] + || seq_num < o->first_seq + || o->length == 0) + { + elem_insert(o, 0, seq_num); + if (r) { + return GSS_S_COMPLETE; + } else { + return GSS_S_GAP_TOKEN; + } + } + + assert(o->length > 0); + + /* sequence number smaller the first sequence number */ + if (seq_num < o->elem[o->length - 1]) { + if (r) + return(GSS_S_OLD_TOKEN); + else + return(GSS_S_UNSEQ_TOKEN); + } + + if (seq_num == o->elem[o->length - 1]) { + return GSS_S_DUPLICATE_TOKEN; + } + + for (i = 0; i < o->length - 1; i++) { + if (o->elem[i] == seq_num) + return GSS_S_DUPLICATE_TOKEN; + if (o->elem[i + 1] < seq_num && o->elem[i] < seq_num) { + elem_insert(o, i, seq_num); + if (r) + return GSS_S_COMPLETE; + else + return GSS_S_UNSEQ_TOKEN; + } + } + + return GSS_S_FAILURE; +} + +OM_uint32 +_gssapi_msg_order_f(OM_uint32 flags) +{ + return flags & (GSS_C_SEQUENCE_FLAG|GSS_C_REPLAY_FLAG); +} diff --git a/source4/heimdal/lib/gssapi/spnego.asn1 b/source4/heimdal/lib/gssapi/spnego.asn1 new file mode 100755 index 0000000000..5dc767cf76 --- /dev/null +++ b/source4/heimdal/lib/gssapi/spnego.asn1 @@ -0,0 +1,42 @@ +-- $Id: spnego.asn1,v 1.4 2004/03/07 13:38:08 lha Exp $ + +SPNEGO DEFINITIONS ::= +BEGIN + +MechType::= OBJECT IDENTIFIER + +MechTypeList ::= SEQUENCE OF MechType + +ContextFlags ::= BIT STRING { + delegFlag (0), + mutualFlag (1), + replayFlag (2), + sequenceFlag (3), + anonFlag (4), + confFlag (5), + integFlag (6) +} + +NegTokenInit ::= SEQUENCE { + mechTypes [0] MechTypeList OPTIONAL, + reqFlags [1] ContextFlags OPTIONAL, + mechToken [2] OCTET STRING OPTIONAL, + mechListMIC [3] OCTET STRING OPTIONAL + } + +NegTokenTarg ::= SEQUENCE { + negResult [0] ENUMERATED { + accept_completed (0), + accept_incomplete (1), + reject (2) } OPTIONAL, + supportedMech [1] MechType OPTIONAL, + responseToken [2] OCTET STRING OPTIONAL, + mechListMIC [3] OCTET STRING OPTIONAL +} + +NegotiationToken ::= CHOICE { + negTokenInit[0] NegTokenInit, + negTokenTarg[1] NegTokenTarg +} + +END diff --git a/source4/heimdal/lib/gssapi/test_oid_set_member.c b/source4/heimdal/lib/gssapi/test_oid_set_member.c new file mode 100644 index 0000000000..e747c5acc1 --- /dev/null +++ b/source4/heimdal/lib/gssapi/test_oid_set_member.c @@ -0,0 +1,55 @@ +/* + * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: test_oid_set_member.c,v 1.5 2003/03/16 17:54:06 lha Exp $"); + +OM_uint32 gss_test_oid_set_member ( + OM_uint32 * minor_status, + const gss_OID member, + const gss_OID_set set, + int * present + ) +{ + size_t i; + + *minor_status = 0; + *present = 0; + for (i = 0; i < set->count; ++i) + if (gss_oid_equal(member, &set->elements[i]) != 0) { + *present = 1; + break; + } + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/unwrap.c b/source4/heimdal/lib/gssapi/unwrap.c new file mode 100644 index 0000000000..c358c1aa24 --- /dev/null +++ b/source4/heimdal/lib/gssapi/unwrap.c @@ -0,0 +1,413 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: unwrap.c,v 1.34 2005/04/27 17:50:40 lha Exp $"); + +static OM_uint32 +unwrap_des + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int * conf_state, + gss_qop_t * qop_state, + krb5_keyblock *key + ) +{ + u_char *p, *seq; + size_t len; + MD5_CTX md5; + u_char hash[16]; + DES_key_schedule schedule; + DES_cblock deskey; + DES_cblock zero; + int i; + int32_t seq_number; + size_t padlength; + OM_uint32 ret; + int cstate; + int cmp; + + p = input_message_buffer->value; + ret = gssapi_krb5_verify_header (&p, + input_message_buffer->length, + "\x02\x01", + GSS_KRB5_MECHANISM); + if (ret) + return ret; + + if (memcmp (p, "\x00\x00", 2) != 0) + return GSS_S_BAD_SIG; + p += 2; + if (memcmp (p, "\x00\x00", 2) == 0) { + cstate = 1; + } else if (memcmp (p, "\xFF\xFF", 2) == 0) { + cstate = 0; + } else + return GSS_S_BAD_MIC; + p += 2; + if(conf_state != NULL) + *conf_state = cstate; + if (memcmp (p, "\xff\xff", 2) != 0) + return GSS_S_DEFECTIVE_TOKEN; + p += 2; + p += 16; + + len = p - (u_char *)input_message_buffer->value; + + if(cstate) { + /* decrypt data */ + memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); + + for (i = 0; i < sizeof(deskey); ++i) + deskey[i] ^= 0xf0; + DES_set_key (&deskey, &schedule); + memset (&zero, 0, sizeof(zero)); + DES_cbc_encrypt ((void *)p, + (void *)p, + input_message_buffer->length - len, + &schedule, + &zero, + DES_DECRYPT); + + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + } + /* check pad */ + ret = _gssapi_verify_pad(input_message_buffer, + input_message_buffer->length - len, + &padlength); + if (ret) + return ret; + + MD5_Init (&md5); + MD5_Update (&md5, p - 24, 8); + MD5_Update (&md5, p, input_message_buffer->length - len); + MD5_Final (hash, &md5); + + memset (&zero, 0, sizeof(zero)); + memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); + DES_set_key (&deskey, &schedule); + DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), + &schedule, &zero); + if (memcmp (p - 8, hash, 8) != 0) + return GSS_S_BAD_MIC; + + /* verify sequence number */ + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + + p -= 16; + DES_set_key (&deskey, &schedule); + DES_cbc_encrypt ((void *)p, (void *)p, 8, + &schedule, (DES_cblock *)hash, DES_DECRYPT); + + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + + seq = p; + gssapi_decode_om_uint32(seq, &seq_number); + + if (context_handle->more_flags & LOCAL) + cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); + else + cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); + + if (cmp != 0) { + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return GSS_S_BAD_MIC; + } + + ret = _gssapi_msg_order_check(context_handle->order, seq_number); + if (ret) { + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return ret; + } + + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + /* copy out data */ + + output_message_buffer->length = input_message_buffer->length + - len - padlength - 8; + output_message_buffer->value = malloc(output_message_buffer->length); + if(output_message_buffer->length != 0 && output_message_buffer->value == NULL) + return GSS_S_FAILURE; + memcpy (output_message_buffer->value, + p + 24, + output_message_buffer->length); + return GSS_S_COMPLETE; +} + +static OM_uint32 +unwrap_des3 + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int * conf_state, + gss_qop_t * qop_state, + krb5_keyblock *key + ) +{ + u_char *p; + size_t len; + u_char *seq; + krb5_data seq_data; + u_char cksum[20]; + int32_t seq_number; + size_t padlength; + OM_uint32 ret; + int cstate; + krb5_crypto crypto; + Checksum csum; + int cmp; + + p = input_message_buffer->value; + ret = gssapi_krb5_verify_header (&p, + input_message_buffer->length, + "\x02\x01", + GSS_KRB5_MECHANISM); + if (ret) + return ret; + + if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */ + return GSS_S_BAD_SIG; + p += 2; + if (memcmp (p, "\x02\x00", 2) == 0) { + cstate = 1; + } else if (memcmp (p, "\xff\xff", 2) == 0) { + cstate = 0; + } else + return GSS_S_BAD_MIC; + p += 2; + if(conf_state != NULL) + *conf_state = cstate; + if (memcmp (p, "\xff\xff", 2) != 0) + return GSS_S_DEFECTIVE_TOKEN; + p += 2; + p += 28; + + len = p - (u_char *)input_message_buffer->value; + + if(cstate) { + /* decrypt data */ + krb5_data tmp; + + ret = krb5_crypto_init(gssapi_krb5_context, key, + ETYPE_DES3_CBC_NONE, &crypto); + if (ret) { + gssapi_krb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + ret = krb5_decrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL, + p, input_message_buffer->length - len, &tmp); + krb5_crypto_destroy(gssapi_krb5_context, crypto); + if (ret) { + gssapi_krb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + assert (tmp.length == input_message_buffer->length - len); + + memcpy (p, tmp.data, tmp.length); + krb5_data_free(&tmp); + } + /* check pad */ + ret = _gssapi_verify_pad(input_message_buffer, + input_message_buffer->length - len, + &padlength); + if (ret) + return ret; + + /* verify sequence number */ + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + + p -= 28; + + ret = krb5_crypto_init(gssapi_krb5_context, key, + ETYPE_DES3_CBC_NONE, &crypto); + if (ret) { + gssapi_krb5_set_error_string (); + *minor_status = ret; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return GSS_S_FAILURE; + } + { + DES_cblock ivec; + + memcpy(&ivec, p + 8, 8); + ret = krb5_decrypt_ivec (gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + p, 8, &seq_data, + &ivec); + } + krb5_crypto_destroy (gssapi_krb5_context, crypto); + if (ret) { + gssapi_krb5_set_error_string (); + *minor_status = ret; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return GSS_S_FAILURE; + } + if (seq_data.length != 8) { + krb5_data_free (&seq_data); + *minor_status = 0; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return GSS_S_BAD_MIC; + } + + seq = seq_data.data; + gssapi_decode_om_uint32(seq, &seq_number); + + if (context_handle->more_flags & LOCAL) + cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); + else + cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); + + krb5_data_free (&seq_data); + if (cmp != 0) { + *minor_status = 0; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return GSS_S_BAD_MIC; + } + + ret = _gssapi_msg_order_check(context_handle->order, seq_number); + if (ret) { + *minor_status = 0; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return ret; + } + + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + /* verify checksum */ + + memcpy (cksum, p + 8, 20); + + memcpy (p + 20, p - 8, 8); + + csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3; + csum.checksum.length = 20; + csum.checksum.data = cksum; + + ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); + if (ret) { + gssapi_krb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_verify_checksum (gssapi_krb5_context, crypto, + KRB5_KU_USAGE_SIGN, + p + 20, + input_message_buffer->length - len + 8, + &csum); + krb5_crypto_destroy (gssapi_krb5_context, crypto); + if (ret) { + gssapi_krb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + + /* copy out data */ + + output_message_buffer->length = input_message_buffer->length + - len - padlength - 8; + output_message_buffer->value = malloc(output_message_buffer->length); + if(output_message_buffer->length != 0 && output_message_buffer->value == NULL) + return GSS_S_FAILURE; + memcpy (output_message_buffer->value, + p + 36, + output_message_buffer->length); + return GSS_S_COMPLETE; +} + +OM_uint32 gss_unwrap + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int * conf_state, + gss_qop_t * qop_state + ) +{ + krb5_keyblock *key; + OM_uint32 ret; + krb5_keytype keytype; + + output_message_buffer->value = NULL; + output_message_buffer->length = 0; + + if (qop_state != NULL) + *qop_state = GSS_C_QOP_DEFAULT; + ret = gss_krb5_get_subkey(context_handle, &key); + if (ret) { + gssapi_krb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); + + *minor_status = 0; + + switch (keytype) { + case KEYTYPE_DES : + ret = unwrap_des (minor_status, context_handle, + input_message_buffer, output_message_buffer, + conf_state, qop_state, key); + break; + case KEYTYPE_DES3 : + ret = unwrap_des3 (minor_status, context_handle, + input_message_buffer, output_message_buffer, + conf_state, qop_state, key); + break; + case KEYTYPE_ARCFOUR: + case KEYTYPE_ARCFOUR_56: + ret = _gssapi_unwrap_arcfour (minor_status, context_handle, + input_message_buffer, output_message_buffer, + conf_state, qop_state, key); + break; + default : + ret = _gssapi_unwrap_cfx (minor_status, context_handle, + input_message_buffer, output_message_buffer, + conf_state, qop_state, key); + break; + } + krb5_free_keyblock (gssapi_krb5_context, key); + return ret; +} diff --git a/source4/heimdal/lib/gssapi/verify_mic.c b/source4/heimdal/lib/gssapi/verify_mic.c new file mode 100644 index 0000000000..7b7d437e99 --- /dev/null +++ b/source4/heimdal/lib/gssapi/verify_mic.c @@ -0,0 +1,336 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: verify_mic.c,v 1.32 2005/04/27 17:51:04 lha Exp $"); + +static OM_uint32 +verify_mic_des + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state, + krb5_keyblock *key, + char *type + ) +{ + u_char *p; + MD5_CTX md5; + u_char hash[16], *seq; + DES_key_schedule schedule; + DES_cblock zero; + DES_cblock deskey; + int32_t seq_number; + OM_uint32 ret; + int cmp; + + p = token_buffer->value; + ret = gssapi_krb5_verify_header (&p, + token_buffer->length, + type, + GSS_KRB5_MECHANISM); + if (ret) + return ret; + + if (memcmp(p, "\x00\x00", 2) != 0) + return GSS_S_BAD_SIG; + p += 2; + if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) + return GSS_S_BAD_MIC; + p += 4; + p += 16; + + /* verify checksum */ + MD5_Init (&md5); + MD5_Update (&md5, p - 24, 8); + MD5_Update (&md5, message_buffer->value, + message_buffer->length); + MD5_Final (hash, &md5); + + memset (&zero, 0, sizeof(zero)); + memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); + + DES_set_key (&deskey, &schedule); + DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), + &schedule, &zero); + if (memcmp (p - 8, hash, 8) != 0) { + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + return GSS_S_BAD_MIC; + } + + /* verify sequence number */ + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + + p -= 16; + DES_set_key (&deskey, &schedule); + DES_cbc_encrypt ((void *)p, (void *)p, 8, + &schedule, (DES_cblock *)hash, DES_DECRYPT); + + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + + seq = p; + gssapi_decode_om_uint32(seq, &seq_number); + + if (context_handle->more_flags & LOCAL) + cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); + else + cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); + + if (cmp != 0) { + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return GSS_S_BAD_MIC; + } + + ret = _gssapi_msg_order_check(context_handle->order, seq_number); + if (ret) { + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return ret; + } + + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + return GSS_S_COMPLETE; +} + +static OM_uint32 +verify_mic_des3 + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state, + krb5_keyblock *key, + char *type + ) +{ + u_char *p; + u_char *seq; + int32_t seq_number; + OM_uint32 ret; + krb5_crypto crypto; + krb5_data seq_data; + int cmp, docompat; + Checksum csum; + char *tmp; + char ivec[8]; + + p = token_buffer->value; + ret = gssapi_krb5_verify_header (&p, + token_buffer->length, + type, + GSS_KRB5_MECHANISM); + if (ret) + return ret; + + if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */ + return GSS_S_BAD_SIG; + p += 2; + if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) + return GSS_S_BAD_MIC; + p += 4; + + ret = krb5_crypto_init(gssapi_krb5_context, key, + ETYPE_DES3_CBC_NONE, &crypto); + if (ret){ + gssapi_krb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + + /* verify sequence number */ + docompat = 0; +retry: + if (docompat) + memset(ivec, 0, 8); + else + memcpy(ivec, p + 8, 8); + + ret = krb5_decrypt_ivec (gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + p, 8, &seq_data, ivec); + if (ret) { + if (docompat++) { + gssapi_krb5_set_error_string (); + krb5_crypto_destroy (gssapi_krb5_context, crypto); + *minor_status = ret; + return GSS_S_FAILURE; + } else + goto retry; + } + + if (seq_data.length != 8) { + krb5_data_free (&seq_data); + if (docompat++) { + krb5_crypto_destroy (gssapi_krb5_context, crypto); + return GSS_S_BAD_MIC; + } else + goto retry; + } + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + + seq = seq_data.data; + gssapi_decode_om_uint32(seq, &seq_number); + + if (context_handle->more_flags & LOCAL) + cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); + else + cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); + + krb5_data_free (&seq_data); + if (cmp != 0) { + krb5_crypto_destroy (gssapi_krb5_context, crypto); + *minor_status = 0; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return GSS_S_BAD_MIC; + } + + ret = _gssapi_msg_order_check(context_handle->order, seq_number); + if (ret) { + krb5_crypto_destroy (gssapi_krb5_context, crypto); + *minor_status = 0; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return ret; + } + + /* verify checksum */ + + tmp = malloc (message_buffer->length + 8); + if (tmp == NULL) { + krb5_crypto_destroy (gssapi_krb5_context, crypto); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + memcpy (tmp, p - 8, 8); + memcpy (tmp + 8, message_buffer->value, message_buffer->length); + + csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3; + csum.checksum.length = 20; + csum.checksum.data = p + 8; + + ret = krb5_verify_checksum (gssapi_krb5_context, crypto, + KRB5_KU_USAGE_SIGN, + tmp, message_buffer->length + 8, + &csum); + free (tmp); + if (ret) { + gssapi_krb5_set_error_string (); + krb5_crypto_destroy (gssapi_krb5_context, crypto); + *minor_status = ret; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return GSS_S_BAD_MIC; + } + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + krb5_crypto_destroy (gssapi_krb5_context, crypto); + return GSS_S_COMPLETE; +} + +OM_uint32 +gss_verify_mic_internal + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state, + char * type + ) +{ + krb5_keyblock *key; + OM_uint32 ret; + krb5_keytype keytype; + + ret = gss_krb5_get_subkey(context_handle, &key); + if (ret) { + gssapi_krb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + *minor_status = 0; + krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); + switch (keytype) { + case KEYTYPE_DES : + ret = verify_mic_des (minor_status, context_handle, + message_buffer, token_buffer, qop_state, key, + type); + break; + case KEYTYPE_DES3 : + ret = verify_mic_des3 (minor_status, context_handle, + message_buffer, token_buffer, qop_state, key, + type); + break; + case KEYTYPE_ARCFOUR : + case KEYTYPE_ARCFOUR_56 : + ret = _gssapi_verify_mic_arcfour (minor_status, context_handle, + message_buffer, token_buffer, + qop_state, key, type); + break; + default : + ret = _gssapi_verify_mic_cfx (minor_status, context_handle, + message_buffer, token_buffer, qop_state, + key); + break; + } + krb5_free_keyblock (gssapi_krb5_context, key); + + return ret; +} + +OM_uint32 +gss_verify_mic + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state + ) +{ + OM_uint32 ret; + + if (qop_state != NULL) + *qop_state = GSS_C_QOP_DEFAULT; + + ret = gss_verify_mic_internal(minor_status, context_handle, + message_buffer, token_buffer, + qop_state, "\x01\x01"); + + return ret; +} diff --git a/source4/heimdal/lib/gssapi/wrap.c b/source4/heimdal/lib/gssapi/wrap.c new file mode 100644 index 0000000000..bdb09e633b --- /dev/null +++ b/source4/heimdal/lib/gssapi/wrap.c @@ -0,0 +1,533 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: wrap.c,v 1.31 2005/01/05 02:52:12 lukeh Exp $"); + +OM_uint32 +gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t key) +{ + krb5_error_code ret; + krb5_keyblock *skey = NULL; + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + if (context_handle->more_flags & LOCAL) { + ret = krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if (ret) { + *minor_status = ret; + return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ + } + + } else { + ret = krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if (ret) { + *minor_status = ret; + return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ + } + + } + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + key->length = skey->keyvalue.length; + key->value = malloc (key->length); + if (!key->value) { + krb5_free_keyblock(gssapi_krb5_context, skey); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(key->value, skey->keyvalue.data, key->length); + krb5_free_keyblock(gssapi_krb5_context, skey); + return 0; +} + +OM_uint32 +gss_krb5_get_subkey(const gss_ctx_id_t context_handle, + krb5_keyblock **key) +{ + krb5_keyblock *skey = NULL; + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + if (context_handle->more_flags & LOCAL) { + krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + } else { + krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + } + /* + * Only use the initiator subkey or ticket session key if + * an acceptor subkey was not required. + */ + if (skey == NULL && + (context_handle->more_flags & ACCEPTOR_SUBKEY) == 0) { + if (context_handle->more_flags & LOCAL) { + krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + } else { + krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + } + if(skey == NULL) + krb5_auth_con_getkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + } + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + if(skey == NULL) + return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ + *key = skey; + return 0; +} + +static OM_uint32 +sub_wrap_size ( + OM_uint32 req_output_size, + OM_uint32 * max_input_size, + int blocksize, + int extrasize + ) +{ + size_t len, total_len; + + len = 8 + req_output_size + blocksize + extrasize; + + gssapi_krb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); + + total_len -= req_output_size; /* token length */ + if (total_len < req_output_size) { + *max_input_size = (req_output_size - total_len); + (*max_input_size) &= (~(OM_uint32)(blocksize - 1)); + } else { + *max_input_size = 0; + } + return GSS_S_COMPLETE; +} + +OM_uint32 +gss_wrap_size_limit ( + OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_output_size, + OM_uint32 * max_input_size + ) +{ + krb5_keyblock *key; + OM_uint32 ret; + krb5_keytype keytype; + + ret = gss_krb5_get_subkey(context_handle, &key); + if (ret) { + gssapi_krb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); + + switch (keytype) { + case KEYTYPE_DES : + case KEYTYPE_ARCFOUR: + case KEYTYPE_ARCFOUR_56: + ret = sub_wrap_size(req_output_size, max_input_size, 8, 22); + break; + case KEYTYPE_DES3 : + ret = sub_wrap_size(req_output_size, max_input_size, 8, 34); + break; + default : + ret = _gssapi_wrap_size_cfx(minor_status, context_handle, + conf_req_flag, qop_req, + req_output_size, max_input_size, key); + break; + } + krb5_free_keyblock (gssapi_krb5_context, key); + *minor_status = 0; + return ret; +} + +static OM_uint32 +wrap_des + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int * conf_state, + gss_buffer_t output_message_buffer, + krb5_keyblock *key + ) +{ + u_char *p; + MD5_CTX md5; + u_char hash[16]; + DES_key_schedule schedule; + DES_cblock deskey; + DES_cblock zero; + int i; + int32_t seq_number; + size_t len, total_len, padlength, datalen; + + padlength = 8 - (input_message_buffer->length % 8); + datalen = input_message_buffer->length + padlength + 8; + len = datalen + 22; + gssapi_krb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + + output_message_buffer->length = total_len; + output_message_buffer->value = malloc (total_len); + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = gssapi_krb5_make_header(output_message_buffer->value, + len, + "\x02\x01", /* TOK_ID */ + GSS_KRB5_MECHANISM); + + /* SGN_ALG */ + memcpy (p, "\x00\x00", 2); + p += 2; + /* SEAL_ALG */ + if(conf_req_flag) + memcpy (p, "\x00\x00", 2); + else + memcpy (p, "\xff\xff", 2); + p += 2; + /* Filler */ + memcpy (p, "\xff\xff", 2); + p += 2; + + /* fill in later */ + memset (p, 0, 16); + p += 16; + + /* confounder + data + pad */ + krb5_generate_random_block(p, 8); + memcpy (p + 8, input_message_buffer->value, + input_message_buffer->length); + memset (p + 8 + input_message_buffer->length, padlength, padlength); + + /* checksum */ + MD5_Init (&md5); + MD5_Update (&md5, p - 24, 8); + MD5_Update (&md5, p, datalen); + MD5_Final (hash, &md5); + + memset (&zero, 0, sizeof(zero)); + memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); + DES_set_key (&deskey, &schedule); + DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), + &schedule, &zero); + memcpy (p - 8, hash, 8); + + /* sequence number */ + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + &seq_number); + + p -= 16; + p[0] = (seq_number >> 0) & 0xFF; + p[1] = (seq_number >> 8) & 0xFF; + p[2] = (seq_number >> 16) & 0xFF; + p[3] = (seq_number >> 24) & 0xFF; + memset (p + 4, + (context_handle->more_flags & LOCAL) ? 0 : 0xFF, + 4); + + DES_set_key (&deskey, &schedule); + DES_cbc_encrypt ((void *)p, (void *)p, 8, + &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT); + + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + /* encrypt the data */ + p += 16; + + if(conf_req_flag) { + memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); + + for (i = 0; i < sizeof(deskey); ++i) + deskey[i] ^= 0xf0; + DES_set_key (&deskey, &schedule); + memset (&zero, 0, sizeof(zero)); + DES_cbc_encrypt ((void *)p, + (void *)p, + datalen, + &schedule, + &zero, + DES_ENCRYPT); + } + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + + if(conf_state != NULL) + *conf_state = conf_req_flag; + *minor_status = 0; + return GSS_S_COMPLETE; +} + +static OM_uint32 +wrap_des3 + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int * conf_state, + gss_buffer_t output_message_buffer, + krb5_keyblock *key + ) +{ + u_char *p; + u_char seq[8]; + int32_t seq_number; + size_t len, total_len, padlength, datalen; + u_int32_t ret; + krb5_crypto crypto; + Checksum cksum; + krb5_data encdata; + + padlength = 8 - (input_message_buffer->length % 8); + datalen = input_message_buffer->length + padlength + 8; + len = datalen + 34; + gssapi_krb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + + output_message_buffer->length = total_len; + output_message_buffer->value = malloc (total_len); + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = gssapi_krb5_make_header(output_message_buffer->value, + len, + "\x02\x01", /* TOK_ID */ + GSS_KRB5_MECHANISM); + + /* SGN_ALG */ + memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */ + p += 2; + /* SEAL_ALG */ + if(conf_req_flag) + memcpy (p, "\x02\x00", 2); /* DES3-KD */ + else + memcpy (p, "\xff\xff", 2); + p += 2; + /* Filler */ + memcpy (p, "\xff\xff", 2); + p += 2; + + /* calculate checksum (the above + confounder + data + pad) */ + + memcpy (p + 20, p - 8, 8); + krb5_generate_random_block(p + 28, 8); + memcpy (p + 28 + 8, input_message_buffer->value, + input_message_buffer->length); + memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength); + + ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); + if (ret) { + gssapi_krb5_set_error_string (); + free (output_message_buffer->value); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_create_checksum (gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SIGN, + 0, + p + 20, + datalen + 8, + &cksum); + krb5_crypto_destroy (gssapi_krb5_context, crypto); + if (ret) { + gssapi_krb5_set_error_string (); + free (output_message_buffer->value); + *minor_status = ret; + return GSS_S_FAILURE; + } + + /* zero out SND_SEQ + SGN_CKSUM in case */ + memset (p, 0, 28); + + memcpy (p + 8, cksum.checksum.data, cksum.checksum.length); + free_Checksum (&cksum); + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + /* sequence number */ + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + &seq_number); + + seq[0] = (seq_number >> 0) & 0xFF; + seq[1] = (seq_number >> 8) & 0xFF; + seq[2] = (seq_number >> 16) & 0xFF; + seq[3] = (seq_number >> 24) & 0xFF; + memset (seq + 4, + (context_handle->more_flags & LOCAL) ? 0 : 0xFF, + 4); + + + ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, + &crypto); + if (ret) { + free (output_message_buffer->value); + *minor_status = ret; + return GSS_S_FAILURE; + } + + { + DES_cblock ivec; + + memcpy (&ivec, p + 8, 8); + ret = krb5_encrypt_ivec (gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + seq, 8, &encdata, + &ivec); + } + krb5_crypto_destroy (gssapi_krb5_context, crypto); + if (ret) { + gssapi_krb5_set_error_string (); + free (output_message_buffer->value); + *minor_status = ret; + return GSS_S_FAILURE; + } + + assert (encdata.length == 8); + + memcpy (p, encdata.data, encdata.length); + krb5_data_free (&encdata); + + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, + context_handle->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + /* encrypt the data */ + p += 28; + + if(conf_req_flag) { + krb5_data tmp; + + ret = krb5_crypto_init(gssapi_krb5_context, key, + ETYPE_DES3_CBC_NONE, &crypto); + if (ret) { + gssapi_krb5_set_error_string (); + free (output_message_buffer->value); + *minor_status = ret; + return GSS_S_FAILURE; + } + ret = krb5_encrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL, + p, datalen, &tmp); + krb5_crypto_destroy(gssapi_krb5_context, crypto); + if (ret) { + gssapi_krb5_set_error_string (); + free (output_message_buffer->value); + *minor_status = ret; + return GSS_S_FAILURE; + } + assert (tmp.length == datalen); + + memcpy (p, tmp.data, datalen); + krb5_data_free(&tmp); + } + if(conf_state != NULL) + *conf_state = conf_req_flag; + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 gss_wrap + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int * conf_state, + gss_buffer_t output_message_buffer + ) +{ + krb5_keyblock *key; + OM_uint32 ret; + krb5_keytype keytype; + + ret = gss_krb5_get_subkey(context_handle, &key); + if (ret) { + gssapi_krb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); + + switch (keytype) { + case KEYTYPE_DES : + ret = wrap_des (minor_status, context_handle, conf_req_flag, + qop_req, input_message_buffer, conf_state, + output_message_buffer, key); + break; + case KEYTYPE_DES3 : + ret = wrap_des3 (minor_status, context_handle, conf_req_flag, + qop_req, input_message_buffer, conf_state, + output_message_buffer, key); + break; + case KEYTYPE_ARCFOUR: + case KEYTYPE_ARCFOUR_56: + ret = _gssapi_wrap_arcfour (minor_status, context_handle, conf_req_flag, + qop_req, input_message_buffer, conf_state, + output_message_buffer, key); + break; + default : + ret = _gssapi_wrap_cfx (minor_status, context_handle, conf_req_flag, + qop_req, input_message_buffer, conf_state, + output_message_buffer, key); + break; + } + krb5_free_keyblock (gssapi_krb5_context, key); + return ret; +} diff --git a/source4/heimdal/lib/hdb/db.c b/source4/heimdal/lib/hdb/db.c new file mode 100644 index 0000000000..d7a4cf35ee --- /dev/null +++ b/source4/heimdal/lib/hdb/db.c @@ -0,0 +1,306 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hdb_locl.h" + +RCSID("$Id: db.c,v 1.32 2005/06/23 13:34:17 lha Exp $"); + +#if HAVE_DB1 + +#if defined(HAVE_DB_185_H) +#include +#elif defined(HAVE_DB_H) +#include +#endif + +static krb5_error_code +DB_close(krb5_context context, HDB *db) +{ + DB *d = (DB*)db->hdb_db; + d->close(d); + return 0; +} + +static krb5_error_code +DB_destroy(krb5_context context, HDB *db) +{ + krb5_error_code ret; + + ret = hdb_clear_master_key (context, db); + free(db->hdb_name); + free(db); + return ret; +} + +static krb5_error_code +DB_lock(krb5_context context, HDB *db, int operation) +{ + DB *d = (DB*)db->hdb_db; + int fd = (*d->fd)(d); + if(fd < 0) + return HDB_ERR_CANT_LOCK_DB; + return hdb_lock(fd, operation); +} + +static krb5_error_code +DB_unlock(krb5_context context, HDB *db) +{ + DB *d = (DB*)db->hdb_db; + int fd = (*d->fd)(d); + if(fd < 0) + return HDB_ERR_CANT_LOCK_DB; + return hdb_unlock(fd); +} + + +static krb5_error_code +DB_seq(krb5_context context, HDB *db, + unsigned flags, hdb_entry *entry, int flag) +{ + DB *d = (DB*)db->hdb_db; + DBT key, value; + krb5_data key_data, data; + int code; + + code = db->hdb_lock(context, db, HDB_RLOCK); + if(code == -1) + return HDB_ERR_DB_INUSE; + code = d->seq(d, &key, &value, flag); + db->hdb_unlock(context, db); /* XXX check value */ + if(code == -1) + return errno; + if(code == 1) + return HDB_ERR_NOENTRY; + + key_data.data = key.data; + key_data.length = key.size; + data.data = value.data; + data.length = value.size; + if (hdb_value2entry(context, &data, entry)) + return DB_seq(context, db, flags, entry, R_NEXT); + if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { + code = hdb_unseal_keys (context, db, entry); + if (code) + hdb_free_entry (context, entry); + } + if (code == 0 && entry->principal == NULL) { + entry->principal = malloc(sizeof(*entry->principal)); + if (entry->principal == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + code = ENOMEM; + hdb_free_entry (context, entry); + } else { + hdb_key2principal(context, &key_data, entry->principal); + } + } + return code; +} + + +static krb5_error_code +DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +{ + return DB_seq(context, db, flags, entry, R_FIRST); +} + + +static krb5_error_code +DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +{ + return DB_seq(context, db, flags, entry, R_NEXT); +} + +static krb5_error_code +DB_rename(krb5_context context, HDB *db, const char *new_name) +{ + int ret; + char *old, *new; + + asprintf(&old, "%s.db", db->hdb_name); + asprintf(&new, "%s.db", new_name); + ret = rename(old, new); + free(old); + free(new); + if(ret) + return errno; + + free(db->hdb_name); + db->hdb_name = strdup(new_name); + return 0; +} + +static krb5_error_code +DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply) +{ + DB *d = (DB*)db->hdb_db; + DBT k, v; + int code; + + k.data = key.data; + k.size = key.length; + code = db->hdb_lock(context, db, HDB_RLOCK); + if(code) + return code; + code = d->get(d, &k, &v, 0); + db->hdb_unlock(context, db); + if(code < 0) + return errno; + if(code == 1) + return HDB_ERR_NOENTRY; + + krb5_data_copy(reply, v.data, v.size); + return 0; +} + +static krb5_error_code +DB__put(krb5_context context, HDB *db, int replace, + krb5_data key, krb5_data value) +{ + DB *d = (DB*)db->hdb_db; + DBT k, v; + int code; + + k.data = key.data; + k.size = key.length; + v.data = value.data; + v.size = value.length; + code = db->hdb_lock(context, db, HDB_WLOCK); + if(code) + return code; + code = d->put(d, &k, &v, replace ? 0 : R_NOOVERWRITE); + db->hdb_unlock(context, db); + if(code < 0) + return errno; + if(code == 1) + return HDB_ERR_EXISTS; + return 0; +} + +static krb5_error_code +DB__del(krb5_context context, HDB *db, krb5_data key) +{ + DB *d = (DB*)db->hdb_db; + DBT k; + krb5_error_code code; + k.data = key.data; + k.size = key.length; + code = db->hdb_lock(context, db, HDB_WLOCK); + if(code) + return code; + code = d->del(d, &k, 0); + db->hdb_unlock(context, db); + if(code == 1) + return HDB_ERR_NOENTRY; + if(code < 0) + return errno; + return 0; +} + +static krb5_error_code +DB_open(krb5_context context, HDB *db, int flags, mode_t mode) +{ + char *fn; + krb5_error_code ret; + + asprintf(&fn, "%s.db", db->hdb_name); + if (fn == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + db->hdb_db = dbopen(fn, flags, mode, DB_BTREE, NULL); + free(fn); + /* try to open without .db extension */ + if(db->hdb_db == NULL && errno == ENOENT) + db->hdb_db = dbopen(db->hdb_name, flags, mode, DB_BTREE, NULL); + if(db->hdb_db == NULL) { + ret = errno; + krb5_set_error_string(context, "dbopen (%s): %s", + db->hdb_name, strerror(ret)); + return ret; + } + if((flags & O_ACCMODE) == O_RDONLY) + ret = hdb_check_db_format(context, db); + else + ret = hdb_init_db(context, db); + if(ret == HDB_ERR_NOENTRY) { + krb5_clear_error_string(context); + return 0; + } + if (ret) { + DB_close(context, db); + krb5_set_error_string(context, "hdb_open: failed %s database %s", + (flags & O_ACCMODE) == O_RDONLY ? + "checking format of" : "initialize", + db->hdb_name); + } + return ret; +} + +krb5_error_code +hdb_db_create(krb5_context context, HDB **db, + const char *filename) +{ + *db = malloc(sizeof(**db)); + if (*db == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + (*db)->hdb_db = NULL; + (*db)->hdb_name = strdup(filename); + if ((*db)->hdb_name == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + free(*db); + *db = NULL; + return ENOMEM; + } + (*db)->hdb_master_key_set = 0; + (*db)->hdb_openp = 0; + (*db)->hdb_open = DB_open; + (*db)->hdb_close = DB_close; + (*db)->hdb_fetch = _hdb_fetch; + (*db)->hdb_store = _hdb_store; + (*db)->hdb_remove = _hdb_remove; + (*db)->hdb_firstkey = DB_firstkey; + (*db)->hdb_nextkey= DB_nextkey; + (*db)->hdb_lock = DB_lock; + (*db)->hdb_unlock = DB_unlock; + (*db)->hdb_rename = DB_rename; + (*db)->hdb__get = DB__get; + (*db)->hdb__put = DB__put; + (*db)->hdb__del = DB__del; + (*db)->hdb_destroy = DB_destroy; + return 0; +} + +#endif /* HAVE_DB1 */ diff --git a/source4/heimdal/lib/hdb/hdb-private.h b/source4/heimdal/lib/hdb/hdb-private.h new file mode 100644 index 0000000000..653df8c451 --- /dev/null +++ b/source4/heimdal/lib/hdb/hdb-private.h @@ -0,0 +1,25 @@ +/* This is a generated file */ +#ifndef __hdb_private_h__ +#define __hdb_private_h__ + +#include + +krb5_error_code +_hdb_fetch(krb5_context context, HDB *db, unsigned flags, + krb5_principal principal, + enum hdb_ent_type ent_type, + hdb_entry *entry); +krb5_error_code +_hdb_remove ( + krb5_context /*context*/, + HDB */*db*/, + hdb_entry */*entry*/); + +krb5_error_code +_hdb_store ( + krb5_context /*context*/, + HDB */*db*/, + unsigned /*flags*/, + hdb_entry */*entry*/); + +#endif /* __hdb_private_h__ */ diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h new file mode 100644 index 0000000000..886d48e5bd --- /dev/null +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -0,0 +1,247 @@ +/* This is a generated file */ +#ifndef __hdb_protos_h__ +#define __hdb_protos_h__ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +krb5_error_code +hdb_add_master_key ( + krb5_context /*context*/, + krb5_keyblock */*key*/, + hdb_master_key */*inout*/); + +krb5_error_code +hdb_check_db_format ( + krb5_context /*context*/, + HDB */*db*/); + +krb5_error_code +hdb_clear_master_key ( + krb5_context /*context*/, + HDB */*db*/); + +krb5_error_code +hdb_create ( + krb5_context /*context*/, + HDB **/*db*/, + const char */*filename*/); + +krb5_error_code +hdb_db_create ( + krb5_context /*context*/, + HDB **/*db*/, + const char */*filename*/); + +krb5_error_code +hdb_enctype2key ( + krb5_context /*context*/, + hdb_entry */*e*/, + krb5_enctype /*enctype*/, + Key **/*key*/); + +krb5_error_code +hdb_entry2string ( + krb5_context /*context*/, + hdb_entry */*ent*/, + char **/*str*/); + +int +hdb_entry2value ( + krb5_context /*context*/, + hdb_entry */*ent*/, + krb5_data */*value*/); + +krb5_error_code +hdb_foreach ( + krb5_context /*context*/, + HDB */*db*/, + unsigned /*flags*/, + hdb_foreach_func_t /*func*/, + void */*data*/); + +void +hdb_free_entry ( + krb5_context /*context*/, + hdb_entry */*ent*/); + +void +hdb_free_key (Key */*key*/); + +void +hdb_free_keys ( + krb5_context /*context*/, + int /*len*/, + Key */*keys*/); + +void +hdb_free_master_key ( + krb5_context /*context*/, + hdb_master_key /*mkey*/); + +krb5_error_code +hdb_generate_key_set ( + krb5_context /*context*/, + krb5_principal /*principal*/, + Key **/*ret_key_set*/, + size_t */*nkeyset*/, + int /*no_salt*/); + +krb5_error_code +hdb_generate_key_set_password ( + krb5_context /*context*/, + krb5_principal /*principal*/, + const char */*password*/, + Key **/*keys*/, + size_t */*num_keys*/); + +krb5_error_code +hdb_init_db ( + krb5_context /*context*/, + HDB */*db*/); + +int +hdb_key2principal ( + krb5_context /*context*/, + krb5_data */*key*/, + krb5_principal /*p*/); + +krb5_error_code +hdb_ldap_create ( + krb5_context /*context*/, + HDB ** /*db*/, + const char */*arg*/); + +krb5_error_code +hdb_list_builtin ( + krb5_context /*context*/, + char **/*list*/); + +krb5_error_code +hdb_lock ( + int /*fd*/, + int /*operation*/); + +krb5_error_code +hdb_ndbm_create ( + krb5_context /*context*/, + HDB **/*db*/, + const char */*filename*/); + +krb5_error_code +hdb_next_enctype2key ( + krb5_context /*context*/, + const hdb_entry */*e*/, + krb5_enctype /*enctype*/, + Key **/*key*/); + +int +hdb_principal2key ( + krb5_context /*context*/, + krb5_principal /*p*/, + krb5_data */*key*/); + +krb5_error_code +hdb_print_entry ( + krb5_context /*context*/, + HDB */*db*/, + hdb_entry */*entry*/, + void */*data*/); + +krb5_error_code +hdb_process_master_key ( + krb5_context /*context*/, + int /*kvno*/, + krb5_keyblock */*key*/, + krb5_enctype /*etype*/, + hdb_master_key */*mkey*/); + +krb5_error_code +hdb_read_master_key ( + krb5_context /*context*/, + const char */*filename*/, + hdb_master_key */*mkey*/); + +krb5_error_code +hdb_seal_key ( + krb5_context /*context*/, + HDB */*db*/, + Key */*k*/); + +krb5_error_code +hdb_seal_key_mkey ( + krb5_context /*context*/, + Key */*k*/, + hdb_master_key /*mkey*/); + +krb5_error_code +hdb_seal_keys ( + krb5_context /*context*/, + HDB */*db*/, + hdb_entry */*ent*/); + +krb5_error_code +hdb_seal_keys_mkey ( + krb5_context /*context*/, + hdb_entry */*ent*/, + hdb_master_key /*mkey*/); + +krb5_error_code +hdb_set_master_key ( + krb5_context /*context*/, + HDB */*db*/, + krb5_keyblock */*key*/); + +krb5_error_code +hdb_set_master_keyfile ( + krb5_context /*context*/, + HDB */*db*/, + const char */*keyfile*/); + +krb5_error_code +hdb_unlock (int /*fd*/); + +krb5_error_code +hdb_unseal_key ( + krb5_context /*context*/, + HDB */*db*/, + Key */*k*/); + +krb5_error_code +hdb_unseal_key_mkey ( + krb5_context /*context*/, + Key */*k*/, + hdb_master_key /*mkey*/); + +krb5_error_code +hdb_unseal_keys ( + krb5_context /*context*/, + HDB */*db*/, + hdb_entry */*ent*/); + +krb5_error_code +hdb_unseal_keys_mkey ( + krb5_context /*context*/, + hdb_entry */*ent*/, + hdb_master_key /*mkey*/); + +int +hdb_value2entry ( + krb5_context /*context*/, + krb5_data */*value*/, + hdb_entry */*ent*/); + +krb5_error_code +hdb_write_master_key ( + krb5_context /*context*/, + const char */*filename*/, + hdb_master_key /*mkey*/); + +#ifdef __cplusplus +} +#endif + +#endif /* __hdb_protos_h__ */ diff --git a/source4/heimdal/lib/hdb/hdb.asn1 b/source4/heimdal/lib/hdb/hdb.asn1 new file mode 100644 index 0000000000..770acf4dce --- /dev/null +++ b/source4/heimdal/lib/hdb/hdb.asn1 @@ -0,0 +1,70 @@ +-- $Id: hdb.asn1,v 1.12 2004/11/10 18:50:27 lha Exp $ +HDB DEFINITIONS ::= +BEGIN + +IMPORTS EncryptionKey, KerberosTime, Principal FROM krb5; + +HDB_DB_FORMAT INTEGER ::= 2 -- format of database, + -- update when making changes + +-- these must have the same value as the pa-* counterparts +hdb-pw-salt INTEGER ::= 3 +hdb-afs3-salt INTEGER ::= 10 + +Salt ::= SEQUENCE { + type[0] INTEGER (0..4294967295), + salt[1] OCTET STRING +} + +Key ::= SEQUENCE { + mkvno[0] INTEGER (0..4294967295) OPTIONAL, -- master key version number + key[1] EncryptionKey, + salt[2] Salt OPTIONAL +} + +Event ::= SEQUENCE { + time[0] KerberosTime, + principal[1] Principal OPTIONAL +} + +HDBFlags ::= BIT STRING { + initial(0), -- require as-req + forwardable(1), -- may issue forwardable + proxiable(2), -- may issue proxiable + renewable(3), -- may issue renewable + postdate(4), -- may issue postdatable + server(5), -- may be server + client(6), -- may be client + invalid(7), -- entry is invalid + require-preauth(8), -- must use preauth + change-pw(9), -- change password service + require-hwauth(10), -- must use hwauth + ok-as-delegate(11), -- as in TicketFlags + user-to-user(12), -- may use user-to-user auth + immutable(13) -- may not be deleted +} + +GENERATION ::= SEQUENCE { + time[0] KerberosTime, -- timestamp + usec[1] INTEGER (0..4294967295), -- microseconds + gen[2] INTEGER (0..4294967295) -- generation number +} + +hdb_entry ::= SEQUENCE { + principal[0] Principal OPTIONAL, -- this is optional only + -- for compatibility with libkrb5 + kvno[1] INTEGER (0..4294967295), + keys[2] SEQUENCE OF Key, + created-by[3] Event, + modified-by[4] Event OPTIONAL, + valid-start[5] KerberosTime OPTIONAL, + valid-end[6] KerberosTime OPTIONAL, + pw-end[7] KerberosTime OPTIONAL, + max-life[8] INTEGER (0..4294967295) OPTIONAL, + max-renew[9] INTEGER (0..4294967295) OPTIONAL, + flags[10] HDBFlags, + etypes[11] SEQUENCE OF INTEGER (0..4294967295) OPTIONAL, + generation[12] GENERATION OPTIONAL +} + +END diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c new file mode 100644 index 0000000000..53c952927f --- /dev/null +++ b/source4/heimdal/lib/hdb/hdb.c @@ -0,0 +1,373 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hdb_locl.h" + +RCSID("$Id: hdb.c,v 1.54 2005/05/29 18:12:28 lha Exp $"); + +#ifdef HAVE_DLFCN_H +#include +#endif + +struct hdb_method { + const char *prefix; + krb5_error_code (*create)(krb5_context, HDB **, const char *filename); +}; + +static struct hdb_method methods[] = { +#if HAVE_DB1 || HAVE_DB3 + {"db:", hdb_db_create}, +#endif +#if HAVE_NDBM + {"ndbm:", hdb_ndbm_create}, +#endif +#if defined(OPENLDAP) && !defined(OPENLDAP_MODULE) + {"ldap:", hdb_ldap_create}, +#endif +#if HAVE_DB1 || HAVE_DB3 + {"", hdb_db_create}, +#elif defined(HAVE_NDBM) + {"", hdb_ndbm_create}, +#elif defined(OPENLDAP) && !defined(OPENLDAP_MODULE) + {"", hdb_ldap_create}, +#endif + {NULL, NULL} +}; + +krb5_error_code +hdb_next_enctype2key(krb5_context context, + const hdb_entry *e, + krb5_enctype enctype, + Key **key) +{ + Key *k; + + for (k = *key ? (*key) + 1 : e->keys.val; + k < e->keys.val + e->keys.len; + k++) + if(k->key.keytype == enctype){ + *key = k; + return 0; + } + return KRB5_PROG_ETYPE_NOSUPP; /* XXX */ +} + +krb5_error_code +hdb_enctype2key(krb5_context context, + hdb_entry *e, + krb5_enctype enctype, + Key **key) +{ + *key = NULL; + return hdb_next_enctype2key(context, e, enctype, key); +} + +void +hdb_free_key(Key *key) +{ + memset(key->key.keyvalue.data, + 0, + key->key.keyvalue.length); + free_Key(key); + free(key); +} + + +krb5_error_code +hdb_lock(int fd, int operation) +{ + int i, code = 0; + + for(i = 0; i < 3; i++){ + code = flock(fd, (operation == HDB_RLOCK ? LOCK_SH : LOCK_EX) | LOCK_NB); + if(code == 0 || errno != EWOULDBLOCK) + break; + sleep(1); + } + if(code == 0) + return 0; + if(errno == EWOULDBLOCK) + return HDB_ERR_DB_INUSE; + return HDB_ERR_CANT_LOCK_DB; +} + +krb5_error_code +hdb_unlock(int fd) +{ + int code; + code = flock(fd, LOCK_UN); + if(code) + return 4711 /* XXX */; + return 0; +} + +void +hdb_free_entry(krb5_context context, hdb_entry *ent) +{ + int i; + + for(i = 0; i < ent->keys.len; ++i) { + Key *k = &ent->keys.val[i]; + + memset (k->key.keyvalue.data, 0, k->key.keyvalue.length); + } + free_hdb_entry(ent); +} + +krb5_error_code +hdb_foreach(krb5_context context, + HDB *db, + unsigned flags, + hdb_foreach_func_t func, + void *data) +{ + krb5_error_code ret; + hdb_entry entry; + ret = db->hdb_firstkey(context, db, flags, &entry); + while(ret == 0){ + ret = (*func)(context, db, &entry, data); + hdb_free_entry(context, &entry); + if(ret == 0) + ret = db->hdb_nextkey(context, db, flags, &entry); + } + if(ret == HDB_ERR_NOENTRY) + ret = 0; + return ret; +} + +krb5_error_code +hdb_check_db_format(krb5_context context, HDB *db) +{ + krb5_data tag; + krb5_data version; + krb5_error_code ret; + unsigned ver; + int foo; + + tag.data = HDB_DB_FORMAT_ENTRY; + tag.length = strlen(tag.data); + ret = (*db->hdb__get)(context, db, tag, &version); + if(ret) + return ret; + foo = sscanf(version.data, "%u", &ver); + krb5_data_free (&version); + if (foo != 1) + return HDB_ERR_BADVERSION; + if(ver != HDB_DB_FORMAT) + return HDB_ERR_BADVERSION; + return 0; +} + +krb5_error_code +hdb_init_db(krb5_context context, HDB *db) +{ + krb5_error_code ret; + krb5_data tag; + krb5_data version; + char ver[32]; + + ret = hdb_check_db_format(context, db); + if(ret != HDB_ERR_NOENTRY) + return ret; + + tag.data = HDB_DB_FORMAT_ENTRY; + tag.length = strlen(tag.data); + snprintf(ver, sizeof(ver), "%u", HDB_DB_FORMAT); + version.data = ver; + version.length = strlen(version.data) + 1; /* zero terminated */ + ret = (*db->hdb__put)(context, db, 0, tag, version); + return ret; +} + +#ifdef HAVE_DLOPEN + + /* + * Load a dynamic backend from /usr/heimdal/lib/hdb_NAME.so, + * looking for the hdb_NAME_create symbol. + */ + +static const struct hdb_method * +find_dynamic_method (krb5_context context, + const char *filename, + const char **rest) +{ + static struct hdb_method method; + struct hdb_so_method *mso; + char *prefix, *path, *symbol; + const char *p; + void *dl; + size_t len; + + p = strchr(filename, ':'); + + /* if no prefix, don't know what module to load, just ignore it */ + if (p == NULL) + return NULL; + + len = p - filename; + *rest = filename + len + 1; + + prefix = strndup(filename, len); + if (prefix == NULL) + krb5_errx(context, 1, "out of memory"); + + if (asprintf(&path, LIBDIR "/hdb_%s.so", prefix) == -1) + krb5_errx(context, 1, "out of memory"); + +#ifndef RTLD_NOW +#define RTLD_NOW 0 +#endif +#ifndef RTLD_GLOBAL +#define RTLD_GLOBAL 0 +#endif + + dl = dlopen(path, RTLD_NOW | RTLD_GLOBAL); + if (dl == NULL) { + krb5_warnx(context, "error trying to load dynamic module %s: %s\n", + path, dlerror()); + free(prefix); + free(path); + return NULL; + } + + if (asprintf(&symbol, "hdb_%s_interface", prefix) == -1) + krb5_errx(context, 1, "out of memory"); + + mso = dlsym(dl, symbol); + if (mso == NULL) { + krb5_warnx(context, "error finding symbol %s in %s: %s\n", + symbol, path, dlerror()); + dlclose(dl); + free(symbol); + free(prefix); + free(path); + return NULL; + } + free(path); + free(symbol); + + if (mso->version != HDB_INTERFACE_VERSION) { + krb5_warnx(context, + "error wrong version in shared module %s " + "version: %d should have been %d\n", + prefix, mso->version, HDB_INTERFACE_VERSION); + dlclose(dl); + free(prefix); + return NULL; + } + + if (mso->create == NULL) { + krb5_errx(context, 1, + "no entry point function in shared mod %s ", + prefix); + dlclose(dl); + free(prefix); + return NULL; + } + + method.create = mso->create; + method.prefix = prefix; + + return &method; +} +#endif /* HAVE_DLOPEN */ + +/* + * find the relevant method for `filename', returning a pointer to the + * rest in `rest'. + * return NULL if there's no such method. + */ + +static const struct hdb_method * +find_method (const char *filename, const char **rest) +{ + const struct hdb_method *h; + + for (h = methods; h->prefix != NULL; ++h) + if (strncmp (filename, h->prefix, strlen(h->prefix)) == 0) { + *rest = filename + strlen(h->prefix); + return h; + } + return NULL; +} + +krb5_error_code +hdb_list_builtin(krb5_context context, char **list) +{ + const struct hdb_method *h; + size_t len = 0; + char *buf = NULL; + + for (h = methods; h->prefix != NULL; ++h) { + if (h->prefix[0] == '\0') + continue; + len += strlen(h->prefix) + 2; + } + + len += 1; + buf = malloc(len); + if (buf == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + buf[0] = '\0'; + + for (h = methods; h->prefix != NULL; ++h) { + if (h->prefix[0] == '\0') + continue; + if (h != methods) + strlcat(buf, ", ", len); + strlcat(buf, h->prefix, len); + } + *list = buf; + return 0; +} + +krb5_error_code +hdb_create(krb5_context context, HDB **db, const char *filename) +{ + const struct hdb_method *h; + const char *residual; + + if(filename == NULL) + filename = HDB_DEFAULT_DB; + krb5_add_et_list(context, initialize_hdb_error_table_r); + h = find_method (filename, &residual); +#ifdef HAVE_DLOPEN + if (h == NULL) + h = find_dynamic_method (context, filename, &residual); +#endif + if (h == NULL) + krb5_errx(context, 1, "No database support! (hdb_create)"); + return (*h->create)(context, db, residual); +} diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h new file mode 100644 index 0000000000..481d4ea93d --- /dev/null +++ b/source4/heimdal/lib/hdb/hdb.h @@ -0,0 +1,102 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: hdb.h,v 1.33 2003/09/19 00:19:36 lha Exp $ */ + +#ifndef __HDB_H__ +#define __HDB_H__ + +#include + +#include + +enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK }; + +/* flags for various functions */ +#define HDB_F_DECRYPT 1 /* decrypt keys */ +#define HDB_F_REPLACE 2 /* replace entry */ + +/* key usage for master key */ +#define HDB_KU_MKEY 0x484442 + +enum hdb_ent_type{ HDB_ENT_TYPE_CLIENT, HDB_ENT_TYPE_SERVER, HDB_ENT_TYPE_ANY }; + +typedef struct hdb_master_key_data *hdb_master_key; + +typedef struct HDB{ + void *hdb_db; + void *hdb_dbc; + char *hdb_name; + int hdb_master_key_set; + hdb_master_key hdb_master_key; + void *hdb_openp; + + krb5_error_code (*hdb_open)(krb5_context, struct HDB*, int, mode_t); + krb5_error_code (*hdb_close)(krb5_context, struct HDB*); + krb5_error_code (*hdb_fetch)(krb5_context,struct HDB*,unsigned hdb_flags, krb5_const_principal principal, + enum hdb_ent_type ent_type, hdb_entry*); + krb5_error_code (*hdb_store)(krb5_context,struct HDB*,unsigned,hdb_entry*); + krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry*); + krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*, + unsigned, hdb_entry*); + krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*, + unsigned, hdb_entry*); + krb5_error_code (*hdb_lock)(krb5_context, struct HDB*, int operation); + krb5_error_code (*hdb_unlock)(krb5_context, struct HDB*); + krb5_error_code (*hdb_rename)(krb5_context, struct HDB*, const char*); + krb5_error_code (*hdb__get)(krb5_context,struct HDB*,krb5_data,krb5_data*); + krb5_error_code (*hdb__put)(krb5_context, struct HDB*, int, + krb5_data, krb5_data); + krb5_error_code (*hdb__del)(krb5_context, struct HDB*, krb5_data); + krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*); +}HDB; + +#define HDB_INTERFACE_VERSION 1 + +struct hdb_so_method { + int version; + const char *prefix; + krb5_error_code (*create)(krb5_context, HDB **, const char *filename); +}; + +#define HDB_DB_DIR "/var/heimdal" +#define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal" +#define HDB_DB_FORMAT_ENTRY "hdb/db-format" + +typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*, + hdb_entry*, void*); +extern krb5_kt_ops hdb_kt_ops; + +#include + +#endif /* __HDB_H__ */ diff --git a/source4/heimdal/lib/hdb/hdb_err.et b/source4/heimdal/lib/hdb/hdb_err.et new file mode 100644 index 0000000000..9929a56311 --- /dev/null +++ b/source4/heimdal/lib/hdb/hdb_err.et @@ -0,0 +1,27 @@ +# +# Error messages for the hdb library +# +# This might look like a com_err file, but is not +# +id "$Id: hdb_err.et,v 1.5 2001/01/28 23:05:52 assar Exp $" + +error_table hdb + +prefix HDB_ERR + +index 1 +#error_code INUSE, "Entry already exists in database" +error_code UK_SERROR, "Database store error" +error_code UK_RERROR, "Database read error" +error_code NOENTRY, "No such entry in the database" +error_code DB_INUSE, "Database is locked or in use--try again later" +error_code DB_CHANGED, "Database was modified during read" +error_code RECURSIVELOCK, "Attempt to lock database twice" +error_code NOTLOCKED, "Attempt to unlock database when not locked" +error_code BADLOCKMODE, "Invalid kdb lock mode" +error_code CANT_LOCK_DB, "Insufficient access to lock database" +error_code EXISTS, "Entry already exists in database" +error_code BADVERSION, "Wrong database version" +error_code NO_MKEY, "No correct master key" + +end diff --git a/source4/heimdal/lib/hdb/hdb_locl.h b/source4/heimdal/lib/hdb/hdb_locl.h new file mode 100644 index 0000000000..0d07164bd1 --- /dev/null +++ b/source4/heimdal/lib/hdb/hdb_locl.h @@ -0,0 +1,67 @@ +/* + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: hdb_locl.h,v 1.19 2003/09/10 21:54:58 lha Exp $ */ + +#ifndef __HDB_LOCL_H__ +#define __HDB_LOCL_H__ + +#include + +#include +#include +#include +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#ifdef HAVE_SYS_FILE_H +#include +#endif +#ifdef HAVE_LIMITS_H +#include +#endif +#include + +#include "crypto-headers.h" +#include +#include +#include + +#endif /* __HDB_LOCL_H__ */ diff --git a/source4/heimdal/lib/hdb/keys.c b/source4/heimdal/lib/hdb/keys.c new file mode 100644 index 0000000000..c5a2efd758 --- /dev/null +++ b/source4/heimdal/lib/hdb/keys.c @@ -0,0 +1,393 @@ +/* + * Copyright (c) 1997 - 2001, 2003 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hdb_locl.h" + +RCSID("$Id: keys.c,v 1.3 2005/03/17 00:42:05 lha Exp $"); + +/* + * free all the memory used by (len, keys) + */ + +void +hdb_free_keys (krb5_context context, int len, Key *keys) +{ + int i; + + for (i = 0; i < len; i++) { + free(keys[i].mkvno); + keys[i].mkvno = NULL; + if (keys[i].salt != NULL) { + free_Salt(keys[i].salt); + free(keys[i].salt); + keys[i].salt = NULL; + } + krb5_free_keyblock_contents(context, &keys[i].key); + } + free (keys); +} + +/* + * for each entry in `default_keys' try to parse it as a sequence + * of etype:salttype:salt, syntax of this if something like: + * [(des|des3|etype):](pw-salt|afs3)[:string], if etype is omitted it + * means all etypes, and if string is omitted is means the default + * string (for that principal). Additional special values: + * v5 == pw-salt, and + * v4 == des:pw-salt: + * afs or afs3 == des:afs3-salt + */ + +/* the 3 DES types must be first */ +static const krb5_enctype all_etypes[] = { + ETYPE_DES_CBC_MD5, + ETYPE_DES_CBC_MD4, + ETYPE_DES_CBC_CRC, + ETYPE_AES256_CTS_HMAC_SHA1_96, + ETYPE_ARCFOUR_HMAC_MD5, + ETYPE_DES3_CBC_SHA1 +}; + +static krb5_error_code +parse_key_set(krb5_context context, const char *key, + krb5_enctype **ret_enctypes, size_t *ret_num_enctypes, + krb5_salt *salt, krb5_principal principal) +{ + const char *p; + char buf[3][256]; + int num_buf = 0; + int i, num_enctypes = 0; + krb5_enctype e; + const krb5_enctype *enctypes = NULL; + krb5_error_code ret; + + p = key; + + *ret_enctypes = NULL; + *ret_num_enctypes = 0; + + /* split p in a list of :-separated strings */ + for(num_buf = 0; num_buf < 3; num_buf++) + if(strsep_copy(&p, ":", buf[num_buf], sizeof(buf[num_buf])) == -1) + break; + + salt->saltvalue.data = NULL; + salt->saltvalue.length = 0; + + for(i = 0; i < num_buf; i++) { + if(enctypes == NULL) { + /* this might be a etype specifier */ + /* XXX there should be a string_to_etypes handling + special cases like `des' and `all' */ + if(strcmp(buf[i], "des") == 0) { + enctypes = all_etypes; + num_enctypes = 3; + continue; + } else if(strcmp(buf[i], "des3") == 0) { + e = ETYPE_DES3_CBC_SHA1; + enctypes = &e; + num_enctypes = 1; + continue; + } else { + ret = krb5_string_to_enctype(context, buf[i], &e); + if (ret == 0) { + enctypes = &e; + num_enctypes = 1; + continue; + } + } + } + + if(salt->salttype == 0) { + /* interpret string as a salt specifier, if no etype + is set, this sets default values */ + /* XXX should perhaps use string_to_salttype, but that + interface sucks */ + if(strcmp(buf[i], "pw-salt") == 0) { + if(enctypes == NULL) { + enctypes = all_etypes; + num_enctypes = sizeof(all_etypes)/sizeof(all_etypes[0]); + } + salt->salttype = KRB5_PW_SALT; + } else if(strcmp(buf[i], "afs3-salt") == 0) { + if(enctypes == NULL) { + enctypes = all_etypes; + num_enctypes = 3; + } + salt->salttype = KRB5_AFS3_SALT; + } + } else { + /* if there is a final string, use it as the string to + salt with, this is mostly useful with null salt for + v4 compat, and a cell name for afs compat */ + salt->saltvalue.data = strdup(buf[i]); + if (salt->saltvalue.data == NULL) { + krb5_set_error_string(context, "malloc out of memory"); + return ENOMEM; + } + salt->saltvalue.length = strlen(buf[i]); + } + } + + if(enctypes == NULL || salt->salttype == 0) { + krb5_set_error_string(context, "bad value for default_keys `%s'", key); + return EINVAL; + } + + /* if no salt was specified make up default salt */ + if(salt->saltvalue.data == NULL) { + if(salt->salttype == KRB5_PW_SALT) + ret = krb5_get_pw_salt(context, principal, salt); + else if(salt->salttype == KRB5_AFS3_SALT) { + krb5_realm *realm = krb5_princ_realm(context, principal); + salt->saltvalue.data = strdup(*realm); + if(salt->saltvalue.data == NULL) { + krb5_set_error_string(context, "out of memory while " + "parsing salt specifiers"); + return ENOMEM; + } + strlwr(salt->saltvalue.data); + salt->saltvalue.length = strlen(*realm); + } + } + + *ret_enctypes = malloc(sizeof(enctypes[0]) * num_enctypes); + if (*ret_enctypes == NULL) { + krb5_free_salt(context, *salt); + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + memcpy(*ret_enctypes, enctypes, sizeof(enctypes[0]) * num_enctypes); + *ret_num_enctypes = num_enctypes; + + return 0; +} + +static krb5_error_code +add_enctype_to_key_set(Key **key_set, size_t *nkeyset, + krb5_enctype enctype, krb5_salt *salt) +{ + krb5_error_code ret; + Key key, *tmp; + + memset(&key, 0, sizeof(key)); + + tmp = realloc(*key_set, (*nkeyset + 1) * sizeof((*key_set)[0])); + if (tmp == NULL) + return ENOMEM; + + *key_set = tmp; + + key.key.keytype = enctype; + key.key.keyvalue.length = 0; + key.key.keyvalue.data = NULL; + + if (salt) { + key.salt = malloc(sizeof(*key.salt)); + if (key.salt == NULL) { + free_Key(&key); + return ENOMEM; + } + + key.salt->type = salt->salttype; + krb5_data_zero (&key.salt->salt); + + ret = krb5_data_copy(&key.salt->salt, + salt->saltvalue.data, + salt->saltvalue.length); + if (ret) { + free_Key(&key); + return ret; + } + } else + key.salt = NULL; + + (*key_set)[*nkeyset] = key; + + *nkeyset += 1; + + return 0; +} + + +/* + * Generate the `key_set' from the [kadmin]default_keys statement. If + * `no_salt' is set, salt is not important (and will not be set) since + * its random keys that is going to be created. + */ + +krb5_error_code +hdb_generate_key_set(krb5_context context, krb5_principal principal, + Key **ret_key_set, size_t *nkeyset, int no_salt) +{ + char **ktypes, **kp; + krb5_error_code ret; + Key *k, *key_set; + int i, j; + char *default_keytypes[] = { + "des:pw-salt", + "aes256-cts-hmac-sha1-96:pw-salt", + "des3-cbc-sha1:pw-salt", + "arcfour-hmac-md5:pw-salt", + NULL + }; + + ktypes = krb5_config_get_strings(context, NULL, "kadmin", + "default_keys", NULL); + if (ktypes == NULL) + ktypes = default_keytypes; + + if (ktypes == NULL) + abort(); + + *ret_key_set = key_set = NULL; + *nkeyset = 0; + + ret = 0; + + for(kp = ktypes; kp && *kp; kp++) { + const char *p; + krb5_salt salt; + krb5_enctype *enctypes; + size_t num_enctypes; + + p = *kp; + /* check alias */ + if(strcmp(p, "v5") == 0) + p = "pw-salt"; + else if(strcmp(p, "v4") == 0) + p = "des:pw-salt:"; + else if(strcmp(p, "afs") == 0 || strcmp(p, "afs3") == 0) + p = "des:afs3-salt"; + else if (strcmp(p, "arcfour-hmac-md5") == 0) + p = "arcfour-hmac-md5:pw-salt"; + + memset(&salt, 0, sizeof(salt)); + + ret = parse_key_set(context, p, + &enctypes, &num_enctypes, &salt, principal); + if (ret) { + krb5_warnx(context, "bad value for default_keys `%s'", *kp); + continue; + } + + for (i = 0; i < num_enctypes; i++) { + /* find duplicates */ + for (j = 0; j < *nkeyset; j++) { + + k = &key_set[j]; + + if (k->key.keytype == enctypes[i]) { + if (no_salt) + break; + if (k->salt == NULL && salt.salttype == KRB5_PW_SALT) + break; + if (k->salt->type == salt.salttype && + k->salt->salt.length == salt.saltvalue.length && + memcmp(k->salt->salt.data, salt.saltvalue.data, + salt.saltvalue.length) == 0) + break; + } + } + /* not a duplicate, lets add it */ + if (j == *nkeyset) { + ret = add_enctype_to_key_set(&key_set, nkeyset, enctypes[i], + no_salt ? NULL : &salt); + if (ret) { + free(enctypes); + krb5_free_salt(context, salt); + goto out; + } + } + } + free(enctypes); + krb5_free_salt(context, salt); + } + + out: + if (ret) { + krb5_warn(context, ret, + "failed to parse the [kadmin]default_keys values"); + + for (i = 0; i < *nkeyset; i++) + free_Key(&key_set[i]); + free(key_set); + } else if (*nkeyset == 0) { + krb5_warnx(context, + "failed to parse any of the [kadmin]default_keys values"); + ret = EINVAL; /* XXX */ + } + + *ret_key_set = key_set; + + return ret; +} + + +krb5_error_code +hdb_generate_key_set_password(krb5_context context, + krb5_principal principal, + const char *password, + Key **keys, size_t *num_keys) +{ + krb5_error_code ret; + int i; + + ret = hdb_generate_key_set(context, principal, + keys, num_keys, 0); + if (ret) + return ret; + + for (i = 0; i < (*num_keys); i++) { + krb5_salt salt; + + salt.salttype = (*keys)[i].salt->type; + salt.saltvalue.length = (*keys)[i].salt->salt.length; + salt.saltvalue.data = (*keys)[i].salt->salt.data; + + ret = krb5_string_to_key_salt (context, + (*keys)[i].key.keytype, + password, + salt, + &(*keys)[i].key); + + if(ret) + break; + } + + if(ret) { + hdb_free_keys (context, *num_keys, *keys); + return ret; + } + return ret; +} diff --git a/source4/heimdal/lib/hdb/ndbm.c b/source4/heimdal/lib/hdb/ndbm.c new file mode 100644 index 0000000000..588ff80728 --- /dev/null +++ b/source4/heimdal/lib/hdb/ndbm.c @@ -0,0 +1,369 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hdb_locl.h" + +RCSID("$Id: ndbm.c,v 1.35 2005/06/23 13:37:57 lha Exp $"); + +#if HAVE_NDBM + +#if defined(HAVE_GDBM_NDBM_H) +#include +#elif defined(HAVE_NDBM_H) +#include +#elif defined(HAVE_DBM_H) +#include +#endif + +struct ndbm_db { + DBM *db; + int lock_fd; +}; + +static krb5_error_code +NDBM_destroy(krb5_context context, HDB *db) +{ + krb5_error_code ret; + + ret = hdb_clear_master_key (context, db); + free(db->hdb_name); + free(db); + return 0; +} + +static krb5_error_code +NDBM_lock(krb5_context context, HDB *db, int operation) +{ + struct ndbm_db *d = db->hdb_db; + return hdb_lock(d->lock_fd, operation); +} + +static krb5_error_code +NDBM_unlock(krb5_context context, HDB *db) +{ + struct ndbm_db *d = db->hdb_db; + return hdb_unlock(d->lock_fd); +} + +static krb5_error_code +NDBM_seq(krb5_context context, HDB *db, + unsigned flags, hdb_entry *entry, int first) + +{ + struct ndbm_db *d = (struct ndbm_db *)db->hdb_db; + datum key, value; + krb5_data key_data, data; + krb5_error_code ret = 0; + + if(first) + key = dbm_firstkey(d->db); + else + key = dbm_nextkey(d->db); + if(key.dptr == NULL) + return HDB_ERR_NOENTRY; + key_data.data = key.dptr; + key_data.length = key.dsize; + ret = db->hdb_lock(context, db, HDB_RLOCK); + if(ret) return ret; + value = dbm_fetch(d->db, key); + db->hdb_unlock(context, db); + data.data = value.dptr; + data.length = value.dsize; + if(hdb_value2entry(context, &data, entry)) + return NDBM_seq(context, db, flags, entry, 0); + if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { + ret = hdb_unseal_keys (context, db, entry); + if (ret) + hdb_free_entry (context, entry); + } + if (entry->principal == NULL) { + entry->principal = malloc (sizeof(*entry->principal)); + if (entry->principal == NULL) { + ret = ENOMEM; + hdb_free_entry (context, entry); + krb5_set_error_string(context, "malloc: out of memory"); + } else { + hdb_key2principal (context, &key_data, entry->principal); + } + } + return ret; +} + + +static krb5_error_code +NDBM_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +{ + return NDBM_seq(context, db, flags, entry, 1); +} + + +static krb5_error_code +NDBM_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +{ + return NDBM_seq(context, db, flags, entry, 0); +} + +static krb5_error_code +NDBM_rename(krb5_context context, HDB *db, const char *new_name) +{ + /* XXX this function will break */ + struct ndbm_db *d = db->hdb_db; + + int ret; + char *old_dir, *old_pag, *new_dir, *new_pag; + char *new_lock; + int lock_fd; + + /* lock old and new databases */ + ret = db->hdb_lock(context, db, HDB_WLOCK); + if(ret) + return ret; + asprintf(&new_lock, "%s.lock", new_name); + if(new_lock == NULL) { + db->hdb_unlock(context, db); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + lock_fd = open(new_lock, O_RDWR | O_CREAT, 0600); + if(lock_fd < 0) { + ret = errno; + db->hdb_unlock(context, db); + krb5_set_error_string(context, "open(%s): %s", new_lock, + strerror(ret)); + free(new_lock); + return ret; + } + free(new_lock); + ret = hdb_lock(lock_fd, HDB_WLOCK); + if(ret) { + db->hdb_unlock(context, db); + close(lock_fd); + return ret; + } + + asprintf(&old_dir, "%s.dir", db->hdb_name); + asprintf(&old_pag, "%s.pag", db->hdb_name); + asprintf(&new_dir, "%s.dir", new_name); + asprintf(&new_pag, "%s.pag", new_name); + + ret = rename(old_dir, new_dir) || rename(old_pag, new_pag); + free(old_dir); + free(old_pag); + free(new_dir); + free(new_pag); + hdb_unlock(lock_fd); + db->hdb_unlock(context, db); + + if(ret) { + ret = errno; + close(lock_fd); + krb5_set_error_string(context, "rename: %s", strerror(ret)); + return ret; + } + + close(d->lock_fd); + d->lock_fd = lock_fd; + + free(db->hdb_name); + db->hdb_name = strdup(new_name); + return 0; +} + +static krb5_error_code +NDBM__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply) +{ + struct ndbm_db *d = (struct ndbm_db *)db->hdb_db; + datum k, v; + int code; + + k.dptr = key.data; + k.dsize = key.length; + code = db->hdb_lock(context, db, HDB_RLOCK); + if(code) + return code; + v = dbm_fetch(d->db, k); + db->hdb_unlock(context, db); + if(v.dptr == NULL) + return HDB_ERR_NOENTRY; + + krb5_data_copy(reply, v.dptr, v.dsize); + return 0; +} + +static krb5_error_code +NDBM__put(krb5_context context, HDB *db, int replace, + krb5_data key, krb5_data value) +{ + struct ndbm_db *d = (struct ndbm_db *)db->hdb_db; + datum k, v; + int code; + + k.dptr = key.data; + k.dsize = key.length; + v.dptr = value.data; + v.dsize = value.length; + + code = db->hdb_lock(context, db, HDB_WLOCK); + if(code) + return code; + code = dbm_store(d->db, k, v, replace ? DBM_REPLACE : DBM_INSERT); + db->hdb_unlock(context, db); + if(code == 1) + return HDB_ERR_EXISTS; + if (code < 0) + return code; + return 0; +} + +static krb5_error_code +NDBM__del(krb5_context context, HDB *db, krb5_data key) +{ + struct ndbm_db *d = (struct ndbm_db *)db->hdb_db; + datum k; + int code; + krb5_error_code ret; + + k.dptr = key.data; + k.dsize = key.length; + ret = db->hdb_lock(context, db, HDB_WLOCK); + if(ret) return ret; + code = dbm_delete(d->db, k); + db->hdb_unlock(context, db); + if(code < 0) + return errno; + return 0; +} + + +static krb5_error_code +NDBM_close(krb5_context context, HDB *db) +{ + struct ndbm_db *d = db->hdb_db; + dbm_close(d->db); + close(d->lock_fd); + free(d); + return 0; +} + +static krb5_error_code +NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode) +{ + krb5_error_code ret; + struct ndbm_db *d = malloc(sizeof(*d)); + char *lock_file; + + if(d == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + asprintf(&lock_file, "%s.lock", (char*)db->hdb_name); + if(lock_file == NULL) { + free(d); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + d->db = dbm_open((char*)db->hdb_name, flags, mode); + if(d->db == NULL){ + ret = errno; + free(d); + free(lock_file); + krb5_set_error_string(context, "dbm_open(%s): %s", db->hdb_name, + strerror(ret)); + return ret; + } + d->lock_fd = open(lock_file, O_RDWR | O_CREAT, 0600); + if(d->lock_fd < 0){ + ret = errno; + dbm_close(d->db); + free(d); + krb5_set_error_string(context, "open(%s): %s", lock_file, + strerror(ret)); + free(lock_file); + return ret; + } + free(lock_file); + db->hdb_db = d; + if((flags & O_ACCMODE) == O_RDONLY) + ret = hdb_check_db_format(context, db); + else + ret = hdb_init_db(context, db); + if(ret == HDB_ERR_NOENTRY) + return 0; + if (ret) { + NDBM_close(context, db); + krb5_set_error_string(context, "hdb_open: failed %s database %s", + (flags & O_ACCMODE) == O_RDONLY ? + "checking format of" : "initialize", + db->hdb_name); + } + return ret; +} + +krb5_error_code +hdb_ndbm_create(krb5_context context, HDB **db, + const char *filename) +{ + *db = malloc(sizeof(**db)); + if (*db == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + (*db)->hdb_db = NULL; + (*db)->hdb_name = strdup(filename); + if ((*db)->hdb_name == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + free(*db); + *db = NULL; + return ENOMEM; + } + (*db)->hdb_master_key_set = 0; + (*db)->hdb_openp = 0; + (*db)->hdb_open = NDBM_open; + (*db)->hdb_close = NDBM_close; + (*db)->hdb_fetch = _hdb_fetch; + (*db)->hdb_store = _hdb_store; + (*db)->hdb_remove = _hdb_remove; + (*db)->hdb_firstkey = NDBM_firstkey; + (*db)->hdb_nextkey= NDBM_nextkey; + (*db)->hdb_lock = NDBM_lock; + (*db)->hdb_unlock = NDBM_unlock; + (*db)->hdb_rename = NDBM_rename; + (*db)->hdb__get = NDBM__get; + (*db)->hdb__put = NDBM__put; + (*db)->hdb__del = NDBM__del; + (*db)->hdb_destroy = NDBM_destroy; + return 0; +} + +#endif /* HAVE_NDBM */ diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c new file mode 100644 index 0000000000..75f5315c71 --- /dev/null +++ b/source4/heimdal/lib/krb5/acache.c @@ -0,0 +1,781 @@ +/* + * Copyright (c) 2004 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +#include +#ifdef HAVE_DLFCN_H +#include +#endif + +RCSID("$Id: acache.c,v 1.11 2005/06/16 19:32:44 lha Exp $"); + +/* XXX should we fetch these for each open ? */ +static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; +static cc_initialize_func init_func; + +#ifdef HAVE_DLOPEN +static void *cc_handle; +#endif + +typedef struct krb5_acc { + char *cache_name; + cc_context_t context; + cc_ccache_t ccache; +} krb5_acc; + +static krb5_error_code acc_close(krb5_context, krb5_ccache); + +#define ACACHE(X) ((krb5_acc *)(X)->data.data) + +static const struct { + cc_int32 error; + krb5_error_code ret; +} cc_errors[] = { + { ccErrBadName, KRB5_CC_BADNAME }, + { ccErrCredentialsNotFound, KRB5_CC_NOTFOUND }, + { ccErrCCacheNotFound, KRB5_FCC_NOFILE }, + { ccErrContextNotFound, KRB5_CC_NOTFOUND }, + { ccIteratorEnd, KRB5_CC_END }, + { ccErrNoMem, KRB5_CC_NOMEM }, + { ccErrServerUnavailable, KRB5_CC_BADNAME }, + { ccNoError, 0 } +}; + +static krb5_error_code +translate_cc_error(krb5_context context, cc_int32 error) +{ + int i; + krb5_clear_error_string(context); + for(i = 0; i < sizeof(cc_errors)/sizeof(cc_errors[0]); i++) + if (cc_errors[i].error == error) + return cc_errors[i].ret; + return KRB5_FCC_INTERNAL; +} + +static krb5_error_code +init_ccapi(krb5_context context) +{ + const char *lib; + + HEIMDAL_MUTEX_lock(&acc_mutex); + if (init_func) { + HEIMDAL_MUTEX_unlock(&acc_mutex); + krb5_clear_error_string(context); + return 0; + } + + lib = krb5_config_get_string(context, NULL, + "libdefaults", "ccapi_library", + NULL); + if (lib == NULL) { +#ifdef __APPLE__ + lib = "/System/Library/Frameworks/Kerberos.framework/Kerberos"; +#else + lib = "/usr/lib/libkrb5_cc.so"; +#endif + } + +#ifdef HAVE_DLOPEN + cc_handle = dlopen(lib, 0); + if (cc_handle == NULL) { + HEIMDAL_MUTEX_unlock(&acc_mutex); + krb5_set_error_string(context, "Failed to load %s", lib); + return ccErrServerUnavailable; + } + + init_func = dlsym(cc_handle, "cc_initialize"); + HEIMDAL_MUTEX_unlock(&acc_mutex); + if (init_func == NULL) { + krb5_set_error_string(context, "Failed to find cc_initialize" + "in %s: %s", lib, dlerror()); + dlclose(cc_handle); + return ccErrServerUnavailable; + } + + return 0; +#else + HEIMDAL_MUTEX_unlock(&acc_mutex); + krb5_set_error_string(context, "no support for shared object"); + return ccErrServerUnavailable; +#endif +} + +static krb5_error_code +make_cred_from_ccred(krb5_context context, + const cc_credentials_v5_t *incred, + krb5_creds *cred) +{ + krb5_error_code ret; + int i; + + memset(cred, 0, sizeof(*cred)); + + ret = krb5_parse_name(context, incred->client, &cred->client); + if (ret) + goto fail; + + ret = krb5_parse_name(context, incred->server, &cred->server); + if (ret) + goto fail; + + cred->session.keytype = incred->keyblock.type; + cred->session.keyvalue.length = incred->keyblock.length; + cred->session.keyvalue.data = malloc(incred->keyblock.length); + if (cred->session.keyvalue.data == NULL) + goto nomem; + memcpy(cred->session.keyvalue.data, incred->keyblock.data, + incred->keyblock.length); + + cred->times.authtime = incred->authtime; + cred->times.starttime = incred->starttime; + cred->times.endtime = incred->endtime; + cred->times.renew_till = incred->renew_till; + + ret = krb5_data_copy(&cred->ticket, + incred->ticket.data, + incred->ticket.length); + if (ret) + goto nomem; + + ret = krb5_data_copy(&cred->second_ticket, + incred->second_ticket.data, + incred->second_ticket.length); + if (ret) + goto nomem; + + cred->authdata.val = NULL; + cred->authdata.len = 0; + + cred->addresses.val = NULL; + cred->addresses.len = 0; + + for (i = 0; incred->authdata && incred->authdata[i]; i++) + ; + + if (i) { + cred->authdata.val = malloc(sizeof(cred->authdata.val[0]) * i); + if (cred->authdata.val == NULL) + goto nomem; + cred->authdata.len = i; + memset(cred->authdata.val, 0, sizeof(cred->authdata.val[0]) * i); + for (i = 0; i < cred->authdata.len; i++) { + cred->authdata.val[i].ad_type = incred->authdata[i]->type; + ret = krb5_data_copy(&cred->authdata.val[i].ad_data, + incred->authdata[i]->data, + incred->authdata[i]->length); + if (ret) + goto nomem; + } + } + + for (i = 0; incred->addresses && incred->addresses[i]; i++) + ; + + if (i) { + cred->addresses.val = malloc(sizeof(cred->addresses.val[0]) * i); + if (cred->addresses.val == NULL) + goto nomem; + cred->addresses.len = i; + memset(cred->addresses.val, 0, sizeof(cred->addresses.val[0]) * i); + + for (i = 0; i < cred->addresses.len; i++) { + cred->addresses.val[i].addr_type = incred->addresses[i]->type; + ret = krb5_data_copy(&cred->addresses.val[i].address, + incred->addresses[i]->data, + incred->addresses[i]->length); + if (ret) + goto nomem; + } + } + + cred->flags.b = int2TicketFlags(incred->ticket_flags); /* XXX */ + return 0; + +nomem: + ret = ENOMEM; + krb5_set_error_string(context, "malloc - out of memory"); + +fail: + krb5_free_creds_contents(context, cred); + return ret; +} + +static void +free_ccred(cc_credentials_v5_t *cred) +{ + int i; + + if (cred->addresses) { + for (i = 0; cred->addresses[i] != 0; i++) { + if (cred->addresses[i]->data) + free(cred->addresses[i]->data); + free(cred->addresses[i]); + } + free(cred->addresses); + } + if (cred->server) + free(cred->server); + if (cred->client) + free(cred->client); + memset(cred, 0, sizeof(*cred)); +} + +static krb5_error_code +make_ccred_from_cred(krb5_context context, + const krb5_creds *incred, + cc_credentials_v5_t *cred) +{ + krb5_error_code ret; + int i; + + memset(cred, 0, sizeof(*cred)); + + ret = krb5_unparse_name(context, incred->client, &cred->client); + if (ret) + goto fail; + + ret = krb5_unparse_name(context, incred->server, &cred->server); + if (ret) + goto fail; + + cred->keyblock.type = incred->session.keytype; + cred->keyblock.length = incred->session.keyvalue.length; + cred->keyblock.data = incred->session.keyvalue.data; + + cred->authtime = incred->times.authtime; + cred->starttime = incred->times.starttime; + cred->endtime = incred->times.endtime; + cred->renew_till = incred->times.renew_till; + + cred->ticket.length = incred->ticket.length; + cred->ticket.data = incred->ticket.data; + + cred->second_ticket.length = incred->second_ticket.length; + cred->second_ticket.data = incred->second_ticket.data; + + /* XXX this one should also be filled in */ + cred->authdata = NULL; + + cred->addresses = calloc(incred->addresses.len + 1, + sizeof(cred->addresses[0])); + if (cred->addresses == NULL) { + + ret = ENOMEM; + goto fail; + } + + for (i = 0; i < incred->addresses.len; i++) { + cc_data *addr; + addr = malloc(sizeof(*addr)); + addr->type = incred->addresses.val[i].addr_type; + addr->length = incred->addresses.val[i].address.length; + addr->data = malloc(addr->length); + if (addr->data == NULL) { + ret = ENOMEM; + goto fail; + } + memcpy(addr->data, incred->addresses.val[i].address.data, + addr->length); + cred->addresses[i] = addr; + } + cred->addresses[i] = NULL; + + cred->ticket_flags = TicketFlags2int(incred->flags.b); /* XXX */ + return 0; + +fail: + free_ccred(cred); + + krb5_clear_error_string(context); + return ret; +} + +static char * +get_cc_name(cc_ccache_t cache) +{ + cc_string_t name; + cc_int32 error; + char *str; + + error = (*cache->func->get_name)(cache, &name); + if (error) + return NULL; + + str = strdup(name->data); + (*name->func->release)(name); + return str; +} + + +static const char* +acc_get_name(krb5_context context, + krb5_ccache id) +{ + krb5_acc *a = ACACHE(id); + static char n[255]; + char *name; + + name = get_cc_name(a->ccache); + if (name == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return NULL; + } + strlcpy(n, name, sizeof(n)); + free(name); + return n; +} + +static krb5_error_code +acc_alloc(krb5_context context, krb5_ccache *id) +{ + krb5_error_code ret; + cc_int32 error; + krb5_acc *a; + + ret = init_ccapi(context); + if (ret) + return ret; + + ret = krb5_data_alloc(&(*id)->data, sizeof(*a)); + if (ret) { + krb5_clear_error_string(context); + return ret; + } + + a = ACACHE(*id); + + error = (*init_func)(&a->context, ccapi_version_3, NULL, NULL); + if (error) { + krb5_data_free(&(*id)->data); + return translate_cc_error(context, error); + } + + a->cache_name = NULL; + + return 0; +} + +static krb5_error_code +get_default_principal(krb5_context context, char **p) +{ + krb5_error_code ret; + krb5_principal principal; + + *p = NULL; + + ret = _krb5_get_default_principal_local(context, &principal); + if (ret) + return ret; + + ret = krb5_unparse_name(context, principal, p); + krb5_free_principal(context, principal); + return ret; +} + +static krb5_error_code +acc_resolve(krb5_context context, krb5_ccache *id, const char *res) +{ + krb5_error_code ret; + cc_int32 error; + krb5_acc *a; + + ret = acc_alloc(context, id); + if (ret) + return ret; + + a = ACACHE(*id); + + if (res == NULL || res[0] == '\0') { + error = (*a->context->func->open_default_ccache)(a->context, + &a->ccache); + if (error == ccErrCCacheNotFound) { + char *p; + + ret = get_default_principal(context, &p); + if (ret == 0) { + error = (*a->context->func->create_default_ccache)(a->context, + cc_credentials_v5, + p, + &a->ccache); + free(p); + } + } + if (error == 0) + a->cache_name = get_cc_name(a->ccache); + } else { + error = (*a->context->func->open_ccache)(a->context, res, &a->ccache); + if (error == 0) + a->cache_name = strdup(res); + } + if (error != 0) { + *id = NULL; + return translate_cc_error(context, error); + } + if (a->cache_name == NULL) { + acc_close(context, *id); + *id = NULL; + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + return 0; +} + +static krb5_error_code +acc_gen_new(krb5_context context, krb5_ccache *id) +{ + krb5_error_code ret; + cc_int32 error; + krb5_acc *a; + char *p; + + ret = get_default_principal(context, &p); + + ret = acc_alloc(context, id); + if (ret) { + free(p); + return ret; + } + + a = ACACHE(*id); + + error = (*a->context->func->create_new_ccache)(a->context, + cc_credentials_v5, + p, &a->ccache); + free(p); + if (error) { + *id = NULL; + return translate_cc_error(context, error); + } + a->cache_name = get_cc_name(a->ccache); + if (a->cache_name == NULL) { + acc_close(context, *id); + *id = NULL; + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + return 0; +} + +static krb5_error_code +acc_initialize(krb5_context context, + krb5_ccache id, + krb5_principal primary_principal) +{ + cc_credentials_iterator_t iter; + krb5_acc *a = ACACHE(id); + cc_credentials_t ccred; + krb5_error_code ret; + int32_t error; + char *name; + + ret = krb5_unparse_name(context, primary_principal, &name); + if (ret) + return ret; + + if (a->ccache == NULL) { + error = (*a->context->func->create_new_ccache)(a->context, + cc_credentials_v5, + name, + &a->ccache); + } else { + + error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter); + if (error) { + free(name); + return translate_cc_error(context, error); + } + + while (1) { + error = (*iter->func->next)(iter, &ccred); + if (error) + break; + (*a->ccache->func->remove_credentials)(a->ccache, ccred); + (*ccred->func->release)(ccred); + } + (*iter->func->release)(iter); + + error = (*a->ccache->func->set_principal)(a->ccache, + cc_credentials_v5, + name); + } + + free(name); + + return translate_cc_error(context, error); +} + +static krb5_error_code +acc_close(krb5_context context, + krb5_ccache id) +{ + krb5_acc *a = ACACHE(id); + + if (a->ccache) { + (*a->ccache->func->release)(a->ccache); + a->ccache = NULL; + } + if (a->cache_name) { + free(a->cache_name); + a->cache_name = NULL; + } + (*a->context->func->release)(a->context); + a->context = NULL; + krb5_data_free(&id->data); + return 0; +} + +static krb5_error_code +acc_destroy(krb5_context context, + krb5_ccache id) +{ + krb5_acc *a = ACACHE(id); + cc_int32 error = 0; + + if (a->ccache) { + error = (*a->ccache->func->destroy)(a->ccache); + a->ccache = NULL; + } + return translate_cc_error(context, error); +} + +static krb5_error_code +acc_store_cred(krb5_context context, + krb5_ccache id, + krb5_creds *creds) +{ + krb5_acc *a = ACACHE(id); + cc_credentials_union cred; + cc_credentials_v5_t v5cred; + krb5_error_code ret; + cc_int32 error; + + cred.version = cc_credentials_v5; + cred.credentials.credentials_v5 = &v5cred; + + ret = make_ccred_from_cred(context, + creds, + &v5cred); + if (ret) + return ret; + + error = (*a->ccache->func->store_credentials)(a->ccache, &cred); + if (error) + ret = translate_cc_error(context, error); + + free_ccred(&v5cred); + + return ret; +} + +static krb5_error_code +acc_get_principal(krb5_context context, + krb5_ccache id, + krb5_principal *principal) +{ + krb5_acc *a = ACACHE(id); + krb5_error_code ret; + int32_t error; + cc_string_t name; + + if (a->ccache == NULL) + return ENOENT; + + error = (*a->ccache->func->get_principal)(a->ccache, + cc_credentials_v5, + &name); + if (error) + return translate_cc_error(context, error); + + ret = krb5_parse_name(context, name->data, principal); + + (*name->func->release)(name); + return ret; +} + +static krb5_error_code +acc_get_first (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor) +{ + cc_credentials_iterator_t iter; + krb5_acc *a = ACACHE(id); + int32_t error; + + error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter); + if (error) + return ENOENT; + *cursor = iter; + return 0; +} + + +static krb5_error_code +acc_get_next (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor, + krb5_creds *creds) +{ + cc_credentials_iterator_t iter = *cursor; + cc_credentials_t cred; + krb5_error_code ret; + int32_t error; + + while (1) { + error = (*iter->func->next)(iter, &cred); + if (error) + return translate_cc_error(context, error); + if (cred->data->version == cc_credentials_v5) + break; + (*cred->func->release)(cred); + } + + ret = make_cred_from_ccred(context, + cred->data->credentials.credentials_v5, + creds); + (*cred->func->release)(cred); + return ret; +} + +static krb5_error_code +acc_end_get (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor) +{ + cc_credentials_iterator_t iter = *cursor; + (*iter->func->release)(iter); + return 0; +} + +static krb5_error_code +acc_remove_cred(krb5_context context, + krb5_ccache id, + krb5_flags which, + krb5_creds *cred) +{ + cc_credentials_iterator_t iter; + krb5_acc *a = ACACHE(id); + cc_credentials_t ccred; + krb5_error_code ret; + cc_int32 error; + char *client, *server; + + if (cred->client) { + ret = krb5_unparse_name(context, cred->client, &client); + if (ret) + return ret; + } else + client = NULL; + + ret = krb5_unparse_name(context, cred->server, &server); + if (ret) { + free(client); + return ret; + } + + error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter); + if (error) { + free(server); + free(client); + return translate_cc_error(context, error); + } + + ret = KRB5_CC_NOTFOUND; + while (1) { + cc_credentials_v5_t *v5cred; + + error = (*iter->func->next)(iter, &ccred); + if (error) + break; + + if (ccred->data->version != cc_credentials_v5) + goto next; + + v5cred = ccred->data->credentials.credentials_v5; + + if (client && strcmp(v5cred->client, client) != 0) + goto next; + + if (strcmp(v5cred->server, server) != 0) + goto next; + + (*a->ccache->func->remove_credentials)(a->ccache, ccred); + ret = 0; + next: + (*ccred->func->release)(ccred); + } + + (*iter->func->release)(iter); + + if (ret) + krb5_set_error_string(context, "Can't find credential %s in cache", + server); + free(server); + free(client); + + return ret; +} + +static krb5_error_code +acc_set_flags(krb5_context context, + krb5_ccache id, + krb5_flags flags) +{ + return 0; +} + +static krb5_error_code +acc_get_version(krb5_context context, + krb5_ccache id) +{ + return 0; +} + +const krb5_cc_ops krb5_acc_ops = { + "API", + acc_get_name, + acc_resolve, + acc_gen_new, + acc_initialize, + acc_destroy, + acc_close, + acc_store_cred, + NULL, /* acc_retrieve */ + acc_get_principal, + acc_get_first, + acc_get_next, + acc_end_get, + acc_remove_cred, + acc_set_flags, + acc_get_version +}; diff --git a/source4/heimdal/lib/krb5/add_et_list.c b/source4/heimdal/lib/krb5/add_et_list.c new file mode 100644 index 0000000000..3b9773bebb --- /dev/null +++ b/source4/heimdal/lib/krb5/add_et_list.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: add_et_list.c,v 1.3 2004/04/13 14:33:45 lha Exp $"); + +/* + * Add a specified list of error messages to the et list in context. + * Call func (probably a comerr-generated function) with a pointer to + * the current et_list. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_add_et_list (krb5_context context, + void (*func)(struct et_list **)) +{ + (*func)(&context->et_list); + return 0; +} diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c new file mode 100644 index 0000000000..ccc97f412d --- /dev/null +++ b/source4/heimdal/lib/krb5/addr_families.c @@ -0,0 +1,1180 @@ +/* + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: addr_families.c,v 1.49 2005/06/16 20:16:12 lha Exp $"); + +struct addr_operations { + int af; + krb5_address_type atype; + size_t max_sockaddr_size; + krb5_error_code (*sockaddr2addr)(const struct sockaddr *, krb5_address *); + krb5_error_code (*sockaddr2port)(const struct sockaddr *, int16_t *); + void (*addr2sockaddr)(const krb5_address *, struct sockaddr *, + krb5_socklen_t *sa_size, int port); + void (*h_addr2sockaddr)(const char *, struct sockaddr *, krb5_socklen_t *, int); + krb5_error_code (*h_addr2addr)(const char *, krb5_address *); + krb5_boolean (*uninteresting)(const struct sockaddr *); + void (*anyaddr)(struct sockaddr *, krb5_socklen_t *, int); + int (*print_addr)(const krb5_address *, char *, size_t); + int (*parse_addr)(krb5_context, const char*, krb5_address *); + int (*order_addr)(krb5_context, const krb5_address*, const krb5_address*); + int (*free_addr)(krb5_context, krb5_address*); + int (*copy_addr)(krb5_context, const krb5_address*, krb5_address*); + int (*mask_boundary)(krb5_context, const krb5_address*, unsigned long, + krb5_address*, krb5_address*); +}; + +/* + * AF_INET - aka IPv4 implementation + */ + +static krb5_error_code +ipv4_sockaddr2addr (const struct sockaddr *sa, krb5_address *a) +{ + const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa; + unsigned char buf[4]; + + a->addr_type = KRB5_ADDRESS_INET; + memcpy (buf, &sin4->sin_addr, 4); + return krb5_data_copy(&a->address, buf, 4); +} + +static krb5_error_code +ipv4_sockaddr2port (const struct sockaddr *sa, int16_t *port) +{ + const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa; + + *port = sin4->sin_port; + return 0; +} + +static void +ipv4_addr2sockaddr (const krb5_address *a, + struct sockaddr *sa, + krb5_socklen_t *sa_size, + int port) +{ + struct sockaddr_in tmp; + + memset (&tmp, 0, sizeof(tmp)); + tmp.sin_family = AF_INET; + memcpy (&tmp.sin_addr, a->address.data, 4); + tmp.sin_port = port; + memcpy(sa, &tmp, min(sizeof(tmp), *sa_size)); + *sa_size = sizeof(tmp); +} + +static void +ipv4_h_addr2sockaddr(const char *addr, + struct sockaddr *sa, + krb5_socklen_t *sa_size, + int port) +{ + struct sockaddr_in tmp; + + memset (&tmp, 0, sizeof(tmp)); + tmp.sin_family = AF_INET; + tmp.sin_port = port; + tmp.sin_addr = *((const struct in_addr *)addr); + memcpy(sa, &tmp, min(sizeof(tmp), *sa_size)); + *sa_size = sizeof(tmp); +} + +static krb5_error_code +ipv4_h_addr2addr (const char *addr, + krb5_address *a) +{ + unsigned char buf[4]; + + a->addr_type = KRB5_ADDRESS_INET; + memcpy(buf, addr, 4); + return krb5_data_copy(&a->address, buf, 4); +} + +/* + * Are there any addresses that should be considered `uninteresting'? + */ + +static krb5_boolean +ipv4_uninteresting (const struct sockaddr *sa) +{ + const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa; + + if (sin4->sin_addr.s_addr == INADDR_ANY) + return TRUE; + + return FALSE; +} + +static void +ipv4_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port) +{ + struct sockaddr_in tmp; + + memset (&tmp, 0, sizeof(tmp)); + tmp.sin_family = AF_INET; + tmp.sin_port = port; + tmp.sin_addr.s_addr = INADDR_ANY; + memcpy(sa, &tmp, min(sizeof(tmp), *sa_size)); + *sa_size = sizeof(tmp); +} + +static int +ipv4_print_addr (const krb5_address *addr, char *str, size_t len) +{ + struct in_addr ia; + + memcpy (&ia, addr->address.data, 4); + + return snprintf (str, len, "IPv4:%s", inet_ntoa(ia)); +} + +static int +ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr) +{ + const char *p; + struct in_addr a; + + p = strchr(address, ':'); + if(p) { + p++; + if(strncasecmp(address, "ip:", p - address) != 0 && + strncasecmp(address, "ip4:", p - address) != 0 && + strncasecmp(address, "ipv4:", p - address) != 0 && + strncasecmp(address, "inet:", p - address) != 0) + return -1; + } else + p = address; +#ifdef HAVE_INET_ATON + if(inet_aton(p, &a) == 0) + return -1; +#elif defined(HAVE_INET_ADDR) + a.s_addr = inet_addr(p); + if(a.s_addr == INADDR_NONE) + return -1; +#else + return -1; +#endif + addr->addr_type = KRB5_ADDRESS_INET; + if(krb5_data_alloc(&addr->address, 4) != 0) + return -1; + _krb5_put_int(addr->address.data, ntohl(a.s_addr), addr->address.length); + return 0; +} + +static int +ipv4_mask_boundary(krb5_context context, const krb5_address *inaddr, + unsigned long len, krb5_address *low, krb5_address *high) +{ + unsigned long ia; + u_int32_t l, h, m = 0xffffffff; + + if (len > 32) { + krb5_set_error_string(context, "IPv4 prefix too large (%ld)", len); + return KRB5_PROG_ATYPE_NOSUPP; + } + m = m << (32 - len); + + _krb5_get_int(inaddr->address.data, &ia, inaddr->address.length); + + l = ia & m; + h = l | ~m; + + low->addr_type = KRB5_ADDRESS_INET; + if(krb5_data_alloc(&low->address, 4) != 0) + return -1; + _krb5_put_int(low->address.data, l, low->address.length); + + high->addr_type = KRB5_ADDRESS_INET; + if(krb5_data_alloc(&high->address, 4) != 0) { + krb5_free_address(context, low); + return -1; + } + _krb5_put_int(high->address.data, h, high->address.length); + + return 0; +} + + +/* + * AF_INET6 - aka IPv6 implementation + */ + +#ifdef HAVE_IPV6 + +static krb5_error_code +ipv6_sockaddr2addr (const struct sockaddr *sa, krb5_address *a) +{ + const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa; + + if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { + unsigned char buf[4]; + + a->addr_type = KRB5_ADDRESS_INET; +#ifndef IN6_ADDR_V6_TO_V4 +#ifdef IN6_EXTRACT_V4ADDR +#define IN6_ADDR_V6_TO_V4(x) (&IN6_EXTRACT_V4ADDR(x)) +#else +#define IN6_ADDR_V6_TO_V4(x) ((const struct in_addr *)&(x)->s6_addr[12]) +#endif +#endif + memcpy (buf, IN6_ADDR_V6_TO_V4(&sin6->sin6_addr), 4); + return krb5_data_copy(&a->address, buf, 4); + } else { + a->addr_type = KRB5_ADDRESS_INET6; + return krb5_data_copy(&a->address, + &sin6->sin6_addr, + sizeof(sin6->sin6_addr)); + } +} + +static krb5_error_code +ipv6_sockaddr2port (const struct sockaddr *sa, int16_t *port) +{ + const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa; + + *port = sin6->sin6_port; + return 0; +} + +static void +ipv6_addr2sockaddr (const krb5_address *a, + struct sockaddr *sa, + krb5_socklen_t *sa_size, + int port) +{ + struct sockaddr_in6 tmp; + + memset (&tmp, 0, sizeof(tmp)); + tmp.sin6_family = AF_INET6; + memcpy (&tmp.sin6_addr, a->address.data, sizeof(tmp.sin6_addr)); + tmp.sin6_port = port; + memcpy(sa, &tmp, min(sizeof(tmp), *sa_size)); + *sa_size = sizeof(tmp); +} + +static void +ipv6_h_addr2sockaddr(const char *addr, + struct sockaddr *sa, + krb5_socklen_t *sa_size, + int port) +{ + struct sockaddr_in6 tmp; + + memset (&tmp, 0, sizeof(tmp)); + tmp.sin6_family = AF_INET6; + tmp.sin6_port = port; + tmp.sin6_addr = *((const struct in6_addr *)addr); + memcpy(sa, &tmp, min(sizeof(tmp), *sa_size)); + *sa_size = sizeof(tmp); +} + +static krb5_error_code +ipv6_h_addr2addr (const char *addr, + krb5_address *a) +{ + a->addr_type = KRB5_ADDRESS_INET6; + return krb5_data_copy(&a->address, addr, sizeof(struct in6_addr)); +} + +/* + * + */ + +static krb5_boolean +ipv6_uninteresting (const struct sockaddr *sa) +{ + const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa; + const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr; + + return + IN6_IS_ADDR_LINKLOCAL(in6) + || IN6_IS_ADDR_V4COMPAT(in6); +} + +static void +ipv6_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port) +{ + struct sockaddr_in6 tmp; + + memset (&tmp, 0, sizeof(tmp)); + tmp.sin6_family = AF_INET6; + tmp.sin6_port = port; + tmp.sin6_addr = in6addr_any; + *sa_size = sizeof(tmp); +} + +static int +ipv6_print_addr (const krb5_address *addr, char *str, size_t len) +{ + char buf[128], buf2[3]; +#ifdef HAVE_INET_NTOP + if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL) +#endif + { + /* XXX this is pretty ugly, but better than abort() */ + int i; + unsigned char *p = addr->address.data; + buf[0] = '\0'; + for(i = 0; i < addr->address.length; i++) { + snprintf(buf2, sizeof(buf2), "%02x", p[i]); + if(i > 0 && (i & 1) == 0) + strlcat(buf, ":", sizeof(buf)); + strlcat(buf, buf2, sizeof(buf)); + } + } + return snprintf(str, len, "IPv6:%s", buf); +} + +static int +ipv6_parse_addr (krb5_context context, const char *address, krb5_address *addr) +{ + int ret; + struct in6_addr in6; + const char *p; + + p = strchr(address, ':'); + if(p) { + p++; + if(strncasecmp(address, "ip6:", p - address) == 0 || + strncasecmp(address, "ipv6:", p - address) == 0 || + strncasecmp(address, "inet6:", p - address) == 0) + address = p; + } + + ret = inet_pton(AF_INET6, address, &in6.s6_addr); + if(ret == 1) { + addr->addr_type = KRB5_ADDRESS_INET6; + ret = krb5_data_alloc(&addr->address, sizeof(in6.s6_addr)); + if (ret) + return -1; + memcpy(addr->address.data, in6.s6_addr, sizeof(in6.s6_addr)); + return 0; + } + return -1; +} + +static int +ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr, + unsigned long len, krb5_address *low, krb5_address *high) +{ + struct in6_addr addr, laddr, haddr; + u_int32_t m; + int i, sub_len; + + if (len > 128) { + krb5_set_error_string(context, "IPv6 prefix too large (%ld)", len); + return KRB5_PROG_ATYPE_NOSUPP; + } + + if (inaddr->address.length != sizeof(addr)) { + krb5_set_error_string(context, "IPv6 addr bad length"); + return KRB5_PROG_ATYPE_NOSUPP; + } + + memcpy(&addr, inaddr->address.data, inaddr->address.length); + + for (i = 0; i < 16; i++) { + sub_len = min(8, len); + + m = 0xff << (8 - sub_len); + + laddr.s6_addr[i] = addr.s6_addr[i] & m; + haddr.s6_addr[i] = (addr.s6_addr[i] & m) | ~m; + + if (len > 8) + len -= 8; + else + len = 0; + } + + low->addr_type = KRB5_ADDRESS_INET6; + if (krb5_data_alloc(&low->address, sizeof(laddr.s6_addr)) != 0) + return -1; + memcpy(low->address.data, laddr.s6_addr, sizeof(laddr.s6_addr)); + + high->addr_type = KRB5_ADDRESS_INET6; + if (krb5_data_alloc(&high->address, sizeof(haddr.s6_addr)) != 0) { + krb5_free_address(context, low); + return -1; + } + memcpy(high->address.data, haddr.s6_addr, sizeof(haddr.s6_addr)); + + return 0; +} + +#endif /* IPv6 */ + +/* + * table + */ + +#define KRB5_ADDRESS_ARANGE (-100) + +struct arange { + krb5_address low; + krb5_address high; +}; + +static int +arange_parse_addr (krb5_context context, + const char *address, krb5_address *addr) +{ + char buf[1024], *p; + krb5_address low0, high0; + struct arange *a; + krb5_error_code ret; + + if(strncasecmp(address, "RANGE:", 6) != 0) + return -1; + + address += 6; + + p = strrchr(address, '/'); + if (p) { + krb5_addresses addrmask; + char *q; + long num; + + if (strlcpy(buf, address, sizeof(buf)) > sizeof(buf)) + return -1; + buf[p - address] = '\0'; + ret = krb5_parse_address(context, buf, &addrmask); + if (ret) + return ret; + if(addrmask.len != 1) { + krb5_free_addresses(context, &addrmask); + return -1; + } + + address += p - address + 1; + + num = strtol(address, &q, 10); + if (q == address || *q != '\0' || num < 0) { + krb5_free_addresses(context, &addrmask); + return -1; + } + + ret = krb5_address_prefixlen_boundary(context, &addrmask.val[0], num, + &low0, &high0); + krb5_free_addresses(context, &addrmask); + if (ret) + return ret; + + } else { + krb5_addresses low, high; + + strsep_copy(&address, "-", buf, sizeof(buf)); + ret = krb5_parse_address(context, buf, &low); + if(ret) + return ret; + if(low.len != 1) { + krb5_free_addresses(context, &low); + return -1; + } + + strsep_copy(&address, "-", buf, sizeof(buf)); + ret = krb5_parse_address(context, buf, &high); + if(ret) { + krb5_free_addresses(context, &low); + return ret; + } + + if(high.len != 1 && high.val[0].addr_type != low.val[0].addr_type) { + krb5_free_addresses(context, &low); + krb5_free_addresses(context, &high); + return -1; + } + + ret = krb5_copy_address(context, &high.val[0], &high0); + if (ret == 0) { + ret = krb5_copy_address(context, &low.val[0], &low0); + if (ret) + krb5_free_address(context, &high0); + } + krb5_free_addresses(context, &low); + krb5_free_addresses(context, &high); + if (ret) + return ret; + } + + krb5_data_alloc(&addr->address, sizeof(*a)); + addr->addr_type = KRB5_ADDRESS_ARANGE; + a = addr->address.data; + + if(krb5_address_order(context, &low0, &high0) < 0) { + a->low = low0; + a->high = high0; + } else { + a->low = high0; + a->high = low0; + } + return 0; +} + +static int +arange_free (krb5_context context, krb5_address *addr) +{ + struct arange *a; + a = addr->address.data; + krb5_free_address(context, &a->low); + krb5_free_address(context, &a->high); + return 0; +} + + +static int +arange_copy (krb5_context context, const krb5_address *inaddr, + krb5_address *outaddr) +{ + krb5_error_code ret; + struct arange *i, *o; + + outaddr->addr_type = KRB5_ADDRESS_ARANGE; + ret = krb5_data_alloc(&outaddr->address, sizeof(*o)); + if(ret) + return ret; + i = inaddr->address.data; + o = outaddr->address.data; + ret = krb5_copy_address(context, &i->low, &o->low); + if(ret) { + krb5_data_free(&outaddr->address); + return ret; + } + ret = krb5_copy_address(context, &i->high, &o->high); + if(ret) { + krb5_free_address(context, &o->low); + krb5_data_free(&outaddr->address); + return ret; + } + return 0; +} + +static int +arange_print_addr (const krb5_address *addr, char *str, size_t len) +{ + struct arange *a; + krb5_error_code ret; + size_t l, size, ret_len; + + a = addr->address.data; + + l = strlcpy(str, "RANGE:", len); + ret_len = l; + if (l > len) + l = len; + size = l; + + ret = krb5_print_address (&a->low, str + size, len - size, &l); + if (ret) + return ret; + ret_len += l; + if (len - size > l) + size += l; + else + size = len; + + l = strlcat(str + size, "-", len - size); + ret_len += l; + if (len - size > l) + size += l; + else + size = len; + + ret = krb5_print_address (&a->high, str + size, len - size, &l); + if (ret) + return ret; + ret_len += l; + + return ret_len; +} + +static int +arange_order_addr(krb5_context context, + const krb5_address *addr1, + const krb5_address *addr2) +{ + int tmp1, tmp2, sign; + struct arange *a; + const krb5_address *a2; + + if(addr1->addr_type == KRB5_ADDRESS_ARANGE) { + a = addr1->address.data; + a2 = addr2; + sign = 1; + } else if(addr2->addr_type == KRB5_ADDRESS_ARANGE) { + a = addr2->address.data; + a2 = addr1; + sign = -1; + } else + abort(); + + if(a2->addr_type == KRB5_ADDRESS_ARANGE) { + struct arange *b = a2->address.data; + tmp1 = krb5_address_order(context, &a->low, &b->low); + if(tmp1 != 0) + return sign * tmp1; + return sign * krb5_address_order(context, &a->high, &b->high); + } else if(a2->addr_type == a->low.addr_type) { + tmp1 = krb5_address_order(context, &a->low, a2); + if(tmp1 > 0) + return sign; + tmp2 = krb5_address_order(context, &a->high, a2); + if(tmp2 < 0) + return -sign; + return 0; + } else { + return sign * (addr1->addr_type - addr2->addr_type); + } +} + +static int +addrport_print_addr (const krb5_address *addr, char *str, size_t len) +{ + krb5_error_code ret; + krb5_address addr1, addr2; + uint16_t port = 0; + size_t ret_len = 0, l, size = 0; + krb5_storage *sp; + + sp = krb5_storage_from_data((krb5_data*)rk_UNCONST(&addr->address)); + /* for totally obscure reasons, these are not in network byteorder */ + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE); + + krb5_storage_seek(sp, 2, SEEK_CUR); /* skip first two bytes */ + krb5_ret_address(sp, &addr1); + + krb5_storage_seek(sp, 2, SEEK_CUR); /* skip two bytes */ + krb5_ret_address(sp, &addr2); + krb5_storage_free(sp); + if(addr2.addr_type == KRB5_ADDRESS_IPPORT && addr2.address.length == 2) { + unsigned long value; + _krb5_get_int(addr2.address.data, &value, 2); + port = value; + } + l = strlcpy(str, "ADDRPORT:", len); + ret_len += l; + if (len > l) + size += l; + else + size = len; + + ret = krb5_print_address(&addr1, str + size, len - size, &l); + if (ret) + return ret; + ret_len += l; + if (len - size > l) + size += l; + else + size = len; + + ret = snprintf(str + size, len - size, ",PORT=%u", port); + if (ret < 0) + return EINVAL; + ret_len += ret; + return ret_len; +} + +static struct addr_operations at[] = { + {AF_INET, KRB5_ADDRESS_INET, sizeof(struct sockaddr_in), + ipv4_sockaddr2addr, + ipv4_sockaddr2port, + ipv4_addr2sockaddr, + ipv4_h_addr2sockaddr, + ipv4_h_addr2addr, + ipv4_uninteresting, ipv4_anyaddr, ipv4_print_addr, ipv4_parse_addr, + NULL, NULL, NULL, ipv4_mask_boundary }, +#ifdef HAVE_IPV6 + {AF_INET6, KRB5_ADDRESS_INET6, sizeof(struct sockaddr_in6), + ipv6_sockaddr2addr, + ipv6_sockaddr2port, + ipv6_addr2sockaddr, + ipv6_h_addr2sockaddr, + ipv6_h_addr2addr, + ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr, + NULL, NULL, NULL, ipv6_mask_boundary } , +#endif + {KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0, + NULL, NULL, NULL, NULL, NULL, + NULL, NULL, addrport_print_addr, NULL, NULL, NULL, NULL }, + /* fake address type */ + {KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange), + NULL, NULL, NULL, NULL, NULL, NULL, NULL, + arange_print_addr, arange_parse_addr, + arange_order_addr, arange_free, arange_copy } +}; + +static int num_addrs = sizeof(at) / sizeof(at[0]); + +static size_t max_sockaddr_size = 0; + +/* + * generic functions + */ + +static struct addr_operations * +find_af(int af) +{ + struct addr_operations *a; + + for (a = at; a < at + num_addrs; ++a) + if (af == a->af) + return a; + return NULL; +} + +static struct addr_operations * +find_atype(int atype) +{ + struct addr_operations *a; + + for (a = at; a < at + num_addrs; ++a) + if (atype == a->atype) + return a; + return NULL; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_sockaddr2address (krb5_context context, + const struct sockaddr *sa, krb5_address *addr) +{ + struct addr_operations *a = find_af(sa->sa_family); + if (a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", + sa->sa_family); + return KRB5_PROG_ATYPE_NOSUPP; + } + return (*a->sockaddr2addr)(sa, addr); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_sockaddr2port (krb5_context context, + const struct sockaddr *sa, int16_t *port) +{ + struct addr_operations *a = find_af(sa->sa_family); + if (a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", + sa->sa_family); + return KRB5_PROG_ATYPE_NOSUPP; + } + return (*a->sockaddr2port)(sa, port); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_addr2sockaddr (krb5_context context, + const krb5_address *addr, + struct sockaddr *sa, + krb5_socklen_t *sa_size, + int port) +{ + struct addr_operations *a = find_atype(addr->addr_type); + + if (a == NULL) { + krb5_set_error_string (context, "Address type %d not supported", + addr->addr_type); + return KRB5_PROG_ATYPE_NOSUPP; + } + if (a->addr2sockaddr == NULL) { + krb5_set_error_string (context, "Can't convert address type %d to sockaddr", + addr->addr_type); + return KRB5_PROG_ATYPE_NOSUPP; + } + (*a->addr2sockaddr)(addr, sa, sa_size, port); + return 0; +} + +size_t KRB5_LIB_FUNCTION +krb5_max_sockaddr_size (void) +{ + if (max_sockaddr_size == 0) { + struct addr_operations *a; + + for(a = at; a < at + num_addrs; ++a) + max_sockaddr_size = max(max_sockaddr_size, a->max_sockaddr_size); + } + return max_sockaddr_size; +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_sockaddr_uninteresting(const struct sockaddr *sa) +{ + struct addr_operations *a = find_af(sa->sa_family); + if (a == NULL || a->uninteresting == NULL) + return TRUE; + return (*a->uninteresting)(sa); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_h_addr2sockaddr (krb5_context context, + int af, + const char *addr, struct sockaddr *sa, + krb5_socklen_t *sa_size, + int port) +{ + struct addr_operations *a = find_af(af); + if (a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", af); + return KRB5_PROG_ATYPE_NOSUPP; + } + (*a->h_addr2sockaddr)(addr, sa, sa_size, port); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_h_addr2addr (krb5_context context, + int af, + const char *haddr, krb5_address *addr) +{ + struct addr_operations *a = find_af(af); + if (a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", af); + return KRB5_PROG_ATYPE_NOSUPP; + } + return (*a->h_addr2addr)(haddr, addr); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_anyaddr (krb5_context context, + int af, + struct sockaddr *sa, + krb5_socklen_t *sa_size, + int port) +{ + struct addr_operations *a = find_af (af); + + if (a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", af); + return KRB5_PROG_ATYPE_NOSUPP; + } + + (*a->anyaddr)(sa, sa_size, port); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_print_address (const krb5_address *addr, + char *str, size_t len, size_t *ret_len) +{ + struct addr_operations *a = find_atype(addr->addr_type); + int ret; + + if (a == NULL || a->print_addr == NULL) { + char *s; + int l; + int i; + + s = str; + l = snprintf(s, len, "TYPE_%d:", addr->addr_type); + if (l < 0 || l >= len) + return EINVAL; + s += l; + len -= l; + for(i = 0; i < addr->address.length; i++) { + l = snprintf(s, len, "%02x", ((char*)addr->address.data)[i]); + if (l < 0 || l >= len) + return EINVAL; + len -= l; + s += l; + } + if(ret_len != NULL) + *ret_len = s - str; + return 0; + } + ret = (*a->print_addr)(addr, str, len); + if (ret < 0) + return EINVAL; + if(ret_len != NULL) + *ret_len = ret; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_parse_address(krb5_context context, + const char *string, + krb5_addresses *addresses) +{ + int i, n; + struct addrinfo *ai, *a; + int error; + int save_errno; + + for(i = 0; i < num_addrs; i++) { + if(at[i].parse_addr) { + krb5_address addr; + if((*at[i].parse_addr)(context, string, &addr) == 0) { + ALLOC_SEQ(addresses, 1); + addresses->val[0] = addr; + return 0; + } + } + } + + error = getaddrinfo (string, NULL, NULL, &ai); + if (error) { + save_errno = errno; + krb5_set_error_string (context, "%s: %s", string, gai_strerror(error)); + return krb5_eai_to_heim_errno(error, save_errno); + } + + n = 0; + for (a = ai; a != NULL; a = a->ai_next) + ++n; + + ALLOC_SEQ(addresses, n); + if (addresses->val == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + freeaddrinfo(ai); + return ENOMEM; + } + + addresses->len = 0; + for (a = ai, i = 0; a != NULL; a = a->ai_next) { + if (krb5_sockaddr2address (context, ai->ai_addr, &addresses->val[i])) + continue; + if(krb5_address_search(context, &addresses->val[i], addresses)) + continue; + addresses->len = i; + i++; + } + freeaddrinfo (ai); + return 0; +} + +int KRB5_LIB_FUNCTION +krb5_address_order(krb5_context context, + const krb5_address *addr1, + const krb5_address *addr2) +{ + /* this sucks; what if both addresses have order functions, which + should we call? this works for now, though */ + struct addr_operations *a; + a = find_atype(addr1->addr_type); + if(a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", + addr1->addr_type); + return KRB5_PROG_ATYPE_NOSUPP; + } + if(a->order_addr != NULL) + return (*a->order_addr)(context, addr1, addr2); + a = find_atype(addr2->addr_type); + if(a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", + addr2->addr_type); + return KRB5_PROG_ATYPE_NOSUPP; + } + if(a->order_addr != NULL) + return (*a->order_addr)(context, addr1, addr2); + + if(addr1->addr_type != addr2->addr_type) + return addr1->addr_type - addr2->addr_type; + if(addr1->address.length != addr2->address.length) + return addr1->address.length - addr2->address.length; + return memcmp (addr1->address.data, + addr2->address.data, + addr1->address.length); +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_address_compare(krb5_context context, + const krb5_address *addr1, + const krb5_address *addr2) +{ + return krb5_address_order (context, addr1, addr2) == 0; +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_address_search(krb5_context context, + const krb5_address *addr, + const krb5_addresses *addrlist) +{ + int i; + + for (i = 0; i < addrlist->len; ++i) + if (krb5_address_compare (context, addr, &addrlist->val[i])) + return TRUE; + return FALSE; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_address(krb5_context context, + krb5_address *address) +{ + struct addr_operations *a = find_atype (address->addr_type); + if(a != NULL && a->free_addr != NULL) + return (*a->free_addr)(context, address); + krb5_data_free (&address->address); + memset(address, 0, sizeof(*address)); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_addresses(krb5_context context, + krb5_addresses *addresses) +{ + int i; + for(i = 0; i < addresses->len; i++) + krb5_free_address(context, &addresses->val[i]); + free(addresses->val); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_address(krb5_context context, + const krb5_address *inaddr, + krb5_address *outaddr) +{ + struct addr_operations *a = find_af (inaddr->addr_type); + if(a != NULL && a->copy_addr != NULL) + return (*a->copy_addr)(context, inaddr, outaddr); + return copy_HostAddress(inaddr, outaddr); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_addresses(krb5_context context, + const krb5_addresses *inaddr, + krb5_addresses *outaddr) +{ + int i; + ALLOC_SEQ(outaddr, inaddr->len); + if(inaddr->len > 0 && outaddr->val == NULL) + return ENOMEM; + for(i = 0; i < inaddr->len; i++) + krb5_copy_address(context, &inaddr->val[i], &outaddr->val[i]); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_append_addresses(krb5_context context, + krb5_addresses *dest, + const krb5_addresses *source) +{ + krb5_address *tmp; + krb5_error_code ret; + int i; + if(source->len > 0) { + tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp)); + if(tmp == NULL) { + krb5_set_error_string(context, "realloc: out of memory"); + return ENOMEM; + } + dest->val = tmp; + for(i = 0; i < source->len; i++) { + /* skip duplicates */ + if(krb5_address_search(context, &source->val[i], dest)) + continue; + ret = krb5_copy_address(context, + &source->val[i], + &dest->val[dest->len]); + if(ret) + return ret; + dest->len++; + } + } + return 0; +} + +/* + * Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port) + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_make_addrport (krb5_context context, + krb5_address **res, const krb5_address *addr, int16_t port) +{ + krb5_error_code ret; + size_t len = addr->address.length + 2 + 4 * 4; + u_char *p; + + *res = malloc (sizeof(**res)); + if (*res == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + (*res)->addr_type = KRB5_ADDRESS_ADDRPORT; + ret = krb5_data_alloc (&(*res)->address, len); + if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); + free (*res); + return ret; + } + p = (*res)->address.data; + *p++ = 0; + *p++ = 0; + *p++ = (addr->addr_type ) & 0xFF; + *p++ = (addr->addr_type >> 8) & 0xFF; + + *p++ = (addr->address.length ) & 0xFF; + *p++ = (addr->address.length >> 8) & 0xFF; + *p++ = (addr->address.length >> 16) & 0xFF; + *p++ = (addr->address.length >> 24) & 0xFF; + + memcpy (p, addr->address.data, addr->address.length); + p += addr->address.length; + + *p++ = 0; + *p++ = 0; + *p++ = (KRB5_ADDRESS_IPPORT ) & 0xFF; + *p++ = (KRB5_ADDRESS_IPPORT >> 8) & 0xFF; + + *p++ = (2 ) & 0xFF; + *p++ = (2 >> 8) & 0xFF; + *p++ = (2 >> 16) & 0xFF; + *p++ = (2 >> 24) & 0xFF; + + memcpy (p, &port, 2); + p += 2; + + return 0; +} + +/* + * Calculate the boundary addresses of `inaddr'/`prefixlen' and store + * them in `low' and `high'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_address_prefixlen_boundary(krb5_context context, + const krb5_address *inaddr, + unsigned long prefixlen, + krb5_address *low, + krb5_address *high) +{ + struct addr_operations *a = find_atype (inaddr->addr_type); + if(a != NULL && a->mask_boundary != NULL) + return (*a->mask_boundary)(context, inaddr, prefixlen, low, high); + krb5_set_error_string(context, "Address family %d doesn't support " + "address mask operation", inaddr->addr_type); + return KRB5_PROG_ATYPE_NOSUPP; +} diff --git a/source4/heimdal/lib/krb5/appdefault.c b/source4/heimdal/lib/krb5/appdefault.c new file mode 100644 index 0000000000..03fa933b6f --- /dev/null +++ b/source4/heimdal/lib/krb5/appdefault.c @@ -0,0 +1,142 @@ +/* + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: appdefault.c,v 1.10 2005/01/05 05:40:59 lukeh Exp $"); + +void KRB5_LIB_FUNCTION +krb5_appdefault_boolean(krb5_context context, const char *appname, + krb5_const_realm realm, const char *option, + krb5_boolean def_val, krb5_boolean *ret_val) +{ + + if(appname == NULL) + appname = getprogname(); + + def_val = krb5_config_get_bool_default(context, NULL, def_val, + "libdefaults", option, NULL); + if(realm != NULL) + def_val = krb5_config_get_bool_default(context, NULL, def_val, + "realms", realm, option, NULL); + + def_val = krb5_config_get_bool_default(context, NULL, def_val, + "appdefaults", + option, + NULL); + if(realm != NULL) + def_val = krb5_config_get_bool_default(context, NULL, def_val, + "appdefaults", + realm, + option, + NULL); + if(appname != NULL) { + def_val = krb5_config_get_bool_default(context, NULL, def_val, + "appdefaults", + appname, + option, + NULL); + if(realm != NULL) + def_val = krb5_config_get_bool_default(context, NULL, def_val, + "appdefaults", + appname, + realm, + option, + NULL); + } + *ret_val = def_val; +} + +void KRB5_LIB_FUNCTION +krb5_appdefault_string(krb5_context context, const char *appname, + krb5_const_realm realm, const char *option, + const char *def_val, char **ret_val) +{ + if(appname == NULL) + appname = getprogname(); + + def_val = krb5_config_get_string_default(context, NULL, def_val, + "libdefaults", option, NULL); + if(realm != NULL) + def_val = krb5_config_get_string_default(context, NULL, def_val, + "realms", realm, option, NULL); + + def_val = krb5_config_get_string_default(context, NULL, def_val, + "appdefaults", + option, + NULL); + if(realm != NULL) + def_val = krb5_config_get_string_default(context, NULL, def_val, + "appdefaults", + realm, + option, + NULL); + if(appname != NULL) { + def_val = krb5_config_get_string_default(context, NULL, def_val, + "appdefaults", + appname, + option, + NULL); + if(realm != NULL) + def_val = krb5_config_get_string_default(context, NULL, def_val, + "appdefaults", + appname, + realm, + option, + NULL); + } + if(def_val != NULL) + *ret_val = strdup(def_val); + else + *ret_val = NULL; +} + +void KRB5_LIB_FUNCTION +krb5_appdefault_time(krb5_context context, const char *appname, + krb5_const_realm realm, const char *option, + time_t def_val, time_t *ret_val) +{ + krb5_deltat t; + char *val; + + krb5_appdefault_string(context, appname, realm, option, NULL, &val); + if (val == NULL) { + *ret_val = def_val; + return; + } + if (krb5_string_to_deltat(val, &t)) + *ret_val = def_val; + else + *ret_val = t; + free(val); +} diff --git a/source4/heimdal/lib/krb5/asn1_glue.c b/source4/heimdal/lib/krb5/asn1_glue.c new file mode 100644 index 0000000000..01b5d3ee44 --- /dev/null +++ b/source4/heimdal/lib/krb5/asn1_glue.c @@ -0,0 +1,59 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * + */ + +#include "krb5_locl.h" + +RCSID("$Id: asn1_glue.c,v 1.9 2004/12/29 18:54:15 lha Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_principal2principalname (PrincipalName *p, + const krb5_principal from) +{ + return copy_PrincipalName(&from->name, p); +} + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_principalname2krb5_principal (krb5_principal *principal, + const PrincipalName from, + const Realm realm) +{ + krb5_principal p = malloc(sizeof(*p)); + copy_PrincipalName(&from, &p->name); + p->realm = strdup(realm); + *principal = p; + return 0; +} diff --git a/source4/heimdal/lib/krb5/auth_context.c b/source4/heimdal/lib/krb5/auth_context.c new file mode 100644 index 0000000000..b8ce65d9a5 --- /dev/null +++ b/source4/heimdal/lib/krb5/auth_context.c @@ -0,0 +1,517 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: auth_context.c,v 1.62 2005/01/05 02:34:08 lukeh Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_init(krb5_context context, + krb5_auth_context *auth_context) +{ + krb5_auth_context p; + + ALLOC(p, 1); + if(!p) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memset(p, 0, sizeof(*p)); + ALLOC(p->authenticator, 1); + if (!p->authenticator) { + krb5_set_error_string(context, "malloc: out of memory"); + free(p); + return ENOMEM; + } + memset (p->authenticator, 0, sizeof(*p->authenticator)); + p->flags = KRB5_AUTH_CONTEXT_DO_TIME; + + p->local_address = NULL; + p->remote_address = NULL; + p->local_port = 0; + p->remote_port = 0; + p->keytype = KEYTYPE_NULL; + p->cksumtype = CKSUMTYPE_NONE; + *auth_context = p; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_free(krb5_context context, + krb5_auth_context auth_context) +{ + if (auth_context != NULL) { + krb5_free_authenticator(context, &auth_context->authenticator); + if(auth_context->local_address){ + free_HostAddress(auth_context->local_address); + free(auth_context->local_address); + } + if(auth_context->remote_address){ + free_HostAddress(auth_context->remote_address); + free(auth_context->remote_address); + } + krb5_free_keyblock(context, auth_context->keyblock); + krb5_free_keyblock(context, auth_context->remote_subkey); + krb5_free_keyblock(context, auth_context->local_subkey); + free (auth_context); + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setflags(krb5_context context, + krb5_auth_context auth_context, + int32_t flags) +{ + auth_context->flags = flags; + return 0; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getflags(krb5_context context, + krb5_auth_context auth_context, + int32_t *flags) +{ + *flags = auth_context->flags; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_addflags(krb5_context context, + krb5_auth_context auth_context, + int32_t addflags, + int32_t *flags) +{ + if (flags) + *flags = auth_context->flags; + auth_context->flags |= addflags; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_removeflags(krb5_context context, + krb5_auth_context auth_context, + int32_t removeflags, + int32_t *flags) +{ + if (flags) + *flags = auth_context->flags; + auth_context->flags &= ~removeflags; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setaddrs(krb5_context context, + krb5_auth_context auth_context, + krb5_address *local_addr, + krb5_address *remote_addr) +{ + if (local_addr) { + if (auth_context->local_address) + krb5_free_address (context, auth_context->local_address); + else + auth_context->local_address = malloc(sizeof(krb5_address)); + krb5_copy_address(context, local_addr, auth_context->local_address); + } + if (remote_addr) { + if (auth_context->remote_address) + krb5_free_address (context, auth_context->remote_address); + else + auth_context->remote_address = malloc(sizeof(krb5_address)); + krb5_copy_address(context, remote_addr, auth_context->remote_address); + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_genaddrs(krb5_context context, + krb5_auth_context auth_context, + int fd, int flags) +{ + krb5_error_code ret; + krb5_address local_k_address, remote_k_address; + krb5_address *lptr = NULL, *rptr = NULL; + struct sockaddr_storage ss_local, ss_remote; + struct sockaddr *local = (struct sockaddr *)&ss_local; + struct sockaddr *remote = (struct sockaddr *)&ss_remote; + socklen_t len; + + if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) { + if (auth_context->local_address == NULL) { + len = sizeof(ss_local); + if(getsockname(fd, local, &len) < 0) { + ret = errno; + krb5_set_error_string (context, "getsockname: %s", + strerror(ret)); + goto out; + } + ret = krb5_sockaddr2address (context, local, &local_k_address); + if(ret) goto out; + if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) { + krb5_sockaddr2port (context, local, &auth_context->local_port); + } else + auth_context->local_port = 0; + lptr = &local_k_address; + } + } + if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) { + len = sizeof(ss_remote); + if(getpeername(fd, remote, &len) < 0) { + ret = errno; + krb5_set_error_string (context, "getpeername: %s", strerror(ret)); + goto out; + } + ret = krb5_sockaddr2address (context, remote, &remote_k_address); + if(ret) goto out; + if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) { + krb5_sockaddr2port (context, remote, &auth_context->remote_port); + } else + auth_context->remote_port = 0; + rptr = &remote_k_address; + } + ret = krb5_auth_con_setaddrs (context, + auth_context, + lptr, + rptr); + out: + if (lptr) + krb5_free_address (context, lptr); + if (rptr) + krb5_free_address (context, rptr); + return ret; + +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setaddrs_from_fd (krb5_context context, + krb5_auth_context auth_context, + void *p_fd) +{ + int fd = *(int*)p_fd; + int flags = 0; + if(auth_context->local_address == NULL) + flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR; + if(auth_context->remote_address == NULL) + flags |= KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR; + return krb5_auth_con_genaddrs(context, auth_context, fd, flags); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getaddrs(krb5_context context, + krb5_auth_context auth_context, + krb5_address **local_addr, + krb5_address **remote_addr) +{ + if(*local_addr) + krb5_free_address (context, *local_addr); + *local_addr = malloc (sizeof(**local_addr)); + if (*local_addr == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + krb5_copy_address(context, + auth_context->local_address, + *local_addr); + + if(*remote_addr) + krb5_free_address (context, *remote_addr); + *remote_addr = malloc (sizeof(**remote_addr)); + if (*remote_addr == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + krb5_free_address (context, *local_addr); + *local_addr = NULL; + return ENOMEM; + } + krb5_copy_address(context, + auth_context->remote_address, + *remote_addr); + return 0; +} + +static krb5_error_code +copy_key(krb5_context context, + krb5_keyblock *in, + krb5_keyblock **out) +{ + if(in) + return krb5_copy_keyblock(context, in, out); + *out = NULL; /* is this right? */ + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock **keyblock) +{ + return copy_key(context, auth_context->keyblock, keyblock); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getlocalsubkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock **keyblock) +{ + return copy_key(context, auth_context->local_subkey, keyblock); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getremotesubkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock **keyblock) +{ + return copy_key(context, auth_context->remote_subkey, keyblock); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock *keyblock) +{ + if(auth_context->keyblock) + krb5_free_keyblock(context, auth_context->keyblock); + return copy_key(context, keyblock, &auth_context->keyblock); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setlocalsubkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock *keyblock) +{ + if(auth_context->local_subkey) + krb5_free_keyblock(context, auth_context->local_subkey); + return copy_key(context, keyblock, &auth_context->local_subkey); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_generatelocalsubkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock *key) +{ + krb5_error_code ret; + krb5_keyblock *subkey; + + ret = krb5_generate_subkey_extended (context, key, + auth_context->keytype, + &subkey); + if(ret) + return ret; + if(auth_context->local_subkey) + krb5_free_keyblock(context, auth_context->local_subkey); + auth_context->local_subkey = subkey; + return 0; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setremotesubkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock *keyblock) +{ + if(auth_context->remote_subkey) + krb5_free_keyblock(context, auth_context->remote_subkey); + return copy_key(context, keyblock, &auth_context->remote_subkey); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setcksumtype(krb5_context context, + krb5_auth_context auth_context, + krb5_cksumtype cksumtype) +{ + auth_context->cksumtype = cksumtype; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getcksumtype(krb5_context context, + krb5_auth_context auth_context, + krb5_cksumtype *cksumtype) +{ + *cksumtype = auth_context->cksumtype; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setkeytype (krb5_context context, + krb5_auth_context auth_context, + krb5_keytype keytype) +{ + auth_context->keytype = keytype; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getkeytype (krb5_context context, + krb5_auth_context auth_context, + krb5_keytype *keytype) +{ + *keytype = auth_context->keytype; + return 0; +} + +#if 0 +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setenctype(krb5_context context, + krb5_auth_context auth_context, + krb5_enctype etype) +{ + if(auth_context->keyblock) + krb5_free_keyblock(context, auth_context->keyblock); + ALLOC(auth_context->keyblock, 1); + if(auth_context->keyblock == NULL) + return ENOMEM; + auth_context->keyblock->keytype = etype; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getenctype(krb5_context context, + krb5_auth_context auth_context, + krb5_enctype *etype) +{ + krb5_abortx(context, "unimplemented krb5_auth_getenctype called"); +} +#endif + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getlocalseqnumber(krb5_context context, + krb5_auth_context auth_context, + int32_t *seqnumber) +{ + *seqnumber = auth_context->local_seqnumber; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setlocalseqnumber (krb5_context context, + krb5_auth_context auth_context, + int32_t seqnumber) +{ + auth_context->local_seqnumber = seqnumber; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_getremoteseqnumber(krb5_context context, + krb5_auth_context auth_context, + int32_t *seqnumber) +{ + *seqnumber = auth_context->remote_seqnumber; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setremoteseqnumber (krb5_context context, + krb5_auth_context auth_context, + int32_t seqnumber) +{ + auth_context->remote_seqnumber = seqnumber; + return 0; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getauthenticator(krb5_context context, + krb5_auth_context auth_context, + krb5_authenticator *authenticator) +{ + *authenticator = malloc(sizeof(**authenticator)); + if (*authenticator == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + copy_Authenticator(auth_context->authenticator, + *authenticator); + return 0; +} + + +void KRB5_LIB_FUNCTION +krb5_free_authenticator(krb5_context context, + krb5_authenticator *authenticator) +{ + free_Authenticator (*authenticator); + free (*authenticator); + *authenticator = NULL; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setuserkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock *keyblock) +{ + if(auth_context->keyblock) + krb5_free_keyblock(context, auth_context->keyblock); + return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getrcache(krb5_context context, + krb5_auth_context auth_context, + krb5_rcache *rcache) +{ + *rcache = auth_context->rcache; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setrcache(krb5_context context, + krb5_auth_context auth_context, + krb5_rcache rcache) +{ + auth_context->rcache = rcache; + return 0; +} + +#if 0 /* not implemented */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_initivector(krb5_context context, + krb5_auth_context auth_context) +{ + krb5_abortx(context, "unimplemented krb5_auth_con_initivector called"); +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setivector(krb5_context context, + krb5_auth_context auth_context, + krb5_pointer ivector) +{ + krb5_abortx(context, "unimplemented krb5_auth_con_setivector called"); +} + +#endif /* not implemented */ diff --git a/source4/heimdal/lib/krb5/build_ap_req.c b/source4/heimdal/lib/krb5/build_ap_req.c new file mode 100644 index 0000000000..e11744cc3a --- /dev/null +++ b/source4/heimdal/lib/krb5/build_ap_req.c @@ -0,0 +1,76 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: build_ap_req.c,v 1.20 2004/05/25 21:18:17 lha Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_build_ap_req (krb5_context context, + krb5_enctype enctype, + krb5_creds *cred, + krb5_flags ap_options, + krb5_data authenticator, + krb5_data *retdata) +{ + krb5_error_code ret = 0; + AP_REQ ap; + Ticket t; + size_t len; + + ap.pvno = 5; + ap.msg_type = krb_ap_req; + memset(&ap.ap_options, 0, sizeof(ap.ap_options)); + ap.ap_options.use_session_key = (ap_options & AP_OPTS_USE_SESSION_KEY) > 0; + ap.ap_options.mutual_required = (ap_options & AP_OPTS_MUTUAL_REQUIRED) > 0; + + ap.ticket.tkt_vno = 5; + copy_Realm(&cred->server->realm, &ap.ticket.realm); + copy_PrincipalName(&cred->server->name, &ap.ticket.sname); + + decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len); + copy_EncryptedData(&t.enc_part, &ap.ticket.enc_part); + free_Ticket(&t); + + ap.authenticator.etype = enctype; + ap.authenticator.kvno = NULL; + ap.authenticator.cipher = authenticator; + + ASN1_MALLOC_ENCODE(AP_REQ, retdata->data, retdata->length, + &ap, &len, ret); + if(ret == 0 && retdata->length != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + free_AP_REQ(&ap); + return ret; + +} diff --git a/source4/heimdal/lib/krb5/build_auth.c b/source4/heimdal/lib/krb5/build_auth.c new file mode 100644 index 0000000000..1c38721b02 --- /dev/null +++ b/source4/heimdal/lib/krb5/build_auth.c @@ -0,0 +1,205 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: build_auth.c,v 1.42 2005/01/05 02:34:53 lukeh Exp $"); + +static krb5_error_code +make_etypelist(krb5_context context, + krb5_authdata **auth_data) +{ + EtypeList etypes; + krb5_error_code ret; + krb5_authdata ad; + u_char *buf; + size_t len; + size_t buf_size; + + ret = krb5_init_etype(context, &etypes.len, &etypes.val, NULL); + if (ret) + return ret; + + ASN1_MALLOC_ENCODE(EtypeList, buf, buf_size, &etypes, &len, ret); + if (ret) { + free_EtypeList(&etypes); + return ret; + } + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + free_EtypeList(&etypes); + + ALLOC_SEQ(&ad, 1); + if (ad.val == NULL) { + free(buf); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + ad.val[0].ad_type = KRB5_AUTHDATA_GSS_API_ETYPE_NEGOTIATION; + ad.val[0].ad_data.length = len; + ad.val[0].ad_data.data = buf; + + ASN1_MALLOC_ENCODE(AD_IF_RELEVANT, buf, buf_size, &ad, &len, ret); + if (ret) { + free_AuthorizationData(&ad); + return ret; + } + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + free_AuthorizationData(&ad); + + ALLOC(*auth_data, 1); + if (*auth_data == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + ALLOC_SEQ(*auth_data, 1); + if ((*auth_data)->val == NULL) { + free(buf); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + (*auth_data)->val[0].ad_type = KRB5_AUTHDATA_IF_RELEVANT; + (*auth_data)->val[0].ad_data.length = len; + (*auth_data)->val[0].ad_data.data = buf; + + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_build_authenticator (krb5_context context, + krb5_auth_context auth_context, + krb5_enctype enctype, + krb5_creds *cred, + Checksum *cksum, + Authenticator **auth_result, + krb5_data *result, + krb5_key_usage usage) +{ + Authenticator *auth; + u_char *buf = NULL; + size_t buf_size; + size_t len; + krb5_error_code ret; + krb5_crypto crypto; + + auth = malloc(sizeof(*auth)); + if (auth == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + memset (auth, 0, sizeof(*auth)); + auth->authenticator_vno = 5; + copy_Realm(&cred->client->realm, &auth->crealm); + copy_PrincipalName(&cred->client->name, &auth->cname); + + krb5_us_timeofday (context, &auth->ctime, &auth->cusec); + + ret = krb5_auth_con_getlocalsubkey(context, auth_context, &auth->subkey); + if(ret) + goto fail; + + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { + if(auth_context->local_seqnumber == 0) + krb5_generate_seq_number (context, + &cred->session, + &auth_context->local_seqnumber); + ALLOC(auth->seq_number, 1); + if(auth->seq_number == NULL) { + ret = ENOMEM; + goto fail; + } + *auth->seq_number = auth_context->local_seqnumber; + } else + auth->seq_number = NULL; + auth->authorization_data = NULL; + auth->cksum = cksum; + + if (cksum != NULL && cksum->cksumtype == CKSUMTYPE_GSSAPI) { + /* + * This is not GSS-API specific, we only enable it for + * GSS for now + */ + ret = make_etypelist(context, &auth->authorization_data); + if (ret) + goto fail; + } + + /* XXX - Copy more to auth_context? */ + + if (auth_context) { + auth_context->authenticator->ctime = auth->ctime; + auth_context->authenticator->cusec = auth->cusec; + } + + ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret); + if (ret) + goto fail; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + ret = krb5_crypto_init(context, &cred->session, enctype, &crypto); + if (ret) + goto fail; + ret = krb5_encrypt (context, + crypto, + usage /* KRB5_KU_AP_REQ_AUTH */, + buf + buf_size - len, + len, + result); + krb5_crypto_destroy(context, crypto); + + if (ret) + goto fail; + + free (buf); + + if (auth_result) + *auth_result = auth; + else { + /* Don't free the `cksum', it's allocated by the caller */ + auth->cksum = NULL; + free_Authenticator (auth); + free (auth); + } + return ret; + fail: + free_Authenticator (auth); + free (auth); + free (buf); + return ret; +} diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c new file mode 100644 index 0000000000..f293a96ed9 --- /dev/null +++ b/source4/heimdal/lib/krb5/cache.c @@ -0,0 +1,657 @@ +/* + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: cache.c,v 1.71 2005/06/16 20:19:57 lha Exp $"); + +/* + * Add a new ccache type with operations `ops', overwriting any + * existing one if `override'. + * Return an error code or 0. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_register(krb5_context context, + const krb5_cc_ops *ops, + krb5_boolean override) +{ + int i; + + for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) { + if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) { + if(!override) { + krb5_set_error_string(context, + "ccache type %s already exists", + ops->prefix); + return KRB5_CC_TYPE_EXISTS; + } + break; + } + } + if(i == context->num_cc_ops) { + krb5_cc_ops *o = realloc(context->cc_ops, + (context->num_cc_ops + 1) * + sizeof(*context->cc_ops)); + if(o == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return KRB5_CC_NOMEM; + } + context->num_cc_ops++; + context->cc_ops = o; + memset(context->cc_ops + i, 0, + (context->num_cc_ops - i) * sizeof(*context->cc_ops)); + } + memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i])); + return 0; +} + +/* + * Allocate memory for a new ccache in `id' with operations `ops' + * and name `residual'. + * Return 0 or an error code. + */ + +static krb5_error_code +allocate_ccache (krb5_context context, + const krb5_cc_ops *ops, + const char *residual, + krb5_ccache *id) +{ + krb5_error_code ret; + krb5_ccache p; + + p = malloc(sizeof(*p)); + if(p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return KRB5_CC_NOMEM; + } + p->ops = ops; + *id = p; + ret = p->ops->resolve(context, id, residual); + if(ret) + free(p); + return ret; +} + +/* + * Find and allocate a ccache in `id' from the specification in `residual'. + * If the ccache name doesn't contain any colon, interpret it as a file name. + * Return 0 or an error code. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_resolve(krb5_context context, + const char *name, + krb5_ccache *id) +{ + int i; + + for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) { + size_t prefix_len = strlen(context->cc_ops[i].prefix); + + if(strncmp(context->cc_ops[i].prefix, name, prefix_len) == 0 + && name[prefix_len] == ':') { + return allocate_ccache (context, &context->cc_ops[i], + name + prefix_len + 1, + id); + } + } + if (strchr (name, ':') == NULL) + return allocate_ccache (context, &krb5_fcc_ops, name, id); + else { + krb5_set_error_string(context, "unknown ccache type %s", name); + return KRB5_CC_UNKNOWN_TYPE; + } +} + +/* + * Generate a new ccache of type `ops' in `id'. + * Return 0 or an error code. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_gen_new(krb5_context context, + const krb5_cc_ops *ops, + krb5_ccache *id) +{ + krb5_ccache p; + + p = malloc (sizeof(*p)); + if (p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return KRB5_CC_NOMEM; + } + p->ops = ops; + *id = p; + return p->ops->gen_new(context, id); +} + +/* + * Generates a new unique ccache of `type` in `id'. If `type' is NULL, + * the library chooses the default credential cache type. The supplied + * `hint' (that can be NULL) is a string that the credential cache + * type can use to base the name of the credential on, this is to make + * its easier for the user to differentiate the credentials. + * + * Returns 0 or an error code. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_new_unique(krb5_context context, const char *type, + const char *hint, krb5_ccache *id) +{ + const krb5_cc_ops *ops; + + if (type == NULL) + type = "FILE"; + + ops = krb5_cc_get_prefix_ops(context, type); + if (ops == NULL) { + krb5_set_error_string(context, "Credential cache type %s is unknown", + type); + return KRB5_CC_UNKNOWN_TYPE; + } + + return krb5_cc_gen_new(context, ops, id); +} + +/* + * Return the name of the ccache `id' + */ + +const char* KRB5_LIB_FUNCTION +krb5_cc_get_name(krb5_context context, + krb5_ccache id) +{ + return id->ops->get_name(context, id); +} + +/* + * Return the type of the ccache `id'. + */ + +const char* KRB5_LIB_FUNCTION +krb5_cc_get_type(krb5_context context, + krb5_ccache id) +{ + return id->ops->prefix; +} + +/* + * Return krb5_cc_ops of a the ccache `id'. + */ + +const krb5_cc_ops * +krb5_cc_get_ops(krb5_context context, krb5_ccache id) +{ + return id->ops; +} + +/* + * Expand variables in `str' into `res' + */ + +krb5_error_code +_krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) +{ + size_t tlen, len = 0; + char *tmp, *tmp2, *append; + + *res = NULL; + + while (str && *str) { + tmp = strstr(str, "%{"); + if (tmp && tmp != str) { + append = malloc((tmp - str) + 1); + if (append) { + memcpy(append, str, tmp - str); + append[tmp - str] = '\0'; + } + str = tmp; + } else if (tmp) { + tmp2 = strchr(tmp, '}'); + if (tmp2 == NULL) { + free(*res); + *res = NULL; + krb5_set_error_string(context, "variable missing }"); + return KRB5_CONFIG_BADFORMAT; + } + if (strncasecmp(tmp, "%{uid}", 6) == 0) + asprintf(&append, "%u", (unsigned)getuid()); + else if (strncasecmp(tmp, "%{null}", 7) == 0) + append = strdup(""); + else { + free(*res); + *res = NULL; + krb5_set_error_string(context, + "expand default cache unknown " + "variable \"%.*s\"", + (int)(tmp2 - tmp) - 2, tmp + 2); + return KRB5_CONFIG_BADFORMAT; + } + str = tmp2 + 1; + } else { + append = strdup(str); + str = NULL; + } + if (append == NULL) { + free(*res); + res = NULL; + krb5_set_error_string(context, "malloc - out of memory"); + return ENOMEM; + } + + tlen = strlen(append); + tmp = realloc(*res, len + tlen + 1); + if (tmp == NULL) { + free(*res); + *res = NULL; + krb5_set_error_string(context, "malloc - out of memory"); + return ENOMEM; + } + *res = tmp; + memcpy(*res + len, append, tlen + 1); + len = len + tlen; + free(append); + } + return 0; +} + +/* + * Set the default cc name for `context' to `name'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_set_default_name(krb5_context context, const char *name) +{ + krb5_error_code ret = 0; + char *p; + + if (name == NULL) { + const char *e = NULL; + + if(!issuid()) { + e = getenv("KRB5CCNAME"); + if (e) + p = strdup(e); + } + if (e == NULL) { + e = krb5_config_get_string(context, NULL, "libdefaults", + "default_cc_name", NULL); + if (e) { + ret = _krb5_expand_default_cc_name(context, e, &p); + if (ret) + return ret; + } + } + if (e == NULL) + asprintf(&p,"FILE:/tmp/krb5cc_%u", (unsigned)getuid()); + } else + p = strdup(name); + + if (p == NULL) { + krb5_set_error_string(context, "malloc - out of memory"); + return ENOMEM; + } + + if (context->default_cc_name) + free(context->default_cc_name); + + context->default_cc_name = p; + + return ret; +} + +/* + * Return a pointer to a context static string containing the default + * ccache name. + */ + +const char* KRB5_LIB_FUNCTION +krb5_cc_default_name(krb5_context context) +{ + if (context->default_cc_name == NULL) + krb5_cc_set_default_name(context, NULL); + + return context->default_cc_name; +} + +/* + * Open the default ccache in `id'. + * Return 0 or an error code. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_default(krb5_context context, + krb5_ccache *id) +{ + const char *p = krb5_cc_default_name(context); + + if (p == NULL) { + krb5_set_error_string(context, "malloc - out of memory"); + return ENOMEM; + } + return krb5_cc_resolve(context, p, id); +} + +/* + * Create a new ccache in `id' for `primary_principal'. + * Return 0 or an error code. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_initialize(krb5_context context, + krb5_ccache id, + krb5_principal primary_principal) +{ + return id->ops->init(context, id, primary_principal); +} + + +/* + * Remove the ccache `id'. + * Return 0 or an error code. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_destroy(krb5_context context, + krb5_ccache id) +{ + krb5_error_code ret; + + ret = id->ops->destroy(context, id); + krb5_cc_close (context, id); + return ret; +} + +/* + * Stop using the ccache `id' and free the related resources. + * Return 0 or an error code. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_close(krb5_context context, + krb5_ccache id) +{ + krb5_error_code ret; + ret = id->ops->close(context, id); + free(id); + return ret; +} + +/* + * Store `creds' in the ccache `id'. + * Return 0 or an error code. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_store_cred(krb5_context context, + krb5_ccache id, + krb5_creds *creds) +{ + return id->ops->store(context, id, creds); +} + +/* + * Retrieve the credential identified by `mcreds' (and `whichfields') + * from `id' in `creds'. + * Return 0 or an error code. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_retrieve_cred(krb5_context context, + krb5_ccache id, + krb5_flags whichfields, + const krb5_creds *mcreds, + krb5_creds *creds) +{ + krb5_error_code ret; + krb5_cc_cursor cursor; + + if (id->ops->retrieve != NULL) { + return id->ops->retrieve(context, id, whichfields, + mcreds, creds); + } + + krb5_cc_start_seq_get(context, id, &cursor); + while((ret = krb5_cc_next_cred(context, id, &cursor, creds)) == 0){ + if(krb5_compare_creds(context, whichfields, mcreds, creds)){ + ret = 0; + break; + } + krb5_free_cred_contents (context, creds); + } + krb5_cc_end_seq_get(context, id, &cursor); + return ret; +} + +/* + * Return the principal of `id' in `principal'. + * Return 0 or an error code. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_get_principal(krb5_context context, + krb5_ccache id, + krb5_principal *principal) +{ + return id->ops->get_princ(context, id, principal); +} + +/* + * Start iterating over `id', `cursor' is initialized to the + * beginning. + * Return 0 or an error code. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_start_seq_get (krb5_context context, + const krb5_ccache id, + krb5_cc_cursor *cursor) +{ + return id->ops->get_first(context, id, cursor); +} + +/* + * Retrieve the next cred pointed to by (`id', `cursor') in `creds' + * and advance `cursor'. + * Return 0 or an error code. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_next_cred (krb5_context context, + const krb5_ccache id, + krb5_cc_cursor *cursor, + krb5_creds *creds) +{ + return id->ops->get_next(context, id, cursor, creds); +} + +/* like krb5_cc_next_cred, but allow for selective retrieval */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_next_cred_match(krb5_context context, + const krb5_ccache id, + krb5_cc_cursor * cursor, + krb5_creds * creds, + krb5_flags whichfields, + const krb5_creds * mcreds) +{ + krb5_error_code ret; + while (1) { + ret = krb5_cc_next_cred(context, id, cursor, creds); + if (ret) + return ret; + if (mcreds == NULL || krb5_compare_creds(context, whichfields, mcreds, creds)) + return 0; + krb5_free_cred_contents(context, creds); + } +} + +/* + * Destroy the cursor `cursor'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_end_seq_get (krb5_context context, + const krb5_ccache id, + krb5_cc_cursor *cursor) +{ + return id->ops->end_get(context, id, cursor); +} + +/* + * Remove the credential identified by `cred', `which' from `id'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_remove_cred(krb5_context context, + krb5_ccache id, + krb5_flags which, + krb5_creds *cred) +{ + if(id->ops->remove_cred == NULL) { + krb5_set_error_string(context, + "ccache %s does not support remove_cred", + id->ops->prefix); + return EACCES; /* XXX */ + } + return (*id->ops->remove_cred)(context, id, which, cred); +} + +/* + * Set the flags of `id' to `flags'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_set_flags(krb5_context context, + krb5_ccache id, + krb5_flags flags) +{ + return id->ops->set_flags(context, id, flags); +} + +/* + * Copy the contents of `from' to `to'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_copy_cache_match(krb5_context context, + const krb5_ccache from, + krb5_ccache to, + krb5_flags whichfields, + const krb5_creds * mcreds, + unsigned int *matched) +{ + krb5_error_code ret; + krb5_cc_cursor cursor; + krb5_creds cred; + krb5_principal princ; + + ret = krb5_cc_get_principal(context, from, &princ); + if (ret) + return ret; + ret = krb5_cc_initialize(context, to, princ); + if (ret) { + krb5_free_principal(context, princ); + return ret; + } + ret = krb5_cc_start_seq_get(context, from, &cursor); + if (ret) { + krb5_free_principal(context, princ); + return ret; + } + if (matched) + *matched = 0; + while (ret == 0 && + krb5_cc_next_cred_match(context, from, &cursor, &cred, + whichfields, mcreds) == 0) { + if (matched) + (*matched)++; + ret = krb5_cc_store_cred(context, to, &cred); + krb5_free_cred_contents(context, &cred); + } + krb5_cc_end_seq_get(context, from, &cursor); + krb5_free_principal(context, princ); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_copy_cache(krb5_context context, + const krb5_ccache from, + krb5_ccache to) +{ + return krb5_cc_copy_cache_match(context, from, to, 0, NULL, NULL); +} + +/* + * Return the version of `id'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_get_version(krb5_context context, + const krb5_ccache id) +{ + if(id->ops->get_version) + return id->ops->get_version(context, id); + else + return 0; +} + +/* + * Clear `mcreds' so it can be used with krb5_cc_retrieve_cred + */ + +void KRB5_LIB_FUNCTION +krb5_cc_clear_mcred(krb5_creds *mcred) +{ + memset(mcred, 0, sizeof(*mcred)); +} + +/* + * Get the cc ops that is registered in `context' to handle the + * `prefix'. Returns NULL if ops not found. + */ + +const krb5_cc_ops * +krb5_cc_get_prefix_ops(krb5_context context, const char *prefix) +{ + int i; + + for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) { + if(strcmp(context->cc_ops[i].prefix, prefix) == 0) + return &context->cc_ops[i]; + } + return NULL; +} diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c new file mode 100644 index 0000000000..e6ef1d9d9b --- /dev/null +++ b/source4/heimdal/lib/krb5/changepw.c @@ -0,0 +1,816 @@ +/* + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: changepw.c,v 1.53 2005/05/25 05:30:42 lha Exp $"); + +static void +str2data (krb5_data *d, + const char *fmt, + ...) __attribute__ ((format (printf, 2, 3))); + +static void +str2data (krb5_data *d, + const char *fmt, + ...) +{ + va_list args; + + va_start(args, fmt); + d->length = vasprintf ((char **)&d->data, fmt, args); + va_end(args); +} + +/* + * Change password protocol defined by + * draft-ietf-cat-kerb-chg-password-02.txt + * + * Share the response part of the protocol with MS set password + * (RFC3244) + */ + +static krb5_error_code +chgpw_send_request (krb5_context context, + krb5_auth_context *auth_context, + krb5_creds *creds, + krb5_principal targprinc, + int is_stream, + int sock, + char *passwd, + const char *host) +{ + krb5_error_code ret; + krb5_data ap_req_data; + krb5_data krb_priv_data; + krb5_data passwd_data; + size_t len; + u_char header[6]; + u_char *p; + struct iovec iov[3]; + struct msghdr msghdr; + + if (is_stream) + return KRB5_KPASSWD_MALFORMED; + + if (targprinc && + krb5_principal_compare(context, creds->client, targprinc) != TRUE) + return KRB5_KPASSWD_MALFORMED; + + krb5_data_zero (&ap_req_data); + + ret = krb5_mk_req_extended (context, + auth_context, + AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY, + NULL, /* in_data */ + creds, + &ap_req_data); + if (ret) + return ret; + + passwd_data.data = passwd; + passwd_data.length = strlen(passwd); + + krb5_data_zero (&krb_priv_data); + + ret = krb5_mk_priv (context, + *auth_context, + &passwd_data, + &krb_priv_data, + NULL); + if (ret) + goto out2; + + len = 6 + ap_req_data.length + krb_priv_data.length; + p = header; + *p++ = (len >> 8) & 0xFF; + *p++ = (len >> 0) & 0xFF; + *p++ = 0; + *p++ = 1; + *p++ = (ap_req_data.length >> 8) & 0xFF; + *p++ = (ap_req_data.length >> 0) & 0xFF; + + memset(&msghdr, 0, sizeof(msghdr)); + msghdr.msg_name = NULL; + msghdr.msg_namelen = 0; + msghdr.msg_iov = iov; + msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov); +#if 0 + msghdr.msg_control = NULL; + msghdr.msg_controllen = 0; +#endif + + iov[0].iov_base = (void*)header; + iov[0].iov_len = 6; + iov[1].iov_base = ap_req_data.data; + iov[1].iov_len = ap_req_data.length; + iov[2].iov_base = krb_priv_data.data; + iov[2].iov_len = krb_priv_data.length; + + if (sendmsg (sock, &msghdr, 0) < 0) { + ret = errno; + krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret)); + } + + krb5_data_free (&krb_priv_data); +out2: + krb5_data_free (&ap_req_data); + return ret; +} + +/* + * Set password protocol as defined by RFC3244 -- + * Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols + */ + +static krb5_error_code +setpw_send_request (krb5_context context, + krb5_auth_context *auth_context, + krb5_creds *creds, + krb5_principal targprinc, + int is_stream, + int sock, + char *passwd, + const char *host) +{ + krb5_error_code ret; + krb5_data ap_req_data; + krb5_data krb_priv_data; + krb5_data pwd_data; + ChangePasswdDataMS chpw; + size_t len; + u_char header[4 + 6]; + u_char *p; + struct iovec iov[3]; + struct msghdr msghdr; + + krb5_data_zero (&ap_req_data); + + ret = krb5_mk_req_extended (context, + auth_context, + AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY, + NULL, /* in_data */ + creds, + &ap_req_data); + if (ret) + return ret; + + chpw.newpasswd.length = strlen(passwd); + chpw.newpasswd.data = passwd; + if (targprinc) { + chpw.targname = &targprinc->name; + chpw.targrealm = &targprinc->realm; + } else { + chpw.targname = NULL; + chpw.targrealm = NULL; + } + + ASN1_MALLOC_ENCODE(ChangePasswdDataMS, pwd_data.data, pwd_data.length, + &chpw, &len, ret); + if (ret) { + krb5_data_free (&ap_req_data); + return ret; + } + + if(pwd_data.length != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + ret = krb5_mk_priv (context, + *auth_context, + &pwd_data, + &krb_priv_data, + NULL); + if (ret) + goto out2; + + len = 6 + ap_req_data.length + krb_priv_data.length; + p = header; + if (is_stream) { + _krb5_put_int(p, len, 4); + p += 4; + } + *p++ = (len >> 8) & 0xFF; + *p++ = (len >> 0) & 0xFF; + *p++ = 0xff; + *p++ = 0x80; + *p++ = (ap_req_data.length >> 8) & 0xFF; + *p++ = (ap_req_data.length >> 0) & 0xFF; + + memset(&msghdr, 0, sizeof(msghdr)); + msghdr.msg_name = NULL; + msghdr.msg_namelen = 0; + msghdr.msg_iov = iov; + msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov); +#if 0 + msghdr.msg_control = NULL; + msghdr.msg_controllen = 0; +#endif + + iov[0].iov_base = (void*)header; + if (is_stream) + iov[0].iov_len = 10; + else + iov[0].iov_len = 6; + iov[1].iov_base = ap_req_data.data; + iov[1].iov_len = ap_req_data.length; + iov[2].iov_base = krb_priv_data.data; + iov[2].iov_len = krb_priv_data.length; + + if (sendmsg (sock, &msghdr, 0) < 0) { + ret = errno; + krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret)); + } + + krb5_data_free (&krb_priv_data); +out2: + krb5_data_free (&ap_req_data); + krb5_data_free (&pwd_data); + return ret; +} + +static krb5_error_code +process_reply (krb5_context context, + krb5_auth_context auth_context, + int is_stream, + int sock, + int *result_code, + krb5_data *result_code_string, + krb5_data *result_string, + const char *host) +{ + krb5_error_code ret; + u_char reply[1024 * 3]; + ssize_t len; + u_int16_t pkt_len, pkt_ver; + krb5_data ap_rep_data; + int save_errno; + + len = 0; + if (is_stream) { + while (len < sizeof(reply)) { + unsigned long size; + + ret = recvfrom (sock, reply + len, sizeof(reply) - len, + 0, NULL, NULL); + if (ret < 0) { + save_errno = errno; + krb5_set_error_string(context, "recvfrom %s: %s", + host, strerror(save_errno)); + return save_errno; + } else if (ret == 0) { + krb5_set_error_string(context, "recvfrom timeout %s", host); + return 1; + } + len += ret; + if (len < 4) + continue; + _krb5_get_int(reply, &size, 4); + if (size + 4 < len) + continue; + memmove(reply, reply + 4, size); + len = size; + break; + } + if (len == sizeof(reply)) { + krb5_set_error_string(context, "message too large from %s", + host); + return ENOMEM; + } + } else { + ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL); + if (ret < 0) { + save_errno = errno; + krb5_set_error_string(context, "recvfrom %s: %s", + host, strerror(save_errno)); + return save_errno; + } + len = ret; + } + + if (len < 6) { + str2data (result_string, "server %s sent to too short message " + "(%ld bytes)", host, (long)len); + *result_code = KRB5_KPASSWD_MALFORMED; + return 0; + } + + pkt_len = (reply[0] << 8) | (reply[1]); + pkt_ver = (reply[2] << 8) | (reply[3]); + + if ((pkt_len != len) || (reply[1] == 0x7e || reply[1] == 0x5e)) { + KRB_ERROR error; + size_t size; + u_char *p; + + memset(&error, 0, sizeof(error)); + + ret = decode_KRB_ERROR(reply, len, &error, &size); + if (ret) + return ret; + + if (error.e_data->length < 2) { + str2data(result_string, "server %s sent too short " + "e_data to print anything usable", host); + free_KRB_ERROR(&error); + *result_code = KRB5_KPASSWD_MALFORMED; + return 0; + } + + p = error.e_data->data; + *result_code = (p[0] << 8) | p[1]; + if (error.e_data->length == 2) + str2data(result_string, "server only sent error code"); + else + krb5_data_copy (result_string, + p + 2, + error.e_data->length - 2); + free_KRB_ERROR(&error); + return 0; + } + + if (pkt_len != len) { + str2data (result_string, "client: wrong len in reply"); + *result_code = KRB5_KPASSWD_MALFORMED; + return 0; + } + if (pkt_ver != KRB5_KPASSWD_VERS_CHANGEPW) { + str2data (result_string, + "client: wrong version number (%d)", pkt_ver); + *result_code = KRB5_KPASSWD_MALFORMED; + return 0; + } + + ap_rep_data.data = reply + 6; + ap_rep_data.length = (reply[4] << 8) | (reply[5]); + + if (reply + len < (u_char *)ap_rep_data.data + ap_rep_data.length) { + str2data (result_string, "client: wrong AP len in reply"); + *result_code = KRB5_KPASSWD_MALFORMED; + return 0; + } + + if (ap_rep_data.length) { + krb5_ap_rep_enc_part *ap_rep; + krb5_data priv_data; + u_char *p; + + priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length; + priv_data.length = len - ap_rep_data.length - 6; + + ret = krb5_rd_rep (context, + auth_context, + &ap_rep_data, + &ap_rep); + if (ret) + return ret; + + krb5_free_ap_rep_enc_part (context, ap_rep); + + ret = krb5_rd_priv (context, + auth_context, + &priv_data, + result_code_string, + NULL); + if (ret) { + krb5_data_free (result_code_string); + return ret; + } + + if (result_code_string->length < 2) { + *result_code = KRB5_KPASSWD_MALFORMED; + str2data (result_string, + "client: bad length in result"); + return 0; + } + + p = result_code_string->data; + + *result_code = (p[0] << 8) | p[1]; + krb5_data_copy (result_string, + (unsigned char*)result_code_string->data + 2, + result_code_string->length - 2); + return 0; + } else { + KRB_ERROR error; + size_t size; + u_char *p; + + ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size); + if (ret) { + return ret; + } + if (error.e_data->length < 2) { + krb5_warnx (context, "too short e_data to print anything usable"); + return 1; /* XXX */ + } + + p = error.e_data->data; + *result_code = (p[0] << 8) | p[1]; + krb5_data_copy (result_string, + p + 2, + error.e_data->length - 2); + return 0; + } +} + + +/* + * change the password using the credentials in `creds' (for the + * principal indicated in them) to `newpw', storing the result of + * the operation in `result_*' and an error code or 0. + */ + +typedef krb5_error_code (*kpwd_send_request) (krb5_context, + krb5_auth_context *, + krb5_creds *, + krb5_principal, + int, + int, + char *, + const char *); +typedef krb5_error_code (*kpwd_process_reply) (krb5_context, + krb5_auth_context, + int, + int, + int *, + krb5_data *, + krb5_data *, + const char *); + +static struct kpwd_proc { + const char *name; + int flags; +#define SUPPORT_TCP 1 +#define SUPPORT_UDP 2 + kpwd_send_request send_req; + kpwd_process_reply process_rep; +} procs[] = { + { + "MS set password", + SUPPORT_TCP|SUPPORT_UDP, + setpw_send_request, + process_reply + }, + { + "change password", + SUPPORT_UDP, + chgpw_send_request, + process_reply + }, + { NULL } +}; + +static struct kpwd_proc * +find_chpw_proto(const char *name) +{ + struct kpwd_proc *p; + for (p = procs; p->name != NULL; p++) { + if (strcmp(p->name, name) == 0) + return p; + } + return NULL; +} + +/* + * + */ + +static krb5_error_code +change_password_loop (krb5_context context, + krb5_creds *creds, + krb5_principal targprinc, + char *newpw, + int *result_code, + krb5_data *result_code_string, + krb5_data *result_string, + struct kpwd_proc *proc) +{ + krb5_error_code ret; + krb5_auth_context auth_context = NULL; + krb5_krbhst_handle handle = NULL; + krb5_krbhst_info *hi; + int sock; + int i; + int done = 0; + krb5_realm realm = creds->client->realm; + + ret = krb5_auth_con_init (context, &auth_context); + if (ret) + return ret; + + krb5_auth_con_setflags (context, auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE); + + ret = krb5_krbhst_init (context, realm, KRB5_KRBHST_CHANGEPW, &handle); + if (ret) + goto out; + + while (!done && (ret = krb5_krbhst_next(context, handle, &hi)) == 0) { + struct addrinfo *ai, *a; + int is_stream; + + switch (hi->proto) { + case KRB5_KRBHST_UDP: + if ((proc->flags & SUPPORT_UDP) == 0) + continue; + is_stream = 0; + break; + case KRB5_KRBHST_TCP: + if ((proc->flags & SUPPORT_TCP) == 0) + continue; + is_stream = 1; + break; + default: + continue; + } + + ret = krb5_krbhst_get_addrinfo(context, hi, &ai); + if (ret) + continue; + + for (a = ai; !done && a != NULL; a = a->ai_next) { + int replied = 0; + + sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + if (sock < 0) + continue; + + ret = connect(sock, a->ai_addr, a->ai_addrlen); + if (ret < 0) { + close (sock); + goto out; + } + + ret = krb5_auth_con_genaddrs (context, auth_context, sock, + KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR); + if (ret) { + close (sock); + goto out; + } + + for (i = 0; !done && i < 5; ++i) { + fd_set fdset; + struct timeval tv; + + if (!replied) { + replied = 0; + + ret = (*proc->send_req) (context, + &auth_context, + creds, + targprinc, + is_stream, + sock, + newpw, + hi->hostname); + if (ret) { + close(sock); + goto out; + } + } + + if (sock >= FD_SETSIZE) { + krb5_set_error_string(context, "fd %d too large", sock); + ret = ERANGE; + close (sock); + goto out; + } + + FD_ZERO(&fdset); + FD_SET(sock, &fdset); + tv.tv_usec = 0; + tv.tv_sec = 1 + (1 << i); + + ret = select (sock + 1, &fdset, NULL, NULL, &tv); + if (ret < 0 && errno != EINTR) { + close(sock); + goto out; + } + if (ret == 1) { + ret = (*proc->process_rep) (context, + auth_context, + is_stream, + sock, + result_code, + result_code_string, + result_string, + hi->hostname); + if (ret == 0) + done = 1; + else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL) + replied = 1; + } else { + ret = KRB5_KDC_UNREACH; + } + } + close (sock); + } + } + + out: + krb5_krbhst_free (context, handle); + krb5_auth_con_free (context, auth_context); + if (done) + return 0; + else { + if (ret == KRB5_KDC_UNREACH) { + krb5_set_error_string(context, + "unable to reach any changepw server " + " in realm %s", realm); + *result_code = KRB5_KPASSWD_HARDERROR; + } + return ret; + } +} + + +/* + * change the password using the credentials in `creds' (for the + * principal indicated in them) to `newpw', storing the result of + * the operation in `result_*' and an error code or 0. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_change_password (krb5_context context, + krb5_creds *creds, + char *newpw, + int *result_code, + krb5_data *result_code_string, + krb5_data *result_string) +{ + struct kpwd_proc *p = find_chpw_proto("change password"); + + *result_code = KRB5_KPASSWD_MALFORMED; + result_code_string->data = result_string->data = NULL; + result_code_string->length = result_string->length = 0; + + if (p == NULL) + return KRB5_KPASSWD_MALFORMED; + + return change_password_loop(context, creds, NULL, newpw, + result_code, result_code_string, + result_string, p); +} + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_password(krb5_context context, + krb5_creds *creds, + char *newpw, + krb5_principal targprinc, + int *result_code, + krb5_data *result_code_string, + krb5_data *result_string) +{ + krb5_principal principal = NULL; + krb5_error_code ret = 0; + int i; + + *result_code = KRB5_KPASSWD_MALFORMED; + result_code_string->data = result_string->data = NULL; + result_code_string->length = result_string->length = 0; + + if (targprinc == NULL) { + ret = krb5_get_default_principal(context, &principal); + if (ret) + return ret; + } else + principal = targprinc; + + for (i = 0; procs[i].name != NULL; i++) { + *result_code = 0; + ret = change_password_loop(context, creds, targprinc, newpw, + result_code, result_code_string, + result_string, + &procs[i]); + if (ret == 0 && *result_code == 0) + break; + } + + if (targprinc == NULL) + krb5_free_principal(context, principal); + return ret; +} + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_password_using_ccache(krb5_context context, + krb5_ccache ccache, + char *newpw, + krb5_principal targprinc, + int *result_code, + krb5_data *result_code_string, + krb5_data *result_string) +{ + krb5_creds creds, *credsp; + krb5_error_code ret; + krb5_principal principal = NULL; + + *result_code = KRB5_KPASSWD_MALFORMED; + result_code_string->data = result_string->data = NULL; + result_code_string->length = result_string->length = 0; + + memset(&creds, 0, sizeof(creds)); + + if (targprinc == NULL) { + ret = krb5_cc_get_principal(context, ccache, &principal); + if (ret) + return ret; + } else + principal = targprinc; + + ret = krb5_make_principal(context, &creds.server, + krb5_principal_get_realm(context, principal), + "kadmin", "changepw", NULL); + if (ret) + goto out; + + ret = krb5_cc_get_principal(context, ccache, &creds.client); + if (ret) { + krb5_free_principal(context, creds.server); + goto out; + } + + ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp); + krb5_free_principal(context, creds.server); + krb5_free_principal(context, creds.client); + if (ret) + goto out; + + ret = krb5_set_password(context, + credsp, + newpw, + principal, + result_code, + result_code_string, + result_string); + + krb5_free_creds(context, credsp); + + return ret; + out: + if (targprinc == NULL) + krb5_free_principal(context, principal); + return ret; +} + +/* + * + */ + +const char* KRB5_LIB_FUNCTION +krb5_passwd_result_to_string (krb5_context context, + int result) +{ + static const char *strings[] = { + "Success", + "Malformed", + "Hard error", + "Auth error", + "Soft error" , + "Access denied", + "Bad version", + "Initial flag needed" + }; + + if (result < 0 || result > KRB5_KPASSWD_INITIAL_FLAG_NEEDED) + return "unknown result code"; + else + return strings[result]; +} diff --git a/source4/heimdal/lib/krb5/codec.c b/source4/heimdal/lib/krb5/codec.c new file mode 100644 index 0000000000..080e8a6511 --- /dev/null +++ b/source4/heimdal/lib/krb5/codec.c @@ -0,0 +1,196 @@ +/* + * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: codec.c,v 1.9 2004/05/25 21:19:37 lha Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_EncTicketPart (krb5_context context, + const void *data, + size_t length, + EncTicketPart *t, + size_t *len) +{ + return decode_EncTicketPart(data, length, t, len); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encode_EncTicketPart (krb5_context context, + void *data, + size_t length, + EncTicketPart *t, + size_t *len) +{ + return encode_EncTicketPart(data, length, t, len); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_EncASRepPart (krb5_context context, + const void *data, + size_t length, + EncASRepPart *t, + size_t *len) +{ + return decode_EncASRepPart(data, length, t, len); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encode_EncASRepPart (krb5_context context, + void *data, + size_t length, + EncASRepPart *t, + size_t *len) +{ + return encode_EncASRepPart(data, length, t, len); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_EncTGSRepPart (krb5_context context, + const void *data, + size_t length, + EncTGSRepPart *t, + size_t *len) +{ + return decode_EncTGSRepPart(data, length, t, len); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encode_EncTGSRepPart (krb5_context context, + void *data, + size_t length, + EncTGSRepPart *t, + size_t *len) +{ + return encode_EncTGSRepPart(data, length, t, len); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_EncAPRepPart (krb5_context context, + const void *data, + size_t length, + EncAPRepPart *t, + size_t *len) +{ + return decode_EncAPRepPart(data, length, t, len); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encode_EncAPRepPart (krb5_context context, + void *data, + size_t length, + EncAPRepPart *t, + size_t *len) +{ + return encode_EncAPRepPart(data, length, t, len); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_Authenticator (krb5_context context, + const void *data, + size_t length, + Authenticator *t, + size_t *len) +{ + return decode_Authenticator(data, length, t, len); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encode_Authenticator (krb5_context context, + void *data, + size_t length, + Authenticator *t, + size_t *len) +{ + return encode_Authenticator(data, length, t, len); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_EncKrbCredPart (krb5_context context, + const void *data, + size_t length, + EncKrbCredPart *t, + size_t *len) +{ + return decode_EncKrbCredPart(data, length, t, len); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encode_EncKrbCredPart (krb5_context context, + void *data, + size_t length, + EncKrbCredPart *t, + size_t *len) +{ + return encode_EncKrbCredPart (data, length, t, len); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_ETYPE_INFO (krb5_context context, + const void *data, + size_t length, + ETYPE_INFO *t, + size_t *len) +{ + return decode_ETYPE_INFO(data, length, t, len); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encode_ETYPE_INFO (krb5_context context, + void *data, + size_t length, + ETYPE_INFO *t, + size_t *len) +{ + return encode_ETYPE_INFO (data, length, t, len); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_ETYPE_INFO2 (krb5_context context, + const void *data, + size_t length, + ETYPE_INFO2 *t, + size_t *len) +{ + return decode_ETYPE_INFO2(data, length, t, len); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encode_ETYPE_INFO2 (krb5_context context, + void *data, + size_t length, + ETYPE_INFO2 *t, + size_t *len) +{ + return encode_ETYPE_INFO2 (data, length, t, len); +} diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c new file mode 100644 index 0000000000..86e286c638 --- /dev/null +++ b/source4/heimdal/lib/krb5/config_file.c @@ -0,0 +1,773 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +RCSID("$Id: config_file.c,v 1.53 2005/06/16 20:22:53 lha Exp $"); + +#ifndef HAVE_NETINFO + +/* Gaah! I want a portable funopen */ +struct fileptr { + const char *s; + FILE *f; +}; + +static char * +config_fgets(char *str, size_t len, struct fileptr *ptr) +{ + /* XXX this is not correct, in that they don't do the same if the + line is longer than len */ + if(ptr->f != NULL) + return fgets(str, len, ptr->f); + else { + /* this is almost strsep_copy */ + const char *p; + ssize_t l; + if(*ptr->s == '\0') + return NULL; + p = ptr->s + strcspn(ptr->s, "\n"); + if(*p == '\n') + p++; + l = min(len, p - ptr->s); + if(len > 0) { + memcpy(str, ptr->s, l); + str[l] = '\0'; + } + ptr->s = p; + return str; + } +} + +static krb5_error_code parse_section(char *p, krb5_config_section **s, + krb5_config_section **res, + const char **error_message); +static krb5_error_code parse_binding(struct fileptr *f, unsigned *lineno, char *p, + krb5_config_binding **b, + krb5_config_binding **parent, + const char **error_message); +static krb5_error_code parse_list(struct fileptr *f, unsigned *lineno, + krb5_config_binding **parent, + const char **error_message); + +static krb5_config_section * +get_entry(krb5_config_section **parent, const char *name, int type) +{ + krb5_config_section **q; + + for(q = parent; *q != NULL; q = &(*q)->next) + if(type == krb5_config_list && + type == (*q)->type && + strcmp(name, (*q)->name) == 0) + return *q; + *q = calloc(1, sizeof(**q)); + if(*q == NULL) + return NULL; + (*q)->name = strdup(name); + (*q)->type = type; + if((*q)->name == NULL) { + free(*q); + *q = NULL; + return NULL; + } + return *q; +} + +/* + * Parse a section: + * + * [section] + * foo = bar + * b = { + * a + * } + * ... + * + * starting at the line in `p', storing the resulting structure in + * `s' and hooking it into `parent'. + * Store the error message in `error_message'. + */ + +static krb5_error_code +parse_section(char *p, krb5_config_section **s, krb5_config_section **parent, + const char **error_message) +{ + char *p1; + krb5_config_section *tmp; + + p1 = strchr (p + 1, ']'); + if (p1 == NULL) { + *error_message = "missing ]"; + return KRB5_CONFIG_BADFORMAT; + } + *p1 = '\0'; + tmp = get_entry(parent, p + 1, krb5_config_list); + if(tmp == NULL) { + *error_message = "out of memory"; + return KRB5_CONFIG_BADFORMAT; + } + *s = tmp; + return 0; +} + +/* + * Parse a brace-enclosed list from `f', hooking in the structure at + * `parent'. + * Store the error message in `error_message'. + */ + +static krb5_error_code +parse_list(struct fileptr *f, unsigned *lineno, krb5_config_binding **parent, + const char **error_message) +{ + char buf[BUFSIZ]; + krb5_error_code ret; + krb5_config_binding *b = NULL; + unsigned beg_lineno = *lineno; + + while(config_fgets(buf, sizeof(buf), f) != NULL) { + char *p; + + ++*lineno; + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = '\0'; + p = buf; + while(isspace((unsigned char)*p)) + ++p; + if (*p == '#' || *p == ';' || *p == '\0') + continue; + while(isspace((unsigned char)*p)) + ++p; + if (*p == '}') + return 0; + if (*p == '\0') + continue; + ret = parse_binding (f, lineno, p, &b, parent, error_message); + if (ret) + return ret; + } + *lineno = beg_lineno; + *error_message = "unclosed {"; + return KRB5_CONFIG_BADFORMAT; +} + +/* + * + */ + +static krb5_error_code +parse_binding(struct fileptr *f, unsigned *lineno, char *p, + krb5_config_binding **b, krb5_config_binding **parent, + const char **error_message) +{ + krb5_config_binding *tmp; + char *p1, *p2; + krb5_error_code ret = 0; + + p1 = p; + while (*p && *p != '=' && !isspace((unsigned char)*p)) + ++p; + if (*p == '\0') { + *error_message = "missing ="; + return KRB5_CONFIG_BADFORMAT; + } + p2 = p; + while (isspace((unsigned char)*p)) + ++p; + if (*p != '=') { + *error_message = "missing ="; + return KRB5_CONFIG_BADFORMAT; + } + ++p; + while(isspace((unsigned char)*p)) + ++p; + *p2 = '\0'; + if (*p == '{') { + tmp = get_entry(parent, p1, krb5_config_list); + if (tmp == NULL) { + *error_message = "out of memory"; + return KRB5_CONFIG_BADFORMAT; + } + ret = parse_list (f, lineno, &tmp->u.list, error_message); + } else { + tmp = get_entry(parent, p1, krb5_config_string); + if (tmp == NULL) { + *error_message = "out of memory"; + return KRB5_CONFIG_BADFORMAT; + } + p1 = p; + p = p1 + strlen(p1); + while(p > p1 && isspace((unsigned char)*(p-1))) + --p; + *p = '\0'; + tmp->u.string = strdup(p1); + } + *b = tmp; + return ret; +} + +/* + * Parse the config file `fname', generating the structures into `res' + * returning error messages in `error_message' + */ + +static krb5_error_code +krb5_config_parse_debug (struct fileptr *f, + krb5_config_section **res, + unsigned *lineno, + const char **error_message) +{ + krb5_config_section *s = NULL; + krb5_config_binding *b = NULL; + char buf[BUFSIZ]; + krb5_error_code ret; + + while (config_fgets(buf, sizeof(buf), f) != NULL) { + char *p; + + ++*lineno; + if(buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = '\0'; + p = buf; + while(isspace((unsigned char)*p)) + ++p; + if (*p == '#' || *p == ';') + continue; + if (*p == '[') { + ret = parse_section(p, &s, res, error_message); + if (ret) + return ret; + b = NULL; + } else if (*p == '}') { + *error_message = "unmatched }"; + return EINVAL; /* XXX */ + } else if(*p != '\0') { + if (s == NULL) { + *error_message = "binding before section"; + return EINVAL; + } + ret = parse_binding(f, lineno, p, &b, &s->u.list, error_message); + if (ret) + return ret; + } + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_config_parse_string_multi(krb5_context context, + const char *string, + krb5_config_section **res) +{ + const char *str; + unsigned lineno = 0; + krb5_error_code ret; + struct fileptr f; + f.f = NULL; + f.s = string; + + ret = krb5_config_parse_debug (&f, res, &lineno, &str); + if (ret) { + krb5_set_error_string (context, "%s:%u: %s", "", lineno, str); + return ret; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_config_parse_file_multi (krb5_context context, + const char *fname, + krb5_config_section **res) +{ + const char *str; + unsigned lineno = 0; + krb5_error_code ret; + struct fileptr f; + f.f = fopen(fname, "r"); + f.s = NULL; + if(f.f == NULL) { + ret = errno; + krb5_set_error_string (context, "open %s: %s", fname, strerror(ret)); + return ret; + } + + ret = krb5_config_parse_debug (&f, res, &lineno, &str); + fclose(f.f); + if (ret) { + krb5_set_error_string (context, "%s:%u: %s", fname, lineno, str); + return ret; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_config_parse_file (krb5_context context, + const char *fname, + krb5_config_section **res) +{ + *res = NULL; + return krb5_config_parse_file_multi(context, fname, res); +} + +#endif /* !HAVE_NETINFO */ + +static void +free_binding (krb5_context context, krb5_config_binding *b) +{ + krb5_config_binding *next_b; + + while (b) { + free (b->name); + if (b->type == krb5_config_string) + free (b->u.string); + else if (b->type == krb5_config_list) + free_binding (context, b->u.list); + else + krb5_abortx(context, "unknown binding type (%d) in free_binding", + b->type); + next_b = b->next; + free (b); + b = next_b; + } +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_config_file_free (krb5_context context, krb5_config_section *s) +{ + free_binding (context, s); + return 0; +} + +const void * +krb5_config_get_next (krb5_context context, + const krb5_config_section *c, + const krb5_config_binding **pointer, + int type, + ...) +{ + const char *ret; + va_list args; + + va_start(args, type); + ret = krb5_config_vget_next (context, c, pointer, type, args); + va_end(args); + return ret; +} + +static const void * +vget_next(krb5_context context, + const krb5_config_binding *b, + const krb5_config_binding **pointer, + int type, + const char *name, + va_list args) +{ + const char *p = va_arg(args, const char *); + while(b != NULL) { + if(strcmp(b->name, name) == 0) { + if(b->type == type && p == NULL) { + *pointer = b; + return b->u.generic; + } else if(b->type == krb5_config_list && p != NULL) { + return vget_next(context, b->u.list, pointer, type, p, args); + } + } + b = b->next; + } + return NULL; +} + +const void * +krb5_config_vget_next (krb5_context context, + const krb5_config_section *c, + const krb5_config_binding **pointer, + int type, + va_list args) +{ + const krb5_config_binding *b; + const char *p; + + if(c == NULL) + c = context->cf; + + if (c == NULL) + return NULL; + + if (*pointer == NULL) { + /* first time here, walk down the tree looking for the right + section */ + p = va_arg(args, const char *); + if (p == NULL) + return NULL; + return vget_next(context, c, pointer, type, p, args); + } + + /* we were called again, so just look for more entries with the + same name and type */ + for (b = (*pointer)->next; b != NULL; b = b->next) { + if(strcmp(b->name, (*pointer)->name) == 0 && b->type == type) { + *pointer = b; + return b->u.generic; + } + } + return NULL; +} + +const void * +krb5_config_get (krb5_context context, + const krb5_config_section *c, + int type, + ...) +{ + const void *ret; + va_list args; + + va_start(args, type); + ret = krb5_config_vget (context, c, type, args); + va_end(args); + return ret; +} + +const void * +krb5_config_vget (krb5_context context, + const krb5_config_section *c, + int type, + va_list args) +{ + const krb5_config_binding *foo = NULL; + + return krb5_config_vget_next (context, c, &foo, type, args); +} + +const krb5_config_binding * +krb5_config_get_list (krb5_context context, + const krb5_config_section *c, + ...) +{ + const krb5_config_binding *ret; + va_list args; + + va_start(args, c); + ret = krb5_config_vget_list (context, c, args); + va_end(args); + return ret; +} + +const krb5_config_binding * +krb5_config_vget_list (krb5_context context, + const krb5_config_section *c, + va_list args) +{ + return krb5_config_vget (context, c, krb5_config_list, args); +} + +const char* KRB5_LIB_FUNCTION +krb5_config_get_string (krb5_context context, + const krb5_config_section *c, + ...) +{ + const char *ret; + va_list args; + + va_start(args, c); + ret = krb5_config_vget_string (context, c, args); + va_end(args); + return ret; +} + +const char* KRB5_LIB_FUNCTION +krb5_config_vget_string (krb5_context context, + const krb5_config_section *c, + va_list args) +{ + return krb5_config_vget (context, c, krb5_config_string, args); +} + +const char* KRB5_LIB_FUNCTION +krb5_config_vget_string_default (krb5_context context, + const krb5_config_section *c, + const char *def_value, + va_list args) +{ + const char *ret; + + ret = krb5_config_vget_string (context, c, args); + if (ret == NULL) + ret = def_value; + return ret; +} + +const char* KRB5_LIB_FUNCTION +krb5_config_get_string_default (krb5_context context, + const krb5_config_section *c, + const char *def_value, + ...) +{ + const char *ret; + va_list args; + + va_start(args, def_value); + ret = krb5_config_vget_string_default (context, c, def_value, args); + va_end(args); + return ret; +} + +char ** KRB5_LIB_FUNCTION +krb5_config_vget_strings(krb5_context context, + const krb5_config_section *c, + va_list args) +{ + char **strings = NULL; + int nstr = 0; + const krb5_config_binding *b = NULL; + const char *p; + + while((p = krb5_config_vget_next(context, c, &b, + krb5_config_string, args))) { + char *tmp = strdup(p); + char *pos = NULL; + char *s; + if(tmp == NULL) + goto cleanup; + s = strtok_r(tmp, " \t", &pos); + while(s){ + char **tmp2 = realloc(strings, (nstr + 1) * sizeof(*strings)); + if(tmp2 == NULL) + goto cleanup; + strings = tmp2; + strings[nstr] = strdup(s); + nstr++; + if(strings[nstr-1] == NULL) + goto cleanup; + s = strtok_r(NULL, " \t", &pos); + } + free(tmp); + } + if(nstr){ + char **tmp = realloc(strings, (nstr + 1) * sizeof(*strings)); + if(strings == NULL) + goto cleanup; + strings = tmp; + strings[nstr] = NULL; + } + return strings; +cleanup: + while(nstr--) + free(strings[nstr]); + free(strings); + return NULL; + +} + +char** +krb5_config_get_strings(krb5_context context, + const krb5_config_section *c, + ...) +{ + va_list ap; + char **ret; + va_start(ap, c); + ret = krb5_config_vget_strings(context, c, ap); + va_end(ap); + return ret; +} + +void KRB5_LIB_FUNCTION +krb5_config_free_strings(char **strings) +{ + char **s = strings; + while(s && *s){ + free(*s); + s++; + } + free(strings); +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_config_vget_bool_default (krb5_context context, + const krb5_config_section *c, + krb5_boolean def_value, + va_list args) +{ + const char *str; + str = krb5_config_vget_string (context, c, args); + if(str == NULL) + return def_value; + if(strcasecmp(str, "yes") == 0 || + strcasecmp(str, "true") == 0 || + atoi(str)) return TRUE; + return FALSE; +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_config_vget_bool (krb5_context context, + const krb5_config_section *c, + va_list args) +{ + return krb5_config_vget_bool_default (context, c, FALSE, args); +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_config_get_bool_default (krb5_context context, + const krb5_config_section *c, + krb5_boolean def_value, + ...) +{ + va_list ap; + krb5_boolean ret; + va_start(ap, def_value); + ret = krb5_config_vget_bool_default(context, c, def_value, ap); + va_end(ap); + return ret; +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_config_get_bool (krb5_context context, + const krb5_config_section *c, + ...) +{ + va_list ap; + krb5_boolean ret; + va_start(ap, c); + ret = krb5_config_vget_bool (context, c, ap); + va_end(ap); + return ret; +} + +int KRB5_LIB_FUNCTION +krb5_config_vget_time_default (krb5_context context, + const krb5_config_section *c, + int def_value, + va_list args) +{ + const char *str; + krb5_deltat t; + + str = krb5_config_vget_string (context, c, args); + if(str == NULL) + return def_value; + if (krb5_string_to_deltat(str, &t)) + return def_value; + return t; +} + +int KRB5_LIB_FUNCTION +krb5_config_vget_time (krb5_context context, + const krb5_config_section *c, + va_list args) +{ + return krb5_config_vget_time_default (context, c, -1, args); +} + +int KRB5_LIB_FUNCTION +krb5_config_get_time_default (krb5_context context, + const krb5_config_section *c, + int def_value, + ...) +{ + va_list ap; + int ret; + va_start(ap, def_value); + ret = krb5_config_vget_time_default(context, c, def_value, ap); + va_end(ap); + return ret; +} + +int KRB5_LIB_FUNCTION +krb5_config_get_time (krb5_context context, + const krb5_config_section *c, + ...) +{ + va_list ap; + int ret; + va_start(ap, c); + ret = krb5_config_vget_time (context, c, ap); + va_end(ap); + return ret; +} + + +int KRB5_LIB_FUNCTION +krb5_config_vget_int_default (krb5_context context, + const krb5_config_section *c, + int def_value, + va_list args) +{ + const char *str; + str = krb5_config_vget_string (context, c, args); + if(str == NULL) + return def_value; + else { + char *endptr; + long l; + l = strtol(str, &endptr, 0); + if (endptr == str) + return def_value; + else + return l; + } +} + +int KRB5_LIB_FUNCTION +krb5_config_vget_int (krb5_context context, + const krb5_config_section *c, + va_list args) +{ + return krb5_config_vget_int_default (context, c, -1, args); +} + +int KRB5_LIB_FUNCTION +krb5_config_get_int_default (krb5_context context, + const krb5_config_section *c, + int def_value, + ...) +{ + va_list ap; + int ret; + va_start(ap, def_value); + ret = krb5_config_vget_int_default(context, c, def_value, ap); + va_end(ap); + return ret; +} + +int KRB5_LIB_FUNCTION +krb5_config_get_int (krb5_context context, + const krb5_config_section *c, + ...) +{ + va_list ap; + int ret; + va_start(ap, c); + ret = krb5_config_vget_int (context, c, ap); + va_end(ap); + return ret; +} diff --git a/source4/heimdal/lib/krb5/config_file_netinfo.c b/source4/heimdal/lib/krb5/config_file_netinfo.c new file mode 100644 index 0000000000..6e72509ab6 --- /dev/null +++ b/source4/heimdal/lib/krb5/config_file_netinfo.c @@ -0,0 +1,180 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +RCSID("$Id: config_file_netinfo.c,v 1.4 2004/05/25 21:20:18 lha Exp $"); + +/* + * Netinfo implementation from Luke Howard + */ + +#ifdef HAVE_NETINFO +#include +static ni_status +ni_proplist2binding(ni_proplist *pl, krb5_config_section **ret) +{ + int i, j; + krb5_config_section **next = NULL; + + for (i = 0; i < pl->ni_proplist_len; i++) { + if (!strcmp(pl->nipl_val[i].nip_name, "name")) + continue; + + for (j = 0; j < pl->nipl_val[i].nip_val.ni_namelist_len; j++) { + krb5_config_binding *b; + + b = malloc(sizeof(*b)); + if (b == NULL) + return NI_FAILED; + + b->next = NULL; + b->type = krb5_config_string; + b->name = ni_name_dup(pl->nipl_val[i].nip_name); + b->u.string = ni_name_dup(pl->nipl_val[i].nip_val.ninl_val[j]); + + if (next == NULL) { + *ret = b; + } else { + *next = b; + } + next = &b->next; + } + } + return NI_OK; +} + +static ni_status +ni_idlist2binding(void *ni, ni_idlist *idlist, krb5_config_section **ret) +{ + int i; + ni_status nis; + krb5_config_section **next; + + for (i = 0; i < idlist->ni_idlist_len; i++) { + ni_proplist pl; + ni_id nid; + ni_idlist children; + krb5_config_binding *b; + ni_index index; + + nid.nii_instance = 0; + nid.nii_object = idlist->ni_idlist_val[i]; + + nis = ni_read(ni, &nid, &pl); + + if (nis != NI_OK) { + return nis; + } + index = ni_proplist_match(pl, "name", NULL); + b = malloc(sizeof(*b)); + if (b == NULL) return NI_FAILED; + + if (i == 0) { + *ret = b; + } else { + *next = b; + } + + b->type = krb5_config_list; + b->name = ni_name_dup(pl.nipl_val[index].nip_val.ninl_val[0]); + b->next = NULL; + b->u.list = NULL; + + /* get the child directories */ + nis = ni_children(ni, &nid, &children); + if (nis == NI_OK) { + nis = ni_idlist2binding(ni, &children, &b->u.list); + if (nis != NI_OK) { + return nis; + } + } + + nis = ni_proplist2binding(&pl, b->u.list == NULL ? &b->u.list : &b->u.list->next); + ni_proplist_free(&pl); + if (nis != NI_OK) { + return nis; + } + next = &b->next; + } + ni_idlist_free(idlist); + return NI_OK; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_config_parse_file (krb5_context context, + const char *fname, + krb5_config_section **res) +{ + void *ni = NULL, *lastni = NULL; + int i; + ni_status nis; + ni_id nid; + ni_idlist children; + + krb5_config_section *s; + int ret; + + s = NULL; + + for (i = 0; i < 256; i++) { + if (i == 0) { + nis = ni_open(NULL, ".", &ni); + } else { + if (lastni != NULL) ni_free(lastni); + lastni = ni; + nis = ni_open(lastni, "..", &ni); + } + if (nis != NI_OK) + break; + nis = ni_pathsearch(ni, &nid, "/locations/kerberos"); + if (nis == NI_OK) { + nis = ni_children(ni, &nid, &children); + if (nis != NI_OK) + break; + nis = ni_idlist2binding(ni, &children, &s); + break; + } + } + + if (ni != NULL) ni_free(ni); + if (ni != lastni && lastni != NULL) ni_free(lastni); + + ret = (nis == NI_OK) ? 0 : -1; + if (ret == 0) { + *res = s; + } else { + *res = NULL; + } + return ret; +} +#endif /* HAVE_NETINFO */ diff --git a/source4/heimdal/lib/krb5/constants.c b/source4/heimdal/lib/krb5/constants.c new file mode 100644 index 0000000000..89ebc34a1a --- /dev/null +++ b/source4/heimdal/lib/krb5/constants.c @@ -0,0 +1,43 @@ +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: constants.c,v 1.8 2004/09/23 07:57:37 joda Exp $"); + +const char *krb5_config_file = +#ifdef __APPLE__ +"/Library/Preferences/edu.mit.Kerberos:" +#endif +SYSCONFDIR "/krb5.conf:/etc/krb5.conf"; +const char *krb5_defkeyname = KEYTAB_DEFAULT; diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c new file mode 100644 index 0000000000..62fb92d666 --- /dev/null +++ b/source4/heimdal/lib/krb5/context.c @@ -0,0 +1,663 @@ +/* + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +#include + +RCSID("$Id: context.c,v 1.102 2005/05/18 04:20:50 lha Exp $"); + +#define INIT_FIELD(C, T, E, D, F) \ + (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ + "libdefaults", F, NULL) + +/* + * Set the list of etypes `ret_etypes' from the configuration variable + * `name' + */ + +static krb5_error_code +set_etypes (krb5_context context, + const char *name, + krb5_enctype **ret_enctypes) +{ + char **etypes_str; + krb5_enctype *etypes = NULL; + + etypes_str = krb5_config_get_strings(context, NULL, "libdefaults", + name, NULL); + if(etypes_str){ + int i, j, k; + for(i = 0; etypes_str[i]; i++); + etypes = malloc((i+1) * sizeof(*etypes)); + if (etypes == NULL) { + krb5_config_free_strings (etypes_str); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + for(j = 0, k = 0; j < i; j++) { + krb5_enctype e; + if(krb5_string_to_enctype(context, etypes_str[j], &e) != 0) + continue; + if (krb5_enctype_valid(context, e) != 0) + continue; + etypes[k++] = e; + } + etypes[k] = ETYPE_NULL; + krb5_config_free_strings(etypes_str); + } + *ret_enctypes = etypes; + return 0; +} + +/* + * read variables from the configuration file and set in `context' + */ + +static krb5_error_code +init_context_from_config_file(krb5_context context) +{ + krb5_error_code ret; + const char * tmp; + krb5_enctype *tmptypes; + + INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew"); + INIT_FIELD(context, time, kdc_timeout, 3, "kdc_timeout"); + INIT_FIELD(context, int, max_retries, 3, "max_retries"); + + INIT_FIELD(context, string, http_proxy, NULL, "http_proxy"); + + ret = set_etypes (context, "default_etypes", &tmptypes); + if(ret) + return ret; + free(context->etypes); + context->etypes = tmptypes; + + ret = set_etypes (context, "default_etypes_des", &tmptypes); + if(ret) + return ret; + free(context->etypes_des); + context->etypes_des = tmptypes; + + /* default keytab name */ + tmp = NULL; + if(!issuid()) + tmp = getenv("KRB5_KTNAME"); + if(tmp != NULL) + context->default_keytab = tmp; + else + INIT_FIELD(context, string, default_keytab, + KEYTAB_DEFAULT, "default_keytab_name"); + + INIT_FIELD(context, string, default_keytab_modify, + NULL, "default_keytab_modify_name"); + + INIT_FIELD(context, string, time_fmt, + "%Y-%m-%dT%H:%M:%S", "time_format"); + + INIT_FIELD(context, string, date_fmt, + "%Y-%m-%d", "date_format"); + + INIT_FIELD(context, bool, log_utc, + FALSE, "log_utc"); + + + + /* init dns-proxy slime */ + tmp = krb5_config_get_string(context, NULL, "libdefaults", + "dns_proxy", NULL); + if(tmp) + roken_gethostby_setup(context->http_proxy, tmp); + krb5_free_host_realm (context, context->default_realms); + context->default_realms = NULL; + + { + krb5_addresses addresses; + char **adr, **a; + + krb5_set_extra_addresses(context, NULL); + adr = krb5_config_get_strings(context, NULL, + "libdefaults", + "extra_addresses", + NULL); + memset(&addresses, 0, sizeof(addresses)); + for(a = adr; a && *a; a++) { + ret = krb5_parse_address(context, *a, &addresses); + if (ret == 0) { + krb5_add_extra_addresses(context, &addresses); + krb5_free_addresses(context, &addresses); + } + } + krb5_config_free_strings(adr); + + krb5_set_ignore_addresses(context, NULL); + adr = krb5_config_get_strings(context, NULL, + "libdefaults", + "ignore_addresses", + NULL); + memset(&addresses, 0, sizeof(addresses)); + for(a = adr; a && *a; a++) { + ret = krb5_parse_address(context, *a, &addresses); + if (ret == 0) { + krb5_add_ignore_addresses(context, &addresses); + krb5_free_addresses(context, &addresses); + } + } + krb5_config_free_strings(adr); + } + + INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces"); + INIT_FIELD(context, int, fcache_vno, 0, "fcache_version"); + /* prefer dns_lookup_kdc over srv_lookup. */ + INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); + INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc"); + INIT_FIELD(context, int, large_msg_size, 6000, "large_message_size"); + context->default_cc_name = NULL; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_init_context(krb5_context *context) +{ + krb5_context p; + krb5_error_code ret; + char **files; + + *context = NULL; + + p = calloc(1, sizeof(*p)); + if(!p) + return ENOMEM; + + p->mutex = malloc(sizeof(HEIMDAL_MUTEX)); + if (p->mutex == NULL) { + free(p); + return ENOMEM; + } + HEIMDAL_MUTEX_init(p->mutex); + + ret = krb5_get_default_config_files(&files); + if(ret) + goto out; + ret = krb5_set_config_files(p, files); + krb5_free_config_files(files); + if(ret) + goto out; + + /* init error tables */ + krb5_init_ets(p); + + p->cc_ops = NULL; + p->num_cc_ops = 0; + krb5_cc_register(p, &krb5_acc_ops, TRUE); + krb5_cc_register(p, &krb5_fcc_ops, TRUE); + krb5_cc_register(p, &krb5_mcc_ops, TRUE); +#ifdef HAVE_KCM + krb5_cc_register(p, &krb5_kcm_ops, TRUE); +#endif + + p->num_kt_types = 0; + p->kt_types = NULL; + krb5_kt_register (p, &krb5_fkt_ops); + krb5_kt_register (p, &krb5_wrfkt_ops); + krb5_kt_register (p, &krb5_javakt_ops); + krb5_kt_register (p, &krb5_mkt_ops); + krb5_kt_register (p, &krb5_mktw_ops); + krb5_kt_register (p, &krb5_akf_ops); + krb5_kt_register (p, &krb4_fkt_ops); + krb5_kt_register (p, &krb5_srvtab_fkt_ops); + krb5_kt_register (p, &krb5_any_ops); + +out: + if(ret) { + krb5_free_context(p); + p = NULL; + } + *context = p; + return ret; +} + +void KRB5_LIB_FUNCTION +krb5_free_context(krb5_context context) +{ + if (context->default_cc_name) + free(context->default_cc_name); + free(context->etypes); + free(context->etypes_des); + krb5_free_host_realm (context, context->default_realms); + krb5_config_file_free (context, context->cf); + free_error_table (context->et_list); + free(context->cc_ops); + free(context->kt_types); + krb5_clear_error_string(context); + if(context->warn_dest != NULL) + krb5_closelog(context, context->warn_dest); + krb5_set_extra_addresses(context, NULL); + krb5_set_ignore_addresses(context, NULL); + if (context->mutex != NULL) { + HEIMDAL_MUTEX_destroy(context->mutex); + free(context->mutex); + } + memset(context, 0, sizeof(*context)); + free(context); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_config_files(krb5_context context, char **filenames) +{ + krb5_error_code ret; + krb5_config_binding *tmp = NULL; + while(filenames != NULL && *filenames != NULL && **filenames != '\0') { + ret = krb5_config_parse_file_multi(context, *filenames, &tmp); + if(ret != 0 && ret != ENOENT && ret != EACCES) { + krb5_config_file_free(context, tmp); + return ret; + } + filenames++; + } +#if 0 + /* with this enabled and if there are no config files, Kerberos is + considererd disabled */ + if(tmp == NULL) + return ENXIO; +#endif + krb5_config_file_free(context, context->cf); + context->cf = tmp; + ret = init_context_from_config_file(context); + return ret; +} + +static krb5_error_code +add_file(char ***pfilenames, int *len, char *file) +{ + char **pp = *pfilenames; + int i; + + for(i = 0; i < *len; i++) { + if(strcmp(pp[i], file) == 0) { + free(file); + return 0; + } + } + + pp = realloc(*pfilenames, (*len + 2) * sizeof(*pp)); + if (pp == NULL) { + free(file); + return ENOMEM; + } + + pp[*len] = file; + pp[*len + 1] = NULL; + *pfilenames = pp; + *len += 1; + return 0; +} + +/* + * `pq' isn't free, its up the the caller + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp) +{ + krb5_error_code ret; + const char *p, *q; + char **pp; + int len; + char *fn; + + pp = NULL; + + len = 0; + p = filelist; + while(1) { + ssize_t l; + q = p; + l = strsep_copy(&q, ":", NULL, 0); + if(l == -1) + break; + fn = malloc(l + 1); + if(fn == NULL) { + krb5_free_config_files(pp); + return ENOMEM; + } + l = strsep_copy(&p, ":", fn, l + 1); + ret = add_file(&pp, &len, fn); + if (ret) { + krb5_free_config_files(pp); + return ret; + } + } + + if (pq != NULL) { + int i; + + for (i = 0; pq[i] != NULL; i++) { + fn = strdup(pq[i]); + if (fn == NULL) { + krb5_free_config_files(pp); + return ENOMEM; + } + ret = add_file(&pp, &len, fn); + if (ret) { + krb5_free_config_files(pp); + return ret; + } + } + } + + *ret_pp = pp; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_prepend_config_files_default(const char *filelist, char ***pfilenames) +{ + krb5_error_code ret; + char **defpp, **pp = NULL; + + ret = krb5_get_default_config_files(&defpp); + if (ret) + return ret; + + ret = krb5_prepend_config_files(filelist, defpp, &pp); + krb5_free_config_files(defpp); + if (ret) { + return ret; + } + *pfilenames = pp; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_default_config_files(char ***pfilenames) +{ + const char *files = NULL; + + if (pfilenames == NULL) + return EINVAL; + if(!issuid()) + files = getenv("KRB5_CONFIG"); + if (files == NULL) + files = krb5_config_file; + + return krb5_prepend_config_files(files, NULL, pfilenames); +} + +void KRB5_LIB_FUNCTION +krb5_free_config_files(char **filenames) +{ + char **p; + for(p = filenames; *p != NULL; p++) + free(*p); + free(filenames); +} + +/* + * set `etype' to a malloced list of the default enctypes + */ + +static krb5_error_code +default_etypes(krb5_context context, krb5_enctype **etype) +{ + krb5_enctype p[] = { + ETYPE_AES256_CTS_HMAC_SHA1_96, + ETYPE_AES128_CTS_HMAC_SHA1_96, + ETYPE_DES3_CBC_SHA1, + ETYPE_DES3_CBC_MD5, + ETYPE_ARCFOUR_HMAC_MD5, + ETYPE_DES_CBC_MD5, + ETYPE_DES_CBC_MD4, + ETYPE_DES_CBC_CRC + }; + krb5_enctype *e = NULL, *ep; + int i, n = 0; + + for (i = 0; i < sizeof(p)/sizeof(p[0]); i++) { + if (krb5_enctype_valid(context, p[i]) != 0) + continue; + ep = realloc(e, (n + 2) * sizeof(*e)); + if (ep == NULL) { + free(e); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + e = ep; + e[n] = p[i]; + e[n + 1] = ETYPE_NULL; + n++; + } + *etype = e; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_default_in_tkt_etypes(krb5_context context, + const krb5_enctype *etypes) +{ + krb5_enctype *p = NULL; + int i; + + if(etypes) { + for (i = 0; etypes[i]; ++i) { + krb5_error_code ret; + ret = krb5_enctype_valid(context, etypes[i]); + if (ret) + return ret; + } + ++i; + ALLOC(p, i); + if(!p) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + memmove(p, etypes, i * sizeof(krb5_enctype)); + } + if(context->etypes) + free(context->etypes); + context->etypes = p; + return 0; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_default_in_tkt_etypes(krb5_context context, + krb5_enctype **etypes) +{ + krb5_enctype *p; + int i; + krb5_error_code ret; + + if(context->etypes) { + for(i = 0; context->etypes[i]; i++); + ++i; + ALLOC(p, i); + if(!p) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + memmove(p, context->etypes, i * sizeof(krb5_enctype)); + } else { + ret = default_etypes(context, &p); + if (ret) + return ret; + } + *etypes = p; + return 0; +} + +const char* KRB5_LIB_FUNCTION +krb5_get_err_text(krb5_context context, krb5_error_code code) +{ + const char *p = NULL; + if(context != NULL) + p = com_right(context->et_list, code); + if(p == NULL) + p = strerror(code); + if (p == NULL) + p = "Unknown error"; + return p; +} + +void KRB5_LIB_FUNCTION +krb5_init_ets(krb5_context context) +{ + if(context->et_list == NULL){ + krb5_add_et_list(context, initialize_krb5_error_table_r); + krb5_add_et_list(context, initialize_asn1_error_table_r); + krb5_add_et_list(context, initialize_heim_error_table_r); + krb5_add_et_list(context, initialize_k524_error_table_r); + } +} + +void KRB5_LIB_FUNCTION +krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag) +{ + context->use_admin_kdc = flag; +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_get_use_admin_kdc (krb5_context context) +{ + return context->use_admin_kdc; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses) +{ + + if(context->extra_addresses) + return krb5_append_addresses(context, + context->extra_addresses, addresses); + else + return krb5_set_extra_addresses(context, addresses); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) +{ + if(context->extra_addresses) + krb5_free_addresses(context, context->extra_addresses); + + if(addresses == NULL) { + if(context->extra_addresses != NULL) { + free(context->extra_addresses); + context->extra_addresses = NULL; + } + return 0; + } + if(context->extra_addresses == NULL) { + context->extra_addresses = malloc(sizeof(*context->extra_addresses)); + if(context->extra_addresses == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + } + return krb5_copy_addresses(context, addresses, context->extra_addresses); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses) +{ + if(context->extra_addresses == NULL) { + memset(addresses, 0, sizeof(*addresses)); + return 0; + } + return krb5_copy_addresses(context,context->extra_addresses, addresses); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses) +{ + + if(context->ignore_addresses) + return krb5_append_addresses(context, + context->ignore_addresses, addresses); + else + return krb5_set_ignore_addresses(context, addresses); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) +{ + if(context->ignore_addresses) + krb5_free_addresses(context, context->ignore_addresses); + if(addresses == NULL) { + if(context->ignore_addresses != NULL) { + free(context->ignore_addresses); + context->ignore_addresses = NULL; + } + return 0; + } + if(context->ignore_addresses == NULL) { + context->ignore_addresses = malloc(sizeof(*context->ignore_addresses)); + if(context->ignore_addresses == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + } + return krb5_copy_addresses(context, addresses, context->ignore_addresses); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses) +{ + if(context->ignore_addresses == NULL) { + memset(addresses, 0, sizeof(*addresses)); + return 0; + } + return krb5_copy_addresses(context, context->ignore_addresses, addresses); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_fcache_version(krb5_context context, int version) +{ + context->fcache_vno = version; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_fcache_version(krb5_context context, int *version) +{ + *version = context->fcache_vno; + return 0; +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_is_thread_safe(void) +{ +#ifdef ENABLE_PTHREAD_SUPPORT + return TRUE; +#else + return FALSE; +#endif +} diff --git a/source4/heimdal/lib/krb5/copy_host_realm.c b/source4/heimdal/lib/krb5/copy_host_realm.c new file mode 100644 index 0000000000..eb77fba024 --- /dev/null +++ b/source4/heimdal/lib/krb5/copy_host_realm.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: copy_host_realm.c,v 1.5 2004/05/25 21:21:17 lha Exp $"); + +/* + * Copy the list of realms from `from' to `to'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_host_realm(krb5_context context, + const krb5_realm *from, + krb5_realm **to) +{ + int n, i; + const krb5_realm *p; + + for (n = 0, p = from; *p != NULL; ++p) + ++n; + ++n; + *to = malloc (n * sizeof(**to)); + if (*to == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + for (i = 0; i < n; ++i) + (*to)[i] = NULL; + for (i = 0, p = from; *p != NULL; ++p, ++i) { + (*to)[i] = strdup(*p); + if ((*to)[i] == NULL) { + krb5_free_host_realm (context, *to); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + } + return 0; +} diff --git a/source4/heimdal/lib/krb5/crc.c b/source4/heimdal/lib/krb5/crc.c new file mode 100644 index 0000000000..c7cedd8c9e --- /dev/null +++ b/source4/heimdal/lib/krb5/crc.c @@ -0,0 +1,71 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: crc.c,v 1.9 2000/08/03 01:45:14 assar Exp $"); + +static u_long table[256]; + +#define CRC_GEN 0xEDB88320L + +void +_krb5_crc_init_table(void) +{ + static int flag = 0; + unsigned long crc, poly; + int i, j; + + if(flag) return; + poly = CRC_GEN; + for (i = 0; i < 256; i++) { + crc = i; + for (j = 8; j > 0; j--) { + if (crc & 1) { + crc = (crc >> 1) ^ poly; + } else { + crc >>= 1; + } + } + table[i] = crc; + } + flag = 1; +} + +u_int32_t +_krb5_crc_update (const char *p, size_t len, u_int32_t res) +{ + while (len--) + res = table[(res ^ *p++) & 0xFF] ^ (res >> 8); + return res & 0xFFFFFFFF; +} diff --git a/source4/heimdal/lib/krb5/creds.c b/source4/heimdal/lib/krb5/creds.c new file mode 100644 index 0000000000..2afd0725f1 --- /dev/null +++ b/source4/heimdal/lib/krb5/creds.c @@ -0,0 +1,215 @@ +/* + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: creds.c,v 1.20 2005/05/18 04:21:04 lha Exp $"); + +/* keep this for compatibility with older code */ +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_creds_contents (krb5_context context, krb5_creds *c) +{ + return krb5_free_cred_contents (context, c); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_cred_contents (krb5_context context, krb5_creds *c) +{ + krb5_free_principal (context, c->client); + c->client = NULL; + krb5_free_principal (context, c->server); + c->server = NULL; + krb5_free_keyblock_contents (context, &c->session); + krb5_data_free (&c->ticket); + krb5_data_free (&c->second_ticket); + free_AuthorizationData (&c->authdata); + krb5_free_addresses (context, &c->addresses); + memset(c, 0, sizeof(*c)); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_creds_contents (krb5_context context, + const krb5_creds *incred, + krb5_creds *c) +{ + krb5_error_code ret; + + memset(c, 0, sizeof(*c)); + ret = krb5_copy_principal (context, incred->client, &c->client); + if (ret) + goto fail; + ret = krb5_copy_principal (context, incred->server, &c->server); + if (ret) + goto fail; + ret = krb5_copy_keyblock_contents (context, &incred->session, &c->session); + if (ret) + goto fail; + c->times = incred->times; + ret = krb5_data_copy (&c->ticket, + incred->ticket.data, + incred->ticket.length); + if (ret) + goto fail; + ret = krb5_data_copy (&c->second_ticket, + incred->second_ticket.data, + incred->second_ticket.length); + if (ret) + goto fail; + ret = copy_AuthorizationData(&incred->authdata, &c->authdata); + if (ret) + goto fail; + ret = krb5_copy_addresses (context, + &incred->addresses, + &c->addresses); + if (ret) + goto fail; + c->flags = incred->flags; + return 0; + +fail: + krb5_free_cred_contents (context, c); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_creds (krb5_context context, + const krb5_creds *incred, + krb5_creds **outcred) +{ + krb5_creds *c; + + c = malloc (sizeof (*c)); + if (c == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + memset (c, 0, sizeof(*c)); + *outcred = c; + return krb5_copy_creds_contents (context, incred, c); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_creds (krb5_context context, krb5_creds *c) +{ + krb5_free_cred_contents (context, c); + free (c); + return 0; +} + +/* XXX these do not belong here */ +static krb5_boolean +krb5_data_equal(const krb5_data *a, const krb5_data *b) +{ + if(a->length != b->length) + return FALSE; + return memcmp(a->data, b->data, a->length) == 0; +} + +static krb5_boolean +krb5_times_equal(const krb5_times *a, const krb5_times *b) +{ + return a->starttime == b->starttime && + a->authtime == b->authtime && + a->endtime == b->endtime && + a->renew_till == b->renew_till; +} + +/* + * Return TRUE if `mcreds' and `creds' are equal (`whichfields' + * determines what equal means). + */ + +krb5_boolean KRB5_LIB_FUNCTION +krb5_compare_creds(krb5_context context, krb5_flags whichfields, + const krb5_creds * mcreds, const krb5_creds * creds) +{ + krb5_boolean match = TRUE; + + if (match && mcreds->server) { + if (whichfields & (KRB5_TC_DONT_MATCH_REALM | KRB5_TC_MATCH_SRV_NAMEONLY)) + match = krb5_principal_compare_any_realm (context, mcreds->server, + creds->server); + else + match = krb5_principal_compare (context, mcreds->server, + creds->server); + } + + if (match && mcreds->client) { + if(whichfields & KRB5_TC_DONT_MATCH_REALM) + match = krb5_principal_compare_any_realm (context, mcreds->client, + creds->client); + else + match = krb5_principal_compare (context, mcreds->client, + creds->client); + } + + if (match && (whichfields & KRB5_TC_MATCH_KEYTYPE)) + match = krb5_enctypes_compatible_keys(context, + mcreds->session.keytype, + creds->session.keytype); + + if (match && (whichfields & KRB5_TC_MATCH_FLAGS_EXACT)) + match = mcreds->flags.i == creds->flags.i; + + if (match && (whichfields & KRB5_TC_MATCH_FLAGS)) + match = (creds->flags.i & mcreds->flags.i) == mcreds->flags.i; + + if (match && (whichfields & KRB5_TC_MATCH_TIMES_EXACT)) + match = krb5_times_equal(&mcreds->times, &creds->times); + + if (match && (whichfields & KRB5_TC_MATCH_TIMES)) + /* compare only expiration times */ + match = (mcreds->times.renew_till <= creds->times.renew_till) && + (mcreds->times.endtime <= creds->times.endtime); + + if (match && (whichfields & KRB5_TC_MATCH_AUTHDATA)) { + unsigned int i; + if(mcreds->authdata.len != creds->authdata.len) + match = FALSE; + else + for(i = 0; match && i < mcreds->authdata.len; i++) + match = (mcreds->authdata.val[i].ad_type == + creds->authdata.val[i].ad_type) && + krb5_data_equal(&mcreds->authdata.val[i].ad_data, + &creds->authdata.val[i].ad_data); + } + if (match && (whichfields & KRB5_TC_MATCH_2ND_TKT)) + match = krb5_data_equal(&mcreds->second_ticket, &creds->second_ticket); + + if (match && (whichfields & KRB5_TC_MATCH_IS_SKEY)) + match = ((mcreds->second_ticket.length == 0) == + (creds->second_ticket.length == 0)); + + return match; +} diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c new file mode 100644 index 0000000000..2b1ac3a5c4 --- /dev/null +++ b/source4/heimdal/lib/krb5/crypto.c @@ -0,0 +1,4410 @@ +/* + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +RCSID("$Id: crypto.c,v 1.123 2005/06/29 22:20:33 lha Exp $"); + +#undef CRYPTO_DEBUG +#ifdef CRYPTO_DEBUG +static void krb5_crypto_debug(krb5_context, int, size_t, krb5_keyblock*); +#endif + + +struct key_data { + krb5_keyblock *key; + krb5_data *schedule; +}; + +struct key_usage { + unsigned usage; + struct key_data key; +}; + +struct krb5_crypto_data { + struct encryption_type *et; + struct key_data key; + int num_key_usage; + struct key_usage *key_usage; + void *params; +}; + +#define kcrypto_oid_enc(n) { sizeof(n)/sizeof(n[0]), n } + +#define CRYPTO_ETYPE(C) ((C)->et->type) + +/* bits for `flags' below */ +#define F_KEYED 1 /* checksum is keyed */ +#define F_CPROOF 2 /* checksum is collision proof */ +#define F_DERIVED 4 /* uses derived keys */ +#define F_VARIANT 8 /* uses `variant' keys (6.4.3) */ +#define F_PSEUDO 16 /* not a real protocol type */ +#define F_SPECIAL 32 /* backwards */ +#define F_DISABLED 64 /* enctype/checksum disabled */ +#define F_PADCMS 128 /* padding done like in CMS */ + +struct salt_type { + krb5_salttype type; + const char *name; + krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data, + krb5_salt, krb5_data, krb5_keyblock*); +}; + +struct key_type { + krb5_keytype type; /* XXX */ + const char *name; + size_t bits; + size_t size; + size_t minsize; + size_t schedule_size; +#if 0 + krb5_enctype best_etype; +#endif + void (*random_key)(krb5_context, krb5_keyblock*); + void (*schedule)(krb5_context, struct key_data *, const void *); + struct salt_type *string_to_key; + void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t); + krb5_error_code (*get_params)(krb5_context, const krb5_data *, + void **, krb5_data *); + krb5_error_code (*set_params)(krb5_context, const void *, + const krb5_data *, krb5_data *); +}; + +struct checksum_type { + krb5_cksumtype type; + const char *name; + size_t blocksize; + size_t checksumsize; + unsigned flags; + void (*checksum)(krb5_context context, + struct key_data *key, + const void *buf, size_t len, + unsigned usage, + Checksum *csum); + krb5_error_code (*verify)(krb5_context context, + struct key_data *key, + const void *buf, size_t len, + unsigned usage, + Checksum *csum); +}; + +struct encryption_type { + krb5_enctype type; + const char *name; + heim_oid *oid; + size_t blocksize; + size_t padsize; + size_t confoundersize; + struct key_type *keytype; + struct checksum_type *checksum; + struct checksum_type *keyed_checksum; + unsigned flags; + krb5_error_code (*encrypt)(krb5_context context, + struct key_data *key, + void *data, size_t len, + krb5_boolean encryptp, + int usage, + void *ivec); +}; + +#define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA) +#define INTEGRITY_USAGE(U) (((U) << 8) | 0x55) +#define CHECKSUM_USAGE(U) (((U) << 8) | 0x99) + +static struct checksum_type *_find_checksum(krb5_cksumtype type); +static struct encryption_type *_find_enctype(krb5_enctype type); +static struct key_type *_find_keytype(krb5_keytype type); +static krb5_error_code _get_derived_key(krb5_context, krb5_crypto, + unsigned, struct key_data**); +static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage); +static krb5_error_code derive_key(krb5_context context, + struct encryption_type *et, + struct key_data *key, + const void *constant, + size_t len); +static krb5_error_code hmac(krb5_context context, + struct checksum_type *cm, + const void *data, + size_t len, + unsigned usage, + struct key_data *keyblock, + Checksum *result); +static void free_key_data(krb5_context context, struct key_data *key); +static krb5_error_code usage2arcfour (krb5_context, unsigned *); +static void xor (DES_cblock *, const unsigned char *); + +/************************************************************ + * * + ************************************************************/ + +static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER; + + +static void +krb5_DES_random_key(krb5_context context, + krb5_keyblock *key) +{ + DES_cblock *k = key->keyvalue.data; + do { + krb5_generate_random_block(k, sizeof(DES_cblock)); + DES_set_odd_parity(k); + } while(DES_is_weak_key(k)); +} + +static void +krb5_DES_schedule(krb5_context context, + struct key_data *key, + const void *params) +{ + DES_set_key(key->key->keyvalue.data, key->schedule->data); +} + +static void +DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) +{ + DES_key_schedule schedule; + int i; + int reverse = 0; + unsigned char *p; + + unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, + 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf }; + memset(key, 0, 8); + + p = (unsigned char*)key; + for (i = 0; i < length; i++) { + unsigned char tmp = data[i]; + if (!reverse) + *p++ ^= (tmp << 1); + else + *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4]; + if((i % 8) == 7) + reverse = !reverse; + } + DES_set_odd_parity(key); + if(DES_is_weak_key(key)) + (*key)[7] ^= 0xF0; + DES_set_key(key, &schedule); + DES_cbc_cksum((void*)data, key, length, &schedule, key); + memset(&schedule, 0, sizeof(schedule)); + DES_set_odd_parity(key); + if(DES_is_weak_key(key)) + (*key)[7] ^= 0xF0; +} + +static krb5_error_code +krb5_DES_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + unsigned char *s; + size_t len; + DES_cblock tmp; + + len = password.length + salt.saltvalue.length; + s = malloc(len); + if(len > 0 && s == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memcpy(s, password.data, password.length); + memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); + DES_string_to_key_int(s, len, &tmp); + key->keytype = enctype; + krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); + memset(&tmp, 0, sizeof(tmp)); + memset(s, 0, len); + free(s); + return 0; +} + +#ifdef ENABLE_AFS_STRING_TO_KEY + +/* This defines the Andrew string_to_key function. It accepts a password + * string as input and converts its via a one-way encryption algorithm to a DES + * encryption key. It is compatible with the original Andrew authentication + * service password database. + */ + +/* + * Short passwords, i.e 8 characters or less. + */ +static void +krb5_DES_AFS3_CMU_string_to_key (krb5_data pw, + krb5_data cell, + DES_cblock *key) +{ + char password[8+1]; /* crypt is limited to 8 chars anyway */ + int i; + + for(i = 0; i < 8; i++) { + char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^ + ((i < cell.length) ? + tolower(((unsigned char*)cell.data)[i]) : 0); + password[i] = c ? c : 'X'; + } + password[8] = '\0'; + + memcpy(key, crypt(password, "p1") + 2, sizeof(DES_cblock)); + + /* parity is inserted into the LSB so left shift each byte up one + bit. This allows ascii characters with a zero MSB to retain as + much significance as possible. */ + for (i = 0; i < sizeof(DES_cblock); i++) + ((unsigned char*)key)[i] <<= 1; + DES_set_odd_parity (key); +} + +/* + * Long passwords, i.e 9 characters or more. + */ +static void +krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw, + krb5_data cell, + DES_cblock *key) +{ + DES_key_schedule schedule; + DES_cblock temp_key; + DES_cblock ivec; + char password[512]; + size_t passlen; + + memcpy(password, pw.data, min(pw.length, sizeof(password))); + if(pw.length < sizeof(password)) { + int len = min(cell.length, sizeof(password) - pw.length); + int i; + + memcpy(password + pw.length, cell.data, len); + for (i = pw.length; i < pw.length + len; ++i) + password[i] = tolower((unsigned char)password[i]); + } + passlen = min(sizeof(password), pw.length + cell.length); + memcpy(&ivec, "kerberos", 8); + memcpy(&temp_key, "kerberos", 8); + DES_set_odd_parity (&temp_key); + DES_set_key (&temp_key, &schedule); + DES_cbc_cksum ((void*)password, &ivec, passlen, &schedule, &ivec); + + memcpy(&temp_key, &ivec, 8); + DES_set_odd_parity (&temp_key); + DES_set_key (&temp_key, &schedule); + DES_cbc_cksum ((void*)password, key, passlen, &schedule, &ivec); + memset(&schedule, 0, sizeof(schedule)); + memset(&temp_key, 0, sizeof(temp_key)); + memset(&ivec, 0, sizeof(ivec)); + memset(password, 0, sizeof(password)); + + DES_set_odd_parity (key); +} + +static krb5_error_code +DES_AFS3_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + DES_cblock tmp; + if(password.length > 8) + krb5_DES_AFS3_Transarc_string_to_key(password, salt.saltvalue, &tmp); + else + krb5_DES_AFS3_CMU_string_to_key(password, salt.saltvalue, &tmp); + key->keytype = enctype; + krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); + memset(&key, 0, sizeof(key)); + return 0; +} +#endif /* ENABLE_AFS_STRING_TO_KEY */ + +static void +krb5_DES_random_to_key(krb5_context context, + krb5_keyblock *key, + const void *data, + size_t size) +{ + DES_cblock *k = key->keyvalue.data; + memcpy(k, data, key->keyvalue.length); + DES_set_odd_parity(k); + if(DES_is_weak_key(k)) + xor(k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); +} + +/* + * + */ + +static void +DES3_random_key(krb5_context context, + krb5_keyblock *key) +{ + DES_cblock *k = key->keyvalue.data; + do { + krb5_generate_random_block(k, 3 * sizeof(DES_cblock)); + DES_set_odd_parity(&k[0]); + DES_set_odd_parity(&k[1]); + DES_set_odd_parity(&k[2]); + } while(DES_is_weak_key(&k[0]) || + DES_is_weak_key(&k[1]) || + DES_is_weak_key(&k[2])); +} + +static void +DES3_schedule(krb5_context context, + struct key_data *key, + const void *params) +{ + DES_cblock *k = key->key->keyvalue.data; + DES_key_schedule *s = key->schedule->data; + DES_set_key(&k[0], &s[0]); + DES_set_key(&k[1], &s[1]); + DES_set_key(&k[2], &s[2]); +} + +/* + * A = A xor B. A & B are 8 bytes. + */ + +static void +xor (DES_cblock *key, const unsigned char *b) +{ + unsigned char *a = (unsigned char*)key; + a[0] ^= b[0]; + a[1] ^= b[1]; + a[2] ^= b[2]; + a[3] ^= b[3]; + a[4] ^= b[4]; + a[5] ^= b[5]; + a[6] ^= b[6]; + a[7] ^= b[7]; +} + +static krb5_error_code +DES3_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + char *str; + size_t len; + unsigned char tmp[24]; + DES_cblock keys[3]; + + len = password.length + salt.saltvalue.length; + str = malloc(len); + if(len != 0 && str == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memcpy(str, password.data, password.length); + memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length); + { + DES_cblock ivec; + DES_key_schedule s[3]; + int i; + + _krb5_n_fold(str, len, tmp, 24); + + for(i = 0; i < 3; i++){ + memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); + DES_set_odd_parity(keys + i); + if(DES_is_weak_key(keys + i)) + xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); + DES_set_key(keys + i, &s[i]); + } + memset(&ivec, 0, sizeof(ivec)); + DES_ede3_cbc_encrypt(tmp, + tmp, sizeof(tmp), + &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT); + memset(s, 0, sizeof(s)); + memset(&ivec, 0, sizeof(ivec)); + for(i = 0; i < 3; i++){ + memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); + DES_set_odd_parity(keys + i); + if(DES_is_weak_key(keys + i)) + xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); + } + memset(tmp, 0, sizeof(tmp)); + } + key->keytype = enctype; + krb5_data_copy(&key->keyvalue, keys, sizeof(keys)); + memset(keys, 0, sizeof(keys)); + memset(str, 0, len); + free(str); + return 0; +} + +static krb5_error_code +DES3_string_to_key_derived(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + krb5_error_code ret; + size_t len = password.length + salt.saltvalue.length; + char *s; + + s = malloc(len); + if(len != 0 && s == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memcpy(s, password.data, password.length); + memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); + ret = krb5_string_to_key_derived(context, + s, + len, + enctype, + key); + memset(s, 0, len); + free(s); + return ret; +} + +static void +DES3_random_to_key(krb5_context context, + krb5_keyblock *key, + const void *data, + size_t size) +{ + unsigned char *x = key->keyvalue.data; + const u_char *q = data; + DES_cblock *k; + int i, j; + + memset(x, 0, sizeof(x)); + for (i = 0; i < 3; ++i) { + unsigned char foo; + for (j = 0; j < 7; ++j) { + unsigned char b = q[7 * i + j]; + + x[8 * i + j] = b; + } + foo = 0; + for (j = 6; j >= 0; --j) { + foo |= q[7 * i + j] & 1; + foo <<= 1; + } + x[8 * i + 7] = foo; + } + k = key->keyvalue.data; + for (i = 0; i < 3; i++) { + DES_set_odd_parity(&k[i]); + if(DES_is_weak_key(&k[i])) + xor(&k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); + } +} + +/* + * ARCFOUR + */ + +static void +ARCFOUR_schedule(krb5_context context, + struct key_data *kd, + const void *params) +{ + RC4_set_key (kd->schedule->data, + kd->key->keyvalue.length, kd->key->keyvalue.data); +} + +static krb5_error_code +ARCFOUR_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + char *s, *p; + size_t len; + int i; + MD4_CTX m; + + len = 2 * password.length; + s = malloc (len); + if (len != 0 && s == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + for (p = s, i = 0; i < password.length; ++i) { + *p++ = ((char *)password.data)[i]; + *p++ = 0; + } + MD4_Init (&m); + MD4_Update (&m, s, len); + key->keytype = enctype; + krb5_data_alloc (&key->keyvalue, 16); + MD4_Final (key->keyvalue.data, &m); + memset (s, 0, len); + free (s); + return 0; +} + +/* + * AES + */ + +/* iter is really 1 based, so iter == 0 will be 1 iteration */ + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_PKCS5_PBKDF2(krb5_context context, krb5_cksumtype cktype, + krb5_data password, krb5_salt salt, u_int32_t iter, + krb5_keytype type, krb5_keyblock *key) +{ + struct checksum_type *c = _find_checksum(cktype); + struct key_type *kt; + size_t datalen, leftofkey; + krb5_error_code ret; + u_int32_t keypart; + struct key_data ksign; + krb5_keyblock kb; + Checksum result; + char *data, *tmpcksum; + int i, j; + char *p; + + if (c == NULL) { + krb5_set_error_string(context, "checksum %d not supported", cktype); + return KRB5_PROG_KEYTYPE_NOSUPP; + } + + kt = _find_keytype(type); + if (kt == NULL) { + krb5_set_error_string(context, "key type %d not supported", type); + return KRB5_PROG_KEYTYPE_NOSUPP; + } + + key->keytype = type; + ret = krb5_data_alloc (&key->keyvalue, kt->bits / 8); + if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); + return ret; + } + + ret = krb5_data_alloc (&result.checksum, c->checksumsize); + if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); + krb5_data_free (&key->keyvalue); + return ret; + } + + tmpcksum = malloc(c->checksumsize); + if (tmpcksum == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + krb5_data_free (&key->keyvalue); + krb5_data_free (&result.checksum); + return ENOMEM; + } + + datalen = salt.saltvalue.length + 4; + data = malloc(datalen); + if (data == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + free(tmpcksum); + krb5_data_free (&key->keyvalue); + krb5_data_free (&result.checksum); + return ENOMEM; + } + + kb.keyvalue = password; + ksign.key = &kb; + + memcpy(data, salt.saltvalue.data, salt.saltvalue.length); + + keypart = 1; + leftofkey = key->keyvalue.length; + p = key->keyvalue.data; + + while (leftofkey) { + int len; + + if (leftofkey > c->checksumsize) + len = c->checksumsize; + else + len = leftofkey; + + _krb5_put_int(data + datalen - 4, keypart, 4); + + ret = hmac(context, c, data, datalen, 0, &ksign, &result); + if (ret) + krb5_abortx(context, "hmac failed"); + memcpy(p, result.checksum.data, len); + memcpy(tmpcksum, result.checksum.data, result.checksum.length); + for (i = 0; i < iter; i++) { + ret = hmac(context, c, tmpcksum, result.checksum.length, + 0, &ksign, &result); + if (ret) + krb5_abortx(context, "hmac failed"); + memcpy(tmpcksum, result.checksum.data, result.checksum.length); + for (j = 0; j < len; j++) + p[j] ^= tmpcksum[j]; + } + + p += len; + leftofkey -= len; + keypart++; + } + + free(data); + free(tmpcksum); + krb5_data_free (&result.checksum); + + return 0; +} + +int _krb5_AES_string_to_default_iterator = 4096; + +static krb5_error_code +AES_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + krb5_error_code ret; + u_int32_t iter; + struct encryption_type *et; + struct key_data kd; + + if (opaque.length == 0) + iter = _krb5_AES_string_to_default_iterator - 1; + else if (opaque.length == 4) { + unsigned long v; + _krb5_get_int(opaque.data, &v, 4); + iter = ((u_int32_t)v) - 1; + } else + return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */ + + + et = _find_enctype(enctype); + if (et == NULL) + return KRB5_PROG_KEYTYPE_NOSUPP; + + ret = _krb5_PKCS5_PBKDF2(context, CKSUMTYPE_SHA1, password, salt, + iter, enctype, key); + if (ret) + return ret; + + ret = krb5_copy_keyblock(context, key, &kd.key); + kd.schedule = NULL; + + ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos")); + krb5_free_keyblock_contents(context, key); + if (ret == 0) { + ret = krb5_copy_keyblock_contents(context, kd.key, key); + free_key_data(context, &kd); + } + + return ret; +} + +struct krb5_aes_schedule { + AES_KEY ekey; + AES_KEY dkey; +}; + +static void +AES_schedule(krb5_context context, + struct key_data *kd, + const void *params) +{ + struct krb5_aes_schedule *key = kd->schedule->data; + int bits = kd->key->keyvalue.length * 8; + + memset(key, 0, sizeof(*key)); + AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key->ekey); + AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key->dkey); +} + +/* + * RC2 + */ + +struct _RC2_params { + int maximum_effective_key; +}; + +static krb5_error_code +rc2_get_params(krb5_context context, + const krb5_data *data, + void **params, + krb5_data *ivec) +{ + RC2CBCParameter rc2params; + struct _RC2_params *p; + krb5_error_code ret; + size_t size; + + ret = decode_RC2CBCParameter(data->data, data->length, &rc2params, &size); + if (ret) { + krb5_set_error_string(context, "Can't decode RC2 parameters"); + return ret; + } + p = malloc(sizeof(*p)); + if (p == NULL) { + free_RC2CBCParameter(&rc2params); + krb5_set_error_string(context, "malloc - out of memory"); + return ENOMEM; + } + /* XXX */ + switch(rc2params.rc2ParameterVersion) { + case 160: + p->maximum_effective_key = 40; + break; + case 120: + p->maximum_effective_key = 64; + break; + case 58: + p->maximum_effective_key = 128; + break; + + } + if (ivec) + ret = copy_octet_string(&rc2params.iv, ivec); + free_RC2CBCParameter(&rc2params); + *params = p; + + return ret; +} + +static krb5_error_code +rc2_set_params(krb5_context context, + const void *params, + const krb5_data *ivec, + krb5_data *data) +{ + RC2CBCParameter rc2params; + const struct _RC2_params *p = params; + int maximum_effective_key = 128; + krb5_error_code ret; + size_t size; + + memset(&rc2params, 0, sizeof(rc2params)); + + if (p) + maximum_effective_key = p->maximum_effective_key; + + /* XXX */ + switch(maximum_effective_key) { + case 40: + rc2params.rc2ParameterVersion = 160; + break; + case 64: + rc2params.rc2ParameterVersion = 120; + break; + case 128: + rc2params.rc2ParameterVersion = 58; + break; + } + ret = copy_octet_string(ivec, &rc2params.iv); + if (ret) + return ret; + + ASN1_MALLOC_ENCODE(RC2CBCParameter, data->data, data->length, + &rc2params, &size, ret); + if (ret == 0 && size != data->length) + krb5_abortx(context, "Internal asn1 encoder failure"); + free_RC2CBCParameter(&rc2params); + + return ret; +} + +static void +rc2_schedule(krb5_context context, + struct key_data *kd, + const void *params) +{ + const struct _RC2_params *p = params; + int maximum_effective_key = 128; + if (p) + maximum_effective_key = p->maximum_effective_key; + RC2_set_key (kd->schedule->data, + kd->key->keyvalue.length, + kd->key->keyvalue.data, + maximum_effective_key); +} + + +/* + * + */ + +static struct salt_type des_salt[] = { + { + KRB5_PW_SALT, + "pw-salt", + krb5_DES_string_to_key + }, +#ifdef ENABLE_AFS_STRING_TO_KEY + { + KRB5_AFS3_SALT, + "afs3-salt", + DES_AFS3_string_to_key + }, +#endif + { 0 } +}; + +static struct salt_type des3_salt[] = { + { + KRB5_PW_SALT, + "pw-salt", + DES3_string_to_key + }, + { 0 } +}; + +static struct salt_type des3_salt_derived[] = { + { + KRB5_PW_SALT, + "pw-salt", + DES3_string_to_key_derived + }, + { 0 } +}; + +static struct salt_type AES_salt[] = { + { + KRB5_PW_SALT, + "pw-salt", + AES_string_to_key + }, + { 0 } +}; + +static struct salt_type arcfour_salt[] = { + { + KRB5_PW_SALT, + "pw-salt", + ARCFOUR_string_to_key + }, + { 0 } +}; + +/* + * + */ + +static struct key_type keytype_null = { + KEYTYPE_NULL, + "null", + 0, + 0, + 0, + 0, + NULL, + NULL, + NULL +}; + +static struct key_type keytype_des = { + KEYTYPE_DES, + "des", + 56, + sizeof(DES_cblock), + sizeof(DES_cblock), + sizeof(DES_key_schedule), + krb5_DES_random_key, + krb5_DES_schedule, + des_salt, + krb5_DES_random_to_key +}; + +static struct key_type keytype_des3 = { + KEYTYPE_DES3, + "des3", + 168, + 3 * sizeof(DES_cblock), + 3 * sizeof(DES_cblock), + 3 * sizeof(DES_key_schedule), + DES3_random_key, + DES3_schedule, + des3_salt, + DES3_random_to_key +}; + +static struct key_type keytype_des3_derived = { + KEYTYPE_DES3, + "des3", + 168, + 3 * sizeof(DES_cblock), + 3 * sizeof(DES_cblock), + 3 * sizeof(DES_key_schedule), + DES3_random_key, + DES3_schedule, + des3_salt_derived, + DES3_random_to_key +}; + +static struct key_type keytype_aes128 = { + KEYTYPE_AES128, + "aes-128", + 128, + 16, + 16, + sizeof(struct krb5_aes_schedule), + NULL, + AES_schedule, + AES_salt +}; + +static struct key_type keytype_aes192 = { + KEYTYPE_AES192, + "aes-192", + 192, + 24, + 24, + sizeof(struct krb5_aes_schedule), + NULL, + AES_schedule, + AES_salt +}; + +static struct key_type keytype_aes256 = { + KEYTYPE_AES256, + "aes-256", + 256, + 32, + 32, + sizeof(struct krb5_aes_schedule), + NULL, + AES_schedule, + AES_salt +}; + +static struct key_type keytype_arcfour = { + KEYTYPE_ARCFOUR, + "arcfour", + 128, + 16, + 16, + sizeof(RC4_KEY), + NULL, + ARCFOUR_schedule, + arcfour_salt +}; + +static struct key_type keytype_rc2 = { + KEYTYPE_RC2, + "rc2", + 128, + 16, + 1, + sizeof(RC2_KEY), + NULL, + rc2_schedule, + NULL, /* XXX salt */ + NULL, + rc2_get_params, + rc2_set_params +}; + +static struct key_type *keytypes[] = { + &keytype_null, + &keytype_des, + &keytype_des3_derived, + &keytype_des3, + &keytype_aes128, + &keytype_aes192, + &keytype_aes256, + &keytype_rc2, + &keytype_arcfour +}; + +static int num_keytypes = sizeof(keytypes) / sizeof(keytypes[0]); + +static struct key_type * +_find_keytype(krb5_keytype type) +{ + int i; + for(i = 0; i < num_keytypes; i++) + if(keytypes[i]->type == type) + return keytypes[i]; + return NULL; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_salttype_to_string (krb5_context context, + krb5_enctype etype, + krb5_salttype stype, + char **string) +{ + struct encryption_type *e; + struct salt_type *st; + + e = _find_enctype (etype); + if (e == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + etype); + return KRB5_PROG_ETYPE_NOSUPP; + } + for (st = e->keytype->string_to_key; st && st->type; st++) { + if (st->type == stype) { + *string = strdup (st->name); + if (*string == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + return 0; + } + } + krb5_set_error_string(context, "salttype %d not supported", stype); + return HEIM_ERR_SALTTYPE_NOSUPP; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_salttype (krb5_context context, + krb5_enctype etype, + const char *string, + krb5_salttype *salttype) +{ + struct encryption_type *e; + struct salt_type *st; + + e = _find_enctype (etype); + if (e == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + etype); + return KRB5_PROG_ETYPE_NOSUPP; + } + for (st = e->keytype->string_to_key; st && st->type; st++) { + if (strcasecmp (st->name, string) == 0) { + *salttype = st->type; + return 0; + } + } + krb5_set_error_string(context, "salttype %s not supported", string); + return HEIM_ERR_SALTTYPE_NOSUPP; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_pw_salt(krb5_context context, + krb5_const_principal principal, + krb5_salt *salt) +{ + size_t len; + int i; + krb5_error_code ret; + char *p; + + salt->salttype = KRB5_PW_SALT; + len = strlen(principal->realm); + for (i = 0; i < principal->name.name_string.len; ++i) + len += strlen(principal->name.name_string.val[i]); + ret = krb5_data_alloc (&salt->saltvalue, len); + if (ret) + return ret; + p = salt->saltvalue.data; + memcpy (p, principal->realm, strlen(principal->realm)); + p += strlen(principal->realm); + for (i = 0; i < principal->name.name_string.len; ++i) { + memcpy (p, + principal->name.name_string.val[i], + strlen(principal->name.name_string.val[i])); + p += strlen(principal->name.name_string.val[i]); + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_salt(krb5_context context, + krb5_salt salt) +{ + krb5_data_free(&salt.saltvalue); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_key_data (krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_principal principal, + krb5_keyblock *key) +{ + krb5_error_code ret; + krb5_salt salt; + + ret = krb5_get_pw_salt(context, principal, &salt); + if(ret) + return ret; + ret = krb5_string_to_key_data_salt(context, enctype, password, salt, key); + krb5_free_salt(context, salt); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_key (krb5_context context, + krb5_enctype enctype, + const char *password, + krb5_principal principal, + krb5_keyblock *key) +{ + krb5_data pw; + pw.data = rk_UNCONST(password); + pw.length = strlen(password); + return krb5_string_to_key_data(context, enctype, pw, principal, key); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_key_data_salt (krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_keyblock *key) +{ + krb5_data opaque; + krb5_data_zero(&opaque); + return krb5_string_to_key_data_salt_opaque(context, enctype, password, + salt, opaque, key); +} + +/* + * Do a string -> key for encryption type `enctype' operation on + * `password' (with salt `salt' and the enctype specific data string + * `opaque'), returning the resulting key in `key' + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_key_data_salt_opaque (krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + struct encryption_type *et =_find_enctype(enctype); + struct salt_type *st; + if(et == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + enctype); + return KRB5_PROG_ETYPE_NOSUPP; + } + for(st = et->keytype->string_to_key; st && st->type; st++) + if(st->type == salt.salttype) + return (*st->string_to_key)(context, enctype, password, + salt, opaque, key); + krb5_set_error_string(context, "salt type %d not supported", + salt.salttype); + return HEIM_ERR_SALTTYPE_NOSUPP; +} + +/* + * Do a string -> key for encryption type `enctype' operation on the + * string `password' (with salt `salt'), returning the resulting key + * in `key' + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_key_salt (krb5_context context, + krb5_enctype enctype, + const char *password, + krb5_salt salt, + krb5_keyblock *key) +{ + krb5_data pw; + pw.data = rk_UNCONST(password); + pw.length = strlen(password); + return krb5_string_to_key_data_salt(context, enctype, pw, salt, key); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_key_salt_opaque (krb5_context context, + krb5_enctype enctype, + const char *password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + krb5_data pw; + pw.data = rk_UNCONST(password); + pw.length = strlen(password); + return krb5_string_to_key_data_salt_opaque(context, enctype, + pw, salt, opaque, key); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_keytype_to_string(krb5_context context, + krb5_keytype keytype, + char **string) +{ + struct key_type *kt = _find_keytype(keytype); + if(kt == NULL) { + krb5_set_error_string(context, "key type %d not supported", keytype); + return KRB5_PROG_KEYTYPE_NOSUPP; + } + *string = strdup(kt->name); + if(*string == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_keytype(krb5_context context, + const char *string, + krb5_keytype *keytype) +{ + int i; + for(i = 0; i < num_keytypes; i++) + if(strcasecmp(keytypes[i]->name, string) == 0){ + *keytype = keytypes[i]->type; + return 0; + } + krb5_set_error_string(context, "key type %s not supported", string); + return KRB5_PROG_KEYTYPE_NOSUPP; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_keysize(krb5_context context, + krb5_enctype type, + size_t *keysize) +{ + struct encryption_type *et = _find_enctype(type); + if(et == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + type); + return KRB5_PROG_ETYPE_NOSUPP; + } + *keysize = et->keytype->size; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_generate_random_keyblock(krb5_context context, + krb5_enctype type, + krb5_keyblock *key) +{ + krb5_error_code ret; + struct encryption_type *et = _find_enctype(type); + if(et == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + type); + return KRB5_PROG_ETYPE_NOSUPP; + } + ret = krb5_data_alloc(&key->keyvalue, et->keytype->size); + if(ret) + return ret; + key->keytype = type; + if(et->keytype->random_key) + (*et->keytype->random_key)(context, key); + else + krb5_generate_random_block(key->keyvalue.data, + key->keyvalue.length); + return 0; +} + +static krb5_error_code +_key_schedule(krb5_context context, + struct key_data *key, + const void *params) +{ + krb5_error_code ret; + struct encryption_type *et = _find_enctype(key->key->keytype); + struct key_type *kt = et->keytype; + + if(kt->schedule == NULL) + return 0; + if (key->schedule != NULL) + return 0; + ALLOC(key->schedule, 1); + if(key->schedule == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + ret = krb5_data_alloc(key->schedule, kt->schedule_size); + if(ret) { + free(key->schedule); + key->schedule = NULL; + return ret; + } + (*kt->schedule)(context, key, params); + return 0; +} + +/************************************************************ + * * + ************************************************************/ + +static void +NONE_checksum(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ +} + +static void +CRC32_checksum(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + u_int32_t crc; + unsigned char *r = C->checksum.data; + _krb5_crc_init_table (); + crc = _krb5_crc_update (data, len, 0); + r[0] = crc & 0xff; + r[1] = (crc >> 8) & 0xff; + r[2] = (crc >> 16) & 0xff; + r[3] = (crc >> 24) & 0xff; +} + +static void +RSA_MD4_checksum(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + MD4_CTX m; + + MD4_Init (&m); + MD4_Update (&m, data, len); + MD4_Final (C->checksum.data, &m); +} + +static void +RSA_MD4_DES_checksum(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *cksum) +{ + MD4_CTX md4; + DES_cblock ivec; + unsigned char *p = cksum->checksum.data; + + krb5_generate_random_block(p, 8); + MD4_Init (&md4); + MD4_Update (&md4, p, 8); + MD4_Update (&md4, data, len); + MD4_Final (p + 8, &md4); + memset (&ivec, 0, sizeof(ivec)); + DES_cbc_encrypt(p, + p, + 24, + key->schedule->data, + &ivec, + DES_ENCRYPT); +} + +static krb5_error_code +RSA_MD4_DES_verify(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + MD4_CTX md4; + unsigned char tmp[24]; + unsigned char res[16]; + DES_cblock ivec; + krb5_error_code ret = 0; + + memset(&ivec, 0, sizeof(ivec)); + DES_cbc_encrypt(C->checksum.data, + (void*)tmp, + C->checksum.length, + key->schedule->data, + &ivec, + DES_DECRYPT); + MD4_Init (&md4); + MD4_Update (&md4, tmp, 8); /* confounder */ + MD4_Update (&md4, data, len); + MD4_Final (res, &md4); + if(memcmp(res, tmp + 8, sizeof(res)) != 0) { + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + } + memset(tmp, 0, sizeof(tmp)); + memset(res, 0, sizeof(res)); + return ret; +} + +static void +RSA_MD5_checksum(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + MD5_CTX m; + + MD5_Init (&m); + MD5_Update(&m, data, len); + MD5_Final (C->checksum.data, &m); +} + +static void +RSA_MD5_DES_checksum(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + MD5_CTX md5; + DES_cblock ivec; + unsigned char *p = C->checksum.data; + + krb5_generate_random_block(p, 8); + MD5_Init (&md5); + MD5_Update (&md5, p, 8); + MD5_Update (&md5, data, len); + MD5_Final (p + 8, &md5); + memset (&ivec, 0, sizeof(ivec)); + DES_cbc_encrypt(p, + p, + 24, + key->schedule->data, + &ivec, + DES_ENCRYPT); +} + +static krb5_error_code +RSA_MD5_DES_verify(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + MD5_CTX md5; + unsigned char tmp[24]; + unsigned char res[16]; + DES_cblock ivec; + DES_key_schedule *sched = key->schedule->data; + krb5_error_code ret = 0; + + memset(&ivec, 0, sizeof(ivec)); + DES_cbc_encrypt(C->checksum.data, + (void*)tmp, + C->checksum.length, + &sched[0], + &ivec, + DES_DECRYPT); + MD5_Init (&md5); + MD5_Update (&md5, tmp, 8); /* confounder */ + MD5_Update (&md5, data, len); + MD5_Final (res, &md5); + if(memcmp(res, tmp + 8, sizeof(res)) != 0) { + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + } + memset(tmp, 0, sizeof(tmp)); + memset(res, 0, sizeof(res)); + return ret; +} + +static void +RSA_MD5_DES3_checksum(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + MD5_CTX md5; + DES_cblock ivec; + unsigned char *p = C->checksum.data; + DES_key_schedule *sched = key->schedule->data; + + krb5_generate_random_block(p, 8); + MD5_Init (&md5); + MD5_Update (&md5, p, 8); + MD5_Update (&md5, data, len); + MD5_Final (p + 8, &md5); + memset (&ivec, 0, sizeof(ivec)); + DES_ede3_cbc_encrypt(p, + p, + 24, + &sched[0], &sched[1], &sched[2], + &ivec, + DES_ENCRYPT); +} + +static krb5_error_code +RSA_MD5_DES3_verify(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + MD5_CTX md5; + unsigned char tmp[24]; + unsigned char res[16]; + DES_cblock ivec; + DES_key_schedule *sched = key->schedule->data; + krb5_error_code ret = 0; + + memset(&ivec, 0, sizeof(ivec)); + DES_ede3_cbc_encrypt(C->checksum.data, + (void*)tmp, + C->checksum.length, + &sched[0], &sched[1], &sched[2], + &ivec, + DES_DECRYPT); + MD5_Init (&md5); + MD5_Update (&md5, tmp, 8); /* confounder */ + MD5_Update (&md5, data, len); + MD5_Final (res, &md5); + if(memcmp(res, tmp + 8, sizeof(res)) != 0) { + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + } + memset(tmp, 0, sizeof(tmp)); + memset(res, 0, sizeof(res)); + return ret; +} + +static void +SHA1_checksum(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + SHA_CTX m; + + SHA1_Init(&m); + SHA1_Update(&m, data, len); + SHA1_Final(C->checksum.data, &m); +} + +/* HMAC according to RFC2104 */ +static krb5_error_code +hmac(krb5_context context, + struct checksum_type *cm, + const void *data, + size_t len, + unsigned usage, + struct key_data *keyblock, + Checksum *result) +{ + unsigned char *ipad, *opad; + unsigned char *key; + size_t key_len; + int i; + + ipad = malloc(cm->blocksize + len); + if (ipad == NULL) + return ENOMEM; + opad = malloc(cm->blocksize + cm->checksumsize); + if (opad == NULL) { + free(ipad); + return ENOMEM; + } + memset(ipad, 0x36, cm->blocksize); + memset(opad, 0x5c, cm->blocksize); + + if(keyblock->key->keyvalue.length > cm->blocksize){ + (*cm->checksum)(context, + keyblock, + keyblock->key->keyvalue.data, + keyblock->key->keyvalue.length, + usage, + result); + key = result->checksum.data; + key_len = result->checksum.length; + } else { + key = keyblock->key->keyvalue.data; + key_len = keyblock->key->keyvalue.length; + } + for(i = 0; i < key_len; i++){ + ipad[i] ^= key[i]; + opad[i] ^= key[i]; + } + memcpy(ipad + cm->blocksize, data, len); + (*cm->checksum)(context, keyblock, ipad, cm->blocksize + len, + usage, result); + memcpy(opad + cm->blocksize, result->checksum.data, + result->checksum.length); + (*cm->checksum)(context, keyblock, opad, + cm->blocksize + cm->checksumsize, usage, result); + memset(ipad, 0, cm->blocksize + len); + free(ipad); + memset(opad, 0, cm->blocksize + cm->checksumsize); + free(opad); + + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_hmac(krb5_context context, + krb5_cksumtype cktype, + const void *data, + size_t len, + unsigned usage, + krb5_keyblock *key, + Checksum *result) +{ + struct checksum_type *c = _find_checksum(cktype); + struct key_data kd; + krb5_error_code ret; + + if (c == NULL) { + krb5_set_error_string (context, "checksum type %d not supported", + cktype); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + + kd.key = key; + kd.schedule = NULL; + + ret = hmac(context, c, data, len, usage, &kd, result); + + if (kd.schedule) + krb5_free_data(context, kd.schedule); + + return ret; + } + +static void +SP_HMAC_SHA1_checksum(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *result) +{ + struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1); + Checksum res; + char sha1_data[20]; + krb5_error_code ret; + + res.checksum.data = sha1_data; + res.checksum.length = sizeof(sha1_data); + + ret = hmac(context, c, data, len, usage, key, &res); + if (ret) + krb5_abortx(context, "hmac failed"); + memcpy(result->checksum.data, res.checksum.data, result->checksum.length); +} + +/* + * checksum according to section 5. of draft-brezak-win2k-krb-rc4-hmac-03.txt + */ + +static void +HMAC_MD5_checksum(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *result) +{ + MD5_CTX md5; + struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); + const char signature[] = "signaturekey"; + Checksum ksign_c; + struct key_data ksign; + krb5_keyblock kb; + unsigned char t[4]; + unsigned char tmp[16]; + unsigned char ksign_c_data[16]; + krb5_error_code ret; + + ksign_c.checksum.length = sizeof(ksign_c_data); + ksign_c.checksum.data = ksign_c_data; + ret = hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c); + if (ret) + krb5_abortx(context, "hmac failed"); + ksign.key = &kb; + kb.keyvalue = ksign_c.checksum; + MD5_Init (&md5); + t[0] = (usage >> 0) & 0xFF; + t[1] = (usage >> 8) & 0xFF; + t[2] = (usage >> 16) & 0xFF; + t[3] = (usage >> 24) & 0xFF; + MD5_Update (&md5, t, 4); + MD5_Update (&md5, data, len); + MD5_Final (tmp, &md5); + ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result); + if (ret) + krb5_abortx(context, "hmac failed"); +} + +/* + * same as previous but being used while encrypting. + */ + +static void +HMAC_MD5_checksum_enc(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *result) +{ + struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); + Checksum ksign_c; + struct key_data ksign; + krb5_keyblock kb; + unsigned char t[4]; + unsigned char ksign_c_data[16]; + krb5_error_code ret; + + t[0] = (usage >> 0) & 0xFF; + t[1] = (usage >> 8) & 0xFF; + t[2] = (usage >> 16) & 0xFF; + t[3] = (usage >> 24) & 0xFF; + + ksign_c.checksum.length = sizeof(ksign_c_data); + ksign_c.checksum.data = ksign_c_data; + ret = hmac(context, c, t, sizeof(t), 0, key, &ksign_c); + if (ret) + krb5_abortx(context, "hmac failed"); + ksign.key = &kb; + kb.keyvalue = ksign_c.checksum; + ret = hmac(context, c, data, len, 0, &ksign, result); + if (ret) + krb5_abortx(context, "hmac failed"); +} + +static struct checksum_type checksum_none = { + CKSUMTYPE_NONE, + "none", + 1, + 0, + 0, + NONE_checksum, + NULL +}; +static struct checksum_type checksum_crc32 = { + CKSUMTYPE_CRC32, + "crc32", + 1, + 4, + 0, + CRC32_checksum, + NULL +}; +static struct checksum_type checksum_rsa_md4 = { + CKSUMTYPE_RSA_MD4, + "rsa-md4", + 64, + 16, + F_CPROOF, + RSA_MD4_checksum, + NULL +}; +static struct checksum_type checksum_rsa_md4_des = { + CKSUMTYPE_RSA_MD4_DES, + "rsa-md4-des", + 64, + 24, + F_KEYED | F_CPROOF | F_VARIANT, + RSA_MD4_DES_checksum, + RSA_MD4_DES_verify +}; +#if 0 +static struct checksum_type checksum_des_mac = { + CKSUMTYPE_DES_MAC, + "des-mac", + 0, + 0, + 0, + DES_MAC_checksum +}; +static struct checksum_type checksum_des_mac_k = { + CKSUMTYPE_DES_MAC_K, + "des-mac-k", + 0, + 0, + 0, + DES_MAC_K_checksum +}; +static struct checksum_type checksum_rsa_md4_des_k = { + CKSUMTYPE_RSA_MD4_DES_K, + "rsa-md4-des-k", + 0, + 0, + 0, + RSA_MD4_DES_K_checksum, + RSA_MD4_DES_K_verify +}; +#endif +static struct checksum_type checksum_rsa_md5 = { + CKSUMTYPE_RSA_MD5, + "rsa-md5", + 64, + 16, + F_CPROOF, + RSA_MD5_checksum, + NULL +}; +static struct checksum_type checksum_rsa_md5_des = { + CKSUMTYPE_RSA_MD5_DES, + "rsa-md5-des", + 64, + 24, + F_KEYED | F_CPROOF | F_VARIANT, + RSA_MD5_DES_checksum, + RSA_MD5_DES_verify +}; +static struct checksum_type checksum_rsa_md5_des3 = { + CKSUMTYPE_RSA_MD5_DES3, + "rsa-md5-des3", + 64, + 24, + F_KEYED | F_CPROOF | F_VARIANT, + RSA_MD5_DES3_checksum, + RSA_MD5_DES3_verify +}; +static struct checksum_type checksum_sha1 = { + CKSUMTYPE_SHA1, + "sha1", + 64, + 20, + F_CPROOF, + SHA1_checksum, + NULL +}; +static struct checksum_type checksum_hmac_sha1_des3 = { + CKSUMTYPE_HMAC_SHA1_DES3, + "hmac-sha1-des3", + 64, + 20, + F_KEYED | F_CPROOF | F_DERIVED, + SP_HMAC_SHA1_checksum, + NULL +}; + +static struct checksum_type checksum_hmac_sha1_aes128 = { + CKSUMTYPE_HMAC_SHA1_96_AES_128, + "hmac-sha1-96-aes128", + 64, + 12, + F_KEYED | F_CPROOF | F_DERIVED, + SP_HMAC_SHA1_checksum, + NULL +}; + +static struct checksum_type checksum_hmac_sha1_aes256 = { + CKSUMTYPE_HMAC_SHA1_96_AES_256, + "hmac-sha1-96-aes256", + 64, + 12, + F_KEYED | F_CPROOF | F_DERIVED, + SP_HMAC_SHA1_checksum, + NULL +}; + +static struct checksum_type checksum_hmac_md5 = { + CKSUMTYPE_HMAC_MD5, + "hmac-md5", + 64, + 16, + F_KEYED | F_CPROOF, + HMAC_MD5_checksum, + NULL +}; + +static struct checksum_type checksum_hmac_md5_enc = { + CKSUMTYPE_HMAC_MD5_ENC, + "hmac-md5-enc", + 64, + 16, + F_KEYED | F_CPROOF | F_PSEUDO, + HMAC_MD5_checksum_enc, + NULL +}; + +static struct checksum_type *checksum_types[] = { + &checksum_none, + &checksum_crc32, + &checksum_rsa_md4, + &checksum_rsa_md4_des, +#if 0 + &checksum_des_mac, + &checksum_des_mac_k, + &checksum_rsa_md4_des_k, +#endif + &checksum_rsa_md5, + &checksum_rsa_md5_des, + &checksum_rsa_md5_des3, + &checksum_sha1, + &checksum_hmac_sha1_des3, + &checksum_hmac_sha1_aes128, + &checksum_hmac_sha1_aes256, + &checksum_hmac_md5, + &checksum_hmac_md5_enc +}; + +static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]); + +static struct checksum_type * +_find_checksum(krb5_cksumtype type) +{ + int i; + for(i = 0; i < num_checksums; i++) + if(checksum_types[i]->type == type) + return checksum_types[i]; + return NULL; +} + +static krb5_error_code +get_checksum_key(krb5_context context, + krb5_crypto crypto, + unsigned usage, /* not krb5_key_usage */ + struct checksum_type *ct, + struct key_data **key) +{ + krb5_error_code ret = 0; + + if(ct->flags & F_DERIVED) + ret = _get_derived_key(context, crypto, usage, key); + else if(ct->flags & F_VARIANT) { + int i; + + *key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */); + if(*key == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + ret = krb5_copy_keyblock(context, crypto->key.key, &(*key)->key); + if(ret) + return ret; + for(i = 0; i < (*key)->key->keyvalue.length; i++) + ((unsigned char*)(*key)->key->keyvalue.data)[i] ^= 0xF0; + } else { + *key = &crypto->key; + } + if(ret == 0) + ret = _key_schedule(context, *key, crypto->params); + return ret; +} + +static krb5_error_code +create_checksum (krb5_context context, + struct checksum_type *ct, + krb5_crypto crypto, + unsigned usage, + void *data, + size_t len, + Checksum *result) +{ + krb5_error_code ret; + struct key_data *dkey; + int keyed_checksum; + + if (ct->flags & F_DISABLED) { + krb5_clear_error_string (context); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + keyed_checksum = (ct->flags & F_KEYED) != 0; + if(keyed_checksum && crypto == NULL) { + krb5_clear_error_string (context); + return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ + } + if(keyed_checksum) { + ret = get_checksum_key(context, crypto, usage, ct, &dkey); + if (ret) + return ret; + } else + dkey = NULL; + result->cksumtype = ct->type; + krb5_data_alloc(&result->checksum, ct->checksumsize); + (*ct->checksum)(context, dkey, data, len, usage, result); + return 0; +} + +static int +arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto) +{ + return (ct->type == CKSUMTYPE_HMAC_MD5) && + (crypto->key.key->keytype == KEYTYPE_ARCFOUR); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_create_checksum(krb5_context context, + krb5_crypto crypto, + krb5_key_usage usage, + int type, + void *data, + size_t len, + Checksum *result) +{ + struct checksum_type *ct = NULL; + unsigned keyusage; + + /* type 0 -> pick from crypto */ + if (type) { + ct = _find_checksum(type); + } else if (crypto) { + ct = crypto->et->keyed_checksum; + if (ct == NULL) + ct = crypto->et->checksum; + } + + if(ct == NULL) { + krb5_set_error_string (context, "checksum type %d not supported", + type); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + + if (arcfour_checksum_p(ct, crypto)) { + keyusage = usage; + usage2arcfour(context, &keyusage); + } else + keyusage = CHECKSUM_USAGE(usage); + + return create_checksum(context, ct, crypto, keyusage, + data, len, result); +} + +static krb5_error_code +verify_checksum(krb5_context context, + krb5_crypto crypto, + unsigned usage, /* not krb5_key_usage */ + void *data, + size_t len, + Checksum *cksum) +{ + krb5_error_code ret; + struct key_data *dkey; + int keyed_checksum; + Checksum c; + struct checksum_type *ct; + + ct = _find_checksum(cksum->cksumtype); + if (ct == NULL || (ct->flags & F_DISABLED)) { + krb5_set_error_string (context, "checksum type %d not supported", + cksum->cksumtype); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + if(ct->checksumsize != cksum->checksum.length) { + krb5_clear_error_string (context); + return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */ + } + keyed_checksum = (ct->flags & F_KEYED) != 0; + if(keyed_checksum && crypto == NULL) { + krb5_clear_error_string (context); + return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ + } + if(keyed_checksum) + ret = get_checksum_key(context, crypto, usage, ct, &dkey); + else + dkey = NULL; + if(ct->verify) + return (*ct->verify)(context, dkey, data, len, usage, cksum); + + ret = krb5_data_alloc (&c.checksum, ct->checksumsize); + if (ret) + return ret; + + (*ct->checksum)(context, dkey, data, len, usage, &c); + + if(c.checksum.length != cksum->checksum.length || + memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) { + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + } else { + ret = 0; + } + krb5_data_free (&c.checksum); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_verify_checksum(krb5_context context, + krb5_crypto crypto, + krb5_key_usage usage, + void *data, + size_t len, + Checksum *cksum) +{ + struct checksum_type *ct; + unsigned keyusage; + + ct = _find_checksum(cksum->cksumtype); + if(ct == NULL) { + krb5_set_error_string (context, "checksum type %d not supported", + cksum->cksumtype); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + + if (arcfour_checksum_p(ct, crypto)) { + keyusage = usage; + usage2arcfour(context, &keyusage); + } else + keyusage = CHECKSUM_USAGE(usage); + + return verify_checksum(context, crypto, keyusage, + data, len, cksum); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_get_checksum_type(krb5_context context, + krb5_crypto crypto, + krb5_cksumtype *type) +{ + struct checksum_type *ct = NULL; + + if (crypto != NULL) { + ct = crypto->et->keyed_checksum; + if (ct == NULL) + ct = crypto->et->checksum; + } + + if (ct == NULL) { + krb5_set_error_string (context, "checksum type not found"); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + + *type = ct->type; + + return 0; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_checksumsize(krb5_context context, + krb5_cksumtype type, + size_t *size) +{ + struct checksum_type *ct = _find_checksum(type); + if(ct == NULL) { + krb5_set_error_string (context, "checksum type %d not supported", + type); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + *size = ct->checksumsize; + return 0; +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_checksum_is_keyed(krb5_context context, + krb5_cksumtype type) +{ + struct checksum_type *ct = _find_checksum(type); + if(ct == NULL) { + if (context) + krb5_set_error_string (context, "checksum type %d not supported", + type); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + return ct->flags & F_KEYED; +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_checksum_is_collision_proof(krb5_context context, + krb5_cksumtype type) +{ + struct checksum_type *ct = _find_checksum(type); + if(ct == NULL) { + if (context) + krb5_set_error_string (context, "checksum type %d not supported", + type); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + return ct->flags & F_CPROOF; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_checksum_disable(krb5_context context, + krb5_cksumtype type) +{ + struct checksum_type *ct = _find_checksum(type); + if(ct == NULL) { + if (context) + krb5_set_error_string (context, "checksum type %d not supported", + type); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + ct->flags |= F_DISABLED; + return 0; +} + +/************************************************************ + * * + ************************************************************/ + +static krb5_error_code +NULL_encrypt(krb5_context context, + struct key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ivec) +{ + return 0; +} + +static krb5_error_code +DES_CBC_encrypt_null_ivec(krb5_context context, + struct key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ignore_ivec) +{ + DES_cblock ivec; + DES_key_schedule *s = key->schedule->data; + memset(&ivec, 0, sizeof(ivec)); + DES_cbc_encrypt(data, data, len, s, &ivec, encryptp); + return 0; +} + +static krb5_error_code +DES_CBC_encrypt_key_ivec(krb5_context context, + struct key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ignore_ivec) +{ + DES_cblock ivec; + DES_key_schedule *s = key->schedule->data; + memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); + DES_cbc_encrypt(data, data, len, s, &ivec, encryptp); + return 0; +} + +static krb5_error_code +DES3_CBC_encrypt(krb5_context context, + struct key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ivec) +{ + DES_cblock local_ivec; + DES_key_schedule *s = key->schedule->data; + if(ivec == NULL) { + ivec = &local_ivec; + memset(local_ivec, 0, sizeof(local_ivec)); + } + DES_ede3_cbc_encrypt(data, data, len, &s[0], &s[1], &s[2], ivec, encryptp); + return 0; +} + +static krb5_error_code +DES_CFB64_encrypt_null_ivec(krb5_context context, + struct key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ignore_ivec) +{ + DES_cblock ivec; + int num = 0; + DES_key_schedule *s = key->schedule->data; + memset(&ivec, 0, sizeof(ivec)); + + DES_cfb64_encrypt(data, data, len, s, &ivec, &num, encryptp); + return 0; +} + +static krb5_error_code +DES_PCBC_encrypt_key_ivec(krb5_context context, + struct key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ignore_ivec) +{ + DES_cblock ivec; + DES_key_schedule *s = key->schedule->data; + memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); + + DES_pcbc_encrypt(data, data, len, s, &ivec, encryptp); + return 0; +} + +/* + * AES draft-raeburn-krb-rijndael-krb-02 + */ + +void KRB5_LIB_FUNCTION +_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *aes_key, + unsigned char *ivec, const int encryptp) +{ + unsigned char tmp[AES_BLOCK_SIZE]; + const AES_KEY *key = aes_key; /* XXX remove this when we always have AES */ + int i; + + /* + * In the framework of kerberos, the length can never be shorter + * then at least one blocksize. + */ + + if (encryptp) { + + while(len > AES_BLOCK_SIZE) { + for (i = 0; i < AES_BLOCK_SIZE; i++) + tmp[i] = in[i] ^ ivec[i]; + AES_encrypt(tmp, out, key); + memcpy(ivec, out, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + + for (i = 0; i < len; i++) + tmp[i] = in[i] ^ ivec[i]; + for (; i < AES_BLOCK_SIZE; i++) + tmp[i] = 0 ^ ivec[i]; + + AES_encrypt(tmp, out - AES_BLOCK_SIZE, key); + + memcpy(out, ivec, len); + memcpy(ivec, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + + } else { + unsigned char tmp2[AES_BLOCK_SIZE]; + unsigned char tmp3[AES_BLOCK_SIZE]; + + while(len > AES_BLOCK_SIZE * 2) { + memcpy(tmp, in, AES_BLOCK_SIZE); + AES_decrypt(in, out, key); + for (i = 0; i < AES_BLOCK_SIZE; i++) + out[i] ^= ivec[i]; + memcpy(ivec, tmp, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + + len -= AES_BLOCK_SIZE; + + memcpy(tmp, in, AES_BLOCK_SIZE); /* save last iv */ + AES_decrypt(in, tmp2, key); + + memcpy(tmp3, in + AES_BLOCK_SIZE, len); + memcpy(tmp3 + len, tmp2 + len, AES_BLOCK_SIZE - len); /* xor 0 */ + + for (i = 0; i < len; i++) + out[i + AES_BLOCK_SIZE] = tmp2[i] ^ tmp3[i]; + + AES_decrypt(tmp3, out, key); + for (i = 0; i < AES_BLOCK_SIZE; i++) + out[i] ^= ivec[i]; + memcpy(ivec, tmp, AES_BLOCK_SIZE); + } +} + +static krb5_error_code +AES_CTS_encrypt(krb5_context context, + struct key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ivec) +{ + struct krb5_aes_schedule *aeskey = key->schedule->data; + char local_ivec[AES_BLOCK_SIZE]; + AES_KEY *k; + + if (encryptp) + k = &aeskey->ekey; + else + k = &aeskey->dkey; + + if (len < AES_BLOCK_SIZE) + krb5_abortx(context, "invalid use of AES_CTS_encrypt"); + if (len == AES_BLOCK_SIZE) { + if (encryptp) + AES_encrypt(data, data, k); + else + AES_decrypt(data, data, k); + } else { + if(ivec == NULL) { + memset(local_ivec, 0, sizeof(local_ivec)); + ivec = local_ivec; + } + _krb5_aes_cts_encrypt(data, data, len, k, ivec, encryptp); + } + + return 0; +} + +static krb5_error_code +AES_CBC_encrypt(krb5_context context, + struct key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ivec) +{ + struct krb5_aes_schedule *aeskey = key->schedule->data; + char local_ivec[AES_BLOCK_SIZE]; + AES_KEY *k; + + if (encryptp) + k = &aeskey->ekey; + else + k = &aeskey->dkey; + + if(ivec == NULL) { + ivec = &local_ivec; + memset(local_ivec, 0, sizeof(local_ivec)); + } + AES_cbc_encrypt(data, data, len, k, ivec, encryptp); + return 0; +} + +/* + * RC2 + */ + +static krb5_error_code +RC2_CBC_encrypt(krb5_context context, + struct key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ivec) +{ + unsigned char local_ivec[8]; + RC2_KEY *s = key->schedule->data; + if(ivec == NULL) { + ivec = &local_ivec; + memset(local_ivec, 0, sizeof(local_ivec)); + } + RC2_cbc_encrypt(data, data, len, s, ivec, encryptp); + return 0; +} + +/* + * section 6 of draft-brezak-win2k-krb-rc4-hmac-03 + * + * warning: not for small children + */ + +static krb5_error_code +ARCFOUR_subencrypt(krb5_context context, + struct key_data *key, + void *data, + size_t len, + unsigned usage, + void *ivec) +{ + struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); + Checksum k1_c, k2_c, k3_c, cksum; + struct key_data ke; + krb5_keyblock kb; + unsigned char t[4]; + RC4_KEY rc4_key; + unsigned char *cdata = data; + unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16]; + krb5_error_code ret; + + t[0] = (usage >> 0) & 0xFF; + t[1] = (usage >> 8) & 0xFF; + t[2] = (usage >> 16) & 0xFF; + t[3] = (usage >> 24) & 0xFF; + + k1_c.checksum.length = sizeof(k1_c_data); + k1_c.checksum.data = k1_c_data; + + ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c); + if (ret) + krb5_abortx(context, "hmac failed"); + + memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data)); + + k2_c.checksum.length = sizeof(k2_c_data); + k2_c.checksum.data = k2_c_data; + + ke.key = &kb; + kb.keyvalue = k2_c.checksum; + + cksum.checksum.length = 16; + cksum.checksum.data = data; + + ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum); + if (ret) + krb5_abortx(context, "hmac failed"); + + ke.key = &kb; + kb.keyvalue = k1_c.checksum; + + k3_c.checksum.length = sizeof(k3_c_data); + k3_c.checksum.data = k3_c_data; + + ret = hmac(NULL, c, data, 16, 0, &ke, &k3_c); + if (ret) + krb5_abortx(context, "hmac failed"); + + RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data); + RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16); + memset (k1_c_data, 0, sizeof(k1_c_data)); + memset (k2_c_data, 0, sizeof(k2_c_data)); + memset (k3_c_data, 0, sizeof(k3_c_data)); + return 0; +} + +static krb5_error_code +ARCFOUR_subdecrypt(krb5_context context, + struct key_data *key, + void *data, + size_t len, + unsigned usage, + void *ivec) +{ + struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); + Checksum k1_c, k2_c, k3_c, cksum; + struct key_data ke; + krb5_keyblock kb; + unsigned char t[4]; + RC4_KEY rc4_key; + unsigned char *cdata = data; + unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16]; + unsigned char cksum_data[16]; + krb5_error_code ret; + + t[0] = (usage >> 0) & 0xFF; + t[1] = (usage >> 8) & 0xFF; + t[2] = (usage >> 16) & 0xFF; + t[3] = (usage >> 24) & 0xFF; + + k1_c.checksum.length = sizeof(k1_c_data); + k1_c.checksum.data = k1_c_data; + + ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c); + if (ret) + krb5_abortx(context, "hmac failed"); + + memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data)); + + k2_c.checksum.length = sizeof(k2_c_data); + k2_c.checksum.data = k2_c_data; + + ke.key = &kb; + kb.keyvalue = k1_c.checksum; + + k3_c.checksum.length = sizeof(k3_c_data); + k3_c.checksum.data = k3_c_data; + + ret = hmac(NULL, c, cdata, 16, 0, &ke, &k3_c); + if (ret) + krb5_abortx(context, "hmac failed"); + + RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data); + RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16); + + ke.key = &kb; + kb.keyvalue = k2_c.checksum; + + cksum.checksum.length = 16; + cksum.checksum.data = cksum_data; + + ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum); + if (ret) + krb5_abortx(context, "hmac failed"); + + memset (k1_c_data, 0, sizeof(k1_c_data)); + memset (k2_c_data, 0, sizeof(k2_c_data)); + memset (k3_c_data, 0, sizeof(k3_c_data)); + + if (memcmp (cksum.checksum.data, data, 16) != 0) { + krb5_clear_error_string (context); + return KRB5KRB_AP_ERR_BAD_INTEGRITY; + } else { + return 0; + } +} + +/* + * convert the usage numbers used in + * draft-ietf-cat-kerb-key-derivation-00.txt to the ones in + * draft-brezak-win2k-krb-rc4-hmac-04.txt + */ + +static krb5_error_code +usage2arcfour (krb5_context context, unsigned *usage) +{ + switch (*usage) { + case KRB5_KU_AS_REP_ENC_PART : /* 3 */ + case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : /* 9 */ + *usage = 8; + return 0; + case KRB5_KU_USAGE_SEAL : /* 22 */ + *usage = 13; + return 0; + case KRB5_KU_USAGE_SIGN : /* 23 */ + *usage = 15; + return 0; + case KRB5_KU_USAGE_SEQ: /* 24 */ + *usage = 0; + return 0; + default : + return 0; + } +} + +static krb5_error_code +ARCFOUR_encrypt(krb5_context context, + struct key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ivec) +{ + krb5_error_code ret; + unsigned keyusage = usage; + + if((ret = usage2arcfour (context, &keyusage)) != 0) + return ret; + + if (encryptp) + return ARCFOUR_subencrypt (context, key, data, len, keyusage, ivec); + else + return ARCFOUR_subdecrypt (context, key, data, len, keyusage, ivec); +} + + +/* + * these should currently be in reverse preference order. + * (only relevant for !F_PSEUDO) */ + +static struct encryption_type enctype_null = { + ETYPE_NULL, + "null", + NULL, + 1, + 1, + 0, + &keytype_null, + &checksum_none, + NULL, + F_DISABLED, + NULL_encrypt, +}; +static struct encryption_type enctype_des_cbc_crc = { + ETYPE_DES_CBC_CRC, + "des-cbc-crc", + NULL, + 8, + 8, + 8, + &keytype_des, + &checksum_crc32, + NULL, + 0, + DES_CBC_encrypt_key_ivec, +}; +static struct encryption_type enctype_des_cbc_md4 = { + ETYPE_DES_CBC_MD4, + "des-cbc-md4", + NULL, + 8, + 8, + 8, + &keytype_des, + &checksum_rsa_md4, + &checksum_rsa_md4_des, + 0, + DES_CBC_encrypt_null_ivec, +}; +static struct encryption_type enctype_des_cbc_md5 = { + ETYPE_DES_CBC_MD5, + "des-cbc-md5", + NULL, + 8, + 8, + 8, + &keytype_des, + &checksum_rsa_md5, + &checksum_rsa_md5_des, + 0, + DES_CBC_encrypt_null_ivec, +}; +static struct encryption_type enctype_arcfour_hmac_md5 = { + ETYPE_ARCFOUR_HMAC_MD5, + "arcfour-hmac-md5", + NULL, + 1, + 1, + 8, + &keytype_arcfour, + &checksum_hmac_md5, + NULL, + F_SPECIAL, + ARCFOUR_encrypt +}; +static struct encryption_type enctype_des3_cbc_md5 = { + ETYPE_DES3_CBC_MD5, + "des3-cbc-md5", + NULL, + 8, + 8, + 8, + &keytype_des3, + &checksum_rsa_md5, + &checksum_rsa_md5_des3, + 0, + DES3_CBC_encrypt, +}; +static struct encryption_type enctype_des3_cbc_sha1 = { + ETYPE_DES3_CBC_SHA1, + "des3-cbc-sha1", + NULL, + 8, + 8, + 8, + &keytype_des3_derived, + &checksum_sha1, + &checksum_hmac_sha1_des3, + F_DERIVED, + DES3_CBC_encrypt, +}; +static struct encryption_type enctype_old_des3_cbc_sha1 = { + ETYPE_OLD_DES3_CBC_SHA1, + "old-des3-cbc-sha1", + NULL, + 8, + 8, + 8, + &keytype_des3, + &checksum_sha1, + &checksum_hmac_sha1_des3, + 0, + DES3_CBC_encrypt, +}; +static struct encryption_type enctype_aes128_cts_hmac_sha1 = { + ETYPE_AES128_CTS_HMAC_SHA1_96, + "aes128-cts-hmac-sha1-96", + NULL, + 16, + 1, + 16, + &keytype_aes128, + &checksum_sha1, + &checksum_hmac_sha1_aes128, + F_DERIVED, + AES_CTS_encrypt, +}; +static struct encryption_type enctype_aes256_cts_hmac_sha1 = { + ETYPE_AES256_CTS_HMAC_SHA1_96, + "aes256-cts-hmac-sha1-96", + NULL, + 16, + 1, + 16, + &keytype_aes256, + &checksum_sha1, + &checksum_hmac_sha1_aes256, + F_DERIVED, + AES_CTS_encrypt, +}; +static unsigned aes_128_cbc_num[] = { 2, 16, 840, 1, 101, 3, 4, 1, 2 }; +static heim_oid aes_128_cbc_oid = kcrypto_oid_enc(aes_128_cbc_num); +static struct encryption_type enctype_aes128_cbc_none = { + ETYPE_AES128_CBC_NONE, + "aes128-cbc-none", + &aes_128_cbc_oid, + 16, + 16, + 16, + &keytype_aes128, + &checksum_none, + NULL, + F_PSEUDO|F_PADCMS, + AES_CBC_encrypt, +}; +static unsigned aes_192_cbc_num[] = { 2, 16, 840, 1, 101, 3, 4, 1, 22 }; +static heim_oid aes_192_cbc_oid = kcrypto_oid_enc(aes_192_cbc_num); +static struct encryption_type enctype_aes192_cbc_none = { + ETYPE_AES192_CBC_NONE, + "aes192-cbc-none", + &aes_192_cbc_oid, + 16, + 16, + 16, + &keytype_aes192, + &checksum_none, + NULL, + F_PSEUDO|F_PADCMS, + AES_CBC_encrypt, +}; +static unsigned aes_256_cbc_num[] = { 2, 16, 840, 1, 101, 3, 4, 1, 42 }; +static heim_oid aes_256_cbc_oid = kcrypto_oid_enc(aes_256_cbc_num); +static struct encryption_type enctype_aes256_cbc_none = { + ETYPE_AES256_CBC_NONE, + "aes256-cbc-none", + &aes_256_cbc_oid, + 16, + 16, + 16, + &keytype_aes256, + &checksum_none, + NULL, + F_PSEUDO|F_PADCMS, + AES_CBC_encrypt, +}; +static struct encryption_type enctype_des_cbc_none = { + ETYPE_DES_CBC_NONE, + "des-cbc-none", + NULL, + 8, + 8, + 0, + &keytype_des, + &checksum_none, + NULL, + F_PSEUDO, + DES_CBC_encrypt_null_ivec, +}; +static struct encryption_type enctype_des_cfb64_none = { + ETYPE_DES_CFB64_NONE, + "des-cfb64-none", + NULL, + 1, + 1, + 0, + &keytype_des, + &checksum_none, + NULL, + F_PSEUDO, + DES_CFB64_encrypt_null_ivec, +}; +static struct encryption_type enctype_des_pcbc_none = { + ETYPE_DES_PCBC_NONE, + "des-pcbc-none", + NULL, + 8, + 8, + 0, + &keytype_des, + &checksum_none, + NULL, + F_PSEUDO, + DES_PCBC_encrypt_key_ivec, +}; +static unsigned des_ede3_cbc_num[] = { 1, 2, 840, 113549, 3, 7 }; +static heim_oid des_ede3_cbc_oid = kcrypto_oid_enc(des_ede3_cbc_num); +static struct encryption_type enctype_des3_cbc_none_cms = { + ETYPE_DES3_CBC_NONE_CMS, + "des3-cbc-none-cms", + &des_ede3_cbc_oid, + 8, + 8, + 0, + &keytype_des3_derived, + &checksum_none, + NULL, + F_PSEUDO|F_PADCMS, + DES3_CBC_encrypt, +}; +static struct encryption_type enctype_des3_cbc_none = { + ETYPE_DES3_CBC_NONE, + "des3-cbc-none", + NULL, + 8, + 8, + 0, + &keytype_des3_derived, + &checksum_none, + NULL, + F_PSEUDO, + DES3_CBC_encrypt, +}; +static unsigned rc2CBC_num[] = { 1, 2, 840, 113549, 3, 2 }; +static heim_oid rc2CBC_oid = kcrypto_oid_enc(rc2CBC_num); +static struct encryption_type enctype_rc2_cbc_none = { + ETYPE_RC2_CBC_NONE, + "rc2-cbc-none", + &rc2CBC_oid, + 8, + 8, + 0, + &keytype_rc2, + &checksum_none, + NULL, + F_PSEUDO|F_PADCMS, + RC2_CBC_encrypt, +}; + +static struct encryption_type *etypes[] = { + &enctype_null, + &enctype_des_cbc_crc, + &enctype_des_cbc_md4, + &enctype_des_cbc_md5, + &enctype_arcfour_hmac_md5, + &enctype_des3_cbc_md5, + &enctype_des3_cbc_sha1, + &enctype_old_des3_cbc_sha1, + &enctype_aes128_cts_hmac_sha1, + &enctype_aes256_cts_hmac_sha1, + &enctype_aes128_cbc_none, + &enctype_aes192_cbc_none, + &enctype_aes256_cbc_none, + &enctype_des_cbc_none, + &enctype_des_cfb64_none, + &enctype_des_pcbc_none, + &enctype_des3_cbc_none, + &enctype_des3_cbc_none_cms, + &enctype_rc2_cbc_none +}; + +static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]); + + +static struct encryption_type * +_find_enctype(krb5_enctype type) +{ + int i; + for(i = 0; i < num_etypes; i++) + if(etypes[i]->type == type) + return etypes[i]; + return NULL; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_to_string(krb5_context context, + krb5_enctype etype, + char **string) +{ + struct encryption_type *e; + e = _find_enctype(etype); + if(e == NULL) { + krb5_set_error_string (context, "encryption type %d not supported", + etype); + return KRB5_PROG_ETYPE_NOSUPP; + } + *string = strdup(e->name); + if(*string == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_enctype(krb5_context context, + const char *string, + krb5_enctype *etype) +{ + int i; + for(i = 0; i < num_etypes; i++) + if(strcasecmp(etypes[i]->name, string) == 0){ + *etype = etypes[i]->type; + return 0; + } + krb5_set_error_string (context, "encryption type %s not supported", + string); + return KRB5_PROG_ETYPE_NOSUPP; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_to_oid(krb5_context context, + krb5_enctype etype, + heim_oid *oid) +{ + struct encryption_type *et = _find_enctype(etype); + if(et == NULL) { + krb5_set_error_string (context, "encryption type %d not supported", + etype); + return KRB5_PROG_ETYPE_NOSUPP; + } + if(et->oid == NULL) { + krb5_set_error_string (context, "%s have not oid", et->name); + return KRB5_PROG_ETYPE_NOSUPP; + } + krb5_clear_error_string(context); + return copy_oid(et->oid, oid); +} + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_oid_to_enctype(krb5_context context, + const heim_oid *oid, + krb5_enctype *etype) +{ + int i; + for(i = 0; i < num_etypes; i++) { + if(etypes[i]->oid && heim_oid_cmp(etypes[i]->oid, oid) == 0) { + *etype = etypes[i]->type; + return 0; + } + } + krb5_set_error_string(context, "enctype for oid not supported"); + return KRB5_PROG_ETYPE_NOSUPP; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_to_keytype(krb5_context context, + krb5_enctype etype, + krb5_keytype *keytype) +{ + struct encryption_type *e = _find_enctype(etype); + if(e == NULL) { + krb5_set_error_string (context, "encryption type %d not supported", + etype); + return KRB5_PROG_ETYPE_NOSUPP; + } + *keytype = e->keytype->type; /* XXX */ + return 0; +} + +#if 0 +krb5_error_code KRB5_LIB_FUNCTION +krb5_keytype_to_enctype(krb5_context context, + krb5_keytype keytype, + krb5_enctype *etype) +{ + struct key_type *kt = _find_keytype(keytype); + krb5_warnx(context, "krb5_keytype_to_enctype(%u)", keytype); + if(kt == NULL) + return KRB5_PROG_KEYTYPE_NOSUPP; + *etype = kt->best_etype; + return 0; +} +#endif + +krb5_error_code KRB5_LIB_FUNCTION +krb5_keytype_to_enctypes (krb5_context context, + krb5_keytype keytype, + unsigned *len, + krb5_enctype **val) +{ + int i; + unsigned n = 0; + krb5_enctype *ret; + + for (i = num_etypes - 1; i >= 0; --i) { + if (etypes[i]->keytype->type == keytype + && !(etypes[i]->flags & F_PSEUDO)) + ++n; + } + ret = malloc(n * sizeof(*ret)); + if (ret == NULL && n != 0) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + n = 0; + for (i = num_etypes - 1; i >= 0; --i) { + if (etypes[i]->keytype->type == keytype + && !(etypes[i]->flags & F_PSEUDO)) + ret[n++] = etypes[i]->type; + } + *len = n; + *val = ret; + return 0; +} + +/* + * First take the configured list of etypes for `keytype' if available, + * else, do `krb5_keytype_to_enctypes'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_keytype_to_enctypes_default (krb5_context context, + krb5_keytype keytype, + unsigned *len, + krb5_enctype **val) +{ + int i, n; + krb5_enctype *ret; + + if (keytype != KEYTYPE_DES || context->etypes_des == NULL) + return krb5_keytype_to_enctypes (context, keytype, len, val); + + for (n = 0; context->etypes_des[n]; ++n) + ; + ret = malloc (n * sizeof(*ret)); + if (ret == NULL && n != 0) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + for (i = 0; i < n; ++i) + ret[i] = context->etypes_des[i]; + *len = n; + *val = ret; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_valid(krb5_context context, + krb5_enctype etype) +{ + struct encryption_type *e = _find_enctype(etype); + if(e == NULL) { + krb5_set_error_string (context, "encryption type %d not supported", + etype); + return KRB5_PROG_ETYPE_NOSUPP; + } + if (e->flags & F_DISABLED) { + krb5_set_error_string (context, "encryption type %s is disabled", + e->name); + return KRB5_PROG_ETYPE_NOSUPP; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cksumtype_valid(krb5_context context, + krb5_cksumtype ctype) +{ + struct checksum_type *c = _find_checksum(ctype); + if (c == NULL) { + krb5_set_error_string (context, "checksum type %d not supported", + ctype); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + if (c->flags & F_DISABLED) { + krb5_set_error_string (context, "checksum type %s is disabled", + c->name); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + return 0; +} + + +/* if two enctypes have compatible keys */ +krb5_boolean KRB5_LIB_FUNCTION +krb5_enctypes_compatible_keys(krb5_context context, + krb5_enctype etype1, + krb5_enctype etype2) +{ + struct encryption_type *e1 = _find_enctype(etype1); + struct encryption_type *e2 = _find_enctype(etype2); + return e1 != NULL && e2 != NULL && e1->keytype == e2->keytype; +} + +static krb5_boolean +derived_crypto(krb5_context context, + krb5_crypto crypto) +{ + return (crypto->et->flags & F_DERIVED) != 0; +} + +static krb5_boolean +special_crypto(krb5_context context, + krb5_crypto crypto) +{ + return (crypto->et->flags & F_SPECIAL) != 0; +} + +#define CHECKSUMSIZE(C) ((C)->checksumsize) +#define CHECKSUMTYPE(C) ((C)->type) + +static krb5_error_code +encrypt_internal_derived(krb5_context context, + krb5_crypto crypto, + unsigned usage, + void *data, + size_t len, + krb5_data *result, + void *ivec) +{ + size_t sz, block_sz, checksum_sz, total_sz; + Checksum cksum; + unsigned char *p, *q; + krb5_error_code ret; + struct key_data *dkey; + const struct encryption_type *et = crypto->et; + + checksum_sz = CHECKSUMSIZE(et->keyed_checksum); + + sz = et->confoundersize + len; + block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ + total_sz = block_sz + checksum_sz; + p = calloc(1, total_sz); + if(p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + q = p; + krb5_generate_random_block(q, et->confoundersize); /* XXX */ + q += et->confoundersize; + memcpy(q, data, len); + + ret = create_checksum(context, + et->keyed_checksum, + crypto, + INTEGRITY_USAGE(usage), + p, + block_sz, + &cksum); + if(ret == 0 && cksum.checksum.length != checksum_sz) { + free_Checksum (&cksum); + krb5_clear_error_string (context); + ret = KRB5_CRYPTO_INTERNAL; + } + if(ret) + goto fail; + memcpy(p + block_sz, cksum.checksum.data, cksum.checksum.length); + free_Checksum (&cksum); + ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); + if(ret) + goto fail; + ret = _key_schedule(context, dkey, crypto->params); + if(ret) + goto fail; +#ifdef CRYPTO_DEBUG + krb5_crypto_debug(context, 1, block_sz, dkey->key); +#endif + ret = (*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec); + if (ret) + goto fail; + result->data = p; + result->length = total_sz; + return 0; + fail: + memset(p, 0, total_sz); + free(p); + return ret; +} + + +static krb5_error_code +encrypt_internal(krb5_context context, + krb5_crypto crypto, + void *data, + size_t len, + krb5_data *result, + void *ivec) +{ + size_t sz, block_sz, checksum_sz, padsize = 0; + Checksum cksum; + unsigned char *p, *q; + krb5_error_code ret; + const struct encryption_type *et = crypto->et; + + checksum_sz = CHECKSUMSIZE(et->checksum); + + sz = et->confoundersize + checksum_sz + len; + block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ + if ((et->flags & F_PADCMS) && et->padsize != 1) { + padsize = et->padsize - (sz % et->padsize); + if (padsize == et->padsize) + block_sz += et->padsize; + } + p = calloc(1, block_sz); + if(p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + q = p; + krb5_generate_random_block(q, et->confoundersize); /* XXX */ + q += et->confoundersize; + memset(q, 0, checksum_sz); + q += checksum_sz; + memcpy(q, data, len); + + ret = create_checksum(context, + et->checksum, + crypto, + 0, + p, + block_sz, + &cksum); + if(ret == 0 && cksum.checksum.length != checksum_sz) { + krb5_clear_error_string (context); + free_Checksum(&cksum); + ret = KRB5_CRYPTO_INTERNAL; + } + if(ret) + goto fail; + memcpy(p + et->confoundersize, cksum.checksum.data, cksum.checksum.length); + free_Checksum(&cksum); + ret = _key_schedule(context, &crypto->key, crypto->params); + if(ret) + goto fail; + if (et->flags & F_PADCMS) { + int i; + q = p + len + checksum_sz + et->confoundersize; + for (i = 0; i < padsize; i++) + q[i] = padsize; + } +#ifdef CRYPTO_DEBUG + krb5_crypto_debug(context, 1, block_sz, crypto->key.key); +#endif + ret = (*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec); + if (ret) { + memset(p, 0, block_sz); + free(p); + return ret; + } + result->data = p; + result->length = block_sz; + return 0; + fail: + memset(p, 0, block_sz); + free(p); + return ret; +} + +static krb5_error_code +encrypt_internal_special(krb5_context context, + krb5_crypto crypto, + int usage, + void *data, + size_t len, + krb5_data *result, + void *ivec) +{ + struct encryption_type *et = crypto->et; + size_t cksum_sz = CHECKSUMSIZE(et->checksum); + size_t sz = len + cksum_sz + et->confoundersize; + char *tmp, *p; + krb5_error_code ret; + + tmp = malloc (sz); + if (tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + p = tmp; + memset (p, 0, cksum_sz); + p += cksum_sz; + krb5_generate_random_block(p, et->confoundersize); + p += et->confoundersize; + memcpy (p, data, len); + ret = (*et->encrypt)(context, &crypto->key, tmp, sz, TRUE, usage, ivec); + if (ret) { + memset(tmp, 0, sz); + free(tmp); + return ret; + } + result->data = tmp; + result->length = sz; + return 0; +} + +static krb5_error_code +decrypt_internal_derived(krb5_context context, + krb5_crypto crypto, + unsigned usage, + void *data, + size_t len, + krb5_data *result, + void *ivec) +{ + size_t checksum_sz; + Checksum cksum; + unsigned char *p; + krb5_error_code ret; + struct key_data *dkey; + struct encryption_type *et = crypto->et; + unsigned long l; + + checksum_sz = CHECKSUMSIZE(et->keyed_checksum); + if (len < checksum_sz) { + krb5_clear_error_string (context); + return EINVAL; /* XXX - better error code? */ + } + + if (((len - checksum_sz) % et->padsize) != 0) { + krb5_clear_error_string(context); + return KRB5_BAD_MSIZE; + } + + p = malloc(len); + if(len != 0 && p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memcpy(p, data, len); + + len -= checksum_sz; + + ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); + if(ret) { + free(p); + return ret; + } + ret = _key_schedule(context, dkey, crypto->params); + if(ret) { + free(p); + return ret; + } +#ifdef CRYPTO_DEBUG + krb5_crypto_debug(context, 0, len, dkey->key); +#endif + ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec); + if (ret) { + free(p); + return ret; + } + + cksum.checksum.data = p + len; + cksum.checksum.length = checksum_sz; + cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum); + + ret = verify_checksum(context, + crypto, + INTEGRITY_USAGE(usage), + p, + len, + &cksum); + if(ret) { + free(p); + return ret; + } + l = len - et->confoundersize; + memmove(p, p + et->confoundersize, l); + result->data = realloc(p, l); + if(result->data == NULL) { + free(p); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + result->length = l; + return 0; +} + +static krb5_error_code +decrypt_internal(krb5_context context, + krb5_crypto crypto, + void *data, + size_t len, + krb5_data *result, + void *ivec) +{ + krb5_error_code ret; + unsigned char *p; + Checksum cksum; + size_t checksum_sz, l; + struct encryption_type *et = crypto->et; + + if ((len % et->padsize) != 0) { + krb5_clear_error_string(context); + return KRB5_BAD_MSIZE; + } + + checksum_sz = CHECKSUMSIZE(et->checksum); + p = malloc(len); + if(len != 0 && p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memcpy(p, data, len); + + ret = _key_schedule(context, &crypto->key, crypto->params); + if(ret) { + free(p); + return ret; + } +#ifdef CRYPTO_DEBUG + krb5_crypto_debug(context, 0, len, crypto->key.key); +#endif + ret = (*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec); + if (ret) { + free(p); + return ret; + } + ret = krb5_data_copy(&cksum.checksum, p + et->confoundersize, checksum_sz); + if(ret) { + free(p); + return ret; + } + memset(p + et->confoundersize, 0, checksum_sz); + cksum.cksumtype = CHECKSUMTYPE(et->checksum); + ret = verify_checksum(context, NULL, 0, p, len, &cksum); + free_Checksum(&cksum); + if(ret) { + free(p); + return ret; + } + l = len - et->confoundersize - checksum_sz; + memmove(p, p + et->confoundersize + checksum_sz, l); + result->data = realloc(p, l); + if(result->data == NULL) { + free(p); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + result->length = l; + return 0; +} + +static krb5_error_code +decrypt_internal_special(krb5_context context, + krb5_crypto crypto, + int usage, + void *data, + size_t len, + krb5_data *result, + void *ivec) +{ + struct encryption_type *et = crypto->et; + size_t cksum_sz = CHECKSUMSIZE(et->checksum); + size_t sz = len - cksum_sz - et->confoundersize; + unsigned char *p; + krb5_error_code ret; + + if ((len % et->padsize) != 0) { + krb5_clear_error_string(context); + return KRB5_BAD_MSIZE; + } + + p = malloc (len); + if (p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memcpy(p, data, len); + + ret = (*et->encrypt)(context, &crypto->key, p, len, FALSE, usage, ivec); + if (ret) { + free(p); + return ret; + } + + memmove (p, p + cksum_sz + et->confoundersize, sz); + result->data = realloc(p, sz); + if(result->data == NULL) { + free(p); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + result->length = sz; + return 0; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encrypt_ivec(krb5_context context, + krb5_crypto crypto, + unsigned usage, + void *data, + size_t len, + krb5_data *result, + void *ivec) +{ + if(derived_crypto(context, crypto)) + return encrypt_internal_derived(context, crypto, usage, + data, len, result, ivec); + else if (special_crypto(context, crypto)) + return encrypt_internal_special (context, crypto, usage, + data, len, result, ivec); + else + return encrypt_internal(context, crypto, data, len, result, ivec); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encrypt(krb5_context context, + krb5_crypto crypto, + unsigned usage, + void *data, + size_t len, + krb5_data *result) +{ + return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encrypt_EncryptedData(krb5_context context, + krb5_crypto crypto, + unsigned usage, + void *data, + size_t len, + int kvno, + EncryptedData *result) +{ + result->etype = CRYPTO_ETYPE(crypto); + if(kvno){ + ALLOC(result->kvno, 1); + *result->kvno = kvno; + }else + result->kvno = NULL; + return krb5_encrypt(context, crypto, usage, data, len, &result->cipher); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decrypt_ivec(krb5_context context, + krb5_crypto crypto, + unsigned usage, + void *data, + size_t len, + krb5_data *result, + void *ivec) +{ + if(derived_crypto(context, crypto)) + return decrypt_internal_derived(context, crypto, usage, + data, len, result, ivec); + else if (special_crypto (context, crypto)) + return decrypt_internal_special(context, crypto, usage, + data, len, result, ivec); + else + return decrypt_internal(context, crypto, data, len, result, ivec); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decrypt(krb5_context context, + krb5_crypto crypto, + unsigned usage, + void *data, + size_t len, + krb5_data *result) +{ + return krb5_decrypt_ivec (context, crypto, usage, data, len, result, + NULL); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decrypt_EncryptedData(krb5_context context, + krb5_crypto crypto, + unsigned usage, + const EncryptedData *e, + krb5_data *result) +{ + return krb5_decrypt(context, crypto, usage, + e->cipher.data, e->cipher.length, result); +} + +/************************************************************ + * * + ************************************************************/ + +#ifdef HAVE_OPENSSL +#include + +/* From openssl/crypto/rand/rand_lcl.h */ +#define ENTROPY_NEEDED 20 +static int +seed_something(void) +{ + char buf[1024], seedfile[256]; + + /* If there is a seed file, load it. But such a file cannot be trusted, + so use 0 for the entropy estimate */ + if (RAND_file_name(seedfile, sizeof(seedfile))) { + int fd; + fd = open(seedfile, O_RDONLY); + if (fd >= 0) { + ssize_t ret; + ret = read(fd, buf, sizeof(buf)); + if (ret > 0) + RAND_add(buf, ret, 0.0); + close(fd); + } else + seedfile[0] = '\0'; + } else + seedfile[0] = '\0'; + + /* Calling RAND_status() will try to use /dev/urandom if it exists so + we do not have to deal with it. */ + if (RAND_status() != 1) { + krb5_context context; + const char *p; + + /* Try using egd */ + if (!krb5_init_context(&context)) { + p = krb5_config_get_string(context, NULL, "libdefaults", + "egd_socket", NULL); + if (p != NULL) + RAND_egd_bytes(p, ENTROPY_NEEDED); + krb5_free_context(context); + } + } + + if (RAND_status() == 1) { + /* Update the seed file */ + if (seedfile[0]) + RAND_write_file(seedfile); + + return 0; + } else + return -1; +} + +void KRB5_LIB_FUNCTION +krb5_generate_random_block(void *buf, size_t len) +{ + static int rng_initialized = 0; + + HEIMDAL_MUTEX_lock(&crypto_mutex); + if (!rng_initialized) { + if (seed_something()) + krb5_abortx(NULL, "Fatal: could not seed the random number generator"); + + rng_initialized = 1; + } + HEIMDAL_MUTEX_unlock(&crypto_mutex); + RAND_bytes(buf, len); +} + +#else + +void KRB5_LIB_FUNCTION +krb5_generate_random_block(void *buf, size_t len) +{ + DES_cblock key, out; + static DES_cblock counter; + static DES_key_schedule schedule; + int i; + static int initialized = 0; + + HEIMDAL_MUTEX_lock(&crypto_mutex); + if(!initialized) { + DES_new_random_key(&key); + DES_set_key(&key, &schedule); + memset(&key, 0, sizeof(key)); + DES_new_random_key(&counter); + initialized = 1; + } + HEIMDAL_MUTEX_unlock(&crypto_mutex); + while(len > 0) { + DES_ecb_encrypt(&counter, &out, &schedule, DES_ENCRYPT); + for(i = 7; i >=0; i--) + if(counter[i]++) + break; + memcpy(buf, out, min(len, sizeof(out))); + len -= min(len, sizeof(out)); + buf = (char*)buf + sizeof(out); + } +} +#endif + +static void +DES3_postproc(krb5_context context, + unsigned char *k, size_t len, struct key_data *key) +{ + DES3_random_to_key(context, key->key, k, len); + + if (key->schedule) { + krb5_free_data(context, key->schedule); + key->schedule = NULL; + } +} + +static krb5_error_code +derive_key(krb5_context context, + struct encryption_type *et, + struct key_data *key, + const void *constant, + size_t len) +{ + unsigned char *k; + unsigned int nblocks = 0, i; + krb5_error_code ret = 0; + + struct key_type *kt = et->keytype; + /* since RC2 is only the weird crypto alg with parameter and this + * function not defined with work with RC2, this is ok */ + ret = _key_schedule(context, key, NULL); + if(ret) + return ret; + if(et->blocksize * 8 < kt->bits || + len != et->blocksize) { + nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8); + k = malloc(nblocks * et->blocksize); + if(k == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + _krb5_n_fold(constant, len, k, et->blocksize); + for(i = 0; i < nblocks; i++) { + if(i > 0) + memcpy(k + i * et->blocksize, + k + (i - 1) * et->blocksize, + et->blocksize); + (*et->encrypt)(context, key, k + i * et->blocksize, et->blocksize, + 1, 0, NULL); + } + } else { + /* this case is probably broken, but won't be run anyway */ + void *c = malloc(len); + size_t res_len = (kt->bits + 7) / 8; + + if(len != 0 && c == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memcpy(c, constant, len); + (*et->encrypt)(context, key, c, len, 1, 0, NULL); + k = malloc(res_len); + if(res_len != 0 && k == NULL) { + free(c); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + _krb5_n_fold(c, len, k, res_len); + free(c); + } + + /* XXX keytype dependent post-processing */ + switch(kt->type) { + case KEYTYPE_DES3: + DES3_postproc(context, k, nblocks * et->blocksize, key); + break; + case KEYTYPE_AES128: + case KEYTYPE_AES256: + memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length); + break; + default: + krb5_set_error_string(context, + "derive_key() called with unknown keytype (%u)", + kt->type); + ret = KRB5_CRYPTO_INTERNAL; + break; + } + if (key->schedule) { + krb5_free_data(context, key->schedule); + key->schedule = NULL; + } + memset(k, 0, nblocks * et->blocksize); + free(k); + return ret; +} + +static struct key_data * +_new_derived_key(krb5_crypto crypto, unsigned usage) +{ + struct key_usage *d = crypto->key_usage; + d = realloc(d, (crypto->num_key_usage + 1) * sizeof(*d)); + if(d == NULL) + return NULL; + crypto->key_usage = d; + d += crypto->num_key_usage++; + memset(d, 0, sizeof(*d)); + d->usage = usage; + return &d->key; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_derive_key(krb5_context context, + const krb5_keyblock *key, + krb5_enctype etype, + const void *constant, + size_t constant_len, + krb5_keyblock **derived_key) +{ + krb5_error_code ret; + struct encryption_type *et; + struct key_data d; + + et = _find_enctype (etype); + if (et == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + etype); + return KRB5_PROG_ETYPE_NOSUPP; + } + + ret = krb5_copy_keyblock(context, key, derived_key); + if (ret) + return ret; + + d.key = *derived_key; + d.schedule = NULL; + ret = derive_key(context, et, &d, constant, constant_len); + if (ret) + return ret; + ret = krb5_copy_keyblock(context, d.key, derived_key); + return ret; +} + +static krb5_error_code +_get_derived_key(krb5_context context, + krb5_crypto crypto, + unsigned usage, + struct key_data **key) +{ + int i; + struct key_data *d; + unsigned char constant[5]; + + for(i = 0; i < crypto->num_key_usage; i++) + if(crypto->key_usage[i].usage == usage) { + *key = &crypto->key_usage[i].key; + return 0; + } + d = _new_derived_key(crypto, usage); + if(d == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + krb5_copy_keyblock(context, crypto->key.key, &d->key); + _krb5_put_int(constant, usage, 5); + derive_key(context, crypto->et, d, constant, sizeof(constant)); + *key = d; + return 0; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_init(krb5_context context, + const krb5_keyblock *key, + krb5_enctype etype, + krb5_crypto *crypto) +{ + krb5_error_code ret; + ALLOC(*crypto, 1); + if(*crypto == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + if(etype == ETYPE_NULL) + etype = key->keytype; + (*crypto)->et = _find_enctype(etype); + if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) { + free(*crypto); + *crypto = NULL; + krb5_set_error_string (context, "encryption type %d not supported", + etype); + return KRB5_PROG_ETYPE_NOSUPP; + } + if((*crypto)->et->keytype->minsize > key->keyvalue.length) { + free(*crypto); + *crypto = NULL; + krb5_set_error_string (context, "encryption key has bad length"); + return KRB5_BAD_KEYSIZE; + } + ret = krb5_copy_keyblock(context, key, &(*crypto)->key.key); + if(ret) { + free(*crypto); + *crypto = NULL; + return ret; + } + (*crypto)->key.schedule = NULL; + (*crypto)->num_key_usage = 0; + (*crypto)->key_usage = NULL; + (*crypto)->params = NULL; + return 0; +} + +static void +free_key_data(krb5_context context, struct key_data *key) +{ + krb5_free_keyblock(context, key->key); + if(key->schedule) { + memset(key->schedule->data, 0, key->schedule->length); + krb5_free_data(context, key->schedule); + } +} + +static void +free_key_usage(krb5_context context, struct key_usage *ku) +{ + free_key_data(context, &ku->key); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_destroy(krb5_context context, + krb5_crypto crypto) +{ + int i; + + for(i = 0; i < crypto->num_key_usage; i++) + free_key_usage(context, &crypto->key_usage[i]); + free(crypto->key_usage); + free_key_data(context, &crypto->key); + free(crypto->params); + free (crypto); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_get_params(krb5_context context, + const krb5_crypto crypto, + const krb5_data *params, + krb5_data *ivec) +{ + krb5_error_code (*gp)(krb5_context, const krb5_data *,void **,krb5_data *); + krb5_error_code ret; + + gp = crypto->et->keytype->get_params; + if (gp) { + if (crypto->params) { + krb5_set_error_string(context, + "krb5_crypto_get_params called " + "more than once"); + return KRB5_PROG_ETYPE_NOSUPP; + } + ret = (*gp)(context, params, &crypto->params, ivec); + } else { + size_t size; + if (ivec == NULL) + return 0; + ret = decode_CBCParameter(params->data, params->length, ivec, &size); + } + if (ret) + return ret; + if (ivec->length < crypto->et->blocksize) { + krb5_data_free(ivec); + krb5_set_error_string(context, "%s IV of wrong size", + crypto->et->name); + return ASN1_PARSE_ERROR; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_set_params(krb5_context context, + const krb5_crypto crypto, + const krb5_data *ivec, + krb5_data *params) +{ + krb5_error_code (*sp)(krb5_context, const void *, + const krb5_data *, krb5_data *); + krb5_error_code ret; + + sp = crypto->et->keytype->set_params; + if (sp == NULL) { + size_t size; + if (ivec == NULL) + return 0; + ASN1_MALLOC_ENCODE(CBCParameter, params->data, params->length, + ivec, &size, ret); + if (ret) + return ret; + if (size != params->length) + krb5_abortx(context, "Internal asn1 encoder failure"); + return 0; + } + if (crypto->params) { + krb5_set_error_string(context, + "krb5_crypto_set_params called " + "more than once"); + return KRB5_PROG_ETYPE_NOSUPP; + } + return (*sp)(context, crypto->params, ivec, params); +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_getblocksize(krb5_context context, + krb5_crypto crypto, + size_t *blocksize) +{ + *blocksize = crypto->et->blocksize; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_getenctype(krb5_context context, + krb5_crypto crypto, + krb5_enctype *enctype) +{ + *enctype = crypto->et->type; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_getpadsize(krb5_context context, + krb5_crypto crypto, + size_t *padsize) +{ + *padsize = crypto->et->padsize; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_getconfoundersize(krb5_context context, + krb5_crypto crypto, + size_t *confoundersize) +{ + *confoundersize = crypto->et->confoundersize; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_disable(krb5_context context, + krb5_enctype enctype) +{ + struct encryption_type *et = _find_enctype(enctype); + if(et == NULL) { + if (context) + krb5_set_error_string (context, "encryption type %d not supported", + enctype); + return KRB5_PROG_ETYPE_NOSUPP; + } + et->flags |= F_DISABLED; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_key_derived(krb5_context context, + const void *str, + size_t len, + krb5_enctype etype, + krb5_keyblock *key) +{ + struct encryption_type *et = _find_enctype(etype); + krb5_error_code ret; + struct key_data kd; + size_t keylen = et->keytype->bits / 8; + u_char *tmp; + + if(et == NULL) { + krb5_set_error_string (context, "encryption type %d not supported", + etype); + return KRB5_PROG_ETYPE_NOSUPP; + } + ALLOC(kd.key, 1); + if(kd.key == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); + if(ret) { + free(kd.key); + return ret; + } + kd.key->keytype = etype; + tmp = malloc (keylen); + if(tmp == NULL) { + krb5_free_keyblock(context, kd.key); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + _krb5_n_fold(str, len, tmp, keylen); + kd.schedule = NULL; + DES3_postproc (context, tmp, keylen, &kd); /* XXX */ + memset(tmp, 0, keylen); + free(tmp); + ret = derive_key(context, + et, + &kd, + "kerberos", /* XXX well known constant */ + strlen("kerberos")); + ret = krb5_copy_keyblock_contents(context, kd.key, key); + free_key_data(context, &kd); + return ret; +} + +static size_t +wrapped_length (krb5_context context, + krb5_crypto crypto, + size_t data_len) +{ + struct encryption_type *et = crypto->et; + size_t padsize = et->padsize; + size_t checksumsize; + size_t res; + + if (et->keyed_checksum) + checksumsize = et->keyed_checksum->checksumsize; + else + checksumsize = et->checksum->checksumsize; + + res = et->confoundersize + checksumsize + data_len; + res = (res + padsize - 1) / padsize * padsize; + return res; +} + +static size_t +wrapped_length_dervied (krb5_context context, + krb5_crypto crypto, + size_t data_len) +{ + struct encryption_type *et = crypto->et; + size_t padsize = et->padsize; + size_t res; + + res = et->confoundersize + data_len; + res = (res + padsize - 1) / padsize * padsize; + if (et->keyed_checksum) + res += et->keyed_checksum->checksumsize; + else + res += et->checksum->checksumsize; + return res; +} + +/* + * Return the size of an encrypted packet of length `data_len' + */ + +size_t +krb5_get_wrapped_length (krb5_context context, + krb5_crypto crypto, + size_t data_len) +{ + if (derived_crypto (context, crypto)) + return wrapped_length_dervied (context, crypto, data_len); + else + return wrapped_length (context, crypto, data_len); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_random_to_key(krb5_context context, + krb5_enctype type, + const void *data, + size_t size, + krb5_keyblock *key) +{ + krb5_error_code ret; + struct encryption_type *et = _find_enctype(type); + if(et == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + type); + return KRB5_PROG_ETYPE_NOSUPP; + } + if ((et->keytype->bits + 7) / 8 > size) { + krb5_set_error_string(context, "encryption key %s needs %d bytes " + "of random to make an encryption key out of it", + et->name, (int)et->keytype->size); + return KRB5_PROG_ETYPE_NOSUPP; + } + ret = krb5_data_alloc(&key->keyvalue, et->keytype->size); + if(ret) + return ret; + key->keytype = type; + if (et->keytype->random_to_key) + (*et->keytype->random_to_key)(context, key, data, size); + else + memcpy(key->keyvalue.data, data, et->keytype->size); + + return 0; +} + +#ifdef CRYPTO_DEBUG + +static krb5_error_code +krb5_get_keyid(krb5_context context, + krb5_keyblock *key, + u_int32_t *keyid) +{ + MD5_CTX md5; + unsigned char tmp[16]; + + MD5_Init (&md5); + MD5_Update (&md5, key->keyvalue.data, key->keyvalue.length); + MD5_Final (tmp, &md5); + *keyid = (tmp[12] << 24) | (tmp[13] << 16) | (tmp[14] << 8) | tmp[15]; + return 0; +} + +static void +krb5_crypto_debug(krb5_context context, + int encryptp, + size_t len, + krb5_keyblock *key) +{ + u_int32_t keyid; + char *kt; + krb5_get_keyid(context, key, &keyid); + krb5_enctype_to_string(context, key->keytype, &kt); + krb5_warnx(context, "%s %lu bytes with key-id %#x (%s)", + encryptp ? "encrypting" : "decrypting", + (unsigned long)len, + keyid, + kt); + free(kt); +} + +#endif /* CRYPTO_DEBUG */ + +#if 0 +int +main() +{ +#if 0 + int i; + krb5_context context; + krb5_crypto crypto; + struct key_data *d; + krb5_keyblock key; + char constant[4]; + unsigned usage = ENCRYPTION_USAGE(3); + krb5_error_code ret; + + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + key.keytype = ETYPE_NEW_DES3_CBC_SHA1; + key.keyvalue.data = "\xb3\x85\x58\x94\xd9\xdc\x7c\xc8" + "\x25\xe9\x85\xab\x3e\xb5\xfb\x0e" + "\xc8\xdf\xab\x26\x86\x64\x15\x25"; + key.keyvalue.length = 24; + + krb5_crypto_init(context, &key, 0, &crypto); + + d = _new_derived_key(crypto, usage); + if(d == NULL) + return ENOMEM; + krb5_copy_keyblock(context, crypto->key.key, &d->key); + _krb5_put_int(constant, usage, 4); + derive_key(context, crypto->et, d, constant, sizeof(constant)); + return 0; +#else + int i; + krb5_context context; + krb5_crypto crypto; + struct key_data *d; + krb5_keyblock key; + krb5_error_code ret; + Checksum res; + + char *data = "what do ya want for nothing?"; + + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + key.keytype = ETYPE_NEW_DES3_CBC_SHA1; + key.keyvalue.data = "Jefe"; + /* "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */ + key.keyvalue.length = 4; + + d = calloc(1, sizeof(*d)); + + d->key = &key; + res.checksum.length = 20; + res.checksum.data = malloc(res.checksum.length); + SP_HMAC_SHA1_checksum(context, d, data, 28, &res); + + return 0; +#endif +} +#endif diff --git a/source4/heimdal/lib/krb5/data.c b/source4/heimdal/lib/krb5/data.c new file mode 100644 index 0000000000..9cf1410e70 --- /dev/null +++ b/source4/heimdal/lib/krb5/data.c @@ -0,0 +1,119 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: data.c,v 1.19 2004/05/25 21:22:23 lha Exp $"); + +void KRB5_LIB_FUNCTION +krb5_data_zero(krb5_data *p) +{ + p->length = 0; + p->data = NULL; +} + +void KRB5_LIB_FUNCTION +krb5_data_free(krb5_data *p) +{ + if(p->data != NULL) + free(p->data); + krb5_data_zero(p); +} + +void KRB5_LIB_FUNCTION +krb5_free_data_contents(krb5_context context, krb5_data *data) +{ + krb5_data_free(data); +} + +void KRB5_LIB_FUNCTION +krb5_free_data(krb5_context context, + krb5_data *p) +{ + krb5_data_free(p); + free(p); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_data_alloc(krb5_data *p, int len) +{ + p->data = malloc(len); + if(len && p->data == NULL) + return ENOMEM; + p->length = len; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_data_realloc(krb5_data *p, int len) +{ + void *tmp; + tmp = realloc(p->data, len); + if(len && !tmp) + return ENOMEM; + p->data = tmp; + p->length = len; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_data_copy(krb5_data *p, const void *data, size_t len) +{ + if (len) { + if(krb5_data_alloc(p, len)) + return ENOMEM; + memmove(p->data, data, len); + } else + p->data = NULL; + p->length = len; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_data(krb5_context context, + const krb5_data *indata, + krb5_data **outdata) +{ + krb5_error_code ret; + ALLOC(*outdata, 1); + if(*outdata == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + ret = copy_octet_string(indata, *outdata); + if(ret) { + krb5_clear_error_string (context); + free(*outdata); + } + return ret; +} diff --git a/source4/heimdal/lib/krb5/eai_to_heim_errno.c b/source4/heimdal/lib/krb5/eai_to_heim_errno.c new file mode 100644 index 0000000000..f0d1f51033 --- /dev/null +++ b/source4/heimdal/lib/krb5/eai_to_heim_errno.c @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: eai_to_heim_errno.c,v 1.5 2004/05/25 21:23:35 lha Exp $"); + +/* + * convert the getaddrinfo error code in `eai_errno' into a + * krb5_error_code. `system_error' should have the value of the errno + * after the failed call. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_eai_to_heim_errno(int eai_errno, int system_error) +{ + switch(eai_errno) { + case EAI_NOERROR: + return 0; +#ifdef EAI_ADDRFAMILY + case EAI_ADDRFAMILY: + return HEIM_EAI_ADDRFAMILY; +#endif + case EAI_AGAIN: + return HEIM_EAI_AGAIN; + case EAI_BADFLAGS: + return HEIM_EAI_BADFLAGS; + case EAI_FAIL: + return HEIM_EAI_FAIL; + case EAI_FAMILY: + return HEIM_EAI_FAMILY; + case EAI_MEMORY: + return HEIM_EAI_MEMORY; +#if defined(EAI_NODATA) && EAI_NODATA != EAI_NONAME + case EAI_NODATA: + return HEIM_EAI_NODATA; +#endif + case EAI_NONAME: + return HEIM_EAI_NONAME; + case EAI_SERVICE: + return HEIM_EAI_SERVICE; + case EAI_SOCKTYPE: + return HEIM_EAI_SOCKTYPE; + case EAI_SYSTEM: + return system_error; + default: + return HEIM_EAI_UNKNOWN; /* XXX */ + } +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_h_errno_to_heim_errno(int eai_errno) +{ + switch(eai_errno) { + case 0: + return 0; + case HOST_NOT_FOUND: + return HEIM_EAI_NONAME; + case TRY_AGAIN: + return HEIM_EAI_AGAIN; + case NO_RECOVERY: + return HEIM_EAI_FAIL; + case NO_DATA: + return HEIM_EAI_NONAME; + default: + return HEIM_EAI_UNKNOWN; /* XXX */ + } +} diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c new file mode 100644 index 0000000000..649bdd20fd --- /dev/null +++ b/source4/heimdal/lib/krb5/error_string.c @@ -0,0 +1,109 @@ +/* + * Copyright (c) 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: error_string.c,v 1.3 2004/05/25 21:23:55 lha Exp $"); + +#undef __attribute__ +#define __attribute__(X) + +void KRB5_LIB_FUNCTION +krb5_free_error_string(krb5_context context, char *str) +{ + HEIMDAL_MUTEX_lock(context->mutex); + if (str != context->error_buf) + free(str); + HEIMDAL_MUTEX_unlock(context->mutex); +} + +void KRB5_LIB_FUNCTION +krb5_clear_error_string(krb5_context context) +{ + HEIMDAL_MUTEX_lock(context->mutex); + if (context->error_string != NULL + && context->error_string != context->error_buf) + free(context->error_string); + context->error_string = NULL; + HEIMDAL_MUTEX_unlock(context->mutex); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_error_string(krb5_context context, const char *fmt, ...) + __attribute__((format (printf, 2, 3))) +{ + krb5_error_code ret; + va_list ap; + + va_start(ap, fmt); + ret = krb5_vset_error_string (context, fmt, ap); + va_end(ap); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_vset_error_string(krb5_context context, const char *fmt, va_list args) + __attribute__ ((format (printf, 2, 0))) +{ + krb5_clear_error_string(context); + HEIMDAL_MUTEX_lock(context->mutex); + vasprintf(&context->error_string, fmt, args); + if(context->error_string == NULL) { + vsnprintf (context->error_buf, sizeof(context->error_buf), fmt, args); + context->error_string = context->error_buf; + } + HEIMDAL_MUTEX_unlock(context->mutex); + return 0; +} + +char * KRB5_LIB_FUNCTION +krb5_get_error_string(krb5_context context) +{ + char *ret; + + HEIMDAL_MUTEX_lock(context->mutex); + ret = context->error_string; + context->error_string = NULL; + HEIMDAL_MUTEX_unlock(context->mutex); + return ret; +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_have_error_string(krb5_context context) +{ + char *str; + HEIMDAL_MUTEX_lock(context->mutex); + str = context->error_string; + HEIMDAL_MUTEX_unlock(context->mutex); + return str != NULL; +} diff --git a/source4/heimdal/lib/krb5/expand_hostname.c b/source4/heimdal/lib/krb5/expand_hostname.c new file mode 100644 index 0000000000..8488119552 --- /dev/null +++ b/source4/heimdal/lib/krb5/expand_hostname.c @@ -0,0 +1,153 @@ +/* + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: expand_hostname.c,v 1.12 2004/05/25 21:24:14 lha Exp $"); + +static krb5_error_code +copy_hostname(krb5_context context, + const char *orig_hostname, + char **new_hostname) +{ + *new_hostname = strdup (orig_hostname); + if (*new_hostname == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + strlwr (*new_hostname); + return 0; +} + +/* + * Try to make `orig_hostname' into a more canonical one in the newly + * allocated space returned in `new_hostname'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_expand_hostname (krb5_context context, + const char *orig_hostname, + char **new_hostname) +{ + struct addrinfo *ai, *a, hints; + int error; + + memset (&hints, 0, sizeof(hints)); + hints.ai_flags = AI_CANONNAME; + + error = getaddrinfo (orig_hostname, NULL, &hints, &ai); + if (error) + return copy_hostname (context, orig_hostname, new_hostname); + for (a = ai; a != NULL; a = a->ai_next) { + if (a->ai_canonname != NULL) { + *new_hostname = strdup (a->ai_canonname); + freeaddrinfo (ai); + if (*new_hostname == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } else { + return 0; + } + } + } + freeaddrinfo (ai); + return copy_hostname (context, orig_hostname, new_hostname); +} + +/* + * handle the case of the hostname being unresolvable and thus identical + */ + +static krb5_error_code +vanilla_hostname (krb5_context context, + const char *orig_hostname, + char **new_hostname, + char ***realms) +{ + krb5_error_code ret; + + ret = copy_hostname (context, orig_hostname, new_hostname); + if (ret) + return ret; + strlwr (*new_hostname); + + ret = krb5_get_host_realm (context, *new_hostname, realms); + if (ret) { + free (*new_hostname); + return ret; + } + return 0; +} + +/* + * expand `hostname' to a name we believe to be a hostname in newly + * allocated space in `host' and return realms in `realms'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_expand_hostname_realms (krb5_context context, + const char *orig_hostname, + char **new_hostname, + char ***realms) +{ + struct addrinfo *ai, *a, hints; + int error; + krb5_error_code ret = 0; + + memset (&hints, 0, sizeof(hints)); + hints.ai_flags = AI_CANONNAME; + + error = getaddrinfo (orig_hostname, NULL, &hints, &ai); + if (error) + return vanilla_hostname (context, orig_hostname, new_hostname, + realms); + + for (a = ai; a != NULL; a = a->ai_next) { + if (a->ai_canonname != NULL) { + ret = copy_hostname (context, a->ai_canonname, new_hostname); + if (ret) { + freeaddrinfo (ai); + return ret; + } + strlwr (*new_hostname); + ret = krb5_get_host_realm (context, *new_hostname, realms); + if (ret == 0) { + freeaddrinfo (ai); + return 0; + } + free (*new_hostname); + } + } + freeaddrinfo(ai); + return vanilla_hostname (context, orig_hostname, new_hostname, realms); +} diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c new file mode 100644 index 0000000000..03848abb9a --- /dev/null +++ b/source4/heimdal/lib/krb5/fcache.c @@ -0,0 +1,718 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: fcache.c,v 1.49 2005/06/16 20:25:20 lha Exp $"); + +typedef struct krb5_fcache{ + char *filename; + int version; +}krb5_fcache; + +struct fcc_cursor { + int fd; + krb5_storage *sp; +}; + +#define KRB5_FCC_FVNO_1 1 +#define KRB5_FCC_FVNO_2 2 +#define KRB5_FCC_FVNO_3 3 +#define KRB5_FCC_FVNO_4 4 + +#define FCC_TAG_DELTATIME 1 + +#define FCACHE(X) ((krb5_fcache*)(X)->data.data) + +#define FILENAME(X) (FCACHE(X)->filename) + +#define FCC_CURSOR(C) ((struct fcc_cursor*)(C)) + +static const char* +fcc_get_name(krb5_context context, + krb5_ccache id) +{ + return FILENAME(id); +} + +int +_krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive, + const char *filename) +{ + int ret; +#ifdef HAVE_FCNTL + struct flock l; + + l.l_start = 0; + l.l_len = 0; + l.l_type = exclusive ? F_WRLCK : F_RDLCK; + l.l_whence = SEEK_SET; + ret = fcntl(fd, F_SETLKW, &l); +#else + ret = flock(fd, exclusive ? LOCK_EX : LOCK_SH); +#endif + if(ret < 0) + ret = errno; + if(ret == EACCES) /* fcntl can return EACCES instead of EAGAIN */ + ret = EAGAIN; + + switch (ret) { + case 0: + break; + case EINVAL: /* filesystem doesn't support locking, let the user have it */ + ret = 0; + break; + case EAGAIN: + krb5_set_error_string(context, "timed out locking cache file %s", + filename); + break; + default: + krb5_set_error_string(context, "error locking cache file %s: %s", + filename, strerror(ret)); + break; + } + return ret; +} + +int +_krb5_xunlock(krb5_context context, int fd) +{ + int ret; +#ifdef HAVE_FCNTL_LOCK + struct flock l; + l.l_start = 0; + l.l_len = 0; + l.l_type = F_UNLCK; + l.l_whence = SEEK_SET; + ret = fcntl(fd, F_SETLKW, &l); +#else + ret = flock(fd, LOCK_UN); +#endif + if (ret < 0) + ret = errno; + switch (ret) { + case 0: + break; + case EINVAL: /* filesystem doesn't support locking, let the user have it */ + ret = 0; + break; + default: + krb5_set_error_string(context, + "Failed to unlock file: %s", strerror(ret)); + break; + } + return ret; +} + +static krb5_error_code +fcc_lock(krb5_context context, krb5_ccache id, + int fd, krb5_boolean exclusive) +{ + return _krb5_xlock(context, fd, exclusive, fcc_get_name(context, id)); +} + +static krb5_error_code +fcc_unlock(krb5_context context, int fd) +{ + return _krb5_xunlock(context, fd); +} + +static krb5_error_code +fcc_resolve(krb5_context context, krb5_ccache *id, const char *res) +{ + krb5_fcache *f; + f = malloc(sizeof(*f)); + if(f == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return KRB5_CC_NOMEM; + } + f->filename = strdup(res); + if(f->filename == NULL){ + free(f); + krb5_set_error_string(context, "malloc: out of memory"); + return KRB5_CC_NOMEM; + } + f->version = 0; + (*id)->data.data = f; + (*id)->data.length = sizeof(*f); + return 0; +} + +/* + * Try to scrub the contents of `filename' safely. + */ + +static int +scrub_file (int fd) +{ + off_t pos; + char buf[128]; + + pos = lseek(fd, 0, SEEK_END); + if (pos < 0) + return errno; + if (lseek(fd, 0, SEEK_SET) < 0) + return errno; + memset(buf, 0, sizeof(buf)); + while(pos > 0) { + ssize_t tmp = write(fd, buf, min(sizeof(buf), pos)); + + if (tmp < 0) + return errno; + pos -= tmp; + } + fsync (fd); + return 0; +} + +/* + * Erase `filename' if it exists, trying to remove the contents if + * it's `safe'. We always try to remove the file, it it exists. It's + * only overwritten if it's a regular file (not a symlink and not a + * hardlink) + */ + +static krb5_error_code +erase_file(const char *filename) +{ + int fd; + struct stat sb1, sb2; + int ret; + + ret = lstat (filename, &sb1); + if (ret < 0) + return errno; + + fd = open(filename, O_RDWR | O_BINARY); + if(fd < 0) { + if(errno == ENOENT) + return 0; + else + return errno; + } + if (unlink(filename) < 0) { + close (fd); + return errno; + } + ret = fstat (fd, &sb2); + if (ret < 0) { + close (fd); + return errno; + } + + /* check if someone was playing with symlinks */ + + if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) { + close (fd); + return EPERM; + } + + /* there are still hard links to this file */ + + if (sb2.st_nlink != 0) { + close (fd); + return 0; + } + + ret = scrub_file (fd); + close (fd); + return ret; +} + +static krb5_error_code +fcc_gen_new(krb5_context context, krb5_ccache *id) +{ + krb5_fcache *f; + int fd; + char *file; + + f = malloc(sizeof(*f)); + if(f == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return KRB5_CC_NOMEM; + } + asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT); + if(file == NULL) { + free(f); + krb5_set_error_string(context, "malloc: out of memory"); + return KRB5_CC_NOMEM; + } + fd = mkstemp(file); + if(fd < 0) { + free(f); + free(file); + krb5_set_error_string(context, "mkstemp %s", file); + return errno; + } + close(fd); + f->filename = file; + f->version = 0; + (*id)->data.data = f; + (*id)->data.length = sizeof(*f); + return 0; +} + +static void +storage_set_flags(krb5_context context, krb5_storage *sp, int vno) +{ + int flags = 0; + switch(vno) { + case KRB5_FCC_FVNO_1: + flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS; + flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE; + flags |= KRB5_STORAGE_HOST_BYTEORDER; + break; + case KRB5_FCC_FVNO_2: + flags |= KRB5_STORAGE_HOST_BYTEORDER; + break; + case KRB5_FCC_FVNO_3: + flags |= KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE; + break; + case KRB5_FCC_FVNO_4: + break; + default: + krb5_abortx(context, + "storage_set_flags called with bad vno (%x)", vno); + } + krb5_storage_set_flags(sp, flags); +} + +static krb5_error_code +fcc_open(krb5_context context, + krb5_ccache id, + int *fd_ret, + int flags, + mode_t mode) +{ + krb5_boolean exclusive = ((flags | O_WRONLY) == flags || + (flags | O_RDWR) == flags); + krb5_error_code ret; + const char *filename = FILENAME(id); + int fd; + fd = open(filename, flags, mode); + if(fd < 0) { + ret = errno; + krb5_set_error_string(context, "open(%s): %s", filename, + strerror(ret)); + return ret; + } + + if((ret = fcc_lock(context, id, fd, exclusive)) != 0) { + close(fd); + return ret; + } + *fd_ret = fd; + return 0; +} + +static krb5_error_code +fcc_initialize(krb5_context context, + krb5_ccache id, + krb5_principal primary_principal) +{ + krb5_fcache *f = FCACHE(id); + int ret = 0; + int fd; + char *filename = f->filename; + + unlink (filename); + + ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); + if(ret) + return ret; + { + krb5_storage *sp; + sp = krb5_storage_from_fd(fd); + krb5_storage_set_eof_code(sp, KRB5_CC_END); + if(context->fcache_vno != 0) + f->version = context->fcache_vno; + else + f->version = KRB5_FCC_FVNO_4; + ret |= krb5_store_int8(sp, 5); + ret |= krb5_store_int8(sp, f->version); + storage_set_flags(context, sp, f->version); + if(f->version == KRB5_FCC_FVNO_4 && ret == 0) { + /* V4 stuff */ + if (context->kdc_sec_offset) { + ret |= krb5_store_int16 (sp, 12); /* length */ + ret |= krb5_store_int16 (sp, FCC_TAG_DELTATIME); /* Tag */ + ret |= krb5_store_int16 (sp, 8); /* length of data */ + ret |= krb5_store_int32 (sp, context->kdc_sec_offset); + ret |= krb5_store_int32 (sp, context->kdc_usec_offset); + } else { + ret |= krb5_store_int16 (sp, 0); + } + } + ret |= krb5_store_principal(sp, primary_principal); + + krb5_storage_free(sp); + } + fcc_unlock(context, fd); + if (close(fd) < 0) + if (ret == 0) { + ret = errno; + krb5_set_error_string (context, "close %s: %s", + FILENAME(id), strerror(ret)); + } + return ret; +} + +static krb5_error_code +fcc_close(krb5_context context, + krb5_ccache id) +{ + free (FILENAME(id)); + krb5_data_free(&id->data); + return 0; +} + +static krb5_error_code +fcc_destroy(krb5_context context, + krb5_ccache id) +{ + erase_file(FILENAME(id)); + return 0; +} + +static krb5_error_code +fcc_store_cred(krb5_context context, + krb5_ccache id, + krb5_creds *creds) +{ + int ret; + int fd; + + ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY, 0); + if(ret) + return ret; + { + krb5_storage *sp; + sp = krb5_storage_from_fd(fd); + krb5_storage_set_eof_code(sp, KRB5_CC_END); + storage_set_flags(context, sp, FCACHE(id)->version); + if (!krb5_config_get_bool_default(context, NULL, TRUE, + "libdefaults", + "fcc-mit-ticketflags", + NULL)) + krb5_storage_set_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER); + ret = krb5_store_creds(sp, creds); + krb5_storage_free(sp); + } + fcc_unlock(context, fd); + if (close(fd) < 0) + if (ret == 0) { + ret = errno; + krb5_set_error_string (context, "close %s: %s", + FILENAME(id), strerror(ret)); + } + return ret; +} + +static krb5_error_code +init_fcc (krb5_context context, + krb5_ccache id, + krb5_storage **ret_sp, + int *ret_fd) +{ + int fd; + int8_t pvno, tag; + krb5_storage *sp; + krb5_error_code ret; + + ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY, 0); + if(ret) + return ret; + + sp = krb5_storage_from_fd(fd); + if(sp == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + krb5_storage_set_eof_code(sp, KRB5_CC_END); + ret = krb5_ret_int8(sp, &pvno); + if(ret != 0) { + if(ret == KRB5_CC_END) + ret = ENOENT; /* empty file */ + krb5_clear_error_string(context); + goto out; + } + if(pvno != 5) { + krb5_set_error_string(context, "Bad version number in credential " + "cache file: %s", FILENAME(id)); + ret = KRB5_CCACHE_BADVNO; + goto out; + } + ret = krb5_ret_int8(sp, &tag); /* should not be host byte order */ + if(ret != 0) { + krb5_clear_error_string(context); + ret = KRB5_CC_FORMAT; + goto out; + } + FCACHE(id)->version = tag; + storage_set_flags(context, sp, FCACHE(id)->version); + switch (tag) { + case KRB5_FCC_FVNO_4: { + int16_t length; + + ret = krb5_ret_int16 (sp, &length); + if(ret) { + ret = KRB5_CC_FORMAT; + krb5_clear_error_string(context); + goto out; + } + while(length > 0) { + int16_t dtag, data_len; + int i; + int8_t dummy; + + ret = krb5_ret_int16 (sp, &dtag); + if(ret) { + krb5_clear_error_string(context); + ret = KRB5_CC_FORMAT; + goto out; + } + ret = krb5_ret_int16 (sp, &data_len); + if(ret) { + krb5_clear_error_string(context); + ret = KRB5_CC_FORMAT; + goto out; + } + switch (dtag) { + case FCC_TAG_DELTATIME : + ret = krb5_ret_int32 (sp, &context->kdc_sec_offset); + if(ret) { + krb5_clear_error_string(context); + ret = KRB5_CC_FORMAT; + goto out; + } + ret = krb5_ret_int32 (sp, &context->kdc_usec_offset); + if(ret) { + krb5_clear_error_string(context); + ret = KRB5_CC_FORMAT; + goto out; + } + break; + default : + for (i = 0; i < data_len; ++i) { + ret = krb5_ret_int8 (sp, &dummy); + if(ret) { + krb5_clear_error_string(context); + ret = KRB5_CC_FORMAT; + goto out; + } + } + break; + } + length -= 4 + data_len; + } + break; + } + case KRB5_FCC_FVNO_3: + case KRB5_FCC_FVNO_2: + case KRB5_FCC_FVNO_1: + break; + default : + ret = KRB5_CCACHE_BADVNO; + krb5_set_error_string(context, "Unknown version number (%d) in " + "credential cache file: %s", + (int)tag, FILENAME(id)); + goto out; + } + *ret_sp = sp; + *ret_fd = fd; + + return 0; + out: + if(sp != NULL) + krb5_storage_free(sp); + fcc_unlock(context, fd); + close(fd); + return ret; +} + +static krb5_error_code +fcc_get_principal(krb5_context context, + krb5_ccache id, + krb5_principal *principal) +{ + krb5_error_code ret; + int fd; + krb5_storage *sp; + + ret = init_fcc (context, id, &sp, &fd); + if (ret) + return ret; + ret = krb5_ret_principal(sp, principal); + if (ret) + krb5_clear_error_string(context); + krb5_storage_free(sp); + fcc_unlock(context, fd); + close(fd); + return ret; +} + +static krb5_error_code +fcc_end_get (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor); + +static krb5_error_code +fcc_get_first (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor) +{ + krb5_error_code ret; + krb5_principal principal; + + *cursor = malloc(sizeof(struct fcc_cursor)); + if (*cursor == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + memset(*cursor, 0, sizeof(struct fcc_cursor)); + + ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp, + &FCC_CURSOR(*cursor)->fd); + if (ret) { + free(*cursor); + *cursor = NULL; + return ret; + } + ret = krb5_ret_principal (FCC_CURSOR(*cursor)->sp, &principal); + if(ret) { + krb5_clear_error_string(context); + fcc_end_get(context, id, cursor); + return ret; + } + krb5_free_principal (context, principal); + fcc_unlock(context, FCC_CURSOR(*cursor)->fd); + return 0; +} + +static krb5_error_code +fcc_get_next (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor, + krb5_creds *creds) +{ + krb5_error_code ret; + if((ret = fcc_lock(context, id, FCC_CURSOR(*cursor)->fd, FALSE)) != 0) + return ret; + + ret = krb5_ret_creds(FCC_CURSOR(*cursor)->sp, creds); + if (ret) + krb5_clear_error_string(context); + + fcc_unlock(context, FCC_CURSOR(*cursor)->fd); + return ret; +} + +static krb5_error_code +fcc_end_get (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor) +{ + krb5_storage_free(FCC_CURSOR(*cursor)->sp); + close (FCC_CURSOR(*cursor)->fd); + free(*cursor); + *cursor = NULL; + return 0; +} + +static krb5_error_code +fcc_remove_cred(krb5_context context, + krb5_ccache id, + krb5_flags which, + krb5_creds *cred) +{ + krb5_error_code ret; + krb5_ccache copy; + + ret = krb5_cc_gen_new(context, &krb5_mcc_ops, ©); + if (ret) + return ret; + + ret = krb5_cc_copy_cache(context, id, copy); + if (ret) { + krb5_cc_destroy(context, copy); + return ret; + } + + ret = krb5_cc_remove_cred(context, copy, which, cred); + if (ret) { + krb5_cc_destroy(context, copy); + return ret; + } + + fcc_destroy(context, id); + + ret = krb5_cc_copy_cache(context, copy, id); + krb5_cc_destroy(context, copy); + + return ret; +} + +static krb5_error_code +fcc_set_flags(krb5_context context, + krb5_ccache id, + krb5_flags flags) +{ + return 0; /* XXX */ +} + +static krb5_error_code +fcc_get_version(krb5_context context, + krb5_ccache id) +{ + return FCACHE(id)->version; +} + +const krb5_cc_ops krb5_fcc_ops = { + "FILE", + fcc_get_name, + fcc_resolve, + fcc_gen_new, + fcc_initialize, + fcc_destroy, + fcc_close, + fcc_store_cred, + NULL, /* fcc_retrieve */ + fcc_get_principal, + fcc_get_first, + fcc_get_next, + fcc_end_get, + fcc_remove_cred, + fcc_set_flags, + fcc_get_version +}; diff --git a/source4/heimdal/lib/krb5/free.c b/source4/heimdal/lib/krb5/free.c new file mode 100644 index 0000000000..84aa6f8c2c --- /dev/null +++ b/source4/heimdal/lib/krb5/free.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1997 - 1999, 2004 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: free.c,v 1.8 2005/05/18 10:06:16 lha Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep) +{ + free_KDC_REP(&rep->kdc_rep); + free_EncTGSRepPart(&rep->enc_part); + free_KRB_ERROR(&rep->error); + memset(rep, 0, sizeof(*rep)); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_xfree (void *ptr) +{ + free (ptr); + return 0; +} diff --git a/source4/heimdal/lib/krb5/free_host_realm.c b/source4/heimdal/lib/krb5/free_host_realm.c new file mode 100644 index 0000000000..27afcdbb23 --- /dev/null +++ b/source4/heimdal/lib/krb5/free_host_realm.c @@ -0,0 +1,54 @@ +/* + * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: free_host_realm.c,v 1.5 2004/05/25 21:25:02 lha Exp $"); + +/* + * Free all memory allocated by `realmlist' + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_host_realm(krb5_context context, + krb5_realm *realmlist) +{ + krb5_realm *p; + + if(realmlist == NULL) + return 0; + for (p = realmlist; *p; ++p) + free (*p); + free (realmlist); + return 0; +} diff --git a/source4/heimdal/lib/krb5/generate_seq_number.c b/source4/heimdal/lib/krb5/generate_seq_number.c new file mode 100644 index 0000000000..f9e9cded5f --- /dev/null +++ b/source4/heimdal/lib/krb5/generate_seq_number.c @@ -0,0 +1,62 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: generate_seq_number.c,v 1.9 2004/05/25 21:25:22 lha Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_generate_seq_number(krb5_context context, + const krb5_keyblock *key, + u_int32_t *seqno) +{ + krb5_error_code ret; + krb5_keyblock *subkey; + u_int32_t q; + u_char *p; + int i; + + ret = krb5_generate_subkey (context, key, &subkey); + if (ret) + return ret; + + q = 0; + for (p = (u_char *)subkey->keyvalue.data, i = 0; + i < subkey->keyvalue.length; + ++i, ++p) + q = (q << 8) | *p; + q &= 0xffffffff; + *seqno = q; + krb5_free_keyblock (context, subkey); + return 0; +} diff --git a/source4/heimdal/lib/krb5/generate_subkey.c b/source4/heimdal/lib/krb5/generate_subkey.c new file mode 100644 index 0000000000..df4828d097 --- /dev/null +++ b/source4/heimdal/lib/krb5/generate_subkey.c @@ -0,0 +1,72 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: generate_subkey.c,v 1.11 2005/01/05 02:39:21 lukeh Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_generate_subkey(krb5_context context, + const krb5_keyblock *key, + krb5_keyblock **subkey) +{ + return krb5_generate_subkey_extended(context, key, key->keytype, subkey); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_generate_subkey_extended(krb5_context context, + const krb5_keyblock *key, + krb5_enctype etype, + krb5_keyblock **subkey) +{ + krb5_error_code ret; + + ALLOC(*subkey, 1); + if (*subkey == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + if (etype == ETYPE_NULL) + etype = key->keytype; /* use session key etype */ + + /* XXX should we use the session key as input to the RF? */ + ret = krb5_generate_random_keyblock(context, etype, *subkey); + if (ret != 0) { + free(*subkey); + *subkey = NULL; + } + + return ret; +} + diff --git a/source4/heimdal/lib/krb5/get_addrs.c b/source4/heimdal/lib/krb5/get_addrs.c new file mode 100644 index 0000000000..034516d7d4 --- /dev/null +++ b/source4/heimdal/lib/krb5/get_addrs.c @@ -0,0 +1,291 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: get_addrs.c,v 1.46 2004/05/25 21:26:05 lha Exp $"); + +#ifdef __osf__ +/* hate */ +struct rtentry; +struct mbuf; +#endif +#ifdef HAVE_NET_IF_H +#include +#endif +#include + +static krb5_error_code +gethostname_fallback (krb5_context context, krb5_addresses *res) +{ + krb5_error_code ret; + char hostname[MAXHOSTNAMELEN]; + struct hostent *hostent; + + if (gethostname (hostname, sizeof(hostname))) { + ret = errno; + krb5_set_error_string (context, "gethostname: %s", strerror(ret)); + return ret; + } + hostent = roken_gethostbyname (hostname); + if (hostent == NULL) { + ret = errno; + krb5_set_error_string (context, "gethostbyname %s: %s", + hostname, strerror(ret)); + return ret; + } + res->len = 1; + res->val = malloc (sizeof(*res->val)); + if (res->val == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + res->val[0].addr_type = hostent->h_addrtype; + res->val[0].address.data = NULL; + res->val[0].address.length = 0; + ret = krb5_data_copy (&res->val[0].address, + hostent->h_addr, + hostent->h_length); + if (ret) { + free (res->val); + return ret; + } + return 0; +} + +enum { + LOOP = 1, /* do include loopback interfaces */ + LOOP_IF_NONE = 2, /* include loopback if no other if's */ + EXTRA_ADDRESSES = 4, /* include extra addresses */ + SCAN_INTERFACES = 8 /* scan interfaces for addresses */ +}; + +/* + * Try to figure out the addresses of all configured interfaces with a + * lot of magic ioctls. + */ + +static krb5_error_code +find_all_addresses (krb5_context context, krb5_addresses *res, int flags) +{ + struct sockaddr sa_zero; + struct ifaddrs *ifa0, *ifa; + krb5_error_code ret = ENXIO; + int num, idx; + krb5_addresses ignore_addresses; + + res->val = NULL; + + if (getifaddrs(&ifa0) == -1) { + ret = errno; + krb5_set_error_string(context, "getifaddrs: %s", strerror(ret)); + return (ret); + } + + memset(&sa_zero, 0, sizeof(sa_zero)); + + /* First, count all the ifaddrs. */ + for (ifa = ifa0, num = 0; ifa != NULL; ifa = ifa->ifa_next, num++) + /* nothing */; + + if (num == 0) { + freeifaddrs(ifa0); + krb5_set_error_string(context, "no addresses found"); + return (ENXIO); + } + + if (flags & EXTRA_ADDRESSES) { + /* we'll remove the addresses we don't care about */ + ret = krb5_get_ignore_addresses(context, &ignore_addresses); + if(ret) + return ret; + } + + /* Allocate storage for them. */ + res->val = calloc(num, sizeof(*res->val)); + if (res->val == NULL) { + krb5_free_addresses(context, &ignore_addresses); + freeifaddrs(ifa0); + krb5_set_error_string (context, "malloc: out of memory"); + return (ENOMEM); + } + + /* Now traverse the list. */ + for (ifa = ifa0, idx = 0; ifa != NULL; ifa = ifa->ifa_next) { + if ((ifa->ifa_flags & IFF_UP) == 0) + continue; + if (ifa->ifa_addr == NULL) + continue; + if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0) + continue; + if (krb5_sockaddr_uninteresting(ifa->ifa_addr)) + continue; + if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) { + /* We'll deal with the LOOP_IF_NONE case later. */ + if ((flags & LOOP) == 0) + continue; + } + + ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]); + if (ret) { + /* + * The most likely error here is going to be "Program + * lacks support for address type". This is no big + * deal -- just continue, and we'll listen on the + * addresses who's type we *do* support. + */ + continue; + } + /* possibly skip this address? */ + if((flags & EXTRA_ADDRESSES) && + krb5_address_search(context, &res->val[idx], &ignore_addresses)) { + krb5_free_address(context, &res->val[idx]); + flags &= ~LOOP_IF_NONE; /* we actually found an address, + so don't add any loop-back + addresses */ + continue; + } + + idx++; + } + + /* + * If no addresses were found, and LOOP_IF_NONE is set, then find + * the loopback addresses and add them to our list. + */ + if ((flags & LOOP_IF_NONE) != 0 && idx == 0) { + for (ifa = ifa0; ifa != NULL; ifa = ifa->ifa_next) { + if ((ifa->ifa_flags & IFF_UP) == 0) + continue; + if (ifa->ifa_addr == NULL) + continue; + if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0) + continue; + if (krb5_sockaddr_uninteresting(ifa->ifa_addr)) + continue; + + if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) { + ret = krb5_sockaddr2address(context, + ifa->ifa_addr, &res->val[idx]); + if (ret) { + /* + * See comment above. + */ + continue; + } + if((flags & EXTRA_ADDRESSES) && + krb5_address_search(context, &res->val[idx], + &ignore_addresses)) { + krb5_free_address(context, &res->val[idx]); + continue; + } + idx++; + } + } + } + + if (flags & EXTRA_ADDRESSES) + krb5_free_addresses(context, &ignore_addresses); + freeifaddrs(ifa0); + if (ret) + free(res->val); + else + res->len = idx; /* Now a count. */ + return (ret); +} + +static krb5_error_code +get_addrs_int (krb5_context context, krb5_addresses *res, int flags) +{ + krb5_error_code ret = -1; + + if (flags & SCAN_INTERFACES) { + ret = find_all_addresses (context, res, flags); + if(ret || res->len == 0) + ret = gethostname_fallback (context, res); + } else { + res->len = 0; + res->val = NULL; + ret = 0; + } + + if(ret == 0 && (flags & EXTRA_ADDRESSES)) { + krb5_addresses a; + /* append user specified addresses */ + ret = krb5_get_extra_addresses(context, &a); + if(ret) { + krb5_free_addresses(context, res); + return ret; + } + ret = krb5_append_addresses(context, res, &a); + if(ret) { + krb5_free_addresses(context, res); + return ret; + } + krb5_free_addresses(context, &a); + } + if(res->len == 0) { + free(res->val); + res->val = NULL; + } + return ret; +} + +/* + * Try to get all addresses, but return the one corresponding to + * `hostname' if we fail. + * + * Only include loopback address if there are no other. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res) +{ + int flags = LOOP_IF_NONE | EXTRA_ADDRESSES; + + if (context->scan_interfaces) + flags |= SCAN_INTERFACES; + + return get_addrs_int (context, res, flags); +} + +/* + * Try to get all local addresses that a server should listen to. + * If that fails, we return the address corresponding to `hostname'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_all_server_addrs (krb5_context context, krb5_addresses *res) +{ + return get_addrs_int (context, res, LOOP | SCAN_INTERFACES); +} diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c new file mode 100644 index 0000000000..63fb55608c --- /dev/null +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -0,0 +1,909 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: get_cred.c,v 1.107 2005/06/16 22:57:14 lha Exp $"); + +/* + * Take the `body' and encode it into `padata' using the credentials + * in `creds'. + */ + +static krb5_error_code +make_pa_tgs_req(krb5_context context, + krb5_auth_context ac, + KDC_REQ_BODY *body, + PA_DATA *padata, + krb5_creds *creds, + krb5_key_usage usage) +{ + u_char *buf; + size_t buf_size; + size_t len; + krb5_data in_data; + krb5_error_code ret; + + ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret); + if (ret) + goto out; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + in_data.length = len; + in_data.data = buf; + ret = _krb5_mk_req_internal(context, &ac, 0, &in_data, creds, + &padata->padata_value, + KRB5_KU_TGS_REQ_AUTH_CKSUM, + usage + /* KRB5_KU_TGS_REQ_AUTH */); + out: + free (buf); + if(ret) + return ret; + padata->padata_type = KRB5_PADATA_TGS_REQ; + return 0; +} + +/* + * Set the `enc-authorization-data' in `req_body' based on `authdata' + */ + +static krb5_error_code +set_auth_data (krb5_context context, + KDC_REQ_BODY *req_body, + krb5_authdata *authdata, + krb5_keyblock *key) +{ + if(authdata->len) { + size_t len, buf_size; + unsigned char *buf; + krb5_crypto crypto; + krb5_error_code ret; + + ASN1_MALLOC_ENCODE(AuthorizationData, buf, buf_size, authdata, + &len, ret); + if (ret) + return ret; + if (buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + ALLOC(req_body->enc_authorization_data, 1); + if (req_body->enc_authorization_data == NULL) { + free (buf); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) { + free (buf); + free (req_body->enc_authorization_data); + req_body->enc_authorization_data = NULL; + return ret; + } + krb5_encrypt_EncryptedData(context, + crypto, + KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY, + /* KRB5_KU_TGS_REQ_AUTH_DAT_SESSION? */ + buf, + len, + 0, + req_body->enc_authorization_data); + free (buf); + krb5_crypto_destroy(context, crypto); + } else { + req_body->enc_authorization_data = NULL; + } + return 0; +} + +/* + * Create a tgs-req in `t' with `addresses', `flags', `second_ticket' + * (if not-NULL), `in_creds', `krbtgt', and returning the generated + * subkey in `subkey'. + */ + +static krb5_error_code +init_tgs_req (krb5_context context, + krb5_ccache ccache, + krb5_addresses *addresses, + krb5_kdc_flags flags, + Ticket *second_ticket, + krb5_creds *in_creds, + krb5_creds *krbtgt, + unsigned nonce, + krb5_keyblock **subkey, + TGS_REQ *t, + krb5_key_usage usage) +{ + krb5_error_code ret = 0; + + memset(t, 0, sizeof(*t)); + t->pvno = 5; + t->msg_type = krb_tgs_req; + if (in_creds->session.keytype) { + ALLOC_SEQ(&t->req_body.etype, 1); + if(t->req_body.etype.val == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + t->req_body.etype.val[0] = in_creds->session.keytype; + } else { + ret = krb5_init_etype(context, + &t->req_body.etype.len, + &t->req_body.etype.val, + NULL); + } + if (ret) + goto fail; + t->req_body.addresses = addresses; + t->req_body.kdc_options = flags.b; + ret = copy_Realm(&in_creds->server->realm, &t->req_body.realm); + if (ret) + goto fail; + ALLOC(t->req_body.sname, 1); + if (t->req_body.sname == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + + /* some versions of some code might require that the client be + present in TGS-REQs, but this is clearly against the spec */ + + ret = copy_PrincipalName(&in_creds->server->name, t->req_body.sname); + if (ret) + goto fail; + + /* req_body.till should be NULL if there is no endtime specified, + but old MIT code (like DCE secd) doesn't like that */ + ALLOC(t->req_body.till, 1); + if(t->req_body.till == NULL){ + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + *t->req_body.till = in_creds->times.endtime; + + t->req_body.nonce = nonce; + if(second_ticket){ + ALLOC(t->req_body.additional_tickets, 1); + if (t->req_body.additional_tickets == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + ALLOC_SEQ(t->req_body.additional_tickets, 1); + if (t->req_body.additional_tickets->val == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val); + if (ret) + goto fail; + } + ALLOC(t->padata, 1); + if (t->padata == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + ALLOC_SEQ(t->padata, 1); + if (t->padata->val == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + + { + krb5_auth_context ac; + krb5_keyblock *key = NULL; + + ret = krb5_auth_con_init(context, &ac); + if(ret) + goto fail; + + if (krb5_config_get_bool_default(context, NULL, FALSE, + "realms", + krbtgt->server->realm, + "tgs_require_subkey", + NULL)) + { + ret = krb5_generate_subkey (context, &krbtgt->session, &key); + if (ret) { + krb5_auth_con_free (context, ac); + goto fail; + } + + ret = krb5_auth_con_setlocalsubkey(context, ac, key); + if (ret) { + if (key) + krb5_free_keyblock (context, key); + krb5_auth_con_free (context, ac); + goto fail; + } + } + + ret = set_auth_data (context, &t->req_body, &in_creds->authdata, + key ? key : &krbtgt->session); + if (ret) { + if (key) + krb5_free_keyblock (context, key); + krb5_auth_con_free (context, ac); + goto fail; + } + + ret = make_pa_tgs_req(context, + ac, + &t->req_body, + t->padata->val, + krbtgt, + usage); + if(ret) { + if (key) + krb5_free_keyblock (context, key); + krb5_auth_con_free(context, ac); + goto fail; + } + *subkey = key; + + krb5_auth_con_free(context, ac); + } +fail: + if (ret) { + t->req_body.addresses = NULL; + free_TGS_REQ (t); + } + return ret; +} + +krb5_error_code +_krb5_get_krbtgt(krb5_context context, + krb5_ccache id, + krb5_realm realm, + krb5_creds **cred) +{ + krb5_error_code ret; + krb5_creds tmp_cred; + + memset(&tmp_cred, 0, sizeof(tmp_cred)); + + ret = krb5_cc_get_principal(context, id, &tmp_cred.client); + if (ret) + return ret; + + ret = krb5_make_principal(context, + &tmp_cred.server, + realm, + KRB5_TGS_NAME, + realm, + NULL); + if(ret) { + krb5_free_principal(context, tmp_cred.client); + return ret; + } + ret = krb5_get_credentials(context, + KRB5_GC_CACHED, + id, + &tmp_cred, + cred); + krb5_free_principal(context, tmp_cred.client); + krb5_free_principal(context, tmp_cred.server); + if(ret) + return ret; + return 0; +} + +/* DCE compatible decrypt proc */ +static krb5_error_code +decrypt_tkt_with_subkey (krb5_context context, + krb5_keyblock *key, + krb5_key_usage usage, + krb5_const_pointer subkey, + krb5_kdc_rep *dec_rep) +{ + krb5_error_code ret; + krb5_data data; + size_t size; + krb5_crypto crypto; + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; + ret = krb5_decrypt_EncryptedData (context, + crypto, + usage, + &dec_rep->kdc_rep.enc_part, + &data); + krb5_crypto_destroy(context, crypto); + if(ret && subkey){ + /* DCE compat -- try to decrypt with subkey */ + ret = krb5_crypto_init(context, subkey, 0, &crypto); + if (ret) + return ret; + ret = krb5_decrypt_EncryptedData (context, + crypto, + KRB5_KU_TGS_REP_ENC_PART_SUB_KEY, + &dec_rep->kdc_rep.enc_part, + &data); + krb5_crypto_destroy(context, crypto); + } + if (ret) + return ret; + + ret = krb5_decode_EncASRepPart(context, + data.data, + data.length, + &dec_rep->enc_part, + &size); + if (ret) + ret = krb5_decode_EncTGSRepPart(context, + data.data, + data.length, + &dec_rep->enc_part, + &size); + krb5_data_free (&data); + return ret; +} + +static krb5_error_code +get_cred_kdc_usage(krb5_context context, + krb5_ccache id, + krb5_kdc_flags flags, + krb5_addresses *addresses, + krb5_creds *in_creds, + krb5_creds *krbtgt, + krb5_creds *out_creds, + krb5_key_usage usage) +{ + TGS_REQ req; + krb5_data enc; + krb5_data resp; + krb5_kdc_rep rep; + KRB_ERROR error; + krb5_error_code ret; + unsigned nonce; + krb5_keyblock *subkey = NULL; + size_t len; + Ticket second_ticket; + int send_to_kdc_flags = 0; + + krb5_data_zero(&resp); + krb5_data_zero(&enc); + + krb5_generate_random_block(&nonce, sizeof(nonce)); + nonce &= 0xffffffff; + + if(flags.b.enc_tkt_in_skey){ + ret = decode_Ticket(in_creds->second_ticket.data, + in_creds->second_ticket.length, + &second_ticket, &len); + if(ret) + return ret; + } + + ret = init_tgs_req (context, + id, + addresses, + flags, + flags.b.enc_tkt_in_skey ? &second_ticket : NULL, + in_creds, + krbtgt, + nonce, + &subkey, + &req, + usage); + if(flags.b.enc_tkt_in_skey) + free_Ticket(&second_ticket); + if (ret) + goto out; + + ASN1_MALLOC_ENCODE(TGS_REQ, enc.data, enc.length, &req, &len, ret); + if (ret) + goto out; + if(enc.length != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + /* don't free addresses */ + req.req_body.addresses = NULL; + free_TGS_REQ(&req); + + /* + * Send and receive + */ +again: + ret = krb5_sendto_kdc_flags (context, &enc, + &krbtgt->server->name.name_string.val[1], + &resp, + send_to_kdc_flags); + if(ret) + goto out; + + memset(&rep, 0, sizeof(rep)); + if(decode_TGS_REP(resp.data, resp.length, &rep.kdc_rep, &len) == 0){ + ret = krb5_copy_principal(context, + in_creds->client, + &out_creds->client); + if(ret) + goto out; + ret = krb5_copy_principal(context, + in_creds->server, + &out_creds->server); + if(ret) + goto out; + /* this should go someplace else */ + out_creds->times.endtime = in_creds->times.endtime; + + ret = _krb5_extract_ticket(context, + &rep, + out_creds, + &krbtgt->session, + NULL, + KRB5_KU_TGS_REP_ENC_PART_SESSION, + &krbtgt->addresses, + nonce, + TRUE, + flags.b.request_anonymous, + decrypt_tkt_with_subkey, + subkey); + krb5_free_kdc_rep(context, &rep); + } else if(krb5_rd_error(context, &resp, &error) == 0) { + ret = krb5_error_from_rd_error(context, &error, in_creds); + krb5_free_error_contents(context, &error); + + if (ret == KRB5KRB_ERR_RESPONSE_TOO_BIG && !(send_to_kdc_flags & KRB5_KRBHST_FLAGS_LARGE_MSG)) { + send_to_kdc_flags |= KRB5_KRBHST_FLAGS_LARGE_MSG; + krb5_data_free(&resp); + goto again; + } + } else if(resp.data && ((char*)resp.data)[0] == 4) { + ret = KRB5KRB_AP_ERR_V4_REPLY; + krb5_clear_error_string(context); + } else { + ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_clear_error_string(context); + } + +out: + krb5_data_free(&resp); + krb5_data_free(&enc); + if(subkey){ + krb5_free_keyblock_contents(context, subkey); + free(subkey); + } + return ret; + +} + +static krb5_error_code +get_cred_kdc(krb5_context context, + krb5_ccache id, + krb5_kdc_flags flags, + krb5_addresses *addresses, + krb5_creds *in_creds, + krb5_creds *krbtgt, + krb5_creds *out_creds) +{ + krb5_error_code ret; + + ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds, + krbtgt, out_creds, KRB5_KU_TGS_REQ_AUTH); + if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) { + krb5_clear_error_string (context); + ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds, + krbtgt, out_creds, KRB5_KU_AP_REQ_AUTH); + } + return ret; +} + +/* same as above, just get local addresses first */ + +static krb5_error_code +get_cred_kdc_la(krb5_context context, krb5_ccache id, krb5_kdc_flags flags, + krb5_creds *in_creds, krb5_creds *krbtgt, + krb5_creds *out_creds) +{ + krb5_error_code ret; + krb5_addresses addresses, *addrs = &addresses; + + krb5_get_all_client_addrs(context, &addresses); + /* XXX this sucks. */ + if(addresses.len == 0) + addrs = NULL; + ret = get_cred_kdc(context, id, flags, addrs, + in_creds, krbtgt, out_creds); + krb5_free_addresses(context, &addresses); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_kdc_cred(krb5_context context, + krb5_ccache id, + krb5_kdc_flags flags, + krb5_addresses *addresses, + Ticket *second_ticket, + krb5_creds *in_creds, + krb5_creds **out_creds + ) +{ + krb5_error_code ret; + krb5_creds *krbtgt; + + *out_creds = calloc(1, sizeof(**out_creds)); + if(*out_creds == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + ret = _krb5_get_krbtgt (context, + id, + in_creds->server->realm, + &krbtgt); + if(ret) { + free(*out_creds); + return ret; + } + ret = get_cred_kdc(context, id, flags, addresses, + in_creds, krbtgt, *out_creds); + krb5_free_creds (context, krbtgt); + if(ret) + free(*out_creds); + return ret; +} + + +static krb5_error_code +find_cred(krb5_context context, + krb5_ccache id, + krb5_principal server, + krb5_creds **tgts, + krb5_creds *out_creds) +{ + krb5_error_code ret; + krb5_creds mcreds; + + krb5_cc_clear_mcred(&mcreds); + mcreds.server = server; + ret = krb5_cc_retrieve_cred(context, id, KRB5_TC_DONT_MATCH_REALM, + &mcreds, out_creds); + if(ret == 0) + return 0; + while(tgts && *tgts){ + if(krb5_compare_creds(context, KRB5_TC_DONT_MATCH_REALM, + &mcreds, *tgts)){ + ret = krb5_copy_creds_contents(context, *tgts, out_creds); + return ret; + } + tgts++; + } + krb5_clear_error_string(context); + return KRB5_CC_NOTFOUND; +} + +static krb5_error_code +add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt) +{ + int i; + krb5_error_code ret; + krb5_creds **tmp = *tgts; + + for(i = 0; tmp && tmp[i]; i++); /* XXX */ + tmp = realloc(tmp, (i+2)*sizeof(*tmp)); + if(tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + *tgts = tmp; + ret = krb5_copy_creds(context, tkt, &tmp[i]); + tmp[i+1] = NULL; + return ret; +} + +/* +get_cred(server) + creds = cc_get_cred(server) + if(creds) return creds + tgt = cc_get_cred(krbtgt/server_realm@any_realm) + if(tgt) + return get_cred_tgt(server, tgt) + if(client_realm == server_realm) + return NULL + tgt = get_cred(krbtgt/server_realm@client_realm) + while(tgt_inst != server_realm) + tgt = get_cred(krbtgt/server_realm@tgt_inst) + return get_cred_tgt(server, tgt) + */ + +static krb5_error_code +get_cred_from_kdc_flags(krb5_context context, + krb5_kdc_flags flags, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_creds **out_creds, + krb5_creds ***ret_tgts) +{ + krb5_error_code ret; + krb5_creds *tgt, tmp_creds; + krb5_const_realm client_realm, server_realm, try_realm; + + *out_creds = NULL; + + client_realm = krb5_principal_get_realm(context, in_creds->client); + server_realm = krb5_principal_get_realm(context, in_creds->server); + memset(&tmp_creds, 0, sizeof(tmp_creds)); + ret = krb5_copy_principal(context, in_creds->client, &tmp_creds.client); + if(ret) + return ret; + + try_realm = krb5_config_get_string(context, NULL, "capaths", + client_realm, server_realm, NULL); + +#if 1 + /* XXX remove in future release */ + if(try_realm == NULL) + try_realm = krb5_config_get_string(context, NULL, "libdefaults", + "capath", server_realm, NULL); +#endif + + if (try_realm == NULL) + try_realm = client_realm; + + ret = krb5_make_principal(context, + &tmp_creds.server, + try_realm, + KRB5_TGS_NAME, + server_realm, + NULL); + if(ret){ + krb5_free_principal(context, tmp_creds.client); + return ret; + } + { + krb5_creds tgts; + /* XXX try krb5_cc_retrieve_cred first? */ + ret = find_cred(context, ccache, tmp_creds.server, + *ret_tgts, &tgts); + if(ret == 0){ + *out_creds = calloc(1, sizeof(**out_creds)); + if(*out_creds == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + } else { + krb5_boolean noaddr; + + krb5_appdefault_boolean(context, NULL, tgts.server->realm, + "no-addresses", FALSE, &noaddr); + + if (noaddr) + ret = get_cred_kdc(context, ccache, flags, NULL, + in_creds, &tgts, *out_creds); + else + ret = get_cred_kdc_la(context, ccache, flags, + in_creds, &tgts, *out_creds); + if (ret) { + free (*out_creds); + *out_creds = NULL; + } + } + krb5_free_cred_contents(context, &tgts); + krb5_free_principal(context, tmp_creds.server); + krb5_free_principal(context, tmp_creds.client); + return ret; + } + } + if(krb5_realm_compare(context, in_creds->client, in_creds->server)) { + krb5_clear_error_string (context); + return KRB5_CC_NOTFOUND; + } + /* XXX this can loop forever */ + while(1){ + heim_general_string tgt_inst; + + ret = get_cred_from_kdc_flags(context, flags, ccache, &tmp_creds, + &tgt, ret_tgts); + if(ret) { + krb5_free_principal(context, tmp_creds.server); + krb5_free_principal(context, tmp_creds.client); + return ret; + } + ret = add_cred(context, ret_tgts, tgt); + if(ret) { + krb5_free_principal(context, tmp_creds.server); + krb5_free_principal(context, tmp_creds.client); + return ret; + } + tgt_inst = tgt->server->name.name_string.val[1]; + if(strcmp(tgt_inst, server_realm) == 0) + break; + krb5_free_principal(context, tmp_creds.server); + ret = krb5_make_principal(context, &tmp_creds.server, + tgt_inst, KRB5_TGS_NAME, server_realm, NULL); + if(ret) { + krb5_free_principal(context, tmp_creds.server); + krb5_free_principal(context, tmp_creds.client); + return ret; + } + ret = krb5_free_creds(context, tgt); + if(ret) { + krb5_free_principal(context, tmp_creds.server); + krb5_free_principal(context, tmp_creds.client); + return ret; + } + } + + krb5_free_principal(context, tmp_creds.server); + krb5_free_principal(context, tmp_creds.client); + *out_creds = calloc(1, sizeof(**out_creds)); + if(*out_creds == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + } else { + krb5_boolean noaddr; + + krb5_appdefault_boolean(context, NULL, tgt->server->realm, + "no-addresses", FALSE, &noaddr); + if (noaddr) + ret = get_cred_kdc (context, ccache, flags, NULL, + in_creds, tgt, *out_creds); + else + ret = get_cred_kdc_la(context, ccache, flags, + in_creds, tgt, *out_creds); + if (ret) { + free (*out_creds); + *out_creds = NULL; + } + } + krb5_free_creds(context, tgt); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_cred_from_kdc_opt(krb5_context context, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_creds **out_creds, + krb5_creds ***ret_tgts, + krb5_flags flags) +{ + krb5_kdc_flags f; + f.i = flags; + return get_cred_from_kdc_flags(context, f, ccache, + in_creds, out_creds, ret_tgts); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_cred_from_kdc(krb5_context context, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_creds **out_creds, + krb5_creds ***ret_tgts) +{ + return krb5_get_cred_from_kdc_opt(context, ccache, + in_creds, out_creds, ret_tgts, 0); +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_credentials_with_flags(krb5_context context, + krb5_flags options, + krb5_kdc_flags flags, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_creds **out_creds) +{ + krb5_error_code ret; + krb5_creds **tgts; + krb5_creds *res_creds; + int i; + + *out_creds = NULL; + res_creds = calloc(1, sizeof(*res_creds)); + if (res_creds == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + if (in_creds->session.keytype) + options |= KRB5_TC_MATCH_KEYTYPE; + + ret = krb5_cc_retrieve_cred(context, + ccache, + options, + in_creds, res_creds); + /* + * If we got a credential, check if credential is expired before + * returning it. + */ + ret = krb5_cc_retrieve_cred(context, + ccache, + in_creds->session.keytype ? + KRB5_TC_MATCH_KEYTYPE : 0, + in_creds, res_creds); + /* + * If we got a credential, check if credential is expired before + * returning it, but only if KRB5_GC_EXPIRED_OK is not set. + */ + if (ret == 0) { + krb5_timestamp timeret; + + /* If expired ok, don't bother checking */ + if(options & KRB5_GC_EXPIRED_OK) { + *out_creds = res_creds; + return 0; + } + + krb5_timeofday(context, &timeret); + if(res_creds->times.endtime > timeret) { + *out_creds = res_creds; + return 0; + } + if(options & KRB5_GC_CACHED) + krb5_cc_remove_cred(context, ccache, 0, res_creds); + + } else if(ret != KRB5_CC_END) { + free(res_creds); + return ret; + } + free(res_creds); + if(options & KRB5_GC_CACHED) { + krb5_clear_error_string (context); + return KRB5_CC_NOTFOUND; + } + if(options & KRB5_GC_USER_USER) + flags.b.enc_tkt_in_skey = 1; + tgts = NULL; + ret = get_cred_from_kdc_flags(context, flags, ccache, + in_creds, out_creds, &tgts); + for(i = 0; tgts && tgts[i]; i++) { + krb5_cc_store_cred(context, ccache, tgts[i]); + krb5_free_creds(context, tgts[i]); + } + free(tgts); + if(ret == 0 && flags.b.enc_tkt_in_skey == 0) + krb5_cc_store_cred(context, ccache, *out_creds); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_credentials(krb5_context context, + krb5_flags options, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_creds **out_creds) +{ + krb5_kdc_flags flags; + flags.i = 0; + return krb5_get_credentials_with_flags(context, options, flags, + ccache, in_creds, out_creds); +} diff --git a/source4/heimdal/lib/krb5/get_default_principal.c b/source4/heimdal/lib/krb5/get_default_principal.c new file mode 100644 index 0000000000..03e8f0a823 --- /dev/null +++ b/source4/heimdal/lib/krb5/get_default_principal.c @@ -0,0 +1,115 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: get_default_principal.c,v 1.10 2005/04/20 20:53:29 lha Exp $"); + +/* + * Try to find out what's a reasonable default principal. + */ + +static const char* +get_env_user(void) +{ + const char *user = getenv("USER"); + if(user == NULL) + user = getenv("LOGNAME"); + if(user == NULL) + user = getenv("USERNAME"); + return user; +} + +/* + * Will only use operating-system dependant operation to get the + * default principal, for use of functions that in ccache layer to + * avoid recursive calls. + */ + +krb5_error_code +_krb5_get_default_principal_local (krb5_context context, + krb5_principal *princ) +{ + krb5_error_code ret; + const char *user; + uid_t uid; + + *princ = NULL; + + uid = getuid(); + if(uid == 0) { + user = getlogin(); + if(user == NULL) + user = get_env_user(); + if(user != NULL && strcmp(user, "root") != 0) + ret = krb5_make_principal(context, princ, NULL, user, "root", NULL); + else + ret = krb5_make_principal(context, princ, NULL, "root", NULL); + } else { + struct passwd *pw = getpwuid(uid); + if(pw != NULL) + user = pw->pw_name; + else { + user = get_env_user(); + if(user == NULL) + user = getlogin(); + } + if(user == NULL) { + krb5_set_error_string(context, + "unable to figure out current principal"); + return ENOTTY; /* XXX */ + } + ret = krb5_make_principal(context, princ, NULL, user, NULL); + } + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_default_principal (krb5_context context, + krb5_principal *princ) +{ + krb5_error_code ret; + krb5_ccache id; + + *princ = NULL; + + ret = krb5_cc_default (context, &id); + if (ret == 0) { + ret = krb5_cc_get_principal (context, id, princ); + krb5_cc_close (context, id); + if (ret == 0) + return 0; + } + + return _krb5_get_default_principal_local(context, princ); +} diff --git a/source4/heimdal/lib/krb5/get_default_realm.c b/source4/heimdal/lib/krb5/get_default_realm.c new file mode 100644 index 0000000000..bb72daf373 --- /dev/null +++ b/source4/heimdal/lib/krb5/get_default_realm.c @@ -0,0 +1,84 @@ +/* + * Copyright (c) 1997 - 2001, 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: get_default_realm.c,v 1.13 2004/05/25 21:27:17 lha Exp $"); + +/* + * Return a NULL-terminated list of default realms in `realms'. + * Free this memory with krb5_free_host_realm. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_default_realms (krb5_context context, + krb5_realm **realms) +{ + if (context->default_realms == NULL) { + krb5_error_code ret = krb5_set_default_realm (context, NULL); + if (ret) + return KRB5_CONFIG_NODEFREALM; + } + + return krb5_copy_host_realm (context, + context->default_realms, + realms); +} + +/* + * Return the first default realm. For compatibility. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_default_realm(krb5_context context, + krb5_realm *realm) +{ + krb5_error_code ret; + char *res; + + if (context->default_realms == NULL + || context->default_realms[0] == NULL) { + krb5_clear_error_string(context); + ret = krb5_set_default_realm (context, NULL); + if (ret) + return ret; + } + + res = strdup (context->default_realms[0]); + if (res == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + *realm = res; + return 0; +} diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c new file mode 100644 index 0000000000..ea0bc4ad9e --- /dev/null +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -0,0 +1,427 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: get_for_creds.c,v 1.45 2005/06/15 02:44:36 lha Exp $"); + +static krb5_error_code +add_addrs(krb5_context context, + krb5_addresses *addr, + struct addrinfo *ai) +{ + krb5_error_code ret; + unsigned n, i; + void *tmp; + struct addrinfo *a; + + n = 0; + for (a = ai; a != NULL; a = a->ai_next) + ++n; + + tmp = realloc(addr->val, (addr->len + n) * sizeof(*addr->val)); + if (tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + goto fail; + } + addr->val = tmp; + for (i = addr->len; i < (addr->len + n); ++i) { + addr->val[i].addr_type = 0; + krb5_data_zero(&addr->val[i].address); + } + i = addr->len; + for (a = ai; a != NULL; a = a->ai_next) { + krb5_address ad; + + ret = krb5_sockaddr2address (context, a->ai_addr, &ad); + if (ret == 0) { + if (krb5_address_search(context, &ad, addr)) + krb5_free_address(context, &ad); + else + addr->val[i++] = ad; + } + else if (ret == KRB5_PROG_ATYPE_NOSUPP) + krb5_clear_error_string (context); + else + goto fail; + addr->len = i; + } + return 0; +fail: + krb5_free_addresses (context, addr); + return ret; +} + +/* + * Forward credentials for `client' to host `hostname`, + * making them forwardable if `forwardable', and returning the + * blob of data to sent in `out_data'. + * If hostname == NULL, pick it from `server' + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_fwd_tgt_creds (krb5_context context, + krb5_auth_context auth_context, + const char *hostname, + krb5_principal client, + krb5_principal server, + krb5_ccache ccache, + int forwardable, + krb5_data *out_data) +{ + krb5_flags flags = 0; + krb5_creds creds; + krb5_error_code ret; + krb5_const_realm client_realm; + + flags |= KDC_OPT_FORWARDED; + + if (forwardable) + flags |= KDC_OPT_FORWARDABLE; + + if (hostname == NULL && + krb5_principal_get_type(context, server) == KRB5_NT_SRV_HST) { + const char *inst = krb5_principal_get_comp_string(context, server, 0); + const char *host = krb5_principal_get_comp_string(context, server, 1); + + if (inst != NULL && + strcmp(inst, "host") == 0 && + host != NULL && + krb5_principal_get_comp_string(context, server, 2) == NULL) + hostname = host; + } + + client_realm = krb5_principal_get_realm(context, client); + + memset (&creds, 0, sizeof(creds)); + creds.client = client; + + ret = krb5_build_principal(context, + &creds.server, + strlen(client_realm), + client_realm, + KRB5_TGS_NAME, + client_realm, + NULL); + if (ret) + return ret; + + ret = krb5_get_forwarded_creds (context, + auth_context, + ccache, + flags, + hostname, + &creds, + out_data); + return ret; +} + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_forwarded_creds (krb5_context context, + krb5_auth_context auth_context, + krb5_ccache ccache, + krb5_flags flags, + const char *hostname, + krb5_creds *in_creds, + krb5_data *out_data) +{ + krb5_error_code ret; + krb5_creds *out_creds; + krb5_addresses addrs, *paddrs; + KRB_CRED cred; + KrbCredInfo *krb_cred_info; + EncKrbCredPart enc_krb_cred_part; + size_t len; + unsigned char *buf; + size_t buf_size; + krb5_kdc_flags kdc_flags; + krb5_crypto crypto; + struct addrinfo *ai; + int save_errno; + krb5_creds *ticket; + char *realm; + + if (in_creds->client && in_creds->client->realm) + realm = in_creds->client->realm; + else + realm = in_creds->server->realm; + + addrs.len = 0; + addrs.val = NULL; + paddrs = &addrs; + + /* + * If tickets are address-less, forward address-less tickets. + */ + + ret = _krb5_get_krbtgt (context, + ccache, + realm, + &ticket); + if(ret == 0) { + if (ticket->addresses.len == 0) + paddrs = NULL; + krb5_free_creds (context, ticket); + } + + if (paddrs != NULL) { + + ret = getaddrinfo (hostname, NULL, NULL, &ai); + if (ret) { + save_errno = errno; + krb5_set_error_string(context, "resolving %s: %s", + hostname, gai_strerror(ret)); + return krb5_eai_to_heim_errno(ret, save_errno); + } + + ret = add_addrs (context, &addrs, ai); + freeaddrinfo (ai); + if (ret) + return ret; + } + + kdc_flags.b = int2KDCOptions(flags); + + ret = krb5_get_kdc_cred (context, + ccache, + kdc_flags, + paddrs, + NULL, + in_creds, + &out_creds); + krb5_free_addresses (context, &addrs); + if (ret) { + return ret; + } + + memset (&cred, 0, sizeof(cred)); + cred.pvno = 5; + cred.msg_type = krb_cred; + ALLOC_SEQ(&cred.tickets, 1); + if (cred.tickets.val == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto out2; + } + ret = decode_Ticket(out_creds->ticket.data, + out_creds->ticket.length, + cred.tickets.val, &len); + if (ret) + goto out3; + + memset (&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part)); + ALLOC_SEQ(&enc_krb_cred_part.ticket_info, 1); + if (enc_krb_cred_part.ticket_info.val == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto out4; + } + + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { + krb5_timestamp sec; + int32_t usec; + + krb5_us_timeofday (context, &sec, &usec); + + ALLOC(enc_krb_cred_part.timestamp, 1); + if (enc_krb_cred_part.timestamp == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto out4; + } + *enc_krb_cred_part.timestamp = sec; + ALLOC(enc_krb_cred_part.usec, 1); + if (enc_krb_cred_part.usec == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto out4; + } + *enc_krb_cred_part.usec = usec; + } else { + enc_krb_cred_part.timestamp = NULL; + enc_krb_cred_part.usec = NULL; + } + + if (auth_context->local_address && auth_context->local_port) { + krb5_boolean noaddr; + krb5_const_realm srealm; + + srealm = krb5_principal_get_realm(context, out_creds->server); + krb5_appdefault_boolean(context, NULL, srealm, "no-addresses", + paddrs == NULL, &noaddr); + if (!noaddr) { + ret = krb5_make_addrport (context, + &enc_krb_cred_part.s_address, + auth_context->local_address, + auth_context->local_port); + if (ret) + goto out4; + } + } + + if (auth_context->remote_address) { + if (auth_context->remote_port) { + krb5_boolean noaddr; + krb5_const_realm srealm; + + srealm = krb5_principal_get_realm(context, out_creds->server); + /* Is this correct, and should we use the paddrs == NULL + trick here as well? Having an address-less ticket may + indicate that we don't know our own global address, but + it does not necessary mean that we don't know the + server's. */ + krb5_appdefault_boolean(context, NULL, srealm, "no-addresses", + FALSE, &noaddr); + if (!noaddr) { + ret = krb5_make_addrport (context, + &enc_krb_cred_part.r_address, + auth_context->remote_address, + auth_context->remote_port); + if (ret) + goto out4; + } + } else { + ALLOC(enc_krb_cred_part.r_address, 1); + if (enc_krb_cred_part.r_address == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto out4; + } + + ret = krb5_copy_address (context, auth_context->remote_address, + enc_krb_cred_part.r_address); + if (ret) + goto out4; + } + } + + /* fill ticket_info.val[0] */ + + enc_krb_cred_part.ticket_info.len = 1; + + krb_cred_info = enc_krb_cred_part.ticket_info.val; + + copy_EncryptionKey (&out_creds->session, &krb_cred_info->key); + ALLOC(krb_cred_info->prealm, 1); + copy_Realm (&out_creds->client->realm, krb_cred_info->prealm); + ALLOC(krb_cred_info->pname, 1); + copy_PrincipalName(&out_creds->client->name, krb_cred_info->pname); + ALLOC(krb_cred_info->flags, 1); + *krb_cred_info->flags = out_creds->flags.b; + ALLOC(krb_cred_info->authtime, 1); + *krb_cred_info->authtime = out_creds->times.authtime; + ALLOC(krb_cred_info->starttime, 1); + *krb_cred_info->starttime = out_creds->times.starttime; + ALLOC(krb_cred_info->endtime, 1); + *krb_cred_info->endtime = out_creds->times.endtime; + ALLOC(krb_cred_info->renew_till, 1); + *krb_cred_info->renew_till = out_creds->times.renew_till; + ALLOC(krb_cred_info->srealm, 1); + copy_Realm (&out_creds->server->realm, krb_cred_info->srealm); + ALLOC(krb_cred_info->sname, 1); + copy_PrincipalName (&out_creds->server->name, krb_cred_info->sname); + ALLOC(krb_cred_info->caddr, 1); + copy_HostAddresses (&out_creds->addresses, krb_cred_info->caddr); + + krb5_free_creds (context, out_creds); + + /* encode EncKrbCredPart */ + + ASN1_MALLOC_ENCODE(EncKrbCredPart, buf, buf_size, + &enc_krb_cred_part, &len, ret); + free_EncKrbCredPart (&enc_krb_cred_part); + if (ret) { + free_KRB_CRED(&cred); + return ret; + } + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + if (auth_context->flags & KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED) { + cred.enc_part.etype = ENCTYPE_NULL; + cred.enc_part.kvno = NULL; + cred.enc_part.cipher.data = buf; + cred.enc_part.cipher.length = buf_size; + } else { + krb5_keyblock *key; + + if (auth_context->local_subkey) + key = auth_context->local_subkey; + else if (auth_context->remote_subkey) + key = auth_context->remote_subkey; + else + key = auth_context->keyblock; + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) { + free(buf); + free_KRB_CRED(&cred); + return ret; + } + ret = krb5_encrypt_EncryptedData (context, + crypto, + KRB5_KU_KRB_CRED, + buf, + len, + 0, + &cred.enc_part); + free(buf); + krb5_crypto_destroy(context, crypto); + if (ret) { + free_KRB_CRED(&cred); + return ret; + } + } + + ASN1_MALLOC_ENCODE(KRB_CRED, buf, buf_size, &cred, &len, ret); + free_KRB_CRED (&cred); + if (ret) + return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + out_data->length = len; + out_data->data = buf; + return 0; + out4: + free_EncKrbCredPart(&enc_krb_cred_part); + out3: + free_KRB_CRED(&cred); + out2: + krb5_free_creds (context, out_creds); + return ret; +} diff --git a/source4/heimdal/lib/krb5/get_host_realm.c b/source4/heimdal/lib/krb5/get_host_realm.c new file mode 100644 index 0000000000..d9c5bd5dc1 --- /dev/null +++ b/source4/heimdal/lib/krb5/get_host_realm.c @@ -0,0 +1,220 @@ +/* + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +#include + +RCSID("$Id: get_host_realm.c,v 1.34 2005/04/19 18:52:51 lha Exp $"); + +/* To automagically find the correct realm of a host (without + * [domain_realm] in krb5.conf) add a text record for your domain with + * the name of your realm, like this: + * + * _kerberos IN TXT "FOO.SE" + * + * The search is recursive, so you can add entries for specific + * hosts. To find the realm of host a.b.c, it first tries + * _kerberos.a.b.c, then _kerberos.b.c and so on. + * + * This method is described in draft-ietf-cat-krb-dns-locate-03.txt. + * + */ + +static int +copy_txt_to_realms (struct resource_record *head, + krb5_realm **realms) +{ + struct resource_record *rr; + int n, i; + + for(n = 0, rr = head; rr; rr = rr->next) + if (rr->type == T_TXT) + ++n; + + if (n == 0) + return -1; + + *realms = malloc ((n + 1) * sizeof(krb5_realm)); + if (*realms == NULL) + return -1; + + for (i = 0; i < n + 1; ++i) + (*realms)[i] = NULL; + + for (i = 0, rr = head; rr; rr = rr->next) { + if (rr->type == T_TXT) { + char *tmp; + + tmp = strdup(rr->u.txt); + if (tmp == NULL) { + for (i = 0; i < n; ++i) + free ((*realms)[i]); + free (*realms); + return -1; + } + (*realms)[i] = tmp; + ++i; + } + } + return 0; +} + +static int +dns_find_realm(krb5_context context, + const char *domain, + krb5_realm **realms) +{ + static char *default_labels[] = { "_kerberos", NULL }; + char dom[MAXHOSTNAMELEN]; + struct dns_reply *r; + char **labels; + int i, ret; + + labels = krb5_config_get_strings(context, NULL, "libdefaults", + "dns_lookup_realm_labels", NULL); + if(labels == NULL) + labels = default_labels; + if(*domain == '.') + domain++; + for (i = 0; labels[i] != NULL; i++) { + ret = snprintf(dom, sizeof(dom), "%s.%s.", labels[i], domain); + if(ret < 0 || ret >= sizeof(dom)) + return -1; + r = dns_lookup(dom, "TXT"); + if(r != NULL) { + ret = copy_txt_to_realms (r->head, realms); + dns_free_data(r); + if(ret == 0) + return 0; + } + } + return -1; +} + +/* + * Try to figure out what realms host in `domain' belong to from the + * configuration file. + */ + +static int +config_find_realm(krb5_context context, + const char *domain, + krb5_realm **realms) +{ + char **tmp = krb5_config_get_strings (context, NULL, + "domain_realm", + domain, + NULL); + + if (tmp == NULL) + return -1; + *realms = tmp; + return 0; +} + +/* + * This function assumes that `host' is a FQDN (and doesn't handle the + * special case of host == NULL either). + * Try to find mapping in the config file or DNS and it that fails, + * fall back to guessing + */ + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_get_host_realm_int (krb5_context context, + const char *host, + krb5_boolean use_dns, + krb5_realm **realms) +{ + const char *p, *q; + krb5_boolean dns_locate_enable; + + dns_locate_enable = krb5_config_get_bool_default(context, NULL, TRUE, + "libdefaults", "dns_lookup_realm", NULL); + for (p = host; p != NULL; p = strchr (p + 1, '.')) { + if(config_find_realm(context, p, realms) == 0) { + if(strcasecmp(*realms[0], "dns_locate") == 0) { + if(use_dns) + for (q = host; q != NULL; q = strchr(q + 1, '.')) + if(dns_find_realm(context, q, realms) == 0) + return 0; + continue; + } else + return 0; + } + else if(use_dns && dns_locate_enable) { + if(dns_find_realm(context, p, realms) == 0) + return 0; + } + } + p = strchr(host, '.'); + if(p != NULL) { + p++; + *realms = malloc(2 * sizeof(krb5_realm)); + if (*realms == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + (*realms)[0] = strdup(p); + if((*realms)[0] == NULL) { + free(*realms); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + strupr((*realms)[0]); + (*realms)[1] = NULL; + return 0; + } + krb5_set_error_string(context, "unable to find realm of host %s", host); + return KRB5_ERR_HOST_REALM_UNKNOWN; +} + +/* + * Return the realm(s) of `host' as a NULL-terminated list in `realms'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_host_realm(krb5_context context, + const char *host, + krb5_realm **realms) +{ + char hostname[MAXHOSTNAMELEN]; + + if (host == NULL) { + if (gethostname (hostname, sizeof(hostname))) + return errno; + host = hostname; + } + + return _krb5_get_host_realm_int (context, host, 1, realms); +} diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c new file mode 100644 index 0000000000..24d6c29f52 --- /dev/null +++ b/source4/heimdal/lib/krb5/get_in_tkt.c @@ -0,0 +1,823 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: get_in_tkt.c,v 1.116 2005/06/15 02:53:20 lha Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_init_etype (krb5_context context, + unsigned *len, + krb5_enctype **val, + const krb5_enctype *etypes) +{ + int i; + krb5_error_code ret; + krb5_enctype *tmp = NULL; + + ret = 0; + if (etypes == NULL) { + ret = krb5_get_default_in_tkt_etypes(context, + &tmp); + if (ret) + return ret; + etypes = tmp; + } + + for (i = 0; etypes[i]; ++i) + ; + *len = i; + *val = malloc(i * sizeof(**val)); + if (i != 0 && *val == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto cleanup; + } + memmove (*val, + etypes, + i * sizeof(*tmp)); +cleanup: + if (tmp != NULL) + free (tmp); + return ret; +} + + +static krb5_error_code +decrypt_tkt (krb5_context context, + krb5_keyblock *key, + krb5_key_usage usage, + krb5_const_pointer decrypt_arg, + krb5_kdc_rep *dec_rep) +{ + krb5_error_code ret; + krb5_data data; + size_t size; + krb5_crypto crypto; + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; + + ret = krb5_decrypt_EncryptedData (context, + crypto, + usage, + &dec_rep->kdc_rep.enc_part, + &data); + krb5_crypto_destroy(context, crypto); + + if (ret) + return ret; + + ret = krb5_decode_EncASRepPart(context, + data.data, + data.length, + &dec_rep->enc_part, + &size); + if (ret) + ret = krb5_decode_EncTGSRepPart(context, + data.data, + data.length, + &dec_rep->enc_part, + &size); + krb5_data_free (&data); + if (ret) + return ret; + return 0; +} + +int +_krb5_extract_ticket(krb5_context context, + krb5_kdc_rep *rep, + krb5_creds *creds, + krb5_keyblock *key, + krb5_const_pointer keyseed, + krb5_key_usage key_usage, + krb5_addresses *addrs, + unsigned nonce, + krb5_boolean allow_server_mismatch, + krb5_boolean ignore_cname, + krb5_decrypt_proc decrypt_proc, + krb5_const_pointer decryptarg) +{ + krb5_error_code ret; + krb5_principal tmp_principal; + int tmp; + size_t len; + time_t tmp_time; + krb5_timestamp sec_now; + + ret = _krb5_principalname2krb5_principal (&tmp_principal, + rep->kdc_rep.cname, + rep->kdc_rep.crealm); + if (ret) + goto out; + + /* compare client */ + + if (!ignore_cname) { + tmp = krb5_principal_compare (context, tmp_principal, creds->client); + if (!tmp) { + krb5_free_principal (context, tmp_principal); + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_MODIFIED; + goto out; + } + } + + krb5_free_principal (context, creds->client); + creds->client = tmp_principal; + + /* extract ticket */ + ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, + &rep->kdc_rep.ticket, &len, ret); + if(ret) + goto out; + if (creds->ticket.length != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + creds->second_ticket.length = 0; + creds->second_ticket.data = NULL; + + /* compare server */ + + ret = _krb5_principalname2krb5_principal (&tmp_principal, + rep->kdc_rep.ticket.sname, + rep->kdc_rep.ticket.realm); + if (ret) + goto out; + if(allow_server_mismatch){ + krb5_free_principal(context, creds->server); + creds->server = tmp_principal; + tmp_principal = NULL; + }else{ + tmp = krb5_principal_compare (context, tmp_principal, creds->server); + krb5_free_principal (context, tmp_principal); + if (!tmp) { + ret = KRB5KRB_AP_ERR_MODIFIED; + krb5_clear_error_string (context); + goto out; + } + } + + /* decrypt */ + + if (decrypt_proc == NULL) + decrypt_proc = decrypt_tkt; + + ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep); + if (ret) + goto out; + +#if 0 + /* XXX should this decode be here, or in the decrypt_proc? */ + ret = krb5_decode_keyblock(context, &rep->enc_part.key, 1); + if(ret) + goto out; +#endif + + /* compare nonces */ + + if (nonce != rep->enc_part.nonce) { + ret = KRB5KRB_AP_ERR_MODIFIED; + krb5_set_error_string(context, "malloc: out of memory"); + goto out; + } + + /* set kdc-offset */ + + krb5_timeofday (context, &sec_now); + if (rep->enc_part.flags.initial + && context->kdc_sec_offset == 0 + && krb5_config_get_bool (context, NULL, + "libdefaults", + "kdc_timesync", + NULL)) { + context->kdc_sec_offset = rep->enc_part.authtime - sec_now; + krb5_timeofday (context, &sec_now); + } + + /* check all times */ + + if (rep->enc_part.starttime) { + tmp_time = *rep->enc_part.starttime; + } else + tmp_time = rep->enc_part.authtime; + + if (creds->times.starttime == 0 + && abs(tmp_time - sec_now) > context->max_skew) { + ret = KRB5KRB_AP_ERR_SKEW; + krb5_set_error_string (context, + "time skew (%d) larger than max (%d)", + abs(tmp_time - sec_now), + (int)context->max_skew); + goto out; + } + + if (creds->times.starttime != 0 + && tmp_time != creds->times.starttime) { + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_MODIFIED; + goto out; + } + + creds->times.starttime = tmp_time; + + if (rep->enc_part.renew_till) { + tmp_time = *rep->enc_part.renew_till; + } else + tmp_time = 0; + + if (creds->times.renew_till != 0 + && tmp_time > creds->times.renew_till) { + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_MODIFIED; + goto out; + } + + creds->times.renew_till = tmp_time; + + creds->times.authtime = rep->enc_part.authtime; + + if (creds->times.endtime != 0 + && rep->enc_part.endtime > creds->times.endtime) { + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_MODIFIED; + goto out; + } + + creds->times.endtime = rep->enc_part.endtime; + + if(rep->enc_part.caddr) + krb5_copy_addresses (context, rep->enc_part.caddr, &creds->addresses); + else if(addrs) + krb5_copy_addresses (context, addrs, &creds->addresses); + else { + creds->addresses.len = 0; + creds->addresses.val = NULL; + } + creds->flags.b = rep->enc_part.flags; + + creds->authdata.len = 0; + creds->authdata.val = NULL; + creds->session.keyvalue.length = 0; + creds->session.keyvalue.data = NULL; + creds->session.keytype = rep->enc_part.key.keytype; + ret = krb5_data_copy (&creds->session.keyvalue, + rep->enc_part.key.keyvalue.data, + rep->enc_part.key.keyvalue.length); + +out: + memset (rep->enc_part.key.keyvalue.data, 0, + rep->enc_part.key.keyvalue.length); + return ret; +} + + +static krb5_error_code +make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, + krb5_enctype etype, krb5_keyblock *key) +{ + PA_ENC_TS_ENC p; + unsigned char *buf; + size_t buf_size; + size_t len; + EncryptedData encdata; + krb5_error_code ret; + int32_t usec; + int usec2; + krb5_crypto crypto; + + krb5_us_timeofday (context, &p.patimestamp, &usec); + usec2 = usec; + p.pausec = &usec2; + + ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret); + if (ret) + return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) { + free(buf); + return ret; + } + ret = krb5_encrypt_EncryptedData(context, + crypto, + KRB5_KU_PA_ENC_TIMESTAMP, + buf, + len, + 0, + &encdata); + free(buf); + krb5_crypto_destroy(context, crypto); + if (ret) + return ret; + + ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret); + free_EncryptedData(&encdata); + if (ret) + return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP; + pa->padata_value.length = len; + pa->padata_value.data = buf; + return 0; +} + +static krb5_error_code +add_padata(krb5_context context, + METHOD_DATA *md, + krb5_principal client, + krb5_key_proc key_proc, + krb5_const_pointer keyseed, + krb5_enctype *enctypes, + unsigned netypes, + krb5_salt *salt) +{ + krb5_error_code ret; + PA_DATA *pa2; + krb5_salt salt2; + krb5_enctype *ep; + int i; + + if(salt == NULL) { + /* default to standard salt */ + ret = krb5_get_pw_salt (context, client, &salt2); + salt = &salt2; + } + if (!enctypes) { + enctypes = context->etypes; + netypes = 0; + for (ep = enctypes; *ep != ETYPE_NULL; ep++) + netypes++; + } + pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val)); + if (pa2 == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + md->val = pa2; + + for (i = 0; i < netypes; ++i) { + krb5_keyblock *key; + + ret = (*key_proc)(context, enctypes[i], *salt, keyseed, &key); + if (ret) + continue; + ret = make_pa_enc_timestamp (context, &md->val[md->len], + enctypes[i], key); + krb5_free_keyblock (context, key); + if (ret) + return ret; + ++md->len; + } + if(salt == &salt2) + krb5_free_salt(context, salt2); + return 0; +} + +static krb5_error_code +init_as_req (krb5_context context, + krb5_kdc_flags opts, + krb5_creds *creds, + const krb5_addresses *addrs, + const krb5_enctype *etypes, + const krb5_preauthtype *ptypes, + const krb5_preauthdata *preauth, + krb5_key_proc key_proc, + krb5_const_pointer keyseed, + unsigned nonce, + AS_REQ *a) +{ + krb5_error_code ret; + krb5_salt salt; + + memset(a, 0, sizeof(*a)); + + a->pvno = 5; + a->msg_type = krb_as_req; + a->req_body.kdc_options = opts.b; + a->req_body.cname = malloc(sizeof(*a->req_body.cname)); + if (a->req_body.cname == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + a->req_body.sname = malloc(sizeof(*a->req_body.sname)); + if (a->req_body.sname == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + ret = _krb5_principal2principalname (a->req_body.cname, creds->client); + if (ret) + goto fail; + ret = _krb5_principal2principalname (a->req_body.sname, creds->server); + if (ret) + goto fail; + ret = copy_Realm(&creds->client->realm, &a->req_body.realm); + if (ret) + goto fail; + + if(creds->times.starttime) { + a->req_body.from = malloc(sizeof(*a->req_body.from)); + if (a->req_body.from == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + *a->req_body.from = creds->times.starttime; + } + if(creds->times.endtime){ + ALLOC(a->req_body.till, 1); + *a->req_body.till = creds->times.endtime; + } + if(creds->times.renew_till){ + a->req_body.rtime = malloc(sizeof(*a->req_body.rtime)); + if (a->req_body.rtime == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + *a->req_body.rtime = creds->times.renew_till; + } + a->req_body.nonce = nonce; + ret = krb5_init_etype (context, + &a->req_body.etype.len, + &a->req_body.etype.val, + etypes); + if (ret) + goto fail; + + /* + * This means no addresses + */ + + if (addrs && addrs->len == 0) { + a->req_body.addresses = NULL; + } else { + a->req_body.addresses = malloc(sizeof(*a->req_body.addresses)); + if (a->req_body.addresses == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + + if (addrs) + ret = krb5_copy_addresses(context, addrs, a->req_body.addresses); + else { + ret = krb5_get_all_client_addrs (context, a->req_body.addresses); + if(ret == 0 && a->req_body.addresses->len == 0) { + free(a->req_body.addresses); + a->req_body.addresses = NULL; + } + } + if (ret) + return ret; + } + + a->req_body.enc_authorization_data = NULL; + a->req_body.additional_tickets = NULL; + + if(preauth != NULL) { + int i; + ALLOC(a->padata, 1); + if(a->padata == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + a->padata->val = NULL; + a->padata->len = 0; + for(i = 0; i < preauth->len; i++) { + if(preauth->val[i].type == KRB5_PADATA_ENC_TIMESTAMP){ + int j; + + for(j = 0; j < preauth->val[i].info.len; j++) { + krb5_salt *sp = &salt; + if(preauth->val[i].info.val[j].salttype) + salt.salttype = *preauth->val[i].info.val[j].salttype; + else + salt.salttype = KRB5_PW_SALT; + if(preauth->val[i].info.val[j].salt) + salt.saltvalue = *preauth->val[i].info.val[j].salt; + else + if(salt.salttype == KRB5_PW_SALT) + sp = NULL; + else + krb5_data_zero(&salt.saltvalue); + ret = add_padata(context, a->padata, creds->client, + key_proc, keyseed, + &preauth->val[i].info.val[j].etype, 1, + sp); + if (ret == 0) + break; + } + } + } + } else + /* not sure this is the way to use `ptypes' */ + if (ptypes == NULL || *ptypes == KRB5_PADATA_NONE) + a->padata = NULL; + else if (*ptypes == KRB5_PADATA_ENC_TIMESTAMP) { + ALLOC(a->padata, 1); + if (a->padata == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + a->padata->len = 0; + a->padata->val = NULL; + + /* make a v5 salted pa-data */ + add_padata(context, a->padata, creds->client, + key_proc, keyseed, a->req_body.etype.val, + a->req_body.etype.len, NULL); + + /* make a v4 salted pa-data */ + salt.salttype = KRB5_PW_SALT; + krb5_data_zero(&salt.saltvalue); + add_padata(context, a->padata, creds->client, + key_proc, keyseed, a->req_body.etype.val, + a->req_body.etype.len, &salt); + } else { + krb5_set_error_string (context, "pre-auth type %d not supported", + *ptypes); + ret = KRB5_PREAUTH_BAD_TYPE; + goto fail; + } + return 0; +fail: + free_AS_REQ(a); + return ret; +} + +static int +set_ptypes(krb5_context context, + KRB_ERROR *error, + const krb5_preauthtype **ptypes, + krb5_preauthdata **preauth) +{ + static krb5_preauthdata preauth2; + static krb5_preauthtype ptypes2[] = { KRB5_PADATA_ENC_TIMESTAMP, KRB5_PADATA_NONE }; + + if(error->e_data) { + METHOD_DATA md; + int i; + decode_METHOD_DATA(error->e_data->data, + error->e_data->length, + &md, + NULL); + for(i = 0; i < md.len; i++){ + switch(md.val[i].padata_type){ + case KRB5_PADATA_ENC_TIMESTAMP: + *ptypes = ptypes2; + break; + case KRB5_PADATA_ETYPE_INFO: + *preauth = &preauth2; + ALLOC_SEQ(*preauth, 1); + (*preauth)->val[0].type = KRB5_PADATA_ENC_TIMESTAMP; + krb5_decode_ETYPE_INFO(context, + md.val[i].padata_value.data, + md.val[i].padata_value.length, + &(*preauth)->val[0].info, + NULL); + break; + default: + break; + } + } + free_METHOD_DATA(&md); + } else { + *ptypes = ptypes2; + } + return(1); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_in_cred(krb5_context context, + krb5_flags options, + const krb5_addresses *addrs, + const krb5_enctype *etypes, + const krb5_preauthtype *ptypes, + const krb5_preauthdata *preauth, + krb5_key_proc key_proc, + krb5_const_pointer keyseed, + krb5_decrypt_proc decrypt_proc, + krb5_const_pointer decryptarg, + krb5_creds *creds, + krb5_kdc_rep *ret_as_reply) +{ + krb5_error_code ret; + AS_REQ a; + krb5_kdc_rep rep; + krb5_data req, resp; + size_t len; + krb5_salt salt; + krb5_keyblock *key; + size_t size; + krb5_kdc_flags opts; + PA_DATA *pa; + krb5_enctype etype; + krb5_preauthdata *my_preauth = NULL; + unsigned nonce; + int done; + + opts.i = options; + + krb5_generate_random_block (&nonce, sizeof(nonce)); + nonce &= 0xffffffff; + + do { + done = 1; + ret = init_as_req (context, + opts, + creds, + addrs, + etypes, + ptypes, + preauth, + key_proc, + keyseed, + nonce, + &a); + if (my_preauth) { + free_ETYPE_INFO(&my_preauth->val[0].info); + free (my_preauth->val); + my_preauth = NULL; + } + if (ret) + return ret; + + ASN1_MALLOC_ENCODE(AS_REQ, req.data, req.length, &a, &len, ret); + free_AS_REQ(&a); + if (ret) + return ret; + if(len != req.length) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + ret = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp); + krb5_data_free(&req); + if (ret) + return ret; + + memset (&rep, 0, sizeof(rep)); + ret = decode_AS_REP(resp.data, resp.length, &rep.kdc_rep, &size); + if(ret) { + /* let's try to parse it as a KRB-ERROR */ + KRB_ERROR error; + int ret2; + + ret2 = krb5_rd_error(context, &resp, &error); + if(ret2 && resp.data && ((char*)resp.data)[0] == 4) + ret = KRB5KRB_AP_ERR_V4_REPLY; + krb5_data_free(&resp); + if (ret2 == 0) { + ret = krb5_error_from_rd_error(context, &error, creds); + /* if no preauth was set and KDC requires it, give it + one more try */ + if (!ptypes && !preauth + && ret == KRB5KDC_ERR_PREAUTH_REQUIRED +#if 0 + || ret == KRB5KDC_ERR_BADOPTION +#endif + && set_ptypes(context, &error, &ptypes, &my_preauth)) { + done = 0; + preauth = my_preauth; + krb5_free_error_contents(context, &error); + krb5_clear_error_string(context); + continue; + } + if(ret_as_reply) + ret_as_reply->error = error; + else + free_KRB_ERROR (&error); + return ret; + } + return ret; + } + krb5_data_free(&resp); + } while(!done); + + pa = NULL; + etype = rep.kdc_rep.enc_part.etype; + if(rep.kdc_rep.padata){ + int i = 0; + pa = krb5_find_padata(rep.kdc_rep.padata->val, rep.kdc_rep.padata->len, + KRB5_PADATA_PW_SALT, &i); + if(pa == NULL) { + i = 0; + pa = krb5_find_padata(rep.kdc_rep.padata->val, + rep.kdc_rep.padata->len, + KRB5_PADATA_AFS3_SALT, &i); + } + } + if(pa) { + salt.salttype = pa->padata_type; + salt.saltvalue = pa->padata_value; + + ret = (*key_proc)(context, etype, salt, keyseed, &key); + } else { + /* make a v5 salted pa-data */ + ret = krb5_get_pw_salt (context, creds->client, &salt); + + if (ret) + goto out; + ret = (*key_proc)(context, etype, salt, keyseed, &key); + krb5_free_salt(context, salt); + } + if (ret) + goto out; + + ret = _krb5_extract_ticket(context, + &rep, + creds, + key, + keyseed, + KRB5_KU_AS_REP_ENC_PART, + NULL, + nonce, + FALSE, + opts.b.request_anonymous, + decrypt_proc, + decryptarg); + memset (key->keyvalue.data, 0, key->keyvalue.length); + krb5_free_keyblock_contents (context, key); + free (key); + +out: + if (ret == 0 && ret_as_reply) + *ret_as_reply = rep; + else + krb5_free_kdc_rep (context, &rep); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_in_tkt(krb5_context context, + krb5_flags options, + const krb5_addresses *addrs, + const krb5_enctype *etypes, + const krb5_preauthtype *ptypes, + krb5_key_proc key_proc, + krb5_const_pointer keyseed, + krb5_decrypt_proc decrypt_proc, + krb5_const_pointer decryptarg, + krb5_creds *creds, + krb5_ccache ccache, + krb5_kdc_rep *ret_as_reply) +{ + krb5_error_code ret; + krb5_kdc_flags opts; + opts.i = 0; + opts.b = int2KDCOptions(options); + + ret = krb5_get_in_cred (context, + opts.i, + addrs, + etypes, + ptypes, + NULL, + key_proc, + keyseed, + decrypt_proc, + decryptarg, + creds, + ret_as_reply); + if(ret) + return ret; + if (ccache) + ret = krb5_cc_store_cred (context, ccache, creds); + return ret; +} diff --git a/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c b/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c new file mode 100644 index 0000000000..69da6c5ea7 --- /dev/null +++ b/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c @@ -0,0 +1,99 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: get_in_tkt_with_keytab.c,v 1.9 2005/06/17 04:56:44 lha Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_keytab_key_proc (krb5_context context, + krb5_enctype enctype, + krb5_salt salt, + krb5_const_pointer keyseed, + krb5_keyblock **key) +{ + krb5_keytab_key_proc_args *args = rk_UNCONST(keyseed); + krb5_keytab keytab = args->keytab; + krb5_principal principal = args->principal; + krb5_error_code ret; + krb5_keytab real_keytab; + krb5_keytab_entry entry; + + if(keytab == NULL) + krb5_kt_default(context, &real_keytab); + else + real_keytab = keytab; + + ret = krb5_kt_get_entry (context, real_keytab, principal, + 0, enctype, &entry); + + if (keytab == NULL) + krb5_kt_close (context, real_keytab); + + if (ret) + return ret; + + ret = krb5_copy_keyblock (context, &entry.keyblock, key); + krb5_kt_free_entry(context, &entry); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_in_tkt_with_keytab (krb5_context context, + krb5_flags options, + krb5_addresses *addrs, + const krb5_enctype *etypes, + const krb5_preauthtype *pre_auth_types, + krb5_keytab keytab, + krb5_ccache ccache, + krb5_creds *creds, + krb5_kdc_rep *ret_as_reply) +{ + krb5_keytab_key_proc_args a; + + a.principal = creds->client; + a.keytab = keytab; + + return krb5_get_in_tkt (context, + options, + addrs, + etypes, + pre_auth_types, + krb5_keytab_key_proc, + &a, + NULL, + NULL, + creds, + ccache, + ret_as_reply); +} diff --git a/source4/heimdal/lib/krb5/get_port.c b/source4/heimdal/lib/krb5/get_port.c new file mode 100644 index 0000000000..ba76466e06 --- /dev/null +++ b/source4/heimdal/lib/krb5/get_port.c @@ -0,0 +1,54 @@ +/* + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: get_port.c,v 1.9 2004/05/25 21:29:59 lha Exp $"); + +int KRB5_LIB_FUNCTION +krb5_getportbyname (krb5_context context, + const char *service, + const char *proto, + int default_port) +{ + struct servent *sp; + + if ((sp = roken_getservbyname (service, proto)) == NULL) { +#if 0 + krb5_warnx(context, "%s/%s unknown service, using default port %d", + service, proto, default_port); +#endif + return htons(default_port); + } else + return sp->s_port; +} diff --git a/source4/heimdal/lib/krb5/heim_err.et b/source4/heimdal/lib/krb5/heim_err.et new file mode 100644 index 0000000000..3c4f06edb1 --- /dev/null +++ b/source4/heimdal/lib/krb5/heim_err.et @@ -0,0 +1,44 @@ +# +# Error messages for the krb5 library +# +# This might look like a com_err file, but is not +# +id "$Id: heim_err.et,v 1.13 2004/02/13 16:23:40 lha Exp $" + +error_table heim + +prefix HEIM_ERR + +error_code LOG_PARSE, "Error parsing log destination" +error_code V4_PRINC_NO_CONV, "Failed to convert v4 principal" +error_code SALTTYPE_NOSUPP, "Salt type is not supported by enctype" +error_code NOHOST, "Host not found" +error_code OPNOTSUPP, "Operation not supported" +error_code EOF, "End of file" +error_code BAD_MKEY, "Failed to get the master key" +error_code SERVICE_NOMATCH, "Unacceptable service used" + +index 64 +prefix HEIM_PKINIT +error_code NO_CERTIFICATE, "Certificate missing" +error_code NO_PRIVATE_KEY, "Private key missing" +error_code NO_VALID_CA, "No valid certificate authority" +error_code CERTIFICATE_INVALID, "Certificate invalid" +error_code PRIVATE_KEY_INVALID, "Private key invalid" + +index 128 +prefix HEIM_EAI +#error_code NOERROR, "no error" +error_code UNKNOWN, "unknown error from getaddrinfo" +error_code ADDRFAMILY, "address family for nodename not supported" +error_code AGAIN, "temporary failure in name resolution" +error_code BADFLAGS, "invalid value for ai_flags" +error_code FAIL, "non-recoverable failure in name resolution" +error_code FAMILY, "ai_family not supported" +error_code MEMORY, "memory allocation failure" +error_code NODATA, "no address associated with nodename" +error_code NONAME, "nodename nor servname provided, or not known" +error_code SERVICE, "servname not supported for ai_socktype" +error_code SOCKTYPE, "ai_socktype not supported" +error_code SYSTEM, "system error returned in errno" +end diff --git a/source4/heimdal/lib/krb5/heim_threads.h b/source4/heimdal/lib/krb5/heim_threads.h new file mode 100755 index 0000000000..3ebe66beee --- /dev/null +++ b/source4/heimdal/lib/krb5/heim_threads.h @@ -0,0 +1,175 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: heim_threads.h,v 1.11 2004/12/18 16:03:38 lha Exp $ */ + +/* + * Provide wrapper macros for thread synchronization primitives so we + * can use native thread functions for those operating system that + * supports it. + * + * This is so libkrb5.so (or more importantly, libgssapi.so) can have + * thread support while the program that that dlopen(3)s the library + * don't need to be linked to libpthread. + */ + +#ifndef HEIM_THREADS_H +#define HEIM_THREADS_H 1 + +/* assume headers already included */ + +#if defined(__NetBSD__) && __NetBSD_Version__ >= 106120000 && __NetBSD_Version__< 299001200 && defined(ENABLE_PTHREAD_SUPPORT) + +/* + * NetBSD have a thread lib that we can use that part of libc that + * works regardless if application are linked to pthreads or not. + * NetBSD newer then 2.99.11 just use pthread.h, and the same thing + * will happen. + */ +#include + +#define HEIMDAL_MUTEX mutex_t +#define HEIMDAL_MUTEX_INITIALIZER MUTEX_INITIALIZER +#define HEIMDAL_MUTEX_init(m) mutex_init(m, NULL) +#define HEIMDAL_MUTEX_lock(m) mutex_lock(m) +#define HEIMDAL_MUTEX_unlock(m) mutex_unlock(m) +#define HEIMDAL_MUTEX_destroy(m) mutex_destroy(m) + +#define HEIMDAL_RWLOCK rwlock_t +#define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER +#define HEIMDAL_RWLOCK_init(l) rwlock_init(l, NULL) +#define HEIMDAL_RWLOCK_rdlock(l) rwlock_rdlock(l) +#define HEIMDAL_RWLOCK_wrlock(l) rwlock_wrlock(l) +#define HEIMDAL_RWLOCK_tryrdlock(l) rwlock_tryrdlock(l) +#define HEIMDAL_RWLOCK_trywrlock(l) rwlock_trywrlock(l) +#define HEIMDAL_RWLOCK_unlock(l) rwlock_unlock(l) +#define HEIMDAL_RWLOCK_destroy(l) rwlock_destroy(l) + +#define HEIMDAL_thread_key thread_key_t +#define HEIMDAL_key_create(k,d,r) do { r = thr_keycreate(k,d); } while(0) +#define HEIMDAL_setspecific(k,s,r) do { r = thr_setspecific(k,s); } while(0) +#define HEIMDAL_getspecific(k) thr_getspecific(k) +#define HEIMDAL_key_delete(k) thr_keydelete(k) + +#elif defined(ENABLE_PTHREAD_SUPPORT) && (!defined(__NetBSD__) || __NetBSD_Version__ >= 299001200) + +#include + +#define HEIMDAL_MUTEX pthread_mutex_t +#define HEIMDAL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER +#define HEIMDAL_MUTEX_init(m) pthread_mutex_init(m, NULL) +#define HEIMDAL_MUTEX_lock(m) pthread_mutex_lock(m) +#define HEIMDAL_MUTEX_unlock(m) pthread_mutex_unlock(m) +#define HEIMDAL_MUTEX_destroy(m) pthread_mutex_destroy(m) + +#define HEIMDAL_RWLOCK rwlock_t +#define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER +#define HEIMDAL_RWLOCK_init(l) pthread_rwlock_init(l, NULL) +#define HEIMDAL_RWLOCK_rdlock(l) pthread_rwlock_rdlock(l) +#define HEIMDAL_RWLOCK_wrlock(l) pthread_rwlock_wrlock(l) +#define HEIMDAL_RWLOCK_tryrdlock(l) pthread_rwlock_tryrdlock(l) +#define HEIMDAL_RWLOCK_trywrlock(l) pthread_rwlock_trywrlock(l) +#define HEIMDAL_RWLOCK_unlock(l) pthread_rwlock_unlock(l) +#define HEIMDAL_RWLOCK_destroy(l) pthread_rwlock_destroy(l) + +#define HEIMDAL_thread_key pthread_key_t +#define HEIMDAL_key_create(k,d,r) do { r = pthread_key_create(k,d); } while(0) +#define HEIMDAL_setspecific(k,s,r) do { r = pthread_setspecific(k,s); } while(0) +#define HEIMDAL_getspecific(k) pthread_getspecific(k) +#define HEIMDAL_key_delete(k) pthread_key_delete(k) + +#elif defined(HEIMDAL_DEBUG_THREADS) + +/* no threads support, just do consistency checks */ +#include + +#define HEIMDAL_MUTEX int +#define HEIMDAL_MUTEX_INITIALIZER 0 +#define HEIMDAL_MUTEX_init(m) do { (*(m)) = 0; } while(0) +#define HEIMDAL_MUTEX_lock(m) do { if ((*(m))++ != 0) abort(); } while(0) +#define HEIMDAL_MUTEX_unlock(m) do { if ((*(m))-- != 1) abort(); } while(0) +#define HEIMDAL_MUTEX_destroy(m) do {if ((*(m)) != 0) abort(); } while(0) + +#define HEIMDAL_RWLOCK rwlock_t int +#define HEIMDAL_RWLOCK_INITIALIZER 0 +#define HEIMDAL_RWLOCK_init(l) do { } while(0) +#define HEIMDAL_RWLOCK_rdlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_wrlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_tryrdlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_trywrlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_unlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_destroy(l) do { } while(0) + +#define HEIMDAL_internal_thread_key 1 + +#else /* no thread support, no debug case */ + +#define HEIMDAL_MUTEX int +#define HEIMDAL_MUTEX_INITIALIZER 0 +#define HEIMDAL_MUTEX_init(m) do { (void)(m); } while(0) +#define HEIMDAL_MUTEX_lock(m) do { (void)(m); } while(0) +#define HEIMDAL_MUTEX_unlock(m) do { (void)(m); } while(0) +#define HEIMDAL_MUTEX_destroy(m) do { (void)(m); } while(0) + +#define HEIMDAL_RWLOCK rwlock_t int +#define HEIMDAL_RWLOCK_INITIALIZER 0 +#define HEIMDAL_RWLOCK_init(l) do { } while(0) +#define HEIMDAL_RWLOCK_rdlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_wrlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_tryrdlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_trywrlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_unlock(l) do { } while(0) +#define HEIMDAL_RWLOCK_destroy(l) do { } while(0) + +#define HEIMDAL_internal_thread_key 1 + +#endif /* no thread support */ + +#ifdef HEIMDAL_internal_thread_key + +typedef struct heim_thread_key { + void *value; + void (*destructor)(void *); +} heim_thread_key; + +#define HEIMDAL_thread_key heim_thread_key +#define HEIMDAL_key_create(k,d,r) \ + do { (k)->value = NULL; (k)->destructor = (d); r = 0; } while(0) +#define HEIMDAL_setspecific(k,s,r) do { (k).value = s ; r = 0; } while(0) +#define HEIMDAL_getspecific(k) ((k).value) +#define HEIMDAL_key_delete(k) do { (*(k).destructor)((k).value); } while(0) + +#undef HEIMDAL_internal_thread_key +#endif /* HEIMDAL_internal_thread_key */ + +#endif /* HEIM_THREADS_H */ diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c new file mode 100644 index 0000000000..95c980d92c --- /dev/null +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -0,0 +1,331 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: init_creds.c,v 1.20 2004/11/09 18:50:43 lha Exp $"); + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) +{ + memset (opt, 0, sizeof(*opt)); + opt->flags = 0; + opt->private = NULL; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_alloc(krb5_context context, + krb5_get_init_creds_opt **opt) +{ + krb5_get_init_creds_opt *o; + + *opt = NULL; + o = calloc(1, sizeof(*o)); + if (o == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + krb5_get_init_creds_opt_init(o); + o->private = calloc(1, sizeof(*o->private)); + if (o->private == NULL) { + krb5_set_error_string(context, "out of memory"); + free(o); + return ENOMEM; + } + o->private->refcount = 1; + *opt = o; + return 0; +} + +krb5_error_code +_krb5_get_init_creds_opt_copy(krb5_context context, + const krb5_get_init_creds_opt *in, + krb5_get_init_creds_opt **out) +{ + krb5_get_init_creds_opt *opt; + + *out = NULL; + opt = malloc(sizeof(*opt)); + if (opt == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + if (in) + *opt = *in; + if(opt->private == NULL) { + opt->private = calloc(1, sizeof(*opt->private)); + if (opt->private == NULL) { + krb5_set_error_string(context, "out of memory"); + free(opt); + return ENOMEM; + } + opt->private->refcount = 1; + } else + opt->private->refcount++; + *out = opt; + return 0; +} + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_free(krb5_get_init_creds_opt *opt) +{ + if (opt->private == NULL) + return; + if (opt->private->refcount < 1) /* abort ? */ + return; + if (--opt->private->refcount == 0) { + _krb5_get_init_creds_opt_free_pkinit(opt); + free(opt->private); + } + memset(opt, 0, sizeof(*opt)); + free(opt); +} + +static int +get_config_time (krb5_context context, + const char *realm, + const char *name, + int def) +{ + int ret; + + ret = krb5_config_get_time (context, NULL, + "realms", + realm, + name, + NULL); + if (ret >= 0) + return ret; + ret = krb5_config_get_time (context, NULL, + "libdefaults", + name, + NULL); + if (ret >= 0) + return ret; + return def; +} + +static krb5_boolean +get_config_bool (krb5_context context, + const char *realm, + const char *name) +{ + return krb5_config_get_bool (context, + NULL, + "realms", + realm, + name, + NULL) + || krb5_config_get_bool (context, + NULL, + "libdefaults", + name, + NULL); +} + +/* + * set all the values in `opt' to the appropriate values for + * application `appname' (default to getprogname() if NULL), and realm + * `realm'. First looks in [appdefaults] but falls back to + * [realms] or [libdefaults] for some of the values. + */ + +static krb5_addresses no_addrs = {0, NULL}; + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_default_flags(krb5_context context, + const char *appname, + krb5_const_realm realm, + krb5_get_init_creds_opt *opt) +{ + krb5_boolean b; + time_t t; + + b = get_config_bool (context, realm, "forwardable"); + krb5_appdefault_boolean(context, appname, realm, "forwardable", b, &b); + krb5_get_init_creds_opt_set_forwardable(opt, b); + + b = get_config_bool (context, realm, "proxiable"); + krb5_appdefault_boolean(context, appname, realm, "proxiable", b, &b); + krb5_get_init_creds_opt_set_proxiable (opt, b); + + krb5_appdefault_time(context, appname, realm, "ticket_lifetime", 0, &t); + if (t == 0) + t = get_config_time (context, realm, "ticket_lifetime", 0); + if(t != 0) + krb5_get_init_creds_opt_set_tkt_life(opt, t); + + krb5_appdefault_time(context, appname, realm, "renew_lifetime", 0, &t); + if (t == 0) + t = get_config_time (context, realm, "renew_lifetime", 0); + if(t != 0) + krb5_get_init_creds_opt_set_renew_life(opt, t); + + krb5_appdefault_boolean(context, appname, realm, "no-addresses", FALSE, &b); + if (b) + krb5_get_init_creds_opt_set_address_list (opt, &no_addrs); + +#if 0 + krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b); + krb5_get_init_creds_opt_set_anonymous (opt, b); + + krb5_get_init_creds_opt_set_etype_list(opt, enctype, + etype_str.num_strings); + + krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, + krb5_data *salt); + + krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, + krb5_preauthtype *preauth_list, + int preauth_list_length); +#endif +} + + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt, + krb5_deltat tkt_life) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_TKT_LIFE; + opt->tkt_life = tkt_life; +} + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt, + krb5_deltat renew_life) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE; + opt->renew_life = renew_life; +} + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt, + int forwardable) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_FORWARDABLE; + opt->forwardable = forwardable; +} + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt, + int proxiable) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_PROXIABLE; + opt->proxiable = proxiable; +} + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, + krb5_enctype *etype_list, + int etype_list_length) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST; + opt->etype_list = etype_list; + opt->etype_list_length = etype_list_length; +} + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt, + krb5_addresses *addresses) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST; + opt->address_list = addresses; +} + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, + krb5_preauthtype *preauth_list, + int preauth_list_length) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST; + opt->preauth_list_length = preauth_list_length; + opt->preauth_list = preauth_list; +} + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, + krb5_data *salt) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT; + opt->salt = salt; +} + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt, + int anonymous) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_ANONYMOUS; + opt->anonymous = anonymous; +} + +static krb5_error_code +require_ext_opt(krb5_context context, + krb5_get_init_creds_opt *opt, + const char *type) +{ + if (opt->private == NULL) { + krb5_set_error_string(context, "%s on non extendable opt", type); + return EINVAL; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_pa_password(krb5_context context, + krb5_get_init_creds_opt *opt, + const char *password, + krb5_s2k_proc key_proc) +{ + krb5_error_code ret; + ret = require_ext_opt(context, opt, "init_creds_opt_set_pa_password"); + if (ret) + return ret; + opt->private->password = password; + opt->private->key_proc = key_proc; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_pac_request(krb5_context context, + krb5_get_init_creds_opt *opt, + krb5_boolean req_pac) +{ + krb5_error_code ret; + ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req"); + if (ret) + return ret; + opt->private->req_pac = req_pac ? + KRB5_PA_PAC_REQ_TRUE : + KRB5_PA_PAC_REQ_FALSE; + return 0; +} diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c new file mode 100644 index 0000000000..8b3975f418 --- /dev/null +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -0,0 +1,1554 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: init_creds_pw.c,v 1.87 2005/06/17 04:15:20 lha Exp $"); + +typedef struct krb5_get_init_creds_ctx { + krb5_kdc_flags flags; + krb5_creds cred; + krb5_addresses *addrs; + krb5_enctype *etypes; + krb5_preauthtype *pre_auth_types; + const char *in_tkt_service; + unsigned nonce; + unsigned pk_nonce; + + AS_REQ as_req; + int pa_counter; + + const char *password; + krb5_s2k_proc key_proc; + + krb5_get_init_creds_req_pac req_pac; + + krb5_pk_init_ctx pk_init_ctx; +} krb5_get_init_creds_ctx; + +static krb5_error_code +default_s2k_func(krb5_context context, krb5_enctype type, + krb5_const_pointer keyseed, + krb5_salt salt, krb5_data *s2kparms, + krb5_keyblock **key) +{ + krb5_error_code ret; + krb5_data password; + krb5_data opaque; + + password.data = rk_UNCONST(keyseed); + password.length = strlen(keyseed); + if (s2kparms) + opaque = *s2kparms; + else + krb5_data_zero(&opaque); + + *key = malloc(sizeof(**key)); + if (*key == NULL) + return ENOMEM; + ret = krb5_string_to_key_data_salt_opaque(context, type, password, + salt, opaque, *key); + if (ret) + free(*key); + return ret; +} + +static void +free_init_creds_ctx(krb5_context context, krb5_get_init_creds_ctx *ctx) +{ + if (ctx->etypes) + free(ctx->etypes); + if (ctx->pre_auth_types) + free (ctx->pre_auth_types); + free_AS_REQ(&ctx->as_req); + memset(&ctx->as_req, 0, sizeof(ctx->as_req)); +} + +static int +get_config_time (krb5_context context, + const char *realm, + const char *name, + int def) +{ + int ret; + + ret = krb5_config_get_time (context, NULL, + "realms", + realm, + name, + NULL); + if (ret >= 0) + return ret; + ret = krb5_config_get_time (context, NULL, + "libdefaults", + name, + NULL); + if (ret >= 0) + return ret; + return def; +} + +static krb5_error_code +init_cred (krb5_context context, + krb5_creds *cred, + krb5_principal client, + krb5_deltat start_time, + const char *in_tkt_service, + krb5_get_init_creds_opt *options) +{ + krb5_error_code ret; + krb5_const_realm client_realm; + int tmp; + krb5_timestamp now; + + krb5_timeofday (context, &now); + + memset (cred, 0, sizeof(*cred)); + + if (client) + krb5_copy_principal(context, client, &cred->client); + else { + ret = krb5_get_default_principal (context, + &cred->client); + if (ret) + goto out; + } + + client_realm = krb5_principal_get_realm (context, cred->client); + + if (start_time) + cred->times.starttime = now + start_time; + + if (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE) + tmp = options->tkt_life; + else + tmp = 10 * 60 * 60; + cred->times.endtime = now + tmp; + + if ((options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE) && + options->renew_life > 0) { + cred->times.renew_till = now + options->renew_life; + } + + if (in_tkt_service) { + krb5_realm server_realm; + + ret = krb5_parse_name (context, in_tkt_service, &cred->server); + if (ret) + goto out; + server_realm = strdup (client_realm); + free (*krb5_princ_realm(context, cred->server)); + krb5_princ_set_realm (context, cred->server, &server_realm); + } else { + ret = krb5_make_principal(context, &cred->server, + client_realm, KRB5_TGS_NAME, client_realm, + NULL); + if (ret) + goto out; + } + return 0; + +out: + krb5_free_cred_contents (context, cred); + return ret; +} + +/* + * Print a message (str) to the user about the expiration in `lr' + */ + +static void +report_expiration (krb5_context context, + krb5_prompter_fct prompter, + krb5_data *data, + const char *str, + time_t now) +{ + char *p; + + asprintf (&p, "%s%s", str, ctime(&now)); + (*prompter) (context, data, NULL, p, 0, NULL); + free (p); +} + +/* + * Parse the last_req data and show it to the user if it's interesting + */ + +static void +print_expire (krb5_context context, + krb5_const_realm realm, + krb5_kdc_rep *rep, + krb5_prompter_fct prompter, + krb5_data *data) +{ + int i; + LastReq *lr = &rep->enc_part.last_req; + krb5_timestamp sec; + time_t t; + krb5_boolean reported = FALSE; + + krb5_timeofday (context, &sec); + + t = sec + get_config_time (context, + realm, + "warn_pwexpire", + 7 * 24 * 60 * 60); + + for (i = 0; i < lr->len; ++i) { + if (lr->val[i].lr_value <= t) { + switch (abs(lr->val[i].lr_type)) { + case LR_PW_EXPTIME : + report_expiration(context, prompter, data, + "Your password will expire at ", + lr->val[i].lr_value); + reported = TRUE; + break; + case LR_ACCT_EXPTIME : + report_expiration(context, prompter, data, + "Your account will expire at ", + lr->val[i].lr_value); + reported = TRUE; + break; + } + } + } + + if (!reported + && rep->enc_part.key_expiration + && *rep->enc_part.key_expiration <= t) { + report_expiration(context, prompter, data, + "Your password/account will expire at ", + *rep->enc_part.key_expiration); + } +} + +static krb5_error_code +get_init_creds_common(krb5_context context, + krb5_creds *creds, + krb5_principal client, + krb5_deltat start_time, + const char *in_tkt_service, + krb5_get_init_creds_opt *options, + krb5_get_init_creds_ctx *ctx) +{ + krb5_get_init_creds_opt default_opt; + krb5_error_code ret; + krb5_enctype *etypes; + krb5_preauthtype *pre_auth_types; + + memset(ctx, 0, sizeof(*ctx)); + + if (options == NULL) { + krb5_get_init_creds_opt_init (&default_opt); + options = &default_opt; + } + + if (options->private) { + ctx->password = options->private->password; + ctx->key_proc = options->private->key_proc; + ctx->req_pac = options->private->req_pac; + ctx->pk_init_ctx = options->private->pk_init_ctx; + } else + ctx->req_pac = KRB5_PA_PAC_DONT_CARE; + + if (ctx->key_proc == NULL) + ctx->key_proc = default_s2k_func; + + ctx->pre_auth_types = NULL; + ctx->flags.i = 0; + ctx->addrs = NULL; + ctx->etypes = NULL; + ctx->pre_auth_types = NULL; + ctx->in_tkt_service = in_tkt_service; + + ret = init_cred (context, &ctx->cred, client, start_time, + in_tkt_service, options); + if (ret) + return ret; + + ctx->flags.i = 0; + + if (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE) + ctx->flags.b.forwardable = options->forwardable; + + if (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE) + ctx->flags.b.proxiable = options->proxiable; + + if (start_time) + ctx->flags.b.postdated = 1; + if (ctx->cred.times.renew_till) + ctx->flags.b.renewable = 1; + if (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST) + ctx->addrs = options->address_list; + if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) { + etypes = malloc((options->etype_list_length + 1) + * sizeof(krb5_enctype)); + if (etypes == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memcpy (etypes, options->etype_list, + options->etype_list_length * sizeof(krb5_enctype)); + etypes[options->etype_list_length] = ETYPE_NULL; + ctx->etypes = etypes; + } + if (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) { + pre_auth_types = malloc((options->preauth_list_length + 1) + * sizeof(krb5_preauthtype)); + if (pre_auth_types == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memcpy (pre_auth_types, options->preauth_list, + options->preauth_list_length * sizeof(krb5_preauthtype)); + pre_auth_types[options->preauth_list_length] = KRB5_PADATA_NONE; + ctx->pre_auth_types = pre_auth_types; + } + if (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT) + ; /* XXX */ + if (options->flags & KRB5_GET_INIT_CREDS_OPT_ANONYMOUS) + ctx->flags.b.request_anonymous = options->anonymous; + return 0; +} + +static krb5_error_code +change_password (krb5_context context, + krb5_principal client, + const char *password, + char *newpw, + size_t newpw_sz, + krb5_prompter_fct prompter, + void *data, + krb5_get_init_creds_opt *old_options) +{ + krb5_prompt prompts[2]; + krb5_error_code ret; + krb5_creds cpw_cred; + char buf1[BUFSIZ], buf2[BUFSIZ]; + krb5_data password_data[2]; + int result_code; + krb5_data result_code_string; + krb5_data result_string; + char *p; + krb5_get_init_creds_opt options; + + memset (&cpw_cred, 0, sizeof(cpw_cred)); + + krb5_get_init_creds_opt_init (&options); + krb5_get_init_creds_opt_set_tkt_life (&options, 60); + krb5_get_init_creds_opt_set_forwardable (&options, FALSE); + krb5_get_init_creds_opt_set_proxiable (&options, FALSE); + if (old_options && old_options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) + krb5_get_init_creds_opt_set_preauth_list (&options, + old_options->preauth_list, + old_options->preauth_list_length); + + krb5_data_zero (&result_code_string); + krb5_data_zero (&result_string); + + ret = krb5_get_init_creds_password (context, + &cpw_cred, + client, + password, + prompter, + data, + 0, + "kadmin/changepw", + &options); + if (ret) + goto out; + + for(;;) { + password_data[0].data = buf1; + password_data[0].length = sizeof(buf1); + + prompts[0].hidden = 1; + prompts[0].prompt = "New password: "; + prompts[0].reply = &password_data[0]; + prompts[0].type = KRB5_PROMPT_TYPE_NEW_PASSWORD; + + password_data[1].data = buf2; + password_data[1].length = sizeof(buf2); + + prompts[1].hidden = 1; + prompts[1].prompt = "Repeat new password: "; + prompts[1].reply = &password_data[1]; + prompts[1].type = KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN; + + ret = (*prompter) (context, data, NULL, "Changing password", + 2, prompts); + if (ret) { + memset (buf1, 0, sizeof(buf1)); + memset (buf2, 0, sizeof(buf2)); + goto out; + } + + if (strcmp (buf1, buf2) == 0) + break; + memset (buf1, 0, sizeof(buf1)); + memset (buf2, 0, sizeof(buf2)); + } + + ret = krb5_change_password (context, + &cpw_cred, + buf1, + &result_code, + &result_code_string, + &result_string); + if (ret) + goto out; + asprintf (&p, "%s: %.*s\n", + result_code ? "Error" : "Success", + (int)result_string.length, + result_string.length > 0 ? (char*)result_string.data : ""); + + ret = (*prompter) (context, data, NULL, p, 0, NULL); + free (p); + if (result_code == 0) { + strlcpy (newpw, buf1, newpw_sz); + ret = 0; + } else { + krb5_set_error_string (context, "failed changing password"); + ret = ENOTTY; + } + +out: + memset (buf1, 0, sizeof(buf1)); + memset (buf2, 0, sizeof(buf2)); + krb5_data_free (&result_string); + krb5_data_free (&result_code_string); + krb5_free_cred_contents (context, &cpw_cred); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_keyblock_key_proc (krb5_context context, + krb5_keytype type, + krb5_data *salt, + krb5_const_pointer keyseed, + krb5_keyblock **key) +{ + return krb5_copy_keyblock (context, keyseed, key); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_keytab(krb5_context context, + krb5_creds *creds, + krb5_principal client, + krb5_keytab keytab, + krb5_deltat start_time, + const char *in_tkt_service, + krb5_get_init_creds_opt *options) +{ + krb5_get_init_creds_ctx ctx; + krb5_error_code ret; + krb5_keytab_key_proc_args *a; + + ret = get_init_creds_common(context, creds, client, start_time, + in_tkt_service, options, &ctx); + if (ret) + goto out; + + a = malloc (sizeof(*a)); + if (a == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + goto out; + } + a->principal = ctx.cred.client; + a->keytab = keytab; + + ret = krb5_get_in_cred (context, + ctx.flags.i, + ctx.addrs, + ctx.etypes, + ctx.pre_auth_types, + NULL, + krb5_keytab_key_proc, + a, + NULL, + NULL, + &ctx.cred, + NULL); + free (a); + + if (ret == 0 && creds) + *creds = ctx.cred; + else + krb5_free_cred_contents (context, &ctx.cred); + + out: + free_init_creds_ctx(context, &ctx); + return ret; +} + +/* + * + */ + +static krb5_error_code +init_creds_init_as_req (krb5_context context, + krb5_kdc_flags opts, + const krb5_creds *creds, + const krb5_addresses *addrs, + const krb5_enctype *etypes, + AS_REQ *a) +{ + krb5_error_code ret; + + memset(a, 0, sizeof(*a)); + + a->pvno = 5; + a->msg_type = krb_as_req; + a->req_body.kdc_options = opts.b; + a->req_body.cname = malloc(sizeof(*a->req_body.cname)); + if (a->req_body.cname == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + a->req_body.sname = malloc(sizeof(*a->req_body.sname)); + if (a->req_body.sname == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + if (creds->client) { + ret = _krb5_principal2principalname (a->req_body.cname, creds->client); + if (ret) + goto fail; + ret = copy_Realm(&creds->client->realm, &a->req_body.realm); + if (ret) + goto fail; + } else { + krb5_realm realm; + + a->req_body.cname = NULL; + ret = krb5_get_default_realm(context, &realm); + if (ret) + goto fail; + ret = copy_Realm(&realm, &a->req_body.realm); + free(realm); + } + ret = _krb5_principal2principalname (a->req_body.sname, creds->server); + if (ret) + goto fail; + + if(creds->times.starttime) { + a->req_body.from = malloc(sizeof(*a->req_body.from)); + if (a->req_body.from == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + *a->req_body.from = creds->times.starttime; + } + if(creds->times.endtime){ + ALLOC(a->req_body.till, 1); + *a->req_body.till = creds->times.endtime; + } + if(creds->times.renew_till){ + a->req_body.rtime = malloc(sizeof(*a->req_body.rtime)); + if (a->req_body.rtime == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + *a->req_body.rtime = creds->times.renew_till; + } + a->req_body.nonce = 0; + ret = krb5_init_etype (context, + &a->req_body.etype.len, + &a->req_body.etype.val, + etypes); + if (ret) + goto fail; + + /* + * This means no addresses + */ + + if (addrs && addrs->len == 0) { + a->req_body.addresses = NULL; + } else { + a->req_body.addresses = malloc(sizeof(*a->req_body.addresses)); + if (a->req_body.addresses == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + + if (addrs) + ret = krb5_copy_addresses(context, addrs, a->req_body.addresses); + else { + ret = krb5_get_all_client_addrs (context, a->req_body.addresses); + if(ret == 0 && a->req_body.addresses->len == 0) { + free(a->req_body.addresses); + a->req_body.addresses = NULL; + } + } + if (ret) + goto fail; + } + + a->req_body.enc_authorization_data = NULL; + a->req_body.additional_tickets = NULL; + + a->padata = NULL; + + return 0; + fail: + free_AS_REQ(a); + memset(a, 0, sizeof(*a)); + return ret; +} + +struct pa_info_data { + krb5_enctype etype; + krb5_salt salt; + krb5_data *s2kparams; +}; + +static void +free_paid(krb5_context context, struct pa_info_data *ppaid) +{ + krb5_free_salt(context, ppaid->salt); + if (ppaid->s2kparams) + krb5_data_free(ppaid->s2kparams); +} + + +static krb5_error_code +set_paid(struct pa_info_data *paid, krb5_context context, + krb5_enctype etype, + krb5_salttype salttype, void *salt_string, size_t salt_len, + krb5_data *s2kparams) +{ + paid->etype = etype; + paid->salt.salttype = salttype; + paid->salt.saltvalue.data = malloc(salt_len + 1); + if (paid->salt.saltvalue.data == NULL) { + krb5_clear_error_string(context); + return ENOMEM; + } + memcpy(paid->salt.saltvalue.data, salt_string, salt_len); + ((char *)paid->salt.saltvalue.data)[salt_len] = '\0'; + paid->salt.saltvalue.length = salt_len; + if (s2kparams) { + krb5_error_code ret; + + ret = krb5_copy_data(context, s2kparams, &paid->s2kparams); + if (ret) { + krb5_clear_error_string(context); + krb5_free_salt(context, paid->salt); + return ret; + } + } else + paid->s2kparams = NULL; + + return 0; +} + +static struct pa_info_data * +pa_etype_info2(krb5_context context, + const krb5_principal client, + const AS_REQ *asreq, + struct pa_info_data *paid, + heim_octet_string *data) +{ + krb5_error_code ret; + ETYPE_INFO2 e; + size_t sz; + int i, j; + + memset(&e, 0, sizeof(e)); + ret = decode_ETYPE_INFO2(data->data, data->length, &e, &sz); + if (ret) + goto out; + if (e.len == 0) + goto out; + for (j = 0; j < asreq->req_body.etype.len; j++) { + for (i = 0; i < e.len; i++) { + if (asreq->req_body.etype.val[j] == e.val[i].etype) { + krb5_salt salt; + if (e.val[i].salt == NULL) + ret = krb5_get_pw_salt(context, client, &salt); + else { + salt.saltvalue.data = *e.val[i].salt; + salt.saltvalue.length = strlen(*e.val[i].salt); + ret = 0; + } + if (ret == 0) + ret = set_paid(paid, context, e.val[i].etype, + KRB5_PW_SALT, + salt.saltvalue.data, + salt.saltvalue.length, + e.val[i].s2kparams); + if (e.val[i].salt == NULL) + krb5_free_salt(context, salt); + if (ret == 0) { + free_ETYPE_INFO2(&e); + return paid; + } + } + } + } + out: + free_ETYPE_INFO2(&e); + return NULL; +} + +static struct pa_info_data * +pa_etype_info(krb5_context context, + const krb5_principal client, + const AS_REQ *asreq, + struct pa_info_data *paid, + heim_octet_string *data) +{ + krb5_error_code ret; + ETYPE_INFO e; + size_t sz; + int i, j; + + memset(&e, 0, sizeof(e)); + ret = decode_ETYPE_INFO(data->data, data->length, &e, &sz); + if (ret) + goto out; + if (e.len == 0) + goto out; + for (j = 0; j < asreq->req_body.etype.len; j++) { + for (i = 0; i < e.len; i++) { + if (asreq->req_body.etype.val[j] == e.val[i].etype) { + krb5_salt salt; + salt.salttype = KRB5_PW_SALT; + if (e.val[i].salt == NULL) + ret = krb5_get_pw_salt(context, client, &salt); + else { + salt.saltvalue = *e.val[i].salt; + ret = 0; + } + if (e.val[i].salttype) + salt.salttype = *e.val[i].salttype; + if (ret == 0) { + ret = set_paid(paid, context, e.val[i].etype, + salt.salttype, + salt.saltvalue.data, + salt.saltvalue.length, + NULL); + if (e.val[i].salt == NULL) + krb5_free_salt(context, salt); + } + if (ret == 0) { + free_ETYPE_INFO(&e); + return paid; + } + } + } + } + out: + free_ETYPE_INFO(&e); + return NULL; +} + +static struct pa_info_data * +pa_pw_or_afs3_salt(krb5_context context, + const krb5_principal client, + const AS_REQ *asreq, + struct pa_info_data *paid, + heim_octet_string *data) +{ + krb5_error_code ret; + if (paid->etype == ENCTYPE_NULL) + return NULL; + ret = set_paid(paid, context, + paid->etype, + paid->salt.salttype, + data->data, + data->length, + NULL); + if (ret) + return NULL; + return paid; +} + + +struct pa_info { + krb5_preauthtype type; + struct pa_info_data *(*salt_info)(krb5_context, + const krb5_principal, + const AS_REQ *, + struct pa_info_data *, + heim_octet_string *); +}; + +static struct pa_info pa_prefs[] = { + { KRB5_PADATA_ETYPE_INFO2, pa_etype_info2 }, + { KRB5_PADATA_ETYPE_INFO, pa_etype_info }, + { KRB5_PADATA_PW_SALT, pa_pw_or_afs3_salt }, + { KRB5_PADATA_AFS3_SALT, pa_pw_or_afs3_salt } +}; + +static PA_DATA * +find_pa_data(const METHOD_DATA *md, int type) +{ + int i; + for (i = 0; i < md->len; i++) + if (md->val[i].padata_type == type) + return &md->val[i]; + return NULL; +} + +static struct pa_info_data * +process_pa_info(krb5_context context, + const krb5_principal client, + const AS_REQ *asreq, + struct pa_info_data *paid, + METHOD_DATA *md) +{ + struct pa_info_data *p = NULL; + int i; + + for (i = 0; p == NULL && i < sizeof(pa_prefs)/sizeof(pa_prefs[0]); i++) { + PA_DATA *pa = find_pa_data(md, pa_prefs[i].type); + if (pa == NULL) + continue; + paid->salt.salttype = pa_prefs[i].type; + p = (*pa_prefs[i].salt_info)(context, client, asreq, + paid, &pa->padata_value); + } + return p; +} + +static krb5_error_code +make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md, + krb5_enctype etype, krb5_keyblock *key) +{ + PA_ENC_TS_ENC p; + unsigned char *buf; + size_t buf_size; + size_t len; + EncryptedData encdata; + krb5_error_code ret; + int32_t usec; + int usec2; + krb5_crypto crypto; + + krb5_us_timeofday (context, &p.patimestamp, &usec); + usec2 = usec; + p.pausec = &usec2; + + ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret); + if (ret) + return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) { + free(buf); + return ret; + } + ret = krb5_encrypt_EncryptedData(context, + crypto, + KRB5_KU_PA_ENC_TIMESTAMP, + buf, + len, + 0, + &encdata); + free(buf); + krb5_crypto_destroy(context, crypto); + if (ret) + return ret; + + ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret); + free_EncryptedData(&encdata); + if (ret) + return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + ret = krb5_padata_add(context, md, KRB5_PADATA_ENC_TIMESTAMP, buf, len); + if (ret) + free(buf); + return ret; +} + +static krb5_error_code +add_enc_ts_padata(krb5_context context, + METHOD_DATA *md, + krb5_principal client, + krb5_s2k_proc key_proc, + krb5_const_pointer keyseed, + krb5_enctype *enctypes, + unsigned netypes, + krb5_salt *salt, + krb5_data *s2kparams) +{ + krb5_error_code ret; + krb5_salt salt2; + krb5_enctype *ep; + int i; + + if(salt == NULL) { + /* default to standard salt */ + ret = krb5_get_pw_salt (context, client, &salt2); + salt = &salt2; + } + if (!enctypes) { + enctypes = context->etypes; + netypes = 0; + for (ep = enctypes; *ep != ETYPE_NULL; ep++) + netypes++; + } + + for (i = 0; i < netypes; ++i) { + krb5_keyblock *key; + + ret = (*key_proc)(context, enctypes[i], keyseed, + *salt, s2kparams, &key); + if (ret) + continue; + ret = make_pa_enc_timestamp (context, md, enctypes[i], key); + krb5_free_keyblock (context, key); + if (ret) + return ret; + } + if(salt == &salt2) + krb5_free_salt(context, salt2); + return 0; +} + +static krb5_error_code +pa_data_to_md_ts_enc(krb5_context context, + const AS_REQ *a, + const krb5_principal client, + krb5_get_init_creds_ctx *ctx, + struct pa_info_data *ppaid, + METHOD_DATA *md) +{ + if (ctx->key_proc == NULL || ctx->password == NULL) + return 0; + + if (ppaid) { + add_enc_ts_padata(context, md, client, + ctx->key_proc, ctx->password, + &ppaid->etype, 1, + &ppaid->salt, ppaid->s2kparams); + } else { + krb5_salt salt; + + /* make a v5 salted pa-data */ + add_enc_ts_padata(context, md, client, + ctx->key_proc, ctx->password, + a->req_body.etype.val, a->req_body.etype.len, + NULL, NULL); + + /* make a v4 salted pa-data */ + salt.salttype = KRB5_PW_SALT; + krb5_data_zero(&salt.saltvalue); + add_enc_ts_padata(context, md, client, + ctx->key_proc, ctx->password, + a->req_body.etype.val, a->req_body.etype.len, + &salt, NULL); + } + return 0; +} + +static krb5_error_code +pa_data_to_key_plain(krb5_context context, + const krb5_principal client, + krb5_get_init_creds_ctx *ctx, + krb5_salt salt, + krb5_data *s2kparams, + krb5_enctype etype, + krb5_keyblock **key) +{ + krb5_error_code ret; + + ret = (*ctx->key_proc)(context, etype, ctx->password, + salt, s2kparams, key); + return ret; +} + + +static krb5_error_code +pa_data_to_md_pkinit(krb5_context context, + const AS_REQ *a, + const krb5_principal client, + krb5_get_init_creds_ctx *ctx, + METHOD_DATA *md) +{ + if (ctx->pk_init_ctx == NULL) + return 0; +#ifdef PKINIT + return _krb5_pk_mk_padata(context, + ctx->pk_init_ctx, + &a->req_body, + ctx->pk_nonce, + md); +#else + krb5_set_error_string(context, "no support for PKINIT compiled in"); + return EINVAL; +#endif +} + +static krb5_error_code +pa_data_add_pac_request(krb5_context context, + krb5_get_init_creds_ctx *ctx, + METHOD_DATA *md) +{ + size_t len, length; + krb5_error_code ret; + PA_PAC_REQUEST req; + void *buf; + + switch (ctx->req_pac) { + case KRB5_PA_PAC_DONT_CARE: + return 0; /* don't bother */ + case KRB5_PA_PAC_REQ_TRUE: + req.include_pac = 1; + break; + case KRB5_PA_PAC_REQ_FALSE: + req.include_pac = 0; + } + + ASN1_MALLOC_ENCODE(PA_PAC_REQUEST, buf, length, + &req, &len, ret); + if (ret) + return ret; + if(len != length) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + ret = krb5_padata_add(context, md, KRB5_PADATA_PA_PAC_REQUEST, buf, len); + if (ret) + free(buf); + + return 0; +} + +/* + * Assumes caller always will free `out_md', even on error. + */ + +static krb5_error_code +process_pa_data_to_md(krb5_context context, + const krb5_creds *creds, + const AS_REQ *a, + krb5_get_init_creds_ctx *ctx, + METHOD_DATA *in_md, + METHOD_DATA **out_md, + krb5_prompter_fct prompter, + void *prompter_data) +{ + krb5_error_code ret; + + ALLOC(*out_md, 1); + if (*out_md == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + (*out_md)->len = 0; + (*out_md)->val = NULL; + + if (in_md->len != 0) { + struct pa_info_data paid, *ppaid; + + memset(&paid, 0, sizeof(paid)); + + paid.etype = ENCTYPE_NULL; + ppaid = process_pa_info(context, creds->client, a, &paid, in_md); + + pa_data_to_md_ts_enc(context, a, creds->client, ctx, ppaid, *out_md); + if (ppaid) + free_paid(context, ppaid); + } + + pa_data_add_pac_request(context, ctx, *out_md); + ret = pa_data_to_md_pkinit(context, a, creds->client, ctx, *out_md); + if (ret) + return ret; + + if ((*out_md)->len == 0) { + free(*out_md); + *out_md = NULL; + } + + return 0; +} + +static krb5_error_code +process_pa_data_to_key(krb5_context context, + krb5_get_init_creds_ctx *ctx, + krb5_creds *creds, + AS_REQ *a, + krb5_kdc_rep *rep, + krb5_keyblock **key) +{ + struct pa_info_data paid, *ppaid = NULL; + krb5_error_code ret; + krb5_enctype etype; + PA_DATA *pa; + + memset(&paid, 0, sizeof(paid)); + + etype = rep->kdc_rep.enc_part.etype; + + if (rep->kdc_rep.padata) { + paid.etype = etype; + ppaid = process_pa_info(context, creds->client, a, &paid, + rep->kdc_rep.padata); + } + if (ppaid == NULL) { + ret = krb5_get_pw_salt (context, creds->client, &paid.salt); + if (ret) + return ret; + paid.etype = etype; + paid.s2kparams = NULL; + } + + pa = NULL; + if (rep->kdc_rep.padata) { + int idx = 0; + pa = krb5_find_padata(rep->kdc_rep.padata->val, + rep->kdc_rep.padata->len, + KRB5_PADATA_PK_AS_REP, + &idx); + if (pa == NULL) { + idx = 0; + pa = krb5_find_padata(rep->kdc_rep.padata->val, + rep->kdc_rep.padata->len, + KRB5_PADATA_PK_AS_REP_19, + &idx); + } + } + if (pa && ctx->pk_init_ctx) { +#ifdef PKINIT + ret = _krb5_pk_rd_pa_reply(context, + ctx->pk_init_ctx, + etype, + ctx->pk_nonce, + pa, + key); +#else + krb5_set_error_string(context, "no support for PKINIT compiled in"); + ret = EINVAL; +#endif + } else if (ctx->password) + ret = pa_data_to_key_plain(context, creds->client, ctx, + paid.salt, paid.s2kparams, etype, key); + else { + krb5_set_error_string(context, "No usable pa data type"); + ret = EINVAL; + } + + free_paid(context, &paid); + return ret; +} + +static krb5_error_code +init_cred_loop(krb5_context context, + const krb5_get_init_creds_opt *init_cred_opts, + const krb5_prompter_fct prompter, + void *prompter_data, + krb5_get_init_creds_ctx *ctx, + krb5_creds *creds, + krb5_kdc_rep *ret_as_reply) +{ + krb5_error_code ret; + krb5_kdc_rep rep; + METHOD_DATA md; + krb5_data resp; + size_t len; + size_t size; + int send_to_kdc_flags = 0; + + memset(&md, 0, sizeof(md)); + memset(&rep, 0, sizeof(rep)); + + if (ret_as_reply) + memset(ret_as_reply, 0, sizeof(*ret_as_reply)); + + ret = init_creds_init_as_req(context, ctx->flags, creds, + ctx->addrs, ctx->etypes, &ctx->as_req); + if (ret) + return ret; + + /* Set a new nonce. */ + krb5_generate_random_block (&ctx->nonce, sizeof(ctx->nonce)); + ctx->nonce &= 0xffffffff; + /* XXX these just needs to be the same when using Windows PK-INIT */ + ctx->pk_nonce = ctx->nonce; + + /* + * Increase counter when we want other pre-auth types then + * KRB5_PA_ENC_TIMESTAMP. + */ +#define MAX_PA_COUNTER 3 + + ctx->pa_counter = 0; + while (ctx->pa_counter < MAX_PA_COUNTER) { + krb5_data req; + + ctx->pa_counter++; + + if (ctx->as_req.padata) { + free_METHOD_DATA(ctx->as_req.padata); + free(ctx->as_req.padata); + ctx->as_req.padata = NULL; + } + + /* Set a new nonce. */ + ctx->as_req.req_body.nonce = ctx->nonce; + + /* fill_in_md_data */ + ret = process_pa_data_to_md(context, creds, &ctx->as_req, ctx, + &md, &ctx->as_req.padata, + prompter, prompter_data); + if (ret) + goto out; + ASN1_MALLOC_ENCODE(AS_REQ, req.data, req.length, + &ctx->as_req, &len, ret); + if (ret) + goto out; + if(len != req.length) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + ret = krb5_sendto_kdc_flags (context, &req, + &creds->client->realm, &resp, + send_to_kdc_flags); + krb5_data_free(&req); + if (ret) + goto out; + + memset (&rep, 0, sizeof(rep)); + ret = decode_AS_REP(resp.data, resp.length, &rep.kdc_rep, &size); + if (ret == 0) { + krb5_data_free(&resp); + krb5_clear_error_string(context); + break; + } else { + /* let's try to parse it as a KRB-ERROR */ + KRB_ERROR error; + + ret = krb5_rd_error(context, &resp, &error); + if(ret && resp.data && ((char*)resp.data)[0] == 4) + ret = KRB5KRB_AP_ERR_V4_REPLY; + krb5_data_free(&resp); + if (ret) + goto out; + + ret = krb5_error_from_rd_error(context, &error, creds); + + /* + * If no preauth was set and KDC requires it, give it one + * more try. + */ + + if (ret == KRB5KDC_ERR_PREAUTH_REQUIRED) { + free_METHOD_DATA(&md); + memset(&md, 0, sizeof(md)); + + if (error.e_data) { + ret = decode_METHOD_DATA(error.e_data->data, + error.e_data->length, + &md, + NULL); + if (ret) + krb5_set_error_string(context, + "failed to decode METHOD DATA"); + } else { + /* XXX guess what the server want here add add md */ + } + krb5_free_error_contents(context, &error); + if (ret) + goto out; + } else if (ret == KRB5KRB_ERR_RESPONSE_TOO_BIG) { + if (send_to_kdc_flags & KRB5_KRBHST_FLAGS_LARGE_MSG) { + if (ret_as_reply) + rep.error = error; + else + krb5_free_error_contents(context, &error); + goto out; + } + krb5_free_error_contents(context, &error); + send_to_kdc_flags |= KRB5_KRBHST_FLAGS_LARGE_MSG; + } else { + if (ret_as_reply) + rep.error = error; + else + krb5_free_error_contents(context, &error); + goto out; + } + } + } + + { + krb5_keyblock *key = NULL; + + ret = process_pa_data_to_key(context, ctx, creds, + &ctx->as_req, &rep, &key); + if (ret) + goto out; + + ret = _krb5_extract_ticket(context, + &rep, + creds, + key, + NULL, + KRB5_KU_AS_REP_ENC_PART, + NULL, + ctx->nonce, + FALSE, + ctx->flags.b.request_anonymous, + NULL, + NULL); + krb5_free_keyblock(context, key); + } +out: + free_METHOD_DATA(&md); + memset(&md, 0, sizeof(md)); + + if (ret == 0 && ret_as_reply) + *ret_as_reply = rep; + else + krb5_free_kdc_rep (context, &rep); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds(krb5_context context, + krb5_creds *creds, + krb5_principal client, + krb5_prompter_fct prompter, + void *data, + krb5_deltat start_time, + const char *in_tkt_service, + krb5_get_init_creds_opt *options) +{ + krb5_get_init_creds_ctx ctx; + krb5_kdc_rep kdc_reply; + krb5_error_code ret; + char buf[BUFSIZ]; + int done; + + memset(&kdc_reply, 0, sizeof(kdc_reply)); + + ret = get_init_creds_common(context, creds, client, start_time, + in_tkt_service, options, &ctx); + if (ret) + goto out; + + done = 0; + while(!done) { + memset(&kdc_reply, 0, sizeof(kdc_reply)); + + ret = init_cred_loop(context, + options, + prompter, + data, + &ctx, + &ctx.cred, + &kdc_reply); + + switch (ret) { + case 0 : + done = 1; + break; + case KRB5KDC_ERR_KEY_EXPIRED : + /* try to avoid recursion */ + + /* don't try to change password where then where none */ + if (prompter == NULL || ctx.password == NULL) + goto out; + + krb5_clear_error_string (context); + + if (ctx.in_tkt_service != NULL + && strcmp (ctx.in_tkt_service, "kadmin/changepw") == 0) + goto out; + + ret = change_password (context, + client, + ctx.password, + buf, + sizeof(buf), + prompter, + data, + options); + if (ret) + goto out; + ctx.password = buf; + break; + default: + goto out; + } + } + + if (prompter) + print_expire (context, + krb5_principal_get_realm (context, ctx.cred.client), + &kdc_reply, + prompter, + data); + + out: + memset (buf, 0, sizeof(buf)); + free_init_creds_ctx(context, &ctx); + krb5_free_kdc_rep (context, &kdc_reply); + if (ret == 0) + *creds = ctx.cred; + else + krb5_free_cred_contents (context, &ctx.cred); + + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_password(krb5_context context, + krb5_creds *creds, + krb5_principal client, + const char *password, + krb5_prompter_fct prompter, + void *data, + krb5_deltat start_time, + const char *in_tkt_service, + krb5_get_init_creds_opt *in_options) +{ + krb5_get_init_creds_opt *options; + char buf[BUFSIZ]; + krb5_error_code ret; + + if (in_options == NULL) + ret = krb5_get_init_creds_opt_alloc(context, &options); + else + ret = _krb5_get_init_creds_opt_copy(context, in_options, &options); + if (ret) + return ret; + + if (password == NULL && + options->private->password == NULL && + options->private->pk_init_ctx == NULL) + { + krb5_prompt prompt; + krb5_data password_data; + char *p, *q; + + krb5_unparse_name (context, client, &p); + asprintf (&q, "%s's Password: ", p); + free (p); + prompt.prompt = q; + password_data.data = buf; + password_data.length = sizeof(buf); + prompt.hidden = 1; + prompt.reply = &password_data; + prompt.type = KRB5_PROMPT_TYPE_PASSWORD; + + ret = (*prompter) (context, data, NULL, NULL, 1, &prompt); + free (q); + if (ret) { + memset (buf, 0, sizeof(buf)); + krb5_get_init_creds_opt_free(options); + ret = KRB5_LIBOS_PWDINTR; + krb5_clear_error_string (context); + return ret; + } + password = password_data.data; + } + + if (options->private->password == NULL) { + ret = krb5_get_init_creds_opt_set_pa_password(context, options, + password, NULL); + if (ret) { + krb5_get_init_creds_opt_free(options); + memset(buf, 0, sizeof(buf)); + return ret; + } + } + + ret = krb5_get_init_creds(context, creds, client, prompter, + data, start_time, in_tkt_service, options); + krb5_get_init_creds_opt_free(options); + memset(buf, 0, sizeof(buf)); + return ret; +} + +static krb5_error_code +init_creds_keyblock_key_proc (krb5_context context, + krb5_enctype type, + krb5_salt salt, + krb5_const_pointer keyseed, + krb5_keyblock **key) +{ + return krb5_copy_keyblock (context, keyseed, key); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_keyblock(krb5_context context, + krb5_creds *creds, + krb5_principal client, + krb5_keyblock *keyblock, + krb5_deltat start_time, + const char *in_tkt_service, + krb5_get_init_creds_opt *options) +{ + struct krb5_get_init_creds_ctx ctx; + krb5_error_code ret; + + ret = get_init_creds_common(context, creds, client, start_time, + in_tkt_service, options, &ctx); + if (ret) + goto out; + + ret = krb5_get_in_cred (context, + ctx.flags.i, + ctx.addrs, + ctx.etypes, + ctx.pre_auth_types, + NULL, + init_creds_keyblock_key_proc, + keyblock, + NULL, + NULL, + &ctx.cred, + NULL); + + if (ret == 0 && creds) + *creds = ctx.cred; + else + krb5_free_cred_contents (context, &ctx.cred); + + out: + free_init_creds_ctx(context, &ctx); + return ret; +} diff --git a/source4/heimdal/lib/krb5/k524_err.et b/source4/heimdal/lib/krb5/k524_err.et new file mode 100644 index 0000000000..2dc60f46ae --- /dev/null +++ b/source4/heimdal/lib/krb5/k524_err.et @@ -0,0 +1,20 @@ +# +# Error messages for the k524 functions +# +# This might look like a com_err file, but is not +# +id "$Id: k524_err.et,v 1.1 2001/06/20 02:44:11 joda Exp $" + +error_table k524 + +prefix KRB524 +error_code BADKEY, "wrong keytype in ticket" +error_code BADADDR, "incorrect network address" +error_code BADPRINC, "cannot convert V5 principal" #unused +error_code BADREALM, "V5 realm name longer than V4 maximum" #unused +error_code V4ERR, "kerberos V4 error server" +error_code ENCFULL, "encoding too large at server" +error_code DECEMPTY, "decoding out of data" #unused +error_code NOTRESP, "service not responding" #unused +end + diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c new file mode 100644 index 0000000000..b7873f33d5 --- /dev/null +++ b/source4/heimdal/lib/krb5/kcm.c @@ -0,0 +1,1095 @@ +/* + * Copyright (c) 2005, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +#ifdef HAVE_KCM +/* + * Client library for Kerberos Credentials Manager (KCM) daemon + */ + +#ifdef HAVE_SYS_UN_H +#include +#endif + +#include "kcm.h" + +RCSID("$Id: kcm.c,v 1.7 2005/06/17 04:20:11 lha Exp $"); + +typedef struct krb5_kcmcache { + char *name; + struct sockaddr_un path; + char *door_path; +} krb5_kcmcache; + +#define KCMCACHE(X) ((krb5_kcmcache *)(X)->data.data) +#define CACHENAME(X) (KCMCACHE(X)->name) +#define KCMCURSOR(C) (*(u_int32_t *)(C)) + +static krb5_error_code +try_door(krb5_context context, const krb5_kcmcache *k, + krb5_data *request_data, + krb5_data *response_data) +{ +#ifdef HAVE_DOOR_CREATE + door_arg_t arg; + int fd; + int ret; + + memset(&arg, 0, sizeof(arg)); + + fd = open(k->door_path, O_RDWR); + if (fd < 0) + return KRB5_CC_IO; + + arg.data_ptr = request_data->data; + arg.data_size = request_data->length; + arg.desc_ptr = NULL; + arg.desc_num = 0; + arg.rbuf = NULL; + arg.rsize = 0; + + ret = door_call(fd, &arg); + close(fd); + if (ret != 0) + return KRB5_CC_IO; + + ret = krb5_data_copy(response_data, arg.rbuf, arg.rsize); + munmap(arg.rbuf, arg.rsize); + if (ret) + return ret; + + return 0; +#else + return KRB5_CC_IO; +#endif +} + +static krb5_error_code +try_unix_socket(krb5_context context, const krb5_kcmcache *k, + krb5_data *request_data, + krb5_data *response_data) +{ + krb5_error_code ret; + int fd; + + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) + return KRB5_CC_IO; + + if (connect(fd, rk_UNCONST(&k->path), sizeof(k->path)) != 0) { + close(fd); + return KRB5_CC_IO; + } + + ret = _krb5_send_and_recv_tcp(fd, context->kdc_timeout, + request_data, response_data); + close(fd); + return ret; +} + +static krb5_error_code +kcm_send_request(krb5_context context, + krb5_kcmcache *k, + krb5_storage *request, + krb5_data *response_data) +{ + krb5_error_code ret; + krb5_data request_data; + int i; + + response_data->data = NULL; + response_data->length = 0; + + ret = krb5_storage_to_data(request, &request_data); + if (ret) { + krb5_clear_error_string(context); + return KRB5_CC_NOMEM; + } + + ret = KRB5_CC_IO; + + for (i = 0; i < context->max_retries; i++) { + ret = try_door(context, k, &request_data, response_data); + if (ret == 0 && response_data->length != 0) + break; + ret = try_unix_socket(context, k, &request_data, response_data); + if (ret == 0 && response_data->length != 0) + break; + } + + krb5_data_free(&request_data); + + if (ret) { + krb5_clear_error_string(context); + ret = KRB5_CC_IO; + } + + return ret; +} + +static krb5_error_code +kcm_storage_request(krb5_context context, + kcm_operation opcode, + krb5_storage **storage_p) +{ + krb5_storage *sp; + krb5_error_code ret; + + *storage_p = NULL; + + sp = krb5_storage_emem(); + if (sp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return KRB5_CC_NOMEM; + } + + /* Send MAJOR | VERSION | OPCODE */ + ret = krb5_store_int8(sp, KCM_PROTOCOL_VERSION_MAJOR); + if (ret) + goto fail; + ret = krb5_store_int8(sp, KCM_PROTOCOL_VERSION_MINOR); + if (ret) + goto fail; + ret = krb5_store_int16(sp, opcode); + if (ret) + goto fail; + + *storage_p = sp; + fail: + if (ret) { + krb5_set_error_string(context, "Failed to encode request"); + krb5_storage_free(sp); + } + + return ret; +} + +static krb5_error_code +kcm_alloc(krb5_context context, const char *name, krb5_ccache *id) +{ + krb5_kcmcache *k; + const char *path; + + k = malloc(sizeof(*k)); + if (k == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return KRB5_CC_NOMEM; + } + + if (name != NULL) { + k->name = strdup(name); + if (k->name == NULL) { + free(k); + krb5_set_error_string(context, "malloc: out of memory"); + return KRB5_CC_NOMEM; + } + } else + k->name = NULL; + + path = krb5_config_get_string_default(context, NULL, + _PATH_KCM_SOCKET, + "libdefaults", + "kcm_socket", + NULL); + + k->path.sun_family = AF_UNIX; + strlcpy(k->path.sun_path, path, sizeof(k->path.sun_path)); + + path = krb5_config_get_string_default(context, NULL, + _PATH_KCM_DOOR, + "libdefaults", + "kcm_door", + NULL); + k->door_path = strdup(path); + + (*id)->data.data = k; + (*id)->data.length = sizeof(*k); + + return 0; +} + +static krb5_error_code +kcm_call(krb5_context context, + krb5_kcmcache *k, + krb5_storage *request, + krb5_storage **response_p, + krb5_data *response_data_p) +{ + krb5_data response_data; + krb5_error_code ret, status; + krb5_storage *response; + + if (response_p != NULL) + *response_p = NULL; + + ret = kcm_send_request(context, k, request, &response_data); + if (ret) { + return ret; + } + + response = krb5_storage_from_data(&response_data); + if (response == NULL) { + krb5_data_free(&response_data); + return KRB5_CC_IO; + } + + ret = krb5_ret_int32(response, &status); + if (ret) { + krb5_storage_free(response); + krb5_data_free(&response_data); + return KRB5_CC_FORMAT; + } + + if (status) { + krb5_storage_free(response); + krb5_data_free(&response_data); + return status; + } + + if (response_p != NULL) { + *response_data_p = response_data; + *response_p = response; + + return 0; + } + + krb5_storage_free(response); + krb5_data_free(&response_data); + + return 0; +} + +static void +kcm_free(krb5_context context, krb5_ccache *id) +{ + krb5_kcmcache *k = KCMCACHE(*id); + + if (k != NULL) { + if (k->name != NULL) + free(k->name); + if (k->door_path) + free(k->door_path); + memset(k, 0, sizeof(*k)); + krb5_data_free(&(*id)->data); + } + + *id = NULL; +} + +static const char * +kcm_get_name(krb5_context context, + krb5_ccache id) +{ + return CACHENAME(id); +} + +static krb5_error_code +kcm_resolve(krb5_context context, krb5_ccache *id, const char *res) +{ + return kcm_alloc(context, res, id); +} + +/* + * Request: + * + * Response: + * NameZ + */ +static krb5_error_code +kcm_gen_new(krb5_context context, krb5_ccache *id) +{ + krb5_kcmcache *k; + krb5_error_code ret; + krb5_storage *request, *response; + krb5_data response_data; + + ret = kcm_alloc(context, NULL, id); + if (ret) + return ret; + + k = KCMCACHE(*id); + + ret = kcm_storage_request(context, KCM_OP_GEN_NEW, &request); + if (ret) { + kcm_free(context, id); + return ret; + } + + ret = kcm_call(context, k, request, &response, &response_data); + if (ret) { + krb5_storage_free(request); + kcm_free(context, id); + return ret; + } + + ret = krb5_ret_stringz(response, &k->name); + if (ret) + ret = KRB5_CC_IO; + + krb5_storage_free(request); + krb5_storage_free(response); + krb5_data_free(&response_data); + + if (ret) + kcm_free(context, id); + + return ret; +} + +/* + * Request: + * NameZ + * Principal + * + * Response: + * + */ +static krb5_error_code +kcm_initialize(krb5_context context, + krb5_ccache id, + krb5_principal primary_principal) +{ + krb5_error_code ret; + krb5_kcmcache *k = KCMCACHE(id); + krb5_storage *request; + + ret = kcm_storage_request(context, KCM_OP_INITIALIZE, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_principal(request, primary_principal); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = kcm_call(context, k, request, NULL, NULL); + + krb5_storage_free(request); + return ret; +} + +static krb5_error_code +kcm_close(krb5_context context, + krb5_ccache id) +{ + kcm_free(context, &id); + return 0; +} + +/* + * Request: + * NameZ + * + * Response: + * + */ +static krb5_error_code +kcm_destroy(krb5_context context, + krb5_ccache id) +{ + krb5_error_code ret; + krb5_kcmcache *k = KCMCACHE(id); + krb5_storage *request; + + ret = kcm_storage_request(context, KCM_OP_DESTROY, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = kcm_call(context, k, request, NULL, NULL); + + krb5_storage_free(request); + return ret; +} + +/* + * Request: + * NameZ + * Creds + * + * Response: + * + */ +static krb5_error_code +kcm_store_cred(krb5_context context, + krb5_ccache id, + krb5_creds *creds) +{ + krb5_error_code ret; + krb5_kcmcache *k = KCMCACHE(id); + krb5_storage *request; + + ret = kcm_storage_request(context, KCM_OP_STORE, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_creds(request, creds); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = kcm_call(context, k, request, NULL, NULL); + + krb5_storage_free(request); + return ret; +} + +/* + * Request: + * NameZ + * WhichFields + * MatchCreds + * + * Response: + * Creds + * + */ +static krb5_error_code +kcm_retrieve(krb5_context context, + krb5_ccache id, + krb5_flags which, + const krb5_creds *mcred, + krb5_creds *creds) +{ + krb5_error_code ret; + krb5_kcmcache *k = KCMCACHE(id); + krb5_storage *request, *response; + krb5_data response_data; + + ret = kcm_storage_request(context, KCM_OP_RETRIEVE, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_int32(request, which); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_creds_tag(request, rk_UNCONST(mcred)); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = kcm_call(context, k, request, &response, &response_data); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_ret_creds(response, creds); + if (ret) + ret = KRB5_CC_IO; + + krb5_storage_free(request); + krb5_storage_free(response); + krb5_data_free(&response_data); + + return ret; +} + +/* + * Request: + * NameZ + * + * Response: + * Principal + */ +static krb5_error_code +kcm_get_principal(krb5_context context, + krb5_ccache id, + krb5_principal *principal) +{ + krb5_error_code ret; + krb5_kcmcache *k = KCMCACHE(id); + krb5_storage *request, *response; + krb5_data response_data; + + ret = kcm_storage_request(context, KCM_OP_GET_PRINCIPAL, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = kcm_call(context, k, request, &response, &response_data); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_ret_principal(response, principal); + if (ret) + ret = KRB5_CC_IO; + + krb5_storage_free(request); + krb5_storage_free(response); + krb5_data_free(&response_data); + + return ret; +} + +/* + * Request: + * NameZ + * + * Response: + * Cursor + * + */ +static krb5_error_code +kcm_get_first (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor) +{ + krb5_error_code ret; + krb5_kcmcache *k = KCMCACHE(id); + krb5_storage *request, *response; + krb5_data response_data; + u_int32_t tmp; + + ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = kcm_call(context, k, request, &response, &response_data); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_ret_int32(response, &tmp); + if (ret) + ret = KRB5_CC_IO; + + krb5_storage_free(request); + krb5_storage_free(response); + krb5_data_free(&response_data); + + if (ret) + return ret; + + *cursor = malloc(sizeof(tmp)); + if (*cursor == NULL) + return KRB5_CC_NOMEM; + + KCMCURSOR(*cursor) = tmp; + + return 0; +} + +/* + * Request: + * NameZ + * Cursor + * + * Response: + * Creds + */ +static krb5_error_code +kcm_get_next (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor, + krb5_creds *creds) +{ + krb5_error_code ret; + krb5_kcmcache *k = KCMCACHE(id); + krb5_storage *request, *response; + krb5_data response_data; + + ret = kcm_storage_request(context, KCM_OP_GET_NEXT, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_int32(request, KCMCURSOR(*cursor)); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = kcm_call(context, k, request, &response, &response_data); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_ret_creds(response, creds); + if (ret) + ret = KRB5_CC_IO; + + krb5_storage_free(request); + krb5_storage_free(response); + krb5_data_free(&response_data); + + return ret; +} + +/* + * Request: + * NameZ + * Cursor + * + * Response: + * + */ +static krb5_error_code +kcm_end_get (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor) +{ + krb5_error_code ret; + krb5_kcmcache *k = KCMCACHE(id); + krb5_storage *request; + + ret = kcm_storage_request(context, KCM_OP_END_GET, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_int32(request, KCMCURSOR(*cursor)); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = kcm_call(context, k, request, NULL, NULL); + if (ret) { + krb5_storage_free(request); + return ret; + } + + krb5_storage_free(request); + + KCMCURSOR(*cursor) = 0; + free(*cursor); + *cursor = NULL; + + return ret; +} + +/* + * Request: + * NameZ + * WhichFields + * MatchCreds + * + * Response: + * + */ +static krb5_error_code +kcm_remove_cred(krb5_context context, + krb5_ccache id, + krb5_flags which, + krb5_creds *cred) +{ + krb5_error_code ret; + krb5_kcmcache *k = KCMCACHE(id); + krb5_storage *request; + + ret = kcm_storage_request(context, KCM_OP_REMOVE_CRED, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_int32(request, which); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_creds_tag(request, cred); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = kcm_call(context, k, request, NULL, NULL); + + krb5_storage_free(request); + return ret; +} + +static krb5_error_code +kcm_set_flags(krb5_context context, + krb5_ccache id, + krb5_flags flags) +{ + krb5_error_code ret; + krb5_kcmcache *k = KCMCACHE(id); + krb5_storage *request; + + ret = kcm_storage_request(context, KCM_OP_SET_FLAGS, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_int32(request, flags); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = kcm_call(context, k, request, NULL, NULL); + + krb5_storage_free(request); + return ret; +} + +static krb5_error_code +kcm_get_version(krb5_context context, + krb5_ccache id) +{ + return 0; +} + +const krb5_cc_ops krb5_kcm_ops = { + "KCM", + kcm_get_name, + kcm_resolve, + kcm_gen_new, + kcm_initialize, + kcm_destroy, + kcm_close, + kcm_store_cred, + kcm_retrieve, + kcm_get_principal, + kcm_get_first, + kcm_get_next, + kcm_end_get, + kcm_remove_cred, + kcm_set_flags, + kcm_get_version +}; + +krb5_boolean +_krb5_kcm_is_running(krb5_context context) +{ + krb5_error_code ret; + krb5_ccache_data ccdata; + krb5_ccache id = &ccdata; + krb5_boolean running; + + ret = kcm_alloc(context, NULL, &id); + if (ret) + return 0; + + running = (_krb5_kcm_noop(context, id) == 0); + + kcm_free(context, &id); + + return running; +} + +/* + * Request: + * + * Response: + * + */ +krb5_error_code +_krb5_kcm_noop(krb5_context context, + krb5_ccache id) +{ + krb5_error_code ret; + krb5_kcmcache *k = KCMCACHE(id); + krb5_storage *request; + + ret = kcm_storage_request(context, KCM_OP_NOOP, &request); + if (ret) + return ret; + + ret = kcm_call(context, k, request, NULL, NULL); + + krb5_storage_free(request); + return ret; +} + + +/* + * Request: + * NameZ + * Mode + * + * Response: + * + */ +krb5_error_code +_krb5_kcm_chmod(krb5_context context, + krb5_ccache id, + u_int16_t mode) +{ + krb5_error_code ret; + krb5_kcmcache *k = KCMCACHE(id); + krb5_storage *request; + + ret = kcm_storage_request(context, KCM_OP_CHMOD, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_int16(request, mode); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = kcm_call(context, k, request, NULL, NULL); + + krb5_storage_free(request); + return ret; +} + + +/* + * Request: + * NameZ + * UID + * GID + * + * Response: + * + */ +krb5_error_code +_krb5_kcm_chown(krb5_context context, + krb5_ccache id, + u_int32_t uid, + u_int32_t gid) +{ + krb5_error_code ret; + krb5_kcmcache *k = KCMCACHE(id); + krb5_storage *request; + + ret = kcm_storage_request(context, KCM_OP_CHOWN, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_int32(request, uid); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_int32(request, gid); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = kcm_call(context, k, request, NULL, NULL); + + krb5_storage_free(request); + return ret; +} + + +/* + * Request: + * NameZ + * ServerPrincipalPresent + * ServerPrincipal OPTIONAL + * Key + * + * Repsonse: + * + */ +krb5_error_code +_krb5_kcm_get_initial_ticket(krb5_context context, + krb5_ccache id, + krb5_principal server, + krb5_keyblock *key) +{ + krb5_error_code ret; + krb5_kcmcache *k = KCMCACHE(id); + krb5_storage *request; + + ret = kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_int8(request, (server == NULL) ? 0 : 1); + if (ret) { + krb5_storage_free(request); + return ret; + } + + if (server != NULL) { + ret = krb5_store_principal(request, server); + if (ret) { + krb5_storage_free(request); + return ret; + } + } + + ret = krb5_store_keyblock(request, *key); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = kcm_call(context, k, request, NULL, NULL); + + krb5_storage_free(request); + return ret; +} + + +/* + * Request: + * NameZ + * KDCFlags + * EncryptionType + * ServerPrincipal + * + * Repsonse: + * + */ +krb5_error_code +_krb5_kcm_get_ticket(krb5_context context, + krb5_ccache id, + krb5_kdc_flags flags, + krb5_enctype enctype, + krb5_principal server) +{ + krb5_error_code ret; + krb5_kcmcache *k = KCMCACHE(id); + krb5_storage *request; + + ret = kcm_storage_request(context, KCM_OP_GET_TICKET, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_int32(request, flags.i); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_int32(request, enctype); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_principal(request, server); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = kcm_call(context, k, request, NULL, NULL); + + krb5_storage_free(request); + return ret; +} + + +#endif /* HAVE_KCM */ diff --git a/source4/heimdal/lib/krb5/keyblock.c b/source4/heimdal/lib/krb5/keyblock.c new file mode 100644 index 0000000000..314d97978b --- /dev/null +++ b/source4/heimdal/lib/krb5/keyblock.c @@ -0,0 +1,133 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: keyblock.c,v 1.17 2005/05/18 04:21:31 lha Exp $"); + +void KRB5_LIB_FUNCTION +krb5_keyblock_zero(krb5_keyblock *keyblock) +{ + keyblock->keytype = 0; + krb5_data_zero(&keyblock->keyvalue); +} + +void KRB5_LIB_FUNCTION +krb5_free_keyblock_contents(krb5_context context, + krb5_keyblock *keyblock) +{ + if(keyblock) { + if (keyblock->keyvalue.data != NULL) + memset(keyblock->keyvalue.data, 0, keyblock->keyvalue.length); + krb5_data_free (&keyblock->keyvalue); + keyblock->keytype = ENCTYPE_NULL; + } +} + +void KRB5_LIB_FUNCTION +krb5_free_keyblock(krb5_context context, + krb5_keyblock *keyblock) +{ + if(keyblock){ + krb5_free_keyblock_contents(context, keyblock); + free(keyblock); + } +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_keyblock_contents (krb5_context context, + const krb5_keyblock *inblock, + krb5_keyblock *to) +{ + return copy_EncryptionKey(inblock, to); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_keyblock (krb5_context context, + const krb5_keyblock *inblock, + krb5_keyblock **to) +{ + krb5_keyblock *k; + + k = malloc (sizeof(*k)); + if (k == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + *to = k; + return krb5_copy_keyblock_contents (context, inblock, k); +} + +krb5_enctype +krb5_keyblock_get_enctype(const krb5_keyblock *block) +{ + return block->keytype; +} + +/* + * Fill in `key' with key data of type `enctype' from `data' of length + * `size'. Key should be freed using krb5_free_keyblock_contents. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_keyblock_init(krb5_context context, + krb5_enctype type, + const void *data, + size_t size, + krb5_keyblock *key) +{ + krb5_error_code ret; + size_t len; + + memset(key, 0, sizeof(*key)); + + ret = krb5_enctype_keysize(context, type, &len); + if (ret) + return ret; + + if (len != size) { + krb5_set_error_string(context, "Encryption key %d is %lu bytes " + "long, %lu was passed in", + type, (unsigned long)len, (unsigned long)size); + return KRB5_PROG_ETYPE_NOSUPP; + } + ret = krb5_data_copy(&key->keyvalue, data, len); + if(ret) { + krb5_set_error_string(context, "malloc failed: %lu", + (unsigned long)len); + return ret; + } + key->keytype = type; + + return 0; +} diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c new file mode 100644 index 0000000000..a405664122 --- /dev/null +++ b/source4/heimdal/lib/krb5/keytab.c @@ -0,0 +1,491 @@ +/* + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: keytab.c,v 1.60 2005/05/19 14:04:45 lha Exp $"); + +/* + * Register a new keytab in `ops' + * Return 0 or an error. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_register(krb5_context context, + const krb5_kt_ops *ops) +{ + struct krb5_keytab_data *tmp; + + if (strlen(ops->prefix) > KRB5_KT_PREFIX_MAX_LEN - 1) { + krb5_set_error_string(context, "krb5_kt_register; prefix too long"); + return KRB5_KT_BADNAME; + } + + tmp = realloc(context->kt_types, + (context->num_kt_types + 1) * sizeof(*context->kt_types)); + if(tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memcpy(&tmp[context->num_kt_types], ops, + sizeof(tmp[context->num_kt_types])); + context->kt_types = tmp; + context->num_kt_types++; + return 0; +} + +/* + * Resolve the keytab name (of the form `type:residual') in `name' + * into a keytab in `id'. + * Return 0 or an error + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_resolve(krb5_context context, + const char *name, + krb5_keytab *id) +{ + krb5_keytab k; + int i; + const char *type, *residual; + size_t type_len; + krb5_error_code ret; + + residual = strchr(name, ':'); + if(residual == NULL) { + type = "FILE"; + type_len = strlen(type); + residual = name; + } else { + type = name; + type_len = residual - name; + residual++; + } + + for(i = 0; i < context->num_kt_types; i++) { + if(strncasecmp(type, context->kt_types[i].prefix, type_len) == 0) + break; + } + if(i == context->num_kt_types) { + krb5_set_error_string(context, "unknown keytab type %.*s", + (int)type_len, type); + return KRB5_KT_UNKNOWN_TYPE; + } + + k = malloc (sizeof(*k)); + if (k == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memcpy(k, &context->kt_types[i], sizeof(*k)); + k->data = NULL; + ret = (*k->resolve)(context, residual, k); + if(ret) { + free(k); + k = NULL; + } + *id = k; + return ret; +} + +/* + * copy the name of the default keytab into `name'. + * Return 0 or KRB5_CONFIG_NOTENUFSPACE if `namesize' is too short. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_default_name(krb5_context context, char *name, size_t namesize) +{ + if (strlcpy (name, context->default_keytab, namesize) >= namesize) { + krb5_clear_error_string (context); + return KRB5_CONFIG_NOTENUFSPACE; + } + return 0; +} + +/* + * copy the name of the default modify keytab into `name'. + * Return 0 or KRB5_CONFIG_NOTENUFSPACE if `namesize' is too short. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize) +{ + const char *kt = NULL; + if(context->default_keytab_modify == NULL) { + if(strncasecmp(context->default_keytab, "ANY:", 4) != 0) + kt = context->default_keytab; + else { + size_t len = strcspn(context->default_keytab + 4, ","); + if(len >= namesize) { + krb5_clear_error_string(context); + return KRB5_CONFIG_NOTENUFSPACE; + } + strlcpy(name, context->default_keytab + 4, namesize); + name[len] = '\0'; + return 0; + } + } else + kt = context->default_keytab_modify; + if (strlcpy (name, kt, namesize) >= namesize) { + krb5_clear_error_string (context); + return KRB5_CONFIG_NOTENUFSPACE; + } + return 0; +} + +/* + * Set `id' to the default keytab. + * Return 0 or an error. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_default(krb5_context context, krb5_keytab *id) +{ + return krb5_kt_resolve (context, context->default_keytab, id); +} + +/* + * Read the key identified by `(principal, vno, enctype)' from the + * keytab in `keyprocarg' (the default if == NULL) into `*key'. + * Return 0 or an error. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_read_service_key(krb5_context context, + krb5_pointer keyprocarg, + krb5_principal principal, + krb5_kvno vno, + krb5_enctype enctype, + krb5_keyblock **key) +{ + krb5_keytab keytab; + krb5_keytab_entry entry; + krb5_error_code ret; + + if (keyprocarg) + ret = krb5_kt_resolve (context, keyprocarg, &keytab); + else + ret = krb5_kt_default (context, &keytab); + + if (ret) + return ret; + + ret = krb5_kt_get_entry (context, keytab, principal, vno, enctype, &entry); + krb5_kt_close (context, keytab); + if (ret) + return ret; + ret = krb5_copy_keyblock (context, &entry.keyblock, key); + krb5_kt_free_entry(context, &entry); + return ret; +} + +/* + * Return the type of the `keytab' in the string `prefix of length + * `prefixsize'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_get_type(krb5_context context, + krb5_keytab keytab, + char *prefix, + size_t prefixsize) +{ + strlcpy(prefix, keytab->prefix, prefixsize); + return 0; +} + +/* + * Retrieve the name of the keytab `keytab' into `name', `namesize' + * Return 0 or an error. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_get_name(krb5_context context, + krb5_keytab keytab, + char *name, + size_t namesize) +{ + return (*keytab->get_name)(context, keytab, name, namesize); +} + +/* + * Finish using the keytab in `id'. All resources will be released. + * Return 0 or an error. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_close(krb5_context context, + krb5_keytab id) +{ + krb5_error_code ret; + + ret = (*id->close)(context, id); + if(ret == 0) + free(id); + return ret; +} + +/* + * Compare `entry' against `principal, vno, enctype'. + * Any of `principal, vno, enctype' might be 0 which acts as a wildcard. + * Return TRUE if they compare the same, FALSE otherwise. + */ + +krb5_boolean KRB5_LIB_FUNCTION +krb5_kt_compare(krb5_context context, + krb5_keytab_entry *entry, + krb5_const_principal principal, + krb5_kvno vno, + krb5_enctype enctype) +{ + if(principal != NULL && + !krb5_principal_compare(context, entry->principal, principal)) + return FALSE; + if(vno && vno != entry->vno) + return FALSE; + if(enctype && enctype != entry->keyblock.keytype) + return FALSE; + return TRUE; +} + +/* + * Retrieve the keytab entry for `principal, kvno, enctype' into `entry' + * from the keytab `id'. + * kvno == 0 is a wildcard and gives the keytab with the highest vno. + * Return 0 or an error. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_get_entry(krb5_context context, + krb5_keytab id, + krb5_const_principal principal, + krb5_kvno kvno, + krb5_enctype enctype, + krb5_keytab_entry *entry) +{ + krb5_keytab_entry tmp; + krb5_error_code ret; + krb5_kt_cursor cursor; + + if(id->get) + return (*id->get)(context, id, principal, kvno, enctype, entry); + + ret = krb5_kt_start_seq_get (context, id, &cursor); + if (ret) + return KRB5_KT_NOTFOUND; /* XXX i.e. file not found */ + + entry->vno = 0; + while (krb5_kt_next_entry(context, id, &tmp, &cursor) == 0) { + if (krb5_kt_compare(context, &tmp, principal, 0, enctype)) { + /* the file keytab might only store the lower 8 bits of + the kvno, so only compare those bits */ + if (kvno == tmp.vno + || (tmp.vno < 256 && kvno % 256 == tmp.vno)) { + krb5_kt_copy_entry_contents (context, &tmp, entry); + krb5_kt_free_entry (context, &tmp); + krb5_kt_end_seq_get(context, id, &cursor); + return 0; + } else if (kvno == 0 && tmp.vno > entry->vno) { + if (entry->vno) + krb5_kt_free_entry (context, entry); + krb5_kt_copy_entry_contents (context, &tmp, entry); + } + } + krb5_kt_free_entry(context, &tmp); + } + krb5_kt_end_seq_get (context, id, &cursor); + if (entry->vno) { + return 0; + } else { + char princ[256], kt_name[256], kvno_str[25]; + char *enctype_str = NULL; + + krb5_unparse_name_fixed (context, principal, princ, sizeof(princ)); + krb5_kt_get_name (context, id, kt_name, sizeof(kt_name)); + krb5_enctype_to_string(context, enctype, &enctype_str); + + if (kvno) + snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno); + else + kvno_str[0] = '\0'; + + krb5_set_error_string (context, + "failed to find %s%s in keytab %s (%s)", + princ, + kvno_str, + kt_name, + enctype_str ? enctype_str : "unknown enctype"); + free(enctype_str); + return KRB5_KT_NOTFOUND; + } +} + +/* + * Copy the contents of `in' into `out'. + * Return 0 or an error. */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_copy_entry_contents(krb5_context context, + const krb5_keytab_entry *in, + krb5_keytab_entry *out) +{ + krb5_error_code ret; + + memset(out, 0, sizeof(*out)); + out->vno = in->vno; + + ret = krb5_copy_principal (context, in->principal, &out->principal); + if (ret) + goto fail; + ret = krb5_copy_keyblock_contents (context, + &in->keyblock, + &out->keyblock); + if (ret) + goto fail; + out->timestamp = in->timestamp; + return 0; +fail: + krb5_kt_free_entry (context, out); + return ret; +} + +/* + * Free the contents of `entry'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_free_entry(krb5_context context, + krb5_keytab_entry *entry) +{ + krb5_free_principal (context, entry->principal); + krb5_free_keyblock_contents (context, &entry->keyblock); + memset(entry, 0, sizeof(*entry)); + return 0; +} + +/* + * Set `cursor' to point at the beginning of `id'. + * Return 0 or an error. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_start_seq_get(krb5_context context, + krb5_keytab id, + krb5_kt_cursor *cursor) +{ + if(id->start_seq_get == NULL) { + krb5_set_error_string(context, + "start_seq_get is not supported in the %s " + " keytab", id->prefix); + return HEIM_ERR_OPNOTSUPP; + } + return (*id->start_seq_get)(context, id, cursor); +} + +/* + * Get the next entry from `id' pointed to by `cursor' and advance the + * `cursor'. + * Return 0 or an error. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_next_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, + krb5_kt_cursor *cursor) +{ + if(id->next_entry == NULL) { + krb5_set_error_string(context, + "next_entry is not supported in the %s " + " keytab", id->prefix); + return HEIM_ERR_OPNOTSUPP; + } + return (*id->next_entry)(context, id, entry, cursor); +} + +/* + * Release all resources associated with `cursor'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_end_seq_get(krb5_context context, + krb5_keytab id, + krb5_kt_cursor *cursor) +{ + if(id->end_seq_get == NULL) { + krb5_set_error_string(context, + "end_seq_get is not supported in the %s " + " keytab", id->prefix); + return HEIM_ERR_OPNOTSUPP; + } + return (*id->end_seq_get)(context, id, cursor); +} + +/* + * Add the entry in `entry' to the keytab `id'. + * Return 0 or an error. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_add_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + if(id->add == NULL) { + krb5_set_error_string(context, "Add is not supported in the %s keytab", + id->prefix); + return KRB5_KT_NOWRITE; + } + entry->timestamp = time(NULL); + return (*id->add)(context, id,entry); +} + +/* + * Remove the entry `entry' from the keytab `id'. + * Return 0 or an error. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_remove_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + if(id->remove == NULL) { + krb5_set_error_string(context, + "Remove is not supported in the %s keytab", + id->prefix); + return KRB5_KT_NOWRITE; + } + return (*id->remove)(context, id, entry); +} diff --git a/source4/heimdal/lib/krb5/keytab_any.c b/source4/heimdal/lib/krb5/keytab_any.c new file mode 100644 index 0000000000..667788c69d --- /dev/null +++ b/source4/heimdal/lib/krb5/keytab_any.c @@ -0,0 +1,256 @@ +/* + * Copyright (c) 2001-2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: keytab_any.c,v 1.7 2002/10/21 13:36:59 joda Exp $"); + +struct any_data { + krb5_keytab kt; + char *name; + struct any_data *next; +}; + +static void +free_list (krb5_context context, struct any_data *a) +{ + struct any_data *next; + + for (; a != NULL; a = next) { + next = a->next; + free (a->name); + if(a->kt) + krb5_kt_close(context, a->kt); + free (a); + } +} + +static krb5_error_code +any_resolve(krb5_context context, const char *name, krb5_keytab id) +{ + struct any_data *a, *a0 = NULL, *prev = NULL; + krb5_error_code ret; + char buf[256]; + + while (strsep_copy(&name, ",", buf, sizeof(buf)) != -1) { + a = malloc(sizeof(*a)); + if (a == NULL) { + ret = ENOMEM; + goto fail; + } + if (a0 == NULL) { + a0 = a; + a->name = strdup(buf); + if (a->name == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + goto fail; + } + } else + a->name = NULL; + if (prev != NULL) + prev->next = a; + a->next = NULL; + ret = krb5_kt_resolve (context, buf, &a->kt); + if (ret) + goto fail; + prev = a; + } + if (a0 == NULL) { + krb5_set_error_string(context, "empty ANY: keytab"); + return ENOENT; + } + id->data = a0; + return 0; + fail: + free_list (context, a0); + return ret; +} + +static krb5_error_code +any_get_name (krb5_context context, + krb5_keytab id, + char *name, + size_t namesize) +{ + struct any_data *a = id->data; + strlcpy(name, a->name, namesize); + return 0; +} + +static krb5_error_code +any_close (krb5_context context, + krb5_keytab id) +{ + struct any_data *a = id->data; + + free_list (context, a); + return 0; +} + +struct any_cursor_extra_data { + struct any_data *a; + krb5_kt_cursor cursor; +}; + +static krb5_error_code +any_start_seq_get(krb5_context context, + krb5_keytab id, + krb5_kt_cursor *c) +{ + struct any_data *a = id->data; + struct any_cursor_extra_data *ed; + krb5_error_code ret; + + c->data = malloc (sizeof(struct any_cursor_extra_data)); + if(c->data == NULL){ + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + ed = (struct any_cursor_extra_data *)c->data; + ed->a = a; + ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); + if (ret) { + free (c->data); + c->data = NULL; + return ret; + } + return 0; +} + +static krb5_error_code +any_next_entry (krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, + krb5_kt_cursor *cursor) +{ + krb5_error_code ret, ret2; + struct any_cursor_extra_data *ed; + + ed = (struct any_cursor_extra_data *)cursor->data; + do { + ret = krb5_kt_next_entry(context, ed->a->kt, entry, &ed->cursor); + if (ret == 0) + return 0; + else if (ret == KRB5_KT_END) { + ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor); + if (ret2) + return ret2; + while ((ed->a = ed->a->next) != NULL) { + ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); + if (ret2 == 0) + break; + } + if (ed->a == NULL) { + krb5_clear_error_string (context); + return KRB5_KT_END; + } + } else + return ret; + } while (ret == KRB5_KT_END); + return ret; +} + +static krb5_error_code +any_end_seq_get(krb5_context context, + krb5_keytab id, + krb5_kt_cursor *cursor) +{ + krb5_error_code ret = 0; + struct any_cursor_extra_data *ed; + + ed = (struct any_cursor_extra_data *)cursor->data; + if (ed->a != NULL) + ret = krb5_kt_end_seq_get(context, ed->a->kt, &ed->cursor); + free (ed); + cursor->data = NULL; + return ret; +} + +static krb5_error_code +any_add_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + struct any_data *a = id->data; + krb5_error_code ret; + while(a != NULL) { + ret = krb5_kt_add_entry(context, a->kt, entry); + if(ret != 0 && ret != KRB5_KT_NOWRITE) { + krb5_set_error_string(context, "failed to add entry to %s", + a->name); + return ret; + } + a = a->next; + } + return 0; +} + +static krb5_error_code +any_remove_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + struct any_data *a = id->data; + krb5_error_code ret; + int found = 0; + while(a != NULL) { + ret = krb5_kt_remove_entry(context, a->kt, entry); + if(ret == 0) + found++; + else { + if(ret != KRB5_KT_NOWRITE && ret != KRB5_KT_NOTFOUND) { + krb5_set_error_string(context, "failed to remove entry from %s", + a->name); + return ret; + } + } + a = a->next; + } + if(!found) + return KRB5_KT_NOTFOUND; + return 0; +} + +const krb5_kt_ops krb5_any_ops = { + "ANY", + any_resolve, + any_get_name, + any_close, + NULL, /* get */ + any_start_seq_get, + any_next_entry, + any_end_seq_get, + any_add_entry, + any_remove_entry +}; diff --git a/source4/heimdal/lib/krb5/keytab_file.c b/source4/heimdal/lib/krb5/keytab_file.c new file mode 100644 index 0000000000..dca09ff6f3 --- /dev/null +++ b/source4/heimdal/lib/krb5/keytab_file.c @@ -0,0 +1,678 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: keytab_file.c,v 1.18 2005/05/31 21:50:43 lha Exp $"); + +#define KRB5_KT_VNO_1 1 +#define KRB5_KT_VNO_2 2 +#define KRB5_KT_VNO KRB5_KT_VNO_2 + +#define KRB5_KT_FL_JAVA 1 + + +/* file operations -------------------------------------------- */ + +struct fkt_data { + char *filename; + int flags; +}; + +static krb5_error_code +krb5_kt_ret_data(krb5_context context, + krb5_storage *sp, + krb5_data *data) +{ + int ret; + int16_t size; + ret = krb5_ret_int16(sp, &size); + if(ret) + return ret; + data->length = size; + data->data = malloc(size); + if (data->data == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + ret = krb5_storage_read(sp, data->data, size); + if(ret != size) + return (ret < 0)? errno : KRB5_KT_END; + return 0; +} + +static krb5_error_code +krb5_kt_ret_string(krb5_context context, + krb5_storage *sp, + heim_general_string *data) +{ + int ret; + int16_t size; + ret = krb5_ret_int16(sp, &size); + if(ret) + return ret; + *data = malloc(size + 1); + if (*data == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + ret = krb5_storage_read(sp, *data, size); + (*data)[size] = '\0'; + if(ret != size) + return (ret < 0)? errno : KRB5_KT_END; + return 0; +} + +static krb5_error_code +krb5_kt_store_data(krb5_context context, + krb5_storage *sp, + krb5_data data) +{ + int ret; + ret = krb5_store_int16(sp, data.length); + if(ret < 0) + return ret; + ret = krb5_storage_write(sp, data.data, data.length); + if(ret != data.length){ + if(ret < 0) + return errno; + return KRB5_KT_END; + } + return 0; +} + +static krb5_error_code +krb5_kt_store_string(krb5_storage *sp, + heim_general_string data) +{ + int ret; + size_t len = strlen(data); + ret = krb5_store_int16(sp, len); + if(ret < 0) + return ret; + ret = krb5_storage_write(sp, data, len); + if(ret != len){ + if(ret < 0) + return errno; + return KRB5_KT_END; + } + return 0; +} + +static krb5_error_code +krb5_kt_ret_keyblock(krb5_context context, krb5_storage *sp, krb5_keyblock *p) +{ + int ret; + int16_t tmp; + + ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */ + if(ret) return ret; + p->keytype = tmp; + ret = krb5_kt_ret_data(context, sp, &p->keyvalue); + return ret; +} + +static krb5_error_code +krb5_kt_store_keyblock(krb5_context context, + krb5_storage *sp, + krb5_keyblock *p) +{ + int ret; + + ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */ + if(ret) return ret; + ret = krb5_kt_store_data(context, sp, p->keyvalue); + return ret; +} + + +static krb5_error_code +krb5_kt_ret_principal(krb5_context context, + krb5_storage *sp, + krb5_principal *princ) +{ + int i; + int ret; + krb5_principal p; + int16_t tmp; + + ALLOC(p, 1); + if(p == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + + ret = krb5_ret_int16(sp, &tmp); + if(ret) + return ret; + if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) + tmp--; + p->name.name_string.len = tmp; + ret = krb5_kt_ret_string(context, sp, &p->realm); + if(ret) + return ret; + p->name.name_string.val = calloc(p->name.name_string.len, + sizeof(*p->name.name_string.val)); + if(p->name.name_string.val == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + for(i = 0; i < p->name.name_string.len; i++){ + ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i); + if(ret) + return ret; + } + if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) + p->name.name_type = KRB5_NT_UNKNOWN; + else { + int32_t tmp32; + ret = krb5_ret_int32(sp, &tmp32); + p->name.name_type = tmp32; + if (ret) + return ret; + } + *princ = p; + return 0; +} + +static krb5_error_code +krb5_kt_store_principal(krb5_context context, + krb5_storage *sp, + krb5_principal p) +{ + int i; + int ret; + + if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) + ret = krb5_store_int16(sp, p->name.name_string.len + 1); + else + ret = krb5_store_int16(sp, p->name.name_string.len); + if(ret) return ret; + ret = krb5_kt_store_string(sp, p->realm); + if(ret) return ret; + for(i = 0; i < p->name.name_string.len; i++){ + ret = krb5_kt_store_string(sp, p->name.name_string.val[i]); + if(ret) + return ret; + } + if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) { + ret = krb5_store_int32(sp, p->name.name_type); + if(ret) + return ret; + } + + return 0; +} + +static krb5_error_code +fkt_resolve(krb5_context context, const char *name, krb5_keytab id) +{ + struct fkt_data *d; + + d = malloc(sizeof(*d)); + if(d == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + d->filename = strdup(name); + if(d->filename == NULL) { + free(d); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + d->flags = 0; + id->data = d; + return 0; +} + +static krb5_error_code +fkt_resolve_java14(krb5_context context, const char *name, krb5_keytab id) +{ + krb5_error_code ret; + + ret = fkt_resolve(context, name, id); + if (ret == 0) { + struct fkt_data *d = id->data; + d->flags |= KRB5_KT_FL_JAVA; + } + return ret; +} + +static krb5_error_code +fkt_close(krb5_context context, krb5_keytab id) +{ + struct fkt_data *d = id->data; + free(d->filename); + free(d); + return 0; +} + +static krb5_error_code +fkt_get_name(krb5_context context, + krb5_keytab id, + char *name, + size_t namesize) +{ + /* This function is XXX */ + struct fkt_data *d = id->data; + strlcpy(name, d->filename, namesize); + return 0; +} + +static void +storage_set_flags(krb5_context context, krb5_storage *sp, int vno) +{ + int flags = 0; + switch(vno) { + case KRB5_KT_VNO_1: + flags |= KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS; + flags |= KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE; + flags |= KRB5_STORAGE_HOST_BYTEORDER; + break; + case KRB5_KT_VNO_2: + break; + default: + krb5_warnx(context, + "storage_set_flags called with bad vno (%d)", vno); + } + krb5_storage_set_flags(sp, flags); +} + +static krb5_error_code +fkt_start_seq_get_int(krb5_context context, + krb5_keytab id, + int flags, + int exclusive, + krb5_kt_cursor *c) +{ + int8_t pvno, tag; + krb5_error_code ret; + struct fkt_data *d = id->data; + + c->fd = open (d->filename, flags); + if (c->fd < 0) { + ret = errno; + krb5_set_error_string(context, "%s: %s", d->filename, + strerror(ret)); + return ret; + } + ret = _krb5_xlock(context, c->fd, exclusive, d->filename); + if (ret) { + close(c->fd); + return ret; + } + c->sp = krb5_storage_from_fd(c->fd); + krb5_storage_set_eof_code(c->sp, KRB5_KT_END); + ret = krb5_ret_int8(c->sp, &pvno); + if(ret) { + krb5_storage_free(c->sp); + _krb5_xunlock(context, c->fd); + close(c->fd); + krb5_clear_error_string(context); + return ret; + } + if(pvno != 5) { + krb5_storage_free(c->sp); + _krb5_xunlock(context, c->fd); + close(c->fd); + krb5_clear_error_string (context); + return KRB5_KEYTAB_BADVNO; + } + ret = krb5_ret_int8(c->sp, &tag); + if (ret) { + krb5_storage_free(c->sp); + _krb5_xunlock(context, c->fd); + close(c->fd); + krb5_clear_error_string(context); + return ret; + } + id->version = tag; + storage_set_flags(context, c->sp, id->version); + return 0; +} + +static krb5_error_code +fkt_start_seq_get(krb5_context context, + krb5_keytab id, + krb5_kt_cursor *c) +{ + return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY, 0, c); +} + +static krb5_error_code +fkt_next_entry_int(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, + krb5_kt_cursor *cursor, + off_t *start, + off_t *end) +{ + int32_t len; + int ret; + int8_t tmp8; + int32_t tmp32; + off_t pos, curpos; + + pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR); +loop: + ret = krb5_ret_int32(cursor->sp, &len); + if (ret) + return ret; + if(len < 0) { + pos = krb5_storage_seek(cursor->sp, -len, SEEK_CUR); + goto loop; + } + ret = krb5_kt_ret_principal (context, cursor->sp, &entry->principal); + if (ret) + goto out; + ret = krb5_ret_int32(cursor->sp, &tmp32); + entry->timestamp = tmp32; + if (ret) + goto out; + ret = krb5_ret_int8(cursor->sp, &tmp8); + if (ret) + goto out; + entry->vno = tmp8; + ret = krb5_kt_ret_keyblock (context, cursor->sp, &entry->keyblock); + if (ret) + goto out; + /* there might be a 32 bit kvno here + * if it's zero, assume that the 8bit one was right, + * otherwise trust the new value */ + curpos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR); + if(len + 4 + pos - curpos == 4) { + ret = krb5_ret_int32(cursor->sp, &tmp32); + if (ret == 0 && tmp32 != 0) { + entry->vno = tmp32; + } + } + if(start) *start = pos; + if(end) *end = *start + 4 + len; + out: + krb5_storage_seek(cursor->sp, pos + 4 + len, SEEK_SET); + return ret; +} + +static krb5_error_code +fkt_next_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, + krb5_kt_cursor *cursor) +{ + return fkt_next_entry_int(context, id, entry, cursor, NULL, NULL); +} + +static krb5_error_code +fkt_end_seq_get(krb5_context context, + krb5_keytab id, + krb5_kt_cursor *cursor) +{ + krb5_storage_free(cursor->sp); + _krb5_xunlock(context, cursor->fd); + close(cursor->fd); + return 0; +} + +static krb5_error_code +fkt_setup_keytab(krb5_context context, + krb5_keytab id, + krb5_storage *sp) +{ + krb5_error_code ret; + ret = krb5_store_int8(sp, 5); + if(ret) + return ret; + if(id->version == 0) + id->version = KRB5_KT_VNO; + return krb5_store_int8 (sp, id->version); +} + +static krb5_error_code +fkt_add_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + int ret; + int fd; + krb5_storage *sp; + struct fkt_data *d = id->data; + krb5_data keytab; + int32_t len; + + fd = open (d->filename, O_RDWR | O_BINARY); + if (fd < 0) { + fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); + if (fd < 0) { + ret = errno; + krb5_set_error_string(context, "open(%s): %s", d->filename, + strerror(ret)); + return ret; + } + ret = _krb5_xlock(context, fd, 1, d->filename); + if (ret) { + close(fd); + return ret; + } + sp = krb5_storage_from_fd(fd); + krb5_storage_set_eof_code(sp, KRB5_KT_END); + ret = fkt_setup_keytab(context, id, sp); + if(ret) { + goto out; + } + storage_set_flags(context, sp, id->version); + } else { + int8_t pvno, tag; + ret = _krb5_xlock(context, fd, 1, d->filename); + if (ret) { + close(fd); + return ret; + } + sp = krb5_storage_from_fd(fd); + krb5_storage_set_eof_code(sp, KRB5_KT_END); + ret = krb5_ret_int8(sp, &pvno); + if(ret) { + /* we probably have a zero byte file, so try to set it up + properly */ + ret = fkt_setup_keytab(context, id, sp); + if(ret) { + krb5_set_error_string(context, "%s: keytab is corrupted: %s", + d->filename, strerror(ret)); + goto out; + } + storage_set_flags(context, sp, id->version); + } else { + if(pvno != 5) { + ret = KRB5_KEYTAB_BADVNO; + krb5_set_error_string(context, "%s: %s", + d->filename, strerror(ret)); + goto out; + } + ret = krb5_ret_int8 (sp, &tag); + if (ret) { + krb5_set_error_string(context, "%s: reading tag: %s", + d->filename, strerror(ret)); + goto out; + } + id->version = tag; + storage_set_flags(context, sp, id->version); + } + } + + { + krb5_storage *emem; + emem = krb5_storage_emem(); + if(emem == NULL) { + ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); + goto out; + } + ret = krb5_kt_store_principal(context, emem, entry->principal); + if(ret) { + krb5_storage_free(emem); + goto out; + } + ret = krb5_store_int32 (emem, entry->timestamp); + if(ret) { + krb5_storage_free(emem); + goto out; + } + ret = krb5_store_int8 (emem, entry->vno % 256); + if(ret) { + krb5_storage_free(emem); + goto out; + } + ret = krb5_kt_store_keyblock (context, emem, &entry->keyblock); + if(ret) { + krb5_storage_free(emem); + goto out; + } + if ((d->flags & KRB5_KT_FL_JAVA) == 0) { + ret = krb5_store_int32 (emem, entry->vno); + if (ret) { + krb5_storage_free(emem); + goto out; + } + } + + ret = krb5_storage_to_data(emem, &keytab); + krb5_storage_free(emem); + if(ret) + goto out; + } + + while(1) { + ret = krb5_ret_int32(sp, &len); + if(ret == KRB5_KT_END) { + len = keytab.length; + break; + } + if(len < 0) { + len = -len; + if(len >= keytab.length) { + krb5_storage_seek(sp, -4, SEEK_CUR); + break; + } + } + krb5_storage_seek(sp, len, SEEK_CUR); + } + ret = krb5_store_int32(sp, len); + if(krb5_storage_write(sp, keytab.data, keytab.length) < 0) + ret = errno; + memset(keytab.data, 0, keytab.length); + krb5_data_free(&keytab); + out: + krb5_storage_free(sp); + _krb5_xunlock(context, fd); + close(fd); + return ret; +} + +static krb5_error_code +fkt_remove_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + krb5_keytab_entry e; + krb5_kt_cursor cursor; + off_t pos_start, pos_end; + int found = 0; + krb5_error_code ret; + + ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY, 1, &cursor); + if(ret != 0) + goto out; /* return other error here? */ + while(fkt_next_entry_int(context, id, &e, &cursor, + &pos_start, &pos_end) == 0) { + if(krb5_kt_compare(context, &e, entry->principal, + entry->vno, entry->keyblock.keytype)) { + int32_t len; + unsigned char buf[128]; + found = 1; + krb5_storage_seek(cursor.sp, pos_start, SEEK_SET); + len = pos_end - pos_start - 4; + krb5_store_int32(cursor.sp, -len); + memset(buf, 0, sizeof(buf)); + while(len > 0) { + krb5_storage_write(cursor.sp, buf, min(len, sizeof(buf))); + len -= min(len, sizeof(buf)); + } + } + krb5_kt_free_entry(context, &e); + } + krb5_kt_end_seq_get(context, id, &cursor); + out: + if (!found) { + krb5_clear_error_string (context); + return KRB5_KT_NOTFOUND; + } + return 0; +} + +const krb5_kt_ops krb5_fkt_ops = { + "FILE", + fkt_resolve, + fkt_get_name, + fkt_close, + NULL, /* get */ + fkt_start_seq_get, + fkt_next_entry, + fkt_end_seq_get, + fkt_add_entry, + fkt_remove_entry +}; + +const krb5_kt_ops krb5_wrfkt_ops = { + "WRFILE", + fkt_resolve, + fkt_get_name, + fkt_close, + NULL, /* get */ + fkt_start_seq_get, + fkt_next_entry, + fkt_end_seq_get, + fkt_add_entry, + fkt_remove_entry +}; + +const krb5_kt_ops krb5_javakt_ops = { + "JAVA14", + fkt_resolve_java14, + fkt_get_name, + fkt_close, + NULL, /* get */ + fkt_start_seq_get, + fkt_next_entry, + fkt_end_seq_get, + fkt_add_entry, + fkt_remove_entry +}; diff --git a/source4/heimdal/lib/krb5/keytab_keyfile.c b/source4/heimdal/lib/krb5/keytab_keyfile.c new file mode 100644 index 0000000000..b53fa36a03 --- /dev/null +++ b/source4/heimdal/lib/krb5/keytab_keyfile.c @@ -0,0 +1,389 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: keytab_keyfile.c,v 1.16 2005/01/08 22:57:18 lha Exp $"); + +/* afs keyfile operations --------------------------------------- */ + +/* + * Minimum tools to handle the AFS KeyFile. + * + * Format of the KeyFile is: + * {[ ] * numkeys} + * + * It just adds to the end of the keyfile, deleting isn't implemented. + * Use your favorite text/hex editor to delete keys. + * + */ + +#define AFS_SERVERTHISCELL "/usr/afs/etc/ThisCell" +#define AFS_SERVERMAGICKRBCONF "/usr/afs/etc/krb.conf" + +struct akf_data { + int num_entries; + char *filename; + char *cell; + char *realm; +}; + +/* + * set `d->cell' and `d->realm' + */ + +static int +get_cell_and_realm (krb5_context context, + struct akf_data *d) +{ + FILE *f; + char buf[BUFSIZ], *cp; + int ret; + + f = fopen (AFS_SERVERTHISCELL, "r"); + if (f == NULL) { + ret = errno; + krb5_set_error_string (context, "open %s: %s", AFS_SERVERTHISCELL, + strerror(ret)); + return ret; + } + if (fgets (buf, sizeof(buf), f) == NULL) { + fclose (f); + krb5_set_error_string (context, "no cell in %s", AFS_SERVERTHISCELL); + return EINVAL; + } + buf[strcspn(buf, "\n")] = '\0'; + fclose(f); + + d->cell = strdup (buf); + if (d->cell == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + + f = fopen (AFS_SERVERMAGICKRBCONF, "r"); + if (f != NULL) { + if (fgets (buf, sizeof(buf), f) == NULL) { + fclose (f); + krb5_set_error_string (context, "no realm in %s", + AFS_SERVERMAGICKRBCONF); + return EINVAL; + } + buf[strcspn(buf, "\n")] = '\0'; + fclose(f); + } + /* uppercase */ + for (cp = buf; *cp != '\0'; cp++) + *cp = toupper((unsigned char)*cp); + + d->realm = strdup (buf); + if (d->realm == NULL) { + free (d->cell); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + return 0; +} + +/* + * init and get filename + */ + +static krb5_error_code +akf_resolve(krb5_context context, const char *name, krb5_keytab id) +{ + int ret; + struct akf_data *d = malloc(sizeof (struct akf_data)); + + if (d == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + + d->num_entries = 0; + ret = get_cell_and_realm (context, d); + if (ret) { + free (d); + return ret; + } + d->filename = strdup (name); + if (d->filename == NULL) { + free (d->cell); + free (d->realm); + free (d); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + id->data = d; + + return 0; +} + +/* + * cleanup + */ + +static krb5_error_code +akf_close(krb5_context context, krb5_keytab id) +{ + struct akf_data *d = id->data; + + free (d->filename); + free (d->cell); + free (d); + return 0; +} + +/* + * Return filename + */ + +static krb5_error_code +akf_get_name(krb5_context context, + krb5_keytab id, + char *name, + size_t name_sz) +{ + struct akf_data *d = id->data; + + strlcpy (name, d->filename, name_sz); + return 0; +} + +/* + * Init + */ + +static krb5_error_code +akf_start_seq_get(krb5_context context, + krb5_keytab id, + krb5_kt_cursor *c) +{ + int32_t ret; + struct akf_data *d = id->data; + + c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600); + if (c->fd < 0) { + ret = errno; + krb5_set_error_string(context, "open(%s): %s", d->filename, + strerror(ret)); + return ret; + } + + c->sp = krb5_storage_from_fd(c->fd); + ret = krb5_ret_int32(c->sp, &d->num_entries); + if(ret) { + krb5_storage_free(c->sp); + close(c->fd); + krb5_clear_error_string (context); + if(ret == KRB5_KT_END) + return KRB5_KT_NOTFOUND; + return ret; + } + + return 0; +} + +static krb5_error_code +akf_next_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, + krb5_kt_cursor *cursor) +{ + struct akf_data *d = id->data; + int32_t kvno; + off_t pos; + int ret; + + pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR); + + if ((pos - 4) / (4 + 8) >= d->num_entries) + return KRB5_KT_END; + + ret = krb5_make_principal (context, &entry->principal, + d->realm, "afs", d->cell, NULL); + if (ret) + goto out; + + ret = krb5_ret_int32(cursor->sp, &kvno); + if (ret) { + krb5_free_principal (context, entry->principal); + goto out; + } + + entry->vno = kvno; + + entry->keyblock.keytype = ETYPE_DES_CBC_MD5; + entry->keyblock.keyvalue.length = 8; + entry->keyblock.keyvalue.data = malloc (8); + if (entry->keyblock.keyvalue.data == NULL) { + krb5_free_principal (context, entry->principal); + krb5_set_error_string (context, "malloc: out of memory"); + ret = ENOMEM; + goto out; + } + + ret = krb5_storage_read(cursor->sp, entry->keyblock.keyvalue.data, 8); + if(ret != 8) + ret = (ret < 0) ? errno : KRB5_KT_END; + else + ret = 0; + + entry->timestamp = time(NULL); + + out: + krb5_storage_seek(cursor->sp, pos + 4 + 8, SEEK_SET); + return ret; +} + +static krb5_error_code +akf_end_seq_get(krb5_context context, + krb5_keytab id, + krb5_kt_cursor *cursor) +{ + krb5_storage_free(cursor->sp); + close(cursor->fd); + return 0; +} + +static krb5_error_code +akf_add_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + struct akf_data *d = id->data; + int fd, created = 0; + krb5_error_code ret; + int32_t len; + krb5_storage *sp; + + + if (entry->keyblock.keyvalue.length != 8 + || entry->keyblock.keytype != ETYPE_DES_CBC_MD5) + return 0; + + fd = open (d->filename, O_RDWR | O_BINARY); + if (fd < 0) { + fd = open (d->filename, + O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600); + if (fd < 0) { + ret = errno; + krb5_set_error_string(context, "open(%s): %s", d->filename, + strerror(ret)); + return ret; + } + created = 1; + } + + sp = krb5_storage_from_fd(fd); + if(sp == NULL) { + close(fd); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + if (created) + len = 0; + else { + if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) { + ret = errno; + krb5_storage_free(sp); + close(fd); + krb5_set_error_string (context, "seek: %s", strerror(ret)); + return ret; + } + + ret = krb5_ret_int32(sp, &len); + if(ret) { + krb5_storage_free(sp); + close(fd); + return ret; + } + } + len++; + + if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) { + ret = errno; + krb5_storage_free(sp); + close(fd); + krb5_set_error_string (context, "seek: %s", strerror(ret)); + return ret; + } + + ret = krb5_store_int32(sp, len); + if(ret) { + krb5_storage_free(sp); + close(fd); + return ret; + } + + + if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) { + ret = errno; + krb5_storage_free(sp); + close(fd); + krb5_set_error_string (context, "seek: %s", strerror(ret)); + return ret; + } + + ret = krb5_store_int32(sp, entry->vno); + if(ret) { + krb5_storage_free(sp); + close(fd); + return ret; + } + ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, + entry->keyblock.keyvalue.length); + if(ret != entry->keyblock.keyvalue.length) { + krb5_storage_free(sp); + close(fd); + if(ret < 0) + return errno; + return ENOTTY; + } + krb5_storage_free(sp); + close (fd); + return 0; +} + +const krb5_kt_ops krb5_akf_ops = { + "AFSKEYFILE", + akf_resolve, + akf_get_name, + akf_close, + NULL, /* get */ + akf_start_seq_get, + akf_next_entry, + akf_end_seq_get, + akf_add_entry, + NULL /* remove */ +}; diff --git a/source4/heimdal/lib/krb5/keytab_krb4.c b/source4/heimdal/lib/krb5/keytab_krb4.c new file mode 100644 index 0000000000..1a83faca57 --- /dev/null +++ b/source4/heimdal/lib/krb5/keytab_krb4.c @@ -0,0 +1,443 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: keytab_krb4.c,v 1.13 2005/05/19 04:13:18 lha Exp $"); + +struct krb4_kt_data { + char *filename; +}; + +static krb5_error_code +krb4_kt_resolve(krb5_context context, const char *name, krb5_keytab id) +{ + struct krb4_kt_data *d; + + d = malloc (sizeof(*d)); + if (d == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + d->filename = strdup (name); + if (d->filename == NULL) { + free(d); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + id->data = d; + return 0; +} + +static krb5_error_code +krb4_kt_get_name (krb5_context context, + krb5_keytab id, + char *name, + size_t name_sz) +{ + struct krb4_kt_data *d = id->data; + + strlcpy (name, d->filename, name_sz); + return 0; +} + +static krb5_error_code +krb4_kt_close (krb5_context context, + krb5_keytab id) +{ + struct krb4_kt_data *d = id->data; + + free (d->filename); + free (d); + return 0; +} + +struct krb4_cursor_extra_data { + krb5_keytab_entry entry; + int num; +}; + +static int +open_flock(const char *filename, int flags, int mode) +{ + int lock_mode; + int tries = 0; + int fd = open(filename, flags, mode); + if(fd < 0) + return fd; + if((flags & O_ACCMODE) == O_RDONLY) + lock_mode = LOCK_SH | LOCK_NB; + else + lock_mode = LOCK_EX | LOCK_NB; + while(flock(fd, lock_mode) < 0) { + if(++tries < 5) { + sleep(1); + } else { + close(fd); + return -1; + } + } + return fd; +} + + + +static krb5_error_code +krb4_kt_start_seq_get_int (krb5_context context, + krb5_keytab id, + int flags, + krb5_kt_cursor *c) +{ + struct krb4_kt_data *d = id->data; + struct krb4_cursor_extra_data *ed; + int ret; + + ed = malloc (sizeof(*ed)); + if (ed == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + ed->entry.principal = NULL; + ed->num = -1; + c->data = ed; + c->fd = open_flock (d->filename, flags, 0); + if (c->fd < 0) { + ret = errno; + free (ed); + krb5_set_error_string(context, "open(%s): %s", d->filename, + strerror(ret)); + return ret; + } + c->sp = krb5_storage_from_fd(c->fd); + krb5_storage_set_eof_code(c->sp, KRB5_KT_END); + return 0; +} + +static krb5_error_code +krb4_kt_start_seq_get (krb5_context context, + krb5_keytab id, + krb5_kt_cursor *c) +{ + return krb4_kt_start_seq_get_int (context, id, O_BINARY | O_RDONLY, c); +} + +static krb5_error_code +read_v4_entry (krb5_context context, + struct krb4_kt_data *d, + krb5_kt_cursor *c, + struct krb4_cursor_extra_data *ed) +{ + unsigned char des_key[8]; + krb5_error_code ret; + char *service, *instance, *realm; + int8_t kvno; + + ret = krb5_ret_stringz(c->sp, &service); + if (ret) + return ret; + ret = krb5_ret_stringz(c->sp, &instance); + if (ret) { + free (service); + return ret; + } + ret = krb5_ret_stringz(c->sp, &realm); + if (ret) { + free (service); + free (instance); + return ret; + } + ret = krb5_425_conv_principal (context, service, instance, realm, + &ed->entry.principal); + free (service); + free (instance); + free (realm); + if (ret) + return ret; + ret = krb5_ret_int8(c->sp, &kvno); + if (ret) { + krb5_free_principal (context, ed->entry.principal); + return ret; + } + ret = krb5_storage_read(c->sp, des_key, sizeof(des_key)); + if (ret < 0) { + krb5_free_principal(context, ed->entry.principal); + return ret; + } + if (ret < 8) { + krb5_free_principal(context, ed->entry.principal); + return EINVAL; + } + ed->entry.vno = kvno; + ret = krb5_data_copy (&ed->entry.keyblock.keyvalue, + des_key, sizeof(des_key)); + if (ret) + return ret; + ed->entry.timestamp = time(NULL); + ed->num = 0; + return 0; +} + +static krb5_error_code +krb4_kt_next_entry (krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, + krb5_kt_cursor *c) +{ + krb5_error_code ret; + struct krb4_kt_data *d = id->data; + struct krb4_cursor_extra_data *ed = c->data; + const krb5_enctype keytypes[] = {ETYPE_DES_CBC_MD5, + ETYPE_DES_CBC_MD4, + ETYPE_DES_CBC_CRC}; + + if (ed->num == -1) { + ret = read_v4_entry (context, d, c, ed); + if (ret) + return ret; + } + ret = krb5_kt_copy_entry_contents (context, + &ed->entry, + entry); + if (ret) + return ret; + entry->keyblock.keytype = keytypes[ed->num]; + if (++ed->num == 3) { + krb5_kt_free_entry (context, &ed->entry); + ed->num = -1; + } + return 0; +} + +static krb5_error_code +krb4_kt_end_seq_get (krb5_context context, + krb5_keytab id, + krb5_kt_cursor *c) +{ + struct krb4_cursor_extra_data *ed = c->data; + + krb5_storage_free (c->sp); + if (ed->num != -1) + krb5_kt_free_entry (context, &ed->entry); + free (c->data); + close (c->fd); + return 0; +} + +static krb5_error_code +krb4_store_keytab_entry(krb5_context context, + krb5_keytab_entry *entry, + krb5_storage *sp) +{ + krb5_error_code ret; +#define ANAME_SZ 40 +#define INST_SZ 40 +#define REALM_SZ 40 + char service[ANAME_SZ]; + char instance[INST_SZ]; + char realm[REALM_SZ]; + ret = krb5_524_conv_principal (context, entry->principal, + service, instance, realm); + if (ret) + return ret; + if (entry->keyblock.keyvalue.length == 8 + && entry->keyblock.keytype == ETYPE_DES_CBC_MD5) { + ret = krb5_store_stringz(sp, service); + ret = krb5_store_stringz(sp, instance); + ret = krb5_store_stringz(sp, realm); + ret = krb5_store_int8(sp, entry->vno); + ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, 8); + } + return 0; +} + +static krb5_error_code +krb4_kt_add_entry (krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + struct krb4_kt_data *d = id->data; + krb5_storage *sp; + krb5_error_code ret; + int fd; + + fd = open_flock (d->filename, O_WRONLY | O_APPEND | O_BINARY, 0); + if (fd < 0) { + fd = open_flock (d->filename, + O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600); + if (fd < 0) { + ret = errno; + krb5_set_error_string(context, "open(%s): %s", d->filename, + strerror(ret)); + return ret; + } + } + sp = krb5_storage_from_fd(fd); + krb5_storage_set_eof_code(sp, KRB5_KT_END); + if(sp == NULL) { + close(fd); + return ENOMEM; + } + ret = krb4_store_keytab_entry(context, entry, sp); + krb5_storage_free(sp); + if(close (fd) < 0) + return errno; + return ret; +} + +static krb5_error_code +krb4_kt_remove_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + struct krb4_kt_data *d = id->data; + krb5_error_code ret; + krb5_keytab_entry e; + krb5_kt_cursor cursor; + krb5_storage *sp; + int remove_flag = 0; + + sp = krb5_storage_emem(); + if (sp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + ret = krb5_kt_start_seq_get(context, id, &cursor); + if (ret) { + krb5_storage_free(sp); + return ret; + } + while(krb5_kt_next_entry(context, id, &e, &cursor) == 0) { + if(!krb5_kt_compare(context, &e, entry->principal, + entry->vno, entry->keyblock.keytype)) { + ret = krb4_store_keytab_entry(context, &e, sp); + if(ret) { + krb5_kt_free_entry(context, &e); + krb5_storage_free(sp); + return ret; + } + } else + remove_flag = 1; + krb5_kt_free_entry(context, &e); + } + krb5_kt_end_seq_get(context, id, &cursor); + if(remove_flag) { + int fd; + unsigned char buf[1024]; + ssize_t n; + krb5_data data; + struct stat st; + + krb5_storage_to_data(sp, &data); + krb5_storage_free(sp); + + fd = open_flock (d->filename, O_RDWR | O_BINARY, 0); + if(fd < 0) { + memset(data.data, 0, data.length); + krb5_data_free(&data); + if(errno == EACCES || errno == EROFS) + return KRB5_KT_NOWRITE; + return errno; + } + + if(write(fd, data.data, data.length) != data.length) { + memset(data.data, 0, data.length); + krb5_data_free(&data); + close(fd); + krb5_set_error_string(context, "failed writing to \"%s\"", d->filename); + return errno; + } + memset(data.data, 0, data.length); + if(fstat(fd, &st) < 0) { + krb5_data_free(&data); + close(fd); + krb5_set_error_string(context, "failed getting size of \"%s\"", d->filename); + return errno; + } + st.st_size -= data.length; + memset(buf, 0, sizeof(buf)); + while(st.st_size > 0) { + n = min(st.st_size, sizeof(buf)); + n = write(fd, buf, n); + if(n <= 0) { + krb5_data_free(&data); + close(fd); + krb5_set_error_string(context, "failed writing to \"%s\"", d->filename); + return errno; + + } + st.st_size -= n; + } + if(ftruncate(fd, data.length) < 0) { + krb5_data_free(&data); + close(fd); + krb5_set_error_string(context, "failed truncating \"%s\"", d->filename); + return errno; + } + krb5_data_free(&data); + if(close(fd) < 0) { + krb5_set_error_string(context, "error closing \"%s\"", d->filename); + return errno; + } + return 0; + } else { + krb5_storage_free(sp); + return KRB5_KT_NOTFOUND; + } +} + + +const krb5_kt_ops krb4_fkt_ops = { + "krb4", + krb4_kt_resolve, + krb4_kt_get_name, + krb4_kt_close, + NULL, /* get */ + krb4_kt_start_seq_get, + krb4_kt_next_entry, + krb4_kt_end_seq_get, + krb4_kt_add_entry, /* add_entry */ + krb4_kt_remove_entry /* remove_entry */ +}; + +const krb5_kt_ops krb5_srvtab_fkt_ops = { + "SRVTAB", + krb4_kt_resolve, + krb4_kt_get_name, + krb4_kt_close, + NULL, /* get */ + krb4_kt_start_seq_get, + krb4_kt_next_entry, + krb4_kt_end_seq_get, + krb4_kt_add_entry, /* add_entry */ + krb4_kt_remove_entry /* remove_entry */ +}; diff --git a/source4/heimdal/lib/krb5/keytab_memory.c b/source4/heimdal/lib/krb5/keytab_memory.c new file mode 100644 index 0000000000..3dca5154e3 --- /dev/null +++ b/source4/heimdal/lib/krb5/keytab_memory.c @@ -0,0 +1,229 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: keytab_memory.c,v 1.6 2005/05/18 04:44:40 lha Exp $"); + +/* memory operations -------------------------------------------- */ + +struct mkt_data { + krb5_keytab_entry *entries; + int num_entries; +}; + +static krb5_error_code +mkt_resolve(krb5_context context, const char *name, krb5_keytab id) +{ + struct mkt_data *d; + d = malloc(sizeof(*d)); + if(d == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + d->entries = NULL; + d->num_entries = 0; + id->data = d; + return 0; +} + +static krb5_error_code +mkt_close(krb5_context context, krb5_keytab id) +{ + struct mkt_data *d = id->data; + int i; + for(i = 0; i < d->num_entries; i++) + krb5_kt_free_entry(context, &d->entries[i]); + free(d->entries); + free(d); + return 0; +} + +static krb5_error_code +mkt_get_name(krb5_context context, + krb5_keytab id, + char *name, + size_t namesize) +{ + strlcpy(name, "", namesize); + return 0; +} + +static krb5_error_code +mkt_start_seq_get(krb5_context context, + krb5_keytab id, + krb5_kt_cursor *c) +{ + /* XXX */ + c->fd = 0; + return 0; +} + +static krb5_error_code +mkt_next_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, + krb5_kt_cursor *c) +{ + struct mkt_data *d = id->data; + if(c->fd >= d->num_entries) + return KRB5_KT_END; + return krb5_kt_copy_entry_contents(context, &d->entries[c->fd++], entry); +} + +static krb5_error_code +mkt_end_seq_get(krb5_context context, + krb5_keytab id, + krb5_kt_cursor *cursor) +{ + return 0; +} + +static krb5_error_code +mkt_add_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + struct mkt_data *d = id->data; + krb5_keytab_entry *tmp; + tmp = realloc(d->entries, (d->num_entries + 1) * sizeof(*d->entries)); + if(tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + d->entries = tmp; + return krb5_kt_copy_entry_contents(context, entry, + &d->entries[d->num_entries++]); +} + +static krb5_error_code +mkt_remove_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + struct mkt_data *d = id->data; + krb5_keytab_entry *e, *end; + int found = 0; + + if (d->num_entries == 0) { + krb5_clear_error_string(context); + return KRB5_KT_NOTFOUND; + } + + /* do this backwards to minimize copying */ + for(end = d->entries + d->num_entries, e = end - 1; e >= d->entries; e--) { + if(krb5_kt_compare(context, e, entry->principal, + entry->vno, entry->keyblock.keytype)) { + krb5_kt_free_entry(context, e); + memmove(e, e + 1, (end - e - 1) * sizeof(*e)); + memset(end - 1, 0, sizeof(*end)); + d->num_entries--; + end--; + found = 1; + } + } + if (!found) { + krb5_clear_error_string (context); + return KRB5_KT_NOTFOUND; + } + e = realloc(d->entries, d->num_entries * sizeof(*d->entries)); + if(e != NULL) + d->entries = e; + return 0; +} + +const krb5_kt_ops krb5_mkt_ops = { + "MEMORY", + mkt_resolve, + mkt_get_name, + mkt_close, + NULL, /* get */ + mkt_start_seq_get, + mkt_next_entry, + mkt_end_seq_get, + mkt_add_entry, + mkt_remove_entry +}; + +static krb5_error_code +mktw_get_entry(krb5_context context, + krb5_keytab id, + krb5_const_principal principal, + krb5_kvno kvno, + krb5_enctype enctype, + krb5_keytab_entry *entry) +{ + krb5_keytab_entry tmp; + krb5_error_code ret; + krb5_kt_cursor cursor; + + ret = krb5_kt_start_seq_get (context, id, &cursor); + if (ret) + return KRB5_KT_NOTFOUND; /* XXX i.e. file not found */ + + entry->vno = 0; + while (krb5_kt_next_entry(context, id, &tmp, &cursor) == 0) { + if (krb5_kt_compare(context, &tmp, NULL, 0, enctype)) { + if (kvno == tmp.vno) { + krb5_kt_copy_entry_contents (context, &tmp, entry); + krb5_kt_free_entry (context, &tmp); + krb5_kt_end_seq_get(context, id, &cursor); + return 0; + } else if (kvno == 0 && tmp.vno > entry->vno) { + if (entry->vno) + krb5_kt_free_entry (context, entry); + krb5_kt_copy_entry_contents (context, &tmp, entry); + } + } + krb5_kt_free_entry(context, &tmp); + } + krb5_kt_end_seq_get (context, id, &cursor); + if (entry->vno) { + return 0; + } else { + return KRB5_KT_NOTFOUND; + } +}; + +const krb5_kt_ops krb5_mktw_ops = { + "MEMORY_WILDCARD", + mkt_resolve, + mkt_get_name, + mkt_close, + mktw_get_entry, /* get */ + mkt_start_seq_get, + mkt_next_entry, + mkt_end_seq_get, + mkt_add_entry, + mkt_remove_entry +}; diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h new file mode 100644 index 0000000000..e59cab8ca7 --- /dev/null +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -0,0 +1,358 @@ +/* This is a generated file */ +#ifndef __krb5_private_h__ +#define __krb5_private_h__ + +#include + +#ifndef KRB5_LIB_FUNCTION +#if defined(_WIN32) +#define KRB5_LIB_FUNCTION _stdcall +#else +#define KRB5_LIB_FUNCTION +#endif +#endif + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_PKCS5_PBKDF2 ( + krb5_context /*context*/, + krb5_cksumtype /*cktype*/, + krb5_data /*password*/, + krb5_salt /*salt*/, + u_int32_t /*iter*/, + krb5_keytype /*type*/, + krb5_keyblock */*key*/); + +void KRB5_LIB_FUNCTION +_krb5_aes_cts_encrypt ( + const unsigned char */*in*/, + unsigned char */*out*/, + size_t /*len*/, + const void */*aes_key*/, + unsigned char */*ivec*/, + const int /*encryptp*/); + +void +_krb5_crc_init_table (void); + +u_int32_t +_krb5_crc_update ( + const char */*p*/, + size_t /*len*/, + u_int32_t /*res*/); + +krb5_error_code +_krb5_expand_default_cc_name ( + krb5_context /*context*/, + const char */*str*/, + char **/*res*/); + +int +_krb5_extract_ticket ( + krb5_context /*context*/, + krb5_kdc_rep */*rep*/, + krb5_creds */*creds*/, + krb5_keyblock */*key*/, + krb5_const_pointer /*keyseed*/, + krb5_key_usage /*key_usage*/, + krb5_addresses */*addrs*/, + unsigned /*nonce*/, + krb5_boolean /*allow_server_mismatch*/, + krb5_boolean /*ignore_cname*/, + krb5_decrypt_proc /*decrypt_proc*/, + krb5_const_pointer /*decryptarg*/); + +krb5_error_code +_krb5_get_default_principal_local ( + krb5_context /*context*/, + krb5_principal */*princ*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_get_host_realm_int ( + krb5_context /*context*/, + const char */*host*/, + krb5_boolean /*use_dns*/, + krb5_realm **/*realms*/); + +krb5_error_code +_krb5_get_init_creds_opt_copy ( + krb5_context /*context*/, + const krb5_get_init_creds_opt */*in*/, + krb5_get_init_creds_opt **/*out*/); + +void KRB5_LIB_FUNCTION +_krb5_get_init_creds_opt_free_pkinit (krb5_get_init_creds_opt */*opt*/); + +krb5_ssize_t KRB5_LIB_FUNCTION +_krb5_get_int ( + void */*buffer*/, + unsigned long */*value*/, + size_t /*size*/); + +krb5_error_code +_krb5_get_krbtgt ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_realm /*realm*/, + krb5_creds **/*cred*/); + +krb5_error_code +_krb5_kcm_chmod ( + krb5_context /*context*/, + krb5_ccache /*id*/, + u_int16_t /*mode*/); + +krb5_error_code +_krb5_kcm_chown ( + krb5_context /*context*/, + krb5_ccache /*id*/, + u_int32_t /*uid*/, + u_int32_t /*gid*/); + +krb5_error_code +_krb5_kcm_get_initial_ticket ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_principal /*server*/, + krb5_keyblock */*key*/); + +krb5_error_code +_krb5_kcm_get_ticket ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_kdc_flags /*flags*/, + krb5_enctype /*enctype*/, + krb5_principal /*server*/); + +krb5_boolean +_krb5_kcm_is_running (krb5_context /*context*/); + +krb5_error_code +_krb5_kcm_noop ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_krb_cr_err_reply ( + krb5_context /*context*/, + const char */*name*/, + const char */*inst*/, + const char */*realm*/, + u_int32_t /*time_ws*/, + u_int32_t /*e*/, + const char */*e_string*/, + krb5_data */*data*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_krb_create_auth_reply ( + krb5_context /*context*/, + const char */*pname*/, + const char */*pinst*/, + const char */*prealm*/, + int32_t /*time_ws*/, + int /*n*/, + u_int32_t /*x_date*/, + unsigned char /*kvno*/, + const krb5_data */*cipher*/, + krb5_data */*data*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_krb_create_ciph ( + krb5_context /*context*/, + const krb5_keyblock */*session*/, + const char */*service*/, + const char */*instance*/, + const char */*realm*/, + u_int32_t /*life*/, + unsigned char /*kvno*/, + const krb5_data */*ticket*/, + u_int32_t /*kdc_time*/, + const krb5_keyblock */*key*/, + krb5_data */*enc_data*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_krb_create_ticket ( + krb5_context /*context*/, + unsigned char /*flags*/, + const char */*pname*/, + const char */*pinstance*/, + const char */*prealm*/, + int32_t /*paddress*/, + const krb5_keyblock */*session*/, + int16_t /*life*/, + int32_t /*life_sec*/, + const char */*sname*/, + const char */*sinstance*/, + const krb5_keyblock */*key*/, + krb5_data */*enc_data*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_krb_decomp_ticket ( + krb5_context /*context*/, + const krb5_data */*enc_ticket*/, + const krb5_keyblock */*key*/, + const char */*local_realm*/, + char **/*sname*/, + char **/*sinstance*/, + struct _krb5_krb_auth_data */*ad*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_krb_dest_tkt ( + krb5_context /*context*/, + const char */*tkfile*/); + +void KRB5_LIB_FUNCTION +_krb5_krb_free_auth_data ( + krb5_context /*context*/, + struct _krb5_krb_auth_data */*ad*/); + +time_t KRB5_LIB_FUNCTION +_krb5_krb_life_to_time ( + int /*start*/, + int /*life_*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_krb_rd_req ( + krb5_context /*context*/, + krb5_data */*authent*/, + const char */*service*/, + const char */*instance*/, + const char */*local_realm*/, + int32_t /*from_addr*/, + const krb5_keyblock */*key*/, + struct _krb5_krb_auth_data */*ad*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_krb_tf_setup ( + krb5_context /*context*/, + struct credentials */*v4creds*/, + const char */*tkfile*/, + int /*append*/); + +int KRB5_LIB_FUNCTION +_krb5_krb_time_to_life ( + time_t /*start*/, + time_t /*end*/); + +krb5_error_code +_krb5_mk_req_internal ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_flags /*ap_req_options*/, + krb5_data */*in_data*/, + krb5_creds */*in_creds*/, + krb5_data */*outbuf*/, + krb5_key_usage /*checksum_usage*/, + krb5_key_usage /*encrypt_usage*/); + +void KRB5_LIB_FUNCTION +_krb5_n_fold ( + const void */*str*/, + size_t /*len*/, + void */*key*/, + size_t /*size*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_oid_to_enctype ( + krb5_context /*context*/, + const heim_oid */*oid*/, + krb5_enctype */*etype*/); + +void KRB5_LIB_FUNCTION +_krb5_pk_cert_free (struct krb5_pk_cert */*cert*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_pk_create_sign ( + krb5_context /*context*/, + const heim_oid */*eContentType*/, + krb5_data */*eContent*/, + struct krb5_pk_identity */*id*/, + krb5_data */*sd_data*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_pk_load_openssl_id ( + krb5_context /*context*/, + struct krb5_pk_identity **/*ret_id*/, + const char */*user_id*/, + const char */*x509_anchors*/, + krb5_prompter_fct /*prompter*/, + void */*prompter_data*/, + char */*password*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_pk_mk_ContentInfo ( + krb5_context /*context*/, + const krb5_data */*buf*/, + const heim_oid */*oid*/, + struct ContentInfo */*content_info*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_pk_mk_padata ( + krb5_context /*context*/, + void */*c*/, + const KDC_REQ_BODY */*req_body*/, + unsigned /*nonce*/, + METHOD_DATA */*md*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_pk_rd_pa_reply ( + krb5_context /*context*/, + void */*c*/, + krb5_enctype /*etype*/, + unsigned /*nonce*/, + PA_DATA */*pa*/, + krb5_keyblock **/*key*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_pk_verify_sign ( + krb5_context /*context*/, + const char */*data*/, + size_t /*length*/, + struct krb5_pk_identity */*id*/, + heim_oid */*contentType*/, + krb5_data */*content*/, + struct krb5_pk_cert **/*signer*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_principal2principalname ( + PrincipalName */*p*/, + const krb5_principal /*from*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_principalname2krb5_principal ( + krb5_principal */*principal*/, + const PrincipalName /*from*/, + const Realm /*realm*/); + +krb5_ssize_t KRB5_LIB_FUNCTION +_krb5_put_int ( + void */*buffer*/, + unsigned long /*value*/, + size_t /*size*/); + +int +_krb5_send_and_recv_tcp ( + int /*fd*/, + time_t /*tmout*/, + const krb5_data */*req*/, + krb5_data */*rep*/); + +int +_krb5_xlock ( + krb5_context /*context*/, + int /*fd*/, + krb5_boolean /*exclusive*/, + const char */*filename*/); + +int +_krb5_xunlock ( + krb5_context /*context*/, + int /*fd*/); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_rd_rep_type(krb5_context context, + krb5_auth_context auth_context, + const krb5_data *inbuf, + krb5_ap_rep_enc_part **repl, + krb5_boolean dce_style_response); + +#endif /* __krb5_private_h__ */ diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h new file mode 100644 index 0000000000..cee8a02419 --- /dev/null +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -0,0 +1,3407 @@ +/* This is a generated file */ +#ifndef __krb5_protos_h__ +#define __krb5_protos_h__ + +#include + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef KRB5_LIB_FUNCTION +#if defined(_WIN32) +#define KRB5_LIB_FUNCTION _stdcall +#else +#define KRB5_LIB_FUNCTION +#endif +#endif + +krb5_error_code KRB5_LIB_FUNCTION +krb524_convert_creds_kdc ( + krb5_context /*context*/, + krb5_creds */*in_cred*/, + struct credentials */*v4creds*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb524_convert_creds_kdc_ccache ( + krb5_context /*context*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_cred*/, + struct credentials */*v4creds*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_425_conv_principal ( + krb5_context /*context*/, + const char */*name*/, + const char */*instance*/, + const char */*realm*/, + krb5_principal */*princ*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_425_conv_principal_ext ( + krb5_context /*context*/, + const char */*name*/, + const char */*instance*/, + const char */*realm*/, + krb5_boolean (*/*func*/)(krb5_context, krb5_principal), + krb5_boolean /*resolve*/, + krb5_principal */*principal*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_425_conv_principal_ext2 ( + krb5_context /*context*/, + const char */*name*/, + const char */*instance*/, + const char */*realm*/, + krb5_boolean (*/*func*/)(krb5_context, void *, krb5_principal), + void */*funcctx*/, + krb5_boolean /*resolve*/, + krb5_principal */*princ*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_524_conv_principal ( + krb5_context /*context*/, + const krb5_principal /*principal*/, + char */*name*/, + char */*instance*/, + char */*realm*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_abort ( + krb5_context /*context*/, + krb5_error_code /*code*/, + const char */*fmt*/, + ...) + __attribute__ ((noreturn, format (printf, 3, 4))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_abortx ( + krb5_context /*context*/, + const char */*fmt*/, + ...) + __attribute__ ((noreturn, format (printf, 2, 3))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_acl_match_file ( + krb5_context /*context*/, + const char */*file*/, + const char */*format*/, + ...); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_acl_match_string ( + krb5_context /*context*/, + const char */*string*/, + const char */*format*/, + ...); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_add_et_list ( + krb5_context /*context*/, + void (*/*func*/)(struct et_list **)); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_add_extra_addresses ( + krb5_context /*context*/, + krb5_addresses */*addresses*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_add_ignore_addresses ( + krb5_context /*context*/, + krb5_addresses */*addresses*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_addlog_dest ( + krb5_context /*context*/, + krb5_log_facility */*f*/, + const char */*orig*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_addlog_func ( + krb5_context /*context*/, + krb5_log_facility */*fac*/, + int /*min*/, + int /*max*/, + krb5_log_log_func_t /*log_func*/, + krb5_log_close_func_t /*close_func*/, + void */*data*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_addr2sockaddr ( + krb5_context /*context*/, + const krb5_address */*addr*/, + struct sockaddr */*sa*/, + krb5_socklen_t */*sa_size*/, + int /*port*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_address_compare ( + krb5_context /*context*/, + const krb5_address */*addr1*/, + const krb5_address */*addr2*/); + +int KRB5_LIB_FUNCTION +krb5_address_order ( + krb5_context /*context*/, + const krb5_address */*addr1*/, + const krb5_address */*addr2*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_address_prefixlen_boundary ( + krb5_context /*context*/, + const krb5_address */*inaddr*/, + unsigned long /*prefixlen*/, + krb5_address */*low*/, + krb5_address */*high*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_address_search ( + krb5_context /*context*/, + const krb5_address */*addr*/, + const krb5_addresses */*addrlist*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_aname_to_localname ( + krb5_context /*context*/, + krb5_const_principal /*aname*/, + size_t /*lnsize*/, + char */*lname*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_anyaddr ( + krb5_context /*context*/, + int /*af*/, + struct sockaddr */*sa*/, + krb5_socklen_t */*sa_size*/, + int /*port*/); + +void KRB5_LIB_FUNCTION +krb5_appdefault_boolean ( + krb5_context /*context*/, + const char */*appname*/, + krb5_const_realm /*realm*/, + const char */*option*/, + krb5_boolean /*def_val*/, + krb5_boolean */*ret_val*/); + +void KRB5_LIB_FUNCTION +krb5_appdefault_string ( + krb5_context /*context*/, + const char */*appname*/, + krb5_const_realm /*realm*/, + const char */*option*/, + const char */*def_val*/, + char **/*ret_val*/); + +void KRB5_LIB_FUNCTION +krb5_appdefault_time ( + krb5_context /*context*/, + const char */*appname*/, + krb5_const_realm /*realm*/, + const char */*option*/, + time_t /*def_val*/, + time_t */*ret_val*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_append_addresses ( + krb5_context /*context*/, + krb5_addresses */*dest*/, + const krb5_addresses */*source*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_addflags ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t /*addflags*/, + int32_t */*flags*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_free ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_genaddrs ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int /*fd*/, + int /*flags*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_generatelocalsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*key*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getaddrs ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_address **/*local_addr*/, + krb5_address **/*remote_addr*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getauthenticator ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_authenticator */*authenticator*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getcksumtype ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_cksumtype */*cksumtype*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getflags ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t */*flags*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock **/*keyblock*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getkeytype ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keytype */*keytype*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getlocalseqnumber ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t */*seqnumber*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getlocalsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock **/*keyblock*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getrcache ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_rcache */*rcache*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_getremotesubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock **/*keyblock*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_init ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_removeflags ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t /*removeflags*/, + int32_t */*flags*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setaddrs ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_address */*local_addr*/, + krb5_address */*remote_addr*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setaddrs_from_fd ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + void */*p_fd*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setcksumtype ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_cksumtype /*cksumtype*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setflags ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t /*flags*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*keyblock*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setkeytype ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keytype /*keytype*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setlocalseqnumber ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t /*seqnumber*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setlocalsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*keyblock*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setrcache ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_rcache /*rcache*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setremoteseqnumber ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t /*seqnumber*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setremotesubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*keyblock*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_con_setuserkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*keyblock*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_auth_getremoteseqnumber ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t */*seqnumber*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_build_ap_req ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_creds */*cred*/, + krb5_flags /*ap_options*/, + krb5_data /*authenticator*/, + krb5_data */*retdata*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_build_authenticator ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_enctype /*enctype*/, + krb5_creds */*cred*/, + Checksum */*cksum*/, + Authenticator **/*auth_result*/, + krb5_data */*result*/, + krb5_key_usage /*usage*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_build_principal ( + krb5_context /*context*/, + krb5_principal */*principal*/, + int /*rlen*/, + krb5_const_realm /*realm*/, + ...); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_build_principal_ext ( + krb5_context /*context*/, + krb5_principal */*principal*/, + int /*rlen*/, + krb5_const_realm /*realm*/, + ...); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_build_principal_va ( + krb5_context /*context*/, + krb5_principal */*principal*/, + int /*rlen*/, + krb5_const_realm /*realm*/, + va_list /*ap*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_build_principal_va_ext ( + krb5_context /*context*/, + krb5_principal */*principal*/, + int /*rlen*/, + krb5_const_realm /*realm*/, + va_list /*ap*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_block_size ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + size_t */*blocksize*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_checksum_length ( + krb5_context /*context*/, + krb5_cksumtype /*cksumtype*/, + size_t */*length*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_decrypt ( + krb5_context /*context*/, + const krb5_keyblock /*key*/, + krb5_keyusage /*usage*/, + const krb5_data */*ivec*/, + krb5_enc_data */*input*/, + krb5_data */*output*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_encrypt ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + krb5_keyusage /*usage*/, + const krb5_data */*ivec*/, + const krb5_data */*input*/, + krb5_enc_data */*output*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_encrypt_length ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + size_t /*inputlen*/, + size_t */*length*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_enctype_compare ( + krb5_context /*context*/, + krb5_enctype /*e1*/, + krb5_enctype /*e2*/, + krb5_boolean */*similar*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_get_checksum ( + krb5_context /*context*/, + const krb5_checksum */*cksum*/, + krb5_cksumtype */*type*/, + krb5_data **/*data*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_c_is_coll_proof_cksum (krb5_cksumtype /*ctype*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_c_is_keyed_cksum (krb5_cksumtype /*ctype*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_make_checksum ( + krb5_context /*context*/, + krb5_cksumtype /*cksumtype*/, + const krb5_keyblock */*key*/, + krb5_keyusage /*usage*/, + const krb5_data */*input*/, + krb5_checksum */*cksum*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_make_random_key ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_keyblock */*random_key*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_set_checksum ( + krb5_context /*context*/, + krb5_checksum */*cksum*/, + krb5_cksumtype /*type*/, + const krb5_data */*data*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_c_valid_cksumtype (krb5_cksumtype /*ctype*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_c_valid_enctype (krb5_enctype /*etype*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_verify_checksum ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + krb5_keyusage /*usage*/, + const krb5_data */*data*/, + const krb5_checksum */*cksum*/, + krb5_boolean */*valid*/); + +void KRB5_LIB_FUNCTION +krb5_cc_clear_mcred (krb5_creds */*mcred*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_close ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_copy_cache ( + krb5_context /*context*/, + const krb5_ccache /*from*/, + krb5_ccache /*to*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_copy_cache_match ( + krb5_context /*context*/, + const krb5_ccache /*from*/, + krb5_ccache /*to*/, + krb5_flags /*whichfields*/, + const krb5_creds * /*mcreds*/, + unsigned int */*matched*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_default ( + krb5_context /*context*/, + krb5_ccache */*id*/); + +const char* KRB5_LIB_FUNCTION +krb5_cc_default_name (krb5_context /*context*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_destroy ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_end_seq_get ( + krb5_context /*context*/, + const krb5_ccache /*id*/, + krb5_cc_cursor */*cursor*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_gen_new ( + krb5_context /*context*/, + const krb5_cc_ops */*ops*/, + krb5_ccache */*id*/); + +const char* KRB5_LIB_FUNCTION +krb5_cc_get_name ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +const krb5_cc_ops * +krb5_cc_get_ops ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +const krb5_cc_ops * +krb5_cc_get_prefix_ops ( + krb5_context /*context*/, + const char */*prefix*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_get_principal ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_principal */*principal*/); + +const char* KRB5_LIB_FUNCTION +krb5_cc_get_type ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_get_version ( + krb5_context /*context*/, + const krb5_ccache /*id*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_initialize ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_principal /*primary_principal*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_new_unique ( + krb5_context /*context*/, + const char */*type*/, + const char */*hint*/, + krb5_ccache */*id*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_next_cred ( + krb5_context /*context*/, + const krb5_ccache /*id*/, + krb5_cc_cursor */*cursor*/, + krb5_creds */*creds*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_next_cred_match ( + krb5_context /*context*/, + const krb5_ccache /*id*/, + krb5_cc_cursor * /*cursor*/, + krb5_creds * /*creds*/, + krb5_flags /*whichfields*/, + const krb5_creds * /*mcreds*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_register ( + krb5_context /*context*/, + const krb5_cc_ops */*ops*/, + krb5_boolean /*override*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_remove_cred ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_flags /*which*/, + krb5_creds */*cred*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_resolve ( + krb5_context /*context*/, + const char */*name*/, + krb5_ccache */*id*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_retrieve_cred ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_flags /*whichfields*/, + const krb5_creds */*mcreds*/, + krb5_creds */*creds*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_set_default_name ( + krb5_context /*context*/, + const char */*name*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_set_flags ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_flags /*flags*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_start_seq_get ( + krb5_context /*context*/, + const krb5_ccache /*id*/, + krb5_cc_cursor */*cursor*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_store_cred ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_creds */*creds*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_change_password ( + krb5_context /*context*/, + krb5_creds */*creds*/, + char */*newpw*/, + int */*result_code*/, + krb5_data */*result_code_string*/, + krb5_data */*result_string*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_check_transited ( + krb5_context /*context*/, + krb5_const_realm /*client_realm*/, + krb5_const_realm /*server_realm*/, + krb5_realm */*realms*/, + int /*num_realms*/, + int */*bad_realm*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_check_transited_realms ( + krb5_context /*context*/, + const char *const */*realms*/, + int /*num_realms*/, + int */*bad_realm*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_checksum_disable ( + krb5_context /*context*/, + krb5_cksumtype /*type*/); + +void KRB5_LIB_FUNCTION +krb5_checksum_free ( + krb5_context /*context*/, + krb5_checksum */*cksum*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_checksum_is_collision_proof ( + krb5_context /*context*/, + krb5_cksumtype /*type*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_checksum_is_keyed ( + krb5_context /*context*/, + krb5_cksumtype /*type*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_checksumsize ( + krb5_context /*context*/, + krb5_cksumtype /*type*/, + size_t */*size*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cksumtype_valid ( + krb5_context /*context*/, + krb5_cksumtype /*ctype*/); + +void KRB5_LIB_FUNCTION +krb5_clear_error_string (krb5_context /*context*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_closelog ( + krb5_context /*context*/, + krb5_log_facility */*fac*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_compare_creds ( + krb5_context /*context*/, + krb5_flags /*whichfields*/, + const krb5_creds * /*mcreds*/, + const krb5_creds * /*creds*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_config_file_free ( + krb5_context /*context*/, + krb5_config_section */*s*/); + +void KRB5_LIB_FUNCTION +krb5_config_free_strings (char **/*strings*/); + +const void * +krb5_config_get ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*type*/, + ...); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_config_get_bool ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_config_get_bool_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + krb5_boolean /*def_value*/, + ...); + +int KRB5_LIB_FUNCTION +krb5_config_get_int ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); + +int KRB5_LIB_FUNCTION +krb5_config_get_int_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*def_value*/, + ...); + +const krb5_config_binding * +krb5_config_get_list ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); + +const void * +krb5_config_get_next ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + const krb5_config_binding **/*pointer*/, + int /*type*/, + ...); + +const char* KRB5_LIB_FUNCTION +krb5_config_get_string ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); + +const char* KRB5_LIB_FUNCTION +krb5_config_get_string_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + const char */*def_value*/, + ...); + +char** +krb5_config_get_strings ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); + +int KRB5_LIB_FUNCTION +krb5_config_get_time ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + ...); + +int KRB5_LIB_FUNCTION +krb5_config_get_time_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*def_value*/, + ...); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_config_parse_file ( + krb5_context /*context*/, + const char */*fname*/, + krb5_config_section **/*res*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_config_parse_file_multi ( + krb5_context /*context*/, + const char */*fname*/, + krb5_config_section **/*res*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_config_parse_string_multi ( + krb5_context /*context*/, + const char */*string*/, + krb5_config_section **/*res*/); + +const void * +krb5_config_vget ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*type*/, + va_list /*args*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_config_vget_bool ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_config_vget_bool_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + krb5_boolean /*def_value*/, + va_list /*args*/); + +int KRB5_LIB_FUNCTION +krb5_config_vget_int ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); + +int KRB5_LIB_FUNCTION +krb5_config_vget_int_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*def_value*/, + va_list /*args*/); + +const krb5_config_binding * +krb5_config_vget_list ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); + +const void * +krb5_config_vget_next ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + const krb5_config_binding **/*pointer*/, + int /*type*/, + va_list /*args*/); + +const char* KRB5_LIB_FUNCTION +krb5_config_vget_string ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); + +const char* KRB5_LIB_FUNCTION +krb5_config_vget_string_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + const char */*def_value*/, + va_list /*args*/); + +char ** KRB5_LIB_FUNCTION +krb5_config_vget_strings ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); + +int KRB5_LIB_FUNCTION +krb5_config_vget_time ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + va_list /*args*/); + +int KRB5_LIB_FUNCTION +krb5_config_vget_time_default ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*def_value*/, + va_list /*args*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_address ( + krb5_context /*context*/, + const krb5_address */*inaddr*/, + krb5_address */*outaddr*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_addresses ( + krb5_context /*context*/, + const krb5_addresses */*inaddr*/, + krb5_addresses */*outaddr*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_checksum ( + krb5_context /*context*/, + const krb5_checksum */*old*/, + krb5_checksum **/*new*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_creds ( + krb5_context /*context*/, + const krb5_creds */*incred*/, + krb5_creds **/*outcred*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_creds_contents ( + krb5_context /*context*/, + const krb5_creds */*incred*/, + krb5_creds */*c*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_data ( + krb5_context /*context*/, + const krb5_data */*indata*/, + krb5_data **/*outdata*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_host_realm ( + krb5_context /*context*/, + const krb5_realm */*from*/, + krb5_realm **/*to*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_keyblock ( + krb5_context /*context*/, + const krb5_keyblock */*inblock*/, + krb5_keyblock **/*to*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_keyblock_contents ( + krb5_context /*context*/, + const krb5_keyblock */*inblock*/, + krb5_keyblock */*to*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_principal ( + krb5_context /*context*/, + krb5_const_principal /*inprinc*/, + krb5_principal */*outprinc*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_ticket ( + krb5_context /*context*/, + const krb5_ticket */*from*/, + krb5_ticket **/*to*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_create_checksum ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + krb5_key_usage /*usage*/, + int /*type*/, + void */*data*/, + size_t /*len*/, + Checksum */*result*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_destroy ( + krb5_context /*context*/, + krb5_crypto /*crypto*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_get_checksum_type ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + krb5_cksumtype */*type*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_get_params ( + krb5_context /*context*/, + const krb5_crypto /*crypto*/, + const krb5_data */*params*/, + krb5_data */*ivec*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_getblocksize ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + size_t */*blocksize*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_getconfoundersize ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + size_t */*confoundersize*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_getenctype ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + krb5_enctype */*enctype*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_getpadsize ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + size_t */*padsize*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_init ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + krb5_enctype /*etype*/, + krb5_crypto */*crypto*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_set_params ( + krb5_context /*context*/, + const krb5_crypto /*crypto*/, + const krb5_data */*ivec*/, + krb5_data */*params*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_data_alloc ( + krb5_data */*p*/, + int /*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_data_copy ( + krb5_data */*p*/, + const void */*data*/, + size_t /*len*/); + +void KRB5_LIB_FUNCTION +krb5_data_free (krb5_data */*p*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_data_realloc ( + krb5_data */*p*/, + int /*len*/); + +void KRB5_LIB_FUNCTION +krb5_data_zero (krb5_data */*p*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_Authenticator ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + Authenticator */*t*/, + size_t */*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_ETYPE_INFO ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + ETYPE_INFO */*t*/, + size_t */*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_ETYPE_INFO2 ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + ETYPE_INFO2 */*t*/, + size_t */*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_EncAPRepPart ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + EncAPRepPart */*t*/, + size_t */*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_EncASRepPart ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + EncASRepPart */*t*/, + size_t */*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_EncKrbCredPart ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + EncKrbCredPart */*t*/, + size_t */*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_EncTGSRepPart ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + EncTGSRepPart */*t*/, + size_t */*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_EncTicketPart ( + krb5_context /*context*/, + const void */*data*/, + size_t /*length*/, + EncTicketPart */*t*/, + size_t */*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_ap_req ( + krb5_context /*context*/, + const krb5_data */*inbuf*/, + krb5_ap_req */*ap_req*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decrypt ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + void */*data*/, + size_t /*len*/, + krb5_data */*result*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decrypt_EncryptedData ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + const EncryptedData */*e*/, + krb5_data */*result*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decrypt_ivec ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + void */*data*/, + size_t /*len*/, + krb5_data */*result*/, + void */*ivec*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decrypt_ticket ( + krb5_context /*context*/, + Ticket */*ticket*/, + krb5_keyblock */*key*/, + EncTicketPart */*out*/, + krb5_flags /*flags*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_derive_key ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + krb5_enctype /*etype*/, + const void */*constant*/, + size_t /*constant_len*/, + krb5_keyblock **/*derived_key*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_domain_x500_decode ( + krb5_context /*context*/, + krb5_data /*tr*/, + char ***/*realms*/, + int */*num_realms*/, + const char */*client_realm*/, + const char */*server_realm*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_domain_x500_encode ( + char **/*realms*/, + int /*num_realms*/, + krb5_data */*encoding*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_eai_to_heim_errno ( + int /*eai_errno*/, + int /*system_error*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encode_Authenticator ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + Authenticator */*t*/, + size_t */*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encode_ETYPE_INFO ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + ETYPE_INFO */*t*/, + size_t */*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encode_ETYPE_INFO2 ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + ETYPE_INFO2 */*t*/, + size_t */*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encode_EncAPRepPart ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + EncAPRepPart */*t*/, + size_t */*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encode_EncASRepPart ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + EncASRepPart */*t*/, + size_t */*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encode_EncKrbCredPart ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + EncKrbCredPart */*t*/, + size_t */*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encode_EncTGSRepPart ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + EncTGSRepPart */*t*/, + size_t */*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encode_EncTicketPart ( + krb5_context /*context*/, + void */*data*/, + size_t /*length*/, + EncTicketPart */*t*/, + size_t */*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encrypt ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + void */*data*/, + size_t /*len*/, + krb5_data */*result*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encrypt_EncryptedData ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + void */*data*/, + size_t /*len*/, + int /*kvno*/, + EncryptedData */*result*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encrypt_ivec ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + void */*data*/, + size_t /*len*/, + krb5_data */*result*/, + void */*ivec*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_disable ( + krb5_context /*context*/, + krb5_enctype /*enctype*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_keysize ( + krb5_context /*context*/, + krb5_enctype /*type*/, + size_t */*keysize*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_to_keytype ( + krb5_context /*context*/, + krb5_enctype /*etype*/, + krb5_keytype */*keytype*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_to_oid ( + krb5_context /*context*/, + krb5_enctype /*etype*/, + heim_oid */*oid*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_to_string ( + krb5_context /*context*/, + krb5_enctype /*etype*/, + char **/*string*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_valid ( + krb5_context /*context*/, + krb5_enctype /*etype*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_enctypes_compatible_keys ( + krb5_context /*context*/, + krb5_enctype /*etype1*/, + krb5_enctype /*etype2*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_err ( + krb5_context /*context*/, + int /*eval*/, + krb5_error_code /*code*/, + const char */*fmt*/, + ...) + __attribute__ ((noreturn, format (printf, 4, 5))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_error_from_rd_error ( + krb5_context /*context*/, + const krb5_error */*error*/, + const krb5_creds */*creds*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_errx ( + krb5_context /*context*/, + int /*eval*/, + const char */*fmt*/, + ...) + __attribute__ ((noreturn, format (printf, 3, 4))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_expand_hostname ( + krb5_context /*context*/, + const char */*orig_hostname*/, + char **/*new_hostname*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_expand_hostname_realms ( + krb5_context /*context*/, + const char */*orig_hostname*/, + char **/*new_hostname*/, + char ***/*realms*/); + +PA_DATA * +krb5_find_padata ( + PA_DATA */*val*/, + unsigned /*len*/, + int /*type*/, + int */*idx*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_format_time ( + krb5_context /*context*/, + time_t /*t*/, + char */*s*/, + size_t /*len*/, + krb5_boolean /*include_time*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_address ( + krb5_context /*context*/, + krb5_address */*address*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_addresses ( + krb5_context /*context*/, + krb5_addresses */*addresses*/); + +void KRB5_LIB_FUNCTION +krb5_free_ap_rep_enc_part ( + krb5_context /*context*/, + krb5_ap_rep_enc_part */*val*/); + +void KRB5_LIB_FUNCTION +krb5_free_authenticator ( + krb5_context /*context*/, + krb5_authenticator */*authenticator*/); + +void KRB5_LIB_FUNCTION +krb5_free_checksum ( + krb5_context /*context*/, + krb5_checksum */*cksum*/); + +void KRB5_LIB_FUNCTION +krb5_free_checksum_contents ( + krb5_context /*context*/, + krb5_checksum */*cksum*/); + +void KRB5_LIB_FUNCTION +krb5_free_config_files (char **/*filenames*/); + +void KRB5_LIB_FUNCTION +krb5_free_context (krb5_context /*context*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_cred_contents ( + krb5_context /*context*/, + krb5_creds */*c*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_creds ( + krb5_context /*context*/, + krb5_creds */*c*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_creds_contents ( + krb5_context /*context*/, + krb5_creds */*c*/); + +void KRB5_LIB_FUNCTION +krb5_free_data ( + krb5_context /*context*/, + krb5_data */*p*/); + +void KRB5_LIB_FUNCTION +krb5_free_data_contents ( + krb5_context /*context*/, + krb5_data */*data*/); + +void KRB5_LIB_FUNCTION +krb5_free_error ( + krb5_context /*context*/, + krb5_error */*error*/); + +void KRB5_LIB_FUNCTION +krb5_free_error_contents ( + krb5_context /*context*/, + krb5_error */*error*/); + +void KRB5_LIB_FUNCTION +krb5_free_error_string ( + krb5_context /*context*/, + char */*str*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_host_realm ( + krb5_context /*context*/, + krb5_realm */*realmlist*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_kdc_rep ( + krb5_context /*context*/, + krb5_kdc_rep */*rep*/); + +void KRB5_LIB_FUNCTION +krb5_free_keyblock ( + krb5_context /*context*/, + krb5_keyblock */*keyblock*/); + +void KRB5_LIB_FUNCTION +krb5_free_keyblock_contents ( + krb5_context /*context*/, + krb5_keyblock */*keyblock*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_krbhst ( + krb5_context /*context*/, + char **/*hostlist*/); + +void KRB5_LIB_FUNCTION +krb5_free_principal ( + krb5_context /*context*/, + krb5_principal /*p*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_salt ( + krb5_context /*context*/, + krb5_salt /*salt*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_ticket ( + krb5_context /*context*/, + krb5_ticket */*ticket*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_fwd_tgt_creds ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const char */*hostname*/, + krb5_principal /*client*/, + krb5_principal /*server*/, + krb5_ccache /*ccache*/, + int /*forwardable*/, + krb5_data */*out_data*/); + +void KRB5_LIB_FUNCTION +krb5_generate_random_block ( + void */*buf*/, + size_t /*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_generate_random_keyblock ( + krb5_context /*context*/, + krb5_enctype /*type*/, + krb5_keyblock */*key*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_generate_seq_number ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + u_int32_t */*seqno*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_generate_subkey ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + krb5_keyblock **/*subkey*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_generate_subkey_extended ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + krb5_enctype /*etype*/, + krb5_keyblock **/*subkey*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_all_client_addrs ( + krb5_context /*context*/, + krb5_addresses */*res*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_all_server_addrs ( + krb5_context /*context*/, + krb5_addresses */*res*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_cred_from_kdc ( + krb5_context /*context*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_creds*/, + krb5_creds **/*out_creds*/, + krb5_creds ***/*ret_tgts*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_cred_from_kdc_opt ( + krb5_context /*context*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_creds*/, + krb5_creds **/*out_creds*/, + krb5_creds ***/*ret_tgts*/, + krb5_flags /*flags*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_credentials ( + krb5_context /*context*/, + krb5_flags /*options*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_creds*/, + krb5_creds **/*out_creds*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_credentials_with_flags ( + krb5_context /*context*/, + krb5_flags /*options*/, + krb5_kdc_flags /*flags*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_creds*/, + krb5_creds **/*out_creds*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_default_config_files (char ***/*pfilenames*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_default_in_tkt_etypes ( + krb5_context /*context*/, + krb5_enctype **/*etypes*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_default_principal ( + krb5_context /*context*/, + krb5_principal */*princ*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_default_realm ( + krb5_context /*context*/, + krb5_realm */*realm*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_default_realms ( + krb5_context /*context*/, + krb5_realm **/*realms*/); + +const char* KRB5_LIB_FUNCTION +krb5_get_err_text ( + krb5_context /*context*/, + krb5_error_code /*code*/); + +char * KRB5_LIB_FUNCTION +krb5_get_error_string (krb5_context /*context*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_extra_addresses ( + krb5_context /*context*/, + krb5_addresses */*addresses*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_fcache_version ( + krb5_context /*context*/, + int */*version*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_forwarded_creds ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_ccache /*ccache*/, + krb5_flags /*flags*/, + const char */*hostname*/, + krb5_creds */*in_creds*/, + krb5_data */*out_data*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_host_realm ( + krb5_context /*context*/, + const char */*host*/, + krb5_realm **/*realms*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_ignore_addresses ( + krb5_context /*context*/, + krb5_addresses */*addresses*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_in_cred ( + krb5_context /*context*/, + krb5_flags /*options*/, + const krb5_addresses */*addrs*/, + const krb5_enctype */*etypes*/, + const krb5_preauthtype */*ptypes*/, + const krb5_preauthdata */*preauth*/, + krb5_key_proc /*key_proc*/, + krb5_const_pointer /*keyseed*/, + krb5_decrypt_proc /*decrypt_proc*/, + krb5_const_pointer /*decryptarg*/, + krb5_creds */*creds*/, + krb5_kdc_rep */*ret_as_reply*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_in_tkt ( + krb5_context /*context*/, + krb5_flags /*options*/, + const krb5_addresses */*addrs*/, + const krb5_enctype */*etypes*/, + const krb5_preauthtype */*ptypes*/, + krb5_key_proc /*key_proc*/, + krb5_const_pointer /*keyseed*/, + krb5_decrypt_proc /*decrypt_proc*/, + krb5_const_pointer /*decryptarg*/, + krb5_creds */*creds*/, + krb5_ccache /*ccache*/, + krb5_kdc_rep */*ret_as_reply*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_in_tkt_with_keytab ( + krb5_context /*context*/, + krb5_flags /*options*/, + krb5_addresses */*addrs*/, + const krb5_enctype */*etypes*/, + const krb5_preauthtype */*pre_auth_types*/, + krb5_keytab /*keytab*/, + krb5_ccache /*ccache*/, + krb5_creds */*creds*/, + krb5_kdc_rep */*ret_as_reply*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_in_tkt_with_password ( + krb5_context /*context*/, + krb5_flags /*options*/, + krb5_addresses */*addrs*/, + const krb5_enctype */*etypes*/, + const krb5_preauthtype */*pre_auth_types*/, + const char */*password*/, + krb5_ccache /*ccache*/, + krb5_creds */*creds*/, + krb5_kdc_rep */*ret_as_reply*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_in_tkt_with_skey ( + krb5_context /*context*/, + krb5_flags /*options*/, + krb5_addresses */*addrs*/, + const krb5_enctype */*etypes*/, + const krb5_preauthtype */*pre_auth_types*/, + const krb5_keyblock */*key*/, + krb5_ccache /*ccache*/, + krb5_creds */*creds*/, + krb5_kdc_rep */*ret_as_reply*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_principal /*client*/, + krb5_prompter_fct /*prompter*/, + void */*data*/, + krb5_deltat /*start_time*/, + const char */*in_tkt_service*/, + krb5_get_init_creds_opt */*options*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_keyblock ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_principal /*client*/, + krb5_keyblock */*keyblock*/, + krb5_deltat /*start_time*/, + const char */*in_tkt_service*/, + krb5_get_init_creds_opt */*options*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_keytab ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_principal /*client*/, + krb5_keytab /*keytab*/, + krb5_deltat /*start_time*/, + const char */*in_tkt_service*/, + krb5_get_init_creds_opt */*options*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_alloc ( + krb5_context /*context*/, + krb5_get_init_creds_opt **/*opt*/); + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_free (krb5_get_init_creds_opt */*opt*/); + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_init (krb5_get_init_creds_opt */*opt*/); + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_address_list ( + krb5_get_init_creds_opt */*opt*/, + krb5_addresses */*addresses*/); + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_anonymous ( + krb5_get_init_creds_opt */*opt*/, + int /*anonymous*/); + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_default_flags ( + krb5_context /*context*/, + const char */*appname*/, + krb5_const_realm /*realm*/, + krb5_get_init_creds_opt */*opt*/); + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_etype_list ( + krb5_get_init_creds_opt */*opt*/, + krb5_enctype */*etype_list*/, + int /*etype_list_length*/); + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_forwardable ( + krb5_get_init_creds_opt */*opt*/, + int /*forwardable*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_pa_password ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + const char */*password*/, + krb5_s2k_proc /*key_proc*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_pac_request ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + krb5_boolean /*req_pac*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_pkinit ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + krb5_principal /*principal*/, + const char */*user_id*/, + const char */*x509_anchors*/, + int /*flags*/, + krb5_prompter_fct /*prompter*/, + void */*prompter_data*/, + char */*password*/); + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_preauth_list ( + krb5_get_init_creds_opt */*opt*/, + krb5_preauthtype */*preauth_list*/, + int /*preauth_list_length*/); + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_proxiable ( + krb5_get_init_creds_opt */*opt*/, + int /*proxiable*/); + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_renew_life ( + krb5_get_init_creds_opt */*opt*/, + krb5_deltat /*renew_life*/); + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_salt ( + krb5_get_init_creds_opt */*opt*/, + krb5_data */*salt*/); + +void KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_tkt_life ( + krb5_get_init_creds_opt */*opt*/, + krb5_deltat /*tkt_life*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_password ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_principal /*client*/, + const char */*password*/, + krb5_prompter_fct /*prompter*/, + void */*data*/, + krb5_deltat /*start_time*/, + const char */*in_tkt_service*/, + krb5_get_init_creds_opt */*in_options*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_kdc_cred ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_kdc_flags /*flags*/, + krb5_addresses */*addresses*/, + Ticket */*second_ticket*/, + krb5_creds */*in_creds*/, + krb5_creds **out_creds ); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_krb524hst ( + krb5_context /*context*/, + const krb5_realm */*realm*/, + char ***/*hostlist*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_krb_admin_hst ( + krb5_context /*context*/, + const krb5_realm */*realm*/, + char ***/*hostlist*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_krb_changepw_hst ( + krb5_context /*context*/, + const krb5_realm */*realm*/, + char ***/*hostlist*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_krbhst ( + krb5_context /*context*/, + const krb5_realm */*realm*/, + char ***/*hostlist*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_pw_salt ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + krb5_salt */*salt*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_server_rcache ( + krb5_context /*context*/, + const krb5_data */*piece*/, + krb5_rcache */*id*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_get_use_admin_kdc (krb5_context /*context*/); + +size_t +krb5_get_wrapped_length ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + size_t /*data_len*/); + +int KRB5_LIB_FUNCTION +krb5_getportbyname ( + krb5_context /*context*/, + const char */*service*/, + const char */*proto*/, + int /*default_port*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_h_addr2addr ( + krb5_context /*context*/, + int /*af*/, + const char */*haddr*/, + krb5_address */*addr*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_h_addr2sockaddr ( + krb5_context /*context*/, + int /*af*/, + const char */*addr*/, + struct sockaddr */*sa*/, + krb5_socklen_t */*sa_size*/, + int /*port*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_h_errno_to_heim_errno (int /*eai_errno*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_have_error_string (krb5_context /*context*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_hmac ( + krb5_context /*context*/, + krb5_cksumtype /*cktype*/, + const void */*data*/, + size_t /*len*/, + unsigned /*usage*/, + krb5_keyblock */*key*/, + Checksum */*result*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_init_context (krb5_context */*context*/); + +void KRB5_LIB_FUNCTION +krb5_init_ets (krb5_context /*context*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_init_etype ( + krb5_context /*context*/, + unsigned */*len*/, + krb5_enctype **/*val*/, + const krb5_enctype */*etypes*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_initlog ( + krb5_context /*context*/, + const char */*program*/, + krb5_log_facility **/*fac*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_is_thread_safe (void); + +krb5_enctype +krb5_keyblock_get_enctype (const krb5_keyblock */*block*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_keyblock_init ( + krb5_context /*context*/, + krb5_enctype /*type*/, + const void */*data*/, + size_t /*size*/, + krb5_keyblock */*key*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_keyblock_key_proc ( + krb5_context /*context*/, + krb5_keytype /*type*/, + krb5_data */*salt*/, + krb5_const_pointer /*keyseed*/, + krb5_keyblock **/*key*/); + +void KRB5_LIB_FUNCTION +krb5_keyblock_zero (krb5_keyblock */*keyblock*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_keytab_key_proc ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_salt /*salt*/, + krb5_const_pointer /*keyseed*/, + krb5_keyblock **/*key*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_keytype_to_enctypes ( + krb5_context /*context*/, + krb5_keytype /*keytype*/, + unsigned */*len*/, + krb5_enctype **/*val*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_keytype_to_enctypes_default ( + krb5_context /*context*/, + krb5_keytype /*keytype*/, + unsigned */*len*/, + krb5_enctype **/*val*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_keytype_to_string ( + krb5_context /*context*/, + krb5_keytype /*keytype*/, + char **/*string*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_krbhst_format_string ( + krb5_context /*context*/, + const krb5_krbhst_info */*host*/, + char */*hostname*/, + size_t /*hostlen*/); + +void KRB5_LIB_FUNCTION +krb5_krbhst_free ( + krb5_context /*context*/, + krb5_krbhst_handle /*handle*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_krbhst_get_addrinfo ( + krb5_context /*context*/, + krb5_krbhst_info */*host*/, + struct addrinfo **/*ai*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_krbhst_init ( + krb5_context /*context*/, + const char */*realm*/, + unsigned int /*type*/, + krb5_krbhst_handle */*handle*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_krbhst_init_flags ( + krb5_context /*context*/, + const char */*realm*/, + unsigned int /*type*/, + int /*flags*/, + krb5_krbhst_handle */*handle*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_krbhst_next ( + krb5_context /*context*/, + krb5_krbhst_handle /*handle*/, + krb5_krbhst_info **/*host*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_krbhst_next_as_string ( + krb5_context /*context*/, + krb5_krbhst_handle /*handle*/, + char */*hostname*/, + size_t /*hostlen*/); + +void KRB5_LIB_FUNCTION +krb5_krbhst_reset ( + krb5_context /*context*/, + krb5_krbhst_handle /*handle*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_add_entry ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_keytab_entry */*entry*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_close ( + krb5_context /*context*/, + krb5_keytab /*id*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_kt_compare ( + krb5_context /*context*/, + krb5_keytab_entry */*entry*/, + krb5_const_principal /*principal*/, + krb5_kvno /*vno*/, + krb5_enctype /*enctype*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_copy_entry_contents ( + krb5_context /*context*/, + const krb5_keytab_entry */*in*/, + krb5_keytab_entry */*out*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_default ( + krb5_context /*context*/, + krb5_keytab */*id*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_default_modify_name ( + krb5_context /*context*/, + char */*name*/, + size_t /*namesize*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_default_name ( + krb5_context /*context*/, + char */*name*/, + size_t /*namesize*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_end_seq_get ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_kt_cursor */*cursor*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_free_entry ( + krb5_context /*context*/, + krb5_keytab_entry */*entry*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_get_entry ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_const_principal /*principal*/, + krb5_kvno /*kvno*/, + krb5_enctype /*enctype*/, + krb5_keytab_entry */*entry*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_get_name ( + krb5_context /*context*/, + krb5_keytab /*keytab*/, + char */*name*/, + size_t /*namesize*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_get_type ( + krb5_context /*context*/, + krb5_keytab /*keytab*/, + char */*prefix*/, + size_t /*prefixsize*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_next_entry ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_keytab_entry */*entry*/, + krb5_kt_cursor */*cursor*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_read_service_key ( + krb5_context /*context*/, + krb5_pointer /*keyprocarg*/, + krb5_principal /*principal*/, + krb5_kvno /*vno*/, + krb5_enctype /*enctype*/, + krb5_keyblock **/*key*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_register ( + krb5_context /*context*/, + const krb5_kt_ops */*ops*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_remove_entry ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_keytab_entry */*entry*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_resolve ( + krb5_context /*context*/, + const char */*name*/, + krb5_keytab */*id*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_start_seq_get ( + krb5_context /*context*/, + krb5_keytab /*id*/, + krb5_kt_cursor */*cursor*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_kuserok ( + krb5_context /*context*/, + krb5_principal /*principal*/, + const char */*luser*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_log ( + krb5_context /*context*/, + krb5_log_facility */*fac*/, + int /*level*/, + const char */*fmt*/, + ...) + __attribute__((format (printf, 4, 5))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_log_msg ( + krb5_context /*context*/, + krb5_log_facility */*fac*/, + int /*level*/, + char **/*reply*/, + const char */*fmt*/, + ...) + __attribute__((format (printf, 5, 6))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_make_addrport ( + krb5_context /*context*/, + krb5_address **/*res*/, + const krb5_address */*addr*/, + int16_t /*port*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_make_principal ( + krb5_context /*context*/, + krb5_principal */*principal*/, + krb5_const_realm /*realm*/, + ...); + +size_t KRB5_LIB_FUNCTION +krb5_max_sockaddr_size (void); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_mk_error ( + krb5_context /*context*/, + krb5_error_code /*error_code*/, + const char */*e_text*/, + const krb5_data */*e_data*/, + const krb5_principal /*client*/, + const krb5_principal /*server*/, + time_t */*client_time*/, + int */*client_usec*/, + krb5_data */*reply*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_mk_priv ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const krb5_data */*userdata*/, + krb5_data */*outbuf*/, + krb5_replay_data */*outdata*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_mk_rep ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_data */*outbuf*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_mk_req ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_flags /*ap_req_options*/, + const char */*service*/, + const char */*hostname*/, + krb5_data */*in_data*/, + krb5_ccache /*ccache*/, + krb5_data */*outbuf*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_mk_req_exact ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_flags /*ap_req_options*/, + const krb5_principal /*server*/, + krb5_data */*in_data*/, + krb5_ccache /*ccache*/, + krb5_data */*outbuf*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_mk_req_extended ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_flags /*ap_req_options*/, + krb5_data */*in_data*/, + krb5_creds */*in_creds*/, + krb5_data */*outbuf*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_mk_safe ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const krb5_data */*userdata*/, + krb5_data */*outbuf*/, + krb5_replay_data */*outdata*/); + +krb5_ssize_t KRB5_LIB_FUNCTION +krb5_net_read ( + krb5_context /*context*/, + void */*p_fd*/, + void */*buf*/, + size_t /*len*/); + +krb5_ssize_t KRB5_LIB_FUNCTION +krb5_net_write ( + krb5_context /*context*/, + void */*p_fd*/, + const void */*buf*/, + size_t /*len*/); + +krb5_ssize_t KRB5_LIB_FUNCTION +krb5_net_write_block ( + krb5_context /*context*/, + void */*p_fd*/, + const void */*buf*/, + size_t /*len*/, + time_t /*timeout*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_openlog ( + krb5_context /*context*/, + const char */*program*/, + krb5_log_facility **/*fac*/); + +int KRB5_LIB_FUNCTION +krb5_padata_add ( + krb5_context /*context*/, + METHOD_DATA */*md*/, + int /*type*/, + void */*buf*/, + size_t /*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_parse_address ( + krb5_context /*context*/, + const char */*string*/, + krb5_addresses */*addresses*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_parse_name ( + krb5_context /*context*/, + const char */*name*/, + krb5_principal */*principal*/); + +const char* KRB5_LIB_FUNCTION +krb5_passwd_result_to_string ( + krb5_context /*context*/, + int /*result*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_password_key_proc ( + krb5_context /*context*/, + krb5_enctype /*type*/, + krb5_salt /*salt*/, + krb5_const_pointer /*keyseed*/, + krb5_keyblock **/*key*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_prepend_config_files ( + const char */*filelist*/, + char **/*pq*/, + char ***/*ret_pp*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_prepend_config_files_default ( + const char */*filelist*/, + char ***/*pfilenames*/); + +krb5_realm* +krb5_princ_realm ( + krb5_context /*context*/, + krb5_principal /*principal*/); + +void KRB5_LIB_FUNCTION +krb5_princ_set_realm ( + krb5_context /*context*/, + krb5_principal /*principal*/, + krb5_realm */*realm*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_principal_compare ( + krb5_context /*context*/, + krb5_const_principal /*princ1*/, + krb5_const_principal /*princ2*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_principal_compare_any_realm ( + krb5_context /*context*/, + krb5_const_principal /*princ1*/, + krb5_const_principal /*princ2*/); + +const char* KRB5_LIB_FUNCTION +krb5_principal_get_comp_string ( + krb5_context /*context*/, + krb5_principal /*principal*/, + unsigned int /*component*/); + +const char* KRB5_LIB_FUNCTION +krb5_principal_get_realm ( + krb5_context /*context*/, + krb5_const_principal /*principal*/); + +int KRB5_LIB_FUNCTION +krb5_principal_get_type ( + krb5_context /*context*/, + krb5_principal /*principal*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_principal_match ( + krb5_context /*context*/, + krb5_const_principal /*princ*/, + krb5_const_principal /*pattern*/); + +void KRB5_LIB_FUNCTION +krb5_principal_set_type ( + krb5_context /*context*/, + krb5_principal /*principal*/, + int /*type*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_print_address ( + const krb5_address */*addr*/, + char */*str*/, + size_t /*len*/, + size_t */*ret_len*/); + +int KRB5_LIB_FUNCTION +krb5_program_setup ( + krb5_context */*context*/, + int /*argc*/, + char **/*argv*/, + struct getargs */*args*/, + int /*num_args*/, + void (*/*usage*/)(int, struct getargs*, int)); + +int KRB5_LIB_FUNCTION +krb5_prompter_posix ( + krb5_context /*context*/, + void */*data*/, + const char */*name*/, + const char */*banner*/, + int /*num_prompts*/, + krb5_prompt prompts[]); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_random_to_key ( + krb5_context /*context*/, + krb5_enctype /*type*/, + const void */*data*/, + size_t /*size*/, + krb5_keyblock */*key*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_close ( + krb5_context /*context*/, + krb5_rcache /*id*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_default ( + krb5_context /*context*/, + krb5_rcache */*id*/); + +const char* KRB5_LIB_FUNCTION +krb5_rc_default_name (krb5_context /*context*/); + +const char* KRB5_LIB_FUNCTION +krb5_rc_default_type (krb5_context /*context*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_destroy ( + krb5_context /*context*/, + krb5_rcache /*id*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_expunge ( + krb5_context /*context*/, + krb5_rcache /*id*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_get_lifespan ( + krb5_context /*context*/, + krb5_rcache /*id*/, + krb5_deltat */*auth_lifespan*/); + +const char* KRB5_LIB_FUNCTION +krb5_rc_get_name ( + krb5_context /*context*/, + krb5_rcache /*id*/); + +const char* KRB5_LIB_FUNCTION +krb5_rc_get_type ( + krb5_context /*context*/, + krb5_rcache /*id*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_initialize ( + krb5_context /*context*/, + krb5_rcache /*id*/, + krb5_deltat /*auth_lifespan*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_recover ( + krb5_context /*context*/, + krb5_rcache /*id*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_resolve ( + krb5_context /*context*/, + krb5_rcache /*id*/, + const char */*name*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_resolve_full ( + krb5_context /*context*/, + krb5_rcache */*id*/, + const char */*string_name*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_resolve_type ( + krb5_context /*context*/, + krb5_rcache */*id*/, + const char */*type*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_store ( + krb5_context /*context*/, + krb5_rcache /*id*/, + krb5_donot_replay */*rep*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_cred ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_data */*in_data*/, + krb5_creds ***/*ret_creds*/, + krb5_replay_data */*outdata*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_cred2 ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_ccache /*ccache*/, + krb5_data */*in_data*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_error ( + krb5_context /*context*/, + krb5_data */*msg*/, + KRB_ERROR */*result*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_priv ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const krb5_data */*inbuf*/, + krb5_data */*outbuf*/, + krb5_replay_data */*outdata*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_rep ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const krb5_data */*inbuf*/, + krb5_ap_rep_enc_part **/*repl*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_data */*inbuf*/, + krb5_const_principal /*server*/, + krb5_keytab /*keytab*/, + krb5_flags */*ap_req_options*/, + krb5_ticket **/*ticket*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_return_keyblock ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_data */*inbuf*/, + krb5_const_principal /*server*/, + krb5_keytab /*keytab*/, + krb5_flags */*ap_req_options*/, + krb5_ticket **/*ticket*/, + krb5_keyblock **/*keyblock*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_with_keyblock ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + const krb5_data */*inbuf*/, + krb5_const_principal /*server*/, + krb5_keyblock */*keyblock*/, + krb5_flags */*ap_req_options*/, + krb5_ticket **/*ticket*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_safe ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const krb5_data */*inbuf*/, + krb5_data */*outbuf*/, + krb5_replay_data */*outdata*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_read_message ( + krb5_context /*context*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_read_priv_message ( + krb5_context /*context*/, + krb5_auth_context /*ac*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_read_safe_message ( + krb5_context /*context*/, + krb5_auth_context /*ac*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_realm_compare ( + krb5_context /*context*/, + krb5_const_principal /*princ1*/, + krb5_const_principal /*princ2*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_recvauth ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + krb5_pointer /*p_fd*/, + const char */*appl_version*/, + krb5_principal /*server*/, + int32_t /*flags*/, + krb5_keytab /*keytab*/, + krb5_ticket **/*ticket*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_recvauth_match_version ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + krb5_pointer /*p_fd*/, + krb5_boolean (*/*match_appl_version*/)(const void *, const char*), + const void */*match_data*/, + krb5_principal /*server*/, + int32_t /*flags*/, + krb5_keytab /*keytab*/, + krb5_ticket **/*ticket*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_address ( + krb5_storage */*sp*/, + krb5_address */*adr*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_addrs ( + krb5_storage */*sp*/, + krb5_addresses */*adr*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_authdata ( + krb5_storage */*sp*/, + krb5_authdata */*auth*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_creds ( + krb5_storage */*sp*/, + krb5_creds */*creds*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_creds_tag ( + krb5_storage */*sp*/, + krb5_creds */*creds*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_data ( + krb5_storage */*sp*/, + krb5_data */*data*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_int16 ( + krb5_storage */*sp*/, + int16_t */*value*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_int32 ( + krb5_storage */*sp*/, + int32_t */*value*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_int8 ( + krb5_storage */*sp*/, + int8_t */*value*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_keyblock ( + krb5_storage */*sp*/, + krb5_keyblock */*p*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_principal ( + krb5_storage */*sp*/, + krb5_principal */*princ*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_string ( + krb5_storage */*sp*/, + char **/*string*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_stringz ( + krb5_storage */*sp*/, + char **/*string*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_times ( + krb5_storage */*sp*/, + krb5_times */*times*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_salttype_to_string ( + krb5_context /*context*/, + krb5_enctype /*etype*/, + krb5_salttype /*stype*/, + char **/*string*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_sendauth ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + krb5_pointer /*p_fd*/, + const char */*appl_version*/, + krb5_principal /*client*/, + krb5_principal /*server*/, + krb5_flags /*ap_req_options*/, + krb5_data */*in_data*/, + krb5_creds */*in_creds*/, + krb5_ccache /*ccache*/, + krb5_error **/*ret_error*/, + krb5_ap_rep_enc_part **/*rep_result*/, + krb5_creds **/*out_creds*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_sendto ( + krb5_context /*context*/, + const krb5_data */*send_data*/, + krb5_krbhst_handle /*handle*/, + krb5_data */*receive*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_sendto_kdc ( + krb5_context /*context*/, + const krb5_data */*send_data*/, + const krb5_realm */*realm*/, + krb5_data */*receive*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_sendto_kdc_flags ( + krb5_context /*context*/, + const krb5_data */*send_data*/, + const krb5_realm */*realm*/, + krb5_data */*receive*/, + int /*flags*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_config_files ( + krb5_context /*context*/, + char **/*filenames*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_default_in_tkt_etypes ( + krb5_context /*context*/, + const krb5_enctype */*etypes*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_default_realm ( + krb5_context /*context*/, + const char */*realm*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_error_string ( + krb5_context /*context*/, + const char */*fmt*/, + ...) + __attribute__((format (printf, 2, 3))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_extra_addresses ( + krb5_context /*context*/, + const krb5_addresses */*addresses*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_fcache_version ( + krb5_context /*context*/, + int /*version*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_ignore_addresses ( + krb5_context /*context*/, + const krb5_addresses */*addresses*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_password ( + krb5_context /*context*/, + krb5_creds */*creds*/, + char */*newpw*/, + krb5_principal /*targprinc*/, + int */*result_code*/, + krb5_data */*result_code_string*/, + krb5_data */*result_string*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_password_using_ccache ( + krb5_context /*context*/, + krb5_ccache /*ccache*/, + char */*newpw*/, + krb5_principal /*targprinc*/, + int */*result_code*/, + krb5_data */*result_code_string*/, + krb5_data */*result_string*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_real_time ( + krb5_context /*context*/, + krb5_timestamp /*sec*/, + int32_t /*usec*/); + +void KRB5_LIB_FUNCTION +krb5_set_use_admin_kdc ( + krb5_context /*context*/, + krb5_boolean /*flag*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_warn_dest ( + krb5_context /*context*/, + krb5_log_facility */*fac*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_sname_to_principal ( + krb5_context /*context*/, + const char */*hostname*/, + const char */*sname*/, + int32_t /*type*/, + krb5_principal */*ret_princ*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_sock_to_principal ( + krb5_context /*context*/, + int /*sock*/, + const char */*sname*/, + int32_t /*type*/, + krb5_principal */*ret_princ*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_sockaddr2address ( + krb5_context /*context*/, + const struct sockaddr */*sa*/, + krb5_address */*addr*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_sockaddr2port ( + krb5_context /*context*/, + const struct sockaddr */*sa*/, + int16_t */*port*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_sockaddr_uninteresting (const struct sockaddr */*sa*/); + +void KRB5_LIB_FUNCTION +krb5_std_usage ( + int /*code*/, + struct getargs */*args*/, + int /*num_args*/); + +void KRB5_LIB_FUNCTION +krb5_storage_clear_flags ( + krb5_storage */*sp*/, + krb5_flags /*flags*/); + +krb5_storage * KRB5_LIB_FUNCTION +krb5_storage_emem (void); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_storage_free (krb5_storage */*sp*/); + +krb5_storage * KRB5_LIB_FUNCTION +krb5_storage_from_data (krb5_data */*data*/); + +krb5_storage * KRB5_LIB_FUNCTION +krb5_storage_from_fd (int /*fd*/); + +krb5_storage * KRB5_LIB_FUNCTION +krb5_storage_from_mem ( + void */*buf*/, + size_t /*len*/); + +krb5_flags KRB5_LIB_FUNCTION +krb5_storage_get_byteorder ( + krb5_storage */*sp*/, + krb5_flags /*byteorder*/); + +krb5_boolean KRB5_LIB_FUNCTION +krb5_storage_is_flags ( + krb5_storage */*sp*/, + krb5_flags /*flags*/); + +krb5_ssize_t KRB5_LIB_FUNCTION +krb5_storage_read ( + krb5_storage */*sp*/, + void */*buf*/, + size_t /*len*/); + +off_t KRB5_LIB_FUNCTION +krb5_storage_seek ( + krb5_storage */*sp*/, + off_t /*offset*/, + int /*whence*/); + +void KRB5_LIB_FUNCTION +krb5_storage_set_byteorder ( + krb5_storage */*sp*/, + krb5_flags /*byteorder*/); + +void KRB5_LIB_FUNCTION +krb5_storage_set_eof_code ( + krb5_storage */*sp*/, + int /*code*/); + +void KRB5_LIB_FUNCTION +krb5_storage_set_flags ( + krb5_storage */*sp*/, + krb5_flags /*flags*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_storage_to_data ( + krb5_storage */*sp*/, + krb5_data */*data*/); + +krb5_ssize_t KRB5_LIB_FUNCTION +krb5_storage_write ( + krb5_storage */*sp*/, + const void */*buf*/, + size_t /*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_address ( + krb5_storage */*sp*/, + krb5_address /*p*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_addrs ( + krb5_storage */*sp*/, + krb5_addresses /*p*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_authdata ( + krb5_storage */*sp*/, + krb5_authdata /*auth*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_creds ( + krb5_storage */*sp*/, + krb5_creds */*creds*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_creds_tag ( + krb5_storage */*sp*/, + krb5_creds */*creds*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_data ( + krb5_storage */*sp*/, + krb5_data /*data*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_int16 ( + krb5_storage */*sp*/, + int16_t /*value*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_int32 ( + krb5_storage */*sp*/, + int32_t /*value*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_int8 ( + krb5_storage */*sp*/, + int8_t /*value*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_keyblock ( + krb5_storage */*sp*/, + krb5_keyblock /*p*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_principal ( + krb5_storage */*sp*/, + krb5_principal /*p*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_string ( + krb5_storage */*sp*/, + const char */*s*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_stringz ( + krb5_storage */*sp*/, + const char */*s*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_times ( + krb5_storage */*sp*/, + krb5_times /*times*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_deltat ( + const char */*string*/, + krb5_deltat */*deltat*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_enctype ( + krb5_context /*context*/, + const char */*string*/, + krb5_enctype */*etype*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_key ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + const char */*password*/, + krb5_principal /*principal*/, + krb5_keyblock */*key*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_key_data ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_data /*password*/, + krb5_principal /*principal*/, + krb5_keyblock */*key*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_key_data_salt ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_data /*password*/, + krb5_salt /*salt*/, + krb5_keyblock */*key*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_key_data_salt_opaque ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_data /*password*/, + krb5_salt /*salt*/, + krb5_data /*opaque*/, + krb5_keyblock */*key*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_key_derived ( + krb5_context /*context*/, + const void */*str*/, + size_t /*len*/, + krb5_enctype /*etype*/, + krb5_keyblock */*key*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_key_salt ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + const char */*password*/, + krb5_salt /*salt*/, + krb5_keyblock */*key*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_key_salt_opaque ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + const char */*password*/, + krb5_salt /*salt*/, + krb5_data /*opaque*/, + krb5_keyblock */*key*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_keytype ( + krb5_context /*context*/, + const char */*string*/, + krb5_keytype */*keytype*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_salttype ( + krb5_context /*context*/, + krb5_enctype /*etype*/, + const char */*string*/, + krb5_salttype */*salttype*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ticket_get_authorization_data_type ( + krb5_context /*context*/, + krb5_ticket */*ticket*/, + int /*type*/, + krb5_data */*data*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ticket_get_client ( + krb5_context /*context*/, + const krb5_ticket */*ticket*/, + krb5_principal */*client*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ticket_get_server ( + krb5_context /*context*/, + const krb5_ticket */*ticket*/, + krb5_principal */*server*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_timeofday ( + krb5_context /*context*/, + krb5_timestamp */*timeret*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_unparse_name ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + char **/*name*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_unparse_name_fixed ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + char */*name*/, + size_t /*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_unparse_name_fixed_short ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + char */*name*/, + size_t /*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_unparse_name_short ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + char **/*name*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_us_timeofday ( + krb5_context /*context*/, + krb5_timestamp */*sec*/, + int32_t */*usec*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_vabort ( + krb5_context /*context*/, + krb5_error_code /*code*/, + const char */*fmt*/, + va_list /*ap*/) + __attribute__ ((noreturn, format (printf, 3, 0))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_vabortx ( + krb5_context /*context*/, + const char */*fmt*/, + va_list /*ap*/) + __attribute__ ((noreturn, format (printf, 2, 0))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_verify_ap_req ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + krb5_ap_req */*ap_req*/, + krb5_const_principal /*server*/, + krb5_keyblock */*keyblock*/, + krb5_flags /*flags*/, + krb5_flags */*ap_req_options*/, + krb5_ticket **/*ticket*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_verify_ap_req2 ( + krb5_context /*context*/, + krb5_auth_context */*auth_context*/, + krb5_ap_req */*ap_req*/, + krb5_const_principal /*server*/, + krb5_keyblock */*keyblock*/, + krb5_flags /*flags*/, + krb5_flags */*ap_req_options*/, + krb5_ticket **/*ticket*/, + krb5_key_usage /*usage*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_verify_authenticator_checksum ( + krb5_context /*context*/, + krb5_auth_context /*ac*/, + void */*data*/, + size_t /*len*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_verify_checksum ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + krb5_key_usage /*usage*/, + void */*data*/, + size_t /*len*/, + Checksum */*cksum*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_verify_init_creds ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_principal /*ap_req_server*/, + krb5_keytab /*ap_req_keytab*/, + krb5_ccache */*ccache*/, + krb5_verify_init_creds_opt */*options*/); + +void KRB5_LIB_FUNCTION +krb5_verify_init_creds_opt_init (krb5_verify_init_creds_opt */*options*/); + +void KRB5_LIB_FUNCTION +krb5_verify_init_creds_opt_set_ap_req_nofail ( + krb5_verify_init_creds_opt */*options*/, + int /*ap_req_nofail*/); + +void KRB5_LIB_FUNCTION +krb5_verify_opt_init (krb5_verify_opt */*opt*/); + +void KRB5_LIB_FUNCTION +krb5_verify_opt_set_ccache ( + krb5_verify_opt */*opt*/, + krb5_ccache /*ccache*/); + +void KRB5_LIB_FUNCTION +krb5_verify_opt_set_flags ( + krb5_verify_opt */*opt*/, + unsigned int /*flags*/); + +void KRB5_LIB_FUNCTION +krb5_verify_opt_set_keytab ( + krb5_verify_opt */*opt*/, + krb5_keytab /*keytab*/); + +void KRB5_LIB_FUNCTION +krb5_verify_opt_set_secure ( + krb5_verify_opt */*opt*/, + krb5_boolean /*secure*/); + +void KRB5_LIB_FUNCTION +krb5_verify_opt_set_service ( + krb5_verify_opt */*opt*/, + const char */*service*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_verify_user ( + krb5_context /*context*/, + krb5_principal /*principal*/, + krb5_ccache /*ccache*/, + const char */*password*/, + krb5_boolean /*secure*/, + const char */*service*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_verify_user_lrealm ( + krb5_context /*context*/, + krb5_principal /*principal*/, + krb5_ccache /*ccache*/, + const char */*password*/, + krb5_boolean /*secure*/, + const char */*service*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_verify_user_opt ( + krb5_context /*context*/, + krb5_principal /*principal*/, + const char */*password*/, + krb5_verify_opt */*opt*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_verr ( + krb5_context /*context*/, + int /*eval*/, + krb5_error_code /*code*/, + const char */*fmt*/, + va_list /*ap*/) + __attribute__ ((noreturn, format (printf, 4, 0))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_verrx ( + krb5_context /*context*/, + int /*eval*/, + const char */*fmt*/, + va_list /*ap*/) + __attribute__ ((noreturn, format (printf, 3, 0))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_vlog ( + krb5_context /*context*/, + krb5_log_facility */*fac*/, + int /*level*/, + const char */*fmt*/, + va_list /*ap*/) + __attribute__((format (printf, 4, 0))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_vlog_msg ( + krb5_context /*context*/, + krb5_log_facility */*fac*/, + char **/*reply*/, + int /*level*/, + const char */*fmt*/, + va_list /*ap*/) + __attribute__((format (printf, 5, 0))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_vset_error_string ( + krb5_context /*context*/, + const char */*fmt*/, + va_list /*args*/) + __attribute__ ((format (printf, 2, 0))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_vwarn ( + krb5_context /*context*/, + krb5_error_code /*code*/, + const char */*fmt*/, + va_list /*ap*/) + __attribute__ ((format (printf, 3, 0))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_vwarnx ( + krb5_context /*context*/, + const char */*fmt*/, + va_list /*ap*/) + __attribute__ ((format (printf, 2, 0))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_warn ( + krb5_context /*context*/, + krb5_error_code /*code*/, + const char */*fmt*/, + ...) + __attribute__ ((format (printf, 3, 4))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_warnx ( + krb5_context /*context*/, + const char */*fmt*/, + ...) + __attribute__ ((format (printf, 2, 3))); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_write_message ( + krb5_context /*context*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_write_priv_message ( + krb5_context /*context*/, + krb5_auth_context /*ac*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_write_safe_message ( + krb5_context /*context*/, + krb5_auth_context /*ac*/, + krb5_pointer /*p_fd*/, + krb5_data */*data*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_xfree (void */*ptr*/); + +#ifdef __cplusplus +} +#endif + +#endif /* __krb5_protos_h__ */ diff --git a/source4/heimdal/lib/krb5/krb5-v4compat.h b/source4/heimdal/lib/krb5/krb5-v4compat.h new file mode 100644 index 0000000000..1d092dcbc9 --- /dev/null +++ b/source4/heimdal/lib/krb5/krb5-v4compat.h @@ -0,0 +1,176 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: krb5-v4compat.h,v 1.6 2005/04/23 19:38:16 lha Exp $ */ + +#ifndef __KRB5_V4COMPAT_H__ +#define __KRB5_V4COMPAT_H__ + +/* + * This file must only be included with v4 compat glue stuff in + * heimdal sources. + * + * It MUST NOT be installed. + */ + +#define KRB_PROT_VERSION 4 + +#define AUTH_MSG_KDC_REQUEST (1<<1) +#define AUTH_MSG_KDC_REPLY (2<<1) +#define AUTH_MSG_APPL_REQUEST (3<<1) +#define AUTH_MSG_APPL_REQUEST_MUTUAL (4<<1) +#define AUTH_MSG_ERR_REPLY (5<<1) +#define AUTH_MSG_PRIVATE (6<<1) +#define AUTH_MSG_SAFE (7<<1) +#define AUTH_MSG_APPL_ERR (8<<1) +#define AUTH_MSG_KDC_FORWARD (9<<1) +#define AUTH_MSG_KDC_RENEW (10<<1) +#define AUTH_MSG_DIE (63<<1) + +/* values for kerb error codes */ + +#define KERB_ERR_OK 0 +#define KERB_ERR_NAME_EXP 1 +#define KERB_ERR_SERVICE_EXP 2 +#define KERB_ERR_AUTH_EXP 3 +#define KERB_ERR_PKT_VER 4 +#define KERB_ERR_NAME_MAST_KEY_VER 5 +#define KERB_ERR_SERV_MAST_KEY_VER 6 +#define KERB_ERR_BYTE_ORDER 7 +#define KERB_ERR_PRINCIPAL_UNKNOWN 8 +#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9 +#define KERB_ERR_NULL_KEY 10 +#define KERB_ERR_TIMEOUT 11 + + +/* Error codes returned from the KDC */ +#define KDC_OK 0 /* Request OK */ +#define KDC_NAME_EXP 1 /* Principal expired */ +#define KDC_SERVICE_EXP 2 /* Service expired */ +#define KDC_AUTH_EXP 3 /* Auth expired */ +#define KDC_PKT_VER 4 /* Protocol version unknown */ +#define KDC_P_MKEY_VER 5 /* Wrong master key version */ +#define KDC_S_MKEY_VER 6 /* Wrong master key version */ +#define KDC_BYTE_ORDER 7 /* Byte order unknown */ +#define KDC_PR_UNKNOWN 8 /* Principal unknown */ +#define KDC_PR_N_UNIQUE 9 /* Principal not unique */ +#define KDC_NULL_KEY 10 /* Principal has null key */ +#define KDC_GEN_ERR 20 /* Generic error from KDC */ + +/* General definitions */ +#define KSUCCESS 0 +#define KFAILURE 255 + +/* Values returned by rd_ap_req */ +#define RD_AP_OK 0 /* Request authentic */ +#define RD_AP_UNDEC 31 /* Can't decode authenticator */ +#define RD_AP_EXP 32 /* Ticket expired */ +#define RD_AP_NYV 33 /* Ticket not yet valid */ +#define RD_AP_REPEAT 34 /* Repeated request */ +#define RD_AP_NOT_US 35 /* The ticket isn't for us */ +#define RD_AP_INCON 36 /* Request is inconsistent */ +#define RD_AP_TIME 37 /* delta_t too big */ +#define RD_AP_BADD 38 /* Incorrect net address */ +#define RD_AP_VERSION 39 /* protocol version mismatch */ +#define RD_AP_MSG_TYPE 40 /* invalid msg type */ +#define RD_AP_MODIFIED 41 /* message stream modified */ +#define RD_AP_ORDER 42 /* message out of order */ +#define RD_AP_UNAUTHOR 43 /* unauthorized request */ + +/* */ + +#define MAX_KTXT_LEN 1250 + +#define ANAME_SZ 40 +#define REALM_SZ 40 +#define SNAME_SZ 40 +#define INST_SZ 40 + +struct ktext { + unsigned int length; /* Length of the text */ + unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ + u_int32_t mbz; /* zero to catch runaway strings */ +}; + +struct credentials { + char service[ANAME_SZ]; /* Service name */ + char instance[INST_SZ]; /* Instance */ + char realm[REALM_SZ]; /* Auth domain */ + char session[8]; /* Session key */ + int lifetime; /* Lifetime */ + int kvno; /* Key version number */ + struct ktext ticket_st; /* The ticket itself */ + int32_t issue_date; /* The issue time */ + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* Principal's instance */ +}; + +#define TKTLIFENUMFIXED 64 +#define TKTLIFEMINFIXED 0x80 +#define TKTLIFEMAXFIXED 0xBF +#define TKTLIFENOEXPIRE 0xFF +#define MAXTKTLIFETIME (30*24*3600) /* 30 days */ +#ifndef NEVERDATE +#define NEVERDATE ((time_t)0x7fffffffL) +#endif + +#define KERB_ERR_NULL_KEY 10 + +#define CLOCK_SKEW 5*60 + +#ifndef TKT_ROOT +#define TKT_ROOT "/tmp/tkt" +#endif + +struct _krb5_krb_auth_data { + int8_t k_flags; /* Flags from ticket */ + char *pname; /* Principal's name */ + char *pinst; /* His Instance */ + char *prealm; /* His Realm */ + u_int32_t checksum; /* Data checksum (opt) */ + krb5_keyblock session; /* Session Key */ + unsigned char life; /* Life of ticket */ + u_int32_t time_sec; /* Time ticket issued */ + u_int32_t address; /* Address in ticket */ +}; + +time_t _krb5_krb_life_to_time (int, int); +int _krb5_krb_time_to_life (time_t, time_t); +krb5_error_code _krb5_krb_tf_setup (krb5_context, struct credentials *, + const char *, int); +krb5_error_code _krb5_krb_dest_tkt(krb5_context, const char *); + +#define krb_time_to_life _krb5_krb_time_to_life +#define krb_life_to_time _krb5_krb_life_to_time + +#endif /* __KRB5_V4COMPAT_H__ */ diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h new file mode 100644 index 0000000000..890a500caa --- /dev/null +++ b/source4/heimdal/lib/krb5/krb5.h @@ -0,0 +1,754 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: krb5.h,v 1.236 2005/06/11 00:05:24 lha Exp $ */ + +#ifndef __KRB5_H__ +#define __KRB5_H__ + +#include +#include + +#include +#include +#include +#include + +#include + +/* name confusion with MIT */ +#ifndef KRB5KDC_ERR_KEY_EXP +#define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED +#endif + +/* simple constants */ + +#ifndef TRUE +#define TRUE 1 +#define FALSE 0 +#endif + +typedef int krb5_boolean; + +typedef int32_t krb5_error_code; + +typedef int krb5_kvno; + +typedef u_int32_t krb5_flags; + +typedef void *krb5_pointer; +typedef const void *krb5_const_pointer; + +struct krb5_crypto_data; +typedef struct krb5_crypto_data *krb5_crypto; + +typedef CKSUMTYPE krb5_cksumtype; + +typedef Checksum krb5_checksum; + +typedef ENCTYPE krb5_enctype; + +typedef heim_octet_string krb5_data; + +/* PKINIT related forward declarations */ +struct ContentInfo; +struct krb5_pk_identity; +struct krb5_pk_cert; + +/* krb5_enc_data is a mit compat structure */ +typedef struct krb5_enc_data { + krb5_enctype enctype; + krb5_kvno kvno; + krb5_data ciphertext; +} krb5_enc_data; + +/* alternative names */ +enum { + ENCTYPE_NULL = ETYPE_NULL, + ENCTYPE_DES_CBC_CRC = ETYPE_DES_CBC_CRC, + ENCTYPE_DES_CBC_MD4 = ETYPE_DES_CBC_MD4, + ENCTYPE_DES_CBC_MD5 = ETYPE_DES_CBC_MD5, + ENCTYPE_DES3_CBC_MD5 = ETYPE_DES3_CBC_MD5, + ENCTYPE_OLD_DES3_CBC_SHA1 = ETYPE_OLD_DES3_CBC_SHA1, + ENCTYPE_SIGN_DSA_GENERATE = ETYPE_SIGN_DSA_GENERATE, + ENCTYPE_ENCRYPT_RSA_PRIV = ETYPE_ENCRYPT_RSA_PRIV, + ENCTYPE_ENCRYPT_RSA_PUB = ETYPE_ENCRYPT_RSA_PUB, + ENCTYPE_DES3_CBC_SHA1 = ETYPE_DES3_CBC_SHA1, + ENCTYPE_AES128_CTS_HMAC_SHA1_96 = ETYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_AES256_CTS_HMAC_SHA1_96 = ETYPE_AES256_CTS_HMAC_SHA1_96, + ENCTYPE_ARCFOUR_HMAC = ETYPE_ARCFOUR_HMAC_MD5, + ENCTYPE_ARCFOUR_HMAC_MD5 = ETYPE_ARCFOUR_HMAC_MD5, + ENCTYPE_ARCFOUR_HMAC_MD5_56 = ETYPE_ARCFOUR_HMAC_MD5_56, + ENCTYPE_ENCTYPE_PK_CROSS = ETYPE_ENCTYPE_PK_CROSS, + ENCTYPE_DES_CBC_NONE = ETYPE_DES_CBC_NONE, + ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE, + ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE, + ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE +}; + +typedef PADATA_TYPE krb5_preauthtype; + +typedef enum krb5_key_usage { + KRB5_KU_PA_ENC_TIMESTAMP = 1, + /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the + client key (section 5.4.1) */ + KRB5_KU_TICKET = 2, + /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or + application session key), encrypted with the service key + (section 5.4.2) */ + KRB5_KU_AS_REP_ENC_PART = 3, + /* AS-REP encrypted part (includes tgs session key or application + session key), encrypted with the client key (section 5.4.2) */ + KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4, + /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs + session key (section 5.4.1) */ + KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5, + /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs + authenticator subkey (section 5.4.1) */ + KRB5_KU_TGS_REQ_AUTH_CKSUM = 6, + /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed + with the tgs session key (sections 5.3.2, 5.4.1) */ + KRB5_KU_TGS_REQ_AUTH = 7, + /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs + authenticator subkey), encrypted with the tgs session key + (section 5.3.2) */ + KRB5_KU_TGS_REP_ENC_PART_SESSION = 8, + /* TGS-REP encrypted part (includes application session key), + encrypted with the tgs session key (section 5.4.2) */ + KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9, + /* TGS-REP encrypted part (includes application session key), + encrypted with the tgs authenticator subkey (section 5.4.2) */ + KRB5_KU_AP_REQ_AUTH_CKSUM = 10, + /* AP-REQ Authenticator cksum, keyed with the application session + key (section 5.3.2) */ + KRB5_KU_AP_REQ_AUTH = 11, + /* AP-REQ Authenticator (includes application authenticator + subkey), encrypted with the application session key (section + 5.3.2) */ + KRB5_KU_AP_REQ_ENC_PART = 12, + /* AP-REP encrypted part (includes application session subkey), + encrypted with the application session key (section 5.5.2) */ + KRB5_KU_KRB_PRIV = 13, + /* KRB-PRIV encrypted part, encrypted with a key chosen by the + application (section 5.7.1) */ + KRB5_KU_KRB_CRED = 14, + /* KRB-CRED encrypted part, encrypted with a key chosen by the + application (section 5.8.1) */ + KRB5_KU_KRB_SAFE_CKSUM = 15, + /* KRB-SAFE cksum, keyed with a key chosen by the application + (section 5.6.1) */ + KRB5_KU_OTHER_ENCRYPTED = 16, + /* Data which is defined in some specification outside of + Kerberos to be encrypted using an RFC1510 encryption type. */ + KRB5_KU_OTHER_CKSUM = 17, + /* Data which is defined in some specification outside of + Kerberos to be checksummed using an RFC1510 checksum type. */ + KRB5_KU_KRB_ERROR = 18, + /* Krb-error checksum */ + KRB5_KU_AD_KDC_ISSUED = 19, + /* AD-KDCIssued checksum */ + KRB5_KU_MANDATORY_TICKET_EXTENSION = 20, + /* Checksum for Mandatory Ticket Extensions */ + KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21, + /* Checksum in Authorization Data in Ticket Extensions */ + KRB5_KU_USAGE_SEAL = 22, + /* seal in GSSAPI krb5 mechanism */ + KRB5_KU_USAGE_SIGN = 23, + /* sign in GSSAPI krb5 mechanism */ + KRB5_KU_USAGE_SEQ = 24, + /* SEQ in GSSAPI krb5 mechanism */ + KRB5_KU_USAGE_ACCEPTOR_SEAL = 22, + /* acceptor sign in GSSAPI CFX krb5 mechanism */ + KRB5_KU_USAGE_ACCEPTOR_SIGN = 23, + /* acceptor seal in GSSAPI CFX krb5 mechanism */ + KRB5_KU_USAGE_INITIATOR_SEAL = 24, + /* initiator sign in GSSAPI CFX krb5 mechanism */ + KRB5_KU_USAGE_INITIATOR_SIGN = 25, + /* initiator seal in GSSAPI CFX krb5 mechanism */ + KRB5_KU_PA_SERVER_REFERRAL_DATA = 22, + /* encrypted server referral data */ + KRB5_KU_SAM_CHECKSUM = 25, + /* Checksum for the SAM-CHECKSUM field */ + KRB5_KU_SAM_ENC_TRACK_ID = 26, + /* Encryption of the SAM-TRACK-ID field */ + KRB5_KU_PA_SERVER_REFERRAL = 26, + /* Keyusage for the server referral in a TGS req */ + KRB5_KU_SAM_ENC_NONCE_SAD = 27 + /* Encryption of the SAM-NONCE-OR-SAD field */ +} krb5_key_usage; + +typedef krb5_key_usage krb5_keyusage; + +typedef enum krb5_salttype { + KRB5_PW_SALT = KRB5_PADATA_PW_SALT, + KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT +}krb5_salttype; + +typedef struct krb5_salt { + krb5_salttype salttype; + krb5_data saltvalue; +} krb5_salt; + +typedef ETYPE_INFO krb5_preauthinfo; + +typedef struct { + krb5_preauthtype type; + krb5_preauthinfo info; /* list of preauthinfo for this type */ +} krb5_preauthdata_entry; + +typedef struct krb5_preauthdata { + unsigned len; + krb5_preauthdata_entry *val; +}krb5_preauthdata; + +typedef enum krb5_address_type { + KRB5_ADDRESS_INET = 2, + KRB5_ADDRESS_INET6 = 24, + KRB5_ADDRESS_ADDRPORT = 256, + KRB5_ADDRESS_IPPORT = 257 +} krb5_address_type; + +enum { + AP_OPTS_USE_SESSION_KEY = 1, + AP_OPTS_MUTUAL_REQUIRED = 2, + AP_OPTS_USE_SUBKEY = 4 /* library internal */ +}; + +typedef HostAddress krb5_address; + +typedef HostAddresses krb5_addresses; + +typedef enum krb5_keytype { + KEYTYPE_NULL = 0, + KEYTYPE_DES = 1, + KEYTYPE_DES3 = 7, + KEYTYPE_AES128 = 17, + KEYTYPE_AES256 = 18, + KEYTYPE_ARCFOUR = 23, + KEYTYPE_ARCFOUR_56 = 24, + KEYTYPE_RC2 = -0x1005, + KEYTYPE_AES192 = -0x1006 +} krb5_keytype; + +typedef EncryptionKey krb5_keyblock; + +typedef AP_REQ krb5_ap_req; + +struct krb5_cc_ops; + +#define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_" + +#define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT + +#define KRB5_ACCEPT_NULL_ADDRESSES(C) \ + krb5_config_get_bool_default((C), NULL, TRUE, \ + "libdefaults", "accept_null_addresses", \ + NULL) + +typedef void *krb5_cc_cursor; + +typedef struct krb5_ccache_data { + const struct krb5_cc_ops *ops; + krb5_data data; +}krb5_ccache_data; + +typedef struct krb5_ccache_data *krb5_ccache; + +typedef struct krb5_context_data *krb5_context; + +typedef Realm krb5_realm; +typedef const char *krb5_const_realm; /* stupid language */ + +#define krb5_realm_length(r) strlen(r) +#define krb5_realm_data(r) (r) + +typedef Principal krb5_principal_data; +typedef struct Principal *krb5_principal; +typedef const struct Principal *krb5_const_principal; + +typedef time_t krb5_deltat; +typedef time_t krb5_timestamp; + +typedef struct krb5_times { + krb5_timestamp authtime; + krb5_timestamp starttime; + krb5_timestamp endtime; + krb5_timestamp renew_till; +} krb5_times; + +typedef union { + TicketFlags b; + krb5_flags i; +} krb5_ticket_flags; + +/* options for krb5_get_in_tkt() */ +#define KDC_OPT_FORWARDABLE (1 << 1) +#define KDC_OPT_FORWARDED (1 << 2) +#define KDC_OPT_PROXIABLE (1 << 3) +#define KDC_OPT_PROXY (1 << 4) +#define KDC_OPT_ALLOW_POSTDATE (1 << 5) +#define KDC_OPT_POSTDATED (1 << 6) +#define KDC_OPT_RENEWABLE (1 << 8) +#define KDC_OPT_REQUEST_ANONYMOUS (1 << 14) +#define KDC_OPT_DISABLE_TRANSITED_CHECK (1 << 26) +#define KDC_OPT_RENEWABLE_OK (1 << 27) +#define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28) +#define KDC_OPT_RENEW (1 << 30) +#define KDC_OPT_VALIDATE (1 << 31) + +typedef union { + KDCOptions b; + krb5_flags i; +} krb5_kdc_flags; + +/* flags for krb5_verify_ap_req */ + +#define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0) + +#define KRB5_GC_CACHED (1U << 0) +#define KRB5_GC_USER_USER (1U << 1) +#define KRB5_GC_EXPIRED_OK (1U << 2) + +/* constants for compare_creds (and cc_retrieve_cred) */ +#define KRB5_TC_DONT_MATCH_REALM (1U << 31) +#define KRB5_TC_MATCH_KEYTYPE (1U << 30) +#define KRB5_TC_MATCH_KTYPE KRB5_TC_MATCH_KEYTYPE /* MIT name */ +#define KRB5_TC_MATCH_SRV_NAMEONLY (1 << 29) +#define KRB5_TC_MATCH_FLAGS_EXACT (1 << 28) +#define KRB5_TC_MATCH_FLAGS (1 << 27) +#define KRB5_TC_MATCH_TIMES_EXACT (1 << 26) +#define KRB5_TC_MATCH_TIMES (1 << 25) +#define KRB5_TC_MATCH_AUTHDATA (1 << 24) +#define KRB5_TC_MATCH_2ND_TKT (1 << 23) +#define KRB5_TC_MATCH_IS_SKEY (1 << 22) + +typedef AuthorizationData krb5_authdata; + +typedef KRB_ERROR krb5_error; + +typedef struct krb5_creds { + krb5_principal client; + krb5_principal server; + krb5_keyblock session; + krb5_times times; + krb5_data ticket; + krb5_data second_ticket; + krb5_authdata authdata; + krb5_addresses addresses; + krb5_ticket_flags flags; +} krb5_creds; + +typedef struct krb5_cc_ops { + const char *prefix; + const char* (*get_name)(krb5_context, krb5_ccache); + krb5_error_code (*resolve)(krb5_context, krb5_ccache *, const char *); + krb5_error_code (*gen_new)(krb5_context, krb5_ccache *); + krb5_error_code (*init)(krb5_context, krb5_ccache, krb5_principal); + krb5_error_code (*destroy)(krb5_context, krb5_ccache); + krb5_error_code (*close)(krb5_context, krb5_ccache); + krb5_error_code (*store)(krb5_context, krb5_ccache, krb5_creds*); + krb5_error_code (*retrieve)(krb5_context, krb5_ccache, + krb5_flags, const krb5_creds*, krb5_creds *); + krb5_error_code (*get_princ)(krb5_context, krb5_ccache, krb5_principal*); + krb5_error_code (*get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *); + krb5_error_code (*get_next)(krb5_context, krb5_ccache, + krb5_cc_cursor*, krb5_creds*); + krb5_error_code (*end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*); + krb5_error_code (*remove_cred)(krb5_context, krb5_ccache, + krb5_flags, krb5_creds*); + krb5_error_code (*set_flags)(krb5_context, krb5_ccache, krb5_flags); + int (*get_version)(krb5_context, krb5_ccache); +} krb5_cc_ops; + +struct krb5_log_facility; + +struct krb5_config_binding { + enum { krb5_config_string, krb5_config_list } type; + char *name; + struct krb5_config_binding *next; + union { + char *string; + struct krb5_config_binding *list; + void *generic; + } u; +}; + +typedef struct krb5_config_binding krb5_config_binding; + +typedef krb5_config_binding krb5_config_section; + +typedef struct krb5_context_data { + krb5_enctype *etypes; + krb5_enctype *etypes_des; + char **default_realms; + time_t max_skew; + time_t kdc_timeout; + unsigned max_retries; + int32_t kdc_sec_offset; + int32_t kdc_usec_offset; + krb5_config_section *cf; + struct et_list *et_list; + struct krb5_log_facility *warn_dest; + krb5_cc_ops *cc_ops; + int num_cc_ops; + const char *http_proxy; + const char *time_fmt; + krb5_boolean log_utc; + const char *default_keytab; + const char *default_keytab_modify; + krb5_boolean use_admin_kdc; + krb5_addresses *extra_addresses; + krb5_boolean scan_interfaces; /* `ifconfig -a' */ + krb5_boolean srv_lookup; /* do SRV lookups */ + krb5_boolean srv_try_txt; /* try TXT records also */ + int32_t fcache_vno; /* create cache files w/ this + version */ + int num_kt_types; /* # of registered keytab types */ + struct krb5_keytab_data *kt_types; /* registered keytab types */ + const char *date_fmt; + char *error_string; + char error_buf[256]; + krb5_addresses *ignore_addresses; + char *default_cc_name; + int pkinit_flags; + void *mutex; /* protects error_string/error_buf */ + int large_msg_size; +} krb5_context_data; + +enum { + KRB5_PKINIT_WIN2K = 1, /* wire compatible with Windows 2k */ + KRB5_PKINIT_PACKET_CABLE = 2 /* use packet cable standard */ +}; + +typedef struct krb5_ticket { + EncTicketPart ticket; + krb5_principal client; + krb5_principal server; +} krb5_ticket; + +typedef Authenticator krb5_authenticator_data; + +typedef krb5_authenticator_data *krb5_authenticator; + +struct krb5_rcache_data; +typedef struct krb5_rcache_data *krb5_rcache; +typedef Authenticator krb5_donot_replay; + +#define KRB5_STORAGE_HOST_BYTEORDER 0x01 /* old */ +#define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02 +#define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04 +#define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08 +#define KRB5_STORAGE_BYTEORDER_MASK 0x60 +#define KRB5_STORAGE_BYTEORDER_BE 0x00 /* default */ +#define KRB5_STORAGE_BYTEORDER_LE 0x20 +#define KRB5_STORAGE_BYTEORDER_HOST 0x40 +#define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER 0x80 + +struct krb5_storage_data; +typedef struct krb5_storage_data krb5_storage; + +typedef struct krb5_keytab_entry { + krb5_principal principal; + krb5_kvno vno; + krb5_keyblock keyblock; + u_int32_t timestamp; +} krb5_keytab_entry; + +typedef struct krb5_kt_cursor { + int fd; + krb5_storage *sp; + void *data; +} krb5_kt_cursor; + +struct krb5_keytab_data; + +typedef struct krb5_keytab_data *krb5_keytab; + +#define KRB5_KT_PREFIX_MAX_LEN 30 + +struct krb5_keytab_data { + const char *prefix; + krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab); + krb5_error_code (*get_name)(krb5_context, krb5_keytab, char*, size_t); + krb5_error_code (*close)(krb5_context, krb5_keytab); + krb5_error_code (*get)(krb5_context, krb5_keytab, krb5_const_principal, + krb5_kvno, krb5_enctype, krb5_keytab_entry*); + krb5_error_code (*start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); + krb5_error_code (*next_entry)(krb5_context, krb5_keytab, + krb5_keytab_entry*, krb5_kt_cursor*); + krb5_error_code (*end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); + krb5_error_code (*add)(krb5_context, krb5_keytab, krb5_keytab_entry*); + krb5_error_code (*remove)(krb5_context, krb5_keytab, krb5_keytab_entry*); + void *data; + int32_t version; +}; + +typedef struct krb5_keytab_data krb5_kt_ops; + +struct krb5_keytab_key_proc_args { + krb5_keytab keytab; + krb5_principal principal; +}; + +typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args; + +typedef struct krb5_replay_data { + krb5_timestamp timestamp; + int32_t usec; + u_int32_t seq; +} krb5_replay_data; + +/* flags for krb5_auth_con_setflags */ +enum { + KRB5_AUTH_CONTEXT_DO_TIME = 1, + KRB5_AUTH_CONTEXT_RET_TIME = 2, + KRB5_AUTH_CONTEXT_DO_SEQUENCE = 4, + KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8, + KRB5_AUTH_CONTEXT_PERMIT_ALL = 16, + KRB5_AUTH_CONTEXT_USE_SUBKEY = 32, + KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED = 64 +}; + +/* flags for krb5_auth_con_genaddrs */ +enum { + KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR = 1, + KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR = 3, + KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR = 4, + KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12 +}; + +typedef struct krb5_auth_context_data { + unsigned int flags; + + krb5_address *local_address; + krb5_address *remote_address; + int16_t local_port; + int16_t remote_port; + krb5_keyblock *keyblock; + krb5_keyblock *local_subkey; + krb5_keyblock *remote_subkey; + + u_int32_t local_seqnumber; + u_int32_t remote_seqnumber; + + krb5_authenticator authenticator; + + krb5_pointer i_vector; + + krb5_rcache rcache; + + krb5_keytype keytype; /* ¿requested key type ? */ + krb5_cksumtype cksumtype; /* ¡requested checksum type! */ + +}krb5_auth_context_data, *krb5_auth_context; + +typedef struct { + KDC_REP kdc_rep; + EncKDCRepPart enc_part; + KRB_ERROR error; +} krb5_kdc_rep; + +extern const char *heimdal_version, *heimdal_long_version; + +typedef void (*krb5_log_log_func_t)(const char*, const char*, void*); +typedef void (*krb5_log_close_func_t)(void*); + +typedef struct krb5_log_facility { + char *program; + int len; + struct facility *val; +} krb5_log_facility; + +typedef EncAPRepPart krb5_ap_rep_enc_part; + +#define KRB5_RECVAUTH_IGNORE_VERSION 1 + +#define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0" + +#define KRB5_TGS_NAME_SIZE (6) +#define KRB5_TGS_NAME ("krbtgt") + +/* variables */ + +extern const char *krb5_config_file; +extern const char *krb5_defkeyname; + +typedef enum { + KRB5_PROMPT_TYPE_PASSWORD = 0x1, + KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2, + KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3, + KRB5_PROMPT_TYPE_PREAUTH = 0x4 +} krb5_prompt_type; + +typedef struct _krb5_prompt { + const char *prompt; + int hidden; + krb5_data *reply; + krb5_prompt_type type; +} krb5_prompt; + +typedef int (*krb5_prompter_fct)(krb5_context context, + void *data, + const char *name, + const char *banner, + int num_prompts, + krb5_prompt prompts[]); +typedef krb5_error_code (*krb5_key_proc)(krb5_context context, + krb5_enctype type, + krb5_salt salt, + krb5_const_pointer keyseed, + krb5_keyblock **key); +typedef krb5_error_code (*krb5_decrypt_proc)(krb5_context context, + krb5_keyblock *key, + krb5_key_usage usage, + krb5_const_pointer decrypt_arg, + krb5_kdc_rep *dec_rep); +typedef krb5_error_code (*krb5_s2k_proc)(krb5_context context, + krb5_enctype type, + krb5_const_pointer keyseed, + krb5_salt salt, + krb5_data *s2kparms, + krb5_keyblock **key); + +struct _krb5_get_init_creds_opt_private; + +typedef struct _krb5_get_init_creds_opt { + krb5_flags flags; + krb5_deltat tkt_life; + krb5_deltat renew_life; + int forwardable; + int proxiable; + int anonymous; + krb5_enctype *etype_list; + int etype_list_length; + krb5_addresses *address_list; + /* XXX the next three should not be used, as they may be + removed later */ + krb5_preauthtype *preauth_list; + int preauth_list_length; + krb5_data *salt; + struct _krb5_get_init_creds_opt_private *private; +} krb5_get_init_creds_opt; + +#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 +#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002 +#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004 +#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008 +#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010 +#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020 +#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 +#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 +#define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100 +#define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK 0x0200 + +typedef struct _krb5_verify_init_creds_opt { + krb5_flags flags; + int ap_req_nofail; +} krb5_verify_init_creds_opt; + +#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001 + +typedef struct krb5_verify_opt { + unsigned int flags; + krb5_ccache ccache; + krb5_keytab keytab; + krb5_boolean secure; + const char *service; +} krb5_verify_opt; + +#define KRB5_VERIFY_LREALMS 1 +#define KRB5_VERIFY_NO_ADDRESSES 2 + +extern const krb5_cc_ops krb5_acc_ops; +extern const krb5_cc_ops krb5_fcc_ops; +extern const krb5_cc_ops krb5_mcc_ops; +extern const krb5_cc_ops krb5_kcm_ops; + +extern const krb5_kt_ops krb5_fkt_ops; +extern const krb5_kt_ops krb5_wrfkt_ops; +extern const krb5_kt_ops krb5_javakt_ops; +extern const krb5_kt_ops krb5_mkt_ops; +extern const krb5_kt_ops krb5_mktw_ops; +extern const krb5_kt_ops krb5_akf_ops; +extern const krb5_kt_ops krb4_fkt_ops; +extern const krb5_kt_ops krb5_srvtab_fkt_ops; +extern const krb5_kt_ops krb5_any_ops; + +#define KRB5_KPASSWD_VERS_CHANGEPW 1 +#define KRB5_KPASSWD_VERS_SETPW 0xff80 + +#define KRB5_KPASSWD_SUCCESS 0 +#define KRB5_KPASSWD_MALFORMED 1 +#define KRB5_KPASSWD_HARDERROR 2 +#define KRB5_KPASSWD_AUTHERROR 3 +#define KRB5_KPASSWD_SOFTERROR 4 +#define KRB5_KPASSWD_ACCESSDENIED 5 +#define KRB5_KPASSWD_BAD_VERSION 6 +#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 + +#define KPASSWD_PORT 464 + +/* types for the new krbhst interface */ +struct krb5_krbhst_data; +typedef struct krb5_krbhst_data *krb5_krbhst_handle; + +#define KRB5_KRBHST_KDC 1 +#define KRB5_KRBHST_ADMIN 2 +#define KRB5_KRBHST_CHANGEPW 3 +#define KRB5_KRBHST_KRB524 4 + +typedef struct krb5_krbhst_info { + enum { KRB5_KRBHST_UDP, + KRB5_KRBHST_TCP, + KRB5_KRBHST_HTTP } proto; + unsigned short port; + unsigned short def_port; + struct addrinfo *ai; + struct krb5_krbhst_info *next; + char hostname[1]; /* has to come last */ +} krb5_krbhst_info; + +/* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */ +enum { + KRB5_KRBHST_FLAGS_MASTER = 1, + KRB5_KRBHST_FLAGS_LARGE_MSG = 2 +}; + +struct credentials; /* this is to keep the compiler happy */ +struct getargs; +struct sockaddr; + +#include + +#endif /* __KRB5_H__ */ + diff --git a/source4/heimdal/lib/krb5/krb5_ccapi.h b/source4/heimdal/lib/krb5/krb5_ccapi.h new file mode 100644 index 0000000000..00c30d7791 --- /dev/null +++ b/source4/heimdal/lib/krb5/krb5_ccapi.h @@ -0,0 +1,215 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: krb5_ccapi.h,v 1.1 2004/09/11 04:00:42 lha Exp $ */ + +#ifndef KRB5_CCAPI_H +#define KRB5_CCAPI_H 1 + +#include + +enum { + cc_credentials_v5 = 2 +}; + +enum { + ccapi_version_3 = 3 +}; + +enum { + ccNoError = 0, + + ccIteratorEnd = 201, + ccErrBadParam, + ccErrNoMem, + ccErrInvalidContext, + ccErrInvalidCCache, + + ccErrInvalidString, /* 206 */ + ccErrInvalidCredentials, + ccErrInvalidCCacheIterator, + ccErrInvalidCredentialsIterator, + ccErrInvalidLock, + + ccErrBadName, /* 211 */ + ccErrBadCredentialsVersion, + ccErrBadAPIVersion, + ccErrContextLocked, + ccErrContextUnlocked, + + ccErrCCacheLocked, /* 216 */ + ccErrCCacheUnlocked, + ccErrBadLockType, + ccErrNeverDefault, + ccErrCredentialsNotFound, + + ccErrCCacheNotFound, /* 221 */ + ccErrContextNotFound, + ccErrServerUnavailable, + ccErrServerInsecure, + ccErrServerCantBecomeUID, + + ccErrTimeOffsetNotSet /* 226 */ +}; + +typedef int32_t cc_int32; +typedef u_int32_t cc_uint32; +typedef struct cc_context_t *cc_context_t; +typedef struct cc_ccache_t *cc_ccache_t; +typedef struct cc_ccache_iterator_t *cc_ccache_iterator_t; +typedef struct cc_credentials_v5_t cc_credentials_v5_t; +typedef struct cc_credentials_t *cc_credentials_t; +typedef struct cc_credentials_iterator_t *cc_credentials_iterator_t; +typedef struct cc_string_t *cc_string_t; +typedef time_t cc_time_t; + +typedef struct cc_data { + cc_uint32 type; + cc_uint32 length; + void *data; +} cc_data; + +struct cc_credentials_v5_t { + char *client; + char *server; + cc_data keyblock; + cc_time_t authtime; + cc_time_t starttime; + cc_time_t endtime; + cc_time_t renew_till; + cc_uint32 is_skey; + cc_uint32 ticket_flags; /* XXX ticket flags undefined */ + cc_data **addresses; + cc_data ticket; + cc_data second_ticket; + cc_data **authdata; +}; + + +typedef struct cc_string_functions { + cc_int32 (*release)(cc_string_t); +} cc_string_functions; + +struct cc_string_t { + const char *data; + const cc_string_functions *func; +}; + +typedef struct cc_credentials_union { + cc_int32 version; + union { + cc_credentials_v5_t* credentials_v5; + } credentials; +} cc_credentials_union; + +struct cc_credentials_functions { + cc_int32 (*release)(cc_credentials_t); + cc_int32 (*compare)(cc_credentials_t, cc_credentials_t, cc_uint32*); +}; + +struct cc_credentials_t { + const cc_credentials_union* data; + const struct cc_credentials_functions* func; +}; + +struct cc_credentials_iterator_functions { + cc_int32 (*release)(cc_credentials_iterator_t); + cc_int32 (*next)(cc_credentials_iterator_t, cc_credentials_t*); +}; + +struct cc_credentials_iterator_t { + const struct cc_credentials_iterator_functions *func; +}; + +struct cc_ccache_iterator_functions { + cc_int32 (*release) (cc_ccache_iterator_t); + cc_int32 (*next)(cc_ccache_iterator_t, cc_ccache_t*); +}; + +struct cc_ccache_iterator_t { + const struct cc_ccache_iterator_functions* func; +}; + +typedef struct cc_ccache_functions { + cc_int32 (*release)(cc_ccache_t); + cc_int32 (*destroy)(cc_ccache_t); + cc_int32 (*set_default)(cc_ccache_t); + cc_int32 (*get_credentials_version)(cc_ccache_t, cc_uint32*); + cc_int32 (*get_name)(cc_ccache_t ccache,cc_string_t*); + cc_int32 (*get_principal)(cc_ccache_t, cc_uint32, cc_string_t*); + cc_int32 (*set_principal)(cc_ccache_t, cc_uint32, const char*); + cc_int32 (*store_credentials)(cc_ccache_t, const cc_credentials_union*); + cc_int32 (*remove_credentials)(cc_ccache_t, cc_credentials_t); + cc_int32 (*new_credentials_iterator)(cc_ccache_t, + cc_credentials_iterator_t*); + cc_int32 (*move)(cc_ccache_t source, cc_ccache_t); + cc_int32 (*lock)(cc_ccache_t, cc_uint32, cc_uint32); + cc_int32 (*unlock)(cc_ccache_t); + cc_int32 (*get_last_default_time)(cc_ccache_t, cc_time_t*); + cc_int32 (*get_change_time)(cc_ccache_t ccache, cc_time_t*); + cc_int32 (*compare)(cc_ccache_t, cc_ccache_t, cc_uint32*); + cc_int32 (*get_kdc_time_offset)(cc_ccache_t, cc_int32, cc_time_t *); + cc_int32 (*set_kdc_time_offset)(cc_ccache_t, cc_int32, cc_time_t); + cc_int32 (*clear_kdc_time_offset)(cc_ccache_t, cc_int32); +} cc_ccache_functions; + +struct cc_ccache_t { + const cc_ccache_functions *func; +}; + +struct cc_context_functions { + cc_int32 (*release)(cc_context_t); + cc_int32 (*get_change_time)(cc_context_t, cc_time_t *); + cc_int32 (*get_default_ccache_name)(cc_context_t, cc_string_t*); + cc_int32 (*open_ccache)(cc_context_t, const char*, cc_ccache_t *); + cc_int32 (*open_default_ccache)(cc_context_t, cc_ccache_t*); + cc_int32 (*create_ccache)(cc_context_t,const char*, cc_uint32, + const char*, cc_ccache_t*); + cc_int32 (*create_default_ccache)(cc_context_t, cc_uint32, + const char*, cc_ccache_t*); + cc_int32 (*create_new_ccache)(cc_context_t, cc_uint32, + const char*, cc_ccache_t*); + cc_int32 (*new_ccache_iterator)(cc_context_t, cc_ccache_iterator_t*); + cc_int32 (*lock)(cc_context_t, cc_uint32, cc_uint32); + cc_int32 (*unlock)(cc_context_t); + cc_int32 (*compare)(cc_context_t, cc_context_t, cc_uint32*); +}; + +struct cc_context_t { + const struct cc_context_functions* func; +}; + +typedef cc_int32 +(*cc_initialize_func)(cc_context_t*, cc_int32, cc_int32 *, char const **); + +#endif /* KRB5_CCAPI_H */ diff --git a/source4/heimdal/lib/krb5/krb5_err.et b/source4/heimdal/lib/krb5/krb5_err.et new file mode 100644 index 0000000000..1257b074fb --- /dev/null +++ b/source4/heimdal/lib/krb5/krb5_err.et @@ -0,0 +1,258 @@ +# +# Error messages for the krb5 library +# +# This might look like a com_err file, but is not +# +id "$Id: krb5_err.et,v 1.12 2004/10/14 15:30:29 lha Exp $" + +error_table krb5 + +prefix KRB5KDC_ERR +error_code NONE, "No error" +error_code NAME_EXP, "Client's entry in database has expired" +error_code SERVICE_EXP, "Server's entry in database has expired" +error_code BAD_PVNO, "Requested protocol version not supported" +error_code C_OLD_MAST_KVNO, "Client's key is encrypted in an old master key" +error_code S_OLD_MAST_KVNO, "Server's key is encrypted in an old master key" +error_code C_PRINCIPAL_UNKNOWN, "Client not found in Kerberos database" +error_code S_PRINCIPAL_UNKNOWN, "Server not found in Kerberos database" +error_code PRINCIPAL_NOT_UNIQUE,"Principal has multiple entries in Kerberos database" +error_code NULL_KEY, "Client or server has a null key" +error_code CANNOT_POSTDATE, "Ticket is ineligible for postdating" +error_code NEVER_VALID, "Requested effective lifetime is negative or too short" +error_code POLICY, "KDC policy rejects request" +error_code BADOPTION, "KDC can't fulfill requested option" +error_code ETYPE_NOSUPP, "KDC has no support for encryption type" +error_code SUMTYPE_NOSUPP, "KDC has no support for checksum type" +error_code PADATA_TYPE_NOSUPP, "KDC has no support for padata type" +error_code TRTYPE_NOSUPP, "KDC has no support for transited type" +error_code CLIENT_REVOKED, "Clients credentials have been revoked" +error_code SERVICE_REVOKED, "Credentials for server have been revoked" +error_code TGT_REVOKED, "TGT has been revoked" +error_code CLIENT_NOTYET, "Client not yet valid - try again later" +error_code SERVICE_NOTYET, "Server not yet valid - try again later" +error_code KEY_EXPIRED, "Password has expired" +error_code PREAUTH_FAILED, "Preauthentication failed" +error_code PREAUTH_REQUIRED, "Additional pre-authentication required" +error_code SERVER_NOMATCH, "Requested server and ticket don't match" + +# 27-30 are reserved +index 31 +prefix KRB5KRB_AP +error_code ERR_BAD_INTEGRITY, "Decrypt integrity check failed" +error_code ERR_TKT_EXPIRED, "Ticket expired" +error_code ERR_TKT_NYV, "Ticket not yet valid" +error_code ERR_REPEAT, "Request is a replay" +error_code ERR_NOT_US, "The ticket isn't for us" +error_code ERR_BADMATCH, "Ticket/authenticator don't match" +error_code ERR_SKEW, "Clock skew too great" +error_code ERR_BADADDR, "Incorrect net address" +error_code ERR_BADVERSION, "Protocol version mismatch" +error_code ERR_MSG_TYPE, "Invalid message type" +error_code ERR_MODIFIED, "Message stream modified" +error_code ERR_BADORDER, "Message out of order" +error_code ERR_ILL_CR_TKT, "Invalid cross-realm ticket" +error_code ERR_BADKEYVER, "Key version is not available" +error_code ERR_NOKEY, "Service key not available" +error_code ERR_MUT_FAIL, "Mutual authentication failed" +error_code ERR_BADDIRECTION, "Incorrect message direction" +error_code ERR_METHOD, "Alternative authentication method required" +error_code ERR_BADSEQ, "Incorrect sequence number in message" +error_code ERR_INAPP_CKSUM, "Inappropriate type of checksum in message" +error_code PATH_NOT_ACCEPTED, "Policy rejects transited path" + +prefix KRB5KRB_ERR +error_code RESPONSE_TOO_BIG, "Response too big for UDP, retry with TCP" +# 53-59 are reserved +index 60 +error_code GENERIC, "Generic error (see e-text)" +error_code FIELD_TOOLONG, "Field is too long for this implementation" + +# pkinit +index 62 +prefix KRB5_KDC_ERR +error_code CLIENT_NOT_TRUSTED, "Client not trusted" +error_code KDC_NOT_TRUSTED, "KDC not trusted" +error_code INVALID_SIG, "Invalid signature" +error_code KEY_SIZE, "Key size too small/key too weak" +error_code CERTIFICATE_MISMATCH, "Certificate mismatch" + +prefix KRB5_AP_ERR +error_code USER_TO_USER_REQUIRED, "User to user required" + +index 70 +prefix KRB5_KDC_ERROR +error_code CANT_VERIFY_CERTIFICATE, "Cannot verify certificate" +error_code INVALID_CERTIFICATE, "Invalid certificate" +error_code REVOKED_CERTIFICATE, "Revoked certificate" +error_code REVOCATION_STATUS_UNKNOWN, "Revocation status unknown" +error_code REVOCATION_STATUS_UNAVAILABLE, "Revocation status unknown" +error_code CLIENT_NAME_MISMATCH, "Client name mismatch" +index 75 +error_code KDC_NAME_MISMATCH, "KDC name mismatch" + +# 76-79 are reserved + +index 80 +prefix KRB5_IAKERB +error_code ERR_KDC_NOT_FOUND, "IAKERB proxy could not find a KDC" +error_code ERR_KDC_NO_RESPONSE, "IAKERB proxy never reeived a response from a KDC" + +# 82-127 are reserved + +index 128 +prefix +error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.12 2004/10/14 15:30:29 lha Exp $" + +error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode" +error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password" +error_code KRB5_LIBOS_BADPWDMATCH, "Password mismatch" +error_code KRB5_LIBOS_PWDINTR, "Password read interrupted" + +error_code KRB5_PARSE_ILLCHAR, "Invalid character in component name" +error_code KRB5_PARSE_MALFORMED, "Malformed representation of principal" + +error_code KRB5_CONFIG_CANTOPEN, "Can't open/find configuration file" +error_code KRB5_CONFIG_BADFORMAT, "Improper format of configuration file" +error_code KRB5_CONFIG_NOTENUFSPACE, "Insufficient space to return complete information" + +error_code KRB5_BADMSGTYPE, "Invalid message type specified for encoding" + +error_code KRB5_CC_BADNAME, "Credential cache name malformed" +error_code KRB5_CC_UNKNOWN_TYPE, "Unknown credential cache type" +error_code KRB5_CC_NOTFOUND, "Matching credential not found" +error_code KRB5_CC_END, "End of credential cache reached" + +error_code KRB5_NO_TKT_SUPPLIED, "Request did not supply a ticket" + +error_code KRB5KRB_AP_WRONG_PRINC, "Wrong principal in request" +error_code KRB5KRB_AP_ERR_TKT_INVALID, "Ticket has invalid flag set" + +error_code KRB5_PRINC_NOMATCH, "Requested principal and ticket don't match" +error_code KRB5_KDCREP_MODIFIED, "KDC reply did not match expectations" +error_code KRB5_KDCREP_SKEW, "Clock skew too great in KDC reply" +error_code KRB5_IN_TKT_REALM_MISMATCH, "Client/server realm mismatch in initial ticket request" + +error_code KRB5_PROG_ETYPE_NOSUPP, "Program lacks support for encryption type" +error_code KRB5_PROG_KEYTYPE_NOSUPP, "Program lacks support for key type" +error_code KRB5_WRONG_ETYPE, "Requested encryption type not used in message" +error_code KRB5_PROG_SUMTYPE_NOSUPP, "Program lacks support for checksum type" + +error_code KRB5_REALM_UNKNOWN, "Cannot find KDC for requested realm" +error_code KRB5_SERVICE_UNKNOWN, "Kerberos service unknown" +error_code KRB5_KDC_UNREACH, "Cannot contact any KDC for requested realm" +error_code KRB5_NO_LOCALNAME, "No local name found for principal name" + +error_code KRB5_MUTUAL_FAILED, "Mutual authentication failed" + +# some of these should be combined/supplanted by system codes + +error_code KRB5_RC_TYPE_EXISTS, "Replay cache type is already registered" +error_code KRB5_RC_MALLOC, "No more memory to allocate (in replay cache code)" +error_code KRB5_RC_TYPE_NOTFOUND, "Replay cache type is unknown" +error_code KRB5_RC_UNKNOWN, "Generic unknown RC error" +error_code KRB5_RC_REPLAY, "Message is a replay" +error_code KRB5_RC_IO, "Replay I/O operation failed XXX" +error_code KRB5_RC_NOIO, "Replay cache type does not support non-volatile storage" +error_code KRB5_RC_PARSE, "Replay cache name parse/format error" + +error_code KRB5_RC_IO_EOF, "End-of-file on replay cache I/O" +error_code KRB5_RC_IO_MALLOC, "No more memory to allocate (in replay cache I/O code)" +error_code KRB5_RC_IO_PERM, "Permission denied in replay cache code" +error_code KRB5_RC_IO_IO, "I/O error in replay cache i/o code" +error_code KRB5_RC_IO_UNKNOWN, "Generic unknown RC/IO error" +error_code KRB5_RC_IO_SPACE, "Insufficient system space to store replay information" + +error_code KRB5_TRANS_CANTOPEN, "Can't open/find realm translation file" +error_code KRB5_TRANS_BADFORMAT, "Improper format of realm translation file" + +error_code KRB5_LNAME_CANTOPEN, "Can't open/find lname translation database" +error_code KRB5_LNAME_NOTRANS, "No translation available for requested principal" +error_code KRB5_LNAME_BADFORMAT, "Improper format of translation database entry" + +error_code KRB5_CRYPTO_INTERNAL, "Cryptosystem internal error" + +error_code KRB5_KT_BADNAME, "Key table name malformed" +error_code KRB5_KT_UNKNOWN_TYPE, "Unknown Key table type" +error_code KRB5_KT_NOTFOUND, "Key table entry not found" +error_code KRB5_KT_END, "End of key table reached" +error_code KRB5_KT_NOWRITE, "Cannot write to specified key table" +error_code KRB5_KT_IOERR, "Error writing to key table" + +error_code KRB5_NO_TKT_IN_RLM, "Cannot find ticket for requested realm" +error_code KRB5DES_BAD_KEYPAR, "DES key has bad parity" +error_code KRB5DES_WEAK_KEY, "DES key is a weak key" + +error_code KRB5_BAD_ENCTYPE, "Bad encryption type" +error_code KRB5_BAD_KEYSIZE, "Key size is incompatible with encryption type" +error_code KRB5_BAD_MSIZE, "Message size is incompatible with encryption type" + +error_code KRB5_CC_TYPE_EXISTS, "Credentials cache type is already registered." +error_code KRB5_KT_TYPE_EXISTS, "Key table type is already registered." + +error_code KRB5_CC_IO, "Credentials cache I/O operation failed XXX" +error_code KRB5_FCC_PERM, "Credentials cache file permissions incorrect" +error_code KRB5_FCC_NOFILE, "No credentials cache file found" +error_code KRB5_FCC_INTERNAL, "Internal file credentials cache error" +error_code KRB5_CC_WRITE, "Error writing to credentials cache file" +error_code KRB5_CC_NOMEM, "No more memory to allocate (in credentials cache code)" +error_code KRB5_CC_FORMAT, "Bad format in credentials cache" +error_code KRB5_CC_NOT_KTYPE, "No credentials found with supported encryption types" + +# errors for dual tgt library calls +error_code KRB5_INVALID_FLAGS, "Invalid KDC option combination (library internal error)" +error_code KRB5_NO_2ND_TKT, "Request missing second ticket" + +error_code KRB5_NOCREDS_SUPPLIED, "No credentials supplied to library routine" + +# errors for sendauth (and recvauth) + +error_code KRB5_SENDAUTH_BADAUTHVERS, "Bad sendauth version was sent" +error_code KRB5_SENDAUTH_BADAPPLVERS, "Bad application version was sent (via sendauth)" +error_code KRB5_SENDAUTH_BADRESPONSE, "Bad response (during sendauth exchange)" +error_code KRB5_SENDAUTH_REJECTED, "Server rejected authentication (during sendauth exchange)" + +# errors for preauthentication + +error_code KRB5_PREAUTH_BAD_TYPE, "Unsupported preauthentication type" +error_code KRB5_PREAUTH_NO_KEY, "Required preauthentication key not supplied" +error_code KRB5_PREAUTH_FAILED, "Generic preauthentication failure" + +# version number errors + +error_code KRB5_RCACHE_BADVNO, "Unsupported replay cache format version number" +error_code KRB5_CCACHE_BADVNO, "Unsupported credentials cache format version number" +error_code KRB5_KEYTAB_BADVNO, "Unsupported key table format version number" + +# +# + +error_code KRB5_PROG_ATYPE_NOSUPP, "Program lacks support for address type" +error_code KRB5_RC_REQUIRED, "Message replay detection requires rcache parameter" +error_code KRB5_ERR_BAD_HOSTNAME, "Hostname cannot be canonicalized" +error_code KRB5_ERR_HOST_REALM_UNKNOWN, "Cannot determine realm for host" +error_code KRB5_SNAME_UNSUPP_NAMETYPE, "Conversion to service principal undefined for name type" + +error_code KRB5KRB_AP_ERR_V4_REPLY, "Initial Ticket response appears to be Version 4" +error_code KRB5_REALM_CANT_RESOLVE, "Cannot resolve KDC for requested realm" +error_code KRB5_TKT_NOT_FORWARDABLE, "Requesting ticket can't get forwardable tickets" +error_code KRB5_FWD_BAD_PRINCIPAL, "Bad principal name while trying to forward credentials" + +error_code KRB5_GET_IN_TKT_LOOP, "Looping detected inside krb5_get_in_tkt" +error_code KRB5_CONFIG_NODEFREALM, "Configuration file does not specify default realm" + +error_code KRB5_SAM_UNSUPPORTED, "Bad SAM flags in obtain_sam_padata" +error_code KRB5_SAM_INVALID_ETYPE, "Invalid encryption type in SAM challenge" +error_code KRB5_SAM_NO_CHECKSUM, "Missing checksum in SAM challenge" +error_code KRB5_SAM_BAD_CHECKSUM, "Bad checksum in SAM challenge" + +index 238 +error_code KRB5_OBSOLETE_FN, "Program called an obsolete, deleted function" + +index 245 +error_code KRB5_ERR_BAD_S2K_PARAMS, "Invalid key generation parameters from KDC" +error_code KRB5_ERR_NO_SERVICE, "Service not available" +error_code KRB5_CC_NOSUPP, "Credential cache function not supported" +error_code KRB5_DELTAT_BADFORMAT, "Invalid format of Kerberos lifetime or clock skew string" + +end diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h new file mode 100644 index 0000000000..a64ccc586e --- /dev/null +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -0,0 +1,188 @@ +/* + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: krb5_locl.h,v 1.81 2005/05/29 14:28:39 lha Exp $ */ + +#ifndef __KRB5_LOCL_H__ +#define __KRB5_LOCL_H__ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_MMAN_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif + +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 +#include +#endif +#ifdef HAVE_PWD_H +#undef _POSIX_PTHREAD_SEMANTICS +/* This gets us the 5-arg getpwnam_r on Solaris 9. */ +#define _POSIX_PTHREAD_SEMANTICS +#include +#endif + +#ifdef HAVE_SYS_PARAM_H +#include +#endif +#include +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETINET_IN6_H +#include +#endif +#ifdef HAVE_NETINET6_IN6_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef _AIX +struct ether_addr; +struct mbuf; +struct sockaddr_dl; +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_SYS_UIO_H +#include +#endif +#ifdef HAVE_SYS_FILIO_H +#include +#endif +#ifdef HAVE_SYS_FILE_H +#include +#endif + +#ifdef HAVE_CRYPT_H +#undef des_encrypt +#define des_encrypt wingless_pigs_mostly_fail_to_fly +#include +#undef des_encrypt +#endif + +#ifdef HAVE_DOOR_CREATE +#include +#endif + +#include +#include +#include + +#include "crypto-headers.h" + + +#include + +/* XXX glue for pkinit */ +struct krb5_pk_identity; +struct krb5_pk_cert; +struct ContentInfo; +typedef struct krb5_pk_init_ctx_data *krb5_pk_init_ctx; + +/* v4 glue */ +struct _krb5_krb_auth_data; + +#include + +#include +#include +#include +#include + +#include "heim_threads.h" + +#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) +#define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0) + +/* should this be public? */ +#define KEYTAB_DEFAULT "ANY:FILE:" SYSCONFDIR "/krb5.keytab,krb4:" SYSCONFDIR "/srvtab" +#define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab" + +#ifndef O_BINARY +#define O_BINARY 0 +#endif + +#define KRB5_BUFSIZ 1024 + +typedef enum { + KRB5_PA_PAC_DONT_CARE = 0, + KRB5_PA_PAC_REQ_TRUE, + KRB5_PA_PAC_REQ_FALSE +} krb5_get_init_creds_req_pac; + +struct _krb5_get_init_creds_opt_private { + int refcount; + /* ENC_TIMESTAMP */ + const char *password; + krb5_s2k_proc key_proc; + /* PA_PAC_REQUEST */ + krb5_get_init_creds_req_pac req_pac; + /* PKINIT */ + krb5_pk_init_ctx pk_init_ctx; + int canonicalize; +}; + +#endif /* __KRB5_LOCL_H__ */ diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c new file mode 100644 index 0000000000..49eee08ca5 --- /dev/null +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -0,0 +1,861 @@ +/* + * Copyright (c) 2001 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +#include + +RCSID("$Id: krbhst.c,v 1.52 2005/06/17 04:23:26 lha Exp $"); + +static int +string_to_proto(const char *string) +{ + if(strcasecmp(string, "udp") == 0) + return KRB5_KRBHST_UDP; + else if(strcasecmp(string, "tcp") == 0) + return KRB5_KRBHST_TCP; + else if(strcasecmp(string, "http") == 0) + return KRB5_KRBHST_HTTP; + return -1; +} + +/* + * set `res' and `count' to the result of looking up SRV RR in DNS for + * `proto', `proto', `realm' using `dns_type'. + * if `port' != 0, force that port number + */ + +static krb5_error_code +srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, + const char *realm, const char *dns_type, + const char *proto, const char *service, int port) +{ + char domain[1024]; + struct dns_reply *r; + struct resource_record *rr; + int num_srv; + int proto_num; + int def_port; + + *res = NULL; + *count = 0; + + proto_num = string_to_proto(proto); + if(proto_num < 0) { + krb5_set_error_string(context, "unknown protocol `%s'", proto); + return EINVAL; + } + + if(proto_num == KRB5_KRBHST_HTTP) + def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80)); + else if(port == 0) + def_port = ntohs(krb5_getportbyname (context, service, proto, 88)); + else + def_port = port; + + snprintf(domain, sizeof(domain), "_%s._%s.%s.", service, proto, realm); + + r = dns_lookup(domain, dns_type); + if(r == NULL) + return KRB5_KDC_UNREACH; + + for(num_srv = 0, rr = r->head; rr; rr = rr->next) + if(rr->type == T_SRV) + num_srv++; + + *res = malloc(num_srv * sizeof(**res)); + if(*res == NULL) { + dns_free_data(r); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + dns_srv_order(r); + + for(num_srv = 0, rr = r->head; rr; rr = rr->next) + if(rr->type == T_SRV) { + krb5_krbhst_info *hi; + size_t len = strlen(rr->u.srv->target); + + hi = calloc(1, sizeof(*hi) + len); + if(hi == NULL) { + dns_free_data(r); + while(--num_srv >= 0) + free((*res)[num_srv]); + free(*res); + *res = NULL; + return ENOMEM; + } + (*res)[num_srv++] = hi; + + hi->proto = proto_num; + + hi->def_port = def_port; + if (port != 0) + hi->port = port; + else + hi->port = rr->u.srv->port; + + strlcpy(hi->hostname, rr->u.srv->target, len + 1); + } + + *count = num_srv; + + dns_free_data(r); + return 0; +} + + +struct krb5_krbhst_data { + char *realm; + unsigned int flags; + int def_port; + int port; /* hardwired port number if != 0 */ +#define KD_CONFIG 1 +#define KD_SRV_UDP 2 +#define KD_SRV_TCP 4 +#define KD_SRV_HTTP 8 +#define KD_FALLBACK 16 +#define KD_CONFIG_EXISTS 32 +#define KD_LARGE_MSG 64 + krb5_error_code (*get_next)(krb5_context, struct krb5_krbhst_data *, + krb5_krbhst_info**); + + unsigned int fallback_count; + + struct krb5_krbhst_info *hosts, **index, **end; +}; + +static krb5_boolean +krbhst_empty(const struct krb5_krbhst_data *kd) +{ + return kd->index == &kd->hosts; +} + +/* + * Return the default protocol for the `kd' (either TCP or UDP) + */ + +static int +krbhst_get_default_proto(struct krb5_krbhst_data *kd) +{ + if (kd->flags & KD_LARGE_MSG) + return KRB5_KRBHST_TCP; + return KRB5_KRBHST_UDP; +} + + +/* + * parse `spec' into a krb5_krbhst_info, defaulting the port to `def_port' + * and forcing it to `port' if port != 0 + */ + +static struct krb5_krbhst_info* +parse_hostspec(krb5_context context, struct krb5_krbhst_data *kd, + const char *spec, int def_port, int port) +{ + const char *p = spec; + struct krb5_krbhst_info *hi; + + hi = calloc(1, sizeof(*hi) + strlen(spec)); + if(hi == NULL) + return NULL; + + hi->proto = krbhst_get_default_proto(kd); + + if(strncmp(p, "http://", 7) == 0){ + hi->proto = KRB5_KRBHST_HTTP; + p += 7; + } else if(strncmp(p, "http/", 5) == 0) { + hi->proto = KRB5_KRBHST_HTTP; + p += 5; + def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80)); + }else if(strncmp(p, "tcp/", 4) == 0){ + hi->proto = KRB5_KRBHST_TCP; + p += 4; + } else if(strncmp(p, "udp/", 4) == 0) { + p += 4; + } + + if(strsep_copy(&p, ":", hi->hostname, strlen(spec) + 1) < 0) { + free(hi); + return NULL; + } + /* get rid of trailing /, and convert to lower case */ + hi->hostname[strcspn(hi->hostname, "/")] = '\0'; + strlwr(hi->hostname); + + hi->port = hi->def_port = def_port; + if(p != NULL) { + char *end; + hi->port = strtol(p, &end, 0); + if(end == p) { + free(hi); + return NULL; + } + } + if (port) + hi->port = port; + return hi; +} + +static void +free_krbhst_info(krb5_krbhst_info *hi) +{ + if (hi->ai != NULL) + freeaddrinfo(hi->ai); + free(hi); +} + +static void +append_host_hostinfo(struct krb5_krbhst_data *kd, struct krb5_krbhst_info *host) +{ + struct krb5_krbhst_info *h; + + for(h = kd->hosts; h; h = h->next) + if(h->proto == host->proto && + h->port == host->port && + strcmp(h->hostname, host->hostname) == 0) { + free_krbhst_info(host); + return; + } + *kd->end = host; + kd->end = &host->next; +} + +static krb5_error_code +append_host_string(krb5_context context, struct krb5_krbhst_data *kd, + const char *host, int def_port, int port) +{ + struct krb5_krbhst_info *hi; + + hi = parse_hostspec(context, kd, host, def_port, port); + if(hi == NULL) + return ENOMEM; + + append_host_hostinfo(kd, hi); + return 0; +} + +/* + * return a readable representation of `host' in `hostname, hostlen' + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host, + char *hostname, size_t hostlen) +{ + const char *proto = ""; + char portstr[7] = ""; + if(host->proto == KRB5_KRBHST_TCP) + proto = "tcp/"; + else if(host->proto == KRB5_KRBHST_HTTP) + proto = "http://"; + if(host->port != host->def_port) + snprintf(portstr, sizeof(portstr), ":%d", host->port); + snprintf(hostname, hostlen, "%s%s%s", proto, host->hostname, portstr); + return 0; +} + +/* + * create a getaddrinfo `hints' based on `proto' + */ + +static void +make_hints(struct addrinfo *hints, int proto) +{ + memset(hints, 0, sizeof(*hints)); + hints->ai_family = AF_UNSPEC; + switch(proto) { + case KRB5_KRBHST_UDP : + hints->ai_socktype = SOCK_DGRAM; + break; + case KRB5_KRBHST_HTTP : + case KRB5_KRBHST_TCP : + hints->ai_socktype = SOCK_STREAM; + break; + } +} + +/* + * return an `struct addrinfo *' in `ai' corresponding to the information + * in `host'. free:ing is handled by krb5_krbhst_free. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host, + struct addrinfo **ai) +{ + struct addrinfo hints; + char portstr[NI_MAXSERV]; + int ret; + + if (host->ai == NULL) { + make_hints(&hints, host->proto); + snprintf (portstr, sizeof(portstr), "%d", host->port); + ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai); + if (ret) + return krb5_eai_to_heim_errno(ret, errno); + } + *ai = host->ai; + return 0; +} + +static krb5_boolean +get_next(struct krb5_krbhst_data *kd, krb5_krbhst_info **host) +{ + struct krb5_krbhst_info *hi = *kd->index; + if(hi != NULL) { + *host = hi; + kd->index = &(*kd->index)->next; + return TRUE; + } + return FALSE; +} + +static void +srv_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, + const char *proto, const char *service) +{ + krb5_krbhst_info **res; + int count, i; + + if (srv_find_realm(context, &res, &count, kd->realm, "SRV", proto, service, + kd->port)) + return; + for(i = 0; i < count; i++) + append_host_hostinfo(kd, res[i]); + free(res); +} + +/* + * read the configuration for `conf_string', defaulting to kd->def_port and + * forcing it to `kd->port' if kd->port != 0 + */ + +static void +config_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, + const char *conf_string) +{ + int i; + + char **hostlist; + hostlist = krb5_config_get_strings(context, NULL, + "realms", kd->realm, conf_string, NULL); + + if(hostlist == NULL) + return; + kd->flags |= KD_CONFIG_EXISTS; + for(i = 0; hostlist && hostlist[i] != NULL; i++) + append_host_string(context, kd, hostlist[i], kd->def_port, kd->port); + + krb5_config_free_strings(hostlist); +} + +/* + * as a fallback, look for `serv_string.kd->realm' (typically + * kerberos.REALM, kerberos-1.REALM, ... + * `port' is the default port for the service, and `proto' the + * protocol + */ + +static krb5_error_code +fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, + const char *serv_string, int port, int proto) +{ + char *host; + int ret; + struct addrinfo *ai; + struct addrinfo hints; + char portstr[NI_MAXSERV]; + + if(kd->fallback_count == 0) + asprintf(&host, "%s.%s.", serv_string, kd->realm); + else + asprintf(&host, "%s-%d.%s.", + serv_string, kd->fallback_count, kd->realm); + + if (host == NULL) + return ENOMEM; + + make_hints(&hints, proto); + snprintf(portstr, sizeof(portstr), "%d", port); + ret = getaddrinfo(host, portstr, &hints, &ai); + if (ret) { + /* no more hosts, so we're done here */ + free(host); + kd->flags |= KD_FALLBACK; + } else { + struct krb5_krbhst_info *hi; + size_t hostlen = strlen(host); + + hi = calloc(1, sizeof(*hi) + hostlen); + if(hi == NULL) { + free(host); + return ENOMEM; + } + + hi->proto = proto; + hi->port = hi->def_port = port; + hi->ai = ai; + memmove(hi->hostname, host, hostlen - 1); + hi->hostname[hostlen - 1] = '\0'; + free(host); + append_host_hostinfo(kd, hi); + kd->fallback_count++; + } + return 0; +} + +static krb5_error_code +kdc_get_next(krb5_context context, + struct krb5_krbhst_data *kd, + krb5_krbhst_info **host) +{ + krb5_error_code ret; + + if((kd->flags & KD_CONFIG) == 0) { + config_get_hosts(context, kd, "kdc"); + kd->flags |= KD_CONFIG; + if(get_next(kd, host)) + return 0; + } + + if (kd->flags & KD_CONFIG_EXISTS) + return KRB5_KDC_UNREACH; /* XXX */ + + if(context->srv_lookup) { + if((kd->flags & KD_SRV_UDP) == 0 && (kd->flags & KD_LARGE_MSG) == 0) { + srv_get_hosts(context, kd, "udp", "kerberos"); + kd->flags |= KD_SRV_UDP; + if(get_next(kd, host)) + return 0; + } + + if((kd->flags & KD_SRV_TCP) == 0) { + srv_get_hosts(context, kd, "tcp", "kerberos"); + kd->flags |= KD_SRV_TCP; + if(get_next(kd, host)) + return 0; + } + if((kd->flags & KD_SRV_HTTP) == 0) { + srv_get_hosts(context, kd, "http", "kerberos"); + kd->flags |= KD_SRV_HTTP; + if(get_next(kd, host)) + return 0; + } + } + + while((kd->flags & KD_FALLBACK) == 0) { + ret = fallback_get_hosts(context, kd, "kerberos", + kd->def_port, + krbhst_get_default_proto(kd)); + if(ret) + return ret; + if(get_next(kd, host)) + return 0; + } + + return KRB5_KDC_UNREACH; /* XXX */ +} + +static krb5_error_code +admin_get_next(krb5_context context, + struct krb5_krbhst_data *kd, + krb5_krbhst_info **host) +{ + krb5_error_code ret; + + if((kd->flags & KD_CONFIG) == 0) { + config_get_hosts(context, kd, "admin_server"); + kd->flags |= KD_CONFIG; + if(get_next(kd, host)) + return 0; + } + + if (kd->flags & KD_CONFIG_EXISTS) + return KRB5_KDC_UNREACH; /* XXX */ + + if(context->srv_lookup) { + if((kd->flags & KD_SRV_TCP) == 0) { + srv_get_hosts(context, kd, "tcp", "kerberos-adm"); + kd->flags |= KD_SRV_TCP; + if(get_next(kd, host)) + return 0; + } + } + + if (krbhst_empty(kd) + && (kd->flags & KD_FALLBACK) == 0) { + ret = fallback_get_hosts(context, kd, "kerberos", + kd->def_port, + krbhst_get_default_proto(kd)); + if(ret) + return ret; + kd->flags |= KD_FALLBACK; + if(get_next(kd, host)) + return 0; + } + + return KRB5_KDC_UNREACH; /* XXX */ +} + +static krb5_error_code +kpasswd_get_next(krb5_context context, + struct krb5_krbhst_data *kd, + krb5_krbhst_info **host) +{ + krb5_error_code ret; + + if((kd->flags & KD_CONFIG) == 0) { + config_get_hosts(context, kd, "kpasswd_server"); + kd->flags |= KD_CONFIG; + if(get_next(kd, host)) + return 0; + } + + if (kd->flags & KD_CONFIG_EXISTS) + return KRB5_KDC_UNREACH; /* XXX */ + + if(context->srv_lookup) { + if((kd->flags & KD_SRV_UDP) == 0) { + srv_get_hosts(context, kd, "udp", "kpasswd"); + kd->flags |= KD_SRV_UDP; + if(get_next(kd, host)) + return 0; + } + if((kd->flags & KD_SRV_TCP) == 0) { + srv_get_hosts(context, kd, "tcp", "kpasswd"); + kd->flags |= KD_SRV_TCP; + if(get_next(kd, host)) + return 0; + } + } + + /* no matches -> try admin */ + + if (krbhst_empty(kd)) { + kd->flags = 0; + kd->port = kd->def_port; + kd->get_next = admin_get_next; + ret = (*kd->get_next)(context, kd, host); + if (ret == 0) + (*host)->proto = krbhst_get_default_proto(kd); + return ret; + } + + return KRB5_KDC_UNREACH; /* XXX */ +} + +static krb5_error_code +krb524_get_next(krb5_context context, + struct krb5_krbhst_data *kd, + krb5_krbhst_info **host) +{ + if((kd->flags & KD_CONFIG) == 0) { + config_get_hosts(context, kd, "krb524_server"); + if(get_next(kd, host)) + return 0; + kd->flags |= KD_CONFIG; + } + + if (kd->flags & KD_CONFIG_EXISTS) + return KRB5_KDC_UNREACH; /* XXX */ + + if(context->srv_lookup) { + if((kd->flags & KD_SRV_UDP) == 0) { + srv_get_hosts(context, kd, "udp", "krb524"); + kd->flags |= KD_SRV_UDP; + if(get_next(kd, host)) + return 0; + } + + if((kd->flags & KD_SRV_TCP) == 0) { + srv_get_hosts(context, kd, "tcp", "krb524"); + kd->flags |= KD_SRV_TCP; + if(get_next(kd, host)) + return 0; + } + } + + /* no matches -> try kdc */ + + if (krbhst_empty(kd)) { + kd->flags = 0; + kd->port = kd->def_port; + kd->get_next = kdc_get_next; + return (*kd->get_next)(context, kd, host); + } + + return KRB5_KDC_UNREACH; /* XXX */ +} + +static struct krb5_krbhst_data* +common_init(krb5_context context, + const char *realm, + int flags) +{ + struct krb5_krbhst_data *kd; + + if((kd = calloc(1, sizeof(*kd))) == NULL) + return NULL; + + if((kd->realm = strdup(realm)) == NULL) { + free(kd); + return NULL; + } + + if (flags & KRB5_KRBHST_FLAGS_LARGE_MSG) + kd->flags |= KD_LARGE_MSG; + kd->end = kd->index = &kd->hosts; + return kd; +} + +/* + * initialize `handle' to look for hosts of type `type' in realm `realm' + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_krbhst_init(krb5_context context, + const char *realm, + unsigned int type, + krb5_krbhst_handle *handle) +{ + return krb5_krbhst_init_flags(context, realm, type, 0, handle); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_krbhst_init_flags(krb5_context context, + const char *realm, + unsigned int type, + int flags, + krb5_krbhst_handle *handle) +{ + struct krb5_krbhst_data *kd; + krb5_error_code (*next)(krb5_context, struct krb5_krbhst_data *, + krb5_krbhst_info **); + int def_port; + + switch(type) { + case KRB5_KRBHST_KDC: + next = kdc_get_next; + def_port = ntohs(krb5_getportbyname (context, "kerberos", "udp", 88)); + break; + case KRB5_KRBHST_ADMIN: + next = admin_get_next; + def_port = ntohs(krb5_getportbyname (context, "kerberos-adm", + "tcp", 749)); + break; + case KRB5_KRBHST_CHANGEPW: + next = kpasswd_get_next; + def_port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", + KPASSWD_PORT)); + break; + case KRB5_KRBHST_KRB524: + next = krb524_get_next; + def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444)); + break; + default: + krb5_set_error_string(context, "unknown krbhst type (%u)", type); + return ENOTTY; + } + if((kd = common_init(context, realm, flags)) == NULL) + return ENOMEM; + kd->get_next = next; + kd->def_port = def_port; + *handle = kd; + return 0; +} + +/* + * return the next host information from `handle' in `host' + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_krbhst_next(krb5_context context, + krb5_krbhst_handle handle, + krb5_krbhst_info **host) +{ + if(get_next(handle, host)) + return 0; + + return (*handle->get_next)(context, handle, host); +} + +/* + * return the next host information from `handle' as a host name + * in `hostname' (or length `hostlen) + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_krbhst_next_as_string(krb5_context context, + krb5_krbhst_handle handle, + char *hostname, + size_t hostlen) +{ + krb5_error_code ret; + krb5_krbhst_info *host; + ret = krb5_krbhst_next(context, handle, &host); + if(ret) + return ret; + return krb5_krbhst_format_string(context, host, hostname, hostlen); +} + + +void KRB5_LIB_FUNCTION +krb5_krbhst_reset(krb5_context context, krb5_krbhst_handle handle) +{ + handle->index = &handle->hosts; +} + +void KRB5_LIB_FUNCTION +krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle) +{ + krb5_krbhst_info *h, *next; + + if (handle == NULL) + return; + + for (h = handle->hosts; h != NULL; h = next) { + next = h->next; + free_krbhst_info(h); + } + + free(handle->realm); + free(handle); +} + +/* backwards compatibility ahead */ + +static krb5_error_code +gethostlist(krb5_context context, const char *realm, + unsigned int type, char ***hostlist) +{ + krb5_error_code ret; + int nhost = 0; + krb5_krbhst_handle handle; + char host[MAXHOSTNAMELEN]; + krb5_krbhst_info *hostinfo; + + ret = krb5_krbhst_init(context, realm, type, &handle); + if (ret) + return ret; + + while(krb5_krbhst_next(context, handle, &hostinfo) == 0) + nhost++; + if(nhost == 0) + return KRB5_KDC_UNREACH; + *hostlist = calloc(nhost + 1, sizeof(**hostlist)); + if(*hostlist == NULL) { + krb5_krbhst_free(context, handle); + return ENOMEM; + } + + krb5_krbhst_reset(context, handle); + nhost = 0; + while(krb5_krbhst_next_as_string(context, handle, + host, sizeof(host)) == 0) { + if(((*hostlist)[nhost++] = strdup(host)) == NULL) { + krb5_free_krbhst(context, *hostlist); + krb5_krbhst_free(context, handle); + return ENOMEM; + } + } + (*hostlist)[nhost++] = NULL; + krb5_krbhst_free(context, handle); + return 0; +} + +/* + * return an malloced list of kadmin-hosts for `realm' in `hostlist' + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_krb_admin_hst (krb5_context context, + const krb5_realm *realm, + char ***hostlist) +{ + return gethostlist(context, *realm, KRB5_KRBHST_ADMIN, hostlist); +} + +/* + * return an malloced list of changepw-hosts for `realm' in `hostlist' + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_krb_changepw_hst (krb5_context context, + const krb5_realm *realm, + char ***hostlist) +{ + return gethostlist(context, *realm, KRB5_KRBHST_CHANGEPW, hostlist); +} + +/* + * return an malloced list of 524-hosts for `realm' in `hostlist' + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_krb524hst (krb5_context context, + const krb5_realm *realm, + char ***hostlist) +{ + return gethostlist(context, *realm, KRB5_KRBHST_KRB524, hostlist); +} + + +/* + * return an malloced list of KDC's for `realm' in `hostlist' + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_krbhst (krb5_context context, + const krb5_realm *realm, + char ***hostlist) +{ + return gethostlist(context, *realm, KRB5_KRBHST_KDC, hostlist); +} + +/* + * free all the memory allocated in `hostlist' + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_krbhst (krb5_context context, + char **hostlist) +{ + char **p; + + for (p = hostlist; *p; ++p) + free (*p); + free (hostlist); + return 0; +} diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c new file mode 100644 index 0000000000..4f6381c858 --- /dev/null +++ b/source4/heimdal/lib/krb5/log.c @@ -0,0 +1,467 @@ +/* + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: log.c,v 1.36 2005/06/17 04:25:05 lha Exp $"); + +struct facility { + int min; + int max; + krb5_log_log_func_t log_func; + krb5_log_close_func_t close_func; + void *data; +}; + +static struct facility* +log_realloc(krb5_log_facility *f) +{ + struct facility *fp; + fp = realloc(f->val, (f->len + 1) * sizeof(*f->val)); + if(fp == NULL) + return NULL; + f->len++; + f->val = fp; + fp += f->len - 1; + return fp; +} + +struct s2i { + const char *s; + int val; +}; + +#define L(X) { #X, LOG_ ## X } + +static struct s2i syslogvals[] = { + L(EMERG), + L(ALERT), + L(CRIT), + L(ERR), + L(WARNING), + L(NOTICE), + L(INFO), + L(DEBUG), + + L(AUTH), +#ifdef LOG_AUTHPRIV + L(AUTHPRIV), +#endif +#ifdef LOG_CRON + L(CRON), +#endif + L(DAEMON), +#ifdef LOG_FTP + L(FTP), +#endif + L(KERN), + L(LPR), + L(MAIL), +#ifdef LOG_NEWS + L(NEWS), +#endif + L(SYSLOG), + L(USER), +#ifdef LOG_UUCP + L(UUCP), +#endif + L(LOCAL0), + L(LOCAL1), + L(LOCAL2), + L(LOCAL3), + L(LOCAL4), + L(LOCAL5), + L(LOCAL6), + L(LOCAL7), + { NULL, -1 } +}; + +static int +find_value(const char *s, struct s2i *table) +{ + while(table->s && strcasecmp(table->s, s)) + table++; + return table->val; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_initlog(krb5_context context, + const char *program, + krb5_log_facility **fac) +{ + krb5_log_facility *f = calloc(1, sizeof(*f)); + if(f == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + f->program = strdup(program); + if(f->program == NULL){ + free(f); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + *fac = f; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_addlog_func(krb5_context context, + krb5_log_facility *fac, + int min, + int max, + krb5_log_log_func_t log_func, + krb5_log_close_func_t close_func, + void *data) +{ + struct facility *fp = log_realloc(fac); + if(fp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + fp->min = min; + fp->max = max; + fp->log_func = log_func; + fp->close_func = close_func; + fp->data = data; + return 0; +} + + +struct _heimdal_syslog_data{ + int priority; +}; + +static void +log_syslog(const char *timestr, + const char *msg, + void *data) + +{ + struct _heimdal_syslog_data *s = data; + syslog(s->priority, "%s", msg); +} + +static void +close_syslog(void *data) +{ + free(data); + closelog(); +} + +static krb5_error_code +open_syslog(krb5_context context, + krb5_log_facility *facility, int min, int max, + const char *sev, const char *fac) +{ + struct _heimdal_syslog_data *sd = malloc(sizeof(*sd)); + int i; + + if(sd == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + i = find_value(sev, syslogvals); + if(i == -1) + i = LOG_ERR; + sd->priority = i; + i = find_value(fac, syslogvals); + if(i == -1) + i = LOG_AUTH; + sd->priority |= i; + roken_openlog(facility->program, LOG_PID | LOG_NDELAY, i); + return krb5_addlog_func(context, facility, min, max, + log_syslog, close_syslog, sd); +} + +struct file_data{ + const char *filename; + const char *mode; + FILE *fd; + int keep_open; +}; + +static void +log_file(const char *timestr, + const char *msg, + void *data) +{ + struct file_data *f = data; + if(f->keep_open == 0) + f->fd = fopen(f->filename, f->mode); + if(f->fd == NULL) + return; + fprintf(f->fd, "%s %s\n", timestr, msg); + if(f->keep_open == 0) + fclose(f->fd); +} + +static void +close_file(void *data) +{ + struct file_data *f = data; + if(f->keep_open && f->filename) + fclose(f->fd); + free(data); +} + +static krb5_error_code +open_file(krb5_context context, krb5_log_facility *fac, int min, int max, + const char *filename, const char *mode, FILE *f, int keep_open) +{ + struct file_data *fd = malloc(sizeof(*fd)); + if(fd == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + fd->filename = filename; + fd->mode = mode; + fd->fd = f; + fd->keep_open = keep_open; + + return krb5_addlog_func(context, fac, min, max, log_file, close_file, fd); +} + + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) +{ + krb5_error_code ret = 0; + int min = 0, max = -1, n; + char c; + const char *p = orig; + + n = sscanf(p, "%d%c%d/", &min, &c, &max); + if(n == 2){ + if(c == '/') { + if(min < 0){ + max = -min; + min = 0; + }else{ + max = min; + } + } + } + if(n){ + p = strchr(p, '/'); + if(p == NULL) { + krb5_set_error_string (context, "failed to parse \"%s\"", orig); + return HEIM_ERR_LOG_PARSE; + } + p++; + } + if(strcmp(p, "STDERR") == 0){ + ret = open_file(context, f, min, max, NULL, NULL, stderr, 1); + }else if(strcmp(p, "CONSOLE") == 0){ + ret = open_file(context, f, min, max, "/dev/console", "w", NULL, 0); + }else if(strncmp(p, "FILE:", 4) == 0 && (p[4] == ':' || p[4] == '=')){ + char *fn; + FILE *file = NULL; + int keep_open = 0; + fn = strdup(p + 5); + if(fn == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + if(p[4] == '='){ + int i = open(fn, O_WRONLY | O_CREAT | + O_TRUNC | O_APPEND, 0666); + if(i < 0) { + ret = errno; + krb5_set_error_string (context, "open(%s): %s", fn, + strerror(ret)); + return ret; + } + file = fdopen(i, "a"); + if(file == NULL){ + ret = errno; + close(i); + krb5_set_error_string (context, "fdopen(%s): %s", fn, + strerror(ret)); + return ret; + } + keep_open = 1; + } + ret = open_file(context, f, min, max, fn, "a", file, keep_open); + }else if(strncmp(p, "DEVICE=", 6) == 0){ + ret = open_file(context, f, min, max, strdup(p + 7), "w", NULL, 0); + }else if(strncmp(p, "SYSLOG", 6) == 0 && (p[6] == '\0' || p[6] == ':')){ + char severity[128] = ""; + char facility[128] = ""; + p += 6; + if(*p != '\0') + p++; + if(strsep_copy(&p, ":", severity, sizeof(severity)) != -1) + strsep_copy(&p, ":", facility, sizeof(facility)); + if(*severity == '\0') + strlcpy(severity, "ERR", sizeof(severity)); + if(*facility == '\0') + strlcpy(facility, "AUTH", sizeof(facility)); + ret = open_syslog(context, f, min, max, severity, facility); + }else{ + krb5_set_error_string (context, "unknown log type: %s", p); + ret = HEIM_ERR_LOG_PARSE; /* XXX */ + } + return ret; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_openlog(krb5_context context, + const char *program, + krb5_log_facility **fac) +{ + krb5_error_code ret; + char **p, **q; + + ret = krb5_initlog(context, program, fac); + if(ret) + return ret; + + p = krb5_config_get_strings(context, NULL, "logging", program, NULL); + if(p == NULL) + p = krb5_config_get_strings(context, NULL, "logging", "default", NULL); + if(p){ + for(q = p; *q; q++) + ret = krb5_addlog_dest(context, *fac, *q); + krb5_config_free_strings(p); + }else + ret = krb5_addlog_dest(context, *fac, "SYSLOG"); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_closelog(krb5_context context, + krb5_log_facility *fac) +{ + int i; + for(i = 0; i < fac->len; i++) + (*fac->val[i].close_func)(fac->val[i].data); + free(fac->val); + free(fac->program); + fac->val = NULL; + fac->len = 0; + fac->program = NULL; + free(fac); + return 0; +} + +#undef __attribute__ +#define __attribute__(X) + +krb5_error_code KRB5_LIB_FUNCTION +krb5_vlog_msg(krb5_context context, + krb5_log_facility *fac, + char **reply, + int level, + const char *fmt, + va_list ap) + __attribute__((format (printf, 5, 0))) +{ + + char *msg = NULL; + const char *actual = NULL; + char buf[64]; + time_t t = 0; + int i; + + for(i = 0; fac && i < fac->len; i++) + if(fac->val[i].min <= level && + (fac->val[i].max < 0 || fac->val[i].max >= level)) { + if(t == 0) { + t = time(NULL); + krb5_format_time(context, t, buf, sizeof(buf), TRUE); + } + if(actual == NULL) { + vasprintf(&msg, fmt, ap); + if(msg == NULL) + actual = fmt; + else + actual = msg; + } + (*fac->val[i].log_func)(buf, actual, fac->val[i].data); + } + if(reply == NULL) + free(msg); + else + *reply = msg; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_vlog(krb5_context context, + krb5_log_facility *fac, + int level, + const char *fmt, + va_list ap) + __attribute__((format (printf, 4, 0))) +{ + return krb5_vlog_msg(context, fac, NULL, level, fmt, ap); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_log_msg(krb5_context context, + krb5_log_facility *fac, + int level, + char **reply, + const char *fmt, + ...) + __attribute__((format (printf, 5, 6))) +{ + va_list ap; + krb5_error_code ret; + + va_start(ap, fmt); + ret = krb5_vlog_msg(context, fac, reply, level, fmt, ap); + va_end(ap); + return ret; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_log(krb5_context context, + krb5_log_facility *fac, + int level, + const char *fmt, + ...) + __attribute__((format (printf, 4, 5))) +{ + va_list ap; + krb5_error_code ret; + + va_start(ap, fmt); + ret = krb5_vlog(context, fac, level, fmt, ap); + va_end(ap); + return ret; +} + diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c new file mode 100644 index 0000000000..0a65d53849 --- /dev/null +++ b/source4/heimdal/lib/krb5/mcache.c @@ -0,0 +1,353 @@ +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: mcache.c,v 1.19 2004/04/25 19:25:35 joda Exp $"); + +typedef struct krb5_mcache { + char *name; + unsigned int refcnt; + int dead; + krb5_principal primary_principal; + struct link { + krb5_creds cred; + struct link *next; + } *creds; + struct krb5_mcache *next; +} krb5_mcache; + +static HEIMDAL_MUTEX mcc_mutex = HEIMDAL_MUTEX_INITIALIZER; +static struct krb5_mcache *mcc_head; + +#define MCACHE(X) ((krb5_mcache *)(X)->data.data) + +#define MISDEAD(X) ((X)->dead) + +#define MCC_CURSOR(C) ((struct link*)(C)) + +static const char* +mcc_get_name(krb5_context context, + krb5_ccache id) +{ + return MCACHE(id)->name; +} + +static krb5_mcache * +mcc_alloc(const char *name) +{ + krb5_mcache *m, *m_c; + + ALLOC(m, 1); + if(m == NULL) + return NULL; + if(name == NULL) + asprintf(&m->name, "%p", m); + else + m->name = strdup(name); + if(m->name == NULL) { + free(m); + return NULL; + } + /* check for dups first */ + HEIMDAL_MUTEX_lock(&mcc_mutex); + for (m_c = mcc_head; m_c != NULL; m_c = m_c->next) + if (strcmp(m->name, m_c->name) == 0) + break; + if (m_c) { + free(m->name); + free(m); + HEIMDAL_MUTEX_unlock(&mcc_mutex); + return NULL; + } + + m->dead = 0; + m->refcnt = 1; + m->primary_principal = NULL; + m->creds = NULL; + m->next = mcc_head; + mcc_head = m; + HEIMDAL_MUTEX_unlock(&mcc_mutex); + return m; +} + +static krb5_error_code +mcc_resolve(krb5_context context, krb5_ccache *id, const char *res) +{ + krb5_mcache *m; + + HEIMDAL_MUTEX_lock(&mcc_mutex); + for (m = mcc_head; m != NULL; m = m->next) + if (strcmp(m->name, res) == 0) + break; + HEIMDAL_MUTEX_unlock(&mcc_mutex); + + if (m != NULL) { + m->refcnt++; + (*id)->data.data = m; + (*id)->data.length = sizeof(*m); + return 0; + } + + m = mcc_alloc(res); + if (m == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return KRB5_CC_NOMEM; + } + + (*id)->data.data = m; + (*id)->data.length = sizeof(*m); + + return 0; +} + + +static krb5_error_code +mcc_gen_new(krb5_context context, krb5_ccache *id) +{ + krb5_mcache *m; + + m = mcc_alloc(NULL); + + if (m == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return KRB5_CC_NOMEM; + } + + (*id)->data.data = m; + (*id)->data.length = sizeof(*m); + + return 0; +} + +static krb5_error_code +mcc_initialize(krb5_context context, + krb5_ccache id, + krb5_principal primary_principal) +{ + krb5_mcache *m = MCACHE(id); + m->dead = 0; + return krb5_copy_principal (context, + primary_principal, + &m->primary_principal); +} + +static krb5_error_code +mcc_close(krb5_context context, + krb5_ccache id) +{ + krb5_mcache *m = MCACHE(id); + + if (--m->refcnt != 0) + return 0; + + if (MISDEAD(m)) { + free (m->name); + krb5_data_free(&id->data); + } + + return 0; +} + +static krb5_error_code +mcc_destroy(krb5_context context, + krb5_ccache id) +{ + krb5_mcache **n, *m = MCACHE(id); + struct link *l; + + if (m->refcnt == 0) + krb5_abortx(context, "mcc_destroy: refcnt already 0"); + + if (!MISDEAD(m)) { + /* if this is an active mcache, remove it from the linked + list, and free all data */ + HEIMDAL_MUTEX_lock(&mcc_mutex); + for(n = &mcc_head; n && *n; n = &(*n)->next) { + if(m == *n) { + *n = m->next; + break; + } + } + HEIMDAL_MUTEX_unlock(&mcc_mutex); + if (m->primary_principal != NULL) { + krb5_free_principal (context, m->primary_principal); + m->primary_principal = NULL; + } + m->dead = 1; + + l = m->creds; + while (l != NULL) { + struct link *old; + + krb5_free_cred_contents (context, &l->cred); + old = l; + l = l->next; + free (old); + } + m->creds = NULL; + } + return 0; +} + +static krb5_error_code +mcc_store_cred(krb5_context context, + krb5_ccache id, + krb5_creds *creds) +{ + krb5_mcache *m = MCACHE(id); + krb5_error_code ret; + struct link *l; + + if (MISDEAD(m)) + return ENOENT; + + l = malloc (sizeof(*l)); + if (l == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return KRB5_CC_NOMEM; + } + l->next = m->creds; + m->creds = l; + memset (&l->cred, 0, sizeof(l->cred)); + ret = krb5_copy_creds_contents (context, creds, &l->cred); + if (ret) { + m->creds = l->next; + free (l); + return ret; + } + return 0; +} + +static krb5_error_code +mcc_get_principal(krb5_context context, + krb5_ccache id, + krb5_principal *principal) +{ + krb5_mcache *m = MCACHE(id); + + if (MISDEAD(m) || m->primary_principal == NULL) + return ENOENT; + return krb5_copy_principal (context, + m->primary_principal, + principal); +} + +static krb5_error_code +mcc_get_first (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor) +{ + krb5_mcache *m = MCACHE(id); + + if (MISDEAD(m)) + return ENOENT; + + *cursor = m->creds; + return 0; +} + +static krb5_error_code +mcc_get_next (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor, + krb5_creds *creds) +{ + krb5_mcache *m = MCACHE(id); + struct link *l; + + if (MISDEAD(m)) + return ENOENT; + + l = *cursor; + if (l != NULL) { + *cursor = l->next; + return krb5_copy_creds_contents (context, + &l->cred, + creds); + } else + return KRB5_CC_END; +} + +static krb5_error_code +mcc_end_get (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor) +{ + return 0; +} + +static krb5_error_code +mcc_remove_cred(krb5_context context, + krb5_ccache id, + krb5_flags which, + krb5_creds *mcreds) +{ + krb5_mcache *m = MCACHE(id); + struct link **q, *p; + for(q = &m->creds, p = *q; p; p = *q) { + if(krb5_compare_creds(context, which, mcreds, &p->cred)) { + *q = p->next; + krb5_free_cred_contents(context, &p->cred); + free(p); + } else + q = &p->next; + } + return 0; +} + +static krb5_error_code +mcc_set_flags(krb5_context context, + krb5_ccache id, + krb5_flags flags) +{ + return 0; /* XXX */ +} + +const krb5_cc_ops krb5_mcc_ops = { + "MEMORY", + mcc_get_name, + mcc_resolve, + mcc_gen_new, + mcc_initialize, + mcc_destroy, + mcc_close, + mcc_store_cred, + NULL, /* mcc_retrieve */ + mcc_get_principal, + mcc_get_first, + mcc_get_next, + mcc_end_get, + mcc_remove_cred, + mcc_set_flags +}; diff --git a/source4/heimdal/lib/krb5/misc.c b/source4/heimdal/lib/krb5/misc.c new file mode 100644 index 0000000000..baf63f6d52 --- /dev/null +++ b/source4/heimdal/lib/krb5/misc.c @@ -0,0 +1,36 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: misc.c,v 1.5 1999/12/02 17:05:11 joda Exp $"); diff --git a/source4/heimdal/lib/krb5/mit_glue.c b/source4/heimdal/lib/krb5/mit_glue.c new file mode 100755 index 0000000000..b7f06c1582 --- /dev/null +++ b/source4/heimdal/lib/krb5/mit_glue.c @@ -0,0 +1,327 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +RCSID("$Id: mit_glue.c,v 1.7 2005/05/18 04:21:44 lha Exp $"); + +/* + * Glue for MIT API + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_make_checksum(krb5_context context, + krb5_cksumtype cksumtype, + const krb5_keyblock *key, + krb5_keyusage usage, + const krb5_data *input, + krb5_checksum *cksum) +{ + krb5_error_code ret; + krb5_crypto crypto; + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; + + ret = krb5_create_checksum(context, crypto, usage, cksumtype, + input->data, input->length, cksum); + krb5_crypto_destroy(context, crypto); + + return ret ; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, + krb5_keyusage usage, const krb5_data *data, + const krb5_checksum *cksum, krb5_boolean *valid) +{ + krb5_error_code ret; + krb5_checksum data_cksum; + + *valid = 0; + + ret = krb5_c_make_checksum(context, cksum->cksumtype, + key, usage, data, &data_cksum); + if (ret) + return ret; + + if (data_cksum.cksumtype == cksum->cksumtype + && data_cksum.checksum.length == cksum->checksum.length + && memcmp(data_cksum.checksum.data, cksum->checksum.data, cksum->checksum.length) == 0) + *valid = 1; + + krb5_free_checksum_contents(context, &data_cksum); + + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum, + krb5_cksumtype *type, krb5_data **data) +{ + krb5_error_code ret; + + if (type) + *type = cksum->cksumtype; + if (data) { + *data = malloc(sizeof(**data)); + if (*data == NULL) + return ENOMEM; + + ret = copy_octet_string(&cksum->checksum, *data); + if (ret) { + free(*data); + *data = NULL; + return ret; + } + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum, + krb5_cksumtype type, const krb5_data *data) +{ + cksum->cksumtype = type; + return copy_octet_string(data, &cksum->checksum); +} + +void KRB5_LIB_FUNCTION +krb5_free_checksum (krb5_context context, krb5_checksum *cksum) +{ + krb5_checksum_free(context, cksum); + free(cksum); +} + +void KRB5_LIB_FUNCTION +krb5_free_checksum_contents(krb5_context context, krb5_checksum *cksum) +{ + krb5_checksum_free(context, cksum); + memset(cksum, 0, sizeof(*cksum)); +} + +void KRB5_LIB_FUNCTION +krb5_checksum_free(krb5_context context, krb5_checksum *cksum) +{ + free_Checksum(cksum); +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_c_valid_enctype (krb5_enctype etype) +{ + return krb5_enctype_valid(NULL, etype); +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_c_valid_cksumtype(krb5_cksumtype ctype) +{ + return krb5_cksumtype_valid(NULL, ctype); +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype) +{ + return krb5_checksum_is_collision_proof(NULL, ctype); +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_c_is_keyed_cksum(krb5_cksumtype ctype) +{ + return krb5_checksum_is_keyed(NULL, ctype); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_checksum (krb5_context context, + const krb5_checksum *old, + krb5_checksum **new) +{ + *new = malloc(sizeof(**new)); + if (*new == NULL) + return ENOMEM; + return copy_Checksum(old, *new); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype, + size_t *length) +{ + return krb5_checksumsize(context, cksumtype, length); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_block_size(krb5_context context, + krb5_enctype enctype, + size_t *blocksize) +{ + krb5_error_code ret; + krb5_crypto crypto; + krb5_keyblock key; + + ret = krb5_generate_random_keyblock(context, enctype, &key); + if (ret) + return ret; + + ret = krb5_crypto_init(context, &key, 0, &crypto); + krb5_free_keyblock_contents(context, &key); + if (ret) + return ret; + ret = krb5_crypto_getblocksize(context, crypto, blocksize); + krb5_crypto_destroy(context, crypto); + + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_decrypt(krb5_context context, + const krb5_keyblock key, + krb5_keyusage usage, + const krb5_data *ivec, + krb5_enc_data *input, + krb5_data *output) +{ + krb5_error_code ret; + krb5_crypto crypto; + + ret = krb5_crypto_init(context, &key, input->enctype, &crypto); + if (ret) + return ret; + + if (ivec) { + size_t blocksize; + + ret = krb5_crypto_getblocksize(context, crypto, &blocksize); + if (ret) { + krb5_crypto_destroy(context, crypto); + return ret; + } + + if (blocksize > ivec->length) { + krb5_crypto_destroy(context, crypto); + return KRB5_BAD_MSIZE; + } + } + + ret = krb5_decrypt_ivec(context, crypto, usage, + input->ciphertext.data, input->ciphertext.length, + output, + ivec ? ivec->data : NULL); + + krb5_crypto_destroy(context, crypto); + + return ret ; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_encrypt(krb5_context context, + const krb5_keyblock *key, + krb5_keyusage usage, + const krb5_data *ivec, + const krb5_data *input, + krb5_enc_data *output) +{ + krb5_error_code ret; + krb5_crypto crypto; + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; + + if (ivec) { + size_t blocksize; + + ret = krb5_crypto_getblocksize(context, crypto, &blocksize); + if (ret) { + krb5_crypto_destroy(context, crypto); + return ret; + } + + if (blocksize > ivec->length) { + krb5_crypto_destroy(context, crypto); + return KRB5_BAD_MSIZE; + } + } + + ret = krb5_encrypt_ivec(context, crypto, usage, + input->data, input->length, + &output->ciphertext, + ivec ? ivec->data : NULL); + output->kvno = 0; + krb5_crypto_getenctype(context, crypto, &output->enctype); + + krb5_crypto_destroy(context, crypto); + + return ret ; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_encrypt_length(krb5_context context, + krb5_enctype enctype, + size_t inputlen, + size_t *length) +{ + krb5_error_code ret; + krb5_crypto crypto; + krb5_keyblock key; + + ret = krb5_generate_random_keyblock(context, enctype, &key); + if (ret) + return ret; + + ret = krb5_crypto_init(context, &key, 0, &crypto); + krb5_free_keyblock_contents(context, &key); + if (ret) + return ret; + + *length = krb5_get_wrapped_length(context, crypto, inputlen); + krb5_crypto_destroy(context, crypto); + + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_enctype_compare(krb5_context context, + krb5_enctype e1, + krb5_enctype e2, + krb5_boolean *similar) +{ + *similar = krb5_enctypes_compatible_keys(context, e1, e2); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_make_random_key(krb5_context context, + krb5_enctype enctype, + krb5_keyblock *random_key) +{ + return krb5_generate_random_keyblock(context, enctype, random_key); +} diff --git a/source4/heimdal/lib/krb5/mk_error.c b/source4/heimdal/lib/krb5/mk_error.c new file mode 100644 index 0000000000..7a8b1ba06b --- /dev/null +++ b/source4/heimdal/lib/krb5/mk_error.c @@ -0,0 +1,92 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: mk_error.c,v 1.22 2005/06/16 21:16:40 lha Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_mk_error(krb5_context context, + krb5_error_code error_code, + const char *e_text, + const krb5_data *e_data, + const krb5_principal client, + const krb5_principal server, + time_t *client_time, + int *client_usec, + krb5_data *reply) +{ + KRB_ERROR msg; + krb5_timestamp sec; + int32_t usec; + size_t len; + krb5_error_code ret = 0; + + krb5_us_timeofday (context, &sec, &usec); + + memset(&msg, 0, sizeof(msg)); + msg.pvno = 5; + msg.msg_type = krb_error; + msg.stime = sec; + msg.susec = usec; + msg.ctime = client_time; + msg.cusec = client_usec; + /* Make sure we only send `protocol' error codes */ + if(error_code < KRB5KDC_ERR_NONE || error_code >= KRB5_ERR_RCSID) { + if(e_text == NULL) + e_text = krb5_get_err_text(context, error_code); + error_code = KRB5KRB_ERR_GENERIC; + } + msg.error_code = error_code - KRB5KDC_ERR_NONE; + if (e_text) + msg.e_text = rk_UNCONST(&e_text); + if (e_data) + msg.e_data = rk_UNCONST(e_data); + if(server){ + msg.realm = server->realm; + msg.sname = server->name; + }else{ + msg.realm = ""; + } + if(client){ + msg.crealm = &client->realm; + msg.cname = &client->name; + } + + ASN1_MALLOC_ENCODE(KRB_ERROR, reply->data, reply->length, &msg, &len, ret); + if (ret) + return ret; + if(reply->length != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + return 0; +} diff --git a/source4/heimdal/lib/krb5/mk_priv.c b/source4/heimdal/lib/krb5/mk_priv.c new file mode 100644 index 0000000000..56112eea8c --- /dev/null +++ b/source4/heimdal/lib/krb5/mk_priv.c @@ -0,0 +1,153 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: mk_priv.c,v 1.34 2004/05/25 21:33:32 lha Exp $"); + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_mk_priv(krb5_context context, + krb5_auth_context auth_context, + const krb5_data *userdata, + krb5_data *outbuf, + krb5_replay_data *outdata) +{ + krb5_error_code ret; + KRB_PRIV s; + EncKrbPrivPart part; + u_char *buf = NULL; + size_t buf_size; + size_t len; + krb5_crypto crypto; + krb5_keyblock *key; + krb5_replay_data rdata; + + if ((auth_context->flags & + (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && + outdata == NULL) + return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ + + if (auth_context->local_subkey) + key = auth_context->local_subkey; + else if (auth_context->remote_subkey) + key = auth_context->remote_subkey; + else + key = auth_context->keyblock; + + memset(&rdata, 0, sizeof(rdata)); + + part.user_data = *userdata; + + krb5_us_timeofday (context, &rdata.timestamp, &rdata.usec); + + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { + part.timestamp = &rdata.timestamp; + part.usec = &rdata.usec; + } else { + part.timestamp = NULL; + part.usec = NULL; + } + + if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_TIME) { + outdata->timestamp = rdata.timestamp; + outdata->usec = rdata.usec; + } + + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { + rdata.seq = auth_context->local_seqnumber; + part.seq_number = &rdata.seq; + } else + part.seq_number = NULL; + + if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE) + outdata->seq = auth_context->local_seqnumber; + + part.s_address = auth_context->local_address; + part.r_address = auth_context->remote_address; + + krb5_data_zero (&s.enc_part.cipher); + + ASN1_MALLOC_ENCODE(EncKrbPrivPart, buf, buf_size, &part, &len, ret); + if (ret) + goto fail; + if (buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + s.pvno = 5; + s.msg_type = krb_priv; + s.enc_part.etype = key->keytype; + s.enc_part.kvno = NULL; + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) { + free (buf); + return ret; + } + ret = krb5_encrypt (context, + crypto, + KRB5_KU_KRB_PRIV, + buf + buf_size - len, + len, + &s.enc_part.cipher); + krb5_crypto_destroy(context, crypto); + if (ret) { + free(buf); + return ret; + } + free(buf); + + + ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret); + + if(ret) + goto fail; + krb5_data_free (&s.enc_part.cipher); + + ret = krb5_data_copy(outbuf, buf + buf_size - len, len); + if (ret) { + krb5_set_error_string (context, "malloc: out of memory"); + free(buf); + return ENOMEM; + } + free (buf); + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) + auth_context->local_seqnumber = + (auth_context->local_seqnumber + 1) & 0xFFFFFFFF; + return 0; + + fail: + free (buf); + krb5_data_free (&s.enc_part.cipher); + return ret; +} diff --git a/source4/heimdal/lib/krb5/mk_rep.c b/source4/heimdal/lib/krb5/mk_rep.c new file mode 100644 index 0000000000..90823f9478 --- /dev/null +++ b/source4/heimdal/lib/krb5/mk_rep.c @@ -0,0 +1,126 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: mk_rep.c,v 1.26 2004/05/25 21:33:51 lha Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_mk_rep(krb5_context context, + krb5_auth_context auth_context, + krb5_data *outbuf) +{ + krb5_error_code ret; + AP_REP ap; + EncAPRepPart body; + u_char *buf = NULL; + size_t buf_size; + size_t len; + krb5_crypto crypto; + + ap.pvno = 5; + ap.msg_type = krb_ap_rep; + + memset (&body, 0, sizeof(body)); + + body.ctime = auth_context->authenticator->ctime; + body.cusec = auth_context->authenticator->cusec; + if (auth_context->flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) { + if (auth_context->local_subkey == NULL) { + ret = krb5_auth_con_generatelocalsubkey(context, + auth_context, + auth_context->keyblock); + if(ret) { + krb5_set_error_string (context, + "krb5_mk_rep: generating subkey"); + free_EncAPRepPart(&body); + return ret; + } + } + ret = krb5_copy_keyblock(context, auth_context->local_subkey, + &body.subkey); + if (ret) { + krb5_set_error_string (context, + "krb5_copy_keyblock: out of memory"); + free_EncAPRepPart(&body); + return ENOMEM; + } + } else + body.subkey = NULL; + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { + if(auth_context->local_seqnumber == 0) + krb5_generate_seq_number (context, + auth_context->keyblock, + &auth_context->local_seqnumber); + ALLOC(body.seq_number, 1); + if (body.seq_number == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + free_EncAPRepPart(&body); + return ENOMEM; + } + *(body.seq_number) = auth_context->local_seqnumber; + } else + body.seq_number = NULL; + + ap.enc_part.etype = auth_context->keyblock->keytype; + ap.enc_part.kvno = NULL; + + ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret); + free_EncAPRepPart (&body); + if(ret) + return ret; + if (buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + ret = krb5_crypto_init(context, auth_context->keyblock, + 0 /* ap.enc_part.etype */, &crypto); + if (ret) { + free (buf); + return ret; + } + ret = krb5_encrypt (context, + crypto, + KRB5_KU_AP_REQ_ENC_PART, + buf + buf_size - len, + len, + &ap.enc_part.cipher); + krb5_crypto_destroy(context, crypto); + free(buf); + if (ret) + return ret; + + ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret); + if (ret == 0 && outbuf->length != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + free_AP_REP (&ap); + return ret; +} diff --git a/source4/heimdal/lib/krb5/mk_req.c b/source4/heimdal/lib/krb5/mk_req.c new file mode 100644 index 0000000000..adc077e13f --- /dev/null +++ b/source4/heimdal/lib/krb5/mk_req.c @@ -0,0 +1,116 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: mk_req.c,v 1.26 2004/05/25 21:34:11 lha Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_mk_req_exact(krb5_context context, + krb5_auth_context *auth_context, + const krb5_flags ap_req_options, + const krb5_principal server, + krb5_data *in_data, + krb5_ccache ccache, + krb5_data *outbuf) +{ + krb5_error_code ret; + krb5_creds this_cred, *cred; + + memset(&this_cred, 0, sizeof(this_cred)); + + ret = krb5_cc_get_principal(context, ccache, &this_cred.client); + + if(ret) + return ret; + + ret = krb5_copy_principal (context, server, &this_cred.server); + if (ret) { + krb5_free_cred_contents (context, &this_cred); + return ret; + } + + this_cred.times.endtime = 0; + if (auth_context && *auth_context && (*auth_context)->keytype) + this_cred.session.keytype = (*auth_context)->keytype; + + ret = krb5_get_credentials (context, 0, ccache, &this_cred, &cred); + krb5_free_cred_contents(context, &this_cred); + if (ret) + return ret; + + ret = krb5_mk_req_extended (context, + auth_context, + ap_req_options, + in_data, + cred, + outbuf); + krb5_free_creds(context, cred); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_mk_req(krb5_context context, + krb5_auth_context *auth_context, + const krb5_flags ap_req_options, + const char *service, + const char *hostname, + krb5_data *in_data, + krb5_ccache ccache, + krb5_data *outbuf) +{ + krb5_error_code ret; + char **realms; + char *real_hostname; + krb5_principal server; + + ret = krb5_expand_hostname_realms (context, hostname, + &real_hostname, &realms); + if (ret) + return ret; + + ret = krb5_build_principal (context, &server, + strlen(*realms), + *realms, + service, + real_hostname, + NULL); + free (real_hostname); + krb5_free_host_realm (context, realms); + if (ret) + return ret; + ret = krb5_mk_req_exact (context, auth_context, ap_req_options, + server, in_data, ccache, outbuf); + krb5_free_principal (context, server); + return ret; +} diff --git a/source4/heimdal/lib/krb5/mk_req_ext.c b/source4/heimdal/lib/krb5/mk_req_ext.c new file mode 100644 index 0000000000..ab83d912ea --- /dev/null +++ b/source4/heimdal/lib/krb5/mk_req_ext.c @@ -0,0 +1,180 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: mk_req_ext.c,v 1.30 2005/01/05 06:31:01 lukeh Exp $"); + +krb5_error_code +_krb5_mk_req_internal(krb5_context context, + krb5_auth_context *auth_context, + const krb5_flags ap_req_options, + krb5_data *in_data, + krb5_creds *in_creds, + krb5_data *outbuf, + krb5_key_usage checksum_usage, + krb5_key_usage encrypt_usage) +{ + krb5_error_code ret; + krb5_data authenticator; + Checksum c; + Checksum *c_opt; + krb5_auth_context ac; + + if(auth_context) { + if(*auth_context == NULL) + ret = krb5_auth_con_init(context, auth_context); + else + ret = 0; + ac = *auth_context; + } else + ret = krb5_auth_con_init(context, &ac); + if(ret) + return ret; + + if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) { + ret = krb5_auth_con_generatelocalsubkey(context, ac, &in_creds->session); + if(ret) + return ret; + } + +#if 0 + { + /* This is somewhat bogus since we're possibly overwriting a + value specified by the user, but it's the easiest way to make + the code use a compatible enctype */ + Ticket ticket; + krb5_keytype ticket_keytype; + + ret = decode_Ticket(in_creds->ticket.data, + in_creds->ticket.length, + &ticket, + NULL); + krb5_enctype_to_keytype (context, + ticket.enc_part.etype, + &ticket_keytype); + + if (ticket_keytype == in_creds->session.keytype) + krb5_auth_setenctype(context, + ac, + ticket.enc_part.etype); + free_Ticket(&ticket); + } +#endif + + krb5_free_keyblock(context, ac->keyblock); + krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock); + + /* it's unclear what type of checksum we can use. try the best one, except: + * a) if it's configured differently for the current realm, or + * b) if the session key is des-cbc-crc + */ + + if (in_data) { + if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) { + /* this is to make DCE secd (and older MIT kdcs?) happy */ + ret = krb5_create_checksum(context, + NULL, + 0, + CKSUMTYPE_RSA_MD4, + in_data->data, + in_data->length, + &c); + } else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 || + ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56) { + /* this is to make MS kdc happy */ + ret = krb5_create_checksum(context, + NULL, + 0, + CKSUMTYPE_RSA_MD5, + in_data->data, + in_data->length, + &c); + } else { + krb5_crypto crypto; + + ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto); + if (ret) + return ret; + ret = krb5_create_checksum(context, + crypto, + checksum_usage, + 0, + in_data->data, + in_data->length, + &c); + + krb5_crypto_destroy(context, crypto); + } + c_opt = &c; + } else { + c_opt = NULL; + } + + ret = krb5_build_authenticator (context, + ac, + ac->keyblock->keytype, + in_creds, + c_opt, + NULL, + &authenticator, + encrypt_usage); + if (c_opt) + free_Checksum (c_opt); + if (ret) + return ret; + + ret = krb5_build_ap_req (context, ac->keyblock->keytype, + in_creds, ap_req_options, authenticator, outbuf); + if(auth_context == NULL) + krb5_auth_con_free(context, ac); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_mk_req_extended(krb5_context context, + krb5_auth_context *auth_context, + const krb5_flags ap_req_options, + krb5_data *in_data, + krb5_creds *in_creds, + krb5_data *outbuf) +{ + return _krb5_mk_req_internal (context, + auth_context, + ap_req_options, + in_data, + in_creds, + outbuf, + KRB5_KU_AP_REQ_AUTH_CKSUM, + KRB5_KU_AP_REQ_AUTH); +} diff --git a/source4/heimdal/lib/krb5/n-fold.c b/source4/heimdal/lib/krb5/n-fold.c new file mode 100644 index 0000000000..691e95eb86 --- /dev/null +++ b/source4/heimdal/lib/krb5/n-fold.c @@ -0,0 +1,126 @@ +/* + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" + +RCSID("$Id: n-fold.c,v 1.7 2004/05/25 21:35:31 lha Exp $"); + +static void +rr13(unsigned char *buf, size_t len) +{ + unsigned char *tmp; + int bytes = (len + 7) / 8; + int i; + if(len == 0) + return; + { + const int bits = 13 % len; + const int lbit = len % 8; + + tmp = malloc(bytes); + memcpy(tmp, buf, bytes); + if(lbit) { + /* pad final byte with inital bits */ + tmp[bytes - 1] &= 0xff << (8 - lbit); + for(i = lbit; i < 8; i += len) + tmp[bytes - 1] |= buf[0] >> i; + } + for(i = 0; i < bytes; i++) { + int bb; + int b1, s1, b2, s2; + /* calculate first bit position of this byte */ + bb = 8 * i - bits; + while(bb < 0) + bb += len; + /* byte offset and shift count */ + b1 = bb / 8; + s1 = bb % 8; + + if(bb + 8 > bytes * 8) + /* watch for wraparound */ + s2 = (len + 8 - s1) % 8; + else + s2 = 8 - s1; + b2 = (b1 + 1) % bytes; + buf[i] = (tmp[b1] << s1) | (tmp[b2] >> s2); + } + free(tmp); + } +} + +/* Add `b' to `a', both beeing one's complement numbers. */ +static void +add1(unsigned char *a, unsigned char *b, size_t len) +{ + int i; + int carry = 0; + for(i = len - 1; i >= 0; i--){ + int x = a[i] + b[i] + carry; + carry = x > 0xff; + a[i] = x & 0xff; + } + for(i = len - 1; carry && i >= 0; i--){ + int x = a[i] + carry; + carry = x > 0xff; + a[i] = x & 0xff; + } +} + +void KRB5_LIB_FUNCTION +_krb5_n_fold(const void *str, size_t len, void *key, size_t size) +{ + /* if len < size we need at most N * len bytes, ie < 2 * size; + if len > size we need at most 2 * len */ + size_t maxlen = 2 * max(size, len); + size_t l = 0; + unsigned char *tmp = malloc(maxlen); + unsigned char *buf = malloc(len); + + memcpy(buf, str, len); + memset(key, 0, size); + do { + memcpy(tmp + l, buf, len); + l += len; + rr13(buf, len * 8); + while(l >= size) { + add1(key, tmp, size); + l -= size; + if(l == 0) + break; + memmove(tmp, tmp + size, l); + } + } while(l != 0); + memset(buf, 0, len); + free(buf); + memset(tmp, 0, maxlen); + free(tmp); +} diff --git a/source4/heimdal/lib/krb5/padata.c b/source4/heimdal/lib/krb5/padata.c new file mode 100644 index 0000000000..d5c3f422a7 --- /dev/null +++ b/source4/heimdal/lib/krb5/padata.c @@ -0,0 +1,66 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: padata.c,v 1.5 2005/06/17 04:28:35 lha Exp $"); + +PA_DATA * +krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx) +{ + for(; *idx < len; (*idx)++) + if(val[*idx].padata_type == type) + return val + *idx; + return NULL; +} + +int KRB5_LIB_FUNCTION +krb5_padata_add(krb5_context context, METHOD_DATA *md, + int type, void *buf, size_t len) +{ + PA_DATA *pa; + + pa = realloc (md->val, (md->len + 1) * sizeof(*md->val)); + if (pa == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + md->val = pa; + + pa[md->len].padata_type = type; + pa[md->len].padata_value.length = len; + pa[md->len].padata_value.data = buf; + md->len++; + + return 0; +} diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c new file mode 100755 index 0000000000..84db4fe544 --- /dev/null +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -0,0 +1,2583 @@ +/* + * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: pkinit.c,v 1.55 2005/05/19 18:49:05 lha Exp $"); + +#ifdef PKINIT + +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_DIRENT_H +#include +#endif + +#include "heim_asn1.h" +#include "rfc2459_asn1.h" +#include "cms_asn1.h" +#include "pkinit_asn1.h" + +enum { + COMPAT_WIN2K = 1, + COMPAT_19 = 2, + COMPAT_25 = 3 +}; + + + +#define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \ +{ \ + unsigned char *p; \ + (BL) = i2d_##T((S), NULL); \ + if ((BL) <= 0) { \ + (R) = EINVAL; \ + } else { \ + (B) = malloc((BL)); \ + if ((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + p = (B); \ + (R) = 0; \ + (BL) = i2d_##T((S), &p); \ + if ((BL) <= 0) { \ + free((B)); \ + (R) = ASN1_OVERRUN; \ + } \ + } \ + } \ +} + +/* ENGING_load_private_key requires a UI_METHOD and data + * if to be usable from PAM + */ + +struct krb5_ui_data { + krb5_context context; + krb5_prompter_fct prompter; + void * prompter_data; +}; + +struct krb5_pk_identity { + EVP_PKEY *private_key; + STACK_OF(X509) *cert; + STACK_OF(X509) *trusted_certs; + STACK_OF(X509_CRL) *crls; + ENGINE *engine; +}; + +struct krb5_pk_cert { + X509 *cert; +}; + +struct krb5_pk_init_ctx_data { + struct krb5_pk_identity *id; + DH *dh; +}; + + +void KRB5_LIB_FUNCTION +_krb5_pk_cert_free(struct krb5_pk_cert *cert) +{ + if (cert->cert) + X509_free(cert->cert); + free(cert); +} + +static krb5_error_code +BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) +{ + integer->length = BN_num_bytes(bn); + integer->data = malloc(integer->length); + if (integer->data == NULL) { + krb5_clear_error_string(context); + return ENOMEM; + } + BN_bn2bin(bn, integer->data); + integer->negative = bn->neg; + return 0; +} + +/* + * UI ex_data has the callback_data as passed to Engine. This is far + * from being complete, we will only process one prompt + */ + +static int +krb5_ui_method_read_string(UI *ui, UI_STRING *uis) +{ + char *buffer; + size_t length; + krb5_error_code ret; + krb5_prompt prompt; + krb5_data password_data; + struct krb5_ui_data *ui_data; + + ui_data = (struct krb5_ui_data *)UI_get_app_data(ui); + + switch (UI_get_string_type(uis)) { + case UIT_INFO: + case UIT_ERROR: + /* looks like the RedHat pam_prompter might handle + * INFO and ERROR, Will see what happens */ + case UIT_VERIFY: + case UIT_PROMPT: + length = UI_get_result_maxsize(uis); + buffer = malloc(length); + if (buffer == NULL) { + krb5_set_error_string(ui_data->context, "malloc: out of memory"); + return 0; + } + password_data.data = buffer; + password_data.length = length; + + prompt.prompt = UI_get0_output_string(uis); + prompt.hidden = !(UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO); + prompt.reply = &password_data; + prompt.type = KRB5_PROMPT_TYPE_PASSWORD; + + ret = (*ui_data->prompter)(ui_data->context, + ui_data->prompter_data, + NULL, NULL, 1, &prompt); + if (ret == 0) { + buffer[length - 1] = '\0'; + UI_set_result(ui, uis, password_data.data); + + /* + * RedHat pam_krb5 pam_prompter does a strdup but others + * may copy into buffer. XXX should we just leak the + * memory instead ? + */ + + if (buffer != password_data.data) + free(password_data.data); + memset (buffer, 0, length); + free(buffer); + return 1; + } + memset (buffer, 0, length); + free(buffer); + break; + case UIT_NONE: + case UIT_BOOLEAN: + /* XXX for now do not handle */ + break; + + } + return 0; +} + + +static krb5_error_code +set_digest_alg(DigestAlgorithmIdentifier *id, + const heim_oid *oid, + void *param, size_t length) +{ + krb5_error_code ret; + if (param) { + id->parameters = malloc(sizeof(*id->parameters)); + if (id->parameters == NULL) + return ENOMEM; + id->parameters->data = malloc(length); + if (id->parameters->data == NULL) { + free(id->parameters); + id->parameters = NULL; + return ENOMEM; + } + memcpy(id->parameters->data, param, length); + id->parameters->length = length; + } else + id->parameters = NULL; + ret = copy_oid(oid, &id->algorithm); + if (ret) { + if (id->parameters) { + free(id->parameters->data); + free(id->parameters); + id->parameters = NULL; + } + return ret; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_pk_create_sign(krb5_context context, + const heim_oid *eContentType, + krb5_data *eContent, + struct krb5_pk_identity *id, + krb5_data *sd_data) +{ + SignerInfo *signer_info; + X509 *user_cert; + heim_integer *serial; + krb5_error_code ret; + krb5_data buf; + SignedData sd; + EVP_MD_CTX md; + int len, i; + size_t size; + + X509_NAME *issuer_name; + + memset(&sd, 0, sizeof(sd)); + + if (id == NULL) + return HEIM_PKINIT_NO_CERTIFICATE; + if (id->cert == NULL) + return HEIM_PKINIT_NO_CERTIFICATE; + if (id->private_key == NULL) + return HEIM_PKINIT_NO_PRIVATE_KEY; + + if (sk_X509_num(id->cert) == 0) + return HEIM_PKINIT_NO_CERTIFICATE; + + sd.version = 3; + + sd.digestAlgorithms.len = 0; + sd.digestAlgorithms.val = NULL; + copy_oid(eContentType, &sd.encapContentInfo.eContentType); + ALLOC(sd.encapContentInfo.eContent, 1); + if (sd.encapContentInfo.eContent == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + ret = krb5_data_copy(&buf, eContent->data, eContent->length); + if (ret) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + sd.encapContentInfo.eContent->data = buf.data; + sd.encapContentInfo.eContent->length = buf.length; + + ALLOC_SEQ(&sd.signerInfos, 1); + if (sd.signerInfos.val == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + goto out; + } + + signer_info = &sd.signerInfos.val[0]; + + user_cert = sk_X509_value(id->cert, 0); + if (user_cert == NULL) { + krb5_set_error_string(context, "pkinit: no user certificate"); + ret = HEIM_PKINIT_NO_CERTIFICATE; + goto out; + } + + signer_info->version = 1; + + issuer_name = X509_get_issuer_name(user_cert); + + OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, + buf.data, + buf.length, + issuer_name, + ret); + if (ret) { + krb5_set_error_string(context, "pkinit: failed encoding name"); + goto out; + } + ret = decode_Name(buf.data, buf.length, + &signer_info->sid.u.issuerAndSerialNumber.issuer, + NULL); + free(buf.data); + if (ret) { + krb5_set_error_string(context, "pkinit: failed to parse Name"); + goto out; + } + signer_info->sid.element = choice_CMSIdentifier_issuerAndSerialNumber; + + serial = &signer_info->sid.u.issuerAndSerialNumber.serialNumber; + { + ASN1_INTEGER *isn = X509_get_serialNumber(user_cert); + BIGNUM *bn = ASN1_INTEGER_to_BN(isn, NULL); + if (bn == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "pkinit: failed allocating " + "serial number"); + goto out; + } + ret = BN_to_integer(context, bn, serial); + BN_free(bn); + if (ret) { + krb5_set_error_string(context, "pkinit: failed encoding " + "serial number"); + goto out; + } + } + + ret = set_digest_alg(&signer_info->digestAlgorithm, + oid_id_secsig_sha_1(), "\x05\x00", 2); + if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); + goto out; + } + + signer_info->signedAttrs = NULL; + signer_info->unsignedAttrs = NULL; + + copy_oid(oid_id_pkcs1_rsaEncryption(), + &signer_info->signatureAlgorithm.algorithm); + signer_info->signatureAlgorithm.parameters = NULL; + + buf.data = malloc(EVP_PKEY_size(id->private_key)); + if (buf.data == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + goto out; + } + + EVP_SignInit(&md, EVP_sha1()); + EVP_SignUpdate(&md, + sd.encapContentInfo.eContent->data, + sd.encapContentInfo.eContent->length); + ret = EVP_SignFinal(&md, buf.data, &len, id->private_key); + if (ret != 1) { + free(buf.data); + krb5_set_error_string(context, "PKINIT: failed to sign with " + "private key: %s", + ERR_error_string(ERR_get_error(), NULL)); + ret = EINVAL; + goto out; + } + + signer_info->signature.data = buf.data; + signer_info->signature.length = len; + + ALLOC_SEQ(&sd.digestAlgorithms, 1); + if (sd.digestAlgorithms.val == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + ret = set_digest_alg(&sd.digestAlgorithms.val[0], + oid_id_secsig_sha_1(), "\x05\x00", 2); + if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); + goto out; + } + + ALLOC(sd.certificates, 1); + if (sd.certificates == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + sd.certificates->data = NULL; + sd.certificates->length = 0; + + for (i = 0; i < sk_X509_num(id->cert); i++) { + void *data; + + OPENSSL_ASN1_MALLOC_ENCODE(X509, + buf.data, + buf.length, + sk_X509_value(id->cert, i), + ret); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + data = realloc(sd.certificates->data, + sd.certificates->length + buf.length); + if (data == NULL) { + free(buf.data); + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + memcpy(((char *)data) + sd.certificates->length, + buf.data, buf.length); + sd.certificates->length += buf.length; + sd.certificates->data = data; + free(buf.data); + } + + ASN1_MALLOC_ENCODE(SignedData, sd_data->data, sd_data->length, + &sd, &size, ret); + if (ret) { + krb5_set_error_string(context, "SignedData failed %d", ret); + goto out; + } + if (sd_data->length != size) + krb5_abortx(context, "internal ASN1 encoder error"); + + out: + free_SignedData(&sd); + + return ret; +} + +static krb5_error_code +build_auth_pack_win2k(krb5_context context, + unsigned nonce, + const KDC_REQ_BODY *body, + AuthPack_Win2k *a) +{ + krb5_error_code ret; + krb5_timestamp sec; + int32_t usec; + + /* fill in PKAuthenticator */ + ret = copy_PrincipalName(body->sname, &a->pkAuthenticator.kdcName); + if (ret) + return ret; + ret = copy_Realm(&body->realm, &a->pkAuthenticator.kdcRealm); + if (ret) + return ret; + + krb5_us_timeofday(context, &sec, &usec); + a->pkAuthenticator.ctime = sec; + a->pkAuthenticator.cusec = usec; + a->pkAuthenticator.nonce = nonce; + + return 0; +} + +static krb5_error_code +build_auth_pack_19(krb5_context context, + unsigned nonce, + const KDC_REQ_BODY *body, + AuthPack_19 *a) +{ + size_t buf_size, len; + krb5_cksumtype cksum; + krb5_error_code ret; + void *buf; + krb5_timestamp sec; + int32_t usec; + + krb5_clear_error_string(context); + + /* XXX some PACKETCABLE needs implemetations need md5 */ + cksum = CKSUMTYPE_RSA_MD5; + + krb5_us_timeofday(context, &sec, &usec); + a->pkAuthenticator.ctime = sec; + a->pkAuthenticator.nonce = nonce; + + ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret); + if (ret) + return ret; + if (buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + ret = krb5_create_checksum(context, + NULL, + 0, + cksum, + buf, + len, + &a->pkAuthenticator.paChecksum); + free(buf); + + return ret; +} + +static krb5_error_code +build_auth_pack(krb5_context context, + unsigned nonce, + DH *dh, + const KDC_REQ_BODY *body, + AuthPack *a) +{ + size_t buf_size, len; + krb5_error_code ret; + void *buf; + krb5_timestamp sec; + int32_t usec; + Checksum checksum; + + krb5_clear_error_string(context); + + memset(&checksum, 0, sizeof(checksum)); + + krb5_us_timeofday(context, &sec, &usec); + a->pkAuthenticator.ctime = sec; + a->pkAuthenticator.nonce = nonce; + + ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret); + if (ret) + return ret; + if (buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + ret = krb5_create_checksum(context, + NULL, + 0, + CKSUMTYPE_SHA1, + buf, + len, + &checksum); + free(buf); + if (ret == 0) { + ret = krb5_data_copy(&a->pkAuthenticator.paChecksum, + checksum.checksum.data, checksum.checksum.length); + free_Checksum(&checksum); + } + + if (ret == 0 && dh) { + DomainParameters dp; + heim_integer dh_pub_key; + krb5_data buf; + size_t size; + + ALLOC(a->clientPublicValue, 1); + if (a->clientPublicValue == NULL) + return ENOMEM; + ret = copy_oid(oid_id_dhpublicnumber(), + &a->clientPublicValue->algorithm.algorithm); + if (ret) + return ret; + + memset(&dp, 0, sizeof(dp)); + + ret = BN_to_integer(context, dh->p, &dp.p); + if (ret) { + free_DomainParameters(&dp); + return ret; + } + ret = BN_to_integer(context, dh->g, &dp.g); + if (ret) { + free_DomainParameters(&dp); + return ret; + } + ret = BN_to_integer(context, dh->q, &dp.q); + if (ret) { + free_DomainParameters(&dp); + return ret; + } + dp.j = NULL; + dp.validationParms = NULL; + + a->clientPublicValue->algorithm.parameters = + malloc(sizeof(*a->clientPublicValue->algorithm.parameters)); + if (a->clientPublicValue->algorithm.parameters == NULL) { + free_DomainParameters(&dp); + return ret; + } + + ASN1_MALLOC_ENCODE(DomainParameters, + a->clientPublicValue->algorithm.parameters->data, + a->clientPublicValue->algorithm.parameters->length, + &dp, &size, ret); + free_DomainParameters(&dp); + if (ret) + return ret; + if (size != a->clientPublicValue->algorithm.parameters->length) + krb5_abortx(context, "Internal ASN1 encoder error"); + + ret = BN_to_integer(context, dh->pub_key, &dh_pub_key); + if (ret) + return ret; + + buf.length = length_heim_integer(&dh_pub_key); + buf.data = malloc(buf.length); + if (buf.data == NULL) { + free_heim_integer(&dh_pub_key); + krb5_set_error_string(context, "malloc: out of memory"); + return ret; + } + ret = der_put_heim_integer((char *)buf.data + buf.length - 1, + buf.length, &dh_pub_key, &size); + free_heim_integer(&dh_pub_key); + if (ret) { + free(buf.data); + return ret; + } + if (size != buf.length) + krb5_abortx(context, "asn1 internal error"); + + a->clientPublicValue->subjectPublicKey.length = buf.length * 8; + a->clientPublicValue->subjectPublicKey.data = buf.data; + } + + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_pk_mk_ContentInfo(krb5_context context, + const krb5_data *buf, + const heim_oid *oid, + struct ContentInfo *content_info) +{ + krb5_error_code ret; + + ret = copy_oid(oid, &content_info->contentType); + if (ret) + return ret; + ALLOC(content_info->content, 1); + if (content_info->content == NULL) + return ENOMEM; + content_info->content->data = malloc(buf->length); + if (content_info->content->data == NULL) + return ENOMEM; + memcpy(content_info->content->data, buf->data, buf->length); + content_info->content->length = buf->length; + return 0; +} + +static krb5_error_code +pk_mk_padata(krb5_context context, + int compat, + krb5_pk_init_ctx ctx, + const KDC_REQ_BODY *req_body, + unsigned nonce, + METHOD_DATA *md) +{ + struct ContentInfo content_info; + krb5_error_code ret; + const heim_oid *oid; + PA_PK_AS_REQ req; + size_t size; + krb5_data buf, sd_buf; + int pa_type; + + krb5_data_zero(&buf); + krb5_data_zero(&sd_buf); + memset(&req, 0, sizeof(req)); + memset(&content_info, 0, sizeof(content_info)); + + if (compat == COMPAT_WIN2K) { + AuthPack_Win2k ap; + + memset(&ap, 0, sizeof(ap)); + + ret = build_auth_pack_win2k(context, nonce, req_body, &ap); + if (ret) { + free_AuthPack_Win2k(&ap); + goto out; + } + + ASN1_MALLOC_ENCODE(AuthPack_Win2k, buf.data, buf.length, + &ap, &size, ret); + free_AuthPack_Win2k(&ap); + if (ret) { + krb5_set_error_string(context, "AuthPack_Win2k: %d", ret); + goto out; + } + if (buf.length != size) + krb5_abortx(context, "internal ASN1 encoder error"); + + oid = oid_id_pkcs7_data(); + } else if (compat == COMPAT_19) { + AuthPack_19 ap; + + memset(&ap, 0, sizeof(ap)); + + ret = build_auth_pack_19(context, nonce, req_body, &ap); + if (ret) { + free_AuthPack_19(&ap); + goto out; + } + + ASN1_MALLOC_ENCODE(AuthPack_19, buf.data, buf.length, &ap, &size, ret); + free_AuthPack_19(&ap); + if (ret) { + krb5_set_error_string(context, "AuthPack_19: %d", ret); + goto out; + } + if (buf.length != size) + krb5_abortx(context, "internal ASN1 encoder error"); + + oid = oid_id_pkauthdata(); + } else if (compat == COMPAT_25) { + AuthPack ap; + + memset(&ap, 0, sizeof(ap)); + + ret = build_auth_pack(context, nonce, ctx->dh, req_body, &ap); + if (ret) { + free_AuthPack(&ap); + goto out; + } + + ASN1_MALLOC_ENCODE(AuthPack, buf.data, buf.length, &ap, &size, ret); + free_AuthPack(&ap); + if (ret) { + krb5_set_error_string(context, "AuthPack: %d", ret); + goto out; + } + if (buf.length != size) + krb5_abortx(context, "internal ASN1 encoder error"); + + oid = oid_id_pkauthdata(); + } else + krb5_abortx(context, "internal pkinit error"); + + ret = _krb5_pk_create_sign(context, + oid, + &buf, + ctx->id, + &sd_buf); + krb5_data_free(&buf); + if (ret) + goto out; + + ret = _krb5_pk_mk_ContentInfo(context, &sd_buf, oid_id_pkcs7_signedData(), + &content_info); + krb5_data_free(&sd_buf); + if (ret) + goto out; + + /* XXX tell the kdc what CAs the client is willing to accept */ + req.trustedCertifiers = NULL; + req.kdcPkId = NULL; + + if (compat == COMPAT_WIN2K) { + PA_PK_AS_REQ_Win2k winreq; + + pa_type = KRB5_PADATA_PK_AS_REQ_WIN; + + memset(&winreq, 0, sizeof(winreq)); + + ASN1_MALLOC_ENCODE(ContentInfo, + winreq.signed_auth_pack.data, + winreq.signed_auth_pack.length, + &content_info, + &size, + ret); + if (ret) + goto out; + if (winreq.signed_auth_pack.length != size) + krb5_abortx(context, "Internal ASN1 encoder error"); + + ASN1_MALLOC_ENCODE(PA_PK_AS_REQ_Win2k, buf.data, buf.length, + &winreq, &size, ret); + free_PA_PK_AS_REQ_Win2k(&winreq); + + } else if (compat == COMPAT_19) { + PA_PK_AS_REQ_19 req_19; + + pa_type = KRB5_PADATA_PK_AS_REQ_19; + + memset(&req_19, 0, sizeof(req_19)); + + ret = copy_ContentInfo(&content_info, &req_19.signedAuthPack); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + req_19.kdcCert = NULL; + req_19.trustedCertifiers = NULL; + req_19.encryptionCert = NULL; + + ASN1_MALLOC_ENCODE(PA_PK_AS_REQ_19, buf.data, buf.length, + &req_19, &size, ret); + + free_PA_PK_AS_REQ_19(&req_19); + + } else if (compat == COMPAT_25) { + + pa_type = KRB5_PADATA_PK_AS_REQ; + + ASN1_MALLOC_ENCODE(ContentInfo, + req.signedAuthPack.data, + req.signedAuthPack.length, + &content_info, + &size, + ret); + if (ret) + goto out; + if (req.signedAuthPack.length != size) + krb5_abortx(context, "Internal ASN1 encoder error"); + + ASN1_MALLOC_ENCODE(PA_PK_AS_REQ, buf.data, buf.length, + &req, &size, ret); + + } else + krb5_abortx(context, "internal pkinit error"); + if (ret) { + krb5_set_error_string(context, "PA-PK-AS-REQ %d", ret); + goto out; + } + if (buf.length != size) + krb5_abortx(context, "Internal ASN1 encoder error"); + + ret = krb5_padata_add(context, md, pa_type, buf.data, buf.length); + if (ret) + free(buf.data); + out: + free_ContentInfo(&content_info); + + return ret; +} + + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_pk_mk_padata(krb5_context context, + void *c, + const KDC_REQ_BODY *req_body, + unsigned nonce, + METHOD_DATA *md) +{ + krb5_pk_init_ctx ctx = c; + krb5_error_code ret; + size_t size; + krb5_data buf; + const char *provisioning_server; + int win2k_compat; + + win2k_compat = krb5_config_get_bool_default(context, NULL, + FALSE, + "realms", + req_body->realm, + "win2k_pkinit", + NULL); + if (context->pkinit_flags & KRB5_PKINIT_WIN2K) + win2k_compat = 1; + + if (win2k_compat) { + ret = pk_mk_padata(context, COMPAT_WIN2K, ctx, req_body, nonce, md); + if (ret) + goto out; + } else { + ret = pk_mk_padata(context, COMPAT_19, ctx, req_body, nonce, md); + if (ret) + goto out; + + ret = pk_mk_padata(context, COMPAT_25, ctx, req_body, nonce, md); + if (ret) + goto out; + } + + provisioning_server = + krb5_config_get_string(context, NULL, + "realms", + req_body->realm, + "packet-cable-provisioning-server", + NULL); + + if (provisioning_server) { + /* PacketCable requires the PROV-SRV-LOCATION authenticator */ + const PROV_SRV_LOCATION prov_server = (char *)provisioning_server; + + ASN1_MALLOC_ENCODE(PROV_SRV_LOCATION, buf.data, buf.length, + &prov_server, &size, ret); + if (ret) + goto out; + if (buf.length != size) + krb5_abortx(context, "Internal ASN1 encoder error"); + + /* PacketCable uses -1 (application specific) as the auth data type */ + ret = krb5_padata_add(context, md, -1, buf.data, buf.length); + if (ret) + free(buf.data); + } + out: + return ret; +} + +static krb5_boolean +pk_peer_compare(krb5_context context, + const SignerIdentifier *peer1, + X509 *peer2) +{ + switch (peer1->element) { + case choice_CMSIdentifier_issuerAndSerialNumber: { + ASN1_INTEGER *i; + const heim_integer *serial; + X509_NAME *name; + unsigned char *p; + size_t len; + + i = X509_get_serialNumber(peer2); + serial = &peer1->u.issuerAndSerialNumber.serialNumber; + + if (i->length != serial->length || + memcmp(i->data, serial->data, i->length) != 0) + return FALSE; + + p = peer1->u.issuerAndSerialNumber.issuer._save.data; + len = peer1->u.issuerAndSerialNumber.issuer._save.length; + name = d2i_X509_NAME(NULL, &p, len); + if (name == NULL) + return FALSE; + + if (X509_NAME_cmp(name, X509_get_issuer_name(peer2)) != 0) { + X509_NAME_free(name); + return FALSE; + } + X509_NAME_free(name); + break; + } + case choice_CMSIdentifier_subjectKeyIdentifier: + return FALSE; + default: + return FALSE; + } + return TRUE; +} + +static krb5_error_code +pk_decrypt_key(krb5_context context, + heim_octet_string *encrypted_key, + EVP_PKEY *priv_key, + krb5_keyblock *key) +{ + int ret; + unsigned char *buf; + + buf = malloc(EVP_PKEY_size(priv_key)); + if (buf == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + ret = EVP_PKEY_decrypt(buf, + encrypted_key->data, + encrypted_key->length, + priv_key); + if (ret <= 0) { + free(buf); + krb5_set_error_string(context, "Can't decrypt key: %s", + ERR_error_string(ERR_get_error(), NULL)); + return ENOMEM; + } + + key->keytype = 0; + key->keyvalue.length = ret; + key->keyvalue.data = malloc(ret); + if (key->keyvalue.data == NULL) { + free(buf); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memcpy(key->keyvalue.data, buf, ret); + free(buf); + return 0; +} + + +static krb5_error_code +pk_verify_chain_standard(krb5_context context, + struct krb5_pk_identity *id, + const SignerIdentifier *client, + STACK_OF(X509) *chain, + X509 **client_cert) +{ + X509_STORE *cert_store = NULL; + X509_STORE_CTX *store_ctx = NULL; + X509 *cert = NULL; + int i; + int ret; + + ret = KRB5_KDC_ERROR_CLIENT_NAME_MISMATCH; + for (i = 0; i < sk_X509_num(chain); i++) { + cert = sk_X509_value(chain, i); + if (pk_peer_compare(context, client, cert) == TRUE) { + ret = 0; + break; + } + } + if (ret) { + krb5_set_error_string(context, "PKINIT: verify chain failed " + "to find client in chain"); + return ret; + } + + cert_store = X509_STORE_new(); + if (cert_store == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "PKINIT: can't create X509 store: %s", + ERR_error_string(ERR_get_error(), NULL)); + } + + store_ctx = X509_STORE_CTX_new(); + if (store_ctx == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, + "PKINIT: can't create X509 store ctx: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto end; + } + + X509_STORE_CTX_init(store_ctx, cert_store, cert, chain); + X509_STORE_CTX_trusted_stack(store_ctx, id->trusted_certs); + X509_verify_cert(store_ctx); + /* the last checked certificate is in store_ctx->current_cert */ + krb5_clear_error_string(context); + switch(store_ctx->error) { + case X509_V_OK: + ret = 0; + break; + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: + ret = KRB5_KDC_ERROR_CANT_VERIFY_CERTIFICATE; + krb5_set_error_string(context, "PKINIT: failed to verify " + "certificate: %s ", + X509_verify_cert_error_string(store_ctx->error)); + break; + case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: + case X509_V_ERR_CERT_SIGNATURE_FAILURE: + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + case X509_V_ERR_CERT_HAS_EXPIRED: + ret = KRB5_KDC_ERROR_INVALID_CERTIFICATE; + krb5_set_error_string(context, "PKINIT: invalid certificate: %s ", + X509_verify_cert_error_string(store_ctx->error)); + break; + case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: + case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: + case X509_V_ERR_CERT_CHAIN_TOO_LONG: + case X509_V_ERR_PATH_LENGTH_EXCEEDED: + case X509_V_ERR_INVALID_CA: + ret = KRB5_KDC_ERROR_INVALID_CERTIFICATE; + krb5_set_error_string(context, "PKINIT: unknown CA or can't " + "verify certificate: %s", + X509_verify_cert_error_string(store_ctx->error)); + break; + default: + ret = KRB5_KDC_ERROR_INVALID_CERTIFICATE; /* XXX */ + krb5_set_error_string(context, "PKINIT: failed to verify " + "certificate: %s (%ld) ", + X509_verify_cert_error_string(store_ctx->error), + (long)store_ctx->error); + break; + } + if (ret) + goto end; + + /* + * Since X509_verify_cert() doesn't do CRL checking at all, we have to + * perform own verification against CRLs + */ +#if 0 + ret = pk_verify_crl(context, store_ctx, id->crls); + if (ret) + goto end; +#endif + + if (client_cert && cert) + *client_cert = X509_dup(cert); + + end: + if (cert_store) + X509_STORE_free(cert_store); + if (store_ctx) + X509_STORE_CTX_free(store_ctx); + return ret; +} + +static int +cert_to_X509(krb5_context context, CertificateSetReal *set, + STACK_OF(X509_CRL) **certs) +{ + krb5_error_code ret; + int i; + + *certs = sk_X509_new_null(); + + ret = 0; + for (i = 0; i < set->len; i++) { + unsigned char *p; + X509 *cert; + + p = set->val[i].data; + cert = d2i_X509(NULL, &p, set->val[i].length); + if (cert == NULL) { + ret = ASN1_BAD_FORMAT; + break; + } + sk_X509_insert(*certs, cert, i); + } + if (ret) { + krb5_set_error_string(context, + "PKINIT: Failed to decode certificate chain"); + sk_X509_free(*certs); + *certs = NULL; + } + return ret; +} + +static krb5_error_code +any_to_CertificateSet(krb5_context context, heim_any *cert, + CertificateSetReal *set) +{ + size_t size, len, length; + heim_any *val; + int ret; + char *p; + + set->len = 0; + set->val = NULL; + + len = 0; + p = cert->data; + length = cert->length; + while (len < cert->length) { + val = realloc(set->val, (set->len + 1) * sizeof(set->val[0])); + if (val == NULL) { + ret = ENOMEM; + goto out; + } + set->val = val; + ret = decode_heim_any(p, length, &set->val[set->len], &size); + if (ret) + goto out; + set->len++; + + p += size; + len += size; + length -= size; + } + return 0; + out: + krb5_clear_error_string(context); + free_CertificateSetReal(set); + set->val = NULL; + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_pk_verify_sign(krb5_context context, + const char *data, + size_t length, + struct krb5_pk_identity *id, + heim_oid *contentType, + krb5_data *content, + struct krb5_pk_cert **signer) +{ + STACK_OF(X509) *certificates; + SignerInfo *signer_info; + const EVP_MD *evp_type; + EVP_PKEY *public_key; + krb5_error_code ret; + CertificateSetReal set; + EVP_MD_CTX md; + X509 *cert; + SignedData sd; + size_t size; + + *signer = NULL; + krb5_data_zero(content); + contentType->length = 0; + contentType->components = NULL; + + memset(&sd, 0, sizeof(sd)); + + ret = decode_SignedData(data, length, &sd, &size); + if (ret) { + krb5_set_error_string(context, + "PKINIT: decoding failed SignedData: %d", + ret); + goto out; + } + + if (sd.encapContentInfo.eContent == NULL) { + krb5_set_error_string(context, + "PKINIT: signature missing encapContent"); + ret = KRB5KRB_AP_ERR_MSG_TYPE; + goto out; + } + + /* XXX Check CMS version */ + + if (sd.signerInfos.len < 1) { + krb5_set_error_string(context, + "PKINIT: signature information missing from " + "pkinit response"); + ret = KRB5_KDC_ERR_INVALID_SIG; + goto out; + } + + signer_info = &sd.signerInfos.val[0]; + + ret = any_to_CertificateSet(context, sd.certificates, &set); + if (ret) { + krb5_set_error_string(context, + "PKINIT: failed to decode CertificateSet"); + goto out; + } + + ret = cert_to_X509(context, &set, &certificates); + free_CertificateSetReal(&set); + if (ret) { + krb5_set_error_string(context, + "PKINIT: failed to decode Certificates"); + goto out; + } + + ret = pk_verify_chain_standard(context, id, + &signer_info->sid, + certificates, + &cert); + sk_X509_free(certificates); + if (ret) + goto out; + + if (signer_info->signature.length == 0) { + free_SignedData(&sd); + X509_free(cert); + krb5_set_error_string(context, "PKINIT: signature missing from" + "pkinit response"); + return KRB5_KDC_ERR_INVALID_SIG; + } + + public_key = X509_get_pubkey(cert); + + /* verify signature */ + if (heim_oid_cmp(&signer_info->digestAlgorithm.algorithm, + oid_id_pkcs1_sha1WithRSAEncryption()) == 0) + evp_type = EVP_sha1(); + else if (heim_oid_cmp(&signer_info->digestAlgorithm.algorithm, + oid_id_pkcs1_md5WithRSAEncryption()) == 0) + evp_type = EVP_md5(); + else if (heim_oid_cmp(&signer_info->digestAlgorithm.algorithm, + oid_id_secsig_sha_1()) == 0) + evp_type = EVP_sha1(); + else { + X509_free(cert); + krb5_set_error_string(context, "PKINIT: The requested digest " + "algorithm is not supported"); + ret = KRB5_KDC_ERR_INVALID_SIG; + goto out; + } + + EVP_VerifyInit(&md, evp_type); + EVP_VerifyUpdate(&md, + sd.encapContentInfo.eContent->data, + sd.encapContentInfo.eContent->length); + ret = EVP_VerifyFinal(&md, + signer_info->signature.data, + signer_info->signature.length, + public_key); + if (ret != 1) { + X509_free(cert); + krb5_set_error_string(context, "PKINIT: signature didn't verify: %s", + ERR_error_string(ERR_get_error(), NULL)); + ret = KRB5_KDC_ERR_INVALID_SIG; + goto out; + } + + ret = copy_oid(&sd.encapContentInfo.eContentType, contentType); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + + content->data = malloc(sd.encapContentInfo.eContent->length); + if (content->data == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + content->length = sd.encapContentInfo.eContent->length; + memcpy(content->data,sd.encapContentInfo.eContent->data,content->length); + + *signer = malloc(sizeof(**signer)); + if (*signer == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + (*signer)->cert = cert; + + out: + free_SignedData(&sd); + if (ret) { + free_oid(contentType); + krb5_data_free(content); + } + return ret; +} + +static krb5_error_code +get_reply_key(krb5_context context, + const krb5_data *content, + unsigned nonce, + krb5_keyblock **key) +{ + ReplyKeyPack_19 key_pack; + krb5_error_code ret; + size_t size; + + ret = decode_ReplyKeyPack_19(content->data, + content->length, + &key_pack, + &size); + if (ret) { + krb5_set_error_string(context, "PKINIT decoding reply key failed"); + free_ReplyKeyPack_19(&key_pack); + return ret; + } + + if (key_pack.nonce != nonce) { + krb5_set_error_string(context, "PKINIT enckey nonce is wrong"); + free_ReplyKeyPack_19(&key_pack); + return KRB5KRB_AP_ERR_MODIFIED; + } + + *key = malloc (sizeof (**key)); + if (*key == NULL) { + krb5_set_error_string(context, "PKINIT failed allocating reply key"); + free_ReplyKeyPack_19(&key_pack); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + ret = copy_EncryptionKey(&key_pack.replyKey, *key); + free_ReplyKeyPack_19(&key_pack); + if (ret) { + krb5_set_error_string(context, "PKINIT failed copying reply key"); + free(*key); + } + + return ret; +} + +static krb5_error_code +pk_verify_host(krb5_context context, struct krb5_pk_cert *host) +{ + /* XXX */ + return 0; +} + +static krb5_error_code +pk_rd_pa_reply_enckey(krb5_context context, + int win2k_compat, + ContentInfo *rep, + krb5_pk_init_ctx ctx, + krb5_enctype etype, + unsigned nonce, + PA_DATA *pa, + krb5_keyblock **key) +{ + krb5_error_code ret; + EnvelopedData ed; + krb5_keyblock tmp_key; + krb5_crypto crypto; + krb5_data plain; + KeyTransRecipientInfo *ri; + int length; + size_t size; + X509 *user_cert; + char *p; + krb5_boolean bret; + krb5_data content; + heim_oid contentType = { 0, NULL }; + struct krb5_pk_cert *host = NULL; + heim_octet_string encryptedContent; + heim_octet_string *any; + krb5_data ivec; + krb5_data params; + + + memset(&tmp_key, 0, sizeof(tmp_key)); + memset(&ed, 0, sizeof(ed)); + krb5_data_zero(&plain); + krb5_data_zero(&content); + krb5_data_zero(&encryptedContent); + krb5_data_zero(&ivec); + + user_cert = sk_X509_value(ctx->id->cert, 0); + + if (heim_oid_cmp(oid_id_pkcs7_envelopedData(), &rep->contentType)) { + krb5_set_error_string(context, "PKINIT: Invalid content type"); + return EINVAL; + } + + if (rep->content == NULL) { + krb5_set_error_string(context, "PKINIT: No content in reply"); + return EINVAL; + } + + ret = decode_EnvelopedData(rep->content->data, + rep->content->length, + &ed, + &size); + if (ret) { + free_EnvelopedData(&ed); + return ret; + } + + if (ed.recipientInfos.len != 1) { + free_EnvelopedData(&ed); + krb5_set_error_string(context, "pkinit: Number of recipient infos " + "not one (%d)", + ed.recipientInfos.len); + return EINVAL; /* XXX */ + } + + ri = &ed.recipientInfos.val[0]; + + /* XXX make SignerIdentifier and RecipientIdentifier the same */ + bret = pk_peer_compare(context, (SignerIdentifier *)&ri->rid, user_cert); + if (bret == FALSE) { + ret = KRB5KRB_AP_ERR_BADMATCH; /* XXX */ + goto out; + } + + if (heim_oid_cmp(oid_id_pkcs1_rsaEncryption(), + &ri->keyEncryptionAlgorithm.algorithm)) { + krb5_set_error_string(context, "PKINIT: invalid content type"); + return EINVAL; + } + + ret = pk_decrypt_key(context, &ri->encryptedKey, + ctx->id->private_key, &tmp_key); + if (ret) + goto out; + + + /* verify content type */ + if (win2k_compat) { + if (heim_oid_cmp(&ed.encryptedContentInfo.contentType, oid_id_pkcs7_data())) { + ret = KRB5KRB_AP_ERR_MSG_TYPE; + goto out; + } + } else { + if (heim_oid_cmp(&ed.encryptedContentInfo.contentType, oid_id_pkcs7_signedData())) { + ret = KRB5KRB_AP_ERR_MSG_TYPE; + goto out; + } + } + + if (ed.encryptedContentInfo.encryptedContent == NULL) { + krb5_set_error_string(context, "PKINIT: OPTIONAL encryptedContent " + "field not filled in in KDC reply"); + ret = KRB5_BADMSGTYPE; + goto out; + } + + any = ed.encryptedContentInfo.encryptedContent; + ret = der_get_octet_string(any->data, any->length, + &encryptedContent, NULL); + if (ret) { + krb5_set_error_string(context, + "PKINIT: encryptedContent content invalid"); + goto out; + } + + if (ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters == NULL){ + krb5_set_error_string(context, + "PKINIT: encryptedContent parameter missing"); + ret = KRB5_BADMSGTYPE; + goto out; + } + + params.data = ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters->data; + params.length = ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters->length; + + ret = _krb5_oid_to_enctype(context, + &ed.encryptedContentInfo.contentEncryptionAlgorithm.algorithm, + &tmp_key.keytype); + if (ret) + goto out; + + ret = krb5_crypto_init(context, &tmp_key, 0, &crypto); + if (ret) + goto out; + + ret = krb5_crypto_get_params(context, crypto, ¶ms, &ivec); + if (ret) + goto out; + + ret = krb5_decrypt_ivec(context, crypto, + 0, + encryptedContent.data, + encryptedContent.length, + &plain, + ivec.data); + + p = plain.data; + length = plain.length; + + /* win2k uses ContentInfo */ + if (win2k_compat) { + ContentInfo ci; + size_t size; + + ret = decode_ContentInfo(p, length, &ci, &size); + if (ret) { + krb5_set_error_string(context, + "PKINIT: failed decoding ContentInfo: %d", + ret); + goto out; + } + + if (heim_oid_cmp(&ci.contentType, oid_id_pkcs7_signedData())) { + ret = EINVAL; /* XXX */ + krb5_set_error_string(context, "PKINIT: Invalid content type"); + goto out; + } + p = ci.content->data; + length = ci.content->length; + } + + ret = _krb5_pk_verify_sign(context, + p, + length, + ctx->id, + &contentType, + &content, + &host); + if (ret) + goto out; + + /* make sure that it is the kdc's certificate */ + ret = pk_verify_host(context, host); + if (ret) { + krb5_set_error_string(context, "PKINIT: failed verify host: %d", ret); + goto out; + } + + if (win2k_compat) { + if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) { + krb5_set_error_string(context, "PKINIT: reply key, wrong oid"); + ret = KRB5KRB_AP_ERR_MSG_TYPE; + goto out; + } + } else { + if (heim_oid_cmp(&contentType, oid_id_pkrkeydata()) != 0) { + krb5_set_error_string(context, "PKINIT: reply key, wrong oid"); + ret = KRB5KRB_AP_ERR_MSG_TYPE; + goto out; + } + } + + ret = get_reply_key(context, &content, nonce, key); + if (ret) + goto out; + + /* XXX compare given etype with key->etype */ + + out: + if (host) + _krb5_pk_cert_free(host); + free_oid(&contentType); + free_octet_string(&encryptedContent); + krb5_data_free(&content); + krb5_free_keyblock_contents(context, &tmp_key); + krb5_data_free(&plain); + krb5_data_free(&ivec); + + return ret; +} + +static krb5_error_code +pk_rd_pa_reply_dh(krb5_context context, + ContentInfo *rep, + krb5_pk_init_ctx ctx, + krb5_enctype etype, + unsigned nonce, + PA_DATA *pa, + krb5_keyblock **key) +{ + unsigned char *p, *dh_gen_key = NULL; + ASN1_INTEGER *dh_pub_key = NULL; + struct krb5_pk_cert *host = NULL; + BIGNUM *kdc_dh_pubkey = NULL; + KDCDHKeyInfo kdc_dh_info; + heim_oid contentType = { 0, NULL }; + krb5_data content; + krb5_error_code ret; + int dh_gen_keylen; + size_t size; + + krb5_data_zero(&content); + memset(&kdc_dh_info, 0, sizeof(kdc_dh_info)); + + if (heim_oid_cmp(oid_id_pkcs7_signedData(), &rep->contentType)) { + krb5_set_error_string(context, "PKINIT: Invalid content type"); + return EINVAL; + } + + if (rep->content == NULL) { + krb5_set_error_string(context, "PKINIT: No content in reply"); + return EINVAL; + } + + ret = _krb5_pk_verify_sign(context, + rep->content->data, + rep->content->length, + ctx->id, + &contentType, + &content, + &host); + if (ret) + goto out; + + /* make sure that it is the kdc's certificate */ + ret = pk_verify_host(context, host); + if (ret) + goto out; + + if (heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) { + ret = KRB5KRB_AP_ERR_MSG_TYPE; /* XXX */ + goto out; + } + + ret = decode_KDCDHKeyInfo(content.data, + content.length, + &kdc_dh_info, + &size); + + if (ret) + goto out; + + if (kdc_dh_info.nonce != nonce) { + krb5_set_error_string(context, "PKINIT: DH nonce is wrong"); + ret = KRB5KRB_AP_ERR_MODIFIED; + goto out; + } + + p = kdc_dh_info.subjectPublicKey.data; + size = (kdc_dh_info.subjectPublicKey.length + 7) / 8; + dh_pub_key = d2i_ASN1_INTEGER(NULL, &p, size); + if (dh_pub_key == NULL) { + krb5_set_error_string(context, + "PKINIT: Can't parse KDC's DH public key"); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + + kdc_dh_pubkey = ASN1_INTEGER_to_BN(dh_pub_key, NULL); + if (kdc_dh_pubkey == NULL) { + krb5_set_error_string(context, + "PKINIT: Can't convert KDC's DH public key"); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + + dh_gen_key = malloc(DH_size(ctx->dh)); + if (dh_gen_key == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + goto out; + } + + dh_gen_keylen = DH_compute_key(dh_gen_key, kdc_dh_pubkey, ctx->dh); + if (dh_gen_keylen == -1) { + krb5_set_error_string(context, + "PKINIT: Can't compute Diffie-Hellman key (%s)", + ERR_error_string(ERR_get_error(), NULL)); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + + *key = malloc (sizeof (**key)); + if (*key == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + goto out; + } + + ret = krb5_random_to_key(context, etype, dh_gen_key, dh_gen_keylen, *key); + if (ret) { + krb5_set_error_string(context, + "PKINIT: can't create key from DH key"); + free(*key); + *key = NULL; + goto out; + } + + out: + if (kdc_dh_pubkey) + BN_free(kdc_dh_pubkey); + if (dh_gen_key) { + memset(dh_gen_key, 0, DH_size(ctx->dh)); + free(dh_gen_key); + } + if (dh_pub_key) + ASN1_INTEGER_free(dh_pub_key); + if (host) + _krb5_pk_cert_free(host); + if (content.data) + krb5_data_free(&content); + free_KDCDHKeyInfo(&kdc_dh_info); + + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_pk_rd_pa_reply(krb5_context context, + void *c, + krb5_enctype etype, + unsigned nonce, + PA_DATA *pa, + krb5_keyblock **key) +{ + krb5_pk_init_ctx ctx = c; + krb5_error_code ret; + ContentInfo ci; + size_t size; + + /* Check for PK-INIT -25 */ + if (pa->padata_type == KRB5_PADATA_PK_AS_REP) { + PA_PK_AS_REP rep; + + memset(&rep, 0, sizeof(rep)); + + ret = decode_PA_PK_AS_REP(pa->padata_value.data, + pa->padata_value.length, + &rep, + &size); + if (ret) + return ret; + + switch (rep.element) { + case choice_PA_PK_AS_REP_encKeyPack: + ret = decode_ContentInfo(rep.u.encKeyPack.data, + rep.u.encKeyPack.length, + &ci, + &size); + free_PA_PK_AS_REP(&rep); + if (ret) { + krb5_set_error_string(context, + "PKINIT: -25 decoding failed " + "ContentInfo: %d", ret); + break; + } + ret = pk_rd_pa_reply_enckey(context, 0, &ci, ctx, + etype, nonce, pa, key); + free_ContentInfo(&ci); + return ret; + default: + free_PA_PK_AS_REP(&rep); + krb5_set_error_string(context, "PKINIT: -25 reply " + "invalid content type"); + break; + } + } + + /* Check for PK-INIT -19 */ + { + PA_PK_AS_REP_19 rep19; + + memset(&rep19, 0, sizeof(rep19)); + + ret = decode_PA_PK_AS_REP_19(pa->padata_value.data, + pa->padata_value.length, + &rep19, + &size); + if (ret == 0) { + switch(rep19.element) { + case choice_PA_PK_AS_REP_19_dhSignedData: + ret = pk_rd_pa_reply_dh(context, &rep19.u.dhSignedData, ctx, + etype, nonce, pa, key); + break; + case choice_PA_PK_AS_REP_19_encKeyPack: + ret = pk_rd_pa_reply_enckey(context, 0, + &rep19.u.encKeyPack, ctx, + etype, nonce, pa, key); + break; + default: + krb5_set_error_string(context, "PKINIT: -19 reply invalid " + "content type"); + ret = EINVAL; + break; + } + free_PA_PK_AS_REP_19(&rep19); + if (ret == 0) + return 0; + } + } + + /* Check for Windows encoding of the AS-REP pa data */ + { + PA_PK_AS_REP_Win2k w2krep; + + memset(&w2krep, 0, sizeof(w2krep)); + + ret = decode_PA_PK_AS_REP_Win2k(pa->padata_value.data, + pa->padata_value.length, + &w2krep, + &size); + if (ret) { + krb5_set_error_string(context, "PKINIT: Failed decoding windows" + "pkinit reply %d", ret); + return ret; + } + + switch (w2krep.element) { + case choice_PA_PK_AS_REP_Win2k_encKeyPack: + ret = decode_ContentInfo(w2krep.u.encKeyPack.data, + w2krep.u.encKeyPack.length, + &ci, + &size); + free_PA_PK_AS_REP_Win2k(&w2krep); + if (ret) { + krb5_set_error_string(context, + "PKINIT: decoding failed " + "ContentInfo: %d", + ret); + return ret; + } + ret = pk_rd_pa_reply_enckey(context, 1, &ci, ctx, + etype, nonce, pa, key); + free_ContentInfo(&ci); + break; + default: + free_PA_PK_AS_REP_Win2k(&w2krep); + krb5_set_error_string(context, "PKINIT: win2k reply invalid " + "content type"); + ret = EINVAL; + break; + } + + } + + return ret; +} + +static int +ssl_pass_cb(char *buf, int size, int rwflag, void *u) +{ + krb5_error_code ret; + krb5_prompt prompt; + krb5_data password_data; + krb5_prompter_fct prompter = u; + + password_data.data = buf; + password_data.length = size; + prompt.prompt = "Enter your private key passphrase: "; + prompt.hidden = 1; + prompt.reply = &password_data; + prompt.type = KRB5_PROMPT_TYPE_PASSWORD; + + ret = (*prompter)(NULL, NULL, NULL, NULL, 1, &prompt); + if (ret) { + memset (buf, 0, size); + return 0; + } + return strlen(buf); +} + +static krb5_error_code +load_openssl_cert(krb5_context context, + const char *file, + STACK_OF(X509) **c) +{ + STACK_OF(X509) *certificate; + krb5_error_code ret; + FILE *f; + + f = fopen(file, "r"); + if (f == NULL) { + ret = errno; + krb5_set_error_string(context, "PKINIT: open failed %s: %s", + file, strerror(ret)); + return ret; + } + + certificate = sk_X509_new_null(); + while (1) { + /* see http://www.openssl.org/docs/crypto/pem.html section BUGS */ + X509 *cert; + cert = PEM_read_X509(f, NULL, NULL, NULL); + if (cert == NULL) { + if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE) { + /* End of file reached. no error */ + ERR_clear_error(); + break; + } + krb5_set_error_string(context, "PKINIT: Can't read certificate"); + fclose(f); + return HEIM_PKINIT_CERTIFICATE_INVALID; + } + sk_X509_insert(certificate, cert, sk_X509_num(certificate)); + } + fclose(f); + if (sk_X509_num(certificate) == 0) { + krb5_set_error_string(context, "PKINIT: No certificate found"); + return HEIM_PKINIT_NO_CERTIFICATE; + } + *c = certificate; + return 0; +} + +static krb5_error_code +load_openssl_file(krb5_context context, + char *password, + krb5_prompter_fct prompter, + void *prompter_data, + const char *user_id, + struct krb5_pk_identity *id) +{ + krb5_error_code ret; + STACK_OF(X509) *certificate = NULL; + char *cert_file = NULL, *key_file; + EVP_PKEY *private_key = NULL; + FILE *f; + + cert_file = strdup(user_id); + if (cert_file == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + key_file = strchr(cert_file, ','); + if (key_file == NULL) { + krb5_set_error_string(context, "PKINIT: key file missing"); + ret = HEIM_PKINIT_NO_PRIVATE_KEY; + goto out; + } + *key_file++ = '\0'; + + ret = load_openssl_cert(context, cert_file, &certificate); + if (ret) + goto out; + + /* load private key */ + f = fopen(key_file, "r"); + if (f == NULL) { + ret = errno; + krb5_set_error_string(context, "PKINIT: open %s: %s", + key_file, strerror(ret)); + goto out; + } + if (password == NULL || password[0] == '\0') { + if (prompter == NULL) + prompter = krb5_prompter_posix; + private_key = PEM_read_PrivateKey(f, NULL, ssl_pass_cb, prompter); + } else + private_key = PEM_read_PrivateKey(f, NULL, NULL, password); + fclose(f); + if (private_key == NULL) { + krb5_set_error_string(context, "PKINIT: Can't read private key"); + ret = HEIM_PKINIT_PRIVATE_KEY_INVALID; + goto out; + } + ret = X509_check_private_key(sk_X509_value(certificate, 0), private_key); + if (ret != 1) { + ret = HEIM_PKINIT_PRIVATE_KEY_INVALID; + krb5_set_error_string(context, + "PKINIT: The private key doesn't match " + "the public key certificate"); + goto out; + } + + id->private_key = private_key; + id->cert = certificate; + + return 0; + out: + if (cert_file) + free(cert_file); + if (certificate) + sk_X509_pop_free(certificate, X509_free); + if (private_key) + EVP_PKEY_free(private_key); + + return ret; +} + +static int +add_pair(krb5_context context, char *str, char ***cmds, int *num) +{ + char **c; + char *p; + int i; + + p = strchr(str, ':'); + if (p) { + *p = '\0'; + p++; + } + + /* filter out dup keys */ + for (i = 0; i < *num; i++) + if (strcmp((*cmds)[i * 2], str) == 0) + return 0; + + c = realloc(*cmds, sizeof(*c) * ((*num + 1) * 2)); + if (c == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + c[(*num * 2)] = str; + c[(*num * 2) + 1] = p; + *num += 1; + *cmds = c; + return 0; +} + +static krb5_error_code +eval_pairs(krb5_context context, ENGINE *e, const char *name, + const char *type, char **cmds, int num) +{ + int i; + + for (i = 0; i < num; i++) { + char *a1 = cmds[i * 2], *a2 = cmds[(i * 2) + 1]; + if(!ENGINE_ctrl_cmd_string(e, a1, a2, 0)) { + krb5_set_error_string(context, + "PKINIT: Failed %scommand (%s - %s:%s): %s", + type, name, a1, a2 ? a2 : "(NULL)", + ERR_error_string(ERR_get_error(), NULL)); + return HEIM_PKINIT_NO_PRIVATE_KEY; + } + } + return 0; +} + +struct engine_context { + char **pre_cmds; + char **post_cmds; + int num_pre; + int num_post; + char *engine_name; + char *cert_file; + char *key_id; +}; + +static krb5_error_code +parse_openssl_engine_conf(krb5_context context, + struct engine_context *ctx, + char *line) +{ + krb5_error_code ret; + char *last, *p, *q; + + for (p = strtok_r(line, ",", &last); + p != NULL; + p = strtok_r(NULL, ",", &last)) { + + q = strchr(p, '='); + if (q == NULL) { + krb5_set_error_string(context, + "PKINIT: openssl engine configuration " + "key %s missing = and thus value", p); + return HEIM_PKINIT_NO_PRIVATE_KEY; + } + *q = '\0'; + q++; + if (strcasecmp("PRE", p) == 0) { + ret = add_pair(context, q, &ctx->pre_cmds, &ctx->num_pre); + if (ret) + return ret; + } else if (strcasecmp("POST", p) == 0) { + ret = add_pair(context, q, &ctx->post_cmds, &ctx->num_post); + if (ret) + return ret; + } else if (strcasecmp("KEY", p) == 0) { + ctx->key_id = q; + } else if (strcasecmp("CERT", p) == 0) { + ctx->cert_file = q; + } else if (strcasecmp("ENGINE", p) == 0) { + ctx->engine_name = q; + } else { + krb5_set_error_string(context, + "PKINIT: openssl engine configuration " + "key %s is unknown", p); + return HEIM_PKINIT_NO_PRIVATE_KEY; + } + } + return 0; +} + + +static krb5_error_code +load_openssl_engine(krb5_context context, + char *password, + krb5_prompter_fct prompter, + void *prompter_data, + const char *string, + struct krb5_pk_identity *id) +{ + struct engine_context ctx; + krb5_error_code ret; + const char *f; + char *file_conf = NULL, *user_conf = NULL; + ENGINE *e = NULL; + + memset(&ctx, 0, sizeof(ctx)); + + ENGINE_load_builtin_engines(); + + user_conf = strdup(string); + if (user_conf == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + ret = parse_openssl_engine_conf(context, &ctx, user_conf); + if (ret) + goto out; + + f = krb5_config_get_string_default(context, NULL, NULL, + "libdefaults", + "pkinit-openssl-engine", + NULL); + if (f) { + file_conf = strdup(f); + if (file_conf) { + ret = parse_openssl_engine_conf(context, &ctx, file_conf); + if (ret) + goto out; + } + } + + if (ctx.cert_file == NULL) { + krb5_set_error_string(context, + "PKINIT: openssl engine missing certificate"); + ret = HEIM_PKINIT_NO_CERTIFICATE; + goto out; + } + if (ctx.key_id == NULL) { + krb5_set_error_string(context, + "PKINIT: openssl engine missing key id"); + ret = HEIM_PKINIT_NO_PRIVATE_KEY; + goto out; + } + if (ctx.engine_name == NULL) { + krb5_set_error_string(context, + "PKINIT: openssl engine missing engine name"); + ret = HEIM_PKINIT_NO_PRIVATE_KEY; + goto out; + } + + e = ENGINE_by_id(ctx.engine_name); + if (e == NULL) { + krb5_set_error_string(context, + "PKINIT: failed getting openssl engine %s: %s", + ctx.engine_name, + ERR_error_string(ERR_get_error(), NULL)); + ret = HEIM_PKINIT_NO_PRIVATE_KEY; + goto out; + } + + ret = eval_pairs(context, e, ctx.engine_name, "pre", + ctx.pre_cmds, ctx.num_pre); + if (ret) + goto out; + + if(!ENGINE_init(e)) { + ret = HEIM_PKINIT_NO_PRIVATE_KEY; + krb5_set_error_string(context, + "PKINIT: openssl engine init %s failed: %s", + ctx.engine_name, + ERR_error_string(ERR_get_error(), NULL)); + ENGINE_free(e); + goto out; + } + + ret = eval_pairs(context, e, ctx.engine_name, "post", + ctx.post_cmds, ctx.num_post); + if (ret) + goto out; + + /* + * If the engine supports a LOAD_CERT_CTRL function, lets try + * it. OpenSC support this function. Eventially this should be + * a ENGINE_load_cert function if it failes, treat it like a + * non fatal error. + */ + { + struct { + const char * cert_id; + X509 * cert; + } parms; + + parms.cert_id = ctx.cert_file; + parms.cert = NULL; + ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); + if (parms.cert) { + id->cert = sk_X509_new_null(); + sk_X509_insert(id->cert, parms.cert, 0); + } + } + + if (id->cert == NULL) { + ret = load_openssl_cert(context, ctx.cert_file, &id->cert); + if (ret) + goto out; + } + + { + UI_METHOD * krb5_ui_method = NULL; + struct krb5_ui_data ui_data; + + krb5_ui_method = UI_create_method("Krb5 ui method"); + if (krb5_ui_method == NULL) { + krb5_set_error_string(context, + "PKINIT: failed to setup prompter " + "function: %s", + ERR_error_string(ERR_get_error(), NULL)); + ret = HEIM_PKINIT_NO_PRIVATE_KEY; + goto out; + } + UI_method_set_reader(krb5_ui_method, krb5_ui_method_read_string); + + ui_data.context = context; + ui_data.prompter = prompter; + if (prompter == NULL) + ui_data.prompter = krb5_prompter_posix; + ui_data.prompter_data = prompter_data; + + id->private_key = ENGINE_load_private_key(e, + ctx.key_id, + krb5_ui_method, + (void*) &ui_data); + UI_destroy_method(krb5_ui_method); + } + + if (id->private_key == NULL) { + krb5_set_error_string(context, + "PKINIT: failed to load private key: %s", + ERR_error_string(ERR_get_error(), NULL)); + ret = HEIM_PKINIT_NO_PRIVATE_KEY; + goto out; + } + + ret = X509_check_private_key(sk_X509_value(id->cert, 0), id->private_key); + if (ret != 1) { + ret = HEIM_PKINIT_PRIVATE_KEY_INVALID; + krb5_set_error_string(context, + "PKINIT: The private key doesn't match " + "the public key certificate"); + goto out; + } + + if (user_conf) + free(user_conf); + if (file_conf) + free(file_conf); + + id->engine = e; + + return 0; + + out: + if (user_conf) + free(user_conf); + if (file_conf) + free(file_conf); + if (e) { + ENGINE_finish(e); /* make sure all shared libs are unloaded */ + ENGINE_free(e); + } + + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_pk_load_openssl_id(krb5_context context, + struct krb5_pk_identity **ret_id, + const char *user_id, + const char *x509_anchors, + krb5_prompter_fct prompter, + void *prompter_data, + char *password) +{ + STACK_OF(X509) *trusted_certs = NULL; + struct krb5_pk_identity *id = NULL; + krb5_error_code ret; + struct dirent *file; + char *dirname = NULL; + DIR *dir; + FILE *f; + krb5_error_code (*load_pair)(krb5_context, + char *, + krb5_prompter_fct prompter, + void * prompter_data, + const char *, + struct krb5_pk_identity *) = NULL; + + + *ret_id = NULL; + + if (x509_anchors == NULL) { + krb5_set_error_string(context, "PKINIT: No root ca directory given"); + return HEIM_PKINIT_NO_VALID_CA; + } + + if (user_id == NULL) { + krb5_set_error_string(context, + "PKINIT: No user X509 source given given"); + return HEIM_PKINIT_NO_PRIVATE_KEY; + } + + /* + * + */ + + if (strncasecmp(user_id, "FILE:", 5) == 0) { + load_pair = load_openssl_file; + user_id += 5; + } else if (strncasecmp(user_id, "ENGINE:", 7) == 0) { + load_pair = load_openssl_engine; + user_id += 7; + } else { + krb5_set_error_string(context, "PKINIT: user identity not FILE"); + return HEIM_PKINIT_NO_CERTIFICATE; + } + if (strncasecmp(x509_anchors, "OPENSSL-ANCHOR-DIR:", 19) != 0) { + krb5_set_error_string(context, "PKINIT: anchor OPENSSL-ANCHOR-DIR"); + return HEIM_PKINIT_NO_VALID_CA; + } + x509_anchors += 19; + + id = malloc(sizeof(*id)); + if (id == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + goto out; + } + memset(id, 0, sizeof(*id)); + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + + ret = (*load_pair)(context, password, prompter, prompter_data, user_id, id); + if (ret) + goto out; + + /* load anchors */ + + dirname = strdup(x509_anchors); + if (dirname == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + goto out; + } + + { + size_t len; + len = strlen(dirname); + if (dirname[len - 1] == '/') + dirname[len - 1] = '\0'; + } + + /* read ca certificates */ + dir = opendir(dirname); + if (dir == NULL) { + ret = errno; + krb5_set_error_string(context, "PKINIT: open directory %s: %s", + dirname, strerror(ret)); + goto out; + } + + trusted_certs = sk_X509_new_null(); + while ((file = readdir(dir)) != NULL) { + X509 *cert; + char *filename; + + /* + * Assume the certificate filenames constist of hashed subject + * name followed by suffix ".0" + */ + + if (strlen(file->d_name) == 10 && strcmp(&file->d_name[8],".0") == 0) { + asprintf(&filename, "%s/%s", dirname, file->d_name); + if (filename == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out or memory"); + goto out; + } + f = fopen(filename, "r"); + if (f == NULL) { + ret = errno; + krb5_set_error_string(context, "PKINIT: open %s: %s", + filename, strerror(ret)); + free(filename); + closedir(dir); + goto out; + } + cert = PEM_read_X509(f, NULL, NULL, NULL); + fclose(f); + if (cert != NULL) { + /* order of the certs is not important */ + sk_X509_push(trusted_certs, cert); + } + free(filename); + } + } + closedir(dir); + + if (sk_X509_num(trusted_certs) == 0) { + krb5_set_error_string(context, + "PKINIT: No CA certificate(s) found in %s", + dirname); + ret = HEIM_PKINIT_NO_VALID_CA; + goto out; + } + + id->trusted_certs = trusted_certs; + + *ret_id = id; + + return 0; + + out: + if (dirname) + free(dirname); + if (trusted_certs) + sk_X509_pop_free(trusted_certs, X509_free); + if (id) { + if (id->cert) + sk_X509_pop_free(id->cert, X509_free); + if (id->private_key) + EVP_PKEY_free(id->private_key); + free(id); + } + + return ret; +} + +#endif /* PKINIT */ + +void KRB5_LIB_FUNCTION +_krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) +{ +#ifdef PKINIT + krb5_pk_init_ctx ctx; + + if (opt->private == NULL || opt->private->pk_init_ctx == NULL) + return; + ctx = opt->private->pk_init_ctx; + if (ctx->dh) + DH_free(ctx->dh); + ctx->dh = NULL; + if (ctx->id) { + if (ctx->id->cert) + sk_X509_pop_free(ctx->id->cert, X509_free); + if (ctx->id->trusted_certs) + sk_X509_pop_free(ctx->id->trusted_certs, X509_free); + if (ctx->id->private_key) + EVP_PKEY_free(ctx->id->private_key); + if (ctx->id->engine) { + ENGINE_finish(ctx->id->engine); /* unload shared libs etc */ + ENGINE_free(ctx->id->engine); + ctx->id->engine = NULL; + } + free(ctx->id); + ctx->id = NULL; + } + opt->private->pk_init_ctx = NULL; +#endif +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_pkinit(krb5_context context, + krb5_get_init_creds_opt *opt, + krb5_principal principal, + const char *user_id, + const char *x509_anchors, + int flags, + krb5_prompter_fct prompter, + void *prompter_data, + char *password) +{ +#ifdef PKINIT + krb5_error_code ret; + + if (opt->private == NULL) { + krb5_set_error_string(context, "PKINIT: on non extendable opt"); + return EINVAL; + } + + opt->private->pk_init_ctx = malloc(sizeof(*opt->private->pk_init_ctx)); + if (opt->private->pk_init_ctx == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + opt->private->pk_init_ctx->dh = NULL; + opt->private->pk_init_ctx->id = NULL; + ret = _krb5_pk_load_openssl_id(context, + &opt->private->pk_init_ctx->id, + user_id, + x509_anchors, + prompter, + prompter_data, + password); + if (ret) { + free(opt->private->pk_init_ctx); + opt->private->pk_init_ctx = NULL; + } + + /* XXX */ + if (ret == 0 && (flags & 1) && !(flags & 2)) { + DH *dh; + const char *P = + "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" + "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" + "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" + "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" + "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381" + "FFFFFFFF" "FFFFFFFF"; + const char *G = "2"; + const char *Q = + "7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68" + "94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E" + "F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122" + "F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6" + "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F67329C0" + "FFFFFFFF" "FFFFFFFF"; + + dh = DH_new(); + if (dh == NULL) { + _krb5_get_init_creds_opt_free_pkinit(opt); + return ENOMEM; + } + opt->private->pk_init_ctx->dh = dh; + if (!BN_hex2bn(&dh->p, P)) { + _krb5_get_init_creds_opt_free_pkinit(opt); + return ENOMEM; + } + if (!BN_hex2bn(&dh->g, G)) { + _krb5_get_init_creds_opt_free_pkinit(opt); + return ENOMEM; + } + if (!BN_hex2bn(&dh->q, Q)) { + _krb5_get_init_creds_opt_free_pkinit(opt); + return ENOMEM; + } + /* XXX generate a new key for each request ? */ + if (DH_generate_key(dh) != 1) { + _krb5_get_init_creds_opt_free_pkinit(opt); + return ENOMEM; + } + } + return ret; +#else + krb5_set_error_string(context, "no support for PKINIT compiled in"); + return EINVAL; +#endif +} diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c new file mode 100644 index 0000000000..b7194b4c41 --- /dev/null +++ b/source4/heimdal/lib/krb5/principal.c @@ -0,0 +1,1125 @@ +/* + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +#ifdef HAVE_RES_SEARCH +#define USE_RESOLVER +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#include +#include "resolve.h" + +RCSID("$Id: principal.c,v 1.90 2005/06/30 01:38:15 lha Exp $"); + +#define princ_num_comp(P) ((P)->name.name_string.len) +#define princ_type(P) ((P)->name.name_type) +#define princ_comp(P) ((P)->name.name_string.val) +#define princ_ncomp(P, N) ((P)->name.name_string.val[(N)]) +#define princ_realm(P) ((P)->realm) + +void KRB5_LIB_FUNCTION +krb5_free_principal(krb5_context context, + krb5_principal p) +{ + if(p){ + free_Principal(p); + free(p); + } +} + +void KRB5_LIB_FUNCTION +krb5_principal_set_type(krb5_context context, + krb5_principal principal, + int type) +{ + princ_type(principal) = type; +} + +int KRB5_LIB_FUNCTION +krb5_principal_get_type(krb5_context context, + krb5_principal principal) +{ + return princ_type(principal); +} + +const char* KRB5_LIB_FUNCTION +krb5_principal_get_realm(krb5_context context, + krb5_const_principal principal) +{ + return princ_realm(principal); +} + +const char* KRB5_LIB_FUNCTION +krb5_principal_get_comp_string(krb5_context context, + krb5_principal principal, + unsigned int component) +{ + if(component >= princ_num_comp(principal)) + return NULL; + return princ_ncomp(principal, component); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_parse_name(krb5_context context, + const char *name, + krb5_principal *principal) +{ + krb5_error_code ret; + heim_general_string *comp; + heim_general_string realm; + int ncomp; + + const char *p; + char *q; + char *s; + char *start; + + int n; + char c; + int got_realm = 0; + + /* count number of component */ + ncomp = 1; + for(p = name; *p; p++){ + if(*p=='\\'){ + if(!p[1]) { + krb5_set_error_string (context, + "trailing \\ in principal name"); + return KRB5_PARSE_MALFORMED; + } + p++; + } else if(*p == '/') + ncomp++; + } + comp = calloc(ncomp, sizeof(*comp)); + if (comp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + + n = 0; + p = start = q = s = strdup(name); + if (start == NULL) { + free (comp); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + while(*p){ + c = *p++; + if(c == '\\'){ + c = *p++; + if(c == 'n') + c = '\n'; + else if(c == 't') + c = '\t'; + else if(c == 'b') + c = '\b'; + else if(c == '0') + c = '\0'; + else if(c == '\0') { + krb5_set_error_string (context, + "trailing \\ in principal name"); + ret = KRB5_PARSE_MALFORMED; + goto exit; + } + }else if(c == '/' || c == '@'){ + if(got_realm){ + krb5_set_error_string (context, + "part after realm in principal name"); + ret = KRB5_PARSE_MALFORMED; + goto exit; + }else{ + comp[n] = malloc(q - start + 1); + if (comp[n] == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + ret = ENOMEM; + goto exit; + } + memcpy(comp[n], start, q - start); + comp[n][q - start] = 0; + n++; + } + if(c == '@') + got_realm = 1; + start = q; + continue; + } + if(got_realm && (c == ':' || c == '/' || c == '\0')) { + krb5_set_error_string (context, + "part after realm in principal name"); + ret = KRB5_PARSE_MALFORMED; + goto exit; + } + *q++ = c; + } + if(got_realm){ + realm = malloc(q - start + 1); + if (realm == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + ret = ENOMEM; + goto exit; + } + memcpy(realm, start, q - start); + realm[q - start] = 0; + }else{ + ret = krb5_get_default_realm (context, &realm); + if (ret) + goto exit; + + comp[n] = malloc(q - start + 1); + if (comp[n] == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + ret = ENOMEM; + goto exit; + } + memcpy(comp[n], start, q - start); + comp[n][q - start] = 0; + n++; + } + *principal = malloc(sizeof(**principal)); + if (*principal == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + ret = ENOMEM; + goto exit; + } + (*principal)->name.name_type = KRB5_NT_PRINCIPAL; + (*principal)->name.name_string.val = comp; + princ_num_comp(*principal) = n; + (*principal)->realm = realm; + free(s); + return 0; +exit: + while(n>0){ + free(comp[--n]); + } + free(comp); + free(s); + return ret; +} + +static const char quotable_chars[] = " \n\t\b\\/@"; +static const char replace_chars[] = " ntb\\/@"; + +#define add_char(BASE, INDEX, LEN, C) do { if((INDEX) < (LEN)) (BASE)[(INDEX)++] = (C); }while(0); + +static size_t +quote_string(const char *s, char *out, size_t string_index, size_t len) +{ + const char *p, *q; + for(p = s; *p && string_index < len; p++){ + if((q = strchr(quotable_chars, *p))){ + add_char(out, string_index, len, '\\'); + add_char(out, string_index, len, replace_chars[q - quotable_chars]); + }else + add_char(out, string_index, len, *p); + } + if(string_index < len) + out[string_index] = '\0'; + return string_index; +} + + +static krb5_error_code +unparse_name_fixed(krb5_context context, + krb5_const_principal principal, + char *name, + size_t len, + krb5_boolean short_form) +{ + size_t idx = 0; + int i; + for(i = 0; i < princ_num_comp(principal); i++){ + if(i) + add_char(name, idx, len, '/'); + idx = quote_string(princ_ncomp(principal, i), name, idx, len); + if(idx == len) + return ERANGE; + } + /* add realm if different from default realm */ + if(short_form) { + krb5_realm r; + krb5_error_code ret; + ret = krb5_get_default_realm(context, &r); + if(ret) + return ret; + if(strcmp(princ_realm(principal), r) != 0) + short_form = 0; + free(r); + } + if(!short_form) { + add_char(name, idx, len, '@'); + idx = quote_string(princ_realm(principal), name, idx, len); + if(idx == len) + return ERANGE; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_unparse_name_fixed(krb5_context context, + krb5_const_principal principal, + char *name, + size_t len) +{ + return unparse_name_fixed(context, principal, name, len, FALSE); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_unparse_name_fixed_short(krb5_context context, + krb5_const_principal principal, + char *name, + size_t len) +{ + return unparse_name_fixed(context, principal, name, len, TRUE); +} + +static krb5_error_code +unparse_name(krb5_context context, + krb5_const_principal principal, + char **name, + krb5_boolean short_flag) +{ + size_t len = 0, plen; + int i; + krb5_error_code ret; + /* count length */ + plen = strlen(princ_realm(principal)); + if(strcspn(princ_realm(principal), quotable_chars) == plen) + len += plen; + else + len += 2*plen; + len++; + for(i = 0; i < princ_num_comp(principal); i++){ + plen = strlen(princ_ncomp(principal, i)); + if(strcspn(princ_ncomp(principal, i), quotable_chars) == plen) + len += plen; + else + len += 2*plen; + len++; + } + len++; + *name = malloc(len); + if(*name == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + ret = unparse_name_fixed(context, principal, *name, len, short_flag); + if(ret) { + free(*name); + *name = NULL; + } + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_unparse_name(krb5_context context, + krb5_const_principal principal, + char **name) +{ + return unparse_name(context, principal, name, FALSE); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_unparse_name_short(krb5_context context, + krb5_const_principal principal, + char **name) +{ + return unparse_name(context, principal, name, TRUE); +} + +#if 0 /* not implemented */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_unparse_name_ext(krb5_context context, + krb5_const_principal principal, + char **name, + size_t *size) +{ + krb5_abortx(context, "unimplemented krb5_unparse_name_ext called"); +} + +#endif + +krb5_realm* +krb5_princ_realm(krb5_context context, + krb5_principal principal) +{ + return &princ_realm(principal); +} + + +void KRB5_LIB_FUNCTION +krb5_princ_set_realm(krb5_context context, + krb5_principal principal, + krb5_realm *realm) +{ + princ_realm(principal) = *realm; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_build_principal(krb5_context context, + krb5_principal *principal, + int rlen, + krb5_const_realm realm, + ...) +{ + krb5_error_code ret; + va_list ap; + va_start(ap, realm); + ret = krb5_build_principal_va(context, principal, rlen, realm, ap); + va_end(ap); + return ret; +} + +static krb5_error_code +append_component(krb5_context context, krb5_principal p, + const char *comp, + size_t comp_len) +{ + heim_general_string *tmp; + size_t len = princ_num_comp(p); + + tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp)); + if(tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + princ_comp(p) = tmp; + princ_ncomp(p, len) = malloc(comp_len + 1); + if (princ_ncomp(p, len) == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + memcpy (princ_ncomp(p, len), comp, comp_len); + princ_ncomp(p, len)[comp_len] = '\0'; + princ_num_comp(p)++; + return 0; +} + +static void +va_ext_princ(krb5_context context, krb5_principal p, va_list ap) +{ + while(1){ + const char *s; + int len; + len = va_arg(ap, int); + if(len == 0) + break; + s = va_arg(ap, const char*); + append_component(context, p, s, len); + } +} + +static void +va_princ(krb5_context context, krb5_principal p, va_list ap) +{ + while(1){ + const char *s; + s = va_arg(ap, const char*); + if(s == NULL) + break; + append_component(context, p, s, strlen(s)); + } +} + + +static krb5_error_code +build_principal(krb5_context context, + krb5_principal *principal, + int rlen, + krb5_const_realm realm, + void (*func)(krb5_context, krb5_principal, va_list), + va_list ap) +{ + krb5_principal p; + + p = calloc(1, sizeof(*p)); + if (p == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + princ_type(p) = KRB5_NT_PRINCIPAL; + + princ_realm(p) = strdup(realm); + if(p->realm == NULL){ + free(p); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + + (*func)(context, p, ap); + *principal = p; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_make_principal(krb5_context context, + krb5_principal *principal, + krb5_const_realm realm, + ...) +{ + krb5_error_code ret; + krb5_realm r = NULL; + va_list ap; + if(realm == NULL) { + ret = krb5_get_default_realm(context, &r); + if(ret) + return ret; + realm = r; + } + va_start(ap, realm); + ret = krb5_build_principal_va(context, principal, strlen(realm), realm, ap); + va_end(ap); + if(r) + free(r); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_build_principal_va(krb5_context context, + krb5_principal *principal, + int rlen, + krb5_const_realm realm, + va_list ap) +{ + return build_principal(context, principal, rlen, realm, va_princ, ap); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_build_principal_va_ext(krb5_context context, + krb5_principal *principal, + int rlen, + krb5_const_realm realm, + va_list ap) +{ + return build_principal(context, principal, rlen, realm, va_ext_princ, ap); +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_build_principal_ext(krb5_context context, + krb5_principal *principal, + int rlen, + krb5_const_realm realm, + ...) +{ + krb5_error_code ret; + va_list ap; + va_start(ap, realm); + ret = krb5_build_principal_va_ext(context, principal, rlen, realm, ap); + va_end(ap); + return ret; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_principal(krb5_context context, + krb5_const_principal inprinc, + krb5_principal *outprinc) +{ + krb5_principal p = malloc(sizeof(*p)); + if (p == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + if(copy_Principal(inprinc, p)) { + free(p); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + *outprinc = p; + return 0; +} + +/* + * return TRUE iff princ1 == princ2 (without considering the realm) + */ + +krb5_boolean KRB5_LIB_FUNCTION +krb5_principal_compare_any_realm(krb5_context context, + krb5_const_principal princ1, + krb5_const_principal princ2) +{ + int i; + if(princ_num_comp(princ1) != princ_num_comp(princ2)) + return FALSE; + for(i = 0; i < princ_num_comp(princ1); i++){ + if(strcmp(princ_ncomp(princ1, i), princ_ncomp(princ2, i)) != 0) + return FALSE; + } + return TRUE; +} + +/* + * return TRUE iff princ1 == princ2 + */ + +krb5_boolean KRB5_LIB_FUNCTION +krb5_principal_compare(krb5_context context, + krb5_const_principal princ1, + krb5_const_principal princ2) +{ + if(!krb5_realm_compare(context, princ1, princ2)) + return FALSE; + return krb5_principal_compare_any_realm(context, princ1, princ2); +} + +/* + * return TRUE iff realm(princ1) == realm(princ2) + */ + +krb5_boolean KRB5_LIB_FUNCTION +krb5_realm_compare(krb5_context context, + krb5_const_principal princ1, + krb5_const_principal princ2) +{ + return strcmp(princ_realm(princ1), princ_realm(princ2)) == 0; +} + +/* + * return TRUE iff princ matches pattern + */ + +krb5_boolean KRB5_LIB_FUNCTION +krb5_principal_match(krb5_context context, + krb5_const_principal princ, + krb5_const_principal pattern) +{ + int i; + if(princ_num_comp(princ) != princ_num_comp(pattern)) + return FALSE; + if(fnmatch(princ_realm(pattern), princ_realm(princ), 0) != 0) + return FALSE; + for(i = 0; i < princ_num_comp(princ); i++){ + if(fnmatch(princ_ncomp(pattern, i), princ_ncomp(princ, i), 0) != 0) + return FALSE; + } + return TRUE; +} + + +static struct v4_name_convert { + const char *from; + const char *to; +} default_v4_name_convert[] = { + { "ftp", "ftp" }, + { "hprop", "hprop" }, + { "pop", "pop" }, + { "imap", "imap" }, + { "rcmd", "host" }, + { "smtp", "smtp" }, + { NULL, NULL } +}; + +/* + * return the converted instance name of `name' in `realm'. + * look in the configuration file and then in the default set above. + * return NULL if no conversion is appropriate. + */ + +static const char* +get_name_conversion(krb5_context context, const char *realm, const char *name) +{ + struct v4_name_convert *q; + const char *p; + + p = krb5_config_get_string(context, NULL, "realms", realm, + "v4_name_convert", "host", name, NULL); + if(p == NULL) + p = krb5_config_get_string(context, NULL, "libdefaults", + "v4_name_convert", "host", name, NULL); + if(p) + return p; + + /* XXX should be possible to override default list */ + p = krb5_config_get_string(context, NULL, + "realms", + realm, + "v4_name_convert", + "plain", + name, + NULL); + if(p) + return NULL; + p = krb5_config_get_string(context, NULL, + "libdefaults", + "v4_name_convert", + "plain", + name, + NULL); + if(p) + return NULL; + for(q = default_v4_name_convert; q->from; q++) + if(strcmp(q->from, name) == 0) + return q->to; + return NULL; +} + +/* + * convert the v4 principal `name.instance@realm' to a v5 principal in `princ'. + * if `resolve', use DNS. + * if `func', use that function for validating the conversion + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_425_conv_principal_ext2(krb5_context context, + const char *name, + const char *instance, + const char *realm, + krb5_boolean (*func)(krb5_context, + void *, krb5_principal), + void *funcctx, + krb5_boolean resolve, + krb5_principal *princ) +{ + const char *p; + krb5_error_code ret; + krb5_principal pr; + char host[MAXHOSTNAMELEN]; + char local_hostname[MAXHOSTNAMELEN]; + + /* do the following: if the name is found in the + `v4_name_convert:host' part, is is assumed to be a `host' type + principal, and the instance is looked up in the + `v4_instance_convert' part. if not found there the name is + (optionally) looked up as a hostname, and if that doesn't yield + anything, the `default_domain' is appended to the instance + */ + + if(instance == NULL) + goto no_host; + if(instance[0] == 0){ + instance = NULL; + goto no_host; + } + p = get_name_conversion(context, realm, name); + if(p == NULL) + goto no_host; + name = p; + p = krb5_config_get_string(context, NULL, "realms", realm, + "v4_instance_convert", instance, NULL); + if(p){ + instance = p; + ret = krb5_make_principal(context, &pr, realm, name, instance, NULL); + if(func == NULL || (*func)(context, funcctx, pr)){ + *princ = pr; + return 0; + } + krb5_free_principal(context, pr); + *princ = NULL; + krb5_clear_error_string (context); + return HEIM_ERR_V4_PRINC_NO_CONV; + } + if(resolve){ + krb5_boolean passed = FALSE; + char *inst = NULL; +#ifdef USE_RESOLVER + struct dns_reply *r; + + r = dns_lookup(instance, "aaaa"); + if (r && r->head && r->head->type == T_AAAA) { + inst = strdup(r->head->domain); + dns_free_data(r); + passed = TRUE; + } else { + r = dns_lookup(instance, "a"); + if(r && r->head && r->head->type == T_A) { + inst = strdup(r->head->domain); + dns_free_data(r); + passed = TRUE; + } + } +#else + struct addrinfo hints, *ai; + int ret; + + memset (&hints, 0, sizeof(hints)); + hints.ai_flags = AI_CANONNAME; + ret = getaddrinfo(instance, NULL, &hints, &ai); + if (ret == 0) { + const struct addrinfo *a; + for (a = ai; a != NULL; a = a->ai_next) { + if (a->ai_canonname != NULL) { + inst = strdup (a->ai_canonname); + passed = TRUE; + break; + } + } + freeaddrinfo (ai); + } +#endif + if (passed) { + if (inst == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + strlwr(inst); + ret = krb5_make_principal(context, &pr, realm, name, inst, + NULL); + free (inst); + if(ret == 0) { + if(func == NULL || (*func)(context, funcctx, pr)){ + *princ = pr; + return 0; + } + krb5_free_principal(context, pr); + } + } + } + if(func != NULL) { + snprintf(host, sizeof(host), "%s.%s", instance, realm); + strlwr(host); + ret = krb5_make_principal(context, &pr, realm, name, host, NULL); + if((*func)(context, funcctx, pr)){ + *princ = pr; + return 0; + } + krb5_free_principal(context, pr); + } + + /* + * if the instance is the first component of the local hostname, + * the converted host should be the long hostname. + */ + + if (func == NULL && + gethostname (local_hostname, sizeof(local_hostname)) == 0 && + strncmp(instance, local_hostname, strlen(instance)) == 0 && + local_hostname[strlen(instance)] == '.') { + strlcpy(host, local_hostname, sizeof(host)); + goto local_host; + } + + { + char **domains, **d; + domains = krb5_config_get_strings(context, NULL, "realms", realm, + "v4_domains", NULL); + for(d = domains; d && *d; d++){ + snprintf(host, sizeof(host), "%s.%s", instance, *d); + ret = krb5_make_principal(context, &pr, realm, name, host, NULL); + if(func == NULL || (*func)(context, funcctx, pr)){ + *princ = pr; + krb5_config_free_strings(domains); + return 0; + } + krb5_free_principal(context, pr); + } + krb5_config_free_strings(domains); + } + + + p = krb5_config_get_string(context, NULL, "realms", realm, + "default_domain", NULL); + if(p == NULL){ + /* this should be an error, just faking a name is not good */ + krb5_clear_error_string (context); + return HEIM_ERR_V4_PRINC_NO_CONV; + } + + if (*p == '.') + ++p; + snprintf(host, sizeof(host), "%s.%s", instance, p); +local_host: + ret = krb5_make_principal(context, &pr, realm, name, host, NULL); + if(func == NULL || (*func)(context, funcctx, pr)){ + *princ = pr; + return 0; + } + krb5_free_principal(context, pr); + krb5_clear_error_string (context); + return HEIM_ERR_V4_PRINC_NO_CONV; +no_host: + p = krb5_config_get_string(context, NULL, + "realms", + realm, + "v4_name_convert", + "plain", + name, + NULL); + if(p == NULL) + p = krb5_config_get_string(context, NULL, + "libdefaults", + "v4_name_convert", + "plain", + name, + NULL); + if(p) + name = p; + + ret = krb5_make_principal(context, &pr, realm, name, instance, NULL); + if(func == NULL || (*func)(context, funcctx, pr)){ + *princ = pr; + return 0; + } + krb5_free_principal(context, pr); + krb5_clear_error_string (context); + return HEIM_ERR_V4_PRINC_NO_CONV; +} + +static krb5_boolean +convert_func(krb5_context conxtext, void *funcctx, krb5_principal principal) +{ + krb5_boolean (*func)(krb5_context, krb5_principal) = funcctx; + return (*func)(conxtext, principal); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_425_conv_principal_ext(krb5_context context, + const char *name, + const char *instance, + const char *realm, + krb5_boolean (*func)(krb5_context, krb5_principal), + krb5_boolean resolve, + krb5_principal *principal) +{ + return krb5_425_conv_principal_ext2(context, + name, + instance, + realm, + func ? convert_func : NULL, + func, + resolve, + principal); +} + + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_425_conv_principal(krb5_context context, + const char *name, + const char *instance, + const char *realm, + krb5_principal *princ) +{ + krb5_boolean resolve = krb5_config_get_bool(context, + NULL, + "libdefaults", + "v4_instance_resolve", + NULL); + + return krb5_425_conv_principal_ext(context, name, instance, realm, + NULL, resolve, princ); +} + + +static int +check_list(const krb5_config_binding *l, const char *name, const char **out) +{ + while(l){ + if (l->type != krb5_config_string) + continue; + if(strcmp(name, l->u.string) == 0) { + *out = l->name; + return 1; + } + l = l->next; + } + return 0; +} + +static int +name_convert(krb5_context context, const char *name, const char *realm, + const char **out) +{ + const krb5_config_binding *l; + l = krb5_config_get_list (context, + NULL, + "realms", + realm, + "v4_name_convert", + "host", + NULL); + if(l && check_list(l, name, out)) + return KRB5_NT_SRV_HST; + l = krb5_config_get_list (context, + NULL, + "libdefaults", + "v4_name_convert", + "host", + NULL); + if(l && check_list(l, name, out)) + return KRB5_NT_SRV_HST; + l = krb5_config_get_list (context, + NULL, + "realms", + realm, + "v4_name_convert", + "plain", + NULL); + if(l && check_list(l, name, out)) + return KRB5_NT_UNKNOWN; + l = krb5_config_get_list (context, + NULL, + "libdefaults", + "v4_name_convert", + "host", + NULL); + if(l && check_list(l, name, out)) + return KRB5_NT_UNKNOWN; + + /* didn't find it in config file, try built-in list */ + { + struct v4_name_convert *q; + for(q = default_v4_name_convert; q->from; q++) { + if(strcmp(name, q->to) == 0) { + *out = q->from; + return KRB5_NT_SRV_HST; + } + } + } + return -1; +} + +/* + * convert the v5 principal in `principal' into a v4 corresponding one + * in `name, instance, realm' + * this is limited interface since there's no length given for these + * three parameters. They have to be 40 bytes each (ANAME_SZ). + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_524_conv_principal(krb5_context context, + const krb5_principal principal, + char *name, + char *instance, + char *realm) +{ + const char *n, *i, *r; + char tmpinst[40]; + int type = princ_type(principal); + const int aname_sz = 40; + + r = principal->realm; + + switch(principal->name.name_string.len){ + case 1: + n = principal->name.name_string.val[0]; + i = ""; + break; + case 2: + n = principal->name.name_string.val[0]; + i = principal->name.name_string.val[1]; + break; + default: + krb5_set_error_string (context, + "cannot convert a %d component principal", + principal->name.name_string.len); + return KRB5_PARSE_MALFORMED; + } + + { + const char *tmp; + int t = name_convert(context, n, r, &tmp); + if(t >= 0) { + type = t; + n = tmp; + } + } + + if(type == KRB5_NT_SRV_HST){ + char *p; + + strlcpy (tmpinst, i, sizeof(tmpinst)); + p = strchr(tmpinst, '.'); + if(p) + *p = 0; + i = tmpinst; + } + + if (strlcpy (name, n, aname_sz) >= aname_sz) { + krb5_set_error_string (context, + "too long name component to convert"); + return KRB5_PARSE_MALFORMED; + } + if (strlcpy (instance, i, aname_sz) >= aname_sz) { + krb5_set_error_string (context, + "too long instance component to convert"); + return KRB5_PARSE_MALFORMED; + } + if (strlcpy (realm, r, aname_sz) >= aname_sz) { + krb5_set_error_string (context, + "too long realm component to convert"); + return KRB5_PARSE_MALFORMED; + } + return 0; +} + +/* + * Create a principal in `ret_princ' for the service `sname' running + * on host `hostname'. */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_sname_to_principal (krb5_context context, + const char *hostname, + const char *sname, + int32_t type, + krb5_principal *ret_princ) +{ + krb5_error_code ret; + char localhost[MAXHOSTNAMELEN]; + char **realms, *host = NULL; + + if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) { + krb5_set_error_string (context, "unsupported name type %d", + type); + return KRB5_SNAME_UNSUPP_NAMETYPE; + } + if(hostname == NULL) { + gethostname(localhost, sizeof(localhost)); + hostname = localhost; + } + if(sname == NULL) + sname = "host"; + if(type == KRB5_NT_SRV_HST) { + ret = krb5_expand_hostname_realms (context, hostname, + &host, &realms); + if (ret) + return ret; + strlwr(host); + hostname = host; + } else { + ret = krb5_get_host_realm(context, hostname, &realms); + if(ret) + return ret; + } + + ret = krb5_make_principal(context, ret_princ, realms[0], sname, + hostname, NULL); + if(host) + free(host); + krb5_free_host_realm(context, realms); + return ret; +} diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c new file mode 100644 index 0000000000..9129eceeff --- /dev/null +++ b/source4/heimdal/lib/krb5/rd_cred.c @@ -0,0 +1,299 @@ +/* + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: rd_cred.c,v 1.23 2005/06/17 04:31:48 lha Exp $"); + +static krb5_error_code +compare_addrs(krb5_context context, + krb5_address *a, + krb5_address *b, + const char *message) +{ + char a_str[64], b_str[64]; + size_t len; + + if(krb5_address_compare (context, a, b)) + return 0; + + krb5_print_address (a, a_str, sizeof(a_str), &len); + krb5_print_address (b, b_str, sizeof(b_str), &len); + krb5_set_error_string(context, "%s: %s != %s", message, b_str, a_str); + return KRB5KRB_AP_ERR_BADADDR; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_cred(krb5_context context, + krb5_auth_context auth_context, + krb5_data *in_data, + krb5_creds ***ret_creds, + krb5_replay_data *outdata) +{ + krb5_error_code ret; + size_t len; + KRB_CRED cred; + EncKrbCredPart enc_krb_cred_part; + krb5_data enc_krb_cred_part_data; + krb5_crypto crypto; + int i; + + if ((auth_context->flags & + (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && + outdata == NULL) + return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ + + *ret_creds = NULL; + + ret = decode_KRB_CRED(in_data->data, in_data->length, + &cred, &len); + if(ret) + return ret; + + if (cred.pvno != 5) { + ret = KRB5KRB_AP_ERR_BADVERSION; + krb5_clear_error_string (context); + goto out; + } + + if (cred.msg_type != krb_cred) { + ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_clear_error_string (context); + goto out; + } + + if (cred.enc_part.etype == ETYPE_NULL) { + /* DK: MIT GSS-API Compatibility */ + enc_krb_cred_part_data.length = cred.enc_part.cipher.length; + enc_krb_cred_part_data.data = cred.enc_part.cipher.data; + } else { + if (auth_context->remote_subkey) + ret = krb5_crypto_init(context, auth_context->remote_subkey, + 0, &crypto); + else + ret = krb5_crypto_init(context, auth_context->keyblock, + 0, &crypto); + /* DK: MIT rsh */ + + if (ret) + goto out; + + ret = krb5_decrypt_EncryptedData(context, + crypto, + KRB5_KU_KRB_CRED, + &cred.enc_part, + &enc_krb_cred_part_data); + + krb5_crypto_destroy(context, crypto); + if (ret) + goto out; + } + + ret = krb5_decode_EncKrbCredPart (context, + enc_krb_cred_part_data.data, + enc_krb_cred_part_data.length, + &enc_krb_cred_part, + &len); + if (ret) + goto out; + + /* check sender address */ + + if (enc_krb_cred_part.s_address + && auth_context->remote_address + && auth_context->remote_port) { + krb5_address *a; + + ret = krb5_make_addrport (context, &a, + auth_context->remote_address, + auth_context->remote_port); + if (ret) + goto out; + + + ret = compare_addrs(context, a, enc_krb_cred_part.s_address, + "sender address is wrong in received creds"); + krb5_free_address(context, a); + free(a); + if(ret) + goto out; + } + + /* check receiver address */ + + if (enc_krb_cred_part.r_address + && auth_context->local_address) { + if(auth_context->local_port && + enc_krb_cred_part.r_address->addr_type == KRB5_ADDRESS_ADDRPORT) { + krb5_address *a; + ret = krb5_make_addrport (context, &a, + auth_context->local_address, + auth_context->local_port); + if (ret) + goto out; + + ret = compare_addrs(context, a, enc_krb_cred_part.r_address, + "receiver address is wrong in received creds"); + krb5_free_address(context, a); + free(a); + if(ret) + goto out; + } else { + ret = compare_addrs(context, auth_context->local_address, + enc_krb_cred_part.r_address, + "receiver address is wrong in received creds"); + if(ret) + goto out; + } + } + + /* check timestamp */ + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { + krb5_timestamp sec; + + krb5_timeofday (context, &sec); + + if (enc_krb_cred_part.timestamp == NULL || + enc_krb_cred_part.usec == NULL || + abs(*enc_krb_cred_part.timestamp - sec) + > context->max_skew) { + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_SKEW; + goto out; + } + } + + if ((auth_context->flags & + (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) { + /* if these fields are not present in the cred-part, silently + return zero */ + memset(outdata, 0, sizeof(*outdata)); + if(enc_krb_cred_part.timestamp) + outdata->timestamp = *enc_krb_cred_part.timestamp; + if(enc_krb_cred_part.usec) + outdata->usec = *enc_krb_cred_part.usec; + if(enc_krb_cred_part.nonce) + outdata->seq = *enc_krb_cred_part.nonce; + } + + /* Convert to NULL terminated list of creds */ + + *ret_creds = calloc(enc_krb_cred_part.ticket_info.len + 1, + sizeof(**ret_creds)); + + if (*ret_creds == NULL) { + ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); + goto out; + } + + for (i = 0; i < enc_krb_cred_part.ticket_info.len; ++i) { + KrbCredInfo *kci = &enc_krb_cred_part.ticket_info.val[i]; + krb5_creds *creds; + + creds = calloc(1, sizeof(*creds)); + if(creds == NULL) { + ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); + goto out; + } + + ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, + &cred.tickets.val[i], &len, ret); + if (ret) + goto out; + if(creds->ticket.length != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + copy_EncryptionKey (&kci->key, &creds->session); + if (kci->prealm && kci->pname) + _krb5_principalname2krb5_principal (&creds->client, + *kci->pname, + *kci->prealm); + if (kci->flags) + creds->flags.b = *kci->flags; + if (kci->authtime) + creds->times.authtime = *kci->authtime; + if (kci->starttime) + creds->times.starttime = *kci->starttime; + if (kci->endtime) + creds->times.endtime = *kci->endtime; + if (kci->renew_till) + creds->times.renew_till = *kci->renew_till; + if (kci->srealm && kci->sname) + _krb5_principalname2krb5_principal (&creds->server, + *kci->sname, + *kci->srealm); + if (kci->caddr) + krb5_copy_addresses (context, + kci->caddr, + &creds->addresses); + + (*ret_creds)[i] = creds; + + } + (*ret_creds)[i] = NULL; + return 0; + + out: + free_KRB_CRED (&cred); + if(*ret_creds) { + for(i = 0; (*ret_creds)[i]; i++) + krb5_free_creds(context, (*ret_creds)[i]); + free(*ret_creds); + } + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_cred2 (krb5_context context, + krb5_auth_context auth_context, + krb5_ccache ccache, + krb5_data *in_data) +{ + krb5_error_code ret; + krb5_creds **creds; + int i; + + ret = krb5_rd_cred(context, auth_context, in_data, &creds, NULL); + if(ret) + return ret; + + /* Store the creds in the ccache */ + + for(i = 0; creds && creds[i]; i++) { + krb5_cc_store_cred(context, ccache, creds[i]); + krb5_free_creds(context, creds[i]); + } + free(creds); + return 0; +} diff --git a/source4/heimdal/lib/krb5/rd_error.c b/source4/heimdal/lib/krb5/rd_error.c new file mode 100644 index 0000000000..93e70c48bd --- /dev/null +++ b/source4/heimdal/lib/krb5/rd_error.c @@ -0,0 +1,121 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: rd_error.c,v 1.8 2005/05/18 04:21:57 lha Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_error(krb5_context context, + krb5_data *msg, + KRB_ERROR *result) +{ + + size_t len; + krb5_error_code ret; + + ret = decode_KRB_ERROR(msg->data, msg->length, result, &len); + if(ret) + return ret; + result->error_code += KRB5KDC_ERR_NONE; + return 0; +} + +void KRB5_LIB_FUNCTION +krb5_free_error_contents (krb5_context context, + krb5_error *error) +{ + free_KRB_ERROR(error); + memset(error, 0, sizeof(*error)); +} + +void KRB5_LIB_FUNCTION +krb5_free_error (krb5_context context, + krb5_error *error) +{ + krb5_free_error_contents (context, error); + free (error); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_error_from_rd_error(krb5_context context, + const krb5_error *error, + const krb5_creds *creds) +{ + krb5_error_code ret; + + ret = error->error_code; + if (error->e_text != NULL) { + krb5_set_error_string(context, "%s", *error->e_text); + } else { + char clientname[256], servername[256]; + + if (creds != NULL) { + krb5_unparse_name_fixed(context, creds->client, + clientname, sizeof(clientname)); + krb5_unparse_name_fixed(context, creds->server, + servername, sizeof(servername)); + } + + switch (ret) { + case KRB5KDC_ERR_NAME_EXP : + krb5_set_error_string(context, "Client %s%s%s expired", + creds ? "(" : "", + creds ? clientname : "", + creds ? ")" : ""); + break; + case KRB5KDC_ERR_SERVICE_EXP : + krb5_set_error_string(context, "Server %s%s%s expired", + creds ? "(" : "", + creds ? servername : "", + creds ? ")" : ""); + break; + case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN : + krb5_set_error_string(context, "Client %s%s%s unknown", + creds ? "(" : "", + creds ? clientname : "", + creds ? ")" : ""); + break; + case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN : + krb5_set_error_string(context, "Server %s%s%s unknown", + creds ? "(" : "", + creds ? servername : "", + creds ? ")" : ""); + break; + default : + krb5_clear_error_string(context); + break; + } + } + return ret; +} diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c new file mode 100644 index 0000000000..bafd23e995 --- /dev/null +++ b/source4/heimdal/lib/krb5/rd_priv.c @@ -0,0 +1,176 @@ +/* + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: rd_priv.c,v 1.31 2004/05/25 21:39:13 lha Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_priv(krb5_context context, + krb5_auth_context auth_context, + const krb5_data *inbuf, + krb5_data *outbuf, + krb5_replay_data *outdata) +{ + krb5_error_code ret; + KRB_PRIV priv; + EncKrbPrivPart part; + size_t len; + krb5_data plain; + krb5_keyblock *key; + krb5_crypto crypto; + + if ((auth_context->flags & + (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && + outdata == NULL) + return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ + + memset(&priv, 0, sizeof(priv)); + ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len); + if (ret) + goto failure; + if (priv.pvno != 5) { + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_BADVERSION; + goto failure; + } + if (priv.msg_type != krb_priv) { + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_MSG_TYPE; + goto failure; + } + + if (auth_context->remote_subkey) + key = auth_context->remote_subkey; + else if (auth_context->local_subkey) + key = auth_context->local_subkey; + else + key = auth_context->keyblock; + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + goto failure; + ret = krb5_decrypt_EncryptedData(context, + crypto, + KRB5_KU_KRB_PRIV, + &priv.enc_part, + &plain); + krb5_crypto_destroy(context, crypto); + if (ret) + goto failure; + + ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len); + krb5_data_free (&plain); + if (ret) + goto failure; + + /* check sender address */ + + if (part.s_address + && auth_context->remote_address + && !krb5_address_compare (context, + auth_context->remote_address, + part.s_address)) { + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_BADADDR; + goto failure_part; + } + + /* check receiver address */ + + if (part.r_address + && auth_context->local_address + && !krb5_address_compare (context, + auth_context->local_address, + part.r_address)) { + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_BADADDR; + goto failure_part; + } + + /* check timestamp */ + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { + krb5_timestamp sec; + + krb5_timeofday (context, &sec); + if (part.timestamp == NULL || + part.usec == NULL || + abs(*part.timestamp - sec) > context->max_skew) { + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_SKEW; + goto failure_part; + } + } + + /* XXX - check replay cache */ + + /* check sequence number. since MIT krb5 cannot generate a sequence + number of zero but instead generates no sequence number, we accept that + */ + + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { + if ((part.seq_number == NULL + && auth_context->remote_seqnumber != 0) + || (part.seq_number != NULL + && *part.seq_number != auth_context->remote_seqnumber)) { + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_BADORDER; + goto failure_part; + } + auth_context->remote_seqnumber++; + } + + ret = krb5_data_copy (outbuf, part.user_data.data, part.user_data.length); + if (ret) + goto failure_part; + + if ((auth_context->flags & + (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) { + /* if these fields are not present in the priv-part, silently + return zero */ + memset(outdata, 0, sizeof(*outdata)); + if(part.timestamp) + outdata->timestamp = *part.timestamp; + if(part.usec) + outdata->usec = *part.usec; + if(part.seq_number) + outdata->seq = *part.seq_number; + } + + failure_part: + free_EncKrbPrivPart (&part); + + failure: + free_KRB_PRIV (&priv); + return ret; +} diff --git a/source4/heimdal/lib/krb5/rd_rep.c b/source4/heimdal/lib/krb5/rd_rep.c new file mode 100644 index 0000000000..a92eea5c04 --- /dev/null +++ b/source4/heimdal/lib/krb5/rd_rep.c @@ -0,0 +1,133 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: rd_rep.c,v 1.25 2005/06/17 07:49:33 lha Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_rd_rep_type(krb5_context context, + krb5_auth_context auth_context, + const krb5_data *inbuf, + krb5_ap_rep_enc_part **repl, + krb5_boolean dce_style_response) +{ + krb5_error_code ret; + AP_REP ap_rep; + size_t len; + krb5_data data; + krb5_crypto crypto; + + krb5_data_zero (&data); + ret = 0; + + ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len); + if (ret) + return ret; + if (ap_rep.pvno != 5) { + ret = KRB5KRB_AP_ERR_BADVERSION; + krb5_clear_error_string (context); + goto out; + } + if (ap_rep.msg_type != krb_ap_rep) { + ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_clear_error_string (context); + goto out; + } + + ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); + if (ret) + goto out; + ret = krb5_decrypt_EncryptedData (context, + crypto, + KRB5_KU_AP_REQ_ENC_PART, + &ap_rep.enc_part, + &data); + krb5_crypto_destroy(context, crypto); + if (ret) + goto out; + + *repl = malloc(sizeof(**repl)); + if (*repl == NULL) { + ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); + goto out; + } + ret = krb5_decode_EncAPRepPart(context, + data.data, + data.length, + *repl, + &len); + if (ret) + return ret; + + if (!dce_style_response) { + if ((*repl)->ctime != auth_context->authenticator->ctime || + (*repl)->cusec != auth_context->authenticator->cusec) { + ret = KRB5KRB_AP_ERR_MUT_FAIL; + krb5_set_error_string (context, "Mutual authentication failed: Timestamps mismatch"); + goto out; + } + } + if ((*repl)->seq_number) + krb5_auth_con_setremoteseqnumber(context, auth_context, + *((*repl)->seq_number)); + if ((*repl)->subkey) + krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey); + +out: + krb5_data_free (&data); + free_AP_REP (&ap_rep); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_rep(krb5_context context, + krb5_auth_context auth_context, + const krb5_data *inbuf, + krb5_ap_rep_enc_part **repl) +{ + return _krb5_rd_rep_type(context, + auth_context, + inbuf, + repl, + FALSE); +} + +void KRB5_LIB_FUNCTION +krb5_free_ap_rep_enc_part (krb5_context context, + krb5_ap_rep_enc_part *val) +{ + free_EncAPRepPart (val); + free (val); +} diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c new file mode 100644 index 0000000000..30ad08bd82 --- /dev/null +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -0,0 +1,649 @@ +/* + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: rd_req.c,v 1.57 2005/01/08 20:41:17 lha Exp $"); + +static krb5_error_code +decrypt_tkt_enc_part (krb5_context context, + krb5_keyblock *key, + EncryptedData *enc_part, + EncTicketPart *decr_part) +{ + krb5_error_code ret; + krb5_data plain; + size_t len; + krb5_crypto crypto; + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; + ret = krb5_decrypt_EncryptedData (context, + crypto, + KRB5_KU_TICKET, + enc_part, + &plain); + krb5_crypto_destroy(context, crypto); + if (ret) + return ret; + + ret = krb5_decode_EncTicketPart(context, plain.data, plain.length, + decr_part, &len); + krb5_data_free (&plain); + return ret; +} + +static krb5_error_code +decrypt_authenticator (krb5_context context, + EncryptionKey *key, + EncryptedData *enc_part, + Authenticator *authenticator, + krb5_key_usage usage) +{ + krb5_error_code ret; + krb5_data plain; + size_t len; + krb5_crypto crypto; + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; + ret = krb5_decrypt_EncryptedData (context, + crypto, + usage /* KRB5_KU_AP_REQ_AUTH */, + enc_part, + &plain); + /* for backwards compatibility, also try the old usage */ + if (ret && usage == KRB5_KU_TGS_REQ_AUTH) + ret = krb5_decrypt_EncryptedData (context, + crypto, + KRB5_KU_AP_REQ_AUTH, + enc_part, + &plain); + krb5_crypto_destroy(context, crypto); + if (ret) + return ret; + + ret = krb5_decode_Authenticator(context, plain.data, plain.length, + authenticator, &len); + krb5_data_free (&plain); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decode_ap_req(krb5_context context, + const krb5_data *inbuf, + krb5_ap_req *ap_req) +{ + krb5_error_code ret; + size_t len; + ret = decode_AP_REQ(inbuf->data, inbuf->length, ap_req, &len); + if (ret) + return ret; + if (ap_req->pvno != 5){ + free_AP_REQ(ap_req); + krb5_clear_error_string (context); + return KRB5KRB_AP_ERR_BADVERSION; + } + if (ap_req->msg_type != krb_ap_req){ + free_AP_REQ(ap_req); + krb5_clear_error_string (context); + return KRB5KRB_AP_ERR_MSG_TYPE; + } + if (ap_req->ticket.tkt_vno != 5){ + free_AP_REQ(ap_req); + krb5_clear_error_string (context); + return KRB5KRB_AP_ERR_BADVERSION; + } + return 0; +} + +static krb5_error_code +check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc) +{ + char **realms; + int num_realms; + krb5_error_code ret; + + if(enc->transited.tr_type != DOMAIN_X500_COMPRESS) + return KRB5KDC_ERR_TRTYPE_NOSUPP; + + if(enc->transited.contents.length == 0) + return 0; + + ret = krb5_domain_x500_decode(context, enc->transited.contents, + &realms, &num_realms, + enc->crealm, + ticket->realm); + if(ret) + return ret; + ret = krb5_check_transited(context, enc->crealm, + ticket->realm, + realms, num_realms, NULL); + free(realms); + return ret; +} + +static krb5_error_code +find_etypelist(krb5_context context, + krb5_auth_context auth_context, + EtypeList *etypes) +{ + krb5_error_code ret; + krb5_authdata *ad; + krb5_authdata adIfRelevant; + unsigned i; + + adIfRelevant.len = 0; + + etypes->len = 0; + etypes->val = NULL; + + ad = auth_context->authenticator->authorization_data; + if (ad == NULL) + return 0; + + for (i = 0; i < ad->len; i++) { + if (ad->val[i].ad_type == KRB5_AUTHDATA_IF_RELEVANT) { + ret = decode_AD_IF_RELEVANT(ad->val[i].ad_data.data, + ad->val[i].ad_data.length, + &adIfRelevant, + NULL); + if (ret) + return ret; + + if (adIfRelevant.len == 1 && + adIfRelevant.val[0].ad_type == + KRB5_AUTHDATA_GSS_API_ETYPE_NEGOTIATION) { + break; + } + free_AD_IF_RELEVANT(&adIfRelevant); + adIfRelevant.len = 0; + } + } + + if (adIfRelevant.len == 0) + return 0; + + ret = decode_EtypeList(adIfRelevant.val[0].ad_data.data, + adIfRelevant.val[0].ad_data.length, + etypes, + NULL); + + free_AD_IF_RELEVANT(&adIfRelevant); + + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decrypt_ticket(krb5_context context, + Ticket *ticket, + krb5_keyblock *key, + EncTicketPart *out, + krb5_flags flags) +{ + EncTicketPart t; + krb5_error_code ret; + ret = decrypt_tkt_enc_part (context, key, &ticket->enc_part, &t); + if (ret) + return ret; + + { + krb5_timestamp now; + time_t start = t.authtime; + + krb5_timeofday (context, &now); + if(t.starttime) + start = *t.starttime; + if(start - now > context->max_skew + || (t.flags.invalid + && !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) { + free_EncTicketPart(&t); + krb5_clear_error_string (context); + return KRB5KRB_AP_ERR_TKT_NYV; + } + if(now - t.endtime > context->max_skew) { + free_EncTicketPart(&t); + krb5_clear_error_string (context); + return KRB5KRB_AP_ERR_TKT_EXPIRED; + } + + if(!t.flags.transited_policy_checked) { + ret = check_transited(context, ticket, &t); + if(ret) { + free_EncTicketPart(&t); + return ret; + } + } + } + + if(out) + *out = t; + else + free_EncTicketPart(&t); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_verify_authenticator_checksum(krb5_context context, + krb5_auth_context ac, + void *data, + size_t len) +{ + krb5_error_code ret; + krb5_keyblock *key; + krb5_authenticator authenticator; + krb5_crypto crypto; + + ret = krb5_auth_con_getauthenticator (context, + ac, + &authenticator); + if(ret) + return ret; + if(authenticator->cksum == NULL) + return -17; + ret = krb5_auth_con_getkey(context, ac, &key); + if(ret) { + krb5_free_authenticator(context, &authenticator); + return ret; + } + ret = krb5_crypto_init(context, key, 0, &crypto); + if(ret) + goto out; + ret = krb5_verify_checksum (context, + crypto, + KRB5_KU_AP_REQ_AUTH_CKSUM, + data, + len, + authenticator->cksum); + krb5_crypto_destroy(context, crypto); +out: + krb5_free_authenticator(context, &authenticator); + krb5_free_keyblock(context, key); + return ret; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_verify_ap_req(krb5_context context, + krb5_auth_context *auth_context, + krb5_ap_req *ap_req, + krb5_const_principal server, + krb5_keyblock *keyblock, + krb5_flags flags, + krb5_flags *ap_req_options, + krb5_ticket **ticket) +{ + return krb5_verify_ap_req2 (context, + auth_context, + ap_req, + server, + keyblock, + flags, + ap_req_options, + ticket, + KRB5_KU_AP_REQ_AUTH); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_verify_ap_req2(krb5_context context, + krb5_auth_context *auth_context, + krb5_ap_req *ap_req, + krb5_const_principal server, + krb5_keyblock *keyblock, + krb5_flags flags, + krb5_flags *ap_req_options, + krb5_ticket **ticket, + krb5_key_usage usage) +{ + krb5_ticket *t; + krb5_auth_context ac; + krb5_error_code ret; + EtypeList etypes; + + if (auth_context && *auth_context) { + ac = *auth_context; + } else { + ret = krb5_auth_con_init (context, &ac); + if (ret) + return ret; + } + + t = malloc(sizeof(*t)); + if (t == NULL) { + ret = ENOMEM; + krb5_clear_error_string (context); + goto out; + } + memset(t, 0, sizeof(*t)); + + if (ap_req->ap_options.use_session_key && ac->keyblock){ + ret = krb5_decrypt_ticket(context, &ap_req->ticket, + ac->keyblock, + &t->ticket, + flags); + krb5_free_keyblock(context, ac->keyblock); + ac->keyblock = NULL; + }else + ret = krb5_decrypt_ticket(context, &ap_req->ticket, + keyblock, + &t->ticket, + flags); + + if(ret) + goto out; + + _krb5_principalname2krb5_principal(&t->server, ap_req->ticket.sname, + ap_req->ticket.realm); + _krb5_principalname2krb5_principal(&t->client, t->ticket.cname, + t->ticket.crealm); + + /* save key */ + + krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock); + + ret = decrypt_authenticator (context, + &t->ticket.key, + &ap_req->authenticator, + ac->authenticator, + usage); + if (ret) + goto out; + + { + krb5_principal p1, p2; + krb5_boolean res; + + _krb5_principalname2krb5_principal(&p1, + ac->authenticator->cname, + ac->authenticator->crealm); + _krb5_principalname2krb5_principal(&p2, + t->ticket.cname, + t->ticket.crealm); + res = krb5_principal_compare (context, p1, p2); + krb5_free_principal (context, p1); + krb5_free_principal (context, p2); + if (!res) { + ret = KRB5KRB_AP_ERR_BADMATCH; + krb5_clear_error_string (context); + goto out; + } + } + + /* check addresses */ + + if (t->ticket.caddr + && ac->remote_address + && !krb5_address_search (context, + ac->remote_address, + t->ticket.caddr)) { + ret = KRB5KRB_AP_ERR_BADADDR; + krb5_clear_error_string (context); + goto out; + } + + if (ac->authenticator->seq_number) + krb5_auth_con_setremoteseqnumber(context, ac, + *ac->authenticator->seq_number); + + /* XXX - Xor sequence numbers */ + + if (ac->authenticator->subkey) { + ret = krb5_auth_con_setremotesubkey(context, ac, + ac->authenticator->subkey); + if (ret) + goto out; + } + + ret = find_etypelist(context, ac, &etypes); + if (ret) + goto out; + + ac->keytype = ETYPE_NULL; + + if (etypes.val) { + int i; + + for (i = 0; i < etypes.len; i++) { + if (krb5_enctype_valid(context, etypes.val[i]) == 0) { + ac->keytype = etypes.val[i]; + break; + } + } + } + + if (ap_req_options) { + *ap_req_options = 0; + if (ac->keytype != ETYPE_NULL) + *ap_req_options |= AP_OPTS_USE_SUBKEY; + if (ap_req->ap_options.use_session_key) + *ap_req_options |= AP_OPTS_USE_SESSION_KEY; + if (ap_req->ap_options.mutual_required) + *ap_req_options |= AP_OPTS_MUTUAL_REQUIRED; + } + + if(ticket) + *ticket = t; + else + krb5_free_ticket (context, t); + if (auth_context) { + if (*auth_context == NULL) + *auth_context = ac; + } else + krb5_auth_con_free (context, ac); + free_EtypeList(&etypes); + return 0; + out: + if (t) + krb5_free_ticket (context, t); + if (auth_context == NULL || *auth_context == NULL) + krb5_auth_con_free (context, ac); + return ret; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_with_keyblock(krb5_context context, + krb5_auth_context *auth_context, + const krb5_data *inbuf, + krb5_const_principal server, + krb5_keyblock *keyblock, + krb5_flags *ap_req_options, + krb5_ticket **ticket) +{ + krb5_error_code ret; + krb5_ap_req ap_req; + + if (*auth_context == NULL) { + ret = krb5_auth_con_init(context, auth_context); + if (ret) + return ret; + } + + ret = krb5_decode_ap_req(context, inbuf, &ap_req); + if(ret) + return ret; + + ret = krb5_verify_ap_req(context, + auth_context, + &ap_req, + server, + keyblock, + 0, + ap_req_options, + ticket); + + free_AP_REQ(&ap_req); + return ret; +} + +static krb5_error_code +get_key_from_keytab(krb5_context context, + krb5_auth_context *auth_context, + krb5_ap_req *ap_req, + krb5_const_principal server, + krb5_keytab keytab, + krb5_keyblock **out_key) +{ + krb5_keytab_entry entry; + krb5_error_code ret; + int kvno; + krb5_keytab real_keytab; + + if(keytab == NULL) + krb5_kt_default(context, &real_keytab); + else + real_keytab = keytab; + + if (ap_req->ticket.enc_part.kvno) + kvno = *ap_req->ticket.enc_part.kvno; + else + kvno = 0; + + ret = krb5_kt_get_entry (context, + real_keytab, + server, + kvno, + ap_req->ticket.enc_part.etype, + &entry); + if(ret) + goto out; + ret = krb5_copy_keyblock(context, &entry.keyblock, out_key); + krb5_kt_free_entry (context, &entry); +out: + if(keytab == NULL) + krb5_kt_close(context, real_keytab); + + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_return_keyblock(krb5_context context, + krb5_auth_context *auth_context, + const krb5_data *inbuf, + krb5_const_principal server, + krb5_keytab keytab, + krb5_flags *ap_req_options, + krb5_ticket **ticket, + krb5_keyblock **keyblock) +{ + krb5_error_code ret; + krb5_ap_req ap_req; + krb5_principal service = NULL; + + if (*auth_context == NULL) { + ret = krb5_auth_con_init(context, auth_context); + if (ret) + return ret; + } + + ret = krb5_decode_ap_req(context, inbuf, &ap_req); + if(ret) + return ret; + + if(server == NULL){ + _krb5_principalname2krb5_principal(&service, + ap_req.ticket.sname, + ap_req.ticket.realm); + server = service; + } + if (ap_req.ap_options.use_session_key && + (*auth_context)->keyblock == NULL) { + krb5_set_error_string(context, "krb5_rd_req: user to user auth " + "without session key given"); + ret = KRB5KRB_AP_ERR_NOKEY; + goto out; + } + + if((*auth_context)->keyblock == NULL){ + ret = get_key_from_keytab(context, + auth_context, + &ap_req, + server, + keytab, + keyblock); + if(ret) + goto out; + } else { + ret = krb5_copy_keyblock(context, + (*auth_context)->keyblock, + keyblock); + if (ret) + goto out; + } + + ret = krb5_verify_ap_req(context, + auth_context, + &ap_req, + server, + *keyblock, + 0, + ap_req_options, + ticket); + +out: + free_AP_REQ(&ap_req); + if(service) + krb5_free_principal(context, service); + if (ret) + krb5_free_keyblock(context, *keyblock); + + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req(krb5_context context, + krb5_auth_context *auth_context, + const krb5_data *inbuf, + krb5_const_principal server, + krb5_keytab keytab, + krb5_flags *ap_req_options, + krb5_ticket **ticket) +{ + krb5_error_code ret; + krb5_keyblock *keyblock; + + ret = krb5_rd_req_return_keyblock(context, + auth_context, + inbuf, + server, + keytab, + ap_req_options, + ticket, + &keyblock); + + krb5_free_keyblock(context, keyblock); + return ret; +} + diff --git a/source4/heimdal/lib/krb5/replay.c b/source4/heimdal/lib/krb5/replay.c new file mode 100644 index 0000000000..ec99f86c7c --- /dev/null +++ b/source4/heimdal/lib/krb5/replay.c @@ -0,0 +1,304 @@ +/* + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +#include + +RCSID("$Id: replay.c,v 1.10 2004/05/25 21:41:15 lha Exp $"); + +struct krb5_rcache_data { + char *name; +}; + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_resolve(krb5_context context, + krb5_rcache id, + const char *name) +{ + id->name = strdup(name); + if(id->name == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return KRB5_RC_MALLOC; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_resolve_type(krb5_context context, + krb5_rcache *id, + const char *type) +{ + if(strcmp(type, "FILE")) { + krb5_set_error_string (context, "replay cache type %s not supported", + type); + return KRB5_RC_TYPE_NOTFOUND; + } + *id = calloc(1, sizeof(**id)); + if(*id == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return KRB5_RC_MALLOC; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_resolve_full(krb5_context context, + krb5_rcache *id, + const char *string_name) +{ + krb5_error_code ret; + if(strncmp(string_name, "FILE:", 5)) { + krb5_set_error_string (context, "replay cache type %s not supported", + string_name); + return KRB5_RC_TYPE_NOTFOUND; + } + ret = krb5_rc_resolve_type(context, id, "FILE"); + if(ret) + return ret; + ret = krb5_rc_resolve(context, *id, string_name + 5); + return ret; +} + +const char* KRB5_LIB_FUNCTION +krb5_rc_default_name(krb5_context context) +{ + return "FILE:/var/run/default_rcache"; +} + +const char* KRB5_LIB_FUNCTION +krb5_rc_default_type(krb5_context context) +{ + return "FILE"; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_default(krb5_context context, + krb5_rcache *id) +{ + return krb5_rc_resolve_full(context, id, krb5_rc_default_name(context)); +} + +struct rc_entry{ + time_t stamp; + unsigned char data[16]; +}; + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_initialize(krb5_context context, + krb5_rcache id, + krb5_deltat auth_lifespan) +{ + FILE *f = fopen(id->name, "w"); + struct rc_entry tmp; + int ret; + + if(f == NULL) { + ret = errno; + krb5_set_error_string (context, "open(%s): %s", id->name, + strerror(ret)); + return ret; + } + tmp.stamp = auth_lifespan; + fwrite(&tmp, 1, sizeof(tmp), f); + fclose(f); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_recover(krb5_context context, + krb5_rcache id) +{ + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_destroy(krb5_context context, + krb5_rcache id) +{ + int ret; + + if(remove(id->name) < 0) { + ret = errno; + krb5_set_error_string (context, "remove(%s): %s", id->name, + strerror(ret)); + return ret; + } + return krb5_rc_close(context, id); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_close(krb5_context context, + krb5_rcache id) +{ + free(id->name); + free(id); + return 0; +} + +static void +checksum_authenticator(Authenticator *auth, void *data) +{ + MD5_CTX md5; + int i; + + MD5_Init (&md5); + MD5_Update (&md5, auth->crealm, strlen(auth->crealm)); + for(i = 0; i < auth->cname.name_string.len; i++) + MD5_Update(&md5, auth->cname.name_string.val[i], + strlen(auth->cname.name_string.val[i])); + MD5_Update (&md5, &auth->ctime, sizeof(auth->ctime)); + MD5_Update (&md5, &auth->cusec, sizeof(auth->cusec)); + MD5_Final (data, &md5); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_store(krb5_context context, + krb5_rcache id, + krb5_donot_replay *rep) +{ + struct rc_entry ent, tmp; + time_t t; + FILE *f; + int ret; + + ent.stamp = time(NULL); + checksum_authenticator(rep, ent.data); + f = fopen(id->name, "r"); + if(f == NULL) { + ret = errno; + krb5_set_error_string (context, "open(%s): %s", id->name, + strerror(ret)); + return ret; + } + fread(&tmp, sizeof(ent), 1, f); + t = ent.stamp - tmp.stamp; + while(fread(&tmp, sizeof(ent), 1, f)){ + if(tmp.stamp < t) + continue; + if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){ + fclose(f); + krb5_clear_error_string (context); + return KRB5_RC_REPLAY; + } + } + if(ferror(f)){ + ret = errno; + fclose(f); + krb5_set_error_string (context, "%s: %s", id->name, strerror(ret)); + return ret; + } + fclose(f); + f = fopen(id->name, "a"); + if(f == NULL) { + krb5_set_error_string (context, "open(%s): %s", id->name, + strerror(errno)); + return KRB5_RC_IO_UNKNOWN; + } + fwrite(&ent, 1, sizeof(ent), f); + fclose(f); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_expunge(krb5_context context, + krb5_rcache id) +{ + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rc_get_lifespan(krb5_context context, + krb5_rcache id, + krb5_deltat *auth_lifespan) +{ + FILE *f = fopen(id->name, "r"); + int r; + struct rc_entry ent; + r = fread(&ent, sizeof(ent), 1, f); + fclose(f); + if(r){ + *auth_lifespan = ent.stamp; + return 0; + } + krb5_clear_error_string (context); + return KRB5_RC_IO_UNKNOWN; +} + +const char* KRB5_LIB_FUNCTION +krb5_rc_get_name(krb5_context context, + krb5_rcache id) +{ + return id->name; +} + +const char* KRB5_LIB_FUNCTION +krb5_rc_get_type(krb5_context context, + krb5_rcache id) +{ + return "FILE"; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_server_rcache(krb5_context context, + const krb5_data *piece, + krb5_rcache *id) +{ + krb5_rcache rcache; + krb5_error_code ret; + + char *tmp = malloc(4 * piece->length + 1); + char *name; + + if(tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL); +#ifdef HAVE_GETEUID + asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid()); +#else + asprintf(&name, "FILE:rc_%s", tmp); +#endif + free(tmp); + if(name == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + + ret = krb5_rc_resolve_full(context, &rcache, name); + free(name); + if(ret) + return ret; + *id = rcache; + return ret; +} diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c new file mode 100644 index 0000000000..d55f8dc692 --- /dev/null +++ b/source4/heimdal/lib/krb5/send_to_kdc.c @@ -0,0 +1,416 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: send_to_kdc.c,v 1.56 2005/06/17 04:33:11 lha Exp $"); + +/* + * send the data in `req' on the socket `fd' (which is datagram iff udp) + * waiting `tmout' for a reply and returning the reply in `rep'. + * iff limit read up to this many bytes + * returns 0 and data in `rep' if succesful, otherwise -1 + */ + +static int +recv_loop (int fd, + time_t tmout, + int udp, + size_t limit, + krb5_data *rep) +{ + fd_set fdset; + struct timeval timeout; + int ret; + int nbytes; + + if (fd >= FD_SETSIZE) { + return -1; + } + + krb5_data_zero(rep); + do { + FD_ZERO(&fdset); + FD_SET(fd, &fdset); + timeout.tv_sec = tmout; + timeout.tv_usec = 0; + ret = select (fd + 1, &fdset, NULL, NULL, &timeout); + if (ret < 0) { + if (errno == EINTR) + continue; + return -1; + } else if (ret == 0) { + return 0; + } else { + void *tmp; + + if (ioctl (fd, FIONREAD, &nbytes) < 0) { + krb5_data_free (rep); + return -1; + } + if(nbytes == 0) + return 0; + + if (limit) + nbytes = min(nbytes, limit - rep->length); + + tmp = realloc (rep->data, rep->length + nbytes); + if (tmp == NULL) { + krb5_data_free (rep); + return -1; + } + rep->data = tmp; + ret = recv (fd, (char*)tmp + rep->length, nbytes, 0); + if (ret < 0) { + krb5_data_free (rep); + return -1; + } + rep->length += ret; + } + } while(!udp && (limit == 0 || rep->length < limit)); + return 0; +} + +/* + * Send kerberos requests and receive a reply on a udp or any other kind + * of a datagram socket. See `recv_loop'. + */ + +static int +send_and_recv_udp(int fd, + time_t tmout, + const krb5_data *req, + krb5_data *rep) +{ + if (send (fd, req->data, req->length, 0) < 0) + return -1; + + return recv_loop(fd, tmout, 1, 0, rep); +} + +/* + * `send_and_recv' for a TCP (or any other stream) socket. + * Since there are no record limits on a stream socket the protocol here + * is to prepend the request with 4 bytes of its length and the reply + * is similarly encoded. + */ + +static int +send_and_recv_tcp(int fd, + time_t tmout, + const krb5_data *req, + krb5_data *rep) +{ + unsigned char len[4]; + unsigned long rep_len; + krb5_data len_data; + + _krb5_put_int(len, req->length, 4); + if(net_write(fd, len, sizeof(len)) < 0) + return -1; + if(net_write(fd, req->data, req->length) < 0) + return -1; + if (recv_loop (fd, tmout, 0, 4, &len_data) < 0) + return -1; + if (len_data.length != 4) { + krb5_data_free (&len_data); + return -1; + } + _krb5_get_int(len_data.data, &rep_len, 4); + krb5_data_free (&len_data); + if (recv_loop (fd, tmout, 0, rep_len, rep) < 0) + return -1; + if(rep->length != rep_len) { + krb5_data_free (rep); + return -1; + } + return 0; +} + +int +_krb5_send_and_recv_tcp(int fd, + time_t tmout, + const krb5_data *req, + krb5_data *rep) +{ + return send_and_recv_tcp(fd, tmout, req, rep); +} + +/* + * `send_and_recv' tailored for the HTTP protocol. + */ + +static int +send_and_recv_http(int fd, + time_t tmout, + const char *prefix, + const krb5_data *req, + krb5_data *rep) +{ + char *request; + char *str; + int ret; + int len = base64_encode(req->data, req->length, &str); + + if(len < 0) + return -1; + asprintf(&request, "GET %s%s HTTP/1.0\r\n\r\n", prefix, str); + free(str); + if (request == NULL) + return -1; + ret = net_write (fd, request, strlen(request)); + free (request); + if (ret < 0) + return ret; + ret = recv_loop(fd, tmout, 0, 0, rep); + if(ret) + return ret; + { + unsigned long rep_len; + char *s, *p; + + s = realloc(rep->data, rep->length + 1); + if (s == NULL) { + krb5_data_free (rep); + return -1; + } + s[rep->length] = 0; + p = strstr(s, "\r\n\r\n"); + if(p == NULL) { + free(s); + return -1; + } + p += 4; + rep->data = s; + rep->length -= p - s; + if(rep->length < 4) { /* remove length */ + free(s); + return -1; + } + rep->length -= 4; + _krb5_get_int(p, &rep_len, 4); + if (rep_len != rep->length) { + free(s); + return -1; + } + memmove(rep->data, p + 4, rep->length); + } + return 0; +} + +static int +init_port(const char *s, int fallback) +{ + if (s) { + int tmp; + + sscanf (s, "%d", &tmp); + return htons(tmp); + } else + return fallback; +} + +/* + * Return 0 if succesful, otherwise 1 + */ + +static int +send_via_proxy (krb5_context context, + const krb5_krbhst_info *hi, + const krb5_data *send_data, + krb5_data *receive) +{ + char *proxy2 = strdup(context->http_proxy); + char *proxy = proxy2; + char *prefix; + char *colon; + struct addrinfo hints; + struct addrinfo *ai, *a; + int ret; + int s = -1; + char portstr[NI_MAXSERV]; + + if (proxy == NULL) + return ENOMEM; + if (strncmp (proxy, "http://", 7) == 0) + proxy += 7; + + colon = strchr(proxy, ':'); + if(colon != NULL) + *colon++ = '\0'; + memset (&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + snprintf (portstr, sizeof(portstr), "%d", + ntohs(init_port (colon, htons(80)))); + ret = getaddrinfo (proxy, portstr, &hints, &ai); + free (proxy2); + if (ret) + return krb5_eai_to_heim_errno(ret, errno); + + for (a = ai; a != NULL; a = a->ai_next) { + s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + if (s < 0) + continue; + if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { + close (s); + continue; + } + break; + } + if (a == NULL) { + freeaddrinfo (ai); + return 1; + } + freeaddrinfo (ai); + + asprintf(&prefix, "http://%s/", hi->hostname); + if(prefix == NULL) { + close(s); + return 1; + } + ret = send_and_recv_http(s, context->kdc_timeout, + prefix, send_data, receive); + close (s); + free(prefix); + if(ret == 0 && receive->length != 0) + return 0; + return 1; +} + +/* + * Send the data `send' to one host from `handle` and get back the reply + * in `receive'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_sendto (krb5_context context, + const krb5_data *send_data, + krb5_krbhst_handle handle, + krb5_data *receive) +{ + krb5_error_code ret = 0; + int fd; + int i; + + for (i = 0; i < context->max_retries; ++i) { + krb5_krbhst_info *hi; + + while (krb5_krbhst_next(context, handle, &hi) == 0) { + struct addrinfo *ai, *a; + + if(hi->proto == KRB5_KRBHST_HTTP && context->http_proxy) { + if (send_via_proxy (context, hi, send_data, receive)) + continue; + else + goto out; + } + + ret = krb5_krbhst_get_addrinfo(context, hi, &ai); + if (ret) + continue; + + for (a = ai; a != NULL; a = a->ai_next) { + fd = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + if (fd < 0) + continue; + if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) { + close (fd); + continue; + } + switch (hi->proto) { + case KRB5_KRBHST_HTTP : + ret = send_and_recv_http(fd, context->kdc_timeout, + "", send_data, receive); + break; + case KRB5_KRBHST_TCP : + ret = send_and_recv_tcp (fd, context->kdc_timeout, + send_data, receive); + break; + case KRB5_KRBHST_UDP : + ret = send_and_recv_udp (fd, context->kdc_timeout, + send_data, receive); + break; + } + close (fd); + if(ret == 0 && receive->length != 0) + goto out; + } + } + krb5_krbhst_reset(context, handle); + } + krb5_clear_error_string (context); + ret = KRB5_KDC_UNREACH; +out: + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_sendto_kdc(krb5_context context, + const krb5_data *send_data, + const krb5_realm *realm, + krb5_data *receive) +{ + return krb5_sendto_kdc_flags(context, send_data, realm, receive, 0); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_sendto_kdc_flags(krb5_context context, + const krb5_data *send_data, + const krb5_realm *realm, + krb5_data *receive, + int flags) +{ + krb5_error_code ret; + krb5_krbhst_handle handle; + int type; + + if ((flags & KRB5_KRBHST_FLAGS_MASTER) || context->use_admin_kdc) + type = KRB5_KRBHST_ADMIN; + else + type = KRB5_KRBHST_KDC; + + if (send_data->length > context->large_msg_size) + flags |= KRB5_KRBHST_FLAGS_LARGE_MSG; + + ret = krb5_krbhst_init_flags(context, *realm, type, flags, &handle); + if (ret) + return ret; + + ret = krb5_sendto(context, send_data, handle, receive); + krb5_krbhst_free(context, handle); + if (ret == KRB5_KDC_UNREACH) + krb5_set_error_string(context, + "unable to reach any KDC in realm %s", *realm); + return ret; +} diff --git a/source4/heimdal/lib/krb5/set_default_realm.c b/source4/heimdal/lib/krb5/set_default_realm.c new file mode 100644 index 0000000000..965883309c --- /dev/null +++ b/source4/heimdal/lib/krb5/set_default_realm.c @@ -0,0 +1,90 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: set_default_realm.c,v 1.14 2004/05/25 21:42:26 lha Exp $"); + +/* + * Convert the simple string `s' into a NULL-terminated and freshly allocated + * list in `list'. Return an error code. + */ + +static krb5_error_code +string_to_list (krb5_context context, const char *s, krb5_realm **list) +{ + + *list = malloc (2 * sizeof(**list)); + if (*list == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + (*list)[0] = strdup (s); + if ((*list)[0] == NULL) { + free (*list); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + (*list)[1] = NULL; + return 0; +} + +/* + * Set the knowledge of the default realm(s) in `context'. + * If realm != NULL, that's the new default realm. + * Otherwise, the realm(s) are figured out from configuration or DNS. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_default_realm(krb5_context context, + const char *realm) +{ + krb5_error_code ret = 0; + krb5_realm *realms = NULL; + + if (realm == NULL) { + realms = krb5_config_get_strings (context, NULL, + "libdefaults", + "default_realm", + NULL); + if (realms == NULL) + ret = krb5_get_host_realm(context, NULL, &realms); + } else { + ret = string_to_list (context, realm, &realms); + } + if (ret) + return ret; + krb5_free_host_realm (context, context->default_realms); + context->default_realms = realms; + return 0; +} diff --git a/source4/heimdal/lib/krb5/store-int.h b/source4/heimdal/lib/krb5/store-int.h new file mode 100644 index 0000000000..42e695a11b --- /dev/null +++ b/source4/heimdal/lib/krb5/store-int.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef __store_int_h__ +#define __store_int_h__ + +struct krb5_storage_data { + void *data; + ssize_t (*fetch)(struct krb5_storage_data*, void*, size_t); + ssize_t (*store)(struct krb5_storage_data*, const void*, size_t); + off_t (*seek)(struct krb5_storage_data*, off_t, int); + void (*free)(struct krb5_storage_data*); + krb5_flags flags; + int eof_code; +}; + +#endif /* __store_int_h__ */ diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c new file mode 100644 index 0000000000..42667765fb --- /dev/null +++ b/source4/heimdal/lib/krb5/store.c @@ -0,0 +1,888 @@ +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +#include "store-int.h" + +RCSID("$Id: store.c,v 1.50 2005/06/17 04:36:33 lha Exp $"); + +#define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V)) +#define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE) +#define BYTEORDER_IS_BE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_BE) +#define BYTEORDER_IS_HOST(SP) (BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_HOST) || \ + krb5_storage_is_flags((SP), KRB5_STORAGE_HOST_BYTEORDER)) + +void KRB5_LIB_FUNCTION +krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags) +{ + sp->flags |= flags; +} + +void KRB5_LIB_FUNCTION +krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags) +{ + sp->flags &= ~flags; +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags) +{ + return (sp->flags & flags) == flags; +} + +void KRB5_LIB_FUNCTION +krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder) +{ + sp->flags &= ~KRB5_STORAGE_BYTEORDER_MASK; + sp->flags |= byteorder; +} + +krb5_flags KRB5_LIB_FUNCTION +krb5_storage_get_byteorder(krb5_storage *sp, krb5_flags byteorder) +{ + return sp->flags & KRB5_STORAGE_BYTEORDER_MASK; +} + +off_t KRB5_LIB_FUNCTION +krb5_storage_seek(krb5_storage *sp, off_t offset, int whence) +{ + return (*sp->seek)(sp, offset, whence); +} + +krb5_ssize_t KRB5_LIB_FUNCTION +krb5_storage_read(krb5_storage *sp, void *buf, size_t len) +{ + return sp->fetch(sp, buf, len); +} + +krb5_ssize_t KRB5_LIB_FUNCTION +krb5_storage_write(krb5_storage *sp, const void *buf, size_t len) +{ + return sp->store(sp, buf, len); +} + +void KRB5_LIB_FUNCTION +krb5_storage_set_eof_code(krb5_storage *sp, int code) +{ + sp->eof_code = code; +} + +krb5_ssize_t KRB5_LIB_FUNCTION +_krb5_put_int(void *buffer, unsigned long value, size_t size) +{ + unsigned char *p = buffer; + int i; + for (i = size - 1; i >= 0; i--) { + p[i] = value & 0xff; + value >>= 8; + } + return size; +} + +krb5_ssize_t KRB5_LIB_FUNCTION +_krb5_get_int(void *buffer, unsigned long *value, size_t size) +{ + unsigned char *p = buffer; + unsigned long v = 0; + int i; + for (i = 0; i < size; i++) + v = (v << 8) + p[i]; + *value = v; + return size; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_storage_free(krb5_storage *sp) +{ + if(sp->free) + (*sp->free)(sp); + free(sp->data); + free(sp); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_storage_to_data(krb5_storage *sp, krb5_data *data) +{ + off_t pos; + size_t size; + krb5_error_code ret; + + pos = sp->seek(sp, 0, SEEK_CUR); + size = (size_t)sp->seek(sp, 0, SEEK_END); + ret = krb5_data_alloc (data, size); + if (ret) { + sp->seek(sp, pos, SEEK_SET); + return ret; + } + if (size) { + sp->seek(sp, 0, SEEK_SET); + sp->fetch(sp, data->data, data->length); + sp->seek(sp, pos, SEEK_SET); + } + return 0; +} + +static krb5_error_code +krb5_store_int(krb5_storage *sp, + int32_t value, + size_t len) +{ + int ret; + unsigned char v[16]; + + if(len > sizeof(v)) + return EINVAL; + _krb5_put_int(v, value, len); + ret = sp->store(sp, v, len); + if (ret != len) + return (ret<0)?errno:sp->eof_code; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_int32(krb5_storage *sp, + int32_t value) +{ + if(BYTEORDER_IS_HOST(sp)) + value = htonl(value); + else if(BYTEORDER_IS_LE(sp)) + value = bswap32(value); + return krb5_store_int(sp, value, 4); +} + +static krb5_error_code +krb5_ret_int(krb5_storage *sp, + int32_t *value, + size_t len) +{ + int ret; + unsigned char v[4]; + unsigned long w; + ret = sp->fetch(sp, v, len); + if(ret != len) + return (ret<0)?errno:sp->eof_code; + _krb5_get_int(v, &w, len); + *value = w; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_int32(krb5_storage *sp, + int32_t *value) +{ + krb5_error_code ret = krb5_ret_int(sp, value, 4); + if(ret) + return ret; + if(BYTEORDER_IS_HOST(sp)) + *value = htonl(*value); + else if(BYTEORDER_IS_LE(sp)) + *value = bswap32(*value); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_int16(krb5_storage *sp, + int16_t value) +{ + if(BYTEORDER_IS_HOST(sp)) + value = htons(value); + else if(BYTEORDER_IS_LE(sp)) + value = bswap16(value); + return krb5_store_int(sp, value, 2); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_int16(krb5_storage *sp, + int16_t *value) +{ + int32_t v; + int ret; + ret = krb5_ret_int(sp, &v, 2); + if(ret) + return ret; + *value = v; + if(BYTEORDER_IS_HOST(sp)) + *value = htons(*value); + else if(BYTEORDER_IS_LE(sp)) + *value = bswap16(*value); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_int8(krb5_storage *sp, + int8_t value) +{ + int ret; + + ret = sp->store(sp, &value, sizeof(value)); + if (ret != sizeof(value)) + return (ret<0)?errno:sp->eof_code; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_int8(krb5_storage *sp, + int8_t *value) +{ + int ret; + + ret = sp->fetch(sp, value, sizeof(*value)); + if (ret != sizeof(*value)) + return (ret<0)?errno:sp->eof_code; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_data(krb5_storage *sp, + krb5_data data) +{ + int ret; + ret = krb5_store_int32(sp, data.length); + if(ret < 0) + return ret; + ret = sp->store(sp, data.data, data.length); + if(ret != data.length){ + if(ret < 0) + return errno; + return sp->eof_code; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_data(krb5_storage *sp, + krb5_data *data) +{ + int ret; + int32_t size; + + ret = krb5_ret_int32(sp, &size); + if(ret) + return ret; + ret = krb5_data_alloc (data, size); + if (ret) + return ret; + if (size) { + ret = sp->fetch(sp, data->data, size); + if(ret != size) + return (ret < 0)? errno : sp->eof_code; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_string(krb5_storage *sp, const char *s) +{ + krb5_data data; + data.length = strlen(s); + data.data = rk_UNCONST(s); + return krb5_store_data(sp, data); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_string(krb5_storage *sp, + char **string) +{ + int ret; + krb5_data data; + ret = krb5_ret_data(sp, &data); + if(ret) + return ret; + *string = realloc(data.data, data.length + 1); + if(*string == NULL){ + free(data.data); + return ENOMEM; + } + (*string)[data.length] = 0; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_stringz(krb5_storage *sp, const char *s) +{ + size_t len = strlen(s) + 1; + ssize_t ret; + + ret = sp->store(sp, s, len); + if(ret != len) { + if(ret < 0) + return ret; + else + return sp->eof_code; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_stringz(krb5_storage *sp, + char **string) +{ + char c; + char *s = NULL; + size_t len = 0; + ssize_t ret; + + while((ret = sp->fetch(sp, &c, 1)) == 1){ + char *tmp; + + len++; + tmp = realloc (s, len); + if (tmp == NULL) { + free (s); + return ENOMEM; + } + s = tmp; + s[len - 1] = c; + if(c == 0) + break; + } + if(ret != 1){ + free(s); + if(ret == 0) + return sp->eof_code; + return ret; + } + *string = s; + return 0; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_principal(krb5_storage *sp, + krb5_principal p) +{ + int i; + int ret; + + if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) { + ret = krb5_store_int32(sp, p->name.name_type); + if(ret) return ret; + } + if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) + ret = krb5_store_int32(sp, p->name.name_string.len + 1); + else + ret = krb5_store_int32(sp, p->name.name_string.len); + + if(ret) return ret; + ret = krb5_store_string(sp, p->realm); + if(ret) return ret; + for(i = 0; i < p->name.name_string.len; i++){ + ret = krb5_store_string(sp, p->name.name_string.val[i]); + if(ret) return ret; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_principal(krb5_storage *sp, + krb5_principal *princ) +{ + int i; + int ret; + krb5_principal p; + int32_t type; + int32_t ncomp; + + p = calloc(1, sizeof(*p)); + if(p == NULL) + return ENOMEM; + + if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) + type = KRB5_NT_UNKNOWN; + else if((ret = krb5_ret_int32(sp, &type))){ + free(p); + return ret; + } + if((ret = krb5_ret_int32(sp, &ncomp))){ + free(p); + return ret; + } + if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) + ncomp--; + p->name.name_type = type; + p->name.name_string.len = ncomp; + ret = krb5_ret_string(sp, &p->realm); + if(ret) return ret; + p->name.name_string.val = calloc(ncomp, sizeof(*p->name.name_string.val)); + if(p->name.name_string.val == NULL){ + free(p->realm); + return ENOMEM; + } + for(i = 0; i < ncomp; i++){ + ret = krb5_ret_string(sp, &p->name.name_string.val[i]); + if(ret) return ret; /* XXX */ + } + *princ = p; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p) +{ + int ret; + ret = krb5_store_int16(sp, p.keytype); + if(ret) return ret; + + if(krb5_storage_is_flags(sp, KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE)){ + /* this should really be enctype, but it is the same as + keytype nowadays */ + ret = krb5_store_int16(sp, p.keytype); + if(ret) return ret; + } + + ret = krb5_store_data(sp, p.keyvalue); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p) +{ + int ret; + int16_t tmp; + + ret = krb5_ret_int16(sp, &tmp); + if(ret) return ret; + p->keytype = tmp; + + if(krb5_storage_is_flags(sp, KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE)){ + ret = krb5_ret_int16(sp, &tmp); + if(ret) return ret; + } + + ret = krb5_ret_data(sp, &p->keyvalue); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_times(krb5_storage *sp, krb5_times times) +{ + int ret; + ret = krb5_store_int32(sp, times.authtime); + if(ret) return ret; + ret = krb5_store_int32(sp, times.starttime); + if(ret) return ret; + ret = krb5_store_int32(sp, times.endtime); + if(ret) return ret; + ret = krb5_store_int32(sp, times.renew_till); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_times(krb5_storage *sp, krb5_times *times) +{ + int ret; + int32_t tmp; + ret = krb5_ret_int32(sp, &tmp); + times->authtime = tmp; + if(ret) return ret; + ret = krb5_ret_int32(sp, &tmp); + times->starttime = tmp; + if(ret) return ret; + ret = krb5_ret_int32(sp, &tmp); + times->endtime = tmp; + if(ret) return ret; + ret = krb5_ret_int32(sp, &tmp); + times->renew_till = tmp; + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_address(krb5_storage *sp, krb5_address p) +{ + int ret; + ret = krb5_store_int16(sp, p.addr_type); + if(ret) return ret; + ret = krb5_store_data(sp, p.address); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_address(krb5_storage *sp, krb5_address *adr) +{ + int16_t t; + int ret; + ret = krb5_ret_int16(sp, &t); + if(ret) return ret; + adr->addr_type = t; + ret = krb5_ret_data(sp, &adr->address); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_addrs(krb5_storage *sp, krb5_addresses p) +{ + int i; + int ret; + ret = krb5_store_int32(sp, p.len); + if(ret) return ret; + for(i = 0; ilen = tmp; + ALLOC(adr->val, adr->len); + if (adr->val == NULL && adr->len != 0) + return ENOMEM; + for(i = 0; i < adr->len; i++){ + ret = krb5_ret_address(sp, &adr->val[i]); + if(ret) break; + } + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_authdata(krb5_storage *sp, krb5_authdata auth) +{ + krb5_error_code ret; + int i; + ret = krb5_store_int32(sp, auth.len); + if(ret) return ret; + for(i = 0; i < auth.len; i++){ + ret = krb5_store_int16(sp, auth.val[i].ad_type); + if(ret) break; + ret = krb5_store_data(sp, auth.val[i].ad_data); + if(ret) break; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth) +{ + krb5_error_code ret; + int32_t tmp; + int16_t tmp2; + int i; + ret = krb5_ret_int32(sp, &tmp); + if(ret) return ret; + ALLOC_SEQ(auth, tmp); + if (auth->val == NULL && tmp != 0) + return ENOMEM; + for(i = 0; i < tmp; i++){ + ret = krb5_ret_int16(sp, &tmp2); + if(ret) break; + auth->val[i].ad_type = tmp2; + ret = krb5_ret_data(sp, &auth->val[i].ad_data); + if(ret) break; + } + return ret; +} + +static int32_t +bitswap32(int32_t b) +{ + int32_t r = 0; + int i; + for (i = 0; i < 32; i++) { + r = r << 1 | (b & 1); + b = b >> 1; + } + return r; +} + + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_creds(krb5_storage *sp, krb5_creds *creds) +{ + int ret; + + ret = krb5_store_principal(sp, creds->client); + if(ret) + return ret; + ret = krb5_store_principal(sp, creds->server); + if(ret) + return ret; + ret = krb5_store_keyblock(sp, creds->session); + if(ret) + return ret; + ret = krb5_store_times(sp, creds->times); + if(ret) + return ret; + ret = krb5_store_int8(sp, creds->second_ticket.length != 0); /* is_skey */ + if(ret) + return ret; + + if(krb5_storage_is_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER)) + ret = krb5_store_int32(sp, creds->flags.i); + else + ret = krb5_store_int32(sp, bitswap32(TicketFlags2int(creds->flags.b))); + if(ret) + return ret; + + ret = krb5_store_addrs(sp, creds->addresses); + if(ret) + return ret; + ret = krb5_store_authdata(sp, creds->authdata); + if(ret) + return ret; + ret = krb5_store_data(sp, creds->ticket); + if(ret) + return ret; + ret = krb5_store_data(sp, creds->second_ticket); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_creds(krb5_storage *sp, krb5_creds *creds) +{ + krb5_error_code ret; + int8_t dummy8; + int32_t dummy32; + + memset(creds, 0, sizeof(*creds)); + ret = krb5_ret_principal (sp, &creds->client); + if(ret) goto cleanup; + ret = krb5_ret_principal (sp, &creds->server); + if(ret) goto cleanup; + ret = krb5_ret_keyblock (sp, &creds->session); + if(ret) goto cleanup; + ret = krb5_ret_times (sp, &creds->times); + if(ret) goto cleanup; + ret = krb5_ret_int8 (sp, &dummy8); + if(ret) goto cleanup; + ret = krb5_ret_int32 (sp, &dummy32); + if(ret) goto cleanup; + /* + * Runtime detect the what is the higher bits of the bitfield. If + * any of the higher bits are set in the input data, its either a + * new ticket flag (and this code need to be removed), or its a + * MIT cache (or new Heimdal cache), lets change it to our current + * format. + */ + { + u_int32_t mask = 0xffff0000; + creds->flags.i = 0; + creds->flags.b.anonymous = 1; + if (creds->flags.i & mask) + mask = ~mask; + if (dummy32 & mask) + dummy32 = bitswap32(dummy32); + } + creds->flags.i = dummy32; + ret = krb5_ret_addrs (sp, &creds->addresses); + if(ret) goto cleanup; + ret = krb5_ret_authdata (sp, &creds->authdata); + if(ret) goto cleanup; + ret = krb5_ret_data (sp, &creds->ticket); + if(ret) goto cleanup; + ret = krb5_ret_data (sp, &creds->second_ticket); +cleanup: + if(ret) { +#if 0 + krb5_free_cred_contents(context, creds); /* XXX */ +#endif + } + return ret; +} + +#define SC_CLIENT_PRINCIPAL 0x0001 +#define SC_SERVER_PRINCIPAL 0x0002 +#define SC_SESSION_KEY 0x0004 +#define SC_TICKET 0x0008 +#define SC_SECOND_TICKET 0x0010 +#define SC_AUTHDATA 0x0020 +#define SC_ADDRESSES 0x0040 + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds) +{ + int ret; + int32_t header = 0; + + if (creds->client) + header |= SC_CLIENT_PRINCIPAL; + if (creds->server) + header |= SC_SERVER_PRINCIPAL; + if (creds->session.keyvalue.data) + header |= SC_SESSION_KEY; + if (creds->ticket.data) + header |= SC_TICKET; + if (creds->second_ticket.length) + header |= SC_SECOND_TICKET; + if (creds->authdata.len) + header |= SC_AUTHDATA; + if (creds->addresses.len) + header |= SC_ADDRESSES; + + ret = krb5_store_int32(sp, header); + + if (creds->client) { + ret = krb5_store_principal(sp, creds->client); + if(ret) + return ret; + } + + if (creds->server) { + ret = krb5_store_principal(sp, creds->server); + if(ret) + return ret; + } + + if (creds->session.keyvalue.data) { + ret = krb5_store_keyblock(sp, creds->session); + if(ret) + return ret; + } + + ret = krb5_store_times(sp, creds->times); + if(ret) + return ret; + ret = krb5_store_int8(sp, creds->second_ticket.length != 0); /* is_skey */ + if(ret) + return ret; + + ret = krb5_store_int32(sp, bitswap32(TicketFlags2int(creds->flags.b))); + if(ret) + return ret; + + if (creds->addresses.len) { + ret = krb5_store_addrs(sp, creds->addresses); + if(ret) + return ret; + } + + if (creds->authdata.len) { + ret = krb5_store_authdata(sp, creds->authdata); + if(ret) + return ret; + } + + if (creds->ticket.data) { + ret = krb5_store_data(sp, creds->ticket); + if(ret) + return ret; + } + + if (creds->second_ticket.data) { + ret = krb5_store_data(sp, creds->second_ticket); + if (ret) + return ret; + } + + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_creds_tag(krb5_storage *sp, + krb5_creds *creds) +{ + krb5_error_code ret; + int8_t dummy8; + int32_t dummy32, header; + + memset(creds, 0, sizeof(*creds)); + + ret = krb5_ret_int32 (sp, &header); + if (ret) goto cleanup; + + if (header & SC_CLIENT_PRINCIPAL) { + ret = krb5_ret_principal (sp, &creds->client); + if(ret) goto cleanup; + } + if (header & SC_SERVER_PRINCIPAL) { + ret = krb5_ret_principal (sp, &creds->server); + if(ret) goto cleanup; + } + if (header & SC_SESSION_KEY) { + ret = krb5_ret_keyblock (sp, &creds->session); + if(ret) goto cleanup; + } + ret = krb5_ret_times (sp, &creds->times); + if(ret) goto cleanup; + ret = krb5_ret_int8 (sp, &dummy8); + if(ret) goto cleanup; + ret = krb5_ret_int32 (sp, &dummy32); + if(ret) goto cleanup; + /* + * Runtime detect the what is the higher bits of the bitfield. If + * any of the higher bits are set in the input data, its either a + * new ticket flag (and this code need to be removed), or its a + * MIT cache (or new Heimdal cache), lets change it to our current + * format. + */ + { + u_int32_t mask = 0xffff0000; + creds->flags.i = 0; + creds->flags.b.anonymous = 1; + if (creds->flags.i & mask) + mask = ~mask; + if (dummy32 & mask) + dummy32 = bitswap32(dummy32); + } + creds->flags.i = dummy32; + if (header & SC_ADDRESSES) { + ret = krb5_ret_addrs (sp, &creds->addresses); + if(ret) goto cleanup; + } + if (header & SC_AUTHDATA) { + ret = krb5_ret_authdata (sp, &creds->authdata); + if(ret) goto cleanup; + } + if (header & SC_TICKET) { + ret = krb5_ret_data (sp, &creds->ticket); + if(ret) goto cleanup; + } + if (header & SC_SECOND_TICKET) { + ret = krb5_ret_data (sp, &creds->second_ticket); + if(ret) goto cleanup; + } + +cleanup: + if(ret) { +#if 0 + krb5_free_cred_contents(context, creds); /* XXX */ +#endif + } + return ret; +} diff --git a/source4/heimdal/lib/krb5/store_emem.c b/source4/heimdal/lib/krb5/store_emem.c new file mode 100644 index 0000000000..b9f93728de --- /dev/null +++ b/source4/heimdal/lib/krb5/store_emem.c @@ -0,0 +1,132 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +#include "store-int.h" + +RCSID("$Id: store_emem.c,v 1.14 2004/05/25 21:43:29 lha Exp $"); + +typedef struct emem_storage{ + unsigned char *base; + size_t size; + size_t len; + unsigned char *ptr; +}emem_storage; + +static ssize_t +emem_fetch(krb5_storage *sp, void *data, size_t size) +{ + emem_storage *s = (emem_storage*)sp->data; + if(s->base + s->len - s->ptr < size) + size = s->base + s->len - s->ptr; + memmove(data, s->ptr, size); + sp->seek(sp, size, SEEK_CUR); + return size; +} + +static ssize_t +emem_store(krb5_storage *sp, const void *data, size_t size) +{ + emem_storage *s = (emem_storage*)sp->data; + if(size > s->base + s->size - s->ptr){ + void *base; + size_t sz, off; + off = s->ptr - s->base; + sz = off + size; + if (sz < 4096) + sz *= 2; + base = realloc(s->base, sz); + if(base == NULL) + return 0; + s->size = sz; + s->base = base; + s->ptr = (unsigned char*)base + off; + } + memmove(s->ptr, data, size); + sp->seek(sp, size, SEEK_CUR); + return size; +} + +static off_t +emem_seek(krb5_storage *sp, off_t offset, int whence) +{ + emem_storage *s = (emem_storage*)sp->data; + switch(whence){ + case SEEK_SET: + if(offset > s->size) + offset = s->size; + if(offset < 0) + offset = 0; + s->ptr = s->base + offset; + if(offset > s->len) + s->len = offset; + break; + case SEEK_CUR: + sp->seek(sp,s->ptr - s->base + offset, SEEK_SET); + break; + case SEEK_END: + sp->seek(sp, s->len + offset, SEEK_SET); + break; + default: + errno = EINVAL; + return -1; + } + return s->ptr - s->base; +} + +static void +emem_free(krb5_storage *sp) +{ + emem_storage *s = sp->data; + memset(s->base, 0, s->len); + free(s->base); +} + +krb5_storage * KRB5_LIB_FUNCTION +krb5_storage_emem(void) +{ + krb5_storage *sp = malloc(sizeof(krb5_storage)); + emem_storage *s = malloc(sizeof(*s)); + sp->data = s; + sp->flags = 0; + sp->eof_code = HEIM_ERR_EOF; + s->size = 1024; + s->base = malloc(s->size); + s->len = 0; + s->ptr = s->base; + sp->fetch = emem_fetch; + sp->store = emem_store; + sp->seek = emem_seek; + sp->free = emem_free; + return sp; +} diff --git a/source4/heimdal/lib/krb5/store_fd.c b/source4/heimdal/lib/krb5/store_fd.c new file mode 100644 index 0000000000..46043a6761 --- /dev/null +++ b/source4/heimdal/lib/krb5/store_fd.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +#include "store-int.h" + +RCSID("$Id: store_fd.c,v 1.12 2004/05/25 21:43:57 lha Exp $"); + +typedef struct fd_storage { + int fd; +} fd_storage; + +#define FD(S) (((fd_storage*)(S)->data)->fd) + +static ssize_t +fd_fetch(krb5_storage * sp, void *data, size_t size) +{ + return net_read(FD(sp), data, size); +} + +static ssize_t +fd_store(krb5_storage * sp, const void *data, size_t size) +{ + return net_write(FD(sp), data, size); +} + +static off_t +fd_seek(krb5_storage * sp, off_t offset, int whence) +{ + return lseek(FD(sp), offset, whence); +} + +static void +fd_free(krb5_storage * sp) +{ + close(FD(sp)); +} + +krb5_storage * KRB5_LIB_FUNCTION +krb5_storage_from_fd(int fd) +{ + krb5_storage *sp; + + fd = dup(fd); + if (fd < 0) + return NULL; + sp = malloc(sizeof(krb5_storage)); + + if (sp == NULL) + return NULL; + + sp->data = malloc(sizeof(fd_storage)); + if (sp->data == NULL) { + free(sp); + return NULL; + } + sp->flags = 0; + sp->eof_code = HEIM_ERR_EOF; + FD(sp) = fd; + sp->fetch = fd_fetch; + sp->store = fd_store; + sp->seek = fd_seek; + sp->free = fd_free; + return sp; +} diff --git a/source4/heimdal/lib/krb5/store_mem.c b/source4/heimdal/lib/krb5/store_mem.c new file mode 100644 index 0000000000..decf74adce --- /dev/null +++ b/source4/heimdal/lib/krb5/store_mem.c @@ -0,0 +1,119 @@ +/* + * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +#include "store-int.h" + +RCSID("$Id: store_mem.c,v 1.12 2004/05/25 21:44:17 lha Exp $"); + +typedef struct mem_storage{ + unsigned char *base; + size_t size; + unsigned char *ptr; +}mem_storage; + +static ssize_t +mem_fetch(krb5_storage *sp, void *data, size_t size) +{ + mem_storage *s = (mem_storage*)sp->data; + if(size > s->base + s->size - s->ptr) + size = s->base + s->size - s->ptr; + memmove(data, s->ptr, size); + sp->seek(sp, size, SEEK_CUR); + return size; +} + +static ssize_t +mem_store(krb5_storage *sp, const void *data, size_t size) +{ + mem_storage *s = (mem_storage*)sp->data; + if(size > s->base + s->size - s->ptr) + size = s->base + s->size - s->ptr; + memmove(s->ptr, data, size); + sp->seek(sp, size, SEEK_CUR); + return size; +} + +static off_t +mem_seek(krb5_storage *sp, off_t offset, int whence) +{ + mem_storage *s = (mem_storage*)sp->data; + switch(whence){ + case SEEK_SET: + if(offset > s->size) + offset = s->size; + if(offset < 0) + offset = 0; + s->ptr = s->base + offset; + break; + case SEEK_CUR: + return sp->seek(sp, s->ptr - s->base + offset, SEEK_SET); + case SEEK_END: + return sp->seek(sp, s->size + offset, SEEK_SET); + default: + errno = EINVAL; + return -1; + } + return s->ptr - s->base; +} + +krb5_storage * KRB5_LIB_FUNCTION +krb5_storage_from_mem(void *buf, size_t len) +{ + krb5_storage *sp = malloc(sizeof(krb5_storage)); + mem_storage *s; + if(sp == NULL) + return NULL; + s = malloc(sizeof(*s)); + if(s == NULL) { + free(sp); + return NULL; + } + sp->data = s; + sp->flags = 0; + sp->eof_code = HEIM_ERR_EOF; + s->base = buf; + s->size = len; + s->ptr = buf; + sp->fetch = mem_fetch; + sp->store = mem_store; + sp->seek = mem_seek; + sp->free = NULL; + return sp; +} + +krb5_storage * KRB5_LIB_FUNCTION +krb5_storage_from_data(krb5_data *data) +{ + return krb5_storage_from_mem(data->data, data->length); +} diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c new file mode 100644 index 0000000000..734cd4d4ca --- /dev/null +++ b/source4/heimdal/lib/krb5/ticket.c @@ -0,0 +1,125 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: ticket.c,v 1.12 2004/05/25 21:44:47 lha Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_free_ticket(krb5_context context, + krb5_ticket *ticket) +{ + free_EncTicketPart(&ticket->ticket); + krb5_free_principal(context, ticket->client); + krb5_free_principal(context, ticket->server); + free(ticket); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_ticket(krb5_context context, + const krb5_ticket *from, + krb5_ticket **to) +{ + krb5_error_code ret; + krb5_ticket *tmp; + + *to = NULL; + tmp = malloc(sizeof(*tmp)); + if(tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + if((ret = copy_EncTicketPart(&from->ticket, &tmp->ticket))){ + free(tmp); + return ret; + } + ret = krb5_copy_principal(context, from->client, &tmp->client); + if(ret){ + free_EncTicketPart(&tmp->ticket); + free(tmp); + return ret; + } + ret = krb5_copy_principal(context, from->server, &tmp->server); + if(ret){ + krb5_free_principal(context, tmp->client); + free_EncTicketPart(&tmp->ticket); + free(tmp); + return ret; + } + *to = tmp; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ticket_get_client(krb5_context context, + const krb5_ticket *ticket, + krb5_principal *client) +{ + return krb5_copy_principal(context, ticket->client, client); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ticket_get_server(krb5_context context, + const krb5_ticket *ticket, + krb5_principal *server) +{ + return krb5_copy_principal(context, ticket->server, server); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ticket_get_authorization_data_type(krb5_context context, + krb5_ticket *ticket, + int type, + krb5_data *data) +{ + AuthorizationData *ad; + int i; + + data->length = 0; + data->data = NULL; + + ad = ticket->ticket.authorization_data; + if (ad == NULL) { + krb5_set_error_string(context, "Ticket have not authorization data"); + return ENOENT; /* XXX */ + } + + for (i = 0; i < ad->len; i++) { + if (ad->val[i].ad_type == type) + return copy_octet_string(&ad->val[i].ad_data, data); + } + krb5_set_error_string(context, "Ticket have not authorization " + "data of type %d", type); + return ENOENT; /* XXX */ +} diff --git a/source4/heimdal/lib/krb5/time.c b/source4/heimdal/lib/krb5/time.c new file mode 100644 index 0000000000..4a120ab771 --- /dev/null +++ b/source4/heimdal/lib/krb5/time.c @@ -0,0 +1,114 @@ +/* + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: time.c,v 1.13 2004/10/13 17:57:11 lha Exp $"); + +/* + * Set the absolute time that the caller knows the kdc has so the + * kerberos library can calculate the relative diffrence beteen the + * KDC time and local system time. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_real_time (krb5_context context, + krb5_timestamp sec, + int32_t usec) +{ + struct timeval tv; + + gettimeofday(&tv, NULL); + + context->kdc_sec_offset = sec - tv.tv_sec; + context->kdc_usec_offset = usec - tv.tv_usec; + + if (context->kdc_usec_offset < 0) { + context->kdc_sec_offset--; + context->kdc_usec_offset += 1000000; + } + return 0; +} + +/* + * return ``corrected'' time in `timeret'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_timeofday (krb5_context context, + krb5_timestamp *timeret) +{ + *timeret = time(NULL) + context->kdc_sec_offset; + return 0; +} + +/* + * like gettimeofday but with time correction to the KDC + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_us_timeofday (krb5_context context, + krb5_timestamp *sec, + int32_t *usec) +{ + struct timeval tv; + + gettimeofday (&tv, NULL); + + *sec = tv.tv_sec + context->kdc_sec_offset; + *usec = tv.tv_usec; /* XXX */ + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_format_time(krb5_context context, time_t t, + char *s, size_t len, krb5_boolean include_time) +{ + struct tm *tm; + if(context->log_utc) + tm = gmtime (&t); + else + tm = localtime(&t); + if(tm == NULL || + strftime(s, len, include_time ? context->time_fmt : context->date_fmt, tm) == 0) + snprintf(s, len, "%ld", (long)t); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_deltat(const char *string, krb5_deltat *deltat) +{ + if((*deltat = parse_time(string, "s")) == -1) + return KRB5_DELTAT_BADFORMAT; + return 0; +} diff --git a/source4/heimdal/lib/krb5/transited.c b/source4/heimdal/lib/krb5/transited.c new file mode 100644 index 0000000000..9e24db0da0 --- /dev/null +++ b/source4/heimdal/lib/krb5/transited.c @@ -0,0 +1,481 @@ +/* + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: transited.c,v 1.16 2005/06/17 04:53:35 lha Exp $"); + +/* this is an attempt at one of the most horrible `compression' + schemes that has ever been invented; it's so amazingly brain-dead + that words can not describe it, and all this just to save a few + silly bytes */ + +struct tr_realm { + char *realm; + unsigned leading_space:1; + unsigned leading_slash:1; + unsigned trailing_dot:1; + struct tr_realm *next; +}; + +static void +free_realms(struct tr_realm *r) +{ + struct tr_realm *p; + while(r){ + p = r; + r = r->next; + free(p->realm); + free(p); + } +} + +static int +make_path(krb5_context context, struct tr_realm *r, + const char *from, const char *to) +{ + const char *p; + struct tr_realm *path = r->next; + struct tr_realm *tmp; + + if(strlen(from) < strlen(to)){ + const char *str; + str = from; + from = to; + to = str; + } + + if(strcmp(from + strlen(from) - strlen(to), to) == 0){ + p = from; + while(1){ + p = strchr(p, '.'); + if(p == NULL) { + krb5_clear_error_string (context); + return KRB5KDC_ERR_POLICY; + } + p++; + if(strcmp(p, to) == 0) + break; + tmp = calloc(1, sizeof(*tmp)); + tmp->next = path; + path = tmp; + path->realm = strdup(p); + if(path->realm == NULL){ + r->next = path; /* XXX */ + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM;; + } + } + }else if(strncmp(from, to, strlen(to)) == 0){ + p = from + strlen(from); + while(1){ + while(p >= from && *p != '/') p--; + if(p == from) + return KRB5KDC_ERR_POLICY; + if(strncmp(to, from, p - from) == 0) + break; + tmp = calloc(1, sizeof(*tmp)); + tmp->next = path; + path = tmp; + path->realm = malloc(p - from + 1); + if(path->realm == NULL){ + r->next = path; /* XXX */ + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + memcpy(path->realm, from, p - from); + path->realm[p - from] = '\0'; + p--; + } + } else { + krb5_clear_error_string (context); + return KRB5KDC_ERR_POLICY; + } + r->next = path; + + return 0; +} + +static int +make_paths(krb5_context context, + struct tr_realm *realms, const char *client_realm, + const char *server_realm) +{ + struct tr_realm *r; + int ret; + const char *prev_realm = client_realm; + const char *next_realm = NULL; + for(r = realms; r; r = r->next){ + /* it *might* be that you can have more than one empty + component in a row, at least that's how I interpret the + "," exception in 1510 */ + if(r->realm[0] == '\0'){ + while(r->next && r->next->realm[0] == '\0') + r = r->next; + if(r->next) + next_realm = r->next->realm; + else + next_realm = server_realm; + ret = make_path(context, r, prev_realm, next_realm); + if(ret){ + free_realms(realms); + return ret; + } + } + prev_realm = r->realm; + } + return 0; +} + +static int +expand_realms(krb5_context context, + struct tr_realm *realms, const char *client_realm) +{ + struct tr_realm *r; + const char *prev_realm = NULL; + for(r = realms; r; r = r->next){ + if(r->trailing_dot){ + char *tmp; + size_t len = strlen(r->realm) + strlen(prev_realm) + 1; + + if(prev_realm == NULL) + prev_realm = client_realm; + tmp = realloc(r->realm, len); + if(tmp == NULL){ + free_realms(realms); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + r->realm = tmp; + strlcat(r->realm, prev_realm, len); + }else if(r->leading_slash && !r->leading_space && prev_realm){ + /* yet another exception: if you use x500-names, the + leading realm doesn't have to be "quoted" with a space */ + char *tmp; + size_t len = strlen(r->realm) + strlen(prev_realm) + 1; + + tmp = malloc(len); + if(tmp == NULL){ + free_realms(realms); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + strlcpy(tmp, prev_realm, len); + strlcat(tmp, r->realm, len); + free(r->realm); + r->realm = tmp; + } + prev_realm = r->realm; + } + return 0; +} + +static struct tr_realm * +make_realm(char *realm) +{ + struct tr_realm *r; + char *p, *q; + int quote = 0; + r = calloc(1, sizeof(*r)); + if(r == NULL){ + free(realm); + return NULL; + } + r->realm = realm; + for(p = q = r->realm; *p; p++){ + if(p == r->realm && *p == ' '){ + r->leading_space = 1; + continue; + } + if(q == r->realm && *p == '/') + r->leading_slash = 1; + if(quote){ + *q++ = *p; + quote = 0; + continue; + } + if(*p == '\\'){ + quote = 1; + continue; + } + if(p[0] == '.' && p[1] == '\0') + r->trailing_dot = 1; + *q++ = *p; + } + *q = '\0'; + return r; +} + +static struct tr_realm* +append_realm(struct tr_realm *head, struct tr_realm *r) +{ + struct tr_realm *p; + if(head == NULL){ + r->next = NULL; + return r; + } + p = head; + while(p->next) p = p->next; + p->next = r; + return head; +} + +static int +decode_realms(krb5_context context, + const char *tr, int length, struct tr_realm **realms) +{ + struct tr_realm *r = NULL; + + char *tmp; + int quote = 0; + const char *start = tr; + int i; + + for(i = 0; i < length; i++){ + if(quote){ + quote = 0; + continue; + } + if(tr[i] == '\\'){ + quote = 1; + continue; + } + if(tr[i] == ','){ + tmp = malloc(tr + i - start + 1); + memcpy(tmp, start, tr + i - start); + tmp[tr + i - start] = '\0'; + r = make_realm(tmp); + if(r == NULL){ + free_realms(*realms); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + *realms = append_realm(*realms, r); + start = tr + i + 1; + } + } + tmp = malloc(tr + i - start + 1); + memcpy(tmp, start, tr + i - start); + tmp[tr + i - start] = '\0'; + r = make_realm(tmp); + if(r == NULL){ + free_realms(*realms); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + *realms = append_realm(*realms, r); + + return 0; +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_domain_x500_decode(krb5_context context, + krb5_data tr, char ***realms, int *num_realms, + const char *client_realm, const char *server_realm) +{ + struct tr_realm *r = NULL; + struct tr_realm *p, **q; + int ret; + + if(tr.length == 0) { + *realms = NULL; + *num_realms = 0; + return 0; + } + + /* split string in components */ + ret = decode_realms(context, tr.data, tr.length, &r); + if(ret) + return ret; + + /* apply prefix rule */ + ret = expand_realms(context, r, client_realm); + if(ret) + return ret; + + ret = make_paths(context, r, client_realm, server_realm); + if(ret) + return ret; + + /* remove empty components and count realms */ + q = &r; + *num_realms = 0; + for(p = r; p; ){ + if(p->realm[0] == '\0'){ + free(p->realm); + *q = p->next; + free(p); + p = *q; + }else{ + q = &p->next; + p = p->next; + (*num_realms)++; + } + } + if (*num_realms < 0 || *num_realms + 1 > UINT_MAX/sizeof(**realms)) + return ERANGE; + + { + char **R; + R = malloc((*num_realms + 1) * sizeof(*R)); + if (R == NULL) + return ENOMEM; + *realms = R; + while(r){ + *R++ = r->realm; + p = r->next; + free(r); + r = p; + } + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding) +{ + char *s = NULL; + int len = 0; + int i; + krb5_data_zero(encoding); + if (num_realms == 0) + return 0; + for(i = 0; i < num_realms; i++){ + len += strlen(realms[i]); + if(realms[i][0] == '/') + len++; + } + len += num_realms - 1; + s = malloc(len + 1); + if (s == NULL) + return ENOMEM; + *s = '\0'; + for(i = 0; i < num_realms; i++){ + if(i && i < num_realms - 1) + strlcat(s, ",", len + 1); + if(realms[i][0] == '/') + strlcat(s, " ", len + 1); + strlcat(s, realms[i], len + 1); + } + encoding->data = s; + encoding->length = strlen(s); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_check_transited(krb5_context context, + krb5_const_realm client_realm, + krb5_const_realm server_realm, + krb5_realm *realms, + int num_realms, + int *bad_realm) +{ + char **tr_realms; + char **p; + int i; + + if(num_realms == 0) + return 0; + + tr_realms = krb5_config_get_strings(context, NULL, + "capaths", + client_realm, + server_realm, + NULL); + for(i = 0; i < num_realms; i++) { + for(p = tr_realms; p && *p; p++) { + if(strcmp(*p, realms[i]) == 0) + break; + } + if(p == NULL || *p == NULL) { + krb5_config_free_strings(tr_realms); + krb5_set_error_string (context, "no transit through realm %s", + realms[i]); + if(bad_realm) + *bad_realm = i; + return KRB5KRB_AP_ERR_ILL_CR_TKT; + } + } + krb5_config_free_strings(tr_realms); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_check_transited_realms(krb5_context context, + const char *const *realms, + int num_realms, + int *bad_realm) +{ + int i; + int ret = 0; + char **bad_realms = krb5_config_get_strings(context, NULL, + "libdefaults", + "transited_realms_reject", + NULL); + if(bad_realms == NULL) + return 0; + + for(i = 0; i < num_realms; i++) { + char **p; + for(p = bad_realms; *p; p++) + if(strcmp(*p, realms[i]) == 0) { + krb5_set_error_string (context, "no transit through realm %s", + *p); + ret = KRB5KRB_AP_ERR_ILL_CR_TKT; + if(bad_realm) + *bad_realm = i; + break; + } + } + krb5_config_free_strings(bad_realms); + return ret; +} + +#if 0 +int +main(int argc, char **argv) +{ + krb5_data x; + char **r; + int num, i; + x.data = argv[1]; + x.length = strlen(x.data); + if(domain_expand(x, &r, &num, argv[2], argv[3])) + exit(1); + for(i = 0; i < num; i++) + printf("%s\n", r[i]); + return 0; +} +#endif + diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c new file mode 100644 index 0000000000..c66b06c09f --- /dev/null +++ b/source4/heimdal/lib/krb5/v4_glue.c @@ -0,0 +1,922 @@ +/* + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +RCSID("$Id: v4_glue.c,v 1.2 2005/04/24 13:44:02 lha Exp $"); + +#include "krb5-v4compat.h" + +/* + * + */ + +#define RCHECK(r,func,label) \ + do { (r) = func ; if (r) goto label; } while(0); + + +/* include this here, to avoid dependencies on libkrb */ + +static const int _tkt_lifetimes[TKTLIFENUMFIXED] = { + 38400, 41055, 43894, 46929, 50174, 53643, 57352, 61318, + 65558, 70091, 74937, 80119, 85658, 91581, 97914, 104684, + 111922, 119661, 127935, 136781, 146239, 156350, 167161, 178720, + 191077, 204289, 218415, 233517, 249664, 266926, 285383, 305116, + 326213, 348769, 372885, 398668, 426234, 455705, 487215, 520904, + 556921, 595430, 636601, 680618, 727680, 777995, 831789, 889303, + 950794, 1016537, 1086825, 1161973, 1242318, 1328218, 1420057, 1518247, + 1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000 +}; + +int KRB5_LIB_FUNCTION +_krb5_krb_time_to_life(time_t start, time_t end) +{ + int i; + time_t life = end - start; + + if (life > MAXTKTLIFETIME || life <= 0) + return 0; +#if 0 + if (krb_no_long_lifetimes) + return (life + 5*60 - 1)/(5*60); +#endif + + if (end >= NEVERDATE) + return TKTLIFENOEXPIRE; + if (life < _tkt_lifetimes[0]) + return (life + 5*60 - 1)/(5*60); + for (i=0; i TKTLIFEMAXFIXED) + return start + MAXTKTLIFETIME; + return start + _tkt_lifetimes[life - TKTLIFEMINFIXED]; +} + +/* + * Get the name of the krb4 credentials cache, will use `tkfile' as + * the name if that is passed in. `cc' must be free()ed by caller, + */ + +static krb5_error_code +get_krb4_cc_name(const char *tkfile, char **cc) +{ + + *cc = NULL; + if(tkfile == NULL) { + char *path; + if(!issuid()) { + path = getenv("KRBTKFILE"); + if (path) + *cc = strdup(path); + } + if(*cc == NULL) + if (asprintf(cc, "%s%u", TKT_ROOT, (unsigned)getuid()) < 0) + return errno; + } else { + *cc = strdup(tkfile); + if (*cc == NULL) + return ENOMEM; + } + return 0; +} + +/* + * Write a Kerberos 4 ticket file + */ + +#define KRB5_TF_LCK_RETRY_COUNT 50 +#define KRB5_TF_LCK_RETRY 1 + +static krb5_error_code +write_v4_cc(krb5_context context, const char *tkfile, + krb5_storage *sp, int append) +{ + krb5_error_code ret; + struct stat sb; + krb5_data data; + char *path; + int fd, i; + + ret = get_krb4_cc_name(tkfile, &path); + if (ret) { + krb5_set_error_string(context, + "krb5_krb_tf_setup: failed getting " + "the krb4 credentials cache name"); + return ret; + } + + fd = open(path, O_WRONLY|O_CREAT, 0600); + if (fd < 0) { + free(path); + krb5_set_error_string(context, + "krb5_krb_tf_setup: error opening file %s", + path); + return errno; + } + + if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) { + free(path); + close(fd); + krb5_set_error_string(context, + "krb5_krb_tf_setup: tktfile %s is not a file", + path); + return KRB5_FCC_PERM; + } + + for (i = 0; i < KRB5_TF_LCK_RETRY_COUNT; i++) { + if (flock(fd, LOCK_EX | LOCK_NB) < 0) { + sleep(KRB5_TF_LCK_RETRY); + } else + break; + } + if (i == KRB5_TF_LCK_RETRY_COUNT) { + free(path); + close(fd); + krb5_set_error_string(context, + "krb5_krb_tf_setup: failed to lock %s", + path); + return KRB5_FCC_PERM; + } + + if (!append) { + ret = ftruncate(fd, 0); + if (ret < 0) { + flock(fd, LOCK_UN); + free(path); + close(fd); + krb5_set_error_string(context, + "krb5_krb_tf_setup: failed to truncate %s", + path); + return KRB5_FCC_PERM; + } + } + ret = lseek(fd, 0L, SEEK_END); + if (ret < 0) { + ret = errno; + flock(fd, LOCK_UN); + free(path); + close(fd); + return ret; + } + + krb5_storage_to_data(sp, &data); + + ret = write(fd, data.data, data.length); + if (ret != data.length) + ret = KRB5_CC_IO; + + krb5_free_data_contents(context, &data); + + flock(fd, LOCK_UN); + free(path); + close(fd); + + return 0; +} + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_krb_tf_setup(krb5_context context, + struct credentials *v4creds, + const char *tkfile, + int append) +{ + krb5_error_code ret; + krb5_storage *sp; + + sp = krb5_storage_emem(); + if (sp == NULL) + return ENOMEM; + + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST); + krb5_storage_set_eof_code(sp, KRB5_CC_IO); + + krb5_clear_error_string(context); + + if (!append) { + RCHECK(ret, krb5_store_stringz(sp, v4creds->pname), error); + RCHECK(ret, krb5_store_stringz(sp, v4creds->pinst), error); + } + + /* cred */ + RCHECK(ret, krb5_store_stringz(sp, v4creds->service), error); + RCHECK(ret, krb5_store_stringz(sp, v4creds->instance), error); + RCHECK(ret, krb5_store_stringz(sp, v4creds->realm), error); + ret = krb5_storage_write(sp, v4creds->session, 8); + if (ret != 8) { + ret = KRB5_CC_IO; + goto error; + } + RCHECK(ret, krb5_store_int32(sp, v4creds->lifetime), error); + RCHECK(ret, krb5_store_int32(sp, v4creds->kvno), error); + RCHECK(ret, krb5_store_int32(sp, v4creds->ticket_st.length), error); + + ret = krb5_storage_write(sp, v4creds->ticket_st.dat, + v4creds->ticket_st.length); + if (ret != v4creds->ticket_st.length) { + ret = KRB5_CC_IO; + goto error; + } + RCHECK(ret, krb5_store_int32(sp, v4creds->issue_date), error); + + ret = write_v4_cc(context, tkfile, sp, append); + + error: + krb5_storage_free(sp); + + return ret; +} + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_krb_dest_tkt(krb5_context context, const char *tkfile) +{ + krb5_error_code ret; + char *path; + + ret = get_krb4_cc_name(tkfile, &path); + if (ret) { + krb5_set_error_string(context, + "krb5_krb_tf_setup: failed getting " + "the krb4 credentials cache name"); + return ret; + } + + if (unlink(path) < 0) { + ret = errno; + krb5_set_error_string(context, + "krb5_krb_dest_tkt failed removing the cache " + "with error %s", strerror(ret)); + } + free(path); + + return ret; +} + +/* + * + */ + +static krb5_error_code +decrypt_etext(krb5_context context, const krb5_keyblock *key, + const krb5_data *cdata, krb5_data *data) +{ + krb5_error_code ret; + krb5_crypto crypto; + + ret = krb5_crypto_init(context, key, ETYPE_DES_PCBC_NONE, &crypto); + if (ret) + return ret; + + ret = krb5_decrypt(context, crypto, 0, cdata->data, cdata->length, data); + krb5_crypto_destroy(context, crypto); + + return ret; +} + + +/* + * + */ + +static const char eightzeros[8] = "\x00\x00\x00\x00\x00\x00\x00\x00"; + +static krb5_error_code +storage_to_etext(krb5_context context, + krb5_storage *sp, + const krb5_keyblock *key, + krb5_data *enc_data) +{ + krb5_error_code ret; + krb5_crypto crypto; + krb5_ssize_t size; + krb5_data data; + + /* multiple of eight bytes */ + + size = krb5_storage_seek(sp, 0, SEEK_END); + if (size < 0) + return EINVAL; + size = 8 - (size & 7); + + ret = krb5_storage_write(sp, eightzeros, size); + if (ret != size) + return EINVAL; + + ret = krb5_storage_to_data(sp, &data); + if (ret) + return ret; + + ret = krb5_crypto_init(context, key, ETYPE_DES_PCBC_NONE, &crypto); + if (ret) { + krb5_data_free(&data); + return ret; + } + + ret = krb5_encrypt(context, crypto, 0, data.data, data.length, enc_data); + + krb5_data_free(&data); + krb5_crypto_destroy(context, crypto); + + return ret; +} + +/* + * + */ + +static krb5_error_code +put_nir(krb5_storage *sp, const char *name, + const char *instance, const char *realm) +{ + krb5_error_code ret; + + RCHECK(ret, krb5_store_stringz(sp, name), error); + RCHECK(ret, krb5_store_stringz(sp, instance), error); + if (realm) { + RCHECK(ret, krb5_store_stringz(sp, realm), error); + } + error: + return ret; +} + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_krb_create_ticket(krb5_context context, + unsigned char flags, + const char *pname, + const char *pinstance, + const char *prealm, + int32_t paddress, + const krb5_keyblock *session, + int16_t life, + int32_t life_sec, + const char *sname, + const char *sinstance, + const krb5_keyblock *key, + krb5_data *enc_data) +{ + krb5_error_code ret; + krb5_storage *sp; + + krb5_data_zero(enc_data); + + sp = krb5_storage_emem(); + if (sp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); + + RCHECK(ret, krb5_store_int8(sp, flags), error); + RCHECK(ret, put_nir(sp, pname, pinstance, prealm), error); + RCHECK(ret, krb5_store_int32(sp, ntohl(paddress)), error); + + /* session key */ + ret = krb5_storage_write(sp, + session->keyvalue.data, + session->keyvalue.length); + if (ret != session->keyvalue.length) { + ret = EINVAL; + goto error; + } + + RCHECK(ret, krb5_store_int8(sp, life), error); + RCHECK(ret, krb5_store_int32(sp, life_sec), error); + RCHECK(ret, put_nir(sp, sname, sinstance, NULL), error); + + ret = storage_to_etext(context, sp, key, enc_data); + + error: + krb5_storage_free(sp); + if (ret) + krb5_set_error_string(context, "Failed to encode kerberos 4 ticket"); + + return ret; +} + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_krb_create_ciph(krb5_context context, + const krb5_keyblock *session, + const char *service, + const char *instance, + const char *realm, + u_int32_t life, + unsigned char kvno, + const krb5_data *ticket, + u_int32_t kdc_time, + const krb5_keyblock *key, + krb5_data *enc_data) +{ + krb5_error_code ret; + krb5_storage *sp; + + krb5_data_zero(enc_data); + + sp = krb5_storage_emem(); + if (sp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); + + /* session key */ + ret = krb5_storage_write(sp, + session->keyvalue.data, + session->keyvalue.length); + if (ret != session->keyvalue.length) { + ret = EINVAL; + goto error; + } + + RCHECK(ret, put_nir(sp, service, instance, realm), error); + RCHECK(ret, krb5_store_int8(sp, life), error); + RCHECK(ret, krb5_store_int8(sp, kvno), error); + RCHECK(ret, krb5_store_int8(sp, ticket->length), error); + ret = krb5_storage_write(sp, ticket->data, ticket->length); + if (ret != ticket->length) { + ret = EINVAL; + goto error; + } + RCHECK(ret, krb5_store_int32(sp, kdc_time), error); + + ret = storage_to_etext(context, sp, key, enc_data); + + error: + krb5_storage_free(sp); + if (ret) + krb5_set_error_string(context, "Failed to encode kerberos 4 ticket"); + + return ret; +} + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_krb_create_auth_reply(krb5_context context, + const char *pname, + const char *pinst, + const char *prealm, + int32_t time_ws, + int n, + u_int32_t x_date, + unsigned char kvno, + const krb5_data *cipher, + krb5_data *data) +{ + krb5_error_code ret; + krb5_storage *sp; + + krb5_data_zero(data); + + sp = krb5_storage_emem(); + if (sp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); + + RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error); + RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_KDC_REPLY), error); + RCHECK(ret, put_nir(sp, pname, pinst, prealm), error); + RCHECK(ret, krb5_store_int32(sp, time_ws), error); + RCHECK(ret, krb5_store_int8(sp, n), error); + RCHECK(ret, krb5_store_int32(sp, x_date), error); + RCHECK(ret, krb5_store_int8(sp, kvno), error); + RCHECK(ret, krb5_store_int16(sp, cipher->length), error); + ret = krb5_storage_write(sp, cipher->data, cipher->length); + if (ret != cipher->length) { + ret = EINVAL; + goto error; + } + + ret = krb5_storage_to_data(sp, data); + + error: + krb5_storage_free(sp); + if (ret) + krb5_set_error_string(context, "Failed to encode kerberos 4 ticket"); + + return ret; +} + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_krb_cr_err_reply(krb5_context context, + const char *name, + const char *inst, + const char *realm, + u_int32_t time_ws, + u_int32_t e, + const char *e_string, + krb5_data *data) +{ + krb5_error_code ret; + krb5_storage *sp; + + krb5_data_zero(data); + + if (name == NULL) name = ""; + if (inst == NULL) inst = ""; + if (realm == NULL) realm = ""; + if (e_string == NULL) e_string = ""; + + sp = krb5_storage_emem(); + if (sp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); + + RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error); + RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error); + RCHECK(ret, put_nir(sp, name, inst, realm), error); + RCHECK(ret, krb5_store_int32(sp, time_ws), error); + RCHECK(ret, krb5_store_int32(sp, e), error); + RCHECK(ret, krb5_store_stringz(sp, e_string), error); + + ret = krb5_storage_to_data(sp, data); + + error: + krb5_storage_free(sp); + if (ret) + krb5_set_error_string(context, "Failed to encode kerberos 4 error"); + + return 0; +} + +static krb5_error_code +get_v4_stringz(krb5_storage *sp, char **str, size_t max_len) +{ + krb5_error_code ret; + + ret = krb5_ret_stringz(sp, str); + if (ret) + return ret; + if (strlen(*str) > max_len) { + free(*str); + *str = NULL; + return EINVAL; + } + return 0; +} + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_krb_decomp_ticket(krb5_context context, + const krb5_data *enc_ticket, + const krb5_keyblock *key, + const char *local_realm, + char **sname, + char **sinstance, + struct _krb5_krb_auth_data *ad) +{ + krb5_error_code ret; + krb5_ssize_t size; + krb5_storage *sp = NULL; + krb5_data ticket; + unsigned char des_key[8]; + + memset(ad, 0, sizeof(*ad)); + krb5_data_zero(&ticket); + + *sname = NULL; + *sinstance = NULL; + + RCHECK(ret, decrypt_etext(context, key, enc_ticket, &ticket), error); + + sp = krb5_storage_from_data(&ticket); + if (sp == NULL) { + krb5_data_free(&ticket); + krb5_set_error_string(context, "alloc: out of memory"); + return ENOMEM; + } + + krb5_storage_set_eof_code(sp, EINVAL); /* XXX */ + + RCHECK(ret, krb5_ret_int8(sp, &ad->k_flags), error); + RCHECK(ret, get_v4_stringz(sp, &ad->pname, ANAME_SZ), error); + RCHECK(ret, get_v4_stringz(sp, &ad->pinst, INST_SZ), error); + RCHECK(ret, get_v4_stringz(sp, &ad->prealm, REALM_SZ), error); + RCHECK(ret, krb5_ret_int32(sp, &ad->address), error); + + size = krb5_storage_read(sp, des_key, sizeof(des_key)); + if (size != sizeof(des_key)) { + ret = EINVAL; /* XXX */ + goto error; + } + + RCHECK(ret, krb5_ret_int8(sp, &ad->life), error); + + if (ad->k_flags & 1) + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE); + else + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); + + RCHECK(ret, krb5_ret_int32(sp, &ad->time_sec), error); + + RCHECK(ret, get_v4_stringz(sp, sname, ANAME_SZ), error); + RCHECK(ret, get_v4_stringz(sp, sinstance, INST_SZ), error); + + ret = krb5_keyblock_init(context, ETYPE_DES_PCBC_NONE, + des_key, sizeof(des_key), &ad->session); + if (ret) + goto error; + + if (strlen(ad->prealm) == 0) { + free(ad->prealm); + ad->prealm = strdup(local_realm); + if (ad->prealm == NULL) { + ret = ENOMEM; + goto error; + } + } + + error: + memset(des_key, 0, sizeof(des_key)); + if (sp) + krb5_storage_free(sp); + krb5_data_free(&ticket); + if (ret) { + if (*sname) { + free(*sname); + *sname = NULL; + } + if (*sinstance) { + free(*sinstance); + *sinstance = NULL; + } + _krb5_krb_free_auth_data(context, ad); + krb5_set_error_string(context, "Failed to decode v4 ticket"); + } + return ret; +} + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_krb_rd_req(krb5_context context, + krb5_data *authent, + const char *service, + const char *instance, + const char *local_realm, + int32_t from_addr, + const krb5_keyblock *key, + struct _krb5_krb_auth_data *ad) +{ + krb5_error_code ret; + krb5_storage *sp; + krb5_data ticket, eaut, aut; + krb5_ssize_t size; + int little_endian; + int8_t pvno; + int8_t type; + int8_t s_kvno; + u_int8_t ticket_length; + u_int8_t eaut_length; + u_int8_t time_5ms; + char *realm = NULL; + char *sname = NULL; + char *sinstance = NULL; + char *r_realm = NULL; + char *r_name = NULL; + char *r_instance = NULL; + + u_int32_t r_time_sec; /* Coarse time from authenticator */ + unsigned long delta_t; /* Time in authenticator - local time */ + long tkt_age; /* Age of ticket */ + + struct timeval tv; + + krb5_data_zero(&ticket); + krb5_data_zero(&eaut); + krb5_data_zero(&aut); + + sp = krb5_storage_from_data(authent); + if (sp == NULL) { + krb5_set_error_string(context, "alloc: out of memory"); + return ENOMEM; + } + + krb5_storage_set_eof_code(sp, EINVAL); /* XXX */ + + ret = krb5_ret_int8(sp, &pvno); + if (ret) + goto error; + + if (pvno != KRB_PROT_VERSION) { + ret = EINVAL; /* XXX */ + goto error; + } + + ret = krb5_ret_int8(sp, &type); + if (ret) + goto error; + + little_endian = type & 1; + type &= ~1; + + if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) { + ret = EINVAL; /* RD_AP_MSG_TYPE */ + goto error; + } + + RCHECK(ret, krb5_ret_int8(sp, &s_kvno), error); + RCHECK(ret, get_v4_stringz(sp, &realm, REALM_SZ), error); + RCHECK(ret, krb5_ret_int8(sp, &ticket_length), error); + RCHECK(ret, krb5_ret_int8(sp, &eaut_length), error); + RCHECK(ret, krb5_data_alloc(&ticket, ticket_length), error); + + size = krb5_storage_read(sp, ticket.data, ticket.length); + if (size != ticket.length) { + ret = EINVAL; + goto error; + } + + /* Decrypt and take apart ticket */ + ret = _krb5_krb_decomp_ticket(context, &ticket, key, local_realm, + &sname, &sinstance, ad); + if (ret) + goto error; + + RCHECK(ret, krb5_data_alloc(&eaut, eaut_length), error); + + size = krb5_storage_read(sp, eaut.data, eaut.length); + if (size != eaut.length) { + ret = EINVAL; + goto error; + } + + krb5_storage_free(sp); + sp = NULL; + + ret = decrypt_etext(context, &ad->session, &eaut, &aut); + if (ret) + goto error; + + sp = krb5_storage_from_data(&aut); + if (sp == NULL) { + krb5_set_error_string(context, "alloc: out of memory"); + ret = ENOMEM; + goto error; + } + + if (little_endian) + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE); + else + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); + + RCHECK(ret, get_v4_stringz(sp, &r_name, ANAME_SZ), error); + RCHECK(ret, get_v4_stringz(sp, &r_instance, INST_SZ), error); + RCHECK(ret, get_v4_stringz(sp, &r_realm, REALM_SZ), error); + + RCHECK(ret, krb5_ret_int32(sp, &ad->checksum), error); + RCHECK(ret, krb5_ret_int8(sp, &time_5ms), error); + RCHECK(ret, krb5_ret_int32(sp, &r_time_sec), error); + + if (strcmp(ad->pname, r_name) != 0 || + strcmp(ad->pinst, r_instance) != 0 || + strcmp(ad->prealm, r_realm) != 0) { + ret = EINVAL; /* RD_AP_INCON */ + goto error; + } + + if (from_addr && from_addr == ad->address) { + ret = EINVAL; /* RD_AP_BADD */ + goto error; + } + + gettimeofday(&tv, NULL); + delta_t = abs((int)(tv.tv_sec - r_time_sec)); + if (delta_t > CLOCK_SKEW) { + ret = EINVAL; /* RD_AP_TIME */ + goto error; + } + + /* Now check for expiration of ticket */ + + tkt_age = tv.tv_sec - ad->time_sec; + + if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) { + ret = EINVAL; /* RD_AP_NYV */ + goto error; + } + + if (tv.tv_sec > _krb5_krb_life_to_time(ad->time_sec, ad->life)) { + ret = EINVAL; /* RD_AP_EXP */ + goto error; + } + + ret = 0; + error: + krb5_data_free(&ticket); + krb5_data_free(&eaut); + krb5_data_free(&aut); + if (realm) + free(realm); + if (sname) + free(sname); + if (sinstance) + free(sinstance); + if (r_name) + free(r_name); + if (r_instance) + free(r_instance); + if (r_realm) + free(r_realm); + if (sp) + krb5_storage_free(sp); + + if (ret) + krb5_clear_error_string(context); + + return ret; +} + +/* + * + */ + +void KRB5_LIB_FUNCTION +_krb5_krb_free_auth_data(krb5_context context, struct _krb5_krb_auth_data *ad) +{ + if (ad->pname) + free(ad->pname); + if (ad->pinst) + free(ad->pinst); + if (ad->prealm) + free(ad->prealm); + krb5_free_keyblock_contents(context, &ad->session); + memset(ad, 0, sizeof(*ad)); +} diff --git a/source4/heimdal/lib/krb5/version.c b/source4/heimdal/lib/krb5/version.c new file mode 100644 index 0000000000..5f0fd6680b --- /dev/null +++ b/source4/heimdal/lib/krb5/version.c @@ -0,0 +1,43 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: version.c,v 1.3 1999/12/02 17:05:13 joda Exp $"); + +/* this is just to get a version stamp in the library file */ + +#define heimdal_version __heimdal_version +#define heimdal_long_version __heimdal_long_version +#include "version.h" + diff --git a/source4/heimdal/lib/krb5/warn.c b/source4/heimdal/lib/krb5/warn.c new file mode 100644 index 0000000000..f9825914ee --- /dev/null +++ b/source4/heimdal/lib/krb5/warn.c @@ -0,0 +1,205 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +#include + +RCSID("$Id: warn.c,v 1.15 2004/05/25 21:46:26 lha Exp $"); + +static krb5_error_code _warnerr(krb5_context context, int do_errtext, + krb5_error_code code, int level, const char *fmt, va_list ap) + __attribute__((__format__(__printf__, 5, 0))); + +static krb5_error_code +_warnerr(krb5_context context, int do_errtext, + krb5_error_code code, int level, const char *fmt, va_list ap) +{ + char xfmt[7] = ""; + const char *args[2], **arg; + char *msg = NULL; + char *err_str = NULL; + + args[0] = args[1] = NULL; + arg = args; + if(fmt){ + strlcat(xfmt, "%s", sizeof(xfmt)); + if(do_errtext) + strlcat(xfmt, ": ", sizeof(xfmt)); + vasprintf(&msg, fmt, ap); + if(msg == NULL) + return ENOMEM; + *arg++ = msg; + } + if(context && do_errtext){ + const char *err_msg; + + strlcat(xfmt, "%s", sizeof(xfmt)); + + err_str = krb5_get_error_string(context); + if (err_str != NULL) { + *arg++ = err_str; + } else { + err_msg = krb5_get_err_text(context, code); + if (err_msg) + *arg++ = err_msg; + else + *arg++ = ""; + } + } + + if(context && context->warn_dest) + krb5_log(context, context->warn_dest, level, xfmt, args[0], args[1]); + else + warnx(xfmt, args[0], args[1]); + free(msg); + free(err_str); + return 0; +} + +#define FUNC(ETEXT, CODE, LEVEL) \ + krb5_error_code ret; \ + va_list ap; \ + va_start(ap, fmt); \ + ret = _warnerr(context, ETEXT, CODE, LEVEL, fmt, ap); \ + va_end(ap); + +#undef __attribute__ +#define __attribute__(X) + +krb5_error_code KRB5_LIB_FUNCTION +krb5_vwarn(krb5_context context, krb5_error_code code, + const char *fmt, va_list ap) + __attribute__ ((format (printf, 3, 0))) +{ + return _warnerr(context, 1, code, 1, fmt, ap); +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_warn(krb5_context context, krb5_error_code code, const char *fmt, ...) + __attribute__ ((format (printf, 3, 4))) +{ + FUNC(1, code, 1); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_vwarnx(krb5_context context, const char *fmt, va_list ap) + __attribute__ ((format (printf, 2, 0))) +{ + return _warnerr(context, 0, 0, 1, fmt, ap); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_warnx(krb5_context context, const char *fmt, ...) + __attribute__ ((format (printf, 2, 3))) +{ + FUNC(0, 0, 1); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_verr(krb5_context context, int eval, krb5_error_code code, + const char *fmt, va_list ap) + __attribute__ ((noreturn, format (printf, 4, 0))) +{ + _warnerr(context, 1, code, 0, fmt, ap); + exit(eval); +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_err(krb5_context context, int eval, krb5_error_code code, + const char *fmt, ...) + __attribute__ ((noreturn, format (printf, 4, 5))) +{ + FUNC(1, code, 0); + exit(eval); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap) + __attribute__ ((noreturn, format (printf, 3, 0))) +{ + _warnerr(context, 0, 0, 0, fmt, ap); + exit(eval); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_errx(krb5_context context, int eval, const char *fmt, ...) + __attribute__ ((noreturn, format (printf, 3, 4))) +{ + FUNC(0, 0, 0); + exit(eval); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_vabort(krb5_context context, krb5_error_code code, + const char *fmt, va_list ap) + __attribute__ ((noreturn, format (printf, 3, 0))) +{ + _warnerr(context, 1, code, 0, fmt, ap); + abort(); +} + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...) + __attribute__ ((noreturn, format (printf, 3, 4))) +{ + FUNC(1, code, 0); + abort(); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_vabortx(krb5_context context, const char *fmt, va_list ap) + __attribute__ ((noreturn, format (printf, 2, 0))) +{ + _warnerr(context, 0, 0, 0, fmt, ap); + abort(); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_abortx(krb5_context context, const char *fmt, ...) + __attribute__ ((noreturn, format (printf, 2, 3))) +{ + FUNC(0, 0, 0); + abort(); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_warn_dest(krb5_context context, krb5_log_facility *fac) +{ + context->warn_dest = fac; + return 0; +} diff --git a/source4/heimdal/lib/roken/base64.c b/source4/heimdal/lib/roken/base64.c new file mode 100644 index 0000000000..78dbe9c526 --- /dev/null +++ b/source4/heimdal/lib/roken/base64.c @@ -0,0 +1,136 @@ +/* + * Copyright (c) 1995-2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: base64.c,v 1.6 2005/04/12 11:28:34 lha Exp $"); +#endif +#include +#include +#include "base64.h" + +static const char base64_chars[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +static int +pos(char c) +{ + const char *p; + for (p = base64_chars; *p; p++) + if (*p == c) + return p - base64_chars; + return -1; +} + +int ROKEN_LIB_FUNCTION +base64_encode(const void *data, int size, char **str) +{ + char *s, *p; + int i; + int c; + const unsigned char *q; + + p = s = (char *) malloc(size * 4 / 3 + 4); + if (p == NULL) + return -1; + q = (const unsigned char *) data; + i = 0; + for (i = 0; i < size;) { + c = q[i++]; + c *= 256; + if (i < size) + c += q[i]; + i++; + c *= 256; + if (i < size) + c += q[i]; + i++; + p[0] = base64_chars[(c & 0x00fc0000) >> 18]; + p[1] = base64_chars[(c & 0x0003f000) >> 12]; + p[2] = base64_chars[(c & 0x00000fc0) >> 6]; + p[3] = base64_chars[(c & 0x0000003f) >> 0]; + if (i > size) + p[3] = '='; + if (i > size + 1) + p[2] = '='; + p += 4; + } + *p = 0; + *str = s; + return strlen(s); +} + +#define DECODE_ERROR 0xffffffff + +static unsigned int +token_decode(const char *token) +{ + int i; + unsigned int val = 0; + int marker = 0; + if (strlen(token) < 4) + return DECODE_ERROR; + for (i = 0; i < 4; i++) { + val *= 64; + if (token[i] == '=') + marker++; + else if (marker > 0) + return DECODE_ERROR; + else + val += pos(token[i]); + } + if (marker > 2) + return DECODE_ERROR; + return (marker << 24) | val; +} + +int ROKEN_LIB_FUNCTION +base64_decode(const char *str, void *data) +{ + const char *p; + unsigned char *q; + + q = data; + for (p = str; *p && (*p == '=' || strchr(base64_chars, *p)); p += 4) { + unsigned int val = token_decode(p); + unsigned int marker = (val >> 24) & 0xff; + if (val == DECODE_ERROR) + return -1; + *q++ = (val >> 16) & 0xff; + if (marker < 2) + *q++ = (val >> 8) & 0xff; + if (marker < 1) + *q++ = val & 0xff; + } + return q - (unsigned char *) data; +} diff --git a/source4/heimdal/lib/roken/base64.h b/source4/heimdal/lib/roken/base64.h new file mode 100644 index 0000000000..95992f9c21 --- /dev/null +++ b/source4/heimdal/lib/roken/base64.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: base64.h,v 1.4 2005/06/30 07:13:33 lha Exp $ */ + +#ifndef _BASE64_H_ +#define _BASE64_H_ + +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION _stdcall +#else +#define ROKEN_LIB_FUNCTION +#endif +#endif + +int ROKEN_LIB_FUNCTION +base64_encode(const void *, int, char **); + +int ROKEN_LIB_FUNCTION +base64_decode(const char *, void *); + +#endif diff --git a/source4/heimdal/lib/roken/bswap.c b/source4/heimdal/lib/roken/bswap.c new file mode 100644 index 0000000000..48b587d2db --- /dev/null +++ b/source4/heimdal/lib/roken/bswap.c @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include "roken.h" + +RCSID("$Id: bswap.c,v 1.4 2005/04/12 11:28:35 lha Exp $"); + +#ifndef HAVE_BSWAP32 + +unsigned int ROKEN_LIB_FUNCTION +bswap32 (unsigned int val) +{ + return (val & 0xff) << 24 | + (val & 0xff00) << 8 | + (val & 0xff0000) >> 8 | + (val & 0xff000000) >> 24; +} +#endif + +#ifndef HAVE_BSWAP16 + +unsigned short ROKEN_LIB_FUNCTION +bswap16 (unsigned short val) +{ + return (val & 0xff) << 8 | + (val & 0xff00) >> 8; +} +#endif diff --git a/source4/heimdal/lib/roken/emalloc.c b/source4/heimdal/lib/roken/emalloc.c new file mode 100644 index 0000000000..91af6b5184 --- /dev/null +++ b/source4/heimdal/lib/roken/emalloc.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: emalloc.c,v 1.6 2005/04/12 11:28:37 lha Exp $"); +#endif + +#include +#include + +#include + +/* + * Like malloc but never fails. + */ + +void * ROKEN_LIB_FUNCTION +emalloc (size_t sz) +{ + void *tmp = malloc (sz); + + if (tmp == NULL && sz != 0) + errx (1, "malloc %lu failed", (unsigned long)sz); + return tmp; +} diff --git a/source4/heimdal/lib/roken/get_window_size.c b/source4/heimdal/lib/roken/get_window_size.c new file mode 100644 index 0000000000..6743e15af9 --- /dev/null +++ b/source4/heimdal/lib/roken/get_window_size.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: get_window_size.c,v 1.10 2005/04/12 11:28:42 lha Exp $"); +#endif + +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +#if 0 /* Where were those needed? /confused */ +#ifdef HAVE_SYS_PROC_H +#include +#endif + +#ifdef HAVE_SYS_TTY_H +#include +#endif +#endif + +#ifdef HAVE_TERMIOS_H +#include +#endif + +#include + +int ROKEN_LIB_FUNCTION +get_window_size(int fd, struct winsize *wp) +{ + int ret = -1; + + memset(wp, 0, sizeof(*wp)); + +#if defined(TIOCGWINSZ) + ret = ioctl(fd, TIOCGWINSZ, wp); +#elif defined(TIOCGSIZE) + { + struct ttysize ts; + + ret = ioctl(fd, TIOCGSIZE, &ts); + if(ret == 0) { + wp->ws_row = ts.ts_lines; + wp->ws_col = ts.ts_cols; + } + } +#elif defined(HAVE__SCRSIZE) + { + int dst[2]; + + _scrsize(dst); + wp->ws_row = dst[1]; + wp->ws_col = dst[0]; + ret = 0; + } +#endif + if (ret != 0) { + char *s; + if((s = getenv("COLUMNS"))) + wp->ws_col = atoi(s); + if((s = getenv("LINES"))) + wp->ws_row = atoi(s); + if(wp->ws_col > 0 && wp->ws_row > 0) + ret = 0; + } + return ret; +} diff --git a/source4/heimdal/lib/roken/getarg.c b/source4/heimdal/lib/roken/getarg.c new file mode 100644 index 0000000000..e4e0556adf --- /dev/null +++ b/source4/heimdal/lib/roken/getarg.c @@ -0,0 +1,595 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: getarg.c,v 1.48 2005/04/12 11:28:43 lha Exp $"); +#endif + +#include +#include +#include +#include +#include "getarg.h" + +#define ISFLAG(X) ((X).type == arg_flag || (X).type == arg_negative_flag) + +static size_t +print_arg (char *string, size_t len, int mdoc, int longp, struct getargs *arg) +{ + const char *s; + + *string = '\0'; + + if (ISFLAG(*arg) || (!longp && arg->type == arg_counter)) + return 0; + + if(mdoc){ + if(longp) + strlcat(string, "= Ns", len); + strlcat(string, " Ar ", len); + } else { + if (longp) + strlcat (string, "=", len); + else + strlcat (string, " ", len); + } + + if (arg->arg_help) + s = arg->arg_help; + else if (arg->type == arg_integer || arg->type == arg_counter) + s = "integer"; + else if (arg->type == arg_string) + s = "string"; + else if (arg->type == arg_strings) + s = "strings"; + else if (arg->type == arg_double) + s = "float"; + else + s = ""; + + strlcat(string, s, len); + return 1 + strlen(s); +} + +static void +mandoc_template(struct getargs *args, + size_t num_args, + const char *progname, + const char *extra_string) +{ + int i; + char timestr[64], cmd[64]; + char buf[128]; + const char *p; + time_t t; + + printf(".\\\" Things to fix:\n"); + printf(".\\\" * correct section, and operating system\n"); + printf(".\\\" * remove Op from mandatory flags\n"); + printf(".\\\" * use better macros for arguments (like .Pa for files)\n"); + printf(".\\\"\n"); + t = time(NULL); + strftime(timestr, sizeof(timestr), "%B %e, %Y", localtime(&t)); + printf(".Dd %s\n", timestr); + p = strrchr(progname, '/'); + if(p) p++; else p = progname; + strlcpy(cmd, p, sizeof(cmd)); + strupr(cmd); + + printf(".Dt %s SECTION\n", cmd); + printf(".Os OPERATING_SYSTEM\n"); + printf(".Sh NAME\n"); + printf(".Nm %s\n", p); + printf(".Nd\n"); + printf("in search of a description\n"); + printf(".Sh SYNOPSIS\n"); + printf(".Nm\n"); + for(i = 0; i < num_args; i++){ + /* we seem to hit a limit on number of arguments if doing + short and long flags with arguments -- split on two lines */ + if(ISFLAG(args[i]) || + args[i].short_name == 0 || args[i].long_name == NULL) { + printf(".Op "); + + if(args[i].short_name) { + print_arg(buf, sizeof(buf), 1, 0, args + i); + printf("Fl %c%s", args[i].short_name, buf); + if(args[i].long_name) + printf(" | "); + } + if(args[i].long_name) { + print_arg(buf, sizeof(buf), 1, 1, args + i); + printf("Fl -%s%s%s", + args[i].type == arg_negative_flag ? "no-" : "", + args[i].long_name, buf); + } + printf("\n"); + } else { + print_arg(buf, sizeof(buf), 1, 0, args + i); + printf(".Oo Fl %c%s \\*(Ba Xo\n", args[i].short_name, buf); + print_arg(buf, sizeof(buf), 1, 1, args + i); + printf(".Fl -%s%s\n.Xc\n.Oc\n", args[i].long_name, buf); + } + /* + if(args[i].type == arg_strings) + fprintf (stderr, "..."); + */ + } + if (extra_string && *extra_string) + printf (".Ar %s\n", extra_string); + printf(".Sh DESCRIPTION\n"); + printf("Supported options:\n"); + printf(".Bl -tag -width Ds\n"); + for(i = 0; i < num_args; i++){ + printf(".It Xo\n"); + if(args[i].short_name){ + printf(".Fl %c", args[i].short_name); + print_arg(buf, sizeof(buf), 1, 0, args + i); + printf("%s", buf); + if(args[i].long_name) + printf(" ,"); + printf("\n"); + } + if(args[i].long_name){ + printf(".Fl -%s%s", + args[i].type == arg_negative_flag ? "no-" : "", + args[i].long_name); + print_arg(buf, sizeof(buf), 1, 1, args + i); + printf("%s\n", buf); + } + printf(".Xc\n"); + if(args[i].help) + printf("%s\n", args[i].help); + /* + if(args[i].type == arg_strings) + fprintf (stderr, "..."); + */ + } + printf(".El\n"); + printf(".\\\".Sh ENVIRONMENT\n"); + printf(".\\\".Sh FILES\n"); + printf(".\\\".Sh EXAMPLES\n"); + printf(".\\\".Sh DIAGNOSTICS\n"); + printf(".\\\".Sh SEE ALSO\n"); + printf(".\\\".Sh STANDARDS\n"); + printf(".\\\".Sh HISTORY\n"); + printf(".\\\".Sh AUTHORS\n"); + printf(".\\\".Sh BUGS\n"); +} + +static int +check_column(FILE *f, int col, int len, int columns) +{ + if(col + len > columns) { + fprintf(f, "\n"); + col = fprintf(f, " "); + } + return col; +} + +void ROKEN_LIB_FUNCTION +arg_printusage (struct getargs *args, + size_t num_args, + const char *progname, + const char *extra_string) +{ + int i; + size_t max_len = 0; + char buf[128]; + int col = 0, columns; + struct winsize ws; + + if (progname == NULL) + progname = getprogname(); + + if(getenv("GETARGMANDOC")){ + mandoc_template(args, num_args, progname, extra_string); + return; + } + if(get_window_size(2, &ws) == 0) + columns = ws.ws_col; + else + columns = 80; + col = 0; + col += fprintf (stderr, "Usage: %s", progname); + buf[0] = '\0'; + for (i = 0; i < num_args; ++i) { + if(args[i].short_name && ISFLAG(args[i])) { + char s[2]; + if(buf[0] == '\0') + strlcpy(buf, "[-", sizeof(buf)); + s[0] = args[i].short_name; + s[1] = '\0'; + strlcat(buf, s, sizeof(buf)); + } + } + if(buf[0] != '\0') { + strlcat(buf, "]", sizeof(buf)); + col = check_column(stderr, col, strlen(buf) + 1, columns); + col += fprintf(stderr, " %s", buf); + } + + for (i = 0; i < num_args; ++i) { + size_t len = 0; + + if (args[i].long_name) { + buf[0] = '\0'; + strlcat(buf, "[--", sizeof(buf)); + len += 2; + if(args[i].type == arg_negative_flag) { + strlcat(buf, "no-", sizeof(buf)); + len += 3; + } + strlcat(buf, args[i].long_name, sizeof(buf)); + len += strlen(args[i].long_name); + len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), + 0, 1, &args[i]); + strlcat(buf, "]", sizeof(buf)); + if(args[i].type == arg_strings) + strlcat(buf, "...", sizeof(buf)); + col = check_column(stderr, col, strlen(buf) + 1, columns); + col += fprintf(stderr, " %s", buf); + } + if (args[i].short_name && !ISFLAG(args[i])) { + snprintf(buf, sizeof(buf), "[-%c", args[i].short_name); + len += 2; + len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), + 0, 0, &args[i]); + strlcat(buf, "]", sizeof(buf)); + if(args[i].type == arg_strings) + strlcat(buf, "...", sizeof(buf)); + col = check_column(stderr, col, strlen(buf) + 1, columns); + col += fprintf(stderr, " %s", buf); + } + if (args[i].long_name && args[i].short_name) + len += 2; /* ", " */ + max_len = max(max_len, len); + } + if (extra_string) { + col = check_column(stderr, col, strlen(extra_string) + 1, columns); + fprintf (stderr, " %s\n", extra_string); + } else + fprintf (stderr, "\n"); + for (i = 0; i < num_args; ++i) { + if (args[i].help) { + size_t count = 0; + + if (args[i].short_name) { + count += fprintf (stderr, "-%c", args[i].short_name); + print_arg (buf, sizeof(buf), 0, 0, &args[i]); + count += fprintf(stderr, "%s", buf); + } + if (args[i].short_name && args[i].long_name) + count += fprintf (stderr, ", "); + if (args[i].long_name) { + count += fprintf (stderr, "--"); + if (args[i].type == arg_negative_flag) + count += fprintf (stderr, "no-"); + count += fprintf (stderr, "%s", args[i].long_name); + print_arg (buf, sizeof(buf), 0, 1, &args[i]); + count += fprintf(stderr, "%s", buf); + } + while(count++ <= max_len) + putc (' ', stderr); + fprintf (stderr, "%s\n", args[i].help); + } + } +} + +static int +add_string(getarg_strings *s, char *value) +{ + char **strings; + + strings = realloc(s->strings, (s->num_strings + 1) * sizeof(*s->strings)); + if (strings == NULL) { + free(s->strings); + s->strings = NULL; + s->num_strings = 0; + return ENOMEM; + } + s->strings = strings; + s->strings[s->num_strings] = value; + s->num_strings++; + return 0; +} + +static int +arg_match_long(struct getargs *args, size_t num_args, + char *argv, int argc, char **rargv, int *goptind) +{ + int i; + char *goptarg = NULL; + int negate = 0; + int partial_match = 0; + struct getargs *partial = NULL; + struct getargs *current = NULL; + int argv_len; + char *p; + int p_len; + + argv_len = strlen(argv); + p = strchr (argv, '='); + if (p != NULL) + argv_len = p - argv; + + for (i = 0; i < num_args; ++i) { + if(args[i].long_name) { + int len = strlen(args[i].long_name); + p = argv; + p_len = argv_len; + negate = 0; + + for (;;) { + if (strncmp (args[i].long_name, p, p_len) == 0) { + if(p_len == len) + current = &args[i]; + else { + ++partial_match; + partial = &args[i]; + } + goptarg = p + p_len; + } else if (ISFLAG(args[i]) && strncmp (p, "no-", 3) == 0) { + negate = !negate; + p += 3; + p_len -= 3; + continue; + } + break; + } + if (current) + break; + } + } + if (current == NULL) { + if (partial_match == 1) + current = partial; + else + return ARG_ERR_NO_MATCH; + } + + if(*goptarg == '\0' + && !ISFLAG(*current) + && current->type != arg_collect + && current->type != arg_counter) + return ARG_ERR_NO_MATCH; + switch(current->type){ + case arg_integer: + { + int tmp; + if(sscanf(goptarg + 1, "%d", &tmp) != 1) + return ARG_ERR_BAD_ARG; + *(int*)current->value = tmp; + return 0; + } + case arg_string: + { + *(char**)current->value = goptarg + 1; + return 0; + } + case arg_strings: + { + return add_string((getarg_strings*)current->value, goptarg + 1); + } + case arg_flag: + case arg_negative_flag: + { + int *flag = current->value; + if(*goptarg == '\0' || + strcmp(goptarg + 1, "yes") == 0 || + strcmp(goptarg + 1, "true") == 0){ + *flag = !negate; + return 0; + } else if (*goptarg && strcmp(goptarg + 1, "maybe") == 0) { +#ifdef HAVE_RANDOM + *flag = random() & 1; +#else + *flag = rand() & 1; +#endif + } else { + *flag = negate; + return 0; + } + return ARG_ERR_BAD_ARG; + } + case arg_counter : + { + int val; + + if (*goptarg == '\0') + val = 1; + else if(sscanf(goptarg + 1, "%d", &val) != 1) + return ARG_ERR_BAD_ARG; + *(int *)current->value += val; + return 0; + } + case arg_double: + { + double tmp; + if(sscanf(goptarg + 1, "%lf", &tmp) != 1) + return ARG_ERR_BAD_ARG; + *(double*)current->value = tmp; + return 0; + } + case arg_collect:{ + struct getarg_collect_info *c = current->value; + int o = argv - rargv[*goptind]; + return (*c->func)(FALSE, argc, rargv, goptind, &o, c->data); + } + + default: + abort (); + } +} + +static int +arg_match_short (struct getargs *args, size_t num_args, + char *argv, int argc, char **rargv, int *goptind) +{ + int j, k; + + for(j = 1; j > 0 && j < strlen(rargv[*goptind]); j++) { + for(k = 0; k < num_args; k++) { + char *goptarg; + + if(args[k].short_name == 0) + continue; + if(argv[j] == args[k].short_name) { + if(args[k].type == arg_flag) { + *(int*)args[k].value = 1; + break; + } + if(args[k].type == arg_negative_flag) { + *(int*)args[k].value = 0; + break; + } + if(args[k].type == arg_counter) { + ++*(int *)args[k].value; + break; + } + if(args[k].type == arg_collect) { + struct getarg_collect_info *c = args[k].value; + + if((*c->func)(TRUE, argc, rargv, goptind, &j, c->data)) + return ARG_ERR_BAD_ARG; + break; + } + + if(argv[j + 1]) + goptarg = &argv[j + 1]; + else { + ++*goptind; + goptarg = rargv[*goptind]; + } + if(goptarg == NULL) { + --*goptind; + return ARG_ERR_NO_ARG; + } + if(args[k].type == arg_integer) { + int tmp; + if(sscanf(goptarg, "%d", &tmp) != 1) + return ARG_ERR_BAD_ARG; + *(int*)args[k].value = tmp; + return 0; + } else if(args[k].type == arg_string) { + *(char**)args[k].value = goptarg; + return 0; + } else if(args[k].type == arg_strings) { + return add_string((getarg_strings*)args[k].value, goptarg); + } else if(args[k].type == arg_double) { + double tmp; + if(sscanf(goptarg, "%lf", &tmp) != 1) + return ARG_ERR_BAD_ARG; + *(double*)args[k].value = tmp; + return 0; + } + return ARG_ERR_BAD_ARG; + } + } + if (k == num_args) + return ARG_ERR_NO_MATCH; + } + return 0; +} + +int ROKEN_LIB_FUNCTION +getarg(struct getargs *args, size_t num_args, + int argc, char **argv, int *goptind) +{ + int i; + int ret = 0; + +#if defined(HAVE_SRANDOMDEV) + srandomdev(); +#elif defined(HAVE_RANDOM) + srandom(time(NULL)); +#else + srand (time(NULL)); +#endif + (*goptind)++; + for(i = *goptind; i < argc; i++) { + if(argv[i][0] != '-') + break; + if(argv[i][1] == '-'){ + if(argv[i][2] == 0){ + i++; + break; + } + ret = arg_match_long (args, num_args, argv[i] + 2, + argc, argv, &i); + } else { + ret = arg_match_short (args, num_args, argv[i], + argc, argv, &i); + } + if(ret) + break; + } + *goptind = i; + return ret; +} + +void ROKEN_LIB_FUNCTION +free_getarg_strings (getarg_strings *s) +{ + free (s->strings); +} + +#if TEST +int foo_flag = 2; +int flag1 = 0; +int flag2 = 0; +int bar_int; +char *baz_string; + +struct getargs args[] = { + { NULL, '1', arg_flag, &flag1, "one", NULL }, + { NULL, '2', arg_flag, &flag2, "two", NULL }, + { "foo", 'f', arg_negative_flag, &foo_flag, "foo", NULL }, + { "bar", 'b', arg_integer, &bar_int, "bar", "seconds"}, + { "baz", 'x', arg_string, &baz_string, "baz", "name" }, +}; + +int main(int argc, char **argv) +{ + int goptind = 0; + while(getarg(args, 5, argc, argv, &goptind)) + printf("Bad arg: %s\n", argv[goptind]); + printf("flag1 = %d\n", flag1); + printf("flag2 = %d\n", flag2); + printf("foo_flag = %d\n", foo_flag); + printf("bar_int = %d\n", bar_int); + printf("baz_flag = %s\n", baz_string); + arg_printusage (args, 5, argv[0], "nothing here"); +} +#endif diff --git a/source4/heimdal/lib/roken/getarg.h b/source4/heimdal/lib/roken/getarg.h new file mode 100644 index 0000000000..bffa04486f --- /dev/null +++ b/source4/heimdal/lib/roken/getarg.h @@ -0,0 +1,102 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: getarg.h,v 1.14 2005/04/13 05:52:27 lha Exp $ */ + +#ifndef __GETARG_H__ +#define __GETARG_H__ + +#include + +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION _stdcall +#else +#define ROKEN_LIB_FUNCTION +#endif +#endif + +struct getargs{ + const char *long_name; + char short_name; + enum { arg_integer, + arg_string, + arg_flag, + arg_negative_flag, + arg_strings, + arg_double, + arg_collect, + arg_counter + } type; + void *value; + const char *help; + const char *arg_help; +}; + +enum { + ARG_ERR_NO_MATCH = 1, + ARG_ERR_BAD_ARG, + ARG_ERR_NO_ARG +}; + +typedef struct getarg_strings { + int num_strings; + char **strings; +} getarg_strings; + +typedef int (*getarg_collect_func)(int short_opt, + int argc, + char **argv, + int *goptind, + int *goptarg, + void *data); + +typedef struct getarg_collect_info { + getarg_collect_func func; + void *data; +} getarg_collect_info; + +int ROKEN_LIB_FUNCTION +getarg(struct getargs *args, size_t num_args, + int argc, char **argv, int *goptind); + +void ROKEN_LIB_FUNCTION +arg_printusage (struct getargs *args, + size_t num_args, + const char *progname, + const char *extra_string); + +void ROKEN_LIB_FUNCTION +free_getarg_strings (getarg_strings *); + +#endif /* __GETARG_H__ */ diff --git a/source4/heimdal/lib/roken/getifaddrs.c b/source4/heimdal/lib/roken/getifaddrs.c new file mode 100644 index 0000000000..3c97e89810 --- /dev/null +++ b/source4/heimdal/lib/roken/getifaddrs.c @@ -0,0 +1,1186 @@ +/* + * Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: getifaddrs.c,v 1.11 2005/04/30 15:45:47 lha Exp $"); +#endif +#include "roken.h" + +#ifdef __osf__ +/* hate */ +struct rtentry; +struct mbuf; +#endif +#ifdef HAVE_NET_IF_H +#include +#endif + +#ifdef HAVE_SYS_SOCKIO_H +#include +#endif /* HAVE_SYS_SOCKIO_H */ + +#ifdef HAVE_NETINET_IN6_VAR_H +#include +#endif /* HAVE_NETINET_IN6_VAR_H */ + +#include + +#ifdef AF_NETLINK + +/* + * The linux - AF_NETLINK version of getifaddrs - from Usagi. + * Linux does not return v6 addresses from SIOCGIFCONF. + */ + +/* $USAGI: ifaddrs.c,v 1.18 2002/03/06 01:50:46 yoshfuji Exp $ */ + +/************************************************************************** + * ifaddrs.c + * Copyright (C)2000 Hideaki YOSHIFUJI, All Rights Reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the author nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "config.h" + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include /* the L2 protocols */ +#include +#include +#include +#include +#include + +#define __set_errno(e) (errno = (e)) +#define __close(fd) (close(fd)) +#undef ifa_broadaddr +#define ifa_broadaddr ifa_dstaddr +#define IFA_NETMASK + +/* ====================================================================== */ +struct nlmsg_list{ + struct nlmsg_list *nlm_next; + struct nlmsghdr *nlh; + int size; + time_t seq; +}; + +struct rtmaddr_ifamap { + void *address; + void *local; +#ifdef IFA_NETMASK + void *netmask; +#endif + void *broadcast; +#ifdef HAVE_IFADDRS_IFA_ANYCAST + void *anycast; +#endif + int address_len; + int local_len; +#ifdef IFA_NETMASK + int netmask_len; +#endif + int broadcast_len; +#ifdef HAVE_IFADDRS_IFA_ANYCAST + int anycast_len; +#endif +}; + +/* ====================================================================== */ +static size_t +ifa_sa_len(sa_family_t family, int len) +{ + size_t size; + switch(family){ + case AF_INET: + size = sizeof(struct sockaddr_in); + break; + case AF_INET6: + size = sizeof(struct sockaddr_in6); + break; + case AF_PACKET: + size = (size_t)(((struct sockaddr_ll *)NULL)->sll_addr) + len; + if (size < sizeof(struct sockaddr_ll)) + size = sizeof(struct sockaddr_ll); + break; + default: + size = (size_t)(((struct sockaddr *)NULL)->sa_data) + len; + if (size < sizeof(struct sockaddr)) + size = sizeof(struct sockaddr); + break; + } + return size; +} + +static void +ifa_make_sockaddr(sa_family_t family, + struct sockaddr *sa, + void *p, size_t len, + uint32_t scope, uint32_t scopeid) +{ + if (sa == NULL) return; + switch(family){ + case AF_INET: + memcpy(&((struct sockaddr_in*)sa)->sin_addr, (char *)p, len); + break; + case AF_INET6: + memcpy(&((struct sockaddr_in6*)sa)->sin6_addr, (char *)p, len); + if (IN6_IS_ADDR_LINKLOCAL(p) || + IN6_IS_ADDR_MC_LINKLOCAL(p)){ + ((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid; + } + break; + case AF_PACKET: + memcpy(((struct sockaddr_ll*)sa)->sll_addr, (char *)p, len); + ((struct sockaddr_ll*)sa)->sll_halen = len; + break; + default: + memcpy(sa->sa_data, p, len); /*XXX*/ + break; + } + sa->sa_family = family; +#ifdef HAVE_SOCKADDR_SA_LEN + sa->sa_len = ifa_sa_len(family, len); +#endif +} + +#ifndef IFA_NETMASK +static struct sockaddr * +ifa_make_sockaddr_mask(sa_family_t family, + struct sockaddr *sa, + uint32_t prefixlen) +{ + int i; + char *p = NULL, c; + uint32_t max_prefixlen = 0; + + if (sa == NULL) return NULL; + switch(family){ + case AF_INET: + memset(&((struct sockaddr_in*)sa)->sin_addr, 0, sizeof(((struct sockaddr_in*)sa)->sin_addr)); + p = (char *)&((struct sockaddr_in*)sa)->sin_addr; + max_prefixlen = 32; + break; + case AF_INET6: + memset(&((struct sockaddr_in6*)sa)->sin6_addr, 0, sizeof(((struct sockaddr_in6*)sa)->sin6_addr)); + p = (char *)&((struct sockaddr_in6*)sa)->sin6_addr; +#if 0 /* XXX: fill scope-id? */ + if (IN6_IS_ADDR_LINKLOCAL(p) || + IN6_IS_ADDR_MC_LINKLOCAL(p)){ + ((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid; + } +#endif + max_prefixlen = 128; + break; + default: + return NULL; + } + sa->sa_family = family; +#ifdef HAVE_SOCKADDR_SA_LEN + sa->sa_len = ifa_sa_len(family, len); +#endif + if (p){ + if (prefixlen > max_prefixlen) + prefixlen = max_prefixlen; + for (i=0; i<(prefixlen / 8); i++) + *p++ = 0xff; + c = 0xff; + c <<= (8 - (prefixlen % 8)); + *p = c; + } + return sa; +} +#endif + +/* ====================================================================== */ +static int +nl_sendreq(int sd, int request, int flags, int *seq) +{ + char reqbuf[NLMSG_ALIGN(sizeof(struct nlmsghdr)) + + NLMSG_ALIGN(sizeof(struct rtgenmsg))]; + struct sockaddr_nl nladdr; + struct nlmsghdr *req_hdr; + struct rtgenmsg *req_msg; + time_t t = time(NULL); + + if (seq) *seq = t; + memset(&reqbuf, 0, sizeof(reqbuf)); + req_hdr = (struct nlmsghdr *)reqbuf; + req_msg = (struct rtgenmsg *)NLMSG_DATA(req_hdr); + req_hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*req_msg)); + req_hdr->nlmsg_type = request; + req_hdr->nlmsg_flags = flags | NLM_F_REQUEST; + req_hdr->nlmsg_pid = 0; + req_hdr->nlmsg_seq = t; + req_msg->rtgen_family = AF_UNSPEC; + memset(&nladdr, 0, sizeof(nladdr)); + nladdr.nl_family = AF_NETLINK; + return (sendto(sd, (void *)req_hdr, req_hdr->nlmsg_len, 0, + (struct sockaddr *)&nladdr, sizeof(nladdr))); +} + +static int +nl_recvmsg(int sd, int request, int seq, + void *buf, size_t buflen, + int *flags) +{ + struct msghdr msg; + struct iovec iov = { buf, buflen }; + struct sockaddr_nl nladdr; + int read_len; + + for (;;){ + msg.msg_name = (void *)&nladdr; + msg.msg_namelen = sizeof(nladdr); + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_control = NULL; + msg.msg_controllen = 0; + msg.msg_flags = 0; + read_len = recvmsg(sd, &msg, 0); + if ((read_len < 0 && errno == EINTR) || (msg.msg_flags & MSG_TRUNC)) + continue; + if (flags) *flags = msg.msg_flags; + break; + } + return read_len; +} + +static int +nl_getmsg(int sd, int request, int seq, + struct nlmsghdr **nlhp, + int *done) +{ + struct nlmsghdr *nh; + size_t bufsize = 65536, lastbufsize = 0; + void *buff = NULL; + int result = 0, read_size; + int msg_flags; + pid_t pid = getpid(); + for (;;){ + void *newbuff = realloc(buff, bufsize); + if (newbuff == NULL || bufsize < lastbufsize) { + result = -1; + break; + } + buff = newbuff; + result = read_size = nl_recvmsg(sd, request, seq, buff, bufsize, &msg_flags); + if (read_size < 0 || (msg_flags & MSG_TRUNC)){ + lastbufsize = bufsize; + bufsize *= 2; + continue; + } + if (read_size == 0) break; + nh = (struct nlmsghdr *)buff; + for (nh = (struct nlmsghdr *)buff; + NLMSG_OK(nh, read_size); + nh = (struct nlmsghdr *)NLMSG_NEXT(nh, read_size)){ + if (nh->nlmsg_pid != pid || + nh->nlmsg_seq != seq) + continue; + if (nh->nlmsg_type == NLMSG_DONE){ + (*done)++; + break; /* ok */ + } + if (nh->nlmsg_type == NLMSG_ERROR){ + struct nlmsgerr *nlerr = (struct nlmsgerr *)NLMSG_DATA(nh); + result = -1; + if (nh->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr))) + __set_errno(EIO); + else + __set_errno(-nlerr->error); + break; + } + } + break; + } + if (result < 0) + if (buff){ + int saved_errno = errno; + free(buff); + __set_errno(saved_errno); + } + *nlhp = (struct nlmsghdr *)buff; + return result; +} + +static int +nl_getlist(int sd, int seq, + int request, + struct nlmsg_list **nlm_list, + struct nlmsg_list **nlm_end) +{ + struct nlmsghdr *nlh = NULL; + int status; + int done = 0; + + status = nl_sendreq(sd, request, NLM_F_ROOT|NLM_F_MATCH, &seq); + if (status < 0) + return status; + if (seq == 0) + seq = (int)time(NULL); + while(!done){ + status = nl_getmsg(sd, request, seq, &nlh, &done); + if (status < 0) + return status; + if (nlh){ + struct nlmsg_list *nlm_next = (struct nlmsg_list *)malloc(sizeof(struct nlmsg_list)); + if (nlm_next == NULL){ + int saved_errno = errno; + free(nlh); + __set_errno(saved_errno); + status = -1; + } else { + nlm_next->nlm_next = NULL; + nlm_next->nlh = (struct nlmsghdr *)nlh; + nlm_next->size = status; + nlm_next->seq = seq; + if (*nlm_list == NULL){ + *nlm_list = nlm_next; + *nlm_end = nlm_next; + } else { + (*nlm_end)->nlm_next = nlm_next; + *nlm_end = nlm_next; + } + } + } + } + return status >= 0 ? seq : status; +} + +/* ---------------------------------------------------------------------- */ +static void +free_nlmsglist(struct nlmsg_list *nlm0) +{ + struct nlmsg_list *nlm; + int saved_errno; + if (!nlm0) + return; + saved_errno = errno; + for (nlm=nlm0; nlm; nlm=nlm->nlm_next){ + if (nlm->nlh) + free(nlm->nlh); + } + free(nlm0); + __set_errno(saved_errno); +} + +static void +free_data(void *data, void *ifdata) +{ + int saved_errno = errno; + if (data != NULL) free(data); + if (ifdata != NULL) free(ifdata); + __set_errno(saved_errno); +} + +/* ---------------------------------------------------------------------- */ +static void +nl_close(int sd) +{ + int saved_errno = errno; + if (sd >= 0) __close(sd); + __set_errno(saved_errno); +} + +/* ---------------------------------------------------------------------- */ +static int +nl_open(void) +{ + struct sockaddr_nl nladdr; + int sd; + + sd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + if (sd < 0) return -1; + memset(&nladdr, 0, sizeof(nladdr)); + nladdr.nl_family = AF_NETLINK; + if (bind(sd, (struct sockaddr*)&nladdr, sizeof(nladdr)) < 0){ + nl_close(sd); + return -1; + } + return sd; +} + +/* ====================================================================== */ +int ROKEN_LIB_FUNCTION +getifaddrs(struct ifaddrs **ifap) +{ + int sd; + struct nlmsg_list *nlmsg_list, *nlmsg_end, *nlm; + /* - - - - - - - - - - - - - - - */ + int icnt; + size_t dlen, xlen, nlen; + uint32_t max_ifindex = 0; + + pid_t pid = getpid(); + int seq; + int result; + int build ; /* 0 or 1 */ + +/* ---------------------------------- */ + /* initialize */ + icnt = dlen = xlen = nlen = 0; + nlmsg_list = nlmsg_end = NULL; + + if (ifap) + *ifap = NULL; + +/* ---------------------------------- */ + /* open socket and bind */ + sd = nl_open(); + if (sd < 0) + return -1; + +/* ---------------------------------- */ + /* gather info */ + if ((seq = nl_getlist(sd, 0, RTM_GETLINK, + &nlmsg_list, &nlmsg_end)) < 0){ + free_nlmsglist(nlmsg_list); + nl_close(sd); + return -1; + } + if ((seq = nl_getlist(sd, seq+1, RTM_GETADDR, + &nlmsg_list, &nlmsg_end)) < 0){ + free_nlmsglist(nlmsg_list); + nl_close(sd); + return -1; + } + +/* ---------------------------------- */ + /* Estimate size of result buffer and fill it */ + for (build=0; build<=1; build++){ + struct ifaddrs *ifl = NULL, *ifa = NULL; + struct nlmsghdr *nlh, *nlh0; + char *data = NULL, *xdata = NULL; + void *ifdata = NULL; + char *ifname = NULL, **iflist = NULL; + uint16_t *ifflist = NULL; + struct rtmaddr_ifamap ifamap; + + if (build){ + data = calloc(1, + NLMSG_ALIGN(sizeof(struct ifaddrs[icnt])) + + dlen + xlen + nlen); + ifa = (struct ifaddrs *)data; + ifdata = calloc(1, + NLMSG_ALIGN(sizeof(char *[max_ifindex+1])) + + NLMSG_ALIGN(sizeof(uint16_t [max_ifindex+1]))); + if (ifap != NULL) + *ifap = (ifdata != NULL) ? ifa : NULL; + else{ + free_data(data, ifdata); + result = 0; + break; + } + if (data == NULL || ifdata == NULL){ + free_data(data, ifdata); + result = -1; + break; + } + ifl = NULL; + data += NLMSG_ALIGN(sizeof(struct ifaddrs)) * icnt; + xdata = data + dlen; + ifname = xdata + xlen; + iflist = ifdata; + ifflist = (uint16_t *)(((char *)iflist) + NLMSG_ALIGN(sizeof(char *[max_ifindex+1]))); + } + + for (nlm=nlmsg_list; nlm; nlm=nlm->nlm_next){ + int nlmlen = nlm->size; + if (!(nlh0 = nlm->nlh)) + continue; + for (nlh = nlh0; + NLMSG_OK(nlh, nlmlen); + nlh=NLMSG_NEXT(nlh,nlmlen)){ + struct ifinfomsg *ifim = NULL; + struct ifaddrmsg *ifam = NULL; + struct rtattr *rta; + + size_t nlm_struct_size = 0; + sa_family_t nlm_family = 0; + uint32_t nlm_scope = 0, nlm_index = 0; + size_t sockaddr_size = 0; + uint32_t nlm_prefixlen = 0; + size_t rtasize; + + memset(&ifamap, 0, sizeof(ifamap)); + + /* check if the message is what we want */ + if (nlh->nlmsg_pid != pid || + nlh->nlmsg_seq != nlm->seq) + continue; + if (nlh->nlmsg_type == NLMSG_DONE){ + break; /* ok */ + } + switch (nlh->nlmsg_type){ + case RTM_NEWLINK: + ifim = (struct ifinfomsg *)NLMSG_DATA(nlh); + nlm_struct_size = sizeof(*ifim); + nlm_family = ifim->ifi_family; + nlm_scope = 0; + nlm_index = ifim->ifi_index; + nlm_prefixlen = 0; + if (build) + ifflist[nlm_index] = ifa->ifa_flags = ifim->ifi_flags; + break; + case RTM_NEWADDR: + ifam = (struct ifaddrmsg *)NLMSG_DATA(nlh); + nlm_struct_size = sizeof(*ifam); + nlm_family = ifam->ifa_family; + nlm_scope = ifam->ifa_scope; + nlm_index = ifam->ifa_index; + nlm_prefixlen = ifam->ifa_prefixlen; + if (build) + ifa->ifa_flags = ifflist[nlm_index]; + break; + default: + continue; + } + + if (!build){ + if (max_ifindex < nlm_index) + max_ifindex = nlm_index; + } else { + if (ifl != NULL) + ifl->ifa_next = ifa; + } + + rtasize = NLMSG_PAYLOAD(nlh, nlmlen) - NLMSG_ALIGN(nlm_struct_size); + for (rta = (struct rtattr *)(((char *)NLMSG_DATA(nlh)) + NLMSG_ALIGN(nlm_struct_size)); + RTA_OK(rta, rtasize); + rta = RTA_NEXT(rta, rtasize)){ + struct sockaddr **sap = NULL; + void *rtadata = RTA_DATA(rta); + size_t rtapayload = RTA_PAYLOAD(rta); + socklen_t sa_len; + + switch(nlh->nlmsg_type){ + case RTM_NEWLINK: + switch(rta->rta_type){ + case IFLA_ADDRESS: + case IFLA_BROADCAST: + if (build){ + sap = (rta->rta_type == IFLA_ADDRESS) ? &ifa->ifa_addr : &ifa->ifa_broadaddr; + *sap = (struct sockaddr *)data; + } + sa_len = ifa_sa_len(AF_PACKET, rtapayload); + if (rta->rta_type == IFLA_ADDRESS) + sockaddr_size = NLMSG_ALIGN(sa_len); + if (!build){ + dlen += NLMSG_ALIGN(sa_len); + } else { + memset(*sap, 0, sa_len); + ifa_make_sockaddr(AF_PACKET, *sap, rtadata,rtapayload, 0,0); + ((struct sockaddr_ll *)*sap)->sll_ifindex = nlm_index; + ((struct sockaddr_ll *)*sap)->sll_hatype = ifim->ifi_type; + data += NLMSG_ALIGN(sa_len); + } + break; + case IFLA_IFNAME:/* Name of Interface */ + if (!build) + nlen += NLMSG_ALIGN(rtapayload + 1); + else{ + ifa->ifa_name = ifname; + if (iflist[nlm_index] == NULL) + iflist[nlm_index] = ifa->ifa_name; + strncpy(ifa->ifa_name, rtadata, rtapayload); + ifa->ifa_name[rtapayload] = '\0'; + ifname += NLMSG_ALIGN(rtapayload + 1); + } + break; + case IFLA_STATS:/* Statistics of Interface */ + if (!build) + xlen += NLMSG_ALIGN(rtapayload); + else{ + ifa->ifa_data = xdata; + memcpy(ifa->ifa_data, rtadata, rtapayload); + xdata += NLMSG_ALIGN(rtapayload); + } + break; + case IFLA_UNSPEC: + break; + case IFLA_MTU: + break; + case IFLA_LINK: + break; + case IFLA_QDISC: + break; + default: + break; + } + break; + case RTM_NEWADDR: + if (nlm_family == AF_PACKET) break; + switch(rta->rta_type){ + case IFA_ADDRESS: + ifamap.address = rtadata; + ifamap.address_len = rtapayload; + break; + case IFA_LOCAL: + ifamap.local = rtadata; + ifamap.local_len = rtapayload; + break; + case IFA_BROADCAST: + ifamap.broadcast = rtadata; + ifamap.broadcast_len = rtapayload; + break; +#ifdef HAVE_IFADDRS_IFA_ANYCAST + case IFA_ANYCAST: + ifamap.anycast = rtadata; + ifamap.anycast_len = rtapayload; + break; +#endif + case IFA_LABEL: + if (!build) + nlen += NLMSG_ALIGN(rtapayload + 1); + else{ + ifa->ifa_name = ifname; + if (iflist[nlm_index] == NULL) + iflist[nlm_index] = ifname; + strncpy(ifa->ifa_name, rtadata, rtapayload); + ifa->ifa_name[rtapayload] = '\0'; + ifname += NLMSG_ALIGN(rtapayload + 1); + } + break; + case IFA_UNSPEC: + break; + case IFA_CACHEINFO: + break; + default: + break; + } + } + } + if (nlh->nlmsg_type == RTM_NEWADDR && + nlm_family != AF_PACKET) { + if (!ifamap.local) { + ifamap.local = ifamap.address; + ifamap.local_len = ifamap.address_len; + } + if (!ifamap.address) { + ifamap.address = ifamap.local; + ifamap.address_len = ifamap.local_len; + } + if (ifamap.address_len != ifamap.local_len || + (ifamap.address != NULL && + memcmp(ifamap.address, ifamap.local, ifamap.address_len))) { + /* p2p; address is peer and local is ours */ + ifamap.broadcast = ifamap.address; + ifamap.broadcast_len = ifamap.address_len; + ifamap.address = ifamap.local; + ifamap.address_len = ifamap.local_len; + } + if (ifamap.address) { +#ifndef IFA_NETMASK + sockaddr_size = NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len)); +#endif + if (!build) + dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len)); + else { + ifa->ifa_addr = (struct sockaddr *)data; + ifa_make_sockaddr(nlm_family, ifa->ifa_addr, ifamap.address, ifamap.address_len, + nlm_scope, nlm_index); + data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.address_len)); + } + } +#ifdef IFA_NETMASK + if (ifamap.netmask) { + if (!build) + dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.netmask_len)); + else { + ifa->ifa_netmask = (struct sockaddr *)data; + ifa_make_sockaddr(nlm_family, ifa->ifa_netmask, ifamap.netmask, ifamap.netmask_len, + nlm_scope, nlm_index); + data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.netmask_len)); + } + } +#endif + if (ifamap.broadcast) { + if (!build) + dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.broadcast_len)); + else { + ifa->ifa_broadaddr = (struct sockaddr *)data; + ifa_make_sockaddr(nlm_family, ifa->ifa_broadaddr, ifamap.broadcast, ifamap.broadcast_len, + nlm_scope, nlm_index); + data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.broadcast_len)); + } + } +#ifdef HAVE_IFADDRS_IFA_ANYCAST + if (ifamap.anycast) { + if (!build) + dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.anycast_len)); + else { + ifa->ifa_anycast = (struct sockaddr *)data; + ifa_make_sockaddr(nlm_family, ifa->ifa_anyaddr, ifamap.anycast, ifamap.anycast_len, + nlm_scope, nlm_index); + data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.anycast_len)); + } + } +#endif + } + if (!build){ +#ifndef IFA_NETMASK + dlen += sockaddr_size; +#endif + icnt++; + } else { + if (ifa->ifa_name == NULL) + ifa->ifa_name = iflist[nlm_index]; +#ifndef IFA_NETMASK + if (ifa->ifa_addr && + ifa->ifa_addr->sa_family != AF_UNSPEC && + ifa->ifa_addr->sa_family != AF_PACKET){ + ifa->ifa_netmask = (struct sockaddr *)data; + ifa_make_sockaddr_mask(ifa->ifa_addr->sa_family, ifa->ifa_netmask, nlm_prefixlen); + } + data += sockaddr_size; +#endif + ifl = ifa++; + } + } + } + if (!build){ + if (icnt == 0 && (dlen + nlen + xlen == 0)){ + if (ifap != NULL) + *ifap = NULL; + break; /* cannot found any addresses */ + } + } + else + free_data(NULL, ifdata); + } + +/* ---------------------------------- */ + /* Finalize */ + free_nlmsglist(nlmsg_list); + nl_close(sd); + return 0; +} + +/* ---------------------------------------------------------------------- */ +void ROKEN_LIB_FUNCTION +freeifaddrs(struct ifaddrs *ifa) +{ + free(ifa); +} + + +#else /* !AF_NETLINK */ + +/* + * The generic SIOCGIFCONF version. + */ + +static int +getifaddrs2(struct ifaddrs **ifap, + int af, int siocgifconf, int siocgifflags, + size_t ifreq_sz) +{ + int ret; + int fd; + size_t buf_size; + char *buf; + struct ifconf ifconf; + char *p; + size_t sz; + struct sockaddr sa_zero; + struct ifreq *ifr; + struct ifaddrs *start = NULL, **end = &start; + + buf = NULL; + + memset (&sa_zero, 0, sizeof(sa_zero)); + fd = socket(af, SOCK_DGRAM, 0); + if (fd < 0) + return -1; + + buf_size = 8192; + for (;;) { + buf = calloc(1, buf_size); + if (buf == NULL) { + ret = ENOMEM; + goto error_out; + } + ifconf.ifc_len = buf_size; + ifconf.ifc_buf = buf; + + /* + * Solaris returns EINVAL when the buffer is too small. + */ + if (ioctl (fd, siocgifconf, &ifconf) < 0 && errno != EINVAL) { + ret = errno; + goto error_out; + } + /* + * Can the difference between a full and a overfull buf + * be determined? + */ + + if (ifconf.ifc_len < buf_size) + break; + free (buf); + buf_size *= 2; + } + + for (p = ifconf.ifc_buf; + p < ifconf.ifc_buf + ifconf.ifc_len; + p += sz) { + struct ifreq ifreq; + struct sockaddr *sa; + size_t salen; + + ifr = (struct ifreq *)p; + sa = &ifr->ifr_addr; + + sz = ifreq_sz; + salen = sizeof(struct sockaddr); +#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN + salen = sa->sa_len; + sz = max(sz, sizeof(ifr->ifr_name) + sa->sa_len); +#endif +#ifdef SA_LEN + salen = SA_LEN(sa); + sz = max(sz, sizeof(ifr->ifr_name) + SA_LEN(sa)); +#endif + memset (&ifreq, 0, sizeof(ifreq)); + memcpy (ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name)); + + if (ioctl(fd, siocgifflags, &ifreq) < 0) { + ret = errno; + goto error_out; + } + + *end = malloc(sizeof(**end)); + if (*end == NULL) { + ret = ENOMEM; + goto error_out; + } + + (*end)->ifa_next = NULL; + (*end)->ifa_name = strdup(ifr->ifr_name); + (*end)->ifa_flags = ifreq.ifr_flags; + (*end)->ifa_addr = malloc(salen); + memcpy((*end)->ifa_addr, sa, salen); + (*end)->ifa_netmask = NULL; + +#if 0 + /* fix these when we actually need them */ + if(ifreq.ifr_flags & IFF_BROADCAST) { + (*end)->ifa_broadaddr = malloc(sizeof(ifr->ifr_broadaddr)); + memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr, + sizeof(ifr->ifr_broadaddr)); + } else if(ifreq.ifr_flags & IFF_POINTOPOINT) { + (*end)->ifa_dstaddr = malloc(sizeof(ifr->ifr_dstaddr)); + memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr, + sizeof(ifr->ifr_dstaddr)); + } else + (*end)->ifa_dstaddr = NULL; +#else + (*end)->ifa_dstaddr = NULL; +#endif + + (*end)->ifa_data = NULL; + + end = &(*end)->ifa_next; + + } + *ifap = start; + close(fd); + free(buf); + return 0; + error_out: + freeifaddrs(start); + close(fd); + free(buf); + errno = ret; + return -1; +} + +#if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) +static int +getlifaddrs2(struct ifaddrs **ifap, + int af, int siocgifconf, int siocgifflags, + size_t ifreq_sz) +{ + int ret; + int fd; + size_t buf_size; + char *buf; + struct lifconf ifconf; + char *p; + size_t sz; + struct sockaddr sa_zero; + struct lifreq *ifr; + struct ifaddrs *start = NULL, **end = &start; + + buf = NULL; + + memset (&sa_zero, 0, sizeof(sa_zero)); + fd = socket(af, SOCK_DGRAM, 0); + if (fd < 0) + return -1; + + buf_size = 8192; + for (;;) { + buf = calloc(1, buf_size); + if (buf == NULL) { + ret = ENOMEM; + goto error_out; + } + ifconf.lifc_family = AF_UNSPEC; + ifconf.lifc_flags = 0; + ifconf.lifc_len = buf_size; + ifconf.lifc_buf = buf; + + /* + * Solaris returns EINVAL when the buffer is too small. + */ + if (ioctl (fd, siocgifconf, &ifconf) < 0 && errno != EINVAL) { + ret = errno; + goto error_out; + } + /* + * Can the difference between a full and a overfull buf + * be determined? + */ + + if (ifconf.lifc_len < buf_size) + break; + free (buf); + buf_size *= 2; + } + + for (p = ifconf.lifc_buf; + p < ifconf.lifc_buf + ifconf.lifc_len; + p += sz) { + struct lifreq ifreq; + struct sockaddr_storage *sa; + size_t salen; + + ifr = (struct lifreq *)p; + sa = &ifr->lifr_addr; + + sz = ifreq_sz; + salen = sizeof(struct sockaddr_storage); +#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN + salen = sa->sa_len; + sz = max(sz, sizeof(ifr->ifr_name) + sa->sa_len); +#endif +#ifdef SA_LEN + salen = SA_LEN(sa); + sz = max(sz, sizeof(ifr->ifr_name) + SA_LEN(sa)); +#endif + memset (&ifreq, 0, sizeof(ifreq)); + memcpy (ifreq.lifr_name, ifr->lifr_name, sizeof(ifr->lifr_name)); + + if (ioctl(fd, siocgifflags, &ifreq) < 0) { + ret = errno; + goto error_out; + } + + *end = malloc(sizeof(**end)); + + (*end)->ifa_next = NULL; + (*end)->ifa_name = strdup(ifr->lifr_name); + (*end)->ifa_flags = ifreq.lifr_flags; + (*end)->ifa_addr = malloc(salen); + memcpy((*end)->ifa_addr, sa, salen); + (*end)->ifa_netmask = NULL; + +#if 0 + /* fix these when we actually need them */ + if(ifreq.ifr_flags & IFF_BROADCAST) { + (*end)->ifa_broadaddr = malloc(sizeof(ifr->ifr_broadaddr)); + memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr, + sizeof(ifr->ifr_broadaddr)); + } else if(ifreq.ifr_flags & IFF_POINTOPOINT) { + (*end)->ifa_dstaddr = malloc(sizeof(ifr->ifr_dstaddr)); + memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr, + sizeof(ifr->ifr_dstaddr)); + } else + (*end)->ifa_dstaddr = NULL; +#else + (*end)->ifa_dstaddr = NULL; +#endif + + (*end)->ifa_data = NULL; + + end = &(*end)->ifa_next; + + } + *ifap = start; + close(fd); + free(buf); + return 0; + error_out: + freeifaddrs(start); + close(fd); + free(buf); + errno = ret; + return -1; +} +#endif /* defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) */ + +int ROKEN_LIB_FUNCTION +getifaddrs(struct ifaddrs **ifap) +{ + int ret = -1; + errno = ENXIO; +#if defined(AF_INET6) && defined(SIOCGIF6CONF) && defined(SIOCGIF6FLAGS) + if (ret) + ret = getifaddrs2 (ifap, AF_INET6, SIOCGIF6CONF, SIOCGIF6FLAGS, + sizeof(struct in6_ifreq)); +#endif +#if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) + if (ret) + ret = getlifaddrs2 (ifap, AF_INET6, SIOCGLIFCONF, SIOCGLIFFLAGS, + sizeof(struct lifreq)); +#endif +#if defined(HAVE_IPV6) && defined(SIOCGIFCONF) + if (ret) + ret = getifaddrs2 (ifap, AF_INET6, SIOCGIFCONF, SIOCGIFFLAGS, + sizeof(struct ifreq)); +#endif +#if defined(AF_INET) && defined(SIOCGIFCONF) && defined(SIOCGIFFLAGS) + if (ret) + ret = getifaddrs2 (ifap, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS, + sizeof(struct ifreq)); +#endif + return ret; +} + +void ROKEN_LIB_FUNCTION +freeifaddrs(struct ifaddrs *ifp) +{ + struct ifaddrs *p, *q; + + for(p = ifp; p; ) { + free(p->ifa_name); + if(p->ifa_addr) + free(p->ifa_addr); + if(p->ifa_dstaddr) + free(p->ifa_dstaddr); + if(p->ifa_netmask) + free(p->ifa_netmask); + if(p->ifa_data) + free(p->ifa_data); + q = p; + p = p->ifa_next; + free(q); + } +} + +#endif /* !AF_NETLINK */ + +#ifdef TEST + +void +print_addr(const char *s, struct sockaddr *sa) +{ + int i; + printf(" %s=%d/", s, sa->sa_family); +#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN + for(i = 0; i < sa->sa_len - ((long)sa->sa_data - (long)&sa->sa_family); i++) + printf("%02x", ((unsigned char*)sa->sa_data)[i]); +#else + for(i = 0; i < sizeof(sa->sa_data); i++) + printf("%02x", ((unsigned char*)sa->sa_data)[i]); +#endif + printf("\n"); +} + +void +print_ifaddrs(struct ifaddrs *x) +{ + struct ifaddrs *p; + + for(p = x; p; p = p->ifa_next) { + printf("%s\n", p->ifa_name); + printf(" flags=%x\n", p->ifa_flags); + if(p->ifa_addr) + print_addr("addr", p->ifa_addr); + if(p->ifa_dstaddr) + print_addr("dstaddr", p->ifa_dstaddr); + if(p->ifa_netmask) + print_addr("netmask", p->ifa_netmask); + printf(" %p\n", p->ifa_data); + } +} + +int +main() +{ + struct ifaddrs *a = NULL, *b; + getifaddrs2(&a, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS, sizeof(struct ifreq)); + print_ifaddrs(a); + printf("---\n"); + getifaddrs(&b); + print_ifaddrs(b); + return 0; +} +#endif diff --git a/source4/heimdal/lib/roken/getprogname.c b/source4/heimdal/lib/roken/getprogname.c new file mode 100644 index 0000000000..f8f1e9d4a2 --- /dev/null +++ b/source4/heimdal/lib/roken/getprogname.c @@ -0,0 +1,51 @@ +/* + * Copyright (c) 1995-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: getprogname.c,v 1.3 2005/04/12 11:28:48 lha Exp $"); +#endif + +#include "roken.h" + +#ifndef HAVE___PROGNAME +const char *__progname; +#endif + +#ifndef HAVE_GETPROGNAME +const char * ROKEN_LIB_FUNCTION +getprogname(void) +{ + return __progname; +} +#endif /* HAVE_GETPROGNAME */ diff --git a/source4/heimdal/lib/roken/h_errno.c b/source4/heimdal/lib/roken/h_errno.c new file mode 100644 index 0000000000..c2d4452c32 --- /dev/null +++ b/source4/heimdal/lib/roken/h_errno.c @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: h_errno.c,v 1.1 2001/08/08 03:47:23 assar Exp $"); +#endif + +#ifndef HAVE_H_ERRNO +int h_errno = -17; /* Some magic number */ +#endif diff --git a/source4/heimdal/lib/roken/issuid.c b/source4/heimdal/lib/roken/issuid.c new file mode 100644 index 0000000000..7ccf615451 --- /dev/null +++ b/source4/heimdal/lib/roken/issuid.c @@ -0,0 +1,59 @@ +/* + * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: issuid.c,v 1.6 2005/05/13 07:42:03 lha Exp $"); +#endif + +#include "roken.h" + +int ROKEN_LIB_FUNCTION +issuid(void) +{ +#if defined(HAVE_ISSETUGID) + return issetugid(); +#else /* !HAVE_ISSETUGID */ + +#if defined(HAVE_GETUID) && defined(HAVE_GETEUID) + if(getuid() != geteuid()) + return 1; +#endif +#if defined(HAVE_GETGID) && defined(HAVE_GETEGID) + if(getgid() != getegid()) + return 2; +#endif + + return 0; +#endif /* HAVE_ISSETUGID */ +} diff --git a/source4/heimdal/lib/roken/net_read.c b/source4/heimdal/lib/roken/net_read.c new file mode 100644 index 0000000000..f8d4dd1424 --- /dev/null +++ b/source4/heimdal/lib/roken/net_read.c @@ -0,0 +1,74 @@ +/* + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: net_read.c,v 1.4 2005/04/12 11:28:57 lha Exp $"); +#endif + +#include +#include +#include + +#include + +/* + * Like read but never return partial data. + */ + +ssize_t ROKEN_LIB_FUNCTION +net_read (int fd, void *buf, size_t nbytes) +{ + char *cbuf = (char *)buf; + ssize_t count; + size_t rem = nbytes; + + while (rem > 0) { +#ifdef WIN32 + count = recv (fd, cbuf, rem, 0); +#else + count = read (fd, cbuf, rem); +#endif + if (count < 0) { + if (errno == EINTR) + continue; + else + return count; + } else if (count == 0) { + return count; + } + cbuf += count; + rem -= count; + } + return nbytes; +} diff --git a/source4/heimdal/lib/roken/net_write.c b/source4/heimdal/lib/roken/net_write.c new file mode 100644 index 0000000000..83d14f4af9 --- /dev/null +++ b/source4/heimdal/lib/roken/net_write.c @@ -0,0 +1,72 @@ +/* + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: net_write.c,v 1.5 2005/04/12 11:28:58 lha Exp $"); +#endif + +#include +#include +#include + +#include + +/* + * Like write but never return partial data. + */ + +ssize_t ROKEN_LIB_FUNCTION +net_write (int fd, const void *buf, size_t nbytes) +{ + const char *cbuf = (const char *)buf; + ssize_t count; + size_t rem = nbytes; + + while (rem > 0) { +#ifdef WIN32 + count = send (fd, cbuf, rem, 0); +#else + count = write (fd, cbuf, rem); +#endif + if (count < 0) { + if (errno == EINTR) + continue; + else + return count; + } + cbuf += count; + rem -= count; + } + return nbytes; +} diff --git a/source4/heimdal/lib/roken/parse_time.c b/source4/heimdal/lib/roken/parse_time.c new file mode 100644 index 0000000000..551bee313f --- /dev/null +++ b/source4/heimdal/lib/roken/parse_time.c @@ -0,0 +1,78 @@ +/* + * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: parse_time.c,v 1.7 2005/04/12 11:28:58 lha Exp $"); +#endif + +#include +#include "parse_time.h" + +static struct units time_units[] = { + {"year", 365 * 24 * 60 * 60}, + {"month", 30 * 24 * 60 * 60}, + {"week", 7 * 24 * 60 * 60}, + {"day", 24 * 60 * 60}, + {"hour", 60 * 60}, + {"h", 60 * 60}, + {"minute", 60}, + {"m", 60}, + {"second", 1}, + {"s", 1}, + {NULL, 0}, +}; + +int ROKEN_LIB_FUNCTION +parse_time (const char *s, const char *def_unit) +{ + return parse_units (s, time_units, def_unit); +} + +size_t ROKEN_LIB_FUNCTION +unparse_time (int t, char *s, size_t len) +{ + return unparse_units (t, time_units, s, len); +} + +size_t ROKEN_LIB_FUNCTION +unparse_time_approx (int t, char *s, size_t len) +{ + return unparse_units_approx (t, time_units, s, len); +} + +void ROKEN_LIB_FUNCTION +print_time_table (FILE *f) +{ + print_units_table (time_units, f); +} diff --git a/source4/heimdal/lib/roken/parse_time.h b/source4/heimdal/lib/roken/parse_time.h new file mode 100644 index 0000000000..5c9de87675 --- /dev/null +++ b/source4/heimdal/lib/roken/parse_time.h @@ -0,0 +1,59 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: parse_time.h,v 1.5 2005/04/12 11:28:59 lha Exp $ */ + +#ifndef __PARSE_TIME_H__ +#define __PARSE_TIME_H__ + +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION _stdcall +#else +#define ROKEN_LIB_FUNCTION +#endif +#endif + +int +parse_time (const char *s, const char *def_unit); + +size_t +unparse_time (int t, char *s, size_t len); + +size_t +unparse_time_approx (int t, char *s, size_t len); + +void +print_time_table (FILE *f); + +#endif /* __PARSE_TIME_H__ */ diff --git a/source4/heimdal/lib/roken/parse_units.c b/source4/heimdal/lib/roken/parse_units.c new file mode 100644 index 0000000000..5b01937aee --- /dev/null +++ b/source4/heimdal/lib/roken/parse_units.c @@ -0,0 +1,330 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: parse_units.c,v 1.18 2005/04/12 11:28:59 lha Exp $"); +#endif + +#include +#include +#include +#include +#include "parse_units.h" + +/* + * Parse string in `s' according to `units' and return value. + * def_unit defines the default unit. + */ + +static int +parse_something (const char *s, const struct units *units, + const char *def_unit, + int (*func)(int res, int val, unsigned mult), + int init, + int accept_no_val_p) +{ + const char *p; + int res = init; + unsigned def_mult = 1; + + if (def_unit != NULL) { + const struct units *u; + + for (u = units; u->name; ++u) { + if (strcasecmp (u->name, def_unit) == 0) { + def_mult = u->mult; + break; + } + } + if (u->name == NULL) + return -1; + } + + p = s; + while (*p) { + double val; + char *next; + const struct units *u, *partial_unit; + size_t u_len; + unsigned partial; + int no_val_p = 0; + + while(isspace((unsigned char)*p) || *p == ',') + ++p; + + val = strtod (p, &next); /* strtol(p, &next, 0); */ + if (p == next) { + val = 0; + if(!accept_no_val_p) + return -1; + no_val_p = 1; + } + p = next; + while (isspace((unsigned char)*p)) + ++p; + if (*p == '\0') { + res = (*func)(res, val, def_mult); + if (res < 0) + return res; + break; + } else if (*p == '+') { + ++p; + val = 1; + } else if (*p == '-') { + ++p; + val = -1; + } + if (no_val_p && val == 0) + val = 1; + u_len = strcspn (p, ", \t"); + partial = 0; + partial_unit = NULL; + if (u_len > 1 && p[u_len - 1] == 's') + --u_len; + for (u = units; u->name; ++u) { + if (strncasecmp (p, u->name, u_len) == 0) { + if (u_len == strlen (u->name)) { + p += u_len; + res = (*func)(res, val, u->mult); + if (res < 0) + return res; + break; + } else { + ++partial; + partial_unit = u; + } + } + } + if (u->name == NULL) { + if (partial == 1) { + p += u_len; + res = (*func)(res, val, partial_unit->mult); + if (res < 0) + return res; + } else { + return -1; + } + } + if (*p == 's') + ++p; + } + return res; +} + +/* + * The string consists of a sequence of `n unit' + */ + +static int +acc_units(int res, int val, unsigned mult) +{ + return res + val * mult; +} + +int ROKEN_LIB_FUNCTION +parse_units (const char *s, const struct units *units, + const char *def_unit) +{ + return parse_something (s, units, def_unit, acc_units, 0, 0); +} + +/* + * The string consists of a sequence of `[+-]flag'. `orig' consists + * the original set of flags, those are then modified and returned as + * the function value. + */ + +static int +acc_flags(int res, int val, unsigned mult) +{ + if(val == 1) + return res | mult; + else if(val == -1) + return res & ~mult; + else if (val == 0) + return mult; + else + return -1; +} + +int ROKEN_LIB_FUNCTION +parse_flags (const char *s, const struct units *units, + int orig) +{ + return parse_something (s, units, NULL, acc_flags, orig, 1); +} + +/* + * Return a string representation according to `units' of `num' in `s' + * with maximum length `len'. The actual length is the function value. + */ + +static int +unparse_something (int num, const struct units *units, char *s, size_t len, + int (*print) (char *, size_t, int, const char *, int), + int (*update) (int, unsigned), + const char *zero_string) +{ + const struct units *u; + int ret = 0, tmp; + + if (num == 0) + return snprintf (s, len, "%s", zero_string); + + for (u = units; num > 0 && u->name; ++u) { + int divisor; + + divisor = num / u->mult; + if (divisor) { + num = (*update) (num, u->mult); + tmp = (*print) (s, len, divisor, u->name, num); + if (tmp < 0) + return tmp; + if (tmp > len) { + len = 0; + s = NULL; + } else { + len -= tmp; + s += tmp; + } + ret += tmp; + } + } + return ret; +} + +static int +print_unit (char *s, size_t len, int divisor, const char *name, int rem) +{ + return snprintf (s, len, "%u %s%s%s", + divisor, name, + divisor == 1 ? "" : "s", + rem > 0 ? " " : ""); +} + +static int +update_unit (int in, unsigned mult) +{ + return in % mult; +} + +static int +update_unit_approx (int in, unsigned mult) +{ + if (in / mult > 0) + return 0; + else + return update_unit (in, mult); +} + +int ROKEN_LIB_FUNCTION +unparse_units (int num, const struct units *units, char *s, size_t len) +{ + return unparse_something (num, units, s, len, + print_unit, + update_unit, + "0"); +} + +int ROKEN_LIB_FUNCTION +unparse_units_approx (int num, const struct units *units, char *s, size_t len) +{ + return unparse_something (num, units, s, len, + print_unit, + update_unit_approx, + "0"); +} + +void ROKEN_LIB_FUNCTION +print_units_table (const struct units *units, FILE *f) +{ + const struct units *u, *u2; + unsigned max_sz = 0; + + for (u = units; u->name; ++u) { + max_sz = max(max_sz, strlen(u->name)); + } + + for (u = units; u->name;) { + char buf[1024]; + const struct units *next; + + for (next = u + 1; next->name && next->mult == u->mult; ++next) + ; + + if (next->name) { + for (u2 = next; + u2->name && u->mult % u2->mult != 0; + ++u2) + ; + if (u2->name == NULL) + --u2; + unparse_units (u->mult, u2, buf, sizeof(buf)); + fprintf (f, "1 %*s = %s\n", max_sz, u->name, buf); + } else { + fprintf (f, "1 %s\n", u->name); + } + u = next; + } +} + +static int +print_flag (char *s, size_t len, int divisor, const char *name, int rem) +{ + return snprintf (s, len, "%s%s", name, rem > 0 ? ", " : ""); +} + +static int +update_flag (int in, unsigned mult) +{ + return in - mult; +} + +int ROKEN_LIB_FUNCTION +unparse_flags (int num, const struct units *units, char *s, size_t len) +{ + return unparse_something (num, units, s, len, + print_flag, + update_flag, + ""); +} + +void ROKEN_LIB_FUNCTION +print_flags_table (const struct units *units, FILE *f) +{ + const struct units *u; + + for(u = units; u->name; ++u) + fprintf(f, "%s%s", u->name, (u+1)->name ? ", " : "\n"); +} diff --git a/source4/heimdal/lib/roken/parse_units.h b/source4/heimdal/lib/roken/parse_units.h new file mode 100644 index 0000000000..9d019266ac --- /dev/null +++ b/source4/heimdal/lib/roken/parse_units.h @@ -0,0 +1,79 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: parse_units.h,v 1.9 2005/04/12 11:28:59 lha Exp $ */ + +#ifndef __PARSE_UNITS_H__ +#define __PARSE_UNITS_H__ + +#include +#include + +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION _stdcall +#else +#define ROKEN_LIB_FUNCTION +#endif +#endif + +struct units { + const char *name; + unsigned mult; +}; + +int ROKEN_LIB_FUNCTION +parse_units (const char *s, const struct units *units, + const char *def_unit); + +void ROKEN_LIB_FUNCTION +print_units_table (const struct units *units, FILE *f); + +int ROKEN_LIB_FUNCTION +parse_flags (const char *s, const struct units *units, + int orig); + +int ROKEN_LIB_FUNCTION +unparse_units (int num, const struct units *units, char *s, size_t len); + +int ROKEN_LIB_FUNCTION +unparse_units_approx (int num, const struct units *units, char *s, + size_t len); + +int ROKEN_LIB_FUNCTION +unparse_flags (int num, const struct units *units, char *s, size_t len); + +void ROKEN_LIB_FUNCTION +print_flags_table (const struct units *units, FILE *f); + +#endif /* __PARSE_UNITS_H__ */ diff --git a/source4/heimdal/lib/roken/print_version.c b/source4/heimdal/lib/roken/print_version.c new file mode 100644 index 0000000000..9d678056b5 --- /dev/null +++ b/source4/heimdal/lib/roken/print_version.c @@ -0,0 +1,78 @@ +/* + * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: print_version.c,v 1.9 2005/04/12 11:29:00 lha Exp $"); +#endif +#include "roken.h" + +#include "print_version.h" + +void ROKEN_LIB_FUNCTION +print_version(const char *progname) +{ + const char *arg[] = VERSIONLIST; + const int num_args = sizeof(arg) / sizeof(arg[0]); + char *msg; + size_t len = 0; + int i; + + if(progname == NULL) + progname = getprogname(); + + if(num_args == 0) + msg = "no version information"; + else { + for(i = 0; i < num_args; i++) { + if(i > 0) + len += 2; + len += strlen(arg[i]); + } + msg = malloc(len + 1); + if(msg == NULL) { + fprintf(stderr, "%s: out of memory\n", progname); + return; + } + msg[0] = '\0'; + for(i = 0; i < num_args; i++) { + if(i > 0) + strcat(msg, ", "); + strcat(msg, arg[i]); + } + } + fprintf(stderr, "%s (%s)\n", progname, msg); + fprintf(stderr, "Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan\n"); + if(num_args != 0) + free(msg); +} diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c new file mode 100644 index 0000000000..46a1e4de71 --- /dev/null +++ b/source4/heimdal/lib/roken/resolve.c @@ -0,0 +1,690 @@ +/* + * Copyright (c) 1995 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include "roken.h" +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif +#include "resolve.h" + +#include + +RCSID("$Id: resolve.c,v 1.51 2005/06/16 16:46:16 lha Exp $"); + +#ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */ +#undef HAVE_RES_NSEARCH +#endif + +#define DECL(X) {#X, rk_ns_t_##X} + +static struct stot{ + const char *name; + int type; +}stot[] = { + DECL(a), + DECL(aaaa), + DECL(ns), + DECL(cname), + DECL(soa), + DECL(ptr), + DECL(mx), + DECL(txt), + DECL(afsdb), + DECL(sig), + DECL(key), + DECL(srv), + DECL(naptr), + DECL(sshfp), + DECL(ds), + {NULL, 0} +}; + +int _resolve_debug = 0; + +int ROKEN_LIB_FUNCTION +dns_string_to_type(const char *name) +{ + struct stot *p = stot; + for(p = stot; p->name; p++) + if(strcasecmp(name, p->name) == 0) + return p->type; + return -1; +} + +const char * ROKEN_LIB_FUNCTION +dns_type_to_string(int type) +{ + struct stot *p = stot; + for(p = stot; p->name; p++) + if(type == p->type) + return p->name; + return NULL; +} + +#if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND) + +void ROKEN_LIB_FUNCTION +dns_free_data(struct dns_reply *r) +{ + struct resource_record *rr; + if(r->q.domain) + free(r->q.domain); + for(rr = r->head; rr;){ + struct resource_record *tmp = rr; + if(rr->domain) + free(rr->domain); + if(rr->u.data) + free(rr->u.data); + rr = rr->next; + free(tmp); + } + free (r); +} + +static int +parse_record(const unsigned char *data, const unsigned char *end_data, + const unsigned char **pp, struct resource_record **rr) +{ + int type, class, ttl, size; + int status; + char host[MAXDNAME]; + const unsigned char *p = *pp; + status = dn_expand(data, end_data, p, host, sizeof(host)); + if(status < 0) + return -1; + if (p + status + 10 > end_data) + return -1; + p += status; + type = (p[0] << 8) | p[1]; + p += 2; + class = (p[0] << 8) | p[1]; + p += 2; + ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + p += 4; + size = (p[0] << 8) | p[1]; + p += 2; + + if (p + size > end_data) + return -1; + + *rr = calloc(1, sizeof(**rr)); + if(*rr == NULL) + return -1; + (*rr)->domain = strdup(host); + if((*rr)->domain == NULL) { + free(*rr); + return -1; + } + (*rr)->type = type; + (*rr)->class = class; + (*rr)->ttl = ttl; + (*rr)->size = size; + switch(type){ + case rk_ns_t_ns: + case rk_ns_t_cname: + case rk_ns_t_ptr: + status = dn_expand(data, end_data, p, host, sizeof(host)); + if(status < 0) { + free(*rr); + return -1; + } + (*rr)->u.txt = strdup(host); + if((*rr)->u.txt == NULL) { + free(*rr); + return -1; + } + break; + case rk_ns_t_mx: + case rk_ns_t_afsdb:{ + size_t hostlen; + + status = dn_expand(data, end_data, p + 2, host, sizeof(host)); + if(status < 0){ + free(*rr); + return -1; + } + if (status + 2 > size) { + free(*rr); + return -1; + } + + hostlen = strlen(host); + (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + + hostlen); + if((*rr)->u.mx == NULL) { + free(*rr); + return -1; + } + (*rr)->u.mx->preference = (p[0] << 8) | p[1]; + strlcpy((*rr)->u.mx->domain, host, hostlen + 1); + break; + } + case rk_ns_t_srv:{ + size_t hostlen; + status = dn_expand(data, end_data, p + 6, host, sizeof(host)); + if(status < 0){ + free(*rr); + return -1; + } + if (status + 6 > size) { + free(*rr); + return -1; + } + + hostlen = strlen(host); + (*rr)->u.srv = + (struct srv_record*)malloc(sizeof(struct srv_record) + + hostlen); + if((*rr)->u.srv == NULL) { + free(*rr); + return -1; + } + (*rr)->u.srv->priority = (p[0] << 8) | p[1]; + (*rr)->u.srv->weight = (p[2] << 8) | p[3]; + (*rr)->u.srv->port = (p[4] << 8) | p[5]; + strlcpy((*rr)->u.srv->target, host, hostlen + 1); + break; + } + case rk_ns_t_txt:{ + if(size == 0 || size < *p + 1) { + free(*rr); + return -1; + } + (*rr)->u.txt = (char*)malloc(*p + 1); + if((*rr)->u.txt == NULL) { + free(*rr); + return -1; + } + strncpy((*rr)->u.txt, (const char*)(p + 1), *p); + (*rr)->u.txt[*p] = '\0'; + break; + } + case rk_ns_t_key : { + size_t key_len; + + if (size < 4) { + free(*rr); + return -1; + } + + key_len = size - 4; + (*rr)->u.key = malloc (sizeof(*(*rr)->u.key) + key_len - 1); + if ((*rr)->u.key == NULL) { + free(*rr); + return -1; + } + + (*rr)->u.key->flags = (p[0] << 8) | p[1]; + (*rr)->u.key->protocol = p[2]; + (*rr)->u.key->algorithm = p[3]; + (*rr)->u.key->key_len = key_len; + memcpy ((*rr)->u.key->key_data, p + 4, key_len); + break; + } + case rk_ns_t_sig : { + size_t sig_len, hostlen; + + if(size <= 18) { + free(*rr); + return -1; + } + status = dn_expand (data, end_data, p + 18, host, sizeof(host)); + if (status < 0) { + free(*rr); + return -1; + } + if (status + 18 > size) { + free(*rr); + return -1; + } + + /* the signer name is placed after the sig_data, to make it + easy to free this struture; the size calculation below + includes the zero-termination if the structure itself. + don't you just love C? + */ + sig_len = size - 18 - status; + hostlen = strlen(host); + (*rr)->u.sig = malloc(sizeof(*(*rr)->u.sig) + + hostlen + sig_len); + if ((*rr)->u.sig == NULL) { + free(*rr); + return -1; + } + (*rr)->u.sig->type = (p[0] << 8) | p[1]; + (*rr)->u.sig->algorithm = p[2]; + (*rr)->u.sig->labels = p[3]; + (*rr)->u.sig->orig_ttl = (p[4] << 24) | (p[5] << 16) + | (p[6] << 8) | p[7]; + (*rr)->u.sig->sig_expiration = (p[8] << 24) | (p[9] << 16) + | (p[10] << 8) | p[11]; + (*rr)->u.sig->sig_inception = (p[12] << 24) | (p[13] << 16) + | (p[14] << 8) | p[15]; + (*rr)->u.sig->key_tag = (p[16] << 8) | p[17]; + (*rr)->u.sig->sig_len = sig_len; + memcpy ((*rr)->u.sig->sig_data, p + 18 + status, sig_len); + (*rr)->u.sig->signer = &(*rr)->u.sig->sig_data[sig_len]; + strlcpy((*rr)->u.sig->signer, host, hostlen + 1); + break; + } + + case rk_ns_t_cert : { + size_t cert_len; + + if (size < 5) { + free(*rr); + return -1; + } + + cert_len = size - 5; + (*rr)->u.cert = malloc (sizeof(*(*rr)->u.cert) + cert_len - 1); + if ((*rr)->u.cert == NULL) { + free(*rr); + return -1; + } + + (*rr)->u.cert->type = (p[0] << 8) | p[1]; + (*rr)->u.cert->tag = (p[2] << 8) | p[3]; + (*rr)->u.cert->algorithm = p[4]; + (*rr)->u.cert->cert_len = cert_len; + memcpy ((*rr)->u.cert->cert_data, p + 5, cert_len); + break; + } + case rk_ns_t_sshfp : { + size_t sshfp_len; + + if (size < 2) { + free(*rr); + return -1; + } + + sshfp_len = size - 2; + + (*rr)->u.sshfp = malloc (sizeof(*(*rr)->u.sshfp) + sshfp_len - 1); + if ((*rr)->u.sshfp == NULL) { + free(*rr); + return -1; + } + + (*rr)->u.sshfp->algorithm = p[0]; + (*rr)->u.sshfp->type = p[1]; + (*rr)->u.sshfp->sshfp_len = sshfp_len; + memcpy ((*rr)->u.sshfp->sshfp_data, p + 2, sshfp_len); + break; + } + case rk_ns_t_ds: { + size_t digest_len; + + if (size < 4) { + free(*rr); + return -1; + } + + digest_len = size - 4; + + (*rr)->u.ds = malloc (sizeof(*(*rr)->u.ds) + digest_len - 1); + if ((*rr)->u.ds == NULL) { + free(*rr); + return -1; + } + + (*rr)->u.ds->key_tag = (p[0] << 8) | p[1]; + (*rr)->u.ds->algorithm = p[2]; + (*rr)->u.ds->digest_type = p[3]; + (*rr)->u.ds->digest_len = digest_len; + memcpy ((*rr)->u.ds->digest_data, p + 4, digest_len); + break; + } + default: + (*rr)->u.data = (unsigned char*)malloc(size); + if(size != 0 && (*rr)->u.data == NULL) { + free(*rr); + return -1; + } + memcpy((*rr)->u.data, p, size); + } + *pp = p + size; + return 0; +} + +#ifndef TEST_RESOLVE +static +#endif +struct dns_reply* +parse_reply(const unsigned char *data, size_t len) +{ + const unsigned char *p; + int status; + int i; + char host[MAXDNAME]; + const unsigned char *end_data = data + len; + struct dns_reply *r; + struct resource_record **rr; + + r = calloc(1, sizeof(*r)); + if (r == NULL) + return NULL; + + p = data; + + r->h.id = (p[0] << 8) | p[1]; + r->h.flags = 0; + if (p[2] & 0x01) + r->h.flags |= rk_DNS_HEADER_RESPONSE_FLAG; + r->h.opcode = (p[2] >> 1) & 0xf; + if (p[2] & 0x20) + r->h.flags |= rk_DNS_HEADER_AUTHORITIVE_ANSWER; + if (p[2] & 0x40) + r->h.flags |= rk_DNS_HEADER_TRUNCATED_MESSAGE; + if (p[2] & 0x80) + r->h.flags |= rk_DNS_HEADER_RECURSION_DESIRED; + if (p[3] & 0x01) + r->h.flags |= rk_DNS_HEADER_RECURSION_AVAILABLE; + if (p[3] & 0x04) + r->h.flags |= rk_DNS_HEADER_AUTHORITIVE_ANSWER; + if (p[3] & 0x08) + r->h.flags |= rk_DNS_HEADER_CHECKING_DISABLED; + r->h.response_code = (p[3] >> 4) & 0xf; + r->h.qdcount = (p[4] << 8) | p[5]; + r->h.ancount = (p[6] << 8) | p[7]; + r->h.nscount = (p[8] << 8) | p[9]; + r->h.arcount = (p[10] << 8) | p[11]; + + p += 12; + + if(r->h.qdcount != 1) { + free(r); + return NULL; + } + status = dn_expand(data, end_data, p, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + r->q.domain = strdup(host); + if(r->q.domain == NULL) { + dns_free_data(r); + return NULL; + } + if (p + status + 4 > end_data) { + dns_free_data(r); + return NULL; + } + p += status; + r->q.type = (p[0] << 8 | p[1]); + p += 2; + r->q.class = (p[0] << 8 | p[1]); + p += 2; + + rr = &r->head; + for(i = 0; i < r->h.ancount; i++) { + if(parse_record(data, end_data, &p, rr) != 0) { + dns_free_data(r); + return NULL; + } + rr = &(*rr)->next; + } + for(i = 0; i < r->h.nscount; i++) { + if(parse_record(data, end_data, &p, rr) != 0) { + dns_free_data(r); + return NULL; + } + rr = &(*rr)->next; + } + for(i = 0; i < r->h.arcount; i++) { + if(parse_record(data, end_data, &p, rr) != 0) { + dns_free_data(r); + return NULL; + } + rr = &(*rr)->next; + } + *rr = NULL; + return r; +} + +static struct dns_reply * +dns_lookup_int(const char *domain, int rr_class, int rr_type) +{ + struct dns_reply *r; + unsigned char *reply = NULL; + int size; + int len; +#ifdef HAVE_RES_NSEARCH + struct __res_state state; + memset(&state, 0, sizeof(state)); + if(res_ninit(&state)) + return NULL; /* is this the best we can do? */ +#elif defined(HAVE__RES) + u_long old_options = 0; +#endif + + size = 0; + len = 1000; + do { + if (reply) { + free(reply); + reply = NULL; + } + if (size <= len) + size = len; + if (_resolve_debug) { +#ifdef HAVE_RES_NSEARCH + state.options |= RES_DEBUG; +#elif defined(HAVE__RES) + old_options = _res.options; + _res.options |= RES_DEBUG; +#endif + fprintf(stderr, "dns_lookup(%s, %d, %s), buffer size %d\n", domain, + rr_class, dns_type_to_string(rr_type), size); + } + reply = malloc(size); + if (reply == NULL) { +#ifdef HAVE_RES_NSEARCH + res_nclose(&state); +#endif + return NULL; + } +#ifdef HAVE_RES_NSEARCH + len = res_nsearch(&state, domain, rr_class, rr_type, reply, size); +#else + len = res_search(domain, rr_class, rr_type, reply, size); +#endif + if (_resolve_debug) { +#if defined(HAVE__RES) && !defined(HAVE_RES_NSEARCH) + _res.options = old_options; +#endif + fprintf(stderr, "dns_lookup(%s, %d, %s) --> %d\n", + domain, rr_class, dns_type_to_string(rr_type), len); + } + if (len < 0) { +#ifdef HAVE_RES_NSEARCH + res_nclose(&state); +#endif + free(reply); + return NULL; + } + } while (size < len && len < rk_DNS_MAX_PACKET_SIZE); +#ifdef HAVE_RES_NSEARCH + res_nclose(&state); +#endif + + len = min(len, size); + r = parse_reply(reply, len); + free(reply); + return r; +} + +struct dns_reply * ROKEN_LIB_FUNCTION +dns_lookup(const char *domain, const char *type_name) +{ + int type; + + type = dns_string_to_type(type_name); + if(type == -1) { + if(_resolve_debug) + fprintf(stderr, "dns_lookup: unknown resource type: `%s'\n", + type_name); + return NULL; + } + return dns_lookup_int(domain, C_IN, type); +} + +static int +compare_srv(const void *a, const void *b) +{ + const struct resource_record *const* aa = a, *const* bb = b; + + if((*aa)->u.srv->priority == (*bb)->u.srv->priority) + return ((*aa)->u.srv->weight - (*bb)->u.srv->weight); + return ((*aa)->u.srv->priority - (*bb)->u.srv->priority); +} + +#ifndef HAVE_RANDOM +#define random() rand() +#endif + +/* try to rearrange the srv-records by the algorithm in RFC2782 */ +void ROKEN_LIB_FUNCTION +dns_srv_order(struct dns_reply *r) +{ + struct resource_record **srvs, **ss, **headp; + struct resource_record *rr; + int num_srv = 0; + +#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE) + int state[256 / sizeof(int)]; + char *oldstate; +#endif + + for(rr = r->head; rr; rr = rr->next) + if(rr->type == rk_ns_t_srv) + num_srv++; + + if(num_srv == 0) + return; + + srvs = malloc(num_srv * sizeof(*srvs)); + if(srvs == NULL) + return; /* XXX not much to do here */ + + /* unlink all srv-records from the linked list and put them in + a vector */ + for(ss = srvs, headp = &r->head; *headp; ) + if((*headp)->type == rk_ns_t_srv) { + *ss = *headp; + *headp = (*headp)->next; + (*ss)->next = NULL; + ss++; + } else + headp = &(*headp)->next; + + /* sort them by priority and weight */ + qsort(srvs, num_srv, sizeof(*srvs), compare_srv); + +#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE) + oldstate = initstate(time(NULL), (char*)state, sizeof(state)); +#endif + + headp = &r->head; + + for(ss = srvs; ss < srvs + num_srv; ) { + int sum, rnd, count; + struct resource_record **ee, **tt; + /* find the last record with the same priority and count the + sum of all weights */ + for(sum = 0, tt = ss; tt < srvs + num_srv; tt++) { + if(*tt == NULL) + continue; + if((*tt)->u.srv->priority != (*ss)->u.srv->priority) + break; + sum += (*tt)->u.srv->weight; + } + ee = tt; + /* ss is now the first record of this priority and ee is the + first of the next */ + while(ss < ee) { + rnd = random() % (sum + 1); + for(count = 0, tt = ss; ; tt++) { + if(*tt == NULL) + continue; + count += (*tt)->u.srv->weight; + if(count >= rnd) + break; + } + + assert(tt < ee); + + /* insert the selected record at the tail (of the head) of + the list */ + (*tt)->next = *headp; + *headp = *tt; + headp = &(*tt)->next; + sum -= (*tt)->u.srv->weight; + *tt = NULL; + while(ss < ee && *ss == NULL) + ss++; + } + } + +#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE) + setstate(oldstate); +#endif + free(srvs); + return; +} + +#else /* NOT defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) */ + +struct dns_reply * ROKEN_LIB_FUNCTION +dns_lookup(const char *domain, const char *type_name) +{ + return NULL; +} + +void ROKEN_LIB_FUNCTION +dns_free_data(struct dns_reply *r) +{ +} + +void ROKEN_LIB_FUNCTION +dns_srv_order(struct dns_reply *r) +{ +} + +#endif diff --git a/source4/heimdal/lib/roken/resolve.h b/source4/heimdal/lib/roken/resolve.h new file mode 100644 index 0000000000..2106c11ebd --- /dev/null +++ b/source4/heimdal/lib/roken/resolve.h @@ -0,0 +1,298 @@ +/* + * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: resolve.h,v 1.24 2005/04/12 11:29:02 lha Exp $ */ + +#ifndef __RESOLVE_H__ +#define __RESOLVE_H__ + +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION _stdcall +#else +#define ROKEN_LIB_FUNCTION +#endif +#endif + +typedef enum { + rk_ns_t_invalid = 0, /* Cookie. */ + rk_ns_t_a = 1, /* Host address. */ + rk_ns_t_ns = 2, /* Authoritative server. */ + rk_ns_t_md = 3, /* Mail destination. */ + rk_ns_t_mf = 4, /* Mail forwarder. */ + rk_ns_t_cname = 5, /* Canonical name. */ + rk_ns_t_soa = 6, /* Start of authority zone. */ + rk_ns_t_mb = 7, /* Mailbox domain name. */ + rk_ns_t_mg = 8, /* Mail group member. */ + rk_ns_t_mr = 9, /* Mail rename name. */ + rk_ns_t_null = 10, /* Null resource record. */ + rk_ns_t_wks = 11, /* Well known service. */ + rk_ns_t_ptr = 12, /* Domain name pointer. */ + rk_ns_t_hinfo = 13, /* Host information. */ + rk_ns_t_minfo = 14, /* Mailbox information. */ + rk_ns_t_mx = 15, /* Mail routing information. */ + rk_ns_t_txt = 16, /* Text strings. */ + rk_ns_t_rp = 17, /* Responsible person. */ + rk_ns_t_afsdb = 18, /* AFS cell database. */ + rk_ns_t_x25 = 19, /* X_25 calling address. */ + rk_ns_t_isdn = 20, /* ISDN calling address. */ + rk_ns_t_rt = 21, /* Router. */ + rk_ns_t_nsap = 22, /* NSAP address. */ + rk_ns_t_nsap_ptr = 23, /* Reverse NSAP lookup (deprecated). */ + rk_ns_t_sig = 24, /* Security signature. */ + rk_ns_t_key = 25, /* Security key. */ + rk_ns_t_px = 26, /* X.400 mail mapping. */ + rk_ns_t_gpos = 27, /* Geographical position (withdrawn). */ + rk_ns_t_aaaa = 28, /* Ip6 Address. */ + rk_ns_t_loc = 29, /* Location Information. */ + rk_ns_t_nxt = 30, /* Next domain (security). */ + rk_ns_t_eid = 31, /* Endpoint identifier. */ + rk_ns_t_nimloc = 32, /* Nimrod Locator. */ + rk_ns_t_srv = 33, /* Server Selection. */ + rk_ns_t_atma = 34, /* ATM Address */ + rk_ns_t_naptr = 35, /* Naming Authority PoinTeR */ + rk_ns_t_kx = 36, /* Key Exchange */ + rk_ns_t_cert = 37, /* Certification record */ + rk_ns_t_a6 = 38, /* IPv6 address (deprecates AAAA) */ + rk_ns_t_dname = 39, /* Non-terminal DNAME (for IPv6) */ + rk_ns_t_sink = 40, /* Kitchen sink (experimentatl) */ + rk_ns_t_opt = 41, /* EDNS0 option (meta-RR) */ + rk_ns_t_apl = 42, /* Address prefix list (RFC 3123) */ + rk_ns_t_ds = 43, /* Delegation Signer (RFC 3658) */ + rk_ns_t_sshfp = 44, /* SSH fingerprint */ + rk_ns_t_tkey = 249, /* Transaction key */ + rk_ns_t_tsig = 250, /* Transaction signature. */ + rk_ns_t_ixfr = 251, /* Incremental zone transfer. */ + rk_ns_t_axfr = 252, /* Transfer zone of authority. */ + rk_ns_t_mailb = 253, /* Transfer mailbox records. */ + rk_ns_t_maila = 254, /* Transfer mail agent records. */ + rk_ns_t_any = 255, /* Wildcard match. */ + rk_ns_t_zxfr = 256, /* BIND-specific, nonstandard. */ + rk_ns_t_max = 65536 +} rk_ns_type; + +/* We use these, but they are not always present in */ + +#ifndef C_IN +#define C_IN 1 +#endif + +#ifndef T_A +#define T_A 1 +#endif +#ifndef T_NS +#define T_NS 2 +#endif +#ifndef T_CNAME +#define T_CNAME 5 +#endif +#ifndef T_SOA +#define T_SOA 5 +#endif +#ifndef T_PTR +#define T_PTR 12 +#endif +#ifndef T_MX +#define T_MX 15 +#endif +#ifndef T_TXT +#define T_TXT 16 +#endif +#ifndef T_AFSDB +#define T_AFSDB 18 +#endif +#ifndef T_SIG +#define T_SIG 24 +#endif +#ifndef T_KEY +#define T_KEY 25 +#endif +#ifndef T_AAAA +#define T_AAAA 28 +#endif +#ifndef T_SRV +#define T_SRV 33 +#endif +#ifndef T_NAPTR +#define T_NAPTR 35 +#endif +#ifndef T_CERT +#define T_CERT 37 +#endif +#ifndef T_SSHFP +#define T_SSHFP 44 +#endif + +#ifndef MAXDNAME +#define MAXDNAME 1025 +#endif + +#define dns_query rk_dns_query +#define mx_record rk_mx_record +#define srv_record rk_srv_record +#define key_record rk_key_record +#define sig_record rk_sig_record +#define cert_record rk_cert_record +#define sshfp_record rk_sshfp_record +#define resource_record rk_resource_record +#define dns_reply rk_dns_reply + +#define dns_lookup rk_dns_lookup +#define dns_free_data rk_dns_free_data +#define dns_string_to_type rk_dns_string_to_type +#define dns_type_to_string rk_dns_type_to_string +#define dns_srv_order rk_dns_srv_order + +struct dns_query{ + char *domain; + unsigned type; + unsigned class; +}; + +struct mx_record{ + unsigned preference; + char domain[1]; +}; + +struct srv_record{ + unsigned priority; + unsigned weight; + unsigned port; + char target[1]; +}; + +struct key_record { + unsigned flags; + unsigned protocol; + unsigned algorithm; + size_t key_len; + u_char key_data[1]; +}; + +struct sig_record { + unsigned type; + unsigned algorithm; + unsigned labels; + unsigned orig_ttl; + unsigned sig_expiration; + unsigned sig_inception; + unsigned key_tag; + char *signer; + unsigned sig_len; + char sig_data[1]; /* also includes signer */ +}; + +struct cert_record { + unsigned type; + unsigned tag; + unsigned algorithm; + size_t cert_len; + u_char cert_data[1]; +}; + +struct sshfp_record { + unsigned algorithm; + unsigned type; + size_t sshfp_len; + u_char sshfp_data[1]; +}; + +struct ds_record { + unsigned key_tag; + unsigned algorithm; + unsigned digest_type; + unsigned digest_len; + u_char digest_data[1]; +}; + +struct resource_record{ + char *domain; + unsigned type; + unsigned class; + unsigned ttl; + unsigned size; + union { + void *data; + struct mx_record *mx; + struct mx_record *afsdb; /* mx and afsdb are identical */ + struct srv_record *srv; + struct in_addr *a; + char *txt; + struct key_record *key; + struct cert_record *cert; + struct sig_record *sig; + struct sshfp_record *sshfp; + struct ds_record *ds; + }u; + struct resource_record *next; +}; + +#define rk_DNS_MAX_PACKET_SIZE 0xffff + +struct dns_header { + unsigned id; + unsigned flags; +#define rk_DNS_HEADER_RESPONSE_FLAG 1 +#define rk_DNS_HEADER_AUTHORITIVE_ANSWER 2 +#define rk_DNS_HEADER_TRUNCATED_MESSAGE 4 +#define rk_DNS_HEADER_RECURSION_DESIRED 8 +#define rk_DNS_HEADER_RECURSION_AVAILABLE 16 +#define rk_DNS_HEADER_AUTHENTIC_DATA 32 +#define rk_DNS_HEADER_CHECKING_DISABLED 64 + unsigned opcode; + unsigned response_code; + unsigned qdcount; + unsigned ancount; + unsigned nscount; + unsigned arcount; +}; + +struct dns_reply{ + struct dns_header h; + struct dns_query q; + struct resource_record *head; +}; + + +struct dns_reply* ROKEN_LIB_FUNCTION + dns_lookup(const char *, const char *); +void ROKEN_LIB_FUNCTION + dns_free_data(struct dns_reply *); +int ROKEN_LIB_FUNCTION + dns_string_to_type(const char *name); +const char *ROKEN_LIB_FUNCTION + dns_type_to_string(int type); +void ROKEN_LIB_FUNCTION + dns_srv_order(struct dns_reply*); + +#endif /* __RESOLVE_H__ */ diff --git a/source4/heimdal/lib/roken/roken-common.h b/source4/heimdal/lib/roken/roken-common.h new file mode 100644 index 0000000000..d85d55f433 --- /dev/null +++ b/source4/heimdal/lib/roken/roken-common.h @@ -0,0 +1,399 @@ +/* + * Copyright (c) 1995 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: roken-common.h,v 1.61 2005/07/07 05:03:30 lha Exp $ */ + +#ifndef __ROKEN_COMMON_H__ +#define __ROKEN_COMMON_H__ + +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION _stdcall +#else +#define ROKEN_LIB_FUNCTION +#endif +#endif + +#ifdef __cplusplus +#define ROKEN_CPP_START extern "C" { +#define ROKEN_CPP_END } +#else +#define ROKEN_CPP_START +#define ROKEN_CPP_END +#endif + +#ifndef INADDR_NONE +#define INADDR_NONE 0xffffffff +#endif + +#ifndef INADDR_LOOPBACK +#define INADDR_LOOPBACK 0x7f000001 +#endif + +#ifndef SOMAXCONN +#define SOMAXCONN 5 +#endif + +#ifndef STDIN_FILENO +#define STDIN_FILENO 0 +#endif + +#ifndef STDOUT_FILENO +#define STDOUT_FILENO 1 +#endif + +#ifndef STDERR_FILENO +#define STDERR_FILENO 2 +#endif + +#ifndef max +#define max(a,b) (((a)>(b))?(a):(b)) +#endif + +#ifndef min +#define min(a,b) (((a)<(b))?(a):(b)) +#endif + +#ifndef TRUE +#define TRUE 1 +#endif + +#ifndef FALSE +#define FALSE 0 +#endif + +#ifndef LOG_DAEMON +#define openlog(id,option,facility) openlog((id),(option)) +#define LOG_DAEMON 0 +#endif +#ifndef LOG_ODELAY +#define LOG_ODELAY 0 +#endif +#ifndef LOG_NDELAY +#define LOG_NDELAY 0x08 +#endif +#ifndef LOG_CONS +#define LOG_CONS 0 +#endif +#ifndef LOG_AUTH +#define LOG_AUTH 0 +#endif +#ifndef LOG_AUTHPRIV +#define LOG_AUTHPRIV LOG_AUTH +#endif + +#ifndef F_OK +#define F_OK 0 +#endif + +#ifndef O_ACCMODE +#define O_ACCMODE 003 +#endif + +#ifndef _PATH_DEV +#define _PATH_DEV "/dev/" +#endif + +#ifndef _PATH_DEVNULL +#define _PATH_DEVNULL "/dev/null" +#endif + +#ifndef _PATH_HEQUIV +#define _PATH_HEQUIV "/etc/hosts.equiv" +#endif + +#ifndef _PATH_VARRUN +#define _PATH_VARRUN "/var/run/" +#endif + +#ifndef _PATH_BSHELL +#define _PATH_BSHELL "/bin/sh" +#endif + +#ifndef MAXPATHLEN +#define MAXPATHLEN (1024+4) +#endif + +#ifndef SIG_ERR +#define SIG_ERR ((RETSIGTYPE (*)(int))-1) +#endif + +/* + * error code for getipnodeby{name,addr} + */ + +#ifndef HOST_NOT_FOUND +#define HOST_NOT_FOUND 1 +#endif + +#ifndef TRY_AGAIN +#define TRY_AGAIN 2 +#endif + +#ifndef NO_RECOVERY +#define NO_RECOVERY 3 +#endif + +#ifndef NO_DATA +#define NO_DATA 4 +#endif + +#ifndef NO_ADDRESS +#define NO_ADDRESS NO_DATA +#endif + +/* + * error code for getaddrinfo + */ + +#ifndef EAI_NOERROR +#define EAI_NOERROR 0 /* no error */ +#endif + +#ifndef EAI_NONAME + +#define EAI_ADDRFAMILY 1 /* address family for nodename not supported */ +#define EAI_AGAIN 2 /* temporary failure in name resolution */ +#define EAI_BADFLAGS 3 /* invalid value for ai_flags */ +#define EAI_FAIL 4 /* non-recoverable failure in name resolution */ +#define EAI_FAMILY 5 /* ai_family not supported */ +#define EAI_MEMORY 6 /* memory allocation failure */ +#define EAI_NODATA 7 /* no address associated with nodename */ +#define EAI_NONAME 8 /* nodename nor servname provided, or not known */ +#define EAI_SERVICE 9 /* servname not supported for ai_socktype */ +#define EAI_SOCKTYPE 10 /* ai_socktype not supported */ +#define EAI_SYSTEM 11 /* system error returned in errno */ + +#endif /* EAI_NONAME */ + +/* flags for getaddrinfo() */ + +#ifndef AI_PASSIVE +#define AI_PASSIVE 0x01 +#define AI_CANONNAME 0x02 +#endif /* AI_PASSIVE */ + +#ifndef AI_NUMERICHOST +#define AI_NUMERICHOST 0x04 +#endif + +/* flags for getnameinfo() */ + +#ifndef NI_DGRAM +#define NI_DGRAM 0x01 +#define NI_NAMEREQD 0x02 +#define NI_NOFQDN 0x04 +#define NI_NUMERICHOST 0x08 +#define NI_NUMERICSERV 0x10 +#endif + +/* + * constants for getnameinfo + */ + +#ifndef NI_MAXHOST +#define NI_MAXHOST 1025 +#define NI_MAXSERV 32 +#endif + +/* + * constants for inet_ntop + */ + +#ifndef INET_ADDRSTRLEN +#define INET_ADDRSTRLEN 16 +#endif + +#ifndef INET6_ADDRSTRLEN +#define INET6_ADDRSTRLEN 46 +#endif + +/* + * for shutdown(2) + */ + +#ifndef SHUT_RD +#define SHUT_RD 0 +#endif + +#ifndef SHUT_WR +#define SHUT_WR 1 +#endif + +#ifndef SHUT_RDWR +#define SHUT_RDWR 2 +#endif + +#ifndef HAVE___ATTRIBUTE__ +#define __attribute__(x) +#endif + +#define rk_UNCONST(x) ((void *)(unsigned long)(const void *)(x)) + +ROKEN_CPP_START + +#ifndef IRIX4 /* fix for compiler bug */ +#ifdef RETSIGTYPE +typedef RETSIGTYPE (*SigAction)(int); +SigAction signal(int iSig, SigAction pAction); /* BSD compatible */ +#endif +#endif + +int ROKEN_LIB_FUNCTION +simple_execve(const char*, char*const[], char*const[]); + +int ROKEN_LIB_FUNCTION +simple_execve_timed(const char *, char *const[], + char *const [], time_t (*)(void *), + void *, time_t); +int ROKEN_LIB_FUNCTION +simple_execvp(const char*, char *const[]); + +int ROKEN_LIB_FUNCTION +simple_execvp_timed(const char *, char *const[], + time_t (*)(void *), void *, time_t); +int ROKEN_LIB_FUNCTION +simple_execlp(const char*, ...); + +int ROKEN_LIB_FUNCTION +simple_execle(const char*, ...); + +int ROKEN_LIB_FUNCTION +simple_execl(const char *file, ...); + +int ROKEN_LIB_FUNCTION +wait_for_process(pid_t); + +int ROKEN_LIB_FUNCTION +wait_for_process_timed(pid_t, time_t (*)(void *), + void *, time_t); +int ROKEN_LIB_FUNCTION +pipe_execv(FILE**, FILE**, FILE**, const char*, ...); + +void ROKEN_LIB_FUNCTION +print_version(const char *); + +ssize_t ROKEN_LIB_FUNCTION +eread (int fd, void *buf, size_t nbytes); + +ssize_t ROKEN_LIB_FUNCTION +ewrite (int fd, const void *buf, size_t nbytes); + +struct hostent; + +const char * ROKEN_LIB_FUNCTION +hostent_find_fqdn (const struct hostent *he); + +void ROKEN_LIB_FUNCTION +esetenv(const char *var, const char *val, int rewrite); + +void ROKEN_LIB_FUNCTION +socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port); + +size_t ROKEN_LIB_FUNCTION +socket_addr_size (const struct sockaddr *sa); + +void ROKEN_LIB_FUNCTION +socket_set_any (struct sockaddr *sa, int af); + +size_t ROKEN_LIB_FUNCTION +socket_sockaddr_size (const struct sockaddr *sa); + +void * ROKEN_LIB_FUNCTION +socket_get_address (struct sockaddr *sa); + +int ROKEN_LIB_FUNCTION +socket_get_port (const struct sockaddr *sa); + +void ROKEN_LIB_FUNCTION +socket_set_port (struct sockaddr *sa, int port); + +void ROKEN_LIB_FUNCTION +socket_set_portrange (int sock, int restr, int af); + +void ROKEN_LIB_FUNCTION +socket_set_debug (int sock); + +void ROKEN_LIB_FUNCTION +socket_set_tos (int sock, int tos); + +void ROKEN_LIB_FUNCTION +socket_set_reuseaddr (int sock, int val); + +char ** ROKEN_LIB_FUNCTION +vstrcollect(va_list *ap); + +char ** ROKEN_LIB_FUNCTION +strcollect(char *first, ...); + +void ROKEN_LIB_FUNCTION +timevalfix(struct timeval *t1); + +void ROKEN_LIB_FUNCTION +timevaladd(struct timeval *t1, const struct timeval *t2); + +void ROKEN_LIB_FUNCTION +timevalsub(struct timeval *t1, const struct timeval *t2); + +char *ROKEN_LIB_FUNCTION +pid_file_write (const char *progname); + +void ROKEN_LIB_FUNCTION +pid_file_delete (char **); + +int ROKEN_LIB_FUNCTION +read_environment(const char *file, char ***env); + +void ROKEN_LIB_FUNCTION +warnerr(int doerrno, const char *fmt, va_list ap) + __attribute__ ((format (printf, 2, 0))); + +void * ROKEN_LIB_FUNCTION +rk_realloc(void *, size_t); + +struct rk_strpool; + +char * ROKEN_LIB_FUNCTION +rk_strpoolcollect(struct rk_strpool *); + +struct rk_strpool * ROKEN_LIB_FUNCTION +rk_strpoolprintf(struct rk_strpool *, const char *, ...) + __attribute__ ((format (printf, 2, 3))); + +void ROKEN_LIB_FUNCTION +rk_strpoolfree(struct rk_strpool *); + + +ROKEN_CPP_END + +#endif /* __ROKEN_COMMON_H__ */ diff --git a/source4/heimdal/lib/roken/roken.h b/source4/heimdal/lib/roken/roken.h new file mode 100644 index 0000000000..545f43c6a7 --- /dev/null +++ b/source4/heimdal/lib/roken/roken.h @@ -0,0 +1,688 @@ +/* -*- C -*- */ +/* + * Copyright (c) 1995-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: roken.h.in,v 1.175 2005/07/07 19:16:17 lha Exp $ */ + +#include +#include +#include +#include +#include + +#ifdef _AIX +struct ether_addr; +struct sockaddr_dl; +#endif +#ifdef HAVE_SYS_PARAM_H +#include +#endif +#ifdef HAVE_INTTYPES_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_BIND_BITYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN6_MACHTYPES_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_SYS_UIO_H +#include +#endif +#ifdef HAVE_GRP_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETINET_IN6_H +#include +#endif +#ifdef HAVE_NETINET6_IN6_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif +#ifdef HAVE_SYSLOG_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#ifdef HAVE_ERRNO_H +#include +#endif +#include +#ifdef HAVE_TERMIOS_H +#include +#endif +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 +#include +#endif +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif +#ifdef HAVE_STRINGS_H +#include +#endif + +#ifdef HAVE_PATHS_H +#include +#endif + +#ifndef HAVE_SSIZE_T +typedef int ssize_t; +#endif + +#include + +ROKEN_CPP_START + +#if !defined(HAVE_SETSID) && defined(HAVE__SETSID) +#define setsid _setsid +#endif + +#ifndef HAVE_PUTENV +int ROKEN_LIB_FUNCTION putenv(const char *string); +#endif + +#if !defined(HAVE_SETENV) || defined(NEED_SETENV_PROTO) +int ROKEN_LIB_FUNCTION setenv(const char *var, const char *val, int rewrite); +#endif + +#if !defined(HAVE_UNSETENV) || defined(NEED_UNSETENV_PROTO) +void ROKEN_LIB_FUNCTION unsetenv(const char *name); +#endif + +#if !defined(HAVE_GETUSERSHELL) || defined(NEED_GETUSERSHELL_PROTO) +char * ROKEN_LIB_FUNCTION getusershell(void); +void ROKEN_LIB_FUNCTION endusershell(void); +#endif + +#if !defined(HAVE_SNPRINTF) || defined(NEED_SNPRINTF_PROTO) +int ROKEN_LIB_FUNCTION snprintf (char *str, size_t sz, const char *format, ...) + __attribute__ ((format (printf, 3, 4))); +#endif + +#if !defined(HAVE_VSNPRINTF) || defined(NEED_VSNPRINTF_PROTO) +int ROKEN_LIB_FUNCTION + vsnprintf (char *str, size_t sz, const char *format, va_list ap) + __attribute__((format (printf, 3, 0))); +#endif + +#if !defined(HAVE_ASPRINTF) || defined(NEED_ASPRINTF_PROTO) +int ROKEN_LIB_FUNCTION + asprintf (char **ret, const char *format, ...) + __attribute__ ((format (printf, 2, 3))); +#endif + +#if !defined(HAVE_VASPRINTF) || defined(NEED_VASPRINTF_PROTO) +int ROKEN_LIB_FUNCTION + vasprintf (char **ret, const char *format, va_list ap) + __attribute__((format (printf, 2, 0))); +#endif + +#if !defined(HAVE_ASNPRINTF) || defined(NEED_ASNPRINTF_PROTO) +int ROKEN_LIB_FUNCTION + asnprintf (char **ret, size_t max_sz, const char *format, ...) + __attribute__ ((format (printf, 3, 4))); +#endif + +#if !defined(HAVE_VASNPRINTF) || defined(NEED_VASNPRINTF_PROTO) +int ROKEN_LIB_FUNCTION + vasnprintf (char **ret, size_t max_sz, const char *format, va_list ap) + __attribute__((format (printf, 3, 0))); +#endif + +#ifndef HAVE_STRDUP +char * ROKEN_LIB_FUNCTION strdup(const char *old); +#endif + +#if !defined(HAVE_STRNDUP) || defined(NEED_STRNDUP_PROTO) +char * ROKEN_LIB_FUNCTION strndup(const char *old, size_t sz); +#endif + +#ifndef HAVE_STRLWR +char * ROKEN_LIB_FUNCTION strlwr(char *); +#endif + +#ifndef HAVE_STRNLEN +size_t ROKEN_LIB_FUNCTION strnlen(const char*, size_t); +#endif + +#if !defined(HAVE_STRSEP) || defined(NEED_STRSEP_PROTO) +char * ROKEN_LIB_FUNCTION strsep(char**, const char*); +#endif + +#if !defined(HAVE_STRSEP_COPY) || defined(NEED_STRSEP_COPY_PROTO) +ssize_t ROKEN_LIB_FUNCTION strsep_copy(const char**, const char*, char*, size_t); +#endif + +#ifndef HAVE_STRCASECMP +int ROKEN_LIB_FUNCTION strcasecmp(const char *s1, const char *s2); +#endif + +#ifdef NEED_FCLOSE_PROTO +int ROKEN_LIB_FUNCTION fclose(FILE *); +#endif + +#ifdef NEED_STRTOK_R_PROTO +char * ROKEN_LIB_FUNCTION strtok_r(char *s1, const char *s2, char **lasts); +#endif + +#ifndef HAVE_STRUPR +char * ROKEN_LIB_FUNCTION strupr(char *); +#endif + +#ifndef HAVE_STRLCPY +size_t ROKEN_LIB_FUNCTION strlcpy (char *dst, const char *src, size_t dst_sz); +#endif + +#ifndef HAVE_STRLCAT +size_t ROKEN_LIB_FUNCTION strlcat (char *dst, const char *src, size_t dst_sz); +#endif + +#ifndef HAVE_GETDTABLESIZE +int ROKEN_LIB_FUNCTION getdtablesize(void); +#endif + +#if !defined(HAVE_STRERROR) && !defined(strerror) +char * ROKEN_LIB_FUNCTION strerror(int eno); +#endif + +#if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO) +/* This causes a fatal error under Psoriasis */ +#if !(defined(SunOS) && (SunOS >= 50)) +const char * ROKEN_LIB_FUNCTION hstrerror(int herr); +#endif +#endif + +#if !HAVE_DECL_H_ERRNO +extern int h_errno; +#endif + +#if !defined(HAVE_INET_ATON) || defined(NEED_INET_ATON_PROTO) +int ROKEN_LIB_FUNCTION inet_aton(const char *cp, struct in_addr *adr); +#endif + +#ifndef HAVE_INET_NTOP +const char * ROKEN_LIB_FUNCTION +inet_ntop(int af, const void *src, char *dst, size_t size); +#endif + +#ifndef HAVE_INET_PTON +int ROKEN_LIB_FUNCTION +inet_pton(int af, const char *src, void *dst); +#endif + +#if !defined(HAVE_GETCWD) +char* ROKEN_LIB_FUNCTION getcwd(char *path, size_t size); +#endif + +#ifdef HAVE_PWD_H +#include +struct passwd * ROKEN_LIB_FUNCTION k_getpwnam (const char *user); +struct passwd * ROKEN_LIB_FUNCTION k_getpwuid (uid_t uid); +#endif + +const char * ROKEN_LIB_FUNCTION get_default_username (void); + +#ifndef HAVE_SETEUID +int ROKEN_LIB_FUNCTION seteuid(uid_t euid); +#endif + +#ifndef HAVE_SETEGID +int ROKEN_LIB_FUNCTION setegid(gid_t egid); +#endif + +#ifndef HAVE_LSTAT +int ROKEN_LIB_FUNCTION lstat(const char *path, struct stat *buf); +#endif + +#if !defined(HAVE_MKSTEMP) || defined(NEED_MKSTEMP_PROTO) +int ROKEN_LIB_FUNCTION mkstemp(char *); +#endif + +#ifndef HAVE_CGETENT +int ROKEN_LIB_FUNCTION cgetent(char **buf, char **db_array, const char *name); +int ROKEN_LIB_FUNCTION cgetstr(char *buf, const char *cap, char **str); +#endif + +#ifndef HAVE_INITGROUPS +int ROKEN_LIB_FUNCTION initgroups(const char *name, gid_t basegid); +#endif + +#ifndef HAVE_FCHOWN +int ROKEN_LIB_FUNCTION fchown(int fd, uid_t owner, gid_t group); +#endif + +#if !defined(HAVE_DAEMON) || defined(NEED_DAEMON_PROTO) +int ROKEN_LIB_FUNCTION daemon(int nochdir, int noclose); +#endif + +#ifndef HAVE_INNETGR +int ROKEN_LIB_FUNCTION innetgr(const char *netgroup, const char *machine, + const char *user, const char *domain); +#endif + +#ifndef HAVE_CHOWN +int ROKEN_LIB_FUNCTION chown(const char *path, uid_t owner, gid_t group); +#endif + +#ifndef HAVE_RCMD +int ROKEN_LIB_FUNCTION + rcmd(char **ahost, unsigned short inport, const char *locuser, + const char *remuser, const char *cmd, int *fd2p); +#endif + +#if !defined(HAVE_INNETGR) || defined(NEED_INNETGR_PROTO) +int ROKEN_LIB_FUNCTION innetgr(const char*, const char*, + const char*, const char*); +#endif + +#ifndef HAVE_IRUSEROK +int ROKEN_LIB_FUNCTION iruserok(unsigned raddr, int superuser, + const char *ruser, const char *luser); +#endif + +#if !defined(HAVE_GETHOSTNAME) || defined(NEED_GETHOSTNAME_PROTO) +int ROKEN_LIB_FUNCTION gethostname(char *name, int namelen); +#endif + +#ifndef HAVE_WRITEV +ssize_t ROKEN_LIB_FUNCTION +writev(int d, const struct iovec *iov, int iovcnt); +#endif + +#ifndef HAVE_READV +ssize_t ROKEN_LIB_FUNCTION +readv(int d, const struct iovec *iov, int iovcnt); +#endif + +#ifndef HAVE_MKSTEMP +int ROKEN_LIB_FUNCTION +mkstemp(char *template); +#endif + +#ifndef HAVE_PIDFILE +void ROKEN_LIB_FUNCTION pidfile (const char*); +#endif + +#ifndef HAVE_BSWAP32 +unsigned int ROKEN_LIB_FUNCTION bswap32(unsigned int); +#endif + +#ifndef HAVE_BSWAP16 +unsigned short ROKEN_LIB_FUNCTION bswap16(unsigned short); +#endif + +#ifndef HAVE_FLOCK +#ifndef LOCK_SH +#define LOCK_SH 1 /* Shared lock */ +#endif +#ifndef LOCK_EX +#define LOCK_EX 2 /* Exclusive lock */ +#endif +#ifndef LOCK_NB +#define LOCK_NB 4 /* Don't block when locking */ +#endif +#ifndef LOCK_UN +#define LOCK_UN 8 /* Unlock */ +#endif + +int flock(int fd, int operation); +#endif /* HAVE_FLOCK */ + +time_t ROKEN_LIB_FUNCTION tm2time (struct tm tm, int local); + +int ROKEN_LIB_FUNCTION unix_verify_user(char *user, char *password); + +int ROKEN_LIB_FUNCTION roken_concat (char *s, size_t len, ...); + +size_t ROKEN_LIB_FUNCTION roken_mconcat (char **s, size_t max_len, ...); + +int ROKEN_LIB_FUNCTION roken_vconcat (char *s, size_t len, va_list args); + +size_t ROKEN_LIB_FUNCTION + roken_vmconcat (char **s, size_t max_len, va_list args); + +ssize_t ROKEN_LIB_FUNCTION net_write (int fd, const void *buf, size_t nbytes); + +ssize_t ROKEN_LIB_FUNCTION net_read (int fd, void *buf, size_t nbytes); + +int ROKEN_LIB_FUNCTION issuid(void); + +#ifndef HAVE_STRUCT_WINSIZE +struct winsize { + unsigned short ws_row, ws_col; + unsigned short ws_xpixel, ws_ypixel; +}; +#endif + +int ROKEN_LIB_FUNCTION get_window_size(int fd, struct winsize *); + +#ifndef HAVE_VSYSLOG +void ROKEN_LIB_FUNCTION vsyslog(int pri, const char *fmt, va_list ap); +#endif + +#if !HAVE_DECL_OPTARG +extern char *optarg; +#endif +#if !HAVE_DECL_OPTIND +extern int optind; +#endif +#if !HAVE_DECL_OPTERR +extern int opterr; +#endif + +#if !HAVE_DECL_ENVIRON +extern char **environ; +#endif + +#ifndef HAVE_GETIPNODEBYNAME +struct hostent * ROKEN_LIB_FUNCTION +getipnodebyname (const char *name, int af, int flags, int *error_num); +#endif + +#ifndef HAVE_GETIPNODEBYADDR +struct hostent * ROKEN_LIB_FUNCTION +getipnodebyaddr (const void *src, size_t len, int af, int *error_num); +#endif + +#ifndef HAVE_FREEHOSTENT +void ROKEN_LIB_FUNCTION +freehostent (struct hostent *h); +#endif + +#ifndef HAVE_COPYHOSTENT +struct hostent * ROKEN_LIB_FUNCTION +copyhostent (const struct hostent *h); +#endif + +#ifndef HAVE_SOCKLEN_T +typedef int socklen_t; +#endif + +#ifndef HAVE_STRUCT_SOCKADDR_STORAGE + +#ifndef HAVE_SA_FAMILY_T +typedef unsigned short sa_family_t; +#endif + +#ifdef HAVE_IPV6 +#define _SS_MAXSIZE sizeof(struct sockaddr_in6) +#else +#define _SS_MAXSIZE sizeof(struct sockaddr_in) +#endif + +#define _SS_ALIGNSIZE sizeof(unsigned long) + +#if HAVE_STRUCT_SOCKADDR_SA_LEN + +typedef unsigned char roken_sa_family_t; + +#define _SS_PAD1SIZE ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t) - sizeof(unsigned char)) % _SS_ALIGNSIZE) +#define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + sizeof(unsigned char) + _SS_PAD1SIZE + _SS_ALIGNSIZE)) + +struct sockaddr_storage { + unsigned char ss_len; + roken_sa_family_t ss_family; + char __ss_pad1[_SS_PAD1SIZE]; + unsigned long __ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1]; +}; + +#else /* !HAVE_STRUCT_SOCKADDR_SA_LEN */ + +typedef unsigned short roken_sa_family_t; + +#define _SS_PAD1SIZE ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t)) % _SS_ALIGNSIZE) +#define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + _SS_PAD1SIZE + _SS_ALIGNSIZE)) + +struct sockaddr_storage { + roken_sa_family_t ss_family; + char __ss_pad1[_SS_PAD1SIZE]; + unsigned long __ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1]; +}; + +#endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */ + +#endif /* HAVE_STRUCT_SOCKADDR_STORAGE */ + +#ifndef HAVE_STRUCT_ADDRINFO +struct addrinfo { + int ai_flags; + int ai_family; + int ai_socktype; + int ai_protocol; + size_t ai_addrlen; + char *ai_canonname; + struct sockaddr *ai_addr; + struct addrinfo *ai_next; +}; +#endif + +#ifndef HAVE_GETADDRINFO +int ROKEN_LIB_FUNCTION +getaddrinfo(const char *nodename, + const char *servname, + const struct addrinfo *hints, + struct addrinfo **res); +#endif + +#ifndef HAVE_GETNAMEINFO +int ROKEN_LIB_FUNCTION +getnameinfo(const struct sockaddr *sa, socklen_t salen, + char *host, size_t hostlen, + char *serv, size_t servlen, + int flags); +#endif + +#ifndef HAVE_FREEADDRINFO +void ROKEN_LIB_FUNCTION +freeaddrinfo(struct addrinfo *ai); +#endif + +#ifndef HAVE_GAI_STRERROR +char * ROKEN_LIB_FUNCTION +gai_strerror(int ecode); +#endif + +int ROKEN_LIB_FUNCTION +getnameinfo_verified(const struct sockaddr *sa, socklen_t salen, + char *host, size_t hostlen, + char *serv, size_t servlen, + int flags); + +int ROKEN_LIB_FUNCTION +roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **); +int ROKEN_LIB_FUNCTION +roken_getaddrinfo_hostspec2(const char *, int, int, struct addrinfo **); + +#ifndef HAVE_STRFTIME +size_t ROKEN_LIB_FUNCTION +strftime (char *buf, size_t maxsize, const char *format, + const struct tm *tm); +#endif + +#ifndef HAVE_STRPTIME +char * ROKEN_LIB_FUNCTION +strptime (const char *buf, const char *format, struct tm *timeptr); +#endif + +#ifndef HAVE_EMALLOC +void * ROKEN_LIB_FUNCTION emalloc (size_t); +#endif +#ifndef HAVE_ECALLOC +void * ROKEN_LIB_FUNCTION ecalloc(size_t num, size_t sz); +#endif +#ifndef HAVE_EREALLOC +void * ROKEN_LIB_FUNCTION erealloc (void *, size_t); +#endif +#ifndef HAVE_ESTRDUP +char * ROKEN_LIB_FUNCTION estrdup (const char *); +#endif + +/* + * kludges and such + */ + +#if 1 +int ROKEN_LIB_FUNCTION +roken_gethostby_setup(const char*, const char*); +struct hostent* ROKEN_LIB_FUNCTION +roken_gethostbyname(const char*); +struct hostent* ROKEN_LIB_FUNCTION +roken_gethostbyaddr(const void*, size_t, int); +#else +#ifdef GETHOSTBYNAME_PROTO_COMPATIBLE +#define roken_gethostbyname(x) gethostbyname(x) +#else +#define roken_gethostbyname(x) gethostbyname((char *)x) +#endif + +#ifdef GETHOSTBYADDR_PROTO_COMPATIBLE +#define roken_gethostbyaddr(a, l, t) gethostbyaddr(a, l, t) +#else +#define roken_gethostbyaddr(a, l, t) gethostbyaddr((char *)a, l, t) +#endif +#endif + +#ifdef GETSERVBYNAME_PROTO_COMPATIBLE +#define roken_getservbyname(x,y) getservbyname(x,y) +#else +#define roken_getservbyname(x,y) getservbyname((char *)x, (char *)y) +#endif + +#ifdef OPENLOG_PROTO_COMPATIBLE +#define roken_openlog(a,b,c) openlog(a,b,c) +#else +#define roken_openlog(a,b,c) openlog((char *)a,b,c) +#endif + +#ifdef GETSOCKNAME_PROTO_COMPATIBLE +#define roken_getsockname(a,b,c) getsockname(a,b,c) +#else +#define roken_getsockname(a,b,c) getsockname(a, b, (void*)c) +#endif + +#ifndef HAVE_SETPROGNAME +void ROKEN_LIB_FUNCTION setprogname(const char *argv0); +#endif + +#ifndef HAVE_GETPROGNAME +const char * ROKEN_LIB_FUNCTION getprogname(void); +#endif + +#if !defined(HAVE_SETPROGNAME) && !defined(HAVE_GETPROGNAME) && !HAVE_DECL___PROGNAME +extern const char *__progname; +#endif + +void ROKEN_LIB_FUNCTION mini_inetd_addrinfo (struct addrinfo*); +void ROKEN_LIB_FUNCTION mini_inetd (int port); + +#ifndef HAVE_LOCALTIME_R +struct tm * ROKEN_LIB_FUNCTION +localtime_r(const time_t *timer, struct tm *result); +#endif + +#if !defined(HAVE_STRSVIS) || defined(NEED_STRSVIS_PROTO) +int ROKEN_LIB_FUNCTION +strsvis(char *dst, const char *src, int flag, const char *extra); +#endif + +#if !defined(HAVE_STRUNVIS) || defined(NEED_STRUNVIS_PROTO) +int ROKEN_LIB_FUNCTION +strunvis(char *dst, const char *src); +#endif + +#if !defined(HAVE_STRVIS) || defined(NEED_STRVIS_PROTO) +int ROKEN_LIB_FUNCTION +strvis(char *dst, const char *src, int flag); +#endif + +#if !defined(HAVE_STRVISX) || defined(NEED_STRVISX_PROTO) +int ROKEN_LIB_FUNCTION +strvisx(char *dst, const char *src, size_t len, int flag); +#endif + +#if !defined(HAVE_SVIS) || defined(NEED_SVIS_PROTO) +char * ROKEN_LIB_FUNCTION +svis(char *dst, int c, int flag, int nextc, const char *extra); +#endif + +#if !defined(HAVE_UNVIS) || defined(NEED_UNVIS_PROTO) +int ROKEN_LIB_FUNCTION +unvis(char *cp, int c, int *astate, int flag); +#endif + +#if !defined(HAVE_VIS) || defined(NEED_VIS_PROTO) +char * ROKEN_LIB_FUNCTION +vis(char *dst, int c, int flag, int nextc); +#endif + +#if !defined(HAVE_CLOSEFROM) +int ROKEN_LIB_FUNCTION +closefrom(int); +#endif + +ROKEN_CPP_END diff --git a/source4/heimdal/lib/roken/roken_gethostby.c b/source4/heimdal/lib/roken/roken_gethostby.c new file mode 100644 index 0000000000..2df3f83e36 --- /dev/null +++ b/source4/heimdal/lib/roken/roken_gethostby.c @@ -0,0 +1,274 @@ +/* + * Copyright (c) 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: roken_gethostby.c,v 1.7 2005/04/12 11:29:03 lha Exp $"); +#endif + +#include + +#undef roken_gethostbyname +#undef roken_gethostbyaddr + +static struct sockaddr_in dns_addr; +static char *dns_req; + +static int +make_address(const char *address, struct in_addr *ip) +{ + if(inet_aton(address, ip) == 0){ + /* try to resolve as hostname, it might work if the address we + are trying to lookup is local, for instance a web proxy */ + struct hostent *he = gethostbyname(address); + if(he) { + unsigned char *p = (unsigned char*)he->h_addr; + ip->s_addr = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + } else { + return -1; + } + } + return 0; +} + +static int +setup_int(const char *proxy_host, short proxy_port, + const char *dns_host, short dns_port, + const char *dns_path) +{ + memset(&dns_addr, 0, sizeof(dns_addr)); + if(dns_req) + free(dns_req); + if(proxy_host) { + if(make_address(proxy_host, &dns_addr.sin_addr) != 0) + return -1; + dns_addr.sin_port = htons(proxy_port); + asprintf(&dns_req, "http://%s:%d%s", dns_host, dns_port, dns_path); + } else { + if(make_address(dns_host, &dns_addr.sin_addr) != 0) + return -1; + dns_addr.sin_port = htons(dns_port); + asprintf(&dns_req, "%s", dns_path); + } + dns_addr.sin_family = AF_INET; + return 0; +} + +static void +split_spec(const char *spec, char **host, int *port, char **path, int def_port) +{ + char *p; + *host = strdup(spec); + p = strchr(*host, ':'); + if(p) { + *p++ = '\0'; + if(sscanf(p, "%d", port) != 1) + *port = def_port; + } else + *port = def_port; + p = strchr(p ? p : *host, '/'); + if(p) { + if(path) + *path = strdup(p); + *p = '\0'; + }else + if(path) + *path = NULL; +} + + +int ROKEN_LIB_FUNCTION +roken_gethostby_setup(const char *proxy_spec, const char *dns_spec) +{ + char *proxy_host = NULL; + int proxy_port; + char *dns_host, *dns_path; + int dns_port; + + int ret = -1; + + split_spec(dns_spec, &dns_host, &dns_port, &dns_path, 80); + if(dns_path == NULL) + goto out; + if(proxy_spec) + split_spec(proxy_spec, &proxy_host, &proxy_port, NULL, 80); + ret = setup_int(proxy_host, proxy_port, dns_host, dns_port, dns_path); +out: + free(proxy_host); + free(dns_host); + free(dns_path); + return ret; +} + + +/* Try to lookup a name or an ip-address using http as transport + mechanism. See the end of this file for an example program. */ +static struct hostent* +roken_gethostby(const char *hostname) +{ + int s; + struct sockaddr_in addr; + char *request; + char buf[1024]; + int offset = 0; + int n; + char *p, *foo; + + if(dns_addr.sin_family == 0) + return NULL; /* no configured host */ + addr = dns_addr; + asprintf(&request, "GET %s?%s HTTP/1.0\r\n\r\n", dns_req, hostname); + if(request == NULL) + return NULL; + s = socket(AF_INET, SOCK_STREAM, 0); + if(s < 0) { + free(request); + return NULL; + } + if(connect(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) { + close(s); + free(request); + return NULL; + } + if(write(s, request, strlen(request)) != strlen(request)) { + close(s); + free(request); + return NULL; + } + free(request); + while(1) { + n = read(s, buf + offset, sizeof(buf) - offset); + if(n <= 0) + break; + offset += n; + } + buf[offset] = '\0'; + close(s); + p = strstr(buf, "\r\n\r\n"); /* find end of header */ + if(p) p += 4; + else return NULL; + foo = NULL; + p = strtok_r(p, " \t\r\n", &foo); + if(p == NULL) + return NULL; + { + /* make a hostent to return */ +#define MAX_ADDRS 16 + static struct hostent he; + static char addrs[4 * MAX_ADDRS]; + static char *addr_list[MAX_ADDRS]; + int num_addrs = 0; + + he.h_name = p; + he.h_aliases = NULL; + he.h_addrtype = AF_INET; + he.h_length = 4; + + while((p = strtok_r(NULL, " \t\r\n", &foo)) && num_addrs < MAX_ADDRS) { + struct in_addr ip; + inet_aton(p, &ip); + ip.s_addr = ntohl(ip.s_addr); + addr_list[num_addrs] = &addrs[num_addrs * 4]; + addrs[num_addrs * 4 + 0] = (ip.s_addr >> 24) & 0xff; + addrs[num_addrs * 4 + 1] = (ip.s_addr >> 16) & 0xff; + addrs[num_addrs * 4 + 2] = (ip.s_addr >> 8) & 0xff; + addrs[num_addrs * 4 + 3] = (ip.s_addr >> 0) & 0xff; + addr_list[++num_addrs] = NULL; + } + he.h_addr_list = addr_list; + return &he; + } +} + +struct hostent* +roken_gethostbyname(const char *hostname) +{ + struct hostent *he; + he = gethostbyname(hostname); + if(he) + return he; + return roken_gethostby(hostname); +} + +struct hostent* ROKEN_LIB_FUNCTION +roken_gethostbyaddr(const void *addr, size_t len, int type) +{ + struct in_addr a; + const char *p; + struct hostent *he; + he = gethostbyaddr(addr, len, type); + if(he) + return he; + if(type != AF_INET || len != 4) + return NULL; + p = addr; + a.s_addr = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); + return roken_gethostby(inet_ntoa(a)); +} + +#if 0 + +/* this program can be used as a cgi `script' to lookup names and + ip-addresses */ + +#include +#include +#include +#include + +int +main(int argc, char **argv) +{ + char *query = getenv("QUERY_STRING"); + char host[MAXHOSTNAMELEN]; + int i; + struct hostent *he; + + printf("Content-type: text/plain\n\n"); + if(query == NULL) + exit(0); + he = gethostbyname(query); + strncpy(host, he->h_name, sizeof(host)); + host[sizeof(host) - 1] = '\0'; + he = gethostbyaddr(he->h_addr, he->h_length, AF_INET); + printf("%s\n", he->h_name); + for(i = 0; he->h_addr_list[i]; i++) { + struct in_addr ip; + unsigned char *p = (unsigned char*)he->h_addr_list[i]; + ip.s_addr = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); + printf("%s\n", inet_ntoa(ip)); + } + exit(0); +} + +#endif diff --git a/source4/heimdal/lib/roken/setprogname.c b/source4/heimdal/lib/roken/setprogname.c new file mode 100644 index 0000000000..9c4210da9b --- /dev/null +++ b/source4/heimdal/lib/roken/setprogname.c @@ -0,0 +1,61 @@ +/* + * Copyright (c) 1995-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: setprogname.c,v 1.3 2005/04/12 11:29:05 lha Exp $"); +#endif + +#include "roken.h" + +#ifndef HAVE___PROGNAME +extern const char *__progname; +#endif + +#ifndef HAVE_SETPROGNAME +void ROKEN_LIB_FUNCTION +setprogname(const char *argv0) +{ +#ifndef HAVE___PROGNAME + char *p; + if(argv0 == NULL) + return; + p = strrchr(argv0, '/'); + if(p == NULL) + p = (char *)argv0; + else + p++; + __progname = p; +#endif +} +#endif /* HAVE_SETPROGNAME */ diff --git a/source4/heimdal/lib/roken/signal.c b/source4/heimdal/lib/roken/signal.c new file mode 100644 index 0000000000..d92742d9fb --- /dev/null +++ b/source4/heimdal/lib/roken/signal.c @@ -0,0 +1,80 @@ +/* + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: signal.c,v 1.13 2005/04/12 11:29:05 lha Exp $"); +#endif + +#include +#include "roken.h" + +/* + * We would like to always use this signal but there is a link error + * on NEXTSTEP + */ +#if !defined(NeXT) && !defined(__APPLE__) +/* + * Bugs: + * + * Do we need any extra hacks for SIGCLD and/or SIGCHLD? + */ + +SigAction ROKEN_LIB_FUNCTION +signal(int iSig, SigAction pAction) +{ + struct sigaction saNew, saOld; + + saNew.sa_handler = pAction; + sigemptyset(&saNew.sa_mask); + saNew.sa_flags = 0; + + if (iSig == SIGALRM) + { +#ifdef SA_INTERRUPT + saNew.sa_flags |= SA_INTERRUPT; +#endif + } + else + { +#ifdef SA_RESTART + saNew.sa_flags |= SA_RESTART; +#endif + } + + if (sigaction(iSig, &saNew, &saOld) < 0) + return(SIG_ERR); + + return(saOld.sa_handler); +} +#endif diff --git a/source4/heimdal/lib/roken/strlwr.c b/source4/heimdal/lib/roken/strlwr.c new file mode 100644 index 0000000000..c0ef46dc35 --- /dev/null +++ b/source4/heimdal/lib/roken/strlwr.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: strlwr.c,v 1.6 2005/04/12 11:29:09 lha Exp $"); +#endif +#include +#include + +#include + +#ifndef HAVE_STRLWR +char * ROKEN_LIB_FUNCTION +strlwr(char *str) +{ + char *s; + + for(s = str; *s; s++) + *s = tolower((unsigned char)*s); + return str; +} +#endif diff --git a/source4/heimdal/lib/roken/strpool.c b/source4/heimdal/lib/roken/strpool.c new file mode 100644 index 0000000000..8ee95654cb --- /dev/null +++ b/source4/heimdal/lib/roken/strpool.c @@ -0,0 +1,111 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: strpool.c,v 1.1 2005/06/28 22:46:57 lha Exp $"); +#endif + +#include +#include +#include + +struct rk_strpool { + char *str; + size_t len; +}; + +/* + * + */ + +void ROKEN_LIB_FUNCTION +rk_strpoolfree(struct rk_strpool *p) +{ + if (p->str) { + free(p->str); + p->str = NULL; + } + free(p); +} + +/* + * + */ + +struct rk_strpool * ROKEN_LIB_FUNCTION +rk_strpoolprintf(struct rk_strpool *p, const char *fmt, ...) +{ + va_list ap; + char *str, *str2; + int len; + + if (p == NULL) { + p = malloc(sizeof(*p)); + if (p == NULL) + return NULL; + p->str = NULL; + p->len = 0; + } + va_start(ap, fmt); + len = vasprintf(&str, fmt, ap); + va_end(ap); + if (str == NULL) { + printf("vasprintf"); + rk_strpoolfree(p); + return NULL; + } + str2 = realloc(p->str, len + p->len + 1); + if (str2 == NULL) { + printf("realloc"); + rk_strpoolfree(p); + return NULL; + } + p->str = str2; + memcpy(p->str + p->len, str, len + 1); + p->len += len; + return p; +} + +/* + * + */ + +char * ROKEN_LIB_FUNCTION +rk_strpoolcollect(struct rk_strpool *p) +{ + char *str = p->str; + p->str = NULL; + free(p); + return str; +} diff --git a/source4/heimdal/lib/roken/strsep_copy.c b/source4/heimdal/lib/roken/strsep_copy.c new file mode 100644 index 0000000000..5149838547 --- /dev/null +++ b/source4/heimdal/lib/roken/strsep_copy.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2000, 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: strsep_copy.c,v 1.5 2005/04/12 11:29:11 lha Exp $"); +#endif + +#include + +#include "roken.h" + +#ifndef HAVE_STRSEP_COPY + +/* strsep, but with const stringp, so return string in buf */ + +ssize_t ROKEN_LIB_FUNCTION +strsep_copy(const char **stringp, const char *delim, char *buf, size_t len) +{ + const char *save = *stringp; + size_t l; + if(save == NULL) + return -1; + *stringp = *stringp + strcspn(*stringp, delim); + l = min(len, *stringp - save); + if(len > 0) { + memcpy(buf, save, l); + buf[l] = '\0'; + } + + l = *stringp - save; + if(**stringp == '\0') + *stringp = NULL; + else + (*stringp)++; + return l; +} + +#endif diff --git a/source4/heimdal/lib/roken/strupr.c b/source4/heimdal/lib/roken/strupr.c new file mode 100644 index 0000000000..4763a1a111 --- /dev/null +++ b/source4/heimdal/lib/roken/strupr.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: strupr.c,v 1.6 2005/04/12 11:29:11 lha Exp $"); +#endif +#include +#include + +#include + +#ifndef HAVE_STRUPR +char * ROKEN_LIB_FUNCTION +strupr(char *str) +{ + char *s; + + for(s = str; *s; s++) + *s = toupper((unsigned char)*s); + return str; +} +#endif diff --git a/source4/heimdal/lib/roken/vis.c b/source4/heimdal/lib/roken/vis.c new file mode 100644 index 0000000000..a4bde71e9b --- /dev/null +++ b/source4/heimdal/lib/roken/vis.c @@ -0,0 +1,330 @@ +/* $NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $ */ + +/*- + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/*- + * Copyright (c) 1999 The NetBSD Foundation, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + + +#if 1 +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: vis.c,v 1.9 2005/04/12 11:29:15 lha Exp $"); +#endif +#include +#ifndef _DIAGASSERT +#define _DIAGASSERT(X) +#endif +#else +#include +#if !defined(lint) +__RCSID("$NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $"); +#endif /* not lint */ +#endif + +#if 0 +#include "namespace.h" +#endif +#include + +#include +#include +#include +#include +#include +#include + +#if 0 +#ifdef __weak_alias +__weak_alias(strsvis,_strsvis) +__weak_alias(strsvisx,_strsvisx) +__weak_alias(strvis,_strvis) +__weak_alias(strvisx,_strvisx) +__weak_alias(svis,_svis) +__weak_alias(vis,_vis) +#endif +#endif + +#undef BELL +#if defined(__STDC__) +#define BELL '\a' +#else +#define BELL '\007' +#endif + +#define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7') +#define iswhite(c) (c == ' ' || c == '\t' || c == '\n') +#define issafe(c) (c == '\b' || c == BELL || c == '\r') + +#define MAXEXTRAS 5 + + +#define MAKEEXTRALIST(flag, extra) \ +do { \ + char *pextra = extra; \ + if (flag & VIS_SP) *pextra++ = ' '; \ + if (flag & VIS_TAB) *pextra++ = '\t'; \ + if (flag & VIS_NL) *pextra++ = '\n'; \ + if ((flag & VIS_NOSLASH) == 0) *pextra++ = '\\'; \ + *pextra = '\0'; \ +} while (/*CONSTCOND*/0) + +/* + * This is SVIS, the central macro of vis. + * dst: Pointer to the destination buffer + * c: Character to encode + * flag: Flag word + * nextc: The character following 'c' + * extra: Pointer to the list of extra characters to be + * backslash-protected. + */ +#define SVIS(dst, c, flag, nextc, extra) \ +do { \ + int isextra, isc; \ + isextra = strchr(extra, c) != NULL; \ + if (!isextra && \ + isascii((unsigned char)c) && \ + (isgraph((unsigned char)c) || iswhite(c) || \ + ((flag & VIS_SAFE) && issafe(c)))) { \ + *dst++ = c; \ + break; \ + } \ + isc = 0; \ + if (flag & VIS_CSTYLE) { \ + switch (c) { \ + case '\n': \ + isc = 1; *dst++ = '\\'; *dst++ = 'n'; \ + break; \ + case '\r': \ + isc = 1; *dst++ = '\\'; *dst++ = 'r'; \ + break; \ + case '\b': \ + isc = 1; *dst++ = '\\'; *dst++ = 'b'; \ + break; \ + case BELL: \ + isc = 1; *dst++ = '\\'; *dst++ = 'a'; \ + break; \ + case '\v': \ + isc = 1; *dst++ = '\\'; *dst++ = 'v'; \ + break; \ + case '\t': \ + isc = 1; *dst++ = '\\'; *dst++ = 't'; \ + break; \ + case '\f': \ + isc = 1; *dst++ = '\\'; *dst++ = 'f'; \ + break; \ + case ' ': \ + isc = 1; *dst++ = '\\'; *dst++ = 's'; \ + break; \ + case '\0': \ + isc = 1; *dst++ = '\\'; *dst++ = '0'; \ + if (isoctal(nextc)) { \ + *dst++ = '0'; \ + *dst++ = '0'; \ + } \ + } \ + } \ + if (isc) break; \ + if (isextra || ((c & 0177) == ' ') || (flag & VIS_OCTAL)) { \ + *dst++ = '\\'; \ + *dst++ = (u_char)(((unsigned)(u_char)c >> 6) & 03) + '0'; \ + *dst++ = (u_char)(((unsigned)(u_char)c >> 3) & 07) + '0'; \ + *dst++ = (c & 07) + '0'; \ + } else { \ + if ((flag & VIS_NOSLASH) == 0) *dst++ = '\\'; \ + if (c & 0200) { \ + c &= 0177; *dst++ = 'M'; \ + } \ + if (iscntrl((unsigned char)c)) { \ + *dst++ = '^'; \ + if (c == 0177) \ + *dst++ = '?'; \ + else \ + *dst++ = c + '@'; \ + } else { \ + *dst++ = '-'; *dst++ = c; \ + } \ + } \ +} while (/*CONSTCOND*/0) + + +/* + * svis - visually encode characters, also encoding the characters + * pointed to by `extra' + */ +#ifndef HAVE_SVIS +char * ROKEN_LIB_FUNCTION +svis(char *dst, int c, int flag, int nextc, const char *extra) +{ + _DIAGASSERT(dst != NULL); + _DIAGASSERT(extra != NULL); + + SVIS(dst, c, flag, nextc, extra); + *dst = '\0'; + return(dst); +} +#endif + + +/* + * strsvis, strsvisx - visually encode characters from src into dst + * + * Extra is a pointer to a \0-terminated list of characters to + * be encoded, too. These functions are useful e. g. to + * encode strings in such a way so that they are not interpreted + * by a shell. + * + * Dst must be 4 times the size of src to account for possible + * expansion. The length of dst, not including the trailing NULL, + * is returned. + * + * Strsvisx encodes exactly len bytes from src into dst. + * This is useful for encoding a block of data. + */ +#ifndef HAVE_STRSVIS +int ROKEN_LIB_FUNCTION +strsvis(char *dst, const char *src, int flag, const char *extra) +{ + char c; + char *start; + + _DIAGASSERT(dst != NULL); + _DIAGASSERT(src != NULL); + _DIAGASSERT(extra != NULL); + + for (start = dst; (c = *src++) != '\0'; /* empty */) + SVIS(dst, c, flag, *src, extra); + *dst = '\0'; + return (dst - start); +} +#endif + + +#ifndef HAVE_STRVISX +int ROKEN_LIB_FUNCTION +strsvisx(char *dst, const char *src, size_t len, int flag, const char *extra) +{ + char c; + char *start; + + _DIAGASSERT(dst != NULL); + _DIAGASSERT(src != NULL); + _DIAGASSERT(extra != NULL); + + for (start = dst; len > 0; len--) { + c = *src++; + SVIS(dst, c, flag, len ? *src : '\0', extra); + } + *dst = '\0'; + return (dst - start); +} +#endif + + +/* + * vis - visually encode characters + */ +#ifndef HAVE_VIS +char * ROKEN_LIB_FUNCTION +vis(char *dst, int c, int flag, int nextc) +{ + char extra[MAXEXTRAS]; + + _DIAGASSERT(dst != NULL); + + MAKEEXTRALIST(flag, extra); + SVIS(dst, c, flag, nextc, extra); + *dst = '\0'; + return (dst); +} +#endif + + +/* + * strvis, strvisx - visually encode characters from src into dst + * + * Dst must be 4 times the size of src to account for possible + * expansion. The length of dst, not including the trailing NULL, + * is returned. + * + * Strvisx encodes exactly len bytes from src into dst. + * This is useful for encoding a block of data. + */ +#ifndef HAVE_STRVIS +int ROKEN_LIB_FUNCTION +strvis(char *dst, const char *src, int flag) +{ + char extra[MAXEXTRAS]; + + MAKEEXTRALIST(flag, extra); + return (strsvis(dst, src, flag, extra)); +} +#endif + + +#ifndef HAVE_STRVISX +int ROKEN_LIB_FUNCTION +strvisx(char *dst, const char *src, size_t len, int flag) +{ + char extra[MAXEXTRAS]; + + MAKEEXTRALIST(flag, extra); + return (strsvisx(dst, src, len, flag, extra)); +} +#endif diff --git a/source4/heimdal/lib/roken/vis.hin b/source4/heimdal/lib/roken/vis.hin new file mode 100644 index 0000000000..5b45c94362 --- /dev/null +++ b/source4/heimdal/lib/roken/vis.hin @@ -0,0 +1,98 @@ +/* $NetBSD: vis.h,v 1.11 1999/11/25 16:55:50 wennmach Exp $ */ +/* $Id: vis.hin,v 1.3 2005/04/12 11:29:15 lha Exp $ */ + +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)vis.h 8.1 (Berkeley) 6/2/93 + */ + +#ifndef _VIS_H_ +#define _VIS_H_ + +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION _stdcall +#else +#define ROKEN_LIB_FUNCTION +#endif +#endif + +/* + * to select alternate encoding format + */ +#define VIS_OCTAL 0x01 /* use octal \ddd format */ +#define VIS_CSTYLE 0x02 /* use \[nrft0..] where appropiate */ + +/* + * to alter set of characters encoded (default is to encode all + * non-graphic except space, tab, and newline). + */ +#define VIS_SP 0x04 /* also encode space */ +#define VIS_TAB 0x08 /* also encode tab */ +#define VIS_NL 0x10 /* also encode newline */ +#define VIS_WHITE (VIS_SP | VIS_TAB | VIS_NL) +#define VIS_SAFE 0x20 /* only encode "unsafe" characters */ + +/* + * other + */ +#define VIS_NOSLASH 0x40 /* inhibit printing '\' */ + +/* + * unvis return codes + */ +#define UNVIS_VALID 1 /* character valid */ +#define UNVIS_VALIDPUSH 2 /* character valid, push back passed char */ +#define UNVIS_NOCHAR 3 /* valid sequence, no character produced */ +#define UNVIS_SYNBAD -1 /* unrecognized escape sequence */ +#define UNVIS_ERROR -2 /* decoder in unknown state (unrecoverable) */ + +/* + * unvis flags + */ +#define UNVIS_END 1 /* no more characters */ + +char ROKEN_LIB_FUNCTION + *vis (char *, int, int, int); +char ROKEN_LIB_FUNCTION + *svis (char *, int, int, int, const char *); +int ROKEN_LIB_FUNCTION + strvis (char *, const char *, int); +int ROKEN_LIB_FUNCTION + strsvis (char *, const char *, int, const char *); +int ROKEN_LIB_FUNCTION + strvisx (char *, const char *, size_t, int); +int ROKEN_LIB_FUNCTION + strsvisx (char *, const char *, size_t, int, const char *); +int ROKEN_LIB_FUNCTION + strunvis (char *, const char *); +int ROKEN_LIB_FUNCTION + unvis (char *, int, int *, int); + +#endif /* !_VIS_H_ */ -- cgit From 14fb42204b894f6c46a84f441e0bc1923f3ac9ac Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 11 Jul 2005 02:49:32 +0000 Subject: r8307: try to cope with flex and bison not being installed, in a similar fashion to yapp for pidl if they are installed, then we rebuild the generated files, otherwise we use the ones in svn (This used to be commit 6ab503b7cc902b8691dc80907bb44f1f705ab8ee) --- source4/heimdal/lib/asn1/lex.c | 2098 +++++++++++++++++++++++++++++++++++ source4/heimdal/lib/asn1/parse.c | 1689 ++++++++++++++++++++++++++++ source4/heimdal/lib/asn1/parse.h | 115 ++ source4/heimdal/lib/com_err/lex.c | 1862 +++++++++++++++++++++++++++++++ source4/heimdal/lib/com_err/parse.c | 1396 +++++++++++++++++++++++ source4/heimdal/lib/com_err/parse.h | 70 ++ 6 files changed, 7230 insertions(+) create mode 100644 source4/heimdal/lib/asn1/lex.c create mode 100644 source4/heimdal/lib/asn1/parse.c create mode 100644 source4/heimdal/lib/asn1/parse.h create mode 100644 source4/heimdal/lib/com_err/lex.c create mode 100644 source4/heimdal/lib/com_err/parse.c create mode 100644 source4/heimdal/lib/com_err/parse.h (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c new file mode 100644 index 0000000000..655dbeb9d2 --- /dev/null +++ b/source4/heimdal/lib/asn1/lex.c @@ -0,0 +1,2098 @@ + +#line 3 "lex.yy.c" + +#define YY_INT_ALIGNED short int + +/* A lexical scanner generated by flex */ + +#define FLEX_SCANNER +#define YY_FLEX_MAJOR_VERSION 2 +#define YY_FLEX_MINOR_VERSION 5 +#define YY_FLEX_SUBMINOR_VERSION 31 +#if YY_FLEX_SUBMINOR_VERSION > 0 +#define FLEX_BETA +#endif + +/* First, we deal with platform-specific or compiler-specific issues. */ + +/* begin standard C headers. */ +#include +#include +#include +#include + +/* end standard C headers. */ + +/* flex integer type definitions */ + +#ifndef FLEXINT_H +#define FLEXINT_H + +/* C99 systems have . Non-C99 systems may or may not. */ + +#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L +#include +typedef int8_t flex_int8_t; +typedef uint8_t flex_uint8_t; +typedef int16_t flex_int16_t; +typedef uint16_t flex_uint16_t; +typedef int32_t flex_int32_t; +typedef uint32_t flex_uint32_t; +#else +typedef signed char flex_int8_t; +typedef short int flex_int16_t; +typedef int flex_int32_t; +typedef unsigned char flex_uint8_t; +typedef unsigned short int flex_uint16_t; +typedef unsigned int flex_uint32_t; +#endif /* ! C99 */ + +/* Limits of integral types. */ +#ifndef INT8_MIN +#define INT8_MIN (-128) +#endif +#ifndef INT16_MIN +#define INT16_MIN (-32767-1) +#endif +#ifndef INT32_MIN +#define INT32_MIN (-2147483647-1) +#endif +#ifndef INT8_MAX +#define INT8_MAX (127) +#endif +#ifndef INT16_MAX +#define INT16_MAX (32767) +#endif +#ifndef INT32_MAX +#define INT32_MAX (2147483647) +#endif +#ifndef UINT8_MAX +#define UINT8_MAX (255U) +#endif +#ifndef UINT16_MAX +#define UINT16_MAX (65535U) +#endif +#ifndef UINT32_MAX +#define UINT32_MAX (4294967295U) +#endif + +#endif /* ! FLEXINT_H */ + +#ifdef __cplusplus + +/* The "const" storage-class-modifier is valid. */ +#define YY_USE_CONST + +#else /* ! __cplusplus */ + +#if __STDC__ + +#define YY_USE_CONST + +#endif /* __STDC__ */ +#endif /* ! __cplusplus */ + +#ifdef YY_USE_CONST +#define yyconst const +#else +#define yyconst +#endif + +/* Returned upon end-of-file. */ +#define YY_NULL 0 + +/* Promotes a possibly negative, possibly signed char to an unsigned + * integer for use as an array index. If the signed char is negative, + * we want to instead treat it as an 8-bit unsigned char, hence the + * double cast. + */ +#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) + +/* Enter a start condition. This macro really ought to take a parameter, + * but we do it the disgusting crufty way forced on us by the ()-less + * definition of BEGIN. + */ +#define BEGIN (yy_start) = 1 + 2 * + +/* Translate the current start state into a value that can be later handed + * to BEGIN to return to the state. The YYSTATE alias is for lex + * compatibility. + */ +#define YY_START (((yy_start) - 1) / 2) +#define YYSTATE YY_START + +/* Action number for EOF rule of a given start state. */ +#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) + +/* Special action meaning "start processing a new file". */ +#define YY_NEW_FILE yyrestart(yyin ) + +#define YY_END_OF_BUFFER_CHAR 0 + +/* Size of default input buffer. */ +#ifndef YY_BUF_SIZE +#define YY_BUF_SIZE 16384 +#endif + +#ifndef YY_TYPEDEF_YY_BUFFER_STATE +#define YY_TYPEDEF_YY_BUFFER_STATE +typedef struct yy_buffer_state *YY_BUFFER_STATE; +#endif + +extern int yyleng; + +extern FILE *yyin, *yyout; + +#define EOB_ACT_CONTINUE_SCAN 0 +#define EOB_ACT_END_OF_FILE 1 +#define EOB_ACT_LAST_MATCH 2 + + #define YY_LESS_LINENO(n) + +/* Return all but the first "n" matched characters back to the input stream. */ +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + *yy_cp = (yy_hold_char); \ + YY_RESTORE_YY_MORE_OFFSET \ + (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ + YY_DO_BEFORE_ACTION; /* set up yytext again */ \ + } \ + while ( 0 ) + +#define unput(c) yyunput( c, (yytext_ptr) ) + +/* The following is because we cannot portably get our hands on size_t + * (without autoconf's help, which isn't available because we want + * flex-generated scanners to compile on their own). + */ + +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef unsigned int yy_size_t; +#endif + +#ifndef YY_STRUCT_YY_BUFFER_STATE +#define YY_STRUCT_YY_BUFFER_STATE +struct yy_buffer_state + { + FILE *yy_input_file; + + char *yy_ch_buf; /* input buffer */ + char *yy_buf_pos; /* current position in input buffer */ + + /* Size of input buffer in bytes, not including room for EOB + * characters. + */ + yy_size_t yy_buf_size; + + /* Number of characters read into yy_ch_buf, not including EOB + * characters. + */ + int yy_n_chars; + + /* Whether we "own" the buffer - i.e., we know we created it, + * and can realloc() it to grow it, and should free() it to + * delete it. + */ + int yy_is_our_buffer; + + /* Whether this is an "interactive" input source; if so, and + * if we're using stdio for input, then we want to use getc() + * instead of fread(), to make sure we stop fetching input after + * each newline. + */ + int yy_is_interactive; + + /* Whether we're considered to be at the beginning of a line. + * If so, '^' rules will be active on the next match, otherwise + * not. + */ + int yy_at_bol; + + int yy_bs_lineno; /**< The line count. */ + int yy_bs_column; /**< The column count. */ + + /* Whether to try to fill the input buffer when we reach the + * end of it. + */ + int yy_fill_buffer; + + int yy_buffer_status; + +#define YY_BUFFER_NEW 0 +#define YY_BUFFER_NORMAL 1 + /* When an EOF's been seen but there's still some text to process + * then we mark the buffer as YY_EOF_PENDING, to indicate that we + * shouldn't try reading from the input source any more. We might + * still have a bunch of tokens to match, though, because of + * possible backing-up. + * + * When we actually see the EOF, we change the status to "new" + * (via yyrestart()), so that the user can continue scanning by + * just pointing yyin at a new input file. + */ +#define YY_BUFFER_EOF_PENDING 2 + + }; +#endif /* !YY_STRUCT_YY_BUFFER_STATE */ + +/* Stack of input buffers. */ +static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ +static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ +static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ + +/* We provide macros for accessing buffer states in case in the + * future we want to put the buffer states in a more general + * "scanner state". + * + * Returns the top of the stack, or NULL. + */ +#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ + ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ + : NULL) + +/* Same as previous macro, but useful when we know that the buffer stack is not + * NULL or when we need an lvalue. For internal use only. + */ +#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] + +/* yy_hold_char holds the character lost when yytext is formed. */ +static char yy_hold_char; +static int yy_n_chars; /* number of characters read into yy_ch_buf */ +int yyleng; + +/* Points to current character in buffer. */ +static char *yy_c_buf_p = (char *) 0; +static int yy_init = 1; /* whether we need to initialize */ +static int yy_start = 0; /* start state number */ + +/* Flag which is used to allow yywrap()'s to do buffer switches + * instead of setting up a fresh yyin. A bit of a hack ... + */ +static int yy_did_buffer_switch_on_eof; + +void yyrestart (FILE *input_file ); +void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); +YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); +void yy_delete_buffer (YY_BUFFER_STATE b ); +void yy_flush_buffer (YY_BUFFER_STATE b ); +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); +void yypop_buffer_state (void ); + +static void yyensure_buffer_stack (void ); +static void yy_load_buffer_state (void ); +static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); + +#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) + +YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); +YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); +YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); + +void *yyalloc (yy_size_t ); +void *yyrealloc (void *,yy_size_t ); +void yyfree (void * ); + +#define yy_new_buffer yy_create_buffer + +#define yy_set_interactive(is_interactive) \ + { \ + if ( ! YY_CURRENT_BUFFER ){ \ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ + } + +#define yy_set_bol(at_bol) \ + { \ + if ( ! YY_CURRENT_BUFFER ){\ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ + } + +#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) + +/* Begin user sect3 */ + +typedef unsigned char YY_CHAR; + +FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; + +typedef int yy_state_type; + +extern int yylineno; + +int yylineno = 1; + +extern char *yytext; +#define yytext_ptr yytext + +static yy_state_type yy_get_previous_state (void ); +static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); +static int yy_get_next_buffer (void ); +static void yy_fatal_error (yyconst char msg[] ); + +/* Done after the current pattern has been matched and before the + * corresponding action - sets up yytext. + */ +#define YY_DO_BEFORE_ACTION \ + (yytext_ptr) = yy_bp; \ + yyleng = (size_t) (yy_cp - yy_bp); \ + (yy_hold_char) = *yy_cp; \ + *yy_cp = '\0'; \ + (yy_c_buf_p) = yy_cp; + +#define YY_NUM_RULES 38 +#define YY_END_OF_BUFFER 39 +/* This struct is not used in this scanner, + but its presence is necessary. */ +struct yy_trans_info + { + flex_int32_t yy_verify; + flex_int32_t yy_nxt; + }; +static yyconst flex_int16_t yy_accept[183] = + { 0, + 0, 0, 39, 37, 33, 34, 25, 25, 37, 37, + 31, 31, 37, 32, 32, 32, 32, 32, 32, 32, + 32, 32, 32, 32, 32, 32, 26, 27, 29, 36, + 30, 31, 0, 0, 32, 32, 32, 32, 32, 32, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, + 32, 7, 32, 32, 32, 32, 35, 31, 28, 32, + 32, 14, 32, 32, 32, 18, 32, 32, 32, 32, + 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, + 32, 32, 32, 32, 32, 32, 32, 32, 4, 32, + 32, 32, 32, 13, 32, 32, 32, 32, 32, 32, + + 32, 17, 32, 32, 32, 32, 32, 32, 32, 32, + 32, 32, 32, 8, 32, 32, 32, 32, 32, 32, + 6, 32, 32, 32, 32, 32, 32, 32, 32, 23, + 32, 32, 9, 32, 32, 2, 19, 32, 32, 32, + 32, 32, 3, 1, 32, 32, 32, 32, 32, 32, + 22, 32, 32, 32, 16, 5, 32, 32, 32, 32, + 32, 32, 32, 32, 32, 32, 21, 32, 32, 24, + 12, 15, 20, 32, 32, 32, 32, 11, 32, 32, + 10, 0 + } ; + +static yyconst flex_int32_t yy_ec[256] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 2, 1, 4, 1, 1, 1, 1, 1, 4, + 4, 5, 1, 4, 6, 7, 8, 9, 10, 10, + 10, 10, 10, 10, 10, 11, 10, 12, 4, 1, + 13, 1, 1, 1, 14, 15, 16, 17, 18, 19, + 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, + 30, 31, 32, 33, 34, 24, 24, 35, 24, 24, + 36, 1, 37, 1, 38, 1, 39, 40, 40, 41, + + 42, 40, 43, 24, 44, 24, 24, 45, 46, 47, + 24, 24, 24, 48, 24, 49, 24, 24, 24, 50, + 24, 51, 4, 4, 4, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1 + } ; + +static yyconst flex_int32_t yy_meta[52] = + { 0, + 1, 1, 1, 1, 1, 2, 1, 1, 3, 3, + 3, 1, 1, 3, 3, 3, 3, 3, 3, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 1, 1, 2, 3, 3, + 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, + 2 + } ; + +static yyconst flex_int16_t yy_base[185] = + { 0, + 0, 0, 214, 215, 215, 215, 215, 207, 205, 206, + 43, 46, 198, 180, 40, 187, 189, 32, 175, 163, + 0, 43, 170, 56, 43, 170, 215, 215, 215, 195, + 215, 54, 0, 188, 0, 171, 179, 165, 169, 168, + 176, 49, 161, 165, 145, 173, 161, 156, 163, 164, + 153, 0, 152, 154, 152, 163, 215, 0, 215, 156, + 158, 0, 154, 156, 59, 0, 151, 158, 149, 132, + 146, 144, 153, 145, 151, 150, 145, 132, 143, 153, + 141, 135, 143, 144, 125, 131, 139, 125, 0, 107, + 121, 122, 132, 0, 135, 117, 121, 130, 120, 114, + + 129, 0, 130, 125, 117, 119, 109, 112, 99, 115, + 103, 117, 101, 0, 106, 105, 111, 81, 115, 101, + 0, 94, 93, 111, 110, 78, 103, 89, 89, 0, + 105, 102, 0, 69, 83, 0, 0, 93, 81, 88, + 42, 90, 0, 0, 86, 92, 65, 86, 79, 88, + 0, 56, 53, 85, 0, 0, 55, 73, 73, 82, + 50, 55, 65, 49, 64, 58, 0, 45, 47, 0, + 0, 0, 0, 40, 51, 39, 36, 0, 33, 36, + 0, 215, 92, 74 + } ; + +static yyconst flex_int16_t yy_def[185] = + { 0, + 182, 1, 182, 182, 182, 182, 182, 182, 182, 182, + 182, 182, 182, 183, 183, 183, 183, 183, 183, 183, + 183, 183, 183, 183, 183, 183, 182, 182, 182, 182, + 182, 182, 184, 182, 183, 183, 183, 183, 183, 183, + 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, + 183, 183, 183, 183, 183, 183, 182, 184, 182, 183, + 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, + 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, + 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, + 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, + + 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, + 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, + 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, + 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, + 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, + 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, + 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, + 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, + 183, 0, 182, 182 + } ; + +static yyconst flex_int16_t yy_nxt[267] = + { 0, + 4, 5, 6, 7, 4, 8, 9, 10, 11, 12, + 12, 13, 4, 14, 15, 16, 17, 18, 19, 20, + 21, 22, 21, 21, 21, 21, 23, 24, 21, 21, + 21, 25, 21, 26, 21, 27, 28, 4, 21, 21, + 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, + 21, 32, 32, 32, 32, 32, 32, 37, 42, 46, + 54, 38, 32, 32, 32, 66, 43, 39, 47, 48, + 50, 51, 85, 152, 52, 55, 58, 181, 180, 179, + 86, 178, 67, 177, 53, 153, 176, 175, 174, 173, + 172, 171, 33, 35, 35, 170, 169, 168, 167, 166, + + 165, 164, 163, 162, 161, 160, 159, 158, 157, 156, + 155, 154, 151, 150, 149, 148, 147, 146, 145, 144, + 143, 142, 141, 140, 139, 138, 137, 136, 135, 134, + 133, 132, 131, 130, 129, 128, 127, 126, 125, 124, + 123, 122, 121, 120, 119, 118, 117, 116, 115, 114, + 113, 112, 111, 110, 109, 108, 107, 106, 105, 104, + 103, 102, 101, 100, 99, 98, 97, 96, 95, 94, + 93, 92, 91, 90, 89, 88, 87, 84, 83, 82, + 81, 80, 79, 78, 77, 76, 75, 74, 73, 72, + 71, 70, 69, 68, 65, 64, 63, 62, 61, 60, + + 59, 57, 56, 49, 45, 44, 41, 40, 36, 34, + 31, 30, 29, 182, 3, 182, 182, 182, 182, 182, + 182, 182, 182, 182, 182, 182, 182, 182, 182, 182, + 182, 182, 182, 182, 182, 182, 182, 182, 182, 182, + 182, 182, 182, 182, 182, 182, 182, 182, 182, 182, + 182, 182, 182, 182, 182, 182, 182, 182, 182, 182, + 182, 182, 182, 182, 182, 182 + } ; + +static yyconst flex_int16_t yy_chk[267] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 11, 11, 11, 12, 12, 12, 15, 18, 22, + 25, 15, 32, 32, 32, 42, 18, 15, 22, 22, + 24, 24, 65, 141, 24, 25, 184, 180, 179, 177, + 65, 176, 42, 175, 24, 141, 174, 169, 168, 166, + 165, 164, 11, 183, 183, 163, 162, 161, 160, 159, + + 158, 157, 154, 153, 152, 150, 149, 148, 147, 146, + 145, 142, 140, 139, 138, 135, 134, 132, 131, 129, + 128, 127, 126, 125, 124, 123, 122, 120, 119, 118, + 117, 116, 115, 113, 112, 111, 110, 109, 108, 107, + 106, 105, 104, 103, 101, 100, 99, 98, 97, 96, + 95, 93, 92, 91, 90, 88, 87, 86, 85, 84, + 83, 82, 81, 80, 79, 78, 77, 76, 75, 74, + 73, 72, 71, 70, 69, 68, 67, 64, 63, 61, + 60, 56, 55, 54, 53, 51, 50, 49, 48, 47, + 46, 45, 44, 43, 41, 40, 39, 38, 37, 36, + + 34, 30, 26, 23, 20, 19, 17, 16, 14, 13, + 10, 9, 8, 3, 182, 182, 182, 182, 182, 182, + 182, 182, 182, 182, 182, 182, 182, 182, 182, 182, + 182, 182, 182, 182, 182, 182, 182, 182, 182, 182, + 182, 182, 182, 182, 182, 182, 182, 182, 182, 182, + 182, 182, 182, 182, 182, 182, 182, 182, 182, 182, + 182, 182, 182, 182, 182, 182 + } ; + +static yy_state_type yy_last_accepting_state; +static char *yy_last_accepting_cpos; + +extern int yy_flex_debug; +int yy_flex_debug = 0; + +/* The intent behind this definition is that it'll catch + * any uses of REJECT which flex missed. + */ +#define REJECT reject_used_but_not_detected +#define yymore() yymore_used_but_not_detected +#define YY_MORE_ADJ 0 +#define YY_RESTORE_YY_MORE_OFFSET +char *yytext; +#line 1 "lex.l" +#line 2 "lex.l" +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: lex.l,v 1.25 2005/06/16 19:58:35 lha Exp $ */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#undef ECHO +#include "symbol.h" +#include "parse.h" +#include "lex.h" +#include "gen_locl.h" + +static unsigned lineno = 1; + +#define YY_NO_UNPUT + +#undef ECHO + +static void handle_comment(int type); + +#line 619 "lex.yy.c" + +#define INITIAL 0 + +#ifndef YY_NO_UNISTD_H +/* Special case for "unistd.h", since it is non-ANSI. We include it way + * down here because we want the user's section 1 to have been scanned first. + * The user has a chance to override it with an option. + */ +#include +#endif + +#ifndef YY_EXTRA_TYPE +#define YY_EXTRA_TYPE void * +#endif + +/* Macros after this point can all be overridden by user definitions in + * section 1. + */ + +#ifndef YY_SKIP_YYWRAP +#ifdef __cplusplus +extern "C" int yywrap (void ); +#else +extern int yywrap (void ); +#endif +#endif + + static void yyunput (int c,char *buf_ptr ); + +#ifndef yytext_ptr +static void yy_flex_strncpy (char *,yyconst char *,int ); +#endif + +#ifdef YY_NEED_STRLEN +static int yy_flex_strlen (yyconst char * ); +#endif + +#ifndef YY_NO_INPUT + +#ifdef __cplusplus +static int yyinput (void ); +#else +static int input (void ); +#endif + +#endif + +/* Amount of stuff to slurp up with each read. */ +#ifndef YY_READ_BUF_SIZE +#define YY_READ_BUF_SIZE 8192 +#endif + +/* Copy whatever the last rule matched to the standard output. */ +#ifndef ECHO +/* This used to be an fputs(), but since the string might contain NUL's, + * we now use fwrite(). + */ +#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) +#endif + +/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, + * is returned in "result". + */ +#ifndef YY_INPUT +#define YY_INPUT(buf,result,max_size) \ + if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + { \ + int c = '*'; \ + size_t n; \ + for ( n = 0; n < max_size && \ + (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ + buf[n] = (char) c; \ + if ( c == '\n' ) \ + buf[n++] = (char) c; \ + if ( c == EOF && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + result = n; \ + } \ + else \ + { \ + errno=0; \ + while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ + { \ + if( errno != EINTR) \ + { \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + break; \ + } \ + errno=0; \ + clearerr(yyin); \ + } \ + }\ +\ + +#endif + +/* No semi-colon after return; correct usage is to write "yyterminate();" - + * we don't want an extra ';' after the "return" because that will cause + * some compilers to complain about unreachable statements. + */ +#ifndef yyterminate +#define yyterminate() return YY_NULL +#endif + +/* Number of entries by which start-condition stack grows. */ +#ifndef YY_START_STACK_INCR +#define YY_START_STACK_INCR 25 +#endif + +/* Report a fatal error. */ +#ifndef YY_FATAL_ERROR +#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) +#endif + +/* end tables serialization structures and prototypes */ + +/* Default declaration of generated scanner - a define so the user can + * easily add parameters. + */ +#ifndef YY_DECL +#define YY_DECL_IS_OURS 1 + +extern int yylex (void); + +#define YY_DECL int yylex (void) +#endif /* !YY_DECL */ + +/* Code executed at the beginning of each rule, after yytext and yyleng + * have been set up. + */ +#ifndef YY_USER_ACTION +#define YY_USER_ACTION +#endif + +/* Code executed at the end of each rule. */ +#ifndef YY_BREAK +#define YY_BREAK break; +#endif + +#define YY_RULE_SETUP \ + YY_USER_ACTION + +/** The main scanner function which does all the work. + */ +YY_DECL +{ + register yy_state_type yy_current_state; + register char *yy_cp, *yy_bp; + register int yy_act; + +#line 64 "lex.l" + +#line 772 "lex.yy.c" + + if ( (yy_init) ) + { + (yy_init) = 0; + +#ifdef YY_USER_INIT + YY_USER_INIT; +#endif + + if ( ! (yy_start) ) + (yy_start) = 1; /* first start state */ + + if ( ! yyin ) + yyin = stdin; + + if ( ! yyout ) + yyout = stdout; + + if ( ! YY_CURRENT_BUFFER ) { + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } + + yy_load_buffer_state( ); + } + + while ( 1 ) /* loops until end-of-file is reached */ + { + yy_cp = (yy_c_buf_p); + + /* Support of yytext. */ + *yy_cp = (yy_hold_char); + + /* yy_bp points to the position in yy_ch_buf of the start of + * the current run. + */ + yy_bp = yy_cp; + + yy_current_state = (yy_start); +yy_match: + do + { + register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 183 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + ++yy_cp; + } + while ( yy_base[yy_current_state] != 215 ); + +yy_find_action: + yy_act = yy_accept[yy_current_state]; + if ( yy_act == 0 ) + { /* have to back up */ + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); + yy_act = yy_accept[yy_current_state]; + } + + YY_DO_BEFORE_ACTION; + +do_action: /* This label is used only to access EOF actions. */ + + switch ( yy_act ) + { /* beginning of action switch */ + case 0: /* must back up */ + /* undo the effects of YY_DO_BEFORE_ACTION */ + *yy_cp = (yy_hold_char); + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); + goto yy_find_action; + +case 1: +YY_RULE_SETUP +#line 65 "lex.l" +{ return INTEGER; } + YY_BREAK +case 2: +YY_RULE_SETUP +#line 66 "lex.l" +{ return BOOLEAN; } + YY_BREAK +case 3: +YY_RULE_SETUP +#line 67 "lex.l" +{ return IMPORTS; } + YY_BREAK +case 4: +YY_RULE_SETUP +#line 68 "lex.l" +{ return FROM; } + YY_BREAK +case 5: +YY_RULE_SETUP +#line 69 "lex.l" +{ return SEQUENCE; } + YY_BREAK +case 6: +YY_RULE_SETUP +#line 70 "lex.l" +{ return CHOICE; } + YY_BREAK +case 7: +YY_RULE_SETUP +#line 71 "lex.l" +{ return OF; } + YY_BREAK +case 8: +YY_RULE_SETUP +#line 72 "lex.l" +{ return OCTET; } + YY_BREAK +case 9: +YY_RULE_SETUP +#line 73 "lex.l" +{ return STRING; } + YY_BREAK +case 10: +YY_RULE_SETUP +#line 74 "lex.l" +{ return GeneralizedTime; } + YY_BREAK +case 11: +YY_RULE_SETUP +#line 75 "lex.l" +{ return GeneralString; } + YY_BREAK +case 12: +YY_RULE_SETUP +#line 76 "lex.l" +{ return UTF8String; } + YY_BREAK +case 13: +YY_RULE_SETUP +#line 77 "lex.l" +{ return NULLTYPE; } + YY_BREAK +case 14: +YY_RULE_SETUP +#line 78 "lex.l" +{ return BIT; } + YY_BREAK +case 15: +YY_RULE_SETUP +#line 79 "lex.l" +{ return APPLICATION; } + YY_BREAK +case 16: +YY_RULE_SETUP +#line 80 "lex.l" +{ return OPTIONAL; } + YY_BREAK +case 17: +YY_RULE_SETUP +#line 81 "lex.l" +{ return TBEGIN; } + YY_BREAK +case 18: +YY_RULE_SETUP +#line 82 "lex.l" +{ return END; } + YY_BREAK +case 19: +YY_RULE_SETUP +#line 83 "lex.l" +{ return DEFAULT; } + YY_BREAK +case 20: +YY_RULE_SETUP +#line 84 "lex.l" +{ return DEFINITIONS; } + YY_BREAK +case 21: +YY_RULE_SETUP +#line 85 "lex.l" +{ return ENUMERATED; } + YY_BREAK +case 22: +YY_RULE_SETUP +#line 86 "lex.l" +{ return EXTERNAL; } + YY_BREAK +case 23: +YY_RULE_SETUP +#line 87 "lex.l" +{ return OBJECT; } + YY_BREAK +case 24: +YY_RULE_SETUP +#line 88 "lex.l" +{ return IDENTIFIER; } + YY_BREAK +case 25: +YY_RULE_SETUP +#line 89 "lex.l" +{ return *yytext; } + YY_BREAK +case 26: +YY_RULE_SETUP +#line 90 "lex.l" +{ return *yytext; } + YY_BREAK +case 27: +YY_RULE_SETUP +#line 91 "lex.l" +{ return *yytext; } + YY_BREAK +case 28: +YY_RULE_SETUP +#line 92 "lex.l" +{ return EEQUAL; } + YY_BREAK +case 29: +YY_RULE_SETUP +#line 93 "lex.l" +{ handle_comment(0); } + YY_BREAK +case 30: +YY_RULE_SETUP +#line 94 "lex.l" +{ handle_comment(1); } + YY_BREAK +case 31: +YY_RULE_SETUP +#line 95 "lex.l" +{ char *e, *y = yytext; + yylval.constant = strtol((const char *)yytext, + &e, 0); + if(e == y) + error_message("malformed constant (%s)", yytext); + else + return CONSTANT; + } + YY_BREAK +case 32: +YY_RULE_SETUP +#line 103 "lex.l" +{ + yylval.name = strdup ((const char *)yytext); + return IDENT; + } + YY_BREAK +case 33: +YY_RULE_SETUP +#line 107 "lex.l" +; + YY_BREAK +case 34: +/* rule 34 can match eol */ +YY_RULE_SETUP +#line 108 "lex.l" +{ ++lineno; } + YY_BREAK +case 35: +YY_RULE_SETUP +#line 109 "lex.l" +{ return DOTDOTDOT; } + YY_BREAK +case 36: +YY_RULE_SETUP +#line 110 "lex.l" +{ return DOTDOT; } + YY_BREAK +case 37: +YY_RULE_SETUP +#line 111 "lex.l" +{ error_message("Ignoring char(%c)\n", *yytext); } + YY_BREAK +case 38: +YY_RULE_SETUP +#line 112 "lex.l" +ECHO; + YY_BREAK +#line 1056 "lex.yy.c" +case YY_STATE_EOF(INITIAL): + yyterminate(); + + case YY_END_OF_BUFFER: + { + /* Amount of text matched not including the EOB char. */ + int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; + + /* Undo the effects of YY_DO_BEFORE_ACTION. */ + *yy_cp = (yy_hold_char); + YY_RESTORE_YY_MORE_OFFSET + + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) + { + /* We're scanning a new file or input source. It's + * possible that this happened because the user + * just pointed yyin at a new source and called + * yylex(). If so, then we have to assure + * consistency between YY_CURRENT_BUFFER and our + * globals. Here is the right place to do so, because + * this is the first action (other than possibly a + * back-up) that will match for the new input source. + */ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; + } + + /* Note that here we test for yy_c_buf_p "<=" to the position + * of the first EOB in the buffer, since yy_c_buf_p will + * already have been incremented past the NUL character + * (since all states make transitions on EOB to the + * end-of-buffer state). Contrast this with the test + * in input(). + */ + if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + { /* This was really a NUL. */ + yy_state_type yy_next_state; + + (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state( ); + + /* Okay, we're now positioned to make the NUL + * transition. We couldn't have + * yy_get_previous_state() go ahead and do it + * for us because it doesn't know how to deal + * with the possibility of jamming (and we don't + * want to build jamming into it because then it + * will run more slowly). + */ + + yy_next_state = yy_try_NUL_trans( yy_current_state ); + + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + + if ( yy_next_state ) + { + /* Consume the NUL. */ + yy_cp = ++(yy_c_buf_p); + yy_current_state = yy_next_state; + goto yy_match; + } + + else + { + yy_cp = (yy_c_buf_p); + goto yy_find_action; + } + } + + else switch ( yy_get_next_buffer( ) ) + { + case EOB_ACT_END_OF_FILE: + { + (yy_did_buffer_switch_on_eof) = 0; + + if ( yywrap( ) ) + { + /* Note: because we've taken care in + * yy_get_next_buffer() to have set up + * yytext, we can now set up + * yy_c_buf_p so that if some total + * hoser (like flex itself) wants to + * call the scanner after we return the + * YY_NULL, it'll still work - another + * YY_NULL will get returned. + */ + (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; + + yy_act = YY_STATE_EOF(YY_START); + goto do_action; + } + + else + { + if ( ! (yy_did_buffer_switch_on_eof) ) + YY_NEW_FILE; + } + break; + } + + case EOB_ACT_CONTINUE_SCAN: + (yy_c_buf_p) = + (yytext_ptr) + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state( ); + + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + goto yy_match; + + case EOB_ACT_LAST_MATCH: + (yy_c_buf_p) = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; + + yy_current_state = yy_get_previous_state( ); + + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + goto yy_find_action; + } + break; + } + + default: + YY_FATAL_ERROR( + "fatal flex scanner internal error--no action found" ); + } /* end of action switch */ + } /* end of scanning one token */ +} /* end of yylex */ + +/* yy_get_next_buffer - try to read in a new buffer + * + * Returns a code representing an action: + * EOB_ACT_LAST_MATCH - + * EOB_ACT_CONTINUE_SCAN - continue scanning from current position + * EOB_ACT_END_OF_FILE - end of file + */ +static int yy_get_next_buffer (void) +{ + register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + register char *source = (yytext_ptr); + register int number_to_move, i; + int ret_val; + + if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) + YY_FATAL_ERROR( + "fatal flex scanner internal error--end of buffer missed" ); + + if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) + { /* Don't try to fill the buffer, so this is an EOF. */ + if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) + { + /* We matched a single character, the EOB, so + * treat this as a final EOF. + */ + return EOB_ACT_END_OF_FILE; + } + + else + { + /* We matched some text prior to the EOB, first + * process it. + */ + return EOB_ACT_LAST_MATCH; + } + } + + /* Try to read more data. */ + + /* First move last chars to start of buffer. */ + number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + + for ( i = 0; i < number_to_move; ++i ) + *(dest++) = *(source++); + + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + /* don't do the read, it's not guaranteed to return an EOF, + * just force an EOF + */ + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; + + else + { + size_t num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) + { /* Not enough room in the buffer - grow it. */ + + /* just a shorter name for the current buffer */ + YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + + int yy_c_buf_p_offset = + (int) ((yy_c_buf_p) - b->yy_ch_buf); + + if ( b->yy_is_our_buffer ) + { + int new_size = b->yy_buf_size * 2; + + if ( new_size <= 0 ) + b->yy_buf_size += b->yy_buf_size / 8; + else + b->yy_buf_size *= 2; + + b->yy_ch_buf = (char *) + /* Include room in for 2 EOB chars. */ + yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); + } + else + /* Can't grow it, we don't own it. */ + b->yy_ch_buf = 0; + + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( + "fatal error - scanner input buffer overflow" ); + + (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; + + num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - + number_to_move - 1; + + } + + if ( num_to_read > YY_READ_BUF_SIZE ) + num_to_read = YY_READ_BUF_SIZE; + + /* Read in more data. */ + YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), + (yy_n_chars), num_to_read ); + + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + if ( (yy_n_chars) == 0 ) + { + if ( number_to_move == YY_MORE_ADJ ) + { + ret_val = EOB_ACT_END_OF_FILE; + yyrestart(yyin ); + } + + else + { + ret_val = EOB_ACT_LAST_MATCH; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = + YY_BUFFER_EOF_PENDING; + } + } + + else + ret_val = EOB_ACT_CONTINUE_SCAN; + + (yy_n_chars) += number_to_move; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; + + (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; + + return ret_val; +} + +/* yy_get_previous_state - get the state just before the EOB char was reached */ + + static yy_state_type yy_get_previous_state (void) +{ + register yy_state_type yy_current_state; + register char *yy_cp; + + yy_current_state = (yy_start); + + for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) + { + register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 183 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + } + + return yy_current_state; +} + +/* yy_try_NUL_trans - try to make a transition on the NUL character + * + * synopsis + * next_state = yy_try_NUL_trans( current_state ); + */ + static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) +{ + register int yy_is_jam; + register char *yy_cp = (yy_c_buf_p); + + register YY_CHAR yy_c = 1; + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 183 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + yy_is_jam = (yy_current_state == 182); + + return yy_is_jam ? 0 : yy_current_state; +} + + static void yyunput (int c, register char * yy_bp ) +{ + register char *yy_cp; + + yy_cp = (yy_c_buf_p); + + /* undo effects of setting up yytext */ + *yy_cp = (yy_hold_char); + + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + { /* need to shift things up to make room */ + /* +2 for EOB chars. */ + register int number_to_move = (yy_n_chars) + 2; + register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; + register char *source = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; + + while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + *--dest = *--source; + + yy_cp += (int) (dest - source); + yy_bp += (int) (dest - source); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + YY_FATAL_ERROR( "flex scanner push-back overflow" ); + } + + *--yy_cp = (char) c; + + (yytext_ptr) = yy_bp; + (yy_hold_char) = *yy_cp; + (yy_c_buf_p) = yy_cp; +} + +#ifndef YY_NO_INPUT +#ifdef __cplusplus + static int yyinput (void) +#else + static int input (void) +#endif + +{ + int c; + + *(yy_c_buf_p) = (yy_hold_char); + + if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) + { + /* yy_c_buf_p now points to the character we want to return. + * If this occurs *before* the EOB characters, then it's a + * valid NUL; if not, then we've hit the end of the buffer. + */ + if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + /* This was really a NUL. */ + *(yy_c_buf_p) = '\0'; + + else + { /* need more input */ + int offset = (yy_c_buf_p) - (yytext_ptr); + ++(yy_c_buf_p); + + switch ( yy_get_next_buffer( ) ) + { + case EOB_ACT_LAST_MATCH: + /* This happens because yy_g_n_b() + * sees that we've accumulated a + * token and flags that we need to + * try matching the token before + * proceeding. But for input(), + * there's no matching to consider. + * So convert the EOB_ACT_LAST_MATCH + * to EOB_ACT_END_OF_FILE. + */ + + /* Reset buffer status. */ + yyrestart(yyin ); + + /*FALLTHROUGH*/ + + case EOB_ACT_END_OF_FILE: + { + if ( yywrap( ) ) + return EOF; + + if ( ! (yy_did_buffer_switch_on_eof) ) + YY_NEW_FILE; +#ifdef __cplusplus + return yyinput(); +#else + return input(); +#endif + } + + case EOB_ACT_CONTINUE_SCAN: + (yy_c_buf_p) = (yytext_ptr) + offset; + break; + } + } + } + + c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ + *(yy_c_buf_p) = '\0'; /* preserve yytext */ + (yy_hold_char) = *++(yy_c_buf_p); + + return c; +} +#endif /* ifndef YY_NO_INPUT */ + +/** Immediately switch to a different input stream. + * @param input_file A readable stream. + * + * @note This function does not reset the start condition to @c INITIAL . + */ + void yyrestart (FILE * input_file ) +{ + + if ( ! YY_CURRENT_BUFFER ){ + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } + + yy_init_buffer(YY_CURRENT_BUFFER,input_file ); + yy_load_buffer_state( ); +} + +/** Switch to a different input buffer. + * @param new_buffer The new input buffer. + * + */ + void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) +{ + + /* TODO. We should be able to replace this entire function body + * with + * yypop_buffer_state(); + * yypush_buffer_state(new_buffer); + */ + yyensure_buffer_stack (); + if ( YY_CURRENT_BUFFER == new_buffer ) + return; + + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + YY_CURRENT_BUFFER_LVALUE = new_buffer; + yy_load_buffer_state( ); + + /* We don't actually know whether we did this switch during + * EOF (yywrap()) processing, but the only time this flag + * is looked at is after yywrap() is called, so it's safe + * to go ahead and always set it. + */ + (yy_did_buffer_switch_on_eof) = 1; +} + +static void yy_load_buffer_state (void) +{ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; + yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; + (yy_hold_char) = *(yy_c_buf_p); +} + +/** Allocate and initialize an input buffer state. + * @param file A readable stream. + * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. + * + * @return the allocated buffer state. + */ + YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) +{ + YY_BUFFER_STATE b; + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_buf_size = size; + + /* yy_ch_buf has to be 2 characters longer than the size given because + * we need to put in 2 end-of-buffer characters. + */ + b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_is_our_buffer = 1; + + yy_init_buffer(b,file ); + + return b; +} + +/** Destroy the buffer. + * @param b a buffer created with yy_create_buffer() + * + */ + void yy_delete_buffer (YY_BUFFER_STATE b ) +{ + + if ( ! b ) + return; + + if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ + YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; + + if ( b->yy_is_our_buffer ) + yyfree((void *) b->yy_ch_buf ); + + yyfree((void *) b ); +} + +#ifndef __cplusplus +extern int isatty (int ); +#endif /* __cplusplus */ + +/* Initializes or reinitializes a buffer. + * This function is sometimes called more than once on the same buffer, + * such as during a yyrestart() or at EOF. + */ + static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) + +{ + int oerrno = errno; + + yy_flush_buffer(b ); + + b->yy_input_file = file; + b->yy_fill_buffer = 1; + + /* If b is the current buffer, then yy_init_buffer was _probably_ + * called from yyrestart() or through yy_get_next_buffer. + * In that case, we don't want to reset the lineno or column. + */ + if (b != YY_CURRENT_BUFFER){ + b->yy_bs_lineno = 1; + b->yy_bs_column = 0; + } + + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; + + errno = oerrno; +} + +/** Discard all buffered characters. On the next scan, YY_INPUT will be called. + * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. + * + */ + void yy_flush_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) + return; + + b->yy_n_chars = 0; + + /* We always need two end-of-buffer characters. The first causes + * a transition to the end-of-buffer state. The second causes + * a jam in that state. + */ + b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; + b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; + + b->yy_buf_pos = &b->yy_ch_buf[0]; + + b->yy_at_bol = 1; + b->yy_buffer_status = YY_BUFFER_NEW; + + if ( b == YY_CURRENT_BUFFER ) + yy_load_buffer_state( ); +} + +/** Pushes the new state onto the stack. The new state becomes + * the current state. This function will allocate the stack + * if necessary. + * @param new_buffer The new state. + * + */ +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) +{ + if (new_buffer == NULL) + return; + + yyensure_buffer_stack(); + + /* This block is copied from yy_switch_to_buffer. */ + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + /* Only push if top exists. Otherwise, replace top. */ + if (YY_CURRENT_BUFFER) + (yy_buffer_stack_top)++; + YY_CURRENT_BUFFER_LVALUE = new_buffer; + + /* copied from yy_switch_to_buffer. */ + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; +} + +/** Removes and deletes the top of the stack, if present. + * The next element becomes the new top. + * + */ +void yypop_buffer_state (void) +{ + if (!YY_CURRENT_BUFFER) + return; + + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + if ((yy_buffer_stack_top) > 0) + --(yy_buffer_stack_top); + + if (YY_CURRENT_BUFFER) { + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; + } +} + +/* Allocates the stack if it does not exist. + * Guarantees space for at least one push. + */ +static void yyensure_buffer_stack (void) +{ + int num_to_alloc; + + if (!(yy_buffer_stack)) { + + /* First allocation is just for 2 elements, since we don't know if this + * scanner will even need a stack. We use 2 instead of 1 to avoid an + * immediate realloc on the next call. + */ + num_to_alloc = 1; + (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc + (num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); + + (yy_buffer_stack_max) = num_to_alloc; + (yy_buffer_stack_top) = 0; + return; + } + + if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ + + /* Increase the buffer to prepare for a possible push. */ + int grow_size = 8 /* arbitrary grow size */; + + num_to_alloc = (yy_buffer_stack_max) + grow_size; + (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc + ((yy_buffer_stack), + num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + /* zero only the new slots.*/ + memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); + (yy_buffer_stack_max) = num_to_alloc; + } +} + +/** Setup the input buffer state to scan directly from a user-specified character buffer. + * @param base the character buffer + * @param size the size in bytes of the character buffer + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) +{ + YY_BUFFER_STATE b; + + if ( size < 2 || + base[size-2] != YY_END_OF_BUFFER_CHAR || + base[size-1] != YY_END_OF_BUFFER_CHAR ) + /* They forgot to leave room for the EOB's. */ + return 0; + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); + + b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ + b->yy_buf_pos = b->yy_ch_buf = base; + b->yy_is_our_buffer = 0; + b->yy_input_file = 0; + b->yy_n_chars = b->yy_buf_size; + b->yy_is_interactive = 0; + b->yy_at_bol = 1; + b->yy_fill_buffer = 0; + b->yy_buffer_status = YY_BUFFER_NEW; + + yy_switch_to_buffer(b ); + + return b; +} + +/** Setup the input buffer state to scan a string. The next call to yylex() will + * scan from a @e copy of @a str. + * @param str a NUL-terminated string to scan + * + * @return the newly allocated buffer state object. + * @note If you want to scan bytes that may contain NUL values, then use + * yy_scan_bytes() instead. + */ +YY_BUFFER_STATE yy_scan_string (yyconst char * yy_str ) +{ + + return yy_scan_bytes(yy_str,strlen(yy_str) ); +} + +/** Setup the input buffer state to scan the given bytes. The next call to yylex() will + * scan from a @e copy of @a bytes. + * @param bytes the byte buffer to scan + * @param len the number of bytes in the buffer pointed to by @a bytes. + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) +{ + YY_BUFFER_STATE b; + char *buf; + yy_size_t n; + int i; + + /* Get memory for full buffer, including space for trailing EOB's. */ + n = len + 2; + buf = (char *) yyalloc(n ); + if ( ! buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); + + for ( i = 0; i < len; ++i ) + buf[i] = bytes[i]; + + buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; + + b = yy_scan_buffer(buf,n ); + if ( ! b ) + YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); + + /* It's okay to grow etc. this buffer, and we should throw it + * away when we're done. + */ + b->yy_is_our_buffer = 1; + + return b; +} + +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif + +static void yy_fatal_error (yyconst char* msg ) +{ + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); +} + +/* Redefine yyless() so it works in section 3 code. */ + +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + yytext[yyleng] = (yy_hold_char); \ + (yy_c_buf_p) = yytext + yyless_macro_arg; \ + (yy_hold_char) = *(yy_c_buf_p); \ + *(yy_c_buf_p) = '\0'; \ + yyleng = yyless_macro_arg; \ + } \ + while ( 0 ) + +/* Accessor methods (get/set functions) to struct members. */ + +/** Get the current line number. + * + */ +int yyget_lineno (void) +{ + + return yylineno; +} + +/** Get the input stream. + * + */ +FILE *yyget_in (void) +{ + return yyin; +} + +/** Get the output stream. + * + */ +FILE *yyget_out (void) +{ + return yyout; +} + +/** Get the length of the current token. + * + */ +int yyget_leng (void) +{ + return yyleng; +} + +/** Get the current token. + * + */ + +char *yyget_text (void) +{ + return yytext; +} + +/** Set the current line number. + * @param line_number + * + */ +void yyset_lineno (int line_number ) +{ + + yylineno = line_number; +} + +/** Set the input stream. This does not discard the current + * input buffer. + * @param in_str A readable stream. + * + * @see yy_switch_to_buffer + */ +void yyset_in (FILE * in_str ) +{ + yyin = in_str ; +} + +void yyset_out (FILE * out_str ) +{ + yyout = out_str ; +} + +int yyget_debug (void) +{ + return yy_flex_debug; +} + +void yyset_debug (int bdebug ) +{ + yy_flex_debug = bdebug ; +} + +/* yylex_destroy is for both reentrant and non-reentrant scanners. */ +int yylex_destroy (void) +{ + + /* Pop the buffer stack, destroying each element. */ + while(YY_CURRENT_BUFFER){ + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + yypop_buffer_state(); + } + + /* Destroy the stack itself. */ + yyfree((yy_buffer_stack) ); + (yy_buffer_stack) = NULL; + + return 0; +} + +/* + * Internal utility routines. + */ + +#ifndef yytext_ptr +static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) +{ + register int i; + for ( i = 0; i < n; ++i ) + s1[i] = s2[i]; +} +#endif + +#ifdef YY_NEED_STRLEN +static int yy_flex_strlen (yyconst char * s ) +{ + register int n; + for ( n = 0; s[n]; ++n ) + ; + + return n; +} +#endif + +void *yyalloc (yy_size_t size ) +{ + return (void *) malloc( size ); +} + +void *yyrealloc (void * ptr, yy_size_t size ) +{ + /* The cast to (char *) in the following accommodates both + * implementations that use char* generic pointers, and those + * that use void* generic pointers. It works with the latter + * because both ANSI C and C++ allow castless assignment from + * any pointer type to void*, and deal with argument conversions + * as though doing an assignment. + */ + return (void *) realloc( (char *) ptr, size ); +} + +void yyfree (void * ptr ) +{ + free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ +} + +#define YYTABLES_NAME "yytables" + +#undef YY_NEW_FILE +#undef YY_FLUSH_BUFFER +#undef yy_set_bol +#undef yy_new_buffer +#undef yy_set_interactive +#undef yytext_ptr +#undef YY_DO_BEFORE_ACTION + +#ifdef YY_DECL_IS_OURS +#undef YY_DECL_IS_OURS +#undef YY_DECL +#endif +#line 112 "lex.l" + + + +#ifndef yywrap /* XXX */ +int +yywrap () +{ + return 1; +} +#endif + +void +error_message (const char *format, ...) +{ + va_list args; + + va_start (args, format); + fprintf (stderr, "%s:%d: ", get_filename(), lineno); + vfprintf (stderr, format, args); + va_end (args); +} + +static void +handle_comment(int type) +{ + int c; + int start_lineno = lineno; + if(type == 0) { + int f = 0; + while((c = input()) != EOF) { + if(f && c == '-') + return; + if(c == '-') { + f = 1; + continue; + } + if(c == '\n') { + lineno++; + return; + } + f = 0; + } + } else { + int level = 1; + int seen_star = 0; + int seen_slash = 0; + while((c = input()) != EOF) { + if(c == '/') { + if(seen_star) { + if(--level == 0) + return; + seen_star = 0; + continue; + } + seen_slash = 1; + continue; + } + if(c == '*') { + if(seen_slash) { + level++; + seen_star = seen_slash = 0; + continue; + } + seen_star = 1; + continue; + } + seen_star = seen_slash = 0; + if(c == '\n') { + lineno++; + continue; + } + } + } + if(c == EOF) + error_message("unterminated comment, possibly started on line %d\n", start_lineno); +} + diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c new file mode 100644 index 0000000000..2f80f32583 --- /dev/null +++ b/source4/heimdal/lib/asn1/parse.c @@ -0,0 +1,1689 @@ +/* A Bison parser, made by GNU Bison 1.875d. */ + +/* Skeleton parser for Yacc-like parsing with Bison, + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. */ + +/* As a special exception, when this file is copied by Bison into a + Bison output file, you may use that output file without restriction. + This special exception was added by the Free Software Foundation + in version 1.24 of Bison. */ + +/* Written by Richard Stallman by simplifying the original so called + ``semantic'' parser. */ + +/* All symbols defined below should begin with yy or YY, to avoid + infringing on user name space. This should be done even for local + variables, as they might otherwise be expanded by user macros. + There are some unavoidable exceptions within include files to + define necessary library symbols; they are noted "INFRINGES ON + USER NAME SPACE" below. */ + +/* Identify Bison output. */ +#define YYBISON 1 + +/* Skeleton name. */ +#define YYSKELETON_NAME "yacc.c" + +/* Pure parsers. */ +#define YYPURE 0 + +/* Using locations. */ +#define YYLSP_NEEDED 0 + + + +/* Tokens. */ +#ifndef YYTOKENTYPE +# define YYTOKENTYPE + /* Put the tokens into the symbol table, so that GDB and other debuggers + know about them. */ + enum yytokentype { + INTEGER = 258, + SEQUENCE = 259, + CHOICE = 260, + OF = 261, + OCTET = 262, + STRING = 263, + GeneralizedTime = 264, + GeneralString = 265, + BIT = 266, + APPLICATION = 267, + OPTIONAL = 268, + EEQUAL = 269, + TBEGIN = 270, + END = 271, + DEFINITIONS = 272, + ENUMERATED = 273, + UTF8String = 274, + NULLTYPE = 275, + EXTERNAL = 276, + DEFAULT = 277, + DOTDOT = 278, + DOTDOTDOT = 279, + BOOLEAN = 280, + IMPORTS = 281, + FROM = 282, + OBJECT = 283, + IDENTIFIER = 284, + IDENT = 285, + CONSTANT = 286 + }; +#endif +#define INTEGER 258 +#define SEQUENCE 259 +#define CHOICE 260 +#define OF 261 +#define OCTET 262 +#define STRING 263 +#define GeneralizedTime 264 +#define GeneralString 265 +#define BIT 266 +#define APPLICATION 267 +#define OPTIONAL 268 +#define EEQUAL 269 +#define TBEGIN 270 +#define END 271 +#define DEFINITIONS 272 +#define ENUMERATED 273 +#define UTF8String 274 +#define NULLTYPE 275 +#define EXTERNAL 276 +#define DEFAULT 277 +#define DOTDOT 278 +#define DOTDOTDOT 279 +#define BOOLEAN 280 +#define IMPORTS 281 +#define FROM 282 +#define OBJECT 283 +#define IDENTIFIER 284 +#define IDENT 285 +#define CONSTANT 286 + + + + +/* Copy the first part of user declarations. */ +#line 36 "parse.y" + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include "symbol.h" +#include "lex.h" +#include "gen_locl.h" + +RCSID("$Id: parse.y,v 1.23 2004/10/13 17:41:48 lha Exp $"); + +static Type *new_type (Typetype t); +void yyerror (char *); + +static void append (Member *l, Member *r); + + + +/* Enabling traces. */ +#ifndef YYDEBUG +# define YYDEBUG 0 +#endif + +/* Enabling verbose error messages. */ +#ifdef YYERROR_VERBOSE +# undef YYERROR_VERBOSE +# define YYERROR_VERBOSE 1 +#else +# define YYERROR_VERBOSE 0 +#endif + +#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) +#line 56 "parse.y" +typedef union YYSTYPE { + int constant; + char *name; + Type *type; + Member *member; + char *defval; +} YYSTYPE; +/* Line 191 of yacc.c. */ +#line 166 "$base.c" +# define yystype YYSTYPE /* obsolescent; will be withdrawn */ +# define YYSTYPE_IS_DECLARED 1 +# define YYSTYPE_IS_TRIVIAL 1 +#endif + + + +/* Copy the second part of user declarations. */ + + +/* Line 214 of yacc.c. */ +#line 178 "$base.c" + +#if ! defined (yyoverflow) || YYERROR_VERBOSE + +# ifndef YYFREE +# define YYFREE free +# endif +# ifndef YYMALLOC +# define YYMALLOC malloc +# endif + +/* The parser invokes alloca or malloc; define the necessary symbols. */ + +# ifdef YYSTACK_USE_ALLOCA +# if YYSTACK_USE_ALLOCA +# define YYSTACK_ALLOC alloca +# endif +# else +# if defined (alloca) || defined (_ALLOCA_H) +# define YYSTACK_ALLOC alloca +# else +# ifdef __GNUC__ +# define YYSTACK_ALLOC __builtin_alloca +# endif +# endif +# endif + +# ifdef YYSTACK_ALLOC + /* Pacify GCC's `empty if-body' warning. */ +# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) +# else +# if defined (__STDC__) || defined (__cplusplus) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +# endif +# define YYSTACK_ALLOC YYMALLOC +# define YYSTACK_FREE YYFREE +# endif +#endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */ + + +#if (! defined (yyoverflow) \ + && (! defined (__cplusplus) \ + || (defined (YYSTYPE_IS_TRIVIAL) && YYSTYPE_IS_TRIVIAL))) + +/* A type that is properly aligned for any stack member. */ +union yyalloc +{ + short int yyss; + YYSTYPE yyvs; + }; + +/* The size of the maximum gap between one aligned stack and the next. */ +# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) + +/* The size of an array large to enough to hold all stacks, each with + N elements. */ +# define YYSTACK_BYTES(N) \ + ((N) * (sizeof (short int) + sizeof (YYSTYPE)) \ + + YYSTACK_GAP_MAXIMUM) + +/* Copy COUNT objects from FROM to TO. The source and destination do + not overlap. */ +# ifndef YYCOPY +# if defined (__GNUC__) && 1 < __GNUC__ +# define YYCOPY(To, From, Count) \ + __builtin_memcpy (To, From, (Count) * sizeof (*(From))) +# else +# define YYCOPY(To, From, Count) \ + do \ + { \ + register YYSIZE_T yyi; \ + for (yyi = 0; yyi < (Count); yyi++) \ + (To)[yyi] = (From)[yyi]; \ + } \ + while (0) +# endif +# endif + +/* Relocate STACK from its old location to the new one. The + local variables YYSIZE and YYSTACKSIZE give the old and new number of + elements in the stack, and YYPTR gives the new location of the + stack. Advance YYPTR to a properly aligned location for the next + stack. */ +# define YYSTACK_RELOCATE(Stack) \ + do \ + { \ + YYSIZE_T yynewbytes; \ + YYCOPY (&yyptr->Stack, Stack, yysize); \ + Stack = &yyptr->Stack; \ + yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ + yyptr += yynewbytes / sizeof (*yyptr); \ + } \ + while (0) + +#endif + +#if defined (__STDC__) || defined (__cplusplus) + typedef signed char yysigned_char; +#else + typedef short int yysigned_char; +#endif + +/* YYFINAL -- State number of the termination state. */ +#define YYFINAL 4 +/* YYLAST -- Last index in YYTABLE. */ +#define YYLAST 107 + +/* YYNTOKENS -- Number of terminals. */ +#define YYNTOKENS 42 +/* YYNNTS -- Number of nonterminals. */ +#define YYNNTS 17 +/* YYNRULES -- Number of rules. */ +#define YYNRULES 48 +/* YYNRULES -- Number of states. */ +#define YYNSTATES 100 + +/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ +#define YYUNDEFTOK 2 +#define YYMAXUTOK 286 + +#define YYTRANSLATE(YYX) \ + ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) + +/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ +static const unsigned char yytranslate[] = +{ + 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 40, 2, 2, 2, 2, 2, + 34, 35, 2, 2, 32, 41, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 33, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 38, 2, 39, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 36, 2, 37, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, + 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, + 25, 26, 27, 28, 29, 30, 31 +}; + +#if YYDEBUG +/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in + YYRHS. */ +static const unsigned char yyprhs[] = +{ + 0, 0, 3, 10, 11, 14, 16, 18, 20, 24, + 26, 32, 36, 41, 43, 50, 55, 58, 63, 66, + 68, 70, 72, 74, 78, 83, 88, 94, 96, 102, + 104, 105, 107, 111, 115, 121, 124, 127, 129, 131, + 134, 139, 140, 142, 146, 150, 155, 157, 160 +}; + +/* YYRHS -- A `-1'-separated list of the rules' RHS. */ +static const yysigned_char yyrhs[] = +{ + 43, 0, -1, 30, 17, 14, 15, 44, 16, -1, + -1, 44, 45, -1, 47, -1, 48, -1, 49, -1, + 30, 32, 46, -1, 30, -1, 26, 46, 27, 30, + 33, -1, 30, 14, 50, -1, 30, 50, 14, 58, + -1, 3, -1, 3, 34, 58, 23, 58, 35, -1, + 3, 36, 56, 37, -1, 28, 29, -1, 18, 36, + 56, 37, -1, 7, 8, -1, 10, -1, 19, -1, + 20, -1, 9, -1, 4, 6, 50, -1, 4, 36, + 51, 37, -1, 5, 36, 51, 37, -1, 11, 8, + 36, 56, 37, -1, 30, -1, 38, 12, 58, 39, + 50, -1, 25, -1, -1, 53, -1, 51, 32, 24, + -1, 51, 32, 53, -1, 30, 38, 58, 39, 50, + -1, 52, 54, -1, 52, 55, -1, 52, -1, 13, + -1, 22, 58, -1, 22, 40, 30, 40, -1, -1, + 57, -1, 56, 32, 24, -1, 56, 32, 57, -1, + 30, 34, 58, 35, -1, 31, -1, 41, 31, -1, + 30, -1 +}; + +/* YYRLINE[YYN] -- source line where rule number YYN was defined. */ +static const unsigned char yyrline[] = +{ + 0, 85, 85, 88, 89, 92, 93, 94, 97, 102, + 109, 113, 122, 131, 132, 140, 145, 146, 151, 152, + 153, 154, 155, 156, 161, 166, 171, 176, 185, 191, + 194, 195, 196, 197, 200, 215, 217, 219, 224, 227, + 229, 233, 234, 235, 236, 239, 252, 253, 254 +}; +#endif + +#if YYDEBUG || YYERROR_VERBOSE +/* YYTNME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. + First, the terminals, then, starting at YYNTOKENS, nonterminals. */ +static const char *const yytname[] = +{ + "$end", "error", "$undefined", "INTEGER", "SEQUENCE", "CHOICE", "OF", + "OCTET", "STRING", "GeneralizedTime", "GeneralString", "BIT", + "APPLICATION", "OPTIONAL", "EEQUAL", "TBEGIN", "END", "DEFINITIONS", + "ENUMERATED", "UTF8String", "NULLTYPE", "EXTERNAL", "DEFAULT", "DOTDOT", + "DOTDOTDOT", "BOOLEAN", "IMPORTS", "FROM", "OBJECT", "IDENTIFIER", + "IDENT", "CONSTANT", "','", "';'", "'('", "')'", "'{'", "'}'", "'['", + "']'", "'\"'", "'-'", "$accept", "envelope", "specification", + "declaration", "referencenames", "imports_decl", "type_decl", + "constant_decl", "type", "memberdecls", "memberdeclstart", "memberdecl", + "optional2", "defvalue", "bitdecls", "bitdecl", "constant", 0 +}; +#endif + +# ifdef YYPRINT +/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to + token YYLEX-NUM. */ +static const unsigned short int yytoknum[] = +{ + 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, + 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, + 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, + 285, 286, 44, 59, 40, 41, 123, 125, 91, 93, + 34, 45 +}; +# endif + +/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ +static const unsigned char yyr1[] = +{ + 0, 42, 43, 44, 44, 45, 45, 45, 46, 46, + 47, 48, 49, 50, 50, 50, 50, 50, 50, 50, + 50, 50, 50, 50, 50, 50, 50, 50, 50, 50, + 51, 51, 51, 51, 52, 53, 53, 53, 54, 55, + 55, 56, 56, 56, 56, 57, 58, 58, 58 +}; + +/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ +static const unsigned char yyr2[] = +{ + 0, 2, 6, 0, 2, 1, 1, 1, 3, 1, + 5, 3, 4, 1, 6, 4, 2, 4, 2, 1, + 1, 1, 1, 3, 4, 4, 5, 1, 5, 1, + 0, 1, 3, 3, 5, 2, 2, 1, 1, 2, + 4, 0, 1, 3, 3, 4, 1, 2, 1 +}; + +/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state + STATE-NUM when YYTABLE doesn't specify something else to do. Zero + means the default is an error. */ +static const unsigned char yydefact[] = +{ + 0, 0, 0, 0, 1, 0, 3, 0, 2, 0, + 0, 4, 5, 6, 7, 9, 0, 13, 0, 0, + 0, 22, 19, 0, 0, 0, 20, 21, 29, 0, + 27, 0, 0, 0, 0, 0, 41, 0, 30, 30, + 18, 0, 11, 41, 16, 0, 0, 8, 0, 48, + 46, 0, 0, 0, 0, 42, 23, 0, 0, 37, + 31, 0, 41, 0, 0, 12, 10, 47, 0, 0, + 0, 15, 0, 0, 24, 38, 0, 35, 36, 25, + 0, 17, 0, 0, 0, 43, 44, 0, 32, 33, + 0, 39, 26, 28, 14, 45, 0, 0, 34, 40 +}; + +/* YYDEFGOTO[NTERM-NUM]. */ +static const yysigned_char yydefgoto[] = +{ + -1, 2, 7, 11, 16, 12, 13, 14, 32, 58, + 59, 60, 77, 78, 54, 55, 52 +}; + +/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing + STATE-NUM. */ +#define YYPACT_NINF -38 +static const yysigned_char yypact[] = +{ + -26, 12, 22, 16, -38, 32, -38, 5, -38, 20, + -2, -38, -38, -38, -38, 27, 41, 42, 13, 45, + 69, -38, -38, 71, 35, 46, -38, -38, -38, 54, + -38, 72, 73, 20, 55, 26, 56, 35, 58, 58, + -38, 53, -38, 56, -38, 26, 26, -38, 57, -38, + -38, 60, 70, 61, -5, -38, -38, 59, 11, 2, + -38, 34, 56, 37, 62, -38, -38, -38, 26, 26, + -10, -38, 26, 40, -38, -38, 21, -38, -38, -38, + 43, -38, 35, 63, 64, -38, -38, 65, -38, -38, + 66, -38, -38, -38, -38, -38, 35, 52, -38, -38 +}; + +/* YYPGOTO[NTERM-NUM]. */ +static const yysigned_char yypgoto[] = +{ + -38, -38, -38, -38, 67, -38, -38, -38, -24, 68, + -38, 29, -38, -38, -37, 24, -35 +}; + +/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If + positive, shift that token. If negative, reduce the rule which + number is the opposite. If zero, do what YYDEFACT says. + If YYTABLE_NINF, syntax error. */ +#define YYTABLE_NINF -1 +static const unsigned char yytable[] = +{ + 42, 17, 18, 19, 1, 20, 63, 21, 22, 23, + 64, 65, 24, 56, 85, 75, 25, 26, 27, 37, + 53, 8, 4, 28, 76, 80, 29, 70, 30, 3, + 5, 9, 71, 83, 84, 10, 31, 87, 17, 18, + 19, 91, 20, 73, 21, 22, 23, 6, 74, 38, + 15, 49, 50, 25, 26, 27, 49, 50, 93, 33, + 28, 90, 51, 29, 88, 30, 73, 51, 34, 70, + 57, 79, 98, 31, 81, 70, 35, 40, 36, 41, + 92, 39, 43, 44, 45, 48, 53, 46, 57, 62, + 66, 67, 99, 68, 86, 69, 97, 72, 94, 95, + 47, 82, 89, 0, 96, 0, 0, 61 +}; + +static const yysigned_char yycheck[] = +{ + 24, 3, 4, 5, 30, 7, 43, 9, 10, 11, + 45, 46, 14, 37, 24, 13, 18, 19, 20, 6, + 30, 16, 0, 25, 22, 62, 28, 32, 30, 17, + 14, 26, 37, 68, 69, 30, 38, 72, 3, 4, + 5, 76, 7, 32, 9, 10, 11, 15, 37, 36, + 30, 30, 31, 18, 19, 20, 30, 31, 82, 32, + 25, 40, 41, 28, 24, 30, 32, 41, 27, 32, + 30, 37, 96, 38, 37, 32, 34, 8, 36, 8, + 37, 36, 36, 29, 12, 30, 30, 14, 30, 36, + 33, 31, 40, 23, 70, 34, 30, 38, 35, 35, + 33, 39, 73, -1, 39, -1, -1, 39 +}; + +/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing + symbol of state STATE-NUM. */ +static const unsigned char yystos[] = +{ + 0, 30, 43, 17, 0, 14, 15, 44, 16, 26, + 30, 45, 47, 48, 49, 30, 46, 3, 4, 5, + 7, 9, 10, 11, 14, 18, 19, 20, 25, 28, + 30, 38, 50, 32, 27, 34, 36, 6, 36, 36, + 8, 8, 50, 36, 29, 12, 14, 46, 30, 30, + 31, 41, 58, 30, 56, 57, 50, 30, 51, 52, + 53, 51, 36, 56, 58, 58, 33, 31, 23, 34, + 32, 37, 38, 32, 37, 13, 22, 54, 55, 37, + 56, 37, 39, 58, 58, 24, 57, 58, 24, 53, + 40, 58, 37, 50, 35, 35, 39, 30, 50, 40 +}; + +#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) +# define YYSIZE_T __SIZE_TYPE__ +#endif +#if ! defined (YYSIZE_T) && defined (size_t) +# define YYSIZE_T size_t +#endif +#if ! defined (YYSIZE_T) +# if defined (__STDC__) || defined (__cplusplus) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +# endif +#endif +#if ! defined (YYSIZE_T) +# define YYSIZE_T unsigned int +#endif + +#define yyerrok (yyerrstatus = 0) +#define yyclearin (yychar = YYEMPTY) +#define YYEMPTY (-2) +#define YYEOF 0 + +#define YYACCEPT goto yyacceptlab +#define YYABORT goto yyabortlab +#define YYERROR goto yyerrorlab + + +/* Like YYERROR except do call yyerror. This remains here temporarily + to ease the transition to the new meaning of YYERROR, for GCC. + Once GCC version 2 has supplanted version 1, this can go. */ + +#define YYFAIL goto yyerrlab + +#define YYRECOVERING() (!!yyerrstatus) + +#define YYBACKUP(Token, Value) \ +do \ + if (yychar == YYEMPTY && yylen == 1) \ + { \ + yychar = (Token); \ + yylval = (Value); \ + yytoken = YYTRANSLATE (yychar); \ + YYPOPSTACK; \ + goto yybackup; \ + } \ + else \ + { \ + yyerror ("syntax error: cannot back up");\ + YYERROR; \ + } \ +while (0) + +#define YYTERROR 1 +#define YYERRCODE 256 + +/* YYLLOC_DEFAULT -- Compute the default location (before the actions + are run). */ + +#ifndef YYLLOC_DEFAULT +# define YYLLOC_DEFAULT(Current, Rhs, N) \ + ((Current).first_line = (Rhs)[1].first_line, \ + (Current).first_column = (Rhs)[1].first_column, \ + (Current).last_line = (Rhs)[N].last_line, \ + (Current).last_column = (Rhs)[N].last_column) +#endif + +/* YYLEX -- calling `yylex' with the right arguments. */ + +#ifdef YYLEX_PARAM +# define YYLEX yylex (YYLEX_PARAM) +#else +# define YYLEX yylex () +#endif + +/* Enable debugging if requested. */ +#if YYDEBUG + +# ifndef YYFPRINTF +# include /* INFRINGES ON USER NAME SPACE */ +# define YYFPRINTF fprintf +# endif + +# define YYDPRINTF(Args) \ +do { \ + if (yydebug) \ + YYFPRINTF Args; \ +} while (0) + +# define YYDSYMPRINT(Args) \ +do { \ + if (yydebug) \ + yysymprint Args; \ +} while (0) + +# define YYDSYMPRINTF(Title, Token, Value, Location) \ +do { \ + if (yydebug) \ + { \ + YYFPRINTF (stderr, "%s ", Title); \ + yysymprint (stderr, \ + Token, Value); \ + YYFPRINTF (stderr, "\n"); \ + } \ +} while (0) + +/*------------------------------------------------------------------. +| yy_stack_print -- Print the state stack from its BOTTOM up to its | +| TOP (included). | +`------------------------------------------------------------------*/ + +#if defined (__STDC__) || defined (__cplusplus) +static void +yy_stack_print (short int *bottom, short int *top) +#else +static void +yy_stack_print (bottom, top) + short int *bottom; + short int *top; +#endif +{ + YYFPRINTF (stderr, "Stack now"); + for (/* Nothing. */; bottom <= top; ++bottom) + YYFPRINTF (stderr, " %d", *bottom); + YYFPRINTF (stderr, "\n"); +} + +# define YY_STACK_PRINT(Bottom, Top) \ +do { \ + if (yydebug) \ + yy_stack_print ((Bottom), (Top)); \ +} while (0) + + +/*------------------------------------------------. +| Report that the YYRULE is going to be reduced. | +`------------------------------------------------*/ + +#if defined (__STDC__) || defined (__cplusplus) +static void +yy_reduce_print (int yyrule) +#else +static void +yy_reduce_print (yyrule) + int yyrule; +#endif +{ + int yyi; + unsigned int yylno = yyrline[yyrule]; + YYFPRINTF (stderr, "Reducing stack by rule %d (line %u), ", + yyrule - 1, yylno); + /* Print the symbols being reduced, and their result. */ + for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++) + YYFPRINTF (stderr, "%s ", yytname [yyrhs[yyi]]); + YYFPRINTF (stderr, "-> %s\n", yytname [yyr1[yyrule]]); +} + +# define YY_REDUCE_PRINT(Rule) \ +do { \ + if (yydebug) \ + yy_reduce_print (Rule); \ +} while (0) + +/* Nonzero means print parse trace. It is left uninitialized so that + multiple parsers can coexist. */ +int yydebug; +#else /* !YYDEBUG */ +# define YYDPRINTF(Args) +# define YYDSYMPRINT(Args) +# define YYDSYMPRINTF(Title, Token, Value, Location) +# define YY_STACK_PRINT(Bottom, Top) +# define YY_REDUCE_PRINT(Rule) +#endif /* !YYDEBUG */ + + +/* YYINITDEPTH -- initial size of the parser's stacks. */ +#ifndef YYINITDEPTH +# define YYINITDEPTH 200 +#endif + +/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only + if the built-in stack extension method is used). + + Do not make this value too large; the results are undefined if + SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH) + evaluated with infinite-precision integer arithmetic. */ + +#if defined (YYMAXDEPTH) && YYMAXDEPTH == 0 +# undef YYMAXDEPTH +#endif + +#ifndef YYMAXDEPTH +# define YYMAXDEPTH 10000 +#endif + + + +#if YYERROR_VERBOSE + +# ifndef yystrlen +# if defined (__GLIBC__) && defined (_STRING_H) +# define yystrlen strlen +# else +/* Return the length of YYSTR. */ +static YYSIZE_T +# if defined (__STDC__) || defined (__cplusplus) +yystrlen (const char *yystr) +# else +yystrlen (yystr) + const char *yystr; +# endif +{ + register const char *yys = yystr; + + while (*yys++ != '\0') + continue; + + return yys - yystr - 1; +} +# endif +# endif + +# ifndef yystpcpy +# if defined (__GLIBC__) && defined (_STRING_H) && defined (_GNU_SOURCE) +# define yystpcpy stpcpy +# else +/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in + YYDEST. */ +static char * +# if defined (__STDC__) || defined (__cplusplus) +yystpcpy (char *yydest, const char *yysrc) +# else +yystpcpy (yydest, yysrc) + char *yydest; + const char *yysrc; +# endif +{ + register char *yyd = yydest; + register const char *yys = yysrc; + + while ((*yyd++ = *yys++) != '\0') + continue; + + return yyd - 1; +} +# endif +# endif + +#endif /* !YYERROR_VERBOSE */ + + + +#if YYDEBUG +/*--------------------------------. +| Print this symbol on YYOUTPUT. | +`--------------------------------*/ + +#if defined (__STDC__) || defined (__cplusplus) +static void +yysymprint (FILE *yyoutput, int yytype, YYSTYPE *yyvaluep) +#else +static void +yysymprint (yyoutput, yytype, yyvaluep) + FILE *yyoutput; + int yytype; + YYSTYPE *yyvaluep; +#endif +{ + /* Pacify ``unused variable'' warnings. */ + (void) yyvaluep; + + if (yytype < YYNTOKENS) + { + YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); +# ifdef YYPRINT + YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); +# endif + } + else + YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + + switch (yytype) + { + default: + break; + } + YYFPRINTF (yyoutput, ")"); +} + +#endif /* ! YYDEBUG */ +/*-----------------------------------------------. +| Release the memory associated to this symbol. | +`-----------------------------------------------*/ + +#if defined (__STDC__) || defined (__cplusplus) +static void +yydestruct (int yytype, YYSTYPE *yyvaluep) +#else +static void +yydestruct (yytype, yyvaluep) + int yytype; + YYSTYPE *yyvaluep; +#endif +{ + /* Pacify ``unused variable'' warnings. */ + (void) yyvaluep; + + switch (yytype) + { + + default: + break; + } +} + + +/* Prevent warnings from -Wmissing-prototypes. */ + +#ifdef YYPARSE_PARAM +# if defined (__STDC__) || defined (__cplusplus) +int yyparse (void *YYPARSE_PARAM); +# else +int yyparse (); +# endif +#else /* ! YYPARSE_PARAM */ +#if defined (__STDC__) || defined (__cplusplus) +int yyparse (void); +#else +int yyparse (); +#endif +#endif /* ! YYPARSE_PARAM */ + + + +/* The lookahead symbol. */ +int yychar; + +/* The semantic value of the lookahead symbol. */ +YYSTYPE yylval; + +/* Number of syntax errors so far. */ +int yynerrs; + + + +/*----------. +| yyparse. | +`----------*/ + +#ifdef YYPARSE_PARAM +# if defined (__STDC__) || defined (__cplusplus) +int yyparse (void *YYPARSE_PARAM) +# else +int yyparse (YYPARSE_PARAM) + void *YYPARSE_PARAM; +# endif +#else /* ! YYPARSE_PARAM */ +#if defined (__STDC__) || defined (__cplusplus) +int +yyparse (void) +#else +int +yyparse () + +#endif +#endif +{ + + register int yystate; + register int yyn; + int yyresult; + /* Number of tokens to shift before error messages enabled. */ + int yyerrstatus; + /* Lookahead token as an internal (translated) token number. */ + int yytoken = 0; + + /* Three stacks and their tools: + `yyss': related to states, + `yyvs': related to semantic values, + `yyls': related to locations. + + Refer to the stacks thru separate pointers, to allow yyoverflow + to reallocate them elsewhere. */ + + /* The state stack. */ + short int yyssa[YYINITDEPTH]; + short int *yyss = yyssa; + register short int *yyssp; + + /* The semantic value stack. */ + YYSTYPE yyvsa[YYINITDEPTH]; + YYSTYPE *yyvs = yyvsa; + register YYSTYPE *yyvsp; + + + +#define YYPOPSTACK (yyvsp--, yyssp--) + + YYSIZE_T yystacksize = YYINITDEPTH; + + /* The variables used to return semantic value and location from the + action routines. */ + YYSTYPE yyval; + + + /* When reducing, the number of symbols on the RHS of the reduced + rule. */ + int yylen; + + YYDPRINTF ((stderr, "Starting parse\n")); + + yystate = 0; + yyerrstatus = 0; + yynerrs = 0; + yychar = YYEMPTY; /* Cause a token to be read. */ + + /* Initialize stack pointers. + Waste one element of value and location stack + so that they stay on the same level as the state stack. + The wasted elements are never initialized. */ + + yyssp = yyss; + yyvsp = yyvs; + + + goto yysetstate; + +/*------------------------------------------------------------. +| yynewstate -- Push a new state, which is found in yystate. | +`------------------------------------------------------------*/ + yynewstate: + /* In all cases, when you get here, the value and location stacks + have just been pushed. so pushing a state here evens the stacks. + */ + yyssp++; + + yysetstate: + *yyssp = yystate; + + if (yyss + yystacksize - 1 <= yyssp) + { + /* Get the current used size of the three stacks, in elements. */ + YYSIZE_T yysize = yyssp - yyss + 1; + +#ifdef yyoverflow + { + /* Give user a chance to reallocate the stack. Use copies of + these so that the &'s don't force the real ones into + memory. */ + YYSTYPE *yyvs1 = yyvs; + short int *yyss1 = yyss; + + + /* Each stack pointer address is followed by the size of the + data in use in that stack, in bytes. This used to be a + conditional around just the two extra args, but that might + be undefined if yyoverflow is a macro. */ + yyoverflow ("parser stack overflow", + &yyss1, yysize * sizeof (*yyssp), + &yyvs1, yysize * sizeof (*yyvsp), + + &yystacksize); + + yyss = yyss1; + yyvs = yyvs1; + } +#else /* no yyoverflow */ +# ifndef YYSTACK_RELOCATE + goto yyoverflowlab; +# else + /* Extend the stack our own way. */ + if (YYMAXDEPTH <= yystacksize) + goto yyoverflowlab; + yystacksize *= 2; + if (YYMAXDEPTH < yystacksize) + yystacksize = YYMAXDEPTH; + + { + short int *yyss1 = yyss; + union yyalloc *yyptr = + (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); + if (! yyptr) + goto yyoverflowlab; + YYSTACK_RELOCATE (yyss); + YYSTACK_RELOCATE (yyvs); + +# undef YYSTACK_RELOCATE + if (yyss1 != yyssa) + YYSTACK_FREE (yyss1); + } +# endif +#endif /* no yyoverflow */ + + yyssp = yyss + yysize - 1; + yyvsp = yyvs + yysize - 1; + + + YYDPRINTF ((stderr, "Stack size increased to %lu\n", + (unsigned long int) yystacksize)); + + if (yyss + yystacksize - 1 <= yyssp) + YYABORT; + } + + YYDPRINTF ((stderr, "Entering state %d\n", yystate)); + + goto yybackup; + +/*-----------. +| yybackup. | +`-----------*/ +yybackup: + +/* Do appropriate processing given the current state. */ +/* Read a lookahead token if we need one and don't already have one. */ +/* yyresume: */ + + /* First try to decide what to do without reference to lookahead token. */ + + yyn = yypact[yystate]; + if (yyn == YYPACT_NINF) + goto yydefault; + + /* Not known => get a lookahead token if don't already have one. */ + + /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ + if (yychar == YYEMPTY) + { + YYDPRINTF ((stderr, "Reading a token: ")); + yychar = YYLEX; + } + + if (yychar <= YYEOF) + { + yychar = yytoken = YYEOF; + YYDPRINTF ((stderr, "Now at end of input.\n")); + } + else + { + yytoken = YYTRANSLATE (yychar); + YYDSYMPRINTF ("Next token is", yytoken, &yylval, &yylloc); + } + + /* If the proper action on seeing token YYTOKEN is to reduce or to + detect an error, take that action. */ + yyn += yytoken; + if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) + goto yydefault; + yyn = yytable[yyn]; + if (yyn <= 0) + { + if (yyn == 0 || yyn == YYTABLE_NINF) + goto yyerrlab; + yyn = -yyn; + goto yyreduce; + } + + if (yyn == YYFINAL) + YYACCEPT; + + /* Shift the lookahead token. */ + YYDPRINTF ((stderr, "Shifting token %s, ", yytname[yytoken])); + + /* Discard the token being shifted unless it is eof. */ + if (yychar != YYEOF) + yychar = YYEMPTY; + + *++yyvsp = yylval; + + + /* Count tokens shifted since error; after three, turn off error + status. */ + if (yyerrstatus) + yyerrstatus--; + + yystate = yyn; + goto yynewstate; + + +/*-----------------------------------------------------------. +| yydefault -- do the default action for the current state. | +`-----------------------------------------------------------*/ +yydefault: + yyn = yydefact[yystate]; + if (yyn == 0) + goto yyerrlab; + goto yyreduce; + + +/*-----------------------------. +| yyreduce -- Do a reduction. | +`-----------------------------*/ +yyreduce: + /* yyn is the number of a rule to reduce with. */ + yylen = yyr2[yyn]; + + /* If YYLEN is nonzero, implement the default value of the action: + `$$ = $1'. + + Otherwise, the following line sets YYVAL to garbage. + This behavior is undocumented and Bison + users should not rely upon it. Assigning to YYVAL + unconditionally makes the parser a bit smaller, and it avoids a + GCC warning that YYVAL may be used uninitialized. */ + yyval = yyvsp[1-yylen]; + + + YY_REDUCE_PRINT (yyn); + switch (yyn) + { + case 2: +#line 85 "parse.y" + {} + break; + + case 8: +#line 98 "parse.y" + { + Symbol *s = addsym(yyvsp[-2].name); + s->stype = Stype; + } + break; + + case 9: +#line 103 "parse.y" + { + Symbol *s = addsym(yyvsp[0].name); + s->stype = Stype; + } + break; + + case 10: +#line 110 "parse.y" + { add_import(yyvsp[-1].name); } + break; + + case 11: +#line 114 "parse.y" + { + Symbol *s = addsym (yyvsp[-2].name); + s->stype = Stype; + s->type = yyvsp[0].type; + generate_type (s); + } + break; + + case 12: +#line 123 "parse.y" + { + Symbol *s = addsym (yyvsp[-3].name); + s->stype = SConstant; + s->constant = yyvsp[0].constant; + generate_constant (s); + } + break; + + case 13: +#line 131 "parse.y" + { yyval.type = new_type(TInteger); } + break; + + case 14: +#line 132 "parse.y" + { + if(yyvsp[-3].constant != 0) + error_message("Only 0 supported as low range"); + if(yyvsp[-1].constant != INT_MIN && yyvsp[-1].constant != UINT_MAX && yyvsp[-1].constant != INT_MAX) + error_message("Only %u supported as high range", + UINT_MAX); + yyval.type = new_type(TUInteger); + } + break; + + case 15: +#line 141 "parse.y" + { + yyval.type = new_type(TInteger); + yyval.type->members = yyvsp[-1].member; + } + break; + + case 16: +#line 145 "parse.y" + { yyval.type = new_type(TOID); } + break; + + case 17: +#line 147 "parse.y" + { + yyval.type = new_type(TEnumerated); + yyval.type->members = yyvsp[-1].member; + } + break; + + case 18: +#line 151 "parse.y" + { yyval.type = new_type(TOctetString); } + break; + + case 19: +#line 152 "parse.y" + { yyval.type = new_type(TGeneralString); } + break; + + case 20: +#line 153 "parse.y" + { yyval.type = new_type(TUTF8String); } + break; + + case 21: +#line 154 "parse.y" + { yyval.type = new_type(TNull); } + break; + + case 22: +#line 155 "parse.y" + { yyval.type = new_type(TGeneralizedTime); } + break; + + case 23: +#line 157 "parse.y" + { + yyval.type = new_type(TSequenceOf); + yyval.type->subtype = yyvsp[0].type; + } + break; + + case 24: +#line 162 "parse.y" + { + yyval.type = new_type(TSequence); + yyval.type->members = yyvsp[-1].member; + } + break; + + case 25: +#line 167 "parse.y" + { + yyval.type = new_type(TChoice); + yyval.type->members = yyvsp[-1].member; + } + break; + + case 26: +#line 172 "parse.y" + { + yyval.type = new_type(TBitString); + yyval.type->members = yyvsp[-1].member; + } + break; + + case 27: +#line 177 "parse.y" + { + Symbol *s = addsym(yyvsp[0].name); + yyval.type = new_type(TType); + if(s->stype != Stype) + error_message ("%s is not a type\n", yyvsp[0].name); + else + yyval.type->symbol = s; + } + break; + + case 28: +#line 186 "parse.y" + { + yyval.type = new_type(TApplication); + yyval.type->subtype = yyvsp[0].type; + yyval.type->application = yyvsp[-2].constant; + } + break; + + case 29: +#line 191 "parse.y" + { yyval.type = new_type(TBoolean); } + break; + + case 30: +#line 194 "parse.y" + { yyval.member = NULL; } + break; + + case 31: +#line 195 "parse.y" + { yyval.member = yyvsp[0].member; } + break; + + case 32: +#line 196 "parse.y" + { yyval.member = yyvsp[-2].member; } + break; + + case 33: +#line 197 "parse.y" + { yyval.member = yyvsp[-2].member; append(yyval.member, yyvsp[0].member); } + break; + + case 34: +#line 201 "parse.y" + { + yyval.member = malloc(sizeof(*yyval.member)); + yyval.member->name = yyvsp[-4].name; + yyval.member->gen_name = strdup(yyvsp[-4].name); + output_name (yyval.member->gen_name); + yyval.member->val = yyvsp[-2].constant; + yyval.member->optional = 0; + yyval.member->defval = NULL; + yyval.member->type = yyvsp[0].type; + yyval.member->next = yyval.member->prev = yyval.member; + } + break; + + case 35: +#line 216 "parse.y" + { yyvsp[-1].member->optional = yyvsp[0].constant ; yyval.member = yyvsp[-1].member; } + break; + + case 36: +#line 218 "parse.y" + { yyvsp[-1].member->defval = yyvsp[0].defval ; yyval.member = yyvsp[-1].member; } + break; + + case 37: +#line 220 "parse.y" + { yyval.member = yyvsp[0].member; } + break; + + case 38: +#line 224 "parse.y" + { yyval.constant = 1; } + break; + + case 39: +#line 228 "parse.y" + { asprintf(&yyval.defval, "%d", yyvsp[0].constant); } + break; + + case 40: +#line 230 "parse.y" + { yyval.defval = strdup (yyvsp[-1].name); } + break; + + case 41: +#line 233 "parse.y" + { yyval.member = NULL; } + break; + + case 42: +#line 234 "parse.y" + { yyval.member = yyvsp[0].member; } + break; + + case 43: +#line 235 "parse.y" + { yyval.member = yyvsp[-2].member; } + break; + + case 44: +#line 236 "parse.y" + { yyval.member = yyvsp[-2].member; append(yyval.member, yyvsp[0].member); } + break; + + case 45: +#line 240 "parse.y" + { + yyval.member = malloc(sizeof(*yyval.member)); + yyval.member->name = yyvsp[-3].name; + yyval.member->gen_name = strdup(yyvsp[-3].name); + output_name (yyval.member->gen_name); + yyval.member->val = yyvsp[-1].constant; + yyval.member->optional = 0; + yyval.member->type = NULL; + yyval.member->prev = yyval.member->next = yyval.member; + } + break; + + case 46: +#line 252 "parse.y" + { yyval.constant = yyvsp[0].constant; } + break; + + case 47: +#line 253 "parse.y" + { yyval.constant = -yyvsp[0].constant; } + break; + + case 48: +#line 254 "parse.y" + { + Symbol *s = addsym(yyvsp[0].name); + if(s->stype != SConstant) + error_message ("%s is not a constant\n", + s->name); + else + yyval.constant = s->constant; + } + break; + + + } + +/* Line 1010 of yacc.c. */ +#line 1431 "$base.c" + + yyvsp -= yylen; + yyssp -= yylen; + + + YY_STACK_PRINT (yyss, yyssp); + + *++yyvsp = yyval; + + + /* Now `shift' the result of the reduction. Determine what state + that goes to, based on the state we popped back to and the rule + number reduced by. */ + + yyn = yyr1[yyn]; + + yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; + if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) + yystate = yytable[yystate]; + else + yystate = yydefgoto[yyn - YYNTOKENS]; + + goto yynewstate; + + +/*------------------------------------. +| yyerrlab -- here on detecting error | +`------------------------------------*/ +yyerrlab: + /* If not already recovering from an error, report this error. */ + if (!yyerrstatus) + { + ++yynerrs; +#if YYERROR_VERBOSE + yyn = yypact[yystate]; + + if (YYPACT_NINF < yyn && yyn < YYLAST) + { + YYSIZE_T yysize = 0; + int yytype = YYTRANSLATE (yychar); + const char* yyprefix; + char *yymsg; + int yyx; + + /* Start YYX at -YYN if negative to avoid negative indexes in + YYCHECK. */ + int yyxbegin = yyn < 0 ? -yyn : 0; + + /* Stay within bounds of both yycheck and yytname. */ + int yychecklim = YYLAST - yyn; + int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; + int yycount = 0; + + yyprefix = ", expecting "; + for (yyx = yyxbegin; yyx < yyxend; ++yyx) + if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) + { + yysize += yystrlen (yyprefix) + yystrlen (yytname [yyx]); + yycount += 1; + if (yycount == 5) + { + yysize = 0; + break; + } + } + yysize += (sizeof ("syntax error, unexpected ") + + yystrlen (yytname[yytype])); + yymsg = (char *) YYSTACK_ALLOC (yysize); + if (yymsg != 0) + { + char *yyp = yystpcpy (yymsg, "syntax error, unexpected "); + yyp = yystpcpy (yyp, yytname[yytype]); + + if (yycount < 5) + { + yyprefix = ", expecting "; + for (yyx = yyxbegin; yyx < yyxend; ++yyx) + if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) + { + yyp = yystpcpy (yyp, yyprefix); + yyp = yystpcpy (yyp, yytname[yyx]); + yyprefix = " or "; + } + } + yyerror (yymsg); + YYSTACK_FREE (yymsg); + } + else + yyerror ("syntax error; also virtual memory exhausted"); + } + else +#endif /* YYERROR_VERBOSE */ + yyerror ("syntax error"); + } + + + + if (yyerrstatus == 3) + { + /* If just tried and failed to reuse lookahead token after an + error, discard it. */ + + if (yychar <= YYEOF) + { + /* If at end of input, pop the error token, + then the rest of the stack, then return failure. */ + if (yychar == YYEOF) + for (;;) + { + YYPOPSTACK; + if (yyssp == yyss) + YYABORT; + YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp); + yydestruct (yystos[*yyssp], yyvsp); + } + } + else + { + YYDSYMPRINTF ("Error: discarding", yytoken, &yylval, &yylloc); + yydestruct (yytoken, &yylval); + yychar = YYEMPTY; + + } + } + + /* Else will try to reuse lookahead token after shifting the error + token. */ + goto yyerrlab1; + + +/*---------------------------------------------------. +| yyerrorlab -- error raised explicitly by YYERROR. | +`---------------------------------------------------*/ +yyerrorlab: + +#ifdef __GNUC__ + /* Pacify GCC when the user code never invokes YYERROR and the label + yyerrorlab therefore never appears in user code. */ + if (0) + goto yyerrorlab; +#endif + + yyvsp -= yylen; + yyssp -= yylen; + yystate = *yyssp; + goto yyerrlab1; + + +/*-------------------------------------------------------------. +| yyerrlab1 -- common code for both syntax error and YYERROR. | +`-------------------------------------------------------------*/ +yyerrlab1: + yyerrstatus = 3; /* Each real token shifted decrements this. */ + + for (;;) + { + yyn = yypact[yystate]; + if (yyn != YYPACT_NINF) + { + yyn += YYTERROR; + if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) + { + yyn = yytable[yyn]; + if (0 < yyn) + break; + } + } + + /* Pop the current state because it cannot handle the error token. */ + if (yyssp == yyss) + YYABORT; + + YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp); + yydestruct (yystos[yystate], yyvsp); + YYPOPSTACK; + yystate = *yyssp; + YY_STACK_PRINT (yyss, yyssp); + } + + if (yyn == YYFINAL) + YYACCEPT; + + YYDPRINTF ((stderr, "Shifting error token, ")); + + *++yyvsp = yylval; + + + yystate = yyn; + goto yynewstate; + + +/*-------------------------------------. +| yyacceptlab -- YYACCEPT comes here. | +`-------------------------------------*/ +yyacceptlab: + yyresult = 0; + goto yyreturn; + +/*-----------------------------------. +| yyabortlab -- YYABORT comes here. | +`-----------------------------------*/ +yyabortlab: + yyresult = 1; + goto yyreturn; + +#ifndef yyoverflow +/*----------------------------------------------. +| yyoverflowlab -- parser overflow comes here. | +`----------------------------------------------*/ +yyoverflowlab: + yyerror ("parser stack overflow"); + yyresult = 2; + /* Fall through. */ +#endif + +yyreturn: +#ifndef yyoverflow + if (yyss != yyssa) + YYSTACK_FREE (yyss); +#endif + return yyresult; +} + + +#line 263 "parse.y" + + +void +yyerror (char *s) +{ + error_message ("%s\n", s); +} + +static Type * +new_type (Typetype tt) +{ + Type *t = malloc(sizeof(*t)); + if (t == NULL) { + error_message ("out of memory in malloc(%lu)", + (unsigned long)sizeof(*t)); + exit (1); + } + t->type = tt; + t->application = 0; + t->members = NULL; + t->subtype = NULL; + t->symbol = NULL; + return t; +} + +static void +append (Member *l, Member *r) +{ + l->prev->next = r; + r->prev = l->prev; + l->prev = r; + r->next = l; +} + diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h new file mode 100644 index 0000000000..25808dca64 --- /dev/null +++ b/source4/heimdal/lib/asn1/parse.h @@ -0,0 +1,115 @@ +/* A Bison parser, made by GNU Bison 1.875d. */ + +/* Skeleton parser for Yacc-like parsing with Bison, + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. */ + +/* As a special exception, when this file is copied by Bison into a + Bison output file, you may use that output file without restriction. + This special exception was added by the Free Software Foundation + in version 1.24 of Bison. */ + +/* Tokens. */ +#ifndef YYTOKENTYPE +# define YYTOKENTYPE + /* Put the tokens into the symbol table, so that GDB and other debuggers + know about them. */ + enum yytokentype { + INTEGER = 258, + SEQUENCE = 259, + CHOICE = 260, + OF = 261, + OCTET = 262, + STRING = 263, + GeneralizedTime = 264, + GeneralString = 265, + BIT = 266, + APPLICATION = 267, + OPTIONAL = 268, + EEQUAL = 269, + TBEGIN = 270, + END = 271, + DEFINITIONS = 272, + ENUMERATED = 273, + UTF8String = 274, + NULLTYPE = 275, + EXTERNAL = 276, + DEFAULT = 277, + DOTDOT = 278, + DOTDOTDOT = 279, + BOOLEAN = 280, + IMPORTS = 281, + FROM = 282, + OBJECT = 283, + IDENTIFIER = 284, + IDENT = 285, + CONSTANT = 286 + }; +#endif +#define INTEGER 258 +#define SEQUENCE 259 +#define CHOICE 260 +#define OF 261 +#define OCTET 262 +#define STRING 263 +#define GeneralizedTime 264 +#define GeneralString 265 +#define BIT 266 +#define APPLICATION 267 +#define OPTIONAL 268 +#define EEQUAL 269 +#define TBEGIN 270 +#define END 271 +#define DEFINITIONS 272 +#define ENUMERATED 273 +#define UTF8String 274 +#define NULLTYPE 275 +#define EXTERNAL 276 +#define DEFAULT 277 +#define DOTDOT 278 +#define DOTDOTDOT 279 +#define BOOLEAN 280 +#define IMPORTS 281 +#define FROM 282 +#define OBJECT 283 +#define IDENTIFIER 284 +#define IDENT 285 +#define CONSTANT 286 + + + + +#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) +#line 56 "parse.y" +typedef union YYSTYPE { + int constant; + char *name; + Type *type; + Member *member; + char *defval; +} YYSTYPE; +/* Line 1285 of yacc.c. */ +#line 107 "parse.h" +# define yystype YYSTYPE /* obsolescent; will be withdrawn */ +# define YYSTYPE_IS_DECLARED 1 +# define YYSTYPE_IS_TRIVIAL 1 +#endif + +extern YYSTYPE yylval; + + + diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c new file mode 100644 index 0000000000..d0440762a9 --- /dev/null +++ b/source4/heimdal/lib/com_err/lex.c @@ -0,0 +1,1862 @@ + +#line 3 "lex.yy.c" + +#define YY_INT_ALIGNED short int + +/* A lexical scanner generated by flex */ + +#define FLEX_SCANNER +#define YY_FLEX_MAJOR_VERSION 2 +#define YY_FLEX_MINOR_VERSION 5 +#define YY_FLEX_SUBMINOR_VERSION 31 +#if YY_FLEX_SUBMINOR_VERSION > 0 +#define FLEX_BETA +#endif + +/* First, we deal with platform-specific or compiler-specific issues. */ + +/* begin standard C headers. */ +#include +#include +#include +#include + +/* end standard C headers. */ + +/* flex integer type definitions */ + +#ifndef FLEXINT_H +#define FLEXINT_H + +/* C99 systems have . Non-C99 systems may or may not. */ + +#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L +#include +typedef int8_t flex_int8_t; +typedef uint8_t flex_uint8_t; +typedef int16_t flex_int16_t; +typedef uint16_t flex_uint16_t; +typedef int32_t flex_int32_t; +typedef uint32_t flex_uint32_t; +#else +typedef signed char flex_int8_t; +typedef short int flex_int16_t; +typedef int flex_int32_t; +typedef unsigned char flex_uint8_t; +typedef unsigned short int flex_uint16_t; +typedef unsigned int flex_uint32_t; +#endif /* ! C99 */ + +/* Limits of integral types. */ +#ifndef INT8_MIN +#define INT8_MIN (-128) +#endif +#ifndef INT16_MIN +#define INT16_MIN (-32767-1) +#endif +#ifndef INT32_MIN +#define INT32_MIN (-2147483647-1) +#endif +#ifndef INT8_MAX +#define INT8_MAX (127) +#endif +#ifndef INT16_MAX +#define INT16_MAX (32767) +#endif +#ifndef INT32_MAX +#define INT32_MAX (2147483647) +#endif +#ifndef UINT8_MAX +#define UINT8_MAX (255U) +#endif +#ifndef UINT16_MAX +#define UINT16_MAX (65535U) +#endif +#ifndef UINT32_MAX +#define UINT32_MAX (4294967295U) +#endif + +#endif /* ! FLEXINT_H */ + +#ifdef __cplusplus + +/* The "const" storage-class-modifier is valid. */ +#define YY_USE_CONST + +#else /* ! __cplusplus */ + +#if __STDC__ + +#define YY_USE_CONST + +#endif /* __STDC__ */ +#endif /* ! __cplusplus */ + +#ifdef YY_USE_CONST +#define yyconst const +#else +#define yyconst +#endif + +/* Returned upon end-of-file. */ +#define YY_NULL 0 + +/* Promotes a possibly negative, possibly signed char to an unsigned + * integer for use as an array index. If the signed char is negative, + * we want to instead treat it as an 8-bit unsigned char, hence the + * double cast. + */ +#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) + +/* Enter a start condition. This macro really ought to take a parameter, + * but we do it the disgusting crufty way forced on us by the ()-less + * definition of BEGIN. + */ +#define BEGIN (yy_start) = 1 + 2 * + +/* Translate the current start state into a value that can be later handed + * to BEGIN to return to the state. The YYSTATE alias is for lex + * compatibility. + */ +#define YY_START (((yy_start) - 1) / 2) +#define YYSTATE YY_START + +/* Action number for EOF rule of a given start state. */ +#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) + +/* Special action meaning "start processing a new file". */ +#define YY_NEW_FILE yyrestart(yyin ) + +#define YY_END_OF_BUFFER_CHAR 0 + +/* Size of default input buffer. */ +#ifndef YY_BUF_SIZE +#define YY_BUF_SIZE 16384 +#endif + +#ifndef YY_TYPEDEF_YY_BUFFER_STATE +#define YY_TYPEDEF_YY_BUFFER_STATE +typedef struct yy_buffer_state *YY_BUFFER_STATE; +#endif + +extern int yyleng; + +extern FILE *yyin, *yyout; + +#define EOB_ACT_CONTINUE_SCAN 0 +#define EOB_ACT_END_OF_FILE 1 +#define EOB_ACT_LAST_MATCH 2 + + #define YY_LESS_LINENO(n) + +/* Return all but the first "n" matched characters back to the input stream. */ +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + *yy_cp = (yy_hold_char); \ + YY_RESTORE_YY_MORE_OFFSET \ + (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ + YY_DO_BEFORE_ACTION; /* set up yytext again */ \ + } \ + while ( 0 ) + +#define unput(c) yyunput( c, (yytext_ptr) ) + +/* The following is because we cannot portably get our hands on size_t + * (without autoconf's help, which isn't available because we want + * flex-generated scanners to compile on their own). + */ + +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef unsigned int yy_size_t; +#endif + +#ifndef YY_STRUCT_YY_BUFFER_STATE +#define YY_STRUCT_YY_BUFFER_STATE +struct yy_buffer_state + { + FILE *yy_input_file; + + char *yy_ch_buf; /* input buffer */ + char *yy_buf_pos; /* current position in input buffer */ + + /* Size of input buffer in bytes, not including room for EOB + * characters. + */ + yy_size_t yy_buf_size; + + /* Number of characters read into yy_ch_buf, not including EOB + * characters. + */ + int yy_n_chars; + + /* Whether we "own" the buffer - i.e., we know we created it, + * and can realloc() it to grow it, and should free() it to + * delete it. + */ + int yy_is_our_buffer; + + /* Whether this is an "interactive" input source; if so, and + * if we're using stdio for input, then we want to use getc() + * instead of fread(), to make sure we stop fetching input after + * each newline. + */ + int yy_is_interactive; + + /* Whether we're considered to be at the beginning of a line. + * If so, '^' rules will be active on the next match, otherwise + * not. + */ + int yy_at_bol; + + int yy_bs_lineno; /**< The line count. */ + int yy_bs_column; /**< The column count. */ + + /* Whether to try to fill the input buffer when we reach the + * end of it. + */ + int yy_fill_buffer; + + int yy_buffer_status; + +#define YY_BUFFER_NEW 0 +#define YY_BUFFER_NORMAL 1 + /* When an EOF's been seen but there's still some text to process + * then we mark the buffer as YY_EOF_PENDING, to indicate that we + * shouldn't try reading from the input source any more. We might + * still have a bunch of tokens to match, though, because of + * possible backing-up. + * + * When we actually see the EOF, we change the status to "new" + * (via yyrestart()), so that the user can continue scanning by + * just pointing yyin at a new input file. + */ +#define YY_BUFFER_EOF_PENDING 2 + + }; +#endif /* !YY_STRUCT_YY_BUFFER_STATE */ + +/* Stack of input buffers. */ +static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ +static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ +static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ + +/* We provide macros for accessing buffer states in case in the + * future we want to put the buffer states in a more general + * "scanner state". + * + * Returns the top of the stack, or NULL. + */ +#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ + ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ + : NULL) + +/* Same as previous macro, but useful when we know that the buffer stack is not + * NULL or when we need an lvalue. For internal use only. + */ +#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] + +/* yy_hold_char holds the character lost when yytext is formed. */ +static char yy_hold_char; +static int yy_n_chars; /* number of characters read into yy_ch_buf */ +int yyleng; + +/* Points to current character in buffer. */ +static char *yy_c_buf_p = (char *) 0; +static int yy_init = 1; /* whether we need to initialize */ +static int yy_start = 0; /* start state number */ + +/* Flag which is used to allow yywrap()'s to do buffer switches + * instead of setting up a fresh yyin. A bit of a hack ... + */ +static int yy_did_buffer_switch_on_eof; + +void yyrestart (FILE *input_file ); +void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); +YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); +void yy_delete_buffer (YY_BUFFER_STATE b ); +void yy_flush_buffer (YY_BUFFER_STATE b ); +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); +void yypop_buffer_state (void ); + +static void yyensure_buffer_stack (void ); +static void yy_load_buffer_state (void ); +static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); + +#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) + +YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); +YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); +YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); + +void *yyalloc (yy_size_t ); +void *yyrealloc (void *,yy_size_t ); +void yyfree (void * ); + +#define yy_new_buffer yy_create_buffer + +#define yy_set_interactive(is_interactive) \ + { \ + if ( ! YY_CURRENT_BUFFER ){ \ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ + } + +#define yy_set_bol(at_bol) \ + { \ + if ( ! YY_CURRENT_BUFFER ){\ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ + } + +#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) + +/* Begin user sect3 */ + +typedef unsigned char YY_CHAR; + +FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; + +typedef int yy_state_type; + +extern int yylineno; + +int yylineno = 1; + +extern char *yytext; +#define yytext_ptr yytext + +static yy_state_type yy_get_previous_state (void ); +static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); +static int yy_get_next_buffer (void ); +static void yy_fatal_error (yyconst char msg[] ); + +/* Done after the current pattern has been matched and before the + * corresponding action - sets up yytext. + */ +#define YY_DO_BEFORE_ACTION \ + (yytext_ptr) = yy_bp; \ + yyleng = (size_t) (yy_cp - yy_bp); \ + (yy_hold_char) = *yy_cp; \ + *yy_cp = '\0'; \ + (yy_c_buf_p) = yy_cp; + +#define YY_NUM_RULES 16 +#define YY_END_OF_BUFFER 17 +/* This struct is not used in this scanner, + but its presence is necessary. */ +struct yy_trans_info + { + flex_int32_t yy_verify; + flex_int32_t yy_nxt; + }; +static yyconst flex_int16_t yy_accept[46] = + { 0, + 0, 0, 17, 15, 11, 12, 13, 10, 9, 14, + 14, 14, 14, 10, 9, 14, 3, 14, 14, 1, + 7, 14, 14, 8, 14, 14, 14, 14, 14, 14, + 14, 6, 14, 14, 5, 14, 14, 14, 14, 14, + 14, 4, 14, 2, 0 + } ; + +static yyconst flex_int32_t yy_ec[256] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 2, 1, 4, 5, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 6, 6, 6, + 6, 6, 6, 6, 6, 6, 6, 1, 1, 1, + 1, 1, 1, 1, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, + 1, 1, 1, 1, 8, 1, 9, 10, 11, 12, + + 13, 14, 7, 7, 15, 7, 7, 16, 7, 17, + 18, 19, 7, 20, 7, 21, 7, 7, 7, 22, + 7, 7, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1 + } ; + +static yyconst flex_int32_t yy_meta[23] = + { 0, + 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, + 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, + 3, 3 + } ; + +static yyconst flex_int16_t yy_base[48] = + { 0, + 0, 0, 56, 57, 57, 57, 57, 0, 49, 0, + 12, 13, 34, 0, 47, 0, 0, 40, 31, 0, + 0, 38, 36, 0, 30, 34, 32, 25, 22, 28, + 34, 0, 19, 13, 0, 22, 30, 26, 26, 18, + 12, 0, 14, 0, 57, 34, 23 + } ; + +static yyconst flex_int16_t yy_def[48] = + { 0, + 45, 1, 45, 45, 45, 45, 45, 46, 47, 47, + 47, 47, 47, 46, 47, 47, 47, 47, 47, 47, + 47, 47, 47, 47, 47, 47, 47, 47, 47, 47, + 47, 47, 47, 47, 47, 47, 47, 47, 47, 47, + 47, 47, 47, 47, 0, 45, 45 + } ; + +static yyconst flex_int16_t yy_nxt[80] = + { 0, + 4, 5, 6, 7, 8, 9, 10, 10, 10, 10, + 10, 10, 11, 10, 12, 10, 10, 10, 13, 10, + 10, 10, 17, 36, 21, 16, 44, 43, 18, 22, + 42, 19, 20, 37, 14, 41, 14, 40, 39, 38, + 35, 34, 33, 32, 31, 30, 29, 28, 27, 26, + 25, 24, 15, 23, 15, 45, 3, 45, 45, 45, + 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, + 45, 45, 45, 45, 45, 45, 45, 45, 45 + } ; + +static yyconst flex_int16_t yy_chk[80] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 11, 34, 12, 47, 43, 41, 11, 12, + 40, 11, 11, 34, 46, 39, 46, 38, 37, 36, + 33, 31, 30, 29, 28, 27, 26, 25, 23, 22, + 19, 18, 15, 13, 9, 3, 45, 45, 45, 45, + 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, + 45, 45, 45, 45, 45, 45, 45, 45, 45 + } ; + +static yy_state_type yy_last_accepting_state; +static char *yy_last_accepting_cpos; + +extern int yy_flex_debug; +int yy_flex_debug = 0; + +/* The intent behind this definition is that it'll catch + * any uses of REJECT which flex missed. + */ +#define REJECT reject_used_but_not_detected +#define yymore() yymore_used_but_not_detected +#define YY_MORE_ADJ 0 +#define YY_RESTORE_YY_MORE_OFFSET +char *yytext; +#line 1 "lex.l" +#line 2 "lex.l" +/* + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * This is to handle the definition of this symbol in some AIX + * headers, which will conflict with the definition that lex will + * generate for it. It's only a problem for AIX lex. + */ + +#undef ECHO + +#include "compile_et.h" +#include "parse.h" +#include "lex.h" + +RCSID("$Id: lex.l,v 1.8 2005/05/16 08:52:54 lha Exp $"); + +static unsigned lineno = 1; +static int getstring(void); + +#define YY_NO_UNPUT + +#undef ECHO + +#line 524 "lex.yy.c" + +#define INITIAL 0 + +#ifndef YY_NO_UNISTD_H +/* Special case for "unistd.h", since it is non-ANSI. We include it way + * down here because we want the user's section 1 to have been scanned first. + * The user has a chance to override it with an option. + */ +#include +#endif + +#ifndef YY_EXTRA_TYPE +#define YY_EXTRA_TYPE void * +#endif + +/* Macros after this point can all be overridden by user definitions in + * section 1. + */ + +#ifndef YY_SKIP_YYWRAP +#ifdef __cplusplus +extern "C" int yywrap (void ); +#else +extern int yywrap (void ); +#endif +#endif + + static void yyunput (int c,char *buf_ptr ); + +#ifndef yytext_ptr +static void yy_flex_strncpy (char *,yyconst char *,int ); +#endif + +#ifdef YY_NEED_STRLEN +static int yy_flex_strlen (yyconst char * ); +#endif + +#ifndef YY_NO_INPUT + +#ifdef __cplusplus +static int yyinput (void ); +#else +static int input (void ); +#endif + +#endif + +/* Amount of stuff to slurp up with each read. */ +#ifndef YY_READ_BUF_SIZE +#define YY_READ_BUF_SIZE 8192 +#endif + +/* Copy whatever the last rule matched to the standard output. */ +#ifndef ECHO +/* This used to be an fputs(), but since the string might contain NUL's, + * we now use fwrite(). + */ +#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) +#endif + +/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, + * is returned in "result". + */ +#ifndef YY_INPUT +#define YY_INPUT(buf,result,max_size) \ + if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + { \ + int c = '*'; \ + size_t n; \ + for ( n = 0; n < max_size && \ + (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ + buf[n] = (char) c; \ + if ( c == '\n' ) \ + buf[n++] = (char) c; \ + if ( c == EOF && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + result = n; \ + } \ + else \ + { \ + errno=0; \ + while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ + { \ + if( errno != EINTR) \ + { \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + break; \ + } \ + errno=0; \ + clearerr(yyin); \ + } \ + }\ +\ + +#endif + +/* No semi-colon after return; correct usage is to write "yyterminate();" - + * we don't want an extra ';' after the "return" because that will cause + * some compilers to complain about unreachable statements. + */ +#ifndef yyterminate +#define yyterminate() return YY_NULL +#endif + +/* Number of entries by which start-condition stack grows. */ +#ifndef YY_START_STACK_INCR +#define YY_START_STACK_INCR 25 +#endif + +/* Report a fatal error. */ +#ifndef YY_FATAL_ERROR +#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) +#endif + +/* end tables serialization structures and prototypes */ + +/* Default declaration of generated scanner - a define so the user can + * easily add parameters. + */ +#ifndef YY_DECL +#define YY_DECL_IS_OURS 1 + +extern int yylex (void); + +#define YY_DECL int yylex (void) +#endif /* !YY_DECL */ + +/* Code executed at the beginning of each rule, after yytext and yyleng + * have been set up. + */ +#ifndef YY_USER_ACTION +#define YY_USER_ACTION +#endif + +/* Code executed at the end of each rule. */ +#ifndef YY_BREAK +#define YY_BREAK break; +#endif + +#define YY_RULE_SETUP \ + YY_USER_ACTION + +/** The main scanner function which does all the work. + */ +YY_DECL +{ + register yy_state_type yy_current_state; + register char *yy_cp, *yy_bp; + register int yy_act; + +#line 59 "lex.l" + +#line 677 "lex.yy.c" + + if ( (yy_init) ) + { + (yy_init) = 0; + +#ifdef YY_USER_INIT + YY_USER_INIT; +#endif + + if ( ! (yy_start) ) + (yy_start) = 1; /* first start state */ + + if ( ! yyin ) + yyin = stdin; + + if ( ! yyout ) + yyout = stdout; + + if ( ! YY_CURRENT_BUFFER ) { + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } + + yy_load_buffer_state( ); + } + + while ( 1 ) /* loops until end-of-file is reached */ + { + yy_cp = (yy_c_buf_p); + + /* Support of yytext. */ + *yy_cp = (yy_hold_char); + + /* yy_bp points to the position in yy_ch_buf of the start of + * the current run. + */ + yy_bp = yy_cp; + + yy_current_state = (yy_start); +yy_match: + do + { + register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 46 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + ++yy_cp; + } + while ( yy_base[yy_current_state] != 57 ); + +yy_find_action: + yy_act = yy_accept[yy_current_state]; + if ( yy_act == 0 ) + { /* have to back up */ + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); + yy_act = yy_accept[yy_current_state]; + } + + YY_DO_BEFORE_ACTION; + +do_action: /* This label is used only to access EOF actions. */ + + switch ( yy_act ) + { /* beginning of action switch */ + case 0: /* must back up */ + /* undo the effects of YY_DO_BEFORE_ACTION */ + *yy_cp = (yy_hold_char); + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); + goto yy_find_action; + +case 1: +YY_RULE_SETUP +#line 60 "lex.l" +{ return ET; } + YY_BREAK +case 2: +YY_RULE_SETUP +#line 61 "lex.l" +{ return ET; } + YY_BREAK +case 3: +YY_RULE_SETUP +#line 62 "lex.l" +{ return EC; } + YY_BREAK +case 4: +YY_RULE_SETUP +#line 63 "lex.l" +{ return EC; } + YY_BREAK +case 5: +YY_RULE_SETUP +#line 64 "lex.l" +{ return PREFIX; } + YY_BREAK +case 6: +YY_RULE_SETUP +#line 65 "lex.l" +{ return INDEX; } + YY_BREAK +case 7: +YY_RULE_SETUP +#line 66 "lex.l" +{ return ID; } + YY_BREAK +case 8: +YY_RULE_SETUP +#line 67 "lex.l" +{ return END; } + YY_BREAK +case 9: +YY_RULE_SETUP +#line 68 "lex.l" +{ yylval.number = atoi(yytext); return NUMBER; } + YY_BREAK +case 10: +YY_RULE_SETUP +#line 69 "lex.l" +; + YY_BREAK +case 11: +YY_RULE_SETUP +#line 70 "lex.l" +; + YY_BREAK +case 12: +/* rule 12 can match eol */ +YY_RULE_SETUP +#line 71 "lex.l" +{ lineno++; } + YY_BREAK +case 13: +YY_RULE_SETUP +#line 72 "lex.l" +{ return getstring(); } + YY_BREAK +case 14: +YY_RULE_SETUP +#line 73 "lex.l" +{ yylval.string = strdup(yytext); return STRING; } + YY_BREAK +case 15: +YY_RULE_SETUP +#line 74 "lex.l" +{ return *yytext; } + YY_BREAK +case 16: +YY_RULE_SETUP +#line 75 "lex.l" +ECHO; + YY_BREAK +#line 841 "lex.yy.c" +case YY_STATE_EOF(INITIAL): + yyterminate(); + + case YY_END_OF_BUFFER: + { + /* Amount of text matched not including the EOB char. */ + int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; + + /* Undo the effects of YY_DO_BEFORE_ACTION. */ + *yy_cp = (yy_hold_char); + YY_RESTORE_YY_MORE_OFFSET + + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) + { + /* We're scanning a new file or input source. It's + * possible that this happened because the user + * just pointed yyin at a new source and called + * yylex(). If so, then we have to assure + * consistency between YY_CURRENT_BUFFER and our + * globals. Here is the right place to do so, because + * this is the first action (other than possibly a + * back-up) that will match for the new input source. + */ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; + } + + /* Note that here we test for yy_c_buf_p "<=" to the position + * of the first EOB in the buffer, since yy_c_buf_p will + * already have been incremented past the NUL character + * (since all states make transitions on EOB to the + * end-of-buffer state). Contrast this with the test + * in input(). + */ + if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + { /* This was really a NUL. */ + yy_state_type yy_next_state; + + (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state( ); + + /* Okay, we're now positioned to make the NUL + * transition. We couldn't have + * yy_get_previous_state() go ahead and do it + * for us because it doesn't know how to deal + * with the possibility of jamming (and we don't + * want to build jamming into it because then it + * will run more slowly). + */ + + yy_next_state = yy_try_NUL_trans( yy_current_state ); + + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + + if ( yy_next_state ) + { + /* Consume the NUL. */ + yy_cp = ++(yy_c_buf_p); + yy_current_state = yy_next_state; + goto yy_match; + } + + else + { + yy_cp = (yy_c_buf_p); + goto yy_find_action; + } + } + + else switch ( yy_get_next_buffer( ) ) + { + case EOB_ACT_END_OF_FILE: + { + (yy_did_buffer_switch_on_eof) = 0; + + if ( yywrap( ) ) + { + /* Note: because we've taken care in + * yy_get_next_buffer() to have set up + * yytext, we can now set up + * yy_c_buf_p so that if some total + * hoser (like flex itself) wants to + * call the scanner after we return the + * YY_NULL, it'll still work - another + * YY_NULL will get returned. + */ + (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; + + yy_act = YY_STATE_EOF(YY_START); + goto do_action; + } + + else + { + if ( ! (yy_did_buffer_switch_on_eof) ) + YY_NEW_FILE; + } + break; + } + + case EOB_ACT_CONTINUE_SCAN: + (yy_c_buf_p) = + (yytext_ptr) + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state( ); + + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + goto yy_match; + + case EOB_ACT_LAST_MATCH: + (yy_c_buf_p) = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; + + yy_current_state = yy_get_previous_state( ); + + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + goto yy_find_action; + } + break; + } + + default: + YY_FATAL_ERROR( + "fatal flex scanner internal error--no action found" ); + } /* end of action switch */ + } /* end of scanning one token */ +} /* end of yylex */ + +/* yy_get_next_buffer - try to read in a new buffer + * + * Returns a code representing an action: + * EOB_ACT_LAST_MATCH - + * EOB_ACT_CONTINUE_SCAN - continue scanning from current position + * EOB_ACT_END_OF_FILE - end of file + */ +static int yy_get_next_buffer (void) +{ + register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + register char *source = (yytext_ptr); + register int number_to_move, i; + int ret_val; + + if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) + YY_FATAL_ERROR( + "fatal flex scanner internal error--end of buffer missed" ); + + if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) + { /* Don't try to fill the buffer, so this is an EOF. */ + if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) + { + /* We matched a single character, the EOB, so + * treat this as a final EOF. + */ + return EOB_ACT_END_OF_FILE; + } + + else + { + /* We matched some text prior to the EOB, first + * process it. + */ + return EOB_ACT_LAST_MATCH; + } + } + + /* Try to read more data. */ + + /* First move last chars to start of buffer. */ + number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + + for ( i = 0; i < number_to_move; ++i ) + *(dest++) = *(source++); + + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + /* don't do the read, it's not guaranteed to return an EOF, + * just force an EOF + */ + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; + + else + { + size_t num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) + { /* Not enough room in the buffer - grow it. */ + + /* just a shorter name for the current buffer */ + YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + + int yy_c_buf_p_offset = + (int) ((yy_c_buf_p) - b->yy_ch_buf); + + if ( b->yy_is_our_buffer ) + { + int new_size = b->yy_buf_size * 2; + + if ( new_size <= 0 ) + b->yy_buf_size += b->yy_buf_size / 8; + else + b->yy_buf_size *= 2; + + b->yy_ch_buf = (char *) + /* Include room in for 2 EOB chars. */ + yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); + } + else + /* Can't grow it, we don't own it. */ + b->yy_ch_buf = 0; + + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( + "fatal error - scanner input buffer overflow" ); + + (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; + + num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - + number_to_move - 1; + + } + + if ( num_to_read > YY_READ_BUF_SIZE ) + num_to_read = YY_READ_BUF_SIZE; + + /* Read in more data. */ + YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), + (yy_n_chars), num_to_read ); + + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + if ( (yy_n_chars) == 0 ) + { + if ( number_to_move == YY_MORE_ADJ ) + { + ret_val = EOB_ACT_END_OF_FILE; + yyrestart(yyin ); + } + + else + { + ret_val = EOB_ACT_LAST_MATCH; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = + YY_BUFFER_EOF_PENDING; + } + } + + else + ret_val = EOB_ACT_CONTINUE_SCAN; + + (yy_n_chars) += number_to_move; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; + + (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; + + return ret_val; +} + +/* yy_get_previous_state - get the state just before the EOB char was reached */ + + static yy_state_type yy_get_previous_state (void) +{ + register yy_state_type yy_current_state; + register char *yy_cp; + + yy_current_state = (yy_start); + + for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) + { + register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 46 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + } + + return yy_current_state; +} + +/* yy_try_NUL_trans - try to make a transition on the NUL character + * + * synopsis + * next_state = yy_try_NUL_trans( current_state ); + */ + static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) +{ + register int yy_is_jam; + register char *yy_cp = (yy_c_buf_p); + + register YY_CHAR yy_c = 1; + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 46 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + yy_is_jam = (yy_current_state == 45); + + return yy_is_jam ? 0 : yy_current_state; +} + + static void yyunput (int c, register char * yy_bp ) +{ + register char *yy_cp; + + yy_cp = (yy_c_buf_p); + + /* undo effects of setting up yytext */ + *yy_cp = (yy_hold_char); + + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + { /* need to shift things up to make room */ + /* +2 for EOB chars. */ + register int number_to_move = (yy_n_chars) + 2; + register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; + register char *source = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; + + while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + *--dest = *--source; + + yy_cp += (int) (dest - source); + yy_bp += (int) (dest - source); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + YY_FATAL_ERROR( "flex scanner push-back overflow" ); + } + + *--yy_cp = (char) c; + + (yytext_ptr) = yy_bp; + (yy_hold_char) = *yy_cp; + (yy_c_buf_p) = yy_cp; +} + +#ifndef YY_NO_INPUT +#ifdef __cplusplus + static int yyinput (void) +#else + static int input (void) +#endif + +{ + int c; + + *(yy_c_buf_p) = (yy_hold_char); + + if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) + { + /* yy_c_buf_p now points to the character we want to return. + * If this occurs *before* the EOB characters, then it's a + * valid NUL; if not, then we've hit the end of the buffer. + */ + if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + /* This was really a NUL. */ + *(yy_c_buf_p) = '\0'; + + else + { /* need more input */ + int offset = (yy_c_buf_p) - (yytext_ptr); + ++(yy_c_buf_p); + + switch ( yy_get_next_buffer( ) ) + { + case EOB_ACT_LAST_MATCH: + /* This happens because yy_g_n_b() + * sees that we've accumulated a + * token and flags that we need to + * try matching the token before + * proceeding. But for input(), + * there's no matching to consider. + * So convert the EOB_ACT_LAST_MATCH + * to EOB_ACT_END_OF_FILE. + */ + + /* Reset buffer status. */ + yyrestart(yyin ); + + /*FALLTHROUGH*/ + + case EOB_ACT_END_OF_FILE: + { + if ( yywrap( ) ) + return EOF; + + if ( ! (yy_did_buffer_switch_on_eof) ) + YY_NEW_FILE; +#ifdef __cplusplus + return yyinput(); +#else + return input(); +#endif + } + + case EOB_ACT_CONTINUE_SCAN: + (yy_c_buf_p) = (yytext_ptr) + offset; + break; + } + } + } + + c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ + *(yy_c_buf_p) = '\0'; /* preserve yytext */ + (yy_hold_char) = *++(yy_c_buf_p); + + return c; +} +#endif /* ifndef YY_NO_INPUT */ + +/** Immediately switch to a different input stream. + * @param input_file A readable stream. + * + * @note This function does not reset the start condition to @c INITIAL . + */ + void yyrestart (FILE * input_file ) +{ + + if ( ! YY_CURRENT_BUFFER ){ + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } + + yy_init_buffer(YY_CURRENT_BUFFER,input_file ); + yy_load_buffer_state( ); +} + +/** Switch to a different input buffer. + * @param new_buffer The new input buffer. + * + */ + void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) +{ + + /* TODO. We should be able to replace this entire function body + * with + * yypop_buffer_state(); + * yypush_buffer_state(new_buffer); + */ + yyensure_buffer_stack (); + if ( YY_CURRENT_BUFFER == new_buffer ) + return; + + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + YY_CURRENT_BUFFER_LVALUE = new_buffer; + yy_load_buffer_state( ); + + /* We don't actually know whether we did this switch during + * EOF (yywrap()) processing, but the only time this flag + * is looked at is after yywrap() is called, so it's safe + * to go ahead and always set it. + */ + (yy_did_buffer_switch_on_eof) = 1; +} + +static void yy_load_buffer_state (void) +{ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; + yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; + (yy_hold_char) = *(yy_c_buf_p); +} + +/** Allocate and initialize an input buffer state. + * @param file A readable stream. + * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. + * + * @return the allocated buffer state. + */ + YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) +{ + YY_BUFFER_STATE b; + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_buf_size = size; + + /* yy_ch_buf has to be 2 characters longer than the size given because + * we need to put in 2 end-of-buffer characters. + */ + b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_is_our_buffer = 1; + + yy_init_buffer(b,file ); + + return b; +} + +/** Destroy the buffer. + * @param b a buffer created with yy_create_buffer() + * + */ + void yy_delete_buffer (YY_BUFFER_STATE b ) +{ + + if ( ! b ) + return; + + if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ + YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; + + if ( b->yy_is_our_buffer ) + yyfree((void *) b->yy_ch_buf ); + + yyfree((void *) b ); +} + +#ifndef __cplusplus +extern int isatty (int ); +#endif /* __cplusplus */ + +/* Initializes or reinitializes a buffer. + * This function is sometimes called more than once on the same buffer, + * such as during a yyrestart() or at EOF. + */ + static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) + +{ + int oerrno = errno; + + yy_flush_buffer(b ); + + b->yy_input_file = file; + b->yy_fill_buffer = 1; + + /* If b is the current buffer, then yy_init_buffer was _probably_ + * called from yyrestart() or through yy_get_next_buffer. + * In that case, we don't want to reset the lineno or column. + */ + if (b != YY_CURRENT_BUFFER){ + b->yy_bs_lineno = 1; + b->yy_bs_column = 0; + } + + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; + + errno = oerrno; +} + +/** Discard all buffered characters. On the next scan, YY_INPUT will be called. + * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. + * + */ + void yy_flush_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) + return; + + b->yy_n_chars = 0; + + /* We always need two end-of-buffer characters. The first causes + * a transition to the end-of-buffer state. The second causes + * a jam in that state. + */ + b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; + b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; + + b->yy_buf_pos = &b->yy_ch_buf[0]; + + b->yy_at_bol = 1; + b->yy_buffer_status = YY_BUFFER_NEW; + + if ( b == YY_CURRENT_BUFFER ) + yy_load_buffer_state( ); +} + +/** Pushes the new state onto the stack. The new state becomes + * the current state. This function will allocate the stack + * if necessary. + * @param new_buffer The new state. + * + */ +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) +{ + if (new_buffer == NULL) + return; + + yyensure_buffer_stack(); + + /* This block is copied from yy_switch_to_buffer. */ + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + /* Only push if top exists. Otherwise, replace top. */ + if (YY_CURRENT_BUFFER) + (yy_buffer_stack_top)++; + YY_CURRENT_BUFFER_LVALUE = new_buffer; + + /* copied from yy_switch_to_buffer. */ + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; +} + +/** Removes and deletes the top of the stack, if present. + * The next element becomes the new top. + * + */ +void yypop_buffer_state (void) +{ + if (!YY_CURRENT_BUFFER) + return; + + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + if ((yy_buffer_stack_top) > 0) + --(yy_buffer_stack_top); + + if (YY_CURRENT_BUFFER) { + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; + } +} + +/* Allocates the stack if it does not exist. + * Guarantees space for at least one push. + */ +static void yyensure_buffer_stack (void) +{ + int num_to_alloc; + + if (!(yy_buffer_stack)) { + + /* First allocation is just for 2 elements, since we don't know if this + * scanner will even need a stack. We use 2 instead of 1 to avoid an + * immediate realloc on the next call. + */ + num_to_alloc = 1; + (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc + (num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); + + (yy_buffer_stack_max) = num_to_alloc; + (yy_buffer_stack_top) = 0; + return; + } + + if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ + + /* Increase the buffer to prepare for a possible push. */ + int grow_size = 8 /* arbitrary grow size */; + + num_to_alloc = (yy_buffer_stack_max) + grow_size; + (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc + ((yy_buffer_stack), + num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + /* zero only the new slots.*/ + memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); + (yy_buffer_stack_max) = num_to_alloc; + } +} + +/** Setup the input buffer state to scan directly from a user-specified character buffer. + * @param base the character buffer + * @param size the size in bytes of the character buffer + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) +{ + YY_BUFFER_STATE b; + + if ( size < 2 || + base[size-2] != YY_END_OF_BUFFER_CHAR || + base[size-1] != YY_END_OF_BUFFER_CHAR ) + /* They forgot to leave room for the EOB's. */ + return 0; + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); + + b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ + b->yy_buf_pos = b->yy_ch_buf = base; + b->yy_is_our_buffer = 0; + b->yy_input_file = 0; + b->yy_n_chars = b->yy_buf_size; + b->yy_is_interactive = 0; + b->yy_at_bol = 1; + b->yy_fill_buffer = 0; + b->yy_buffer_status = YY_BUFFER_NEW; + + yy_switch_to_buffer(b ); + + return b; +} + +/** Setup the input buffer state to scan a string. The next call to yylex() will + * scan from a @e copy of @a str. + * @param str a NUL-terminated string to scan + * + * @return the newly allocated buffer state object. + * @note If you want to scan bytes that may contain NUL values, then use + * yy_scan_bytes() instead. + */ +YY_BUFFER_STATE yy_scan_string (yyconst char * yy_str ) +{ + + return yy_scan_bytes(yy_str,strlen(yy_str) ); +} + +/** Setup the input buffer state to scan the given bytes. The next call to yylex() will + * scan from a @e copy of @a bytes. + * @param bytes the byte buffer to scan + * @param len the number of bytes in the buffer pointed to by @a bytes. + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) +{ + YY_BUFFER_STATE b; + char *buf; + yy_size_t n; + int i; + + /* Get memory for full buffer, including space for trailing EOB's. */ + n = len + 2; + buf = (char *) yyalloc(n ); + if ( ! buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); + + for ( i = 0; i < len; ++i ) + buf[i] = bytes[i]; + + buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; + + b = yy_scan_buffer(buf,n ); + if ( ! b ) + YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); + + /* It's okay to grow etc. this buffer, and we should throw it + * away when we're done. + */ + b->yy_is_our_buffer = 1; + + return b; +} + +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif + +static void yy_fatal_error (yyconst char* msg ) +{ + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); +} + +/* Redefine yyless() so it works in section 3 code. */ + +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + yytext[yyleng] = (yy_hold_char); \ + (yy_c_buf_p) = yytext + yyless_macro_arg; \ + (yy_hold_char) = *(yy_c_buf_p); \ + *(yy_c_buf_p) = '\0'; \ + yyleng = yyless_macro_arg; \ + } \ + while ( 0 ) + +/* Accessor methods (get/set functions) to struct members. */ + +/** Get the current line number. + * + */ +int yyget_lineno (void) +{ + + return yylineno; +} + +/** Get the input stream. + * + */ +FILE *yyget_in (void) +{ + return yyin; +} + +/** Get the output stream. + * + */ +FILE *yyget_out (void) +{ + return yyout; +} + +/** Get the length of the current token. + * + */ +int yyget_leng (void) +{ + return yyleng; +} + +/** Get the current token. + * + */ + +char *yyget_text (void) +{ + return yytext; +} + +/** Set the current line number. + * @param line_number + * + */ +void yyset_lineno (int line_number ) +{ + + yylineno = line_number; +} + +/** Set the input stream. This does not discard the current + * input buffer. + * @param in_str A readable stream. + * + * @see yy_switch_to_buffer + */ +void yyset_in (FILE * in_str ) +{ + yyin = in_str ; +} + +void yyset_out (FILE * out_str ) +{ + yyout = out_str ; +} + +int yyget_debug (void) +{ + return yy_flex_debug; +} + +void yyset_debug (int bdebug ) +{ + yy_flex_debug = bdebug ; +} + +/* yylex_destroy is for both reentrant and non-reentrant scanners. */ +int yylex_destroy (void) +{ + + /* Pop the buffer stack, destroying each element. */ + while(YY_CURRENT_BUFFER){ + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + yypop_buffer_state(); + } + + /* Destroy the stack itself. */ + yyfree((yy_buffer_stack) ); + (yy_buffer_stack) = NULL; + + return 0; +} + +/* + * Internal utility routines. + */ + +#ifndef yytext_ptr +static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) +{ + register int i; + for ( i = 0; i < n; ++i ) + s1[i] = s2[i]; +} +#endif + +#ifdef YY_NEED_STRLEN +static int yy_flex_strlen (yyconst char * s ) +{ + register int n; + for ( n = 0; s[n]; ++n ) + ; + + return n; +} +#endif + +void *yyalloc (yy_size_t size ) +{ + return (void *) malloc( size ); +} + +void *yyrealloc (void * ptr, yy_size_t size ) +{ + /* The cast to (char *) in the following accommodates both + * implementations that use char* generic pointers, and those + * that use void* generic pointers. It works with the latter + * because both ANSI C and C++ allow castless assignment from + * any pointer type to void*, and deal with argument conversions + * as though doing an assignment. + */ + return (void *) realloc( (char *) ptr, size ); +} + +void yyfree (void * ptr ) +{ + free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ +} + +#define YYTABLES_NAME "yytables" + +#undef YY_NEW_FILE +#undef YY_FLUSH_BUFFER +#undef yy_set_bol +#undef yy_new_buffer +#undef yy_set_interactive +#undef yytext_ptr +#undef YY_DO_BEFORE_ACTION + +#ifdef YY_DECL_IS_OURS +#undef YY_DECL_IS_OURS +#undef YY_DECL +#endif +#line 75 "lex.l" + + + +#ifndef yywrap /* XXX */ +int +yywrap () +{ + return 1; +} +#endif + +static int +getstring(void) +{ + char x[128]; + int i = 0; + int c; + int quote = 0; + while(i < sizeof(x) - 1 && (c = input()) != EOF){ + if(quote) { + x[i++] = c; + quote = 0; + continue; + } + if(c == '\n'){ + error_message("unterminated string"); + lineno++; + break; + } + if(c == '\\'){ + quote++; + continue; + } + if(c == '\"') + break; + x[i++] = c; + } + x[i] = '\0'; + yylval.string = strdup(x); + if (yylval.string == NULL) + err(1, "malloc"); + return STRING; +} + +void +error_message (const char *format, ...) +{ + va_list args; + + va_start (args, format); + fprintf (stderr, "%s:%d:", filename, lineno); + vfprintf (stderr, format, args); + va_end (args); + numerror++; +} + diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c new file mode 100644 index 0000000000..c732867d09 --- /dev/null +++ b/source4/heimdal/lib/com_err/parse.c @@ -0,0 +1,1396 @@ +/* A Bison parser, made by GNU Bison 1.875d. */ + +/* Skeleton parser for Yacc-like parsing with Bison, + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. */ + +/* As a special exception, when this file is copied by Bison into a + Bison output file, you may use that output file without restriction. + This special exception was added by the Free Software Foundation + in version 1.24 of Bison. */ + +/* Written by Richard Stallman by simplifying the original so called + ``semantic'' parser. */ + +/* All symbols defined below should begin with yy or YY, to avoid + infringing on user name space. This should be done even for local + variables, as they might otherwise be expanded by user macros. + There are some unavoidable exceptions within include files to + define necessary library symbols; they are noted "INFRINGES ON + USER NAME SPACE" below. */ + +/* Identify Bison output. */ +#define YYBISON 1 + +/* Skeleton name. */ +#define YYSKELETON_NAME "yacc.c" + +/* Pure parsers. */ +#define YYPURE 0 + +/* Using locations. */ +#define YYLSP_NEEDED 0 + + + +/* Tokens. */ +#ifndef YYTOKENTYPE +# define YYTOKENTYPE + /* Put the tokens into the symbol table, so that GDB and other debuggers + know about them. */ + enum yytokentype { + ET = 258, + INDEX = 259, + PREFIX = 260, + EC = 261, + ID = 262, + END = 263, + STRING = 264, + NUMBER = 265 + }; +#endif +#define ET 258 +#define INDEX 259 +#define PREFIX 260 +#define EC 261 +#define ID 262 +#define END 263 +#define STRING 264 +#define NUMBER 265 + + + + +/* Copy the first part of user declarations. */ +#line 1 "parse.y" + +/* + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "compile_et.h" +#include "lex.h" + +RCSID("$Id: parse.y,v 1.15 2005/06/16 19:21:42 lha Exp $"); + +void yyerror (char *s); +static long name2number(const char *str); + +extern char *yytext; + +/* This is for bison */ + +#if !defined(alloca) && !defined(HAVE_ALLOCA) +#define alloca(x) malloc(x) +#endif + + + +/* Enabling traces. */ +#ifndef YYDEBUG +# define YYDEBUG 0 +#endif + +/* Enabling verbose error messages. */ +#ifdef YYERROR_VERBOSE +# undef YYERROR_VERBOSE +# define YYERROR_VERBOSE 1 +#else +# define YYERROR_VERBOSE 0 +#endif + +#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) +#line 53 "parse.y" +typedef union YYSTYPE { + char *string; + int number; +} YYSTYPE; +/* Line 191 of yacc.c. */ +#line 153 "$base.c" +# define yystype YYSTYPE /* obsolescent; will be withdrawn */ +# define YYSTYPE_IS_DECLARED 1 +# define YYSTYPE_IS_TRIVIAL 1 +#endif + + + +/* Copy the second part of user declarations. */ + + +/* Line 214 of yacc.c. */ +#line 165 "$base.c" + +#if ! defined (yyoverflow) || YYERROR_VERBOSE + +# ifndef YYFREE +# define YYFREE free +# endif +# ifndef YYMALLOC +# define YYMALLOC malloc +# endif + +/* The parser invokes alloca or malloc; define the necessary symbols. */ + +# ifdef YYSTACK_USE_ALLOCA +# if YYSTACK_USE_ALLOCA +# define YYSTACK_ALLOC alloca +# endif +# else +# if defined (alloca) || defined (_ALLOCA_H) +# define YYSTACK_ALLOC alloca +# else +# ifdef __GNUC__ +# define YYSTACK_ALLOC __builtin_alloca +# endif +# endif +# endif + +# ifdef YYSTACK_ALLOC + /* Pacify GCC's `empty if-body' warning. */ +# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) +# else +# if defined (__STDC__) || defined (__cplusplus) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +# endif +# define YYSTACK_ALLOC YYMALLOC +# define YYSTACK_FREE YYFREE +# endif +#endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */ + + +#if (! defined (yyoverflow) \ + && (! defined (__cplusplus) \ + || (defined (YYSTYPE_IS_TRIVIAL) && YYSTYPE_IS_TRIVIAL))) + +/* A type that is properly aligned for any stack member. */ +union yyalloc +{ + short int yyss; + YYSTYPE yyvs; + }; + +/* The size of the maximum gap between one aligned stack and the next. */ +# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) + +/* The size of an array large to enough to hold all stacks, each with + N elements. */ +# define YYSTACK_BYTES(N) \ + ((N) * (sizeof (short int) + sizeof (YYSTYPE)) \ + + YYSTACK_GAP_MAXIMUM) + +/* Copy COUNT objects from FROM to TO. The source and destination do + not overlap. */ +# ifndef YYCOPY +# if defined (__GNUC__) && 1 < __GNUC__ +# define YYCOPY(To, From, Count) \ + __builtin_memcpy (To, From, (Count) * sizeof (*(From))) +# else +# define YYCOPY(To, From, Count) \ + do \ + { \ + register YYSIZE_T yyi; \ + for (yyi = 0; yyi < (Count); yyi++) \ + (To)[yyi] = (From)[yyi]; \ + } \ + while (0) +# endif +# endif + +/* Relocate STACK from its old location to the new one. The + local variables YYSIZE and YYSTACKSIZE give the old and new number of + elements in the stack, and YYPTR gives the new location of the + stack. Advance YYPTR to a properly aligned location for the next + stack. */ +# define YYSTACK_RELOCATE(Stack) \ + do \ + { \ + YYSIZE_T yynewbytes; \ + YYCOPY (&yyptr->Stack, Stack, yysize); \ + Stack = &yyptr->Stack; \ + yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ + yyptr += yynewbytes / sizeof (*yyptr); \ + } \ + while (0) + +#endif + +#if defined (__STDC__) || defined (__cplusplus) + typedef signed char yysigned_char; +#else + typedef short int yysigned_char; +#endif + +/* YYFINAL -- State number of the termination state. */ +#define YYFINAL 9 +/* YYLAST -- Last index in YYTABLE. */ +#define YYLAST 23 + +/* YYNTOKENS -- Number of terminals. */ +#define YYNTOKENS 12 +/* YYNNTS -- Number of nonterminals. */ +#define YYNNTS 7 +/* YYNRULES -- Number of rules. */ +#define YYNRULES 15 +/* YYNRULES -- Number of states. */ +#define YYNSTATES 24 + +/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ +#define YYUNDEFTOK 2 +#define YYMAXUTOK 265 + +#define YYTRANSLATE(YYX) \ + ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) + +/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ +static const unsigned char yytranslate[] = +{ + 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 11, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, + 5, 6, 7, 8, 9, 10 +}; + +#if YYDEBUG +/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in + YYRHS. */ +static const unsigned char yyprhs[] = +{ + 0, 0, 3, 4, 7, 10, 12, 15, 18, 22, + 24, 27, 30, 33, 35, 40 +}; + +/* YYRHS -- A `-1'-separated list of the rules' RHS. */ +static const yysigned_char yyrhs[] = +{ + 13, 0, -1, -1, 14, 17, -1, 15, 16, -1, + 16, -1, 7, 9, -1, 3, 9, -1, 3, 9, + 9, -1, 18, -1, 17, 18, -1, 4, 10, -1, + 5, 9, -1, 5, -1, 6, 9, 11, 9, -1, + 8, -1 +}; + +/* YYRLINE[YYN] -- source line where rule number YYN was defined. */ +static const unsigned char yyrline[] = +{ + 0, 64, 64, 65, 68, 69, 72, 78, 84, 93, + 94, 97, 101, 109, 116, 136 +}; +#endif + +#if YYDEBUG || YYERROR_VERBOSE +/* YYTNME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. + First, the terminals, then, starting at YYNTOKENS, nonterminals. */ +static const char *const yytname[] = +{ + "$end", "error", "$undefined", "ET", "INDEX", "PREFIX", "EC", "ID", + "END", "STRING", "NUMBER", "','", "$accept", "file", "header", "id", + "et", "statements", "statement", 0 +}; +#endif + +# ifdef YYPRINT +/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to + token YYLEX-NUM. */ +static const unsigned short int yytoknum[] = +{ + 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, + 265, 44 +}; +# endif + +/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ +static const unsigned char yyr1[] = +{ + 0, 12, 13, 13, 14, 14, 15, 16, 16, 17, + 17, 18, 18, 18, 18, 18 +}; + +/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ +static const unsigned char yyr2[] = +{ + 0, 2, 0, 2, 2, 1, 2, 2, 3, 1, + 2, 2, 2, 1, 4, 1 +}; + +/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state + STATE-NUM when YYTABLE doesn't specify something else to do. Zero + means the default is an error. */ +static const unsigned char yydefact[] = +{ + 2, 0, 0, 0, 0, 0, 5, 7, 6, 1, + 0, 13, 0, 15, 3, 9, 4, 8, 11, 12, + 0, 10, 0, 14 +}; + +/* YYDEFGOTO[NTERM-NUM]. */ +static const yysigned_char yydefgoto[] = +{ + -1, 3, 4, 5, 6, 14, 15 +}; + +/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing + STATE-NUM. */ +#define YYPACT_NINF -5 +static const yysigned_char yypact[] = +{ + 0, -3, -1, 5, -4, 6, -5, 1, -5, -5, + 2, 4, 7, -5, -4, -5, -5, -5, -5, -5, + 3, -5, 8, -5 +}; + +/* YYPGOTO[NTERM-NUM]. */ +static const yysigned_char yypgoto[] = +{ + -5, -5, -5, -5, 10, -5, 9 +}; + +/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If + positive, shift that token. If negative, reduce the rule which + number is the opposite. If zero, do what YYDEFACT says. + If YYTABLE_NINF, syntax error. */ +#define YYTABLE_NINF -1 +static const unsigned char yytable[] = +{ + 10, 11, 12, 1, 13, 9, 7, 2, 8, 1, + 17, 0, 18, 19, 22, 16, 20, 23, 0, 0, + 0, 0, 0, 21 +}; + +static const yysigned_char yycheck[] = +{ + 4, 5, 6, 3, 8, 0, 9, 7, 9, 3, + 9, -1, 10, 9, 11, 5, 9, 9, -1, -1, + -1, -1, -1, 14 +}; + +/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing + symbol of state STATE-NUM. */ +static const unsigned char yystos[] = +{ + 0, 3, 7, 13, 14, 15, 16, 9, 9, 0, + 4, 5, 6, 8, 17, 18, 16, 9, 10, 9, + 9, 18, 11, 9 +}; + +#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) +# define YYSIZE_T __SIZE_TYPE__ +#endif +#if ! defined (YYSIZE_T) && defined (size_t) +# define YYSIZE_T size_t +#endif +#if ! defined (YYSIZE_T) +# if defined (__STDC__) || defined (__cplusplus) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +# endif +#endif +#if ! defined (YYSIZE_T) +# define YYSIZE_T unsigned int +#endif + +#define yyerrok (yyerrstatus = 0) +#define yyclearin (yychar = YYEMPTY) +#define YYEMPTY (-2) +#define YYEOF 0 + +#define YYACCEPT goto yyacceptlab +#define YYABORT goto yyabortlab +#define YYERROR goto yyerrorlab + + +/* Like YYERROR except do call yyerror. This remains here temporarily + to ease the transition to the new meaning of YYERROR, for GCC. + Once GCC version 2 has supplanted version 1, this can go. */ + +#define YYFAIL goto yyerrlab + +#define YYRECOVERING() (!!yyerrstatus) + +#define YYBACKUP(Token, Value) \ +do \ + if (yychar == YYEMPTY && yylen == 1) \ + { \ + yychar = (Token); \ + yylval = (Value); \ + yytoken = YYTRANSLATE (yychar); \ + YYPOPSTACK; \ + goto yybackup; \ + } \ + else \ + { \ + yyerror ("syntax error: cannot back up");\ + YYERROR; \ + } \ +while (0) + +#define YYTERROR 1 +#define YYERRCODE 256 + +/* YYLLOC_DEFAULT -- Compute the default location (before the actions + are run). */ + +#ifndef YYLLOC_DEFAULT +# define YYLLOC_DEFAULT(Current, Rhs, N) \ + ((Current).first_line = (Rhs)[1].first_line, \ + (Current).first_column = (Rhs)[1].first_column, \ + (Current).last_line = (Rhs)[N].last_line, \ + (Current).last_column = (Rhs)[N].last_column) +#endif + +/* YYLEX -- calling `yylex' with the right arguments. */ + +#ifdef YYLEX_PARAM +# define YYLEX yylex (YYLEX_PARAM) +#else +# define YYLEX yylex () +#endif + +/* Enable debugging if requested. */ +#if YYDEBUG + +# ifndef YYFPRINTF +# include /* INFRINGES ON USER NAME SPACE */ +# define YYFPRINTF fprintf +# endif + +# define YYDPRINTF(Args) \ +do { \ + if (yydebug) \ + YYFPRINTF Args; \ +} while (0) + +# define YYDSYMPRINT(Args) \ +do { \ + if (yydebug) \ + yysymprint Args; \ +} while (0) + +# define YYDSYMPRINTF(Title, Token, Value, Location) \ +do { \ + if (yydebug) \ + { \ + YYFPRINTF (stderr, "%s ", Title); \ + yysymprint (stderr, \ + Token, Value); \ + YYFPRINTF (stderr, "\n"); \ + } \ +} while (0) + +/*------------------------------------------------------------------. +| yy_stack_print -- Print the state stack from its BOTTOM up to its | +| TOP (included). | +`------------------------------------------------------------------*/ + +#if defined (__STDC__) || defined (__cplusplus) +static void +yy_stack_print (short int *bottom, short int *top) +#else +static void +yy_stack_print (bottom, top) + short int *bottom; + short int *top; +#endif +{ + YYFPRINTF (stderr, "Stack now"); + for (/* Nothing. */; bottom <= top; ++bottom) + YYFPRINTF (stderr, " %d", *bottom); + YYFPRINTF (stderr, "\n"); +} + +# define YY_STACK_PRINT(Bottom, Top) \ +do { \ + if (yydebug) \ + yy_stack_print ((Bottom), (Top)); \ +} while (0) + + +/*------------------------------------------------. +| Report that the YYRULE is going to be reduced. | +`------------------------------------------------*/ + +#if defined (__STDC__) || defined (__cplusplus) +static void +yy_reduce_print (int yyrule) +#else +static void +yy_reduce_print (yyrule) + int yyrule; +#endif +{ + int yyi; + unsigned int yylno = yyrline[yyrule]; + YYFPRINTF (stderr, "Reducing stack by rule %d (line %u), ", + yyrule - 1, yylno); + /* Print the symbols being reduced, and their result. */ + for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++) + YYFPRINTF (stderr, "%s ", yytname [yyrhs[yyi]]); + YYFPRINTF (stderr, "-> %s\n", yytname [yyr1[yyrule]]); +} + +# define YY_REDUCE_PRINT(Rule) \ +do { \ + if (yydebug) \ + yy_reduce_print (Rule); \ +} while (0) + +/* Nonzero means print parse trace. It is left uninitialized so that + multiple parsers can coexist. */ +int yydebug; +#else /* !YYDEBUG */ +# define YYDPRINTF(Args) +# define YYDSYMPRINT(Args) +# define YYDSYMPRINTF(Title, Token, Value, Location) +# define YY_STACK_PRINT(Bottom, Top) +# define YY_REDUCE_PRINT(Rule) +#endif /* !YYDEBUG */ + + +/* YYINITDEPTH -- initial size of the parser's stacks. */ +#ifndef YYINITDEPTH +# define YYINITDEPTH 200 +#endif + +/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only + if the built-in stack extension method is used). + + Do not make this value too large; the results are undefined if + SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH) + evaluated with infinite-precision integer arithmetic. */ + +#if defined (YYMAXDEPTH) && YYMAXDEPTH == 0 +# undef YYMAXDEPTH +#endif + +#ifndef YYMAXDEPTH +# define YYMAXDEPTH 10000 +#endif + + + +#if YYERROR_VERBOSE + +# ifndef yystrlen +# if defined (__GLIBC__) && defined (_STRING_H) +# define yystrlen strlen +# else +/* Return the length of YYSTR. */ +static YYSIZE_T +# if defined (__STDC__) || defined (__cplusplus) +yystrlen (const char *yystr) +# else +yystrlen (yystr) + const char *yystr; +# endif +{ + register const char *yys = yystr; + + while (*yys++ != '\0') + continue; + + return yys - yystr - 1; +} +# endif +# endif + +# ifndef yystpcpy +# if defined (__GLIBC__) && defined (_STRING_H) && defined (_GNU_SOURCE) +# define yystpcpy stpcpy +# else +/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in + YYDEST. */ +static char * +# if defined (__STDC__) || defined (__cplusplus) +yystpcpy (char *yydest, const char *yysrc) +# else +yystpcpy (yydest, yysrc) + char *yydest; + const char *yysrc; +# endif +{ + register char *yyd = yydest; + register const char *yys = yysrc; + + while ((*yyd++ = *yys++) != '\0') + continue; + + return yyd - 1; +} +# endif +# endif + +#endif /* !YYERROR_VERBOSE */ + + + +#if YYDEBUG +/*--------------------------------. +| Print this symbol on YYOUTPUT. | +`--------------------------------*/ + +#if defined (__STDC__) || defined (__cplusplus) +static void +yysymprint (FILE *yyoutput, int yytype, YYSTYPE *yyvaluep) +#else +static void +yysymprint (yyoutput, yytype, yyvaluep) + FILE *yyoutput; + int yytype; + YYSTYPE *yyvaluep; +#endif +{ + /* Pacify ``unused variable'' warnings. */ + (void) yyvaluep; + + if (yytype < YYNTOKENS) + { + YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); +# ifdef YYPRINT + YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); +# endif + } + else + YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + + switch (yytype) + { + default: + break; + } + YYFPRINTF (yyoutput, ")"); +} + +#endif /* ! YYDEBUG */ +/*-----------------------------------------------. +| Release the memory associated to this symbol. | +`-----------------------------------------------*/ + +#if defined (__STDC__) || defined (__cplusplus) +static void +yydestruct (int yytype, YYSTYPE *yyvaluep) +#else +static void +yydestruct (yytype, yyvaluep) + int yytype; + YYSTYPE *yyvaluep; +#endif +{ + /* Pacify ``unused variable'' warnings. */ + (void) yyvaluep; + + switch (yytype) + { + + default: + break; + } +} + + +/* Prevent warnings from -Wmissing-prototypes. */ + +#ifdef YYPARSE_PARAM +# if defined (__STDC__) || defined (__cplusplus) +int yyparse (void *YYPARSE_PARAM); +# else +int yyparse (); +# endif +#else /* ! YYPARSE_PARAM */ +#if defined (__STDC__) || defined (__cplusplus) +int yyparse (void); +#else +int yyparse (); +#endif +#endif /* ! YYPARSE_PARAM */ + + + +/* The lookahead symbol. */ +int yychar; + +/* The semantic value of the lookahead symbol. */ +YYSTYPE yylval; + +/* Number of syntax errors so far. */ +int yynerrs; + + + +/*----------. +| yyparse. | +`----------*/ + +#ifdef YYPARSE_PARAM +# if defined (__STDC__) || defined (__cplusplus) +int yyparse (void *YYPARSE_PARAM) +# else +int yyparse (YYPARSE_PARAM) + void *YYPARSE_PARAM; +# endif +#else /* ! YYPARSE_PARAM */ +#if defined (__STDC__) || defined (__cplusplus) +int +yyparse (void) +#else +int +yyparse () + +#endif +#endif +{ + + register int yystate; + register int yyn; + int yyresult; + /* Number of tokens to shift before error messages enabled. */ + int yyerrstatus; + /* Lookahead token as an internal (translated) token number. */ + int yytoken = 0; + + /* Three stacks and their tools: + `yyss': related to states, + `yyvs': related to semantic values, + `yyls': related to locations. + + Refer to the stacks thru separate pointers, to allow yyoverflow + to reallocate them elsewhere. */ + + /* The state stack. */ + short int yyssa[YYINITDEPTH]; + short int *yyss = yyssa; + register short int *yyssp; + + /* The semantic value stack. */ + YYSTYPE yyvsa[YYINITDEPTH]; + YYSTYPE *yyvs = yyvsa; + register YYSTYPE *yyvsp; + + + +#define YYPOPSTACK (yyvsp--, yyssp--) + + YYSIZE_T yystacksize = YYINITDEPTH; + + /* The variables used to return semantic value and location from the + action routines. */ + YYSTYPE yyval; + + + /* When reducing, the number of symbols on the RHS of the reduced + rule. */ + int yylen; + + YYDPRINTF ((stderr, "Starting parse\n")); + + yystate = 0; + yyerrstatus = 0; + yynerrs = 0; + yychar = YYEMPTY; /* Cause a token to be read. */ + + /* Initialize stack pointers. + Waste one element of value and location stack + so that they stay on the same level as the state stack. + The wasted elements are never initialized. */ + + yyssp = yyss; + yyvsp = yyvs; + + + goto yysetstate; + +/*------------------------------------------------------------. +| yynewstate -- Push a new state, which is found in yystate. | +`------------------------------------------------------------*/ + yynewstate: + /* In all cases, when you get here, the value and location stacks + have just been pushed. so pushing a state here evens the stacks. + */ + yyssp++; + + yysetstate: + *yyssp = yystate; + + if (yyss + yystacksize - 1 <= yyssp) + { + /* Get the current used size of the three stacks, in elements. */ + YYSIZE_T yysize = yyssp - yyss + 1; + +#ifdef yyoverflow + { + /* Give user a chance to reallocate the stack. Use copies of + these so that the &'s don't force the real ones into + memory. */ + YYSTYPE *yyvs1 = yyvs; + short int *yyss1 = yyss; + + + /* Each stack pointer address is followed by the size of the + data in use in that stack, in bytes. This used to be a + conditional around just the two extra args, but that might + be undefined if yyoverflow is a macro. */ + yyoverflow ("parser stack overflow", + &yyss1, yysize * sizeof (*yyssp), + &yyvs1, yysize * sizeof (*yyvsp), + + &yystacksize); + + yyss = yyss1; + yyvs = yyvs1; + } +#else /* no yyoverflow */ +# ifndef YYSTACK_RELOCATE + goto yyoverflowlab; +# else + /* Extend the stack our own way. */ + if (YYMAXDEPTH <= yystacksize) + goto yyoverflowlab; + yystacksize *= 2; + if (YYMAXDEPTH < yystacksize) + yystacksize = YYMAXDEPTH; + + { + short int *yyss1 = yyss; + union yyalloc *yyptr = + (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); + if (! yyptr) + goto yyoverflowlab; + YYSTACK_RELOCATE (yyss); + YYSTACK_RELOCATE (yyvs); + +# undef YYSTACK_RELOCATE + if (yyss1 != yyssa) + YYSTACK_FREE (yyss1); + } +# endif +#endif /* no yyoverflow */ + + yyssp = yyss + yysize - 1; + yyvsp = yyvs + yysize - 1; + + + YYDPRINTF ((stderr, "Stack size increased to %lu\n", + (unsigned long int) yystacksize)); + + if (yyss + yystacksize - 1 <= yyssp) + YYABORT; + } + + YYDPRINTF ((stderr, "Entering state %d\n", yystate)); + + goto yybackup; + +/*-----------. +| yybackup. | +`-----------*/ +yybackup: + +/* Do appropriate processing given the current state. */ +/* Read a lookahead token if we need one and don't already have one. */ +/* yyresume: */ + + /* First try to decide what to do without reference to lookahead token. */ + + yyn = yypact[yystate]; + if (yyn == YYPACT_NINF) + goto yydefault; + + /* Not known => get a lookahead token if don't already have one. */ + + /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ + if (yychar == YYEMPTY) + { + YYDPRINTF ((stderr, "Reading a token: ")); + yychar = YYLEX; + } + + if (yychar <= YYEOF) + { + yychar = yytoken = YYEOF; + YYDPRINTF ((stderr, "Now at end of input.\n")); + } + else + { + yytoken = YYTRANSLATE (yychar); + YYDSYMPRINTF ("Next token is", yytoken, &yylval, &yylloc); + } + + /* If the proper action on seeing token YYTOKEN is to reduce or to + detect an error, take that action. */ + yyn += yytoken; + if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) + goto yydefault; + yyn = yytable[yyn]; + if (yyn <= 0) + { + if (yyn == 0 || yyn == YYTABLE_NINF) + goto yyerrlab; + yyn = -yyn; + goto yyreduce; + } + + if (yyn == YYFINAL) + YYACCEPT; + + /* Shift the lookahead token. */ + YYDPRINTF ((stderr, "Shifting token %s, ", yytname[yytoken])); + + /* Discard the token being shifted unless it is eof. */ + if (yychar != YYEOF) + yychar = YYEMPTY; + + *++yyvsp = yylval; + + + /* Count tokens shifted since error; after three, turn off error + status. */ + if (yyerrstatus) + yyerrstatus--; + + yystate = yyn; + goto yynewstate; + + +/*-----------------------------------------------------------. +| yydefault -- do the default action for the current state. | +`-----------------------------------------------------------*/ +yydefault: + yyn = yydefact[yystate]; + if (yyn == 0) + goto yyerrlab; + goto yyreduce; + + +/*-----------------------------. +| yyreduce -- Do a reduction. | +`-----------------------------*/ +yyreduce: + /* yyn is the number of a rule to reduce with. */ + yylen = yyr2[yyn]; + + /* If YYLEN is nonzero, implement the default value of the action: + `$$ = $1'. + + Otherwise, the following line sets YYVAL to garbage. + This behavior is undocumented and Bison + users should not rely upon it. Assigning to YYVAL + unconditionally makes the parser a bit smaller, and it avoids a + GCC warning that YYVAL may be used uninitialized. */ + yyval = yyvsp[1-yylen]; + + + YY_REDUCE_PRINT (yyn); + switch (yyn) + { + case 6: +#line 73 "parse.y" + { + id_str = yyvsp[0].string; + } + break; + + case 7: +#line 79 "parse.y" + { + base_id = name2number(yyvsp[0].string); + strlcpy(name, yyvsp[0].string, sizeof(name)); + free(yyvsp[0].string); + } + break; + + case 8: +#line 85 "parse.y" + { + base_id = name2number(yyvsp[-1].string); + strlcpy(name, yyvsp[0].string, sizeof(name)); + free(yyvsp[-1].string); + free(yyvsp[0].string); + } + break; + + case 11: +#line 98 "parse.y" + { + number = yyvsp[0].number; + } + break; + + case 12: +#line 102 "parse.y" + { + free(prefix); + asprintf (&prefix, "%s_", yyvsp[0].string); + if (prefix == NULL) + errx(1, "malloc"); + free(yyvsp[0].string); + } + break; + + case 13: +#line 110 "parse.y" + { + prefix = realloc(prefix, 1); + if (prefix == NULL) + errx(1, "malloc"); + *prefix = '\0'; + } + break; + + case 14: +#line 117 "parse.y" + { + struct error_code *ec = malloc(sizeof(*ec)); + + if (ec == NULL) + errx(1, "malloc"); + + ec->next = NULL; + ec->number = number; + if(prefix && *prefix != '\0') { + asprintf (&ec->name, "%s%s", prefix, yyvsp[-2].string); + if (ec->name == NULL) + errx(1, "malloc"); + free(yyvsp[-2].string); + } else + ec->name = yyvsp[-2].string; + ec->string = yyvsp[0].string; + APPEND(codes, ec); + number++; + } + break; + + case 15: +#line 137 "parse.y" + { + YYACCEPT; + } + break; + + + } + +/* Line 1010 of yacc.c. */ +#line 1139 "$base.c" + + yyvsp -= yylen; + yyssp -= yylen; + + + YY_STACK_PRINT (yyss, yyssp); + + *++yyvsp = yyval; + + + /* Now `shift' the result of the reduction. Determine what state + that goes to, based on the state we popped back to and the rule + number reduced by. */ + + yyn = yyr1[yyn]; + + yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; + if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) + yystate = yytable[yystate]; + else + yystate = yydefgoto[yyn - YYNTOKENS]; + + goto yynewstate; + + +/*------------------------------------. +| yyerrlab -- here on detecting error | +`------------------------------------*/ +yyerrlab: + /* If not already recovering from an error, report this error. */ + if (!yyerrstatus) + { + ++yynerrs; +#if YYERROR_VERBOSE + yyn = yypact[yystate]; + + if (YYPACT_NINF < yyn && yyn < YYLAST) + { + YYSIZE_T yysize = 0; + int yytype = YYTRANSLATE (yychar); + const char* yyprefix; + char *yymsg; + int yyx; + + /* Start YYX at -YYN if negative to avoid negative indexes in + YYCHECK. */ + int yyxbegin = yyn < 0 ? -yyn : 0; + + /* Stay within bounds of both yycheck and yytname. */ + int yychecklim = YYLAST - yyn; + int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; + int yycount = 0; + + yyprefix = ", expecting "; + for (yyx = yyxbegin; yyx < yyxend; ++yyx) + if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) + { + yysize += yystrlen (yyprefix) + yystrlen (yytname [yyx]); + yycount += 1; + if (yycount == 5) + { + yysize = 0; + break; + } + } + yysize += (sizeof ("syntax error, unexpected ") + + yystrlen (yytname[yytype])); + yymsg = (char *) YYSTACK_ALLOC (yysize); + if (yymsg != 0) + { + char *yyp = yystpcpy (yymsg, "syntax error, unexpected "); + yyp = yystpcpy (yyp, yytname[yytype]); + + if (yycount < 5) + { + yyprefix = ", expecting "; + for (yyx = yyxbegin; yyx < yyxend; ++yyx) + if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) + { + yyp = yystpcpy (yyp, yyprefix); + yyp = yystpcpy (yyp, yytname[yyx]); + yyprefix = " or "; + } + } + yyerror (yymsg); + YYSTACK_FREE (yymsg); + } + else + yyerror ("syntax error; also virtual memory exhausted"); + } + else +#endif /* YYERROR_VERBOSE */ + yyerror ("syntax error"); + } + + + + if (yyerrstatus == 3) + { + /* If just tried and failed to reuse lookahead token after an + error, discard it. */ + + if (yychar <= YYEOF) + { + /* If at end of input, pop the error token, + then the rest of the stack, then return failure. */ + if (yychar == YYEOF) + for (;;) + { + YYPOPSTACK; + if (yyssp == yyss) + YYABORT; + YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp); + yydestruct (yystos[*yyssp], yyvsp); + } + } + else + { + YYDSYMPRINTF ("Error: discarding", yytoken, &yylval, &yylloc); + yydestruct (yytoken, &yylval); + yychar = YYEMPTY; + + } + } + + /* Else will try to reuse lookahead token after shifting the error + token. */ + goto yyerrlab1; + + +/*---------------------------------------------------. +| yyerrorlab -- error raised explicitly by YYERROR. | +`---------------------------------------------------*/ +yyerrorlab: + +#ifdef __GNUC__ + /* Pacify GCC when the user code never invokes YYERROR and the label + yyerrorlab therefore never appears in user code. */ + if (0) + goto yyerrorlab; +#endif + + yyvsp -= yylen; + yyssp -= yylen; + yystate = *yyssp; + goto yyerrlab1; + + +/*-------------------------------------------------------------. +| yyerrlab1 -- common code for both syntax error and YYERROR. | +`-------------------------------------------------------------*/ +yyerrlab1: + yyerrstatus = 3; /* Each real token shifted decrements this. */ + + for (;;) + { + yyn = yypact[yystate]; + if (yyn != YYPACT_NINF) + { + yyn += YYTERROR; + if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) + { + yyn = yytable[yyn]; + if (0 < yyn) + break; + } + } + + /* Pop the current state because it cannot handle the error token. */ + if (yyssp == yyss) + YYABORT; + + YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp); + yydestruct (yystos[yystate], yyvsp); + YYPOPSTACK; + yystate = *yyssp; + YY_STACK_PRINT (yyss, yyssp); + } + + if (yyn == YYFINAL) + YYACCEPT; + + YYDPRINTF ((stderr, "Shifting error token, ")); + + *++yyvsp = yylval; + + + yystate = yyn; + goto yynewstate; + + +/*-------------------------------------. +| yyacceptlab -- YYACCEPT comes here. | +`-------------------------------------*/ +yyacceptlab: + yyresult = 0; + goto yyreturn; + +/*-----------------------------------. +| yyabortlab -- YYABORT comes here. | +`-----------------------------------*/ +yyabortlab: + yyresult = 1; + goto yyreturn; + +#ifndef yyoverflow +/*----------------------------------------------. +| yyoverflowlab -- parser overflow comes here. | +`----------------------------------------------*/ +yyoverflowlab: + yyerror ("parser stack overflow"); + yyresult = 2; + /* Fall through. */ +#endif + +yyreturn: +#ifndef yyoverflow + if (yyss != yyssa) + YYSTACK_FREE (yyss); +#endif + return yyresult; +} + + +#line 142 "parse.y" + + +static long +name2number(const char *str) +{ + const char *p; + long num = 0; + const char *x = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz0123456789_"; + if(strlen(str) > 4) { + yyerror("table name too long"); + return 0; + } + for(p = str; *p; p++){ + char *q = strchr(x, *p); + if(q == NULL) { + yyerror("invalid character in table name"); + return 0; + } + num = (num << 6) + (q - x) + 1; + } + num <<= 8; + if(num > 0x7fffffff) + num = -(0xffffffff - num + 1); + return num; +} + +void +yyerror (char *s) +{ + error_message ("%s\n", s); +} + diff --git a/source4/heimdal/lib/com_err/parse.h b/source4/heimdal/lib/com_err/parse.h new file mode 100644 index 0000000000..a9ee7c7c9b --- /dev/null +++ b/source4/heimdal/lib/com_err/parse.h @@ -0,0 +1,70 @@ +/* A Bison parser, made by GNU Bison 1.875d. */ + +/* Skeleton parser for Yacc-like parsing with Bison, + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. */ + +/* As a special exception, when this file is copied by Bison into a + Bison output file, you may use that output file without restriction. + This special exception was added by the Free Software Foundation + in version 1.24 of Bison. */ + +/* Tokens. */ +#ifndef YYTOKENTYPE +# define YYTOKENTYPE + /* Put the tokens into the symbol table, so that GDB and other debuggers + know about them. */ + enum yytokentype { + ET = 258, + INDEX = 259, + PREFIX = 260, + EC = 261, + ID = 262, + END = 263, + STRING = 264, + NUMBER = 265 + }; +#endif +#define ET 258 +#define INDEX 259 +#define PREFIX 260 +#define EC 261 +#define ID 262 +#define END 263 +#define STRING 264 +#define NUMBER 265 + + + + +#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) +#line 53 "parse.y" +typedef union YYSTYPE { + char *string; + int number; +} YYSTYPE; +/* Line 1285 of yacc.c. */ +#line 62 "parse.h" +# define yystype YYSTYPE /* obsolescent; will be withdrawn */ +# define YYSTYPE_IS_DECLARED 1 +# define YYSTYPE_IS_TRIVIAL 1 +#endif + +extern YYSTYPE yylval; + + + -- cgit From 8c018ff786952424a2f1c612046eb91d2e42f648 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 11 Jul 2005 03:52:31 +0000 Subject: r8310: replace the heimdal networking interface scanning code with glue code that uses the Samba interfaces list. This makes heimdal obey the 'interfaces=' smb.conf option, and should also fix the portability problems with the heimdal code (This used to be commit ba621d1c554e135f449a144019b84719a086e04f) --- source4/heimdal/lib/krb5/get_addrs.c | 291 -------- source4/heimdal/lib/roken/getifaddrs.c | 1186 -------------------------------- 2 files changed, 1477 deletions(-) delete mode 100644 source4/heimdal/lib/krb5/get_addrs.c delete mode 100644 source4/heimdal/lib/roken/getifaddrs.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/get_addrs.c b/source4/heimdal/lib/krb5/get_addrs.c deleted file mode 100644 index 034516d7d4..0000000000 --- a/source4/heimdal/lib/krb5/get_addrs.c +++ /dev/null @@ -1,291 +0,0 @@ -/* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5_locl.h" - -RCSID("$Id: get_addrs.c,v 1.46 2004/05/25 21:26:05 lha Exp $"); - -#ifdef __osf__ -/* hate */ -struct rtentry; -struct mbuf; -#endif -#ifdef HAVE_NET_IF_H -#include -#endif -#include - -static krb5_error_code -gethostname_fallback (krb5_context context, krb5_addresses *res) -{ - krb5_error_code ret; - char hostname[MAXHOSTNAMELEN]; - struct hostent *hostent; - - if (gethostname (hostname, sizeof(hostname))) { - ret = errno; - krb5_set_error_string (context, "gethostname: %s", strerror(ret)); - return ret; - } - hostent = roken_gethostbyname (hostname); - if (hostent == NULL) { - ret = errno; - krb5_set_error_string (context, "gethostbyname %s: %s", - hostname, strerror(ret)); - return ret; - } - res->len = 1; - res->val = malloc (sizeof(*res->val)); - if (res->val == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - res->val[0].addr_type = hostent->h_addrtype; - res->val[0].address.data = NULL; - res->val[0].address.length = 0; - ret = krb5_data_copy (&res->val[0].address, - hostent->h_addr, - hostent->h_length); - if (ret) { - free (res->val); - return ret; - } - return 0; -} - -enum { - LOOP = 1, /* do include loopback interfaces */ - LOOP_IF_NONE = 2, /* include loopback if no other if's */ - EXTRA_ADDRESSES = 4, /* include extra addresses */ - SCAN_INTERFACES = 8 /* scan interfaces for addresses */ -}; - -/* - * Try to figure out the addresses of all configured interfaces with a - * lot of magic ioctls. - */ - -static krb5_error_code -find_all_addresses (krb5_context context, krb5_addresses *res, int flags) -{ - struct sockaddr sa_zero; - struct ifaddrs *ifa0, *ifa; - krb5_error_code ret = ENXIO; - int num, idx; - krb5_addresses ignore_addresses; - - res->val = NULL; - - if (getifaddrs(&ifa0) == -1) { - ret = errno; - krb5_set_error_string(context, "getifaddrs: %s", strerror(ret)); - return (ret); - } - - memset(&sa_zero, 0, sizeof(sa_zero)); - - /* First, count all the ifaddrs. */ - for (ifa = ifa0, num = 0; ifa != NULL; ifa = ifa->ifa_next, num++) - /* nothing */; - - if (num == 0) { - freeifaddrs(ifa0); - krb5_set_error_string(context, "no addresses found"); - return (ENXIO); - } - - if (flags & EXTRA_ADDRESSES) { - /* we'll remove the addresses we don't care about */ - ret = krb5_get_ignore_addresses(context, &ignore_addresses); - if(ret) - return ret; - } - - /* Allocate storage for them. */ - res->val = calloc(num, sizeof(*res->val)); - if (res->val == NULL) { - krb5_free_addresses(context, &ignore_addresses); - freeifaddrs(ifa0); - krb5_set_error_string (context, "malloc: out of memory"); - return (ENOMEM); - } - - /* Now traverse the list. */ - for (ifa = ifa0, idx = 0; ifa != NULL; ifa = ifa->ifa_next) { - if ((ifa->ifa_flags & IFF_UP) == 0) - continue; - if (ifa->ifa_addr == NULL) - continue; - if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0) - continue; - if (krb5_sockaddr_uninteresting(ifa->ifa_addr)) - continue; - if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) { - /* We'll deal with the LOOP_IF_NONE case later. */ - if ((flags & LOOP) == 0) - continue; - } - - ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]); - if (ret) { - /* - * The most likely error here is going to be "Program - * lacks support for address type". This is no big - * deal -- just continue, and we'll listen on the - * addresses who's type we *do* support. - */ - continue; - } - /* possibly skip this address? */ - if((flags & EXTRA_ADDRESSES) && - krb5_address_search(context, &res->val[idx], &ignore_addresses)) { - krb5_free_address(context, &res->val[idx]); - flags &= ~LOOP_IF_NONE; /* we actually found an address, - so don't add any loop-back - addresses */ - continue; - } - - idx++; - } - - /* - * If no addresses were found, and LOOP_IF_NONE is set, then find - * the loopback addresses and add them to our list. - */ - if ((flags & LOOP_IF_NONE) != 0 && idx == 0) { - for (ifa = ifa0; ifa != NULL; ifa = ifa->ifa_next) { - if ((ifa->ifa_flags & IFF_UP) == 0) - continue; - if (ifa->ifa_addr == NULL) - continue; - if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0) - continue; - if (krb5_sockaddr_uninteresting(ifa->ifa_addr)) - continue; - - if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) { - ret = krb5_sockaddr2address(context, - ifa->ifa_addr, &res->val[idx]); - if (ret) { - /* - * See comment above. - */ - continue; - } - if((flags & EXTRA_ADDRESSES) && - krb5_address_search(context, &res->val[idx], - &ignore_addresses)) { - krb5_free_address(context, &res->val[idx]); - continue; - } - idx++; - } - } - } - - if (flags & EXTRA_ADDRESSES) - krb5_free_addresses(context, &ignore_addresses); - freeifaddrs(ifa0); - if (ret) - free(res->val); - else - res->len = idx; /* Now a count. */ - return (ret); -} - -static krb5_error_code -get_addrs_int (krb5_context context, krb5_addresses *res, int flags) -{ - krb5_error_code ret = -1; - - if (flags & SCAN_INTERFACES) { - ret = find_all_addresses (context, res, flags); - if(ret || res->len == 0) - ret = gethostname_fallback (context, res); - } else { - res->len = 0; - res->val = NULL; - ret = 0; - } - - if(ret == 0 && (flags & EXTRA_ADDRESSES)) { - krb5_addresses a; - /* append user specified addresses */ - ret = krb5_get_extra_addresses(context, &a); - if(ret) { - krb5_free_addresses(context, res); - return ret; - } - ret = krb5_append_addresses(context, res, &a); - if(ret) { - krb5_free_addresses(context, res); - return ret; - } - krb5_free_addresses(context, &a); - } - if(res->len == 0) { - free(res->val); - res->val = NULL; - } - return ret; -} - -/* - * Try to get all addresses, but return the one corresponding to - * `hostname' if we fail. - * - * Only include loopback address if there are no other. - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res) -{ - int flags = LOOP_IF_NONE | EXTRA_ADDRESSES; - - if (context->scan_interfaces) - flags |= SCAN_INTERFACES; - - return get_addrs_int (context, res, flags); -} - -/* - * Try to get all local addresses that a server should listen to. - * If that fails, we return the address corresponding to `hostname'. - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_all_server_addrs (krb5_context context, krb5_addresses *res) -{ - return get_addrs_int (context, res, LOOP | SCAN_INTERFACES); -} diff --git a/source4/heimdal/lib/roken/getifaddrs.c b/source4/heimdal/lib/roken/getifaddrs.c deleted file mode 100644 index 3c97e89810..0000000000 --- a/source4/heimdal/lib/roken/getifaddrs.c +++ /dev/null @@ -1,1186 +0,0 @@ -/* - * Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -RCSID("$Id: getifaddrs.c,v 1.11 2005/04/30 15:45:47 lha Exp $"); -#endif -#include "roken.h" - -#ifdef __osf__ -/* hate */ -struct rtentry; -struct mbuf; -#endif -#ifdef HAVE_NET_IF_H -#include -#endif - -#ifdef HAVE_SYS_SOCKIO_H -#include -#endif /* HAVE_SYS_SOCKIO_H */ - -#ifdef HAVE_NETINET_IN6_VAR_H -#include -#endif /* HAVE_NETINET_IN6_VAR_H */ - -#include - -#ifdef AF_NETLINK - -/* - * The linux - AF_NETLINK version of getifaddrs - from Usagi. - * Linux does not return v6 addresses from SIOCGIFCONF. - */ - -/* $USAGI: ifaddrs.c,v 1.18 2002/03/06 01:50:46 yoshfuji Exp $ */ - -/************************************************************************** - * ifaddrs.c - * Copyright (C)2000 Hideaki YOSHIFUJI, All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the author nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "config.h" - -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include /* the L2 protocols */ -#include -#include -#include -#include -#include - -#define __set_errno(e) (errno = (e)) -#define __close(fd) (close(fd)) -#undef ifa_broadaddr -#define ifa_broadaddr ifa_dstaddr -#define IFA_NETMASK - -/* ====================================================================== */ -struct nlmsg_list{ - struct nlmsg_list *nlm_next; - struct nlmsghdr *nlh; - int size; - time_t seq; -}; - -struct rtmaddr_ifamap { - void *address; - void *local; -#ifdef IFA_NETMASK - void *netmask; -#endif - void *broadcast; -#ifdef HAVE_IFADDRS_IFA_ANYCAST - void *anycast; -#endif - int address_len; - int local_len; -#ifdef IFA_NETMASK - int netmask_len; -#endif - int broadcast_len; -#ifdef HAVE_IFADDRS_IFA_ANYCAST - int anycast_len; -#endif -}; - -/* ====================================================================== */ -static size_t -ifa_sa_len(sa_family_t family, int len) -{ - size_t size; - switch(family){ - case AF_INET: - size = sizeof(struct sockaddr_in); - break; - case AF_INET6: - size = sizeof(struct sockaddr_in6); - break; - case AF_PACKET: - size = (size_t)(((struct sockaddr_ll *)NULL)->sll_addr) + len; - if (size < sizeof(struct sockaddr_ll)) - size = sizeof(struct sockaddr_ll); - break; - default: - size = (size_t)(((struct sockaddr *)NULL)->sa_data) + len; - if (size < sizeof(struct sockaddr)) - size = sizeof(struct sockaddr); - break; - } - return size; -} - -static void -ifa_make_sockaddr(sa_family_t family, - struct sockaddr *sa, - void *p, size_t len, - uint32_t scope, uint32_t scopeid) -{ - if (sa == NULL) return; - switch(family){ - case AF_INET: - memcpy(&((struct sockaddr_in*)sa)->sin_addr, (char *)p, len); - break; - case AF_INET6: - memcpy(&((struct sockaddr_in6*)sa)->sin6_addr, (char *)p, len); - if (IN6_IS_ADDR_LINKLOCAL(p) || - IN6_IS_ADDR_MC_LINKLOCAL(p)){ - ((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid; - } - break; - case AF_PACKET: - memcpy(((struct sockaddr_ll*)sa)->sll_addr, (char *)p, len); - ((struct sockaddr_ll*)sa)->sll_halen = len; - break; - default: - memcpy(sa->sa_data, p, len); /*XXX*/ - break; - } - sa->sa_family = family; -#ifdef HAVE_SOCKADDR_SA_LEN - sa->sa_len = ifa_sa_len(family, len); -#endif -} - -#ifndef IFA_NETMASK -static struct sockaddr * -ifa_make_sockaddr_mask(sa_family_t family, - struct sockaddr *sa, - uint32_t prefixlen) -{ - int i; - char *p = NULL, c; - uint32_t max_prefixlen = 0; - - if (sa == NULL) return NULL; - switch(family){ - case AF_INET: - memset(&((struct sockaddr_in*)sa)->sin_addr, 0, sizeof(((struct sockaddr_in*)sa)->sin_addr)); - p = (char *)&((struct sockaddr_in*)sa)->sin_addr; - max_prefixlen = 32; - break; - case AF_INET6: - memset(&((struct sockaddr_in6*)sa)->sin6_addr, 0, sizeof(((struct sockaddr_in6*)sa)->sin6_addr)); - p = (char *)&((struct sockaddr_in6*)sa)->sin6_addr; -#if 0 /* XXX: fill scope-id? */ - if (IN6_IS_ADDR_LINKLOCAL(p) || - IN6_IS_ADDR_MC_LINKLOCAL(p)){ - ((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid; - } -#endif - max_prefixlen = 128; - break; - default: - return NULL; - } - sa->sa_family = family; -#ifdef HAVE_SOCKADDR_SA_LEN - sa->sa_len = ifa_sa_len(family, len); -#endif - if (p){ - if (prefixlen > max_prefixlen) - prefixlen = max_prefixlen; - for (i=0; i<(prefixlen / 8); i++) - *p++ = 0xff; - c = 0xff; - c <<= (8 - (prefixlen % 8)); - *p = c; - } - return sa; -} -#endif - -/* ====================================================================== */ -static int -nl_sendreq(int sd, int request, int flags, int *seq) -{ - char reqbuf[NLMSG_ALIGN(sizeof(struct nlmsghdr)) + - NLMSG_ALIGN(sizeof(struct rtgenmsg))]; - struct sockaddr_nl nladdr; - struct nlmsghdr *req_hdr; - struct rtgenmsg *req_msg; - time_t t = time(NULL); - - if (seq) *seq = t; - memset(&reqbuf, 0, sizeof(reqbuf)); - req_hdr = (struct nlmsghdr *)reqbuf; - req_msg = (struct rtgenmsg *)NLMSG_DATA(req_hdr); - req_hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*req_msg)); - req_hdr->nlmsg_type = request; - req_hdr->nlmsg_flags = flags | NLM_F_REQUEST; - req_hdr->nlmsg_pid = 0; - req_hdr->nlmsg_seq = t; - req_msg->rtgen_family = AF_UNSPEC; - memset(&nladdr, 0, sizeof(nladdr)); - nladdr.nl_family = AF_NETLINK; - return (sendto(sd, (void *)req_hdr, req_hdr->nlmsg_len, 0, - (struct sockaddr *)&nladdr, sizeof(nladdr))); -} - -static int -nl_recvmsg(int sd, int request, int seq, - void *buf, size_t buflen, - int *flags) -{ - struct msghdr msg; - struct iovec iov = { buf, buflen }; - struct sockaddr_nl nladdr; - int read_len; - - for (;;){ - msg.msg_name = (void *)&nladdr; - msg.msg_namelen = sizeof(nladdr); - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - msg.msg_control = NULL; - msg.msg_controllen = 0; - msg.msg_flags = 0; - read_len = recvmsg(sd, &msg, 0); - if ((read_len < 0 && errno == EINTR) || (msg.msg_flags & MSG_TRUNC)) - continue; - if (flags) *flags = msg.msg_flags; - break; - } - return read_len; -} - -static int -nl_getmsg(int sd, int request, int seq, - struct nlmsghdr **nlhp, - int *done) -{ - struct nlmsghdr *nh; - size_t bufsize = 65536, lastbufsize = 0; - void *buff = NULL; - int result = 0, read_size; - int msg_flags; - pid_t pid = getpid(); - for (;;){ - void *newbuff = realloc(buff, bufsize); - if (newbuff == NULL || bufsize < lastbufsize) { - result = -1; - break; - } - buff = newbuff; - result = read_size = nl_recvmsg(sd, request, seq, buff, bufsize, &msg_flags); - if (read_size < 0 || (msg_flags & MSG_TRUNC)){ - lastbufsize = bufsize; - bufsize *= 2; - continue; - } - if (read_size == 0) break; - nh = (struct nlmsghdr *)buff; - for (nh = (struct nlmsghdr *)buff; - NLMSG_OK(nh, read_size); - nh = (struct nlmsghdr *)NLMSG_NEXT(nh, read_size)){ - if (nh->nlmsg_pid != pid || - nh->nlmsg_seq != seq) - continue; - if (nh->nlmsg_type == NLMSG_DONE){ - (*done)++; - break; /* ok */ - } - if (nh->nlmsg_type == NLMSG_ERROR){ - struct nlmsgerr *nlerr = (struct nlmsgerr *)NLMSG_DATA(nh); - result = -1; - if (nh->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr))) - __set_errno(EIO); - else - __set_errno(-nlerr->error); - break; - } - } - break; - } - if (result < 0) - if (buff){ - int saved_errno = errno; - free(buff); - __set_errno(saved_errno); - } - *nlhp = (struct nlmsghdr *)buff; - return result; -} - -static int -nl_getlist(int sd, int seq, - int request, - struct nlmsg_list **nlm_list, - struct nlmsg_list **nlm_end) -{ - struct nlmsghdr *nlh = NULL; - int status; - int done = 0; - - status = nl_sendreq(sd, request, NLM_F_ROOT|NLM_F_MATCH, &seq); - if (status < 0) - return status; - if (seq == 0) - seq = (int)time(NULL); - while(!done){ - status = nl_getmsg(sd, request, seq, &nlh, &done); - if (status < 0) - return status; - if (nlh){ - struct nlmsg_list *nlm_next = (struct nlmsg_list *)malloc(sizeof(struct nlmsg_list)); - if (nlm_next == NULL){ - int saved_errno = errno; - free(nlh); - __set_errno(saved_errno); - status = -1; - } else { - nlm_next->nlm_next = NULL; - nlm_next->nlh = (struct nlmsghdr *)nlh; - nlm_next->size = status; - nlm_next->seq = seq; - if (*nlm_list == NULL){ - *nlm_list = nlm_next; - *nlm_end = nlm_next; - } else { - (*nlm_end)->nlm_next = nlm_next; - *nlm_end = nlm_next; - } - } - } - } - return status >= 0 ? seq : status; -} - -/* ---------------------------------------------------------------------- */ -static void -free_nlmsglist(struct nlmsg_list *nlm0) -{ - struct nlmsg_list *nlm; - int saved_errno; - if (!nlm0) - return; - saved_errno = errno; - for (nlm=nlm0; nlm; nlm=nlm->nlm_next){ - if (nlm->nlh) - free(nlm->nlh); - } - free(nlm0); - __set_errno(saved_errno); -} - -static void -free_data(void *data, void *ifdata) -{ - int saved_errno = errno; - if (data != NULL) free(data); - if (ifdata != NULL) free(ifdata); - __set_errno(saved_errno); -} - -/* ---------------------------------------------------------------------- */ -static void -nl_close(int sd) -{ - int saved_errno = errno; - if (sd >= 0) __close(sd); - __set_errno(saved_errno); -} - -/* ---------------------------------------------------------------------- */ -static int -nl_open(void) -{ - struct sockaddr_nl nladdr; - int sd; - - sd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); - if (sd < 0) return -1; - memset(&nladdr, 0, sizeof(nladdr)); - nladdr.nl_family = AF_NETLINK; - if (bind(sd, (struct sockaddr*)&nladdr, sizeof(nladdr)) < 0){ - nl_close(sd); - return -1; - } - return sd; -} - -/* ====================================================================== */ -int ROKEN_LIB_FUNCTION -getifaddrs(struct ifaddrs **ifap) -{ - int sd; - struct nlmsg_list *nlmsg_list, *nlmsg_end, *nlm; - /* - - - - - - - - - - - - - - - */ - int icnt; - size_t dlen, xlen, nlen; - uint32_t max_ifindex = 0; - - pid_t pid = getpid(); - int seq; - int result; - int build ; /* 0 or 1 */ - -/* ---------------------------------- */ - /* initialize */ - icnt = dlen = xlen = nlen = 0; - nlmsg_list = nlmsg_end = NULL; - - if (ifap) - *ifap = NULL; - -/* ---------------------------------- */ - /* open socket and bind */ - sd = nl_open(); - if (sd < 0) - return -1; - -/* ---------------------------------- */ - /* gather info */ - if ((seq = nl_getlist(sd, 0, RTM_GETLINK, - &nlmsg_list, &nlmsg_end)) < 0){ - free_nlmsglist(nlmsg_list); - nl_close(sd); - return -1; - } - if ((seq = nl_getlist(sd, seq+1, RTM_GETADDR, - &nlmsg_list, &nlmsg_end)) < 0){ - free_nlmsglist(nlmsg_list); - nl_close(sd); - return -1; - } - -/* ---------------------------------- */ - /* Estimate size of result buffer and fill it */ - for (build=0; build<=1; build++){ - struct ifaddrs *ifl = NULL, *ifa = NULL; - struct nlmsghdr *nlh, *nlh0; - char *data = NULL, *xdata = NULL; - void *ifdata = NULL; - char *ifname = NULL, **iflist = NULL; - uint16_t *ifflist = NULL; - struct rtmaddr_ifamap ifamap; - - if (build){ - data = calloc(1, - NLMSG_ALIGN(sizeof(struct ifaddrs[icnt])) - + dlen + xlen + nlen); - ifa = (struct ifaddrs *)data; - ifdata = calloc(1, - NLMSG_ALIGN(sizeof(char *[max_ifindex+1])) - + NLMSG_ALIGN(sizeof(uint16_t [max_ifindex+1]))); - if (ifap != NULL) - *ifap = (ifdata != NULL) ? ifa : NULL; - else{ - free_data(data, ifdata); - result = 0; - break; - } - if (data == NULL || ifdata == NULL){ - free_data(data, ifdata); - result = -1; - break; - } - ifl = NULL; - data += NLMSG_ALIGN(sizeof(struct ifaddrs)) * icnt; - xdata = data + dlen; - ifname = xdata + xlen; - iflist = ifdata; - ifflist = (uint16_t *)(((char *)iflist) + NLMSG_ALIGN(sizeof(char *[max_ifindex+1]))); - } - - for (nlm=nlmsg_list; nlm; nlm=nlm->nlm_next){ - int nlmlen = nlm->size; - if (!(nlh0 = nlm->nlh)) - continue; - for (nlh = nlh0; - NLMSG_OK(nlh, nlmlen); - nlh=NLMSG_NEXT(nlh,nlmlen)){ - struct ifinfomsg *ifim = NULL; - struct ifaddrmsg *ifam = NULL; - struct rtattr *rta; - - size_t nlm_struct_size = 0; - sa_family_t nlm_family = 0; - uint32_t nlm_scope = 0, nlm_index = 0; - size_t sockaddr_size = 0; - uint32_t nlm_prefixlen = 0; - size_t rtasize; - - memset(&ifamap, 0, sizeof(ifamap)); - - /* check if the message is what we want */ - if (nlh->nlmsg_pid != pid || - nlh->nlmsg_seq != nlm->seq) - continue; - if (nlh->nlmsg_type == NLMSG_DONE){ - break; /* ok */ - } - switch (nlh->nlmsg_type){ - case RTM_NEWLINK: - ifim = (struct ifinfomsg *)NLMSG_DATA(nlh); - nlm_struct_size = sizeof(*ifim); - nlm_family = ifim->ifi_family; - nlm_scope = 0; - nlm_index = ifim->ifi_index; - nlm_prefixlen = 0; - if (build) - ifflist[nlm_index] = ifa->ifa_flags = ifim->ifi_flags; - break; - case RTM_NEWADDR: - ifam = (struct ifaddrmsg *)NLMSG_DATA(nlh); - nlm_struct_size = sizeof(*ifam); - nlm_family = ifam->ifa_family; - nlm_scope = ifam->ifa_scope; - nlm_index = ifam->ifa_index; - nlm_prefixlen = ifam->ifa_prefixlen; - if (build) - ifa->ifa_flags = ifflist[nlm_index]; - break; - default: - continue; - } - - if (!build){ - if (max_ifindex < nlm_index) - max_ifindex = nlm_index; - } else { - if (ifl != NULL) - ifl->ifa_next = ifa; - } - - rtasize = NLMSG_PAYLOAD(nlh, nlmlen) - NLMSG_ALIGN(nlm_struct_size); - for (rta = (struct rtattr *)(((char *)NLMSG_DATA(nlh)) + NLMSG_ALIGN(nlm_struct_size)); - RTA_OK(rta, rtasize); - rta = RTA_NEXT(rta, rtasize)){ - struct sockaddr **sap = NULL; - void *rtadata = RTA_DATA(rta); - size_t rtapayload = RTA_PAYLOAD(rta); - socklen_t sa_len; - - switch(nlh->nlmsg_type){ - case RTM_NEWLINK: - switch(rta->rta_type){ - case IFLA_ADDRESS: - case IFLA_BROADCAST: - if (build){ - sap = (rta->rta_type == IFLA_ADDRESS) ? &ifa->ifa_addr : &ifa->ifa_broadaddr; - *sap = (struct sockaddr *)data; - } - sa_len = ifa_sa_len(AF_PACKET, rtapayload); - if (rta->rta_type == IFLA_ADDRESS) - sockaddr_size = NLMSG_ALIGN(sa_len); - if (!build){ - dlen += NLMSG_ALIGN(sa_len); - } else { - memset(*sap, 0, sa_len); - ifa_make_sockaddr(AF_PACKET, *sap, rtadata,rtapayload, 0,0); - ((struct sockaddr_ll *)*sap)->sll_ifindex = nlm_index; - ((struct sockaddr_ll *)*sap)->sll_hatype = ifim->ifi_type; - data += NLMSG_ALIGN(sa_len); - } - break; - case IFLA_IFNAME:/* Name of Interface */ - if (!build) - nlen += NLMSG_ALIGN(rtapayload + 1); - else{ - ifa->ifa_name = ifname; - if (iflist[nlm_index] == NULL) - iflist[nlm_index] = ifa->ifa_name; - strncpy(ifa->ifa_name, rtadata, rtapayload); - ifa->ifa_name[rtapayload] = '\0'; - ifname += NLMSG_ALIGN(rtapayload + 1); - } - break; - case IFLA_STATS:/* Statistics of Interface */ - if (!build) - xlen += NLMSG_ALIGN(rtapayload); - else{ - ifa->ifa_data = xdata; - memcpy(ifa->ifa_data, rtadata, rtapayload); - xdata += NLMSG_ALIGN(rtapayload); - } - break; - case IFLA_UNSPEC: - break; - case IFLA_MTU: - break; - case IFLA_LINK: - break; - case IFLA_QDISC: - break; - default: - break; - } - break; - case RTM_NEWADDR: - if (nlm_family == AF_PACKET) break; - switch(rta->rta_type){ - case IFA_ADDRESS: - ifamap.address = rtadata; - ifamap.address_len = rtapayload; - break; - case IFA_LOCAL: - ifamap.local = rtadata; - ifamap.local_len = rtapayload; - break; - case IFA_BROADCAST: - ifamap.broadcast = rtadata; - ifamap.broadcast_len = rtapayload; - break; -#ifdef HAVE_IFADDRS_IFA_ANYCAST - case IFA_ANYCAST: - ifamap.anycast = rtadata; - ifamap.anycast_len = rtapayload; - break; -#endif - case IFA_LABEL: - if (!build) - nlen += NLMSG_ALIGN(rtapayload + 1); - else{ - ifa->ifa_name = ifname; - if (iflist[nlm_index] == NULL) - iflist[nlm_index] = ifname; - strncpy(ifa->ifa_name, rtadata, rtapayload); - ifa->ifa_name[rtapayload] = '\0'; - ifname += NLMSG_ALIGN(rtapayload + 1); - } - break; - case IFA_UNSPEC: - break; - case IFA_CACHEINFO: - break; - default: - break; - } - } - } - if (nlh->nlmsg_type == RTM_NEWADDR && - nlm_family != AF_PACKET) { - if (!ifamap.local) { - ifamap.local = ifamap.address; - ifamap.local_len = ifamap.address_len; - } - if (!ifamap.address) { - ifamap.address = ifamap.local; - ifamap.address_len = ifamap.local_len; - } - if (ifamap.address_len != ifamap.local_len || - (ifamap.address != NULL && - memcmp(ifamap.address, ifamap.local, ifamap.address_len))) { - /* p2p; address is peer and local is ours */ - ifamap.broadcast = ifamap.address; - ifamap.broadcast_len = ifamap.address_len; - ifamap.address = ifamap.local; - ifamap.address_len = ifamap.local_len; - } - if (ifamap.address) { -#ifndef IFA_NETMASK - sockaddr_size = NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len)); -#endif - if (!build) - dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len)); - else { - ifa->ifa_addr = (struct sockaddr *)data; - ifa_make_sockaddr(nlm_family, ifa->ifa_addr, ifamap.address, ifamap.address_len, - nlm_scope, nlm_index); - data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.address_len)); - } - } -#ifdef IFA_NETMASK - if (ifamap.netmask) { - if (!build) - dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.netmask_len)); - else { - ifa->ifa_netmask = (struct sockaddr *)data; - ifa_make_sockaddr(nlm_family, ifa->ifa_netmask, ifamap.netmask, ifamap.netmask_len, - nlm_scope, nlm_index); - data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.netmask_len)); - } - } -#endif - if (ifamap.broadcast) { - if (!build) - dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.broadcast_len)); - else { - ifa->ifa_broadaddr = (struct sockaddr *)data; - ifa_make_sockaddr(nlm_family, ifa->ifa_broadaddr, ifamap.broadcast, ifamap.broadcast_len, - nlm_scope, nlm_index); - data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.broadcast_len)); - } - } -#ifdef HAVE_IFADDRS_IFA_ANYCAST - if (ifamap.anycast) { - if (!build) - dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.anycast_len)); - else { - ifa->ifa_anycast = (struct sockaddr *)data; - ifa_make_sockaddr(nlm_family, ifa->ifa_anyaddr, ifamap.anycast, ifamap.anycast_len, - nlm_scope, nlm_index); - data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.anycast_len)); - } - } -#endif - } - if (!build){ -#ifndef IFA_NETMASK - dlen += sockaddr_size; -#endif - icnt++; - } else { - if (ifa->ifa_name == NULL) - ifa->ifa_name = iflist[nlm_index]; -#ifndef IFA_NETMASK - if (ifa->ifa_addr && - ifa->ifa_addr->sa_family != AF_UNSPEC && - ifa->ifa_addr->sa_family != AF_PACKET){ - ifa->ifa_netmask = (struct sockaddr *)data; - ifa_make_sockaddr_mask(ifa->ifa_addr->sa_family, ifa->ifa_netmask, nlm_prefixlen); - } - data += sockaddr_size; -#endif - ifl = ifa++; - } - } - } - if (!build){ - if (icnt == 0 && (dlen + nlen + xlen == 0)){ - if (ifap != NULL) - *ifap = NULL; - break; /* cannot found any addresses */ - } - } - else - free_data(NULL, ifdata); - } - -/* ---------------------------------- */ - /* Finalize */ - free_nlmsglist(nlmsg_list); - nl_close(sd); - return 0; -} - -/* ---------------------------------------------------------------------- */ -void ROKEN_LIB_FUNCTION -freeifaddrs(struct ifaddrs *ifa) -{ - free(ifa); -} - - -#else /* !AF_NETLINK */ - -/* - * The generic SIOCGIFCONF version. - */ - -static int -getifaddrs2(struct ifaddrs **ifap, - int af, int siocgifconf, int siocgifflags, - size_t ifreq_sz) -{ - int ret; - int fd; - size_t buf_size; - char *buf; - struct ifconf ifconf; - char *p; - size_t sz; - struct sockaddr sa_zero; - struct ifreq *ifr; - struct ifaddrs *start = NULL, **end = &start; - - buf = NULL; - - memset (&sa_zero, 0, sizeof(sa_zero)); - fd = socket(af, SOCK_DGRAM, 0); - if (fd < 0) - return -1; - - buf_size = 8192; - for (;;) { - buf = calloc(1, buf_size); - if (buf == NULL) { - ret = ENOMEM; - goto error_out; - } - ifconf.ifc_len = buf_size; - ifconf.ifc_buf = buf; - - /* - * Solaris returns EINVAL when the buffer is too small. - */ - if (ioctl (fd, siocgifconf, &ifconf) < 0 && errno != EINVAL) { - ret = errno; - goto error_out; - } - /* - * Can the difference between a full and a overfull buf - * be determined? - */ - - if (ifconf.ifc_len < buf_size) - break; - free (buf); - buf_size *= 2; - } - - for (p = ifconf.ifc_buf; - p < ifconf.ifc_buf + ifconf.ifc_len; - p += sz) { - struct ifreq ifreq; - struct sockaddr *sa; - size_t salen; - - ifr = (struct ifreq *)p; - sa = &ifr->ifr_addr; - - sz = ifreq_sz; - salen = sizeof(struct sockaddr); -#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN - salen = sa->sa_len; - sz = max(sz, sizeof(ifr->ifr_name) + sa->sa_len); -#endif -#ifdef SA_LEN - salen = SA_LEN(sa); - sz = max(sz, sizeof(ifr->ifr_name) + SA_LEN(sa)); -#endif - memset (&ifreq, 0, sizeof(ifreq)); - memcpy (ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name)); - - if (ioctl(fd, siocgifflags, &ifreq) < 0) { - ret = errno; - goto error_out; - } - - *end = malloc(sizeof(**end)); - if (*end == NULL) { - ret = ENOMEM; - goto error_out; - } - - (*end)->ifa_next = NULL; - (*end)->ifa_name = strdup(ifr->ifr_name); - (*end)->ifa_flags = ifreq.ifr_flags; - (*end)->ifa_addr = malloc(salen); - memcpy((*end)->ifa_addr, sa, salen); - (*end)->ifa_netmask = NULL; - -#if 0 - /* fix these when we actually need them */ - if(ifreq.ifr_flags & IFF_BROADCAST) { - (*end)->ifa_broadaddr = malloc(sizeof(ifr->ifr_broadaddr)); - memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr, - sizeof(ifr->ifr_broadaddr)); - } else if(ifreq.ifr_flags & IFF_POINTOPOINT) { - (*end)->ifa_dstaddr = malloc(sizeof(ifr->ifr_dstaddr)); - memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr, - sizeof(ifr->ifr_dstaddr)); - } else - (*end)->ifa_dstaddr = NULL; -#else - (*end)->ifa_dstaddr = NULL; -#endif - - (*end)->ifa_data = NULL; - - end = &(*end)->ifa_next; - - } - *ifap = start; - close(fd); - free(buf); - return 0; - error_out: - freeifaddrs(start); - close(fd); - free(buf); - errno = ret; - return -1; -} - -#if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) -static int -getlifaddrs2(struct ifaddrs **ifap, - int af, int siocgifconf, int siocgifflags, - size_t ifreq_sz) -{ - int ret; - int fd; - size_t buf_size; - char *buf; - struct lifconf ifconf; - char *p; - size_t sz; - struct sockaddr sa_zero; - struct lifreq *ifr; - struct ifaddrs *start = NULL, **end = &start; - - buf = NULL; - - memset (&sa_zero, 0, sizeof(sa_zero)); - fd = socket(af, SOCK_DGRAM, 0); - if (fd < 0) - return -1; - - buf_size = 8192; - for (;;) { - buf = calloc(1, buf_size); - if (buf == NULL) { - ret = ENOMEM; - goto error_out; - } - ifconf.lifc_family = AF_UNSPEC; - ifconf.lifc_flags = 0; - ifconf.lifc_len = buf_size; - ifconf.lifc_buf = buf; - - /* - * Solaris returns EINVAL when the buffer is too small. - */ - if (ioctl (fd, siocgifconf, &ifconf) < 0 && errno != EINVAL) { - ret = errno; - goto error_out; - } - /* - * Can the difference between a full and a overfull buf - * be determined? - */ - - if (ifconf.lifc_len < buf_size) - break; - free (buf); - buf_size *= 2; - } - - for (p = ifconf.lifc_buf; - p < ifconf.lifc_buf + ifconf.lifc_len; - p += sz) { - struct lifreq ifreq; - struct sockaddr_storage *sa; - size_t salen; - - ifr = (struct lifreq *)p; - sa = &ifr->lifr_addr; - - sz = ifreq_sz; - salen = sizeof(struct sockaddr_storage); -#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN - salen = sa->sa_len; - sz = max(sz, sizeof(ifr->ifr_name) + sa->sa_len); -#endif -#ifdef SA_LEN - salen = SA_LEN(sa); - sz = max(sz, sizeof(ifr->ifr_name) + SA_LEN(sa)); -#endif - memset (&ifreq, 0, sizeof(ifreq)); - memcpy (ifreq.lifr_name, ifr->lifr_name, sizeof(ifr->lifr_name)); - - if (ioctl(fd, siocgifflags, &ifreq) < 0) { - ret = errno; - goto error_out; - } - - *end = malloc(sizeof(**end)); - - (*end)->ifa_next = NULL; - (*end)->ifa_name = strdup(ifr->lifr_name); - (*end)->ifa_flags = ifreq.lifr_flags; - (*end)->ifa_addr = malloc(salen); - memcpy((*end)->ifa_addr, sa, salen); - (*end)->ifa_netmask = NULL; - -#if 0 - /* fix these when we actually need them */ - if(ifreq.ifr_flags & IFF_BROADCAST) { - (*end)->ifa_broadaddr = malloc(sizeof(ifr->ifr_broadaddr)); - memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr, - sizeof(ifr->ifr_broadaddr)); - } else if(ifreq.ifr_flags & IFF_POINTOPOINT) { - (*end)->ifa_dstaddr = malloc(sizeof(ifr->ifr_dstaddr)); - memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr, - sizeof(ifr->ifr_dstaddr)); - } else - (*end)->ifa_dstaddr = NULL; -#else - (*end)->ifa_dstaddr = NULL; -#endif - - (*end)->ifa_data = NULL; - - end = &(*end)->ifa_next; - - } - *ifap = start; - close(fd); - free(buf); - return 0; - error_out: - freeifaddrs(start); - close(fd); - free(buf); - errno = ret; - return -1; -} -#endif /* defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) */ - -int ROKEN_LIB_FUNCTION -getifaddrs(struct ifaddrs **ifap) -{ - int ret = -1; - errno = ENXIO; -#if defined(AF_INET6) && defined(SIOCGIF6CONF) && defined(SIOCGIF6FLAGS) - if (ret) - ret = getifaddrs2 (ifap, AF_INET6, SIOCGIF6CONF, SIOCGIF6FLAGS, - sizeof(struct in6_ifreq)); -#endif -#if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) - if (ret) - ret = getlifaddrs2 (ifap, AF_INET6, SIOCGLIFCONF, SIOCGLIFFLAGS, - sizeof(struct lifreq)); -#endif -#if defined(HAVE_IPV6) && defined(SIOCGIFCONF) - if (ret) - ret = getifaddrs2 (ifap, AF_INET6, SIOCGIFCONF, SIOCGIFFLAGS, - sizeof(struct ifreq)); -#endif -#if defined(AF_INET) && defined(SIOCGIFCONF) && defined(SIOCGIFFLAGS) - if (ret) - ret = getifaddrs2 (ifap, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS, - sizeof(struct ifreq)); -#endif - return ret; -} - -void ROKEN_LIB_FUNCTION -freeifaddrs(struct ifaddrs *ifp) -{ - struct ifaddrs *p, *q; - - for(p = ifp; p; ) { - free(p->ifa_name); - if(p->ifa_addr) - free(p->ifa_addr); - if(p->ifa_dstaddr) - free(p->ifa_dstaddr); - if(p->ifa_netmask) - free(p->ifa_netmask); - if(p->ifa_data) - free(p->ifa_data); - q = p; - p = p->ifa_next; - free(q); - } -} - -#endif /* !AF_NETLINK */ - -#ifdef TEST - -void -print_addr(const char *s, struct sockaddr *sa) -{ - int i; - printf(" %s=%d/", s, sa->sa_family); -#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN - for(i = 0; i < sa->sa_len - ((long)sa->sa_data - (long)&sa->sa_family); i++) - printf("%02x", ((unsigned char*)sa->sa_data)[i]); -#else - for(i = 0; i < sizeof(sa->sa_data); i++) - printf("%02x", ((unsigned char*)sa->sa_data)[i]); -#endif - printf("\n"); -} - -void -print_ifaddrs(struct ifaddrs *x) -{ - struct ifaddrs *p; - - for(p = x; p; p = p->ifa_next) { - printf("%s\n", p->ifa_name); - printf(" flags=%x\n", p->ifa_flags); - if(p->ifa_addr) - print_addr("addr", p->ifa_addr); - if(p->ifa_dstaddr) - print_addr("dstaddr", p->ifa_dstaddr); - if(p->ifa_netmask) - print_addr("netmask", p->ifa_netmask); - printf(" %p\n", p->ifa_data); - } -} - -int -main() -{ - struct ifaddrs *a = NULL, *b; - getifaddrs2(&a, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS, sizeof(struct ifreq)); - print_ifaddrs(a); - printf("---\n"); - getifaddrs(&b); - print_ifaddrs(b); - return 0; -} -#endif -- cgit From 2ea372afd98b133144ad897250bd89d2c2855b16 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 13 Jul 2005 11:17:32 +0000 Subject: r8420: slowly getting my way through some more heimdal portability fixes (This used to be commit 59c3de6ca8b8e153e5cfd67da5f2afc2e23d36db) --- source4/heimdal/lib/roken/err.hin | 88 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 source4/heimdal/lib/roken/err.hin (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/roken/err.hin b/source4/heimdal/lib/roken/err.hin new file mode 100644 index 0000000000..fcae879279 --- /dev/null +++ b/source4/heimdal/lib/roken/err.hin @@ -0,0 +1,88 @@ +/* + * Copyright (c) 1995 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: err.hin,v 1.18 2005/04/12 11:28:38 lha Exp $ */ + +#ifndef __ERR_H__ +#define __ERR_H__ + +#include +#include +#include +#include +#include + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION _stdcall +#else +#define ROKEN_LIB_FUNCTION +#endif +#endif + +void ROKEN_LIB_FUNCTION +verr(int eval, const char *fmt, va_list ap) + __attribute__ ((noreturn, format (printf, 2, 0))); + +void ROKEN_LIB_FUNCTION +err(int eval, const char *fmt, ...) + __attribute__ ((noreturn, format (printf, 2, 3))); + +void ROKEN_LIB_FUNCTION +verrx(int eval, const char *fmt, va_list ap) + __attribute__ ((noreturn, format (printf, 2, 0))); + +void ROKEN_LIB_FUNCTION +errx(int eval, const char *fmt, ...) + __attribute__ ((noreturn, format (printf, 2, 3))); +void ROKEN_LIB_FUNCTION +vwarn(const char *fmt, va_list ap) + __attribute__ ((format (printf, 1, 0))); + +void ROKEN_LIB_FUNCTION +warn(const char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); + +void ROKEN_LIB_FUNCTION +vwarnx(const char *fmt, va_list ap) + __attribute__ ((format (printf, 1, 0))); + +void ROKEN_LIB_FUNCTION +warnx(const char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); + +#endif /* __ERR_H__ */ -- cgit From d0e3452a6105a33f8dd3e0dbf208eb4ea5567f30 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 14 Jul 2005 12:34:52 +0000 Subject: r8463: more irix fixes. This one adds some missing addrinfo functions (This used to be commit 87f7098ee3a24be202b6aaa1ab2a4e44b7b89975) --- source4/heimdal/lib/roken/freeaddrinfo.c | 57 +++++ source4/heimdal/lib/roken/gai_strerror.c | 77 ++++++ source4/heimdal/lib/roken/getaddrinfo.c | 417 +++++++++++++++++++++++++++++++ 3 files changed, 551 insertions(+) create mode 100644 source4/heimdal/lib/roken/freeaddrinfo.c create mode 100644 source4/heimdal/lib/roken/gai_strerror.c create mode 100644 source4/heimdal/lib/roken/getaddrinfo.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/roken/freeaddrinfo.c b/source4/heimdal/lib/roken/freeaddrinfo.c new file mode 100644 index 0000000000..6311aa29d8 --- /dev/null +++ b/source4/heimdal/lib/roken/freeaddrinfo.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: freeaddrinfo.c,v 1.5 2005/04/12 11:28:41 lha Exp $"); +#endif + +#include "roken.h" + +/* + * free the list of `struct addrinfo' starting at `ai' + */ + +void ROKEN_LIB_FUNCTION +freeaddrinfo(struct addrinfo *ai) +{ + struct addrinfo *tofree; + + while(ai != NULL) { + free (ai->ai_canonname); + free (ai->ai_addr); + tofree = ai; + ai = ai->ai_next; + free (tofree); + } +} diff --git a/source4/heimdal/lib/roken/gai_strerror.c b/source4/heimdal/lib/roken/gai_strerror.c new file mode 100644 index 0000000000..5c28f58bf4 --- /dev/null +++ b/source4/heimdal/lib/roken/gai_strerror.c @@ -0,0 +1,77 @@ +/* + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: gai_strerror.c,v 1.5 2005/04/12 11:28:42 lha Exp $"); +#endif + +#include "roken.h" + +static struct gai_error { + int code; + char *str; +} errors[] = { +{EAI_NOERROR, "no error"}, +#ifdef EAI_ADDRFAMILY +{EAI_ADDRFAMILY, "address family for nodename not supported"}, +#endif +{EAI_AGAIN, "temporary failure in name resolution"}, +{EAI_BADFLAGS, "invalid value for ai_flags"}, +{EAI_FAIL, "non-recoverable failure in name resolution"}, +{EAI_FAMILY, "ai_family not supported"}, +{EAI_MEMORY, "memory allocation failure"}, +#ifdef EAI_NODATA +{EAI_NODATA, "no address associated with nodename"}, +#endif +{EAI_NONAME, "nodename nor servname provided, or not known"}, +{EAI_SERVICE, "servname not supported for ai_socktype"}, +{EAI_SOCKTYPE, "ai_socktype not supported"}, +{EAI_SYSTEM, "system error returned in errno"}, +{0, NULL}, +}; + +/* + * + */ + +char * ROKEN_LIB_FUNCTION +gai_strerror(int ecode) +{ + struct gai_error *g; + + for (g = errors; g->str != NULL; ++g) + if (g->code == ecode) + return g->str; + return "unknown error code in gai_strerror"; +} diff --git a/source4/heimdal/lib/roken/getaddrinfo.c b/source4/heimdal/lib/roken/getaddrinfo.c new file mode 100644 index 0000000000..b39131de74 --- /dev/null +++ b/source4/heimdal/lib/roken/getaddrinfo.c @@ -0,0 +1,417 @@ +/* + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: getaddrinfo.c,v 1.14 2005/06/16 17:49:29 lha Exp $"); +#endif + +#include "roken.h" + +/* + * uses hints->ai_socktype and hints->ai_protocol + */ + +static int +get_port_protocol_socktype (const char *servname, + const struct addrinfo *hints, + int *port, + int *protocol, + int *socktype) +{ + struct servent *se; + const char *proto_str = NULL; + + *socktype = 0; + + if (hints != NULL && hints->ai_protocol != 0) { + struct protoent *protoent = getprotobynumber (hints->ai_protocol); + + if (protoent == NULL) + return EAI_SOCKTYPE; /* XXX */ + + proto_str = protoent->p_name; + *protocol = protoent->p_proto; + } + + if (hints != NULL) + *socktype = hints->ai_socktype; + + if (*socktype == SOCK_STREAM) { + se = getservbyname (servname, proto_str ? proto_str : "tcp"); + if (proto_str == NULL) + *protocol = IPPROTO_TCP; + } else if (*socktype == SOCK_DGRAM) { + se = getservbyname (servname, proto_str ? proto_str : "udp"); + if (proto_str == NULL) + *protocol = IPPROTO_UDP; + } else if (*socktype == 0) { + if (proto_str != NULL) { + se = getservbyname (servname, proto_str); + } else { + se = getservbyname (servname, "tcp"); + *protocol = IPPROTO_TCP; + *socktype = SOCK_STREAM; + if (se == NULL) { + se = getservbyname (servname, "udp"); + *protocol = IPPROTO_UDP; + *socktype = SOCK_DGRAM; + } + } + } else + return EAI_SOCKTYPE; + + if (se == NULL) { + char *endstr; + + *port = htons(strtol (servname, &endstr, 10)); + if (servname == endstr) + return EAI_NONAME; + } else { + *port = se->s_port; + } + return 0; +} + +static int +add_one (int port, int protocol, int socktype, + struct addrinfo ***ptr, + int (*func)(struct addrinfo *, void *data, int port), + void *data, + char *canonname) +{ + struct addrinfo *a; + int ret; + + a = malloc (sizeof (*a)); + if (a == NULL) + return EAI_MEMORY; + memset (a, 0, sizeof(*a)); + a->ai_flags = 0; + a->ai_next = NULL; + a->ai_protocol = protocol; + a->ai_socktype = socktype; + a->ai_canonname = canonname; + ret = (*func)(a, data, port); + if (ret) { + free (a); + return ret; + } + **ptr = a; + *ptr = &a->ai_next; + return 0; +} + +static int +const_v4 (struct addrinfo *a, void *data, int port) +{ + struct sockaddr_in *sin4; + struct in_addr *addr = (struct in_addr *)data; + + a->ai_family = PF_INET; + a->ai_addrlen = sizeof(*sin4); + a->ai_addr = malloc (sizeof(*sin4)); + if (a->ai_addr == NULL) + return EAI_MEMORY; + sin4 = (struct sockaddr_in *)a->ai_addr; + memset (sin4, 0, sizeof(*sin4)); + sin4->sin_family = AF_INET; + sin4->sin_port = port; + sin4->sin_addr = *addr; + return 0; +} + +#ifdef HAVE_IPV6 +static int +const_v6 (struct addrinfo *a, void *data, int port) +{ + struct sockaddr_in6 *sin6; + struct in6_addr *addr = (struct in6_addr *)data; + + a->ai_family = PF_INET6; + a->ai_addrlen = sizeof(*sin6); + a->ai_addr = malloc (sizeof(*sin6)); + if (a->ai_addr == NULL) + return EAI_MEMORY; + sin6 = (struct sockaddr_in6 *)a->ai_addr; + memset (sin6, 0, sizeof(*sin6)); + sin6->sin6_family = AF_INET6; + sin6->sin6_port = port; + sin6->sin6_addr = *addr; + return 0; +} +#endif + +/* this is mostly a hack for some versions of AIX that has a prototype + for in6addr_loopback but no actual symbol in libc */ +#if defined(HAVE_IPV6) && !defined(HAVE_IN6ADDR_LOOPBACK) && defined(IN6ADDR_LOOPBACK_INIT) +#define in6addr_loopback _roken_in6addr_loopback +struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; +#endif + +static int +get_null (const struct addrinfo *hints, + int port, int protocol, int socktype, + struct addrinfo **res) +{ + struct in_addr v4_addr; +#ifdef HAVE_IPV6 + struct in6_addr v6_addr; +#endif + struct addrinfo *first = NULL; + struct addrinfo **current = &first; + int family = PF_UNSPEC; + int ret; + + if (hints != NULL) + family = hints->ai_family; + + if (hints && hints->ai_flags & AI_PASSIVE) { + v4_addr.s_addr = INADDR_ANY; +#ifdef HAVE_IPV6 + v6_addr = in6addr_any; +#endif + } else { + v4_addr.s_addr = htonl(INADDR_LOOPBACK); +#ifdef HAVE_IPV6 + v6_addr = in6addr_loopback; +#endif + } + +#ifdef HAVE_IPV6 + if (family == PF_INET6 || family == PF_UNSPEC) { + ret = add_one (port, protocol, socktype, + ¤t, const_v6, &v6_addr, NULL); + } +#endif + if (family == PF_INET || family == PF_UNSPEC) { + ret = add_one (port, protocol, socktype, + ¤t, const_v4, &v4_addr, NULL); + } + *res = first; + return 0; +} + +static int +add_hostent (int port, int protocol, int socktype, + struct addrinfo ***current, + int (*func)(struct addrinfo *, void *data, int port), + struct hostent *he, int *flags) +{ + int ret; + char *canonname = NULL; + char **h; + + if (*flags & AI_CANONNAME) { + struct hostent *he2 = NULL; + const char *tmp_canon; + + tmp_canon = hostent_find_fqdn (he); + if (strchr (tmp_canon, '.') == NULL) { + int error; + + he2 = getipnodebyaddr (he->h_addr_list[0], he->h_length, + he->h_addrtype, &error); + if (he2 != NULL) { + const char *tmp = hostent_find_fqdn (he2); + + if (strchr (tmp, '.') != NULL) + tmp_canon = tmp; + } + } + + canonname = strdup (tmp_canon); + if (he2 != NULL) + freehostent (he2); + if (canonname == NULL) + return EAI_MEMORY; + } + + for (h = he->h_addr_list; *h != NULL; ++h) { + ret = add_one (port, protocol, socktype, + current, func, *h, canonname); + if (ret) + return ret; + if (*flags & AI_CANONNAME) { + *flags &= ~AI_CANONNAME; + canonname = NULL; + } + } + return 0; +} + +static int +get_number (const char *nodename, + const struct addrinfo *hints, + int port, int protocol, int socktype, + struct addrinfo **res) +{ + struct addrinfo *first = NULL; + struct addrinfo **current = &first; + int family = PF_UNSPEC; + int ret; + + if (hints != NULL) { + family = hints->ai_family; + } + +#ifdef HAVE_IPV6 + if (family == PF_INET6 || family == PF_UNSPEC) { + struct in6_addr v6_addr; + + if (inet_pton (PF_INET6, nodename, &v6_addr) == 1) { + ret = add_one (port, protocol, socktype, + ¤t, const_v6, &v6_addr, NULL); + *res = first; + return ret; + } + } +#endif + if (family == PF_INET || family == PF_UNSPEC) { + struct in_addr v4_addr; + + if (inet_pton (PF_INET, nodename, &v4_addr) == 1) { + ret = add_one (port, protocol, socktype, + ¤t, const_v4, &v4_addr, NULL); + *res = first; + return ret; + } + } + return EAI_NONAME; +} + +static int +get_nodes (const char *nodename, + const struct addrinfo *hints, + int port, int protocol, int socktype, + struct addrinfo **res) +{ + struct addrinfo *first = NULL; + struct addrinfo **current = &first; + int family = PF_UNSPEC; + int flags = 0; + int ret = EAI_NONAME; + int error; + + if (hints != NULL) { + family = hints->ai_family; + flags = hints->ai_flags; + } + +#ifdef HAVE_IPV6 + if (family == PF_INET6 || family == PF_UNSPEC) { + struct hostent *he; + + he = getipnodebyname (nodename, PF_INET6, 0, &error); + + if (he != NULL) { + ret = add_hostent (port, protocol, socktype, + ¤t, const_v6, he, &flags); + freehostent (he); + } + } +#endif + if (family == PF_INET || family == PF_UNSPEC) { + struct hostent *he; + + he = getipnodebyname (nodename, PF_INET, 0, &error); + + if (he != NULL) { + ret = add_hostent (port, protocol, socktype, + ¤t, const_v4, he, &flags); + freehostent (he); + } + } + *res = first; + return ret; +} + +/* + * hints: + * + * struct addrinfo { + * int ai_flags; + * int ai_family; + * int ai_socktype; + * int ai_protocol; + * ... + * }; + */ + +int ROKEN_LIB_FUNCTION +getaddrinfo(const char *nodename, + const char *servname, + const struct addrinfo *hints, + struct addrinfo **res) +{ + int ret; + int port = 0; + int protocol = 0; + int socktype = 0; + + *res = NULL; + + if (servname == NULL && nodename == NULL) + return EAI_NONAME; + + if (hints != NULL + && hints->ai_family != PF_UNSPEC + && hints->ai_family != PF_INET +#ifdef HAVE_IPV6 + && hints->ai_family != PF_INET6 +#endif + ) + return EAI_FAMILY; + + if (servname != NULL) { + ret = get_port_protocol_socktype (servname, hints, + &port, &protocol, &socktype); + if (ret) + return ret; + } + if (nodename != NULL) { + ret = get_number (nodename, hints, port, protocol, socktype, res); + if (ret) { + if(hints && hints->ai_flags & AI_NUMERICHOST) + ret = EAI_NONAME; + else + ret = get_nodes (nodename, hints, port, protocol, socktype, + res); + } + } else { + ret = get_null (hints, port, protocol, socktype, res); + } + if (ret) + freeaddrinfo (*res); + return ret; +} -- cgit From 10cb61790404cbc7aa5c68d5ed3b14a047615e2b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 14 Jul 2005 12:58:48 +0000 Subject: r8464: the last few functions needed by irix 6.4. (This used to be commit 903d963ca8fdefa23eaa77b5117d90b6b84866ab) --- source4/heimdal/lib/roken/copyhostent.c | 102 ++++++++++++++++++++++++++ source4/heimdal/lib/roken/freehostent.c | 62 ++++++++++++++++ source4/heimdal/lib/roken/getipnodebyaddr.c | 74 +++++++++++++++++++ source4/heimdal/lib/roken/getipnodebyname.c | 86 ++++++++++++++++++++++ source4/heimdal/lib/roken/hostent_find_fqdn.c | 59 +++++++++++++++ 5 files changed, 383 insertions(+) create mode 100644 source4/heimdal/lib/roken/copyhostent.c create mode 100644 source4/heimdal/lib/roken/freehostent.c create mode 100644 source4/heimdal/lib/roken/getipnodebyaddr.c create mode 100644 source4/heimdal/lib/roken/getipnodebyname.c create mode 100644 source4/heimdal/lib/roken/hostent_find_fqdn.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/roken/copyhostent.c b/source4/heimdal/lib/roken/copyhostent.c new file mode 100644 index 0000000000..d11fa16303 --- /dev/null +++ b/source4/heimdal/lib/roken/copyhostent.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: copyhostent.c,v 1.3 2005/04/12 11:28:36 lha Exp $"); +#endif + +#include "roken.h" + +/* + * return a malloced copy of `h' + */ + +struct hostent * ROKEN_LIB_FUNCTION +copyhostent (const struct hostent *h) +{ + struct hostent *res; + char **p; + int i, n; + + res = malloc (sizeof (*res)); + if (res == NULL) + return NULL; + res->h_name = NULL; + res->h_aliases = NULL; + res->h_addrtype = h->h_addrtype; + res->h_length = h->h_length; + res->h_addr_list = NULL; + res->h_name = strdup (h->h_name); + if (res->h_name == NULL) { + freehostent (res); + return NULL; + } + for (n = 0, p = h->h_aliases; *p != NULL; ++p) + ++n; + res->h_aliases = malloc ((n + 1) * sizeof(*res->h_aliases)); + if (res->h_aliases == NULL) { + freehostent (res); + return NULL; + } + for (i = 0; i < n + 1; ++i) + res->h_aliases[i] = NULL; + for (i = 0; i < n; ++i) { + res->h_aliases[i] = strdup (h->h_aliases[i]); + if (res->h_aliases[i] == NULL) { + freehostent (res); + return NULL; + } + } + + for (n = 0, p = h->h_addr_list; *p != NULL; ++p) + ++n; + res->h_addr_list = malloc ((n + 1) * sizeof(*res->h_addr_list)); + if (res->h_addr_list == NULL) { + freehostent (res); + return NULL; + } + for (i = 0; i < n + 1; ++i) { + res->h_addr_list[i] = NULL; + } + for (i = 0; i < n; ++i) { + res->h_addr_list[i] = malloc (h->h_length); + if (res->h_addr_list[i] == NULL) { + freehostent (res); + return NULL; + } + memcpy (res->h_addr_list[i], h->h_addr_list[i], h->h_length); + } + return res; +} + diff --git a/source4/heimdal/lib/roken/freehostent.c b/source4/heimdal/lib/roken/freehostent.c new file mode 100644 index 0000000000..d837ba2503 --- /dev/null +++ b/source4/heimdal/lib/roken/freehostent.c @@ -0,0 +1,62 @@ +/* + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: freehostent.c,v 1.3 2005/04/12 11:28:41 lha Exp $"); +#endif + +#include "roken.h" + +/* + * free a malloced hostent + */ + +void ROKEN_LIB_FUNCTION +freehostent (struct hostent *h) +{ + char **p; + + free (h->h_name); + if (h->h_aliases != NULL) { + for (p = h->h_aliases; *p != NULL; ++p) + free (*p); + free (h->h_aliases); + } + if (h->h_addr_list != NULL) { + for (p = h->h_addr_list; *p != NULL; ++p) + free (*p); + free (h->h_addr_list); + } + free (h); +} diff --git a/source4/heimdal/lib/roken/getipnodebyaddr.c b/source4/heimdal/lib/roken/getipnodebyaddr.c new file mode 100644 index 0000000000..841fc46a80 --- /dev/null +++ b/source4/heimdal/lib/roken/getipnodebyaddr.c @@ -0,0 +1,74 @@ +/* + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: getipnodebyaddr.c,v 1.3 2005/04/12 11:28:47 lha Exp $"); +#endif + +#include "roken.h" + +/* + * lookup `src, len' (address family `af') in DNS and return a pointer + * to a malloced struct hostent or NULL. + */ + +struct hostent * ROKEN_LIB_FUNCTION +getipnodebyaddr (const void *src, size_t len, int af, int *error_num) +{ + struct hostent *tmp; + + tmp = gethostbyaddr (src, len, af); + if (tmp == NULL) { + switch (h_errno) { + case HOST_NOT_FOUND : + case TRY_AGAIN : + case NO_RECOVERY : + *error_num = h_errno; + break; + case NO_DATA : + *error_num = NO_ADDRESS; + break; + default : + *error_num = NO_RECOVERY; + break; + } + return NULL; + } + tmp = copyhostent (tmp); + if (tmp == NULL) { + *error_num = TRY_AGAIN; + return NULL; + } + return tmp; +} diff --git a/source4/heimdal/lib/roken/getipnodebyname.c b/source4/heimdal/lib/roken/getipnodebyname.c new file mode 100644 index 0000000000..0707e4c16c --- /dev/null +++ b/source4/heimdal/lib/roken/getipnodebyname.c @@ -0,0 +1,86 @@ +/* + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: getipnodebyname.c,v 1.4 2005/04/12 11:28:47 lha Exp $"); +#endif + +#include "roken.h" + +#ifndef HAVE_H_ERRNO +static int h_errno = NO_RECOVERY; +#endif + +/* + * lookup `name' (address family `af') in DNS and return a pointer + * to a malloced struct hostent or NULL. + */ + +struct hostent * ROKEN_LIB_FUNCTION +getipnodebyname (const char *name, int af, int flags, int *error_num) +{ + struct hostent *tmp; + +#ifdef HAVE_GETHOSTBYNAME2 + tmp = gethostbyname2 (name, af); +#else + if (af != AF_INET) { + *error_num = NO_ADDRESS; + return NULL; + } + tmp = gethostbyname (name); +#endif + if (tmp == NULL) { + switch (h_errno) { + case HOST_NOT_FOUND : + case TRY_AGAIN : + case NO_RECOVERY : + *error_num = h_errno; + break; + case NO_DATA : + *error_num = NO_ADDRESS; + break; + default : + *error_num = NO_RECOVERY; + break; + } + return NULL; + } + tmp = copyhostent (tmp); + if (tmp == NULL) { + *error_num = TRY_AGAIN; + return NULL; + } + return tmp; +} diff --git a/source4/heimdal/lib/roken/hostent_find_fqdn.c b/source4/heimdal/lib/roken/hostent_find_fqdn.c new file mode 100644 index 0000000000..24f3b843d8 --- /dev/null +++ b/source4/heimdal/lib/roken/hostent_find_fqdn.c @@ -0,0 +1,59 @@ +/* + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: hostent_find_fqdn.c,v 1.3 2005/04/12 11:28:51 lha Exp $"); +#endif + +#include "roken.h" + +/* + * Try to find a fqdn (with `.') in he if possible, else return h_name + */ + +const char * ROKEN_LIB_FUNCTION +hostent_find_fqdn (const struct hostent *he) +{ + const char *ret = he->h_name; + const char **h; + + if (strchr (ret, '.') == NULL) + for (h = (const char **)he->h_aliases; *h != NULL; ++h) { + if (strchr (*h, '.') != NULL) { + ret = *h; + break; + } + } + return ret; +} -- cgit From 2624d8f096f222b48f9aa36e960ce46df597c5b6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 5 Aug 2005 08:09:43 +0000 Subject: r9105: match the prototype of netdb.h this should fix the build on solaris 10 lha can that be merged to the main heimdal if that apears to not break the build on other platforms metze (This used to be commit cb0259627976c10906016233fb27a1d05ae7e4b0) --- source4/heimdal/lib/roken/gai_strerror.c | 4 ++-- source4/heimdal/lib/roken/roken.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/roken/gai_strerror.c b/source4/heimdal/lib/roken/gai_strerror.c index 5c28f58bf4..8138a59405 100644 --- a/source4/heimdal/lib/roken/gai_strerror.c +++ b/source4/heimdal/lib/roken/gai_strerror.c @@ -40,7 +40,7 @@ RCSID("$Id: gai_strerror.c,v 1.5 2005/04/12 11:28:42 lha Exp $"); static struct gai_error { int code; - char *str; + const char *str; } errors[] = { {EAI_NOERROR, "no error"}, #ifdef EAI_ADDRFAMILY @@ -65,7 +65,7 @@ static struct gai_error { * */ -char * ROKEN_LIB_FUNCTION +const char * ROKEN_LIB_FUNCTION gai_strerror(int ecode) { struct gai_error *g; diff --git a/source4/heimdal/lib/roken/roken.h b/source4/heimdal/lib/roken/roken.h index 545f43c6a7..200968729e 100644 --- a/source4/heimdal/lib/roken/roken.h +++ b/source4/heimdal/lib/roken/roken.h @@ -543,7 +543,7 @@ freeaddrinfo(struct addrinfo *ai); #endif #ifndef HAVE_GAI_STRERROR -char * ROKEN_LIB_FUNCTION +const char * ROKEN_LIB_FUNCTION gai_strerror(int ecode); #endif -- cgit From 40448834a0a5ee4663a51cc31fc00128599b7192 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 5 Aug 2005 10:51:45 +0000 Subject: r9107: try to get the build on solaris going... metze (This used to be commit 1008459a98a8232f039b87c91443d653858e0500) --- source4/heimdal/lib/roken/inet_aton.c | 49 +++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 source4/heimdal/lib/roken/inet_aton.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/roken/inet_aton.c b/source4/heimdal/lib/roken/inet_aton.c new file mode 100644 index 0000000000..b26dcb87ff --- /dev/null +++ b/source4/heimdal/lib/roken/inet_aton.c @@ -0,0 +1,49 @@ +/* + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: inet_aton.c,v 1.14 2005/04/12 11:28:52 lha Exp $"); +#endif + +#include "roken.h" + +/* Minimal implementation of inet_aton. + * Cannot distinguish between failure and a local broadcast address. */ + +int ROKEN_LIB_FUNCTION +inet_aton(const char *cp, struct in_addr *addr) +{ + addr->s_addr = inet_addr(cp); + return (addr->s_addr == INADDR_NONE) ? 0 : 1; +} -- cgit From 918b1b3251351ba4002e45efcf5e516eb0950867 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 5 Aug 2005 23:56:07 +0000 Subject: r9151: reverting to return char * again metze (This used to be commit 60e2d58685ee50f90d6ad2ce2609a3c0b433ae10) --- source4/heimdal/lib/roken/gai_strerror.c | 4 ++-- source4/heimdal/lib/roken/roken.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/roken/gai_strerror.c b/source4/heimdal/lib/roken/gai_strerror.c index 8138a59405..5c28f58bf4 100644 --- a/source4/heimdal/lib/roken/gai_strerror.c +++ b/source4/heimdal/lib/roken/gai_strerror.c @@ -40,7 +40,7 @@ RCSID("$Id: gai_strerror.c,v 1.5 2005/04/12 11:28:42 lha Exp $"); static struct gai_error { int code; - const char *str; + char *str; } errors[] = { {EAI_NOERROR, "no error"}, #ifdef EAI_ADDRFAMILY @@ -65,7 +65,7 @@ static struct gai_error { * */ -const char * ROKEN_LIB_FUNCTION +char * ROKEN_LIB_FUNCTION gai_strerror(int ecode) { struct gai_error *g; diff --git a/source4/heimdal/lib/roken/roken.h b/source4/heimdal/lib/roken/roken.h index 200968729e..545f43c6a7 100644 --- a/source4/heimdal/lib/roken/roken.h +++ b/source4/heimdal/lib/roken/roken.h @@ -543,7 +543,7 @@ freeaddrinfo(struct addrinfo *ai); #endif #ifndef HAVE_GAI_STRERROR -const char * ROKEN_LIB_FUNCTION +char * ROKEN_LIB_FUNCTION gai_strerror(int ecode); #endif -- cgit From c0e8144c5d1e402b36ebe04b843eba62e7ab9958 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 9 Aug 2005 03:04:47 +0000 Subject: r9221: Try to merge Heimdal across from lorikeet-heimdal to samba4. This is my first attempt at this, so there may be a few rough edges. Andrew Bartlett (This used to be commit 9a1d2f2fec67930975da856a2d365345cec46216) --- source4/heimdal/fix-export | 82 + source4/heimdal/kdc/kerberos5.c | 101 +- source4/heimdal/kdc/pkinit.c | 26 +- source4/heimdal/lib/asn1/CMS.asn1 | 151 ++ source4/heimdal/lib/asn1/asn1-common.h | 42 +- source4/heimdal/lib/asn1/asn1_gen.c | 187 ++ source4/heimdal/lib/asn1/asn1_queue.h | 167 ++ source4/heimdal/lib/asn1/canthandle.asn1 | 34 + source4/heimdal/lib/asn1/der.c | 142 ++ source4/heimdal/lib/asn1/der.h | 217 ++- source4/heimdal/lib/asn1/der_cmp.c | 51 +- source4/heimdal/lib/asn1/der_copy.c | 72 +- source4/heimdal/lib/asn1/der_free.c | 58 +- source4/heimdal/lib/asn1/der_get.c | 565 +++--- source4/heimdal/lib/asn1/der_length.c | 131 +- source4/heimdal/lib/asn1/der_locl.h | 8 +- source4/heimdal/lib/asn1/der_put.c | 457 ++--- source4/heimdal/lib/asn1/extra.c | 159 ++ source4/heimdal/lib/asn1/gen.c | 650 ++++-- source4/heimdal/lib/asn1/gen_copy.c | 281 ++- source4/heimdal/lib/asn1/gen_decode.c | 730 ++++--- source4/heimdal/lib/asn1/gen_encode.c | 418 +++- source4/heimdal/lib/asn1/gen_free.c | 202 +- source4/heimdal/lib/asn1/gen_glue.c | 69 +- source4/heimdal/lib/asn1/gen_length.c | 187 +- source4/heimdal/lib/asn1/gen_locl.h | 22 +- source4/heimdal/lib/asn1/hash.c | 2 +- source4/heimdal/lib/asn1/heim_asn1.h | 55 + source4/heimdal/lib/asn1/k5.asn1 | 118 +- source4/heimdal/lib/asn1/lex.c | 2385 +++++++++++++---------- source4/heimdal/lib/asn1/lex.h | 3 +- source4/heimdal/lib/asn1/lex.l | 182 +- source4/heimdal/lib/asn1/libasn1.h | 51 + source4/heimdal/lib/asn1/main.c | 41 +- source4/heimdal/lib/asn1/parse.c | 1444 ++++++++++---- source4/heimdal/lib/asn1/parse.h | 258 ++- source4/heimdal/lib/asn1/parse.y | 892 +++++++-- source4/heimdal/lib/asn1/pkcs12.asn1 | 81 + source4/heimdal/lib/asn1/pkcs8.asn1 | 30 + source4/heimdal/lib/asn1/pkcs9.asn1 | 27 + source4/heimdal/lib/asn1/symbol.c | 128 +- source4/heimdal/lib/asn1/symbol.h | 102 +- source4/heimdal/lib/asn1/test.asn1 | 48 + source4/heimdal/lib/asn1/test.gen | 14 + source4/heimdal/lib/com_err/lex.c | 1317 ++++++------- source4/heimdal/lib/com_err/parse.c | 33 +- source4/heimdal/lib/com_err/parse.h | 6 +- source4/heimdal/lib/des/des.c | 21 +- source4/heimdal/lib/des/des.h | 16 +- source4/heimdal/lib/des/rnd_keys.c | 7 +- source4/heimdal/lib/gssapi/accept_sec_context.c | 49 +- source4/heimdal/lib/gssapi/init_sec_context.c | 270 ++- source4/heimdal/lib/hdb/hdb-private.h | 12 +- source4/heimdal/lib/krb5/crypto.c | 88 +- source4/heimdal/lib/krb5/get_cred.c | 6 +- source4/heimdal/lib/krb5/keytab.c | 14 +- source4/heimdal/lib/krb5/keytab_file.c | 10 +- source4/heimdal/lib/krb5/krb5-private.h | 15 +- source4/heimdal/lib/krb5/krb5-protos.h | 6 +- source4/heimdal/lib/krb5/krb5.h | 52 +- source4/heimdal/lib/krb5/pkinit.c | 188 +- source4/heimdal/lib/krb5/principal.c | 18 +- source4/heimdal/lib/krb5/rd_cred.c | 9 +- source4/heimdal/lib/krb5/test_crypto_wrapping.c | 163 ++ source4/heimdal/lib/krb5/test_pkinit_dh2key.c | 110 ++ source4/heimdal/lib/roken/base64.c | 2 +- source4/heimdal/lib/roken/ecalloc.c | 56 + source4/heimdal/lib/roken/estrdup.c | 56 + source4/heimdal/lib/roken/gai_strerror.c | 6 +- source4/heimdal/lib/roken/roken.h | 167 +- 70 files changed, 9293 insertions(+), 4474 deletions(-) create mode 100755 source4/heimdal/fix-export create mode 100644 source4/heimdal/lib/asn1/CMS.asn1 create mode 100644 source4/heimdal/lib/asn1/asn1_gen.c create mode 100644 source4/heimdal/lib/asn1/asn1_queue.h create mode 100644 source4/heimdal/lib/asn1/canthandle.asn1 create mode 100644 source4/heimdal/lib/asn1/der.c create mode 100644 source4/heimdal/lib/asn1/extra.c create mode 100644 source4/heimdal/lib/asn1/heim_asn1.h create mode 100644 source4/heimdal/lib/asn1/libasn1.h create mode 100644 source4/heimdal/lib/asn1/pkcs12.asn1 create mode 100644 source4/heimdal/lib/asn1/pkcs8.asn1 create mode 100644 source4/heimdal/lib/asn1/pkcs9.asn1 create mode 100644 source4/heimdal/lib/asn1/test.asn1 create mode 100644 source4/heimdal/lib/asn1/test.gen create mode 100644 source4/heimdal/lib/krb5/test_crypto_wrapping.c create mode 100644 source4/heimdal/lib/krb5/test_pkinit_dh2key.c create mode 100644 source4/heimdal/lib/roken/ecalloc.c create mode 100644 source4/heimdal/lib/roken/estrdup.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/fix-export b/source4/heimdal/fix-export new file mode 100755 index 0000000000..4f25ea0b74 --- /dev/null +++ b/source4/heimdal/fix-export @@ -0,0 +1,82 @@ +#! /bin/sh +# $Id: fix-export,v 1.38 2005/07/05 14:00:51 lha Exp $ + +echo "fixing distribution in $1..." + +test -d "$1" || { echo not a dir in \$1 ; exit 1 ; } +cd $1 + +if test "$DATEDVERSION"; then + ed -s configure.in << END +/AC_INIT/s/AC_INIT(\([^,]*\), [^,]*, \(.*\))/AC_INIT(\1, $DATEDVERSION, \2)/ +w +q +END + + error=WARN + exitcmd=: +else + error=ERROR + exitcmd=exit +fi + +ver=`sed -n 's/AC_INIT([^,]*,\([^,]*\),.*/\1/p' configure.in` +M="* This is version $ver. *" +echo "$M" | sed -e 's/./*/g' +echo "$M" +echo "$M" | sed -e 's/./*/g' + +ed -s configure.in << END +/test -z/s,^,#, +w +q +END +autoreconf --force --install +(cd doc && makeinfo heimdal.texi) + +find . -name Makefile.am | while read f; do + for i in `sed -n -e '/^man_MANS/{ + :loop + p + /[^\\]$/b quit + n + b loop + } + :quit' $f | sed 's/man_MANS//;s/=//;s/[ \\][ \\]*/ /g'`; do + x=`dirname $f`/$i + y=`dirname $f`/`echo $i | sed 's/[0-9]$/cat&/'` + echo `grog -Tascii $x` \> $y + `grog -Tascii $x` > $y + perl -p -e 'exit 1 if (/NetBSD|FreeBSD|OpenBSD|Linux|OSF|Solaris/); exit 0;' $y + if [ $? != 0 ] ; then + echo "$error: catfile $y contains operating system" + head -1 $y + $exitcmd + fi + done +done + +make_proto () { + (top=`pwd` + cd $1 + b=`basename $1` + if test X"$5" != X ; then + e="-E $5"; + else + e= + fi + perl $top/cf/make-proto.pl $e -o $2 -p $3 `(perl -p -e 's/^(include|if|else|endif)\b/##$1/' Makefile.am; + echo 'print-sources:; @if test "$(proto_opts)"; then echo $(proto_opts); else echo -q -P comment; fi; echo '$4 | sort -u ) | make -f - print-sources `) +} + +make_proto lib/krb5 krb5-protos.h krb5-private.h '$(libkrb5_la_SOURCES)' KRB5_LIB_FUNCTION +make_proto lib/kadm5 kadm5-protos.h kadm5-private.h '$(libkadm5srv_la_SOURCES) $(libkadm5clnt_la_SOURCES)' +make_proto lib/hdb hdb-protos.h hdb-private.h '$(libhdb_la_SOURCES)' +make_proto appl/login login_protos.h /dev/null '$(login_SOURCES)' +make_proto kcm kcm_protos.h /dev/null '$(kcm_SOURCES)' +make_proto kdc kdc-protos.h /dev/null '$(libkdc_la_SOURCES)' + +rm fix-export make-release make-release.el +find . -name .cvsignore -print | xargs rm +find . -name .__afs\* -print | xargs rm +rm -fr autom4te*.cache diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 122c9ab780..e85a269a01 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -189,22 +189,26 @@ log_timestamp(krb5_context context, KerberosTime authtime, KerberosTime *starttime, KerberosTime endtime, KerberosTime *renew_till) { - char atime[100], stime[100], etime[100], rtime[100]; + char authtime_str[100], starttime_str[100], endtime_str[100], renewtime_str[100]; - krb5_format_time(context, authtime, atime, sizeof(atime), TRUE); + krb5_format_time(context, authtime, + authtime_str, sizeof(authtime_str), TRUE); if (starttime) - krb5_format_time(context, *starttime, stime, sizeof(stime), TRUE); + krb5_format_time(context, *starttime, + starttime_str, sizeof(starttime_str), TRUE); else - strlcpy(stime, "unset", sizeof(stime)); - krb5_format_time(context, endtime, etime, sizeof(etime), TRUE); + strlcpy(starttime_str, "unset", sizeof(starttime_str)); + krb5_format_time(context, endtime, + endtime_str, sizeof(endtime_str), TRUE); if (renew_till) - krb5_format_time(context, *renew_till, rtime, sizeof(rtime), TRUE); + krb5_format_time(context, *renew_till, + renewtime_str, sizeof(renewtime_str), TRUE); else - strlcpy(rtime, "unset", sizeof(rtime)); + strlcpy(renewtime_str, "unset", sizeof(renewtime_str)); kdc_log(context, config, 5, "%s authtime: %s starttime: %s endtype: %s renew till: %s", - type, atime, stime, etime, rtime); + type, authtime_str, starttime_str, endtime_str, renewtime_str); } static krb5_error_code @@ -578,7 +582,8 @@ get_pa_etype_info2(krb5_context context, ret = krb5_unparse_name(context, client->principal, &name); if (ret) name = ""; - kdc_log(context, config, 0, "internal error in get_pa_etype_info2(%s): %d != %d", + kdc_log(context, config, 0, + "internal error in get_pa_etype_info2(%s): %d != %d", name, n, pa.len); if (ret == 0) free(name); @@ -623,24 +628,26 @@ _kdc_check_flags(krb5_context context, if(!client->flags.client){ kdc_log(context, config, 0, - "Principal may not act as client -- %s", - client_name); + "Principal may not act as client -- %s", client_name); return KRB5KDC_ERR_POLICY; } if (client->valid_start && *client->valid_start > kdc_time) { - kdc_log(context, config, 0, "Client not yet valid -- %s", client_name); + kdc_log(context, config, 0, + "Client not yet valid -- %s", client_name); return KRB5KDC_ERR_CLIENT_NOTYET; } if (client->valid_end && *client->valid_end < kdc_time) { - kdc_log(context, config, 0, "Client expired -- %s", client_name); + kdc_log(context, config, 0, + "Client expired -- %s", client_name); return KRB5KDC_ERR_NAME_EXP; } if (client->pw_end && *client->pw_end < kdc_time && !server->flags.change_pw) { - kdc_log(context, config, 0, "Client's key has expired -- %s", client_name); + kdc_log(context, config, 0, + "Client's key has expired -- %s", client_name); return KRB5KDC_ERR_KEY_EXPIRED; } } @@ -649,33 +656,38 @@ _kdc_check_flags(krb5_context context, if (server != NULL) { if (server->flags.invalid) { - kdc_log(context, config, 0, "Server has invalid flag set -- %s", server_name); + kdc_log(context, config, 0, + "Server has invalid flag set -- %s", server_name); return KRB5KDC_ERR_POLICY; } if(!server->flags.server){ - kdc_log(context, config, 0, "Principal may not act as server -- %s", - server_name); + kdc_log(context, config, 0, + "Principal may not act as server -- %s", server_name); return KRB5KDC_ERR_POLICY; } if(!is_as_req && server->flags.initial) { - kdc_log(context, config, 0, "AS-REQ is required for server -- %s", server_name); + kdc_log(context, config, 0, + "AS-REQ is required for server -- %s", server_name); return KRB5KDC_ERR_POLICY; } if (server->valid_start && *server->valid_start > kdc_time) { - kdc_log(context, config, 0, "Server not yet valid -- %s", server_name); + kdc_log(context, config, 0, + "Server not yet valid -- %s", server_name); return KRB5KDC_ERR_SERVICE_NOTYET; } if (server->valid_end && *server->valid_end < kdc_time) { - kdc_log(context, config, 0, "Server expired -- %s", server_name); + kdc_log(context, config, 0, + "Server expired -- %s", server_name); return KRB5KDC_ERR_SERVICE_EXP; } if (server->pw_end && *server->pw_end < kdc_time) { - kdc_log(context, config, 0, "Server's key has expired -- %s", server_name); + kdc_log(context, config, 0, + "Server's key has expired -- %s", server_name); return KRB5KDC_ERR_KEY_EXPIRED; } } @@ -868,6 +880,7 @@ _kdc_as_rep(krb5_context context, size_t len; EncryptedData enc_data; Key *pa_key; + char *str; found_pa = 1; @@ -919,14 +932,24 @@ _kdc_as_rep(krb5_context context, &ts_data); krb5_crypto_destroy(context, crypto); if(ret){ + krb5_error_code ret2; + ret2 = krb5_enctype_to_string(context, + pa_key->key.keytype, &str); + if (ret2) + str = NULL; + kdc_log(context, config, 5, + "Failed to decrypt PA-DATA -- %s " + "(enctype %s) error %s", + client_name, str ? str : "unknown enctype", + krb5_get_err_text(context, ret)); + free(str); + if(hdb_next_enctype2key(context, client, enc_data.etype, &pa_key) == 0) goto try_next_key; - free_EncryptedData(&enc_data); e_text = "Failed to decrypt PA-DATA"; - kdc_log(context, config, - 5, "Failed to decrypt PA-DATA -- %s", - client_name); + + free_EncryptedData(&enc_data); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; continue; } @@ -953,9 +976,15 @@ _kdc_as_rep(krb5_context context, goto out; } et.flags.pre_authent = 1; + + ret = krb5_enctype_to_string(context,pa_key->key.keytype, &str); + if (ret) + str = NULL; + kdc_log(context, config, 2, - "ENC-TS Pre-authentication succeeded -- %s", - client_name); + "ENC-TS Pre-authentication succeeded -- %s using %s", + client_name, str ? str : "unknown enctype"); + free(str); break; } #ifdef PKINIT @@ -1877,7 +1906,7 @@ tgs_check_authenticator(krb5_context context, free(buf); krb5_crypto_destroy(context, crypto); if(ret){ - kdc_log(context, config, 0, "Failed to verify checksum: %s", + kdc_log(context, config, 0, "Failed to verify authenticator checksum: %s", krb5_get_err_text(context, ret)); } out: @@ -2073,7 +2102,11 @@ tgs_rep2(krb5_context context, ret = tgs_check_authenticator(context, config, ac, b, &e_text, &tgt->key); - + if(ret){ + krb5_auth_con_free(context, ac); + goto out2; + } + if (b->enc_authorization_data) { krb5_keyblock *subkey; krb5_data ad; @@ -2134,14 +2167,6 @@ tgs_rep2(krb5_context context, } } - krb5_auth_con_free(context, ac); - - if(ret){ - kdc_log(context, config, 0, "Failed to verify authenticator: %s", - krb5_get_err_text(context, ret)); - goto out2; - } - { PrincipalName *s; Realm r; diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index d83e1d3b2e..f591aa8fc1 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c,v 1.36 2005/07/01 15:37:24 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.37 2005/07/26 18:37:02 lha Exp $"); #ifdef PKINIT @@ -927,8 +927,10 @@ pk_mk_pa_reply_enckey(krb5_context context, enc_alg->parameters->data = params.data; enc_alg->parameters->length = params.length; - if (client_params->type == PKINIT_COMPAT_WIN2K || client_params->type == PKINIT_COMPAT_19 || client_params->type == PKINIT_COMPAT_25) { - ReplyKeyPack kp; + switch (client_params->type) { + case PKINIT_COMPAT_WIN2K: + case PKINIT_COMPAT_19: { + ReplyKeyPack_19 kp; memset(&kp, 0, sizeof(kp)); ret = copy_EncryptionKey(reply_key, &kp.replyKey); @@ -938,9 +940,25 @@ pk_mk_pa_reply_enckey(krb5_context context, } kp.nonce = client_params->nonce; + ASN1_MALLOC_ENCODE(ReplyKeyPack_19, + buf.data, buf.length, + &kp, &size,ret); + free_ReplyKeyPack_19(&kp); + } + case PKINIT_COMPAT_25: { + ReplyKeyPack kp; + memset(&kp, 0, sizeof(kp)); + + ret = copy_EncryptionKey(reply_key, &kp.replyKey); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + /* XXX add whatever is the outcome of asChecksum discussion here */ ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret); free_ReplyKeyPack(&kp); - } else { + } + default: krb5_abortx(context, "internal pkinit error"); } if (ret) { diff --git a/source4/heimdal/lib/asn1/CMS.asn1 b/source4/heimdal/lib/asn1/CMS.asn1 new file mode 100644 index 0000000000..5c8b71da1a --- /dev/null +++ b/source4/heimdal/lib/asn1/CMS.asn1 @@ -0,0 +1,151 @@ +-- From RFC 3369 -- +-- $Id: CMS.asn1,v 1.3 2005/07/23 10:37:13 lha Exp $ -- + +CMS DEFINITIONS ::= BEGIN + +IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name, + Attribute, Certificate, Name, SubjectKeyIdentifier FROM rfc2459 + heim_any, heim_any_set FROM heim; + +id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs7(7) } + +id-pkcs7-data OBJECT IDENTIFIER ::= { id-pkcs7 1 } +id-pkcs7-signedData OBJECT IDENTIFIER ::= { id-pkcs7 2 } +id-pkcs7-envelopedData OBJECT IDENTIFIER ::= { id-pkcs7 3 } +id-pkcs7-signedAndEnvelopedData OBJECT IDENTIFIER ::= { id-pkcs7 4 } +id-pkcs7-digestedData OBJECT IDENTIFIER ::= { id-pkcs7 5 } +id-pkcs7-encryptedData OBJECT IDENTIFIER ::= { id-pkcs7 6 } + +CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) } + +DigestAlgorithmIdentifier ::= AlgorithmIdentifier +DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier +SignatureAlgorithmIdentifier ::= AlgorithmIdentifier + +ContentType ::= OBJECT IDENTIFIER +MessageDigest ::= OCTET STRING + +ContentInfo ::= SEQUENCE { + contentType ContentType, + content [0] EXPLICIT heim_any OPTIONAL -- DEFINED BY contentType +} + +EncapsulatedContentInfo ::= SEQUENCE { + eContentType ContentType, + eContent [0] EXPLICIT OCTET STRING OPTIONAL +} + +CertificateSet ::= SET OF heim_any + +CertificateList ::= Certificate + +CertificateRevocationLists ::= SET OF CertificateList + +IssuerAndSerialNumber ::= SEQUENCE { + issuer Name, + serialNumber CertificateSerialNumber +} + +-- RecipientIdentifier is same as SignerIdentifier, +-- lets glue them togheter and save some bytes and share code for them + +CMSIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier +} + +SignerIdentifier ::= CMSIdentifier +RecipientIdentifier ::= CMSIdentifier + +--- CMSAttributes are the combined UnsignedAttributes and SignedAttributes +--- to store space and share code + +CMSAttributes ::= SET OF Attribute -- SIZE (1..MAX) + +SignatureValue ::= OCTET STRING + +SignerInfo ::= SEQUENCE { + version CMSVersion, + sid SignerIdentifier, + digestAlgorithm DigestAlgorithmIdentifier, + signedAttrs [0] IMPLICIT -- CMSAttributes -- + SET OF Attribute OPTIONAL, + signatureAlgorithm SignatureAlgorithmIdentifier, + signature SignatureValue, + unsignedAttrs [1] IMPLICIT -- CMSAttributes -- + SET OF Attribute OPTIONAL +} + +SignerInfos ::= SET OF SignerInfo + +SignedData ::= SEQUENCE { + version CMSVersion, + digestAlgorithms DigestAlgorithmIdentifiers, + encapContentInfo EncapsulatedContentInfo, + certificates [0] IMPLICIT -- CertificateSet -- + SET OF heim_any OPTIONAL, + crls [1] IMPLICIT -- CertificateRevocationLists -- + heim_any OPTIONAL, + signerInfos SignerInfos +} + +OriginatorInfo ::= SEQUENCE { + certs [0] IMPLICIT -- CertificateSet -- + SET OF heim_any OPTIONAL, + crls [1] IMPLICIT --CertificateRevocationLists -- + heim_any OPTIONAL +} + +KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier +ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +EncryptedKey ::= OCTET STRING + +KeyTransRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 0 or 2 + rid RecipientIdentifier, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey +} + +RecipientInfo ::= KeyTransRecipientInfo + +RecipientInfos ::= SET OF RecipientInfo + +EncryptedContent ::= OCTET STRING + +EncryptedContentInfo ::= SEQUENCE { + contentType ContentType, + contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, + encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL +} + +UnprotectedAttributes ::= SET OF Attribute -- SIZE (1..MAX) + +CMSEncryptedData ::= SEQUENCE { + version CMSVersion, + encryptedContentInfo EncryptedContentInfo, + unprotectedAttrs [1] IMPLICIT -- UnprotectedAttributes -- + heim_any OPTIONAL +} + +EnvelopedData ::= SEQUENCE { + version CMSVersion, + originatorInfo [0] IMPLICIT -- OriginatorInfo -- heim_any OPTIONAL, + recipientInfos RecipientInfos, + encryptedContentInfo EncryptedContentInfo, + unprotectedAttrs [1] IMPLICIT -- UnprotectedAttributes -- + heim_any OPTIONAL +} + +-- Data ::= OCTET STRING + +CMSRC2CBCParameter ::= SEQUENCE { + rc2ParameterVersion INTEGER, + iv OCTET STRING -- exactly 8 octets +} + +CMSCBCParameter ::= OCTET STRING + +END diff --git a/source4/heimdal/lib/asn1/asn1-common.h b/source4/heimdal/lib/asn1/asn1-common.h index 4560b1b29c..01411b384a 100644 --- a/source4/heimdal/lib/asn1/asn1-common.h +++ b/source4/heimdal/lib/asn1/asn1-common.h @@ -1,4 +1,4 @@ -/* $Id: asn1-common.h,v 1.4 2003/07/15 13:57:31 lha Exp $ */ +/* $Id: asn1-common.h,v 1.5 2005/07/12 06:27:14 lha Exp $ */ #include #include @@ -6,6 +6,12 @@ #ifndef __asn1_common_definitions__ #define __asn1_common_definitions__ +typedef struct heim_integer { + size_t length; + void *data; + int negative; +} heim_integer; + typedef struct heim_octet_string { size_t length; void *data; @@ -13,10 +19,44 @@ typedef struct heim_octet_string { typedef char *heim_general_string; typedef char *heim_utf8_string; +typedef char *heim_printable_string; +typedef char *heim_ia5_string; + +typedef struct heim_bmp_string { + size_t length; + uint16_t *data; +} heim_bmp_string; + +typedef struct heim_universal_string { + size_t length; + uint32_t *data; +} heim_universal_string; + typedef struct heim_oid { size_t length; unsigned *components; } heim_oid; +typedef struct heim_bit_string { + size_t length; + void *data; +} heim_bit_string; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + #endif diff --git a/source4/heimdal/lib/asn1/asn1_gen.c b/source4/heimdal/lib/asn1/asn1_gen.c new file mode 100644 index 0000000000..939fb1123e --- /dev/null +++ b/source4/heimdal/lib/asn1/asn1_gen.c @@ -0,0 +1,187 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "der_locl.h" +#include +#include +#include +#include +#include +#include +#include + +RCSID("$Id: asn1_gen.c,v 1.2 2005/07/12 06:27:14 lha Exp $"); + +static int +doit(const char *fn) +{ + char buf[2048]; + char *fnout; + const char *bname; + unsigned long line = 0; + FILE *f, *fout; + size_t offset = 0; + + f = fopen(fn, "r"); + if (f == NULL) + err(1, "fopen"); + + bname = strrchr(fn, '/'); + if (bname) + bname++; + else + bname = fn; + + asprintf(&fnout, "%s.out", bname); + if (fnout == NULL) + errx(1, "malloc"); + + fout = fopen(fnout, "w"); + if (fout == NULL) + err(1, "fopen: output file"); + + while (fgets(buf, sizeof(buf), f) != NULL) { + char *ptr, *class, *type, *tag, *length, *data, *foo; + int ret, l, c, ty, ta; + unsigned char p[6], *pdata; + size_t sz; + + line++; + + buf[strcspn(buf, "\r\n")] = '\0'; + if (buf[0] == '#' || buf[0] == '\0') + continue; + + ptr = buf; + while (isspace((unsigned char)*ptr)) + ptr++; + + class = strtok_r(ptr, " \t\n", &foo); + if (class == NULL) errx(1, "class missing one line %lu", line); + type = strtok_r(NULL, " \t\n", &foo); + if (type == NULL) errx(1, "type missing one line %lu", line); + tag = strtok_r(NULL, " \t\n", &foo); + if (tag == NULL) errx(1, "tag missing one line %lu", line); + length = strtok_r(NULL, " \t\n", &foo); + if (length == NULL) errx(1, "length missing one line %lu", line); + data = strtok_r(NULL, " \t\n", &foo); + + c = der_get_class_num(class); + if (c == -1) errx(1, "no valid class on line %lu", line); + ty = der_get_type_num(type); + if (ty == -1) errx(1, "no valid type on line %lu", line); + ta = der_get_tag_num(tag); + if (ta == -1) + ta = atoi(tag); + + l = atoi(length); + + printf("line: %3lu offset: %3lu class: %d type: %d " + "tag: %3d length: %3d %s\n", + line, (unsigned long)offset, c, ty, ta, l, + data ? "" : ""); + + ret = der_put_length_and_tag(p + sizeof(p) - 1, sizeof(p), + l, + c, + ty, + ta, + &sz); + if (ret) + errx(1, "der_put_length_and_tag: %d", ret); + + if (fwrite(p + sizeof(p) - sz , sz, 1, fout) != 1) + err(1, "fwrite length/tag failed"); + offset += sz; + + if (data) { + size_t datalen; + + datalen = strlen(data) / 2; + pdata = emalloc(sz); + + if (hex_decode(data, pdata, datalen) != datalen) + errx(1, "failed to decode data"); + + if (fwrite(pdata, datalen, 1, fout) != 1) + err(1, "fwrite data failed"); + offset += datalen; + + free(pdata); + } + } + printf("line: eof offset: %lu\n", (unsigned long)offset); + + fclose(fout); + fclose(f); + return 0; +} + + +static int version_flag; +static int help_flag; +struct getargs args[] = { + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; +int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage(int code) +{ + arg_printusage(args, num_args, NULL, "parse-file"); + exit(code); +} + +int +main(int argc, char **argv) +{ + int optind = 0; + + setprogname (argv[0]); + + if(getarg(args, num_args, argc, argv, &optind)) + usage(1); + if(help_flag) + usage(0); + if(version_flag) { + print_version(NULL); + exit(0); + } + argv += optind; + argc -= optind; + if (argc != 1) + usage (1); + + return doit (argv[0]); +} diff --git a/source4/heimdal/lib/asn1/asn1_queue.h b/source4/heimdal/lib/asn1/asn1_queue.h new file mode 100644 index 0000000000..2874b35f6a --- /dev/null +++ b/source4/heimdal/lib/asn1/asn1_queue.h @@ -0,0 +1,167 @@ +/* $NetBSD: queue.h,v 1.38 2004/04/18 14:12:05 lukem Exp $ */ +/* $Id: asn1_queue.h,v 1.2 2005/07/12 06:27:15 lha Exp $ */ + +/* + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)queue.h 8.5 (Berkeley) 8/20/94 + */ + +#ifndef _ASN1_QUEUE_H_ +#define _ASN1_QUEUE_H_ + +/* + * Tail queue definitions. + */ +#define ASN1_TAILQ_HEAD(name, type) \ +struct name { \ + struct type *tqh_first; /* first element */ \ + struct type **tqh_last; /* addr of last next element */ \ +} + +#define ASN1_TAILQ_HEAD_INITIALIZER(head) \ + { NULL, &(head).tqh_first } +#define ASN1_TAILQ_ENTRY(type) \ +struct { \ + struct type *tqe_next; /* next element */ \ + struct type **tqe_prev; /* address of previous next element */ \ +} + +/* + * Tail queue functions. + */ +#if defined(_KERNEL) && defined(QUEUEDEBUG) +#define QUEUEDEBUG_ASN1_TAILQ_INSERT_HEAD(head, elm, field) \ + if ((head)->tqh_first && \ + (head)->tqh_first->field.tqe_prev != &(head)->tqh_first) \ + panic("ASN1_TAILQ_INSERT_HEAD %p %s:%d", (head), __FILE__, __LINE__); +#define QUEUEDEBUG_ASN1_TAILQ_INSERT_TAIL(head, elm, field) \ + if (*(head)->tqh_last != NULL) \ + panic("ASN1_TAILQ_INSERT_TAIL %p %s:%d", (head), __FILE__, __LINE__); +#define QUEUEDEBUG_ASN1_TAILQ_OP(elm, field) \ + if ((elm)->field.tqe_next && \ + (elm)->field.tqe_next->field.tqe_prev != \ + &(elm)->field.tqe_next) \ + panic("ASN1_TAILQ_* forw %p %s:%d", (elm), __FILE__, __LINE__);\ + if (*(elm)->field.tqe_prev != (elm)) \ + panic("ASN1_TAILQ_* back %p %s:%d", (elm), __FILE__, __LINE__); +#define QUEUEDEBUG_ASN1_TAILQ_PREREMOVE(head, elm, field) \ + if ((elm)->field.tqe_next == NULL && \ + (head)->tqh_last != &(elm)->field.tqe_next) \ + panic("ASN1_TAILQ_PREREMOVE head %p elm %p %s:%d", \ + (head), (elm), __FILE__, __LINE__); +#define QUEUEDEBUG_ASN1_TAILQ_POSTREMOVE(elm, field) \ + (elm)->field.tqe_next = (void *)1L; \ + (elm)->field.tqe_prev = (void *)1L; +#else +#define QUEUEDEBUG_ASN1_TAILQ_INSERT_HEAD(head, elm, field) +#define QUEUEDEBUG_ASN1_TAILQ_INSERT_TAIL(head, elm, field) +#define QUEUEDEBUG_ASN1_TAILQ_OP(elm, field) +#define QUEUEDEBUG_ASN1_TAILQ_PREREMOVE(head, elm, field) +#define QUEUEDEBUG_ASN1_TAILQ_POSTREMOVE(elm, field) +#endif + +#define ASN1_TAILQ_INIT(head) do { \ + (head)->tqh_first = NULL; \ + (head)->tqh_last = &(head)->tqh_first; \ +} while (/*CONSTCOND*/0) + +#define ASN1_TAILQ_INSERT_HEAD(head, elm, field) do { \ + QUEUEDEBUG_ASN1_TAILQ_INSERT_HEAD((head), (elm), field) \ + if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \ + (head)->tqh_first->field.tqe_prev = \ + &(elm)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm)->field.tqe_next; \ + (head)->tqh_first = (elm); \ + (elm)->field.tqe_prev = &(head)->tqh_first; \ +} while (/*CONSTCOND*/0) + +#define ASN1_TAILQ_INSERT_TAIL(head, elm, field) do { \ + QUEUEDEBUG_ASN1_TAILQ_INSERT_TAIL((head), (elm), field) \ + (elm)->field.tqe_next = NULL; \ + (elm)->field.tqe_prev = (head)->tqh_last; \ + *(head)->tqh_last = (elm); \ + (head)->tqh_last = &(elm)->field.tqe_next; \ +} while (/*CONSTCOND*/0) + +#define ASN1_TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ + QUEUEDEBUG_ASN1_TAILQ_OP((listelm), field) \ + if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\ + (elm)->field.tqe_next->field.tqe_prev = \ + &(elm)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm)->field.tqe_next; \ + (listelm)->field.tqe_next = (elm); \ + (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \ +} while (/*CONSTCOND*/0) + +#define ASN1_TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ + QUEUEDEBUG_ASN1_TAILQ_OP((listelm), field) \ + (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ + (elm)->field.tqe_next = (listelm); \ + *(listelm)->field.tqe_prev = (elm); \ + (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \ +} while (/*CONSTCOND*/0) + +#define ASN1_TAILQ_REMOVE(head, elm, field) do { \ + QUEUEDEBUG_ASN1_TAILQ_PREREMOVE((head), (elm), field) \ + QUEUEDEBUG_ASN1_TAILQ_OP((elm), field) \ + if (((elm)->field.tqe_next) != NULL) \ + (elm)->field.tqe_next->field.tqe_prev = \ + (elm)->field.tqe_prev; \ + else \ + (head)->tqh_last = (elm)->field.tqe_prev; \ + *(elm)->field.tqe_prev = (elm)->field.tqe_next; \ + QUEUEDEBUG_ASN1_TAILQ_POSTREMOVE((elm), field); \ +} while (/*CONSTCOND*/0) + +#define ASN1_TAILQ_FOREACH(var, head, field) \ + for ((var) = ((head)->tqh_first); \ + (var); \ + (var) = ((var)->field.tqe_next)) + +#define ASN1_TAILQ_FOREACH_REVERSE(var, head, headname, field) \ + for ((var) = (*(((struct headname *)((head)->tqh_last))->tqh_last)); \ + (var); \ + (var) = (*(((struct headname *)((var)->field.tqe_prev))->tqh_last))) + +/* + * Tail queue access methods. + */ +#define ASN1_TAILQ_EMPTY(head) ((head)->tqh_first == NULL) +#define ASN1_TAILQ_FIRST(head) ((head)->tqh_first) +#define ASN1_TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) + +#define ASN1_TAILQ_LAST(head, headname) \ + (*(((struct headname *)((head)->tqh_last))->tqh_last)) +#define ASN1_TAILQ_PREV(elm, headname, field) \ + (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) + + +#endif /* !_ASN1_QUEUE_H_ */ diff --git a/source4/heimdal/lib/asn1/canthandle.asn1 b/source4/heimdal/lib/asn1/canthandle.asn1 new file mode 100644 index 0000000000..55ba4d1bb6 --- /dev/null +++ b/source4/heimdal/lib/asn1/canthandle.asn1 @@ -0,0 +1,34 @@ +-- $Id: canthandle.asn1,v 1.4 2005/07/21 20:49:15 lha Exp $ -- + +CANTHANDLE DEFINITIONS ::= BEGIN + +-- Code the tag [1] but not the [ CONTEXT CONS UT_Sequence ] for Kaka2 +-- Workaround: use inline the structure directly +-- Code the tag [2] but it should be primitive since KAKA3 is +-- Workaround: use the INTEGER type directly + +Kaka2 ::= SEQUENCE { + kaka2-1 [0] INTEGER +} + +Kaka3 ::= INTEGER + +Foo ::= SEQUENCE { + kaka1 [0] IMPLICIT INTEGER OPTIONAL, + kaka2 [1] IMPLICIT Kaka2 OPTIONAL, + kaka3 [2] IMPLICIT Kaka3 OPTIONAL +} + +-- Don't code kaka if its 1 +-- Workaround is to use OPTIONAL and check for in the encoder stubs + +Bar ::= SEQUENCE { + kaka [0] INTEGER DEFAULT 1 +} + +-- Can't handle primitives in SET OF +-- Workaround is to define a type that is only an integer and use that + +Baz ::= SET OF INTEGER + +END diff --git a/source4/heimdal/lib/asn1/der.c b/source4/heimdal/lib/asn1/der.c new file mode 100644 index 0000000000..687b381121 --- /dev/null +++ b/source4/heimdal/lib/asn1/der.c @@ -0,0 +1,142 @@ +/* + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "der_locl.h" +#include +#include +#include +#include +#include + +RCSID("$Id: der.c,v 1.2 2005/07/12 06:27:19 lha Exp $"); + + +static const char *class_names[] = { + "UNIV", /* 0 */ + "APPL", /* 1 */ + "CONTEXT", /* 2 */ + "PRIVATE" /* 3 */ +}; + +static const char *type_names[] = { + "PRIM", /* 0 */ + "CONS" /* 1 */ +}; + +static const char *tag_names[] = { + "EndOfContent", /* 0 */ + "Boolean", /* 1 */ + "Integer", /* 2 */ + "BitString", /* 3 */ + "OctetString", /* 4 */ + "Null", /* 5 */ + "ObjectID", /* 6 */ + NULL, /* 7 */ + NULL, /* 8 */ + NULL, /* 9 */ + "Enumerated", /* 10 */ + NULL, /* 11 */ + NULL, /* 12 */ + NULL, /* 13 */ + NULL, /* 14 */ + NULL, /* 15 */ + "Sequence", /* 16 */ + "Set", /* 17 */ + NULL, /* 18 */ + "PrintableString", /* 19 */ + NULL, /* 20 */ + NULL, /* 21 */ + "IA5String", /* 22 */ + "UTCTime", /* 23 */ + "GeneralizedTime", /* 24 */ + NULL, /* 25 */ + "VisibleString", /* 26 */ + "GeneralString", /* 27 */ + NULL, /* 28 */ + NULL, /* 29 */ + "BMPString" /* 30 */ +}; + +static int +get_type(const char *name, const char *list[], unsigned len) +{ + unsigned i; + for (i = 0; i < len; i++) + if (list[i] && strcasecmp(list[i], name) == 0) + return i; + return -1; +} + +#define SIZEOF_ARRAY(a) (sizeof((a))/sizeof((a)[0])) + +const char * +der_get_class_name(unsigned num) +{ + if (num >= SIZEOF_ARRAY(class_names)) + return NULL; + return class_names[num]; +} + +int +der_get_class_num(const char *name) +{ + return get_type(name, class_names, SIZEOF_ARRAY(class_names)); +} + +const char * +der_get_type_name(unsigned num) +{ + if (num >= SIZEOF_ARRAY(type_names)) + return NULL; + return type_names[num]; +} + +int +der_get_type_num(const char *name) +{ + return get_type(name, type_names, SIZEOF_ARRAY(type_names)); +} + +const char * +der_get_tag_name(unsigned num) +{ + if (num >= SIZEOF_ARRAY(tag_names)) + return NULL; + return tag_names[num]; +} + +int +der_get_tag_num(const char *name) +{ + return get_type(name, tag_names, SIZEOF_ARRAY(tag_names)); +} diff --git a/source4/heimdal/lib/asn1/der.h b/source4/heimdal/lib/asn1/der.h index 6c80842ff8..a66a3908c6 100644 --- a/source4/heimdal/lib/asn1/der.h +++ b/source4/heimdal/lib/asn1/der.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,150 +31,213 @@ * SUCH DAMAGE. */ -/* $Id: der.h,v 1.28 2005/05/29 14:23:00 lha Exp $ */ +/* $Id: der.h,v 1.29 2005/07/12 06:27:19 lha Exp $ */ #ifndef __DER_H__ #define __DER_H__ -#include - typedef enum { ASN1_C_UNIV = 0, ASN1_C_APPL = 1, - ASN1_C_CONTEXT = 2 , + ASN1_C_CONTEXT = 2, ASN1_C_PRIVATE = 3 } Der_class; typedef enum {PRIM = 0, CONS = 1} Der_type; +#define MAKE_TAG(CLASS, TYPE, TAG) (((CLASS) << 6) | ((TYPE) << 5) | (TAG)) + /* Universal tags */ enum { - UT_Boolean = 1, - UT_Integer = 2, - UT_BitString = 3, - UT_OctetString = 4, - UT_Null = 5, - UT_OID = 6, - UT_Enumerated = 10, - UT_UTF8String = 12, - UT_Sequence = 16, - UT_Set = 17, - UT_PrintableString = 19, - UT_IA5String = 22, - UT_UTCTime = 23, - UT_GeneralizedTime = 24, - UT_VisibleString = 26, - UT_GeneralString = 27 + UT_EndOfContent = 0, + UT_Boolean = 1, + UT_Integer = 2, + UT_BitString = 3, + UT_OctetString = 4, + UT_Null = 5, + UT_OID = 6, + UT_Enumerated = 10, + UT_UTF8String = 12, + UT_Sequence = 16, + UT_Set = 17, + UT_PrintableString = 19, + UT_IA5String = 22, + UT_UTCTime = 23, + UT_GeneralizedTime = 24, + UT_VisibleString = 26, + UT_GeneralString = 27, + /* unsupported types */ + UT_ObjectDescriptor = 7, + UT_External = 8, + UT_Real = 9, + UT_EmbeddedPDV = 11, + UT_RelativeOID = 13, + UT_NumericString = 18, + UT_TeletexString = 20, + UT_VideotexString = 21, + UT_GraphicString = 25, + UT_UniversalString = 25, + UT_BMPString = 30, }; #define ASN1_INDEFINITE 0xdce0deed -#ifndef HAVE_TIMEGM -time_t timegm (struct tm *); -#endif - -int time2generalizedtime (time_t t, heim_octet_string *s); - -int der_get_int (const unsigned char *p, size_t len, int *ret, size_t *size); +typedef struct asn1_der_time_t { + time_t dt_sec; + unsigned long dt_nsec; +} asn1_der_time_t; + +typedef struct asn1_ber_time_t { + time_t bt_sec; + unsigned bt_nsec; + int bt_zone; +} asn1_ber_time_t; + +int der_get_unsigned (const unsigned char *p, size_t len, + unsigned *ret, size_t *size); +int der_get_integer (const unsigned char *p, size_t len, + int *ret, size_t *size); +int der_get_heim_integer (const unsigned char *p, size_t len, + heim_integer *ret, size_t *size); +int der_get_boolean(const unsigned char *p, size_t len, + int *data, size_t *size); int der_get_length (const unsigned char *p, size_t len, size_t *val, size_t *size); -int der_get_boolean (const unsigned char *p, size_t len, - int *data, size_t *size); int der_get_general_string (const unsigned char *p, size_t len, heim_general_string *str, size_t *size); +int der_get_utf8string (const unsigned char *p, size_t len, + heim_utf8_string *str, size_t *size); +int der_get_universal_string (const unsigned char *p, size_t len, + heim_universal_string *str, size_t *size); +int der_get_bmp_string (const unsigned char *p, size_t len, + heim_bmp_string *str, size_t *size); +int der_get_printable_string (const unsigned char *p, size_t len, + heim_printable_string *str, size_t *size); +int der_get_ia5_string (const unsigned char *p, size_t len, + heim_ia5_string *str, size_t *size); int der_get_octet_string (const unsigned char *p, size_t len, heim_octet_string *data, size_t *size); +int der_get_generalized_time (const unsigned char *p, size_t len, + time_t *data, size_t *size); +int der_get_generalized_time_der (const unsigned char *p, size_t len, + asn1_der_time_t *data, size_t *size); +int der_get_generalized_time_ber (const unsigned char *p, size_t len, + asn1_ber_time_t *data, size_t *size); +int der_get_utctime (const unsigned char *p, size_t len, + time_t *data, size_t *size); int der_get_oid (const unsigned char *p, size_t len, heim_oid *data, size_t *size); +int der_get_bit_string (const unsigned char *p, size_t len, + heim_bit_string *data, size_t *size); int der_get_tag (const unsigned char *p, size_t len, Der_class *class, Der_type *type, - int *tag, size_t *size); + unsigned int *tag, size_t *size); int der_match_tag (const unsigned char *p, size_t len, Der_class class, Der_type type, - int tag, size_t *size); + unsigned int tag, size_t *size); int der_match_tag_and_length (const unsigned char *p, size_t len, - Der_class class, Der_type type, int tag, + Der_class class, Der_type type, unsigned int tag, size_t *length_ret, size_t *size); -int decode_boolean (const unsigned char*, size_t, int*, size_t*); -int decode_integer (const unsigned char*, size_t, int*, size_t*); -int decode_unsigned (const unsigned char*, size_t, unsigned*, size_t*); -int decode_enumerated (const unsigned char*, size_t, unsigned*, size_t*); -int decode_general_string (const unsigned char*, size_t, - heim_general_string*, size_t*); -int decode_oid (const unsigned char *p, size_t len, - heim_oid *k, size_t *size); -int decode_octet_string (const unsigned char*, size_t, - heim_octet_string*, size_t*); -int decode_generalized_time (const unsigned char*, size_t, time_t*, size_t*); -int decode_nulltype (const unsigned char*, size_t, size_t*); -int decode_utf8string (const unsigned char*, size_t, - heim_utf8_string*, size_t*); - -int der_put_int (unsigned char *p, size_t len, int val, size_t*); +int der_put_unsigned (unsigned char *p, size_t len, const unsigned *val, size_t*); +int der_put_integer (unsigned char *p, size_t len, const int *val, size_t*); +int der_put_heim_integer (unsigned char *p, size_t len, + const heim_integer *val, size_t*); +int der_put_boolean (unsigned char *p, size_t len, const int *val, size_t*); + int der_put_length (unsigned char *p, size_t len, size_t val, size_t*); -int der_put_boolean (unsigned char *p, size_t len, const int *data, size_t*); int der_put_general_string (unsigned char *p, size_t len, const heim_general_string *str, size_t*); +int der_put_utf8string (unsigned char *p, size_t len, + const heim_utf8_string *str, size_t*); +int der_put_universal_string (unsigned char *p, size_t len, + const heim_universal_string *str, size_t*); +int der_put_bmp_string (unsigned char *p, size_t len, + const heim_bmp_string *str, size_t*); +int der_put_printable_string (unsigned char *p, size_t len, + const heim_printable_string *str, size_t*); +int der_put_ia5_string (unsigned char *p, size_t len, + const heim_ia5_string *str, size_t*); int der_put_octet_string (unsigned char *p, size_t len, const heim_octet_string *data, size_t*); +int der_put_generalized_time (unsigned char *p, size_t len, + const time_t *data, size_t *size); +int der_put_utctime (unsigned char *p, size_t len, + const time_t *data, size_t *size); int der_put_oid (unsigned char *p, size_t len, const heim_oid *data, size_t *size); +int der_put_bit_string (unsigned char *p, size_t len, + const heim_bit_string *data, size_t *size); int der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type, - int tag, size_t*); + unsigned int tag, size_t*); int der_put_length_and_tag (unsigned char*, size_t, size_t, - Der_class, Der_type, int, size_t*); - -int encode_boolean (unsigned char *p, size_t len, - const int *data, size_t*); -int encode_integer (unsigned char *p, size_t len, - const int *data, size_t*); -int encode_unsigned (unsigned char *p, size_t len, - const unsigned *data, size_t*); -int encode_enumerated (unsigned char *p, size_t len, - const unsigned *data, size_t*); -int encode_general_string (unsigned char *p, size_t len, - const heim_general_string *data, size_t*); -int encode_octet_string (unsigned char *p, size_t len, - const heim_octet_string *k, size_t*); -int encode_oid (unsigned char *p, size_t len, - const heim_oid *k, size_t*); -int encode_generalized_time (unsigned char *p, size_t len, - const time_t *t, size_t*); -int encode_nulltype (unsigned char*, size_t, size_t*); -int encode_utf8string (unsigned char*, size_t, - const heim_utf8_string*, size_t*); + Der_class, Der_type, unsigned int, size_t*); void free_integer (int *num); +void free_heim_integer (heim_integer *num); +void free_octet_string (heim_octet_string *k); void free_general_string (heim_general_string *str); void free_octet_string (heim_octet_string *k); void free_oid (heim_oid *k); +void free_bit_string (heim_bit_string *k); void free_generalized_time (time_t *t); +void free_utctime (time_t *t); void free_utf8string (heim_utf8_string*); +void free_printable_string (heim_printable_string*); +void free_ia5_string (heim_ia5_string*); +void free_universal_string (heim_universal_string*); +void free_bmp_string (heim_bmp_string*); size_t length_len (size_t len); -size_t length_boolean (const int *data); size_t length_integer (const int *data); +size_t length_heim_integer (const heim_integer *data); size_t length_unsigned (const unsigned *data); size_t length_enumerated (const unsigned *data); size_t length_general_string (const heim_general_string *data); size_t length_octet_string (const heim_octet_string *k); size_t length_oid (const heim_oid *k); +size_t length_bit_string (const heim_bit_string *k); size_t length_generalized_time (const time_t *t); -size_t length_nulltype (void); +size_t length_utctime (const time_t *t); size_t length_utf8string (const heim_utf8_string*); +size_t length_printable_string (const heim_printable_string*); +size_t length_ia5_string (const heim_ia5_string*); +size_t length_bmp_string (const heim_bmp_string*); +size_t length_universal_string (const heim_universal_string*); +size_t length_boolean (const int*); +int copy_heim_integer (const heim_integer *, heim_integer *); int copy_general_string (const heim_general_string *, heim_general_string *); int copy_octet_string (const heim_octet_string *, heim_octet_string *); int copy_oid (const heim_oid *from, heim_oid *to); -int copy_nulltype (void *, void *); +int copy_bit_string (const heim_bit_string *from, heim_bit_string *to); int copy_utf8string (const heim_utf8_string*, heim_utf8_string*); +int copy_printable_string (const heim_printable_string*,heim_printable_string*); +int copy_ia5_string (const heim_ia5_string*,heim_ia5_string*); +int copy_universal_string(const heim_universal_string*,heim_universal_string*); +int copy_bmp_string (const heim_bmp_string*,heim_bmp_string*); int heim_oid_cmp(const heim_oid *, const heim_oid *); int heim_octet_string_cmp(const heim_octet_string *,const heim_octet_string *); - -int fix_dce(size_t reallen, size_t *len); +int heim_bit_string_cmp(const heim_bit_string *, const heim_bit_string *); +int heim_integer_cmp(const heim_integer *, const heim_integer *); +int heim_bmp_string_cmp(const heim_bmp_string *, const heim_bmp_string *); +int heim_universal_string_cmp(const heim_universal_string *, + const heim_universal_string *); + +int der_parse_oid(const char *, heim_oid *); + +int _heim_fix_dce(size_t reallen, size_t *len); +int _heim_der_set_sort(const void *, const void *); +int _heim_time2generalizedtime (time_t, heim_octet_string *, int); + +const char * der_get_class_name(unsigned); +int der_get_class_num(const char *); +const char * der_get_type_name(unsigned); +int der_get_type_num(const char *); +const char * der_get_tag_name(unsigned); +int der_get_tag_num(const char *); #endif /* __DER_H__ */ diff --git a/source4/heimdal/lib/asn1/der_cmp.c b/source4/heimdal/lib/asn1/der_cmp.c index a5ed7ff2b3..306fcbdf57 100755 --- a/source4/heimdal/lib/asn1/der_cmp.c +++ b/source4/heimdal/lib/asn1/der_cmp.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 2003-2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,8 +33,6 @@ #include "der_locl.h" -RCSID("$Id: der_cmp.c,v 1.2 2004/04/26 20:54:02 lha Exp $"); - int heim_oid_cmp(const heim_oid *p, const heim_oid *q) { @@ -52,3 +50,50 @@ heim_octet_string_cmp(const heim_octet_string *p, const heim_octet_string *q) return p->length - q->length; return memcmp(p->data, q->data, p->length); } + +int +heim_bit_string_cmp(const heim_bit_string *p, const heim_bit_string *q) +{ + int i, r1, r2; + if (p->length != q->length) + return p->length - q->length; + i = memcmp(p->data, q->data, p->length / 8); + if (i) + return i; + if ((p->length % 8) == 0) + return 0; + i = (p->length / 8); + r1 = ((unsigned char *)p->data)[i]; + r2 = ((unsigned char *)q->data)[i]; + i = 8 - (p->length % 8); + r1 = r1 >> i; + r2 = r2 >> i; + return r1 - r2; +} + +int +heim_integer_cmp(const heim_integer *p, const heim_integer *q) +{ + if (p->length != q->length) + return p->length - q->length; + if (p->negative != q->negative) + return p->negative - q->negative; + return memcmp(p->data, q->data, p->length); +} + +int +heim_bmp_string_cmp(const heim_bmp_string *p, const heim_bmp_string *q) +{ + if (p->length != q->length) + return p->length - q->length; + return memcmp(p->data, q->data, q->length * sizeof(q->data[0])); +} + +int +heim_universal_string_cmp(const heim_universal_string *p, + const heim_universal_string *q) +{ + if (p->length != q->length) + return p->length - q->length; + return memcmp(p->data, q->data, q->length * sizeof(q->data[0])); +} diff --git a/source4/heimdal/lib/asn1/der_copy.c b/source4/heimdal/lib/asn1/der_copy.c index 936691120a..a3c9026cbf 100644 --- a/source4/heimdal/lib/asn1/der_copy.c +++ b/source4/heimdal/lib/asn1/der_copy.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_copy.c,v 1.12 2003/11/07 07:39:43 lha Exp $"); +RCSID("$Id: der_copy.c,v 1.13 2005/07/12 06:27:20 lha Exp $"); int copy_general_string (const heim_general_string *from, heim_general_string *to) @@ -44,6 +44,49 @@ copy_general_string (const heim_general_string *from, heim_general_string *to) return 0; } +int +copy_utf8string (const heim_utf8_string *from, heim_utf8_string *to) +{ + return copy_general_string(from, to); +} + +int +copy_printable_string (const heim_printable_string *from, + heim_printable_string *to) +{ + return copy_general_string(from, to); +} + +int +copy_ia5_string (const heim_printable_string *from, + heim_printable_string *to) +{ + return copy_general_string(from, to); +} + +int +copy_bmp_string (const heim_bmp_string *from, heim_bmp_string *to) +{ + to->length = from->length; + to->data = malloc(to->length * sizeof(to->data[0])); + if(to->length != 0 && to->data == NULL) + return ENOMEM; + memcpy(to->data, from->data, to->length * sizeof(to->data[0])); + return 0; +} + +int +copy_universal_string (const heim_universal_string *from, + heim_universal_string *to) +{ + to->length = from->length; + to->data = malloc(to->length * sizeof(to->data[0])); + if(to->length != 0 && to->data == NULL) + return ENOMEM; + memcpy(to->data, from->data, to->length * sizeof(to->data[0])); + return 0; +} + int copy_octet_string (const heim_octet_string *from, heim_octet_string *to) { @@ -55,6 +98,17 @@ copy_octet_string (const heim_octet_string *from, heim_octet_string *to) return 0; } +int +copy_heim_integer (const heim_integer *from, heim_integer *to) +{ + to->length = from->length; + to->data = malloc(to->length); + if(to->length != 0 && to->data == NULL) + return ENOMEM; + memcpy(to->data, from->data, to->length); + return 0; +} + int copy_oid (const heim_oid *from, heim_oid *to) { @@ -66,3 +120,17 @@ copy_oid (const heim_oid *from, heim_oid *to) to->length * sizeof(*to->components)); return 0; } + +int +copy_bit_string (const heim_bit_string *from, heim_bit_string *to) +{ + size_t len; + + len = (from->length + 7) / 8; + to->length = from->length; + to->data = malloc(len); + if(len != 0 && to->data == NULL) + return ENOMEM; + memcpy(to->data, from->data, len); + return 0; +} diff --git a/source4/heimdal/lib/asn1/der_free.c b/source4/heimdal/lib/asn1/der_free.c index bec41b1ee1..8959c3b1c3 100644 --- a/source4/heimdal/lib/asn1/der_free.c +++ b/source4/heimdal/lib/asn1/der_free.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_free.c,v 1.10 2003/08/20 16:18:49 joda Exp $"); +RCSID("$Id: der_free.c,v 1.11 2005/07/12 06:27:21 lha Exp $"); void free_general_string (heim_general_string *str) @@ -42,11 +42,56 @@ free_general_string (heim_general_string *str) *str = NULL; } +void +free_utf8string (heim_utf8_string *str) +{ + free(*str); + *str = NULL; +} + +void +free_printable_string (heim_printable_string *str) +{ + free(*str); + *str = NULL; +} + +void +free_ia5_string (heim_ia5_string *str) +{ + free_general_string(str); +} + +void +free_bmp_string (heim_bmp_string *k) +{ + free(k->data); + k->data = NULL; + k->length = 0; +} + +void +free_universal_string (heim_universal_string *k) +{ + free(k->data); + k->data = NULL; + k->length = 0; +} + void free_octet_string (heim_octet_string *k) { free(k->data); k->data = NULL; + k->length = 0; +} + +void +free_heim_integer (heim_integer *k) +{ + free(k->data); + k->data = NULL; + k->length = 0; } void @@ -54,4 +99,13 @@ free_oid (heim_oid *k) { free(k->components); k->components = NULL; + k->length = 0; +} + +void +free_bit_string (heim_bit_string *k) +{ + free(k->data); + k->data = NULL; + k->length = 0; } diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c index d33d3ca9ef..403f5ab1ba 100644 --- a/source4/heimdal/lib/asn1/der_get.c +++ b/source4/heimdal/lib/asn1/der_get.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_get.c,v 1.39 2005/05/29 14:23:00 lha Exp $"); +RCSID("$Id: der_get.c,v 1.44 2005/07/19 18:04:00 lha Exp $"); #include @@ -45,13 +45,18 @@ RCSID("$Id: der_get.c,v 1.39 2005/05/29 14:23:00 lha Exp $"); * Either 0 or an error code is returned. */ -static int +int der_get_unsigned (const unsigned char *p, size_t len, unsigned *ret, size_t *size) { unsigned val = 0; size_t oldlen = len; + if (len == sizeof(unsigned) + 1 && p[0] == 0) + ; + else if (len > sizeof(unsigned)) + return ASN1_OVERRUN; + while (len--) val = val * 256 + *p++; *ret = val; @@ -60,12 +65,15 @@ der_get_unsigned (const unsigned char *p, size_t len, } int -der_get_int (const unsigned char *p, size_t len, - int *ret, size_t *size) +der_get_integer (const unsigned char *p, size_t len, + int *ret, size_t *size) { int val = 0; size_t oldlen = len; + if (len > sizeof(int)) + return ASN1_OVERRUN; + if (len > 0) { val = (signed char)*p++; while (--len) @@ -76,19 +84,6 @@ der_get_int (const unsigned char *p, size_t len, return 0; } -int -der_get_boolean(const unsigned char *p, size_t len, int *data, size_t *size) -{ - if(len < 1) - return ASN1_OVERRUN; - if(*p != 0) - *data = 1; - else - *data = 0; - *size = 1; - return 0; -} - int der_get_length (const unsigned char *p, size_t len, size_t *val, size_t *size) @@ -123,12 +118,28 @@ der_get_length (const unsigned char *p, size_t len, return 0; } +int +der_get_boolean(const unsigned char *p, size_t len, int *data, size_t *size) +{ + if(len < 1) + return ASN1_OVERRUN; + if(*p != 0) + *data = 1; + else + *data = 0; + *size = 1; + return 0; +} + int der_get_general_string (const unsigned char *p, size_t len, heim_general_string *str, size_t *size) { char *s; + if (len > len + 1) + return ASN1_BAD_LENGTH; + s = malloc (len + 1); if (s == NULL) return ENOMEM; @@ -139,6 +150,70 @@ der_get_general_string (const unsigned char *p, size_t len, return 0; } +int +der_get_utf8string (const unsigned char *p, size_t len, + heim_utf8_string *str, size_t *size) +{ + return der_get_general_string(p, len, str, size); +} + +int +der_get_printable_string (const unsigned char *p, size_t len, + heim_printable_string *str, size_t *size) +{ + return der_get_general_string(p, len, str, size); +} + +int +der_get_ia5_string (const unsigned char *p, size_t len, + heim_ia5_string *str, size_t *size) +{ + return der_get_general_string(p, len, str, size); +} + +int +der_get_bmp_string (const unsigned char *p, size_t len, + heim_bmp_string *data, size_t *size) +{ + size_t i; + + if (len & 1) + return ASN1_BAD_FORMAT; + data->length = len / 2; + data->data = malloc(data->length * sizeof(data->data[0])); + if (data->data == NULL && data->length != 0) + return ENOMEM; + + for (i = 0; i < data->length; i++) { + data->data[i] = (p[0] << 8) | p[1]; + p += 2; + } + if (size) *size = len; + + return 0; +} + +int +der_get_universal_string (const unsigned char *p, size_t len, + heim_universal_string *data, size_t *size) +{ + size_t i; + + if (len & 3) + return ASN1_BAD_FORMAT; + data->length = len / 4; + data->data = malloc(data->length * sizeof(data->data[0])); + if (data->data == NULL && data->length != 0) + return ENOMEM; + + for (i = 0; i < data->length; i++) { + data->data[i] = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + p += 4; + } + if (size) *size = len; + return 0; +} + int der_get_octet_string (const unsigned char *p, size_t len, heim_octet_string *data, size_t *size) @@ -152,6 +227,108 @@ der_get_octet_string (const unsigned char *p, size_t len, return 0; } +int +der_get_heim_integer (const unsigned char *p, size_t len, + heim_integer *data, size_t *size) +{ + data->length = 0; + data->negative = 0; + data->data = NULL; + + if (len == 0) { + if (size) + *size = 0; + return 0; + } + if (p[0] & 0x80) { + data->negative = 1; + + return ASN1_OVERRUN; + } else { + data->negative = 0; + data->length = len; + + if (p[0] == 0 && data->length != 1) { + p++; + data->length--; + } + data->data = malloc(data->length); + if (data->data == NULL) { + data->length = 0; + return ENOMEM; + } + memcpy(data->data, p, data->length); + } + if (size) + *size = len; + return 0; +} + +static int +generalizedtime2time (const char *s, time_t *t) +{ + struct tm tm; + + memset(&tm, 0, sizeof(tm)); + if (sscanf (s, "%04d%02d%02d%02d%02d%02dZ", + &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, + &tm.tm_min, &tm.tm_sec) != 6) { + if (sscanf (s, "%02d%02d%02d%02d%02d%02dZ", + &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, + &tm.tm_min, &tm.tm_sec) != 6) + return ASN1_BAD_TIMEFORMAT; + if (tm.tm_year < 50) + tm.tm_year += 2000; + else + tm.tm_year += 1900; + } + tm.tm_year -= 1900; + tm.tm_mon -= 1; + *t = timegm (&tm); + return 0; +} + +static int +der_get_time (const unsigned char *p, size_t len, + time_t *data, size_t *size) +{ + heim_octet_string k; + char *times; + size_t ret = 0; + size_t l; + int e; + + e = der_get_octet_string (p, len, &k, &l); + if (e) return e; + p += l; + len -= l; + ret += l; + times = realloc(k.data, k.length + 1); + if (times == NULL){ + free(k.data); + return ENOMEM; + } + times[k.length] = 0; + e = generalizedtime2time(times, data); + free (times); + if(size) *size = ret; + return e; +} + +int +der_get_generalized_time (const unsigned char *p, size_t len, + time_t *data, size_t *size) +{ + return der_get_time(p, len, data, size); +} + +int +der_get_utctime (const unsigned char *p, size_t len, + time_t *data, size_t *size) +{ + return der_get_time(p, len, data, size); +} + int der_get_oid (const unsigned char *p, size_t len, heim_oid *data, size_t *size) @@ -162,6 +339,9 @@ der_get_oid (const unsigned char *p, size_t len, if (len < 1) return ASN1_OVERRUN; + if (len > len + 1) + return ASN1_BAD_LENGTH; + data->components = malloc((len + 1) * sizeof(*data->components)); if (data->components == NULL) return ENOMEM; @@ -170,15 +350,21 @@ der_get_oid (const unsigned char *p, size_t len, --len; ++p; for (n = 2; len > 0; ++n) { - unsigned u = 0; - + unsigned u = 0, u1; + do { --len; - u = u * 128 + (*p++ % 128); + u1 = u * 128 + (*p++ % 128); + /* check that we don't overflow the element */ + if (u1 < u) { + free_oid(data); + return ASN1_OVERRUN; + } + u = u1; } while (len > 0 && p[-1] & 0x80); data->components[n] = u; } - if (len > 0 && p[-1] & 0x80) { + if (n > 2 && p[-1] & 0x80) { free_oid (data); return ASN1_OVERRUN; } @@ -191,26 +377,44 @@ der_get_oid (const unsigned char *p, size_t len, int der_get_tag (const unsigned char *p, size_t len, Der_class *class, Der_type *type, - int *tag, size_t *size) + unsigned int *tag, size_t *size) { + size_t ret = 0; if (len < 1) return ASN1_OVERRUN; *class = (Der_class)(((*p) >> 6) & 0x03); *type = (Der_type)(((*p) >> 5) & 0x01); - *tag = (*p) & 0x1F; - if(size) *size = 1; + *tag = (*p) & 0x1f; + p++; len--; ret++; + if(*tag == 0x1f) { + unsigned int continuation; + unsigned int tag1; + *tag = 0; + do { + if(len < 1) + return ASN1_OVERRUN; + continuation = *p & 128; + tag1 = *tag * 128 + (*p % 128); + /* check that we don't overflow the tag */ + if (tag1 < *tag) + return ASN1_OVERFLOW; + *tag = tag1; + p++; len--; ret++; + } while(continuation); + } + if(size) *size = ret; return 0; } int der_match_tag (const unsigned char *p, size_t len, Der_class class, Der_type type, - int tag, size_t *size) + unsigned int tag, size_t *size) { size_t l; Der_class thisclass; Der_type thistype; - int thistag; + unsigned int thistag; int e; e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l); @@ -227,7 +431,7 @@ der_match_tag (const unsigned char *p, size_t len, int der_match_tag_and_length (const unsigned char *p, size_t len, - Der_class class, Der_type type, int tag, + Der_class class, Der_type type, unsigned int tag, size_t *length_ret, size_t *size) { size_t l, ret = 0; @@ -238,7 +442,6 @@ der_match_tag_and_length (const unsigned char *p, size_t len, p += l; len -= l; ret += l; - e = der_get_length (p, len, length_ret, &l); if (e) return e; p += l; @@ -248,286 +451,50 @@ der_match_tag_and_length (const unsigned char *p, size_t len, return 0; } -int -decode_boolean (const unsigned char *p, size_t len, - int *num, size_t *size) -{ - size_t ret = 0; - size_t l, reallen; - int e; - - e = der_match_tag (p, len, ASN1_C_UNIV, PRIM, UT_Boolean, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - - e = der_get_length (p, len, &reallen, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - if (reallen > len) - return ASN1_OVERRUN; - - e = der_get_boolean (p, reallen, num, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - if(size) *size = ret; - return 0; -} - -int -decode_integer (const unsigned char *p, size_t len, - int *num, size_t *size) -{ - size_t ret = 0; - size_t l, reallen; - int e; - - e = der_match_tag (p, len, ASN1_C_UNIV, PRIM, UT_Integer, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - - e = der_get_length (p, len, &reallen, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - if (reallen > len) - return ASN1_OVERRUN; - - e = der_get_int (p, reallen, num, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - if(size) *size = ret; - return 0; -} - -int -decode_unsigned (const unsigned char *p, size_t len, - unsigned *num, size_t *size) -{ - size_t ret = 0; - size_t l, reallen; - int e; - - e = der_match_tag (p, len, ASN1_C_UNIV, PRIM, UT_Integer, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - - e = der_get_length (p, len, &reallen, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - if (reallen > len) - return ASN1_OVERRUN; - - e = der_get_unsigned (p, reallen, num, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - if(size) *size = ret; - return 0; -} - -int -decode_enumerated (const unsigned char *p, size_t len, - unsigned *num, size_t *size) -{ - size_t ret = 0; - size_t l, reallen; - int e; - - e = der_match_tag (p, len, ASN1_C_UNIV, PRIM, UT_Enumerated, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - - e = der_get_length (p, len, &reallen, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - if (reallen > len) - return ASN1_OVERRUN; - - e = der_get_int (p, reallen, num, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - if(size) *size = ret; - return 0; -} - -int -decode_general_string (const unsigned char *p, size_t len, - heim_general_string *str, size_t *size) -{ - size_t ret = 0; - size_t l, reallen; - int e; - - e = der_match_tag (p, len, ASN1_C_UNIV, PRIM, UT_GeneralString, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - - e = der_get_length (p, len, &reallen, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - if (len < reallen) - return ASN1_OVERRUN; - - e = der_get_general_string (p, reallen, str, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - if(size) *size = ret; - return 0; -} +/* + * Old versions of DCE was based on a very early beta of the MIT code, + * which used MAVROS for ASN.1 encoding. MAVROS had the interesting + * feature that it encoded data in the forward direction, which has + * it's problems, since you have no idea how long the data will be + * until after you're done. MAVROS solved this by reserving one byte + * for length, and later, if the actual length was longer, it reverted + * to indefinite, BER style, lengths. The version of MAVROS used by + * the DCE people could apparently generate correct X.509 DER encodings, and + * did this by making space for the length after encoding, but + * unfortunately this feature wasn't used with Kerberos. + */ int -decode_octet_string (const unsigned char *p, size_t len, - heim_octet_string *k, size_t *size) +_heim_fix_dce(size_t reallen, size_t *len) { - size_t ret = 0; - size_t l, reallen; - int e; - - e = der_match_tag (p, len, ASN1_C_UNIV, PRIM, UT_OctetString, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - - e = der_get_length (p, len, &reallen, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - if (len < reallen) - return ASN1_OVERRUN; - - e = der_get_octet_string (p, reallen, k, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - if(size) *size = ret; + if(reallen == ASN1_INDEFINITE) + return 1; + if(*len < reallen) + return -1; + *len = reallen; return 0; } int -decode_oid (const unsigned char *p, size_t len, - heim_oid *k, size_t *size) +der_get_bit_string (const unsigned char *p, size_t len, + heim_bit_string *data, size_t *size) { - size_t ret = 0; - size_t l, reallen; - int e; - - e = der_match_tag (p, len, ASN1_C_UNIV, PRIM, UT_OID, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - - e = der_get_length (p, len, &reallen, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - if (len < reallen) + if (len < 1) return ASN1_OVERRUN; - - e = der_get_oid (p, reallen, k, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - if(size) *size = ret; - return 0; -} - -static void -generalizedtime2time (const char *s, time_t *t) -{ - struct tm tm; - - memset(&tm, 0, sizeof(tm)); - sscanf (s, "%04d%02d%02d%02d%02d%02dZ", - &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, - &tm.tm_min, &tm.tm_sec); - tm.tm_year -= 1900; - tm.tm_mon -= 1; - *t = timegm (&tm); -} - -int -decode_generalized_time (const unsigned char *p, size_t len, - time_t *t, size_t *size) -{ - heim_octet_string k; - char *times; - size_t ret = 0; - size_t l, reallen; - int e; - - e = der_match_tag (p, len, ASN1_C_UNIV, PRIM, UT_GeneralizedTime, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - - e = der_get_length (p, len, &reallen, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - if (len < reallen) + if (p[0] > 7) + return ASN1_BAD_FORMAT; + if (len - 1 == 0 && p[0] != 0) + return ASN1_BAD_FORMAT; + /* check if any of the three upper bits are set + * any of them will cause a interger overrun */ + if ((len - 1) >> (sizeof(len) * 8 - 3)) return ASN1_OVERRUN; - - e = der_get_octet_string (p, reallen, &k, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - times = realloc(k.data, k.length + 1); - if (times == NULL){ - free(k.data); + data->length = (len - 1) * 8; + data->data = malloc(len - 1); + if (data->data == NULL && (len - 1) != 0) return ENOMEM; - } - times[k.length] = 0; - generalizedtime2time (times, t); - free (times); - if(size) *size = ret; - return 0; -} - - -int -fix_dce(size_t reallen, size_t *len) -{ - if(reallen == ASN1_INDEFINITE) - return 1; - if(*len < reallen) - return -1; - *len = reallen; + memcpy (data->data, p + 1, len - 1); + data->length -= p[0]; + if(size) *size = len; return 0; } diff --git a/source4/heimdal/lib/asn1/der_length.c b/source4/heimdal/lib/asn1/der_length.c index cb07254a67..e818267bf4 100644 --- a/source4/heimdal/lib/asn1/der_length.c +++ b/source4/heimdal/lib/asn1/der_length.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,17 +33,23 @@ #include "der_locl.h" -RCSID("$Id: der_length.c,v 1.16 2004/02/07 14:27:59 lha Exp $"); +RCSID("$Id: der_length.c,v 1.17 2005/07/12 06:27:22 lha Exp $"); size_t _heim_len_unsigned (unsigned val) { size_t ret = 0; - + int last_val_gt_128; + do { ++ret; + last_val_gt_128 = (val >= 128); val /= 256; } while (val); + + if(last_val_gt_128) + ret++; + return ret; } @@ -83,12 +89,10 @@ len_oid (const heim_oid *oid) for (n = 2; n < oid->length; ++n) { unsigned u = oid->components[n]; - ++ret; - u /= 128; - while (u > 0) { + do { ++ret; u /= 128; - } + } while(u > 0); } return ret; } @@ -98,68 +102,91 @@ length_len (size_t len) { if (len < 128) return 1; - else - return _heim_len_unsigned (len) + 1; + else { + int ret = 0; + do { + ++ret; + len /= 256; + } while (len); + return ret + 1; + } } size_t -length_boolean (const int *data) +length_integer (const int *data) { - return 1 + length_len(1) + 1; + return _heim_len_int (*data); } size_t -length_integer (const int *data) +length_unsigned (const unsigned *data) { - size_t len = _heim_len_int (*data); + return _heim_len_unsigned(*data); +} - return 1 + length_len(len) + len; +size_t +length_enumerated (const unsigned *data) +{ + return _heim_len_int (*data); } size_t -length_unsigned (const unsigned *data) +length_general_string (const heim_general_string *data) { - unsigned val = *data; - size_t len = 0; - - while (val > 255) { - ++len; - val /= 256; - } - len++; - if (val >= 128) - len++; - return 1 + length_len(len) + len; + return strlen(*data); } size_t -length_enumerated (const unsigned *data) +length_utf8string (const heim_utf8_string *data) { - size_t len = _heim_len_int (*data); + return strlen(*data); +} - return 1 + length_len(len) + len; +size_t +length_printable_string (const heim_printable_string *data) +{ + return strlen(*data); } size_t -length_general_string (const heim_general_string *data) +length_ia5_string (const heim_ia5_string *data) +{ + return strlen(*data); +} + +size_t +length_bmp_string (const heim_bmp_string *data) { - char *str = *data; - size_t len = strlen(str); - return 1 + length_len(len) + len; + return data->length * 2; +} + +size_t +length_universal_string (const heim_universal_string *data) +{ + return data->length * 4; } size_t length_octet_string (const heim_octet_string *k) { - return 1 + length_len(k->length) + k->length; + return k->length; } size_t -length_oid (const heim_oid *k) +length_heim_integer (const heim_integer *k) { - size_t len = len_oid (k); + if (k->length == 0) + return 1; + if (k->negative) + return k->length + ((((unsigned char *)k->data)[0] & 0x80) ? 0 : 1); + else + return k->length + ((((unsigned char *)k->data)[0] & 0x80) ? 1 : 0); +} - return 1 + length_len(len) + len; +size_t +length_oid (const heim_oid *k) +{ + return len_oid (k); } size_t @@ -168,8 +195,32 @@ length_generalized_time (const time_t *t) heim_octet_string k; size_t ret; - time2generalizedtime (*t, &k); - ret = 1 + length_len(k.length) + k.length; - free (k.data); + _heim_time2generalizedtime (*t, &k, 1); + ret = k.length; + free(k.data); + return ret; +} + +size_t +length_utctime (const time_t *t) +{ + heim_octet_string k; + size_t ret; + + _heim_time2generalizedtime (*t, &k, 0); + ret = k.length; + free(k.data); return ret; } + +size_t +length_boolean (const int *k) +{ + return 1; +} + +size_t +length_bit_string (const heim_bit_string *k) +{ + return (k->length + 7) / 8 + 1; +} diff --git a/source4/heimdal/lib/asn1/der_locl.h b/source4/heimdal/lib/asn1/der_locl.h index 67e1e877f6..1127383e6c 100644 --- a/source4/heimdal/lib/asn1/der_locl.h +++ b/source4/heimdal/lib/asn1/der_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002, 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: der_locl.h,v 1.5 2004/02/07 14:16:53 lha Exp $ */ +/* $Id: der_locl.h,v 1.6 2005/07/12 06:27:22 lha Exp $ */ #ifndef __DER_LOCL_H__ #define __DER_LOCL_H__ @@ -53,6 +53,10 @@ #include #include +#ifndef HAVE_TIMEGM +time_t timegm (struct tm *); +#endif + size_t _heim_len_unsigned (unsigned); size_t _heim_len_int (int); diff --git a/source4/heimdal/lib/asn1/der_put.c b/source4/heimdal/lib/asn1/der_put.c index 687dedd09f..b006f233ca 100644 --- a/source4/heimdal/lib/asn1/der_put.c +++ b/source4/heimdal/lib/asn1/der_put.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_put.c,v 1.32 2005/05/29 14:23:01 lha Exp $"); +RCSID("$Id: der_put.c,v 1.33 2005/07/12 06:27:23 lha Exp $"); /* * All encoding functions take a pointer `p' to first position in @@ -43,10 +43,11 @@ RCSID("$Id: der_put.c,v 1.32 2005/05/29 14:23:01 lha Exp $"); * The return value is 0 or an error. */ -static int -der_put_unsigned (unsigned char *p, size_t len, unsigned val, size_t *size) +int +der_put_unsigned (unsigned char *p, size_t len, const unsigned *v, size_t *size) { unsigned char *base = p; + unsigned val = *v; if (val) { while (len > 0 && val) { @@ -57,6 +58,11 @@ der_put_unsigned (unsigned char *p, size_t len, unsigned val, size_t *size) if (val != 0) return ASN1_OVERFLOW; else { + if(p[1] >= 128) { + if(len < 1) + return ASN1_OVERFLOW; + *p-- = 0; + } *size = base - p; return 0; } @@ -70,9 +76,10 @@ der_put_unsigned (unsigned char *p, size_t len, unsigned val, size_t *size) } int -der_put_int (unsigned char *p, size_t len, int val, size_t *size) +der_put_integer (unsigned char *p, size_t len, const int *v, size_t *size) { unsigned char *base = p; + int val = *v; if(val >= 0) { do { @@ -114,22 +121,26 @@ der_put_length (unsigned char *p, size_t len, size_t val, size_t *size) { if (len < 1) return ASN1_OVERFLOW; + if (val < 128) { *p = val; *size = 1; - return 0; } else { - size_t l; - int e; + size_t l = 0; - e = der_put_unsigned (p, len - 1, val, &l); - if (e) - return e; - p -= l; + while(val > 0) { + if(len < 2) + return ASN1_OVERFLOW; + *p-- = val % 256; + val /= 256; + len--; + l++; + } *p = 0x80 | l; - *size = l + 1; - return 0; + if(size) + *size = l + 1; } + return 0; } int @@ -161,254 +172,247 @@ der_put_general_string (unsigned char *p, size_t len, } int -der_put_octet_string (unsigned char *p, size_t len, - const heim_octet_string *data, size_t *size) +der_put_utf8string (unsigned char *p, size_t len, + const heim_utf8_string *str, size_t *size) { - if (len < data->length) - return ASN1_OVERFLOW; - p -= data->length; - len -= data->length; - memcpy (p+1, data->data, data->length); - *size = data->length; - return 0; + return der_put_general_string(p, len, str, size); } int -der_put_oid (unsigned char *p, size_t len, - const heim_oid *data, size_t *size) +der_put_printable_string (unsigned char *p, size_t len, + const heim_printable_string *str, size_t *size) { - unsigned char *base = p; - int n; - - for (n = data->length - 1; n >= 2; --n) { - unsigned u = data->components[n]; - - if (len < 1) - return ASN1_OVERFLOW; - *p-- = u % 128; - u /= 128; - --len; - while (u > 0) { - if (len < 1) - return ASN1_OVERFLOW; - *p-- = 128 + u % 128; - u /= 128; - --len; - } - } - if (len < 1) - return ASN1_OVERFLOW; - *p-- = 40 * data->components[0] + data->components[1]; - *size = base - p; - return 0; + return der_put_general_string(p, len, str, size); } int -der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type, - int tag, size_t *size) +der_put_ia5_string (unsigned char *p, size_t len, + const heim_ia5_string *str, size_t *size) { - if (len < 1) - return ASN1_OVERFLOW; - *p = (class << 6) | (type << 5) | tag; /* XXX */ - *size = 1; - return 0; + return der_put_general_string(p, len, str, size); } int -der_put_length_and_tag (unsigned char *p, size_t len, size_t len_val, - Der_class class, Der_type type, int tag, size_t *size) +der_put_bmp_string (unsigned char *p, size_t len, + const heim_bmp_string *data, size_t *size) { - size_t ret = 0; - size_t l; - int e; - - e = der_put_length (p, len, len_val, &l); - if(e) - return e; - p -= l; - len -= l; - ret += l; - e = der_put_tag (p, len, class, type, tag, &l); - if(e) - return e; - p -= l; - len -= l; - ret += l; - *size = ret; + size_t i; + if (len / 2 < data->length) + return ASN1_OVERFLOW; + p -= data->length * 2; + len -= data->length * 2; + for (i = 0; i < data->length; i++) { + p[1] = (data->data[i] >> 8) & 0xff; + p[2] = data->data[i] & 0xff; + p += 2; + } + if (size) *size = data->length * 2; return 0; } int -encode_boolean (unsigned char *p, size_t len, const int *data, - size_t *size) +der_put_universal_string (unsigned char *p, size_t len, + const heim_universal_string *data, size_t *size) { - size_t ret = 0; - size_t l; - int e; - - e = der_put_boolean (p, len, data, &l); - if(e) - return e; - p -= l; - len -= l; - ret += l; - e = der_put_length_and_tag (p, len, l, ASN1_C_UNIV, PRIM, UT_Boolean, &l); - if (e) - return e; - p -= l; - len -= l; - ret += l; - *size = ret; + size_t i; + if (len / 4 < data->length) + return ASN1_OVERFLOW; + p -= data->length * 4; + len -= data->length * 4; + for (i = 0; i < data->length; i++) { + p[1] = (data->data[i] >> 24) & 0xff; + p[2] = (data->data[i] >> 16) & 0xff; + p[3] = (data->data[i] >> 8) & 0xff; + p[4] = data->data[i] & 0xff; + p += 4; + } + if (size) *size = data->length * 4; return 0; } int -encode_integer (unsigned char *p, size_t len, const int *data, size_t *size) +der_put_octet_string (unsigned char *p, size_t len, + const heim_octet_string *data, size_t *size) { - int num = *data; - size_t ret = 0; - size_t l; - int e; - - e = der_put_int (p, len, num, &l); - if(e) - return e; - p -= l; - len -= l; - ret += l; - e = der_put_length_and_tag (p, len, l, ASN1_C_UNIV, PRIM, UT_Integer, &l); - if (e) - return e; - p -= l; - len -= l; - ret += l; - *size = ret; + if (len < data->length) + return ASN1_OVERFLOW; + p -= data->length; + len -= data->length; + memcpy (p+1, data->data, data->length); + *size = data->length; return 0; } int -encode_unsigned (unsigned char *p, size_t len, const unsigned *data, - size_t *size) +der_put_heim_integer (unsigned char *p, size_t len, + const heim_integer *data, size_t *size) { - unsigned num = *data; - size_t ret = 0; - size_t l; - int e; - - e = der_put_unsigned (p, len, num, &l); - if(e) - return e; - p -= l; - len -= l; - ret += l; - /* if first octet has msb set, we need to pad with a zero byte */ - if(p[1] >= 128) { - if(len == 0) + unsigned char *buf = data->data; + int hibitset = 0; + + if (data->length == 0) { + if (len < 1) return ASN1_OVERFLOW; *p-- = 0; - len--; - ret++; - l++; + if (size) + *size = 1; + return 0; } - e = der_put_length_and_tag (p, len, l, ASN1_C_UNIV, PRIM, UT_Integer, &l); - if (e) - return e; - p -= l; - len -= l; - ret += l; - *size = ret; + if (len < data->length) + return ASN1_OVERFLOW; + + len -= data->length; + + if (data->negative) { + int i, carry; + for (i = data->length - 1, carry = 1; i >= 0; i--) { + *p = buf[i] ^ 0xff; + if (carry) + carry = !++*p; + p--; + } + if (p[1] < 128) { + if (len < 1) + return ASN1_OVERFLOW; + *p-- = 0xff; + len--; + hibitset = 1; + } + } else { + p -= data->length; + memcpy(p + 1, buf, data->length); + + if (p[1] >= 128) { + if (len < 1) + return ASN1_OVERFLOW; + p[0] = 0; + len--; + hibitset = 1; + } + } + if (size) + *size = data->length + hibitset; return 0; } int -encode_enumerated (unsigned char *p, size_t len, const unsigned *data, - size_t *size) +der_put_generalized_time (unsigned char *p, size_t len, + const time_t *data, size_t *size) { - unsigned num = *data; - size_t ret = 0; + heim_octet_string k; size_t l; int e; - - e = der_put_int (p, len, num, &l); - if(e) - return e; - p -= l; - len -= l; - ret += l; - e = der_put_length_and_tag (p, len, l, ASN1_C_UNIV, PRIM, UT_Enumerated, &l); + + e = _heim_time2generalizedtime (*data, &k, 1); if (e) return e; - p -= l; - len -= l; - ret += l; - *size = ret; + e = der_put_octet_string(p, len, &k, &l); + free(k.data); + if(e) + return e; + if(size) + *size = l; return 0; } int -encode_general_string (unsigned char *p, size_t len, - const heim_general_string *data, size_t *size) +der_put_utctime (unsigned char *p, size_t len, + const time_t *data, size_t *size) { - size_t ret = 0; + heim_octet_string k; size_t l; int e; - e = der_put_general_string (p, len, data, &l); + e = _heim_time2generalizedtime (*data, &k, 0); if (e) return e; - p -= l; - len -= l; - ret += l; - e = der_put_length_and_tag (p, len, l, ASN1_C_UNIV, PRIM, UT_GeneralString, &l); - if (e) + e = der_put_octet_string(p, len, &k, &l); + free(k.data); + if(e) return e; - p -= l; - len -= l; - ret += l; - *size = ret; + if(size) + *size = l; return 0; } int -encode_octet_string (unsigned char *p, size_t len, - const heim_octet_string *k, size_t *size) +der_put_oid (unsigned char *p, size_t len, + const heim_oid *data, size_t *size) { - size_t ret = 0; - size_t l; - int e; + unsigned char *base = p; + int n; - e = der_put_octet_string (p, len, k, &l); - if (e) - return e; - p -= l; - len -= l; - ret += l; - e = der_put_length_and_tag (p, len, l, ASN1_C_UNIV, PRIM, UT_OctetString, &l); - if (e) - return e; - p -= l; - len -= l; - ret += l; - *size = ret; + for (n = data->length - 1; n >= 2; --n) { + unsigned u = data->components[n]; + + if (len < 1) + return ASN1_OVERFLOW; + *p-- = u % 128; + u /= 128; + --len; + while (u > 0) { + if (len < 1) + return ASN1_OVERFLOW; + *p-- = 128 + u % 128; + u /= 128; + --len; + } + } + if (len < 1) + return ASN1_OVERFLOW; + *p-- = 40 * data->components[0] + data->components[1]; + *size = base - p; + return 0; +} + +int +der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type, + unsigned int tag, size_t *size) +{ + if (tag <= 30) { + if (len < 1) + return ASN1_OVERFLOW; + *p = MAKE_TAG(class, type, tag); + *size = 1; + } else { + size_t ret = 0; + unsigned int continuation = 0; + + do { + if (len < 1) + return ASN1_OVERFLOW; + *p-- = tag % 128 | continuation; + len--; + ret++; + tag /= 128; + continuation = 0x80; + } while(tag > 0); + if (len < 1) + return ASN1_OVERFLOW; + *p-- = MAKE_TAG(class, type, 0x1f); + ret++; + *size = ret; + } return 0; } int -encode_oid(unsigned char *p, size_t len, - const heim_oid *k, size_t *size) +der_put_length_and_tag (unsigned char *p, size_t len, size_t len_val, + Der_class class, Der_type type, + unsigned int tag, size_t *size) { size_t ret = 0; size_t l; int e; - e = der_put_oid (p, len, k, &l); - if (e) + e = der_put_length (p, len, len_val, &l); + if(e) return e; p -= l; len -= l; ret += l; - e = der_put_length_and_tag (p, len, l, ASN1_C_UNIV, PRIM, UT_OID, &l); - if (e) + e = der_put_tag (p, len, class, type, tag, &l); + if(e) return e; p -= l; len -= l; @@ -418,50 +422,55 @@ encode_oid(unsigned char *p, size_t len, } int -time2generalizedtime (time_t t, heim_octet_string *s) +_heim_time2generalizedtime (time_t t, heim_octet_string *s, int gtimep) { struct tm *tm; - size_t len; - - len = 15; + const size_t len = gtimep ? 15 : 13; s->data = malloc(len + 1); if (s->data == NULL) return ENOMEM; s->length = len; tm = gmtime (&t); - snprintf (s->data, len + 1, "%04d%02d%02d%02d%02d%02dZ", - tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, - tm->tm_hour, tm->tm_min, tm->tm_sec); + if (gtimep) + snprintf (s->data, len + 1, "%04d%02d%02d%02d%02d%02dZ", + tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, + tm->tm_hour, tm->tm_min, tm->tm_sec); + else + snprintf (s->data, len + 1, "%02d%02d%02d%02d%02d%02dZ", + tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday, + tm->tm_hour, tm->tm_min, tm->tm_sec); + return 0; } int -encode_generalized_time (unsigned char *p, size_t len, - const time_t *t, size_t *size) +der_put_bit_string (unsigned char *p, size_t len, + const heim_bit_string *data, size_t *size) { - size_t ret = 0; - size_t l; - heim_octet_string k; - int e; - - e = time2generalizedtime (*t, &k); - if (e) - return e; - e = der_put_octet_string (p, len, &k, &l); - free (k.data); - if (e) - return e; - p -= l; - len -= l; - ret += l; - e = der_put_length_and_tag (p, len, k.length, ASN1_C_UNIV, PRIM, - UT_GeneralizedTime, &l); - if (e) - return e; - p -= l; - len -= l; - ret += l; - *size = ret; + size_t data_size = (data->length + 7) / 8; + if (len < data_size + 1) + return ASN1_OVERFLOW; + p -= data_size + 1; + len -= data_size + 1; + memcpy (p+2, data->data, data_size); + if (data->length && (data->length % 8) != 0) + p[1] = 8 - (data->length % 8); + else + p[1] = 0; + *size = data_size + 1; return 0; } + +int +_heim_der_set_sort(const void *a1, const void *a2) +{ + const struct heim_octet_string *s1 = a1, *s2 = a2; + int ret; + + ret = memcmp(s1->data, s2->data, + s1->length < s2->length ? s1->length : s2->length); + if(ret) + return ret; + return s1->length - s2->length; +} diff --git a/source4/heimdal/lib/asn1/extra.c b/source4/heimdal/lib/asn1/extra.c new file mode 100644 index 0000000000..ba081e3a63 --- /dev/null +++ b/source4/heimdal/lib/asn1/extra.c @@ -0,0 +1,159 @@ +/* + * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "der_locl.h" +#include "heim_asn1.h" + +RCSID("$Id: extra.c,v 1.5 2005/07/19 18:05:16 lha Exp $"); + +int +encode_heim_any(unsigned char *p, size_t len, + const heim_any *data, size_t *size) +{ + if (data->length > len) + return ASN1_OVERFLOW; + p -= data->length; + len -= data->length; + memcpy (p+1, data->data, data->length); + *size = data->length; + return 0; +} + +int +decode_heim_any(const unsigned char *p, size_t len, + heim_any *data, size_t *size) +{ + size_t len_len, length, l; + Der_class thisclass; + Der_type thistype; + unsigned int thistag; + int e; + + if (data == NULL && len == 0) { /* XXX tag less OPTIONAL */ + *size = 0; + return 0; + } + + e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l); + if (e) return e; + if (l > len) + return ASN1_OVERFLOW; + e = der_get_length(p + l, len - l, &length, &len_len); + if (e) return e; + if (length + len_len + l > len) + return ASN1_OVERFLOW; + + if (data) { /* XXX hack to workaround tag less OPTIONAL data */ + memset(data, 0, sizeof(*data)); + + data->data = malloc(length + len_len + l); + if (data->data == NULL) + return ENOMEM; + data->length = length + len_len + l; + memcpy(data->data, p, length + len_len + l); + } + if (size) *size = length + len_len + l; + return 0; +} + +void +free_heim_any(heim_any *data) +{ + free(data->data); + data->data = NULL; +} + +size_t +length_heim_any(const heim_any *data) +{ + return data->length; +} + +int +copy_heim_any(const heim_any *from, heim_any *to) +{ + to->data = malloc(from->length); + if (to->data == NULL && from->length != 0) + return ENOMEM; + memcpy(to->data, from->data, from->length); + to->length = from->length; + return 0; +} + +int +encode_heim_any_set(unsigned char *p, size_t len, + const heim_any_set *data, size_t *size) +{ + return encode_heim_any(p, len, data, size); +} + + +int +decode_heim_any_set(const unsigned char *p, size_t len, + heim_any_set *data, size_t *size) +{ + memset(data, 0, sizeof(*data)); + data->data = malloc(len); + if (data->data == NULL && len != 0) + return ENOMEM; + data->length = len; + memcpy(data->data, p, len); + if (size) *size = len; + return 0; +} + +void +free_heim_any_set(heim_any_set *data) +{ + free_heim_any(data); +} + +size_t +length_heim_any_set(const heim_any *data) +{ + return length_heim_any(data); +} + +int +copy_heim_any_set(const heim_any_set *from, heim_any_set *to) +{ + return copy_heim_any(from, to); +} + +int +heim_any_cmp(const heim_any_set *p, const heim_any_set *q) +{ + if (p->length != q->length) + return p->length - q->length; + return memcmp(p->data, q->data, p->length); +} diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c index 67cc5ce65a..1189a03ab1 100644 --- a/source4/heimdal/lib/asn1/gen.c +++ b/source4/heimdal/lib/asn1/gen.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c,v 1.59 2005/06/16 19:58:15 lha Exp $"); +RCSID("$Id: gen.c,v 1.62 2005/07/19 18:46:50 lha Exp $"); FILE *headerfile, *codefile, *logfile; @@ -41,7 +41,7 @@ FILE *headerfile, *codefile, *logfile; static const char *orig_filename; static char *header; -static char *headerbase; +static char *headerbase = STEM; /* * list of all IMPORTs @@ -70,29 +70,20 @@ get_filename (void) return orig_filename; } -static int unique_number; - -void -unique_reset(void) -{ - unique_number = 0; -} - -int -unique_get_next(void) -{ - return unique_number++; -} - void init_generate (const char *filename, const char *base) { + char *fn; + orig_filename = filename; - if(base) + if (base != NULL) { asprintf(&headerbase, "%s", base); - else - headerbase = strdup(STEM); + if (headerbase == NULL) + errx(1, "malloc"); + } asprintf(&header, "%s.h", headerbase); + if (header == NULL) + errx(1, "malloc"); headerfile = fopen (header, "w"); if (headerfile == NULL) err (1, "open %s", header); @@ -112,6 +103,12 @@ init_generate (const char *filename, const char *base) fprintf (headerfile, "#ifndef __asn1_common_definitions__\n" "#define __asn1_common_definitions__\n\n"); + fprintf (headerfile, + "typedef struct heim_integer {\n" + " size_t length;\n" + " void *data;\n" + " int negative;\n" + "} heim_integer;\n\n"); fprintf (headerfile, "typedef struct heim_octet_string {\n" " size_t length;\n" @@ -123,11 +120,32 @@ init_generate (const char *filename, const char *base) fprintf (headerfile, "typedef char *heim_utf8_string;\n\n" ); + fprintf (headerfile, + "typedef char *heim_printable_string;\n\n" + ); + fprintf (headerfile, + "typedef char *heim_ia5_string;\n\n" + ); + fprintf (headerfile, + "typedef struct heim_bmp_string {\n" + " size_t length;\n" + " uint16_t *data;\n" + "} heim_bmp_string;\n\n"); + fprintf (headerfile, + "typedef struct heim_universal_string {\n" + " size_t length;\n" + " uint32_t *data;\n" + "} heim_universal_string;\n\n"); fprintf (headerfile, "typedef struct heim_oid {\n" " size_t length;\n" " unsigned *components;\n" "} heim_oid;\n\n"); + fprintf (headerfile, + "typedef struct heim_bit_string {\n" + " size_t length;\n" + " void *data;\n" + "} heim_bit_string;\n\n"); fputs("#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \\\n" " do { \\\n" " (BL) = length_##T((S)); \\\n" @@ -145,9 +163,12 @@ init_generate (const char *filename, const char *base) " } while (0)\n\n", headerfile); fprintf (headerfile, "#endif\n\n"); - logfile = fopen(STEM "_files", "w"); + asprintf(&fn, "%s_files", base); + if (fn == NULL) + errx(1, "malloc"); + logfile = fopen(fn, "w"); if (logfile == NULL) - err (1, "open " STEM "_files"); + err (1, "open %s", fn); } void @@ -160,11 +181,165 @@ close_generate (void) fclose (logfile); } +void +gen_assign_defval(const char *var, struct value *val) +{ + switch(val->type) { + case stringvalue: + fprintf(codefile, "if((%s = strdup(\"%s\")) == NULL)\nreturn ENOMEM;\n", var, val->u.stringvalue); + break; + case integervalue: + fprintf(codefile, "%s = %d;\n", var, val->u.integervalue); + break; + case booleanvalue: + if(val->u.booleanvalue) + fprintf(codefile, "%s = TRUE;\n", var); + else + fprintf(codefile, "%s = FALSE;\n", var); + break; + default: + abort(); + } +} + +void +gen_compare_defval(const char *var, struct value *val) +{ + switch(val->type) { + case stringvalue: + fprintf(codefile, "if(strcmp(%s, \"%s\") != 0)\n", var, val->u.stringvalue); + break; + case integervalue: + fprintf(codefile, "if(%s != %d)\n", var, val->u.integervalue); + break; + case booleanvalue: + if(val->u.booleanvalue) + fprintf(codefile, "if(!%s)\n", var); + else + fprintf(codefile, "if(%s)\n", var); + break; + default: + abort(); + } +} + +static void +generate_header_of_codefile(const char *name) +{ + struct import *i; + char *filename; + + if (codefile != NULL) + abort(); + + asprintf (&filename, "%s_%s.x", STEM, name); + if (filename == NULL) + errx(1, "malloc"); + codefile = fopen (filename, "w"); + if (codefile == NULL) + err (1, "fopen %s", filename); + fprintf(logfile, "%s ", filename); + free(filename); + fprintf (codefile, + "/* Generated from %s */\n" + "/* Do not edit */\n\n" + "#include \n" + "#include \n" + "#include \n" + "#include \n" + "#include \n" + "#include \n", + orig_filename); + + for (i = imports; i != NULL; i = i->next) + fprintf (codefile, + "#include <%s_asn1.h>\n", + i->module); + fprintf (codefile, + "#include <%s.h>\n", + headerbase); + fprintf (codefile, + "#include \n" + "#include \n" + "#include \n\n"); + +} + +static void +close_codefile(void) +{ + if (codefile == NULL) + abort(); + + fclose(codefile); + codefile = NULL; +} + + void generate_constant (const Symbol *s) { - fprintf (headerfile, "enum { %s = %d };\n\n", - s->gen_name, s->constant); + switch(s->value->type) { + case booleanvalue: + break; + case integervalue: + fprintf (headerfile, "enum { %s = %d };\n\n", + s->gen_name, s->value->u.integervalue); + break; + case nullvalue: + break; + case stringvalue: + break; + case objectidentifiervalue: { + struct objid *o, **list; + int i, len; + + generate_header_of_codefile(s->gen_name); + + len = 0; + for (o = s->value->u.objectidentifiervalue; o != NULL; o = o->next) + len++; + list = emalloc(sizeof(*list) * len); + + i = 0; + for (o = s->value->u.objectidentifiervalue; o != NULL; o = o->next) + list[i++] = o; + + fprintf (headerfile, "/* OBJECT IDENTIFIER %s ::= { ", s->name); + for (i = len - 1 ; i >= 0; i--) { + o = list[i]; + fprintf(headerfile, "%s(%d) ", + o->label ? o->label : "label-less", o->value); + } + + fprintf (headerfile, "} */\n"); + fprintf (headerfile, "const heim_oid *oid_%s(void);\n\n", + s->gen_name); + + fprintf (codefile, "static unsigned oid_%s_variable_num[%d] = {", + s->gen_name, len); + for (i = len - 1 ; i >= 0; i--) { + fprintf(codefile, "%d%s ", list[i]->value, i > 0 ? "," : ""); + } + fprintf(codefile, "};\n"); + + fprintf (codefile, "static const heim_oid oid_%s_variable = " + "{ %d, oid_%s_variable_num };\n\n", + s->gen_name, len, s->gen_name); + + fprintf (codefile, "const heim_oid *oid_%s(void)\n" + "{\n" + "return &oid_%s_variable;\n" + "}\n\n", + s->gen_name, s->gen_name); + + close_codefile(); + + break; + } + default: + abort(); + } } static void @@ -174,93 +349,108 @@ space(int level) fprintf(headerfile, " "); } +static char * +last_member_p(struct member *m) +{ + struct member *n = ASN1_TAILQ_NEXT(m, members); + if (n == NULL) + return ""; + if (n->ellipsis && ASN1_TAILQ_NEXT(n, members) == NULL) + return ""; + return ","; +} + +static struct member * +have_ellipsis(Type *t) +{ + struct member *m; + ASN1_TAILQ_FOREACH(m, t->members, members) { + if (m->ellipsis) + return m; + } + return NULL; +} + static void define_asn1 (int level, Type *t) { switch (t->type) { case TType: - space(level); fprintf (headerfile, "%s", t->symbol->name); break; case TInteger: - space(level); - fprintf (headerfile, "INTEGER"); + if(t->members == NULL) { + fprintf (headerfile, "INTEGER"); + if (t->range) + fprintf (headerfile, " (%d..%d)", + t->range->min, t->range->max); + } else { + Member *m; + fprintf (headerfile, "INTEGER {\n"); + ASN1_TAILQ_FOREACH(m, t->members, members) { + space (level + 1); + fprintf(headerfile, "%s(%d)%s\n", m->gen_name, m->val, + last_member_p(m)); + } + space(level); + fprintf (headerfile, "}"); + } break; - case TUInteger: - space(level); - fprintf (headerfile, "UNSIGNED INTEGER"); + case TBoolean: + fprintf (headerfile, "BOOLEAN"); break; case TOctetString: - space(level); fprintf (headerfile, "OCTET STRING"); break; - case TOID : - space(level); - fprintf(headerfile, "OBJECT IDENTIFIER"); - break; + case TEnumerated : case TBitString: { Member *m; - int tag = -1; space(level); - fprintf (headerfile, "BIT STRING {\n"); - for (m = t->members; m && m->val != tag; m = m->next) { - if (tag == -1) - tag = m->val; + if(t->type == TBitString) + fprintf (headerfile, "BIT STRING {\n"); + else + fprintf (headerfile, "ENUMERATED {\n"); + ASN1_TAILQ_FOREACH(m, t->members, members) { space(level + 1); fprintf (headerfile, "%s(%d)%s\n", m->name, m->val, - m->next->val == tag?"":","); - - } - space(level); - fprintf (headerfile, "}"); - break; - } - case TEnumerated : { - Member *m; - int tag = -1; - - space(level); - fprintf (headerfile, "ENUMERATED {\n"); - for (m = t->members; m && m->val != tag; m = m->next) { - if (tag == -1) - tag = m->val; - space(level + 1); - fprintf (headerfile, "%s(%d)%s\n", m->name, m->val, - m->next->val == tag?"":","); - + last_member_p(m)); } space(level); fprintf (headerfile, "}"); break; } + case TChoice: + case TSet: case TSequence: { Member *m; - int tag; int max_width = 0; - space(level); - fprintf (headerfile, "SEQUENCE {\n"); - for (m = t->members, tag = -1; m && m->val != tag; m = m->next) { - if (tag == -1) - tag = m->val; - if(strlen(m->name) + (m->val > 9) > max_width) - max_width = strlen(m->name) + (m->val > 9); + if(t->type == TChoice) + fprintf(headerfile, "CHOICE {\n"); + else if(t->type == TSet) + fprintf(headerfile, "SET {\n"); + else + fprintf(headerfile, "SEQUENCE {\n"); + ASN1_TAILQ_FOREACH(m, t->members, members) { + if(strlen(m->name) > max_width) + max_width = strlen(m->name); } - max_width += 3 + 2; + max_width += 3; if(max_width < 16) max_width = 16; - for (m = t->members, tag = -1 ; m && m->val != tag; m = m->next) { - int width; - if (tag == -1) - tag = m->val; + ASN1_TAILQ_FOREACH(m, t->members, members) { + int width = max_width; space(level + 1); - fprintf(headerfile, "%s[%d]", m->name, m->val); - width = max_width - strlen(m->name) - 3 - (m->val > 9) - 2; - fprintf(headerfile, "%*s", width, ""); - define_asn1(level + 1, m->type); - if(m->optional) - fprintf(headerfile, " OPTIONAL"); - if(m->next->val != tag) + if (m->ellipsis) { + fprintf (headerfile, "..."); + } else { + width -= fprintf(headerfile, "%s", m->name); + fprintf(headerfile, "%*s", width, ""); + define_asn1(level + 1, m->type); + if(m->optional) + fprintf(headerfile, " OPTIONAL"); + } + if(last_member_p(m)) fprintf (headerfile, ","); fprintf (headerfile, "\n"); } @@ -268,32 +458,59 @@ define_asn1 (int level, Type *t) fprintf (headerfile, "}"); break; } - case TSequenceOf: { - space(level); + case TSequenceOf: fprintf (headerfile, "SEQUENCE OF "); define_asn1 (0, t->subtype); break; - } + case TSetOf: + fprintf (headerfile, "SET OF "); + define_asn1 (0, t->subtype); + break; case TGeneralizedTime: - space(level); fprintf (headerfile, "GeneralizedTime"); break; case TGeneralString: - space(level); fprintf (headerfile, "GeneralString"); break; - case TApplication: - fprintf (headerfile, "[APPLICATION %d] ", t->application); + case TTag: { + const char *classnames[] = { "UNIVERSAL ", "APPLICATION ", + "" /* CONTEXT */, "PRIVATE " }; + if(t->tag.tagclass != ASN1_C_UNIV) + fprintf (headerfile, "[%s%d] ", + classnames[t->tag.tagclass], + t->tag.tagvalue); + if(t->tag.tagenv == TE_IMPLICIT) + fprintf (headerfile, "IMPLICIT "); define_asn1 (level, t->subtype); break; - case TBoolean: - space(level); - fprintf (headerfile, "BOOLEAN"); + } + case TUTCTime: + fprintf (headerfile, "UTCTime"); break; case TUTF8String: space(level); fprintf (headerfile, "UTF8String"); break; + case TPrintableString: + space(level); + fprintf (headerfile, "PrintableString"); + break; + case TIA5String: + space(level); + fprintf (headerfile, "IA5String"); + break; + case TBMPString: + space(level); + fprintf (headerfile, "BMPString"); + break; + case TUniversalString: + space(level); + fprintf (headerfile, "UniversalString"); + break; + case TOID : + space(level); + fprintf(headerfile, "OBJECT IDENTIFIER"); + break; case TNull: space(level); fprintf (headerfile, "NULL"); @@ -304,7 +521,7 @@ define_asn1 (int level, Type *t) } static void -define_type (int level, const char *name, Type *t, int typedefp) +define_type (int level, char *name, Type *t, int typedefp, int preservep) { switch (t->type) { case TType: @@ -313,104 +530,121 @@ define_type (int level, const char *name, Type *t, int typedefp) break; case TInteger: space(level); - if(t->members == NULL) { - fprintf (headerfile, "int %s;\n", name); - } else { + if(t->members) { Member *m; - int tag = -1; fprintf (headerfile, "enum %s {\n", typedefp ? name : ""); - for (m = t->members; m && m->val != tag; m = m->next) { - if(tag == -1) - tag = m->val; + ASN1_TAILQ_FOREACH(m, t->members, members) { space (level + 1); fprintf(headerfile, "%s = %d%s\n", m->gen_name, m->val, - m->next->val == tag ? "" : ","); + last_member_p(m)); } fprintf (headerfile, "} %s;\n", name); - } + } else if (t->range == NULL) { + fprintf (headerfile, "heim_integer %s;\n", name); + } else if (t->range->min == INT_MIN && t->range->max == INT_MAX) { + fprintf (headerfile, "int %s;\n", name); + } else if (t->range->min == 0 && t->range->max == UINT_MAX) { + fprintf (headerfile, "unsigned int %s;\n", name); + } else if (t->range->min == 0 && t->range->max == INT_MAX) { + fprintf (headerfile, "unsigned int %s;\n", name); + } else + errx(1, "%s: unsupported range %d -> %d", + name, t->range->min, t->range->max); break; - case TUInteger: + case TBoolean: space(level); - fprintf (headerfile, "unsigned int %s;\n", name); + fprintf (headerfile, "int %s;\n", name); break; case TOctetString: space(level); fprintf (headerfile, "heim_octet_string %s;\n", name); break; - case TOID : - space(level); - fprintf (headerfile, "heim_oid %s;\n", name); - break; case TBitString: { Member *m; Type i; - int tag = -1; + struct range range = { 0, INT_MAX }; + + i.type = TInteger; + i.range = ⦥ + i.members = NULL; - i.type = TUInteger; space(level); - fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); - for (m = t->members; m && m->val != tag; m = m->next) { - char *n; - - asprintf (&n, "%s:1", m->gen_name); - define_type (level + 1, n, &i, FALSE); - free (n); - if (tag == -1) - tag = m->val; + if(ASN1_TAILQ_EMPTY(t->members)) + fprintf (headerfile, "heim_bit_string %s;\n", name); + else { + fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); + ASN1_TAILQ_FOREACH(m, t->members, members) { + char *n; + + asprintf (&n, "%s:1", m->gen_name); + if (n == NULL) + errx(1, "malloc"); + define_type (level + 1, n, &i, FALSE, FALSE); + free (n); + } + space(level); + fprintf (headerfile, "} %s;\n\n", name); } - space(level); - fprintf (headerfile, "} %s;\n\n", name); break; } case TEnumerated: { Member *m; - int tag = -1; space(level); fprintf (headerfile, "enum %s {\n", typedefp ? name : ""); - for (m = t->members; m && m->val != tag; m = m->next) { - if (tag == -1) - tag = m->val; + ASN1_TAILQ_FOREACH(m, t->members, members) { space(level + 1); - fprintf (headerfile, "%s = %d%s\n", m->gen_name, m->val, - m->next->val == tag ? "" : ","); + if (m->ellipsis) + fprintf (headerfile, "/* ... */\n"); + else + fprintf (headerfile, "%s = %d%s\n", m->gen_name, m->val, + last_member_p(m)); } space(level); fprintf (headerfile, "} %s;\n\n", name); break; } + case TSet: case TSequence: { Member *m; - int tag = -1; space(level); fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); - for (m = t->members; m && m->val != tag; m = m->next) { - if (m->optional) { + if (t->type == TSequence && preservep) { + space(level + 1); + fprintf(headerfile, "heim_octet_string _save;\n"); + } + ASN1_TAILQ_FOREACH(m, t->members, members) { + if (m->ellipsis) { + ; + } else if (m->optional) { char *n; asprintf (&n, "*%s", m->gen_name); - define_type (level + 1, n, m->type, FALSE); + if (n == NULL) + errx(1, "malloc"); + define_type (level + 1, n, m->type, FALSE, FALSE); free (n); } else - define_type (level + 1, m->gen_name, m->type, FALSE); - if (tag == -1) - tag = m->val; + define_type (level + 1, m->gen_name, m->type, FALSE, FALSE); } space(level); fprintf (headerfile, "} %s;\n", name); break; } + case TSetOf: case TSequenceOf: { Type i; + struct range range = { 0, INT_MAX }; - i.type = TUInteger; - i.application = 0; + i.type = TInteger; + i.range = ⦥ + i.members = NULL; space(level); fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); - define_type (level + 1, "len", &i, FALSE); - define_type (level + 1, "*val", t->subtype, FALSE); + define_type (level + 1, "len", &i, FALSE, FALSE); + define_type (level + 1, "*val", t->subtype, FALSE, FALSE); space(level); fprintf (headerfile, "} %s;\n", name); break; @@ -423,20 +657,93 @@ define_type (int level, const char *name, Type *t, int typedefp) space(level); fprintf (headerfile, "heim_general_string %s;\n", name); break; + case TTag: + define_type (level, name, t->subtype, typedefp, preservep); + break; + case TChoice: { + int first = 1; + Member *m; + + space(level); + fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); + if (preservep) { + space(level + 1); + fprintf(headerfile, "heim_octet_string _save;\n"); + } + space(level + 1); + fprintf (headerfile, "enum {\n"); + m = have_ellipsis(t); + if (m) { + space(level + 2); + fprintf (headerfile, "%s = 0,\n", m->label); + first = 0; + } + ASN1_TAILQ_FOREACH(m, t->members, members) { + space(level + 2); + if (m->ellipsis) + fprintf (headerfile, "/* ... */\n"); + else + fprintf (headerfile, "%s%s%s\n", m->label, + first ? " = 1" : "", + last_member_p(m)); + first = 0; + } + space(level + 1); + fprintf (headerfile, "} element;\n"); + space(level + 1); + fprintf (headerfile, "union {\n"); + ASN1_TAILQ_FOREACH(m, t->members, members) { + if (m->ellipsis) { + space(level + 2); + fprintf(headerfile, "heim_octet_string asn1_ellipsis;\n"); + } else if (m->optional) { + char *n; + + asprintf (&n, "*%s", m->gen_name); + if (n == NULL) + errx(1, "malloc"); + define_type (level + 2, n, m->type, FALSE, FALSE); + free (n); + } else + define_type (level + 2, m->gen_name, m->type, FALSE, FALSE); + } + space(level + 1); + fprintf (headerfile, "} u;\n"); + space(level); + fprintf (headerfile, "} %s;\n", name); + break; + } + case TUTCTime: + space(level); + fprintf (headerfile, "time_t %s;\n", name); + break; case TUTF8String: space(level); fprintf (headerfile, "heim_utf8_string %s;\n", name); break; - case TBoolean: + case TPrintableString: space(level); - fprintf (headerfile, "int %s;\n", name); + fprintf (headerfile, "heim_printable_string %s;\n", name); break; - case TNull: + case TIA5String: + space(level); + fprintf (headerfile, "heim_ia5_string %s;\n", name); + break; + case TBMPString: space(level); - fprintf (headerfile, "NULL %s;\n", name); + fprintf (headerfile, "heim_bmp_string %s;\n", name); break; - case TApplication: - define_type (level, name, t->subtype, FALSE); + case TUniversalString: + space(level); + fprintf (headerfile, "heim_universal_string %s;\n", name); + break; + case TOID : + space(level); + fprintf (headerfile, "heim_oid %s;\n", name); + break; + case TNull: + space(level); + fprintf (headerfile, "int %s;\n", name); break; default: abort (); @@ -446,13 +753,15 @@ define_type (int level, const char *name, Type *t, int typedefp) static void generate_type_header (const Symbol *s) { + int preservep = preserve_type(s->name) ? TRUE : FALSE; + fprintf (headerfile, "/*\n"); fprintf (headerfile, "%s ::= ", s->name); define_asn1 (0, s->type); fprintf (headerfile, "\n*/\n\n"); fprintf (headerfile, "typedef "); - define_type (0, s->gen_name, s->type, TRUE); + define_type (0, s->gen_name, s->type, TRUE, preservep); fprintf (headerfile, "\n"); } @@ -461,50 +770,15 @@ generate_type_header (const Symbol *s) void generate_type (const Symbol *s) { - struct import *i; - char *filename; - - asprintf (&filename, "%s_%s.x", STEM, s->gen_name); - codefile = fopen (filename, "w"); - if (codefile == NULL) - err (1, "fopen %s", filename); - fprintf(logfile, "%s ", filename); - free(filename); - fprintf (codefile, - "/* Generated from %s */\n" - "/* Do not edit */\n\n" - "#include \n" - "#include \n" - "#include \n" - "#include \n" - "#include \n", - orig_filename); - - for (i = imports; i != NULL; i = i->next) - fprintf (codefile, - "#include <%s_asn1.h>\n", - i->module); - fprintf (codefile, - "#include <%s.h>\n", - headerbase); - fprintf (codefile, - "#include \n" - "#include \n" - "#include \n\n"); - - if (s->stype == Stype && s->type->type == TChoice) { - fprintf(codefile, - "/* CHOICE */\n" - "int asn1_%s_dummy_holder = 1;\n", s->gen_name); - } else { - generate_type_header (s); - generate_type_encode (s); - generate_type_decode (s); - generate_type_free (s); - generate_type_length (s); - generate_type_copy (s); - generate_glue (s); - } + generate_header_of_codefile(s->gen_name); + + generate_type_header (s); + generate_type_encode (s); + generate_type_decode (s); + generate_type_free (s); + generate_type_length (s); + generate_type_copy (s); + generate_glue (s->type, s->gen_name); fprintf(headerfile, "\n\n"); - fclose(codefile); + close_codefile(); } diff --git a/source4/heimdal/lib/asn1/gen_copy.c b/source4/heimdal/lib/asn1/gen_copy.c index a8421fea6a..07b7efba2c 100644 --- a/source4/heimdal/lib/asn1/gen_copy.c +++ b/source4/heimdal/lib/asn1/gen_copy.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,125 +33,214 @@ #include "gen_locl.h" -RCSID("$Id: gen_copy.c,v 1.15 2005/06/16 20:03:38 lha Exp $"); +RCSID("$Id: gen_copy.c,v 1.16 2005/07/12 06:27:26 lha Exp $"); + +static int used_fail; static void copy_primitive (const char *typename, const char *from, const char *to) { - fprintf (codefile, "if(copy_%s(%s, %s)) return ENOMEM;\n", + fprintf (codefile, "if(copy_%s(%s, %s)) goto fail;\n", typename, from, to); + used_fail++; } static void -copy_type (const char *from, const char *to, const Type *t) +copy_type (const char *from, const char *to, const Type *t, int preserve) { - switch (t->type) { - case TType: + switch (t->type) { + case TType: #if 0 - copy_type (from, to, t->symbol->type); + copy_type (from, to, t->symbol->type, preserve); #endif - fprintf (codefile, "if(copy_%s(%s, %s)) return ENOMEM;\n", - t->symbol->gen_name, from, to); - break; - case TInteger: - case TUInteger: - case TBoolean: - case TEnumerated : - fprintf(codefile, "*(%s) = *(%s);\n", to, from); - break; - case TOctetString: - copy_primitive ("octet_string", from, to); - break; - case TOID: - copy_primitive ("oid", from, to); - break; - case TBitString: { - fprintf(codefile, "*(%s) = *(%s);\n", to, from); - break; - } - case TSequence: { - Member *m; - int tag = -1; - - if (t->members == NULL) - break; + fprintf (codefile, "if(copy_%s(%s, %s)) goto fail;\n", + t->symbol->gen_name, from, to); + used_fail++; + break; + case TInteger: + if (t->range == NULL && t->members == NULL) { + copy_primitive ("heim_integer", from, to); + break; + } + case TBoolean: + case TEnumerated : + fprintf(codefile, "*(%s) = *(%s);\n", to, from); + break; + case TOctetString: + copy_primitive ("octet_string", from, to); + break; + case TBitString: + if (ASN1_TAILQ_EMPTY(t->members)) + copy_primitive ("bit_string", from, to); + else + fprintf(codefile, "*(%s) = *(%s);\n", to, from); + break; + case TSet: + case TSequence: + case TChoice: { + Member *m, *have_ellipsis = NULL; + + if(t->members == NULL) + break; - for (m = t->members; m && tag != m->val; m = m->next) { - char *fn; - char *tn; - - asprintf (&fn, "%s(%s)->%s", - m->optional ? "" : "&", from, m->gen_name); - asprintf (&tn, "%s(%s)->%s", - m->optional ? "" : "&", to, m->gen_name); - if(m->optional){ - fprintf(codefile, "if(%s) {\n", fn); - fprintf(codefile, "%s = malloc(sizeof(*%s));\n", tn, tn); - fprintf(codefile, "if(%s == NULL) return ENOMEM;\n", tn); - } - copy_type (fn, tn, m->type); - if(m->optional){ - fprintf(codefile, "}else\n"); - fprintf(codefile, "%s = NULL;\n", tn); - } - if (tag == -1) - tag = m->val; - free (fn); - free (tn); - } - break; - } - case TSequenceOf: { - char *f; - char *T; - - fprintf (codefile, "if(((%s)->val = " - "malloc((%s)->len * sizeof(*(%s)->val))) == NULL && (%s)->len != 0)\n", - to, from, to, from); - fprintf (codefile, "return ENOMEM;\n"); - fprintf(codefile, - "for((%s)->len = 0; (%s)->len < (%s)->len; (%s)->len++){\n", - to, to, from, to); - asprintf(&f, "&(%s)->val[(%s)->len]", from, to); - asprintf(&T, "&(%s)->val[(%s)->len]", to, to); - copy_type(f, T, t->subtype); - fprintf(codefile, "}\n"); - free(f); - free(T); - break; - } - case TGeneralizedTime: - fprintf(codefile, "*(%s) = *(%s);\n", to, from); - break; - case TGeneralString: - copy_primitive ("general_string", from, to); - break; - case TUTF8String: - copy_primitive ("utf8string", from, to); - break; - case TNull: - break; - case TApplication: - copy_type (from, to, t->subtype); - break; - default : - abort (); - } + if ((t->type == TSequence || t->type == TChoice) && preserve) { + fprintf(codefile, + "{ int ret;\n" + "ret = copy_octet_string(&(%s)->_save, &(%s)->_save);\n" + "if (ret) goto fail;\n" + "}\n", + from, to); + used_fail++; + } + + if(t->type == TChoice) { + fprintf(codefile, "(%s)->element = (%s)->element;\n", to, from); + fprintf(codefile, "switch((%s)->element) {\n", from); + } + + ASN1_TAILQ_FOREACH(m, t->members, members) { + char *fs; + char *ts; + + if (m->ellipsis) { + have_ellipsis = m; + continue; + } + + if(t->type == TChoice) + fprintf(codefile, "case %s:\n", m->label); + + asprintf (&fs, "%s(%s)->%s%s", + m->optional ? "" : "&", from, + t->type == TChoice ? "u." : "", m->gen_name); + if (fs == NULL) + errx(1, "malloc"); + asprintf (&ts, "%s(%s)->%s%s", + m->optional ? "" : "&", to, + t->type == TChoice ? "u." : "", m->gen_name); + if (ts == NULL) + errx(1, "malloc"); + if(m->optional){ + fprintf(codefile, "if(%s) {\n", fs); + fprintf(codefile, "%s = malloc(sizeof(*%s));\n", ts, ts); + fprintf(codefile, "if(%s == NULL) goto fail;\n", ts); + used_fail++; + } + copy_type (fs, ts, m->type, FALSE); + if(m->optional){ + fprintf(codefile, "}else\n"); + fprintf(codefile, "%s = NULL;\n", ts); + } + free (fs); + free (ts); + if(t->type == TChoice) + fprintf(codefile, "break;\n"); + } + if(t->type == TChoice) { + if (have_ellipsis) { + fprintf(codefile, "case %s: {\n" + "int ret;\n" + "ret = copy_octet_string(&(%s)->u.%s, &(%s)->u.%s);\n" + "if (ret) goto fail;\n" + "break;\n" + "}\n", + have_ellipsis->label, + from, have_ellipsis->gen_name, + to, have_ellipsis->gen_name); + used_fail++; + } + fprintf(codefile, "}\n"); + } + break; + } + case TSetOf: + case TSequenceOf: { + char *f; + char *T; + + fprintf (codefile, "if(((%s)->val = " + "malloc((%s)->len * sizeof(*(%s)->val))) == NULL && (%s)->len != 0)\n", + to, from, to, from); + fprintf (codefile, "goto fail;\n"); + used_fail++; + fprintf(codefile, + "for((%s)->len = 0; (%s)->len < (%s)->len; (%s)->len++){\n", + to, to, from, to); + asprintf(&f, "&(%s)->val[(%s)->len]", from, to); + if (f == NULL) + errx(1, "malloc"); + asprintf(&T, "&(%s)->val[(%s)->len]", to, to); + if (T == NULL) + errx(1, "malloc"); + copy_type(f, T, t->subtype, FALSE); + fprintf(codefile, "}\n"); + free(f); + free(T); + break; + } + case TGeneralizedTime: + fprintf(codefile, "*(%s) = *(%s);\n", to, from); + break; + case TGeneralString: + copy_primitive ("general_string", from, to); + break; + case TUTCTime: + fprintf(codefile, "*(%s) = *(%s);\n", to, from); + break; + case TUTF8String: + copy_primitive ("utf8string", from, to); + break; + case TPrintableString: + copy_primitive ("printable_string", from, to); + break; + case TIA5String: + copy_primitive ("ia5_string", from, to); + break; + case TBMPString: + copy_primitive ("bmp_string", from, to); + break; + case TUniversalString: + copy_primitive ("universal_string", from, to); + break; + case TTag: + copy_type (from, to, t->subtype, preserve); + break; + case TOID: + copy_primitive ("oid", from, to); + break; + case TNull: + break; + default : + abort (); + } } void generate_type_copy (const Symbol *s) { + int preserve = preserve_type(s->name) ? TRUE : FALSE; + + used_fail = 0; + fprintf (headerfile, "int copy_%s (const %s *, %s *);\n", s->gen_name, s->gen_name, s->gen_name); fprintf (codefile, "int\n" "copy_%s(const %s *from, %s *to)\n" - "{\n", + "{\n" + "memset(to, 0, sizeof(*to));\n", s->gen_name, s->gen_name, s->gen_name); + copy_type ("from", "to", s->type, preserve); + fprintf (codefile, "return 0;\n"); + + if (used_fail) + fprintf (codefile, "fail:\n" + "free_%s(to);\n" + "return ENOMEM;\n", + s->gen_name); - copy_type ("from", "to", s->type); - fprintf (codefile, "return 0;\n}\n\n"); + fprintf(codefile, + "}\n\n"); } diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c index f49593dbcf..ff75113576 100644 --- a/source4/heimdal/lib/asn1/gen_decode.c +++ b/source4/heimdal/lib/asn1/gen_decode.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,288 +32,554 @@ */ #include "gen_locl.h" +#include "lex.h" -RCSID("$Id: gen_decode.c,v 1.21 2005/05/29 14:23:01 lha Exp $"); +RCSID("$Id: gen_decode.c,v 1.27 2005/07/19 18:09:30 lha Exp $"); static void -decode_primitive (const char *typename, const char *name) +decode_primitive (const char *typename, const char *name, const char *forwstr) { +#if 0 fprintf (codefile, "e = decode_%s(p, len, %s, &l);\n" - "FORW;\n", + "%s;\n", + typename, + name, + forwstr); +#else + fprintf (codefile, + "e = der_get_%s(p, len, %s, &l);\n" + "if(e) %s;\np += l; len -= l; ret += l;\n", typename, - name); + name, + forwstr); +#endif +} + +static int +is_primitive_type(int type) +{ + switch(type) { + case TInteger: + case TBoolean: + case TOctetString: + case TBitString: + case TEnumerated: + case TGeneralizedTime: + case TGeneralString: + case TOID: + case TUTCTime: + case TUTF8String: + case TPrintableString: + case TIA5String: + case TBMPString: + case TUniversalString: + case TNull: + return 1; + default: + return 0; + } } static void -decode_type (const char *name, const Type *t) +find_tag (const Type *t, + Der_class *cl, Der_type *ty, unsigned *tag) { switch (t->type) { - case TType: -#if 0 - decode_type (name, t->symbol->type); -#endif + case TBitString: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_BitString; + break; + case TBoolean: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_Boolean; + break; + case TChoice: + errx(1, "Cannot have recursive CHOICE"); + case TEnumerated: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_Enumerated; + break; + case TGeneralString: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_GeneralString; + break; + case TGeneralizedTime: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_GeneralizedTime; + break; + case TIA5String: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_IA5String; + break; + case TInteger: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_Integer; + break; + case TNull: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_Null; + break; + case TOID: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_OID; + break; + case TOctetString: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_OctetString; + break; + case TPrintableString: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_PrintableString; + break; + case TSequence: + case TSequenceOf: + *cl = ASN1_C_UNIV; + *ty = CONS; + *tag = UT_Sequence; + break; + case TSet: + case TSetOf: + *cl = ASN1_C_UNIV; + *ty = CONS; + *tag = UT_Set; + break; + case TTag: + *cl = t->tag.tagclass; + *ty = is_primitive_type(t->subtype->type) ? PRIM : CONS; + *tag = t->tag.tagvalue; + break; + case TType: + if ((t->symbol->stype == Stype && t->symbol->type == NULL) + || t->symbol->stype == SUndefined) { + error_message("%s is imported or still undefined, " + " can't generate tag checking data in CHOICE " + "without this information", + t->symbol->name); + exit(1); + } + find_tag(t->symbol->type, cl, ty, tag); + return; + case TUTCTime: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_UTCTime; + break; + case TUTF8String: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_UTF8String; + break; + case TBMPString: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_BMPString; + break; + case TUniversalString: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_UniversalString; + break; + default: + abort(); + } +} + +static int +decode_type (const char *name, const Type *t, int optional, + const char *forwstr) +{ + switch (t->type) { + case TType: { + if (optional) + fprintf(codefile, + "%s = calloc(1, sizeof(*%s));\n" + "if (%s == NULL) %s;\n", + name, name, name, forwstr); fprintf (codefile, - "e = decode_%s(p, len, %s, &l);\n" - "FORW;\n", + "e = decode_%s(p, len, %s, &l);\n", t->symbol->gen_name, name); + if (optional) { + fprintf (codefile, + "if(e) {\n" + "free(%s);\n" + "%s = NULL;\n" + "} else {\n" + "p += l; len -= l; ret += l;\n" + "}\n", + name, name); + } else { + fprintf (codefile, + "if(e) %s;\n", + forwstr); + fprintf (codefile, + "p += l; len -= l; ret += l;\n"); + } break; + } case TInteger: - if(t->members == NULL) - decode_primitive ("integer", name); - else { + if(t->members) { char *s; asprintf(&s, "(int*)%s", name); - if(s == NULL) + if (s == NULL) errx (1, "out of memory"); - decode_primitive ("integer", s); + decode_primitive ("integer", s, forwstr); free(s); - } - break; - case TUInteger: - decode_primitive ("unsigned", name); + } else if (t->range == NULL) { + decode_primitive ("heim_integer", name, forwstr); + } else if (t->range->min == INT_MIN && t->range->max == INT_MAX) { + decode_primitive ("integer", name, forwstr); + } else if (t->range->min == 0 && t->range->max == UINT_MAX) { + decode_primitive ("unsigned", name, forwstr); + } else if (t->range->min == 0 && t->range->max == INT_MAX) { + decode_primitive ("unsigned", name, forwstr); + } else + errx(1, "%s: unsupported range %d -> %d", + name, t->range->min, t->range->max); break; + case TBoolean: + decode_primitive ("boolean", name, forwstr); + break; case TEnumerated: - decode_primitive ("enumerated", name); + decode_primitive ("enumerated", name, forwstr); break; case TOctetString: - decode_primitive ("octet_string", name); - break; - case TOID : - decode_primitive ("oid", name); + decode_primitive ("octet_string", name, forwstr); break; case TBitString: { Member *m; - int tag = -1; - int pos; + int pos = 0; - fprintf (codefile, - "e = der_match_tag_and_length (p, len, ASN1_C_UNIV, PRIM, UT_BitString," - "&reallen, &l);\n" - "FORW;\n" - "if(len < reallen)\n" - "return ASN1_OVERRUN;\n" - "p++;\n" - "len--;\n" - "reallen--;\n" - "ret++;\n"); - pos = 0; - for (m = t->members; m && tag != m->val; m = m->next) { + if (ASN1_TAILQ_EMPTY(t->members)) { + decode_primitive ("bit_string", name, forwstr); + break; + } + fprintf(codefile, + "if (len < 1) return ASN1_OVERRUN;\n" + "p++; len--; ret++;\n"); + fprintf(codefile, + "do {\n" + "if (len < 1) break;\n"); + ASN1_TAILQ_FOREACH(m, t->members, members) { while (m->val / 8 > pos / 8) { fprintf (codefile, - "p++; len--; reallen--; ret++;\n"); + "p++; len--; ret++;\n" + "if (len < 1) break;\n"); pos += 8; } fprintf (codefile, - "%s->%s = (*p >> %d) & 1;\n", + "(%s)->%s = (*p >> %d) & 1;\n", name, m->gen_name, 7 - m->val % 8); - if (tag == -1) - tag = m->val; } + fprintf(codefile, + "} while(0);\n"); fprintf (codefile, - "p += reallen; len -= reallen; ret += reallen;\n"); + "p += len; ret += len;\n"); break; } case TSequence: { Member *m; - int tag = -1; - int fd_counter = unique_get_next(); - int fd_counter_inner = unique_get_next(); if (t->members == NULL) break; - fprintf (codefile, - "e = der_match_tag_and_length (p, len, ASN1_C_UNIV, CONS, UT_Sequence," - "&reallen, &l);\n" - "FORW;\n" - "{\n" - "int dce_fix%d;\n" - "if((dce_fix%d = fix_dce(reallen, &len)) < 0)\n" - "return ASN1_BAD_FORMAT;\n", - fd_counter, fd_counter); + ASN1_TAILQ_FOREACH(m, t->members, members) { + char *s; + + if (m->ellipsis) + continue; + + asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", + name, m->gen_name); + if (s == NULL) + errx(1, "malloc"); + decode_type (s, m->type, m->optional, forwstr); + free (s); + } + + break; + } + case TSet: { + Member *m; + unsigned int memno; + + if(t->members == NULL) + break; - for (m = t->members; m && tag != m->val; m = m->next) { + fprintf(codefile, "{\n"); + fprintf(codefile, "unsigned int members = 0;\n"); + fprintf(codefile, "while(len > 0) {\n"); + fprintf(codefile, + "Der_class class;\n" + "Der_type type;\n" + "int tag;\n" + "e = der_get_tag (p, len, &class, &type, &tag, NULL);\n" + "if(e) %s;\n", forwstr); + fprintf(codefile, "switch (MAKE_TAG(class, type, tag)) {\n"); + memno = 0; + ASN1_TAILQ_FOREACH(m, t->members, members) { char *s; + assert(m->type->type == TTag); + + fprintf(codefile, "case MAKE_TAG(%s, %s, %s):\n", + classname(m->type->tag.tagclass), + is_primitive_type(m->type->subtype->type) ? "PRIM" : "CONS", + valuename(m->type->tag.tagclass, m->type->tag.tagvalue)); + asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name); - if (0 && m->type->type == TType){ - if(m->optional) - fprintf (codefile, - "%s = malloc(sizeof(*%s));\n" - "if(%s == NULL) return ENOMEM;\n", s, s, s); - fprintf (codefile, - "e = decode_seq_%s(p, len, %d, %d, %s, &l);\n", - m->type->symbol->gen_name, - m->val, - m->optional, - s); - if(m->optional) - fprintf (codefile, - "if (e == ASN1_MISSING_FIELD) {\n" - "free(%s);\n" - "%s = NULL;\n" - "e = l = 0;\n" - "}\n", - s, s); - - fprintf (codefile, "FORW;\n"); - - }else{ - fprintf (codefile, "{\n" - "size_t newlen, oldlen;\n\n" - "e = der_match_tag (p, len, ASN1_C_CONTEXT, CONS, %d, &l);\n", - m->val); - fprintf (codefile, - "if (e)\n"); - if(m->optional) - /* XXX should look at e */ - fprintf (codefile, - "%s = NULL;\n", s); - else - fprintf (codefile, - "return e;\n"); - fprintf (codefile, - "else {\n"); - fprintf (codefile, - "p += l;\n" - "len -= l;\n" - "ret += l;\n" - "e = der_get_length (p, len, &newlen, &l);\n" - "FORW;\n" - "{\n" - - "int dce_fix%d;\n" - "oldlen = len;\n" - "if((dce_fix%d = fix_dce(newlen, &len)) < 0)" - "return ASN1_BAD_FORMAT;\n", - fd_counter_inner, - fd_counter_inner); - if (m->optional) - fprintf (codefile, - "%s = malloc(sizeof(*%s));\n" - "if(%s == NULL) return ENOMEM;\n", s, s, s); - decode_type (s, m->type); - fprintf (codefile, - "if(dce_fix%d){\n" - "e = der_match_tag_and_length (p, len, " - "(Der_class)0, (Der_type)0, 0, &reallen, &l);\n" - "FORW;\n" - "}else \n" - "len = oldlen - newlen;\n" - "}\n" - "}\n", - fd_counter_inner); - fprintf (codefile, - "}\n"); - } - if (tag == -1) - tag = m->val; + if (s == NULL) + errx(1, "malloc"); + if(m->optional) + fprintf(codefile, + "%s = calloc(1, sizeof(*%s));\n" + "if (%s == NULL) { e = ENOMEM; %s; }\n", + s, s, s, forwstr); + decode_type (s, m->type, 0, forwstr); free (s); + + fprintf(codefile, "members |= (1 << %d);\n", memno); + memno++; + fprintf(codefile, "break;\n"); } - fprintf(codefile, - "if(dce_fix%d){\n" - "e = der_match_tag_and_length (p, len, " - "(Der_class)0, (Der_type)0, 0, &reallen, &l);\n" - "FORW;\n" - "}\n" - "}\n", - fd_counter); + fprintf(codefile, + "default:\n" + "return ASN1_MISPLACED_FIELD;\n" + "break;\n"); + fprintf(codefile, "}\n"); + fprintf(codefile, "}\n"); + memno = 0; + ASN1_TAILQ_FOREACH(m, t->members, members) { + char *s; + asprintf (&s, "%s->%s", name, m->gen_name); + if (s == NULL) + errx(1, "malloc"); + fprintf(codefile, "if((members & (1 << %d)) == 0)\n", memno); + if(m->optional) + fprintf(codefile, "%s = NULL;\n", s); + else if(m->defval) + gen_assign_defval(s, m->defval); + else + fprintf(codefile, "return ASN1_MISSING_FIELD;\n"); + free(s); + memno++; + } + fprintf(codefile, "}\n"); break; } + case TSetOf: case TSequenceOf: { char *n; - int oldret_counter = unique_get_next(); - - fprintf (codefile, - "e = der_match_tag_and_length (p, len, ASN1_C_UNIV, CONS, UT_Sequence," - "&reallen, &l);\n" - "FORW;\n" - "if(len < reallen)\n" - "return ASN1_OVERRUN;\n" - "len = reallen;\n"); fprintf (codefile, "{\n" "size_t origlen = len;\n" - "int oldret%d = ret;\n" + "size_t oldret = ret;\n" + "void *tmp;\n" "ret = 0;\n" "(%s)->len = 0;\n" "(%s)->val = NULL;\n" "while(ret < origlen) {\n" + "tmp = realloc((%s)->val, " + " sizeof(*((%s)->val)) * ((%s)->len + 1));\n" + "if (tmp == NULL) { %s; }\n" "(%s)->len++;\n" - "(%s)->val = realloc((%s)->val, sizeof(*((%s)->val)) * (%s)->len);\n", - oldret_counter, name, name, name, name, name, name, name); + "(%s)->val = tmp;\n", + name, name, name, name, name, forwstr, name, name); + asprintf (&n, "&(%s)->val[(%s)->len-1]", name, name); - decode_type (n, t->subtype); + if (n == NULL) + errx(1, "malloc"); + decode_type (n, t->subtype, 0, forwstr); fprintf (codefile, "len = origlen - ret;\n" "}\n" - "ret += oldret%d;\n" - "}\n", - oldret_counter); + "ret += oldret;\n" + "}\n"); free (n); break; } case TGeneralizedTime: - decode_primitive ("generalized_time", name); + decode_primitive ("generalized_time", name, forwstr); break; case TGeneralString: - decode_primitive ("general_string", name); + decode_primitive ("general_string", name, forwstr); break; - case TUTF8String: - decode_primitive ("utf8string", name); - break; - case TNull: - fprintf (codefile, - "e = decode_nulltype(p, len, &l);\n" - "FORW;\n"); - break; - case TApplication: + case TTag:{ + fprintf(codefile, + "{\n" + "size_t tagdatalen, oldlen;\n"); + if(dce_fix) + fprintf(codefile, + "int dce_fix;\n"); + fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, %s, %s, " + "&tagdatalen, &l);\n", + classname(t->tag.tagclass), + is_primitive_type(t->subtype->type) ? "PRIM" : "CONS", + valuename(t->tag.tagclass, t->tag.tagvalue)); + if(optional) { + fprintf(codefile, + "if(e) {\n" + "%s = NULL;\n" + "} else {\n" + "%s = calloc(1, sizeof(*%s));\n" + "if (%s == NULL) { e = ENOMEM; %s; }\n", + name, name, name, name, forwstr); + } else { + fprintf(codefile, "if(e) %s;\n", forwstr); + } fprintf (codefile, - "e = der_match_tag_and_length (p, len, ASN1_C_APPL, CONS, %d, " - "&reallen, &l);\n" - "FORW;\n" - "{\n" - "int dce_fix;\n" - "if((dce_fix = fix_dce(reallen, &len)) < 0)\n" - "return ASN1_BAD_FORMAT;\n", - t->application); - decode_type (name, t->subtype); - fprintf(codefile, - "if(dce_fix){\n" - "e = der_match_tag_and_length (p, len, " - "(Der_class)0, (Der_type)0, 0, &reallen, &l);\n" - "FORW;\n" - "}\n" + "p += l; len -= l; ret += l;\n" + "oldlen = len;\n"); + if(dce_fix) + fprintf (codefile, + "if((dce_fix = _heim_fix_dce(tagdatalen, &len)) < 0)\n" + "{ e = ASN1_BAD_FORMAT; %s; }\n", + forwstr); + else + fprintf(codefile, + "if (tagdatalen > len) { e = ASN1_OVERRUN; %s; }\n" + "len = tagdatalen;\n", forwstr); + decode_type (name, t->subtype, 0, forwstr); + if(dce_fix) + fprintf(codefile, + "if(dce_fix){\n" + "e = der_match_tag_and_length (p, len, " + "(Der_class)0,(Der_type)0, UT_EndOfContent, " + "&tagdatalen, &l);\n" + "if(e) %s;\np += l; len -= l; ret += l;\n" + "} else \n", forwstr); + fprintf(codefile, + "len = oldlen - tagdatalen;\n"); + if(optional) + fprintf(codefile, + "}\n"); + fprintf(codefile, "}\n"); + break; + } + case TChoice: { + Member *m, *have_ellipsis = NULL; + const char *els = ""; + if (t->members == NULL) + break; + + ASN1_TAILQ_FOREACH(m, t->members, members) { + const Type *tt = m->type; + char *s; + Der_class cl; + Der_type ty; + unsigned tag; + + if (m->ellipsis) { + have_ellipsis = m; + continue; + } + + find_tag(tt, &cl, &ty, &tag); + + fprintf(codefile, + "%sif (der_match_tag(p, len, %s, %s, %s, NULL) == 0) {\n", + els, + classname(cl), + ty ? "CONS" : "PRIM", + valuename(cl, tag)); + asprintf (&s, "%s(%s)->u.%s", m->optional ? "" : "&", + name, m->gen_name); + if (s == NULL) + errx(1, "malloc"); + decode_type (s, m->type, m->optional, forwstr); + fprintf(codefile, + "(%s)->element = %s;\n", + name, m->label); + free(s); + fprintf(codefile, + "}\n"); + els = "else "; + } + if (have_ellipsis) { + fprintf(codefile, + "else {\n" + "(%s)->u.%s.data = calloc(1, len);\n" + "if ((%s)->u.%s.data == NULL) {\n" + "e = ENOMEM; %s;\n" + "}\n" + "(%s)->u.%s.length = len;\n" + "memcpy((%s)->u.%s.data, p, len);\n" + "(%s)->element = %s;\n" + "p += len;\n" + "ret += len;\n" + "len -= len;\n" + "}\n", + name, have_ellipsis->gen_name, + name, have_ellipsis->gen_name, + forwstr, + name, have_ellipsis->gen_name, + name, have_ellipsis->gen_name, + name, have_ellipsis->label); + } else { + fprintf(codefile, + "else {\n" + "e = ASN1_PARSE_ERROR;\n" + "%s;\n" + "}\n", + forwstr); + } break; - case TBoolean: - decode_primitive ("boolean", name); + } + case TUTCTime: + decode_primitive ("utctime", name, forwstr); + break; + case TUTF8String: + decode_primitive ("utf8string", name, forwstr); + break; + case TPrintableString: + decode_primitive ("printable_string", name, forwstr); + break; + case TIA5String: + decode_primitive ("ia5_string", name, forwstr); + break; + case TBMPString: + decode_primitive ("bmp_string", name, forwstr); + break; + case TUniversalString: + decode_primitive ("universal_string", name, forwstr); + break; + case TNull: + fprintf (codefile, "/* NULL */\n"); + break; + case TOID: + decode_primitive ("oid", name, forwstr); break; default : abort (); } + return 0; } void generate_type_decode (const Symbol *s) { - unique_reset(); + int preserve = preserve_type(s->name) ? TRUE : FALSE; + fprintf (headerfile, "int " "decode_%s(const unsigned char *, size_t, %s *, size_t *);\n", s->gen_name, s->gen_name); - fprintf (codefile, "#define FORW " - "if(e) goto fail; " - "p += l; " - "len -= l; " - "ret += l\n\n"); - - fprintf (codefile, "int\n" "decode_%s(const unsigned char *p," " size_t len, %s *data, size_t *size)\n" @@ -322,28 +588,45 @@ generate_type_decode (const Symbol *s) switch (s->type->type) { case TInteger: - case TUInteger: case TBoolean: case TOctetString: case TOID: case TGeneralizedTime: case TGeneralString: case TUTF8String: + case TPrintableString: + case TIA5String: + case TBMPString: + case TUniversalString: + case TUTCTime: case TNull: case TEnumerated: case TBitString: case TSequence: case TSequenceOf: - case TApplication: + case TSet: + case TSetOf: + case TTag: case TType: + case TChoice: fprintf (codefile, "size_t ret = 0, reallen;\n" "size_t l;\n" - "int e;\n\n"); + "int e;\n"); + if (preserve) + fprintf (codefile, "const unsigned char *begin = p;\n"); + + fprintf (codefile, "\n"); fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); fprintf (codefile, "reallen = 0;\n"); /* hack to avoid `unused variable' */ - decode_type ("data", s->type); + decode_type ("data", s->type, 0, "goto fail"); + if (preserve) + fprintf (codefile, + "data->_save.data = calloc(1, ret);\n" + "if (data->_save.data == NULL) { e = ENOMEM; goto fail; }\n" + "data->_save.length = ret;\n" + "memcpy(data->_save.data, begin, ret);\n"); fprintf (codefile, "if(size) *size = ret;\n" "return 0;\n"); @@ -358,62 +641,3 @@ generate_type_decode (const Symbol *s) } fprintf (codefile, "}\n\n"); } - -void -generate_seq_type_decode (const Symbol *s) -{ - fprintf (headerfile, - "int decode_seq_%s(const unsigned char *, size_t, int, int, " - "%s *, size_t *);\n", - s->gen_name, s->gen_name); - - fprintf (codefile, "int\n" - "decode_seq_%s(const unsigned char *p, size_t len, int tag, " - "int optional, %s *data, size_t *size)\n" - "{\n", - s->gen_name, s->gen_name); - - fprintf (codefile, - "size_t newlen, oldlen;\n" - "size_t l, ret = 0;\n" - "int e;\n" - "int dce_fix;\n"); - - fprintf (codefile, - "e = der_match_tag(p, len, ASN1_C_CONTEXT, CONS, tag, &l);\n" - "if (e)\n" - "return e;\n"); - fprintf (codefile, - "p += l;\n" - "len -= l;\n" - "ret += l;\n" - "e = der_get_length(p, len, &newlen, &l);\n" - "if (e)\n" - "return e;\n" - "p += l;\n" - "len -= l;\n" - "ret += l;\n" - "oldlen = len;\n" - "if ((dce_fix = fix_dce(newlen, &len)) < 0)\n" - "return ASN1_BAD_FORMAT;\n" - "e = decode_%s(p, len, data, &l);\n" - "if (e)\n" - "return e;\n" - "p += l;\n" - "len -= l;\n" - "ret += l;\n" - "if (dce_fix) {\n" - "size_t reallen;\n\n" - "e = der_match_tag_and_length(p, len, " - "(Der_class)0, (Der_type)0, 0, &reallen, &l);\n" - "if (e)\n" - "return e;\n" - "ret += l;\n" - "}\n", - s->gen_name); - fprintf (codefile, - "if(size) *size = ret;\n" - "return 0;\n"); - - fprintf (codefile, "}\n\n"); -} diff --git a/source4/heimdal/lib/asn1/gen_encode.c b/source4/heimdal/lib/asn1/gen_encode.c index e77bcc559c..acd058c7dd 100644 --- a/source4/heimdal/lib/asn1/gen_encode.c +++ b/source4/heimdal/lib/asn1/gen_encode.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,21 +33,82 @@ #include "gen_locl.h" -RCSID("$Id: gen_encode.c,v 1.15 2005/05/29 14:23:01 lha Exp $"); +RCSID("$Id: gen_encode.c,v 1.18 2005/07/13 10:40:23 lha Exp $"); static void encode_primitive (const char *typename, const char *name) { fprintf (codefile, - "e = encode_%s(p, len, %s, &l);\n" - "BACK;\n", + "e = der_put_%s(p, len, %s, &l);\n" + "if (e) return e;\np -= l; len -= l; ret += l;\n\n", typename, name); } -static void +const char * +classname(Der_class class) +{ + const char *cn[] = { "ASN1_C_UNIV", "ASN1_C_APPL", + "ASN1_C_CONTEXT", "ASN1_C_PRIV" }; + if(class < ASN1_C_UNIV || class > ASN1_C_PRIVATE) + return "???"; + return cn[class]; +} + + +const char * +valuename(Der_class class, int value) +{ + static char s[32]; + struct { + int value; + char *s; + } *p, values[] = { +#define X(Y) { Y, #Y } + X(UT_BMPString), + X(UT_BitString), + X(UT_Boolean), + X(UT_EmbeddedPDV), + X(UT_Enumerated), + X(UT_External), + X(UT_GeneralString), + X(UT_GeneralizedTime), + X(UT_GraphicString), + X(UT_IA5String), + X(UT_Integer), + X(UT_Null), + X(UT_NumericString), + X(UT_OID), + X(UT_ObjectDescriptor), + X(UT_OctetString), + X(UT_PrintableString), + X(UT_Real), + X(UT_RelativeOID), + X(UT_Sequence), + X(UT_Set), + X(UT_TeletexString), + X(UT_UTCTime), + X(UT_UTF8String), + X(UT_UniversalString), + X(UT_VideotexString), + X(UT_VisibleString), +#undef X + { -1, NULL } + }; + if(class == ASN1_C_UNIV) { + for(p = values; p->value != -1; p++) + if(p->value == value) + return p->s; + } + snprintf(s, sizeof(s), "%d", value); + return s; +} + +static int encode_type (const char *name, const Type *t) { + int constructed = 1; + switch (t->type) { case TType: #if 0 @@ -55,45 +116,60 @@ encode_type (const char *name, const Type *t) #endif fprintf (codefile, "e = encode_%s(p, len, %s, &l);\n" - "BACK;\n", + "if (e) return e;\np -= l; len -= l; ret += l;\n\n", t->symbol->gen_name, name); break; case TInteger: - if(t->members == NULL) - encode_primitive ("integer", name); - else { + if(t->members) { char *s; asprintf(&s, "(const int*)%s", name); if(s == NULL) errx(1, "out of memory"); encode_primitive ("integer", s); free(s); - } + } else if (t->range == NULL) { + encode_primitive ("heim_integer", name); + } else if (t->range->min == INT_MIN && t->range->max == INT_MAX) { + encode_primitive ("integer", name); + } else if (t->range->min == 0 && t->range->max == UINT_MAX) { + encode_primitive ("unsigned", name); + } else if (t->range->min == 0 && t->range->max == INT_MAX) { + encode_primitive ("unsigned", name); + } else + errx(1, "%s: unsupported range %d -> %d", + name, t->range->min, t->range->max); + constructed = 0; break; - case TUInteger: - encode_primitive ("unsigned", name); + case TBoolean: + encode_primitive ("boolean", name); + constructed = 0; break; case TOctetString: encode_primitive ("octet_string", name); - break; - case TOID : - encode_primitive ("oid", name); + constructed = 0; break; case TBitString: { Member *m; int pos; int rest; - int tag = -1; - if (t->members == NULL) + if (ASN1_TAILQ_EMPTY(t->members)) { + encode_primitive("bit_string", name); + constructed = 0; break; + } fprintf (codefile, "{\n" "unsigned char c = 0;\n"); + if (!rfc1510_bitstring) + fprintf (codefile, + "int bit_set = 0;\n"); +#if 0 pos = t->members->prev->val; /* fix for buggy MIT (and OSF?) code */ if (pos > 31) abort (); +#endif /* * It seems that if we do not always set pos to 31 here, the MIT * code will do the wrong thing. @@ -101,139 +177,293 @@ encode_type (const char *name, const Type *t) * I hate ASN.1 (and DER), but I hate it even more when everybody * has to screw it up differently. */ - pos = 31; - rest = 7 - (pos % 8); + pos = ASN1_TAILQ_LAST(t->members, memhead)->val; + if (rfc1510_bitstring) { + if (pos < 31) + pos = 31; + rest = 7 - (pos % 8); + } else + rest = 0; - for (m = t->members->prev; m && tag != m->val; m = m->prev) { + ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) { while (m->val / 8 < pos / 8) { + if (!rfc1510_bitstring) + fprintf (codefile, + "if (c != 0 || bit_set) {\n"); fprintf (codefile, + "if (len < 1) return ASN1_OVERFLOW;\n" "*p-- = c; len--; ret++;\n" "c = 0;\n"); + if (!rfc1510_bitstring) + fprintf (codefile, + "bit_set = 1;\n" + "}\n"); pos -= 8; } fprintf (codefile, - "if(%s->%s) c |= 1<<%d;\n", name, m->gen_name, - 7 - m->val % 8); - - if (tag == -1) - tag = m->val; + "if((%s)->%s) {\n" + "c |= 1<<%d;\n", + name, m->gen_name, 7 - m->val % 8); + if (!rfc1510_bitstring) + rest = 7 - m->val % 8; + fprintf (codefile, + "}\n"); } + if (!rfc1510_bitstring) + fprintf (codefile, + "if (c != 0 || bit_set) {\n"); fprintf (codefile, - "*p-- = c;\n" + "if (len < 1) return ASN1_OVERFLOW;\n" + "*p-- = c; len--; ret++;\n"); + if (!rfc1510_bitstring) + fprintf (codefile, + "}\n"); + + fprintf (codefile, + "if (len < 1) return ASN1_OVERFLOW;\n" "*p-- = %d;\n" - "len -= 2;\n" - "ret += 2;\n" - "}\n\n" - "e = der_put_length_and_tag (p, len, ret, ASN1_C_UNIV, PRIM," - "UT_BitString, &l);\n" - "BACK;\n", + "len -= 1;\n" + "ret += 1;\n" + "}\n\n", rest); + constructed = 0; break; } case TEnumerated : { encode_primitive ("enumerated", name); + constructed = 0; break; } + + case TSet: case TSequence: { Member *m; - int tag = -1; - int oldret_counter = unique_get_next(); if (t->members == NULL) break; - - for (m = t->members->prev; m && tag != m->val; m = m->prev) { + + ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) { char *s; + if (m->ellipsis) + continue; + asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name); + if (s == NULL) + errx(1, "malloc"); + fprintf(codefile, "/* %s */\n", m->name); if (m->optional) fprintf (codefile, - "if(%s)\n", + "if(%s) ", s); -#if 1 - fprintf (codefile, "{\n" - "int oldret%d = ret;\n" - "ret = 0;\n", - oldret_counter); -#endif + else if(m->defval) + gen_compare_defval(s + 1, m->defval); + fprintf (codefile, "{\n"); + fprintf (codefile, "size_t oldret = ret;\n"); + fprintf (codefile, "ret = 0;\n"); encode_type (s, m->type); - fprintf (codefile, - "e = der_put_length_and_tag (p, len, ret, ASN1_C_CONTEXT, CONS, " - "%d, &l);\n" - "BACK;\n", - m->val); -#if 1 - fprintf (codefile, - "ret += oldret%d;\n" - "}\n", - oldret_counter); -#endif - if (tag == -1) - tag = m->val; + fprintf (codefile, "ret += oldret;\n"); + fprintf (codefile, "}\n"); free (s); } + break; + } + case TSetOf: { + + fprintf(codefile, + "{\n" + "struct heim_octet_string *val;\n" + "size_t elen, totallen = 0;\n" + "int eret;\n"); + + fprintf(codefile, + "val = malloc(sizeof(val[0]) * (%s)->len);\n" + "if (val == NULL && (%s)->len != 0) return ENOMEM;\n", + name, name); + + fprintf(codefile, + "for(i = 0; i < (%s)->len; i++) {\n", + name); + + fprintf(codefile, + "ASN1_MALLOC_ENCODE(%s, val[i].data, " + "val[i].length, &(%s)->val[i], &elen, eret);\n", + t->subtype->symbol->gen_name, + name); + + fprintf(codefile, + "if(eret) {\n" + "i--;\n" + "while (i >= 0) {\n" + "free(val[i].data);\n" + "i--;\n" + "}\n" + "free(val);\n" + "return eret;\n" + "}\n" + "totallen += elen;\n" + "}\n"); + + fprintf(codefile, + "if (totallen > len) {\n" + "for (i = 0; i < (%s)->len; i++) {\n" + "free(val[i].data);\n" + "}\n" + "free(val);\n" + "return ASN1_OVERFLOW;\n" + "}\n", + name); + + fprintf(codefile, + "qsort(val, (%s)->len, sizeof(val[0]), _heim_der_set_sort);\n", + name); + fprintf (codefile, - "e = der_put_length_and_tag (p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l);\n" - "BACK;\n"); + "for(i = (%s)->len - 1; i >= 0; --i) {\n" + "p -= val[i].length;\n" + "ret += val[i].length;\n" + "memcpy(p + 1, val[i].data, val[i].length);\n" + "free(val[i].data);\n" + "}\n" + "free(val);\n" + "}\n", + name); break; } case TSequenceOf: { - int oldret_counter = unique_get_next(); char *n; fprintf (codefile, "for(i = (%s)->len - 1; i >= 0; --i) {\n" -#if 1 - "int oldret%d = ret;\n" + "size_t oldret = ret;\n" "ret = 0;\n", -#else - , -#endif - name, oldret_counter); + name); asprintf (&n, "&(%s)->val[i]", name); + if (n == NULL) + errx(1, "malloc"); encode_type (n, t->subtype); fprintf (codefile, -#if 1 - "ret += oldret%d;\n" -#endif - "}\n" - "e = der_put_length_and_tag (p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l);\n" - "BACK;\n" -#if 1 - , oldret_counter -#endif - ); + "ret += oldret;\n" + "}\n"); free (n); break; } case TGeneralizedTime: encode_primitive ("generalized_time", name); + constructed = 0; break; case TGeneralString: encode_primitive ("general_string", name); + constructed = 0; + break; + case TTag: { + int c = encode_type (name, t->subtype); + fprintf (codefile, + "e = der_put_length_and_tag (p, len, ret, %s, %s, %s, &l);\n" + "if (e) return e;\np -= l; len -= l; ret += l;\n\n", + classname(t->tag.tagclass), + c ? "CONS" : "PRIM", + valuename(t->tag.tagclass, t->tag.tagvalue)); + break; + } + case TChoice:{ + Member *m, *have_ellipsis = NULL; + char *s; + + if (t->members == NULL) + break; + + fprintf(codefile, "\n"); + + asprintf (&s, "(%s)", name); + if (s == NULL) + errx(1, "malloc"); + fprintf(codefile, "switch(%s->element) {\n", s); + + ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) { + char *s2; + + if (m->ellipsis) { + have_ellipsis = m; + continue; + } + + fprintf (codefile, "case %s: {", m->label); + asprintf(&s2, "%s(%s)->u.%s", m->optional ? "" : "&", + s, m->gen_name); + if (s2 == NULL) + errx(1, "malloc"); + if (m->optional) + fprintf (codefile, "if(%s) {\n", s2); + fprintf (codefile, "size_t oldret;\n"); + fprintf (codefile, "oldret = ret;\n"); + fprintf (codefile, "ret = 0;\n"); + constructed = encode_type (s2, m->type); + fprintf (codefile, "ret += oldret;\n"); + if(m->optional) + fprintf (codefile, "}\n"); + fprintf(codefile, "break;\n"); + fprintf(codefile, "}\n"); + free (s2); + } + free (s); + if (have_ellipsis) { + fprintf(codefile, + "case %s: {\n" + "if (len < (%s)->u.%s.length)\n" + "return ASN1_OVERFLOW;\n" + "p -= (%s)->u.%s.length;\n" + "ret += (%s)->u.%s.length;\n" + "memcpy(p + 1, (%s)->u.%s.data, (%s)->u.%s.length);\n" + "break;\n" + "}\n", + have_ellipsis->label, + name, have_ellipsis->gen_name, + name, have_ellipsis->gen_name, + name, have_ellipsis->gen_name, + name, have_ellipsis->gen_name, + name, have_ellipsis->gen_name); + } + fprintf(codefile, "};\n"); + break; + } + case TOID: + encode_primitive ("oid", name); + constructed = 0; + break; + case TUTCTime: + encode_primitive ("utctime", name); + constructed = 0; break; case TUTF8String: encode_primitive ("utf8string", name); + constructed = 0; break; - case TNull: - fprintf (codefile, - "e = encode_nulltype(p, len, &l);\n" - "BACK;\n"); + case TPrintableString: + encode_primitive ("printable_string", name); + constructed = 0; break; - case TApplication: - encode_type (name, t->subtype); - fprintf (codefile, - "e = der_put_length_and_tag (p, len, ret, ASN1_C_APPL, CONS, %d, &l);\n" - "BACK;\n", - t->application); + case TIA5String: + encode_primitive ("ia5_string", name); + constructed = 0; break; - case TBoolean: - encode_primitive ("boolean", name); + case TBMPString: + encode_primitive ("bmp_string", name); + constructed = 0; + break; + case TUniversalString: + encode_primitive ("universal_string", name); + constructed = 0; + break; + case TNull: + fprintf (codefile, "/* NULL */\n"); + constructed = 0; break; default: abort (); } + return constructed; } void @@ -244,9 +474,6 @@ generate_type_encode (const Symbol *s) "encode_%s(unsigned char *, size_t, const %s *, size_t *);\n", s->gen_name, s->gen_name); - fprintf (codefile, "#define BACK if (e) return e; p -= l; len -= l; ret += l\n\n"); - - fprintf (codefile, "int\n" "encode_%s(unsigned char *p, size_t len," " const %s *data, size_t *size)\n" @@ -255,20 +482,27 @@ generate_type_encode (const Symbol *s) switch (s->type->type) { case TInteger: - case TUInteger: case TBoolean: case TOctetString: case TGeneralizedTime: case TGeneralString: + case TUTCTime: case TUTF8String: + case TPrintableString: + case TIA5String: + case TBMPString: + case TUniversalString: case TNull: case TBitString: case TEnumerated: case TOID: case TSequence: case TSequenceOf: - case TApplication: + case TSet: + case TSetOf: + case TTag: case TType: + case TChoice: fprintf (codefile, "size_t ret = 0;\n" "size_t l;\n" diff --git a/source4/heimdal/lib/asn1/gen_free.c b/source4/heimdal/lib/asn1/gen_free.c index 9665d074fd..36c7474a03 100644 --- a/source4/heimdal/lib/asn1/gen_free.c +++ b/source4/heimdal/lib/asn1/gen_free.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_free.c,v 1.12 2003/10/03 00:28:08 lha Exp $"); +RCSID("$Id: gen_free.c,v 1.14 2005/07/25 21:28:29 lha Exp $"); static void free_primitive (const char *typename, const char *name) @@ -42,92 +42,140 @@ free_primitive (const char *typename, const char *name) } static void -free_type (const char *name, const Type *t) +free_type (const char *name, const Type *t, int preserve) { - switch (t->type) { - case TType: + switch (t->type) { + case TType: #if 0 - free_type (name, t->symbol->type); + free_type (name, t->symbol->type, preserve); #endif - fprintf (codefile, "free_%s(%s);\n", t->symbol->gen_name, name); - break; - case TInteger: - case TUInteger: - case TBoolean: - case TEnumerated : - break; - case TOctetString: - free_primitive ("octet_string", name); - break; - case TOID : - free_primitive ("oid", name); - break; - case TBitString: { - break; - } - case TSequence: { - Member *m; - int tag = -1; + fprintf (codefile, "free_%s(%s);\n", t->symbol->gen_name, name); + break; + case TInteger: + if (t->range == NULL && t->members == NULL) { + free_primitive ("heim_integer", name); + break; + } + case TBoolean: + case TEnumerated : + case TNull: + case TGeneralizedTime: + case TUTCTime: + break; + case TBitString: + if (ASN1_TAILQ_EMPTY(t->members)) + free_primitive("bit_string", name); + break; + case TOctetString: + free_primitive ("octet_string", name); + break; + case TChoice: + case TSet: + case TSequence: { + Member *m, *have_ellipsis = NULL; - if (t->members == NULL) - break; + if (t->members == NULL) + break; + + if ((t->type == TSequence || t->type == TChoice) && preserve) + fprintf(codefile, "free_octet_string(&data->_save);\n"); + + if(t->type == TChoice) + fprintf(codefile, "switch((%s)->element) {\n", name); - for (m = t->members; m && tag != m->val; m = m->next) { - char *s; + ASN1_TAILQ_FOREACH(m, t->members, members) { + char *s; - asprintf (&s, "%s(%s)->%s", - m->optional ? "" : "&", name, m->gen_name); - if(m->optional) - fprintf(codefile, "if(%s) {\n", s); - free_type (s, m->type); - if(m->optional) - fprintf(codefile, - "free(%s);\n" - "%s = NULL;\n" - "}\n", s, s); - if (tag == -1) - tag = m->val; - free (s); - } - break; - } - case TSequenceOf: { - char *n; + if (m->ellipsis){ + have_ellipsis = m; + continue; + } - fprintf (codefile, "while((%s)->len){\n", name); - asprintf (&n, "&(%s)->val[(%s)->len-1]", name, name); - free_type(n, t->subtype); - fprintf(codefile, - "(%s)->len--;\n" - "}\n", - name); - fprintf(codefile, - "free((%s)->val);\n" - "(%s)->val = NULL;\n", name, name); - free(n); - break; - } - case TGeneralizedTime: - break; - case TGeneralString: - free_primitive ("general_string", name); - break; - case TUTF8String: - free_primitive ("utf8string", name); - break; - case TNull: - break; - case TApplication: - free_type (name, t->subtype); - break; - default : - abort (); - } + if(t->type == TChoice) + fprintf(codefile, "case %s:\n", m->label); + asprintf (&s, "%s(%s)->%s%s", + m->optional ? "" : "&", name, + t->type == TChoice ? "u." : "", m->gen_name); + if (s == NULL) + errx(1, "malloc"); + if(m->optional) + fprintf(codefile, "if(%s) {\n", s); + free_type (s, m->type, FALSE); + if(m->optional) + fprintf(codefile, + "free(%s);\n" + "%s = NULL;\n" + "}\n",s, s); + free (s); + if(t->type == TChoice) + fprintf(codefile, "break;\n"); + } + + if(t->type == TChoice) { + if (have_ellipsis) + fprintf(codefile, + "case %s:\n" + "free_octet_string(&(%s)->u.%s);\n" + "break;", + have_ellipsis->label, + name, have_ellipsis->gen_name); + fprintf(codefile, "}\n"); + } + break; + } + case TSetOf: + case TSequenceOf: { + char *n; + + fprintf (codefile, "while((%s)->len){\n", name); + asprintf (&n, "&(%s)->val[(%s)->len-1]", name, name); + if (n == NULL) + errx(1, "malloc"); + free_type(n, t->subtype, FALSE); + fprintf(codefile, + "(%s)->len--;\n" + "}\n", + name); + fprintf(codefile, + "free((%s)->val);\n" + "(%s)->val = NULL;\n", name, name); + free(n); + break; + } + case TGeneralString: + free_primitive ("general_string", name); + break; + case TUTF8String: + free_primitive ("utf8string", name); + break; + case TPrintableString: + free_primitive ("printable_string", name); + break; + case TIA5String: + free_primitive ("ia5_string", name); + break; + case TBMPString: + free_primitive ("bmp_string", name); + break; + case TUniversalString: + free_primitive ("universal_string", name); + break; + case TTag: + free_type (name, t->subtype, preserve); + break; + case TOID : + free_primitive ("oid", name); + break; + default : + abort (); + } } void generate_type_free (const Symbol *s) { + int preserve = preserve_type(s->name) ? TRUE : FALSE; + fprintf (headerfile, "void free_%s (%s *);\n", s->gen_name, s->gen_name); @@ -137,7 +185,7 @@ generate_type_free (const Symbol *s) "{\n", s->gen_name, s->gen_name); - free_type ("data", s->type); + free_type ("data", s->type, preserve); fprintf (codefile, "}\n\n"); } diff --git a/source4/heimdal/lib/asn1/gen_glue.c b/source4/heimdal/lib/asn1/gen_glue.c index 6ab4725502..2f3e283ad6 100644 --- a/source4/heimdal/lib/asn1/gen_glue.c +++ b/source4/heimdal/lib/asn1/gen_glue.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997, 1999, 2000, 2003 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,59 +33,51 @@ #include "gen_locl.h" -RCSID("$Id: gen_glue.c,v 1.8 2005/04/25 18:07:07 lha Exp $"); +RCSID("$Id: gen_glue.c,v 1.9 2005/07/12 06:27:29 lha Exp $"); static void -generate_2int (const Symbol *s) +generate_2int (const Type *t, const char *gen_name) { - Type *t = s->type; Member *m; - int tag = -1; fprintf (headerfile, "unsigned %s2int(%s);\n", - s->gen_name, s->gen_name); + gen_name, gen_name); fprintf (codefile, "unsigned %s2int(%s f)\n" "{\n" "unsigned r = 0;\n", - s->gen_name, s->gen_name); + gen_name, gen_name); - for (m = t->members; m && m->val != tag; m = m->next) { + ASN1_TAILQ_FOREACH(m, t->members, members) { fprintf (codefile, "if(f.%s) r |= (1U << %d);\n", m->gen_name, m->val); - - if (tag == -1) - tag = m->val; } fprintf (codefile, "return r;\n" "}\n\n"); } static void -generate_int2 (const Symbol *s) +generate_int2 (const Type *t, const char *gen_name) { - Type *t = s->type; Member *m; - int tag = -1; fprintf (headerfile, "%s int2%s(unsigned);\n", - s->gen_name, s->gen_name); + gen_name, gen_name); fprintf (codefile, "%s int2%s(unsigned n)\n" "{\n" "\t%s flags;\n\n", - s->gen_name, s->gen_name, s->gen_name); + gen_name, gen_name, gen_name); - for (m = t->members; m && m->val != tag; m = m->next) { - fprintf (codefile, "\tflags.%s = (n >> %d) & 1;\n", - m->gen_name, m->val); - - if (tag == -1) - tag = m->val; + if(t->members) { + ASN1_TAILQ_FOREACH(m, t->members, members) { + fprintf (codefile, "\tflags.%s = (n >> %d) & 1;\n", + m->gen_name, m->val); + } } fprintf (codefile, "\treturn flags;\n" "}\n\n"); @@ -96,28 +88,24 @@ generate_int2 (const Symbol *s) */ static void -generate_units (const Symbol *s) +generate_units (const Type *t, const char *gen_name) { - Type *t = s->type; Member *m; - int tag = -1; fprintf (headerfile, "const struct units * asn1_%s_units(void);", - s->gen_name); + gen_name); fprintf (codefile, "static struct units %s_units[] = {\n", - s->gen_name); + gen_name); - if(t->members) - for (m = t->members->prev; m && m->val != tag; m = m->prev) { + if(t->members) { + ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) { fprintf (codefile, "\t{\"%s\",\t1U << %d},\n", m->gen_name, m->val); - - if (tag == -1) - tag = m->val; } + } fprintf (codefile, "\t{NULL,\t0}\n" @@ -127,19 +115,24 @@ generate_units (const Symbol *s) "const struct units * asn1_%s_units(void){\n" "return %s_units;\n" "}\n\n", - s->gen_name, s->gen_name); + gen_name, gen_name); } void -generate_glue (const Symbol *s) +generate_glue (const Type *t, const char *gen_name) { - switch(s->type->type) { + switch(t->type) { + case TTag: + generate_glue(t->subtype, gen_name); + break; case TBitString : - generate_2int (s); - generate_int2 (s); - generate_units (s); + if (!ASN1_TAILQ_EMPTY(t->members)) { + generate_2int (t, gen_name); + generate_int2 (t, gen_name); + generate_units (t, gen_name); + } break; default : break; diff --git a/source4/heimdal/lib/asn1/gen_length.c b/source4/heimdal/lib/asn1/gen_length.c index c6ea0f701a..aed49e89c3 100644 --- a/source4/heimdal/lib/asn1/gen_length.c +++ b/source4/heimdal/lib/asn1/gen_length.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_length.c,v 1.14 2004/01/19 17:54:33 lha Exp $"); +RCSID("$Id: gen_length.c,v 1.18 2005/07/19 18:01:59 lha Exp $"); static void length_primitive (const char *typename, @@ -43,7 +43,22 @@ length_primitive (const char *typename, fprintf (codefile, "%s += length_%s(%s);\n", variable, typename, name); } -static void +static size_t +length_tag(unsigned int tag) +{ + size_t len = 0; + + if(tag <= 30) + return 1; + while(tag) { + tag /= 128; + len++; + } + return len + 1; +} + + +static int length_type (const char *name, const Type *t, const char *variable) { switch (t->type) { @@ -55,19 +70,28 @@ length_type (const char *name, const Type *t, const char *variable) variable, t->symbol->gen_name, name); break; case TInteger: - if(t->members == NULL) - length_primitive ("integer", name, variable); - else { - char *s; - asprintf(&s, "(const int*)%s", name); - if(s == NULL) + if(t->members) { + char *s; + asprintf(&s, "(const int*)%s", name); + if(s == NULL) errx (1, "out of memory"); - length_primitive ("integer", s, variable); - free(s); - } + length_primitive ("integer", s, variable); + free(s); + } else if (t->range == NULL) { + length_primitive ("heim_integer", name, variable); + } else if (t->range->min == INT_MIN && t->range->max == INT_MAX) { + length_primitive ("integer", name, variable); + } else if (t->range->min == 0 && t->range->max == UINT_MAX) { + length_primitive ("unsigned", name, variable); + } else if (t->range->min == 0 && t->range->max == INT_MAX) { + length_primitive ("unsigned", name, variable); + } else + errx(1, "%s: unsupported range %d -> %d", + name, t->range->min, t->range->max); + break; - case TUInteger: - length_primitive ("unsigned", name, variable); + case TBoolean: + fprintf (codefile, "%s += 1;\n", variable); break; case TEnumerated : length_primitive ("enumerated", name, variable); @@ -75,71 +99,112 @@ length_type (const char *name, const Type *t, const char *variable) case TOctetString: length_primitive ("octet_string", name, variable); break; - case TOID : - length_primitive ("oid", name, variable); - break; case TBitString: { - /* - * XXX - Hope this is correct - * look at TBitString case in `encode_type' - */ - fprintf (codefile, "%s += 7;\n", variable); + if (ASN1_TAILQ_EMPTY(t->members)) + length_primitive("bit_string", name, variable); + else { + if (!rfc1510_bitstring) { + Member *m; + int pos = ASN1_TAILQ_LAST(t->members, memhead)->val; + + fprintf(codefile, + "do {\n"); + ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) { + while (m->val / 8 < pos / 8) { + pos -= 8; + } + fprintf (codefile, + "if((%s)->%s) { %s += %d; break; }\n", + name, m->gen_name, variable, (pos + 8) / 8); + } + fprintf(codefile, + "} while(0);\n"); + fprintf (codefile, "%s += 1;\n", variable); + } else { + fprintf (codefile, "%s += 5;\n", variable); + } + } break; } - case TSequence: { - Member *m; - int tag = -1; - int oldret_counter = unique_get_next(); + case TSet: + case TSequence: + case TChoice: { + Member *m, *have_ellipsis = NULL; if (t->members == NULL) break; - for (m = t->members; m && tag != m->val; m = m->next) { + if(t->type == TChoice) + fprintf (codefile, "switch((%s)->element) {\n", name); + + ASN1_TAILQ_FOREACH(m, t->members, members) { char *s; + + if (m->ellipsis) { + have_ellipsis = m; + continue; + } + + if(t->type == TChoice) + fprintf(codefile, "case %s:\n", m->label); - asprintf (&s, "%s(%s)->%s", - m->optional ? "" : "&", name, m->gen_name); + asprintf (&s, "%s(%s)->%s%s", + m->optional ? "" : "&", name, + t->type == TChoice ? "u." : "", m->gen_name); + if (s == NULL) + errx(1, "malloc"); if (m->optional) fprintf (codefile, "if(%s)", s); + else if(m->defval) + gen_compare_defval(s + 1, m->defval); fprintf (codefile, "{\n" - "int oldret%d = %s;\n" - "%s = 0;\n", oldret_counter, variable, variable); + "size_t oldret = %s;\n" + "%s = 0;\n", variable, variable); length_type (s, m->type, "ret"); - fprintf (codefile, "%s += 1 + length_len(%s) + oldret%d;\n", - variable, variable, oldret_counter); + fprintf (codefile, "ret += oldret;\n"); fprintf (codefile, "}\n"); - if (tag == -1) - tag = m->val; free (s); + if(t->type == TChoice) + fprintf(codefile, "break;\n"); + } + if(t->type == TChoice) { + if (have_ellipsis) + fprintf(codefile, + "case %s:\n" + "ret += (%s)->u.%s.length;\n" + "break;\n", + have_ellipsis->label, + name, + have_ellipsis->gen_name); + fprintf (codefile, "}\n"); /* switch */ } - fprintf (codefile, - "%s += 1 + length_len(%s);\n", variable, variable); break; } + case TSetOf: case TSequenceOf: { char *n; - int oldret_counter = unique_get_next(); - int oldret_counter_inner = unique_get_next(); fprintf (codefile, "{\n" - "int oldret%d = %s;\n" + "int oldret = %s;\n" "int i;\n" "%s = 0;\n", - oldret_counter, variable, variable); + variable, variable); fprintf (codefile, "for(i = (%s)->len - 1; i >= 0; --i){\n", name); - fprintf (codefile, "int oldret%d = %s;\n" - "%s = 0;\n", oldret_counter_inner, variable, variable); + fprintf (codefile, "int oldret = %s;\n" + "%s = 0;\n", variable, variable); asprintf (&n, "&(%s)->val[i]", name); + if (n == NULL) + errx(1, "malloc"); length_type(n, t->subtype, variable); - fprintf (codefile, "%s += oldret%d;\n", - variable, oldret_counter_inner); + fprintf (codefile, "%s += oldret;\n", + variable); fprintf (codefile, "}\n"); fprintf (codefile, - "%s += 1 + length_len(%s) + oldret%d;\n" - "}\n", variable, variable, oldret_counter); + "%s += oldret;\n" + "}\n", variable); free(n); break; } @@ -149,28 +214,44 @@ length_type (const char *name, const Type *t, const char *variable) case TGeneralString: length_primitive ("general_string", name, variable); break; + case TUTCTime: + length_primitive ("utctime", name, variable); + break; case TUTF8String: length_primitive ("utf8string", name, variable); break; + case TPrintableString: + length_primitive ("printable_string", name, variable); + break; + case TIA5String: + length_primitive ("ia5_string", name, variable); + break; + case TBMPString: + length_primitive ("bmp_string", name, variable); + break; + case TUniversalString: + length_primitive ("universal_string", name, variable); + break; case TNull: - fprintf (codefile, "%s += length_nulltype();\n", variable); + fprintf (codefile, "/* NULL */\n"); break; - case TApplication: + case TTag: length_type (name, t->subtype, variable); - fprintf (codefile, "ret += 1 + length_len (ret);\n"); + fprintf (codefile, "ret += %lu + length_len (ret);\n", + (unsigned long)length_tag(t->tag.tagvalue)); break; - case TBoolean: - length_primitive ("boolean", name, variable); + case TOID: + length_primitive ("oid", name, variable); break; default : abort (); } + return 0; } void generate_type_length (const Symbol *s) { - unique_reset(); fprintf (headerfile, "size_t length_%s(const %s *);\n", s->gen_name, s->gen_name); diff --git a/source4/heimdal/lib/asn1/gen_locl.h b/source4/heimdal/lib/asn1/gen_locl.h index adaf8539f5..a03097a68e 100644 --- a/source4/heimdal/lib/asn1/gen_locl.h +++ b/source4/heimdal/lib/asn1/gen_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gen_locl.h,v 1.10 2005/06/16 19:58:58 lha Exp $ */ +/* $Id: gen_locl.h,v 1.12 2005/07/12 06:27:30 lha Exp $ */ #ifndef __GEN_LOCL_H__ #define __GEN_LOCL_H__ @@ -51,6 +51,8 @@ #include #include "hash.h" #include "symbol.h" +#include "asn1-common.h" +#include "der.h" void generate_type (const Symbol *); void generate_constant (const Symbol *); @@ -61,10 +63,14 @@ void generate_type_free (const Symbol *s); void generate_type_length (const Symbol *s); void generate_type_copy (const Symbol *s); void generate_type_maybe (const Symbol *s); -void generate_glue (const Symbol *s); +void generate_glue (const Type *, const char*); + +const char *classname(Der_class); +const char *valuename(Der_class class, int); + +void gen_compare_defval(const char *var, struct value *val); +void gen_assign_defval(const char *var, struct value *val); -void unique_reset(void); -int unique_get_next(void); void init_generate (const char *filename, const char *basename); const char *get_filename (void); @@ -72,6 +78,12 @@ void close_generate(void); void add_import(const char *module); int yyparse(void); +int preserve_type(const char *); + extern FILE *headerfile, *codefile, *logfile; +extern int dce_fix; +extern int rfc1510_bitstring; + +extern int error_flag; #endif /* __GEN_LOCL_H__ */ diff --git a/source4/heimdal/lib/asn1/hash.c b/source4/heimdal/lib/asn1/hash.c index 54be897c01..7926541c19 100644 --- a/source4/heimdal/lib/asn1/hash.c +++ b/source4/heimdal/lib/asn1/hash.c @@ -37,7 +37,7 @@ #include "gen_locl.h" -RCSID("$Id: hash.c,v 1.9 2005/01/08 22:55:26 lha Exp $"); +RCSID("$Id: hash.c,v 1.10 2005/07/12 06:27:30 lha Exp $"); static Hashentry *_search(Hashtab * htab, /* The hash table */ void *ptr); /* And key */ diff --git a/source4/heimdal/lib/asn1/heim_asn1.h b/source4/heimdal/lib/asn1/heim_asn1.h new file mode 100644 index 0000000000..99f8e9514a --- /dev/null +++ b/source4/heimdal/lib/asn1/heim_asn1.h @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2003-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef __HEIM_ANY_H__ +#define __HEIM_ANY_H__ 1 + +typedef struct heim_octet_string heim_any; +typedef struct heim_octet_string heim_any_set; + +int encode_heim_any(unsigned char *, size_t, const heim_any *, size_t *); +int decode_heim_any(const unsigned char *, size_t, heim_any *, size_t *); +void free_heim_any(heim_any *); +size_t length_heim_any(const heim_any *); +int copy_heim_any(const heim_any *, heim_any *); + +int encode_heim_any_set(unsigned char *, size_t, + const heim_any_set *, size_t *); +int decode_heim_any_set(const unsigned char *, size_t, + heim_any_set *,size_t *); +void free_heim_any_set(heim_any_set *); +size_t length_heim_any_set(const heim_any_set *); +int copy_heim_any_set(const heim_any_set *, heim_any_set *); +int heim_any_cmp(const heim_any_set *, const heim_any_set *); + +#endif /* __HEIM_ANY_H__ */ diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1 index 802c0a4c77..dd49baf0ff 100644 --- a/source4/heimdal/lib/asn1/k5.asn1 +++ b/source4/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1,v 1.43 2005/06/17 04:58:59 lha Exp $ +-- $Id: k5.asn1,v 1.45 2005/07/13 05:29:49 lha Exp $ KERBEROS5 DEFINITIONS ::= BEGIN @@ -11,7 +11,11 @@ NAME-TYPE ::= INTEGER { KRB5_NT_SRV_XHST(4), -- Service with host as remaining components KRB5_NT_UID(5), -- Unique ID KRB5_NT_X500_PRINCIPAL(6), -- PKINIT - KRB5_NT_ENTERPRISE(10) -- May be mapped to principal name + KRB5_NT_SMTP_NAME(7), -- Name in form of SMTP email name + KRB5_NT_ENTERPRISE_PRINCIPAL(10), -- Windows 2000 UPN + KRB5_NT_ENT_PRINCIPAL_AND_ID(-130), -- Windows 2000 UPN and SID + KRB5_NT_MS_PRINCIPAL(-128), -- NT 4 style name + KRB5_NT_MS_PRINCIPAL_AND_ID(-129) -- NT style name and SID } -- message types @@ -49,6 +53,7 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-SAM-RESPONSE(13), -- (sam/otp) KRB5-PADATA-PK-AS-REQ-19(14), -- (PKINIT-19) KRB5-PADATA-PK-AS-REP-19(15), -- (PKINIT-19) + KRB5-PADATA-PK-AS-REQ-WIN(15), -- (PKINIT - old number) KRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25) KRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25) KRB5-PADATA-ETYPE-INFO2(19), @@ -58,7 +63,6 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-SAM-ETYPE-INFO(23), KRB5-PADATA-SERVER-REFERRAL(25), KRB5-PADATA-TD-KRB-PRINCIPAL(102), -- PrincipalName - KRB5-PADATA-TD-KRB-REALM(103), -- Realm KRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS(104), -- PKINIT KRB5-PADATA-PK-TD-CERTIFICATE-INDEX(105), -- PKINIT KRB5-PADATA-TD-APP-DEFINED-ERROR(106), -- application specific @@ -137,9 +141,13 @@ ENCTYPE ::= INTEGER { ETYPE_DES3_CBC_NONE_CMS(-0x100a) } + + + -- this is sugar to make something ASN1 does not have: unsigned -UNSIGNED ::= INTEGER (0..4294967295) +krb5uint32 ::= INTEGER (0..4294967295) +krb5int32 ::= INTEGER (-2147483648..2147483647) KerberosString ::= GeneralString @@ -156,14 +164,14 @@ Principal ::= SEQUENCE { } HostAddress ::= SEQUENCE { - addr-type[0] INTEGER, + addr-type[0] krb5int32, address[1] OCTET STRING } -- This is from RFC1510. -- -- HostAddresses ::= SEQUENCE OF SEQUENCE { --- addr-type[0] INTEGER, +-- addr-type[0] krb5int32, -- address[1] OCTET STRING -- } @@ -174,7 +182,7 @@ HostAddresses ::= SEQUENCE OF HostAddress KerberosTime ::= GeneralizedTime -- Specifying UTC time zone (Z) AuthorizationData ::= SEQUENCE OF SEQUENCE { - ad-type[0] INTEGER, + ad-type[0] krb5int32, ad-data[1] OCTET STRING } @@ -243,23 +251,23 @@ LastReq ::= SEQUENCE OF SEQUENCE { EncryptedData ::= SEQUENCE { etype[0] ENCTYPE, -- EncryptionType - kvno[1] INTEGER OPTIONAL, + kvno[1] krb5int32 OPTIONAL, cipher[2] OCTET STRING -- ciphertext } EncryptionKey ::= SEQUENCE { - keytype[0] INTEGER, + keytype[0] krb5int32, keyvalue[1] OCTET STRING } -- encoded Transited field TransitedEncoding ::= SEQUENCE { - tr-type[0] INTEGER, -- must be registered + tr-type[0] krb5int32, -- must be registered contents[1] OCTET STRING } Ticket ::= [APPLICATION 1] SEQUENCE { - tkt-vno[0] INTEGER, + tkt-vno[0] krb5int32, realm[1] Realm, sname[2] PrincipalName, enc-part[3] EncryptedData @@ -285,14 +293,14 @@ Checksum ::= SEQUENCE { } Authenticator ::= [APPLICATION 2] SEQUENCE { - authenticator-vno[0] INTEGER, + authenticator-vno[0] krb5int32, crealm[1] Realm, cname[2] PrincipalName, cksum[3] Checksum OPTIONAL, - cusec[4] INTEGER, + cusec[4] krb5int32, ctime[5] KerberosTime, subkey[6] EncryptionKey OPTIONAL, - seq-number[7] UNSIGNED OPTIONAL, + seq-number[7] krb5uint32 OPTIONAL, authorization-data[8] AuthorizationData OPTIONAL } @@ -305,7 +313,7 @@ PA-DATA ::= SEQUENCE { ETYPE-INFO-ENTRY ::= SEQUENCE { etype[0] ENCTYPE, salt[1] OCTET STRING OPTIONAL, - salttype[2] INTEGER OPTIONAL + salttype[2] krb5int32 OPTIONAL } ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY @@ -320,6 +328,13 @@ ETYPE-INFO2 ::= SEQUENCE OF ETYPE-INFO2-ENTRY METHOD-DATA ::= SEQUENCE OF PA-DATA +TypedData ::= SEQUENCE { + data-type[0] krb5int32, + data-value[1] OCTET STRING OPTIONAL +} + +TYPED-DATA ::= SEQUENCE OF TypedData + KDC-REQ-BODY ::= SEQUENCE { kdc-options[0] KDCOptions, cname[1] PrincipalName OPTIONAL, -- Used only in AS-REQ @@ -329,7 +344,7 @@ KDC-REQ-BODY ::= SEQUENCE { from[4] KerberosTime OPTIONAL, till[5] KerberosTime OPTIONAL, rtime[6] KerberosTime OPTIONAL, - nonce[7] INTEGER, + nonce[7] krb5int32, etype[8] SEQUENCE OF ENCTYPE, -- EncryptionType, -- in preference order addresses[9] HostAddresses OPTIONAL, @@ -339,7 +354,7 @@ KDC-REQ-BODY ::= SEQUENCE { } KDC-REQ ::= SEQUENCE { - pvno[1] INTEGER, + pvno[1] krb5int32, msg-type[2] MESSAGE-TYPE, padata[3] METHOD-DATA OPTIONAL, req-body[4] KDC-REQ-BODY @@ -353,7 +368,7 @@ TGS-REQ ::= [APPLICATION 12] KDC-REQ PA-ENC-TS-ENC ::= SEQUENCE { patimestamp[0] KerberosTime, -- client's time - pausec[1] INTEGER OPTIONAL + pausec[1] krb5int32 OPTIONAL } -- draft-brezak-win2k-krb-authz-01 @@ -362,8 +377,11 @@ PA-PAC-REQUEST ::= SEQUENCE { -- should be included or not } +-- PacketCable provisioning server location, PKT-SP-SEC-I09-030728.pdf +PROV-SRV-LOCATION ::= GeneralString + KDC-REP ::= SEQUENCE { - pvno[0] INTEGER, + pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, padata[2] METHOD-DATA OPTIONAL, crealm[3] Realm, @@ -378,7 +396,7 @@ TGS-REP ::= [APPLICATION 13] KDC-REP EncKDCRepPart ::= SEQUENCE { key[0] EncryptionKey, last-req[1] LastReq, - nonce[2] INTEGER, + nonce[2] krb5int32, key-expiration[3] KerberosTime OPTIONAL, flags[4] TicketFlags, authtime[5] KerberosTime, @@ -394,7 +412,7 @@ EncASRepPart ::= [APPLICATION 25] EncKDCRepPart EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart AP-REQ ::= [APPLICATION 14] SEQUENCE { - pvno[0] INTEGER, + pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, ap-options[2] APOptions, ticket[3] Ticket, @@ -402,50 +420,50 @@ AP-REQ ::= [APPLICATION 14] SEQUENCE { } AP-REP ::= [APPLICATION 15] SEQUENCE { - pvno[0] INTEGER, + pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, enc-part[2] EncryptedData } EncAPRepPart ::= [APPLICATION 27] SEQUENCE { ctime[0] KerberosTime, - cusec[1] INTEGER, + cusec[1] krb5int32, subkey[2] EncryptionKey OPTIONAL, - seq-number[3] UNSIGNED OPTIONAL + seq-number[3] krb5uint32 OPTIONAL } KRB-SAFE-BODY ::= SEQUENCE { user-data[0] OCTET STRING, timestamp[1] KerberosTime OPTIONAL, - usec[2] INTEGER OPTIONAL, - seq-number[3] UNSIGNED OPTIONAL, + usec[2] krb5int32 OPTIONAL, + seq-number[3] krb5uint32 OPTIONAL, s-address[4] HostAddress OPTIONAL, r-address[5] HostAddress OPTIONAL } KRB-SAFE ::= [APPLICATION 20] SEQUENCE { - pvno[0] INTEGER, + pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, safe-body[2] KRB-SAFE-BODY, cksum[3] Checksum } KRB-PRIV ::= [APPLICATION 21] SEQUENCE { - pvno[0] INTEGER, + pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, enc-part[3] EncryptedData } EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE { user-data[0] OCTET STRING, timestamp[1] KerberosTime OPTIONAL, - usec[2] INTEGER OPTIONAL, - seq-number[3] UNSIGNED OPTIONAL, + usec[2] krb5int32 OPTIONAL, + seq-number[3] krb5uint32 OPTIONAL, s-address[4] HostAddress OPTIONAL, -- sender's addr r-address[5] HostAddress OPTIONAL -- recip's addr } KRB-CRED ::= [APPLICATION 22] SEQUENCE { - pvno[0] INTEGER, + pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, -- KRB_CRED tickets[2] SEQUENCE OF Ticket, enc-part[3] EncryptedData @@ -467,21 +485,21 @@ KrbCredInfo ::= SEQUENCE { EncKrbCredPart ::= [APPLICATION 29] SEQUENCE { ticket-info[0] SEQUENCE OF KrbCredInfo, - nonce[1] INTEGER OPTIONAL, + nonce[1] krb5int32 OPTIONAL, timestamp[2] KerberosTime OPTIONAL, - usec[3] INTEGER OPTIONAL, + usec[3] krb5int32 OPTIONAL, s-address[4] HostAddress OPTIONAL, r-address[5] HostAddress OPTIONAL } KRB-ERROR ::= [APPLICATION 30] SEQUENCE { - pvno[0] INTEGER, + pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, ctime[2] KerberosTime OPTIONAL, - cusec[3] INTEGER OPTIONAL, + cusec[3] krb5int32 OPTIONAL, stime[4] KerberosTime, - susec[5] INTEGER, - error-code[6] INTEGER, + susec[5] krb5int32, + error-code[6] krb5int32, crealm[7] Realm OPTIONAL, cname[8] PrincipalName OPTIONAL, realm[9] Realm, -- Correct realm @@ -496,15 +514,15 @@ ChangePasswdDataMS ::= SEQUENCE { targrealm[2] Realm OPTIONAL } -EtypeList ::= SEQUENCE OF INTEGER +EtypeList ::= SEQUENCE OF krb5int32 -- the client's proposed enctype list in -- decreasing preference order, favorite choice first -krb5-pvno INTEGER ::= 5 -- current Kerberos protocol version number +krb5-pvno krb5int32 ::= 5 -- current Kerberos protocol version number -- transited encodings -DOMAIN-X500-COMPRESS INTEGER ::= 1 +DOMAIN-X500-COMPRESS krb5int32 ::= 1 -- authorization data primitives @@ -544,7 +562,7 @@ SAMFlags ::= BIT STRING { } PA-SAM-CHALLENGE-2-BODY ::= SEQUENCE { - sam-type[0] INTEGER, + sam-type[0] krb5int32, sam-flags[1] SAMFlags, sam-type-name[2] GeneralString OPTIONAL, sam-track-id[3] GeneralString OPTIONAL, @@ -552,8 +570,8 @@ PA-SAM-CHALLENGE-2-BODY ::= SEQUENCE { sam-challenge[5] GeneralString OPTIONAL, sam-response-prompt[6] GeneralString OPTIONAL, sam-pk-for-sad[7] EncryptionKey OPTIONAL, - sam-nonce[8] INTEGER, - sam-etype[9] INTEGER, + sam-nonce[8] krb5int32, + sam-etype[9] krb5int32, ... } @@ -564,27 +582,31 @@ PA-SAM-CHALLENGE-2 ::= SEQUENCE { } PA-SAM-RESPONSE-2 ::= SEQUENCE { - sam-type[0] INTEGER, + sam-type[0] krb5int32, sam-flags[1] SAMFlags, sam-track-id[2] GeneralString OPTIONAL, sam-enc-nonce-or-sad[3] EncryptedData, -- PA-ENC-SAM-RESPONSE-ENC - sam-nonce[4] INTEGER, + sam-nonce[4] krb5int32, ... } PA-ENC-SAM-RESPONSE-ENC ::= SEQUENCE { - sam-nonce[0] INTEGER, + sam-nonce[0] krb5int32, sam-sad[1] GeneralString OPTIONAL, ... } +-- This is really part of CMS, but its here because KCRYPTO provides +-- the crypto framework for CMS glue in heimdal. + RC2CBCParameter ::= SEQUENCE { - rc2ParameterVersion [0] INTEGER, - iv [1] OCTET STRING -- exactly 8 octets + rc2ParameterVersion krb5int32, + iv OCTET STRING -- exactly 8 octets } CBCParameter ::= OCTET STRING + END -- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1 diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index 655dbeb9d2..713a3d26aa 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -1,85 +1,32 @@ - -#line 3 "lex.yy.c" - -#define YY_INT_ALIGNED short int - /* A lexical scanner generated by flex */ +/* Scanner skeleton version: + * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ + */ + #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 31 -#if YY_FLEX_SUBMINOR_VERSION > 0 -#define FLEX_BETA -#endif -/* First, we deal with platform-specific or compiler-specific issues. */ - -/* begin standard C headers. */ #include -#include -#include -#include - -/* end standard C headers. */ - -/* flex integer type definitions */ - -#ifndef FLEXINT_H -#define FLEXINT_H - -/* C99 systems have . Non-C99 systems may or may not. */ +#include -#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L -#include -typedef int8_t flex_int8_t; -typedef uint8_t flex_uint8_t; -typedef int16_t flex_int16_t; -typedef uint16_t flex_uint16_t; -typedef int32_t flex_int32_t; -typedef uint32_t flex_uint32_t; -#else -typedef signed char flex_int8_t; -typedef short int flex_int16_t; -typedef int flex_int32_t; -typedef unsigned char flex_uint8_t; -typedef unsigned short int flex_uint16_t; -typedef unsigned int flex_uint32_t; -#endif /* ! C99 */ -/* Limits of integral types. */ -#ifndef INT8_MIN -#define INT8_MIN (-128) -#endif -#ifndef INT16_MIN -#define INT16_MIN (-32767-1) -#endif -#ifndef INT32_MIN -#define INT32_MIN (-2147483647-1) -#endif -#ifndef INT8_MAX -#define INT8_MAX (127) -#endif -#ifndef INT16_MAX -#define INT16_MAX (32767) -#endif -#ifndef INT32_MAX -#define INT32_MAX (2147483647) -#endif -#ifndef UINT8_MAX -#define UINT8_MAX (255U) -#endif -#ifndef UINT16_MAX -#define UINT16_MAX (65535U) +/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ +#ifdef c_plusplus +#ifndef __cplusplus +#define __cplusplus #endif -#ifndef UINT32_MAX -#define UINT32_MAX (4294967295U) #endif -#endif /* ! FLEXINT_H */ #ifdef __cplusplus +#include + +/* Use prototypes in function declarations. */ +#define YY_USE_PROTOS + /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST @@ -87,17 +34,34 @@ typedef unsigned int flex_uint32_t; #if __STDC__ +#define YY_USE_PROTOS #define YY_USE_CONST #endif /* __STDC__ */ #endif /* ! __cplusplus */ +#ifdef __TURBOC__ + #pragma warn -rch + #pragma warn -use +#include +#include +#define YY_USE_CONST +#define YY_USE_PROTOS +#endif + #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif + +#ifdef YY_USE_PROTOS +#define YY_PROTO(proto) proto +#else +#define YY_PROTO(proto) () +#endif + /* Returned upon end-of-file. */ #define YY_NULL 0 @@ -112,71 +76,71 @@ typedef unsigned int flex_uint32_t; * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ -#define BEGIN (yy_start) = 1 + 2 * +#define BEGIN yy_start = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ -#define YY_START (((yy_start) - 1) / 2) +#define YY_START ((yy_start - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart(yyin ) +#define YY_NEW_FILE yyrestart( yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ -#ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 -#endif -#ifndef YY_TYPEDEF_YY_BUFFER_STATE -#define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; -#endif extern int yyleng; - extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 - #define YY_LESS_LINENO(n) - -/* Return all but the first "n" matched characters back to the input stream. */ +/* The funky do-while in the following #define is used to turn the definition + * int a single C statement (which needs a semi-colon terminator). This + * avoids problems with code like: + * + * if ( condition_holds ) + * yyless( 5 ); + * else + * do_something_else(); + * + * Prior to using the do-while the compiler would get upset at the + * "else" because it interpreted the "if" statement as being all + * done when it reached the ';' after the yyless() call. + */ + +/* Return all but the first 'n' matched characters back to the input stream. */ + #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - *yy_cp = (yy_hold_char); \ + *yy_cp = yy_hold_char; \ YY_RESTORE_YY_MORE_OFFSET \ - (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ + yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) -#define unput(c) yyunput( c, (yytext_ptr) ) +#define unput(c) yyunput( c, yytext_ptr ) /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). */ - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T typedef unsigned int yy_size_t; -#endif -#ifndef YY_STRUCT_YY_BUFFER_STATE -#define YY_STRUCT_YY_BUFFER_STATE + struct yy_buffer_state { FILE *yy_input_file; @@ -213,16 +177,12 @@ struct yy_buffer_state */ int yy_at_bol; - int yy_bs_lineno; /**< The line count. */ - int yy_bs_column; /**< The column count. */ - /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; - #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process @@ -236,33 +196,23 @@ struct yy_buffer_state * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 - }; -#endif /* !YY_STRUCT_YY_BUFFER_STATE */ -/* Stack of input buffers. */ -static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ -static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ -static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ +static YY_BUFFER_STATE yy_current_buffer = 0; /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". - * - * Returns the top of the stack, or NULL. */ -#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ - ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ - : NULL) +#define YY_CURRENT_BUFFER yy_current_buffer -/* Same as previous macro, but useful when we know that the buffer stack is not - * NULL or when we need an lvalue. For internal use only. - */ -#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; + static int yy_n_chars; /* number of characters read into yy_ch_buf */ + + int yyleng; /* Points to current character in buffer. */ @@ -275,131 +225,147 @@ static int yy_start = 0; /* start state number */ */ static int yy_did_buffer_switch_on_eof; -void yyrestart (FILE *input_file ); -void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); -YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); -void yy_delete_buffer (YY_BUFFER_STATE b ); -void yy_flush_buffer (YY_BUFFER_STATE b ); -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); -void yypop_buffer_state (void ); +void yyrestart YY_PROTO(( FILE *input_file )); -static void yyensure_buffer_stack (void ); -static void yy_load_buffer_state (void ); -static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); +void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); +void yy_load_buffer_state YY_PROTO(( void )); +YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); +void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); +void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); +void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); +#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) -#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) +YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); +YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); +YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); -YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); -YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); - -void *yyalloc (yy_size_t ); -void *yyrealloc (void *,yy_size_t ); -void yyfree (void * ); +static void *yy_flex_alloc YY_PROTO(( yy_size_t )); +static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); +static void yy_flex_free YY_PROTO(( void * )); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ - if ( ! YY_CURRENT_BUFFER ){ \ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ - if ( ! YY_CURRENT_BUFFER ){\ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_at_bol = at_bol; \ } -#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) - -/* Begin user sect3 */ +#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) typedef unsigned char YY_CHAR; - FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; - typedef int yy_state_type; - -extern int yylineno; - -int yylineno = 1; - extern char *yytext; #define yytext_ptr yytext -static yy_state_type yy_get_previous_state (void ); -static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); -static int yy_get_next_buffer (void ); -static void yy_fatal_error (yyconst char msg[] ); +static yy_state_type yy_get_previous_state YY_PROTO(( void )); +static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); +static int yy_get_next_buffer YY_PROTO(( void )); +static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ - (yytext_ptr) = yy_bp; \ - yyleng = (size_t) (yy_cp - yy_bp); \ - (yy_hold_char) = *yy_cp; \ + yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yy_hold_char = *yy_cp; \ *yy_cp = '\0'; \ - (yy_c_buf_p) = yy_cp; + yy_c_buf_p = yy_cp; -#define YY_NUM_RULES 38 -#define YY_END_OF_BUFFER 39 -/* This struct is not used in this scanner, - but its presence is necessary. */ -struct yy_trans_info - { - flex_int32_t yy_verify; - flex_int32_t yy_nxt; - }; -static yyconst flex_int16_t yy_accept[183] = +#define YY_NUM_RULES 95 +#define YY_END_OF_BUFFER 96 +static yyconst short int yy_accept[568] = { 0, - 0, 0, 39, 37, 33, 34, 25, 25, 37, 37, - 31, 31, 37, 32, 32, 32, 32, 32, 32, 32, - 32, 32, 32, 32, 32, 32, 26, 27, 29, 36, - 30, 31, 0, 0, 32, 32, 32, 32, 32, 32, - 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, - 32, 7, 32, 32, 32, 32, 35, 31, 28, 32, - 32, 14, 32, 32, 32, 18, 32, 32, 32, 32, - 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, - 32, 32, 32, 32, 32, 32, 32, 32, 4, 32, - 32, 32, 32, 13, 32, 32, 32, 32, 32, 32, - - 32, 17, 32, 32, 32, 32, 32, 32, 32, 32, - 32, 32, 32, 8, 32, 32, 32, 32, 32, 32, - 6, 32, 32, 32, 32, 32, 32, 32, 32, 23, - 32, 32, 9, 32, 32, 2, 19, 32, 32, 32, - 32, 32, 3, 1, 32, 32, 32, 32, 32, 32, - 22, 32, 32, 32, 16, 5, 32, 32, 32, 32, - 32, 32, 32, 32, 32, 32, 21, 32, 32, 24, - 12, 15, 20, 32, 32, 32, 32, 11, 32, 32, - 10, 0 + 0, 0, 96, 94, 90, 91, 87, 81, 81, 94, + 94, 88, 88, 94, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 82, 83, 85, 88, 88, 93, 86, + 0, 0, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 10, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 51, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 92, 88, 84, + + 89, 3, 89, 89, 89, 7, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 22, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 44, 45, 89, 89, 89, 89, 89, 89, + 89, 55, 89, 89, 89, 89, 89, 89, 89, 63, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 30, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + + 47, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 60, 89, 89, 64, 89, 89, 89, 68, 69, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 80, 89, 89, 89, 89, 6, 89, 89, 89, 89, + 13, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 29, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 50, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 72, 89, 89, 89, 89, 89, + 89, 89, 1, 89, 89, 89, 89, 89, 89, 12, + + 89, 89, 89, 89, 89, 89, 89, 89, 24, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 49, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 65, 66, 89, + 89, 89, 73, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 9, 89, 89, 89, 89, 18, 89, + 89, 21, 89, 89, 26, 89, 89, 89, 89, 89, + 89, 89, 37, 38, 89, 89, 41, 89, 89, 89, + 89, 89, 89, 54, 89, 57, 58, 89, 89, 89, + 89, 89, 89, 89, 75, 89, 89, 89, 89, 89, + + 89, 89, 89, 89, 89, 89, 89, 89, 20, 89, + 25, 89, 28, 89, 89, 89, 89, 89, 36, 39, + 40, 89, 89, 89, 89, 52, 89, 89, 89, 89, + 62, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 5, 8, 11, 14, 89, 89, 89, 89, 89, + 89, 89, 89, 34, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 67, 89, 89, 74, 89, 89, 89, + 89, 89, 89, 15, 89, 17, 89, 23, 89, 89, + 89, 89, 35, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 76, 89, 89, 89, 89, 4, 16, + + 19, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 42, 43, 89, 89, 89, 89, 89, + 61, 89, 89, 89, 89, 89, 89, 27, 31, 89, + 33, 89, 48, 89, 56, 89, 89, 71, 89, 89, + 79, 89, 89, 46, 89, 89, 89, 89, 78, 2, + 32, 89, 59, 70, 77, 53, 0 } ; -static yyconst flex_int32_t yy_ec[256] = +static yyconst int yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 1, 4, 1, 1, 1, 1, 1, 4, - 4, 5, 1, 4, 6, 7, 8, 9, 10, 10, - 10, 10, 10, 10, 10, 11, 10, 12, 4, 1, - 13, 1, 1, 1, 14, 15, 16, 17, 18, 19, - 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, 33, 34, 24, 24, 35, 24, 24, - 36, 1, 37, 1, 38, 1, 39, 40, 40, 41, - - 42, 40, 43, 24, 44, 24, 24, 45, 46, 47, - 24, 24, 24, 48, 24, 49, 24, 24, 24, 50, - 24, 51, 4, 4, 4, 1, 1, 1, 1, 1, + 1, 2, 1, 4, 1, 1, 1, 1, 1, 5, + 5, 6, 1, 5, 7, 8, 9, 10, 11, 12, + 12, 13, 14, 15, 12, 16, 12, 17, 5, 1, + 18, 1, 1, 1, 19, 20, 21, 22, 23, 24, + 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, + 45, 1, 46, 1, 47, 1, 48, 49, 50, 51, + + 52, 53, 54, 55, 56, 57, 29, 58, 59, 60, + 61, 62, 29, 63, 64, 65, 66, 67, 29, 68, + 29, 69, 5, 5, 5, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -416,136 +382,316 @@ static yyconst flex_int32_t yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst flex_int32_t yy_meta[52] = +static yyconst int yy_meta[70] = { 0, - 1, 1, 1, 1, 1, 2, 1, 1, 3, 3, - 3, 1, 1, 3, 3, 3, 3, 3, 3, 2, + 1, 1, 1, 1, 1, 1, 2, 1, 1, 3, + 3, 3, 3, 3, 3, 3, 1, 1, 3, 3, + 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 1, 1, 2, 3, 3, - 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, - 2 + 2, 2, 2, 2, 1, 1, 2, 3, 3, 3, + 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2 } ; -static yyconst flex_int16_t yy_base[185] = +static yyconst short int yy_base[570] = { 0, - 0, 0, 214, 215, 215, 215, 215, 207, 205, 206, - 43, 46, 198, 180, 40, 187, 189, 32, 175, 163, - 0, 43, 170, 56, 43, 170, 215, 215, 215, 195, - 215, 54, 0, 188, 0, 171, 179, 165, 169, 168, - 176, 49, 161, 165, 145, 173, 161, 156, 163, 164, - 153, 0, 152, 154, 152, 163, 215, 0, 215, 156, - 158, 0, 154, 156, 59, 0, 151, 158, 149, 132, - 146, 144, 153, 145, 151, 150, 145, 132, 143, 153, - 141, 135, 143, 144, 125, 131, 139, 125, 0, 107, - 121, 122, 132, 0, 135, 117, 121, 130, 120, 114, - - 129, 0, 130, 125, 117, 119, 109, 112, 99, 115, - 103, 117, 101, 0, 106, 105, 111, 81, 115, 101, - 0, 94, 93, 111, 110, 78, 103, 89, 89, 0, - 105, 102, 0, 69, 83, 0, 0, 93, 81, 88, - 42, 90, 0, 0, 86, 92, 65, 86, 79, 88, - 0, 56, 53, 85, 0, 0, 55, 73, 73, 82, - 50, 55, 65, 49, 64, 58, 0, 45, 47, 0, - 0, 0, 0, 40, 51, 39, 36, 0, 33, 36, - 0, 215, 92, 74 + 0, 0, 636, 637, 637, 637, 637, 637, 63, 627, + 628, 70, 77, 616, 74, 72, 76, 609, 65, 81, + 49, 0, 92, 91, 32, 101, 97, 608, 103, 113, + 99, 574, 602, 637, 637, 637, 156, 163, 620, 637, + 0, 609, 0, 589, 595, 590, 585, 597, 583, 586, + 586, 0, 101, 599, 108, 593, 596, 122, 124, 585, + 581, 553, 564, 597, 587, 575, 115, 575, 565, 574, + 575, 545, 575, 564, 0, 563, 543, 561, 558, 558, + 124, 540, 161, 119, 551, 558, 561, 581, 566, 551, + 555, 530, 560, 160, 530, 91, 547, 637, 0, 637, + + 125, 0, 554, 550, 555, 0, 544, 550, 543, 551, + 540, 542, 145, 166, 552, 541, 0, 542, 549, 156, + 548, 533, 538, 516, 505, 529, 533, 157, 534, 525, + 539, 546, 0, 521, 529, 506, 534, 533, 528, 502, + 515, 0, 515, 514, 510, 489, 518, 528, 507, 0, + 522, 517, 505, 505, 504, 517, 516, 486, 159, 499, + 520, 468, 482, 477, 506, 499, 494, 502, 497, 495, + 461, 502, 505, 502, 485, 488, 482, 500, 479, 485, + 494, 493, 491, 479, 485, 475, 164, 487, 0, 446, + 453, 442, 468, 478, 468, 464, 483, 170, 488, 463, + + 0, 436, 477, 459, 463, 445, 471, 486, 469, 472, + 425, 0, 451, 465, 0, 455, 467, 420, 0, 0, + 477, 418, 450, 442, 457, 423, 441, 425, 415, 426, + 0, 436, 454, 451, 452, 0, 407, 450, 447, 444, + 0, 434, 429, 437, 433, 435, 439, 437, 423, 420, + 436, 418, 418, 422, 0, 405, 396, 388, 423, 180, + 411, 426, 415, 423, 408, 429, 436, 386, 403, 0, + 408, 374, 402, 410, 404, 397, 386, 406, 400, 406, + 388, 366, 401, 375, 0, 403, 389, 365, 358, 359, + 356, 362, 0, 398, 399, 379, 360, 383, 376, 0, + + 390, 393, 379, 372, 371, 385, 385, 387, 0, 378, + 367, 376, 383, 343, 350, 343, 374, 370, 374, 358, + 371, 372, 356, 368, 353, 362, 338, 0, 368, 364, + 353, 352, 345, 359, 332, 340, 358, 0, 0, 322, + 355, 308, 0, 338, 322, 310, 308, 319, 318, 331, + 330, 340, 306, 0, 342, 332, 336, 335, 0, 334, + 338, 0, 321, 320, 0, 337, 326, 151, 318, 294, + 326, 314, 0, 0, 314, 327, 0, 328, 283, 315, + 309, 315, 292, 0, 319, 0, 0, 284, 318, 317, + 279, 315, 300, 317, 0, 279, 286, 265, 295, 324, + + 303, 308, 274, 291, 288, 293, 292, 290, 0, 299, + 0, 294, 0, 255, 250, 253, 263, 293, 0, 0, + 0, 277, 251, 289, 247, 0, 247, 283, 257, 261, + 0, 253, 274, 240, 274, 243, 244, 264, 235, 262, + 265, 0, 0, 0, 260, 273, 270, 262, 271, 262, + 228, 238, 226, 0, 252, 260, 230, 258, 221, 233, + 250, 244, 247, 0, 241, 215, 0, 223, 239, 210, + 211, 230, 240, 0, 249, 0, 233, 0, 242, 212, + 216, 210, 0, 232, 204, 231, 206, 198, 233, 194, + 231, 230, 200, 0, 190, 191, 197, 220, 0, 0, + + 0, 213, 190, 211, 188, 215, 192, 218, 184, 187, + 204, 178, 218, 215, 178, 174, 180, 175, 196, 190, + 178, 175, 176, 0, 0, 191, 174, 165, 180, 166, + 0, 194, 166, 163, 158, 163, 197, 0, 0, 156, + 0, 171, 0, 148, 0, 152, 188, 0, 150, 155, + 0, 166, 153, 0, 143, 148, 162, 143, 0, 0, + 0, 101, 0, 0, 0, 0, 637, 223, 69 } ; -static yyconst flex_int16_t yy_def[185] = +static yyconst short int yy_def[570] = { 0, - 182, 1, 182, 182, 182, 182, 182, 182, 182, 182, - 182, 182, 182, 183, 183, 183, 183, 183, 183, 183, - 183, 183, 183, 183, 183, 183, 182, 182, 182, 182, - 182, 182, 184, 182, 183, 183, 183, 183, 183, 183, - 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, - 183, 183, 183, 183, 183, 183, 182, 184, 182, 183, - 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, - 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, - 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, - 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, - - 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, - 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, - 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, - 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, - 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, - 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, - 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, - 183, 183, 183, 183, 183, 183, 183, 183, 183, 183, - 183, 0, 182, 182 + 567, 1, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 567, 567, 567, 567, 567, 567, 567, + 569, 567, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 567, 569, 567, + + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 0, 567, 567 } ; -static yyconst flex_int16_t yy_nxt[267] = +static yyconst short int yy_nxt[707] = { 0, - 4, 5, 6, 7, 4, 8, 9, 10, 11, 12, - 12, 13, 4, 14, 15, 16, 17, 18, 19, 20, - 21, 22, 21, 21, 21, 21, 23, 24, 21, 21, - 21, 25, 21, 26, 21, 27, 28, 4, 21, 21, - 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, - 21, 32, 32, 32, 32, 32, 32, 37, 42, 46, - 54, 38, 32, 32, 32, 66, 43, 39, 47, 48, - 50, 51, 85, 152, 52, 55, 58, 181, 180, 179, - 86, 178, 67, 177, 53, 153, 176, 175, 174, 173, - 172, 171, 33, 35, 35, 170, 169, 168, 167, 166, - - 165, 164, 163, 162, 161, 160, 159, 158, 157, 156, - 155, 154, 151, 150, 149, 148, 147, 146, 145, 144, - 143, 142, 141, 140, 139, 138, 137, 136, 135, 134, - 133, 132, 131, 130, 129, 128, 127, 126, 125, 124, - 123, 122, 121, 120, 119, 118, 117, 116, 115, 114, - 113, 112, 111, 110, 109, 108, 107, 106, 105, 104, - 103, 102, 101, 100, 99, 98, 97, 96, 95, 94, - 93, 92, 91, 90, 89, 88, 87, 84, 83, 82, - 81, 80, 79, 78, 77, 76, 75, 74, 73, 72, - 71, 70, 69, 68, 65, 64, 63, 62, 61, 60, - - 59, 57, 56, 49, 45, 44, 41, 40, 36, 34, - 31, 30, 29, 182, 3, 182, 182, 182, 182, 182, - 182, 182, 182, 182, 182, 182, 182, 182, 182, 182, - 182, 182, 182, 182, 182, 182, 182, 182, 182, 182, - 182, 182, 182, 182, 182, 182, 182, 182, 182, 182, - 182, 182, 182, 182, 182, 182, 182, 182, 182, 182, - 182, 182, 182, 182, 182, 182 + 4, 5, 6, 7, 8, 4, 9, 10, 11, 12, + 13, 13, 13, 13, 13, 13, 14, 4, 15, 16, + 17, 18, 19, 20, 21, 22, 23, 22, 22, 22, + 24, 25, 26, 27, 22, 28, 29, 30, 31, 32, + 33, 22, 22, 22, 34, 35, 4, 22, 22, 22, + 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, + 22, 22, 22, 22, 22, 22, 22, 22, 22, 36, + 71, 99, 37, 38, 38, 38, 38, 38, 38, 38, + 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, + 38, 38, 38, 44, 48, 57, 58, 72, 49, 60, + + 62, 53, 50, 45, 51, 54, 59, 46, 55, 69, + 64, 63, 47, 65, 52, 78, 61, 70, 79, 109, + 73, 74, 66, 67, 75, 84, 80, 88, 68, 85, + 93, 89, 81, 110, 76, 129, 94, 41, 112, 113, + 86, 163, 116, 117, 119, 87, 144, 166, 90, 77, + 145, 130, 131, 149, 164, 91, 150, 120, 95, 82, + 118, 121, 167, 566, 92, 38, 38, 38, 38, 38, + 38, 38, 38, 38, 38, 38, 38, 38, 38, 147, + 160, 177, 178, 161, 179, 185, 194, 414, 186, 195, + 148, 223, 180, 224, 264, 253, 565, 564, 225, 254, + + 318, 563, 319, 562, 561, 265, 415, 560, 559, 558, + 557, 556, 555, 554, 553, 552, 551, 550, 549, 548, + 547, 546, 545, 41, 43, 43, 544, 543, 542, 541, + 540, 539, 538, 537, 536, 535, 534, 533, 532, 531, + 530, 529, 528, 527, 526, 525, 524, 523, 522, 521, + 520, 519, 518, 517, 516, 515, 514, 513, 512, 511, + 510, 509, 508, 507, 506, 505, 504, 503, 502, 501, + 500, 499, 498, 497, 496, 495, 494, 493, 492, 491, + 490, 489, 488, 487, 486, 485, 484, 483, 482, 481, + 480, 479, 478, 477, 476, 475, 474, 473, 472, 471, + + 470, 469, 468, 467, 466, 465, 464, 463, 462, 461, + 460, 459, 458, 457, 456, 455, 454, 453, 452, 451, + 450, 449, 448, 447, 446, 445, 444, 443, 442, 441, + 440, 439, 438, 437, 436, 435, 434, 433, 432, 431, + 430, 429, 428, 427, 426, 425, 424, 423, 422, 421, + 420, 419, 418, 417, 416, 413, 412, 411, 410, 409, + 408, 407, 406, 405, 404, 403, 402, 401, 400, 399, + 398, 397, 396, 395, 394, 393, 392, 391, 390, 389, + 388, 387, 386, 385, 384, 383, 382, 381, 380, 379, + 378, 377, 376, 375, 374, 373, 372, 371, 370, 369, + + 368, 367, 366, 365, 364, 363, 362, 361, 360, 359, + 358, 357, 356, 355, 354, 353, 352, 351, 350, 349, + 348, 347, 346, 345, 344, 343, 342, 341, 340, 339, + 338, 337, 336, 335, 334, 333, 332, 331, 330, 329, + 328, 327, 326, 325, 324, 323, 322, 321, 320, 317, + 316, 315, 314, 313, 312, 311, 310, 309, 308, 307, + 306, 305, 304, 303, 302, 301, 300, 299, 298, 297, + 296, 295, 294, 293, 292, 291, 290, 289, 288, 287, + 286, 285, 284, 283, 282, 281, 280, 279, 278, 277, + 276, 275, 274, 273, 272, 271, 270, 269, 268, 267, + + 266, 263, 262, 261, 260, 259, 258, 257, 256, 255, + 252, 251, 250, 249, 248, 247, 246, 245, 244, 243, + 242, 241, 240, 239, 238, 237, 236, 235, 234, 233, + 232, 231, 230, 229, 228, 227, 226, 222, 221, 220, + 219, 218, 217, 216, 215, 214, 213, 212, 211, 210, + 209, 208, 207, 206, 205, 204, 203, 202, 201, 200, + 199, 198, 197, 196, 193, 192, 191, 190, 189, 188, + 187, 184, 183, 182, 181, 176, 175, 174, 173, 172, + 171, 170, 169, 168, 165, 162, 159, 158, 157, 156, + 155, 154, 153, 152, 151, 146, 143, 142, 141, 140, + + 139, 138, 137, 136, 135, 134, 133, 132, 128, 127, + 126, 125, 124, 123, 122, 115, 114, 111, 108, 107, + 106, 105, 104, 103, 102, 101, 100, 98, 97, 96, + 83, 56, 42, 40, 39, 567, 3, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + + 567, 567, 567, 567, 567, 567 } ; -static yyconst flex_int16_t yy_chk[267] = +static yyconst short int yy_chk[707] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 11, 11, 11, 12, 12, 12, 15, 18, 22, - 25, 15, 32, 32, 32, 42, 18, 15, 22, 22, - 24, 24, 65, 141, 24, 25, 184, 180, 179, 177, - 65, 176, 42, 175, 24, 141, 174, 169, 168, 166, - 165, 164, 11, 183, 183, 163, 162, 161, 160, 159, - - 158, 157, 154, 153, 152, 150, 149, 148, 147, 146, - 145, 142, 140, 139, 138, 135, 134, 132, 131, 129, - 128, 127, 126, 125, 124, 123, 122, 120, 119, 118, - 117, 116, 115, 113, 112, 111, 110, 109, 108, 107, - 106, 105, 104, 103, 101, 100, 99, 98, 97, 96, - 95, 93, 92, 91, 90, 88, 87, 86, 85, 84, - 83, 82, 81, 80, 79, 78, 77, 76, 75, 74, - 73, 72, 71, 70, 69, 68, 67, 64, 63, 61, - 60, 56, 55, 54, 53, 51, 50, 49, 48, 47, - 46, 45, 44, 43, 41, 40, 39, 38, 37, 36, - - 34, 30, 26, 23, 20, 19, 17, 16, 14, 13, - 10, 9, 8, 3, 182, 182, 182, 182, 182, 182, - 182, 182, 182, 182, 182, 182, 182, 182, 182, 182, - 182, 182, 182, 182, 182, 182, 182, 182, 182, 182, - 182, 182, 182, 182, 182, 182, 182, 182, 182, 182, - 182, 182, 182, 182, 182, 182, 182, 182, 182, 182, - 182, 182, 182, 182, 182, 182 + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 9, + 25, 569, 9, 9, 9, 9, 9, 9, 9, 12, + 12, 12, 12, 12, 12, 12, 13, 13, 13, 13, + 13, 13, 13, 15, 16, 19, 19, 25, 16, 20, + + 21, 17, 16, 15, 16, 17, 19, 15, 17, 24, + 23, 21, 15, 23, 16, 27, 20, 24, 27, 53, + 26, 26, 23, 23, 26, 29, 27, 30, 23, 29, + 31, 30, 27, 53, 26, 67, 31, 12, 55, 55, + 29, 96, 58, 58, 59, 29, 81, 101, 30, 26, + 81, 67, 67, 84, 96, 30, 84, 59, 31, 27, + 58, 59, 101, 562, 30, 37, 37, 37, 37, 37, + 37, 37, 38, 38, 38, 38, 38, 38, 38, 83, + 94, 113, 113, 94, 114, 120, 128, 368, 120, 128, + 83, 159, 114, 159, 198, 187, 558, 557, 159, 187, + + 260, 556, 260, 555, 553, 198, 368, 552, 550, 549, + 547, 546, 544, 542, 540, 537, 536, 535, 534, 533, + 532, 530, 529, 37, 568, 568, 528, 527, 526, 523, + 522, 521, 520, 519, 518, 517, 516, 515, 514, 513, + 512, 511, 510, 509, 508, 507, 506, 505, 504, 503, + 502, 498, 497, 496, 495, 493, 492, 491, 490, 489, + 488, 487, 486, 485, 484, 482, 481, 480, 479, 477, + 475, 473, 472, 471, 470, 469, 468, 466, 465, 463, + 462, 461, 460, 459, 458, 457, 456, 455, 453, 452, + 451, 450, 449, 448, 447, 446, 445, 441, 440, 439, + + 438, 437, 436, 435, 434, 433, 432, 430, 429, 428, + 427, 425, 424, 423, 422, 418, 417, 416, 415, 414, + 412, 410, 408, 407, 406, 405, 404, 403, 402, 401, + 400, 399, 398, 397, 396, 394, 393, 392, 391, 390, + 389, 388, 385, 383, 382, 381, 380, 379, 378, 376, + 375, 372, 371, 370, 369, 367, 366, 364, 363, 361, + 360, 358, 357, 356, 355, 353, 352, 351, 350, 349, + 348, 347, 346, 345, 344, 342, 341, 340, 337, 336, + 335, 334, 333, 332, 331, 330, 329, 327, 326, 325, + 324, 323, 322, 321, 320, 319, 318, 317, 316, 315, + + 314, 313, 312, 311, 310, 308, 307, 306, 305, 304, + 303, 302, 301, 299, 298, 297, 296, 295, 294, 292, + 291, 290, 289, 288, 287, 286, 284, 283, 282, 281, + 280, 279, 278, 277, 276, 275, 274, 273, 272, 271, + 269, 268, 267, 266, 265, 264, 263, 262, 261, 259, + 258, 257, 256, 254, 253, 252, 251, 250, 249, 248, + 247, 246, 245, 244, 243, 242, 240, 239, 238, 237, + 235, 234, 233, 232, 230, 229, 228, 227, 226, 225, + 224, 223, 222, 221, 218, 217, 216, 214, 213, 211, + 210, 209, 208, 207, 206, 205, 204, 203, 202, 200, + + 199, 197, 196, 195, 194, 193, 192, 191, 190, 188, + 186, 185, 184, 183, 182, 181, 180, 179, 178, 177, + 176, 175, 174, 173, 172, 171, 170, 169, 168, 167, + 166, 165, 164, 163, 162, 161, 160, 158, 157, 156, + 155, 154, 153, 152, 151, 149, 148, 147, 146, 145, + 144, 143, 141, 140, 139, 138, 137, 136, 135, 134, + 132, 131, 130, 129, 127, 126, 125, 124, 123, 122, + 121, 119, 118, 116, 115, 112, 111, 110, 109, 108, + 107, 105, 104, 103, 97, 95, 93, 92, 91, 90, + 89, 88, 87, 86, 85, 82, 80, 79, 78, 77, + + 76, 74, 73, 72, 71, 70, 69, 68, 66, 65, + 64, 63, 62, 61, 60, 57, 56, 54, 51, 50, + 49, 48, 47, 46, 45, 44, 42, 39, 33, 32, + 28, 18, 14, 11, 10, 3, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + + 567, 567, 567, 567, 567, 567 } ; static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; -extern int yy_flex_debug; -int yy_flex_debug = 0; - /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ @@ -555,9 +701,10 @@ int yy_flex_debug = 0; #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "lex.l" +#define INITIAL 0 #line 2 "lex.l" /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -589,7 +736,7 @@ char *yytext; * SUCH DAMAGE. */ -/* $Id: lex.l,v 1.25 2005/06/16 19:58:35 lha Exp $ */ +/* $Id: lex.l,v 1.26 2005/07/12 06:27:33 lha Exp $ */ #ifdef HAVE_CONFIG_H #include @@ -609,27 +756,11 @@ char *yytext; static unsigned lineno = 1; -#define YY_NO_UNPUT - #undef ECHO static void handle_comment(int type); - -#line 619 "lex.yy.c" - -#define INITIAL 0 - -#ifndef YY_NO_UNISTD_H -/* Special case for "unistd.h", since it is non-ANSI. We include it way - * down here because we want the user's section 1 to have been scanned first. - * The user has a chance to override it with an option. - */ -#include -#endif - -#ifndef YY_EXTRA_TYPE -#define YY_EXTRA_TYPE void * -#endif +static char *handle_string(void); +#line 764 "lex.yy.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -637,30 +768,65 @@ static void handle_comment(int type); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int yywrap (void ); +extern "C" int yywrap YY_PROTO(( void )); #else -extern int yywrap (void ); +extern int yywrap YY_PROTO(( void )); #endif #endif - static void yyunput (int c,char *buf_ptr ); - +#ifndef YY_NO_UNPUT +static void yyunput YY_PROTO(( int c, char *buf_ptr )); +#endif + #ifndef yytext_ptr -static void yy_flex_strncpy (char *,yyconst char *,int ); +static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * ); +static int yy_flex_strlen YY_PROTO(( yyconst char * )); #endif #ifndef YY_NO_INPUT - #ifdef __cplusplus -static int yyinput (void ); +static int yyinput YY_PROTO(( void )); #else -static int input (void ); +static int input YY_PROTO(( void )); +#endif +#endif + +#if YY_STACK_USED +static int yy_start_stack_ptr = 0; +static int yy_start_stack_depth = 0; +static int *yy_start_stack = 0; +#ifndef YY_NO_PUSH_STATE +static void yy_push_state YY_PROTO(( int new_state )); +#endif +#ifndef YY_NO_POP_STATE +static void yy_pop_state YY_PROTO(( void )); +#endif +#ifndef YY_NO_TOP_STATE +static int yy_top_state YY_PROTO(( void )); +#endif + +#else +#define YY_NO_PUSH_STATE 1 +#define YY_NO_POP_STATE 1 +#define YY_NO_TOP_STATE 1 #endif +#ifdef YY_MALLOC_DECL +YY_MALLOC_DECL +#else +#if __STDC__ +#ifndef __cplusplus +#include +#endif +#else +/* Just try to get by without declaring the routines. This will fail + * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) + * or sizeof(void*) != sizeof(int). + */ +#endif #endif /* Amount of stuff to slurp up with each read. */ @@ -669,6 +835,7 @@ static int input (void ); #endif /* Copy whatever the last rule matched to the standard output. */ + #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). @@ -681,10 +848,9 @@ static int input (void ); */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + if ( yy_current_buffer->yy_is_interactive ) \ { \ - int c = '*'; \ - size_t n; \ + int c = '*', n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -694,22 +860,9 @@ static int input (void ); YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ - else \ - { \ - errno=0; \ - while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ - { \ - if( errno != EINTR) \ - { \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - break; \ - } \ - errno=0; \ - clearerr(yyin); \ - } \ - }\ -\ - + else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ + && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - @@ -730,18 +883,12 @@ static int input (void ); #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif -/* end tables serialization structures and prototypes */ - /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL -#define YY_DECL_IS_OURS 1 - -extern int yylex (void); - -#define YY_DECL int yylex (void) -#endif /* !YY_DECL */ +#define YY_DECL int yylex YY_PROTO(( void )) +#endif /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. @@ -758,28 +905,26 @@ extern int yylex (void); #define YY_RULE_SETUP \ YY_USER_ACTION -/** The main scanner function which does all the work. - */ YY_DECL -{ + { register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; + register char *yy_cp = NULL, *yy_bp = NULL; register int yy_act; - -#line 64 "lex.l" -#line 772 "lex.yy.c" +#line 62 "lex.l" - if ( (yy_init) ) +#line 917 "lex.yy.c" + + if ( yy_init ) { - (yy_init) = 0; + yy_init = 0; #ifdef YY_USER_INIT YY_USER_INIT; #endif - if ( ! (yy_start) ) - (yy_start) = 1; /* first start state */ + if ( ! yy_start ) + yy_start = 1; /* first start state */ if ( ! yyin ) yyin = stdin; @@ -787,314 +932,598 @@ YY_DECL if ( ! yyout ) yyout = stdout; - if ( ! YY_CURRENT_BUFFER ) { - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); - } + if ( ! yy_current_buffer ) + yy_current_buffer = + yy_create_buffer( yyin, YY_BUF_SIZE ); - yy_load_buffer_state( ); + yy_load_buffer_state(); } while ( 1 ) /* loops until end-of-file is reached */ { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; /* Support of yytext. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; - yy_current_state = (yy_start); + yy_current_state = yy_start; yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 183 ) + if ( yy_current_state >= 568 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 215 ); + while ( yy_base[yy_current_state] != 637 ); yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; + do_action: /* This label is used only to access EOF actions. */ + switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = (yy_hold_char); - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + *yy_cp = yy_hold_char; + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; goto yy_find_action; case 1: YY_RULE_SETUP -#line 65 "lex.l" -{ return INTEGER; } +#line 63 "lex.l" +{ return kw_ABSENT; } YY_BREAK case 2: YY_RULE_SETUP -#line 66 "lex.l" -{ return BOOLEAN; } +#line 64 "lex.l" +{ return kw_ABSTRACT_SYNTAX; } YY_BREAK case 3: YY_RULE_SETUP -#line 67 "lex.l" -{ return IMPORTS; } +#line 65 "lex.l" +{ return kw_ALL; } YY_BREAK case 4: YY_RULE_SETUP -#line 68 "lex.l" -{ return FROM; } +#line 66 "lex.l" +{ return kw_APPLICATION; } YY_BREAK case 5: YY_RULE_SETUP -#line 69 "lex.l" -{ return SEQUENCE; } +#line 67 "lex.l" +{ return kw_AUTOMATIC; } YY_BREAK case 6: YY_RULE_SETUP -#line 70 "lex.l" -{ return CHOICE; } +#line 68 "lex.l" +{ return kw_BEGIN; } YY_BREAK case 7: YY_RULE_SETUP -#line 71 "lex.l" -{ return OF; } +#line 69 "lex.l" +{ return kw_BIT; } YY_BREAK case 8: YY_RULE_SETUP -#line 72 "lex.l" -{ return OCTET; } +#line 70 "lex.l" +{ return kw_BMPString; } YY_BREAK case 9: YY_RULE_SETUP -#line 73 "lex.l" -{ return STRING; } +#line 71 "lex.l" +{ return kw_BOOLEAN; } YY_BREAK case 10: YY_RULE_SETUP -#line 74 "lex.l" -{ return GeneralizedTime; } +#line 72 "lex.l" +{ return kw_BY; } YY_BREAK case 11: YY_RULE_SETUP -#line 75 "lex.l" -{ return GeneralString; } +#line 73 "lex.l" +{ return kw_CHARACTER; } YY_BREAK case 12: YY_RULE_SETUP -#line 76 "lex.l" -{ return UTF8String; } +#line 74 "lex.l" +{ return kw_CHOICE; } YY_BREAK case 13: YY_RULE_SETUP -#line 77 "lex.l" -{ return NULLTYPE; } +#line 75 "lex.l" +{ return kw_CLASS; } YY_BREAK case 14: YY_RULE_SETUP -#line 78 "lex.l" -{ return BIT; } +#line 76 "lex.l" +{ return kw_COMPONENT; } YY_BREAK case 15: YY_RULE_SETUP -#line 79 "lex.l" -{ return APPLICATION; } +#line 77 "lex.l" +{ return kw_COMPONENTS; } YY_BREAK case 16: YY_RULE_SETUP -#line 80 "lex.l" -{ return OPTIONAL; } +#line 78 "lex.l" +{ return kw_CONSTRAINED; } YY_BREAK case 17: YY_RULE_SETUP -#line 81 "lex.l" -{ return TBEGIN; } +#line 79 "lex.l" +{ return kw_CONTAINING; } YY_BREAK case 18: YY_RULE_SETUP -#line 82 "lex.l" -{ return END; } +#line 80 "lex.l" +{ return kw_DEFAULT; } YY_BREAK case 19: YY_RULE_SETUP -#line 83 "lex.l" -{ return DEFAULT; } +#line 81 "lex.l" +{ return kw_DEFINITIONS; } YY_BREAK case 20: YY_RULE_SETUP -#line 84 "lex.l" -{ return DEFINITIONS; } +#line 82 "lex.l" +{ return kw_EMBEDDED; } YY_BREAK case 21: YY_RULE_SETUP -#line 85 "lex.l" -{ return ENUMERATED; } +#line 83 "lex.l" +{ return kw_ENCODED; } YY_BREAK case 22: YY_RULE_SETUP -#line 86 "lex.l" -{ return EXTERNAL; } +#line 84 "lex.l" +{ return kw_END; } YY_BREAK case 23: YY_RULE_SETUP -#line 87 "lex.l" -{ return OBJECT; } +#line 85 "lex.l" +{ return kw_ENUMERATED; } YY_BREAK case 24: YY_RULE_SETUP -#line 88 "lex.l" -{ return IDENTIFIER; } +#line 86 "lex.l" +{ return kw_EXCEPT; } YY_BREAK case 25: YY_RULE_SETUP -#line 89 "lex.l" -{ return *yytext; } +#line 87 "lex.l" +{ return kw_EXPLICIT; } YY_BREAK case 26: YY_RULE_SETUP -#line 90 "lex.l" -{ return *yytext; } +#line 88 "lex.l" +{ return kw_EXPORTS; } YY_BREAK case 27: YY_RULE_SETUP -#line 91 "lex.l" -{ return *yytext; } +#line 89 "lex.l" +{ return kw_EXTENSIBILITY; } YY_BREAK case 28: YY_RULE_SETUP -#line 92 "lex.l" -{ return EEQUAL; } +#line 90 "lex.l" +{ return kw_EXTERNAL; } YY_BREAK case 29: YY_RULE_SETUP -#line 93 "lex.l" -{ handle_comment(0); } +#line 91 "lex.l" +{ return kw_FALSE; } YY_BREAK case 30: YY_RULE_SETUP -#line 94 "lex.l" -{ handle_comment(1); } +#line 92 "lex.l" +{ return kw_FROM; } YY_BREAK case 31: YY_RULE_SETUP -#line 95 "lex.l" -{ char *e, *y = yytext; - yylval.constant = strtol((const char *)yytext, - &e, 0); - if(e == y) - error_message("malformed constant (%s)", yytext); - else - return CONSTANT; - } +#line 93 "lex.l" +{ return kw_GeneralString; } YY_BREAK case 32: YY_RULE_SETUP -#line 103 "lex.l" -{ - yylval.name = strdup ((const char *)yytext); - return IDENT; - } +#line 94 "lex.l" +{ return kw_GeneralizedTime; } YY_BREAK case 33: YY_RULE_SETUP -#line 107 "lex.l" -; +#line 95 "lex.l" +{ return kw_GraphicString; } YY_BREAK case 34: -/* rule 34 can match eol */ YY_RULE_SETUP -#line 108 "lex.l" -{ ++lineno; } +#line 96 "lex.l" +{ return kw_IA5String; } YY_BREAK case 35: YY_RULE_SETUP -#line 109 "lex.l" -{ return DOTDOTDOT; } +#line 97 "lex.l" +{ return kw_IDENTIFIER; } YY_BREAK case 36: YY_RULE_SETUP -#line 110 "lex.l" -{ return DOTDOT; } +#line 98 "lex.l" +{ return kw_IMPLICIT; } YY_BREAK case 37: YY_RULE_SETUP -#line 111 "lex.l" -{ error_message("Ignoring char(%c)\n", *yytext); } +#line 99 "lex.l" +{ return kw_IMPLIED; } YY_BREAK case 38: YY_RULE_SETUP +#line 100 "lex.l" +{ return kw_IMPORTS; } + YY_BREAK +case 39: +YY_RULE_SETUP +#line 101 "lex.l" +{ return kw_INCLUDES; } + YY_BREAK +case 40: +YY_RULE_SETUP +#line 102 "lex.l" +{ return kw_INSTANCE; } + YY_BREAK +case 41: +YY_RULE_SETUP +#line 103 "lex.l" +{ return kw_INTEGER; } + YY_BREAK +case 42: +YY_RULE_SETUP +#line 104 "lex.l" +{ return kw_INTERSECTION; } + YY_BREAK +case 43: +YY_RULE_SETUP +#line 105 "lex.l" +{ return kw_ISO646String; } + YY_BREAK +case 44: +YY_RULE_SETUP +#line 106 "lex.l" +{ return kw_MAX; } + YY_BREAK +case 45: +YY_RULE_SETUP +#line 107 "lex.l" +{ return kw_MIN; } + YY_BREAK +case 46: +YY_RULE_SETUP +#line 108 "lex.l" +{ return kw_MINUS_INFINITY; } + YY_BREAK +case 47: +YY_RULE_SETUP +#line 109 "lex.l" +{ return kw_NULL; } + YY_BREAK +case 48: +YY_RULE_SETUP +#line 110 "lex.l" +{ return kw_NumericString; } + YY_BREAK +case 49: +YY_RULE_SETUP +#line 111 "lex.l" +{ return kw_OBJECT; } + YY_BREAK +case 50: +YY_RULE_SETUP #line 112 "lex.l" -ECHO; +{ return kw_OCTET; } YY_BREAK -#line 1056 "lex.yy.c" -case YY_STATE_EOF(INITIAL): - yyterminate(); - - case YY_END_OF_BUFFER: - { - /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; - - /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = (yy_hold_char); - YY_RESTORE_YY_MORE_OFFSET - - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) - { - /* We're scanning a new file or input source. It's - * possible that this happened because the user - * just pointed yyin at a new source and called - * yylex(). If so, then we have to assure - * consistency between YY_CURRENT_BUFFER and our - * globals. Here is the right place to do so, because - * this is the first action (other than possibly a - * back-up) that will match for the new input source. - */ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; - } - - /* Note that here we test for yy_c_buf_p "<=" to the position - * of the first EOB in the buffer, since yy_c_buf_p will - * already have been incremented past the NUL character - * (since all states make transitions on EOB to the - * end-of-buffer state). Contrast this with the test +case 51: +YY_RULE_SETUP +#line 113 "lex.l" +{ return kw_OF; } + YY_BREAK +case 52: +YY_RULE_SETUP +#line 114 "lex.l" +{ return kw_OPTIONAL; } + YY_BREAK +case 53: +YY_RULE_SETUP +#line 115 "lex.l" +{ return kw_ObjectDescriptor; } + YY_BREAK +case 54: +YY_RULE_SETUP +#line 116 "lex.l" +{ return kw_PATTERN; } + YY_BREAK +case 55: +YY_RULE_SETUP +#line 117 "lex.l" +{ return kw_PDV; } + YY_BREAK +case 56: +YY_RULE_SETUP +#line 118 "lex.l" +{ return kw_PLUS_INFINITY; } + YY_BREAK +case 57: +YY_RULE_SETUP +#line 119 "lex.l" +{ return kw_PRESENT; } + YY_BREAK +case 58: +YY_RULE_SETUP +#line 120 "lex.l" +{ return kw_PRIVATE; } + YY_BREAK +case 59: +YY_RULE_SETUP +#line 121 "lex.l" +{ return kw_PrintableString; } + YY_BREAK +case 60: +YY_RULE_SETUP +#line 122 "lex.l" +{ return kw_REAL; } + YY_BREAK +case 61: +YY_RULE_SETUP +#line 123 "lex.l" +{ return kw_RELATIVE_OID; } + YY_BREAK +case 62: +YY_RULE_SETUP +#line 124 "lex.l" +{ return kw_SEQUENCE; } + YY_BREAK +case 63: +YY_RULE_SETUP +#line 125 "lex.l" +{ return kw_SET; } + YY_BREAK +case 64: +YY_RULE_SETUP +#line 126 "lex.l" +{ return kw_SIZE; } + YY_BREAK +case 65: +YY_RULE_SETUP +#line 127 "lex.l" +{ return kw_STRING; } + YY_BREAK +case 66: +YY_RULE_SETUP +#line 128 "lex.l" +{ return kw_SYNTAX; } + YY_BREAK +case 67: +YY_RULE_SETUP +#line 129 "lex.l" +{ return kw_T61String; } + YY_BREAK +case 68: +YY_RULE_SETUP +#line 130 "lex.l" +{ return kw_TAGS; } + YY_BREAK +case 69: +YY_RULE_SETUP +#line 131 "lex.l" +{ return kw_TRUE; } + YY_BREAK +case 70: +YY_RULE_SETUP +#line 132 "lex.l" +{ return kw_TYPE_IDENTIFIER; } + YY_BREAK +case 71: +YY_RULE_SETUP +#line 133 "lex.l" +{ return kw_TeletexString; } + YY_BREAK +case 72: +YY_RULE_SETUP +#line 134 "lex.l" +{ return kw_UNION; } + YY_BREAK +case 73: +YY_RULE_SETUP +#line 135 "lex.l" +{ return kw_UNIQUE; } + YY_BREAK +case 74: +YY_RULE_SETUP +#line 136 "lex.l" +{ return kw_UNIVERSAL; } + YY_BREAK +case 75: +YY_RULE_SETUP +#line 137 "lex.l" +{ return kw_UTCTime; } + YY_BREAK +case 76: +YY_RULE_SETUP +#line 138 "lex.l" +{ return kw_UTF8String; } + YY_BREAK +case 77: +YY_RULE_SETUP +#line 139 "lex.l" +{ return kw_UniversalString; } + YY_BREAK +case 78: +YY_RULE_SETUP +#line 140 "lex.l" +{ return kw_VideotexString; } + YY_BREAK +case 79: +YY_RULE_SETUP +#line 141 "lex.l" +{ return kw_VisibleString; } + YY_BREAK +case 80: +YY_RULE_SETUP +#line 142 "lex.l" +{ return kw_WITH; } + YY_BREAK +case 81: +YY_RULE_SETUP +#line 143 "lex.l" +{ return *yytext; } + YY_BREAK +case 82: +YY_RULE_SETUP +#line 144 "lex.l" +{ return *yytext; } + YY_BREAK +case 83: +YY_RULE_SETUP +#line 145 "lex.l" +{ return *yytext; } + YY_BREAK +case 84: +YY_RULE_SETUP +#line 146 "lex.l" +{ return EEQUAL; } + YY_BREAK +case 85: +YY_RULE_SETUP +#line 147 "lex.l" +{ handle_comment(0); } + YY_BREAK +case 86: +YY_RULE_SETUP +#line 148 "lex.l" +{ handle_comment(1); } + YY_BREAK +case 87: +YY_RULE_SETUP +#line 149 "lex.l" +{ yylval.name = handle_string(); return STRING; } + YY_BREAK +case 88: +YY_RULE_SETUP +#line 151 "lex.l" +{ char *e, *y = yytext; + yylval.constant = strtol((const char *)yytext, + &e, 0); + if(e == y) + error_message("malformed constant (%s)", yytext); + else + return NUMBER; + } + YY_BREAK +case 89: +YY_RULE_SETUP +#line 159 "lex.l" +{ + yylval.name = estrdup ((const char *)yytext); + return IDENTIFIER; + } + YY_BREAK +case 90: +YY_RULE_SETUP +#line 163 "lex.l" +; + YY_BREAK +case 91: +YY_RULE_SETUP +#line 164 "lex.l" +{ ++lineno; } + YY_BREAK +case 92: +YY_RULE_SETUP +#line 165 "lex.l" +{ return ELLIPSIS; } + YY_BREAK +case 93: +YY_RULE_SETUP +#line 166 "lex.l" +{ return RANGE; } + YY_BREAK +case 94: +YY_RULE_SETUP +#line 167 "lex.l" +{ error_message("Ignoring char(%c)\n", *yytext); } + YY_BREAK +case 95: +YY_RULE_SETUP +#line 168 "lex.l" +ECHO; + YY_BREAK +#line 1485 "lex.yy.c" +case YY_STATE_EOF(INITIAL): + yyterminate(); + + case YY_END_OF_BUFFER: + { + /* Amount of text matched not including the EOB char. */ + int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; + + /* Undo the effects of YY_DO_BEFORE_ACTION. */ + *yy_cp = yy_hold_char; + YY_RESTORE_YY_MORE_OFFSET + + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) + { + /* We're scanning a new file or input source. It's + * possible that this happened because the user + * just pointed yyin at a new source and called + * yylex(). If so, then we have to assure + * consistency between yy_current_buffer and our + * globals. Here is the right place to do so, because + * this is the first action (other than possibly a + * back-up) that will match for the new input source. + */ + yy_n_chars = yy_current_buffer->yy_n_chars; + yy_current_buffer->yy_input_file = yyin; + yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; + } + + /* Note that here we test for yy_c_buf_p "<=" to the position + * of the first EOB in the buffer, since yy_c_buf_p will + * already have been incremented past the NUL character + * (since all states make transitions on EOB to the + * end-of-buffer state). Contrast this with the test * in input(). */ - if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) { /* This was really a NUL. */ yy_state_type yy_next_state; - (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); /* Okay, we're now positioned to make the NUL * transition. We couldn't have @@ -1107,30 +1536,30 @@ case YY_STATE_EOF(INITIAL): yy_next_state = yy_try_NUL_trans( yy_current_state ); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_bp = yytext_ptr + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ - yy_cp = ++(yy_c_buf_p); + yy_cp = ++yy_c_buf_p; yy_current_state = yy_next_state; goto yy_match; } else { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; goto yy_find_action; } } - else switch ( yy_get_next_buffer( ) ) + else switch ( yy_get_next_buffer() ) { case EOB_ACT_END_OF_FILE: { - (yy_did_buffer_switch_on_eof) = 0; + yy_did_buffer_switch_on_eof = 0; - if ( yywrap( ) ) + if ( yywrap() ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -1141,7 +1570,7 @@ case YY_STATE_EOF(INITIAL): * YY_NULL, it'll still work - another * YY_NULL will get returned. */ - (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; + yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; @@ -1149,30 +1578,30 @@ case YY_STATE_EOF(INITIAL): else { - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = - (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = + yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: - (yy_c_buf_p) = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; + yy_c_buf_p = + &yy_current_buffer->yy_ch_buf[yy_n_chars]; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_find_action; } break; @@ -1183,7 +1612,8 @@ case YY_STATE_EOF(INITIAL): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ -} /* end of yylex */ + } /* end of yylex */ + /* yy_get_next_buffer - try to read in a new buffer * @@ -1192,20 +1622,21 @@ case YY_STATE_EOF(INITIAL): * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ -static int yy_get_next_buffer (void) -{ - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = (yytext_ptr); + +static int yy_get_next_buffer() + { + register char *dest = yy_current_buffer->yy_ch_buf; + register char *source = yytext_ptr; register int number_to_move, i; int ret_val; - if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) + if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); - if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) + if ( yy_current_buffer->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ - if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) + if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. @@ -1225,30 +1656,34 @@ static int yy_get_next_buffer (void) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; + yy_current_buffer->yy_n_chars = yy_n_chars = 0; else { - size_t num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + int num_to_read = + yy_current_buffer->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ +#ifdef YY_USES_REJECT + YY_FATAL_ERROR( +"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); +#else /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + YY_BUFFER_STATE b = yy_current_buffer; int yy_c_buf_p_offset = - (int) ((yy_c_buf_p) - b->yy_ch_buf); + (int) (yy_c_buf_p - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { @@ -1261,7 +1696,8 @@ static int yy_get_next_buffer (void) b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); + yy_flex_realloc( (void *) b->yy_ch_buf, + b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ @@ -1271,35 +1707,35 @@ static int yy_get_next_buffer (void) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); - (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; + yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; - num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - + num_to_read = yy_current_buffer->yy_buf_size - number_to_move - 1; - +#endif } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ - YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), num_to_read ); + YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), + yy_n_chars, num_to_read ); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + yy_current_buffer->yy_n_chars = yy_n_chars; } - if ( (yy_n_chars) == 0 ) + if ( yy_n_chars == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - yyrestart(yyin ); + yyrestart( yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = + yy_current_buffer->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } @@ -1307,137 +1743,153 @@ static int yy_get_next_buffer (void) else ret_val = EOB_ACT_CONTINUE_SCAN; - (yy_n_chars) += number_to_move; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; + yy_n_chars += number_to_move; + yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; + yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; - (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; + yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; return ret_val; -} + } + /* yy_get_previous_state - get the state just before the EOB char was reached */ - static yy_state_type yy_get_previous_state (void) -{ +static yy_state_type yy_get_previous_state() + { register yy_state_type yy_current_state; register char *yy_cp; - - yy_current_state = (yy_start); - for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) + yy_current_state = yy_start; + + for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 183 ) + if ( yy_current_state >= 568 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; } return yy_current_state; -} + } + /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ - static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) -{ + +#ifdef YY_USE_PROTOS +static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) +#else +static yy_state_type yy_try_NUL_trans( yy_current_state ) +yy_state_type yy_current_state; +#endif + { register int yy_is_jam; - register char *yy_cp = (yy_c_buf_p); + register char *yy_cp = yy_c_buf_p; register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 183 ) + if ( yy_current_state >= 568 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 182); + yy_is_jam = (yy_current_state == 567); return yy_is_jam ? 0 : yy_current_state; -} + } - static void yyunput (int c, register char * yy_bp ) -{ - register char *yy_cp; - - yy_cp = (yy_c_buf_p); + +#ifndef YY_NO_UNPUT +#ifdef YY_USE_PROTOS +static void yyunput( int c, register char *yy_bp ) +#else +static void yyunput( c, yy_bp ) +int c; +register char *yy_bp; +#endif + { + register char *yy_cp = yy_c_buf_p; /* undo effects of setting up yytext */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; + register int number_to_move = yy_n_chars + 2; + register char *dest = &yy_current_buffer->yy_ch_buf[ + yy_current_buffer->yy_buf_size + 2]; register char *source = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; + &yy_current_buffer->yy_ch_buf[number_to_move]; - while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + while ( source > yy_current_buffer->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + yy_current_buffer->yy_n_chars = + yy_n_chars = yy_current_buffer->yy_buf_size; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; - (yytext_ptr) = yy_bp; - (yy_hold_char) = *yy_cp; - (yy_c_buf_p) = yy_cp; -} + + yytext_ptr = yy_bp; + yy_hold_char = *yy_cp; + yy_c_buf_p = yy_cp; + } +#endif /* ifndef YY_NO_UNPUT */ + #ifndef YY_NO_INPUT #ifdef __cplusplus - static int yyinput (void) +static int yyinput() #else - static int input (void) +static int input() #endif - -{ + { int c; - - *(yy_c_buf_p) = (yy_hold_char); - if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) + *yy_c_buf_p = yy_hold_char; + + if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ - if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) /* This was really a NUL. */ - *(yy_c_buf_p) = '\0'; + *yy_c_buf_p = '\0'; else { /* need more input */ - int offset = (yy_c_buf_p) - (yytext_ptr); - ++(yy_c_buf_p); + int offset = yy_c_buf_p - yytext_ptr; + ++yy_c_buf_p; - switch ( yy_get_next_buffer( ) ) + switch ( yy_get_next_buffer() ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() @@ -1451,16 +1903,16 @@ static int yy_get_next_buffer (void) */ /* Reset buffer status. */ - yyrestart(yyin ); + yyrestart( yyin ); - /*FALLTHROUGH*/ + /* fall through */ case EOB_ACT_END_OF_FILE: { - if ( yywrap( ) ) + if ( yywrap() ) return EOF; - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); @@ -1470,92 +1922,90 @@ static int yy_get_next_buffer (void) } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = (yytext_ptr) + offset; + yy_c_buf_p = yytext_ptr + offset; break; } } } - c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ - *(yy_c_buf_p) = '\0'; /* preserve yytext */ - (yy_hold_char) = *++(yy_c_buf_p); + c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ + *yy_c_buf_p = '\0'; /* preserve yytext */ + yy_hold_char = *++yy_c_buf_p; + return c; -} -#endif /* ifndef YY_NO_INPUT */ + } +#endif /* YY_NO_INPUT */ -/** Immediately switch to a different input stream. - * @param input_file A readable stream. - * - * @note This function does not reset the start condition to @c INITIAL . - */ - void yyrestart (FILE * input_file ) -{ - - if ( ! YY_CURRENT_BUFFER ){ - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); +#ifdef YY_USE_PROTOS +void yyrestart( FILE *input_file ) +#else +void yyrestart( input_file ) +FILE *input_file; +#endif + { + if ( ! yy_current_buffer ) + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); + + yy_init_buffer( yy_current_buffer, input_file ); + yy_load_buffer_state(); } - yy_init_buffer(YY_CURRENT_BUFFER,input_file ); - yy_load_buffer_state( ); -} -/** Switch to a different input buffer. - * @param new_buffer The new input buffer. - * - */ - void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) -{ - - /* TODO. We should be able to replace this entire function body - * with - * yypop_buffer_state(); - * yypush_buffer_state(new_buffer); - */ - yyensure_buffer_stack (); - if ( YY_CURRENT_BUFFER == new_buffer ) +#ifdef YY_USE_PROTOS +void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) +#else +void yy_switch_to_buffer( new_buffer ) +YY_BUFFER_STATE new_buffer; +#endif + { + if ( yy_current_buffer == new_buffer ) return; - if ( YY_CURRENT_BUFFER ) + if ( yy_current_buffer ) { /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + *yy_c_buf_p = yy_hold_char; + yy_current_buffer->yy_buf_pos = yy_c_buf_p; + yy_current_buffer->yy_n_chars = yy_n_chars; } - YY_CURRENT_BUFFER_LVALUE = new_buffer; - yy_load_buffer_state( ); + yy_current_buffer = new_buffer; + yy_load_buffer_state(); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ - (yy_did_buffer_switch_on_eof) = 1; -} + yy_did_buffer_switch_on_eof = 1; + } -static void yy_load_buffer_state (void) -{ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; - yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; - (yy_hold_char) = *(yy_c_buf_p); -} -/** Allocate and initialize an input buffer state. - * @param file A readable stream. - * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. - * - * @return the allocated buffer state. - */ - YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) -{ +#ifdef YY_USE_PROTOS +void yy_load_buffer_state( void ) +#else +void yy_load_buffer_state() +#endif + { + yy_n_chars = yy_current_buffer->yy_n_chars; + yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; + yyin = yy_current_buffer->yy_input_file; + yy_hold_char = *yy_c_buf_p; + } + + +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) +#else +YY_BUFFER_STATE yy_create_buffer( file, size ) +FILE *file; +int size; +#endif + { YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); @@ -1564,75 +2014,75 @@ static void yy_load_buffer_state (void) /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); + b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - yy_init_buffer(b,file ); + yy_init_buffer( b, file ); return b; -} + } -/** Destroy the buffer. - * @param b a buffer created with yy_create_buffer() - * - */ - void yy_delete_buffer (YY_BUFFER_STATE b ) -{ - + +#ifdef YY_USE_PROTOS +void yy_delete_buffer( YY_BUFFER_STATE b ) +#else +void yy_delete_buffer( b ) +YY_BUFFER_STATE b; +#endif + { if ( ! b ) return; - if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ - YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; + if ( b == yy_current_buffer ) + yy_current_buffer = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - yyfree((void *) b->yy_ch_buf ); + yy_flex_free( (void *) b->yy_ch_buf ); - yyfree((void *) b ); -} + yy_flex_free( (void *) b ); + } -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* Initializes or reinitializes a buffer. - * This function is sometimes called more than once on the same buffer, - * such as during a yyrestart() or at EOF. - */ - static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) -{ - int oerrno = errno; - - yy_flush_buffer(b ); + +#ifdef YY_USE_PROTOS +void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) +#else +void yy_init_buffer( b, file ) +YY_BUFFER_STATE b; +FILE *file; +#endif + + + { + yy_flush_buffer( b ); b->yy_input_file = file; b->yy_fill_buffer = 1; - /* If b is the current buffer, then yy_init_buffer was _probably_ - * called from yyrestart() or through yy_get_next_buffer. - * In that case, we don't want to reset the lineno or column. - */ - if (b != YY_CURRENT_BUFFER){ - b->yy_bs_lineno = 1; - b->yy_bs_column = 0; - } +#if YY_ALWAYS_INTERACTIVE + b->yy_is_interactive = 1; +#else +#if YY_NEVER_INTERACTIVE + b->yy_is_interactive = 0; +#else + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; +#endif +#endif + } - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; - - errno = oerrno; -} -/** Discard all buffered characters. On the next scan, YY_INPUT will be called. - * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. - * - */ - void yy_flush_buffer (YY_BUFFER_STATE b ) -{ - if ( ! b ) +#ifdef YY_USE_PROTOS +void yy_flush_buffer( YY_BUFFER_STATE b ) +#else +void yy_flush_buffer( b ) +YY_BUFFER_STATE b; +#endif + + { + if ( ! b ) return; b->yy_n_chars = 0; @@ -1649,121 +2099,29 @@ extern int isatty (int ); b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; - if ( b == YY_CURRENT_BUFFER ) - yy_load_buffer_state( ); -} - -/** Pushes the new state onto the stack. The new state becomes - * the current state. This function will allocate the stack - * if necessary. - * @param new_buffer The new state. - * - */ -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) -{ - if (new_buffer == NULL) - return; - - yyensure_buffer_stack(); - - /* This block is copied from yy_switch_to_buffer. */ - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - /* Only push if top exists. Otherwise, replace top. */ - if (YY_CURRENT_BUFFER) - (yy_buffer_stack_top)++; - YY_CURRENT_BUFFER_LVALUE = new_buffer; - - /* copied from yy_switch_to_buffer. */ - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; -} - -/** Removes and deletes the top of the stack, if present. - * The next element becomes the new top. - * - */ -void yypop_buffer_state (void) -{ - if (!YY_CURRENT_BUFFER) - return; - - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - if ((yy_buffer_stack_top) > 0) - --(yy_buffer_stack_top); - - if (YY_CURRENT_BUFFER) { - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; + if ( b == yy_current_buffer ) + yy_load_buffer_state(); } -} - -/* Allocates the stack if it does not exist. - * Guarantees space for at least one push. - */ -static void yyensure_buffer_stack (void) -{ - int num_to_alloc; - - if (!(yy_buffer_stack)) { - - /* First allocation is just for 2 elements, since we don't know if this - * scanner will even need a stack. We use 2 instead of 1 to avoid an - * immediate realloc on the next call. - */ - num_to_alloc = 1; - (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc - (num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - - (yy_buffer_stack_max) = num_to_alloc; - (yy_buffer_stack_top) = 0; - return; - } - - if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ - - /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; - - num_to_alloc = (yy_buffer_stack_max) + grow_size; - (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc - ((yy_buffer_stack), - num_to_alloc * sizeof(struct yy_buffer_state*) - ); - /* zero only the new slots.*/ - memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); - (yy_buffer_stack_max) = num_to_alloc; - } -} -/** Setup the input buffer state to scan directly from a user-specified character buffer. - * @param base the character buffer - * @param size the size in bytes of the character buffer - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) -{ +#ifndef YY_NO_SCAN_BUFFER +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) +#else +YY_BUFFER_STATE yy_scan_buffer( base, size ) +char *base; +yy_size_t size; +#endif + { YY_BUFFER_STATE b; - + if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); @@ -1777,42 +2135,47 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - yy_switch_to_buffer(b ); + yy_switch_to_buffer( b ); return b; -} + } +#endif -/** Setup the input buffer state to scan a string. The next call to yylex() will - * scan from a @e copy of @a str. - * @param str a NUL-terminated string to scan - * - * @return the newly allocated buffer state object. - * @note If you want to scan bytes that may contain NUL values, then use - * yy_scan_bytes() instead. - */ -YY_BUFFER_STATE yy_scan_string (yyconst char * yy_str ) -{ - - return yy_scan_bytes(yy_str,strlen(yy_str) ); -} -/** Setup the input buffer state to scan the given bytes. The next call to yylex() will - * scan from a @e copy of @a bytes. - * @param bytes the byte buffer to scan - * @param len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) -{ +#ifndef YY_NO_SCAN_STRING +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) +#else +YY_BUFFER_STATE yy_scan_string( yy_str ) +yyconst char *yy_str; +#endif + { + int len; + for ( len = 0; yy_str[len]; ++len ) + ; + + return yy_scan_bytes( yy_str, len ); + } +#endif + + +#ifndef YY_NO_SCAN_BYTES +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) +#else +YY_BUFFER_STATE yy_scan_bytes( bytes, len ) +yyconst char *bytes; +int len; +#endif + { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; - + /* Get memory for full buffer, including space for trailing EOB's. */ n = len + 2; - buf = (char *) yyalloc(n ); + buf = (char *) yy_flex_alloc( n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); @@ -1821,7 +2184,7 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; - b = yy_scan_buffer(buf,n ); + b = yy_scan_buffer( buf, n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); @@ -1831,164 +2194,148 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) b->yy_is_our_buffer = 1; return b; -} + } +#endif -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 + +#ifndef YY_NO_PUSH_STATE +#ifdef YY_USE_PROTOS +static void yy_push_state( int new_state ) +#else +static void yy_push_state( new_state ) +int new_state; #endif + { + if ( yy_start_stack_ptr >= yy_start_stack_depth ) + { + yy_size_t new_size; -static void yy_fatal_error (yyconst char* msg ) -{ - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); -} + yy_start_stack_depth += YY_START_STACK_INCR; + new_size = yy_start_stack_depth * sizeof( int ); -/* Redefine yyless() so it works in section 3 code. */ + if ( ! yy_start_stack ) + yy_start_stack = (int *) yy_flex_alloc( new_size ); -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - yytext[yyleng] = (yy_hold_char); \ - (yy_c_buf_p) = yytext + yyless_macro_arg; \ - (yy_hold_char) = *(yy_c_buf_p); \ - *(yy_c_buf_p) = '\0'; \ - yyleng = yyless_macro_arg; \ - } \ - while ( 0 ) + else + yy_start_stack = (int *) yy_flex_realloc( + (void *) yy_start_stack, new_size ); -/* Accessor methods (get/set functions) to struct members. */ + if ( ! yy_start_stack ) + YY_FATAL_ERROR( + "out of memory expanding start-condition stack" ); + } -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} + yy_start_stack[yy_start_stack_ptr++] = YY_START; -/** Get the input stream. - * - */ -FILE *yyget_in (void) -{ - return yyin; -} + BEGIN(new_state); + } +#endif -/** Get the output stream. - * - */ -FILE *yyget_out (void) -{ - return yyout; -} -/** Get the length of the current token. - * - */ -int yyget_leng (void) -{ - return yyleng; -} +#ifndef YY_NO_POP_STATE +static void yy_pop_state() + { + if ( --yy_start_stack_ptr < 0 ) + YY_FATAL_ERROR( "start-condition stack underflow" ); -/** Get the current token. - * - */ + BEGIN(yy_start_stack[yy_start_stack_ptr]); + } +#endif -char *yyget_text (void) -{ - return yytext; -} -/** Set the current line number. - * @param line_number - * - */ -void yyset_lineno (int line_number ) -{ - - yylineno = line_number; -} +#ifndef YY_NO_TOP_STATE +static int yy_top_state() + { + return yy_start_stack[yy_start_stack_ptr - 1]; + } +#endif -/** Set the input stream. This does not discard the current - * input buffer. - * @param in_str A readable stream. - * - * @see yy_switch_to_buffer - */ -void yyset_in (FILE * in_str ) -{ - yyin = in_str ; -} +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif -void yyset_out (FILE * out_str ) -{ - yyout = out_str ; -} +#ifdef YY_USE_PROTOS +static void yy_fatal_error( yyconst char msg[] ) +#else +static void yy_fatal_error( msg ) +char msg[]; +#endif + { + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); + } -int yyget_debug (void) -{ - return yy_flex_debug; -} -void yyset_debug (int bdebug ) -{ - yy_flex_debug = bdebug ; -} -/* yylex_destroy is for both reentrant and non-reentrant scanners. */ -int yylex_destroy (void) -{ - - /* Pop the buffer stack, destroying each element. */ - while(YY_CURRENT_BUFFER){ - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - yypop_buffer_state(); - } +/* Redefine yyless() so it works in section 3 code. */ - /* Destroy the stack itself. */ - yyfree((yy_buffer_stack) ); - (yy_buffer_stack) = NULL; +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + yytext[yyleng] = yy_hold_char; \ + yy_c_buf_p = yytext + n; \ + yy_hold_char = *yy_c_buf_p; \ + *yy_c_buf_p = '\0'; \ + yyleng = n; \ + } \ + while ( 0 ) - return 0; -} -/* - * Internal utility routines. - */ +/* Internal utility routines. */ #ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) -{ +#ifdef YY_USE_PROTOS +static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) +#else +static void yy_flex_strncpy( s1, s2, n ) +char *s1; +yyconst char *s2; +int n; +#endif + { register int i; - for ( i = 0; i < n; ++i ) + for ( i = 0; i < n; ++i ) s1[i] = s2[i]; -} + } #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * s ) -{ +#ifdef YY_USE_PROTOS +static int yy_flex_strlen( yyconst char *s ) +#else +static int yy_flex_strlen( s ) +yyconst char *s; +#endif + { register int n; - for ( n = 0; s[n]; ++n ) + for ( n = 0; s[n]; ++n ) ; return n; -} + } #endif -void *yyalloc (yy_size_t size ) -{ + +#ifdef YY_USE_PROTOS +static void *yy_flex_alloc( yy_size_t size ) +#else +static void *yy_flex_alloc( size ) +yy_size_t size; +#endif + { return (void *) malloc( size ); -} + } -void *yyrealloc (void * ptr, yy_size_t size ) -{ +#ifdef YY_USE_PROTOS +static void *yy_flex_realloc( void *ptr, yy_size_t size ) +#else +static void *yy_flex_realloc( ptr, size ) +void *ptr; +yy_size_t size; +#endif + { /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -1997,29 +2344,26 @@ void *yyrealloc (void * ptr, yy_size_t size ) * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); -} - -void yyfree (void * ptr ) -{ - free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ -} - -#define YYTABLES_NAME "yytables" - -#undef YY_NEW_FILE -#undef YY_FLUSH_BUFFER -#undef yy_set_bol -#undef yy_new_buffer -#undef yy_set_interactive -#undef yytext_ptr -#undef YY_DO_BEFORE_ACTION + } -#ifdef YY_DECL_IS_OURS -#undef YY_DECL_IS_OURS -#undef YY_DECL +#ifdef YY_USE_PROTOS +static void yy_flex_free( void *ptr ) +#else +static void yy_flex_free( ptr ) +void *ptr; #endif -#line 112 "lex.l" + { + free( ptr ); + } +#if YY_MAIN +int main() + { + yylex(); + return 0; + } +#endif +#line 168 "lex.l" #ifndef yywrap /* XXX */ @@ -2039,6 +2383,7 @@ error_message (const char *format, ...) fprintf (stderr, "%s:%d: ", get_filename(), lineno); vfprintf (stderr, format, args); va_end (args); + error_flag++; } static void @@ -2076,6 +2421,12 @@ handle_comment(int type) seen_slash = 1; continue; } + if(seen_star && c == '/') { + if(--level == 0) + return; + seen_star = 0; + continue; + } if(c == '*') { if(seen_slash) { level++; @@ -2096,3 +2447,49 @@ handle_comment(int type) error_message("unterminated comment, possibly started on line %d\n", start_lineno); } +static char * +handle_string(void) +{ + int start_lineno = lineno; + int c; + char buf[1024]; + char *p = buf; + int f = 0; + int skip_ws = 0; + + while((c = input()) != EOF) { + if(isspace(c) && skip_ws) { + if(c == '\n') + lineno++; + continue; + } + skip_ws = 0; + + if(c == '"') { + if(f) { + *p++ = '"'; + f = 0; + } else + f = 1; + continue; + } + if(f == 1) { + unput(c); + break; + } + if(c == '\n') { + lineno++; + while(p > buf && isspace((unsigned char)p[-1])) + p--; + skip_ws = 1; + continue; + } + *p++ = c; + } + if(c == EOF) + error_message("unterminated string, possibly started on line %d\n", start_lineno); + *p++ = '\0'; + fprintf(stderr, "string -- %s\n", buf); + return estrdup(buf); +} + diff --git a/source4/heimdal/lib/asn1/lex.h b/source4/heimdal/lib/asn1/lex.h index 9f5cadf92b..2d9e6745c5 100644 --- a/source4/heimdal/lib/asn1/lex.h +++ b/source4/heimdal/lib/asn1/lex.h @@ -31,11 +31,12 @@ * SUCH DAMAGE. */ -/* $Id: lex.h,v 1.5 2000/07/01 20:21:34 assar Exp $ */ +/* $Id: lex.h,v 1.6 2005/07/12 06:27:33 lha Exp $ */ #include void error_message (const char *, ...) __attribute__ ((format (printf, 1, 2))); +extern int error_flag; int yylex(void); diff --git a/source4/heimdal/lib/asn1/lex.l b/source4/heimdal/lib/asn1/lex.l index f0c123404a..cb6512f36f 100644 --- a/source4/heimdal/lib/asn1/lex.l +++ b/source4/heimdal/lib/asn1/lex.l @@ -1,6 +1,6 @@ %{ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ * SUCH DAMAGE. */ -/* $Id: lex.l,v 1.25 2005/06/16 19:58:35 lha Exp $ */ +/* $Id: lex.l,v 1.26 2005/07/12 06:27:33 lha Exp $ */ #ifdef HAVE_CONFIG_H #include @@ -52,62 +52,118 @@ static unsigned lineno = 1; -#define YY_NO_UNPUT - #undef ECHO static void handle_comment(int type); - +static char *handle_string(void); %} %% -INTEGER { return INTEGER; } -BOOLEAN { return BOOLEAN; } -IMPORTS { return IMPORTS; } -FROM { return FROM; } -SEQUENCE { return SEQUENCE; } -CHOICE { return CHOICE; } -OF { return OF; } -OCTET { return OCTET; } -STRING { return STRING; } -GeneralizedTime { return GeneralizedTime; } -GeneralString { return GeneralString; } -UTF8String { return UTF8String; } -NULL { return NULLTYPE; } -BIT { return BIT; } -APPLICATION { return APPLICATION; } -OPTIONAL { return OPTIONAL; } -BEGIN { return TBEGIN; } -END { return END; } -DEFAULT { return DEFAULT; } -DEFINITIONS { return DEFINITIONS; } -ENUMERATED { return ENUMERATED; } -EXTERNAL { return EXTERNAL; } -OBJECT { return OBJECT; } -IDENTIFIER { return IDENTIFIER; } -[-,;{}()|\"] { return *yytext; } +ABSENT { return kw_ABSENT; } +ABSTRACT-SYNTAX { return kw_ABSTRACT_SYNTAX; } +ALL { return kw_ALL; } +APPLICATION { return kw_APPLICATION; } +AUTOMATIC { return kw_AUTOMATIC; } +BEGIN { return kw_BEGIN; } +BIT { return kw_BIT; } +BMPString { return kw_BMPString; } +BOOLEAN { return kw_BOOLEAN; } +BY { return kw_BY; } +CHARACTER { return kw_CHARACTER; } +CHOICE { return kw_CHOICE; } +CLASS { return kw_CLASS; } +COMPONENT { return kw_COMPONENT; } +COMPONENTS { return kw_COMPONENTS; } +CONSTRAINED { return kw_CONSTRAINED; } +CONTAINING { return kw_CONTAINING; } +DEFAULT { return kw_DEFAULT; } +DEFINITIONS { return kw_DEFINITIONS; } +EMBEDDED { return kw_EMBEDDED; } +ENCODED { return kw_ENCODED; } +END { return kw_END; } +ENUMERATED { return kw_ENUMERATED; } +EXCEPT { return kw_EXCEPT; } +EXPLICIT { return kw_EXPLICIT; } +EXPORTS { return kw_EXPORTS; } +EXTENSIBILITY { return kw_EXTENSIBILITY; } +EXTERNAL { return kw_EXTERNAL; } +FALSE { return kw_FALSE; } +FROM { return kw_FROM; } +GeneralString { return kw_GeneralString; } +GeneralizedTime { return kw_GeneralizedTime; } +GraphicString { return kw_GraphicString; } +IA5String { return kw_IA5String; } +IDENTIFIER { return kw_IDENTIFIER; } +IMPLICIT { return kw_IMPLICIT; } +IMPLIED { return kw_IMPLIED; } +IMPORTS { return kw_IMPORTS; } +INCLUDES { return kw_INCLUDES; } +INSTANCE { return kw_INSTANCE; } +INTEGER { return kw_INTEGER; } +INTERSECTION { return kw_INTERSECTION; } +ISO646String { return kw_ISO646String; } +MAX { return kw_MAX; } +MIN { return kw_MIN; } +MINUS-INFINITY { return kw_MINUS_INFINITY; } +NULL { return kw_NULL; } +NumericString { return kw_NumericString; } +OBJECT { return kw_OBJECT; } +OCTET { return kw_OCTET; } +OF { return kw_OF; } +OPTIONAL { return kw_OPTIONAL; } +ObjectDescriptor { return kw_ObjectDescriptor; } +PATTERN { return kw_PATTERN; } +PDV { return kw_PDV; } +PLUS-INFINITY { return kw_PLUS_INFINITY; } +PRESENT { return kw_PRESENT; } +PRIVATE { return kw_PRIVATE; } +PrintableString { return kw_PrintableString; } +REAL { return kw_REAL; } +RELATIVE_OID { return kw_RELATIVE_OID; } +SEQUENCE { return kw_SEQUENCE; } +SET { return kw_SET; } +SIZE { return kw_SIZE; } +STRING { return kw_STRING; } +SYNTAX { return kw_SYNTAX; } +T61String { return kw_T61String; } +TAGS { return kw_TAGS; } +TRUE { return kw_TRUE; } +TYPE-IDENTIFIER { return kw_TYPE_IDENTIFIER; } +TeletexString { return kw_TeletexString; } +UNION { return kw_UNION; } +UNIQUE { return kw_UNIQUE; } +UNIVERSAL { return kw_UNIVERSAL; } +UTCTime { return kw_UTCTime; } +UTF8String { return kw_UTF8String; } +UniversalString { return kw_UniversalString; } +VideotexString { return kw_VideotexString; } +VisibleString { return kw_VisibleString; } +WITH { return kw_WITH; } +[-,;{}()|] { return *yytext; } "[" { return *yytext; } "]" { return *yytext; } ::= { return EEQUAL; } -- { handle_comment(0); } \/\* { handle_comment(1); } -0x[0-9A-Fa-f]+|[0-9]+ { char *e, *y = yytext; +"\"" { yylval.name = handle_string(); return STRING; } + +-?0x[0-9A-Fa-f]+|-?[0-9]+ { char *e, *y = yytext; yylval.constant = strtol((const char *)yytext, &e, 0); if(e == y) error_message("malformed constant (%s)", yytext); else - return CONSTANT; + return NUMBER; } [A-Za-z][-A-Za-z0-9_]* { - yylval.name = strdup ((const char *)yytext); - return IDENT; + yylval.name = estrdup ((const char *)yytext); + return IDENTIFIER; } [ \t] ; \n { ++lineno; } -\.\.\. { return DOTDOTDOT; } -\.\. { return DOTDOT; } +\.\.\. { return ELLIPSIS; } +\.\. { return RANGE; } . { error_message("Ignoring char(%c)\n", *yytext); } %% @@ -128,6 +184,7 @@ error_message (const char *format, ...) fprintf (stderr, "%s:%d: ", get_filename(), lineno); vfprintf (stderr, format, args); va_end (args); + error_flag++; } static void @@ -165,6 +222,12 @@ handle_comment(int type) seen_slash = 1; continue; } + if(seen_star && c == '/') { + if(--level == 0) + return; + seen_star = 0; + continue; + } if(c == '*') { if(seen_slash) { level++; @@ -184,3 +247,50 @@ handle_comment(int type) if(c == EOF) error_message("unterminated comment, possibly started on line %d\n", start_lineno); } + +static char * +handle_string(void) +{ + int start_lineno = lineno; + int c; + char buf[1024]; + char *p = buf; + int f = 0; + int skip_ws = 0; + + while((c = input()) != EOF) { + if(isspace(c) && skip_ws) { + if(c == '\n') + lineno++; + continue; + } + skip_ws = 0; + + if(c == '"') { + if(f) { + *p++ = '"'; + f = 0; + } else + f = 1; + continue; + } + if(f == 1) { + unput(c); + break; + } + if(c == '\n') { + lineno++; + while(p > buf && isspace((unsigned char)p[-1])) + p--; + skip_ws = 1; + continue; + } + *p++ = c; + } + if(c == EOF) + error_message("unterminated string, possibly started on line %d\n", start_lineno); + *p++ = '\0'; + fprintf(stderr, "string -- %s\n", buf); + return estrdup(buf); +} + diff --git a/source4/heimdal/lib/asn1/libasn1.h b/source4/heimdal/lib/asn1/libasn1.h new file mode 100644 index 0000000000..8ccde9a36a --- /dev/null +++ b/source4/heimdal/lib/asn1/libasn1.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: libasn1.h,v 1.11 2005/07/12 06:27:34 lha Exp $ */ + +#ifndef __LIBASN1_H__ +#define __LIBASN1_H__ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include "krb5_asn1.h" +#include "der.h" +#include "asn1_err.h" +#include + +#endif /* __LIBASN1_H__ */ diff --git a/source4/heimdal/lib/asn1/main.c b/source4/heimdal/lib/asn1/main.c index afa164ea81..088e8ebfa2 100644 --- a/source4/heimdal/lib/asn1/main.c +++ b/source4/heimdal/lib/asn1/main.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,14 +33,32 @@ #include "gen_locl.h" #include +#include "lex.h" -RCSID("$Id: main.c,v 1.13 2005/06/16 20:05:31 lha Exp $"); +RCSID("$Id: main.c,v 1.14 2005/07/12 06:27:34 lha Exp $"); extern FILE *yyin; +static getarg_strings preserve; + +int +preserve_type(const char *p) +{ + int i; + for (i = 0; i < preserve.num_strings; i++) + if (strcmp(preserve.strings[i], p) == 0) + return 1; + return 0; +} + +int dce_fix; +int rfc1510_bitstring; int version_flag; int help_flag; struct getargs args[] = { + { "encode-rfc1510-bit-string", 0, arg_flag, &rfc1510_bitstring }, + { "decode-dce-ber", 0, arg_flag, &dce_fix }, + { "preserve-binary", 0, arg_strings, &preserve }, { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } }; @@ -53,12 +71,14 @@ usage(int code) exit(code); } +int error_flag; + int main(int argc, char **argv) { int ret; - const char *file; - const char *name = NULL; + char *file; + char *name = NULL; int optidx = 0; setprogname(argv[0]); @@ -79,12 +99,21 @@ main(int argc, char **argv) yyin = fopen (file, "r"); if (yyin == NULL) err (1, "open %s", file); - name = argv[optidx + 1]; + if (argc == optidx + 1) { + char *p; + name = estrdup(file); + p = strrchr(name, '.'); + if (p) + *p = '\0'; + } else + name = argv[optidx + 1]; } init_generate (file, name); initsym (); ret = yyparse (); + if(ret != 0 || error_flag != 0) + exit(1); close_generate (); - return ret; + return 0; } diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index 2f80f32583..2d8697843b 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 1.875d. */ +/* A Bison parser, made by GNU Bison 1.875c. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -53,66 +53,182 @@ /* Put the tokens into the symbol table, so that GDB and other debuggers know about them. */ enum yytokentype { - INTEGER = 258, - SEQUENCE = 259, - CHOICE = 260, - OF = 261, - OCTET = 262, - STRING = 263, - GeneralizedTime = 264, - GeneralString = 265, - BIT = 266, - APPLICATION = 267, - OPTIONAL = 268, - EEQUAL = 269, - TBEGIN = 270, - END = 271, - DEFINITIONS = 272, - ENUMERATED = 273, - UTF8String = 274, - NULLTYPE = 275, - EXTERNAL = 276, - DEFAULT = 277, - DOTDOT = 278, - DOTDOTDOT = 279, - BOOLEAN = 280, - IMPORTS = 281, - FROM = 282, - OBJECT = 283, - IDENTIFIER = 284, - IDENT = 285, - CONSTANT = 286 + kw_ABSENT = 258, + kw_ABSTRACT_SYNTAX = 259, + kw_ALL = 260, + kw_APPLICATION = 261, + kw_AUTOMATIC = 262, + kw_BEGIN = 263, + kw_BIT = 264, + kw_BMPString = 265, + kw_BOOLEAN = 266, + kw_BY = 267, + kw_CHARACTER = 268, + kw_CHOICE = 269, + kw_CLASS = 270, + kw_COMPONENT = 271, + kw_COMPONENTS = 272, + kw_CONSTRAINED = 273, + kw_CONTAINING = 274, + kw_DEFAULT = 275, + kw_DEFINITIONS = 276, + kw_EMBEDDED = 277, + kw_ENCODED = 278, + kw_END = 279, + kw_ENUMERATED = 280, + kw_EXCEPT = 281, + kw_EXPLICIT = 282, + kw_EXPORTS = 283, + kw_EXTENSIBILITY = 284, + kw_EXTERNAL = 285, + kw_FALSE = 286, + kw_FROM = 287, + kw_GeneralString = 288, + kw_GeneralizedTime = 289, + kw_GraphicString = 290, + kw_IA5String = 291, + kw_IDENTIFIER = 292, + kw_IMPLICIT = 293, + kw_IMPLIED = 294, + kw_IMPORTS = 295, + kw_INCLUDES = 296, + kw_INSTANCE = 297, + kw_INTEGER = 298, + kw_INTERSECTION = 299, + kw_ISO646String = 300, + kw_MAX = 301, + kw_MIN = 302, + kw_MINUS_INFINITY = 303, + kw_NULL = 304, + kw_NumericString = 305, + kw_OBJECT = 306, + kw_OCTET = 307, + kw_OF = 308, + kw_OPTIONAL = 309, + kw_ObjectDescriptor = 310, + kw_PATTERN = 311, + kw_PDV = 312, + kw_PLUS_INFINITY = 313, + kw_PRESENT = 314, + kw_PRIVATE = 315, + kw_PrintableString = 316, + kw_REAL = 317, + kw_RELATIVE_OID = 318, + kw_SEQUENCE = 319, + kw_SET = 320, + kw_SIZE = 321, + kw_STRING = 322, + kw_SYNTAX = 323, + kw_T61String = 324, + kw_TAGS = 325, + kw_TRUE = 326, + kw_TYPE_IDENTIFIER = 327, + kw_TeletexString = 328, + kw_UNION = 329, + kw_UNIQUE = 330, + kw_UNIVERSAL = 331, + kw_UTCTime = 332, + kw_UTF8String = 333, + kw_UniversalString = 334, + kw_VideotexString = 335, + kw_VisibleString = 336, + kw_WITH = 337, + RANGE = 338, + EEQUAL = 339, + ELLIPSIS = 340, + IDENTIFIER = 341, + referencename = 342, + STRING = 343, + NUMBER = 344 }; #endif -#define INTEGER 258 -#define SEQUENCE 259 -#define CHOICE 260 -#define OF 261 -#define OCTET 262 -#define STRING 263 -#define GeneralizedTime 264 -#define GeneralString 265 -#define BIT 266 -#define APPLICATION 267 -#define OPTIONAL 268 -#define EEQUAL 269 -#define TBEGIN 270 -#define END 271 -#define DEFINITIONS 272 -#define ENUMERATED 273 -#define UTF8String 274 -#define NULLTYPE 275 -#define EXTERNAL 276 -#define DEFAULT 277 -#define DOTDOT 278 -#define DOTDOTDOT 279 -#define BOOLEAN 280 -#define IMPORTS 281 -#define FROM 282 -#define OBJECT 283 -#define IDENTIFIER 284 -#define IDENT 285 -#define CONSTANT 286 +#define kw_ABSENT 258 +#define kw_ABSTRACT_SYNTAX 259 +#define kw_ALL 260 +#define kw_APPLICATION 261 +#define kw_AUTOMATIC 262 +#define kw_BEGIN 263 +#define kw_BIT 264 +#define kw_BMPString 265 +#define kw_BOOLEAN 266 +#define kw_BY 267 +#define kw_CHARACTER 268 +#define kw_CHOICE 269 +#define kw_CLASS 270 +#define kw_COMPONENT 271 +#define kw_COMPONENTS 272 +#define kw_CONSTRAINED 273 +#define kw_CONTAINING 274 +#define kw_DEFAULT 275 +#define kw_DEFINITIONS 276 +#define kw_EMBEDDED 277 +#define kw_ENCODED 278 +#define kw_END 279 +#define kw_ENUMERATED 280 +#define kw_EXCEPT 281 +#define kw_EXPLICIT 282 +#define kw_EXPORTS 283 +#define kw_EXTENSIBILITY 284 +#define kw_EXTERNAL 285 +#define kw_FALSE 286 +#define kw_FROM 287 +#define kw_GeneralString 288 +#define kw_GeneralizedTime 289 +#define kw_GraphicString 290 +#define kw_IA5String 291 +#define kw_IDENTIFIER 292 +#define kw_IMPLICIT 293 +#define kw_IMPLIED 294 +#define kw_IMPORTS 295 +#define kw_INCLUDES 296 +#define kw_INSTANCE 297 +#define kw_INTEGER 298 +#define kw_INTERSECTION 299 +#define kw_ISO646String 300 +#define kw_MAX 301 +#define kw_MIN 302 +#define kw_MINUS_INFINITY 303 +#define kw_NULL 304 +#define kw_NumericString 305 +#define kw_OBJECT 306 +#define kw_OCTET 307 +#define kw_OF 308 +#define kw_OPTIONAL 309 +#define kw_ObjectDescriptor 310 +#define kw_PATTERN 311 +#define kw_PDV 312 +#define kw_PLUS_INFINITY 313 +#define kw_PRESENT 314 +#define kw_PRIVATE 315 +#define kw_PrintableString 316 +#define kw_REAL 317 +#define kw_RELATIVE_OID 318 +#define kw_SEQUENCE 319 +#define kw_SET 320 +#define kw_SIZE 321 +#define kw_STRING 322 +#define kw_SYNTAX 323 +#define kw_T61String 324 +#define kw_TAGS 325 +#define kw_TRUE 326 +#define kw_TYPE_IDENTIFIER 327 +#define kw_TeletexString 328 +#define kw_UNION 329 +#define kw_UNIQUE 330 +#define kw_UNIVERSAL 331 +#define kw_UTCTime 332 +#define kw_UTF8String 333 +#define kw_UniversalString 334 +#define kw_VideotexString 335 +#define kw_VisibleString 336 +#define kw_WITH 337 +#define RANGE 338 +#define EEQUAL 339 +#define ELLIPSIS 340 +#define IDENTIFIER 341 +#define referencename 342 +#define STRING 343 +#define NUMBER 344 @@ -129,19 +245,27 @@ #include "symbol.h" #include "lex.h" #include "gen_locl.h" +#include "der.h" -RCSID("$Id: parse.y,v 1.23 2004/10/13 17:41:48 lha Exp $"); +RCSID("$Id: parse.y,v 1.24 2005/07/12 06:27:35 lha Exp $"); static Type *new_type (Typetype t); +static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype); void yyerror (char *); +static struct objid *new_objid(const char *label, int value); +static void add_oid_to_tail(struct objid *, struct objid *); +static void fix_labels(Symbol *s); -static void append (Member *l, Member *r); +struct string_list { + char *string; + struct string_list *next; +}; /* Enabling traces. */ #ifndef YYDEBUG -# define YYDEBUG 0 +# define YYDEBUG 1 #endif /* Enabling verbose error messages. */ @@ -153,16 +277,22 @@ static void append (Member *l, Member *r); #endif #if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) -#line 56 "parse.y" +#line 64 "parse.y" typedef union YYSTYPE { - int constant; - char *name; - Type *type; - Member *member; - char *defval; + int constant; + struct value *value; + struct range range; + char *name; + Type *type; + Member *member; + struct objid *objid; + char *defval; + struct string_list *sl; + struct tagtype tag; + struct memhead *members; } YYSTYPE; /* Line 191 of yacc.c. */ -#line 166 "$base.c" +#line 296 "parse.c" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 @@ -174,7 +304,7 @@ typedef union YYSTYPE { /* Line 214 of yacc.c. */ -#line 178 "$base.c" +#line 308 "parse.c" #if ! defined (yyoverflow) || YYERROR_VERBOSE @@ -222,7 +352,7 @@ typedef union YYSTYPE { /* A type that is properly aligned for any stack member. */ union yyalloc { - short int yyss; + short yyss; YYSTYPE yyvs; }; @@ -232,7 +362,7 @@ union yyalloc /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ - ((N) * (sizeof (short int) + sizeof (YYSTYPE)) \ + ((N) * (sizeof (short) + sizeof (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) /* Copy COUNT objects from FROM to TO. The source and destination do @@ -274,26 +404,26 @@ union yyalloc #if defined (__STDC__) || defined (__cplusplus) typedef signed char yysigned_char; #else - typedef short int yysigned_char; + typedef short yysigned_char; #endif /* YYFINAL -- State number of the termination state. */ #define YYFINAL 4 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 107 +#define YYLAST 152 /* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 42 +#define YYNTOKENS 98 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 17 +#define YYNNTS 61 /* YYNRULES -- Number of rules. */ -#define YYNRULES 48 +#define YYNRULES 120 /* YYNRULES -- Number of states. */ -#define YYNSTATES 100 +#define YYNSTATES 181 /* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ #define YYUNDEFTOK 2 -#define YYMAXUTOK 286 +#define YYMAXUTOK 344 #define YYTRANSLATE(YYX) \ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) @@ -304,16 +434,16 @@ static const unsigned char yytranslate[] = 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 40, 2, 2, 2, 2, 2, - 34, 35, 2, 2, 32, 41, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 33, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 92, 93, 2, 2, 91, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 90, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 38, 2, 39, 2, 2, 2, 2, 2, 2, + 2, 96, 2, 97, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 36, 2, 37, 2, 2, 2, 2, + 2, 2, 2, 94, 2, 95, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -329,51 +459,89 @@ static const unsigned char yytranslate[] = 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31 + 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, + 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, + 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, + 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, + 85, 86, 87, 88, 89 }; #if YYDEBUG /* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in YYRHS. */ -static const unsigned char yyprhs[] = +static const unsigned short yyprhs[] = { - 0, 0, 3, 10, 11, 14, 16, 18, 20, 24, - 26, 32, 36, 41, 43, 50, 55, 58, 63, 66, - 68, 70, 72, 74, 78, 83, 88, 94, 96, 102, - 104, 105, 107, 111, 115, 121, 124, 127, 129, 131, - 134, 139, 140, 142, 146, 150, 155, 157, 160 + 0, 0, 3, 12, 15, 18, 21, 22, 25, 26, + 29, 30, 34, 35, 37, 38, 40, 43, 48, 50, + 53, 55, 57, 61, 63, 67, 69, 71, 73, 75, + 77, 79, 81, 83, 85, 87, 89, 91, 93, 95, + 97, 99, 101, 107, 109, 112, 117, 119, 123, 127, + 132, 137, 139, 142, 148, 151, 154, 156, 161, 165, + 169, 174, 178, 182, 187, 189, 191, 193, 195, 197, + 201, 206, 207, 209, 211, 213, 214, 216, 218, 223, + 225, 227, 229, 231, 233, 235, 237, 239, 243, 247, + 250, 252, 255, 259, 261, 265, 270, 272, 273, 277, + 278, 281, 286, 288, 290, 292, 294, 296, 298, 300, + 302, 304, 306, 308, 310, 312, 314, 316, 318, 320, + 322 }; /* YYRHS -- A `-1'-separated list of the rules' RHS. */ -static const yysigned_char yyrhs[] = +static const short yyrhs[] = { - 43, 0, -1, 30, 17, 14, 15, 44, 16, -1, - -1, 44, 45, -1, 47, -1, 48, -1, 49, -1, - 30, 32, 46, -1, 30, -1, 26, 46, 27, 30, - 33, -1, 30, 14, 50, -1, 30, 50, 14, 58, - -1, 3, -1, 3, 34, 58, 23, 58, 35, -1, - 3, 36, 56, 37, -1, 28, 29, -1, 18, 36, - 56, 37, -1, 7, 8, -1, 10, -1, 19, -1, - 20, -1, 9, -1, 4, 6, 50, -1, 4, 36, - 51, 37, -1, 5, 36, 51, 37, -1, 11, 8, - 36, 56, 37, -1, 30, -1, 38, 12, 58, 39, - 50, -1, 25, -1, -1, 53, -1, 51, 32, 24, - -1, 51, 32, 53, -1, 30, 38, 58, 39, 50, - -1, 52, 54, -1, 52, 55, -1, 52, -1, 13, - -1, 22, 58, -1, 22, 40, 30, 40, -1, -1, - 57, -1, 56, 32, 24, -1, 56, 32, 57, -1, - 30, 34, 58, 35, -1, 31, -1, 41, 31, -1, - 30, -1 + 99, 0, -1, 86, 21, 100, 101, 84, 8, 102, + 24, -1, 27, 70, -1, 38, 70, -1, 7, 70, + -1, -1, 29, 39, -1, -1, 103, 107, -1, -1, + 40, 104, 90, -1, -1, 105, -1, -1, 106, -1, + 105, 106, -1, 109, 32, 86, 144, -1, 108, -1, + 108, 107, -1, 110, -1, 136, -1, 86, 91, 109, + -1, 86, -1, 86, 84, 111, -1, 112, -1, 129, + -1, 120, -1, 113, -1, 137, -1, 128, -1, 118, + -1, 115, -1, 123, -1, 121, -1, 122, -1, 124, + -1, 125, -1, 126, -1, 127, -1, 132, -1, 11, + -1, 92, 148, 83, 148, 93, -1, 43, -1, 43, + 114, -1, 43, 94, 116, 95, -1, 117, -1, 116, + 91, 117, -1, 116, 91, 85, -1, 86, 92, 156, + 93, -1, 25, 94, 119, 95, -1, 116, -1, 9, + 67, -1, 9, 67, 94, 142, 95, -1, 51, 37, + -1, 52, 67, -1, 49, -1, 64, 94, 139, 95, + -1, 64, 94, 95, -1, 64, 53, 111, -1, 65, + 94, 139, 95, -1, 65, 94, 95, -1, 65, 53, + 111, -1, 14, 94, 139, 95, -1, 130, -1, 131, + -1, 86, -1, 34, -1, 77, -1, 133, 135, 111, + -1, 96, 134, 89, 97, -1, -1, 76, -1, 6, + -1, 60, -1, -1, 27, -1, 38, -1, 86, 111, + 84, 148, -1, 138, -1, 33, -1, 78, -1, 61, + -1, 36, -1, 10, -1, 79, -1, 141, -1, 139, + 91, 141, -1, 139, 91, 85, -1, 86, 111, -1, + 140, -1, 140, 54, -1, 140, 20, 148, -1, 143, + -1, 142, 91, 143, -1, 86, 92, 89, 93, -1, + 145, -1, -1, 94, 146, 95, -1, -1, 147, 146, + -1, 86, 92, 89, 93, -1, 86, -1, 89, -1, + 149, -1, 150, -1, 154, -1, 153, -1, 155, -1, + 158, -1, 157, -1, 151, -1, 152, -1, 86, -1, + 88, -1, 71, -1, 31, -1, 156, -1, 89, -1, + 49, -1, 145, -1 }; /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ -static const unsigned char yyrline[] = +static const unsigned short yyrline[] = { - 0, 85, 85, 88, 89, 92, 93, 94, 97, 102, - 109, 113, 122, 131, 132, 140, 145, 146, 151, 152, - 153, 154, 155, 156, 161, 166, 171, 176, 185, 191, - 194, 195, 196, 197, 200, 215, 217, 219, 224, 227, - 229, 233, 234, 235, 236, 239, 252, 253, 254 + 0, 222, 222, 229, 230, 232, 234, 237, 239, 242, + 243, 246, 247, 250, 251, 254, 255, 258, 269, 270, + 273, 274, 277, 283, 291, 301, 302, 305, 306, 307, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, + 318, 321, 328, 338, 343, 350, 358, 364, 369, 373, + 386, 394, 397, 404, 412, 418, 425, 432, 438, 446, + 454, 460, 468, 476, 483, 484, 487, 498, 503, 510, + 523, 532, 535, 539, 543, 550, 553, 557, 564, 575, + 578, 583, 588, 593, 598, 603, 611, 617, 622, 633, + 644, 650, 656, 664, 670, 677, 690, 691, 694, 701, + 704, 715, 719, 730, 736, 737, 740, 741, 742, 743, + 744, 747, 750, 753, 764, 772, 778, 786, 794, 797, + 802 }; #endif @@ -382,50 +550,97 @@ static const unsigned char yyrline[] = First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { - "$end", "error", "$undefined", "INTEGER", "SEQUENCE", "CHOICE", "OF", - "OCTET", "STRING", "GeneralizedTime", "GeneralString", "BIT", - "APPLICATION", "OPTIONAL", "EEQUAL", "TBEGIN", "END", "DEFINITIONS", - "ENUMERATED", "UTF8String", "NULLTYPE", "EXTERNAL", "DEFAULT", "DOTDOT", - "DOTDOTDOT", "BOOLEAN", "IMPORTS", "FROM", "OBJECT", "IDENTIFIER", - "IDENT", "CONSTANT", "','", "';'", "'('", "')'", "'{'", "'}'", "'['", - "']'", "'\"'", "'-'", "$accept", "envelope", "specification", - "declaration", "referencenames", "imports_decl", "type_decl", - "constant_decl", "type", "memberdecls", "memberdeclstart", "memberdecl", - "optional2", "defvalue", "bitdecls", "bitdecl", "constant", 0 + "$end", "error", "$undefined", "kw_ABSENT", "kw_ABSTRACT_SYNTAX", + "kw_ALL", "kw_APPLICATION", "kw_AUTOMATIC", "kw_BEGIN", "kw_BIT", + "kw_BMPString", "kw_BOOLEAN", "kw_BY", "kw_CHARACTER", "kw_CHOICE", + "kw_CLASS", "kw_COMPONENT", "kw_COMPONENTS", "kw_CONSTRAINED", + "kw_CONTAINING", "kw_DEFAULT", "kw_DEFINITIONS", "kw_EMBEDDED", + "kw_ENCODED", "kw_END", "kw_ENUMERATED", "kw_EXCEPT", "kw_EXPLICIT", + "kw_EXPORTS", "kw_EXTENSIBILITY", "kw_EXTERNAL", "kw_FALSE", "kw_FROM", + "kw_GeneralString", "kw_GeneralizedTime", "kw_GraphicString", + "kw_IA5String", "kw_IDENTIFIER", "kw_IMPLICIT", "kw_IMPLIED", + "kw_IMPORTS", "kw_INCLUDES", "kw_INSTANCE", "kw_INTEGER", + "kw_INTERSECTION", "kw_ISO646String", "kw_MAX", "kw_MIN", + "kw_MINUS_INFINITY", "kw_NULL", "kw_NumericString", "kw_OBJECT", + "kw_OCTET", "kw_OF", "kw_OPTIONAL", "kw_ObjectDescriptor", "kw_PATTERN", + "kw_PDV", "kw_PLUS_INFINITY", "kw_PRESENT", "kw_PRIVATE", + "kw_PrintableString", "kw_REAL", "kw_RELATIVE_OID", "kw_SEQUENCE", + "kw_SET", "kw_SIZE", "kw_STRING", "kw_SYNTAX", "kw_T61String", "kw_TAGS", + "kw_TRUE", "kw_TYPE_IDENTIFIER", "kw_TeletexString", "kw_UNION", + "kw_UNIQUE", "kw_UNIVERSAL", "kw_UTCTime", "kw_UTF8String", + "kw_UniversalString", "kw_VideotexString", "kw_VisibleString", "kw_WITH", + "RANGE", "EEQUAL", "ELLIPSIS", "IDENTIFIER", "referencename", "STRING", + "NUMBER", "';'", "','", "'('", "')'", "'{'", "'}'", "'['", "']'", + "$accept", "ModuleDefinition", "TagDefault", "ExtensionDefault", + "ModuleBody", "Imports", "SymbolsImported", "SymbolsFromModuleList", + "SymbolsFromModule", "AssignmentList", "Assignment", "referencenames", + "TypeAssignment", "Type", "BuiltinType", "BooleanType", "range", + "IntegerType", "NamedNumberList", "NamedNumber", "EnumeratedType", + "Enumerations", "BitStringType", "ObjectIdentifierType", + "OctetStringType", "NullType", "SequenceType", "SequenceOfType", + "SetType", "SetOfType", "ChoiceType", "ReferencedType", "DefinedType", + "UsefulType", "TaggedType", "Tag", "Class", "tagenv", "ValueAssignment", + "CharacterStringType", "RestrictedCharactedStringType", + "ComponentTypeList", "NamedType", "ComponentType", "NamedBitList", + "NamedBit", "objid_opt", "objid", "objid_list", "objid_element", "Value", + "BuiltinValue", "ReferencedValue", "DefinedValue", "Valuereference", + "CharacterStringValue", "BooleanValue", "IntegerValue", "SignedNumber", + "NullValue", "ObjectIdentifierValue", 0 }; #endif # ifdef YYPRINT /* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to token YYLEX-NUM. */ -static const unsigned short int yytoknum[] = +static const unsigned short yytoknum[] = { 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, - 285, 286, 44, 59, 40, 41, 123, 125, 91, 93, - 34, 45 + 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, + 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, + 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, + 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 59, 44, 40, 41, 123, 125, 91, 93 }; # endif /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const unsigned char yyr1[] = { - 0, 42, 43, 44, 44, 45, 45, 45, 46, 46, - 47, 48, 49, 50, 50, 50, 50, 50, 50, 50, - 50, 50, 50, 50, 50, 50, 50, 50, 50, 50, - 51, 51, 51, 51, 52, 53, 53, 53, 54, 55, - 55, 56, 56, 56, 56, 57, 58, 58, 58 + 0, 98, 99, 100, 100, 100, 100, 101, 101, 102, + 102, 103, 103, 104, 104, 105, 105, 106, 107, 107, + 108, 108, 109, 109, 110, 111, 111, 112, 112, 112, + 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, + 112, 113, 114, 115, 115, 115, 116, 116, 116, 117, + 118, 119, 120, 120, 121, 122, 123, 124, 124, 125, + 126, 126, 127, 128, 129, 129, 130, 131, 131, 132, + 133, 134, 134, 134, 134, 135, 135, 135, 136, 137, + 138, 138, 138, 138, 138, 138, 139, 139, 139, 140, + 141, 141, 141, 142, 142, 143, 144, 144, 145, 146, + 146, 147, 147, 147, 148, 148, 149, 149, 149, 149, + 149, 150, 151, 152, 153, 154, 154, 155, 156, 157, + 158 }; /* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ static const unsigned char yyr2[] = { - 0, 2, 6, 0, 2, 1, 1, 1, 3, 1, - 5, 3, 4, 1, 6, 4, 2, 4, 2, 1, - 1, 1, 1, 3, 4, 4, 5, 1, 5, 1, - 0, 1, 3, 3, 5, 2, 2, 1, 1, 2, - 4, 0, 1, 3, 3, 4, 1, 2, 1 + 0, 2, 8, 2, 2, 2, 0, 2, 0, 2, + 0, 3, 0, 1, 0, 1, 2, 4, 1, 2, + 1, 1, 3, 1, 3, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 5, 1, 2, 4, 1, 3, 3, 4, + 4, 1, 2, 5, 2, 2, 1, 4, 3, 3, + 4, 3, 3, 4, 1, 1, 1, 1, 1, 3, + 4, 0, 1, 1, 1, 0, 1, 1, 4, 1, + 1, 1, 1, 1, 1, 1, 1, 3, 3, 2, + 1, 2, 3, 1, 3, 4, 1, 0, 3, 0, + 2, 4, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1 }; /* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state @@ -433,98 +648,145 @@ static const unsigned char yyr2[] = means the default is an error. */ static const unsigned char yydefact[] = { - 0, 0, 0, 0, 1, 0, 3, 0, 2, 0, - 0, 4, 5, 6, 7, 9, 0, 13, 0, 0, - 0, 22, 19, 0, 0, 0, 20, 21, 29, 0, - 27, 0, 0, 0, 0, 0, 41, 0, 30, 30, - 18, 0, 11, 41, 16, 0, 0, 8, 0, 48, - 46, 0, 0, 0, 0, 42, 23, 0, 0, 37, - 31, 0, 41, 0, 0, 12, 10, 47, 0, 0, - 0, 15, 0, 0, 24, 38, 0, 35, 36, 25, - 0, 17, 0, 0, 0, 43, 44, 0, 32, 33, - 0, 39, 26, 28, 14, 45, 0, 0, 34, 40 + 0, 0, 0, 6, 1, 0, 0, 0, 8, 5, + 3, 4, 0, 0, 7, 0, 10, 14, 0, 0, + 23, 0, 13, 15, 0, 2, 0, 9, 18, 20, + 21, 0, 11, 16, 0, 0, 84, 41, 0, 0, + 80, 67, 83, 43, 56, 0, 0, 82, 0, 0, + 68, 81, 85, 0, 66, 71, 0, 25, 28, 32, + 31, 27, 34, 35, 33, 36, 37, 38, 39, 30, + 26, 64, 65, 40, 75, 29, 79, 19, 22, 97, + 52, 0, 0, 0, 0, 44, 54, 55, 0, 0, + 0, 0, 24, 73, 74, 72, 0, 0, 76, 77, + 0, 99, 17, 96, 0, 0, 0, 90, 86, 0, + 51, 46, 0, 116, 119, 115, 113, 114, 118, 120, + 0, 104, 105, 111, 112, 107, 106, 108, 117, 110, + 109, 0, 59, 58, 0, 62, 61, 0, 0, 78, + 69, 102, 103, 0, 99, 0, 0, 93, 89, 0, + 63, 0, 91, 0, 0, 50, 0, 45, 57, 60, + 70, 0, 98, 100, 0, 0, 53, 88, 87, 92, + 0, 48, 47, 0, 0, 0, 94, 49, 42, 101, + 95 }; /* YYDEFGOTO[NTERM-NUM]. */ -static const yysigned_char yydefgoto[] = +static const short yydefgoto[] = { - -1, 2, 7, 11, 16, 12, 13, 14, 32, 58, - 59, 60, 77, 78, 54, 55, 52 + -1, 2, 8, 13, 18, 19, 21, 22, 23, 27, + 28, 24, 29, 56, 57, 58, 85, 59, 110, 111, + 60, 112, 61, 62, 63, 64, 65, 66, 67, 68, + 69, 70, 71, 72, 73, 74, 96, 100, 30, 75, + 76, 106, 107, 108, 146, 147, 102, 119, 143, 144, + 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, + 130 }; /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing STATE-NUM. */ -#define YYPACT_NINF -38 +#define YYPACT_NINF -94 static const yysigned_char yypact[] = { - -26, 12, 22, 16, -38, 32, -38, 5, -38, 20, - -2, -38, -38, -38, -38, 27, 41, 42, 13, 45, - 69, -38, -38, 71, 35, 46, -38, -38, -38, 54, - -38, 72, 73, 20, 55, 26, 56, 35, 58, 58, - -38, 53, -38, 56, -38, 26, 26, -38, 57, -38, - -38, 60, 70, 61, -5, -38, -38, 59, 11, 2, - -38, 34, 56, 37, 62, -38, -38, -38, 26, 26, - -10, -38, 26, 40, -38, -38, 21, -38, -38, -38, - 43, -38, 35, 63, 64, -38, -38, 65, -38, -38, - 66, -38, -38, -38, -38, -38, 35, 52, -38, -38 + -49, 5, 60, 3, -94, -6, 1, 10, 43, -94, + -94, -94, 42, -2, -94, 76, -33, 0, 64, 4, + 7, 9, 0, -94, 61, -94, -9, -94, 4, -94, + -94, 0, -94, -94, 14, 28, -94, -94, 12, 13, + -94, -94, -94, -56, -94, 66, 41, -94, -50, -47, + -94, -94, -94, 40, -94, 2, 25, -94, -94, -94, + -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, + -94, -94, -94, -94, -18, -94, -94, -94, -94, 16, + 17, 26, 27, 8, 27, -94, -94, -94, 40, -73, + 40, -72, -94, -94, -94, -94, 34, 8, -94, -94, + 40, -41, -94, -94, 29, 40, -80, -8, -94, 22, + 30, -94, 21, -94, -94, -94, -94, -94, -94, -94, + 44, -94, -94, -94, -94, -94, -94, -94, -94, -94, + -94, -74, -94, -94, -63, -94, -94, -62, 31, -94, + -94, 33, -94, 35, -41, 37, -60, -94, -94, -67, + -94, 8, -94, 45, -19, -94, 8, -94, -94, -94, + -94, 46, -94, -94, 49, 29, -94, -94, -94, -94, + 38, -94, -94, 47, 48, 50, -94, -94, -94, -94, + -94 }; /* YYPGOTO[NTERM-NUM]. */ static const yysigned_char yypgoto[] = { - -38, -38, -38, -38, 67, -38, -38, -38, -24, 68, - -38, 29, -38, -38, -37, 24, -35 + -94, -94, -94, -94, -94, -94, -94, -94, 102, 105, + -94, 108, -94, 32, -94, -94, -94, -94, 58, -10, + -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, + -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, + -94, -30, -94, -4, -94, -17, -94, 67, 6, -94, + -93, -94, -94, -94, -94, -94, -94, -94, -1, -94, + -94 }; /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If positive, shift that token. If negative, reduce the rule which number is the opposite. If zero, do what YYDEFACT says. If YYTABLE_NINF, syntax error. */ -#define YYTABLE_NINF -1 -static const unsigned char yytable[] = +#define YYTABLE_NINF -13 +static const short yytable[] = { - 42, 17, 18, 19, 1, 20, 63, 21, 22, 23, - 64, 65, 24, 56, 85, 75, 25, 26, 27, 37, - 53, 8, 4, 28, 76, 80, 29, 70, 30, 3, - 5, 9, 71, 83, 84, 10, 31, 87, 17, 18, - 19, 91, 20, 73, 21, 22, 23, 6, 74, 38, - 15, 49, 50, 25, 26, 27, 49, 50, 93, 33, - 28, 90, 51, 29, 88, 30, 73, 51, 34, 70, - 57, 79, 98, 31, 81, 70, 35, 40, 36, 41, - 92, 39, 43, 44, 45, 48, 53, 46, 57, 62, - 66, 67, 99, 68, 86, 69, 97, 72, 94, 95, - 47, 82, 89, 0, 96, 0, 0, 61 + 35, 36, 37, 88, 139, 38, 90, 17, 93, 98, + 5, 149, 151, 105, 105, 150, 39, 154, 167, 105, + 99, 157, 133, 136, 40, 41, 3, 42, 149, 149, + 6, 165, 158, 159, 43, 166, 83, 1, 84, 113, + 44, 7, 45, 46, 89, 141, 152, 91, 142, 35, + 36, 37, 47, -12, 38, 48, 49, 114, 169, 134, + 4, 137, 94, 173, 9, 39, 171, 109, 50, 51, + 52, 10, 12, 40, 41, 53, 42, 54, 95, 115, + 11, 14, 15, 43, 16, 92, 20, 55, 25, 44, + 26, 45, 46, 34, 116, 80, 117, 118, 31, 32, + 79, 47, 101, 86, 48, 49, 81, 82, 87, 97, + 101, 104, 105, 109, 153, 145, 155, 50, 51, 52, + 132, 154, 135, 138, 33, 161, 54, 156, 160, 164, + 162, 177, 140, 77, 118, 174, 55, 148, 175, 78, + 178, 179, 131, 180, 172, 168, 103, 0, 176, 0, + 163, 0, 170 }; -static const yysigned_char yycheck[] = +static const short yycheck[] = { - 24, 3, 4, 5, 30, 7, 43, 9, 10, 11, - 45, 46, 14, 37, 24, 13, 18, 19, 20, 6, - 30, 16, 0, 25, 22, 62, 28, 32, 30, 17, - 14, 26, 37, 68, 69, 30, 38, 72, 3, 4, - 5, 76, 7, 32, 9, 10, 11, 15, 37, 36, - 30, 30, 31, 18, 19, 20, 30, 31, 82, 32, - 25, 40, 41, 28, 24, 30, 32, 41, 27, 32, - 30, 37, 96, 38, 37, 32, 34, 8, 36, 8, - 37, 36, 36, 29, 12, 30, 30, 14, 30, 36, - 33, 31, 40, 23, 70, 34, 30, 38, 35, 35, - 33, 39, 73, -1, 39, -1, -1, 39 + 9, 10, 11, 53, 97, 14, 53, 40, 6, 27, + 7, 91, 20, 86, 86, 95, 25, 91, 85, 86, + 38, 95, 95, 95, 33, 34, 21, 36, 91, 91, + 27, 91, 95, 95, 43, 95, 92, 86, 94, 31, + 49, 38, 51, 52, 94, 86, 54, 94, 89, 9, + 10, 11, 61, 86, 14, 64, 65, 49, 151, 89, + 0, 91, 60, 156, 70, 25, 85, 86, 77, 78, + 79, 70, 29, 33, 34, 84, 36, 86, 76, 71, + 70, 39, 84, 43, 8, 53, 86, 96, 24, 49, + 86, 51, 52, 32, 86, 67, 88, 89, 91, 90, + 86, 61, 94, 37, 64, 65, 94, 94, 67, 84, + 94, 94, 86, 86, 92, 86, 95, 77, 78, 79, + 88, 91, 90, 89, 22, 92, 86, 83, 97, 92, + 95, 93, 100, 28, 89, 89, 96, 105, 89, 31, + 93, 93, 84, 93, 154, 149, 79, -1, 165, -1, + 144, -1, 153 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const unsigned char yystos[] = { - 0, 30, 43, 17, 0, 14, 15, 44, 16, 26, - 30, 45, 47, 48, 49, 30, 46, 3, 4, 5, - 7, 9, 10, 11, 14, 18, 19, 20, 25, 28, - 30, 38, 50, 32, 27, 34, 36, 6, 36, 36, - 8, 8, 50, 36, 29, 12, 14, 46, 30, 30, - 31, 41, 58, 30, 56, 57, 50, 30, 51, 52, - 53, 51, 36, 56, 58, 58, 33, 31, 23, 34, - 32, 37, 38, 32, 37, 13, 22, 54, 55, 37, - 56, 37, 39, 58, 58, 24, 57, 58, 24, 53, - 40, 58, 37, 50, 35, 35, 39, 30, 50, 40 + 0, 86, 99, 21, 0, 7, 27, 38, 100, 70, + 70, 70, 29, 101, 39, 84, 8, 40, 102, 103, + 86, 104, 105, 106, 109, 24, 86, 107, 108, 110, + 136, 91, 90, 106, 32, 9, 10, 11, 14, 25, + 33, 34, 36, 43, 49, 51, 52, 61, 64, 65, + 77, 78, 79, 84, 86, 96, 111, 112, 113, 115, + 118, 120, 121, 122, 123, 124, 125, 126, 127, 128, + 129, 130, 131, 132, 133, 137, 138, 107, 109, 86, + 67, 94, 94, 92, 94, 114, 37, 67, 53, 94, + 53, 94, 111, 6, 60, 76, 134, 84, 27, 38, + 135, 94, 144, 145, 94, 86, 139, 140, 141, 86, + 116, 117, 119, 31, 49, 71, 86, 88, 89, 145, + 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, + 158, 116, 111, 95, 139, 111, 95, 139, 89, 148, + 111, 86, 89, 146, 147, 86, 142, 143, 111, 91, + 95, 20, 54, 92, 91, 95, 83, 95, 95, 95, + 97, 92, 95, 146, 92, 91, 95, 85, 141, 148, + 156, 85, 117, 148, 89, 89, 143, 93, 93, 93, + 93 }; #if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) @@ -638,12 +900,12 @@ do { \ #if defined (__STDC__) || defined (__cplusplus) static void -yy_stack_print (short int *bottom, short int *top) +yy_stack_print (short *bottom, short *top) #else static void yy_stack_print (bottom, top) - short int *bottom; - short int *top; + short *bottom; + short *top; #endif { YYFPRINTF (stderr, "Stack now"); @@ -910,9 +1172,9 @@ yyparse () to reallocate them elsewhere. */ /* The state stack. */ - short int yyssa[YYINITDEPTH]; - short int *yyss = yyssa; - register short int *yyssp; + short yyssa[YYINITDEPTH]; + short *yyss = yyssa; + register short *yyssp; /* The semantic value stack. */ YYSTYPE yyvsa[YYINITDEPTH]; @@ -949,7 +1211,6 @@ yyparse () yyssp = yyss; yyvsp = yyvs; - goto yysetstate; /*------------------------------------------------------------. @@ -975,7 +1236,7 @@ yyparse () these so that the &'s don't force the real ones into memory. */ YYSTYPE *yyvs1 = yyvs; - short int *yyss1 = yyss; + short *yyss1 = yyss; /* Each stack pointer address is followed by the size of the @@ -1003,7 +1264,7 @@ yyparse () yystacksize = YYMAXDEPTH; { - short int *yyss1 = yyss; + short *yyss1 = yyss; union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) @@ -1136,298 +1397,650 @@ yyreduce: switch (yyn) { case 2: -#line 85 "parse.y" - {} +#line 224 "parse.y" + { + checkundefined(); + } break; - case 8: -#line 98 "parse.y" - { - Symbol *s = addsym(yyvsp[-2].name); + case 4: +#line 231 "parse.y" + { error_message("implicit tagging is not supported"); } + break; + + case 5: +#line 233 "parse.y" + { error_message("automatic tagging is not supported"); } + break; + + case 7: +#line 238 "parse.y" + { error_message("no extensibility options supported"); } + break; + + case 17: +#line 259 "parse.y" + { + struct string_list *sl; + for(sl = yyvsp[-3].sl; sl != NULL; sl = sl->next) { + Symbol *s = addsym(sl->string); s->stype = Stype; + } + add_import(yyvsp[-1].name); } break; - case 9: -#line 103 "parse.y" + case 22: +#line 278 "parse.y" { - Symbol *s = addsym(yyvsp[0].name); - s->stype = Stype; + yyval.sl = emalloc(sizeof(*yyval.sl)); + yyval.sl->string = yyvsp[-2].name; + yyval.sl->next = yyvsp[0].sl; } break; - case 10: -#line 110 "parse.y" - { add_import(yyvsp[-1].name); } + case 23: +#line 284 "parse.y" + { + yyval.sl = emalloc(sizeof(*yyval.sl)); + yyval.sl->string = yyvsp[0].name; + yyval.sl->next = NULL; + } break; - case 11: -#line 114 "parse.y" + case 24: +#line 292 "parse.y" { - Symbol *s = addsym (yyvsp[-2].name); - s->stype = Stype; - s->type = yyvsp[0].type; - generate_type (s); + Symbol *s = addsym (yyvsp[-2].name); + s->stype = Stype; + s->type = yyvsp[0].type; + fix_labels(s); + generate_type (s); } break; - case 12: -#line 123 "parse.y" + case 41: +#line 322 "parse.y" { - Symbol *s = addsym (yyvsp[-3].name); - s->stype = SConstant; - s->constant = yyvsp[0].constant; - generate_constant (s); + yyval.type = new_tag(ASN1_C_UNIV, UT_Boolean, + TE_EXPLICIT, new_type(TBoolean)); } break; - case 13: -#line 131 "parse.y" - { yyval.type = new_type(TInteger); } + case 42: +#line 329 "parse.y" + { + if(yyvsp[-3].value->type != integervalue || + yyvsp[-1].value->type != integervalue) + error_message("Non-integer value used in range"); + yyval.range.min = yyvsp[-3].value->u.integervalue; + yyval.range.max = yyvsp[-1].value->u.integervalue; + } break; - case 14: -#line 132 "parse.y" + case 43: +#line 339 "parse.y" { - if(yyvsp[-3].constant != 0) - error_message("Only 0 supported as low range"); - if(yyvsp[-1].constant != INT_MIN && yyvsp[-1].constant != UINT_MAX && yyvsp[-1].constant != INT_MAX) - error_message("Only %u supported as high range", - UINT_MAX); - yyval.type = new_type(TUInteger); + yyval.type = new_tag(ASN1_C_UNIV, UT_Integer, + TE_EXPLICIT, new_type(TInteger)); } break; - case 15: -#line 141 "parse.y" + case 44: +#line 344 "parse.y" { yyval.type = new_type(TInteger); - yyval.type->members = yyvsp[-1].member; - } + yyval.type->range = emalloc(sizeof(*yyval.type->range)); + *(yyval.type->range) = yyvsp[0].range; + yyval.type = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, yyval.type); + } + break; + + case 45: +#line 351 "parse.y" + { + yyval.type = new_type(TInteger); + yyval.type->members = yyvsp[-1].members; + yyval.type = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, yyval.type); + } break; - case 16: -#line 145 "parse.y" - { yyval.type = new_type(TOID); } + case 46: +#line 359 "parse.y" + { + yyval.members = emalloc(sizeof(*yyval.members)); + ASN1_TAILQ_INIT(yyval.members); + ASN1_TAILQ_INSERT_HEAD(yyval.members, yyvsp[0].member, members); + } break; - case 17: -#line 147 "parse.y" + case 47: +#line 365 "parse.y" + { + ASN1_TAILQ_INSERT_TAIL(yyvsp[-2].members, yyvsp[0].member, members); + yyval.members = yyvsp[-2].members; + } + break; + + case 48: +#line 370 "parse.y" + { yyval.members = yyvsp[-2].members; } + break; + + case 49: +#line 374 "parse.y" { - yyval.type = new_type(TEnumerated); - yyval.type->members = yyvsp[-1].member; + yyval.member = emalloc(sizeof(*yyval.member)); + yyval.member->name = yyvsp[-3].name; + yyval.member->gen_name = estrdup(yyvsp[-3].name); + output_name (yyval.member->gen_name); + yyval.member->val = yyvsp[-1].constant; + yyval.member->optional = 0; + yyval.member->ellipsis = 0; + yyval.member->type = NULL; } break; - case 18: -#line 151 "parse.y" - { yyval.type = new_type(TOctetString); } + case 50: +#line 387 "parse.y" + { + yyval.type = new_type(TInteger); + yyval.type->members = yyvsp[-1].members; + yyval.type = new_tag(ASN1_C_UNIV, UT_Enumerated, TE_EXPLICIT, yyval.type); + } break; - case 19: -#line 152 "parse.y" - { yyval.type = new_type(TGeneralString); } + case 52: +#line 398 "parse.y" + { + yyval.type = new_type(TBitString); + yyval.type->members = emalloc(sizeof(*yyval.type->members)); + ASN1_TAILQ_INIT(yyval.type->members); + yyval.type = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, yyval.type); + } break; - case 20: -#line 153 "parse.y" - { yyval.type = new_type(TUTF8String); } + case 53: +#line 405 "parse.y" + { + yyval.type = new_type(TBitString); + yyval.type->members = yyvsp[-1].members; + yyval.type = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, yyval.type); + } break; - case 21: -#line 154 "parse.y" - { yyval.type = new_type(TNull); } + case 54: +#line 413 "parse.y" + { + yyval.type = new_tag(ASN1_C_UNIV, UT_OID, + TE_EXPLICIT, new_type(TOID)); + } break; - case 22: -#line 155 "parse.y" - { yyval.type = new_type(TGeneralizedTime); } + case 55: +#line 419 "parse.y" + { + yyval.type = new_tag(ASN1_C_UNIV, UT_OctetString, + TE_EXPLICIT, new_type(TOctetString)); + } break; - case 23: -#line 157 "parse.y" + case 56: +#line 426 "parse.y" + { + yyval.type = new_tag(ASN1_C_UNIV, UT_Null, + TE_EXPLICIT, new_type(TNull)); + } + break; + + case 57: +#line 433 "parse.y" + { + yyval.type = new_type(TSequence); + yyval.type->members = yyvsp[-1].members; + yyval.type = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, yyval.type); + } + break; + + case 58: +#line 439 "parse.y" + { + yyval.type = new_type(TSequence); + yyval.type->members = NULL; + yyval.type = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, yyval.type); + } + break; + + case 59: +#line 447 "parse.y" { yyval.type = new_type(TSequenceOf); yyval.type->subtype = yyvsp[0].type; + yyval.type = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, yyval.type); } break; - case 24: -#line 162 "parse.y" + case 60: +#line 455 "parse.y" { - yyval.type = new_type(TSequence); - yyval.type->members = yyvsp[-1].member; + yyval.type = new_type(TSet); + yyval.type->members = yyvsp[-1].members; + yyval.type = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, yyval.type); } break; - case 25: -#line 167 "parse.y" + case 61: +#line 461 "parse.y" { - yyval.type = new_type(TChoice); - yyval.type->members = yyvsp[-1].member; + yyval.type = new_type(TSet); + yyval.type->members = NULL; + yyval.type = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, yyval.type); } break; - case 26: -#line 172 "parse.y" + case 62: +#line 469 "parse.y" { - yyval.type = new_type(TBitString); - yyval.type->members = yyvsp[-1].member; + yyval.type = new_type(TSetOf); + yyval.type->subtype = yyvsp[0].type; + yyval.type = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, yyval.type); } break; - case 27: -#line 177 "parse.y" + case 63: +#line 477 "parse.y" + { + yyval.type = new_type(TChoice); + yyval.type->members = yyvsp[-1].members; + } + break; + + case 66: +#line 488 "parse.y" { Symbol *s = addsym(yyvsp[0].name); yyval.type = new_type(TType); - if(s->stype != Stype) + if(s->stype != Stype && s->stype != SUndefined) error_message ("%s is not a type\n", yyvsp[0].name); else yyval.type->symbol = s; } break; - case 28: -#line 186 "parse.y" + case 67: +#line 499 "parse.y" { - yyval.type = new_type(TApplication); - yyval.type->subtype = yyvsp[0].type; - yyval.type->application = yyvsp[-2].constant; + yyval.type = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, + TE_EXPLICIT, new_type(TGeneralizedTime)); } break; - case 29: -#line 191 "parse.y" - { yyval.type = new_type(TBoolean); } + case 68: +#line 504 "parse.y" + { + yyval.type = new_tag(ASN1_C_UNIV, UT_UTCTime, + TE_EXPLICIT, new_type(TUTCTime)); + } break; - case 30: -#line 194 "parse.y" - { yyval.member = NULL; } + case 69: +#line 511 "parse.y" + { + yyval.type = new_type(TTag); + yyval.type->tag = yyvsp[-2].tag; + yyval.type->tag.tagenv = yyvsp[-1].constant; + if(yyvsp[0].type->type == TTag && yyvsp[-1].constant == TE_IMPLICIT) { + yyval.type->subtype = yyvsp[0].type->subtype; + free(yyvsp[0].type); + } else + yyval.type->subtype = yyvsp[0].type; + } break; - case 31: -#line 195 "parse.y" - { yyval.member = yyvsp[0].member; } + case 70: +#line 524 "parse.y" + { + yyval.tag.tagclass = yyvsp[-2].constant; + yyval.tag.tagvalue = yyvsp[-1].constant; + yyval.tag.tagenv = TE_EXPLICIT; + } break; - case 32: -#line 196 "parse.y" - { yyval.member = yyvsp[-2].member; } + case 71: +#line 532 "parse.y" + { + yyval.constant = ASN1_C_CONTEXT; + } break; - case 33: -#line 197 "parse.y" - { yyval.member = yyvsp[-2].member; append(yyval.member, yyvsp[0].member); } + case 72: +#line 536 "parse.y" + { + yyval.constant = ASN1_C_UNIV; + } break; - case 34: -#line 201 "parse.y" + case 73: +#line 540 "parse.y" { - yyval.member = malloc(sizeof(*yyval.member)); - yyval.member->name = yyvsp[-4].name; - yyval.member->gen_name = strdup(yyvsp[-4].name); - output_name (yyval.member->gen_name); - yyval.member->val = yyvsp[-2].constant; - yyval.member->optional = 0; - yyval.member->defval = NULL; - yyval.member->type = yyvsp[0].type; - yyval.member->next = yyval.member->prev = yyval.member; + yyval.constant = ASN1_C_APPL; } break; - case 35: -#line 216 "parse.y" - { yyvsp[-1].member->optional = yyvsp[0].constant ; yyval.member = yyvsp[-1].member; } + case 74: +#line 544 "parse.y" + { + yyval.constant = ASN1_C_PRIVATE; + } break; - case 36: -#line 218 "parse.y" - { yyvsp[-1].member->defval = yyvsp[0].defval ; yyval.member = yyvsp[-1].member; } + case 75: +#line 550 "parse.y" + { + yyval.constant = TE_EXPLICIT; + } break; - case 37: -#line 220 "parse.y" - { yyval.member = yyvsp[0].member; } + case 76: +#line 554 "parse.y" + { + yyval.constant = TE_EXPLICIT; + } break; - case 38: -#line 224 "parse.y" - { yyval.constant = 1; } + case 77: +#line 558 "parse.y" + { + yyval.constant = TE_IMPLICIT; + } break; - case 39: -#line 228 "parse.y" - { asprintf(&yyval.defval, "%d", yyvsp[0].constant); } + case 78: +#line 565 "parse.y" + { + Symbol *s; + s = addsym (yyvsp[-3].name); + + s->stype = SValue; + s->value = yyvsp[0].value; + generate_constant (s); + } break; - case 40: -#line 230 "parse.y" - { yyval.defval = strdup (yyvsp[-1].name); } + case 80: +#line 579 "parse.y" + { + yyval.type = new_tag(ASN1_C_UNIV, UT_GeneralString, + TE_EXPLICIT, new_type(TGeneralString)); + } break; - case 41: -#line 233 "parse.y" - { yyval.member = NULL; } + case 81: +#line 584 "parse.y" + { + yyval.type = new_tag(ASN1_C_UNIV, UT_UTF8String, + TE_EXPLICIT, new_type(TUTF8String)); + } break; - case 42: -#line 234 "parse.y" - { yyval.member = yyvsp[0].member; } + case 82: +#line 589 "parse.y" + { + yyval.type = new_tag(ASN1_C_UNIV, UT_PrintableString, + TE_EXPLICIT, new_type(TPrintableString)); + } break; - case 43: -#line 235 "parse.y" - { yyval.member = yyvsp[-2].member; } + case 83: +#line 594 "parse.y" + { + yyval.type = new_tag(ASN1_C_UNIV, UT_IA5String, + TE_EXPLICIT, new_type(TIA5String)); + } break; - case 44: -#line 236 "parse.y" - { yyval.member = yyvsp[-2].member; append(yyval.member, yyvsp[0].member); } + case 84: +#line 599 "parse.y" + { + yyval.type = new_tag(ASN1_C_UNIV, UT_BMPString, + TE_EXPLICIT, new_type(TBMPString)); + } break; - case 45: -#line 240 "parse.y" + case 85: +#line 604 "parse.y" + { + yyval.type = new_tag(ASN1_C_UNIV, UT_UniversalString, + TE_EXPLICIT, new_type(TUniversalString)); + } + break; + + case 86: +#line 612 "parse.y" + { + yyval.members = emalloc(sizeof(*yyval.members)); + ASN1_TAILQ_INIT(yyval.members); + ASN1_TAILQ_INSERT_HEAD(yyval.members, yyvsp[0].member, members); + } + break; + + case 87: +#line 618 "parse.y" { - yyval.member = malloc(sizeof(*yyval.member)); + ASN1_TAILQ_INSERT_TAIL(yyvsp[-2].members, yyvsp[0].member, members); + yyval.members = yyvsp[-2].members; + } + break; + + case 88: +#line 623 "parse.y" + { + struct member *m = ecalloc(1, sizeof(*m)); + m->name = estrdup("..."); + m->gen_name = estrdup("asn1_ellipsis"); + m->ellipsis = 1; + ASN1_TAILQ_INSERT_TAIL(yyvsp[-2].members, m, members); + yyval.members = yyvsp[-2].members; + } + break; + + case 89: +#line 634 "parse.y" + { + yyval.member = emalloc(sizeof(*yyval.member)); + yyval.member->name = yyvsp[-1].name; + yyval.member->gen_name = estrdup(yyvsp[-1].name); + output_name (yyval.member->gen_name); + yyval.member->type = yyvsp[0].type; + yyval.member->ellipsis = 0; + } + break; + + case 90: +#line 645 "parse.y" + { + yyval.member = yyvsp[0].member; + yyval.member->optional = 0; + yyval.member->defval = NULL; + } + break; + + case 91: +#line 651 "parse.y" + { + yyval.member = yyvsp[-1].member; + yyval.member->optional = 1; + yyval.member->defval = NULL; + } + break; + + case 92: +#line 657 "parse.y" + { + yyval.member = yyvsp[-2].member; + yyval.member->optional = 0; + yyval.member->defval = yyvsp[0].value; + } + break; + + case 93: +#line 665 "parse.y" + { + yyval.members = emalloc(sizeof(*yyval.members)); + ASN1_TAILQ_INIT(yyval.members); + ASN1_TAILQ_INSERT_HEAD(yyval.members, yyvsp[0].member, members); + } + break; + + case 94: +#line 671 "parse.y" + { + ASN1_TAILQ_INSERT_TAIL(yyvsp[-2].members, yyvsp[0].member, members); + yyval.members = yyvsp[-2].members; + } + break; + + case 95: +#line 678 "parse.y" + { + yyval.member = emalloc(sizeof(*yyval.member)); yyval.member->name = yyvsp[-3].name; - yyval.member->gen_name = strdup(yyvsp[-3].name); + yyval.member->gen_name = estrdup(yyvsp[-3].name); output_name (yyval.member->gen_name); yyval.member->val = yyvsp[-1].constant; yyval.member->optional = 0; + yyval.member->ellipsis = 0; yyval.member->type = NULL; - yyval.member->prev = yyval.member->next = yyval.member; } break; - case 46: -#line 252 "parse.y" - { yyval.constant = yyvsp[0].constant; } + case 97: +#line 691 "parse.y" + { yyval.objid = NULL; } break; - case 47: -#line 253 "parse.y" - { yyval.constant = -yyvsp[0].constant; } + case 98: +#line 695 "parse.y" + { + yyval.objid = yyvsp[-1].objid; + } break; - case 48: -#line 254 "parse.y" + case 99: +#line 701 "parse.y" + { + yyval.objid = NULL; + } + break; + + case 100: +#line 705 "parse.y" + { + if (yyvsp[0].objid) { + yyval.objid = yyvsp[0].objid; + add_oid_to_tail(yyvsp[0].objid, yyvsp[-1].objid); + } else { + yyval.objid = yyvsp[-1].objid; + } + } + break; + + case 101: +#line 716 "parse.y" + { + yyval.objid = new_objid(yyvsp[-3].name, yyvsp[-1].constant); + } + break; + + case 102: +#line 720 "parse.y" + { + Symbol *s = addsym(yyvsp[0].name); + if(s->stype != SValue || + s->value->type != objectidentifiervalue) { + error_message("%s is not an object identifier\n", + s->name); + exit(1); + } + yyval.objid = s->value->u.objectidentifiervalue; + } + break; + + case 103: +#line 731 "parse.y" + { + yyval.objid = new_objid(NULL, yyvsp[0].constant); + } + break; + + case 113: +#line 754 "parse.y" { - Symbol *s = addsym(yyvsp[0].name); - if(s->stype != SConstant) - error_message ("%s is not a constant\n", - s->name); - else - yyval.constant = s->constant; - } + Symbol *s = addsym(yyvsp[0].name); + if(s->stype != SValue) + error_message ("%s is not a value\n", + s->name); + else + yyval.value = s->value; + } + break; + + case 114: +#line 765 "parse.y" + { + yyval.value = emalloc(sizeof(*yyval.value)); + yyval.value->type = stringvalue; + yyval.value->u.stringvalue = yyvsp[0].name; + } + break; + + case 115: +#line 773 "parse.y" + { + yyval.value = emalloc(sizeof(*yyval.value)); + yyval.value->type = booleanvalue; + yyval.value->u.booleanvalue = 0; + } + break; + + case 116: +#line 779 "parse.y" + { + yyval.value = emalloc(sizeof(*yyval.value)); + yyval.value->type = booleanvalue; + yyval.value->u.booleanvalue = 0; + } + break; + + case 117: +#line 787 "parse.y" + { + yyval.value = emalloc(sizeof(*yyval.value)); + yyval.value->type = integervalue; + yyval.value->u.integervalue = yyvsp[0].constant; + } + break; + + case 119: +#line 798 "parse.y" + { + } + break; + + case 120: +#line 803 "parse.y" + { + yyval.value = emalloc(sizeof(*yyval.value)); + yyval.value->type = objectidentifiervalue; + yyval.value->u.objectidentifiervalue = yyvsp[0].objid; + } break; } -/* Line 1010 of yacc.c. */ -#line 1431 "$base.c" +/* Line 1000 of yacc.c. */ +#line 2044 "parse.c" yyvsp -= yylen; yyssp -= yylen; @@ -1652,7 +2265,7 @@ yyreturn: } -#line 263 "parse.y" +#line 810 "parse.y" void @@ -1661,29 +2274,82 @@ yyerror (char *s) error_message ("%s\n", s); } +static Type * +new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype) +{ + Type *t; + if(oldtype->type == TTag && oldtype->tag.tagenv == TE_IMPLICIT) { + t = oldtype; + oldtype = oldtype->subtype; /* XXX */ + } else + t = new_type (TTag); + + t->tag.tagclass = tagclass; + t->tag.tagvalue = tagvalue; + t->tag.tagenv = tagenv; + t->subtype = oldtype; + return t; +} + +static struct objid * +new_objid(const char *label, int value) +{ + struct objid *s; + s = emalloc(sizeof(*s)); + s->label = label; + s->value = value; + s->next = NULL; + return s; +} + +static void +add_oid_to_tail(struct objid *head, struct objid *tail) +{ + struct objid *o; + o = head; + while (o->next) + o = o->next; + o->next = tail; +} + static Type * new_type (Typetype tt) { - Type *t = malloc(sizeof(*t)); - if (t == NULL) { - error_message ("out of memory in malloc(%lu)", - (unsigned long)sizeof(*t)); - exit (1); - } - t->type = tt; - t->application = 0; - t->members = NULL; - t->subtype = NULL; - t->symbol = NULL; - return t; + Type *t = ecalloc(1, sizeof(*t)); + t->type = tt; + return t; +} + +static void fix_labels2(Type *t, const char *prefix); +static void fix_labels1(struct memhead *members, const char *prefix) +{ + Member *m; + + if(members == NULL) + return; + ASN1_TAILQ_FOREACH(m, members, members) { + asprintf(&m->label, "%s_%s", prefix, m->gen_name); + if (m->label == NULL) + errx(1, "malloc"); + if(m->type != NULL) + fix_labels2(m->type, m->label); + } +} + +static void fix_labels2(Type *t, const char *prefix) +{ + for(; t; t = t->subtype) + fix_labels1(t->members, prefix); } static void -append (Member *l, Member *r) +fix_labels(Symbol *s) { - l->prev->next = r; - r->prev = l->prev; - l->prev = r; - r->next = l; + char *p; + asprintf(&p, "choice_%s", s->gen_name); + if (p == NULL) + errx(1, "malloc"); + fix_labels2(s->type, p); + free(p); } diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h index 25808dca64..ad2ed3c4a2 100644 --- a/source4/heimdal/lib/asn1/parse.h +++ b/source4/heimdal/lib/asn1/parse.h @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 1.875d. */ +/* A Bison parser, made by GNU Bison 1.875c. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -29,81 +29,203 @@ /* Put the tokens into the symbol table, so that GDB and other debuggers know about them. */ enum yytokentype { - INTEGER = 258, - SEQUENCE = 259, - CHOICE = 260, - OF = 261, - OCTET = 262, - STRING = 263, - GeneralizedTime = 264, - GeneralString = 265, - BIT = 266, - APPLICATION = 267, - OPTIONAL = 268, - EEQUAL = 269, - TBEGIN = 270, - END = 271, - DEFINITIONS = 272, - ENUMERATED = 273, - UTF8String = 274, - NULLTYPE = 275, - EXTERNAL = 276, - DEFAULT = 277, - DOTDOT = 278, - DOTDOTDOT = 279, - BOOLEAN = 280, - IMPORTS = 281, - FROM = 282, - OBJECT = 283, - IDENTIFIER = 284, - IDENT = 285, - CONSTANT = 286 + kw_ABSENT = 258, + kw_ABSTRACT_SYNTAX = 259, + kw_ALL = 260, + kw_APPLICATION = 261, + kw_AUTOMATIC = 262, + kw_BEGIN = 263, + kw_BIT = 264, + kw_BMPString = 265, + kw_BOOLEAN = 266, + kw_BY = 267, + kw_CHARACTER = 268, + kw_CHOICE = 269, + kw_CLASS = 270, + kw_COMPONENT = 271, + kw_COMPONENTS = 272, + kw_CONSTRAINED = 273, + kw_CONTAINING = 274, + kw_DEFAULT = 275, + kw_DEFINITIONS = 276, + kw_EMBEDDED = 277, + kw_ENCODED = 278, + kw_END = 279, + kw_ENUMERATED = 280, + kw_EXCEPT = 281, + kw_EXPLICIT = 282, + kw_EXPORTS = 283, + kw_EXTENSIBILITY = 284, + kw_EXTERNAL = 285, + kw_FALSE = 286, + kw_FROM = 287, + kw_GeneralString = 288, + kw_GeneralizedTime = 289, + kw_GraphicString = 290, + kw_IA5String = 291, + kw_IDENTIFIER = 292, + kw_IMPLICIT = 293, + kw_IMPLIED = 294, + kw_IMPORTS = 295, + kw_INCLUDES = 296, + kw_INSTANCE = 297, + kw_INTEGER = 298, + kw_INTERSECTION = 299, + kw_ISO646String = 300, + kw_MAX = 301, + kw_MIN = 302, + kw_MINUS_INFINITY = 303, + kw_NULL = 304, + kw_NumericString = 305, + kw_OBJECT = 306, + kw_OCTET = 307, + kw_OF = 308, + kw_OPTIONAL = 309, + kw_ObjectDescriptor = 310, + kw_PATTERN = 311, + kw_PDV = 312, + kw_PLUS_INFINITY = 313, + kw_PRESENT = 314, + kw_PRIVATE = 315, + kw_PrintableString = 316, + kw_REAL = 317, + kw_RELATIVE_OID = 318, + kw_SEQUENCE = 319, + kw_SET = 320, + kw_SIZE = 321, + kw_STRING = 322, + kw_SYNTAX = 323, + kw_T61String = 324, + kw_TAGS = 325, + kw_TRUE = 326, + kw_TYPE_IDENTIFIER = 327, + kw_TeletexString = 328, + kw_UNION = 329, + kw_UNIQUE = 330, + kw_UNIVERSAL = 331, + kw_UTCTime = 332, + kw_UTF8String = 333, + kw_UniversalString = 334, + kw_VideotexString = 335, + kw_VisibleString = 336, + kw_WITH = 337, + RANGE = 338, + EEQUAL = 339, + ELLIPSIS = 340, + IDENTIFIER = 341, + referencename = 342, + STRING = 343, + NUMBER = 344 }; #endif -#define INTEGER 258 -#define SEQUENCE 259 -#define CHOICE 260 -#define OF 261 -#define OCTET 262 -#define STRING 263 -#define GeneralizedTime 264 -#define GeneralString 265 -#define BIT 266 -#define APPLICATION 267 -#define OPTIONAL 268 -#define EEQUAL 269 -#define TBEGIN 270 -#define END 271 -#define DEFINITIONS 272 -#define ENUMERATED 273 -#define UTF8String 274 -#define NULLTYPE 275 -#define EXTERNAL 276 -#define DEFAULT 277 -#define DOTDOT 278 -#define DOTDOTDOT 279 -#define BOOLEAN 280 -#define IMPORTS 281 -#define FROM 282 -#define OBJECT 283 -#define IDENTIFIER 284 -#define IDENT 285 -#define CONSTANT 286 +#define kw_ABSENT 258 +#define kw_ABSTRACT_SYNTAX 259 +#define kw_ALL 260 +#define kw_APPLICATION 261 +#define kw_AUTOMATIC 262 +#define kw_BEGIN 263 +#define kw_BIT 264 +#define kw_BMPString 265 +#define kw_BOOLEAN 266 +#define kw_BY 267 +#define kw_CHARACTER 268 +#define kw_CHOICE 269 +#define kw_CLASS 270 +#define kw_COMPONENT 271 +#define kw_COMPONENTS 272 +#define kw_CONSTRAINED 273 +#define kw_CONTAINING 274 +#define kw_DEFAULT 275 +#define kw_DEFINITIONS 276 +#define kw_EMBEDDED 277 +#define kw_ENCODED 278 +#define kw_END 279 +#define kw_ENUMERATED 280 +#define kw_EXCEPT 281 +#define kw_EXPLICIT 282 +#define kw_EXPORTS 283 +#define kw_EXTENSIBILITY 284 +#define kw_EXTERNAL 285 +#define kw_FALSE 286 +#define kw_FROM 287 +#define kw_GeneralString 288 +#define kw_GeneralizedTime 289 +#define kw_GraphicString 290 +#define kw_IA5String 291 +#define kw_IDENTIFIER 292 +#define kw_IMPLICIT 293 +#define kw_IMPLIED 294 +#define kw_IMPORTS 295 +#define kw_INCLUDES 296 +#define kw_INSTANCE 297 +#define kw_INTEGER 298 +#define kw_INTERSECTION 299 +#define kw_ISO646String 300 +#define kw_MAX 301 +#define kw_MIN 302 +#define kw_MINUS_INFINITY 303 +#define kw_NULL 304 +#define kw_NumericString 305 +#define kw_OBJECT 306 +#define kw_OCTET 307 +#define kw_OF 308 +#define kw_OPTIONAL 309 +#define kw_ObjectDescriptor 310 +#define kw_PATTERN 311 +#define kw_PDV 312 +#define kw_PLUS_INFINITY 313 +#define kw_PRESENT 314 +#define kw_PRIVATE 315 +#define kw_PrintableString 316 +#define kw_REAL 317 +#define kw_RELATIVE_OID 318 +#define kw_SEQUENCE 319 +#define kw_SET 320 +#define kw_SIZE 321 +#define kw_STRING 322 +#define kw_SYNTAX 323 +#define kw_T61String 324 +#define kw_TAGS 325 +#define kw_TRUE 326 +#define kw_TYPE_IDENTIFIER 327 +#define kw_TeletexString 328 +#define kw_UNION 329 +#define kw_UNIQUE 330 +#define kw_UNIVERSAL 331 +#define kw_UTCTime 332 +#define kw_UTF8String 333 +#define kw_UniversalString 334 +#define kw_VideotexString 335 +#define kw_VisibleString 336 +#define kw_WITH 337 +#define RANGE 338 +#define EEQUAL 339 +#define ELLIPSIS 340 +#define IDENTIFIER 341 +#define referencename 342 +#define STRING 343 +#define NUMBER 344 #if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) -#line 56 "parse.y" +#line 64 "parse.y" typedef union YYSTYPE { - int constant; - char *name; - Type *type; - Member *member; - char *defval; + int constant; + struct value *value; + struct range range; + char *name; + Type *type; + Member *member; + struct objid *objid; + char *defval; + struct string_list *sl; + struct tagtype tag; + struct memhead *members; } YYSTYPE; -/* Line 1285 of yacc.c. */ -#line 107 "parse.h" +/* Line 1275 of yacc.c. */ +#line 229 "parse.h" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 diff --git a/source4/heimdal/lib/asn1/parse.y b/source4/heimdal/lib/asn1/parse.y index ab83d451c5..def2bc2498 100644 --- a/source4/heimdal/lib/asn1/parse.y +++ b/source4/heimdal/lib/asn1/parse.y @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse.y,v 1.23 2004/10/13 17:41:48 lha Exp $ */ +/* $Id: parse.y,v 1.24 2005/07/12 06:27:35 lha Exp $ */ %{ #ifdef HAVE_CONFIG_H @@ -43,223 +43,770 @@ #include "symbol.h" #include "lex.h" #include "gen_locl.h" +#include "der.h" -RCSID("$Id: parse.y,v 1.23 2004/10/13 17:41:48 lha Exp $"); +RCSID("$Id: parse.y,v 1.24 2005/07/12 06:27:35 lha Exp $"); static Type *new_type (Typetype t); +static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype); void yyerror (char *); +static struct objid *new_objid(const char *label, int value); +static void add_oid_to_tail(struct objid *, struct objid *); +static void fix_labels(Symbol *s); -static void append (Member *l, Member *r); +struct string_list { + char *string; + struct string_list *next; +}; %} %union { - int constant; - char *name; - Type *type; - Member *member; - char *defval; + int constant; + struct value *value; + struct range range; + char *name; + Type *type; + Member *member; + struct objid *objid; + char *defval; + struct string_list *sl; + struct tagtype tag; + struct memhead *members; } -%token INTEGER SEQUENCE CHOICE OF OCTET STRING GeneralizedTime GeneralString -%token BIT APPLICATION OPTIONAL EEQUAL TBEGIN END DEFINITIONS ENUMERATED -%token UTF8String NULLTYPE -%token EXTERNAL DEFAULT -%token DOTDOT DOTDOTDOT -%token BOOLEAN -%token IMPORTS FROM -%token OBJECT IDENTIFIER -%token IDENT -%token CONSTANT +%token kw_ABSENT +%token kw_ABSTRACT_SYNTAX +%token kw_ALL +%token kw_APPLICATION +%token kw_AUTOMATIC +%token kw_BEGIN +%token kw_BIT +%token kw_BMPString +%token kw_BOOLEAN +%token kw_BY +%token kw_CHARACTER +%token kw_CHOICE +%token kw_CLASS +%token kw_COMPONENT +%token kw_COMPONENTS +%token kw_CONSTRAINED +%token kw_CONTAINING +%token kw_DEFAULT +%token kw_DEFINITIONS +%token kw_EMBEDDED +%token kw_ENCODED +%token kw_END +%token kw_ENUMERATED +%token kw_EXCEPT +%token kw_EXPLICIT +%token kw_EXPORTS +%token kw_EXTENSIBILITY +%token kw_EXTERNAL +%token kw_FALSE +%token kw_FROM +%token kw_GeneralString +%token kw_GeneralizedTime +%token kw_GraphicString +%token kw_IA5String +%token kw_IDENTIFIER +%token kw_IMPLICIT +%token kw_IMPLIED +%token kw_IMPORTS +%token kw_INCLUDES +%token kw_INSTANCE +%token kw_INTEGER +%token kw_INTERSECTION +%token kw_ISO646String +%token kw_MAX +%token kw_MIN +%token kw_MINUS_INFINITY +%token kw_NULL +%token kw_NumericString +%token kw_OBJECT +%token kw_OCTET +%token kw_OF +%token kw_OPTIONAL +%token kw_ObjectDescriptor +%token kw_PATTERN +%token kw_PDV +%token kw_PLUS_INFINITY +%token kw_PRESENT +%token kw_PRIVATE +%token kw_PrintableString +%token kw_REAL +%token kw_RELATIVE_OID +%token kw_SEQUENCE +%token kw_SET +%token kw_SIZE +%token kw_STRING +%token kw_SYNTAX +%token kw_T61String +%token kw_TAGS +%token kw_TRUE +%token kw_TYPE_IDENTIFIER +%token kw_TeletexString +%token kw_UNION +%token kw_UNIQUE +%token kw_UNIVERSAL +%token kw_UTCTime +%token kw_UTF8String +%token kw_UniversalString +%token kw_VideotexString +%token kw_VisibleString +%token kw_WITH + +%token RANGE +%token EEQUAL +%token ELLIPSIS + +%token IDENTIFIER referencename +%token STRING + +%token NUMBER +%type SignedNumber +%type Class tagenv + +%type Value +%type BuiltinValue +%type IntegerValue +%type BooleanValue +%type ObjectIdentifierValue +%type CharacterStringValue +%type NullValue +%type DefinedValue +%type ReferencedValue +%type Valuereference + +%type Type +%type BuiltinType +%type BitStringType +%type BooleanType +%type ChoiceType +%type EnumeratedType +%type IntegerType +%type NullType +%type OctetStringType +%type SequenceType +%type SequenceOfType +%type SetType +%type SetOfType +%type TaggedType +%type ReferencedType +%type DefinedType +%type UsefulType +%type ObjectIdentifierType +%type CharacterStringType +%type RestrictedCharactedStringType + +%type Tag + +%type ComponentType +%type NamedBit +%type NamedNumber +%type NamedType +%type ComponentTypeList +%type Enumerations +%type NamedBitList +%type NamedNumberList + +%type objid objid_list objid_element objid_opt +%type range + +%type referencenames + +%start ModuleDefinition -%type constant optional2 -%type type -%type memberdecls memberdecl memberdeclstart bitdecls bitdecl +%% -%type defvalue +ModuleDefinition: IDENTIFIER kw_DEFINITIONS TagDefault ExtensionDefault + EEQUAL kw_BEGIN ModuleBody kw_END + { + checkundefined(); + } + ; -%start envelope +TagDefault : kw_EXPLICIT kw_TAGS + | kw_IMPLICIT kw_TAGS + { error_message("implicit tagging is not supported"); } + | kw_AUTOMATIC kw_TAGS + { error_message("automatic tagging is not supported"); } + | /* empty */ + ; -%% +ExtensionDefault: kw_EXTENSIBILITY kw_IMPLIED + { error_message("no extensibility options supported"); } + | /* empty */ + ; -envelope : IDENT DEFINITIONS EEQUAL TBEGIN specification END {} +ModuleBody : /* Exports */ Imports AssignmentList + | /* empty */ ; -specification : - | specification declaration +Imports : kw_IMPORTS SymbolsImported ';' + | /* empty */ ; -declaration : imports_decl - | type_decl - | constant_decl +SymbolsImported : SymbolsFromModuleList + | /* empty */ ; -referencenames : IDENT ',' referencenames - { - Symbol *s = addsym($1); +SymbolsFromModuleList: SymbolsFromModule + | SymbolsFromModuleList SymbolsFromModule + ; + +SymbolsFromModule: referencenames kw_FROM IDENTIFIER objid_opt + { + struct string_list *sl; + for(sl = $1; sl != NULL; sl = sl->next) { + Symbol *s = addsym(sl->string); s->stype = Stype; + } + add_import($3); } - | IDENT + ; + +AssignmentList : Assignment + | Assignment AssignmentList + ; + +Assignment : TypeAssignment + | ValueAssignment + ; + +referencenames : IDENTIFIER ',' referencenames { - Symbol *s = addsym($1); - s->stype = Stype; + $$ = emalloc(sizeof(*$$)); + $$->string = $1; + $$->next = $3; + } + | IDENTIFIER + { + $$ = emalloc(sizeof(*$$)); + $$->string = $1; + $$->next = NULL; } ; -imports_decl : IMPORTS referencenames FROM IDENT ';' - { add_import($4); } +TypeAssignment : IDENTIFIER EEQUAL Type + { + Symbol *s = addsym ($1); + s->stype = Stype; + s->type = $3; + fix_labels(s); + generate_type (s); + } ; -type_decl : IDENT EEQUAL type +Type : BuiltinType + | ReferencedType + ; + +BuiltinType : BitStringType + | BooleanType + | CharacterStringType + | ChoiceType + | EnumeratedType + | IntegerType + | NullType + | ObjectIdentifierType + | OctetStringType + | SequenceType + | SequenceOfType + | SetType + | SetOfType + | TaggedType + ; + +BooleanType : kw_BOOLEAN { - Symbol *s = addsym ($1); - s->stype = Stype; - s->type = $3; - generate_type (s); + $$ = new_tag(ASN1_C_UNIV, UT_Boolean, + TE_EXPLICIT, new_type(TBoolean)); } ; -constant_decl : IDENT type EEQUAL constant +range : '(' Value RANGE Value ')' { - Symbol *s = addsym ($1); - s->stype = SConstant; - s->constant = $4; - generate_constant (s); + if($2->type != integervalue || + $4->type != integervalue) + error_message("Non-integer value used in range"); + $$.min = $2->u.integervalue; + $$.max = $4->u.integervalue; } ; -type : INTEGER { $$ = new_type(TInteger); } - | INTEGER '(' constant DOTDOT constant ')' { - if($3 != 0) - error_message("Only 0 supported as low range"); - if($5 != INT_MIN && $5 != UINT_MAX && $5 != INT_MAX) - error_message("Only %u supported as high range", - UINT_MAX); - $$ = new_type(TUInteger); +IntegerType : kw_INTEGER + { + $$ = new_tag(ASN1_C_UNIV, UT_Integer, + TE_EXPLICIT, new_type(TInteger)); } - | INTEGER '{' bitdecls '}' - { + | kw_INTEGER range + { $$ = new_type(TInteger); - $$->members = $3; - } - | OBJECT IDENTIFIER { $$ = new_type(TOID); } - | ENUMERATED '{' bitdecls '}' + $$->range = emalloc(sizeof(*$$->range)); + *($$->range) = $2; + $$ = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, $$); + } + | kw_INTEGER '{' NamedNumberList '}' { - $$ = new_type(TEnumerated); - $$->members = $3; + $$ = new_type(TInteger); + $$->members = $3; + $$ = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, $$); } - | OCTET STRING { $$ = new_type(TOctetString); } - | GeneralString { $$ = new_type(TGeneralString); } - | UTF8String { $$ = new_type(TUTF8String); } - | NULLTYPE { $$ = new_type(TNull); } - | GeneralizedTime { $$ = new_type(TGeneralizedTime); } - | SEQUENCE OF type + ; + +NamedNumberList : NamedNumber { - $$ = new_type(TSequenceOf); - $$->subtype = $3; + $$ = emalloc(sizeof(*$$)); + ASN1_TAILQ_INIT($$); + ASN1_TAILQ_INSERT_HEAD($$, $1, members); } - | SEQUENCE '{' memberdecls '}' + | NamedNumberList ',' NamedNumber { - $$ = new_type(TSequence); - $$->members = $3; + ASN1_TAILQ_INSERT_TAIL($1, $3, members); + $$ = $1; } - | CHOICE '{' memberdecls '}' + | NamedNumberList ',' ELLIPSIS + { $$ = $1; } /* XXX used for Enumerations */ + ; + +NamedNumber : IDENTIFIER '(' SignedNumber ')' { - $$ = new_type(TChoice); + $$ = emalloc(sizeof(*$$)); + $$->name = $1; + $$->gen_name = estrdup($1); + output_name ($$->gen_name); + $$->val = $3; + $$->optional = 0; + $$->ellipsis = 0; + $$->type = NULL; + } + ; + +EnumeratedType : kw_ENUMERATED '{' Enumerations '}' + { + $$ = new_type(TInteger); $$->members = $3; + $$ = new_tag(ASN1_C_UNIV, UT_Enumerated, TE_EXPLICIT, $$); + } + ; + +Enumerations : NamedNumberList /* XXX */ + ; + +BitStringType : kw_BIT kw_STRING + { + $$ = new_type(TBitString); + $$->members = emalloc(sizeof(*$$->members)); + ASN1_TAILQ_INIT($$->members); + $$ = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, $$); } - | BIT STRING '{' bitdecls '}' + | kw_BIT kw_STRING '{' NamedBitList '}' { $$ = new_type(TBitString); $$->members = $4; + $$ = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, $$); } - | IDENT + ; + +ObjectIdentifierType: kw_OBJECT kw_IDENTIFIER + { + $$ = new_tag(ASN1_C_UNIV, UT_OID, + TE_EXPLICIT, new_type(TOID)); + } + ; +OctetStringType : kw_OCTET kw_STRING + { + $$ = new_tag(ASN1_C_UNIV, UT_OctetString, + TE_EXPLICIT, new_type(TOctetString)); + } + ; + +NullType : kw_NULL + { + $$ = new_tag(ASN1_C_UNIV, UT_Null, + TE_EXPLICIT, new_type(TNull)); + } + ; + +SequenceType : kw_SEQUENCE '{' /* ComponentTypeLists */ ComponentTypeList '}' + { + $$ = new_type(TSequence); + $$->members = $3; + $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$); + } + | kw_SEQUENCE '{' '}' + { + $$ = new_type(TSequence); + $$->members = NULL; + $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$); + } + ; + +SequenceOfType : kw_SEQUENCE kw_OF Type + { + $$ = new_type(TSequenceOf); + $$->subtype = $3; + $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$); + } + ; + +SetType : kw_SET '{' /* ComponentTypeLists */ ComponentTypeList '}' + { + $$ = new_type(TSet); + $$->members = $3; + $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$); + } + | kw_SET '{' '}' + { + $$ = new_type(TSet); + $$->members = NULL; + $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$); + } + ; + +SetOfType : kw_SET kw_OF Type + { + $$ = new_type(TSetOf); + $$->subtype = $3; + $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$); + } + ; + +ChoiceType : kw_CHOICE '{' /* AlternativeTypeLists */ ComponentTypeList '}' + { + $$ = new_type(TChoice); + $$->members = $3; + } + ; + +ReferencedType : DefinedType + | UsefulType + ; + +DefinedType : IDENTIFIER { Symbol *s = addsym($1); $$ = new_type(TType); - if(s->stype != Stype) + if(s->stype != Stype && s->stype != SUndefined) error_message ("%s is not a type\n", $1); else $$->symbol = s; } - | '[' APPLICATION constant ']' type + ; + +UsefulType : kw_GeneralizedTime + { + $$ = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, + TE_EXPLICIT, new_type(TGeneralizedTime)); + } + | kw_UTCTime { - $$ = new_type(TApplication); - $$->subtype = $5; - $$->application = $3; + $$ = new_tag(ASN1_C_UNIV, UT_UTCTime, + TE_EXPLICIT, new_type(TUTCTime)); } - | BOOLEAN { $$ = new_type(TBoolean); } ; -memberdecls : { $$ = NULL; } - | memberdecl { $$ = $1; } - | memberdecls ',' DOTDOTDOT { $$ = $1; } - | memberdecls ',' memberdecl { $$ = $1; append($$, $3); } +TaggedType : Tag tagenv Type + { + $$ = new_type(TTag); + $$->tag = $1; + $$->tag.tagenv = $2; + if($3->type == TTag && $2 == TE_IMPLICIT) { + $$->subtype = $3->subtype; + free($3); + } else + $$->subtype = $3; + } ; -memberdeclstart : IDENT '[' constant ']' type +Tag : '[' Class NUMBER ']' { - $$ = malloc(sizeof(*$$)); - $$->name = $1; - $$->gen_name = strdup($1); - output_name ($$->gen_name); - $$->val = $3; - $$->optional = 0; - $$->defval = NULL; - $$->type = $5; - $$->next = $$->prev = $$; + $$.tagclass = $2; + $$.tagvalue = $3; + $$.tagenv = TE_EXPLICIT; } ; +Class : /* */ + { + $$ = ASN1_C_CONTEXT; + } + | kw_UNIVERSAL + { + $$ = ASN1_C_UNIV; + } + | kw_APPLICATION + { + $$ = ASN1_C_APPL; + } + | kw_PRIVATE + { + $$ = ASN1_C_PRIVATE; + } + ; + +tagenv : /* */ + { + $$ = TE_EXPLICIT; + } + | kw_EXPLICIT + { + $$ = TE_EXPLICIT; + } + | kw_IMPLICIT + { + $$ = TE_IMPLICIT; + } + ; + + +ValueAssignment : IDENTIFIER Type EEQUAL Value + { + Symbol *s; + s = addsym ($1); + + s->stype = SValue; + s->value = $4; + generate_constant (s); + } + ; + +CharacterStringType: RestrictedCharactedStringType + ; + +RestrictedCharactedStringType: kw_GeneralString + { + $$ = new_tag(ASN1_C_UNIV, UT_GeneralString, + TE_EXPLICIT, new_type(TGeneralString)); + } + | kw_UTF8String + { + $$ = new_tag(ASN1_C_UNIV, UT_UTF8String, + TE_EXPLICIT, new_type(TUTF8String)); + } + | kw_PrintableString + { + $$ = new_tag(ASN1_C_UNIV, UT_PrintableString, + TE_EXPLICIT, new_type(TPrintableString)); + } + | kw_IA5String + { + $$ = new_tag(ASN1_C_UNIV, UT_IA5String, + TE_EXPLICIT, new_type(TIA5String)); + } + | kw_BMPString + { + $$ = new_tag(ASN1_C_UNIV, UT_BMPString, + TE_EXPLICIT, new_type(TBMPString)); + } + | kw_UniversalString + { + $$ = new_tag(ASN1_C_UNIV, UT_UniversalString, + TE_EXPLICIT, new_type(TUniversalString)); + } -memberdecl : memberdeclstart optional2 - { $1->optional = $2 ; $$ = $1; } - | memberdeclstart defvalue - { $1->defval = $2 ; $$ = $1; } - | memberdeclstart - { $$ = $1; } ; +ComponentTypeList: ComponentType + { + $$ = emalloc(sizeof(*$$)); + ASN1_TAILQ_INIT($$); + ASN1_TAILQ_INSERT_HEAD($$, $1, members); + } + | ComponentTypeList ',' ComponentType + { + ASN1_TAILQ_INSERT_TAIL($1, $3, members); + $$ = $1; + } + | ComponentTypeList ',' ELLIPSIS + { + struct member *m = ecalloc(1, sizeof(*m)); + m->name = estrdup("..."); + m->gen_name = estrdup("asn1_ellipsis"); + m->ellipsis = 1; + ASN1_TAILQ_INSERT_TAIL($1, m, members); + $$ = $1; + } + ; -optional2 : OPTIONAL { $$ = 1; } +NamedType : IDENTIFIER Type + { + $$ = emalloc(sizeof(*$$)); + $$->name = $1; + $$->gen_name = estrdup($1); + output_name ($$->gen_name); + $$->type = $2; + $$->ellipsis = 0; + } ; -defvalue : DEFAULT constant - { asprintf(&$$, "%d", $2); } - | DEFAULT '"' IDENT '"' - { $$ = strdup ($3); } +ComponentType : NamedType + { + $$ = $1; + $$->optional = 0; + $$->defval = NULL; + } + | NamedType kw_OPTIONAL + { + $$ = $1; + $$->optional = 1; + $$->defval = NULL; + } + | NamedType kw_DEFAULT Value + { + $$ = $1; + $$->optional = 0; + $$->defval = $3; + } ; -bitdecls : { $$ = NULL; } - | bitdecl { $$ = $1; } - | bitdecls ',' DOTDOTDOT { $$ = $1; } - | bitdecls ',' bitdecl { $$ = $1; append($$, $3); } +NamedBitList : NamedBit + { + $$ = emalloc(sizeof(*$$)); + ASN1_TAILQ_INIT($$); + ASN1_TAILQ_INSERT_HEAD($$, $1, members); + } + | NamedBitList ',' NamedBit + { + ASN1_TAILQ_INSERT_TAIL($1, $3, members); + $$ = $1; + } ; -bitdecl : IDENT '(' constant ')' +NamedBit : IDENTIFIER '(' NUMBER ')' { - $$ = malloc(sizeof(*$$)); + $$ = emalloc(sizeof(*$$)); $$->name = $1; - $$->gen_name = strdup($1); + $$->gen_name = estrdup($1); output_name ($$->gen_name); $$->val = $3; $$->optional = 0; + $$->ellipsis = 0; $$->type = NULL; - $$->prev = $$->next = $$; } ; -constant : CONSTANT { $$ = $1; } - | '-' CONSTANT { $$ = -$2; } - | IDENT { - Symbol *s = addsym($1); - if(s->stype != SConstant) - error_message ("%s is not a constant\n", - s->name); - else - $$ = s->constant; - } +objid_opt : objid + | /* empty */ { $$ = NULL; } + ; + +objid : '{' objid_list '}' + { + $$ = $2; + } + ; + +objid_list : /* empty */ + { + $$ = NULL; + } + | objid_element objid_list + { + if ($2) { + $$ = $2; + add_oid_to_tail($2, $1); + } else { + $$ = $1; + } + } + ; + +objid_element : IDENTIFIER '(' NUMBER ')' + { + $$ = new_objid($1, $3); + } + | IDENTIFIER + { + Symbol *s = addsym($1); + if(s->stype != SValue || + s->value->type != objectidentifiervalue) { + error_message("%s is not an object identifier\n", + s->name); + exit(1); + } + $$ = s->value->u.objectidentifiervalue; + } + | NUMBER + { + $$ = new_objid(NULL, $1); + } + ; + +Value : BuiltinValue + | ReferencedValue + ; + +BuiltinValue : BooleanValue + | CharacterStringValue + | IntegerValue + | ObjectIdentifierValue + | NullValue + ; + +ReferencedValue : DefinedValue + ; + +DefinedValue : Valuereference + ; + +Valuereference : IDENTIFIER + { + Symbol *s = addsym($1); + if(s->stype != SValue) + error_message ("%s is not a value\n", + s->name); + else + $$ = s->value; + } + ; + +CharacterStringValue: STRING + { + $$ = emalloc(sizeof(*$$)); + $$->type = stringvalue; + $$->u.stringvalue = $1; + } + ; + +BooleanValue : kw_TRUE + { + $$ = emalloc(sizeof(*$$)); + $$->type = booleanvalue; + $$->u.booleanvalue = 0; + } + | kw_FALSE + { + $$ = emalloc(sizeof(*$$)); + $$->type = booleanvalue; + $$->u.booleanvalue = 0; + } + ; + +IntegerValue : SignedNumber + { + $$ = emalloc(sizeof(*$$)); + $$->type = integervalue; + $$->u.integervalue = $1; + } + ; + +SignedNumber : NUMBER + ; + +NullValue : kw_NULL + { + } ; + +ObjectIdentifierValue: objid + { + $$ = emalloc(sizeof(*$$)); + $$->type = objectidentifiervalue; + $$->u.objectidentifiervalue = $1; + } + ; + %% void @@ -268,28 +815,81 @@ yyerror (char *s) error_message ("%s\n", s); } +static Type * +new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype) +{ + Type *t; + if(oldtype->type == TTag && oldtype->tag.tagenv == TE_IMPLICIT) { + t = oldtype; + oldtype = oldtype->subtype; /* XXX */ + } else + t = new_type (TTag); + + t->tag.tagclass = tagclass; + t->tag.tagvalue = tagvalue; + t->tag.tagenv = tagenv; + t->subtype = oldtype; + return t; +} + +static struct objid * +new_objid(const char *label, int value) +{ + struct objid *s; + s = emalloc(sizeof(*s)); + s->label = label; + s->value = value; + s->next = NULL; + return s; +} + +static void +add_oid_to_tail(struct objid *head, struct objid *tail) +{ + struct objid *o; + o = head; + while (o->next) + o = o->next; + o->next = tail; +} + static Type * new_type (Typetype tt) { - Type *t = malloc(sizeof(*t)); - if (t == NULL) { - error_message ("out of memory in malloc(%lu)", - (unsigned long)sizeof(*t)); - exit (1); - } - t->type = tt; - t->application = 0; - t->members = NULL; - t->subtype = NULL; - t->symbol = NULL; - return t; + Type *t = ecalloc(1, sizeof(*t)); + t->type = tt; + return t; +} + +static void fix_labels2(Type *t, const char *prefix); +static void fix_labels1(struct memhead *members, const char *prefix) +{ + Member *m; + + if(members == NULL) + return; + ASN1_TAILQ_FOREACH(m, members, members) { + asprintf(&m->label, "%s_%s", prefix, m->gen_name); + if (m->label == NULL) + errx(1, "malloc"); + if(m->type != NULL) + fix_labels2(m->type, m->label); + } +} + +static void fix_labels2(Type *t, const char *prefix) +{ + for(; t; t = t->subtype) + fix_labels1(t->members, prefix); } static void -append (Member *l, Member *r) +fix_labels(Symbol *s) { - l->prev->next = r; - r->prev = l->prev; - l->prev = r; - r->next = l; + char *p; + asprintf(&p, "choice_%s", s->gen_name); + if (p == NULL) + errx(1, "malloc"); + fix_labels2(s->type, p); + free(p); } diff --git a/source4/heimdal/lib/asn1/pkcs12.asn1 b/source4/heimdal/lib/asn1/pkcs12.asn1 new file mode 100644 index 0000000000..ff512e8255 --- /dev/null +++ b/source4/heimdal/lib/asn1/pkcs12.asn1 @@ -0,0 +1,81 @@ +-- $Id: pkcs12.asn1,v 1.3 2005/07/23 11:07:39 lha Exp $ -- + +PKCS12 DEFINITIONS ::= + +BEGIN + +IMPORTS ContentInfo FROM cms + DigestInfo FROM rfc2459 + heim_any, heim_any_set FROM heim; + +-- The PFX PDU + +id-pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) + rsadsi(113549) pkcs(1) pkcs-12(12) } + +id-pkcs-12PbeIds OBJECT IDENTIFIER ::= { id-pkcs-12 1} +id-pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 1} +id-pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 2} +id-pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 3} +id-pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 4} +id-pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 5} +id-pbewithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= { id-pkcs-12PbeIds 6} + +id-pkcs12-bagtypes OBJECT IDENTIFIER ::= { id-pkcs-12 10 1} + +id-pkcs12-keyBag OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 1 } +id-pkcs12-pkcs8ShroudedKeyBag OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 2 } +id-pkcs12-certBag OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 3 } +id-pkcs12-crlBag OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 4 } +id-pkcs12-secretBag OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 5 } +id-pkcs12-safeContentsBag OBJECT IDENTIFIER ::= { id-pkcs12-bagtypes 6 } + + +PKCS12-MacData ::= SEQUENCE { + mac DigestInfo, + macSalt OCTET STRING, + iterations INTEGER OPTIONAL +} + +PKCS12-PFX ::= SEQUENCE { + version INTEGER, + authSafe ContentInfo, + macData PKCS12-MacData OPTIONAL +} + +PKCS12-AuthenticatedSafe ::= SEQUENCE OF ContentInfo + -- Data if unencrypted + -- EncryptedData if password-encrypted + -- EnvelopedData if public key-encrypted + +PKCS12-Attribute ::= SEQUENCE { + attrId OBJECT IDENTIFIER, + attrValues -- SET OF -- heim_any_set +} + +PKCS12-Attributes ::= SET OF PKCS12-Attribute + +PKCS12-SafeBag ::= SEQUENCE { + bagId OBJECT IDENTIFIER, + bagValue [0] heim_any, + bagAttributes PKCS12-Attributes OPTIONAL +} + +PKCS12-SafeContents ::= SEQUENCE OF PKCS12-SafeBag + +PKCS12-CertBag ::= SEQUENCE { + certType OBJECT IDENTIFIER, + certValue [0] heim_any +} + +PKCS12-PBEParams ::= SEQUENCE { + salt OCTET STRING, + iterations INTEGER (0..4294967295) OPTIONAL +} + +PKCS12-OctetString ::= OCTET STRING + +-- KeyBag ::= PrivateKeyInfo +-- PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo + +END diff --git a/source4/heimdal/lib/asn1/pkcs8.asn1 b/source4/heimdal/lib/asn1/pkcs8.asn1 new file mode 100644 index 0000000000..823e56660b --- /dev/null +++ b/source4/heimdal/lib/asn1/pkcs8.asn1 @@ -0,0 +1,30 @@ +-- $Id: pkcs8.asn1,v 1.2 2005/07/12 06:27:36 lha Exp $ -- + +PKCS8 DEFINITIONS ::= + +BEGIN + +IMPORTS Attribute, AlgorithmIdentifier FROM rfc2459 + heim_any, heim_any_set FROM heim; + +PKCS8PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier + +PKCS8PrivateKey ::= OCTET STRING + +PKCS8Attributes ::= SET OF Attribute + +PKCS8PrivateKeyInfo ::= SEQUENCE { + version INTEGER, + privateKeyAlgorithm PKCS8PrivateKeyAlgorithmIdentifier, + privateKey PKCS8PrivateKey, + attributes [0] IMPLICIT PKCS8Attributes OPTIONAL +} + +PKCS8EncryptedData ::= OCTET STRING + +PKCS8EncryptedPrivateKeyInfo ::= SEQUENCE { + encryptionAlgorithm AlgorithmIdentifier, + encryptedData PKCS8EncryptedData +} + +END diff --git a/source4/heimdal/lib/asn1/pkcs9.asn1 b/source4/heimdal/lib/asn1/pkcs9.asn1 new file mode 100644 index 0000000000..bcc8f50398 --- /dev/null +++ b/source4/heimdal/lib/asn1/pkcs9.asn1 @@ -0,0 +1,27 @@ +-- $Id: pkcs9.asn1,v 1.3 2005/07/23 10:38:28 lha Exp $ -- + +PKCS9 DEFINITIONS ::= + +BEGIN + +-- The PFX PDU + +id-pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) + rsadsi(113549) pkcs(1) pkcs-9(9) } + +id-pkcs9-contentType OBJECT IDENTIFIER ::= {id-pkcs-9 3 } +id-pkcs9-messageDigest OBJECT IDENTIFIER ::= {id-pkcs-9 4 } +id-pkcs9-signingTime OBJECT IDENTIFIER ::= {id-pkcs-9 5 } +id-pkcs9-countersignature OBJECT IDENTIFIER ::= {id-pkcs-9 6 } + +id-pkcs-9-at-friendlyName OBJECT IDENTIFIER ::= {id-pkcs-9 20} +id-pkcs-9-at-localKeyId OBJECT IDENTIFIER ::= {id-pkcs-9 21} +id-pkcs-9-at-certTypes OBJECT IDENTIFIER ::= {id-pkcs-9 22} +id-pkcs-9-at-certTypes-x509 OBJECT IDENTIFIER ::= {id-pkcs-9-at-certTypes 1} + +PKCS9-BMPString ::= BMPString + +PKCS9-friendlyName ::= SET OF PKCS9-BMPString + +END + diff --git a/source4/heimdal/lib/asn1/symbol.c b/source4/heimdal/lib/asn1/symbol.c index 5f69c10925..a4e1ed4884 100644 --- a/source4/heimdal/lib/asn1/symbol.c +++ b/source4/heimdal/lib/asn1/symbol.c @@ -1,90 +1,110 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "gen_locl.h" +#include "lex.h" -RCSID("$Id: symbol.c,v 1.9 2001/09/25 13:39:27 assar Exp $"); +RCSID("$Id: symbol.c,v 1.10 2005/07/12 06:27:39 lha Exp $"); static Hashtab *htab; static int -cmp (void *a, void *b) +cmp(void *a, void *b) { - Symbol *s1 = (Symbol *)a; - Symbol *s2 = (Symbol *)b; + Symbol *s1 = (Symbol *) a; + Symbol *s2 = (Symbol *) b; - return strcmp (s1->name, s2->name); + return strcmp(s1->name, s2->name); } static unsigned -hash (void *a) +hash(void *a) { - Symbol *s = (Symbol *)a; + Symbol *s = (Symbol *) a; - return hashjpw (s->name); + return hashjpw(s->name); } void -initsym (void) +initsym(void) { - htab = hashtabnew (101, cmp, hash); + htab = hashtabnew(101, cmp, hash); } void -output_name (char *s) +output_name(char *s) { - char *p; + char *p; - for (p = s; *p; ++p) - if (*p == '-') - *p = '_'; + for (p = s; *p; ++p) + if (*p == '-') + *p = '_'; } -Symbol* -addsym (char *name) +Symbol * +addsym(char *name) { - Symbol key, *s; + Symbol key, *s; - key.name = name; - s = (Symbol *)hashtabsearch (htab, (void *)&key); - if (s == NULL) { - s = (Symbol *)malloc (sizeof (*s)); - s->name = name; - s->gen_name = strdup(name); - output_name (s->gen_name); - s->stype = SUndefined; - hashtabadd (htab, s); - } - return s; + key.name = name; + s = (Symbol *) hashtabsearch(htab, (void *) &key); + if (s == NULL) { + s = (Symbol *) emalloc(sizeof(*s)); + s->name = name; + s->gen_name = estrdup(name); + output_name(s->gen_name); + s->stype = SUndefined; + hashtabadd(htab, s); + } + return s; +} + +static int +checkfunc(void *ptr, void *arg) +{ + Symbol *s = ptr; + if (s->stype == SUndefined) { + error_message("%s is still undefined\n", s->name); + *(int *) arg = 1; + } + return 0; +} + +int +checkundefined(void) +{ + int f = 0; + hashtabforeach(htab, checkfunc, &f); + return f; } diff --git a/source4/heimdal/lib/asn1/symbol.h b/source4/heimdal/lib/asn1/symbol.h index 443935cc05..83df57b77f 100644 --- a/source4/heimdal/lib/asn1/symbol.h +++ b/source4/heimdal/lib/asn1/symbol.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,64 +31,109 @@ * SUCH DAMAGE. */ -/* $Id: symbol.h,v 1.11 2003/10/03 00:28:29 lha Exp $ */ +/* $Id: symbol.h,v 1.12 2005/07/12 06:27:40 lha Exp $ */ #ifndef _SYMBOL_H #define _SYMBOL_H +#include "asn1_queue.h" + enum typetype { - TApplication, TBitString, TBoolean, - TChoice, + TChoice, TEnumerated, - TGeneralString, - TGeneralizedTime, + TGeneralString, + TGeneralizedTime, + TIA5String, TInteger, TNull, - TOID, - TOctetString, - TSequence, + TOID, + TOctetString, + TPrintableString, + TSequence, TSequenceOf, + TSet, + TSetOf, + TTag, TType, - TUInteger, - TUTF8String + TUTCTime, + TUTF8String, + TBMPString, + TUniversalString }; typedef enum typetype Typetype; struct type; +struct value { + enum { booleanvalue, + nullvalue, + integervalue, + stringvalue, + objectidentifiervalue + } type; + union { + int booleanvalue; + int integervalue; + char *stringvalue; + struct objid *objectidentifiervalue; + } u; +}; + struct member { - char *name; - char *gen_name; - int val; - int optional; - struct type *type; - struct member *next, *prev; - char *defval; + char *name; + char *gen_name; + char *label; + int val; + int optional; + int ellipsis; + struct type *type; + ASN1_TAILQ_ENTRY(member) members; + struct value *defval; }; typedef struct member Member; +ASN1_TAILQ_HEAD(memhead, member); + struct symbol; +struct tagtype { + int tagclass; + int tagvalue; + enum { TE_IMPLICIT, TE_EXPLICIT } tagenv; +}; + +struct range { + int min; + int max; +}; + struct type { - Typetype type; - int application; - Member *members; - struct type *subtype; - struct symbol *symbol; + Typetype type; + struct memhead *members; + struct symbol *symbol; + struct type *subtype; + struct tagtype tag; + struct range *range; }; typedef struct type Type; +struct objid { + const char *label; + int value; + struct objid *next; +}; + struct symbol { - char *name; - char *gen_name; - enum { SUndefined, SConstant, Stype } stype; - int constant; - Type *type; + char *name; + char *gen_name; + enum { SUndefined, SValue, Stype } stype; + struct value *value; + Type *type; }; typedef struct symbol Symbol; @@ -96,4 +141,5 @@ typedef struct symbol Symbol; void initsym (void); Symbol *addsym (char *); void output_name (char *); +int checkundefined(void); #endif diff --git a/source4/heimdal/lib/asn1/test.asn1 b/source4/heimdal/lib/asn1/test.asn1 new file mode 100644 index 0000000000..0010c8481e --- /dev/null +++ b/source4/heimdal/lib/asn1/test.asn1 @@ -0,0 +1,48 @@ +-- $Id: test.asn1,v 1.5 2005/07/21 20:48:27 lha Exp $ -- + +TEST DEFINITIONS ::= + +BEGIN + +TESTLargeTag ::= SEQUENCE { + foo[127] INTEGER (-2147483648..2147483647) +} + +TESTSeq ::= SEQUENCE { + tag0[0] INTEGER (-2147483648..2147483647), + tag1[1] TESTLargeTag, + tagless INTEGER (-2147483648..2147483647), + tag3[2] INTEGER (-2147483648..2147483647) +} + +TESTChoice1 ::= CHOICE { + i1[1] INTEGER (-2147483648..2147483647), + i2[2] INTEGER (-2147483648..2147483647), + ... +} + +TESTChoice2 ::= CHOICE { + i1[1] INTEGER (-2147483648..2147483647), + ... +} + +TESTInteger ::= INTEGER (-2147483648..2147483647) + +TESTInteger2 ::= [4] IMPLICIT TESTInteger +TESTInteger3 ::= [5] IMPLICIT TESTInteger2 + +TESTImplicit ::= SEQUENCE { + ti1[0] IMPLICIT INTEGER (-2147483648..2147483647), + ti2[1] IMPLICIT SEQUENCE { + foo[127] INTEGER (-2147483648..2147483647) + }, + ti3[2] IMPLICIT [5] IMPLICIT [4] IMPLICIT INTEGER (-2147483648..2147483647) +} + +TESTImplicit2 ::= SEQUENCE { + ti1[0] IMPLICIT TESTInteger, + ti2[1] IMPLICIT TESTLargeTag, + ti3[2] IMPLICIT TESTInteger3 +} + +END diff --git a/source4/heimdal/lib/asn1/test.gen b/source4/heimdal/lib/asn1/test.gen new file mode 100644 index 0000000000..9a1f354791 --- /dev/null +++ b/source4/heimdal/lib/asn1/test.gen @@ -0,0 +1,14 @@ +# $Id: test.gen,v 1.2 2005/07/12 06:27:41 lha Exp $ +# Sample for TESTSeq in test.asn1 +# + +UNIV CONS Sequence 23 + CONTEXT CONS 0 3 + UNIV PRIM Integer 1 01 + CONTEXT CONS 1 8 + UNIV CONS Sequence 6 + CONTEXT CONS 127 3 + UNIV PRIM Integer 1 01 + UNIV PRIM Integer 1 01 + CONTEXT CONS 2 3 + UNIV PRIM Integer 1 01 diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index d0440762a9..925615f244 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -1,85 +1,32 @@ - -#line 3 "lex.yy.c" - -#define YY_INT_ALIGNED short int - /* A lexical scanner generated by flex */ +/* Scanner skeleton version: + * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ + */ + #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 31 -#if YY_FLEX_SUBMINOR_VERSION > 0 -#define FLEX_BETA -#endif -/* First, we deal with platform-specific or compiler-specific issues. */ - -/* begin standard C headers. */ #include -#include -#include -#include - -/* end standard C headers. */ - -/* flex integer type definitions */ - -#ifndef FLEXINT_H -#define FLEXINT_H - -/* C99 systems have . Non-C99 systems may or may not. */ +#include -#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L -#include -typedef int8_t flex_int8_t; -typedef uint8_t flex_uint8_t; -typedef int16_t flex_int16_t; -typedef uint16_t flex_uint16_t; -typedef int32_t flex_int32_t; -typedef uint32_t flex_uint32_t; -#else -typedef signed char flex_int8_t; -typedef short int flex_int16_t; -typedef int flex_int32_t; -typedef unsigned char flex_uint8_t; -typedef unsigned short int flex_uint16_t; -typedef unsigned int flex_uint32_t; -#endif /* ! C99 */ -/* Limits of integral types. */ -#ifndef INT8_MIN -#define INT8_MIN (-128) -#endif -#ifndef INT16_MIN -#define INT16_MIN (-32767-1) -#endif -#ifndef INT32_MIN -#define INT32_MIN (-2147483647-1) -#endif -#ifndef INT8_MAX -#define INT8_MAX (127) -#endif -#ifndef INT16_MAX -#define INT16_MAX (32767) -#endif -#ifndef INT32_MAX -#define INT32_MAX (2147483647) -#endif -#ifndef UINT8_MAX -#define UINT8_MAX (255U) -#endif -#ifndef UINT16_MAX -#define UINT16_MAX (65535U) +/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ +#ifdef c_plusplus +#ifndef __cplusplus +#define __cplusplus #endif -#ifndef UINT32_MAX -#define UINT32_MAX (4294967295U) #endif -#endif /* ! FLEXINT_H */ #ifdef __cplusplus +#include + +/* Use prototypes in function declarations. */ +#define YY_USE_PROTOS + /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST @@ -87,17 +34,34 @@ typedef unsigned int flex_uint32_t; #if __STDC__ +#define YY_USE_PROTOS #define YY_USE_CONST #endif /* __STDC__ */ #endif /* ! __cplusplus */ +#ifdef __TURBOC__ + #pragma warn -rch + #pragma warn -use +#include +#include +#define YY_USE_CONST +#define YY_USE_PROTOS +#endif + #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif + +#ifdef YY_USE_PROTOS +#define YY_PROTO(proto) proto +#else +#define YY_PROTO(proto) () +#endif + /* Returned upon end-of-file. */ #define YY_NULL 0 @@ -112,71 +76,71 @@ typedef unsigned int flex_uint32_t; * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ -#define BEGIN (yy_start) = 1 + 2 * +#define BEGIN yy_start = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ -#define YY_START (((yy_start) - 1) / 2) +#define YY_START ((yy_start - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart(yyin ) +#define YY_NEW_FILE yyrestart( yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ -#ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 -#endif -#ifndef YY_TYPEDEF_YY_BUFFER_STATE -#define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; -#endif extern int yyleng; - extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 - #define YY_LESS_LINENO(n) - -/* Return all but the first "n" matched characters back to the input stream. */ +/* The funky do-while in the following #define is used to turn the definition + * int a single C statement (which needs a semi-colon terminator). This + * avoids problems with code like: + * + * if ( condition_holds ) + * yyless( 5 ); + * else + * do_something_else(); + * + * Prior to using the do-while the compiler would get upset at the + * "else" because it interpreted the "if" statement as being all + * done when it reached the ';' after the yyless() call. + */ + +/* Return all but the first 'n' matched characters back to the input stream. */ + #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - *yy_cp = (yy_hold_char); \ + *yy_cp = yy_hold_char; \ YY_RESTORE_YY_MORE_OFFSET \ - (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ + yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) -#define unput(c) yyunput( c, (yytext_ptr) ) +#define unput(c) yyunput( c, yytext_ptr ) /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). */ - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T typedef unsigned int yy_size_t; -#endif -#ifndef YY_STRUCT_YY_BUFFER_STATE -#define YY_STRUCT_YY_BUFFER_STATE + struct yy_buffer_state { FILE *yy_input_file; @@ -213,16 +177,12 @@ struct yy_buffer_state */ int yy_at_bol; - int yy_bs_lineno; /**< The line count. */ - int yy_bs_column; /**< The column count. */ - /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; - #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process @@ -236,33 +196,23 @@ struct yy_buffer_state * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 - }; -#endif /* !YY_STRUCT_YY_BUFFER_STATE */ -/* Stack of input buffers. */ -static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ -static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ -static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ +static YY_BUFFER_STATE yy_current_buffer = 0; /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". - * - * Returns the top of the stack, or NULL. */ -#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ - ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ - : NULL) +#define YY_CURRENT_BUFFER yy_current_buffer -/* Same as previous macro, but useful when we know that the buffer stack is not - * NULL or when we need an lvalue. For internal use only. - */ -#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; + static int yy_n_chars; /* number of characters read into yy_ch_buf */ + + int yyleng; /* Points to current character in buffer. */ @@ -275,92 +225,66 @@ static int yy_start = 0; /* start state number */ */ static int yy_did_buffer_switch_on_eof; -void yyrestart (FILE *input_file ); -void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); -YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); -void yy_delete_buffer (YY_BUFFER_STATE b ); -void yy_flush_buffer (YY_BUFFER_STATE b ); -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); -void yypop_buffer_state (void ); +void yyrestart YY_PROTO(( FILE *input_file )); -static void yyensure_buffer_stack (void ); -static void yy_load_buffer_state (void ); -static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); +void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); +void yy_load_buffer_state YY_PROTO(( void )); +YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); +void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); +void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); +void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); +#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) -#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) +YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); +YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); +YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); -YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); -YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); - -void *yyalloc (yy_size_t ); -void *yyrealloc (void *,yy_size_t ); -void yyfree (void * ); +static void *yy_flex_alloc YY_PROTO(( yy_size_t )); +static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); +static void yy_flex_free YY_PROTO(( void * )); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ - if ( ! YY_CURRENT_BUFFER ){ \ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ - if ( ! YY_CURRENT_BUFFER ){\ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_at_bol = at_bol; \ } -#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) - -/* Begin user sect3 */ +#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) typedef unsigned char YY_CHAR; - FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; - typedef int yy_state_type; - -extern int yylineno; - -int yylineno = 1; - extern char *yytext; #define yytext_ptr yytext -static yy_state_type yy_get_previous_state (void ); -static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); -static int yy_get_next_buffer (void ); -static void yy_fatal_error (yyconst char msg[] ); +static yy_state_type yy_get_previous_state YY_PROTO(( void )); +static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); +static int yy_get_next_buffer YY_PROTO(( void )); +static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ - (yytext_ptr) = yy_bp; \ - yyleng = (size_t) (yy_cp - yy_bp); \ - (yy_hold_char) = *yy_cp; \ + yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yy_hold_char = *yy_cp; \ *yy_cp = '\0'; \ - (yy_c_buf_p) = yy_cp; + yy_c_buf_p = yy_cp; #define YY_NUM_RULES 16 #define YY_END_OF_BUFFER 17 -/* This struct is not used in this scanner, - but its presence is necessary. */ -struct yy_trans_info - { - flex_int32_t yy_verify; - flex_int32_t yy_nxt; - }; -static yyconst flex_int16_t yy_accept[46] = +static yyconst short int yy_accept[46] = { 0, 0, 0, 17, 15, 11, 12, 13, 10, 9, 14, 14, 14, 14, 10, 9, 14, 3, 14, 14, 1, @@ -369,7 +293,7 @@ static yyconst flex_int16_t yy_accept[46] = 14, 4, 14, 2, 0 } ; -static yyconst flex_int32_t yy_ec[256] = +static yyconst int yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -401,14 +325,14 @@ static yyconst flex_int32_t yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst flex_int32_t yy_meta[23] = +static yyconst int yy_meta[23] = { 0, 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3 } ; -static yyconst flex_int16_t yy_base[48] = +static yyconst short int yy_base[48] = { 0, 0, 0, 56, 57, 57, 57, 57, 0, 49, 0, 12, 13, 34, 0, 47, 0, 0, 40, 31, 0, @@ -417,7 +341,7 @@ static yyconst flex_int16_t yy_base[48] = 12, 0, 14, 0, 57, 34, 23 } ; -static yyconst flex_int16_t yy_def[48] = +static yyconst short int yy_def[48] = { 0, 45, 1, 45, 45, 45, 45, 45, 46, 47, 47, 47, 47, 47, 46, 47, 47, 47, 47, 47, 47, @@ -426,7 +350,7 @@ static yyconst flex_int16_t yy_def[48] = 47, 47, 47, 47, 0, 45, 45 } ; -static yyconst flex_int16_t yy_nxt[80] = +static yyconst short int yy_nxt[80] = { 0, 4, 5, 6, 7, 8, 9, 10, 10, 10, 10, 10, 10, 11, 10, 12, 10, 10, 10, 13, 10, @@ -438,7 +362,7 @@ static yyconst flex_int16_t yy_nxt[80] = 45, 45, 45, 45, 45, 45, 45, 45, 45 } ; -static yyconst flex_int16_t yy_chk[80] = +static yyconst short int yy_chk[80] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -453,9 +377,6 @@ static yyconst flex_int16_t yy_chk[80] = static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; -extern int yy_flex_debug; -int yy_flex_debug = 0; - /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ @@ -465,6 +386,7 @@ int yy_flex_debug = 0; #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "lex.l" +#define INITIAL 0 #line 2 "lex.l" /* * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan @@ -520,21 +442,7 @@ static int getstring(void); #undef ECHO -#line 524 "lex.yy.c" - -#define INITIAL 0 - -#ifndef YY_NO_UNISTD_H -/* Special case for "unistd.h", since it is non-ANSI. We include it way - * down here because we want the user's section 1 to have been scanned first. - * The user has a chance to override it with an option. - */ -#include -#endif - -#ifndef YY_EXTRA_TYPE -#define YY_EXTRA_TYPE void * -#endif +#line 446 "lex.yy.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -542,30 +450,65 @@ static int getstring(void); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int yywrap (void ); +extern "C" int yywrap YY_PROTO(( void )); #else -extern int yywrap (void ); +extern int yywrap YY_PROTO(( void )); +#endif #endif + +#ifndef YY_NO_UNPUT +static void yyunput YY_PROTO(( int c, char *buf_ptr )); #endif - static void yyunput (int c,char *buf_ptr ); - #ifndef yytext_ptr -static void yy_flex_strncpy (char *,yyconst char *,int ); +static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * ); +static int yy_flex_strlen YY_PROTO(( yyconst char * )); #endif #ifndef YY_NO_INPUT - #ifdef __cplusplus -static int yyinput (void ); +static int yyinput YY_PROTO(( void )); #else -static int input (void ); +static int input YY_PROTO(( void )); +#endif +#endif + +#if YY_STACK_USED +static int yy_start_stack_ptr = 0; +static int yy_start_stack_depth = 0; +static int *yy_start_stack = 0; +#ifndef YY_NO_PUSH_STATE +static void yy_push_state YY_PROTO(( int new_state )); +#endif +#ifndef YY_NO_POP_STATE +static void yy_pop_state YY_PROTO(( void )); +#endif +#ifndef YY_NO_TOP_STATE +static int yy_top_state YY_PROTO(( void )); #endif +#else +#define YY_NO_PUSH_STATE 1 +#define YY_NO_POP_STATE 1 +#define YY_NO_TOP_STATE 1 +#endif + +#ifdef YY_MALLOC_DECL +YY_MALLOC_DECL +#else +#if __STDC__ +#ifndef __cplusplus +#include +#endif +#else +/* Just try to get by without declaring the routines. This will fail + * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) + * or sizeof(void*) != sizeof(int). + */ +#endif #endif /* Amount of stuff to slurp up with each read. */ @@ -574,6 +517,7 @@ static int input (void ); #endif /* Copy whatever the last rule matched to the standard output. */ + #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). @@ -586,10 +530,9 @@ static int input (void ); */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + if ( yy_current_buffer->yy_is_interactive ) \ { \ - int c = '*'; \ - size_t n; \ + int c = '*', n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -599,22 +542,9 @@ static int input (void ); YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ - else \ - { \ - errno=0; \ - while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ - { \ - if( errno != EINTR) \ - { \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - break; \ - } \ - errno=0; \ - clearerr(yyin); \ - } \ - }\ -\ - + else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ + && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - @@ -635,18 +565,12 @@ static int input (void ); #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif -/* end tables serialization structures and prototypes */ - /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL -#define YY_DECL_IS_OURS 1 - -extern int yylex (void); - -#define YY_DECL int yylex (void) -#endif /* !YY_DECL */ +#define YY_DECL int yylex YY_PROTO(( void )) +#endif /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. @@ -663,28 +587,26 @@ extern int yylex (void); #define YY_RULE_SETUP \ YY_USER_ACTION -/** The main scanner function which does all the work. - */ YY_DECL -{ + { register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; + register char *yy_cp = NULL, *yy_bp = NULL; register int yy_act; - + #line 59 "lex.l" -#line 677 "lex.yy.c" +#line 599 "lex.yy.c" - if ( (yy_init) ) + if ( yy_init ) { - (yy_init) = 0; + yy_init = 0; #ifdef YY_USER_INIT YY_USER_INIT; #endif - if ( ! (yy_start) ) - (yy_start) = 1; /* first start state */ + if ( ! yy_start ) + yy_start = 1; /* first start state */ if ( ! yyin ) yyin = stdin; @@ -692,36 +614,34 @@ YY_DECL if ( ! yyout ) yyout = stdout; - if ( ! YY_CURRENT_BUFFER ) { - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); - } + if ( ! yy_current_buffer ) + yy_current_buffer = + yy_create_buffer( yyin, YY_BUF_SIZE ); - yy_load_buffer_state( ); + yy_load_buffer_state(); } while ( 1 ) /* loops until end-of-file is reached */ { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; /* Support of yytext. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; - yy_current_state = (yy_start); + yy_current_state = yy_start; yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -738,22 +658,24 @@ yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; + do_action: /* This label is used only to access EOF actions. */ + switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = (yy_hold_char); - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + *yy_cp = yy_hold_char; + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; goto yy_find_action; case 1: @@ -812,7 +734,6 @@ YY_RULE_SETUP ; YY_BREAK case 12: -/* rule 12 can match eol */ YY_RULE_SETUP #line 71 "lex.l" { lineno++; } @@ -837,33 +758,33 @@ YY_RULE_SETUP #line 75 "lex.l" ECHO; YY_BREAK -#line 841 "lex.yy.c" +#line 762 "lex.yy.c" case YY_STATE_EOF(INITIAL): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; + int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; YY_RESTORE_YY_MORE_OFFSET - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure - * consistency between YY_CURRENT_BUFFER and our + * consistency between yy_current_buffer and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; + yy_n_chars = yy_current_buffer->yy_n_chars; + yy_current_buffer->yy_input_file = yyin; + yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position @@ -873,13 +794,13 @@ case YY_STATE_EOF(INITIAL): * end-of-buffer state). Contrast this with the test * in input(). */ - if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) { /* This was really a NUL. */ yy_state_type yy_next_state; - (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); /* Okay, we're now positioned to make the NUL * transition. We couldn't have @@ -892,30 +813,30 @@ case YY_STATE_EOF(INITIAL): yy_next_state = yy_try_NUL_trans( yy_current_state ); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_bp = yytext_ptr + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ - yy_cp = ++(yy_c_buf_p); + yy_cp = ++yy_c_buf_p; yy_current_state = yy_next_state; goto yy_match; } else { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; goto yy_find_action; } } - else switch ( yy_get_next_buffer( ) ) + else switch ( yy_get_next_buffer() ) { case EOB_ACT_END_OF_FILE: { - (yy_did_buffer_switch_on_eof) = 0; + yy_did_buffer_switch_on_eof = 0; - if ( yywrap( ) ) + if ( yywrap() ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -926,7 +847,7 @@ case YY_STATE_EOF(INITIAL): * YY_NULL, it'll still work - another * YY_NULL will get returned. */ - (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; + yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; @@ -934,30 +855,30 @@ case YY_STATE_EOF(INITIAL): else { - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = - (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = + yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: - (yy_c_buf_p) = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; + yy_c_buf_p = + &yy_current_buffer->yy_ch_buf[yy_n_chars]; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_find_action; } break; @@ -968,7 +889,8 @@ case YY_STATE_EOF(INITIAL): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ -} /* end of yylex */ + } /* end of yylex */ + /* yy_get_next_buffer - try to read in a new buffer * @@ -977,20 +899,21 @@ case YY_STATE_EOF(INITIAL): * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ -static int yy_get_next_buffer (void) -{ - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = (yytext_ptr); + +static int yy_get_next_buffer() + { + register char *dest = yy_current_buffer->yy_ch_buf; + register char *source = yytext_ptr; register int number_to_move, i; int ret_val; - if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) + if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); - if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) + if ( yy_current_buffer->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ - if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) + if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. @@ -1010,30 +933,34 @@ static int yy_get_next_buffer (void) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; + yy_current_buffer->yy_n_chars = yy_n_chars = 0; else { - size_t num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + int num_to_read = + yy_current_buffer->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ +#ifdef YY_USES_REJECT + YY_FATAL_ERROR( +"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); +#else /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + YY_BUFFER_STATE b = yy_current_buffer; int yy_c_buf_p_offset = - (int) ((yy_c_buf_p) - b->yy_ch_buf); + (int) (yy_c_buf_p - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { @@ -1046,7 +973,8 @@ static int yy_get_next_buffer (void) b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); + yy_flex_realloc( (void *) b->yy_ch_buf, + b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ @@ -1056,35 +984,35 @@ static int yy_get_next_buffer (void) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); - (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; + yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; - num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - + num_to_read = yy_current_buffer->yy_buf_size - number_to_move - 1; - +#endif } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ - YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), num_to_read ); + YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), + yy_n_chars, num_to_read ); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + yy_current_buffer->yy_n_chars = yy_n_chars; } - if ( (yy_n_chars) == 0 ) + if ( yy_n_chars == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - yyrestart(yyin ); + yyrestart( yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = + yy_current_buffer->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } @@ -1092,31 +1020,32 @@ static int yy_get_next_buffer (void) else ret_val = EOB_ACT_CONTINUE_SCAN; - (yy_n_chars) += number_to_move; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; + yy_n_chars += number_to_move; + yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; + yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; - (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; + yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; return ret_val; -} + } + /* yy_get_previous_state - get the state just before the EOB char was reached */ - static yy_state_type yy_get_previous_state (void) -{ +static yy_state_type yy_get_previous_state() + { register yy_state_type yy_current_state; register char *yy_cp; - - yy_current_state = (yy_start); - for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) + yy_current_state = yy_start; + + for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1128,23 +1057,30 @@ static int yy_get_next_buffer (void) } return yy_current_state; -} + } + /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ - static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) -{ + +#ifdef YY_USE_PROTOS +static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) +#else +static yy_state_type yy_try_NUL_trans( yy_current_state ) +yy_state_type yy_current_state; +#endif + { register int yy_is_jam; - register char *yy_cp = (yy_c_buf_p); + register char *yy_cp = yy_c_buf_p; register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1156,73 +1092,81 @@ static int yy_get_next_buffer (void) yy_is_jam = (yy_current_state == 45); return yy_is_jam ? 0 : yy_current_state; -} + } - static void yyunput (int c, register char * yy_bp ) -{ - register char *yy_cp; - - yy_cp = (yy_c_buf_p); + +#ifndef YY_NO_UNPUT +#ifdef YY_USE_PROTOS +static void yyunput( int c, register char *yy_bp ) +#else +static void yyunput( c, yy_bp ) +int c; +register char *yy_bp; +#endif + { + register char *yy_cp = yy_c_buf_p; /* undo effects of setting up yytext */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; + register int number_to_move = yy_n_chars + 2; + register char *dest = &yy_current_buffer->yy_ch_buf[ + yy_current_buffer->yy_buf_size + 2]; register char *source = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; + &yy_current_buffer->yy_ch_buf[number_to_move]; - while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + while ( source > yy_current_buffer->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + yy_current_buffer->yy_n_chars = + yy_n_chars = yy_current_buffer->yy_buf_size; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; - (yytext_ptr) = yy_bp; - (yy_hold_char) = *yy_cp; - (yy_c_buf_p) = yy_cp; -} + + yytext_ptr = yy_bp; + yy_hold_char = *yy_cp; + yy_c_buf_p = yy_cp; + } +#endif /* ifndef YY_NO_UNPUT */ + #ifndef YY_NO_INPUT #ifdef __cplusplus - static int yyinput (void) +static int yyinput() #else - static int input (void) +static int input() #endif - -{ + { int c; - - *(yy_c_buf_p) = (yy_hold_char); - if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) + *yy_c_buf_p = yy_hold_char; + + if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ - if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) /* This was really a NUL. */ - *(yy_c_buf_p) = '\0'; + *yy_c_buf_p = '\0'; else { /* need more input */ - int offset = (yy_c_buf_p) - (yytext_ptr); - ++(yy_c_buf_p); + int offset = yy_c_buf_p - yytext_ptr; + ++yy_c_buf_p; - switch ( yy_get_next_buffer( ) ) + switch ( yy_get_next_buffer() ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() @@ -1236,16 +1180,16 @@ static int yy_get_next_buffer (void) */ /* Reset buffer status. */ - yyrestart(yyin ); + yyrestart( yyin ); - /*FALLTHROUGH*/ + /* fall through */ case EOB_ACT_END_OF_FILE: { - if ( yywrap( ) ) + if ( yywrap() ) return EOF; - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); @@ -1255,92 +1199,90 @@ static int yy_get_next_buffer (void) } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = (yytext_ptr) + offset; + yy_c_buf_p = yytext_ptr + offset; break; } } } - c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ - *(yy_c_buf_p) = '\0'; /* preserve yytext */ - (yy_hold_char) = *++(yy_c_buf_p); + c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ + *yy_c_buf_p = '\0'; /* preserve yytext */ + yy_hold_char = *++yy_c_buf_p; + return c; -} -#endif /* ifndef YY_NO_INPUT */ + } +#endif /* YY_NO_INPUT */ -/** Immediately switch to a different input stream. - * @param input_file A readable stream. - * - * @note This function does not reset the start condition to @c INITIAL . - */ - void yyrestart (FILE * input_file ) -{ - - if ( ! YY_CURRENT_BUFFER ){ - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); +#ifdef YY_USE_PROTOS +void yyrestart( FILE *input_file ) +#else +void yyrestart( input_file ) +FILE *input_file; +#endif + { + if ( ! yy_current_buffer ) + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); + + yy_init_buffer( yy_current_buffer, input_file ); + yy_load_buffer_state(); } - yy_init_buffer(YY_CURRENT_BUFFER,input_file ); - yy_load_buffer_state( ); -} -/** Switch to a different input buffer. - * @param new_buffer The new input buffer. - * - */ - void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) -{ - - /* TODO. We should be able to replace this entire function body - * with - * yypop_buffer_state(); - * yypush_buffer_state(new_buffer); - */ - yyensure_buffer_stack (); - if ( YY_CURRENT_BUFFER == new_buffer ) +#ifdef YY_USE_PROTOS +void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) +#else +void yy_switch_to_buffer( new_buffer ) +YY_BUFFER_STATE new_buffer; +#endif + { + if ( yy_current_buffer == new_buffer ) return; - if ( YY_CURRENT_BUFFER ) + if ( yy_current_buffer ) { /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + *yy_c_buf_p = yy_hold_char; + yy_current_buffer->yy_buf_pos = yy_c_buf_p; + yy_current_buffer->yy_n_chars = yy_n_chars; } - YY_CURRENT_BUFFER_LVALUE = new_buffer; - yy_load_buffer_state( ); + yy_current_buffer = new_buffer; + yy_load_buffer_state(); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ - (yy_did_buffer_switch_on_eof) = 1; -} + yy_did_buffer_switch_on_eof = 1; + } -static void yy_load_buffer_state (void) -{ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; - yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; - (yy_hold_char) = *(yy_c_buf_p); -} -/** Allocate and initialize an input buffer state. - * @param file A readable stream. - * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. - * - * @return the allocated buffer state. - */ - YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) -{ +#ifdef YY_USE_PROTOS +void yy_load_buffer_state( void ) +#else +void yy_load_buffer_state() +#endif + { + yy_n_chars = yy_current_buffer->yy_n_chars; + yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; + yyin = yy_current_buffer->yy_input_file; + yy_hold_char = *yy_c_buf_p; + } + + +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) +#else +YY_BUFFER_STATE yy_create_buffer( file, size ) +FILE *file; +int size; +#endif + { YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); @@ -1349,75 +1291,75 @@ static void yy_load_buffer_state (void) /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); + b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - yy_init_buffer(b,file ); + yy_init_buffer( b, file ); return b; -} + } -/** Destroy the buffer. - * @param b a buffer created with yy_create_buffer() - * - */ - void yy_delete_buffer (YY_BUFFER_STATE b ) -{ - + +#ifdef YY_USE_PROTOS +void yy_delete_buffer( YY_BUFFER_STATE b ) +#else +void yy_delete_buffer( b ) +YY_BUFFER_STATE b; +#endif + { if ( ! b ) return; - if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ - YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; + if ( b == yy_current_buffer ) + yy_current_buffer = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - yyfree((void *) b->yy_ch_buf ); + yy_flex_free( (void *) b->yy_ch_buf ); - yyfree((void *) b ); -} + yy_flex_free( (void *) b ); + } -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* Initializes or reinitializes a buffer. - * This function is sometimes called more than once on the same buffer, - * such as during a yyrestart() or at EOF. - */ - static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) -{ - int oerrno = errno; - - yy_flush_buffer(b ); + +#ifdef YY_USE_PROTOS +void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) +#else +void yy_init_buffer( b, file ) +YY_BUFFER_STATE b; +FILE *file; +#endif + + + { + yy_flush_buffer( b ); b->yy_input_file = file; b->yy_fill_buffer = 1; - /* If b is the current buffer, then yy_init_buffer was _probably_ - * called from yyrestart() or through yy_get_next_buffer. - * In that case, we don't want to reset the lineno or column. - */ - if (b != YY_CURRENT_BUFFER){ - b->yy_bs_lineno = 1; - b->yy_bs_column = 0; - } +#if YY_ALWAYS_INTERACTIVE + b->yy_is_interactive = 1; +#else +#if YY_NEVER_INTERACTIVE + b->yy_is_interactive = 0; +#else + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; +#endif +#endif + } - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; - - errno = oerrno; -} -/** Discard all buffered characters. On the next scan, YY_INPUT will be called. - * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. - * - */ - void yy_flush_buffer (YY_BUFFER_STATE b ) -{ - if ( ! b ) +#ifdef YY_USE_PROTOS +void yy_flush_buffer( YY_BUFFER_STATE b ) +#else +void yy_flush_buffer( b ) +YY_BUFFER_STATE b; +#endif + + { + if ( ! b ) return; b->yy_n_chars = 0; @@ -1434,121 +1376,29 @@ extern int isatty (int ); b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; - if ( b == YY_CURRENT_BUFFER ) - yy_load_buffer_state( ); -} - -/** Pushes the new state onto the stack. The new state becomes - * the current state. This function will allocate the stack - * if necessary. - * @param new_buffer The new state. - * - */ -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) -{ - if (new_buffer == NULL) - return; - - yyensure_buffer_stack(); - - /* This block is copied from yy_switch_to_buffer. */ - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - /* Only push if top exists. Otherwise, replace top. */ - if (YY_CURRENT_BUFFER) - (yy_buffer_stack_top)++; - YY_CURRENT_BUFFER_LVALUE = new_buffer; - - /* copied from yy_switch_to_buffer. */ - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; -} - -/** Removes and deletes the top of the stack, if present. - * The next element becomes the new top. - * - */ -void yypop_buffer_state (void) -{ - if (!YY_CURRENT_BUFFER) - return; - - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - if ((yy_buffer_stack_top) > 0) - --(yy_buffer_stack_top); - - if (YY_CURRENT_BUFFER) { - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; + if ( b == yy_current_buffer ) + yy_load_buffer_state(); } -} -/* Allocates the stack if it does not exist. - * Guarantees space for at least one push. - */ -static void yyensure_buffer_stack (void) -{ - int num_to_alloc; - - if (!(yy_buffer_stack)) { - - /* First allocation is just for 2 elements, since we don't know if this - * scanner will even need a stack. We use 2 instead of 1 to avoid an - * immediate realloc on the next call. - */ - num_to_alloc = 1; - (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc - (num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - - (yy_buffer_stack_max) = num_to_alloc; - (yy_buffer_stack_top) = 0; - return; - } - - if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ - - /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; - num_to_alloc = (yy_buffer_stack_max) + grow_size; - (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc - ((yy_buffer_stack), - num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - /* zero only the new slots.*/ - memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); - (yy_buffer_stack_max) = num_to_alloc; - } -} - -/** Setup the input buffer state to scan directly from a user-specified character buffer. - * @param base the character buffer - * @param size the size in bytes of the character buffer - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) -{ +#ifndef YY_NO_SCAN_BUFFER +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) +#else +YY_BUFFER_STATE yy_scan_buffer( base, size ) +char *base; +yy_size_t size; +#endif + { YY_BUFFER_STATE b; - + if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); @@ -1562,42 +1412,47 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - yy_switch_to_buffer(b ); + yy_switch_to_buffer( b ); return b; -} + } +#endif -/** Setup the input buffer state to scan a string. The next call to yylex() will - * scan from a @e copy of @a str. - * @param str a NUL-terminated string to scan - * - * @return the newly allocated buffer state object. - * @note If you want to scan bytes that may contain NUL values, then use - * yy_scan_bytes() instead. - */ -YY_BUFFER_STATE yy_scan_string (yyconst char * yy_str ) -{ - - return yy_scan_bytes(yy_str,strlen(yy_str) ); -} -/** Setup the input buffer state to scan the given bytes. The next call to yylex() will - * scan from a @e copy of @a bytes. - * @param bytes the byte buffer to scan - * @param len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) -{ +#ifndef YY_NO_SCAN_STRING +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) +#else +YY_BUFFER_STATE yy_scan_string( yy_str ) +yyconst char *yy_str; +#endif + { + int len; + for ( len = 0; yy_str[len]; ++len ) + ; + + return yy_scan_bytes( yy_str, len ); + } +#endif + + +#ifndef YY_NO_SCAN_BYTES +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) +#else +YY_BUFFER_STATE yy_scan_bytes( bytes, len ) +yyconst char *bytes; +int len; +#endif + { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; - + /* Get memory for full buffer, including space for trailing EOB's. */ n = len + 2; - buf = (char *) yyalloc(n ); + buf = (char *) yy_flex_alloc( n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); @@ -1606,7 +1461,7 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; - b = yy_scan_buffer(buf,n ); + b = yy_scan_buffer( buf, n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); @@ -1616,164 +1471,148 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) b->yy_is_our_buffer = 1; return b; -} + } +#endif -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 + +#ifndef YY_NO_PUSH_STATE +#ifdef YY_USE_PROTOS +static void yy_push_state( int new_state ) +#else +static void yy_push_state( new_state ) +int new_state; #endif + { + if ( yy_start_stack_ptr >= yy_start_stack_depth ) + { + yy_size_t new_size; -static void yy_fatal_error (yyconst char* msg ) -{ - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); -} + yy_start_stack_depth += YY_START_STACK_INCR; + new_size = yy_start_stack_depth * sizeof( int ); -/* Redefine yyless() so it works in section 3 code. */ + if ( ! yy_start_stack ) + yy_start_stack = (int *) yy_flex_alloc( new_size ); -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - yytext[yyleng] = (yy_hold_char); \ - (yy_c_buf_p) = yytext + yyless_macro_arg; \ - (yy_hold_char) = *(yy_c_buf_p); \ - *(yy_c_buf_p) = '\0'; \ - yyleng = yyless_macro_arg; \ - } \ - while ( 0 ) + else + yy_start_stack = (int *) yy_flex_realloc( + (void *) yy_start_stack, new_size ); -/* Accessor methods (get/set functions) to struct members. */ + if ( ! yy_start_stack ) + YY_FATAL_ERROR( + "out of memory expanding start-condition stack" ); + } -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} + yy_start_stack[yy_start_stack_ptr++] = YY_START; -/** Get the input stream. - * - */ -FILE *yyget_in (void) -{ - return yyin; -} + BEGIN(new_state); + } +#endif -/** Get the output stream. - * - */ -FILE *yyget_out (void) -{ - return yyout; -} -/** Get the length of the current token. - * - */ -int yyget_leng (void) -{ - return yyleng; -} +#ifndef YY_NO_POP_STATE +static void yy_pop_state() + { + if ( --yy_start_stack_ptr < 0 ) + YY_FATAL_ERROR( "start-condition stack underflow" ); -/** Get the current token. - * - */ + BEGIN(yy_start_stack[yy_start_stack_ptr]); + } +#endif -char *yyget_text (void) -{ - return yytext; -} -/** Set the current line number. - * @param line_number - * - */ -void yyset_lineno (int line_number ) -{ - - yylineno = line_number; -} +#ifndef YY_NO_TOP_STATE +static int yy_top_state() + { + return yy_start_stack[yy_start_stack_ptr - 1]; + } +#endif -/** Set the input stream. This does not discard the current - * input buffer. - * @param in_str A readable stream. - * - * @see yy_switch_to_buffer - */ -void yyset_in (FILE * in_str ) -{ - yyin = in_str ; -} +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif -void yyset_out (FILE * out_str ) -{ - yyout = out_str ; -} +#ifdef YY_USE_PROTOS +static void yy_fatal_error( yyconst char msg[] ) +#else +static void yy_fatal_error( msg ) +char msg[]; +#endif + { + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); + } -int yyget_debug (void) -{ - return yy_flex_debug; -} -void yyset_debug (int bdebug ) -{ - yy_flex_debug = bdebug ; -} -/* yylex_destroy is for both reentrant and non-reentrant scanners. */ -int yylex_destroy (void) -{ - - /* Pop the buffer stack, destroying each element. */ - while(YY_CURRENT_BUFFER){ - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - yypop_buffer_state(); - } +/* Redefine yyless() so it works in section 3 code. */ - /* Destroy the stack itself. */ - yyfree((yy_buffer_stack) ); - (yy_buffer_stack) = NULL; +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + yytext[yyleng] = yy_hold_char; \ + yy_c_buf_p = yytext + n; \ + yy_hold_char = *yy_c_buf_p; \ + *yy_c_buf_p = '\0'; \ + yyleng = n; \ + } \ + while ( 0 ) - return 0; -} -/* - * Internal utility routines. - */ +/* Internal utility routines. */ #ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) -{ +#ifdef YY_USE_PROTOS +static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) +#else +static void yy_flex_strncpy( s1, s2, n ) +char *s1; +yyconst char *s2; +int n; +#endif + { register int i; - for ( i = 0; i < n; ++i ) + for ( i = 0; i < n; ++i ) s1[i] = s2[i]; -} + } #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * s ) -{ +#ifdef YY_USE_PROTOS +static int yy_flex_strlen( yyconst char *s ) +#else +static int yy_flex_strlen( s ) +yyconst char *s; +#endif + { register int n; - for ( n = 0; s[n]; ++n ) + for ( n = 0; s[n]; ++n ) ; return n; -} + } #endif -void *yyalloc (yy_size_t size ) -{ + +#ifdef YY_USE_PROTOS +static void *yy_flex_alloc( yy_size_t size ) +#else +static void *yy_flex_alloc( size ) +yy_size_t size; +#endif + { return (void *) malloc( size ); -} + } -void *yyrealloc (void * ptr, yy_size_t size ) -{ +#ifdef YY_USE_PROTOS +static void *yy_flex_realloc( void *ptr, yy_size_t size ) +#else +static void *yy_flex_realloc( ptr, size ) +void *ptr; +yy_size_t size; +#endif + { /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -1782,31 +1621,28 @@ void *yyrealloc (void * ptr, yy_size_t size ) * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); -} - -void yyfree (void * ptr ) -{ - free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ -} - -#define YYTABLES_NAME "yytables" + } -#undef YY_NEW_FILE -#undef YY_FLUSH_BUFFER -#undef yy_set_bol -#undef yy_new_buffer -#undef yy_set_interactive -#undef yytext_ptr -#undef YY_DO_BEFORE_ACTION +#ifdef YY_USE_PROTOS +static void yy_flex_free( void *ptr ) +#else +static void yy_flex_free( ptr ) +void *ptr; +#endif + { + free( ptr ); + } -#ifdef YY_DECL_IS_OURS -#undef YY_DECL_IS_OURS -#undef YY_DECL +#if YY_MAIN +int main() + { + yylex(); + return 0; + } #endif #line 75 "lex.l" - #ifndef yywrap /* XXX */ int yywrap () @@ -1859,4 +1695,3 @@ error_message (const char *format, ...) va_end (args); numerror++; } - diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c index c732867d09..42455097c9 100644 --- a/source4/heimdal/lib/com_err/parse.c +++ b/source4/heimdal/lib/com_err/parse.c @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 1.875d. */ +/* A Bison parser, made by GNU Bison 1.875c. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -209,7 +209,7 @@ typedef union YYSTYPE { /* A type that is properly aligned for any stack member. */ union yyalloc { - short int yyss; + short yyss; YYSTYPE yyvs; }; @@ -219,7 +219,7 @@ union yyalloc /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ - ((N) * (sizeof (short int) + sizeof (YYSTYPE)) \ + ((N) * (sizeof (short) + sizeof (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) /* Copy COUNT objects from FROM to TO. The source and destination do @@ -261,7 +261,7 @@ union yyalloc #if defined (__STDC__) || defined (__cplusplus) typedef signed char yysigned_char; #else - typedef short int yysigned_char; + typedef short yysigned_char; #endif /* YYFINAL -- State number of the termination state. */ @@ -358,7 +358,7 @@ static const char *const yytname[] = # ifdef YYPRINT /* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to token YYLEX-NUM. */ -static const unsigned short int yytoknum[] = +static const unsigned short yytoknum[] = { 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 44 @@ -550,12 +550,12 @@ do { \ #if defined (__STDC__) || defined (__cplusplus) static void -yy_stack_print (short int *bottom, short int *top) +yy_stack_print (short *bottom, short *top) #else static void yy_stack_print (bottom, top) - short int *bottom; - short int *top; + short *bottom; + short *top; #endif { YYFPRINTF (stderr, "Stack now"); @@ -822,9 +822,9 @@ yyparse () to reallocate them elsewhere. */ /* The state stack. */ - short int yyssa[YYINITDEPTH]; - short int *yyss = yyssa; - register short int *yyssp; + short yyssa[YYINITDEPTH]; + short *yyss = yyssa; + register short *yyssp; /* The semantic value stack. */ YYSTYPE yyvsa[YYINITDEPTH]; @@ -861,7 +861,6 @@ yyparse () yyssp = yyss; yyvsp = yyvs; - goto yysetstate; /*------------------------------------------------------------. @@ -887,7 +886,7 @@ yyparse () these so that the &'s don't force the real ones into memory. */ YYSTYPE *yyvs1 = yyvs; - short int *yyss1 = yyss; + short *yyss1 = yyss; /* Each stack pointer address is followed by the size of the @@ -915,7 +914,7 @@ yyparse () yystacksize = YYMAXDEPTH; { - short int *yyss1 = yyss; + short *yyss1 = yyss; union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) @@ -1134,8 +1133,8 @@ yyreduce: } -/* Line 1010 of yacc.c. */ -#line 1139 "$base.c" +/* Line 1000 of yacc.c. */ +#line 1138 "$base.c" yyvsp -= yylen; yyssp -= yylen; diff --git a/source4/heimdal/lib/com_err/parse.h b/source4/heimdal/lib/com_err/parse.h index a9ee7c7c9b..309c272499 100644 --- a/source4/heimdal/lib/com_err/parse.h +++ b/source4/heimdal/lib/com_err/parse.h @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 1.875d. */ +/* A Bison parser, made by GNU Bison 1.875c. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -57,7 +57,7 @@ typedef union YYSTYPE { char *string; int number; } YYSTYPE; -/* Line 1285 of yacc.c. */ +/* Line 1275 of yacc.c. */ #line 62 "parse.h" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 diff --git a/source4/heimdal/lib/des/des.c b/source4/heimdal/lib/des/des.c index 66d2bf4f4e..b615bbd30e 100644 --- a/source4/heimdal/lib/des/des.c +++ b/source4/heimdal/lib/des/des.c @@ -45,7 +45,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: des.c,v 1.14 2005/06/18 22:47:17 lha Exp $"); +RCSID("$Id: des.c,v 1.15 2005/07/20 10:49:22 lha Exp $"); #endif #include @@ -267,9 +267,11 @@ DES_ecb_encrypt(DES_cblock *input, DES_cblock *output, */ void -DES_cbc_encrypt(unsigned char *input, unsigned char *output, long length, +DES_cbc_encrypt(const void *in, void *out, long length, DES_key_schedule *ks, DES_cblock *iv, int forward_encrypt) { + const unsigned char *input = in; + unsigned char *output = out; uint32_t u[2]; uint32_t uiv[2]; @@ -328,9 +330,11 @@ DES_cbc_encrypt(unsigned char *input, unsigned char *output, long length, */ void -DES_pcbc_encrypt(unsigned char *input, unsigned char *output, long length, +DES_pcbc_encrypt(const void *in, void *out, long length, DES_key_schedule *ks, DES_cblock *iv, int forward_encrypt) { + const unsigned char *input = in; + unsigned char *output = out; uint32_t u[2]; uint32_t uiv[2]; @@ -430,11 +434,13 @@ DES_ecb3_encrypt(DES_cblock *input, */ void -DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, +DES_ede3_cbc_encrypt(const void *in, void *out, long length, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *iv, int forward_encrypt) { + const unsigned char *input = in; + unsigned char *output = out; uint32_t u[2]; uint32_t uiv[2]; @@ -494,10 +500,12 @@ DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, */ void -DES_cfb64_encrypt(unsigned char *input, unsigned char *output, +DES_cfb64_encrypt(const void *in, void *out, long length, DES_key_schedule *ks, DES_cblock *iv, int *num, int forward_encrypt) { + const unsigned char *input = in; + unsigned char *output = out; unsigned char tmp[DES_CBLOCK_LEN]; uint32_t uiv[2]; @@ -555,9 +563,10 @@ DES_cfb64_encrypt(unsigned char *input, unsigned char *output, */ uint32_t -DES_cbc_cksum(const unsigned char *input, DES_cblock *output, +DES_cbc_cksum(const void *in, DES_cblock *output, long length, DES_key_schedule *ks, DES_cblock *iv) { + const unsigned char *input = in; uint32_t uiv[2]; uint32_t u[2] = { 0, 0 }; diff --git a/source4/heimdal/lib/des/des.h b/source4/heimdal/lib/des/des.h index 378c77572c..887c2e14d4 100644 --- a/source4/heimdal/lib/des/des.h +++ b/source4/heimdal/lib/des/des.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: des.h,v 1.23 2005/04/30 14:09:50 lha Exp $ */ +/* $Id: des.h,v 1.24 2005/07/20 10:49:23 lha Exp $ */ #ifndef _DESperate_H #define _DESperate_H 1 @@ -59,10 +59,10 @@ int DES_read_password(DES_cblock *, char *, int); int UI_UTIL_read_pw_string(char *, int, const char *, int); /* XXX */ -void DES_rand_data(unsigned char *, int); +void DES_rand_data(void *, int); void DES_set_random_generator_seed(DES_cblock *); void DES_generate_random_block(DES_cblock *); -void DES_set_sequence_number(unsigned char *); +void DES_set_sequence_number(void *); void DES_init_random_number_generator(DES_cblock *); void DES_random_key(DES_cblock *); @@ -71,18 +71,18 @@ void DES_encrypt(uint32_t [2], DES_key_schedule *, int); void DES_ecb_encrypt(DES_cblock *, DES_cblock *, DES_key_schedule *, int); void DES_ecb3_encrypt(DES_cblock *,DES_cblock *, DES_key_schedule *, DES_key_schedule *, DES_key_schedule *, int); -void DES_pcbc_encrypt(unsigned char *, unsigned char *, long, +void DES_pcbc_encrypt(const void *, void *, long, DES_key_schedule *, DES_cblock *, int); -void DES_cbc_encrypt(unsigned char *, unsigned char *, long, +void DES_cbc_encrypt(const void *, void *, long, DES_key_schedule *, DES_cblock *, int); -void DES_ede3_cbc_encrypt(const unsigned char *, unsigned char *, long, +void DES_ede3_cbc_encrypt(const void *, void *, long, DES_key_schedule *, DES_key_schedule *, DES_key_schedule *, DES_cblock *, int); -void DES_cfb64_encrypt(unsigned char *, unsigned char *, long, +void DES_cfb64_encrypt(const void *, void *, long, DES_key_schedule *, DES_cblock *, int *, int); -uint32_t DES_cbc_cksum(const unsigned char *, DES_cblock *, +uint32_t DES_cbc_cksum(const void *, DES_cblock *, long, DES_key_schedule *, DES_cblock *); diff --git a/source4/heimdal/lib/des/rnd_keys.c b/source4/heimdal/lib/des/rnd_keys.c index 49d8838a10..63dddeb8ce 100644 --- a/source4/heimdal/lib/des/rnd_keys.c +++ b/source4/heimdal/lib/des/rnd_keys.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: rnd_keys.c,v 1.68 2005/06/29 22:28:10 lha Exp $"); +RCSID("$Id: rnd_keys.c,v 1.69 2005/07/20 10:49:24 lha Exp $"); #endif #ifdef KRB5 @@ -240,8 +240,9 @@ static RETSIGTYPE * It's not neccessary to be root to run it. */ void -DES_rand_data(unsigned char *data, int size) +DES_rand_data(void *outdata, int size) { + unsigned char *data = outdata; struct itimerval tv, otv; RETSIGTYPE (*osa)(int); int i, j; @@ -388,7 +389,7 @@ memcpy((char *)sequence_index, (ll), sizeof(sequence_index)); * Set the sequnce number to this value (a long long). */ void -DES_set_sequence_number(unsigned char *ll) +DES_set_sequence_number(void *ll) { set_sequence_number(ll); } diff --git a/source4/heimdal/lib/gssapi/accept_sec_context.c b/source4/heimdal/lib/gssapi/accept_sec_context.c index 6672f3fc67..2ba2415112 100644 --- a/source4/heimdal/lib/gssapi/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/accept_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -1051,28 +1051,27 @@ spnego_accept_sec_context } OM_uint32 -gss_accept_sec_context( - OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - const gss_cred_id_t acceptor_cred_handle, - const gss_buffer_t input_token, - const gss_channel_bindings_t input_chan_bindings, - gss_name_t * src_name, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec, - gss_cred_id_t * delegated_cred_handle) +gss_accept_sec_context + (OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token_buffer, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t * src_name, + gss_OID * mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec, + gss_cred_id_t * delegated_cred_handle + ) { - ssize_t mech_len; - const u_char *p; - - GSSAPI_KRB5_INIT (); + ssize_t mech_len; + const u_char *p; - *minor_status = 0; + *minor_status = 0; if (src_name) *src_name = GSS_C_NO_NAME; - if (actual_mech_type) *actual_mech_type = GSS_C_NO_OID; + if (mech_type) *mech_type = GSS_C_NO_OID; output_token->length = 0; output_token->value = NULL; @@ -1081,8 +1080,8 @@ gss_accept_sec_context( if (time_rec) *time_rec = 0; if (delegated_cred_handle) *delegated_cred_handle = NULL; - mech_len = gssapi_krb5_get_mech(input_token->value, - input_token->length, + mech_len = gssapi_krb5_get_mech(input_token_buffer->value, + input_token_buffer->length, &p); /* This could be 'dce style' kerberos, where the OID is missing :-( */ @@ -1091,10 +1090,10 @@ gss_accept_sec_context( return gsskrb5_accept_sec_context(minor_status, context_handle, acceptor_cred_handle, - input_token, + input_token_buffer, input_chan_bindings, src_name, - actual_mech_type, + mech_type, output_token, ret_flags, time_rec, @@ -1104,10 +1103,10 @@ gss_accept_sec_context( return spnego_accept_sec_context(minor_status, context_handle, acceptor_cred_handle, - input_token, + input_token_buffer, input_chan_bindings, src_name, - actual_mech_type, + mech_type, output_token, ret_flags, time_rec, diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c index c7e4aa50d6..0376ca30bf 100644 --- a/source4/heimdal/lib/gssapi/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/init_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: init_sec_context.c,v 1.57 2005/05/30 20:58:29 lha Exp $"); +RCSID("$Id: init_sec_context.c,v 1.58 2005/07/13 07:00:15 lha Exp $"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -41,9 +41,8 @@ RCSID("$Id: init_sec_context.c,v 1.57 2005/05/30 20:58:29 lha Exp $"); */ static OM_uint32 -gsskrb5_set_addresses( - krb5_auth_context ac, - const gss_channel_bindings_t input_chan_bindings) +set_addresses (krb5_auth_context ac, + const gss_channel_bindings_t input_chan_bindings) { /* Port numbers are expected to be in application_data.value, * initator's port first */ @@ -136,8 +135,8 @@ _gsskrb5_create_ctx( return GSS_S_FAILURE; } - kret = gsskrb5_set_addresses((*context_handle)->auth_context, - input_chan_bindings); + kret = set_addresses((*context_handle)->auth_context, + input_chan_bindings); if (kret) { *minor_status = kret; @@ -278,13 +277,12 @@ gsskrb5_initiator_ready( */ static void -gsskrb5_do_delegation( - krb5_auth_context ac, - krb5_ccache ccache, - krb5_creds *cred, - const gss_name_t target_name, - krb5_data *fwd_data, - int *flags) +do_delegation (krb5_auth_context ac, + krb5_ccache ccache, + krb5_creds *cred, + const gss_name_t target_name, + krb5_data *fwd_data, + int *flags) { krb5_creds creds; krb5_kdc_flags fwd_flags; @@ -292,7 +290,7 @@ gsskrb5_do_delegation( memset (&creds, 0, sizeof(creds)); krb5_data_zero (fwd_data); - + kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, &creds.client); if (kret) goto out; @@ -342,34 +340,35 @@ gsskrb5_do_delegation( */ static OM_uint32 -gsskrb5_initiator_start( - OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec) +gsskrb5_initiator_start +(OM_uint32 * minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec + ) { - OM_uint32 ret = GSS_S_FAILURE; - krb5_error_code kret; - krb5_flags ap_options; - krb5_creds *cred = NULL; - krb5_data outbuf; - krb5_ccache ccache = NULL; - u_int32_t flags; - krb5_data authenticator; - Checksum cksum; - krb5_enctype enctype; - krb5_data fwd_data; - - krb5_data_zero(&outbuf); - krb5_data_zero(&fwd_data); + OM_uint32 ret = GSS_S_FAILURE; + krb5_error_code kret; + krb5_flags ap_options; + krb5_creds *cred = NULL; + krb5_data outbuf; + krb5_ccache ccache = NULL; + u_int32_t flags; + krb5_data authenticator; + Checksum cksum; + krb5_enctype enctype; + krb5_data fwd_data; + + krb5_data_zero(&outbuf); + krb5_data_zero(&fwd_data); (*context_handle)->more_flags |= LOCAL; @@ -425,7 +424,7 @@ gsskrb5_initiator_start( ap_options = 0; if (req_flags & GSS_C_DELEG_FLAG) { - gsskrb5_do_delegation((*context_handle)->auth_context, + do_delegation((*context_handle)->auth_context, ccache, cred, target_name, &fwd_data, &flags); } @@ -681,20 +680,21 @@ gsskrb5_initiator_wait_for_mutual( } static OM_uint32 -gsskrb5_init_sec_context( - OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec) +gsskrb5_init_sec_context + (OM_uint32 * minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec + ) { OM_uint32 ret; @@ -1076,9 +1076,7 @@ spnego_initial ni.mechListMIC = NULL; -#if 0 { - int ret; NegotiationToken nt; nt.element = choice_NegotiationToken_negTokenInit; @@ -1086,47 +1084,10 @@ spnego_initial ASN1_MALLOC_ENCODE(NegotiationToken, buf, buf_size, &nt, &buf_len, ret); - if (buf_size != buf_len) + if (ret == 0 && buf_size != buf_len) abort(); } -#else - ni_len = length_NegTokenInit(&ni); - buf_size = 1 + length_len(ni_len) + ni_len; - buf = malloc(buf_size); - if (buf == NULL) { - free_NegTokenInit(&ni); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - ret = encode_NegTokenInit(buf + buf_size - 1, - ni_len, - &ni, &buf_len); - if (ret == 0 && ni_len != buf_len) - abort(); - - if (ret == 0) { - size_t tmp; - - ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, - buf_size - buf_len, - buf_len, - ASN1_C_CONTEXT, - CONS, - 0, - &tmp); - if (ret == 0 && tmp + buf_len != buf_size) - abort(); - } - if (ret) { - *minor_status = ret; - free(buf); - free_NegTokenInit(&ni); - return GSS_S_FAILURE; - } - -#endif data.data = buf; data.length = buf_size; @@ -1197,65 +1158,68 @@ spnego_init_sec_context * gss_init_sec_context */ -OM_uint32 gss_init_sec_context( - OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec) +OM_uint32 gss_init_sec_context + (OM_uint32 * minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec + ) { - GSSAPI_KRB5_INIT (); + GSSAPI_KRB5_INIT (); - *minor_status = 0; + output_token->length = 0; + output_token->value = NULL; - if (actual_mech_type) *actual_mech_type = GSS_C_NO_OID; - - output_token->length = 0; - output_token->value = NULL; - - if (ret_flags) *ret_flags = 0; - if (time_rec) *time_rec = 0; - - if (target_name == GSS_C_NO_NAME) return GSS_S_BAD_NAME; - - if (mech_type == GSS_C_NO_OID || - gss_oid_equal(mech_type, GSS_KRB5_MECHANISM)) { - return gsskrb5_init_sec_context(minor_status, - initiator_cred_handle, - context_handle, - target_name, - mech_type, - req_flags, - time_req, - input_chan_bindings, - input_token, - actual_mech_type, - output_token, - ret_flags, - time_rec); - } else if (gss_oid_equal(mech_type, GSS_SPNEGO_MECHANISM)) { - return spnego_init_sec_context (minor_status, - initiator_cred_handle, - context_handle, - target_name, - mech_type, - req_flags, - time_req, - input_chan_bindings, - input_token, - actual_mech_type, - output_token, - ret_flags, - time_rec); - } + if (ret_flags) + *ret_flags = 0; + if (time_rec) + *time_rec = 0; + if (target_name == GSS_C_NO_NAME) { + if (actual_mech_type) + *actual_mech_type = GSS_C_NO_OID; + *minor_status = 0; + return GSS_S_BAD_NAME; + } + + if (mech_type == GSS_C_NO_OID || + gss_oid_equal(mech_type, GSS_KRB5_MECHANISM)) + return gsskrb5_init_sec_context(minor_status, + initiator_cred_handle, + context_handle, + target_name, + mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); + else if (gss_oid_equal(mech_type, GSS_SPNEGO_MECHANISM)) + return spnego_init_sec_context (minor_status, + initiator_cred_handle, + context_handle, + target_name, + mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); + else return GSS_S_BAD_MECH; } diff --git a/source4/heimdal/lib/hdb/hdb-private.h b/source4/heimdal/lib/hdb/hdb-private.h index 653df8c451..a2b96bb047 100644 --- a/source4/heimdal/lib/hdb/hdb-private.h +++ b/source4/heimdal/lib/hdb/hdb-private.h @@ -5,10 +5,14 @@ #include krb5_error_code -_hdb_fetch(krb5_context context, HDB *db, unsigned flags, - krb5_principal principal, - enum hdb_ent_type ent_type, - hdb_entry *entry); +_hdb_fetch ( + krb5_context /*context*/, + HDB */*db*/, + unsigned /*flags*/, + krb5_principal /*principal*/, + enum hdb_ent_type /*ent_type*/, + hdb_entry */*entry*/); + krb5_error_code _hdb_remove ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 2b1ac3a5c4..c8fa556696 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.123 2005/06/29 22:20:33 lha Exp $"); +RCSID("$Id: crypto.c,v 1.128 2005/07/20 07:22:43 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -2124,7 +2124,8 @@ verify_checksum(krb5_context context, return KRB5_PROG_SUMTYPE_NOSUPP; } if(ct->checksumsize != cksum->checksum.length) { - krb5_clear_error_string (context); + krb5_set_error_string (context, "checksum length was %d, but should be %d for checksum type %s", + cksum->checksum.length, ct->checksumsize, ct->name); return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */ } keyed_checksum = (ct->flags & F_KEYED) != 0; @@ -2145,8 +2146,11 @@ verify_checksum(krb5_context context, (*ct->checksum)(context, dkey, data, len, usage, &c); - if(c.checksum.length != cksum->checksum.length || - memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) { + if(c.checksum.length != cksum->checksum.length) { + krb5_set_error_string (context, "(INTERNAL ERROR) our checksum length was %d, but should be %d for checksum type %s", + c.checksum.length, ct->checksumsize, ct->name); + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + } else if (memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) { krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; } else { @@ -3246,7 +3250,7 @@ static krb5_error_code encrypt_internal_derived(krb5_context context, krb5_crypto crypto, unsigned usage, - void *data, + const void *data, size_t len, krb5_data *result, void *ivec) @@ -3315,7 +3319,7 @@ encrypt_internal_derived(krb5_context context, static krb5_error_code encrypt_internal(krb5_context context, krb5_crypto crypto, - void *data, + const void *data, size_t len, krb5_data *result, void *ivec) @@ -3395,7 +3399,7 @@ static krb5_error_code encrypt_internal_special(krb5_context context, krb5_crypto crypto, int usage, - void *data, + const void *data, size_t len, krb5_data *result, void *ivec) @@ -3624,7 +3628,7 @@ krb5_error_code KRB5_LIB_FUNCTION krb5_encrypt_ivec(krb5_context context, krb5_crypto crypto, unsigned usage, - void *data, + const void *data, size_t len, krb5_data *result, void *ivec) @@ -3643,7 +3647,7 @@ krb5_error_code KRB5_LIB_FUNCTION krb5_encrypt(krb5_context context, krb5_crypto crypto, unsigned usage, - void *data, + const void *data, size_t len, krb5_data *result) { @@ -4228,14 +4232,9 @@ wrapped_length (krb5_context context, { struct encryption_type *et = crypto->et; size_t padsize = et->padsize; - size_t checksumsize; + size_t checksumsize = CHECKSUMSIZE(et->checksum); size_t res; - if (et->keyed_checksum) - checksumsize = et->keyed_checksum->checksumsize; - else - checksumsize = et->checksum->checksumsize; - res = et->confoundersize + checksumsize + data_len; res = (res + padsize - 1) / padsize * padsize; return res; @@ -4306,6 +4305,65 @@ krb5_random_to_key(krb5_context context, return 0; } +krb5_error_code +_krb5_pk_octetstring2key(krb5_context context, + krb5_enctype type, + const void *dhdata, + size_t dhsize, + const heim_octet_string *c_n, + const heim_octet_string *k_n, + krb5_keyblock *key) +{ + struct encryption_type *et = _find_enctype(type); + krb5_error_code ret; + size_t keylen, offset; + void *keydata; + unsigned char counter; + unsigned char shaoutput[20]; + + if(et == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + type); + return KRB5_PROG_ETYPE_NOSUPP; + } + keylen = (et->keytype->bits + 7) / 8; + + keydata = malloc(keylen); + if (keydata == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + counter = 0; + offset = 0; + do { + SHA_CTX m; + + SHA1_Init(&m); + SHA1_Update(&m, &counter, 1); + SHA1_Update(&m, dhdata, dhsize); + if (c_n) + SHA1_Update(&m, c_n->data, c_n->length); + if (k_n) + SHA1_Update(&m, k_n->data, k_n->length); + SHA1_Final(shaoutput, &m); + + memcpy((unsigned char *)keydata + offset, + shaoutput, + min(keylen - offset, sizeof(shaoutput))); + + offset += sizeof(shaoutput); + counter++; + } while(offset < keylen); + memset(shaoutput, 0, sizeof(shaoutput)); + + ret = krb5_random_to_key(context, type, keydata, keylen, key); + memset(keydata, 0, sizeof(keylen)); + free(keydata); + return ret; +} + + #ifdef CRYPTO_DEBUG static krb5_error_code diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index 63fb55608c..7043b8ae51 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_cred.c,v 1.107 2005/06/16 22:57:14 lha Exp $"); +RCSID("$Id: get_cred.c,v 1.108 2005/07/13 07:38:02 lha Exp $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -837,10 +837,6 @@ krb5_get_credentials_with_flags(krb5_context context, if (in_creds->session.keytype) options |= KRB5_TC_MATCH_KEYTYPE; - ret = krb5_cc_retrieve_cred(context, - ccache, - options, - in_creds, res_creds); /* * If we got a credential, check if credential is expired before * returning it. diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c index a405664122..23f6685049 100644 --- a/source4/heimdal/lib/krb5/keytab.c +++ b/source4/heimdal/lib/krb5/keytab.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab.c,v 1.60 2005/05/19 14:04:45 lha Exp $"); +RCSID("$Id: keytab.c,v 1.62 2005/07/06 01:14:42 lha Exp $"); /* * Register a new keytab in `ops' @@ -240,8 +240,8 @@ krb5_kt_get_name(krb5_context context, } /* - * Finish using the keytab in `id'. All resources will be released. - * Return 0 or an error. + * Finish using the keytab in `id'. All resources will be released, + * even on errors. Return 0 or an error. */ krb5_error_code KRB5_LIB_FUNCTION @@ -251,8 +251,8 @@ krb5_kt_close(krb5_context context, krb5_error_code ret; ret = (*id->close)(context, id); - if(ret == 0) - free(id); + memset(id, 0, sizeof(*id)); + free(id); return ret; } @@ -302,8 +302,10 @@ krb5_kt_get_entry(krb5_context context, return (*id->get)(context, id, principal, kvno, enctype, entry); ret = krb5_kt_start_seq_get (context, id, &cursor); - if (ret) + if (ret) { + krb5_clear_error_string(context); return KRB5_KT_NOTFOUND; /* XXX i.e. file not found */ + } entry->vno = 0; while (krb5_kt_next_entry(context, id, &tmp, &cursor) == 0) { diff --git a/source4/heimdal/lib/krb5/keytab_file.c b/source4/heimdal/lib/krb5/keytab_file.c index dca09ff6f3..6ff2680ed1 100644 --- a/source4/heimdal/lib/krb5/keytab_file.c +++ b/source4/heimdal/lib/krb5/keytab_file.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_file.c,v 1.18 2005/05/31 21:50:43 lha Exp $"); +RCSID("$Id: keytab_file.c,v 1.20 2005/07/13 06:08:07 lha Exp $"); #define KRB5_KT_VNO_1 1 #define KRB5_KT_VNO_2 2 @@ -332,6 +332,12 @@ fkt_start_seq_get_int(krb5_context context, return ret; } c->sp = krb5_storage_from_fd(c->fd); + if (c->sp == NULL) { + _krb5_xunlock(context, c->fd); + close(c->fd); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } krb5_storage_set_eof_code(c->sp, KRB5_KT_END); ret = krb5_ret_int8(c->sp, &pvno); if(ret) { diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index e59cab8ca7..b877de8cf2 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -329,6 +329,14 @@ _krb5_put_int ( unsigned long /*value*/, size_t /*size*/); +krb5_error_code KRB5_LIB_FUNCTION +_krb5_rd_rep_type ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + const krb5_data */*inbuf*/, + krb5_ap_rep_enc_part **/*repl*/, + krb5_boolean /*dce_style_response*/); + int _krb5_send_and_recv_tcp ( int /*fd*/, @@ -348,11 +356,4 @@ _krb5_xunlock ( krb5_context /*context*/, int /*fd*/); -krb5_error_code KRB5_LIB_FUNCTION -_krb5_rd_rep_type(krb5_context context, - krb5_auth_context auth_context, - const krb5_data *inbuf, - krb5_ap_rep_enc_part **repl, - krb5_boolean dce_style_response); - #endif /* __krb5_private_h__ */ diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index cee8a02419..f306bf949f 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -1305,7 +1305,7 @@ krb5_encrypt ( krb5_context /*context*/, krb5_crypto /*crypto*/, unsigned /*usage*/, - void */*data*/, + const void */*data*/, size_t /*len*/, krb5_data */*result*/); @@ -1324,7 +1324,7 @@ krb5_encrypt_ivec ( krb5_context /*context*/, krb5_crypto /*crypto*/, unsigned /*usage*/, - void */*data*/, + const void */*data*/, size_t /*len*/, krb5_data */*result*/, void */*ivec*/); @@ -2424,7 +2424,7 @@ krb5_principal_get_comp_string ( const char* KRB5_LIB_FUNCTION krb5_principal_get_realm ( krb5_context /*context*/, - krb5_const_principal /*principal*/); + krb5_principal /*principal*/); int KRB5_LIB_FUNCTION krb5_principal_get_type ( diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index 890a500caa..5789bff205 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.236 2005/06/11 00:05:24 lha Exp $ */ +/* $Id: krb5.h,v 1.237 2005/07/09 14:47:21 lha Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -567,8 +567,8 @@ typedef struct krb5_auth_context_data { krb5_rcache rcache; - krb5_keytype keytype; /* ¿requested key type ? */ - krb5_cksumtype cksumtype; /* ¡requested checksum type! */ + krb5_keytype keytype; /* ¿requested key type ? */ + krb5_cksumtype cksumtype; /* ¡requested checksum type! */ }krb5_auth_context_data, *krb5_auth_context; @@ -617,28 +617,28 @@ typedef struct _krb5_prompt { krb5_prompt_type type; } krb5_prompt; -typedef int (*krb5_prompter_fct)(krb5_context context, - void *data, - const char *name, - const char *banner, - int num_prompts, - krb5_prompt prompts[]); -typedef krb5_error_code (*krb5_key_proc)(krb5_context context, - krb5_enctype type, - krb5_salt salt, - krb5_const_pointer keyseed, - krb5_keyblock **key); -typedef krb5_error_code (*krb5_decrypt_proc)(krb5_context context, - krb5_keyblock *key, - krb5_key_usage usage, - krb5_const_pointer decrypt_arg, - krb5_kdc_rep *dec_rep); -typedef krb5_error_code (*krb5_s2k_proc)(krb5_context context, - krb5_enctype type, - krb5_const_pointer keyseed, - krb5_salt salt, - krb5_data *s2kparms, - krb5_keyblock **key); +typedef int (*krb5_prompter_fct)(krb5_context /*context*/, + void * /*data*/, + const char * /*name*/, + const char * /*banner*/, + int /*num_prompts*/, + krb5_prompt /*prompts*/[]); +typedef krb5_error_code (*krb5_key_proc)(krb5_context /*context*/, + krb5_enctype /*type*/, + krb5_salt /*salt*/, + krb5_const_pointer /*keyseed*/, + krb5_keyblock ** /*key*/); +typedef krb5_error_code (*krb5_decrypt_proc)(krb5_context /*context*/, + krb5_keyblock * /*key*/, + krb5_key_usage /*usage*/, + krb5_const_pointer /*decrypt_arg*/, + krb5_kdc_rep * /*dec_rep*/); +typedef krb5_error_code (*krb5_s2k_proc)(krb5_context /*context*/, + krb5_enctype /*type*/, + krb5_const_pointer /*keyseed*/, + krb5_salt /*salt*/, + krb5_data * /*s2kparms*/, + krb5_keyblock ** /*key*/); struct _krb5_get_init_creds_opt_private; diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 84db4fe544..35a751c291 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c,v 1.55 2005/05/19 18:49:05 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.58 2005/07/23 10:42:01 lha Exp $"); #ifdef PKINIT @@ -407,34 +407,25 @@ _krb5_pk_create_sign(krb5_context context, goto out; } - sd.certificates->data = NULL; - sd.certificates->length = 0; + i = sk_X509_num(id->cert); + sd.certificates->val = malloc(sizeof(sd.certificates->val[0]) * i); + if (sd.certificates->val == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + sd.certificates->len = i; for (i = 0; i < sk_X509_num(id->cert); i++) { - void *data; - OPENSSL_ASN1_MALLOC_ENCODE(X509, - buf.data, - buf.length, + sd.certificates->val[i].data, + sd.certificates->val[i].length, sk_X509_value(id->cert, i), ret); if (ret) { krb5_clear_error_string(context); goto out; } - data = realloc(sd.certificates->data, - sd.certificates->length + buf.length); - if (data == NULL) { - free(buf.data); - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - memcpy(((char *)data) + sd.certificates->length, - buf.data, buf.length); - sd.certificates->length += buf.length; - sd.certificates->data = data; - free(buf.data); } ASN1_MALLOC_ENCODE(SignedData, sd_data->data, sd_data->length, @@ -563,7 +554,7 @@ build_auth_pack(krb5_context context, if (ret == 0 && dh) { DomainParameters dp; heim_integer dh_pub_key; - krb5_data buf; + krb5_data dhbuf; size_t size; ALLOC(a->clientPublicValue, 1); @@ -615,25 +606,25 @@ build_auth_pack(krb5_context context, if (ret) return ret; - buf.length = length_heim_integer(&dh_pub_key); - buf.data = malloc(buf.length); - if (buf.data == NULL) { + dhbuf.length = length_heim_integer(&dh_pub_key); + dhbuf.data = malloc(dhbuf.length); + if (dhbuf.data == NULL) { free_heim_integer(&dh_pub_key); krb5_set_error_string(context, "malloc: out of memory"); return ret; } - ret = der_put_heim_integer((char *)buf.data + buf.length - 1, - buf.length, &dh_pub_key, &size); + ret = der_put_heim_integer((char *)dhbuf.data + dhbuf.length - 1, + dhbuf.length, &dh_pub_key, &size); free_heim_integer(&dh_pub_key); if (ret) { - free(buf.data); + free(dhbuf.data); return ret; } - if (size != buf.length) + if (size != dhbuf.length) krb5_abortx(context, "asn1 internal error"); - a->clientPublicValue->subjectPublicKey.length = buf.length * 8; - a->clientPublicValue->subjectPublicKey.data = buf.data; + a->clientPublicValue->subjectPublicKey.length = dhbuf.length * 8; + a->clientPublicValue->subjectPublicKey.data = dhbuf.data; } return ret; @@ -894,7 +885,7 @@ _krb5_pk_mk_padata(krb5_context context, if (provisioning_server) { /* PacketCable requires the PROV-SRV-LOCATION authenticator */ - const PROV_SRV_LOCATION prov_server = (char *)provisioning_server; + const PROV_SRV_LOCATION prov_server = rk_UNCONST(provisioning_server); ASN1_MALLOC_ENCODE(PROV_SRV_LOCATION, buf.data, buf.length, &prov_server, &size, ret); @@ -1104,7 +1095,7 @@ pk_verify_chain_standard(krb5_context context, } static int -cert_to_X509(krb5_context context, CertificateSetReal *set, +cert_to_X509(krb5_context context, CertificateSet *set, STACK_OF(X509_CRL) **certs) { krb5_error_code ret; @@ -1112,6 +1103,9 @@ cert_to_X509(krb5_context context, CertificateSetReal *set, *certs = sk_X509_new_null(); + if (set == NULL) + return 0; + ret = 0; for (i = 0; i < set->len; i++) { unsigned char *p; @@ -1134,45 +1128,6 @@ cert_to_X509(krb5_context context, CertificateSetReal *set, return ret; } -static krb5_error_code -any_to_CertificateSet(krb5_context context, heim_any *cert, - CertificateSetReal *set) -{ - size_t size, len, length; - heim_any *val; - int ret; - char *p; - - set->len = 0; - set->val = NULL; - - len = 0; - p = cert->data; - length = cert->length; - while (len < cert->length) { - val = realloc(set->val, (set->len + 1) * sizeof(set->val[0])); - if (val == NULL) { - ret = ENOMEM; - goto out; - } - set->val = val; - ret = decode_heim_any(p, length, &set->val[set->len], &size); - if (ret) - goto out; - set->len++; - - p += size; - len += size; - length -= size; - } - return 0; - out: - krb5_clear_error_string(context); - free_CertificateSetReal(set); - set->val = NULL; - return ret; -} - krb5_error_code KRB5_LIB_FUNCTION _krb5_pk_verify_sign(krb5_context context, const char *data, @@ -1187,7 +1142,6 @@ _krb5_pk_verify_sign(krb5_context context, const EVP_MD *evp_type; EVP_PKEY *public_key; krb5_error_code ret; - CertificateSetReal set; EVP_MD_CTX md; X509 *cert; SignedData sd; @@ -1227,15 +1181,14 @@ _krb5_pk_verify_sign(krb5_context context, signer_info = &sd.signerInfos.val[0]; - ret = any_to_CertificateSet(context, sd.certificates, &set); - if (ret) { - krb5_set_error_string(context, - "PKINIT: failed to decode CertificateSet"); - goto out; - } + { + CertificateSet set; + set.val = sd.certificates->val; + set.len = sd.certificates->len; - ret = cert_to_X509(context, &set, &certificates); - free_CertificateSetReal(&set); + ret = cert_to_X509(context, &set, &certificates); + free_CertificateSet(&set); + } if (ret) { krb5_set_error_string(context, "PKINIT: failed to decode Certificates"); @@ -1530,7 +1483,6 @@ pk_rd_pa_reply_enckey(krb5_context context, /* win2k uses ContentInfo */ if (win2k_compat) { ContentInfo ci; - size_t size; ret = decode_ContentInfo(p, length, &ci, &size); if (ret) { @@ -1604,6 +1556,8 @@ pk_rd_pa_reply_dh(krb5_context context, ContentInfo *rep, krb5_pk_init_ctx ctx, krb5_enctype etype, + const DHNonce *c_n, + const DHNonce *k_n, unsigned nonce, PA_DATA *pa, krb5_keyblock **key) @@ -1666,6 +1620,30 @@ pk_rd_pa_reply_dh(krb5_context context, goto out; } + if (kdc_dh_info.dhKeyExpiration) { + if (k_n == NULL) { + krb5_set_error_string(context, "pkinit; got key expiration " + "without server nonce"); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + if (c_n == NULL) { + krb5_set_error_string(context, "pkinit; got DH reuse but no " + "client nonce"); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + } else { + if (k_n) { + krb5_set_error_string(context, "pkinit; got server nonce " + "without key expiration"); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + c_n = NULL; + } + + p = kdc_dh_info.subjectPublicKey.data; size = (kdc_dh_info.subjectPublicKey.length + 7) / 8; dh_pub_key = d2i_ASN1_INTEGER(NULL, &p, size); @@ -1684,14 +1662,21 @@ pk_rd_pa_reply_dh(krb5_context context, goto out; } - dh_gen_key = malloc(DH_size(ctx->dh)); + dh_gen_keylen = DH_size(ctx->dh); + size = BN_num_bytes(ctx->dh->p); + if (size < dh_gen_keylen) + size = dh_gen_keylen; + + dh_gen_key = malloc(size); if (dh_gen_key == NULL) { krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } + memset(dh_gen_key, 0, size - dh_gen_keylen); - dh_gen_keylen = DH_compute_key(dh_gen_key, kdc_dh_pubkey, ctx->dh); + dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen), + kdc_dh_pubkey, ctx->dh); if (dh_gen_keylen == -1) { krb5_set_error_string(context, "PKINIT: Can't compute Diffie-Hellman key (%s)", @@ -1707,7 +1692,11 @@ pk_rd_pa_reply_dh(krb5_context context, goto out; } - ret = krb5_random_to_key(context, etype, dh_gen_key, dh_gen_keylen, *key); + ret = _krb5_pk_octetstring2key(context, + etype, + dh_gen_key, dh_gen_keylen, + c_n, k_n, + *key); if (ret) { krb5_set_error_string(context, "PKINIT: can't create key from DH key"); @@ -1761,6 +1750,25 @@ _krb5_pk_rd_pa_reply(krb5_context context, return ret; switch (rep.element) { + case choice_PA_PK_AS_REP_dhInfo: + ret = decode_ContentInfo(rep.u.dhInfo.dhSignedData.data, + rep.u.dhInfo.dhSignedData.length, + &ci, + &size); + if (ret) { + krb5_set_error_string(context, + "PKINIT: -25 decoding failed DH " + "ContentInfo: %d", ret); + + free_PA_PK_AS_REP(&rep); + break; + } + ret = pk_rd_pa_reply_dh(context, &ci, ctx, + etype, NULL, NULL, nonce, pa, key); + free_ContentInfo(&ci); + free_PA_PK_AS_REP(&rep); + + break; case choice_PA_PK_AS_REP_encKeyPack: ret = decode_ContentInfo(rep.u.encKeyPack.data, rep.u.encKeyPack.length, @@ -1799,7 +1807,8 @@ _krb5_pk_rd_pa_reply(krb5_context context, switch(rep19.element) { case choice_PA_PK_AS_REP_19_dhSignedData: ret = pk_rd_pa_reply_dh(context, &rep19.u.dhSignedData, ctx, - etype, nonce, pa, key); + etype, NULL, NULL, + nonce, pa, key); break; case choice_PA_PK_AS_REP_19_encKeyPack: ret = pk_rd_pa_reply_enckey(context, 0, @@ -2314,8 +2323,8 @@ _krb5_pk_load_openssl_id(krb5_context context, FILE *f; krb5_error_code (*load_pair)(krb5_context, char *, - krb5_prompter_fct prompter, - void * prompter_data, + krb5_prompter_fct, + void *, const char *, struct krb5_pk_identity *) = NULL; @@ -2553,24 +2562,29 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, dh = DH_new(); if (dh == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); _krb5_get_init_creds_opt_free_pkinit(opt); return ENOMEM; } opt->private->pk_init_ctx->dh = dh; if (!BN_hex2bn(&dh->p, P)) { + krb5_set_error_string(context, "malloc: out of memory"); _krb5_get_init_creds_opt_free_pkinit(opt); return ENOMEM; } if (!BN_hex2bn(&dh->g, G)) { + krb5_set_error_string(context, "malloc: out of memory"); _krb5_get_init_creds_opt_free_pkinit(opt); return ENOMEM; } if (!BN_hex2bn(&dh->q, Q)) { + krb5_set_error_string(context, "malloc: out of memory"); _krb5_get_init_creds_opt_free_pkinit(opt); return ENOMEM; } /* XXX generate a new key for each request ? */ if (DH_generate_key(dh) != 1) { + krb5_set_error_string(context, "malloc: out of memory"); _krb5_get_init_creds_opt_free_pkinit(opt); return ENOMEM; } diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index b7194b4c41..b510478f65 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -76,7 +76,7 @@ krb5_principal_get_type(krb5_context context, const char* KRB5_LIB_FUNCTION krb5_principal_get_realm(krb5_context context, - krb5_const_principal principal) + krb5_principal principal) { return princ_realm(principal); } @@ -235,19 +235,19 @@ static const char replace_chars[] = " ntb\\/@"; #define add_char(BASE, INDEX, LEN, C) do { if((INDEX) < (LEN)) (BASE)[(INDEX)++] = (C); }while(0); static size_t -quote_string(const char *s, char *out, size_t string_index, size_t len) +quote_string(const char *s, char *out, size_t idx, size_t len) { const char *p, *q; - for(p = s; *p && string_index < len; p++){ + for(p = s; *p && idx < len; p++){ if((q = strchr(quotable_chars, *p))){ - add_char(out, string_index, len, '\\'); - add_char(out, string_index, len, replace_chars[q - quotable_chars]); + add_char(out, idx, len, '\\'); + add_char(out, idx, len, replace_chars[q - quotable_chars]); }else - add_char(out, string_index, len, *p); + add_char(out, idx, len, *p); } - if(string_index < len) - out[string_index] = '\0'; - return string_index; + if(idx < len) + out[idx] = '\0'; + return idx; } diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c index 9129eceeff..2571591e9d 100644 --- a/source4/heimdal/lib/krb5/rd_cred.c +++ b/source4/heimdal/lib/krb5/rd_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_cred.c,v 1.23 2005/06/17 04:31:48 lha Exp $"); +RCSID("$Id: rd_cred.c,v 1.24 2005/07/13 08:22:50 lha Exp $"); static krb5_error_code compare_addrs(krb5_context context, @@ -68,6 +68,8 @@ krb5_rd_cred(krb5_context context, krb5_crypto crypto; int i; + memset(&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part)); + if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && outdata == NULL) @@ -262,9 +264,14 @@ krb5_rd_cred(krb5_context context, } (*ret_creds)[i] = NULL; + + free_KRB_CRED (&cred); + free_EncKrbCredPart(&enc_krb_cred_part); + return 0; out: + free_EncKrbCredPart(&enc_krb_cred_part); free_KRB_CRED (&cred); if(*ret_creds) { for(i = 0; (*ret_creds)[i]; i++) diff --git a/source4/heimdal/lib/krb5/test_crypto_wrapping.c b/source4/heimdal/lib/krb5/test_crypto_wrapping.c new file mode 100644 index 0000000000..37d9bbacb7 --- /dev/null +++ b/source4/heimdal/lib/krb5/test_crypto_wrapping.c @@ -0,0 +1,163 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" +#include +#include + +RCSID("$Id: test_crypto_wrapping.c,v 1.2 2005/07/09 01:31:43 lha Exp $"); + +static void +test_wrapping(krb5_context context, + size_t min_size, + size_t max_size, + size_t step, + krb5_enctype etype) +{ + krb5_error_code ret; + krb5_keyblock key; + krb5_crypto crypto; + krb5_data data; + char *etype_name; + void *buf; + size_t size; + + ret = krb5_generate_random_keyblock(context, etype, &key); + if (ret) + krb5_err(context, 1, ret, "krb5_generate_random_keyblock"); + + ret = krb5_enctype_to_string(context, etype, &etype_name); + if (ret) + krb5_err(context, 1, ret, "krb5_enctype_to_string"); + + buf = malloc(max_size); + if (buf == NULL) + krb5_errx(context, 1, "out of memory"); + memset(buf, 0, max_size); + + ret = krb5_crypto_init(context, &key, 0, &crypto); + if (ret) + krb5_err(context, 1, ret, "krb5_crypto_init"); + + for (size = min_size; size < max_size; size += step) { + size_t wrapped_size; + + ret = krb5_encrypt(context, crypto, 0, buf, size, &data); + if (ret) + krb5_err(context, 1, ret, "encrypt size %d using %s", + size, etype_name); + + wrapped_size = krb5_get_wrapped_length(context, crypto, size); + + if (wrapped_size != data.length) + krb5_errx(context, 1, "calculated wrapped length %lu != " + "real wrapped length %lu for data length %lu using " + "enctype %s", + (unsigned long)wrapped_size, + (unsigned long)data.length, + (unsigned long)size, + etype_name); + krb5_data_free(&data); + } + + free(buf); + krb5_crypto_destroy(context, crypto); + krb5_free_keyblock_contents(context, &key); +} + + + +static int version_flag = 0; +static int help_flag = 0; + +static struct getargs args[] = { + {"version", 0, arg_flag, &version_flag, + "print version", NULL }, + {"help", 0, arg_flag, &help_flag, + NULL, NULL } +}; + +static void +usage (int ret) +{ + arg_printusage (args, + sizeof(args)/sizeof(*args), + NULL, + ""); + exit (ret); +} + +int +main(int argc, char **argv) +{ + krb5_context context; + krb5_error_code ret; + int i, optidx = 0; + + krb5_enctype enctypes[] = { + ETYPE_DES_CBC_CRC, + ETYPE_DES_CBC_MD4, + ETYPE_DES_CBC_MD5, + ETYPE_DES3_CBC_SHA1, + ETYPE_ARCFOUR_HMAC_MD5, + ETYPE_AES128_CTS_HMAC_SHA1_96, + ETYPE_AES256_CTS_HMAC_SHA1_96 + }; + + setprogname(argv[0]); + + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) + usage(1); + + if (help_flag) + usage (0); + + if(version_flag){ + print_version(NULL); + exit(0); + } + + argc -= optidx; + argv += optidx; + + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) { + test_wrapping(context, 0, 1024, 1, enctypes[i]); + test_wrapping(context, 1024, 1024 * 100, 1024, enctypes[i]); + } + krb5_free_context(context); + + return 0; +} diff --git a/source4/heimdal/lib/krb5/test_pkinit_dh2key.c b/source4/heimdal/lib/krb5/test_pkinit_dh2key.c new file mode 100644 index 0000000000..a40c218e12 --- /dev/null +++ b/source4/heimdal/lib/krb5/test_pkinit_dh2key.c @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" +#include +#include + +RCSID("$Id: test_pkinit_dh2key.c,v 1.1 2005/07/20 16:27:58 lha Exp $"); + +static void +test_dh2key(krb5_context context, + const heim_octet_string *K, + const heim_octet_string *c_n, + const heim_octet_string *k_n, + krb5_enctype etype) +{ + return; +} + + + +static int version_flag = 0; +static int help_flag = 0; + +static struct getargs args[] = { + {"version", 0, arg_flag, &version_flag, + "print version", NULL }, + {"help", 0, arg_flag, &help_flag, + NULL, NULL } +}; + +static void +usage (int ret) +{ + arg_printusage (args, + sizeof(args)/sizeof(*args), + NULL, + ""); + exit (ret); +} + +int +main(int argc, char **argv) +{ + krb5_context context; + krb5_error_code ret; + int i, optidx = 0; + + krb5_enctype enctypes[] = { + ETYPE_AES128_CTS_HMAC_SHA1_96, + ETYPE_AES256_CTS_HMAC_SHA1_96 + }; + + setprogname(argv[0]); + + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) + usage(1); + + if (help_flag) + usage (0); + + if(version_flag){ + print_version(NULL); + exit(0); + } + + argc -= optidx; + argv += optidx; + + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) { + test_dh2key(context, NULL, NULL, NULL, enctypes[i]); + } + + krb5_free_context(context); + + return 0; +} diff --git a/source4/heimdal/lib/roken/base64.c b/source4/heimdal/lib/roken/base64.c index 78dbe9c526..0d9d6119db 100644 --- a/source4/heimdal/lib/roken/base64.c +++ b/source4/heimdal/lib/roken/base64.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: base64.c,v 1.6 2005/04/12 11:28:34 lha Exp $"); +RCSID("$Id: base64.c,v 1.7 2005/06/23 10:47:57 lha Exp $"); #endif #include #include diff --git a/source4/heimdal/lib/roken/ecalloc.c b/source4/heimdal/lib/roken/ecalloc.c new file mode 100644 index 0000000000..ad22a4557e --- /dev/null +++ b/source4/heimdal/lib/roken/ecalloc.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: ecalloc.c,v 1.2 2005/04/12 11:28:36 lha Exp $"); +#endif + +#include +#include + +#include + +/* + * Like calloc but never fails. + */ + +void * ROKEN_LIB_FUNCTION +ecalloc (size_t number, size_t size) +{ + void *tmp = calloc (number, size); + + if (tmp == NULL && number * size != 0) + errx (1, "calloc %lu failed", (unsigned long)number * size); + return tmp; +} diff --git a/source4/heimdal/lib/roken/estrdup.c b/source4/heimdal/lib/roken/estrdup.c new file mode 100644 index 0000000000..1a20cdd410 --- /dev/null +++ b/source4/heimdal/lib/roken/estrdup.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: estrdup.c,v 1.4 2005/04/12 11:28:39 lha Exp $"); +#endif + +#include +#include + +#include + +/* + * Like strdup but never fails. + */ + +char * ROKEN_LIB_FUNCTION +estrdup (const char *str) +{ + char *tmp = strdup (str); + + if (tmp == NULL) + errx (1, "strdup failed"); + return tmp; +} diff --git a/source4/heimdal/lib/roken/gai_strerror.c b/source4/heimdal/lib/roken/gai_strerror.c index 5c28f58bf4..52db0f8842 100644 --- a/source4/heimdal/lib/roken/gai_strerror.c +++ b/source4/heimdal/lib/roken/gai_strerror.c @@ -33,14 +33,14 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: gai_strerror.c,v 1.5 2005/04/12 11:28:42 lha Exp $"); +RCSID("$Id: gai_strerror.c,v 1.7 2005/08/05 09:31:35 lha Exp $"); #endif #include "roken.h" static struct gai_error { int code; - char *str; + const char *str; } errors[] = { {EAI_NOERROR, "no error"}, #ifdef EAI_ADDRFAMILY @@ -65,7 +65,7 @@ static struct gai_error { * */ -char * ROKEN_LIB_FUNCTION +const char * ROKEN_LIB_FUNCTION gai_strerror(int ecode) { struct gai_error *g; diff --git a/source4/heimdal/lib/roken/roken.h b/source4/heimdal/lib/roken/roken.h index 545f43c6a7..04553caf48 100644 --- a/source4/heimdal/lib/roken/roken.h +++ b/source4/heimdal/lib/roken/roken.h @@ -32,7 +32,7 @@ * SUCH DAMAGE. */ -/* $Id: roken.h.in,v 1.175 2005/07/07 19:16:17 lha Exp $ */ +/* $Id: roken.h.in,v 1.177 2005/08/05 09:06:29 lha Exp $ */ #include #include @@ -143,15 +143,15 @@ ROKEN_CPP_START #endif #ifndef HAVE_PUTENV -int ROKEN_LIB_FUNCTION putenv(const char *string); +int ROKEN_LIB_FUNCTION putenv(const char *); #endif #if !defined(HAVE_SETENV) || defined(NEED_SETENV_PROTO) -int ROKEN_LIB_FUNCTION setenv(const char *var, const char *val, int rewrite); +int ROKEN_LIB_FUNCTION setenv(const char *, const char *, int); #endif #if !defined(HAVE_UNSETENV) || defined(NEED_UNSETENV_PROTO) -void ROKEN_LIB_FUNCTION unsetenv(const char *name); +void ROKEN_LIB_FUNCTION unsetenv(const char *); #endif #if !defined(HAVE_GETUSERSHELL) || defined(NEED_GETUSERSHELL_PROTO) @@ -160,46 +160,46 @@ void ROKEN_LIB_FUNCTION endusershell(void); #endif #if !defined(HAVE_SNPRINTF) || defined(NEED_SNPRINTF_PROTO) -int ROKEN_LIB_FUNCTION snprintf (char *str, size_t sz, const char *format, ...) +int ROKEN_LIB_FUNCTION snprintf (char *, size_t, const char *, ...) __attribute__ ((format (printf, 3, 4))); #endif #if !defined(HAVE_VSNPRINTF) || defined(NEED_VSNPRINTF_PROTO) int ROKEN_LIB_FUNCTION - vsnprintf (char *str, size_t sz, const char *format, va_list ap) + vsnprintf (char *, size_t, const char *, va_list) __attribute__((format (printf, 3, 0))); #endif #if !defined(HAVE_ASPRINTF) || defined(NEED_ASPRINTF_PROTO) int ROKEN_LIB_FUNCTION - asprintf (char **ret, const char *format, ...) + asprintf (char **, const char *, ...) __attribute__ ((format (printf, 2, 3))); #endif #if !defined(HAVE_VASPRINTF) || defined(NEED_VASPRINTF_PROTO) int ROKEN_LIB_FUNCTION - vasprintf (char **ret, const char *format, va_list ap) + vasprintf (char **, const char *, va_list) __attribute__((format (printf, 2, 0))); #endif #if !defined(HAVE_ASNPRINTF) || defined(NEED_ASNPRINTF_PROTO) int ROKEN_LIB_FUNCTION - asnprintf (char **ret, size_t max_sz, const char *format, ...) + asnprintf (char **, size_t, const char *, ...) __attribute__ ((format (printf, 3, 4))); #endif #if !defined(HAVE_VASNPRINTF) || defined(NEED_VASNPRINTF_PROTO) int ROKEN_LIB_FUNCTION - vasnprintf (char **ret, size_t max_sz, const char *format, va_list ap) + vasnprintf (char **, size_t, const char *, va_list) __attribute__((format (printf, 3, 0))); #endif #ifndef HAVE_STRDUP -char * ROKEN_LIB_FUNCTION strdup(const char *old); +char * ROKEN_LIB_FUNCTION strdup(const char *); #endif #if !defined(HAVE_STRNDUP) || defined(NEED_STRNDUP_PROTO) -char * ROKEN_LIB_FUNCTION strndup(const char *old, size_t sz); +char * ROKEN_LIB_FUNCTION strndup(const char *, size_t); #endif #ifndef HAVE_STRLWR @@ -219,7 +219,7 @@ ssize_t ROKEN_LIB_FUNCTION strsep_copy(const char**, const char*, char*, size_t) #endif #ifndef HAVE_STRCASECMP -int ROKEN_LIB_FUNCTION strcasecmp(const char *s1, const char *s2); +int ROKEN_LIB_FUNCTION strcasecmp(const char *, const char *); #endif #ifdef NEED_FCLOSE_PROTO @@ -227,7 +227,7 @@ int ROKEN_LIB_FUNCTION fclose(FILE *); #endif #ifdef NEED_STRTOK_R_PROTO -char * ROKEN_LIB_FUNCTION strtok_r(char *s1, const char *s2, char **lasts); +char * ROKEN_LIB_FUNCTION strtok_r(char *, const char *, char **); #endif #ifndef HAVE_STRUPR @@ -235,11 +235,11 @@ char * ROKEN_LIB_FUNCTION strupr(char *); #endif #ifndef HAVE_STRLCPY -size_t ROKEN_LIB_FUNCTION strlcpy (char *dst, const char *src, size_t dst_sz); +size_t ROKEN_LIB_FUNCTION strlcpy (char *, const char *, size_t); #endif #ifndef HAVE_STRLCAT -size_t ROKEN_LIB_FUNCTION strlcat (char *dst, const char *src, size_t dst_sz); +size_t ROKEN_LIB_FUNCTION strlcat (char *, const char *, size_t); #endif #ifndef HAVE_GETDTABLESIZE @@ -247,13 +247,13 @@ int ROKEN_LIB_FUNCTION getdtablesize(void); #endif #if !defined(HAVE_STRERROR) && !defined(strerror) -char * ROKEN_LIB_FUNCTION strerror(int eno); +char * ROKEN_LIB_FUNCTION strerror(int); #endif #if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO) /* This causes a fatal error under Psoriasis */ #if !(defined(SunOS) && (SunOS >= 50)) -const char * ROKEN_LIB_FUNCTION hstrerror(int herr); +const char * ROKEN_LIB_FUNCTION hstrerror(int); #endif #endif @@ -262,7 +262,7 @@ extern int h_errno; #endif #if !defined(HAVE_INET_ATON) || defined(NEED_INET_ATON_PROTO) -int ROKEN_LIB_FUNCTION inet_aton(const char *cp, struct in_addr *adr); +int ROKEN_LIB_FUNCTION inet_aton(const char *, struct in_addr *); #endif #ifndef HAVE_INET_NTOP @@ -272,31 +272,31 @@ inet_ntop(int af, const void *src, char *dst, size_t size); #ifndef HAVE_INET_PTON int ROKEN_LIB_FUNCTION -inet_pton(int af, const char *src, void *dst); +inet_pton(int, const char *, void *); #endif #if !defined(HAVE_GETCWD) -char* ROKEN_LIB_FUNCTION getcwd(char *path, size_t size); +char* ROKEN_LIB_FUNCTION getcwd(char *, size_t); #endif #ifdef HAVE_PWD_H #include -struct passwd * ROKEN_LIB_FUNCTION k_getpwnam (const char *user); -struct passwd * ROKEN_LIB_FUNCTION k_getpwuid (uid_t uid); +struct passwd * ROKEN_LIB_FUNCTION k_getpwnam (const char *); +struct passwd * ROKEN_LIB_FUNCTION k_getpwuid (uid_t); #endif const char * ROKEN_LIB_FUNCTION get_default_username (void); #ifndef HAVE_SETEUID -int ROKEN_LIB_FUNCTION seteuid(uid_t euid); +int ROKEN_LIB_FUNCTION seteuid(uid_t); #endif #ifndef HAVE_SETEGID -int ROKEN_LIB_FUNCTION setegid(gid_t egid); +int ROKEN_LIB_FUNCTION setegid(gid_t); #endif #ifndef HAVE_LSTAT -int ROKEN_LIB_FUNCTION lstat(const char *path, struct stat *buf); +int ROKEN_LIB_FUNCTION lstat(const char *, struct stat *); #endif #if !defined(HAVE_MKSTEMP) || defined(NEED_MKSTEMP_PROTO) @@ -304,35 +304,35 @@ int ROKEN_LIB_FUNCTION mkstemp(char *); #endif #ifndef HAVE_CGETENT -int ROKEN_LIB_FUNCTION cgetent(char **buf, char **db_array, const char *name); -int ROKEN_LIB_FUNCTION cgetstr(char *buf, const char *cap, char **str); +int ROKEN_LIB_FUNCTION cgetent(char **, char **, const char *); +int ROKEN_LIB_FUNCTION cgetstr(char *, const char *, char **); #endif #ifndef HAVE_INITGROUPS -int ROKEN_LIB_FUNCTION initgroups(const char *name, gid_t basegid); +int ROKEN_LIB_FUNCTION initgroups(const char *, gid_t); #endif #ifndef HAVE_FCHOWN -int ROKEN_LIB_FUNCTION fchown(int fd, uid_t owner, gid_t group); +int ROKEN_LIB_FUNCTION fchown(int, uid_t, gid_t); #endif #if !defined(HAVE_DAEMON) || defined(NEED_DAEMON_PROTO) -int ROKEN_LIB_FUNCTION daemon(int nochdir, int noclose); +int ROKEN_LIB_FUNCTION daemon(int, int); #endif #ifndef HAVE_INNETGR -int ROKEN_LIB_FUNCTION innetgr(const char *netgroup, const char *machine, - const char *user, const char *domain); +int ROKEN_LIB_FUNCTION innetgr(const char *, const char *, + const char *, const char *); #endif #ifndef HAVE_CHOWN -int ROKEN_LIB_FUNCTION chown(const char *path, uid_t owner, gid_t group); +int ROKEN_LIB_FUNCTION chown(const char *, uid_t, gid_t); #endif #ifndef HAVE_RCMD int ROKEN_LIB_FUNCTION - rcmd(char **ahost, unsigned short inport, const char *locuser, - const char *remuser, const char *cmd, int *fd2p); + rcmd(char **, unsigned short, const char *, + const char *, const char *, int *); #endif #if !defined(HAVE_INNETGR) || defined(NEED_INNETGR_PROTO) @@ -341,27 +341,27 @@ int ROKEN_LIB_FUNCTION innetgr(const char*, const char*, #endif #ifndef HAVE_IRUSEROK -int ROKEN_LIB_FUNCTION iruserok(unsigned raddr, int superuser, - const char *ruser, const char *luser); +int ROKEN_LIB_FUNCTION iruserok(unsigned, int, + const char *, const char *); #endif #if !defined(HAVE_GETHOSTNAME) || defined(NEED_GETHOSTNAME_PROTO) -int ROKEN_LIB_FUNCTION gethostname(char *name, int namelen); +int ROKEN_LIB_FUNCTION gethostname(char *, int); #endif #ifndef HAVE_WRITEV ssize_t ROKEN_LIB_FUNCTION -writev(int d, const struct iovec *iov, int iovcnt); +writev(int, const struct iovec *, int); #endif #ifndef HAVE_READV ssize_t ROKEN_LIB_FUNCTION -readv(int d, const struct iovec *iov, int iovcnt); +readv(int, const struct iovec *, int); #endif #ifndef HAVE_MKSTEMP int ROKEN_LIB_FUNCTION -mkstemp(char *template); +mkstemp(char *); #endif #ifndef HAVE_PIDFILE @@ -393,22 +393,22 @@ unsigned short ROKEN_LIB_FUNCTION bswap16(unsigned short); int flock(int fd, int operation); #endif /* HAVE_FLOCK */ -time_t ROKEN_LIB_FUNCTION tm2time (struct tm tm, int local); +time_t ROKEN_LIB_FUNCTION tm2time (struct tm, int); -int ROKEN_LIB_FUNCTION unix_verify_user(char *user, char *password); +int ROKEN_LIB_FUNCTION unix_verify_user(char *, char *); -int ROKEN_LIB_FUNCTION roken_concat (char *s, size_t len, ...); +int ROKEN_LIB_FUNCTION roken_concat (char *, size_t, ...); -size_t ROKEN_LIB_FUNCTION roken_mconcat (char **s, size_t max_len, ...); +size_t ROKEN_LIB_FUNCTION roken_mconcat (char **, size_t, ...); -int ROKEN_LIB_FUNCTION roken_vconcat (char *s, size_t len, va_list args); +int ROKEN_LIB_FUNCTION roken_vconcat (char *, size_t, va_list); size_t ROKEN_LIB_FUNCTION - roken_vmconcat (char **s, size_t max_len, va_list args); + roken_vmconcat (char **, size_t, va_list); -ssize_t ROKEN_LIB_FUNCTION net_write (int fd, const void *buf, size_t nbytes); +ssize_t ROKEN_LIB_FUNCTION net_write (int, const void *, size_t); -ssize_t ROKEN_LIB_FUNCTION net_read (int fd, void *buf, size_t nbytes); +ssize_t ROKEN_LIB_FUNCTION net_read (int, void *, size_t); int ROKEN_LIB_FUNCTION issuid(void); @@ -422,7 +422,7 @@ struct winsize { int ROKEN_LIB_FUNCTION get_window_size(int fd, struct winsize *); #ifndef HAVE_VSYSLOG -void ROKEN_LIB_FUNCTION vsyslog(int pri, const char *fmt, va_list ap); +void ROKEN_LIB_FUNCTION vsyslog(int, const char *, va_list); #endif #if !HAVE_DECL_OPTARG @@ -441,22 +441,22 @@ extern char **environ; #ifndef HAVE_GETIPNODEBYNAME struct hostent * ROKEN_LIB_FUNCTION -getipnodebyname (const char *name, int af, int flags, int *error_num); +getipnodebyname (const char *, int, int, int *); #endif #ifndef HAVE_GETIPNODEBYADDR struct hostent * ROKEN_LIB_FUNCTION -getipnodebyaddr (const void *src, size_t len, int af, int *error_num); +getipnodebyaddr (const void *, size_t, int, int *); #endif #ifndef HAVE_FREEHOSTENT void ROKEN_LIB_FUNCTION -freehostent (struct hostent *h); +freehostent (struct hostent *); #endif #ifndef HAVE_COPYHOSTENT struct hostent * ROKEN_LIB_FUNCTION -copyhostent (const struct hostent *h); +copyhostent (const struct hostent *); #endif #ifndef HAVE_SOCKLEN_T @@ -523,35 +523,35 @@ struct addrinfo { #ifndef HAVE_GETADDRINFO int ROKEN_LIB_FUNCTION -getaddrinfo(const char *nodename, - const char *servname, - const struct addrinfo *hints, - struct addrinfo **res); +getaddrinfo(const char *, + const char *, + const struct addrinfo *, + struct addrinfo **); #endif #ifndef HAVE_GETNAMEINFO int ROKEN_LIB_FUNCTION -getnameinfo(const struct sockaddr *sa, socklen_t salen, - char *host, size_t hostlen, - char *serv, size_t servlen, - int flags); +getnameinfo(const struct sockaddr *, socklen_t, + char *, size_t, + char *, size_t, + int); #endif #ifndef HAVE_FREEADDRINFO void ROKEN_LIB_FUNCTION -freeaddrinfo(struct addrinfo *ai); +freeaddrinfo(struct addrinfo *); #endif #ifndef HAVE_GAI_STRERROR -char * ROKEN_LIB_FUNCTION -gai_strerror(int ecode); +const char * ROKEN_LIB_FUNCTION +gai_strerror(int); #endif int ROKEN_LIB_FUNCTION -getnameinfo_verified(const struct sockaddr *sa, socklen_t salen, - char *host, size_t hostlen, - char *serv, size_t servlen, - int flags); +getnameinfo_verified(const struct sockaddr *, socklen_t, + char *, size_t, + char *, size_t, + int); int ROKEN_LIB_FUNCTION roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **); @@ -560,20 +560,19 @@ roken_getaddrinfo_hostspec2(const char *, int, int, struct addrinfo **); #ifndef HAVE_STRFTIME size_t ROKEN_LIB_FUNCTION -strftime (char *buf, size_t maxsize, const char *format, - const struct tm *tm); +strftime (char *, size_t, const char *, const struct tm *); #endif #ifndef HAVE_STRPTIME char * ROKEN_LIB_FUNCTION -strptime (const char *buf, const char *format, struct tm *timeptr); +strptime (const char *, const char *, struct tm *); #endif #ifndef HAVE_EMALLOC void * ROKEN_LIB_FUNCTION emalloc (size_t); #endif #ifndef HAVE_ECALLOC -void * ROKEN_LIB_FUNCTION ecalloc(size_t num, size_t sz); +void * ROKEN_LIB_FUNCTION ecalloc(size_t, size_t); #endif #ifndef HAVE_EREALLOC void * ROKEN_LIB_FUNCTION erealloc (void *, size_t); @@ -626,7 +625,7 @@ roken_gethostbyaddr(const void*, size_t, int); #endif #ifndef HAVE_SETPROGNAME -void ROKEN_LIB_FUNCTION setprogname(const char *argv0); +void ROKEN_LIB_FUNCTION setprogname(const char *); #endif #ifndef HAVE_GETPROGNAME @@ -638,46 +637,46 @@ extern const char *__progname; #endif void ROKEN_LIB_FUNCTION mini_inetd_addrinfo (struct addrinfo*); -void ROKEN_LIB_FUNCTION mini_inetd (int port); +void ROKEN_LIB_FUNCTION mini_inetd (int); #ifndef HAVE_LOCALTIME_R struct tm * ROKEN_LIB_FUNCTION -localtime_r(const time_t *timer, struct tm *result); +localtime_r(const time_t *, struct tm *); #endif #if !defined(HAVE_STRSVIS) || defined(NEED_STRSVIS_PROTO) int ROKEN_LIB_FUNCTION -strsvis(char *dst, const char *src, int flag, const char *extra); +strsvis(char *, const char *, int, const char *); #endif #if !defined(HAVE_STRUNVIS) || defined(NEED_STRUNVIS_PROTO) int ROKEN_LIB_FUNCTION -strunvis(char *dst, const char *src); +strunvis(char *, const char *); #endif #if !defined(HAVE_STRVIS) || defined(NEED_STRVIS_PROTO) int ROKEN_LIB_FUNCTION -strvis(char *dst, const char *src, int flag); +strvis(char *, const char *, int); #endif #if !defined(HAVE_STRVISX) || defined(NEED_STRVISX_PROTO) int ROKEN_LIB_FUNCTION -strvisx(char *dst, const char *src, size_t len, int flag); +strvisx(char *, const char *, size_t, int); #endif #if !defined(HAVE_SVIS) || defined(NEED_SVIS_PROTO) char * ROKEN_LIB_FUNCTION -svis(char *dst, int c, int flag, int nextc, const char *extra); +svis(char *, int, int, int, const char *); #endif #if !defined(HAVE_UNVIS) || defined(NEED_UNVIS_PROTO) int ROKEN_LIB_FUNCTION -unvis(char *cp, int c, int *astate, int flag); +unvis(char *, int, int *, int); #endif #if !defined(HAVE_VIS) || defined(NEED_VIS_PROTO) char * ROKEN_LIB_FUNCTION -vis(char *dst, int c, int flag, int nextc); +vis(char *, int, int, int); #endif #if !defined(HAVE_CLOSEFROM) -- cgit From 65ec408473972099f08d3ff0485e5f07244ad94c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 15 Aug 2005 01:38:21 +0000 Subject: r9305: Use the check-var.m4 from roken to really, really detect h_errno correctly. This fixes the build on Fedora Core 4. Andrew Bartlett (This used to be commit aa36b2adad0d66b8171aa3ccca3057298361bec5) --- source4/heimdal/cf/check-var.m4 | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 source4/heimdal/cf/check-var.m4 (limited to 'source4/heimdal') diff --git a/source4/heimdal/cf/check-var.m4 b/source4/heimdal/cf/check-var.m4 new file mode 100644 index 0000000000..41401f6dd9 --- /dev/null +++ b/source4/heimdal/cf/check-var.m4 @@ -0,0 +1,25 @@ +dnl $Id: check-var.m4,v 1.12 2005/06/16 18:59:10 lha Exp $ +dnl +dnl rk_CHECK_VAR(variable, includes) +AC_DEFUN([rk_CHECK_VAR], [ +AC_MSG_CHECKING(for $1) +AC_CACHE_VAL(ac_cv_var_$1, [ +m4_ifval([$2],[ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2 + void * foo(void) { return &$1; }]],[[foo()]])], + [ac_cv_var_$1=yes],[ac_cv_var_$1=no])]) +if test "$ac_cv_var_$1" != yes ; then +AC_LINK_IFELSE([AC_LANG_PROGRAM([[extern int $1; +int foo(void) { return $1; }]],[[foo()]])], + [ac_cv_var_$1=yes],[ac_cv_var_$1=no]) +fi +]) +ac_foo=`eval echo \\$ac_cv_var_$1` +AC_MSG_RESULT($ac_foo) +if test "$ac_foo" = yes; then + AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1, + [Define if you have the `]$1[' variable.]) + m4_ifval([$2], AC_CHECK_DECLS([$1],[],[],[$2])) +fi +]) + -- cgit From 55f5453bc81d9a3a4fe67ff0a6ba528d8d0f7984 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 20 Aug 2005 06:00:50 +0000 Subject: r9413: Bring Samba4 back up to date with lorikeet-heimdal. Delete test_crypto_wrapping.c, previously included but unbuilt. Andrew Bartlett (This used to be commit d5fb30fb0cef330e0947969f0c9afc1f58fc4c7d) --- source4/heimdal/kdc/kdc_locl.h | 5 +- source4/heimdal/kdc/kerberos5.c | 36 +- source4/heimdal/kdc/pkinit.c | 44 +- source4/heimdal/kdc/process.c | 18 +- source4/heimdal/lib/asn1/asn1_gen.c | 10 +- source4/heimdal/lib/asn1/canthandle.asn1 | 8 +- source4/heimdal/lib/asn1/lex.c | 6 +- source4/heimdal/lib/asn1/parse.c | 519 +++++++++++---------- source4/heimdal/lib/asn1/parse.h | 6 +- source4/heimdal/lib/gssapi/init_sec_context.c | 5 +- source4/heimdal/lib/hdb/ext.c | 366 +++++++++++++++ source4/heimdal/lib/hdb/hdb-private.h | 28 +- source4/heimdal/lib/hdb/hdb-protos.h | 59 ++- source4/heimdal/lib/hdb/hdb.asn1 | 50 +- source4/heimdal/lib/hdb/hdb.h | 17 +- source4/heimdal/lib/hdb/hdb_err.et | 3 +- source4/heimdal/lib/hdb/mkey.c | 595 ++++++++++++++++++++++++ source4/heimdal/lib/krb5/crypto.c | 10 +- source4/heimdal/lib/krb5/fcache.c | 2 +- source4/heimdal/lib/krb5/init_creds_pw.c | 19 +- source4/heimdal/lib/krb5/krb5-private.h | 10 + source4/heimdal/lib/krb5/krb5-protos.h | 8 + source4/heimdal/lib/krb5/pkinit.c | 115 ++++- source4/heimdal/lib/krb5/test_crypto_wrapping.c | 163 ------- source4/heimdal/lib/krb5/test_pkinit_dh2key.c | 110 ----- 25 files changed, 1603 insertions(+), 609 deletions(-) create mode 100644 source4/heimdal/lib/hdb/ext.c create mode 100644 source4/heimdal/lib/hdb/mkey.c delete mode 100644 source4/heimdal/lib/krb5/test_crypto_wrapping.c delete mode 100644 source4/heimdal/lib/krb5/test_pkinit_dh2key.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h index d347c6080c..b87895d56c 100644 --- a/source4/heimdal/kdc/kdc_locl.h +++ b/source4/heimdal/kdc/kdc_locl.h @@ -32,7 +32,7 @@ */ /* - * $Id: kdc_locl.h,v 1.71 2005/07/01 15:36:16 lha Exp $ + * $Id: kdc_locl.h,v 1.72 2005/08/12 08:46:39 lha Exp $ */ #ifndef __KDC_LOCL_H__ @@ -61,7 +61,8 @@ extern struct timeval _kdc_now; krb5_error_code _kdc_as_rep(krb5_context context, krb5_kdc_configuration *config, - KDC_REQ*, krb5_data*, const char*, struct sockaddr*); + KDC_REQ*, const krb5_data*, krb5_data*, + const char*, struct sockaddr*); krb5_kdc_configuration * configure(krb5_context context, int argc, char **argv); diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index e85a269a01..27a25d95ff 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -189,7 +189,8 @@ log_timestamp(krb5_context context, KerberosTime authtime, KerberosTime *starttime, KerberosTime endtime, KerberosTime *renew_till) { - char authtime_str[100], starttime_str[100], endtime_str[100], renewtime_str[100]; + char authtime_str[100], starttime_str[100], + endtime_str[100], renewtime_str[100]; krb5_format_time(context, authtime, authtime_str, sizeof(authtime_str), TRUE); @@ -728,6 +729,7 @@ krb5_error_code _kdc_as_rep(krb5_context context, krb5_kdc_configuration *config, KDC_REQ *req, + const krb5_data *req_buffer, krb5_data *reply, const char *from, struct sockaddr *from_addr) @@ -940,7 +942,8 @@ _kdc_as_rep(krb5_context context, kdc_log(context, config, 5, "Failed to decrypt PA-DATA -- %s " "(enctype %s) error %s", - client_name, str ? str : "unknown enctype", + client_name, + str ? str : "unknown enctype", krb5_get_err_text(context, ret)); free(str); @@ -1308,8 +1311,9 @@ _kdc_as_rep(krb5_context context, reply_key = &ckey->key; #if PKINIT if (pkp) { - ret = _kdc_pk_mk_pa_reply(context, config, pkp, client, req, - &reply_key, rep.padata); + ret = _kdc_pk_mk_pa_reply(context, config, pkp, client, + req, req_buffer, + &reply_key, rep.padata); if (ret) goto out; } @@ -1372,30 +1376,35 @@ check_tgs_flags(krb5_context context, if(f.validate){ if(!tgt->flags.invalid || tgt->starttime == NULL){ - kdc_log(context, config, 0, "Bad request to validate ticket"); + kdc_log(context, config, 0, + "Bad request to validate ticket"); return KRB5KDC_ERR_BADOPTION; } if(*tgt->starttime > kdc_time){ - kdc_log(context, config, 0, "Early request to validate ticket"); + kdc_log(context, config, 0, + "Early request to validate ticket"); return KRB5KRB_AP_ERR_TKT_NYV; } /* XXX tkt = tgt */ et->flags.invalid = 0; }else if(tgt->flags.invalid){ - kdc_log(context, config, 0, "Ticket-granting ticket has INVALID flag set"); + kdc_log(context, config, 0, + "Ticket-granting ticket has INVALID flag set"); return KRB5KRB_AP_ERR_TKT_INVALID; } if(f.forwardable){ if(!tgt->flags.forwardable){ - kdc_log(context, config, 0, "Bad request for forwardable ticket"); + kdc_log(context, config, 0, + "Bad request for forwardable ticket"); return KRB5KDC_ERR_BADOPTION; } et->flags.forwardable = 1; } if(f.forwarded){ if(!tgt->flags.forwardable){ - kdc_log(context, config, 0, "Request to forward non-forwardable ticket"); + kdc_log(context, config, 0, + "Request to forward non-forwardable ticket"); return KRB5KDC_ERR_BADOPTION; } et->flags.forwarded = 1; @@ -1906,7 +1915,8 @@ tgs_check_authenticator(krb5_context context, free(buf); krb5_crypto_destroy(context, crypto); if(ret){ - kdc_log(context, config, 0, "Failed to verify authenticator checksum: %s", + kdc_log(context, config, 0, + "Failed to verify authenticator checksum: %s", krb5_get_err_text(context, ret)); } out: @@ -2102,11 +2112,11 @@ tgs_rep2(krb5_context context, ret = tgs_check_authenticator(context, config, ac, b, &e_text, &tgt->key); - if(ret){ + if (ret) { krb5_auth_con_free(context, ac); goto out2; } - + if (b->enc_authorization_data) { krb5_keyblock *subkey; krb5_data ad; @@ -2167,6 +2177,8 @@ tgs_rep2(krb5_context context, } } + krb5_auth_con_free(context, ac); + { PrincipalName *s; Realm r; diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index f591aa8fc1..fdeaf27ac4 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c,v 1.37 2005/07/26 18:37:02 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.41 2005/08/12 09:21:40 lha Exp $"); #ifdef PKINIT @@ -66,7 +66,7 @@ struct krb5_pk_cert { enum pkinit_type { PKINIT_COMPAT_WIN2K = 1, PKINIT_COMPAT_19 = 2, - PKINIT_COMPAT_25 = 3 + PKINIT_COMPAT_27 = 3 }; struct pk_client_params { @@ -640,7 +640,7 @@ _kdc_pk_rd_padata(krb5_context context, PA_PK_AS_REQ r; ContentInfo info; - type = "PK-INIT-25"; + type = "PK-INIT-27"; pa_contentType = oid_id_pkauthdata(); ret = decode_PA_PK_AS_REQ(pa->padata_value.data, @@ -796,7 +796,7 @@ _kdc_pk_rd_padata(krb5_context context, goto out; } - client_params->type = PKINIT_COMPAT_25; + client_params->type = PKINIT_COMPAT_27; client_params->nonce = ap.pkAuthenticator.nonce; if (ap.clientPublicValue) { @@ -851,6 +851,7 @@ static krb5_error_code pk_mk_pa_reply_enckey(krb5_context context, pk_client_params *client_params, const KDC_REQ *req, + const krb5_data *req_buffer, krb5_keyblock *reply_key, ContentInfo *content_info) { @@ -945,7 +946,8 @@ pk_mk_pa_reply_enckey(krb5_context context, &kp, &size,ret); free_ReplyKeyPack_19(&kp); } - case PKINIT_COMPAT_25: { + case PKINIT_COMPAT_27: { + krb5_crypto ascrypto; ReplyKeyPack kp; memset(&kp, 0, sizeof(kp)); @@ -954,9 +956,29 @@ pk_mk_pa_reply_enckey(krb5_context context, krb5_clear_error_string(context); goto out; } - /* XXX add whatever is the outcome of asChecksum discussion here */ + + ret = krb5_crypto_init(context, reply_key, 0, &ascrypto); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + + ret = krb5_create_checksum(context, ascrypto, 6, 0, + req_buffer->data, req_buffer->length, + &kp.asChecksum); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + + ret = krb5_crypto_destroy(context, ascrypto); + if (ret) { + krb5_clear_error_string(context); + goto out; + } ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret); free_ReplyKeyPack(&kp); + break; } default: krb5_abortx(context, "internal pkinit error"); @@ -1194,6 +1216,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, pk_client_params *client_params, const hdb_entry *client, const KDC_REQ *req, + const krb5_data *req_buffer, krb5_keyblock **reply_key, METHOD_DATA *md) { @@ -1223,7 +1246,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, } else enctype = ETYPE_DES3_CBC_SHA1; - if (client_params->type == PKINIT_COMPAT_25) { + if (client_params->type == PKINIT_COMPAT_27) { PA_PK_AS_REP rep; pa_type = KRB5_PADATA_PK_AS_REP; @@ -1239,6 +1262,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, ret = pk_mk_pa_reply_enckey(context, client_params, req, + req_buffer, &client_params->reply_key, &info); if (ret) { @@ -1259,7 +1283,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, krb5_abortx(context, "Internal ASN.1 encoder error"); } else { - krb5_set_error_string(context, "DH -25 not implemented"); + krb5_set_error_string(context, "DH -27 not implemented"); ret = KRB5KRB_ERR_GENERIC; } if (ret) { @@ -1291,6 +1315,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, ret = pk_mk_pa_reply_enckey(context, client_params, req, + req_buffer, &client_params->reply_key, &rep.u.encKeyPack); } else { @@ -1332,7 +1357,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, memset(&rep, 0, sizeof(rep)); if (client_params->dh) { - krb5_set_error_string(context, "DH -25 not implemented"); + krb5_set_error_string(context, "DH -27 not implemented"); ret = KRB5KRB_ERR_GENERIC; } else { rep.element = choice_PA_PK_AS_REP_encKeyPack; @@ -1343,6 +1368,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, ret = pk_mk_pa_reply_enckey(context, client_params, req, + req_buffer, &client_params->reply_key, &info); if (ret) { diff --git a/source4/heimdal/kdc/process.c b/source4/heimdal/kdc/process.c index 22cf23c48d..d0f8245bf9 100644 --- a/source4/heimdal/kdc/process.c +++ b/source4/heimdal/kdc/process.c @@ -34,7 +34,7 @@ #include "kdc_locl.h" -RCSID("$Id: process.c,v 1.2 2005/06/30 01:54:49 lha Exp $"); +RCSID("$Id: process.c,v 1.3 2005/08/12 08:25:48 lha Exp $"); /* * handle the request in `buf, len', from `addr' (or `from' as a string), @@ -58,7 +58,13 @@ krb5_kdc_process_generic_request(krb5_context context, gettimeofday(&_kdc_now, NULL); if(decode_AS_REQ(buf, len, &req, &i) == 0){ - ret = _kdc_as_rep(context, config, &req, reply, from, addr); + krb5_data req_buffer; + + req_buffer.data = buf; + req_buffer.length = len; + + ret = _kdc_as_rep(context, config, &req, &req_buffer, + reply, from, addr); free_AS_REQ(&req); return ret; }else if(decode_TGS_REQ(buf, len, &req, &i) == 0){ @@ -105,7 +111,13 @@ krb5_kdc_process_krb5_request(krb5_context context, gettimeofday(&_kdc_now, NULL); if(decode_AS_REQ(buf, len, &req, &i) == 0){ - ret = _kdc_as_rep(context, config, &req, reply, from, addr); + krb5_data req_buffer; + + req_buffer.data = buf; + req_buffer.length = len; + + ret = _kdc_as_rep(context, config, &req, &req_buffer, + reply, from, addr); free_AS_REQ(&req); return ret; }else if(decode_TGS_REQ(buf, len, &req, &i) == 0){ diff --git a/source4/heimdal/lib/asn1/asn1_gen.c b/source4/heimdal/lib/asn1/asn1_gen.c index 939fb1123e..95d670cbb1 100644 --- a/source4/heimdal/lib/asn1/asn1_gen.c +++ b/source4/heimdal/lib/asn1/asn1_gen.c @@ -40,7 +40,7 @@ #include #include -RCSID("$Id: asn1_gen.c,v 1.2 2005/07/12 06:27:14 lha Exp $"); +RCSID("$Id: asn1_gen.c,v 1.3 2005/08/11 10:44:43 lha Exp $"); static int doit(const char *fn) @@ -166,11 +166,11 @@ usage(int code) int main(int argc, char **argv) { - int optind = 0; + int optidx = 0; setprogname (argv[0]); - if(getarg(args, num_args, argc, argv, &optind)) + if(getarg(args, num_args, argc, argv, &optidx)) usage(1); if(help_flag) usage(0); @@ -178,8 +178,8 @@ main(int argc, char **argv) print_version(NULL); exit(0); } - argv += optind; - argc -= optind; + argv += optidx; + argc -= optidx; if (argc != 1) usage (1); diff --git a/source4/heimdal/lib/asn1/canthandle.asn1 b/source4/heimdal/lib/asn1/canthandle.asn1 index 55ba4d1bb6..7d012ed6f8 100644 --- a/source4/heimdal/lib/asn1/canthandle.asn1 +++ b/source4/heimdal/lib/asn1/canthandle.asn1 @@ -1,4 +1,4 @@ --- $Id: canthandle.asn1,v 1.4 2005/07/21 20:49:15 lha Exp $ -- +-- $Id: canthandle.asn1,v 1.5 2005/08/11 14:07:21 lha Exp $ -- CANTHANDLE DEFINITIONS ::= BEGIN @@ -31,4 +31,10 @@ Bar ::= SEQUENCE { Baz ::= SET OF INTEGER +-- Allocation is done on CONTEXT tags. + +Alloc ::= SEQUENCE { + a heim_any OPTIONAL +} + END diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index 713a3d26aa..3b563038e8 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -760,7 +760,7 @@ static unsigned lineno = 1; static void handle_comment(int type); static char *handle_string(void); -#line 764 "lex.yy.c" +#line 764 "lex.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -913,7 +913,7 @@ YY_DECL #line 62 "lex.l" -#line 917 "lex.yy.c" +#line 917 "lex.c" if ( yy_init ) { @@ -1481,7 +1481,7 @@ YY_RULE_SETUP #line 168 "lex.l" ECHO; YY_BREAK -#line 1485 "lex.yy.c" +#line 1485 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index 2d8697843b..83e8ccb8b5 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 1.875c. */ +/* A Bison parser, made by GNU Bison 2.0. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -291,7 +291,7 @@ typedef union YYSTYPE { struct tagtype tag; struct memhead *members; } YYSTYPE; -/* Line 191 of yacc.c. */ +/* Line 190 of yacc.c. */ #line 296 "parse.c" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -303,7 +303,7 @@ typedef union YYSTYPE { /* Copy the second part of user declarations. */ -/* Line 214 of yacc.c. */ +/* Line 213 of yacc.c. */ #line 308 "parse.c" #if ! defined (yyoverflow) || YYERROR_VERBOSE @@ -319,14 +319,10 @@ typedef union YYSTYPE { # ifdef YYSTACK_USE_ALLOCA # if YYSTACK_USE_ALLOCA -# define YYSTACK_ALLOC alloca -# endif -# else -# if defined (alloca) || defined (_ALLOCA_H) -# define YYSTACK_ALLOC alloca -# else # ifdef __GNUC__ # define YYSTACK_ALLOC __builtin_alloca +# else +# define YYSTACK_ALLOC alloca # endif # endif # endif @@ -352,7 +348,7 @@ typedef union YYSTYPE { /* A type that is properly aligned for any stack member. */ union yyalloc { - short yyss; + short int yyss; YYSTYPE yyvs; }; @@ -362,7 +358,7 @@ union yyalloc /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ - ((N) * (sizeof (short) + sizeof (YYSTYPE)) \ + ((N) * (sizeof (short int) + sizeof (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) /* Copy COUNT objects from FROM to TO. The source and destination do @@ -404,7 +400,7 @@ union yyalloc #if defined (__STDC__) || defined (__cplusplus) typedef signed char yysigned_char; #else - typedef short yysigned_char; + typedef short int yysigned_char; #endif /* YYFINAL -- State number of the termination state. */ @@ -471,7 +467,7 @@ static const unsigned char yytranslate[] = #if YYDEBUG /* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in YYRHS. */ -static const unsigned short yyprhs[] = +static const unsigned short int yyprhs[] = { 0, 0, 3, 12, 15, 18, 21, 22, 25, 26, 29, 30, 34, 35, 37, 38, 40, 43, 48, 50, @@ -489,7 +485,7 @@ static const unsigned short yyprhs[] = }; /* YYRHS -- A `-1'-separated list of the rules' RHS. */ -static const short yyrhs[] = +static const short int yyrhs[] = { 99, 0, -1, 86, 21, 100, 101, 84, 8, 102, 24, -1, 27, 70, -1, 38, 70, -1, 7, 70, @@ -527,7 +523,7 @@ static const short yyrhs[] = }; /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ -static const unsigned short yyrline[] = +static const unsigned short int yyrline[] = { 0, 222, 222, 229, 230, 232, 234, 237, 239, 242, 243, 246, 247, 250, 251, 254, 255, 258, 269, 270, @@ -592,7 +588,7 @@ static const char *const yytname[] = # ifdef YYPRINT /* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to token YYLEX-NUM. */ -static const unsigned short yytoknum[] = +static const unsigned short int yytoknum[] = { 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, @@ -670,7 +666,7 @@ static const unsigned char yydefact[] = }; /* YYDEFGOTO[NTERM-NUM]. */ -static const short yydefgoto[] = +static const short int yydefgoto[] = { -1, 2, 8, 13, 18, 19, 21, 22, 23, 27, 28, 24, 29, 56, 57, 58, 85, 59, 110, 111, @@ -724,7 +720,7 @@ static const yysigned_char yypgoto[] = number is the opposite. If zero, do what YYDEFACT says. If YYTABLE_NINF, syntax error. */ #define YYTABLE_NINF -13 -static const short yytable[] = +static const short int yytable[] = { 35, 36, 37, 88, 139, 38, 90, 17, 93, 98, 5, 149, 151, 105, 105, 150, 39, 154, 167, 105, @@ -744,7 +740,7 @@ static const short yytable[] = 163, 0, 170 }; -static const short yycheck[] = +static const short int yycheck[] = { 9, 10, 11, 53, 97, 14, 53, 40, 6, 27, 7, 91, 20, 86, 86, 95, 25, 91, 85, 86, @@ -840,20 +836,53 @@ do \ } \ while (0) + #define YYTERROR 1 #define YYERRCODE 256 -/* YYLLOC_DEFAULT -- Compute the default location (before the actions - are run). */ +/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. + If N is 0, then set CURRENT to the empty location which ends + the previous symbol: RHS[0] (always defined). */ + +#define YYRHSLOC(Rhs, K) ((Rhs)[K]) #ifndef YYLLOC_DEFAULT -# define YYLLOC_DEFAULT(Current, Rhs, N) \ - ((Current).first_line = (Rhs)[1].first_line, \ - (Current).first_column = (Rhs)[1].first_column, \ - (Current).last_line = (Rhs)[N].last_line, \ - (Current).last_column = (Rhs)[N].last_column) +# define YYLLOC_DEFAULT(Current, Rhs, N) \ + do \ + if (N) \ + { \ + (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ + (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ + (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ + (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ + } \ + else \ + { \ + (Current).first_line = (Current).last_line = \ + YYRHSLOC (Rhs, 0).last_line; \ + (Current).first_column = (Current).last_column = \ + YYRHSLOC (Rhs, 0).last_column; \ + } \ + while (0) #endif + +/* YY_LOCATION_PRINT -- Print the location on the stream. + This macro was not mandated originally: define only if we know + we won't break user code: when these are the locations we know. */ + +#ifndef YY_LOCATION_PRINT +# if YYLTYPE_IS_TRIVIAL +# define YY_LOCATION_PRINT(File, Loc) \ + fprintf (File, "%d.%d-%d.%d", \ + (Loc).first_line, (Loc).first_column, \ + (Loc).last_line, (Loc).last_column) +# else +# define YY_LOCATION_PRINT(File, Loc) ((void) 0) +# endif +#endif + + /* YYLEX -- calling `yylex' with the right arguments. */ #ifdef YYLEX_PARAM @@ -876,19 +905,13 @@ do { \ YYFPRINTF Args; \ } while (0) -# define YYDSYMPRINT(Args) \ -do { \ - if (yydebug) \ - yysymprint Args; \ -} while (0) - -# define YYDSYMPRINTF(Title, Token, Value, Location) \ +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ do { \ if (yydebug) \ { \ YYFPRINTF (stderr, "%s ", Title); \ yysymprint (stderr, \ - Token, Value); \ + Type, Value); \ YYFPRINTF (stderr, "\n"); \ } \ } while (0) @@ -900,12 +923,12 @@ do { \ #if defined (__STDC__) || defined (__cplusplus) static void -yy_stack_print (short *bottom, short *top) +yy_stack_print (short int *bottom, short int *top) #else static void yy_stack_print (bottom, top) - short *bottom; - short *top; + short int *bottom; + short int *top; #endif { YYFPRINTF (stderr, "Stack now"); @@ -955,8 +978,7 @@ do { \ int yydebug; #else /* !YYDEBUG */ # define YYDPRINTF(Args) -# define YYDSYMPRINT(Args) -# define YYDSYMPRINTF(Title, Token, Value, Location) +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) # define YY_STACK_PRINT(Bottom, Top) # define YY_REDUCE_PRINT(Rule) #endif /* !YYDEBUG */ @@ -974,10 +996,6 @@ int yydebug; SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH) evaluated with infinite-precision integer arithmetic. */ -#if defined (YYMAXDEPTH) && YYMAXDEPTH == 0 -# undef YYMAXDEPTH -#endif - #ifndef YYMAXDEPTH # define YYMAXDEPTH 10000 #endif @@ -1059,15 +1077,15 @@ yysymprint (yyoutput, yytype, yyvaluep) (void) yyvaluep; if (yytype < YYNTOKENS) - { - YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); -# ifdef YYPRINT - YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); -# endif - } + YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); else YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + +# ifdef YYPRINT + if (yytype < YYNTOKENS) + YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); +# endif switch (yytype) { default: @@ -1083,10 +1101,11 @@ yysymprint (yyoutput, yytype, yyvaluep) #if defined (__STDC__) || defined (__cplusplus) static void -yydestruct (int yytype, YYSTYPE *yyvaluep) +yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) #else static void -yydestruct (yytype, yyvaluep) +yydestruct (yymsg, yytype, yyvaluep) + const char *yymsg; int yytype; YYSTYPE *yyvaluep; #endif @@ -1094,6 +1113,10 @@ yydestruct (yytype, yyvaluep) /* Pacify ``unused variable'' warnings. */ (void) yyvaluep; + if (!yymsg) + yymsg = "Deleting"; + YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); + switch (yytype) { @@ -1121,10 +1144,10 @@ int yyparse (); -/* The lookahead symbol. */ +/* The look-ahead symbol. */ int yychar; -/* The semantic value of the lookahead symbol. */ +/* The semantic value of the look-ahead symbol. */ YYSTYPE yylval; /* Number of syntax errors so far. */ @@ -1160,7 +1183,7 @@ yyparse () int yyresult; /* Number of tokens to shift before error messages enabled. */ int yyerrstatus; - /* Lookahead token as an internal (translated) token number. */ + /* Look-ahead token as an internal (translated) token number. */ int yytoken = 0; /* Three stacks and their tools: @@ -1172,9 +1195,9 @@ yyparse () to reallocate them elsewhere. */ /* The state stack. */ - short yyssa[YYINITDEPTH]; - short *yyss = yyssa; - register short *yyssp; + short int yyssa[YYINITDEPTH]; + short int *yyss = yyssa; + register short int *yyssp; /* The semantic value stack. */ YYSTYPE yyvsa[YYINITDEPTH]; @@ -1211,6 +1234,9 @@ yyparse () yyssp = yyss; yyvsp = yyvs; + + yyvsp[0] = yylval; + goto yysetstate; /*------------------------------------------------------------. @@ -1236,7 +1262,7 @@ yyparse () these so that the &'s don't force the real ones into memory. */ YYSTYPE *yyvs1 = yyvs; - short *yyss1 = yyss; + short int *yyss1 = yyss; /* Each stack pointer address is followed by the size of the @@ -1264,7 +1290,7 @@ yyparse () yystacksize = YYMAXDEPTH; { - short *yyss1 = yyss; + short int *yyss1 = yyss; union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) @@ -1300,18 +1326,18 @@ yyparse () yybackup: /* Do appropriate processing given the current state. */ -/* Read a lookahead token if we need one and don't already have one. */ +/* Read a look-ahead token if we need one and don't already have one. */ /* yyresume: */ - /* First try to decide what to do without reference to lookahead token. */ + /* First try to decide what to do without reference to look-ahead token. */ yyn = yypact[yystate]; if (yyn == YYPACT_NINF) goto yydefault; - /* Not known => get a lookahead token if don't already have one. */ + /* Not known => get a look-ahead token if don't already have one. */ - /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ + /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ if (yychar == YYEMPTY) { YYDPRINTF ((stderr, "Reading a token: ")); @@ -1326,7 +1352,7 @@ yybackup: else { yytoken = YYTRANSLATE (yychar); - YYDSYMPRINTF ("Next token is", yytoken, &yylval, &yylloc); + YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); } /* If the proper action on seeing token YYTOKEN is to reduce or to @@ -1346,8 +1372,8 @@ yybackup: if (yyn == YYFINAL) YYACCEPT; - /* Shift the lookahead token. */ - YYDPRINTF ((stderr, "Shifting token %s, ", yytname[yytoken])); + /* Shift the look-ahead token. */ + YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); /* Discard the token being shifted unless it is eof. */ if (yychar != YYEOF) @@ -1422,38 +1448,38 @@ yyreduce: #line 259 "parse.y" { struct string_list *sl; - for(sl = yyvsp[-3].sl; sl != NULL; sl = sl->next) { + for(sl = (yyvsp[-3].sl); sl != NULL; sl = sl->next) { Symbol *s = addsym(sl->string); s->stype = Stype; } - add_import(yyvsp[-1].name); + add_import((yyvsp[-1].name)); } break; case 22: #line 278 "parse.y" { - yyval.sl = emalloc(sizeof(*yyval.sl)); - yyval.sl->string = yyvsp[-2].name; - yyval.sl->next = yyvsp[0].sl; + (yyval.sl) = emalloc(sizeof(*(yyval.sl))); + (yyval.sl)->string = (yyvsp[-2].name); + (yyval.sl)->next = (yyvsp[0].sl); } break; case 23: #line 284 "parse.y" { - yyval.sl = emalloc(sizeof(*yyval.sl)); - yyval.sl->string = yyvsp[0].name; - yyval.sl->next = NULL; + (yyval.sl) = emalloc(sizeof(*(yyval.sl))); + (yyval.sl)->string = (yyvsp[0].name); + (yyval.sl)->next = NULL; } break; case 24: #line 292 "parse.y" { - Symbol *s = addsym (yyvsp[-2].name); + Symbol *s = addsym ((yyvsp[-2].name)); s->stype = Stype; - s->type = yyvsp[0].type; + s->type = (yyvsp[0].type); fix_labels(s); generate_type (s); } @@ -1462,7 +1488,7 @@ yyreduce: case 41: #line 322 "parse.y" { - yyval.type = new_tag(ASN1_C_UNIV, UT_Boolean, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean, TE_EXPLICIT, new_type(TBoolean)); } break; @@ -1470,18 +1496,18 @@ yyreduce: case 42: #line 329 "parse.y" { - if(yyvsp[-3].value->type != integervalue || - yyvsp[-1].value->type != integervalue) + if((yyvsp[-3].value)->type != integervalue || + (yyvsp[-1].value)->type != integervalue) error_message("Non-integer value used in range"); - yyval.range.min = yyvsp[-3].value->u.integervalue; - yyval.range.max = yyvsp[-1].value->u.integervalue; + (yyval.range).min = (yyvsp[-3].value)->u.integervalue; + (yyval.range).max = (yyvsp[-1].value)->u.integervalue; } break; case 43: #line 339 "parse.y" { - yyval.type = new_tag(ASN1_C_UNIV, UT_Integer, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, new_type(TInteger)); } break; @@ -1489,90 +1515,90 @@ yyreduce: case 44: #line 344 "parse.y" { - yyval.type = new_type(TInteger); - yyval.type->range = emalloc(sizeof(*yyval.type->range)); - *(yyval.type->range) = yyvsp[0].range; - yyval.type = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, yyval.type); + (yyval.type) = new_type(TInteger); + (yyval.type)->range = emalloc(sizeof(*(yyval.type)->range)); + *((yyval.type)->range) = (yyvsp[0].range); + (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, (yyval.type)); } break; case 45: #line 351 "parse.y" { - yyval.type = new_type(TInteger); - yyval.type->members = yyvsp[-1].members; - yyval.type = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, yyval.type); + (yyval.type) = new_type(TInteger); + (yyval.type)->members = (yyvsp[-1].members); + (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, (yyval.type)); } break; case 46: #line 359 "parse.y" { - yyval.members = emalloc(sizeof(*yyval.members)); - ASN1_TAILQ_INIT(yyval.members); - ASN1_TAILQ_INSERT_HEAD(yyval.members, yyvsp[0].member, members); + (yyval.members) = emalloc(sizeof(*(yyval.members))); + ASN1_TAILQ_INIT((yyval.members)); + ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[0].member), members); } break; case 47: #line 365 "parse.y" { - ASN1_TAILQ_INSERT_TAIL(yyvsp[-2].members, yyvsp[0].member, members); - yyval.members = yyvsp[-2].members; + ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members); + (yyval.members) = (yyvsp[-2].members); } break; case 48: #line 370 "parse.y" - { yyval.members = yyvsp[-2].members; } + { (yyval.members) = (yyvsp[-2].members); } break; case 49: #line 374 "parse.y" { - yyval.member = emalloc(sizeof(*yyval.member)); - yyval.member->name = yyvsp[-3].name; - yyval.member->gen_name = estrdup(yyvsp[-3].name); - output_name (yyval.member->gen_name); - yyval.member->val = yyvsp[-1].constant; - yyval.member->optional = 0; - yyval.member->ellipsis = 0; - yyval.member->type = NULL; + (yyval.member) = emalloc(sizeof(*(yyval.member))); + (yyval.member)->name = (yyvsp[-3].name); + (yyval.member)->gen_name = estrdup((yyvsp[-3].name)); + output_name ((yyval.member)->gen_name); + (yyval.member)->val = (yyvsp[-1].constant); + (yyval.member)->optional = 0; + (yyval.member)->ellipsis = 0; + (yyval.member)->type = NULL; } break; case 50: #line 387 "parse.y" { - yyval.type = new_type(TInteger); - yyval.type->members = yyvsp[-1].members; - yyval.type = new_tag(ASN1_C_UNIV, UT_Enumerated, TE_EXPLICIT, yyval.type); + (yyval.type) = new_type(TInteger); + (yyval.type)->members = (yyvsp[-1].members); + (yyval.type) = new_tag(ASN1_C_UNIV, UT_Enumerated, TE_EXPLICIT, (yyval.type)); } break; case 52: #line 398 "parse.y" { - yyval.type = new_type(TBitString); - yyval.type->members = emalloc(sizeof(*yyval.type->members)); - ASN1_TAILQ_INIT(yyval.type->members); - yyval.type = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, yyval.type); + (yyval.type) = new_type(TBitString); + (yyval.type)->members = emalloc(sizeof(*(yyval.type)->members)); + ASN1_TAILQ_INIT((yyval.type)->members); + (yyval.type) = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, (yyval.type)); } break; case 53: #line 405 "parse.y" { - yyval.type = new_type(TBitString); - yyval.type->members = yyvsp[-1].members; - yyval.type = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, yyval.type); + (yyval.type) = new_type(TBitString); + (yyval.type)->members = (yyvsp[-1].members); + (yyval.type) = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, (yyval.type)); } break; case 54: #line 413 "parse.y" { - yyval.type = new_tag(ASN1_C_UNIV, UT_OID, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_OID, TE_EXPLICIT, new_type(TOID)); } break; @@ -1580,7 +1606,7 @@ yyreduce: case 55: #line 419 "parse.y" { - yyval.type = new_tag(ASN1_C_UNIV, UT_OctetString, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_OctetString, TE_EXPLICIT, new_type(TOctetString)); } break; @@ -1588,7 +1614,7 @@ yyreduce: case 56: #line 426 "parse.y" { - yyval.type = new_tag(ASN1_C_UNIV, UT_Null, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_Null, TE_EXPLICIT, new_type(TNull)); } break; @@ -1596,81 +1622,81 @@ yyreduce: case 57: #line 433 "parse.y" { - yyval.type = new_type(TSequence); - yyval.type->members = yyvsp[-1].members; - yyval.type = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, yyval.type); + (yyval.type) = new_type(TSequence); + (yyval.type)->members = (yyvsp[-1].members); + (yyval.type) = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, (yyval.type)); } break; case 58: #line 439 "parse.y" { - yyval.type = new_type(TSequence); - yyval.type->members = NULL; - yyval.type = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, yyval.type); + (yyval.type) = new_type(TSequence); + (yyval.type)->members = NULL; + (yyval.type) = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, (yyval.type)); } break; case 59: #line 447 "parse.y" { - yyval.type = new_type(TSequenceOf); - yyval.type->subtype = yyvsp[0].type; - yyval.type = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, yyval.type); + (yyval.type) = new_type(TSequenceOf); + (yyval.type)->subtype = (yyvsp[0].type); + (yyval.type) = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, (yyval.type)); } break; case 60: #line 455 "parse.y" { - yyval.type = new_type(TSet); - yyval.type->members = yyvsp[-1].members; - yyval.type = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, yyval.type); + (yyval.type) = new_type(TSet); + (yyval.type)->members = (yyvsp[-1].members); + (yyval.type) = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, (yyval.type)); } break; case 61: #line 461 "parse.y" { - yyval.type = new_type(TSet); - yyval.type->members = NULL; - yyval.type = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, yyval.type); + (yyval.type) = new_type(TSet); + (yyval.type)->members = NULL; + (yyval.type) = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, (yyval.type)); } break; case 62: #line 469 "parse.y" { - yyval.type = new_type(TSetOf); - yyval.type->subtype = yyvsp[0].type; - yyval.type = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, yyval.type); + (yyval.type) = new_type(TSetOf); + (yyval.type)->subtype = (yyvsp[0].type); + (yyval.type) = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, (yyval.type)); } break; case 63: #line 477 "parse.y" { - yyval.type = new_type(TChoice); - yyval.type->members = yyvsp[-1].members; + (yyval.type) = new_type(TChoice); + (yyval.type)->members = (yyvsp[-1].members); } break; case 66: #line 488 "parse.y" { - Symbol *s = addsym(yyvsp[0].name); - yyval.type = new_type(TType); + Symbol *s = addsym((yyvsp[0].name)); + (yyval.type) = new_type(TType); if(s->stype != Stype && s->stype != SUndefined) - error_message ("%s is not a type\n", yyvsp[0].name); + error_message ("%s is not a type\n", (yyvsp[0].name)); else - yyval.type->symbol = s; + (yyval.type)->symbol = s; } break; case 67: #line 499 "parse.y" { - yyval.type = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, TE_EXPLICIT, new_type(TGeneralizedTime)); } break; @@ -1678,7 +1704,7 @@ yyreduce: case 68: #line 504 "parse.y" { - yyval.type = new_tag(ASN1_C_UNIV, UT_UTCTime, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime, TE_EXPLICIT, new_type(TUTCTime)); } break; @@ -1686,72 +1712,72 @@ yyreduce: case 69: #line 511 "parse.y" { - yyval.type = new_type(TTag); - yyval.type->tag = yyvsp[-2].tag; - yyval.type->tag.tagenv = yyvsp[-1].constant; - if(yyvsp[0].type->type == TTag && yyvsp[-1].constant == TE_IMPLICIT) { - yyval.type->subtype = yyvsp[0].type->subtype; - free(yyvsp[0].type); + (yyval.type) = new_type(TTag); + (yyval.type)->tag = (yyvsp[-2].tag); + (yyval.type)->tag.tagenv = (yyvsp[-1].constant); + if((yyvsp[0].type)->type == TTag && (yyvsp[-1].constant) == TE_IMPLICIT) { + (yyval.type)->subtype = (yyvsp[0].type)->subtype; + free((yyvsp[0].type)); } else - yyval.type->subtype = yyvsp[0].type; + (yyval.type)->subtype = (yyvsp[0].type); } break; case 70: #line 524 "parse.y" { - yyval.tag.tagclass = yyvsp[-2].constant; - yyval.tag.tagvalue = yyvsp[-1].constant; - yyval.tag.tagenv = TE_EXPLICIT; + (yyval.tag).tagclass = (yyvsp[-2].constant); + (yyval.tag).tagvalue = (yyvsp[-1].constant); + (yyval.tag).tagenv = TE_EXPLICIT; } break; case 71: #line 532 "parse.y" { - yyval.constant = ASN1_C_CONTEXT; + (yyval.constant) = ASN1_C_CONTEXT; } break; case 72: #line 536 "parse.y" { - yyval.constant = ASN1_C_UNIV; + (yyval.constant) = ASN1_C_UNIV; } break; case 73: #line 540 "parse.y" { - yyval.constant = ASN1_C_APPL; + (yyval.constant) = ASN1_C_APPL; } break; case 74: #line 544 "parse.y" { - yyval.constant = ASN1_C_PRIVATE; + (yyval.constant) = ASN1_C_PRIVATE; } break; case 75: #line 550 "parse.y" { - yyval.constant = TE_EXPLICIT; + (yyval.constant) = TE_EXPLICIT; } break; case 76: #line 554 "parse.y" { - yyval.constant = TE_EXPLICIT; + (yyval.constant) = TE_EXPLICIT; } break; case 77: #line 558 "parse.y" { - yyval.constant = TE_IMPLICIT; + (yyval.constant) = TE_IMPLICIT; } break; @@ -1759,10 +1785,10 @@ yyreduce: #line 565 "parse.y" { Symbol *s; - s = addsym (yyvsp[-3].name); + s = addsym ((yyvsp[-3].name)); s->stype = SValue; - s->value = yyvsp[0].value; + s->value = (yyvsp[0].value); generate_constant (s); } break; @@ -1770,7 +1796,7 @@ yyreduce: case 80: #line 579 "parse.y" { - yyval.type = new_tag(ASN1_C_UNIV, UT_GeneralString, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString, TE_EXPLICIT, new_type(TGeneralString)); } break; @@ -1778,7 +1804,7 @@ yyreduce: case 81: #line 584 "parse.y" { - yyval.type = new_tag(ASN1_C_UNIV, UT_UTF8String, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String, TE_EXPLICIT, new_type(TUTF8String)); } break; @@ -1786,7 +1812,7 @@ yyreduce: case 82: #line 589 "parse.y" { - yyval.type = new_tag(ASN1_C_UNIV, UT_PrintableString, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString, TE_EXPLICIT, new_type(TPrintableString)); } break; @@ -1794,7 +1820,7 @@ yyreduce: case 83: #line 594 "parse.y" { - yyval.type = new_tag(ASN1_C_UNIV, UT_IA5String, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, TE_EXPLICIT, new_type(TIA5String)); } break; @@ -1802,7 +1828,7 @@ yyreduce: case 84: #line 599 "parse.y" { - yyval.type = new_tag(ASN1_C_UNIV, UT_BMPString, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, TE_EXPLICIT, new_type(TBMPString)); } break; @@ -1810,7 +1836,7 @@ yyreduce: case 85: #line 604 "parse.y" { - yyval.type = new_tag(ASN1_C_UNIV, UT_UniversalString, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString, TE_EXPLICIT, new_type(TUniversalString)); } break; @@ -1818,17 +1844,17 @@ yyreduce: case 86: #line 612 "parse.y" { - yyval.members = emalloc(sizeof(*yyval.members)); - ASN1_TAILQ_INIT(yyval.members); - ASN1_TAILQ_INSERT_HEAD(yyval.members, yyvsp[0].member, members); + (yyval.members) = emalloc(sizeof(*(yyval.members))); + ASN1_TAILQ_INIT((yyval.members)); + ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[0].member), members); } break; case 87: #line 618 "parse.y" { - ASN1_TAILQ_INSERT_TAIL(yyvsp[-2].members, yyvsp[0].member, members); - yyval.members = yyvsp[-2].members; + ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members); + (yyval.members) = (yyvsp[-2].members); } break; @@ -1839,108 +1865,108 @@ yyreduce: m->name = estrdup("..."); m->gen_name = estrdup("asn1_ellipsis"); m->ellipsis = 1; - ASN1_TAILQ_INSERT_TAIL(yyvsp[-2].members, m, members); - yyval.members = yyvsp[-2].members; + ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), m, members); + (yyval.members) = (yyvsp[-2].members); } break; case 89: #line 634 "parse.y" { - yyval.member = emalloc(sizeof(*yyval.member)); - yyval.member->name = yyvsp[-1].name; - yyval.member->gen_name = estrdup(yyvsp[-1].name); - output_name (yyval.member->gen_name); - yyval.member->type = yyvsp[0].type; - yyval.member->ellipsis = 0; + (yyval.member) = emalloc(sizeof(*(yyval.member))); + (yyval.member)->name = (yyvsp[-1].name); + (yyval.member)->gen_name = estrdup((yyvsp[-1].name)); + output_name ((yyval.member)->gen_name); + (yyval.member)->type = (yyvsp[0].type); + (yyval.member)->ellipsis = 0; } break; case 90: #line 645 "parse.y" { - yyval.member = yyvsp[0].member; - yyval.member->optional = 0; - yyval.member->defval = NULL; + (yyval.member) = (yyvsp[0].member); + (yyval.member)->optional = 0; + (yyval.member)->defval = NULL; } break; case 91: #line 651 "parse.y" { - yyval.member = yyvsp[-1].member; - yyval.member->optional = 1; - yyval.member->defval = NULL; + (yyval.member) = (yyvsp[-1].member); + (yyval.member)->optional = 1; + (yyval.member)->defval = NULL; } break; case 92: #line 657 "parse.y" { - yyval.member = yyvsp[-2].member; - yyval.member->optional = 0; - yyval.member->defval = yyvsp[0].value; + (yyval.member) = (yyvsp[-2].member); + (yyval.member)->optional = 0; + (yyval.member)->defval = (yyvsp[0].value); } break; case 93: #line 665 "parse.y" { - yyval.members = emalloc(sizeof(*yyval.members)); - ASN1_TAILQ_INIT(yyval.members); - ASN1_TAILQ_INSERT_HEAD(yyval.members, yyvsp[0].member, members); + (yyval.members) = emalloc(sizeof(*(yyval.members))); + ASN1_TAILQ_INIT((yyval.members)); + ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[0].member), members); } break; case 94: #line 671 "parse.y" { - ASN1_TAILQ_INSERT_TAIL(yyvsp[-2].members, yyvsp[0].member, members); - yyval.members = yyvsp[-2].members; + ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members); + (yyval.members) = (yyvsp[-2].members); } break; case 95: #line 678 "parse.y" { - yyval.member = emalloc(sizeof(*yyval.member)); - yyval.member->name = yyvsp[-3].name; - yyval.member->gen_name = estrdup(yyvsp[-3].name); - output_name (yyval.member->gen_name); - yyval.member->val = yyvsp[-1].constant; - yyval.member->optional = 0; - yyval.member->ellipsis = 0; - yyval.member->type = NULL; + (yyval.member) = emalloc(sizeof(*(yyval.member))); + (yyval.member)->name = (yyvsp[-3].name); + (yyval.member)->gen_name = estrdup((yyvsp[-3].name)); + output_name ((yyval.member)->gen_name); + (yyval.member)->val = (yyvsp[-1].constant); + (yyval.member)->optional = 0; + (yyval.member)->ellipsis = 0; + (yyval.member)->type = NULL; } break; case 97: #line 691 "parse.y" - { yyval.objid = NULL; } + { (yyval.objid) = NULL; } break; case 98: #line 695 "parse.y" { - yyval.objid = yyvsp[-1].objid; + (yyval.objid) = (yyvsp[-1].objid); } break; case 99: #line 701 "parse.y" { - yyval.objid = NULL; + (yyval.objid) = NULL; } break; case 100: #line 705 "parse.y" { - if (yyvsp[0].objid) { - yyval.objid = yyvsp[0].objid; - add_oid_to_tail(yyvsp[0].objid, yyvsp[-1].objid); + if ((yyvsp[0].objid)) { + (yyval.objid) = (yyvsp[0].objid); + add_oid_to_tail((yyvsp[0].objid), (yyvsp[-1].objid)); } else { - yyval.objid = yyvsp[-1].objid; + (yyval.objid) = (yyvsp[-1].objid); } } break; @@ -1948,76 +1974,76 @@ yyreduce: case 101: #line 716 "parse.y" { - yyval.objid = new_objid(yyvsp[-3].name, yyvsp[-1].constant); + (yyval.objid) = new_objid((yyvsp[-3].name), (yyvsp[-1].constant)); } break; case 102: #line 720 "parse.y" { - Symbol *s = addsym(yyvsp[0].name); + Symbol *s = addsym((yyvsp[0].name)); if(s->stype != SValue || s->value->type != objectidentifiervalue) { error_message("%s is not an object identifier\n", s->name); exit(1); } - yyval.objid = s->value->u.objectidentifiervalue; + (yyval.objid) = s->value->u.objectidentifiervalue; } break; case 103: #line 731 "parse.y" { - yyval.objid = new_objid(NULL, yyvsp[0].constant); + (yyval.objid) = new_objid(NULL, (yyvsp[0].constant)); } break; case 113: #line 754 "parse.y" { - Symbol *s = addsym(yyvsp[0].name); + Symbol *s = addsym((yyvsp[0].name)); if(s->stype != SValue) error_message ("%s is not a value\n", s->name); else - yyval.value = s->value; + (yyval.value) = s->value; } break; case 114: #line 765 "parse.y" { - yyval.value = emalloc(sizeof(*yyval.value)); - yyval.value->type = stringvalue; - yyval.value->u.stringvalue = yyvsp[0].name; + (yyval.value) = emalloc(sizeof(*(yyval.value))); + (yyval.value)->type = stringvalue; + (yyval.value)->u.stringvalue = (yyvsp[0].name); } break; case 115: #line 773 "parse.y" { - yyval.value = emalloc(sizeof(*yyval.value)); - yyval.value->type = booleanvalue; - yyval.value->u.booleanvalue = 0; + (yyval.value) = emalloc(sizeof(*(yyval.value))); + (yyval.value)->type = booleanvalue; + (yyval.value)->u.booleanvalue = 0; } break; case 116: #line 779 "parse.y" { - yyval.value = emalloc(sizeof(*yyval.value)); - yyval.value->type = booleanvalue; - yyval.value->u.booleanvalue = 0; + (yyval.value) = emalloc(sizeof(*(yyval.value))); + (yyval.value)->type = booleanvalue; + (yyval.value)->u.booleanvalue = 0; } break; case 117: #line 787 "parse.y" { - yyval.value = emalloc(sizeof(*yyval.value)); - yyval.value->type = integervalue; - yyval.value->u.integervalue = yyvsp[0].constant; + (yyval.value) = emalloc(sizeof(*(yyval.value))); + (yyval.value)->type = integervalue; + (yyval.value)->u.integervalue = (yyvsp[0].constant); } break; @@ -2030,17 +2056,17 @@ yyreduce: case 120: #line 803 "parse.y" { - yyval.value = emalloc(sizeof(*yyval.value)); - yyval.value->type = objectidentifiervalue; - yyval.value->u.objectidentifiervalue = yyvsp[0].objid; + (yyval.value) = emalloc(sizeof(*(yyval.value))); + (yyval.value)->type = objectidentifiervalue; + (yyval.value)->u.objectidentifiervalue = (yyvsp[0].objid); } break; } -/* Line 1000 of yacc.c. */ -#line 2044 "parse.c" +/* Line 1037 of yacc.c. */ +#line 2070 "parse.c" yyvsp -= yylen; yyssp -= yylen; @@ -2140,7 +2166,7 @@ yyerrlab: if (yyerrstatus == 3) { - /* If just tried and failed to reuse lookahead token after an + /* If just tried and failed to reuse look-ahead token after an error, discard it. */ if (yychar <= YYEOF) @@ -2150,23 +2176,22 @@ yyerrlab: if (yychar == YYEOF) for (;;) { + YYPOPSTACK; if (yyssp == yyss) YYABORT; - YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp); - yydestruct (yystos[*yyssp], yyvsp); + yydestruct ("Error: popping", + yystos[*yyssp], yyvsp); } } else { - YYDSYMPRINTF ("Error: discarding", yytoken, &yylval, &yylloc); - yydestruct (yytoken, &yylval); + yydestruct ("Error: discarding", yytoken, &yylval); yychar = YYEMPTY; - } } - /* Else will try to reuse lookahead token after shifting the error + /* Else will try to reuse look-ahead token after shifting the error token. */ goto yyerrlab1; @@ -2183,7 +2208,7 @@ yyerrorlab: goto yyerrorlab; #endif - yyvsp -= yylen; +yyvsp -= yylen; yyssp -= yylen; yystate = *yyssp; goto yyerrlab1; @@ -2213,8 +2238,8 @@ yyerrlab1: if (yyssp == yyss) YYABORT; - YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp); - yydestruct (yystos[yystate], yyvsp); + + yydestruct ("Error: popping", yystos[yystate], yyvsp); YYPOPSTACK; yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); @@ -2223,11 +2248,12 @@ yyerrlab1: if (yyn == YYFINAL) YYACCEPT; - YYDPRINTF ((stderr, "Shifting error token, ")); - *++yyvsp = yylval; + /* Shift the error token. */ + YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); + yystate = yyn; goto yynewstate; @@ -2243,6 +2269,9 @@ yyacceptlab: | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ yyabortlab: + yydestruct ("Error: discarding lookahead", + yytoken, &yylval); + yychar = YYEMPTY; yyresult = 1; goto yyreturn; diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h index ad2ed3c4a2..76ff8755c9 100644 --- a/source4/heimdal/lib/asn1/parse.h +++ b/source4/heimdal/lib/asn1/parse.h @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 1.875c. */ +/* A Bison parser, made by GNU Bison 2.0. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -224,7 +224,7 @@ typedef union YYSTYPE { struct tagtype tag; struct memhead *members; } YYSTYPE; -/* Line 1275 of yacc.c. */ +/* Line 1318 of yacc.c. */ #line 229 "parse.h" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c index 0376ca30bf..6a80934e46 100644 --- a/source4/heimdal/lib/gssapi/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/init_sec_context.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: init_sec_context.c,v 1.58 2005/07/13 07:00:15 lha Exp $"); +RCSID("$Id: init_sec_context.c,v 1.59 2005/08/11 10:47:25 lha Exp $"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -989,9 +989,6 @@ spnego_initial u_char *buf; size_t buf_size, buf_len; krb5_data data; -#if 1 - size_t ni_len; -#endif memset (&ni, 0, sizeof(ni)); diff --git a/source4/heimdal/lib/hdb/ext.c b/source4/heimdal/lib/hdb/ext.c new file mode 100644 index 0000000000..850b23fb04 --- /dev/null +++ b/source4/heimdal/lib/hdb/ext.c @@ -0,0 +1,366 @@ +/* + * Copyright (c) 2004 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hdb_locl.h" +#include + +RCSID("$Id: ext.c,v 1.1 2005/08/11 20:49:31 lha Exp $"); + +krb5_error_code +hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) +{ + int i; + + if (ent->extensions == NULL) + return 0; + + /* + * check for unknown extensions and if they where tagged mandatory + */ + + for (i = 0; i < ent->extensions->len; i++) { + if (ent->extensions->val[i].data.element != + choice_HDB_extension_data_asn1_ellipsis) + continue; + if (ent->extensions->val[i].mandatory) { + krb5_set_error_string(context, "Principal have unknown " + "mandatory extension"); + return HDB_ERR_MANDATORY_OPTION; + } + } + return 0; +} + +HDB_extension * +hdb_find_extension(const hdb_entry *entry, int type) +{ + int i; + + if (entry->extensions == NULL) + return NULL; + + for (i = 0; i < entry->extensions->len; i++) + if (entry->extensions->val[i].data.element == type) + return &entry->extensions->val[i]; + return NULL; +} + +/* + * Replace the extension `ext' in `entry'. Make a copy of the + * extension, so the caller must still free `ext' on both success and + * failure. Returns 0 or error code. + */ + +krb5_error_code +hdb_replace_extension(krb5_context context, + hdb_entry *entry, + const HDB_extension *ext) +{ + HDB_extension *ext2; + HDB_extension *es; + int ret; + + ext2 = NULL; + + if (entry->extensions == NULL) { + entry->extensions = calloc(1, sizeof(*entry->extensions)); + if (entry->extensions == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + } else if (ext->data.element != choice_HDB_extension_data_asn1_ellipsis) { + ext2 = hdb_find_extension(entry, ext->data.element); + } else { + /* + * This is an unknown extention, and we are asked to replace a + * possible entry in `entry' that is of the same type. This + * might seem impossible, but ASN.1 CHOICE comes to our + * rescue. The first tag in each branch in the CHOICE is + * unique, so just find the element in the list that have the + * same tag was we are putting into the list. + */ + Der_class replace_class, list_class; + Der_type replace_type, list_type; + unsigned int replace_tag, list_tag; + size_t size; + int i; + + ret = der_get_tag(ext->data.u.asn1_ellipsis.data, + ext->data.u.asn1_ellipsis.length, + &replace_class, &replace_type, &replace_tag, + &size); + if (ret) { + krb5_set_error_string(context, "hdb: failed to decode " + "replacement hdb extention"); + return ret; + } + + for (i = 0; i < entry->extensions->len; i++) { + HDB_extension *ext3 = &entry->extensions->val[i]; + + if (ext3->data.element != choice_HDB_extension_data_asn1_ellipsis) + continue; + + ret = der_get_tag(ext3->data.u.asn1_ellipsis.data, + ext3->data.u.asn1_ellipsis.length, + &list_class, &list_type, &list_tag, + &size); + if (ret) { + krb5_set_error_string(context, "hdb: failed to decode " + "present hdb extention"); + return ret; + } + + if (MAKE_TAG(replace_class,replace_type,replace_type) == + MAKE_TAG(list_class,list_type,list_type)) { + ext2 = ext3; + break; + } + } + } + + if (ext2) { + free_HDB_extension(ext2); + ret = copy_HDB_extension(ext, ext2); + if (ret) + krb5_set_error_string(context, "hdb: failed to copy replacement " + "hdb extention"); + return ret; + } + + es = realloc(entry->extensions->val, + (entry->extensions->len+1)*sizeof(entry->extensions->val[0])); + if (es == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + entry->extensions->val = es; + + ret = copy_HDB_extension(ext, + &entry->extensions->val[entry->extensions->len]); + if (ret == 0) { + entry->extensions->len++; + krb5_set_error_string(context, "hdb: failed to copy new extension"); + } + + return ret; +} + +krb5_error_code +hdb_clear_extension(krb5_context context, + hdb_entry *entry, + int type) +{ + int i; + + if (entry->extensions == NULL) + return 0; + + for (i = 0; i < entry->extensions->len; i++) { + if (entry->extensions->val[i].data.element == type) { + free_HDB_extension(&entry->extensions->val[i]); + memmove(&entry->extensions->val[i], + &entry->extensions->val[i + 1], + sizeof(entry->extensions->val[i]) * (entry->extensions->len - i - 1)); + entry->extensions->len--; + } + } + if (entry->extensions->len == 0) { + free(entry->extensions->val); + free(entry->extensions); + entry->extensions = NULL; + } + + return 0; +} + + +krb5_error_code +hdb_entry_get_pkinit_acl(const hdb_entry *entry, const HDB_Ext_PKINIT_acl **a) +{ + const HDB_extension *ext; + + ext = hdb_find_extension(entry, choice_HDB_extension_data_pkinit_acl); + if (ext) + *a = &ext->data.u.pkinit_acl; + else + *a = NULL; + + return 0; +} + +krb5_error_code +hdb_entry_get_pw_change_time(const hdb_entry *entry, time_t *t) +{ + const HDB_extension *ext; + + ext = hdb_find_extension(entry, choice_HDB_extension_data_last_pw_change); + if (ext) + *t = ext->data.u.last_pw_change; + else + *t = 0; + + return 0; +} + +krb5_error_code +hdb_entry_set_pw_change_time(krb5_context context, + hdb_entry *entry, + time_t t) +{ + HDB_extension ext; + + ext.mandatory = FALSE; + ext.data.element = choice_HDB_extension_data_last_pw_change; + if (t == 0) + t = time(NULL); + ext.data.u.last_pw_change = t; + + return hdb_replace_extension(context, entry, &ext); +} + +int +hdb_entry_get_password(krb5_context context, HDB *db, + const hdb_entry *entry, char **p) +{ + HDB_extension *ext; + int ret; + + ext = hdb_find_extension(entry, choice_HDB_extension_data_password); + if (ext) { + heim_utf8_string str; + heim_octet_string pw; + + if (db->hdb_master_key_set && ext->data.u.password.mkvno) { + hdb_master_key key; + + key = _hdb_find_master_key(ext->data.u.password.mkvno, + db->hdb_master_key); + + if (key == NULL) { + krb5_set_error_string(context, "master key %d missing", + *ext->data.u.password.mkvno); + return HDB_ERR_NO_MKEY; + } + + ret = _hdb_mkey_decrypt(context, key, HDB_KU_MKEY, + ext->data.u.password.password.data, + ext->data.u.password.password.length, + &pw); + } else { + ret = copy_octet_string(&ext->data.u.password.password, &pw); + } + if (ret) { + krb5_clear_error_string(context); + return ret; + } + + str = pw.data; + if (str[pw.length - 1] != '\0') { + krb5_set_error_string(context, "password malformated"); + return EINVAL; + } + + *p = strdup(str); + + free_octet_string(&pw); + if (*p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + return 0; + } + krb5_set_error_string(context, "password attribute not found"); + return ENOENT; +} + +int +hdb_entry_set_password(krb5_context context, HDB *db, + hdb_entry *entry, const char *p) +{ + HDB_extension ext; + hdb_master_key key; + int ret; + + ext.mandatory = FALSE; + ext.data.element = choice_HDB_extension_data_password; + + if (db->hdb_master_key_set) { + + key = _hdb_find_master_key(NULL, db->hdb_master_key); + if (key == NULL) { + krb5_set_error_string(context, "hdb_entry_set_password: " + "failed to find masterkey"); + return HDB_ERR_NO_MKEY; + } + + ret = _hdb_mkey_encrypt(context, key, HDB_KU_MKEY, + p, strlen(p) + 1, + &ext.data.u.password.password); + if (ret) + return ret; + + ext.data.u.password.mkvno = + malloc(sizeof(*ext.data.u.password.mkvno)); + if (ext.data.u.password.mkvno == NULL) { + free_HDB_extension(&ext); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + *ext.data.u.password.mkvno = _hdb_mkey_version(key); + + } else { + ext.data.u.password.mkvno = NULL; + + ret = krb5_data_copy(&ext.data.u.password.password, + p, strlen(p) + 1); + if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); + free_HDB_extension(&ext); + return ret; + } + } + + ret = hdb_replace_extension(context, entry, &ext); + + free_HDB_extension(&ext); + + return ret; +} + +int +hdb_entry_clear_password(krb5_context context, hdb_entry *entry) +{ + return hdb_clear_extension(context, entry, + choice_HDB_extension_data_password); +} diff --git a/source4/heimdal/lib/hdb/hdb-private.h b/source4/heimdal/lib/hdb/hdb-private.h index a2b96bb047..7baa944053 100644 --- a/source4/heimdal/lib/hdb/hdb-private.h +++ b/source4/heimdal/lib/hdb/hdb-private.h @@ -9,10 +9,36 @@ _hdb_fetch ( krb5_context /*context*/, HDB */*db*/, unsigned /*flags*/, - krb5_principal /*principal*/, + krb5_const_principal /*principal*/, enum hdb_ent_type /*ent_type*/, hdb_entry */*entry*/); +hdb_master_key +_hdb_find_master_key ( + u_int32_t */*mkvno*/, + hdb_master_key /*mkey*/); + +int +_hdb_mkey_decrypt ( + krb5_context /*context*/, + hdb_master_key /*key*/, + krb5_key_usage /*usage*/, + void */*ptr*/, + size_t /*size*/, + krb5_data */*res*/); + +int +_hdb_mkey_encrypt ( + krb5_context /*context*/, + hdb_master_key /*key*/, + krb5_key_usage /*usage*/, + const void */*ptr*/, + size_t /*size*/, + krb5_data */*res*/); + +int +_hdb_mkey_version (hdb_master_key /*mkey*/); + krb5_error_code _hdb_remove ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h index 886d48e5bd..799f013eba 100644 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -19,6 +19,12 @@ hdb_check_db_format ( krb5_context /*context*/, HDB */*db*/); +krb5_error_code +hdb_clear_extension ( + krb5_context /*context*/, + hdb_entry */*entry*/, + int /*type*/); + krb5_error_code hdb_clear_master_key ( krb5_context /*context*/, @@ -55,6 +61,51 @@ hdb_entry2value ( hdb_entry */*ent*/, krb5_data */*value*/); +krb5_error_code +hdb_entry_check_mandatory ( + krb5_context /*context*/, + const hdb_entry */*ent*/); + +int +hdb_entry_clear_password ( + krb5_context /*context*/, + hdb_entry */*entry*/); + +int +hdb_entry_get_password ( + krb5_context /*context*/, + HDB */*db*/, + const hdb_entry */*entry*/, + char **/*p*/); + +krb5_error_code +hdb_entry_get_pkinit_acl ( + const hdb_entry */*entry*/, + const HDB_Ext_PKINIT_acl **/*a*/); + +krb5_error_code +hdb_entry_get_pw_change_time ( + const hdb_entry */*entry*/, + time_t */*t*/); + +int +hdb_entry_set_password ( + krb5_context /*context*/, + HDB */*db*/, + hdb_entry */*entry*/, + const char */*p*/); + +krb5_error_code +hdb_entry_set_pw_change_time ( + krb5_context /*context*/, + hdb_entry */*entry*/, + time_t /*t*/); + +HDB_extension * +hdb_find_extension ( + const hdb_entry */*entry*/, + int /*type*/); + krb5_error_code hdb_foreach ( krb5_context /*context*/, @@ -141,7 +192,7 @@ hdb_next_enctype2key ( int hdb_principal2key ( krb5_context /*context*/, - krb5_principal /*p*/, + krb5_const_principal /*p*/, krb5_data */*key*/); krb5_error_code @@ -165,6 +216,12 @@ hdb_read_master_key ( const char */*filename*/, hdb_master_key */*mkey*/); +krb5_error_code +hdb_replace_extension ( + krb5_context /*context*/, + hdb_entry */*entry*/, + const HDB_extension */*ext*/); + krb5_error_code hdb_seal_key ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/hdb/hdb.asn1 b/source4/heimdal/lib/hdb/hdb.asn1 index 770acf4dce..c8a1a34b4f 100644 --- a/source4/heimdal/lib/hdb/hdb.asn1 +++ b/source4/heimdal/lib/hdb/hdb.asn1 @@ -1,4 +1,4 @@ --- $Id: hdb.asn1,v 1.12 2004/11/10 18:50:27 lha Exp $ +-- $Id: hdb.asn1,v 1.13 2005/08/11 13:15:44 lha Exp $ HDB DEFINITIONS ::= BEGIN @@ -50,6 +50,51 @@ GENERATION ::= SEQUENCE { gen[2] INTEGER (0..4294967295) -- generation number } +HDB-Ext-PKINIT-acl ::= SEQUENCE OF SEQUENCE { + subject[0] UTF8String, + issuer[1] UTF8String +} + +HDB-Ext-PKINIT-certificate ::= SEQUENCE OF OCTET STRING + +HDB-Ext-Constrained-delegation-acl ::= SEQUENCE OF Principal + +-- hdb-ext-referrals ::= PA-SERVER-REFERRAL-DATA + +HDB-Ext-Lan-Manager-OWF ::= OCTET STRING + +HDB-Ext-Password ::= SEQUENCE { + mkvno[0] INTEGER (0..4294967295) OPTIONAL, -- master key version number + password OCTET STRING +} + +HDB-Ext-Aliases ::= SEQUENCE { + case-insensitive[0] BOOLEAN, -- case insensitive name allowed + aliases[1] SEQUENCE OF Principal -- all names, inc primary +} + + +HDB-extension ::= SEQUENCE { + mandatory[0] BOOLEAN, -- kdc MUST understand this extension, + -- if not the whole entry must + -- be rejected + data[1] CHOICE { + pkinit-acl[0] HDB-Ext-PKINIT-acl, + pkinit-cert[1] HDB-Ext-PKINIT-certificate, + allowed-to-delegate-to[2] HDB-Ext-Constrained-delegation-acl, +-- referral-info[3] HDB-Ext-Referrals, + lm-owf[4] HDB-Ext-Lan-Manager-OWF, + password[5] HDB-Ext-Password, + aliases[6] HDB-Ext-Aliases, + last-pw-change[7] KerberosTime, + ... + }, + ... +} + +HDB-extensions ::= SEQUENCE OF HDB-extension + + hdb_entry ::= SEQUENCE { principal[0] Principal OPTIONAL, -- this is optional only -- for compatibility with libkrb5 @@ -64,7 +109,8 @@ hdb_entry ::= SEQUENCE { max-renew[9] INTEGER (0..4294967295) OPTIONAL, flags[10] HDBFlags, etypes[11] SEQUENCE OF INTEGER (0..4294967295) OPTIONAL, - generation[12] GENERATION OPTIONAL + generation[12] GENERATION OPTIONAL, + extensions[13] HDB-extensions OPTIONAL } END diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index 481d4ea93d..fe86f0ae72 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,20 +31,21 @@ * SUCH DAMAGE. */ -/* $Id: hdb.h,v 1.33 2003/09/19 00:19:36 lha Exp $ */ +/* $Id: hdb.h,v 1.35 2005/08/11 13:16:44 lha Exp $ */ #ifndef __HDB_H__ #define __HDB_H__ #include +#include #include enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK }; /* flags for various functions */ -#define HDB_F_DECRYPT 1 /* decrypt keys */ -#define HDB_F_REPLACE 2 /* replace entry */ +#define HDB_F_DECRYPT 1 /* decrypt keys */ +#define HDB_F_REPLACE 2 /* replace entry */ /* key usage for master key */ #define HDB_KU_MKEY 0x484442 @@ -68,20 +69,20 @@ typedef struct HDB{ krb5_error_code (*hdb_store)(krb5_context,struct HDB*,unsigned,hdb_entry*); krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry*); krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*, - unsigned, hdb_entry*); + unsigned, hdb_entry*); krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*, - unsigned, hdb_entry*); + unsigned, hdb_entry*); krb5_error_code (*hdb_lock)(krb5_context, struct HDB*, int operation); krb5_error_code (*hdb_unlock)(krb5_context, struct HDB*); krb5_error_code (*hdb_rename)(krb5_context, struct HDB*, const char*); krb5_error_code (*hdb__get)(krb5_context,struct HDB*,krb5_data,krb5_data*); krb5_error_code (*hdb__put)(krb5_context, struct HDB*, int, - krb5_data, krb5_data); + krb5_data, krb5_data); krb5_error_code (*hdb__del)(krb5_context, struct HDB*, krb5_data); krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*); }HDB; -#define HDB_INTERFACE_VERSION 1 +#define HDB_INTERFACE_VERSION 2 struct hdb_so_method { int version; diff --git a/source4/heimdal/lib/hdb/hdb_err.et b/source4/heimdal/lib/hdb/hdb_err.et index 9929a56311..f2636b2fea 100644 --- a/source4/heimdal/lib/hdb/hdb_err.et +++ b/source4/heimdal/lib/hdb/hdb_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: hdb_err.et,v 1.5 2001/01/28 23:05:52 assar Exp $" +id "$Id: hdb_err.et,v 1.6 2005/08/11 13:17:22 lha Exp $" error_table hdb @@ -23,5 +23,6 @@ error_code CANT_LOCK_DB, "Insufficient access to lock database" error_code EXISTS, "Entry already exists in database" error_code BADVERSION, "Wrong database version" error_code NO_MKEY, "No correct master key" +error_code MANDATORY_OPTION, "Entry contains unknown mandatory extension" end diff --git a/source4/heimdal/lib/hdb/mkey.c b/source4/heimdal/lib/hdb/mkey.c new file mode 100644 index 0000000000..9e04dc6d8d --- /dev/null +++ b/source4/heimdal/lib/hdb/mkey.c @@ -0,0 +1,595 @@ +/* + * Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hdb_locl.h" +#ifndef O_BINARY +#define O_BINARY 0 +#endif + +RCSID("$Id: mkey.c,v 1.20 2005/08/10 08:41:03 lha Exp $"); + +struct hdb_master_key_data { + krb5_keytab_entry keytab; + krb5_crypto crypto; + struct hdb_master_key_data *next; +}; + +void +hdb_free_master_key(krb5_context context, hdb_master_key mkey) +{ + struct hdb_master_key_data *ptr; + while(mkey) { + krb5_kt_free_entry(context, &mkey->keytab); + if (mkey->crypto) + krb5_crypto_destroy(context, mkey->crypto); + ptr = mkey; + mkey = mkey->next; + free(ptr); + } +} + +krb5_error_code +hdb_process_master_key(krb5_context context, + int kvno, krb5_keyblock *key, krb5_enctype etype, + hdb_master_key *mkey) +{ + krb5_error_code ret; + + *mkey = calloc(1, sizeof(**mkey)); + if(*mkey == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + (*mkey)->keytab.vno = kvno; + ret = krb5_parse_name(context, "K/M", &(*mkey)->keytab.principal); + if(ret) + goto fail; + ret = krb5_copy_keyblock_contents(context, key, &(*mkey)->keytab.keyblock); + if(ret) + goto fail; + if(etype != 0) + (*mkey)->keytab.keyblock.keytype = etype; + (*mkey)->keytab.timestamp = time(NULL); + ret = krb5_crypto_init(context, key, etype, &(*mkey)->crypto); + if(ret) + goto fail; + return 0; + fail: + hdb_free_master_key(context, *mkey); + *mkey = NULL; + return ret; +} + +krb5_error_code +hdb_add_master_key(krb5_context context, krb5_keyblock *key, + hdb_master_key *inout) +{ + int vno = 0; + hdb_master_key p; + krb5_error_code ret; + + for(p = *inout; p; p = p->next) + vno = max(vno, p->keytab.vno); + vno++; + ret = hdb_process_master_key(context, vno, key, 0, &p); + if(ret) + return ret; + p->next = *inout; + *inout = p; + return 0; +} + +static krb5_error_code +read_master_keytab(krb5_context context, const char *filename, + hdb_master_key *mkey) +{ + krb5_error_code ret; + krb5_keytab id; + krb5_kt_cursor cursor; + krb5_keytab_entry entry; + hdb_master_key p; + + ret = krb5_kt_resolve(context, filename, &id); + if(ret) + return ret; + + ret = krb5_kt_start_seq_get(context, id, &cursor); + if(ret) + goto out; + *mkey = NULL; + while(krb5_kt_next_entry(context, id, &entry, &cursor) == 0) { + p = calloc(1, sizeof(*p)); + p->keytab = entry; + ret = krb5_crypto_init(context, &p->keytab.keyblock, 0, &p->crypto); + p->next = *mkey; + *mkey = p; + } + krb5_kt_end_seq_get(context, id, &cursor); + out: + krb5_kt_close(context, id); + return ret; +} + +/* read a MIT master keyfile */ +static krb5_error_code +read_master_mit(krb5_context context, const char *filename, + hdb_master_key *mkey) +{ + int fd; + krb5_error_code ret; + krb5_storage *sp; + int16_t enctype; + krb5_keyblock key; + + fd = open(filename, O_RDONLY | O_BINARY); + if(fd < 0) { + int save_errno = errno; + krb5_set_error_string(context, "failed to open %s: %s", filename, + strerror(save_errno)); + return save_errno; + } + sp = krb5_storage_from_fd(fd); + if(sp == NULL) { + close(fd); + return errno; + } + krb5_storage_set_flags(sp, KRB5_STORAGE_HOST_BYTEORDER); +#if 0 + /* could possibly use ret_keyblock here, but do it with more + checks for now */ + ret = krb5_ret_keyblock(sp, &key); +#else + ret = krb5_ret_int16(sp, &enctype); + if((htons(enctype) & 0xff00) == 0x3000) { + krb5_set_error_string(context, "unknown keytype in %s: %#x, expected %#x", + filename, htons(enctype), 0x3000); + ret = HEIM_ERR_BAD_MKEY; + goto out; + } + key.keytype = enctype; + ret = krb5_ret_data(sp, &key.keyvalue); + if(ret) + goto out; +#endif + ret = hdb_process_master_key(context, 0, &key, 0, mkey); + krb5_free_keyblock_contents(context, &key); + out: + krb5_storage_free(sp); + close(fd); + return ret; +} + +/* read an old master key file */ +static krb5_error_code +read_master_encryptionkey(krb5_context context, const char *filename, + hdb_master_key *mkey) +{ + int fd; + krb5_keyblock key; + krb5_error_code ret; + unsigned char buf[256]; + ssize_t len; + size_t ret_len; + + fd = open(filename, O_RDONLY | O_BINARY); + if(fd < 0) { + int save_errno = errno; + krb5_set_error_string(context, "failed to open %s: %s", + filename, strerror(save_errno)); + return save_errno; + } + + len = read(fd, buf, sizeof(buf)); + close(fd); + if(len < 0) { + int save_errno = errno; + krb5_set_error_string(context, "error reading %s: %s", + filename, strerror(save_errno)); + return save_errno; + } + + ret = decode_EncryptionKey(buf, len, &key, &ret_len); + memset(buf, 0, sizeof(buf)); + if(ret) + return ret; + + /* Originally, the keytype was just that, and later it got changed + to des-cbc-md5, but we always used des in cfb64 mode. This + should cover all cases, but will break if someone has hacked + this code to really use des-cbc-md5 -- but then that's not my + problem. */ + if(key.keytype == KEYTYPE_DES || key.keytype == ETYPE_DES_CBC_MD5) + key.keytype = ETYPE_DES_CFB64_NONE; + + ret = hdb_process_master_key(context, 0, &key, 0, mkey); + krb5_free_keyblock_contents(context, &key); + return ret; +} + +/* read a krb4 /.k style file */ +static krb5_error_code +read_master_krb4(krb5_context context, const char *filename, + hdb_master_key *mkey) +{ + int fd; + krb5_keyblock key; + krb5_error_code ret; + unsigned char buf[256]; + ssize_t len; + + fd = open(filename, O_RDONLY | O_BINARY); + if(fd < 0) { + int save_errno = errno; + krb5_set_error_string(context, "failed to open %s: %s", + filename, strerror(save_errno)); + return save_errno; + } + + len = read(fd, buf, sizeof(buf)); + close(fd); + if(len < 0) { + int save_errno = errno; + krb5_set_error_string(context, "error reading %s: %s", + filename, strerror(save_errno)); + return save_errno; + } + if(len != 8) { + krb5_set_error_string(context, "bad contents of %s", filename); + return HEIM_ERR_EOF; /* XXX file might be too large */ + } + + memset(&key, 0, sizeof(key)); + key.keytype = ETYPE_DES_PCBC_NONE; + ret = krb5_data_copy(&key.keyvalue, buf, len); + memset(buf, 0, sizeof(buf)); + if(ret) + return ret; + + ret = hdb_process_master_key(context, 0, &key, 0, mkey); + krb5_free_keyblock_contents(context, &key); + return ret; +} + +krb5_error_code +hdb_read_master_key(krb5_context context, const char *filename, + hdb_master_key *mkey) +{ + FILE *f; + unsigned char buf[16]; + krb5_error_code ret; + + off_t len; + + *mkey = NULL; + + if(filename == NULL) + filename = HDB_DB_DIR "/m-key"; + + f = fopen(filename, "r"); + if(f == NULL) { + int save_errno = errno; + krb5_set_error_string(context, "failed to open %s: %s", + filename, strerror(save_errno)); + return save_errno; + } + + if(fread(buf, 1, 2, f) != 2) { + krb5_set_error_string(context, "end of file reading %s", filename); + fclose(f); + return HEIM_ERR_EOF; + } + + fseek(f, 0, SEEK_END); + len = ftell(f); + + if(fclose(f) != 0) + return errno; + + if(len < 0) + return errno; + + if(len == 8) { + ret = read_master_krb4(context, filename, mkey); + } else if(buf[0] == 0x30 && len <= 127 && buf[1] == len - 2) { + ret = read_master_encryptionkey(context, filename, mkey); + } else if(buf[0] == 5 && buf[1] >= 1 && buf[1] <= 2) { + ret = read_master_keytab(context, filename, mkey); + } else { + ret = read_master_mit(context, filename, mkey); + } + return ret; +} + +krb5_error_code +hdb_write_master_key(krb5_context context, const char *filename, + hdb_master_key mkey) +{ + krb5_error_code ret; + hdb_master_key p; + krb5_keytab kt; + + if(filename == NULL) + filename = HDB_DB_DIR "/m-key"; + + ret = krb5_kt_resolve(context, filename, &kt); + if(ret) + return ret; + + for(p = mkey; p; p = p->next) { + ret = krb5_kt_add_entry(context, kt, &p->keytab); + } + + krb5_kt_close(context, kt); + + return ret; +} + +hdb_master_key +_hdb_find_master_key(u_int32_t *mkvno, hdb_master_key mkey) +{ + hdb_master_key ret = NULL; + while(mkey) { + if(ret == NULL && mkey->keytab.vno == 0) + ret = mkey; + if(mkvno == NULL) { + if(ret == NULL || mkey->keytab.vno > ret->keytab.vno) + ret = mkey; + } else if(mkey->keytab.vno == *mkvno) + return mkey; + mkey = mkey->next; + } + return ret; +} + +int +_hdb_mkey_version(hdb_master_key mkey) +{ + return mkey->keytab.vno; +} + +int +_hdb_mkey_decrypt(krb5_context context, hdb_master_key key, + krb5_key_usage usage, + void *ptr, size_t size, krb5_data *res) +{ + return krb5_decrypt(context, key->crypto, usage, + ptr, size, res); +} + +int +_hdb_mkey_encrypt(krb5_context context, hdb_master_key key, + krb5_key_usage usage, + const void *ptr, size_t size, krb5_data *res) +{ + return krb5_encrypt(context, key->crypto, usage, + ptr, size, res); +} + +krb5_error_code +hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey) +{ + + krb5_error_code ret; + krb5_data res; + size_t keysize; + + hdb_master_key key; + + if(k->mkvno == NULL) + return 0; + + key = _hdb_find_master_key(k->mkvno, mkey); + + if (key == NULL) + return HDB_ERR_NO_MKEY; + + ret = _hdb_mkey_decrypt(context, key, HDB_KU_MKEY, + k->key.keyvalue.data, + k->key.keyvalue.length, + &res); + if(ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) { + /* try to decrypt with MIT key usage */ + ret = _hdb_mkey_decrypt(context, key, 0, + k->key.keyvalue.data, + k->key.keyvalue.length, + &res); + } + if (ret) + return ret; + + /* fixup keylength if the key got padded when encrypting it */ + ret = krb5_enctype_keysize(context, k->key.keytype, &keysize); + if (ret) { + krb5_data_free(&res); + return ret; + } + if (keysize > res.length) { + krb5_data_free(&res); + return KRB5_BAD_KEYSIZE; + } + + memset(k->key.keyvalue.data, 0, k->key.keyvalue.length); + free(k->key.keyvalue.data); + k->key.keyvalue = res; + k->key.keyvalue.length = keysize; + free(k->mkvno); + k->mkvno = NULL; + + return 0; +} + +krb5_error_code +hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey) +{ + int i; + + for(i = 0; i < ent->keys.len; i++){ + krb5_error_code ret; + + ret = hdb_unseal_key_mkey(context, &ent->keys.val[i], mkey); + if (ret) + return ret; + } + return 0; +} + +krb5_error_code +hdb_unseal_keys(krb5_context context, HDB *db, hdb_entry *ent) +{ + if (db->hdb_master_key_set == 0) + return 0; + return hdb_unseal_keys_mkey(context, ent, db->hdb_master_key); +} + +krb5_error_code +hdb_unseal_key(krb5_context context, HDB *db, Key *k) +{ + if (db->hdb_master_key_set == 0) + return 0; + return hdb_unseal_key_mkey(context, k, db->hdb_master_key); +} + +krb5_error_code +hdb_seal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey) +{ + krb5_error_code ret; + krb5_data res; + hdb_master_key key; + + key = _hdb_find_master_key(k->mkvno, mkey); + + if (key == NULL) + return HDB_ERR_NO_MKEY; + + ret = _hdb_mkey_encrypt(context, key, HDB_KU_MKEY, + k->key.keyvalue.data, + k->key.keyvalue.length, + &res); + if (ret) + return ret; + + memset(k->key.keyvalue.data, 0, k->key.keyvalue.length); + free(k->key.keyvalue.data); + k->key.keyvalue = res; + + if (k->mkvno == NULL) { + k->mkvno = malloc(sizeof(*k->mkvno)); + if (k->mkvno == NULL) + return ENOMEM; + } + *k->mkvno = key->keytab.vno; + + return 0; +} + +krb5_error_code +hdb_seal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey) +{ + int i; + for(i = 0; i < ent->keys.len; i++){ + krb5_error_code ret; + + ret = hdb_seal_key_mkey(context, &ent->keys.val[i], mkey); + if (ret) + return ret; + } + return 0; +} + +krb5_error_code +hdb_seal_keys(krb5_context context, HDB *db, hdb_entry *ent) +{ + if (db->hdb_master_key_set == 0) + return 0; + + return hdb_seal_keys_mkey(context, ent, db->hdb_master_key); +} + +krb5_error_code +hdb_seal_key(krb5_context context, HDB *db, Key *k) +{ + if (db->hdb_master_key_set == 0) + return 0; + + return hdb_seal_key_mkey(context, k, db->hdb_master_key); +} + +krb5_error_code +hdb_set_master_key (krb5_context context, + HDB *db, + krb5_keyblock *key) +{ + krb5_error_code ret; + hdb_master_key mkey; + + ret = hdb_process_master_key(context, 0, key, 0, &mkey); + if (ret) + return ret; + db->hdb_master_key = mkey; +#if 0 /* XXX - why? */ + des_set_random_generator_seed(key.keyvalue.data); +#endif + db->hdb_master_key_set = 1; + return 0; +} + +krb5_error_code +hdb_set_master_keyfile (krb5_context context, + HDB *db, + const char *keyfile) +{ + hdb_master_key key; + krb5_error_code ret; + + ret = hdb_read_master_key(context, keyfile, &key); + if (ret) { + if (ret != ENOENT) + return ret; + krb5_clear_error_string(context); + return 0; + } + db->hdb_master_key = key; + db->hdb_master_key_set = 1; + return ret; +} + +krb5_error_code +hdb_clear_master_key (krb5_context context, + HDB *db) +{ + if (db->hdb_master_key_set) { + hdb_free_master_key(context, db->hdb_master_key); + db->hdb_master_key_set = 0; + } + return 0; +} diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index c8fa556696..1c3e8d2a10 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -2124,8 +2124,7 @@ verify_checksum(krb5_context context, return KRB5_PROG_SUMTYPE_NOSUPP; } if(ct->checksumsize != cksum->checksum.length) { - krb5_set_error_string (context, "checksum length was %d, but should be %d for checksum type %s", - cksum->checksum.length, ct->checksumsize, ct->name); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */ } keyed_checksum = (ct->flags & F_KEYED) != 0; @@ -2146,11 +2145,8 @@ verify_checksum(krb5_context context, (*ct->checksum)(context, dkey, data, len, usage, &c); - if(c.checksum.length != cksum->checksum.length) { - krb5_set_error_string (context, "(INTERNAL ERROR) our checksum length was %d, but should be %d for checksum type %s", - c.checksum.length, ct->checksumsize, ct->name); - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } else if (memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) { + if(c.checksum.length != cksum->checksum.length || + memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) { krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; } else { diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c index 03848abb9a..f8ebe837b7 100644 --- a/source4/heimdal/lib/krb5/fcache.c +++ b/source4/heimdal/lib/krb5/fcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: fcache.c,v 1.49 2005/06/16 20:25:20 lha Exp $"); +RCSID("$Id: fcache.c,v 1.51 2005/08/12 13:31:19 lha Exp $"); typedef struct krb5_fcache{ char *filename; diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index 8b3975f418..8fd5c4611f 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c,v 1.87 2005/06/17 04:15:20 lha Exp $"); +RCSID("$Id: init_creds_pw.c,v 1.88 2005/08/13 08:25:32 lha Exp $"); typedef struct krb5_get_init_creds_ctx { krb5_kdc_flags flags; @@ -45,6 +45,7 @@ typedef struct krb5_get_init_creds_ctx { unsigned nonce; unsigned pk_nonce; + krb5_data req_buffer; AS_REQ as_req; int pa_counter; @@ -1158,6 +1159,7 @@ process_pa_data_to_key(krb5_context context, ctx->pk_init_ctx, etype, ctx->pk_nonce, + &ctx->req_buffer, pa, key); #else @@ -1218,7 +1220,6 @@ init_cred_loop(krb5_context context, ctx->pa_counter = 0; while (ctx->pa_counter < MAX_PA_COUNTER) { - krb5_data req; ctx->pa_counter++; @@ -1237,17 +1238,20 @@ init_cred_loop(krb5_context context, prompter, prompter_data); if (ret) goto out; - ASN1_MALLOC_ENCODE(AS_REQ, req.data, req.length, + + krb5_data_free(&ctx->req_buffer); + + ASN1_MALLOC_ENCODE(AS_REQ, + ctx->req_buffer.data, ctx->req_buffer.length, &ctx->as_req, &len, ret); if (ret) goto out; - if(len != req.length) + if(len != ctx->req_buffer.length) krb5_abortx(context, "internal error in ASN.1 encoder"); - ret = krb5_sendto_kdc_flags (context, &req, + ret = krb5_sendto_kdc_flags (context, &ctx->req_buffer, &creds->client->realm, &resp, send_to_kdc_flags); - krb5_data_free(&req); if (ret) goto out; @@ -1336,6 +1340,7 @@ init_cred_loop(krb5_context context, krb5_free_keyblock(context, key); } out: + krb5_data_free(&ctx->req_buffer); free_METHOD_DATA(&md); memset(&md, 0, sizeof(md)); diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index b877de8cf2..e70527845b 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -293,6 +293,16 @@ _krb5_pk_mk_padata ( unsigned /*nonce*/, METHOD_DATA */*md*/); +krb5_error_code +_krb5_pk_octetstring2key ( + krb5_context /*context*/, + krb5_enctype /*type*/, + const void */*dhdata*/, + size_t /*dhsize*/, + const heim_octet_string */*c_n*/, + const heim_octet_string */*k_n*/, + krb5_keyblock */*key*/); + krb5_error_code KRB5_LIB_FUNCTION _krb5_pk_rd_pa_reply ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index f306bf949f..2750c8b5d2 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -3251,6 +3251,14 @@ krb5_verify_init_creds_opt_set_ap_req_nofail ( krb5_verify_init_creds_opt */*options*/, int /*ap_req_nofail*/); +int KRB5_LIB_FUNCTION +krb5_verify_opt_alloc ( + krb5_context /*context*/, + krb5_verify_opt **/*opt*/); + +void KRB5_LIB_FUNCTION +krb5_verify_opt_free (krb5_verify_opt */*opt*/); + void KRB5_LIB_FUNCTION krb5_verify_opt_init (krb5_verify_opt */*opt*/); diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 35a751c291..69f72d7b88 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c,v 1.58 2005/07/23 10:42:01 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.59 2005/08/12 08:53:00 lha Exp $"); #ifdef PKINIT @@ -58,7 +58,7 @@ RCSID("$Id: pkinit.c,v 1.58 2005/07/23 10:42:01 lha Exp $"); enum { COMPAT_WIN2K = 1, COMPAT_19 = 2, - COMPAT_25 = 3 + COMPAT_27 = 3 }; @@ -716,7 +716,7 @@ pk_mk_padata(krb5_context context, krb5_abortx(context, "internal ASN1 encoder error"); oid = oid_id_pkauthdata(); - } else if (compat == COMPAT_25) { + } else if (compat == COMPAT_27) { AuthPack ap; memset(&ap, 0, sizeof(ap)); @@ -802,7 +802,7 @@ pk_mk_padata(krb5_context context, free_PA_PK_AS_REQ_19(&req_19); - } else if (compat == COMPAT_25) { + } else if (compat == COMPAT_27) { pa_type = KRB5_PADATA_PK_AS_REQ; @@ -871,7 +871,7 @@ _krb5_pk_mk_padata(krb5_context context, if (ret) goto out; - ret = pk_mk_padata(context, COMPAT_25, ctx, req_body, nonce, md); + ret = pk_mk_padata(context, COMPAT_27, ctx, req_body, nonce, md); if (ret) goto out; } @@ -1280,10 +1280,10 @@ _krb5_pk_verify_sign(krb5_context context, } static krb5_error_code -get_reply_key(krb5_context context, - const krb5_data *content, - unsigned nonce, - krb5_keyblock **key) +get_reply_key_19(krb5_context context, + const krb5_data *content, + unsigned nonce, + krb5_keyblock **key) { ReplyKeyPack_19 key_pack; krb5_error_code ret; @@ -1323,6 +1323,69 @@ get_reply_key(krb5_context context, return ret; } +static krb5_error_code +get_reply_key(krb5_context context, + const krb5_data *content, + const krb5_data *req_buffer, + krb5_keyblock **key) +{ + ReplyKeyPack key_pack; + krb5_error_code ret; + size_t size; + + ret = decode_ReplyKeyPack(content->data, + content->length, + &key_pack, + &size); + if (ret) { + krb5_set_error_string(context, "PKINIT decoding reply key failed"); + free_ReplyKeyPack(&key_pack); + return ret; + } + + { + krb5_crypto crypto; + + /* + * XXX Verify kp.replyKey is a allowed enctype in the + * configuration file + */ + + ret = krb5_crypto_init(context, &key_pack.replyKey, 0, &crypto); + if (ret) { + free_ReplyKeyPack(&key_pack); + return ret; + } + + ret = krb5_verify_checksum(context, crypto, 6, + req_buffer->data, req_buffer->length, + &key_pack.asChecksum); + krb5_crypto_destroy(context, crypto); + if (ret) { + free_ReplyKeyPack(&key_pack); + return ret; + } + } + + *key = malloc (sizeof (**key)); + if (*key == NULL) { + krb5_set_error_string(context, "PKINIT failed allocating reply key"); + free_ReplyKeyPack(&key_pack); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + ret = copy_EncryptionKey(&key_pack.replyKey, *key); + free_ReplyKeyPack(&key_pack); + if (ret) { + krb5_set_error_string(context, "PKINIT failed copying reply key"); + free(*key); + } + + return ret; +} + + static krb5_error_code pk_verify_host(krb5_context context, struct krb5_pk_cert *host) { @@ -1332,11 +1395,12 @@ pk_verify_host(krb5_context context, struct krb5_pk_cert *host) static krb5_error_code pk_rd_pa_reply_enckey(krb5_context context, - int win2k_compat, + int type, ContentInfo *rep, krb5_pk_init_ctx ctx, krb5_enctype etype, unsigned nonce, + const krb5_data *req_buffer, PA_DATA *pa, krb5_keyblock **key) { @@ -1418,7 +1482,7 @@ pk_rd_pa_reply_enckey(krb5_context context, /* verify content type */ - if (win2k_compat) { + if (type == COMPAT_WIN2K) { if (heim_oid_cmp(&ed.encryptedContentInfo.contentType, oid_id_pkcs7_data())) { ret = KRB5KRB_AP_ERR_MSG_TYPE; goto out; @@ -1481,7 +1545,7 @@ pk_rd_pa_reply_enckey(krb5_context context, length = plain.length; /* win2k uses ContentInfo */ - if (win2k_compat) { + if (type == COMPAT_WIN2K) { ContentInfo ci; ret = decode_ContentInfo(p, length, &ci, &size); @@ -1518,7 +1582,7 @@ pk_rd_pa_reply_enckey(krb5_context context, goto out; } - if (win2k_compat) { + if (type == COMPAT_WIN2K) { if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) { krb5_set_error_string(context, "PKINIT: reply key, wrong oid"); ret = KRB5KRB_AP_ERR_MSG_TYPE; @@ -1532,7 +1596,15 @@ pk_rd_pa_reply_enckey(krb5_context context, } } - ret = get_reply_key(context, &content, nonce, key); + switch(type) { + case COMPAT_WIN2K: + case COMPAT_19: + ret = get_reply_key_19(context, &content, nonce, key); + break; + case COMPAT_27: + ret = get_reply_key(context, &content, req_buffer, key); + break; + } if (ret) goto out; @@ -1728,6 +1800,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, void *c, krb5_enctype etype, unsigned nonce, + const krb5_data *req_buffer, PA_DATA *pa, krb5_keyblock **key) { @@ -1736,7 +1809,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, ContentInfo ci; size_t size; - /* Check for PK-INIT -25 */ + /* Check for PK-INIT -27 */ if (pa->padata_type == KRB5_PADATA_PK_AS_REP) { PA_PK_AS_REP rep; @@ -1781,8 +1854,8 @@ _krb5_pk_rd_pa_reply(krb5_context context, "ContentInfo: %d", ret); break; } - ret = pk_rd_pa_reply_enckey(context, 0, &ci, ctx, - etype, nonce, pa, key); + ret = pk_rd_pa_reply_enckey(context, COMPAT_27, &ci, ctx, + etype, nonce, req_buffer, pa, key); free_ContentInfo(&ci); return ret; default: @@ -1811,9 +1884,9 @@ _krb5_pk_rd_pa_reply(krb5_context context, nonce, pa, key); break; case choice_PA_PK_AS_REP_19_encKeyPack: - ret = pk_rd_pa_reply_enckey(context, 0, + ret = pk_rd_pa_reply_enckey(context, COMPAT_19, &rep19.u.encKeyPack, ctx, - etype, nonce, pa, key); + etype, nonce, NULL, pa, key); break; default: krb5_set_error_string(context, "PKINIT: -19 reply invalid " @@ -1857,8 +1930,8 @@ _krb5_pk_rd_pa_reply(krb5_context context, ret); return ret; } - ret = pk_rd_pa_reply_enckey(context, 1, &ci, ctx, - etype, nonce, pa, key); + ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &ci, ctx, + etype, nonce, NULL, pa, key); free_ContentInfo(&ci); break; default: diff --git a/source4/heimdal/lib/krb5/test_crypto_wrapping.c b/source4/heimdal/lib/krb5/test_crypto_wrapping.c deleted file mode 100644 index 37d9bbacb7..0000000000 --- a/source4/heimdal/lib/krb5/test_crypto_wrapping.c +++ /dev/null @@ -1,163 +0,0 @@ -/* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of KTH nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -#include "krb5_locl.h" -#include -#include - -RCSID("$Id: test_crypto_wrapping.c,v 1.2 2005/07/09 01:31:43 lha Exp $"); - -static void -test_wrapping(krb5_context context, - size_t min_size, - size_t max_size, - size_t step, - krb5_enctype etype) -{ - krb5_error_code ret; - krb5_keyblock key; - krb5_crypto crypto; - krb5_data data; - char *etype_name; - void *buf; - size_t size; - - ret = krb5_generate_random_keyblock(context, etype, &key); - if (ret) - krb5_err(context, 1, ret, "krb5_generate_random_keyblock"); - - ret = krb5_enctype_to_string(context, etype, &etype_name); - if (ret) - krb5_err(context, 1, ret, "krb5_enctype_to_string"); - - buf = malloc(max_size); - if (buf == NULL) - krb5_errx(context, 1, "out of memory"); - memset(buf, 0, max_size); - - ret = krb5_crypto_init(context, &key, 0, &crypto); - if (ret) - krb5_err(context, 1, ret, "krb5_crypto_init"); - - for (size = min_size; size < max_size; size += step) { - size_t wrapped_size; - - ret = krb5_encrypt(context, crypto, 0, buf, size, &data); - if (ret) - krb5_err(context, 1, ret, "encrypt size %d using %s", - size, etype_name); - - wrapped_size = krb5_get_wrapped_length(context, crypto, size); - - if (wrapped_size != data.length) - krb5_errx(context, 1, "calculated wrapped length %lu != " - "real wrapped length %lu for data length %lu using " - "enctype %s", - (unsigned long)wrapped_size, - (unsigned long)data.length, - (unsigned long)size, - etype_name); - krb5_data_free(&data); - } - - free(buf); - krb5_crypto_destroy(context, crypto); - krb5_free_keyblock_contents(context, &key); -} - - - -static int version_flag = 0; -static int help_flag = 0; - -static struct getargs args[] = { - {"version", 0, arg_flag, &version_flag, - "print version", NULL }, - {"help", 0, arg_flag, &help_flag, - NULL, NULL } -}; - -static void -usage (int ret) -{ - arg_printusage (args, - sizeof(args)/sizeof(*args), - NULL, - ""); - exit (ret); -} - -int -main(int argc, char **argv) -{ - krb5_context context; - krb5_error_code ret; - int i, optidx = 0; - - krb5_enctype enctypes[] = { - ETYPE_DES_CBC_CRC, - ETYPE_DES_CBC_MD4, - ETYPE_DES_CBC_MD5, - ETYPE_DES3_CBC_SHA1, - ETYPE_ARCFOUR_HMAC_MD5, - ETYPE_AES128_CTS_HMAC_SHA1_96, - ETYPE_AES256_CTS_HMAC_SHA1_96 - }; - - setprogname(argv[0]); - - if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) - usage(1); - - if (help_flag) - usage (0); - - if(version_flag){ - print_version(NULL); - exit(0); - } - - argc -= optidx; - argv += optidx; - - ret = krb5_init_context(&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); - - for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) { - test_wrapping(context, 0, 1024, 1, enctypes[i]); - test_wrapping(context, 1024, 1024 * 100, 1024, enctypes[i]); - } - krb5_free_context(context); - - return 0; -} diff --git a/source4/heimdal/lib/krb5/test_pkinit_dh2key.c b/source4/heimdal/lib/krb5/test_pkinit_dh2key.c deleted file mode 100644 index a40c218e12..0000000000 --- a/source4/heimdal/lib/krb5/test_pkinit_dh2key.c +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of KTH nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -#include "krb5_locl.h" -#include -#include - -RCSID("$Id: test_pkinit_dh2key.c,v 1.1 2005/07/20 16:27:58 lha Exp $"); - -static void -test_dh2key(krb5_context context, - const heim_octet_string *K, - const heim_octet_string *c_n, - const heim_octet_string *k_n, - krb5_enctype etype) -{ - return; -} - - - -static int version_flag = 0; -static int help_flag = 0; - -static struct getargs args[] = { - {"version", 0, arg_flag, &version_flag, - "print version", NULL }, - {"help", 0, arg_flag, &help_flag, - NULL, NULL } -}; - -static void -usage (int ret) -{ - arg_printusage (args, - sizeof(args)/sizeof(*args), - NULL, - ""); - exit (ret); -} - -int -main(int argc, char **argv) -{ - krb5_context context; - krb5_error_code ret; - int i, optidx = 0; - - krb5_enctype enctypes[] = { - ETYPE_AES128_CTS_HMAC_SHA1_96, - ETYPE_AES256_CTS_HMAC_SHA1_96 - }; - - setprogname(argv[0]); - - if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) - usage(1); - - if (help_flag) - usage (0); - - if(version_flag){ - print_version(NULL); - exit(0); - } - - argc -= optidx; - argv += optidx; - - ret = krb5_init_context(&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); - - for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) { - test_dh2key(context, NULL, NULL, NULL, enctypes[i]); - } - - krb5_free_context(context); - - return 0; -} -- cgit From b8f4e0796d068fab6844dd94dc28d3e9825e0f55 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 26 Aug 2005 11:52:35 +0000 Subject: r9648: this fixes the krb5 based login with the pac. The key to this whole saga was that the logon_time field in the pac must match the authtime field in the ticket we gave the client in the AS-REP (and thus also the authtime field in the ticket we get back in the TGS-REQ). Many thanks to Andrew Bartlett for his patience in showing me the basic ropes of all this code! This was a joint effort. (This used to be commit 7bee374b3ffcdb0424a83f909fe5ad504ea3882e) --- source4/heimdal/kdc/kerberos5.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 27a25d95ff..453263774b 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -1597,6 +1597,7 @@ tgs_make_reply(krb5_context context, EncTicketPart *tgt, EncTicketPart *adtkt, AuthorizationData *auth_data, + krb5_ticket *tgs_ticket, hdb_entry *server, hdb_entry *client, krb5_principal client_principal, @@ -1774,6 +1775,7 @@ tgs_make_reply(krb5_context context, client->principal, tgtkey, ekey, + tgs_ticket->ticket.authtime, &pac); if (ret) { free_AuthorizationData(if_relevant); @@ -2357,6 +2359,7 @@ tgs_rep2(krb5_context context, tgt, b->kdc_options.enc_tkt_in_skey ? &adtkt : NULL, auth_data, + ticket, server, client, cp, -- cgit From 08730652fbf1c9f6d53378b1b094a2c5ddf2cf62 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 27 Aug 2005 11:49:06 +0000 Subject: r9680: Update Heimdal to current lorikeet-heimdal (which was itself updated to Heimdal CVS as of 2005-08-27). Andrew Bartlett (This used to be commit 913924a4997f5e14c503f87510cbd8e4bfd965a9) --- source4/heimdal/fix-export | 21 +- source4/heimdal/kdc/kdc_locl.h | 3 +- source4/heimdal/lib/asn1/gen.c | 12 +- source4/heimdal/lib/asn1/gen_decode.c | 214 +++++++++-------- source4/heimdal/lib/asn1/gen_encode.c | 139 ++++++----- source4/heimdal/lib/asn1/gen_length.c | 72 +++--- source4/heimdal/lib/asn1/gen_locl.h | 26 +- source4/heimdal/lib/asn1/k5.asn1 | 8 +- source4/heimdal/lib/asn1/main.c | 6 +- source4/heimdal/lib/asn1/parse.c | 6 +- source4/heimdal/lib/asn1/parse.y | 8 +- source4/heimdal/lib/gssapi/display_status.c | 14 +- source4/heimdal/lib/gssapi/external.c | 31 ++- source4/heimdal/lib/hdb/hdb-protos.h | 359 ++++++++++++++++++++++++++++ source4/heimdal/lib/hdb/hdb.c | 14 +- source4/heimdal/lib/hdb/mkey.c | 5 +- source4/heimdal/lib/krb5/get_host_realm.c | 27 ++- source4/heimdal/lib/krb5/krb5-private.h | 1 + source4/heimdal/lib/krb5/krb5-protos.h | 23 +- source4/heimdal/lib/krb5/principal.c | 59 +++-- source4/heimdal/lib/roken/print_version.c | 78 ------ source4/heimdal/lib/roken/resolve.c | 6 +- source4/heimdal/lib/roken/setprogname.c | 6 +- source4/heimdal/lib/roken/strpool.c | 5 +- source4/heimdal/lib/vers/print_version.c | 55 +++++ 25 files changed, 825 insertions(+), 373 deletions(-) delete mode 100644 source4/heimdal/lib/roken/print_version.c create mode 100644 source4/heimdal/lib/vers/print_version.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/fix-export b/source4/heimdal/fix-export index 4f25ea0b74..b49c0de1d3 100755 --- a/source4/heimdal/fix-export +++ b/source4/heimdal/fix-export @@ -1,10 +1,11 @@ #! /bin/sh -# $Id: fix-export,v 1.38 2005/07/05 14:00:51 lha Exp $ +# $Id: fix-export,v 1.39 2005/08/11 08:57:52 lha Exp $ -echo "fixing distribution in $1..." +distdir="$1" +echo "fixing distribution in $distdir..." -test -d "$1" || { echo not a dir in \$1 ; exit 1 ; } -cd $1 +test -d "$distdir" || { echo not a dir in \$distdir ; exit 1 ; } +cd $distdir if test "$DATEDVERSION"; then ed -s configure.in << END @@ -26,11 +27,6 @@ echo "$M" | sed -e 's/./*/g' echo "$M" echo "$M" | sed -e 's/./*/g' -ed -s configure.in << END -/test -z/s,^,#, -w -q -END autoreconf --force --install (cd doc && makeinfo heimdal.texi) @@ -76,7 +72,8 @@ make_proto appl/login login_protos.h /dev/null '$(login_SOURCES)' make_proto kcm kcm_protos.h /dev/null '$(kcm_SOURCES)' make_proto kdc kdc-protos.h /dev/null '$(libkdc_la_SOURCES)' -rm fix-export make-release make-release.el -find . -name .cvsignore -print | xargs rm -find . -name .__afs\* -print | xargs rm rm -fr autom4te*.cache + +echo "tar cf - ${distdir} \| gzip -9 > ${distdir}.tar.gz" +echo "gpg -ba -u 0x45D901D8 ${distdir}.tar.gz" + diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h index b87895d56c..b0501abb8d 100644 --- a/source4/heimdal/kdc/kdc_locl.h +++ b/source4/heimdal/kdc/kdc_locl.h @@ -32,7 +32,7 @@ */ /* - * $Id: kdc_locl.h,v 1.72 2005/08/12 08:46:39 lha Exp $ + * $Id: kdc_locl.h,v 1.73 2005/08/15 11:07:25 lha Exp $ */ #ifndef __KDC_LOCL_H__ @@ -118,6 +118,7 @@ krb5_error_code _kdc_pk_mk_pa_reply(krb5_context, pk_client_params *, const hdb_entry *, const KDC_REQ *, + const krb5_data *, krb5_keyblock **, METHOD_DATA *); krb5_error_code _kdc_pk_check_client(krb5_context, diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c index 1189a03ab1..aee1ee5b3f 100644 --- a/source4/heimdal/lib/asn1/gen.c +++ b/source4/heimdal/lib/asn1/gen.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c,v 1.62 2005/07/19 18:46:50 lha Exp $"); +RCSID("$Id: gen.c,v 1.63 2005/08/23 10:49:16 lha Exp $"); FILE *headerfile, *codefile, *logfile; @@ -41,7 +41,7 @@ FILE *headerfile, *codefile, *logfile; static const char *orig_filename; static char *header; -static char *headerbase = STEM; +static const char *headerbase = STEM; /* * list of all IMPORTs @@ -77,9 +77,9 @@ init_generate (const char *filename, const char *base) orig_filename = filename; if (base != NULL) { - asprintf(&headerbase, "%s", base); + headerbase = strdup(base); if (headerbase == NULL) - errx(1, "malloc"); + errx(1, "strdup"); } asprintf(&header, "%s.h", headerbase); if (header == NULL) @@ -349,7 +349,7 @@ space(int level) fprintf(headerfile, " "); } -static char * +static const char * last_member_p(struct member *m) { struct member *n = ASN1_TAILQ_NEXT(m, members); @@ -521,7 +521,7 @@ define_asn1 (int level, Type *t) } static void -define_type (int level, char *name, Type *t, int typedefp, int preservep) +define_type (int level, const char *name, Type *t, int typedefp, int preservep) { switch (t->type) { case TType: diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c index ff75113576..42ceb37e62 100644 --- a/source4/heimdal/lib/asn1/gen_decode.c +++ b/source4/heimdal/lib/asn1/gen_decode.c @@ -34,7 +34,7 @@ #include "gen_locl.h" #include "lex.h" -RCSID("$Id: gen_decode.c,v 1.27 2005/07/19 18:09:30 lha Exp $"); +RCSID("$Id: gen_decode.c,v 1.28 2005/08/23 11:51:25 lha Exp $"); static void decode_primitive (const char *typename, const char *name, const char *forwstr) @@ -198,7 +198,7 @@ find_tag (const Type *t, static int decode_type (const char *name, const Type *t, int optional, - const char *forwstr) + const char *forwstr, const char *tmpstr) { switch (t->type) { case TType: { @@ -304,7 +304,7 @@ decode_type (const char *name, const Type *t, int optional, name, m->gen_name); if (s == NULL) errx(1, "malloc"); - decode_type (s, m->type, m->optional, forwstr); + decode_type (s, m->type, m->optional, forwstr, m->gen_name); free (s); } @@ -346,7 +346,7 @@ decode_type (const char *name, const Type *t, int optional, "%s = calloc(1, sizeof(*%s));\n" "if (%s == NULL) { e = ENOMEM; %s; }\n", s, s, s, forwstr); - decode_type (s, m->type, 0, forwstr); + decode_type (s, m->type, 0, forwstr, m->gen_name); free (s); fprintf(codefile, "members |= (1 << %d);\n", memno); @@ -382,33 +382,45 @@ decode_type (const char *name, const Type *t, int optional, case TSetOf: case TSequenceOf: { char *n; + char *sname; fprintf (codefile, "{\n" - "size_t origlen = len;\n" - "size_t oldret = ret;\n" - "void *tmp;\n" + "size_t %s_origlen = len;\n" + "size_t %s_oldret = ret;\n" + "void *%s_tmp;\n" "ret = 0;\n" "(%s)->len = 0;\n" "(%s)->val = NULL;\n" - "while(ret < origlen) {\n" - "tmp = realloc((%s)->val, " + "while(ret < %s_origlen) {\n" + "%s_tmp = realloc((%s)->val, " " sizeof(*((%s)->val)) * ((%s)->len + 1));\n" - "if (tmp == NULL) { %s; }\n" + "if (%s_tmp == NULL) { %s; }\n" "(%s)->len++;\n" - "(%s)->val = tmp;\n", - name, name, name, name, name, forwstr, name, name); + "(%s)->val = %s_tmp;\n", + tmpstr, tmpstr, tmpstr, + name, name, + tmpstr, tmpstr, + name, name, name, + tmpstr, + forwstr, name, name, + tmpstr); asprintf (&n, "&(%s)->val[(%s)->len-1]", name, name); if (n == NULL) errx(1, "malloc"); - decode_type (n, t->subtype, 0, forwstr); + asprintf (&sname, "%s_s_of", tmpstr); + if (sname == NULL) + errx(1, "malloc"); + decode_type (n, t->subtype, 0, forwstr, sname); fprintf (codefile, - "len = origlen - ret;\n" + "len = %s_origlen - ret;\n" "}\n" - "ret += oldret;\n" - "}\n"); + "ret += %s_oldret;\n" + "}\n", + tmpstr, tmpstr); free (n); + free (sname); break; } case TGeneralizedTime: @@ -418,17 +430,21 @@ decode_type (const char *name, const Type *t, int optional, decode_primitive ("general_string", name, forwstr); break; case TTag:{ + char *tname; + fprintf(codefile, "{\n" - "size_t tagdatalen, oldlen;\n"); + "size_t %s_datalen, %s_oldlen;\n", + tmpstr, tmpstr); if(dce_fix) fprintf(codefile, "int dce_fix;\n"); fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, %s, %s, " - "&tagdatalen, &l);\n", + "&%s_datalen, &l);\n", classname(t->tag.tagclass), is_primitive_type(t->subtype->type) ? "PRIM" : "CONS", - valuename(t->tag.tagclass, t->tag.tagvalue)); + valuename(t->tag.tagclass, t->tag.tagvalue), + tmpstr); if(optional) { fprintf(codefile, "if(e) {\n" @@ -442,32 +458,38 @@ decode_type (const char *name, const Type *t, int optional, } fprintf (codefile, "p += l; len -= l; ret += l;\n" - "oldlen = len;\n"); + "%s_oldlen = len;\n", + tmpstr); if(dce_fix) fprintf (codefile, - "if((dce_fix = _heim_fix_dce(tagdatalen, &len)) < 0)\n" + "if((dce_fix = _heim_fix_dce(%s_datalen, &len)) < 0)\n" "{ e = ASN1_BAD_FORMAT; %s; }\n", - forwstr); + tmpstr, forwstr); else fprintf(codefile, - "if (tagdatalen > len) { e = ASN1_OVERRUN; %s; }\n" - "len = tagdatalen;\n", forwstr); - decode_type (name, t->subtype, 0, forwstr); + "if (%s_datalen > len) { e = ASN1_OVERRUN; %s; }\n" + "len = %s_datalen;\n", tmpstr, forwstr, tmpstr); + asprintf (&tname, "%s_Tag", tmpstr); + if (tname == NULL) + errx(1, "malloc"); + decode_type (name, t->subtype, 0, forwstr, tname); if(dce_fix) fprintf(codefile, "if(dce_fix){\n" "e = der_match_tag_and_length (p, len, " "(Der_class)0,(Der_type)0, UT_EndOfContent, " - "&tagdatalen, &l);\n" + "&%s_datalen, &l);\n" "if(e) %s;\np += l; len -= l; ret += l;\n" - "} else \n", forwstr); + "} else \n", tmpstr, forwstr); fprintf(codefile, - "len = oldlen - tagdatalen;\n"); + "len = %s_oldlen - %s_datalen;\n", + tmpstr, tmpstr); if(optional) fprintf(codefile, "}\n"); fprintf(codefile, "}\n"); + free(tname); break; } case TChoice: { @@ -501,7 +523,7 @@ decode_type (const char *name, const Type *t, int optional, name, m->gen_name); if (s == NULL) errx(1, "malloc"); - decode_type (s, m->type, m->optional, forwstr); + decode_type (s, m->type, m->optional, forwstr, m->gen_name); fprintf(codefile, "(%s)->element = %s;\n", name, m->label); @@ -573,71 +595,73 @@ decode_type (const char *name, const Type *t, int optional, void generate_type_decode (const Symbol *s) { - int preserve = preserve_type(s->name) ? TRUE : FALSE; - - fprintf (headerfile, - "int " - "decode_%s(const unsigned char *, size_t, %s *, size_t *);\n", - s->gen_name, s->gen_name); - - fprintf (codefile, "int\n" - "decode_%s(const unsigned char *p," - " size_t len, %s *data, size_t *size)\n" - "{\n", - s->gen_name, s->gen_name); - - switch (s->type->type) { - case TInteger: - case TBoolean: - case TOctetString: - case TOID: - case TGeneralizedTime: - case TGeneralString: - case TUTF8String: - case TPrintableString: - case TIA5String: - case TBMPString: - case TUniversalString: - case TUTCTime: - case TNull: - case TEnumerated: - case TBitString: - case TSequence: - case TSequenceOf: - case TSet: - case TSetOf: - case TTag: - case TType: - case TChoice: - fprintf (codefile, - "size_t ret = 0, reallen;\n" - "size_t l;\n" - "int e;\n"); - if (preserve) - fprintf (codefile, "const unsigned char *begin = p;\n"); - - fprintf (codefile, "\n"); - fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); - fprintf (codefile, "reallen = 0;\n"); /* hack to avoid `unused variable' */ - - decode_type ("data", s->type, 0, "goto fail"); - if (preserve) + int preserve = preserve_type(s->name) ? TRUE : FALSE; + + fprintf (headerfile, + "int " + "decode_%s(const unsigned char *, size_t, %s *, size_t *);\n", + s->gen_name, s->gen_name); + + fprintf (codefile, "int\n" + "decode_%s(const unsigned char *p," + " size_t len, %s *data, size_t *size)\n" + "{\n", + s->gen_name, s->gen_name); + + switch (s->type->type) { + case TInteger: + case TBoolean: + case TOctetString: + case TOID: + case TGeneralizedTime: + case TGeneralString: + case TUTF8String: + case TPrintableString: + case TIA5String: + case TBMPString: + case TUniversalString: + case TUTCTime: + case TNull: + case TEnumerated: + case TBitString: + case TSequence: + case TSequenceOf: + case TSet: + case TSetOf: + case TTag: + case TType: + case TChoice: fprintf (codefile, - "data->_save.data = calloc(1, ret);\n" - "if (data->_save.data == NULL) { e = ENOMEM; goto fail; }\n" - "data->_save.length = ret;\n" - "memcpy(data->_save.data, begin, ret);\n"); - fprintf (codefile, - "if(size) *size = ret;\n" - "return 0;\n"); - fprintf (codefile, - "fail:\n" - "free_%s(data);\n" - "return e;\n", - s->gen_name); - break; - default: - abort (); - } - fprintf (codefile, "}\n\n"); + "size_t ret = 0, reallen;\n" + "size_t l;\n" + "int e;\n"); + if (preserve) + fprintf (codefile, "const unsigned char *begin = p;\n"); + + fprintf (codefile, "\n"); + fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); /* hack to avoid `unused variable' */ + fprintf (codefile, "reallen = 0;\n"); + + decode_type ("data", s->type, 0, "goto fail", "Top"); + if (preserve) + fprintf (codefile, + "data->_save.data = calloc(1, ret);\n" + "if (data->_save.data == NULL) { \n" + "e = ENOMEM; goto fail; \n" + "}\n" + "data->_save.length = ret;\n" + "memcpy(data->_save.data, begin, ret);\n"); + fprintf (codefile, + "if(size) *size = ret;\n" + "return 0;\n"); + fprintf (codefile, + "fail:\n" + "free_%s(data);\n" + "return e;\n", + s->gen_name); + break; + default: + abort (); + } + fprintf (codefile, "}\n\n"); } diff --git a/source4/heimdal/lib/asn1/gen_encode.c b/source4/heimdal/lib/asn1/gen_encode.c index acd058c7dd..4099fbf643 100644 --- a/source4/heimdal/lib/asn1/gen_encode.c +++ b/source4/heimdal/lib/asn1/gen_encode.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_encode.c,v 1.18 2005/07/13 10:40:23 lha Exp $"); +RCSID("$Id: gen_encode.c,v 1.19 2005/08/23 11:52:16 lha Exp $"); static void encode_primitive (const char *typename, const char *name) @@ -62,7 +62,7 @@ valuename(Der_class class, int value) static char s[32]; struct { int value; - char *s; + const char *s; } *p, values[] = { #define X(Y) { Y, #Y } X(UT_BMPString), @@ -105,7 +105,7 @@ valuename(Der_class class, int value) } static int -encode_type (const char *name, const Type *t) +encode_type (const char *name, const Type *t, const char *tmpstr) { int constructed = 1; @@ -260,10 +260,10 @@ encode_type (const char *name, const Type *t) else if(m->defval) gen_compare_defval(s + 1, m->defval); fprintf (codefile, "{\n"); - fprintf (codefile, "size_t oldret = ret;\n"); + fprintf (codefile, "size_t %s_oldret = ret;\n", tmpstr); fprintf (codefile, "ret = 0;\n"); - encode_type (s, m->type); - fprintf (codefile, "ret += oldret;\n"); + encode_type (s, m->type, m->gen_name); + fprintf (codefile, "ret += %s_oldret;\n", tmpstr); fprintf (codefile, "}\n"); free (s); } @@ -333,20 +333,26 @@ encode_type (const char *name, const Type *t) } case TSequenceOf: { char *n; + char *sname; fprintf (codefile, "for(i = (%s)->len - 1; i >= 0; --i) {\n" - "size_t oldret = ret;\n" + "size_t %s_for_oldret = ret;\n" "ret = 0;\n", - name); + name, tmpstr); asprintf (&n, "&(%s)->val[i]", name); if (n == NULL) errx(1, "malloc"); - encode_type (n, t->subtype); + asprintf (&sname, "%s_S_Of", tmpstr); + if (sname == NULL) + errx(1, "malloc"); + encode_type (n, t->subtype, sname); fprintf (codefile, - "ret += oldret;\n" - "}\n"); + "ret += %s_for_oldret;\n" + "}\n", + tmpstr); free (n); + free (sname); break; } case TGeneralizedTime: @@ -358,13 +364,19 @@ encode_type (const char *name, const Type *t) constructed = 0; break; case TTag: { - int c = encode_type (name, t->subtype); + char *tname; + int c; + asprintf (&tname, "%s_tag", tmpstr); + if (tname == NULL) + errx(1, "malloc"); + c = encode_type (name, t->subtype, tname); fprintf (codefile, "e = der_put_length_and_tag (p, len, ret, %s, %s, %s, &l);\n" "if (e) return e;\np -= l; len -= l; ret += l;\n\n", classname(t->tag.tagclass), c ? "CONS" : "PRIM", valuename(t->tag.tagclass, t->tag.tagvalue)); + free (tname); break; } case TChoice:{ @@ -396,11 +408,10 @@ encode_type (const char *name, const Type *t) errx(1, "malloc"); if (m->optional) fprintf (codefile, "if(%s) {\n", s2); - fprintf (codefile, "size_t oldret;\n"); - fprintf (codefile, "oldret = ret;\n"); + fprintf (codefile, "size_t %s_oldret = ret;\n", tmpstr); fprintf (codefile, "ret = 0;\n"); - constructed = encode_type (s2, m->type); - fprintf (codefile, "ret += oldret;\n"); + constructed = encode_type (s2, m->type, m->gen_name); + fprintf (codefile, "ret += %s_oldret;\n", tmpstr); if(m->optional) fprintf (codefile, "}\n"); fprintf(codefile, "break;\n"); @@ -469,53 +480,53 @@ encode_type (const char *name, const Type *t) void generate_type_encode (const Symbol *s) { - fprintf (headerfile, - "int " - "encode_%s(unsigned char *, size_t, const %s *, size_t *);\n", - s->gen_name, s->gen_name); - - fprintf (codefile, "int\n" - "encode_%s(unsigned char *p, size_t len," - " const %s *data, size_t *size)\n" - "{\n", - s->gen_name, s->gen_name); - - switch (s->type->type) { - case TInteger: - case TBoolean: - case TOctetString: - case TGeneralizedTime: - case TGeneralString: - case TUTCTime: - case TUTF8String: - case TPrintableString: - case TIA5String: - case TBMPString: - case TUniversalString: - case TNull: - case TBitString: - case TEnumerated: - case TOID: - case TSequence: - case TSequenceOf: - case TSet: - case TSetOf: - case TTag: - case TType: - case TChoice: - fprintf (codefile, - "size_t ret = 0;\n" - "size_t l;\n" - "int i, e;\n\n"); - fprintf(codefile, "i = 0;\n"); /* hack to avoid `unused variable' */ + fprintf (headerfile, + "int " + "encode_%s(unsigned char *, size_t, const %s *, size_t *);\n", + s->gen_name, s->gen_name); + + fprintf (codefile, "int\n" + "encode_%s(unsigned char *p, size_t len," + " const %s *data, size_t *size)\n" + "{\n", + s->gen_name, s->gen_name); + + switch (s->type->type) { + case TInteger: + case TBoolean: + case TOctetString: + case TGeneralizedTime: + case TGeneralString: + case TUTCTime: + case TUTF8String: + case TPrintableString: + case TIA5String: + case TBMPString: + case TUniversalString: + case TNull: + case TBitString: + case TEnumerated: + case TOID: + case TSequence: + case TSequenceOf: + case TSet: + case TSetOf: + case TTag: + case TType: + case TChoice: + fprintf (codefile, + "size_t ret = 0;\n" + "size_t l;\n" + "int i, e;\n\n"); + fprintf(codefile, "i = 0;\n"); /* hack to avoid `unused variable' */ - encode_type("data", s->type); - - fprintf (codefile, "*size = ret;\n" - "return 0;\n"); - break; - default: - abort (); - } - fprintf (codefile, "}\n\n"); + encode_type("data", s->type, "Top"); + + fprintf (codefile, "*size = ret;\n" + "return 0;\n"); + break; + default: + abort (); + } + fprintf (codefile, "}\n\n"); } diff --git a/source4/heimdal/lib/asn1/gen_length.c b/source4/heimdal/lib/asn1/gen_length.c index aed49e89c3..f3869fa5f2 100644 --- a/source4/heimdal/lib/asn1/gen_length.c +++ b/source4/heimdal/lib/asn1/gen_length.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_length.c,v 1.18 2005/07/19 18:01:59 lha Exp $"); +RCSID("$Id: gen_length.c,v 1.19 2005/08/23 11:51:41 lha Exp $"); static void length_primitive (const char *typename, @@ -59,7 +59,8 @@ length_tag(unsigned int tag) static int -length_type (const char *name, const Type *t, const char *variable) +length_type (const char *name, const Type *t, + const char *variable, const char *tmpstr) { switch (t->type) { case TType: @@ -158,10 +159,10 @@ length_type (const char *name, const Type *t, const char *variable) else if(m->defval) gen_compare_defval(s + 1, m->defval); fprintf (codefile, "{\n" - "size_t oldret = %s;\n" - "%s = 0;\n", variable, variable); - length_type (s, m->type, "ret"); - fprintf (codefile, "ret += oldret;\n"); + "size_t %s_oldret = %s;\n" + "%s = 0;\n", tmpstr, variable, variable); + length_type (s, m->type, "ret", m->gen_name); + fprintf (codefile, "ret += %s_oldret;\n", tmpstr); fprintf (codefile, "}\n"); free (s); if(t->type == TChoice) @@ -183,29 +184,34 @@ length_type (const char *name, const Type *t, const char *variable) case TSetOf: case TSequenceOf: { char *n; + char *sname; fprintf (codefile, "{\n" - "int oldret = %s;\n" + "int %s_oldret = %s;\n" "int i;\n" "%s = 0;\n", - variable, variable); + tmpstr, variable, variable); fprintf (codefile, "for(i = (%s)->len - 1; i >= 0; --i){\n", name); - fprintf (codefile, "int oldret = %s;\n" - "%s = 0;\n", variable, variable); + fprintf (codefile, "int %s_for_oldret = %s;\n" + "%s = 0;\n", tmpstr, variable, variable); asprintf (&n, "&(%s)->val[i]", name); if (n == NULL) errx(1, "malloc"); - length_type(n, t->subtype, variable); - fprintf (codefile, "%s += oldret;\n", - variable); + asprintf (&sname, "%s_S_Of", tmpstr); + if (sname == NULL) + errx(1, "malloc"); + length_type(n, t->subtype, variable, sname); + fprintf (codefile, "%s += %s_for_oldret;\n", + variable, tmpstr); fprintf (codefile, "}\n"); fprintf (codefile, - "%s += oldret;\n" - "}\n", variable); + "%s += %s_oldret;\n" + "}\n", variable, tmpstr); free(n); + free(sname); break; } case TGeneralizedTime: @@ -235,11 +241,17 @@ length_type (const char *name, const Type *t, const char *variable) case TNull: fprintf (codefile, "/* NULL */\n"); break; - case TTag: - length_type (name, t->subtype, variable); + case TTag:{ + char *tname; + asprintf(&tname, "%s_tag", tmpstr); + if (tname == NULL) + errx(1, "malloc"); + length_type (name, t->subtype, variable, tname); fprintf (codefile, "ret += %lu + length_len (ret);\n", (unsigned long)length_tag(t->tag.tagvalue)); + free(tname); break; + } case TOID: length_primitive ("oid", name, variable); break; @@ -252,18 +264,18 @@ length_type (const char *name, const Type *t, const char *variable) void generate_type_length (const Symbol *s) { - fprintf (headerfile, - "size_t length_%s(const %s *);\n", - s->gen_name, s->gen_name); - - fprintf (codefile, - "size_t\n" - "length_%s(const %s *data)\n" - "{\n" - "size_t ret = 0;\n", - s->gen_name, s->gen_name); - - length_type ("data", s->type, "ret"); - fprintf (codefile, "return ret;\n}\n\n"); + fprintf (headerfile, + "size_t length_%s(const %s *);\n", + s->gen_name, s->gen_name); + + fprintf (codefile, + "size_t\n" + "length_%s(const %s *data)\n" + "{\n" + "size_t ret = 0;\n", + s->gen_name, s->gen_name); + + length_type ("data", s->type, "ret", "Top"); + fprintf (codefile, "return ret;\n}\n\n"); } diff --git a/source4/heimdal/lib/asn1/gen_locl.h b/source4/heimdal/lib/asn1/gen_locl.h index a03097a68e..5a2ba85c7a 100644 --- a/source4/heimdal/lib/asn1/gen_locl.h +++ b/source4/heimdal/lib/asn1/gen_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gen_locl.h,v 1.12 2005/07/12 06:27:30 lha Exp $ */ +/* $Id: gen_locl.h,v 1.13 2005/08/23 10:48:15 lha Exp $ */ #ifndef __GEN_LOCL_H__ #define __GEN_LOCL_H__ @@ -56,26 +56,26 @@ void generate_type (const Symbol *); void generate_constant (const Symbol *); -void generate_type_encode (const Symbol *s); -void generate_type_decode (const Symbol *s); -void generate_seq_type_decode (const Symbol *s); -void generate_type_free (const Symbol *s); -void generate_type_length (const Symbol *s); -void generate_type_copy (const Symbol *s); -void generate_type_maybe (const Symbol *s); +void generate_type_encode (const Symbol *); +void generate_type_decode (const Symbol *); +void generate_seq_type_decode (const Symbol *); +void generate_type_free (const Symbol *); +void generate_type_length (const Symbol *); +void generate_type_copy (const Symbol *); +void generate_type_maybe (const Symbol *); void generate_glue (const Type *, const char*); const char *classname(Der_class); -const char *valuename(Der_class class, int); +const char *valuename(Der_class, int); -void gen_compare_defval(const char *var, struct value *val); -void gen_assign_defval(const char *var, struct value *val); +void gen_compare_defval(const char *, struct value *); +void gen_assign_defval(const char *, struct value *); -void init_generate (const char *filename, const char *basename); +void init_generate (const char *, const char *); const char *get_filename (void); void close_generate(void); -void add_import(const char *module); +void add_import(const char *); int yyparse(void); int preserve_type(const char *); diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1 index dd49baf0ff..aa3e0b806d 100644 --- a/source4/heimdal/lib/asn1/k5.asn1 +++ b/source4/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1,v 1.45 2005/07/13 05:29:49 lha Exp $ +-- $Id: k5.asn1,v 1.46 2005/08/22 19:09:25 lha Exp $ KERBEROS5 DEFINITIONS ::= BEGIN @@ -68,7 +68,11 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-TD-APP-DEFINED-ERROR(106), -- application specific KRB5-PADATA-TD-REQ-NONCE(107), -- INTEGER KRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER - KRB5-PADATA-PA-PAC-REQUEST(128) -- jbrezak@exchange.microsoft.com + KRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com + KRB5-PADATA-PK-AS-09-BINDING(132) -- client send this to + -- tell KDC that is supports + -- the asCheckSum in the + -- PK-AS-REP } AUTHDATA-TYPE ::= INTEGER { diff --git a/source4/heimdal/lib/asn1/main.c b/source4/heimdal/lib/asn1/main.c index 088e8ebfa2..eec775f3ba 100644 --- a/source4/heimdal/lib/asn1/main.c +++ b/source4/heimdal/lib/asn1/main.c @@ -35,7 +35,7 @@ #include #include "lex.h" -RCSID("$Id: main.c,v 1.14 2005/07/12 06:27:34 lha Exp $"); +RCSID("$Id: main.c,v 1.15 2005/08/23 10:50:12 lha Exp $"); extern FILE *yyin; @@ -77,8 +77,8 @@ int main(int argc, char **argv) { int ret; - char *file; - char *name = NULL; + const char *file; + const char *name = NULL; int optidx = 0; setprogname(argv[0]); diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index 83e8ccb8b5..858a669da1 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -247,11 +247,11 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y,v 1.24 2005/07/12 06:27:35 lha Exp $"); +RCSID("$Id: parse.y,v 1.25 2005/08/23 10:52:31 lha Exp $"); static Type *new_type (Typetype t); static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype); -void yyerror (char *); +void yyerror (const char *); static struct objid *new_objid(const char *label, int value); static void add_oid_to_tail(struct objid *, struct objid *); static void fix_labels(Symbol *s); @@ -2298,7 +2298,7 @@ yyreturn: void -yyerror (char *s) +yyerror (const char *s) { error_message ("%s\n", s); } diff --git a/source4/heimdal/lib/asn1/parse.y b/source4/heimdal/lib/asn1/parse.y index def2bc2498..51dc51ed88 100644 --- a/source4/heimdal/lib/asn1/parse.y +++ b/source4/heimdal/lib/asn1/parse.y @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse.y,v 1.24 2005/07/12 06:27:35 lha Exp $ */ +/* $Id: parse.y,v 1.25 2005/08/23 10:52:31 lha Exp $ */ %{ #ifdef HAVE_CONFIG_H @@ -45,11 +45,11 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y,v 1.24 2005/07/12 06:27:35 lha Exp $"); +RCSID("$Id: parse.y,v 1.25 2005/08/23 10:52:31 lha Exp $"); static Type *new_type (Typetype t); static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype); -void yyerror (char *); +void yyerror (const char *); static struct objid *new_objid(const char *label, int value); static void add_oid_to_tail(struct objid *, struct objid *); static void fix_labels(Symbol *s); @@ -810,7 +810,7 @@ ObjectIdentifierValue: objid %% void -yyerror (char *s) +yyerror (const char *s) { error_message ("%s\n", s); } diff --git a/source4/heimdal/lib/gssapi/display_status.c b/source4/heimdal/lib/gssapi/display_status.c index 2c84628266..6e9456aa2e 100644 --- a/source4/heimdal/lib/gssapi/display_status.c +++ b/source4/heimdal/lib/gssapi/display_status.c @@ -33,12 +33,12 @@ #include "gssapi_locl.h" -RCSID("$Id: display_status.c,v 1.12 2005/03/16 13:15:03 lha Exp $"); +RCSID("$Id: display_status.c,v 1.13 2005/08/23 08:30:55 lha Exp $"); -static char * +static const char * calling_error(OM_uint32 v) { - static char *msgs[] = { + static const char *msgs[] = { NULL, /* 0 */ "A required input parameter could not be read.", /* */ "A required output parameter could not be written.", /* */ @@ -55,10 +55,10 @@ calling_error(OM_uint32 v) return msgs[v]; } -static char * +static const char * routine_error(OM_uint32 v) { - static char *msgs[] = { + static const char *msgs[] = { NULL, /* 0 */ "An unsupported mechanism was requested", "An invalid name was supplied", @@ -91,10 +91,10 @@ routine_error(OM_uint32 v) return msgs[v]; } -static char * +static const char * supplementary_error(OM_uint32 v) { - static char *msgs[] = { + static const char *msgs[] = { "normal completion", "continuation call to routine required", "duplicate per-message token detected", diff --git a/source4/heimdal/lib/gssapi/external.c b/source4/heimdal/lib/gssapi/external.c index f3e97181e6..f8c1d23f98 100644 --- a/source4/heimdal/lib/gssapi/external.c +++ b/source4/heimdal/lib/gssapi/external.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: external.c,v 1.6 2003/09/08 15:34:19 lha Exp $"); +RCSID("$Id: external.c,v 1.7 2005/08/23 11:59:47 lha Exp $"); /* * The implementation must reserve static storage for a @@ -48,8 +48,7 @@ RCSID("$Id: external.c,v 1.6 2003/09/08 15:34:19 lha Exp $"); */ static gss_OID_desc gss_c_nt_user_name_oid_desc = -{10, (void *)"\x2a\x86\x48\x86\xf7\x12" - "\x01\x02\x01\x01"}; +{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")}; gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; @@ -66,8 +65,7 @@ gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; */ static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc = -{10, (void *)"\x2a\x86\x48\x86\xf7\x12" - "\x01\x02\x01\x02"}; +{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")}; gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; @@ -84,8 +82,7 @@ gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; */ static gss_OID_desc gss_c_nt_string_uid_name_oid_desc = -{10, (void *)"\x2a\x86\x48\x86\xf7\x12" - "\x01\x02\x01\x03"}; +{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")}; gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; @@ -108,7 +105,7 @@ gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; */ static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc = -{6, (void *)"\x2b\x06\x01\x05\x06\x02"}; +{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")}; gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc; @@ -124,7 +121,7 @@ gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc; * to point to that gss_OID_desc. */ static gss_OID_desc gss_c_nt_hostbased_service_oid_desc = -{10, (void *)"\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04"}; +{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")}; gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc; @@ -140,7 +137,7 @@ gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc; */ static gss_OID_desc gss_c_nt_anonymous_oid_desc = -{6, (void *)"\x2b\x06\01\x05\x06\x03"}; +{6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")}; gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc; @@ -156,7 +153,7 @@ gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc; */ static gss_OID_desc gss_c_nt_export_name_oid_desc = -{6, (void *)"\x2b\x06\x01\x05\x06\x04"}; +{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") }; gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc; @@ -168,7 +165,7 @@ gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc; */ static gss_OID_desc gss_krb5_nt_principal_name_oid_desc = -{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"}; +{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") }; gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc; @@ -219,12 +216,12 @@ gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; #if 0 /* This is the old OID */ static gss_OID_desc gss_krb5_mechanism_oid_desc = -{5, (void *)"\x2b\x05\x01\x05\x02"}; +{5, rk_UNCONST("\x2b\x05\x01\x05\x02")}; #endif static gss_OID_desc gss_krb5_mechanism_oid_desc = -{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; +{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }; gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc; @@ -236,7 +233,7 @@ gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc; */ static gss_OID_desc gss_spnego_mechanism_oid_desc = -{6, (void *)"\x2b\x06\x01\x05\x05\x02"}; +{6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02")}; gss_OID GSS_SPNEGO_MECHANISM = &gss_spnego_mechanism_oid_desc; @@ -254,12 +251,12 @@ gss_OID GSS_SPNEGO_MECHANISM = &gss_spnego_mechanism_oid_desc; */ static gss_OID_desc gss_iakerb_proxy_mechanism_oid_desc = -{7, (void *)"\x2b\x06\x01\x05\x05\x0a\x01"}; +{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")}; gss_OID GSS_IAKERB_PROXY_MECHANISM = &gss_iakerb_proxy_mechanism_oid_desc; static gss_OID_desc gss_iakerb_min_msg_mechanism_oid_desc = -{7, (void *)"\x2b\x06\x01\x05\x05\x0a\x02"}; +{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") }; gss_OID GSS_IAKERB_MIN_MSG_MECHANISM = &gss_iakerb_min_msg_mechanism_oid_desc; diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h index 799f013eba..56566b7fe4 100644 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -8,6 +8,317 @@ extern "C" { #endif +unsigned +HDBFlags2int (HDBFlags /*f*/); + +int +copy_Event ( + const Event */*from*/, + Event */*to*/); + +int +copy_GENERATION ( + const GENERATION */*from*/, + GENERATION */*to*/); + +int +copy_HDBFlags ( + const HDBFlags */*from*/, + HDBFlags */*to*/); + +int +copy_HDB_Ext_Aliases ( + const HDB_Ext_Aliases */*from*/, + HDB_Ext_Aliases */*to*/); + +int +copy_HDB_Ext_Constrained_delegation_acl ( + const HDB_Ext_Constrained_delegation_acl */*from*/, + HDB_Ext_Constrained_delegation_acl */*to*/); + +int +copy_HDB_Ext_Lan_Manager_OWF ( + const HDB_Ext_Lan_Manager_OWF */*from*/, + HDB_Ext_Lan_Manager_OWF */*to*/); + +int +copy_HDB_Ext_PKINIT_acl ( + const HDB_Ext_PKINIT_acl */*from*/, + HDB_Ext_PKINIT_acl */*to*/); + +int +copy_HDB_Ext_PKINIT_certificate ( + const HDB_Ext_PKINIT_certificate */*from*/, + HDB_Ext_PKINIT_certificate */*to*/); + +int +copy_HDB_Ext_Password ( + const HDB_Ext_Password */*from*/, + HDB_Ext_Password */*to*/); + +int +copy_HDB_extension ( + const HDB_extension */*from*/, + HDB_extension */*to*/); + +int +copy_HDB_extensions ( + const HDB_extensions */*from*/, + HDB_extensions */*to*/); + +int +copy_Key ( + const Key */*from*/, + Key */*to*/); + +int +copy_Salt ( + const Salt */*from*/, + Salt */*to*/); + +int +copy_hdb_entry ( + const hdb_entry */*from*/, + hdb_entry */*to*/); + +int +decode_Event ( + const unsigned char */*p*/, + size_t /*len*/, + Event */*data*/, + size_t */*size*/); + +int +decode_GENERATION ( + const unsigned char */*p*/, + size_t /*len*/, + GENERATION */*data*/, + size_t */*size*/); + +int +decode_HDBFlags ( + const unsigned char */*p*/, + size_t /*len*/, + HDBFlags */*data*/, + size_t */*size*/); + +int +decode_HDB_Ext_Aliases ( + const unsigned char */*p*/, + size_t /*len*/, + HDB_Ext_Aliases */*data*/, + size_t */*size*/); + +int +decode_HDB_Ext_Constrained_delegation_acl ( + const unsigned char */*p*/, + size_t /*len*/, + HDB_Ext_Constrained_delegation_acl */*data*/, + size_t */*size*/); + +int +decode_HDB_Ext_Lan_Manager_OWF ( + const unsigned char */*p*/, + size_t /*len*/, + HDB_Ext_Lan_Manager_OWF */*data*/, + size_t */*size*/); + +int +decode_HDB_Ext_PKINIT_acl ( + const unsigned char */*p*/, + size_t /*len*/, + HDB_Ext_PKINIT_acl */*data*/, + size_t */*size*/); + +int +decode_HDB_Ext_PKINIT_certificate ( + const unsigned char */*p*/, + size_t /*len*/, + HDB_Ext_PKINIT_certificate */*data*/, + size_t */*size*/); + +int +decode_HDB_Ext_Password ( + const unsigned char */*p*/, + size_t /*len*/, + HDB_Ext_Password */*data*/, + size_t */*size*/); + +int +decode_HDB_extension ( + const unsigned char */*p*/, + size_t /*len*/, + HDB_extension */*data*/, + size_t */*size*/); + +int +decode_HDB_extensions ( + const unsigned char */*p*/, + size_t /*len*/, + HDB_extensions */*data*/, + size_t */*size*/); + +int +decode_Key ( + const unsigned char */*p*/, + size_t /*len*/, + Key */*data*/, + size_t */*size*/); + +int +decode_Salt ( + const unsigned char */*p*/, + size_t /*len*/, + Salt */*data*/, + size_t */*size*/); + +int +decode_hdb_entry ( + const unsigned char */*p*/, + size_t /*len*/, + hdb_entry */*data*/, + size_t */*size*/); + +int +encode_Event ( + unsigned char */*p*/, + size_t /*len*/, + const Event */*data*/, + size_t */*size*/); + +int +encode_GENERATION ( + unsigned char */*p*/, + size_t /*len*/, + const GENERATION */*data*/, + size_t */*size*/); + +int +encode_HDBFlags ( + unsigned char */*p*/, + size_t /*len*/, + const HDBFlags */*data*/, + size_t */*size*/); + +int +encode_HDB_Ext_Aliases ( + unsigned char */*p*/, + size_t /*len*/, + const HDB_Ext_Aliases */*data*/, + size_t */*size*/); + +int +encode_HDB_Ext_Constrained_delegation_acl ( + unsigned char */*p*/, + size_t /*len*/, + const HDB_Ext_Constrained_delegation_acl */*data*/, + size_t */*size*/); + +int +encode_HDB_Ext_Lan_Manager_OWF ( + unsigned char */*p*/, + size_t /*len*/, + const HDB_Ext_Lan_Manager_OWF */*data*/, + size_t */*size*/); + +int +encode_HDB_Ext_PKINIT_acl ( + unsigned char */*p*/, + size_t /*len*/, + const HDB_Ext_PKINIT_acl */*data*/, + size_t */*size*/); + +int +encode_HDB_Ext_PKINIT_certificate ( + unsigned char */*p*/, + size_t /*len*/, + const HDB_Ext_PKINIT_certificate */*data*/, + size_t */*size*/); + +int +encode_HDB_Ext_Password ( + unsigned char */*p*/, + size_t /*len*/, + const HDB_Ext_Password */*data*/, + size_t */*size*/); + +int +encode_HDB_extension ( + unsigned char */*p*/, + size_t /*len*/, + const HDB_extension */*data*/, + size_t */*size*/); + +int +encode_HDB_extensions ( + unsigned char */*p*/, + size_t /*len*/, + const HDB_extensions */*data*/, + size_t */*size*/); + +int +encode_Key ( + unsigned char */*p*/, + size_t /*len*/, + const Key */*data*/, + size_t */*size*/); + +int +encode_Salt ( + unsigned char */*p*/, + size_t /*len*/, + const Salt */*data*/, + size_t */*size*/); + +int +encode_hdb_entry ( + unsigned char */*p*/, + size_t /*len*/, + const hdb_entry */*data*/, + size_t */*size*/); + +void +free_Event (Event */*data*/); + +void +free_GENERATION (GENERATION */*data*/); + +void +free_HDBFlags (HDBFlags */*data*/); + +void +free_HDB_Ext_Aliases (HDB_Ext_Aliases */*data*/); + +void +free_HDB_Ext_Constrained_delegation_acl (HDB_Ext_Constrained_delegation_acl */*data*/); + +void +free_HDB_Ext_Lan_Manager_OWF (HDB_Ext_Lan_Manager_OWF */*data*/); + +void +free_HDB_Ext_PKINIT_acl (HDB_Ext_PKINIT_acl */*data*/); + +void +free_HDB_Ext_PKINIT_certificate (HDB_Ext_PKINIT_certificate */*data*/); + +void +free_HDB_Ext_Password (HDB_Ext_Password */*data*/); + +void +free_HDB_extension (HDB_extension */*data*/); + +void +free_HDB_extensions (HDB_extensions */*data*/); + +void +free_Key (Key */*data*/); + +void +free_Salt (Salt */*data*/); + +void +free_hdb_entry (hdb_entry */*data*/); + krb5_error_code hdb_add_master_key ( krb5_context /*context*/, @@ -297,6 +608,54 @@ hdb_write_master_key ( const char */*filename*/, hdb_master_key /*mkey*/); +void +initialize_hdb_error_table_r (struct et_list **/*list*/); + +HDBFlags +int2HDBFlags (unsigned /*n*/); + +size_t +length_Event (const Event */*data*/); + +size_t +length_GENERATION (const GENERATION */*data*/); + +size_t +length_HDBFlags (const HDBFlags */*data*/); + +size_t +length_HDB_Ext_Aliases (const HDB_Ext_Aliases */*data*/); + +size_t +length_HDB_Ext_Constrained_delegation_acl (const HDB_Ext_Constrained_delegation_acl */*data*/); + +size_t +length_HDB_Ext_Lan_Manager_OWF (const HDB_Ext_Lan_Manager_OWF */*data*/); + +size_t +length_HDB_Ext_PKINIT_acl (const HDB_Ext_PKINIT_acl */*data*/); + +size_t +length_HDB_Ext_PKINIT_certificate (const HDB_Ext_PKINIT_certificate */*data*/); + +size_t +length_HDB_Ext_Password (const HDB_Ext_Password */*data*/); + +size_t +length_HDB_extension (const HDB_extension */*data*/); + +size_t +length_HDB_extensions (const HDB_extensions */*data*/); + +size_t +length_Key (const Key */*data*/); + +size_t +length_Salt (const Salt */*data*/); + +size_t +length_hdb_entry (const hdb_entry */*data*/); + #ifdef __cplusplus } #endif diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index 53c952927f..8233eb6ac7 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: hdb.c,v 1.54 2005/05/29 18:12:28 lha Exp $"); +RCSID("$Id: hdb.c,v 1.55 2005/08/19 13:07:03 lha Exp $"); #ifdef HAVE_DLFCN_H #include @@ -174,9 +174,14 @@ hdb_check_db_format(krb5_context context, HDB *db) unsigned ver; int foo; + ret = db->hdb_lock(context, db, HDB_RLOCK); + if (ret) + return ret; + tag.data = HDB_DB_FORMAT_ENTRY; tag.length = strlen(tag.data); ret = (*db->hdb__get)(context, db, tag, &version); + db->hdb_unlock(context, db); if(ret) return ret; foo = sscanf(version.data, "%u", &ver); @@ -200,12 +205,19 @@ hdb_init_db(krb5_context context, HDB *db) if(ret != HDB_ERR_NOENTRY) return ret; + ret = db->hdb_lock(context, db, HDB_WLOCK); + if (ret) + return ret; + tag.data = HDB_DB_FORMAT_ENTRY; tag.length = strlen(tag.data); snprintf(ver, sizeof(ver), "%u", HDB_DB_FORMAT); version.data = ver; version.length = strlen(version.data) + 1; /* zero terminated */ ret = (*db->hdb__put)(context, db, 0, tag, version); + ret = db->hdb_unlock(context, db); + if (ret) + return ret; return ret; } diff --git a/source4/heimdal/lib/hdb/mkey.c b/source4/heimdal/lib/hdb/mkey.c index 9e04dc6d8d..f12f73e809 100644 --- a/source4/heimdal/lib/hdb/mkey.c +++ b/source4/heimdal/lib/hdb/mkey.c @@ -36,7 +36,7 @@ #define O_BINARY 0 #endif -RCSID("$Id: mkey.c,v 1.20 2005/08/10 08:41:03 lha Exp $"); +RCSID("$Id: mkey.c,v 1.21 2005/08/19 13:07:03 lha Exp $"); struct hdb_master_key_data { krb5_keytab_entry keytab; @@ -486,6 +486,9 @@ hdb_seal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey) krb5_data res; hdb_master_key key; + if(k->mkvno != NULL) + return 0; + key = _hdb_find_master_key(k->mkvno, mkey); if (key == NULL) diff --git a/source4/heimdal/lib/krb5/get_host_realm.c b/source4/heimdal/lib/krb5/get_host_realm.c index d9c5bd5dc1..feb01f0036 100644 --- a/source4/heimdal/lib/krb5/get_host_realm.c +++ b/source4/heimdal/lib/krb5/get_host_realm.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: get_host_realm.c,v 1.34 2005/04/19 18:52:51 lha Exp $"); +RCSID("$Id: get_host_realm.c,v 1.35 2005/08/23 08:14:02 lha Exp $"); /* To automagically find the correct realm of a host (without * [domain_realm] in krb5.conf) add a text record for your domain with @@ -94,30 +94,41 @@ dns_find_realm(krb5_context context, const char *domain, krb5_realm **realms) { - static char *default_labels[] = { "_kerberos", NULL }; + static const char *default_labels[] = { "_kerberos", NULL }; char dom[MAXHOSTNAMELEN]; struct dns_reply *r; - char **labels; + const char **labels; + char **config_labels; int i, ret; - labels = krb5_config_get_strings(context, NULL, "libdefaults", - "dns_lookup_realm_labels", NULL); - if(labels == NULL) + config_labels = krb5_config_get_strings(context, NULL, "libdefaults", + "dns_lookup_realm_labels", NULL); + if(config_labels != NULL) + labels = (const char **)config_labels; + else labels = default_labels; if(*domain == '.') domain++; for (i = 0; labels[i] != NULL; i++) { ret = snprintf(dom, sizeof(dom), "%s.%s.", labels[i], domain); - if(ret < 0 || ret >= sizeof(dom)) + if(ret < 0 || ret >= sizeof(dom)) { + if (config_labels) + krb5_config_free_strings(config_labels); return -1; + } r = dns_lookup(dom, "TXT"); if(r != NULL) { ret = copy_txt_to_realms (r->head, realms); dns_free_data(r); - if(ret == 0) + if(ret == 0) { + if (config_labels) + krb5_config_free_strings(config_labels); return 0; + } } } + if (config_labels) + krb5_config_free_strings(config_labels); return -1; } diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index e70527845b..8e2ebcf43e 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -309,6 +309,7 @@ _krb5_pk_rd_pa_reply ( void */*c*/, krb5_enctype /*etype*/, unsigned /*nonce*/, + const krb5_data */*req_buffer*/, PA_DATA */*pa*/, krb5_keyblock **/*key*/); diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 2750c8b5d2..711c5ead6e 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -20,6 +20,15 @@ extern "C" { #endif #endif +void +initialize_heim_error_table_r (struct et_list **/*list*/); + +void +initialize_k524_error_table_r (struct et_list **/*list*/); + +void +initialize_krb5_error_table_r (struct et_list **/*list*/); + krb5_error_code KRB5_LIB_FUNCTION krb524_convert_creds_kdc ( krb5_context /*context*/, @@ -2392,7 +2401,7 @@ krb5_prepend_config_files_default ( const char */*filelist*/, char ***/*pfilenames*/); -krb5_realm* +krb5_realm* KRB5_LIB_FUNCTION krb5_princ_realm ( krb5_context /*context*/, krb5_principal /*principal*/); @@ -2418,18 +2427,18 @@ krb5_principal_compare_any_realm ( const char* KRB5_LIB_FUNCTION krb5_principal_get_comp_string ( krb5_context /*context*/, - krb5_principal /*principal*/, + krb5_const_principal /*principal*/, unsigned int /*component*/); const char* KRB5_LIB_FUNCTION krb5_principal_get_realm ( krb5_context /*context*/, - krb5_principal /*principal*/); + krb5_const_principal /*principal*/); int KRB5_LIB_FUNCTION krb5_principal_get_type ( krb5_context /*context*/, - krb5_principal /*principal*/); + krb5_const_principal /*principal*/); krb5_boolean KRB5_LIB_FUNCTION krb5_principal_match ( @@ -3154,6 +3163,12 @@ krb5_unparse_name ( krb5_const_principal /*principal*/, char **/*name*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_unparse_name_always_short ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + char **/*name*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_unparse_name_fixed ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index b510478f65..74db080ab7 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -41,7 +41,7 @@ #include #include "resolve.h" -RCSID("$Id: principal.c,v 1.90 2005/06/30 01:38:15 lha Exp $"); +RCSID("$Id: principal.c,v 1.91 2005/08/23 08:34:40 lha Exp $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) @@ -69,21 +69,21 @@ krb5_principal_set_type(krb5_context context, int KRB5_LIB_FUNCTION krb5_principal_get_type(krb5_context context, - krb5_principal principal) + krb5_const_principal principal) { return princ_type(principal); } const char* KRB5_LIB_FUNCTION krb5_principal_get_realm(krb5_context context, - krb5_principal principal) + krb5_const_principal principal) { return princ_realm(principal); } const char* KRB5_LIB_FUNCTION krb5_principal_get_comp_string(krb5_context context, - krb5_principal principal, + krb5_const_principal principal, unsigned int component) { if(component >= princ_num_comp(principal)) @@ -268,16 +268,6 @@ unparse_name_fixed(krb5_context context, return ERANGE; } /* add realm if different from default realm */ - if(short_form) { - krb5_realm r; - krb5_error_code ret; - ret = krb5_get_default_realm(context, &r); - if(ret) - return ret; - if(strcmp(princ_realm(principal), r) != 0) - short_form = 0; - free(r); - } if(!short_form) { add_char(name, idx, len, '@'); idx = quote_string(princ_realm(principal), name, idx, len); @@ -296,13 +286,31 @@ krb5_unparse_name_fixed(krb5_context context, return unparse_name_fixed(context, principal, name, len, FALSE); } +krb5_error_code KRB5_LIB_FUNCTION +krb5_unparse_name_norealm_fixed(krb5_context context, + krb5_const_principal principal, + char *name, + size_t len) +{ + return unparse_name_fixed(context, principal, name, len, TRUE); +} + krb5_error_code KRB5_LIB_FUNCTION krb5_unparse_name_fixed_short(krb5_context context, krb5_const_principal principal, char *name, size_t len) { - return unparse_name_fixed(context, principal, name, len, TRUE); + krb5_realm r; + krb5_error_code ret; + krb5_boolean short_form = TRUE; + ret = krb5_get_default_realm(context, &r); + if(ret) + return ret; + if(strcmp(princ_realm(principal), r) != 0) + short_form = 0; + free(r); + return unparse_name_fixed(context, principal, name, len, short_form); } static krb5_error_code @@ -355,6 +363,23 @@ krb5_error_code KRB5_LIB_FUNCTION krb5_unparse_name_short(krb5_context context, krb5_const_principal principal, char **name) +{ + krb5_realm r; + krb5_error_code ret; + krb5_boolean short_form = TRUE; + ret = krb5_get_default_realm(context, &r); + if(ret) + return ret; + if(strcmp(princ_realm(principal), r) != 0) + short_form = 0; + free(r); + return unparse_name(context, principal, name, short_form); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_unparse_name_norealm(krb5_context context, + krb5_const_principal principal, + char **name) { return unparse_name(context, principal, name, TRUE); } @@ -372,7 +397,7 @@ krb5_unparse_name_ext(krb5_context context, #endif -krb5_realm* +krb5_realm* KRB5_LIB_FUNCTION krb5_princ_realm(krb5_context context, krb5_principal principal) { @@ -380,6 +405,7 @@ krb5_princ_realm(krb5_context context, } + void KRB5_LIB_FUNCTION krb5_princ_set_realm(krb5_context context, krb5_principal principal, @@ -764,7 +790,6 @@ krb5_425_conv_principal_ext2(krb5_context context, } #else struct addrinfo hints, *ai; - int ret; memset (&hints, 0, sizeof(hints)); hints.ai_flags = AI_CANONNAME; diff --git a/source4/heimdal/lib/roken/print_version.c b/source4/heimdal/lib/roken/print_version.c deleted file mode 100644 index 9d678056b5..0000000000 --- a/source4/heimdal/lib/roken/print_version.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -RCSID("$Id: print_version.c,v 1.9 2005/04/12 11:29:00 lha Exp $"); -#endif -#include "roken.h" - -#include "print_version.h" - -void ROKEN_LIB_FUNCTION -print_version(const char *progname) -{ - const char *arg[] = VERSIONLIST; - const int num_args = sizeof(arg) / sizeof(arg[0]); - char *msg; - size_t len = 0; - int i; - - if(progname == NULL) - progname = getprogname(); - - if(num_args == 0) - msg = "no version information"; - else { - for(i = 0; i < num_args; i++) { - if(i > 0) - len += 2; - len += strlen(arg[i]); - } - msg = malloc(len + 1); - if(msg == NULL) { - fprintf(stderr, "%s: out of memory\n", progname); - return; - } - msg[0] = '\0'; - for(i = 0; i < num_args; i++) { - if(i > 0) - strcat(msg, ", "); - strcat(msg, arg[i]); - } - } - fprintf(stderr, "%s (%s)\n", progname, msg); - fprintf(stderr, "Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan\n"); - if(num_args != 0) - free(msg); -} diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c index 46a1e4de71..d035982077 100644 --- a/source4/heimdal/lib/roken/resolve.c +++ b/source4/heimdal/lib/roken/resolve.c @@ -45,7 +45,7 @@ #include -RCSID("$Id: resolve.c,v 1.51 2005/06/16 16:46:16 lha Exp $"); +RCSID("$Id: resolve.c,v 1.52 2005/08/22 19:16:21 lha Exp $"); #ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */ #undef HAVE_RES_NSEARCH @@ -534,7 +534,11 @@ dns_lookup_int(const char *domain, int rr_class, int rr_type) } if (len < 0) { #ifdef HAVE_RES_NSEARCH +#ifdef HAVE_RES_NDESTROY + res_ndestroy(&state); +#else res_nclose(&state); +#endif #endif free(reply); return NULL; diff --git a/source4/heimdal/lib/roken/setprogname.c b/source4/heimdal/lib/roken/setprogname.c index 9c4210da9b..315fa52e50 100644 --- a/source4/heimdal/lib/roken/setprogname.c +++ b/source4/heimdal/lib/roken/setprogname.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: setprogname.c,v 1.3 2005/04/12 11:29:05 lha Exp $"); +RCSID("$Id: setprogname.c,v 1.4 2005/08/23 10:19:20 lha Exp $"); #endif #include "roken.h" @@ -47,12 +47,12 @@ void ROKEN_LIB_FUNCTION setprogname(const char *argv0) { #ifndef HAVE___PROGNAME - char *p; + const char *p; if(argv0 == NULL) return; p = strrchr(argv0, '/'); if(p == NULL) - p = (char *)argv0; + p = argv0; else p++; __progname = p; diff --git a/source4/heimdal/lib/roken/strpool.c b/source4/heimdal/lib/roken/strpool.c index 8ee95654cb..cf9997af9d 100644 --- a/source4/heimdal/lib/roken/strpool.c +++ b/source4/heimdal/lib/roken/strpool.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strpool.c,v 1.1 2005/06/28 22:46:57 lha Exp $"); +RCSID("$Id: strpool.c,v 1.2 2005/08/25 14:59:06 lha Exp $"); #endif #include @@ -81,19 +81,18 @@ rk_strpoolprintf(struct rk_strpool *p, const char *fmt, ...) len = vasprintf(&str, fmt, ap); va_end(ap); if (str == NULL) { - printf("vasprintf"); rk_strpoolfree(p); return NULL; } str2 = realloc(p->str, len + p->len + 1); if (str2 == NULL) { - printf("realloc"); rk_strpoolfree(p); return NULL; } p->str = str2; memcpy(p->str + p->len, str, len + 1); p->len += len; + free(str); return p; } diff --git a/source4/heimdal/lib/vers/print_version.c b/source4/heimdal/lib/vers/print_version.c new file mode 100644 index 0000000000..92c709b494 --- /dev/null +++ b/source4/heimdal/lib/vers/print_version.c @@ -0,0 +1,55 @@ +/* + * Copyright (c) 1998 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: print_version.c,v 1.9 2005/01/01 14:27:47 lha Exp $"); +#endif +#include "roken.h" + +#include "print_version.h" + +void +print_version(const char *progname) +{ + const char *package_list = VERSIONLIST; + + if(progname == NULL) + progname = getprogname(); + + if(*package_list == '\0') + package_list = "no version information"; + fprintf(stderr, "%s (%s)\n", progname, package_list); + fprintf(stderr, "Copyright 1999-2005 Kungliga Tekniska Högskolan\n"); + fprintf(stderr, "Send bug-reports to %s\n", PACKAGE_BUGREPORT); +} -- cgit From 3c265c79867e55a8118c2fa3c545a451e2b5e7e9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 27 Aug 2005 22:48:39 +0000 Subject: r9696: Update prototypes for new name of short parsing function. Andrew Bartlett (This used to be commit cc35cd5ee2abbd6be01dc1ea66eca0bd48a6f636) --- source4/heimdal/lib/krb5/krb5-protos.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 711c5ead6e..71d42b43b8 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -3164,20 +3164,27 @@ krb5_unparse_name ( char **/*name*/); krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_always_short ( +krb5_unparse_name_fixed ( krb5_context /*context*/, krb5_const_principal /*principal*/, - char **/*name*/); + char */*name*/, + size_t /*len*/); krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_fixed ( +krb5_unparse_name_fixed_short ( krb5_context /*context*/, krb5_const_principal /*principal*/, char */*name*/, size_t /*len*/); krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_fixed_short ( +krb5_unparse_name_norealm ( + krb5_context /*context*/, + krb5_const_principal /*principal*/, + char **/*name*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_unparse_name_norealm_fixed ( krb5_context /*context*/, krb5_const_principal /*principal*/, char */*name*/, -- cgit From 147878160354059a939263d68b30c8baf659b39d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 1 Sep 2005 01:32:50 +0000 Subject: r9859: Enable (blocking) KDC resolution with DNS. To enable, set: [libdefaults] dns_lookup_realm = true dns_lookup_kdc = true in your /etc/krb5.conf. In the future I may override the krb5.conf and set this on by default in Samba4. Andrew Bartlett (This used to be commit 32fb50d02560123b8d0ab13346041806c062f9bf) --- source4/heimdal/cf/find-func-no-libs.m4 | 9 +++ source4/heimdal/cf/find-func-no-libs2.m4 | 63 +++++++++++++++++++ source4/heimdal/cf/find-func.m4 | 9 +++ source4/heimdal/cf/resolv.m4 | 104 +++++++++++++++++++++++++++++++ 4 files changed, 185 insertions(+) create mode 100644 source4/heimdal/cf/find-func-no-libs.m4 create mode 100644 source4/heimdal/cf/find-func-no-libs2.m4 create mode 100644 source4/heimdal/cf/find-func.m4 create mode 100644 source4/heimdal/cf/resolv.m4 (limited to 'source4/heimdal') diff --git a/source4/heimdal/cf/find-func-no-libs.m4 b/source4/heimdal/cf/find-func-no-libs.m4 new file mode 100644 index 0000000000..03ff6dc02b --- /dev/null +++ b/source4/heimdal/cf/find-func-no-libs.m4 @@ -0,0 +1,9 @@ +dnl $Id: find-func-no-libs.m4,v 1.6 2004/02/12 14:20:45 lha Exp $ +dnl +dnl +dnl Look for function in any of the specified libraries +dnl + +dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra args) +AC_DEFUN([AC_FIND_FUNC_NO_LIBS], [ +AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])]) diff --git a/source4/heimdal/cf/find-func-no-libs2.m4 b/source4/heimdal/cf/find-func-no-libs2.m4 new file mode 100644 index 0000000000..2e7c8b7d4b --- /dev/null +++ b/source4/heimdal/cf/find-func-no-libs2.m4 @@ -0,0 +1,63 @@ +dnl $Id: find-func-no-libs2.m4,v 1.9 2004/08/26 12:35:42 joda Exp $ +dnl +dnl +dnl Look for function in any of the specified libraries +dnl + +dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments, extra libs, extra args) +AC_DEFUN([AC_FIND_FUNC_NO_LIBS2], [ + +AC_MSG_CHECKING([for $1]) +AC_CACHE_VAL(ac_cv_funclib_$1, +[ +if eval "test \"\$ac_cv_func_$1\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in $2; do + case "$ac_lib" in + "") ;; + yes) ac_lib="" ;; + no) continue ;; + -l*) ;; + *) ac_lib="-l$ac_lib" ;; + esac + LIBS="$6 $ac_lib $5 $ac_save_LIBS" + AC_LINK_IFELSE([AC_LANG_PROGRAM([[$3]],[[$1($4)]])],[eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break]) + done + eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}" + LIBS="$ac_save_LIBS" +fi +]) + +eval "ac_res=\$ac_cv_funclib_$1" + +if false; then + AC_CHECK_FUNCS($1) +dnl AC_CHECK_LIBS($2, foo) +fi +# $1 +eval "ac_tr_func=HAVE_[]upcase($1)" +eval "ac_tr_lib=HAVE_LIB[]upcase($ac_res | sed -e 's/-l//')" +eval "LIB_$1=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_$1=yes" + eval "LIB_$1=" + AC_DEFINE_UNQUOTED($ac_tr_func) + AC_MSG_RESULT([yes]) + ;; + no) + eval "ac_cv_func_$1=no" + eval "LIB_$1=" + AC_MSG_RESULT([no]) + ;; + *) + eval "ac_cv_func_$1=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + AC_DEFINE_UNQUOTED($ac_tr_func) + AC_DEFINE_UNQUOTED($ac_tr_lib) + AC_MSG_RESULT([yes, in $ac_res]) + ;; +esac +AC_SUBST(LIB_$1) +]) diff --git a/source4/heimdal/cf/find-func.m4 b/source4/heimdal/cf/find-func.m4 new file mode 100644 index 0000000000..aa500283f2 --- /dev/null +++ b/source4/heimdal/cf/find-func.m4 @@ -0,0 +1,9 @@ +dnl $Id: find-func.m4,v 1.2 2004/02/12 14:20:47 lha Exp $ +dnl +dnl AC_FIND_FUNC(func, libraries, includes, arguments) +AC_DEFUN([AC_FIND_FUNC], [ +AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4]) +if test -n "$LIB_$1"; then + LIBS="$LIB_$1 $LIBS" +fi +]) diff --git a/source4/heimdal/cf/resolv.m4 b/source4/heimdal/cf/resolv.m4 new file mode 100644 index 0000000000..9f86304f1c --- /dev/null +++ b/source4/heimdal/cf/resolv.m4 @@ -0,0 +1,104 @@ +dnl stuff used by DNS resolv code + +AC_DEFUN([rk_RESOLV], [ + + AC_CHECK_HEADERS(resolv.h, , , [AC_INCLUDES_DEFAULT +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +]) + + AC_FIND_FUNC(res_search, resolv, +[ +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif +], +[0,0,0,0,0]) + + AC_FIND_FUNC(res_nsearch, resolv, +[ +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif +], +[0,0,0,0,0,0]) + + AC_FIND_FUNC(res_ndestroy, resolv, +[ +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif +], +[0]) + + AC_FIND_FUNC(dn_expand, resolv, +[ +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif +], +[0,0,0,0,0]) + + rk_CHECK_VAR(_res, +[#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif]) + +]) -- cgit From 92a652c2a4a5895e5f4facc06f1fd80cbf50ab8f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 1 Sep 2005 07:03:33 +0000 Subject: r9877: Merge from lorikeet-heimdal, to try and fix build failures. Andrew Bartlett (This used to be commit 53f2bf3b9178b78527bb43b9dca7b43e1497dd20) --- source4/heimdal/cf/resolv.m4 | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/heimdal') diff --git a/source4/heimdal/cf/resolv.m4 b/source4/heimdal/cf/resolv.m4 index 9f86304f1c..81a7a143f9 100644 --- a/source4/heimdal/cf/resolv.m4 +++ b/source4/heimdal/cf/resolv.m4 @@ -2,6 +2,8 @@ dnl stuff used by DNS resolv code AC_DEFUN([rk_RESOLV], [ + AC_CHECK_HEADERS(arpa/nameser.h) + AC_CHECK_HEADERS(resolv.h, , , [AC_INCLUDES_DEFAULT #ifdef HAVE_SYS_TYPES_H #include -- cgit From ad14812b8f036fb47b4817d5ee391416dd9bf567 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 1 Sep 2005 23:31:51 +0000 Subject: r9931: Make use of new 'norealm' parsing functions rather than strchr(p '@'). Merge these norealm functions from lorikeet-heimdal. Andrew Bartlett (This used to be commit 6aef275efd7f434f65824eb3dd129c8e5efd8731) --- source4/heimdal/lib/krb5/krb5-protos.h | 13 +++++++ source4/heimdal/lib/krb5/principal.c | 71 ++++++++++++++++++++++++---------- 2 files changed, 64 insertions(+), 20 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 71d42b43b8..cc619314a3 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -2377,6 +2377,12 @@ krb5_parse_name ( const char */*name*/, krb5_principal */*principal*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_parse_name_norealm ( + krb5_context /*context*/, + const char */*name*/, + krb5_principal */*principal*/); + const char* KRB5_LIB_FUNCTION krb5_passwd_result_to_string ( krb5_context /*context*/, @@ -3430,6 +3436,13 @@ krb5_write_safe_message ( krb5_error_code KRB5_LIB_FUNCTION krb5_xfree (void */*ptr*/); +krb5_error_code +parse_name ( + krb5_context /*context*/, + const char */*name*/, + krb5_boolean /*short_form*/, + krb5_principal */*principal*/); + #ifdef __cplusplus } #endif diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index 74db080ab7..8540636403 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -91,10 +91,11 @@ krb5_principal_get_comp_string(krb5_context context, return princ_ncomp(principal, component); } -krb5_error_code KRB5_LIB_FUNCTION -krb5_parse_name(krb5_context context, - const char *name, - krb5_principal *principal) +krb5_error_code +parse_name(krb5_context context, + const char *name, + krb5_boolean short_form, + krb5_principal *principal) { krb5_error_code ret; heim_general_string *comp; @@ -184,19 +185,29 @@ krb5_parse_name(krb5_context context, } *q++ = c; } - if(got_realm){ - realm = malloc(q - start + 1); - if (realm == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - ret = ENOMEM; + if (got_realm) { + if (short_form) { + krb5_set_error_string (context, "realm found in 'short' principal expected to be without one!"); + ret = KRB5_PARSE_MALFORMED; goto exit; + } else { + realm = malloc(q - start + 1); + if (realm == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + ret = ENOMEM; + goto exit; + } + memcpy(realm, start, q - start); + realm[q - start] = 0; } - memcpy(realm, start, q - start); - realm[q - start] = 0; }else{ - ret = krb5_get_default_realm (context, &realm); - if (ret) - goto exit; + if (short_form) { + ret = krb5_get_default_realm (context, &realm); + if (ret) + goto exit; + } else { + realm = NULL; + } comp[n] = malloc(q - start + 1); if (comp[n] == NULL) { @@ -229,6 +240,21 @@ exit: return ret; } +krb5_error_code KRB5_LIB_FUNCTION +krb5_parse_name(krb5_context context, + const char *name, + krb5_principal *principal) +{ + return parse_name(context, name, FALSE, principal); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_parse_name_norealm(krb5_context context, + const char *name, + krb5_principal *principal) +{ + return parse_name(context, name, TRUE, principal); +} static const char quotable_chars[] = " \n\t\b\\/@"; static const char replace_chars[] = " ntb\\/@"; @@ -323,12 +349,17 @@ unparse_name(krb5_context context, int i; krb5_error_code ret; /* count length */ - plen = strlen(princ_realm(principal)); - if(strcspn(princ_realm(principal), quotable_chars) == plen) - len += plen; - else - len += 2*plen; - len++; + if (!short_flag) { + plen = strlen(princ_realm(principal)); + if(strcspn(princ_realm(principal), quotable_chars) == plen) + len += plen; + else + len += 2*plen; + len++; + } else { + len = 0; + } + for(i = 0; i < princ_num_comp(principal); i++){ plen = strlen(princ_ncomp(principal, i)); if(strcspn(princ_ncomp(principal, i), quotable_chars) == plen) -- cgit From 52d9dbe75c088922052a7e54213963ed90f1c021 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 4 Sep 2005 08:17:24 +0000 Subject: r10022: Merge tpot's fix for IRIX and AIX_rea build problems from lorikeet-heimdal to Samba4. Andrew Bartlett (This used to be commit 6835e427907bf52f7fdd332b726ffa47041853de) --- source4/heimdal/lib/roken/resolve.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c index d035982077..8764f422ec 100644 --- a/source4/heimdal/lib/roken/resolve.c +++ b/source4/heimdal/lib/roken/resolve.c @@ -490,7 +490,7 @@ dns_lookup_int(const char *domain, int rr_class, int rr_type) memset(&state, 0, sizeof(state)); if(res_ninit(&state)) return NULL; /* is this the best we can do? */ -#elif defined(HAVE__RES) +#elif defined(HAVE__RES) && defined(HAVE_DECL__RES) u_long old_options = 0; #endif @@ -506,7 +506,7 @@ dns_lookup_int(const char *domain, int rr_class, int rr_type) if (_resolve_debug) { #ifdef HAVE_RES_NSEARCH state.options |= RES_DEBUG; -#elif defined(HAVE__RES) +#elif defined(HAVE__RES) && defined(HAVE_DECL__RES) old_options = _res.options; _res.options |= RES_DEBUG; #endif @@ -526,7 +526,7 @@ dns_lookup_int(const char *domain, int rr_class, int rr_type) len = res_search(domain, rr_class, rr_type, reply, size); #endif if (_resolve_debug) { -#if defined(HAVE__RES) && !defined(HAVE_RES_NSEARCH) +#if defined(HAVE__RES) && defined(HAVE_DECL__RES) && !defined(HAVE_RES_NSEARCH) _res.options = old_options; #endif fprintf(stderr, "dns_lookup(%s, %d, %s) --> %d\n", -- cgit From 6b14ffe2713efe2e16a988d920d2dbd7c088601d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 5 Sep 2005 10:53:14 +0000 Subject: r10035: This patch removes the need for the special case hack 'MEMORY_WILDCARD' keytab type. (part of this checking is in effect a merge from lorikeet-heimdal, where I removed this) This is achieved by correctly using the GSSAPI gsskrb5_acquire_cred() function, as this allows us to specify the target principal, regardless of which alias the client may use. This patch also tries to simplify some principal handling and fixes some error cases. Posted to samba-technical, reviewed by metze, and looked over by lha on IRC. Andrew Bartlett (This used to be commit 506a7b67aee949b102d8bf0d6ee9cd12def10d00) --- source4/heimdal/lib/krb5/context.c | 1 - source4/heimdal/lib/krb5/keytab_memory.c | 53 -------------------------------- source4/heimdal/lib/krb5/krb5.h | 1 - 3 files changed, 55 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index 62fb92d666..4d6eae2b24 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -231,7 +231,6 @@ krb5_init_context(krb5_context *context) krb5_kt_register (p, &krb5_wrfkt_ops); krb5_kt_register (p, &krb5_javakt_ops); krb5_kt_register (p, &krb5_mkt_ops); - krb5_kt_register (p, &krb5_mktw_ops); krb5_kt_register (p, &krb5_akf_ops); krb5_kt_register (p, &krb4_fkt_ops); krb5_kt_register (p, &krb5_srvtab_fkt_ops); diff --git a/source4/heimdal/lib/krb5/keytab_memory.c b/source4/heimdal/lib/krb5/keytab_memory.c index 3dca5154e3..1d866fa11e 100644 --- a/source4/heimdal/lib/krb5/keytab_memory.c +++ b/source4/heimdal/lib/krb5/keytab_memory.c @@ -174,56 +174,3 @@ const krb5_kt_ops krb5_mkt_ops = { mkt_add_entry, mkt_remove_entry }; - -static krb5_error_code -mktw_get_entry(krb5_context context, - krb5_keytab id, - krb5_const_principal principal, - krb5_kvno kvno, - krb5_enctype enctype, - krb5_keytab_entry *entry) -{ - krb5_keytab_entry tmp; - krb5_error_code ret; - krb5_kt_cursor cursor; - - ret = krb5_kt_start_seq_get (context, id, &cursor); - if (ret) - return KRB5_KT_NOTFOUND; /* XXX i.e. file not found */ - - entry->vno = 0; - while (krb5_kt_next_entry(context, id, &tmp, &cursor) == 0) { - if (krb5_kt_compare(context, &tmp, NULL, 0, enctype)) { - if (kvno == tmp.vno) { - krb5_kt_copy_entry_contents (context, &tmp, entry); - krb5_kt_free_entry (context, &tmp); - krb5_kt_end_seq_get(context, id, &cursor); - return 0; - } else if (kvno == 0 && tmp.vno > entry->vno) { - if (entry->vno) - krb5_kt_free_entry (context, entry); - krb5_kt_copy_entry_contents (context, &tmp, entry); - } - } - krb5_kt_free_entry(context, &tmp); - } - krb5_kt_end_seq_get (context, id, &cursor); - if (entry->vno) { - return 0; - } else { - return KRB5_KT_NOTFOUND; - } -}; - -const krb5_kt_ops krb5_mktw_ops = { - "MEMORY_WILDCARD", - mkt_resolve, - mkt_get_name, - mkt_close, - mktw_get_entry, /* get */ - mkt_start_seq_get, - mkt_next_entry, - mkt_end_seq_get, - mkt_add_entry, - mkt_remove_entry -}; diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index 5789bff205..c47c4450f1 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -698,7 +698,6 @@ extern const krb5_kt_ops krb5_fkt_ops; extern const krb5_kt_ops krb5_wrfkt_ops; extern const krb5_kt_ops krb5_javakt_ops; extern const krb5_kt_ops krb5_mkt_ops; -extern const krb5_kt_ops krb5_mktw_ops; extern const krb5_kt_ops krb5_akf_ops; extern const krb5_kt_ops krb4_fkt_ops; extern const krb5_kt_ops krb5_srvtab_fkt_ops; -- cgit From 1f2f470889d63a2a81ee3f2d8bdff782ac8d0e28 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 7 Sep 2005 21:52:50 +0000 Subject: r10066: This is the second in my patches to work on Samba4's kerberos support, with an aim to make the code simpiler and more correct. Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over all keytypes)' code in gensec_krb5, we now follow the approach used in gensec_gssapi, and use a keytab. I have also done a lot of work in the GSSAPI code, to try and reduce the diff between us and upstream heimdal. It was becoming hard to track patches in this code, and I also want this patch (the DCE_STYLE support) to be in a 'manageable' state for when lha considers it for merging. (metze assures me it still has memory leak problems, but I've started to address some of that). This patch also includes a simple update of other code to current heimdal, as well as changes we need for better PAC verification. On the PAC side of things we now match windows member servers by checking the name and authtime on an incoming PAC. Not generating these right was the cause of the PAC pain, and so now both the main code and torture test validate this behaviour. One thing doesn't work with this patch: - the sealing of RPC pipes with kerberos, Samba -> Samba seems broken. I'm pretty sure this is related to AES, and the need to break apart the gss_wrap interface. Andrew Bartlett (This used to be commit a3aba57c00a9c5318f4706db55d03f64e8bea60c) --- source4/heimdal/kdc/kerberos5.c | 31 +- source4/heimdal/lib/gssapi/accept_sec_context.c | 667 +++++++++++++----------- source4/heimdal/lib/gssapi/copy_ccache.c | 19 + source4/heimdal/lib/gssapi/gssapi.h | 4 + source4/heimdal/lib/gssapi/init_sec_context.c | 18 +- source4/heimdal/lib/krb5/krb5-protos.h | 13 +- source4/heimdal/lib/krb5/rd_rep.c | 146 +++--- source4/heimdal/lib/krb5/rd_req.c | 20 +- source4/heimdal/lib/roken/roken-common.h | 31 +- 9 files changed, 522 insertions(+), 427 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 453263774b..38444f4a13 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -208,7 +208,7 @@ log_timestamp(krb5_context context, strlcpy(renewtime_str, "unset", sizeof(renewtime_str)); kdc_log(context, config, 5, - "%s authtime: %s starttime: %s endtype: %s renew till: %s", + "%s authtime: %s starttime: %s endtime: %s renew till: %s", type, authtime_str, starttime_str, endtime_str, renewtime_str); } @@ -329,8 +329,9 @@ make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key) { ent->etype = key->key.keytype; if(key->salt){ - ALLOC(ent->salttype); #if 0 + ALLOC(ent->salttype); + if(key->salt->type == hdb_pw_salt) *ent->salttype = 0; /* or 1? or NULL? */ else if(key->salt->type == hdb_afs3_salt) @@ -345,8 +346,17 @@ make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key) *know* what cell you are using (e.g by assuming that the cell is the same as the realm in lower case) */ -#else +#elif 0 + ALLOC(ent->salttype); *ent->salttype = key->salt->type; +#else + /* + * We shouldn't sent salttype since its incompatible with the + * specification and its break windows clients. The afs + * salting problem is solved by using KRB5-PADATA-AFS3-SALT + * implemented in Heimdal 0.7 and later. + */ + ent->salttype = NULL; #endif krb5_copy_data(context, &key->salt->salt, &ent->salt); @@ -1508,7 +1518,20 @@ fix_transited_encoding(krb5_context context, int num_realms; int i; - if(tr->tr_type != DOMAIN_X500_COMPRESS) { + switch (tr->tr_type) { + case DOMAIN_X500_COMPRESS: + break; + case 0: + /* + * Allow empty content of type 0 because that is was Microsoft + * generates in their TGT. + */ + if (tr->contents.length == 0) + break; + kdc_log(context, config, 0, + "Transited type 0 with non empty content"); + return KRB5KDC_ERR_TRTYPE_NOSUPP; + default: kdc_log(context, config, 0, "Unknown transited type: %u", tr->tr_type); return KRB5KDC_ERR_TRTYPE_NOSUPP; diff --git a/source4/heimdal/lib/gssapi/accept_sec_context.c b/source4/heimdal/lib/gssapi/accept_sec_context.c index 2ba2415112..7412d84eb0 100644 --- a/source4/heimdal/lib/gssapi/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/accept_sec_context.c @@ -274,215 +274,224 @@ gsskrb5_acceptor_ready( return GSS_S_COMPLETE; } - static OM_uint32 -gsskrb5_acceptor_start( - OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - const gss_cred_id_t acceptor_cred_handle, - const gss_buffer_t input_token, - const gss_channel_bindings_t input_chan_bindings, - gss_name_t * src_name, - gss_OID * mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec, - gss_cred_id_t * delegated_cred_handle) +gsskrb5_acceptor_start + (OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token_buffer, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t * src_name, + gss_OID * mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec, + gss_cred_id_t * delegated_cred_handle + ) { - krb5_error_code kret; - OM_uint32 ret = GSS_S_COMPLETE; - krb5_data indata; - krb5_flags ap_options; - OM_uint32 flags; - krb5_ticket *ticket = NULL; - krb5_keytab keytab = NULL; - krb5_keyblock *keyblock = NULL; - int no_wrap = 0; - - /* - * TODO: check the channel_bindings - */ - - /* - * We need a sequence number - */ - krb5_auth_con_addflags(gssapi_krb5_context, - (*context_handle)->auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE, - NULL); - - /* - * We need remove the decapsulate only when GSS_C_DCE_STYLE isn't in use - */ - ret = gssapi_krb5_decapsulate(minor_status, - input_token,&indata, - "\x01\x00", - GSS_KRB5_MECHANISM); - if (ret) { - /* No OID wrapping apparently available. */ - no_wrap = 1; - indata.length = input_token->length; - indata.data = input_token->value; - } + krb5_error_code kret; + OM_uint32 ret = GSS_S_COMPLETE; + krb5_data indata; + krb5_flags ap_options; + OM_uint32 flags; + krb5_ticket *ticket = NULL; + krb5_keytab keytab = NULL; + krb5_keyblock *keyblock = NULL; + krb5_data fwd_data; + int is_cfx = 0; + + krb5_data_zero (&fwd_data); + + /* + * We may, or may not, have an escapsulation. + */ + ret = gssapi_krb5_decapsulate (minor_status, + input_token_buffer, + &indata, + "\x01\x00", + GSS_KRB5_MECHANISM); - /* - * We need to get our keytab - */ - if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) { - if (gssapi_krb5_keytab != NULL) { - keytab = gssapi_krb5_keytab; - } - } else { - keytab = acceptor_cred_handle->keytab; - } + if (ret) { + /* No OID wrapping apparently available. */ + indata.length = input_token_buffer->length; + indata.data = input_token_buffer->value; + } - /* - * We need to check the ticket and create the AP-REP packet - */ - kret = krb5_rd_req_return_keyblock(gssapi_krb5_context, - &(*context_handle)->auth_context, - &indata, - (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred_handle->principal, - keytab, - &ap_options, - &ticket, - &keyblock); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; + /* + * We need to get our keytab + */ + if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) { + if (gssapi_krb5_keytab != NULL) { + keytab = gssapi_krb5_keytab; } + } else if (acceptor_cred_handle->keytab != NULL) { + keytab = acceptor_cred_handle->keytab; + } + + /* + * We need to check the ticket and create the AP-REP packet + */ + kret = krb5_rd_req_return_keyblock(gssapi_krb5_context, + &(*context_handle)->auth_context, + &indata, + (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred_handle->principal, + keytab, + &ap_options, + &ticket, + &keyblock); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + return ret; + } + + /* + * We need to remember some data on the context_handle + */ + (*context_handle)->ticket = ticket; + (*context_handle)->service_keyblock = keyblock; + (*context_handle)->lifetime = ticket->ticket.endtime; + + /* + * We need to copy the principal names to the context and the calling layer + */ + kret = krb5_copy_principal(gssapi_krb5_context, + ticket->client, + &(*context_handle)->source); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + } - /* - * We need to remember some data on the context_handle - */ - (*context_handle)->ticket = ticket; - (*context_handle)->service_keyblock = keyblock; - (*context_handle)->lifetime = ticket->ticket.endtime; - - /* - * We need to copy the principal names to the context and the calling layer - */ - kret = krb5_copy_principal(gssapi_krb5_context, - ticket->client, - &(*context_handle)->source); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } + kret = krb5_copy_principal (gssapi_krb5_context, + ticket->server, + &(*context_handle)->target); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + return ret; + } + + /* + * We need to setup some compat stuff, this assumes that context_handle->target is already set + */ + ret = _gss_DES3_get_mic_compat(minor_status, *context_handle); + if (ret) { + return ret; + } - kret = krb5_copy_principal(gssapi_krb5_context, - ticket->server, - &(*context_handle)->target); + if (src_name != NULL) { + kret = krb5_copy_principal (gssapi_krb5_context, + ticket->client, + src_name); if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + return ret; } + } - /* - * We need to setup some compat stuff, this assumes that context_handle->target is already set - */ - ret = _gss_DES3_get_mic_compat(minor_status, *context_handle); - if (ret) return ret; - - /* - * We need to get the flags out of the 8003 checksum - */ - { - krb5_authenticator authenticator; - - kret = krb5_auth_con_getauthenticator(gssapi_krb5_context, + /* + * We need to get the flags out of the 8003 checksum + */ + { + krb5_authenticator authenticator; + + kret = krb5_auth_con_getauthenticator(gssapi_krb5_context, (*context_handle)->auth_context, &authenticator); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - - ret = gssapi_krb5_verify_8003_checksum(minor_status, - input_chan_bindings, - authenticator->cksum, - &flags, - &(*context_handle)->fwd_data); - krb5_free_authenticator(gssapi_krb5_context, &authenticator); - if (ret) return ret; - } - - /* And remember them for later */ - (*context_handle)->flags = flags; - - if(flags & GSS_C_MUTUAL_FLAG) { - int is_cfx = 0; - krb5_data outbuf; - - gsskrb5_is_cfx(*context_handle, &is_cfx); - - if (is_cfx || (ap_options & AP_OPTS_USE_SUBKEY)) { - kret = krb5_auth_con_addflags(gssapi_krb5_context, - (*context_handle)->auth_context, - KRB5_AUTH_CONTEXT_USE_SUBKEY, - NULL); - (*context_handle)->more_flags |= ACCEPTOR_SUBKEY; - } - - kret = krb5_mk_rep(gssapi_krb5_context, - (*context_handle)->auth_context, - &outbuf); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - - if (!(flags & GSS_C_DCE_STYLE)) { - ret = gssapi_krb5_encapsulate(minor_status, - &outbuf, - output_token, - "\x02\x00", - GSS_KRB5_MECHANISM); - krb5_data_free (&outbuf); - if (ret) return ret; - } else { - output_token->length = outbuf.length; - output_token->value = outbuf.data; - } + if(kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + return ret; } - /* - * We need to set the return value for the calling layer - */ - if (ret_flags) *ret_flags = flags; - - if (time_rec) { - ret = gssapi_lifetime_left(minor_status, - (*context_handle)->lifetime, - time_rec); - if (ret) return ret; - } + ret = gssapi_krb5_verify_8003_checksum(minor_status, + input_chan_bindings, + authenticator->cksum, + &flags, + &fwd_data); + krb5_free_authenticator(gssapi_krb5_context, &authenticator); + if (ret) + if (ret) return ret; + } + + if(flags & GSS_C_MUTUAL_FLAG) { + krb5_data outbuf; + + gsskrb5_is_cfx(*context_handle, &is_cfx); + + if (is_cfx != 0 + || (ap_options & AP_OPTS_USE_SUBKEY)) { + kret = krb5_auth_con_addflags(gssapi_krb5_context, + (*context_handle)->auth_context, + KRB5_AUTH_CONTEXT_USE_SUBKEY, + NULL); + (*context_handle)->more_flags |= ACCEPTOR_SUBKEY; + } + + kret = krb5_mk_rep(gssapi_krb5_context, + (*context_handle)->auth_context, + &outbuf); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + + if (!(flags & GSS_C_DCE_STYLE)) { + ret = gssapi_krb5_encapsulate(minor_status, + &outbuf, + output_token, + "\x02\x00", + GSS_KRB5_MECHANISM); + krb5_data_free (&outbuf); + if (ret) return ret; + } else { + output_token->length = outbuf.length; + output_token->value = outbuf.data; + } + } + + /* + * We need to send the flags back to the caller + */ + flags |= GSS_C_TRANS_FLAG; - if (src_name) { - kret = krb5_copy_principal(gssapi_krb5_context, - (*context_handle)->source, - src_name); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - } + if (ret_flags) + *ret_flags = flags; + + /* And remember them for later */ + + (*context_handle)->lifetime = ticket->ticket.endtime; + (*context_handle)->flags = flags; + (*context_handle)->more_flags |= OPEN; + + if (mech_type) + *mech_type = GSS_KRB5_MECHANISM; + + if (time_rec) { + ret = gssapi_lifetime_left(minor_status, + (*context_handle)->lifetime, + time_rec); + if (ret) + if (ret) return ret; + } - /* - * When GSS_C_DCE_STYLE is in use, we need ask for a AP-REP from the client - */ - if (flags & GSS_C_DCE_STYLE) { - (*context_handle)->state = ACCEPTOR_WAIT_FOR_DCESTYLE; - return GSS_S_CONTINUE_NEEDED; - } + /* + * When GSS_C_DCE_STYLE is in use, we need ask for a AP-REP from the client + */ + if (flags & GSS_C_DCE_STYLE) { + (*context_handle)->state = ACCEPTOR_WAIT_FOR_DCESTYLE; + return GSS_S_CONTINUE_NEEDED; + } - return gsskrb5_acceptor_ready(minor_status, context_handle, delegated_cred_handle); + return gsskrb5_acceptor_ready(minor_status, context_handle, delegated_cred_handle); } static OM_uint32 @@ -490,7 +499,7 @@ gsskrb5_acceptor_wait_for_dcestyle( OM_uint32 * minor_status, gss_ctx_id_t * context_handle, const gss_cred_id_t acceptor_cred_handle, - const gss_buffer_t input_token, + const gss_buffer_t input_token_buffer, const gss_channel_bindings_t input_chan_bindings, gss_name_t * src_name, gss_OID * mech_type, @@ -506,8 +515,8 @@ gsskrb5_acceptor_wait_for_dcestyle( OM_uint32 l_seq_number; /* We know it's GSS_C_DCE_STYLE so we don't need to decapsulate the AP_REP */ - inbuf.length = input_token->length; - inbuf.data = input_token->value; + inbuf.length = input_token_buffer->length; + inbuf.data = input_token_buffer->value; /* * We need to remeber the old remote seq_number, then check if the client has replied with our local seq_number, @@ -547,18 +556,41 @@ gsskrb5_acceptor_wait_for_dcestyle( */ { krb5_ap_rep_enc_part *repl; + int32_t auth_flags; + + kret = krb5_auth_con_removeflags(gssapi_krb5_context, + (*context_handle)->auth_context, + KRB5_AUTH_CONTEXT_DO_TIME, &auth_flags); + if (kret) { /* Can't happen */ + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } - kret = _krb5_rd_rep_type(gssapi_krb5_context, - (*context_handle)->auth_context, - &inbuf, - &repl, - TRUE); + kret = krb5_rd_rep(gssapi_krb5_context, + (*context_handle)->auth_context, + &inbuf, + &repl); if (kret) { gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } + + /* Because the inbuf above is a final leg from client + * to server, we don't have a use for a 'reply' + * here */ krb5_free_ap_rep_enc_part(gssapi_krb5_context, repl); + + /* Do no harm, put the flags back */ + kret = krb5_auth_con_setflags(gssapi_krb5_context, + (*context_handle)->auth_context, + auth_flags); + if (kret) { /* Can't happen */ + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } } /* We need to check the liftime */ @@ -598,7 +630,7 @@ gsskrb5_acceptor_wait_for_dcestyle( */ { OM_uint32 tmp_r_seq_number; - OM_uint32 l_seq_number; + OM_uint32 tmp_l_seq_number; kret = krb5_auth_getremoteseqnumber(gssapi_krb5_context, (*context_handle)->auth_context, @@ -611,7 +643,7 @@ gsskrb5_acceptor_wait_for_dcestyle( kret = krb5_auth_con_getlocalseqnumber(gssapi_krb5_context, (*context_handle)->auth_context, - &l_seq_number); + &tmp_l_seq_number); if (kret) { gssapi_krb5_set_error_string (); *minor_status = kret; @@ -621,7 +653,7 @@ gsskrb5_acceptor_wait_for_dcestyle( /* * Here we check if the client has responsed with our local seq_number, */ - if (tmp_r_seq_number != l_seq_number) { + if (tmp_r_seq_number != tmp_l_seq_number) { return GSS_S_UNSEQ_TOKEN; } } @@ -645,73 +677,102 @@ gsskrb5_acceptor_wait_for_dcestyle( } static OM_uint32 -gsskrb5_accept_sec_context( - OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - const gss_cred_id_t acceptor_cred_handle, - const gss_buffer_t input_token, - const gss_channel_bindings_t input_chan_bindings, - gss_name_t * src_name, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec, - gss_cred_id_t * delegated_cred_handle) +gsskrb5_accept_sec_context + (OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token_buffer, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t * src_name, + gss_OID * mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec, + gss_cred_id_t * delegated_cred_handle + ) { - OM_uint32 ret; - - if (*context_handle == GSS_C_NO_CONTEXT) { - ret = _gsskrb5_create_ctx(minor_status, - context_handle, - input_chan_bindings, - ACCEPTOR_START); - if (ret) return ret; - } + OM_uint32 ret = GSS_S_COMPLETE; + krb5_data fwd_data; + gss_ctx_id_t local_context; - if (actual_mech_type) *actual_mech_type = GSS_KRB5_MECHANISM; + GSSAPI_KRB5_INIT(); - HEIMDAL_MUTEX_lock(&(*context_handle)->ctx_id_mutex); + krb5_data_zero (&fwd_data); + output_token->length = 0; + output_token->value = NULL; + + if (src_name != NULL) + *src_name = NULL; + if (mech_type) + *mech_type = GSS_KRB5_MECHANISM; + + if (*context_handle == GSS_C_NO_CONTEXT) { + ret = _gsskrb5_create_ctx(minor_status, + &local_context, + input_chan_bindings, + ACCEPTOR_START); + if (ret) return ret; + } else { + local_context = *context_handle; + } + + /* + * TODO: check the channel_bindings + * (above just sets them to krb5 layer) + */ - switch ((*context_handle)->state) { - case ACCEPTOR_START: - ret = gsskrb5_acceptor_start(minor_status, - context_handle, - acceptor_cred_handle, - input_token, - input_chan_bindings, - src_name, - actual_mech_type, - output_token, - ret_flags, - time_rec, - delegated_cred_handle); - break; - case ACCEPTOR_WAIT_FOR_DCESTYLE: - ret = gsskrb5_acceptor_wait_for_dcestyle(minor_status, - context_handle, - acceptor_cred_handle, - input_token, - input_chan_bindings, - src_name, - actual_mech_type, - output_token, - ret_flags, - time_rec, - delegated_cred_handle); - break; - case ACCEPTOR_READY: - /* this function should not be called after it has returned GSS_S_COMPLETE */ - ret = GSS_S_BAD_STATUS; - break; - default: - /* TODO: is this correct here? --metze */ - ret = GSS_S_BAD_STATUS; - break; + HEIMDAL_MUTEX_lock(&(local_context)->ctx_id_mutex); + + switch ((local_context)->state) { + case ACCEPTOR_START: + ret = gsskrb5_acceptor_start(minor_status, + &local_context, + acceptor_cred_handle, + input_token_buffer, + input_chan_bindings, + src_name, + mech_type, + output_token, + ret_flags, + time_rec, + delegated_cred_handle); + break; + case ACCEPTOR_WAIT_FOR_DCESTYLE: + ret = gsskrb5_acceptor_wait_for_dcestyle(minor_status, + &local_context, + acceptor_cred_handle, + input_token_buffer, + input_chan_bindings, + src_name, + mech_type, + output_token, + ret_flags, + time_rec, + delegated_cred_handle); + break; + case ACCEPTOR_READY: + /* this function should not be called after it has returned GSS_S_COMPLETE */ + ret = GSS_S_BAD_STATUS; + break; + default: + /* TODO: is this correct here? --metze */ + ret = GSS_S_BAD_STATUS; + break; + } + + HEIMDAL_MUTEX_unlock(&(local_context)->ctx_id_mutex); + + if (*context_handle == GSS_C_NO_CONTEXT) { + if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) { + *context_handle = local_context; + } else { + gss_delete_sec_context(minor_status, + &local_context, + NULL); } + } - HEIMDAL_MUTEX_unlock(&(*context_handle)->ctx_id_mutex); - - return ret; + return ret; } static OM_uint32 @@ -1065,53 +1126,45 @@ gss_accept_sec_context gss_cred_id_t * delegated_cred_handle ) { + OM_uint32 ret; ssize_t mech_len; const u_char *p; *minor_status = 0; - if (src_name) *src_name = GSS_C_NO_NAME; - if (mech_type) *mech_type = GSS_C_NO_OID; - - output_token->length = 0; - output_token->value = NULL; - - if (ret_flags) *ret_flags = 0; - if (time_rec) *time_rec = 0; - if (delegated_cred_handle) *delegated_cred_handle = NULL; - - mech_len = gssapi_krb5_get_mech(input_token_buffer->value, - input_token_buffer->length, - &p); - - /* This could be 'dce style' kerberos, where the OID is missing :-( */ - if ((mech_len < 0) || (mech_len == GSS_KRB5_MECHANISM->length - && memcmp(p, GSS_KRB5_MECHANISM->elements, mech_len) == 0)) { - return gsskrb5_accept_sec_context(minor_status, - context_handle, - acceptor_cred_handle, - input_token_buffer, - input_chan_bindings, - src_name, - mech_type, - output_token, - ret_flags, - time_rec, - delegated_cred_handle); - } else if (mech_len == GSS_SPNEGO_MECHANISM->length - && memcmp(p, GSS_SPNEGO_MECHANISM->elements, mech_len) == 0) { - return spnego_accept_sec_context(minor_status, - context_handle, - acceptor_cred_handle, - input_token_buffer, - input_chan_bindings, - src_name, - mech_type, - output_token, - ret_flags, - time_rec, - delegated_cred_handle); - } - + mech_len = gssapi_krb5_get_mech (input_token_buffer->value, + input_token_buffer->length, + &p); + + /* This could be 'dce style' kerberos, where the OID is missing :-( */ + if ((mech_len < 0) || ((mech_len == GSS_KRB5_MECHANISM->length) + && memcmp(p, GSS_KRB5_MECHANISM->elements, mech_len) == 0)) + ret = gsskrb5_accept_sec_context(minor_status, + context_handle, + acceptor_cred_handle, + input_token_buffer, + input_chan_bindings, + src_name, + mech_type, + output_token, + ret_flags, + time_rec, + delegated_cred_handle); + else if (mech_len == GSS_SPNEGO_MECHANISM->length + && memcmp(p, GSS_SPNEGO_MECHANISM->elements, mech_len) == 0) + ret = spnego_accept_sec_context(minor_status, + context_handle, + acceptor_cred_handle, + input_token_buffer, + input_chan_bindings, + src_name, + mech_type, + output_token, + ret_flags, + time_rec, + delegated_cred_handle); + else return GSS_S_BAD_MECH; + + return ret; } diff --git a/source4/heimdal/lib/gssapi/copy_ccache.c b/source4/heimdal/lib/gssapi/copy_ccache.c index 4f2b3f4895..828ca64156 100644 --- a/source4/heimdal/lib/gssapi/copy_ccache.c +++ b/source4/heimdal/lib/gssapi/copy_ccache.c @@ -105,6 +105,25 @@ gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, return GSS_S_COMPLETE; } +OM_uint32 +gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + time_t *authtime) +{ + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + if (context_handle->ticket == NULL) { + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + *authtime = context_handle->ticket->ticket.authtime; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + OM_uint32 gss_krb5_copy_service_keyblock (OM_uint32 *minor_status, gss_ctx_id_t context_handle, diff --git a/source4/heimdal/lib/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi.h index 5712581d3f..4ee988b020 100644 --- a/source4/heimdal/lib/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi.h @@ -809,6 +809,10 @@ gsskrb5_extract_authz_data_from_sec_context int /*ad_type*/, gss_buffer_t /*ad_data*/); OM_uint32 +gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + time_t *authtime); +OM_uint32 gsskrb5_get_initiator_subkey (OM_uint32 * /*minor_status*/, const gss_ctx_id_t context_handle, diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c index 6a80934e46..5c6c6a0f8e 100644 --- a/source4/heimdal/lib/gssapi/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/init_sec_context.c @@ -147,6 +147,15 @@ _gsskrb5_create_ctx( return GSS_S_BAD_BINDINGS; } + /* + * We need a sequence number + */ + + krb5_auth_con_addflags(gssapi_krb5_context, + (*context_handle)->auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE, + NULL); + return GSS_S_COMPLETE; } @@ -388,15 +397,6 @@ gsskrb5_initiator_start ret = _gss_DES3_get_mic_compat(minor_status, *context_handle); if (ret) return ret; - /* - * We need a sequence number - */ - - krb5_auth_con_addflags(gssapi_krb5_context, - (*context_handle)->auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE, - NULL); - /* We need the key and a random local subkey */ { kret = krb5_auth_con_setkey(gssapi_krb5_context, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index cc619314a3..97f286b83e 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -2377,6 +2377,12 @@ krb5_parse_name ( const char */*name*/, krb5_principal */*principal*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_parse_name_mustrealm ( + krb5_context /*context*/, + const char */*name*/, + krb5_principal */*principal*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_parse_name_norealm ( krb5_context /*context*/, @@ -3436,13 +3442,6 @@ krb5_write_safe_message ( krb5_error_code KRB5_LIB_FUNCTION krb5_xfree (void */*ptr*/); -krb5_error_code -parse_name ( - krb5_context /*context*/, - const char */*name*/, - krb5_boolean /*short_form*/, - krb5_principal */*principal*/); - #ifdef __cplusplus } #endif diff --git a/source4/heimdal/lib/krb5/rd_rep.c b/source4/heimdal/lib/krb5/rd_rep.c index a92eea5c04..53138d9f45 100644 --- a/source4/heimdal/lib/krb5/rd_rep.c +++ b/source4/heimdal/lib/krb5/rd_rep.c @@ -36,94 +36,80 @@ RCSID("$Id: rd_rep.c,v 1.25 2005/06/17 07:49:33 lha Exp $"); krb5_error_code KRB5_LIB_FUNCTION -_krb5_rd_rep_type(krb5_context context, - krb5_auth_context auth_context, - const krb5_data *inbuf, - krb5_ap_rep_enc_part **repl, - krb5_boolean dce_style_response) +krb5_rd_rep(krb5_context context, + krb5_auth_context auth_context, + const krb5_data *inbuf, + krb5_ap_rep_enc_part **repl) { - krb5_error_code ret; - AP_REP ap_rep; - size_t len; - krb5_data data; - krb5_crypto crypto; + krb5_error_code ret; + AP_REP ap_rep; + size_t len; + krb5_data data; + krb5_crypto crypto; - krb5_data_zero (&data); - ret = 0; + krb5_data_zero (&data); + ret = 0; - ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len); - if (ret) - return ret; - if (ap_rep.pvno != 5) { - ret = KRB5KRB_AP_ERR_BADVERSION; - krb5_clear_error_string (context); - goto out; - } - if (ap_rep.msg_type != krb_ap_rep) { - ret = KRB5KRB_AP_ERR_MSG_TYPE; - krb5_clear_error_string (context); - goto out; - } + ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len); + if (ret) + return ret; + if (ap_rep.pvno != 5) { + ret = KRB5KRB_AP_ERR_BADVERSION; + krb5_clear_error_string (context); + goto out; + } + if (ap_rep.msg_type != krb_ap_rep) { + ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_clear_error_string (context); + goto out; + } - ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); - if (ret) - goto out; - ret = krb5_decrypt_EncryptedData (context, - crypto, - KRB5_KU_AP_REQ_ENC_PART, - &ap_rep.enc_part, - &data); - krb5_crypto_destroy(context, crypto); - if (ret) - goto out; + ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); + if (ret) + goto out; + ret = krb5_decrypt_EncryptedData (context, + crypto, + KRB5_KU_AP_REQ_ENC_PART, + &ap_rep.enc_part, + &data); + krb5_crypto_destroy(context, crypto); + if (ret) + goto out; - *repl = malloc(sizeof(**repl)); - if (*repl == NULL) { - ret = ENOMEM; - krb5_set_error_string (context, "malloc: out of memory"); - goto out; - } - ret = krb5_decode_EncAPRepPart(context, - data.data, - data.length, - *repl, - &len); - if (ret) - return ret; - - if (!dce_style_response) { - if ((*repl)->ctime != auth_context->authenticator->ctime || - (*repl)->cusec != auth_context->authenticator->cusec) { - ret = KRB5KRB_AP_ERR_MUT_FAIL; - krb5_set_error_string (context, "Mutual authentication failed: Timestamps mismatch"); - goto out; - } - } - if ((*repl)->seq_number) - krb5_auth_con_setremoteseqnumber(context, auth_context, - *((*repl)->seq_number)); - if ((*repl)->subkey) - krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey); + *repl = malloc(sizeof(**repl)); + if (*repl == NULL) { + ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); + goto out; + } + ret = krb5_decode_EncAPRepPart(context, + data.data, + data.length, + *repl, + &len); + if (ret) + return ret; + + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { + if ((*repl)->ctime != auth_context->authenticator->ctime || + (*repl)->cusec != auth_context->authenticator->cusec) { + ret = KRB5KRB_AP_ERR_MUT_FAIL; + krb5_clear_error_string (context); + goto out; + } + } + if ((*repl)->seq_number) + krb5_auth_con_setremoteseqnumber(context, auth_context, + *((*repl)->seq_number)); + if ((*repl)->subkey) + krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey); -out: - krb5_data_free (&data); - free_AP_REP (&ap_rep); - return ret; + out: + krb5_data_free (&data); + free_AP_REP (&ap_rep); + return ret; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_rep(krb5_context context, - krb5_auth_context auth_context, - const krb5_data *inbuf, - krb5_ap_rep_enc_part **repl) -{ - return _krb5_rd_rep_type(context, - auth_context, - inbuf, - repl, - FALSE); -} - void KRB5_LIB_FUNCTION krb5_free_ap_rep_enc_part (krb5_context context, krb5_ap_rep_enc_part *val) diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index 30ad08bd82..66172c10fb 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_req.c,v 1.57 2005/01/08 20:41:17 lha Exp $"); +RCSID("$Id: rd_req.c,v 1.58 2005/08/27 05:48:57 lha Exp $"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -136,6 +136,10 @@ check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc) int num_realms; krb5_error_code ret; + /* Windows w2k and w2k3 uses this */ + if(enc->transited.tr_type == 0 && enc->transited.contents.length == 0) + return 0; + if(enc->transited.tr_type != DOMAIN_X500_COMPRESS) return KRB5KDC_ERR_TRTYPE_NOSUPP; @@ -561,6 +565,7 @@ krb5_rd_req_return_keyblock(krb5_context context, krb5_error_code ret; krb5_ap_req ap_req; krb5_principal service = NULL; + krb5_keyblock *local_keyblock; if (*auth_context == NULL) { ret = krb5_auth_con_init(context, auth_context); @@ -592,13 +597,13 @@ krb5_rd_req_return_keyblock(krb5_context context, &ap_req, server, keytab, - keyblock); + &local_keyblock); if(ret) goto out; } else { ret = krb5_copy_keyblock(context, (*auth_context)->keyblock, - keyblock); + &local_keyblock); if (ret) goto out; } @@ -607,17 +612,20 @@ krb5_rd_req_return_keyblock(krb5_context context, auth_context, &ap_req, server, - *keyblock, + local_keyblock, 0, ap_req_options, ticket); + if (ret) { + krb5_free_keyblock(context, local_keyblock); + } else { + *keyblock = local_keyblock; + } out: free_AP_REQ(&ap_req); if(service) krb5_free_principal(context, service); - if (ret) - krb5_free_keyblock(context, *keyblock); return ret; } diff --git a/source4/heimdal/lib/roken/roken-common.h b/source4/heimdal/lib/roken/roken-common.h index d85d55f433..c4ba2edb7c 100644 --- a/source4/heimdal/lib/roken/roken-common.h +++ b/source4/heimdal/lib/roken/roken-common.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: roken-common.h,v 1.61 2005/07/07 05:03:30 lha Exp $ */ +/* $Id: roken-common.h,v 1.62 2005/09/01 18:47:35 lha Exp $ */ #ifndef __ROKEN_COMMON_H__ #define __ROKEN_COMMON_H__ @@ -312,43 +312,46 @@ ewrite (int fd, const void *buf, size_t nbytes); struct hostent; const char * ROKEN_LIB_FUNCTION -hostent_find_fqdn (const struct hostent *he); +hostent_find_fqdn (const struct hostent *); void ROKEN_LIB_FUNCTION -esetenv(const char *var, const char *val, int rewrite); +esetenv(const char *, const char *, int); void ROKEN_LIB_FUNCTION -socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port); +socket_set_address_and_port (struct sockaddr *, const void *, int); size_t ROKEN_LIB_FUNCTION -socket_addr_size (const struct sockaddr *sa); +socket_addr_size (const struct sockaddr *); void ROKEN_LIB_FUNCTION -socket_set_any (struct sockaddr *sa, int af); +socket_set_any (struct sockaddr *, int); size_t ROKEN_LIB_FUNCTION -socket_sockaddr_size (const struct sockaddr *sa); +socket_sockaddr_size (const struct sockaddr *); void * ROKEN_LIB_FUNCTION -socket_get_address (struct sockaddr *sa); +socket_get_address (struct sockaddr *); int ROKEN_LIB_FUNCTION -socket_get_port (const struct sockaddr *sa); +socket_get_port (const struct sockaddr *); void ROKEN_LIB_FUNCTION -socket_set_port (struct sockaddr *sa, int port); +socket_set_port (struct sockaddr *, int); void ROKEN_LIB_FUNCTION -socket_set_portrange (int sock, int restr, int af); +socket_set_portrange (int, int, int); void ROKEN_LIB_FUNCTION -socket_set_debug (int sock); +socket_set_debug (int); void ROKEN_LIB_FUNCTION -socket_set_tos (int sock, int tos); +socket_set_tos (int, int); void ROKEN_LIB_FUNCTION -socket_set_reuseaddr (int sock, int val); +socket_set_reuseaddr (int, int); + +void ROKEN_LIB_FUNCTION +socket_set_ipv6only (int, int); char ** ROKEN_LIB_FUNCTION vstrcollect(va_list *ap); -- cgit From 6a74a831510674f25c582b60bfb763489e0b538d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 8 Sep 2005 09:08:13 +0000 Subject: r10072: Fix mismerge weridness in error handling. Andrew Bartlett (This used to be commit c17926b6fe278fd757862885f82fd342b755167c) --- source4/heimdal/lib/gssapi/accept_sec_context.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/accept_sec_context.c b/source4/heimdal/lib/gssapi/accept_sec_context.c index 7412d84eb0..8e354c3136 100644 --- a/source4/heimdal/lib/gssapi/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/accept_sec_context.c @@ -417,8 +417,9 @@ gsskrb5_acceptor_start &flags, &fwd_data); krb5_free_authenticator(gssapi_krb5_context, &authenticator); - if (ret) - if (ret) return ret; + if (ret) { + return ret; + } } if(flags & GSS_C_MUTUAL_FLAG) { @@ -451,7 +452,9 @@ gsskrb5_acceptor_start "\x02\x00", GSS_KRB5_MECHANISM); krb5_data_free (&outbuf); - if (ret) return ret; + if (ret) { + return ret; + } } else { output_token->length = outbuf.length; output_token->value = outbuf.data; @@ -479,8 +482,9 @@ gsskrb5_acceptor_start ret = gssapi_lifetime_left(minor_status, (*context_handle)->lifetime, time_rec); - if (ret) - if (ret) return ret; + if (ret) { + return ret; + } } /* @@ -600,8 +604,9 @@ gsskrb5_acceptor_wait_for_dcestyle( ret = gssapi_lifetime_left(minor_status, (*context_handle)->lifetime, &lifetime_rec); - if (ret) return ret; - + if (ret) { + return ret; + } if (lifetime_rec == 0) { return GSS_S_CONTEXT_EXPIRED; } -- cgit From cfdcc32f8480e538246ca1771e58e9a4835f22b6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 10 Sep 2005 22:25:13 +0000 Subject: r10149: Update Samba4 to current lorikeet-heimdal. Andrew Bartlett (This used to be commit b9695d5e7cc052a952d8d60bc1ab08e00f4827e8) --- source4/heimdal/lib/krb5/principal.c | 32 ++++++++++++++++++------ source4/heimdal/lib/krb5/rd_req.c | 47 +++++++++++++++++------------------- 2 files changed, 47 insertions(+), 32 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index 8540636403..ae5c8c1de8 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -91,10 +91,16 @@ krb5_principal_get_comp_string(krb5_context context, return princ_ncomp(principal, component); } -krb5_error_code +enum realm_presence { + MAY, + MUSTNOT, + MUST +}; + +static krb5_error_code parse_name(krb5_context context, const char *name, - krb5_boolean short_form, + enum realm_presence realm_presence, krb5_principal *principal) { krb5_error_code ret; @@ -186,7 +192,7 @@ parse_name(krb5_context context, *q++ = c; } if (got_realm) { - if (short_form) { + if (realm_presence == MUSTNOT) { krb5_set_error_string (context, "realm found in 'short' principal expected to be without one!"); ret = KRB5_PARSE_MALFORMED; goto exit; @@ -201,12 +207,16 @@ parse_name(krb5_context context, realm[q - start] = 0; } }else{ - if (short_form) { + if (realm_presence == MAY) { ret = krb5_get_default_realm (context, &realm); if (ret) goto exit; - } else { + } else if (realm_presence == MUSTNOT) { realm = NULL; + } else if (realm_presence == MUST) { + krb5_set_error_string (context, "realm NOT found in principal expected to be with one!"); + ret = KRB5_PARSE_MALFORMED; + goto exit; } comp[n] = malloc(q - start + 1); @@ -245,7 +255,7 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *principal) { - return parse_name(context, name, FALSE, principal); + return parse_name(context, name, MAY, principal); } krb5_error_code KRB5_LIB_FUNCTION @@ -253,7 +263,15 @@ krb5_parse_name_norealm(krb5_context context, const char *name, krb5_principal *principal) { - return parse_name(context, name, TRUE, principal); + return parse_name(context, name, MUSTNOT, principal); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_parse_name_mustrealm(krb5_context context, + const char *name, + krb5_principal *principal) +{ + return parse_name(context, name, MUST, principal); } static const char quotable_chars[] = " \n\t\b\\/@"; static const char replace_chars[] = " ntb\\/@"; diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index 66172c10fb..582b71db03 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -560,12 +560,15 @@ krb5_rd_req_return_keyblock(krb5_context context, krb5_keytab keytab, krb5_flags *ap_req_options, krb5_ticket **ticket, - krb5_keyblock **keyblock) + krb5_keyblock **return_keyblock) { krb5_error_code ret; krb5_ap_req ap_req; + krb5_keyblock *keyblock = NULL; krb5_principal service = NULL; - krb5_keyblock *local_keyblock; + + if (return_keyblock) + *return_keyblock = NULL; if (*auth_context == NULL) { ret = krb5_auth_con_init(context, auth_context); @@ -597,13 +600,13 @@ krb5_rd_req_return_keyblock(krb5_context context, &ap_req, server, keytab, - &local_keyblock); + &keyblock); if(ret) goto out; } else { ret = krb5_copy_keyblock(context, (*auth_context)->keyblock, - &local_keyblock); + &keyblock); if (ret) goto out; } @@ -612,21 +615,20 @@ krb5_rd_req_return_keyblock(krb5_context context, auth_context, &ap_req, server, - local_keyblock, + keyblock, 0, ap_req_options, ticket); - if (ret) { - krb5_free_keyblock(context, local_keyblock); - } else { - *keyblock = local_keyblock; - } + + if (ret == 0 && return_keyblock) + *return_keyblock = keyblock; + else + krb5_free_keyblock(context, keyblock); out: free_AP_REQ(&ap_req); if(service) krb5_free_principal(context, service); - return ret; } @@ -639,19 +641,14 @@ krb5_rd_req(krb5_context context, krb5_flags *ap_req_options, krb5_ticket **ticket) { - krb5_error_code ret; - krb5_keyblock *keyblock; - - ret = krb5_rd_req_return_keyblock(context, - auth_context, - inbuf, - server, - keytab, - ap_req_options, - ticket, - &keyblock); - - krb5_free_keyblock(context, keyblock); - return ret; + return krb5_rd_req_return_keyblock(context, + auth_context, + inbuf, + server, + keytab, + ap_req_options, + ticket, + NULL); + } -- cgit From 5edbeca14108a9b2c3badafce0b0b3447a8280f6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 11 Sep 2005 11:19:02 +0000 Subject: r10153: This patch adds a new parameter to gensec_sig_size(), the size of the data to be signed/sealed. We can use this to split the data from the signature portion of the resultant wrapped packet. This required merging the gsskrb5_wrap_size patch from lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no longer use a static 45 byte value). This fixes one of the krb5 issues in my list. Andrew Bartlett (This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104) --- source4/heimdal/lib/gssapi/arcfour.c | 31 ++++++++++++ source4/heimdal/lib/gssapi/arcfour.h | 9 ++++ source4/heimdal/lib/gssapi/cfx.c | 34 ++++++------- source4/heimdal/lib/gssapi/cfx.h | 5 +- source4/heimdal/lib/gssapi/gssapi.h | 9 ++++ source4/heimdal/lib/gssapi/wrap.c | 95 ++++++++++++++++++++++++++++++++++-- 6 files changed, 159 insertions(+), 24 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/arcfour.c b/source4/heimdal/lib/gssapi/arcfour.c index 5edcee08ec..52bb2ecf1b 100644 --- a/source4/heimdal/lib/gssapi/arcfour.c +++ b/source4/heimdal/lib/gssapi/arcfour.c @@ -325,6 +325,37 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, return GSS_S_COMPLETE; } +OM_uint32 +_gssapi_wrap_size_arcfour(OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_input_size, + OM_uint32 * output_size, + OM_uint32 * padlen, + krb5_keyblock *key) +{ + size_t len, total_len, datalen; + *padlen = 0; + datalen = req_input_size; + len = GSS_ARCFOUR_WRAP_TOKEN_SIZE; + /* if GSS_C_DCE_STYLE is in use: + * - we only need to encapsulate the WRAP token + * - we should not add padding + */ + if (!(context_handle->flags & GSS_C_DCE_STYLE)) { + datalen += 1 /* padding */; + len += datalen; + } + _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); + if (context_handle->flags & GSS_C_DCE_STYLE) { + total_len += datalen; + } + + *output_size = total_len; + return GSS_S_COMPLETE; +} + OM_uint32 _gssapi_wrap_arcfour(OM_uint32 * minor_status, const gss_ctx_id_t context_handle, diff --git a/source4/heimdal/lib/gssapi/arcfour.h b/source4/heimdal/lib/gssapi/arcfour.h index 5acfcad29d..0406b64b09 100644 --- a/source4/heimdal/lib/gssapi/arcfour.h +++ b/source4/heimdal/lib/gssapi/arcfour.h @@ -70,5 +70,14 @@ OM_uint32 _gssapi_verify_mic_arcfour(OM_uint32 *minor_status, gss_qop_t *qop_state, krb5_keyblock *key, char *type); +OM_uint32 +_gssapi_wrap_size_arcfour(OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_input_size, + OM_uint32 * output_size, + OM_uint32 * padlen, + krb5_keyblock *key); #endif /* GSSAPI_ARCFOUR_H_ */ diff --git a/source4/heimdal/lib/gssapi/cfx.c b/source4/heimdal/lib/gssapi/cfx.c index 75b6a8bcfa..1cc510d6fc 100755 --- a/source4/heimdal/lib/gssapi/cfx.c +++ b/source4/heimdal/lib/gssapi/cfx.c @@ -48,7 +48,8 @@ wrap_length_cfx(krb5_crypto crypto, size_t input_length, size_t *output_length, size_t *cksumsize, - u_int16_t *padlength) + u_int16_t *padlength, + size_t *padsize) { krb5_error_code ret; krb5_cksumtype type; @@ -68,18 +69,17 @@ wrap_length_cfx(krb5_crypto crypto, } if (conf_req_flag) { - size_t padsize; /* Header is concatenated with data before encryption */ input_length += sizeof(gss_cfx_wrap_token_desc); - ret = krb5_crypto_getpadsize(gssapi_krb5_context, crypto, &padsize); + ret = krb5_crypto_getpadsize(gssapi_krb5_context, crypto, padsize); if (ret) { return ret; } if (padsize > 1) { /* XXX check this */ - *padlength = padsize - (input_length % padsize); + *padlength = *padsize - (input_length % *padsize); } /* We add the pad ourselves (noted here for completeness only) */ @@ -90,6 +90,7 @@ wrap_length_cfx(krb5_crypto crypto, } else { /* Checksum is concatenated with data */ *output_length += input_length + *cksumsize; + *padsize = 0; } assert(*output_length > input_length); @@ -101,13 +102,15 @@ OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, - OM_uint32 req_output_size, - OM_uint32 *max_input_size, + OM_uint32 req_input_size, + OM_uint32 *output_len, + OM_uint32 *padsize, krb5_keyblock *key) { krb5_error_code ret; krb5_crypto crypto; - u_int16_t padlength; + u_int16_t pad_length; + size_t pad_size; size_t output_length, cksumsize; ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); @@ -118,8 +121,8 @@ OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status, } ret = wrap_length_cfx(crypto, conf_req_flag, - req_output_size, - &output_length, &cksumsize, &padlength); + req_input_size, + &output_length, &cksumsize, &pad_length, &pad_size); if (ret != 0) { gssapi_krb5_set_error_string(); *minor_status = ret; @@ -127,13 +130,8 @@ OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status, return GSS_S_FAILURE; } - if (output_length < req_output_size) { - *max_input_size = (req_output_size - output_length); - *max_input_size -= padlength; - } else { - /* Should this return an error? */ - *max_input_size = 0; - } + *output_len = output_length; + *padsize = pad_size; krb5_crypto_destroy(gssapi_krb5_context, crypto); @@ -201,7 +199,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, krb5_data cipher; size_t wrapped_len, cksumsize; u_int16_t padlength, rrc = 0; - OM_uint32 seq_number; + OM_uint32 seq_number, padsize; u_char *p; ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); @@ -213,7 +211,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, ret = wrap_length_cfx(crypto, conf_req_flag, input_message_buffer->length, - &wrapped_len, &cksumsize, &padlength); + &wrapped_len, &cksumsize, &padlength, &padsize); if (ret != 0) { gssapi_krb5_set_error_string(); *minor_status = ret; diff --git a/source4/heimdal/lib/gssapi/cfx.h b/source4/heimdal/lib/gssapi/cfx.h index a587cb9d97..d9bdd9da19 100755 --- a/source4/heimdal/lib/gssapi/cfx.h +++ b/source4/heimdal/lib/gssapi/cfx.h @@ -66,8 +66,9 @@ OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, - OM_uint32 req_output_size, - OM_uint32 *max_input_size, + OM_uint32 req_input_size, + OM_uint32 *output_len, + OM_uint32 *padlen, krb5_keyblock *key); OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi.h index 4ee988b020..4bf6780daa 100644 --- a/source4/heimdal/lib/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi.h @@ -628,6 +628,15 @@ OM_uint32 gss_inquire_context ( int * /*open_context*/ ); +OM_uint32 gsskrb5_wrap_size ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + OM_uint32 /*req_input_size*/, + OM_uint32 * /*output_size*/ + ); + OM_uint32 gss_wrap_size_limit ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, diff --git a/source4/heimdal/lib/gssapi/wrap.c b/source4/heimdal/lib/gssapi/wrap.c index bdb09e633b..50249d2d7f 100644 --- a/source4/heimdal/lib/gssapi/wrap.c +++ b/source4/heimdal/lib/gssapi/wrap.c @@ -120,7 +120,7 @@ gss_krb5_get_subkey(const gss_ctx_id_t context_handle, } static OM_uint32 -sub_wrap_size ( +sub_wrap_size_limit ( OM_uint32 req_output_size, OM_uint32 * max_input_size, int blocksize, @@ -156,6 +156,8 @@ gss_wrap_size_limit ( krb5_keyblock *key; OM_uint32 ret; krb5_keytype keytype; + OM_uint32 output_size; + OM_uint32 blocksize; ret = gss_krb5_get_subkey(context_handle, &key); if (ret) { @@ -167,17 +169,102 @@ gss_wrap_size_limit ( switch (keytype) { case KEYTYPE_DES : + ret = sub_wrap_size_limit(req_output_size, max_input_size, 8, 22); + break; + case KEYTYPE_DES3 : + ret = sub_wrap_size_limit(req_output_size, max_input_size, 8, 34); + break; case KEYTYPE_ARCFOUR: case KEYTYPE_ARCFOUR_56: - ret = sub_wrap_size(req_output_size, max_input_size, 8, 22); + ret = _gssapi_wrap_size_arcfour(minor_status, context_handle, + conf_req_flag, qop_req, + req_output_size, &output_size, + &blocksize, key); + + if (output_size > req_output_size) { + *max_input_size = req_output_size - (output_size - req_output_size); + (*max_input_size) &= (~(OM_uint32)(blocksize - 1)); + } else { + *max_input_size = 0; + } + break; + default : + ret = _gssapi_wrap_size_cfx(minor_status, context_handle, + conf_req_flag, qop_req, + req_output_size, &output_size, + &blocksize, key); + if (output_size > req_output_size) { + *max_input_size = req_output_size - (output_size - req_output_size); + (*max_input_size) &= (~(OM_uint32)(blocksize - 1)); + } else { + *max_input_size = 0; + } + break; + } + krb5_free_keyblock (gssapi_krb5_context, key); + *minor_status = 0; + return ret; +} + +static OM_uint32 +sub_wrap_size ( + OM_uint32 req_input_size, + OM_uint32 * output_size, + int blocksize, + int extrasize + ) +{ + size_t len, total_len, padlength, datalen; + + padlength = blocksize - (req_input_size % blocksize); + datalen = req_input_size + padlength + 8; + len = datalen + extrasize; + gssapi_krb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + + *output_size = total_len; + + return GSS_S_COMPLETE; +} + +OM_uint32 +gsskrb5_wrap_size ( + OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_input_size, + OM_uint32 * output_size + ) +{ + krb5_keyblock *key; + OM_uint32 ret, padlen; + krb5_keytype keytype; + + ret = gss_krb5_get_subkey(context_handle, &key); + if (ret) { + gssapi_krb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); + + switch (keytype) { + case KEYTYPE_DES : + ret = sub_wrap_size(req_input_size, output_size, 8, 22); break; case KEYTYPE_DES3 : - ret = sub_wrap_size(req_output_size, max_input_size, 8, 34); + ret = sub_wrap_size(req_input_size, output_size, 8, 34); + break; + case KEYTYPE_ARCFOUR: + case KEYTYPE_ARCFOUR_56: + ret = _gssapi_wrap_size_arcfour(minor_status, context_handle, + conf_req_flag, qop_req, + req_input_size, output_size, &padlen, key); break; default : ret = _gssapi_wrap_size_cfx(minor_status, context_handle, conf_req_flag, qop_req, - req_output_size, max_input_size, key); + req_input_size, output_size, &padlen, key); break; } krb5_free_keyblock (gssapi_krb5_context, key); -- cgit From 06393751194618dd98329eb54f8bb175a0f251e9 Mon Sep 17 00:00:00 2001 From: James Peach Date: Mon, 12 Sep 2005 01:34:51 +0000 Subject: r10159: Dereference padsize before comparing to an int. (This used to be commit 5767c05909c9927b3a806614b1f1bd2f90a35dd3) --- source4/heimdal/lib/gssapi/cfx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/cfx.c b/source4/heimdal/lib/gssapi/cfx.c index 1cc510d6fc..3e7592b3a7 100755 --- a/source4/heimdal/lib/gssapi/cfx.c +++ b/source4/heimdal/lib/gssapi/cfx.c @@ -77,7 +77,7 @@ wrap_length_cfx(krb5_crypto crypto, if (ret) { return ret; } - if (padsize > 1) { + if (*padsize > 1) { /* XXX check this */ *padlength = *padsize - (input_length % *padsize); } -- cgit From 957d361cd183a7f5fa9eedb1b205b3f872765884 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 13 Sep 2005 00:01:24 +0000 Subject: r10191: Return the right error code in the case of a time skew. Windows will now ignore Kerberos and fallback to NTLMSSP when joining. Thanks to Andrew Bartlett for the assistence. (This used to be commit 3b6bfbe8cf555f4144ed06044d3ecb8044f86bca) --- source4/heimdal/kdc/kerberos5.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 38444f4a13..2cbb5831d4 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -982,7 +982,7 @@ _kdc_as_rep(krb5_context context, } free_PA_ENC_TS_ENC(&p); if (abs(kdc_time - p.patimestamp) > context->max_skew) { - ret = KRB5KDC_ERR_PREAUTH_FAILED; + ret = KRB5KRB_AP_ERR_SKEW; e_text = "Too large time skew"; kdc_log(context, config, 0, "Too large time skew -- %s", client_name); -- cgit From f3bce652c8c33712ffbb6c0a731f61b05f9d4be0 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 17 Sep 2005 01:11:50 +0000 Subject: r10286: This patch is ugly and disgusting, but for now it works better than the other ideas I have had. When I get a full list of things I want to do to a krb5_context I'll either add gsskrb5_ wrappers, or a way of speicfying the krb5 context per gssapi context. (I want to ensure that the only krb5_context variables created while executing Samba4 are via our wrapper). Andrew Bartlett (This used to be commit 8a22d46e70e9f863831aba0c9913d195f833d625) --- source4/heimdal/lib/gssapi/init.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/init.c b/source4/heimdal/lib/gssapi/init.c index 37f46624ae..a642b629f4 100644 --- a/source4/heimdal/lib/gssapi/init.c +++ b/source4/heimdal/lib/gssapi/init.c @@ -35,6 +35,10 @@ RCSID("$Id: init.c,v 1.7 2003/07/22 19:50:11 lha Exp $"); +#ifdef _SAMBA_BUILD_ +#include "auth/kerberos/krb5_init_context.h" +#endif + static HEIMDAL_MUTEX gssapi_krb5_context_mutex = HEIMDAL_MUTEX_INITIALIZER; static int created_key; static HEIMDAL_thread_key gssapi_context_key; @@ -89,11 +93,35 @@ krb5_error_code gssapi_krb5_init (void) { krb5_error_code ret = 0; +#ifdef _SAMBA_BUILD_ + static struct smb_krb5_context *smb_krb5_context; HEIMDAL_MUTEX_lock(&gssapi_krb5_context_mutex); - if(gssapi_krb5_context == NULL) + if(smb_krb5_context == NULL) { + ret = smb_krb5_init_context(NULL, &smb_krb5_context); + } + if (ret == 0 && !created_key) { + HEIMDAL_key_create(&gssapi_context_key, + gssapi_destroy_thread_context, + ret); + if (ret) { + smb_krb5_free_context(smb_krb5_context); + smb_krb5_context = NULL; + } else + created_key = 1; + } + if (ret == 0) { + gssapi_krb5_context = smb_krb5_context->krb5_context; + } + + HEIMDAL_MUTEX_unlock(&gssapi_krb5_context_mutex); +#else + HEIMDAL_MUTEX_lock(&gssapi_krb5_context_mutex); + + if(gssapi_krb5_context == NULL) { ret = krb5_init_context (&gssapi_krb5_context); + } if (ret == 0 && !created_key) { HEIMDAL_key_create(&gssapi_context_key, gssapi_destroy_thread_context, @@ -106,6 +134,6 @@ gssapi_krb5_init (void) } HEIMDAL_MUTEX_unlock(&gssapi_krb5_context_mutex); - +#endif return ret; } -- cgit From f9263dd1023499479d64be1eb1b5b04c15ca3ce6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 20 Sep 2005 07:03:47 +0000 Subject: r10337: This grubby little hack is the implementation of a concept discussed on the kerberos mailing lists a couple of weeks ago: Don't use DNS at all for expanding short names into long names. Using the 'override krb5_init_context' code already in the tree, this removes the DNS lag on a kerberos session setup/connection. Andrew Bartlett (This used to be commit de3ceab3d064a286e8662a2b9b62b212f0454156) --- source4/heimdal/lib/krb5/context.c | 1 + source4/heimdal/lib/krb5/expand_hostname.c | 9 +++++++++ source4/heimdal/lib/krb5/krb5.h | 1 + 3 files changed, 11 insertions(+) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index 4d6eae2b24..3140f1b08f 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -182,6 +182,7 @@ init_context_from_config_file(krb5_context context) INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc"); INIT_FIELD(context, int, large_msg_size, 6000, "large_message_size"); context->default_cc_name = NULL; + INIT_FIELD(context, bool, fdns, TRUE, "fdns"); return 0; } diff --git a/source4/heimdal/lib/krb5/expand_hostname.c b/source4/heimdal/lib/krb5/expand_hostname.c index 8488119552..f03bf15807 100644 --- a/source4/heimdal/lib/krb5/expand_hostname.c +++ b/source4/heimdal/lib/krb5/expand_hostname.c @@ -65,6 +65,10 @@ krb5_expand_hostname (krb5_context context, memset (&hints, 0, sizeof(hints)); hints.ai_flags = AI_CANONNAME; + if (!context->fdns) { + return copy_hostname (context, orig_hostname, new_hostname); + } + error = getaddrinfo (orig_hostname, NULL, &hints, &ai); if (error) return copy_hostname (context, orig_hostname, new_hostname); @@ -124,6 +128,11 @@ krb5_expand_hostname_realms (krb5_context context, int error; krb5_error_code ret = 0; + if (!context->fdns) { + return vanilla_hostname (context, orig_hostname, new_hostname, + realms); + } + memset (&hints, 0, sizeof(hints)); hints.ai_flags = AI_CANONNAME; diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index c47c4450f1..90b239cf0d 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -443,6 +443,7 @@ typedef struct krb5_context_data { int pkinit_flags; void *mutex; /* protects error_string/error_buf */ int large_msg_size; + krb5_boolean fdns; /* Lookup hostnames to find full name, or send as-is */ } krb5_context_data; enum { -- cgit From 42f2519b507bcb70157039a390529bf4b5df4d9c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 21 Sep 2005 10:17:56 +0000 Subject: r10382: In the absence of client support for the full KDC-side canonicalisation code, I've hacked Heimdal to use the default realm if no other realm can be determined for a given host. Andrew Bartlett (This used to be commit 0f0b0021b7728ce75ca0060003a3d08264ead810) --- source4/heimdal/lib/krb5/get_host_realm.c | 33 +++++++++++++++++++++---------- 1 file changed, 23 insertions(+), 10 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/get_host_realm.c b/source4/heimdal/lib/krb5/get_host_realm.c index feb01f0036..78684f20a9 100644 --- a/source4/heimdal/lib/krb5/get_host_realm.c +++ b/source4/heimdal/lib/krb5/get_host_realm.c @@ -187,15 +187,18 @@ _krb5_get_host_realm_int (krb5_context context, return 0; } } - p = strchr(host, '.'); - if(p != NULL) { - p++; - *realms = malloc(2 * sizeof(krb5_realm)); - if (*realms == NULL) { + + *realms = malloc(2 * sizeof(krb5_realm)); + if (*realms == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; - } + } + + (*realms)[1] = NULL; + p = strchr(host, '.'); + if(p != NULL) { + p++; (*realms)[0] = strdup(p); if((*realms)[0] == NULL) { free(*realms); @@ -203,11 +206,21 @@ _krb5_get_host_realm_int (krb5_context context, return ENOMEM; } strupr((*realms)[0]); - (*realms)[1] = NULL; - return 0; + } else { + krb5_error_code ret; + ret = krb5_get_default_realm(context, &(*realms)[0]); + if(ret) { + free(*realms); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + if((*realms)[0] == NULL) { + free(*realms); + krb5_set_error_string(context, "unable to find realm of host %s", host); + return KRB5_ERR_HOST_REALM_UNKNOWN; + } } - krb5_set_error_string(context, "unable to find realm of host %s", host); - return KRB5_ERR_HOST_REALM_UNKNOWN; + return 0; } /* -- cgit From c44efdaa2242f50d75dd5b800e372dd5586c6deb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 21 Sep 2005 12:24:41 +0000 Subject: r10386: Merge current lorikeet-heimdal into Samba4. Andrew Bartlett (This used to be commit 4d2a9a9bc497eae269c24cbf156b43b8588e2f73) --- source4/heimdal/cf/resolv.m4 | 21 +- source4/heimdal/kdc/kerberos5.c | 24 ++- source4/heimdal/kdc/pkinit.c | 110 ++++++---- source4/heimdal/lib/asn1/gen_decode.c | 12 +- source4/heimdal/lib/asn1/lex.c | 254 +++++++++++----------- source4/heimdal/lib/asn1/lex.l | 230 ++++++++++---------- source4/heimdal/lib/asn1/pkcs8.asn1 | 4 +- source4/heimdal/lib/com_err/parse.c | 209 +++++++++++-------- source4/heimdal/lib/com_err/parse.h | 6 +- source4/heimdal/lib/gssapi/cfx.c | 2 +- source4/heimdal/lib/hdb/hdb-protos.h | 359 -------------------------------- source4/heimdal/lib/krb5/changepw.c | 20 +- source4/heimdal/lib/krb5/crypto.c | 136 ++++++------ source4/heimdal/lib/krb5/kcm.c | 9 +- source4/heimdal/lib/krb5/krb5-private.h | 8 - source4/heimdal/lib/krb5/krb5-protos.h | 17 +- source4/heimdal/lib/krb5/pkinit.c | 15 +- 17 files changed, 570 insertions(+), 866 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/cf/resolv.m4 b/source4/heimdal/cf/resolv.m4 index 81a7a143f9..20e85a8400 100644 --- a/source4/heimdal/cf/resolv.m4 +++ b/source4/heimdal/cf/resolv.m4 @@ -1,10 +1,13 @@ -dnl stuff used by DNS resolv code +dnl stuff used by DNS resolv code in roken +dnl +dnl $Id: resolv.m4,v 1.1 2005/09/02 10:17:38 lha Exp $ +dnl -AC_DEFUN([rk_RESOLV], [ +AC_DEFUN([rk_RESOLV],[ - AC_CHECK_HEADERS(arpa/nameser.h) +AC_CHECK_HEADERS([arpa/nameser.h]) - AC_CHECK_HEADERS(resolv.h, , , [AC_INCLUDES_DEFAULT +AC_CHECK_HEADERS(resolv.h, , , [AC_INCLUDES_DEFAULT #ifdef HAVE_SYS_TYPES_H #include #endif @@ -16,7 +19,7 @@ AC_DEFUN([rk_RESOLV], [ #endif ]) - AC_FIND_FUNC(res_search, resolv, +AC_FIND_FUNC(res_search, resolv, [ #include #ifdef HAVE_SYS_TYPES_H @@ -34,7 +37,7 @@ AC_DEFUN([rk_RESOLV], [ ], [0,0,0,0,0]) - AC_FIND_FUNC(res_nsearch, resolv, +AC_FIND_FUNC(res_nsearch, resolv, [ #include #ifdef HAVE_SYS_TYPES_H @@ -52,7 +55,7 @@ AC_DEFUN([rk_RESOLV], [ ], [0,0,0,0,0,0]) - AC_FIND_FUNC(res_ndestroy, resolv, +AC_FIND_FUNC(res_ndestroy, resolv, [ #include #ifdef HAVE_SYS_TYPES_H @@ -70,7 +73,7 @@ AC_DEFUN([rk_RESOLV], [ ], [0]) - AC_FIND_FUNC(dn_expand, resolv, +AC_FIND_FUNC(dn_expand, resolv, [ #include #ifdef HAVE_SYS_TYPES_H @@ -88,7 +91,7 @@ AC_DEFUN([rk_RESOLV], [ ], [0,0,0,0,0]) - rk_CHECK_VAR(_res, +rk_CHECK_VAR(_res, [#include #ifdef HAVE_SYS_TYPES_H #include diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 2cbb5831d4..3191ab19b7 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -483,8 +483,8 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key) ent->s2kparams = NULL; switch (key->key.keytype) { - case KEYTYPE_AES128: - case KEYTYPE_AES256: + case ETYPE_AES128_CTS_HMAC_SHA1_96: + case ETYPE_AES256_CTS_HMAC_SHA1_96: ALLOC(ent->s2kparams); if (ent->s2kparams == NULL) return ENOMEM; @@ -499,6 +499,26 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key) _krb5_AES_string_to_default_iterator, ent->s2kparams->length); break; + case ETYPE_DES_CBC_CRC: + case ETYPE_DES_CBC_MD4: + case ETYPE_DES_CBC_MD5: + /* Check if this was a AFS3 salted key */ + if(key->salt && key->salt->type == hdb_afs3_salt){ + ALLOC(ent->s2kparams); + if (ent->s2kparams == NULL) + return ENOMEM; + ent->s2kparams->length = 1; + ent->s2kparams->data = malloc(ent->s2kparams->length); + if (ent->s2kparams->data == NULL) { + free(ent->s2kparams); + ent->s2kparams = NULL; + return ENOMEM; + } + _krb5_put_int(ent->s2kparams->data, + 1, + ent->s2kparams->length); + } + break; default: break; } diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index fdeaf27ac4..985c7c15e4 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c,v 1.41 2005/08/12 09:21:40 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.43 2005/09/21 00:40:32 lha Exp $"); #ifdef PKINIT @@ -333,16 +333,11 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params, goto out; } - ret = krb5_random_to_key(context, enctype, - dh_gen_key, dh_gen_keylen, &key); - - if (ret) { - krb5_set_error_string(context, - "pkinit - can't create key from DH key"); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } - ret = krb5_copy_keyblock_contents(context, &key, reply_key); + ret = _krb5_pk_octetstring2key(context, + enctype, + dh_gen_key, dh_gen_keylen, + NULL, NULL, + reply_key); out: if (dh_gen_key) @@ -768,11 +763,10 @@ _kdc_pk_rd_padata(krb5_context context, client_params->nonce = ap.pkAuthenticator.nonce; if (ap.clientPublicValue) { - ret = get_dh_param(context, ap.clientPublicValue, client_params); - if (ret) { - free_AuthPack_19(&ap); - goto out; - } + krb5_set_error_string(context, "PK-INIT, no support for DH"); + ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; + free_AuthPack_19(&ap); + goto out; } free_AuthPack_19(&ap); } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) { @@ -800,10 +794,11 @@ _kdc_pk_rd_padata(krb5_context context, client_params->nonce = ap.pkAuthenticator.nonce; if (ap.clientPublicValue) { - krb5_set_error_string(context, "PK-INIT, no support for DH"); - ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; - free_AuthPack(&ap); - goto out; + ret = get_dh_param(context, ap.clientPublicValue, client_params); + if (ret) { + free_AuthPack(&ap); + goto out; + } } free_AuthPack(&ap); } else @@ -1139,16 +1134,18 @@ pk_mk_pa_reply_dh(krb5_context context, ContentInfo *content_info) { ASN1_INTEGER *dh_pub_key = NULL; + ContentInfo contentinfo; KDCDHKeyInfo dh_info; krb5_error_code ret; SignedData sd; - krb5_data buf, sd_buf; + krb5_data buf, signed_data; size_t size; + memset(&contentinfo, 0, sizeof(contentinfo)); memset(&dh_info, 0, sizeof(dh_info)); memset(&sd, 0, sizeof(sd)); krb5_data_zero(&buf); - krb5_data_zero(&sd_buf); + krb5_data_zero(&signed_data); dh_pub_key = BN_to_ASN1_INTEGER(kdc_dh->pub_key, NULL); if (dh_pub_key == NULL) { @@ -1190,17 +1187,21 @@ pk_mk_pa_reply_dh(krb5_context context, ret = _krb5_pk_create_sign(context, oid_id_pkdhkeydata(), &buf, - kdc_identity, - &sd_buf); + kdc_identity, + &signed_data); krb5_data_free(&buf); if (ret) goto out; - ret = _krb5_pk_mk_ContentInfo(context, &sd_buf, oid_id_pkcs7_signedData(), + ret = _krb5_pk_mk_ContentInfo(context, + &signed_data, + oid_id_pkcs7_signedData(), content_info); - krb5_data_free(&sd_buf); + if (ret) + goto out; out: + krb5_data_free(&signed_data); free_KDCDHKeyInfo(&dh_info); return ret; @@ -1249,14 +1250,15 @@ _kdc_pk_mk_pa_reply(krb5_context context, if (client_params->type == PKINIT_COMPAT_27) { PA_PK_AS_REP rep; - pa_type = KRB5_PADATA_PK_AS_REP; - memset(&rep, 0, sizeof(rep)); + pa_type = KRB5_PADATA_PK_AS_REP; + if (client_params->dh == NULL) { - rep.element = choice_PA_PK_AS_REP_encKeyPack; ContentInfo info; + rep.element = choice_PA_PK_AS_REP_encKeyPack; + krb5_generate_random_keyblock(context, enctype, &client_params->reply_key); ret = pk_mk_pa_reply_enckey(context, @@ -1283,8 +1285,37 @@ _kdc_pk_mk_pa_reply(krb5_context context, krb5_abortx(context, "Internal ASN.1 encoder error"); } else { - krb5_set_error_string(context, "DH -27 not implemented"); - ret = KRB5KRB_ERR_GENERIC; + ContentInfo info; + + rep.element = choice_PA_PK_AS_REP_dhInfo; + + ret = check_dh_params(client_params->dh); + if (ret) + return ret; + + ret = generate_dh_keyblock(context, client_params, enctype, + &client_params->reply_key); + if (ret) + return ret; + + ret = pk_mk_pa_reply_dh(context, client_params->dh, + client_params, + &client_params->reply_key, + &info); + + ASN1_MALLOC_ENCODE(ContentInfo, rep.u.dhInfo.dhSignedData.data, + rep.u.dhInfo.dhSignedData.length, &info, &size, + ret); + free_ContentInfo(&info); + if (ret) { + krb5_set_error_string(context, "encoding of Key ContentInfo " + "failed %d", ret); + free_PA_PK_AS_REP(&rep); + goto out; + } + if (rep.u.encKeyPack.length != size) + krb5_abortx(context, "Internal ASN.1 encoder error"); + } if (ret) { free_PA_PK_AS_REP(&rep); @@ -1319,21 +1350,8 @@ _kdc_pk_mk_pa_reply(krb5_context context, &client_params->reply_key, &rep.u.encKeyPack); } else { - rep.element = choice_PA_PK_AS_REP_19_dhSignedData; - - ret = check_dh_params(client_params->dh); - if (ret) - return ret; - - ret = generate_dh_keyblock(context, client_params, enctype, - &client_params->reply_key); - if (ret) - return ret; - - ret = pk_mk_pa_reply_dh(context, client_params->dh, - client_params, - &client_params->reply_key, - &rep.u.dhSignedData); + krb5_set_error_string(context, "DH -19 not implemented"); + ret = KRB5KRB_ERR_GENERIC; } if (ret) { free_PA_PK_AS_REP_19(&rep); diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c index 42ceb37e62..6461a0ada9 100644 --- a/source4/heimdal/lib/asn1/gen_decode.c +++ b/source4/heimdal/lib/asn1/gen_decode.c @@ -34,7 +34,7 @@ #include "gen_locl.h" #include "lex.h" -RCSID("$Id: gen_decode.c,v 1.28 2005/08/23 11:51:25 lha Exp $"); +RCSID("$Id: gen_decode.c,v 1.29 2005/09/21 00:30:37 lha Exp $"); static void decode_primitive (const char *typename, const char *name, const char *forwstr) @@ -396,17 +396,15 @@ decode_type (const char *name, const Type *t, int optional, "%s_tmp = realloc((%s)->val, " " sizeof(*((%s)->val)) * ((%s)->len + 1));\n" "if (%s_tmp == NULL) { %s; }\n" - "(%s)->len++;\n" "(%s)->val = %s_tmp;\n", tmpstr, tmpstr, tmpstr, name, name, tmpstr, tmpstr, name, name, name, - tmpstr, - forwstr, name, name, - tmpstr); + tmpstr, forwstr, + name, tmpstr); - asprintf (&n, "&(%s)->val[(%s)->len-1]", name, name); + asprintf (&n, "&(%s)->val[(%s)->len]", name, name); if (n == NULL) errx(1, "malloc"); asprintf (&sname, "%s_s_of", tmpstr); @@ -414,10 +412,12 @@ decode_type (const char *name, const Type *t, int optional, errx(1, "malloc"); decode_type (n, t->subtype, 0, forwstr, sname); fprintf (codefile, + "(%s)->len++;\n" "len = %s_origlen - ret;\n" "}\n" "ret += %s_oldret;\n" "}\n", + name, tmpstr, tmpstr); free (n); free (sname); diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index 3b563038e8..8a13c392f8 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -736,7 +736,7 @@ char *yytext; * SUCH DAMAGE. */ -/* $Id: lex.l,v 1.26 2005/07/12 06:27:33 lha Exp $ */ +/* $Id: lex.l,v 1.27 2005/09/13 18:17:16 lha Exp $ */ #ifdef HAVE_CONFIG_H #include @@ -758,8 +758,8 @@ static unsigned lineno = 1; #undef ECHO -static void handle_comment(int type); -static char *handle_string(void); +static void unterminated(const char *, unsigned); + #line 764 "lex.c" /* Macros after this point can all be overridden by user definitions in @@ -1419,21 +1419,121 @@ YY_RULE_SETUP case 85: YY_RULE_SETUP #line 147 "lex.l" -{ handle_comment(0); } +{ + int c, start_lineno = lineno; + int f = 0; + while((c = input()) != EOF) { + if(f && c == '-') + break; + if(c == '-') { + f = 1; + continue; + } + if(c == '\n') { + lineno++; + break; + } + f = 0; + } + if(c == EOF) + unterminated("comment", start_lineno); + } YY_BREAK case 86: YY_RULE_SETUP -#line 148 "lex.l" -{ handle_comment(1); } +#line 166 "lex.l" +{ + int c, start_lineno = lineno; + int level = 1; + int seen_star = 0; + int seen_slash = 0; + while((c = input()) != EOF) { + if(c == '/') { + if(seen_star) { + if(--level == 0) + break; + seen_star = 0; + continue; + } + seen_slash = 1; + continue; + } + if(seen_star && c == '/') { + if(--level == 0) + break; + seen_star = 0; + continue; + } + if(c == '*') { + if(seen_slash) { + level++; + seen_star = seen_slash = 0; + continue; + } + seen_star = 1; + continue; + } + seen_star = seen_slash = 0; + if(c == '\n') { + lineno++; + continue; + } + } + if(c == EOF) + unterminated("comment", start_lineno); + } YY_BREAK case 87: YY_RULE_SETUP -#line 149 "lex.l" -{ yylval.name = handle_string(); return STRING; } +#line 206 "lex.l" +{ + int start_lineno = lineno; + int c; + char buf[1024]; + char *p = buf; + int f = 0; + int skip_ws = 0; + + while((c = input()) != EOF) { + if(isspace(c) && skip_ws) { + if(c == '\n') + lineno++; + continue; + } + skip_ws = 0; + + if(c == '"') { + if(f) { + *p++ = '"'; + f = 0; + } else + f = 1; + continue; + } + if(f == 1) { + unput(c); + break; + } + if(c == '\n') { + lineno++; + while(p > buf && isspace((unsigned char)p[-1])) + p--; + skip_ws = 1; + continue; + } + *p++ = c; + } + if(c == EOF) + unterminated("string", start_lineno); + *p++ = '\0'; + fprintf(stderr, "string -- %s\n", buf); + yylval.name = estrdup(buf); + return STRING; + } YY_BREAK case 88: YY_RULE_SETUP -#line 151 "lex.l" +#line 251 "lex.l" { char *e, *y = yytext; yylval.constant = strtol((const char *)yytext, &e, 0); @@ -1445,7 +1545,7 @@ YY_RULE_SETUP YY_BREAK case 89: YY_RULE_SETUP -#line 159 "lex.l" +#line 259 "lex.l" { yylval.name = estrdup ((const char *)yytext); return IDENTIFIER; @@ -1453,35 +1553,35 @@ YY_RULE_SETUP YY_BREAK case 90: YY_RULE_SETUP -#line 163 "lex.l" +#line 263 "lex.l" ; YY_BREAK case 91: YY_RULE_SETUP -#line 164 "lex.l" +#line 264 "lex.l" { ++lineno; } YY_BREAK case 92: YY_RULE_SETUP -#line 165 "lex.l" +#line 265 "lex.l" { return ELLIPSIS; } YY_BREAK case 93: YY_RULE_SETUP -#line 166 "lex.l" +#line 266 "lex.l" { return RANGE; } YY_BREAK case 94: YY_RULE_SETUP -#line 167 "lex.l" +#line 267 "lex.l" { error_message("Ignoring char(%c)\n", *yytext); } YY_BREAK case 95: YY_RULE_SETUP -#line 168 "lex.l" +#line 268 "lex.l" ECHO; YY_BREAK -#line 1485 "lex.c" +#line 1585 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -2363,7 +2463,7 @@ int main() return 0; } #endif -#line 168 "lex.l" +#line 268 "lex.l" #ifndef yywrap /* XXX */ @@ -2377,119 +2477,17 @@ yywrap () void error_message (const char *format, ...) { - va_list args; + va_list args; - va_start (args, format); - fprintf (stderr, "%s:%d: ", get_filename(), lineno); - vfprintf (stderr, format, args); - va_end (args); - error_flag++; + va_start (args, format); + fprintf (stderr, "%s:%d: ", get_filename(), lineno); + vfprintf (stderr, format, args); + va_end (args); + error_flag++; } static void -handle_comment(int type) -{ - int c; - int start_lineno = lineno; - if(type == 0) { - int f = 0; - while((c = input()) != EOF) { - if(f && c == '-') - return; - if(c == '-') { - f = 1; - continue; - } - if(c == '\n') { - lineno++; - return; - } - f = 0; - } - } else { - int level = 1; - int seen_star = 0; - int seen_slash = 0; - while((c = input()) != EOF) { - if(c == '/') { - if(seen_star) { - if(--level == 0) - return; - seen_star = 0; - continue; - } - seen_slash = 1; - continue; - } - if(seen_star && c == '/') { - if(--level == 0) - return; - seen_star = 0; - continue; - } - if(c == '*') { - if(seen_slash) { - level++; - seen_star = seen_slash = 0; - continue; - } - seen_star = 1; - continue; - } - seen_star = seen_slash = 0; - if(c == '\n') { - lineno++; - continue; - } - } - } - if(c == EOF) - error_message("unterminated comment, possibly started on line %d\n", start_lineno); -} - -static char * -handle_string(void) +unterminated(const char *type, unsigned start_lineno) { - int start_lineno = lineno; - int c; - char buf[1024]; - char *p = buf; - int f = 0; - int skip_ws = 0; - - while((c = input()) != EOF) { - if(isspace(c) && skip_ws) { - if(c == '\n') - lineno++; - continue; - } - skip_ws = 0; - - if(c == '"') { - if(f) { - *p++ = '"'; - f = 0; - } else - f = 1; - continue; - } - if(f == 1) { - unput(c); - break; - } - if(c == '\n') { - lineno++; - while(p > buf && isspace((unsigned char)p[-1])) - p--; - skip_ws = 1; - continue; - } - *p++ = c; - } - if(c == EOF) - error_message("unterminated string, possibly started on line %d\n", start_lineno); - *p++ = '\0'; - fprintf(stderr, "string -- %s\n", buf); - return estrdup(buf); + error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); } - diff --git a/source4/heimdal/lib/asn1/lex.l b/source4/heimdal/lib/asn1/lex.l index cb6512f36f..4b2c5af062 100644 --- a/source4/heimdal/lib/asn1/lex.l +++ b/source4/heimdal/lib/asn1/lex.l @@ -32,7 +32,7 @@ * SUCH DAMAGE. */ -/* $Id: lex.l,v 1.26 2005/07/12 06:27:33 lha Exp $ */ +/* $Id: lex.l,v 1.27 2005/09/13 18:17:16 lha Exp $ */ #ifdef HAVE_CONFIG_H #include @@ -54,8 +54,8 @@ static unsigned lineno = 1; #undef ECHO -static void handle_comment(int type); -static char *handle_string(void); +static void unterminated(const char *, unsigned); + %} @@ -144,9 +144,109 @@ WITH { return kw_WITH; } "[" { return *yytext; } "]" { return *yytext; } ::= { return EEQUAL; } --- { handle_comment(0); } -\/\* { handle_comment(1); } -"\"" { yylval.name = handle_string(); return STRING; } +-- { + int c, start_lineno = lineno; + int f = 0; + while((c = input()) != EOF) { + if(f && c == '-') + break; + if(c == '-') { + f = 1; + continue; + } + if(c == '\n') { + lineno++; + break; + } + f = 0; + } + if(c == EOF) + unterminated("comment", start_lineno); + } +\/\* { + int c, start_lineno = lineno; + int level = 1; + int seen_star = 0; + int seen_slash = 0; + while((c = input()) != EOF) { + if(c == '/') { + if(seen_star) { + if(--level == 0) + break; + seen_star = 0; + continue; + } + seen_slash = 1; + continue; + } + if(seen_star && c == '/') { + if(--level == 0) + break; + seen_star = 0; + continue; + } + if(c == '*') { + if(seen_slash) { + level++; + seen_star = seen_slash = 0; + continue; + } + seen_star = 1; + continue; + } + seen_star = seen_slash = 0; + if(c == '\n') { + lineno++; + continue; + } + } + if(c == EOF) + unterminated("comment", start_lineno); + } +"\"" { + int start_lineno = lineno; + int c; + char buf[1024]; + char *p = buf; + int f = 0; + int skip_ws = 0; + + while((c = input()) != EOF) { + if(isspace(c) && skip_ws) { + if(c == '\n') + lineno++; + continue; + } + skip_ws = 0; + + if(c == '"') { + if(f) { + *p++ = '"'; + f = 0; + } else + f = 1; + continue; + } + if(f == 1) { + unput(c); + break; + } + if(c == '\n') { + lineno++; + while(p > buf && isspace((unsigned char)p[-1])) + p--; + skip_ws = 1; + continue; + } + *p++ = c; + } + if(c == EOF) + unterminated("string", start_lineno); + *p++ = '\0'; + fprintf(stderr, "string -- %s\n", buf); + yylval.name = estrdup(buf); + return STRING; + } -?0x[0-9A-Fa-f]+|-?[0-9]+ { char *e, *y = yytext; yylval.constant = strtol((const char *)yytext, @@ -178,119 +278,17 @@ yywrap () void error_message (const char *format, ...) { - va_list args; + va_list args; - va_start (args, format); - fprintf (stderr, "%s:%d: ", get_filename(), lineno); - vfprintf (stderr, format, args); - va_end (args); - error_flag++; + va_start (args, format); + fprintf (stderr, "%s:%d: ", get_filename(), lineno); + vfprintf (stderr, format, args); + va_end (args); + error_flag++; } static void -handle_comment(int type) +unterminated(const char *type, unsigned start_lineno) { - int c; - int start_lineno = lineno; - if(type == 0) { - int f = 0; - while((c = input()) != EOF) { - if(f && c == '-') - return; - if(c == '-') { - f = 1; - continue; - } - if(c == '\n') { - lineno++; - return; - } - f = 0; - } - } else { - int level = 1; - int seen_star = 0; - int seen_slash = 0; - while((c = input()) != EOF) { - if(c == '/') { - if(seen_star) { - if(--level == 0) - return; - seen_star = 0; - continue; - } - seen_slash = 1; - continue; - } - if(seen_star && c == '/') { - if(--level == 0) - return; - seen_star = 0; - continue; - } - if(c == '*') { - if(seen_slash) { - level++; - seen_star = seen_slash = 0; - continue; - } - seen_star = 1; - continue; - } - seen_star = seen_slash = 0; - if(c == '\n') { - lineno++; - continue; - } - } - } - if(c == EOF) - error_message("unterminated comment, possibly started on line %d\n", start_lineno); -} - -static char * -handle_string(void) -{ - int start_lineno = lineno; - int c; - char buf[1024]; - char *p = buf; - int f = 0; - int skip_ws = 0; - - while((c = input()) != EOF) { - if(isspace(c) && skip_ws) { - if(c == '\n') - lineno++; - continue; - } - skip_ws = 0; - - if(c == '"') { - if(f) { - *p++ = '"'; - f = 0; - } else - f = 1; - continue; - } - if(f == 1) { - unput(c); - break; - } - if(c == '\n') { - lineno++; - while(p > buf && isspace((unsigned char)p[-1])) - p--; - skip_ws = 1; - continue; - } - *p++ = c; - } - if(c == EOF) - error_message("unterminated string, possibly started on line %d\n", start_lineno); - *p++ = '\0'; - fprintf(stderr, "string -- %s\n", buf); - return estrdup(buf); + error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); } - diff --git a/source4/heimdal/lib/asn1/pkcs8.asn1 b/source4/heimdal/lib/asn1/pkcs8.asn1 index 823e56660b..dc52511bf4 100644 --- a/source4/heimdal/lib/asn1/pkcs8.asn1 +++ b/source4/heimdal/lib/asn1/pkcs8.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs8.asn1,v 1.2 2005/07/12 06:27:36 lha Exp $ -- +-- $Id: pkcs8.asn1,v 1.3 2005/09/13 19:41:29 lha Exp $ -- PKCS8 DEFINITIONS ::= @@ -17,7 +17,7 @@ PKCS8PrivateKeyInfo ::= SEQUENCE { version INTEGER, privateKeyAlgorithm PKCS8PrivateKeyAlgorithmIdentifier, privateKey PKCS8PrivateKey, - attributes [0] IMPLICIT PKCS8Attributes OPTIONAL + attributes [0] IMPLICIT SET OF Attribute OPTIONAL } PKCS8EncryptedData ::= OCTET STRING diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c index 42455097c9..e55dafa41e 100644 --- a/source4/heimdal/lib/com_err/parse.c +++ b/source4/heimdal/lib/com_err/parse.c @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 1.875c. */ +/* A Bison parser, made by GNU Bison 2.0. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -148,7 +148,7 @@ typedef union YYSTYPE { char *string; int number; } YYSTYPE; -/* Line 191 of yacc.c. */ +/* Line 190 of yacc.c. */ #line 153 "$base.c" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -160,7 +160,7 @@ typedef union YYSTYPE { /* Copy the second part of user declarations. */ -/* Line 214 of yacc.c. */ +/* Line 213 of yacc.c. */ #line 165 "$base.c" #if ! defined (yyoverflow) || YYERROR_VERBOSE @@ -176,14 +176,10 @@ typedef union YYSTYPE { # ifdef YYSTACK_USE_ALLOCA # if YYSTACK_USE_ALLOCA -# define YYSTACK_ALLOC alloca -# endif -# else -# if defined (alloca) || defined (_ALLOCA_H) -# define YYSTACK_ALLOC alloca -# else # ifdef __GNUC__ # define YYSTACK_ALLOC __builtin_alloca +# else +# define YYSTACK_ALLOC alloca # endif # endif # endif @@ -209,7 +205,7 @@ typedef union YYSTYPE { /* A type that is properly aligned for any stack member. */ union yyalloc { - short yyss; + short int yyss; YYSTYPE yyvs; }; @@ -219,7 +215,7 @@ union yyalloc /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ - ((N) * (sizeof (short) + sizeof (YYSTYPE)) \ + ((N) * (sizeof (short int) + sizeof (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) /* Copy COUNT objects from FROM to TO. The source and destination do @@ -261,7 +257,7 @@ union yyalloc #if defined (__STDC__) || defined (__cplusplus) typedef signed char yysigned_char; #else - typedef short yysigned_char; + typedef short int yysigned_char; #endif /* YYFINAL -- State number of the termination state. */ @@ -358,7 +354,7 @@ static const char *const yytname[] = # ifdef YYPRINT /* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to token YYLEX-NUM. */ -static const unsigned short yytoknum[] = +static const unsigned short int yytoknum[] = { 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 44 @@ -490,20 +486,53 @@ do \ } \ while (0) + #define YYTERROR 1 #define YYERRCODE 256 -/* YYLLOC_DEFAULT -- Compute the default location (before the actions - are run). */ +/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. + If N is 0, then set CURRENT to the empty location which ends + the previous symbol: RHS[0] (always defined). */ + +#define YYRHSLOC(Rhs, K) ((Rhs)[K]) #ifndef YYLLOC_DEFAULT -# define YYLLOC_DEFAULT(Current, Rhs, N) \ - ((Current).first_line = (Rhs)[1].first_line, \ - (Current).first_column = (Rhs)[1].first_column, \ - (Current).last_line = (Rhs)[N].last_line, \ - (Current).last_column = (Rhs)[N].last_column) +# define YYLLOC_DEFAULT(Current, Rhs, N) \ + do \ + if (N) \ + { \ + (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ + (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ + (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ + (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ + } \ + else \ + { \ + (Current).first_line = (Current).last_line = \ + YYRHSLOC (Rhs, 0).last_line; \ + (Current).first_column = (Current).last_column = \ + YYRHSLOC (Rhs, 0).last_column; \ + } \ + while (0) #endif + +/* YY_LOCATION_PRINT -- Print the location on the stream. + This macro was not mandated originally: define only if we know + we won't break user code: when these are the locations we know. */ + +#ifndef YY_LOCATION_PRINT +# if YYLTYPE_IS_TRIVIAL +# define YY_LOCATION_PRINT(File, Loc) \ + fprintf (File, "%d.%d-%d.%d", \ + (Loc).first_line, (Loc).first_column, \ + (Loc).last_line, (Loc).last_column) +# else +# define YY_LOCATION_PRINT(File, Loc) ((void) 0) +# endif +#endif + + /* YYLEX -- calling `yylex' with the right arguments. */ #ifdef YYLEX_PARAM @@ -526,19 +555,13 @@ do { \ YYFPRINTF Args; \ } while (0) -# define YYDSYMPRINT(Args) \ -do { \ - if (yydebug) \ - yysymprint Args; \ -} while (0) - -# define YYDSYMPRINTF(Title, Token, Value, Location) \ +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ do { \ if (yydebug) \ { \ YYFPRINTF (stderr, "%s ", Title); \ yysymprint (stderr, \ - Token, Value); \ + Type, Value); \ YYFPRINTF (stderr, "\n"); \ } \ } while (0) @@ -550,12 +573,12 @@ do { \ #if defined (__STDC__) || defined (__cplusplus) static void -yy_stack_print (short *bottom, short *top) +yy_stack_print (short int *bottom, short int *top) #else static void yy_stack_print (bottom, top) - short *bottom; - short *top; + short int *bottom; + short int *top; #endif { YYFPRINTF (stderr, "Stack now"); @@ -605,8 +628,7 @@ do { \ int yydebug; #else /* !YYDEBUG */ # define YYDPRINTF(Args) -# define YYDSYMPRINT(Args) -# define YYDSYMPRINTF(Title, Token, Value, Location) +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) # define YY_STACK_PRINT(Bottom, Top) # define YY_REDUCE_PRINT(Rule) #endif /* !YYDEBUG */ @@ -624,10 +646,6 @@ int yydebug; SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH) evaluated with infinite-precision integer arithmetic. */ -#if defined (YYMAXDEPTH) && YYMAXDEPTH == 0 -# undef YYMAXDEPTH -#endif - #ifndef YYMAXDEPTH # define YYMAXDEPTH 10000 #endif @@ -709,15 +727,15 @@ yysymprint (yyoutput, yytype, yyvaluep) (void) yyvaluep; if (yytype < YYNTOKENS) - { - YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); -# ifdef YYPRINT - YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); -# endif - } + YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); else YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + +# ifdef YYPRINT + if (yytype < YYNTOKENS) + YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); +# endif switch (yytype) { default: @@ -733,10 +751,11 @@ yysymprint (yyoutput, yytype, yyvaluep) #if defined (__STDC__) || defined (__cplusplus) static void -yydestruct (int yytype, YYSTYPE *yyvaluep) +yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) #else static void -yydestruct (yytype, yyvaluep) +yydestruct (yymsg, yytype, yyvaluep) + const char *yymsg; int yytype; YYSTYPE *yyvaluep; #endif @@ -744,6 +763,10 @@ yydestruct (yytype, yyvaluep) /* Pacify ``unused variable'' warnings. */ (void) yyvaluep; + if (!yymsg) + yymsg = "Deleting"; + YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); + switch (yytype) { @@ -771,10 +794,10 @@ int yyparse (); -/* The lookahead symbol. */ +/* The look-ahead symbol. */ int yychar; -/* The semantic value of the lookahead symbol. */ +/* The semantic value of the look-ahead symbol. */ YYSTYPE yylval; /* Number of syntax errors so far. */ @@ -810,7 +833,7 @@ yyparse () int yyresult; /* Number of tokens to shift before error messages enabled. */ int yyerrstatus; - /* Lookahead token as an internal (translated) token number. */ + /* Look-ahead token as an internal (translated) token number. */ int yytoken = 0; /* Three stacks and their tools: @@ -822,9 +845,9 @@ yyparse () to reallocate them elsewhere. */ /* The state stack. */ - short yyssa[YYINITDEPTH]; - short *yyss = yyssa; - register short *yyssp; + short int yyssa[YYINITDEPTH]; + short int *yyss = yyssa; + register short int *yyssp; /* The semantic value stack. */ YYSTYPE yyvsa[YYINITDEPTH]; @@ -861,6 +884,9 @@ yyparse () yyssp = yyss; yyvsp = yyvs; + + yyvsp[0] = yylval; + goto yysetstate; /*------------------------------------------------------------. @@ -886,7 +912,7 @@ yyparse () these so that the &'s don't force the real ones into memory. */ YYSTYPE *yyvs1 = yyvs; - short *yyss1 = yyss; + short int *yyss1 = yyss; /* Each stack pointer address is followed by the size of the @@ -914,7 +940,7 @@ yyparse () yystacksize = YYMAXDEPTH; { - short *yyss1 = yyss; + short int *yyss1 = yyss; union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) @@ -950,18 +976,18 @@ yyparse () yybackup: /* Do appropriate processing given the current state. */ -/* Read a lookahead token if we need one and don't already have one. */ +/* Read a look-ahead token if we need one and don't already have one. */ /* yyresume: */ - /* First try to decide what to do without reference to lookahead token. */ + /* First try to decide what to do without reference to look-ahead token. */ yyn = yypact[yystate]; if (yyn == YYPACT_NINF) goto yydefault; - /* Not known => get a lookahead token if don't already have one. */ + /* Not known => get a look-ahead token if don't already have one. */ - /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ + /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ if (yychar == YYEMPTY) { YYDPRINTF ((stderr, "Reading a token: ")); @@ -976,7 +1002,7 @@ yybackup: else { yytoken = YYTRANSLATE (yychar); - YYDSYMPRINTF ("Next token is", yytoken, &yylval, &yylloc); + YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); } /* If the proper action on seeing token YYTOKEN is to reduce or to @@ -996,8 +1022,8 @@ yybackup: if (yyn == YYFINAL) YYACCEPT; - /* Shift the lookahead token. */ - YYDPRINTF ((stderr, "Shifting token %s, ", yytname[yytoken])); + /* Shift the look-ahead token. */ + YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); /* Discard the token being shifted unless it is eof. */ if (yychar != YYEOF) @@ -1049,33 +1075,33 @@ yyreduce: case 6: #line 73 "parse.y" { - id_str = yyvsp[0].string; + id_str = (yyvsp[0].string); } break; case 7: #line 79 "parse.y" { - base_id = name2number(yyvsp[0].string); - strlcpy(name, yyvsp[0].string, sizeof(name)); - free(yyvsp[0].string); + base_id = name2number((yyvsp[0].string)); + strlcpy(name, (yyvsp[0].string), sizeof(name)); + free((yyvsp[0].string)); } break; case 8: #line 85 "parse.y" { - base_id = name2number(yyvsp[-1].string); - strlcpy(name, yyvsp[0].string, sizeof(name)); - free(yyvsp[-1].string); - free(yyvsp[0].string); + base_id = name2number((yyvsp[-1].string)); + strlcpy(name, (yyvsp[0].string), sizeof(name)); + free((yyvsp[-1].string)); + free((yyvsp[0].string)); } break; case 11: #line 98 "parse.y" { - number = yyvsp[0].number; + number = (yyvsp[0].number); } break; @@ -1083,10 +1109,10 @@ yyreduce: #line 102 "parse.y" { free(prefix); - asprintf (&prefix, "%s_", yyvsp[0].string); + asprintf (&prefix, "%s_", (yyvsp[0].string)); if (prefix == NULL) errx(1, "malloc"); - free(yyvsp[0].string); + free((yyvsp[0].string)); } break; @@ -1111,13 +1137,13 @@ yyreduce: ec->next = NULL; ec->number = number; if(prefix && *prefix != '\0') { - asprintf (&ec->name, "%s%s", prefix, yyvsp[-2].string); + asprintf (&ec->name, "%s%s", prefix, (yyvsp[-2].string)); if (ec->name == NULL) errx(1, "malloc"); - free(yyvsp[-2].string); + free((yyvsp[-2].string)); } else - ec->name = yyvsp[-2].string; - ec->string = yyvsp[0].string; + ec->name = (yyvsp[-2].string); + ec->string = (yyvsp[0].string); APPEND(codes, ec); number++; } @@ -1133,8 +1159,8 @@ yyreduce: } -/* Line 1000 of yacc.c. */ -#line 1138 "$base.c" +/* Line 1037 of yacc.c. */ +#line 1164 "$base.c" yyvsp -= yylen; yyssp -= yylen; @@ -1234,7 +1260,7 @@ yyerrlab: if (yyerrstatus == 3) { - /* If just tried and failed to reuse lookahead token after an + /* If just tried and failed to reuse look-ahead token after an error, discard it. */ if (yychar <= YYEOF) @@ -1244,23 +1270,22 @@ yyerrlab: if (yychar == YYEOF) for (;;) { + YYPOPSTACK; if (yyssp == yyss) YYABORT; - YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp); - yydestruct (yystos[*yyssp], yyvsp); + yydestruct ("Error: popping", + yystos[*yyssp], yyvsp); } } else { - YYDSYMPRINTF ("Error: discarding", yytoken, &yylval, &yylloc); - yydestruct (yytoken, &yylval); + yydestruct ("Error: discarding", yytoken, &yylval); yychar = YYEMPTY; - } } - /* Else will try to reuse lookahead token after shifting the error + /* Else will try to reuse look-ahead token after shifting the error token. */ goto yyerrlab1; @@ -1277,7 +1302,7 @@ yyerrorlab: goto yyerrorlab; #endif - yyvsp -= yylen; +yyvsp -= yylen; yyssp -= yylen; yystate = *yyssp; goto yyerrlab1; @@ -1307,8 +1332,8 @@ yyerrlab1: if (yyssp == yyss) YYABORT; - YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp); - yydestruct (yystos[yystate], yyvsp); + + yydestruct ("Error: popping", yystos[yystate], yyvsp); YYPOPSTACK; yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); @@ -1317,11 +1342,12 @@ yyerrlab1: if (yyn == YYFINAL) YYACCEPT; - YYDPRINTF ((stderr, "Shifting error token, ")); - *++yyvsp = yylval; + /* Shift the error token. */ + YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); + yystate = yyn; goto yynewstate; @@ -1337,6 +1363,9 @@ yyacceptlab: | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ yyabortlab: + yydestruct ("Error: discarding lookahead", + yytoken, &yylval); + yychar = YYEMPTY; yyresult = 1; goto yyreturn; diff --git a/source4/heimdal/lib/com_err/parse.h b/source4/heimdal/lib/com_err/parse.h index 309c272499..ef7b9ba91e 100644 --- a/source4/heimdal/lib/com_err/parse.h +++ b/source4/heimdal/lib/com_err/parse.h @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 1.875c. */ +/* A Bison parser, made by GNU Bison 2.0. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -57,7 +57,7 @@ typedef union YYSTYPE { char *string; int number; } YYSTYPE; -/* Line 1275 of yacc.c. */ +/* Line 1318 of yacc.c. */ #line 62 "parse.h" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 diff --git a/source4/heimdal/lib/gssapi/cfx.c b/source4/heimdal/lib/gssapi/cfx.c index 3e7592b3a7..1cc510d6fc 100755 --- a/source4/heimdal/lib/gssapi/cfx.c +++ b/source4/heimdal/lib/gssapi/cfx.c @@ -77,7 +77,7 @@ wrap_length_cfx(krb5_crypto crypto, if (ret) { return ret; } - if (*padsize > 1) { + if (padsize > 1) { /* XXX check this */ *padlength = *padsize - (input_length % *padsize); } diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h index 56566b7fe4..799f013eba 100644 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -8,317 +8,6 @@ extern "C" { #endif -unsigned -HDBFlags2int (HDBFlags /*f*/); - -int -copy_Event ( - const Event */*from*/, - Event */*to*/); - -int -copy_GENERATION ( - const GENERATION */*from*/, - GENERATION */*to*/); - -int -copy_HDBFlags ( - const HDBFlags */*from*/, - HDBFlags */*to*/); - -int -copy_HDB_Ext_Aliases ( - const HDB_Ext_Aliases */*from*/, - HDB_Ext_Aliases */*to*/); - -int -copy_HDB_Ext_Constrained_delegation_acl ( - const HDB_Ext_Constrained_delegation_acl */*from*/, - HDB_Ext_Constrained_delegation_acl */*to*/); - -int -copy_HDB_Ext_Lan_Manager_OWF ( - const HDB_Ext_Lan_Manager_OWF */*from*/, - HDB_Ext_Lan_Manager_OWF */*to*/); - -int -copy_HDB_Ext_PKINIT_acl ( - const HDB_Ext_PKINIT_acl */*from*/, - HDB_Ext_PKINIT_acl */*to*/); - -int -copy_HDB_Ext_PKINIT_certificate ( - const HDB_Ext_PKINIT_certificate */*from*/, - HDB_Ext_PKINIT_certificate */*to*/); - -int -copy_HDB_Ext_Password ( - const HDB_Ext_Password */*from*/, - HDB_Ext_Password */*to*/); - -int -copy_HDB_extension ( - const HDB_extension */*from*/, - HDB_extension */*to*/); - -int -copy_HDB_extensions ( - const HDB_extensions */*from*/, - HDB_extensions */*to*/); - -int -copy_Key ( - const Key */*from*/, - Key */*to*/); - -int -copy_Salt ( - const Salt */*from*/, - Salt */*to*/); - -int -copy_hdb_entry ( - const hdb_entry */*from*/, - hdb_entry */*to*/); - -int -decode_Event ( - const unsigned char */*p*/, - size_t /*len*/, - Event */*data*/, - size_t */*size*/); - -int -decode_GENERATION ( - const unsigned char */*p*/, - size_t /*len*/, - GENERATION */*data*/, - size_t */*size*/); - -int -decode_HDBFlags ( - const unsigned char */*p*/, - size_t /*len*/, - HDBFlags */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_Aliases ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_Aliases */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_Constrained_delegation_acl ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_Constrained_delegation_acl */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_Lan_Manager_OWF ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_Lan_Manager_OWF */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_PKINIT_acl ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_PKINIT_acl */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_PKINIT_certificate ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_PKINIT_certificate */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_Password ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_Password */*data*/, - size_t */*size*/); - -int -decode_HDB_extension ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_extension */*data*/, - size_t */*size*/); - -int -decode_HDB_extensions ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_extensions */*data*/, - size_t */*size*/); - -int -decode_Key ( - const unsigned char */*p*/, - size_t /*len*/, - Key */*data*/, - size_t */*size*/); - -int -decode_Salt ( - const unsigned char */*p*/, - size_t /*len*/, - Salt */*data*/, - size_t */*size*/); - -int -decode_hdb_entry ( - const unsigned char */*p*/, - size_t /*len*/, - hdb_entry */*data*/, - size_t */*size*/); - -int -encode_Event ( - unsigned char */*p*/, - size_t /*len*/, - const Event */*data*/, - size_t */*size*/); - -int -encode_GENERATION ( - unsigned char */*p*/, - size_t /*len*/, - const GENERATION */*data*/, - size_t */*size*/); - -int -encode_HDBFlags ( - unsigned char */*p*/, - size_t /*len*/, - const HDBFlags */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_Aliases ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_Aliases */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_Constrained_delegation_acl ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_Constrained_delegation_acl */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_Lan_Manager_OWF ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_Lan_Manager_OWF */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_PKINIT_acl ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_PKINIT_acl */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_PKINIT_certificate ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_PKINIT_certificate */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_Password ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_Password */*data*/, - size_t */*size*/); - -int -encode_HDB_extension ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_extension */*data*/, - size_t */*size*/); - -int -encode_HDB_extensions ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_extensions */*data*/, - size_t */*size*/); - -int -encode_Key ( - unsigned char */*p*/, - size_t /*len*/, - const Key */*data*/, - size_t */*size*/); - -int -encode_Salt ( - unsigned char */*p*/, - size_t /*len*/, - const Salt */*data*/, - size_t */*size*/); - -int -encode_hdb_entry ( - unsigned char */*p*/, - size_t /*len*/, - const hdb_entry */*data*/, - size_t */*size*/); - -void -free_Event (Event */*data*/); - -void -free_GENERATION (GENERATION */*data*/); - -void -free_HDBFlags (HDBFlags */*data*/); - -void -free_HDB_Ext_Aliases (HDB_Ext_Aliases */*data*/); - -void -free_HDB_Ext_Constrained_delegation_acl (HDB_Ext_Constrained_delegation_acl */*data*/); - -void -free_HDB_Ext_Lan_Manager_OWF (HDB_Ext_Lan_Manager_OWF */*data*/); - -void -free_HDB_Ext_PKINIT_acl (HDB_Ext_PKINIT_acl */*data*/); - -void -free_HDB_Ext_PKINIT_certificate (HDB_Ext_PKINIT_certificate */*data*/); - -void -free_HDB_Ext_Password (HDB_Ext_Password */*data*/); - -void -free_HDB_extension (HDB_extension */*data*/); - -void -free_HDB_extensions (HDB_extensions */*data*/); - -void -free_Key (Key */*data*/); - -void -free_Salt (Salt */*data*/); - -void -free_hdb_entry (hdb_entry */*data*/); - krb5_error_code hdb_add_master_key ( krb5_context /*context*/, @@ -608,54 +297,6 @@ hdb_write_master_key ( const char */*filename*/, hdb_master_key /*mkey*/); -void -initialize_hdb_error_table_r (struct et_list **/*list*/); - -HDBFlags -int2HDBFlags (unsigned /*n*/); - -size_t -length_Event (const Event */*data*/); - -size_t -length_GENERATION (const GENERATION */*data*/); - -size_t -length_HDBFlags (const HDBFlags */*data*/); - -size_t -length_HDB_Ext_Aliases (const HDB_Ext_Aliases */*data*/); - -size_t -length_HDB_Ext_Constrained_delegation_acl (const HDB_Ext_Constrained_delegation_acl */*data*/); - -size_t -length_HDB_Ext_Lan_Manager_OWF (const HDB_Ext_Lan_Manager_OWF */*data*/); - -size_t -length_HDB_Ext_PKINIT_acl (const HDB_Ext_PKINIT_acl */*data*/); - -size_t -length_HDB_Ext_PKINIT_certificate (const HDB_Ext_PKINIT_certificate */*data*/); - -size_t -length_HDB_Ext_Password (const HDB_Ext_Password */*data*/); - -size_t -length_HDB_extension (const HDB_extension */*data*/); - -size_t -length_HDB_extensions (const HDB_extensions */*data*/); - -size_t -length_Key (const Key */*data*/); - -size_t -length_Salt (const Salt */*data*/); - -size_t -length_hdb_entry (const hdb_entry */*data*/); - #ifdef __cplusplus } #endif diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c index e6ef1d9d9b..c3cd6d4db9 100644 --- a/source4/heimdal/lib/krb5/changepw.c +++ b/source4/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: changepw.c,v 1.53 2005/05/25 05:30:42 lha Exp $"); +RCSID("$Id: changepw.c,v 1.54 2005/09/08 11:38:01 lha Exp $"); static void str2data (krb5_data *d, @@ -67,7 +67,7 @@ chgpw_send_request (krb5_context context, krb5_principal targprinc, int is_stream, int sock, - char *passwd, + const char *passwd, const char *host) { krb5_error_code ret; @@ -98,7 +98,7 @@ chgpw_send_request (krb5_context context, if (ret) return ret; - passwd_data.data = passwd; + passwd_data.data = rk_UNCONST(passwd); passwd_data.length = strlen(passwd); krb5_data_zero (&krb_priv_data); @@ -160,7 +160,7 @@ setpw_send_request (krb5_context context, krb5_principal targprinc, int is_stream, int sock, - char *passwd, + const char *passwd, const char *host) { krb5_error_code ret; @@ -186,7 +186,7 @@ setpw_send_request (krb5_context context, return ret; chpw.newpasswd.length = strlen(passwd); - chpw.newpasswd.data = passwd; + chpw.newpasswd.data = rk_UNCONST(passwd); if (targprinc) { chpw.targname = &targprinc->name; chpw.targrealm = &targprinc->realm; @@ -456,7 +456,7 @@ typedef krb5_error_code (*kpwd_send_request) (krb5_context, krb5_principal, int, int, - char *, + const char *, const char *); typedef krb5_error_code (*kpwd_process_reply) (krb5_context, krb5_auth_context, @@ -509,7 +509,7 @@ static krb5_error_code change_password_loop (krb5_context context, krb5_creds *creds, krb5_principal targprinc, - char *newpw, + const char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string, @@ -663,7 +663,7 @@ change_password_loop (krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_change_password (krb5_context context, krb5_creds *creds, - char *newpw, + const char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string) @@ -689,7 +689,7 @@ krb5_change_password (krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_set_password(krb5_context context, krb5_creds *creds, - char *newpw, + const char *newpw, krb5_principal targprinc, int *result_code, krb5_data *result_code_string, @@ -732,7 +732,7 @@ krb5_set_password(krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_set_password_using_ccache(krb5_context context, krb5_ccache ccache, - char *newpw, + const char *newpw, krb5_principal targprinc, int *result_code, krb5_data *result_code_string, diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 1c3e8d2a10..2e23306c96 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.128 2005/07/20 07:22:43 lha Exp $"); +RCSID("$Id: crypto.c,v 1.129 2005/09/19 22:13:54 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -188,68 +188,6 @@ krb5_DES_schedule(krb5_context context, DES_set_key(key->key->keyvalue.data, key->schedule->data); } -static void -DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) -{ - DES_key_schedule schedule; - int i; - int reverse = 0; - unsigned char *p; - - unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, - 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf }; - memset(key, 0, 8); - - p = (unsigned char*)key; - for (i = 0; i < length; i++) { - unsigned char tmp = data[i]; - if (!reverse) - *p++ ^= (tmp << 1); - else - *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4]; - if((i % 8) == 7) - reverse = !reverse; - } - DES_set_odd_parity(key); - if(DES_is_weak_key(key)) - (*key)[7] ^= 0xF0; - DES_set_key(key, &schedule); - DES_cbc_cksum((void*)data, key, length, &schedule, key); - memset(&schedule, 0, sizeof(schedule)); - DES_set_odd_parity(key); - if(DES_is_weak_key(key)) - (*key)[7] ^= 0xF0; -} - -static krb5_error_code -krb5_DES_string_to_key(krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_salt salt, - krb5_data opaque, - krb5_keyblock *key) -{ - unsigned char *s; - size_t len; - DES_cblock tmp; - - len = password.length + salt.saltvalue.length; - s = malloc(len); - if(len > 0 && s == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - memcpy(s, password.data, password.length); - memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); - DES_string_to_key_int(s, len, &tmp); - key->keytype = enctype; - krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); - memset(&tmp, 0, sizeof(tmp)); - memset(s, 0, len); - free(s); - return 0; -} - #ifdef ENABLE_AFS_STRING_TO_KEY /* This defines the Andrew string_to_key function. It accepts a password @@ -349,6 +287,78 @@ DES_AFS3_string_to_key(krb5_context context, } #endif /* ENABLE_AFS_STRING_TO_KEY */ +static void +DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) +{ + DES_key_schedule schedule; + int i; + int reverse = 0; + unsigned char *p; + + unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, + 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf }; + memset(key, 0, 8); + + p = (unsigned char*)key; + for (i = 0; i < length; i++) { + unsigned char tmp = data[i]; + if (!reverse) + *p++ ^= (tmp << 1); + else + *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4]; + if((i % 8) == 7) + reverse = !reverse; + } + DES_set_odd_parity(key); + if(DES_is_weak_key(key)) + (*key)[7] ^= 0xF0; + DES_set_key(key, &schedule); + DES_cbc_cksum((void*)data, key, length, &schedule, key); + memset(&schedule, 0, sizeof(schedule)); + DES_set_odd_parity(key); + if(DES_is_weak_key(key)) + (*key)[7] ^= 0xF0; +} + +static krb5_error_code +krb5_DES_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + unsigned char *s; + size_t len; + DES_cblock tmp; + +#ifdef ENABLE_AFS_STRING_TO_KEY + if (opaque.length == 1) { + unsigned long v; + _krb5_get_int(opaque.data, &v, 1); + if (v == 1) + return DES_AFS3_string_to_key(context, enctype, password, + salt, opaque, key); + } +#endif + + len = password.length + salt.saltvalue.length; + s = malloc(len); + if(len > 0 && s == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memcpy(s, password.data, password.length); + memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); + DES_string_to_key_int(s, len, &tmp); + key->keytype = enctype; + krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); + memset(&tmp, 0, sizeof(tmp)); + memset(s, 0, len); + free(s); + return 0; +} + static void krb5_DES_random_to_key(krb5_context context, krb5_keyblock *key, diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c index b7873f33d5..f4372422ac 100644 --- a/source4/heimdal/lib/krb5/kcm.c +++ b/source4/heimdal/lib/krb5/kcm.c @@ -43,7 +43,7 @@ #include "kcm.h" -RCSID("$Id: kcm.c,v 1.7 2005/06/17 04:20:11 lha Exp $"); +RCSID("$Id: kcm.c,v 1.8 2005/09/19 20:23:05 lha Exp $"); typedef struct krb5_kcmcache { char *name; @@ -246,7 +246,8 @@ kcm_call(krb5_context context, krb5_data *response_data_p) { krb5_data response_data; - krb5_error_code ret, status; + krb5_error_code ret; + int32_t status; krb5_storage *response; if (response_p != NULL) @@ -605,7 +606,7 @@ kcm_get_first (krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request, *response; krb5_data response_data; - u_int32_t tmp; + int32_t tmp; ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request); if (ret) @@ -624,7 +625,7 @@ kcm_get_first (krb5_context context, } ret = krb5_ret_int32(response, &tmp); - if (ret) + if (ret || tmp < 0) ret = KRB5_CC_IO; krb5_storage_free(request); diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 8e2ebcf43e..ef47bd1e26 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -340,14 +340,6 @@ _krb5_put_int ( unsigned long /*value*/, size_t /*size*/); -krb5_error_code KRB5_LIB_FUNCTION -_krb5_rd_rep_type ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - const krb5_data */*inbuf*/, - krb5_ap_rep_enc_part **/*repl*/, - krb5_boolean /*dce_style_response*/); - int _krb5_send_and_recv_tcp ( int /*fd*/, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 97f286b83e..8db553e6e3 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -20,15 +20,6 @@ extern "C" { #endif #endif -void -initialize_heim_error_table_r (struct et_list **/*list*/); - -void -initialize_k524_error_table_r (struct et_list **/*list*/); - -void -initialize_krb5_error_table_r (struct et_list **/*list*/); - krb5_error_code KRB5_LIB_FUNCTION krb524_convert_creds_kdc ( krb5_context /*context*/, @@ -706,7 +697,7 @@ krb5_error_code KRB5_LIB_FUNCTION krb5_change_password ( krb5_context /*context*/, krb5_creds */*creds*/, - char */*newpw*/, + const char */*newpw*/, int */*result_code*/, krb5_data */*result_code_string*/, krb5_data */*result_string*/); @@ -2629,7 +2620,7 @@ krb5_rd_req_return_keyblock ( krb5_keytab /*keytab*/, krb5_flags */*ap_req_options*/, krb5_ticket **/*ticket*/, - krb5_keyblock **/*keyblock*/); + krb5_keyblock **/*return_keyblock*/); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_req_with_keyblock ( @@ -2854,7 +2845,7 @@ krb5_error_code KRB5_LIB_FUNCTION krb5_set_password ( krb5_context /*context*/, krb5_creds */*creds*/, - char */*newpw*/, + const char */*newpw*/, krb5_principal /*targprinc*/, int */*result_code*/, krb5_data */*result_code_string*/, @@ -2864,7 +2855,7 @@ krb5_error_code KRB5_LIB_FUNCTION krb5_set_password_using_ccache ( krb5_context /*context*/, krb5_ccache /*ccache*/, - char */*newpw*/, + const char */*newpw*/, krb5_principal /*targprinc*/, int */*result_code*/, krb5_data */*result_code_string*/, diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 69f72d7b88..7ac1436f6e 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c,v 1.59 2005/08/12 08:53:00 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.62 2005/09/20 23:21:36 lha Exp $"); #ifdef PKINIT @@ -867,10 +867,11 @@ _krb5_pk_mk_padata(krb5_context context, if (ret) goto out; } else { +#if 0 ret = pk_mk_padata(context, COMPAT_19, ctx, req_body, nonce, md); if (ret) goto out; - +#endif ret = pk_mk_padata(context, COMPAT_27, ctx, req_body, nonce, md); if (ret) goto out; @@ -1143,7 +1144,7 @@ _krb5_pk_verify_sign(krb5_context context, EVP_PKEY *public_key; krb5_error_code ret; EVP_MD_CTX md; - X509 *cert; + X509 *cert = NULL; SignedData sd; size_t size; @@ -1187,7 +1188,6 @@ _krb5_pk_verify_sign(krb5_context context, set.len = sd.certificates->len; ret = cert_to_X509(context, &set, &certificates); - free_CertificateSet(&set); } if (ret) { krb5_set_error_string(context, @@ -1860,10 +1860,13 @@ _krb5_pk_rd_pa_reply(krb5_context context, return ret; default: free_PA_PK_AS_REP(&rep); - krb5_set_error_string(context, "PKINIT: -25 reply " + krb5_set_error_string(context, "PKINIT: -27 reply " "invalid content type"); + ret = EINVAL; break; } + if (ret == 0) + return ret; } /* Check for PK-INIT -19 */ @@ -1911,7 +1914,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, &w2krep, &size); if (ret) { - krb5_set_error_string(context, "PKINIT: Failed decoding windows" + krb5_set_error_string(context, "PKINIT: Failed decoding windows " "pkinit reply %d", ret); return ret; } -- cgit From 3b7f8ddd9a7c0d372a0585790913ac95c9eb3324 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 21 Sep 2005 22:55:39 +0000 Subject: r10398: Don't do DNS lookups on short names (no .). Andrew Bartlett (This used to be commit 77aca9619d24a8e118f53bcd1a1e54b8437812a8) --- source4/heimdal/lib/krb5/krbhst.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c index 49eee08ca5..98e9cb3f09 100644 --- a/source4/heimdal/lib/krb5/krbhst.c +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -634,6 +634,11 @@ common_init(krb5_context context, return NULL; } + /* For 'realms' without a . do not even think of going to DNS */ + if (!strchr(realm, '.')) { + kd->flags |= KD_CONFIG_EXISTS; + } + if (flags & KRB5_KRBHST_FLAGS_LARGE_MSG) kd->flags |= KD_LARGE_MSG; kd->end = kd->index = &kd->hosts; -- cgit From 8407a1a8665e188d9dc6774ce1535802e4e3cb29 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 28 Sep 2005 01:09:10 +0000 Subject: r10561: This patch takes over KDC socket routines in Heimdal, and directs them at the Samba4 socket layer. The intention here is to ensure that other events may be processed while heimdal is waiting on the KDC. The interface is designed to be sufficiently flexible, so that the plugin may choose how to time communication with the KDC (ie multiple outstanding requests, looking for a functional KDC). I've hacked the socket layer out of cldap.c to handle this very specific case of one udp packet and reply. Likewise I also handle TCP, stolen from the winbind code. This same plugin system might also be useful for a self-contained testing mode in Heimdal, in conjunction with libkdc. I would suggest using socket-wrapper instead however. Andrew Bartlett (This used to be commit 3b09f9e8f9f6f645cd03073ef833c8d0fb0d84e2) --- source4/heimdal/lib/krb5/context.c | 1 + source4/heimdal/lib/krb5/krb5-protos.h | 5 ++++ source4/heimdal/lib/krb5/krb5.h | 8 +++++ source4/heimdal/lib/krb5/send_to_kdc.c | 55 +++++++++++++++++++++++++++++----- 4 files changed, 61 insertions(+), 8 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index 3140f1b08f..594665235b 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -263,6 +263,7 @@ krb5_free_context(krb5_context context) krb5_closelog(context, context->warn_dest); krb5_set_extra_addresses(context, NULL); krb5_set_ignore_addresses(context, NULL); + free(context->send_and_recv); if (context->mutex != NULL) { HEIMDAL_MUTEX_destroy(context->mutex); free(context->mutex); diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 8db553e6e3..681ac4189b 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -3432,6 +3432,11 @@ krb5_write_safe_message ( krb5_error_code KRB5_LIB_FUNCTION krb5_xfree (void */*ptr*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_send_recv_func(krb5_context context, + krb5_send_and_recv_func_t func, + krb5_send_and_recv_close_func_t close_fn, + void *data); #ifdef __cplusplus } diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index 90b239cf0d..800683ef0c 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -444,6 +444,7 @@ typedef struct krb5_context_data { void *mutex; /* protects error_string/error_buf */ int large_msg_size; krb5_boolean fdns; /* Lookup hostnames to find full name, or send as-is */ + struct send_and_recv *send_and_recv; /* Alternate functions for KDC communication */ } krb5_context_data; enum { @@ -744,6 +745,13 @@ enum { KRB5_KRBHST_FLAGS_LARGE_MSG = 2 }; +typedef int (*krb5_send_and_recv_func_t)(krb5_context, + void *, + krb5_krbhst_info *, + const krb5_data *, + krb5_data *); +typedef void (*krb5_send_and_recv_close_func_t)(krb5_context, void*); + struct credentials; /* this is to keep the compiler happy */ struct getargs; struct sockaddr; diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c index d55f8dc692..7bb4adabbd 100644 --- a/source4/heimdal/lib/krb5/send_to_kdc.c +++ b/source4/heimdal/lib/krb5/send_to_kdc.c @@ -35,6 +35,30 @@ RCSID("$Id: send_to_kdc.c,v 1.56 2005/06/17 04:33:11 lha Exp $"); +struct send_and_recv { + krb5_send_and_recv_func_t func; + krb5_send_and_recv_close_func_t close; + void *data; +}; + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_send_recv_func(krb5_context context, + krb5_send_and_recv_func_t func, + krb5_send_and_recv_close_func_t close_fn, + void *data) +{ + free(context->send_and_recv); + context->send_and_recv = malloc(sizeof(*context->send_and_recv)); + if (!context->send_and_recv) { + return ENOMEM; + } + context->send_and_recv->func = func; + context->send_and_recv->close = close_fn; + context->send_and_recv->data = data; + return 0; +} + + /* * send the data in `req' on the socket `fd' (which is datagram iff udp) * waiting `tmout' for a reply and returning the reply in `rep'. @@ -329,11 +353,27 @@ krb5_sendto (krb5_context context, while (krb5_krbhst_next(context, handle, &hi) == 0) { struct addrinfo *ai, *a; + if (context->send_and_recv) { + ret = context->send_and_recv->func(context, + context->send_and_recv->data, + hi, send_data, receive); + if (ret) { + continue; + } else if (receive->length != 0) { + return 0; + } else { + continue; + } + } + if(hi->proto == KRB5_KRBHST_HTTP && context->http_proxy) { - if (send_via_proxy (context, hi, send_data, receive)) + if (send_via_proxy (context, hi, send_data, receive)) { + /* Try again, with next host */ continue; - else - goto out; + } else { + /* Success */ + return 0; + } } ret = krb5_krbhst_get_addrinfo(context, hi, &ai); @@ -363,16 +403,15 @@ krb5_sendto (krb5_context context, break; } close (fd); - if(ret == 0 && receive->length != 0) - goto out; + if(ret == 0 && receive->length != 0) { + return 0; + } } } krb5_krbhst_reset(context, handle); } krb5_clear_error_string (context); - ret = KRB5_KDC_UNREACH; -out: - return ret; + return KRB5_KDC_UNREACH; } krb5_error_code KRB5_LIB_FUNCTION -- cgit From 5a30cd8097f043fc7466e72f6d63305883392a46 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Oct 2005 05:29:44 +0000 Subject: r10983: Another case were we want to avoid DNS for unqualified names. Andrew Bartlett (This used to be commit 1d7094b8dfd53dfda55db7ce30f47f74864093bf) --- source4/heimdal/lib/krb5/get_host_realm.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/get_host_realm.c b/source4/heimdal/lib/krb5/get_host_realm.c index 78684f20a9..33a3438b12 100644 --- a/source4/heimdal/lib/krb5/get_host_realm.c +++ b/source4/heimdal/lib/krb5/get_host_realm.c @@ -233,6 +233,7 @@ krb5_get_host_realm(krb5_context context, krb5_realm **realms) { char hostname[MAXHOSTNAMELEN]; + krb5_boolean use_dns; if (host == NULL) { if (gethostname (hostname, sizeof(hostname))) @@ -240,5 +241,11 @@ krb5_get_host_realm(krb5_context context, host = hostname; } - return _krb5_get_host_realm_int (context, host, 1, realms); + if (strchr(host, '.') == NULL) { + use_dns = FALSE; + } else { + use_dns = TRUE; + } + + return _krb5_get_host_realm_int (context, host, use_dns, realms); } -- cgit From 4019064c5d866015a0d78b32dd051ec1dacf8ebf Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 25 Oct 2005 13:43:37 +0000 Subject: r11294: Update Heimdal in Samba4 to lorikeet-heimdal (which is in turn updated to CVS of 2005-10-24). Andrew Bartlett (This used to be commit 939d4f340feaad15d0a6a5da79feba2b2558f174) --- source4/heimdal/kdc/kdc.h | 5 +- source4/heimdal/kdc/kerberos5.c | 15 +- source4/heimdal/kdc/pkinit.c | 285 +++------- source4/heimdal/lib/asn1/der.h | 5 +- source4/heimdal/lib/gssapi/acquire_cred.c | 20 +- source4/heimdal/lib/gssapi/display_status.c | 42 +- source4/heimdal/lib/gssapi/gssapi_locl.h | 8 +- source4/heimdal/lib/gssapi/init_sec_context.c | 19 +- source4/heimdal/lib/hdb/hdb.c | 14 +- source4/heimdal/lib/krb5/acache.c | 110 +++- source4/heimdal/lib/krb5/cache.c | 215 ++++++- source4/heimdal/lib/krb5/init_creds.c | 36 +- source4/heimdal/lib/krb5/init_creds_pw.c | 32 +- source4/heimdal/lib/krb5/keytab_keyfile.c | 75 ++- source4/heimdal/lib/krb5/krb5-private.h | 42 +- source4/heimdal/lib/krb5/krb5-protos.h | 36 +- source4/heimdal/lib/krb5/krb5.h | 9 +- source4/heimdal/lib/krb5/krb5_locl.h | 5 +- source4/heimdal/lib/krb5/krbhst.c | 33 +- source4/heimdal/lib/krb5/mcache.c | 89 ++- source4/heimdal/lib/krb5/pkinit.c | 789 +++++++++++++++----------- source4/heimdal/lib/krb5/rd_cred.c | 53 +- source4/heimdal/lib/roken/roken-common.h | 6 +- source4/heimdal/lib/roken/roken.h | 11 +- 24 files changed, 1264 insertions(+), 690 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kdc.h b/source4/heimdal/kdc/kdc.h index f186983cef..3d25729d4e 100644 --- a/source4/heimdal/kdc/kdc.h +++ b/source4/heimdal/kdc/kdc.h @@ -35,7 +35,7 @@ */ /* - * $Id: kdc.h,v 1.4 2005/06/30 01:50:42 lha Exp $ + * $Id: kdc.h,v 1.5 2005/10/21 17:11:21 lha Exp $ */ #ifndef __KDC_H__ @@ -74,6 +74,9 @@ typedef struct krb5_kdc_configuration { krb5_boolean enable_pkinit_princ_in_cert; krb5_log_facility *logf; + + int pkinit_dh_min_bits; + } krb5_kdc_configuration; #include diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 3191ab19b7..fdc60761f3 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -853,11 +853,6 @@ _kdc_as_rep(krb5_context context, i = 0; if ((pa = find_padata(req, &i, KRB5_PADATA_PK_AS_REQ))) ; - if (pa == NULL) { - i = 0; - if((pa = find_padata(req, &i, KRB5_PADATA_PK_AS_REQ_19))) - ; - } if (pa == NULL) { i = 0; if((pa = find_padata(req, &i, KRB5_PADATA_PK_AS_REQ_WIN))) @@ -887,12 +882,14 @@ _kdc_as_rep(krb5_context context, e_text = "PKINIT certificate not allowed to " "impersonate principal"; _kdc_pk_free_client_param(context, pkp); + + kdc_log(context, config, 0, "%s", e_text); pkp = NULL; goto ts_enc; } found_pa = 1; et.flags.pre_authent = 1; - kdc_log(context, config, 2, + kdc_log(context, config, 0, "PKINIT pre-authentication succeeded -- %s using %s", client_name, client_cert); free(client_cert); @@ -1057,12 +1054,6 @@ _kdc_as_rep(krb5_context context, pa->padata_type = KRB5_PADATA_PK_AS_REQ; pa->padata_value.length = 0; pa->padata_value.data = NULL; - - ret = realloc_method_data(&method_data); - pa = &method_data.val[method_data.len-1]; - pa->padata_type = KRB5_PADATA_PK_AS_REQ_19; - pa->padata_value.length = 0; - pa->padata_value.data = NULL; #endif /* XXX check ret */ diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index 985c7c15e4..83c379825c 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c,v 1.43 2005/09/21 00:40:32 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.49 2005/10/21 17:14:19 lha Exp $"); #ifdef PKINIT @@ -65,7 +65,6 @@ struct krb5_pk_cert { enum pkinit_type { PKINIT_COMPAT_WIN2K = 1, - PKINIT_COMPAT_19 = 2, PKINIT_COMPAT_27 = 3 }; @@ -76,6 +75,7 @@ struct pk_client_params { unsigned nonce; DH *dh; EncryptionKey reply_key; + char *dh_group_name; }; struct pk_principal_mapping { @@ -111,6 +111,7 @@ struct pk_principal_mapping { static struct krb5_pk_identity *kdc_identity; static struct pk_principal_mapping principal_mappings; +static struct krb5_dh_moduli **moduli; /* * @@ -133,49 +134,6 @@ pk_check_pkauthenticator_win2k(krb5_context context, return 0; } -static krb5_error_code -pk_check_pkauthenticator_19(krb5_context context, - PKAuthenticator_19 *a, - KDC_REQ *req) -{ - u_char *buf = NULL; - size_t buf_size; - krb5_error_code ret; - size_t len; - krb5_timestamp now; - - krb5_timeofday (context, &now); - - /* XXX cusec */ - if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) { - krb5_clear_error_string(context); - return KRB5KRB_AP_ERR_SKEW; - } - - if (a->paChecksum.cksumtype != CKSUMTYPE_RSA_MD5 && - a->paChecksum.cksumtype != CKSUMTYPE_SHA1) - { - krb5_clear_error_string(context); - ret = KRB5KRB_ERR_GENERIC; - } - - ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, &req->req_body, &len, ret); - if (ret) { - krb5_clear_error_string(context); - return ret; - } - if (buf_size != len) - krb5_abortx(context, "Internal error in ASN.1 encoder"); - - ret = krb5_verify_checksum(context, NULL, 0, buf, len, - &a->paChecksum); - if (ret) - krb5_clear_error_string(context); - - free(buf); - return ret; -} - static krb5_error_code pk_check_pkauthenticator(krb5_context context, PKAuthenticator *a, @@ -281,35 +239,23 @@ _kdc_pk_free_client_param(krb5_context context, if (client_params->dh_public_key) BN_free(client_params->dh_public_key); krb5_free_keyblock_contents(context, &client_params->reply_key); + if (client_params->dh_group_name) + free(client_params->dh_group_name); memset(client_params, 0, sizeof(*client_params)); free(client_params); } -static krb5_error_code -check_dh_params(DH *dh) -{ - /* XXX check the DH parameters come from 1st or 2nd Oeakley Group */ - return 0; -} - static krb5_error_code generate_dh_keyblock(krb5_context context, pk_client_params *client_params, krb5_enctype enctype, krb5_keyblock *reply_key) { unsigned char *dh_gen_key = NULL; krb5_keyblock key; - int dh_gen_keylen; krb5_error_code ret; + size_t dh_gen_keylen, size; memset(&key, 0, sizeof(key)); - dh_gen_key = malloc(DH_size(client_params->dh)); - if (dh_gen_key == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - if (!DH_generate_key(client_params->dh)) { krb5_set_error_string(context, "Can't generate Diffie-Hellman " "keys (%s)", @@ -323,7 +269,20 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params, goto out; } - dh_gen_keylen = DH_compute_key(dh_gen_key, + dh_gen_keylen = DH_size(client_params->dh); + size = BN_num_bytes(client_params->dh->p); + if (size < dh_gen_keylen) + size = dh_gen_keylen; + + dh_gen_key = malloc(size); + if (dh_gen_key == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + goto out; + } + memset(dh_gen_key, 0, size - dh_gen_keylen); + + dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen), client_params->dh_public_key, client_params->dh); if (dh_gen_keylen == -1) { @@ -363,7 +322,9 @@ integer_to_BN(krb5_context context, const char *field, heim_integer *f) } static krb5_error_code -get_dh_param(krb5_context context, SubjectPublicKeyInfo *dh_key_info, +get_dh_param(krb5_context context, + krb5_kdc_configuration *config, + SubjectPublicKeyInfo *dh_key_info, pk_client_params *client_params) { DomainParameters dhparam; @@ -395,6 +356,20 @@ get_dh_param(krb5_context context, SubjectPublicKeyInfo *dh_key_info, goto out; } + if ((dh_key_info->subjectPublicKey.length % 8) != 0) { + ret = KRB5_BADMSGTYPE; + krb5_set_error_string(context, "PKINIT: subjectPublicKey not aligned " + "to 8 bit boundary"); + goto out; + } + + + ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits, + &dhparam.p, &dhparam.g, &dhparam.q, moduli, + &client_params->dh_group_name); + if (ret) + goto out; + dh = DH_new(); if (dh == NULL) { krb5_set_error_string(context, "Cannot create DH structure (%s)", @@ -415,22 +390,29 @@ get_dh_param(krb5_context context, SubjectPublicKeyInfo *dh_key_info, { heim_integer glue; - glue.data = dh_key_info->subjectPublicKey.data; - glue.length = dh_key_info->subjectPublicKey.length; + size_t size; + + ret = decode_DHPublicKey(dh_key_info->subjectPublicKey.data, + dh_key_info->subjectPublicKey.length / 8, + &glue, + &size); + if (ret) { + krb5_clear_error_string(context); + return ret; + } client_params->dh_public_key = integer_to_BN(context, "subjectPublicKey", &glue); - if (client_params->dh_public_key == NULL) { - krb5_clear_error_string(context); + free_heim_integer(&glue); + if (client_params->dh_public_key == NULL) goto out; - } } if (DH_check(dh, &dhret) != 1) { krb5_set_error_string(context, "PKINIT DH data not ok: %s", ERR_error_string(ERR_get_error(), NULL)); - ret = KRB5_KDC_ERR_KEY_SIZE; + ret = KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; goto out; } @@ -525,13 +507,12 @@ _kdc_pk_rd_padata(krb5_context context, return 0; } - client_params = malloc(sizeof(*client_params)); + client_params = calloc(1, sizeof(*client_params)); if (client_params == NULL) { krb5_clear_error_string(context); ret = ENOMEM; goto out; } - memset(client_params, 0, sizeof(*client_params)); if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) { PA_PK_AS_REQ_Win2k r; @@ -586,51 +567,6 @@ _kdc_pk_rd_padata(krb5_context context, free_ContentInfo(&info); - } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_19) { - PA_PK_AS_REQ_19 r; - - type = "PK-INIT-19"; - pa_contentType = oid_id_pkauthdata(); - - ret = decode_PA_PK_AS_REQ_19(pa->padata_value.data, - pa->padata_value.length, - &r, - NULL); - if (ret) { - krb5_set_error_string(context, "Can't decode " - "PK-AS-REQ-19: %d", ret); - goto out; - } - - if (heim_oid_cmp(&r.signedAuthPack.contentType, - oid_id_pkcs7_signedData())) - { - krb5_set_error_string(context, "PK-AS-REQ-19 invalid content " - "type oid"); - free_PA_PK_AS_REQ_19(&r); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } - - if (r.signedAuthPack.content == NULL) { - krb5_set_error_string(context, "PK-AS-REQ-19 no signed auth pack"); - free_PA_PK_AS_REQ_19(&r); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } - - signed_content.data = malloc(r.signedAuthPack.content->length); - if (signed_content.data == NULL) { - ret = ENOMEM; - free_PA_PK_AS_REQ_19(&r); - krb5_set_error_string(context, "PK-AS-REQ-19 out of memory"); - goto out; - } - signed_content.length = r.signedAuthPack.content->length; - memcpy(signed_content.data, r.signedAuthPack.content->data, - signed_content.length); - - free_PA_PK_AS_REQ_19(&r); } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) { PA_PK_AS_REQ r; ContentInfo info; @@ -701,12 +637,14 @@ _kdc_pk_rd_padata(krb5_context context, if (ret) goto out; +#if 0 /* Signature is correct, now verify the signed message */ if (heim_oid_cmp(&eContentType, pa_contentType)) { krb5_set_error_string(context, "got wrong oid for pkauthdata"); ret = KRB5_BADMSGTYPE; goto out; } +#endif if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) { AuthPack_Win2k ap; @@ -738,37 +676,6 @@ _kdc_pk_rd_padata(krb5_context context, } free_AuthPack_Win2k(&ap); - } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_19) { - AuthPack_19 ap; - - ret = decode_AuthPack_19(eContent.data, - eContent.length, - &ap, - NULL); - if (ret) { - krb5_set_error_string(context, "can't decode AuthPack: %d", ret); - free_AuthPack_19(&ap); - goto out; - } - - ret = pk_check_pkauthenticator_19(context, - &ap.pkAuthenticator, - req); - if (ret) { - free_AuthPack_19(&ap); - goto out; - } - - client_params->type = PKINIT_COMPAT_19; - client_params->nonce = ap.pkAuthenticator.nonce; - - if (ap.clientPublicValue) { - krb5_set_error_string(context, "PK-INIT, no support for DH"); - ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; - free_AuthPack_19(&ap); - goto out; - } - free_AuthPack_19(&ap); } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) { AuthPack ap; @@ -794,7 +701,8 @@ _kdc_pk_rd_padata(krb5_context context, client_params->nonce = ap.pkAuthenticator.nonce; if (ap.clientPublicValue) { - ret = get_dh_param(context, ap.clientPublicValue, client_params); + ret = get_dh_param(context, config, + ap.clientPublicValue, client_params); if (ret) { free_AuthPack(&ap); goto out; @@ -924,9 +832,8 @@ pk_mk_pa_reply_enckey(krb5_context context, enc_alg->parameters->length = params.length; switch (client_params->type) { - case PKINIT_COMPAT_WIN2K: - case PKINIT_COMPAT_19: { - ReplyKeyPack_19 kp; + case PKINIT_COMPAT_WIN2K: { + ReplyKeyPack_Win2k kp; memset(&kp, 0, sizeof(kp)); ret = copy_EncryptionKey(reply_key, &kp.replyKey); @@ -936,10 +843,10 @@ pk_mk_pa_reply_enckey(krb5_context context, } kp.nonce = client_params->nonce; - ASN1_MALLOC_ENCODE(ReplyKeyPack_19, + ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k, buf.data, buf.length, &kp, &size,ret); - free_ReplyKeyPack_19(&kp); + free_ReplyKeyPack_Win2k(&kp); } case PKINIT_COMPAT_27: { krb5_crypto ascrypto; @@ -1249,6 +1156,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, if (client_params->type == PKINIT_COMPAT_27) { PA_PK_AS_REP rep; + const char *type, *other = ""; memset(&rep, 0, sizeof(rep)); @@ -1257,6 +1165,8 @@ _kdc_pk_mk_pa_reply(krb5_context context, if (client_params->dh == NULL) { ContentInfo info; + type = "enckey"; + rep.element = choice_PA_PK_AS_REP_encKeyPack; krb5_generate_random_keyblock(context, enctype, @@ -1287,11 +1197,11 @@ _kdc_pk_mk_pa_reply(krb5_context context, } else { ContentInfo info; - rep.element = choice_PA_PK_AS_REP_dhInfo; + type = "dh"; + if (client_params->dh_group_name) + other = client_params->dh_group_name; - ret = check_dh_params(client_params->dh); - if (ret) - return ret; + rep.element = choice_PA_PK_AS_REP_dhInfo; ret = generate_dh_keyblock(context, client_params, enctype, &client_params->reply_key); @@ -1332,41 +1242,8 @@ _kdc_pk_mk_pa_reply(krb5_context context, if (len != size) krb5_abortx(context, "Internal ASN.1 encoder error"); - } else if (client_params->type == PKINIT_COMPAT_19) { - PA_PK_AS_REP_19 rep; - - pa_type = KRB5_PADATA_PK_AS_REP_19; - - memset(&rep, 0, sizeof(rep)); + kdc_log(context, config, 0, "PK-INIT using %s %s", type, other); - if (client_params->dh == NULL) { - rep.element = choice_PA_PK_AS_REP_19_encKeyPack; - krb5_generate_random_keyblock(context, enctype, - &client_params->reply_key); - ret = pk_mk_pa_reply_enckey(context, - client_params, - req, - req_buffer, - &client_params->reply_key, - &rep.u.encKeyPack); - } else { - krb5_set_error_string(context, "DH -19 not implemented"); - ret = KRB5KRB_ERR_GENERIC; - } - if (ret) { - free_PA_PK_AS_REP_19(&rep); - goto out; - } - - ASN1_MALLOC_ENCODE(PA_PK_AS_REP_19, buf, len, &rep, &size, ret); - free_PA_PK_AS_REP_19(&rep); - if (ret) { - krb5_set_error_string(context, - "encode PA-PK-AS-REP-19 failed %d", ret); - goto out; - } - if (len != size) - krb5_abortx(context, "Internal ASN.1 encoder error"); } else if (client_params->type == PKINIT_COMPAT_WIN2K) { PA_PK_AS_REP_Win2k rep; @@ -1557,7 +1434,7 @@ _kdc_pk_check_client(krb5_context context, free(*subject_name); *subject_name = NULL; krb5_set_error_string(context, "PKINIT no matching principals"); - return KRB5_KDC_ERROR_CLIENT_NAME_MISMATCH; + return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; } static krb5_error_code @@ -1598,12 +1475,19 @@ _kdc_pk_initialize(krb5_context context, const char *user_id, const char *x509_anchors) { - const char *mapping_file; + const char *file; krb5_error_code ret; char buf[1024]; unsigned long lineno = 0; FILE *f; + file = krb5_config_get_string(context, NULL, + "libdefaults", "moduli", NULL); + + ret = _krb5_parse_moduli(context, file, &moduli); + if (ret) + krb5_err(context, 1, ret, "PKINIT: failed to load modidi file"); + principal_mappings.len = 0; principal_mappings.val = NULL; @@ -1620,16 +1504,15 @@ _kdc_pk_initialize(krb5_context context, return ret; } - mapping_file = krb5_config_get_string_default(context, - NULL, - HDB_DB_DIR "/pki-mapping", - "kdc", - "pki-mappings-file", - NULL); - f = fopen(mapping_file, "r"); + file = krb5_config_get_string_default(context, + NULL, + HDB_DB_DIR "/pki-mapping", + "kdc", + "pki-mappings-file", + NULL); + f = fopen(file, "r"); if (f == NULL) { - krb5_warnx(context, "PKINIT: failed to load mappings file %s", - mapping_file); + krb5_warnx(context, "PKINIT: failed to load mappings file %s", file); return 0; } diff --git a/source4/heimdal/lib/asn1/der.h b/source4/heimdal/lib/asn1/der.h index a66a3908c6..1f89f875f5 100644 --- a/source4/heimdal/lib/asn1/der.h +++ b/source4/heimdal/lib/asn1/der.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: der.h,v 1.29 2005/07/12 06:27:19 lha Exp $ */ +/* $Id: der.h,v 1.30 2005/10/07 03:48:00 lha Exp $ */ #ifndef __DER_H__ #define __DER_H__ @@ -240,4 +240,7 @@ int der_get_type_num(const char *); const char * der_get_tag_name(unsigned); int der_get_tag_num(const char *); +int der_parse_hex_heim_integer(const char *, heim_integer *); +int der_print_hex_heim_integer(const heim_integer *, char **); + #endif /* __DER_H__ */ diff --git a/source4/heimdal/lib/gssapi/acquire_cred.c b/source4/heimdal/lib/gssapi/acquire_cred.c index 6ded413626..23c2603352 100644 --- a/source4/heimdal/lib/gssapi/acquire_cred.c +++ b/source4/heimdal/lib/gssapi/acquire_cred.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: acquire_cred.c,v 1.22 2005/01/05 02:32:26 lukeh Exp $"); +RCSID("$Id: acquire_cred.c,v 1.23 2005/10/21 12:44:08 lha Exp $"); static krb5_error_code get_keytab(krb5_context context, krb5_keytab *keytab) @@ -83,9 +83,23 @@ static OM_uint32 acquire_initiator_cred ret = GSS_S_FAILURE; memset(&cred, 0, sizeof(cred)); + /* If we have a preferred principal, lets try to find it in all + * caches, otherwise, fall back to default cache. Ignore + * errors. */ + if (ccache == NULL && handle->principal) { + kret = krb5_cc_cache_match (gssapi_krb5_context, + handle->principal, + NULL, + &ccache); + if (kret) { + ccache = NULL; + } else { + made_ccache = TRUE; + } + } if (ccache == NULL) { - kret = krb5_cc_default(context, &ccache); - if (kret) + kret = krb5_cc_default(gssapi_krb5_context, &ccache); + if (kret) goto end; made_ccache = TRUE; } diff --git a/source4/heimdal/lib/gssapi/display_status.c b/source4/heimdal/lib/gssapi/display_status.c index 6e9456aa2e..0aa88bb57c 100644 --- a/source4/heimdal/lib/gssapi/display_status.c +++ b/source4/heimdal/lib/gssapi/display_status.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: display_status.c,v 1.13 2005/08/23 08:30:55 lha Exp $"); +RCSID("$Id: display_status.c,v 1.14 2005/10/12 07:23:03 lha Exp $"); static const char * calling_error(OM_uint32 v) @@ -112,25 +112,47 @@ supplementary_error(OM_uint32 v) } void -gssapi_krb5_set_error_string (void) +gssapi_krb5_clear_status (void) { struct gssapi_thr_context *ctx = gssapi_get_thread_context(1); - char *e; + if (ctx == NULL) + return; + HEIMDAL_MUTEX_lock(&ctx->mutex); + if (ctx->error_string) + free(ctx->error_string); + ctx->error_string = NULL; + HEIMDAL_MUTEX_unlock(&ctx->mutex); +} + +void +gssapi_krb5_set_status (const char *fmt, ...) +{ + struct gssapi_thr_context *ctx = gssapi_get_thread_context(1); + va_list args; if (ctx == NULL) return; HEIMDAL_MUTEX_lock(&ctx->mutex); + va_start(args, fmt); if (ctx->error_string) free(ctx->error_string); + /* ignore failures, will use status code instead */ + vasprintf(&ctx->error_string, fmt, args); + va_end(args); + HEIMDAL_MUTEX_unlock(&ctx->mutex); +} + +void +gssapi_krb5_set_error_string (void) +{ + char *e; + e = krb5_get_error_string(gssapi_krb5_context); - if (e == NULL) - ctx->error_string = NULL; - else { - /* ignore failures, will use status code instead */ - ctx->error_string = strdup(e); + if (e) { + gssapi_krb5_set_status("%s", e); krb5_free_error_string(gssapi_krb5_context, e); - } - HEIMDAL_MUTEX_unlock(&ctx->mutex); + } else + gssapi_krb5_clear_status(); } char * diff --git a/source4/heimdal/lib/gssapi/gssapi_locl.h b/source4/heimdal/lib/gssapi/gssapi_locl.h index 47a37e4657..a25e2fdcc9 100644 --- a/source4/heimdal/lib/gssapi/gssapi_locl.h +++ b/source4/heimdal/lib/gssapi/gssapi_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_locl.h,v 1.40 2005/06/16 20:34:03 lha Exp $ */ +/* $Id: gssapi_locl.h,v 1.41 2005/10/12 15:20:37 lha Exp $ */ #ifndef GSSAPI_LOCL_H #define GSSAPI_LOCL_H @@ -245,6 +245,12 @@ gss_address_to_krb5addr(OM_uint32 gss_addr_type, int gss_oid_equal(const gss_OID a, const gss_OID b); +void +gssapi_krb5_clear_status (void); + +void +gssapi_krb5_set_status (const char *fmt, ...); + void gssapi_krb5_set_error_string (void); diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c index 5c6c6a0f8e..93e8d44c86 100644 --- a/source4/heimdal/lib/gssapi/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/init_sec_context.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: init_sec_context.c,v 1.59 2005/08/11 10:47:25 lha Exp $"); +RCSID("$Id: init_sec_context.c,v 1.60 2005/10/12 07:25:18 lha Exp $"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -848,16 +848,23 @@ spnego_reply ret = der_match_tag_and_length((const char *)indata.data, indata.length, ASN1_C_CONTEXT, CONS, 1, &len, &taglen); - if (ret) - return ret; + if (ret) { + gssapi_krb5_set_status("Failed to decode NegToken choice"); + *minor_status = ret; + return GSS_S_FAILURE; + } - if(len > indata.length - taglen) - return ASN1_OVERRUN; + if(len > indata.length - taglen) { + gssapi_krb5_set_status("Buffer overrun in NegToken choice"); + *minor_status = ASN1_OVERRUN; + return GSS_S_FAILURE; + } ret = decode_NegTokenTarg((const char *)indata.data + taglen, len, &targ, NULL); if (ret) { - *minor_status = ENOMEM; + gssapi_krb5_set_status("Failed to decode NegTokenTarg"); + *minor_status = ret; return GSS_S_FAILURE; } diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index 8233eb6ac7..c66579fab0 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: hdb.c,v 1.55 2005/08/19 13:07:03 lha Exp $"); +RCSID("$Id: hdb.c,v 1.56 2005/10/19 13:51:40 lha Exp $"); #ifdef HAVE_DLFCN_H #include @@ -170,7 +170,7 @@ hdb_check_db_format(krb5_context context, HDB *db) { krb5_data tag; krb5_data version; - krb5_error_code ret; + krb5_error_code ret, ret2; unsigned ver; int foo; @@ -181,9 +181,11 @@ hdb_check_db_format(krb5_context context, HDB *db) tag.data = HDB_DB_FORMAT_ENTRY; tag.length = strlen(tag.data); ret = (*db->hdb__get)(context, db, tag, &version); - db->hdb_unlock(context, db); + ret2 = db->hdb_unlock(context, db); if(ret) return ret; + if (ret2) + return ret2; foo = sscanf(version.data, "%u", &ver); krb5_data_free (&version); if (foo != 1) @@ -196,7 +198,7 @@ hdb_check_db_format(krb5_context context, HDB *db) krb5_error_code hdb_init_db(krb5_context context, HDB *db) { - krb5_error_code ret; + krb5_error_code ret, ret2; krb5_data tag; krb5_data version; char ver[32]; @@ -215,10 +217,10 @@ hdb_init_db(krb5_context context, HDB *db) version.data = ver; version.length = strlen(version.data) + 1; /* zero terminated */ ret = (*db->hdb__put)(context, db, 0, tag, version); - ret = db->hdb_unlock(context, db); + ret2 = db->hdb_unlock(context, db); if (ret) return ret; - return ret; + return ret2; } #ifdef HAVE_DLOPEN diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c index 75f5315c71..7cf2c65d89 100644 --- a/source4/heimdal/lib/krb5/acache.c +++ b/source4/heimdal/lib/krb5/acache.c @@ -37,7 +37,7 @@ #include #endif -RCSID("$Id: acache.c,v 1.11 2005/06/16 19:32:44 lha Exp $"); +RCSID("$Id: acache.c,v 1.14 2005/10/03 08:44:18 lha Exp $"); /* XXX should we fetch these for each open ? */ static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; @@ -67,7 +67,7 @@ static const struct { { ccErrContextNotFound, KRB5_CC_NOTFOUND }, { ccIteratorEnd, KRB5_CC_END }, { ccErrNoMem, KRB5_CC_NOMEM }, - { ccErrServerUnavailable, KRB5_CC_BADNAME }, + { ccErrServerUnavailable, KRB5_CC_NOSUPP }, { ccNoError, 0 } }; @@ -110,7 +110,7 @@ init_ccapi(krb5_context context) if (cc_handle == NULL) { HEIMDAL_MUTEX_unlock(&acc_mutex); krb5_set_error_string(context, "Failed to load %s", lib); - return ccErrServerUnavailable; + return KRB5_CC_NOSUPP; } init_func = dlsym(cc_handle, "cc_initialize"); @@ -119,14 +119,14 @@ init_ccapi(krb5_context context) krb5_set_error_string(context, "Failed to find cc_initialize" "in %s: %s", lib, dlerror()); dlclose(cc_handle); - return ccErrServerUnavailable; + return KRB5_CC_NOSUPP; } return 0; #else HEIMDAL_MUTEX_unlock(&acc_mutex); krb5_set_error_string(context, "no support for shared object"); - return ccErrServerUnavailable; + return KRB5_CC_NOSUPP; #endif } @@ -633,8 +633,10 @@ acc_get_first (krb5_context context, int32_t error; error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter); - if (error) + if (error) { + krb5_clear_error_string(context); return ENOENT; + } *cursor = iter; return 0; } @@ -761,6 +763,97 @@ acc_get_version(krb5_context context, return 0; } +struct cache_iter { + cc_context_t context; + cc_ccache_iterator_t iter; +}; + +static krb5_error_code +acc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) +{ + struct cache_iter *iter; + krb5_error_code ret; + cc_int32 error; + + ret = init_ccapi(context); + if (ret) + return ret; + + iter = calloc(1, sizeof(*iter)); + if (iter == NULL) { + krb5_set_error_string(context, "malloc - out of memory"); + return ENOMEM; + } + + error = (*init_func)(&iter->context, ccapi_version_3, NULL, NULL); + if (error) { + free(iter); + return translate_cc_error(context, error); + } + + error = (*iter->context->func->new_ccache_iterator)(iter->context, + &iter->iter); + if (error) { + free(iter); + krb5_clear_error_string(context); + return ENOENT; + } + *cursor = iter; + return 0; +} + +static krb5_error_code +acc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) +{ + struct cache_iter *iter = cursor; + cc_ccache_t cache; + krb5_acc *a; + krb5_error_code ret; + int32_t error; + + error = (*iter->iter->func->next)(iter->iter, &cache); + if (error) + return translate_cc_error(context, error); + + ret = _krb5_cc_allocate(context, &krb5_acc_ops, id); + if (ret) { + (*cache->func->release)(cache); + return ret; + } + + ret = acc_alloc(context, id); + if (ret) { + (*cache->func->release)(cache); + free(*id); + return ret; + } + + a = ACACHE(*id); + a->ccache = cache; + + a->cache_name = get_cc_name(a->ccache); + if (a->cache_name == NULL) { + acc_close(context, *id); + *id = NULL; + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + return 0; +} + +static krb5_error_code +acc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) +{ + struct cache_iter *iter = cursor; + + (*iter->iter->func->release)(iter->iter); + iter->iter = NULL; + (*iter->context->func->release)(iter->context); + iter->context = NULL; + free(iter); + return 0; +} + const krb5_cc_ops krb5_acc_ops = { "API", acc_get_name, @@ -777,5 +870,8 @@ const krb5_cc_ops krb5_acc_ops = { acc_end_get, acc_remove_cred, acc_set_flags, - acc_get_version + acc_get_version, + acc_get_cache_first, + acc_get_cache_next, + acc_end_cache_get }; diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index f293a96ed9..ec956409a7 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c,v 1.71 2005/06/16 20:19:57 lha Exp $"); +RCSID("$Id: cache.c,v 1.73 2005/10/19 17:30:40 lha Exp $"); /* * Add a new ccache type with operations `ops', overwriting any @@ -76,6 +76,29 @@ krb5_cc_register(krb5_context context, return 0; } +/* + * Allocate the memory for a `id' and the that function table to + * `ops'. Returns 0 or and error code. + */ + +krb5_error_code +_krb5_cc_allocate(krb5_context context, + const krb5_cc_ops *ops, + krb5_ccache *id) +{ + krb5_ccache p; + + p = malloc (sizeof(*p)); + if(p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return KRB5_CC_NOMEM; + } + p->ops = ops; + *id = p; + + return 0; +} + /* * Allocate memory for a new ccache in `id' with operations `ops' * and name `residual'. @@ -89,18 +112,13 @@ allocate_ccache (krb5_context context, krb5_ccache *id) { krb5_error_code ret; - krb5_ccache p; - p = malloc(sizeof(*p)); - if(p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return KRB5_CC_NOMEM; - } - p->ops = ops; - *id = p; - ret = p->ops->resolve(context, id, residual); + ret = _krb5_cc_allocate(context, ops, id); + if (ret) + return ret; + ret = (*id)->ops->resolve(context, id, residual); if(ret) - free(p); + free(*id); return ret; } @@ -145,16 +163,12 @@ krb5_cc_gen_new(krb5_context context, const krb5_cc_ops *ops, krb5_ccache *id) { - krb5_ccache p; + krb5_error_code ret; - p = malloc (sizeof(*p)); - if (p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return KRB5_CC_NOMEM; - } - p->ops = ops; - *id = p; - return p->ops->gen_new(context, id); + ret = _krb5_cc_allocate(context, ops, id); + if (ret) + return ret; + return (*id)->ops->gen_new(context, id); } /* @@ -641,17 +655,172 @@ krb5_cc_clear_mcred(krb5_creds *mcred) /* * Get the cc ops that is registered in `context' to handle the - * `prefix'. Returns NULL if ops not found. + * `prefix'. `prefix' can be a complete credential cache name or a + * prefix, the function will only use part up to the first colon (:) + * if there is one. Returns NULL if ops not found. */ const krb5_cc_ops * krb5_cc_get_prefix_ops(krb5_context context, const char *prefix) { + char *p, *p1; int i; + + p = strdup(prefix); + if (p == NULL) { + krb5_set_error_string(context, "malloc - out of memory"); + return NULL; + } + p1 = strchr(p, ':'); + if (p1) + *p1 = '\0'; for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) { - if(strcmp(context->cc_ops[i].prefix, prefix) == 0) + if(strcmp(context->cc_ops[i].prefix, p) == 0) { + free(p); return &context->cc_ops[i]; + } } + free(p); return NULL; } + +struct krb5_cc_cache_cursor_data { + const krb5_cc_ops *ops; + krb5_cc_cursor cursor; +}; + +/* + * Start iterating over all caches of `type'. If `type' is NULL, the + * default type is * used. `cursor' is initialized to the beginning. + * Return 0 or an error code. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_cache_get_first (krb5_context context, + const char *type, + krb5_cc_cache_cursor *cursor) +{ + const krb5_cc_ops *ops; + krb5_error_code ret; + + if (type == NULL) + type = krb5_cc_default_name(context); + + ops = krb5_cc_get_prefix_ops(context, type); + if (ops == NULL) { + krb5_set_error_string(context, "Unknown type \"%s\" when iterating " + "trying to iterate the credential caches", type); + return KRB5_CC_UNKNOWN_TYPE; + } + + if (ops->get_cache_first == NULL) { + krb5_set_error_string(context, "Credential cache type %s doesn't support " + "iterations over caches", ops->prefix); + return KRB5_CC_NOSUPP; + } + + *cursor = calloc(1, sizeof(**cursor)); + if (*cursor == NULL) { + krb5_set_error_string(context, "malloc - out of memory"); + return ENOMEM; + } + + (*cursor)->ops = ops; + + ret = ops->get_cache_first(context, &(*cursor)->cursor); + if (ret) { + free(*cursor); + *cursor = NULL; + } + return ret; +} + +/* + * Retrieve the next cache pointed to by (`cursor') in `id' + * and advance `cursor'. + * Return 0 or an error code. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_cache_next (krb5_context context, + krb5_cc_cache_cursor cursor, + krb5_ccache *id) +{ + return cursor->ops->get_cache_next(context, cursor->cursor, id); +} + +/* + * Destroy the cursor `cursor'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_cache_end_seq_get (krb5_context context, + krb5_cc_cache_cursor cursor) +{ + krb5_error_code ret; + ret = cursor->ops->end_cache_get(context, cursor->cursor); + cursor->ops = NULL; + free(cursor); + return ret; +} + +/* + * Search for a matching credential cache of type `type' that have the + * `principal' as the default principal. If NULL is used for `type', + * the default type is used. On success, `id' needs to be freed with + * krb5_cc_close or krb5_cc_destroy. On failure, error code is + * returned and `id' is set to NULL. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_cache_match (krb5_context context, + krb5_principal client, + const char *type, + krb5_ccache *id) +{ + krb5_cc_cache_cursor cursor; + krb5_error_code ret; + krb5_ccache cache = NULL; + + *id = NULL; + + ret = krb5_cc_cache_get_first (context, type, &cursor); + if (ret) + return ret; + + while ((ret = krb5_cc_cache_next (context, cursor, &cache)) == 0) { + krb5_principal principal; + + ret = krb5_cc_get_principal(context, cache, &principal); + if (ret == 0) { + krb5_boolean match; + + match = krb5_principal_compare(context, principal, client); + krb5_free_principal(context, principal); + if (match) + break; + } + + krb5_cc_close(context, cache); + cache = NULL; + } + + krb5_cc_cache_end_seq_get(context, cursor); + + if (cache == NULL) { + char *str; + + krb5_unparse_name(context, client, &str); + + krb5_set_error_string(context, "Principal %s not found in a " + "credential cache", str ? str : ""); + if (str) + free(str); + return KRB5_CC_NOTFOUND; + } + *id = cache; + + return 0; +} + diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c index 95c980d92c..51b8ebc392 100644 --- a/source4/heimdal/lib/krb5/init_creds.c +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -33,14 +33,14 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds.c,v 1.20 2004/11/09 18:50:43 lha Exp $"); +RCSID("$Id: init_creds.c,v 1.21 2005/10/12 12:45:27 lha Exp $"); void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) { memset (opt, 0, sizeof(*opt)); opt->flags = 0; - opt->private = NULL; + opt->opt_private = NULL; } krb5_error_code KRB5_LIB_FUNCTION @@ -56,13 +56,13 @@ krb5_get_init_creds_opt_alloc(krb5_context context, return ENOMEM; } krb5_get_init_creds_opt_init(o); - o->private = calloc(1, sizeof(*o->private)); - if (o->private == NULL) { + o->opt_private = calloc(1, sizeof(*o->opt_private)); + if (o->opt_private == NULL) { krb5_set_error_string(context, "out of memory"); free(o); return ENOMEM; } - o->private->refcount = 1; + o->opt_private->refcount = 1; *opt = o; return 0; } @@ -82,16 +82,16 @@ _krb5_get_init_creds_opt_copy(krb5_context context, } if (in) *opt = *in; - if(opt->private == NULL) { - opt->private = calloc(1, sizeof(*opt->private)); - if (opt->private == NULL) { + if(opt->opt_private == NULL) { + opt->opt_private = calloc(1, sizeof(*opt->opt_private)); + if (opt->opt_private == NULL) { krb5_set_error_string(context, "out of memory"); free(opt); return ENOMEM; } - opt->private->refcount = 1; + opt->opt_private->refcount = 1; } else - opt->private->refcount++; + opt->opt_private->refcount++; *out = opt; return 0; } @@ -99,13 +99,13 @@ _krb5_get_init_creds_opt_copy(krb5_context context, void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_free(krb5_get_init_creds_opt *opt) { - if (opt->private == NULL) + if (opt->opt_private == NULL) return; - if (opt->private->refcount < 1) /* abort ? */ + if (opt->opt_private->refcount < 1) /* abort ? */ return; - if (--opt->private->refcount == 0) { + if (--opt->opt_private->refcount == 0) { _krb5_get_init_creds_opt_free_pkinit(opt); - free(opt->private); + free(opt->opt_private); } memset(opt, 0, sizeof(*opt)); free(opt); @@ -293,7 +293,7 @@ require_ext_opt(krb5_context context, krb5_get_init_creds_opt *opt, const char *type) { - if (opt->private == NULL) { + if (opt->opt_private == NULL) { krb5_set_error_string(context, "%s on non extendable opt", type); return EINVAL; } @@ -310,8 +310,8 @@ krb5_get_init_creds_opt_set_pa_password(krb5_context context, ret = require_ext_opt(context, opt, "init_creds_opt_set_pa_password"); if (ret) return ret; - opt->private->password = password; - opt->private->key_proc = key_proc; + opt->opt_private->password = password; + opt->opt_private->key_proc = key_proc; return 0; } @@ -324,7 +324,7 @@ krb5_get_init_creds_opt_set_pac_request(krb5_context context, ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req"); if (ret) return ret; - opt->private->req_pac = req_pac ? + opt->opt_private->req_pac = req_pac ? KRB5_PA_PAC_REQ_TRUE : KRB5_PA_PAC_REQ_FALSE; return 0; diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index 8fd5c4611f..3c694624bf 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c,v 1.88 2005/08/13 08:25:32 lha Exp $"); +RCSID("$Id: init_creds_pw.c,v 1.90 2005/10/12 12:45:11 lha Exp $"); typedef struct krb5_get_init_creds_ctx { krb5_kdc_flags flags; @@ -275,11 +275,11 @@ get_init_creds_common(krb5_context context, options = &default_opt; } - if (options->private) { - ctx->password = options->private->password; - ctx->key_proc = options->private->key_proc; - ctx->req_pac = options->private->req_pac; - ctx->pk_init_ctx = options->private->pk_init_ctx; + if (options->opt_private) { + ctx->password = options->opt_private->password; + ctx->key_proc = options->opt_private->key_proc; + ctx->req_pac = options->opt_private->req_pac; + ctx->pk_init_ctx = options->opt_private->pk_init_ctx; } else ctx->req_pac = KRB5_PA_PAC_DONT_CARE; @@ -1014,10 +1014,10 @@ pa_data_to_md_pkinit(krb5_context context, return 0; #ifdef PKINIT return _krb5_pk_mk_padata(context, - ctx->pk_init_ctx, - &a->req_body, - ctx->pk_nonce, - md); + ctx->pk_init_ctx, + &a->req_body, + ctx->pk_nonce, + md); #else krb5_set_error_string(context, "no support for PKINIT compiled in"); return EINVAL; @@ -1114,6 +1114,7 @@ process_pa_data_to_key(krb5_context context, krb5_creds *creds, AS_REQ *a, krb5_kdc_rep *rep, + const krb5_krbhst_info *hi, krb5_keyblock **key) { struct pa_info_data paid, *ppaid = NULL; @@ -1158,6 +1159,7 @@ process_pa_data_to_key(krb5_context context, ret = _krb5_pk_rd_pa_reply(context, ctx->pk_init_ctx, etype, + hi, ctx->pk_nonce, &ctx->req_buffer, pa, @@ -1194,6 +1196,8 @@ init_cred_loop(krb5_context context, size_t len; size_t size; int send_to_kdc_flags = 0; + krb5_krbhst_info *hi = NULL; + memset(&md, 0, sizeof(md)); memset(&rep, 0, sizeof(rep)); @@ -1321,7 +1325,7 @@ init_cred_loop(krb5_context context, krb5_keyblock *key = NULL; ret = process_pa_data_to_key(context, ctx, creds, - &ctx->as_req, &rep, &key); + &ctx->as_req, &rep, hi, &key); if (ret) goto out; @@ -1462,8 +1466,8 @@ krb5_get_init_creds_password(krb5_context context, return ret; if (password == NULL && - options->private->password == NULL && - options->private->pk_init_ctx == NULL) + options->opt_private->password == NULL && + options->opt_private->pk_init_ctx == NULL) { krb5_prompt prompt; krb5_data password_data; @@ -1491,7 +1495,7 @@ krb5_get_init_creds_password(krb5_context context, password = password_data.data; } - if (options->private->password == NULL) { + if (options->opt_private->password == NULL) { ret = krb5_get_init_creds_opt_set_pa_password(context, options, password, NULL); if (ret) { diff --git a/source4/heimdal/lib/krb5/keytab_keyfile.c b/source4/heimdal/lib/krb5/keytab_keyfile.c index b53fa36a03..5c94291e72 100644 --- a/source4/heimdal/lib/krb5/keytab_keyfile.c +++ b/source4/heimdal/lib/krb5/keytab_keyfile.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002, 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c,v 1.16 2005/01/08 22:57:18 lha Exp $"); +RCSID("$Id: keytab_keyfile.c,v 1.17 2005/09/30 11:20:53 lha Exp $"); /* afs keyfile operations --------------------------------------- */ @@ -288,9 +288,16 @@ akf_add_entry(krb5_context context, krb5_storage *sp; - if (entry->keyblock.keyvalue.length != 8 - || entry->keyblock.keytype != ETYPE_DES_CBC_MD5) + if (entry->keyblock.keyvalue.length != 8) return 0; + switch(entry->keyblock.keytype) { + case ETYPE_DES_CBC_CRC: + case ETYPE_DES_CBC_MD4: + case ETYPE_DES_CBC_MD5: + break; + default: + return 0; + } fd = open (d->filename, O_RDWR | O_BINARY); if (fd < 0) { @@ -329,50 +336,72 @@ akf_add_entry(krb5_context context, return ret; } } + + /* + * Make sure we don't add the entry twice, assumes the DES + * encryption types are all the same key. + */ + if (len > 0) { + int32_t kvno; + int i; + + for (i = 0; i < len; i++) { + ret = krb5_ret_int32(sp, &kvno); + if (ret) { + krb5_set_error_string (context, "Failed got get kvno "); + goto out; + } + if(krb5_storage_seek(sp, 8, SEEK_CUR) < 0) { + krb5_set_error_string (context, "seek: %s", strerror(ret)); + goto out; + } + if (kvno == entry->vno) { + ret = 0; + goto out; + } + } + } + len++; if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) { ret = errno; - krb5_storage_free(sp); - close(fd); krb5_set_error_string (context, "seek: %s", strerror(ret)); - return ret; + goto out; } ret = krb5_store_int32(sp, len); if(ret) { - krb5_storage_free(sp); - close(fd); + krb5_set_error_string(context, "keytab keyfile failed new length"); return ret; } - if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) { ret = errno; - krb5_storage_free(sp); - close(fd); - krb5_set_error_string (context, "seek: %s", strerror(ret)); - return ret; + krb5_set_error_string (context, "seek to end: %s", strerror(ret)); + goto out; } ret = krb5_store_int32(sp, entry->vno); if(ret) { - krb5_storage_free(sp); - close(fd); - return ret; + krb5_set_error_string(context, "keytab keyfile failed store kvno"); + goto out; } ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, entry->keyblock.keyvalue.length); if(ret != entry->keyblock.keyvalue.length) { - krb5_storage_free(sp); - close(fd); - if(ret < 0) - return errno; - return ENOTTY; + if (ret < 0) + ret = errno; + else + ret = ENOTTY; + krb5_set_error_string(context, "keytab keyfile failed to add key"); + goto out; } + ret = 0; +out: krb5_storage_free(sp); close (fd); - return 0; + return ret; } const krb5_kt_ops krb5_akf_ops = { diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index ef47bd1e26..07d9329337 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -31,6 +31,12 @@ _krb5_aes_cts_encrypt ( unsigned char */*ivec*/, const int /*encryptp*/); +krb5_error_code +_krb5_cc_allocate ( + krb5_context /*context*/, + const krb5_cc_ops */*ops*/, + krb5_ccache */*id*/); + void _krb5_crc_init_table (void); @@ -40,6 +46,16 @@ _krb5_crc_update ( size_t /*len*/, u_int32_t /*res*/); +krb5_error_code +_krb5_dh_group_ok ( + krb5_context /*context*/, + unsigned long /*bits*/, + heim_integer */*p*/, + heim_integer */*g*/, + heim_integer */*q*/, + struct krb5_dh_moduli **/*moduli*/, + char **/*name*/); + krb5_error_code _krb5_expand_default_cc_name ( krb5_context /*context*/, @@ -61,6 +77,9 @@ _krb5_extract_ticket ( krb5_decrypt_proc /*decrypt_proc*/, krb5_const_pointer /*decryptarg*/); +void +_krb5_free_krbhst_info (krb5_krbhst_info */*hi*/); + krb5_error_code _krb5_get_default_principal_local ( krb5_context /*context*/, @@ -233,6 +252,12 @@ _krb5_krb_time_to_life ( time_t /*start*/, time_t /*end*/); +krb5_error_code +_krb5_krbhost_info_move ( + krb5_context /*context*/, + krb5_krbhst_info */*from*/, + krb5_krbhst_info **/*to*/); + krb5_error_code _krb5_mk_req_internal ( krb5_context /*context*/, @@ -257,6 +282,20 @@ _krb5_oid_to_enctype ( const heim_oid */*oid*/, krb5_enctype */*etype*/); +krb5_error_code +_krb5_parse_moduli ( + krb5_context /*context*/, + const char */*file*/, + struct krb5_dh_moduli ***/*moduli*/); + +krb5_error_code +_krb5_parse_moduli_line ( + krb5_context /*context*/, + const char */*file*/, + int /*lineno*/, + char */*p*/, + struct krb5_dh_moduli **/*m*/); + void KRB5_LIB_FUNCTION _krb5_pk_cert_free (struct krb5_pk_cert */*cert*/); @@ -308,6 +347,7 @@ _krb5_pk_rd_pa_reply ( krb5_context /*context*/, void */*c*/, krb5_enctype /*etype*/, + const krb5_krbhst_info */*hi*/, unsigned /*nonce*/, const krb5_data */*req_buffer*/, PA_DATA */*pa*/, @@ -316,7 +356,7 @@ _krb5_pk_rd_pa_reply ( krb5_error_code KRB5_LIB_FUNCTION _krb5_pk_verify_sign ( krb5_context /*context*/, - const char */*data*/, + const void */*data*/, size_t /*length*/, struct krb5_pk_identity */*id*/, heim_oid */*contentType*/, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 681ac4189b..a46f8b8f8f 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -535,6 +535,30 @@ krb5_c_verify_checksum ( const krb5_checksum */*cksum*/, krb5_boolean */*valid*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_cache_end_seq_get ( + krb5_context /*context*/, + krb5_cc_cache_cursor /*cursor*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_cache_get_first ( + krb5_context /*context*/, + const char */*type*/, + krb5_cc_cache_cursor */*cursor*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_cache_match ( + krb5_context /*context*/, + krb5_principal /*client*/, + const char */*type*/, + krb5_ccache */*id*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_cache_next ( + krb5_context /*context*/, + krb5_cc_cache_cursor /*cursor*/, + krb5_ccache */*id*/); + void KRB5_LIB_FUNCTION krb5_cc_clear_mcred (krb5_creds */*mcred*/); @@ -2867,6 +2891,13 @@ krb5_set_real_time ( krb5_timestamp /*sec*/, int32_t /*usec*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_send_recv_func ( + krb5_context /*context*/, + krb5_send_and_recv_func_t /*func*/, + krb5_send_and_recv_close_func_t /*close_fn*/, + void */*data*/); + void KRB5_LIB_FUNCTION krb5_set_use_admin_kdc ( krb5_context /*context*/, @@ -3432,11 +3463,6 @@ krb5_write_safe_message ( krb5_error_code KRB5_LIB_FUNCTION krb5_xfree (void */*ptr*/); -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_send_recv_func(krb5_context context, - krb5_send_and_recv_func_t func, - krb5_send_and_recv_close_func_t close_fn, - void *data); #ifdef __cplusplus } diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index 800683ef0c..ef595d4d20 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.237 2005/07/09 14:47:21 lha Exp $ */ +/* $Id: krb5.h,v 1.239 2005/10/12 12:39:28 lha Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -368,6 +368,8 @@ typedef struct krb5_creds { krb5_ticket_flags flags; } krb5_creds; +typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor; + typedef struct krb5_cc_ops { const char *prefix; const char* (*get_name)(krb5_context, krb5_ccache); @@ -388,6 +390,9 @@ typedef struct krb5_cc_ops { krb5_flags, krb5_creds*); krb5_error_code (*set_flags)(krb5_context, krb5_ccache, krb5_flags); int (*get_version)(krb5_context, krb5_ccache); + krb5_error_code (*get_cache_first)(krb5_context, krb5_cc_cursor *); + krb5_error_code (*get_cache_next)(krb5_context, krb5_cc_cursor, krb5_ccache *); + krb5_error_code (*end_cache_get)(krb5_context, krb5_cc_cursor); } krb5_cc_ops; struct krb5_log_facility; @@ -659,7 +664,7 @@ typedef struct _krb5_get_init_creds_opt { krb5_preauthtype *preauth_list; int preauth_list_length; krb5_data *salt; - struct _krb5_get_init_creds_opt_private *private; + struct _krb5_get_init_creds_opt_private *opt_private; } krb5_get_init_creds_opt; #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index a64ccc586e..4a02677239 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h,v 1.81 2005/05/29 14:28:39 lha Exp $ */ +/* $Id: krb5_locl.h,v 1.83 2005/10/07 12:08:02 lha Exp $ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ @@ -141,6 +141,7 @@ struct krb5_pk_identity; struct krb5_pk_cert; struct ContentInfo; typedef struct krb5_pk_init_ctx_data *krb5_pk_init_ctx; +struct krb5_dh_moduli; /* v4 glue */ struct _krb5_krb_auth_data; @@ -161,6 +162,8 @@ struct _krb5_krb_auth_data; #define KEYTAB_DEFAULT "ANY:FILE:" SYSCONFDIR "/krb5.keytab,krb4:" SYSCONFDIR "/srvtab" #define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab" +#define MODULI_FILE SYSCONFDIR "/krb5.moduli" + #ifndef O_BINARY #define O_BINARY 0 #endif diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c index 98e9cb3f09..ef9f5dbd60 100644 --- a/source4/heimdal/lib/krb5/krbhst.c +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: krbhst.c,v 1.52 2005/06/17 04:23:26 lha Exp $"); +RCSID("$Id: krbhst.c,v 1.53 2005/10/08 15:40:50 lha Exp $"); static int string_to_proto(const char *string) @@ -228,14 +228,37 @@ parse_hostspec(krb5_context context, struct krb5_krbhst_data *kd, return hi; } -static void -free_krbhst_info(krb5_krbhst_info *hi) +void +_krb5_free_krbhst_info(krb5_krbhst_info *hi) { if (hi->ai != NULL) freeaddrinfo(hi->ai); free(hi); } +krb5_error_code +_krb5_krbhost_info_move(krb5_context context, + krb5_krbhst_info *from, + krb5_krbhst_info **to) +{ + /* trailing NUL is included in structure */ + *to = calloc(1, sizeof(**to) + strlen(from->hostname)); + if(*to == NULL) { + krb5_set_error_string(context, "malloc - out of memory"); + return ENOMEM; + } + + (*to)->proto = from->proto; + (*to)->port = from->port; + (*to)->def_port = from->def_port; + (*to)->ai = from->ai; + from->ai = NULL; + (*to)->next = NULL; + strcpy((*to)->hostname, from->hostname); + return 0; +} + + static void append_host_hostinfo(struct krb5_krbhst_data *kd, struct krb5_krbhst_info *host) { @@ -245,7 +268,7 @@ append_host_hostinfo(struct krb5_krbhst_data *kd, struct krb5_krbhst_info *host) if(h->proto == host->proto && h->port == host->port && strcmp(h->hostname, host->hostname) == 0) { - free_krbhst_info(host); + _krb5_free_krbhst_info(host); return; } *kd->end = host; @@ -752,7 +775,7 @@ krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle) for (h = handle->hosts; h != NULL; h = next) { next = h->next; - free_krbhst_info(h); + _krb5_free_krbhst_info(h); } free(handle->realm); diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c index 0a65d53849..9588d936d5 100644 --- a/source4/heimdal/lib/krb5/mcache.c +++ b/source4/heimdal/lib/krb5/mcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mcache.c,v 1.19 2004/04/25 19:25:35 joda Exp $"); +RCSID("$Id: mcache.c,v 1.20 2005/09/30 11:16:04 lha Exp $"); typedef struct krb5_mcache { char *name; @@ -162,20 +162,25 @@ mcc_initialize(krb5_context context, &m->primary_principal); } -static krb5_error_code -mcc_close(krb5_context context, - krb5_ccache id) +static int +mcc_close_internal(krb5_mcache *m) { - krb5_mcache *m = MCACHE(id); - if (--m->refcnt != 0) return 0; if (MISDEAD(m)) { free (m->name); - krb5_data_free(&id->data); + return 1; } + return 0; +} +static krb5_error_code +mcc_close(krb5_context context, + krb5_ccache id) +{ + if (mcc_close_internal(MCACHE(id))) + krb5_data_free(&id->data); return 0; } @@ -334,6 +339,70 @@ mcc_set_flags(krb5_context context, return 0; /* XXX */ } +struct mcache_iter { + krb5_mcache *cache; +}; + +static krb5_error_code +mcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) +{ + struct mcache_iter *iter; + + iter = calloc(1, sizeof(*iter)); + if (iter == NULL) { + krb5_set_error_string(context, "malloc - out of memory"); + return ENOMEM; + } + + HEIMDAL_MUTEX_lock(&mcc_mutex); + iter->cache = mcc_head; + if (iter->cache) + iter->cache->refcnt++; + HEIMDAL_MUTEX_unlock(&mcc_mutex); + + *cursor = iter; + return 0; +} + +static krb5_error_code +mcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) +{ + struct mcache_iter *iter = cursor; + krb5_error_code ret; + krb5_mcache *m; + + if (iter->cache == NULL) + return KRB5_CC_END; + + HEIMDAL_MUTEX_lock(&mcc_mutex); + m = iter->cache; + if (m->next) + m->next->refcnt++; + iter->cache = m->next; + HEIMDAL_MUTEX_unlock(&mcc_mutex); + + ret = _krb5_cc_allocate(context, &krb5_mcc_ops, id); + if (ret) + return ret; + + (*id)->data.data = m; + (*id)->data.length = sizeof(*m); + + return 0; +} + +static krb5_error_code +mcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) +{ + struct mcache_iter *iter = cursor; + + if (iter->cache) + mcc_close_internal(iter->cache); + iter->cache = NULL; + free(iter); + return 0; +} + const krb5_cc_ops krb5_mcc_ops = { "MEMORY", mcc_get_name, @@ -349,5 +418,9 @@ const krb5_cc_ops krb5_mcc_ops = { mcc_get_next, mcc_end_get, mcc_remove_cred, - mcc_set_flags + mcc_set_flags, + NULL, + mcc_get_cache_first, + mcc_get_cache_next, + mcc_end_cache_get }; diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 7ac1436f6e..0c5dfc44e9 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c,v 1.62 2005/09/20 23:21:36 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.75 2005/10/21 17:18:38 lha Exp $"); #ifdef PKINIT @@ -57,12 +57,9 @@ RCSID("$Id: pkinit.c,v 1.62 2005/09/20 23:21:36 lha Exp $"); enum { COMPAT_WIN2K = 1, - COMPAT_19 = 2, - COMPAT_27 = 3 + COMPAT_IETF = 2 }; - - #define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \ { \ unsigned char *p; \ @@ -107,12 +104,22 @@ struct krb5_pk_cert { X509 *cert; }; +struct krb5_dh_moduli { + char *name; + unsigned long bits; + heim_integer p; + heim_integer g; + heim_integer q; +}; + struct krb5_pk_init_ctx_data { struct krb5_pk_identity *id; DH *dh; + krb5_data *clientDHNonce; + struct krb5_dh_moduli **m; + int require_binding; }; - void KRB5_LIB_FUNCTION _krb5_pk_cert_free(struct krb5_pk_cert *cert) { @@ -135,6 +142,20 @@ BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) return 0; } +static BIGNUM * +integer_to_BN(krb5_context context, const char *field, const heim_integer *f) +{ + BIGNUM *bn; + + bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL); + if (bn == NULL) { + krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field); + return NULL; + } + bn->neg = f->negative; + return bn; +} + /* * UI ex_data has the callback_data as passed to Engine. This is far * from being complete, we will only process one prompt @@ -251,7 +272,8 @@ _krb5_pk_create_sign(krb5_context context, krb5_data buf; SignedData sd; EVP_MD_CTX md; - int len, i; + int i; + unsigned len; size_t size; X509_NAME *issuer_name; @@ -443,75 +465,10 @@ _krb5_pk_create_sign(krb5_context context, return ret; } -static krb5_error_code -build_auth_pack_win2k(krb5_context context, - unsigned nonce, - const KDC_REQ_BODY *body, - AuthPack_Win2k *a) -{ - krb5_error_code ret; - krb5_timestamp sec; - int32_t usec; - - /* fill in PKAuthenticator */ - ret = copy_PrincipalName(body->sname, &a->pkAuthenticator.kdcName); - if (ret) - return ret; - ret = copy_Realm(&body->realm, &a->pkAuthenticator.kdcRealm); - if (ret) - return ret; - - krb5_us_timeofday(context, &sec, &usec); - a->pkAuthenticator.ctime = sec; - a->pkAuthenticator.cusec = usec; - a->pkAuthenticator.nonce = nonce; - - return 0; -} - -static krb5_error_code -build_auth_pack_19(krb5_context context, - unsigned nonce, - const KDC_REQ_BODY *body, - AuthPack_19 *a) -{ - size_t buf_size, len; - krb5_cksumtype cksum; - krb5_error_code ret; - void *buf; - krb5_timestamp sec; - int32_t usec; - - krb5_clear_error_string(context); - - /* XXX some PACKETCABLE needs implemetations need md5 */ - cksum = CKSUMTYPE_RSA_MD5; - - krb5_us_timeofday(context, &sec, &usec); - a->pkAuthenticator.ctime = sec; - a->pkAuthenticator.nonce = nonce; - - ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret); - if (ret) - return ret; - if (buf_size != len) - krb5_abortx(context, "internal error in ASN.1 encoder"); - - ret = krb5_create_checksum(context, - NULL, - 0, - cksum, - buf, - len, - &a->pkAuthenticator.paChecksum); - free(buf); - - return ret; -} - static krb5_error_code build_auth_pack(krb5_context context, unsigned nonce, + krb5_pk_init_ctx ctx, DH *dh, const KDC_REQ_BODY *body, AuthPack *a) @@ -545,18 +502,39 @@ build_auth_pack(krb5_context context, len, &checksum); free(buf); - if (ret == 0) { - ret = krb5_data_copy(&a->pkAuthenticator.paChecksum, - checksum.checksum.data, checksum.checksum.length); - free_Checksum(&checksum); - } + if (ret) + return ret; - if (ret == 0 && dh) { + ret = krb5_data_copy(&a->pkAuthenticator.paChecksum, + checksum.checksum.data, checksum.checksum.length); + free_Checksum(&checksum); + if (ret) + return ret; + + if (dh) { DomainParameters dp; heim_integer dh_pub_key; krb5_data dhbuf; size_t size; + if (1 /* support_cached_dh */) { + ALLOC(a->clientDHNonce, 1); + if (a->clientDHNonce == NULL) { + krb5_clear_error_string(context); + return ENOMEM; + } + ret = krb5_data_alloc(a->clientDHNonce, 40); + if (a->clientDHNonce == NULL) { + krb5_clear_error_string(context); + return ENOMEM; + } + memset(a->clientDHNonce->data, 0, a->clientDHNonce->length); + ret = krb5_copy_data(context, a->clientDHNonce, + &ctx->clientDHNonce); + if (ret) + return ret; + } + ALLOC(a->clientPublicValue, 1); if (a->clientPublicValue == NULL) return ENOMEM; @@ -606,20 +584,11 @@ build_auth_pack(krb5_context context, if (ret) return ret; - dhbuf.length = length_heim_integer(&dh_pub_key); - dhbuf.data = malloc(dhbuf.length); - if (dhbuf.data == NULL) { - free_heim_integer(&dh_pub_key); - krb5_set_error_string(context, "malloc: out of memory"); - return ret; - } - ret = der_put_heim_integer((char *)dhbuf.data + dhbuf.length - 1, - dhbuf.length, &dh_pub_key, &size); + ASN1_MALLOC_ENCODE(DHPublicKey, dhbuf.data, dhbuf.length, + &dh_pub_key, &size, ret); free_heim_integer(&dh_pub_key); - if (ret) { - free(dhbuf.data); + if (ret) return ret; - } if (size != dhbuf.length) krb5_abortx(context, "asn1 internal error"); @@ -663,27 +632,40 @@ pk_mk_padata(krb5_context context, struct ContentInfo content_info; krb5_error_code ret; const heim_oid *oid; - PA_PK_AS_REQ req; size_t size; krb5_data buf, sd_buf; int pa_type; krb5_data_zero(&buf); krb5_data_zero(&sd_buf); - memset(&req, 0, sizeof(req)); memset(&content_info, 0, sizeof(content_info)); if (compat == COMPAT_WIN2K) { AuthPack_Win2k ap; + krb5_timestamp sec; + int32_t usec; memset(&ap, 0, sizeof(ap)); - ret = build_auth_pack_win2k(context, nonce, req_body, &ap); + /* fill in PKAuthenticator */ + ret = copy_PrincipalName(req_body->sname, &ap.pkAuthenticator.kdcName); + if (ret) { + free_AuthPack_Win2k(&ap); + krb5_clear_error_string(context); + goto out; + } + ret = copy_Realm(&req_body->realm, &ap.pkAuthenticator.kdcRealm); if (ret) { free_AuthPack_Win2k(&ap); + krb5_clear_error_string(context); goto out; } + krb5_us_timeofday(context, &sec, &usec); + ap.pkAuthenticator.ctime = sec; + ap.pkAuthenticator.cusec = usec; + ap.pkAuthenticator.nonce = nonce; + ASN1_MALLOC_ENCODE(AuthPack_Win2k, buf.data, buf.length, &ap, &size, ret); free_AuthPack_Win2k(&ap); @@ -695,33 +677,12 @@ pk_mk_padata(krb5_context context, krb5_abortx(context, "internal ASN1 encoder error"); oid = oid_id_pkcs7_data(); - } else if (compat == COMPAT_19) { - AuthPack_19 ap; - - memset(&ap, 0, sizeof(ap)); - - ret = build_auth_pack_19(context, nonce, req_body, &ap); - if (ret) { - free_AuthPack_19(&ap); - goto out; - } - - ASN1_MALLOC_ENCODE(AuthPack_19, buf.data, buf.length, &ap, &size, ret); - free_AuthPack_19(&ap); - if (ret) { - krb5_set_error_string(context, "AuthPack_19: %d", ret); - goto out; - } - if (buf.length != size) - krb5_abortx(context, "internal ASN1 encoder error"); - - oid = oid_id_pkauthdata(); - } else if (compat == COMPAT_27) { + } else if (compat == COMPAT_IETF) { AuthPack ap; memset(&ap, 0, sizeof(ap)); - ret = build_auth_pack(context, nonce, ctx->dh, req_body, &ap); + ret = build_auth_pack(context, nonce, ctx, ctx->dh, req_body, &ap); if (ret) { free_AuthPack(&ap); goto out; @@ -755,9 +716,12 @@ pk_mk_padata(krb5_context context, if (ret) goto out; - /* XXX tell the kdc what CAs the client is willing to accept */ - req.trustedCertifiers = NULL; - req.kdcPkId = NULL; + ASN1_MALLOC_ENCODE(ContentInfo, buf.data, buf.length, + &content_info, &size, ret); + if (ret) + goto out; + if (buf.length != size) + krb5_abortx(context, "Internal ASN1 encoder error"); if (compat == COMPAT_WIN2K) { PA_PK_AS_REQ_Win2k winreq; @@ -766,60 +730,29 @@ pk_mk_padata(krb5_context context, memset(&winreq, 0, sizeof(winreq)); - ASN1_MALLOC_ENCODE(ContentInfo, - winreq.signed_auth_pack.data, - winreq.signed_auth_pack.length, - &content_info, - &size, - ret); - if (ret) - goto out; - if (winreq.signed_auth_pack.length != size) - krb5_abortx(context, "Internal ASN1 encoder error"); + winreq.signed_auth_pack = buf; ASN1_MALLOC_ENCODE(PA_PK_AS_REQ_Win2k, buf.data, buf.length, &winreq, &size, ret); free_PA_PK_AS_REQ_Win2k(&winreq); - } else if (compat == COMPAT_19) { - PA_PK_AS_REQ_19 req_19; - - pa_type = KRB5_PADATA_PK_AS_REQ_19; - - memset(&req_19, 0, sizeof(req_19)); - - ret = copy_ContentInfo(&content_info, &req_19.signedAuthPack); - if (ret) { - krb5_clear_error_string(context); - goto out; - } - req_19.kdcCert = NULL; - req_19.trustedCertifiers = NULL; - req_19.encryptionCert = NULL; - - ASN1_MALLOC_ENCODE(PA_PK_AS_REQ_19, buf.data, buf.length, - &req_19, &size, ret); - - free_PA_PK_AS_REQ_19(&req_19); - - } else if (compat == COMPAT_27) { + } else if (compat == COMPAT_IETF) { + PA_PK_AS_REQ req; pa_type = KRB5_PADATA_PK_AS_REQ; - ASN1_MALLOC_ENCODE(ContentInfo, - req.signedAuthPack.data, - req.signedAuthPack.length, - &content_info, - &size, - ret); - if (ret) - goto out; - if (req.signedAuthPack.length != size) - krb5_abortx(context, "Internal ASN1 encoder error"); + memset(&req, 0, sizeof(req)); + req.signedAuthPack = buf; + + /* XXX tell the kdc what CAs the client is willing to accept */ + req.trustedCertifiers = NULL; + req.kdcPkId = NULL; ASN1_MALLOC_ENCODE(PA_PK_AS_REQ, buf.data, buf.length, &req, &size, ret); + free_PA_PK_AS_REQ(&req); + } else krb5_abortx(context, "internal pkinit error"); if (ret) { @@ -832,7 +765,11 @@ pk_mk_padata(krb5_context context, ret = krb5_padata_add(context, md, pa_type, buf.data, buf.length); if (ret) free(buf.data); - out: + + if (ret == 0 && compat == COMPAT_WIN2K) + krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0); + +out: free_ContentInfo(&content_info); return ret; @@ -847,11 +784,7 @@ _krb5_pk_mk_padata(krb5_context context, METHOD_DATA *md) { krb5_pk_init_ctx ctx = c; - krb5_error_code ret; - size_t size; - krb5_data buf; - const char *provisioning_server; - int win2k_compat; + int win2k_compat, type; win2k_compat = krb5_config_get_bool_default(context, NULL, FALSE, @@ -863,45 +796,18 @@ _krb5_pk_mk_padata(krb5_context context, win2k_compat = 1; if (win2k_compat) { - ret = pk_mk_padata(context, COMPAT_WIN2K, ctx, req_body, nonce, md); - if (ret) - goto out; - } else { -#if 0 - ret = pk_mk_padata(context, COMPAT_19, ctx, req_body, nonce, md); - if (ret) - goto out; -#endif - ret = pk_mk_padata(context, COMPAT_27, ctx, req_body, nonce, md); - if (ret) - goto out; - } - - provisioning_server = - krb5_config_get_string(context, NULL, - "realms", - req_body->realm, - "packet-cable-provisioning-server", - NULL); - - if (provisioning_server) { - /* PacketCable requires the PROV-SRV-LOCATION authenticator */ - const PROV_SRV_LOCATION prov_server = rk_UNCONST(provisioning_server); - - ASN1_MALLOC_ENCODE(PROV_SRV_LOCATION, buf.data, buf.length, - &prov_server, &size, ret); - if (ret) - goto out; - if (buf.length != size) - krb5_abortx(context, "Internal ASN1 encoder error"); + ctx->require_binding = + krb5_config_get_bool_default(context, NULL, + FALSE, + "realms", + req_body->realm, + "win2k_pkinit_require_binding", + NULL); + type = COMPAT_WIN2K; + } else + type = COMPAT_IETF; - /* PacketCable uses -1 (application specific) as the auth data type */ - ret = krb5_padata_add(context, md, -1, buf.data, buf.length); - if (ret) - free(buf.data); - } - out: - return ret; + return pk_mk_padata(context, type, ctx, req_body, nonce, md); } static krb5_boolean @@ -997,7 +903,7 @@ pk_verify_chain_standard(krb5_context context, int i; int ret; - ret = KRB5_KDC_ERROR_CLIENT_NAME_MISMATCH; + ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; for (i = 0; i < sk_X509_num(chain); i++) { cert = sk_X509_value(chain, i); if (pk_peer_compare(context, client, cert) == TRUE) { @@ -1037,7 +943,7 @@ pk_verify_chain_standard(krb5_context context, ret = 0; break; case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - ret = KRB5_KDC_ERROR_CANT_VERIFY_CERTIFICATE; + ret = KRB5_KDC_ERR_CANT_VERIFY_CERTIFICATE; krb5_set_error_string(context, "PKINIT: failed to verify " "certificate: %s ", X509_verify_cert_error_string(store_ctx->error)); @@ -1048,7 +954,7 @@ pk_verify_chain_standard(krb5_context context, case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: case X509_V_ERR_CERT_HAS_EXPIRED: - ret = KRB5_KDC_ERROR_INVALID_CERTIFICATE; + ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; krb5_set_error_string(context, "PKINIT: invalid certificate: %s ", X509_verify_cert_error_string(store_ctx->error)); break; @@ -1058,13 +964,13 @@ pk_verify_chain_standard(krb5_context context, case X509_V_ERR_CERT_CHAIN_TOO_LONG: case X509_V_ERR_PATH_LENGTH_EXCEEDED: case X509_V_ERR_INVALID_CA: - ret = KRB5_KDC_ERROR_INVALID_CERTIFICATE; + ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; krb5_set_error_string(context, "PKINIT: unknown CA or can't " "verify certificate: %s", X509_verify_cert_error_string(store_ctx->error)); break; default: - ret = KRB5_KDC_ERROR_INVALID_CERTIFICATE; /* XXX */ + ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; /* XXX */ krb5_set_error_string(context, "PKINIT: failed to verify " "certificate: %s (%ld) ", X509_verify_cert_error_string(store_ctx->error), @@ -1131,7 +1037,7 @@ cert_to_X509(krb5_context context, CertificateSet *set, krb5_error_code KRB5_LIB_FUNCTION _krb5_pk_verify_sign(krb5_context context, - const char *data, + const void *data, size_t length, struct krb5_pk_identity *id, heim_oid *contentType, @@ -1280,41 +1186,41 @@ _krb5_pk_verify_sign(krb5_context context, } static krb5_error_code -get_reply_key_19(krb5_context context, - const krb5_data *content, - unsigned nonce, - krb5_keyblock **key) +get_reply_key_win(krb5_context context, + const krb5_data *content, + unsigned nonce, + krb5_keyblock **key) { - ReplyKeyPack_19 key_pack; + ReplyKeyPack_Win2k key_pack; krb5_error_code ret; size_t size; - ret = decode_ReplyKeyPack_19(content->data, - content->length, - &key_pack, - &size); + ret = decode_ReplyKeyPack_Win2k(content->data, + content->length, + &key_pack, + &size); if (ret) { krb5_set_error_string(context, "PKINIT decoding reply key failed"); - free_ReplyKeyPack_19(&key_pack); + free_ReplyKeyPack_Win2k(&key_pack); return ret; } if (key_pack.nonce != nonce) { krb5_set_error_string(context, "PKINIT enckey nonce is wrong"); - free_ReplyKeyPack_19(&key_pack); + free_ReplyKeyPack_Win2k(&key_pack); return KRB5KRB_AP_ERR_MODIFIED; } *key = malloc (sizeof (**key)); if (*key == NULL) { krb5_set_error_string(context, "PKINIT failed allocating reply key"); - free_ReplyKeyPack_19(&key_pack); + free_ReplyKeyPack_Win2k(&key_pack); krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } ret = copy_EncryptionKey(&key_pack.replyKey, *key); - free_ReplyKeyPack_19(&key_pack); + free_ReplyKeyPack_Win2k(&key_pack); if (ret) { krb5_set_error_string(context, "PKINIT failed copying reply key"); free(*key); @@ -1399,6 +1305,7 @@ pk_rd_pa_reply_enckey(krb5_context context, ContentInfo *rep, krb5_pk_init_ctx ctx, krb5_enctype etype, + const krb5_krbhst_info *hi, unsigned nonce, const krb5_data *req_buffer, PA_DATA *pa, @@ -1413,7 +1320,7 @@ pk_rd_pa_reply_enckey(krb5_context context, int length; size_t size; X509 *user_cert; - char *p; + void *p; krb5_boolean bret; krb5_data content; heim_oid contentType = { 0, NULL }; @@ -1481,13 +1388,13 @@ pk_rd_pa_reply_enckey(krb5_context context, goto out; - /* verify content type */ - if (type == COMPAT_WIN2K) { - if (heim_oid_cmp(&ed.encryptedContentInfo.contentType, oid_id_pkcs7_data())) { - ret = KRB5KRB_AP_ERR_MSG_TYPE; - goto out; - } - } else { + /* + * Try to verify content type. We can't do this for W2K case + * because W2K/W2K3 sends id-pkcs7-data, but Windows Vista sends + * id-pkcs7-signedData to all versions, even W2K clients. + */ + + if (type != COMPAT_WIN2K) { if (heim_oid_cmp(&ed.encryptedContentInfo.contentType, oid_id_pkcs7_signedData())) { ret = KRB5KRB_AP_ERR_MSG_TYPE; goto out; @@ -1563,7 +1470,7 @@ pk_rd_pa_reply_enckey(krb5_context context, } p = ci.content->data; length = ci.content->length; - } + } ret = _krb5_pk_verify_sign(context, p, @@ -1582,6 +1489,7 @@ pk_rd_pa_reply_enckey(krb5_context context, goto out; } +#if 0 if (type == COMPAT_WIN2K) { if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) { krb5_set_error_string(context, "PKINIT: reply key, wrong oid"); @@ -1595,13 +1503,15 @@ pk_rd_pa_reply_enckey(krb5_context context, goto out; } } +#endif switch(type) { case COMPAT_WIN2K: - case COMPAT_19: - ret = get_reply_key_19(context, &content, nonce, key); + ret = get_reply_key(context, &content, req_buffer, key); + if (ret != 0 && ctx->require_binding == 0) + ret = get_reply_key_win(context, &content, nonce, key); break; - case COMPAT_27: + case COMPAT_IETF: ret = get_reply_key(context, &content, req_buffer, key); break; } @@ -1628,6 +1538,7 @@ pk_rd_pa_reply_dh(krb5_context context, ContentInfo *rep, krb5_pk_init_ctx ctx, krb5_enctype etype, + const krb5_krbhst_info *hi, const DHNonce *c_n, const DHNonce *k_n, unsigned nonce, @@ -1674,7 +1585,8 @@ pk_rd_pa_reply_dh(krb5_context context, goto out; if (heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) { - ret = KRB5KRB_AP_ERR_MSG_TYPE; /* XXX */ + krb5_set_error_string(context, "pkinit - dh reply contains wrong oid"); + ret = KRB5KRB_AP_ERR_MSG_TYPE; goto out; } @@ -1799,6 +1711,7 @@ krb5_error_code KRB5_LIB_FUNCTION _krb5_pk_rd_pa_reply(krb5_context context, void *c, krb5_enctype etype, + const krb5_krbhst_info *hi, unsigned nonce, const krb5_data *req_buffer, PA_DATA *pa, @@ -1836,8 +1749,10 @@ _krb5_pk_rd_pa_reply(krb5_context context, free_PA_PK_AS_REP(&rep); break; } - ret = pk_rd_pa_reply_dh(context, &ci, ctx, - etype, NULL, NULL, nonce, pa, key); + ret = pk_rd_pa_reply_dh(context, &ci, ctx, etype, hi, + ctx->clientDHNonce, + rep.u.dhInfo.serverDHNonce, + nonce, pa, key); free_ContentInfo(&ci); free_PA_PK_AS_REP(&rep); @@ -1854,8 +1769,8 @@ _krb5_pk_rd_pa_reply(krb5_context context, "ContentInfo: %d", ret); break; } - ret = pk_rd_pa_reply_enckey(context, COMPAT_27, &ci, ctx, - etype, nonce, req_buffer, pa, key); + ret = pk_rd_pa_reply_enckey(context, COMPAT_IETF, &ci, ctx, + etype, hi, nonce, req_buffer, pa, key); free_ContentInfo(&ci); return ret; default: @@ -1869,40 +1784,6 @@ _krb5_pk_rd_pa_reply(krb5_context context, return ret; } - /* Check for PK-INIT -19 */ - { - PA_PK_AS_REP_19 rep19; - - memset(&rep19, 0, sizeof(rep19)); - - ret = decode_PA_PK_AS_REP_19(pa->padata_value.data, - pa->padata_value.length, - &rep19, - &size); - if (ret == 0) { - switch(rep19.element) { - case choice_PA_PK_AS_REP_19_dhSignedData: - ret = pk_rd_pa_reply_dh(context, &rep19.u.dhSignedData, ctx, - etype, NULL, NULL, - nonce, pa, key); - break; - case choice_PA_PK_AS_REP_19_encKeyPack: - ret = pk_rd_pa_reply_enckey(context, COMPAT_19, - &rep19.u.encKeyPack, ctx, - etype, nonce, NULL, pa, key); - break; - default: - krb5_set_error_string(context, "PKINIT: -19 reply invalid " - "content type"); - ret = EINVAL; - break; - } - free_PA_PK_AS_REP_19(&rep19); - if (ret == 0) - return 0; - } - } - /* Check for Windows encoding of the AS-REP pa data */ { PA_PK_AS_REP_Win2k w2krep; @@ -1918,6 +1799,8 @@ _krb5_pk_rd_pa_reply(krb5_context context, "pkinit reply %d", ret); return ret; } + + krb5_clear_error_string(context); switch (w2krep.element) { case choice_PA_PK_AS_REP_Win2k_encKeyPack: @@ -1934,7 +1817,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, return ret; } ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &ci, ctx, - etype, nonce, NULL, pa, key); + etype, hi, nonce, NULL, pa, key); free_ContentInfo(&ci); break; default: @@ -2546,6 +2429,264 @@ _krb5_pk_load_openssl_id(krb5_context context, return ret; } +static int +parse_integer(krb5_context context, char **p, const char *file, int lineno, + const char *name, heim_integer *integer) +{ + int ret; + char *p1; + p1 = strsep(p, " \t"); + if (p1 == NULL) { + krb5_set_error_string(context, "moduli file %s missing %s on line %d", + file, name, lineno); + return EINVAL; + } + ret = der_parse_hex_heim_integer(p1, integer); + if (ret) { + krb5_set_error_string(context, "moduli file %s failed parsing %s " + "on line %d", + file, name, lineno); + return ret; + } + + return 0; +} + +krb5_error_code +_krb5_parse_moduli_line(krb5_context context, + const char *file, + int lineno, + char *p, + struct krb5_dh_moduli **m) +{ + struct krb5_dh_moduli *m1; + char *p1; + int ret; + + *m = NULL; + + m1 = calloc(1, sizeof(*m1)); + if (m1 == NULL) { + krb5_set_error_string(context, "malloc - out of memory"); + return ENOMEM; + } + + while (isspace((unsigned char)*p)) + p++; + if (*p == '#') + return 0; + ret = EINVAL; + + p1 = strsep(&p, " \t"); + if (p1 == NULL) { + krb5_set_error_string(context, "moduli file %s missing name " + "on line %d", file, lineno); + goto out; + } + m1->name = strdup(p1); + if (p1 == NULL) { + krb5_set_error_string(context, "malloc - out of memeory"); + ret = ENOMEM; + goto out; + } + + p1 = strsep(&p, " \t"); + if (p1 == NULL) { + krb5_set_error_string(context, "moduli file %s missing bits on line %d", + file, lineno); + goto out; + } + + m1->bits = atoi(p1); + if (m1->bits == 0) { + krb5_set_error_string(context, "moduli file %s have un-parsable " + "bits on line %d", file, lineno); + goto out; + } + + ret = parse_integer(context, &p, file, lineno, "p", &m1->p); + if (ret) + goto out; + ret = parse_integer(context, &p, file, lineno, "g", &m1->g); + if (ret) + goto out; + ret = parse_integer(context, &p, file, lineno, "q", &m1->q); + if (ret) + goto out; + + *m = m1; + + return 0; +out: + free(m1->name); + free_heim_integer(&m1->p); + free_heim_integer(&m1->g); + free_heim_integer(&m1->q); + free(m1); + return ret; +} + +static void +_krb5_free_moduli(struct krb5_dh_moduli **moduli) +{ + int i; + for (i = 0; moduli[i] != NULL; i++) { + free(moduli[i]->name); + free_heim_integer(&moduli[i]->p); + free_heim_integer(&moduli[i]->g); + free_heim_integer(&moduli[i]->q); + free(moduli[i]); + } + free(moduli); +} + +static const char *default_moduli = + /* bits */ + "RFC2412-MODP-group2 " + "1024 " + /* p */ + "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" + "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" + "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" + "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" + "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381" + "FFFFFFFF" "FFFFFFFF " + /* g */ + "02 " + /* q */ + "7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68" + "94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E" + "F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122" + "F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6" + "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F67329C0" + "FFFFFFFF" "FFFFFFFF"; + + +krb5_error_code +_krb5_parse_moduli(krb5_context context, const char *file, + struct krb5_dh_moduli ***moduli) +{ + /* comment bits P G Q */ + krb5_error_code ret; + struct krb5_dh_moduli **m = NULL, **m2; + char buf[4096]; + FILE *f; + int lineno = 0, n = 0; + + *moduli = NULL; + + m = calloc(1, sizeof(m[0]) * 2); + if (m == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + strlcpy(buf, default_moduli, sizeof(buf)); + ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[0]); + if (ret) { + _krb5_free_moduli(m); + return ret; + } + n = 1; + + if (file == NULL) { + *moduli = m; + return 0; + } + + f = fopen(file, "r"); + if (f == NULL) { + *moduli = m; + return 0; + } + + while(fgets(buf, sizeof(buf), f) != NULL) { + struct krb5_dh_moduli *element; + + buf[strcspn(buf, "\n")] = '\0'; + lineno++; + + m2 = realloc(m, (n + 2) * sizeof(m[0])); + if (m2 == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + _krb5_free_moduli(m); + return ENOMEM; + } + m = m2; + + m[n] = NULL; + + ret = _krb5_parse_moduli_line(context, file, lineno, buf, &element); + if (ret) { + _krb5_free_moduli(m); + return ret; + } + if (element == NULL) + continue; + + m[n] = element; + m[n + 1] = NULL; + n++; + } + *moduli = m; + return 0; +} + +krb5_error_code +_krb5_dh_group_ok(krb5_context context, unsigned long bits, + heim_integer *p, heim_integer *g, heim_integer *q, + struct krb5_dh_moduli **moduli, + char **name) +{ + int i; + + if (name) + *name = NULL; + + for (i = 0; moduli[i] != NULL; i++) { + if (heim_integer_cmp(&moduli[i]->g, g) == 0 && + heim_integer_cmp(&moduli[i]->p, p) == 0 && + heim_integer_cmp(&moduli[i]->q, q) == 0) + { + if (bits && bits > moduli[i]->bits) { + krb5_set_error_string(context, "PKINIT: DH group parameter %s " + "no accepted, not enough bits generated", + moduli[i]->name); + return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; + } + if (name) + *name = strdup(moduli[i]->name); + return 0; + } + } + krb5_set_error_string(context, "PKINIT: DH group parameter no ok"); + return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; +} + +static krb5_error_code +select_dh_group(krb5_context context, DH *dh, unsigned long bits, + struct krb5_dh_moduli **moduli) +{ + const struct krb5_dh_moduli *m; + + m = moduli[1]; /* XXX */ + if (m == NULL) + m = moduli[0]; /* XXX */ + + dh->p = integer_to_BN(context, "p", &m->p); + if (dh->p == NULL) + return ENOMEM; + dh->g = integer_to_BN(context, "g", &m->g); + if (dh->g == NULL) + return ENOMEM; + dh->q = integer_to_BN(context, "q", &m->q); + if (dh->q == NULL) + return ENOMEM; + + return 0; +} + + #endif /* PKINIT */ void KRB5_LIB_FUNCTION @@ -2554,9 +2695,9 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) #ifdef PKINIT krb5_pk_init_ctx ctx; - if (opt->private == NULL || opt->private->pk_init_ctx == NULL) + if (opt->opt_private == NULL || opt->opt_private->pk_init_ctx == NULL) return; - ctx = opt->private->pk_init_ctx; + ctx = opt->opt_private->pk_init_ctx; if (ctx->dh) DH_free(ctx->dh); ctx->dh = NULL; @@ -2572,10 +2713,16 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) ENGINE_free(ctx->id->engine); ctx->id->engine = NULL; } + if (ctx->clientDHNonce) { + krb5_free_data(NULL, ctx->clientDHNonce); + ctx->clientDHNonce = NULL; + } + if (ctx->m) + _krb5_free_moduli(ctx->m); free(ctx->id); ctx->id = NULL; } - opt->private->pk_init_ctx = NULL; + opt->opt_private->pk_init_ctx = NULL; #endif } @@ -2593,79 +2740,73 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, #ifdef PKINIT krb5_error_code ret; - if (opt->private == NULL) { + if (opt->opt_private == NULL) { krb5_set_error_string(context, "PKINIT: on non extendable opt"); return EINVAL; } - opt->private->pk_init_ctx = malloc(sizeof(*opt->private->pk_init_ctx)); - if (opt->private->pk_init_ctx == NULL) { + opt->opt_private->pk_init_ctx = + calloc(1, sizeof(*opt->opt_private->pk_init_ctx)); + if (opt->opt_private->pk_init_ctx == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } - opt->private->pk_init_ctx->dh = NULL; - opt->private->pk_init_ctx->id = NULL; + opt->opt_private->pk_init_ctx->dh = NULL; + opt->opt_private->pk_init_ctx->id = NULL; + opt->opt_private->pk_init_ctx->clientDHNonce = NULL; + opt->opt_private->pk_init_ctx->require_binding = 0; + ret = _krb5_pk_load_openssl_id(context, - &opt->private->pk_init_ctx->id, + &opt->opt_private->pk_init_ctx->id, user_id, x509_anchors, prompter, prompter_data, password); if (ret) { - free(opt->private->pk_init_ctx); - opt->private->pk_init_ctx = NULL; + free(opt->opt_private->pk_init_ctx); + opt->opt_private->pk_init_ctx = NULL; + return ret; } - /* XXX */ - if (ret == 0 && (flags & 1) && !(flags & 2)) { - DH *dh; - const char *P = - "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" - "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" - "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" - "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" - "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381" - "FFFFFFFF" "FFFFFFFF"; - const char *G = "2"; - const char *Q = - "7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68" - "94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E" - "F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122" - "F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6" - "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F67329C0" - "FFFFFFFF" "FFFFFFFF"; - - dh = DH_new(); - if (dh == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - _krb5_get_init_creds_opt_free_pkinit(opt); - return ENOMEM; - } - opt->private->pk_init_ctx->dh = dh; - if (!BN_hex2bn(&dh->p, P)) { - krb5_set_error_string(context, "malloc: out of memory"); + if ((flags & 2) == 0) { + const char *moduli_file; + + moduli_file = krb5_config_get_string_default(context, NULL, + MODULI_FILE, + "libdefaults", + "moduli", + NULL); + + ret = _krb5_parse_moduli(context, moduli_file, + &opt->opt_private->pk_init_ctx->m); + if (ret) { _krb5_get_init_creds_opt_free_pkinit(opt); - return ENOMEM; + return ret; } - if (!BN_hex2bn(&dh->g, G)) { + + opt->opt_private->pk_init_ctx->dh = DH_new(); + if (opt->opt_private->pk_init_ctx->dh == NULL) { krb5_set_error_string(context, "malloc: out of memory"); _krb5_get_init_creds_opt_free_pkinit(opt); return ENOMEM; } - if (!BN_hex2bn(&dh->q, Q)) { - krb5_set_error_string(context, "malloc: out of memory"); + + ret = select_dh_group(context, opt->opt_private->pk_init_ctx->dh, 0, + opt->opt_private->pk_init_ctx->m); + if (ret) { _krb5_get_init_creds_opt_free_pkinit(opt); - return ENOMEM; + return ret; } - /* XXX generate a new key for each request ? */ - if (DH_generate_key(dh) != 1) { + + if (DH_generate_key(opt->opt_private->pk_init_ctx->dh) != 1) { krb5_set_error_string(context, "malloc: out of memory"); _krb5_get_init_creds_opt_free_pkinit(opt); return ENOMEM; } } - return ret; + + return 0; #else krb5_set_error_string(context, "no support for PKINIT compiled in"); return EINVAL; diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c index 2571591e9d..ddd5866aeb 100644 --- a/source4/heimdal/lib/krb5/rd_cred.c +++ b/source4/heimdal/lib/krb5/rd_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_cred.c,v 1.24 2005/07/13 08:22:50 lha Exp $"); +RCSID("$Id: rd_cred.c,v 1.25 2005/09/23 03:37:57 lha Exp $"); static krb5_error_code compare_addrs(krb5_context context, @@ -99,24 +99,49 @@ krb5_rd_cred(krb5_context context, enc_krb_cred_part_data.length = cred.enc_part.cipher.length; enc_krb_cred_part_data.data = cred.enc_part.cipher.data; } else { - if (auth_context->remote_subkey) + /* Try both subkey and session key. + * + * RFC2140 claims we should use the session key, but Heimdal + * before 0.8 used the remote subkey if it was send in the + * auth_context. + */ + + if (auth_context->remote_subkey) { ret = krb5_crypto_init(context, auth_context->remote_subkey, 0, &crypto); - else + if (ret) + goto out; + + ret = krb5_decrypt_EncryptedData(context, + crypto, + KRB5_KU_KRB_CRED, + &cred.enc_part, + &enc_krb_cred_part_data); + + krb5_crypto_destroy(context, crypto); + } + + /* + * If there was not subkey, or we failed using subkey, + * retry using the session key + */ + if (auth_context->remote_subkey == NULL || ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) + { + ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); - /* DK: MIT rsh */ - if (ret) - goto out; - - ret = krb5_decrypt_EncryptedData(context, - crypto, - KRB5_KU_KRB_CRED, - &cred.enc_part, - &enc_krb_cred_part_data); - - krb5_crypto_destroy(context, crypto); + if (ret) + goto out; + + ret = krb5_decrypt_EncryptedData(context, + crypto, + KRB5_KU_KRB_CRED, + &cred.enc_part, + &enc_krb_cred_part_data); + + krb5_crypto_destroy(context, crypto); + } if (ret) goto out; } diff --git a/source4/heimdal/lib/roken/roken-common.h b/source4/heimdal/lib/roken/roken-common.h index c4ba2edb7c..8368530ff7 100644 --- a/source4/heimdal/lib/roken/roken-common.h +++ b/source4/heimdal/lib/roken/roken-common.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: roken-common.h,v 1.62 2005/09/01 18:47:35 lha Exp $ */ +/* $Id: roken-common.h,v 1.64 2005/09/28 03:05:58 lha Exp $ */ #ifndef __ROKEN_COMMON_H__ #define __ROKEN_COMMON_H__ @@ -258,8 +258,6 @@ #define __attribute__(x) #endif -#define rk_UNCONST(x) ((void *)(unsigned long)(const void *)(x)) - ROKEN_CPP_START #ifndef IRIX4 /* fix for compiler bug */ @@ -396,6 +394,8 @@ rk_strpoolprintf(struct rk_strpool *, const char *, ...) void ROKEN_LIB_FUNCTION rk_strpoolfree(struct rk_strpool *); +void ROKEN_LIB_FUNCTION +rk_dumpdata (const char *, const void *, size_t); ROKEN_CPP_END diff --git a/source4/heimdal/lib/roken/roken.h b/source4/heimdal/lib/roken/roken.h index 04553caf48..853de9b112 100644 --- a/source4/heimdal/lib/roken/roken.h +++ b/source4/heimdal/lib/roken/roken.h @@ -32,11 +32,14 @@ * SUCH DAMAGE. */ -/* $Id: roken.h.in,v 1.177 2005/08/05 09:06:29 lha Exp $ */ +/* $Id: roken.h.in,v 1.178 2005/09/28 03:04:54 lha Exp $ */ #include #include #include +#ifdef HAVE_STDINT_H +#include +#endif #include #include @@ -138,6 +141,12 @@ typedef int ssize_t; ROKEN_CPP_START +#ifdef HAVE_UINTPTR_T +#define rk_UNCONST(x) ((void *)(uintptr_t)(const void *)(x)) +#else +#define rk_UNCONST(x) ((void *)(unsigned long)(const void *)(x)) +#endif + #if !defined(HAVE_SETSID) && defined(HAVE__SETSID) #define setsid _setsid #endif -- cgit From 4dc5da1335a8dc39b4e6153ce7da75d429d343de Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 26 Oct 2005 23:34:15 +0000 Subject: r11310: Free the 'if_relevent' portion of the PAC when we build it. Andrew Bartlett (This used to be commit ede638c00b574bf4149d11844c0adf8e0f5c4efb) --- source4/heimdal/kdc/kerberos5.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index fdc60761f3..1c02e66211 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -1821,6 +1821,7 @@ tgs_make_reply(krb5_context context, if_relevant->val[0].ad_data.length = pac.length; ASN1_MALLOC_ENCODE(AuthorizationData, buf, buf_size, if_relevant, &len, ret); + free_AuthorizationData(if_relevant); auth_data = NULL; ALLOC(auth_data); -- cgit From 14a3abd5591a7c310bdd2638e5c06833dc2c8f92 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 26 Oct 2005 23:41:01 +0000 Subject: r11314: Use a patch from lha to have the kerberos libs extract the PAC, rather than doing ASN.1 parsing in Samba. Also use the API function for getting a client from a ticket, rather than just digging in the structure. Andrew Bartlett (This used to be commit 25d5ea6d724bd2b64a6086ae6e2e1c5148b8ca4a) --- source4/heimdal/lib/krb5/ticket.c | 158 +++++++++++++++++++++++++++++++++++--- 1 file changed, 148 insertions(+), 10 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c index 734cd4d4ca..8f4f8fb152 100644 --- a/source4/heimdal/lib/krb5/ticket.c +++ b/source4/heimdal/lib/krb5/ticket.c @@ -97,6 +97,141 @@ krb5_ticket_get_server(krb5_context context, return krb5_copy_principal(context, ticket->server, server); } +static int +find_type_in_ad(krb5_context context, + int type, + krb5_data *data, + int *found, + int failp, + krb5_keyblock *sessionkey, + const AuthorizationData *ad, + int level) +{ + krb5_error_code ret = ENOENT; + int i; + + if (level > 9) { + krb5_set_error_string(context, "Authorization data nested deeper " + "then %d levels, stop searching", level); + ret = ENOENT; /* XXX */ + goto out; + } + + /* + * Only copy out the element the first time we get to it, we need + * to run over the whole authorization data fields to check if + * there are any container clases we need to care about. + */ + for (i = 0; i < ad->len; i++) { + if (!*found && ad->val[i].ad_type == type) { + ret = copy_octet_string(&ad->val[i].ad_data, data); + if (ret) { + krb5_set_error_string(context, "malloc - out of memory"); + goto out; + } + *found = 1; + continue; + } + switch (ad->val[i].ad_type) { + case KRB5_AUTHDATA_IF_RELEVANT: { + AuthorizationData child; + ret = decode_AuthorizationData(ad->val[i].ad_data.data, + ad->val[i].ad_data.length, + &child, + NULL); + if (ret) { + krb5_set_error_string(context, "Failed to decode " + "IF_RELEVANT with %d", ret); + goto out; + } + ret = find_type_in_ad(context, type, data, found, 0, sessionkey, + &child, level + 1); + free_AuthorizationData(&child); + if (ret) + goto out; + break; + } + case KRB5_AUTHDATA_KDC_ISSUED: { + AD_KDCIssued child; + + ret = decode_AD_KDCIssued(ad->val[i].ad_data.data, + ad->val[i].ad_data.length, + &child, + NULL); + if (ret) { + krb5_set_error_string(context, "Failed to decode " + "AD_KDCIssued with %d", ret); + goto out; + } + if (failp) { + krb5_boolean valid; + krb5_data buf; + size_t len; + + ASN1_MALLOC_ENCODE(AuthorizationData, buf.data, buf.length, + &child.elements, &len, ret); + if (ret) { + free_AD_KDCIssued(&child); + krb5_clear_error_string(context); + goto out; + } + if(buf.length != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + ret = krb5_c_verify_checksum(context, sessionkey, 19, &buf, + &child.ad_checksum, &valid); + krb5_data_free(&buf); + if (ret) { + free_AD_KDCIssued(&child); + goto out; + } + if (!valid) { + krb5_clear_error_string(context); + ret = ENOENT; + free_AD_KDCIssued(&child); + goto out; + } + } + ret = find_type_in_ad(context, type, data, found, failp, sessionkey, + &child.elements, level + 1); + free_AD_KDCIssued(&child); + if (ret) + goto out; + break; + } + case KRB5_AUTHDATA_AND_OR: + if (!failp) + break; + krb5_set_error_string(context, "Authorization data contains " + "AND-OR element that is unknown to the " + "application"); + ret = ENOENT; /* XXX */ + goto out; + default: + if (!failp) + break; + krb5_set_error_string(context, "Authorization data contains " + "unknown type (%d) ", ad->val[i].ad_type); + ret = ENOENT; /* XXX */ + goto out; + } + } +out: + if (ret) { + if (*found) { + krb5_data_free(data); + *found = 0; + } + } + return ret; +} + +/* + * Extract the authorization data type of `type' from the + * 'ticket'. Store the field in `data'. This function is to use for + * kerberos applications + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_ticket_get_authorization_data_type(krb5_context context, krb5_ticket *ticket, @@ -104,22 +239,25 @@ krb5_ticket_get_authorization_data_type(krb5_context context, krb5_data *data) { AuthorizationData *ad; - int i; + krb5_error_code ret; + int found = 0; - data->length = 0; - data->data = NULL; + krb5_data_zero(data); ad = ticket->ticket.authorization_data; - if (ad == NULL) { + if (ticket->ticket.authorization_data == NULL) { krb5_set_error_string(context, "Ticket have not authorization data"); return ENOENT; /* XXX */ } - for (i = 0; i < ad->len; i++) { - if (ad->val[i].ad_type == type) - return copy_octet_string(&ad->val[i].ad_data, data); - } - krb5_set_error_string(context, "Ticket have not authorization " + ret = find_type_in_ad(context, type, data, &found, 1, &ticket->ticket.key, + ticket->ticket.authorization_data, 0); + if (ret) + return ret; + if (!found) { + krb5_set_error_string(context, "Ticket have not authorization " "data of type %d", type); - return ENOENT; /* XXX */ + return ENOENT; /* XXX */ + } + return 0; } -- cgit From 1244a97dbe900551b978b63cd07afe6cf4a61c60 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 27 Oct 2005 05:33:49 +0000 Subject: r11317: An ugly hack to setup the global gssapi_krb5_context early, when we have easy access to the event context. This stops Samba dead-locking against itself when the winbindd client tries to contact the KDC. Andrew Bartlett (This used to be commit 57f811115ed768ea1f170dcd71038398bf2ab6e9) --- source4/heimdal/lib/gssapi/gssapi_locl.h | 1 + source4/heimdal/lib/gssapi/init.c | 22 +++++++++++++++++----- 2 files changed, 18 insertions(+), 5 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/gssapi_locl.h b/source4/heimdal/lib/gssapi/gssapi_locl.h index a25e2fdcc9..1d22099877 100644 --- a/source4/heimdal/lib/gssapi/gssapi_locl.h +++ b/source4/heimdal/lib/gssapi/gssapi_locl.h @@ -108,6 +108,7 @@ struct gssapi_thr_context { */ krb5_error_code gssapi_krb5_init (void); +krb5_error_code gssapi_krb5_init_ev (void *event_context); #define GSSAPI_KRB5_INIT() do { \ krb5_error_code kret_gss_init; \ diff --git a/source4/heimdal/lib/gssapi/init.c b/source4/heimdal/lib/gssapi/init.c index a642b629f4..11d7c9bb9f 100644 --- a/source4/heimdal/lib/gssapi/init.c +++ b/source4/heimdal/lib/gssapi/init.c @@ -89,17 +89,19 @@ gssapi_get_thread_context(int createp) return NULL; } -krb5_error_code -gssapi_krb5_init (void) -{ - krb5_error_code ret = 0; #ifdef _SAMBA_BUILD_ +/* Init krb5 with an event context. Disgusting Samba-specific hack */ + +krb5_error_code +gssapi_krb5_init_ev (void *event_context) +{ static struct smb_krb5_context *smb_krb5_context; + krb5_error_code ret = 0; HEIMDAL_MUTEX_lock(&gssapi_krb5_context_mutex); if(smb_krb5_context == NULL) { - ret = smb_krb5_init_context(NULL, &smb_krb5_context); + ret = smb_krb5_init_context(event_context, &smb_krb5_context); } if (ret == 0 && !created_key) { HEIMDAL_key_create(&gssapi_context_key, @@ -116,6 +118,16 @@ gssapi_krb5_init (void) } HEIMDAL_MUTEX_unlock(&gssapi_krb5_context_mutex); + return ret; +} +#endif + +krb5_error_code +gssapi_krb5_init (void) +{ + krb5_error_code ret = 0; +#ifdef _SAMBA_BUILD_ + ret = gssapi_krb5_init_ev(NULL); #else HEIMDAL_MUTEX_lock(&gssapi_krb5_context_mutex); -- cgit From 0ea06b97c295baa22e0f2cf9f6e06338d1ba7c2f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 29 Oct 2005 06:59:54 +0000 Subject: r11392: After confirmation from Love, fix a compiler warning (This used to be commit a0b4036ba6ae423bab3ec698d3e404f03bb0f9d5) --- source4/heimdal/lib/gssapi/cfx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/cfx.c b/source4/heimdal/lib/gssapi/cfx.c index 1cc510d6fc..3e7592b3a7 100755 --- a/source4/heimdal/lib/gssapi/cfx.c +++ b/source4/heimdal/lib/gssapi/cfx.c @@ -77,7 +77,7 @@ wrap_length_cfx(krb5_crypto crypto, if (ret) { return ret; } - if (padsize > 1) { + if (*padsize > 1) { /* XXX check this */ *padlength = *padsize - (input_length % *padsize); } -- cgit From 3b2a6997b43dcfe37adf67c84e564a4fbff5b108 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 2 Nov 2005 00:31:22 +0000 Subject: r11452: Update Heimdal to current lorikeet, including removing the ccache side of the gsskrb5_acquire_cred hack. Add support for delegated credentials into the auth and credentials subsystem, and specifically into gensec_gssapi. Add the CIFS NTVFS handler as a consumer of delegated credentials, when no user/domain/password is specified. Andrew Bartlett (This used to be commit 55b89899adb692d90e63873ccdf80b9f94a6b448) --- source4/heimdal/lib/gssapi/accept_sec_context.c | 38 ++++--- source4/heimdal/lib/gssapi/acquire_cred.c | 132 +++++++++++++----------- source4/heimdal/lib/gssapi/copy_ccache.c | 90 +++++++++++++++- source4/heimdal/lib/gssapi/delete_sec_context.c | 2 + source4/heimdal/lib/gssapi/gssapi.h | 8 +- source4/heimdal/lib/gssapi/gssapi_locl.h | 12 ++- source4/heimdal/lib/gssapi/init_sec_context.c | 46 ++++----- source4/heimdal/lib/gssapi/release_cred.c | 6 +- source4/heimdal/lib/krb5/ticket.c | 6 +- 9 files changed, 231 insertions(+), 109 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/accept_sec_context.c b/source4/heimdal/lib/gssapi/accept_sec_context.c index 8e354c3136..5d43cdcb43 100644 --- a/source4/heimdal/lib/gssapi/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/accept_sec_context.c @@ -239,7 +239,7 @@ gsskrb5_acceptor_ready( OM_uint32 ret; int32_t seq_number; int is_cfx = 0; - u_int32_t flags = (*context_handle)->flags; + u_int32_t *flags = &(*context_handle)->flags; krb5_auth_getremoteseqnumber (gssapi_krb5_context, (*context_handle)->auth_context, @@ -249,11 +249,11 @@ gsskrb5_acceptor_ready( ret = _gssapi_msg_order_create(minor_status, &(*context_handle)->order, - _gssapi_msg_order_f(flags), + _gssapi_msg_order_f(*flags), seq_number, 0, is_cfx); if (ret) return ret; - if (!(flags & GSS_C_MUTUAL_FLAG) && _gssapi_msg_order_f(flags)) { + if (!(*flags & GSS_C_MUTUAL_FLAG) && _gssapi_msg_order_f(*flags)) { krb5_auth_con_setlocalseqnumber(gssapi_krb5_context, (*context_handle)->auth_context, seq_number); @@ -262,11 +262,14 @@ gsskrb5_acceptor_ready( /* * We should handle the delegation ticket, in case it's there */ - if ((*context_handle)->fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) { + if ((*context_handle)->fwd_data.length > 0 && (*flags & GSS_C_DELEG_FLAG)) { ret = gsskrb5_accept_delegated_token(minor_status, context_handle, delegated_cred_handle); if (ret) return ret; + } else { + /* Well, looks like it wasn't there after all */ + *flags &= ~GSS_C_DELEG_FLAG; } (*context_handle)->state = ACCEPTOR_READY; @@ -297,10 +300,9 @@ gsskrb5_acceptor_start krb5_ticket *ticket = NULL; krb5_keytab keytab = NULL; krb5_keyblock *keyblock = NULL; - krb5_data fwd_data; int is_cfx = 0; - krb5_data_zero (&fwd_data); + krb5_data_zero (&(*context_handle)->fwd_data); /* * We may, or may not, have an escapsulation. @@ -415,7 +417,7 @@ gsskrb5_acceptor_start input_chan_bindings, authenticator->cksum, &flags, - &fwd_data); + &(*context_handle)->fwd_data); krb5_free_authenticator(gssapi_krb5_context, &authenticator); if (ret) { return ret; @@ -461,15 +463,9 @@ gsskrb5_acceptor_start } } - /* - * We need to send the flags back to the caller - */ flags |= GSS_C_TRANS_FLAG; - if (ret_flags) - *ret_flags = flags; - - /* And remember them for later */ + /* Remember the flags */ (*context_handle)->lifetime = ticket->ticket.endtime; (*context_handle)->flags = flags; @@ -491,11 +487,23 @@ gsskrb5_acceptor_start * When GSS_C_DCE_STYLE is in use, we need ask for a AP-REP from the client */ if (flags & GSS_C_DCE_STYLE) { + if (ret_flags) { + /* Return flags to caller, but we haven't processed delgations yet */ + *ret_flags = flags & ~GSS_C_DELEG_FLAG; + } + (*context_handle)->state = ACCEPTOR_WAIT_FOR_DCESTYLE; return GSS_S_CONTINUE_NEEDED; } - return gsskrb5_acceptor_ready(minor_status, context_handle, delegated_cred_handle); + ret = gsskrb5_acceptor_ready(minor_status, context_handle, delegated_cred_handle); + + /* + * We need to send the flags back to the caller + */ + + *ret_flags = (*context_handle)->flags; + return ret; } static OM_uint32 diff --git a/source4/heimdal/lib/gssapi/acquire_cred.c b/source4/heimdal/lib/gssapi/acquire_cred.c index 23c2603352..d67b400920 100644 --- a/source4/heimdal/lib/gssapi/acquire_cred.c +++ b/source4/heimdal/lib/gssapi/acquire_cred.c @@ -33,7 +33,53 @@ #include "gssapi_locl.h" -RCSID("$Id: acquire_cred.c,v 1.23 2005/10/21 12:44:08 lha Exp $"); +RCSID("$Id: acquire_cred.c,v 1.24 2005/10/26 11:25:16 lha Exp $"); + +OM_uint32 +_gssapi_krb5_ccache_lifetime(OM_uint32 *minor_status, + krb5_ccache id, + krb5_principal principal, + OM_uint32 *lifetime) +{ + krb5_creds in_cred, *out_cred; + krb5_const_realm realm; + krb5_error_code kret; + + memset(&in_cred, 0, sizeof(in_cred)); + in_cred.client = principal; + + realm = krb5_principal_get_realm(gssapi_krb5_context, principal); + if (realm == NULL) { + gssapi_krb5_clear_status (); + *minor_status = KRB5_PRINC_NOMATCH; /* XXX */ + return GSS_S_FAILURE; + } + + kret = krb5_make_principal(gssapi_krb5_context, &in_cred.server, + realm, KRB5_TGS_NAME, realm, NULL); + if (kret) { + gssapi_krb5_set_error_string(); + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_get_credentials(gssapi_krb5_context, 0, + id, &in_cred, &out_cred); + krb5_free_principal(gssapi_krb5_context, in_cred.server); + if (kret) { + gssapi_krb5_set_error_string(); + *minor_status = kret; + return GSS_S_FAILURE; + } + + *lifetime = out_cred->times.endtime; + krb5_free_creds(gssapi_krb5_context, out_cred); + + return GSS_S_COMPLETE; +} + + + static krb5_error_code get_keytab(krb5_context context, krb5_keytab *keytab) @@ -61,7 +107,6 @@ static OM_uint32 acquire_initiator_cred (OM_uint32 * minor_status, krb5_context context, krb5_keytab keytab, - krb5_ccache ccache, const gss_name_t desired_name, OM_uint32 time_req, const gss_OID_set desired_mechs, @@ -75,10 +120,11 @@ static OM_uint32 acquire_initiator_cred krb5_creds cred; krb5_principal def_princ; krb5_get_init_creds_opt *opt; + krb5_ccache ccache; krb5_error_code kret; - krb5_boolean made_ccache = FALSE; krb5_boolean made_keytab = FALSE; + ccache = NULL; def_princ = NULL; ret = GSS_S_FAILURE; memset(&cred, 0, sizeof(cred)); @@ -86,29 +132,22 @@ static OM_uint32 acquire_initiator_cred /* If we have a preferred principal, lets try to find it in all * caches, otherwise, fall back to default cache. Ignore * errors. */ - if (ccache == NULL && handle->principal) { + if (handle->principal) kret = krb5_cc_cache_match (gssapi_krb5_context, handle->principal, NULL, &ccache); - if (kret) { - ccache = NULL; - } else { - made_ccache = TRUE; - } - } + if (ccache == NULL) { kret = krb5_cc_default(gssapi_krb5_context, &ccache); if (kret) goto end; - made_ccache = TRUE; } kret = krb5_cc_get_principal(context, ccache, &def_princ); if (kret != 0) { /* we'll try to use a keytab below */ krb5_cc_destroy(context, ccache); - made_ccache = FALSE; ccache = NULL; kret = 0; } else if (handle->principal == NULL) { @@ -133,65 +172,41 @@ static OM_uint32 acquire_initiator_cred if (kret) goto end; } - if (keytab != NULL) { - kret = get_keytab(context, &keytab); - if (kret) - goto end; - made_keytab = TRUE; - } - kret = krb5_get_init_creds_opt_alloc(context, &opt); + kret = get_keytab(context, &keytab); + if (kret) + goto end; + kret = krb5_get_init_creds_opt_alloc(gssapi_krb5_context, &opt); if (kret) goto end; - kret = krb5_get_init_creds_keytab(context, &cred, + kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred, handle->principal, keytab, 0, NULL, opt); krb5_get_init_creds_opt_free(opt); if (kret) goto end; - if (ccache == NULL) { - kret = krb5_cc_gen_new(context, &krb5_mcc_ops, - &ccache); - if (kret) - goto end; - made_ccache = TRUE; - } - kret = krb5_cc_initialize(context, ccache, cred.client); + kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops, + &ccache); if (kret) goto end; - kret = krb5_cc_store_cred(context, ccache, &cred); + kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client); if (kret) goto end; - handle->lifetime = cred.times.endtime; - } else { - krb5_creds in_cred, *out_cred; - krb5_const_realm realm; - - memset(&in_cred, 0, sizeof(in_cred)); - in_cred.client = handle->principal; - - realm = krb5_principal_get_realm(context, - handle->principal); - if (realm == NULL) { - kret = KRB5_PRINC_NOMATCH; /* XXX */ - goto end; - } - - kret = krb5_make_principal(context, &in_cred.server, - realm, KRB5_TGS_NAME, realm, NULL); + kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred); if (kret) goto end; + handle->lifetime = cred.times.endtime; + handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE; + } else { - kret = krb5_get_credentials(context, 0, - ccache, &in_cred, &out_cred); - krb5_free_principal(context, in_cred.server); - if (kret) + ret = _gssapi_krb5_ccache_lifetime(minor_status, + ccache, + handle->principal, + &handle->lifetime); + if (ret != GSS_S_COMPLETE) goto end; - - handle->lifetime = out_cred->times.endtime; - krb5_free_creds(context, out_cred); + kret = 0; } handle->ccache = ccache; - handle->made_ccache = made_ccache; ret = GSS_S_COMPLETE; end: @@ -202,8 +217,8 @@ end: if (made_keytab) krb5_kt_close(context, keytab); if (ret != GSS_S_COMPLETE) { - if (made_ccache) - krb5_cc_close(context, ccache); + if (ccache != NULL) + krb5_cc_close(gssapi_krb5_context, ccache); if (kret != 0) { *minor_status = kret; gssapi_krb5_set_error_string (); @@ -255,7 +270,6 @@ end: OM_uint32 gsskrb5_acquire_cred (OM_uint32 * minor_status, struct krb5_keytab_data *keytab, - struct krb5_ccache_data *ccache, const gss_name_t desired_name, OM_uint32 time_req, const gss_OID_set desired_mechs, @@ -314,7 +328,7 @@ OM_uint32 gsskrb5_acquire_cred } if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) { ret = acquire_initiator_cred(minor_status, gssapi_krb5_context, - keytab, ccache, + keytab, desired_name, time_req, desired_mechs, cred_usage, handle, actual_mechs, time_rec); @@ -379,7 +393,7 @@ OM_uint32 gss_acquire_cred ) { return gsskrb5_acquire_cred(minor_status, - NULL, NULL, + NULL, desired_name, time_req, desired_mechs, diff --git a/source4/heimdal/lib/gssapi/copy_ccache.c b/source4/heimdal/lib/gssapi/copy_ccache.c index 828ca64156..0f2f155870 100644 --- a/source4/heimdal/lib/gssapi/copy_ccache.c +++ b/source4/heimdal/lib/gssapi/copy_ccache.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: copy_ccache.c,v 1.7 2003/09/01 15:11:09 lha Exp $"); +RCSID("$Id: copy_ccache.c,v 1.9 2005/10/31 16:02:08 lha Exp $"); OM_uint32 gss_krb5_copy_ccache(OM_uint32 *minor_status, @@ -61,6 +61,94 @@ gss_krb5_copy_ccache(OM_uint32 *minor_status, return GSS_S_COMPLETE; } + +OM_uint32 +gss_krb5_import_ccache(OM_uint32 *minor_status, + krb5_ccache in, + gss_cred_id_t *cred) +{ + krb5_error_code kret; + gss_cred_id_t handle; + OM_uint32 ret; + + *cred = NULL; + + GSSAPI_KRB5_INIT (); + + handle = (gss_cred_id_t)calloc(1, sizeof(*handle)); + if (handle == GSS_C_NO_CREDENTIAL) { + gssapi_krb5_clear_status (); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + HEIMDAL_MUTEX_init(&handle->cred_id_mutex); + + handle->usage = GSS_C_INITIATE; + + kret = krb5_cc_get_principal(gssapi_krb5_context, in, &handle->principal); + if (kret) { + free(handle); + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + ret = _gssapi_krb5_ccache_lifetime(minor_status, + in, + handle->principal, + &handle->lifetime); + if (ret != GSS_S_COMPLETE) { + krb5_free_principal(gssapi_krb5_context, handle->principal); + free(handle); + return ret; + } + + ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); + if (ret == GSS_S_COMPLETE) + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &handle->mechanisms); + if (ret != GSS_S_COMPLETE) { + krb5_free_principal(gssapi_krb5_context, handle->principal); + free(handle); + *minor_status = kret; + return GSS_S_FAILURE; + } + + { + const char *type, *name; + char *str; + + type = krb5_cc_get_type(gssapi_krb5_context, in); + name = krb5_cc_get_name(gssapi_krb5_context, in); + + if (asprintf(&str, "%s:%s", type, name) == -1) { + krb5_set_error_string(gssapi_krb5_context, + "malloc - out of memory"); + kret = ENOMEM; + goto out; + } + + kret = krb5_cc_resolve(gssapi_krb5_context, str, &handle->ccache); + free(str); + if (kret) + goto out; + } + + *minor_status = 0; + *cred = handle; + return GSS_S_COMPLETE; + +out: + gssapi_krb5_set_error_string (); + if (handle->principal) + krb5_free_principal(gssapi_krb5_context, handle->principal); + HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); + free(handle); + *minor_status = kret; + return GSS_S_FAILURE; +} + + OM_uint32 gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, gss_ctx_id_t context_handle, diff --git a/source4/heimdal/lib/gssapi/delete_sec_context.c b/source4/heimdal/lib/gssapi/delete_sec_context.c index 83658fa76c..301197aa4c 100644 --- a/source4/heimdal/lib/gssapi/delete_sec_context.c +++ b/source4/heimdal/lib/gssapi/delete_sec_context.c @@ -66,6 +66,8 @@ OM_uint32 gss_delete_sec_context (*context_handle)->service_keyblock); if((*context_handle)->order) _gssapi_msg_order_destroy(&(*context_handle)->order); + if ((*context_handle)->fwd_data.length > 0) + free((*context_handle)->fwd_data.data); HEIMDAL_MUTEX_unlock(&(*context_handle)->ctx_id_mutex); HEIMDAL_MUTEX_destroy(&(*context_handle)->ctx_id_mutex); diff --git a/source4/heimdal/lib/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi.h index 4bf6780daa..64a31d1eee 100644 --- a/source4/heimdal/lib/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi.h,v 1.37 2005/02/21 08:48:15 lukeh Exp $ */ +/* $Id: gssapi.h,v 1.38 2005/10/26 11:22:13 lha Exp $ */ #ifndef GSSAPI_H_ #define GSSAPI_H_ @@ -778,7 +778,6 @@ OM_uint32 gss_unseal OM_uint32 gsskrb5_acquire_cred (OM_uint32 * minor_status, struct krb5_keytab_data *keytab, - struct krb5_ccache_data *ccache, const gss_name_t desired_name, OM_uint32 time_req, const gss_OID_set desired_mechs, @@ -806,6 +805,11 @@ OM_uint32 gss_krb5_copy_service_keyblock gss_ctx_id_t context_handle, struct EncryptionKey **out); +OM_uint32 +gss_krb5_import_ccache(OM_uint32 */*minor*/, + struct krb5_ccache_data * /*in*/, + gss_cred_id_t */*out*/); + OM_uint32 gss_krb5_get_tkt_flags (OM_uint32 */*minor*/, gss_ctx_id_t /*context_handle*/, diff --git a/source4/heimdal/lib/gssapi/gssapi_locl.h b/source4/heimdal/lib/gssapi/gssapi_locl.h index 1d22099877..aa663e87a6 100644 --- a/source4/heimdal/lib/gssapi/gssapi_locl.h +++ b/source4/heimdal/lib/gssapi/gssapi_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_locl.h,v 1.41 2005/10/12 15:20:37 lha Exp $ */ +/* $Id: gssapi_locl.h,v 1.42 2005/10/26 11:23:48 lha Exp $ */ #ifndef GSSAPI_LOCL_H #define GSSAPI_LOCL_H @@ -79,12 +79,13 @@ typedef struct gss_ctx_id_t_desc_struct { typedef struct gss_cred_id_t_desc_struct { gss_name_t principal; + int cred_flags; +#define GSS_CF_DESTROY_CRED_ON_RELEASE 1 krb5_boolean made_keytab; struct krb5_keytab_data *keytab; OM_uint32 lifetime; gss_cred_usage_t usage; gss_OID_set mechanisms; - krb5_boolean made_ccache; struct krb5_ccache_data *ccache; HEIMDAL_MUTEX cred_id_mutex; } gss_cred_id_t_desc; @@ -108,7 +109,6 @@ struct gssapi_thr_context { */ krb5_error_code gssapi_krb5_init (void); -krb5_error_code gssapi_krb5_init_ev (void *event_context); #define GSSAPI_KRB5_INIT() do { \ krb5_error_code kret_gss_init; \ @@ -271,6 +271,10 @@ _gss_check_compat(OM_uint32 *, gss_name_t, const char *, OM_uint32 gssapi_lifetime_left(OM_uint32 *, OM_uint32, OM_uint32 *); +OM_uint32 +_gssapi_krb5_ccache_lifetime(OM_uint32 *, krb5_ccache, + krb5_principal, OM_uint32 *); + /* sequence */ OM_uint32 diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c index 93e8d44c86..b8eb748bf5 100644 --- a/source4/heimdal/lib/gssapi/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/init_sec_context.c @@ -162,7 +162,7 @@ _gsskrb5_create_ctx( static OM_uint32 gsskrb5_get_creds( OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, + krb5_ccache ccache, gss_ctx_id_t * context_handle, const gss_name_t target_name, OM_uint32 time_req, @@ -172,22 +172,10 @@ gsskrb5_get_creds( OM_uint32 ret; krb5_error_code kret; krb5_creds this_cred; - krb5_ccache ccache = NULL; OM_uint32 lifetime_rec; *cred = NULL; - if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) { - kret = krb5_cc_default (gssapi_krb5_context, &ccache); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - } else { - ccache = initiator_cred_handle->ccache; - } - kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, &(*context_handle)->source); @@ -246,10 +234,6 @@ gsskrb5_get_creds( if (time_rec) *time_rec = lifetime_rec; - if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) { - krb5_cc_close(gssapi_krb5_context, ccache); - } - return GSS_S_COMPLETE; } @@ -351,7 +335,7 @@ do_delegation (krb5_auth_context ac, static OM_uint32 gsskrb5_initiator_start (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, + krb5_ccache ccache, gss_ctx_id_t * context_handle, const gss_name_t target_name, const gss_OID mech_type, @@ -369,7 +353,6 @@ gsskrb5_initiator_start krb5_flags ap_options; krb5_creds *cred = NULL; krb5_data outbuf; - krb5_ccache ccache = NULL; u_int32_t flags; krb5_data authenticator; Checksum cksum; @@ -383,7 +366,7 @@ gsskrb5_initiator_start /* We need to get the credentials for the requested target */ ret = gsskrb5_get_creds(minor_status, - initiator_cred_handle, + ccache, context_handle, target_name, time_req, @@ -543,7 +526,7 @@ gsskrb5_initiator_start static OM_uint32 gsskrb5_initiator_wait_for_mutual( OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, + krb5_ccache ccache, gss_ctx_id_t * context_handle, const gss_name_t target_name, const gss_OID mech_type, @@ -697,6 +680,8 @@ gsskrb5_init_sec_context ) { OM_uint32 ret; + krb5_error_code kret; + krb5_ccache ccache = NULL; if (*context_handle == GSS_C_NO_CONTEXT) { ret = _gsskrb5_create_ctx(minor_status, @@ -708,12 +693,23 @@ gsskrb5_init_sec_context if (actual_mech_type) *actual_mech_type = GSS_KRB5_MECHANISM; + if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) { + kret = krb5_cc_default (gssapi_krb5_context, &ccache); + if (kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + } else { + ccache = initiator_cred_handle->ccache; + } + HEIMDAL_MUTEX_lock(&(*context_handle)->ctx_id_mutex); switch ((*context_handle)->state) { case INITIATOR_START: ret = gsskrb5_initiator_start(minor_status, - initiator_cred_handle, + ccache, context_handle, target_name, mech_type, @@ -727,7 +723,7 @@ gsskrb5_init_sec_context break; case INITIATOR_WAIT_FOR_MUTAL: ret = gsskrb5_initiator_wait_for_mutual(minor_status, - initiator_cred_handle, + ccache, context_handle, target_name, mech_type, @@ -771,6 +767,10 @@ gsskrb5_init_sec_context break; } + if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) { + krb5_cc_close(gssapi_krb5_context, ccache); + } + HEIMDAL_MUTEX_unlock(&(*context_handle)->ctx_id_mutex); return ret; diff --git a/source4/heimdal/lib/gssapi/release_cred.c b/source4/heimdal/lib/gssapi/release_cred.c index 8ae65dd528..ddd80c144b 100644 --- a/source4/heimdal/lib/gssapi/release_cred.c +++ b/source4/heimdal/lib/gssapi/release_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -54,10 +54,10 @@ OM_uint32 gss_release_cred krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); if ((*cred_handle)->made_keytab) krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab); - if ((*cred_handle)->made_ccache) { + if ((*cred_handle)->ccache != NULL) { const krb5_cc_ops *ops; ops = krb5_cc_get_ops(gssapi_krb5_context, (*cred_handle)->ccache); - if (ops == &krb5_mcc_ops) + if ((*cred_handle)->cred_flags & GSS_CF_DESTROY_CRED_ON_RELEASE) krb5_cc_destroy(gssapi_krb5_context, (*cred_handle)->ccache); else krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache); diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c index 8f4f8fb152..7dae26acf2 100644 --- a/source4/heimdal/lib/krb5/ticket.c +++ b/source4/heimdal/lib/krb5/ticket.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: ticket.c,v 1.12 2004/05/25 21:44:47 lha Exp $"); +RCSID("$Id: ticket.c,v 1.14 2005/10/27 13:21:42 lha Exp $"); krb5_error_code KRB5_LIB_FUNCTION krb5_free_ticket(krb5_context context, @@ -151,6 +151,7 @@ find_type_in_ad(krb5_context context, goto out; break; } +#if 0 /* XXX test */ case KRB5_AUTHDATA_KDC_ISSUED: { AD_KDCIssued child; @@ -199,6 +200,7 @@ find_type_in_ad(krb5_context context, goto out; break; } +#endif case KRB5_AUTHDATA_AND_OR: if (!failp) break; @@ -229,7 +231,7 @@ out: /* * Extract the authorization data type of `type' from the * 'ticket'. Store the field in `data'. This function is to use for - * kerberos applications + * kerberos applications. */ krb5_error_code KRB5_LIB_FUNCTION -- cgit From 84c908d98372b5f3c6037ed7e1a524f0ff1e706f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 2 Nov 2005 02:22:35 +0000 Subject: r11462: Fix the build: somehow I lost the header for this samba-specific hack. Andrew Bartlett (This used to be commit 0a4194118974bdde4e10fd32578a5beeb6e768ce) --- source4/heimdal/lib/gssapi/gssapi_locl.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/gssapi_locl.h b/source4/heimdal/lib/gssapi/gssapi_locl.h index aa663e87a6..ae291d15a9 100644 --- a/source4/heimdal/lib/gssapi/gssapi_locl.h +++ b/source4/heimdal/lib/gssapi/gssapi_locl.h @@ -110,6 +110,8 @@ struct gssapi_thr_context { krb5_error_code gssapi_krb5_init (void); +krb5_error_code gssapi_krb5_init_ev (void *); + #define GSSAPI_KRB5_INIT() do { \ krb5_error_code kret_gss_init; \ if((kret_gss_init = gssapi_krb5_init ()) != 0) { \ -- cgit From cc0f3779b1de565ed33504d123e41656d6d2aab2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 2 Nov 2005 03:48:49 +0000 Subject: r11468: Merge a bit more of init_sec_context from Heimdal CVS into our DCE_STYLE modified version, and add parametric options to control delegation. It turns out the only remaining issue is sending delegated credentials to a windows server, probably due to the bug lha mentions in his blog (using the wrong key). If I turn delgation on in smbclient, but off in smbd, I can proxy a cifs session. I can't wait till Heimdal 0.8, so I'll see if I can figure out the fix myself :-) Andrew Bartlett (This used to be commit fd5fd03570c13f5644e53ff89ac8eca7c0985740) --- source4/heimdal/lib/gssapi/init_sec_context.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c index b8eb748bf5..06aba8f785 100644 --- a/source4/heimdal/lib/gssapi/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/init_sec_context.c @@ -275,7 +275,7 @@ do_delegation (krb5_auth_context ac, krb5_creds *cred, const gss_name_t target_name, krb5_data *fwd_data, - int *flags) + u_int32_t *flags) { krb5_creds creds; krb5_kdc_flags fwd_flags; @@ -406,9 +406,26 @@ gsskrb5_initiator_start flags = 0; ap_options = 0; + /* + * If the realm policy approves a delegation, lets check local + * policy if the credentials should be delegated, defafult to + * false. + */ + if (cred->flags.b.ok_as_delegate) { + krb5_boolean delegate = FALSE; + + _gss_check_compat(NULL, target_name, "ok-as-delegate", + &delegate, TRUE); + krb5_appdefault_boolean(gssapi_krb5_context, + "gssapi", target_name->realm, + "ok-as-delegate", delegate, &delegate); + if (delegate) + req_flags |= GSS_C_DELEG_FLAG; + } + if (req_flags & GSS_C_DELEG_FLAG) { do_delegation((*context_handle)->auth_context, - ccache, cred, target_name, &fwd_data, &flags); + ccache, cred, target_name, &fwd_data, &flags); } if (req_flags & GSS_C_MUTUAL_FLAG) { @@ -542,8 +559,8 @@ gsskrb5_initiator_wait_for_mutual( krb5_error_code kret; krb5_data inbuf; u_int32_t flags = (*context_handle)->flags; - OM_uint32 l_seq_number; - OM_uint32 r_seq_number; + int32_t l_seq_number; + int32_t r_seq_number; /* We need to decapsulate the AP_REP if GSS_C_DCE_STYLE isn't in use */ { -- cgit From 3b213ca9a3e44266647ac4ceb88d3acd2fb4a295 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 2 Nov 2005 04:11:36 +0000 Subject: r11469: Fix typo, and use the correct (RFC4120) session key for delegating credentials. This means we now delegate to windows correctly. Andrew Bartlett (This used to be commit d6928a3bf86f1ab89f29eac538ceb701c6669913) --- source4/heimdal/lib/krb5/get_for_creds.c | 22 ++++++++++++---------- source4/heimdal/lib/krb5/rd_cred.c | 2 +- 2 files changed, 13 insertions(+), 11 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index ea0bc4ad9e..adb6000cd6 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -378,16 +378,18 @@ krb5_get_forwarded_creds (krb5_context context, cred.enc_part.cipher.data = buf; cred.enc_part.cipher.length = buf_size; } else { - krb5_keyblock *key; - - if (auth_context->local_subkey) - key = auth_context->local_subkey; - else if (auth_context->remote_subkey) - key = auth_context->remote_subkey; - else - key = auth_context->keyblock; - - ret = krb5_crypto_init(context, key, 0, &crypto); + /* + * RFC4120 claims we should use the session key, but Heimdal + * before 0.8 used the remote subkey if it was send in the + * auth_context. + * + * Lorikeet-Heimdal is interested in windows compatiblity + * more than Heimdal compatability, so we must choose the + * session key, and break forwarding credentials to older + * Heimdal servers. + */ + + ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); if (ret) { free(buf); free_KRB_CRED(&cred); diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c index ddd5866aeb..07f142267c 100644 --- a/source4/heimdal/lib/krb5/rd_cred.c +++ b/source4/heimdal/lib/krb5/rd_cred.c @@ -101,7 +101,7 @@ krb5_rd_cred(krb5_context context, } else { /* Try both subkey and session key. * - * RFC2140 claims we should use the session key, but Heimdal + * RFC4120 claims we should use the session key, but Heimdal * before 0.8 used the remote subkey if it was send in the * auth_context. */ -- cgit From 1ab27b7fdf0e25636a2b9cc933ee17ded60ad948 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 2 Nov 2005 09:51:32 +0000 Subject: r11477: This seems really nasty, but as I understand it an attacker cannot change this checksum, as it is inside the encrypted packets. Where the client (such as Samba3) fakes up GSSAPI, allow it to continue. We can't rid the world of all Samba3 and similar clients... Andrew Bartlett (This used to be commit e60cdb63fb37e44252f83a56a6302f0bd22dec4d) --- source4/heimdal/lib/gssapi/8003.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/8003.c b/source4/heimdal/lib/gssapi/8003.c index b60d2608e2..0062068d5b 100644 --- a/source4/heimdal/lib/gssapi/8003.c +++ b/source4/heimdal/lib/gssapi/8003.c @@ -182,9 +182,18 @@ gssapi_krb5_verify_8003_checksum( *minor_status = 0; return GSS_S_BAD_BINDINGS; } - + + /* This is the case where Samba3 has built GSSAPI out of + * krb5 the 'dodgy' way. We have to accept the non-GSSAPI + * checksum because windows does */ + + if(cksum->cksumtype != CKSUMTYPE_GSSAPI) { + *flags = 0; + return GSS_S_COMPLETE; + } + /* XXX should handle checksums > 24 bytes */ - if(cksum->cksumtype != CKSUMTYPE_GSSAPI || cksum->checksum.length < 24) { + if(cksum->checksum.length < 24) { *minor_status = 0; return GSS_S_BAD_BINDINGS; } -- cgit From 512f5ae8817eb378d5d3bdf6ba08c50c8dc3bf8c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 6 Nov 2005 01:46:12 +0000 Subject: r11529: Disable DNS lookups for forwarded credentials, unless really, really wanted. There is nothing that suggests that the host we forward credentials to will not have other interfaces, unassoicated with their service name. Likewise, the name may be a netbios, not DNS name. This should avoid some nasty DNS lookups. Andrew Bartlett (This used to be commit da0ff19856a8f41eb64787990d47d2961824711d) --- source4/heimdal/lib/krb5/get_for_creds.c | 75 +++++++++++++++++--------------- 1 file changed, 41 insertions(+), 34 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index adb6000cd6..7bc8942f66 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -162,7 +162,8 @@ krb5_get_forwarded_creds (krb5_context context, { krb5_error_code ret; krb5_creds *out_creds; - krb5_addresses addrs, *paddrs; + krb5_addresses *paddrs = NULL; + krb5_addresses addrs; KRB_CRED cred; KrbCredInfo *krb_cred_info; EncKrbCredPart enc_krb_cred_part; @@ -171,50 +172,56 @@ krb5_get_forwarded_creds (krb5_context context, size_t buf_size; krb5_kdc_flags kdc_flags; krb5_crypto crypto; - struct addrinfo *ai; int save_errno; krb5_creds *ticket; char *realm; + krb5_boolean noaddr_ever; + + addrs.len = 0; + addrs.val = NULL; if (in_creds->client && in_creds->client->realm) realm = in_creds->client->realm; else realm = in_creds->server->realm; - addrs.len = 0; - addrs.val = NULL; - paddrs = &addrs; - - /* - * If tickets are address-less, forward address-less tickets. - */ - - ret = _krb5_get_krbtgt (context, - ccache, - realm, - &ticket); - if(ret == 0) { - if (ticket->addresses.len == 0) - paddrs = NULL; - krb5_free_creds (context, ticket); + krb5_appdefault_boolean(context, NULL, realm, "no-addresses-ever", + TRUE, &noaddr_ever); + if (!noaddr_ever) { + struct addrinfo *ai; + paddrs = &addrs; + + /* + * If tickets are address-less, forward address-less tickets. + */ + + ret = _krb5_get_krbtgt (context, + ccache, + realm, + &ticket); + if(ret == 0) { + if (ticket->addresses.len == 0) + paddrs = NULL; + krb5_free_creds (context, ticket); + } + + if (paddrs != NULL) { + + ret = getaddrinfo (hostname, NULL, NULL, &ai); + if (ret) { + save_errno = errno; + krb5_set_error_string(context, "resolving %s: %s", + hostname, gai_strerror(ret)); + return krb5_eai_to_heim_errno(ret, save_errno); + } + + ret = add_addrs (context, &addrs, ai); + freeaddrinfo (ai); + if (ret) + return ret; + } } - - if (paddrs != NULL) { - ret = getaddrinfo (hostname, NULL, NULL, &ai); - if (ret) { - save_errno = errno; - krb5_set_error_string(context, "resolving %s: %s", - hostname, gai_strerror(ret)); - return krb5_eai_to_heim_errno(ret, save_errno); - } - - ret = add_addrs (context, &addrs, ai); - freeaddrinfo (ai); - if (ret) - return ret; - } - kdc_flags.b = int2KDCOptions(flags); ret = krb5_get_kdc_cred (context, -- cgit From fb2394d309f33bdccde3a4e17f6fd994d452b425 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 6 Nov 2005 14:15:34 +0000 Subject: r11536: Add a hook for client-principal access control to hdb-ldb, re-using the code in auth/auth_sam.c for consistancy. This will also allow us to have one place for a backend directory hook. I will use a very similar hook to add the PAC. Andrew Bartlett (This used to be commit 4315836cd8c94eb8340c4050804face4d0066810) --- source4/heimdal/kdc/kdc_locl.h | 9 +++++ source4/heimdal/kdc/kerberos5.c | 72 ++++++++++++++++++++---------------- source4/heimdal/kdc/misc.c | 56 ++++++++++++++++++++++++++++ source4/heimdal/lib/hdb/hdb-protos.h | 3 ++ source4/heimdal/lib/hdb/hdb.c | 10 +++++ source4/heimdal/lib/hdb/hdb.h | 21 ++++++++++- 6 files changed, 138 insertions(+), 33 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h index b0501abb8d..8658d33b68 100644 --- a/source4/heimdal/kdc/kdc_locl.h +++ b/source4/heimdal/kdc/kdc_locl.h @@ -71,9 +71,18 @@ krb5_error_code _kdc_db_fetch(krb5_context, krb5_kdc_configuration *, krb5_principal, enum hdb_ent_type, hdb_entry **); +krb5_error_code +_kdc_db_fetch_ex(krb5_context context, + krb5_kdc_configuration *config, + krb5_principal principal, enum hdb_ent_type ent_type, + hdb_entry_ex **h); + void _kdc_free_ent(krb5_context context, hdb_entry *); +void +_kdc_free_ent_ex(krb5_context context, hdb_entry_ex *ent); + void loop(krb5_context context, krb5_kdc_configuration *config); diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 1c02e66211..0df090eef3 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -767,7 +767,8 @@ _kdc_as_rep(krb5_context context, KDC_REQ_BODY *b = &req->req_body; AS_REP rep; KDCOptions f = b->kdc_options; - hdb_entry *client = NULL, *server = NULL; + hdb_entry_ex *client = NULL; + hdb_entry *server = NULL; krb5_enctype cetype, setype; EncTicketPart et; EncKDCRepPart ek; @@ -813,7 +814,7 @@ _kdc_as_rep(krb5_context context, kdc_log(context, config, 0, "AS-REQ %s from %s for %s", client_name, from, server_name); - ret = _kdc_db_fetch(context, config, client_princ, HDB_ENT_TYPE_CLIENT, &client); + ret = _kdc_db_fetch_ex(context, config, client_princ, HDB_ENT_TYPE_CLIENT, &client); if(ret){ kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name, krb5_get_err_text(context, ret)); @@ -830,12 +831,19 @@ _kdc_as_rep(krb5_context context, } ret = _kdc_check_flags(context, config, - client, client_name, + &client->entry, client_name, server, server_name, TRUE); if(ret) goto out; + if (client->check_client_access) { + ret = client->check_client_access(context, client, + b->addresses); + if(ret) + goto out; + } + memset(&et, 0, sizeof(et)); memset(&ek, 0, sizeof(ek)); @@ -875,7 +883,7 @@ _kdc_as_rep(krb5_context context, ret = _kdc_pk_check_client(context, config, client_princ, - client, + &client->entry, pkp, &client_cert); if (ret) { @@ -924,7 +932,7 @@ _kdc_as_rep(krb5_context context, goto out; } - ret = hdb_enctype2key(context, client, enc_data.etype, &pa_key); + ret = hdb_enctype2key(context, &client->entry, enc_data.etype, &pa_key); if(ret){ char *estr; e_text = "No key matches pa-data"; @@ -974,7 +982,7 @@ _kdc_as_rep(krb5_context context, krb5_get_err_text(context, ret)); free(str); - if(hdb_next_enctype2key(context, client, + if(hdb_next_enctype2key(context, &client->entry, enc_data.etype, &pa_key) == 0) goto try_next_key; e_text = "Failed to decrypt PA-DATA"; @@ -1030,7 +1038,7 @@ _kdc_as_rep(krb5_context context, goto out; } }else if (config->require_preauth - || client->flags.require_preauth + || client->entry.flags.require_preauth || server->flags.require_preauth) { METHOD_DATA method_data; PA_DATA *pa; @@ -1058,10 +1066,10 @@ _kdc_as_rep(krb5_context context, /* XXX check ret */ if (only_older_enctype_p(req)) - ret = get_pa_etype_info(context, config, &method_data, client, + ret = get_pa_etype_info(context, config, &method_data, &client->entry, b->etype.val, b->etype.len); /* XXX check ret */ - ret = get_pa_etype_info2(context, config, &method_data, client, + ret = get_pa_etype_info2(context, config, &method_data, &client->entry, b->etype.val, b->etype.len); @@ -1089,7 +1097,7 @@ _kdc_as_rep(krb5_context context, } ret = find_keys(context, config, - client, server, &ckey, &cetype, &skey, &setype, + &client->entry, server, &ckey, &cetype, &skey, &setype, b->etype.val, b->etype.len); if(ret) { kdc_log(context, config, 0, "Server/client has no support for etypes"); @@ -1154,19 +1162,19 @@ _kdc_as_rep(krb5_context context, rep.pvno = 5; rep.msg_type = krb_as_rep; - copy_Realm(&client->principal->realm, &rep.crealm); + copy_Realm(&client->entry.principal->realm, &rep.crealm); if (f.request_anonymous) make_anonymous_principalname (&rep.cname); else _krb5_principal2principalname(&rep.cname, - client->principal); + client->entry.principal); rep.ticket.tkt_vno = 5; copy_Realm(&server->principal->realm, &rep.ticket.realm); _krb5_principal2principalname(&rep.ticket.sname, server->principal); et.flags.initial = 1; - if(client->flags.forwardable && server->flags.forwardable) + if(client->entry.flags.forwardable && server->flags.forwardable) et.flags.forwardable = f.forwardable; else if (f.forwardable) { ret = KRB5KDC_ERR_POLICY; @@ -1174,7 +1182,7 @@ _kdc_as_rep(krb5_context context, "Ticket may not be forwardable -- %s", client_name); goto out; } - if(client->flags.proxiable && server->flags.proxiable) + if(client->entry.flags.proxiable && server->flags.proxiable) et.flags.proxiable = f.proxiable; else if (f.proxiable) { ret = KRB5KDC_ERR_POLICY; @@ -1182,7 +1190,7 @@ _kdc_as_rep(krb5_context context, "Ticket may not be proxiable -- %s", client_name); goto out; } - if(client->flags.postdate && server->flags.postdate) + if(client->entry.flags.postdate && server->flags.postdate) et.flags.may_postdate = f.allow_postdate; else if (f.allow_postdate){ ret = KRB5KDC_ERR_POLICY; @@ -1220,8 +1228,8 @@ _kdc_as_rep(krb5_context context, /* be careful not overflowing */ - if(client->max_life) - t = start + min(t - start, *client->max_life); + if(client->entry.max_life) + t = start + min(t - start, *client->entry.max_life); if(server->max_life) t = start + min(t - start, *server->max_life); #if 0 @@ -1241,8 +1249,8 @@ _kdc_as_rep(krb5_context context, t = *b->rtime; if(t == 0) t = MAX_TIME; - if(client->max_renew) - t = start + min(t - start, *client->max_renew); + if(client->entry.max_renew) + t = start + min(t - start, *client->entry.max_renew); if(server->max_renew) t = start + min(t - start, *server->max_renew); #if 0 @@ -1278,16 +1286,16 @@ _kdc_as_rep(krb5_context context, */ ek.last_req.val = malloc(2 * sizeof(*ek.last_req.val)); ek.last_req.len = 0; - if (client->pw_end + if (client->entry.pw_end && (config->kdc_warn_pwexpire == 0 - || kdc_time + config->kdc_warn_pwexpire <= *client->pw_end)) { + || kdc_time + config->kdc_warn_pwexpire <= *client->entry.pw_end)) { ek.last_req.val[ek.last_req.len].lr_type = LR_PW_EXPTIME; - ek.last_req.val[ek.last_req.len].lr_value = *client->pw_end; + ek.last_req.val[ek.last_req.len].lr_value = *client->entry.pw_end; ++ek.last_req.len; } - if (client->valid_end) { + if (client->entry.valid_end) { ek.last_req.val[ek.last_req.len].lr_type = LR_ACCT_EXPTIME; - ek.last_req.val[ek.last_req.len].lr_value = *client->valid_end; + ek.last_req.val[ek.last_req.len].lr_value = *client->entry.valid_end; ++ek.last_req.len; } if (ek.last_req.len == 0) { @@ -1296,15 +1304,15 @@ _kdc_as_rep(krb5_context context, ++ek.last_req.len; } ek.nonce = b->nonce; - if (client->valid_end || client->pw_end) { + if (client->entry.valid_end || client->entry.pw_end) { ALLOC(ek.key_expiration); - if (client->valid_end) { - if (client->pw_end) - *ek.key_expiration = min(*client->valid_end, *client->pw_end); + if (client->entry.valid_end) { + if (client->entry.pw_end) + *ek.key_expiration = min(*client->entry.valid_end, *client->entry.pw_end); else - *ek.key_expiration = *client->valid_end; + *ek.key_expiration = *client->entry.valid_end; } else - *ek.key_expiration = *client->pw_end; + *ek.key_expiration = *client->entry.pw_end; } else ek.key_expiration = NULL; ek.flags = et.flags; @@ -1352,7 +1360,7 @@ _kdc_as_rep(krb5_context context, ret = encode_reply(context, config, &rep, &et, &ek, setype, server->kvno, &skey->key, - client->kvno, reply_key, &e_text, reply); + client->entry.kvno, reply_key, &e_text, reply); free_EncTicketPart(&et); free_EncKDCRepPart(&ek); out: @@ -1381,7 +1389,7 @@ _kdc_as_rep(krb5_context context, krb5_free_principal(context, server_princ); free(server_name); if(client) - _kdc_free_ent(context, client); + _kdc_free_ent_ex(context, client); if(server) _kdc_free_ent(context, server); return ret; diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c index 5a251607b6..b14bb50ea5 100644 --- a/source4/heimdal/kdc/misc.c +++ b/source4/heimdal/kdc/misc.c @@ -82,3 +82,59 @@ _kdc_free_ent(krb5_context context, hdb_entry *ent) free (ent); } +krb5_error_code +_kdc_db_fetch_ex(krb5_context context, + krb5_kdc_configuration *config, + krb5_principal principal, enum hdb_ent_type ent_type, + hdb_entry_ex **h) +{ + hdb_entry_ex *ent; + krb5_error_code ret = HDB_ERR_NOENTRY; + int i; + + ent = malloc (sizeof (*ent)); + if (ent == NULL) + return ENOMEM; + memset(ent, '\0', sizeof(*ent)); + + ent->entry.principal = principal; + + for(i = 0; i < config->num_db; i++) { + ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0); + if (ret) { + kdc_log(context, config, 0, "Failed to open database: %s", + krb5_get_err_text(context, ret)); + continue; + } + if (config->db[i]->hdb_fetch_ex) { + ret = config->db[i]->hdb_fetch_ex(context, + config->db[i], + HDB_F_DECRYPT, + principal, + ent_type, + ent); + } else { + ret = config->db[i]->hdb_fetch(context, + config->db[i], + HDB_F_DECRYPT, + principal, + ent_type, + &ent->entry); + } + config->db[i]->hdb_close(context, config->db[i]); + if(ret == 0) { + *h = ent; + return 0; + } + } + free(ent); + return ret; +} + +void +_kdc_free_ent_ex(krb5_context context, hdb_entry_ex *ent) +{ + hdb_free_entry_ex (context, ent); + free (ent); +} + diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h index 799f013eba..7557b46bff 100644 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -119,6 +119,9 @@ hdb_free_entry ( krb5_context /*context*/, hdb_entry */*ent*/); +void +hdb_free_entry_ex(krb5_context context, hdb_entry_ex *ent); + void hdb_free_key (Key */*key*/); diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index c66579fab0..e8161afbc1 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -144,6 +144,16 @@ hdb_free_entry(krb5_context context, hdb_entry *ent) free_hdb_entry(ent); } +void +hdb_free_entry_ex(krb5_context context, hdb_entry_ex *ent) +{ + if (ent->free_private) { + ent->free_private(context, ent); + } + + free_hdb_entry(&ent->entry); +} + krb5_error_code hdb_foreach(krb5_context context, HDB *db, diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index fe86f0ae72..41cc03cf36 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -54,6 +54,23 @@ enum hdb_ent_type{ HDB_ENT_TYPE_CLIENT, HDB_ENT_TYPE_SERVER, HDB_ENT_TYPE_ANY }; typedef struct hdb_master_key_data *hdb_master_key; +typedef struct hdb_entry_ex { + struct hdb_entry entry; + void *private; + + krb5_error_code (*free_private)(krb5_context, struct hdb_entry_ex *); + krb5_error_code (*check_client_access)(krb5_context, struct hdb_entry_ex *, HostAddresses *); + krb5_error_code (*authz_data_as_req)(krb5_context, struct hdb_entry_ex *, + AuthorizationData *in, + EncryptionKey *tgtkey, + AuthorizationData *out); + krb5_error_code (*authz_data_tgs_req)(krb5_context, struct hdb_entry_ex *, + AuthorizationData *in, + EncryptionKey *tgtkey, + EncryptionKey *servicekey, + AuthorizationData *out); +} hdb_entry_ex; + typedef struct HDB{ void *hdb_db; void *hdb_dbc; @@ -66,6 +83,8 @@ typedef struct HDB{ krb5_error_code (*hdb_close)(krb5_context, struct HDB*); krb5_error_code (*hdb_fetch)(krb5_context,struct HDB*,unsigned hdb_flags, krb5_const_principal principal, enum hdb_ent_type ent_type, hdb_entry*); + krb5_error_code (*hdb_fetch_ex)(krb5_context,struct HDB*,unsigned hdb_flags, krb5_const_principal principal, + enum hdb_ent_type ent_type, hdb_entry_ex*); krb5_error_code (*hdb_store)(krb5_context,struct HDB*,unsigned,hdb_entry*); krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry*); krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*, @@ -82,7 +101,7 @@ typedef struct HDB{ krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*); }HDB; -#define HDB_INTERFACE_VERSION 2 +#define HDB_INTERFACE_VERSION 3 struct hdb_so_method { int version; -- cgit From 7bfbe8af7e9556c3f11579dab965718325006b3a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 7 Nov 2005 02:24:50 +0000 Subject: r11541: More logical (I think...) delegation semantics. Andrew Bartlett (This used to be commit 6bb1b244284a209ebcb50c17ad59d4528658da0b) --- source4/heimdal/lib/gssapi/init_sec_context.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c index 06aba8f785..e7e8f5153e 100644 --- a/source4/heimdal/lib/gssapi/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/init_sec_context.c @@ -407,20 +407,24 @@ gsskrb5_initiator_start ap_options = 0; /* - * If the realm policy approves a delegation, lets check local - * policy if the credentials should be delegated, defafult to - * false. + * The KDC may have issued us a service ticket marked NOT + * ok-as-delegate. We may still wish to force the matter, and to + * allow this we check a per-realm gssapi [appdefaults] config + * option. If ok-as-delegate in the config file is set to TRUE + * (default FALSE) and our caller has so requested, we will still + * attempt to forward the ticket. + * + * Otherwise, strip the GSS_C_DELEG_FLAG (so we don't attempt a + * delegation) */ - if (cred->flags.b.ok_as_delegate) { - krb5_boolean delegate = FALSE; + if (!cred->flags.b.ok_as_delegate) { + krb5_boolean delegate; - _gss_check_compat(NULL, target_name, "ok-as-delegate", - &delegate, TRUE); krb5_appdefault_boolean(gssapi_krb5_context, "gssapi", target_name->realm, - "ok-as-delegate", delegate, &delegate); - if (delegate) - req_flags |= GSS_C_DELEG_FLAG; + "ok-as-delegate", FALSE, &delegate); + if (!delegate) + req_flags &= ~GSS_C_DELEG_FLAG; } if (req_flags & GSS_C_DELEG_FLAG) { -- cgit From f7ca7308490c5bb41c6e42e7fe52f6b2586d3d5d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 7 Nov 2005 02:25:37 +0000 Subject: r11542: Add the netbios name type. We will need it when we start to handle allowedWorkstations on Krb5. Andrew Bartlett (This used to be commit dbf73a82fc7d1f82e2ad45e545cefdd9a5b24215) --- source4/heimdal/lib/krb5/krb5.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index ef595d4d20..fe9a0e5e7a 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -233,6 +233,7 @@ typedef struct krb5_preauthdata { typedef enum krb5_address_type { KRB5_ADDRESS_INET = 2, + KRB5_ADDRESS_NETBIOS = 20, KRB5_ADDRESS_INET6 = 24, KRB5_ADDRESS_ADDRPORT = 256, KRB5_ADDRESS_IPPORT = 257 -- cgit From 918c7634c21deb0aa89388bb3d9e147bfc8576c8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 7 Nov 2005 02:29:37 +0000 Subject: r11543: A major upgrade to our KDC and PAC handling. We now put the PAC in the AS-REP, so that the client has it in the TGT. We then validate it (and re-sign it) on a TGS-REQ, ie when the client wants a ticket. This should also allow us to interop with windows KDCs. If we get an invalid PAC at the TGS stage, we just drop it. I'm slowly trying to move the application logic out of hdb-ldb.c, and back in with the rest of Samba's auth system, for consistancy. This continues that trend. Andrew Bartlett (This used to be commit 36973b1eef7db5983cce76ba241e54d5f925c69c) --- source4/heimdal/kdc/kerberos5.c | 108 +++++++++++++------------------- source4/heimdal/lib/hdb/hdb.h | 11 +++- source4/heimdal/lib/krb5/krb5-private.h | 8 +++ source4/heimdal/lib/krb5/mk_req.c | 2 + source4/heimdal/lib/krb5/ticket.c | 27 +++++--- 5 files changed, 80 insertions(+), 76 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 0df090eef3..a1a607329a 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -32,9 +32,6 @@ */ #include "kdc_locl.h" -#ifdef _SAMBA_BUILD_ -#include "kdc/pac-glue.h" -#endif RCSID("$Id: kerberos5.c,v 1.177 2005/06/15 11:34:53 lha Exp $"); @@ -1355,6 +1352,18 @@ _kdc_as_rep(krb5_context context, rep.padata = NULL; } + /* Add the PAC, via a HDB abstraction */ + if (client->authz_data_as_req) { + ret = client->authz_data_as_req(context, client, + req->padata, + et.authtime, + &skey->key, + &et.key, + &et.authorization_data); + if (ret) + goto out; + } + log_timestamp(context, config, "AS-REQ", et.authtime, et.starttime, et.endtime, et.renew_till); @@ -1640,7 +1649,7 @@ tgs_make_reply(krb5_context context, EncTicketPart *adtkt, AuthorizationData *auth_data, krb5_ticket *tgs_ticket, - hdb_entry *server, + hdb_entry_ex *server, hdb_entry *client, krb5_principal client_principal, hdb_entry *krbtgt, @@ -1657,6 +1666,7 @@ tgs_make_reply(krb5_context context, krb5_enctype etype; Key *skey; EncryptionKey *ekey; + AuthorizationData *new_auth_data = NULL; if(adtkt) { int i; @@ -1674,7 +1684,7 @@ tgs_make_reply(krb5_context context, etype = b->etype.val[i]; }else{ ret = find_keys(context, config, - NULL, server, NULL, NULL, &skey, &etype, + NULL, &server->entry, NULL, NULL, &skey, &etype, b->etype.val, b->etype.len); if(ret) { kdc_log(context, config, 0, "Server has no support for etypes"); @@ -1728,14 +1738,14 @@ tgs_make_reply(krb5_context context, GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK), &tgt->transited, &et, *krb5_princ_realm(context, client_principal), - *krb5_princ_realm(context, server->principal), + *krb5_princ_realm(context, server->entry.principal), *krb5_princ_realm(context, krbtgt->principal)); if(ret) goto out; - copy_Realm(krb5_princ_realm(context, server->principal), + copy_Realm(krb5_princ_realm(context, server->entry.principal), &rep.ticket.realm); - _krb5_principal2principalname(&rep.ticket.sname, server->principal); + _krb5_principal2principalname(&rep.ticket.sname, server->entry.principal); copy_Realm(&tgt->crealm, &rep.crealm); if (f.request_anonymous) make_anonymous_principalname (&tgt->cname); @@ -1752,8 +1762,8 @@ tgs_make_reply(krb5_context context, life = et.endtime - *et.starttime; if(client && client->max_life) life = min(life, *client->max_life); - if(server->max_life) - life = min(life, *server->max_life); + if(server->entry.max_life) + life = min(life, *server->entry.max_life); et.endtime = *et.starttime + life; } if(f.renewable_ok && tgt->flags.renewable && @@ -1767,8 +1777,8 @@ tgs_make_reply(krb5_context context, renew = *et.renew_till - et.authtime; if(client && client->max_renew) renew = min(renew, *client->max_renew); - if(server->max_renew) - renew = min(renew, *server->max_renew); + if(server->entry.max_renew) + renew = min(renew, *server->entry.max_renew); *et.renew_till = et.authtime + renew; } @@ -1793,61 +1803,28 @@ tgs_make_reply(krb5_context context, et.flags.pre_authent = tgt->flags.pre_authent; et.flags.hw_authent = tgt->flags.hw_authent; et.flags.anonymous = tgt->flags.anonymous; - et.flags.ok_as_delegate = server->flags.ok_as_delegate; + et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate; -#ifdef _SAMBA_BUILD_ - - { - - unsigned char *buf; - size_t buf_size; - size_t len; - - krb5_data pac; - AD_IF_RELEVANT *if_relevant; - ALLOC(if_relevant); - if_relevant->len = 1; - if_relevant->val = malloc(sizeof(*if_relevant->val)); - if_relevant->val[0].ad_type = KRB5_AUTHDATA_WIN2K_PAC; - if_relevant->val[0].ad_data.data = NULL; - if_relevant->val[0].ad_data.length = 0; - - /* Get PAC from Samba */ - ret = samba_get_pac(context, config, - client->principal, - tgtkey, - ekey, - tgs_ticket->ticket.authtime, - &pac); - if (ret) { - free_AuthorizationData(if_relevant); - goto out; - } - - /* pac.data will be freed with this */ - if_relevant->val[0].ad_data.data = pac.data; - if_relevant->val[0].ad_data.length = pac.length; + + krb5_generate_random_keyblock(context, etype, &et.key); - ASN1_MALLOC_ENCODE(AuthorizationData, buf, buf_size, if_relevant, &len, ret); - free_AuthorizationData(if_relevant); - - auth_data = NULL; - ALLOC(auth_data); - auth_data->len = 1; - auth_data->val = malloc(sizeof(*auth_data->val)); - auth_data->val[0].ad_type = KRB5_AUTHDATA_IF_RELEVANT; - auth_data->val[0].ad_data.length = len; - auth_data->val[0].ad_data.data = buf; + if (server->authz_data_tgs_req) { + ret = server->authz_data_tgs_req(context, server, + client_principal, + tgs_ticket->ticket.authorization_data, + tgs_ticket->ticket.authtime, + tgtkey, + ekey, + &et.key, + &new_auth_data); if (ret) { - goto out; + new_auth_data = NULL; } } -#endif /* XXX Check enc-authorization-data */ - et.authorization_data = auth_data; + et.authorization_data = new_auth_data; - krb5_generate_random_keyblock(context, etype, &et.key); et.crealm = tgt->crealm; et.cname = tgt->cname; @@ -1878,7 +1855,7 @@ tgs_make_reply(krb5_context context, etype list, even if we don't want a session key with DES3? */ ret = encode_reply(context, config, - &rep, &et, &ek, etype, adtkt ? 0 : server->kvno, ekey, + &rep, &et, &ek, etype, adtkt ? 0 : server->entry.kvno, ekey, 0, &tgt->key, e_text, reply); out: free_TGS_REP(&rep); @@ -2228,7 +2205,8 @@ tgs_rep2(krb5_context context, PrincipalName *s; Realm r; char *spn = NULL, *cpn = NULL; - hdb_entry *server = NULL, *client = NULL; + hdb_entry_ex *server = NULL; + hdb_entry *client = NULL; int nloop = 0; EncTicketPart adtkt; char opt_str[128]; @@ -2295,7 +2273,7 @@ tgs_rep2(krb5_context context, kdc_log(context, config, 0, "TGS-REQ %s from %s for %s", cpn, from, spn); server_lookup: - ret = _kdc_db_fetch(context, config, sp, HDB_ENT_TYPE_SERVER, &server); + ret = _kdc_db_fetch_ex(context, config, sp, HDB_ENT_TYPE_SERVER, &server); if(ret){ const char *new_rlm; @@ -2376,7 +2354,7 @@ tgs_rep2(krb5_context context, ret = _kdc_check_flags(context, config, client, cpn, - server, spn, + &server->entry, spn, FALSE); if(ret) goto out; @@ -2384,7 +2362,7 @@ tgs_rep2(krb5_context context, if((b->kdc_options.validate || b->kdc_options.renew) && !krb5_principal_compare(context, krbtgt->principal, - server->principal)){ + server->entry.principal)){ kdc_log(context, config, 0, "Inconsistent request."); ret = KRB5KDC_ERR_SERVER_NOMATCH; goto out; @@ -2417,7 +2395,7 @@ tgs_rep2(krb5_context context, free(cpn); if(server) - _kdc_free_ent(context, server); + _kdc_free_ent_ex(context, server); if(client) _kdc_free_ent(context, client); } diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index 41cc03cf36..45ea5a9f30 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -61,14 +61,19 @@ typedef struct hdb_entry_ex { krb5_error_code (*free_private)(krb5_context, struct hdb_entry_ex *); krb5_error_code (*check_client_access)(krb5_context, struct hdb_entry_ex *, HostAddresses *); krb5_error_code (*authz_data_as_req)(krb5_context, struct hdb_entry_ex *, - AuthorizationData *in, + METHOD_DATA* pa_data_seq, + time_t authtime, EncryptionKey *tgtkey, - AuthorizationData *out); + EncryptionKey *sessionkey, + AuthorizationData **out); krb5_error_code (*authz_data_tgs_req)(krb5_context, struct hdb_entry_ex *, + krb5_principal client, AuthorizationData *in, + time_t authtime, EncryptionKey *tgtkey, EncryptionKey *servicekey, - AuthorizationData *out); + EncryptionKey *sessionkey, + AuthorizationData **out); } hdb_entry_ex; typedef struct HDB{ diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 07d9329337..2645c29fe7 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -399,4 +399,12 @@ _krb5_xunlock ( krb5_context /*context*/, int /*fd*/); +int +_krb5_find_type_in_ad(krb5_context context, + int type, + krb5_data *data, + int *found, + krb5_keyblock *sessionkey, + const AuthorizationData *ad); + #endif /* __krb5_private_h__ */ diff --git a/source4/heimdal/lib/krb5/mk_req.c b/source4/heimdal/lib/krb5/mk_req.c index adc077e13f..44e5d9c222 100644 --- a/source4/heimdal/lib/krb5/mk_req.c +++ b/source4/heimdal/lib/krb5/mk_req.c @@ -64,7 +64,9 @@ krb5_mk_req_exact(krb5_context context, if (auth_context && *auth_context && (*auth_context)->keytype) this_cred.session.keytype = (*auth_context)->keytype; + /* This is the network contact with the KDC */ ret = krb5_get_credentials (context, 0, ccache, &this_cred, &cred); + krb5_free_cred_contents(context, &this_cred); if (ret) return ret; diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c index 7dae26acf2..b3efeb39d3 100644 --- a/source4/heimdal/lib/krb5/ticket.c +++ b/source4/heimdal/lib/krb5/ticket.c @@ -101,8 +101,8 @@ static int find_type_in_ad(krb5_context context, int type, krb5_data *data, - int *found, - int failp, + krb5_boolean *found, + krb5_boolean failp, krb5_keyblock *sessionkey, const AuthorizationData *ad, int level) @@ -129,7 +129,7 @@ find_type_in_ad(krb5_context context, krb5_set_error_string(context, "malloc - out of memory"); goto out; } - *found = 1; + *found = TRUE; continue; } switch (ad->val[i].ad_type) { @@ -228,6 +228,19 @@ out: return ret; } +int +_krb5_find_type_in_ad(krb5_context context, + int type, + krb5_data *data, + krb5_boolean *found, + krb5_keyblock *sessionkey, + const AuthorizationData *ad) +{ + krb5_data_zero(data); + return find_type_in_ad(context, type, data, found, TRUE, sessionkey, ad, 0); +} + + /* * Extract the authorization data type of `type' from the * 'ticket'. Store the field in `data'. This function is to use for @@ -242,9 +255,7 @@ krb5_ticket_get_authorization_data_type(krb5_context context, { AuthorizationData *ad; krb5_error_code ret; - int found = 0; - - krb5_data_zero(data); + krb5_boolean found = 0; ad = ticket->ticket.authorization_data; if (ticket->ticket.authorization_data == NULL) { @@ -252,8 +263,8 @@ krb5_ticket_get_authorization_data_type(krb5_context context, return ENOENT; /* XXX */ } - ret = find_type_in_ad(context, type, data, &found, 1, &ticket->ticket.key, - ticket->ticket.authorization_data, 0); + ret = _krb5_find_type_in_ad(context, type, data, &found, &ticket->ticket.key, + ticket->ticket.authorization_data); if (ret) return ret; if (!found) { -- cgit From 30d164d9f08af7edde9c417650b60d354e02c61c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 8 Nov 2005 01:17:41 +0000 Subject: r11568: Debuging aids: Let the administrator know when a key/entry expired, rather than just the fact of the expiry. Andrew Bartlett (This used to be commit 31c4ab26d7ab1e550c2ecc7c3ae6c44b87140aa3) --- source4/heimdal/kdc/kerberos5.c | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index a1a607329a..3577a14e5f 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -661,21 +661,32 @@ _kdc_check_flags(krb5_context context, } if (client->valid_start && *client->valid_start > kdc_time) { + char starttime_str[100]; + krb5_format_time(context, *client->valid_start, + starttime_str, sizeof(starttime_str), TRUE); kdc_log(context, config, 0, - "Client not yet valid -- %s", client_name); + "Client not yet valid until %s -- %s", + starttime_str, + client_name); return KRB5KDC_ERR_CLIENT_NOTYET; } if (client->valid_end && *client->valid_end < kdc_time) { + char endtime_str[100]; + krb5_format_time(context, *client->valid_end, + endtime_str, sizeof(endtime_str), TRUE); kdc_log(context, config, 0, - "Client expired -- %s", client_name); + "Client expired at %s -- %s", endtime_str, client_name); return KRB5KDC_ERR_NAME_EXP; } if (client->pw_end && *client->pw_end < kdc_time && !server->flags.change_pw) { + char pwend_str[100]; + krb5_format_time(context, *client->pw_end, + pwend_str, sizeof(pwend_str), TRUE); kdc_log(context, config, 0, - "Client's key has expired -- %s", client_name); + "Client's key has expired at %s -- %s", pwend_str, client_name); return KRB5KDC_ERR_KEY_EXPIRED; } } @@ -702,20 +713,31 @@ _kdc_check_flags(krb5_context context, } if (server->valid_start && *server->valid_start > kdc_time) { + char starttime_str[100]; + krb5_format_time(context, *server->valid_start, + starttime_str, sizeof(starttime_str), TRUE); kdc_log(context, config, 0, - "Server not yet valid -- %s", server_name); + "Server not yet valid until %s -- %s", server_name); return KRB5KDC_ERR_SERVICE_NOTYET; } if (server->valid_end && *server->valid_end < kdc_time) { + char endtime_str[100]; + krb5_format_time(context, *server->valid_end, + endtime_str, sizeof(endtime_str), TRUE); kdc_log(context, config, 0, - "Server expired -- %s", server_name); + "Server expired at %s -- %s", + endtime_str, server_name); return KRB5KDC_ERR_SERVICE_EXP; } if (server->pw_end && *server->pw_end < kdc_time) { + char pwend_str[100]; + krb5_format_time(context, *server->pw_end, + pwend_str, sizeof(pwend_str), TRUE); kdc_log(context, config, 0, - "Server's key has expired -- %s", server_name); + "Server's key has expired at -- %s", + pwend_str, server_name); return KRB5KDC_ERR_KEY_EXPIRED; } } -- cgit From ef9ec9583d2efa78220edd65bd93ead955792b3e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 27 Nov 2005 02:02:44 +0000 Subject: r11930: Add socket/packet handling code for kpasswdd Allow ticket requests with only a netbios name to be considered 'null' addresses, and therefore allowed by default. Use the netbios address as the workstation name for the allowed workstations check with krb5. Andrew Bartlett (This used to be commit 328fa186f2df5cdd42be679d92b5f07f7ed22d87) --- source4/heimdal/kdc/kerberos5.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 3577a14e5f..ccfa35b638 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -758,11 +758,27 @@ check_addresses(krb5_context context, krb5_error_code ret; krb5_address addr; krb5_boolean result; - + krb5_boolean only_netbios = TRUE; + int i; + if(config->check_ticket_addresses == 0) return TRUE; - if(addresses == NULL) + if(addresses == NULL) + return config->allow_null_ticket_addresses; + + for (i = 0; i < addresses->len; ++i) { + if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) { + only_netbios = FALSE; + } + } + + /* Windows sends it's netbios name, which I can only assume is + * used for the 'allowed workstations' check. This is painful, but + * we still want to check IP addresses if they happen to be + * present. */ + + if(only_netbios) return config->allow_null_ticket_addresses; ret = krb5_sockaddr2address (context, from, &addr); -- cgit From 68049cfac3bed210aaf5195e7ff749709e4cd1f3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 27 Nov 2005 02:03:42 +0000 Subject: r11931: Add a short README explaining what this directory is all about. Andrew Bartlett (This used to be commit eaf8777e449f70f5694f29199c18f26b9647d558) --- source4/heimdal/README | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 source4/heimdal/README (limited to 'source4/heimdal') diff --git a/source4/heimdal/README b/source4/heimdal/README new file mode 100644 index 0000000000..131cc574fb --- /dev/null +++ b/source4/heimdal/README @@ -0,0 +1,6 @@ +This directory contains a copy of portions of a project known as +'lorikeet-heimdal', a branch of the Heimdal Kerberos distribution. + +The purpose of these files is to provide kerberos support to Samba4 in +a predicatable manner, without reliance on the system kerberos +libraries. -- cgit From 3a3c53327a44cb875becc070c79f0e14be19f56c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 28 Nov 2005 07:59:46 +0000 Subject: r11940: Love has clarified why this code does what it does. Andrew Bartlett (This used to be commit 9b3dedbc0bb12897a8f9bd4ec864de26b3835981) --- source4/heimdal/kdc/kerberos5.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index ccfa35b638..565c7478f9 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -1099,6 +1099,12 @@ _kdc_as_rep(krb5_context context, pa->padata_value.data = NULL; #endif + /* RFC4120 requires: + - If the client only knows about old enctypes, then send both info replies + (we send 'info' first in the list). + - If the client is 'modern', because it knows about 'new' enc types, then + only send the 'info2' reply. + */ /* XXX check ret */ if (only_older_enctype_p(req)) ret = get_pa_etype_info(context, config, &method_data, &client->entry, -- cgit From 9c6b7f2d62e134a4bc15efc04e05be25e4a53dc7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 1 Dec 2005 05:20:39 +0000 Subject: r11995: A big kerberos-related update. This merges Samba4 up to current lorikeet-heimdal, which includes a replacement for some Samba-specific hacks. In particular, the credentials system now supplies GSS client and server credentials. These are imported into GSS with gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY keytab, so we now create a FILE based keytab as provision and join time. Because the keytab is now created in advance, we don't spend .4s at negprot doing sha1 s2k calls. Also, because the keytab is read in real time, any change in the server key will be correctly picked up by the the krb5 code. To mark entries in the secrets which should be exported to a keytab, there is a new kerberosSecret objectClass. The new routine cli_credentials_update_all_keytabs() searches for these, and updates the keytabs. This is called in the provision.js via the ejs wrapper credentials_update_all_keytabs(). We can now (in theory) use a system-provided /etc/krb5.keytab, if krb5Keytab: FILE:/etc/krb5.keytab is added to the secrets.ldb record. By default the attribute privateKeytab: secrets.keytab is set, pointing to allow the whole private directory to be moved without breaking the internal links. (This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d) --- source4/heimdal/kdc/kerberos5.c | 25 ++--- source4/heimdal/lib/gssapi/accept_sec_context.c | 106 ++++++-------------- source4/heimdal/lib/gssapi/acquire_cred.c | 50 ++-------- source4/heimdal/lib/gssapi/arcfour.c | 8 +- source4/heimdal/lib/gssapi/copy_ccache.c | 123 ++++++++++++++++-------- source4/heimdal/lib/gssapi/gssapi.h | 21 +--- source4/heimdal/lib/gssapi/gssapi_locl.h | 2 +- source4/heimdal/lib/gssapi/init_sec_context.c | 2 +- source4/heimdal/lib/gssapi/release_cred.c | 2 +- source4/heimdal/lib/hdb/db.c | 6 +- source4/heimdal/lib/hdb/hdb-protos.h | 4 +- source4/heimdal/lib/hdb/ndbm.c | 2 + source4/heimdal/lib/krb5/cache.c | 37 ++++++- source4/heimdal/lib/krb5/get_for_creds.c | 22 ++--- source4/heimdal/lib/krb5/keytab.c | 36 ++++++- source4/heimdal/lib/krb5/krb5-private.h | 17 ++-- source4/heimdal/lib/krb5/krb5-protos.h | 12 +++ source4/heimdal/lib/krb5/rd_cred.c | 2 +- 18 files changed, 258 insertions(+), 219 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 565c7478f9..6f6203a92c 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c,v 1.177 2005/06/15 11:34:53 lha Exp $"); +RCSID("$Id: kerberos5.c,v 1.198 2005/11/28 20:33:57 lha Exp $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -666,8 +666,7 @@ _kdc_check_flags(krb5_context context, starttime_str, sizeof(starttime_str), TRUE); kdc_log(context, config, 0, "Client not yet valid until %s -- %s", - starttime_str, - client_name); + starttime_str, client_name); return KRB5KDC_ERR_CLIENT_NOTYET; } @@ -676,7 +675,8 @@ _kdc_check_flags(krb5_context context, krb5_format_time(context, *client->valid_end, endtime_str, sizeof(endtime_str), TRUE); kdc_log(context, config, 0, - "Client expired at %s -- %s", endtime_str, client_name); + "Client expired at %s -- %s", + endtime_str, client_name); return KRB5KDC_ERR_NAME_EXP; } @@ -686,7 +686,8 @@ _kdc_check_flags(krb5_context context, krb5_format_time(context, *client->pw_end, pwend_str, sizeof(pwend_str), TRUE); kdc_log(context, config, 0, - "Client's key has expired at %s -- %s", pwend_str, client_name); + "Client's key has expired at %s -- %s", + pwend_str, client_name); return KRB5KDC_ERR_KEY_EXPIRED; } } @@ -717,7 +718,8 @@ _kdc_check_flags(krb5_context context, krb5_format_time(context, *server->valid_start, starttime_str, sizeof(starttime_str), TRUE); kdc_log(context, config, 0, - "Server not yet valid until %s -- %s", server_name); + "Server not yet valid until %s -- %s", + starttime_str, server_name); return KRB5KDC_ERR_SERVICE_NOTYET; } @@ -1099,11 +1101,12 @@ _kdc_as_rep(krb5_context context, pa->padata_value.data = NULL; #endif - /* RFC4120 requires: - - If the client only knows about old enctypes, then send both info replies - (we send 'info' first in the list). - - If the client is 'modern', because it knows about 'new' enc types, then - only send the 'info2' reply. + /* + * RFC4120 requires: + * - If the client only knows about old enctypes, then send + * both info replies (we send 'info' first in the list). + * - If the client is 'modern', because it knows about 'new' + * enctype types, then only send the 'info2' reply. */ /* XXX check ret */ if (only_older_enctype_p(req)) diff --git a/source4/heimdal/lib/gssapi/accept_sec_context.c b/source4/heimdal/lib/gssapi/accept_sec_context.c index 5d43cdcb43..9ca60a6cdd 100644 --- a/source4/heimdal/lib/gssapi/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/accept_sec_context.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: accept_sec_context.c,v 1.53 2005/05/29 15:12:41 lha Exp $"); +RCSID("$Id: accept_sec_context.c,v 1.55 2005/11/25 15:57:35 lha Exp $"); HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER; krb5_keytab gssapi_krb5_keytab; @@ -125,66 +125,24 @@ gsskrb5_accept_delegated_token krb5_principal principal = (*context_handle)->source; krb5_ccache ccache = NULL; krb5_error_code kret; - int32_t ac_flags, ret; - gss_cred_id_t handle = NULL; + int32_t ac_flags, ret = GSS_S_COMPLETE; - if (delegated_cred_handle == NULL) { - /* XXX Create a new delegated_cred_handle? */ - - ret = 0; + *minor_status = 0; + /* XXX Create a new delegated_cred_handle? */ + if (delegated_cred_handle == NULL) kret = krb5_cc_default (gssapi_krb5_context, &ccache); - if (kret) { - *flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } - } else { - - *delegated_cred_handle = NULL; - - handle = calloc(1, sizeof(*handle)); - if (handle == NULL) { - ret = GSS_S_FAILURE; - *minor_status = ENOMEM; - krb5_set_error_string(gssapi_krb5_context, "out of memory"); - gssapi_krb5_set_error_string(); - *flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } - if ((ret = gss_duplicate_name(minor_status, principal, - &handle->principal)) != 0) { - *flags &= ~GSS_C_DELEG_FLAG; - ret = 0; - goto end_fwd; - } - kret = krb5_cc_gen_new (gssapi_krb5_context, - &krb5_mcc_ops, - &handle->ccache); - if (kret) { - *flags &= ~GSS_C_DELEG_FLAG; - ret = 0; - goto end_fwd; - } - ccache = handle->ccache; - - ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); - if (ret) { - *flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } - ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &handle->mechanisms); - if (ret) { - *flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } + else + kret = krb5_cc_gen_new (gssapi_krb5_context, &krb5_mcc_ops, &ccache); + if (kret) { + *flags &= ~GSS_C_DELEG_FLAG; + goto out; } kret = krb5_cc_initialize(gssapi_krb5_context, ccache, principal); if (kret) { *flags &= ~GSS_C_DELEG_FLAG; - ret = 0; - goto end_fwd; + goto out; } krb5_auth_con_removeflags(gssapi_krb5_context, @@ -204,29 +162,29 @@ gsskrb5_accept_delegated_token *flags &= ~GSS_C_DELEG_FLAG; ret = GSS_S_FAILURE; *minor_status = kret; - goto end_fwd; + goto out; } - end_fwd: - /* if there was some kind of failure, clean up internal structures */ - if ((*flags & GSS_C_DELEG_FLAG) == 0) { - if (handle) { - if (handle->principal) - gss_release_name(minor_status, &handle->principal); - if (handle->mechanisms) - gss_release_oid_set(NULL, &handle->mechanisms); - if (handle->ccache) - krb5_cc_destroy(gssapi_krb5_context, handle->ccache); - free(handle); - handle = NULL; - } + + if (delegated_cred_handle) { + ret = gss_krb5_import_cred(minor_status, + ccache, + NULL, + NULL, + delegated_cred_handle); + if (ret != GSS_S_COMPLETE) + goto out; + + (*delegated_cred_handle)->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE; + ccache = NULL; } - if (delegated_cred_handle == NULL) { - if (ccache) + +out: + if (ccache) { + if (delegated_cred_handle == NULL) krb5_cc_close(gssapi_krb5_context, ccache); + else + krb5_cc_destroy(gssapi_krb5_context, ccache); } - if (handle) - *delegated_cred_handle = handle; - return ret; } @@ -1054,7 +1012,7 @@ spnego_accept_sec_context if(len > data.length - taglen) return ASN1_OVERRUN; - ret = decode_NegTokenInit((const char *)data.data + taglen, len, + ret = decode_NegTokenInit((const unsigned char *)data.data + taglen, len, &ni, &ni_len); if (ret) return GSS_S_DEFECTIVE_TOKEN; @@ -1065,7 +1023,7 @@ spnego_accept_sec_context } for (i = 0; !found && i < ni.mechTypes->len; ++i) { - char mechbuf[17]; + unsigned char mechbuf[17]; size_t mech_len; ret = der_put_oid (mechbuf + sizeof(mechbuf) - 1, diff --git a/source4/heimdal/lib/gssapi/acquire_cred.c b/source4/heimdal/lib/gssapi/acquire_cred.c index d67b400920..44dbef3c48 100644 --- a/source4/heimdal/lib/gssapi/acquire_cred.c +++ b/source4/heimdal/lib/gssapi/acquire_cred.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: acquire_cred.c,v 1.24 2005/10/26 11:25:16 lha Exp $"); +RCSID("$Id: acquire_cred.c,v 1.25 2005/11/02 08:56:25 lha Exp $"); OM_uint32 _gssapi_krb5_ccache_lifetime(OM_uint32 *minor_status, @@ -106,7 +106,6 @@ get_keytab(krb5_context context, krb5_keytab *keytab) static OM_uint32 acquire_initiator_cred (OM_uint32 * minor_status, krb5_context context, - krb5_keytab keytab, const gss_name_t desired_name, OM_uint32 time_req, const gss_OID_set desired_mechs, @@ -122,7 +121,7 @@ static OM_uint32 acquire_initiator_cred krb5_get_init_creds_opt *opt; krb5_ccache ccache; krb5_error_code kret; - krb5_boolean made_keytab = FALSE; + krb5_keytab keytab; ccache = NULL; def_princ = NULL; @@ -214,7 +213,7 @@ end: krb5_free_cred_contents(context, &cred); if (def_princ != NULL) krb5_free_principal(context, def_princ); - if (made_keytab) + if (keytab != NULL) krb5_kt_close(context, keytab); if (ret != GSS_S_COMPLETE) { if (ccache != NULL) @@ -230,7 +229,6 @@ end: static OM_uint32 acquire_acceptor_cred (OM_uint32 * minor_status, krb5_context context, - krb5_keytab keytab, OM_uint32 time_req, const gss_OID_set desired_mechs, gss_cred_usage_t cred_usage, @@ -244,21 +242,14 @@ static OM_uint32 acquire_acceptor_cred kret = 0; ret = GSS_S_FAILURE; - if (keytab == NULL) { - kret = get_keytab(context, &handle->keytab); - if (kret) - goto end; - handle->made_keytab = TRUE; - } else { - handle->keytab = keytab; - handle->made_keytab = FALSE; - } + kret = get_keytab(context, &handle->keytab); + if (kret) + goto end; ret = GSS_S_COMPLETE; end: if (ret != GSS_S_COMPLETE) { - if (handle->made_keytab) - krb5_kt_close(context, handle->keytab); + krb5_kt_close(context, handle->keytab); if (kret != 0) { *minor_status = kret; gssapi_krb5_set_error_string (); @@ -267,9 +258,8 @@ end: return (ret); } -OM_uint32 gsskrb5_acquire_cred +OM_uint32 gss_acquire_cred (OM_uint32 * minor_status, - struct krb5_keytab_data *keytab, const gss_name_t desired_name, OM_uint32 time_req, const gss_OID_set desired_mechs, @@ -328,7 +318,6 @@ OM_uint32 gsskrb5_acquire_cred } if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) { ret = acquire_initiator_cred(minor_status, gssapi_krb5_context, - keytab, desired_name, time_req, desired_mechs, cred_usage, handle, actual_mechs, time_rec); @@ -341,7 +330,7 @@ OM_uint32 gsskrb5_acquire_cred } if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) { ret = acquire_acceptor_cred(minor_status, gssapi_krb5_context, - keytab, time_req, + time_req, desired_mechs, cred_usage, handle, actual_mechs, time_rec); if (ret != GSS_S_COMPLETE) { @@ -381,24 +370,3 @@ OM_uint32 gsskrb5_acquire_cred return (GSS_S_COMPLETE); } -OM_uint32 gss_acquire_cred - (OM_uint32 * minor_status, - const gss_name_t desired_name, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t * output_cred_handle, - gss_OID_set * actual_mechs, - OM_uint32 * time_rec - ) -{ - return gsskrb5_acquire_cred(minor_status, - NULL, - desired_name, - time_req, - desired_mechs, - cred_usage, - output_cred_handle, - actual_mechs, - time_rec); -} diff --git a/source4/heimdal/lib/gssapi/arcfour.c b/source4/heimdal/lib/gssapi/arcfour.c index 52bb2ecf1b..01c6c75ecc 100644 --- a/source4/heimdal/lib/gssapi/arcfour.c +++ b/source4/heimdal/lib/gssapi/arcfour.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: arcfour.c,v 1.17 2005/05/06 07:13:32 lha Exp $"); +RCSID("$Id: arcfour.c,v 1.18 2005/11/01 06:55:55 lha Exp $"); /* * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt @@ -105,7 +105,7 @@ arcfour_mic_key(krb5_context context, krb5_keyblock *key, static krb5_error_code arcfour_mic_cksum(krb5_keyblock *key, unsigned usage, u_char *sgn_cksum, size_t sgn_cksum_sz, - const char *v1, size_t l1, + const u_char *v1, size_t l1, const void *v2, size_t l2, const void *v3, size_t l3) { @@ -256,7 +256,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, p = token_buffer->value; omret = gssapi_krb5_verify_header (&p, token_buffer->length, - type, + (u_char *)type, GSS_KRB5_MECHANISM); if (omret) return omret; diff --git a/source4/heimdal/lib/gssapi/copy_ccache.c b/source4/heimdal/lib/gssapi/copy_ccache.c index 0f2f155870..782b701e44 100644 --- a/source4/heimdal/lib/gssapi/copy_ccache.c +++ b/source4/heimdal/lib/gssapi/copy_ccache.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: copy_ccache.c,v 1.9 2005/10/31 16:02:08 lha Exp $"); +RCSID("$Id: copy_ccache.c,v 1.13 2005/11/28 23:05:44 lha Exp $"); OM_uint32 gss_krb5_copy_ccache(OM_uint32 *minor_status, @@ -63,9 +63,11 @@ gss_krb5_copy_ccache(OM_uint32 *minor_status, OM_uint32 -gss_krb5_import_ccache(OM_uint32 *minor_status, - krb5_ccache in, - gss_cred_id_t *cred) +gss_krb5_import_cred(OM_uint32 *minor_status, + krb5_ccache id, + krb5_principal keytab_principal, + krb5_keytab keytab, + gss_cred_id_t *cred) { krb5_error_code kret; gss_cred_id_t handle; @@ -83,57 +85,94 @@ gss_krb5_import_ccache(OM_uint32 *minor_status, } HEIMDAL_MUTEX_init(&handle->cred_id_mutex); - handle->usage = GSS_C_INITIATE; + handle->usage = 0; - kret = krb5_cc_get_principal(gssapi_krb5_context, in, &handle->principal); - if (kret) { - free(handle); - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } + if (id) { + char *str; - ret = _gssapi_krb5_ccache_lifetime(minor_status, - in, - handle->principal, - &handle->lifetime); - if (ret != GSS_S_COMPLETE) { - krb5_free_principal(gssapi_krb5_context, handle->principal); - free(handle); - return ret; - } + handle->usage |= GSS_C_INITIATE; - ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); - if (ret == GSS_S_COMPLETE) - ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &handle->mechanisms); - if (ret != GSS_S_COMPLETE) { - krb5_free_principal(gssapi_krb5_context, handle->principal); - free(handle); - *minor_status = kret; - return GSS_S_FAILURE; + kret = krb5_cc_get_principal(gssapi_krb5_context, id, + &handle->principal); + if (kret) { + free(handle); + gssapi_krb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + if (keytab_principal) { + krb5_boolean match; + + match = krb5_principal_compare(gssapi_krb5_context, + handle->principal, + keytab_principal); + if (match == FALSE) { + krb5_free_principal(gssapi_krb5_context, handle->principal); + free(handle); + gssapi_krb5_clear_status (); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + } + + ret = _gssapi_krb5_ccache_lifetime(minor_status, + id, + handle->principal, + &handle->lifetime); + if (ret != GSS_S_COMPLETE) { + krb5_free_principal(gssapi_krb5_context, handle->principal); + free(handle); + return ret; + } + + + kret = krb5_cc_get_full_name(gssapi_krb5_context, id, &str); + if (kret) + goto out; + + kret = krb5_cc_resolve(gssapi_krb5_context, str, &handle->ccache); + free(str); + if (kret) + goto out; } - { - const char *type, *name; + + if (keytab) { char *str; - type = krb5_cc_get_type(gssapi_krb5_context, in); - name = krb5_cc_get_name(gssapi_krb5_context, in); - - if (asprintf(&str, "%s:%s", type, name) == -1) { - krb5_set_error_string(gssapi_krb5_context, - "malloc - out of memory"); - kret = ENOMEM; - goto out; + handle->usage |= GSS_C_ACCEPT; + + if (keytab_principal && handle->principal == NULL) { + kret = krb5_copy_principal(gssapi_krb5_context, + keytab_principal, + &handle->principal); + if (kret) + goto out; } - kret = krb5_cc_resolve(gssapi_krb5_context, str, &handle->ccache); + kret = krb5_kt_get_full_name(gssapi_krb5_context, keytab, &str); + if (kret) + goto out; + + kret = krb5_kt_resolve(gssapi_krb5_context, str, &handle->keytab); free(str); if (kret) goto out; } + + if (id || keytab) { + ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); + if (ret == GSS_S_COMPLETE) + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &handle->mechanisms); + if (ret != GSS_S_COMPLETE) { + kret = *minor_status; + goto out; + } + } + *minor_status = 0; *cred = handle; return GSS_S_COMPLETE; diff --git a/source4/heimdal/lib/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi.h index 64a31d1eee..20700dc826 100644 --- a/source4/heimdal/lib/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi.h @@ -775,18 +775,6 @@ OM_uint32 gss_unseal * kerberos mechanism specific functions */ -OM_uint32 gsskrb5_acquire_cred - (OM_uint32 * minor_status, - struct krb5_keytab_data *keytab, - const gss_name_t desired_name, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t * output_cred_handle, - gss_OID_set * actual_mechs, - OM_uint32 * time_rec - ); - OM_uint32 gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, const char * /*name */, @@ -805,10 +793,11 @@ OM_uint32 gss_krb5_copy_service_keyblock gss_ctx_id_t context_handle, struct EncryptionKey **out); -OM_uint32 -gss_krb5_import_ccache(OM_uint32 */*minor*/, - struct krb5_ccache_data * /*in*/, - gss_cred_id_t */*out*/); +OM_uint32 gss_krb5_import_cred(OM_uint32 *minor_status, + struct krb5_ccache_data * /* id */, + struct Principal * /* keytab_principal */, + struct krb5_keytab_data * /* keytab */, + gss_cred_id_t */* cred */); OM_uint32 gss_krb5_get_tkt_flags (OM_uint32 */*minor*/, diff --git a/source4/heimdal/lib/gssapi/gssapi_locl.h b/source4/heimdal/lib/gssapi/gssapi_locl.h index ae291d15a9..b9bea7db2e 100644 --- a/source4/heimdal/lib/gssapi/gssapi_locl.h +++ b/source4/heimdal/lib/gssapi/gssapi_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_locl.h,v 1.42 2005/10/26 11:23:48 lha Exp $ */ +/* $Id: gssapi_locl.h,v 1.43 2005/11/02 08:51:17 lha Exp $ */ #ifndef GSSAPI_LOCL_H #define GSSAPI_LOCL_H diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c index e7e8f5153e..61c020b800 100644 --- a/source4/heimdal/lib/gssapi/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/init_sec_context.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: init_sec_context.c,v 1.60 2005/10/12 07:25:18 lha Exp $"); +RCSID("$Id: init_sec_context.c,v 1.61 2005/11/02 11:52:49 lha Exp $"); /* * copy the addresses from `input_chan_bindings' (if any) to diff --git a/source4/heimdal/lib/gssapi/release_cred.c b/source4/heimdal/lib/gssapi/release_cred.c index ddd80c144b..cca3dfe379 100644 --- a/source4/heimdal/lib/gssapi/release_cred.c +++ b/source4/heimdal/lib/gssapi/release_cred.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: release_cred.c,v 1.10 2003/10/07 00:51:46 lha Exp $"); +RCSID("$Id: release_cred.c,v 1.11 2005/11/02 08:57:35 lha Exp $"); OM_uint32 gss_release_cred (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/hdb/db.c b/source4/heimdal/lib/hdb/db.c index d7a4cf35ee..b9f1ab47e1 100644 --- a/source4/heimdal/lib/hdb/db.c +++ b/source4/heimdal/lib/hdb/db.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: db.c,v 1.32 2005/06/23 13:34:17 lha Exp $"); +RCSID("$Id: db.c,v 1.33 2005/11/28 23:30:51 lha Exp $"); #if HAVE_DB1 @@ -270,7 +270,7 @@ krb5_error_code hdb_db_create(krb5_context context, HDB **db, const char *filename) { - *db = malloc(sizeof(**db)); + *db = calloc(1, sizeof(**db)); if (*db == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h index 7557b46bff..f7e0c54b7c 100644 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -120,7 +120,9 @@ hdb_free_entry ( hdb_entry */*ent*/); void -hdb_free_entry_ex(krb5_context context, hdb_entry_ex *ent); +hdb_free_entry_ex ( + krb5_context /*context*/, + hdb_entry_ex */*ent*/); void hdb_free_key (Key */*key*/); diff --git a/source4/heimdal/lib/hdb/ndbm.c b/source4/heimdal/lib/hdb/ndbm.c index 588ff80728..dfd5bfa8f1 100644 --- a/source4/heimdal/lib/hdb/ndbm.c +++ b/source4/heimdal/lib/hdb/ndbm.c @@ -339,6 +339,8 @@ hdb_ndbm_create(krb5_context context, HDB **db, return ENOMEM; } + memset(*db, '\0', sizeof(**db)); + (*db)->hdb_db = NULL; (*db)->hdb_name = strdup(filename); if ((*db)->hdb_name == NULL) { diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index ec956409a7..25dc2cb8c0 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c,v 1.73 2005/10/19 17:30:40 lha Exp $"); +RCSID("$Id: cache.c,v 1.74 2005/11/01 09:36:41 lha Exp $"); /* * Add a new ccache type with operations `ops', overwriting any @@ -222,6 +222,41 @@ krb5_cc_get_type(krb5_context context, return id->ops->prefix; } +/* + * Return the complete resolvable name the ccache `id' in `str´. + * `str` should be freed with free(3). + * Returns 0 or an error (and then *str is set to NULL). + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_get_full_name(krb5_context context, + krb5_ccache id, + char **str) +{ + const char *type, *name; + + *str = NULL; + + type = krb5_cc_get_type(context, id); + if (type == NULL) { + krb5_set_error_string(context, "cache have no name of type"); + return KRB5_CC_UNKNOWN_TYPE; + } + + name = krb5_cc_get_name(context, id); + if (name == NULL) { + krb5_set_error_string(context, "cache of type %s have no name", type); + return KRB5_CC_BADNAME; + } + + if (asprintf(str, "%s:%s", type, name) == -1) { + krb5_set_error_string(context, "malloc - out of memory"); + *str = NULL; + return ENOMEM; + } + return 0; +} + /* * Return krb5_cc_ops of a the ccache `id'. */ diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index 7bc8942f66..be5c1db47d 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_for_creds.c,v 1.45 2005/06/15 02:44:36 lha Exp $"); +RCSID("$Id: get_for_creds.c,v 1.46 2005/11/28 20:43:02 lha Exp $"); static krb5_error_code add_addrs(krb5_context context, @@ -385,17 +385,13 @@ krb5_get_forwarded_creds (krb5_context context, cred.enc_part.cipher.data = buf; cred.enc_part.cipher.length = buf_size; } else { - /* - * RFC4120 claims we should use the session key, but Heimdal - * before 0.8 used the remote subkey if it was send in the - * auth_context. - * - * Lorikeet-Heimdal is interested in windows compatiblity - * more than Heimdal compatability, so we must choose the - * session key, and break forwarding credentials to older - * Heimdal servers. - */ - + /* + * Here older versions then 0.7.2 of Heimdal used the local or + * remote subkey. That is wrong, the session key should be + * used. Heimdal 0.7.2 and newer have code to try both in the + * receiving end. + */ + ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); if (ret) { free(buf); diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c index 23f6685049..43fc21c1d1 100644 --- a/source4/heimdal/lib/krb5/keytab.c +++ b/source4/heimdal/lib/krb5/keytab.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab.c,v 1.62 2005/07/06 01:14:42 lha Exp $"); +RCSID("$Id: keytab.c,v 1.63 2005/11/25 21:46:40 lha Exp $"); /* * Register a new keytab in `ops' @@ -239,6 +239,40 @@ krb5_kt_get_name(krb5_context context, return (*keytab->get_name)(context, keytab, name, namesize); } +/* + * Retrieve the full name of the keytab `keytab' and store the name in + * `str'. `str' needs to be freed by the caller using free(3). + * Returns 0 or an error. On error, *str is set to NULL. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_get_full_name(krb5_context context, + krb5_keytab keytab, + char **str) +{ + char type[KRB5_KT_PREFIX_MAX_LEN]; + char name[MAXPATHLEN]; + krb5_error_code ret; + + *str = NULL; + + ret = krb5_kt_get_type(context, keytab, type, sizeof(type)); + if (ret) + return ret; + + ret = krb5_kt_get_name(context, keytab, name, sizeof(name)); + if (ret) + return ret; + + if (asprintf(str, "%s:%s", type, name) == -1) { + krb5_set_error_string(context, "malloc - out of memory"); + *str = NULL; + return ENOMEM; + } + + return 0; +} + /* * Finish using the keytab in `id'. All resources will be released, * even on errors. Return 0 or an error. diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 2645c29fe7..3602c89ec6 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -77,6 +77,15 @@ _krb5_extract_ticket ( krb5_decrypt_proc /*decrypt_proc*/, krb5_const_pointer /*decryptarg*/); +int +_krb5_find_type_in_ad ( + krb5_context /*context*/, + int /*type*/, + krb5_data */*data*/, + krb5_boolean */*found*/, + krb5_keyblock */*sessionkey*/, + const AuthorizationData */*ad*/); + void _krb5_free_krbhst_info (krb5_krbhst_info */*hi*/); @@ -399,12 +408,4 @@ _krb5_xunlock ( krb5_context /*context*/, int /*fd*/); -int -_krb5_find_type_in_ad(krb5_context context, - int type, - krb5_data *data, - int *found, - krb5_keyblock *sessionkey, - const AuthorizationData *ad); - #endif /* __krb5_private_h__ */ diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index a46f8b8f8f..33e35ca60e 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -607,6 +607,12 @@ krb5_cc_gen_new ( const krb5_cc_ops */*ops*/, krb5_ccache */*id*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_get_full_name ( + krb5_context /*context*/, + krb5_ccache /*id*/, + char **/*str*/); + const char* KRB5_LIB_FUNCTION krb5_cc_get_name ( krb5_context /*context*/, @@ -2185,6 +2191,12 @@ krb5_kt_get_entry ( krb5_enctype /*enctype*/, krb5_keytab_entry */*entry*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_kt_get_full_name ( + krb5_context /*context*/, + krb5_keytab /*keytab*/, + char **/*str*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_kt_get_name ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c index 07f142267c..d62adadf26 100644 --- a/source4/heimdal/lib/krb5/rd_cred.c +++ b/source4/heimdal/lib/krb5/rd_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_cred.c,v 1.25 2005/09/23 03:37:57 lha Exp $"); +RCSID("$Id: rd_cred.c,v 1.26 2005/11/02 08:36:42 lha Exp $"); static krb5_error_code compare_addrs(krb5_context context, -- cgit From 6913dddf644525f4bdadfb740b5bff41abe030b2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 1 Dec 2005 22:18:34 +0000 Subject: r12000: Update to current lorikeet-heimdal, including in particular support for referencing an existing in-MEMORY keytab (required for the new way we push that to GSSAPI). Andrew Bartlett (This used to be commit 2426581dfb9f5f0f9367f846c01dfd3c30fea954) --- source4/heimdal/lib/gssapi/acquire_cred.c | 13 +- source4/heimdal/lib/gssapi/gssapi_locl.h | 1 - source4/heimdal/lib/gssapi/release_cred.c | 4 +- source4/heimdal/lib/hdb/db.c | 2 +- source4/heimdal/lib/hdb/hdb-protos.h | 362 ++++++++++++++++++++++++++++++ source4/heimdal/lib/hdb/hdb.c | 30 ++- source4/heimdal/lib/hdb/ndbm.c | 4 +- source4/heimdal/lib/krb5/cache.c | 5 +- source4/heimdal/lib/krb5/keytab_memory.c | 66 +++++- source4/heimdal/lib/krb5/krb5-protos.h | 18 ++ source4/heimdal/lib/krb5/krb5.h | 2 +- source4/heimdal/lib/krb5/rd_req.c | 23 +- 12 files changed, 504 insertions(+), 26 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/acquire_cred.c b/source4/heimdal/lib/gssapi/acquire_cred.c index 44dbef3c48..fa5d709a30 100644 --- a/source4/heimdal/lib/gssapi/acquire_cred.c +++ b/source4/heimdal/lib/gssapi/acquire_cred.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: acquire_cred.c,v 1.25 2005/11/02 08:56:25 lha Exp $"); +RCSID("$Id: acquire_cred.c,v 1.27 2005/12/01 16:26:02 lha Exp $"); OM_uint32 _gssapi_krb5_ccache_lifetime(OM_uint32 *minor_status, @@ -245,6 +245,17 @@ static OM_uint32 acquire_acceptor_cred kret = get_keytab(context, &handle->keytab); if (kret) goto end; + + /* check that the requested principal exists in the keytab */ + if (handle->principal) { + krb5_keytab_entry entry; + + kret = krb5_kt_get_entry(gssapi_krb5_context, handle->keytab, + handle->principal, 0, 0, &entry); + if (kret) + goto end; + krb5_kt_free_entry(gssapi_krb5_context, &entry); + } ret = GSS_S_COMPLETE; end: diff --git a/source4/heimdal/lib/gssapi/gssapi_locl.h b/source4/heimdal/lib/gssapi/gssapi_locl.h index b9bea7db2e..bd5d0db2b5 100644 --- a/source4/heimdal/lib/gssapi/gssapi_locl.h +++ b/source4/heimdal/lib/gssapi/gssapi_locl.h @@ -81,7 +81,6 @@ typedef struct gss_cred_id_t_desc_struct { gss_name_t principal; int cred_flags; #define GSS_CF_DESTROY_CRED_ON_RELEASE 1 - krb5_boolean made_keytab; struct krb5_keytab_data *keytab; OM_uint32 lifetime; gss_cred_usage_t usage; diff --git a/source4/heimdal/lib/gssapi/release_cred.c b/source4/heimdal/lib/gssapi/release_cred.c index cca3dfe379..fc9fc3fc01 100644 --- a/source4/heimdal/lib/gssapi/release_cred.c +++ b/source4/heimdal/lib/gssapi/release_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -52,7 +52,7 @@ OM_uint32 gss_release_cred if ((*cred_handle)->principal != NULL) krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); - if ((*cred_handle)->made_keytab) + if ((*cred_handle)->keytab != NULL) krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab); if ((*cred_handle)->ccache != NULL) { const krb5_cc_ops *ops; diff --git a/source4/heimdal/lib/hdb/db.c b/source4/heimdal/lib/hdb/db.c index b9f1ab47e1..4cc0218a5c 100644 --- a/source4/heimdal/lib/hdb/db.c +++ b/source4/heimdal/lib/hdb/db.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h index f7e0c54b7c..4b5b4d3ede 100644 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -8,6 +8,317 @@ extern "C" { #endif +unsigned +HDBFlags2int (HDBFlags /*f*/); + +int +copy_Event ( + const Event */*from*/, + Event */*to*/); + +int +copy_GENERATION ( + const GENERATION */*from*/, + GENERATION */*to*/); + +int +copy_HDBFlags ( + const HDBFlags */*from*/, + HDBFlags */*to*/); + +int +copy_HDB_Ext_Aliases ( + const HDB_Ext_Aliases */*from*/, + HDB_Ext_Aliases */*to*/); + +int +copy_HDB_Ext_Constrained_delegation_acl ( + const HDB_Ext_Constrained_delegation_acl */*from*/, + HDB_Ext_Constrained_delegation_acl */*to*/); + +int +copy_HDB_Ext_Lan_Manager_OWF ( + const HDB_Ext_Lan_Manager_OWF */*from*/, + HDB_Ext_Lan_Manager_OWF */*to*/); + +int +copy_HDB_Ext_PKINIT_acl ( + const HDB_Ext_PKINIT_acl */*from*/, + HDB_Ext_PKINIT_acl */*to*/); + +int +copy_HDB_Ext_PKINIT_certificate ( + const HDB_Ext_PKINIT_certificate */*from*/, + HDB_Ext_PKINIT_certificate */*to*/); + +int +copy_HDB_Ext_Password ( + const HDB_Ext_Password */*from*/, + HDB_Ext_Password */*to*/); + +int +copy_HDB_extension ( + const HDB_extension */*from*/, + HDB_extension */*to*/); + +int +copy_HDB_extensions ( + const HDB_extensions */*from*/, + HDB_extensions */*to*/); + +int +copy_Key ( + const Key */*from*/, + Key */*to*/); + +int +copy_Salt ( + const Salt */*from*/, + Salt */*to*/); + +int +copy_hdb_entry ( + const hdb_entry */*from*/, + hdb_entry */*to*/); + +int +decode_Event ( + const unsigned char */*p*/, + size_t /*len*/, + Event */*data*/, + size_t */*size*/); + +int +decode_GENERATION ( + const unsigned char */*p*/, + size_t /*len*/, + GENERATION */*data*/, + size_t */*size*/); + +int +decode_HDBFlags ( + const unsigned char */*p*/, + size_t /*len*/, + HDBFlags */*data*/, + size_t */*size*/); + +int +decode_HDB_Ext_Aliases ( + const unsigned char */*p*/, + size_t /*len*/, + HDB_Ext_Aliases */*data*/, + size_t */*size*/); + +int +decode_HDB_Ext_Constrained_delegation_acl ( + const unsigned char */*p*/, + size_t /*len*/, + HDB_Ext_Constrained_delegation_acl */*data*/, + size_t */*size*/); + +int +decode_HDB_Ext_Lan_Manager_OWF ( + const unsigned char */*p*/, + size_t /*len*/, + HDB_Ext_Lan_Manager_OWF */*data*/, + size_t */*size*/); + +int +decode_HDB_Ext_PKINIT_acl ( + const unsigned char */*p*/, + size_t /*len*/, + HDB_Ext_PKINIT_acl */*data*/, + size_t */*size*/); + +int +decode_HDB_Ext_PKINIT_certificate ( + const unsigned char */*p*/, + size_t /*len*/, + HDB_Ext_PKINIT_certificate */*data*/, + size_t */*size*/); + +int +decode_HDB_Ext_Password ( + const unsigned char */*p*/, + size_t /*len*/, + HDB_Ext_Password */*data*/, + size_t */*size*/); + +int +decode_HDB_extension ( + const unsigned char */*p*/, + size_t /*len*/, + HDB_extension */*data*/, + size_t */*size*/); + +int +decode_HDB_extensions ( + const unsigned char */*p*/, + size_t /*len*/, + HDB_extensions */*data*/, + size_t */*size*/); + +int +decode_Key ( + const unsigned char */*p*/, + size_t /*len*/, + Key */*data*/, + size_t */*size*/); + +int +decode_Salt ( + const unsigned char */*p*/, + size_t /*len*/, + Salt */*data*/, + size_t */*size*/); + +int +decode_hdb_entry ( + const unsigned char */*p*/, + size_t /*len*/, + hdb_entry */*data*/, + size_t */*size*/); + +int +encode_Event ( + unsigned char */*p*/, + size_t /*len*/, + const Event */*data*/, + size_t */*size*/); + +int +encode_GENERATION ( + unsigned char */*p*/, + size_t /*len*/, + const GENERATION */*data*/, + size_t */*size*/); + +int +encode_HDBFlags ( + unsigned char */*p*/, + size_t /*len*/, + const HDBFlags */*data*/, + size_t */*size*/); + +int +encode_HDB_Ext_Aliases ( + unsigned char */*p*/, + size_t /*len*/, + const HDB_Ext_Aliases */*data*/, + size_t */*size*/); + +int +encode_HDB_Ext_Constrained_delegation_acl ( + unsigned char */*p*/, + size_t /*len*/, + const HDB_Ext_Constrained_delegation_acl */*data*/, + size_t */*size*/); + +int +encode_HDB_Ext_Lan_Manager_OWF ( + unsigned char */*p*/, + size_t /*len*/, + const HDB_Ext_Lan_Manager_OWF */*data*/, + size_t */*size*/); + +int +encode_HDB_Ext_PKINIT_acl ( + unsigned char */*p*/, + size_t /*len*/, + const HDB_Ext_PKINIT_acl */*data*/, + size_t */*size*/); + +int +encode_HDB_Ext_PKINIT_certificate ( + unsigned char */*p*/, + size_t /*len*/, + const HDB_Ext_PKINIT_certificate */*data*/, + size_t */*size*/); + +int +encode_HDB_Ext_Password ( + unsigned char */*p*/, + size_t /*len*/, + const HDB_Ext_Password */*data*/, + size_t */*size*/); + +int +encode_HDB_extension ( + unsigned char */*p*/, + size_t /*len*/, + const HDB_extension */*data*/, + size_t */*size*/); + +int +encode_HDB_extensions ( + unsigned char */*p*/, + size_t /*len*/, + const HDB_extensions */*data*/, + size_t */*size*/); + +int +encode_Key ( + unsigned char */*p*/, + size_t /*len*/, + const Key */*data*/, + size_t */*size*/); + +int +encode_Salt ( + unsigned char */*p*/, + size_t /*len*/, + const Salt */*data*/, + size_t */*size*/); + +int +encode_hdb_entry ( + unsigned char */*p*/, + size_t /*len*/, + const hdb_entry */*data*/, + size_t */*size*/); + +void +free_Event (Event */*data*/); + +void +free_GENERATION (GENERATION */*data*/); + +void +free_HDBFlags (HDBFlags */*data*/); + +void +free_HDB_Ext_Aliases (HDB_Ext_Aliases */*data*/); + +void +free_HDB_Ext_Constrained_delegation_acl (HDB_Ext_Constrained_delegation_acl */*data*/); + +void +free_HDB_Ext_Lan_Manager_OWF (HDB_Ext_Lan_Manager_OWF */*data*/); + +void +free_HDB_Ext_PKINIT_acl (HDB_Ext_PKINIT_acl */*data*/); + +void +free_HDB_Ext_PKINIT_certificate (HDB_Ext_PKINIT_certificate */*data*/); + +void +free_HDB_Ext_Password (HDB_Ext_Password */*data*/); + +void +free_HDB_extension (HDB_extension */*data*/); + +void +free_HDB_extensions (HDB_extensions */*data*/); + +void +free_Key (Key */*data*/); + +void +free_Salt (Salt */*data*/); + +void +free_hdb_entry (hdb_entry */*data*/); + krb5_error_code hdb_add_master_key ( krb5_context /*context*/, @@ -302,6 +613,57 @@ hdb_write_master_key ( const char */*filename*/, hdb_master_key /*mkey*/); +void +initialize_hdb_error_table (void); + +void +initialize_hdb_error_table_r (struct et_list **/*list*/); + +HDBFlags +int2HDBFlags (unsigned /*n*/); + +size_t +length_Event (const Event */*data*/); + +size_t +length_GENERATION (const GENERATION */*data*/); + +size_t +length_HDBFlags (const HDBFlags */*data*/); + +size_t +length_HDB_Ext_Aliases (const HDB_Ext_Aliases */*data*/); + +size_t +length_HDB_Ext_Constrained_delegation_acl (const HDB_Ext_Constrained_delegation_acl */*data*/); + +size_t +length_HDB_Ext_Lan_Manager_OWF (const HDB_Ext_Lan_Manager_OWF */*data*/); + +size_t +length_HDB_Ext_PKINIT_acl (const HDB_Ext_PKINIT_acl */*data*/); + +size_t +length_HDB_Ext_PKINIT_certificate (const HDB_Ext_PKINIT_certificate */*data*/); + +size_t +length_HDB_Ext_Password (const HDB_Ext_Password */*data*/); + +size_t +length_HDB_extension (const HDB_extension */*data*/); + +size_t +length_HDB_extensions (const HDB_extensions */*data*/); + +size_t +length_Key (const Key */*data*/); + +size_t +length_Salt (const Salt */*data*/); + +size_t +length_hdb_entry (const hdb_entry */*data*/); + #ifdef __cplusplus } #endif diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index e8161afbc1..df342ffadf 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: hdb.c,v 1.56 2005/10/19 13:51:40 lha Exp $"); +RCSID("$Id: hdb.c,v 1.59 2005/11/30 12:22:09 lha Exp $"); #ifdef HAVE_DLFCN_H #include @@ -53,16 +53,17 @@ static struct hdb_method methods[] = { #endif #if defined(OPENLDAP) && !defined(OPENLDAP_MODULE) {"ldap:", hdb_ldap_create}, + {"ldapi:", hdb_ldapi_create}, #endif + {NULL, NULL} +}; + #if HAVE_DB1 || HAVE_DB3 - {"", hdb_db_create}, +static struct hdb_method dbmetod = {"", hdb_db_create }; #elif defined(HAVE_NDBM) - {"", hdb_ndbm_create}, -#elif defined(OPENLDAP) && !defined(OPENLDAP_MODULE) - {"", hdb_ldap_create}, +static struct hdb_method dbmetod = {"", hdb_ndbm_create }; #endif - {NULL, NULL} -}; + krb5_error_code hdb_next_enctype2key(krb5_context context, @@ -337,11 +338,22 @@ find_method (const char *filename, const char **rest) { const struct hdb_method *h; - for (h = methods; h->prefix != NULL; ++h) + for (h = methods; h->prefix != NULL; ++h) { if (strncmp (filename, h->prefix, strlen(h->prefix)) == 0) { *rest = filename + strlen(h->prefix); return h; } + } +#if defined(HAVE_DB1) || defined(HAVE_DB3) || defined(HAVE_NDBM) + if (strncmp(filename, "/", 1) == 0 + || strncmp(filename, "./", 2) == 0 + || strncmp(filename, "../", 3) == 0) + { + *rest = filename; + return &dbmetod; + } +#endif + return NULL; } @@ -367,8 +379,6 @@ hdb_list_builtin(krb5_context context, char **list) buf[0] = '\0'; for (h = methods; h->prefix != NULL; ++h) { - if (h->prefix[0] == '\0') - continue; if (h != methods) strlcat(buf, ", ", len); strlcat(buf, h->prefix, len); diff --git a/source4/heimdal/lib/hdb/ndbm.c b/source4/heimdal/lib/hdb/ndbm.c index dfd5bfa8f1..793d03829d 100644 --- a/source4/heimdal/lib/hdb/ndbm.c +++ b/source4/heimdal/lib/hdb/ndbm.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: ndbm.c,v 1.35 2005/06/23 13:37:57 lha Exp $"); +RCSID("$Id: ndbm.c,v 1.36 2005/11/28 23:31:36 lha Exp $"); #if HAVE_NDBM @@ -333,7 +333,7 @@ krb5_error_code hdb_ndbm_create(krb5_context context, HDB **db, const char *filename) { - *db = malloc(sizeof(**db)); + *db = calloc(1, sizeof(**db)); if (*db == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index 25dc2cb8c0..0c821cb11d 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c,v 1.74 2005/11/01 09:36:41 lha Exp $"); +RCSID("$Id: cache.c,v 1.76 2005/11/29 09:10:47 lha Exp $"); /* * Add a new ccache type with operations `ops', overwriting any @@ -701,6 +701,9 @@ krb5_cc_get_prefix_ops(krb5_context context, const char *prefix) char *p, *p1; int i; + if (prefix[0] == '/') + return &krb5_fcc_ops; + p = strdup(prefix); if (p == NULL) { krb5_set_error_string(context, "malloc - out of memory"); diff --git a/source4/heimdal/lib/krb5/keytab_memory.c b/source4/heimdal/lib/krb5/keytab_memory.c index 1d866fa11e..afa8f433ac 100644 --- a/source4/heimdal/lib/krb5/keytab_memory.c +++ b/source4/heimdal/lib/krb5/keytab_memory.c @@ -33,26 +33,64 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_memory.c,v 1.6 2005/05/18 04:44:40 lha Exp $"); +RCSID("$Id: keytab_memory.c,v 1.7 2005/12/01 12:40:22 lha Exp $"); /* memory operations -------------------------------------------- */ struct mkt_data { krb5_keytab_entry *entries; int num_entries; + char *name; + int refcount; + struct mkt_data *next; }; +/* this mutex protects mkt_head, ->refcount, and ->next + * content is not protected (name is static and need no protection) + */ +static HEIMDAL_MUTEX mkt_mutex = HEIMDAL_MUTEX_INITIALIZER; +static struct mkt_data *mkt_head; + + static krb5_error_code mkt_resolve(krb5_context context, const char *name, krb5_keytab id) { struct mkt_data *d; - d = malloc(sizeof(*d)); + + HEIMDAL_MUTEX_lock(&mkt_mutex); + + for (d = mkt_head; d != NULL; d = d->next) + if (strcmp(d->name, name) == 0) + break; + if (d) { + if (d->refcount < 1) + krb5_abortx(context, "Double close on memory keytab, " + "refcount < 1 %d", d->refcount); + d->refcount++; + id->data = d; + HEIMDAL_MUTEX_unlock(&mkt_mutex); + return 0; + } + + d = calloc(1, sizeof(*d)); if(d == NULL) { + HEIMDAL_MUTEX_unlock(&mkt_mutex); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + d->name = strdup(name); + if (d->name == NULL) { + HEIMDAL_MUTEX_unlock(&mkt_mutex); + free(d); krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } d->entries = NULL; d->num_entries = 0; + d->refcount = 1; + d->next = mkt_head; + mkt_head = d; + HEIMDAL_MUTEX_unlock(&mkt_mutex); id->data = d; return 0; } @@ -60,8 +98,27 @@ mkt_resolve(krb5_context context, const char *name, krb5_keytab id) static krb5_error_code mkt_close(krb5_context context, krb5_keytab id) { - struct mkt_data *d = id->data; + struct mkt_data *d = id->data, **dp; int i; + + HEIMDAL_MUTEX_lock(&mkt_mutex); + if (d->refcount < 1) + krb5_abortx(context, + "krb5 internal error, memory keytab refcount < 1 on close"); + + if (--d->refcount > 0) { + HEIMDAL_MUTEX_unlock(&mkt_mutex); + return 0; + } + for (dp = &mkt_head; *dp != NULL; dp = &(*dp)->next) { + if (*dp == d) { + *dp = d->next; + break; + } + } + HEIMDAL_MUTEX_unlock(&mkt_mutex); + + free(d->name); for(i = 0; i < d->num_entries; i++) krb5_kt_free_entry(context, &d->entries[i]); free(d->entries); @@ -75,7 +132,8 @@ mkt_get_name(krb5_context context, char *name, size_t namesize) { - strlcpy(name, "", namesize); + struct mkt_data *d = id->data; + strlcpy(name, d->name, namesize); return 0; } diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 33e35ca60e..301b8853e4 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -20,6 +20,24 @@ extern "C" { #endif #endif +void +initialize_heim_error_table (void); + +void +initialize_heim_error_table_r (struct et_list **/*list*/); + +void +initialize_k524_error_table (void); + +void +initialize_k524_error_table_r (struct et_list **/*list*/); + +void +initialize_krb5_error_table (void); + +void +initialize_krb5_error_table_r (struct et_list **/*list*/); + krb5_error_code KRB5_LIB_FUNCTION krb524_convert_creds_kdc ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index fe9a0e5e7a..adee4708e6 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.239 2005/10/12 12:39:28 lha Exp $ */ +/* $Id: krb5.h,v 1.240 2005/11/30 15:20:32 lha Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index 582b71db03..313c14f6e6 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001, 2003 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_req.c,v 1.58 2005/08/27 05:48:57 lha Exp $"); +RCSID("$Id: rd_req.c,v 1.61 2005/11/29 18:22:51 lha Exp $"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -136,7 +136,11 @@ check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc) int num_realms; krb5_error_code ret; - /* Windows w2k and w2k3 uses this */ + /* + * Windows 2000 and 2003 uses this inside their TGT so its normaly + * not seen by others, however, samba4 joined with a Windows AD as + * a Domain Controller gets exposed to this. + */ if(enc->transited.tr_type == 0 && enc->transited.contents.length == 0) return 0; @@ -417,6 +421,19 @@ krb5_verify_ap_req2(krb5_context context, goto out; } + /* check timestamp in authenticator */ + { + krb5_timestamp now; + + krb5_timeofday (context, &now); + + if (abs(ac->authenticator->ctime - now) > context->max_skew) { + ret = KRB5KRB_AP_ERR_SKEW; + krb5_clear_error_string (context); + goto out; + } + } + if (ac->authenticator->seq_number) krb5_auth_con_setremoteseqnumber(context, ac, *ac->authenticator->seq_number); -- cgit From 9afdb938cd5e3c86d72d7ef8c5a8fced13291c9c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 3 Dec 2005 00:47:51 +0000 Subject: r12037: Fix malloc corruption caused by double-free(), where realloc(ptr, 0) is equivilant to free(). This is the issue tridge was seeing in the MEMORY: keytab code. Andrew Bartlett (This used to be commit d5a2de8ef06a08274d25ab005f2a68ec32e226f0) --- source4/heimdal/lib/krb5/keytab_memory.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/keytab_memory.c b/source4/heimdal/lib/krb5/keytab_memory.c index afa8f433ac..1039847de9 100644 --- a/source4/heimdal/lib/krb5/keytab_memory.c +++ b/source4/heimdal/lib/krb5/keytab_memory.c @@ -214,9 +214,15 @@ mkt_remove_entry(krb5_context context, krb5_clear_error_string (context); return KRB5_KT_NOTFOUND; } - e = realloc(d->entries, d->num_entries * sizeof(*d->entries)); - if(e != NULL) - d->entries = e; + if (d->num_entries == 0) { + free(d->entries); + d->entries = NULL; + } else { + e = realloc(d->entries, d->num_entries * sizeof(*d->entries)); + if(e != NULL) + d->entries = e; + } + return 0; } -- cgit From fbf106f6701c580f5839da575996de34fc953e1f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 15 Dec 2005 20:38:24 +0000 Subject: r12269: Update to current lorikeet-heimdal. This changed the way the hdb interface worked, so hdb-ldb.c and the glue have been updated. Andrew Bartlett (This used to be commit 8fd5224c6b5c17c3a2c04c7366b7e367012db77e) --- source4/heimdal/kdc/524.c | 14 +- source4/heimdal/kdc/kaserver.c | 46 +- source4/heimdal/kdc/kdc-private.h | 151 ++++++ source4/heimdal/kdc/kdc_locl.h | 26 +- source4/heimdal/kdc/kerberos4.c | 58 +-- source4/heimdal/kdc/kerberos5.c | 135 +++--- source4/heimdal/kdc/misc.c | 67 +-- source4/heimdal/lib/asn1/gen.c | 4 +- source4/heimdal/lib/asn1/parse.c | 700 +++++++++++++++------------ source4/heimdal/lib/asn1/parse.h | 5 +- source4/heimdal/lib/asn1/symbol.h | 17 +- source4/heimdal/lib/gssapi/context_time.c | 7 +- source4/heimdal/lib/gssapi/gssapi.h | 2 +- source4/heimdal/lib/hdb/db.c | 21 +- source4/heimdal/lib/hdb/hdb-private.h | 6 +- source4/heimdal/lib/hdb/hdb-protos.h | 23 +- source4/heimdal/lib/hdb/hdb.c | 23 +- source4/heimdal/lib/hdb/hdb.h | 66 +-- source4/heimdal/lib/hdb/ndbm.c | 25 +- source4/heimdal/lib/krb5/cache.c | 14 +- source4/heimdal/lib/krb5/changepw.c | 11 +- source4/heimdal/lib/krb5/crypto.c | 13 +- source4/heimdal/lib/krb5/keytab_memory.c | 14 +- source4/heimdal/lib/krb5/krb5-protos.h | 9 - source4/heimdal/lib/krb5/krb5_locl.h | 10 +- source4/heimdal/lib/krb5/principal.c | 2 +- source4/heimdal/lib/krb5/set_default_realm.c | 15 +- 27 files changed, 850 insertions(+), 634 deletions(-) create mode 100644 source4/heimdal/kdc/kdc-private.h (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/524.c b/source4/heimdal/kdc/524.c index 497539b2e0..1642975616 100644 --- a/source4/heimdal/kdc/524.c +++ b/source4/heimdal/kdc/524.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: 524.c,v 1.34 2005/06/30 01:47:35 lha Exp $"); +RCSID("$Id: 524.c,v 1.35 2005/12/13 19:42:37 lha Exp $"); #include @@ -47,7 +47,7 @@ fetch_server (krb5_context context, krb5_kdc_configuration *config, const Ticket *t, char **spn, - hdb_entry **server, + hdb_entry_ex **server, const char *from) { krb5_error_code ret; @@ -221,7 +221,7 @@ static krb5_error_code encode_524_response(krb5_context context, krb5_kdc_configuration *config, const char *spn, const EncTicketPart et, - const Ticket *t, hdb_entry *server, + const Ticket *t, hdb_entry_ex *server, EncryptedData *ticket, int *kvno) { krb5_error_code ret; @@ -274,7 +274,7 @@ encode_524_response(krb5_context context, "Failed to encrypt v4 ticket (%s)", spn); return ret; } - *kvno = server->kvno; + *kvno = server->entry.kvno; } return 0; @@ -293,7 +293,7 @@ _kdc_do_524(krb5_context context, { krb5_error_code ret = 0; krb5_crypto crypto; - hdb_entry *server = NULL; + hdb_entry_ex *server = NULL; Key *skey; krb5_data et_data; EncTicketPart et; @@ -316,7 +316,7 @@ _kdc_do_524(krb5_context context, goto out; } - ret = hdb_enctype2key(context, server, t->enc_part.etype, &skey); + ret = hdb_enctype2key(context, &server->entry, t->enc_part.etype, &skey); if(ret){ kdc_log(context, config, 0, "No suitable key found for server (%s) from %s", spn, from); diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c index 4a9bd87cb6..069af21660 100644 --- a/source4/heimdal/kdc/kaserver.c +++ b/source4/heimdal/kdc/kaserver.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kaserver.c,v 1.30 2005/06/30 01:49:39 lha Exp $"); +RCSID("$Id: kaserver.c,v 1.31 2005/12/13 19:44:27 lha Exp $"); #include #include @@ -404,8 +404,8 @@ do_authenticate (krb5_context context, time_t end_time; krb5_data request; int32_t max_seq_len; - hdb_entry *client_entry = NULL; - hdb_entry *server_entry = NULL; + hdb_entry_ex *client_entry = NULL; + hdb_entry_ex *server_entry = NULL; Key *ckey = NULL; Key *skey = NULL; krb5_storage *reply_sp; @@ -453,8 +453,8 @@ do_authenticate (krb5_context context, } ret = _kdc_check_flags (context, config, - client_entry, client_name, - server_entry, server_name, + &client_entry->entry, client_name, + &server_entry->entry, server_name, TRUE); if (ret) { make_error_reply (hdr, KAPWEXPIRED, reply); @@ -516,17 +516,17 @@ do_authenticate (krb5_context context, time skew between client and server. Let's make sure it is postive */ if(max_life < 1) max_life = 1; - if (client_entry->max_life) - max_life = min(max_life, *client_entry->max_life); - if (server_entry->max_life) - max_life = min(max_life, *server_entry->max_life); + if (client_entry->entry.max_life) + max_life = min(max_life, *client_entry->entry.max_life); + if (server_entry->entry.max_life) + max_life = min(max_life, *server_entry->entry.max_life); life = krb_time_to_life(kdc_time, kdc_time + max_life); create_reply_ticket (context, hdr, skey, name, instance, config->v4_realm, - addr, life, server_entry->kvno, + addr, life, server_entry->entry.kvno, max_seq_len, "krbtgt", config->v4_realm, chal + 1, "tgsT", @@ -618,9 +618,9 @@ do_getticket (krb5_context context, char *instance = NULL; krb5_data times; int32_t max_seq_len; - hdb_entry *server_entry = NULL; - hdb_entry *client_entry = NULL; - hdb_entry *krbtgt_entry = NULL; + hdb_entry_ex *server_entry = NULL; + hdb_entry_ex *client_entry = NULL; + hdb_entry_ex *krbtgt_entry = NULL; Key *kkey = NULL; Key *skey = NULL; DES_cblock key; @@ -752,8 +752,8 @@ do_getticket (krb5_context context, } ret = _kdc_check_flags (context, config, - client_entry, client_name, - server_entry, server_name, + &client_entry->entry, client_name, + &server_entry->entry, server_name, FALSE); if (ret) { make_error_reply (hdr, KAPWEXPIRED, reply); @@ -789,21 +789,21 @@ do_getticket (krb5_context context, time skew between client and server. Let's make sure it is postive */ if(max_life < 1) max_life = 1; - if (krbtgt_entry->max_life) - max_life = min(max_life, *krbtgt_entry->max_life); - if (server_entry->max_life) - max_life = min(max_life, *server_entry->max_life); + if (krbtgt_entry->entry.max_life) + max_life = min(max_life, *krbtgt_entry->entry.max_life); + if (server_entry->entry.max_life) + max_life = min(max_life, *server_entry->entry.max_life); /* if this is a cross realm request, the client_entry will likely be NULL */ - if (client_entry && client_entry->max_life) - max_life = min(max_life, *client_entry->max_life); + if (client_entry && client_entry->entry.max_life) + max_life = min(max_life, *client_entry->entry.max_life); life = _krb5_krb_time_to_life(kdc_time, kdc_time + max_life); create_reply_ticket (context, hdr, skey, ad.pname, ad.pinst, ad.prealm, - addr, life, server_entry->kvno, + addr, life, server_entry->entry.kvno, max_seq_len, name, instance, 0, "gtkt", diff --git a/source4/heimdal/kdc/kdc-private.h b/source4/heimdal/kdc/kdc-private.h new file mode 100644 index 0000000000..cfb76fd7b0 --- /dev/null +++ b/source4/heimdal/kdc/kdc-private.h @@ -0,0 +1,151 @@ +/* This is a generated file */ +#ifndef __kdc_private_h__ +#define __kdc_private_h__ + +#include + +krb5_error_code +_kdc_as_rep ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + KDC_REQ */*req*/, + const krb5_data */*req_buffer*/, + krb5_data */*reply*/, + const char */*from*/, + struct sockaddr */*from_addr*/); + +krb5_error_code +_kdc_check_flags ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + hdb_entry */*client*/, + const char */*client_name*/, + hdb_entry */*server*/, + const char */*server_name*/, + krb5_boolean /*is_as_req*/); + +krb5_error_code +_kdc_db_fetch ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + krb5_principal /*principal*/, + enum hdb_ent_type, + hdb_entry_ex **/*h*/); + +krb5_error_code +_kdc_db_fetch4 ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + const char */*name*/, + const char */*instance*/, + const char */*realm*/, + enum hdb_ent_type /*ent_type*/, + hdb_entry_ex **/*ent*/); + +krb5_error_code +_kdc_do_524 ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + const Ticket */*t*/, + krb5_data */*reply*/, + const char */*from*/, + struct sockaddr */*addr*/); + +krb5_error_code +_kdc_do_kaserver ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + unsigned char */*buf*/, + size_t /*len*/, + krb5_data */*reply*/, + const char */*from*/, + struct sockaddr_in */*addr*/); + +krb5_error_code +_kdc_do_version4 ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + unsigned char */*buf*/, + size_t /*len*/, + krb5_data */*reply*/, + const char */*from*/, + struct sockaddr_in */*addr*/); + +krb5_error_code +_kdc_encode_v4_ticket ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + void */*buf*/, + size_t /*len*/, + const EncTicketPart */*et*/, + const PrincipalName */*service*/, + size_t */*size*/); + +void +_kdc_free_ent ( + krb5_context /*context*/, + hdb_entry_ex */*ent*/); + +krb5_error_code +_kdc_get_des_key ( + krb5_context /*context*/, + hdb_entry_ex */*principal*/, + krb5_boolean /*is_server*/, + krb5_boolean /*prefer_afs_key*/, + Key **/*ret_key*/); + +int +_kdc_maybe_version4 ( + unsigned char */*buf*/, + int /*len*/); + +krb5_error_code +_kdc_pk_check_client ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + krb5_principal /*client_princ*/, + const hdb_entry */*client*/, + pk_client_params */*client_params*/, + char **/*subject_name*/); + +void +_kdc_pk_free_client_param ( + krb5_context /*context*/, + pk_client_params */*client_params*/); + +krb5_error_code +_kdc_pk_initialize ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + const char */*user_id*/, + const char */*x509_anchors*/); + +krb5_error_code +_kdc_pk_mk_pa_reply ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + pk_client_params */*client_params*/, + const hdb_entry */*client*/, + const KDC_REQ */*req*/, + const krb5_data */*req_buffer*/, + krb5_keyblock **/*reply_key*/, + METHOD_DATA */*md*/); + +krb5_error_code +_kdc_pk_rd_padata ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + KDC_REQ */*req*/, + PA_DATA */*pa*/, + pk_client_params **/*ret_params*/); + +krb5_error_code +_kdc_tgs_rep ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + KDC_REQ */*req*/, + krb5_data */*data*/, + const char */*from*/, + struct sockaddr */*from_addr*/); + +#endif /* __kdc_private_h__ */ diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h index 8658d33b68..58cf1f4173 100644 --- a/source4/heimdal/kdc/kdc_locl.h +++ b/source4/heimdal/kdc/kdc_locl.h @@ -32,7 +32,7 @@ */ /* - * $Id: kdc_locl.h,v 1.73 2005/08/15 11:07:25 lha Exp $ + * $Id: kdc_locl.h,v 1.74 2005/12/12 12:23:33 lha Exp $ */ #ifndef __KDC_LOCL_H__ @@ -41,6 +41,9 @@ #include "headers.h" #include "kdc.h" +typedef struct pk_client_params pk_client_params; +#include + extern sig_atomic_t exit_flag; extern size_t max_request; extern const char *port_str; @@ -68,20 +71,13 @@ krb5_kdc_configuration * configure(krb5_context context, int argc, char **argv); krb5_error_code -_kdc_db_fetch(krb5_context, krb5_kdc_configuration *, - krb5_principal, enum hdb_ent_type, hdb_entry **); - -krb5_error_code -_kdc_db_fetch_ex(krb5_context context, - krb5_kdc_configuration *config, - krb5_principal principal, enum hdb_ent_type ent_type, - hdb_entry_ex **h); - -void -_kdc_free_ent(krb5_context context, hdb_entry *); +_kdc_db_fetch(krb5_context context, + krb5_kdc_configuration *config, + krb5_principal principal, enum hdb_ent_type ent_type, + hdb_entry_ex **h); void -_kdc_free_ent_ex(krb5_context context, hdb_entry_ex *ent); +_kdc_free_ent(krb5_context context, hdb_entry_ex *ent); void loop(krb5_context context, krb5_kdc_configuration *config); @@ -99,7 +95,7 @@ _kdc_check_flags(krb5_context context, krb5_boolean is_as_req); krb5_error_code -_kdc_get_des_key(krb5_context context, hdb_entry*, +_kdc_get_des_key(krb5_context context, hdb_entry_ex*, krb5_boolean, krb5_boolean, Key**); krb5_error_code @@ -145,7 +141,7 @@ void _kdc_pk_free_client_param(krb5_context, pk_client_params *); krb5_error_code _kdc_db_fetch4 (krb5_context context, krb5_kdc_configuration *config, - const char*, const char*, const char*, enum hdb_ent_type, hdb_entry**); + const char*, const char*, const char*, enum hdb_ent_type, hdb_entry_ex**); krb5_error_code _kdc_do_version4 (krb5_context context, diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c index a81fbb7b59..72ea41d9e6 100644 --- a/source4/heimdal/kdc/kerberos4.c +++ b/source4/heimdal/kdc/kerberos4.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,7 +35,7 @@ #include -RCSID("$Id: kerberos4.c,v 1.54 2005/06/30 01:51:43 lha Exp $"); +RCSID("$Id: kerberos4.c,v 1.56 2005/12/13 19:44:01 lha Exp $"); #ifndef swap32 static u_int32_t @@ -70,7 +70,7 @@ valid_princ(krb5_context context, krb5_kdc_configuration *config = funcctx; krb5_error_code ret; char *s; - hdb_entry *ent; + hdb_entry_ex *ent; ret = krb5_unparse_name(context, princ, &s); if (ret) @@ -93,7 +93,7 @@ _kdc_db_fetch4(krb5_context context, krb5_kdc_configuration *config, const char *name, const char *instance, const char *realm, enum hdb_ent_type ent_type, - hdb_entry **ent) + hdb_entry_ex **ent) { krb5_principal p; krb5_error_code ret; @@ -126,7 +126,7 @@ _kdc_do_version4(krb5_context context, { krb5_storage *sp; krb5_error_code ret; - hdb_entry *client = NULL, *server = NULL; + hdb_entry_ex *client = NULL, *server = NULL; Key *ckey, *skey; int8_t pvno; int8_t msg_type; @@ -201,8 +201,8 @@ _kdc_do_version4(krb5_context context, } ret = _kdc_check_flags (context, config, - client, client_name, - server, server_name, + &client->entry, client_name, + &server->entry, server_name, TRUE); if (ret) { /* good error code? */ @@ -217,8 +217,8 @@ _kdc_do_version4(krb5_context context, */ if (config->require_preauth - || client->flags.require_preauth - || server->flags.require_preauth) { + || client->entry.flags.require_preauth + || server->entry.flags.require_preauth) { kdc_log(context, config, 0, "Pre-authentication required for v4-request: " "%s for %s", @@ -240,7 +240,7 @@ _kdc_do_version4(krb5_context context, /* this is not necessary with the new code in libkrb */ /* find a properly salted key */ while(ckey->salt == NULL || ckey->salt->salt.length != 0) - ret = hdb_next_keytype2key(context, client, KEYTYPE_DES, &ckey); + ret = hdb_next_keytype2key(context, &client->entry, KEYTYPE_DES, &ckey); if(ret){ kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s", name, inst, realm); @@ -260,10 +260,10 @@ _kdc_do_version4(krb5_context context, } max_life = _krb5_krb_life_to_time(0, life); - if(client->max_life) - max_life = min(max_life, *client->max_life); - if(server->max_life) - max_life = min(max_life, *server->max_life); + if(client->entry.max_life) + max_life = min(max_life, *client->entry.max_life); + if(server->entry.max_life) + max_life = min(max_life, *server->entry.max_life); life = krb_time_to_life(kdc_time, kdc_time + max_life); @@ -302,7 +302,7 @@ _kdc_do_version4(krb5_context context, sinst, config->v4_realm, life, - server->kvno % 255, + server->entry.kvno % 255, &ticket, kdc_time, &ckey->key, @@ -321,8 +321,8 @@ _kdc_do_version4(krb5_context context, realm, req_time, 0, - client->pw_end ? *client->pw_end : 0, - client->kvno % 256, + client->entry.pw_end ? *client->entry.pw_end : 0, + client->entry.kvno % 256, &cipher, reply); krb5_data_free(&cipher); @@ -339,7 +339,7 @@ _kdc_do_version4(krb5_context context, int32_t address; size_t pos; krb5_principal tgt_princ = NULL; - hdb_entry *tgt = NULL; + hdb_entry_ex *tgt = NULL; Key *tkey; time_t max_end, actual_end, issue_time; @@ -373,10 +373,10 @@ _kdc_do_version4(krb5_context context, goto out2; } - if(tgt->kvno % 256 != kvno){ + if(tgt->entry.kvno % 256 != kvno){ kdc_log(context, config, 0, "tgs-req (krb4) with old kvno %d (current %d) for " - "krbtgt.%s@%s", kvno, tgt->kvno % 256, + "krbtgt.%s@%s", kvno, tgt->entry.kvno % 256, realm, config->v4_realm); make_err_reply(context, reply, KDC_AUTH_EXP, "old krbtgt kvno used"); @@ -489,8 +489,8 @@ _kdc_do_version4(krb5_context context, } ret = _kdc_check_flags (context, config, - client, client_name, - server, server_name, + &client->entry, client_name, + &server->entry, server_name, FALSE); if (ret) { /* good error code? */ @@ -511,10 +511,10 @@ _kdc_do_version4(krb5_context context, max_end = _krb5_krb_life_to_time(ad.time_sec, ad.life); max_end = min(max_end, _krb5_krb_life_to_time(kdc_time, life)); - if(server->max_life) - max_end = min(max_end, kdc_time + *server->max_life); - if(client && client->max_life) - max_end = min(max_end, kdc_time + *client->max_life); + if(server->entry.max_life) + max_end = min(max_end, kdc_time + *server->entry.max_life); + if(client && client->entry.max_life) + max_end = min(max_end, kdc_time + *client->entry.max_life); life = min(life, krb_time_to_life(kdc_time, max_end)); issue_time = kdc_time; @@ -571,7 +571,7 @@ _kdc_do_version4(krb5_context context, sinst, config->v4_realm, life, - server->kvno % 255, + server->entry.kvno % 255, &ticket, issue_time, &ad.session, @@ -721,7 +721,7 @@ _kdc_encode_v4_ticket(krb5_context context, krb5_error_code _kdc_get_des_key(krb5_context context, - hdb_entry *principal, krb5_boolean is_server, + hdb_entry_ex *principal, krb5_boolean is_server, krb5_boolean prefer_afs_key, Key **ret_key) { Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL; @@ -736,7 +736,7 @@ _kdc_get_des_key(krb5_context context, afs_key == NULL || server_key == NULL); ++i) { Key *key = NULL; - while(hdb_next_enctype2key(context, principal, etypes[i], &key) == 0) { + while(hdb_next_enctype2key(context, &principal->entry, etypes[i], &key) == 0) { if(key->salt == NULL) { if(v5_key == NULL) v5_key = key; diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 6f6203a92c..a0136ba425 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c,v 1.198 2005/11/28 20:33:57 lha Exp $"); +RCSID("$Id: kerberos5.c,v 1.201 2005/12/14 12:17:58 lha Exp $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -88,7 +88,7 @@ find_padata(KDC_REQ *req, int *start, int type) */ static krb5_error_code -find_etype(krb5_context context, hdb_entry *princ, +find_etype(krb5_context context, const hdb_entry_ex *princ, krb5_enctype *etypes, unsigned len, Key **ret_key, krb5_enctype *ret_etype) { @@ -101,7 +101,7 @@ find_etype(krb5_context context, hdb_entry *princ, if (krb5_enctype_valid(context, etypes[i]) != 0) continue; - while (hdb_next_enctype2key(context, princ, etypes[i], &key) == 0) { + while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) { if (key->key.keyvalue.length == 0) { ret = KRB5KDC_ERR_NULL_KEY; continue; @@ -119,8 +119,8 @@ find_etype(krb5_context context, hdb_entry *princ, static krb5_error_code find_keys(krb5_context context, krb5_kdc_configuration *config, - hdb_entry *client, - hdb_entry *server, + const hdb_entry_ex *client, + const hdb_entry_ex *server, Key **ckey, krb5_enctype *cetype, Key **skey, @@ -136,7 +136,7 @@ find_keys(krb5_context context, /* find client key */ ret = find_etype(context, client, etypes, num_etypes, ckey, cetype); if (ret) { - if (krb5_unparse_name(context, client->principal, &name) != 0) + if (krb5_unparse_name(context, client->entry.principal, &name) != 0) name = unparse_name; kdc_log(context, config, 0, "Client (%s) has no support for etypes", name); @@ -150,7 +150,7 @@ find_keys(krb5_context context, /* find server key */ ret = find_etype(context, server, etypes, num_etypes, skey, setype); if (ret) { - if (krb5_unparse_name(context, server->principal, &name) != 0) + if (krb5_unparse_name(context, server->entry.principal, &name) != 0) name = unparse_name; kdc_log(context, config, 0, "Server (%s) has no support for etypes", name); @@ -805,7 +805,7 @@ _kdc_as_rep(krb5_context context, AS_REP rep; KDCOptions f = b->kdc_options; hdb_entry_ex *client = NULL; - hdb_entry *server = NULL; + hdb_entry_ex *server = NULL; krb5_enctype cetype, setype; EncTicketPart et; EncKDCRepPart ek; @@ -851,7 +851,7 @@ _kdc_as_rep(krb5_context context, kdc_log(context, config, 0, "AS-REQ %s from %s for %s", client_name, from, server_name); - ret = _kdc_db_fetch_ex(context, config, client_princ, HDB_ENT_TYPE_CLIENT, &client); + ret = _kdc_db_fetch(context, config, client_princ, HDB_ENT_TYPE_CLIENT, &client); if(ret){ kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name, krb5_get_err_text(context, ret)); @@ -869,7 +869,7 @@ _kdc_as_rep(krb5_context context, ret = _kdc_check_flags(context, config, &client->entry, client_name, - server, server_name, + &server->entry, server_name, TRUE); if(ret) goto out; @@ -920,7 +920,7 @@ _kdc_as_rep(krb5_context context, ret = _kdc_pk_check_client(context, config, client_princ, - &client->entry, + client, pkp, &client_cert); if (ret) { @@ -969,7 +969,8 @@ _kdc_as_rep(krb5_context context, goto out; } - ret = hdb_enctype2key(context, &client->entry, enc_data.etype, &pa_key); + ret = hdb_enctype2key(context, &client->entry, + enc_data.etype, &pa_key); if(ret){ char *estr; e_text = "No key matches pa-data"; @@ -1076,7 +1077,7 @@ _kdc_as_rep(krb5_context context, } }else if (config->require_preauth || client->entry.flags.require_preauth - || server->flags.require_preauth) { + || server->entry.flags.require_preauth) { METHOD_DATA method_data; PA_DATA *pa; unsigned char *buf; @@ -1110,11 +1111,12 @@ _kdc_as_rep(krb5_context context, */ /* XXX check ret */ if (only_older_enctype_p(req)) - ret = get_pa_etype_info(context, config, &method_data, &client->entry, + ret = get_pa_etype_info(context, config, + &method_data, &client->entry, b->etype.val, b->etype.len); /* XXX check ret */ - ret = get_pa_etype_info2(context, config, &method_data, &client->entry, - b->etype.val, b->etype.len); + ret = get_pa_etype_info2(context, config, &method_data, + &client->entry, b->etype.val, b->etype.len); ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret); @@ -1141,7 +1143,7 @@ _kdc_as_rep(krb5_context context, } ret = find_keys(context, config, - &client->entry, server, &ckey, &cetype, &skey, &setype, + client, server, &ckey, &cetype, &skey, &setype, b->etype.val, b->etype.len); if(ret) { kdc_log(context, config, 0, "Server/client has no support for etypes"); @@ -1213,12 +1215,12 @@ _kdc_as_rep(krb5_context context, _krb5_principal2principalname(&rep.cname, client->entry.principal); rep.ticket.tkt_vno = 5; - copy_Realm(&server->principal->realm, &rep.ticket.realm); + copy_Realm(&server->entry.principal->realm, &rep.ticket.realm); _krb5_principal2principalname(&rep.ticket.sname, - server->principal); + server->entry.principal); et.flags.initial = 1; - if(client->entry.flags.forwardable && server->flags.forwardable) + if(client->entry.flags.forwardable && server->entry.flags.forwardable) et.flags.forwardable = f.forwardable; else if (f.forwardable) { ret = KRB5KDC_ERR_POLICY; @@ -1226,7 +1228,7 @@ _kdc_as_rep(krb5_context context, "Ticket may not be forwardable -- %s", client_name); goto out; } - if(client->entry.flags.proxiable && server->flags.proxiable) + if(client->entry.flags.proxiable && server->entry.flags.proxiable) et.flags.proxiable = f.proxiable; else if (f.proxiable) { ret = KRB5KDC_ERR_POLICY; @@ -1234,7 +1236,7 @@ _kdc_as_rep(krb5_context context, "Ticket may not be proxiable -- %s", client_name); goto out; } - if(client->entry.flags.postdate && server->flags.postdate) + if(client->entry.flags.postdate && server->entry.flags.postdate) et.flags.may_postdate = f.allow_postdate; else if (f.allow_postdate){ ret = KRB5KDC_ERR_POLICY; @@ -1274,8 +1276,8 @@ _kdc_as_rep(krb5_context context, if(client->entry.max_life) t = start + min(t - start, *client->entry.max_life); - if(server->max_life) - t = start + min(t - start, *server->max_life); + if(server->entry.max_life) + t = start + min(t - start, *server->entry.max_life); #if 0 t = min(t, start + realm->max_life); #endif @@ -1295,8 +1297,8 @@ _kdc_as_rep(krb5_context context, t = MAX_TIME; if(client->entry.max_renew) t = start + min(t - start, *client->entry.max_renew); - if(server->max_renew) - t = start + min(t - start, *server->max_renew); + if(server->entry.max_renew) + t = start + min(t - start, *server->entry.max_renew); #if 0 t = min(t, start + realm->max_renew); #endif @@ -1352,7 +1354,8 @@ _kdc_as_rep(krb5_context context, ALLOC(ek.key_expiration); if (client->entry.valid_end) { if (client->entry.pw_end) - *ek.key_expiration = min(*client->entry.valid_end, *client->entry.pw_end); + *ek.key_expiration = min(*client->entry.valid_end, + *client->entry.pw_end); else *ek.key_expiration = *client->entry.valid_end; } else @@ -1415,7 +1418,7 @@ _kdc_as_rep(krb5_context context, et.endtime, et.renew_till); ret = encode_reply(context, config, - &rep, &et, &ek, setype, server->kvno, &skey->key, + &rep, &et, &ek, setype, server->entry.kvno, &skey->key, client->entry.kvno, reply_key, &e_text, reply); free_EncTicketPart(&et); free_EncKDCRepPart(&ek); @@ -1445,7 +1448,7 @@ _kdc_as_rep(krb5_context context, krb5_free_principal(context, server_princ); free(server_name); if(client) - _kdc_free_ent_ex(context, client); + _kdc_free_ent(context, client); if(server) _kdc_free_ent(context, server); return ret; @@ -1697,9 +1700,9 @@ tgs_make_reply(krb5_context context, AuthorizationData *auth_data, krb5_ticket *tgs_ticket, hdb_entry_ex *server, - hdb_entry *client, + hdb_entry_ex *client, krb5_principal client_principal, - hdb_entry *krbtgt, + hdb_entry_ex *krbtgt, EncryptionKey *tgtkey, krb5_enctype cetype, const char **e_text, @@ -1717,21 +1720,18 @@ tgs_make_reply(krb5_context context, if(adtkt) { int i; - krb5_keytype kt; ekey = &adtkt->key; - for(i = 0; i < b->etype.len; i++){ - ret = krb5_enctype_to_keytype(context, b->etype.val[i], &kt); - if(ret) - continue; - if(adtkt->key.keytype == kt) + for(i = 0; i < b->etype.len; i++) + if (b->etype.val[i] == adtkt->key.keytype) break; - } - if(i == b->etype.len) + if(i == b->etype.len) { + krb5_clear_error_string(context); return KRB5KDC_ERR_ETYPE_NOSUPP; + } etype = b->etype.val[i]; }else{ ret = find_keys(context, config, - NULL, &server->entry, NULL, NULL, &skey, &etype, + NULL, server, NULL, NULL, &skey, &etype, b->etype.val, b->etype.len); if(ret) { kdc_log(context, config, 0, "Server has no support for etypes"); @@ -1786,7 +1786,7 @@ tgs_make_reply(krb5_context context, &tgt->transited, &et, *krb5_princ_realm(context, client_principal), *krb5_princ_realm(context, server->entry.principal), - *krb5_princ_realm(context, krbtgt->principal)); + *krb5_princ_realm(context, krbtgt->entry.principal)); if(ret) goto out; @@ -1807,8 +1807,8 @@ tgs_make_reply(krb5_context context, { time_t life; life = et.endtime - *et.starttime; - if(client && client->max_life) - life = min(life, *client->max_life); + if(client && client->entry.max_life) + life = min(life, *client->entry.max_life); if(server->entry.max_life) life = min(life, *server->entry.max_life); et.endtime = *et.starttime + life; @@ -1822,8 +1822,8 @@ tgs_make_reply(krb5_context context, if(et.renew_till){ time_t renew; renew = *et.renew_till - et.authtime; - if(client && client->max_renew) - renew = min(renew, *client->max_renew); + if(client && client->entry.max_renew) + renew = min(renew, *client->entry.max_renew); if(server->entry.max_renew) renew = min(renew, *server->entry.max_renew); *et.renew_till = et.authtime + renew; @@ -1902,8 +1902,8 @@ tgs_make_reply(krb5_context context, etype list, even if we don't want a session key with DES3? */ ret = encode_reply(context, config, - &rep, &et, &ek, etype, adtkt ? 0 : server->entry.kvno, ekey, - 0, &tgt->key, e_text, reply); + &rep, &et, &ek, etype, adtkt ? 0 : server->entry.kvno, + ekey, 0, &tgt->key, e_text, reply); out: free_TGS_REP(&rep); free_TransitedEncoding(&et.transited); @@ -2053,7 +2053,7 @@ tgs_rep2(krb5_context context, const char *e_text = NULL; krb5_crypto crypto; - hdb_entry *krbtgt = NULL; + hdb_entry_ex *krbtgt = NULL; EncTicketPart *tgt; Key *tkey; krb5_enctype cetype; @@ -2101,7 +2101,7 @@ tgs_rep2(krb5_context context, } if(ap_req.ticket.enc_part.kvno && - *ap_req.ticket.enc_part.kvno != krbtgt->kvno){ + *ap_req.ticket.enc_part.kvno != krbtgt->entry.kvno){ char *p; ret = krb5_unparse_name (context, princ, &p); @@ -2111,7 +2111,7 @@ tgs_rep2(krb5_context context, kdc_log(context, config, 0, "Ticket kvno = %d, DB kvno = %d (%s)", *ap_req.ticket.enc_part.kvno, - krbtgt->kvno, + krbtgt->entry.kvno, p); if (ret == 0) free (p); @@ -2119,13 +2119,16 @@ tgs_rep2(krb5_context context, goto out2; } - ret = hdb_enctype2key(context, krbtgt, ap_req.ticket.enc_part.etype, &tkey); + ret = hdb_enctype2key(context, &krbtgt->entry, + ap_req.ticket.enc_part.etype, &tkey); if(ret){ - char *str; + char *str, *p; krb5_enctype_to_string(context, ap_req.ticket.enc_part.etype, &str); + krb5_unparse_name(context, princ, &p); kdc_log(context, config, 0, - "No server key found for %s", str); + "No server key with enctype %s found for %s", str, p); free(str); + free(p); ret = KRB5KRB_AP_ERR_BADKEYVER; goto out2; } @@ -2252,8 +2255,7 @@ tgs_rep2(krb5_context context, PrincipalName *s; Realm r; char *spn = NULL, *cpn = NULL; - hdb_entry_ex *server = NULL; - hdb_entry *client = NULL; + hdb_entry_ex *server = NULL, *client = NULL; int nloop = 0; EncTicketPart adtkt; char opt_str[128]; @@ -2262,7 +2264,7 @@ tgs_rep2(krb5_context context, r = b->realm; if(b->kdc_options.enc_tkt_in_skey){ Ticket *t; - hdb_entry *uu; + hdb_entry_ex *uu; krb5_principal p; Key *uukey; @@ -2288,13 +2290,15 @@ tgs_rep2(krb5_context context, ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; goto out; } - ret = hdb_enctype2key(context, uu, t->enc_part.etype, &uukey); + ret = hdb_enctype2key(context, &uu->entry, + t->enc_part.etype, &uukey); if(ret){ + _kdc_free_ent(context, uu); ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */ goto out; } ret = krb5_decrypt_ticket(context, t, &uukey->key, &adtkt, 0); - + _kdc_free_ent(context, uu); if(ret) goto out; s = &adtkt.cname; @@ -2320,7 +2324,7 @@ tgs_rep2(krb5_context context, kdc_log(context, config, 0, "TGS-REQ %s from %s for %s", cpn, from, spn); server_lookup: - ret = _kdc_db_fetch_ex(context, config, sp, HDB_ENT_TYPE_SERVER, &server); + ret = _kdc_db_fetch(context, config, sp, HDB_ENT_TYPE_SERVER, &server); if(ret){ const char *new_rlm; @@ -2386,9 +2390,9 @@ tgs_rep2(krb5_context context, #endif if(strcmp(krb5_principal_get_realm(context, sp), - krb5_principal_get_comp_string(context, krbtgt->principal, 1)) != 0) { + krb5_principal_get_comp_string(context, krbtgt->entry.principal, 1)) != 0) { char *tpn; - ret = krb5_unparse_name(context, krbtgt->principal, &tpn); + ret = krb5_unparse_name(context, krbtgt->entry.principal, &tpn); kdc_log(context, config, 0, "Request with wrong krbtgt: %s", (ret == 0) ? tpn : ""); @@ -2400,7 +2404,7 @@ tgs_rep2(krb5_context context, } ret = _kdc_check_flags(context, config, - client, cpn, + &client->entry, cpn, &server->entry, spn, FALSE); if(ret) @@ -2408,7 +2412,7 @@ tgs_rep2(krb5_context context, if((b->kdc_options.validate || b->kdc_options.renew) && !krb5_principal_compare(context, - krbtgt->principal, + krbtgt->entry.principal, server->entry.principal)){ kdc_log(context, config, 0, "Inconsistent request."); ret = KRB5KDC_ERR_SERVER_NOMATCH; @@ -2422,7 +2426,8 @@ tgs_rep2(krb5_context context, goto out; } - ret = tgs_make_reply(context, config, + ret = tgs_make_reply(context, + config, b, tgt, b->kdc_options.enc_tkt_in_skey ? &adtkt : NULL, @@ -2442,7 +2447,7 @@ tgs_rep2(krb5_context context, free(cpn); if(server) - _kdc_free_ent_ex(context, server); + _kdc_free_ent(context, server); if(client) _kdc_free_ent(context, client); } diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c index b14bb50ea5..3027d32cfc 100644 --- a/source4/heimdal/kdc/misc.c +++ b/source4/heimdal/kdc/misc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: misc.c,v 1.25 2005/06/30 01:53:48 lha Exp $"); +RCSID("$Id: misc.c,v 1.26 2005/12/12 12:37:31 lha Exp $"); struct timeval _kdc_now; @@ -41,16 +41,15 @@ krb5_error_code _kdc_db_fetch(krb5_context context, krb5_kdc_configuration *config, krb5_principal principal, enum hdb_ent_type ent_type, - hdb_entry **h) + hdb_entry_ex **h) { - hdb_entry *ent; + hdb_entry_ex *ent; krb5_error_code ret = HDB_ERR_NOENTRY; int i; ent = malloc (sizeof (*ent)); if (ent == NULL) return ENOMEM; - ent->principal = principal; for(i = 0; i < config->num_db; i++) { ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0); @@ -76,65 +75,9 @@ _kdc_db_fetch(krb5_context context, } void -_kdc_free_ent(krb5_context context, hdb_entry *ent) +_kdc_free_ent(krb5_context context, hdb_entry_ex *ent) { hdb_free_entry (context, ent); free (ent); } -krb5_error_code -_kdc_db_fetch_ex(krb5_context context, - krb5_kdc_configuration *config, - krb5_principal principal, enum hdb_ent_type ent_type, - hdb_entry_ex **h) -{ - hdb_entry_ex *ent; - krb5_error_code ret = HDB_ERR_NOENTRY; - int i; - - ent = malloc (sizeof (*ent)); - if (ent == NULL) - return ENOMEM; - memset(ent, '\0', sizeof(*ent)); - - ent->entry.principal = principal; - - for(i = 0; i < config->num_db; i++) { - ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0); - if (ret) { - kdc_log(context, config, 0, "Failed to open database: %s", - krb5_get_err_text(context, ret)); - continue; - } - if (config->db[i]->hdb_fetch_ex) { - ret = config->db[i]->hdb_fetch_ex(context, - config->db[i], - HDB_F_DECRYPT, - principal, - ent_type, - ent); - } else { - ret = config->db[i]->hdb_fetch(context, - config->db[i], - HDB_F_DECRYPT, - principal, - ent_type, - &ent->entry); - } - config->db[i]->hdb_close(context, config->db[i]); - if(ret == 0) { - *h = ent; - return 0; - } - } - free(ent); - return ret; -} - -void -_kdc_free_ent_ex(krb5_context context, hdb_entry_ex *ent) -{ - hdb_free_entry_ex (context, ent); - free (ent); -} - diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c index aee1ee5b3f..921d2ebba6 100644 --- a/source4/heimdal/lib/asn1/gen.c +++ b/source4/heimdal/lib/asn1/gen.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c,v 1.63 2005/08/23 10:49:16 lha Exp $"); +RCSID("$Id: gen.c,v 1.64 2005/12/06 19:59:13 lha Exp $"); FILE *headerfile, *codefile, *logfile; @@ -567,6 +567,7 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) i.type = TInteger; i.range = ⦥ i.members = NULL; + i.constraint = NULL; space(level); if(ASN1_TAILQ_EMPTY(t->members)) @@ -640,6 +641,7 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) i.type = TInteger; i.range = ⦥ i.members = NULL; + i.constraint = NULL; space(level); fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index 858a669da1..0bf3cdafdb 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -247,9 +247,10 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y,v 1.25 2005/08/23 10:52:31 lha Exp $"); +RCSID("$Id: parse.y,v 1.27 2005/12/14 09:44:36 lha Exp $"); static Type *new_type (Typetype t); +static struct constraint_spec *new_constraint_spec(enum ctype); static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype); void yyerror (const char *); static struct objid *new_objid(const char *label, int value); @@ -277,7 +278,7 @@ struct string_list { #endif #if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) -#line 64 "parse.y" +#line 65 "parse.y" typedef union YYSTYPE { int constant; struct value *value; @@ -290,9 +291,10 @@ typedef union YYSTYPE { struct string_list *sl; struct tagtype tag; struct memhead *members; + struct constraint_spec *constraint_spec; } YYSTYPE; /* Line 190 of yacc.c. */ -#line 296 "parse.c" +#line 298 "parse.c" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 @@ -304,7 +306,7 @@ typedef union YYSTYPE { /* Line 213 of yacc.c. */ -#line 308 "parse.c" +#line 310 "parse.c" #if ! defined (yyoverflow) || YYERROR_VERBOSE @@ -406,16 +408,16 @@ union yyalloc /* YYFINAL -- State number of the termination state. */ #define YYFINAL 4 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 152 +#define YYLAST 168 /* YYNTOKENS -- Number of terminals. */ #define YYNTOKENS 98 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 61 +#define YYNNTS 67 /* YYNRULES -- Number of rules. */ -#define YYNRULES 120 +#define YYNRULES 130 /* YYNRULES -- Number of states. */ -#define YYNSTATES 181 +#define YYNSTATES 201 /* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ #define YYUNDEFTOK 2 @@ -473,15 +475,16 @@ static const unsigned short int yyprhs[] = 29, 30, 34, 35, 37, 38, 40, 43, 48, 50, 53, 55, 57, 61, 63, 67, 69, 71, 73, 75, 77, 79, 81, 83, 85, 87, 89, 91, 93, 95, - 97, 99, 101, 107, 109, 112, 117, 119, 123, 127, - 132, 137, 139, 142, 148, 151, 154, 156, 161, 165, - 169, 174, 178, 182, 187, 189, 191, 193, 195, 197, - 201, 206, 207, 209, 211, 213, 214, 216, 218, 223, - 225, 227, 229, 231, 233, 235, 237, 239, 243, 247, - 250, 252, 255, 259, 261, 265, 270, 272, 273, 277, - 278, 281, 286, 288, 290, 292, 294, 296, 298, 300, - 302, 304, 306, 308, 310, 312, 314, 316, 318, 320, - 322 + 97, 99, 101, 103, 109, 111, 114, 119, 121, 125, + 129, 134, 139, 141, 144, 150, 153, 156, 158, 163, + 167, 171, 176, 180, 184, 189, 191, 193, 195, 197, + 199, 202, 206, 208, 210, 212, 215, 219, 225, 230, + 234, 239, 240, 242, 244, 246, 247, 249, 251, 256, + 258, 260, 262, 264, 266, 268, 270, 272, 276, 280, + 283, 285, 288, 292, 294, 298, 303, 305, 306, 310, + 311, 314, 319, 321, 323, 325, 327, 329, 331, 333, + 335, 337, 339, 341, 343, 345, 347, 349, 351, 353, + 355 }; /* YYRHS -- A `-1'-separated list of the rules' RHS. */ @@ -491,53 +494,57 @@ static const short int yyrhs[] = 24, -1, 27, 70, -1, 38, 70, -1, 7, 70, -1, -1, 29, 39, -1, -1, 103, 107, -1, -1, 40, 104, 90, -1, -1, 105, -1, -1, 106, -1, - 105, 106, -1, 109, 32, 86, 144, -1, 108, -1, - 108, 107, -1, 110, -1, 136, -1, 86, 91, 109, + 105, 106, -1, 109, 32, 86, 150, -1, 108, -1, + 108, 107, -1, 110, -1, 142, -1, 86, 91, 109, -1, 86, -1, 86, 84, 111, -1, 112, -1, 129, - -1, 120, -1, 113, -1, 137, -1, 128, -1, 118, - -1, 115, -1, 123, -1, 121, -1, 122, -1, 124, - -1, 125, -1, 126, -1, 127, -1, 132, -1, 11, - -1, 92, 148, 83, 148, 93, -1, 43, -1, 43, - 114, -1, 43, 94, 116, 95, -1, 117, -1, 116, - 91, 117, -1, 116, 91, 85, -1, 86, 92, 156, - 93, -1, 25, 94, 119, 95, -1, 116, -1, 9, - 67, -1, 9, 67, 94, 142, 95, -1, 51, 37, - -1, 52, 67, -1, 49, -1, 64, 94, 139, 95, - -1, 64, 94, 95, -1, 64, 53, 111, -1, 65, - 94, 139, 95, -1, 65, 94, 95, -1, 65, 53, - 111, -1, 14, 94, 139, 95, -1, 130, -1, 131, - -1, 86, -1, 34, -1, 77, -1, 133, 135, 111, - -1, 96, 134, 89, 97, -1, -1, 76, -1, 6, - -1, 60, -1, -1, 27, -1, 38, -1, 86, 111, - 84, 148, -1, 138, -1, 33, -1, 78, -1, 61, - -1, 36, -1, 10, -1, 79, -1, 141, -1, 139, - 91, 141, -1, 139, 91, 85, -1, 86, 111, -1, - 140, -1, 140, 54, -1, 140, 20, 148, -1, 143, - -1, 142, 91, 143, -1, 86, 92, 89, 93, -1, - 145, -1, -1, 94, 146, 95, -1, -1, 147, 146, - -1, 86, 92, 89, 93, -1, 86, -1, 89, -1, - 149, -1, 150, -1, 154, -1, 153, -1, 155, -1, - 158, -1, 157, -1, 151, -1, 152, -1, 86, -1, - 88, -1, 71, -1, 31, -1, 156, -1, 89, -1, - 49, -1, 145, -1 + -1, 132, -1, 120, -1, 113, -1, 143, -1, 128, + -1, 118, -1, 115, -1, 123, -1, 121, -1, 122, + -1, 124, -1, 125, -1, 126, -1, 127, -1, 138, + -1, 11, -1, 92, 154, 83, 154, 93, -1, 43, + -1, 43, 114, -1, 43, 94, 116, 95, -1, 117, + -1, 116, 91, 117, -1, 116, 91, 85, -1, 86, + 92, 162, 93, -1, 25, 94, 119, 95, -1, 116, + -1, 9, 67, -1, 9, 67, 94, 148, 95, -1, + 51, 37, -1, 52, 67, -1, 49, -1, 64, 94, + 145, 95, -1, 64, 94, 95, -1, 64, 53, 111, + -1, 65, 94, 145, 95, -1, 65, 94, 95, -1, + 65, 53, 111, -1, 14, 94, 145, 95, -1, 130, + -1, 131, -1, 86, -1, 34, -1, 77, -1, 111, + 133, -1, 92, 134, 93, -1, 135, -1, 136, -1, + 137, -1, 19, 111, -1, 23, 12, 154, -1, 19, + 111, 23, 12, 154, -1, 18, 12, 94, 95, -1, + 139, 141, 111, -1, 96, 140, 89, 97, -1, -1, + 76, -1, 6, -1, 60, -1, -1, 27, -1, 38, + -1, 86, 111, 84, 154, -1, 144, -1, 33, -1, + 78, -1, 61, -1, 36, -1, 10, -1, 79, -1, + 147, -1, 145, 91, 147, -1, 145, 91, 85, -1, + 86, 111, -1, 146, -1, 146, 54, -1, 146, 20, + 154, -1, 149, -1, 148, 91, 149, -1, 86, 92, + 89, 93, -1, 151, -1, -1, 94, 152, 95, -1, + -1, 153, 152, -1, 86, 92, 89, 93, -1, 86, + -1, 89, -1, 155, -1, 156, -1, 160, -1, 159, + -1, 161, -1, 164, -1, 163, -1, 157, -1, 158, + -1, 86, -1, 88, -1, 71, -1, 31, -1, 162, + -1, 89, -1, 49, -1, 151, -1 }; /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ static const unsigned short int yyrline[] = { - 0, 222, 222, 229, 230, 232, 234, 237, 239, 242, - 243, 246, 247, 250, 251, 254, 255, 258, 269, 270, - 273, 274, 277, 283, 291, 301, 302, 305, 306, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 321, 328, 338, 343, 350, 358, 364, 369, 373, - 386, 394, 397, 404, 412, 418, 425, 432, 438, 446, - 454, 460, 468, 476, 483, 484, 487, 498, 503, 510, - 523, 532, 535, 539, 543, 550, 553, 557, 564, 575, - 578, 583, 588, 593, 598, 603, 611, 617, 622, 633, - 644, 650, 656, 664, 670, 677, 690, 691, 694, 701, - 704, 715, 719, 730, 736, 737, 740, 741, 742, 743, - 744, 747, 750, 753, 764, 772, 778, 786, 794, 797, - 802 + 0, 231, 231, 238, 239, 241, 243, 246, 248, 251, + 252, 255, 256, 259, 260, 263, 264, 267, 278, 279, + 282, 283, 286, 292, 300, 310, 311, 312, 315, 316, + 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, + 327, 328, 331, 338, 348, 353, 360, 368, 374, 379, + 383, 396, 404, 407, 414, 422, 428, 435, 442, 448, + 456, 464, 470, 478, 486, 493, 494, 497, 508, 513, + 520, 536, 541, 543, 544, 547, 553, 561, 571, 577, + 590, 599, 602, 606, 610, 617, 620, 624, 631, 642, + 645, 650, 655, 660, 665, 670, 678, 684, 689, 700, + 711, 717, 723, 731, 737, 744, 757, 758, 761, 768, + 771, 782, 786, 797, 803, 804, 807, 808, 809, 810, + 811, 814, 817, 820, 831, 839, 845, 853, 861, 864, + 869 }; #endif @@ -575,7 +582,9 @@ static const char *const yytname[] = "Enumerations", "BitStringType", "ObjectIdentifierType", "OctetStringType", "NullType", "SequenceType", "SequenceOfType", "SetType", "SetOfType", "ChoiceType", "ReferencedType", "DefinedType", - "UsefulType", "TaggedType", "Tag", "Class", "tagenv", "ValueAssignment", + "UsefulType", "ConstrainedType", "Constraint", "ConstraintSpec", + "GeneralConstraint", "ContentsConstraint", "UserDefinedConstraint", + "TaggedType", "Tag", "Class", "tagenv", "ValueAssignment", "CharacterStringType", "RestrictedCharactedStringType", "ComponentTypeList", "NamedType", "ComponentType", "NamedBitList", "NamedBit", "objid_opt", "objid", "objid_list", "objid_element", "Value", @@ -608,17 +617,18 @@ static const unsigned char yyr1[] = { 0, 98, 99, 100, 100, 100, 100, 101, 101, 102, 102, 103, 103, 104, 104, 105, 105, 106, 107, 107, - 108, 108, 109, 109, 110, 111, 111, 112, 112, 112, + 108, 108, 109, 109, 110, 111, 111, 111, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, - 112, 113, 114, 115, 115, 115, 116, 116, 116, 117, - 118, 119, 120, 120, 121, 122, 123, 124, 124, 125, - 126, 126, 127, 128, 129, 129, 130, 131, 131, 132, - 133, 134, 134, 134, 134, 135, 135, 135, 136, 137, - 138, 138, 138, 138, 138, 138, 139, 139, 139, 140, - 141, 141, 141, 142, 142, 143, 144, 144, 145, 146, - 146, 147, 147, 147, 148, 148, 149, 149, 149, 149, - 149, 150, 151, 152, 153, 154, 154, 155, 156, 157, - 158 + 112, 112, 113, 114, 115, 115, 115, 116, 116, 116, + 117, 118, 119, 120, 120, 121, 122, 123, 124, 124, + 125, 126, 126, 127, 128, 129, 129, 130, 131, 131, + 132, 133, 134, 135, 135, 136, 136, 136, 137, 138, + 139, 140, 140, 140, 140, 141, 141, 141, 142, 143, + 144, 144, 144, 144, 144, 144, 145, 145, 145, 146, + 147, 147, 147, 148, 148, 149, 150, 150, 151, 152, + 152, 153, 153, 153, 154, 154, 155, 155, 155, 155, + 155, 156, 157, 158, 159, 160, 160, 161, 162, 163, + 164 }; /* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ @@ -628,9 +638,10 @@ static const unsigned char yyr2[] = 0, 3, 0, 1, 0, 1, 2, 4, 1, 2, 1, 1, 3, 1, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 5, 1, 2, 4, 1, 3, 3, 4, - 4, 1, 2, 5, 2, 2, 1, 4, 3, 3, - 4, 3, 3, 4, 1, 1, 1, 1, 1, 3, + 1, 1, 1, 5, 1, 2, 4, 1, 3, 3, + 4, 4, 1, 2, 5, 2, 2, 1, 4, 3, + 3, 4, 3, 3, 4, 1, 1, 1, 1, 1, + 2, 3, 1, 1, 1, 2, 3, 5, 4, 3, 4, 0, 1, 1, 1, 0, 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, 1, 3, 3, 2, 1, 2, 3, 1, 3, 4, 1, 0, 3, 0, @@ -647,72 +658,76 @@ static const unsigned char yydefact[] = 0, 0, 0, 6, 1, 0, 0, 0, 8, 5, 3, 4, 0, 0, 7, 0, 10, 14, 0, 0, 23, 0, 13, 15, 0, 2, 0, 9, 18, 20, - 21, 0, 11, 16, 0, 0, 84, 41, 0, 0, - 80, 67, 83, 43, 56, 0, 0, 82, 0, 0, - 68, 81, 85, 0, 66, 71, 0, 25, 28, 32, - 31, 27, 34, 35, 33, 36, 37, 38, 39, 30, - 26, 64, 65, 40, 75, 29, 79, 19, 22, 97, - 52, 0, 0, 0, 0, 44, 54, 55, 0, 0, - 0, 0, 24, 73, 74, 72, 0, 0, 76, 77, - 0, 99, 17, 96, 0, 0, 0, 90, 86, 0, - 51, 46, 0, 116, 119, 115, 113, 114, 118, 120, - 0, 104, 105, 111, 112, 107, 106, 108, 117, 110, - 109, 0, 59, 58, 0, 62, 61, 0, 0, 78, - 69, 102, 103, 0, 99, 0, 0, 93, 89, 0, - 63, 0, 91, 0, 0, 50, 0, 45, 57, 60, - 70, 0, 98, 100, 0, 0, 53, 88, 87, 92, - 0, 48, 47, 0, 0, 0, 94, 49, 42, 101, - 95 + 21, 0, 11, 16, 0, 0, 94, 42, 0, 0, + 90, 68, 93, 44, 57, 0, 0, 92, 0, 0, + 69, 91, 95, 0, 67, 81, 0, 25, 29, 33, + 32, 28, 35, 36, 34, 37, 38, 39, 40, 31, + 26, 65, 66, 27, 41, 85, 30, 89, 19, 22, + 107, 53, 0, 0, 0, 0, 45, 55, 56, 0, + 0, 0, 0, 24, 83, 84, 82, 0, 0, 0, + 70, 86, 87, 0, 109, 17, 106, 0, 0, 0, + 100, 96, 0, 52, 47, 0, 126, 129, 125, 123, + 124, 128, 130, 0, 114, 115, 121, 122, 117, 116, + 118, 127, 120, 119, 0, 60, 59, 0, 63, 62, + 0, 0, 88, 0, 0, 0, 0, 72, 73, 74, + 79, 112, 113, 0, 109, 0, 0, 103, 99, 0, + 64, 0, 101, 0, 0, 51, 0, 46, 58, 61, + 80, 0, 75, 0, 71, 0, 108, 110, 0, 0, + 54, 98, 97, 102, 0, 49, 48, 0, 0, 0, + 76, 0, 0, 104, 50, 43, 78, 0, 111, 105, + 77 }; /* YYDEFGOTO[NTERM-NUM]. */ static const short int yydefgoto[] = { -1, 2, 8, 13, 18, 19, 21, 22, 23, 27, - 28, 24, 29, 56, 57, 58, 85, 59, 110, 111, - 60, 112, 61, 62, 63, 64, 65, 66, 67, 68, - 69, 70, 71, 72, 73, 74, 96, 100, 30, 75, - 76, 106, 107, 108, 146, 147, 102, 119, 143, 144, - 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, - 130 + 28, 24, 29, 56, 57, 58, 86, 59, 113, 114, + 60, 115, 61, 62, 63, 64, 65, 66, 67, 68, + 69, 70, 71, 72, 73, 100, 146, 147, 148, 149, + 74, 75, 97, 103, 30, 76, 77, 109, 110, 111, + 156, 157, 105, 122, 153, 154, 123, 124, 125, 126, + 127, 128, 129, 130, 131, 132, 133 }; /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing STATE-NUM. */ -#define YYPACT_NINF -94 -static const yysigned_char yypact[] = +#define YYPACT_NINF -99 +static const short int yypact[] = { - -49, 5, 60, 3, -94, -6, 1, 10, 43, -94, - -94, -94, 42, -2, -94, 76, -33, 0, 64, 4, - 7, 9, 0, -94, 61, -94, -9, -94, 4, -94, - -94, 0, -94, -94, 14, 28, -94, -94, 12, 13, - -94, -94, -94, -56, -94, 66, 41, -94, -50, -47, - -94, -94, -94, 40, -94, 2, 25, -94, -94, -94, - -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, - -94, -94, -94, -94, -18, -94, -94, -94, -94, 16, - 17, 26, 27, 8, 27, -94, -94, -94, 40, -73, - 40, -72, -94, -94, -94, -94, 34, 8, -94, -94, - 40, -41, -94, -94, 29, 40, -80, -8, -94, 22, - 30, -94, 21, -94, -94, -94, -94, -94, -94, -94, - 44, -94, -94, -94, -94, -94, -94, -94, -94, -94, - -94, -74, -94, -94, -63, -94, -94, -62, 31, -94, - -94, 33, -94, 35, -41, 37, -60, -94, -94, -67, - -94, 8, -94, 45, -19, -94, 8, -94, -94, -94, - -94, 46, -94, -94, 49, 29, -94, -94, -94, -94, - 38, -94, -94, 47, 48, 50, -94, -94, -94, -94, - -94 + -46, 20, 13, 21, -99, 11, 23, 25, 54, -99, + -99, -99, 58, 6, -99, 90, -34, 15, 80, 19, + 16, 18, 15, -99, 74, -99, -7, -99, 19, -99, + -99, 15, -99, -99, 24, 42, -99, -99, 17, 26, + -99, -99, -99, -73, -99, 76, 50, -99, -45, -44, + -99, -99, -99, 51, -99, 4, -67, -99, -99, -99, + -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, + -99, -99, -99, -99, -99, -16, -99, -99, -99, -99, + 27, 28, 33, 37, 47, 37, -99, -99, -99, 51, + -72, 51, -71, 22, -99, -99, -99, 35, 47, 12, + -99, -99, -99, 51, 2, -99, -99, 39, 51, -75, + -8, -99, 34, 36, -99, 43, -99, -99, -99, -99, + -99, -99, -99, 48, -99, -99, -99, -99, -99, -99, + -99, -99, -99, -99, -57, 22, -99, -48, 22, -99, + -22, 45, -99, 120, 51, 122, 46, -99, -99, -99, + 22, 52, -99, 53, 2, 57, -9, -99, 22, -53, + -99, 47, -99, 56, -19, -99, 47, -99, -99, -99, + -99, 49, -18, 47, -99, 61, -99, -99, 62, 39, + -99, -99, -99, -99, 59, -99, -99, 60, 63, 128, + -99, 64, 66, -99, -99, -99, -99, 47, -99, -99, + -99 }; /* YYPGOTO[NTERM-NUM]. */ static const yysigned_char yypgoto[] = { - -94, -94, -94, -94, -94, -94, -94, -94, 102, 105, - -94, 108, -94, 32, -94, -94, -94, -94, 58, -10, - -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, - -94, -94, -94, -94, -94, -94, -94, -94, -94, -94, - -94, -30, -94, -4, -94, -17, -94, 67, 6, -94, - -93, -94, -94, -94, -94, -94, -94, -94, -1, -94, - -94 + -99, -99, -99, -99, -99, -99, -99, -99, 124, 126, + -99, 125, -99, -52, -99, -99, -99, -99, 70, -4, + -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, + -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, + -99, -99, -99, -99, -99, -99, -99, -37, -99, 3, + -99, -15, -99, 81, 9, -99, -98, -99, -99, -99, + -99, -99, -99, -99, 5, -99, -99 }; /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If @@ -722,42 +737,44 @@ static const yysigned_char yypgoto[] = #define YYTABLE_NINF -13 static const short int yytable[] = { - 35, 36, 37, 88, 139, 38, 90, 17, 93, 98, - 5, 149, 151, 105, 105, 150, 39, 154, 167, 105, - 99, 157, 133, 136, 40, 41, 3, 42, 149, 149, - 6, 165, 158, 159, 43, 166, 83, 1, 84, 113, - 44, 7, 45, 46, 89, 141, 152, 91, 142, 35, - 36, 37, 47, -12, 38, 48, 49, 114, 169, 134, - 4, 137, 94, 173, 9, 39, 171, 109, 50, 51, - 52, 10, 12, 40, 41, 53, 42, 54, 95, 115, - 11, 14, 15, 43, 16, 92, 20, 55, 25, 44, - 26, 45, 46, 34, 116, 80, 117, 118, 31, 32, - 79, 47, 101, 86, 48, 49, 81, 82, 87, 97, - 101, 104, 105, 109, 153, 145, 155, 50, 51, 52, - 132, 154, 135, 138, 33, 161, 54, 156, 160, 164, - 162, 177, 140, 77, 118, 174, 55, 148, 175, 78, - 178, 179, 131, 180, 172, 168, 103, 0, 176, 0, - 163, 0, 170 + 142, 93, 35, 36, 37, 189, 17, 38, 89, 91, + 94, 101, 161, 4, 108, 108, 159, 98, 39, 84, + 160, 85, 102, 136, 139, 99, 40, 41, 5, 42, + 143, 144, 181, 108, 164, 145, 43, 135, 167, 138, + 1, 3, 44, 159, 45, 46, 162, 168, 6, 90, + 92, 150, -12, 137, 47, 140, 158, 48, 49, 7, + 35, 36, 37, 183, 95, 38, 185, 112, 187, 159, + 50, 51, 52, 169, 99, 190, 39, 53, 116, 54, + 96, 9, 179, 12, 40, 41, 180, 42, 151, 55, + 15, 152, 172, 10, 43, 11, 117, 14, 16, 200, + 44, 20, 45, 46, 25, 26, 34, 31, 32, 81, + 80, 82, 47, 87, 99, 48, 49, 88, 118, 108, + 83, 104, 107, 112, 141, 155, 163, 164, 50, 51, + 52, 166, 171, 119, 173, 120, 121, 54, 165, 174, + 197, 104, 170, 188, 175, 121, 33, 55, 176, 178, + 191, 192, 194, 195, 78, 134, 79, 198, 196, 199, + 186, 106, 182, 177, 193, 0, 0, 0, 184 }; static const short int yycheck[] = { - 9, 10, 11, 53, 97, 14, 53, 40, 6, 27, - 7, 91, 20, 86, 86, 95, 25, 91, 85, 86, - 38, 95, 95, 95, 33, 34, 21, 36, 91, 91, - 27, 91, 95, 95, 43, 95, 92, 86, 94, 31, - 49, 38, 51, 52, 94, 86, 54, 94, 89, 9, - 10, 11, 61, 86, 14, 64, 65, 49, 151, 89, - 0, 91, 60, 156, 70, 25, 85, 86, 77, 78, - 79, 70, 29, 33, 34, 84, 36, 86, 76, 71, - 70, 39, 84, 43, 8, 53, 86, 96, 24, 49, - 86, 51, 52, 32, 86, 67, 88, 89, 91, 90, - 86, 61, 94, 37, 64, 65, 94, 94, 67, 84, - 94, 94, 86, 86, 92, 86, 95, 77, 78, 79, - 88, 91, 90, 89, 22, 92, 86, 83, 97, 92, - 95, 93, 100, 28, 89, 89, 96, 105, 89, 31, - 93, 93, 84, 93, 154, 149, 79, -1, 165, -1, - 144, -1, 153 + 98, 53, 9, 10, 11, 23, 40, 14, 53, 53, + 6, 27, 20, 0, 86, 86, 91, 84, 25, 92, + 95, 94, 38, 95, 95, 92, 33, 34, 7, 36, + 18, 19, 85, 86, 91, 23, 43, 89, 95, 91, + 86, 21, 49, 91, 51, 52, 54, 95, 27, 94, + 94, 103, 86, 90, 61, 92, 108, 64, 65, 38, + 9, 10, 11, 161, 60, 14, 85, 86, 166, 91, + 77, 78, 79, 95, 92, 173, 25, 84, 31, 86, + 76, 70, 91, 29, 33, 34, 95, 36, 86, 96, + 84, 89, 144, 70, 43, 70, 49, 39, 8, 197, + 49, 86, 51, 52, 24, 86, 32, 91, 90, 67, + 86, 94, 61, 37, 92, 64, 65, 67, 71, 86, + 94, 94, 94, 86, 89, 86, 92, 91, 77, 78, + 79, 83, 12, 86, 12, 88, 89, 86, 95, 93, + 12, 94, 97, 94, 92, 89, 22, 96, 95, 92, + 89, 89, 93, 93, 28, 85, 31, 93, 95, 93, + 164, 80, 159, 154, 179, -1, -1, -1, 163 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing @@ -767,22 +784,24 @@ static const unsigned char yystos[] = 0, 86, 99, 21, 0, 7, 27, 38, 100, 70, 70, 70, 29, 101, 39, 84, 8, 40, 102, 103, 86, 104, 105, 106, 109, 24, 86, 107, 108, 110, - 136, 91, 90, 106, 32, 9, 10, 11, 14, 25, + 142, 91, 90, 106, 32, 9, 10, 11, 14, 25, 33, 34, 36, 43, 49, 51, 52, 61, 64, 65, 77, 78, 79, 84, 86, 96, 111, 112, 113, 115, 118, 120, 121, 122, 123, 124, 125, 126, 127, 128, - 129, 130, 131, 132, 133, 137, 138, 107, 109, 86, - 67, 94, 94, 92, 94, 114, 37, 67, 53, 94, - 53, 94, 111, 6, 60, 76, 134, 84, 27, 38, - 135, 94, 144, 145, 94, 86, 139, 140, 141, 86, - 116, 117, 119, 31, 49, 71, 86, 88, 89, 145, - 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, - 158, 116, 111, 95, 139, 111, 95, 139, 89, 148, - 111, 86, 89, 146, 147, 86, 142, 143, 111, 91, + 129, 130, 131, 132, 138, 139, 143, 144, 107, 109, + 86, 67, 94, 94, 92, 94, 114, 37, 67, 53, + 94, 53, 94, 111, 6, 60, 76, 140, 84, 92, + 133, 27, 38, 141, 94, 150, 151, 94, 86, 145, + 146, 147, 86, 116, 117, 119, 31, 49, 71, 86, + 88, 89, 151, 154, 155, 156, 157, 158, 159, 160, + 161, 162, 163, 164, 116, 111, 95, 145, 111, 95, + 145, 89, 154, 18, 19, 23, 134, 135, 136, 137, + 111, 86, 89, 152, 153, 86, 148, 149, 111, 91, 95, 20, 54, 92, 91, 95, 83, 95, 95, 95, - 97, 92, 95, 146, 92, 91, 95, 85, 141, 148, - 156, 85, 117, 148, 89, 89, 143, 93, 93, 93, - 93 + 97, 12, 111, 12, 93, 92, 95, 152, 92, 91, + 95, 85, 147, 154, 162, 85, 117, 154, 94, 23, + 154, 89, 89, 149, 93, 93, 95, 12, 93, 93, + 154 }; #if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) @@ -1423,29 +1442,29 @@ yyreduce: switch (yyn) { case 2: -#line 224 "parse.y" +#line 233 "parse.y" { checkundefined(); } break; case 4: -#line 231 "parse.y" +#line 240 "parse.y" { error_message("implicit tagging is not supported"); } break; case 5: -#line 233 "parse.y" +#line 242 "parse.y" { error_message("automatic tagging is not supported"); } break; case 7: -#line 238 "parse.y" +#line 247 "parse.y" { error_message("no extensibility options supported"); } break; case 17: -#line 259 "parse.y" +#line 268 "parse.y" { struct string_list *sl; for(sl = (yyvsp[-3].sl); sl != NULL; sl = sl->next) { @@ -1457,7 +1476,7 @@ yyreduce: break; case 22: -#line 278 "parse.y" +#line 287 "parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[-2].name); @@ -1466,7 +1485,7 @@ yyreduce: break; case 23: -#line 284 "parse.y" +#line 293 "parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[0].name); @@ -1475,7 +1494,7 @@ yyreduce: break; case 24: -#line 292 "parse.y" +#line 301 "parse.y" { Symbol *s = addsym ((yyvsp[-2].name)); s->stype = Stype; @@ -1485,16 +1504,16 @@ yyreduce: } break; - case 41: -#line 322 "parse.y" + case 42: +#line 332 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean, TE_EXPLICIT, new_type(TBoolean)); } break; - case 42: -#line 329 "parse.y" + case 43: +#line 339 "parse.y" { if((yyvsp[-3].value)->type != integervalue || (yyvsp[-1].value)->type != integervalue) @@ -1504,16 +1523,16 @@ yyreduce: } break; - case 43: -#line 339 "parse.y" + case 44: +#line 349 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, new_type(TInteger)); } break; - case 44: -#line 344 "parse.y" + case 45: +#line 354 "parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->range = emalloc(sizeof(*(yyval.type)->range)); @@ -1522,8 +1541,8 @@ yyreduce: } break; - case 45: -#line 351 "parse.y" + case 46: +#line 361 "parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[-1].members); @@ -1531,8 +1550,8 @@ yyreduce: } break; - case 46: -#line 359 "parse.y" + case 47: +#line 369 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -1540,21 +1559,21 @@ yyreduce: } break; - case 47: -#line 365 "parse.y" + case 48: +#line 375 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members); (yyval.members) = (yyvsp[-2].members); } break; - case 48: -#line 370 "parse.y" + case 49: +#line 380 "parse.y" { (yyval.members) = (yyvsp[-2].members); } break; - case 49: -#line 374 "parse.y" + case 50: +#line 384 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[-3].name); @@ -1567,8 +1586,8 @@ yyreduce: } break; - case 50: -#line 387 "parse.y" + case 51: +#line 397 "parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[-1].members); @@ -1576,8 +1595,8 @@ yyreduce: } break; - case 52: -#line 398 "parse.y" + case 53: +#line 408 "parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = emalloc(sizeof(*(yyval.type)->members)); @@ -1586,8 +1605,8 @@ yyreduce: } break; - case 53: -#line 405 "parse.y" + case 54: +#line 415 "parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = (yyvsp[-1].members); @@ -1595,32 +1614,32 @@ yyreduce: } break; - case 54: -#line 413 "parse.y" + case 55: +#line 423 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_OID, TE_EXPLICIT, new_type(TOID)); } break; - case 55: -#line 419 "parse.y" + case 56: +#line 429 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_OctetString, TE_EXPLICIT, new_type(TOctetString)); } break; - case 56: -#line 426 "parse.y" + case 57: +#line 436 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Null, TE_EXPLICIT, new_type(TNull)); } break; - case 57: -#line 433 "parse.y" + case 58: +#line 443 "parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = (yyvsp[-1].members); @@ -1628,8 +1647,8 @@ yyreduce: } break; - case 58: -#line 439 "parse.y" + case 59: +#line 449 "parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = NULL; @@ -1637,8 +1656,8 @@ yyreduce: } break; - case 59: -#line 447 "parse.y" + case 60: +#line 457 "parse.y" { (yyval.type) = new_type(TSequenceOf); (yyval.type)->subtype = (yyvsp[0].type); @@ -1646,8 +1665,8 @@ yyreduce: } break; - case 60: -#line 455 "parse.y" + case 61: +#line 465 "parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = (yyvsp[-1].members); @@ -1655,8 +1674,8 @@ yyreduce: } break; - case 61: -#line 461 "parse.y" + case 62: +#line 471 "parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = NULL; @@ -1664,8 +1683,8 @@ yyreduce: } break; - case 62: -#line 469 "parse.y" + case 63: +#line 479 "parse.y" { (yyval.type) = new_type(TSetOf); (yyval.type)->subtype = (yyvsp[0].type); @@ -1673,16 +1692,16 @@ yyreduce: } break; - case 63: -#line 477 "parse.y" + case 64: +#line 487 "parse.y" { (yyval.type) = new_type(TChoice); (yyval.type)->members = (yyvsp[-1].members); } break; - case 66: -#line 488 "parse.y" + case 67: +#line 498 "parse.y" { Symbol *s = addsym((yyvsp[0].name)); (yyval.type) = new_type(TType); @@ -1693,24 +1712,85 @@ yyreduce: } break; - case 67: -#line 499 "parse.y" + case 68: +#line 509 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, TE_EXPLICIT, new_type(TGeneralizedTime)); } break; - case 68: -#line 504 "parse.y" + case 69: +#line 514 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime, TE_EXPLICIT, new_type(TUTCTime)); } break; - case 69: -#line 511 "parse.y" + case 70: +#line 521 "parse.y" + { + /* if (Constraint.type == contentConstrant) { + assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too + if (Constraint.u.constraint.type) { + assert((Constraint.u.constraint.type.length % 8) == 0); + } + } + if (Constraint.u.constraint.encoding) { + type == der-oid|ber-oid + } + */ + } + break; + + case 71: +#line 537 "parse.y" + { + (yyval.constraint_spec) = (yyvsp[-1].constraint_spec); + } + break; + + case 75: +#line 548 "parse.y" + { + (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); + (yyval.constraint_spec)->u.content.type = (yyvsp[0].type); + (yyval.constraint_spec)->u.content.encoding = NULL; + } + break; + + case 76: +#line 554 "parse.y" + { + if ((yyvsp[0].value)->type != objectidentifiervalue) + error_message("Non-OID used in ENCODED BY constraint"); + (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); + (yyval.constraint_spec)->u.content.type = NULL; + (yyval.constraint_spec)->u.content.encoding = (yyvsp[0].value); + } + break; + + case 77: +#line 562 "parse.y" + { + if ((yyvsp[0].value)->type != objectidentifiervalue) + error_message("Non-OID used in ENCODED BY constraint"); + (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); + (yyval.constraint_spec)->u.content.type = (yyvsp[-3].type); + (yyval.constraint_spec)->u.content.encoding = (yyvsp[0].value); + } + break; + + case 78: +#line 572 "parse.y" + { + (yyval.constraint_spec) = new_constraint_spec(CT_USER); + } + break; + + case 79: +#line 578 "parse.y" { (yyval.type) = new_type(TTag); (yyval.type)->tag = (yyvsp[-2].tag); @@ -1723,8 +1803,8 @@ yyreduce: } break; - case 70: -#line 524 "parse.y" + case 80: +#line 591 "parse.y" { (yyval.tag).tagclass = (yyvsp[-2].constant); (yyval.tag).tagvalue = (yyvsp[-1].constant); @@ -1732,57 +1812,57 @@ yyreduce: } break; - case 71: -#line 532 "parse.y" + case 81: +#line 599 "parse.y" { (yyval.constant) = ASN1_C_CONTEXT; } break; - case 72: -#line 536 "parse.y" + case 82: +#line 603 "parse.y" { (yyval.constant) = ASN1_C_UNIV; } break; - case 73: -#line 540 "parse.y" + case 83: +#line 607 "parse.y" { (yyval.constant) = ASN1_C_APPL; } break; - case 74: -#line 544 "parse.y" + case 84: +#line 611 "parse.y" { (yyval.constant) = ASN1_C_PRIVATE; } break; - case 75: -#line 550 "parse.y" + case 85: +#line 617 "parse.y" { (yyval.constant) = TE_EXPLICIT; } break; - case 76: -#line 554 "parse.y" + case 86: +#line 621 "parse.y" { (yyval.constant) = TE_EXPLICIT; } break; - case 77: -#line 558 "parse.y" + case 87: +#line 625 "parse.y" { (yyval.constant) = TE_IMPLICIT; } break; - case 78: -#line 565 "parse.y" + case 88: +#line 632 "parse.y" { Symbol *s; s = addsym ((yyvsp[-3].name)); @@ -1793,56 +1873,56 @@ yyreduce: } break; - case 80: -#line 579 "parse.y" + case 90: +#line 646 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString, TE_EXPLICIT, new_type(TGeneralString)); } break; - case 81: -#line 584 "parse.y" + case 91: +#line 651 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String, TE_EXPLICIT, new_type(TUTF8String)); } break; - case 82: -#line 589 "parse.y" + case 92: +#line 656 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString, TE_EXPLICIT, new_type(TPrintableString)); } break; - case 83: -#line 594 "parse.y" + case 93: +#line 661 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, TE_EXPLICIT, new_type(TIA5String)); } break; - case 84: -#line 599 "parse.y" + case 94: +#line 666 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, TE_EXPLICIT, new_type(TBMPString)); } break; - case 85: -#line 604 "parse.y" + case 95: +#line 671 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString, TE_EXPLICIT, new_type(TUniversalString)); } break; - case 86: -#line 612 "parse.y" + case 96: +#line 679 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -1850,16 +1930,16 @@ yyreduce: } break; - case 87: -#line 618 "parse.y" + case 97: +#line 685 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members); (yyval.members) = (yyvsp[-2].members); } break; - case 88: -#line 623 "parse.y" + case 98: +#line 690 "parse.y" { struct member *m = ecalloc(1, sizeof(*m)); m->name = estrdup("..."); @@ -1870,8 +1950,8 @@ yyreduce: } break; - case 89: -#line 634 "parse.y" + case 99: +#line 701 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[-1].name); @@ -1882,8 +1962,8 @@ yyreduce: } break; - case 90: -#line 645 "parse.y" + case 100: +#line 712 "parse.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->optional = 0; @@ -1891,8 +1971,8 @@ yyreduce: } break; - case 91: -#line 651 "parse.y" + case 101: +#line 718 "parse.y" { (yyval.member) = (yyvsp[-1].member); (yyval.member)->optional = 1; @@ -1900,8 +1980,8 @@ yyreduce: } break; - case 92: -#line 657 "parse.y" + case 102: +#line 724 "parse.y" { (yyval.member) = (yyvsp[-2].member); (yyval.member)->optional = 0; @@ -1909,8 +1989,8 @@ yyreduce: } break; - case 93: -#line 665 "parse.y" + case 103: +#line 732 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -1918,16 +1998,16 @@ yyreduce: } break; - case 94: -#line 671 "parse.y" + case 104: +#line 738 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members); (yyval.members) = (yyvsp[-2].members); } break; - case 95: -#line 678 "parse.y" + case 105: +#line 745 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[-3].name); @@ -1940,27 +2020,27 @@ yyreduce: } break; - case 97: -#line 691 "parse.y" + case 107: +#line 758 "parse.y" { (yyval.objid) = NULL; } break; - case 98: -#line 695 "parse.y" + case 108: +#line 762 "parse.y" { (yyval.objid) = (yyvsp[-1].objid); } break; - case 99: -#line 701 "parse.y" + case 109: +#line 768 "parse.y" { (yyval.objid) = NULL; } break; - case 100: -#line 705 "parse.y" + case 110: +#line 772 "parse.y" { if ((yyvsp[0].objid)) { (yyval.objid) = (yyvsp[0].objid); @@ -1971,15 +2051,15 @@ yyreduce: } break; - case 101: -#line 716 "parse.y" + case 111: +#line 783 "parse.y" { (yyval.objid) = new_objid((yyvsp[-3].name), (yyvsp[-1].constant)); } break; - case 102: -#line 720 "parse.y" + case 112: +#line 787 "parse.y" { Symbol *s = addsym((yyvsp[0].name)); if(s->stype != SValue || @@ -1992,15 +2072,15 @@ yyreduce: } break; - case 103: -#line 731 "parse.y" + case 113: +#line 798 "parse.y" { (yyval.objid) = new_objid(NULL, (yyvsp[0].constant)); } break; - case 113: -#line 754 "parse.y" + case 123: +#line 821 "parse.y" { Symbol *s = addsym((yyvsp[0].name)); if(s->stype != SValue) @@ -2011,8 +2091,8 @@ yyreduce: } break; - case 114: -#line 765 "parse.y" + case 124: +#line 832 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = stringvalue; @@ -2020,8 +2100,8 @@ yyreduce: } break; - case 115: -#line 773 "parse.y" + case 125: +#line 840 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2029,8 +2109,8 @@ yyreduce: } break; - case 116: -#line 779 "parse.y" + case 126: +#line 846 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2038,8 +2118,8 @@ yyreduce: } break; - case 117: -#line 787 "parse.y" + case 127: +#line 854 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = integervalue; @@ -2047,14 +2127,14 @@ yyreduce: } break; - case 119: -#line 798 "parse.y" + case 129: +#line 865 "parse.y" { } break; - case 120: -#line 803 "parse.y" + case 130: +#line 870 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = objectidentifiervalue; @@ -2066,7 +2146,7 @@ yyreduce: } /* Line 1037 of yacc.c. */ -#line 2070 "parse.c" +#line 2150 "parse.c" yyvsp -= yylen; yyssp -= yylen; @@ -2294,7 +2374,7 @@ yyreturn: } -#line 810 "parse.y" +#line 877 "parse.y" void @@ -2349,6 +2429,14 @@ new_type (Typetype tt) return t; } +static struct constraint_spec * +new_constraint_spec(enum ctype ct) +{ + struct constraint_spec *c = ecalloc(1, sizeof(*c)); + c->ctype = ct; + return c; +} + static void fix_labels2(Type *t, const char *prefix); static void fix_labels1(struct memhead *members, const char *prefix) { diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h index 76ff8755c9..5cc1342618 100644 --- a/source4/heimdal/lib/asn1/parse.h +++ b/source4/heimdal/lib/asn1/parse.h @@ -210,7 +210,7 @@ #if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) -#line 64 "parse.y" +#line 65 "parse.y" typedef union YYSTYPE { int constant; struct value *value; @@ -223,9 +223,10 @@ typedef union YYSTYPE { struct string_list *sl; struct tagtype tag; struct memhead *members; + struct constraint_spec *constraint_spec; } YYSTYPE; /* Line 1318 of yacc.c. */ -#line 229 "parse.h" +#line 230 "parse.h" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 diff --git a/source4/heimdal/lib/asn1/symbol.h b/source4/heimdal/lib/asn1/symbol.h index 83df57b77f..93a6e019bd 100644 --- a/source4/heimdal/lib/asn1/symbol.h +++ b/source4/heimdal/lib/asn1/symbol.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: symbol.h,v 1.12 2005/07/12 06:27:40 lha Exp $ */ +/* $Id: symbol.h,v 1.13 2005/12/06 19:59:52 lha Exp $ */ #ifndef _SYMBOL_H #define _SYMBOL_H @@ -111,6 +111,10 @@ struct range { int max; }; +enum ctype { CT_CONTENTS, CT_USER } ; + +struct constraint_spec; + struct type { Typetype type; struct memhead *members; @@ -118,10 +122,21 @@ struct type { struct type *subtype; struct tagtype tag; struct range *range; + struct constraint_spec *constraint; }; typedef struct type Type; +struct constraint_spec { + enum ctype ctype; + union { + struct { + Type *type; + struct value *encoding; + } content; + } u; +}; + struct objid { const char *label; int value; diff --git a/source4/heimdal/lib/gssapi/context_time.c b/source4/heimdal/lib/gssapi/context_time.c index e13480c85e..ee1dc6fe93 100644 --- a/source4/heimdal/lib/gssapi/context_time.c +++ b/source4/heimdal/lib/gssapi/context_time.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: context_time.c,v 1.10 2003/06/03 15:08:00 lha Exp $"); +RCSID("$Id: context_time.c,v 1.11 2005/12/05 09:19:52 lha Exp $"); OM_uint32 gssapi_lifetime_left(OM_uint32 *minor_status, @@ -43,6 +43,11 @@ gssapi_lifetime_left(OM_uint32 *minor_status, krb5_timestamp timeret; krb5_error_code kret; + if (lifetime == 0) { + *lifetime_rec = GSS_C_INDEFINITE; + return GSS_S_COMPLETE; + } + kret = krb5_timeofday(gssapi_krb5_context, &timeret); if (kret) { *minor_status = kret; diff --git a/source4/heimdal/lib/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi.h index 20700dc826..b93ad4e481 100644 --- a/source4/heimdal/lib/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi.h,v 1.38 2005/10/26 11:22:13 lha Exp $ */ +/* $Id: gssapi.h,v 1.39 2005/12/05 11:52:45 lha Exp $ */ #ifndef GSSAPI_H_ #define GSSAPI_H_ diff --git a/source4/heimdal/lib/hdb/db.c b/source4/heimdal/lib/hdb/db.c index 4cc0218a5c..4b4e6e673d 100644 --- a/source4/heimdal/lib/hdb/db.c +++ b/source4/heimdal/lib/hdb/db.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: db.c,v 1.33 2005/11/28 23:30:51 lha Exp $"); +RCSID("$Id: db.c,v 1.35 2005/12/13 11:52:55 lha Exp $"); #if HAVE_DB1 @@ -85,7 +85,7 @@ DB_unlock(krb5_context context, HDB *db) static krb5_error_code DB_seq(krb5_context context, HDB *db, - unsigned flags, hdb_entry *entry, int flag) + unsigned flags, hdb_entry_ex *entry, int flag) { DB *d = (DB*)db->hdb_db; DBT key, value; @@ -106,21 +106,22 @@ DB_seq(krb5_context context, HDB *db, key_data.length = key.size; data.data = value.data; data.length = value.size; - if (hdb_value2entry(context, &data, entry)) + memset(entry, 0, sizeof(*entry)); + if (hdb_value2entry(context, &data, &entry->entry)) return DB_seq(context, db, flags, entry, R_NEXT); if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { - code = hdb_unseal_keys (context, db, entry); + code = hdb_unseal_keys (context, db, &entry->entry); if (code) hdb_free_entry (context, entry); } - if (code == 0 && entry->principal == NULL) { - entry->principal = malloc(sizeof(*entry->principal)); - if (entry->principal == NULL) { + if (code == 0 && entry->entry.principal == NULL) { + entry->entry.principal = malloc(sizeof(*entry->entry.principal)); + if (entry->entry.principal == NULL) { krb5_set_error_string(context, "malloc: out of memory"); code = ENOMEM; hdb_free_entry (context, entry); } else { - hdb_key2principal(context, &key_data, entry->principal); + hdb_key2principal(context, &key_data, entry->entry.principal); } } return code; @@ -128,14 +129,14 @@ DB_seq(krb5_context context, HDB *db, static krb5_error_code -DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) { return DB_seq(context, db, flags, entry, R_FIRST); } static krb5_error_code -DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) { return DB_seq(context, db, flags, entry, R_NEXT); } diff --git a/source4/heimdal/lib/hdb/hdb-private.h b/source4/heimdal/lib/hdb/hdb-private.h index 7baa944053..e602f01373 100644 --- a/source4/heimdal/lib/hdb/hdb-private.h +++ b/source4/heimdal/lib/hdb/hdb-private.h @@ -11,7 +11,7 @@ _hdb_fetch ( unsigned /*flags*/, krb5_const_principal /*principal*/, enum hdb_ent_type /*ent_type*/, - hdb_entry */*entry*/); + hdb_entry_ex */*entry*/); hdb_master_key _hdb_find_master_key ( @@ -43,13 +43,13 @@ krb5_error_code _hdb_remove ( krb5_context /*context*/, HDB */*db*/, - hdb_entry */*entry*/); + hdb_entry_ex */*entry*/); krb5_error_code _hdb_store ( krb5_context /*context*/, HDB */*db*/, unsigned /*flags*/, - hdb_entry */*entry*/); + hdb_entry_ex */*entry*/); #endif /* __hdb_private_h__ */ diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h index 4b5b4d3ede..c221175e41 100644 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -427,11 +427,6 @@ hdb_foreach ( void hdb_free_entry ( - krb5_context /*context*/, - hdb_entry */*ent*/); - -void -hdb_free_entry_ex ( krb5_context /*context*/, hdb_entry_ex */*ent*/); @@ -476,12 +471,25 @@ hdb_key2principal ( krb5_data */*key*/, krb5_principal /*p*/); +krb5_error_code +hdb_ldap_common ( + krb5_context /*context*/, + HDB ** /*db*/, + const char */*search_base*/, + const char */*url*/); + krb5_error_code hdb_ldap_create ( krb5_context /*context*/, HDB ** /*db*/, const char */*arg*/); +krb5_error_code +hdb_ldapi_create ( + krb5_context /*context*/, + HDB ** /*db*/, + const char */*arg*/); + krb5_error_code hdb_list_builtin ( krb5_context /*context*/, @@ -515,7 +523,7 @@ krb5_error_code hdb_print_entry ( krb5_context /*context*/, HDB */*db*/, - hdb_entry */*entry*/, + hdb_entry_ex */*entry*/, void */*data*/); krb5_error_code @@ -613,9 +621,6 @@ hdb_write_master_key ( const char */*filename*/, hdb_master_key /*mkey*/); -void -initialize_hdb_error_table (void); - void initialize_hdb_error_table_r (struct et_list **/*list*/); diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index df342ffadf..5631d05332 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: hdb.c,v 1.59 2005/11/30 12:22:09 lha Exp $"); +RCSID("$Id: hdb.c,v 1.60 2005/12/12 12:35:36 lha Exp $"); #ifdef HAVE_DLFCN_H #include @@ -133,25 +133,18 @@ hdb_unlock(int fd) } void -hdb_free_entry(krb5_context context, hdb_entry *ent) +hdb_free_entry(krb5_context context, hdb_entry_ex *ent) { int i; - for(i = 0; i < ent->keys.len; ++i) { - Key *k = &ent->keys.val[i]; + if (ent->free_entry) + (*ent->free_entry)(context, ent); - memset (k->key.keyvalue.data, 0, k->key.keyvalue.length); - } - free_hdb_entry(ent); -} + for(i = 0; i < ent->entry.keys.len; ++i) { + Key *k = &ent->entry.keys.val[i]; -void -hdb_free_entry_ex(krb5_context context, hdb_entry_ex *ent) -{ - if (ent->free_private) { - ent->free_private(context, ent); + memset (k->key.keyvalue.data, 0, k->key.keyvalue.length); } - free_hdb_entry(&ent->entry); } @@ -163,7 +156,7 @@ hdb_foreach(krb5_context context, void *data) { krb5_error_code ret; - hdb_entry entry; + hdb_entry_ex entry; ret = db->hdb_firstkey(context, db, flags, &entry); while(ret == 0){ ret = (*func)(context, db, &entry, data); diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index 45ea5a9f30..463cbf71f2 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hdb.h,v 1.35 2005/08/11 13:16:44 lha Exp $ */ +/* $Id: hdb.h,v 1.36 2005/12/12 12:35:36 lha Exp $ */ #ifndef __HDB_H__ #define __HDB_H__ @@ -55,27 +55,30 @@ enum hdb_ent_type{ HDB_ENT_TYPE_CLIENT, HDB_ENT_TYPE_SERVER, HDB_ENT_TYPE_ANY }; typedef struct hdb_master_key_data *hdb_master_key; typedef struct hdb_entry_ex { - struct hdb_entry entry; - void *private; - - krb5_error_code (*free_private)(krb5_context, struct hdb_entry_ex *); - krb5_error_code (*check_client_access)(krb5_context, struct hdb_entry_ex *, HostAddresses *); - krb5_error_code (*authz_data_as_req)(krb5_context, struct hdb_entry_ex *, - METHOD_DATA* pa_data_seq, - time_t authtime, - EncryptionKey *tgtkey, - EncryptionKey *sessionkey, - AuthorizationData **out); - krb5_error_code (*authz_data_tgs_req)(krb5_context, struct hdb_entry_ex *, - krb5_principal client, - AuthorizationData *in, - time_t authtime, - EncryptionKey *tgtkey, - EncryptionKey *servicekey, - EncryptionKey *sessionkey, - AuthorizationData **out); + void *ctx; + hdb_entry entry; + void (*free_entry)(krb5_context, struct hdb_entry_ex *); + krb5_error_code (*check_client_access)(krb5_context, struct hdb_entry_ex *, + HostAddresses *); + krb5_error_code (*authz_data_as_req)(krb5_context, + struct hdb_entry_ex *, + METHOD_DATA* pa_data_seq, + time_t authtime, + EncryptionKey *tgtkey, + EncryptionKey *sessionkey, + AuthorizationData **out); + krb5_error_code (*authz_data_tgs_req)(krb5_context, + struct hdb_entry_ex *, + krb5_principal client, + AuthorizationData *in, + time_t authtime, + EncryptionKey *tgtkey, + EncryptionKey *servicekey, + EncryptionKey *sessionkey, + AuthorizationData **out); } hdb_entry_ex; + typedef struct HDB{ void *hdb_db; void *hdb_dbc; @@ -86,16 +89,17 @@ typedef struct HDB{ krb5_error_code (*hdb_open)(krb5_context, struct HDB*, int, mode_t); krb5_error_code (*hdb_close)(krb5_context, struct HDB*); - krb5_error_code (*hdb_fetch)(krb5_context,struct HDB*,unsigned hdb_flags, krb5_const_principal principal, - enum hdb_ent_type ent_type, hdb_entry*); - krb5_error_code (*hdb_fetch_ex)(krb5_context,struct HDB*,unsigned hdb_flags, krb5_const_principal principal, + void (*hdb_free)(krb5_context,struct HDB*,hdb_entry_ex*); + krb5_error_code (*hdb_fetch)(krb5_context,struct HDB*,unsigned hdb_flags, + krb5_const_principal principal, enum hdb_ent_type ent_type, hdb_entry_ex*); - krb5_error_code (*hdb_store)(krb5_context,struct HDB*,unsigned,hdb_entry*); - krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry*); - krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*, - unsigned, hdb_entry*); - krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*, - unsigned, hdb_entry*); + krb5_error_code (*hdb_store)(krb5_context,struct HDB*, + unsigned,hdb_entry_ex*); + krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry_ex*); + krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*, + unsigned, hdb_entry_ex*); + krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*, + unsigned, hdb_entry_ex*); krb5_error_code (*hdb_lock)(krb5_context, struct HDB*, int operation); krb5_error_code (*hdb_unlock)(krb5_context, struct HDB*); krb5_error_code (*hdb_rename)(krb5_context, struct HDB*, const char*); @@ -119,7 +123,7 @@ struct hdb_so_method { #define HDB_DB_FORMAT_ENTRY "hdb/db-format" typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*, - hdb_entry*, void*); + hdb_entry_ex*, void*); extern krb5_kt_ops hdb_kt_ops; #include diff --git a/source4/heimdal/lib/hdb/ndbm.c b/source4/heimdal/lib/hdb/ndbm.c index 793d03829d..f4c2497abc 100644 --- a/source4/heimdal/lib/hdb/ndbm.c +++ b/source4/heimdal/lib/hdb/ndbm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: ndbm.c,v 1.36 2005/11/28 23:31:36 lha Exp $"); +RCSID("$Id: ndbm.c,v 1.38 2005/12/13 11:54:10 lha Exp $"); #if HAVE_NDBM @@ -77,7 +77,7 @@ NDBM_unlock(krb5_context context, HDB *db) static krb5_error_code NDBM_seq(krb5_context context, HDB *db, - unsigned flags, hdb_entry *entry, int first) + unsigned flags, hdb_entry_ex *entry, int first) { struct ndbm_db *d = (struct ndbm_db *)db->hdb_db; @@ -99,21 +99,22 @@ NDBM_seq(krb5_context context, HDB *db, db->hdb_unlock(context, db); data.data = value.dptr; data.length = value.dsize; - if(hdb_value2entry(context, &data, entry)) + memset(entry, 0, sizeof(*entry)); + if(hdb_value2entry(context, &data, &entry->entry)) return NDBM_seq(context, db, flags, entry, 0); if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { - ret = hdb_unseal_keys (context, db, entry); + ret = hdb_unseal_keys (context, db, &entry->entry); if (ret) hdb_free_entry (context, entry); } - if (entry->principal == NULL) { - entry->principal = malloc (sizeof(*entry->principal)); - if (entry->principal == NULL) { + if (ret == 0 && entry->entry.principal == NULL) { + entry->entry.principal = malloc (sizeof(*entry->entry.principal)); + if (entry->entry.principal == NULL) { ret = ENOMEM; hdb_free_entry (context, entry); krb5_set_error_string(context, "malloc: out of memory"); } else { - hdb_key2principal (context, &key_data, entry->principal); + hdb_key2principal (context, &key_data, entry->entry.principal); } } return ret; @@ -121,14 +122,14 @@ NDBM_seq(krb5_context context, HDB *db, static krb5_error_code -NDBM_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +NDBM_firstkey(krb5_context context, HDB *db,unsigned flags,hdb_entry_ex *entry) { return NDBM_seq(context, db, flags, entry, 1); } static krb5_error_code -NDBM_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) +NDBM_nextkey(krb5_context context, HDB *db, unsigned flags,hdb_entry_ex *entry) { return NDBM_seq(context, db, flags, entry, 0); } @@ -339,8 +340,6 @@ hdb_ndbm_create(krb5_context context, HDB **db, return ENOMEM; } - memset(*db, '\0', sizeof(**db)); - (*db)->hdb_db = NULL; (*db)->hdb_name = strdup(filename); if ((*db)->hdb_name == NULL) { diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index 0c821cb11d..efb2ad1374 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c,v 1.76 2005/11/29 09:10:47 lha Exp $"); +RCSID("$Id: cache.c,v 1.77 2005/12/13 15:42:36 lha Exp $"); /* * Add a new ccache type with operations `ops', overwriting any @@ -358,14 +358,12 @@ krb5_cc_set_default_name(krb5_context context, const char *name) if (e == NULL) { e = krb5_config_get_string(context, NULL, "libdefaults", "default_cc_name", NULL); - if (e) { - ret = _krb5_expand_default_cc_name(context, e, &p); - if (ret) - return ret; - } + if (e == NULL) + e = KRB5_DEFAULT_CCNAME; + ret = _krb5_expand_default_cc_name(context, e, &p); + if (ret) + return ret; } - if (e == NULL) - asprintf(&p,"FILE:/tmp/krb5cc_%u", (unsigned)getuid()); } else p = strdup(name); diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c index c3cd6d4db9..7907e1ad9c 100644 --- a/source4/heimdal/lib/krb5/changepw.c +++ b/source4/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: changepw.c,v 1.54 2005/09/08 11:38:01 lha Exp $"); +RCSID("$Id: changepw.c,v 1.55 2005/12/12 12:48:57 lha Exp $"); static void str2data (krb5_data *d, @@ -522,7 +522,12 @@ change_password_loop (krb5_context context, int sock; int i; int done = 0; - krb5_realm realm = creds->client->realm; + krb5_realm realm; + + if (targprinc) + realm = targprinc->realm; + else + realm = creds->client->realm; ret = krb5_auth_con_init (context, &auth_context); if (ret) @@ -712,7 +717,7 @@ krb5_set_password(krb5_context context, for (i = 0; procs[i].name != NULL; i++) { *result_code = 0; - ret = change_password_loop(context, creds, targprinc, newpw, + ret = change_password_loop(context, creds, principal, newpw, result_code, result_code_string, result_string, &procs[i]); diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 2e23306c96..de40b059b8 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.129 2005/09/19 22:13:54 lha Exp $"); +RCSID("$Id: crypto.c,v 1.130 2005/12/02 14:47:44 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -3942,6 +3942,8 @@ krb5_derive_key(krb5_context context, struct encryption_type *et; struct key_data d; + *derived_key = NULL; + et = _find_enctype (etype); if (et == NULL) { krb5_set_error_string(context, "encryption type %d not supported", @@ -3949,16 +3951,15 @@ krb5_derive_key(krb5_context context, return KRB5_PROG_ETYPE_NOSUPP; } - ret = krb5_copy_keyblock(context, key, derived_key); + ret = krb5_copy_keyblock(context, key, &d.key); if (ret) return ret; - d.key = *derived_key; d.schedule = NULL; ret = derive_key(context, et, &d, constant, constant_len); - if (ret) - return ret; - ret = krb5_copy_keyblock(context, d.key, derived_key); + if (ret == 0) + ret = krb5_copy_keyblock(context, d.key, derived_key); + free_key_data(context, &d); return ret; } diff --git a/source4/heimdal/lib/krb5/keytab_memory.c b/source4/heimdal/lib/krb5/keytab_memory.c index 1039847de9..fa54ff43ce 100644 --- a/source4/heimdal/lib/krb5/keytab_memory.c +++ b/source4/heimdal/lib/krb5/keytab_memory.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_memory.c,v 1.7 2005/12/01 12:40:22 lha Exp $"); +RCSID("$Id: keytab_memory.c,v 1.8 2005/12/05 18:39:46 lha Exp $"); /* memory operations -------------------------------------------- */ @@ -214,15 +214,9 @@ mkt_remove_entry(krb5_context context, krb5_clear_error_string (context); return KRB5_KT_NOTFOUND; } - if (d->num_entries == 0) { - free(d->entries); - d->entries = NULL; - } else { - e = realloc(d->entries, d->num_entries * sizeof(*d->entries)); - if(e != NULL) - d->entries = e; - } - + e = realloc(d->entries, d->num_entries * sizeof(*d->entries)); + if(e != NULL || d->num_entries == 0) + d->entries = e; return 0; } diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 301b8853e4..c08d8058a4 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -20,21 +20,12 @@ extern "C" { #endif #endif -void -initialize_heim_error_table (void); - void initialize_heim_error_table_r (struct et_list **/*list*/); -void -initialize_k524_error_table (void); - void initialize_k524_error_table_r (struct et_list **/*list*/); -void -initialize_krb5_error_table (void); - void initialize_krb5_error_table_r (struct et_list **/*list*/); diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index 4a02677239..60d72c8f80 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h,v 1.83 2005/10/07 12:08:02 lha Exp $ */ +/* $Id: krb5_locl.h,v 1.84 2005/12/13 15:40:50 lha Exp $ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ @@ -170,6 +170,14 @@ struct _krb5_krb_auth_data; #define KRB5_BUFSIZ 1024 +#ifndef KRB5_DEFAULT_CCNAME +#ifdef __APPLE__ +#define KRB5_DEFAULT_CCNAME "API:" +#else +#define KRB5_DEFAULT_CCNAME "FILE:/tmp/krb5cc_%{uid}" +#endif +#endif + typedef enum { KRB5_PA_PAC_DONT_CARE = 0, KRB5_PA_PAC_REQ_TRUE, diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index ae5c8c1de8..6cc49945cc 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -41,7 +41,7 @@ #include #include "resolve.h" -RCSID("$Id: principal.c,v 1.91 2005/08/23 08:34:40 lha Exp $"); +RCSID("$Id: principal.c,v 1.92 2005/12/11 17:48:13 lha Exp $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) diff --git a/source4/heimdal/lib/krb5/set_default_realm.c b/source4/heimdal/lib/krb5/set_default_realm.c index 965883309c..fd57b6fe67 100644 --- a/source4/heimdal/lib/krb5/set_default_realm.c +++ b/source4/heimdal/lib/krb5/set_default_realm.c @@ -77,8 +77,19 @@ krb5_set_default_realm(krb5_context context, "libdefaults", "default_realm", NULL); - if (realms == NULL) - ret = krb5_get_host_realm(context, NULL, &realms); + if (realms == NULL) { + char hostname[MAXHOSTNAMELEN]; + if (gethostname (hostname, sizeof(hostname))) { + return errno; + } + + if (strchr(hostname, '.') == NULL) { + /* There is no way we can get this mapping, as we can't do DNS */ + return KRB5_CONFIG_NODEFREALM; + } + ret = krb5_get_host_realm(context, hostname, + &realms); + } } else { ret = string_to_list (context, realm, &realms); } -- cgit From 63d718e243fd03e6ea24c47e7442975ec088a5b5 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 3 Jan 2006 17:27:33 +0000 Subject: r12696: Reduce the size of include/structs.h (This used to be commit 63917616016133c623fc6ff59454bc313ee7dd8f) --- source4/heimdal/lib/krb5/krb5-private.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 3602c89ec6..c308287a36 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -12,6 +12,9 @@ #endif #endif +struct krb5_dh_moduli; +struct _krb5_krb_auth_data; + krb5_error_code KRB5_LIB_FUNCTION _krb5_PKCS5_PBKDF2 ( krb5_context /*context*/, -- cgit From adab8d3968ce2bf18eab6b89375050ebf6630f08 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 12 Jan 2006 07:13:36 +0000 Subject: r12863: As lha suggested to me a while back, it appears that the gsskrb5_get_initiator_subkey() routine is bougs. We can indeed use gss_krb5_get_subkey(). This is fortunate, as there was a segfault bug in 'initiator' version. Andrew Bartlett (This used to be commit ec11870ca1f9231dd3eeae792fc3268b31477e11) --- source4/heimdal/lib/gssapi/gssapi.h | 6 ++--- source4/heimdal/lib/gssapi/gssapi_locl.h | 3 --- source4/heimdal/lib/gssapi/wrap.c | 41 -------------------------------- 3 files changed, 2 insertions(+), 48 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi.h index b93ad4e481..6d48359b32 100644 --- a/source4/heimdal/lib/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi.h @@ -815,10 +815,8 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, gss_ctx_id_t context_handle, time_t *authtime); OM_uint32 -gsskrb5_get_initiator_subkey - (OM_uint32 * /*minor_status*/, - const gss_ctx_id_t context_handle, - gss_buffer_t /* subkey */); +gss_krb5_get_subkey(const gss_ctx_id_t context_handle, + struct EncryptionKey **key); #define GSS_C_KRB5_COMPAT_DES3_MIC 1 diff --git a/source4/heimdal/lib/gssapi/gssapi_locl.h b/source4/heimdal/lib/gssapi/gssapi_locl.h index bd5d0db2b5..6fd8b0a4ac 100644 --- a/source4/heimdal/lib/gssapi/gssapi_locl.h +++ b/source4/heimdal/lib/gssapi/gssapi_locl.h @@ -226,9 +226,6 @@ gss_verify_mic_internal(OM_uint32 * minor_status, gss_qop_t * qop_state, char * type); -OM_uint32 -gss_krb5_get_subkey(const gss_ctx_id_t context_handle, - krb5_keyblock **key); krb5_error_code gss_address_to_krb5addr(OM_uint32 gss_addr_type, diff --git a/source4/heimdal/lib/gssapi/wrap.c b/source4/heimdal/lib/gssapi/wrap.c index 50249d2d7f..502137329c 100644 --- a/source4/heimdal/lib/gssapi/wrap.c +++ b/source4/heimdal/lib/gssapi/wrap.c @@ -35,47 +35,6 @@ RCSID("$Id: wrap.c,v 1.31 2005/01/05 02:52:12 lukeh Exp $"); -OM_uint32 -gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t key) -{ - krb5_error_code ret; - krb5_keyblock *skey = NULL; - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - if (context_handle->more_flags & LOCAL) { - ret = krb5_auth_con_getlocalsubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if (ret) { - *minor_status = ret; - return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ - } - - } else { - ret = krb5_auth_con_getremotesubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if (ret) { - *minor_status = ret; - return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ - } - - } - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - key->length = skey->keyvalue.length; - key->value = malloc (key->length); - if (!key->value) { - krb5_free_keyblock(gssapi_krb5_context, skey); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy(key->value, skey->keyvalue.data, key->length); - krb5_free_keyblock(gssapi_krb5_context, skey); - return 0; -} - OM_uint32 gss_krb5_get_subkey(const gss_ctx_id_t context_handle, krb5_keyblock **key) -- cgit From 28d78c40ade22c4b5d445dbe23f18ca210e41f8c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 24 Jan 2006 05:31:08 +0000 Subject: r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in our case) as the keytab. This avoids issues in replicated setups, as we will replicate the kpasswd key correctly (including from windows, which is why I care at the moment). Andrew Bartlett (This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0) --- source4/heimdal/lib/hdb/hdb-protos.h | 6 + source4/heimdal/lib/hdb/hdb.c | 5 +- source4/heimdal/lib/hdb/keytab.c | 276 +++++++++++++++++++++++++++++++++++ source4/heimdal/lib/krb5/krb5.h | 3 + 4 files changed, 289 insertions(+), 1 deletion(-) create mode 100644 source4/heimdal/lib/hdb/keytab.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h index c221175e41..67e19f7e4a 100644 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -490,6 +490,12 @@ hdb_ldapi_create ( HDB ** /*db*/, const char */*arg*/); +krb5_error_code +hdb_ldb_create ( + krb5_context /*context*/, + HDB ** /*db*/, + const char */*arg*/); + krb5_error_code hdb_list_builtin ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index 5631d05332..406a50ecbd 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -54,6 +54,9 @@ static struct hdb_method methods[] = { #if defined(OPENLDAP) && !defined(OPENLDAP_MODULE) {"ldap:", hdb_ldap_create}, {"ldapi:", hdb_ldapi_create}, +#endif +#ifdef _SAMBA_BUILD_ + {"ldb:", hdb_ldb_create}, #endif {NULL, NULL} }; @@ -395,6 +398,6 @@ hdb_create(krb5_context context, HDB **db, const char *filename) h = find_dynamic_method (context, filename, &residual); #endif if (h == NULL) - krb5_errx(context, 1, "No database support! (hdb_create)"); + krb5_errx(context, 1, "No database support! (hdb_create(%s))", filename); return (*h->create)(context, db, residual); } diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c new file mode 100644 index 0000000000..21ee2f4274 --- /dev/null +++ b/source4/heimdal/lib/hdb/keytab.c @@ -0,0 +1,276 @@ +/* + * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hdb_locl.h" + +/* keytab backend for HDB databases */ + +RCSID("$Id: keytab.c,v 1.8 2005/12/12 12:35:36 lha Exp $"); + +struct hdb_data { + char *dbname; + char *mkey; +}; + +/* + * the format for HDB keytabs is: + * HDB:[database:file:mkey] + */ + +static krb5_error_code +hdb_resolve(krb5_context context, const char *name, krb5_keytab id) +{ + struct hdb_data *d; + const char *db, *mkey; + + d = malloc(sizeof(*d)); + if(d == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + db = name; + mkey = strrchr(name, ':'); + if(mkey == NULL || mkey[1] == '\0') { + if(*name == '\0') + d->dbname = NULL; + else { + d->dbname = strdup(name); + if(d->dbname == NULL) { + free(d); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + } + d->mkey = NULL; + } else { + if((mkey - db) == 0) { + d->dbname = NULL; + } else { + d->dbname = malloc(mkey - db); + if(d->dbname == NULL) { + free(d); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memmove(d->dbname, db, mkey - db); + d->dbname[mkey - db] = '\0'; + } + d->mkey = strdup(mkey + 1); + if(d->mkey == NULL) { + free(d->dbname); + free(d); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + } + id->data = d; + return 0; +} + +static krb5_error_code +hdb_close(krb5_context context, krb5_keytab id) +{ + struct hdb_data *d = id->data; + + free(d->dbname); + free(d->mkey); + free(d); + return 0; +} + +static krb5_error_code +hdb_get_name(krb5_context context, + krb5_keytab id, + char *name, + size_t namesize) +{ + struct hdb_data *d = id->data; + + snprintf(name, namesize, "%s%s%s", + d->dbname ? d->dbname : "", + (d->dbname || d->mkey) ? ":" : "", + d->mkey ? d->mkey : ""); + return 0; +} + +static void +set_config (krb5_context context, + const krb5_config_binding *binding, + const char **dbname, + const char **mkey) +{ + *dbname = krb5_config_get_string(context, binding, "dbname", NULL); + *mkey = krb5_config_get_string(context, binding, "mkey_file", NULL); +} + +/* + * try to figure out the database (`dbname') and master-key (`mkey') + * that should be used for `principal'. + */ + +static void +find_db (krb5_context context, + const char **dbname, + const char **mkey, + krb5_const_principal principal) +{ + const krb5_config_binding *top_bind = NULL; + const krb5_config_binding *default_binding = NULL; + const krb5_config_binding *db; + krb5_realm *prealm = krb5_princ_realm(context, rk_UNCONST(principal)); + + *dbname = *mkey = NULL; + + while ((db = + krb5_config_get_next(context, + NULL, + &top_bind, + krb5_config_list, + "kdc", + "database", + NULL)) != NULL) { + const char *p; + + p = krb5_config_get_string (context, db, "realm", NULL); + if (p == NULL) { + if(default_binding) { + krb5_warnx(context, "WARNING: more than one realm-less " + "database specification"); + krb5_warnx(context, "WARNING: using the first encountered"); + } else + default_binding = db; + } else if (strcmp (*prealm, p) == 0) { + set_config (context, db, dbname, mkey); + break; + } + } + if (*dbname == NULL && default_binding != NULL) + set_config (context, default_binding, dbname, mkey); + if (*dbname == NULL) + *dbname = HDB_DEFAULT_DB; +} + +/* + * find the keytab entry in `id' for `principal, kvno, enctype' and return + * it in `entry'. return 0 or an error code + */ + +static krb5_error_code +hdb_get_entry(krb5_context context, + krb5_keytab id, + krb5_const_principal principal, + krb5_kvno kvno, + krb5_enctype enctype, + krb5_keytab_entry *entry) +{ + hdb_entry_ex ent; + krb5_error_code ret; + struct hdb_data *d = id->data; + int i; + HDB *db; + const char *dbname = d->dbname; + const char *mkey = d->mkey; + + if (dbname == NULL) + find_db (context, &dbname, &mkey, principal); + + ret = hdb_create (context, &db, dbname); + if (ret) + return ret; + ret = hdb_set_master_keyfile (context, db, mkey); + if (ret) { + (*db->hdb_destroy)(context, db); + return ret; + } + + ret = (*db->hdb_open)(context, db, O_RDONLY, 0); + if (ret) { + (*db->hdb_destroy)(context, db); + return ret; + } + + ret = (*db->hdb_fetch)(context, db, HDB_F_DECRYPT, principal, HDB_ENT_TYPE_SERVER, &ent); + + /* Shutdown the hdb on error */ + if(ret == HDB_ERR_NOENTRY) { + (*db->hdb_close)(context, db); + (*db->hdb_destroy)(context, db); + return KRB5_KT_NOTFOUND; + } else if (ret) { + (*db->hdb_close)(context, db); + (*db->hdb_destroy)(context, db); + return ret; + } + if(kvno && ent.entry.kvno != kvno) { + /* The order here matters, we must free these in this order + * due to hdb-ldb and Samba4's talloc */ + hdb_free_entry(context, &ent); + (*db->hdb_close)(context, db); + (*db->hdb_destroy)(context, db); + return KRB5_KT_NOTFOUND; + } + if(enctype == 0) + if(ent.entry.keys.len > 0) + enctype = ent.entry.keys.val[0].key.keytype; + ret = KRB5_KT_NOTFOUND; + for(i = 0; i < ent.entry.keys.len; i++) { + if(ent.entry.keys.val[i].key.keytype == enctype) { + krb5_copy_principal(context, principal, &entry->principal); + entry->vno = ent.entry.kvno; + krb5_copy_keyblock_contents(context, + &ent.entry.keys.val[i].key, + &entry->keyblock); + ret = 0; + break; + } + } + /* The order here matters, we must free these in this order + * due to hdb-ldb and Samba4's talloc */ + hdb_free_entry(context, &ent); + (*db->hdb_close)(context, db); + (*db->hdb_destroy)(context, db); + return ret; +} + +krb5_kt_ops hdb_kt_ops = { + "HDB", + hdb_resolve, + hdb_get_name, + hdb_close, + hdb_get_entry, + NULL, /* start_seq_get */ + NULL, /* next_entry */ + NULL, /* end_seq_get */ + NULL, /* add */ + NULL /* remove */ +}; diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index adee4708e6..9814817600 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -451,6 +451,9 @@ typedef struct krb5_context_data { int large_msg_size; krb5_boolean fdns; /* Lookup hostnames to find full name, or send as-is */ struct send_and_recv *send_and_recv; /* Alternate functions for KDC communication */ + void *mem_ctx; /* Some parts of Samba4 need a valid + memory context (under the event + context) to use */ } krb5_context_data; enum { -- cgit From 20d9dc9796e866775dd8242a47481b7bb0c8cbad Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 25 Jan 2006 22:47:10 +0000 Subject: r13144: This seems to be required for Samba4 to talk to Samba4, and to get the same session key. I need to understand this more, but it works samba/samba, and I don't have access to windows doing AES (longhorn) yet. Andrew Bartlett (This used to be commit 38809b43a5d6bd668e9cb714573dc1e72ceff092) --- source4/heimdal/lib/gssapi/init_sec_context.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c index 61c020b800..be34d8b560 100644 --- a/source4/heimdal/lib/gssapi/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/init_sec_context.c @@ -358,6 +358,7 @@ gsskrb5_initiator_start Checksum cksum; krb5_enctype enctype; krb5_data fwd_data; + int is_cfx; krb5_data_zero(&outbuf); krb5_data_zero(&fwd_data); @@ -486,6 +487,16 @@ gsskrb5_initiator_start enctype = (*context_handle)->auth_context->keyblock->keytype; + gsskrb5_is_cfx(*context_handle, &is_cfx); + + if (is_cfx != 0) { + kret = krb5_auth_con_addflags(gssapi_krb5_context, + (*context_handle)->auth_context, + KRB5_AUTH_CONTEXT_USE_SUBKEY, + NULL); + (*context_handle)->more_flags |= ACCEPTOR_SUBKEY; + } + /* We need to create an Authenticator */ { kret = krb5_build_authenticator (gssapi_krb5_context, -- cgit From 26421fb2dc995c4fc10195f451c4d7dce07034bf Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 13 Feb 2006 00:08:16 +0000 Subject: r13481: As far as I can tell, my changes in -r 12863 were dangerously untested. We do need the gsskrb5_get_initiator_subkey() routine. But we should ensure that we do always get a valid key, to prevent any segfaults. Without this code, we get a different session key compared with Win2k3, and so kerberised smb signing fails. Andrew Bartlett (This used to be commit cfd0df16b74b0432670b33c7bf26316b741b1bde) --- source4/heimdal/lib/gssapi/gssapi.h | 6 ++-- source4/heimdal/lib/gssapi/gssapi_locl.h | 3 ++ source4/heimdal/lib/gssapi/wrap.c | 55 ++++++++++++++++++++++++++++++++ 3 files changed, 62 insertions(+), 2 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi.h index 6d48359b32..b93ad4e481 100644 --- a/source4/heimdal/lib/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi.h @@ -815,8 +815,10 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, gss_ctx_id_t context_handle, time_t *authtime); OM_uint32 -gss_krb5_get_subkey(const gss_ctx_id_t context_handle, - struct EncryptionKey **key); +gsskrb5_get_initiator_subkey + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t context_handle, + gss_buffer_t /* subkey */); #define GSS_C_KRB5_COMPAT_DES3_MIC 1 diff --git a/source4/heimdal/lib/gssapi/gssapi_locl.h b/source4/heimdal/lib/gssapi/gssapi_locl.h index 6fd8b0a4ac..bd5d0db2b5 100644 --- a/source4/heimdal/lib/gssapi/gssapi_locl.h +++ b/source4/heimdal/lib/gssapi/gssapi_locl.h @@ -226,6 +226,9 @@ gss_verify_mic_internal(OM_uint32 * minor_status, gss_qop_t * qop_state, char * type); +OM_uint32 +gss_krb5_get_subkey(const gss_ctx_id_t context_handle, + krb5_keyblock **key); krb5_error_code gss_address_to_krb5addr(OM_uint32 gss_addr_type, diff --git a/source4/heimdal/lib/gssapi/wrap.c b/source4/heimdal/lib/gssapi/wrap.c index 502137329c..d07a4d2599 100644 --- a/source4/heimdal/lib/gssapi/wrap.c +++ b/source4/heimdal/lib/gssapi/wrap.c @@ -35,6 +35,61 @@ RCSID("$Id: wrap.c,v 1.31 2005/01/05 02:52:12 lukeh Exp $"); +OM_uint32 +gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t key) +{ + krb5_error_code ret; + krb5_keyblock *skey = NULL; + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + if (context_handle->more_flags & LOCAL) { + ret = krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if (ret) { + *minor_status = ret; + return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ + } + + } else { + ret = krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if (ret) { + *minor_status = ret; + return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ + } + + } + + /* If there was no subkey, perhaps try this... */ + if(skey == NULL) { + krb5_auth_con_getkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + } + + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + /* ensure never to segfault */ + if(skey == NULL) { + return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ + } + + key->length = skey->keyvalue.length; + key->value = malloc (key->length); + if (!key->value) { + krb5_free_keyblock(gssapi_krb5_context, skey); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(key->value, skey->keyvalue.data, key->length); + krb5_free_keyblock(gssapi_krb5_context, skey); + return 0; +} + OM_uint32 gss_krb5_get_subkey(const gss_ctx_id_t context_handle, krb5_keyblock **key) -- cgit From b7afac2b834674e20f303c3a03b4ac7bb283695e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 11 Mar 2006 04:03:12 +0000 Subject: r14198: Update Samba4 to current lorikeet-heimdal. Andrew Bartlett (This used to be commit 97a0a0e2fa6784e5fc5278f7a15b385ddcb6a3b3) --- source4/heimdal/fix-export | 79 --- source4/heimdal/kdc/kdc-private.h | 6 +- source4/heimdal/kdc/kdc_locl.h | 95 +--- source4/heimdal/kdc/kerberos5.c | 3 +- source4/heimdal/kdc/misc.c | 4 +- source4/heimdal/kdc/pkinit.c | 18 +- source4/heimdal/lib/asn1/asn1_gen.c | 10 +- source4/heimdal/lib/asn1/der.h | 8 +- source4/heimdal/lib/asn1/der_cmp.c | 4 +- source4/heimdal/lib/asn1/der_copy.c | 3 +- source4/heimdal/lib/asn1/der_format.c | 105 ++++ source4/heimdal/lib/asn1/der_get.c | 29 +- source4/heimdal/lib/asn1/der_length.c | 4 +- source4/heimdal/lib/asn1/extra.c | 26 +- source4/heimdal/lib/asn1/parse.y | 79 ++- source4/heimdal/lib/com_err/lex.c | 19 +- source4/heimdal/lib/des/aes.h | 13 +- source4/heimdal/lib/des/bn.h | 121 ++++ source4/heimdal/lib/des/des.c | 3 +- source4/heimdal/lib/des/des.h | 38 +- source4/heimdal/lib/des/dh.h | 139 +++++ source4/heimdal/lib/des/dsa.h | 140 +++++ source4/heimdal/lib/des/engine.h | 96 ++++ source4/heimdal/lib/des/evp.c | 728 ++++++++++++++++++++++++ source4/heimdal/lib/des/evp.h | 231 ++++++++ source4/heimdal/lib/des/hcrypto | 1 + source4/heimdal/lib/des/hmac.c | 119 ++++ source4/heimdal/lib/des/hmac.h | 82 +++ source4/heimdal/lib/des/md2.c | 138 +++++ source4/heimdal/lib/des/md2.h | 63 ++ source4/heimdal/lib/des/md4.h | 13 +- source4/heimdal/lib/des/md5.h | 13 +- source4/heimdal/lib/des/pkcs12.h | 57 ++ source4/heimdal/lib/des/pkcs5.c | 112 ++++ source4/heimdal/lib/des/rand.h | 54 ++ source4/heimdal/lib/des/rc2.h | 12 +- source4/heimdal/lib/des/rc4.h | 6 +- source4/heimdal/lib/des/rijndael-alg-fst.h | 6 + source4/heimdal/lib/des/rnd_keys.c | 7 +- source4/heimdal/lib/des/rsa.h | 164 ++++++ source4/heimdal/lib/des/sha.h | 13 +- source4/heimdal/lib/des/ui.c | 4 +- source4/heimdal/lib/des/ui.h | 45 ++ source4/heimdal/lib/gssapi/delete_sec_context.c | 8 +- source4/heimdal/lib/gssapi/import_name.c | 5 +- source4/heimdal/lib/gssapi/wrap.c | 2 +- source4/heimdal/lib/hdb/hdb-protos.h | 365 ------------ source4/heimdal/lib/hdb/hdb.c | 2 +- source4/heimdal/lib/hdb/hdb_locl.h | 7 + source4/heimdal/lib/hdb/keytab.c | 2 +- source4/heimdal/lib/krb5/crypto.c | 146 +---- source4/heimdal/lib/krb5/error_string.c | 25 +- source4/heimdal/lib/krb5/get_cred.c | 5 +- source4/heimdal/lib/krb5/get_for_creds.c | 25 +- source4/heimdal/lib/krb5/init_creds.c | 5 +- source4/heimdal/lib/krb5/krb5-private.h | 16 +- source4/heimdal/lib/krb5/krb5-protos.h | 14 +- source4/heimdal/lib/krb5/krb5_err.et | 37 +- source4/heimdal/lib/krb5/krb5_locl.h | 28 +- source4/heimdal/lib/krb5/mk_priv.c | 8 +- source4/heimdal/lib/krb5/pkinit.c | 109 ++-- source4/heimdal/lib/roken/hex.c | 103 ++++ source4/heimdal/lib/roken/hex.h | 55 ++ source4/heimdal/lib/roken/resolve.c | 4 +- 64 files changed, 3018 insertions(+), 863 deletions(-) delete mode 100755 source4/heimdal/fix-export create mode 100644 source4/heimdal/lib/asn1/der_format.c create mode 100644 source4/heimdal/lib/des/bn.h create mode 100644 source4/heimdal/lib/des/dh.h create mode 100644 source4/heimdal/lib/des/dsa.h create mode 100644 source4/heimdal/lib/des/engine.h create mode 100644 source4/heimdal/lib/des/evp.c create mode 100644 source4/heimdal/lib/des/evp.h create mode 120000 source4/heimdal/lib/des/hcrypto create mode 100644 source4/heimdal/lib/des/hmac.c create mode 100644 source4/heimdal/lib/des/hmac.h create mode 100644 source4/heimdal/lib/des/md2.c create mode 100644 source4/heimdal/lib/des/md2.h create mode 100644 source4/heimdal/lib/des/pkcs12.h create mode 100644 source4/heimdal/lib/des/pkcs5.c create mode 100644 source4/heimdal/lib/des/rand.h create mode 100644 source4/heimdal/lib/des/rsa.h create mode 100644 source4/heimdal/lib/des/ui.h create mode 100644 source4/heimdal/lib/roken/hex.c create mode 100644 source4/heimdal/lib/roken/hex.h (limited to 'source4/heimdal') diff --git a/source4/heimdal/fix-export b/source4/heimdal/fix-export deleted file mode 100755 index b49c0de1d3..0000000000 --- a/source4/heimdal/fix-export +++ /dev/null @@ -1,79 +0,0 @@ -#! /bin/sh -# $Id: fix-export,v 1.39 2005/08/11 08:57:52 lha Exp $ - -distdir="$1" -echo "fixing distribution in $distdir..." - -test -d "$distdir" || { echo not a dir in \$distdir ; exit 1 ; } -cd $distdir - -if test "$DATEDVERSION"; then - ed -s configure.in << END -/AC_INIT/s/AC_INIT(\([^,]*\), [^,]*, \(.*\))/AC_INIT(\1, $DATEDVERSION, \2)/ -w -q -END - - error=WARN - exitcmd=: -else - error=ERROR - exitcmd=exit -fi - -ver=`sed -n 's/AC_INIT([^,]*,\([^,]*\),.*/\1/p' configure.in` -M="* This is version $ver. *" -echo "$M" | sed -e 's/./*/g' -echo "$M" -echo "$M" | sed -e 's/./*/g' - -autoreconf --force --install -(cd doc && makeinfo heimdal.texi) - -find . -name Makefile.am | while read f; do - for i in `sed -n -e '/^man_MANS/{ - :loop - p - /[^\\]$/b quit - n - b loop - } - :quit' $f | sed 's/man_MANS//;s/=//;s/[ \\][ \\]*/ /g'`; do - x=`dirname $f`/$i - y=`dirname $f`/`echo $i | sed 's/[0-9]$/cat&/'` - echo `grog -Tascii $x` \> $y - `grog -Tascii $x` > $y - perl -p -e 'exit 1 if (/NetBSD|FreeBSD|OpenBSD|Linux|OSF|Solaris/); exit 0;' $y - if [ $? != 0 ] ; then - echo "$error: catfile $y contains operating system" - head -1 $y - $exitcmd - fi - done -done - -make_proto () { - (top=`pwd` - cd $1 - b=`basename $1` - if test X"$5" != X ; then - e="-E $5"; - else - e= - fi - perl $top/cf/make-proto.pl $e -o $2 -p $3 `(perl -p -e 's/^(include|if|else|endif)\b/##$1/' Makefile.am; - echo 'print-sources:; @if test "$(proto_opts)"; then echo $(proto_opts); else echo -q -P comment; fi; echo '$4 | sort -u ) | make -f - print-sources `) -} - -make_proto lib/krb5 krb5-protos.h krb5-private.h '$(libkrb5_la_SOURCES)' KRB5_LIB_FUNCTION -make_proto lib/kadm5 kadm5-protos.h kadm5-private.h '$(libkadm5srv_la_SOURCES) $(libkadm5clnt_la_SOURCES)' -make_proto lib/hdb hdb-protos.h hdb-private.h '$(libhdb_la_SOURCES)' -make_proto appl/login login_protos.h /dev/null '$(login_SOURCES)' -make_proto kcm kcm_protos.h /dev/null '$(kcm_SOURCES)' -make_proto kdc kdc-protos.h /dev/null '$(libkdc_la_SOURCES)' - -rm -fr autom4te*.cache - -echo "tar cf - ${distdir} \| gzip -9 > ${distdir}.tar.gz" -echo "gpg -ba -u 0x45D901D8 ${distdir}.tar.gz" - diff --git a/source4/heimdal/kdc/kdc-private.h b/source4/heimdal/kdc/kdc-private.h index cfb76fd7b0..729778a69e 100644 --- a/source4/heimdal/kdc/kdc-private.h +++ b/source4/heimdal/kdc/kdc-private.h @@ -29,7 +29,7 @@ _kdc_db_fetch ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, krb5_principal /*principal*/, - enum hdb_ent_type, + enum hdb_ent_type /*ent_type*/, hdb_entry_ex **/*h*/); krb5_error_code @@ -104,7 +104,7 @@ _kdc_pk_check_client ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, krb5_principal /*client_princ*/, - const hdb_entry */*client*/, + const hdb_entry_ex */*client*/, pk_client_params */*client_params*/, char **/*subject_name*/); @@ -125,7 +125,7 @@ _kdc_pk_mk_pa_reply ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, pk_client_params */*client_params*/, - const hdb_entry */*client*/, + const hdb_entry_ex */*client*/, const KDC_REQ */*req*/, const krb5_data */*req_buffer*/, krb5_keyblock **/*reply_key*/, diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h index 58cf1f4173..ca8672c062 100644 --- a/source4/heimdal/kdc/kdc_locl.h +++ b/source4/heimdal/kdc/kdc_locl.h @@ -61,101 +61,10 @@ extern int detach_from_console; extern struct timeval _kdc_now; #define kdc_time (_kdc_now.tv_sec) -krb5_error_code -_kdc_as_rep(krb5_context context, - krb5_kdc_configuration *config, - KDC_REQ*, const krb5_data*, krb5_data*, - const char*, struct sockaddr*); - -krb5_kdc_configuration * -configure(krb5_context context, int argc, char **argv); - -krb5_error_code -_kdc_db_fetch(krb5_context context, - krb5_kdc_configuration *config, - krb5_principal principal, enum hdb_ent_type ent_type, - hdb_entry_ex **h); - -void -_kdc_free_ent(krb5_context context, hdb_entry_ex *ent); - void loop(krb5_context context, krb5_kdc_configuration *config); -krb5_error_code -_kdc_tgs_rep (krb5_context context, - krb5_kdc_configuration *config, - KDC_REQ*, krb5_data*, const char*, struct sockaddr *); - -krb5_error_code -_kdc_check_flags(krb5_context context, - krb5_kdc_configuration *config, - hdb_entry *client, const char *client_name, - hdb_entry *server, const char *server_name, - krb5_boolean is_as_req); - -krb5_error_code -_kdc_get_des_key(krb5_context context, hdb_entry_ex*, - krb5_boolean, krb5_boolean, Key**); - -krb5_error_code -_kdc_encode_v4_ticket(krb5_context context, - krb5_kdc_configuration *config, - void *buf, size_t len, const EncTicketPart *et, - const PrincipalName *service, size_t *size); -krb5_error_code -_kdc_do_524(krb5_context context, - krb5_kdc_configuration *config, - const Ticket *t, krb5_data *reply, - const char *from, struct sockaddr *addr); - - -#ifdef PKINIT -typedef struct pk_client_params pk_client_params; -krb5_error_code _kdc_pk_initialize(krb5_context, - krb5_kdc_configuration *, - const char *, - const char *); -krb5_error_code _kdc_pk_rd_padata(krb5_context, krb5_kdc_configuration *, - KDC_REQ *, PA_DATA *, pk_client_params **); -krb5_error_code _kdc_pk_mk_pa_reply(krb5_context, - krb5_kdc_configuration *, - pk_client_params *, - const hdb_entry *, - const KDC_REQ *, - const krb5_data *, - krb5_keyblock **, - METHOD_DATA *); -krb5_error_code _kdc_pk_check_client(krb5_context, - krb5_kdc_configuration *, - krb5_principal, - const hdb_entry *, - pk_client_params *, char **); -void _kdc_pk_free_client_param(krb5_context, pk_client_params *); -#endif - -/* - * Kerberos 4 - */ - -krb5_error_code -_kdc_db_fetch4 (krb5_context context, - krb5_kdc_configuration *config, - const char*, const char*, const char*, enum hdb_ent_type, hdb_entry_ex**); - -krb5_error_code -_kdc_do_version4 (krb5_context context, - krb5_kdc_configuration *config, - unsigned char*, size_t, krb5_data*, const char*, - struct sockaddr_in*); -int -_kdc_maybe_version4(unsigned char*, int); - -krb5_error_code -_kdc_do_kaserver (krb5_context context, - krb5_kdc_configuration *config, - unsigned char*, size_t, krb5_data*, - const char*, struct sockaddr_in*); - +krb5_kdc_configuration * +configure(krb5_context context, int argc, char **argv); #endif /* __KDC_LOCL_H__ */ diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index a0136ba425..392bc0acbe 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -804,8 +804,7 @@ _kdc_as_rep(krb5_context context, KDC_REQ_BODY *b = &req->req_body; AS_REP rep; KDCOptions f = b->kdc_options; - hdb_entry_ex *client = NULL; - hdb_entry_ex *server = NULL; + hdb_entry_ex *client = NULL, *server = NULL; krb5_enctype cetype, setype; EncTicketPart et; EncKDCRepPart ek; diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c index 3027d32cfc..4d38e1f12d 100644 --- a/source4/heimdal/kdc/misc.c +++ b/source4/heimdal/kdc/misc.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: misc.c,v 1.26 2005/12/12 12:37:31 lha Exp $"); +RCSID("$Id: misc.c,v 1.27 2006/01/01 23:17:16 lha Exp $"); struct timeval _kdc_now; @@ -47,7 +47,7 @@ _kdc_db_fetch(krb5_context context, krb5_error_code ret = HDB_ERR_NOENTRY; int i; - ent = malloc (sizeof (*ent)); + ent = calloc (1, sizeof (*ent)); if (ent == NULL) return ENOMEM; diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index 83c379825c..67934c0745 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c,v 1.49 2005/10/21 17:14:19 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.50 2006/02/13 11:48:21 lha Exp $"); #ifdef PKINIT @@ -175,13 +175,17 @@ pk_check_pkauthenticator(krb5_context context, return ret; } - if (a->paChecksum.length != checksum.checksum.length || - memcmp(a->paChecksum.data, checksum.checksum.data, - checksum.checksum.length) != 0) - { + if (a->paChecksum == NULL) { + krb5_clear_error_string(context); + ret = KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED; + goto out; + } + + if (heim_octet_string_cmp(a->paChecksum, &checksum.checksum) != 0) { krb5_clear_error_string(context); ret = KRB5KRB_ERR_GENERIC; } +out: free_Checksum(&checksum); return ret; @@ -1122,7 +1126,7 @@ krb5_error_code _kdc_pk_mk_pa_reply(krb5_context context, krb5_kdc_configuration *config, pk_client_params *client_params, - const hdb_entry *client, + const hdb_entry_ex *client, const KDC_REQ *req, const krb5_data *req_buffer, krb5_keyblock **reply_key, @@ -1379,7 +1383,7 @@ krb5_error_code _kdc_pk_check_client(krb5_context context, krb5_kdc_configuration *config, krb5_principal client_princ, - const hdb_entry *client, + const hdb_entry_ex *client, pk_client_params *client_params, char **subject_name) { diff --git a/source4/heimdal/lib/asn1/asn1_gen.c b/source4/heimdal/lib/asn1/asn1_gen.c index 95d670cbb1..5dc0ba2e2d 100644 --- a/source4/heimdal/lib/asn1/asn1_gen.c +++ b/source4/heimdal/lib/asn1/asn1_gen.c @@ -40,7 +40,7 @@ #include #include -RCSID("$Id: asn1_gen.c,v 1.3 2005/08/11 10:44:43 lha Exp $"); +RCSID("$Id: asn1_gen.c,v 1.4 2006/01/30 15:06:03 lha Exp $"); static int doit(const char *fn) @@ -87,13 +87,13 @@ doit(const char *fn) ptr++; class = strtok_r(ptr, " \t\n", &foo); - if (class == NULL) errx(1, "class missing one line %lu", line); + if (class == NULL) errx(1, "class missing on line %lu", line); type = strtok_r(NULL, " \t\n", &foo); - if (type == NULL) errx(1, "type missing one line %lu", line); + if (type == NULL) errx(1, "type missing on line %lu", line); tag = strtok_r(NULL, " \t\n", &foo); - if (tag == NULL) errx(1, "tag missing one line %lu", line); + if (tag == NULL) errx(1, "tag missing on line %lu", line); length = strtok_r(NULL, " \t\n", &foo); - if (length == NULL) errx(1, "length missing one line %lu", line); + if (length == NULL) errx(1, "length missing on line %lu", line); data = strtok_r(NULL, " \t\n", &foo); c = der_get_class_num(class); diff --git a/source4/heimdal/lib/asn1/der.h b/source4/heimdal/lib/asn1/der.h index 1f89f875f5..b9c2b47079 100644 --- a/source4/heimdal/lib/asn1/der.h +++ b/source4/heimdal/lib/asn1/der.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: der.h,v 1.30 2005/10/07 03:48:00 lha Exp $ */ +/* $Id: der.h,v 1.32 2006/01/30 15:25:25 lha Exp $ */ #ifndef __DER_H__ #define __DER_H__ @@ -65,8 +65,10 @@ enum { UT_IA5String = 22, UT_UTCTime = 23, UT_GeneralizedTime = 24, + UT_UniversalString = 25, UT_VisibleString = 26, UT_GeneralString = 27, + UT_BMPString = 30, /* unsupported types */ UT_ObjectDescriptor = 7, UT_External = 8, @@ -76,9 +78,7 @@ enum { UT_NumericString = 18, UT_TeletexString = 20, UT_VideotexString = 21, - UT_GraphicString = 25, - UT_UniversalString = 25, - UT_BMPString = 30, + UT_GraphicString = 25 }; #define ASN1_INDEFINITE 0xdce0deed diff --git a/source4/heimdal/lib/asn1/der_cmp.c b/source4/heimdal/lib/asn1/der_cmp.c index 306fcbdf57..2471312ba8 100755 --- a/source4/heimdal/lib/asn1/der_cmp.c +++ b/source4/heimdal/lib/asn1/der_cmp.c @@ -74,10 +74,10 @@ heim_bit_string_cmp(const heim_bit_string *p, const heim_bit_string *q) int heim_integer_cmp(const heim_integer *p, const heim_integer *q) { + if (p->negative != q->negative) + return q->negative - p->negative; if (p->length != q->length) return p->length - q->length; - if (p->negative != q->negative) - return p->negative - q->negative; return memcmp(p->data, q->data, p->length); } diff --git a/source4/heimdal/lib/asn1/der_copy.c b/source4/heimdal/lib/asn1/der_copy.c index a3c9026cbf..e0443eed39 100644 --- a/source4/heimdal/lib/asn1/der_copy.c +++ b/source4/heimdal/lib/asn1/der_copy.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_copy.c,v 1.13 2005/07/12 06:27:20 lha Exp $"); +RCSID("$Id: der_copy.c,v 1.14 2006/01/04 23:41:29 lha Exp $"); int copy_general_string (const heim_general_string *from, heim_general_string *to) @@ -106,6 +106,7 @@ copy_heim_integer (const heim_integer *from, heim_integer *to) if(to->length != 0 && to->data == NULL) return ENOMEM; memcpy(to->data, from->data, to->length); + to->negative = from->negative; return 0; } diff --git a/source4/heimdal/lib/asn1/der_format.c b/source4/heimdal/lib/asn1/der_format.c new file mode 100644 index 0000000000..44e39b46c5 --- /dev/null +++ b/source4/heimdal/lib/asn1/der_format.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "der_locl.h" +#include + +RCSID("$Id: der_format.c,v 1.2 2006/01/16 23:01:11 lha Exp $"); + +int +der_parse_hex_heim_integer (const char *p, heim_integer *data) +{ + ssize_t len; + + data->length = 0; + data->negative = 0; + data->data = NULL; + + if (*p == '-') { + p++; + data->negative = 1; + } + + len = strlen(p); + if (len < 0) { + data->data = NULL; + data->length = 0; + return EINVAL; + } + + data->length = (len / 2) + 1; + data->data = malloc(data->length); + if (data->data == NULL) { + data->length = 0; + return ENOMEM; + } + + len = hex_decode(p, data->data, data->length); + if (len < 0) { + free(data->data); + data->data = NULL; + data->length = 0; + return EINVAL; + } + + { + unsigned char *p = data->data; + while(*p == 0 && len > 0) { + p++; + len--; + } + data->length = len; + memmove(data->data, p, len); + } + return 0; +} + +int +der_print_hex_heim_integer (const heim_integer *data, char **p) +{ + ssize_t len; + char *q; + + len = hex_encode(data->data, data->length, p); + if (len < 0) + return ENOMEM; + + if (data->negative) { + len = asprintf(&q, "-%s", *p); + free(*p); + if (len < 0) + return ENOMEM; + *p = q; + } + return 0; +} diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c index 403f5ab1ba..a75ab15c09 100644 --- a/source4/heimdal/lib/asn1/der_get.c +++ b/source4/heimdal/lib/asn1/der_get.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_get.c,v 1.44 2005/07/19 18:04:00 lha Exp $"); +RCSID("$Id: der_get.c,v 1.45 2006/01/20 10:03:50 lha Exp $"); #include @@ -241,19 +241,40 @@ der_get_heim_integer (const unsigned char *p, size_t len, return 0; } if (p[0] & 0x80) { + unsigned char *q; + int carry = 1; data->negative = 1; - return ASN1_OVERRUN; + data->length = len; + + if (p[0] == 0xff) { + p++; + data->length--; + } + data->data = malloc(data->length); + if (data->data == NULL) { + data->length = 0; + return ENOMEM; + } + q = &((unsigned char*)data->data)[data->length - 1]; + p += data->length - 1; + while (q >= (unsigned char*)data->data) { + *q = *p ^ 0xff; + if (carry) + carry = !++*q; + p--; + q--; + } } else { data->negative = 0; data->length = len; - if (p[0] == 0 && data->length != 1) { + if (p[0] == 0) { p++; data->length--; } data->data = malloc(data->length); - if (data->data == NULL) { + if (data->data == NULL && data->length != 0) { data->length = 0; return ENOMEM; } diff --git a/source4/heimdal/lib/asn1/der_length.c b/source4/heimdal/lib/asn1/der_length.c index e818267bf4..2c017ad84e 100644 --- a/source4/heimdal/lib/asn1/der_length.c +++ b/source4/heimdal/lib/asn1/der_length.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_length.c,v 1.17 2005/07/12 06:27:22 lha Exp $"); +RCSID("$Id: der_length.c,v 1.18 2006/01/20 10:04:46 lha Exp $"); size_t _heim_len_unsigned (unsigned val) @@ -178,7 +178,7 @@ length_heim_integer (const heim_integer *k) if (k->length == 0) return 1; if (k->negative) - return k->length + ((((unsigned char *)k->data)[0] & 0x80) ? 0 : 1); + return k->length + (((~(((unsigned char *)k->data)[0])) & 0x80) ? 0 : 1); else return k->length + ((((unsigned char *)k->data)[0] & 0x80) ? 1 : 0); } diff --git a/source4/heimdal/lib/asn1/extra.c b/source4/heimdal/lib/asn1/extra.c index ba081e3a63..4f70f191df 100644 --- a/source4/heimdal/lib/asn1/extra.c +++ b/source4/heimdal/lib/asn1/extra.c @@ -34,7 +34,7 @@ #include "der_locl.h" #include "heim_asn1.h" -RCSID("$Id: extra.c,v 1.5 2005/07/19 18:05:16 lha Exp $"); +RCSID("$Id: extra.c,v 1.6 2006/01/31 09:44:54 lha Exp $"); int encode_heim_any(unsigned char *p, size_t len, @@ -59,10 +59,7 @@ decode_heim_any(const unsigned char *p, size_t len, unsigned int thistag; int e; - if (data == NULL && len == 0) { /* XXX tag less OPTIONAL */ - *size = 0; - return 0; - } + memset(data, 0, sizeof(*data)); e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l); if (e) return e; @@ -73,16 +70,15 @@ decode_heim_any(const unsigned char *p, size_t len, if (length + len_len + l > len) return ASN1_OVERFLOW; - if (data) { /* XXX hack to workaround tag less OPTIONAL data */ - memset(data, 0, sizeof(*data)); - - data->data = malloc(length + len_len + l); - if (data->data == NULL) - return ENOMEM; - data->length = length + len_len + l; - memcpy(data->data, p, length + len_len + l); - } - if (size) *size = length + len_len + l; + data->data = malloc(length + len_len + l); + if (data->data == NULL) + return ENOMEM; + data->length = length + len_len + l; + memcpy(data->data, p, length + len_len + l); + + if (size) + *size = length + len_len + l; + return 0; } diff --git a/source4/heimdal/lib/asn1/parse.y b/source4/heimdal/lib/asn1/parse.y index 51dc51ed88..2238478284 100644 --- a/source4/heimdal/lib/asn1/parse.y +++ b/source4/heimdal/lib/asn1/parse.y @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse.y,v 1.25 2005/08/23 10:52:31 lha Exp $ */ +/* $Id: parse.y,v 1.27 2005/12/14 09:44:36 lha Exp $ */ %{ #ifdef HAVE_CONFIG_H @@ -45,9 +45,10 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y,v 1.25 2005/08/23 10:52:31 lha Exp $"); +RCSID("$Id: parse.y,v 1.27 2005/12/14 09:44:36 lha Exp $"); static Type *new_type (Typetype t); +static struct constraint_spec *new_constraint_spec(enum ctype); static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype); void yyerror (const char *); static struct objid *new_objid(const char *label, int value); @@ -73,6 +74,7 @@ struct string_list { struct string_list *sl; struct tagtype tag; struct memhead *members; + struct constraint_spec *constraint_spec; } %token kw_ABSENT @@ -183,6 +185,7 @@ struct string_list { %type BitStringType %type BooleanType %type ChoiceType +%type ConstrainedType %type EnumeratedType %type IntegerType %type NullType @@ -215,6 +218,12 @@ struct string_list { %type referencenames +%type Constraint +%type ConstraintSpec +%type GeneralConstraint +%type ContentsConstraint +%type UserDefinedConstraint + %start ModuleDefinition %% @@ -300,6 +309,7 @@ TypeAssignment : IDENTIFIER EEQUAL Type Type : BuiltinType | ReferencedType + | ConstrainedType ; BuiltinType : BitStringType @@ -507,6 +517,63 @@ UsefulType : kw_GeneralizedTime } ; +ConstrainedType : Type Constraint + { + /* if (Constraint.type == contentConstrant) { + assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too + if (Constraint.u.constraint.type) { + assert((Constraint.u.constraint.type.length % 8) == 0); + } + } + if (Constraint.u.constraint.encoding) { + type == der-oid|ber-oid + } + */ + } + ; + + +Constraint : '(' ConstraintSpec ')' + { + $$ = $2; + } + +ConstraintSpec : GeneralConstraint + +GeneralConstraint: ContentsConstraint + | UserDefinedConstraint + ; + +ContentsConstraint: kw_CONTAINING Type + { + $$ = new_constraint_spec(CT_CONTENTS); + $$->u.content.type = $2; + $$->u.content.encoding = NULL; + } + | kw_ENCODED kw_BY Value + { + if ($3->type != objectidentifiervalue) + error_message("Non-OID used in ENCODED BY constraint"); + $$ = new_constraint_spec(CT_CONTENTS); + $$->u.content.type = NULL; + $$->u.content.encoding = $3; + } + | kw_CONTAINING Type kw_ENCODED kw_BY Value + { + if ($5->type != objectidentifiervalue) + error_message("Non-OID used in ENCODED BY constraint"); + $$ = new_constraint_spec(CT_CONTENTS); + $$->u.content.type = $2; + $$->u.content.encoding = $5; + } + ; + +UserDefinedConstraint: kw_CONSTRAINED kw_BY '{' '}' + { + $$ = new_constraint_spec(CT_USER); + } + ; + TaggedType : Tag tagenv Type { $$ = new_type(TTag); @@ -861,6 +928,14 @@ new_type (Typetype tt) return t; } +static struct constraint_spec * +new_constraint_spec(enum ctype ct) +{ + struct constraint_spec *c = ecalloc(1, sizeof(*c)); + c->ctype = ct; + return c; +} + static void fix_labels2(Type *t, const char *prefix); static void fix_labels1(struct memhead *members, const char *prefix) { diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index 925615f244..ffaf15279a 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -1,4 +1,4 @@ -/* A lexical scanner generated by flex */ +/* A lexical scanner generated by flex*/ /* Scanner skeleton version: * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ @@ -134,6 +134,15 @@ extern FILE *yyin, *yyout; #define unput(c) yyunput( c, yytext_ptr ) +/* Some routines like yy_flex_realloc() are emitted as static but are + not called by all lexers. This generates warnings in some compilers, + notably GCC. Arrange to suppress these. */ +#ifdef __GNUC__ +#define YY_MAY_BE_UNUSED __attribute__((unused)) +#else +#define YY_MAY_BE_UNUSED +#endif + /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). @@ -240,7 +249,7 @@ YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); static void *yy_flex_alloc YY_PROTO(( yy_size_t )); -static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); +static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )) YY_MAY_BE_UNUSED; static void yy_flex_free YY_PROTO(( void * )); #define yy_new_buffer yy_create_buffer @@ -442,7 +451,7 @@ static int getstring(void); #undef ECHO -#line 446 "lex.yy.c" +#line 455 "lex.yy.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -595,7 +604,7 @@ YY_DECL #line 59 "lex.l" -#line 599 "lex.yy.c" +#line 608 "lex.yy.c" if ( yy_init ) { @@ -758,7 +767,7 @@ YY_RULE_SETUP #line 75 "lex.l" ECHO; YY_BREAK -#line 762 "lex.yy.c" +#line 771 "lex.yy.c" case YY_STATE_EOF(INITIAL): yyterminate(); diff --git a/source4/heimdal/lib/des/aes.h b/source4/heimdal/lib/des/aes.h index ef72b0add7..8a62c6461d 100755 --- a/source4/heimdal/lib/des/aes.h +++ b/source4/heimdal/lib/des/aes.h @@ -31,11 +31,22 @@ * SUCH DAMAGE. */ -/* $Id: aes.h,v 1.4 2005/04/10 19:09:47 lha Exp $ */ +/* $Id: aes.h,v 1.5 2006/01/08 21:47:27 lha Exp $ */ #ifndef HEIM_AES_H #define HEIM_AES_H 1 +/* symbol renaming */ +#define AES_set_encrypt_key hc_AES_set_encrypt_key +#define AES_set_decrypt_key hc_AES_decrypt_key +#define AES_encrypt hc_AES_encrypt +#define AES_decrypt hc_AES_decrypt +#define AES_cbc_encrypt hc_AES_cbc_encrypt + +/* + * + */ + #define AES_BLOCK_SIZE 16 #define AES_MAXNR 14 diff --git a/source4/heimdal/lib/des/bn.h b/source4/heimdal/lib/des/bn.h new file mode 100644 index 0000000000..b0c90d36fc --- /dev/null +++ b/source4/heimdal/lib/des/bn.h @@ -0,0 +1,121 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: bn.h,v 1.3 2006/01/13 08:27:50 lha Exp $ + */ + +#ifndef _HEIM_BN_H +#define _HEIM_BN_H 1 + +/* symbol renaming */ +#define BN_GENCB_call hc_BN_GENCB_call +#define BN_GENCB_set hc_BN_GENCB_set +#define BN_bin2bn hc_BN_bin2bn +#define BN_bn2bin hc_BN_bn2bin +#define BN_bn2hex hc_BN_bn2hex +#define BN_clear hc_BN_clear +#define BN_clear_bit hc_BN_clear_bit +#define BN_clear_free hc_BN_clear_free +#define BN_cmp hc_BN_cmp +#define BN_dup hc_BN_dup +#define BN_free hc_BN_free +#define BN_is_negative hc_BN_is_negative +#define BN_get_word hc_BN_get_word +#define BN_hex2bn hc_BN_hex2bn +#define BN_is_bit_set hc_BN_is_bit_set +#define BN_new hc_BN_new +#define BN_num_bits hc_BN_num_bits +#define BN_num_bytes hc_BN_num_bytes +#define BN_rand hc_BN_rand +#define BN_set_bit hc_BN_set_bit +#define BN_set_negative hc_BN_set_negative +#define BN_set_word hc_BN_set_word +#define BN_uadd hc_BN_uadd + +/* + * + */ + +typedef void BIGNUM; +typedef struct BN_GENCB BN_GENCB; +typedef void BN_CTX; +typedef void BN_MONT_CTX; +typedef void BN_BLINDING; + +struct BN_GENCB { + unsigned int ver; + void *arg; + union { + int (*cb_2)(int, int, BN_GENCB *); + } cb; +}; + +/* + * + */ + +BIGNUM *BN_new(void); +void BN_free(BIGNUM *); +void BN_clear_free(BIGNUM *); +void BN_clear(BIGNUM *); +BIGNUM *BN_dup(const BIGNUM *); + +int BN_num_bits(const BIGNUM *); +int BN_num_bytes(const BIGNUM *); + +int BN_cmp(const BIGNUM *, const BIGNUM *); + +void BN_set_negative(BIGNUM *, int); +int BN_is_negative(BIGNUM *); + +int BN_is_bit_set(const BIGNUM *, int); +int BN_set_bit(BIGNUM *, int); +int BN_clear_bit(BIGNUM *, int); + +int BN_set_word(BIGNUM *, unsigned long); +unsigned long BN_get_word(const BIGNUM *); + +BIGNUM *BN_bin2bn(const void *,int len,BIGNUM *); +int BN_bn2bin(const BIGNUM *, void *); +int BN_hex2bn(BIGNUM **, const char *); +char * BN_bn2hex(const BIGNUM *); + +int BN_uadd(BIGNUM *, const BIGNUM *, const BIGNUM *); + +int BN_rand(BIGNUM *, int, int, int); + +void BN_GENCB_set(BN_GENCB *, int (*)(int, int, BN_GENCB *), void *); +int BN_GENCB_call(BN_GENCB *, int, int); + +#endif diff --git a/source4/heimdal/lib/des/des.c b/source4/heimdal/lib/des/des.c index b615bbd30e..b6bb55a9ba 100644 --- a/source4/heimdal/lib/des/des.c +++ b/source4/heimdal/lib/des/des.c @@ -45,7 +45,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: des.c,v 1.15 2005/07/20 10:49:22 lha Exp $"); +RCSID("$Id: des.c,v 1.16 2006/01/08 21:47:28 lha Exp $"); #endif #include @@ -54,6 +54,7 @@ RCSID("$Id: des.c,v 1.15 2005/07/20 10:49:22 lha Exp $"); #include #include "des.h" +#include "ui.h" static void desx(uint32_t [2], DES_key_schedule *, int); static void IP(uint32_t [2]); diff --git a/source4/heimdal/lib/des/des.h b/source4/heimdal/lib/des/des.h index 887c2e14d4..890fab462d 100644 --- a/source4/heimdal/lib/des/des.h +++ b/source4/heimdal/lib/des/des.h @@ -31,11 +31,41 @@ * SUCH DAMAGE. */ -/* $Id: des.h,v 1.24 2005/07/20 10:49:23 lha Exp $ */ +/* $Id: des.h,v 1.25 2006/01/08 21:47:28 lha Exp $ */ #ifndef _DESperate_H #define _DESperate_H 1 +/* symbol renaming */ +#define DES_set_odd_parity hc_DES_set_odd_parity +#define DES_is_weak_key hc_DES_is_weak_key +#define DES_key_sched hc_DES_key_sched +#define DES_set_key hc_DES_set_key +#define DES_set_key_checked hc_DES_set_key_checked +#define DES_set_key_sched hc_DES_set_key_sched +#define DES_new_random_key hc_DES_new_random_key +#define DES_string_to_key hc_DES_string_to_key +#define DES_read_password hc_DES_read_password +#define DES_rand_data hc_DES_rand_data +#define DES_set_random_generator_seed hc_DES_set_random_generator_seed +#define DES_generate_random_block hc_DES_generate_random_block +#define DES_set_sequence_number hc_DES_set_sequence_number +#define DES_init_random_number_generator hc_DES_init_random_number_generator +#define DES_random_key hc_DES_random_key +#define DES_encrypt hc_DES_encrypt +#define DES_ecb_encrypt hc_DES_ecb_encrypt +#define DES_ecb3_encrypt hc_DES_ecb3_encrypt +#define DES_pcbc_encrypt hc_DES_pcbc_encrypt +#define DES_cbc_encrypt hc_DES_cbc_encrypt +#define DES_cbc_cksum hc_DES_cbc_cksum +#define DES_ede3_cbc_encrypt hc_DES_ede3_cbc_encrypt +#define DES_cfb64_encrypt hc_DES_cfb64_encrypt +#define _DES_ipfp_test _hc_DES_ipfp_test + +/* + * + */ + #define DES_CBLOCK_LEN 8 #define DES_KEY_SZ 8 @@ -48,6 +78,10 @@ typedef struct DES_key_schedule uint32_t ks[32]; } DES_key_schedule; +/* + * + */ + int DES_set_odd_parity(DES_cblock *); int DES_is_weak_key(DES_cblock *); int DES_set_key(DES_cblock *, DES_key_schedule *); @@ -57,8 +91,6 @@ int DES_new_random_key(DES_cblock *); void DES_string_to_key(const char *, DES_cblock *); int DES_read_password(DES_cblock *, char *, int); -int UI_UTIL_read_pw_string(char *, int, const char *, int); /* XXX */ - void DES_rand_data(void *, int); void DES_set_random_generator_seed(DES_cblock *); void DES_generate_random_block(DES_cblock *); diff --git a/source4/heimdal/lib/des/dh.h b/source4/heimdal/lib/des/dh.h new file mode 100644 index 0000000000..cbea876521 --- /dev/null +++ b/source4/heimdal/lib/des/dh.h @@ -0,0 +1,139 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: dh.h,v 1.4 2006/01/18 13:48:30 lha Exp $ + */ + +#ifndef _HEIM_DH_H +#define _HEIM_DH_H 1 + +/* symbol renaming */ +#define DH_null_method hc_DH_null_method +#define DH_new hc_DH_new +#define DH_new_method hc_DH_new_method +#define DH_free hc_DH_free +#define DH_up_ref hc_DH_up_ref +#define DH_size hc_DH_size +#define DH_set_default_method hc_DH_set_default_method +#define DH_get_default_method hc_DH_get_default_method +#define DH_set_method hc_DH_set_method +#define DH_get_method hc_DH_get_method +#define DH_set_ex_data hc_DH_set_ex_data +#define DH_get_ex_data hc_DH_get_ex_data +#define DH_generate_parameters_ex hc_DH_generate_parameters_ex +#define DH_check hc_DH_check +#define DH_generate_key hc_DH_generate_key +#define DH_compute_key hc_DH_compute_key + +/* + * + */ + +typedef struct DH DH; +typedef struct DH_METHOD DH_METHOD; + +#include +#include + +struct DH_METHOD { + const char *name; + int (*generate_key)(DH *); + int (*compute_key)(unsigned char *,const BIGNUM *,DH *); + int (*bn_mod_exp)(const DH *, BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *); + int (*init)(DH *); + int (*finish)(DH *); + int flags; + void *app_data; + int (*generate_params)(DH *, int, int, BN_GENCB *); +}; + +struct DH { + int pad; + int version; + BIGNUM *p; + BIGNUM *g; + long length; + BIGNUM *pub_key; + BIGNUM *priv_key; + int flags; + void *method_mont_p; + BIGNUM *q; + BIGNUM *j; + void *seed; + int seedlen; + BIGNUM *counter; + int references; + struct CRYPTO_EX_DATA { + void *sk; + int dummy; + } ex_data; + const DH_METHOD *meth; + ENGINE *engine; +}; + +/* DH_check_pubkey return codes in `codes' argument. */ +#define DH_CHECK_PUBKEY_TOO_SMALL 1 +#define DH_CHECK_PUBKEY_TOO_LARGE 2 + +/* + * + */ + +const DH_METHOD *DH_null_method(void); + +DH * DH_new(void); +DH * DH_new_method(ENGINE *); +void DH_free(DH *); +int DH_up_ref(DH *); + +int DH_size(const DH *); + + +void DH_set_default_method(const DH_METHOD *); +const DH_METHOD * + DH_get_default_method(void); +int DH_set_method(DH *, const DH_METHOD *); + +int DH_set_ex_data(DH *, int, void *); +void * DH_get_ex_data(DH *, int); + +int DH_generate_parameters_ex(DH *, int, int, BN_GENCB *); +int DH_check_pubkey(const DH *, const BIGNUM *, int *); +int DH_generate_key(DH *); +int DH_compute_key(unsigned char *,const BIGNUM *,DH *); + +#endif /* _HEIM_DH_H */ + diff --git a/source4/heimdal/lib/des/dsa.h b/source4/heimdal/lib/des/dsa.h new file mode 100644 index 0000000000..18859effc8 --- /dev/null +++ b/source4/heimdal/lib/des/dsa.h @@ -0,0 +1,140 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: dsa.h,v 1.2 2006/01/13 15:26:52 lha Exp $ + */ + +#ifndef _HEIM_DSA_H +#define _HEIM_DSA_H 1 + +#include + +/* symbol renaming */ +#define DSA_null_method hc_DSA_null_method +#define DSA_new hc_DSA_new +#define DSA_free hc_DSA_free +#define DSA_up_ref hc_DSA_up_ref +#define DSA_set_default_method hc_DSA_set_default_method +#define DSA_get_default_method hc_DSA_get_default_method +#define DSA_set_method hc_DSA_set_method +#define DSA_get_method hc_DSA_get_method +#define DSA_set_app_data hc_DSA_set_app_data +#define DSA_get_app_data hc_DSA_get_app_data +#define DSA_size hc_DSA_size +#define DSA_verify hc_DSA_verify + +/* + * + */ + + +typedef struct DSA DSA; +typedef struct DSA_METHOD DSA_METHOD; +typedef struct DSA_SIG DSA_SIG; + +struct DSA_SIG { + BIGNUM *r; + BIGNUM *s; +}; + +struct DSA_METHOD { + const char *name; + DSA_SIG * (*dsa_do_sign)(const unsigned char *, int, DSA *); + int (*dsa_sign_setup)(DSA *, BN_CTX *, BIGNUM **, BIGNUM **); + int (*dsa_do_verify)(const unsigned char *, int, DSA_SIG *, DSA *); + int (*dsa_mod_exp)(DSA *, BIGNUM *, BIGNUM *, BIGNUM *, + BIGNUM *, BIGNUM *, BIGNUM *, BN_CTX *, + BN_MONT_CTX *); + int (*bn_mod_exp)(DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, + BN_MONT_CTX *); + int (*init)(DSA *); + int (*finish)(DSA *); + int flags; + void *app_data; +}; + +struct DSA { + int pad; + long version; + int write_params; + BIGNUM *p; + BIGNUM *q; + BIGNUM *g; + + BIGNUM *pub_key; + BIGNUM *priv_key; + + BIGNUM *kinv; + BIGNUM *r; + int flags; + void *method_mont_p; + int references; + struct dsa_CRYPTO_EX_DATA { + void *sk; + int dummy; + } ex_data; + const DSA_METHOD *meth; + void *engine; +}; + +/* + * + */ + +const DSA_METHOD *DSA_null_method(void); + +/* + * + */ + +DSA * DSA_new(void); +void DSA_free(DSA *); +int DSA_up_ref(DSA *); + +void DSA_set_default_method(const DSA_METHOD *); +const DSA_METHOD * DSA_get_default_method(void); + +const DSA_METHOD * DSA_get_method(const DSA *); +int DSA_set_method(DSA *, const DSA_METHOD *); + +void DSA_set_app_data(DSA *, void *arg); +void * DSA_get_app_data(DSA *); + +int DSA_size(const DSA *); + +int DSA_verify(int, const unsigned char *, int, + const unsigned char *, int, DSA *); + +#endif /* _HEIM_DSA_H */ diff --git a/source4/heimdal/lib/des/engine.h b/source4/heimdal/lib/des/engine.h new file mode 100644 index 0000000000..70c0a7688c --- /dev/null +++ b/source4/heimdal/lib/des/engine.h @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: engine.h,v 1.4 2006/01/13 15:26:52 lha Exp $ + */ + +#ifndef _HEIM_ENGINE_H +#define _HEIM_ENGINE_H 1 + +/* symbol renaming */ +#define ENGINE_add_conf_module hc_ENGINE_add_conf_module +#define ENGINE_by_dso hc_ENGINE_by_dso +#define ENGINE_by_id hc_ENGINE_by_id +#define ENGINE_finish hc_ENGINE_finish +#define ENGINE_get_DH hc_ENGINE_get_DH +#define ENGINE_get_RSA hc_ENGINE_get_RSA +#define ENGINE_get_id hc_ENGINE_get_id +#define ENGINE_get_name hc_ENGINE_get_name +#define ENGINE_load_builtin_engines hc_ENGINE_load_builtin_engines +#define ENGINE_set_DH hc_ENGINE_set_DH +#define ENGINE_set_RSA hc_ENGINE_set_RSA +#define ENGINE_set_id hc_ENGINE_set_id +#define ENGINE_set_name hc_ENGINE_set_name +#define ENGINE_set_destroy_function hc_ENGINE_set_destroy_function +#define ENGINE_up_ref hc_ENGINE_up_ref + +/* + * + */ + +typedef struct hc_engine ENGINE; + +#include +#include +#include + +#define OPENSSL_DYNAMIC_VERSION (unsigned long)0x00020000 + +typedef int (*openssl_bind_engine)(ENGINE *, const char *, const void *); +typedef unsigned long (*openssl_v_check)(unsigned long); + +void ENGINE_add_conf_module(void); +void ENGINE_load_builtin_engines(void); +ENGINE *ENGINE_by_id(const char *); +ENGINE *ENGINE_by_dso(const char *, const char *); +int ENGINE_finish(ENGINE *); +int ENGINE_up_ref(ENGINE *); +int ENGINE_set_id(ENGINE *, const char *); +int ENGINE_set_name(ENGINE *, const char *); +int ENGINE_set_RSA(ENGINE *, const RSA_METHOD *); +int ENGINE_set_DH(ENGINE *, const DH_METHOD *); +int ENGINE_set_destroy_function(ENGINE *, void (*)(ENGINE *)); + +const char * ENGINE_get_id(const ENGINE *); +const char * ENGINE_get_name(const ENGINE *); +const RSA_METHOD * ENGINE_get_RSA(const ENGINE *); +const DH_METHOD * ENGINE_get_DH(const ENGINE *); + +int ENGINE_set_default_RSA(ENGINE *); +ENGINE * ENGINE_get_default_RSA(void); +int ENGINE_set_default_DH(ENGINE *); +ENGINE * ENGINE_get_default_DH(void); + + +#endif /* _HEIM_ENGINE_H */ diff --git a/source4/heimdal/lib/des/evp.c b/source4/heimdal/lib/des/evp.c new file mode 100644 index 0000000000..3f89a49bcc --- /dev/null +++ b/source4/heimdal/lib/des/evp.c @@ -0,0 +1,728 @@ +#include +#include +#include +#include +#include + +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +struct hc_evp_md { + int hash_size; + int block_size; + int ctx_size; + int (*init)(EVP_MD_CTX *); + int (*update)(EVP_MD_CTX *,const void *, size_t ); + int (*final)(void *, EVP_MD_CTX *); + int (*cleanup)(EVP_MD_CTX *); +}; + +/* + * + */ + +size_t +EVP_MD_size(const EVP_MD *md) +{ + return md->hash_size; +} + +size_t +EVP_MD_block_size(const EVP_MD *md) +{ + return md->block_size; +} + +EVP_MD_CTX * +EVP_MD_CTX_create(void) +{ + return calloc(1, sizeof(EVP_MD_CTX)); +} + +void +EVP_MD_CTX_init(EVP_MD_CTX *ctx) +{ + memset(ctx, 0, sizeof(*ctx)); +} + +void +EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) +{ + EVP_MD_CTX_cleanup(ctx); + free(ctx); +} + +int +EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) +{ + if (ctx->md && ctx->md->cleanup) + (ctx->md->cleanup)(ctx); + ctx->md = NULL; + ctx->engine = NULL; + free(ctx->ptr); + return 1; +} + + +const EVP_MD * +EVP_MD_CTX_md(EVP_MD_CTX *ctx) +{ + return ctx->md; +} + +size_t +EVP_MD_CTX_size(EVP_MD_CTX *ctx) +{ + return EVP_MD_size(ctx->md); +} + +size_t +EVP_MD_CTX_block_size(EVP_MD_CTX *ctx) +{ + return EVP_MD_block_size(ctx->md); +} + +int +EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine) +{ + if (ctx->md != md || ctx->engine != engine) { + EVP_MD_CTX_cleanup(ctx); + ctx->md = md; + ctx->engine = engine; + + ctx->ptr = calloc(1, md->ctx_size); + if (ctx->ptr == NULL) + return 0; + } + (ctx->md->init)(ctx->ptr); + return 1; +} + +int +EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t size) +{ + (ctx->md->update)(ctx->ptr, data, size); + return 1; +} + +int +EVP_DigestFinal_ex(EVP_MD_CTX *ctx, void *hash, unsigned int *size) +{ + (ctx->md->final)(hash, ctx->ptr); + if (size) + *size = ctx->md->hash_size; + return 1; +} + +int +EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize, + const EVP_MD *md, ENGINE *engine) +{ + EVP_MD_CTX *ctx; + int ret; + + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) + return 0; + ret = EVP_DigestInit_ex(ctx, md, engine); + if (ret != 1) + return ret; + ret = EVP_DigestUpdate(ctx, data, dsize); + if (ret != 1) + return ret; + ret = EVP_DigestFinal_ex(ctx, hash, hsize); + if (ret != 1) + return ret; + EVP_MD_CTX_destroy(ctx); + return 1; +} + +/* + * + */ + +static const struct hc_evp_md sha1 = { + 20, + 64, + sizeof(SHA_CTX), + (void *)SHA1_Init, + (void *)SHA1_Update, + (void *)SHA1_Final, + NULL +}; + +const EVP_MD * +EVP_sha1(void) +{ + return &sha1; +} + +const EVP_MD * +EVP_sha(void) +{ + return &sha1; +} + +const EVP_MD * +EVP_md5(void) +{ + static const struct hc_evp_md md5 = { + 16, + 64, + sizeof(MD5_CTX), + (void *)MD5_Init, + (void *)MD5_Update, + (void *)MD5_Final, + NULL + }; + return &md5; +} + +const EVP_MD * +EVP_md4(void) +{ + static const struct hc_evp_md md4 = { + 16, + 64, + sizeof(MD4_CTX), + (void *)MD4_Init, + (void *)MD4_Update, + (void *)MD4_Final, + NULL + }; + return &md4; +} + +const EVP_MD * +EVP_md2(void) +{ + static const struct hc_evp_md md2 = { + 16, + 16, + sizeof(MD2_CTX), + (void *)MD2_Init, + (void *)MD2_Update, + (void *)MD2_Final, + NULL + }; + return &md2; +} + +/* + * + */ + +static void +null_Init (void *m) +{ +} +static void +null_Update (void *m, const void * data, size_t size) +{ +} +static void +null_Final(void *res, struct md5 *m) +{ +} + +const EVP_MD * +EVP_md_null(void) +{ + static const struct hc_evp_md null = { + 0, + 0, + 0, + (void *)null_Init, + (void *)null_Update, + (void *)null_Final, + NULL + }; + return &null; +} + +#if 0 +void EVP_MD_CTX_init(EVP_MD_CTX *ctx); +int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); +int EVP_SignFinal(EVP_MD_CTX *, void *, size_t *, EVP_PKEY *); +int EVP_VerifyFinal(EVP_MD_CTX *, const void *, size_t, EVP_PKEY *); +#endif + +/* + * + */ + +size_t +EVP_CIPHER_block_size(const EVP_CIPHER *c) +{ + return c->block_size; +} + +size_t +EVP_CIPHER_key_length(const EVP_CIPHER *c) +{ + return c->key_len; +} + +size_t +EVP_CIPHER_iv_length(const EVP_CIPHER *c) +{ + return c->iv_len; +} + +void +EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *c) +{ + memset(c, 0, sizeof(*c)); +} + +int +EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) +{ + if (c->cipher && c->cipher->cleanup) + c->cipher->cleanup(c); + if (c->cipher_data) { + free(c->cipher_data); + c->cipher_data = NULL; + } + return 1; +} + +#if 0 +int +EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int length) +{ + return 0; +} + +int +EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad) +{ + return 0; +} +#endif + +const EVP_CIPHER * +EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher; +} + +size_t +EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) +{ + return EVP_CIPHER_block_size(ctx->cipher); +} + +size_t +EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) +{ + return EVP_CIPHER_key_length(ctx->cipher); +} + +size_t +EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) +{ + return EVP_CIPHER_iv_length(ctx->cipher); +} + +unsigned long +EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher->flags; +} + +int +EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx) +{ + return EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_MODE; +} + +void * +EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *ctx) +{ + return ctx->app_data; +} + +void +EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) +{ + ctx->app_data = data; +} + +int +EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, + const void *key, const void *iv, int encp) +{ + if (encp == -1) + encp = ctx->encrypt; + else + ctx->encrypt = (encp ? 1 : 0); + + if (c && (c != ctx->cipher)) { + EVP_CIPHER_CTX_cleanup(ctx); + ctx->cipher = c; + ctx->key_len = c->key_len; + + ctx->cipher_data = malloc(c->ctx_size); + if (ctx->cipher_data == NULL && c->ctx_size != 0) + return 0; + + } else if (ctx->cipher == NULL) { + /* reuse of cipher, but not any cipher ever set! */ + return 0; + } + + switch (EVP_CIPHER_CTX_flags(ctx)) { + case EVP_CIPH_CBC_MODE: + + assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv)); + + if (iv) + memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); + break; + default: + return 0; + } + + if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) + ctx->cipher->init(ctx, key, iv, encp); + + return 1; +} + +int +EVP_Cipher(EVP_CIPHER_CTX *ctx, void *out, const void *in,size_t size) +{ + return ctx->cipher->do_cipher(ctx, out, in, size); +} + +/* + * + */ + +static int +enc_null_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + return 1; +} + +static int +enc_null_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + memmove(out, in, size); + return 1; +} + +static int +enc_null_cleanup(EVP_CIPHER_CTX *ctx) +{ + return 1; +} + +const EVP_CIPHER * +EVP_enc_null(void) +{ + static const EVP_CIPHER enc_null = { + 0, + 0, + 0, + 0, + EVP_CIPH_CBC_MODE, + enc_null_init, + enc_null_do_cipher, + enc_null_cleanup, + 0, + NULL, + NULL, + NULL, + NULL + }; + return &enc_null; +} + +/* + * + */ + +struct rc2_cbc { + unsigned int maximum_effective_key; + RC2_KEY key; +}; + +static int +rc2_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + struct rc2_cbc *k = ctx->cipher_data; + k->maximum_effective_key = EVP_CIPHER_CTX_key_length(ctx) * 8; + RC2_set_key(&k->key, + EVP_CIPHER_CTX_key_length(ctx), + key, + k->maximum_effective_key); + return 1; +} + +static int +rc2_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + struct rc2_cbc *k = ctx->cipher_data; + RC2_cbc_encrypt(in, out, size, &k->key, ctx->iv, ctx->encrypt); + return 1; +} + +static int +rc2_cleanup(EVP_CIPHER_CTX *ctx) +{ + memset(ctx->cipher_data, 0, sizeof(struct rc2_cbc)); + return 1; +} + + +const EVP_CIPHER * +EVP_rc2_cbc(void) +{ + static const EVP_CIPHER rc2_cbc = { + 0, + RC2_BLOCK_SIZE, + RC2_KEY_LENGTH, + RC2_BLOCK_SIZE, + EVP_CIPH_CBC_MODE, + rc2_init, + rc2_do_cipher, + rc2_cleanup, + sizeof(struct rc2_cbc), + NULL, + NULL, + NULL, + NULL + }; + return &rc2_cbc; +} + +const EVP_CIPHER * +EVP_rc2_40_cbc(void) +{ + static const EVP_CIPHER rc2_40_cbc = { + 0, + RC2_BLOCK_SIZE, + 5, + RC2_BLOCK_SIZE, + EVP_CIPH_CBC_MODE, + rc2_init, + rc2_do_cipher, + rc2_cleanup, + sizeof(struct rc2_cbc), + NULL, + NULL, + NULL, + NULL + }; + return &rc2_40_cbc; +} + +/* + * + */ + +const EVP_CIPHER * +EVP_rc4(void) +{ + printf("evp rc4\n"); + abort(); + return NULL; +} + +const EVP_CIPHER * +EVP_rc4_40(void) +{ + printf("evp rc4_40\n"); + abort(); + return NULL; +} + +/* + * + */ + +struct des_ede3_cbc { + DES_key_schedule ks[3]; +}; + +static int +des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + struct des_ede3_cbc *k = ctx->cipher_data; + + DES_key_sched((DES_cblock *)(key), &k->ks[0]); + DES_key_sched((DES_cblock *)(key + 8), &k->ks[1]); + DES_key_sched((DES_cblock *)(key + 16), &k->ks[2]); + + return 1; +} + +static int +des_ede3_cbc_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + struct des_ede3_cbc *k = ctx->cipher_data; + DES_ede3_cbc_encrypt(in, out, size, + &k->ks[0], &k->ks[1], &k->ks[2], + (DES_cblock *)ctx->iv, ctx->encrypt); + return 1; +} + +static int +des_ede3_cbc_cleanup(EVP_CIPHER_CTX *ctx) +{ + memset(ctx->cipher_data, 0, sizeof(struct des_ede3_cbc)); + return 1; +} + +const EVP_CIPHER * +EVP_des_ede3_cbc(void) +{ + static const EVP_CIPHER des_ede3_cbc = { + 0, + 8, + 24, + 8, + EVP_CIPH_CBC_MODE, + des_ede3_cbc_init, + des_ede3_cbc_do_cipher, + des_ede3_cbc_cleanup, + sizeof(struct des_ede3_cbc), + NULL, + NULL, + NULL, + NULL + }; + return &des_ede3_cbc; +} + +/* + * + */ + +static int +aes_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + AES_KEY *k = ctx->cipher_data; + if (ctx->encrypt) + AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k); + else + AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k); + return 1; +} + +static int +aes_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + AES_KEY *k = ctx->cipher_data; + AES_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); + return 1; +} + +static int +aes_cleanup(EVP_CIPHER_CTX *ctx) +{ + memset(ctx->cipher_data, 0, sizeof(AES_KEY)); + return 1; +} + +const EVP_CIPHER * +EVP_aes_128_cbc(void) +{ + static const EVP_CIPHER aes_128_cbc = { + 0, + 16, + 16, + 16, + EVP_CIPH_CBC_MODE, + aes_init, + aes_do_cipher, + aes_cleanup, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &aes_128_cbc; +} + +const EVP_CIPHER * +EVP_aes_192_cbc(void) +{ + static const EVP_CIPHER aes_192_cbc = { + 0, + 16, + 24, + 16, + EVP_CIPH_CBC_MODE, + aes_init, + aes_do_cipher, + aes_cleanup, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &aes_192_cbc; +} + + +const EVP_CIPHER * +EVP_aes_256_cbc(void) +{ + static const EVP_CIPHER aes_256_cbc = { + 0, + 16, + 32, + 16, + EVP_CIPH_CBC_MODE, + aes_init, + aes_do_cipher, + aes_cleanup, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &aes_256_cbc; +} diff --git a/source4/heimdal/lib/des/evp.h b/source4/heimdal/lib/des/evp.h new file mode 100644 index 0000000000..a04f17aabf --- /dev/null +++ b/source4/heimdal/lib/des/evp.h @@ -0,0 +1,231 @@ +/* + * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: evp.h,v 1.3 2006/02/28 14:17:25 lha Exp $ */ + +#ifndef HEIM_EVP_H +#define HEIM_EVP_H 1 + +#include + +/* symbol renaming */ +#define EVP_CIPHER_CTX_block_size hc_EVP_CIPHER_CTX_block_size +#define EVP_CIPHER_CTX_cipher hc_EVP_CIPHER_CTX_cipher +#define EVP_CIPHER_CTX_cleanup hc_EVP_CIPHER_CTX_cleanup +#define EVP_CIPHER_CTX_flags hc_EVP_CIPHER_CTX_flags +#define EVP_CIPHER_CTX_get_app_data hc_EVP_CIPHER_CTX_get_app_data +#define EVP_CIPHER_CTX_init hc_EVP_CIPHER_CTX_init +#define EVP_CIPHER_CTX_iv_length hc_EVP_CIPHER_CTX_iv_length +#define EVP_CIPHER_CTX_key_length hc_EVP_CIPHER_CTX_key_length +#define EVP_CIPHER_CTX_mode hc_EVP_CIPHER_CTX_mode +#define EVP_CIPHER_CTX_set_app_data hc_EVP_CIPHER_CTX_set_app_data +#define EVP_CIPHER_CTX_set_key_length hc_EVP_CIPHER_CTX_set_key_length +#define EVP_CIPHER_CTX_set_padding hc_EVP_CIPHER_CTX_set_padding +#define EVP_CIPHER_block_size hc_EVP_CIPHER_block_size +#define EVP_CIPHER_iv_length hc_EVP_CIPHER_iv_length +#define EVP_CIPHER_key_length hc_EVP_CIPHER_key_length +#define EVP_Cipher hc_EVP_Cipher +#define EVP_CipherInit_ex hc_EVP_CipherInit_ex +#define EVP_Digest hc_EVP_Digest +#define EVP_DigestFinal_ex hc_EVP_DigestFinal_ex +#define EVP_DigestInit_ex hc_EVP_DigestInit_ex +#define EVP_DigestUpdate hc_EVP_DigestUpdate +#define EVP_MD_CTX_block_size hc_EVP_MD_CTX_block_size +#define EVP_MD_CTX_cleanup hc_EVP_MD_CTX_cleanup +#define EVP_MD_CTX_create hc_EVP_MD_CTX_create +#define EVP_MD_CTX_init hc_EVP_MD_CTX_init +#define EVP_MD_CTX_destroy hc_EVP_MD_CTX_destroy +#define EVP_MD_CTX_md hc_EVP_MD_CTX_md +#define EVP_MD_CTX_size hc_EVP_MD_CTX_size +#define EVP_MD_block_size hc_EVP_MD_block_size +#define EVP_MD_size hc_EVP_MD_size +#define EVP_aes_128_cbc hc_EVP_aes_128_cbc +#define EVP_aes_192_cbc hc_EVP_aes_192_cbc +#define EVP_aes_256_cbc hc_EVP_aes_256_cbc +#define EVP_des_ede3_cbc hc_EVP_des_ede3_cbc +#define EVP_enc_null hc_EVP_enc_null +#define EVP_md2 hc_EVP_md2 +#define EVP_md4 hc_EVP_md4 +#define EVP_md5 hc_EVP_md5 +#define EVP_md_null hc_EVP_md_null +#define EVP_rc2_40_cbc hc_EVP_rc2_40_cbc +#define EVP_rc2_cbc hc_EVP_rc2_cbc +#define EVP_rc4 hc_EVP_rc4 +#define EVP_rc4_40 hc_EVP_rc4_40 +#define EVP_sha hc_EVP_sha +#define EVP_sha1 hc_EVP_sha1 +#define PKCS5_PBKDF2_HMAC_SHA1 hc_PKCS5_PBKDF2_HMAC_SHA1 + +/* + * + */ + +typedef struct hc_EVP_MD_CTX EVP_MD_CTX; +typedef struct hc_evp_pkey EVP_PKEY; +typedef struct hc_evp_md EVP_MD; +typedef struct hc_CIPHER EVP_CIPHER; +typedef struct hc_CIPHER_CTX EVP_CIPHER_CTX; + +#define EVP_MAX_IV_LENGTH 16 +#define EVP_MAX_BLOCK_LENGTH 32 + +#define EVP_MAX_MD_SIZE 64 + +struct hc_CIPHER { + int nid; + int block_size; + int key_len; + int iv_len; + unsigned long flags; + /* The lowest 3 bits is used as integer field for the mode the + * cipher is used in (use EVP_CIPHER.._mode() to extract the + * mode). The rest of the flag field is a bitfield. + */ +#define EVP_CIPH_CBC_MODE 2 +#define EVP_CIPH_MODE 0x7 + +#define EVP_CIPH_ALWAYS_CALL_INIT 0x20 + + int (*init)(EVP_CIPHER_CTX*,const unsigned char*,const unsigned char*,int); + int (*do_cipher)(EVP_CIPHER_CTX *, unsigned char *, + const unsigned char *, unsigned int); + int (*cleanup)(EVP_CIPHER_CTX *); + int ctx_size; + void *set_asn1_parameters; + void *get_asn1_parameters; + void *ctrl; + void *app_data; +}; + +struct hc_CIPHER_CTX { + const EVP_CIPHER *cipher; + ENGINE *engine; + int encrypt; + int buf_len; + unsigned char oiv[EVP_MAX_IV_LENGTH]; + unsigned char iv[EVP_MAX_IV_LENGTH]; + unsigned char buf[EVP_MAX_BLOCK_LENGTH]; + int num; + void *app_data; + int key_len; + unsigned long flags; + void *cipher_data; + int final_used; + int block_mask; + unsigned char final[EVP_MAX_BLOCK_LENGTH]; +}; + +struct hc_EVP_MD_CTX { + const EVP_MD *md; + ENGINE *engine; + void *ptr; +}; + +/* + * Avaible crypto algs + */ + +const EVP_MD *EVP_md_null(void); +const EVP_MD *EVP_md2(void); +const EVP_MD *EVP_md4(void); +const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_sha(void); +const EVP_MD *EVP_sha1(void); + +const EVP_CIPHER * EVP_aes_128_cbc(void); +const EVP_CIPHER * EVP_aes_192_cbc(void); +const EVP_CIPHER * EVP_aes_256_cbc(void); +const EVP_CIPHER * EVP_des_ede3_cbc(void); +const EVP_CIPHER * EVP_enc_null(void); +const EVP_CIPHER * EVP_rc2_40_cbc(void); +const EVP_CIPHER * EVP_rc2_cbc(void); +const EVP_CIPHER * EVP_rc4(void); +const EVP_CIPHER * EVP_rc4_40(void); + +/* + * + */ + +size_t EVP_MD_size(const EVP_MD *); +size_t EVP_MD_block_size(const EVP_MD *); + +const EVP_MD * + EVP_MD_CTX_md(EVP_MD_CTX *); +size_t EVP_MD_CTX_size(EVP_MD_CTX *); +size_t EVP_MD_CTX_block_size(EVP_MD_CTX *); + +EVP_MD_CTX * + EVP_MD_CTX_create(void); +void EVP_MD_CTX_init(EVP_MD_CTX *); +void EVP_MD_CTX_destroy(EVP_MD_CTX *); +int EVP_MD_CTX_cleanup(EVP_MD_CTX *); + +int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *); +int EVP_DigestUpdate(EVP_MD_CTX *,const void *, size_t); +int EVP_DigestFinal_ex(EVP_MD_CTX *, void *, unsigned int *); +int EVP_Digest(const void *, size_t, void *, unsigned int *, + const EVP_MD *, ENGINE *); +/* + * + */ + +size_t EVP_CIPHER_block_size(const EVP_CIPHER *); +size_t EVP_CIPHER_key_length(const EVP_CIPHER *); +size_t EVP_CIPHER_iv_length(const EVP_CIPHER *); + +void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *); +int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *, int); +unsigned long + EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *); +int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *); + +const EVP_CIPHER * + EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *); +size_t EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *); +size_t EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *); +size_t EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *); +void * EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *, void *); + +int EVP_CipherInit_ex(EVP_CIPHER_CTX *,const EVP_CIPHER *, ENGINE *, + const void *, const void *, int); + +int EVP_Cipher(EVP_CIPHER_CTX *,void *,const void *,size_t); + +int PKCS5_PBKDF2_HMAC_SHA1(const void *, size_t, const void *, size_t, + unsigned long, size_t, void *); + + +#endif /* HEIM_EVP_H */ diff --git a/source4/heimdal/lib/des/hcrypto b/source4/heimdal/lib/des/hcrypto new file mode 120000 index 0000000000..023d458e1d --- /dev/null +++ b/source4/heimdal/lib/des/hcrypto @@ -0,0 +1 @@ +./../des \ No newline at end of file diff --git a/source4/heimdal/lib/des/hmac.c b/source4/heimdal/lib/des/hmac.c new file mode 100644 index 0000000000..1d323b3725 --- /dev/null +++ b/source4/heimdal/lib/des/hmac.c @@ -0,0 +1,119 @@ +#include +#include +#include +#include +#include + +void +HMAC_CTX_init(HMAC_CTX *ctx) +{ + memset(ctx, 0, sizeof(*ctx)); +} + +void +HMAC_CTX_cleanup(HMAC_CTX *ctx) +{ + if (ctx->buf) { + memset(ctx->buf, 0, ctx->key_length); + free(ctx->buf); + ctx->buf = NULL; + } + if (ctx->opad) { + memset(ctx->ipad, 0, ctx->key_length); + free(ctx->opad); + ctx->opad = NULL; + } + if (ctx->ipad) { + memset(ctx->ipad, 0, ctx->key_length); + free(ctx->ipad); + ctx->ipad = NULL; + } + EVP_MD_CTX_cleanup(ctx->ctx); +} + +size_t +HMAC_size(const HMAC_CTX *ctx) +{ + return EVP_MD_size(ctx->md); +} + +void +HMAC_Init_ex(HMAC_CTX *ctx, + const void *key, + size_t keylen, + const EVP_MD *md, + ENGINE *engine) +{ + unsigned char *p; + size_t i; + + if (ctx->md != md) { + ctx->md = md; + if (ctx->buf) + free (ctx->buf); + ctx->key_length = EVP_MD_size(ctx->md); + ctx->buf = malloc(ctx->key_length); + } +#if 0 + ctx->engine = engine; +#endif + + if (keylen > EVP_MD_block_size(ctx->md)) { + EVP_Digest(key, keylen, ctx->buf, NULL, ctx->md, engine); + key = ctx->buf; + keylen = EVP_MD_size(ctx->md); + } + + if (ctx->opad) + free(ctx->opad); + if (ctx->ipad) + free(ctx->ipad); + + ctx->opad = malloc(EVP_MD_block_size(ctx->md)); + ctx->ipad = malloc(EVP_MD_block_size(ctx->md)); + memset(ctx->ipad, 0x36, EVP_MD_block_size(ctx->md)); + memset(ctx->opad, 0x5c, EVP_MD_block_size(ctx->md)); + + for (i = 0, p = ctx->ipad; i < keylen; i++) + p[i] ^= ((const unsigned char *)key)[i]; + for (i = 0, p = ctx->opad; i < keylen; i++) + p[i] ^= ((const unsigned char *)key)[i]; + + ctx->ctx = EVP_MD_CTX_create(); + + EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine); + EVP_DigestUpdate(ctx->ctx, ctx->ipad, EVP_MD_block_size(ctx->md)); +} + +void +HMAC_Update(HMAC_CTX *ctx, const void *data, size_t len) +{ + EVP_DigestUpdate(ctx->ctx, data, len); +} + +void +HMAC_Final(HMAC_CTX *ctx, void *md, unsigned int *len) +{ + EVP_DigestFinal_ex(ctx->ctx, ctx->buf, NULL); + + EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine); + EVP_DigestUpdate(ctx->ctx, ctx->opad, EVP_MD_block_size(ctx->md)); + EVP_DigestUpdate(ctx->ctx, ctx->buf, ctx->key_length); + EVP_DigestFinal_ex(ctx->ctx, md, len); +} + +void * +HMAC(const EVP_MD *md, + const void *key, size_t key_size, + const void *data, size_t data_size, + void *hash, unsigned int *hash_len) +{ + HMAC_CTX ctx; + + HMAC_CTX_init(&ctx); + HMAC_Init_ex(&ctx, key, key_size, md, NULL); + HMAC_Update(&ctx, data, data_size); + HMAC_Final(&ctx, hash, hash_len); + HMAC_CTX_cleanup(&ctx); + return hash; +} diff --git a/source4/heimdal/lib/des/hmac.h b/source4/heimdal/lib/des/hmac.h new file mode 100644 index 0000000000..a72ab574e7 --- /dev/null +++ b/source4/heimdal/lib/des/hmac.h @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: hmac.h,v 1.3 2006/01/13 15:26:52 lha Exp $ */ + +#ifndef HEIM_HMAC_H +#define HEIM_HMAC_H 1 + +#include + +/* symbol renaming */ +#define HMAC_CTX_init hc_HMAC_CTX_init +#define HMAC_CTX_cleanup hc_HMAC_CTX_cleanup +#define HMAC_size hc_HMAC_size +#define HMAC_Init_ex hc_HMAC_Init_ex +#define HMAC_Update hc_HMAC_Update +#define HMAC_Final hc_HMAC_Final +#define HMAC hc_HMAC + +/* + * + */ + +#define HMAC_MAX_MD_CBLOCK 64 + +typedef struct hc_HMAC_CTX HMAC_CTX; + +struct hc_HMAC_CTX { + const EVP_MD *md; + ENGINE *engine; + EVP_MD_CTX *ctx; + size_t key_length; + void *opad; + void *ipad; + void *buf; +}; + + +void HMAC_CTX_init(HMAC_CTX *); +void HMAC_CTX_cleanup(HMAC_CTX *ctx); + +size_t HMAC_size(const HMAC_CTX *ctx); + +void HMAC_Init_ex(HMAC_CTX *, const void *, size_t, + const EVP_MD *, ENGINE *); +void HMAC_Update(HMAC_CTX *ctx, const void *data, size_t len); +void HMAC_Final(HMAC_CTX *ctx, void *md, unsigned int *len); + +void * HMAC(const EVP_MD *evp_md, const void *key, size_t key_len, + const void *data, size_t n, void *md, unsigned int *md_len); + +#endif /* HEIM_HMAC_H */ diff --git a/source4/heimdal/lib/des/md2.c b/source4/heimdal/lib/des/md2.c new file mode 100644 index 0000000000..91d7afd125 --- /dev/null +++ b/source4/heimdal/lib/des/md2.c @@ -0,0 +1,138 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: md2.c,v 1.1 2006/01/08 21:47:28 lha Exp $"); +#endif + +#include "hash.h" +#include "md2.h" + +static const unsigned char subst[256] = { + 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6, + 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188, + 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24, + 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251, + 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63, + 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50, + 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165, + 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210, + 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157, + 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27, + 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15, + 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197, + 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65, + 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123, + 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233, + 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228, + 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237, + 31, 26, 219, 153, 141, 51, 159, 17, 131, 20 +}; + +void +MD2_Init (struct md2 *m) +{ + memset(m, 0, sizeof(*m)); +} + +static void +calc(struct md2 *m, const void *v) +{ + unsigned char x[48], L; + const unsigned char *p = v; + int i, j, t; + + L = m->checksum[15]; + for (i = 0; i < 16; i++) + L = m->checksum[i] ^= subst[p[i] ^ L]; + + for (i = 0; i < 16; i++) { + x[i] = m->state[i]; + x[i + 16] = p[i]; + x[i + 32] = x[i] ^ p[i]; + } + + t = 0; + for (i = 0; i < 18; i++) { + for (j = 0; j < 48; j++) + t = x[j] ^= subst[t]; + t = (t + i) & 0xff; + } + + memcpy(m->state, x, 16); + memset(x, 0, sizeof(x)); +} + +void +MD2_Update (struct md2 *m, const void *v, size_t len) +{ + size_t idx = m->len & 0xf; + const unsigned char *p = v; + + m->len += len; + if (len + idx >= 16) { + if (idx) { + memcpy(m->data + idx, p, 16 - idx); + calc(m, m->data); + p += 16; + len -= 16 - idx; + } + while (len >= 16) { + calc(m, p); + p += 16; + len -= 16; + } + idx = 0; + } + + memcpy(m->data + idx, p, len); +} + +void +MD2_Final (void *res, struct md2 *m) +{ + unsigned char pad[16]; + size_t padlen; + + padlen = 16 - (m->len % 16); + memset(pad, padlen, padlen); + + MD2_Update(m, pad, padlen); + memcpy(pad, m->checksum, 16); + MD2_Update(m, pad, 16); + + memcpy(res, m->state, MD2_DIGEST_LENGTH); + memset(m, 0, sizeof(m)); +} diff --git a/source4/heimdal/lib/des/md2.h b/source4/heimdal/lib/des/md2.h new file mode 100644 index 0000000000..f305d943aa --- /dev/null +++ b/source4/heimdal/lib/des/md2.h @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: md2.h,v 1.1 2006/01/08 21:47:28 lha Exp $ */ + +#ifndef HEIM_MD2_H +#define HEIM_MD2_H 1 + +/* symbol renaming */ +#define MD2_Init hc_MD2_Init +#define MD2_Update hc_MD2_Update +#define MD2_Final hc_MD2_Final + +/* + * + */ + +#define MD2_DIGEST_LENGTH 16 + +struct md2 { + size_t len; + unsigned char data[16]; /* stored unalligned data between Update's */ + unsigned char checksum[16]; + unsigned char state[16]; /* lower 16 bytes of X */ +}; + +typedef struct md2 MD2_CTX; + +void MD2_Init (struct md2 *m); +void MD2_Update (struct md2 *m, const void *p, size_t len); +void MD2_Final (void *res, struct md2 *m); + +#endif /* HEIM_MD2_H */ diff --git a/source4/heimdal/lib/des/md4.h b/source4/heimdal/lib/des/md4.h index 92147c8489..79055e0fb0 100644 --- a/source4/heimdal/lib/des/md4.h +++ b/source4/heimdal/lib/des/md4.h @@ -31,11 +31,22 @@ * SUCH DAMAGE. */ -/* $Id: md4.h,v 1.9 2005/04/10 19:12:38 lha Exp $ */ +/* $Id: md4.h,v 1.10 2006/01/08 21:47:28 lha Exp $ */ #ifndef HEIM_MD4_H #define HEIM_MD4_H 1 +/* symbol renaming */ +#define MD4_Init hc_MD4_Init +#define MD4_Update hc_MD4_Update +#define MD4_Final hc_MD4_Final + +/* + * + */ + +#define MD4_DIGEST_LENGTH 16 + struct md4 { unsigned int sz[2]; u_int32_t counter[4]; diff --git a/source4/heimdal/lib/des/md5.h b/source4/heimdal/lib/des/md5.h index c0463e02d7..534bc9917e 100644 --- a/source4/heimdal/lib/des/md5.h +++ b/source4/heimdal/lib/des/md5.h @@ -31,11 +31,22 @@ * SUCH DAMAGE. */ -/* $Id: md5.h,v 1.9 2005/04/10 19:14:34 lha Exp $ */ +/* $Id: md5.h,v 1.10 2006/01/08 21:47:28 lha Exp $ */ #ifndef HEIM_MD5_H #define HEIM_MD5_H 1 +/* symbol renaming */ +#define MD5_Init hc_MD5_Init +#define MD5_Update hc_MD5_Update +#define MD5_Final hc_MD5_Final + +/* + * + */ + +#define MD5_DIGEST_LENGTH 16 + struct md5 { unsigned int sz[2]; u_int32_t counter[4]; diff --git a/source4/heimdal/lib/des/pkcs12.h b/source4/heimdal/lib/des/pkcs12.h new file mode 100644 index 0000000000..b55f1fced5 --- /dev/null +++ b/source4/heimdal/lib/des/pkcs12.h @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: pkcs12.h,v 1.2 2006/01/13 15:26:52 lha Exp $ + */ + +#ifndef _HEIM_PKCS12_H +#define _HEIM_PKCS12_H 1 + +/* symbol renaming */ +#define PKCS12_key_gen hc_PKCS12_key_gen + +/* + * + */ + +#include + +#define PKCS12_KEY_ID 1 +#define PKCS12_IV_ID 2 + +int PKCS12_key_gen(const void *, size_t, const void *, + size_t, int, int, size_t, void *, const EVP_MD *); + + +#endif /* _HEIM_PKCS12_H */ diff --git a/source4/heimdal/lib/des/pkcs5.c b/source4/heimdal/lib/des/pkcs5.c new file mode 100644 index 0000000000..4bfc313741 --- /dev/null +++ b/source4/heimdal/lib/des/pkcs5.c @@ -0,0 +1,112 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: pkcs5.c,v 1.1 2006/02/28 14:16:57 lha Exp $"); + +#include +#include + +#include +#include + +#include + +int +PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len, + const void * salt, size_t salt_len, + unsigned long iter, + size_t keylen, void *key) +{ + size_t datalen, leftofkey, checksumsize; + char *data, *tmpcksum; + u_int32_t keypart; + const EVP_MD *md; + unsigned long i; + int j; + char *p; + unsigned int hmacsize; + + md = EVP_sha1(); + checksumsize = EVP_MD_size(md); + datalen = salt_len + 4; + + tmpcksum = malloc(checksumsize + datalen); + if (tmpcksum == NULL) + return 0; + + data = &tmpcksum[checksumsize]; + + memcpy(data, salt, salt_len); + + keypart = 1; + leftofkey = keylen; + p = key; + + while (leftofkey) { + int len; + + if (leftofkey > checksumsize) + len = checksumsize; + else + len = leftofkey; + + data[datalen - 4] = (keypart >> 24) & 0xff; + data[datalen - 3] = (keypart >> 16) & 0xff; + data[datalen - 2] = (keypart >> 8) & 0xff; + data[datalen - 1] = (keypart) & 0xff; + + HMAC(md, password, password_len, data, datalen, + tmpcksum, &hmacsize); + + memcpy(p, tmpcksum, len); + for (i = 1; i < iter; i++) { + HMAC(md, password, password_len, tmpcksum, checksumsize, + tmpcksum, &hmacsize); + + for (j = 0; j < len; j++) + p[j] ^= tmpcksum[j]; + } + + p += len; + leftofkey -= len; + keypart++; + } + + free(tmpcksum); + + return 1; +} diff --git a/source4/heimdal/lib/des/rand.h b/source4/heimdal/lib/des/rand.h new file mode 100644 index 0000000000..514fe0ced4 --- /dev/null +++ b/source4/heimdal/lib/des/rand.h @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: rand.h,v 1.2 2006/01/13 15:26:52 lha Exp $ + */ + +#ifndef _HEIM_RAND_H +#define _HEIM_RAND_H 1 + +#include + +/* symbol renaming */ +#define RAND_bytes hc_RAND_bytes +#define RAND_pseudo_bytes hc_RAND_pseudo_bytes + +/* + * + */ + +int RAND_bytes(void *, size_t num); +int RAND_pseudo_bytes(void *, size_t); + +#endif /* _HEIM_RAND_H */ diff --git a/source4/heimdal/lib/des/rc2.h b/source4/heimdal/lib/des/rc2.h index 3ff44dca01..b2cd50b880 100755 --- a/source4/heimdal/lib/des/rc2.h +++ b/source4/heimdal/lib/des/rc2.h @@ -31,7 +31,17 @@ * SUCH DAMAGE. */ -/* $Id: rc2.h,v 1.1 2004/04/23 19:23:00 lha Exp $ */ +/* $Id: rc2.h,v 1.2 2006/01/08 21:47:29 lha Exp $ */ + +/* symbol renaming */ +#define RC2_set_key hc_RC2_set_key +#define RC2_encryptc hc_RC2_encryptc +#define RC2_decryptc hc_RC2_decryptc +#define RC2_cbc_encrypt hc_RC2_cbc_encrypt + +/* + * + */ #define RC2_ENCRYPT 1 #define RC2_DECRYPT 0 diff --git a/source4/heimdal/lib/des/rc4.h b/source4/heimdal/lib/des/rc4.h index a39e79f236..3c359dc72a 100644 --- a/source4/heimdal/lib/des/rc4.h +++ b/source4/heimdal/lib/des/rc4.h @@ -31,7 +31,11 @@ * SUCH DAMAGE. */ -/* $Id: rc4.h,v 1.3 2004/03/25 16:39:58 lha Exp $ */ +/* $Id: rc4.h,v 1.4 2006/01/08 21:47:29 lha Exp $ */ + +/* symbol renaming */ +#define RC4_set_key hc_RC4_set_key +#define RC4 hc_RC4 typedef struct rc4_key { unsigned int x, y; diff --git a/source4/heimdal/lib/des/rijndael-alg-fst.h b/source4/heimdal/lib/des/rijndael-alg-fst.h index 028111094d..6b6e2a5cd3 100755 --- a/source4/heimdal/lib/des/rijndael-alg-fst.h +++ b/source4/heimdal/lib/des/rijndael-alg-fst.h @@ -28,6 +28,12 @@ #ifndef __RIJNDAEL_ALG_FST_H #define __RIJNDAEL_ALG_FST_H +/* symbol renaming */ +#define rijndaelKeySetupEnc _hc_rijndaelKeySetupEnc +#define rijndaelKeySetupDec _hc_rijndaelKeySetupDec +#define rijndaelEncrypt _hc_rijndaelEncrypt +#define rijndaelDecrypt _hc_rijndaelDecrypt + #define RIJNDAEL_MAXKC (256/32) #define RIJNDAEL_MAXKB (256/8) #define RIJNDAEL_MAXNR 14 diff --git a/source4/heimdal/lib/des/rnd_keys.c b/source4/heimdal/lib/des/rnd_keys.c index 63dddeb8ce..e27b00defa 100644 --- a/source4/heimdal/lib/des/rnd_keys.c +++ b/source4/heimdal/lib/des/rnd_keys.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: rnd_keys.c,v 1.69 2005/07/20 10:49:24 lha Exp $"); +RCSID("$Id: rnd_keys.c,v 1.70 2006/01/08 21:47:29 lha Exp $"); #endif #ifdef KRB5 @@ -324,6 +324,8 @@ DES_generate_random_block(DES_cblock *block) DES_rand_data((unsigned char *)block, sizeof(*block)); } +#define DES_rand_data_key hc_DES_rand_data_key + void DES_rand_data_key(DES_cblock *key); @@ -353,6 +355,9 @@ DES_rand_data_key(DES_cblock *key) * It's neccessary to be root to run it. Returns -1 if there were any * problems with permissions. */ + +#define DES_mem_rand8 hc_DES_mem_rand8 + int DES_mem_rand8(unsigned char *data); diff --git a/source4/heimdal/lib/des/rsa.h b/source4/heimdal/lib/des/rsa.h new file mode 100644 index 0000000000..da9d2ea4b1 --- /dev/null +++ b/source4/heimdal/lib/des/rsa.h @@ -0,0 +1,164 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: rsa.h,v 1.2 2006/01/13 15:26:52 lha Exp $ + */ + +#ifndef _HEIM_RSA_H +#define _HEIM_RSA_H 1 + +/* symbol renaming */ +#define RSA_null_method hc_RSA_null_method +#define RSA_new hc_RSA_new +#define RSA_new_method hc_RSA_new_method +#define RSA_free hc_RSA_free +#define RSA_up_ref hc_RSA_up_ref +#define RSA_set_default_method hc_RSA_set_default_method +#define RSA_get_default_method hc_RSA_get_default_method +#define RSA_set_method hc_RSA_set_method +#define RSA_get_method hc_RSA_get_method +#define RSA_set_app_data hc_RSA_set_app_data +#define RSA_get_app_data hc_RSA_get_app_data +#define RSA_check_key hc_RSA_check_key +#define RSA_size hc_RSA_size +#define RSA_public_encrypt hc_RSA_public_encrypt +#define RSA_public_decrypt hc_RSA_public_decrypt +#define RSA_private_encrypt hc_RSA_private_encrypt +#define RSA_private_decrypt hc_RSA_private_decrypt +#define RSA_sign hc_RSA_sign +#define RSA_verify hc_RSA_verify +#define d2i_RSAPrivateKey hc_d2i_RSAPrivateKey + +/* + * + */ + +typedef struct RSA RSA; +typedef struct RSA_METHOD RSA_METHOD; + +#include +#include + +struct RSA_METHOD { + const char *name; + int (*rsa_pub_enc)(int,const unsigned char *, unsigned char *, RSA *,int); + int (*rsa_pub_dec)(int,const unsigned char *, unsigned char *, RSA *,int); + int (*rsa_priv_enc)(int,const unsigned char *, unsigned char *, RSA *,int); + int (*rsa_priv_dec)(int,const unsigned char *, unsigned char *, RSA *,int); + void *rsa_mod_exp; + void *bn_mod_exp; + int (*init)(RSA *rsa); + int (*finish)(RSA *rsa); + int flags; + char *app_data; + int (*rsa_sign)(int, const unsigned char *, unsigned int, + unsigned char *, unsigned int *, const RSA *); + int (*rsa_verify)(int, const unsigned char *, unsigned int, + unsigned char *, unsigned int, const RSA *); + int (*rsa_keygen)(RSA *, int, BIGNUM *, BN_GENCB *); +}; + +struct RSA { + int pad; + long version; + const RSA_METHOD *meth; + void *engine; + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + struct rsa_CRYPTO_EX_DATA { + void *sk; + int dummy; + } ex_data; + int references; + int flags; + void *_method_mod_n; + void *_method_mod_p; + void *_method_mod_q; + + char *bignum_data; + void *blinding; + void *mt_blinding; +}; + +#define RSA_FLAG_SIGN_VER 0x40 + +#define RSA_PKCS1_PADDING 1 +#define RSA_PKCS1_PADDING_SIZE 11 + +/* + * + */ + +const RSA_METHOD *RSA_null_method(void); + +/* + * + */ + +RSA * RSA_new(void); +RSA * RSA_new_method(ENGINE *); +void RSA_free(RSA *); +int RSA_up_ref(RSA *); + +void RSA_set_default_method(const RSA_METHOD *); +const RSA_METHOD * RSA_get_default_method(void); + +const RSA_METHOD * RSA_get_method(const RSA *); +int RSA_set_method(RSA *, const RSA_METHOD *); + +int RSA_set_app_data(RSA *, void *arg); +void * RSA_get_app_data(RSA *); + +int RSA_check_key(const RSA *); +int RSA_size(const RSA *); + +int RSA_public_encrypt(int,const unsigned char*,unsigned char*,RSA *,int); +int RSA_private_encrypt(int,const unsigned char*,unsigned char*,RSA *,int); +int RSA_public_decrypt(int,const unsigned char*,unsigned char*,RSA *,int); +int RSA_private_decrypt(int,const unsigned char*,unsigned char*,RSA *,int); + +int RSA_sign(int, const unsigned char *, unsigned int, + unsigned char *, unsigned int *, RSA *); +int RSA_verify(int, const unsigned char *, unsigned int, + unsigned char *, unsigned int, RSA *); + +RSA * d2i_RSAPrivateKey(RSA *, const unsigned char **, size_t); + +#endif /* _HEIM_RSA_H */ diff --git a/source4/heimdal/lib/des/sha.h b/source4/heimdal/lib/des/sha.h index 77d84fbe6f..4657fad51f 100644 --- a/source4/heimdal/lib/des/sha.h +++ b/source4/heimdal/lib/des/sha.h @@ -31,11 +31,22 @@ * SUCH DAMAGE. */ -/* $Id: sha.h,v 1.8 2005/04/10 19:18:13 lha Exp $ */ +/* $Id: sha.h,v 1.9 2006/01/08 21:47:29 lha Exp $ */ #ifndef HEIM_SHA_H #define HEIM_SHA_H 1 +/* symbol renaming */ +#define SHA1_Init hc_SHA1_Init +#define SHA1_Update hc_SHA1_Update +#define SHA1_Final hc_SHA1_Final + +/* + * + */ + +#define SHA_DIGEST_LENGTH 20 + struct sha { unsigned int sz[2]; u_int32_t counter[5]; diff --git a/source4/heimdal/lib/des/ui.c b/source4/heimdal/lib/des/ui.c index 92538735c4..276367e186 100644 --- a/source4/heimdal/lib/des/ui.c +++ b/source4/heimdal/lib/des/ui.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: ui.c,v 1.4 2005/04/30 14:10:18 lha Exp $"); +RCSID("$Id: ui.c,v 1.5 2006/01/08 21:47:29 lha Exp $"); #endif #include @@ -43,7 +43,7 @@ RCSID("$Id: ui.c,v 1.4 2005/04/30 14:10:18 lha Exp $"); #include #include -#include +#include static sig_atomic_t intr_flag; diff --git a/source4/heimdal/lib/des/ui.h b/source4/heimdal/lib/des/ui.h new file mode 100644 index 0000000000..d6e68e12cc --- /dev/null +++ b/source4/heimdal/lib/des/ui.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: ui.h,v 1.1 2006/01/08 21:47:29 lha Exp $ */ + +#ifndef _HEIM_UI_H +#define _HEIM_UI_H 1 + +/* symbol renaming */ +#define UI_UTIL_read_pw_string hc_UI_UTIL_read_pw_string + +int UI_UTIL_read_pw_string(char *, int, const char *, int); /* XXX */ + +#endif /* _HEIM_UI_H */ + diff --git a/source4/heimdal/lib/gssapi/delete_sec_context.c b/source4/heimdal/lib/gssapi/delete_sec_context.c index 301197aa4c..f1842def7c 100644 --- a/source4/heimdal/lib/gssapi/delete_sec_context.c +++ b/source4/heimdal/lib/gssapi/delete_sec_context.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: delete_sec_context.c,v 1.15 2005/04/27 17:48:17 lha Exp $"); +RCSID("$Id: delete_sec_context.c,v 1.16 2006/01/16 13:12:29 lha Exp $"); OM_uint32 gss_delete_sec_context (OM_uint32 * minor_status, @@ -43,11 +43,16 @@ OM_uint32 gss_delete_sec_context { GSSAPI_KRB5_INIT (); + *minor_status = 0; + if (output_token) { output_token->length = 0; output_token->value = NULL; } + if (*context_handle == GSS_C_NO_CONTEXT) + return GSS_S_COMPLETE; + HEIMDAL_MUTEX_lock(&(*context_handle)->ctx_id_mutex); krb5_auth_con_free (gssapi_krb5_context, @@ -74,6 +79,5 @@ OM_uint32 gss_delete_sec_context memset(*context_handle, 0, sizeof(**context_handle)); free (*context_handle); *context_handle = GSS_C_NO_CONTEXT; - *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/source4/heimdal/lib/gssapi/import_name.c b/source4/heimdal/lib/gssapi/import_name.c index 423e757146..d393aa1a51 100644 --- a/source4/heimdal/lib/gssapi/import_name.c +++ b/source4/heimdal/lib/gssapi/import_name.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: import_name.c,v 1.13 2003/03/16 17:33:31 lha Exp $"); +RCSID("$Id: import_name.c,v 1.14 2006/02/15 11:59:10 lha Exp $"); static OM_uint32 parse_krb5_name (OM_uint32 *minor_status, @@ -207,7 +207,8 @@ OM_uint32 gss_import_name *minor_status = 0; *output_name = GSS_C_NO_NAME; - if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE)) + if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE) || + gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE_X)) return import_hostbased_name (minor_status, input_name_buffer, output_name); diff --git a/source4/heimdal/lib/gssapi/wrap.c b/source4/heimdal/lib/gssapi/wrap.c index d07a4d2599..e5be6cf149 100644 --- a/source4/heimdal/lib/gssapi/wrap.c +++ b/source4/heimdal/lib/gssapi/wrap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h index 67e19f7e4a..3cc7d2131a 100644 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -8,317 +8,6 @@ extern "C" { #endif -unsigned -HDBFlags2int (HDBFlags /*f*/); - -int -copy_Event ( - const Event */*from*/, - Event */*to*/); - -int -copy_GENERATION ( - const GENERATION */*from*/, - GENERATION */*to*/); - -int -copy_HDBFlags ( - const HDBFlags */*from*/, - HDBFlags */*to*/); - -int -copy_HDB_Ext_Aliases ( - const HDB_Ext_Aliases */*from*/, - HDB_Ext_Aliases */*to*/); - -int -copy_HDB_Ext_Constrained_delegation_acl ( - const HDB_Ext_Constrained_delegation_acl */*from*/, - HDB_Ext_Constrained_delegation_acl */*to*/); - -int -copy_HDB_Ext_Lan_Manager_OWF ( - const HDB_Ext_Lan_Manager_OWF */*from*/, - HDB_Ext_Lan_Manager_OWF */*to*/); - -int -copy_HDB_Ext_PKINIT_acl ( - const HDB_Ext_PKINIT_acl */*from*/, - HDB_Ext_PKINIT_acl */*to*/); - -int -copy_HDB_Ext_PKINIT_certificate ( - const HDB_Ext_PKINIT_certificate */*from*/, - HDB_Ext_PKINIT_certificate */*to*/); - -int -copy_HDB_Ext_Password ( - const HDB_Ext_Password */*from*/, - HDB_Ext_Password */*to*/); - -int -copy_HDB_extension ( - const HDB_extension */*from*/, - HDB_extension */*to*/); - -int -copy_HDB_extensions ( - const HDB_extensions */*from*/, - HDB_extensions */*to*/); - -int -copy_Key ( - const Key */*from*/, - Key */*to*/); - -int -copy_Salt ( - const Salt */*from*/, - Salt */*to*/); - -int -copy_hdb_entry ( - const hdb_entry */*from*/, - hdb_entry */*to*/); - -int -decode_Event ( - const unsigned char */*p*/, - size_t /*len*/, - Event */*data*/, - size_t */*size*/); - -int -decode_GENERATION ( - const unsigned char */*p*/, - size_t /*len*/, - GENERATION */*data*/, - size_t */*size*/); - -int -decode_HDBFlags ( - const unsigned char */*p*/, - size_t /*len*/, - HDBFlags */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_Aliases ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_Aliases */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_Constrained_delegation_acl ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_Constrained_delegation_acl */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_Lan_Manager_OWF ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_Lan_Manager_OWF */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_PKINIT_acl ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_PKINIT_acl */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_PKINIT_certificate ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_PKINIT_certificate */*data*/, - size_t */*size*/); - -int -decode_HDB_Ext_Password ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_Ext_Password */*data*/, - size_t */*size*/); - -int -decode_HDB_extension ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_extension */*data*/, - size_t */*size*/); - -int -decode_HDB_extensions ( - const unsigned char */*p*/, - size_t /*len*/, - HDB_extensions */*data*/, - size_t */*size*/); - -int -decode_Key ( - const unsigned char */*p*/, - size_t /*len*/, - Key */*data*/, - size_t */*size*/); - -int -decode_Salt ( - const unsigned char */*p*/, - size_t /*len*/, - Salt */*data*/, - size_t */*size*/); - -int -decode_hdb_entry ( - const unsigned char */*p*/, - size_t /*len*/, - hdb_entry */*data*/, - size_t */*size*/); - -int -encode_Event ( - unsigned char */*p*/, - size_t /*len*/, - const Event */*data*/, - size_t */*size*/); - -int -encode_GENERATION ( - unsigned char */*p*/, - size_t /*len*/, - const GENERATION */*data*/, - size_t */*size*/); - -int -encode_HDBFlags ( - unsigned char */*p*/, - size_t /*len*/, - const HDBFlags */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_Aliases ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_Aliases */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_Constrained_delegation_acl ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_Constrained_delegation_acl */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_Lan_Manager_OWF ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_Lan_Manager_OWF */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_PKINIT_acl ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_PKINIT_acl */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_PKINIT_certificate ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_PKINIT_certificate */*data*/, - size_t */*size*/); - -int -encode_HDB_Ext_Password ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_Ext_Password */*data*/, - size_t */*size*/); - -int -encode_HDB_extension ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_extension */*data*/, - size_t */*size*/); - -int -encode_HDB_extensions ( - unsigned char */*p*/, - size_t /*len*/, - const HDB_extensions */*data*/, - size_t */*size*/); - -int -encode_Key ( - unsigned char */*p*/, - size_t /*len*/, - const Key */*data*/, - size_t */*size*/); - -int -encode_Salt ( - unsigned char */*p*/, - size_t /*len*/, - const Salt */*data*/, - size_t */*size*/); - -int -encode_hdb_entry ( - unsigned char */*p*/, - size_t /*len*/, - const hdb_entry */*data*/, - size_t */*size*/); - -void -free_Event (Event */*data*/); - -void -free_GENERATION (GENERATION */*data*/); - -void -free_HDBFlags (HDBFlags */*data*/); - -void -free_HDB_Ext_Aliases (HDB_Ext_Aliases */*data*/); - -void -free_HDB_Ext_Constrained_delegation_acl (HDB_Ext_Constrained_delegation_acl */*data*/); - -void -free_HDB_Ext_Lan_Manager_OWF (HDB_Ext_Lan_Manager_OWF */*data*/); - -void -free_HDB_Ext_PKINIT_acl (HDB_Ext_PKINIT_acl */*data*/); - -void -free_HDB_Ext_PKINIT_certificate (HDB_Ext_PKINIT_certificate */*data*/); - -void -free_HDB_Ext_Password (HDB_Ext_Password */*data*/); - -void -free_HDB_extension (HDB_extension */*data*/); - -void -free_HDB_extensions (HDB_extensions */*data*/); - -void -free_Key (Key */*data*/); - -void -free_Salt (Salt */*data*/); - -void -free_hdb_entry (hdb_entry */*data*/); - krb5_error_code hdb_add_master_key ( krb5_context /*context*/, @@ -490,12 +179,6 @@ hdb_ldapi_create ( HDB ** /*db*/, const char */*arg*/); -krb5_error_code -hdb_ldb_create ( - krb5_context /*context*/, - HDB ** /*db*/, - const char */*arg*/); - krb5_error_code hdb_list_builtin ( krb5_context /*context*/, @@ -627,54 +310,6 @@ hdb_write_master_key ( const char */*filename*/, hdb_master_key /*mkey*/); -void -initialize_hdb_error_table_r (struct et_list **/*list*/); - -HDBFlags -int2HDBFlags (unsigned /*n*/); - -size_t -length_Event (const Event */*data*/); - -size_t -length_GENERATION (const GENERATION */*data*/); - -size_t -length_HDBFlags (const HDBFlags */*data*/); - -size_t -length_HDB_Ext_Aliases (const HDB_Ext_Aliases */*data*/); - -size_t -length_HDB_Ext_Constrained_delegation_acl (const HDB_Ext_Constrained_delegation_acl */*data*/); - -size_t -length_HDB_Ext_Lan_Manager_OWF (const HDB_Ext_Lan_Manager_OWF */*data*/); - -size_t -length_HDB_Ext_PKINIT_acl (const HDB_Ext_PKINIT_acl */*data*/); - -size_t -length_HDB_Ext_PKINIT_certificate (const HDB_Ext_PKINIT_certificate */*data*/); - -size_t -length_HDB_Ext_Password (const HDB_Ext_Password */*data*/); - -size_t -length_HDB_extension (const HDB_extension */*data*/); - -size_t -length_HDB_extensions (const HDB_extensions */*data*/); - -size_t -length_Key (const Key */*data*/); - -size_t -length_Salt (const Salt */*data*/); - -size_t -length_hdb_entry (const hdb_entry */*data*/); - #ifdef __cplusplus } #endif diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index 406a50ecbd..b89937f82f 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/source4/heimdal/lib/hdb/hdb_locl.h b/source4/heimdal/lib/hdb/hdb_locl.h index 0d07164bd1..0bf4e8191c 100644 --- a/source4/heimdal/lib/hdb/hdb_locl.h +++ b/source4/heimdal/lib/hdb/hdb_locl.h @@ -64,4 +64,11 @@ #include #include +krb5_error_code +hdb_ldb_create ( + krb5_context /*context*/, + HDB ** /*db*/, + const char */*arg*/); + + #endif /* __HDB_LOCL_H__ */ diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index 21ee2f4274..6fb37842dc 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index de40b059b8..3cfc780eb4 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.130 2005/12/02 14:47:44 lha Exp $"); +RCSID("$Id: crypto.c,v 1.132 2006/02/28 14:52:57 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -591,114 +591,6 @@ ARCFOUR_string_to_key(krb5_context context, * AES */ -/* iter is really 1 based, so iter == 0 will be 1 iteration */ - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_PKCS5_PBKDF2(krb5_context context, krb5_cksumtype cktype, - krb5_data password, krb5_salt salt, u_int32_t iter, - krb5_keytype type, krb5_keyblock *key) -{ - struct checksum_type *c = _find_checksum(cktype); - struct key_type *kt; - size_t datalen, leftofkey; - krb5_error_code ret; - u_int32_t keypart; - struct key_data ksign; - krb5_keyblock kb; - Checksum result; - char *data, *tmpcksum; - int i, j; - char *p; - - if (c == NULL) { - krb5_set_error_string(context, "checksum %d not supported", cktype); - return KRB5_PROG_KEYTYPE_NOSUPP; - } - - kt = _find_keytype(type); - if (kt == NULL) { - krb5_set_error_string(context, "key type %d not supported", type); - return KRB5_PROG_KEYTYPE_NOSUPP; - } - - key->keytype = type; - ret = krb5_data_alloc (&key->keyvalue, kt->bits / 8); - if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); - return ret; - } - - ret = krb5_data_alloc (&result.checksum, c->checksumsize); - if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); - krb5_data_free (&key->keyvalue); - return ret; - } - - tmpcksum = malloc(c->checksumsize); - if (tmpcksum == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - krb5_data_free (&key->keyvalue); - krb5_data_free (&result.checksum); - return ENOMEM; - } - - datalen = salt.saltvalue.length + 4; - data = malloc(datalen); - if (data == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - free(tmpcksum); - krb5_data_free (&key->keyvalue); - krb5_data_free (&result.checksum); - return ENOMEM; - } - - kb.keyvalue = password; - ksign.key = &kb; - - memcpy(data, salt.saltvalue.data, salt.saltvalue.length); - - keypart = 1; - leftofkey = key->keyvalue.length; - p = key->keyvalue.data; - - while (leftofkey) { - int len; - - if (leftofkey > c->checksumsize) - len = c->checksumsize; - else - len = leftofkey; - - _krb5_put_int(data + datalen - 4, keypart, 4); - - ret = hmac(context, c, data, datalen, 0, &ksign, &result); - if (ret) - krb5_abortx(context, "hmac failed"); - memcpy(p, result.checksum.data, len); - memcpy(tmpcksum, result.checksum.data, result.checksum.length); - for (i = 0; i < iter; i++) { - ret = hmac(context, c, tmpcksum, result.checksum.length, - 0, &ksign, &result); - if (ret) - krb5_abortx(context, "hmac failed"); - memcpy(tmpcksum, result.checksum.data, result.checksum.length); - for (j = 0; j < len; j++) - p[j] ^= tmpcksum[j]; - } - - p += len; - leftofkey -= len; - keypart++; - } - - free(data); - free(tmpcksum); - krb5_data_free (&result.checksum); - - return 0; -} - int _krb5_AES_string_to_default_iterator = 4096; static krb5_error_code @@ -715,33 +607,44 @@ AES_string_to_key(krb5_context context, struct key_data kd; if (opaque.length == 0) - iter = _krb5_AES_string_to_default_iterator - 1; + iter = _krb5_AES_string_to_default_iterator; else if (opaque.length == 4) { unsigned long v; _krb5_get_int(opaque.data, &v, 4); - iter = ((u_int32_t)v) - 1; + iter = ((u_int32_t)v); } else return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */ - et = _find_enctype(enctype); if (et == NULL) return KRB5_PROG_KEYTYPE_NOSUPP; - ret = _krb5_PKCS5_PBKDF2(context, CKSUMTYPE_SHA1, password, salt, - iter, enctype, key); - if (ret) + key->keytype = enctype; + ret = krb5_data_alloc(&key->keyvalue, et->keytype->size); + if (ret) { + krb5_set_error_string(context, "Failed to allocate pkcs5 key"); return ret; - + } ret = krb5_copy_keyblock(context, key, &kd.key); + if (ret) { + krb5_free_keyblock(context, key); + return ret; + } + + ret = PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length, + salt.saltvalue.data, salt.saltvalue.length, + iter, + et->keytype->size, kd.key->keyvalue.data); kd.schedule = NULL; + if (ret != 1) { + krb5_set_error_string(context, "Error calculating s2k"); + return KRB5_PROG_KEYTYPE_NOSUPP; + } ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos")); - krb5_free_keyblock_contents(context, key); - if (ret == 0) { + if (ret == 0) ret = krb5_copy_keyblock_contents(context, kd.key, key); - free_key_data(context, &kd); - } + free_key_data(context, &kd); return ret; } @@ -3789,7 +3692,8 @@ krb5_generate_random_block(void *buf, size_t len) rng_initialized = 1; } HEIMDAL_MUTEX_unlock(&crypto_mutex); - RAND_bytes(buf, len); + if (RAND_bytes(buf, len) != 1) + krb5_abortx(NULL, "Failed to generate random block"); } #else diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c index 649bdd20fd..b672fe74f9 100644 --- a/source4/heimdal/lib/krb5/error_string.c +++ b/source4/heimdal/lib/krb5/error_string.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2001, 2003, 2005 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: error_string.c,v 1.3 2004/05/25 21:23:55 lha Exp $"); +RCSID("$Id: error_string.c,v 1.7 2006/02/16 07:49:23 lha Exp $"); #undef __attribute__ #define __attribute__(X) @@ -107,3 +107,24 @@ krb5_have_error_string(krb5_context context) HEIMDAL_MUTEX_unlock(context->mutex); return str != NULL; } + +char * KRB5_LIB_FUNCTION +krb5_get_error_message(krb5_context context, krb5_error_code code) +{ + const char *cstr; + char *str; + + str = krb5_get_error_string(context); + if (str) + return str; + + cstr = krb5_get_err_text(context, code); + if (cstr) + return strdup(cstr); + + if (asprintf(&str, "", code) == -1) + return NULL; + + return str; +} + diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index 7043b8ae51..1fa3f9143e 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_cred.c,v 1.108 2005/07/13 07:38:02 lha Exp $"); +RCSID("$Id: get_cred.c,v 1.109 2006/02/03 11:41:02 lha Exp $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -772,7 +772,8 @@ get_cred_from_kdc_flags(krb5_context context, krb5_boolean noaddr; krb5_appdefault_boolean(context, NULL, tgt->server->realm, - "no-addresses", FALSE, &noaddr); + "no-addresses", KRB5_ADDRESSLESS_DEFAULT, + &noaddr); if (noaddr) ret = get_cred_kdc (context, ccache, flags, NULL, in_creds, tgt, *out_creds); diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index be5c1db47d..aa7c62befc 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_for_creds.c,v 1.46 2005/11/28 20:43:02 lha Exp $"); +RCSID("$Id: get_for_creds.c,v 1.47 2006/02/03 11:37:29 lha Exp $"); static krb5_error_code add_addrs(krb5_context context, @@ -284,21 +284,14 @@ krb5_get_forwarded_creds (krb5_context context, enc_krb_cred_part.usec = NULL; } - if (auth_context->local_address && auth_context->local_port) { - krb5_boolean noaddr; - krb5_const_realm srealm; - - srealm = krb5_principal_get_realm(context, out_creds->server); - krb5_appdefault_boolean(context, NULL, srealm, "no-addresses", - paddrs == NULL, &noaddr); - if (!noaddr) { - ret = krb5_make_addrport (context, - &enc_krb_cred_part.s_address, - auth_context->local_address, - auth_context->local_port); - if (ret) - goto out4; - } + if (auth_context->local_address && auth_context->local_port && paddrs) { + + ret = krb5_make_addrport (context, + &enc_krb_cred_part.s_address, + auth_context->local_address, + auth_context->local_port); + if (ret) + goto out4; } if (auth_context->remote_address) { diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c index 51b8ebc392..316c2f02eb 100644 --- a/source4/heimdal/lib/krb5/init_creds.c +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds.c,v 1.21 2005/10/12 12:45:27 lha Exp $"); +RCSID("$Id: init_creds.c,v 1.22 2006/02/03 11:42:31 lha Exp $"); void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) @@ -191,7 +191,8 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context, if(t != 0) krb5_get_init_creds_opt_set_renew_life(opt, t); - krb5_appdefault_boolean(context, appname, realm, "no-addresses", FALSE, &b); + krb5_appdefault_boolean(context, appname, realm, "no-addresses", + KRB5_ADDRESSLESS_DEFAULT, &b); if (b) krb5_get_init_creds_opt_set_address_list (opt, &no_addrs); diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index c308287a36..8d9b3c62ac 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -12,19 +12,6 @@ #endif #endif -struct krb5_dh_moduli; -struct _krb5_krb_auth_data; - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_PKCS5_PBKDF2 ( - krb5_context /*context*/, - krb5_cksumtype /*cktype*/, - krb5_data /*password*/, - krb5_salt /*salt*/, - u_int32_t /*iter*/, - krb5_keytype /*type*/, - krb5_keyblock */*key*/); - void KRB5_LIB_FUNCTION _krb5_aes_cts_encrypt ( const unsigned char */*in*/, @@ -92,6 +79,9 @@ _krb5_find_type_in_ad ( void _krb5_free_krbhst_info (krb5_krbhst_info */*hi*/); +void +_krb5_free_moduli (struct krb5_dh_moduli **/*moduli*/); + krb5_error_code _krb5_get_default_principal_local ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index c08d8058a4..d7e74621ef 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -20,15 +20,6 @@ extern "C" { #endif #endif -void -initialize_heim_error_table_r (struct et_list **/*list*/); - -void -initialize_k524_error_table_r (struct et_list **/*list*/); - -void -initialize_krb5_error_table_r (struct et_list **/*list*/); - krb5_error_code KRB5_LIB_FUNCTION krb524_convert_creds_kdc ( krb5_context /*context*/, @@ -1688,6 +1679,11 @@ krb5_get_err_text ( krb5_context /*context*/, krb5_error_code /*code*/); +char * KRB5_LIB_FUNCTION +krb5_get_error_message ( + krb5_context /*context*/, + krb5_error_code /*code*/); + char * KRB5_LIB_FUNCTION krb5_get_error_string (krb5_context /*context*/); diff --git a/source4/heimdal/lib/krb5/krb5_err.et b/source4/heimdal/lib/krb5/krb5_err.et index 1257b074fb..e7bada1808 100644 --- a/source4/heimdal/lib/krb5/krb5_err.et +++ b/source4/heimdal/lib/krb5/krb5_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: krb5_err.et,v 1.12 2004/10/14 15:30:29 lha Exp $" +id "$Id: krb5_err.et,v 1.14 2006/02/13 11:28:22 lha Exp $" error_table krb5 @@ -74,35 +74,36 @@ prefix KRB5_KDC_ERR error_code CLIENT_NOT_TRUSTED, "Client not trusted" error_code KDC_NOT_TRUSTED, "KDC not trusted" error_code INVALID_SIG, "Invalid signature" -error_code KEY_SIZE, "Key size too small/key too weak" -error_code CERTIFICATE_MISMATCH, "Certificate mismatch" +error_code DH_KEY_PARAMETERS_NOT_ACCEPTED, "DH parameters not accepted" +index 69 prefix KRB5_AP_ERR error_code USER_TO_USER_REQUIRED, "User to user required" index 70 -prefix KRB5_KDC_ERROR +prefix KRB5_KDC_ERR error_code CANT_VERIFY_CERTIFICATE, "Cannot verify certificate" -error_code INVALID_CERTIFICATE, "Invalid certificate" -error_code REVOKED_CERTIFICATE, "Revoked certificate" +error_code INVALID_CERTIFICATE, "Certificate invalid" +error_code REVOKED_CERTIFICATE, "Certificate revoked" error_code REVOCATION_STATUS_UNKNOWN, "Revocation status unknown" -error_code REVOCATION_STATUS_UNAVAILABLE, "Revocation status unknown" -error_code CLIENT_NAME_MISMATCH, "Client name mismatch" -index 75 -error_code KDC_NAME_MISMATCH, "KDC name mismatch" - -# 76-79 are reserved - -index 80 -prefix KRB5_IAKERB -error_code ERR_KDC_NOT_FOUND, "IAKERB proxy could not find a KDC" -error_code ERR_KDC_NO_RESPONSE, "IAKERB proxy never reeived a response from a KDC" +error_code CLIENT_NAME_MISMATCH, "Revocation status unknown" +error_code INCONSISTENT_KEY_PURPOSE, "Inconsistent key purpose" +error_code DIGEST_IN_CERT_NOT_ACCEPTED, "Digest in certificate not accepted" +error_code PA_CHECKSUM_MUST_BE_INCLUDED, "paChecksum must be included" +error_code DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED, "Digest in signedData not accepted" +error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not supported" + +## these are never used +#index 80 +#prefix KRB5_IAKERB +#error_code ERR_KDC_NOT_FOUND, "IAKERB proxy could not find a KDC" +#error_code ERR_KDC_NO_RESPONSE, "IAKERB proxy never reeived a response from a KDC" # 82-127 are reserved index 128 prefix -error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.12 2004/10/14 15:30:29 lha Exp $" +error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.14 2006/02/13 11:28:22 lha Exp $" error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode" error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password" diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index 60d72c8f80..92dd3271f5 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h,v 1.84 2005/12/13 15:40:50 lha Exp $ */ +/* $Id: krb5_locl.h,v 1.87 2006/02/09 11:36:27 lha Exp $ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ @@ -170,14 +170,6 @@ struct _krb5_krb_auth_data; #define KRB5_BUFSIZ 1024 -#ifndef KRB5_DEFAULT_CCNAME -#ifdef __APPLE__ -#define KRB5_DEFAULT_CCNAME "API:" -#else -#define KRB5_DEFAULT_CCNAME "FILE:/tmp/krb5cc_%{uid}" -#endif -#endif - typedef enum { KRB5_PA_PAC_DONT_CARE = 0, KRB5_PA_PAC_REQ_TRUE, @@ -196,4 +188,20 @@ struct _krb5_get_init_creds_opt_private { int canonicalize; }; +/* + * Configurable options + */ + +#ifndef KRB5_DEFAULT_CCNAME +#ifdef __APPLE__ +#define KRB5_DEFAULT_CCNAME "API:" +#else +#define KRB5_DEFAULT_CCNAME "FILE:/tmp/krb5cc_%{uid}" +#endif +#endif + +#ifndef KRB5_ADDRESSLESS_DEFAULT +#define KRB5_ADDRESSLESS_DEFAULT FALSE +#endif + #endif /* __KRB5_LOCL_H__ */ diff --git a/source4/heimdal/lib/krb5/mk_priv.c b/source4/heimdal/lib/krb5/mk_priv.c index 56112eea8c..b5a1aadfea 100644 --- a/source4/heimdal/lib/krb5/mk_priv.c +++ b/source4/heimdal/lib/krb5/mk_priv.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_priv.c,v 1.34 2004/05/25 21:33:32 lha Exp $"); +RCSID("$Id: mk_priv.c,v 1.35 2006/02/01 12:39:26 lha Exp $"); krb5_error_code KRB5_LIB_FUNCTION @@ -129,9 +129,11 @@ krb5_mk_priv(krb5_context context, ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret); - - if(ret) + if (ret) goto fail; + if (buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + krb5_data_free (&s.enc_part.cipher); ret = krb5_data_copy(outbuf, buf + buf_size - len, len); diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 0c5dfc44e9..1247bb22ca 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,15 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c,v 1.75 2005/10/21 17:18:38 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.77 2006/02/14 10:08:29 lha Exp $"); + +struct krb5_dh_moduli { + char *name; + unsigned long bits; + heim_integer p; + heim_integer g; + heim_integer q; +}; #ifdef PKINIT @@ -104,14 +112,6 @@ struct krb5_pk_cert { X509 *cert; }; -struct krb5_dh_moduli { - char *name; - unsigned long bits; - heim_integer p; - heim_integer g; - heim_integer q; -}; - struct krb5_pk_init_ctx_data { struct krb5_pk_identity *id; DH *dh; @@ -505,7 +505,13 @@ build_auth_pack(krb5_context context, if (ret) return ret; - ret = krb5_data_copy(&a->pkAuthenticator.paChecksum, + ALLOC(a->pkAuthenticator.paChecksum, 1); + if (a->pkAuthenticator.paChecksum == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + ret = krb5_data_copy(a->pkAuthenticator.paChecksum, checksum.checksum.data, checksum.checksum.length); free_Checksum(&checksum); if (ret) @@ -984,11 +990,9 @@ pk_verify_chain_standard(krb5_context context, * Since X509_verify_cert() doesn't do CRL checking at all, we have to * perform own verification against CRLs */ -#if 0 - ret = pk_verify_crl(context, store_ctx, id->crls); - if (ret) - goto end; -#endif + /* + * XXX add crl checking + */ if (client_cert && cert) *client_cert = X509_dup(cert); @@ -2429,6 +2433,31 @@ _krb5_pk_load_openssl_id(krb5_context context, return ret; } +static krb5_error_code +select_dh_group(krb5_context context, DH *dh, unsigned long bits, + struct krb5_dh_moduli **moduli) +{ + const struct krb5_dh_moduli *m; + + m = moduli[1]; /* XXX */ + if (m == NULL) + m = moduli[0]; /* XXX */ + + dh->p = integer_to_BN(context, "p", &m->p); + if (dh->p == NULL) + return ENOMEM; + dh->g = integer_to_BN(context, "g", &m->g); + if (dh->g == NULL) + return ENOMEM; + dh->q = integer_to_BN(context, "q", &m->q); + if (dh->q == NULL) + return ENOMEM; + + return 0; +} + +#endif /* PKINIT */ + static int parse_integer(krb5_context context, char **p, const char *file, int lineno, const char *name, heim_integer *integer) @@ -2526,7 +2555,7 @@ out: return ret; } -static void +void _krb5_free_moduli(struct krb5_dh_moduli **moduli) { int i; @@ -2541,8 +2570,9 @@ _krb5_free_moduli(struct krb5_dh_moduli **moduli) } static const char *default_moduli = - /* bits */ + /* name */ "RFC2412-MODP-group2 " + /* bits */ "1024 " /* p */ "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" @@ -2566,7 +2596,7 @@ krb5_error_code _krb5_parse_moduli(krb5_context context, const char *file, struct krb5_dh_moduli ***moduli) { - /* comment bits P G Q */ + /* name bits P G Q */ krb5_error_code ret; struct krb5_dh_moduli **m = NULL, **m2; char buf[4096]; @@ -2589,10 +2619,8 @@ _krb5_parse_moduli(krb5_context context, const char *file, } n = 1; - if (file == NULL) { - *moduli = m; - return 0; - } + if (file == NULL) + file = MODULI_FILE; f = fopen(file, "r"); if (f == NULL) { @@ -2646,7 +2674,7 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits, for (i = 0; moduli[i] != NULL; i++) { if (heim_integer_cmp(&moduli[i]->g, g) == 0 && heim_integer_cmp(&moduli[i]->p, p) == 0 && - heim_integer_cmp(&moduli[i]->q, q) == 0) + (q == NULL || heim_integer_cmp(&moduli[i]->q, q) == 0)) { if (bits && bits > moduli[i]->bits) { krb5_set_error_string(context, "PKINIT: DH group parameter %s " @@ -2663,32 +2691,6 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits, return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; } -static krb5_error_code -select_dh_group(krb5_context context, DH *dh, unsigned long bits, - struct krb5_dh_moduli **moduli) -{ - const struct krb5_dh_moduli *m; - - m = moduli[1]; /* XXX */ - if (m == NULL) - m = moduli[0]; /* XXX */ - - dh->p = integer_to_BN(context, "p", &m->p); - if (dh->p == NULL) - return ENOMEM; - dh->g = integer_to_BN(context, "g", &m->g); - if (dh->g == NULL) - return ENOMEM; - dh->q = integer_to_BN(context, "q", &m->q); - if (dh->q == NULL) - return ENOMEM; - - return 0; -} - - -#endif /* PKINIT */ - void KRB5_LIB_FUNCTION _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) { @@ -2772,11 +2774,10 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, if ((flags & 2) == 0) { const char *moduli_file; - moduli_file = krb5_config_get_string_default(context, NULL, - MODULI_FILE, - "libdefaults", - "moduli", - NULL); + moduli_file = krb5_config_get_string(context, NULL, + "libdefaults", + "moduli", + NULL); ret = _krb5_parse_moduli(context, moduli_file, &opt->opt_private->pk_init_ctx->m); diff --git a/source4/heimdal/lib/roken/hex.c b/source4/heimdal/lib/roken/hex.c new file mode 100644 index 0000000000..ba0f4a4fda --- /dev/null +++ b/source4/heimdal/lib/roken/hex.c @@ -0,0 +1,103 @@ +/* + * Copyright (c) 2004-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: hex.c,v 1.8 2006/01/09 17:09:29 lha Exp $"); +#endif +#include "roken.h" +#include +#include "hex.h" + +const static char hexchar[] = "0123456789ABCDEF"; + +static int +pos(char c) +{ + const char *p; + c = toupper((unsigned char)c); + for (p = hexchar; *p; p++) + if (*p == c) + return p - hexchar; + return -1; +} + +ssize_t ROKEN_LIB_FUNCTION +hex_encode(const void *data, size_t size, char **str) +{ + const unsigned char *q = data; + size_t i; + char *p; + + /* check for overflow */ + if (size * 2 < size) + return -1; + + p = malloc(size * 2 + 1); + if (p == NULL) + return -1; + + for (i = 0; i < size; i++) { + p[i * 2] = hexchar[(*q >> 4) & 0xf]; + p[i * 2 + 1] = hexchar[*q & 0xf]; + q++; + } + p[i * 2] = '\0'; + *str = p; + + return i * 2; +} + +ssize_t ROKEN_LIB_FUNCTION +hex_decode(const char *str, void *data, size_t len) +{ + size_t l; + unsigned char *p = data; + size_t i; + + l = strlen(str); + + /* check for overflow, same as (l+1)/2 but overflow safe */ + if ((l/2) + (l&1) > len) + return -1; + + i = 0; + if (l & 1) { + p[0] = pos(str[0]); + str++; + p++; + } + for (i = 0; i < l / 2; i++) + p[i] = pos(str[i * 2]) << 4 | pos(str[(i * 2) + 1]); + return i + (l & 1); +} diff --git a/source4/heimdal/lib/roken/hex.h b/source4/heimdal/lib/roken/hex.h new file mode 100644 index 0000000000..cd47b21f9f --- /dev/null +++ b/source4/heimdal/lib/roken/hex.h @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: hex.h,v 1.3 2005/04/12 11:28:50 lha Exp $ */ + +#ifndef _rk_HEX_H_ +#define _rk_HEX_H_ 1 + +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION _stdcall +#else +#define ROKEN_LIB_FUNCTION +#endif +#endif + +#define hex_encode rk_hex_encode +#define hex_decode rk_hex_decode + +ssize_t ROKEN_LIB_FUNCTION + hex_encode(const void *, size_t, char **); +ssize_t ROKEN_LIB_FUNCTION + hex_decode(const char *, void *, size_t); + +#endif /* _rk_HEX_H_ */ diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c index 8764f422ec..92438a9963 100644 --- a/source4/heimdal/lib/roken/resolve.c +++ b/source4/heimdal/lib/roken/resolve.c @@ -45,7 +45,7 @@ #include -RCSID("$Id: resolve.c,v 1.52 2005/08/22 19:16:21 lha Exp $"); +RCSID("$Id: resolve.c,v 1.53 2006/02/06 19:30:16 lha Exp $"); #ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */ #undef HAVE_RES_NSEARCH @@ -275,7 +275,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data, } /* the signer name is placed after the sig_data, to make it - easy to free this struture; the size calculation below + easy to free this structure; the size calculation below includes the zero-termination if the structure itself. don't you just love C? */ -- cgit From 3cad0b87dc55f8eab9b00cd3aa01e817b39a5d62 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 13 Mar 2006 02:05:39 +0000 Subject: r14281: Pull apart LIBDIR and MODULESDIR Move architecture-independent data to DATADIR (was LIBDIR) (This used to be commit 2c7b62a861f702067e8df4c3239ac7e377631a15) --- source4/heimdal/lib/asn1/parse.c | 356 ++++++++++++++++++++++++++------------- source4/heimdal/lib/asn1/parse.h | 13 +- 2 files changed, 249 insertions(+), 120 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index 0bf3cdafdb..420a1bc5c5 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 2.0. */ +/* A Bison parser, made by GNU Bison 2.1. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,8 +15,8 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. */ + Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. */ /* As a special exception, when this file is copied by Bison into a Bison output file, you may use that output file without restriction. @@ -36,6 +36,9 @@ /* Identify Bison output. */ #define YYBISON 1 +/* Bison version. */ +#define YYBISON_VERSION "2.1" + /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -142,6 +145,7 @@ NUMBER = 344 }; #endif +/* Tokens. */ #define kw_ABSENT 258 #define kw_ABSTRACT_SYNTAX 259 #define kw_ALL 260 @@ -266,7 +270,7 @@ struct string_list { /* Enabling traces. */ #ifndef YYDEBUG -# define YYDEBUG 1 +# define YYDEBUG 0 #endif /* Enabling verbose error messages. */ @@ -277,6 +281,11 @@ struct string_list { # define YYERROR_VERBOSE 0 #endif +/* Enabling the token table. */ +#ifndef YYTOKEN_TABLE +# define YYTOKEN_TABLE 0 +#endif + #if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) #line 65 "parse.y" typedef union YYSTYPE { @@ -293,8 +302,8 @@ typedef union YYSTYPE { struct memhead *members; struct constraint_spec *constraint_spec; } YYSTYPE; -/* Line 190 of yacc.c. */ -#line 298 "parse.c" +/* Line 196 of yacc.c. */ +#line 307 "$base.c" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 @@ -305,17 +314,36 @@ typedef union YYSTYPE { /* Copy the second part of user declarations. */ -/* Line 213 of yacc.c. */ -#line 310 "parse.c" +/* Line 219 of yacc.c. */ +#line 319 "$base.c" -#if ! defined (yyoverflow) || YYERROR_VERBOSE +#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) +# define YYSIZE_T __SIZE_TYPE__ +#endif +#if ! defined (YYSIZE_T) && defined (size_t) +# define YYSIZE_T size_t +#endif +#if ! defined (YYSIZE_T) && (defined (__STDC__) || defined (__cplusplus)) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +#endif +#if ! defined (YYSIZE_T) +# define YYSIZE_T unsigned int +#endif -# ifndef YYFREE -# define YYFREE free +#ifndef YY_ +# if YYENABLE_NLS +# if ENABLE_NLS +# include /* INFRINGES ON USER NAME SPACE */ +# define YY_(msgid) dgettext ("bison-runtime", msgid) +# endif # endif -# ifndef YYMALLOC -# define YYMALLOC malloc +# ifndef YY_ +# define YY_(msgid) msgid # endif +#endif + +#if ! defined (yyoverflow) || YYERROR_VERBOSE /* The parser invokes alloca or malloc; define the necessary symbols. */ @@ -325,6 +353,10 @@ typedef union YYSTYPE { # define YYSTACK_ALLOC __builtin_alloca # else # define YYSTACK_ALLOC alloca +# if defined (__STDC__) || defined (__cplusplus) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYINCLUDED_STDLIB_H +# endif # endif # endif # endif @@ -332,13 +364,39 @@ typedef union YYSTYPE { # ifdef YYSTACK_ALLOC /* Pacify GCC's `empty if-body' warning. */ # define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) -# else -# if defined (__STDC__) || defined (__cplusplus) -# include /* INFRINGES ON USER NAME SPACE */ -# define YYSIZE_T size_t +# ifndef YYSTACK_ALLOC_MAXIMUM + /* The OS might guarantee only one guard page at the bottom of the stack, + and a page size can be as small as 4096 bytes. So we cannot safely + invoke alloca (N) if N exceeds 4096. Use a slightly smaller number + to allow for a few compiler-allocated temporary stack slots. */ +# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2005 */ # endif +# else # define YYSTACK_ALLOC YYMALLOC # define YYSTACK_FREE YYFREE +# ifndef YYSTACK_ALLOC_MAXIMUM +# define YYSTACK_ALLOC_MAXIMUM ((YYSIZE_T) -1) +# endif +# ifdef __cplusplus +extern "C" { +# endif +# ifndef YYMALLOC +# define YYMALLOC malloc +# if (! defined (malloc) && ! defined (YYINCLUDED_STDLIB_H) \ + && (defined (__STDC__) || defined (__cplusplus))) +void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ +# endif +# endif +# ifndef YYFREE +# define YYFREE free +# if (! defined (free) && ! defined (YYINCLUDED_STDLIB_H) \ + && (defined (__STDC__) || defined (__cplusplus))) +void free (void *); /* INFRINGES ON USER NAME SPACE */ +# endif +# endif +# ifdef __cplusplus +} +# endif # endif #endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */ @@ -373,7 +431,7 @@ union yyalloc # define YYCOPY(To, From, Count) \ do \ { \ - register YYSIZE_T yyi; \ + YYSIZE_T yyi; \ for (yyi = 0; yyi < (Count); yyi++) \ (To)[yyi] = (From)[yyi]; \ } \ @@ -423,7 +481,7 @@ union yyalloc #define YYUNDEFTOK 2 #define YYMAXUTOK 344 -#define YYTRANSLATE(YYX) \ +#define YYTRANSLATE(YYX) \ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) /* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ @@ -548,8 +606,8 @@ static const unsigned short int yyrline[] = }; #endif -#if YYDEBUG || YYERROR_VERBOSE -/* YYTNME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. +#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE +/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { @@ -804,22 +862,6 @@ static const unsigned char yystos[] = 154 }; -#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) -# define YYSIZE_T __SIZE_TYPE__ -#endif -#if ! defined (YYSIZE_T) && defined (size_t) -# define YYSIZE_T size_t -#endif -#if ! defined (YYSIZE_T) -# if defined (__STDC__) || defined (__cplusplus) -# include /* INFRINGES ON USER NAME SPACE */ -# define YYSIZE_T size_t -# endif -#endif -#if ! defined (YYSIZE_T) -# define YYSIZE_T unsigned int -#endif - #define yyerrok (yyerrstatus = 0) #define yyclearin (yychar = YYEMPTY) #define YYEMPTY (-2) @@ -849,8 +891,8 @@ do \ goto yybackup; \ } \ else \ - { \ - yyerror ("syntax error: cannot back up");\ + { \ + yyerror (YY_("syntax error: cannot back up")); \ YYERROR; \ } \ while (0) @@ -929,7 +971,7 @@ do { \ if (yydebug) \ { \ YYFPRINTF (stderr, "%s ", Title); \ - yysymprint (stderr, \ + yysymprint (stderr, \ Type, Value); \ YYFPRINTF (stderr, "\n"); \ } \ @@ -977,13 +1019,13 @@ yy_reduce_print (yyrule) #endif { int yyi; - unsigned int yylno = yyrline[yyrule]; - YYFPRINTF (stderr, "Reducing stack by rule %d (line %u), ", + unsigned long int yylno = yyrline[yyrule]; + YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu), ", yyrule - 1, yylno); /* Print the symbols being reduced, and their result. */ for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++) - YYFPRINTF (stderr, "%s ", yytname [yyrhs[yyi]]); - YYFPRINTF (stderr, "-> %s\n", yytname [yyr1[yyrule]]); + YYFPRINTF (stderr, "%s ", yytname[yyrhs[yyi]]); + YYFPRINTF (stderr, "-> %s\n", yytname[yyr1[yyrule]]); } # define YY_REDUCE_PRINT(Rule) \ @@ -1012,7 +1054,7 @@ int yydebug; if the built-in stack extension method is used). Do not make this value too large; the results are undefined if - SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH) + YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) evaluated with infinite-precision integer arithmetic. */ #ifndef YYMAXDEPTH @@ -1036,7 +1078,7 @@ yystrlen (yystr) const char *yystr; # endif { - register const char *yys = yystr; + const char *yys = yystr; while (*yys++ != '\0') continue; @@ -1061,8 +1103,8 @@ yystpcpy (yydest, yysrc) const char *yysrc; # endif { - register char *yyd = yydest; - register const char *yys = yysrc; + char *yyd = yydest; + const char *yys = yysrc; while ((*yyd++ = *yys++) != '\0') continue; @@ -1072,7 +1114,55 @@ yystpcpy (yydest, yysrc) # endif # endif -#endif /* !YYERROR_VERBOSE */ +# ifndef yytnamerr +/* Copy to YYRES the contents of YYSTR after stripping away unnecessary + quotes and backslashes, so that it's suitable for yyerror. The + heuristic is that double-quoting is unnecessary unless the string + contains an apostrophe, a comma, or backslash (other than + backslash-backslash). YYSTR is taken from yytname. If YYRES is + null, do not copy; instead, return the length of what the result + would have been. */ +static YYSIZE_T +yytnamerr (char *yyres, const char *yystr) +{ + if (*yystr == '"') + { + size_t yyn = 0; + char const *yyp = yystr; + + for (;;) + switch (*++yyp) + { + case '\'': + case ',': + goto do_not_strip_quotes; + + case '\\': + if (*++yyp != '\\') + goto do_not_strip_quotes; + /* Fall through. */ + default: + if (yyres) + yyres[yyn] = *yyp; + yyn++; + break; + + case '"': + if (yyres) + yyres[yyn] = '\0'; + return yyn; + } + do_not_strip_quotes: ; + } + + if (! yyres) + return yystrlen (yystr); + + return yystpcpy (yyres, yystr) - yyres; +} +# endif + +#endif /* YYERROR_VERBOSE */ @@ -1192,13 +1282,13 @@ yyparse (void) #else int yyparse () - + ; #endif #endif { - register int yystate; - register int yyn; + int yystate; + int yyn; int yyresult; /* Number of tokens to shift before error messages enabled. */ int yyerrstatus; @@ -1216,12 +1306,12 @@ yyparse () /* The state stack. */ short int yyssa[YYINITDEPTH]; short int *yyss = yyssa; - register short int *yyssp; + short int *yyssp; /* The semantic value stack. */ YYSTYPE yyvsa[YYINITDEPTH]; YYSTYPE *yyvs = yyvsa; - register YYSTYPE *yyvsp; + YYSTYPE *yyvsp; @@ -1253,9 +1343,6 @@ yyparse () yyssp = yyss; yyvsp = yyvs; - - yyvsp[0] = yylval; - goto yysetstate; /*------------------------------------------------------------. @@ -1288,7 +1375,7 @@ yyparse () data in use in that stack, in bytes. This used to be a conditional around just the two extra args, but that might be undefined if yyoverflow is a macro. */ - yyoverflow ("parser stack overflow", + yyoverflow (YY_("memory exhausted"), &yyss1, yysize * sizeof (*yyssp), &yyvs1, yysize * sizeof (*yyvsp), @@ -1299,11 +1386,11 @@ yyparse () } #else /* no yyoverflow */ # ifndef YYSTACK_RELOCATE - goto yyoverflowlab; + goto yyexhaustedlab; # else /* Extend the stack our own way. */ if (YYMAXDEPTH <= yystacksize) - goto yyoverflowlab; + goto yyexhaustedlab; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) yystacksize = YYMAXDEPTH; @@ -1313,7 +1400,7 @@ yyparse () union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) - goto yyoverflowlab; + goto yyexhaustedlab; YYSTACK_RELOCATE (yyss); YYSTACK_RELOCATE (yyvs); @@ -2143,10 +2230,11 @@ yyreduce: break; + default: break; } -/* Line 1037 of yacc.c. */ -#line 2150 "parse.c" +/* Line 1126 of yacc.c. */ +#line 2238 "$base.c" yyvsp -= yylen; yyssp -= yylen; @@ -2185,12 +2273,36 @@ yyerrlab: if (YYPACT_NINF < yyn && yyn < YYLAST) { - YYSIZE_T yysize = 0; int yytype = YYTRANSLATE (yychar); - const char* yyprefix; - char *yymsg; + YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); + YYSIZE_T yysize = yysize0; + YYSIZE_T yysize1; + int yysize_overflow = 0; + char *yymsg = 0; +# define YYERROR_VERBOSE_ARGS_MAXIMUM 5 + char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; int yyx; +#if 0 + /* This is so xgettext sees the translatable formats that are + constructed on the fly. */ + YY_("syntax error, unexpected %s"); + YY_("syntax error, unexpected %s, expecting %s"); + YY_("syntax error, unexpected %s, expecting %s or %s"); + YY_("syntax error, unexpected %s, expecting %s or %s or %s"); + YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); +#endif + char *yyfmt; + char const *yyf; + static char const yyunexpected[] = "syntax error, unexpected %s"; + static char const yyexpecting[] = ", expecting %s"; + static char const yyor[] = " or %s"; + char yyformat[sizeof yyunexpected + + sizeof yyexpecting - 1 + + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) + * (sizeof yyor - 1))]; + char const *yyprefix = yyexpecting; + /* Start YYX at -YYN if negative to avoid negative indexes in YYCHECK. */ int yyxbegin = yyn < 0 ? -yyn : 0; @@ -2198,48 +2310,68 @@ yyerrlab: /* Stay within bounds of both yycheck and yytname. */ int yychecklim = YYLAST - yyn; int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; - int yycount = 0; + int yycount = 1; + + yyarg[0] = yytname[yytype]; + yyfmt = yystpcpy (yyformat, yyunexpected); - yyprefix = ", expecting "; for (yyx = yyxbegin; yyx < yyxend; ++yyx) if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) { - yysize += yystrlen (yyprefix) + yystrlen (yytname [yyx]); - yycount += 1; - if (yycount == 5) + if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) { - yysize = 0; + yycount = 1; + yysize = yysize0; + yyformat[sizeof yyunexpected - 1] = '\0'; break; } + yyarg[yycount++] = yytname[yyx]; + yysize1 = yysize + yytnamerr (0, yytname[yyx]); + yysize_overflow |= yysize1 < yysize; + yysize = yysize1; + yyfmt = yystpcpy (yyfmt, yyprefix); + yyprefix = yyor; } - yysize += (sizeof ("syntax error, unexpected ") - + yystrlen (yytname[yytype])); - yymsg = (char *) YYSTACK_ALLOC (yysize); - if (yymsg != 0) - { - char *yyp = yystpcpy (yymsg, "syntax error, unexpected "); - yyp = yystpcpy (yyp, yytname[yytype]); - if (yycount < 5) + yyf = YY_(yyformat); + yysize1 = yysize + yystrlen (yyf); + yysize_overflow |= yysize1 < yysize; + yysize = yysize1; + + if (!yysize_overflow && yysize <= YYSTACK_ALLOC_MAXIMUM) + yymsg = (char *) YYSTACK_ALLOC (yysize); + if (yymsg) + { + /* Avoid sprintf, as that infringes on the user's name space. + Don't have undefined behavior even if the translation + produced a string with the wrong number of "%s"s. */ + char *yyp = yymsg; + int yyi = 0; + while ((*yyp = *yyf)) { - yyprefix = ", expecting "; - for (yyx = yyxbegin; yyx < yyxend; ++yyx) - if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) - { - yyp = yystpcpy (yyp, yyprefix); - yyp = yystpcpy (yyp, yytname[yyx]); - yyprefix = " or "; - } + if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) + { + yyp += yytnamerr (yyp, yyarg[yyi++]); + yyf += 2; + } + else + { + yyp++; + yyf++; + } } yyerror (yymsg); YYSTACK_FREE (yymsg); } else - yyerror ("syntax error; also virtual memory exhausted"); + { + yyerror (YY_("syntax error")); + goto yyexhaustedlab; + } } else #endif /* YYERROR_VERBOSE */ - yyerror ("syntax error"); + yyerror (YY_("syntax error")); } @@ -2251,18 +2383,9 @@ yyerrlab: if (yychar <= YYEOF) { - /* If at end of input, pop the error token, - then the rest of the stack, then return failure. */ + /* Return failure if at end of input. */ if (yychar == YYEOF) - for (;;) - { - - YYPOPSTACK; - if (yyssp == yyss) - YYABORT; - yydestruct ("Error: popping", - yystos[*yyssp], yyvsp); - } + YYABORT; } else { @@ -2281,12 +2404,11 @@ yyerrlab: `---------------------------------------------------*/ yyerrorlab: -#ifdef __GNUC__ - /* Pacify GCC when the user code never invokes YYERROR and the label - yyerrorlab therefore never appears in user code. */ + /* Pacify compilers like GCC when the user code never invokes + YYERROR and the label yyerrorlab therefore never appears in user + code. */ if (0) goto yyerrorlab; -#endif yyvsp -= yylen; yyssp -= yylen; @@ -2349,23 +2471,29 @@ yyacceptlab: | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ yyabortlab: - yydestruct ("Error: discarding lookahead", - yytoken, &yylval); - yychar = YYEMPTY; yyresult = 1; goto yyreturn; #ifndef yyoverflow -/*----------------------------------------------. -| yyoverflowlab -- parser overflow comes here. | -`----------------------------------------------*/ -yyoverflowlab: - yyerror ("parser stack overflow"); +/*-------------------------------------------------. +| yyexhaustedlab -- memory exhaustion comes here. | +`-------------------------------------------------*/ +yyexhaustedlab: + yyerror (YY_("memory exhausted")); yyresult = 2; /* Fall through. */ #endif yyreturn: + if (yychar != YYEOF && yychar != YYEMPTY) + yydestruct ("Cleanup: discarding lookahead", + yytoken, &yylval); + while (yyssp != yyss) + { + yydestruct ("Cleanup: popping", + yystos[*yyssp], yyvsp); + YYPOPSTACK; + } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h index 5cc1342618..df4587501e 100644 --- a/source4/heimdal/lib/asn1/parse.h +++ b/source4/heimdal/lib/asn1/parse.h @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 2.0. */ +/* A Bison parser, made by GNU Bison 2.1. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,8 +15,8 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. */ + Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. */ /* As a special exception, when this file is copied by Bison into a Bison output file, you may use that output file without restriction. @@ -118,6 +118,7 @@ NUMBER = 344 }; #endif +/* Tokens. */ #define kw_ABSENT 258 #define kw_ABSTRACT_SYNTAX 259 #define kw_ALL 260 @@ -225,8 +226,8 @@ typedef union YYSTYPE { struct memhead *members; struct constraint_spec *constraint_spec; } YYSTYPE; -/* Line 1318 of yacc.c. */ -#line 230 "parse.h" +/* Line 1447 of yacc.c. */ +#line 231 "parse.h" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 -- cgit From 59c427963f1e445012f8bb78ca46d2ec317e2caf Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 21 Mar 2006 07:42:00 +0000 Subject: r14605: Create heimdal/lib/des/hcrypto symlink if it doesn't exist (This used to be commit 303832bdc90f371c68185773009d143d1acf93ae) --- source4/heimdal/lib/des/hcrypto | 1 - 1 file changed, 1 deletion(-) delete mode 120000 source4/heimdal/lib/des/hcrypto (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/des/hcrypto b/source4/heimdal/lib/des/hcrypto deleted file mode 120000 index 023d458e1d..0000000000 --- a/source4/heimdal/lib/des/hcrypto +++ /dev/null @@ -1 +0,0 @@ -./../des \ No newline at end of file -- cgit From 864d9b531dc2fba94f5ea839b087e28d402c643a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 22 Mar 2006 10:16:59 +0000 Subject: r14635: - Remove lex.c from SVN (it is built anyway, and having it in SVN confuses things) - Update Samba4 from lorikeet-heimdal - Remove generated symlink on make clean Andrew Bartlett (This used to be commit a5c2b4cc92e807d18cb8df99bebf004fa4252e1e) --- source4/heimdal/lib/asn1/gen.c | 5 +- source4/heimdal/lib/asn1/lex.c | 2493 ------------------------------ source4/heimdal/lib/com_err/lex.c | 1706 -------------------- source4/heimdal/lib/krb5/addr_families.c | 11 +- source4/heimdal/lib/krb5/crypto.c | 8 +- source4/heimdal/lib/krb5/get_for_creds.c | 4 +- source4/heimdal/lib/krb5/mk_req_ext.c | 195 ++- source4/heimdal/lib/krb5/rd_priv.c | 7 +- source4/heimdal/lib/krb5/send_to_kdc.c | 4 +- 9 files changed, 113 insertions(+), 4320 deletions(-) delete mode 100644 source4/heimdal/lib/asn1/lex.c delete mode 100644 source4/heimdal/lib/com_err/lex.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c index 921d2ebba6..2a6fecebbb 100644 --- a/source4/heimdal/lib/asn1/gen.c +++ b/source4/heimdal/lib/asn1/gen.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c,v 1.64 2005/12/06 19:59:13 lha Exp $"); +RCSID("$Id: gen.c,v 1.65 2006/03/08 12:29:34 lha Exp $"); FILE *headerfile, *codefile, *logfile; @@ -97,9 +97,6 @@ init_generate (const char *filename, const char *base) fprintf (headerfile, "#include \n" "#include \n\n"); -#ifndef HAVE_TIMEGM - fprintf (headerfile, "time_t timegm (struct tm*);\n\n"); -#endif fprintf (headerfile, "#ifndef __asn1_common_definitions__\n" "#define __asn1_common_definitions__\n\n"); diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c deleted file mode 100644 index 8a13c392f8..0000000000 --- a/source4/heimdal/lib/asn1/lex.c +++ /dev/null @@ -1,2493 +0,0 @@ -/* A lexical scanner generated by flex */ - -/* Scanner skeleton version: - * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ - */ - -#define FLEX_SCANNER -#define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 - -#include -#include - - -/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ -#ifdef c_plusplus -#ifndef __cplusplus -#define __cplusplus -#endif -#endif - - -#ifdef __cplusplus - -#include - -/* Use prototypes in function declarations. */ -#define YY_USE_PROTOS - -/* The "const" storage-class-modifier is valid. */ -#define YY_USE_CONST - -#else /* ! __cplusplus */ - -#if __STDC__ - -#define YY_USE_PROTOS -#define YY_USE_CONST - -#endif /* __STDC__ */ -#endif /* ! __cplusplus */ - -#ifdef __TURBOC__ - #pragma warn -rch - #pragma warn -use -#include -#include -#define YY_USE_CONST -#define YY_USE_PROTOS -#endif - -#ifdef YY_USE_CONST -#define yyconst const -#else -#define yyconst -#endif - - -#ifdef YY_USE_PROTOS -#define YY_PROTO(proto) proto -#else -#define YY_PROTO(proto) () -#endif - -/* Returned upon end-of-file. */ -#define YY_NULL 0 - -/* Promotes a possibly negative, possibly signed char to an unsigned - * integer for use as an array index. If the signed char is negative, - * we want to instead treat it as an 8-bit unsigned char, hence the - * double cast. - */ -#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) - -/* Enter a start condition. This macro really ought to take a parameter, - * but we do it the disgusting crufty way forced on us by the ()-less - * definition of BEGIN. - */ -#define BEGIN yy_start = 1 + 2 * - -/* Translate the current start state into a value that can be later handed - * to BEGIN to return to the state. The YYSTATE alias is for lex - * compatibility. - */ -#define YY_START ((yy_start - 1) / 2) -#define YYSTATE YY_START - -/* Action number for EOF rule of a given start state. */ -#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) - -/* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart( yyin ) - -#define YY_END_OF_BUFFER_CHAR 0 - -/* Size of default input buffer. */ -#define YY_BUF_SIZE 16384 - -typedef struct yy_buffer_state *YY_BUFFER_STATE; - -extern int yyleng; -extern FILE *yyin, *yyout; - -#define EOB_ACT_CONTINUE_SCAN 0 -#define EOB_ACT_END_OF_FILE 1 -#define EOB_ACT_LAST_MATCH 2 - -/* The funky do-while in the following #define is used to turn the definition - * int a single C statement (which needs a semi-colon terminator). This - * avoids problems with code like: - * - * if ( condition_holds ) - * yyless( 5 ); - * else - * do_something_else(); - * - * Prior to using the do-while the compiler would get upset at the - * "else" because it interpreted the "if" statement as being all - * done when it reached the ';' after the yyless() call. - */ - -/* Return all but the first 'n' matched characters back to the input stream. */ - -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - *yy_cp = yy_hold_char; \ - YY_RESTORE_YY_MORE_OFFSET \ - yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ - YY_DO_BEFORE_ACTION; /* set up yytext again */ \ - } \ - while ( 0 ) - -#define unput(c) yyunput( c, yytext_ptr ) - -/* The following is because we cannot portably get our hands on size_t - * (without autoconf's help, which isn't available because we want - * flex-generated scanners to compile on their own). - */ -typedef unsigned int yy_size_t; - - -struct yy_buffer_state - { - FILE *yy_input_file; - - char *yy_ch_buf; /* input buffer */ - char *yy_buf_pos; /* current position in input buffer */ - - /* Size of input buffer in bytes, not including room for EOB - * characters. - */ - yy_size_t yy_buf_size; - - /* Number of characters read into yy_ch_buf, not including EOB - * characters. - */ - int yy_n_chars; - - /* Whether we "own" the buffer - i.e., we know we created it, - * and can realloc() it to grow it, and should free() it to - * delete it. - */ - int yy_is_our_buffer; - - /* Whether this is an "interactive" input source; if so, and - * if we're using stdio for input, then we want to use getc() - * instead of fread(), to make sure we stop fetching input after - * each newline. - */ - int yy_is_interactive; - - /* Whether we're considered to be at the beginning of a line. - * If so, '^' rules will be active on the next match, otherwise - * not. - */ - int yy_at_bol; - - /* Whether to try to fill the input buffer when we reach the - * end of it. - */ - int yy_fill_buffer; - - int yy_buffer_status; -#define YY_BUFFER_NEW 0 -#define YY_BUFFER_NORMAL 1 - /* When an EOF's been seen but there's still some text to process - * then we mark the buffer as YY_EOF_PENDING, to indicate that we - * shouldn't try reading from the input source any more. We might - * still have a bunch of tokens to match, though, because of - * possible backing-up. - * - * When we actually see the EOF, we change the status to "new" - * (via yyrestart()), so that the user can continue scanning by - * just pointing yyin at a new input file. - */ -#define YY_BUFFER_EOF_PENDING 2 - }; - -static YY_BUFFER_STATE yy_current_buffer = 0; - -/* We provide macros for accessing buffer states in case in the - * future we want to put the buffer states in a more general - * "scanner state". - */ -#define YY_CURRENT_BUFFER yy_current_buffer - - -/* yy_hold_char holds the character lost when yytext is formed. */ -static char yy_hold_char; - -static int yy_n_chars; /* number of characters read into yy_ch_buf */ - - -int yyleng; - -/* Points to current character in buffer. */ -static char *yy_c_buf_p = (char *) 0; -static int yy_init = 1; /* whether we need to initialize */ -static int yy_start = 0; /* start state number */ - -/* Flag which is used to allow yywrap()'s to do buffer switches - * instead of setting up a fresh yyin. A bit of a hack ... - */ -static int yy_did_buffer_switch_on_eof; - -void yyrestart YY_PROTO(( FILE *input_file )); - -void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); -void yy_load_buffer_state YY_PROTO(( void )); -YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); -void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); -void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); -void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); -#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) - -YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); -YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); -YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); - -static void *yy_flex_alloc YY_PROTO(( yy_size_t )); -static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); -static void yy_flex_free YY_PROTO(( void * )); - -#define yy_new_buffer yy_create_buffer - -#define yy_set_interactive(is_interactive) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_is_interactive = is_interactive; \ - } - -#define yy_set_bol(at_bol) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_at_bol = at_bol; \ - } - -#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) - -typedef unsigned char YY_CHAR; -FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; -typedef int yy_state_type; -extern char *yytext; -#define yytext_ptr yytext - -static yy_state_type yy_get_previous_state YY_PROTO(( void )); -static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); -static int yy_get_next_buffer YY_PROTO(( void )); -static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); - -/* Done after the current pattern has been matched and before the - * corresponding action - sets up yytext. - */ -#define YY_DO_BEFORE_ACTION \ - yytext_ptr = yy_bp; \ - yyleng = (int) (yy_cp - yy_bp); \ - yy_hold_char = *yy_cp; \ - *yy_cp = '\0'; \ - yy_c_buf_p = yy_cp; - -#define YY_NUM_RULES 95 -#define YY_END_OF_BUFFER 96 -static yyconst short int yy_accept[568] = - { 0, - 0, 0, 96, 94, 90, 91, 87, 81, 81, 94, - 94, 88, 88, 94, 89, 89, 89, 89, 89, 89, - 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, - 89, 89, 89, 82, 83, 85, 88, 88, 93, 86, - 0, 0, 89, 89, 89, 89, 89, 89, 89, 89, - 89, 10, 89, 89, 89, 89, 89, 89, 89, 89, - 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, - 89, 89, 89, 89, 51, 89, 89, 89, 89, 89, - 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, - 89, 89, 89, 89, 89, 89, 89, 92, 88, 84, - - 89, 3, 89, 89, 89, 7, 89, 89, 89, 89, - 89, 89, 89, 89, 89, 89, 22, 89, 89, 89, - 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, - 89, 89, 44, 45, 89, 89, 89, 89, 89, 89, - 89, 55, 89, 89, 89, 89, 89, 89, 89, 63, - 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, - 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, - 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, - 89, 89, 89, 89, 89, 89, 89, 89, 30, 89, - 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, - - 47, 89, 89, 89, 89, 89, 89, 89, 89, 89, - 89, 60, 89, 89, 64, 89, 89, 89, 68, 69, - 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, - 80, 89, 89, 89, 89, 6, 89, 89, 89, 89, - 13, 89, 89, 89, 89, 89, 89, 89, 89, 89, - 89, 89, 89, 89, 29, 89, 89, 89, 89, 89, - 89, 89, 89, 89, 89, 89, 89, 89, 89, 50, - 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, - 89, 89, 89, 89, 72, 89, 89, 89, 89, 89, - 89, 89, 1, 89, 89, 89, 89, 89, 89, 12, - - 89, 89, 89, 89, 89, 89, 89, 89, 24, 89, - 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, - 89, 89, 89, 89, 89, 89, 89, 49, 89, 89, - 89, 89, 89, 89, 89, 89, 89, 65, 66, 89, - 89, 89, 73, 89, 89, 89, 89, 89, 89, 89, - 89, 89, 89, 9, 89, 89, 89, 89, 18, 89, - 89, 21, 89, 89, 26, 89, 89, 89, 89, 89, - 89, 89, 37, 38, 89, 89, 41, 89, 89, 89, - 89, 89, 89, 54, 89, 57, 58, 89, 89, 89, - 89, 89, 89, 89, 75, 89, 89, 89, 89, 89, - - 89, 89, 89, 89, 89, 89, 89, 89, 20, 89, - 25, 89, 28, 89, 89, 89, 89, 89, 36, 39, - 40, 89, 89, 89, 89, 52, 89, 89, 89, 89, - 62, 89, 89, 89, 89, 89, 89, 89, 89, 89, - 89, 5, 8, 11, 14, 89, 89, 89, 89, 89, - 89, 89, 89, 34, 89, 89, 89, 89, 89, 89, - 89, 89, 89, 67, 89, 89, 74, 89, 89, 89, - 89, 89, 89, 15, 89, 17, 89, 23, 89, 89, - 89, 89, 35, 89, 89, 89, 89, 89, 89, 89, - 89, 89, 89, 76, 89, 89, 89, 89, 4, 16, - - 19, 89, 89, 89, 89, 89, 89, 89, 89, 89, - 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, - 89, 89, 89, 42, 43, 89, 89, 89, 89, 89, - 61, 89, 89, 89, 89, 89, 89, 27, 31, 89, - 33, 89, 48, 89, 56, 89, 89, 71, 89, 89, - 79, 89, 89, 46, 89, 89, 89, 89, 78, 2, - 32, 89, 59, 70, 77, 53, 0 - } ; - -static yyconst int yy_ec[256] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 1, 4, 1, 1, 1, 1, 1, 5, - 5, 6, 1, 5, 7, 8, 9, 10, 11, 12, - 12, 13, 14, 15, 12, 16, 12, 17, 5, 1, - 18, 1, 1, 1, 19, 20, 21, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, - 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, - 45, 1, 46, 1, 47, 1, 48, 49, 50, 51, - - 52, 53, 54, 55, 56, 57, 29, 58, 59, 60, - 61, 62, 29, 63, 64, 65, 66, 67, 29, 68, - 29, 69, 5, 5, 5, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1 - } ; - -static yyconst int yy_meta[70] = - { 0, - 1, 1, 1, 1, 1, 1, 2, 1, 1, 3, - 3, 3, 3, 3, 3, 3, 1, 1, 3, 3, - 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 1, 1, 2, 3, 3, 3, - 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2 - } ; - -static yyconst short int yy_base[570] = - { 0, - 0, 0, 636, 637, 637, 637, 637, 637, 63, 627, - 628, 70, 77, 616, 74, 72, 76, 609, 65, 81, - 49, 0, 92, 91, 32, 101, 97, 608, 103, 113, - 99, 574, 602, 637, 637, 637, 156, 163, 620, 637, - 0, 609, 0, 589, 595, 590, 585, 597, 583, 586, - 586, 0, 101, 599, 108, 593, 596, 122, 124, 585, - 581, 553, 564, 597, 587, 575, 115, 575, 565, 574, - 575, 545, 575, 564, 0, 563, 543, 561, 558, 558, - 124, 540, 161, 119, 551, 558, 561, 581, 566, 551, - 555, 530, 560, 160, 530, 91, 547, 637, 0, 637, - - 125, 0, 554, 550, 555, 0, 544, 550, 543, 551, - 540, 542, 145, 166, 552, 541, 0, 542, 549, 156, - 548, 533, 538, 516, 505, 529, 533, 157, 534, 525, - 539, 546, 0, 521, 529, 506, 534, 533, 528, 502, - 515, 0, 515, 514, 510, 489, 518, 528, 507, 0, - 522, 517, 505, 505, 504, 517, 516, 486, 159, 499, - 520, 468, 482, 477, 506, 499, 494, 502, 497, 495, - 461, 502, 505, 502, 485, 488, 482, 500, 479, 485, - 494, 493, 491, 479, 485, 475, 164, 487, 0, 446, - 453, 442, 468, 478, 468, 464, 483, 170, 488, 463, - - 0, 436, 477, 459, 463, 445, 471, 486, 469, 472, - 425, 0, 451, 465, 0, 455, 467, 420, 0, 0, - 477, 418, 450, 442, 457, 423, 441, 425, 415, 426, - 0, 436, 454, 451, 452, 0, 407, 450, 447, 444, - 0, 434, 429, 437, 433, 435, 439, 437, 423, 420, - 436, 418, 418, 422, 0, 405, 396, 388, 423, 180, - 411, 426, 415, 423, 408, 429, 436, 386, 403, 0, - 408, 374, 402, 410, 404, 397, 386, 406, 400, 406, - 388, 366, 401, 375, 0, 403, 389, 365, 358, 359, - 356, 362, 0, 398, 399, 379, 360, 383, 376, 0, - - 390, 393, 379, 372, 371, 385, 385, 387, 0, 378, - 367, 376, 383, 343, 350, 343, 374, 370, 374, 358, - 371, 372, 356, 368, 353, 362, 338, 0, 368, 364, - 353, 352, 345, 359, 332, 340, 358, 0, 0, 322, - 355, 308, 0, 338, 322, 310, 308, 319, 318, 331, - 330, 340, 306, 0, 342, 332, 336, 335, 0, 334, - 338, 0, 321, 320, 0, 337, 326, 151, 318, 294, - 326, 314, 0, 0, 314, 327, 0, 328, 283, 315, - 309, 315, 292, 0, 319, 0, 0, 284, 318, 317, - 279, 315, 300, 317, 0, 279, 286, 265, 295, 324, - - 303, 308, 274, 291, 288, 293, 292, 290, 0, 299, - 0, 294, 0, 255, 250, 253, 263, 293, 0, 0, - 0, 277, 251, 289, 247, 0, 247, 283, 257, 261, - 0, 253, 274, 240, 274, 243, 244, 264, 235, 262, - 265, 0, 0, 0, 260, 273, 270, 262, 271, 262, - 228, 238, 226, 0, 252, 260, 230, 258, 221, 233, - 250, 244, 247, 0, 241, 215, 0, 223, 239, 210, - 211, 230, 240, 0, 249, 0, 233, 0, 242, 212, - 216, 210, 0, 232, 204, 231, 206, 198, 233, 194, - 231, 230, 200, 0, 190, 191, 197, 220, 0, 0, - - 0, 213, 190, 211, 188, 215, 192, 218, 184, 187, - 204, 178, 218, 215, 178, 174, 180, 175, 196, 190, - 178, 175, 176, 0, 0, 191, 174, 165, 180, 166, - 0, 194, 166, 163, 158, 163, 197, 0, 0, 156, - 0, 171, 0, 148, 0, 152, 188, 0, 150, 155, - 0, 166, 153, 0, 143, 148, 162, 143, 0, 0, - 0, 101, 0, 0, 0, 0, 637, 223, 69 - } ; - -static yyconst short int yy_def[570] = - { 0, - 567, 1, 567, 567, 567, 567, 567, 567, 567, 567, - 567, 567, 567, 567, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 567, 567, 567, 567, 567, 567, 567, - 569, 567, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 567, 569, 567, - - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, - 568, 568, 568, 568, 568, 568, 0, 567, 567 - } ; - -static yyconst short int yy_nxt[707] = - { 0, - 4, 5, 6, 7, 8, 4, 9, 10, 11, 12, - 13, 13, 13, 13, 13, 13, 14, 4, 15, 16, - 17, 18, 19, 20, 21, 22, 23, 22, 22, 22, - 24, 25, 26, 27, 22, 28, 29, 30, 31, 32, - 33, 22, 22, 22, 34, 35, 4, 22, 22, 22, - 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, - 22, 22, 22, 22, 22, 22, 22, 22, 22, 36, - 71, 99, 37, 38, 38, 38, 38, 38, 38, 38, - 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, - 38, 38, 38, 44, 48, 57, 58, 72, 49, 60, - - 62, 53, 50, 45, 51, 54, 59, 46, 55, 69, - 64, 63, 47, 65, 52, 78, 61, 70, 79, 109, - 73, 74, 66, 67, 75, 84, 80, 88, 68, 85, - 93, 89, 81, 110, 76, 129, 94, 41, 112, 113, - 86, 163, 116, 117, 119, 87, 144, 166, 90, 77, - 145, 130, 131, 149, 164, 91, 150, 120, 95, 82, - 118, 121, 167, 566, 92, 38, 38, 38, 38, 38, - 38, 38, 38, 38, 38, 38, 38, 38, 38, 147, - 160, 177, 178, 161, 179, 185, 194, 414, 186, 195, - 148, 223, 180, 224, 264, 253, 565, 564, 225, 254, - - 318, 563, 319, 562, 561, 265, 415, 560, 559, 558, - 557, 556, 555, 554, 553, 552, 551, 550, 549, 548, - 547, 546, 545, 41, 43, 43, 544, 543, 542, 541, - 540, 539, 538, 537, 536, 535, 534, 533, 532, 531, - 530, 529, 528, 527, 526, 525, 524, 523, 522, 521, - 520, 519, 518, 517, 516, 515, 514, 513, 512, 511, - 510, 509, 508, 507, 506, 505, 504, 503, 502, 501, - 500, 499, 498, 497, 496, 495, 494, 493, 492, 491, - 490, 489, 488, 487, 486, 485, 484, 483, 482, 481, - 480, 479, 478, 477, 476, 475, 474, 473, 472, 471, - - 470, 469, 468, 467, 466, 465, 464, 463, 462, 461, - 460, 459, 458, 457, 456, 455, 454, 453, 452, 451, - 450, 449, 448, 447, 446, 445, 444, 443, 442, 441, - 440, 439, 438, 437, 436, 435, 434, 433, 432, 431, - 430, 429, 428, 427, 426, 425, 424, 423, 422, 421, - 420, 419, 418, 417, 416, 413, 412, 411, 410, 409, - 408, 407, 406, 405, 404, 403, 402, 401, 400, 399, - 398, 397, 396, 395, 394, 393, 392, 391, 390, 389, - 388, 387, 386, 385, 384, 383, 382, 381, 380, 379, - 378, 377, 376, 375, 374, 373, 372, 371, 370, 369, - - 368, 367, 366, 365, 364, 363, 362, 361, 360, 359, - 358, 357, 356, 355, 354, 353, 352, 351, 350, 349, - 348, 347, 346, 345, 344, 343, 342, 341, 340, 339, - 338, 337, 336, 335, 334, 333, 332, 331, 330, 329, - 328, 327, 326, 325, 324, 323, 322, 321, 320, 317, - 316, 315, 314, 313, 312, 311, 310, 309, 308, 307, - 306, 305, 304, 303, 302, 301, 300, 299, 298, 297, - 296, 295, 294, 293, 292, 291, 290, 289, 288, 287, - 286, 285, 284, 283, 282, 281, 280, 279, 278, 277, - 276, 275, 274, 273, 272, 271, 270, 269, 268, 267, - - 266, 263, 262, 261, 260, 259, 258, 257, 256, 255, - 252, 251, 250, 249, 248, 247, 246, 245, 244, 243, - 242, 241, 240, 239, 238, 237, 236, 235, 234, 233, - 232, 231, 230, 229, 228, 227, 226, 222, 221, 220, - 219, 218, 217, 216, 215, 214, 213, 212, 211, 210, - 209, 208, 207, 206, 205, 204, 203, 202, 201, 200, - 199, 198, 197, 196, 193, 192, 191, 190, 189, 188, - 187, 184, 183, 182, 181, 176, 175, 174, 173, 172, - 171, 170, 169, 168, 165, 162, 159, 158, 157, 156, - 155, 154, 153, 152, 151, 146, 143, 142, 141, 140, - - 139, 138, 137, 136, 135, 134, 133, 132, 128, 127, - 126, 125, 124, 123, 122, 115, 114, 111, 108, 107, - 106, 105, 104, 103, 102, 101, 100, 98, 97, 96, - 83, 56, 42, 40, 39, 567, 3, 567, 567, 567, - 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, - 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, - 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, - 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, - 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, - 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, - - 567, 567, 567, 567, 567, 567 - } ; - -static yyconst short int yy_chk[707] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 9, - 25, 569, 9, 9, 9, 9, 9, 9, 9, 12, - 12, 12, 12, 12, 12, 12, 13, 13, 13, 13, - 13, 13, 13, 15, 16, 19, 19, 25, 16, 20, - - 21, 17, 16, 15, 16, 17, 19, 15, 17, 24, - 23, 21, 15, 23, 16, 27, 20, 24, 27, 53, - 26, 26, 23, 23, 26, 29, 27, 30, 23, 29, - 31, 30, 27, 53, 26, 67, 31, 12, 55, 55, - 29, 96, 58, 58, 59, 29, 81, 101, 30, 26, - 81, 67, 67, 84, 96, 30, 84, 59, 31, 27, - 58, 59, 101, 562, 30, 37, 37, 37, 37, 37, - 37, 37, 38, 38, 38, 38, 38, 38, 38, 83, - 94, 113, 113, 94, 114, 120, 128, 368, 120, 128, - 83, 159, 114, 159, 198, 187, 558, 557, 159, 187, - - 260, 556, 260, 555, 553, 198, 368, 552, 550, 549, - 547, 546, 544, 542, 540, 537, 536, 535, 534, 533, - 532, 530, 529, 37, 568, 568, 528, 527, 526, 523, - 522, 521, 520, 519, 518, 517, 516, 515, 514, 513, - 512, 511, 510, 509, 508, 507, 506, 505, 504, 503, - 502, 498, 497, 496, 495, 493, 492, 491, 490, 489, - 488, 487, 486, 485, 484, 482, 481, 480, 479, 477, - 475, 473, 472, 471, 470, 469, 468, 466, 465, 463, - 462, 461, 460, 459, 458, 457, 456, 455, 453, 452, - 451, 450, 449, 448, 447, 446, 445, 441, 440, 439, - - 438, 437, 436, 435, 434, 433, 432, 430, 429, 428, - 427, 425, 424, 423, 422, 418, 417, 416, 415, 414, - 412, 410, 408, 407, 406, 405, 404, 403, 402, 401, - 400, 399, 398, 397, 396, 394, 393, 392, 391, 390, - 389, 388, 385, 383, 382, 381, 380, 379, 378, 376, - 375, 372, 371, 370, 369, 367, 366, 364, 363, 361, - 360, 358, 357, 356, 355, 353, 352, 351, 350, 349, - 348, 347, 346, 345, 344, 342, 341, 340, 337, 336, - 335, 334, 333, 332, 331, 330, 329, 327, 326, 325, - 324, 323, 322, 321, 320, 319, 318, 317, 316, 315, - - 314, 313, 312, 311, 310, 308, 307, 306, 305, 304, - 303, 302, 301, 299, 298, 297, 296, 295, 294, 292, - 291, 290, 289, 288, 287, 286, 284, 283, 282, 281, - 280, 279, 278, 277, 276, 275, 274, 273, 272, 271, - 269, 268, 267, 266, 265, 264, 263, 262, 261, 259, - 258, 257, 256, 254, 253, 252, 251, 250, 249, 248, - 247, 246, 245, 244, 243, 242, 240, 239, 238, 237, - 235, 234, 233, 232, 230, 229, 228, 227, 226, 225, - 224, 223, 222, 221, 218, 217, 216, 214, 213, 211, - 210, 209, 208, 207, 206, 205, 204, 203, 202, 200, - - 199, 197, 196, 195, 194, 193, 192, 191, 190, 188, - 186, 185, 184, 183, 182, 181, 180, 179, 178, 177, - 176, 175, 174, 173, 172, 171, 170, 169, 168, 167, - 166, 165, 164, 163, 162, 161, 160, 158, 157, 156, - 155, 154, 153, 152, 151, 149, 148, 147, 146, 145, - 144, 143, 141, 140, 139, 138, 137, 136, 135, 134, - 132, 131, 130, 129, 127, 126, 125, 124, 123, 122, - 121, 119, 118, 116, 115, 112, 111, 110, 109, 108, - 107, 105, 104, 103, 97, 95, 93, 92, 91, 90, - 89, 88, 87, 86, 85, 82, 80, 79, 78, 77, - - 76, 74, 73, 72, 71, 70, 69, 68, 66, 65, - 64, 63, 62, 61, 60, 57, 56, 54, 51, 50, - 49, 48, 47, 46, 45, 44, 42, 39, 33, 32, - 28, 18, 14, 11, 10, 3, 567, 567, 567, 567, - 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, - 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, - 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, - 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, - 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, - 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, - - 567, 567, 567, 567, 567, 567 - } ; - -static yy_state_type yy_last_accepting_state; -static char *yy_last_accepting_cpos; - -/* The intent behind this definition is that it'll catch - * any uses of REJECT which flex missed. - */ -#define REJECT reject_used_but_not_detected -#define yymore() yymore_used_but_not_detected -#define YY_MORE_ADJ 0 -#define YY_RESTORE_YY_MORE_OFFSET -char *yytext; -#line 1 "lex.l" -#define INITIAL 0 -#line 2 "lex.l" -/* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: lex.l,v 1.27 2005/09/13 18:17:16 lha Exp $ */ - -#ifdef HAVE_CONFIG_H -#include -#endif -#include -#include -#include -#include -#ifdef HAVE_UNISTD_H -#include -#endif -#undef ECHO -#include "symbol.h" -#include "parse.h" -#include "lex.h" -#include "gen_locl.h" - -static unsigned lineno = 1; - -#undef ECHO - -static void unterminated(const char *, unsigned); - -#line 764 "lex.c" - -/* Macros after this point can all be overridden by user definitions in - * section 1. - */ - -#ifndef YY_SKIP_YYWRAP -#ifdef __cplusplus -extern "C" int yywrap YY_PROTO(( void )); -#else -extern int yywrap YY_PROTO(( void )); -#endif -#endif - -#ifndef YY_NO_UNPUT -static void yyunput YY_PROTO(( int c, char *buf_ptr )); -#endif - -#ifndef yytext_ptr -static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen YY_PROTO(( yyconst char * )); -#endif - -#ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput YY_PROTO(( void )); -#else -static int input YY_PROTO(( void )); -#endif -#endif - -#if YY_STACK_USED -static int yy_start_stack_ptr = 0; -static int yy_start_stack_depth = 0; -static int *yy_start_stack = 0; -#ifndef YY_NO_PUSH_STATE -static void yy_push_state YY_PROTO(( int new_state )); -#endif -#ifndef YY_NO_POP_STATE -static void yy_pop_state YY_PROTO(( void )); -#endif -#ifndef YY_NO_TOP_STATE -static int yy_top_state YY_PROTO(( void )); -#endif - -#else -#define YY_NO_PUSH_STATE 1 -#define YY_NO_POP_STATE 1 -#define YY_NO_TOP_STATE 1 -#endif - -#ifdef YY_MALLOC_DECL -YY_MALLOC_DECL -#else -#if __STDC__ -#ifndef __cplusplus -#include -#endif -#else -/* Just try to get by without declaring the routines. This will fail - * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) - * or sizeof(void*) != sizeof(int). - */ -#endif -#endif - -/* Amount of stuff to slurp up with each read. */ -#ifndef YY_READ_BUF_SIZE -#define YY_READ_BUF_SIZE 8192 -#endif - -/* Copy whatever the last rule matched to the standard output. */ - -#ifndef ECHO -/* This used to be an fputs(), but since the string might contain NUL's, - * we now use fwrite(). - */ -#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) -#endif - -/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, - * is returned in "result". - */ -#ifndef YY_INPUT -#define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) \ - { \ - int c = '*', n; \ - for ( n = 0; n < max_size && \ - (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ - buf[n] = (char) c; \ - if ( c == '\n' ) \ - buf[n++] = (char) c; \ - if ( c == EOF && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - result = n; \ - } \ - else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ - && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); -#endif - -/* No semi-colon after return; correct usage is to write "yyterminate();" - - * we don't want an extra ';' after the "return" because that will cause - * some compilers to complain about unreachable statements. - */ -#ifndef yyterminate -#define yyterminate() return YY_NULL -#endif - -/* Number of entries by which start-condition stack grows. */ -#ifndef YY_START_STACK_INCR -#define YY_START_STACK_INCR 25 -#endif - -/* Report a fatal error. */ -#ifndef YY_FATAL_ERROR -#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) -#endif - -/* Default declaration of generated scanner - a define so the user can - * easily add parameters. - */ -#ifndef YY_DECL -#define YY_DECL int yylex YY_PROTO(( void )) -#endif - -/* Code executed at the beginning of each rule, after yytext and yyleng - * have been set up. - */ -#ifndef YY_USER_ACTION -#define YY_USER_ACTION -#endif - -/* Code executed at the end of each rule. */ -#ifndef YY_BREAK -#define YY_BREAK break; -#endif - -#define YY_RULE_SETUP \ - YY_USER_ACTION - -YY_DECL - { - register yy_state_type yy_current_state; - register char *yy_cp = NULL, *yy_bp = NULL; - register int yy_act; - -#line 62 "lex.l" - -#line 917 "lex.c" - - if ( yy_init ) - { - yy_init = 0; - -#ifdef YY_USER_INIT - YY_USER_INIT; -#endif - - if ( ! yy_start ) - yy_start = 1; /* first start state */ - - if ( ! yyin ) - yyin = stdin; - - if ( ! yyout ) - yyout = stdout; - - if ( ! yy_current_buffer ) - yy_current_buffer = - yy_create_buffer( yyin, YY_BUF_SIZE ); - - yy_load_buffer_state(); - } - - while ( 1 ) /* loops until end-of-file is reached */ - { - yy_cp = yy_c_buf_p; - - /* Support of yytext. */ - *yy_cp = yy_hold_char; - - /* yy_bp points to the position in yy_ch_buf of the start of - * the current run. - */ - yy_bp = yy_cp; - - yy_current_state = yy_start; -yy_match: - do - { - register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 568 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - ++yy_cp; - } - while ( yy_base[yy_current_state] != 637 ); - -yy_find_action: - yy_act = yy_accept[yy_current_state]; - if ( yy_act == 0 ) - { /* have to back up */ - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; - yy_act = yy_accept[yy_current_state]; - } - - YY_DO_BEFORE_ACTION; - - -do_action: /* This label is used only to access EOF actions. */ - - - switch ( yy_act ) - { /* beginning of action switch */ - case 0: /* must back up */ - /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = yy_hold_char; - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; - goto yy_find_action; - -case 1: -YY_RULE_SETUP -#line 63 "lex.l" -{ return kw_ABSENT; } - YY_BREAK -case 2: -YY_RULE_SETUP -#line 64 "lex.l" -{ return kw_ABSTRACT_SYNTAX; } - YY_BREAK -case 3: -YY_RULE_SETUP -#line 65 "lex.l" -{ return kw_ALL; } - YY_BREAK -case 4: -YY_RULE_SETUP -#line 66 "lex.l" -{ return kw_APPLICATION; } - YY_BREAK -case 5: -YY_RULE_SETUP -#line 67 "lex.l" -{ return kw_AUTOMATIC; } - YY_BREAK -case 6: -YY_RULE_SETUP -#line 68 "lex.l" -{ return kw_BEGIN; } - YY_BREAK -case 7: -YY_RULE_SETUP -#line 69 "lex.l" -{ return kw_BIT; } - YY_BREAK -case 8: -YY_RULE_SETUP -#line 70 "lex.l" -{ return kw_BMPString; } - YY_BREAK -case 9: -YY_RULE_SETUP -#line 71 "lex.l" -{ return kw_BOOLEAN; } - YY_BREAK -case 10: -YY_RULE_SETUP -#line 72 "lex.l" -{ return kw_BY; } - YY_BREAK -case 11: -YY_RULE_SETUP -#line 73 "lex.l" -{ return kw_CHARACTER; } - YY_BREAK -case 12: -YY_RULE_SETUP -#line 74 "lex.l" -{ return kw_CHOICE; } - YY_BREAK -case 13: -YY_RULE_SETUP -#line 75 "lex.l" -{ return kw_CLASS; } - YY_BREAK -case 14: -YY_RULE_SETUP -#line 76 "lex.l" -{ return kw_COMPONENT; } - YY_BREAK -case 15: -YY_RULE_SETUP -#line 77 "lex.l" -{ return kw_COMPONENTS; } - YY_BREAK -case 16: -YY_RULE_SETUP -#line 78 "lex.l" -{ return kw_CONSTRAINED; } - YY_BREAK -case 17: -YY_RULE_SETUP -#line 79 "lex.l" -{ return kw_CONTAINING; } - YY_BREAK -case 18: -YY_RULE_SETUP -#line 80 "lex.l" -{ return kw_DEFAULT; } - YY_BREAK -case 19: -YY_RULE_SETUP -#line 81 "lex.l" -{ return kw_DEFINITIONS; } - YY_BREAK -case 20: -YY_RULE_SETUP -#line 82 "lex.l" -{ return kw_EMBEDDED; } - YY_BREAK -case 21: -YY_RULE_SETUP -#line 83 "lex.l" -{ return kw_ENCODED; } - YY_BREAK -case 22: -YY_RULE_SETUP -#line 84 "lex.l" -{ return kw_END; } - YY_BREAK -case 23: -YY_RULE_SETUP -#line 85 "lex.l" -{ return kw_ENUMERATED; } - YY_BREAK -case 24: -YY_RULE_SETUP -#line 86 "lex.l" -{ return kw_EXCEPT; } - YY_BREAK -case 25: -YY_RULE_SETUP -#line 87 "lex.l" -{ return kw_EXPLICIT; } - YY_BREAK -case 26: -YY_RULE_SETUP -#line 88 "lex.l" -{ return kw_EXPORTS; } - YY_BREAK -case 27: -YY_RULE_SETUP -#line 89 "lex.l" -{ return kw_EXTENSIBILITY; } - YY_BREAK -case 28: -YY_RULE_SETUP -#line 90 "lex.l" -{ return kw_EXTERNAL; } - YY_BREAK -case 29: -YY_RULE_SETUP -#line 91 "lex.l" -{ return kw_FALSE; } - YY_BREAK -case 30: -YY_RULE_SETUP -#line 92 "lex.l" -{ return kw_FROM; } - YY_BREAK -case 31: -YY_RULE_SETUP -#line 93 "lex.l" -{ return kw_GeneralString; } - YY_BREAK -case 32: -YY_RULE_SETUP -#line 94 "lex.l" -{ return kw_GeneralizedTime; } - YY_BREAK -case 33: -YY_RULE_SETUP -#line 95 "lex.l" -{ return kw_GraphicString; } - YY_BREAK -case 34: -YY_RULE_SETUP -#line 96 "lex.l" -{ return kw_IA5String; } - YY_BREAK -case 35: -YY_RULE_SETUP -#line 97 "lex.l" -{ return kw_IDENTIFIER; } - YY_BREAK -case 36: -YY_RULE_SETUP -#line 98 "lex.l" -{ return kw_IMPLICIT; } - YY_BREAK -case 37: -YY_RULE_SETUP -#line 99 "lex.l" -{ return kw_IMPLIED; } - YY_BREAK -case 38: -YY_RULE_SETUP -#line 100 "lex.l" -{ return kw_IMPORTS; } - YY_BREAK -case 39: -YY_RULE_SETUP -#line 101 "lex.l" -{ return kw_INCLUDES; } - YY_BREAK -case 40: -YY_RULE_SETUP -#line 102 "lex.l" -{ return kw_INSTANCE; } - YY_BREAK -case 41: -YY_RULE_SETUP -#line 103 "lex.l" -{ return kw_INTEGER; } - YY_BREAK -case 42: -YY_RULE_SETUP -#line 104 "lex.l" -{ return kw_INTERSECTION; } - YY_BREAK -case 43: -YY_RULE_SETUP -#line 105 "lex.l" -{ return kw_ISO646String; } - YY_BREAK -case 44: -YY_RULE_SETUP -#line 106 "lex.l" -{ return kw_MAX; } - YY_BREAK -case 45: -YY_RULE_SETUP -#line 107 "lex.l" -{ return kw_MIN; } - YY_BREAK -case 46: -YY_RULE_SETUP -#line 108 "lex.l" -{ return kw_MINUS_INFINITY; } - YY_BREAK -case 47: -YY_RULE_SETUP -#line 109 "lex.l" -{ return kw_NULL; } - YY_BREAK -case 48: -YY_RULE_SETUP -#line 110 "lex.l" -{ return kw_NumericString; } - YY_BREAK -case 49: -YY_RULE_SETUP -#line 111 "lex.l" -{ return kw_OBJECT; } - YY_BREAK -case 50: -YY_RULE_SETUP -#line 112 "lex.l" -{ return kw_OCTET; } - YY_BREAK -case 51: -YY_RULE_SETUP -#line 113 "lex.l" -{ return kw_OF; } - YY_BREAK -case 52: -YY_RULE_SETUP -#line 114 "lex.l" -{ return kw_OPTIONAL; } - YY_BREAK -case 53: -YY_RULE_SETUP -#line 115 "lex.l" -{ return kw_ObjectDescriptor; } - YY_BREAK -case 54: -YY_RULE_SETUP -#line 116 "lex.l" -{ return kw_PATTERN; } - YY_BREAK -case 55: -YY_RULE_SETUP -#line 117 "lex.l" -{ return kw_PDV; } - YY_BREAK -case 56: -YY_RULE_SETUP -#line 118 "lex.l" -{ return kw_PLUS_INFINITY; } - YY_BREAK -case 57: -YY_RULE_SETUP -#line 119 "lex.l" -{ return kw_PRESENT; } - YY_BREAK -case 58: -YY_RULE_SETUP -#line 120 "lex.l" -{ return kw_PRIVATE; } - YY_BREAK -case 59: -YY_RULE_SETUP -#line 121 "lex.l" -{ return kw_PrintableString; } - YY_BREAK -case 60: -YY_RULE_SETUP -#line 122 "lex.l" -{ return kw_REAL; } - YY_BREAK -case 61: -YY_RULE_SETUP -#line 123 "lex.l" -{ return kw_RELATIVE_OID; } - YY_BREAK -case 62: -YY_RULE_SETUP -#line 124 "lex.l" -{ return kw_SEQUENCE; } - YY_BREAK -case 63: -YY_RULE_SETUP -#line 125 "lex.l" -{ return kw_SET; } - YY_BREAK -case 64: -YY_RULE_SETUP -#line 126 "lex.l" -{ return kw_SIZE; } - YY_BREAK -case 65: -YY_RULE_SETUP -#line 127 "lex.l" -{ return kw_STRING; } - YY_BREAK -case 66: -YY_RULE_SETUP -#line 128 "lex.l" -{ return kw_SYNTAX; } - YY_BREAK -case 67: -YY_RULE_SETUP -#line 129 "lex.l" -{ return kw_T61String; } - YY_BREAK -case 68: -YY_RULE_SETUP -#line 130 "lex.l" -{ return kw_TAGS; } - YY_BREAK -case 69: -YY_RULE_SETUP -#line 131 "lex.l" -{ return kw_TRUE; } - YY_BREAK -case 70: -YY_RULE_SETUP -#line 132 "lex.l" -{ return kw_TYPE_IDENTIFIER; } - YY_BREAK -case 71: -YY_RULE_SETUP -#line 133 "lex.l" -{ return kw_TeletexString; } - YY_BREAK -case 72: -YY_RULE_SETUP -#line 134 "lex.l" -{ return kw_UNION; } - YY_BREAK -case 73: -YY_RULE_SETUP -#line 135 "lex.l" -{ return kw_UNIQUE; } - YY_BREAK -case 74: -YY_RULE_SETUP -#line 136 "lex.l" -{ return kw_UNIVERSAL; } - YY_BREAK -case 75: -YY_RULE_SETUP -#line 137 "lex.l" -{ return kw_UTCTime; } - YY_BREAK -case 76: -YY_RULE_SETUP -#line 138 "lex.l" -{ return kw_UTF8String; } - YY_BREAK -case 77: -YY_RULE_SETUP -#line 139 "lex.l" -{ return kw_UniversalString; } - YY_BREAK -case 78: -YY_RULE_SETUP -#line 140 "lex.l" -{ return kw_VideotexString; } - YY_BREAK -case 79: -YY_RULE_SETUP -#line 141 "lex.l" -{ return kw_VisibleString; } - YY_BREAK -case 80: -YY_RULE_SETUP -#line 142 "lex.l" -{ return kw_WITH; } - YY_BREAK -case 81: -YY_RULE_SETUP -#line 143 "lex.l" -{ return *yytext; } - YY_BREAK -case 82: -YY_RULE_SETUP -#line 144 "lex.l" -{ return *yytext; } - YY_BREAK -case 83: -YY_RULE_SETUP -#line 145 "lex.l" -{ return *yytext; } - YY_BREAK -case 84: -YY_RULE_SETUP -#line 146 "lex.l" -{ return EEQUAL; } - YY_BREAK -case 85: -YY_RULE_SETUP -#line 147 "lex.l" -{ - int c, start_lineno = lineno; - int f = 0; - while((c = input()) != EOF) { - if(f && c == '-') - break; - if(c == '-') { - f = 1; - continue; - } - if(c == '\n') { - lineno++; - break; - } - f = 0; - } - if(c == EOF) - unterminated("comment", start_lineno); - } - YY_BREAK -case 86: -YY_RULE_SETUP -#line 166 "lex.l" -{ - int c, start_lineno = lineno; - int level = 1; - int seen_star = 0; - int seen_slash = 0; - while((c = input()) != EOF) { - if(c == '/') { - if(seen_star) { - if(--level == 0) - break; - seen_star = 0; - continue; - } - seen_slash = 1; - continue; - } - if(seen_star && c == '/') { - if(--level == 0) - break; - seen_star = 0; - continue; - } - if(c == '*') { - if(seen_slash) { - level++; - seen_star = seen_slash = 0; - continue; - } - seen_star = 1; - continue; - } - seen_star = seen_slash = 0; - if(c == '\n') { - lineno++; - continue; - } - } - if(c == EOF) - unterminated("comment", start_lineno); - } - YY_BREAK -case 87: -YY_RULE_SETUP -#line 206 "lex.l" -{ - int start_lineno = lineno; - int c; - char buf[1024]; - char *p = buf; - int f = 0; - int skip_ws = 0; - - while((c = input()) != EOF) { - if(isspace(c) && skip_ws) { - if(c == '\n') - lineno++; - continue; - } - skip_ws = 0; - - if(c == '"') { - if(f) { - *p++ = '"'; - f = 0; - } else - f = 1; - continue; - } - if(f == 1) { - unput(c); - break; - } - if(c == '\n') { - lineno++; - while(p > buf && isspace((unsigned char)p[-1])) - p--; - skip_ws = 1; - continue; - } - *p++ = c; - } - if(c == EOF) - unterminated("string", start_lineno); - *p++ = '\0'; - fprintf(stderr, "string -- %s\n", buf); - yylval.name = estrdup(buf); - return STRING; - } - YY_BREAK -case 88: -YY_RULE_SETUP -#line 251 "lex.l" -{ char *e, *y = yytext; - yylval.constant = strtol((const char *)yytext, - &e, 0); - if(e == y) - error_message("malformed constant (%s)", yytext); - else - return NUMBER; - } - YY_BREAK -case 89: -YY_RULE_SETUP -#line 259 "lex.l" -{ - yylval.name = estrdup ((const char *)yytext); - return IDENTIFIER; - } - YY_BREAK -case 90: -YY_RULE_SETUP -#line 263 "lex.l" -; - YY_BREAK -case 91: -YY_RULE_SETUP -#line 264 "lex.l" -{ ++lineno; } - YY_BREAK -case 92: -YY_RULE_SETUP -#line 265 "lex.l" -{ return ELLIPSIS; } - YY_BREAK -case 93: -YY_RULE_SETUP -#line 266 "lex.l" -{ return RANGE; } - YY_BREAK -case 94: -YY_RULE_SETUP -#line 267 "lex.l" -{ error_message("Ignoring char(%c)\n", *yytext); } - YY_BREAK -case 95: -YY_RULE_SETUP -#line 268 "lex.l" -ECHO; - YY_BREAK -#line 1585 "lex.c" -case YY_STATE_EOF(INITIAL): - yyterminate(); - - case YY_END_OF_BUFFER: - { - /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; - - /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = yy_hold_char; - YY_RESTORE_YY_MORE_OFFSET - - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) - { - /* We're scanning a new file or input source. It's - * possible that this happened because the user - * just pointed yyin at a new source and called - * yylex(). If so, then we have to assure - * consistency between yy_current_buffer and our - * globals. Here is the right place to do so, because - * this is the first action (other than possibly a - * back-up) that will match for the new input source. - */ - yy_n_chars = yy_current_buffer->yy_n_chars; - yy_current_buffer->yy_input_file = yyin; - yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; - } - - /* Note that here we test for yy_c_buf_p "<=" to the position - * of the first EOB in the buffer, since yy_c_buf_p will - * already have been incremented past the NUL character - * (since all states make transitions on EOB to the - * end-of-buffer state). Contrast this with the test - * in input(). - */ - if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) - { /* This was really a NUL. */ - yy_state_type yy_next_state; - - yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state(); - - /* Okay, we're now positioned to make the NUL - * transition. We couldn't have - * yy_get_previous_state() go ahead and do it - * for us because it doesn't know how to deal - * with the possibility of jamming (and we don't - * want to build jamming into it because then it - * will run more slowly). - */ - - yy_next_state = yy_try_NUL_trans( yy_current_state ); - - yy_bp = yytext_ptr + YY_MORE_ADJ; - - if ( yy_next_state ) - { - /* Consume the NUL. */ - yy_cp = ++yy_c_buf_p; - yy_current_state = yy_next_state; - goto yy_match; - } - - else - { - yy_cp = yy_c_buf_p; - goto yy_find_action; - } - } - - else switch ( yy_get_next_buffer() ) - { - case EOB_ACT_END_OF_FILE: - { - yy_did_buffer_switch_on_eof = 0; - - if ( yywrap() ) - { - /* Note: because we've taken care in - * yy_get_next_buffer() to have set up - * yytext, we can now set up - * yy_c_buf_p so that if some total - * hoser (like flex itself) wants to - * call the scanner after we return the - * YY_NULL, it'll still work - another - * YY_NULL will get returned. - */ - yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; - - yy_act = YY_STATE_EOF(YY_START); - goto do_action; - } - - else - { - if ( ! yy_did_buffer_switch_on_eof ) - YY_NEW_FILE; - } - break; - } - - case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = - yytext_ptr + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state(); - - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; - goto yy_match; - - case EOB_ACT_LAST_MATCH: - yy_c_buf_p = - &yy_current_buffer->yy_ch_buf[yy_n_chars]; - - yy_current_state = yy_get_previous_state(); - - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; - goto yy_find_action; - } - break; - } - - default: - YY_FATAL_ERROR( - "fatal flex scanner internal error--no action found" ); - } /* end of action switch */ - } /* end of scanning one token */ - } /* end of yylex */ - - -/* yy_get_next_buffer - try to read in a new buffer - * - * Returns a code representing an action: - * EOB_ACT_LAST_MATCH - - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position - * EOB_ACT_END_OF_FILE - end of file - */ - -static int yy_get_next_buffer() - { - register char *dest = yy_current_buffer->yy_ch_buf; - register char *source = yytext_ptr; - register int number_to_move, i; - int ret_val; - - if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) - YY_FATAL_ERROR( - "fatal flex scanner internal error--end of buffer missed" ); - - if ( yy_current_buffer->yy_fill_buffer == 0 ) - { /* Don't try to fill the buffer, so this is an EOF. */ - if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) - { - /* We matched a single character, the EOB, so - * treat this as a final EOF. - */ - return EOB_ACT_END_OF_FILE; - } - - else - { - /* We matched some text prior to the EOB, first - * process it. - */ - return EOB_ACT_LAST_MATCH; - } - } - - /* Try to read more data. */ - - /* First move last chars to start of buffer. */ - number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; - - for ( i = 0; i < number_to_move; ++i ) - *(dest++) = *(source++); - - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) - /* don't do the read, it's not guaranteed to return an EOF, - * just force an EOF - */ - yy_current_buffer->yy_n_chars = yy_n_chars = 0; - - else - { - int num_to_read = - yy_current_buffer->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) - { /* Not enough room in the buffer - grow it. */ -#ifdef YY_USES_REJECT - YY_FATAL_ERROR( -"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); -#else - - /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = yy_current_buffer; - - int yy_c_buf_p_offset = - (int) (yy_c_buf_p - b->yy_ch_buf); - - if ( b->yy_is_our_buffer ) - { - int new_size = b->yy_buf_size * 2; - - if ( new_size <= 0 ) - b->yy_buf_size += b->yy_buf_size / 8; - else - b->yy_buf_size *= 2; - - b->yy_ch_buf = (char *) - /* Include room in for 2 EOB chars. */ - yy_flex_realloc( (void *) b->yy_ch_buf, - b->yy_buf_size + 2 ); - } - else - /* Can't grow it, we don't own it. */ - b->yy_ch_buf = 0; - - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( - "fatal error - scanner input buffer overflow" ); - - yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; - - num_to_read = yy_current_buffer->yy_buf_size - - number_to_move - 1; -#endif - } - - if ( num_to_read > YY_READ_BUF_SIZE ) - num_to_read = YY_READ_BUF_SIZE; - - /* Read in more data. */ - YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), - yy_n_chars, num_to_read ); - - yy_current_buffer->yy_n_chars = yy_n_chars; - } - - if ( yy_n_chars == 0 ) - { - if ( number_to_move == YY_MORE_ADJ ) - { - ret_val = EOB_ACT_END_OF_FILE; - yyrestart( yyin ); - } - - else - { - ret_val = EOB_ACT_LAST_MATCH; - yy_current_buffer->yy_buffer_status = - YY_BUFFER_EOF_PENDING; - } - } - - else - ret_val = EOB_ACT_CONTINUE_SCAN; - - yy_n_chars += number_to_move; - yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; - yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; - - yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; - - return ret_val; - } - - -/* yy_get_previous_state - get the state just before the EOB char was reached */ - -static yy_state_type yy_get_previous_state() - { - register yy_state_type yy_current_state; - register char *yy_cp; - - yy_current_state = yy_start; - - for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) - { - register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 568 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - } - - return yy_current_state; - } - - -/* yy_try_NUL_trans - try to make a transition on the NUL character - * - * synopsis - * next_state = yy_try_NUL_trans( current_state ); - */ - -#ifdef YY_USE_PROTOS -static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) -#else -static yy_state_type yy_try_NUL_trans( yy_current_state ) -yy_state_type yy_current_state; -#endif - { - register int yy_is_jam; - register char *yy_cp = yy_c_buf_p; - - register YY_CHAR yy_c = 1; - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 568 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 567); - - return yy_is_jam ? 0 : yy_current_state; - } - - -#ifndef YY_NO_UNPUT -#ifdef YY_USE_PROTOS -static void yyunput( int c, register char *yy_bp ) -#else -static void yyunput( c, yy_bp ) -int c; -register char *yy_bp; -#endif - { - register char *yy_cp = yy_c_buf_p; - - /* undo effects of setting up yytext */ - *yy_cp = yy_hold_char; - - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) - { /* need to shift things up to make room */ - /* +2 for EOB chars. */ - register int number_to_move = yy_n_chars + 2; - register char *dest = &yy_current_buffer->yy_ch_buf[ - yy_current_buffer->yy_buf_size + 2]; - register char *source = - &yy_current_buffer->yy_ch_buf[number_to_move]; - - while ( source > yy_current_buffer->yy_ch_buf ) - *--dest = *--source; - - yy_cp += (int) (dest - source); - yy_bp += (int) (dest - source); - yy_current_buffer->yy_n_chars = - yy_n_chars = yy_current_buffer->yy_buf_size; - - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) - YY_FATAL_ERROR( "flex scanner push-back overflow" ); - } - - *--yy_cp = (char) c; - - - yytext_ptr = yy_bp; - yy_hold_char = *yy_cp; - yy_c_buf_p = yy_cp; - } -#endif /* ifndef YY_NO_UNPUT */ - - -#ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput() -#else -static int input() -#endif - { - int c; - - *yy_c_buf_p = yy_hold_char; - - if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) - { - /* yy_c_buf_p now points to the character we want to return. - * If this occurs *before* the EOB characters, then it's a - * valid NUL; if not, then we've hit the end of the buffer. - */ - if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) - /* This was really a NUL. */ - *yy_c_buf_p = '\0'; - - else - { /* need more input */ - int offset = yy_c_buf_p - yytext_ptr; - ++yy_c_buf_p; - - switch ( yy_get_next_buffer() ) - { - case EOB_ACT_LAST_MATCH: - /* This happens because yy_g_n_b() - * sees that we've accumulated a - * token and flags that we need to - * try matching the token before - * proceeding. But for input(), - * there's no matching to consider. - * So convert the EOB_ACT_LAST_MATCH - * to EOB_ACT_END_OF_FILE. - */ - - /* Reset buffer status. */ - yyrestart( yyin ); - - /* fall through */ - - case EOB_ACT_END_OF_FILE: - { - if ( yywrap() ) - return EOF; - - if ( ! yy_did_buffer_switch_on_eof ) - YY_NEW_FILE; -#ifdef __cplusplus - return yyinput(); -#else - return input(); -#endif - } - - case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = yytext_ptr + offset; - break; - } - } - } - - c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ - *yy_c_buf_p = '\0'; /* preserve yytext */ - yy_hold_char = *++yy_c_buf_p; - - - return c; - } -#endif /* YY_NO_INPUT */ - -#ifdef YY_USE_PROTOS -void yyrestart( FILE *input_file ) -#else -void yyrestart( input_file ) -FILE *input_file; -#endif - { - if ( ! yy_current_buffer ) - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); - - yy_init_buffer( yy_current_buffer, input_file ); - yy_load_buffer_state(); - } - - -#ifdef YY_USE_PROTOS -void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) -#else -void yy_switch_to_buffer( new_buffer ) -YY_BUFFER_STATE new_buffer; -#endif - { - if ( yy_current_buffer == new_buffer ) - return; - - if ( yy_current_buffer ) - { - /* Flush out information for old buffer. */ - *yy_c_buf_p = yy_hold_char; - yy_current_buffer->yy_buf_pos = yy_c_buf_p; - yy_current_buffer->yy_n_chars = yy_n_chars; - } - - yy_current_buffer = new_buffer; - yy_load_buffer_state(); - - /* We don't actually know whether we did this switch during - * EOF (yywrap()) processing, but the only time this flag - * is looked at is after yywrap() is called, so it's safe - * to go ahead and always set it. - */ - yy_did_buffer_switch_on_eof = 1; - } - - -#ifdef YY_USE_PROTOS -void yy_load_buffer_state( void ) -#else -void yy_load_buffer_state() -#endif - { - yy_n_chars = yy_current_buffer->yy_n_chars; - yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; - yyin = yy_current_buffer->yy_input_file; - yy_hold_char = *yy_c_buf_p; - } - - -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) -#else -YY_BUFFER_STATE yy_create_buffer( file, size ) -FILE *file; -int size; -#endif - { - YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_buf_size = size; - - /* yy_ch_buf has to be 2 characters longer than the size given because - * we need to put in 2 end-of-buffer characters. - */ - b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_is_our_buffer = 1; - - yy_init_buffer( b, file ); - - return b; - } - - -#ifdef YY_USE_PROTOS -void yy_delete_buffer( YY_BUFFER_STATE b ) -#else -void yy_delete_buffer( b ) -YY_BUFFER_STATE b; -#endif - { - if ( ! b ) - return; - - if ( b == yy_current_buffer ) - yy_current_buffer = (YY_BUFFER_STATE) 0; - - if ( b->yy_is_our_buffer ) - yy_flex_free( (void *) b->yy_ch_buf ); - - yy_flex_free( (void *) b ); - } - - - -#ifdef YY_USE_PROTOS -void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) -#else -void yy_init_buffer( b, file ) -YY_BUFFER_STATE b; -FILE *file; -#endif - - - { - yy_flush_buffer( b ); - - b->yy_input_file = file; - b->yy_fill_buffer = 1; - -#if YY_ALWAYS_INTERACTIVE - b->yy_is_interactive = 1; -#else -#if YY_NEVER_INTERACTIVE - b->yy_is_interactive = 0; -#else - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; -#endif -#endif - } - - -#ifdef YY_USE_PROTOS -void yy_flush_buffer( YY_BUFFER_STATE b ) -#else -void yy_flush_buffer( b ) -YY_BUFFER_STATE b; -#endif - - { - if ( ! b ) - return; - - b->yy_n_chars = 0; - - /* We always need two end-of-buffer characters. The first causes - * a transition to the end-of-buffer state. The second causes - * a jam in that state. - */ - b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; - b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; - - b->yy_buf_pos = &b->yy_ch_buf[0]; - - b->yy_at_bol = 1; - b->yy_buffer_status = YY_BUFFER_NEW; - - if ( b == yy_current_buffer ) - yy_load_buffer_state(); - } - - -#ifndef YY_NO_SCAN_BUFFER -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) -#else -YY_BUFFER_STATE yy_scan_buffer( base, size ) -char *base; -yy_size_t size; -#endif - { - YY_BUFFER_STATE b; - - if ( size < 2 || - base[size-2] != YY_END_OF_BUFFER_CHAR || - base[size-1] != YY_END_OF_BUFFER_CHAR ) - /* They forgot to leave room for the EOB's. */ - return 0; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); - - b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ - b->yy_buf_pos = b->yy_ch_buf = base; - b->yy_is_our_buffer = 0; - b->yy_input_file = 0; - b->yy_n_chars = b->yy_buf_size; - b->yy_is_interactive = 0; - b->yy_at_bol = 1; - b->yy_fill_buffer = 0; - b->yy_buffer_status = YY_BUFFER_NEW; - - yy_switch_to_buffer( b ); - - return b; - } -#endif - - -#ifndef YY_NO_SCAN_STRING -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) -#else -YY_BUFFER_STATE yy_scan_string( yy_str ) -yyconst char *yy_str; -#endif - { - int len; - for ( len = 0; yy_str[len]; ++len ) - ; - - return yy_scan_bytes( yy_str, len ); - } -#endif - - -#ifndef YY_NO_SCAN_BYTES -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) -#else -YY_BUFFER_STATE yy_scan_bytes( bytes, len ) -yyconst char *bytes; -int len; -#endif - { - YY_BUFFER_STATE b; - char *buf; - yy_size_t n; - int i; - - /* Get memory for full buffer, including space for trailing EOB's. */ - n = len + 2; - buf = (char *) yy_flex_alloc( n ); - if ( ! buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - - for ( i = 0; i < len; ++i ) - buf[i] = bytes[i]; - - buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; - - b = yy_scan_buffer( buf, n ); - if ( ! b ) - YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); - - /* It's okay to grow etc. this buffer, and we should throw it - * away when we're done. - */ - b->yy_is_our_buffer = 1; - - return b; - } -#endif - - -#ifndef YY_NO_PUSH_STATE -#ifdef YY_USE_PROTOS -static void yy_push_state( int new_state ) -#else -static void yy_push_state( new_state ) -int new_state; -#endif - { - if ( yy_start_stack_ptr >= yy_start_stack_depth ) - { - yy_size_t new_size; - - yy_start_stack_depth += YY_START_STACK_INCR; - new_size = yy_start_stack_depth * sizeof( int ); - - if ( ! yy_start_stack ) - yy_start_stack = (int *) yy_flex_alloc( new_size ); - - else - yy_start_stack = (int *) yy_flex_realloc( - (void *) yy_start_stack, new_size ); - - if ( ! yy_start_stack ) - YY_FATAL_ERROR( - "out of memory expanding start-condition stack" ); - } - - yy_start_stack[yy_start_stack_ptr++] = YY_START; - - BEGIN(new_state); - } -#endif - - -#ifndef YY_NO_POP_STATE -static void yy_pop_state() - { - if ( --yy_start_stack_ptr < 0 ) - YY_FATAL_ERROR( "start-condition stack underflow" ); - - BEGIN(yy_start_stack[yy_start_stack_ptr]); - } -#endif - - -#ifndef YY_NO_TOP_STATE -static int yy_top_state() - { - return yy_start_stack[yy_start_stack_ptr - 1]; - } -#endif - -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif - -#ifdef YY_USE_PROTOS -static void yy_fatal_error( yyconst char msg[] ) -#else -static void yy_fatal_error( msg ) -char msg[]; -#endif - { - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); - } - - - -/* Redefine yyless() so it works in section 3 code. */ - -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - yytext[yyleng] = yy_hold_char; \ - yy_c_buf_p = yytext + n; \ - yy_hold_char = *yy_c_buf_p; \ - *yy_c_buf_p = '\0'; \ - yyleng = n; \ - } \ - while ( 0 ) - - -/* Internal utility routines. */ - -#ifndef yytext_ptr -#ifdef YY_USE_PROTOS -static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) -#else -static void yy_flex_strncpy( s1, s2, n ) -char *s1; -yyconst char *s2; -int n; -#endif - { - register int i; - for ( i = 0; i < n; ++i ) - s1[i] = s2[i]; - } -#endif - -#ifdef YY_NEED_STRLEN -#ifdef YY_USE_PROTOS -static int yy_flex_strlen( yyconst char *s ) -#else -static int yy_flex_strlen( s ) -yyconst char *s; -#endif - { - register int n; - for ( n = 0; s[n]; ++n ) - ; - - return n; - } -#endif - - -#ifdef YY_USE_PROTOS -static void *yy_flex_alloc( yy_size_t size ) -#else -static void *yy_flex_alloc( size ) -yy_size_t size; -#endif - { - return (void *) malloc( size ); - } - -#ifdef YY_USE_PROTOS -static void *yy_flex_realloc( void *ptr, yy_size_t size ) -#else -static void *yy_flex_realloc( ptr, size ) -void *ptr; -yy_size_t size; -#endif - { - /* The cast to (char *) in the following accommodates both - * implementations that use char* generic pointers, and those - * that use void* generic pointers. It works with the latter - * because both ANSI C and C++ allow castless assignment from - * any pointer type to void*, and deal with argument conversions - * as though doing an assignment. - */ - return (void *) realloc( (char *) ptr, size ); - } - -#ifdef YY_USE_PROTOS -static void yy_flex_free( void *ptr ) -#else -static void yy_flex_free( ptr ) -void *ptr; -#endif - { - free( ptr ); - } - -#if YY_MAIN -int main() - { - yylex(); - return 0; - } -#endif -#line 268 "lex.l" - - -#ifndef yywrap /* XXX */ -int -yywrap () -{ - return 1; -} -#endif - -void -error_message (const char *format, ...) -{ - va_list args; - - va_start (args, format); - fprintf (stderr, "%s:%d: ", get_filename(), lineno); - vfprintf (stderr, format, args); - va_end (args); - error_flag++; -} - -static void -unterminated(const char *type, unsigned start_lineno) -{ - error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); -} diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c deleted file mode 100644 index ffaf15279a..0000000000 --- a/source4/heimdal/lib/com_err/lex.c +++ /dev/null @@ -1,1706 +0,0 @@ -/* A lexical scanner generated by flex*/ - -/* Scanner skeleton version: - * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ - */ - -#define FLEX_SCANNER -#define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 - -#include -#include - - -/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ -#ifdef c_plusplus -#ifndef __cplusplus -#define __cplusplus -#endif -#endif - - -#ifdef __cplusplus - -#include - -/* Use prototypes in function declarations. */ -#define YY_USE_PROTOS - -/* The "const" storage-class-modifier is valid. */ -#define YY_USE_CONST - -#else /* ! __cplusplus */ - -#if __STDC__ - -#define YY_USE_PROTOS -#define YY_USE_CONST - -#endif /* __STDC__ */ -#endif /* ! __cplusplus */ - -#ifdef __TURBOC__ - #pragma warn -rch - #pragma warn -use -#include -#include -#define YY_USE_CONST -#define YY_USE_PROTOS -#endif - -#ifdef YY_USE_CONST -#define yyconst const -#else -#define yyconst -#endif - - -#ifdef YY_USE_PROTOS -#define YY_PROTO(proto) proto -#else -#define YY_PROTO(proto) () -#endif - -/* Returned upon end-of-file. */ -#define YY_NULL 0 - -/* Promotes a possibly negative, possibly signed char to an unsigned - * integer for use as an array index. If the signed char is negative, - * we want to instead treat it as an 8-bit unsigned char, hence the - * double cast. - */ -#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) - -/* Enter a start condition. This macro really ought to take a parameter, - * but we do it the disgusting crufty way forced on us by the ()-less - * definition of BEGIN. - */ -#define BEGIN yy_start = 1 + 2 * - -/* Translate the current start state into a value that can be later handed - * to BEGIN to return to the state. The YYSTATE alias is for lex - * compatibility. - */ -#define YY_START ((yy_start - 1) / 2) -#define YYSTATE YY_START - -/* Action number for EOF rule of a given start state. */ -#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) - -/* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart( yyin ) - -#define YY_END_OF_BUFFER_CHAR 0 - -/* Size of default input buffer. */ -#define YY_BUF_SIZE 16384 - -typedef struct yy_buffer_state *YY_BUFFER_STATE; - -extern int yyleng; -extern FILE *yyin, *yyout; - -#define EOB_ACT_CONTINUE_SCAN 0 -#define EOB_ACT_END_OF_FILE 1 -#define EOB_ACT_LAST_MATCH 2 - -/* The funky do-while in the following #define is used to turn the definition - * int a single C statement (which needs a semi-colon terminator). This - * avoids problems with code like: - * - * if ( condition_holds ) - * yyless( 5 ); - * else - * do_something_else(); - * - * Prior to using the do-while the compiler would get upset at the - * "else" because it interpreted the "if" statement as being all - * done when it reached the ';' after the yyless() call. - */ - -/* Return all but the first 'n' matched characters back to the input stream. */ - -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - *yy_cp = yy_hold_char; \ - YY_RESTORE_YY_MORE_OFFSET \ - yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ - YY_DO_BEFORE_ACTION; /* set up yytext again */ \ - } \ - while ( 0 ) - -#define unput(c) yyunput( c, yytext_ptr ) - -/* Some routines like yy_flex_realloc() are emitted as static but are - not called by all lexers. This generates warnings in some compilers, - notably GCC. Arrange to suppress these. */ -#ifdef __GNUC__ -#define YY_MAY_BE_UNUSED __attribute__((unused)) -#else -#define YY_MAY_BE_UNUSED -#endif - -/* The following is because we cannot portably get our hands on size_t - * (without autoconf's help, which isn't available because we want - * flex-generated scanners to compile on their own). - */ -typedef unsigned int yy_size_t; - - -struct yy_buffer_state - { - FILE *yy_input_file; - - char *yy_ch_buf; /* input buffer */ - char *yy_buf_pos; /* current position in input buffer */ - - /* Size of input buffer in bytes, not including room for EOB - * characters. - */ - yy_size_t yy_buf_size; - - /* Number of characters read into yy_ch_buf, not including EOB - * characters. - */ - int yy_n_chars; - - /* Whether we "own" the buffer - i.e., we know we created it, - * and can realloc() it to grow it, and should free() it to - * delete it. - */ - int yy_is_our_buffer; - - /* Whether this is an "interactive" input source; if so, and - * if we're using stdio for input, then we want to use getc() - * instead of fread(), to make sure we stop fetching input after - * each newline. - */ - int yy_is_interactive; - - /* Whether we're considered to be at the beginning of a line. - * If so, '^' rules will be active on the next match, otherwise - * not. - */ - int yy_at_bol; - - /* Whether to try to fill the input buffer when we reach the - * end of it. - */ - int yy_fill_buffer; - - int yy_buffer_status; -#define YY_BUFFER_NEW 0 -#define YY_BUFFER_NORMAL 1 - /* When an EOF's been seen but there's still some text to process - * then we mark the buffer as YY_EOF_PENDING, to indicate that we - * shouldn't try reading from the input source any more. We might - * still have a bunch of tokens to match, though, because of - * possible backing-up. - * - * When we actually see the EOF, we change the status to "new" - * (via yyrestart()), so that the user can continue scanning by - * just pointing yyin at a new input file. - */ -#define YY_BUFFER_EOF_PENDING 2 - }; - -static YY_BUFFER_STATE yy_current_buffer = 0; - -/* We provide macros for accessing buffer states in case in the - * future we want to put the buffer states in a more general - * "scanner state". - */ -#define YY_CURRENT_BUFFER yy_current_buffer - - -/* yy_hold_char holds the character lost when yytext is formed. */ -static char yy_hold_char; - -static int yy_n_chars; /* number of characters read into yy_ch_buf */ - - -int yyleng; - -/* Points to current character in buffer. */ -static char *yy_c_buf_p = (char *) 0; -static int yy_init = 1; /* whether we need to initialize */ -static int yy_start = 0; /* start state number */ - -/* Flag which is used to allow yywrap()'s to do buffer switches - * instead of setting up a fresh yyin. A bit of a hack ... - */ -static int yy_did_buffer_switch_on_eof; - -void yyrestart YY_PROTO(( FILE *input_file )); - -void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); -void yy_load_buffer_state YY_PROTO(( void )); -YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); -void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); -void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); -void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); -#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) - -YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); -YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); -YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); - -static void *yy_flex_alloc YY_PROTO(( yy_size_t )); -static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )) YY_MAY_BE_UNUSED; -static void yy_flex_free YY_PROTO(( void * )); - -#define yy_new_buffer yy_create_buffer - -#define yy_set_interactive(is_interactive) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_is_interactive = is_interactive; \ - } - -#define yy_set_bol(at_bol) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_at_bol = at_bol; \ - } - -#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) - -typedef unsigned char YY_CHAR; -FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; -typedef int yy_state_type; -extern char *yytext; -#define yytext_ptr yytext - -static yy_state_type yy_get_previous_state YY_PROTO(( void )); -static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); -static int yy_get_next_buffer YY_PROTO(( void )); -static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); - -/* Done after the current pattern has been matched and before the - * corresponding action - sets up yytext. - */ -#define YY_DO_BEFORE_ACTION \ - yytext_ptr = yy_bp; \ - yyleng = (int) (yy_cp - yy_bp); \ - yy_hold_char = *yy_cp; \ - *yy_cp = '\0'; \ - yy_c_buf_p = yy_cp; - -#define YY_NUM_RULES 16 -#define YY_END_OF_BUFFER 17 -static yyconst short int yy_accept[46] = - { 0, - 0, 0, 17, 15, 11, 12, 13, 10, 9, 14, - 14, 14, 14, 10, 9, 14, 3, 14, 14, 1, - 7, 14, 14, 8, 14, 14, 14, 14, 14, 14, - 14, 6, 14, 14, 5, 14, 14, 14, 14, 14, - 14, 4, 14, 2, 0 - } ; - -static yyconst int yy_ec[256] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 1, 4, 5, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 1, 1, 1, - 1, 1, 1, 1, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 1, 1, 1, 1, 8, 1, 9, 10, 11, 12, - - 13, 14, 7, 7, 15, 7, 7, 16, 7, 17, - 18, 19, 7, 20, 7, 21, 7, 7, 7, 22, - 7, 7, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1 - } ; - -static yyconst int yy_meta[23] = - { 0, - 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, - 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, - 3, 3 - } ; - -static yyconst short int yy_base[48] = - { 0, - 0, 0, 56, 57, 57, 57, 57, 0, 49, 0, - 12, 13, 34, 0, 47, 0, 0, 40, 31, 0, - 0, 38, 36, 0, 30, 34, 32, 25, 22, 28, - 34, 0, 19, 13, 0, 22, 30, 26, 26, 18, - 12, 0, 14, 0, 57, 34, 23 - } ; - -static yyconst short int yy_def[48] = - { 0, - 45, 1, 45, 45, 45, 45, 45, 46, 47, 47, - 47, 47, 47, 46, 47, 47, 47, 47, 47, 47, - 47, 47, 47, 47, 47, 47, 47, 47, 47, 47, - 47, 47, 47, 47, 47, 47, 47, 47, 47, 47, - 47, 47, 47, 47, 0, 45, 45 - } ; - -static yyconst short int yy_nxt[80] = - { 0, - 4, 5, 6, 7, 8, 9, 10, 10, 10, 10, - 10, 10, 11, 10, 12, 10, 10, 10, 13, 10, - 10, 10, 17, 36, 21, 16, 44, 43, 18, 22, - 42, 19, 20, 37, 14, 41, 14, 40, 39, 38, - 35, 34, 33, 32, 31, 30, 29, 28, 27, 26, - 25, 24, 15, 23, 15, 45, 3, 45, 45, 45, - 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, - 45, 45, 45, 45, 45, 45, 45, 45, 45 - } ; - -static yyconst short int yy_chk[80] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 11, 34, 12, 47, 43, 41, 11, 12, - 40, 11, 11, 34, 46, 39, 46, 38, 37, 36, - 33, 31, 30, 29, 28, 27, 26, 25, 23, 22, - 19, 18, 15, 13, 9, 3, 45, 45, 45, 45, - 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, - 45, 45, 45, 45, 45, 45, 45, 45, 45 - } ; - -static yy_state_type yy_last_accepting_state; -static char *yy_last_accepting_cpos; - -/* The intent behind this definition is that it'll catch - * any uses of REJECT which flex missed. - */ -#define REJECT reject_used_but_not_detected -#define yymore() yymore_used_but_not_detected -#define YY_MORE_ADJ 0 -#define YY_RESTORE_YY_MORE_OFFSET -char *yytext; -#line 1 "lex.l" -#define INITIAL 0 -#line 2 "lex.l" -/* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * This is to handle the definition of this symbol in some AIX - * headers, which will conflict with the definition that lex will - * generate for it. It's only a problem for AIX lex. - */ - -#undef ECHO - -#include "compile_et.h" -#include "parse.h" -#include "lex.h" - -RCSID("$Id: lex.l,v 1.8 2005/05/16 08:52:54 lha Exp $"); - -static unsigned lineno = 1; -static int getstring(void); - -#define YY_NO_UNPUT - -#undef ECHO - -#line 455 "lex.yy.c" - -/* Macros after this point can all be overridden by user definitions in - * section 1. - */ - -#ifndef YY_SKIP_YYWRAP -#ifdef __cplusplus -extern "C" int yywrap YY_PROTO(( void )); -#else -extern int yywrap YY_PROTO(( void )); -#endif -#endif - -#ifndef YY_NO_UNPUT -static void yyunput YY_PROTO(( int c, char *buf_ptr )); -#endif - -#ifndef yytext_ptr -static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen YY_PROTO(( yyconst char * )); -#endif - -#ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput YY_PROTO(( void )); -#else -static int input YY_PROTO(( void )); -#endif -#endif - -#if YY_STACK_USED -static int yy_start_stack_ptr = 0; -static int yy_start_stack_depth = 0; -static int *yy_start_stack = 0; -#ifndef YY_NO_PUSH_STATE -static void yy_push_state YY_PROTO(( int new_state )); -#endif -#ifndef YY_NO_POP_STATE -static void yy_pop_state YY_PROTO(( void )); -#endif -#ifndef YY_NO_TOP_STATE -static int yy_top_state YY_PROTO(( void )); -#endif - -#else -#define YY_NO_PUSH_STATE 1 -#define YY_NO_POP_STATE 1 -#define YY_NO_TOP_STATE 1 -#endif - -#ifdef YY_MALLOC_DECL -YY_MALLOC_DECL -#else -#if __STDC__ -#ifndef __cplusplus -#include -#endif -#else -/* Just try to get by without declaring the routines. This will fail - * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) - * or sizeof(void*) != sizeof(int). - */ -#endif -#endif - -/* Amount of stuff to slurp up with each read. */ -#ifndef YY_READ_BUF_SIZE -#define YY_READ_BUF_SIZE 8192 -#endif - -/* Copy whatever the last rule matched to the standard output. */ - -#ifndef ECHO -/* This used to be an fputs(), but since the string might contain NUL's, - * we now use fwrite(). - */ -#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) -#endif - -/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, - * is returned in "result". - */ -#ifndef YY_INPUT -#define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) \ - { \ - int c = '*', n; \ - for ( n = 0; n < max_size && \ - (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ - buf[n] = (char) c; \ - if ( c == '\n' ) \ - buf[n++] = (char) c; \ - if ( c == EOF && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - result = n; \ - } \ - else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ - && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); -#endif - -/* No semi-colon after return; correct usage is to write "yyterminate();" - - * we don't want an extra ';' after the "return" because that will cause - * some compilers to complain about unreachable statements. - */ -#ifndef yyterminate -#define yyterminate() return YY_NULL -#endif - -/* Number of entries by which start-condition stack grows. */ -#ifndef YY_START_STACK_INCR -#define YY_START_STACK_INCR 25 -#endif - -/* Report a fatal error. */ -#ifndef YY_FATAL_ERROR -#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) -#endif - -/* Default declaration of generated scanner - a define so the user can - * easily add parameters. - */ -#ifndef YY_DECL -#define YY_DECL int yylex YY_PROTO(( void )) -#endif - -/* Code executed at the beginning of each rule, after yytext and yyleng - * have been set up. - */ -#ifndef YY_USER_ACTION -#define YY_USER_ACTION -#endif - -/* Code executed at the end of each rule. */ -#ifndef YY_BREAK -#define YY_BREAK break; -#endif - -#define YY_RULE_SETUP \ - YY_USER_ACTION - -YY_DECL - { - register yy_state_type yy_current_state; - register char *yy_cp = NULL, *yy_bp = NULL; - register int yy_act; - -#line 59 "lex.l" - -#line 608 "lex.yy.c" - - if ( yy_init ) - { - yy_init = 0; - -#ifdef YY_USER_INIT - YY_USER_INIT; -#endif - - if ( ! yy_start ) - yy_start = 1; /* first start state */ - - if ( ! yyin ) - yyin = stdin; - - if ( ! yyout ) - yyout = stdout; - - if ( ! yy_current_buffer ) - yy_current_buffer = - yy_create_buffer( yyin, YY_BUF_SIZE ); - - yy_load_buffer_state(); - } - - while ( 1 ) /* loops until end-of-file is reached */ - { - yy_cp = yy_c_buf_p; - - /* Support of yytext. */ - *yy_cp = yy_hold_char; - - /* yy_bp points to the position in yy_ch_buf of the start of - * the current run. - */ - yy_bp = yy_cp; - - yy_current_state = yy_start; -yy_match: - do - { - register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 46 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - ++yy_cp; - } - while ( yy_base[yy_current_state] != 57 ); - -yy_find_action: - yy_act = yy_accept[yy_current_state]; - if ( yy_act == 0 ) - { /* have to back up */ - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; - yy_act = yy_accept[yy_current_state]; - } - - YY_DO_BEFORE_ACTION; - - -do_action: /* This label is used only to access EOF actions. */ - - - switch ( yy_act ) - { /* beginning of action switch */ - case 0: /* must back up */ - /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = yy_hold_char; - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; - goto yy_find_action; - -case 1: -YY_RULE_SETUP -#line 60 "lex.l" -{ return ET; } - YY_BREAK -case 2: -YY_RULE_SETUP -#line 61 "lex.l" -{ return ET; } - YY_BREAK -case 3: -YY_RULE_SETUP -#line 62 "lex.l" -{ return EC; } - YY_BREAK -case 4: -YY_RULE_SETUP -#line 63 "lex.l" -{ return EC; } - YY_BREAK -case 5: -YY_RULE_SETUP -#line 64 "lex.l" -{ return PREFIX; } - YY_BREAK -case 6: -YY_RULE_SETUP -#line 65 "lex.l" -{ return INDEX; } - YY_BREAK -case 7: -YY_RULE_SETUP -#line 66 "lex.l" -{ return ID; } - YY_BREAK -case 8: -YY_RULE_SETUP -#line 67 "lex.l" -{ return END; } - YY_BREAK -case 9: -YY_RULE_SETUP -#line 68 "lex.l" -{ yylval.number = atoi(yytext); return NUMBER; } - YY_BREAK -case 10: -YY_RULE_SETUP -#line 69 "lex.l" -; - YY_BREAK -case 11: -YY_RULE_SETUP -#line 70 "lex.l" -; - YY_BREAK -case 12: -YY_RULE_SETUP -#line 71 "lex.l" -{ lineno++; } - YY_BREAK -case 13: -YY_RULE_SETUP -#line 72 "lex.l" -{ return getstring(); } - YY_BREAK -case 14: -YY_RULE_SETUP -#line 73 "lex.l" -{ yylval.string = strdup(yytext); return STRING; } - YY_BREAK -case 15: -YY_RULE_SETUP -#line 74 "lex.l" -{ return *yytext; } - YY_BREAK -case 16: -YY_RULE_SETUP -#line 75 "lex.l" -ECHO; - YY_BREAK -#line 771 "lex.yy.c" -case YY_STATE_EOF(INITIAL): - yyterminate(); - - case YY_END_OF_BUFFER: - { - /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; - - /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = yy_hold_char; - YY_RESTORE_YY_MORE_OFFSET - - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) - { - /* We're scanning a new file or input source. It's - * possible that this happened because the user - * just pointed yyin at a new source and called - * yylex(). If so, then we have to assure - * consistency between yy_current_buffer and our - * globals. Here is the right place to do so, because - * this is the first action (other than possibly a - * back-up) that will match for the new input source. - */ - yy_n_chars = yy_current_buffer->yy_n_chars; - yy_current_buffer->yy_input_file = yyin; - yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; - } - - /* Note that here we test for yy_c_buf_p "<=" to the position - * of the first EOB in the buffer, since yy_c_buf_p will - * already have been incremented past the NUL character - * (since all states make transitions on EOB to the - * end-of-buffer state). Contrast this with the test - * in input(). - */ - if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) - { /* This was really a NUL. */ - yy_state_type yy_next_state; - - yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state(); - - /* Okay, we're now positioned to make the NUL - * transition. We couldn't have - * yy_get_previous_state() go ahead and do it - * for us because it doesn't know how to deal - * with the possibility of jamming (and we don't - * want to build jamming into it because then it - * will run more slowly). - */ - - yy_next_state = yy_try_NUL_trans( yy_current_state ); - - yy_bp = yytext_ptr + YY_MORE_ADJ; - - if ( yy_next_state ) - { - /* Consume the NUL. */ - yy_cp = ++yy_c_buf_p; - yy_current_state = yy_next_state; - goto yy_match; - } - - else - { - yy_cp = yy_c_buf_p; - goto yy_find_action; - } - } - - else switch ( yy_get_next_buffer() ) - { - case EOB_ACT_END_OF_FILE: - { - yy_did_buffer_switch_on_eof = 0; - - if ( yywrap() ) - { - /* Note: because we've taken care in - * yy_get_next_buffer() to have set up - * yytext, we can now set up - * yy_c_buf_p so that if some total - * hoser (like flex itself) wants to - * call the scanner after we return the - * YY_NULL, it'll still work - another - * YY_NULL will get returned. - */ - yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; - - yy_act = YY_STATE_EOF(YY_START); - goto do_action; - } - - else - { - if ( ! yy_did_buffer_switch_on_eof ) - YY_NEW_FILE; - } - break; - } - - case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = - yytext_ptr + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state(); - - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; - goto yy_match; - - case EOB_ACT_LAST_MATCH: - yy_c_buf_p = - &yy_current_buffer->yy_ch_buf[yy_n_chars]; - - yy_current_state = yy_get_previous_state(); - - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; - goto yy_find_action; - } - break; - } - - default: - YY_FATAL_ERROR( - "fatal flex scanner internal error--no action found" ); - } /* end of action switch */ - } /* end of scanning one token */ - } /* end of yylex */ - - -/* yy_get_next_buffer - try to read in a new buffer - * - * Returns a code representing an action: - * EOB_ACT_LAST_MATCH - - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position - * EOB_ACT_END_OF_FILE - end of file - */ - -static int yy_get_next_buffer() - { - register char *dest = yy_current_buffer->yy_ch_buf; - register char *source = yytext_ptr; - register int number_to_move, i; - int ret_val; - - if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) - YY_FATAL_ERROR( - "fatal flex scanner internal error--end of buffer missed" ); - - if ( yy_current_buffer->yy_fill_buffer == 0 ) - { /* Don't try to fill the buffer, so this is an EOF. */ - if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) - { - /* We matched a single character, the EOB, so - * treat this as a final EOF. - */ - return EOB_ACT_END_OF_FILE; - } - - else - { - /* We matched some text prior to the EOB, first - * process it. - */ - return EOB_ACT_LAST_MATCH; - } - } - - /* Try to read more data. */ - - /* First move last chars to start of buffer. */ - number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; - - for ( i = 0; i < number_to_move; ++i ) - *(dest++) = *(source++); - - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) - /* don't do the read, it's not guaranteed to return an EOF, - * just force an EOF - */ - yy_current_buffer->yy_n_chars = yy_n_chars = 0; - - else - { - int num_to_read = - yy_current_buffer->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) - { /* Not enough room in the buffer - grow it. */ -#ifdef YY_USES_REJECT - YY_FATAL_ERROR( -"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); -#else - - /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = yy_current_buffer; - - int yy_c_buf_p_offset = - (int) (yy_c_buf_p - b->yy_ch_buf); - - if ( b->yy_is_our_buffer ) - { - int new_size = b->yy_buf_size * 2; - - if ( new_size <= 0 ) - b->yy_buf_size += b->yy_buf_size / 8; - else - b->yy_buf_size *= 2; - - b->yy_ch_buf = (char *) - /* Include room in for 2 EOB chars. */ - yy_flex_realloc( (void *) b->yy_ch_buf, - b->yy_buf_size + 2 ); - } - else - /* Can't grow it, we don't own it. */ - b->yy_ch_buf = 0; - - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( - "fatal error - scanner input buffer overflow" ); - - yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; - - num_to_read = yy_current_buffer->yy_buf_size - - number_to_move - 1; -#endif - } - - if ( num_to_read > YY_READ_BUF_SIZE ) - num_to_read = YY_READ_BUF_SIZE; - - /* Read in more data. */ - YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), - yy_n_chars, num_to_read ); - - yy_current_buffer->yy_n_chars = yy_n_chars; - } - - if ( yy_n_chars == 0 ) - { - if ( number_to_move == YY_MORE_ADJ ) - { - ret_val = EOB_ACT_END_OF_FILE; - yyrestart( yyin ); - } - - else - { - ret_val = EOB_ACT_LAST_MATCH; - yy_current_buffer->yy_buffer_status = - YY_BUFFER_EOF_PENDING; - } - } - - else - ret_val = EOB_ACT_CONTINUE_SCAN; - - yy_n_chars += number_to_move; - yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; - yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; - - yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; - - return ret_val; - } - - -/* yy_get_previous_state - get the state just before the EOB char was reached */ - -static yy_state_type yy_get_previous_state() - { - register yy_state_type yy_current_state; - register char *yy_cp; - - yy_current_state = yy_start; - - for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) - { - register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 46 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - } - - return yy_current_state; - } - - -/* yy_try_NUL_trans - try to make a transition on the NUL character - * - * synopsis - * next_state = yy_try_NUL_trans( current_state ); - */ - -#ifdef YY_USE_PROTOS -static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) -#else -static yy_state_type yy_try_NUL_trans( yy_current_state ) -yy_state_type yy_current_state; -#endif - { - register int yy_is_jam; - register char *yy_cp = yy_c_buf_p; - - register YY_CHAR yy_c = 1; - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 46 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 45); - - return yy_is_jam ? 0 : yy_current_state; - } - - -#ifndef YY_NO_UNPUT -#ifdef YY_USE_PROTOS -static void yyunput( int c, register char *yy_bp ) -#else -static void yyunput( c, yy_bp ) -int c; -register char *yy_bp; -#endif - { - register char *yy_cp = yy_c_buf_p; - - /* undo effects of setting up yytext */ - *yy_cp = yy_hold_char; - - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) - { /* need to shift things up to make room */ - /* +2 for EOB chars. */ - register int number_to_move = yy_n_chars + 2; - register char *dest = &yy_current_buffer->yy_ch_buf[ - yy_current_buffer->yy_buf_size + 2]; - register char *source = - &yy_current_buffer->yy_ch_buf[number_to_move]; - - while ( source > yy_current_buffer->yy_ch_buf ) - *--dest = *--source; - - yy_cp += (int) (dest - source); - yy_bp += (int) (dest - source); - yy_current_buffer->yy_n_chars = - yy_n_chars = yy_current_buffer->yy_buf_size; - - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) - YY_FATAL_ERROR( "flex scanner push-back overflow" ); - } - - *--yy_cp = (char) c; - - - yytext_ptr = yy_bp; - yy_hold_char = *yy_cp; - yy_c_buf_p = yy_cp; - } -#endif /* ifndef YY_NO_UNPUT */ - - -#ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput() -#else -static int input() -#endif - { - int c; - - *yy_c_buf_p = yy_hold_char; - - if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) - { - /* yy_c_buf_p now points to the character we want to return. - * If this occurs *before* the EOB characters, then it's a - * valid NUL; if not, then we've hit the end of the buffer. - */ - if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) - /* This was really a NUL. */ - *yy_c_buf_p = '\0'; - - else - { /* need more input */ - int offset = yy_c_buf_p - yytext_ptr; - ++yy_c_buf_p; - - switch ( yy_get_next_buffer() ) - { - case EOB_ACT_LAST_MATCH: - /* This happens because yy_g_n_b() - * sees that we've accumulated a - * token and flags that we need to - * try matching the token before - * proceeding. But for input(), - * there's no matching to consider. - * So convert the EOB_ACT_LAST_MATCH - * to EOB_ACT_END_OF_FILE. - */ - - /* Reset buffer status. */ - yyrestart( yyin ); - - /* fall through */ - - case EOB_ACT_END_OF_FILE: - { - if ( yywrap() ) - return EOF; - - if ( ! yy_did_buffer_switch_on_eof ) - YY_NEW_FILE; -#ifdef __cplusplus - return yyinput(); -#else - return input(); -#endif - } - - case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = yytext_ptr + offset; - break; - } - } - } - - c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ - *yy_c_buf_p = '\0'; /* preserve yytext */ - yy_hold_char = *++yy_c_buf_p; - - - return c; - } -#endif /* YY_NO_INPUT */ - -#ifdef YY_USE_PROTOS -void yyrestart( FILE *input_file ) -#else -void yyrestart( input_file ) -FILE *input_file; -#endif - { - if ( ! yy_current_buffer ) - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); - - yy_init_buffer( yy_current_buffer, input_file ); - yy_load_buffer_state(); - } - - -#ifdef YY_USE_PROTOS -void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) -#else -void yy_switch_to_buffer( new_buffer ) -YY_BUFFER_STATE new_buffer; -#endif - { - if ( yy_current_buffer == new_buffer ) - return; - - if ( yy_current_buffer ) - { - /* Flush out information for old buffer. */ - *yy_c_buf_p = yy_hold_char; - yy_current_buffer->yy_buf_pos = yy_c_buf_p; - yy_current_buffer->yy_n_chars = yy_n_chars; - } - - yy_current_buffer = new_buffer; - yy_load_buffer_state(); - - /* We don't actually know whether we did this switch during - * EOF (yywrap()) processing, but the only time this flag - * is looked at is after yywrap() is called, so it's safe - * to go ahead and always set it. - */ - yy_did_buffer_switch_on_eof = 1; - } - - -#ifdef YY_USE_PROTOS -void yy_load_buffer_state( void ) -#else -void yy_load_buffer_state() -#endif - { - yy_n_chars = yy_current_buffer->yy_n_chars; - yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; - yyin = yy_current_buffer->yy_input_file; - yy_hold_char = *yy_c_buf_p; - } - - -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) -#else -YY_BUFFER_STATE yy_create_buffer( file, size ) -FILE *file; -int size; -#endif - { - YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_buf_size = size; - - /* yy_ch_buf has to be 2 characters longer than the size given because - * we need to put in 2 end-of-buffer characters. - */ - b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_is_our_buffer = 1; - - yy_init_buffer( b, file ); - - return b; - } - - -#ifdef YY_USE_PROTOS -void yy_delete_buffer( YY_BUFFER_STATE b ) -#else -void yy_delete_buffer( b ) -YY_BUFFER_STATE b; -#endif - { - if ( ! b ) - return; - - if ( b == yy_current_buffer ) - yy_current_buffer = (YY_BUFFER_STATE) 0; - - if ( b->yy_is_our_buffer ) - yy_flex_free( (void *) b->yy_ch_buf ); - - yy_flex_free( (void *) b ); - } - - - -#ifdef YY_USE_PROTOS -void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) -#else -void yy_init_buffer( b, file ) -YY_BUFFER_STATE b; -FILE *file; -#endif - - - { - yy_flush_buffer( b ); - - b->yy_input_file = file; - b->yy_fill_buffer = 1; - -#if YY_ALWAYS_INTERACTIVE - b->yy_is_interactive = 1; -#else -#if YY_NEVER_INTERACTIVE - b->yy_is_interactive = 0; -#else - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; -#endif -#endif - } - - -#ifdef YY_USE_PROTOS -void yy_flush_buffer( YY_BUFFER_STATE b ) -#else -void yy_flush_buffer( b ) -YY_BUFFER_STATE b; -#endif - - { - if ( ! b ) - return; - - b->yy_n_chars = 0; - - /* We always need two end-of-buffer characters. The first causes - * a transition to the end-of-buffer state. The second causes - * a jam in that state. - */ - b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; - b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; - - b->yy_buf_pos = &b->yy_ch_buf[0]; - - b->yy_at_bol = 1; - b->yy_buffer_status = YY_BUFFER_NEW; - - if ( b == yy_current_buffer ) - yy_load_buffer_state(); - } - - -#ifndef YY_NO_SCAN_BUFFER -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) -#else -YY_BUFFER_STATE yy_scan_buffer( base, size ) -char *base; -yy_size_t size; -#endif - { - YY_BUFFER_STATE b; - - if ( size < 2 || - base[size-2] != YY_END_OF_BUFFER_CHAR || - base[size-1] != YY_END_OF_BUFFER_CHAR ) - /* They forgot to leave room for the EOB's. */ - return 0; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); - - b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ - b->yy_buf_pos = b->yy_ch_buf = base; - b->yy_is_our_buffer = 0; - b->yy_input_file = 0; - b->yy_n_chars = b->yy_buf_size; - b->yy_is_interactive = 0; - b->yy_at_bol = 1; - b->yy_fill_buffer = 0; - b->yy_buffer_status = YY_BUFFER_NEW; - - yy_switch_to_buffer( b ); - - return b; - } -#endif - - -#ifndef YY_NO_SCAN_STRING -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) -#else -YY_BUFFER_STATE yy_scan_string( yy_str ) -yyconst char *yy_str; -#endif - { - int len; - for ( len = 0; yy_str[len]; ++len ) - ; - - return yy_scan_bytes( yy_str, len ); - } -#endif - - -#ifndef YY_NO_SCAN_BYTES -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) -#else -YY_BUFFER_STATE yy_scan_bytes( bytes, len ) -yyconst char *bytes; -int len; -#endif - { - YY_BUFFER_STATE b; - char *buf; - yy_size_t n; - int i; - - /* Get memory for full buffer, including space for trailing EOB's. */ - n = len + 2; - buf = (char *) yy_flex_alloc( n ); - if ( ! buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - - for ( i = 0; i < len; ++i ) - buf[i] = bytes[i]; - - buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; - - b = yy_scan_buffer( buf, n ); - if ( ! b ) - YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); - - /* It's okay to grow etc. this buffer, and we should throw it - * away when we're done. - */ - b->yy_is_our_buffer = 1; - - return b; - } -#endif - - -#ifndef YY_NO_PUSH_STATE -#ifdef YY_USE_PROTOS -static void yy_push_state( int new_state ) -#else -static void yy_push_state( new_state ) -int new_state; -#endif - { - if ( yy_start_stack_ptr >= yy_start_stack_depth ) - { - yy_size_t new_size; - - yy_start_stack_depth += YY_START_STACK_INCR; - new_size = yy_start_stack_depth * sizeof( int ); - - if ( ! yy_start_stack ) - yy_start_stack = (int *) yy_flex_alloc( new_size ); - - else - yy_start_stack = (int *) yy_flex_realloc( - (void *) yy_start_stack, new_size ); - - if ( ! yy_start_stack ) - YY_FATAL_ERROR( - "out of memory expanding start-condition stack" ); - } - - yy_start_stack[yy_start_stack_ptr++] = YY_START; - - BEGIN(new_state); - } -#endif - - -#ifndef YY_NO_POP_STATE -static void yy_pop_state() - { - if ( --yy_start_stack_ptr < 0 ) - YY_FATAL_ERROR( "start-condition stack underflow" ); - - BEGIN(yy_start_stack[yy_start_stack_ptr]); - } -#endif - - -#ifndef YY_NO_TOP_STATE -static int yy_top_state() - { - return yy_start_stack[yy_start_stack_ptr - 1]; - } -#endif - -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif - -#ifdef YY_USE_PROTOS -static void yy_fatal_error( yyconst char msg[] ) -#else -static void yy_fatal_error( msg ) -char msg[]; -#endif - { - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); - } - - - -/* Redefine yyless() so it works in section 3 code. */ - -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - yytext[yyleng] = yy_hold_char; \ - yy_c_buf_p = yytext + n; \ - yy_hold_char = *yy_c_buf_p; \ - *yy_c_buf_p = '\0'; \ - yyleng = n; \ - } \ - while ( 0 ) - - -/* Internal utility routines. */ - -#ifndef yytext_ptr -#ifdef YY_USE_PROTOS -static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) -#else -static void yy_flex_strncpy( s1, s2, n ) -char *s1; -yyconst char *s2; -int n; -#endif - { - register int i; - for ( i = 0; i < n; ++i ) - s1[i] = s2[i]; - } -#endif - -#ifdef YY_NEED_STRLEN -#ifdef YY_USE_PROTOS -static int yy_flex_strlen( yyconst char *s ) -#else -static int yy_flex_strlen( s ) -yyconst char *s; -#endif - { - register int n; - for ( n = 0; s[n]; ++n ) - ; - - return n; - } -#endif - - -#ifdef YY_USE_PROTOS -static void *yy_flex_alloc( yy_size_t size ) -#else -static void *yy_flex_alloc( size ) -yy_size_t size; -#endif - { - return (void *) malloc( size ); - } - -#ifdef YY_USE_PROTOS -static void *yy_flex_realloc( void *ptr, yy_size_t size ) -#else -static void *yy_flex_realloc( ptr, size ) -void *ptr; -yy_size_t size; -#endif - { - /* The cast to (char *) in the following accommodates both - * implementations that use char* generic pointers, and those - * that use void* generic pointers. It works with the latter - * because both ANSI C and C++ allow castless assignment from - * any pointer type to void*, and deal with argument conversions - * as though doing an assignment. - */ - return (void *) realloc( (char *) ptr, size ); - } - -#ifdef YY_USE_PROTOS -static void yy_flex_free( void *ptr ) -#else -static void yy_flex_free( ptr ) -void *ptr; -#endif - { - free( ptr ); - } - -#if YY_MAIN -int main() - { - yylex(); - return 0; - } -#endif -#line 75 "lex.l" - - -#ifndef yywrap /* XXX */ -int -yywrap () -{ - return 1; -} -#endif - -static int -getstring(void) -{ - char x[128]; - int i = 0; - int c; - int quote = 0; - while(i < sizeof(x) - 1 && (c = input()) != EOF){ - if(quote) { - x[i++] = c; - quote = 0; - continue; - } - if(c == '\n'){ - error_message("unterminated string"); - lineno++; - break; - } - if(c == '\\'){ - quote++; - continue; - } - if(c == '\"') - break; - x[i++] = c; - } - x[i] = '\0'; - yylval.string = strdup(x); - if (yylval.string == NULL) - err(1, "malloc"); - return STRING; -} - -void -error_message (const char *format, ...) -{ - va_list args; - - va_start (args, format); - fprintf (stderr, "%s:%d:", filename, lineno); - vfprintf (stderr, format, args); - va_end (args); - numerror++; -} diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c index ccc97f412d..cf460ba725 100644 --- a/source4/heimdal/lib/krb5/addr_families.c +++ b/source4/heimdal/lib/krb5/addr_families.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c,v 1.49 2005/06/16 20:16:12 lha Exp $"); +RCSID("$Id: addr_families.c,v 1.50 2006/03/17 22:12:13 lha Exp $"); struct addr_operations { int af; @@ -930,11 +930,18 @@ krb5_parse_address(krb5_context context, int error; int save_errno; + addresses->len = 0; + addresses->val = NULL; + for(i = 0; i < num_addrs; i++) { if(at[i].parse_addr) { krb5_address addr; if((*at[i].parse_addr)(context, string, &addr) == 0) { ALLOC_SEQ(addresses, 1); + if (addresses->val == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } addresses->val[0] = addr; return 0; } @@ -1047,6 +1054,8 @@ krb5_free_addresses(krb5_context context, for(i = 0; i < addresses->len; i++) krb5_free_address(context, &addresses->val[i]); free(addresses->val); + addresses->len = 0; + addresses->val = NULL; return 0; } diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 3cfc780eb4..039484c650 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.132 2006/02/28 14:52:57 lha Exp $"); +RCSID("$Id: crypto.c,v 1.133 2006/03/07 19:34:55 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -3414,7 +3414,7 @@ decrypt_internal_derived(krb5_context context, l = len - et->confoundersize; memmove(p, p + et->confoundersize, l); result->data = realloc(p, l); - if(result->data == NULL) { + if(result->data == NULL && l != 0) { free(p); krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; @@ -3479,7 +3479,7 @@ decrypt_internal(krb5_context context, l = len - et->confoundersize - checksum_sz; memmove(p, p + et->confoundersize + checksum_sz, l); result->data = realloc(p, l); - if(result->data == NULL) { + if(result->data == NULL && l != 0) { free(p); krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; @@ -3523,7 +3523,7 @@ decrypt_internal_special(krb5_context context, memmove (p, p + cksum_sz + et->confoundersize, sz); result->data = realloc(p, sz); - if(result->data == NULL) { + if(result->data == NULL && sz != 0) { free(p); krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index aa7c62befc..dafe668b5d 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_for_creds.c,v 1.47 2006/02/03 11:37:29 lha Exp $"); +RCSID("$Id: get_for_creds.c,v 1.48 2006/03/07 19:38:09 lha Exp $"); static krb5_error_code add_addrs(krb5_context context, @@ -50,7 +50,7 @@ add_addrs(krb5_context context, ++n; tmp = realloc(addr->val, (addr->len + n) * sizeof(*addr->val)); - if (tmp == NULL) { + if (tmp == NULL && (addr->len + n) != 0) { krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto fail; diff --git a/source4/heimdal/lib/krb5/mk_req_ext.c b/source4/heimdal/lib/krb5/mk_req_ext.c index ab83d912ea..18b0e3552f 100644 --- a/source4/heimdal/lib/krb5/mk_req_ext.c +++ b/source4/heimdal/lib/krb5/mk_req_ext.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_req_ext.c,v 1.30 2005/01/05 06:31:01 lukeh Exp $"); +RCSID("$Id: mk_req_ext.c,v 1.32 2006/03/19 20:33:13 lha Exp $"); krb5_error_code _krb5_mk_req_internal(krb5_context context, @@ -45,120 +45,103 @@ _krb5_mk_req_internal(krb5_context context, krb5_key_usage checksum_usage, krb5_key_usage encrypt_usage) { - krb5_error_code ret; - krb5_data authenticator; - Checksum c; - Checksum *c_opt; - krb5_auth_context ac; + krb5_error_code ret; + krb5_data authenticator; + Checksum c; + Checksum *c_opt; + krb5_auth_context ac; - if(auth_context) { - if(*auth_context == NULL) - ret = krb5_auth_con_init(context, auth_context); - else - ret = 0; - ac = *auth_context; - } else - ret = krb5_auth_con_init(context, &ac); - if(ret) - return ret; + if(auth_context) { + if(*auth_context == NULL) + ret = krb5_auth_con_init(context, auth_context); + else + ret = 0; + ac = *auth_context; + } else + ret = krb5_auth_con_init(context, &ac); + if(ret) + return ret; - if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) { - ret = krb5_auth_con_generatelocalsubkey(context, ac, &in_creds->session); - if(ret) - return ret; - } + if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) { + ret = krb5_auth_con_generatelocalsubkey(context, + ac, + &in_creds->session); + if(ret) + goto out; + } -#if 0 - { - /* This is somewhat bogus since we're possibly overwriting a - value specified by the user, but it's the easiest way to make - the code use a compatible enctype */ - Ticket ticket; - krb5_keytype ticket_keytype; + krb5_free_keyblock(context, ac->keyblock); + ret = krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock); + if (ret) + goto out; + + /* it's unclear what type of checksum we can use. try the best one, except: + * a) if it's configured differently for the current realm, or + * b) if the session key is des-cbc-crc + */ - ret = decode_Ticket(in_creds->ticket.data, - in_creds->ticket.length, - &ticket, - NULL); - krb5_enctype_to_keytype (context, - ticket.enc_part.etype, - &ticket_keytype); + if (in_data) { + if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) { + /* this is to make DCE secd (and older MIT kdcs?) happy */ + ret = krb5_create_checksum(context, + NULL, + 0, + CKSUMTYPE_RSA_MD4, + in_data->data, + in_data->length, + &c); + } else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 || + ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56) { + /* this is to make MS kdc happy */ + ret = krb5_create_checksum(context, + NULL, + 0, + CKSUMTYPE_RSA_MD5, + in_data->data, + in_data->length, + &c); + } else { + krb5_crypto crypto; - if (ticket_keytype == in_creds->session.keytype) - krb5_auth_setenctype(context, - ac, - ticket.enc_part.etype); - free_Ticket(&ticket); - } -#endif + ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto); + if (ret) + goto out; + ret = krb5_create_checksum(context, + crypto, + checksum_usage, + 0, + in_data->data, + in_data->length, + &c); + krb5_crypto_destroy(context, crypto); + } + c_opt = &c; + } else { + c_opt = NULL; + } - krb5_free_keyblock(context, ac->keyblock); - krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock); + if (ret) + goto out; - /* it's unclear what type of checksum we can use. try the best one, except: - * a) if it's configured differently for the current realm, or - * b) if the session key is des-cbc-crc - */ - - if (in_data) { - if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) { - /* this is to make DCE secd (and older MIT kdcs?) happy */ - ret = krb5_create_checksum(context, - NULL, - 0, - CKSUMTYPE_RSA_MD4, - in_data->data, - in_data->length, - &c); - } else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 || - ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56) { - /* this is to make MS kdc happy */ - ret = krb5_create_checksum(context, - NULL, - 0, - CKSUMTYPE_RSA_MD5, - in_data->data, - in_data->length, - &c); - } else { - krb5_crypto crypto; + ret = krb5_build_authenticator (context, + ac, + ac->keyblock->keytype, + in_creds, + c_opt, + NULL, + &authenticator, + encrypt_usage); + if (c_opt) + free_Checksum (c_opt); + if (ret) + goto out; - ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto); - if (ret) - return ret; - ret = krb5_create_checksum(context, - crypto, - checksum_usage, - 0, - in_data->data, - in_data->length, - &c); - - krb5_crypto_destroy(context, crypto); - } - c_opt = &c; - } else { - c_opt = NULL; - } - - ret = krb5_build_authenticator (context, - ac, - ac->keyblock->keytype, - in_creds, - c_opt, - NULL, - &authenticator, - encrypt_usage); - if (c_opt) - free_Checksum (c_opt); - if (ret) + ret = krb5_build_ap_req (context, ac->keyblock->keytype, + in_creds, ap_req_options, authenticator, outbuf); +out: + if(auth_context == NULL) + krb5_auth_con_free(context, ac); return ret; - - ret = krb5_build_ap_req (context, ac->keyblock->keytype, - in_creds, ap_req_options, authenticator, outbuf); - if(auth_context == NULL) - krb5_auth_con_free(context, ac); - return ret; } krb5_error_code KRB5_LIB_FUNCTION diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c index bafd23e995..bf82ad556e 100644 --- a/source4/heimdal/lib/krb5/rd_priv.c +++ b/source4/heimdal/lib/krb5/rd_priv.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_priv.c,v 1.31 2004/05/25 21:39:13 lha Exp $"); +RCSID("$Id: rd_priv.c,v 1.32 2006/03/18 22:15:57 lha Exp $"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_priv(krb5_context context, @@ -50,6 +50,9 @@ krb5_rd_priv(krb5_context context, krb5_keyblock *key; krb5_crypto crypto; + if (outdata) + krb5_data_zero(outdata); + if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && outdata == NULL) @@ -158,7 +161,7 @@ krb5_rd_priv(krb5_context context, (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) { /* if these fields are not present in the priv-part, silently return zero */ - memset(outdata, 0, sizeof(*outdata)); + krb5_data_zero(outdata); if(part.timestamp) outdata->timestamp = *part.timestamp; if(part.usec) diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c index 7bb4adabbd..d3d21aea3f 100644 --- a/source4/heimdal/lib/krb5/send_to_kdc.c +++ b/source4/heimdal/lib/krb5/send_to_kdc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: send_to_kdc.c,v 1.56 2005/06/17 04:33:11 lha Exp $"); +RCSID("$Id: send_to_kdc.c,v 1.57 2006/03/07 19:39:59 lha Exp $"); struct send_and_recv { krb5_send_and_recv_func_t func; @@ -102,7 +102,7 @@ recv_loop (int fd, krb5_data_free (rep); return -1; } - if(nbytes == 0) + if(nbytes <= 0) return 0; if (limit) -- cgit From fc52ddf1761b429755fa8965c3906005278034c5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 25 Mar 2006 05:49:58 +0000 Subject: r14707: Initialise default value (the rest of this function sets it to 1 if this is CFX). Caught by Valgrind. Andrew Bartlett (This used to be commit bdb55ce2b57adf3b7c6eb1455c3775d013c72e5d) --- source4/heimdal/lib/gssapi/accept_sec_context.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/accept_sec_context.c b/source4/heimdal/lib/gssapi/accept_sec_context.c index 9ca60a6cdd..ebb8ee2304 100644 --- a/source4/heimdal/lib/gssapi/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/accept_sec_context.c @@ -77,6 +77,7 @@ gsskrb5_is_cfx(gss_ctx_id_t context_handle, int *is_cfx) { krb5_keyblock *key; int acceptor = (context_handle->more_flags & LOCAL) == 0; + *is_cfx = 0; if (acceptor) { if (context_handle->auth_context->local_subkey) -- cgit From c7ee532e46a515bb2c3ed8783c1c98cb13bf2caa Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 25 Mar 2006 10:34:51 +0000 Subject: r14711: let windows clients retry after getting ERR_SKEW metze (This used to be commit 02703f4e8f430233ec4365ea5cee641a9201802f) --- source4/heimdal/kdc/kerberos5.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 392bc0acbe..3f9dcd12f8 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -1045,9 +1045,16 @@ _kdc_as_rep(krb5_context context, free_PA_ENC_TS_ENC(&p); if (abs(kdc_time - p.patimestamp) > context->max_skew) { ret = KRB5KRB_AP_ERR_SKEW; - e_text = "Too large time skew"; kdc_log(context, config, 0, "Too large time skew -- %s", client_name); + /* + * the following is needed to make windows clients + * to retry using the timestamp in the error message + * + * this is maybe a bug in windows to not trying when e_text + * is present... + */ + e_text = NULL; goto out; } et.flags.pre_authent = 1; -- cgit From 0291c48389c78071d72c6b7d6e1de195d6c45878 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 6 Apr 2006 11:32:54 +0000 Subject: r14949: re-add the two lex.c files for heimdal, these are needed for systems that don't have bison/flex. If we auto-generate these on samba.org we can delete these again. (This used to be commit dca9003ec27747cf7a584ee67fd222ab22601494) --- source4/heimdal/lib/asn1/lex.c | 2658 +++++++++++++++++++++++++++++++++++++ source4/heimdal/lib/com_err/lex.c | 1862 ++++++++++++++++++++++++++ 2 files changed, 4520 insertions(+) create mode 100644 source4/heimdal/lib/asn1/lex.c create mode 100644 source4/heimdal/lib/com_err/lex.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c new file mode 100644 index 0000000000..3e58650685 --- /dev/null +++ b/source4/heimdal/lib/asn1/lex.c @@ -0,0 +1,2658 @@ + +#line 3 "lex.yy.c" + +#define YY_INT_ALIGNED short int + +/* A lexical scanner generated by flex */ + +#define FLEX_SCANNER +#define YY_FLEX_MAJOR_VERSION 2 +#define YY_FLEX_MINOR_VERSION 5 +#define YY_FLEX_SUBMINOR_VERSION 31 +#if YY_FLEX_SUBMINOR_VERSION > 0 +#define FLEX_BETA +#endif + +/* First, we deal with platform-specific or compiler-specific issues. */ + +/* begin standard C headers. */ +#include +#include +#include +#include + +/* end standard C headers. */ + +/* flex integer type definitions */ + +#ifndef FLEXINT_H +#define FLEXINT_H + +/* C99 systems have . Non-C99 systems may or may not. */ + +#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L +#include +typedef int8_t flex_int8_t; +typedef uint8_t flex_uint8_t; +typedef int16_t flex_int16_t; +typedef uint16_t flex_uint16_t; +typedef int32_t flex_int32_t; +typedef uint32_t flex_uint32_t; +#else +typedef signed char flex_int8_t; +typedef short int flex_int16_t; +typedef int flex_int32_t; +typedef unsigned char flex_uint8_t; +typedef unsigned short int flex_uint16_t; +typedef unsigned int flex_uint32_t; +#endif /* ! C99 */ + +/* Limits of integral types. */ +#ifndef INT8_MIN +#define INT8_MIN (-128) +#endif +#ifndef INT16_MIN +#define INT16_MIN (-32767-1) +#endif +#ifndef INT32_MIN +#define INT32_MIN (-2147483647-1) +#endif +#ifndef INT8_MAX +#define INT8_MAX (127) +#endif +#ifndef INT16_MAX +#define INT16_MAX (32767) +#endif +#ifndef INT32_MAX +#define INT32_MAX (2147483647) +#endif +#ifndef UINT8_MAX +#define UINT8_MAX (255U) +#endif +#ifndef UINT16_MAX +#define UINT16_MAX (65535U) +#endif +#ifndef UINT32_MAX +#define UINT32_MAX (4294967295U) +#endif + +#endif /* ! FLEXINT_H */ + +#ifdef __cplusplus + +/* The "const" storage-class-modifier is valid. */ +#define YY_USE_CONST + +#else /* ! __cplusplus */ + +#if __STDC__ + +#define YY_USE_CONST + +#endif /* __STDC__ */ +#endif /* ! __cplusplus */ + +#ifdef YY_USE_CONST +#define yyconst const +#else +#define yyconst +#endif + +/* Returned upon end-of-file. */ +#define YY_NULL 0 + +/* Promotes a possibly negative, possibly signed char to an unsigned + * integer for use as an array index. If the signed char is negative, + * we want to instead treat it as an 8-bit unsigned char, hence the + * double cast. + */ +#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) + +/* Enter a start condition. This macro really ought to take a parameter, + * but we do it the disgusting crufty way forced on us by the ()-less + * definition of BEGIN. + */ +#define BEGIN (yy_start) = 1 + 2 * + +/* Translate the current start state into a value that can be later handed + * to BEGIN to return to the state. The YYSTATE alias is for lex + * compatibility. + */ +#define YY_START (((yy_start) - 1) / 2) +#define YYSTATE YY_START + +/* Action number for EOF rule of a given start state. */ +#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) + +/* Special action meaning "start processing a new file". */ +#define YY_NEW_FILE yyrestart(yyin ) + +#define YY_END_OF_BUFFER_CHAR 0 + +/* Size of default input buffer. */ +#ifndef YY_BUF_SIZE +#define YY_BUF_SIZE 16384 +#endif + +#ifndef YY_TYPEDEF_YY_BUFFER_STATE +#define YY_TYPEDEF_YY_BUFFER_STATE +typedef struct yy_buffer_state *YY_BUFFER_STATE; +#endif + +extern int yyleng; + +extern FILE *yyin, *yyout; + +#define EOB_ACT_CONTINUE_SCAN 0 +#define EOB_ACT_END_OF_FILE 1 +#define EOB_ACT_LAST_MATCH 2 + + #define YY_LESS_LINENO(n) + +/* Return all but the first "n" matched characters back to the input stream. */ +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + *yy_cp = (yy_hold_char); \ + YY_RESTORE_YY_MORE_OFFSET \ + (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ + YY_DO_BEFORE_ACTION; /* set up yytext again */ \ + } \ + while ( 0 ) + +#define unput(c) yyunput( c, (yytext_ptr) ) + +/* The following is because we cannot portably get our hands on size_t + * (without autoconf's help, which isn't available because we want + * flex-generated scanners to compile on their own). + */ + +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef unsigned int yy_size_t; +#endif + +#ifndef YY_STRUCT_YY_BUFFER_STATE +#define YY_STRUCT_YY_BUFFER_STATE +struct yy_buffer_state + { + FILE *yy_input_file; + + char *yy_ch_buf; /* input buffer */ + char *yy_buf_pos; /* current position in input buffer */ + + /* Size of input buffer in bytes, not including room for EOB + * characters. + */ + yy_size_t yy_buf_size; + + /* Number of characters read into yy_ch_buf, not including EOB + * characters. + */ + int yy_n_chars; + + /* Whether we "own" the buffer - i.e., we know we created it, + * and can realloc() it to grow it, and should free() it to + * delete it. + */ + int yy_is_our_buffer; + + /* Whether this is an "interactive" input source; if so, and + * if we're using stdio for input, then we want to use getc() + * instead of fread(), to make sure we stop fetching input after + * each newline. + */ + int yy_is_interactive; + + /* Whether we're considered to be at the beginning of a line. + * If so, '^' rules will be active on the next match, otherwise + * not. + */ + int yy_at_bol; + + int yy_bs_lineno; /**< The line count. */ + int yy_bs_column; /**< The column count. */ + + /* Whether to try to fill the input buffer when we reach the + * end of it. + */ + int yy_fill_buffer; + + int yy_buffer_status; + +#define YY_BUFFER_NEW 0 +#define YY_BUFFER_NORMAL 1 + /* When an EOF's been seen but there's still some text to process + * then we mark the buffer as YY_EOF_PENDING, to indicate that we + * shouldn't try reading from the input source any more. We might + * still have a bunch of tokens to match, though, because of + * possible backing-up. + * + * When we actually see the EOF, we change the status to "new" + * (via yyrestart()), so that the user can continue scanning by + * just pointing yyin at a new input file. + */ +#define YY_BUFFER_EOF_PENDING 2 + + }; +#endif /* !YY_STRUCT_YY_BUFFER_STATE */ + +/* Stack of input buffers. */ +static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ +static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ +static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ + +/* We provide macros for accessing buffer states in case in the + * future we want to put the buffer states in a more general + * "scanner state". + * + * Returns the top of the stack, or NULL. + */ +#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ + ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ + : NULL) + +/* Same as previous macro, but useful when we know that the buffer stack is not + * NULL or when we need an lvalue. For internal use only. + */ +#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] + +/* yy_hold_char holds the character lost when yytext is formed. */ +static char yy_hold_char; +static int yy_n_chars; /* number of characters read into yy_ch_buf */ +int yyleng; + +/* Points to current character in buffer. */ +static char *yy_c_buf_p = (char *) 0; +static int yy_init = 1; /* whether we need to initialize */ +static int yy_start = 0; /* start state number */ + +/* Flag which is used to allow yywrap()'s to do buffer switches + * instead of setting up a fresh yyin. A bit of a hack ... + */ +static int yy_did_buffer_switch_on_eof; + +void yyrestart (FILE *input_file ); +void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); +YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); +void yy_delete_buffer (YY_BUFFER_STATE b ); +void yy_flush_buffer (YY_BUFFER_STATE b ); +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); +void yypop_buffer_state (void ); + +static void yyensure_buffer_stack (void ); +static void yy_load_buffer_state (void ); +static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); + +#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) + +YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); +YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); +YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); + +void *yyalloc (yy_size_t ); +void *yyrealloc (void *,yy_size_t ); +void yyfree (void * ); + +#define yy_new_buffer yy_create_buffer + +#define yy_set_interactive(is_interactive) \ + { \ + if ( ! YY_CURRENT_BUFFER ){ \ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ + } + +#define yy_set_bol(at_bol) \ + { \ + if ( ! YY_CURRENT_BUFFER ){\ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ + } + +#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) + +/* Begin user sect3 */ + +typedef unsigned char YY_CHAR; + +FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; + +typedef int yy_state_type; + +extern int yylineno; + +int yylineno = 1; + +extern char *yytext; +#define yytext_ptr yytext + +static yy_state_type yy_get_previous_state (void ); +static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); +static int yy_get_next_buffer (void ); +static void yy_fatal_error (yyconst char msg[] ); + +/* Done after the current pattern has been matched and before the + * corresponding action - sets up yytext. + */ +#define YY_DO_BEFORE_ACTION \ + (yytext_ptr) = yy_bp; \ + yyleng = (size_t) (yy_cp - yy_bp); \ + (yy_hold_char) = *yy_cp; \ + *yy_cp = '\0'; \ + (yy_c_buf_p) = yy_cp; + +#define YY_NUM_RULES 95 +#define YY_END_OF_BUFFER 96 +/* This struct is not used in this scanner, + but its presence is necessary. */ +struct yy_trans_info + { + flex_int32_t yy_verify; + flex_int32_t yy_nxt; + }; +static yyconst flex_int16_t yy_accept[568] = + { 0, + 0, 0, 96, 94, 90, 91, 87, 81, 81, 94, + 94, 88, 88, 94, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 82, 83, 85, 88, 88, 93, 86, + 0, 0, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 10, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 51, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 92, 88, 84, + + 89, 3, 89, 89, 89, 7, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 22, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 44, 45, 89, 89, 89, 89, 89, 89, + 89, 55, 89, 89, 89, 89, 89, 89, 89, 63, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 30, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + + 47, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 60, 89, 89, 64, 89, 89, 89, 68, 69, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 80, 89, 89, 89, 89, 6, 89, 89, 89, 89, + 13, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 29, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 50, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 72, 89, 89, 89, 89, 89, + 89, 89, 1, 89, 89, 89, 89, 89, 89, 12, + + 89, 89, 89, 89, 89, 89, 89, 89, 24, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 49, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 65, 66, 89, + 89, 89, 73, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 9, 89, 89, 89, 89, 18, 89, + 89, 21, 89, 89, 26, 89, 89, 89, 89, 89, + 89, 89, 37, 38, 89, 89, 41, 89, 89, 89, + 89, 89, 89, 54, 89, 57, 58, 89, 89, 89, + 89, 89, 89, 89, 75, 89, 89, 89, 89, 89, + + 89, 89, 89, 89, 89, 89, 89, 89, 20, 89, + 25, 89, 28, 89, 89, 89, 89, 89, 36, 39, + 40, 89, 89, 89, 89, 52, 89, 89, 89, 89, + 62, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 5, 8, 11, 14, 89, 89, 89, 89, 89, + 89, 89, 89, 34, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 67, 89, 89, 74, 89, 89, 89, + 89, 89, 89, 15, 89, 17, 89, 23, 89, 89, + 89, 89, 35, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 76, 89, 89, 89, 89, 4, 16, + + 19, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 42, 43, 89, 89, 89, 89, 89, + 61, 89, 89, 89, 89, 89, 89, 27, 31, 89, + 33, 89, 48, 89, 56, 89, 89, 71, 89, 89, + 79, 89, 89, 46, 89, 89, 89, 89, 78, 2, + 32, 89, 59, 70, 77, 53, 0 + } ; + +static yyconst flex_int32_t yy_ec[256] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 2, 1, 4, 1, 1, 1, 1, 1, 5, + 5, 6, 1, 5, 7, 8, 9, 10, 11, 12, + 12, 13, 14, 15, 12, 16, 12, 17, 5, 1, + 18, 1, 1, 1, 19, 20, 21, 22, 23, 24, + 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, + 45, 1, 46, 1, 47, 1, 48, 49, 50, 51, + + 52, 53, 54, 55, 56, 57, 29, 58, 59, 60, + 61, 62, 29, 63, 64, 65, 66, 67, 29, 68, + 29, 69, 5, 5, 5, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1 + } ; + +static yyconst flex_int32_t yy_meta[70] = + { 0, + 1, 1, 1, 1, 1, 1, 2, 1, 1, 3, + 3, 3, 3, 3, 3, 3, 1, 1, 3, 3, + 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 1, 1, 2, 3, 3, 3, + 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2 + } ; + +static yyconst flex_int16_t yy_base[570] = + { 0, + 0, 0, 636, 637, 637, 637, 637, 637, 63, 627, + 628, 70, 77, 616, 74, 72, 76, 609, 65, 81, + 49, 0, 92, 91, 32, 101, 97, 608, 103, 113, + 99, 574, 602, 637, 637, 637, 156, 163, 620, 637, + 0, 609, 0, 589, 595, 590, 585, 597, 583, 586, + 586, 0, 101, 599, 108, 593, 596, 122, 124, 585, + 581, 553, 564, 597, 587, 575, 115, 575, 565, 574, + 575, 545, 575, 564, 0, 563, 543, 561, 558, 558, + 124, 540, 161, 119, 551, 558, 561, 581, 566, 551, + 555, 530, 560, 160, 530, 91, 547, 637, 0, 637, + + 125, 0, 554, 550, 555, 0, 544, 550, 543, 551, + 540, 542, 145, 166, 552, 541, 0, 542, 549, 156, + 548, 533, 538, 516, 505, 529, 533, 157, 534, 525, + 539, 546, 0, 521, 529, 506, 534, 533, 528, 502, + 515, 0, 515, 514, 510, 489, 518, 528, 507, 0, + 522, 517, 505, 505, 504, 517, 516, 486, 159, 499, + 520, 468, 482, 477, 506, 499, 494, 502, 497, 495, + 461, 502, 505, 502, 485, 488, 482, 500, 479, 485, + 494, 493, 491, 479, 485, 475, 164, 487, 0, 446, + 453, 442, 468, 478, 468, 464, 483, 170, 488, 463, + + 0, 436, 477, 459, 463, 445, 471, 486, 469, 472, + 425, 0, 451, 465, 0, 455, 467, 420, 0, 0, + 477, 418, 450, 442, 457, 423, 441, 425, 415, 426, + 0, 436, 454, 451, 452, 0, 407, 450, 447, 444, + 0, 434, 429, 437, 433, 435, 439, 437, 423, 420, + 436, 418, 418, 422, 0, 405, 396, 388, 423, 180, + 411, 426, 415, 423, 408, 429, 436, 386, 403, 0, + 408, 374, 402, 410, 404, 397, 386, 406, 400, 406, + 388, 366, 401, 375, 0, 403, 389, 365, 358, 359, + 356, 362, 0, 398, 399, 379, 360, 383, 376, 0, + + 390, 393, 379, 372, 371, 385, 385, 387, 0, 378, + 367, 376, 383, 343, 350, 343, 374, 370, 374, 358, + 371, 372, 356, 368, 353, 362, 338, 0, 368, 364, + 353, 352, 345, 359, 332, 340, 358, 0, 0, 322, + 355, 308, 0, 338, 322, 310, 308, 319, 318, 331, + 330, 340, 306, 0, 342, 332, 336, 335, 0, 334, + 338, 0, 321, 320, 0, 337, 326, 151, 318, 294, + 326, 314, 0, 0, 314, 327, 0, 328, 283, 315, + 309, 315, 292, 0, 319, 0, 0, 284, 318, 317, + 279, 315, 300, 317, 0, 279, 286, 265, 295, 324, + + 303, 308, 274, 291, 288, 293, 292, 290, 0, 299, + 0, 294, 0, 255, 250, 253, 263, 293, 0, 0, + 0, 277, 251, 289, 247, 0, 247, 283, 257, 261, + 0, 253, 274, 240, 274, 243, 244, 264, 235, 262, + 265, 0, 0, 0, 260, 273, 270, 262, 271, 262, + 228, 238, 226, 0, 252, 260, 230, 258, 221, 233, + 250, 244, 247, 0, 241, 215, 0, 223, 239, 210, + 211, 230, 240, 0, 249, 0, 233, 0, 242, 212, + 216, 210, 0, 232, 204, 231, 206, 198, 233, 194, + 231, 230, 200, 0, 190, 191, 197, 220, 0, 0, + + 0, 213, 190, 211, 188, 215, 192, 218, 184, 187, + 204, 178, 218, 215, 178, 174, 180, 175, 196, 190, + 178, 175, 176, 0, 0, 191, 174, 165, 180, 166, + 0, 194, 166, 163, 158, 163, 197, 0, 0, 156, + 0, 171, 0, 148, 0, 152, 188, 0, 150, 155, + 0, 166, 153, 0, 143, 148, 162, 143, 0, 0, + 0, 101, 0, 0, 0, 0, 637, 223, 69 + } ; + +static yyconst flex_int16_t yy_def[570] = + { 0, + 567, 1, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 567, 567, 567, 567, 567, 567, 567, + 569, 567, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 567, 569, 567, + + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 568, 568, 568, 568, + 568, 568, 568, 568, 568, 568, 0, 567, 567 + } ; + +static yyconst flex_int16_t yy_nxt[707] = + { 0, + 4, 5, 6, 7, 8, 4, 9, 10, 11, 12, + 13, 13, 13, 13, 13, 13, 14, 4, 15, 16, + 17, 18, 19, 20, 21, 22, 23, 22, 22, 22, + 24, 25, 26, 27, 22, 28, 29, 30, 31, 32, + 33, 22, 22, 22, 34, 35, 4, 22, 22, 22, + 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, + 22, 22, 22, 22, 22, 22, 22, 22, 22, 36, + 71, 99, 37, 38, 38, 38, 38, 38, 38, 38, + 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, + 38, 38, 38, 44, 48, 57, 58, 72, 49, 60, + + 62, 53, 50, 45, 51, 54, 59, 46, 55, 69, + 64, 63, 47, 65, 52, 78, 61, 70, 79, 109, + 73, 74, 66, 67, 75, 84, 80, 88, 68, 85, + 93, 89, 81, 110, 76, 129, 94, 41, 112, 113, + 86, 163, 116, 117, 119, 87, 144, 166, 90, 77, + 145, 130, 131, 149, 164, 91, 150, 120, 95, 82, + 118, 121, 167, 566, 92, 38, 38, 38, 38, 38, + 38, 38, 38, 38, 38, 38, 38, 38, 38, 147, + 160, 177, 178, 161, 179, 185, 194, 414, 186, 195, + 148, 223, 180, 224, 264, 253, 565, 564, 225, 254, + + 318, 563, 319, 562, 561, 265, 415, 560, 559, 558, + 557, 556, 555, 554, 553, 552, 551, 550, 549, 548, + 547, 546, 545, 41, 43, 43, 544, 543, 542, 541, + 540, 539, 538, 537, 536, 535, 534, 533, 532, 531, + 530, 529, 528, 527, 526, 525, 524, 523, 522, 521, + 520, 519, 518, 517, 516, 515, 514, 513, 512, 511, + 510, 509, 508, 507, 506, 505, 504, 503, 502, 501, + 500, 499, 498, 497, 496, 495, 494, 493, 492, 491, + 490, 489, 488, 487, 486, 485, 484, 483, 482, 481, + 480, 479, 478, 477, 476, 475, 474, 473, 472, 471, + + 470, 469, 468, 467, 466, 465, 464, 463, 462, 461, + 460, 459, 458, 457, 456, 455, 454, 453, 452, 451, + 450, 449, 448, 447, 446, 445, 444, 443, 442, 441, + 440, 439, 438, 437, 436, 435, 434, 433, 432, 431, + 430, 429, 428, 427, 426, 425, 424, 423, 422, 421, + 420, 419, 418, 417, 416, 413, 412, 411, 410, 409, + 408, 407, 406, 405, 404, 403, 402, 401, 400, 399, + 398, 397, 396, 395, 394, 393, 392, 391, 390, 389, + 388, 387, 386, 385, 384, 383, 382, 381, 380, 379, + 378, 377, 376, 375, 374, 373, 372, 371, 370, 369, + + 368, 367, 366, 365, 364, 363, 362, 361, 360, 359, + 358, 357, 356, 355, 354, 353, 352, 351, 350, 349, + 348, 347, 346, 345, 344, 343, 342, 341, 340, 339, + 338, 337, 336, 335, 334, 333, 332, 331, 330, 329, + 328, 327, 326, 325, 324, 323, 322, 321, 320, 317, + 316, 315, 314, 313, 312, 311, 310, 309, 308, 307, + 306, 305, 304, 303, 302, 301, 300, 299, 298, 297, + 296, 295, 294, 293, 292, 291, 290, 289, 288, 287, + 286, 285, 284, 283, 282, 281, 280, 279, 278, 277, + 276, 275, 274, 273, 272, 271, 270, 269, 268, 267, + + 266, 263, 262, 261, 260, 259, 258, 257, 256, 255, + 252, 251, 250, 249, 248, 247, 246, 245, 244, 243, + 242, 241, 240, 239, 238, 237, 236, 235, 234, 233, + 232, 231, 230, 229, 228, 227, 226, 222, 221, 220, + 219, 218, 217, 216, 215, 214, 213, 212, 211, 210, + 209, 208, 207, 206, 205, 204, 203, 202, 201, 200, + 199, 198, 197, 196, 193, 192, 191, 190, 189, 188, + 187, 184, 183, 182, 181, 176, 175, 174, 173, 172, + 171, 170, 169, 168, 165, 162, 159, 158, 157, 156, + 155, 154, 153, 152, 151, 146, 143, 142, 141, 140, + + 139, 138, 137, 136, 135, 134, 133, 132, 128, 127, + 126, 125, 124, 123, 122, 115, 114, 111, 108, 107, + 106, 105, 104, 103, 102, 101, 100, 98, 97, 96, + 83, 56, 42, 40, 39, 567, 3, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + + 567, 567, 567, 567, 567, 567 + } ; + +static yyconst flex_int16_t yy_chk[707] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 9, + 25, 569, 9, 9, 9, 9, 9, 9, 9, 12, + 12, 12, 12, 12, 12, 12, 13, 13, 13, 13, + 13, 13, 13, 15, 16, 19, 19, 25, 16, 20, + + 21, 17, 16, 15, 16, 17, 19, 15, 17, 24, + 23, 21, 15, 23, 16, 27, 20, 24, 27, 53, + 26, 26, 23, 23, 26, 29, 27, 30, 23, 29, + 31, 30, 27, 53, 26, 67, 31, 12, 55, 55, + 29, 96, 58, 58, 59, 29, 81, 101, 30, 26, + 81, 67, 67, 84, 96, 30, 84, 59, 31, 27, + 58, 59, 101, 562, 30, 37, 37, 37, 37, 37, + 37, 37, 38, 38, 38, 38, 38, 38, 38, 83, + 94, 113, 113, 94, 114, 120, 128, 368, 120, 128, + 83, 159, 114, 159, 198, 187, 558, 557, 159, 187, + + 260, 556, 260, 555, 553, 198, 368, 552, 550, 549, + 547, 546, 544, 542, 540, 537, 536, 535, 534, 533, + 532, 530, 529, 37, 568, 568, 528, 527, 526, 523, + 522, 521, 520, 519, 518, 517, 516, 515, 514, 513, + 512, 511, 510, 509, 508, 507, 506, 505, 504, 503, + 502, 498, 497, 496, 495, 493, 492, 491, 490, 489, + 488, 487, 486, 485, 484, 482, 481, 480, 479, 477, + 475, 473, 472, 471, 470, 469, 468, 466, 465, 463, + 462, 461, 460, 459, 458, 457, 456, 455, 453, 452, + 451, 450, 449, 448, 447, 446, 445, 441, 440, 439, + + 438, 437, 436, 435, 434, 433, 432, 430, 429, 428, + 427, 425, 424, 423, 422, 418, 417, 416, 415, 414, + 412, 410, 408, 407, 406, 405, 404, 403, 402, 401, + 400, 399, 398, 397, 396, 394, 393, 392, 391, 390, + 389, 388, 385, 383, 382, 381, 380, 379, 378, 376, + 375, 372, 371, 370, 369, 367, 366, 364, 363, 361, + 360, 358, 357, 356, 355, 353, 352, 351, 350, 349, + 348, 347, 346, 345, 344, 342, 341, 340, 337, 336, + 335, 334, 333, 332, 331, 330, 329, 327, 326, 325, + 324, 323, 322, 321, 320, 319, 318, 317, 316, 315, + + 314, 313, 312, 311, 310, 308, 307, 306, 305, 304, + 303, 302, 301, 299, 298, 297, 296, 295, 294, 292, + 291, 290, 289, 288, 287, 286, 284, 283, 282, 281, + 280, 279, 278, 277, 276, 275, 274, 273, 272, 271, + 269, 268, 267, 266, 265, 264, 263, 262, 261, 259, + 258, 257, 256, 254, 253, 252, 251, 250, 249, 248, + 247, 246, 245, 244, 243, 242, 240, 239, 238, 237, + 235, 234, 233, 232, 230, 229, 228, 227, 226, 225, + 224, 223, 222, 221, 218, 217, 216, 214, 213, 211, + 210, 209, 208, 207, 206, 205, 204, 203, 202, 200, + + 199, 197, 196, 195, 194, 193, 192, 191, 190, 188, + 186, 185, 184, 183, 182, 181, 180, 179, 178, 177, + 176, 175, 174, 173, 172, 171, 170, 169, 168, 167, + 166, 165, 164, 163, 162, 161, 160, 158, 157, 156, + 155, 154, 153, 152, 151, 149, 148, 147, 146, 145, + 144, 143, 141, 140, 139, 138, 137, 136, 135, 134, + 132, 131, 130, 129, 127, 126, 125, 124, 123, 122, + 121, 119, 118, 116, 115, 112, 111, 110, 109, 108, + 107, 105, 104, 103, 97, 95, 93, 92, 91, 90, + 89, 88, 87, 86, 85, 82, 80, 79, 78, 77, + + 76, 74, 73, 72, 71, 70, 69, 68, 66, 65, + 64, 63, 62, 61, 60, 57, 56, 54, 51, 50, + 49, 48, 47, 46, 45, 44, 42, 39, 33, 32, + 28, 18, 14, 11, 10, 3, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, + + 567, 567, 567, 567, 567, 567 + } ; + +static yy_state_type yy_last_accepting_state; +static char *yy_last_accepting_cpos; + +extern int yy_flex_debug; +int yy_flex_debug = 0; + +/* The intent behind this definition is that it'll catch + * any uses of REJECT which flex missed. + */ +#define REJECT reject_used_but_not_detected +#define yymore() yymore_used_but_not_detected +#define YY_MORE_ADJ 0 +#define YY_RESTORE_YY_MORE_OFFSET +char *yytext; +#line 1 "lex.l" +#line 2 "lex.l" +/* + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: lex.l,v 1.27 2005/09/13 18:17:16 lha Exp $ */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#undef ECHO +#include "symbol.h" +#include "parse.h" +#include "lex.h" +#include "gen_locl.h" + +static unsigned lineno = 1; + +#undef ECHO + +static void unterminated(const char *, unsigned); + +#line 842 "lex.yy.c" + +#define INITIAL 0 + +#ifndef YY_NO_UNISTD_H +/* Special case for "unistd.h", since it is non-ANSI. We include it way + * down here because we want the user's section 1 to have been scanned first. + * The user has a chance to override it with an option. + */ +#include +#endif + +#ifndef YY_EXTRA_TYPE +#define YY_EXTRA_TYPE void * +#endif + +/* Macros after this point can all be overridden by user definitions in + * section 1. + */ + +#ifndef YY_SKIP_YYWRAP +#ifdef __cplusplus +extern "C" int yywrap (void ); +#else +extern int yywrap (void ); +#endif +#endif + + static void yyunput (int c,char *buf_ptr ); + +#ifndef yytext_ptr +static void yy_flex_strncpy (char *,yyconst char *,int ); +#endif + +#ifdef YY_NEED_STRLEN +static int yy_flex_strlen (yyconst char * ); +#endif + +#ifndef YY_NO_INPUT + +#ifdef __cplusplus +static int yyinput (void ); +#else +static int input (void ); +#endif + +#endif + +/* Amount of stuff to slurp up with each read. */ +#ifndef YY_READ_BUF_SIZE +#define YY_READ_BUF_SIZE 8192 +#endif + +/* Copy whatever the last rule matched to the standard output. */ +#ifndef ECHO +/* This used to be an fputs(), but since the string might contain NUL's, + * we now use fwrite(). + */ +#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) +#endif + +/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, + * is returned in "result". + */ +#ifndef YY_INPUT +#define YY_INPUT(buf,result,max_size) \ + if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + { \ + int c = '*'; \ + size_t n; \ + for ( n = 0; n < max_size && \ + (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ + buf[n] = (char) c; \ + if ( c == '\n' ) \ + buf[n++] = (char) c; \ + if ( c == EOF && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + result = n; \ + } \ + else \ + { \ + errno=0; \ + while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ + { \ + if( errno != EINTR) \ + { \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + break; \ + } \ + errno=0; \ + clearerr(yyin); \ + } \ + }\ +\ + +#endif + +/* No semi-colon after return; correct usage is to write "yyterminate();" - + * we don't want an extra ';' after the "return" because that will cause + * some compilers to complain about unreachable statements. + */ +#ifndef yyterminate +#define yyterminate() return YY_NULL +#endif + +/* Number of entries by which start-condition stack grows. */ +#ifndef YY_START_STACK_INCR +#define YY_START_STACK_INCR 25 +#endif + +/* Report a fatal error. */ +#ifndef YY_FATAL_ERROR +#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) +#endif + +/* end tables serialization structures and prototypes */ + +/* Default declaration of generated scanner - a define so the user can + * easily add parameters. + */ +#ifndef YY_DECL +#define YY_DECL_IS_OURS 1 + +extern int yylex (void); + +#define YY_DECL int yylex (void) +#endif /* !YY_DECL */ + +/* Code executed at the beginning of each rule, after yytext and yyleng + * have been set up. + */ +#ifndef YY_USER_ACTION +#define YY_USER_ACTION +#endif + +/* Code executed at the end of each rule. */ +#ifndef YY_BREAK +#define YY_BREAK break; +#endif + +#define YY_RULE_SETUP \ + YY_USER_ACTION + +/** The main scanner function which does all the work. + */ +YY_DECL +{ + register yy_state_type yy_current_state; + register char *yy_cp, *yy_bp; + register int yy_act; + +#line 62 "lex.l" + +#line 995 "lex.yy.c" + + if ( (yy_init) ) + { + (yy_init) = 0; + +#ifdef YY_USER_INIT + YY_USER_INIT; +#endif + + if ( ! (yy_start) ) + (yy_start) = 1; /* first start state */ + + if ( ! yyin ) + yyin = stdin; + + if ( ! yyout ) + yyout = stdout; + + if ( ! YY_CURRENT_BUFFER ) { + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } + + yy_load_buffer_state( ); + } + + while ( 1 ) /* loops until end-of-file is reached */ + { + yy_cp = (yy_c_buf_p); + + /* Support of yytext. */ + *yy_cp = (yy_hold_char); + + /* yy_bp points to the position in yy_ch_buf of the start of + * the current run. + */ + yy_bp = yy_cp; + + yy_current_state = (yy_start); +yy_match: + do + { + register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 568 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + ++yy_cp; + } + while ( yy_base[yy_current_state] != 637 ); + +yy_find_action: + yy_act = yy_accept[yy_current_state]; + if ( yy_act == 0 ) + { /* have to back up */ + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); + yy_act = yy_accept[yy_current_state]; + } + + YY_DO_BEFORE_ACTION; + +do_action: /* This label is used only to access EOF actions. */ + + switch ( yy_act ) + { /* beginning of action switch */ + case 0: /* must back up */ + /* undo the effects of YY_DO_BEFORE_ACTION */ + *yy_cp = (yy_hold_char); + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); + goto yy_find_action; + +case 1: +YY_RULE_SETUP +#line 63 "lex.l" +{ return kw_ABSENT; } + YY_BREAK +case 2: +YY_RULE_SETUP +#line 64 "lex.l" +{ return kw_ABSTRACT_SYNTAX; } + YY_BREAK +case 3: +YY_RULE_SETUP +#line 65 "lex.l" +{ return kw_ALL; } + YY_BREAK +case 4: +YY_RULE_SETUP +#line 66 "lex.l" +{ return kw_APPLICATION; } + YY_BREAK +case 5: +YY_RULE_SETUP +#line 67 "lex.l" +{ return kw_AUTOMATIC; } + YY_BREAK +case 6: +YY_RULE_SETUP +#line 68 "lex.l" +{ return kw_BEGIN; } + YY_BREAK +case 7: +YY_RULE_SETUP +#line 69 "lex.l" +{ return kw_BIT; } + YY_BREAK +case 8: +YY_RULE_SETUP +#line 70 "lex.l" +{ return kw_BMPString; } + YY_BREAK +case 9: +YY_RULE_SETUP +#line 71 "lex.l" +{ return kw_BOOLEAN; } + YY_BREAK +case 10: +YY_RULE_SETUP +#line 72 "lex.l" +{ return kw_BY; } + YY_BREAK +case 11: +YY_RULE_SETUP +#line 73 "lex.l" +{ return kw_CHARACTER; } + YY_BREAK +case 12: +YY_RULE_SETUP +#line 74 "lex.l" +{ return kw_CHOICE; } + YY_BREAK +case 13: +YY_RULE_SETUP +#line 75 "lex.l" +{ return kw_CLASS; } + YY_BREAK +case 14: +YY_RULE_SETUP +#line 76 "lex.l" +{ return kw_COMPONENT; } + YY_BREAK +case 15: +YY_RULE_SETUP +#line 77 "lex.l" +{ return kw_COMPONENTS; } + YY_BREAK +case 16: +YY_RULE_SETUP +#line 78 "lex.l" +{ return kw_CONSTRAINED; } + YY_BREAK +case 17: +YY_RULE_SETUP +#line 79 "lex.l" +{ return kw_CONTAINING; } + YY_BREAK +case 18: +YY_RULE_SETUP +#line 80 "lex.l" +{ return kw_DEFAULT; } + YY_BREAK +case 19: +YY_RULE_SETUP +#line 81 "lex.l" +{ return kw_DEFINITIONS; } + YY_BREAK +case 20: +YY_RULE_SETUP +#line 82 "lex.l" +{ return kw_EMBEDDED; } + YY_BREAK +case 21: +YY_RULE_SETUP +#line 83 "lex.l" +{ return kw_ENCODED; } + YY_BREAK +case 22: +YY_RULE_SETUP +#line 84 "lex.l" +{ return kw_END; } + YY_BREAK +case 23: +YY_RULE_SETUP +#line 85 "lex.l" +{ return kw_ENUMERATED; } + YY_BREAK +case 24: +YY_RULE_SETUP +#line 86 "lex.l" +{ return kw_EXCEPT; } + YY_BREAK +case 25: +YY_RULE_SETUP +#line 87 "lex.l" +{ return kw_EXPLICIT; } + YY_BREAK +case 26: +YY_RULE_SETUP +#line 88 "lex.l" +{ return kw_EXPORTS; } + YY_BREAK +case 27: +YY_RULE_SETUP +#line 89 "lex.l" +{ return kw_EXTENSIBILITY; } + YY_BREAK +case 28: +YY_RULE_SETUP +#line 90 "lex.l" +{ return kw_EXTERNAL; } + YY_BREAK +case 29: +YY_RULE_SETUP +#line 91 "lex.l" +{ return kw_FALSE; } + YY_BREAK +case 30: +YY_RULE_SETUP +#line 92 "lex.l" +{ return kw_FROM; } + YY_BREAK +case 31: +YY_RULE_SETUP +#line 93 "lex.l" +{ return kw_GeneralString; } + YY_BREAK +case 32: +YY_RULE_SETUP +#line 94 "lex.l" +{ return kw_GeneralizedTime; } + YY_BREAK +case 33: +YY_RULE_SETUP +#line 95 "lex.l" +{ return kw_GraphicString; } + YY_BREAK +case 34: +YY_RULE_SETUP +#line 96 "lex.l" +{ return kw_IA5String; } + YY_BREAK +case 35: +YY_RULE_SETUP +#line 97 "lex.l" +{ return kw_IDENTIFIER; } + YY_BREAK +case 36: +YY_RULE_SETUP +#line 98 "lex.l" +{ return kw_IMPLICIT; } + YY_BREAK +case 37: +YY_RULE_SETUP +#line 99 "lex.l" +{ return kw_IMPLIED; } + YY_BREAK +case 38: +YY_RULE_SETUP +#line 100 "lex.l" +{ return kw_IMPORTS; } + YY_BREAK +case 39: +YY_RULE_SETUP +#line 101 "lex.l" +{ return kw_INCLUDES; } + YY_BREAK +case 40: +YY_RULE_SETUP +#line 102 "lex.l" +{ return kw_INSTANCE; } + YY_BREAK +case 41: +YY_RULE_SETUP +#line 103 "lex.l" +{ return kw_INTEGER; } + YY_BREAK +case 42: +YY_RULE_SETUP +#line 104 "lex.l" +{ return kw_INTERSECTION; } + YY_BREAK +case 43: +YY_RULE_SETUP +#line 105 "lex.l" +{ return kw_ISO646String; } + YY_BREAK +case 44: +YY_RULE_SETUP +#line 106 "lex.l" +{ return kw_MAX; } + YY_BREAK +case 45: +YY_RULE_SETUP +#line 107 "lex.l" +{ return kw_MIN; } + YY_BREAK +case 46: +YY_RULE_SETUP +#line 108 "lex.l" +{ return kw_MINUS_INFINITY; } + YY_BREAK +case 47: +YY_RULE_SETUP +#line 109 "lex.l" +{ return kw_NULL; } + YY_BREAK +case 48: +YY_RULE_SETUP +#line 110 "lex.l" +{ return kw_NumericString; } + YY_BREAK +case 49: +YY_RULE_SETUP +#line 111 "lex.l" +{ return kw_OBJECT; } + YY_BREAK +case 50: +YY_RULE_SETUP +#line 112 "lex.l" +{ return kw_OCTET; } + YY_BREAK +case 51: +YY_RULE_SETUP +#line 113 "lex.l" +{ return kw_OF; } + YY_BREAK +case 52: +YY_RULE_SETUP +#line 114 "lex.l" +{ return kw_OPTIONAL; } + YY_BREAK +case 53: +YY_RULE_SETUP +#line 115 "lex.l" +{ return kw_ObjectDescriptor; } + YY_BREAK +case 54: +YY_RULE_SETUP +#line 116 "lex.l" +{ return kw_PATTERN; } + YY_BREAK +case 55: +YY_RULE_SETUP +#line 117 "lex.l" +{ return kw_PDV; } + YY_BREAK +case 56: +YY_RULE_SETUP +#line 118 "lex.l" +{ return kw_PLUS_INFINITY; } + YY_BREAK +case 57: +YY_RULE_SETUP +#line 119 "lex.l" +{ return kw_PRESENT; } + YY_BREAK +case 58: +YY_RULE_SETUP +#line 120 "lex.l" +{ return kw_PRIVATE; } + YY_BREAK +case 59: +YY_RULE_SETUP +#line 121 "lex.l" +{ return kw_PrintableString; } + YY_BREAK +case 60: +YY_RULE_SETUP +#line 122 "lex.l" +{ return kw_REAL; } + YY_BREAK +case 61: +YY_RULE_SETUP +#line 123 "lex.l" +{ return kw_RELATIVE_OID; } + YY_BREAK +case 62: +YY_RULE_SETUP +#line 124 "lex.l" +{ return kw_SEQUENCE; } + YY_BREAK +case 63: +YY_RULE_SETUP +#line 125 "lex.l" +{ return kw_SET; } + YY_BREAK +case 64: +YY_RULE_SETUP +#line 126 "lex.l" +{ return kw_SIZE; } + YY_BREAK +case 65: +YY_RULE_SETUP +#line 127 "lex.l" +{ return kw_STRING; } + YY_BREAK +case 66: +YY_RULE_SETUP +#line 128 "lex.l" +{ return kw_SYNTAX; } + YY_BREAK +case 67: +YY_RULE_SETUP +#line 129 "lex.l" +{ return kw_T61String; } + YY_BREAK +case 68: +YY_RULE_SETUP +#line 130 "lex.l" +{ return kw_TAGS; } + YY_BREAK +case 69: +YY_RULE_SETUP +#line 131 "lex.l" +{ return kw_TRUE; } + YY_BREAK +case 70: +YY_RULE_SETUP +#line 132 "lex.l" +{ return kw_TYPE_IDENTIFIER; } + YY_BREAK +case 71: +YY_RULE_SETUP +#line 133 "lex.l" +{ return kw_TeletexString; } + YY_BREAK +case 72: +YY_RULE_SETUP +#line 134 "lex.l" +{ return kw_UNION; } + YY_BREAK +case 73: +YY_RULE_SETUP +#line 135 "lex.l" +{ return kw_UNIQUE; } + YY_BREAK +case 74: +YY_RULE_SETUP +#line 136 "lex.l" +{ return kw_UNIVERSAL; } + YY_BREAK +case 75: +YY_RULE_SETUP +#line 137 "lex.l" +{ return kw_UTCTime; } + YY_BREAK +case 76: +YY_RULE_SETUP +#line 138 "lex.l" +{ return kw_UTF8String; } + YY_BREAK +case 77: +YY_RULE_SETUP +#line 139 "lex.l" +{ return kw_UniversalString; } + YY_BREAK +case 78: +YY_RULE_SETUP +#line 140 "lex.l" +{ return kw_VideotexString; } + YY_BREAK +case 79: +YY_RULE_SETUP +#line 141 "lex.l" +{ return kw_VisibleString; } + YY_BREAK +case 80: +YY_RULE_SETUP +#line 142 "lex.l" +{ return kw_WITH; } + YY_BREAK +case 81: +YY_RULE_SETUP +#line 143 "lex.l" +{ return *yytext; } + YY_BREAK +case 82: +YY_RULE_SETUP +#line 144 "lex.l" +{ return *yytext; } + YY_BREAK +case 83: +YY_RULE_SETUP +#line 145 "lex.l" +{ return *yytext; } + YY_BREAK +case 84: +YY_RULE_SETUP +#line 146 "lex.l" +{ return EEQUAL; } + YY_BREAK +case 85: +YY_RULE_SETUP +#line 147 "lex.l" +{ + int c, start_lineno = lineno; + int f = 0; + while((c = input()) != EOF) { + if(f && c == '-') + break; + if(c == '-') { + f = 1; + continue; + } + if(c == '\n') { + lineno++; + break; + } + f = 0; + } + if(c == EOF) + unterminated("comment", start_lineno); + } + YY_BREAK +case 86: +YY_RULE_SETUP +#line 166 "lex.l" +{ + int c, start_lineno = lineno; + int level = 1; + int seen_star = 0; + int seen_slash = 0; + while((c = input()) != EOF) { + if(c == '/') { + if(seen_star) { + if(--level == 0) + break; + seen_star = 0; + continue; + } + seen_slash = 1; + continue; + } + if(seen_star && c == '/') { + if(--level == 0) + break; + seen_star = 0; + continue; + } + if(c == '*') { + if(seen_slash) { + level++; + seen_star = seen_slash = 0; + continue; + } + seen_star = 1; + continue; + } + seen_star = seen_slash = 0; + if(c == '\n') { + lineno++; + continue; + } + } + if(c == EOF) + unterminated("comment", start_lineno); + } + YY_BREAK +case 87: +YY_RULE_SETUP +#line 206 "lex.l" +{ + int start_lineno = lineno; + int c; + char buf[1024]; + char *p = buf; + int f = 0; + int skip_ws = 0; + + while((c = input()) != EOF) { + if(isspace(c) && skip_ws) { + if(c == '\n') + lineno++; + continue; + } + skip_ws = 0; + + if(c == '"') { + if(f) { + *p++ = '"'; + f = 0; + } else + f = 1; + continue; + } + if(f == 1) { + unput(c); + break; + } + if(c == '\n') { + lineno++; + while(p > buf && isspace((unsigned char)p[-1])) + p--; + skip_ws = 1; + continue; + } + *p++ = c; + } + if(c == EOF) + unterminated("string", start_lineno); + *p++ = '\0'; + fprintf(stderr, "string -- %s\n", buf); + yylval.name = estrdup(buf); + return STRING; + } + YY_BREAK +case 88: +YY_RULE_SETUP +#line 251 "lex.l" +{ char *e, *y = yytext; + yylval.constant = strtol((const char *)yytext, + &e, 0); + if(e == y) + error_message("malformed constant (%s)", yytext); + else + return NUMBER; + } + YY_BREAK +case 89: +YY_RULE_SETUP +#line 259 "lex.l" +{ + yylval.name = estrdup ((const char *)yytext); + return IDENTIFIER; + } + YY_BREAK +case 90: +YY_RULE_SETUP +#line 263 "lex.l" +; + YY_BREAK +case 91: +/* rule 91 can match eol */ +YY_RULE_SETUP +#line 264 "lex.l" +{ ++lineno; } + YY_BREAK +case 92: +YY_RULE_SETUP +#line 265 "lex.l" +{ return ELLIPSIS; } + YY_BREAK +case 93: +YY_RULE_SETUP +#line 266 "lex.l" +{ return RANGE; } + YY_BREAK +case 94: +YY_RULE_SETUP +#line 267 "lex.l" +{ error_message("Ignoring char(%c)\n", *yytext); } + YY_BREAK +case 95: +YY_RULE_SETUP +#line 268 "lex.l" +ECHO; + YY_BREAK +#line 1664 "lex.yy.c" +case YY_STATE_EOF(INITIAL): + yyterminate(); + + case YY_END_OF_BUFFER: + { + /* Amount of text matched not including the EOB char. */ + int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; + + /* Undo the effects of YY_DO_BEFORE_ACTION. */ + *yy_cp = (yy_hold_char); + YY_RESTORE_YY_MORE_OFFSET + + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) + { + /* We're scanning a new file or input source. It's + * possible that this happened because the user + * just pointed yyin at a new source and called + * yylex(). If so, then we have to assure + * consistency between YY_CURRENT_BUFFER and our + * globals. Here is the right place to do so, because + * this is the first action (other than possibly a + * back-up) that will match for the new input source. + */ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; + } + + /* Note that here we test for yy_c_buf_p "<=" to the position + * of the first EOB in the buffer, since yy_c_buf_p will + * already have been incremented past the NUL character + * (since all states make transitions on EOB to the + * end-of-buffer state). Contrast this with the test + * in input(). + */ + if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + { /* This was really a NUL. */ + yy_state_type yy_next_state; + + (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state( ); + + /* Okay, we're now positioned to make the NUL + * transition. We couldn't have + * yy_get_previous_state() go ahead and do it + * for us because it doesn't know how to deal + * with the possibility of jamming (and we don't + * want to build jamming into it because then it + * will run more slowly). + */ + + yy_next_state = yy_try_NUL_trans( yy_current_state ); + + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + + if ( yy_next_state ) + { + /* Consume the NUL. */ + yy_cp = ++(yy_c_buf_p); + yy_current_state = yy_next_state; + goto yy_match; + } + + else + { + yy_cp = (yy_c_buf_p); + goto yy_find_action; + } + } + + else switch ( yy_get_next_buffer( ) ) + { + case EOB_ACT_END_OF_FILE: + { + (yy_did_buffer_switch_on_eof) = 0; + + if ( yywrap( ) ) + { + /* Note: because we've taken care in + * yy_get_next_buffer() to have set up + * yytext, we can now set up + * yy_c_buf_p so that if some total + * hoser (like flex itself) wants to + * call the scanner after we return the + * YY_NULL, it'll still work - another + * YY_NULL will get returned. + */ + (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; + + yy_act = YY_STATE_EOF(YY_START); + goto do_action; + } + + else + { + if ( ! (yy_did_buffer_switch_on_eof) ) + YY_NEW_FILE; + } + break; + } + + case EOB_ACT_CONTINUE_SCAN: + (yy_c_buf_p) = + (yytext_ptr) + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state( ); + + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + goto yy_match; + + case EOB_ACT_LAST_MATCH: + (yy_c_buf_p) = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; + + yy_current_state = yy_get_previous_state( ); + + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + goto yy_find_action; + } + break; + } + + default: + YY_FATAL_ERROR( + "fatal flex scanner internal error--no action found" ); + } /* end of action switch */ + } /* end of scanning one token */ +} /* end of yylex */ + +/* yy_get_next_buffer - try to read in a new buffer + * + * Returns a code representing an action: + * EOB_ACT_LAST_MATCH - + * EOB_ACT_CONTINUE_SCAN - continue scanning from current position + * EOB_ACT_END_OF_FILE - end of file + */ +static int yy_get_next_buffer (void) +{ + register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + register char *source = (yytext_ptr); + register int number_to_move, i; + int ret_val; + + if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) + YY_FATAL_ERROR( + "fatal flex scanner internal error--end of buffer missed" ); + + if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) + { /* Don't try to fill the buffer, so this is an EOF. */ + if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) + { + /* We matched a single character, the EOB, so + * treat this as a final EOF. + */ + return EOB_ACT_END_OF_FILE; + } + + else + { + /* We matched some text prior to the EOB, first + * process it. + */ + return EOB_ACT_LAST_MATCH; + } + } + + /* Try to read more data. */ + + /* First move last chars to start of buffer. */ + number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + + for ( i = 0; i < number_to_move; ++i ) + *(dest++) = *(source++); + + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + /* don't do the read, it's not guaranteed to return an EOF, + * just force an EOF + */ + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; + + else + { + size_t num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) + { /* Not enough room in the buffer - grow it. */ + + /* just a shorter name for the current buffer */ + YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + + int yy_c_buf_p_offset = + (int) ((yy_c_buf_p) - b->yy_ch_buf); + + if ( b->yy_is_our_buffer ) + { + int new_size = b->yy_buf_size * 2; + + if ( new_size <= 0 ) + b->yy_buf_size += b->yy_buf_size / 8; + else + b->yy_buf_size *= 2; + + b->yy_ch_buf = (char *) + /* Include room in for 2 EOB chars. */ + yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); + } + else + /* Can't grow it, we don't own it. */ + b->yy_ch_buf = 0; + + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( + "fatal error - scanner input buffer overflow" ); + + (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; + + num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - + number_to_move - 1; + + } + + if ( num_to_read > YY_READ_BUF_SIZE ) + num_to_read = YY_READ_BUF_SIZE; + + /* Read in more data. */ + YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), + (yy_n_chars), num_to_read ); + + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + if ( (yy_n_chars) == 0 ) + { + if ( number_to_move == YY_MORE_ADJ ) + { + ret_val = EOB_ACT_END_OF_FILE; + yyrestart(yyin ); + } + + else + { + ret_val = EOB_ACT_LAST_MATCH; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = + YY_BUFFER_EOF_PENDING; + } + } + + else + ret_val = EOB_ACT_CONTINUE_SCAN; + + (yy_n_chars) += number_to_move; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; + + (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; + + return ret_val; +} + +/* yy_get_previous_state - get the state just before the EOB char was reached */ + + static yy_state_type yy_get_previous_state (void) +{ + register yy_state_type yy_current_state; + register char *yy_cp; + + yy_current_state = (yy_start); + + for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) + { + register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 568 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + } + + return yy_current_state; +} + +/* yy_try_NUL_trans - try to make a transition on the NUL character + * + * synopsis + * next_state = yy_try_NUL_trans( current_state ); + */ + static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) +{ + register int yy_is_jam; + register char *yy_cp = (yy_c_buf_p); + + register YY_CHAR yy_c = 1; + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 568 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + yy_is_jam = (yy_current_state == 567); + + return yy_is_jam ? 0 : yy_current_state; +} + + static void yyunput (int c, register char * yy_bp ) +{ + register char *yy_cp; + + yy_cp = (yy_c_buf_p); + + /* undo effects of setting up yytext */ + *yy_cp = (yy_hold_char); + + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + { /* need to shift things up to make room */ + /* +2 for EOB chars. */ + register int number_to_move = (yy_n_chars) + 2; + register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; + register char *source = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; + + while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + *--dest = *--source; + + yy_cp += (int) (dest - source); + yy_bp += (int) (dest - source); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + YY_FATAL_ERROR( "flex scanner push-back overflow" ); + } + + *--yy_cp = (char) c; + + (yytext_ptr) = yy_bp; + (yy_hold_char) = *yy_cp; + (yy_c_buf_p) = yy_cp; +} + +#ifndef YY_NO_INPUT +#ifdef __cplusplus + static int yyinput (void) +#else + static int input (void) +#endif + +{ + int c; + + *(yy_c_buf_p) = (yy_hold_char); + + if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) + { + /* yy_c_buf_p now points to the character we want to return. + * If this occurs *before* the EOB characters, then it's a + * valid NUL; if not, then we've hit the end of the buffer. + */ + if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + /* This was really a NUL. */ + *(yy_c_buf_p) = '\0'; + + else + { /* need more input */ + int offset = (yy_c_buf_p) - (yytext_ptr); + ++(yy_c_buf_p); + + switch ( yy_get_next_buffer( ) ) + { + case EOB_ACT_LAST_MATCH: + /* This happens because yy_g_n_b() + * sees that we've accumulated a + * token and flags that we need to + * try matching the token before + * proceeding. But for input(), + * there's no matching to consider. + * So convert the EOB_ACT_LAST_MATCH + * to EOB_ACT_END_OF_FILE. + */ + + /* Reset buffer status. */ + yyrestart(yyin ); + + /*FALLTHROUGH*/ + + case EOB_ACT_END_OF_FILE: + { + if ( yywrap( ) ) + return EOF; + + if ( ! (yy_did_buffer_switch_on_eof) ) + YY_NEW_FILE; +#ifdef __cplusplus + return yyinput(); +#else + return input(); +#endif + } + + case EOB_ACT_CONTINUE_SCAN: + (yy_c_buf_p) = (yytext_ptr) + offset; + break; + } + } + } + + c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ + *(yy_c_buf_p) = '\0'; /* preserve yytext */ + (yy_hold_char) = *++(yy_c_buf_p); + + return c; +} +#endif /* ifndef YY_NO_INPUT */ + +/** Immediately switch to a different input stream. + * @param input_file A readable stream. + * + * @note This function does not reset the start condition to @c INITIAL . + */ + void yyrestart (FILE * input_file ) +{ + + if ( ! YY_CURRENT_BUFFER ){ + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } + + yy_init_buffer(YY_CURRENT_BUFFER,input_file ); + yy_load_buffer_state( ); +} + +/** Switch to a different input buffer. + * @param new_buffer The new input buffer. + * + */ + void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) +{ + + /* TODO. We should be able to replace this entire function body + * with + * yypop_buffer_state(); + * yypush_buffer_state(new_buffer); + */ + yyensure_buffer_stack (); + if ( YY_CURRENT_BUFFER == new_buffer ) + return; + + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + YY_CURRENT_BUFFER_LVALUE = new_buffer; + yy_load_buffer_state( ); + + /* We don't actually know whether we did this switch during + * EOF (yywrap()) processing, but the only time this flag + * is looked at is after yywrap() is called, so it's safe + * to go ahead and always set it. + */ + (yy_did_buffer_switch_on_eof) = 1; +} + +static void yy_load_buffer_state (void) +{ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; + yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; + (yy_hold_char) = *(yy_c_buf_p); +} + +/** Allocate and initialize an input buffer state. + * @param file A readable stream. + * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. + * + * @return the allocated buffer state. + */ + YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) +{ + YY_BUFFER_STATE b; + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_buf_size = size; + + /* yy_ch_buf has to be 2 characters longer than the size given because + * we need to put in 2 end-of-buffer characters. + */ + b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_is_our_buffer = 1; + + yy_init_buffer(b,file ); + + return b; +} + +/** Destroy the buffer. + * @param b a buffer created with yy_create_buffer() + * + */ + void yy_delete_buffer (YY_BUFFER_STATE b ) +{ + + if ( ! b ) + return; + + if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ + YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; + + if ( b->yy_is_our_buffer ) + yyfree((void *) b->yy_ch_buf ); + + yyfree((void *) b ); +} + +#ifndef __cplusplus +extern int isatty (int ); +#endif /* __cplusplus */ + +/* Initializes or reinitializes a buffer. + * This function is sometimes called more than once on the same buffer, + * such as during a yyrestart() or at EOF. + */ + static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) + +{ + int oerrno = errno; + + yy_flush_buffer(b ); + + b->yy_input_file = file; + b->yy_fill_buffer = 1; + + /* If b is the current buffer, then yy_init_buffer was _probably_ + * called from yyrestart() or through yy_get_next_buffer. + * In that case, we don't want to reset the lineno or column. + */ + if (b != YY_CURRENT_BUFFER){ + b->yy_bs_lineno = 1; + b->yy_bs_column = 0; + } + + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; + + errno = oerrno; +} + +/** Discard all buffered characters. On the next scan, YY_INPUT will be called. + * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. + * + */ + void yy_flush_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) + return; + + b->yy_n_chars = 0; + + /* We always need two end-of-buffer characters. The first causes + * a transition to the end-of-buffer state. The second causes + * a jam in that state. + */ + b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; + b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; + + b->yy_buf_pos = &b->yy_ch_buf[0]; + + b->yy_at_bol = 1; + b->yy_buffer_status = YY_BUFFER_NEW; + + if ( b == YY_CURRENT_BUFFER ) + yy_load_buffer_state( ); +} + +/** Pushes the new state onto the stack. The new state becomes + * the current state. This function will allocate the stack + * if necessary. + * @param new_buffer The new state. + * + */ +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) +{ + if (new_buffer == NULL) + return; + + yyensure_buffer_stack(); + + /* This block is copied from yy_switch_to_buffer. */ + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + /* Only push if top exists. Otherwise, replace top. */ + if (YY_CURRENT_BUFFER) + (yy_buffer_stack_top)++; + YY_CURRENT_BUFFER_LVALUE = new_buffer; + + /* copied from yy_switch_to_buffer. */ + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; +} + +/** Removes and deletes the top of the stack, if present. + * The next element becomes the new top. + * + */ +void yypop_buffer_state (void) +{ + if (!YY_CURRENT_BUFFER) + return; + + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + if ((yy_buffer_stack_top) > 0) + --(yy_buffer_stack_top); + + if (YY_CURRENT_BUFFER) { + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; + } +} + +/* Allocates the stack if it does not exist. + * Guarantees space for at least one push. + */ +static void yyensure_buffer_stack (void) +{ + int num_to_alloc; + + if (!(yy_buffer_stack)) { + + /* First allocation is just for 2 elements, since we don't know if this + * scanner will even need a stack. We use 2 instead of 1 to avoid an + * immediate realloc on the next call. + */ + num_to_alloc = 1; + (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc + (num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); + + (yy_buffer_stack_max) = num_to_alloc; + (yy_buffer_stack_top) = 0; + return; + } + + if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ + + /* Increase the buffer to prepare for a possible push. */ + int grow_size = 8 /* arbitrary grow size */; + + num_to_alloc = (yy_buffer_stack_max) + grow_size; + (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc + ((yy_buffer_stack), + num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + /* zero only the new slots.*/ + memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); + (yy_buffer_stack_max) = num_to_alloc; + } +} + +/** Setup the input buffer state to scan directly from a user-specified character buffer. + * @param base the character buffer + * @param size the size in bytes of the character buffer + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) +{ + YY_BUFFER_STATE b; + + if ( size < 2 || + base[size-2] != YY_END_OF_BUFFER_CHAR || + base[size-1] != YY_END_OF_BUFFER_CHAR ) + /* They forgot to leave room for the EOB's. */ + return 0; + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); + + b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ + b->yy_buf_pos = b->yy_ch_buf = base; + b->yy_is_our_buffer = 0; + b->yy_input_file = 0; + b->yy_n_chars = b->yy_buf_size; + b->yy_is_interactive = 0; + b->yy_at_bol = 1; + b->yy_fill_buffer = 0; + b->yy_buffer_status = YY_BUFFER_NEW; + + yy_switch_to_buffer(b ); + + return b; +} + +/** Setup the input buffer state to scan a string. The next call to yylex() will + * scan from a @e copy of @a str. + * @param yy_str a NUL-terminated string to scan + * + * @return the newly allocated buffer state object. + * @note If you want to scan bytes that may contain NUL values, then use + * yy_scan_bytes() instead. + */ +YY_BUFFER_STATE yy_scan_string (yyconst char * yy_str ) +{ + + return yy_scan_bytes(yy_str,strlen(yy_str) ); +} + +/** Setup the input buffer state to scan the given bytes. The next call to yylex() will + * scan from a @e copy of @a bytes. + * @param bytes the byte buffer to scan + * @param len the number of bytes in the buffer pointed to by @a bytes. + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) +{ + YY_BUFFER_STATE b; + char *buf; + yy_size_t n; + int i; + + /* Get memory for full buffer, including space for trailing EOB's. */ + n = len + 2; + buf = (char *) yyalloc(n ); + if ( ! buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); + + for ( i = 0; i < len; ++i ) + buf[i] = bytes[i]; + + buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; + + b = yy_scan_buffer(buf,n ); + if ( ! b ) + YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); + + /* It's okay to grow etc. this buffer, and we should throw it + * away when we're done. + */ + b->yy_is_our_buffer = 1; + + return b; +} + +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif + +static void yy_fatal_error (yyconst char* msg ) +{ + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); +} + +/* Redefine yyless() so it works in section 3 code. */ + +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + yytext[yyleng] = (yy_hold_char); \ + (yy_c_buf_p) = yytext + yyless_macro_arg; \ + (yy_hold_char) = *(yy_c_buf_p); \ + *(yy_c_buf_p) = '\0'; \ + yyleng = yyless_macro_arg; \ + } \ + while ( 0 ) + +/* Accessor methods (get/set functions) to struct members. */ + +/** Get the current line number. + * + */ +int yyget_lineno (void) +{ + + return yylineno; +} + +/** Get the input stream. + * + */ +FILE *yyget_in (void) +{ + return yyin; +} + +/** Get the output stream. + * + */ +FILE *yyget_out (void) +{ + return yyout; +} + +/** Get the length of the current token. + * + */ +int yyget_leng (void) +{ + return yyleng; +} + +/** Get the current token. + * + */ + +char *yyget_text (void) +{ + return yytext; +} + +/** Set the current line number. + * @param line_number + * + */ +void yyset_lineno (int line_number ) +{ + + yylineno = line_number; +} + +/** Set the input stream. This does not discard the current + * input buffer. + * @param in_str A readable stream. + * + * @see yy_switch_to_buffer + */ +void yyset_in (FILE * in_str ) +{ + yyin = in_str ; +} + +void yyset_out (FILE * out_str ) +{ + yyout = out_str ; +} + +int yyget_debug (void) +{ + return yy_flex_debug; +} + +void yyset_debug (int bdebug ) +{ + yy_flex_debug = bdebug ; +} + +/* yylex_destroy is for both reentrant and non-reentrant scanners. */ +int yylex_destroy (void) +{ + + /* Pop the buffer stack, destroying each element. */ + while(YY_CURRENT_BUFFER){ + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + yypop_buffer_state(); + } + + /* Destroy the stack itself. */ + yyfree((yy_buffer_stack) ); + (yy_buffer_stack) = NULL; + + return 0; +} + +/* + * Internal utility routines. + */ + +#ifndef yytext_ptr +static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) +{ + register int i; + for ( i = 0; i < n; ++i ) + s1[i] = s2[i]; +} +#endif + +#ifdef YY_NEED_STRLEN +static int yy_flex_strlen (yyconst char * s ) +{ + register int n; + for ( n = 0; s[n]; ++n ) + ; + + return n; +} +#endif + +void *yyalloc (yy_size_t size ) +{ + return (void *) malloc( size ); +} + +void *yyrealloc (void * ptr, yy_size_t size ) +{ + /* The cast to (char *) in the following accommodates both + * implementations that use char* generic pointers, and those + * that use void* generic pointers. It works with the latter + * because both ANSI C and C++ allow castless assignment from + * any pointer type to void*, and deal with argument conversions + * as though doing an assignment. + */ + return (void *) realloc( (char *) ptr, size ); +} + +void yyfree (void * ptr ) +{ + free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ +} + +#define YYTABLES_NAME "yytables" + +#undef YY_NEW_FILE +#undef YY_FLUSH_BUFFER +#undef yy_set_bol +#undef yy_new_buffer +#undef yy_set_interactive +#undef yytext_ptr +#undef YY_DO_BEFORE_ACTION + +#ifdef YY_DECL_IS_OURS +#undef YY_DECL_IS_OURS +#undef YY_DECL +#endif +#line 268 "lex.l" + + + +#ifndef yywrap /* XXX */ +int +yywrap () +{ + return 1; +} +#endif + +void +error_message (const char *format, ...) +{ + va_list args; + + va_start (args, format); + fprintf (stderr, "%s:%d: ", get_filename(), lineno); + vfprintf (stderr, format, args); + va_end (args); + error_flag++; +} + +static void +unterminated(const char *type, unsigned start_lineno) +{ + error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); +} + diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c new file mode 100644 index 0000000000..f19c1b26f3 --- /dev/null +++ b/source4/heimdal/lib/com_err/lex.c @@ -0,0 +1,1862 @@ + +#line 3 "lex.yy.c" + +#define YY_INT_ALIGNED short int + +/* A lexical scanner generated by flex */ + +#define FLEX_SCANNER +#define YY_FLEX_MAJOR_VERSION 2 +#define YY_FLEX_MINOR_VERSION 5 +#define YY_FLEX_SUBMINOR_VERSION 31 +#if YY_FLEX_SUBMINOR_VERSION > 0 +#define FLEX_BETA +#endif + +/* First, we deal with platform-specific or compiler-specific issues. */ + +/* begin standard C headers. */ +#include +#include +#include +#include + +/* end standard C headers. */ + +/* flex integer type definitions */ + +#ifndef FLEXINT_H +#define FLEXINT_H + +/* C99 systems have . Non-C99 systems may or may not. */ + +#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L +#include +typedef int8_t flex_int8_t; +typedef uint8_t flex_uint8_t; +typedef int16_t flex_int16_t; +typedef uint16_t flex_uint16_t; +typedef int32_t flex_int32_t; +typedef uint32_t flex_uint32_t; +#else +typedef signed char flex_int8_t; +typedef short int flex_int16_t; +typedef int flex_int32_t; +typedef unsigned char flex_uint8_t; +typedef unsigned short int flex_uint16_t; +typedef unsigned int flex_uint32_t; +#endif /* ! C99 */ + +/* Limits of integral types. */ +#ifndef INT8_MIN +#define INT8_MIN (-128) +#endif +#ifndef INT16_MIN +#define INT16_MIN (-32767-1) +#endif +#ifndef INT32_MIN +#define INT32_MIN (-2147483647-1) +#endif +#ifndef INT8_MAX +#define INT8_MAX (127) +#endif +#ifndef INT16_MAX +#define INT16_MAX (32767) +#endif +#ifndef INT32_MAX +#define INT32_MAX (2147483647) +#endif +#ifndef UINT8_MAX +#define UINT8_MAX (255U) +#endif +#ifndef UINT16_MAX +#define UINT16_MAX (65535U) +#endif +#ifndef UINT32_MAX +#define UINT32_MAX (4294967295U) +#endif + +#endif /* ! FLEXINT_H */ + +#ifdef __cplusplus + +/* The "const" storage-class-modifier is valid. */ +#define YY_USE_CONST + +#else /* ! __cplusplus */ + +#if __STDC__ + +#define YY_USE_CONST + +#endif /* __STDC__ */ +#endif /* ! __cplusplus */ + +#ifdef YY_USE_CONST +#define yyconst const +#else +#define yyconst +#endif + +/* Returned upon end-of-file. */ +#define YY_NULL 0 + +/* Promotes a possibly negative, possibly signed char to an unsigned + * integer for use as an array index. If the signed char is negative, + * we want to instead treat it as an 8-bit unsigned char, hence the + * double cast. + */ +#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) + +/* Enter a start condition. This macro really ought to take a parameter, + * but we do it the disgusting crufty way forced on us by the ()-less + * definition of BEGIN. + */ +#define BEGIN (yy_start) = 1 + 2 * + +/* Translate the current start state into a value that can be later handed + * to BEGIN to return to the state. The YYSTATE alias is for lex + * compatibility. + */ +#define YY_START (((yy_start) - 1) / 2) +#define YYSTATE YY_START + +/* Action number for EOF rule of a given start state. */ +#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) + +/* Special action meaning "start processing a new file". */ +#define YY_NEW_FILE yyrestart(yyin ) + +#define YY_END_OF_BUFFER_CHAR 0 + +/* Size of default input buffer. */ +#ifndef YY_BUF_SIZE +#define YY_BUF_SIZE 16384 +#endif + +#ifndef YY_TYPEDEF_YY_BUFFER_STATE +#define YY_TYPEDEF_YY_BUFFER_STATE +typedef struct yy_buffer_state *YY_BUFFER_STATE; +#endif + +extern int yyleng; + +extern FILE *yyin, *yyout; + +#define EOB_ACT_CONTINUE_SCAN 0 +#define EOB_ACT_END_OF_FILE 1 +#define EOB_ACT_LAST_MATCH 2 + + #define YY_LESS_LINENO(n) + +/* Return all but the first "n" matched characters back to the input stream. */ +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + *yy_cp = (yy_hold_char); \ + YY_RESTORE_YY_MORE_OFFSET \ + (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ + YY_DO_BEFORE_ACTION; /* set up yytext again */ \ + } \ + while ( 0 ) + +#define unput(c) yyunput( c, (yytext_ptr) ) + +/* The following is because we cannot portably get our hands on size_t + * (without autoconf's help, which isn't available because we want + * flex-generated scanners to compile on their own). + */ + +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef unsigned int yy_size_t; +#endif + +#ifndef YY_STRUCT_YY_BUFFER_STATE +#define YY_STRUCT_YY_BUFFER_STATE +struct yy_buffer_state + { + FILE *yy_input_file; + + char *yy_ch_buf; /* input buffer */ + char *yy_buf_pos; /* current position in input buffer */ + + /* Size of input buffer in bytes, not including room for EOB + * characters. + */ + yy_size_t yy_buf_size; + + /* Number of characters read into yy_ch_buf, not including EOB + * characters. + */ + int yy_n_chars; + + /* Whether we "own" the buffer - i.e., we know we created it, + * and can realloc() it to grow it, and should free() it to + * delete it. + */ + int yy_is_our_buffer; + + /* Whether this is an "interactive" input source; if so, and + * if we're using stdio for input, then we want to use getc() + * instead of fread(), to make sure we stop fetching input after + * each newline. + */ + int yy_is_interactive; + + /* Whether we're considered to be at the beginning of a line. + * If so, '^' rules will be active on the next match, otherwise + * not. + */ + int yy_at_bol; + + int yy_bs_lineno; /**< The line count. */ + int yy_bs_column; /**< The column count. */ + + /* Whether to try to fill the input buffer when we reach the + * end of it. + */ + int yy_fill_buffer; + + int yy_buffer_status; + +#define YY_BUFFER_NEW 0 +#define YY_BUFFER_NORMAL 1 + /* When an EOF's been seen but there's still some text to process + * then we mark the buffer as YY_EOF_PENDING, to indicate that we + * shouldn't try reading from the input source any more. We might + * still have a bunch of tokens to match, though, because of + * possible backing-up. + * + * When we actually see the EOF, we change the status to "new" + * (via yyrestart()), so that the user can continue scanning by + * just pointing yyin at a new input file. + */ +#define YY_BUFFER_EOF_PENDING 2 + + }; +#endif /* !YY_STRUCT_YY_BUFFER_STATE */ + +/* Stack of input buffers. */ +static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ +static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ +static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ + +/* We provide macros for accessing buffer states in case in the + * future we want to put the buffer states in a more general + * "scanner state". + * + * Returns the top of the stack, or NULL. + */ +#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ + ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ + : NULL) + +/* Same as previous macro, but useful when we know that the buffer stack is not + * NULL or when we need an lvalue. For internal use only. + */ +#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] + +/* yy_hold_char holds the character lost when yytext is formed. */ +static char yy_hold_char; +static int yy_n_chars; /* number of characters read into yy_ch_buf */ +int yyleng; + +/* Points to current character in buffer. */ +static char *yy_c_buf_p = (char *) 0; +static int yy_init = 1; /* whether we need to initialize */ +static int yy_start = 0; /* start state number */ + +/* Flag which is used to allow yywrap()'s to do buffer switches + * instead of setting up a fresh yyin. A bit of a hack ... + */ +static int yy_did_buffer_switch_on_eof; + +void yyrestart (FILE *input_file ); +void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); +YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); +void yy_delete_buffer (YY_BUFFER_STATE b ); +void yy_flush_buffer (YY_BUFFER_STATE b ); +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); +void yypop_buffer_state (void ); + +static void yyensure_buffer_stack (void ); +static void yy_load_buffer_state (void ); +static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); + +#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) + +YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); +YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); +YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); + +void *yyalloc (yy_size_t ); +void *yyrealloc (void *,yy_size_t ); +void yyfree (void * ); + +#define yy_new_buffer yy_create_buffer + +#define yy_set_interactive(is_interactive) \ + { \ + if ( ! YY_CURRENT_BUFFER ){ \ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ + } + +#define yy_set_bol(at_bol) \ + { \ + if ( ! YY_CURRENT_BUFFER ){\ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ + } + +#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) + +/* Begin user sect3 */ + +typedef unsigned char YY_CHAR; + +FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; + +typedef int yy_state_type; + +extern int yylineno; + +int yylineno = 1; + +extern char *yytext; +#define yytext_ptr yytext + +static yy_state_type yy_get_previous_state (void ); +static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); +static int yy_get_next_buffer (void ); +static void yy_fatal_error (yyconst char msg[] ); + +/* Done after the current pattern has been matched and before the + * corresponding action - sets up yytext. + */ +#define YY_DO_BEFORE_ACTION \ + (yytext_ptr) = yy_bp; \ + yyleng = (size_t) (yy_cp - yy_bp); \ + (yy_hold_char) = *yy_cp; \ + *yy_cp = '\0'; \ + (yy_c_buf_p) = yy_cp; + +#define YY_NUM_RULES 16 +#define YY_END_OF_BUFFER 17 +/* This struct is not used in this scanner, + but its presence is necessary. */ +struct yy_trans_info + { + flex_int32_t yy_verify; + flex_int32_t yy_nxt; + }; +static yyconst flex_int16_t yy_accept[46] = + { 0, + 0, 0, 17, 15, 11, 12, 13, 10, 9, 14, + 14, 14, 14, 10, 9, 14, 3, 14, 14, 1, + 7, 14, 14, 8, 14, 14, 14, 14, 14, 14, + 14, 6, 14, 14, 5, 14, 14, 14, 14, 14, + 14, 4, 14, 2, 0 + } ; + +static yyconst flex_int32_t yy_ec[256] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 2, 1, 4, 5, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 6, 6, 6, + 6, 6, 6, 6, 6, 6, 6, 1, 1, 1, + 1, 1, 1, 1, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, + 1, 1, 1, 1, 8, 1, 9, 10, 11, 12, + + 13, 14, 7, 7, 15, 7, 7, 16, 7, 17, + 18, 19, 7, 20, 7, 21, 7, 7, 7, 22, + 7, 7, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1 + } ; + +static yyconst flex_int32_t yy_meta[23] = + { 0, + 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, + 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, + 3, 3 + } ; + +static yyconst flex_int16_t yy_base[48] = + { 0, + 0, 0, 56, 57, 57, 57, 57, 0, 49, 0, + 12, 13, 34, 0, 47, 0, 0, 40, 31, 0, + 0, 38, 36, 0, 30, 34, 32, 25, 22, 28, + 34, 0, 19, 13, 0, 22, 30, 26, 26, 18, + 12, 0, 14, 0, 57, 34, 23 + } ; + +static yyconst flex_int16_t yy_def[48] = + { 0, + 45, 1, 45, 45, 45, 45, 45, 46, 47, 47, + 47, 47, 47, 46, 47, 47, 47, 47, 47, 47, + 47, 47, 47, 47, 47, 47, 47, 47, 47, 47, + 47, 47, 47, 47, 47, 47, 47, 47, 47, 47, + 47, 47, 47, 47, 0, 45, 45 + } ; + +static yyconst flex_int16_t yy_nxt[80] = + { 0, + 4, 5, 6, 7, 8, 9, 10, 10, 10, 10, + 10, 10, 11, 10, 12, 10, 10, 10, 13, 10, + 10, 10, 17, 36, 21, 16, 44, 43, 18, 22, + 42, 19, 20, 37, 14, 41, 14, 40, 39, 38, + 35, 34, 33, 32, 31, 30, 29, 28, 27, 26, + 25, 24, 15, 23, 15, 45, 3, 45, 45, 45, + 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, + 45, 45, 45, 45, 45, 45, 45, 45, 45 + } ; + +static yyconst flex_int16_t yy_chk[80] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 11, 34, 12, 47, 43, 41, 11, 12, + 40, 11, 11, 34, 46, 39, 46, 38, 37, 36, + 33, 31, 30, 29, 28, 27, 26, 25, 23, 22, + 19, 18, 15, 13, 9, 3, 45, 45, 45, 45, + 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, + 45, 45, 45, 45, 45, 45, 45, 45, 45 + } ; + +static yy_state_type yy_last_accepting_state; +static char *yy_last_accepting_cpos; + +extern int yy_flex_debug; +int yy_flex_debug = 0; + +/* The intent behind this definition is that it'll catch + * any uses of REJECT which flex missed. + */ +#define REJECT reject_used_but_not_detected +#define yymore() yymore_used_but_not_detected +#define YY_MORE_ADJ 0 +#define YY_RESTORE_YY_MORE_OFFSET +char *yytext; +#line 1 "lex.l" +#line 2 "lex.l" +/* + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * This is to handle the definition of this symbol in some AIX + * headers, which will conflict with the definition that lex will + * generate for it. It's only a problem for AIX lex. + */ + +#undef ECHO + +#include "compile_et.h" +#include "parse.h" +#include "lex.h" + +RCSID("$Id: lex.l,v 1.8 2005/05/16 08:52:54 lha Exp $"); + +static unsigned lineno = 1; +static int getstring(void); + +#define YY_NO_UNPUT + +#undef ECHO + +#line 524 "lex.yy.c" + +#define INITIAL 0 + +#ifndef YY_NO_UNISTD_H +/* Special case for "unistd.h", since it is non-ANSI. We include it way + * down here because we want the user's section 1 to have been scanned first. + * The user has a chance to override it with an option. + */ +#include +#endif + +#ifndef YY_EXTRA_TYPE +#define YY_EXTRA_TYPE void * +#endif + +/* Macros after this point can all be overridden by user definitions in + * section 1. + */ + +#ifndef YY_SKIP_YYWRAP +#ifdef __cplusplus +extern "C" int yywrap (void ); +#else +extern int yywrap (void ); +#endif +#endif + + static void yyunput (int c,char *buf_ptr ); + +#ifndef yytext_ptr +static void yy_flex_strncpy (char *,yyconst char *,int ); +#endif + +#ifdef YY_NEED_STRLEN +static int yy_flex_strlen (yyconst char * ); +#endif + +#ifndef YY_NO_INPUT + +#ifdef __cplusplus +static int yyinput (void ); +#else +static int input (void ); +#endif + +#endif + +/* Amount of stuff to slurp up with each read. */ +#ifndef YY_READ_BUF_SIZE +#define YY_READ_BUF_SIZE 8192 +#endif + +/* Copy whatever the last rule matched to the standard output. */ +#ifndef ECHO +/* This used to be an fputs(), but since the string might contain NUL's, + * we now use fwrite(). + */ +#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) +#endif + +/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, + * is returned in "result". + */ +#ifndef YY_INPUT +#define YY_INPUT(buf,result,max_size) \ + if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + { \ + int c = '*'; \ + size_t n; \ + for ( n = 0; n < max_size && \ + (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ + buf[n] = (char) c; \ + if ( c == '\n' ) \ + buf[n++] = (char) c; \ + if ( c == EOF && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + result = n; \ + } \ + else \ + { \ + errno=0; \ + while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ + { \ + if( errno != EINTR) \ + { \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + break; \ + } \ + errno=0; \ + clearerr(yyin); \ + } \ + }\ +\ + +#endif + +/* No semi-colon after return; correct usage is to write "yyterminate();" - + * we don't want an extra ';' after the "return" because that will cause + * some compilers to complain about unreachable statements. + */ +#ifndef yyterminate +#define yyterminate() return YY_NULL +#endif + +/* Number of entries by which start-condition stack grows. */ +#ifndef YY_START_STACK_INCR +#define YY_START_STACK_INCR 25 +#endif + +/* Report a fatal error. */ +#ifndef YY_FATAL_ERROR +#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) +#endif + +/* end tables serialization structures and prototypes */ + +/* Default declaration of generated scanner - a define so the user can + * easily add parameters. + */ +#ifndef YY_DECL +#define YY_DECL_IS_OURS 1 + +extern int yylex (void); + +#define YY_DECL int yylex (void) +#endif /* !YY_DECL */ + +/* Code executed at the beginning of each rule, after yytext and yyleng + * have been set up. + */ +#ifndef YY_USER_ACTION +#define YY_USER_ACTION +#endif + +/* Code executed at the end of each rule. */ +#ifndef YY_BREAK +#define YY_BREAK break; +#endif + +#define YY_RULE_SETUP \ + YY_USER_ACTION + +/** The main scanner function which does all the work. + */ +YY_DECL +{ + register yy_state_type yy_current_state; + register char *yy_cp, *yy_bp; + register int yy_act; + +#line 59 "lex.l" + +#line 677 "lex.yy.c" + + if ( (yy_init) ) + { + (yy_init) = 0; + +#ifdef YY_USER_INIT + YY_USER_INIT; +#endif + + if ( ! (yy_start) ) + (yy_start) = 1; /* first start state */ + + if ( ! yyin ) + yyin = stdin; + + if ( ! yyout ) + yyout = stdout; + + if ( ! YY_CURRENT_BUFFER ) { + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } + + yy_load_buffer_state( ); + } + + while ( 1 ) /* loops until end-of-file is reached */ + { + yy_cp = (yy_c_buf_p); + + /* Support of yytext. */ + *yy_cp = (yy_hold_char); + + /* yy_bp points to the position in yy_ch_buf of the start of + * the current run. + */ + yy_bp = yy_cp; + + yy_current_state = (yy_start); +yy_match: + do + { + register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 46 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + ++yy_cp; + } + while ( yy_base[yy_current_state] != 57 ); + +yy_find_action: + yy_act = yy_accept[yy_current_state]; + if ( yy_act == 0 ) + { /* have to back up */ + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); + yy_act = yy_accept[yy_current_state]; + } + + YY_DO_BEFORE_ACTION; + +do_action: /* This label is used only to access EOF actions. */ + + switch ( yy_act ) + { /* beginning of action switch */ + case 0: /* must back up */ + /* undo the effects of YY_DO_BEFORE_ACTION */ + *yy_cp = (yy_hold_char); + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); + goto yy_find_action; + +case 1: +YY_RULE_SETUP +#line 60 "lex.l" +{ return ET; } + YY_BREAK +case 2: +YY_RULE_SETUP +#line 61 "lex.l" +{ return ET; } + YY_BREAK +case 3: +YY_RULE_SETUP +#line 62 "lex.l" +{ return EC; } + YY_BREAK +case 4: +YY_RULE_SETUP +#line 63 "lex.l" +{ return EC; } + YY_BREAK +case 5: +YY_RULE_SETUP +#line 64 "lex.l" +{ return PREFIX; } + YY_BREAK +case 6: +YY_RULE_SETUP +#line 65 "lex.l" +{ return INDEX; } + YY_BREAK +case 7: +YY_RULE_SETUP +#line 66 "lex.l" +{ return ID; } + YY_BREAK +case 8: +YY_RULE_SETUP +#line 67 "lex.l" +{ return END; } + YY_BREAK +case 9: +YY_RULE_SETUP +#line 68 "lex.l" +{ yylval.number = atoi(yytext); return NUMBER; } + YY_BREAK +case 10: +YY_RULE_SETUP +#line 69 "lex.l" +; + YY_BREAK +case 11: +YY_RULE_SETUP +#line 70 "lex.l" +; + YY_BREAK +case 12: +/* rule 12 can match eol */ +YY_RULE_SETUP +#line 71 "lex.l" +{ lineno++; } + YY_BREAK +case 13: +YY_RULE_SETUP +#line 72 "lex.l" +{ return getstring(); } + YY_BREAK +case 14: +YY_RULE_SETUP +#line 73 "lex.l" +{ yylval.string = strdup(yytext); return STRING; } + YY_BREAK +case 15: +YY_RULE_SETUP +#line 74 "lex.l" +{ return *yytext; } + YY_BREAK +case 16: +YY_RULE_SETUP +#line 75 "lex.l" +ECHO; + YY_BREAK +#line 841 "lex.yy.c" +case YY_STATE_EOF(INITIAL): + yyterminate(); + + case YY_END_OF_BUFFER: + { + /* Amount of text matched not including the EOB char. */ + int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; + + /* Undo the effects of YY_DO_BEFORE_ACTION. */ + *yy_cp = (yy_hold_char); + YY_RESTORE_YY_MORE_OFFSET + + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) + { + /* We're scanning a new file or input source. It's + * possible that this happened because the user + * just pointed yyin at a new source and called + * yylex(). If so, then we have to assure + * consistency between YY_CURRENT_BUFFER and our + * globals. Here is the right place to do so, because + * this is the first action (other than possibly a + * back-up) that will match for the new input source. + */ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; + } + + /* Note that here we test for yy_c_buf_p "<=" to the position + * of the first EOB in the buffer, since yy_c_buf_p will + * already have been incremented past the NUL character + * (since all states make transitions on EOB to the + * end-of-buffer state). Contrast this with the test + * in input(). + */ + if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + { /* This was really a NUL. */ + yy_state_type yy_next_state; + + (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state( ); + + /* Okay, we're now positioned to make the NUL + * transition. We couldn't have + * yy_get_previous_state() go ahead and do it + * for us because it doesn't know how to deal + * with the possibility of jamming (and we don't + * want to build jamming into it because then it + * will run more slowly). + */ + + yy_next_state = yy_try_NUL_trans( yy_current_state ); + + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + + if ( yy_next_state ) + { + /* Consume the NUL. */ + yy_cp = ++(yy_c_buf_p); + yy_current_state = yy_next_state; + goto yy_match; + } + + else + { + yy_cp = (yy_c_buf_p); + goto yy_find_action; + } + } + + else switch ( yy_get_next_buffer( ) ) + { + case EOB_ACT_END_OF_FILE: + { + (yy_did_buffer_switch_on_eof) = 0; + + if ( yywrap( ) ) + { + /* Note: because we've taken care in + * yy_get_next_buffer() to have set up + * yytext, we can now set up + * yy_c_buf_p so that if some total + * hoser (like flex itself) wants to + * call the scanner after we return the + * YY_NULL, it'll still work - another + * YY_NULL will get returned. + */ + (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; + + yy_act = YY_STATE_EOF(YY_START); + goto do_action; + } + + else + { + if ( ! (yy_did_buffer_switch_on_eof) ) + YY_NEW_FILE; + } + break; + } + + case EOB_ACT_CONTINUE_SCAN: + (yy_c_buf_p) = + (yytext_ptr) + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state( ); + + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + goto yy_match; + + case EOB_ACT_LAST_MATCH: + (yy_c_buf_p) = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; + + yy_current_state = yy_get_previous_state( ); + + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + goto yy_find_action; + } + break; + } + + default: + YY_FATAL_ERROR( + "fatal flex scanner internal error--no action found" ); + } /* end of action switch */ + } /* end of scanning one token */ +} /* end of yylex */ + +/* yy_get_next_buffer - try to read in a new buffer + * + * Returns a code representing an action: + * EOB_ACT_LAST_MATCH - + * EOB_ACT_CONTINUE_SCAN - continue scanning from current position + * EOB_ACT_END_OF_FILE - end of file + */ +static int yy_get_next_buffer (void) +{ + register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + register char *source = (yytext_ptr); + register int number_to_move, i; + int ret_val; + + if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) + YY_FATAL_ERROR( + "fatal flex scanner internal error--end of buffer missed" ); + + if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) + { /* Don't try to fill the buffer, so this is an EOF. */ + if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) + { + /* We matched a single character, the EOB, so + * treat this as a final EOF. + */ + return EOB_ACT_END_OF_FILE; + } + + else + { + /* We matched some text prior to the EOB, first + * process it. + */ + return EOB_ACT_LAST_MATCH; + } + } + + /* Try to read more data. */ + + /* First move last chars to start of buffer. */ + number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + + for ( i = 0; i < number_to_move; ++i ) + *(dest++) = *(source++); + + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + /* don't do the read, it's not guaranteed to return an EOF, + * just force an EOF + */ + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; + + else + { + size_t num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) + { /* Not enough room in the buffer - grow it. */ + + /* just a shorter name for the current buffer */ + YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + + int yy_c_buf_p_offset = + (int) ((yy_c_buf_p) - b->yy_ch_buf); + + if ( b->yy_is_our_buffer ) + { + int new_size = b->yy_buf_size * 2; + + if ( new_size <= 0 ) + b->yy_buf_size += b->yy_buf_size / 8; + else + b->yy_buf_size *= 2; + + b->yy_ch_buf = (char *) + /* Include room in for 2 EOB chars. */ + yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); + } + else + /* Can't grow it, we don't own it. */ + b->yy_ch_buf = 0; + + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( + "fatal error - scanner input buffer overflow" ); + + (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; + + num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - + number_to_move - 1; + + } + + if ( num_to_read > YY_READ_BUF_SIZE ) + num_to_read = YY_READ_BUF_SIZE; + + /* Read in more data. */ + YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), + (yy_n_chars), num_to_read ); + + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + if ( (yy_n_chars) == 0 ) + { + if ( number_to_move == YY_MORE_ADJ ) + { + ret_val = EOB_ACT_END_OF_FILE; + yyrestart(yyin ); + } + + else + { + ret_val = EOB_ACT_LAST_MATCH; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = + YY_BUFFER_EOF_PENDING; + } + } + + else + ret_val = EOB_ACT_CONTINUE_SCAN; + + (yy_n_chars) += number_to_move; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; + + (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; + + return ret_val; +} + +/* yy_get_previous_state - get the state just before the EOB char was reached */ + + static yy_state_type yy_get_previous_state (void) +{ + register yy_state_type yy_current_state; + register char *yy_cp; + + yy_current_state = (yy_start); + + for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) + { + register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 46 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + } + + return yy_current_state; +} + +/* yy_try_NUL_trans - try to make a transition on the NUL character + * + * synopsis + * next_state = yy_try_NUL_trans( current_state ); + */ + static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) +{ + register int yy_is_jam; + register char *yy_cp = (yy_c_buf_p); + + register YY_CHAR yy_c = 1; + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 46 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + yy_is_jam = (yy_current_state == 45); + + return yy_is_jam ? 0 : yy_current_state; +} + + static void yyunput (int c, register char * yy_bp ) +{ + register char *yy_cp; + + yy_cp = (yy_c_buf_p); + + /* undo effects of setting up yytext */ + *yy_cp = (yy_hold_char); + + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + { /* need to shift things up to make room */ + /* +2 for EOB chars. */ + register int number_to_move = (yy_n_chars) + 2; + register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; + register char *source = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; + + while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + *--dest = *--source; + + yy_cp += (int) (dest - source); + yy_bp += (int) (dest - source); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + YY_FATAL_ERROR( "flex scanner push-back overflow" ); + } + + *--yy_cp = (char) c; + + (yytext_ptr) = yy_bp; + (yy_hold_char) = *yy_cp; + (yy_c_buf_p) = yy_cp; +} + +#ifndef YY_NO_INPUT +#ifdef __cplusplus + static int yyinput (void) +#else + static int input (void) +#endif + +{ + int c; + + *(yy_c_buf_p) = (yy_hold_char); + + if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) + { + /* yy_c_buf_p now points to the character we want to return. + * If this occurs *before* the EOB characters, then it's a + * valid NUL; if not, then we've hit the end of the buffer. + */ + if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + /* This was really a NUL. */ + *(yy_c_buf_p) = '\0'; + + else + { /* need more input */ + int offset = (yy_c_buf_p) - (yytext_ptr); + ++(yy_c_buf_p); + + switch ( yy_get_next_buffer( ) ) + { + case EOB_ACT_LAST_MATCH: + /* This happens because yy_g_n_b() + * sees that we've accumulated a + * token and flags that we need to + * try matching the token before + * proceeding. But for input(), + * there's no matching to consider. + * So convert the EOB_ACT_LAST_MATCH + * to EOB_ACT_END_OF_FILE. + */ + + /* Reset buffer status. */ + yyrestart(yyin ); + + /*FALLTHROUGH*/ + + case EOB_ACT_END_OF_FILE: + { + if ( yywrap( ) ) + return EOF; + + if ( ! (yy_did_buffer_switch_on_eof) ) + YY_NEW_FILE; +#ifdef __cplusplus + return yyinput(); +#else + return input(); +#endif + } + + case EOB_ACT_CONTINUE_SCAN: + (yy_c_buf_p) = (yytext_ptr) + offset; + break; + } + } + } + + c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ + *(yy_c_buf_p) = '\0'; /* preserve yytext */ + (yy_hold_char) = *++(yy_c_buf_p); + + return c; +} +#endif /* ifndef YY_NO_INPUT */ + +/** Immediately switch to a different input stream. + * @param input_file A readable stream. + * + * @note This function does not reset the start condition to @c INITIAL . + */ + void yyrestart (FILE * input_file ) +{ + + if ( ! YY_CURRENT_BUFFER ){ + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } + + yy_init_buffer(YY_CURRENT_BUFFER,input_file ); + yy_load_buffer_state( ); +} + +/** Switch to a different input buffer. + * @param new_buffer The new input buffer. + * + */ + void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) +{ + + /* TODO. We should be able to replace this entire function body + * with + * yypop_buffer_state(); + * yypush_buffer_state(new_buffer); + */ + yyensure_buffer_stack (); + if ( YY_CURRENT_BUFFER == new_buffer ) + return; + + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + YY_CURRENT_BUFFER_LVALUE = new_buffer; + yy_load_buffer_state( ); + + /* We don't actually know whether we did this switch during + * EOF (yywrap()) processing, but the only time this flag + * is looked at is after yywrap() is called, so it's safe + * to go ahead and always set it. + */ + (yy_did_buffer_switch_on_eof) = 1; +} + +static void yy_load_buffer_state (void) +{ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; + yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; + (yy_hold_char) = *(yy_c_buf_p); +} + +/** Allocate and initialize an input buffer state. + * @param file A readable stream. + * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. + * + * @return the allocated buffer state. + */ + YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) +{ + YY_BUFFER_STATE b; + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_buf_size = size; + + /* yy_ch_buf has to be 2 characters longer than the size given because + * we need to put in 2 end-of-buffer characters. + */ + b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_is_our_buffer = 1; + + yy_init_buffer(b,file ); + + return b; +} + +/** Destroy the buffer. + * @param b a buffer created with yy_create_buffer() + * + */ + void yy_delete_buffer (YY_BUFFER_STATE b ) +{ + + if ( ! b ) + return; + + if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ + YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; + + if ( b->yy_is_our_buffer ) + yyfree((void *) b->yy_ch_buf ); + + yyfree((void *) b ); +} + +#ifndef __cplusplus +extern int isatty (int ); +#endif /* __cplusplus */ + +/* Initializes or reinitializes a buffer. + * This function is sometimes called more than once on the same buffer, + * such as during a yyrestart() or at EOF. + */ + static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) + +{ + int oerrno = errno; + + yy_flush_buffer(b ); + + b->yy_input_file = file; + b->yy_fill_buffer = 1; + + /* If b is the current buffer, then yy_init_buffer was _probably_ + * called from yyrestart() or through yy_get_next_buffer. + * In that case, we don't want to reset the lineno or column. + */ + if (b != YY_CURRENT_BUFFER){ + b->yy_bs_lineno = 1; + b->yy_bs_column = 0; + } + + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; + + errno = oerrno; +} + +/** Discard all buffered characters. On the next scan, YY_INPUT will be called. + * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. + * + */ + void yy_flush_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) + return; + + b->yy_n_chars = 0; + + /* We always need two end-of-buffer characters. The first causes + * a transition to the end-of-buffer state. The second causes + * a jam in that state. + */ + b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; + b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; + + b->yy_buf_pos = &b->yy_ch_buf[0]; + + b->yy_at_bol = 1; + b->yy_buffer_status = YY_BUFFER_NEW; + + if ( b == YY_CURRENT_BUFFER ) + yy_load_buffer_state( ); +} + +/** Pushes the new state onto the stack. The new state becomes + * the current state. This function will allocate the stack + * if necessary. + * @param new_buffer The new state. + * + */ +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) +{ + if (new_buffer == NULL) + return; + + yyensure_buffer_stack(); + + /* This block is copied from yy_switch_to_buffer. */ + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + /* Only push if top exists. Otherwise, replace top. */ + if (YY_CURRENT_BUFFER) + (yy_buffer_stack_top)++; + YY_CURRENT_BUFFER_LVALUE = new_buffer; + + /* copied from yy_switch_to_buffer. */ + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; +} + +/** Removes and deletes the top of the stack, if present. + * The next element becomes the new top. + * + */ +void yypop_buffer_state (void) +{ + if (!YY_CURRENT_BUFFER) + return; + + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + if ((yy_buffer_stack_top) > 0) + --(yy_buffer_stack_top); + + if (YY_CURRENT_BUFFER) { + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; + } +} + +/* Allocates the stack if it does not exist. + * Guarantees space for at least one push. + */ +static void yyensure_buffer_stack (void) +{ + int num_to_alloc; + + if (!(yy_buffer_stack)) { + + /* First allocation is just for 2 elements, since we don't know if this + * scanner will even need a stack. We use 2 instead of 1 to avoid an + * immediate realloc on the next call. + */ + num_to_alloc = 1; + (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc + (num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); + + (yy_buffer_stack_max) = num_to_alloc; + (yy_buffer_stack_top) = 0; + return; + } + + if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ + + /* Increase the buffer to prepare for a possible push. */ + int grow_size = 8 /* arbitrary grow size */; + + num_to_alloc = (yy_buffer_stack_max) + grow_size; + (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc + ((yy_buffer_stack), + num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + /* zero only the new slots.*/ + memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); + (yy_buffer_stack_max) = num_to_alloc; + } +} + +/** Setup the input buffer state to scan directly from a user-specified character buffer. + * @param base the character buffer + * @param size the size in bytes of the character buffer + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) +{ + YY_BUFFER_STATE b; + + if ( size < 2 || + base[size-2] != YY_END_OF_BUFFER_CHAR || + base[size-1] != YY_END_OF_BUFFER_CHAR ) + /* They forgot to leave room for the EOB's. */ + return 0; + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); + + b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ + b->yy_buf_pos = b->yy_ch_buf = base; + b->yy_is_our_buffer = 0; + b->yy_input_file = 0; + b->yy_n_chars = b->yy_buf_size; + b->yy_is_interactive = 0; + b->yy_at_bol = 1; + b->yy_fill_buffer = 0; + b->yy_buffer_status = YY_BUFFER_NEW; + + yy_switch_to_buffer(b ); + + return b; +} + +/** Setup the input buffer state to scan a string. The next call to yylex() will + * scan from a @e copy of @a str. + * @param yy_str a NUL-terminated string to scan + * + * @return the newly allocated buffer state object. + * @note If you want to scan bytes that may contain NUL values, then use + * yy_scan_bytes() instead. + */ +YY_BUFFER_STATE yy_scan_string (yyconst char * yy_str ) +{ + + return yy_scan_bytes(yy_str,strlen(yy_str) ); +} + +/** Setup the input buffer state to scan the given bytes. The next call to yylex() will + * scan from a @e copy of @a bytes. + * @param bytes the byte buffer to scan + * @param len the number of bytes in the buffer pointed to by @a bytes. + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) +{ + YY_BUFFER_STATE b; + char *buf; + yy_size_t n; + int i; + + /* Get memory for full buffer, including space for trailing EOB's. */ + n = len + 2; + buf = (char *) yyalloc(n ); + if ( ! buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); + + for ( i = 0; i < len; ++i ) + buf[i] = bytes[i]; + + buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; + + b = yy_scan_buffer(buf,n ); + if ( ! b ) + YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); + + /* It's okay to grow etc. this buffer, and we should throw it + * away when we're done. + */ + b->yy_is_our_buffer = 1; + + return b; +} + +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif + +static void yy_fatal_error (yyconst char* msg ) +{ + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); +} + +/* Redefine yyless() so it works in section 3 code. */ + +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + yytext[yyleng] = (yy_hold_char); \ + (yy_c_buf_p) = yytext + yyless_macro_arg; \ + (yy_hold_char) = *(yy_c_buf_p); \ + *(yy_c_buf_p) = '\0'; \ + yyleng = yyless_macro_arg; \ + } \ + while ( 0 ) + +/* Accessor methods (get/set functions) to struct members. */ + +/** Get the current line number. + * + */ +int yyget_lineno (void) +{ + + return yylineno; +} + +/** Get the input stream. + * + */ +FILE *yyget_in (void) +{ + return yyin; +} + +/** Get the output stream. + * + */ +FILE *yyget_out (void) +{ + return yyout; +} + +/** Get the length of the current token. + * + */ +int yyget_leng (void) +{ + return yyleng; +} + +/** Get the current token. + * + */ + +char *yyget_text (void) +{ + return yytext; +} + +/** Set the current line number. + * @param line_number + * + */ +void yyset_lineno (int line_number ) +{ + + yylineno = line_number; +} + +/** Set the input stream. This does not discard the current + * input buffer. + * @param in_str A readable stream. + * + * @see yy_switch_to_buffer + */ +void yyset_in (FILE * in_str ) +{ + yyin = in_str ; +} + +void yyset_out (FILE * out_str ) +{ + yyout = out_str ; +} + +int yyget_debug (void) +{ + return yy_flex_debug; +} + +void yyset_debug (int bdebug ) +{ + yy_flex_debug = bdebug ; +} + +/* yylex_destroy is for both reentrant and non-reentrant scanners. */ +int yylex_destroy (void) +{ + + /* Pop the buffer stack, destroying each element. */ + while(YY_CURRENT_BUFFER){ + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + yypop_buffer_state(); + } + + /* Destroy the stack itself. */ + yyfree((yy_buffer_stack) ); + (yy_buffer_stack) = NULL; + + return 0; +} + +/* + * Internal utility routines. + */ + +#ifndef yytext_ptr +static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) +{ + register int i; + for ( i = 0; i < n; ++i ) + s1[i] = s2[i]; +} +#endif + +#ifdef YY_NEED_STRLEN +static int yy_flex_strlen (yyconst char * s ) +{ + register int n; + for ( n = 0; s[n]; ++n ) + ; + + return n; +} +#endif + +void *yyalloc (yy_size_t size ) +{ + return (void *) malloc( size ); +} + +void *yyrealloc (void * ptr, yy_size_t size ) +{ + /* The cast to (char *) in the following accommodates both + * implementations that use char* generic pointers, and those + * that use void* generic pointers. It works with the latter + * because both ANSI C and C++ allow castless assignment from + * any pointer type to void*, and deal with argument conversions + * as though doing an assignment. + */ + return (void *) realloc( (char *) ptr, size ); +} + +void yyfree (void * ptr ) +{ + free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ +} + +#define YYTABLES_NAME "yytables" + +#undef YY_NEW_FILE +#undef YY_FLUSH_BUFFER +#undef yy_set_bol +#undef yy_new_buffer +#undef yy_set_interactive +#undef yytext_ptr +#undef YY_DO_BEFORE_ACTION + +#ifdef YY_DECL_IS_OURS +#undef YY_DECL_IS_OURS +#undef YY_DECL +#endif +#line 75 "lex.l" + + + +#ifndef yywrap /* XXX */ +int +yywrap () +{ + return 1; +} +#endif + +static int +getstring(void) +{ + char x[128]; + int i = 0; + int c; + int quote = 0; + while(i < sizeof(x) - 1 && (c = input()) != EOF){ + if(quote) { + x[i++] = c; + quote = 0; + continue; + } + if(c == '\n'){ + error_message("unterminated string"); + lineno++; + break; + } + if(c == '\\'){ + quote++; + continue; + } + if(c == '\"') + break; + x[i++] = c; + } + x[i] = '\0'; + yylval.string = strdup(x); + if (yylval.string == NULL) + err(1, "malloc"); + return STRING; +} + +void +error_message (const char *format, ...) +{ + va_list args; + + va_start (args, format); + fprintf (stderr, "%s:%d:", filename, lineno); + vfprintf (stderr, format, args); + va_end (args); + numerror++; +} + -- cgit From 7970a755ea4b973c752f52232b99ecf09b35d558 Mon Sep 17 00:00:00 2001 From: James Peach Date: Fri, 21 Apr 2006 00:04:21 +0000 Subject: r15155: Add strsep replacement from heimdal 0.7.2 for systems that don't have strsep in libc. (This used to be commit 76dea9f68ca9be909c45979c9e5510133e4f2264) --- source4/heimdal/lib/roken/strsep.c | 61 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 source4/heimdal/lib/roken/strsep.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/roken/strsep.c b/source4/heimdal/lib/roken/strsep.c new file mode 100644 index 0000000000..e34c10fe26 --- /dev/null +++ b/source4/heimdal/lib/roken/strsep.c @@ -0,0 +1,61 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: strsep.c,v 1.4 2005/04/12 11:29:10 lha Exp $"); +#endif + +#include + +#include "roken.h" + +#ifndef HAVE_STRSEP + +char * ROKEN_LIB_FUNCTION +strsep(char **str, const char *delim) +{ + char *save = *str; + if(*str == NULL) + return NULL; + *str = *str + strcspn(*str, delim); + if(**str == 0) + *str = NULL; + else{ + **str = 0; + (*str)++; + } + return save; +} + +#endif -- cgit From c33f6b2c370379dfd010600adc59e7439f1318f7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 24 Apr 2006 09:36:24 +0000 Subject: r15192: Update Samba4 to use current lorikeet-heimdal. Andrew Bartlett (This used to be commit f0e538126c5cb29ca14ad0d8281eaa0a715ed94f) --- source4/heimdal/kdc/524.c | 30 +- source4/heimdal/kdc/kaserver.c | 10 +- source4/heimdal/kdc/kdc-private.h | 8 +- source4/heimdal/kdc/kerberos4.c | 10 +- source4/heimdal/kdc/kerberos5.c | 97 +- source4/heimdal/kdc/pkinit.c | 683 +++------ source4/heimdal/lib/asn1/CMS.asn1 | 4 +- source4/heimdal/lib/asn1/canthandle.asn1 | 8 +- source4/heimdal/lib/asn1/gen.c | 9 +- source4/heimdal/lib/asn1/hash.c | 17 +- source4/heimdal/lib/asn1/k5.asn1 | 3 +- source4/heimdal/lib/asn1/lex.c | 1328 ++++++++--------- source4/heimdal/lib/asn1/parse.c | 356 ++--- source4/heimdal/lib/asn1/parse.h | 13 +- source4/heimdal/lib/asn1/test.asn1 | 40 +- source4/heimdal/lib/com_err/lex.c | 1317 ++++++++--------- source4/heimdal/lib/des/des.c | 5 +- source4/heimdal/lib/des/dh.h | 4 +- source4/heimdal/lib/des/engine.h | 5 +- source4/heimdal/lib/des/evp.c | 150 ++ source4/heimdal/lib/des/evp.h | 15 +- source4/heimdal/lib/des/rand.h | 48 +- source4/heimdal/lib/des/rc2.c | 4 +- source4/heimdal/lib/des/rsa.h | 4 +- source4/heimdal/lib/des/sha.h | 25 +- source4/heimdal/lib/des/sha256.c | 233 +++ source4/heimdal/lib/gssapi/accept_sec_context.c | 1 - source4/heimdal/lib/gssapi/get_mic.c | 12 +- source4/heimdal/lib/gssapi/gssapi_locl.h | 10 +- source4/heimdal/lib/gssapi/init_sec_context.c | 2 +- source4/heimdal/lib/gssapi/sequence.c | 131 +- source4/heimdal/lib/gssapi/wrap.c | 16 +- source4/heimdal/lib/hdb/keys.c | 7 +- source4/heimdal/lib/hdb/keytab.c | 4 +- source4/heimdal/lib/krb5/acache.c | 64 +- source4/heimdal/lib/krb5/addr_families.c | 3 +- source4/heimdal/lib/krb5/build_auth.c | 11 +- source4/heimdal/lib/krb5/cache.c | 5 +- source4/heimdal/lib/krb5/config_file.c | 4 +- source4/heimdal/lib/krb5/crypto.c | 6 +- source4/heimdal/lib/krb5/data.c | 3 +- source4/heimdal/lib/krb5/fcache.c | 7 +- source4/heimdal/lib/krb5/get_for_creds.c | 7 +- source4/heimdal/lib/krb5/init_creds.c | 4 +- source4/heimdal/lib/krb5/init_creds_pw.c | 29 +- source4/heimdal/lib/krb5/keytab_any.c | 33 +- source4/heimdal/lib/krb5/keytab_file.c | 40 +- source4/heimdal/lib/krb5/keytab_keyfile.c | 3 +- source4/heimdal/lib/krb5/keytab_krb4.c | 13 +- source4/heimdal/lib/krb5/krb5-private.h | 14 +- source4/heimdal/lib/krb5/krb5-protos.h | 2 + source4/heimdal/lib/krb5/krb5_ccapi.h | 21 +- source4/heimdal/lib/krb5/krbhst.c | 7 +- source4/heimdal/lib/krb5/log.c | 8 +- source4/heimdal/lib/krb5/pkinit.c | 1732 +++++------------------ source4/heimdal/lib/krb5/principal.c | 22 +- source4/heimdal/lib/krb5/rd_cred.c | 7 +- source4/heimdal/lib/krb5/rd_priv.c | 8 +- source4/heimdal/lib/krb5/rd_req.c | 25 +- source4/heimdal/lib/krb5/replay.c | 10 +- source4/heimdal/lib/krb5/send_to_kdc.c | 5 +- source4/heimdal/lib/krb5/store.c | 23 +- source4/heimdal/lib/krb5/transited.c | 11 +- source4/heimdal/lib/krb5/v4_glue.c | 19 +- source4/heimdal/lib/roken/resolve.c | 213 +-- source4/heimdal/lib/roken/roken_gethostby.c | 4 +- 66 files changed, 2995 insertions(+), 3977 deletions(-) create mode 100644 source4/heimdal/lib/des/sha256.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/524.c b/source4/heimdal/kdc/524.c index 1642975616..9fcf40a4c2 100644 --- a/source4/heimdal/kdc/524.c +++ b/source4/heimdal/kdc/524.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: 524.c,v 1.35 2005/12/13 19:42:37 lha Exp $"); +RCSID("$Id: 524.c,v 1.36 2006/04/07 22:12:28 lha Exp $"); #include @@ -374,19 +374,21 @@ _kdc_do_524(krb5_context context, /* make reply */ memset(buf, 0, sizeof(buf)); sp = krb5_storage_from_mem(buf, sizeof(buf)); - krb5_store_int32(sp, ret); - if(ret == 0){ - krb5_store_int32(sp, kvno); - krb5_store_data(sp, ticket.cipher); - /* Aargh! This is coded as a KTEXT_ST. */ - krb5_storage_seek(sp, MAX_KTXT_LEN - ticket.cipher.length, SEEK_CUR); - krb5_store_int32(sp, 0); /* mbz */ - free_EncryptedData(&ticket); - } - ret = krb5_storage_to_data(sp, reply); - reply->length = krb5_storage_seek(sp, 0, SEEK_CUR); - krb5_storage_free(sp); - + if (sp) { + krb5_store_int32(sp, ret); + if(ret == 0){ + krb5_store_int32(sp, kvno); + krb5_store_data(sp, ticket.cipher); + /* Aargh! This is coded as a KTEXT_ST. */ + krb5_storage_seek(sp, MAX_KTXT_LEN - ticket.cipher.length, SEEK_CUR); + krb5_store_int32(sp, 0); /* mbz */ + free_EncryptedData(&ticket); + } + ret = krb5_storage_to_data(sp, reply); + reply->length = krb5_storage_seek(sp, 0, SEEK_CUR); + krb5_storage_free(sp); + } else + krb5_data_zero(reply); if(spn) free(spn); if(server) diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c index 069af21660..05fedeca29 100644 --- a/source4/heimdal/kdc/kaserver.c +++ b/source4/heimdal/kdc/kaserver.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kaserver.c,v 1.31 2005/12/13 19:44:27 lha Exp $"); +RCSID("$Id: kaserver.c,v 1.32 2006/04/02 01:54:37 lha Exp $"); #include #include @@ -453,8 +453,8 @@ do_authenticate (krb5_context context, } ret = _kdc_check_flags (context, config, - &client_entry->entry, client_name, - &server_entry->entry, server_name, + client_entry, client_name, + server_entry, server_name, TRUE); if (ret) { make_error_reply (hdr, KAPWEXPIRED, reply); @@ -752,8 +752,8 @@ do_getticket (krb5_context context, } ret = _kdc_check_flags (context, config, - &client_entry->entry, client_name, - &server_entry->entry, server_name, + client_entry, client_name, + server_entry, server_name, FALSE); if (ret) { make_error_reply (hdr, KAPWEXPIRED, reply); diff --git a/source4/heimdal/kdc/kdc-private.h b/source4/heimdal/kdc/kdc-private.h index 729778a69e..c718b1fd52 100644 --- a/source4/heimdal/kdc/kdc-private.h +++ b/source4/heimdal/kdc/kdc-private.h @@ -18,9 +18,9 @@ krb5_error_code _kdc_check_flags ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, - hdb_entry */*client*/, + hdb_entry_ex */*client_ex*/, const char */*client_name*/, - hdb_entry */*server*/, + hdb_entry_ex */*server_ex*/, const char */*server_name*/, krb5_boolean /*is_as_req*/); @@ -118,7 +118,9 @@ _kdc_pk_initialize ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, const char */*user_id*/, - const char */*x509_anchors*/); + const char */*anchors*/, + char **/*pool*/, + char **/*revoke*/); krb5_error_code _kdc_pk_mk_pa_reply ( diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c index 72ea41d9e6..030405adc2 100644 --- a/source4/heimdal/kdc/kerberos4.c +++ b/source4/heimdal/kdc/kerberos4.c @@ -35,7 +35,7 @@ #include -RCSID("$Id: kerberos4.c,v 1.56 2005/12/13 19:44:01 lha Exp $"); +RCSID("$Id: kerberos4.c,v 1.57 2006/04/02 01:54:37 lha Exp $"); #ifndef swap32 static u_int32_t @@ -201,8 +201,8 @@ _kdc_do_version4(krb5_context context, } ret = _kdc_check_flags (context, config, - &client->entry, client_name, - &server->entry, server_name, + client, client_name, + server, server_name, TRUE); if (ret) { /* good error code? */ @@ -489,8 +489,8 @@ _kdc_do_version4(krb5_context context, } ret = _kdc_check_flags (context, config, - &client->entry, client_name, - &server->entry, server_name, + client, client_name, + server, server_name, FALSE); if (ret) { /* good error code? */ diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 3f9dcd12f8..68720d692e 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c,v 1.201 2005/12/14 12:17:58 lha Exp $"); +RCSID("$Id: kerberos5.c,v 1.206 2006/04/02 01:54:37 lha Exp $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -209,6 +209,50 @@ log_timestamp(krb5_context context, type, authtime_str, starttime_str, endtime_str, renewtime_str); } +static void +log_patypes(krb5_context context, + krb5_kdc_configuration *config, + METHOD_DATA *padata) +{ + struct rk_strpool *p = NULL; + char *str; + int i; + + for (i = 0; i < padata->len; i++) { + switch(padata->val[i].padata_type) { + case KRB5_PADATA_PK_AS_REQ: + p = rk_strpoolprintf(p, "PK-INIT(ietf)"); + break; + case KRB5_PADATA_PK_AS_REQ_WIN: + p = rk_strpoolprintf(p, "PK-INIT(win2k)"); + break; + case KRB5_PADATA_PA_PK_OCSP_RESPONSE: + p = rk_strpoolprintf(p, "OCSP"); + break; + case KRB5_PADATA_ENC_TIMESTAMP: + p = rk_strpoolprintf(p, "encrypted-timestamp"); + break; + default: + p = rk_strpoolprintf(p, "%d", padata->val[i].padata_type); + break; + } + if (p && i + 1 < padata->len) + p = rk_strpoolprintf(p, ", "); + if (p == NULL) { + kdc_log(context, config, 0, "out of memory"); + return; + } + } + str = rk_strpoolcollect(p); + kdc_log(context, config, 0, "Client sent patypes: %s", str); + free(str); +} + +/* + * + */ + + static krb5_error_code encode_reply(krb5_context context, krb5_kdc_configuration *config, @@ -642,11 +686,13 @@ get_pa_etype_info2(krb5_context context, krb5_error_code _kdc_check_flags(krb5_context context, krb5_kdc_configuration *config, - hdb_entry *client, const char *client_name, - hdb_entry *server, const char *server_name, + hdb_entry_ex *client_ex, const char *client_name, + hdb_entry_ex *server_ex, const char *server_name, krb5_boolean is_as_req) { - if(client != NULL) { + if(client_ex != NULL) { + hdb_entry *client = &client_ex->entry; + /* check client */ if (client->flags.invalid) { kdc_log(context, config, 0, @@ -680,8 +726,8 @@ _kdc_check_flags(krb5_context context, return KRB5KDC_ERR_NAME_EXP; } - if (client->pw_end && *client->pw_end < kdc_time - && !server->flags.change_pw) { + if (client->pw_end && *client->pw_end < kdc_time + && (server_ex == NULL || !server_ex->entry.flags.change_pw)) { char pwend_str[100]; krb5_format_time(context, *client->pw_end, pwend_str, sizeof(pwend_str), TRUE); @@ -694,7 +740,9 @@ _kdc_check_flags(krb5_context context, /* check server */ - if (server != NULL) { + if (server_ex != NULL) { + hdb_entry *server = &server_ex->entry; + if (server->flags.invalid) { kdc_log(context, config, 0, "Server has invalid flag set -- %s", server_name); @@ -762,27 +810,28 @@ check_addresses(krb5_context context, krb5_boolean result; krb5_boolean only_netbios = TRUE; int i; - + if(config->check_ticket_addresses == 0) return TRUE; - if(addresses == NULL) + if(addresses == NULL) return config->allow_null_ticket_addresses; - + for (i = 0; i < addresses->len; ++i) { - if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) { - only_netbios = FALSE; - } + if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) { + only_netbios = FALSE; + } } /* Windows sends it's netbios name, which I can only assume is - * used for the 'allowed workstations' check. This is painful, but - * we still want to check IP addresses if they happen to be - * present. */ + * used for the 'allowed workstations' check. This is painful, + * but we still want to check IP addresses if they happen to be + * present. + */ if(only_netbios) return config->allow_null_ticket_addresses; - + ret = krb5_sockaddr2address (context, from, &addr); if(ret) return FALSE; @@ -867,8 +916,8 @@ _kdc_as_rep(krb5_context context, } ret = _kdc_check_flags(context, config, - &client->entry, client_name, - &server->entry, server_name, + client, client_name, + server, server_name, TRUE); if(ret) goto out; @@ -884,10 +933,12 @@ _kdc_as_rep(krb5_context context, memset(&ek, 0, sizeof(ek)); if(req->padata){ - int i = 0; + int i; PA_DATA *pa; int found_pa = 0; + log_patypes(context, config, req->padata); + #ifdef PKINIT kdc_log(context, config, 5, "Looking for PKINIT pa-data -- %s", client_name); @@ -1171,7 +1222,7 @@ _kdc_as_rep(krb5_context context, if (p && i + 1 < b->etype.len) p = rk_strpoolprintf(p, ", "); if (p == NULL) { - kdc_log(context, config, 0, "out of meory"); + kdc_log(context, config, 0, "out of memory"); goto out; } } @@ -2410,8 +2461,8 @@ tgs_rep2(krb5_context context, } ret = _kdc_check_flags(context, config, - &client->entry, cpn, - &server->entry, spn, + client, cpn, + server, spn, FALSE); if(ret) goto out; diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index 67934c0745..3f064f9d50 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c,v 1.50 2006/02/13 11:48:21 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.59 2006/04/22 12:10:16 lha Exp $"); #ifdef PKINIT @@ -42,25 +42,17 @@ RCSID("$Id: pkinit.c,v 1.50 2006/02/13 11:48:21 lha Exp $"); #include #include -#include -#include -#include -#include -#include -#include +#include +#include "crypto-headers.h" /* XXX copied from lib/krb5/pkinit.c */ struct krb5_pk_identity { - EVP_PKEY *private_key; - STACK_OF(X509) *cert; - STACK_OF(X509) *trusted_certs; - STACK_OF(X509_CRL) *crls; - ENGINE *engine; -}; - -/* XXX copied from lib/krb5/pkinit.c */ -struct krb5_pk_cert { - X509 *cert; + hx509_context hx509ctx; + hx509_verify_ctx verify_ctx; + hx509_certs certs; + hx509_certs anchors; + hx509_certs certpool; + hx509_revoke_ctx revoke; }; enum pkinit_type { @@ -71,7 +63,7 @@ enum pkinit_type { struct pk_client_params { enum pkinit_type type; BIGNUM *dh_public_key; - struct krb5_pk_cert *certificate; + hx509_cert cert; unsigned nonce; DH *dh; EncryptionKey reply_key; @@ -86,29 +78,6 @@ struct pk_principal_mapping { } *val; }; -/* XXX copied from lib/krb5/pkinit.c */ -#define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \ -{ \ - unsigned char *p; \ - (BL) = i2d_##T((S), NULL); \ - if ((BL) <= 0) { \ - (R) = EINVAL; \ - } else { \ - (B) = malloc((BL)); \ - if ((B) == NULL) { \ - (R) = ENOMEM; \ - } else { \ - p = (B); \ - (R) = 0; \ - (BL) = i2d_##T((S), &p); \ - if ((BL) <= 0) { \ - free((B)); \ - (R) = ASN1_OVERRUN; \ - } \ - } \ - } \ -} - static struct krb5_pk_identity *kdc_identity; static struct pk_principal_mapping principal_mappings; static struct krb5_dh_moduli **moduli; @@ -185,59 +154,19 @@ pk_check_pkauthenticator(krb5_context context, krb5_clear_error_string(context); ret = KRB5KRB_ERR_GENERIC; } + out: free_Checksum(&checksum); return ret; } -static krb5_error_code -pk_encrypt_key(krb5_context context, - krb5_keyblock *key, - EVP_PKEY *public_key, - krb5_data *encrypted_key, - const heim_oid **oid) -{ - krb5_error_code ret; - - encrypted_key->length = EVP_PKEY_size(public_key); - - if (encrypted_key->length < key->keyvalue.length + 11) { /* XXX */ - krb5_set_error_string(context, "pkinit: encrypted key too long"); - return KRB5KRB_ERR_GENERIC; - } - - encrypted_key->data = malloc(encrypted_key->length); - if (encrypted_key->data == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - ret = EVP_PKEY_encrypt(encrypted_key->data, - key->keyvalue.data, - key->keyvalue.length, - public_key); - if (ret < 0) { - free(encrypted_key->data); - krb5_set_error_string(context, "Can't encrypt key: %s", - ERR_error_string(ERR_get_error(), NULL)); - return KRB5KRB_ERR_GENERIC; - } - if (encrypted_key->length != ret) - krb5_abortx(context, "size of EVP_PKEY_size is not the " - "size of the output"); - - *oid = oid_id_pkcs1_rsaEncryption(); - - return 0; -} - void _kdc_pk_free_client_param(krb5_context context, pk_client_params *client_params) { - if (client_params->certificate) - _krb5_pk_cert_free(client_params->certificate); + if (client_params->cert) + hx509_cert_free(client_params->cert); if (client_params->dh) DH_free(client_params->dh); if (client_params->dh_public_key) @@ -261,9 +190,7 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params, memset(&key, 0, sizeof(key)); if (!DH_generate_key(client_params->dh)) { - krb5_set_error_string(context, "Can't generate Diffie-Hellman " - "keys (%s)", - ERR_error_string(ERR_get_error(), NULL)); + krb5_set_error_string(context, "Can't generate Diffie-Hellman keys"); ret = KRB5KRB_ERR_GENERIC; goto out; } @@ -290,8 +217,7 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params, client_params->dh_public_key, client_params->dh); if (dh_gen_keylen == -1) { - krb5_set_error_string(context, "Can't compute Diffie-Hellman key (%s)", - ERR_error_string(ERR_get_error(), NULL)); + krb5_set_error_string(context, "Can't compute Diffie-Hellman key"); ret = KRB5KRB_ERR_GENERIC; goto out; } @@ -321,7 +247,7 @@ integer_to_BN(krb5_context context, const char *field, heim_integer *f) krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field); return NULL; } - bn->neg = f->negative; + BN_set_negative(bn, f->negative); return bn; } @@ -376,8 +302,7 @@ get_dh_param(krb5_context context, dh = DH_new(); if (dh == NULL) { - krb5_set_error_string(context, "Cannot create DH structure (%s)", - ERR_error_string(ERR_get_error(), NULL)); + krb5_set_error_string(context, "Cannot create DH structure"); ret = ENOMEM; goto out; } @@ -413,9 +338,10 @@ get_dh_param(krb5_context context, goto out; } - if (DH_check(dh, &dhret) != 1) { - krb5_set_error_string(context, "PKINIT DH data not ok: %s", - ERR_error_string(ERR_get_error(), NULL)); + + if (DH_check_pubkey(dh, client_params->dh_public_key, &dhret) != 1 || + dhret != 0) { + krb5_set_error_string(context, "PKINIT DH data not ok"); ret = KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; goto out; } @@ -498,11 +424,12 @@ _kdc_pk_rd_padata(krb5_context context, { pk_client_params *client_params; krb5_error_code ret; - heim_oid eContentType = { 0, NULL }; + heim_oid eContentType = { 0, NULL }, contentInfoOid = { 0, NULL }; krb5_data eContent = { 0, NULL }; krb5_data signed_content = { 0, NULL }; const char *type = "unknown type"; const heim_oid *pa_contentType; + int have_data; *ret_params = NULL; @@ -520,7 +447,7 @@ _kdc_pk_rd_padata(krb5_context context, if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) { PA_PK_AS_REQ_Win2k r; - ContentInfo info; + int have_data; type = "PK-INIT-Win2k"; pa_contentType = oid_id_pkcs7_data(); @@ -535,47 +462,20 @@ _kdc_pk_rd_padata(krb5_context context, goto out; } - ret = decode_ContentInfo(r.signed_auth_pack.data, - r.signed_auth_pack.length, &info, NULL); + ret = hx509_cms_unwrap_ContentInfo(&r.signed_auth_pack, + &contentInfoOid, + &signed_content, + &have_data); free_PA_PK_AS_REQ_Win2k(&r); if (ret) { krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret); goto out; } - if (heim_oid_cmp(&info.contentType, oid_id_pkcs7_signedData())) { - krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content " - "type oid"); - free_ContentInfo(&info); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } - - if (info.content == NULL) { - krb5_set_error_string(context, - "PK-AS-REQ-Win2k no signed auth pack"); - free_ContentInfo(&info); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } - - signed_content.data = malloc(info.content->length); - if (signed_content.data == NULL) { - ret = ENOMEM; - free_ContentInfo(&info); - krb5_set_error_string(context, "PK-AS-REQ-Win2k out of memory"); - goto out; - } - signed_content.length = info.content->length; - memcpy(signed_content.data, info.content->data, signed_content.length); - - free_ContentInfo(&info); - } else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) { PA_PK_AS_REQ r; - ContentInfo info; - type = "PK-INIT-27"; + type = "PK-INIT-IETF"; pa_contentType = oid_id_pkauthdata(); ret = decode_PA_PK_AS_REQ(pa->padata_value.data, @@ -587,43 +487,17 @@ _kdc_pk_rd_padata(krb5_context context, goto out; } - ret = decode_ContentInfo(r.signedAuthPack.data, - r.signedAuthPack.length, &info, NULL); - if (ret) { - krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret); - goto out; - } - - if (heim_oid_cmp(&info.contentType, oid_id_pkcs7_signedData())) { - krb5_set_error_string(context, "PK-AS-REQ invalid content " - "type oid"); - free_ContentInfo(&info); - free_PA_PK_AS_REQ(&r); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } - - if (info.content == NULL) { - krb5_set_error_string(context, "PK-AS-REQ no signed auth pack"); - free_PA_PK_AS_REQ(&r); - free_ContentInfo(&info); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } + /* XXX look at r.trustedCertifiers and r.kdcPkId */ - signed_content.data = malloc(info.content->length); - if (signed_content.data == NULL) { - ret = ENOMEM; - free_ContentInfo(&info); - free_PA_PK_AS_REQ(&r); - krb5_set_error_string(context, "PK-AS-REQ out of memory"); + ret = hx509_cms_unwrap_ContentInfo(&r.signedAuthPack, + &contentInfoOid, + &signed_content, + &have_data); + free_PA_PK_AS_REQ(&r); + if (ret) { + krb5_set_error_string(context, "Can't unwrap ContentInfo: %d", ret); goto out; } - signed_content.length = info.content->length; - memcpy(signed_content.data, info.content->data, signed_content.length); - - free_ContentInfo(&info); - free_PA_PK_AS_REQ(&r); } else { krb5_clear_error_string(context); @@ -631,24 +505,51 @@ _kdc_pk_rd_padata(krb5_context context, goto out; } - ret = _krb5_pk_verify_sign(context, - signed_content.data, - signed_content.length, - kdc_identity, - &eContentType, - &eContent, - &client_params->certificate); - if (ret) + ret = heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData()); + if (ret != 0) { + krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content " + "type oid"); + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + + if (!have_data) { + krb5_set_error_string(context, + "PK-AS-REQ-Win2k no signed auth pack"); + ret = KRB5KRB_ERR_GENERIC; goto out; + } + + { + hx509_certs signer_certs; + + ret = hx509_cms_verify_signed(kdc_identity->hx509ctx, + kdc_identity->verify_ctx, + signed_content.data, + signed_content.length, + kdc_identity->certpool, + &eContentType, + &eContent, + &signer_certs); + if (ret) { + kdc_log(context, config, 0, + "PK-INIT failed to verify signature %d", ret); + goto out; + } + + ret = hx509_get_one_cert(kdc_identity->hx509ctx, signer_certs, + &client_params->cert); + hx509_certs_free(&signer_certs); + if (ret) + goto out; + } -#if 0 /* Signature is correct, now verify the signed message */ if (heim_oid_cmp(&eContentType, pa_contentType)) { krb5_set_error_string(context, "got wrong oid for pkauthdata"); ret = KRB5_BADMSGTYPE; goto out; } -#endif if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) { AuthPack_Win2k ap; @@ -716,19 +617,15 @@ _kdc_pk_rd_padata(krb5_context context, } else krb5_abortx(context, "internal pkinit error"); - /* - * Remaining fields (ie kdcCert and encryptionCert) in the request - * are ignored for now. - */ - kdc_log(context, config, 0, "PK-INIT request of type %s", type); - out: +out: if (signed_content.data) free(signed_content.data); krb5_data_free(&eContent); free_oid(&eContentType); + free_oid(&contentInfoOid); if (ret) _kdc_pk_free_client_param(context, client_params); else @@ -750,7 +647,7 @@ BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) return ENOMEM; } BN_bn2bin(bn, integer->data); - integer->negative = bn->neg; + integer->negative = BN_is_negative(bn); return 0; } @@ -762,78 +659,11 @@ pk_mk_pa_reply_enckey(krb5_context context, krb5_keyblock *reply_key, ContentInfo *content_info) { - KeyTransRecipientInfo *ri; - EnvelopedData ed; krb5_error_code ret; - krb5_crypto crypto = NULL; - krb5_data buf, sd_data, enc_sd_data, iv, params; - krb5_keyblock tmp_key; - krb5_enctype enveloped_enctype; - X509_NAME *issuer_name; - heim_integer *serial; + krb5_data buf, o; size_t size; - AlgorithmIdentifier *enc_alg; - int i; - - krb5_data_zero(&enc_sd_data); - krb5_data_zero(&sd_data); - krb5_data_zero(&iv); - - memset(&tmp_key, 0, sizeof(tmp_key)); - memset(&ed, 0, sizeof(ed)); - - /* default to DES3 if client doesn't tell us */ - enveloped_enctype = ETYPE_DES3_CBC_NONE_CMS; - - for (i = 0; i < req->req_body.etype.len; i++) { - switch(req->req_body.etype.val[i]) { - case 15: /* des-ede3-cbc-Env-OID */ - enveloped_enctype = ETYPE_DES3_CBC_NONE_CMS; - break; - default: - break; - } - } - - ret = krb5_generate_random_keyblock(context, enveloped_enctype, &tmp_key); - if (ret) - goto out; - ret = krb5_crypto_init(context, &tmp_key, 0, &crypto); - if (ret) - goto out; - - - ret = krb5_crypto_getblocksize(context, crypto, &iv.length); - if (ret) - goto out; - - ret = krb5_data_alloc(&iv, iv.length); - if (ret) { - krb5_set_error_string(context, "malloc out of memory"); - goto out; - } - - krb5_generate_random_block(iv.data, iv.length); - - enc_alg = &ed.encryptedContentInfo.contentEncryptionAlgorithm; - - ret = krb5_enctype_to_oid(context, enveloped_enctype, &enc_alg->algorithm); - if (ret) - goto out; - - ret = krb5_crypto_set_params(context, crypto, &iv, ¶ms); - if (ret) - goto out; - - ALLOC(enc_alg->parameters); - if (enc_alg->parameters == NULL) { - krb5_data_free(¶ms); - krb5_set_error_string(context, "malloc out of memory"); - return ENOMEM; - } - enc_alg->parameters->data = params.data; - enc_alg->parameters->length = params.length; + krb5_data_zero(&buf); switch (client_params->type) { case PKINIT_COMPAT_WIN2K: { @@ -897,139 +727,21 @@ pk_mk_pa_reply_enckey(krb5_context context, if (buf.length != size) krb5_abortx(context, "Internal ASN.1 encoder error"); - /* - * CRL's are not transfered -- should be ? - */ - - ret = _krb5_pk_create_sign(context, - oid_id_pkrkeydata(), - &buf, - kdc_identity, - &sd_data); - krb5_data_free(&buf); - if (ret) - goto out; - - ret = krb5_encrypt_ivec(context, crypto, 0, - sd_data.data, sd_data.length, - &enc_sd_data, - iv.data); - - ALLOC_SEQ(&ed.recipientInfos, 1); - if (ed.recipientInfos.val == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - - ri = &ed.recipientInfos.val[0]; - - ri->version = 0; - ri->rid.element = choice_CMSIdentifier_issuerAndSerialNumber; - - issuer_name = X509_get_issuer_name(client_params->certificate->cert); - OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, buf.data, buf.length, - issuer_name, ret); - if (ret) { - krb5_clear_error_string(context); - goto out; - } - ret = decode_Name(buf.data, buf.length, - &ri->rid.u.issuerAndSerialNumber.issuer, - NULL); - free(buf.data); - if (ret) { - krb5_set_error_string(context, "pkinit: failed to parse Name"); - goto out; - } - - serial = &ri->rid.u.issuerAndSerialNumber.serialNumber; - { - ASN1_INTEGER *isn; - BIGNUM *bn; - - isn = X509_get_serialNumber(client_params->certificate->cert); - bn = ASN1_INTEGER_to_BN(isn, NULL); - if (bn == NULL) { - ret = ENOMEM; - krb5_clear_error_string(context); - goto out; - } - ret = BN_to_integer(context, bn, serial); - BN_free(bn); - if (ret) { - krb5_clear_error_string(context); - goto out; - } - } - - { - const heim_oid *pk_enc_key_oid; - krb5_data enc_tmp_key; - - ret = pk_encrypt_key(context, &tmp_key, - X509_get_pubkey(client_params->certificate->cert), - &enc_tmp_key, - &pk_enc_key_oid); - if (ret) - goto out; - - ri->encryptedKey.length = enc_tmp_key.length; - ri->encryptedKey.data = enc_tmp_key.data; - - ret = copy_oid(pk_enc_key_oid, &ri->keyEncryptionAlgorithm.algorithm); - if (ret) - goto out; - } - - /* - * - */ - - ed.version = 0; - ed.originatorInfo = NULL; - - ret = copy_oid(oid_id_pkcs7_signedData(), &ed.encryptedContentInfo.contentType); - if (ret) { - krb5_clear_error_string(context); - goto out; - } - - ALLOC(ed.encryptedContentInfo.encryptedContent); - if (ed.encryptedContentInfo.encryptedContent == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - - ed.encryptedContentInfo.encryptedContent->data = enc_sd_data.data; - ed.encryptedContentInfo.encryptedContent->length = enc_sd_data.length; - krb5_data_zero(&enc_sd_data); - - ed.unprotectedAttrs = NULL; - - ASN1_MALLOC_ENCODE(EnvelopedData, buf.data, buf.length, &ed, &size, ret); - if (ret) { - krb5_set_error_string(context, - "ASN.1 encoding of EnvelopedData failed (%d)", - ret); + ret = hx509_cms_envelope_1(kdc_identity->hx509ctx, + client_params->cert, + buf.data, buf.length, NULL, + oid_id_pkcs7_signedData(), &o); + if (ret) goto out; - } - + ret = _krb5_pk_mk_ContentInfo(context, - &buf, + &o, oid_id_pkcs7_envelopedData(), content_info); - krb5_data_free(&buf); + free_octet_string(&o); out: - if (crypto) - krb5_crypto_destroy(context, crypto); - krb5_free_keyblock_contents(context, &tmp_key); - krb5_data_free(&enc_sd_data); - krb5_data_free(&iv); - free_EnvelopedData(&ed); - + krb5_data_free(&buf); return ret; } @@ -1044,37 +756,32 @@ pk_mk_pa_reply_dh(krb5_context context, krb5_keyblock *reply_key, ContentInfo *content_info) { - ASN1_INTEGER *dh_pub_key = NULL; - ContentInfo contentinfo; KDCDHKeyInfo dh_info; + krb5_data signed_data, buf; + ContentInfo contentinfo; krb5_error_code ret; - SignedData sd; - krb5_data buf, signed_data; size_t size; + heim_integer i; memset(&contentinfo, 0, sizeof(contentinfo)); memset(&dh_info, 0, sizeof(dh_info)); - memset(&sd, 0, sizeof(sd)); krb5_data_zero(&buf); krb5_data_zero(&signed_data); - dh_pub_key = BN_to_ASN1_INTEGER(kdc_dh->pub_key, NULL); - if (dh_pub_key == NULL) { - krb5_set_error_string(context, "BN_to_ASN1_INTEGER() failed (%s)", - ERR_error_string(ERR_get_error(), NULL)); - ret = ENOMEM; - goto out; - } + ret = BN_to_integer(context, kdc_dh->pub_key, &i); + if (ret) + return ret; - OPENSSL_ASN1_MALLOC_ENCODE(ASN1_INTEGER, buf.data, buf.length, dh_pub_key, - ret); - ASN1_INTEGER_free(dh_pub_key); + ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret); if (ret) { - krb5_set_error_string(context, "Encoding of ASN1_INTEGER failed (%s)", - ERR_error_string(ERR_get_error(), NULL)); - goto out; + krb5_set_error_string(context, "ASN.1 encoding of " + "DHPublicKey failed (%d)", ret); + krb5_clear_error_string(context); + return ret; } - + if (buf.length != size) + krb5_abortx(context, "Internal ASN.1 encoder error"); + dh_info.subjectPublicKey.length = buf.length * 8; dh_info.subjectPublicKey.data = buf.data; @@ -1095,12 +802,36 @@ pk_mk_pa_reply_dh(krb5_context context, * filled in above */ - ret = _krb5_pk_create_sign(context, - oid_id_pkdhkeydata(), - &buf, - kdc_identity, - &signed_data); - krb5_data_free(&buf); + { + hx509_cert cert; + hx509_query *q; + + ret = hx509_query_alloc(kdc_identity->hx509ctx, &q); + if (ret) + goto out; + + hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); + hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); + + ret = hx509_certs_find(kdc_identity->hx509ctx, + kdc_identity->certs, + q, + &cert); + hx509_query_free(kdc_identity->hx509ctx, q); + if (ret) + goto out; + + ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx, + oid_id_pkdhkeydata(), + buf.data, + buf.length, + NULL, + cert, + kdc_identity->anchors, + kdc_identity->certpool, + &signed_data); + hx509_cert_free(cert); + } if (ret) goto out; @@ -1112,6 +843,7 @@ pk_mk_pa_reply_dh(krb5_context context, goto out; out: + krb5_data_free(&buf); krb5_data_free(&signed_data); free_KDCDHKeyInfo(&dh_info); @@ -1322,62 +1054,59 @@ _kdc_pk_mk_pa_reply(krb5_context context, static int pk_principal_from_X509(krb5_context context, krb5_kdc_configuration *config, - struct krb5_pk_cert *client_cert, - krb5_principal *principal) + hx509_cert client_cert, + krb5_const_principal match) { - krb5_error_code ret; - GENERAL_NAMES *gens; - GENERAL_NAME *gen; - ASN1_OBJECT *obj; - int i; + hx509_octet_string_list list; + int ret, i, found = 0; - *principal = NULL; + memset(&list, 0 , sizeof(list)); - obj = OBJ_txt2obj("1.3.6.1.5.2.2",1); - - gens = X509_get_ext_d2i(client_cert->cert, NID_subject_alt_name, - NULL, NULL); - if (gens == NULL) - return 1; + ret = hx509_cert_find_subjectAltName_otherName(client_cert, + oid_id_pkinit_san(), + &list); + if (ret) + goto out; - for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { + for (i = 0; !found && i < list.len; i++) { + krb5_principal_data principal; KRB5PrincipalName kn; - size_t len, size; - void *p; - - gen = sk_GENERAL_NAME_value(gens, i); - if (gen->type != GEN_OTHERNAME) - continue; - - if(OBJ_cmp(obj, gen->d.otherName->type_id) != 0) - continue; - - p = ASN1_STRING_data(gen->d.otherName->value->value.sequence); - len = ASN1_STRING_length(gen->d.otherName->value->value.sequence); + size_t size; - ret = decode_KRB5PrincipalName(p, len, &kn, &size); + ret = decode_KRB5PrincipalName(list.val[i].data, + list.val[i].length, + &kn, &size); if (ret) { kdc_log(context, config, 0, "Decoding kerberos name in certificate failed: %s", krb5_get_err_text(context, ret)); - continue; + break; } - - *principal = malloc(sizeof(**principal)); - if (*principal == NULL) { - free_KRB5PrincipalName(&kn); - return 1; + if (size != list.val[i].length) { + kdc_log(context, config, 0, + "Decoding kerberos name have extra bits on the end"); + return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; } - (*principal)->name = kn.principalName; - (*principal)->realm = kn.realm; - return 0; + principal.name = kn.principalName; + principal.realm = kn.realm; + + if (krb5_principal_compare(context, &principal, match) == TRUE) + found = 1; + free_KRB5PrincipalName(&kn); } - return 1; -} +out: + hx509_free_octet_string_list(&list); + if (ret) + return ret; + + if (!found) + return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; + + return 0; +} -/* XXX match with issuer too ? */ krb5_error_code _kdc_pk_check_client(krb5_context context, @@ -1387,45 +1116,34 @@ _kdc_pk_check_client(krb5_context context, pk_client_params *client_params, char **subject_name) { - struct krb5_pk_cert *client_cert = client_params->certificate; - krb5_principal cert_princ; - X509_NAME *name; - char *subject = NULL; krb5_error_code ret; - krb5_boolean b; + hx509_name name; int i; - *subject_name = NULL; - - name = X509_get_subject_name(client_cert->cert); - if (name == NULL) { - krb5_set_error_string(context, "PKINIT can't get subject name"); - return ENOMEM; - } - subject = X509_NAME_oneline(name, NULL, 0); - if (subject == NULL) { - krb5_set_error_string(context, "PKINIT can't get subject name"); - return ENOMEM; - } - *subject_name = strdup(subject); - if (*subject_name == NULL) { - krb5_set_error_string(context, "out of memory"); - return ENOMEM; - } - OPENSSL_free(subject); - if (config->enable_pkinit_princ_in_cert) { ret = pk_principal_from_X509(context, config, - client_cert, &cert_princ); - if (ret == 0) { - b = krb5_principal_compare(context, client_princ, cert_princ); - krb5_free_principal(context, cert_princ); - if (b == TRUE) - return 0; - } + client_params->cert, + client_princ); + if (ret == 0) + return 0; } + ret = hx509_cert_get_subject(client_params->cert, &name); + if (ret) + return ret; + + ret = hx509_name_to_string(name, subject_name); + hx509_name_free(&name); + if (ret) + return ret; + + kdc_log(context, config, 5, + "Trying to authorize subject DN %s", + *subject_name); + for (i = 0; i < principal_mappings.len; i++) { + krb5_boolean b; + b = krb5_principal_compare(context, client_princ, principal_mappings.val[i].principal); @@ -1436,6 +1154,7 @@ _kdc_pk_check_client(krb5_context context, return 0; } free(*subject_name); + *subject_name = NULL; krb5_set_error_string(context, "PKINIT no matching principals"); return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; @@ -1477,7 +1196,9 @@ krb5_error_code _kdc_pk_initialize(krb5_context context, krb5_kdc_configuration *config, const char *user_id, - const char *x509_anchors) + const char *anchors, + char **pool, + char **revoke) { const char *file; krb5_error_code ret; @@ -1495,13 +1216,15 @@ _kdc_pk_initialize(krb5_context context, principal_mappings.len = 0; principal_mappings.val = NULL; - ret = _krb5_pk_load_openssl_id(context, - &kdc_identity, - user_id, - x509_anchors, - NULL, - NULL, - NULL); + ret = _krb5_pk_load_id(context, + &kdc_identity, + user_id, + anchors, + pool, + revoke, + NULL, + NULL, + NULL); if (ret) { krb5_warn(context, ret, "PKINIT: failed to load"); config->enable_pkinit = 0; diff --git a/source4/heimdal/lib/asn1/CMS.asn1 b/source4/heimdal/lib/asn1/CMS.asn1 index 5c8b71da1a..78873761b6 100644 --- a/source4/heimdal/lib/asn1/CMS.asn1 +++ b/source4/heimdal/lib/asn1/CMS.asn1 @@ -1,5 +1,5 @@ -- From RFC 3369 -- --- $Id: CMS.asn1,v 1.3 2005/07/23 10:37:13 lha Exp $ -- +-- $Id: CMS.asn1,v 1.4 2006/04/15 10:53:25 lha Exp $ -- CMS DEFINITIONS ::= BEGIN @@ -142,7 +142,7 @@ EnvelopedData ::= SEQUENCE { -- Data ::= OCTET STRING CMSRC2CBCParameter ::= SEQUENCE { - rc2ParameterVersion INTEGER, + rc2ParameterVersion INTEGER (0..4294967295), iv OCTET STRING -- exactly 8 octets } diff --git a/source4/heimdal/lib/asn1/canthandle.asn1 b/source4/heimdal/lib/asn1/canthandle.asn1 index 7d012ed6f8..057f571bac 100644 --- a/source4/heimdal/lib/asn1/canthandle.asn1 +++ b/source4/heimdal/lib/asn1/canthandle.asn1 @@ -1,4 +1,4 @@ --- $Id: canthandle.asn1,v 1.5 2005/08/11 14:07:21 lha Exp $ -- +-- $Id: canthandle.asn1,v 1.6 2006/01/18 19:12:33 lha Exp $ -- CANTHANDLE DEFINITIONS ::= BEGIN @@ -31,10 +31,4 @@ Bar ::= SEQUENCE { Baz ::= SET OF INTEGER --- Allocation is done on CONTEXT tags. - -Alloc ::= SEQUENCE { - a heim_any OPTIONAL -} - END diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c index 2a6fecebbb..3d7c3983ac 100644 --- a/source4/heimdal/lib/asn1/gen.c +++ b/source4/heimdal/lib/asn1/gen.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c,v 1.65 2006/03/08 12:29:34 lha Exp $"); +RCSID("$Id: gen.c,v 1.67 2006/03/31 02:52:21 lha Exp $"); FILE *headerfile, *codefile, *logfile; @@ -62,6 +62,8 @@ add_import (const char *module) tmp->module = module; tmp->next = imports; imports = tmp; + + fprintf (headerfile, "#include <%s_asn1.h>\n", module); } const char * @@ -223,7 +225,6 @@ gen_compare_defval(const char *var, struct value *val) static void generate_header_of_codefile(const char *name) { - struct import *i; char *filename; if (codefile != NULL) @@ -248,10 +249,6 @@ generate_header_of_codefile(const char *name) "#include \n", orig_filename); - for (i = imports; i != NULL; i = i->next) - fprintf (codefile, - "#include <%s_asn1.h>\n", - i->module); fprintf (codefile, "#include <%s.h>\n", headerbase); diff --git a/source4/heimdal/lib/asn1/hash.c b/source4/heimdal/lib/asn1/hash.c index 7926541c19..f03d6b856b 100644 --- a/source4/heimdal/lib/asn1/hash.c +++ b/source4/heimdal/lib/asn1/hash.c @@ -37,7 +37,7 @@ #include "gen_locl.h" -RCSID("$Id: hash.c,v 1.10 2005/07/12 06:27:30 lha Exp $"); +RCSID("$Id: hash.c,v 1.11 2006/04/07 22:16:00 lha Exp $"); static Hashentry *_search(Hashtab * htab, /* The hash table */ void *ptr); /* And key */ @@ -53,17 +53,16 @@ hashtabnew(int sz, assert(sz > 0); htab = (Hashtab *) malloc(sizeof(Hashtab) + (sz - 1) * sizeof(Hashentry *)); + if (htab == NULL) + return NULL; + for (i = 0; i < sz; ++i) htab->tab[i] = NULL; - if (htab == NULL) { - return NULL; - } else { - htab->cmp = cmp; - htab->hash = hash; - htab->sz = sz; - return htab; - } + htab->cmp = cmp; + htab->hash = hash; + htab->sz = sz; + return htab; } /* Intern search function */ diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1 index aa3e0b806d..e314adee0e 100644 --- a/source4/heimdal/lib/asn1/k5.asn1 +++ b/source4/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1,v 1.46 2005/08/22 19:09:25 lha Exp $ +-- $Id: k5.asn1,v 1.47 2006/03/27 22:52:11 lha Exp $ KERBEROS5 DEFINITIONS ::= BEGIN @@ -56,6 +56,7 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-PK-AS-REQ-WIN(15), -- (PKINIT - old number) KRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25) KRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25) + KRB5-PADATA-PA-PK-OCSP-RESPONSE(18), KRB5-PADATA-ETYPE-INFO2(19), KRB5-PADATA-USE-SPECIFIED-KVNO(20), KRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp) diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index 3e58650685..b4814f073f 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -1,85 +1,32 @@ +/* A lexical scanner generated by flex*/ -#line 3 "lex.yy.c" - -#define YY_INT_ALIGNED short int - -/* A lexical scanner generated by flex */ +/* Scanner skeleton version: + * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ + */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 31 -#if YY_FLEX_SUBMINOR_VERSION > 0 -#define FLEX_BETA -#endif - -/* First, we deal with platform-specific or compiler-specific issues. */ -/* begin standard C headers. */ #include -#include -#include -#include - -/* end standard C headers. */ - -/* flex integer type definitions */ - -#ifndef FLEXINT_H -#define FLEXINT_H - -/* C99 systems have . Non-C99 systems may or may not. */ +#include -#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L -#include -typedef int8_t flex_int8_t; -typedef uint8_t flex_uint8_t; -typedef int16_t flex_int16_t; -typedef uint16_t flex_uint16_t; -typedef int32_t flex_int32_t; -typedef uint32_t flex_uint32_t; -#else -typedef signed char flex_int8_t; -typedef short int flex_int16_t; -typedef int flex_int32_t; -typedef unsigned char flex_uint8_t; -typedef unsigned short int flex_uint16_t; -typedef unsigned int flex_uint32_t; -#endif /* ! C99 */ -/* Limits of integral types. */ -#ifndef INT8_MIN -#define INT8_MIN (-128) -#endif -#ifndef INT16_MIN -#define INT16_MIN (-32767-1) -#endif -#ifndef INT32_MIN -#define INT32_MIN (-2147483647-1) -#endif -#ifndef INT8_MAX -#define INT8_MAX (127) -#endif -#ifndef INT16_MAX -#define INT16_MAX (32767) -#endif -#ifndef INT32_MAX -#define INT32_MAX (2147483647) -#endif -#ifndef UINT8_MAX -#define UINT8_MAX (255U) -#endif -#ifndef UINT16_MAX -#define UINT16_MAX (65535U) +/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ +#ifdef c_plusplus +#ifndef __cplusplus +#define __cplusplus #endif -#ifndef UINT32_MAX -#define UINT32_MAX (4294967295U) #endif -#endif /* ! FLEXINT_H */ #ifdef __cplusplus +#include + +/* Use prototypes in function declarations. */ +#define YY_USE_PROTOS + /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST @@ -87,17 +34,34 @@ typedef unsigned int flex_uint32_t; #if __STDC__ +#define YY_USE_PROTOS #define YY_USE_CONST #endif /* __STDC__ */ #endif /* ! __cplusplus */ +#ifdef __TURBOC__ + #pragma warn -rch + #pragma warn -use +#include +#include +#define YY_USE_CONST +#define YY_USE_PROTOS +#endif + #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif + +#ifdef YY_USE_PROTOS +#define YY_PROTO(proto) proto +#else +#define YY_PROTO(proto) () +#endif + /* Returned upon end-of-file. */ #define YY_NULL 0 @@ -112,71 +76,80 @@ typedef unsigned int flex_uint32_t; * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ -#define BEGIN (yy_start) = 1 + 2 * +#define BEGIN yy_start = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ -#define YY_START (((yy_start) - 1) / 2) +#define YY_START ((yy_start - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart(yyin ) +#define YY_NEW_FILE yyrestart( yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ -#ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 -#endif -#ifndef YY_TYPEDEF_YY_BUFFER_STATE -#define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; -#endif extern int yyleng; - extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 - #define YY_LESS_LINENO(n) - -/* Return all but the first "n" matched characters back to the input stream. */ +/* The funky do-while in the following #define is used to turn the definition + * int a single C statement (which needs a semi-colon terminator). This + * avoids problems with code like: + * + * if ( condition_holds ) + * yyless( 5 ); + * else + * do_something_else(); + * + * Prior to using the do-while the compiler would get upset at the + * "else" because it interpreted the "if" statement as being all + * done when it reached the ';' after the yyless() call. + */ + +/* Return all but the first 'n' matched characters back to the input stream. */ + #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - *yy_cp = (yy_hold_char); \ + *yy_cp = yy_hold_char; \ YY_RESTORE_YY_MORE_OFFSET \ - (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ + yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) -#define unput(c) yyunput( c, (yytext_ptr) ) +#define unput(c) yyunput( c, yytext_ptr ) + +/* Some routines like yy_flex_realloc() are emitted as static but are + not called by all lexers. This generates warnings in some compilers, + notably GCC. Arrange to suppress these. */ +#ifdef __GNUC__ +#define YY_MAY_BE_UNUSED __attribute__((unused)) +#else +#define YY_MAY_BE_UNUSED +#endif /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). */ - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T typedef unsigned int yy_size_t; -#endif -#ifndef YY_STRUCT_YY_BUFFER_STATE -#define YY_STRUCT_YY_BUFFER_STATE + struct yy_buffer_state { FILE *yy_input_file; @@ -213,16 +186,12 @@ struct yy_buffer_state */ int yy_at_bol; - int yy_bs_lineno; /**< The line count. */ - int yy_bs_column; /**< The column count. */ - /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; - #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process @@ -236,33 +205,23 @@ struct yy_buffer_state * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 - }; -#endif /* !YY_STRUCT_YY_BUFFER_STATE */ -/* Stack of input buffers. */ -static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ -static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ -static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ +static YY_BUFFER_STATE yy_current_buffer = 0; /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". - * - * Returns the top of the stack, or NULL. */ -#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ - ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ - : NULL) +#define YY_CURRENT_BUFFER yy_current_buffer -/* Same as previous macro, but useful when we know that the buffer stack is not - * NULL or when we need an lvalue. For internal use only. - */ -#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; + static int yy_n_chars; /* number of characters read into yy_ch_buf */ + + int yyleng; /* Points to current character in buffer. */ @@ -275,92 +234,66 @@ static int yy_start = 0; /* start state number */ */ static int yy_did_buffer_switch_on_eof; -void yyrestart (FILE *input_file ); -void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); -YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); -void yy_delete_buffer (YY_BUFFER_STATE b ); -void yy_flush_buffer (YY_BUFFER_STATE b ); -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); -void yypop_buffer_state (void ); - -static void yyensure_buffer_stack (void ); -static void yy_load_buffer_state (void ); -static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); +void yyrestart YY_PROTO(( FILE *input_file )); -#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) +void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); +void yy_load_buffer_state YY_PROTO(( void )); +YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); +void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); +void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); +void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); +#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) -YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); -YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); +YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); +YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); +YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); -void *yyalloc (yy_size_t ); -void *yyrealloc (void *,yy_size_t ); -void yyfree (void * ); +static void *yy_flex_alloc YY_PROTO(( yy_size_t )); +static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )) YY_MAY_BE_UNUSED; +static void yy_flex_free YY_PROTO(( void * )); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ - if ( ! YY_CURRENT_BUFFER ){ \ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ - if ( ! YY_CURRENT_BUFFER ){\ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_at_bol = at_bol; \ } -#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) - -/* Begin user sect3 */ +#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) typedef unsigned char YY_CHAR; - FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; - typedef int yy_state_type; - -extern int yylineno; - -int yylineno = 1; - extern char *yytext; #define yytext_ptr yytext -static yy_state_type yy_get_previous_state (void ); -static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); -static int yy_get_next_buffer (void ); -static void yy_fatal_error (yyconst char msg[] ); +static yy_state_type yy_get_previous_state YY_PROTO(( void )); +static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); +static int yy_get_next_buffer YY_PROTO(( void )); +static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ - (yytext_ptr) = yy_bp; \ - yyleng = (size_t) (yy_cp - yy_bp); \ - (yy_hold_char) = *yy_cp; \ + yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yy_hold_char = *yy_cp; \ *yy_cp = '\0'; \ - (yy_c_buf_p) = yy_cp; + yy_c_buf_p = yy_cp; #define YY_NUM_RULES 95 #define YY_END_OF_BUFFER 96 -/* This struct is not used in this scanner, - but its presence is necessary. */ -struct yy_trans_info - { - flex_int32_t yy_verify; - flex_int32_t yy_nxt; - }; -static yyconst flex_int16_t yy_accept[568] = +static yyconst short int yy_accept[568] = { 0, 0, 0, 96, 94, 90, 91, 87, 81, 81, 94, 94, 88, 88, 94, 89, 89, 89, 89, 89, 89, @@ -426,7 +359,7 @@ static yyconst flex_int16_t yy_accept[568] = 32, 89, 59, 70, 77, 53, 0 } ; -static yyconst flex_int32_t yy_ec[256] = +static yyconst int yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -458,7 +391,7 @@ static yyconst flex_int32_t yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst flex_int32_t yy_meta[70] = +static yyconst int yy_meta[70] = { 0, 1, 1, 1, 1, 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, 3, 3, 1, 1, 3, 3, @@ -469,7 +402,7 @@ static yyconst flex_int32_t yy_meta[70] = 2, 2, 2, 2, 2, 2, 2, 2, 2 } ; -static yyconst flex_int16_t yy_base[570] = +static yyconst short int yy_base[570] = { 0, 0, 0, 636, 637, 637, 637, 637, 637, 63, 627, 628, 70, 77, 616, 74, 72, 76, 609, 65, 81, @@ -535,7 +468,7 @@ static yyconst flex_int16_t yy_base[570] = 0, 101, 0, 0, 0, 0, 637, 223, 69 } ; -static yyconst flex_int16_t yy_def[570] = +static yyconst short int yy_def[570] = { 0, 567, 1, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 568, 568, 568, 568, 568, 568, @@ -601,7 +534,7 @@ static yyconst flex_int16_t yy_def[570] = 568, 568, 568, 568, 568, 568, 0, 567, 567 } ; -static yyconst flex_int16_t yy_nxt[707] = +static yyconst short int yy_nxt[707] = { 0, 4, 5, 6, 7, 8, 4, 9, 10, 11, 12, 13, 13, 13, 13, 13, 13, 14, 4, 15, 16, @@ -683,7 +616,7 @@ static yyconst flex_int16_t yy_nxt[707] = 567, 567, 567, 567, 567, 567 } ; -static yyconst flex_int16_t yy_chk[707] = +static yyconst short int yy_chk[707] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -768,9 +701,6 @@ static yyconst flex_int16_t yy_chk[707] = static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; -extern int yy_flex_debug; -int yy_flex_debug = 0; - /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ @@ -780,6 +710,7 @@ int yy_flex_debug = 0; #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "lex.l" +#define INITIAL 0 #line 2 "lex.l" /* * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan @@ -838,21 +769,7 @@ static unsigned lineno = 1; static void unterminated(const char *, unsigned); -#line 842 "lex.yy.c" - -#define INITIAL 0 - -#ifndef YY_NO_UNISTD_H -/* Special case for "unistd.h", since it is non-ANSI. We include it way - * down here because we want the user's section 1 to have been scanned first. - * The user has a chance to override it with an option. - */ -#include -#endif - -#ifndef YY_EXTRA_TYPE -#define YY_EXTRA_TYPE void * -#endif +#line 773 "lex.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -860,30 +777,65 @@ static void unterminated(const char *, unsigned); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int yywrap (void ); +extern "C" int yywrap YY_PROTO(( void )); #else -extern int yywrap (void ); +extern int yywrap YY_PROTO(( void )); #endif #endif - static void yyunput (int c,char *buf_ptr ); - +#ifndef YY_NO_UNPUT +static void yyunput YY_PROTO(( int c, char *buf_ptr )); +#endif + #ifndef yytext_ptr -static void yy_flex_strncpy (char *,yyconst char *,int ); +static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * ); +static int yy_flex_strlen YY_PROTO(( yyconst char * )); #endif #ifndef YY_NO_INPUT - #ifdef __cplusplus -static int yyinput (void ); +static int yyinput YY_PROTO(( void )); #else -static int input (void ); +static int input YY_PROTO(( void )); +#endif +#endif + +#if YY_STACK_USED +static int yy_start_stack_ptr = 0; +static int yy_start_stack_depth = 0; +static int *yy_start_stack = 0; +#ifndef YY_NO_PUSH_STATE +static void yy_push_state YY_PROTO(( int new_state )); +#endif +#ifndef YY_NO_POP_STATE +static void yy_pop_state YY_PROTO(( void )); +#endif +#ifndef YY_NO_TOP_STATE +static int yy_top_state YY_PROTO(( void )); #endif +#else +#define YY_NO_PUSH_STATE 1 +#define YY_NO_POP_STATE 1 +#define YY_NO_TOP_STATE 1 +#endif + +#ifdef YY_MALLOC_DECL +YY_MALLOC_DECL +#else +#if __STDC__ +#ifndef __cplusplus +#include +#endif +#else +/* Just try to get by without declaring the routines. This will fail + * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) + * or sizeof(void*) != sizeof(int). + */ +#endif #endif /* Amount of stuff to slurp up with each read. */ @@ -892,6 +844,7 @@ static int input (void ); #endif /* Copy whatever the last rule matched to the standard output. */ + #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). @@ -904,10 +857,9 @@ static int input (void ); */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + if ( yy_current_buffer->yy_is_interactive ) \ { \ - int c = '*'; \ - size_t n; \ + int c = '*', n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -917,22 +869,9 @@ static int input (void ); YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ - else \ - { \ - errno=0; \ - while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ - { \ - if( errno != EINTR) \ - { \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - break; \ - } \ - errno=0; \ - clearerr(yyin); \ - } \ - }\ -\ - + else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ + && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - @@ -953,18 +892,12 @@ static int input (void ); #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif -/* end tables serialization structures and prototypes */ - /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL -#define YY_DECL_IS_OURS 1 - -extern int yylex (void); - -#define YY_DECL int yylex (void) -#endif /* !YY_DECL */ +#define YY_DECL int yylex YY_PROTO(( void )) +#endif /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. @@ -981,28 +914,26 @@ extern int yylex (void); #define YY_RULE_SETUP \ YY_USER_ACTION -/** The main scanner function which does all the work. - */ YY_DECL -{ + { register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; + register char *yy_cp = NULL, *yy_bp = NULL; register int yy_act; - + #line 62 "lex.l" -#line 995 "lex.yy.c" +#line 926 "lex.c" - if ( (yy_init) ) + if ( yy_init ) { - (yy_init) = 0; + yy_init = 0; #ifdef YY_USER_INIT YY_USER_INIT; #endif - if ( ! (yy_start) ) - (yy_start) = 1; /* first start state */ + if ( ! yy_start ) + yy_start = 1; /* first start state */ if ( ! yyin ) yyin = stdin; @@ -1010,36 +941,34 @@ YY_DECL if ( ! yyout ) yyout = stdout; - if ( ! YY_CURRENT_BUFFER ) { - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); - } + if ( ! yy_current_buffer ) + yy_current_buffer = + yy_create_buffer( yyin, YY_BUF_SIZE ); - yy_load_buffer_state( ); + yy_load_buffer_state(); } while ( 1 ) /* loops until end-of-file is reached */ { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; /* Support of yytext. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; - yy_current_state = (yy_start); + yy_current_state = yy_start; yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1056,22 +985,24 @@ yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; + do_action: /* This label is used only to access EOF actions. */ + switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = (yy_hold_char); - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + *yy_cp = yy_hold_char; + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; goto yy_find_action; case 1: @@ -1635,7 +1566,6 @@ YY_RULE_SETUP ; YY_BREAK case 91: -/* rule 91 can match eol */ YY_RULE_SETUP #line 264 "lex.l" { ++lineno; } @@ -1660,33 +1590,33 @@ YY_RULE_SETUP #line 268 "lex.l" ECHO; YY_BREAK -#line 1664 "lex.yy.c" +#line 1594 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; + int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; YY_RESTORE_YY_MORE_OFFSET - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure - * consistency between YY_CURRENT_BUFFER and our + * consistency between yy_current_buffer and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; + yy_n_chars = yy_current_buffer->yy_n_chars; + yy_current_buffer->yy_input_file = yyin; + yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position @@ -1696,13 +1626,13 @@ case YY_STATE_EOF(INITIAL): * end-of-buffer state). Contrast this with the test * in input(). */ - if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) { /* This was really a NUL. */ yy_state_type yy_next_state; - (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); /* Okay, we're now positioned to make the NUL * transition. We couldn't have @@ -1715,30 +1645,30 @@ case YY_STATE_EOF(INITIAL): yy_next_state = yy_try_NUL_trans( yy_current_state ); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_bp = yytext_ptr + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ - yy_cp = ++(yy_c_buf_p); + yy_cp = ++yy_c_buf_p; yy_current_state = yy_next_state; goto yy_match; } else { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; goto yy_find_action; } } - else switch ( yy_get_next_buffer( ) ) + else switch ( yy_get_next_buffer() ) { case EOB_ACT_END_OF_FILE: { - (yy_did_buffer_switch_on_eof) = 0; + yy_did_buffer_switch_on_eof = 0; - if ( yywrap( ) ) + if ( yywrap() ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -1749,7 +1679,7 @@ case YY_STATE_EOF(INITIAL): * YY_NULL, it'll still work - another * YY_NULL will get returned. */ - (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; + yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; @@ -1757,30 +1687,30 @@ case YY_STATE_EOF(INITIAL): else { - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = - (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = + yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: - (yy_c_buf_p) = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; + yy_c_buf_p = + &yy_current_buffer->yy_ch_buf[yy_n_chars]; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_find_action; } break; @@ -1791,7 +1721,8 @@ case YY_STATE_EOF(INITIAL): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ -} /* end of yylex */ + } /* end of yylex */ + /* yy_get_next_buffer - try to read in a new buffer * @@ -1800,20 +1731,21 @@ case YY_STATE_EOF(INITIAL): * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ -static int yy_get_next_buffer (void) -{ - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = (yytext_ptr); + +static int yy_get_next_buffer() + { + register char *dest = yy_current_buffer->yy_ch_buf; + register char *source = yytext_ptr; register int number_to_move, i; int ret_val; - if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) + if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); - if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) + if ( yy_current_buffer->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ - if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) + if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. @@ -1833,30 +1765,34 @@ static int yy_get_next_buffer (void) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; + yy_current_buffer->yy_n_chars = yy_n_chars = 0; else { - size_t num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + int num_to_read = + yy_current_buffer->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ +#ifdef YY_USES_REJECT + YY_FATAL_ERROR( +"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); +#else /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + YY_BUFFER_STATE b = yy_current_buffer; int yy_c_buf_p_offset = - (int) ((yy_c_buf_p) - b->yy_ch_buf); + (int) (yy_c_buf_p - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { @@ -1869,7 +1805,8 @@ static int yy_get_next_buffer (void) b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); + yy_flex_realloc( (void *) b->yy_ch_buf, + b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ @@ -1879,35 +1816,35 @@ static int yy_get_next_buffer (void) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); - (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; + yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; - num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - + num_to_read = yy_current_buffer->yy_buf_size - number_to_move - 1; - +#endif } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ - YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), num_to_read ); + YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), + yy_n_chars, num_to_read ); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + yy_current_buffer->yy_n_chars = yy_n_chars; } - if ( (yy_n_chars) == 0 ) + if ( yy_n_chars == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - yyrestart(yyin ); + yyrestart( yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = + yy_current_buffer->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } @@ -1915,31 +1852,32 @@ static int yy_get_next_buffer (void) else ret_val = EOB_ACT_CONTINUE_SCAN; - (yy_n_chars) += number_to_move; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; + yy_n_chars += number_to_move; + yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; + yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; - (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; + yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; return ret_val; -} + } + /* yy_get_previous_state - get the state just before the EOB char was reached */ - static yy_state_type yy_get_previous_state (void) -{ +static yy_state_type yy_get_previous_state() + { register yy_state_type yy_current_state; register char *yy_cp; - - yy_current_state = (yy_start); - for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) + yy_current_state = yy_start; + + for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1951,23 +1889,30 @@ static int yy_get_next_buffer (void) } return yy_current_state; -} + } + /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ - static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) -{ + +#ifdef YY_USE_PROTOS +static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) +#else +static yy_state_type yy_try_NUL_trans( yy_current_state ) +yy_state_type yy_current_state; +#endif + { register int yy_is_jam; - register char *yy_cp = (yy_c_buf_p); + register char *yy_cp = yy_c_buf_p; register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1979,73 +1924,81 @@ static int yy_get_next_buffer (void) yy_is_jam = (yy_current_state == 567); return yy_is_jam ? 0 : yy_current_state; -} + } - static void yyunput (int c, register char * yy_bp ) -{ - register char *yy_cp; - - yy_cp = (yy_c_buf_p); + +#ifndef YY_NO_UNPUT +#ifdef YY_USE_PROTOS +static void yyunput( int c, register char *yy_bp ) +#else +static void yyunput( c, yy_bp ) +int c; +register char *yy_bp; +#endif + { + register char *yy_cp = yy_c_buf_p; /* undo effects of setting up yytext */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; + register int number_to_move = yy_n_chars + 2; + register char *dest = &yy_current_buffer->yy_ch_buf[ + yy_current_buffer->yy_buf_size + 2]; register char *source = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; + &yy_current_buffer->yy_ch_buf[number_to_move]; - while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + while ( source > yy_current_buffer->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + yy_current_buffer->yy_n_chars = + yy_n_chars = yy_current_buffer->yy_buf_size; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; - (yytext_ptr) = yy_bp; - (yy_hold_char) = *yy_cp; - (yy_c_buf_p) = yy_cp; -} + + yytext_ptr = yy_bp; + yy_hold_char = *yy_cp; + yy_c_buf_p = yy_cp; + } +#endif /* ifndef YY_NO_UNPUT */ + #ifndef YY_NO_INPUT #ifdef __cplusplus - static int yyinput (void) +static int yyinput() #else - static int input (void) +static int input() #endif - -{ + { int c; - - *(yy_c_buf_p) = (yy_hold_char); - if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) + *yy_c_buf_p = yy_hold_char; + + if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ - if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) /* This was really a NUL. */ - *(yy_c_buf_p) = '\0'; + *yy_c_buf_p = '\0'; else { /* need more input */ - int offset = (yy_c_buf_p) - (yytext_ptr); - ++(yy_c_buf_p); + int offset = yy_c_buf_p - yytext_ptr; + ++yy_c_buf_p; - switch ( yy_get_next_buffer( ) ) + switch ( yy_get_next_buffer() ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() @@ -2059,16 +2012,16 @@ static int yy_get_next_buffer (void) */ /* Reset buffer status. */ - yyrestart(yyin ); + yyrestart( yyin ); - /*FALLTHROUGH*/ + /* fall through */ case EOB_ACT_END_OF_FILE: { - if ( yywrap( ) ) + if ( yywrap() ) return EOF; - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); @@ -2078,92 +2031,90 @@ static int yy_get_next_buffer (void) } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = (yytext_ptr) + offset; + yy_c_buf_p = yytext_ptr + offset; break; } } } - c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ - *(yy_c_buf_p) = '\0'; /* preserve yytext */ - (yy_hold_char) = *++(yy_c_buf_p); + c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ + *yy_c_buf_p = '\0'; /* preserve yytext */ + yy_hold_char = *++yy_c_buf_p; + return c; -} -#endif /* ifndef YY_NO_INPUT */ + } +#endif /* YY_NO_INPUT */ -/** Immediately switch to a different input stream. - * @param input_file A readable stream. - * - * @note This function does not reset the start condition to @c INITIAL . - */ - void yyrestart (FILE * input_file ) -{ - - if ( ! YY_CURRENT_BUFFER ){ - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); +#ifdef YY_USE_PROTOS +void yyrestart( FILE *input_file ) +#else +void yyrestart( input_file ) +FILE *input_file; +#endif + { + if ( ! yy_current_buffer ) + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); + + yy_init_buffer( yy_current_buffer, input_file ); + yy_load_buffer_state(); } - yy_init_buffer(YY_CURRENT_BUFFER,input_file ); - yy_load_buffer_state( ); -} -/** Switch to a different input buffer. - * @param new_buffer The new input buffer. - * - */ - void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) -{ - - /* TODO. We should be able to replace this entire function body - * with - * yypop_buffer_state(); - * yypush_buffer_state(new_buffer); - */ - yyensure_buffer_stack (); - if ( YY_CURRENT_BUFFER == new_buffer ) +#ifdef YY_USE_PROTOS +void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) +#else +void yy_switch_to_buffer( new_buffer ) +YY_BUFFER_STATE new_buffer; +#endif + { + if ( yy_current_buffer == new_buffer ) return; - if ( YY_CURRENT_BUFFER ) + if ( yy_current_buffer ) { /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + *yy_c_buf_p = yy_hold_char; + yy_current_buffer->yy_buf_pos = yy_c_buf_p; + yy_current_buffer->yy_n_chars = yy_n_chars; } - YY_CURRENT_BUFFER_LVALUE = new_buffer; - yy_load_buffer_state( ); + yy_current_buffer = new_buffer; + yy_load_buffer_state(); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ - (yy_did_buffer_switch_on_eof) = 1; -} + yy_did_buffer_switch_on_eof = 1; + } -static void yy_load_buffer_state (void) -{ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; - yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; - (yy_hold_char) = *(yy_c_buf_p); -} -/** Allocate and initialize an input buffer state. - * @param file A readable stream. - * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. - * - * @return the allocated buffer state. - */ - YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) -{ +#ifdef YY_USE_PROTOS +void yy_load_buffer_state( void ) +#else +void yy_load_buffer_state() +#endif + { + yy_n_chars = yy_current_buffer->yy_n_chars; + yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; + yyin = yy_current_buffer->yy_input_file; + yy_hold_char = *yy_c_buf_p; + } + + +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) +#else +YY_BUFFER_STATE yy_create_buffer( file, size ) +FILE *file; +int size; +#endif + { YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); @@ -2172,75 +2123,75 @@ static void yy_load_buffer_state (void) /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); + b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - yy_init_buffer(b,file ); + yy_init_buffer( b, file ); return b; -} + } -/** Destroy the buffer. - * @param b a buffer created with yy_create_buffer() - * - */ - void yy_delete_buffer (YY_BUFFER_STATE b ) -{ - + +#ifdef YY_USE_PROTOS +void yy_delete_buffer( YY_BUFFER_STATE b ) +#else +void yy_delete_buffer( b ) +YY_BUFFER_STATE b; +#endif + { if ( ! b ) return; - if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ - YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; + if ( b == yy_current_buffer ) + yy_current_buffer = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - yyfree((void *) b->yy_ch_buf ); + yy_flex_free( (void *) b->yy_ch_buf ); - yyfree((void *) b ); -} + yy_flex_free( (void *) b ); + } -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* Initializes or reinitializes a buffer. - * This function is sometimes called more than once on the same buffer, - * such as during a yyrestart() or at EOF. - */ - static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) -{ - int oerrno = errno; - - yy_flush_buffer(b ); + +#ifdef YY_USE_PROTOS +void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) +#else +void yy_init_buffer( b, file ) +YY_BUFFER_STATE b; +FILE *file; +#endif + + + { + yy_flush_buffer( b ); b->yy_input_file = file; b->yy_fill_buffer = 1; - /* If b is the current buffer, then yy_init_buffer was _probably_ - * called from yyrestart() or through yy_get_next_buffer. - * In that case, we don't want to reset the lineno or column. - */ - if (b != YY_CURRENT_BUFFER){ - b->yy_bs_lineno = 1; - b->yy_bs_column = 0; - } - - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; - - errno = oerrno; -} +#if YY_ALWAYS_INTERACTIVE + b->yy_is_interactive = 1; +#else +#if YY_NEVER_INTERACTIVE + b->yy_is_interactive = 0; +#else + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; +#endif +#endif + } -/** Discard all buffered characters. On the next scan, YY_INPUT will be called. - * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. - * - */ - void yy_flush_buffer (YY_BUFFER_STATE b ) -{ - if ( ! b ) + +#ifdef YY_USE_PROTOS +void yy_flush_buffer( YY_BUFFER_STATE b ) +#else +void yy_flush_buffer( b ) +YY_BUFFER_STATE b; +#endif + + { + if ( ! b ) return; b->yy_n_chars = 0; @@ -2257,121 +2208,29 @@ extern int isatty (int ); b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; - if ( b == YY_CURRENT_BUFFER ) - yy_load_buffer_state( ); -} - -/** Pushes the new state onto the stack. The new state becomes - * the current state. This function will allocate the stack - * if necessary. - * @param new_buffer The new state. - * - */ -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) -{ - if (new_buffer == NULL) - return; - - yyensure_buffer_stack(); - - /* This block is copied from yy_switch_to_buffer. */ - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - /* Only push if top exists. Otherwise, replace top. */ - if (YY_CURRENT_BUFFER) - (yy_buffer_stack_top)++; - YY_CURRENT_BUFFER_LVALUE = new_buffer; - - /* copied from yy_switch_to_buffer. */ - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; -} - -/** Removes and deletes the top of the stack, if present. - * The next element becomes the new top. - * - */ -void yypop_buffer_state (void) -{ - if (!YY_CURRENT_BUFFER) - return; - - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - if ((yy_buffer_stack_top) > 0) - --(yy_buffer_stack_top); - - if (YY_CURRENT_BUFFER) { - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; + if ( b == yy_current_buffer ) + yy_load_buffer_state(); } -} - -/* Allocates the stack if it does not exist. - * Guarantees space for at least one push. - */ -static void yyensure_buffer_stack (void) -{ - int num_to_alloc; - - if (!(yy_buffer_stack)) { - - /* First allocation is just for 2 elements, since we don't know if this - * scanner will even need a stack. We use 2 instead of 1 to avoid an - * immediate realloc on the next call. - */ - num_to_alloc = 1; - (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc - (num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - - (yy_buffer_stack_max) = num_to_alloc; - (yy_buffer_stack_top) = 0; - return; - } - - if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ - - /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; - num_to_alloc = (yy_buffer_stack_max) + grow_size; - (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc - ((yy_buffer_stack), - num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - /* zero only the new slots.*/ - memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); - (yy_buffer_stack_max) = num_to_alloc; - } -} -/** Setup the input buffer state to scan directly from a user-specified character buffer. - * @param base the character buffer - * @param size the size in bytes of the character buffer - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) -{ +#ifndef YY_NO_SCAN_BUFFER +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) +#else +YY_BUFFER_STATE yy_scan_buffer( base, size ) +char *base; +yy_size_t size; +#endif + { YY_BUFFER_STATE b; - + if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); @@ -2385,42 +2244,47 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - yy_switch_to_buffer(b ); + yy_switch_to_buffer( b ); return b; -} + } +#endif -/** Setup the input buffer state to scan a string. The next call to yylex() will - * scan from a @e copy of @a str. - * @param yy_str a NUL-terminated string to scan - * - * @return the newly allocated buffer state object. - * @note If you want to scan bytes that may contain NUL values, then use - * yy_scan_bytes() instead. - */ -YY_BUFFER_STATE yy_scan_string (yyconst char * yy_str ) -{ - - return yy_scan_bytes(yy_str,strlen(yy_str) ); -} -/** Setup the input buffer state to scan the given bytes. The next call to yylex() will - * scan from a @e copy of @a bytes. - * @param bytes the byte buffer to scan - * @param len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) -{ +#ifndef YY_NO_SCAN_STRING +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) +#else +YY_BUFFER_STATE yy_scan_string( yy_str ) +yyconst char *yy_str; +#endif + { + int len; + for ( len = 0; yy_str[len]; ++len ) + ; + + return yy_scan_bytes( yy_str, len ); + } +#endif + + +#ifndef YY_NO_SCAN_BYTES +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) +#else +YY_BUFFER_STATE yy_scan_bytes( bytes, len ) +yyconst char *bytes; +int len; +#endif + { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; - + /* Get memory for full buffer, including space for trailing EOB's. */ n = len + 2; - buf = (char *) yyalloc(n ); + buf = (char *) yy_flex_alloc( n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); @@ -2429,7 +2293,7 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; - b = yy_scan_buffer(buf,n ); + b = yy_scan_buffer( buf, n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); @@ -2439,164 +2303,148 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) b->yy_is_our_buffer = 1; return b; -} + } +#endif -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 + +#ifndef YY_NO_PUSH_STATE +#ifdef YY_USE_PROTOS +static void yy_push_state( int new_state ) +#else +static void yy_push_state( new_state ) +int new_state; #endif + { + if ( yy_start_stack_ptr >= yy_start_stack_depth ) + { + yy_size_t new_size; -static void yy_fatal_error (yyconst char* msg ) -{ - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); -} + yy_start_stack_depth += YY_START_STACK_INCR; + new_size = yy_start_stack_depth * sizeof( int ); -/* Redefine yyless() so it works in section 3 code. */ + if ( ! yy_start_stack ) + yy_start_stack = (int *) yy_flex_alloc( new_size ); -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - yytext[yyleng] = (yy_hold_char); \ - (yy_c_buf_p) = yytext + yyless_macro_arg; \ - (yy_hold_char) = *(yy_c_buf_p); \ - *(yy_c_buf_p) = '\0'; \ - yyleng = yyless_macro_arg; \ - } \ - while ( 0 ) + else + yy_start_stack = (int *) yy_flex_realloc( + (void *) yy_start_stack, new_size ); -/* Accessor methods (get/set functions) to struct members. */ + if ( ! yy_start_stack ) + YY_FATAL_ERROR( + "out of memory expanding start-condition stack" ); + } -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} + yy_start_stack[yy_start_stack_ptr++] = YY_START; -/** Get the input stream. - * - */ -FILE *yyget_in (void) -{ - return yyin; -} + BEGIN(new_state); + } +#endif -/** Get the output stream. - * - */ -FILE *yyget_out (void) -{ - return yyout; -} -/** Get the length of the current token. - * - */ -int yyget_leng (void) -{ - return yyleng; -} +#ifndef YY_NO_POP_STATE +static void yy_pop_state() + { + if ( --yy_start_stack_ptr < 0 ) + YY_FATAL_ERROR( "start-condition stack underflow" ); -/** Get the current token. - * - */ + BEGIN(yy_start_stack[yy_start_stack_ptr]); + } +#endif -char *yyget_text (void) -{ - return yytext; -} -/** Set the current line number. - * @param line_number - * - */ -void yyset_lineno (int line_number ) -{ - - yylineno = line_number; -} +#ifndef YY_NO_TOP_STATE +static int yy_top_state() + { + return yy_start_stack[yy_start_stack_ptr - 1]; + } +#endif -/** Set the input stream. This does not discard the current - * input buffer. - * @param in_str A readable stream. - * - * @see yy_switch_to_buffer - */ -void yyset_in (FILE * in_str ) -{ - yyin = in_str ; -} +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif -void yyset_out (FILE * out_str ) -{ - yyout = out_str ; -} +#ifdef YY_USE_PROTOS +static void yy_fatal_error( yyconst char msg[] ) +#else +static void yy_fatal_error( msg ) +char msg[]; +#endif + { + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); + } -int yyget_debug (void) -{ - return yy_flex_debug; -} -void yyset_debug (int bdebug ) -{ - yy_flex_debug = bdebug ; -} -/* yylex_destroy is for both reentrant and non-reentrant scanners. */ -int yylex_destroy (void) -{ - - /* Pop the buffer stack, destroying each element. */ - while(YY_CURRENT_BUFFER){ - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - yypop_buffer_state(); - } +/* Redefine yyless() so it works in section 3 code. */ - /* Destroy the stack itself. */ - yyfree((yy_buffer_stack) ); - (yy_buffer_stack) = NULL; +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + yytext[yyleng] = yy_hold_char; \ + yy_c_buf_p = yytext + n; \ + yy_hold_char = *yy_c_buf_p; \ + *yy_c_buf_p = '\0'; \ + yyleng = n; \ + } \ + while ( 0 ) - return 0; -} -/* - * Internal utility routines. - */ +/* Internal utility routines. */ #ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) -{ +#ifdef YY_USE_PROTOS +static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) +#else +static void yy_flex_strncpy( s1, s2, n ) +char *s1; +yyconst char *s2; +int n; +#endif + { register int i; - for ( i = 0; i < n; ++i ) + for ( i = 0; i < n; ++i ) s1[i] = s2[i]; -} + } #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * s ) -{ +#ifdef YY_USE_PROTOS +static int yy_flex_strlen( yyconst char *s ) +#else +static int yy_flex_strlen( s ) +yyconst char *s; +#endif + { register int n; - for ( n = 0; s[n]; ++n ) + for ( n = 0; s[n]; ++n ) ; return n; -} + } #endif -void *yyalloc (yy_size_t size ) -{ + +#ifdef YY_USE_PROTOS +static void *yy_flex_alloc( yy_size_t size ) +#else +static void *yy_flex_alloc( size ) +yy_size_t size; +#endif + { return (void *) malloc( size ); -} + } -void *yyrealloc (void * ptr, yy_size_t size ) -{ +#ifdef YY_USE_PROTOS +static void *yy_flex_realloc( void *ptr, yy_size_t size ) +#else +static void *yy_flex_realloc( ptr, size ) +void *ptr; +yy_size_t size; +#endif + { /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -2605,31 +2453,28 @@ void *yyrealloc (void * ptr, yy_size_t size ) * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); -} - -void yyfree (void * ptr ) -{ - free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ -} - -#define YYTABLES_NAME "yytables" + } -#undef YY_NEW_FILE -#undef YY_FLUSH_BUFFER -#undef yy_set_bol -#undef yy_new_buffer -#undef yy_set_interactive -#undef yytext_ptr -#undef YY_DO_BEFORE_ACTION +#ifdef YY_USE_PROTOS +static void yy_flex_free( void *ptr ) +#else +static void yy_flex_free( ptr ) +void *ptr; +#endif + { + free( ptr ); + } -#ifdef YY_DECL_IS_OURS -#undef YY_DECL_IS_OURS -#undef YY_DECL +#if YY_MAIN +int main() + { + yylex(); + return 0; + } #endif #line 268 "lex.l" - #ifndef yywrap /* XXX */ int yywrap () @@ -2655,4 +2500,3 @@ unterminated(const char *type, unsigned start_lineno) { error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); } - diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index 420a1bc5c5..0bf3cdafdb 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 2.1. */ +/* A Bison parser, made by GNU Bison 2.0. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,8 +15,8 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. */ + Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. */ /* As a special exception, when this file is copied by Bison into a Bison output file, you may use that output file without restriction. @@ -36,9 +36,6 @@ /* Identify Bison output. */ #define YYBISON 1 -/* Bison version. */ -#define YYBISON_VERSION "2.1" - /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -145,7 +142,6 @@ NUMBER = 344 }; #endif -/* Tokens. */ #define kw_ABSENT 258 #define kw_ABSTRACT_SYNTAX 259 #define kw_ALL 260 @@ -270,7 +266,7 @@ struct string_list { /* Enabling traces. */ #ifndef YYDEBUG -# define YYDEBUG 0 +# define YYDEBUG 1 #endif /* Enabling verbose error messages. */ @@ -281,11 +277,6 @@ struct string_list { # define YYERROR_VERBOSE 0 #endif -/* Enabling the token table. */ -#ifndef YYTOKEN_TABLE -# define YYTOKEN_TABLE 0 -#endif - #if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) #line 65 "parse.y" typedef union YYSTYPE { @@ -302,8 +293,8 @@ typedef union YYSTYPE { struct memhead *members; struct constraint_spec *constraint_spec; } YYSTYPE; -/* Line 196 of yacc.c. */ -#line 307 "$base.c" +/* Line 190 of yacc.c. */ +#line 298 "parse.c" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 @@ -314,36 +305,17 @@ typedef union YYSTYPE { /* Copy the second part of user declarations. */ -/* Line 219 of yacc.c. */ -#line 319 "$base.c" +/* Line 213 of yacc.c. */ +#line 310 "parse.c" -#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) -# define YYSIZE_T __SIZE_TYPE__ -#endif -#if ! defined (YYSIZE_T) && defined (size_t) -# define YYSIZE_T size_t -#endif -#if ! defined (YYSIZE_T) && (defined (__STDC__) || defined (__cplusplus)) -# include /* INFRINGES ON USER NAME SPACE */ -# define YYSIZE_T size_t -#endif -#if ! defined (YYSIZE_T) -# define YYSIZE_T unsigned int -#endif +#if ! defined (yyoverflow) || YYERROR_VERBOSE -#ifndef YY_ -# if YYENABLE_NLS -# if ENABLE_NLS -# include /* INFRINGES ON USER NAME SPACE */ -# define YY_(msgid) dgettext ("bison-runtime", msgid) -# endif +# ifndef YYFREE +# define YYFREE free # endif -# ifndef YY_ -# define YY_(msgid) msgid +# ifndef YYMALLOC +# define YYMALLOC malloc # endif -#endif - -#if ! defined (yyoverflow) || YYERROR_VERBOSE /* The parser invokes alloca or malloc; define the necessary symbols. */ @@ -353,10 +325,6 @@ typedef union YYSTYPE { # define YYSTACK_ALLOC __builtin_alloca # else # define YYSTACK_ALLOC alloca -# if defined (__STDC__) || defined (__cplusplus) -# include /* INFRINGES ON USER NAME SPACE */ -# define YYINCLUDED_STDLIB_H -# endif # endif # endif # endif @@ -364,39 +332,13 @@ typedef union YYSTYPE { # ifdef YYSTACK_ALLOC /* Pacify GCC's `empty if-body' warning. */ # define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) -# ifndef YYSTACK_ALLOC_MAXIMUM - /* The OS might guarantee only one guard page at the bottom of the stack, - and a page size can be as small as 4096 bytes. So we cannot safely - invoke alloca (N) if N exceeds 4096. Use a slightly smaller number - to allow for a few compiler-allocated temporary stack slots. */ -# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2005 */ -# endif # else +# if defined (__STDC__) || defined (__cplusplus) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +# endif # define YYSTACK_ALLOC YYMALLOC # define YYSTACK_FREE YYFREE -# ifndef YYSTACK_ALLOC_MAXIMUM -# define YYSTACK_ALLOC_MAXIMUM ((YYSIZE_T) -1) -# endif -# ifdef __cplusplus -extern "C" { -# endif -# ifndef YYMALLOC -# define YYMALLOC malloc -# if (! defined (malloc) && ! defined (YYINCLUDED_STDLIB_H) \ - && (defined (__STDC__) || defined (__cplusplus))) -void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ -# endif -# endif -# ifndef YYFREE -# define YYFREE free -# if (! defined (free) && ! defined (YYINCLUDED_STDLIB_H) \ - && (defined (__STDC__) || defined (__cplusplus))) -void free (void *); /* INFRINGES ON USER NAME SPACE */ -# endif -# endif -# ifdef __cplusplus -} -# endif # endif #endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */ @@ -431,7 +373,7 @@ union yyalloc # define YYCOPY(To, From, Count) \ do \ { \ - YYSIZE_T yyi; \ + register YYSIZE_T yyi; \ for (yyi = 0; yyi < (Count); yyi++) \ (To)[yyi] = (From)[yyi]; \ } \ @@ -481,7 +423,7 @@ union yyalloc #define YYUNDEFTOK 2 #define YYMAXUTOK 344 -#define YYTRANSLATE(YYX) \ +#define YYTRANSLATE(YYX) \ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) /* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ @@ -606,8 +548,8 @@ static const unsigned short int yyrline[] = }; #endif -#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE -/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. +#if YYDEBUG || YYERROR_VERBOSE +/* YYTNME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { @@ -862,6 +804,22 @@ static const unsigned char yystos[] = 154 }; +#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) +# define YYSIZE_T __SIZE_TYPE__ +#endif +#if ! defined (YYSIZE_T) && defined (size_t) +# define YYSIZE_T size_t +#endif +#if ! defined (YYSIZE_T) +# if defined (__STDC__) || defined (__cplusplus) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +# endif +#endif +#if ! defined (YYSIZE_T) +# define YYSIZE_T unsigned int +#endif + #define yyerrok (yyerrstatus = 0) #define yyclearin (yychar = YYEMPTY) #define YYEMPTY (-2) @@ -891,8 +849,8 @@ do \ goto yybackup; \ } \ else \ - { \ - yyerror (YY_("syntax error: cannot back up")); \ + { \ + yyerror ("syntax error: cannot back up");\ YYERROR; \ } \ while (0) @@ -971,7 +929,7 @@ do { \ if (yydebug) \ { \ YYFPRINTF (stderr, "%s ", Title); \ - yysymprint (stderr, \ + yysymprint (stderr, \ Type, Value); \ YYFPRINTF (stderr, "\n"); \ } \ @@ -1019,13 +977,13 @@ yy_reduce_print (yyrule) #endif { int yyi; - unsigned long int yylno = yyrline[yyrule]; - YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu), ", + unsigned int yylno = yyrline[yyrule]; + YYFPRINTF (stderr, "Reducing stack by rule %d (line %u), ", yyrule - 1, yylno); /* Print the symbols being reduced, and their result. */ for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++) - YYFPRINTF (stderr, "%s ", yytname[yyrhs[yyi]]); - YYFPRINTF (stderr, "-> %s\n", yytname[yyr1[yyrule]]); + YYFPRINTF (stderr, "%s ", yytname [yyrhs[yyi]]); + YYFPRINTF (stderr, "-> %s\n", yytname [yyr1[yyrule]]); } # define YY_REDUCE_PRINT(Rule) \ @@ -1054,7 +1012,7 @@ int yydebug; if the built-in stack extension method is used). Do not make this value too large; the results are undefined if - YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) + SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH) evaluated with infinite-precision integer arithmetic. */ #ifndef YYMAXDEPTH @@ -1078,7 +1036,7 @@ yystrlen (yystr) const char *yystr; # endif { - const char *yys = yystr; + register const char *yys = yystr; while (*yys++ != '\0') continue; @@ -1103,8 +1061,8 @@ yystpcpy (yydest, yysrc) const char *yysrc; # endif { - char *yyd = yydest; - const char *yys = yysrc; + register char *yyd = yydest; + register const char *yys = yysrc; while ((*yyd++ = *yys++) != '\0') continue; @@ -1114,55 +1072,7 @@ yystpcpy (yydest, yysrc) # endif # endif -# ifndef yytnamerr -/* Copy to YYRES the contents of YYSTR after stripping away unnecessary - quotes and backslashes, so that it's suitable for yyerror. The - heuristic is that double-quoting is unnecessary unless the string - contains an apostrophe, a comma, or backslash (other than - backslash-backslash). YYSTR is taken from yytname. If YYRES is - null, do not copy; instead, return the length of what the result - would have been. */ -static YYSIZE_T -yytnamerr (char *yyres, const char *yystr) -{ - if (*yystr == '"') - { - size_t yyn = 0; - char const *yyp = yystr; - - for (;;) - switch (*++yyp) - { - case '\'': - case ',': - goto do_not_strip_quotes; - - case '\\': - if (*++yyp != '\\') - goto do_not_strip_quotes; - /* Fall through. */ - default: - if (yyres) - yyres[yyn] = *yyp; - yyn++; - break; - - case '"': - if (yyres) - yyres[yyn] = '\0'; - return yyn; - } - do_not_strip_quotes: ; - } - - if (! yyres) - return yystrlen (yystr); - - return yystpcpy (yyres, yystr) - yyres; -} -# endif - -#endif /* YYERROR_VERBOSE */ +#endif /* !YYERROR_VERBOSE */ @@ -1282,13 +1192,13 @@ yyparse (void) #else int yyparse () - ; + #endif #endif { - int yystate; - int yyn; + register int yystate; + register int yyn; int yyresult; /* Number of tokens to shift before error messages enabled. */ int yyerrstatus; @@ -1306,12 +1216,12 @@ yyparse () /* The state stack. */ short int yyssa[YYINITDEPTH]; short int *yyss = yyssa; - short int *yyssp; + register short int *yyssp; /* The semantic value stack. */ YYSTYPE yyvsa[YYINITDEPTH]; YYSTYPE *yyvs = yyvsa; - YYSTYPE *yyvsp; + register YYSTYPE *yyvsp; @@ -1343,6 +1253,9 @@ yyparse () yyssp = yyss; yyvsp = yyvs; + + yyvsp[0] = yylval; + goto yysetstate; /*------------------------------------------------------------. @@ -1375,7 +1288,7 @@ yyparse () data in use in that stack, in bytes. This used to be a conditional around just the two extra args, but that might be undefined if yyoverflow is a macro. */ - yyoverflow (YY_("memory exhausted"), + yyoverflow ("parser stack overflow", &yyss1, yysize * sizeof (*yyssp), &yyvs1, yysize * sizeof (*yyvsp), @@ -1386,11 +1299,11 @@ yyparse () } #else /* no yyoverflow */ # ifndef YYSTACK_RELOCATE - goto yyexhaustedlab; + goto yyoverflowlab; # else /* Extend the stack our own way. */ if (YYMAXDEPTH <= yystacksize) - goto yyexhaustedlab; + goto yyoverflowlab; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) yystacksize = YYMAXDEPTH; @@ -1400,7 +1313,7 @@ yyparse () union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) - goto yyexhaustedlab; + goto yyoverflowlab; YYSTACK_RELOCATE (yyss); YYSTACK_RELOCATE (yyvs); @@ -2230,11 +2143,10 @@ yyreduce: break; - default: break; } -/* Line 1126 of yacc.c. */ -#line 2238 "$base.c" +/* Line 1037 of yacc.c. */ +#line 2150 "parse.c" yyvsp -= yylen; yyssp -= yylen; @@ -2273,36 +2185,12 @@ yyerrlab: if (YYPACT_NINF < yyn && yyn < YYLAST) { + YYSIZE_T yysize = 0; int yytype = YYTRANSLATE (yychar); - YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); - YYSIZE_T yysize = yysize0; - YYSIZE_T yysize1; - int yysize_overflow = 0; - char *yymsg = 0; -# define YYERROR_VERBOSE_ARGS_MAXIMUM 5 - char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; + const char* yyprefix; + char *yymsg; int yyx; -#if 0 - /* This is so xgettext sees the translatable formats that are - constructed on the fly. */ - YY_("syntax error, unexpected %s"); - YY_("syntax error, unexpected %s, expecting %s"); - YY_("syntax error, unexpected %s, expecting %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); -#endif - char *yyfmt; - char const *yyf; - static char const yyunexpected[] = "syntax error, unexpected %s"; - static char const yyexpecting[] = ", expecting %s"; - static char const yyor[] = " or %s"; - char yyformat[sizeof yyunexpected - + sizeof yyexpecting - 1 - + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) - * (sizeof yyor - 1))]; - char const *yyprefix = yyexpecting; - /* Start YYX at -YYN if negative to avoid negative indexes in YYCHECK. */ int yyxbegin = yyn < 0 ? -yyn : 0; @@ -2310,68 +2198,48 @@ yyerrlab: /* Stay within bounds of both yycheck and yytname. */ int yychecklim = YYLAST - yyn; int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; - int yycount = 1; - - yyarg[0] = yytname[yytype]; - yyfmt = yystpcpy (yyformat, yyunexpected); + int yycount = 0; + yyprefix = ", expecting "; for (yyx = yyxbegin; yyx < yyxend; ++yyx) if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) { - if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) + yysize += yystrlen (yyprefix) + yystrlen (yytname [yyx]); + yycount += 1; + if (yycount == 5) { - yycount = 1; - yysize = yysize0; - yyformat[sizeof yyunexpected - 1] = '\0'; + yysize = 0; break; } - yyarg[yycount++] = yytname[yyx]; - yysize1 = yysize + yytnamerr (0, yytname[yyx]); - yysize_overflow |= yysize1 < yysize; - yysize = yysize1; - yyfmt = yystpcpy (yyfmt, yyprefix); - yyprefix = yyor; } - - yyf = YY_(yyformat); - yysize1 = yysize + yystrlen (yyf); - yysize_overflow |= yysize1 < yysize; - yysize = yysize1; - - if (!yysize_overflow && yysize <= YYSTACK_ALLOC_MAXIMUM) - yymsg = (char *) YYSTACK_ALLOC (yysize); - if (yymsg) + yysize += (sizeof ("syntax error, unexpected ") + + yystrlen (yytname[yytype])); + yymsg = (char *) YYSTACK_ALLOC (yysize); + if (yymsg != 0) { - /* Avoid sprintf, as that infringes on the user's name space. - Don't have undefined behavior even if the translation - produced a string with the wrong number of "%s"s. */ - char *yyp = yymsg; - int yyi = 0; - while ((*yyp = *yyf)) + char *yyp = yystpcpy (yymsg, "syntax error, unexpected "); + yyp = yystpcpy (yyp, yytname[yytype]); + + if (yycount < 5) { - if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) - { - yyp += yytnamerr (yyp, yyarg[yyi++]); - yyf += 2; - } - else - { - yyp++; - yyf++; - } + yyprefix = ", expecting "; + for (yyx = yyxbegin; yyx < yyxend; ++yyx) + if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) + { + yyp = yystpcpy (yyp, yyprefix); + yyp = yystpcpy (yyp, yytname[yyx]); + yyprefix = " or "; + } } yyerror (yymsg); YYSTACK_FREE (yymsg); } else - { - yyerror (YY_("syntax error")); - goto yyexhaustedlab; - } + yyerror ("syntax error; also virtual memory exhausted"); } else #endif /* YYERROR_VERBOSE */ - yyerror (YY_("syntax error")); + yyerror ("syntax error"); } @@ -2383,9 +2251,18 @@ yyerrlab: if (yychar <= YYEOF) { - /* Return failure if at end of input. */ + /* If at end of input, pop the error token, + then the rest of the stack, then return failure. */ if (yychar == YYEOF) - YYABORT; + for (;;) + { + + YYPOPSTACK; + if (yyssp == yyss) + YYABORT; + yydestruct ("Error: popping", + yystos[*yyssp], yyvsp); + } } else { @@ -2404,11 +2281,12 @@ yyerrlab: `---------------------------------------------------*/ yyerrorlab: - /* Pacify compilers like GCC when the user code never invokes - YYERROR and the label yyerrorlab therefore never appears in user - code. */ +#ifdef __GNUC__ + /* Pacify GCC when the user code never invokes YYERROR and the label + yyerrorlab therefore never appears in user code. */ if (0) goto yyerrorlab; +#endif yyvsp -= yylen; yyssp -= yylen; @@ -2471,29 +2349,23 @@ yyacceptlab: | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ yyabortlab: + yydestruct ("Error: discarding lookahead", + yytoken, &yylval); + yychar = YYEMPTY; yyresult = 1; goto yyreturn; #ifndef yyoverflow -/*-------------------------------------------------. -| yyexhaustedlab -- memory exhaustion comes here. | -`-------------------------------------------------*/ -yyexhaustedlab: - yyerror (YY_("memory exhausted")); +/*----------------------------------------------. +| yyoverflowlab -- parser overflow comes here. | +`----------------------------------------------*/ +yyoverflowlab: + yyerror ("parser stack overflow"); yyresult = 2; /* Fall through. */ #endif yyreturn: - if (yychar != YYEOF && yychar != YYEMPTY) - yydestruct ("Cleanup: discarding lookahead", - yytoken, &yylval); - while (yyssp != yyss) - { - yydestruct ("Cleanup: popping", - yystos[*yyssp], yyvsp); - YYPOPSTACK; - } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h index df4587501e..5cc1342618 100644 --- a/source4/heimdal/lib/asn1/parse.h +++ b/source4/heimdal/lib/asn1/parse.h @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 2.1. */ +/* A Bison parser, made by GNU Bison 2.0. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,8 +15,8 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. */ + Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. */ /* As a special exception, when this file is copied by Bison into a Bison output file, you may use that output file without restriction. @@ -118,7 +118,6 @@ NUMBER = 344 }; #endif -/* Tokens. */ #define kw_ABSENT 258 #define kw_ABSTRACT_SYNTAX 259 #define kw_ALL 260 @@ -226,8 +225,8 @@ typedef union YYSTYPE { struct memhead *members; struct constraint_spec *constraint_spec; } YYSTYPE; -/* Line 1447 of yacc.c. */ -#line 231 "parse.h" +/* Line 1318 of yacc.c. */ +#line 230 "parse.h" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 diff --git a/source4/heimdal/lib/asn1/test.asn1 b/source4/heimdal/lib/asn1/test.asn1 index 0010c8481e..22fcc0b003 100644 --- a/source4/heimdal/lib/asn1/test.asn1 +++ b/source4/heimdal/lib/asn1/test.asn1 @@ -1,9 +1,11 @@ --- $Id: test.asn1,v 1.5 2005/07/21 20:48:27 lha Exp $ -- +-- $Id: test.asn1,v 1.8 2006/01/31 09:42:04 lha Exp $ -- TEST DEFINITIONS ::= BEGIN +IMPORTS heim_any FROM heim; + TESTLargeTag ::= SEQUENCE { foo[127] INTEGER (-2147483648..2147483647) } @@ -45,4 +47,40 @@ TESTImplicit2 ::= SEQUENCE { ti3[2] IMPLICIT TESTInteger3 } +TESTAllocInner ::= SEQUENCE { + ai[0] TESTInteger +} + +TESTAlloc ::= SEQUENCE { + tagless TESTAllocInner OPTIONAL, + three [1] INTEGER (-2147483648..2147483647), + tagless2 heim_any OPTIONAL +} + + +TESTCONTAINING ::= OCTET STRING ( CONTAINING INTEGER ) +TESTENCODEDBY ::= OCTET STRING ( ENCODED BY + { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) } +) + +TESTDer OBJECT IDENTIFIER ::= { + joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) +} + +TESTCONTAININGENCODEDBY ::= OCTET STRING ( CONTAINING INTEGER ENCODED BY + { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) } +) + +TESTCONTAININGENCODEDBY2 ::= OCTET STRING ( + CONTAINING INTEGER ENCODED BY TESTDer +) + + +TESTValue1 INTEGER ::= 1 + +TESTUSERCONSTRAINED ::= OCTET STRING (CONSTRAINED BY { -- meh -- }) +-- TESTUSERCONSTRAINED2 ::= OCTET STRING (CONSTRAINED BY { TESTInteger }) +-- TESTUSERCONSTRAINED3 ::= OCTET STRING (CONSTRAINED BY { INTEGER }) +-- TESTUSERCONSTRAINED4 ::= OCTET STRING (CONSTRAINED BY { INTEGER : 1 }) + END diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index f19c1b26f3..925615f244 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -1,85 +1,32 @@ - -#line 3 "lex.yy.c" - -#define YY_INT_ALIGNED short int - /* A lexical scanner generated by flex */ +/* Scanner skeleton version: + * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ + */ + #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 31 -#if YY_FLEX_SUBMINOR_VERSION > 0 -#define FLEX_BETA -#endif -/* First, we deal with platform-specific or compiler-specific issues. */ - -/* begin standard C headers. */ #include -#include -#include -#include - -/* end standard C headers. */ - -/* flex integer type definitions */ - -#ifndef FLEXINT_H -#define FLEXINT_H - -/* C99 systems have . Non-C99 systems may or may not. */ +#include -#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L -#include -typedef int8_t flex_int8_t; -typedef uint8_t flex_uint8_t; -typedef int16_t flex_int16_t; -typedef uint16_t flex_uint16_t; -typedef int32_t flex_int32_t; -typedef uint32_t flex_uint32_t; -#else -typedef signed char flex_int8_t; -typedef short int flex_int16_t; -typedef int flex_int32_t; -typedef unsigned char flex_uint8_t; -typedef unsigned short int flex_uint16_t; -typedef unsigned int flex_uint32_t; -#endif /* ! C99 */ -/* Limits of integral types. */ -#ifndef INT8_MIN -#define INT8_MIN (-128) -#endif -#ifndef INT16_MIN -#define INT16_MIN (-32767-1) -#endif -#ifndef INT32_MIN -#define INT32_MIN (-2147483647-1) -#endif -#ifndef INT8_MAX -#define INT8_MAX (127) -#endif -#ifndef INT16_MAX -#define INT16_MAX (32767) -#endif -#ifndef INT32_MAX -#define INT32_MAX (2147483647) -#endif -#ifndef UINT8_MAX -#define UINT8_MAX (255U) -#endif -#ifndef UINT16_MAX -#define UINT16_MAX (65535U) +/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ +#ifdef c_plusplus +#ifndef __cplusplus +#define __cplusplus #endif -#ifndef UINT32_MAX -#define UINT32_MAX (4294967295U) #endif -#endif /* ! FLEXINT_H */ #ifdef __cplusplus +#include + +/* Use prototypes in function declarations. */ +#define YY_USE_PROTOS + /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST @@ -87,17 +34,34 @@ typedef unsigned int flex_uint32_t; #if __STDC__ +#define YY_USE_PROTOS #define YY_USE_CONST #endif /* __STDC__ */ #endif /* ! __cplusplus */ +#ifdef __TURBOC__ + #pragma warn -rch + #pragma warn -use +#include +#include +#define YY_USE_CONST +#define YY_USE_PROTOS +#endif + #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif + +#ifdef YY_USE_PROTOS +#define YY_PROTO(proto) proto +#else +#define YY_PROTO(proto) () +#endif + /* Returned upon end-of-file. */ #define YY_NULL 0 @@ -112,71 +76,71 @@ typedef unsigned int flex_uint32_t; * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ -#define BEGIN (yy_start) = 1 + 2 * +#define BEGIN yy_start = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ -#define YY_START (((yy_start) - 1) / 2) +#define YY_START ((yy_start - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart(yyin ) +#define YY_NEW_FILE yyrestart( yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ -#ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 -#endif -#ifndef YY_TYPEDEF_YY_BUFFER_STATE -#define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; -#endif extern int yyleng; - extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 - #define YY_LESS_LINENO(n) - -/* Return all but the first "n" matched characters back to the input stream. */ +/* The funky do-while in the following #define is used to turn the definition + * int a single C statement (which needs a semi-colon terminator). This + * avoids problems with code like: + * + * if ( condition_holds ) + * yyless( 5 ); + * else + * do_something_else(); + * + * Prior to using the do-while the compiler would get upset at the + * "else" because it interpreted the "if" statement as being all + * done when it reached the ';' after the yyless() call. + */ + +/* Return all but the first 'n' matched characters back to the input stream. */ + #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - *yy_cp = (yy_hold_char); \ + *yy_cp = yy_hold_char; \ YY_RESTORE_YY_MORE_OFFSET \ - (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ + yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) -#define unput(c) yyunput( c, (yytext_ptr) ) +#define unput(c) yyunput( c, yytext_ptr ) /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). */ - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T typedef unsigned int yy_size_t; -#endif -#ifndef YY_STRUCT_YY_BUFFER_STATE -#define YY_STRUCT_YY_BUFFER_STATE + struct yy_buffer_state { FILE *yy_input_file; @@ -213,16 +177,12 @@ struct yy_buffer_state */ int yy_at_bol; - int yy_bs_lineno; /**< The line count. */ - int yy_bs_column; /**< The column count. */ - /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; - #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process @@ -236,33 +196,23 @@ struct yy_buffer_state * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 - }; -#endif /* !YY_STRUCT_YY_BUFFER_STATE */ -/* Stack of input buffers. */ -static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ -static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ -static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ +static YY_BUFFER_STATE yy_current_buffer = 0; /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". - * - * Returns the top of the stack, or NULL. */ -#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ - ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ - : NULL) +#define YY_CURRENT_BUFFER yy_current_buffer -/* Same as previous macro, but useful when we know that the buffer stack is not - * NULL or when we need an lvalue. For internal use only. - */ -#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; + static int yy_n_chars; /* number of characters read into yy_ch_buf */ + + int yyleng; /* Points to current character in buffer. */ @@ -275,92 +225,66 @@ static int yy_start = 0; /* start state number */ */ static int yy_did_buffer_switch_on_eof; -void yyrestart (FILE *input_file ); -void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); -YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); -void yy_delete_buffer (YY_BUFFER_STATE b ); -void yy_flush_buffer (YY_BUFFER_STATE b ); -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); -void yypop_buffer_state (void ); +void yyrestart YY_PROTO(( FILE *input_file )); -static void yyensure_buffer_stack (void ); -static void yy_load_buffer_state (void ); -static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); +void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); +void yy_load_buffer_state YY_PROTO(( void )); +YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); +void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); +void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); +void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); +#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) -#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) +YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); +YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); +YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); -YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); -YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); - -void *yyalloc (yy_size_t ); -void *yyrealloc (void *,yy_size_t ); -void yyfree (void * ); +static void *yy_flex_alloc YY_PROTO(( yy_size_t )); +static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); +static void yy_flex_free YY_PROTO(( void * )); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ - if ( ! YY_CURRENT_BUFFER ){ \ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ - if ( ! YY_CURRENT_BUFFER ){\ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_at_bol = at_bol; \ } -#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) - -/* Begin user sect3 */ +#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) typedef unsigned char YY_CHAR; - FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; - typedef int yy_state_type; - -extern int yylineno; - -int yylineno = 1; - extern char *yytext; #define yytext_ptr yytext -static yy_state_type yy_get_previous_state (void ); -static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); -static int yy_get_next_buffer (void ); -static void yy_fatal_error (yyconst char msg[] ); +static yy_state_type yy_get_previous_state YY_PROTO(( void )); +static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); +static int yy_get_next_buffer YY_PROTO(( void )); +static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ - (yytext_ptr) = yy_bp; \ - yyleng = (size_t) (yy_cp - yy_bp); \ - (yy_hold_char) = *yy_cp; \ + yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yy_hold_char = *yy_cp; \ *yy_cp = '\0'; \ - (yy_c_buf_p) = yy_cp; + yy_c_buf_p = yy_cp; #define YY_NUM_RULES 16 #define YY_END_OF_BUFFER 17 -/* This struct is not used in this scanner, - but its presence is necessary. */ -struct yy_trans_info - { - flex_int32_t yy_verify; - flex_int32_t yy_nxt; - }; -static yyconst flex_int16_t yy_accept[46] = +static yyconst short int yy_accept[46] = { 0, 0, 0, 17, 15, 11, 12, 13, 10, 9, 14, 14, 14, 14, 10, 9, 14, 3, 14, 14, 1, @@ -369,7 +293,7 @@ static yyconst flex_int16_t yy_accept[46] = 14, 4, 14, 2, 0 } ; -static yyconst flex_int32_t yy_ec[256] = +static yyconst int yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -401,14 +325,14 @@ static yyconst flex_int32_t yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst flex_int32_t yy_meta[23] = +static yyconst int yy_meta[23] = { 0, 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3 } ; -static yyconst flex_int16_t yy_base[48] = +static yyconst short int yy_base[48] = { 0, 0, 0, 56, 57, 57, 57, 57, 0, 49, 0, 12, 13, 34, 0, 47, 0, 0, 40, 31, 0, @@ -417,7 +341,7 @@ static yyconst flex_int16_t yy_base[48] = 12, 0, 14, 0, 57, 34, 23 } ; -static yyconst flex_int16_t yy_def[48] = +static yyconst short int yy_def[48] = { 0, 45, 1, 45, 45, 45, 45, 45, 46, 47, 47, 47, 47, 47, 46, 47, 47, 47, 47, 47, 47, @@ -426,7 +350,7 @@ static yyconst flex_int16_t yy_def[48] = 47, 47, 47, 47, 0, 45, 45 } ; -static yyconst flex_int16_t yy_nxt[80] = +static yyconst short int yy_nxt[80] = { 0, 4, 5, 6, 7, 8, 9, 10, 10, 10, 10, 10, 10, 11, 10, 12, 10, 10, 10, 13, 10, @@ -438,7 +362,7 @@ static yyconst flex_int16_t yy_nxt[80] = 45, 45, 45, 45, 45, 45, 45, 45, 45 } ; -static yyconst flex_int16_t yy_chk[80] = +static yyconst short int yy_chk[80] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -453,9 +377,6 @@ static yyconst flex_int16_t yy_chk[80] = static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; -extern int yy_flex_debug; -int yy_flex_debug = 0; - /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ @@ -465,6 +386,7 @@ int yy_flex_debug = 0; #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "lex.l" +#define INITIAL 0 #line 2 "lex.l" /* * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan @@ -520,21 +442,7 @@ static int getstring(void); #undef ECHO -#line 524 "lex.yy.c" - -#define INITIAL 0 - -#ifndef YY_NO_UNISTD_H -/* Special case for "unistd.h", since it is non-ANSI. We include it way - * down here because we want the user's section 1 to have been scanned first. - * The user has a chance to override it with an option. - */ -#include -#endif - -#ifndef YY_EXTRA_TYPE -#define YY_EXTRA_TYPE void * -#endif +#line 446 "lex.yy.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -542,30 +450,65 @@ static int getstring(void); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int yywrap (void ); +extern "C" int yywrap YY_PROTO(( void )); #else -extern int yywrap (void ); +extern int yywrap YY_PROTO(( void )); +#endif #endif + +#ifndef YY_NO_UNPUT +static void yyunput YY_PROTO(( int c, char *buf_ptr )); #endif - static void yyunput (int c,char *buf_ptr ); - #ifndef yytext_ptr -static void yy_flex_strncpy (char *,yyconst char *,int ); +static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * ); +static int yy_flex_strlen YY_PROTO(( yyconst char * )); #endif #ifndef YY_NO_INPUT - #ifdef __cplusplus -static int yyinput (void ); +static int yyinput YY_PROTO(( void )); #else -static int input (void ); +static int input YY_PROTO(( void )); +#endif +#endif + +#if YY_STACK_USED +static int yy_start_stack_ptr = 0; +static int yy_start_stack_depth = 0; +static int *yy_start_stack = 0; +#ifndef YY_NO_PUSH_STATE +static void yy_push_state YY_PROTO(( int new_state )); +#endif +#ifndef YY_NO_POP_STATE +static void yy_pop_state YY_PROTO(( void )); +#endif +#ifndef YY_NO_TOP_STATE +static int yy_top_state YY_PROTO(( void )); #endif +#else +#define YY_NO_PUSH_STATE 1 +#define YY_NO_POP_STATE 1 +#define YY_NO_TOP_STATE 1 +#endif + +#ifdef YY_MALLOC_DECL +YY_MALLOC_DECL +#else +#if __STDC__ +#ifndef __cplusplus +#include +#endif +#else +/* Just try to get by without declaring the routines. This will fail + * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) + * or sizeof(void*) != sizeof(int). + */ +#endif #endif /* Amount of stuff to slurp up with each read. */ @@ -574,6 +517,7 @@ static int input (void ); #endif /* Copy whatever the last rule matched to the standard output. */ + #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). @@ -586,10 +530,9 @@ static int input (void ); */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + if ( yy_current_buffer->yy_is_interactive ) \ { \ - int c = '*'; \ - size_t n; \ + int c = '*', n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -599,22 +542,9 @@ static int input (void ); YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ - else \ - { \ - errno=0; \ - while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ - { \ - if( errno != EINTR) \ - { \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - break; \ - } \ - errno=0; \ - clearerr(yyin); \ - } \ - }\ -\ - + else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ + && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - @@ -635,18 +565,12 @@ static int input (void ); #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif -/* end tables serialization structures and prototypes */ - /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL -#define YY_DECL_IS_OURS 1 - -extern int yylex (void); - -#define YY_DECL int yylex (void) -#endif /* !YY_DECL */ +#define YY_DECL int yylex YY_PROTO(( void )) +#endif /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. @@ -663,28 +587,26 @@ extern int yylex (void); #define YY_RULE_SETUP \ YY_USER_ACTION -/** The main scanner function which does all the work. - */ YY_DECL -{ + { register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; + register char *yy_cp = NULL, *yy_bp = NULL; register int yy_act; - + #line 59 "lex.l" -#line 677 "lex.yy.c" +#line 599 "lex.yy.c" - if ( (yy_init) ) + if ( yy_init ) { - (yy_init) = 0; + yy_init = 0; #ifdef YY_USER_INIT YY_USER_INIT; #endif - if ( ! (yy_start) ) - (yy_start) = 1; /* first start state */ + if ( ! yy_start ) + yy_start = 1; /* first start state */ if ( ! yyin ) yyin = stdin; @@ -692,36 +614,34 @@ YY_DECL if ( ! yyout ) yyout = stdout; - if ( ! YY_CURRENT_BUFFER ) { - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); - } + if ( ! yy_current_buffer ) + yy_current_buffer = + yy_create_buffer( yyin, YY_BUF_SIZE ); - yy_load_buffer_state( ); + yy_load_buffer_state(); } while ( 1 ) /* loops until end-of-file is reached */ { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; /* Support of yytext. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; - yy_current_state = (yy_start); + yy_current_state = yy_start; yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -738,22 +658,24 @@ yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; + do_action: /* This label is used only to access EOF actions. */ + switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = (yy_hold_char); - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + *yy_cp = yy_hold_char; + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; goto yy_find_action; case 1: @@ -812,7 +734,6 @@ YY_RULE_SETUP ; YY_BREAK case 12: -/* rule 12 can match eol */ YY_RULE_SETUP #line 71 "lex.l" { lineno++; } @@ -837,33 +758,33 @@ YY_RULE_SETUP #line 75 "lex.l" ECHO; YY_BREAK -#line 841 "lex.yy.c" +#line 762 "lex.yy.c" case YY_STATE_EOF(INITIAL): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; + int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; YY_RESTORE_YY_MORE_OFFSET - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure - * consistency between YY_CURRENT_BUFFER and our + * consistency between yy_current_buffer and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; + yy_n_chars = yy_current_buffer->yy_n_chars; + yy_current_buffer->yy_input_file = yyin; + yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position @@ -873,13 +794,13 @@ case YY_STATE_EOF(INITIAL): * end-of-buffer state). Contrast this with the test * in input(). */ - if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) { /* This was really a NUL. */ yy_state_type yy_next_state; - (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); /* Okay, we're now positioned to make the NUL * transition. We couldn't have @@ -892,30 +813,30 @@ case YY_STATE_EOF(INITIAL): yy_next_state = yy_try_NUL_trans( yy_current_state ); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_bp = yytext_ptr + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ - yy_cp = ++(yy_c_buf_p); + yy_cp = ++yy_c_buf_p; yy_current_state = yy_next_state; goto yy_match; } else { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; goto yy_find_action; } } - else switch ( yy_get_next_buffer( ) ) + else switch ( yy_get_next_buffer() ) { case EOB_ACT_END_OF_FILE: { - (yy_did_buffer_switch_on_eof) = 0; + yy_did_buffer_switch_on_eof = 0; - if ( yywrap( ) ) + if ( yywrap() ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -926,7 +847,7 @@ case YY_STATE_EOF(INITIAL): * YY_NULL, it'll still work - another * YY_NULL will get returned. */ - (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; + yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; @@ -934,30 +855,30 @@ case YY_STATE_EOF(INITIAL): else { - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = - (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = + yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: - (yy_c_buf_p) = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; + yy_c_buf_p = + &yy_current_buffer->yy_ch_buf[yy_n_chars]; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_find_action; } break; @@ -968,7 +889,8 @@ case YY_STATE_EOF(INITIAL): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ -} /* end of yylex */ + } /* end of yylex */ + /* yy_get_next_buffer - try to read in a new buffer * @@ -977,20 +899,21 @@ case YY_STATE_EOF(INITIAL): * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ -static int yy_get_next_buffer (void) -{ - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = (yytext_ptr); + +static int yy_get_next_buffer() + { + register char *dest = yy_current_buffer->yy_ch_buf; + register char *source = yytext_ptr; register int number_to_move, i; int ret_val; - if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) + if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); - if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) + if ( yy_current_buffer->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ - if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) + if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. @@ -1010,30 +933,34 @@ static int yy_get_next_buffer (void) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; + yy_current_buffer->yy_n_chars = yy_n_chars = 0; else { - size_t num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + int num_to_read = + yy_current_buffer->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ +#ifdef YY_USES_REJECT + YY_FATAL_ERROR( +"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); +#else /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + YY_BUFFER_STATE b = yy_current_buffer; int yy_c_buf_p_offset = - (int) ((yy_c_buf_p) - b->yy_ch_buf); + (int) (yy_c_buf_p - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { @@ -1046,7 +973,8 @@ static int yy_get_next_buffer (void) b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); + yy_flex_realloc( (void *) b->yy_ch_buf, + b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ @@ -1056,35 +984,35 @@ static int yy_get_next_buffer (void) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); - (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; + yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; - num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - + num_to_read = yy_current_buffer->yy_buf_size - number_to_move - 1; - +#endif } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ - YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), num_to_read ); + YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), + yy_n_chars, num_to_read ); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + yy_current_buffer->yy_n_chars = yy_n_chars; } - if ( (yy_n_chars) == 0 ) + if ( yy_n_chars == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - yyrestart(yyin ); + yyrestart( yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = + yy_current_buffer->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } @@ -1092,31 +1020,32 @@ static int yy_get_next_buffer (void) else ret_val = EOB_ACT_CONTINUE_SCAN; - (yy_n_chars) += number_to_move; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; + yy_n_chars += number_to_move; + yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; + yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; - (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; + yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; return ret_val; -} + } + /* yy_get_previous_state - get the state just before the EOB char was reached */ - static yy_state_type yy_get_previous_state (void) -{ +static yy_state_type yy_get_previous_state() + { register yy_state_type yy_current_state; register char *yy_cp; - - yy_current_state = (yy_start); - for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) + yy_current_state = yy_start; + + for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1128,23 +1057,30 @@ static int yy_get_next_buffer (void) } return yy_current_state; -} + } + /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ - static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) -{ + +#ifdef YY_USE_PROTOS +static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) +#else +static yy_state_type yy_try_NUL_trans( yy_current_state ) +yy_state_type yy_current_state; +#endif + { register int yy_is_jam; - register char *yy_cp = (yy_c_buf_p); + register char *yy_cp = yy_c_buf_p; register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1156,73 +1092,81 @@ static int yy_get_next_buffer (void) yy_is_jam = (yy_current_state == 45); return yy_is_jam ? 0 : yy_current_state; -} + } - static void yyunput (int c, register char * yy_bp ) -{ - register char *yy_cp; - - yy_cp = (yy_c_buf_p); + +#ifndef YY_NO_UNPUT +#ifdef YY_USE_PROTOS +static void yyunput( int c, register char *yy_bp ) +#else +static void yyunput( c, yy_bp ) +int c; +register char *yy_bp; +#endif + { + register char *yy_cp = yy_c_buf_p; /* undo effects of setting up yytext */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; + register int number_to_move = yy_n_chars + 2; + register char *dest = &yy_current_buffer->yy_ch_buf[ + yy_current_buffer->yy_buf_size + 2]; register char *source = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; + &yy_current_buffer->yy_ch_buf[number_to_move]; - while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + while ( source > yy_current_buffer->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + yy_current_buffer->yy_n_chars = + yy_n_chars = yy_current_buffer->yy_buf_size; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; - (yytext_ptr) = yy_bp; - (yy_hold_char) = *yy_cp; - (yy_c_buf_p) = yy_cp; -} + + yytext_ptr = yy_bp; + yy_hold_char = *yy_cp; + yy_c_buf_p = yy_cp; + } +#endif /* ifndef YY_NO_UNPUT */ + #ifndef YY_NO_INPUT #ifdef __cplusplus - static int yyinput (void) +static int yyinput() #else - static int input (void) +static int input() #endif - -{ + { int c; - - *(yy_c_buf_p) = (yy_hold_char); - if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) + *yy_c_buf_p = yy_hold_char; + + if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ - if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) /* This was really a NUL. */ - *(yy_c_buf_p) = '\0'; + *yy_c_buf_p = '\0'; else { /* need more input */ - int offset = (yy_c_buf_p) - (yytext_ptr); - ++(yy_c_buf_p); + int offset = yy_c_buf_p - yytext_ptr; + ++yy_c_buf_p; - switch ( yy_get_next_buffer( ) ) + switch ( yy_get_next_buffer() ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() @@ -1236,16 +1180,16 @@ static int yy_get_next_buffer (void) */ /* Reset buffer status. */ - yyrestart(yyin ); + yyrestart( yyin ); - /*FALLTHROUGH*/ + /* fall through */ case EOB_ACT_END_OF_FILE: { - if ( yywrap( ) ) + if ( yywrap() ) return EOF; - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); @@ -1255,92 +1199,90 @@ static int yy_get_next_buffer (void) } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = (yytext_ptr) + offset; + yy_c_buf_p = yytext_ptr + offset; break; } } } - c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ - *(yy_c_buf_p) = '\0'; /* preserve yytext */ - (yy_hold_char) = *++(yy_c_buf_p); + c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ + *yy_c_buf_p = '\0'; /* preserve yytext */ + yy_hold_char = *++yy_c_buf_p; + return c; -} -#endif /* ifndef YY_NO_INPUT */ + } +#endif /* YY_NO_INPUT */ -/** Immediately switch to a different input stream. - * @param input_file A readable stream. - * - * @note This function does not reset the start condition to @c INITIAL . - */ - void yyrestart (FILE * input_file ) -{ - - if ( ! YY_CURRENT_BUFFER ){ - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); +#ifdef YY_USE_PROTOS +void yyrestart( FILE *input_file ) +#else +void yyrestart( input_file ) +FILE *input_file; +#endif + { + if ( ! yy_current_buffer ) + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); + + yy_init_buffer( yy_current_buffer, input_file ); + yy_load_buffer_state(); } - yy_init_buffer(YY_CURRENT_BUFFER,input_file ); - yy_load_buffer_state( ); -} -/** Switch to a different input buffer. - * @param new_buffer The new input buffer. - * - */ - void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) -{ - - /* TODO. We should be able to replace this entire function body - * with - * yypop_buffer_state(); - * yypush_buffer_state(new_buffer); - */ - yyensure_buffer_stack (); - if ( YY_CURRENT_BUFFER == new_buffer ) +#ifdef YY_USE_PROTOS +void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) +#else +void yy_switch_to_buffer( new_buffer ) +YY_BUFFER_STATE new_buffer; +#endif + { + if ( yy_current_buffer == new_buffer ) return; - if ( YY_CURRENT_BUFFER ) + if ( yy_current_buffer ) { /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + *yy_c_buf_p = yy_hold_char; + yy_current_buffer->yy_buf_pos = yy_c_buf_p; + yy_current_buffer->yy_n_chars = yy_n_chars; } - YY_CURRENT_BUFFER_LVALUE = new_buffer; - yy_load_buffer_state( ); + yy_current_buffer = new_buffer; + yy_load_buffer_state(); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ - (yy_did_buffer_switch_on_eof) = 1; -} + yy_did_buffer_switch_on_eof = 1; + } -static void yy_load_buffer_state (void) -{ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; - yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; - (yy_hold_char) = *(yy_c_buf_p); -} -/** Allocate and initialize an input buffer state. - * @param file A readable stream. - * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. - * - * @return the allocated buffer state. - */ - YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) -{ +#ifdef YY_USE_PROTOS +void yy_load_buffer_state( void ) +#else +void yy_load_buffer_state() +#endif + { + yy_n_chars = yy_current_buffer->yy_n_chars; + yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; + yyin = yy_current_buffer->yy_input_file; + yy_hold_char = *yy_c_buf_p; + } + + +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) +#else +YY_BUFFER_STATE yy_create_buffer( file, size ) +FILE *file; +int size; +#endif + { YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); @@ -1349,75 +1291,75 @@ static void yy_load_buffer_state (void) /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); + b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - yy_init_buffer(b,file ); + yy_init_buffer( b, file ); return b; -} + } -/** Destroy the buffer. - * @param b a buffer created with yy_create_buffer() - * - */ - void yy_delete_buffer (YY_BUFFER_STATE b ) -{ - + +#ifdef YY_USE_PROTOS +void yy_delete_buffer( YY_BUFFER_STATE b ) +#else +void yy_delete_buffer( b ) +YY_BUFFER_STATE b; +#endif + { if ( ! b ) return; - if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ - YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; + if ( b == yy_current_buffer ) + yy_current_buffer = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - yyfree((void *) b->yy_ch_buf ); + yy_flex_free( (void *) b->yy_ch_buf ); - yyfree((void *) b ); -} + yy_flex_free( (void *) b ); + } -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* Initializes or reinitializes a buffer. - * This function is sometimes called more than once on the same buffer, - * such as during a yyrestart() or at EOF. - */ - static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) -{ - int oerrno = errno; - - yy_flush_buffer(b ); + +#ifdef YY_USE_PROTOS +void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) +#else +void yy_init_buffer( b, file ) +YY_BUFFER_STATE b; +FILE *file; +#endif + + + { + yy_flush_buffer( b ); b->yy_input_file = file; b->yy_fill_buffer = 1; - /* If b is the current buffer, then yy_init_buffer was _probably_ - * called from yyrestart() or through yy_get_next_buffer. - * In that case, we don't want to reset the lineno or column. - */ - if (b != YY_CURRENT_BUFFER){ - b->yy_bs_lineno = 1; - b->yy_bs_column = 0; - } +#if YY_ALWAYS_INTERACTIVE + b->yy_is_interactive = 1; +#else +#if YY_NEVER_INTERACTIVE + b->yy_is_interactive = 0; +#else + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; +#endif +#endif + } - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; - - errno = oerrno; -} -/** Discard all buffered characters. On the next scan, YY_INPUT will be called. - * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. - * - */ - void yy_flush_buffer (YY_BUFFER_STATE b ) -{ - if ( ! b ) +#ifdef YY_USE_PROTOS +void yy_flush_buffer( YY_BUFFER_STATE b ) +#else +void yy_flush_buffer( b ) +YY_BUFFER_STATE b; +#endif + + { + if ( ! b ) return; b->yy_n_chars = 0; @@ -1434,121 +1376,29 @@ extern int isatty (int ); b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; - if ( b == YY_CURRENT_BUFFER ) - yy_load_buffer_state( ); -} - -/** Pushes the new state onto the stack. The new state becomes - * the current state. This function will allocate the stack - * if necessary. - * @param new_buffer The new state. - * - */ -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) -{ - if (new_buffer == NULL) - return; - - yyensure_buffer_stack(); - - /* This block is copied from yy_switch_to_buffer. */ - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - /* Only push if top exists. Otherwise, replace top. */ - if (YY_CURRENT_BUFFER) - (yy_buffer_stack_top)++; - YY_CURRENT_BUFFER_LVALUE = new_buffer; - - /* copied from yy_switch_to_buffer. */ - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; -} - -/** Removes and deletes the top of the stack, if present. - * The next element becomes the new top. - * - */ -void yypop_buffer_state (void) -{ - if (!YY_CURRENT_BUFFER) - return; - - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - if ((yy_buffer_stack_top) > 0) - --(yy_buffer_stack_top); - - if (YY_CURRENT_BUFFER) { - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; + if ( b == yy_current_buffer ) + yy_load_buffer_state(); } -} -/* Allocates the stack if it does not exist. - * Guarantees space for at least one push. - */ -static void yyensure_buffer_stack (void) -{ - int num_to_alloc; - - if (!(yy_buffer_stack)) { - - /* First allocation is just for 2 elements, since we don't know if this - * scanner will even need a stack. We use 2 instead of 1 to avoid an - * immediate realloc on the next call. - */ - num_to_alloc = 1; - (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc - (num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - - (yy_buffer_stack_max) = num_to_alloc; - (yy_buffer_stack_top) = 0; - return; - } - - if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ - - /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; - num_to_alloc = (yy_buffer_stack_max) + grow_size; - (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc - ((yy_buffer_stack), - num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - /* zero only the new slots.*/ - memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); - (yy_buffer_stack_max) = num_to_alloc; - } -} - -/** Setup the input buffer state to scan directly from a user-specified character buffer. - * @param base the character buffer - * @param size the size in bytes of the character buffer - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) -{ +#ifndef YY_NO_SCAN_BUFFER +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) +#else +YY_BUFFER_STATE yy_scan_buffer( base, size ) +char *base; +yy_size_t size; +#endif + { YY_BUFFER_STATE b; - + if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); @@ -1562,42 +1412,47 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - yy_switch_to_buffer(b ); + yy_switch_to_buffer( b ); return b; -} + } +#endif -/** Setup the input buffer state to scan a string. The next call to yylex() will - * scan from a @e copy of @a str. - * @param yy_str a NUL-terminated string to scan - * - * @return the newly allocated buffer state object. - * @note If you want to scan bytes that may contain NUL values, then use - * yy_scan_bytes() instead. - */ -YY_BUFFER_STATE yy_scan_string (yyconst char * yy_str ) -{ - - return yy_scan_bytes(yy_str,strlen(yy_str) ); -} -/** Setup the input buffer state to scan the given bytes. The next call to yylex() will - * scan from a @e copy of @a bytes. - * @param bytes the byte buffer to scan - * @param len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) -{ +#ifndef YY_NO_SCAN_STRING +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) +#else +YY_BUFFER_STATE yy_scan_string( yy_str ) +yyconst char *yy_str; +#endif + { + int len; + for ( len = 0; yy_str[len]; ++len ) + ; + + return yy_scan_bytes( yy_str, len ); + } +#endif + + +#ifndef YY_NO_SCAN_BYTES +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) +#else +YY_BUFFER_STATE yy_scan_bytes( bytes, len ) +yyconst char *bytes; +int len; +#endif + { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; - + /* Get memory for full buffer, including space for trailing EOB's. */ n = len + 2; - buf = (char *) yyalloc(n ); + buf = (char *) yy_flex_alloc( n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); @@ -1606,7 +1461,7 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; - b = yy_scan_buffer(buf,n ); + b = yy_scan_buffer( buf, n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); @@ -1616,164 +1471,148 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * bytes, int len ) b->yy_is_our_buffer = 1; return b; -} + } +#endif -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 + +#ifndef YY_NO_PUSH_STATE +#ifdef YY_USE_PROTOS +static void yy_push_state( int new_state ) +#else +static void yy_push_state( new_state ) +int new_state; #endif + { + if ( yy_start_stack_ptr >= yy_start_stack_depth ) + { + yy_size_t new_size; -static void yy_fatal_error (yyconst char* msg ) -{ - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); -} + yy_start_stack_depth += YY_START_STACK_INCR; + new_size = yy_start_stack_depth * sizeof( int ); -/* Redefine yyless() so it works in section 3 code. */ + if ( ! yy_start_stack ) + yy_start_stack = (int *) yy_flex_alloc( new_size ); -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - yytext[yyleng] = (yy_hold_char); \ - (yy_c_buf_p) = yytext + yyless_macro_arg; \ - (yy_hold_char) = *(yy_c_buf_p); \ - *(yy_c_buf_p) = '\0'; \ - yyleng = yyless_macro_arg; \ - } \ - while ( 0 ) + else + yy_start_stack = (int *) yy_flex_realloc( + (void *) yy_start_stack, new_size ); -/* Accessor methods (get/set functions) to struct members. */ + if ( ! yy_start_stack ) + YY_FATAL_ERROR( + "out of memory expanding start-condition stack" ); + } -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} + yy_start_stack[yy_start_stack_ptr++] = YY_START; -/** Get the input stream. - * - */ -FILE *yyget_in (void) -{ - return yyin; -} + BEGIN(new_state); + } +#endif -/** Get the output stream. - * - */ -FILE *yyget_out (void) -{ - return yyout; -} -/** Get the length of the current token. - * - */ -int yyget_leng (void) -{ - return yyleng; -} +#ifndef YY_NO_POP_STATE +static void yy_pop_state() + { + if ( --yy_start_stack_ptr < 0 ) + YY_FATAL_ERROR( "start-condition stack underflow" ); -/** Get the current token. - * - */ + BEGIN(yy_start_stack[yy_start_stack_ptr]); + } +#endif -char *yyget_text (void) -{ - return yytext; -} -/** Set the current line number. - * @param line_number - * - */ -void yyset_lineno (int line_number ) -{ - - yylineno = line_number; -} +#ifndef YY_NO_TOP_STATE +static int yy_top_state() + { + return yy_start_stack[yy_start_stack_ptr - 1]; + } +#endif -/** Set the input stream. This does not discard the current - * input buffer. - * @param in_str A readable stream. - * - * @see yy_switch_to_buffer - */ -void yyset_in (FILE * in_str ) -{ - yyin = in_str ; -} +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif -void yyset_out (FILE * out_str ) -{ - yyout = out_str ; -} +#ifdef YY_USE_PROTOS +static void yy_fatal_error( yyconst char msg[] ) +#else +static void yy_fatal_error( msg ) +char msg[]; +#endif + { + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); + } -int yyget_debug (void) -{ - return yy_flex_debug; -} -void yyset_debug (int bdebug ) -{ - yy_flex_debug = bdebug ; -} -/* yylex_destroy is for both reentrant and non-reentrant scanners. */ -int yylex_destroy (void) -{ - - /* Pop the buffer stack, destroying each element. */ - while(YY_CURRENT_BUFFER){ - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - yypop_buffer_state(); - } +/* Redefine yyless() so it works in section 3 code. */ - /* Destroy the stack itself. */ - yyfree((yy_buffer_stack) ); - (yy_buffer_stack) = NULL; +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + yytext[yyleng] = yy_hold_char; \ + yy_c_buf_p = yytext + n; \ + yy_hold_char = *yy_c_buf_p; \ + *yy_c_buf_p = '\0'; \ + yyleng = n; \ + } \ + while ( 0 ) - return 0; -} -/* - * Internal utility routines. - */ +/* Internal utility routines. */ #ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) -{ +#ifdef YY_USE_PROTOS +static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) +#else +static void yy_flex_strncpy( s1, s2, n ) +char *s1; +yyconst char *s2; +int n; +#endif + { register int i; - for ( i = 0; i < n; ++i ) + for ( i = 0; i < n; ++i ) s1[i] = s2[i]; -} + } #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * s ) -{ +#ifdef YY_USE_PROTOS +static int yy_flex_strlen( yyconst char *s ) +#else +static int yy_flex_strlen( s ) +yyconst char *s; +#endif + { register int n; - for ( n = 0; s[n]; ++n ) + for ( n = 0; s[n]; ++n ) ; return n; -} + } #endif -void *yyalloc (yy_size_t size ) -{ + +#ifdef YY_USE_PROTOS +static void *yy_flex_alloc( yy_size_t size ) +#else +static void *yy_flex_alloc( size ) +yy_size_t size; +#endif + { return (void *) malloc( size ); -} + } -void *yyrealloc (void * ptr, yy_size_t size ) -{ +#ifdef YY_USE_PROTOS +static void *yy_flex_realloc( void *ptr, yy_size_t size ) +#else +static void *yy_flex_realloc( ptr, size ) +void *ptr; +yy_size_t size; +#endif + { /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -1782,31 +1621,28 @@ void *yyrealloc (void * ptr, yy_size_t size ) * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); -} - -void yyfree (void * ptr ) -{ - free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ -} - -#define YYTABLES_NAME "yytables" + } -#undef YY_NEW_FILE -#undef YY_FLUSH_BUFFER -#undef yy_set_bol -#undef yy_new_buffer -#undef yy_set_interactive -#undef yytext_ptr -#undef YY_DO_BEFORE_ACTION +#ifdef YY_USE_PROTOS +static void yy_flex_free( void *ptr ) +#else +static void yy_flex_free( ptr ) +void *ptr; +#endif + { + free( ptr ); + } -#ifdef YY_DECL_IS_OURS -#undef YY_DECL_IS_OURS -#undef YY_DECL +#if YY_MAIN +int main() + { + yylex(); + return 0; + } #endif #line 75 "lex.l" - #ifndef yywrap /* XXX */ int yywrap () @@ -1859,4 +1695,3 @@ error_message (const char *format, ...) va_end (args); numerror++; } - diff --git a/source4/heimdal/lib/des/des.c b/source4/heimdal/lib/des/des.c index b6bb55a9ba..32d479e372 100644 --- a/source4/heimdal/lib/des/des.c +++ b/source4/heimdal/lib/des/des.c @@ -45,13 +45,14 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: des.c,v 1.16 2006/01/08 21:47:28 lha Exp $"); +RCSID("$Id: des.c,v 1.17 2006/04/14 14:19:36 lha Exp $"); #endif #include #include #include #include +#include #include "des.h" #include "ui.h" @@ -514,6 +515,7 @@ DES_cfb64_encrypt(const void *in, void *out, if (forward_encrypt) { int i = *num; + assert(i >= 0); while (length > 0) { if (i == 0) @@ -535,6 +537,7 @@ DES_cfb64_encrypt(const void *in, void *out, } else { int i = *num; unsigned char c; + assert(i >= 0); while (length > 0) { if (i == 0) { diff --git a/source4/heimdal/lib/des/dh.h b/source4/heimdal/lib/des/dh.h index cbea876521..419c7d8902 100644 --- a/source4/heimdal/lib/des/dh.h +++ b/source4/heimdal/lib/des/dh.h @@ -32,7 +32,7 @@ */ /* - * $Id: dh.h,v 1.4 2006/01/18 13:48:30 lha Exp $ + * $Id: dh.h,v 1.5 2006/04/20 18:16:17 lha Exp $ */ #ifndef _HEIM_DH_H @@ -52,7 +52,7 @@ #define DH_set_ex_data hc_DH_set_ex_data #define DH_get_ex_data hc_DH_get_ex_data #define DH_generate_parameters_ex hc_DH_generate_parameters_ex -#define DH_check hc_DH_check +#define DH_check_pubkey hc_DH_check_pubkey #define DH_generate_key hc_DH_generate_key #define DH_compute_key hc_DH_compute_key diff --git a/source4/heimdal/lib/des/engine.h b/source4/heimdal/lib/des/engine.h index 70c0a7688c..757d0f75fb 100644 --- a/source4/heimdal/lib/des/engine.h +++ b/source4/heimdal/lib/des/engine.h @@ -32,7 +32,7 @@ */ /* - * $Id: engine.h,v 1.4 2006/01/13 15:26:52 lha Exp $ + * $Id: engine.h,v 1.5 2006/04/17 13:16:17 lha Exp $ */ #ifndef _HEIM_ENGINE_H @@ -45,6 +45,7 @@ #define ENGINE_finish hc_ENGINE_finish #define ENGINE_get_DH hc_ENGINE_get_DH #define ENGINE_get_RSA hc_ENGINE_get_RSA +#define ENGINE_get_RAND hc_ENGINE_get_RAND #define ENGINE_get_id hc_ENGINE_get_id #define ENGINE_get_name hc_ENGINE_get_name #define ENGINE_load_builtin_engines hc_ENGINE_load_builtin_engines @@ -64,6 +65,7 @@ typedef struct hc_engine ENGINE; #include #include #include +#include #define OPENSSL_DYNAMIC_VERSION (unsigned long)0x00020000 @@ -86,6 +88,7 @@ const char * ENGINE_get_id(const ENGINE *); const char * ENGINE_get_name(const ENGINE *); const RSA_METHOD * ENGINE_get_RSA(const ENGINE *); const DH_METHOD * ENGINE_get_DH(const ENGINE *); +const RAND_METHOD * ENGINE_get_RAND(const ENGINE *); int ENGINE_set_default_RSA(ENGINE *); ENGINE * ENGINE_get_default_RSA(void); diff --git a/source4/heimdal/lib/des/evp.c b/source4/heimdal/lib/des/evp.c index 3f89a49bcc..475bb7314e 100644 --- a/source4/heimdal/lib/des/evp.c +++ b/source4/heimdal/lib/des/evp.c @@ -151,6 +151,22 @@ EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize, * */ +static const struct hc_evp_md sha256 = { + 32, + 64, + sizeof(SHA256_CTX), + (void *)SHA256_Init, + (void *)SHA256_Update, + (void *)SHA256_Final, + NULL +}; + +const EVP_MD * +EVP_sha256(void) +{ + return &sha256; +} + static const struct hc_evp_md sha1 = { 20, 64, @@ -543,6 +559,27 @@ EVP_rc2_40_cbc(void) return &rc2_40_cbc; } +const EVP_CIPHER * +EVP_rc2_64_cbc(void) +{ + static const EVP_CIPHER rc2_64_cbc = { + 0, + RC2_BLOCK_SIZE, + 8, + RC2_BLOCK_SIZE, + EVP_CIPH_CBC_MODE, + rc2_init, + rc2_do_cipher, + rc2_cleanup, + sizeof(struct rc2_cbc), + NULL, + NULL, + NULL, + NULL + }; + return &rc2_64_cbc; +} + /* * */ @@ -726,3 +763,116 @@ EVP_aes_256_cbc(void) }; return &aes_256_cbc; } + +/* + * + */ + +static const struct cipher_name { + const char *name; + const EVP_CIPHER *(*func)(void); +} cipher_name[] = { + { "des-ede3-cbc", EVP_des_ede3_cbc }, + { "aes-128-cbc", EVP_aes_128_cbc }, + { "aes-192-cbc", EVP_aes_192_cbc }, + { "aes-256-cbc", EVP_aes_256_cbc } +}; + + +const EVP_CIPHER * +EVP_get_cipherbyname(const char *name) +{ + int i; + for (i = 0; i < sizeof(cipher_name)/sizeof(cipher_name[0]); i++) { + if (strcasecmp(cipher_name[i].name, name) == 0) + return (*cipher_name[i].func)(); + } + return NULL; +} + + +/* + * + */ + +#ifndef min +#define min(a,b) (((a)>(b))?(b):(a)) +#endif + +int +EVP_BytesToKey(const EVP_CIPHER *type, + const EVP_MD *md, + const void *salt, + const void *data, size_t datalen, + unsigned int count, + void *keydata, + void *ivdata) +{ + int ivlen, keylen, first = 0; + unsigned int mds = 0, i; + unsigned char *key = keydata; + unsigned char *iv = ivdata; + unsigned char *buf; + EVP_MD_CTX c; + + keylen = EVP_CIPHER_key_length(type); + ivlen = EVP_CIPHER_iv_length(type); + + if (data == NULL) + return keylen; + + buf = malloc(EVP_MD_size(md)); + if (buf == NULL) + return -1; + + EVP_MD_CTX_init(&c); + + first = 1; + while (1) { + EVP_DigestInit_ex(&c, md, NULL); + if (!first) + EVP_DigestUpdate(&c, buf, mds); + first = 0; + EVP_DigestUpdate(&c,data,datalen); + +#define PKCS5_SALT_LEN 8 + + if (salt) + EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN); + + EVP_DigestFinal_ex(&c, buf, &mds); + + for (i = 1; i < count; i++) { + EVP_DigestInit_ex(&c, md, NULL); + EVP_DigestUpdate(&c, buf, mds); + EVP_DigestFinal_ex(&c, buf, &mds); + } + + i = 0; + if (keylen) { + size_t sz = min(keylen, mds); + if (key) { + memcpy(key, buf, sz); + key += sz; + } + keylen -= sz; + i += sz; + } + if (ivlen && mds > i) { + size_t sz = min(ivlen, (mds - i)); + if (iv) { + memcpy(iv, &buf[i], sz); + iv += sz; + } + ivlen -= sz; + } + if (keylen == 0 && ivlen == 0) + break; + } + + EVP_MD_CTX_cleanup(&c); + free(buf); + + return EVP_CIPHER_key_length(type); +} + diff --git a/source4/heimdal/lib/des/evp.h b/source4/heimdal/lib/des/evp.h index a04f17aabf..17d6d5fd41 100644 --- a/source4/heimdal/lib/des/evp.h +++ b/source4/heimdal/lib/des/evp.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: evp.h,v 1.3 2006/02/28 14:17:25 lha Exp $ */ +/* $Id: evp.h,v 1.8 2006/04/21 15:00:54 lha Exp $ */ #ifndef HEIM_EVP_H #define HEIM_EVP_H 1 @@ -79,12 +79,16 @@ #define EVP_md5 hc_EVP_md5 #define EVP_md_null hc_EVP_md_null #define EVP_rc2_40_cbc hc_EVP_rc2_40_cbc +#define EVP_rc2_64_cbc hc_EVP_rc2_64_cbc #define EVP_rc2_cbc hc_EVP_rc2_cbc #define EVP_rc4 hc_EVP_rc4 #define EVP_rc4_40 hc_EVP_rc4_40 #define EVP_sha hc_EVP_sha #define EVP_sha1 hc_EVP_sha1 +#define EVP_sha256 hc_EVP_sha256 #define PKCS5_PBKDF2_HMAC_SHA1 hc_PKCS5_PBKDF2_HMAC_SHA1 +#define EVP_BytesToKey hc_EVP_BytesToKey +#define EVP_get_cipherbyname hc_EVP_get_cipherbyname /* * @@ -161,6 +165,7 @@ const EVP_MD *EVP_md4(void); const EVP_MD *EVP_md5(void); const EVP_MD *EVP_sha(void); const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_sha256(void); const EVP_CIPHER * EVP_aes_128_cbc(void); const EVP_CIPHER * EVP_aes_192_cbc(void); @@ -168,6 +173,7 @@ const EVP_CIPHER * EVP_aes_256_cbc(void); const EVP_CIPHER * EVP_des_ede3_cbc(void); const EVP_CIPHER * EVP_enc_null(void); const EVP_CIPHER * EVP_rc2_40_cbc(void); +const EVP_CIPHER * EVP_rc2_64_cbc(void); const EVP_CIPHER * EVP_rc2_cbc(void); const EVP_CIPHER * EVP_rc4(void); const EVP_CIPHER * EVP_rc4_40(void); @@ -199,6 +205,9 @@ int EVP_Digest(const void *, size_t, void *, unsigned int *, * */ +const EVP_CIPHER * + EVP_get_cipherbyname(const char *); + size_t EVP_CIPHER_block_size(const EVP_CIPHER *); size_t EVP_CIPHER_key_length(const EVP_CIPHER *); size_t EVP_CIPHER_iv_length(const EVP_CIPHER *); @@ -227,5 +236,9 @@ int EVP_Cipher(EVP_CIPHER_CTX *,void *,const void *,size_t); int PKCS5_PBKDF2_HMAC_SHA1(const void *, size_t, const void *, size_t, unsigned long, size_t, void *); +int EVP_BytesToKey(const EVP_CIPHER *, const EVP_MD *, + const void *, const void *, size_t, + unsigned int, void *, void *); + #endif /* HEIM_EVP_H */ diff --git a/source4/heimdal/lib/des/rand.h b/source4/heimdal/lib/des/rand.h index 514fe0ced4..a57da53928 100644 --- a/source4/heimdal/lib/des/rand.h +++ b/source4/heimdal/lib/des/rand.h @@ -1,3 +1,4 @@ + /* * Copyright (c) 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). @@ -32,23 +33,64 @@ */ /* - * $Id: rand.h,v 1.2 2006/01/13 15:26:52 lha Exp $ + * $Id: rand.h,v 1.4 2006/04/17 13:23:04 lha Exp $ */ #ifndef _HEIM_RAND_H #define _HEIM_RAND_H 1 +typedef struct RAND_METHOD RAND_METHOD; + #include +#include /* symbol renaming */ #define RAND_bytes hc_RAND_bytes #define RAND_pseudo_bytes hc_RAND_pseudo_bytes +#define RAND_seed hc_RAND_seed +#define RAND_cleanup hc_RAND_cleanup +#define RAND_add hc_RAND_add +#define RAND_set_rand_method hc_RAND_set_rand_method +#define RAND_get_rand_method hc_RAND_get_rand_method +#define RAND_set_rand_engine hc_RAND_set_rand_engine +#define RAND_load_file hc_RAND_load_file +#define RAND_write_file hc_RAND_write_file +#define RAND_status hc_RAND_status +#define RAND_egd hc_RAND_egd + +/* + * + */ + +struct RAND_METHOD +{ + void (*seed)(const void *, int); + int (*bytes)(unsigned char *, int); + void (*cleanup)(void); + void (*add)(const void *, int, double); + int (*pseudorand)(unsigned char *, int); + int (*status)(void); +}; /* * */ -int RAND_bytes(void *, size_t num); -int RAND_pseudo_bytes(void *, size_t); +int RAND_bytes(void *, size_t num); +int RAND_pseudo_bytes(void *, size_t); +void RAND_seed(const void *, size_t); +void RAND_cleanup(void); +void RAND_add(const void *, size_t, double); + +int RAND_set_rand_method(const RAND_METHOD *); +const RAND_METHOD * + RAND_get_rand_method(void); +int RAND_set_rand_engine(ENGINE *); + +int RAND_load_file(const char *, size_t); +int RAND_write_file(const char *); +int RAND_status(void); +int RAND_egd(const char *); + #endif /* _HEIM_RAND_H */ diff --git a/source4/heimdal/lib/des/rc2.c b/source4/heimdal/lib/des/rc2.c index 4b4b53d52c..ed43c70605 100755 --- a/source4/heimdal/lib/des/rc2.c +++ b/source4/heimdal/lib/des/rc2.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: rc2.c,v 1.6 2005/06/18 22:47:33 lha Exp $"); +RCSID("$Id: rc2.c,v 1.7 2006/04/09 17:03:21 lha Exp $"); #endif #include "rc2.h" @@ -87,6 +87,8 @@ RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) unsigned char k[128]; int j, T8, TM; + if (len <= 0) + abort(); if (len > 128) len = 128; if (bits <= 0 || bits > 1024) diff --git a/source4/heimdal/lib/des/rsa.h b/source4/heimdal/lib/des/rsa.h index da9d2ea4b1..ea1dba27d8 100644 --- a/source4/heimdal/lib/des/rsa.h +++ b/source4/heimdal/lib/des/rsa.h @@ -32,7 +32,7 @@ */ /* - * $Id: rsa.h,v 1.2 2006/01/13 15:26:52 lha Exp $ + * $Id: rsa.h,v 1.4 2006/04/16 19:38:23 lha Exp $ */ #ifndef _HEIM_RSA_H @@ -59,6 +59,7 @@ #define RSA_sign hc_RSA_sign #define RSA_verify hc_RSA_verify #define d2i_RSAPrivateKey hc_d2i_RSAPrivateKey +#define i2d_RSAPublicKey hc_i2d_RSAPublicKey /* * @@ -160,5 +161,6 @@ int RSA_verify(int, const unsigned char *, unsigned int, unsigned char *, unsigned int, RSA *); RSA * d2i_RSAPrivateKey(RSA *, const unsigned char **, size_t); +int i2d_RSAPublicKey(RSA *, unsigned char **); #endif /* _HEIM_RSA_H */ diff --git a/source4/heimdal/lib/des/sha.h b/source4/heimdal/lib/des/sha.h index 4657fad51f..6021823f5c 100644 --- a/source4/heimdal/lib/des/sha.h +++ b/source4/heimdal/lib/des/sha.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: sha.h,v 1.9 2006/01/08 21:47:29 lha Exp $ */ +/* $Id: sha.h,v 1.10 2006/04/15 07:54:11 lha Exp $ */ #ifndef HEIM_SHA_H #define HEIM_SHA_H 1 @@ -40,9 +40,12 @@ #define SHA1_Init hc_SHA1_Init #define SHA1_Update hc_SHA1_Update #define SHA1_Final hc_SHA1_Final +#define SHA256_Init hc_SHA256_Init +#define SHA256_Update hc_SHA256_Update +#define SHA256_Final hc_SHA256_Final /* - * + * SHA-1 */ #define SHA_DIGEST_LENGTH 20 @@ -59,4 +62,22 @@ void SHA1_Init (struct sha *m); void SHA1_Update (struct sha *m, const void *v, size_t len); void SHA1_Final (void *res, struct sha *m); +/* + * SHA-2 256 + */ + +#define SHA256_DIGEST_LENGTH 32 + +struct hc_sha256state { + unsigned int sz[2]; + u_int32_t counter[8]; + unsigned char save[64]; +}; + +typedef struct hc_sha256state SHA256_CTX; + +void SHA256_Init (SHA256_CTX *); +void SHA256_Update (SHA256_CTX *, const void *, size_t); +void SHA256_Final (void *, SHA256_CTX *); + #endif /* HEIM_SHA_H */ diff --git a/source4/heimdal/lib/des/sha256.c b/source4/heimdal/lib/des/sha256.c new file mode 100644 index 0000000000..8c12ce504c --- /dev/null +++ b/source4/heimdal/lib/des/sha256.c @@ -0,0 +1,233 @@ +/* + * Copyright (c) 1995 - 2001, 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: sha256.c,v 1.1 2006/04/15 07:53:07 lha Exp $"); +#endif + +#include "hash.h" +#include "sha.h" + +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +#define ROTR(x,n) (((x)>>(n)) | ((x) << (32 - (n)))) + +#define Sigma0(x) (ROTR(x,2) ^ ROTR(x,13) ^ ROTR(x,22)) +#define Sigma1(x) (ROTR(x,6) ^ ROTR(x,11) ^ ROTR(x,25)) +#define sigma0(x) (ROTR(x,7) ^ ROTR(x,18) ^ ((x)>>3)) +#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ ((x)>>10)) + +#define A m->counter[0] +#define B m->counter[1] +#define C m->counter[2] +#define D m->counter[3] +#define E m->counter[4] +#define F m->counter[5] +#define G m->counter[6] +#define H m->counter[7] + +static const u_int32_t constant_256[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +}; + +void +SHA256_Init (SHA256_CTX *m) +{ + m->sz[0] = 0; + m->sz[1] = 0; + A = 0x6a09e667; + B = 0xbb67ae85; + C = 0x3c6ef372; + D = 0xa54ff53a; + E = 0x510e527f; + F = 0x9b05688c; + G = 0x1f83d9ab; + H = 0x5be0cd19; +} + +static void +calc (SHA256_CTX *m, u_int32_t *in) +{ + u_int32_t AA, BB, CC, DD, EE, FF, GG, HH; + u_int32_t data[64]; + int i; + + AA = A; + BB = B; + CC = C; + DD = D; + EE = E; + FF = F; + GG = G; + HH = H; + + for (i = 0; i < 16; ++i) + data[i] = in[i]; + for (i = 16; i < 64; ++i) + data[i] = sigma1(data[i-2]) + data[i-7] + + sigma0(data[i-15]) + data[i - 16]; + + for (i = 0; i < 64; i++) { + u_int32_t T1, T2; + + T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_256[i] + data[i]; + T2 = Sigma0(AA) + Maj(AA,BB,CC); + + HH = GG; + GG = FF; + FF = EE; + EE = DD + T1; + DD = CC; + CC = BB; + BB = AA; + AA = T1 + T2; + } + + A += AA; + B += BB; + C += CC; + D += DD; + E += EE; + F += FF; + G += GG; + H += HH; +} + +/* + * From `Performance analysis of MD5' by Joseph D. Touch + */ + +#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) +static inline u_int32_t +swap_u_int32_t (u_int32_t t) +{ +#define ROL(x,n) ((x)<<(n))|((x)>>(32-(n))) + u_int32_t temp1, temp2; + + temp1 = cshift(t, 16); + temp2 = temp1 >> 8; + temp1 &= 0x00ff00ff; + temp2 &= 0x00ff00ff; + temp1 <<= 8; + return temp1 | temp2; +} +#endif + +struct x32{ + unsigned int a:32; + unsigned int b:32; +}; + +void +SHA256_Update (SHA256_CTX *m, const void *v, size_t len) +{ + const unsigned char *p = v; + size_t old_sz = m->sz[0]; + size_t offset; + + m->sz[0] += len * 8; + if (m->sz[0] < old_sz) + ++m->sz[1]; + offset = (old_sz / 8) % 64; + while(len > 0){ + size_t l = min(len, 64 - offset); + memcpy(m->save + offset, p, l); + offset += l; + p += l; + len -= l; + if(offset == 64){ +#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) + int i; + u_int32_t current[16]; + struct x32 *u = (struct x32*)m->save; + for(i = 0; i < 8; i++){ + current[2*i+0] = swap_u_int32_t(u[i].a); + current[2*i+1] = swap_u_int32_t(u[i].b); + } + calc(m, current); +#else + calc(m, (u_int32_t*)m->save); +#endif + offset = 0; + } + } +} + +void +SHA256_Final (void *res, SHA256_CTX *m) +{ + unsigned char zeros[72]; + unsigned offset = (m->sz[0] / 8) % 64; + unsigned int dstart = (120 - offset - 1) % 64 + 1; + + *zeros = 0x80; + memset (zeros + 1, 0, sizeof(zeros) - 1); + zeros[dstart+7] = (m->sz[0] >> 0) & 0xff; + zeros[dstart+6] = (m->sz[0] >> 8) & 0xff; + zeros[dstart+5] = (m->sz[0] >> 16) & 0xff; + zeros[dstart+4] = (m->sz[0] >> 24) & 0xff; + zeros[dstart+3] = (m->sz[1] >> 0) & 0xff; + zeros[dstart+2] = (m->sz[1] >> 8) & 0xff; + zeros[dstart+1] = (m->sz[1] >> 16) & 0xff; + zeros[dstart+0] = (m->sz[1] >> 24) & 0xff; + SHA256_Update (m, zeros, dstart + 8); + { + int i; + unsigned char *r = (unsigned char*)res; + + for (i = 0; i < 8; ++i) { + r[4*i+3] = m->counter[i] & 0xFF; + r[4*i+2] = (m->counter[i] >> 8) & 0xFF; + r[4*i+1] = (m->counter[i] >> 16) & 0xFF; + r[4*i] = (m->counter[i] >> 24) & 0xFF; + } + } +} diff --git a/source4/heimdal/lib/gssapi/accept_sec_context.c b/source4/heimdal/lib/gssapi/accept_sec_context.c index ebb8ee2304..9ca60a6cdd 100644 --- a/source4/heimdal/lib/gssapi/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/accept_sec_context.c @@ -77,7 +77,6 @@ gsskrb5_is_cfx(gss_ctx_id_t context_handle, int *is_cfx) { krb5_keyblock *key; int acceptor = (context_handle->more_flags & LOCAL) == 0; - *is_cfx = 0; if (acceptor) { if (context_handle->auth_context->local_subkey) diff --git a/source4/heimdal/lib/gssapi/get_mic.c b/source4/heimdal/lib/gssapi/get_mic.c index 1c950e95d9..fc9e9aa1a9 100644 --- a/source4/heimdal/lib/gssapi/get_mic.c +++ b/source4/heimdal/lib/gssapi/get_mic.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: get_mic.c,v 1.29 2005/01/05 02:52:12 lukeh Exp $"); +RCSID("$Id: get_mic.c,v 1.30 2006/04/02 02:12:52 lha Exp $"); static OM_uint32 mic_des @@ -59,6 +59,7 @@ mic_des message_token->length = total_len; message_token->value = malloc (total_len); if (message_token->value == NULL) { + message_token->length = 0; *minor_status = ENOMEM; return GSS_S_FAILURE; } @@ -150,6 +151,7 @@ mic_des3 message_token->length = total_len; message_token->value = malloc (total_len); if (message_token->value == NULL) { + message_token->length = 0; *minor_status = ENOMEM; return GSS_S_FAILURE; } @@ -179,6 +181,8 @@ mic_des3 kret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); if (kret) { free (message_token->value); + message_token->value = NULL; + message_token->length = 0; free (tmp); gssapi_krb5_set_error_string (); *minor_status = kret; @@ -196,6 +200,8 @@ mic_des3 krb5_crypto_destroy (gssapi_krb5_context, crypto); if (kret) { free (message_token->value); + message_token->value = NULL; + message_token->length = 0; gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; @@ -221,6 +227,8 @@ mic_des3 ETYPE_DES3_CBC_NONE, &crypto); if (kret) { free (message_token->value); + message_token->value = NULL; + message_token->length = 0; gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; @@ -238,6 +246,8 @@ mic_des3 krb5_crypto_destroy (gssapi_krb5_context, crypto); if (kret) { free (message_token->value); + message_token->value = NULL; + message_token->length = 0; gssapi_krb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; diff --git a/source4/heimdal/lib/gssapi/gssapi_locl.h b/source4/heimdal/lib/gssapi/gssapi_locl.h index bd5d0db2b5..be2277b96f 100644 --- a/source4/heimdal/lib/gssapi/gssapi_locl.h +++ b/source4/heimdal/lib/gssapi/gssapi_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_locl.h,v 1.43 2005/11/02 08:51:17 lha Exp $ */ +/* $Id: gssapi_locl.h,v 1.44 2006/04/12 17:44:05 lha Exp $ */ #ifndef GSSAPI_LOCL_H #define GSSAPI_LOCL_H @@ -290,6 +290,14 @@ _gssapi_msg_order_check(struct gss_msg_order *, OM_uint32); OM_uint32 _gssapi_msg_order_f(OM_uint32); +OM_uint32 +_gssapi_msg_order_import(OM_uint32 *, krb5_storage *, + struct gss_msg_order **); + +krb5_error_code +_gssapi_msg_order_export(krb5_storage *, struct gss_msg_order *); + + /* 8003 */ krb5_error_code diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c index be34d8b560..e363ee22f7 100644 --- a/source4/heimdal/lib/gssapi/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/init_sec_context.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: init_sec_context.c,v 1.61 2005/11/02 11:52:49 lha Exp $"); +RCSID("$Id: init_sec_context.c,v 1.62 2006/04/09 18:45:18 lha Exp $"); /* * copy the addresses from `input_chan_bindings' (if any) to diff --git a/source4/heimdal/lib/gssapi/sequence.c b/source4/heimdal/lib/gssapi/sequence.c index 973fc6ad05..2851b0a6c8 100755 --- a/source4/heimdal/lib/gssapi/sequence.c +++ b/source4/heimdal/lib/gssapi/sequence.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan + * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: sequence.c,v 1.5 2005/04/27 17:49:43 lha Exp $"); +RCSID("$Id: sequence.c,v 1.6 2006/04/12 17:43:39 lha Exp $"); #define DEFAULT_JITTER_WINDOW 20 @@ -46,6 +46,32 @@ struct gss_msg_order { OM_uint32 elem[1]; }; + +/* + * + */ + +static OM_uint32 +msg_order_alloc(OM_uint32 *minor_status, + struct gss_msg_order **o, + OM_uint32 jitter_window) +{ + size_t len; + + len = jitter_window * sizeof((*o)->elem[0]); + len += sizeof(**o); + len -= sizeof((*o)->elem[0]); + + *o = calloc(1, len); + if (*o == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + *minor_status = 0; + return GSS_S_COMPLETE; +} + /* * */ @@ -58,21 +84,15 @@ _gssapi_msg_order_create(OM_uint32 *minor_status, OM_uint32 jitter_window, int use_64) { - size_t len; + OM_uint32 ret; if (jitter_window == 0) jitter_window = DEFAULT_JITTER_WINDOW; - len = jitter_window * sizeof((*o)->elem[0]); - len += sizeof(**o); - len -= sizeof((*o)->elem[0]); - - *o = malloc(len); - if (*o == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memset(*o, 0, len); + ret = msg_order_alloc(minor_status, o, jitter_window); + if(ret != GSS_S_COMPLETE) + return ret; + (*o)->flags = flags; (*o)->length = 0; (*o)->first_seq = seq_num; @@ -187,3 +207,88 @@ _gssapi_msg_order_f(OM_uint32 flags) { return flags & (GSS_C_SEQUENCE_FLAG|GSS_C_REPLAY_FLAG); } + +/* + * Translate `o` into inter-process format and export in to `sp'. + */ + +krb5_error_code +_gssapi_msg_order_export(krb5_storage *sp, struct gss_msg_order *o) +{ + krb5_error_code kret; + OM_uint32 i; + + kret = krb5_store_int32(sp, o->flags); + if (kret) + return kret; + kret = krb5_store_int32(sp, o->start); + if (kret) + return kret; + kret = krb5_store_int32(sp, o->length); + if (kret) + return kret; + kret = krb5_store_int32(sp, o->jitter_window); + if (kret) + return kret; + kret = krb5_store_int32(sp, o->first_seq); + if (kret) + return kret; + + for (i = 0; i < o->jitter_window; i++) { + kret = krb5_store_int32(sp, o->elem[i]); + if (kret) + return kret; + } + + return 0; +} + +OM_uint32 +_gssapi_msg_order_import(OM_uint32 *minor_status, + krb5_storage *sp, + struct gss_msg_order **o) +{ + OM_uint32 ret; + krb5_error_code kret; + int32_t i, flags, start, length, jitter_window, first_seq; + + kret = krb5_ret_int32(sp, &flags); + if (kret) + goto failed; + ret = krb5_ret_int32(sp, &start); + if (kret) + goto failed; + ret = krb5_ret_int32(sp, &length); + if (kret) + goto failed; + ret = krb5_ret_int32(sp, &jitter_window); + if (kret) + goto failed; + ret = krb5_ret_int32(sp, &first_seq); + if (kret) + goto failed; + + ret = msg_order_alloc(minor_status, o, jitter_window); + if (ret != GSS_S_COMPLETE) + return ret; + + (*o)->flags = flags; + (*o)->start = start; + (*o)->length = length; + (*o)->jitter_window = jitter_window; + (*o)->first_seq = first_seq; + + for( i = 0; i < jitter_window; i++ ) { + kret = krb5_ret_int32(sp, (int32_t*)&((*o)->elem[i])); + if (kret) + goto failed; + } + + *minor_status = 0; + return GSS_S_COMPLETE; + +failed: + _gssapi_msg_order_destroy(o); + *minor_status = kret; + return GSS_S_FAILURE; +} diff --git a/source4/heimdal/lib/gssapi/wrap.c b/source4/heimdal/lib/gssapi/wrap.c index e5be6cf149..0c089067b6 100644 --- a/source4/heimdal/lib/gssapi/wrap.c +++ b/source4/heimdal/lib/gssapi/wrap.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: wrap.c,v 1.31 2005/01/05 02:52:12 lukeh Exp $"); +RCSID("$Id: wrap.c,v 1.32 2006/04/02 02:10:03 lha Exp $"); OM_uint32 gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, @@ -316,6 +316,7 @@ wrap_des output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); if (output_message_buffer->value == NULL) { + output_message_buffer->length = 0; *minor_status = ENOMEM; return GSS_S_FAILURE; } @@ -440,6 +441,7 @@ wrap_des3 output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); if (output_message_buffer->value == NULL) { + output_message_buffer->length = 0; *minor_status = ENOMEM; return GSS_S_FAILURE; } @@ -474,6 +476,8 @@ wrap_des3 if (ret) { gssapi_krb5_set_error_string (); free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; *minor_status = ret; return GSS_S_FAILURE; } @@ -489,6 +493,8 @@ wrap_des3 if (ret) { gssapi_krb5_set_error_string (); free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; *minor_status = ret; return GSS_S_FAILURE; } @@ -518,6 +524,8 @@ wrap_des3 &crypto); if (ret) { free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; *minor_status = ret; return GSS_S_FAILURE; } @@ -536,6 +544,8 @@ wrap_des3 if (ret) { gssapi_krb5_set_error_string (); free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; *minor_status = ret; return GSS_S_FAILURE; } @@ -561,6 +571,8 @@ wrap_des3 if (ret) { gssapi_krb5_set_error_string (); free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; *minor_status = ret; return GSS_S_FAILURE; } @@ -570,6 +582,8 @@ wrap_des3 if (ret) { gssapi_krb5_set_error_string (); free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; *minor_status = ret; return GSS_S_FAILURE; } diff --git a/source4/heimdal/lib/hdb/keys.c b/source4/heimdal/lib/hdb/keys.c index c5a2efd758..0ca3846f9d 100644 --- a/source4/heimdal/lib/hdb/keys.c +++ b/source4/heimdal/lib/hdb/keys.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: keys.c,v 1.3 2005/03/17 00:42:05 lha Exp $"); +RCSID("$Id: keys.c,v 1.4 2006/04/02 00:45:48 lha Exp $"); /* * free all the memory used by (len, keys) @@ -298,6 +298,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal, &enctypes, &num_enctypes, &salt, principal); if (ret) { krb5_warnx(context, "bad value for default_keys `%s'", *kp); + ret = 0; continue; } @@ -334,6 +335,8 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal, krb5_free_salt(context, salt); } + *ret_key_set = key_set; + out: if (ret) { krb5_warn(context, ret, @@ -348,8 +351,6 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal, ret = EINVAL; /* XXX */ } - *ret_key_set = key_set; - return ret; } diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index 6fb37842dc..12979eaecf 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -35,7 +35,7 @@ /* keytab backend for HDB databases */ -RCSID("$Id: keytab.c,v 1.8 2005/12/12 12:35:36 lha Exp $"); +RCSID("$Id: keytab.c,v 1.10 2006/04/02 20:20:45 lha Exp $"); struct hdb_data { char *dbname; @@ -76,7 +76,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id) if((mkey - db) == 0) { d->dbname = NULL; } else { - d->dbname = malloc(mkey - db); + d->dbname = malloc(mkey - db + 1); if(d->dbname == NULL) { free(d); krb5_set_error_string(context, "malloc: out of memory"); diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c index 7cf2c65d89..b38104fc2d 100644 --- a/source4/heimdal/lib/krb5/acache.c +++ b/source4/heimdal/lib/krb5/acache.c @@ -37,7 +37,7 @@ #include #endif -RCSID("$Id: acache.c,v 1.14 2005/10/03 08:44:18 lha Exp $"); +RCSID("$Id: acache.c,v 1.15 2006/03/27 04:22:23 lha Exp $"); /* XXX should we fetch these for each open ? */ static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; @@ -218,7 +218,36 @@ make_cred_from_ccred(krb5_context context, } } - cred->flags.b = int2TicketFlags(incred->ticket_flags); /* XXX */ + cred->flags.i = 0; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDABLE) + cred->flags.b.forwardable = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDED) + cred->flags.b.forwarded = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXIABLE) + cred->flags.b.proxiable = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXY) + cred->flags.b.proxy = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_MAY_POSTDATE) + cred->flags.b.may_postdate = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_POSTDATED) + cred->flags.b.postdated = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INVALID) + cred->flags.b.invalid = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_RENEWABLE) + cred->flags.b.renewable = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INITIAL) + cred->flags.b.initial = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PRE_AUTH) + cred->flags.b.pre_authent = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_HW_AUTH) + cred->flags.b.hw_authent = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED) + cred->flags.b.transited_policy_checked = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE) + cred->flags.b.ok_as_delegate = 1; + if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_ANONYMOUS) + cred->flags.b.anonymous = 1; + return 0; nomem: @@ -310,7 +339,36 @@ make_ccred_from_cred(krb5_context context, } cred->addresses[i] = NULL; - cred->ticket_flags = TicketFlags2int(incred->flags.b); /* XXX */ + cred->ticket_flags = 0; + if (incred->flags.b.forwardable) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDABLE; + if (incred->flags.b.forwarded) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDED; + if (incred->flags.b.proxiable) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXIABLE; + if (incred->flags.b.proxy) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXY; + if (incred->flags.b.may_postdate) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_MAY_POSTDATE; + if (incred->flags.b.postdated) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_POSTDATED; + if (incred->flags.b.invalid) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INVALID; + if (incred->flags.b.renewable) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_RENEWABLE; + if (incred->flags.b.initial) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INITIAL; + if (incred->flags.b.pre_authent) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PRE_AUTH; + if (incred->flags.b.hw_authent) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_HW_AUTH; + if (incred->flags.b.transited_policy_checked) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED; + if (incred->flags.b.ok_as_delegate) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE; + if (incred->flags.b.anonymous) + cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_ANONYMOUS; + return 0; fail: diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c index cf460ba725..ebdbcfed46 100644 --- a/source4/heimdal/lib/krb5/addr_families.c +++ b/source4/heimdal/lib/krb5/addr_families.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c,v 1.50 2006/03/17 22:12:13 lha Exp $"); +RCSID("$Id: addr_families.c,v 1.51 2006/04/02 02:17:31 lha Exp $"); struct addr_operations { int af; @@ -1136,6 +1136,7 @@ krb5_make_addrport (krb5_context context, if (ret) { krb5_set_error_string(context, "malloc: out of memory"); free (*res); + *res = NULL; return ret; } p = (*res)->address.data; diff --git a/source4/heimdal/lib/krb5/build_auth.c b/source4/heimdal/lib/krb5/build_auth.c index 1c38721b02..9eff09bb0a 100644 --- a/source4/heimdal/lib/krb5/build_auth.c +++ b/source4/heimdal/lib/krb5/build_auth.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: build_auth.c,v 1.42 2005/01/05 02:34:53 lukeh Exp $"); +RCSID("$Id: build_auth.c,v 1.43 2006/04/10 08:53:21 lha Exp $"); static krb5_error_code make_etypelist(krb5_context context, @@ -116,13 +116,12 @@ krb5_build_authenticator (krb5_context context, krb5_error_code ret; krb5_crypto crypto; - auth = malloc(sizeof(*auth)); + auth = calloc(1, sizeof(*auth)); if (auth == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } - memset (auth, 0, sizeof(*auth)); auth->authenticator_vno = 5; copy_Realm(&cred->client->realm, &auth->crealm); copy_PrincipalName(&cred->client->name, &auth->cname); @@ -161,10 +160,8 @@ krb5_build_authenticator (krb5_context context, /* XXX - Copy more to auth_context? */ - if (auth_context) { - auth_context->authenticator->ctime = auth->ctime; - auth_context->authenticator->cusec = auth->cusec; - } + auth_context->authenticator->ctime = auth->ctime; + auth_context->authenticator->cusec = auth->cusec; ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret); if (ret) diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index efb2ad1374..b21d42d653 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c,v 1.77 2005/12/13 15:42:36 lha Exp $"); +RCSID("$Id: cache.c,v 1.79 2006/04/02 00:54:48 lha Exp $"); /* * Add a new ccache type with operations `ops', overwriting any @@ -316,7 +316,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) } if (append == NULL) { free(*res); - res = NULL; + *res = NULL; krb5_set_error_string(context, "malloc - out of memory"); return ENOMEM; } @@ -324,6 +324,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) tlen = strlen(append); tmp = realloc(*res, len + tlen + 1); if (tmp == NULL) { + free(append); free(*res); *res = NULL; krb5_set_error_string(context, "malloc - out of memory"); diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c index 86e286c638..66051303ed 100644 --- a/source4/heimdal/lib/krb5/config_file.c +++ b/source4/heimdal/lib/krb5/config_file.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file.c,v 1.53 2005/06/16 20:22:53 lha Exp $"); +RCSID("$Id: config_file.c,v 1.54 2006/04/02 00:59:19 lha Exp $"); #ifndef HAVE_NETINFO @@ -574,7 +574,7 @@ krb5_config_vget_strings(krb5_context context, } if(nstr){ char **tmp = realloc(strings, (nstr + 1) * sizeof(*strings)); - if(strings == NULL) + if(tmp == NULL) goto cleanup; strings = tmp; strings[nstr] = NULL; diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 039484c650..3a90995283 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.133 2006/03/07 19:34:55 lha Exp $"); +RCSID("$Id: crypto.c,v 1.134 2006/04/10 08:58:53 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -4096,7 +4096,7 @@ krb5_string_to_key_derived(krb5_context context, struct encryption_type *et = _find_enctype(etype); krb5_error_code ret; struct key_data kd; - size_t keylen = et->keytype->bits / 8; + size_t keylen; u_char *tmp; if(et == NULL) { @@ -4104,6 +4104,8 @@ krb5_string_to_key_derived(krb5_context context, etype); return KRB5_PROG_ETYPE_NOSUPP; } + keylen = et->keytype->bits / 8; + ALLOC(kd.key, 1); if(kd.key == NULL) { krb5_set_error_string (context, "malloc: out of memory"); diff --git a/source4/heimdal/lib/krb5/data.c b/source4/heimdal/lib/krb5/data.c index 9cf1410e70..3192c4c64f 100644 --- a/source4/heimdal/lib/krb5/data.c +++ b/source4/heimdal/lib/krb5/data.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: data.c,v 1.19 2004/05/25 21:22:23 lha Exp $"); +RCSID("$Id: data.c,v 1.20 2006/04/02 01:06:07 lha Exp $"); void KRB5_LIB_FUNCTION krb5_data_zero(krb5_data *p) @@ -114,6 +114,7 @@ krb5_copy_data(krb5_context context, if(ret) { krb5_clear_error_string (context); free(*outdata); + *outdata = NULL; } return ret; } diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c index f8ebe837b7..79b809d2a2 100644 --- a/source4/heimdal/lib/krb5/fcache.c +++ b/source4/heimdal/lib/krb5/fcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: fcache.c,v 1.51 2005/08/12 13:31:19 lha Exp $"); +RCSID("$Id: fcache.c,v 1.52 2006/04/02 01:04:37 lha Exp $"); typedef struct krb5_fcache{ char *filename; @@ -269,10 +269,11 @@ fcc_gen_new(krb5_context context, krb5_ccache *id) } fd = mkstemp(file); if(fd < 0) { + int ret = errno; + krb5_set_error_string(context, "mkstemp %s", file); free(f); free(file); - krb5_set_error_string(context, "mkstemp %s", file); - return errno; + return ret; } close(fd); f->filename = file; diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index dafe668b5d..661d05663b 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_for_creds.c,v 1.48 2006/03/07 19:38:09 lha Exp $"); +RCSID("$Id: get_for_creds.c,v 1.49 2006/04/10 09:28:15 lha Exp $"); static krb5_error_code add_addrs(krb5_context context, @@ -180,10 +180,7 @@ krb5_get_forwarded_creds (krb5_context context, addrs.len = 0; addrs.val = NULL; - if (in_creds->client && in_creds->client->realm) - realm = in_creds->client->realm; - else - realm = in_creds->server->realm; + realm = in_creds->client->realm; krb5_appdefault_boolean(context, NULL, realm, "no-addresses-ever", TRUE, &noaddr_ever); diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c index 316c2f02eb..88de280a00 100644 --- a/source4/heimdal/lib/krb5/init_creds.c +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds.c,v 1.22 2006/02/03 11:42:31 lha Exp $"); +RCSID("$Id: init_creds.c,v 1.23 2006/04/02 01:08:30 lha Exp $"); void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) @@ -75,7 +75,7 @@ _krb5_get_init_creds_opt_copy(krb5_context context, krb5_get_init_creds_opt *opt; *out = NULL; - opt = malloc(sizeof(*opt)); + opt = calloc(1, sizeof(*opt)); if (opt == NULL) { krb5_set_error_string(context, "out of memory"); return ENOMEM; diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index 3c694624bf..489a88a31b 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c,v 1.90 2005/10/12 12:45:11 lha Exp $"); +RCSID("$Id: init_creds_pw.c,v 1.92 2006/04/02 01:20:15 lha Exp $"); typedef struct krb5_get_init_creds_ctx { krb5_kdc_flags flags; @@ -79,8 +79,10 @@ default_s2k_func(krb5_context context, krb5_enctype type, return ENOMEM; ret = krb5_string_to_key_data_salt_opaque(context, type, password, salt, opaque, *key); - if (ret) + if (ret) { free(*key); + *key = NULL; + } return ret; } @@ -545,23 +547,14 @@ init_creds_init_as_req (krb5_context context, krb5_set_error_string(context, "malloc: out of memory"); goto fail; } - if (creds->client) { - ret = _krb5_principal2principalname (a->req_body.cname, creds->client); - if (ret) - goto fail; - ret = copy_Realm(&creds->client->realm, &a->req_body.realm); - if (ret) - goto fail; - } else { - krb5_realm realm; - a->req_body.cname = NULL; - ret = krb5_get_default_realm(context, &realm); - if (ret) - goto fail; - ret = copy_Realm(&realm, &a->req_body.realm); - free(realm); - } + ret = _krb5_principal2principalname (a->req_body.cname, creds->client); + if (ret) + goto fail; + ret = copy_Realm(&creds->client->realm, &a->req_body.realm); + if (ret) + goto fail; + ret = _krb5_principal2principalname (a->req_body.sname, creds->server); if (ret) goto fail; diff --git a/source4/heimdal/lib/krb5/keytab_any.c b/source4/heimdal/lib/krb5/keytab_any.c index 667788c69d..d5130aaad8 100644 --- a/source4/heimdal/lib/krb5/keytab_any.c +++ b/source4/heimdal/lib/krb5/keytab_any.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_any.c,v 1.7 2002/10/21 13:36:59 joda Exp $"); +RCSID("$Id: keytab_any.c,v 1.8 2006/04/10 09:20:13 lha Exp $"); struct any_data { krb5_keytab kt; @@ -162,23 +162,22 @@ any_next_entry (krb5_context context, ret = krb5_kt_next_entry(context, ed->a->kt, entry, &ed->cursor); if (ret == 0) return 0; - else if (ret == KRB5_KT_END) { - ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor); - if (ret2) - return ret2; - while ((ed->a = ed->a->next) != NULL) { - ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); - if (ret2 == 0) - break; - } - if (ed->a == NULL) { - krb5_clear_error_string (context); - return KRB5_KT_END; - } - } else + else if (ret != KRB5_KT_END) return ret; - } while (ret == KRB5_KT_END); - return ret; + + ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor); + if (ret2) + return ret2; + while ((ed->a = ed->a->next) != NULL) { + ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); + if (ret2 == 0) + break; + } + if (ed->a == NULL) { + krb5_clear_error_string (context); + return KRB5_KT_END; + } + } while (1); } static krb5_error_code diff --git a/source4/heimdal/lib/krb5/keytab_file.c b/source4/heimdal/lib/krb5/keytab_file.c index 6ff2680ed1..f9a76e634a 100644 --- a/source4/heimdal/lib/krb5/keytab_file.c +++ b/source4/heimdal/lib/krb5/keytab_file.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_file.c,v 1.20 2005/07/13 06:08:07 lha Exp $"); +RCSID("$Id: keytab_file.c,v 1.22 2006/04/07 21:57:31 lha Exp $"); #define KRB5_KT_VNO_1 1 #define KRB5_KT_VNO_2 2 @@ -164,7 +164,7 @@ krb5_kt_ret_principal(krb5_context context, int i; int ret; krb5_principal p; - int16_t tmp; + int16_t len; ALLOC(p, 1); if(p == NULL) { @@ -172,25 +172,34 @@ krb5_kt_ret_principal(krb5_context context, return ENOMEM; } - ret = krb5_ret_int16(sp, &tmp); - if(ret) - return ret; + ret = krb5_ret_int16(sp, &len); + if(ret) { + krb5_set_error_string(context, + "Failed decoding length of keytab principal"); + goto out; + } if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) - tmp--; - p->name.name_string.len = tmp; + len--; + if (len < 0) { + krb5_set_error_string(context, + "Keytab principal contains invalid length"); + ret = KRB5_KT_END; + goto out; + } ret = krb5_kt_ret_string(context, sp, &p->realm); if(ret) - return ret; - p->name.name_string.val = calloc(p->name.name_string.len, - sizeof(*p->name.name_string.val)); + goto out; + p->name.name_string.val = calloc(len, sizeof(*p->name.name_string.val)); if(p->name.name_string.val == NULL) { krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; + ret = ENOMEM; + goto out; } + p->name.name_string.len = len; for(i = 0; i < p->name.name_string.len; i++){ ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i); if(ret) - return ret; + goto out; } if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) p->name.name_type = KRB5_NT_UNKNOWN; @@ -199,10 +208,13 @@ krb5_kt_ret_principal(krb5_context context, ret = krb5_ret_int32(sp, &tmp32); p->name.name_type = tmp32; if (ret) - return ret; + goto out; } *princ = p; return 0; +out: + krb5_free_principal(context, p); + return ret; } static krb5_error_code @@ -423,7 +435,7 @@ loop: } } if(start) *start = pos; - if(end) *end = *start + 4 + len; + if(end) *end = pos + 4 + len; out: krb5_storage_seek(cursor->sp, pos + 4 + len, SEEK_SET); return ret; diff --git a/source4/heimdal/lib/krb5/keytab_keyfile.c b/source4/heimdal/lib/krb5/keytab_keyfile.c index 5c94291e72..32fb48a8a2 100644 --- a/source4/heimdal/lib/krb5/keytab_keyfile.c +++ b/source4/heimdal/lib/krb5/keytab_keyfile.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c,v 1.17 2005/09/30 11:20:53 lha Exp $"); +RCSID("$Id: keytab_keyfile.c,v 1.18 2006/04/02 01:24:52 lha Exp $"); /* afs keyfile operations --------------------------------------- */ @@ -94,6 +94,7 @@ get_cell_and_realm (krb5_context context, f = fopen (AFS_SERVERMAGICKRBCONF, "r"); if (f != NULL) { if (fgets (buf, sizeof(buf), f) == NULL) { + free (d->cell); fclose (f); krb5_set_error_string (context, "no realm in %s", AFS_SERVERMAGICKRBCONF); diff --git a/source4/heimdal/lib/krb5/keytab_krb4.c b/source4/heimdal/lib/krb5/keytab_krb4.c index 1a83faca57..19e7f106bf 100644 --- a/source4/heimdal/lib/krb5/keytab_krb4.c +++ b/source4/heimdal/lib/krb5/keytab_krb4.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_krb4.c,v 1.13 2005/05/19 04:13:18 lha Exp $"); +RCSID("$Id: keytab_krb4.c,v 1.15 2006/04/10 17:10:53 lha Exp $"); struct krb4_kt_data { char *filename; @@ -139,6 +139,11 @@ krb4_kt_start_seq_get_int (krb5_context context, return ret; } c->sp = krb5_storage_from_fd(c->fd); + if(c->sp == NULL) { + close(c->fd); + free(ed); + return ENOMEM; + } krb5_storage_set_eof_code(c->sp, KRB5_KT_END); return 0; } @@ -302,11 +307,11 @@ krb4_kt_add_entry (krb5_context context, } } sp = krb5_storage_from_fd(fd); - krb5_storage_set_eof_code(sp, KRB5_KT_END); if(sp == NULL) { close(fd); return ENOMEM; } + krb5_storage_set_eof_code(sp, KRB5_KT_END); ret = krb4_store_keytab_entry(context, entry, sp); krb5_storage_free(sp); if(close (fd) < 0) @@ -316,8 +321,8 @@ krb4_kt_add_entry (krb5_context context, static krb5_error_code krb4_kt_remove_entry(krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry) + krb5_keytab id, + krb5_keytab_entry *entry) { struct krb4_kt_data *d = id->data; krb5_error_code ret; diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 8d9b3c62ac..00126d60ed 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -302,19 +302,13 @@ void KRB5_LIB_FUNCTION _krb5_pk_cert_free (struct krb5_pk_cert */*cert*/); krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_create_sign ( - krb5_context /*context*/, - const heim_oid */*eContentType*/, - krb5_data */*eContent*/, - struct krb5_pk_identity */*id*/, - krb5_data */*sd_data*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_load_openssl_id ( +_krb5_pk_load_id ( krb5_context /*context*/, struct krb5_pk_identity **/*ret_id*/, const char */*user_id*/, - const char */*x509_anchors*/, + const char */*anchor_id*/, + char * const */*chain*/, + char * const */*revoke*/, krb5_prompter_fct /*prompter*/, void */*prompter_data*/, char */*password*/); diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index d7e74621ef..56f43f6c3d 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -1874,6 +1874,8 @@ krb5_get_init_creds_opt_set_pkinit ( krb5_principal /*principal*/, const char */*user_id*/, const char */*x509_anchors*/, + char * const * /*chain*/, + char * const * /*revoke*/, int /*flags*/, krb5_prompter_fct /*prompter*/, void */*prompter_data*/, diff --git a/source4/heimdal/lib/krb5/krb5_ccapi.h b/source4/heimdal/lib/krb5/krb5_ccapi.h index 00c30d7791..29b2ddbecc 100644 --- a/source4/heimdal/lib/krb5/krb5_ccapi.h +++ b/source4/heimdal/lib/krb5/krb5_ccapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_ccapi.h,v 1.1 2004/09/11 04:00:42 lha Exp $ */ +/* $Id: krb5_ccapi.h,v 1.2 2006/03/27 04:21:06 lha Exp $ */ #ifndef KRB5_CCAPI_H #define KRB5_CCAPI_H 1 @@ -43,7 +43,8 @@ enum { }; enum { - ccapi_version_3 = 3 + ccapi_version_3 = 3, + ccapi_version_4 = 4 }; enum { @@ -108,7 +109,21 @@ struct cc_credentials_v5_t { cc_time_t endtime; cc_time_t renew_till; cc_uint32 is_skey; - cc_uint32 ticket_flags; /* XXX ticket flags undefined */ + cc_uint32 ticket_flags; +#define KRB5_CCAPI_TKT_FLG_FORWARDABLE 0x40000000 +#define KRB5_CCAPI_TKT_FLG_FORWARDED 0x20000000 +#define KRB5_CCAPI_TKT_FLG_PROXIABLE 0x10000000 +#define KRB5_CCAPI_TKT_FLG_PROXY 0x08000000 +#define KRB5_CCAPI_TKT_FLG_MAY_POSTDATE 0x04000000 +#define KRB5_CCAPI_TKT_FLG_POSTDATED 0x02000000 +#define KRB5_CCAPI_TKT_FLG_INVALID 0x01000000 +#define KRB5_CCAPI_TKT_FLG_RENEWABLE 0x00800000 +#define KRB5_CCAPI_TKT_FLG_INITIAL 0x00400000 +#define KRB5_CCAPI_TKT_FLG_PRE_AUTH 0x00200000 +#define KRB5_CCAPI_TKT_FLG_HW_AUTH 0x00100000 +#define KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000 +#define KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE 0x00040000 +#define KRB5_CCAPI_TKT_FLG_ANONYMOUS 0x00020000 cc_data **addresses; cc_data ticket; cc_data second_ticket; diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c index ef9f5dbd60..221bd706f4 100644 --- a/source4/heimdal/lib/krb5/krbhst.c +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: krbhst.c,v 1.53 2005/10/08 15:40:50 lha Exp $"); +RCSID("$Id: krbhst.c,v 1.55 2006/04/02 10:32:20 lha Exp $"); static int string_to_proto(const char *string) @@ -241,8 +241,9 @@ _krb5_krbhost_info_move(krb5_context context, krb5_krbhst_info *from, krb5_krbhst_info **to) { + size_t hostnamelen = strlen(from->hostname); /* trailing NUL is included in structure */ - *to = calloc(1, sizeof(**to) + strlen(from->hostname)); + *to = calloc(1, sizeof(**to) + hostnamelen); if(*to == NULL) { krb5_set_error_string(context, "malloc - out of memory"); return ENOMEM; @@ -254,7 +255,7 @@ _krb5_krbhost_info_move(krb5_context context, (*to)->ai = from->ai; from->ai = NULL; (*to)->next = NULL; - strcpy((*to)->hostname, from->hostname); + memcpy((*to)->hostname, from->hostname, hostnamelen + 1); return 0; } diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c index 4f6381c858..7e478bf1e0 100644 --- a/source4/heimdal/lib/krb5/log.c +++ b/source4/heimdal/lib/krb5/log.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: log.c,v 1.36 2005/06/17 04:25:05 lha Exp $"); +RCSID("$Id: log.c,v 1.38 2006/04/10 09:41:26 lha Exp $"); struct facility { int min; @@ -284,7 +284,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) ret = open_file(context, f, min, max, NULL, NULL, stderr, 1); }else if(strcmp(p, "CONSOLE") == 0){ ret = open_file(context, f, min, max, "/dev/console", "w", NULL, 0); - }else if(strncmp(p, "FILE:", 4) == 0 && (p[4] == ':' || p[4] == '=')){ + }else if(strncmp(p, "FILE", 4) == 0 && (p[4] == ':' || p[4] == '=')){ char *fn; FILE *file = NULL; int keep_open = 0; @@ -300,6 +300,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) ret = errno; krb5_set_error_string (context, "open(%s): %s", fn, strerror(ret)); + free(fn); return ret; } file = fdopen(i, "a"); @@ -308,12 +309,13 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) close(i); krb5_set_error_string (context, "fdopen(%s): %s", fn, strerror(ret)); + free(fn); return ret; } keep_open = 1; } ret = open_file(context, f, min, max, fn, "a", file, keep_open); - }else if(strncmp(p, "DEVICE=", 6) == 0){ + }else if(strncmp(p, "DEVICE", 6) == 0 && (p[6] == ':' || p[6] == '=')){ ret = open_file(context, f, min, max, strdup(p + 7), "w", NULL, 0); }else if(strncmp(p, "SYSLOG", 6) == 0 && (p[6] == '\0' || p[6] == ':')){ char severity[128] = ""; diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 1247bb22ca..fa4fb4699e 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c,v 1.77 2006/02/14 10:08:29 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.88 2006/04/23 21:30:17 lha Exp $"); struct krb5_dh_moduli { char *name; @@ -45,71 +45,35 @@ struct krb5_dh_moduli { #ifdef PKINIT -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef HAVE_DIRENT_H -#include -#endif +#include +#include +#include +#include +#include +#include +#include +#include + +#include -#include "heim_asn1.h" -#include "rfc2459_asn1.h" -#include "cms_asn1.h" -#include "pkinit_asn1.h" +#include enum { COMPAT_WIN2K = 1, COMPAT_IETF = 2 }; -#define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \ -{ \ - unsigned char *p; \ - (BL) = i2d_##T((S), NULL); \ - if ((BL) <= 0) { \ - (R) = EINVAL; \ - } else { \ - (B) = malloc((BL)); \ - if ((B) == NULL) { \ - (R) = ENOMEM; \ - } else { \ - p = (B); \ - (R) = 0; \ - (BL) = i2d_##T((S), &p); \ - if ((BL) <= 0) { \ - free((B)); \ - (R) = ASN1_OVERRUN; \ - } \ - } \ - } \ -} - -/* ENGING_load_private_key requires a UI_METHOD and data - * if to be usable from PAM - */ - -struct krb5_ui_data { - krb5_context context; - krb5_prompter_fct prompter; - void * prompter_data; -}; - struct krb5_pk_identity { - EVP_PKEY *private_key; - STACK_OF(X509) *cert; - STACK_OF(X509) *trusted_certs; - STACK_OF(X509_CRL) *crls; - ENGINE *engine; + hx509_context hx509ctx; + hx509_verify_ctx verify_ctx; + hx509_certs certs; + hx509_certs anchors; + hx509_certs certpool; + hx509_revoke_ctx revoke; }; struct krb5_pk_cert { - X509 *cert; + hx509_cert cert; }; struct krb5_pk_init_ctx_data { @@ -118,13 +82,16 @@ struct krb5_pk_init_ctx_data { krb5_data *clientDHNonce; struct krb5_dh_moduli **m; int require_binding; + int require_eku; + int require_krbtgt_otherName; }; void KRB5_LIB_FUNCTION _krb5_pk_cert_free(struct krb5_pk_cert *cert) { - if (cert->cert) - X509_free(cert->cert); + if (cert->cert) { + hx509_cert_free(cert->cert); + } free(cert); } @@ -138,7 +105,7 @@ BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) return ENOMEM; } BN_bn2bin(bn, integer->data); - integer->negative = bn->neg; + integer->negative = BN_is_negative(bn); return 0; } @@ -152,315 +119,44 @@ integer_to_BN(krb5_context context, const char *field, const heim_integer *f) krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field); return NULL; } - bn->neg = f->negative; + BN_set_negative(bn, f->negative); return bn; } -/* - * UI ex_data has the callback_data as passed to Engine. This is far - * from being complete, we will only process one prompt - */ - -static int -krb5_ui_method_read_string(UI *ui, UI_STRING *uis) -{ - char *buffer; - size_t length; - krb5_error_code ret; - krb5_prompt prompt; - krb5_data password_data; - struct krb5_ui_data *ui_data; - - ui_data = (struct krb5_ui_data *)UI_get_app_data(ui); - - switch (UI_get_string_type(uis)) { - case UIT_INFO: - case UIT_ERROR: - /* looks like the RedHat pam_prompter might handle - * INFO and ERROR, Will see what happens */ - case UIT_VERIFY: - case UIT_PROMPT: - length = UI_get_result_maxsize(uis); - buffer = malloc(length); - if (buffer == NULL) { - krb5_set_error_string(ui_data->context, "malloc: out of memory"); - return 0; - } - password_data.data = buffer; - password_data.length = length; - - prompt.prompt = UI_get0_output_string(uis); - prompt.hidden = !(UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO); - prompt.reply = &password_data; - prompt.type = KRB5_PROMPT_TYPE_PASSWORD; - - ret = (*ui_data->prompter)(ui_data->context, - ui_data->prompter_data, - NULL, NULL, 1, &prompt); - if (ret == 0) { - buffer[length - 1] = '\0'; - UI_set_result(ui, uis, password_data.data); - - /* - * RedHat pam_krb5 pam_prompter does a strdup but others - * may copy into buffer. XXX should we just leak the - * memory instead ? - */ - - if (buffer != password_data.data) - free(password_data.data); - memset (buffer, 0, length); - free(buffer); - return 1; - } - memset (buffer, 0, length); - free(buffer); - break; - case UIT_NONE: - case UIT_BOOLEAN: - /* XXX for now do not handle */ - break; - - } - return 0; -} - static krb5_error_code -set_digest_alg(DigestAlgorithmIdentifier *id, - const heim_oid *oid, - void *param, size_t length) -{ - krb5_error_code ret; - if (param) { - id->parameters = malloc(sizeof(*id->parameters)); - if (id->parameters == NULL) - return ENOMEM; - id->parameters->data = malloc(length); - if (id->parameters->data == NULL) { - free(id->parameters); - id->parameters = NULL; - return ENOMEM; - } - memcpy(id->parameters->data, param, length); - id->parameters->length = length; - } else - id->parameters = NULL; - ret = copy_oid(oid, &id->algorithm); - if (ret) { - if (id->parameters) { - free(id->parameters->data); - free(id->parameters); - id->parameters = NULL; - } - return ret; - } - return 0; -} - -krb5_error_code KRB5_LIB_FUNCTION _krb5_pk_create_sign(krb5_context context, const heim_oid *eContentType, krb5_data *eContent, struct krb5_pk_identity *id, krb5_data *sd_data) { - SignerInfo *signer_info; - X509 *user_cert; - heim_integer *serial; - krb5_error_code ret; - krb5_data buf; - SignedData sd; - EVP_MD_CTX md; - int i; - unsigned len; - size_t size; - - X509_NAME *issuer_name; - - memset(&sd, 0, sizeof(sd)); - - if (id == NULL) - return HEIM_PKINIT_NO_CERTIFICATE; - if (id->cert == NULL) - return HEIM_PKINIT_NO_CERTIFICATE; - if (id->private_key == NULL) - return HEIM_PKINIT_NO_PRIVATE_KEY; - - if (sk_X509_num(id->cert) == 0) - return HEIM_PKINIT_NO_CERTIFICATE; - - sd.version = 3; - - sd.digestAlgorithms.len = 0; - sd.digestAlgorithms.val = NULL; - copy_oid(eContentType, &sd.encapContentInfo.eContentType); - ALLOC(sd.encapContentInfo.eContent, 1); - if (sd.encapContentInfo.eContent == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - - ret = krb5_data_copy(&buf, eContent->data, eContent->length); - if (ret) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - - sd.encapContentInfo.eContent->data = buf.data; - sd.encapContentInfo.eContent->length = buf.length; - - ALLOC_SEQ(&sd.signerInfos, 1); - if (sd.signerInfos.val == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - - signer_info = &sd.signerInfos.val[0]; - - user_cert = sk_X509_value(id->cert, 0); - if (user_cert == NULL) { - krb5_set_error_string(context, "pkinit: no user certificate"); - ret = HEIM_PKINIT_NO_CERTIFICATE; - goto out; - } - - signer_info->version = 1; - - issuer_name = X509_get_issuer_name(user_cert); - - OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, - buf.data, - buf.length, - issuer_name, - ret); - if (ret) { - krb5_set_error_string(context, "pkinit: failed encoding name"); - goto out; - } - ret = decode_Name(buf.data, buf.length, - &signer_info->sid.u.issuerAndSerialNumber.issuer, - NULL); - free(buf.data); - if (ret) { - krb5_set_error_string(context, "pkinit: failed to parse Name"); - goto out; - } - signer_info->sid.element = choice_CMSIdentifier_issuerAndSerialNumber; - - serial = &signer_info->sid.u.issuerAndSerialNumber.serialNumber; - { - ASN1_INTEGER *isn = X509_get_serialNumber(user_cert); - BIGNUM *bn = ASN1_INTEGER_to_BN(isn, NULL); - if (bn == NULL) { - ret = ENOMEM; - krb5_set_error_string(context, "pkinit: failed allocating " - "serial number"); - goto out; - } - ret = BN_to_integer(context, bn, serial); - BN_free(bn); - if (ret) { - krb5_set_error_string(context, "pkinit: failed encoding " - "serial number"); - goto out; - } - } - - ret = set_digest_alg(&signer_info->digestAlgorithm, - oid_id_secsig_sha_1(), "\x05\x00", 2); - if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); - goto out; - } - - signer_info->signedAttrs = NULL; - signer_info->unsignedAttrs = NULL; - - copy_oid(oid_id_pkcs1_rsaEncryption(), - &signer_info->signatureAlgorithm.algorithm); - signer_info->signatureAlgorithm.parameters = NULL; - - buf.data = malloc(EVP_PKEY_size(id->private_key)); - if (buf.data == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - - EVP_SignInit(&md, EVP_sha1()); - EVP_SignUpdate(&md, - sd.encapContentInfo.eContent->data, - sd.encapContentInfo.eContent->length); - ret = EVP_SignFinal(&md, buf.data, &len, id->private_key); - if (ret != 1) { - free(buf.data); - krb5_set_error_string(context, "PKINIT: failed to sign with " - "private key: %s", - ERR_error_string(ERR_get_error(), NULL)); - ret = EINVAL; - goto out; - } - - signer_info->signature.data = buf.data; - signer_info->signature.length = len; - - ALLOC_SEQ(&sd.digestAlgorithms, 1); - if (sd.digestAlgorithms.val == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - - ret = set_digest_alg(&sd.digestAlgorithms.val[0], - oid_id_secsig_sha_1(), "\x05\x00", 2); - if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); - goto out; - } + hx509_cert cert; + hx509_query *q; + int ret; - ALLOC(sd.certificates, 1); - if (sd.certificates == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } + ret = hx509_query_alloc(id->hx509ctx, &q); + if (ret) + return ret; - i = sk_X509_num(id->cert); - sd.certificates->val = malloc(sizeof(sd.certificates->val[0]) * i); - if (sd.certificates->val == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - sd.certificates->len = i; - - for (i = 0; i < sk_X509_num(id->cert); i++) { - OPENSSL_ASN1_MALLOC_ENCODE(X509, - sd.certificates->val[i].data, - sd.certificates->val[i].length, - sk_X509_value(id->cert, i), - ret); - if (ret) { - krb5_clear_error_string(context); - goto out; - } - } + hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); + hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); - ASN1_MALLOC_ENCODE(SignedData, sd_data->data, sd_data->length, - &sd, &size, ret); - if (ret) { - krb5_set_error_string(context, "SignedData failed %d", ret); - goto out; - } - if (sd_data->length != size) - krb5_abortx(context, "internal ASN1 encoder error"); + ret = hx509_certs_find(id->hx509ctx, id->certs, q, &cert); + hx509_query_free(id->hx509ctx, q); + if (ret) + return ret; - out: - free_SignedData(&sd); + ret = hx509_cms_create_signed_1(id->hx509ctx, + eContentType, + eContent->data, + eContent->length, + NULL, + cert, + NULL, + NULL, + sd_data); + hx509_cert_free(cert); return ret; } @@ -813,230 +509,23 @@ _krb5_pk_mk_padata(krb5_context context, } else type = COMPAT_IETF; - return pk_mk_padata(context, type, ctx, req_body, nonce, md); -} + ctx->require_eku = + krb5_config_get_bool_default(context, NULL, + TRUE, + "realms", + req_body->realm, + "pkinit_require_eku", + NULL); + ctx->require_krbtgt_otherName = + krb5_config_get_bool_default(context, NULL, + TRUE, + "realms", + req_body->realm, + "pkinit_require_krbtgt_otherName", + NULL); -static krb5_boolean -pk_peer_compare(krb5_context context, - const SignerIdentifier *peer1, - X509 *peer2) -{ - switch (peer1->element) { - case choice_CMSIdentifier_issuerAndSerialNumber: { - ASN1_INTEGER *i; - const heim_integer *serial; - X509_NAME *name; - unsigned char *p; - size_t len; - - i = X509_get_serialNumber(peer2); - serial = &peer1->u.issuerAndSerialNumber.serialNumber; - - if (i->length != serial->length || - memcmp(i->data, serial->data, i->length) != 0) - return FALSE; - - p = peer1->u.issuerAndSerialNumber.issuer._save.data; - len = peer1->u.issuerAndSerialNumber.issuer._save.length; - name = d2i_X509_NAME(NULL, &p, len); - if (name == NULL) - return FALSE; - - if (X509_NAME_cmp(name, X509_get_issuer_name(peer2)) != 0) { - X509_NAME_free(name); - return FALSE; - } - X509_NAME_free(name); - break; - } - case choice_CMSIdentifier_subjectKeyIdentifier: - return FALSE; - default: - return FALSE; - } - return TRUE; -} - -static krb5_error_code -pk_decrypt_key(krb5_context context, - heim_octet_string *encrypted_key, - EVP_PKEY *priv_key, - krb5_keyblock *key) -{ - int ret; - unsigned char *buf; - buf = malloc(EVP_PKEY_size(priv_key)); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - ret = EVP_PKEY_decrypt(buf, - encrypted_key->data, - encrypted_key->length, - priv_key); - if (ret <= 0) { - free(buf); - krb5_set_error_string(context, "Can't decrypt key: %s", - ERR_error_string(ERR_get_error(), NULL)); - return ENOMEM; - } - - key->keytype = 0; - key->keyvalue.length = ret; - key->keyvalue.data = malloc(ret); - if (key->keyvalue.data == NULL) { - free(buf); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - memcpy(key->keyvalue.data, buf, ret); - free(buf); - return 0; -} - - -static krb5_error_code -pk_verify_chain_standard(krb5_context context, - struct krb5_pk_identity *id, - const SignerIdentifier *client, - STACK_OF(X509) *chain, - X509 **client_cert) -{ - X509_STORE *cert_store = NULL; - X509_STORE_CTX *store_ctx = NULL; - X509 *cert = NULL; - int i; - int ret; - - ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; - for (i = 0; i < sk_X509_num(chain); i++) { - cert = sk_X509_value(chain, i); - if (pk_peer_compare(context, client, cert) == TRUE) { - ret = 0; - break; - } - } - if (ret) { - krb5_set_error_string(context, "PKINIT: verify chain failed " - "to find client in chain"); - return ret; - } - - cert_store = X509_STORE_new(); - if (cert_store == NULL) { - ret = ENOMEM; - krb5_set_error_string(context, "PKINIT: can't create X509 store: %s", - ERR_error_string(ERR_get_error(), NULL)); - } - - store_ctx = X509_STORE_CTX_new(); - if (store_ctx == NULL) { - ret = ENOMEM; - krb5_set_error_string(context, - "PKINIT: can't create X509 store ctx: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto end; - } - - X509_STORE_CTX_init(store_ctx, cert_store, cert, chain); - X509_STORE_CTX_trusted_stack(store_ctx, id->trusted_certs); - X509_verify_cert(store_ctx); - /* the last checked certificate is in store_ctx->current_cert */ - krb5_clear_error_string(context); - switch(store_ctx->error) { - case X509_V_OK: - ret = 0; - break; - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - ret = KRB5_KDC_ERR_CANT_VERIFY_CERTIFICATE; - krb5_set_error_string(context, "PKINIT: failed to verify " - "certificate: %s ", - X509_verify_cert_error_string(store_ctx->error)); - break; - case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: - case X509_V_ERR_CERT_SIGNATURE_FAILURE: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - case X509_V_ERR_CERT_HAS_EXPIRED: - ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; - krb5_set_error_string(context, "PKINIT: invalid certificate: %s ", - X509_verify_cert_error_string(store_ctx->error)); - break; - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: - case X509_V_ERR_CERT_CHAIN_TOO_LONG: - case X509_V_ERR_PATH_LENGTH_EXCEEDED: - case X509_V_ERR_INVALID_CA: - ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; - krb5_set_error_string(context, "PKINIT: unknown CA or can't " - "verify certificate: %s", - X509_verify_cert_error_string(store_ctx->error)); - break; - default: - ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; /* XXX */ - krb5_set_error_string(context, "PKINIT: failed to verify " - "certificate: %s (%ld) ", - X509_verify_cert_error_string(store_ctx->error), - (long)store_ctx->error); - break; - } - if (ret) - goto end; - - /* - * Since X509_verify_cert() doesn't do CRL checking at all, we have to - * perform own verification against CRLs - */ - /* - * XXX add crl checking - */ - - if (client_cert && cert) - *client_cert = X509_dup(cert); - - end: - if (cert_store) - X509_STORE_free(cert_store); - if (store_ctx) - X509_STORE_CTX_free(store_ctx); - return ret; -} - -static int -cert_to_X509(krb5_context context, CertificateSet *set, - STACK_OF(X509_CRL) **certs) -{ - krb5_error_code ret; - int i; - - *certs = sk_X509_new_null(); - - if (set == NULL) - return 0; - - ret = 0; - for (i = 0; i < set->len; i++) { - unsigned char *p; - X509 *cert; - - p = set->val[i].data; - cert = d2i_X509(NULL, &p, set->val[i].length); - if (cert == NULL) { - ret = ASN1_BAD_FORMAT; - break; - } - sk_X509_insert(*certs, cert, i); - } - if (ret) { - krb5_set_error_string(context, - "PKINIT: Failed to decode certificate chain"); - sk_X509_free(*certs); - *certs = NULL; - } - return ret; + return pk_mk_padata(context, type, ctx, req_body, nonce, md); } krb5_error_code KRB5_LIB_FUNCTION @@ -1048,144 +537,67 @@ _krb5_pk_verify_sign(krb5_context context, krb5_data *content, struct krb5_pk_cert **signer) { - STACK_OF(X509) *certificates; - SignerInfo *signer_info; - const EVP_MD *evp_type; - EVP_PKEY *public_key; - krb5_error_code ret; - EVP_MD_CTX md; - X509 *cert = NULL; - SignedData sd; - size_t size; - - *signer = NULL; - krb5_data_zero(content); - contentType->length = 0; - contentType->components = NULL; - - memset(&sd, 0, sizeof(sd)); - - ret = decode_SignedData(data, length, &sd, &size); - if (ret) { - krb5_set_error_string(context, - "PKINIT: decoding failed SignedData: %d", - ret); - goto out; - } - - if (sd.encapContentInfo.eContent == NULL) { - krb5_set_error_string(context, - "PKINIT: signature missing encapContent"); - ret = KRB5KRB_AP_ERR_MSG_TYPE; - goto out; - } - - /* XXX Check CMS version */ - - if (sd.signerInfos.len < 1) { - krb5_set_error_string(context, - "PKINIT: signature information missing from " - "pkinit response"); - ret = KRB5_KDC_ERR_INVALID_SIG; - goto out; - } - - signer_info = &sd.signerInfos.val[0]; - - { - CertificateSet set; - set.val = sd.certificates->val; - set.len = sd.certificates->len; + hx509_certs signer_certs; + int ret; - ret = cert_to_X509(context, &set, &certificates); - } - if (ret) { - krb5_set_error_string(context, - "PKINIT: failed to decode Certificates"); - goto out; - } + *signer = NULL; - ret = pk_verify_chain_standard(context, id, - &signer_info->sid, - certificates, - &cert); - sk_X509_free(certificates); + ret = hx509_cms_verify_signed(id->hx509ctx, + id->verify_ctx, + data, + length, + id->certpool, + contentType, + content, + &signer_certs); if (ret) - goto out; - - if (signer_info->signature.length == 0) { - free_SignedData(&sd); - X509_free(cert); - krb5_set_error_string(context, "PKINIT: signature missing from" - "pkinit response"); - return KRB5_KDC_ERR_INVALID_SIG; - } - - public_key = X509_get_pubkey(cert); - - /* verify signature */ - if (heim_oid_cmp(&signer_info->digestAlgorithm.algorithm, - oid_id_pkcs1_sha1WithRSAEncryption()) == 0) - evp_type = EVP_sha1(); - else if (heim_oid_cmp(&signer_info->digestAlgorithm.algorithm, - oid_id_pkcs1_md5WithRSAEncryption()) == 0) - evp_type = EVP_md5(); - else if (heim_oid_cmp(&signer_info->digestAlgorithm.algorithm, - oid_id_secsig_sha_1()) == 0) - evp_type = EVP_sha1(); - else { - X509_free(cert); - krb5_set_error_string(context, "PKINIT: The requested digest " - "algorithm is not supported"); - ret = KRB5_KDC_ERR_INVALID_SIG; - goto out; - } - - EVP_VerifyInit(&md, evp_type); - EVP_VerifyUpdate(&md, - sd.encapContentInfo.eContent->data, - sd.encapContentInfo.eContent->length); - ret = EVP_VerifyFinal(&md, - signer_info->signature.data, - signer_info->signature.length, - public_key); - if (ret != 1) { - X509_free(cert); - krb5_set_error_string(context, "PKINIT: signature didn't verify: %s", - ERR_error_string(ERR_get_error(), NULL)); - ret = KRB5_KDC_ERR_INVALID_SIG; - goto out; - } - - ret = copy_oid(&sd.encapContentInfo.eContentType, contentType); - if (ret) { - krb5_clear_error_string(context); - goto out; - } + return ret; - content->data = malloc(sd.encapContentInfo.eContent->length); - if (content->data == NULL) { + *signer = calloc(1, sizeof(**signer)); + if (*signer == NULL) { krb5_clear_error_string(context); ret = ENOMEM; goto out; } - content->length = sd.encapContentInfo.eContent->length; - memcpy(content->data,sd.encapContentInfo.eContent->data,content->length); + + /* XXX */ + { + hx509_cursor cursor; - *signer = malloc(sizeof(**signer)); - if (*signer == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; + ret = hx509_certs_start_seq(id->hx509ctx, + signer_certs, + &cursor); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + ret = hx509_certs_next_cert(id->hx509ctx, + signer_certs, + cursor, + &(*signer)->cert); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + ret = hx509_certs_end_seq(id->hx509ctx, + signer_certs, + cursor); + if (ret) { + krb5_clear_error_string(context); + goto out; + } } - (*signer)->cert = cert; - out: - free_SignedData(&sd); +out: + hx509_certs_free(&signer_certs); if (ret) { - free_oid(contentType); - krb5_data_free(content); + if (*signer) { + hx509_cert_free((*signer)->cert); + free(*signer); + *signer = NULL; + } } + return ret; } @@ -1297,10 +709,60 @@ get_reply_key(krb5_context context, static krb5_error_code -pk_verify_host(krb5_context context, struct krb5_pk_cert *host) +pk_verify_host(krb5_context context, + struct krb5_pk_init_ctx_data *ctx, + struct krb5_pk_cert *host) { - /* XXX */ - return 0; + krb5_error_code ret = 0; + + if (ctx->require_eku) { + ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert, + oid_id_pkkdcekuoid(), 0); + if (ret) { + krb5_clear_error_string(context); + return ret; + } + } + if (ctx->require_krbtgt_otherName) { + hx509_octet_string_list list; + krb5_error_code ret; + int i; + + ret = hx509_cert_find_subjectAltName_otherName(host->cert, + oid_id_pkinit_san(), + &list); + if (ret) { + krb5_clear_error_string(context); + return ret; + } + + for (i = 0; i < list.len; i++) { + KRB5PrincipalName r; + ret = decode_KRB5PrincipalName(list.val[i].data, + list.val[i].length, + &r, + NULL); + if (ret) { + krb5_clear_error_string(context); + break; + } + +#if 0 + if (r.principalName.name.len != 2) { + krb5_clear_error_string(context); + ret = EINVAL; + } +#endif + /* XXX verify realm */ + + free_KRB5PrincipalName(&r); + if (ret) + break; + } + hx509_free_octet_string_list(&list); + } + + return ret; } static krb5_error_code @@ -1316,33 +778,12 @@ pk_rd_pa_reply_enckey(krb5_context context, krb5_keyblock **key) { krb5_error_code ret; - EnvelopedData ed; - krb5_keyblock tmp_key; - krb5_crypto crypto; - krb5_data plain; - KeyTransRecipientInfo *ri; - int length; + struct krb5_pk_cert *host = NULL; size_t size; - X509 *user_cert; + int length; void *p; - krb5_boolean bret; krb5_data content; heim_oid contentType = { 0, NULL }; - struct krb5_pk_cert *host = NULL; - heim_octet_string encryptedContent; - heim_octet_string *any; - krb5_data ivec; - krb5_data params; - - - memset(&tmp_key, 0, sizeof(tmp_key)); - memset(&ed, 0, sizeof(ed)); - krb5_data_zero(&plain); - krb5_data_zero(&content); - krb5_data_zero(&encryptedContent); - krb5_data_zero(&ivec); - - user_cert = sk_X509_value(ctx->id->cert, 0); if (heim_oid_cmp(oid_id_pkcs7_envelopedData(), &rep->contentType)) { krb5_set_error_string(context, "PKINIT: Invalid content type"); @@ -1354,106 +795,17 @@ pk_rd_pa_reply_enckey(krb5_context context, return EINVAL; } - ret = decode_EnvelopedData(rep->content->data, + ret = hx509_cms_unenvelope(ctx->id->hx509ctx, + ctx->id->certs, + rep->content->data, rep->content->length, - &ed, - &size); - if (ret) { - free_EnvelopedData(&ed); - return ret; - } - - if (ed.recipientInfos.len != 1) { - free_EnvelopedData(&ed); - krb5_set_error_string(context, "pkinit: Number of recipient infos " - "not one (%d)", - ed.recipientInfos.len); - return EINVAL; /* XXX */ - } - - ri = &ed.recipientInfos.val[0]; - - /* XXX make SignerIdentifier and RecipientIdentifier the same */ - bret = pk_peer_compare(context, (SignerIdentifier *)&ri->rid, user_cert); - if (bret == FALSE) { - ret = KRB5KRB_AP_ERR_BADMATCH; /* XXX */ - goto out; - } - - if (heim_oid_cmp(oid_id_pkcs1_rsaEncryption(), - &ri->keyEncryptionAlgorithm.algorithm)) { - krb5_set_error_string(context, "PKINIT: invalid content type"); - return EINVAL; - } - - ret = pk_decrypt_key(context, &ri->encryptedKey, - ctx->id->private_key, &tmp_key); - if (ret) - goto out; - - - /* - * Try to verify content type. We can't do this for W2K case - * because W2K/W2K3 sends id-pkcs7-data, but Windows Vista sends - * id-pkcs7-signedData to all versions, even W2K clients. - */ - - if (type != COMPAT_WIN2K) { - if (heim_oid_cmp(&ed.encryptedContentInfo.contentType, oid_id_pkcs7_signedData())) { - ret = KRB5KRB_AP_ERR_MSG_TYPE; - goto out; - } - } - - if (ed.encryptedContentInfo.encryptedContent == NULL) { - krb5_set_error_string(context, "PKINIT: OPTIONAL encryptedContent " - "field not filled in in KDC reply"); - ret = KRB5_BADMSGTYPE; - goto out; - } - - any = ed.encryptedContentInfo.encryptedContent; - ret = der_get_octet_string(any->data, any->length, - &encryptedContent, NULL); - if (ret) { - krb5_set_error_string(context, - "PKINIT: encryptedContent content invalid"); - goto out; - } - - if (ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters == NULL){ - krb5_set_error_string(context, - "PKINIT: encryptedContent parameter missing"); - ret = KRB5_BADMSGTYPE; - goto out; - } - - params.data = ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters->data; - params.length = ed.encryptedContentInfo.contentEncryptionAlgorithm.parameters->length; - - ret = _krb5_oid_to_enctype(context, - &ed.encryptedContentInfo.contentEncryptionAlgorithm.algorithm, - &tmp_key.keytype); - if (ret) - goto out; - - ret = krb5_crypto_init(context, &tmp_key, 0, &crypto); - if (ret) - goto out; - - ret = krb5_crypto_get_params(context, crypto, ¶ms, &ivec); + &contentType, + &content); if (ret) - goto out; - - ret = krb5_decrypt_ivec(context, crypto, - 0, - encryptedContent.data, - encryptedContent.length, - &plain, - ivec.data); + return ret; - p = plain.data; - length = plain.length; + p = content.data; + length = content.length; /* win2k uses ContentInfo */ if (type == COMPAT_WIN2K) { @@ -1472,6 +824,13 @@ pk_rd_pa_reply_enckey(krb5_context context, krb5_set_error_string(context, "PKINIT: Invalid content type"); goto out; } + if (ci.content == NULL) { + ret = EINVAL; /* XXX */ + krb5_set_error_string(context, "PKINIT: Invalid content type"); + goto out; + } + krb5_data_free(&content); + content = *ci.content; p = ci.content->data; length = ci.content->length; } @@ -1487,7 +846,7 @@ pk_rd_pa_reply_enckey(krb5_context context, goto out; /* make sure that it is the kdc's certificate */ - ret = pk_verify_host(context, host); + ret = pk_verify_host(context, ctx, host); if (ret) { krb5_set_error_string(context, "PKINIT: failed verify host: %d", ret); goto out; @@ -1528,11 +887,7 @@ pk_rd_pa_reply_enckey(krb5_context context, if (host) _krb5_pk_cert_free(host); free_oid(&contentType); - free_octet_string(&encryptedContent); krb5_data_free(&content); - krb5_free_keyblock_contents(context, &tmp_key); - krb5_data_free(&plain); - krb5_data_free(&ivec); return ret; } @@ -1550,7 +905,6 @@ pk_rd_pa_reply_dh(krb5_context context, krb5_keyblock **key) { unsigned char *p, *dh_gen_key = NULL; - ASN1_INTEGER *dh_pub_key = NULL; struct krb5_pk_cert *host = NULL; BIGNUM *kdc_dh_pubkey = NULL; KDCDHKeyInfo kdc_dh_info; @@ -1584,7 +938,7 @@ pk_rd_pa_reply_dh(krb5_context context, goto out; /* make sure that it is the kdc's certificate */ - ret = pk_verify_host(context, host); + ret = pk_verify_host(context, ctx, host); if (ret) goto out; @@ -1623,7 +977,7 @@ pk_rd_pa_reply_dh(krb5_context context, } } else { if (k_n) { - krb5_set_error_string(context, "pkinit; got server nonce " + krb5_set_error_string(context, "pkinit: got server nonce " "without key expiration"); ret = KRB5KRB_ERR_GENERIC; goto out; @@ -1634,22 +988,24 @@ pk_rd_pa_reply_dh(krb5_context context, p = kdc_dh_info.subjectPublicKey.data; size = (kdc_dh_info.subjectPublicKey.length + 7) / 8; - dh_pub_key = d2i_ASN1_INTEGER(NULL, &p, size); - if (dh_pub_key == NULL) { - krb5_set_error_string(context, - "PKINIT: Can't parse KDC's DH public key"); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } - kdc_dh_pubkey = ASN1_INTEGER_to_BN(dh_pub_key, NULL); - if (kdc_dh_pubkey == NULL) { - krb5_set_error_string(context, - "PKINIT: Can't convert KDC's DH public key"); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } + { + DHPublicKey k; + ret = decode_DHPublicKey(p, size, &k, NULL); + if (ret) { + krb5_set_error_string(context, "pkinit: can't decode " + "without key expiration"); + goto out; + } + kdc_dh_pubkey = integer_to_BN(context, "DHPublicKey", &k); + free_DHPublicKey(&k); + if (kdc_dh_pubkey == NULL) { + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + } + dh_gen_keylen = DH_size(ctx->dh); size = BN_num_bytes(ctx->dh->p); if (size < dh_gen_keylen) @@ -1667,8 +1023,7 @@ pk_rd_pa_reply_dh(krb5_context context, kdc_dh_pubkey, ctx->dh); if (dh_gen_keylen == -1) { krb5_set_error_string(context, - "PKINIT: Can't compute Diffie-Hellman key (%s)", - ERR_error_string(ERR_get_error(), NULL)); + "PKINIT: Can't compute Diffie-Hellman key"); ret = KRB5KRB_ERR_GENERIC; goto out; } @@ -1700,8 +1055,6 @@ pk_rd_pa_reply_dh(krb5_context context, memset(dh_gen_key, 0, DH_size(ctx->dh)); free(dh_gen_key); } - if (dh_pub_key) - ASN1_INTEGER_free(dh_pub_key); if (host) _krb5_pk_cert_free(host); if (content.data) @@ -1726,7 +1079,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, ContentInfo ci; size_t size; - /* Check for PK-INIT -27 */ + /* Check for IETF PK-INIT first */ if (pa->padata_type == KRB5_PADATA_PK_AS_REP) { PA_PK_AS_REP rep; @@ -1747,7 +1100,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, &size); if (ret) { krb5_set_error_string(context, - "PKINIT: -25 decoding failed DH " + "PKINIT: decoding failed DH " "ContentInfo: %d", ret); free_PA_PK_AS_REP(&rep); @@ -1821,7 +1174,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, return ret; } ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &ci, ctx, - etype, hi, nonce, NULL, pa, key); + etype, hi, nonce, req_buffer, pa, key); free_ContentInfo(&ci); break; default: @@ -1837,598 +1190,158 @@ _krb5_pk_rd_pa_reply(krb5_context context, return ret; } -static int -ssl_pass_cb(char *buf, int size, int rwflag, void *u) +struct prompter { + krb5_context context; + krb5_prompter_fct prompter; + void *prompter_data; +}; + +static int +hx_pass_prompter(void *data, const hx509_prompt *prompter) { krb5_error_code ret; krb5_prompt prompt; krb5_data password_data; - krb5_prompter_fct prompter = u; + struct prompter *p = data; - password_data.data = buf; - password_data.length = size; + password_data.data = prompter->reply->data; + password_data.length = prompter->reply->length; prompt.prompt = "Enter your private key passphrase: "; prompt.hidden = 1; prompt.reply = &password_data; - prompt.type = KRB5_PROMPT_TYPE_PASSWORD; + if (prompter->hidden) + prompt.type = KRB5_PROMPT_TYPE_PASSWORD; + else + prompt.type = KRB5_PROMPT_TYPE_PREAUTH; /* XXX */ - ret = (*prompter)(NULL, NULL, NULL, NULL, 1, &prompt); + ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt); if (ret) { - memset (buf, 0, size); + memset (prompter->reply->data, 0, prompter->reply->length); return 0; } - return strlen(buf); -} - -static krb5_error_code -load_openssl_cert(krb5_context context, - const char *file, - STACK_OF(X509) **c) -{ - STACK_OF(X509) *certificate; - krb5_error_code ret; - FILE *f; - - f = fopen(file, "r"); - if (f == NULL) { - ret = errno; - krb5_set_error_string(context, "PKINIT: open failed %s: %s", - file, strerror(ret)); - return ret; - } - - certificate = sk_X509_new_null(); - while (1) { - /* see http://www.openssl.org/docs/crypto/pem.html section BUGS */ - X509 *cert; - cert = PEM_read_X509(f, NULL, NULL, NULL); - if (cert == NULL) { - if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE) { - /* End of file reached. no error */ - ERR_clear_error(); - break; - } - krb5_set_error_string(context, "PKINIT: Can't read certificate"); - fclose(f); - return HEIM_PKINIT_CERTIFICATE_INVALID; - } - sk_X509_insert(certificate, cert, sk_X509_num(certificate)); - } - fclose(f); - if (sk_X509_num(certificate) == 0) { - krb5_set_error_string(context, "PKINIT: No certificate found"); - return HEIM_PKINIT_NO_CERTIFICATE; - } - *c = certificate; - return 0; -} - -static krb5_error_code -load_openssl_file(krb5_context context, - char *password, - krb5_prompter_fct prompter, - void *prompter_data, - const char *user_id, - struct krb5_pk_identity *id) -{ - krb5_error_code ret; - STACK_OF(X509) *certificate = NULL; - char *cert_file = NULL, *key_file; - EVP_PKEY *private_key = NULL; - FILE *f; - - cert_file = strdup(user_id); - if (cert_file == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - key_file = strchr(cert_file, ','); - if (key_file == NULL) { - krb5_set_error_string(context, "PKINIT: key file missing"); - ret = HEIM_PKINIT_NO_PRIVATE_KEY; - goto out; - } - *key_file++ = '\0'; - - ret = load_openssl_cert(context, cert_file, &certificate); - if (ret) - goto out; - - /* load private key */ - f = fopen(key_file, "r"); - if (f == NULL) { - ret = errno; - krb5_set_error_string(context, "PKINIT: open %s: %s", - key_file, strerror(ret)); - goto out; - } - if (password == NULL || password[0] == '\0') { - if (prompter == NULL) - prompter = krb5_prompter_posix; - private_key = PEM_read_PrivateKey(f, NULL, ssl_pass_cb, prompter); - } else - private_key = PEM_read_PrivateKey(f, NULL, NULL, password); - fclose(f); - if (private_key == NULL) { - krb5_set_error_string(context, "PKINIT: Can't read private key"); - ret = HEIM_PKINIT_PRIVATE_KEY_INVALID; - goto out; - } - ret = X509_check_private_key(sk_X509_value(certificate, 0), private_key); - if (ret != 1) { - ret = HEIM_PKINIT_PRIVATE_KEY_INVALID; - krb5_set_error_string(context, - "PKINIT: The private key doesn't match " - "the public key certificate"); - goto out; - } - - id->private_key = private_key; - id->cert = certificate; - - return 0; - out: - if (cert_file) - free(cert_file); - if (certificate) - sk_X509_pop_free(certificate, X509_free); - if (private_key) - EVP_PKEY_free(private_key); - - return ret; -} - -static int -add_pair(krb5_context context, char *str, char ***cmds, int *num) -{ - char **c; - char *p; - int i; - - p = strchr(str, ':'); - if (p) { - *p = '\0'; - p++; - } - - /* filter out dup keys */ - for (i = 0; i < *num; i++) - if (strcmp((*cmds)[i * 2], str) == 0) - return 0; - - c = realloc(*cmds, sizeof(*c) * ((*num + 1) * 2)); - if (c == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - c[(*num * 2)] = str; - c[(*num * 2) + 1] = p; - *num += 1; - *cmds = c; - return 0; -} - -static krb5_error_code -eval_pairs(krb5_context context, ENGINE *e, const char *name, - const char *type, char **cmds, int num) -{ - int i; - - for (i = 0; i < num; i++) { - char *a1 = cmds[i * 2], *a2 = cmds[(i * 2) + 1]; - if(!ENGINE_ctrl_cmd_string(e, a1, a2, 0)) { - krb5_set_error_string(context, - "PKINIT: Failed %scommand (%s - %s:%s): %s", - type, name, a1, a2 ? a2 : "(NULL)", - ERR_error_string(ERR_get_error(), NULL)); - return HEIM_PKINIT_NO_PRIVATE_KEY; - } - } - return 0; -} - -struct engine_context { - char **pre_cmds; - char **post_cmds; - int num_pre; - int num_post; - char *engine_name; - char *cert_file; - char *key_id; -}; - -static krb5_error_code -parse_openssl_engine_conf(krb5_context context, - struct engine_context *ctx, - char *line) -{ - krb5_error_code ret; - char *last, *p, *q; - - for (p = strtok_r(line, ",", &last); - p != NULL; - p = strtok_r(NULL, ",", &last)) { - - q = strchr(p, '='); - if (q == NULL) { - krb5_set_error_string(context, - "PKINIT: openssl engine configuration " - "key %s missing = and thus value", p); - return HEIM_PKINIT_NO_PRIVATE_KEY; - } - *q = '\0'; - q++; - if (strcasecmp("PRE", p) == 0) { - ret = add_pair(context, q, &ctx->pre_cmds, &ctx->num_pre); - if (ret) - return ret; - } else if (strcasecmp("POST", p) == 0) { - ret = add_pair(context, q, &ctx->post_cmds, &ctx->num_post); - if (ret) - return ret; - } else if (strcasecmp("KEY", p) == 0) { - ctx->key_id = q; - } else if (strcasecmp("CERT", p) == 0) { - ctx->cert_file = q; - } else if (strcasecmp("ENGINE", p) == 0) { - ctx->engine_name = q; - } else { - krb5_set_error_string(context, - "PKINIT: openssl engine configuration " - "key %s is unknown", p); - return HEIM_PKINIT_NO_PRIVATE_KEY; - } - } - return 0; -} - - -static krb5_error_code -load_openssl_engine(krb5_context context, - char *password, - krb5_prompter_fct prompter, - void *prompter_data, - const char *string, - struct krb5_pk_identity *id) -{ - struct engine_context ctx; - krb5_error_code ret; - const char *f; - char *file_conf = NULL, *user_conf = NULL; - ENGINE *e = NULL; - - memset(&ctx, 0, sizeof(ctx)); - - ENGINE_load_builtin_engines(); - - user_conf = strdup(string); - if (user_conf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - ret = parse_openssl_engine_conf(context, &ctx, user_conf); - if (ret) - goto out; - - f = krb5_config_get_string_default(context, NULL, NULL, - "libdefaults", - "pkinit-openssl-engine", - NULL); - if (f) { - file_conf = strdup(f); - if (file_conf) { - ret = parse_openssl_engine_conf(context, &ctx, file_conf); - if (ret) - goto out; - } - } - - if (ctx.cert_file == NULL) { - krb5_set_error_string(context, - "PKINIT: openssl engine missing certificate"); - ret = HEIM_PKINIT_NO_CERTIFICATE; - goto out; - } - if (ctx.key_id == NULL) { - krb5_set_error_string(context, - "PKINIT: openssl engine missing key id"); - ret = HEIM_PKINIT_NO_PRIVATE_KEY; - goto out; - } - if (ctx.engine_name == NULL) { - krb5_set_error_string(context, - "PKINIT: openssl engine missing engine name"); - ret = HEIM_PKINIT_NO_PRIVATE_KEY; - goto out; - } - - e = ENGINE_by_id(ctx.engine_name); - if (e == NULL) { - krb5_set_error_string(context, - "PKINIT: failed getting openssl engine %s: %s", - ctx.engine_name, - ERR_error_string(ERR_get_error(), NULL)); - ret = HEIM_PKINIT_NO_PRIVATE_KEY; - goto out; - } - - ret = eval_pairs(context, e, ctx.engine_name, "pre", - ctx.pre_cmds, ctx.num_pre); - if (ret) - goto out; - - if(!ENGINE_init(e)) { - ret = HEIM_PKINIT_NO_PRIVATE_KEY; - krb5_set_error_string(context, - "PKINIT: openssl engine init %s failed: %s", - ctx.engine_name, - ERR_error_string(ERR_get_error(), NULL)); - ENGINE_free(e); - goto out; - } - - ret = eval_pairs(context, e, ctx.engine_name, "post", - ctx.post_cmds, ctx.num_post); - if (ret) - goto out; - - /* - * If the engine supports a LOAD_CERT_CTRL function, lets try - * it. OpenSC support this function. Eventially this should be - * a ENGINE_load_cert function if it failes, treat it like a - * non fatal error. - */ - { - struct { - const char * cert_id; - X509 * cert; - } parms; - - parms.cert_id = ctx.cert_file; - parms.cert = NULL; - ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); - if (parms.cert) { - id->cert = sk_X509_new_null(); - sk_X509_insert(id->cert, parms.cert, 0); - } - } - - if (id->cert == NULL) { - ret = load_openssl_cert(context, ctx.cert_file, &id->cert); - if (ret) - goto out; - } - - { - UI_METHOD * krb5_ui_method = NULL; - struct krb5_ui_data ui_data; - - krb5_ui_method = UI_create_method("Krb5 ui method"); - if (krb5_ui_method == NULL) { - krb5_set_error_string(context, - "PKINIT: failed to setup prompter " - "function: %s", - ERR_error_string(ERR_get_error(), NULL)); - ret = HEIM_PKINIT_NO_PRIVATE_KEY; - goto out; - } - UI_method_set_reader(krb5_ui_method, krb5_ui_method_read_string); - - ui_data.context = context; - ui_data.prompter = prompter; - if (prompter == NULL) - ui_data.prompter = krb5_prompter_posix; - ui_data.prompter_data = prompter_data; - - id->private_key = ENGINE_load_private_key(e, - ctx.key_id, - krb5_ui_method, - (void*) &ui_data); - UI_destroy_method(krb5_ui_method); - } - - if (id->private_key == NULL) { - krb5_set_error_string(context, - "PKINIT: failed to load private key: %s", - ERR_error_string(ERR_get_error(), NULL)); - ret = HEIM_PKINIT_NO_PRIVATE_KEY; - goto out; - } - - ret = X509_check_private_key(sk_X509_value(id->cert, 0), id->private_key); - if (ret != 1) { - ret = HEIM_PKINIT_PRIVATE_KEY_INVALID; - krb5_set_error_string(context, - "PKINIT: The private key doesn't match " - "the public key certificate"); - goto out; - } - - if (user_conf) - free(user_conf); - if (file_conf) - free(file_conf); - - id->engine = e; - - return 0; - - out: - if (user_conf) - free(user_conf); - if (file_conf) - free(file_conf); - if (e) { - ENGINE_finish(e); /* make sure all shared libs are unloaded */ - ENGINE_free(e); - } - - return ret; + return strlen(prompter->reply->data); } krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_load_openssl_id(krb5_context context, - struct krb5_pk_identity **ret_id, - const char *user_id, - const char *x509_anchors, - krb5_prompter_fct prompter, - void *prompter_data, - char *password) +_krb5_pk_load_id(krb5_context context, + struct krb5_pk_identity **ret_id, + const char *user_id, + const char *anchor_id, + char * const *chain, + char * const *revoke, + krb5_prompter_fct prompter, + void *prompter_data, + char *password) { - STACK_OF(X509) *trusted_certs = NULL; struct krb5_pk_identity *id = NULL; - krb5_error_code ret; - struct dirent *file; - char *dirname = NULL; - DIR *dir; - FILE *f; - krb5_error_code (*load_pair)(krb5_context, - char *, - krb5_prompter_fct, - void *, - const char *, - struct krb5_pk_identity *) = NULL; - + hx509_lock lock = NULL; + struct prompter p; + int ret; *ret_id = NULL; - if (x509_anchors == NULL) { - krb5_set_error_string(context, "PKINIT: No root ca directory given"); + if (anchor_id == NULL) { + krb5_set_error_string(context, "PKINIT: No anchor given"); return HEIM_PKINIT_NO_VALID_CA; } if (user_id == NULL) { krb5_set_error_string(context, - "PKINIT: No user X509 source given given"); + "PKINIT: No user certificate given"); return HEIM_PKINIT_NO_PRIVATE_KEY; } - /* - * - */ - - if (strncasecmp(user_id, "FILE:", 5) == 0) { - load_pair = load_openssl_file; - user_id += 5; - } else if (strncasecmp(user_id, "ENGINE:", 7) == 0) { - load_pair = load_openssl_engine; - user_id += 7; - } else { - krb5_set_error_string(context, "PKINIT: user identity not FILE"); - return HEIM_PKINIT_NO_CERTIFICATE; - } - if (strncasecmp(x509_anchors, "OPENSSL-ANCHOR-DIR:", 19) != 0) { - krb5_set_error_string(context, "PKINIT: anchor OPENSSL-ANCHOR-DIR"); - return HEIM_PKINIT_NO_VALID_CA; - } - x509_anchors += 19; + /* load cert */ - id = malloc(sizeof(*id)); + id = calloc(1, sizeof(*id)); if (id == NULL) { krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } - memset(id, 0, sizeof(*id)); - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - - ret = (*load_pair)(context, password, prompter, prompter_data, user_id, id); + ret = hx509_context_init(&id->hx509ctx); if (ret) goto out; - /* load anchors */ + ret = hx509_lock_init(id->hx509ctx, &lock); + if (password) + hx509_lock_add_password(lock, password); - dirname = strdup(x509_anchors); - if (dirname == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } + if (prompter) { + p.context = context; + p.prompter = prompter; + p.prompter_data = prompter_data; - { - size_t len; - len = strlen(dirname); - if (dirname[len - 1] == '/') - dirname[len - 1] = '\0'; + ret = hx509_lock_set_prompter(lock, hx_pass_prompter, &p); + if (ret) + goto out; } - /* read ca certificates */ - dir = opendir(dirname); - if (dir == NULL) { - ret = errno; - krb5_set_error_string(context, "PKINIT: open directory %s: %s", - dirname, strerror(ret)); + ret = hx509_certs_init(id->hx509ctx, user_id, 0, NULL, &id->certs); + if (ret) goto out; - } - trusted_certs = sk_X509_new_null(); - while ((file = readdir(dir)) != NULL) { - X509 *cert; - char *filename; + ret = hx509_certs_init(id->hx509ctx, anchor_id, 0, NULL, &id->anchors); + if (ret) + goto out; - /* - * Assume the certificate filenames constist of hashed subject - * name followed by suffix ".0" - */ + ret = hx509_certs_init(id->hx509ctx, "MEMORY:pkinit-cert-chain", + 0, NULL, &id->certpool); + if (ret) + goto out; - if (strlen(file->d_name) == 10 && strcmp(&file->d_name[8],".0") == 0) { - asprintf(&filename, "%s/%s", dirname, file->d_name); - if (filename == NULL) { - ret = ENOMEM; - krb5_set_error_string(context, "malloc: out or memory"); - goto out; - } - f = fopen(filename, "r"); - if (f == NULL) { - ret = errno; - krb5_set_error_string(context, "PKINIT: open %s: %s", - filename, strerror(ret)); - free(filename); - closedir(dir); - goto out; - } - cert = PEM_read_X509(f, NULL, NULL, NULL); - fclose(f); - if (cert != NULL) { - /* order of the certs is not important */ - sk_X509_push(trusted_certs, cert); - } - free(filename); + while (chain && *chain) { + ret = hx509_certs_append(id->hx509ctx, id->certpool, NULL, *chain); + if (ret) { + krb5_set_error_string(context, + "pkinit failed to load chain %s", + *chain); + goto out; } + chain++; } - closedir(dir); - if (sk_X509_num(trusted_certs) == 0) { - krb5_set_error_string(context, - "PKINIT: No CA certificate(s) found in %s", - dirname); - ret = HEIM_PKINIT_NO_VALID_CA; - goto out; - } + if (revoke) { + ret = hx509_revoke_init(id->hx509ctx, &id->revoke); + if (ret) { + krb5_set_error_string(context, "revoke failed to init"); + goto out; + } - id->trusted_certs = trusted_certs; + while (*revoke) { + ret = hx509_revoke_add_crl(id->hx509ctx, id->revoke, *revoke); + if (ret) { + krb5_set_error_string(context, + "pkinit failed to load revoke %s", + *revoke); + goto out; + } + revoke++; + } + } else + hx509_context_set_missing_revoke(id->hx509ctx, 1); - *ret_id = id; + ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx); + if (ret) + goto out; - return 0; + hx509_verify_attach_anchors(id->verify_ctx, id->anchors); + hx509_verify_attach_revoke(id->verify_ctx, id->revoke); - out: - if (dirname) - free(dirname); - if (trusted_certs) - sk_X509_pop_free(trusted_certs, X509_free); - if (id) { - if (id->cert) - sk_X509_pop_free(id->cert, X509_free); - if (id->private_key) - EVP_PKEY_free(id->private_key); +out: + if (ret) { + hx509_verify_destroy_ctx(id->verify_ctx); + hx509_certs_free(&id->certs); + hx509_certs_free(&id->anchors); + hx509_certs_free(&id->certpool); + hx509_revoke_free(&id->revoke); + hx509_context_free(&id->hx509ctx); free(id); - } + } else + *ret_id = id; + + hx509_lock_free(lock); return ret; } @@ -2704,17 +1617,12 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) DH_free(ctx->dh); ctx->dh = NULL; if (ctx->id) { - if (ctx->id->cert) - sk_X509_pop_free(ctx->id->cert, X509_free); - if (ctx->id->trusted_certs) - sk_X509_pop_free(ctx->id->trusted_certs, X509_free); - if (ctx->id->private_key) - EVP_PKEY_free(ctx->id->private_key); - if (ctx->id->engine) { - ENGINE_finish(ctx->id->engine); /* unload shared libs etc */ - ENGINE_free(ctx->id->engine); - ctx->id->engine = NULL; - } + hx509_verify_destroy_ctx(ctx->id->verify_ctx); + hx509_certs_free(&ctx->id->certs); + hx509_certs_free(&ctx->id->anchors); + hx509_certs_free(&ctx->id->certpool); + hx509_context_free(&ctx->id->hx509ctx); + if (ctx->clientDHNonce) { krb5_free_data(NULL, ctx->clientDHNonce); ctx->clientDHNonce = NULL; @@ -2734,6 +1642,8 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, krb5_principal principal, const char *user_id, const char *x509_anchors, + char * const * chain, + char * const * revoke, int flags, krb5_prompter_fct prompter, void *prompter_data, @@ -2757,14 +1667,18 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, opt->opt_private->pk_init_ctx->id = NULL; opt->opt_private->pk_init_ctx->clientDHNonce = NULL; opt->opt_private->pk_init_ctx->require_binding = 0; - - ret = _krb5_pk_load_openssl_id(context, - &opt->opt_private->pk_init_ctx->id, - user_id, - x509_anchors, - prompter, - prompter_data, - password); + opt->opt_private->pk_init_ctx->require_eku = 1; + opt->opt_private->pk_init_ctx->require_krbtgt_otherName = 1; + + ret = _krb5_pk_load_id(context, + &opt->opt_private->pk_init_ctx->id, + user_id, + x509_anchors, + chain, + revoke, + prompter, + prompter_data, + password); if (ret) { free(opt->opt_private->pk_init_ctx); opt->opt_private->pk_init_ctx = NULL; diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index 6cc49945cc..34086b1fbe 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -41,7 +41,7 @@ #include #include "resolve.h" -RCSID("$Id: principal.c,v 1.92 2005/12/11 17:48:13 lha Exp $"); +RCSID("$Id: principal.c,v 1.94 2006/04/10 10:10:01 lha Exp $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) @@ -105,7 +105,7 @@ parse_name(krb5_context context, { krb5_error_code ret; heim_general_string *comp; - heim_general_string realm; + heim_general_string realm = NULL; int ncomp; const char *p; @@ -246,6 +246,7 @@ exit: free(comp[--n]); } free(comp); + free(realm); free(s); return ret; } @@ -825,16 +826,21 @@ krb5_425_conv_principal_ext2(krb5_context context, struct dns_reply *r; r = dns_lookup(instance, "aaaa"); - if (r && r->head && r->head->type == T_AAAA) { - inst = strdup(r->head->domain); + if (r) { + if (r->head && r->head->type == T_AAAA) { + inst = strdup(r->head->domain); + dns_free_data(r); + passed = TRUE; + } dns_free_data(r); - passed = TRUE; } else { r = dns_lookup(instance, "a"); - if(r && r->head && r->head->type == T_A) { - inst = strdup(r->head->domain); + if (r) { + if(r->head && r->head->type == T_A) { + inst = strdup(r->head->domain); + passed = TRUE; + } dns_free_data(r); - passed = TRUE; } } #else diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c index d62adadf26..520b3a1418 100644 --- a/source4/heimdal/lib/krb5/rd_cred.c +++ b/source4/heimdal/lib/krb5/rd_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_cred.c,v 1.26 2005/11/02 08:36:42 lha Exp $"); +RCSID("$Id: rd_cred.c,v 1.28 2006/04/02 02:27:33 lha Exp $"); static krb5_error_code compare_addrs(krb5_context context, @@ -257,8 +257,10 @@ krb5_rd_cred(krb5_context context, ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, &cred.tickets.val[i], &len, ret); - if (ret) + if (ret) { + free(creds); goto out; + } if(creds->ticket.length != len) krb5_abortx(context, "internal error in ASN.1 encoder"); copy_EncryptionKey (&kci->key, &creds->session); @@ -302,6 +304,7 @@ krb5_rd_cred(krb5_context context, for(i = 0; (*ret_creds)[i]; i++) krb5_free_creds(context, (*ret_creds)[i]); free(*ret_creds); + *ret_creds = NULL; } return ret; } diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c index bf82ad556e..c52ac175fd 100644 --- a/source4/heimdal/lib/krb5/rd_priv.c +++ b/source4/heimdal/lib/krb5/rd_priv.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_priv.c,v 1.32 2006/03/18 22:15:57 lha Exp $"); +RCSID("$Id: rd_priv.c,v 1.33 2006/04/12 16:18:10 lha Exp $"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_priv(krb5_context context, @@ -50,8 +50,8 @@ krb5_rd_priv(krb5_context context, krb5_keyblock *key; krb5_crypto crypto; - if (outdata) - krb5_data_zero(outdata); + if (outbuf) + krb5_data_zero(outbuf); if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && @@ -161,7 +161,7 @@ krb5_rd_priv(krb5_context context, (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) { /* if these fields are not present in the priv-part, silently return zero */ - krb5_data_zero(outdata); + memset(outdata, 0, sizeof(*outdata)); if(part.timestamp) outdata->timestamp = *part.timestamp; if(part.usec) diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index 313c14f6e6..0d4635b964 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_req.c,v 1.61 2005/11/29 18:22:51 lha Exp $"); +RCSID("$Id: rd_req.c,v 1.63 2006/04/10 10:14:44 lha Exp $"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -279,8 +279,10 @@ krb5_verify_authenticator_checksum(krb5_context context, &authenticator); if(ret) return ret; - if(authenticator->cksum == NULL) + if(authenticator->cksum == NULL) { + krb5_free_authenticator(context, &authenticator); return -17; + } ret = krb5_auth_con_getkey(context, ac, &key); if(ret) { krb5_free_authenticator(context, &authenticator); @@ -340,6 +342,9 @@ krb5_verify_ap_req2(krb5_context context, krb5_error_code ret; EtypeList etypes; + if (ticket) + *ticket = NULL; + if (auth_context && *auth_context) { ac = *auth_context; } else { @@ -348,13 +353,12 @@ krb5_verify_ap_req2(krb5_context context, return ret; } - t = malloc(sizeof(*t)); + t = calloc(1, sizeof(*t)); if (t == NULL) { ret = ENOMEM; krb5_clear_error_string (context); goto out; } - memset(t, 0, sizeof(*t)); if (ap_req->ap_options.use_session_key && ac->keyblock){ ret = krb5_decrypt_ticket(context, &ap_req->ticket, @@ -372,14 +376,17 @@ krb5_verify_ap_req2(krb5_context context, if(ret) goto out; - _krb5_principalname2krb5_principal(&t->server, ap_req->ticket.sname, - ap_req->ticket.realm); - _krb5_principalname2krb5_principal(&t->client, t->ticket.cname, - t->ticket.crealm); + ret = _krb5_principalname2krb5_principal(&t->server, ap_req->ticket.sname, + ap_req->ticket.realm); + if (ret) goto out; + ret = _krb5_principalname2krb5_principal(&t->client, t->ticket.cname, + t->ticket.crealm); + if (ret) goto out; /* save key */ - krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock); + ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock); + if (ret) goto out; ret = decrypt_authenticator (context, &t->ticket.key, diff --git a/source4/heimdal/lib/krb5/replay.c b/source4/heimdal/lib/krb5/replay.c index ec99f86c7c..b89f150159 100644 --- a/source4/heimdal/lib/krb5/replay.c +++ b/source4/heimdal/lib/krb5/replay.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: replay.c,v 1.10 2004/05/25 21:41:15 lha Exp $"); +RCSID("$Id: replay.c,v 1.12 2006/04/10 17:13:49 lha Exp $"); struct krb5_rcache_data { char *name; @@ -58,6 +58,7 @@ krb5_rc_resolve_type(krb5_context context, krb5_rcache *id, const char *type) { + *id = NULL; if(strcmp(type, "FILE")) { krb5_set_error_string (context, "replay cache type %s not supported", type); @@ -77,6 +78,9 @@ krb5_rc_resolve_full(krb5_context context, const char *string_name) { krb5_error_code ret; + + *id = NULL; + if(strncmp(string_name, "FILE:", 5)) { krb5_set_error_string (context, "replay cache type %s not supported", string_name); @@ -86,6 +90,10 @@ krb5_rc_resolve_full(krb5_context context, if(ret) return ret; ret = krb5_rc_resolve(context, *id, string_name + 5); + if (ret) { + krb5_rc_close(context, *id); + *id = NULL; + } return ret; } diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c index d3d21aea3f..0bcafa70a1 100644 --- a/source4/heimdal/lib/krb5/send_to_kdc.c +++ b/source4/heimdal/lib/krb5/send_to_kdc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: send_to_kdc.c,v 1.57 2006/03/07 19:39:59 lha Exp $"); +RCSID("$Id: send_to_kdc.c,v 1.58 2006/04/02 02:32:03 lha Exp $"); struct send_and_recv { krb5_send_and_recv_func_t func; @@ -231,6 +231,7 @@ send_and_recv_http(int fd, s[rep->length] = 0; p = strstr(s, "\r\n\r\n"); if(p == NULL) { + krb5_data_zero(rep); free(s); return -1; } @@ -238,12 +239,14 @@ send_and_recv_http(int fd, rep->data = s; rep->length -= p - s; if(rep->length < 4) { /* remove length */ + krb5_data_zero(rep); free(s); return -1; } rep->length -= 4; _krb5_get_int(p, &rep_len, 4); if (rep_len != rep->length) { + krb5_data_zero(rep); free(s); return -1; } diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c index 42667765fb..4a567bb379 100644 --- a/source4/heimdal/lib/krb5/store.c +++ b/source4/heimdal/lib/krb5/store.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store.c,v 1.50 2005/06/17 04:36:33 lha Exp $"); +RCSID("$Id: store.c,v 1.51 2006/04/07 22:23:20 lha Exp $"); #define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V)) #define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE) @@ -420,7 +420,7 @@ krb5_ret_principal(krb5_storage *sp, if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) type = KRB5_NT_UNKNOWN; - else if((ret = krb5_ret_int32(sp, &type))){ + else if((ret = krb5_ret_int32(sp, &type))){ free(p); return ret; } @@ -430,18 +430,31 @@ krb5_ret_principal(krb5_storage *sp, } if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) ncomp--; + if (ncomp < 0) { + free(p); + return EINVAL; + } p->name.name_type = type; p->name.name_string.len = ncomp; ret = krb5_ret_string(sp, &p->realm); - if(ret) return ret; + if(ret) { + free(p); + return ret; + } p->name.name_string.val = calloc(ncomp, sizeof(*p->name.name_string.val)); - if(p->name.name_string.val == NULL){ + if(p->name.name_string.val == NULL && ncomp != 0){ free(p->realm); return ENOMEM; } for(i = 0; i < ncomp; i++){ ret = krb5_ret_string(sp, &p->name.name_string.val[i]); - if(ret) return ret; /* XXX */ + if(ret) { + while (i >= 0) + free(p->name.name_string.val[i--]); + free(p->realm); + free(p); + return ret; + } } *princ = p; return 0; diff --git a/source4/heimdal/lib/krb5/transited.c b/source4/heimdal/lib/krb5/transited.c index 9e24db0da0..7f18b30c88 100644 --- a/source4/heimdal/lib/krb5/transited.c +++ b/source4/heimdal/lib/krb5/transited.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c,v 1.16 2005/06/17 04:53:35 lha Exp $"); +RCSID("$Id: transited.c,v 1.18 2006/04/10 10:26:35 lha Exp $"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead @@ -100,8 +100,10 @@ make_path(krb5_context context, struct tr_realm *r, p = from + strlen(from); while(1){ while(p >= from && *p != '/') p--; - if(p == from) + if(p == from) { + r->next = path; /* XXX */ return KRB5KDC_ERR_POLICY; + } if(strncmp(to, from, p - from) == 0) break; tmp = calloc(1, sizeof(*tmp)); @@ -166,10 +168,13 @@ expand_realms(krb5_context context, for(r = realms; r; r = r->next){ if(r->trailing_dot){ char *tmp; - size_t len = strlen(r->realm) + strlen(prev_realm) + 1; + size_t len; if(prev_realm == NULL) prev_realm = client_realm; + + len = strlen(r->realm) + strlen(prev_realm) + 1; + tmp = realloc(r->realm, len); if(tmp == NULL){ free_realms(realms); diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c index c66b06c09f..dd294c8943 100644 --- a/source4/heimdal/lib/krb5/v4_glue.c +++ b/source4/heimdal/lib/krb5/v4_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: v4_glue.c,v 1.2 2005/04/24 13:44:02 lha Exp $"); +RCSID("$Id: v4_glue.c,v 1.3 2006/04/02 01:39:54 lha Exp $"); #include "krb5-v4compat.h" @@ -155,19 +155,20 @@ write_v4_cc(krb5_context context, const char *tkfile, fd = open(path, O_WRONLY|O_CREAT, 0600); if (fd < 0) { - free(path); + ret = errno; krb5_set_error_string(context, "krb5_krb_tf_setup: error opening file %s", path); - return errno; + free(path); + return ret; } if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) { - free(path); - close(fd); krb5_set_error_string(context, "krb5_krb_tf_setup: tktfile %s is not a file", path); + free(path); + close(fd); return KRB5_FCC_PERM; } @@ -178,11 +179,11 @@ write_v4_cc(krb5_context context, const char *tkfile, break; } if (i == KRB5_TF_LCK_RETRY_COUNT) { - free(path); - close(fd); krb5_set_error_string(context, "krb5_krb_tf_setup: failed to lock %s", path); + free(path); + close(fd); return KRB5_FCC_PERM; } @@ -190,11 +191,11 @@ write_v4_cc(krb5_context context, const char *tkfile, ret = ftruncate(fd, 0); if (ret < 0) { flock(fd, LOCK_UN); - free(path); - close(fd); krb5_set_error_string(context, "krb5_krb_tf_setup: failed to truncate %s", path); + free(path); + close(fd); return KRB5_FCC_PERM; } } diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c index 92438a9963..6a14547c62 100644 --- a/source4/heimdal/lib/roken/resolve.c +++ b/source4/heimdal/lib/roken/resolve.c @@ -45,7 +45,7 @@ #include -RCSID("$Id: resolve.c,v 1.53 2006/02/06 19:30:16 lha Exp $"); +RCSID("$Id: resolve.c,v 1.55 2006/04/14 13:56:00 lha Exp $"); #ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */ #undef HAVE_RES_NSEARCH @@ -99,6 +99,16 @@ dns_type_to_string(int type) #if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND) +static void +dns_free_rr(struct resource_record *rr) +{ + if(rr->domain) + free(rr->domain); + if(rr->u.data) + free(rr->u.data); + free(rr); +} + void ROKEN_LIB_FUNCTION dns_free_data(struct dns_reply *r) { @@ -107,29 +117,30 @@ dns_free_data(struct dns_reply *r) free(r->q.domain); for(rr = r->head; rr;){ struct resource_record *tmp = rr; - if(rr->domain) - free(rr->domain); - if(rr->u.data) - free(rr->u.data); rr = rr->next; - free(tmp); + dns_free_rr(tmp); } free (r); } static int parse_record(const unsigned char *data, const unsigned char *end_data, - const unsigned char **pp, struct resource_record **rr) + const unsigned char **pp, struct resource_record **ret_rr) { + struct resource_record *rr; int type, class, ttl, size; int status; char host[MAXDNAME]; const unsigned char *p = *pp; + + *ret_rr = NULL; + status = dn_expand(data, end_data, p, host, sizeof(host)); if(status < 0) return -1; if (p + status + 10 > end_data) return -1; + p += status; type = (p[0] << 8) | p[1]; p += 2; @@ -143,30 +154,30 @@ parse_record(const unsigned char *data, const unsigned char *end_data, if (p + size > end_data) return -1; - *rr = calloc(1, sizeof(**rr)); - if(*rr == NULL) + rr = calloc(1, sizeof(*rr)); + if(rr == NULL) return -1; - (*rr)->domain = strdup(host); - if((*rr)->domain == NULL) { - free(*rr); + rr->domain = strdup(host); + if(rr->domain == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->type = type; - (*rr)->class = class; - (*rr)->ttl = ttl; - (*rr)->size = size; + rr->type = type; + rr->class = class; + rr->ttl = ttl; + rr->size = size; switch(type){ case rk_ns_t_ns: case rk_ns_t_cname: case rk_ns_t_ptr: status = dn_expand(data, end_data, p, host, sizeof(host)); if(status < 0) { - free(*rr); + dns_free_rr(rr); return -1; } - (*rr)->u.txt = strdup(host); - if((*rr)->u.txt == NULL) { - free(*rr); + rr->u.txt = strdup(host); + if(rr->u.txt == NULL) { + dns_free_rr(rr); return -1; } break; @@ -176,101 +187,101 @@ parse_record(const unsigned char *data, const unsigned char *end_data, status = dn_expand(data, end_data, p + 2, host, sizeof(host)); if(status < 0){ - free(*rr); + dns_free_rr(rr); return -1; } if (status + 2 > size) { - free(*rr); + dns_free_rr(rr); return -1; } hostlen = strlen(host); - (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + + rr->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + hostlen); - if((*rr)->u.mx == NULL) { - free(*rr); + if(rr->u.mx == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.mx->preference = (p[0] << 8) | p[1]; - strlcpy((*rr)->u.mx->domain, host, hostlen + 1); + rr->u.mx->preference = (p[0] << 8) | p[1]; + strlcpy(rr->u.mx->domain, host, hostlen + 1); break; } case rk_ns_t_srv:{ size_t hostlen; status = dn_expand(data, end_data, p + 6, host, sizeof(host)); if(status < 0){ - free(*rr); + dns_free_rr(rr); return -1; } if (status + 6 > size) { - free(*rr); + dns_free_rr(rr); return -1; } hostlen = strlen(host); - (*rr)->u.srv = + rr->u.srv = (struct srv_record*)malloc(sizeof(struct srv_record) + hostlen); - if((*rr)->u.srv == NULL) { - free(*rr); + if(rr->u.srv == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.srv->priority = (p[0] << 8) | p[1]; - (*rr)->u.srv->weight = (p[2] << 8) | p[3]; - (*rr)->u.srv->port = (p[4] << 8) | p[5]; - strlcpy((*rr)->u.srv->target, host, hostlen + 1); + rr->u.srv->priority = (p[0] << 8) | p[1]; + rr->u.srv->weight = (p[2] << 8) | p[3]; + rr->u.srv->port = (p[4] << 8) | p[5]; + strlcpy(rr->u.srv->target, host, hostlen + 1); break; } case rk_ns_t_txt:{ if(size == 0 || size < *p + 1) { - free(*rr); + dns_free_rr(rr); return -1; } - (*rr)->u.txt = (char*)malloc(*p + 1); - if((*rr)->u.txt == NULL) { - free(*rr); + rr->u.txt = (char*)malloc(*p + 1); + if(rr->u.txt == NULL) { + dns_free_rr(rr); return -1; } - strncpy((*rr)->u.txt, (const char*)(p + 1), *p); - (*rr)->u.txt[*p] = '\0'; + strncpy(rr->u.txt, (const char*)(p + 1), *p); + rr->u.txt[*p] = '\0'; break; } case rk_ns_t_key : { size_t key_len; if (size < 4) { - free(*rr); + dns_free_rr(rr); return -1; } key_len = size - 4; - (*rr)->u.key = malloc (sizeof(*(*rr)->u.key) + key_len - 1); - if ((*rr)->u.key == NULL) { - free(*rr); + rr->u.key = malloc (sizeof(*rr->u.key) + key_len - 1); + if (rr->u.key == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.key->flags = (p[0] << 8) | p[1]; - (*rr)->u.key->protocol = p[2]; - (*rr)->u.key->algorithm = p[3]; - (*rr)->u.key->key_len = key_len; - memcpy ((*rr)->u.key->key_data, p + 4, key_len); + rr->u.key->flags = (p[0] << 8) | p[1]; + rr->u.key->protocol = p[2]; + rr->u.key->algorithm = p[3]; + rr->u.key->key_len = key_len; + memcpy (rr->u.key->key_data, p + 4, key_len); break; } case rk_ns_t_sig : { size_t sig_len, hostlen; if(size <= 18) { - free(*rr); + dns_free_rr(rr); return -1; } status = dn_expand (data, end_data, p + 18, host, sizeof(host)); if (status < 0) { - free(*rr); + dns_free_rr(rr); return -1; } if (status + 18 > size) { - free(*rr); + dns_free_rr(rr); return -1; } @@ -281,26 +292,26 @@ parse_record(const unsigned char *data, const unsigned char *end_data, */ sig_len = size - 18 - status; hostlen = strlen(host); - (*rr)->u.sig = malloc(sizeof(*(*rr)->u.sig) + rr->u.sig = malloc(sizeof(*rr->u.sig) + hostlen + sig_len); - if ((*rr)->u.sig == NULL) { - free(*rr); + if (rr->u.sig == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.sig->type = (p[0] << 8) | p[1]; - (*rr)->u.sig->algorithm = p[2]; - (*rr)->u.sig->labels = p[3]; - (*rr)->u.sig->orig_ttl = (p[4] << 24) | (p[5] << 16) + rr->u.sig->type = (p[0] << 8) | p[1]; + rr->u.sig->algorithm = p[2]; + rr->u.sig->labels = p[3]; + rr->u.sig->orig_ttl = (p[4] << 24) | (p[5] << 16) | (p[6] << 8) | p[7]; - (*rr)->u.sig->sig_expiration = (p[8] << 24) | (p[9] << 16) + rr->u.sig->sig_expiration = (p[8] << 24) | (p[9] << 16) | (p[10] << 8) | p[11]; - (*rr)->u.sig->sig_inception = (p[12] << 24) | (p[13] << 16) + rr->u.sig->sig_inception = (p[12] << 24) | (p[13] << 16) | (p[14] << 8) | p[15]; - (*rr)->u.sig->key_tag = (p[16] << 8) | p[17]; - (*rr)->u.sig->sig_len = sig_len; - memcpy ((*rr)->u.sig->sig_data, p + 18 + status, sig_len); - (*rr)->u.sig->signer = &(*rr)->u.sig->sig_data[sig_len]; - strlcpy((*rr)->u.sig->signer, host, hostlen + 1); + rr->u.sig->key_tag = (p[16] << 8) | p[17]; + rr->u.sig->sig_len = sig_len; + memcpy (rr->u.sig->sig_data, p + 18 + status, sig_len); + rr->u.sig->signer = &rr->u.sig->sig_data[sig_len]; + strlcpy(rr->u.sig->signer, host, hostlen + 1); break; } @@ -308,78 +319,81 @@ parse_record(const unsigned char *data, const unsigned char *end_data, size_t cert_len; if (size < 5) { - free(*rr); + dns_free_rr(rr); return -1; } cert_len = size - 5; - (*rr)->u.cert = malloc (sizeof(*(*rr)->u.cert) + cert_len - 1); - if ((*rr)->u.cert == NULL) { - free(*rr); + rr->u.cert = malloc (sizeof(*rr->u.cert) + cert_len - 1); + if (rr->u.cert == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.cert->type = (p[0] << 8) | p[1]; - (*rr)->u.cert->tag = (p[2] << 8) | p[3]; - (*rr)->u.cert->algorithm = p[4]; - (*rr)->u.cert->cert_len = cert_len; - memcpy ((*rr)->u.cert->cert_data, p + 5, cert_len); + rr->u.cert->type = (p[0] << 8) | p[1]; + rr->u.cert->tag = (p[2] << 8) | p[3]; + rr->u.cert->algorithm = p[4]; + rr->u.cert->cert_len = cert_len; + memcpy (rr->u.cert->cert_data, p + 5, cert_len); break; } case rk_ns_t_sshfp : { size_t sshfp_len; if (size < 2) { - free(*rr); + dns_free_rr(rr); return -1; } sshfp_len = size - 2; - (*rr)->u.sshfp = malloc (sizeof(*(*rr)->u.sshfp) + sshfp_len - 1); - if ((*rr)->u.sshfp == NULL) { - free(*rr); + rr->u.sshfp = malloc (sizeof(*rr->u.sshfp) + sshfp_len - 1); + if (rr->u.sshfp == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.sshfp->algorithm = p[0]; - (*rr)->u.sshfp->type = p[1]; - (*rr)->u.sshfp->sshfp_len = sshfp_len; - memcpy ((*rr)->u.sshfp->sshfp_data, p + 2, sshfp_len); + rr->u.sshfp->algorithm = p[0]; + rr->u.sshfp->type = p[1]; + rr->u.sshfp->sshfp_len = sshfp_len; + memcpy (rr->u.sshfp->sshfp_data, p + 2, sshfp_len); break; } case rk_ns_t_ds: { size_t digest_len; if (size < 4) { - free(*rr); + dns_free_rr(rr); return -1; } digest_len = size - 4; - (*rr)->u.ds = malloc (sizeof(*(*rr)->u.ds) + digest_len - 1); - if ((*rr)->u.ds == NULL) { - free(*rr); + rr->u.ds = malloc (sizeof(*rr->u.ds) + digest_len - 1); + if (rr->u.ds == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.ds->key_tag = (p[0] << 8) | p[1]; - (*rr)->u.ds->algorithm = p[2]; - (*rr)->u.ds->digest_type = p[3]; - (*rr)->u.ds->digest_len = digest_len; - memcpy ((*rr)->u.ds->digest_data, p + 4, digest_len); + rr->u.ds->key_tag = (p[0] << 8) | p[1]; + rr->u.ds->algorithm = p[2]; + rr->u.ds->digest_type = p[3]; + rr->u.ds->digest_len = digest_len; + memcpy (rr->u.ds->digest_data, p + 4, digest_len); break; } default: - (*rr)->u.data = (unsigned char*)malloc(size); - if(size != 0 && (*rr)->u.data == NULL) { - free(*rr); + rr->u.data = (unsigned char*)malloc(size); + if(size != 0 && rr->u.data == NULL) { + dns_free_rr(rr); return -1; } - memcpy((*rr)->u.data, p, size); + if (size) + memcpy(rr->u.data, p, size); } *pp = p + size; + *ret_rr = rr; + return 0; } @@ -633,8 +647,7 @@ dns_srv_order(struct dns_reply *r) /* find the last record with the same priority and count the sum of all weights */ for(sum = 0, tt = ss; tt < srvs + num_srv; tt++) { - if(*tt == NULL) - continue; + assert(*tt != NULL); if((*tt)->u.srv->priority != (*ss)->u.srv->priority) break; sum += (*tt)->u.srv->weight; diff --git a/source4/heimdal/lib/roken/roken_gethostby.c b/source4/heimdal/lib/roken/roken_gethostby.c index 2df3f83e36..8f200dfe10 100644 --- a/source4/heimdal/lib/roken/roken_gethostby.c +++ b/source4/heimdal/lib/roken/roken_gethostby.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: roken_gethostby.c,v 1.7 2005/04/12 11:29:03 lha Exp $"); +RCSID("$Id: roken_gethostby.c,v 1.8 2006/04/02 00:09:28 lha Exp $"); #endif #include @@ -186,7 +186,7 @@ roken_gethostby(const char *hostname) #define MAX_ADDRS 16 static struct hostent he; static char addrs[4 * MAX_ADDRS]; - static char *addr_list[MAX_ADDRS]; + static char *addr_list[MAX_ADDRS + 1]; int num_addrs = 0; he.h_name = p; -- cgit From 835926c87921a0f4186a9331b6e31b2e6f1c0d90 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 7 May 2006 04:51:30 +0000 Subject: r15481: Update heimdal/ to match current lorikeet-heimdal. This includes many useful upstream changes, many of which should reduce warnings in our compile. It also includes a change to the HDB interface, which removes the need for Samba4/lorikeet-heimdal to deviate from upstream for hdb_fetch(). The new flags replace the old entry type enum. (This required the rework in hdb-ldb.c included in this commit) Andrew Bartlett (This used to be commit ef5604b87744c89e66e4d845f45b23563754ec05) --- source4/heimdal/kdc/524.c | 6 +- source4/heimdal/kdc/kaserver.c | 119 +++++++++----- source4/heimdal/kdc/kdc-private.h | 6 +- source4/heimdal/kdc/kdc.h | 3 +- source4/heimdal/kdc/kerberos4.c | 60 ++++--- source4/heimdal/kdc/kerberos5.c | 87 ++++++----- source4/heimdal/kdc/misc.c | 12 +- source4/heimdal/kdc/pkinit.c | 208 ++++++++++++++++++------- source4/heimdal/kdc/rx.h | 16 +- source4/heimdal/lib/asn1/parse.c | 106 ++++++------- source4/heimdal/lib/asn1/pkcs9.asn1 | 3 +- source4/heimdal/lib/des/aes.h | 4 +- source4/heimdal/lib/des/des.c | 6 +- source4/heimdal/lib/des/dh.h | 4 +- source4/heimdal/lib/des/engine.h | 6 +- source4/heimdal/lib/des/evp.c | 2 + source4/heimdal/lib/des/hash.h | 6 +- source4/heimdal/lib/des/md4.c | 24 +-- source4/heimdal/lib/des/md4.h | 4 +- source4/heimdal/lib/des/md5.c | 24 +-- source4/heimdal/lib/des/md5.h | 6 +- source4/heimdal/lib/des/pkcs5.c | 8 +- source4/heimdal/lib/des/rijndael-alg-fst.c | 8 +- source4/heimdal/lib/des/rijndael-alg-fst.h | 8 +- source4/heimdal/lib/des/rnd_keys.c | 8 +- source4/heimdal/lib/des/sha.c | 28 ++-- source4/heimdal/lib/des/sha.h | 6 +- source4/heimdal/lib/des/sha256.c | 28 ++-- source4/heimdal/lib/gssapi/8003.c | 8 +- source4/heimdal/lib/gssapi/arcfour.c | 14 +- source4/heimdal/lib/gssapi/cfx.c | 11 +- source4/heimdal/lib/gssapi/gssapi.h | 8 +- source4/heimdal/lib/gssapi/gssapi_locl.h | 6 +- source4/heimdal/lib/gssapi/init_sec_context.c | 2 +- source4/heimdal/lib/gssapi/wrap.c | 4 +- source4/heimdal/lib/hdb/ext.c | 6 +- source4/heimdal/lib/hdb/hdb-private.h | 7 +- source4/heimdal/lib/hdb/hdb.c | 2 +- source4/heimdal/lib/hdb/hdb.h | 86 ++++++---- source4/heimdal/lib/hdb/keys.c | 16 +- source4/heimdal/lib/hdb/keytab.c | 4 +- source4/heimdal/lib/hdb/mkey.c | 4 +- source4/heimdal/lib/hdb/ndbm.c | 2 +- source4/heimdal/lib/krb5/addr_families.c | 6 +- source4/heimdal/lib/krb5/changepw.c | 4 +- source4/heimdal/lib/krb5/crc.c | 6 +- source4/heimdal/lib/krb5/crypto.c | 12 +- source4/heimdal/lib/krb5/generate_seq_number.c | 6 +- source4/heimdal/lib/krb5/init_creds_pw.c | 3 +- source4/heimdal/lib/krb5/kcm.c | 10 +- source4/heimdal/lib/krb5/keytab_file.c | 4 +- source4/heimdal/lib/krb5/keytab_keyfile.c | 7 +- source4/heimdal/lib/krb5/krb5-private.h | 26 ++-- source4/heimdal/lib/krb5/krb5-protos.h | 34 +++- source4/heimdal/lib/krb5/krb5-v4compat.h | 10 +- source4/heimdal/lib/krb5/krb5.h | 12 +- source4/heimdal/lib/krb5/krb5_ccapi.h | 4 +- source4/heimdal/lib/krb5/krb5_locl.h | 2 +- source4/heimdal/lib/krb5/log.c | 6 +- source4/heimdal/lib/krb5/pkinit.c | 193 ++++++++++++++++++++--- source4/heimdal/lib/krb5/principal.c | 3 +- source4/heimdal/lib/krb5/store.c | 79 +++++++++- source4/heimdal/lib/krb5/v4_glue.c | 38 ++--- 63 files changed, 944 insertions(+), 507 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/524.c b/source4/heimdal/kdc/524.c index 9fcf40a4c2..14969aaa52 100644 --- a/source4/heimdal/kdc/524.c +++ b/source4/heimdal/kdc/524.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: 524.c,v 1.36 2006/04/07 22:12:28 lha Exp $"); +RCSID("$Id: 524.c,v 1.37 2006/04/27 11:33:20 lha Exp $"); #include @@ -66,7 +66,7 @@ fetch_server (krb5_context context, krb5_get_err_text(context, ret)); return ret; } - ret = _kdc_db_fetch(context, config, sprinc, HDB_ENT_TYPE_SERVER, server); + ret = _kdc_db_fetch(context, config, sprinc, HDB_F_GET_SERVER, server); krb5_free_principal(context, sprinc); if (ret) { kdc_log(context, config, 0, diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c index 05fedeca29..c08a51b9cc 100644 --- a/source4/heimdal/kdc/kaserver.c +++ b/source4/heimdal/kdc/kaserver.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kaserver.c,v 1.32 2006/04/02 01:54:37 lha Exp $"); +RCSID("$Id: kaserver.c,v 1.35 2006/05/05 10:49:50 lha Exp $"); #include #include @@ -107,38 +107,69 @@ RCSID("$Id: kaserver.c,v 1.32 2006/04/02 01:54:37 lha Exp $"); #define KATOOSOON (180521L) #define KALOCKED (180522L) -static void + +static krb5_error_code decode_rx_header (krb5_storage *sp, struct rx_header *h) { - krb5_ret_int32(sp, &h->epoch); - krb5_ret_int32(sp, &h->connid); - krb5_ret_int32(sp, &h->callid); - krb5_ret_int32(sp, &h->seqno); - krb5_ret_int32(sp, &h->serialno); - krb5_ret_int8(sp, &h->type); - krb5_ret_int8(sp, &h->flags); - krb5_ret_int8(sp, &h->status); - krb5_ret_int8(sp, &h->secindex); - krb5_ret_int16(sp, &h->reserved); - krb5_ret_int16(sp, &h->serviceid); + krb5_error_code ret; + + ret = krb5_ret_uint32(sp, &h->epoch); + if (ret) return ret; + ret = krb5_ret_uint32(sp, &h->connid); + if (ret) return ret; + ret = krb5_ret_uint32(sp, &h->callid); + if (ret) return ret; + ret = krb5_ret_uint32(sp, &h->seqno); + if (ret) return ret; + ret = krb5_ret_uint32(sp, &h->serialno); + if (ret) return ret; + ret = krb5_ret_uint8(sp, &h->type); + if (ret) return ret; + ret = krb5_ret_uint8(sp, &h->flags); + if (ret) return ret; + ret = krb5_ret_uint8(sp, &h->status); + if (ret) return ret; + ret = krb5_ret_uint8(sp, &h->secindex); + if (ret) return ret; + ret = krb5_ret_uint16(sp, &h->reserved); + if (ret) return ret; + ret = krb5_ret_uint16(sp, &h->serviceid); + if (ret) return ret; + + return 0; } -static void +static krb5_error_code encode_rx_header (struct rx_header *h, krb5_storage *sp) { - krb5_store_int32(sp, h->epoch); - krb5_store_int32(sp, h->connid); - krb5_store_int32(sp, h->callid); - krb5_store_int32(sp, h->seqno); - krb5_store_int32(sp, h->serialno); - krb5_store_int8(sp, h->type); - krb5_store_int8(sp, h->flags); - krb5_store_int8(sp, h->status); - krb5_store_int8(sp, h->secindex); - krb5_store_int16(sp, h->reserved); - krb5_store_int16(sp, h->serviceid); + krb5_error_code ret; + + ret = krb5_store_uint32(sp, h->epoch); + if (ret) return ret; + ret = krb5_store_uint32(sp, h->connid); + if (ret) return ret; + ret = krb5_store_uint32(sp, h->callid); + if (ret) return ret; + ret = krb5_store_uint32(sp, h->seqno); + if (ret) return ret; + ret = krb5_store_uint32(sp, h->serialno); + if (ret) return ret; + ret = krb5_store_uint8(sp, h->type); + if (ret) return ret; + ret = krb5_store_uint8(sp, h->flags); + if (ret) return ret; + ret = krb5_store_uint8(sp, h->status); + if (ret) return ret; + ret = krb5_store_uint8(sp, h->secindex); + if (ret) return ret; + ret = krb5_store_uint16(sp, h->reserved); + if (ret) return ret; + ret = krb5_store_uint16(sp, h->serviceid); + if (ret) return ret; + + return 0; } static void @@ -162,7 +193,7 @@ init_reply_header (struct rx_header *hdr, static void make_error_reply (struct rx_header *hdr, - u_int32_t ret, + uint32_t ret, krb5_data *reply) { @@ -171,7 +202,7 @@ make_error_reply (struct rx_header *hdr, init_reply_header (hdr, &reply_hdr, HT_ABORT, HF_LAST); sp = krb5_storage_emem(); - encode_rx_header (&reply_hdr, sp); + ret = encode_rx_header (&reply_hdr, sp); krb5_store_int32(sp, ret); krb5_storage_to_data (sp, reply); krb5_storage_free (sp); @@ -249,11 +280,12 @@ create_reply_ticket (krb5_context context, int kvno, int32_t max_seq_len, const char *sname, const char *sinstance, - u_int32_t challenge, + uint32_t challenge, const char *label, krb5_keyblock *key, krb5_data *reply) { + krb5_error_code ret; krb5_data ticket; krb5_keyblock session; krb5_storage *sp; @@ -339,7 +371,7 @@ create_reply_ticket (krb5_context context, /* create the reply packet */ init_reply_header (hdr, &reply_hdr, HT_DATA, HF_LAST); sp = krb5_storage_emem (); - encode_rx_header (&reply_hdr, sp); + ret = encode_rx_header (&reply_hdr, sp); krb5_store_int32 (sp, max_seq_len); krb5_store_xdr_data (sp, enc_data); krb5_data_free (&enc_data); @@ -410,7 +442,7 @@ do_authenticate (krb5_context context, Key *skey = NULL; krb5_storage *reply_sp; time_t max_life; - u_int8_t life; + uint8_t life; int32_t chal; char client_name[256]; char server_name[256]; @@ -433,8 +465,7 @@ do_authenticate (krb5_context context, client_name, from, server_name); ret = _kdc_db_fetch4 (context, config, name, instance, - config->v4_realm, HDB_ENT_TYPE_CLIENT, - &client_entry); + config->v4_realm, HDB_F_GET_CLIENT, &client_entry); if (ret) { kdc_log(context, config, 0, "Client not found in database: %s: %s", client_name, krb5_get_err_text(context, ret)); @@ -444,7 +475,7 @@ do_authenticate (krb5_context context, ret = _kdc_db_fetch4 (context, config, "krbtgt", config->v4_realm, config->v4_realm, - HDB_ENT_TYPE_SERVER, &server_entry); + HDB_F_GET_KRBTGT, &server_entry); if (ret) { kdc_log(context, config, 0, "Server not found in database: %s: %s", server_name, krb5_get_err_text(context, ret)); @@ -650,8 +681,7 @@ do_getticket (krb5_context context, "%s.%s@%s", name, instance, config->v4_realm); ret = _kdc_db_fetch4 (context, config, name, instance, - config->v4_realm, HDB_ENT_TYPE_SERVER, - &server_entry); + config->v4_realm, HDB_F_GET_SERVER, &server_entry); if (ret) { kdc_log(context, config, 0, "Server not found in database: %s: %s", server_name, krb5_get_err_text(context, ret)); @@ -660,8 +690,7 @@ do_getticket (krb5_context context, } ret = _kdc_db_fetch4 (context, config, "krbtgt", - config->v4_realm, config->v4_realm, - HDB_ENT_TYPE_CLIENT, &krbtgt_entry); + config->v4_realm, config->v4_realm, HDB_F_GET_KRBTGT, &krbtgt_entry); if (ret) { kdc_log(context, config, 0, "Server not found in database: %s.%s@%s: %s", @@ -734,8 +763,8 @@ do_getticket (krb5_context context, client_name, from, server_name); ret = _kdc_db_fetch4 (context, config, - ad.pname, ad.pinst, ad.prealm, - HDB_ENT_TYPE_CLIENT, &client_entry); + ad.pname, ad.pinst, ad.prealm, HDB_F_GET_CLIENT, + &client_entry); if(ret && ret != HDB_ERR_NOENTRY) { kdc_log(context, config, 0, "Client not found in database: (krb4) %s: %s", @@ -842,14 +871,16 @@ _kdc_do_kaserver(krb5_context context, { krb5_error_code ret = 0; struct rx_header hdr; - u_int32_t op; + uint32_t op; krb5_storage *sp; if (len < RX_HEADER_SIZE) return -1; sp = krb5_storage_from_mem (buf, len); - decode_rx_header (sp, &hdr); + ret = decode_rx_header (sp, &hdr); + if (ret) + goto out; buf += RX_HEADER_SIZE; len -= RX_HEADER_SIZE; @@ -875,7 +906,9 @@ _kdc_do_kaserver(krb5_context context, goto out; } - krb5_ret_int32(sp, &op); + ret = krb5_ret_uint32(sp, &op); + if (ret) + goto out; switch (op) { case AUTHENTICATE : case AUTHENTICATE_V2 : diff --git a/source4/heimdal/kdc/kdc-private.h b/source4/heimdal/kdc/kdc-private.h index c718b1fd52..251e06b14a 100644 --- a/source4/heimdal/kdc/kdc-private.h +++ b/source4/heimdal/kdc/kdc-private.h @@ -28,8 +28,8 @@ krb5_error_code _kdc_db_fetch ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, - krb5_principal /*principal*/, - enum hdb_ent_type /*ent_type*/, + krb5_const_principal /*principal*/, + unsigned /*flags*/, hdb_entry_ex **/*h*/); krb5_error_code @@ -39,7 +39,7 @@ _kdc_db_fetch4 ( const char */*name*/, const char */*instance*/, const char */*realm*/, - enum hdb_ent_type /*ent_type*/, + unsigned /*flags*/, hdb_entry_ex **/*ent*/); krb5_error_code diff --git a/source4/heimdal/kdc/kdc.h b/source4/heimdal/kdc/kdc.h index 3d25729d4e..2948570e3a 100644 --- a/source4/heimdal/kdc/kdc.h +++ b/source4/heimdal/kdc/kdc.h @@ -35,7 +35,7 @@ */ /* - * $Id: kdc.h,v 1.5 2005/10/21 17:11:21 lha Exp $ + * $Id: kdc.h,v 1.6 2006/05/03 12:03:29 lha Exp $ */ #ifndef __KDC_H__ @@ -72,6 +72,7 @@ typedef struct krb5_kdc_configuration { krb5_boolean enable_pkinit; krb5_boolean enable_pkinit_princ_in_cert; + char *pkinit_kdc_ocsp_file; krb5_log_facility *logf; diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c index 030405adc2..4ece1a47d6 100644 --- a/source4/heimdal/kdc/kerberos4.c +++ b/source4/heimdal/kdc/kerberos4.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,11 +35,11 @@ #include -RCSID("$Id: kerberos4.c,v 1.57 2006/04/02 01:54:37 lha Exp $"); +RCSID("$Id: kerberos4.c,v 1.60 2006/05/05 10:50:44 lha Exp $"); #ifndef swap32 -static u_int32_t -swap32(u_int32_t x) +static uint32_t +swap32(uint32_t x) { return ((x << 24) & 0xff000000) | ((x << 8) & 0xff0000) | @@ -62,12 +62,17 @@ make_err_reply(krb5_context context, krb5_data *reply, kdc_time, code, msg, reply); } +struct valid_princ_ctx { + krb5_kdc_configuration *config; + unsigned flags; +}; + static krb5_boolean valid_princ(krb5_context context, void *funcctx, krb5_principal princ) { - krb5_kdc_configuration *config = funcctx; + struct valid_princ_ctx *ctx = funcctx; krb5_error_code ret; char *s; hdb_entry_ex *ent; @@ -75,14 +80,14 @@ valid_princ(krb5_context context, ret = krb5_unparse_name(context, princ, &s); if (ret) return FALSE; - ret = _kdc_db_fetch(context, config, princ, HDB_ENT_TYPE_ANY, &ent); + ret = _kdc_db_fetch(context, ctx->config, princ, ctx->flags, &ent); if (ret) { - kdc_log(context, config, 7, "Lookup %s failed: %s", s, + kdc_log(context, ctx->config, 7, "Lookup %s failed: %s", s, krb5_get_err_text (context, ret)); free(s); return FALSE; } - kdc_log(context, config, 7, "Lookup %s succeeded", s); + kdc_log(context, ctx->config, 7, "Lookup %s succeeded", s); free(s); _kdc_free_ent(context, ent); return TRUE; @@ -90,19 +95,23 @@ valid_princ(krb5_context context, krb5_error_code _kdc_db_fetch4(krb5_context context, - krb5_kdc_configuration *config, - const char *name, const char *instance, const char *realm, - enum hdb_ent_type ent_type, - hdb_entry_ex **ent) + krb5_kdc_configuration *config, + const char *name, const char *instance, const char *realm, + unsigned flags, + hdb_entry_ex **ent) { krb5_principal p; krb5_error_code ret; + struct valid_princ_ctx ctx; + + ctx.config = config; + ctx.flags = flags; ret = krb5_425_conv_principal_ext2(context, name, instance, realm, - valid_princ, config, 0, &p); + valid_princ, &ctx, 0, &p); if(ret) return ret; - ret = _kdc_db_fetch(context, config, p, ent_type, ent); + ret = _kdc_db_fetch(context, config, p, flags, ent); krb5_free_principal(context, p); return ret; } @@ -135,7 +144,7 @@ _kdc_do_version4(krb5_context context, char *sname = NULL, *sinst = NULL; int32_t req_time; time_t max_life; - u_int8_t life; + uint8_t life; char client_name[256]; char server_name[256]; @@ -171,7 +180,7 @@ _kdc_do_version4(krb5_context context, RCHECK(krb5_ret_int32(sp, &req_time), out1); if(lsb) req_time = swap32(req_time); - RCHECK(krb5_ret_int8(sp, &life), out1); + RCHECK(krb5_ret_uint8(sp, &life), out1); RCHECK(krb5_ret_stringz(sp, &sname), out1); RCHECK(krb5_ret_stringz(sp, &sinst), out1); snprintf (client_name, sizeof(client_name), @@ -182,7 +191,8 @@ _kdc_do_version4(krb5_context context, kdc_log(context, config, 0, "AS-REQ (krb4) %s from %s for %s", client_name, from, server_name); - ret = _kdc_db_fetch4(context, config, name, inst, realm, HDB_ENT_TYPE_CLIENT, &client); + ret = _kdc_db_fetch4(context, config, name, inst, realm, + HDB_F_GET_CLIENT, &client); if(ret) { kdc_log(context, config, 0, "Client not found in database: %s: %s", client_name, krb5_get_err_text(context, ret)); @@ -190,8 +200,8 @@ _kdc_do_version4(krb5_context context, "principal unknown"); goto out1; } - ret = _kdc_db_fetch4(context, config, sname, sinst, - config->v4_realm, HDB_ENT_TYPE_SERVER, &server); + ret = _kdc_db_fetch4(context, config, sname, sinst, config->v4_realm, + HDB_F_GET_SERVER, &server); if(ret){ kdc_log(context, config, 0, "Server not found in database: %s: %s", server_name, krb5_get_err_text(context, ret)); @@ -361,7 +371,8 @@ _kdc_do_version4(krb5_context context, goto out2; } - ret = _kdc_db_fetch(context, config, tgt_princ, HDB_ENT_TYPE_SERVER, &tgt); + ret = _kdc_db_fetch(context, config, tgt_princ, + HDB_F_GET_KRBTGT, &tgt); if(ret){ char *s; s = kdc_log_msg(context, config, 0, "Ticket-granting ticket not " @@ -418,7 +429,7 @@ _kdc_do_version4(krb5_context context, RCHECK(krb5_ret_int32(sp, &req_time), out2); if(lsb) req_time = swap32(req_time); - RCHECK(krb5_ret_int8(sp, &life), out2); + RCHECK(krb5_ret_uint8(sp, &life), out2); RCHECK(krb5_ret_stringz(sp, &sname), out2); RCHECK(krb5_ret_stringz(sp, &sinst), out2); snprintf (server_name, sizeof(server_name), @@ -456,7 +467,8 @@ _kdc_do_version4(krb5_context context, goto out2; } - ret = _kdc_db_fetch4(context, config, ad.pname, ad.pinst, ad.prealm, HDB_ENT_TYPE_CLIENT, &client); + ret = _kdc_db_fetch4(context, config, ad.pname, ad.pinst, ad.prealm, + HDB_F_GET_CLIENT, &client); if(ret && ret != HDB_ERR_NOENTRY) { char *s; s = kdc_log_msg(context, config, 0, @@ -476,8 +488,8 @@ _kdc_do_version4(krb5_context context, goto out2; } - ret = _kdc_db_fetch4(context, config, sname, sinst, config->v4_realm, - HDB_ENT_TYPE_SERVER, &server); + ret = _kdc_db_fetch4(context, config, sname, sinst, config->v4_realm, + HDB_F_GET_SERVER, &server); if(ret){ char *s; s = kdc_log_msg(context, config, 0, diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 68720d692e..877b88c155 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c,v 1.206 2006/04/02 01:54:37 lha Exp $"); +RCSID("$Id: kerberos5.c,v 1.211 2006/04/27 12:01:09 lha Exp $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -120,7 +120,9 @@ static krb5_error_code find_keys(krb5_context context, krb5_kdc_configuration *config, const hdb_entry_ex *client, - const hdb_entry_ex *server, + const char *client_name, + const hdb_entry_ex *server, + const char *server_name, Key **ckey, krb5_enctype *cetype, Key **skey, @@ -128,20 +130,14 @@ find_keys(krb5_context context, krb5_enctype *etypes, unsigned num_etypes) { - char unparse_name[] = "krb5_unparse_name failed"; krb5_error_code ret; - char *name; if(client){ /* find client key */ ret = find_etype(context, client, etypes, num_etypes, ckey, cetype); if (ret) { - if (krb5_unparse_name(context, client->entry.principal, &name) != 0) - name = unparse_name; kdc_log(context, config, 0, - "Client (%s) has no support for etypes", name); - if (name != unparse_name) - free(name); + "Client (%s) has no support for etypes", client_name); return ret; } } @@ -150,12 +146,8 @@ find_keys(krb5_context context, /* find server key */ ret = find_etype(context, server, etypes, num_etypes, skey, setype); if (ret) { - if (krb5_unparse_name(context, server->entry.principal, &name) != 0) - name = unparse_name; kdc_log(context, config, 0, - "Server (%s) has no support for etypes", name); - if (name != unparse_name) - free(name); + "Server (%s) has no support for etypes", server_name); return ret; } } @@ -243,6 +235,9 @@ log_patypes(krb5_context context, return; } } + if (p == NULL) + p = rk_strpoolprintf(p, "none"); + str = rk_strpoolcollect(p); kdc_log(context, config, 0, "Client sent patypes: %s", str); free(str); @@ -899,7 +894,8 @@ _kdc_as_rep(krb5_context context, kdc_log(context, config, 0, "AS-REQ %s from %s for %s", client_name, from, server_name); - ret = _kdc_db_fetch(context, config, client_princ, HDB_ENT_TYPE_CLIENT, &client); + ret = _kdc_db_fetch(context, config, client_princ, + HDB_F_GET_CLIENT, &client); if(ret){ kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name, krb5_get_err_text(context, ret)); @@ -907,7 +903,8 @@ _kdc_as_rep(krb5_context context, goto out; } - ret = _kdc_db_fetch(context, config, server_princ, HDB_ENT_TYPE_SERVER, &server); + ret = _kdc_db_fetch(context, config, server_princ, + HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, &server); if(ret){ kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name, krb5_get_err_text(context, ret)); @@ -1166,6 +1163,7 @@ _kdc_as_rep(krb5_context context, * - If the client is 'modern', because it knows about 'new' * enctype types, then only send the 'info2' reply. */ + /* XXX check ret */ if (only_older_enctype_p(req)) ret = get_pa_etype_info(context, config, @@ -1200,12 +1198,12 @@ _kdc_as_rep(krb5_context context, } ret = find_keys(context, config, - client, server, &ckey, &cetype, &skey, &setype, + client, client_name, + server, server_name, + &ckey, &cetype, &skey, &setype, b->etype.val, b->etype.len); - if(ret) { - kdc_log(context, config, 0, "Server/client has no support for etypes"); + if(ret) goto out; - } { struct rk_strpool *p = NULL; @@ -1226,6 +1224,9 @@ _kdc_as_rep(krb5_context context, goto out; } } + if (p == NULL) + p = rk_strpoolprintf(p, "no encryption types"); + str = rk_strpoolcollect(p); kdc_log(context, config, 0, "Client supported enctypes: %s", str); free(str); @@ -1757,6 +1758,7 @@ tgs_make_reply(krb5_context context, AuthorizationData *auth_data, krb5_ticket *tgs_ticket, hdb_entry_ex *server, + const char *server_name, hdb_entry_ex *client, krb5_principal client_principal, hdb_entry_ex *krbtgt, @@ -1788,12 +1790,11 @@ tgs_make_reply(krb5_context context, etype = b->etype.val[i]; }else{ ret = find_keys(context, config, - NULL, server, NULL, NULL, &skey, &etype, + NULL, NULL, server, server_name, + NULL, NULL, &skey, &etype, b->etype.val, b->etype.len); - if(ret) { - kdc_log(context, config, 0, "Server has no support for etypes"); + if(ret) return ret; - } ekey = &skey->key; } @@ -2140,7 +2141,7 @@ tgs_rep2(krb5_context context, ap_req.ticket.sname, ap_req.ticket.realm); - ret = _kdc_db_fetch(context, config, princ, HDB_ENT_TYPE_SERVER, &krbtgt); + ret = _kdc_db_fetch(context, config, princ, HDB_F_GET_KRBTGT, &krbtgt); if(ret) { char *p; @@ -2340,7 +2341,8 @@ tgs_rep2(krb5_context context, goto out2; } _krb5_principalname2krb5_principal(&p, t->sname, t->realm); - ret = _kdc_db_fetch(context, config, p, HDB_ENT_TYPE_SERVER, &uu); + ret = _kdc_db_fetch(context, config, p, + HDB_F_GET_CLIENT|HDB_F_GET_SERVER, &uu); krb5_free_principal(context, p); if(ret){ if (ret == HDB_ERR_NOENTRY) @@ -2381,7 +2383,7 @@ tgs_rep2(krb5_context context, kdc_log(context, config, 0, "TGS-REQ %s from %s for %s", cpn, from, spn); server_lookup: - ret = _kdc_db_fetch(context, config, sp, HDB_ENT_TYPE_SERVER, &server); + ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER, &server); if(ret){ const char *new_rlm; @@ -2430,24 +2432,28 @@ tgs_rep2(krb5_context context, goto out; } - ret = _kdc_db_fetch(context, config, cp, HDB_ENT_TYPE_CLIENT, &client); + ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT, &client); if(ret) kdc_log(context, config, 1, "Client not found in database: %s: %s", cpn, krb5_get_err_text(context, ret)); -#if 0 - /* XXX check client only if same realm as krbtgt-instance */ - if(ret){ - kdc_log(context, config, 0, - "Client not found in database: %s: %s", - cpn, krb5_get_err_text(context, ret)); - if (ret == HDB_ERR_NOENTRY) - ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; - goto out; - } -#endif + + /* + * If the client belongs to the same realm as our krbtgt, it + * should exist in the local database. + * + * If its not the same, check the "direction" on the krbtgt, + * so its not a backward uni-directional trust. + */ if(strcmp(krb5_principal_get_realm(context, sp), - krb5_principal_get_comp_string(context, krbtgt->entry.principal, 1)) != 0) { + krb5_principal_get_comp_string(context, + krbtgt->entry.principal, 1)) == 0) { + if(ret) { + if (ret == HDB_ERR_NOENTRY) + ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; + goto out; + } + } else { char *tpn; ret = krb5_unparse_name(context, krbtgt->entry.principal, &tpn); kdc_log(context, config, 0, @@ -2491,6 +2497,7 @@ tgs_rep2(krb5_context context, auth_data, ticket, server, + spn, client, cp, krbtgt, diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c index 4d38e1f12d..a61c647f71 100644 --- a/source4/heimdal/kdc/misc.c +++ b/source4/heimdal/kdc/misc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,14 +33,15 @@ #include "kdc_locl.h" -RCSID("$Id: misc.c,v 1.27 2006/01/01 23:17:16 lha Exp $"); +RCSID("$Id: misc.c,v 1.29 2006/04/27 11:33:21 lha Exp $"); struct timeval _kdc_now; krb5_error_code _kdc_db_fetch(krb5_context context, krb5_kdc_configuration *config, - krb5_principal principal, enum hdb_ent_type ent_type, + krb5_const_principal principal, + unsigned flags, hdb_entry_ex **h) { hdb_entry_ex *ent; @@ -60,9 +61,8 @@ _kdc_db_fetch(krb5_context context, } ret = config->db[i]->hdb_fetch(context, config->db[i], - HDB_F_DECRYPT, - principal, - ent_type, + principal, + flags | HDB_F_DECRYPT, ent); config->db[i]->hdb_close(context, config->db[i]); if(ret == 0) { diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index 3f064f9d50..c220e70ddd 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c,v 1.59 2006/04/22 12:10:16 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.65 2006/05/06 13:22:33 lha Exp $"); #ifdef PKINIT @@ -82,6 +82,12 @@ static struct krb5_pk_identity *kdc_identity; static struct pk_principal_mapping principal_mappings; static struct krb5_dh_moduli **moduli; +static struct { + krb5_data data; + time_t expire; + time_t next_update; +} ocsp; + /* * */ @@ -260,7 +266,6 @@ get_dh_param(krb5_context context, DomainParameters dhparam; DH *dh = NULL; krb5_error_code ret; - int dhret; memset(&dhparam, 0, sizeof(dhparam)); @@ -338,14 +343,6 @@ get_dh_param(krb5_context context, goto out; } - - if (DH_check_pubkey(dh, client_params->dh_public_key, &dhret) != 1 || - dhret != 0) { - krb5_set_error_string(context, "PKINIT DH data not ok"); - ret = KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; - goto out; - } - client_params->dh = dh; dh = NULL; ret = 0; @@ -754,7 +751,8 @@ pk_mk_pa_reply_dh(krb5_context context, DH *kdc_dh, pk_client_params *client_params, krb5_keyblock *reply_key, - ContentInfo *content_info) + ContentInfo *content_info, + hx509_cert *kdc_cert) { KDCDHKeyInfo dh_info; krb5_data signed_data, buf; @@ -768,6 +766,8 @@ pk_mk_pa_reply_dh(krb5_context context, krb5_data_zero(&buf); krb5_data_zero(&signed_data); + *kdc_cert = NULL; + ret = BN_to_integer(context, kdc_dh->pub_key, &i); if (ret) return ret; @@ -803,8 +803,8 @@ pk_mk_pa_reply_dh(krb5_context context, */ { - hx509_cert cert; hx509_query *q; + hx509_cert cert; ret = hx509_query_alloc(kdc_identity->hx509ctx, &q); if (ret) @@ -830,7 +830,7 @@ pk_mk_pa_reply_dh(krb5_context context, kdc_identity->anchors, kdc_identity->certpool, &signed_data); - hx509_cert_free(cert); + *kdc_cert = cert; } if (ret) goto out; @@ -843,6 +843,11 @@ pk_mk_pa_reply_dh(krb5_context context, goto out; out: + if (ret && *kdc_cert) { + hx509_cert_free(*kdc_cert); + *kdc_cert = NULL; + } + krb5_data_free(&buf); krb5_data_free(&signed_data); free_KDCDHKeyInfo(&dh_info); @@ -869,6 +874,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, size_t len, size; krb5_enctype enctype; int pa_type; + hx509_cert kdc_cert = NULL; int i; if (!config->enable_pkinit) { @@ -947,7 +953,8 @@ _kdc_pk_mk_pa_reply(krb5_context context, ret = pk_mk_pa_reply_dh(context, client_params->dh, client_params, &client_params->reply_key, - &info); + &info, + &kdc_cert); ASN1_MALLOC_ENCODE(ContentInfo, rep.u.dhInfo.dhSignedData.data, rep.u.dhInfo.dhSignedData.length, &info, &size, @@ -982,48 +989,43 @@ _kdc_pk_mk_pa_reply(krb5_context context, } else if (client_params->type == PKINIT_COMPAT_WIN2K) { PA_PK_AS_REP_Win2k rep; - - pa_type = KRB5_PADATA_PK_AS_REP_19; - - memset(&rep, 0, sizeof(rep)); + ContentInfo info; if (client_params->dh) { - krb5_set_error_string(context, "DH -27 not implemented"); + krb5_set_error_string(context, "Windows PK-INIT doesn't support DH"); ret = KRB5KRB_ERR_GENERIC; - } else { - rep.element = choice_PA_PK_AS_REP_encKeyPack; - ContentInfo info; + goto out; + } - krb5_generate_random_keyblock(context, enctype, - &client_params->reply_key); - ret = pk_mk_pa_reply_enckey(context, - client_params, - req, - req_buffer, - &client_params->reply_key, - &info); - if (ret) { - free_PA_PK_AS_REP_Win2k(&rep); - goto out; - } - ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data, - rep.u.encKeyPack.length, &info, &size, - ret); - free_ContentInfo(&info); - if (ret) { - krb5_set_error_string(context, "encoding of Key ContentInfo " - "failed %d", ret); - free_PA_PK_AS_REP_Win2k(&rep); - goto out; - } - if (rep.u.encKeyPack.length != size) - krb5_abortx(context, "Internal ASN.1 encoder error"); + memset(&rep, 0, sizeof(rep)); + pa_type = KRB5_PADATA_PK_AS_REP_19; + rep.element = choice_PA_PK_AS_REP_encKeyPack; + + krb5_generate_random_keyblock(context, enctype, + &client_params->reply_key); + ret = pk_mk_pa_reply_enckey(context, + client_params, + req, + req_buffer, + &client_params->reply_key, + &info); + if (ret) { + free_PA_PK_AS_REP_Win2k(&rep); + goto out; } + ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data, + rep.u.encKeyPack.length, &info, &size, + ret); + free_ContentInfo(&info); if (ret) { + krb5_set_error_string(context, "encoding of Key ContentInfo " + "failed %d", ret); free_PA_PK_AS_REP_Win2k(&rep); goto out; } + if (rep.u.encKeyPack.length != size) + krb5_abortx(context, "Internal ASN.1 encoder error"); ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret); free_PA_PK_AS_REP_Win2k(&rep); @@ -1041,11 +1043,88 @@ _kdc_pk_mk_pa_reply(krb5_context context, ret = krb5_padata_add(context, md, pa_type, buf, len); if (ret) { - krb5_set_error_string(context, "failed adding " - "PA-PK-AS-REP-19 %d", ret); + krb5_set_error_string(context, "failed adding PA-PK-AS-REP %d", ret); free(buf); + goto out; } - out: + + if (config->pkinit_kdc_ocsp_file) { + + if (ocsp.expire == 0 && ocsp.next_update > kdc_time) { + struct stat sb; + int fd; + + krb5_data_free(&ocsp.data); + + ocsp.expire = 0; + + fd = open(config->pkinit_kdc_ocsp_file, O_RDONLY); + if (fd < 0) { + kdc_log(context, config, 0, + "PK-INIT failed to open ocsp data file %d", errno); + goto out_ocsp; + } + ret = fstat(fd, &sb); + if (ret) { + ret = errno; + close(fd); + kdc_log(context, config, 0, + "PK-INIT failed to stat ocsp data %d", ret); + goto out_ocsp; + } + + ret = krb5_data_alloc(&ocsp.data, sb.st_size); + if (ret) { + close(fd); + kdc_log(context, config, 0, + "PK-INIT failed to stat ocsp data %d", ret); + goto out_ocsp; + } + ocsp.data.length = sb.st_size; + ret = read(fd, ocsp.data.data, sb.st_size); + close(fd); + if (ret != sb.st_size) { + kdc_log(context, config, 0, + "PK-INIT failed to read ocsp data %d", errno); + goto out_ocsp; + } + + ret = hx509_ocsp_verify(kdc_identity->hx509ctx, + kdc_time, + kdc_cert, + 0, + ocsp.data.data, ocsp.data.length, + &ocsp.expire); + if (ret) { + kdc_log(context, config, 0, + "PK-INIT failed to verify ocsp data %d", ret); + krb5_data_free(&ocsp.data); + ocsp.expire = 0; + } else if (ocsp.expire > 180) + ocsp.expire -= 180; /* refetch the ocsp before it expire */ + + out_ocsp: + ocsp.next_update = kdc_time + 3600; + ret = 0; + } + + if (ocsp.expire != 0 && ocsp.expire > kdc_time) { + + ret = krb5_padata_add(context, md, + KRB5_PADATA_PA_PK_OCSP_RESPONSE, + ocsp.data.data, ocsp.data.length); + if (ret) { + krb5_set_error_string(context, + "Failed adding OCSP response %d", ret); + goto out; + } + } + } + +out: + if (kdc_cert) + hx509_cert_free(kdc_cert); + if (ret == 0) *reply_key = &client_params->reply_key; return ret; @@ -1120,15 +1199,9 @@ _kdc_pk_check_client(krb5_context context, hx509_name name; int i; - if (config->enable_pkinit_princ_in_cert) { - ret = pk_principal_from_X509(context, config, - client_params->cert, - client_princ); - if (ret == 0) - return 0; - } - - ret = hx509_cert_get_subject(client_params->cert, &name); + ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx, + client_params->cert, + &name); if (ret) return ret; @@ -1141,6 +1214,17 @@ _kdc_pk_check_client(krb5_context context, "Trying to authorize subject DN %s", *subject_name); + if (config->enable_pkinit_princ_in_cert) { + ret = pk_principal_from_X509(context, config, + client_params->cert, + client_princ); + if (ret == 0) { + kdc_log(context, config, 5, + "Found matching PK-INIT SAN in certificate"); + return 0; + } + } + for (i = 0; i < principal_mappings.len; i++) { krb5_boolean b; @@ -1231,6 +1315,14 @@ _kdc_pk_initialize(krb5_context context, return ret; } + ret = krb5_config_get_bool_default(context, + NULL, + FALSE, + "kdc", + "pki-allow-proxy-certificate", + NULL); + _krb5_pk_allow_proxy_certificate(kdc_identity, ret); + file = krb5_config_get_string_default(context, NULL, HDB_DB_DIR "/pki-mapping", diff --git a/source4/heimdal/kdc/rx.h b/source4/heimdal/kdc/rx.h index ab8ec80523..370e33732f 100644 --- a/source4/heimdal/kdc/rx.h +++ b/source4/heimdal/kdc/rx.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: rx.h,v 1.4 1999/12/02 17:05:00 joda Exp $ */ +/* $Id: rx.h,v 1.5 2006/05/05 10:51:10 lha Exp $ */ #ifndef __RX_H__ #define __RX_H__ @@ -59,17 +59,17 @@ enum rx_header_flag { }; struct rx_header { - u_int32_t epoch; - u_int32_t connid; /* And channel ID */ - u_int32_t callid; - u_int32_t seqno; - u_int32_t serialno; + uint32_t epoch; + uint32_t connid; /* And channel ID */ + uint32_t callid; + uint32_t seqno; + uint32_t serialno; u_char type; u_char flags; u_char status; u_char secindex; - u_int16_t reserved; /* ??? verifier? */ - u_int16_t serviceid; + uint16_t reserved; /* ??? verifier? */ + uint16_t serviceid; /* This should be the other way around according to everything but */ /* tcpdump */ }; diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index 0bf3cdafdb..e498d8f965 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -247,7 +247,7 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y,v 1.27 2005/12/14 09:44:36 lha Exp $"); +RCSID("$Id: parse.y,v 1.28 2006/04/28 10:51:35 lha Exp $"); static Type *new_type (Typetype t); static struct constraint_spec *new_constraint_spec(enum ctype); @@ -538,13 +538,13 @@ static const unsigned short int yyrline[] = 327, 328, 331, 338, 348, 353, 360, 368, 374, 379, 383, 396, 404, 407, 414, 422, 428, 435, 442, 448, 456, 464, 470, 478, 486, 493, 494, 497, 508, 513, - 520, 536, 541, 543, 544, 547, 553, 561, 571, 577, - 590, 599, 602, 606, 610, 617, 620, 624, 631, 642, - 645, 650, 655, 660, 665, 670, 678, 684, 689, 700, - 711, 717, 723, 731, 737, 744, 757, 758, 761, 768, - 771, 782, 786, 797, 803, 804, 807, 808, 809, 810, - 811, 814, 817, 820, 831, 839, 845, 853, 861, 864, - 869 + 520, 536, 542, 545, 546, 549, 555, 563, 573, 579, + 592, 601, 604, 608, 612, 619, 622, 626, 633, 644, + 647, 652, 657, 662, 667, 672, 680, 686, 691, 702, + 713, 719, 725, 733, 739, 746, 759, 760, 763, 770, + 773, 784, 788, 799, 805, 806, 809, 810, 811, 812, + 813, 816, 819, 822, 833, 841, 847, 855, 863, 866, + 871 }; #endif @@ -1752,7 +1752,7 @@ yyreduce: break; case 75: -#line 548 "parse.y" +#line 550 "parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); (yyval.constraint_spec)->u.content.type = (yyvsp[0].type); @@ -1761,7 +1761,7 @@ yyreduce: break; case 76: -#line 554 "parse.y" +#line 556 "parse.y" { if ((yyvsp[0].value)->type != objectidentifiervalue) error_message("Non-OID used in ENCODED BY constraint"); @@ -1772,7 +1772,7 @@ yyreduce: break; case 77: -#line 562 "parse.y" +#line 564 "parse.y" { if ((yyvsp[0].value)->type != objectidentifiervalue) error_message("Non-OID used in ENCODED BY constraint"); @@ -1783,14 +1783,14 @@ yyreduce: break; case 78: -#line 572 "parse.y" +#line 574 "parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_USER); } break; case 79: -#line 578 "parse.y" +#line 580 "parse.y" { (yyval.type) = new_type(TTag); (yyval.type)->tag = (yyvsp[-2].tag); @@ -1804,7 +1804,7 @@ yyreduce: break; case 80: -#line 591 "parse.y" +#line 593 "parse.y" { (yyval.tag).tagclass = (yyvsp[-2].constant); (yyval.tag).tagvalue = (yyvsp[-1].constant); @@ -1813,56 +1813,56 @@ yyreduce: break; case 81: -#line 599 "parse.y" +#line 601 "parse.y" { (yyval.constant) = ASN1_C_CONTEXT; } break; case 82: -#line 603 "parse.y" +#line 605 "parse.y" { (yyval.constant) = ASN1_C_UNIV; } break; case 83: -#line 607 "parse.y" +#line 609 "parse.y" { (yyval.constant) = ASN1_C_APPL; } break; case 84: -#line 611 "parse.y" +#line 613 "parse.y" { (yyval.constant) = ASN1_C_PRIVATE; } break; case 85: -#line 617 "parse.y" +#line 619 "parse.y" { (yyval.constant) = TE_EXPLICIT; } break; case 86: -#line 621 "parse.y" +#line 623 "parse.y" { (yyval.constant) = TE_EXPLICIT; } break; case 87: -#line 625 "parse.y" +#line 627 "parse.y" { (yyval.constant) = TE_IMPLICIT; } break; case 88: -#line 632 "parse.y" +#line 634 "parse.y" { Symbol *s; s = addsym ((yyvsp[-3].name)); @@ -1874,7 +1874,7 @@ yyreduce: break; case 90: -#line 646 "parse.y" +#line 648 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString, TE_EXPLICIT, new_type(TGeneralString)); @@ -1882,7 +1882,7 @@ yyreduce: break; case 91: -#line 651 "parse.y" +#line 653 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String, TE_EXPLICIT, new_type(TUTF8String)); @@ -1890,7 +1890,7 @@ yyreduce: break; case 92: -#line 656 "parse.y" +#line 658 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString, TE_EXPLICIT, new_type(TPrintableString)); @@ -1898,7 +1898,7 @@ yyreduce: break; case 93: -#line 661 "parse.y" +#line 663 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, TE_EXPLICIT, new_type(TIA5String)); @@ -1906,7 +1906,7 @@ yyreduce: break; case 94: -#line 666 "parse.y" +#line 668 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, TE_EXPLICIT, new_type(TBMPString)); @@ -1914,7 +1914,7 @@ yyreduce: break; case 95: -#line 671 "parse.y" +#line 673 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString, TE_EXPLICIT, new_type(TUniversalString)); @@ -1922,7 +1922,7 @@ yyreduce: break; case 96: -#line 679 "parse.y" +#line 681 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -1931,7 +1931,7 @@ yyreduce: break; case 97: -#line 685 "parse.y" +#line 687 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members); (yyval.members) = (yyvsp[-2].members); @@ -1939,7 +1939,7 @@ yyreduce: break; case 98: -#line 690 "parse.y" +#line 692 "parse.y" { struct member *m = ecalloc(1, sizeof(*m)); m->name = estrdup("..."); @@ -1951,7 +1951,7 @@ yyreduce: break; case 99: -#line 701 "parse.y" +#line 703 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[-1].name); @@ -1963,7 +1963,7 @@ yyreduce: break; case 100: -#line 712 "parse.y" +#line 714 "parse.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->optional = 0; @@ -1972,7 +1972,7 @@ yyreduce: break; case 101: -#line 718 "parse.y" +#line 720 "parse.y" { (yyval.member) = (yyvsp[-1].member); (yyval.member)->optional = 1; @@ -1981,7 +1981,7 @@ yyreduce: break; case 102: -#line 724 "parse.y" +#line 726 "parse.y" { (yyval.member) = (yyvsp[-2].member); (yyval.member)->optional = 0; @@ -1990,7 +1990,7 @@ yyreduce: break; case 103: -#line 732 "parse.y" +#line 734 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -1999,7 +1999,7 @@ yyreduce: break; case 104: -#line 738 "parse.y" +#line 740 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members); (yyval.members) = (yyvsp[-2].members); @@ -2007,7 +2007,7 @@ yyreduce: break; case 105: -#line 745 "parse.y" +#line 747 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[-3].name); @@ -2021,26 +2021,26 @@ yyreduce: break; case 107: -#line 758 "parse.y" +#line 760 "parse.y" { (yyval.objid) = NULL; } break; case 108: -#line 762 "parse.y" +#line 764 "parse.y" { (yyval.objid) = (yyvsp[-1].objid); } break; case 109: -#line 768 "parse.y" +#line 770 "parse.y" { (yyval.objid) = NULL; } break; case 110: -#line 772 "parse.y" +#line 774 "parse.y" { if ((yyvsp[0].objid)) { (yyval.objid) = (yyvsp[0].objid); @@ -2052,14 +2052,14 @@ yyreduce: break; case 111: -#line 783 "parse.y" +#line 785 "parse.y" { (yyval.objid) = new_objid((yyvsp[-3].name), (yyvsp[-1].constant)); } break; case 112: -#line 787 "parse.y" +#line 789 "parse.y" { Symbol *s = addsym((yyvsp[0].name)); if(s->stype != SValue || @@ -2073,14 +2073,14 @@ yyreduce: break; case 113: -#line 798 "parse.y" +#line 800 "parse.y" { (yyval.objid) = new_objid(NULL, (yyvsp[0].constant)); } break; case 123: -#line 821 "parse.y" +#line 823 "parse.y" { Symbol *s = addsym((yyvsp[0].name)); if(s->stype != SValue) @@ -2092,7 +2092,7 @@ yyreduce: break; case 124: -#line 832 "parse.y" +#line 834 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = stringvalue; @@ -2101,7 +2101,7 @@ yyreduce: break; case 125: -#line 840 "parse.y" +#line 842 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2110,7 +2110,7 @@ yyreduce: break; case 126: -#line 846 "parse.y" +#line 848 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2119,7 +2119,7 @@ yyreduce: break; case 127: -#line 854 "parse.y" +#line 856 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = integervalue; @@ -2128,13 +2128,13 @@ yyreduce: break; case 129: -#line 865 "parse.y" +#line 867 "parse.y" { } break; case 130: -#line 870 "parse.y" +#line 872 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = objectidentifiervalue; @@ -2374,7 +2374,7 @@ yyreturn: } -#line 877 "parse.y" +#line 879 "parse.y" void diff --git a/source4/heimdal/lib/asn1/pkcs9.asn1 b/source4/heimdal/lib/asn1/pkcs9.asn1 index bcc8f50398..e6df32f65d 100644 --- a/source4/heimdal/lib/asn1/pkcs9.asn1 +++ b/source4/heimdal/lib/asn1/pkcs9.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs9.asn1,v 1.3 2005/07/23 10:38:28 lha Exp $ -- +-- $Id: pkcs9.asn1,v 1.5 2006/04/24 08:59:10 lha Exp $ -- PKCS9 DEFINITIONS ::= @@ -9,6 +9,7 @@ BEGIN id-pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) } +id-pkcs9-emailAddress OBJECT IDENTIFIER ::= {id-pkcs-9 1 } id-pkcs9-contentType OBJECT IDENTIFIER ::= {id-pkcs-9 3 } id-pkcs9-messageDigest OBJECT IDENTIFIER ::= {id-pkcs-9 4 } id-pkcs9-signingTime OBJECT IDENTIFIER ::= {id-pkcs-9 5 } diff --git a/source4/heimdal/lib/des/aes.h b/source4/heimdal/lib/des/aes.h index 8a62c6461d..3ea1c141be 100755 --- a/source4/heimdal/lib/des/aes.h +++ b/source4/heimdal/lib/des/aes.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: aes.h,v 1.5 2006/01/08 21:47:27 lha Exp $ */ +/* $Id: aes.h,v 1.6 2006/05/05 11:06:35 lha Exp $ */ #ifndef HEIM_AES_H #define HEIM_AES_H 1 @@ -54,7 +54,7 @@ #define AES_DECRYPT 0 typedef struct aes_key { - u_int32_t key[(AES_MAXNR+1)*4]; + uint32_t key[(AES_MAXNR+1)*4]; int rounds; } AES_KEY; diff --git a/source4/heimdal/lib/des/des.c b/source4/heimdal/lib/des/des.c index 32d479e372..5b1f5c29f4 100644 --- a/source4/heimdal/lib/des/des.c +++ b/source4/heimdal/lib/des/des.c @@ -45,7 +45,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: des.c,v 1.17 2006/04/14 14:19:36 lha Exp $"); +RCSID("$Id: des.c,v 1.18 2006/04/24 14:26:19 lha Exp $"); #endif #include @@ -513,9 +513,10 @@ DES_cfb64_encrypt(const void *in, void *out, load(*iv, uiv); + assert(*num >= 0 && *num < DES_CBLOCK_LEN); + if (forward_encrypt) { int i = *num; - assert(i >= 0); while (length > 0) { if (i == 0) @@ -537,7 +538,6 @@ DES_cfb64_encrypt(const void *in, void *out, } else { int i = *num; unsigned char c; - assert(i >= 0); while (length > 0) { if (i == 0) { diff --git a/source4/heimdal/lib/des/dh.h b/source4/heimdal/lib/des/dh.h index 419c7d8902..105d298bc3 100644 --- a/source4/heimdal/lib/des/dh.h +++ b/source4/heimdal/lib/des/dh.h @@ -32,7 +32,7 @@ */ /* - * $Id: dh.h,v 1.5 2006/04/20 18:16:17 lha Exp $ + * $Id: dh.h,v 1.6 2006/05/06 13:11:15 lha Exp $ */ #ifndef _HEIM_DH_H @@ -40,6 +40,7 @@ /* symbol renaming */ #define DH_null_method hc_DH_null_method +#define DH_imath_method hc_DH_imath_method #define DH_new hc_DH_new #define DH_new_method hc_DH_new_method #define DH_free hc_DH_free @@ -113,6 +114,7 @@ struct DH { */ const DH_METHOD *DH_null_method(void); +const DH_METHOD *DH_imath_method(void); DH * DH_new(void); DH * DH_new_method(ENGINE *); diff --git a/source4/heimdal/lib/des/engine.h b/source4/heimdal/lib/des/engine.h index 757d0f75fb..65588f7d78 100644 --- a/source4/heimdal/lib/des/engine.h +++ b/source4/heimdal/lib/des/engine.h @@ -32,7 +32,7 @@ */ /* - * $Id: engine.h,v 1.5 2006/04/17 13:16:17 lha Exp $ + * $Id: engine.h,v 1.6 2006/05/06 12:34:36 lha Exp $ */ #ifndef _HEIM_ENGINE_H @@ -55,6 +55,10 @@ #define ENGINE_set_name hc_ENGINE_set_name #define ENGINE_set_destroy_function hc_ENGINE_set_destroy_function #define ENGINE_up_ref hc_ENGINE_up_ref +#define ENGINE_get_default_DH hc_ENGINE_get_default_DH +#define ENGINE_get_default_RSA hc_ENGINE_get_default_RSA +#define ENGINE_set_default_DH hc_ENGINE_set_default_DH +#define ENGINE_set_default_RSA hc_ENGINE_set_default_RSA /* * diff --git a/source4/heimdal/lib/des/evp.c b/source4/heimdal/lib/des/evp.c index 475bb7314e..fd6ac63ec2 100644 --- a/source4/heimdal/lib/des/evp.c +++ b/source4/heimdal/lib/des/evp.c @@ -841,11 +841,13 @@ EVP_BytesToKey(const EVP_CIPHER *type, EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN); EVP_DigestFinal_ex(&c, buf, &mds); + assert(mds == EVP_MD_size(md)); for (i = 1; i < count; i++) { EVP_DigestInit_ex(&c, md, NULL); EVP_DigestUpdate(&c, buf, mds); EVP_DigestFinal_ex(&c, buf, &mds); + assert(mds == EVP_MD_size(md)); } i = 0; diff --git a/source4/heimdal/lib/des/hash.h b/source4/heimdal/lib/des/hash.h index 24217a27a5..b6da9bd8e0 100644 --- a/source4/heimdal/lib/des/hash.h +++ b/source4/heimdal/lib/des/hash.h @@ -30,7 +30,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: hash.h,v 1.3 2005/04/27 11:53:48 lha Exp $ */ +/* $Id: hash.h,v 1.4 2006/05/05 11:06:49 lha Exp $ */ /* stuff in common between md4, md5, and sha1 */ @@ -61,8 +61,8 @@ #define CRAYFIX(X) (X) #endif -static inline u_int32_t -cshift (u_int32_t x, unsigned int n) +static inline uint32_t +cshift (uint32_t x, unsigned int n) { x = CRAYFIX(x); return CRAYFIX((x << n) | (x >> (32 - n))); diff --git a/source4/heimdal/lib/des/md4.c b/source4/heimdal/lib/des/md4.c index 693b8f5c76..ded4fe12e8 100644 --- a/source4/heimdal/lib/des/md4.c +++ b/source4/heimdal/lib/des/md4.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: md4.c,v 1.17 2005/04/27 11:54:56 lha Exp $"); +RCSID("$Id: md4.c,v 1.18 2006/05/05 10:22:04 lha Exp $"); #endif #include "hash.h" @@ -69,9 +69,9 @@ a = cshift(a + OP(b,c,d) + X[k] + i, s) #define DO3(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,H) static inline void -calc (struct md4 *m, u_int32_t *data) +calc (struct md4 *m, uint32_t *data) { - u_int32_t AA, BB, CC, DD; + uint32_t AA, BB, CC, DD; AA = A; BB = B; @@ -155,10 +155,10 @@ calc (struct md4 *m, u_int32_t *data) */ #if defined(WORDS_BIGENDIAN) -static inline u_int32_t -swap_u_int32_t (u_int32_t t) +static inline uint32_t +swap_uint32_t (uint32_t t) { - u_int32_t temp1, temp2; + uint32_t temp1, temp2; temp1 = cshift(t, 16); temp2 = temp1 >> 8; @@ -194,15 +194,15 @@ MD4_Update (struct md4 *m, const void *v, size_t len) if(offset == 64) { #if defined(WORDS_BIGENDIAN) int i; - u_int32_t current[16]; + uint32_t current[16]; struct x32 *u = (struct x32*)m->save; for(i = 0; i < 8; i++){ - current[2*i+0] = swap_u_int32_t(u[i].a); - current[2*i+1] = swap_u_int32_t(u[i].b); + current[2*i+0] = swap_uint32_t(u[i].a); + current[2*i+1] = swap_uint32_t(u[i].b); } calc(m, current); #else - calc(m, (u_int32_t*)m->save); + calc(m, (uint32_t*)m->save); #endif offset = 0; } @@ -241,10 +241,10 @@ MD4_Final (void *res, struct md4 *m) #if 0 { int i; - u_int32_t *r = (u_int32_t *)res; + uint32_t *r = (uint32_t *)res; for (i = 0; i < 4; ++i) - r[i] = swap_u_int32_t (m->counter[i]); + r[i] = swap_uint32_t (m->counter[i]); } #endif } diff --git a/source4/heimdal/lib/des/md4.h b/source4/heimdal/lib/des/md4.h index 79055e0fb0..f8c011b9b7 100644 --- a/source4/heimdal/lib/des/md4.h +++ b/source4/heimdal/lib/des/md4.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: md4.h,v 1.10 2006/01/08 21:47:28 lha Exp $ */ +/* $Id: md4.h,v 1.11 2006/05/05 11:07:01 lha Exp $ */ #ifndef HEIM_MD4_H #define HEIM_MD4_H 1 @@ -49,7 +49,7 @@ struct md4 { unsigned int sz[2]; - u_int32_t counter[4]; + uint32_t counter[4]; unsigned char save[64]; }; diff --git a/source4/heimdal/lib/des/md5.c b/source4/heimdal/lib/des/md5.c index d5b7c245f6..e23d6c8fd7 100644 --- a/source4/heimdal/lib/des/md5.c +++ b/source4/heimdal/lib/des/md5.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: md5.c,v 1.17 2005/04/27 11:54:35 lha Exp $"); +RCSID("$Id: md5.c,v 1.18 2006/05/05 10:22:35 lha Exp $"); #endif #include "hash.h" @@ -71,9 +71,9 @@ a = b + cshift(a + OP(b,c,d) + X[k] + (i), s) #define DO4(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,I) static inline void -calc (struct md5 *m, u_int32_t *data) +calc (struct md5 *m, uint32_t *data) { - u_int32_t AA, BB, CC, DD; + uint32_t AA, BB, CC, DD; AA = A; BB = B; @@ -179,10 +179,10 @@ calc (struct md5 *m, u_int32_t *data) */ #if defined(WORDS_BIGENDIAN) -static inline u_int32_t -swap_u_int32_t (u_int32_t t) +static inline uint32_t +swap_uint32_t (uint32_t t) { - u_int32_t temp1, temp2; + uint32_t temp1, temp2; temp1 = cshift(t, 16); temp2 = temp1 >> 8; @@ -218,15 +218,15 @@ MD5_Update (struct md5 *m, const void *v, size_t len) if(offset == 64){ #if defined(WORDS_BIGENDIAN) int i; - u_int32_t current[16]; + uint32_t current[16]; struct x32 *u = (struct x32*)m->save; for(i = 0; i < 8; i++){ - current[2*i+0] = swap_u_int32_t(u[i].a); - current[2*i+1] = swap_u_int32_t(u[i].b); + current[2*i+0] = swap_uint32_t(u[i].a); + current[2*i+1] = swap_uint32_t(u[i].b); } calc(m, current); #else - calc(m, (u_int32_t*)m->save); + calc(m, (uint32_t*)m->save); #endif offset = 0; } @@ -265,10 +265,10 @@ MD5_Final (void *res, struct md5 *m) #if 0 { int i; - u_int32_t *r = (u_int32_t *)res; + uint32_t *r = (uint32_t *)res; for (i = 0; i < 4; ++i) - r[i] = swap_u_int32_t (m->counter[i]); + r[i] = swap_uint32_t (m->counter[i]); } #endif } diff --git a/source4/heimdal/lib/des/md5.h b/source4/heimdal/lib/des/md5.h index 534bc9917e..54c34fe572 100644 --- a/source4/heimdal/lib/des/md5.h +++ b/source4/heimdal/lib/des/md5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: md5.h,v 1.10 2006/01/08 21:47:28 lha Exp $ */ +/* $Id: md5.h,v 1.11 2006/05/05 11:07:11 lha Exp $ */ #ifndef HEIM_MD5_H #define HEIM_MD5_H 1 @@ -49,7 +49,7 @@ struct md5 { unsigned int sz[2]; - u_int32_t counter[4]; + uint32_t counter[4]; unsigned char save[64]; }; @@ -57,6 +57,6 @@ typedef struct md5 MD5_CTX; void MD5_Init (struct md5 *m); void MD5_Update (struct md5 *m, const void *p, size_t len); -void MD5_Final (void *res, struct md5 *m); /* u_int32_t res[4] */ +void MD5_Final (void *res, struct md5 *m); /* uint32_t res[4] */ #endif /* HEIM_MD5_H */ diff --git a/source4/heimdal/lib/des/pkcs5.c b/source4/heimdal/lib/des/pkcs5.c index 4bfc313741..9ed494ef6f 100644 --- a/source4/heimdal/lib/des/pkcs5.c +++ b/source4/heimdal/lib/des/pkcs5.c @@ -35,7 +35,11 @@ #include #endif -RCSID("$Id: pkcs5.c,v 1.1 2006/02/28 14:16:57 lha Exp $"); +RCSID("$Id: pkcs5.c,v 1.3 2006/05/05 10:23:11 lha Exp $"); + +#ifdef KRB5 +#include +#endif #include #include @@ -53,7 +57,7 @@ PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len, { size_t datalen, leftofkey, checksumsize; char *data, *tmpcksum; - u_int32_t keypart; + uint32_t keypart; const EVP_MD *md; unsigned long i; int j; diff --git a/source4/heimdal/lib/des/rijndael-alg-fst.c b/source4/heimdal/lib/des/rijndael-alg-fst.c index 65b36ab741..d6e4f45c18 100755 --- a/source4/heimdal/lib/des/rijndael-alg-fst.c +++ b/source4/heimdal/lib/des/rijndael-alg-fst.c @@ -31,7 +31,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: rijndael-alg-fst.c,v 1.2 2004/06/02 20:09:48 lha Exp $"); +RCSID("$Id: rijndael-alg-fst.c,v 1.3 2006/05/05 10:23:41 lha Exp $"); #endif #ifdef KRB5 @@ -41,9 +41,9 @@ RCSID("$Id: rijndael-alg-fst.c,v 1.2 2004/06/02 20:09:48 lha Exp $"); #include /* the file should not be used from outside */ -typedef u_int8_t u8; -typedef u_int16_t u16; -typedef u_int32_t u32; +typedef uint8_t u8; +typedef uint16_t u16; +typedef uint32_t u32; /* Te0[x] = S [x].[02, 01, 01, 03]; diff --git a/source4/heimdal/lib/des/rijndael-alg-fst.h b/source4/heimdal/lib/des/rijndael-alg-fst.h index 6b6e2a5cd3..7e2e1935fd 100755 --- a/source4/heimdal/lib/des/rijndael-alg-fst.h +++ b/source4/heimdal/lib/des/rijndael-alg-fst.h @@ -38,9 +38,9 @@ #define RIJNDAEL_MAXKB (256/8) #define RIJNDAEL_MAXNR 14 -int rijndaelKeySetupEnc(u_int32_t rk[/*4*(Nr + 1)*/], const u_int8_t cipherKey[], int keyBits); -int rijndaelKeySetupDec(u_int32_t rk[/*4*(Nr + 1)*/], const u_int8_t cipherKey[], int keyBits); -void rijndaelEncrypt(const u_int32_t rk[/*4*(Nr + 1)*/], int Nr, const u_int8_t pt[16], u_int8_t ct[16]); -void rijndaelDecrypt(const u_int32_t rk[/*4*(Nr + 1)*/], int Nr, const u_int8_t ct[16], u_int8_t pt[16]); +int rijndaelKeySetupEnc(uint32_t rk[/*4*(Nr + 1)*/], const uint8_t cipherKey[], int keyBits); +int rijndaelKeySetupDec(uint32_t rk[/*4*(Nr + 1)*/], const uint8_t cipherKey[], int keyBits); +void rijndaelEncrypt(const uint32_t rk[/*4*(Nr + 1)*/], int Nr, const uint8_t pt[16], uint8_t ct[16]); +void rijndaelDecrypt(const uint32_t rk[/*4*(Nr + 1)*/], int Nr, const uint8_t ct[16], uint8_t pt[16]); #endif /* __RIJNDAEL_ALG_FST_H */ diff --git a/source4/heimdal/lib/des/rnd_keys.c b/source4/heimdal/lib/des/rnd_keys.c index e27b00defa..e58faefcb0 100644 --- a/source4/heimdal/lib/des/rnd_keys.c +++ b/source4/heimdal/lib/des/rnd_keys.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: rnd_keys.c,v 1.70 2006/01/08 21:47:29 lha Exp $"); +RCSID("$Id: rnd_keys.c,v 1.71 2006/05/05 10:24:31 lha Exp $"); #endif #ifdef KRB5 @@ -82,8 +82,8 @@ static int sumFile (const char *name, int len, void *res) { - u_int32_t sum[2] = { 0, 0 }; - u_int32_t buf[1024*2]; + uint32_t sum[2] = { 0, 0 }; + uint32_t buf[1024*2]; int fd, i; fd = open (name, 0); @@ -148,7 +148,7 @@ md5sumFile (const char *name, int len, int32_t sum[4]) * based on an initial des key used as a seed. */ static DES_key_schedule sequence_seed; -static u_int32_t sequence_index[2]; +static uint32_t sequence_index[2]; /* * Random number generator based on ideas from truerand in cryptolib diff --git a/source4/heimdal/lib/des/sha.c b/source4/heimdal/lib/des/sha.c index ca6c1c16d4..fae0fe01cb 100644 --- a/source4/heimdal/lib/des/sha.c +++ b/source4/heimdal/lib/des/sha.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: sha.c,v 1.18 2005/04/27 11:55:05 lha Exp $"); +RCSID("$Id: sha.c,v 1.19 2006/05/05 10:25:00 lha Exp $"); #endif #include "hash.h" @@ -72,7 +72,7 @@ SHA1_Init (struct sha *m) #define DO(t,f,k) \ do { \ - u_int32_t temp; \ + uint32_t temp; \ \ temp = cshift(AA, 5) + f(BB,CC,DD) + EE + data[t] + k; \ EE = DD; \ @@ -83,10 +83,10 @@ do { \ } while(0) static inline void -calc (struct sha *m, u_int32_t *in) +calc (struct sha *m, uint32_t *in) { - u_int32_t AA, BB, CC, DD, EE; - u_int32_t data[80]; + uint32_t AA, BB, CC, DD, EE; + uint32_t data[80]; int i; AA = A; @@ -204,11 +204,11 @@ calc (struct sha *m, u_int32_t *in) */ #if !defined(WORDS_BIGENDIAN) || defined(_CRAY) -static inline u_int32_t -swap_u_int32_t (u_int32_t t) +static inline uint32_t +swap_uint32_t (uint32_t t) { #define ROL(x,n) ((x)<<(n))|((x)>>(32-(n))) - u_int32_t temp1, temp2; + uint32_t temp1, temp2; temp1 = cshift(t, 16); temp2 = temp1 >> 8; @@ -244,15 +244,15 @@ SHA1_Update (struct sha *m, const void *v, size_t len) if(offset == 64){ #if !defined(WORDS_BIGENDIAN) || defined(_CRAY) int i; - u_int32_t current[16]; + uint32_t current[16]; struct x32 *u = (struct x32*)m->save; for(i = 0; i < 8; i++){ - current[2*i+0] = swap_u_int32_t(u[i].a); - current[2*i+1] = swap_u_int32_t(u[i].b); + current[2*i+0] = swap_uint32_t(u[i].a); + current[2*i+1] = swap_uint32_t(u[i].b); } calc(m, current); #else - calc(m, (u_int32_t*)m->save); + calc(m, (uint32_t*)m->save); #endif offset = 0; } @@ -291,10 +291,10 @@ SHA1_Final (void *res, struct sha *m) #if 0 { int i; - u_int32_t *r = (u_int32_t *)res; + uint32_t *r = (uint32_t *)res; for (i = 0; i < 5; ++i) - r[i] = swap_u_int32_t (m->counter[i]); + r[i] = swap_uint32_t (m->counter[i]); } #endif } diff --git a/source4/heimdal/lib/des/sha.h b/source4/heimdal/lib/des/sha.h index 6021823f5c..977b9f7bb2 100644 --- a/source4/heimdal/lib/des/sha.h +++ b/source4/heimdal/lib/des/sha.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: sha.h,v 1.10 2006/04/15 07:54:11 lha Exp $ */ +/* $Id: sha.h,v 1.11 2006/05/05 11:06:21 lha Exp $ */ #ifndef HEIM_SHA_H #define HEIM_SHA_H 1 @@ -52,7 +52,7 @@ struct sha { unsigned int sz[2]; - u_int32_t counter[5]; + uint32_t counter[5]; unsigned char save[64]; }; @@ -70,7 +70,7 @@ void SHA1_Final (void *res, struct sha *m); struct hc_sha256state { unsigned int sz[2]; - u_int32_t counter[8]; + uint32_t counter[8]; unsigned char save[64]; }; diff --git a/source4/heimdal/lib/des/sha256.c b/source4/heimdal/lib/des/sha256.c index 8c12ce504c..58fb92815a 100644 --- a/source4/heimdal/lib/des/sha256.c +++ b/source4/heimdal/lib/des/sha256.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2001, 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: sha256.c,v 1.1 2006/04/15 07:53:07 lha Exp $"); +RCSID("$Id: sha256.c,v 1.2 2006/05/05 10:25:37 lha Exp $"); #endif #include "hash.h" @@ -59,7 +59,7 @@ RCSID("$Id: sha256.c,v 1.1 2006/04/15 07:53:07 lha Exp $"); #define G m->counter[6] #define H m->counter[7] -static const u_int32_t constant_256[64] = { +static const uint32_t constant_256[64] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, @@ -94,10 +94,10 @@ SHA256_Init (SHA256_CTX *m) } static void -calc (SHA256_CTX *m, u_int32_t *in) +calc (SHA256_CTX *m, uint32_t *in) { - u_int32_t AA, BB, CC, DD, EE, FF, GG, HH; - u_int32_t data[64]; + uint32_t AA, BB, CC, DD, EE, FF, GG, HH; + uint32_t data[64]; int i; AA = A; @@ -116,7 +116,7 @@ calc (SHA256_CTX *m, u_int32_t *in) sigma0(data[i-15]) + data[i - 16]; for (i = 0; i < 64; i++) { - u_int32_t T1, T2; + uint32_t T1, T2; T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_256[i] + data[i]; T2 = Sigma0(AA) + Maj(AA,BB,CC); @@ -146,11 +146,11 @@ calc (SHA256_CTX *m, u_int32_t *in) */ #if !defined(WORDS_BIGENDIAN) || defined(_CRAY) -static inline u_int32_t -swap_u_int32_t (u_int32_t t) +static inline uint32_t +swap_uint32_t (uint32_t t) { #define ROL(x,n) ((x)<<(n))|((x)>>(32-(n))) - u_int32_t temp1, temp2; + uint32_t temp1, temp2; temp1 = cshift(t, 16); temp2 = temp1 >> 8; @@ -186,15 +186,15 @@ SHA256_Update (SHA256_CTX *m, const void *v, size_t len) if(offset == 64){ #if !defined(WORDS_BIGENDIAN) || defined(_CRAY) int i; - u_int32_t current[16]; + uint32_t current[16]; struct x32 *u = (struct x32*)m->save; for(i = 0; i < 8; i++){ - current[2*i+0] = swap_u_int32_t(u[i].a); - current[2*i+1] = swap_u_int32_t(u[i].b); + current[2*i+0] = swap_uint32_t(u[i].a); + current[2*i+1] = swap_uint32_t(u[i].b); } calc(m, current); #else - calc(m, (u_int32_t*)m->save); + calc(m, (uint32_t*)m->save); #endif offset = 0; } diff --git a/source4/heimdal/lib/gssapi/8003.c b/source4/heimdal/lib/gssapi/8003.c index 0062068d5b..ad580811a5 100644 --- a/source4/heimdal/lib/gssapi/8003.c +++ b/source4/heimdal/lib/gssapi/8003.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: 8003.c,v 1.17 2005/04/01 08:55:36 lha Exp $"); +RCSID("$Id: 8003.c,v 1.18 2006/05/04 11:55:40 lha Exp $"); krb5_error_code gssapi_encode_om_uint32(OM_uint32 n, u_char *p) @@ -56,15 +56,17 @@ gssapi_encode_be_om_uint32(OM_uint32 n, u_char *p) } krb5_error_code -gssapi_decode_om_uint32(u_char *p, OM_uint32 *n) +gssapi_decode_om_uint32(const void *ptr, OM_uint32 *n) { + const u_char *p = ptr; *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); return 0; } krb5_error_code -gssapi_decode_be_om_uint32(u_char *p, OM_uint32 *n) +gssapi_decode_be_om_uint32(const void *ptr, OM_uint32 *n) { + const u_char *p = ptr; *n = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0); return 0; } diff --git a/source4/heimdal/lib/gssapi/arcfour.c b/source4/heimdal/lib/gssapi/arcfour.c index 01c6c75ecc..936a20d403 100644 --- a/source4/heimdal/lib/gssapi/arcfour.c +++ b/source4/heimdal/lib/gssapi/arcfour.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: arcfour.c,v 1.18 2005/11/01 06:55:55 lha Exp $"); +RCSID("$Id: arcfour.c,v 1.19 2006/05/04 11:56:50 lha Exp $"); /* * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt @@ -246,8 +246,8 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, krb5_error_code ret; int32_t seq_number; OM_uint32 omret; - char cksum_data[8], k6_data[16], SND_SEQ[8]; - u_char *p; + u_char SND_SEQ[8], cksum_data[8], *p; + char k6_data[16]; int cmp; if (qop_state) @@ -295,7 +295,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, { RC4_KEY rc4_key; - RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); + RC4_set_key (&rc4_key, sizeof(k6_data), (void*)k6_data); RC4 (&rc4_key, 8, p, SND_SEQ); memset(&rc4_key, 0, sizeof(rc4_key)); @@ -480,7 +480,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, if(conf_req_flag) { RC4_KEY rc4_key; - RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); + RC4_set_key (&rc4_key, sizeof(k6_data), (void *)k6_data); /* XXX ? */ RC4 (&rc4_key, 8 + datalen, p0 + 24, p0 + 24); /* Confounder + data */ memset(&rc4_key, 0, sizeof(rc4_key)); @@ -526,8 +526,8 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, int32_t seq_number; size_t len, datalen; OM_uint32 omret; - char k6_data[16], SND_SEQ[8], Confounder[8]; - char cksum_data[8]; + u_char k6_data[16], SND_SEQ[8], Confounder[8]; + u_char cksum_data[8]; u_char *p, *p0; int cmp; int conf_flag; diff --git a/source4/heimdal/lib/gssapi/cfx.c b/source4/heimdal/lib/gssapi/cfx.c index 3e7592b3a7..1aebd008a6 100755 --- a/source4/heimdal/lib/gssapi/cfx.c +++ b/source4/heimdal/lib/gssapi/cfx.c @@ -32,7 +32,7 @@ #include "gssapi_locl.h" -RCSID("$Id: cfx.c,v 1.17 2005/04/27 17:47:32 lha Exp $"); +RCSID("$Id: cfx.c,v 1.19 2006/05/05 10:26:43 lha Exp $"); /* * Implementation of draft-ietf-krb-wg-gssapi-cfx-06.txt @@ -143,11 +143,10 @@ OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status, */ static krb5_error_code -rrc_rotate(void *data, size_t len, u_int16_t rrc, krb5_boolean unrotate) +rrc_rotate(void *data, size_t len, uint16_t rrc, krb5_boolean unrotate) { - u_char *tmp; + u_char *tmp, buf[256]; size_t left; - char buf[256]; if (len == 0) return 0; @@ -220,7 +219,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, } /* Always rotate encrypted token (if any) and checksum to header */ - rrc = (conf_req_flag ? sizeof(*token) : 0) + (u_int16_t)cksumsize; + rrc = (conf_req_flag ? sizeof(*token) : 0) + (uint16_t)cksumsize; output_message_buffer->length = wrapped_len; output_message_buffer->value = malloc(output_message_buffer->length); @@ -420,7 +419,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, krb5_error_code ret; unsigned usage; krb5_data data; - u_int16_t ec, rrc; + uint16_t ec, rrc; OM_uint32 seq_number_lo, seq_number_hi; size_t len; u_char *p; diff --git a/source4/heimdal/lib/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi.h index b93ad4e481..eac2737f43 100644 --- a/source4/heimdal/lib/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi.h,v 1.39 2005/12/05 11:52:45 lha Exp $ */ +/* $Id: gssapi.h,v 1.40 2006/05/05 11:08:29 lha Exp $ */ #ifndef GSSAPI_H_ #define GSSAPI_H_ @@ -47,9 +47,9 @@ * Now define the three implementation-dependent types. */ -typedef u_int32_t OM_uint32; +typedef uint32_t OM_uint32; -typedef u_int32_t gss_uint32; +typedef uint32_t gss_uint32; /* * This is to avoid having to include diff --git a/source4/heimdal/lib/gssapi/gssapi_locl.h b/source4/heimdal/lib/gssapi/gssapi_locl.h index be2277b96f..81169a8500 100644 --- a/source4/heimdal/lib/gssapi/gssapi_locl.h +++ b/source4/heimdal/lib/gssapi/gssapi_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_locl.h,v 1.44 2006/04/12 17:44:05 lha Exp $ */ +/* $Id: gssapi_locl.h,v 1.45 2006/05/04 11:56:14 lha Exp $ */ #ifndef GSSAPI_LOCL_H #define GSSAPI_LOCL_H @@ -307,9 +307,9 @@ krb5_error_code gssapi_encode_be_om_uint32(OM_uint32, u_char *); krb5_error_code -gssapi_decode_om_uint32(u_char *, OM_uint32 *); +gssapi_decode_om_uint32(const void *, OM_uint32 *); krb5_error_code -gssapi_decode_be_om_uint32(u_char *, OM_uint32 *); +gssapi_decode_be_om_uint32(const void *, OM_uint32 *); #endif diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c index e363ee22f7..dc937daae5 100644 --- a/source4/heimdal/lib/gssapi/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/init_sec_context.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: init_sec_context.c,v 1.62 2006/04/09 18:45:18 lha Exp $"); +RCSID("$Id: init_sec_context.c,v 1.63 2006/05/05 10:27:13 lha Exp $"); /* * copy the addresses from `input_chan_bindings' (if any) to diff --git a/source4/heimdal/lib/gssapi/wrap.c b/source4/heimdal/lib/gssapi/wrap.c index 0c089067b6..7072ca2754 100644 --- a/source4/heimdal/lib/gssapi/wrap.c +++ b/source4/heimdal/lib/gssapi/wrap.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: wrap.c,v 1.32 2006/04/02 02:10:03 lha Exp $"); +RCSID("$Id: wrap.c,v 1.33 2006/05/05 10:27:36 lha Exp $"); OM_uint32 gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, @@ -428,7 +428,7 @@ wrap_des3 u_char seq[8]; int32_t seq_number; size_t len, total_len, padlength, datalen; - u_int32_t ret; + uint32_t ret; krb5_crypto crypto; Checksum cksum; krb5_data encdata; diff --git a/source4/heimdal/lib/hdb/ext.c b/source4/heimdal/lib/hdb/ext.c index 850b23fb04..a8995e4138 100644 --- a/source4/heimdal/lib/hdb/ext.c +++ b/source4/heimdal/lib/hdb/ext.c @@ -34,7 +34,7 @@ #include "hdb_locl.h" #include -RCSID("$Id: ext.c,v 1.1 2005/08/11 20:49:31 lha Exp $"); +RCSID("$Id: ext.c,v 1.2 2006/04/25 10:20:22 lha Exp $"); krb5_error_code hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) @@ -168,10 +168,10 @@ hdb_replace_extension(krb5_context context, ret = copy_HDB_extension(ext, &entry->extensions->val[entry->extensions->len]); - if (ret == 0) { + if (ret == 0) entry->extensions->len++; + else krb5_set_error_string(context, "hdb: failed to copy new extension"); - } return ret; } diff --git a/source4/heimdal/lib/hdb/hdb-private.h b/source4/heimdal/lib/hdb/hdb-private.h index e602f01373..5147d8b90b 100644 --- a/source4/heimdal/lib/hdb/hdb-private.h +++ b/source4/heimdal/lib/hdb/hdb-private.h @@ -8,14 +8,13 @@ krb5_error_code _hdb_fetch ( krb5_context /*context*/, HDB */*db*/, - unsigned /*flags*/, krb5_const_principal /*principal*/, - enum hdb_ent_type /*ent_type*/, + unsigned /*flags*/, hdb_entry_ex */*entry*/); hdb_master_key _hdb_find_master_key ( - u_int32_t */*mkvno*/, + uint32_t */*mkvno*/, hdb_master_key /*mkey*/); int @@ -43,7 +42,7 @@ krb5_error_code _hdb_remove ( krb5_context /*context*/, HDB */*db*/, - hdb_entry_ex */*entry*/); + krb5_const_principal /*principal*/); krb5_error_code _hdb_store ( diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index b89937f82f..5d2ce8f3bb 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: hdb.c,v 1.60 2005/12/12 12:35:36 lha Exp $"); +RCSID("$Id: hdb.c,v 1.61 2006/04/24 20:57:58 lha Exp $"); #ifdef HAVE_DLFCN_H #include diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index 463cbf71f2..d14eea7ddc 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hdb.h,v 1.36 2005/12/12 12:35:36 lha Exp $ */ +/* $Id: hdb.h,v 1.38 2006/04/28 07:37:11 lha Exp $ */ #ifndef __HDB_H__ #define __HDB_H__ @@ -44,14 +44,16 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK }; /* flags for various functions */ -#define HDB_F_DECRYPT 1 /* decrypt keys */ -#define HDB_F_REPLACE 2 /* replace entry */ +#define HDB_F_DECRYPT 1 /* decrypt keys */ +#define HDB_F_REPLACE 2 /* replace entry */ +#define HDB_F_GET_CLIENT 4 /* fetch client */ +#define HDB_F_GET_SERVER 8 /* fetch server */ +#define HDB_F_GET_KRBTGT 16 /* fetch krbtgt */ +#define HDB_F_GET_ANY 28 /* fetch any of client,server,krbtgt */ /* key usage for master key */ #define HDB_KU_MKEY 0x484442 -enum hdb_ent_type{ HDB_ENT_TYPE_CLIENT, HDB_ENT_TYPE_SERVER, HDB_ENT_TYPE_ANY }; - typedef struct hdb_master_key_data *hdb_master_key; typedef struct hdb_entry_ex { @@ -87,30 +89,60 @@ typedef struct HDB{ hdb_master_key hdb_master_key; void *hdb_openp; - krb5_error_code (*hdb_open)(krb5_context, struct HDB*, int, mode_t); - krb5_error_code (*hdb_close)(krb5_context, struct HDB*); - void (*hdb_free)(krb5_context,struct HDB*,hdb_entry_ex*); - krb5_error_code (*hdb_fetch)(krb5_context,struct HDB*,unsigned hdb_flags, - krb5_const_principal principal, - enum hdb_ent_type ent_type, hdb_entry_ex*); - krb5_error_code (*hdb_store)(krb5_context,struct HDB*, - unsigned,hdb_entry_ex*); - krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry_ex*); - krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*, - unsigned, hdb_entry_ex*); - krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*, - unsigned, hdb_entry_ex*); - krb5_error_code (*hdb_lock)(krb5_context, struct HDB*, int operation); - krb5_error_code (*hdb_unlock)(krb5_context, struct HDB*); - krb5_error_code (*hdb_rename)(krb5_context, struct HDB*, const char*); - krb5_error_code (*hdb__get)(krb5_context,struct HDB*,krb5_data,krb5_data*); - krb5_error_code (*hdb__put)(krb5_context, struct HDB*, int, - krb5_data, krb5_data); - krb5_error_code (*hdb__del)(krb5_context, struct HDB*, krb5_data); - krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*); + krb5_error_code (*hdb_open)(krb5_context, + struct HDB*, + int, + mode_t); + krb5_error_code (*hdb_close)(krb5_context, + struct HDB*); + void (*hdb_free)(krb5_context, + struct HDB*, + hdb_entry_ex*); + krb5_error_code (*hdb_fetch)(krb5_context, + struct HDB*, + krb5_const_principal, + unsigned, + hdb_entry_ex*); + krb5_error_code (*hdb_store)(krb5_context, + struct HDB*, + unsigned, + hdb_entry_ex*); + krb5_error_code (*hdb_remove)(krb5_context, + struct HDB*, + krb5_const_principal); + krb5_error_code (*hdb_firstkey)(krb5_context, + struct HDB*, + unsigned, + hdb_entry_ex*); + krb5_error_code (*hdb_nextkey)(krb5_context, + struct HDB*, + unsigned, + hdb_entry_ex*); + krb5_error_code (*hdb_lock)(krb5_context, + struct HDB*, + int operation); + krb5_error_code (*hdb_unlock)(krb5_context, + struct HDB*); + krb5_error_code (*hdb_rename)(krb5_context, + struct HDB*, + const char*); + krb5_error_code (*hdb__get)(krb5_context, + struct HDB*, + krb5_data, + krb5_data*); + krb5_error_code (*hdb__put)(krb5_context, + struct HDB*, + int, + krb5_data, + krb5_data); + krb5_error_code (*hdb__del)(krb5_context, + struct HDB*, + krb5_data); + krb5_error_code (*hdb_destroy)(krb5_context, + struct HDB*); }HDB; -#define HDB_INTERFACE_VERSION 3 +#define HDB_INTERFACE_VERSION 4 struct hdb_so_method { int version; diff --git a/source4/heimdal/lib/hdb/keys.c b/source4/heimdal/lib/hdb/keys.c index 0ca3846f9d..d7c2f2c89b 100644 --- a/source4/heimdal/lib/hdb/keys.c +++ b/source4/heimdal/lib/hdb/keys.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: keys.c,v 1.4 2006/04/02 00:45:48 lha Exp $"); +RCSID("$Id: keys.c,v 1.5 2006/04/25 08:09:38 lha Exp $"); /* * free all the memory used by (len, keys) @@ -112,23 +112,19 @@ parse_key_set(krb5_context context, const char *key, if(strcmp(buf[i], "des") == 0) { enctypes = all_etypes; num_enctypes = 3; - continue; } else if(strcmp(buf[i], "des3") == 0) { e = ETYPE_DES3_CBC_SHA1; enctypes = &e; num_enctypes = 1; - continue; } else { ret = krb5_string_to_enctype(context, buf[i], &e); if (ret == 0) { enctypes = &e; num_enctypes = 1; - continue; - } + } else + return ret; } - } - - if(salt->salttype == 0) { + } else if(salt->salttype == 0) { /* interpret string as a salt specifier, if no etype is set, this sets default values */ /* XXX should perhaps use string_to_salttype, but that @@ -152,7 +148,7 @@ parse_key_set(krb5_context context, const char *key, v4 compat, and a cell name for afs compat */ salt->saltvalue.data = strdup(buf[i]); if (salt->saltvalue.data == NULL) { - krb5_set_error_string(context, "malloc out of memory"); + krb5_set_error_string(context, "out of memory"); return ENOMEM; } salt->saltvalue.length = strlen(buf[i]); @@ -297,7 +293,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal, ret = parse_key_set(context, p, &enctypes, &num_enctypes, &salt, principal); if (ret) { - krb5_warnx(context, "bad value for default_keys `%s'", *kp); + krb5_warn(context, ret, "bad value for default_keys `%s'", *kp); ret = 0; continue; } diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index 12979eaecf..b4fa5f84c9 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -35,7 +35,7 @@ /* keytab backend for HDB databases */ -RCSID("$Id: keytab.c,v 1.10 2006/04/02 20:20:45 lha Exp $"); +RCSID("$Id: keytab.c,v 1.11 2006/04/27 11:01:30 lha Exp $"); struct hdb_data { char *dbname; @@ -218,8 +218,8 @@ hdb_get_entry(krb5_context context, (*db->hdb_destroy)(context, db); return ret; } + ret = (*db->hdb_fetch)(context, db, principal, HDB_F_DECRYPT, &ent); - ret = (*db->hdb_fetch)(context, db, HDB_F_DECRYPT, principal, HDB_ENT_TYPE_SERVER, &ent); /* Shutdown the hdb on error */ if(ret == HDB_ERR_NOENTRY) { diff --git a/source4/heimdal/lib/hdb/mkey.c b/source4/heimdal/lib/hdb/mkey.c index f12f73e809..40569b29ad 100644 --- a/source4/heimdal/lib/hdb/mkey.c +++ b/source4/heimdal/lib/hdb/mkey.c @@ -36,7 +36,7 @@ #define O_BINARY 0 #endif -RCSID("$Id: mkey.c,v 1.21 2005/08/19 13:07:03 lha Exp $"); +RCSID("$Id: mkey.c,v 1.22 2006/05/05 10:27:59 lha Exp $"); struct hdb_master_key_data { krb5_keytab_entry keytab; @@ -355,7 +355,7 @@ hdb_write_master_key(krb5_context context, const char *filename, } hdb_master_key -_hdb_find_master_key(u_int32_t *mkvno, hdb_master_key mkey) +_hdb_find_master_key(uint32_t *mkvno, hdb_master_key mkey) { hdb_master_key ret = NULL; while(mkey) { diff --git a/source4/heimdal/lib/hdb/ndbm.c b/source4/heimdal/lib/hdb/ndbm.c index f4c2497abc..6c72ea78c5 100644 --- a/source4/heimdal/lib/hdb/ndbm.c +++ b/source4/heimdal/lib/hdb/ndbm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c index ebdbcfed46..895b01f9d8 100644 --- a/source4/heimdal/lib/krb5/addr_families.c +++ b/source4/heimdal/lib/krb5/addr_families.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c,v 1.51 2006/04/02 02:17:31 lha Exp $"); +RCSID("$Id: addr_families.c,v 1.52 2006/05/05 09:26:22 lha Exp $"); struct addr_operations { int af; @@ -199,7 +199,7 @@ ipv4_mask_boundary(krb5_context context, const krb5_address *inaddr, unsigned long len, krb5_address *low, krb5_address *high) { unsigned long ia; - u_int32_t l, h, m = 0xffffffff; + uint32_t l, h, m = 0xffffffff; if (len > 32) { krb5_set_error_string(context, "IPv4 prefix too large (%ld)", len); @@ -391,7 +391,7 @@ ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr, unsigned long len, krb5_address *low, krb5_address *high) { struct in6_addr addr, laddr, haddr; - u_int32_t m; + uint32_t m; int i, sub_len; if (len > 128) { diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c index 7907e1ad9c..ba584a04a4 100644 --- a/source4/heimdal/lib/krb5/changepw.c +++ b/source4/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: changepw.c,v 1.55 2005/12/12 12:48:57 lha Exp $"); +RCSID("$Id: changepw.c,v 1.56 2006/05/05 09:26:47 lha Exp $"); static void str2data (krb5_data *d, @@ -271,7 +271,7 @@ process_reply (krb5_context context, krb5_error_code ret; u_char reply[1024 * 3]; ssize_t len; - u_int16_t pkt_len, pkt_ver; + uint16_t pkt_len, pkt_ver; krb5_data ap_rep_data; int save_errno; diff --git a/source4/heimdal/lib/krb5/crc.c b/source4/heimdal/lib/krb5/crc.c index c7cedd8c9e..4cfed75154 100644 --- a/source4/heimdal/lib/krb5/crc.c +++ b/source4/heimdal/lib/krb5/crc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: crc.c,v 1.9 2000/08/03 01:45:14 assar Exp $"); +RCSID("$Id: crc.c,v 1.10 2006/05/05 09:27:09 lha Exp $"); static u_long table[256]; @@ -62,8 +62,8 @@ _krb5_crc_init_table(void) flag = 1; } -u_int32_t -_krb5_crc_update (const char *p, size_t len, u_int32_t res) +uint32_t +_krb5_crc_update (const char *p, size_t len, uint32_t res) { while (len--) res = table[(res ^ *p++) & 0xFF] ^ (res >> 8); diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 3a90995283..2e8160518b 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.134 2006/04/10 08:58:53 lha Exp $"); +RCSID("$Id: crypto.c,v 1.135 2006/05/05 09:27:24 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -602,7 +602,7 @@ AES_string_to_key(krb5_context context, krb5_keyblock *key) { krb5_error_code ret; - u_int32_t iter; + uint32_t iter; struct encryption_type *et; struct key_data kd; @@ -611,7 +611,7 @@ AES_string_to_key(krb5_context context, else if (opaque.length == 4) { unsigned long v; _krb5_get_int(opaque.data, &v, 4); - iter = ((u_int32_t)v); + iter = ((uint32_t)v); } else return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */ @@ -1296,7 +1296,7 @@ CRC32_checksum(krb5_context context, unsigned usage, Checksum *C) { - u_int32_t crc; + uint32_t crc; unsigned char *r = C->checksum.data; _krb5_crc_init_table (); crc = _krb5_crc_update (data, len, 0); @@ -4282,7 +4282,7 @@ _krb5_pk_octetstring2key(krb5_context context, static krb5_error_code krb5_get_keyid(krb5_context context, krb5_keyblock *key, - u_int32_t *keyid) + uint32_t *keyid) { MD5_CTX md5; unsigned char tmp[16]; @@ -4300,7 +4300,7 @@ krb5_crypto_debug(krb5_context context, size_t len, krb5_keyblock *key) { - u_int32_t keyid; + uint32_t keyid; char *kt; krb5_get_keyid(context, key, &keyid); krb5_enctype_to_string(context, key->keytype, &kt); diff --git a/source4/heimdal/lib/krb5/generate_seq_number.c b/source4/heimdal/lib/krb5/generate_seq_number.c index f9e9cded5f..7f79e29858 100644 --- a/source4/heimdal/lib/krb5/generate_seq_number.c +++ b/source4/heimdal/lib/krb5/generate_seq_number.c @@ -33,16 +33,16 @@ #include -RCSID("$Id: generate_seq_number.c,v 1.9 2004/05/25 21:25:22 lha Exp $"); +RCSID("$Id: generate_seq_number.c,v 1.10 2006/05/05 09:28:06 lha Exp $"); krb5_error_code KRB5_LIB_FUNCTION krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, - u_int32_t *seqno) + uint32_t *seqno) { krb5_error_code ret; krb5_keyblock *subkey; - u_int32_t q; + uint32_t q; u_char *p; int i; diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index 489a88a31b..70b6c3e4c3 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c,v 1.92 2006/04/02 01:20:15 lha Exp $"); +RCSID("$Id: init_creds_pw.c,v 1.94 2006/04/24 08:49:08 lha Exp $"); typedef struct krb5_get_init_creds_ctx { krb5_kdc_flags flags; @@ -1150,6 +1150,7 @@ process_pa_data_to_key(krb5_context context, if (pa && ctx->pk_init_ctx) { #ifdef PKINIT ret = _krb5_pk_rd_pa_reply(context, + a->req_body.realm, ctx->pk_init_ctx, etype, hi, diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c index f4372422ac..8f2d9f7f86 100644 --- a/source4/heimdal/lib/krb5/kcm.c +++ b/source4/heimdal/lib/krb5/kcm.c @@ -43,7 +43,7 @@ #include "kcm.h" -RCSID("$Id: kcm.c,v 1.8 2005/09/19 20:23:05 lha Exp $"); +RCSID("$Id: kcm.c,v 1.9 2006/05/05 09:28:48 lha Exp $"); typedef struct krb5_kcmcache { char *name; @@ -53,7 +53,7 @@ typedef struct krb5_kcmcache { #define KCMCACHE(X) ((krb5_kcmcache *)(X)->data.data) #define CACHENAME(X) (KCMCACHE(X)->name) -#define KCMCURSOR(C) (*(u_int32_t *)(C)) +#define KCMCURSOR(C) (*(uint32_t *)(C)) static krb5_error_code try_door(krb5_context context, const krb5_kcmcache *k, @@ -903,7 +903,7 @@ _krb5_kcm_noop(krb5_context context, krb5_error_code _krb5_kcm_chmod(krb5_context context, krb5_ccache id, - u_int16_t mode) + uint16_t mode) { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); @@ -944,8 +944,8 @@ _krb5_kcm_chmod(krb5_context context, krb5_error_code _krb5_kcm_chown(krb5_context context, krb5_ccache id, - u_int32_t uid, - u_int32_t gid) + uint32_t uid, + uint32_t gid) { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); diff --git a/source4/heimdal/lib/krb5/keytab_file.c b/source4/heimdal/lib/krb5/keytab_file.c index f9a76e634a..1b06387339 100644 --- a/source4/heimdal/lib/krb5/keytab_file.c +++ b/source4/heimdal/lib/krb5/keytab_file.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_file.c,v 1.22 2006/04/07 21:57:31 lha Exp $"); +RCSID("$Id: keytab_file.c,v 1.23 2006/05/05 12:36:57 lha Exp $"); #define KRB5_KT_VNO_1 1 #define KRB5_KT_VNO_2 2 @@ -428,7 +428,7 @@ loop: * if it's zero, assume that the 8bit one was right, * otherwise trust the new value */ curpos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR); - if(len + 4 + pos - curpos == 4) { + if(len + 4 + pos - curpos >= 4) { ret = krb5_ret_int32(cursor->sp, &tmp32); if (ret == 0 && tmp32 != 0) { entry->vno = tmp32; diff --git a/source4/heimdal/lib/krb5/keytab_keyfile.c b/source4/heimdal/lib/krb5/keytab_keyfile.c index 32fb48a8a2..d7f8a720e1 100644 --- a/source4/heimdal/lib/krb5/keytab_keyfile.c +++ b/source4/heimdal/lib/krb5/keytab_keyfile.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c,v 1.18 2006/04/02 01:24:52 lha Exp $"); +RCSID("$Id: keytab_keyfile.c,v 1.19 2006/04/24 15:06:57 lha Exp $"); /* afs keyfile operations --------------------------------------- */ @@ -63,8 +63,7 @@ struct akf_data { */ static int -get_cell_and_realm (krb5_context context, - struct akf_data *d) +get_cell_and_realm (krb5_context context, struct akf_data *d) { FILE *f; char buf[BUFSIZ], *cp; @@ -95,6 +94,7 @@ get_cell_and_realm (krb5_context context, if (f != NULL) { if (fgets (buf, sizeof(buf), f) == NULL) { free (d->cell); + d->cell = NULL; fclose (f); krb5_set_error_string (context, "no realm in %s", AFS_SERVERMAGICKRBCONF); @@ -110,6 +110,7 @@ get_cell_and_realm (krb5_context context, d->realm = strdup (buf); if (d->realm == NULL) { free (d->cell); + d->cell = NULL; krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 00126d60ed..17b282f1d8 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -30,11 +30,11 @@ _krb5_cc_allocate ( void _krb5_crc_init_table (void); -u_int32_t +uint32_t _krb5_crc_update ( const char */*p*/, size_t /*len*/, - u_int32_t /*res*/); + uint32_t /*res*/); krb5_error_code _krb5_dh_group_ok ( @@ -120,14 +120,14 @@ krb5_error_code _krb5_kcm_chmod ( krb5_context /*context*/, krb5_ccache /*id*/, - u_int16_t /*mode*/); + uint16_t /*mode*/); krb5_error_code _krb5_kcm_chown ( krb5_context /*context*/, krb5_ccache /*id*/, - u_int32_t /*uid*/, - u_int32_t /*gid*/); + uint32_t /*uid*/, + uint32_t /*gid*/); krb5_error_code _krb5_kcm_get_initial_ticket ( @@ -158,8 +158,8 @@ _krb5_krb_cr_err_reply ( const char */*name*/, const char */*inst*/, const char */*realm*/, - u_int32_t /*time_ws*/, - u_int32_t /*e*/, + uint32_t /*time_ws*/, + uint32_t /*e*/, const char */*e_string*/, krb5_data */*data*/); @@ -171,7 +171,7 @@ _krb5_krb_create_auth_reply ( const char */*prealm*/, int32_t /*time_ws*/, int /*n*/, - u_int32_t /*x_date*/, + uint32_t /*x_date*/, unsigned char /*kvno*/, const krb5_data */*cipher*/, krb5_data */*data*/); @@ -183,10 +183,10 @@ _krb5_krb_create_ciph ( const char */*service*/, const char */*instance*/, const char */*realm*/, - u_int32_t /*life*/, + uint32_t /*life*/, unsigned char /*kvno*/, const krb5_data */*ticket*/, - u_int32_t /*kdc_time*/, + uint32_t /*kdc_time*/, const krb5_keyblock */*key*/, krb5_data */*enc_data*/); @@ -298,6 +298,11 @@ _krb5_parse_moduli_line ( char */*p*/, struct krb5_dh_moduli **/*m*/); +void KRB5_LIB_FUNCTION +_krb5_pk_allow_proxy_certificate ( + struct krb5_pk_identity */*id*/, + int /*boolean*/); + void KRB5_LIB_FUNCTION _krb5_pk_cert_free (struct krb5_pk_cert */*cert*/); @@ -341,6 +346,7 @@ _krb5_pk_octetstring2key ( krb5_error_code KRB5_LIB_FUNCTION _krb5_pk_rd_pa_reply ( krb5_context /*context*/, + const char */*realm*/, void */*c*/, krb5_enctype /*etype*/, const krb5_krbhst_info */*hi*/, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 56f43f6c3d..37293ff982 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -1592,7 +1592,7 @@ krb5_error_code KRB5_LIB_FUNCTION krb5_generate_seq_number ( krb5_context /*context*/, const krb5_keyblock */*key*/, - u_int32_t */*seqno*/); + uint32_t */*seqno*/); krb5_error_code KRB5_LIB_FUNCTION krb5_generate_subkey ( @@ -2802,6 +2802,21 @@ krb5_ret_times ( krb5_storage */*sp*/, krb5_times */*times*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_uint16 ( + krb5_storage */*sp*/, + uint16_t */*value*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_uint32 ( + krb5_storage */*sp*/, + uint32_t */*value*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_uint8 ( + krb5_storage */*sp*/, + uint8_t */*value*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_salttype_to_string ( krb5_context /*context*/, @@ -3087,7 +3102,7 @@ krb5_store_keyblock ( krb5_error_code KRB5_LIB_FUNCTION krb5_store_principal ( krb5_storage */*sp*/, - krb5_principal /*p*/); + krb5_const_principal /*p*/); krb5_error_code KRB5_LIB_FUNCTION krb5_store_string ( @@ -3104,6 +3119,21 @@ krb5_store_times ( krb5_storage */*sp*/, krb5_times /*times*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_uint16 ( + krb5_storage */*sp*/, + uint16_t /*value*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_uint32 ( + krb5_storage */*sp*/, + uint32_t /*value*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_uint8 ( + krb5_storage */*sp*/, + uint8_t /*value*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_string_to_deltat ( const char */*string*/, diff --git a/source4/heimdal/lib/krb5/krb5-v4compat.h b/source4/heimdal/lib/krb5/krb5-v4compat.h index 1d092dcbc9..3e14c5a38f 100644 --- a/source4/heimdal/lib/krb5/krb5-v4compat.h +++ b/source4/heimdal/lib/krb5/krb5-v4compat.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5-v4compat.h,v 1.6 2005/04/23 19:38:16 lha Exp $ */ +/* $Id: krb5-v4compat.h,v 1.7 2006/05/05 09:29:07 lha Exp $ */ #ifndef __KRB5_V4COMPAT_H__ #define __KRB5_V4COMPAT_H__ @@ -119,7 +119,7 @@ struct ktext { unsigned int length; /* Length of the text */ unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ - u_int32_t mbz; /* zero to catch runaway strings */ + uint32_t mbz; /* zero to catch runaway strings */ }; struct credentials { @@ -157,11 +157,11 @@ struct _krb5_krb_auth_data { char *pname; /* Principal's name */ char *pinst; /* His Instance */ char *prealm; /* His Realm */ - u_int32_t checksum; /* Data checksum (opt) */ + uint32_t checksum; /* Data checksum (opt) */ krb5_keyblock session; /* Session Key */ unsigned char life; /* Life of ticket */ - u_int32_t time_sec; /* Time ticket issued */ - u_int32_t address; /* Address in ticket */ + uint32_t time_sec; /* Time ticket issued */ + uint32_t address; /* Address in ticket */ }; time_t _krb5_krb_life_to_time (int, int); diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index 9814817600..32fdd6d383 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.240 2005/11/30 15:20:32 lha Exp $ */ +/* $Id: krb5.h,v 1.241 2006/05/05 09:29:36 lha Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -64,7 +64,7 @@ typedef int32_t krb5_error_code; typedef int krb5_kvno; -typedef u_int32_t krb5_flags; +typedef uint32_t krb5_flags; typedef void *krb5_pointer; typedef const void *krb5_const_pointer; @@ -492,7 +492,7 @@ typedef struct krb5_keytab_entry { krb5_principal principal; krb5_kvno vno; krb5_keyblock keyblock; - u_int32_t timestamp; + uint32_t timestamp; } krb5_keytab_entry; typedef struct krb5_kt_cursor { @@ -536,7 +536,7 @@ typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args; typedef struct krb5_replay_data { krb5_timestamp timestamp; int32_t usec; - u_int32_t seq; + uint32_t seq; } krb5_replay_data; /* flags for krb5_auth_con_setflags */ @@ -569,8 +569,8 @@ typedef struct krb5_auth_context_data { krb5_keyblock *local_subkey; krb5_keyblock *remote_subkey; - u_int32_t local_seqnumber; - u_int32_t remote_seqnumber; + uint32_t local_seqnumber; + uint32_t remote_seqnumber; krb5_authenticator authenticator; diff --git a/source4/heimdal/lib/krb5/krb5_ccapi.h b/source4/heimdal/lib/krb5/krb5_ccapi.h index 29b2ddbecc..d59b589304 100644 --- a/source4/heimdal/lib/krb5/krb5_ccapi.h +++ b/source4/heimdal/lib/krb5/krb5_ccapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_ccapi.h,v 1.2 2006/03/27 04:21:06 lha Exp $ */ +/* $Id: krb5_ccapi.h,v 1.3 2006/05/05 09:29:59 lha Exp $ */ #ifndef KRB5_CCAPI_H #define KRB5_CCAPI_H 1 @@ -84,7 +84,7 @@ enum { }; typedef int32_t cc_int32; -typedef u_int32_t cc_uint32; +typedef uint32_t cc_uint32; typedef struct cc_context_t *cc_context_t; typedef struct cc_ccache_t *cc_ccache_t; typedef struct cc_ccache_iterator_t *cc_ccache_iterator_t; diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index 92dd3271f5..4dcac40c7a 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c index 7e478bf1e0..e6fcb6bbb9 100644 --- a/source4/heimdal/lib/krb5/log.c +++ b/source4/heimdal/lib/krb5/log.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: log.c,v 1.38 2006/04/10 09:41:26 lha Exp $"); +RCSID("$Id: log.c,v 1.39 2006/04/24 15:09:27 lha Exp $"); struct facility { int min; @@ -221,8 +221,10 @@ log_file(const char *timestr, if(f->fd == NULL) return; fprintf(f->fd, "%s %s\n", timestr, msg); - if(f->keep_open == 0) + if(f->keep_open == 0) { fclose(f->fd); + f->fd = NULL; + } } static void diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index fa4fb4699e..7e91946095 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c,v 1.88 2006/04/23 21:30:17 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.98 2006/05/06 13:24:54 lha Exp $"); struct krb5_dh_moduli { char *name; @@ -84,6 +84,7 @@ struct krb5_pk_init_ctx_data { int require_binding; int require_eku; int require_krbtgt_otherName; + int require_hostname_match; }; void KRB5_LIB_FUNCTION @@ -161,6 +162,109 @@ _krb5_pk_create_sign(krb5_context context, return ret; } +static int +cert2epi(hx509_context context, void *ctx, hx509_cert c) +{ + ExternalPrincipalIdentifiers *ids = ctx; + ExternalPrincipalIdentifier id; + hx509_name subject = NULL; + void *p; + int ret; + + memset(&id, 0, sizeof(id)); + + ret = hx509_cert_get_subject(c, &subject); + if (ret) + return ret; + + if (hx509_name_is_null_p(subject) != 0) { + + id.subjectName = calloc(1, sizeof(*id.subjectName)); + if (id.subjectName == NULL) { + hx509_name_free(&subject); + free_ExternalPrincipalIdentifier(&id); + return ENOMEM; + } + + ret = hx509_name_to_der_name(subject, &id.subjectName->data, + &id.subjectName->length); + if (ret) { + hx509_name_free(&subject); + free_ExternalPrincipalIdentifier(&id); + return ret; + } + } + hx509_name_free(&subject); + + + id.issuerAndSerialNumber = calloc(1, sizeof(*id.issuerAndSerialNumber)); + if (id.issuerAndSerialNumber == NULL) { + free_ExternalPrincipalIdentifier(&id); + return ENOMEM; + } + + { + IssuerAndSerialNumber iasn; + hx509_name issuer; + size_t size; + + memset(&iasn, 0, sizeof(iasn)); + + ret = hx509_cert_get_issuer(c, &issuer); + if (ret) { + free_ExternalPrincipalIdentifier(&id); + return ret; + } + + ret = hx509_name_to_Name(issuer, &iasn.issuer); + hx509_name_free(&issuer); + if (ret) { + free_ExternalPrincipalIdentifier(&id); + return ret; + } + + ret = hx509_cert_get_serialnumber(c, &iasn.serialNumber); + if (ret) { + free_IssuerAndSerialNumber(&iasn); + free_ExternalPrincipalIdentifier(&id); + return ret; + } + + ASN1_MALLOC_ENCODE(IssuerAndSerialNumber, + id.issuerAndSerialNumber->data, + id.issuerAndSerialNumber->length, + &iasn, &size, ret); + free_IssuerAndSerialNumber(&iasn); + if (ret) + return ret; + if (id.issuerAndSerialNumber->length != size) + abort(); + } + + id.subjectKeyIdentifier = NULL; + + p = realloc(ids->val, sizeof(ids->val[0]) * (ids->len + 1)); + if (p == NULL) { + free_ExternalPrincipalIdentifier(&id); + return ENOMEM; + } + + ids->val = p; + ids->val[ids->len] = id; + ids->len++; + + return 0; +} + +static krb5_error_code +build_edi(krb5_context context, + hx509_context hx509ctx, + hx509_certs certs, + ExternalPrincipalIdentifiers *ids) +{ + return hx509_certs_iter(hx509ctx, certs, cert2epi, ids); +} + static krb5_error_code build_auth_pack(krb5_context context, unsigned nonce, @@ -446,8 +550,19 @@ pk_mk_padata(krb5_context context, memset(&req, 0, sizeof(req)); req.signedAuthPack = buf; - /* XXX tell the kdc what CAs the client is willing to accept */ - req.trustedCertifiers = NULL; + req.trustedCertifiers = calloc(1, sizeof(*req.trustedCertifiers)); + if (req.trustedCertifiers == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + free_PA_PK_AS_REQ(&req); + goto out; + } + ret = build_edi(context, ctx->id->hx509ctx, + ctx->id->anchors, req.trustedCertifiers); + if (ret) { + krb5_set_error_string(context, "pk-init: failed to build trustedCertifiers"); + free_PA_PK_AS_REQ(&req); + goto out; + } req.kdcPkId = NULL; ASN1_MALLOC_ENCODE(PA_PK_AS_REQ, buf.data, buf.length, @@ -524,6 +639,13 @@ _krb5_pk_mk_padata(krb5_context context, "pkinit_require_krbtgt_otherName", NULL); + ctx->require_hostname_match = + krb5_config_get_bool_default(context, NULL, + FALSE, + "realms", + req_body->realm, + "pkinit_require_hostname_match", + NULL); return pk_mk_padata(context, type, ctx, req_body, nonce, md); } @@ -710,6 +832,8 @@ get_reply_key(krb5_context context, static krb5_error_code pk_verify_host(krb5_context context, + const char *realm, + const krb5_krbhst_info *hi, struct krb5_pk_init_ctx_data *ctx, struct krb5_pk_cert *host) { @@ -719,13 +843,12 @@ pk_verify_host(krb5_context context, ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert, oid_id_pkkdcekuoid(), 0); if (ret) { - krb5_clear_error_string(context); + krb5_set_error_string(context, "No PK-INIT KDC EKU in kdc certificate"); return ret; } } if (ctx->require_krbtgt_otherName) { hx509_octet_string_list list; - krb5_error_code ret; int i; ret = hx509_cert_find_subjectAltName_otherName(host->cert, @@ -738,6 +861,7 @@ pk_verify_host(krb5_context context, for (i = 0; i < list.len; i++) { KRB5PrincipalName r; + ret = decode_KRB5PrincipalName(list.val[i].data, list.val[i].length, &r, @@ -747,13 +871,15 @@ pk_verify_host(krb5_context context, break; } -#if 0 - if (r.principalName.name.len != 2) { - krb5_clear_error_string(context); + if (r.principalName.name_string.len != 2 || + strcmp(r.principalName.name_string.val[0], KRB5_TGS_NAME) != 0 || + strcmp(r.principalName.name_string.val[1], realm) != 0 || + strcmp(r.realm, realm) != 0) + { + krb5_set_error_string(context, "KDC have wrong realm name in " + "the certificate"); ret = EINVAL; } -#endif - /* XXX verify realm */ free_KRB5PrincipalName(&r); if (ret) @@ -761,14 +887,26 @@ pk_verify_host(krb5_context context, } hx509_free_octet_string_list(&list); } + if (ret) + return ret; + + if (hi) { + ret = hx509_verify_hostname(ctx->id->hx509ctx, host->cert, + ctx->require_hostname_match, + hi->hostname, + hi->ai->ai_addr, hi->ai->ai_addrlen); + if (ret) + krb5_set_error_string(context, "Address mismatch in the KDC certificate"); + } return ret; } static krb5_error_code pk_rd_pa_reply_enckey(krb5_context context, int type, - ContentInfo *rep, + const ContentInfo *rep, + const char *realm, krb5_pk_init_ctx ctx, krb5_enctype etype, const krb5_krbhst_info *hi, @@ -846,7 +984,7 @@ pk_rd_pa_reply_enckey(krb5_context context, goto out; /* make sure that it is the kdc's certificate */ - ret = pk_verify_host(context, ctx, host); + ret = pk_verify_host(context, realm, hi, ctx, host); if (ret) { krb5_set_error_string(context, "PKINIT: failed verify host: %d", ret); goto out; @@ -894,7 +1032,8 @@ pk_rd_pa_reply_enckey(krb5_context context, static krb5_error_code pk_rd_pa_reply_dh(krb5_context context, - ContentInfo *rep, + const ContentInfo *rep, + const char *realm, krb5_pk_init_ctx ctx, krb5_enctype etype, const krb5_krbhst_info *hi, @@ -938,7 +1077,7 @@ pk_rd_pa_reply_dh(krb5_context context, goto out; /* make sure that it is the kdc's certificate */ - ret = pk_verify_host(context, ctx, host); + ret = pk_verify_host(context, realm, hi, ctx, host); if (ret) goto out; @@ -1066,6 +1205,7 @@ pk_rd_pa_reply_dh(krb5_context context, krb5_error_code KRB5_LIB_FUNCTION _krb5_pk_rd_pa_reply(krb5_context context, + const char *realm, void *c, krb5_enctype etype, const krb5_krbhst_info *hi, @@ -1106,7 +1246,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, free_PA_PK_AS_REP(&rep); break; } - ret = pk_rd_pa_reply_dh(context, &ci, ctx, etype, hi, + ret = pk_rd_pa_reply_dh(context, &ci, realm, ctx, etype, hi, ctx->clientDHNonce, rep.u.dhInfo.serverDHNonce, nonce, pa, key); @@ -1126,7 +1266,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, "ContentInfo: %d", ret); break; } - ret = pk_rd_pa_reply_enckey(context, COMPAT_IETF, &ci, ctx, + ret = pk_rd_pa_reply_enckey(context, COMPAT_IETF, &ci, realm, ctx, etype, hi, nonce, req_buffer, pa, key); free_ContentInfo(&ci); return ret; @@ -1173,7 +1313,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, ret); return ret; } - ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &ci, ctx, + ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &ci, realm, ctx, etype, hi, nonce, req_buffer, pa, key); free_ContentInfo(&ci); break; @@ -1204,8 +1344,8 @@ hx_pass_prompter(void *data, const hx509_prompt *prompter) krb5_data password_data; struct prompter *p = data; - password_data.data = prompter->reply->data; - password_data.length = prompter->reply->length; + password_data.data = prompter->reply.data; + password_data.length = prompter->reply.length; prompt.prompt = "Enter your private key passphrase: "; prompt.hidden = 1; prompt.reply = &password_data; @@ -1216,12 +1356,21 @@ hx_pass_prompter(void *data, const hx509_prompt *prompter) ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt); if (ret) { - memset (prompter->reply->data, 0, prompter->reply->length); + memset (prompter->reply.data, 0, prompter->reply.length); return 0; } - return strlen(prompter->reply->data); + return strlen(prompter->reply.data); +} + + +void KRB5_LIB_FUNCTION +_krb5_pk_allow_proxy_certificate(struct krb5_pk_identity *id, + int boolean) +{ + hx509_verify_set_proxy_certificate(id->verify_ctx, boolean); } + krb5_error_code KRB5_LIB_FUNCTION _krb5_pk_load_id(krb5_context context, struct krb5_pk_identity **ret_id, @@ -1715,7 +1864,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, } if (DH_generate_key(opt->opt_private->pk_init_ctx->dh) != 1) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_string(context, "pkinit: failed to generate DH key"); _krb5_get_init_creds_opt_free_pkinit(opt); return ENOMEM; } diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index 34086b1fbe..f6e3847cce 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -41,7 +41,7 @@ #include #include "resolve.h" -RCSID("$Id: principal.c,v 1.94 2006/04/10 10:10:01 lha Exp $"); +RCSID("$Id: principal.c,v 1.95 2006/04/24 15:16:14 lha Exp $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) @@ -829,7 +829,6 @@ krb5_425_conv_principal_ext2(krb5_context context, if (r) { if (r->head && r->head->type == T_AAAA) { inst = strdup(r->head->domain); - dns_free_data(r); passed = TRUE; } dns_free_data(r); diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c index 4a567bb379..a6f4a011a1 100644 --- a/source4/heimdal/lib/krb5/store.c +++ b/source4/heimdal/lib/krb5/store.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store.c,v 1.51 2006/04/07 22:23:20 lha Exp $"); +RCSID("$Id: store.c,v 1.58 2006/05/05 07:15:18 lha Exp $"); #define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V)) #define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE) @@ -181,6 +181,13 @@ krb5_store_int32(krb5_storage *sp, return krb5_store_int(sp, value, 4); } +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_uint32(krb5_storage *sp, + uint32_t value) +{ + return krb5_store_int32(sp, (int32_t)value); +} + static krb5_error_code krb5_ret_int(krb5_storage *sp, int32_t *value, @@ -211,6 +218,20 @@ krb5_ret_int32(krb5_storage *sp, return 0; } +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_uint32(krb5_storage *sp, + uint32_t *value) +{ + krb5_error_code ret; + int32_t v; + + ret = krb5_ret_int32(sp, &v); + if (ret == 0) + *value = (uint32_t)v; + + return ret; +} + krb5_error_code KRB5_LIB_FUNCTION krb5_store_int16(krb5_storage *sp, int16_t value) @@ -222,6 +243,13 @@ krb5_store_int16(krb5_storage *sp, return krb5_store_int(sp, value, 2); } +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_uint16(krb5_storage *sp, + uint16_t value) +{ + return krb5_store_int16(sp, (int16_t)value); +} + krb5_error_code KRB5_LIB_FUNCTION krb5_ret_int16(krb5_storage *sp, int16_t *value) @@ -239,6 +267,20 @@ krb5_ret_int16(krb5_storage *sp, return 0; } +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_uint16(krb5_storage *sp, + uint16_t *value) +{ + krb5_error_code ret; + int16_t v; + + ret = krb5_ret_int16(sp, &v); + if (ret == 0) + *value = (uint16_t)v; + + return ret; +} + krb5_error_code KRB5_LIB_FUNCTION krb5_store_int8(krb5_storage *sp, int8_t value) @@ -251,6 +293,13 @@ krb5_store_int8(krb5_storage *sp, return 0; } +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_uint8(krb5_storage *sp, + uint8_t value) +{ + return krb5_store_int8(sp, (int8_t)value); +} + krb5_error_code KRB5_LIB_FUNCTION krb5_ret_int8(krb5_storage *sp, int8_t *value) @@ -263,6 +312,20 @@ krb5_ret_int8(krb5_storage *sp, return 0; } +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_uint8(krb5_storage *sp, + uint8_t *value) +{ + krb5_error_code ret; + int8_t v; + + ret = krb5_ret_int8(sp, &v); + if (ret == 0) + *value = (uint8_t)v; + + return ret; +} + krb5_error_code KRB5_LIB_FUNCTION krb5_store_data(krb5_storage *sp, krb5_data data) @@ -380,19 +443,19 @@ krb5_ret_stringz(krb5_storage *sp, krb5_error_code KRB5_LIB_FUNCTION krb5_store_principal(krb5_storage *sp, - krb5_principal p) + krb5_const_principal p) { int i; int ret; if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) { - ret = krb5_store_int32(sp, p->name.name_type); - if(ret) return ret; + ret = krb5_store_int32(sp, p->name.name_type); + if(ret) return ret; } if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) ret = krb5_store_int32(sp, p->name.name_string.len + 1); else - ret = krb5_store_int32(sp, p->name.name_string.len); + ret = krb5_store_int32(sp, p->name.name_string.len); if(ret) return ret; ret = krb5_store_string(sp, p->realm); @@ -710,7 +773,7 @@ krb5_ret_creds(krb5_storage *sp, krb5_creds *creds) * format. */ { - u_int32_t mask = 0xffff0000; + uint32_t mask = 0xffff0000; creds->flags.i = 0; creds->flags.b.anonymous = 1; if (creds->flags.i & mask) @@ -865,7 +928,7 @@ krb5_ret_creds_tag(krb5_storage *sp, * format. */ { - u_int32_t mask = 0xffff0000; + uint32_t mask = 0xffff0000; creds->flags.i = 0; creds->flags.b.anonymous = 1; if (creds->flags.i & mask) diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c index dd294c8943..b1e12674dc 100644 --- a/source4/heimdal/lib/krb5/v4_glue.c +++ b/source4/heimdal/lib/krb5/v4_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: v4_glue.c,v 1.3 2006/04/02 01:39:54 lha Exp $"); +RCSID("$Id: v4_glue.c,v 1.5 2006/05/05 09:31:00 lha Exp $"); #include "krb5-v4compat.h" @@ -463,10 +463,10 @@ _krb5_krb_create_ciph(krb5_context context, const char *service, const char *instance, const char *realm, - u_int32_t life, + uint32_t life, unsigned char kvno, const krb5_data *ticket, - u_int32_t kdc_time, + uint32_t kdc_time, const krb5_keyblock *key, krb5_data *enc_data) { @@ -523,7 +523,7 @@ _krb5_krb_create_auth_reply(krb5_context context, const char *prealm, int32_t time_ws, int n, - u_int32_t x_date, + uint32_t x_date, unsigned char kvno, const krb5_data *cipher, krb5_data *data) @@ -573,8 +573,8 @@ _krb5_krb_cr_err_reply(krb5_context context, const char *name, const char *inst, const char *realm, - u_int32_t time_ws, - u_int32_t e, + uint32_t time_ws, + uint32_t e, const char *e_string, krb5_data *data) { @@ -668,7 +668,7 @@ _krb5_krb_decomp_ticket(krb5_context context, RCHECK(ret, get_v4_stringz(sp, &ad->pname, ANAME_SZ), error); RCHECK(ret, get_v4_stringz(sp, &ad->pinst, INST_SZ), error); RCHECK(ret, get_v4_stringz(sp, &ad->prealm, REALM_SZ), error); - RCHECK(ret, krb5_ret_int32(sp, &ad->address), error); + RCHECK(ret, krb5_ret_uint32(sp, &ad->address), error); size = krb5_storage_read(sp, des_key, sizeof(des_key)); if (size != sizeof(des_key)) { @@ -676,14 +676,14 @@ _krb5_krb_decomp_ticket(krb5_context context, goto error; } - RCHECK(ret, krb5_ret_int8(sp, &ad->life), error); + RCHECK(ret, krb5_ret_uint8(sp, &ad->life), error); if (ad->k_flags & 1) krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE); else krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); - RCHECK(ret, krb5_ret_int32(sp, &ad->time_sec), error); + RCHECK(ret, krb5_ret_uint32(sp, &ad->time_sec), error); RCHECK(ret, get_v4_stringz(sp, sname, ANAME_SZ), error); RCHECK(ret, get_v4_stringz(sp, sinstance, INST_SZ), error); @@ -744,9 +744,9 @@ _krb5_krb_rd_req(krb5_context context, int8_t pvno; int8_t type; int8_t s_kvno; - u_int8_t ticket_length; - u_int8_t eaut_length; - u_int8_t time_5ms; + uint8_t ticket_length; + uint8_t eaut_length; + uint8_t time_5ms; char *realm = NULL; char *sname = NULL; char *sinstance = NULL; @@ -754,7 +754,7 @@ _krb5_krb_rd_req(krb5_context context, char *r_name = NULL; char *r_instance = NULL; - u_int32_t r_time_sec; /* Coarse time from authenticator */ + uint32_t r_time_sec; /* Coarse time from authenticator */ unsigned long delta_t; /* Time in authenticator - local time */ long tkt_age; /* Age of ticket */ @@ -795,8 +795,8 @@ _krb5_krb_rd_req(krb5_context context, RCHECK(ret, krb5_ret_int8(sp, &s_kvno), error); RCHECK(ret, get_v4_stringz(sp, &realm, REALM_SZ), error); - RCHECK(ret, krb5_ret_int8(sp, &ticket_length), error); - RCHECK(ret, krb5_ret_int8(sp, &eaut_length), error); + RCHECK(ret, krb5_ret_uint8(sp, &ticket_length), error); + RCHECK(ret, krb5_ret_uint8(sp, &eaut_length), error); RCHECK(ret, krb5_data_alloc(&ticket, ticket_length), error); size = krb5_storage_read(sp, ticket.data, ticket.length); @@ -842,9 +842,9 @@ _krb5_krb_rd_req(krb5_context context, RCHECK(ret, get_v4_stringz(sp, &r_instance, INST_SZ), error); RCHECK(ret, get_v4_stringz(sp, &r_realm, REALM_SZ), error); - RCHECK(ret, krb5_ret_int32(sp, &ad->checksum), error); - RCHECK(ret, krb5_ret_int8(sp, &time_5ms), error); - RCHECK(ret, krb5_ret_int32(sp, &r_time_sec), error); + RCHECK(ret, krb5_ret_uint32(sp, &ad->checksum), error); + RCHECK(ret, krb5_ret_uint8(sp, &time_5ms), error); + RCHECK(ret, krb5_ret_uint32(sp, &r_time_sec), error); if (strcmp(ad->pname, r_name) != 0 || strcmp(ad->pinst, r_instance) != 0 || @@ -853,7 +853,7 @@ _krb5_krb_rd_req(krb5_context context, goto error; } - if (from_addr && from_addr == ad->address) { + if (from_addr && from_addr != ad->address) { ret = EINVAL; /* RD_AP_BADD */ goto error; } -- cgit From 1ec7132b3058fb9d20ac188ea1840db2b068bea1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 7 May 2006 09:28:49 +0000 Subject: r15484: Make accept_security_context() more compatible with how Samba3 (and similarly built clients) behave. This is better than just ignoring the checksum, if it isn't the GSSAPI checksum. (Samba4 clients in Samba3 mode use more than just the MD5 checksum, and will use a signed AES checksum if available. Actual samba3 may well do the same in future, against a suitable KDC). Also a change for easier debugging of checksum issues. Andrew Bartlett (This used to be commit 120374f5f9e9af0653a26e0308e4bfdabbcaa3f3) --- source4/heimdal/lib/gssapi/8003.c | 8 +--- source4/heimdal/lib/gssapi/accept_sec_context.c | 51 ++++++++++++++++++++----- source4/heimdal/lib/krb5/crypto.c | 3 +- 3 files changed, 46 insertions(+), 16 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/8003.c b/source4/heimdal/lib/gssapi/8003.c index ad580811a5..73ecc90ea8 100644 --- a/source4/heimdal/lib/gssapi/8003.c +++ b/source4/heimdal/lib/gssapi/8003.c @@ -185,13 +185,9 @@ gssapi_krb5_verify_8003_checksum( return GSS_S_BAD_BINDINGS; } - /* This is the case where Samba3 has built GSSAPI out of - * krb5 the 'dodgy' way. We have to accept the non-GSSAPI - * checksum because windows does */ - if(cksum->cksumtype != CKSUMTYPE_GSSAPI) { - *flags = 0; - return GSS_S_COMPLETE; + *minor_status = 0; + return GSS_S_BAD_BINDINGS; } /* XXX should handle checksums > 24 bytes */ diff --git a/source4/heimdal/lib/gssapi/accept_sec_context.c b/source4/heimdal/lib/gssapi/accept_sec_context.c index 9ca60a6cdd..afca449c5c 100644 --- a/source4/heimdal/lib/gssapi/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/accept_sec_context.c @@ -371,15 +371,48 @@ gsskrb5_acceptor_start return ret; } - ret = gssapi_krb5_verify_8003_checksum(minor_status, - input_chan_bindings, - authenticator->cksum, - &flags, - &(*context_handle)->fwd_data); - krb5_free_authenticator(gssapi_krb5_context, &authenticator); - if (ret) { - return ret; - } + if (authenticator->cksum->cksumtype == CKSUMTYPE_GSSAPI) { + ret = gssapi_krb5_verify_8003_checksum(minor_status, + input_chan_bindings, + authenticator->cksum, + &flags, + &(*context_handle)->fwd_data); + + krb5_free_authenticator(gssapi_krb5_context, &authenticator); + if (ret) { + return ret; + } + } else { + krb5_crypto crypto; + + kret = krb5_crypto_init(gssapi_krb5_context, + (*context_handle)->auth_context->keyblock, + 0, &crypto); + if(kret) { + krb5_free_authenticator(gssapi_krb5_context, &authenticator); + + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + return ret; + } + + /* Windows accepts Samba3's use of a kerberos, + rather than GSSAPI checksum here */ + kret = krb5_verify_checksum(gssapi_krb5_context, + crypto, KRB5_KU_AP_REQ_AUTH_CKSUM, NULL, 0, + authenticator->cksum); + krb5_free_authenticator(gssapi_krb5_context, &authenticator); + + if(kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + return ret; + } + + flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; + } } if(flags & GSS_C_MUTUAL_FLAG) { diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 2e8160518b..1a37ec538b 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -2042,7 +2042,8 @@ verify_checksum(krb5_context context, } keyed_checksum = (ct->flags & F_KEYED) != 0; if(keyed_checksum && crypto == NULL) { - krb5_clear_error_string (context); + krb5_set_error_string (context, "checksum type %s is keyed, and requires a crypto context", + ct->name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } if(keyed_checksum) -- cgit From e9237f96eff562071b9cda2b7a4ea372af54abc9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 7 May 2006 15:02:27 +0000 Subject: r15491: Always initialise is_cfx (found by Valgrind) Always remember to free the crypto context (found by Luke Howard) (This used to be commit 4b44355d42592f4acaae459c6ae09dd928f083b7) --- source4/heimdal/lib/gssapi/accept_sec_context.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/accept_sec_context.c b/source4/heimdal/lib/gssapi/accept_sec_context.c index afca449c5c..50d150e57c 100644 --- a/source4/heimdal/lib/gssapi/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/accept_sec_context.c @@ -77,6 +77,7 @@ gsskrb5_is_cfx(gss_ctx_id_t context_handle, int *is_cfx) { krb5_keyblock *key; int acceptor = (context_handle->more_flags & LOCAL) == 0; + *is_cfx = 0; if (acceptor) { if (context_handle->auth_context->local_subkey) @@ -403,9 +404,10 @@ gsskrb5_acceptor_start crypto, KRB5_KU_AP_REQ_AUTH_CKSUM, NULL, 0, authenticator->cksum); krb5_free_authenticator(gssapi_krb5_context, &authenticator); + krb5_crypto_destroy(gssapi_krb5_context, crypto); if(kret) { - ret = GSS_S_FAILURE; + ret = GSS_S_BAD_SIG; *minor_status = kret; gssapi_krb5_set_error_string (); return ret; -- cgit From bfff6b0e640b3b3456ec1d9d26da0bd80a08585f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 8 May 2006 23:30:40 +0000 Subject: r15515: Syncronsise with current lorikeet-heimdal. Andrew Bartlett (This used to be commit 0132312124260f74001546a34ff96db89d72b7f6) --- source4/heimdal/lib/des/rsa.h | 4 +- source4/heimdal/lib/gssapi/8003.c | 9 +- source4/heimdal/lib/gssapi/get_mic.c | 4 +- source4/heimdal/lib/krb5/crypto.c | 154 ++--------------------------------- source4/heimdal/lib/krb5/pkinit.c | 32 ++------ 5 files changed, 21 insertions(+), 182 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/des/rsa.h b/source4/heimdal/lib/des/rsa.h index ea1dba27d8..137dd9894b 100644 --- a/source4/heimdal/lib/des/rsa.h +++ b/source4/heimdal/lib/des/rsa.h @@ -32,7 +32,7 @@ */ /* - * $Id: rsa.h,v 1.4 2006/04/16 19:38:23 lha Exp $ + * $Id: rsa.h,v 1.5 2006/05/07 11:34:02 lha Exp $ */ #ifndef _HEIM_RSA_H @@ -40,6 +40,7 @@ /* symbol renaming */ #define RSA_null_method hc_RSA_null_method +#define RSA_imath_method hc_RSA_imath_method #define RSA_new hc_RSA_new #define RSA_new_method hc_RSA_new_method #define RSA_free hc_RSA_free @@ -128,6 +129,7 @@ struct RSA { */ const RSA_METHOD *RSA_null_method(void); +const RSA_METHOD *RSA_imath_method(void); /* * diff --git a/source4/heimdal/lib/gssapi/8003.c b/source4/heimdal/lib/gssapi/8003.c index 73ecc90ea8..359bb6e715 100644 --- a/source4/heimdal/lib/gssapi/8003.c +++ b/source4/heimdal/lib/gssapi/8003.c @@ -184,14 +184,9 @@ gssapi_krb5_verify_8003_checksum( *minor_status = 0; return GSS_S_BAD_BINDINGS; } - - if(cksum->cksumtype != CKSUMTYPE_GSSAPI) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - + /* XXX should handle checksums > 24 bytes */ - if(cksum->checksum.length < 24) { + if(cksum->cksumtype != CKSUMTYPE_GSSAPI || cksum->checksum.length < 24) { *minor_status = 0; return GSS_S_BAD_BINDINGS; } diff --git a/source4/heimdal/lib/gssapi/get_mic.c b/source4/heimdal/lib/gssapi/get_mic.c index fc9e9aa1a9..76f69cf41c 100644 --- a/source4/heimdal/lib/gssapi/get_mic.c +++ b/source4/heimdal/lib/gssapi/get_mic.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: get_mic.c,v 1.30 2006/04/02 02:12:52 lha Exp $"); +RCSID("$Id: get_mic.c,v 1.31 2006/05/08 09:55:37 lha Exp $"); static OM_uint32 mic_des @@ -172,6 +172,8 @@ mic_des3 tmp = malloc (message_buffer->length + 8); if (tmp == NULL) { free (message_token->value); + message_token->value = NULL; + message_token->length = 0; *minor_status = ENOMEM; return GSS_S_FAILURE; } diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 1a37ec538b..876cbb5192 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.135 2006/05/05 09:27:24 lha Exp $"); +RCSID("$Id: crypto.c,v 1.138 2006/05/08 13:47:24 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -70,7 +70,6 @@ struct krb5_crypto_data { #define F_PSEUDO 16 /* not a real protocol type */ #define F_SPECIAL 32 /* backwards */ #define F_DISABLED 64 /* enctype/checksum disabled */ -#define F_PADCMS 128 /* padding done like in CMS */ struct salt_type { krb5_salttype type; @@ -1957,7 +1956,9 @@ create_checksum (krb5_context context, } keyed_checksum = (ct->flags & F_KEYED) != 0; if(keyed_checksum && crypto == NULL) { - krb5_clear_error_string (context); + krb5_set_error_string (context, "Checksum type %s is keyed " + "but no crypto context (key) was passed in", + ct->name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } if(keyed_checksum) { @@ -2042,7 +2043,8 @@ verify_checksum(krb5_context context, } keyed_checksum = (ct->flags & F_KEYED) != 0; if(keyed_checksum && crypto == NULL) { - krb5_set_error_string (context, "checksum type %s is keyed, and requires a crypto context", + krb5_set_error_string (context, "Checksum type %s is keyed " + "but no crypto context (key) was passed in", ct->name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } @@ -2391,55 +2393,6 @@ AES_CTS_encrypt(krb5_context context, return 0; } -static krb5_error_code -AES_CBC_encrypt(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encryptp, - int usage, - void *ivec) -{ - struct krb5_aes_schedule *aeskey = key->schedule->data; - char local_ivec[AES_BLOCK_SIZE]; - AES_KEY *k; - - if (encryptp) - k = &aeskey->ekey; - else - k = &aeskey->dkey; - - if(ivec == NULL) { - ivec = &local_ivec; - memset(local_ivec, 0, sizeof(local_ivec)); - } - AES_cbc_encrypt(data, data, len, k, ivec, encryptp); - return 0; -} - -/* - * RC2 - */ - -static krb5_error_code -RC2_CBC_encrypt(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encryptp, - int usage, - void *ivec) -{ - unsigned char local_ivec[8]; - RC2_KEY *s = key->schedule->data; - if(ivec == NULL) { - ivec = &local_ivec; - memset(local_ivec, 0, sizeof(local_ivec)); - } - RC2_cbc_encrypt(data, data, len, s, ivec, encryptp); - return 0; -} - /* * section 6 of draft-brezak-win2k-krb-rc4-hmac-03 * @@ -2764,51 +2717,6 @@ static struct encryption_type enctype_aes256_cts_hmac_sha1 = { F_DERIVED, AES_CTS_encrypt, }; -static unsigned aes_128_cbc_num[] = { 2, 16, 840, 1, 101, 3, 4, 1, 2 }; -static heim_oid aes_128_cbc_oid = kcrypto_oid_enc(aes_128_cbc_num); -static struct encryption_type enctype_aes128_cbc_none = { - ETYPE_AES128_CBC_NONE, - "aes128-cbc-none", - &aes_128_cbc_oid, - 16, - 16, - 16, - &keytype_aes128, - &checksum_none, - NULL, - F_PSEUDO|F_PADCMS, - AES_CBC_encrypt, -}; -static unsigned aes_192_cbc_num[] = { 2, 16, 840, 1, 101, 3, 4, 1, 22 }; -static heim_oid aes_192_cbc_oid = kcrypto_oid_enc(aes_192_cbc_num); -static struct encryption_type enctype_aes192_cbc_none = { - ETYPE_AES192_CBC_NONE, - "aes192-cbc-none", - &aes_192_cbc_oid, - 16, - 16, - 16, - &keytype_aes192, - &checksum_none, - NULL, - F_PSEUDO|F_PADCMS, - AES_CBC_encrypt, -}; -static unsigned aes_256_cbc_num[] = { 2, 16, 840, 1, 101, 3, 4, 1, 42 }; -static heim_oid aes_256_cbc_oid = kcrypto_oid_enc(aes_256_cbc_num); -static struct encryption_type enctype_aes256_cbc_none = { - ETYPE_AES256_CBC_NONE, - "aes256-cbc-none", - &aes_256_cbc_oid, - 16, - 16, - 16, - &keytype_aes256, - &checksum_none, - NULL, - F_PSEUDO|F_PADCMS, - AES_CBC_encrypt, -}; static struct encryption_type enctype_des_cbc_none = { ETYPE_DES_CBC_NONE, "des-cbc-none", @@ -2848,21 +2756,6 @@ static struct encryption_type enctype_des_pcbc_none = { F_PSEUDO, DES_PCBC_encrypt_key_ivec, }; -static unsigned des_ede3_cbc_num[] = { 1, 2, 840, 113549, 3, 7 }; -static heim_oid des_ede3_cbc_oid = kcrypto_oid_enc(des_ede3_cbc_num); -static struct encryption_type enctype_des3_cbc_none_cms = { - ETYPE_DES3_CBC_NONE_CMS, - "des3-cbc-none-cms", - &des_ede3_cbc_oid, - 8, - 8, - 0, - &keytype_des3_derived, - &checksum_none, - NULL, - F_PSEUDO|F_PADCMS, - DES3_CBC_encrypt, -}; static struct encryption_type enctype_des3_cbc_none = { ETYPE_DES3_CBC_NONE, "des3-cbc-none", @@ -2876,21 +2769,6 @@ static struct encryption_type enctype_des3_cbc_none = { F_PSEUDO, DES3_CBC_encrypt, }; -static unsigned rc2CBC_num[] = { 1, 2, 840, 113549, 3, 2 }; -static heim_oid rc2CBC_oid = kcrypto_oid_enc(rc2CBC_num); -static struct encryption_type enctype_rc2_cbc_none = { - ETYPE_RC2_CBC_NONE, - "rc2-cbc-none", - &rc2CBC_oid, - 8, - 8, - 0, - &keytype_rc2, - &checksum_none, - NULL, - F_PSEUDO|F_PADCMS, - RC2_CBC_encrypt, -}; static struct encryption_type *etypes[] = { &enctype_null, @@ -2903,15 +2781,10 @@ static struct encryption_type *etypes[] = { &enctype_old_des3_cbc_sha1, &enctype_aes128_cts_hmac_sha1, &enctype_aes256_cts_hmac_sha1, - &enctype_aes128_cbc_none, - &enctype_aes192_cbc_none, - &enctype_aes256_cbc_none, &enctype_des_cbc_none, &enctype_des_cfb64_none, &enctype_des_pcbc_none, - &enctype_des3_cbc_none, - &enctype_des3_cbc_none_cms, - &enctype_rc2_cbc_none + &enctype_des3_cbc_none }; static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]); @@ -3234,7 +3107,7 @@ encrypt_internal(krb5_context context, krb5_data *result, void *ivec) { - size_t sz, block_sz, checksum_sz, padsize = 0; + size_t sz, block_sz, checksum_sz; Checksum cksum; unsigned char *p, *q; krb5_error_code ret; @@ -3244,11 +3117,6 @@ encrypt_internal(krb5_context context, sz = et->confoundersize + checksum_sz + len; block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ - if ((et->flags & F_PADCMS) && et->padsize != 1) { - padsize = et->padsize - (sz % et->padsize); - if (padsize == et->padsize) - block_sz += et->padsize; - } p = calloc(1, block_sz); if(p == NULL) { krb5_set_error_string(context, "malloc: out of memory"); @@ -3281,12 +3149,6 @@ encrypt_internal(krb5_context context, ret = _key_schedule(context, &crypto->key, crypto->params); if(ret) goto fail; - if (et->flags & F_PADCMS) { - int i; - q = p + len + checksum_sz + et->confoundersize; - for (i = 0; i < padsize; i++) - q[i] = padsize; - } #ifdef CRYPTO_DEBUG krb5_crypto_debug(context, 1, block_sz, crypto->key.key); #endif diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 7e91946095..00f7b4ebd9 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c,v 1.98 2006/05/06 13:24:54 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.99 2006/05/07 12:32:38 lha Exp $"); struct krb5_dh_moduli { char *name; @@ -682,32 +682,10 @@ _krb5_pk_verify_sign(krb5_context context, goto out; } - /* XXX */ - { - hx509_cursor cursor; - - ret = hx509_certs_start_seq(id->hx509ctx, - signer_certs, - &cursor); - if (ret) { - krb5_clear_error_string(context); - goto out; - } - ret = hx509_certs_next_cert(id->hx509ctx, - signer_certs, - cursor, - &(*signer)->cert); - if (ret) { - krb5_clear_error_string(context); - goto out; - } - ret = hx509_certs_end_seq(id->hx509ctx, - signer_certs, - cursor); - if (ret) { - krb5_clear_error_string(context); - goto out; - } + ret = hx509_get_one_cert(id->hx509ctx, signer_certs, &(*signer)->cert); + if (ret) { + krb5_clear_error_string(context); + goto out; } out: -- cgit From 0a1a19d9d95b5adbe6c3dd3ed689ce7e3b43ab12 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 May 2006 05:57:43 +0000 Subject: r15953: our timegm() replacement still doesn't work, so grab the one from Heimdal which does work. This should fix most of the rest of the failures on solaris (This used to be commit acfaa98b5ea686feb81350baf09b3f4480f96edc) --- source4/heimdal/lib/asn1/timegm.c | 71 --------------------------------------- 1 file changed, 71 deletions(-) delete mode 100644 source4/heimdal/lib/asn1/timegm.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/timegm.c b/source4/heimdal/lib/asn1/timegm.c deleted file mode 100644 index bdc997fa44..0000000000 --- a/source4/heimdal/lib/asn1/timegm.c +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "der_locl.h" - -RCSID("$Id: timegm.c,v 1.7 1999/12/02 17:05:02 joda Exp $"); - -#ifndef HAVE_TIMEGM - -static int -is_leap(unsigned y) -{ - y += 1900; - return (y % 4) == 0 && ((y % 100) != 0 || (y % 400) == 0); -} - -time_t -timegm (struct tm *tm) -{ - static const unsigned ndays[2][12] ={ - {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}, - {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}}; - time_t res = 0; - unsigned i; - - for (i = 70; i < tm->tm_year; ++i) - res += is_leap(i) ? 366 : 365; - - for (i = 0; i < tm->tm_mon; ++i) - res += ndays[is_leap(tm->tm_year)][i]; - res += tm->tm_mday - 1; - res *= 24; - res += tm->tm_hour; - res *= 60; - res += tm->tm_min; - res *= 60; - res += tm->tm_sec; - return res; -} - -#endif /* HAVE_TIMEGM */ -- cgit From ee1c2b79ed775aeaa67792478bd8b03415f2e582 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 1 Jun 2006 17:59:05 +0000 Subject: r15993: don't use u_int32_t, as the main heimdal code also don't use it anymore metze (This used to be commit e1842c9b55ffd0792fea2cff37b812d319c76f1f) --- source4/heimdal/lib/gssapi/accept_sec_context.c | 2 +- source4/heimdal/lib/gssapi/init_sec_context.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/accept_sec_context.c b/source4/heimdal/lib/gssapi/accept_sec_context.c index 50d150e57c..2dcb943aed 100644 --- a/source4/heimdal/lib/gssapi/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/accept_sec_context.c @@ -198,7 +198,7 @@ gsskrb5_acceptor_ready( OM_uint32 ret; int32_t seq_number; int is_cfx = 0; - u_int32_t *flags = &(*context_handle)->flags; + OM_uint32 *flags = &(*context_handle)->flags; krb5_auth_getremoteseqnumber (gssapi_krb5_context, (*context_handle)->auth_context, diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c index dc937daae5..4f0d237241 100644 --- a/source4/heimdal/lib/gssapi/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/init_sec_context.c @@ -245,7 +245,7 @@ gsskrb5_initiator_ready( OM_uint32 ret; int32_t seq_number; int is_cfx = 0; - u_int32_t flags = (*context_handle)->flags; + OM_uint32 flags = (*context_handle)->flags; krb5_auth_getremoteseqnumber (gssapi_krb5_context, (*context_handle)->auth_context, @@ -275,7 +275,7 @@ do_delegation (krb5_auth_context ac, krb5_creds *cred, const gss_name_t target_name, krb5_data *fwd_data, - u_int32_t *flags) + OM_uint32 *flags) { krb5_creds creds; krb5_kdc_flags fwd_flags; @@ -353,7 +353,7 @@ gsskrb5_initiator_start krb5_flags ap_options; krb5_creds *cred = NULL; krb5_data outbuf; - u_int32_t flags; + OM_uint32 flags; krb5_data authenticator; Checksum cksum; krb5_enctype enctype; @@ -573,7 +573,7 @@ gsskrb5_initiator_wait_for_mutual( OM_uint32 ret; krb5_error_code kret; krb5_data inbuf; - u_int32_t flags = (*context_handle)->flags; + OM_uint32 flags = (*context_handle)->flags; int32_t l_seq_number; int32_t r_seq_number; -- cgit From 72ce1f31e9ed32edbdf875efc600aa22c3891664 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 2 Jun 2006 07:42:29 +0000 Subject: r16000: - use uint16_t instead of u_int16_t - use int32_t for seq_number both changes let us use the types which the main heimdal code uses metze (This used to be commit ecff7b70aadb9ac27731a5b44aa20b49ac82321a) --- source4/heimdal/lib/gssapi/cfx.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/cfx.c b/source4/heimdal/lib/gssapi/cfx.c index 1aebd008a6..69c9fd3349 100755 --- a/source4/heimdal/lib/gssapi/cfx.c +++ b/source4/heimdal/lib/gssapi/cfx.c @@ -48,7 +48,7 @@ wrap_length_cfx(krb5_crypto crypto, size_t input_length, size_t *output_length, size_t *cksumsize, - u_int16_t *padlength, + uint16_t *padlength, size_t *padsize) { krb5_error_code ret; @@ -109,7 +109,7 @@ OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status, { krb5_error_code ret; krb5_crypto crypto; - u_int16_t pad_length; + uint16_t pad_length; size_t pad_size; size_t output_length, cksumsize; @@ -197,8 +197,9 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, unsigned usage; krb5_data cipher; size_t wrapped_len, cksumsize; - u_int16_t padlength, rrc = 0; - OM_uint32 seq_number, padsize; + uint16_t padlength, rrc = 0; + int32_t seq_number; + OM_uint32 padsize; u_char *p; ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); @@ -631,7 +632,7 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, Checksum cksum; u_char *buf; size_t len; - OM_uint32 seq_number; + int32_t seq_number; ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); if (ret != 0) { -- cgit From e0bb0e9f951a3cf4bc4ad6a11e62dae6d4ddf3e1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 6 Jun 2006 04:50:14 +0000 Subject: r16056: Fix errors found by trying to use our kpasswd server and the Apple client. Andrew Bartlett (This used to be commit ae2913898c983dcba69b5d0b89c428e450e9bf5f) --- source4/heimdal/lib/hdb/keytab.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index b4fa5f84c9..c87b8eca2c 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -218,7 +218,7 @@ hdb_get_entry(krb5_context context, (*db->hdb_destroy)(context, db); return ret; } - ret = (*db->hdb_fetch)(context, db, principal, HDB_F_DECRYPT, &ent); + ret = (*db->hdb_fetch)(context, db, principal, HDB_F_DECRYPT|HDB_F_GET_CLIENT|HDB_F_GET_SERVER, &ent); /* Shutdown the hdb on error */ -- cgit From e3a6c6be79326578a1e9c7cb8547234eab62235f Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 8 Jun 2006 15:20:05 +0000 Subject: r16100: Patch from Michael Wood : s/then/than/ for correct grammar (This used to be commit 26a2fa97e4c819e630bc9b50e11c8d5328c7b8c8) --- source4/heimdal/lib/gssapi/sequence.c | 4 ++-- source4/heimdal/lib/krb5/crypto.c | 2 +- source4/heimdal/lib/krb5/get_for_creds.c | 2 +- source4/heimdal/lib/krb5/heim_threads.h | 2 +- source4/heimdal/lib/krb5/init_creds_pw.c | 4 ++-- source4/heimdal/lib/krb5/ticket.c | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/sequence.c b/source4/heimdal/lib/gssapi/sequence.c index 2851b0a6c8..35a9b924af 100755 --- a/source4/heimdal/lib/gssapi/sequence.c +++ b/source4/heimdal/lib/gssapi/sequence.c @@ -159,8 +159,8 @@ _gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num) r = (o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG))==GSS_C_REPLAY_FLAG; - /* sequence number larger then largest sequence number - * or smaller then the first sequence number */ + /* sequence number larger than largest sequence number + * or smaller than the first sequence number */ if (seq_num > o->elem[0] || seq_num < o->first_seq || o->length == 0) diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 876cbb5192..a3c58051f9 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -2299,7 +2299,7 @@ _krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, /* * In the framework of kerberos, the length can never be shorter - * then at least one blocksize. + * than at least one blocksize. */ if (encryptp) { diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index 661d05663b..f042cdb573 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -376,7 +376,7 @@ krb5_get_forwarded_creds (krb5_context context, cred.enc_part.cipher.length = buf_size; } else { /* - * Here older versions then 0.7.2 of Heimdal used the local or + * Here older versions than 0.7.2 of Heimdal used the local or * remote subkey. That is wrong, the session key should be * used. Heimdal 0.7.2 and newer have code to try both in the * receiving end. diff --git a/source4/heimdal/lib/krb5/heim_threads.h b/source4/heimdal/lib/krb5/heim_threads.h index 3ebe66beee..41f0f83306 100755 --- a/source4/heimdal/lib/krb5/heim_threads.h +++ b/source4/heimdal/lib/krb5/heim_threads.h @@ -53,7 +53,7 @@ /* * NetBSD have a thread lib that we can use that part of libc that * works regardless if application are linked to pthreads or not. - * NetBSD newer then 2.99.11 just use pthread.h, and the same thing + * NetBSD newer than 2.99.11 just use pthread.h, and the same thing * will happen. */ #include diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index 70b6c3e4c3..c05386ec23 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -1211,7 +1211,7 @@ init_cred_loop(krb5_context context, ctx->pk_nonce = ctx->nonce; /* - * Increase counter when we want other pre-auth types then + * Increase counter when we want other pre-auth types than * KRB5_PA_ENC_TIMESTAMP. */ #define MAX_PA_COUNTER 3 @@ -1391,7 +1391,7 @@ krb5_get_init_creds(krb5_context context, case KRB5KDC_ERR_KEY_EXPIRED : /* try to avoid recursion */ - /* don't try to change password where then where none */ + /* don't try to change password where there where none */ if (prompter == NULL || ctx.password == NULL) goto out; diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c index b3efeb39d3..99cb778722 100644 --- a/source4/heimdal/lib/krb5/ticket.c +++ b/source4/heimdal/lib/krb5/ticket.c @@ -112,7 +112,7 @@ find_type_in_ad(krb5_context context, if (level > 9) { krb5_set_error_string(context, "Authorization data nested deeper " - "then %d levels, stop searching", level); + "than %d levels, stop searching", level); ret = ENOENT; /* XXX */ goto out; } -- cgit From b3076a39b9d92ed3600eceb82f129e8c0f36a6bd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 14 Jun 2006 23:46:27 +0000 Subject: r16235: Don't update minor_status when cleaning up on error. This restores sensible log messages to gensec_gssapi. Andrew Bartlett (This used to be commit df2e4f061f3bc82930dfcdbb75b775939ae8832e) --- source4/heimdal/lib/gssapi/accept_sec_context.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/accept_sec_context.c b/source4/heimdal/lib/gssapi/accept_sec_context.c index 2dcb943aed..41a54bdab1 100644 --- a/source4/heimdal/lib/gssapi/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/accept_sec_context.c @@ -700,7 +700,7 @@ gsskrb5_accept_sec_context OM_uint32 ret = GSS_S_COMPLETE; krb5_data fwd_data; gss_ctx_id_t local_context; - + OM_uint32 minor_status2; GSSAPI_KRB5_INIT(); krb5_data_zero (&fwd_data); @@ -772,7 +772,7 @@ gsskrb5_accept_sec_context if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) { *context_handle = local_context; } else { - gss_delete_sec_context(minor_status, + gss_delete_sec_context(&minor_status2, &local_context, NULL); } -- cgit From 0329d755a7611ba3897fc1ee9bdce410cc33d7f8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 30 Aug 2006 11:29:34 +0000 Subject: r17930: Merge noinclude branch: * Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42) --- source4/heimdal/lib/asn1/lex.c | 1364 +++++++++++++++++++++++----------------- 1 file changed, 777 insertions(+), 587 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index b4814f073f..37309ba0aa 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -1,31 +1,92 @@ -/* A lexical scanner generated by flex*/ -/* Scanner skeleton version: - * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ - */ +#line 3 "lex.yy.c" + +#define YY_INT_ALIGNED short int + +/* A lexical scanner generated by flex */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 +#define YY_FLEX_SUBMINOR_VERSION 33 +#if YY_FLEX_SUBMINOR_VERSION > 0 +#define FLEX_BETA +#endif +/* First, we deal with platform-specific or compiler-specific issues. */ + +/* begin standard C headers. */ #include -#include +#include +#include +#include +/* end standard C headers. */ -/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ -#ifdef c_plusplus -#ifndef __cplusplus -#define __cplusplus -#endif +/* flex integer type definitions */ + +#ifndef FLEXINT_H +#define FLEXINT_H + +/* C99 systems have . Non-C99 systems may or may not. */ + +#if __STDC_VERSION__ >= 199901L + +/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, + * if you want the limit (max/min) macros for int types. + */ +#ifndef __STDC_LIMIT_MACROS +#define __STDC_LIMIT_MACROS 1 #endif +#include +typedef int8_t flex_int8_t; +typedef uint8_t flex_uint8_t; +typedef int16_t flex_int16_t; +typedef uint16_t flex_uint16_t; +typedef int32_t flex_int32_t; +typedef uint32_t flex_uint32_t; +#else +typedef signed char flex_int8_t; +typedef short int flex_int16_t; +typedef int flex_int32_t; +typedef unsigned char flex_uint8_t; +typedef unsigned short int flex_uint16_t; +typedef unsigned int flex_uint32_t; +#endif /* ! C99 */ -#ifdef __cplusplus +/* Limits of integral types. */ +#ifndef INT8_MIN +#define INT8_MIN (-128) +#endif +#ifndef INT16_MIN +#define INT16_MIN (-32767-1) +#endif +#ifndef INT32_MIN +#define INT32_MIN (-2147483647-1) +#endif +#ifndef INT8_MAX +#define INT8_MAX (127) +#endif +#ifndef INT16_MAX +#define INT16_MAX (32767) +#endif +#ifndef INT32_MAX +#define INT32_MAX (2147483647) +#endif +#ifndef UINT8_MAX +#define UINT8_MAX (255U) +#endif +#ifndef UINT16_MAX +#define UINT16_MAX (65535U) +#endif +#ifndef UINT32_MAX +#define UINT32_MAX (4294967295U) +#endif -#include +#endif /* ! FLEXINT_H */ -/* Use prototypes in function declarations. */ -#define YY_USE_PROTOS +#ifdef __cplusplus /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST @@ -34,34 +95,17 @@ #if __STDC__ -#define YY_USE_PROTOS #define YY_USE_CONST #endif /* __STDC__ */ #endif /* ! __cplusplus */ -#ifdef __TURBOC__ - #pragma warn -rch - #pragma warn -use -#include -#include -#define YY_USE_CONST -#define YY_USE_PROTOS -#endif - #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif - -#ifdef YY_USE_PROTOS -#define YY_PROTO(proto) proto -#else -#define YY_PROTO(proto) () -#endif - /* Returned upon end-of-file. */ #define YY_NULL 0 @@ -76,80 +120,75 @@ * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ -#define BEGIN yy_start = 1 + 2 * +#define BEGIN (yy_start) = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ -#define YY_START ((yy_start - 1) / 2) +#define YY_START (((yy_start) - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart( yyin ) +#define YY_NEW_FILE yyrestart(yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ +#ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 +#endif +/* The state buf must be large enough to hold one state per character in the main buffer. + */ +#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) + +#ifndef YY_TYPEDEF_YY_BUFFER_STATE +#define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; +#endif extern int yyleng; + extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 -/* The funky do-while in the following #define is used to turn the definition - * int a single C statement (which needs a semi-colon terminator). This - * avoids problems with code like: - * - * if ( condition_holds ) - * yyless( 5 ); - * else - * do_something_else(); - * - * Prior to using the do-while the compiler would get upset at the - * "else" because it interpreted the "if" statement as being all - * done when it reached the ';' after the yyless() call. - */ - -/* Return all but the first 'n' matched characters back to the input stream. */ - + #define YY_LESS_LINENO(n) + +/* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ - *yy_cp = yy_hold_char; \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + *yy_cp = (yy_hold_char); \ YY_RESTORE_YY_MORE_OFFSET \ - yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ + (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) -#define unput(c) yyunput( c, yytext_ptr ) - -/* Some routines like yy_flex_realloc() are emitted as static but are - not called by all lexers. This generates warnings in some compilers, - notably GCC. Arrange to suppress these. */ -#ifdef __GNUC__ -#define YY_MAY_BE_UNUSED __attribute__((unused)) -#else -#define YY_MAY_BE_UNUSED -#endif +#define unput(c) yyunput( c, (yytext_ptr) ) /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). */ -typedef unsigned int yy_size_t; +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef unsigned int yy_size_t; +#endif +#ifndef YY_STRUCT_YY_BUFFER_STATE +#define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state { FILE *yy_input_file; @@ -186,12 +225,16 @@ struct yy_buffer_state */ int yy_at_bol; + int yy_bs_lineno; /**< The line count. */ + int yy_bs_column; /**< The column count. */ + /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; + #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process @@ -205,28 +248,38 @@ struct yy_buffer_state * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 + }; +#endif /* !YY_STRUCT_YY_BUFFER_STATE */ -static YY_BUFFER_STATE yy_current_buffer = 0; +/* Stack of input buffers. */ +static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ +static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ +static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". + * + * Returns the top of the stack, or NULL. */ -#define YY_CURRENT_BUFFER yy_current_buffer +#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ + ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ + : NULL) +/* Same as previous macro, but useful when we know that the buffer stack is not + * NULL or when we need an lvalue. For internal use only. + */ +#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; - static int yy_n_chars; /* number of characters read into yy_ch_buf */ - - int yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; -static int yy_init = 1; /* whether we need to initialize */ +static int yy_init = 0; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ /* Flag which is used to allow yywrap()'s to do buffer switches @@ -234,66 +287,92 @@ static int yy_start = 0; /* start state number */ */ static int yy_did_buffer_switch_on_eof; -void yyrestart YY_PROTO(( FILE *input_file )); +void yyrestart (FILE *input_file ); +void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); +YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); +void yy_delete_buffer (YY_BUFFER_STATE b ); +void yy_flush_buffer (YY_BUFFER_STATE b ); +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); +void yypop_buffer_state (void ); + +static void yyensure_buffer_stack (void ); +static void yy_load_buffer_state (void ); +static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); -void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); -void yy_load_buffer_state YY_PROTO(( void )); -YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); -void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); -void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); -void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); -#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) +#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) -YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); -YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); -YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); +YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); +YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); +YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); -static void *yy_flex_alloc YY_PROTO(( yy_size_t )); -static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )) YY_MAY_BE_UNUSED; -static void yy_flex_free YY_PROTO(( void * )); +void *yyalloc (yy_size_t ); +void *yyrealloc (void *,yy_size_t ); +void yyfree (void * ); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_is_interactive = is_interactive; \ + if ( ! YY_CURRENT_BUFFER ){ \ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_at_bol = at_bol; \ + if ( ! YY_CURRENT_BUFFER ){\ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ } -#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) +#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) + +/* Begin user sect3 */ typedef unsigned char YY_CHAR; + FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; + typedef int yy_state_type; + +extern int yylineno; + +int yylineno = 1; + extern char *yytext; #define yytext_ptr yytext -static yy_state_type yy_get_previous_state YY_PROTO(( void )); -static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); -static int yy_get_next_buffer YY_PROTO(( void )); -static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); +static yy_state_type yy_get_previous_state (void ); +static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); +static int yy_get_next_buffer (void ); +static void yy_fatal_error (yyconst char msg[] ); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ - yytext_ptr = yy_bp; \ - yyleng = (int) (yy_cp - yy_bp); \ - yy_hold_char = *yy_cp; \ + (yytext_ptr) = yy_bp; \ + yyleng = (size_t) (yy_cp - yy_bp); \ + (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ - yy_c_buf_p = yy_cp; + (yy_c_buf_p) = yy_cp; #define YY_NUM_RULES 95 #define YY_END_OF_BUFFER 96 -static yyconst short int yy_accept[568] = +/* This struct is not used in this scanner, + but its presence is necessary. */ +struct yy_trans_info + { + flex_int32_t yy_verify; + flex_int32_t yy_nxt; + }; +static yyconst flex_int16_t yy_accept[568] = { 0, 0, 0, 96, 94, 90, 91, 87, 81, 81, 94, 94, 88, 88, 94, 89, 89, 89, 89, 89, 89, @@ -359,7 +438,7 @@ static yyconst short int yy_accept[568] = 32, 89, 59, 70, 77, 53, 0 } ; -static yyconst int yy_ec[256] = +static yyconst flex_int32_t yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -391,7 +470,7 @@ static yyconst int yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst int yy_meta[70] = +static yyconst flex_int32_t yy_meta[70] = { 0, 1, 1, 1, 1, 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, 3, 3, 1, 1, 3, 3, @@ -402,7 +481,7 @@ static yyconst int yy_meta[70] = 2, 2, 2, 2, 2, 2, 2, 2, 2 } ; -static yyconst short int yy_base[570] = +static yyconst flex_int16_t yy_base[570] = { 0, 0, 0, 636, 637, 637, 637, 637, 637, 63, 627, 628, 70, 77, 616, 74, 72, 76, 609, 65, 81, @@ -468,7 +547,7 @@ static yyconst short int yy_base[570] = 0, 101, 0, 0, 0, 0, 637, 223, 69 } ; -static yyconst short int yy_def[570] = +static yyconst flex_int16_t yy_def[570] = { 0, 567, 1, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 568, 568, 568, 568, 568, 568, @@ -534,7 +613,7 @@ static yyconst short int yy_def[570] = 568, 568, 568, 568, 568, 568, 0, 567, 567 } ; -static yyconst short int yy_nxt[707] = +static yyconst flex_int16_t yy_nxt[707] = { 0, 4, 5, 6, 7, 8, 4, 9, 10, 11, 12, 13, 13, 13, 13, 13, 13, 14, 4, 15, 16, @@ -616,7 +695,7 @@ static yyconst short int yy_nxt[707] = 567, 567, 567, 567, 567, 567 } ; -static yyconst short int yy_chk[707] = +static yyconst flex_int16_t yy_chk[707] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -701,6 +780,9 @@ static yyconst short int yy_chk[707] = static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; +extern int yy_flex_debug; +int yy_flex_debug = 0; + /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ @@ -710,7 +792,6 @@ static char *yy_last_accepting_cpos; #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "lex.l" -#define INITIAL 0 #line 2 "lex.l" /* * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan @@ -769,7 +850,23 @@ static unsigned lineno = 1; static void unterminated(const char *, unsigned); -#line 773 "lex.c" +#line 854 "lex.yy.c" + +#define INITIAL 0 + +#ifndef YY_NO_UNISTD_H +/* Special case for "unistd.h", since it is non-ANSI. We include it way + * down here because we want the user's section 1 to have been scanned first. + * The user has a chance to override it with an option. + */ +#include +#endif + +#ifndef YY_EXTRA_TYPE +#define YY_EXTRA_TYPE void * +#endif + +static int yy_init_globals (void ); /* Macros after this point can all be overridden by user definitions in * section 1. @@ -777,65 +874,30 @@ static void unterminated(const char *, unsigned); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int yywrap YY_PROTO(( void )); +extern "C" int yywrap (void ); #else -extern int yywrap YY_PROTO(( void )); +extern int yywrap (void ); #endif #endif -#ifndef YY_NO_UNPUT -static void yyunput YY_PROTO(( int c, char *buf_ptr )); -#endif - + static void yyunput (int c,char *buf_ptr ); + #ifndef yytext_ptr -static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); +static void yy_flex_strncpy (char *,yyconst char *,int ); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen YY_PROTO(( yyconst char * )); +static int yy_flex_strlen (yyconst char * ); #endif #ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput YY_PROTO(( void )); -#else -static int input YY_PROTO(( void )); -#endif -#endif - -#if YY_STACK_USED -static int yy_start_stack_ptr = 0; -static int yy_start_stack_depth = 0; -static int *yy_start_stack = 0; -#ifndef YY_NO_PUSH_STATE -static void yy_push_state YY_PROTO(( int new_state )); -#endif -#ifndef YY_NO_POP_STATE -static void yy_pop_state YY_PROTO(( void )); -#endif -#ifndef YY_NO_TOP_STATE -static int yy_top_state YY_PROTO(( void )); -#endif +#ifdef __cplusplus +static int yyinput (void ); #else -#define YY_NO_PUSH_STATE 1 -#define YY_NO_POP_STATE 1 -#define YY_NO_TOP_STATE 1 +static int input (void ); #endif -#ifdef YY_MALLOC_DECL -YY_MALLOC_DECL -#else -#if __STDC__ -#ifndef __cplusplus -#include -#endif -#else -/* Just try to get by without declaring the routines. This will fail - * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) - * or sizeof(void*) != sizeof(int). - */ -#endif #endif /* Amount of stuff to slurp up with each read. */ @@ -844,7 +906,6 @@ YY_MALLOC_DECL #endif /* Copy whatever the last rule matched to the standard output. */ - #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). @@ -857,9 +918,10 @@ YY_MALLOC_DECL */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) \ + if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ - int c = '*', n; \ + int c = '*'; \ + size_t n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -869,9 +931,22 @@ YY_MALLOC_DECL YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ - else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ - && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); + else \ + { \ + errno=0; \ + while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ + { \ + if( errno != EINTR) \ + { \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + break; \ + } \ + errno=0; \ + clearerr(yyin); \ + } \ + }\ +\ + #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - @@ -892,12 +967,18 @@ YY_MALLOC_DECL #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif +/* end tables serialization structures and prototypes */ + /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL -#define YY_DECL int yylex YY_PROTO(( void )) -#endif +#define YY_DECL_IS_OURS 1 + +extern int yylex (void); + +#define YY_DECL int yylex (void) +#endif /* !YY_DECL */ /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. @@ -914,26 +995,28 @@ YY_MALLOC_DECL #define YY_RULE_SETUP \ YY_USER_ACTION +/** The main scanner function which does all the work. + */ YY_DECL - { +{ register yy_state_type yy_current_state; - register char *yy_cp = NULL, *yy_bp = NULL; + register char *yy_cp, *yy_bp; register int yy_act; - + #line 62 "lex.l" -#line 926 "lex.c" +#line 1009 "lex.yy.c" - if ( yy_init ) + if ( !(yy_init) ) { - yy_init = 0; + (yy_init) = 1; #ifdef YY_USER_INIT YY_USER_INIT; #endif - if ( ! yy_start ) - yy_start = 1; /* first start state */ + if ( ! (yy_start) ) + (yy_start) = 1; /* first start state */ if ( ! yyin ) yyin = stdin; @@ -941,34 +1024,36 @@ YY_DECL if ( ! yyout ) yyout = stdout; - if ( ! yy_current_buffer ) - yy_current_buffer = - yy_create_buffer( yyin, YY_BUF_SIZE ); + if ( ! YY_CURRENT_BUFFER ) { + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } - yy_load_buffer_state(); + yy_load_buffer_state( ); } while ( 1 ) /* loops until end-of-file is reached */ { - yy_cp = yy_c_buf_p; + yy_cp = (yy_c_buf_p); /* Support of yytext. */ - *yy_cp = yy_hold_char; + *yy_cp = (yy_hold_char); /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; - yy_current_state = yy_start; + yy_current_state = (yy_start); yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -985,24 +1070,22 @@ yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; - do_action: /* This label is used only to access EOF actions. */ - switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = yy_hold_char; - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; + *yy_cp = (yy_hold_char); + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); goto yy_find_action; case 1: @@ -1566,6 +1649,7 @@ YY_RULE_SETUP ; YY_BREAK case 91: +/* rule 91 can match eol */ YY_RULE_SETUP #line 264 "lex.l" { ++lineno; } @@ -1590,33 +1674,33 @@ YY_RULE_SETUP #line 268 "lex.l" ECHO; YY_BREAK -#line 1594 "lex.c" +#line 1678 "lex.yy.c" case YY_STATE_EOF(INITIAL): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; + int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = yy_hold_char; + *yy_cp = (yy_hold_char); YY_RESTORE_YY_MORE_OFFSET - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure - * consistency between yy_current_buffer and our + * consistency between YY_CURRENT_BUFFER and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ - yy_n_chars = yy_current_buffer->yy_n_chars; - yy_current_buffer->yy_input_file = yyin; - yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position @@ -1626,13 +1710,13 @@ case YY_STATE_EOF(INITIAL): * end-of-buffer state). Contrast this with the test * in input(). */ - if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) { /* This was really a NUL. */ yy_state_type yy_next_state; - yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; + (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); /* Okay, we're now positioned to make the NUL * transition. We couldn't have @@ -1645,30 +1729,30 @@ case YY_STATE_EOF(INITIAL): yy_next_state = yy_try_NUL_trans( yy_current_state ); - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_bp = (yytext_ptr) + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ - yy_cp = ++yy_c_buf_p; + yy_cp = ++(yy_c_buf_p); yy_current_state = yy_next_state; goto yy_match; } else { - yy_cp = yy_c_buf_p; + yy_cp = (yy_c_buf_p); goto yy_find_action; } } - else switch ( yy_get_next_buffer() ) + else switch ( yy_get_next_buffer( ) ) { case EOB_ACT_END_OF_FILE: { - yy_did_buffer_switch_on_eof = 0; + (yy_did_buffer_switch_on_eof) = 0; - if ( yywrap() ) + if ( yywrap( ) ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -1679,7 +1763,7 @@ case YY_STATE_EOF(INITIAL): * YY_NULL, it'll still work - another * YY_NULL will get returned. */ - yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; + (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; @@ -1687,30 +1771,30 @@ case YY_STATE_EOF(INITIAL): else { - if ( ! yy_did_buffer_switch_on_eof ) + if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = - yytext_ptr + yy_amount_of_matched_text; + (yy_c_buf_p) = + (yytext_ptr) + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: - yy_c_buf_p = - &yy_current_buffer->yy_ch_buf[yy_n_chars]; + (yy_c_buf_p) = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_find_action; } break; @@ -1721,8 +1805,7 @@ case YY_STATE_EOF(INITIAL): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ - } /* end of yylex */ - +} /* end of yylex */ /* yy_get_next_buffer - try to read in a new buffer * @@ -1731,21 +1814,20 @@ case YY_STATE_EOF(INITIAL): * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ - -static int yy_get_next_buffer() - { - register char *dest = yy_current_buffer->yy_ch_buf; - register char *source = yytext_ptr; +static int yy_get_next_buffer (void) +{ + register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + register char *source = (yytext_ptr); register int number_to_move, i; int ret_val; - if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) + if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); - if ( yy_current_buffer->yy_fill_buffer == 0 ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ - if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) + if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. @@ -1765,34 +1847,30 @@ static int yy_get_next_buffer() /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; + number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ - yy_current_buffer->yy_n_chars = yy_n_chars = 0; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; else { - int num_to_read = - yy_current_buffer->yy_buf_size - number_to_move - 1; + int num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ -#ifdef YY_USES_REJECT - YY_FATAL_ERROR( -"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); -#else /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = yy_current_buffer; + YY_BUFFER_STATE b = YY_CURRENT_BUFFER; int yy_c_buf_p_offset = - (int) (yy_c_buf_p - b->yy_ch_buf); + (int) ((yy_c_buf_p) - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { @@ -1805,8 +1883,7 @@ static int yy_get_next_buffer() b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - yy_flex_realloc( (void *) b->yy_ch_buf, - b->yy_buf_size + 2 ); + yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ @@ -1816,35 +1893,35 @@ static int yy_get_next_buffer() YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); - yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; + (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; - num_to_read = yy_current_buffer->yy_buf_size - + num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; -#endif + } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ - YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), - yy_n_chars, num_to_read ); + YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), + (yy_n_chars), num_to_read ); - yy_current_buffer->yy_n_chars = yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } - if ( yy_n_chars == 0 ) + if ( (yy_n_chars) == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - yyrestart( yyin ); + yyrestart(yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; - yy_current_buffer->yy_buffer_status = + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } @@ -1852,32 +1929,31 @@ static int yy_get_next_buffer() else ret_val = EOB_ACT_CONTINUE_SCAN; - yy_n_chars += number_to_move; - yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; - yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; + (yy_n_chars) += number_to_move; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; - yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; + (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; return ret_val; - } - +} /* yy_get_previous_state - get the state just before the EOB char was reached */ -static yy_state_type yy_get_previous_state() - { + static yy_state_type yy_get_previous_state (void) +{ register yy_state_type yy_current_state; register char *yy_cp; + + yy_current_state = (yy_start); - yy_current_state = yy_start; - - for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) + for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1889,30 +1965,23 @@ static yy_state_type yy_get_previous_state() } return yy_current_state; - } - +} /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ - -#ifdef YY_USE_PROTOS -static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) -#else -static yy_state_type yy_try_NUL_trans( yy_current_state ) -yy_state_type yy_current_state; -#endif - { + static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) +{ register int yy_is_jam; - register char *yy_cp = yy_c_buf_p; + register char *yy_cp = (yy_c_buf_p); register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1924,81 +1993,73 @@ yy_state_type yy_current_state; yy_is_jam = (yy_current_state == 567); return yy_is_jam ? 0 : yy_current_state; - } - +} -#ifndef YY_NO_UNPUT -#ifdef YY_USE_PROTOS -static void yyunput( int c, register char *yy_bp ) -#else -static void yyunput( c, yy_bp ) -int c; -register char *yy_bp; -#endif - { - register char *yy_cp = yy_c_buf_p; + static void yyunput (int c, register char * yy_bp ) +{ + register char *yy_cp; + + yy_cp = (yy_c_buf_p); /* undo effects of setting up yytext */ - *yy_cp = yy_hold_char; + *yy_cp = (yy_hold_char); - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = yy_n_chars + 2; - register char *dest = &yy_current_buffer->yy_ch_buf[ - yy_current_buffer->yy_buf_size + 2]; + register int number_to_move = (yy_n_chars) + 2; + register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; register char *source = - &yy_current_buffer->yy_ch_buf[number_to_move]; + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; - while ( source > yy_current_buffer->yy_ch_buf ) + while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); - yy_current_buffer->yy_n_chars = - yy_n_chars = yy_current_buffer->yy_buf_size; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; - - yytext_ptr = yy_bp; - yy_hold_char = *yy_cp; - yy_c_buf_p = yy_cp; - } -#endif /* ifndef YY_NO_UNPUT */ - + (yytext_ptr) = yy_bp; + (yy_hold_char) = *yy_cp; + (yy_c_buf_p) = yy_cp; +} #ifndef YY_NO_INPUT #ifdef __cplusplus -static int yyinput() + static int yyinput (void) #else -static int input() + static int input (void) #endif - { - int c; - *yy_c_buf_p = yy_hold_char; +{ + int c; + + *(yy_c_buf_p) = (yy_hold_char); - if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) + if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ - if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) /* This was really a NUL. */ - *yy_c_buf_p = '\0'; + *(yy_c_buf_p) = '\0'; else { /* need more input */ - int offset = yy_c_buf_p - yytext_ptr; - ++yy_c_buf_p; + int offset = (yy_c_buf_p) - (yytext_ptr); + ++(yy_c_buf_p); - switch ( yy_get_next_buffer() ) + switch ( yy_get_next_buffer( ) ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() @@ -2012,16 +2073,16 @@ static int input() */ /* Reset buffer status. */ - yyrestart( yyin ); + yyrestart(yyin ); - /* fall through */ + /*FALLTHROUGH*/ case EOB_ACT_END_OF_FILE: { - if ( yywrap() ) + if ( yywrap( ) ) return EOF; - if ( ! yy_did_buffer_switch_on_eof ) + if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); @@ -2031,90 +2092,92 @@ static int input() } case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = yytext_ptr + offset; + (yy_c_buf_p) = (yytext_ptr) + offset; break; } } } - c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ - *yy_c_buf_p = '\0'; /* preserve yytext */ - yy_hold_char = *++yy_c_buf_p; - + c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ + *(yy_c_buf_p) = '\0'; /* preserve yytext */ + (yy_hold_char) = *++(yy_c_buf_p); return c; - } -#endif /* YY_NO_INPUT */ - -#ifdef YY_USE_PROTOS -void yyrestart( FILE *input_file ) -#else -void yyrestart( input_file ) -FILE *input_file; -#endif - { - if ( ! yy_current_buffer ) - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); +} +#endif /* ifndef YY_NO_INPUT */ - yy_init_buffer( yy_current_buffer, input_file ); - yy_load_buffer_state(); +/** Immediately switch to a different input stream. + * @param input_file A readable stream. + * + * @note This function does not reset the start condition to @c INITIAL . + */ + void yyrestart (FILE * input_file ) +{ + + if ( ! YY_CURRENT_BUFFER ){ + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); } + yy_init_buffer(YY_CURRENT_BUFFER,input_file ); + yy_load_buffer_state( ); +} -#ifdef YY_USE_PROTOS -void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) -#else -void yy_switch_to_buffer( new_buffer ) -YY_BUFFER_STATE new_buffer; -#endif - { - if ( yy_current_buffer == new_buffer ) +/** Switch to a different input buffer. + * @param new_buffer The new input buffer. + * + */ + void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) +{ + + /* TODO. We should be able to replace this entire function body + * with + * yypop_buffer_state(); + * yypush_buffer_state(new_buffer); + */ + yyensure_buffer_stack (); + if ( YY_CURRENT_BUFFER == new_buffer ) return; - if ( yy_current_buffer ) + if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ - *yy_c_buf_p = yy_hold_char; - yy_current_buffer->yy_buf_pos = yy_c_buf_p; - yy_current_buffer->yy_n_chars = yy_n_chars; + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } - yy_current_buffer = new_buffer; - yy_load_buffer_state(); + YY_CURRENT_BUFFER_LVALUE = new_buffer; + yy_load_buffer_state( ); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ - yy_did_buffer_switch_on_eof = 1; - } - - -#ifdef YY_USE_PROTOS -void yy_load_buffer_state( void ) -#else -void yy_load_buffer_state() -#endif - { - yy_n_chars = yy_current_buffer->yy_n_chars; - yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; - yyin = yy_current_buffer->yy_input_file; - yy_hold_char = *yy_c_buf_p; - } + (yy_did_buffer_switch_on_eof) = 1; +} +static void yy_load_buffer_state (void) +{ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; + yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; + (yy_hold_char) = *(yy_c_buf_p); +} -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) -#else -YY_BUFFER_STATE yy_create_buffer( file, size ) -FILE *file; -int size; -#endif - { +/** Allocate and initialize an input buffer state. + * @param file A readable stream. + * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. + * + * @return the allocated buffer state. + */ + YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) +{ YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); @@ -2123,75 +2186,75 @@ int size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); + b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - yy_init_buffer( b, file ); + yy_init_buffer(b,file ); return b; - } - +} -#ifdef YY_USE_PROTOS -void yy_delete_buffer( YY_BUFFER_STATE b ) -#else -void yy_delete_buffer( b ) -YY_BUFFER_STATE b; -#endif - { +/** Destroy the buffer. + * @param b a buffer created with yy_create_buffer() + * + */ + void yy_delete_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) return; - if ( b == yy_current_buffer ) - yy_current_buffer = (YY_BUFFER_STATE) 0; + if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ + YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - yy_flex_free( (void *) b->yy_ch_buf ); + yyfree((void *) b->yy_ch_buf ); - yy_flex_free( (void *) b ); - } - - - -#ifdef YY_USE_PROTOS -void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) -#else -void yy_init_buffer( b, file ) -YY_BUFFER_STATE b; -FILE *file; -#endif + yyfree((void *) b ); +} +#ifndef __cplusplus +extern int isatty (int ); +#endif /* __cplusplus */ + +/* Initializes or reinitializes a buffer. + * This function is sometimes called more than once on the same buffer, + * such as during a yyrestart() or at EOF. + */ + static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) - { - yy_flush_buffer( b ); +{ + int oerrno = errno; + + yy_flush_buffer(b ); b->yy_input_file = file; b->yy_fill_buffer = 1; -#if YY_ALWAYS_INTERACTIVE - b->yy_is_interactive = 1; -#else -#if YY_NEVER_INTERACTIVE - b->yy_is_interactive = 0; -#else - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; -#endif -#endif - } - - -#ifdef YY_USE_PROTOS -void yy_flush_buffer( YY_BUFFER_STATE b ) -#else -void yy_flush_buffer( b ) -YY_BUFFER_STATE b; -#endif + /* If b is the current buffer, then yy_init_buffer was _probably_ + * called from yyrestart() or through yy_get_next_buffer. + * In that case, we don't want to reset the lineno or column. + */ + if (b != YY_CURRENT_BUFFER){ + b->yy_bs_lineno = 1; + b->yy_bs_column = 0; + } + + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; + + errno = oerrno; +} - { - if ( ! b ) +/** Discard all buffered characters. On the next scan, YY_INPUT will be called. + * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. + * + */ + void yy_flush_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) return; b->yy_n_chars = 0; @@ -2208,29 +2271,121 @@ YY_BUFFER_STATE b; b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; - if ( b == yy_current_buffer ) - yy_load_buffer_state(); + if ( b == YY_CURRENT_BUFFER ) + yy_load_buffer_state( ); +} + +/** Pushes the new state onto the stack. The new state becomes + * the current state. This function will allocate the stack + * if necessary. + * @param new_buffer The new state. + * + */ +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) +{ + if (new_buffer == NULL) + return; + + yyensure_buffer_stack(); + + /* This block is copied from yy_switch_to_buffer. */ + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + /* Only push if top exists. Otherwise, replace top. */ + if (YY_CURRENT_BUFFER) + (yy_buffer_stack_top)++; + YY_CURRENT_BUFFER_LVALUE = new_buffer; + + /* copied from yy_switch_to_buffer. */ + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; +} + +/** Removes and deletes the top of the stack, if present. + * The next element becomes the new top. + * + */ +void yypop_buffer_state (void) +{ + if (!YY_CURRENT_BUFFER) + return; + + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + if ((yy_buffer_stack_top) > 0) + --(yy_buffer_stack_top); + + if (YY_CURRENT_BUFFER) { + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; } +} +/* Allocates the stack if it does not exist. + * Guarantees space for at least one push. + */ +static void yyensure_buffer_stack (void) +{ + int num_to_alloc; + + if (!(yy_buffer_stack)) { + + /* First allocation is just for 2 elements, since we don't know if this + * scanner will even need a stack. We use 2 instead of 1 to avoid an + * immediate realloc on the next call. + */ + num_to_alloc = 1; + (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc + (num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); + + (yy_buffer_stack_max) = num_to_alloc; + (yy_buffer_stack_top) = 0; + return; + } -#ifndef YY_NO_SCAN_BUFFER -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) -#else -YY_BUFFER_STATE yy_scan_buffer( base, size ) -char *base; -yy_size_t size; -#endif - { - YY_BUFFER_STATE b; + if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ + /* Increase the buffer to prepare for a possible push. */ + int grow_size = 8 /* arbitrary grow size */; + + num_to_alloc = (yy_buffer_stack_max) + grow_size; + (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc + ((yy_buffer_stack), + num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + /* zero only the new slots.*/ + memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); + (yy_buffer_stack_max) = num_to_alloc; + } +} + +/** Setup the input buffer state to scan directly from a user-specified character buffer. + * @param base the character buffer + * @param size the size in bytes of the character buffer + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) +{ + YY_BUFFER_STATE b; + if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); @@ -2244,56 +2399,51 @@ yy_size_t size; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - yy_switch_to_buffer( b ); + yy_switch_to_buffer(b ); return b; - } -#endif - - -#ifndef YY_NO_SCAN_STRING -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) -#else -YY_BUFFER_STATE yy_scan_string( yy_str ) -yyconst char *yy_str; -#endif - { - int len; - for ( len = 0; yy_str[len]; ++len ) - ; - - return yy_scan_bytes( yy_str, len ); - } -#endif +} +/** Setup the input buffer state to scan a string. The next call to yylex() will + * scan from a @e copy of @a str. + * @param yystr a NUL-terminated string to scan + * + * @return the newly allocated buffer state object. + * @note If you want to scan bytes that may contain NUL values, then use + * yy_scan_bytes() instead. + */ +YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) +{ + + return yy_scan_bytes(yystr,strlen(yystr) ); +} -#ifndef YY_NO_SCAN_BYTES -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) -#else -YY_BUFFER_STATE yy_scan_bytes( bytes, len ) -yyconst char *bytes; -int len; -#endif - { +/** Setup the input buffer state to scan the given bytes. The next call to yylex() will + * scan from a @e copy of @a bytes. + * @param bytes the byte buffer to scan + * @param len the number of bytes in the buffer pointed to by @a bytes. + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) +{ YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; - + /* Get memory for full buffer, including space for trailing EOB's. */ - n = len + 2; - buf = (char *) yy_flex_alloc( n ); + n = _yybytes_len + 2; + buf = (char *) yyalloc(n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - for ( i = 0; i < len; ++i ) - buf[i] = bytes[i]; + for ( i = 0; i < _yybytes_len; ++i ) + buf[i] = yybytes[i]; - buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; + buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; - b = yy_scan_buffer( buf, n ); + b = yy_scan_buffer(buf,n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); @@ -2303,148 +2453,196 @@ int len; b->yy_is_our_buffer = 1; return b; - } +} + +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 #endif +static void yy_fatal_error (yyconst char* msg ) +{ + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); +} + +/* Redefine yyless() so it works in section 3 code. */ -#ifndef YY_NO_PUSH_STATE -#ifdef YY_USE_PROTOS -static void yy_push_state( int new_state ) -#else -static void yy_push_state( new_state ) -int new_state; -#endif - { - if ( yy_start_stack_ptr >= yy_start_stack_depth ) - { - yy_size_t new_size; +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + yytext[yyleng] = (yy_hold_char); \ + (yy_c_buf_p) = yytext + yyless_macro_arg; \ + (yy_hold_char) = *(yy_c_buf_p); \ + *(yy_c_buf_p) = '\0'; \ + yyleng = yyless_macro_arg; \ + } \ + while ( 0 ) - yy_start_stack_depth += YY_START_STACK_INCR; - new_size = yy_start_stack_depth * sizeof( int ); +/* Accessor methods (get/set functions) to struct members. */ - if ( ! yy_start_stack ) - yy_start_stack = (int *) yy_flex_alloc( new_size ); +/** Get the current line number. + * + */ +int yyget_lineno (void) +{ + + return yylineno; +} - else - yy_start_stack = (int *) yy_flex_realloc( - (void *) yy_start_stack, new_size ); +/** Get the input stream. + * + */ +FILE *yyget_in (void) +{ + return yyin; +} - if ( ! yy_start_stack ) - YY_FATAL_ERROR( - "out of memory expanding start-condition stack" ); - } +/** Get the output stream. + * + */ +FILE *yyget_out (void) +{ + return yyout; +} - yy_start_stack[yy_start_stack_ptr++] = YY_START; +/** Get the length of the current token. + * + */ +int yyget_leng (void) +{ + return yyleng; +} - BEGIN(new_state); - } -#endif +/** Get the current token. + * + */ +char *yyget_text (void) +{ + return yytext; +} -#ifndef YY_NO_POP_STATE -static void yy_pop_state() - { - if ( --yy_start_stack_ptr < 0 ) - YY_FATAL_ERROR( "start-condition stack underflow" ); +/** Set the current line number. + * @param line_number + * + */ +void yyset_lineno (int line_number ) +{ + + yylineno = line_number; +} - BEGIN(yy_start_stack[yy_start_stack_ptr]); - } -#endif +/** Set the input stream. This does not discard the current + * input buffer. + * @param in_str A readable stream. + * + * @see yy_switch_to_buffer + */ +void yyset_in (FILE * in_str ) +{ + yyin = in_str ; +} +void yyset_out (FILE * out_str ) +{ + yyout = out_str ; +} -#ifndef YY_NO_TOP_STATE -static int yy_top_state() - { - return yy_start_stack[yy_start_stack_ptr - 1]; - } -#endif +int yyget_debug (void) +{ + return yy_flex_debug; +} -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif +void yyset_debug (int bdebug ) +{ + yy_flex_debug = bdebug ; +} -#ifdef YY_USE_PROTOS -static void yy_fatal_error( yyconst char msg[] ) +static int yy_init_globals (void) +{ + /* Initialization is the same as for the non-reentrant scanner. + * This function is called from yylex_destroy(), so don't allocate here. + */ + + (yy_buffer_stack) = 0; + (yy_buffer_stack_top) = 0; + (yy_buffer_stack_max) = 0; + (yy_c_buf_p) = (char *) 0; + (yy_init) = 0; + (yy_start) = 0; + +/* Defined in main.c */ +#ifdef YY_STDINIT + yyin = stdin; + yyout = stdout; #else -static void yy_fatal_error( msg ) -char msg[]; + yyin = (FILE *) 0; + yyout = (FILE *) 0; #endif - { - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); - } + /* For future reference: Set errno on error, since we are called by + * yylex_init() + */ + return 0; +} +/* yylex_destroy is for both reentrant and non-reentrant scanners. */ +int yylex_destroy (void) +{ + + /* Pop the buffer stack, destroying each element. */ + while(YY_CURRENT_BUFFER){ + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + yypop_buffer_state(); + } -/* Redefine yyless() so it works in section 3 code. */ + /* Destroy the stack itself. */ + yyfree((yy_buffer_stack) ); + (yy_buffer_stack) = NULL; -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - yytext[yyleng] = yy_hold_char; \ - yy_c_buf_p = yytext + n; \ - yy_hold_char = *yy_c_buf_p; \ - *yy_c_buf_p = '\0'; \ - yyleng = n; \ - } \ - while ( 0 ) + /* Reset the globals. This is important in a non-reentrant scanner so the next time + * yylex() is called, initialization will occur. */ + yy_init_globals( ); + return 0; +} -/* Internal utility routines. */ +/* + * Internal utility routines. + */ #ifndef yytext_ptr -#ifdef YY_USE_PROTOS -static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) -#else -static void yy_flex_strncpy( s1, s2, n ) -char *s1; -yyconst char *s2; -int n; -#endif - { +static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) +{ register int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; - } +} #endif #ifdef YY_NEED_STRLEN -#ifdef YY_USE_PROTOS -static int yy_flex_strlen( yyconst char *s ) -#else -static int yy_flex_strlen( s ) -yyconst char *s; -#endif - { +static int yy_flex_strlen (yyconst char * s ) +{ register int n; for ( n = 0; s[n]; ++n ) ; return n; - } +} #endif - -#ifdef YY_USE_PROTOS -static void *yy_flex_alloc( yy_size_t size ) -#else -static void *yy_flex_alloc( size ) -yy_size_t size; -#endif - { +void *yyalloc (yy_size_t size ) +{ return (void *) malloc( size ); - } +} -#ifdef YY_USE_PROTOS -static void *yy_flex_realloc( void *ptr, yy_size_t size ) -#else -static void *yy_flex_realloc( ptr, size ) -void *ptr; -yy_size_t size; -#endif - { +void *yyrealloc (void * ptr, yy_size_t size ) +{ /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -2453,28 +2651,19 @@ yy_size_t size; * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); - } +} -#ifdef YY_USE_PROTOS -static void yy_flex_free( void *ptr ) -#else -static void yy_flex_free( ptr ) -void *ptr; -#endif - { - free( ptr ); - } +void yyfree (void * ptr ) +{ + free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ +} + +#define YYTABLES_NAME "yytables" -#if YY_MAIN -int main() - { - yylex(); - return 0; - } -#endif #line 268 "lex.l" + #ifndef yywrap /* XXX */ int yywrap () @@ -2500,3 +2689,4 @@ unterminated(const char *type, unsigned start_lineno) { error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); } + -- cgit From 49e15ba5550ebf1000ffbffed1b0afac23c70f0a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 1 Sep 2006 06:59:24 +0000 Subject: r17986: Add a copy of the Heimdal licence to our source tree, to make it very clear what the conditions on this code are, and that the terms are GPL compatible. Andrew Bartlett (This used to be commit 99ce2ecf396837caa812acf279f5156c50818373) --- source4/heimdal/HEIMDAL-LICENCE.txt | 45 +++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 source4/heimdal/HEIMDAL-LICENCE.txt (limited to 'source4/heimdal') diff --git a/source4/heimdal/HEIMDAL-LICENCE.txt b/source4/heimdal/HEIMDAL-LICENCE.txt new file mode 100644 index 0000000000..90ff52309f --- /dev/null +++ b/source4/heimdal/HEIMDAL-LICENCE.txt @@ -0,0 +1,45 @@ +This is a copy of the standard copyright notice on most files in the +heimdal tree. This license is confidered to be GPL compatible by the +Free Software Foundation (see http://www.fsf.org/licensing/licenses/index_html#GPLCompatibleLicenses) + +Note that the list of copyright holders varies between the individial +files. Also note that this Samba4 MODIFIED VERSION may depend on GPL'ed +libraries. + +Many thanks to the Heimdal developers for their support and +cooperation in the use of the heimdal code in Samba. + + +/* + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan and others. + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + -- cgit From 38fdde5d9bf15b10caa60ee216d278ba8d870c2e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 4 Sep 2006 12:21:42 +0000 Subject: r18031: Merge my replace fixes: * libreplace can now build stand-alone * add stub testsuite for libreplace * make talloc/tdb/ldb use libreplace (This used to be commit fe7ca4b1454e01a33ed0d53791ebffdd349298b4) --- source4/heimdal/lib/com_err/lex.c | 1353 +++++++++++++++++++++---------------- source4/heimdal/lib/hdb/hdb.c | 2 +- 2 files changed, 777 insertions(+), 578 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index 925615f244..d5d6b20a8d 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -1,31 +1,92 @@ -/* A lexical scanner generated by flex */ -/* Scanner skeleton version: - * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ - */ +#line 3 "lex.yy.c" + +#define YY_INT_ALIGNED short int + +/* A lexical scanner generated by flex */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 +#define YY_FLEX_SUBMINOR_VERSION 33 +#if YY_FLEX_SUBMINOR_VERSION > 0 +#define FLEX_BETA +#endif + +/* First, we deal with platform-specific or compiler-specific issues. */ +/* begin standard C headers. */ #include -#include +#include +#include +#include +/* end standard C headers. */ -/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ -#ifdef c_plusplus -#ifndef __cplusplus -#define __cplusplus -#endif +/* flex integer type definitions */ + +#ifndef FLEXINT_H +#define FLEXINT_H + +/* C99 systems have . Non-C99 systems may or may not. */ + +#if __STDC_VERSION__ >= 199901L + +/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, + * if you want the limit (max/min) macros for int types. + */ +#ifndef __STDC_LIMIT_MACROS +#define __STDC_LIMIT_MACROS 1 #endif +#include +typedef int8_t flex_int8_t; +typedef uint8_t flex_uint8_t; +typedef int16_t flex_int16_t; +typedef uint16_t flex_uint16_t; +typedef int32_t flex_int32_t; +typedef uint32_t flex_uint32_t; +#else +typedef signed char flex_int8_t; +typedef short int flex_int16_t; +typedef int flex_int32_t; +typedef unsigned char flex_uint8_t; +typedef unsigned short int flex_uint16_t; +typedef unsigned int flex_uint32_t; +#endif /* ! C99 */ -#ifdef __cplusplus +/* Limits of integral types. */ +#ifndef INT8_MIN +#define INT8_MIN (-128) +#endif +#ifndef INT16_MIN +#define INT16_MIN (-32767-1) +#endif +#ifndef INT32_MIN +#define INT32_MIN (-2147483647-1) +#endif +#ifndef INT8_MAX +#define INT8_MAX (127) +#endif +#ifndef INT16_MAX +#define INT16_MAX (32767) +#endif +#ifndef INT32_MAX +#define INT32_MAX (2147483647) +#endif +#ifndef UINT8_MAX +#define UINT8_MAX (255U) +#endif +#ifndef UINT16_MAX +#define UINT16_MAX (65535U) +#endif +#ifndef UINT32_MAX +#define UINT32_MAX (4294967295U) +#endif -#include +#endif /* ! FLEXINT_H */ -/* Use prototypes in function declarations. */ -#define YY_USE_PROTOS +#ifdef __cplusplus /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST @@ -34,34 +95,17 @@ #if __STDC__ -#define YY_USE_PROTOS #define YY_USE_CONST #endif /* __STDC__ */ #endif /* ! __cplusplus */ -#ifdef __TURBOC__ - #pragma warn -rch - #pragma warn -use -#include -#include -#define YY_USE_CONST -#define YY_USE_PROTOS -#endif - #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif - -#ifdef YY_USE_PROTOS -#define YY_PROTO(proto) proto -#else -#define YY_PROTO(proto) () -#endif - /* Returned upon end-of-file. */ #define YY_NULL 0 @@ -76,71 +120,75 @@ * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ -#define BEGIN yy_start = 1 + 2 * +#define BEGIN (yy_start) = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ -#define YY_START ((yy_start - 1) / 2) +#define YY_START (((yy_start) - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart( yyin ) +#define YY_NEW_FILE yyrestart(yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ +#ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 +#endif + +/* The state buf must be large enough to hold one state per character in the main buffer. + */ +#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) +#ifndef YY_TYPEDEF_YY_BUFFER_STATE +#define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; +#endif extern int yyleng; + extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 -/* The funky do-while in the following #define is used to turn the definition - * int a single C statement (which needs a semi-colon terminator). This - * avoids problems with code like: - * - * if ( condition_holds ) - * yyless( 5 ); - * else - * do_something_else(); - * - * Prior to using the do-while the compiler would get upset at the - * "else" because it interpreted the "if" statement as being all - * done when it reached the ';' after the yyless() call. - */ - -/* Return all but the first 'n' matched characters back to the input stream. */ - + #define YY_LESS_LINENO(n) + +/* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ - *yy_cp = yy_hold_char; \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + *yy_cp = (yy_hold_char); \ YY_RESTORE_YY_MORE_OFFSET \ - yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ + (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) -#define unput(c) yyunput( c, yytext_ptr ) +#define unput(c) yyunput( c, (yytext_ptr) ) /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). */ -typedef unsigned int yy_size_t; +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef unsigned int yy_size_t; +#endif +#ifndef YY_STRUCT_YY_BUFFER_STATE +#define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state { FILE *yy_input_file; @@ -177,12 +225,16 @@ struct yy_buffer_state */ int yy_at_bol; + int yy_bs_lineno; /**< The line count. */ + int yy_bs_column; /**< The column count. */ + /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; + #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process @@ -196,28 +248,38 @@ struct yy_buffer_state * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 + }; +#endif /* !YY_STRUCT_YY_BUFFER_STATE */ -static YY_BUFFER_STATE yy_current_buffer = 0; +/* Stack of input buffers. */ +static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ +static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ +static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". + * + * Returns the top of the stack, or NULL. */ -#define YY_CURRENT_BUFFER yy_current_buffer +#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ + ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ + : NULL) +/* Same as previous macro, but useful when we know that the buffer stack is not + * NULL or when we need an lvalue. For internal use only. + */ +#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; - static int yy_n_chars; /* number of characters read into yy_ch_buf */ - - int yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; -static int yy_init = 1; /* whether we need to initialize */ +static int yy_init = 0; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ /* Flag which is used to allow yywrap()'s to do buffer switches @@ -225,66 +287,92 @@ static int yy_start = 0; /* start state number */ */ static int yy_did_buffer_switch_on_eof; -void yyrestart YY_PROTO(( FILE *input_file )); +void yyrestart (FILE *input_file ); +void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); +YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); +void yy_delete_buffer (YY_BUFFER_STATE b ); +void yy_flush_buffer (YY_BUFFER_STATE b ); +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); +void yypop_buffer_state (void ); + +static void yyensure_buffer_stack (void ); +static void yy_load_buffer_state (void ); +static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); -void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); -void yy_load_buffer_state YY_PROTO(( void )); -YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); -void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); -void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); -void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); -#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) +#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) -YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); -YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); -YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); +YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); +YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); +YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); -static void *yy_flex_alloc YY_PROTO(( yy_size_t )); -static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); -static void yy_flex_free YY_PROTO(( void * )); +void *yyalloc (yy_size_t ); +void *yyrealloc (void *,yy_size_t ); +void yyfree (void * ); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_is_interactive = is_interactive; \ + if ( ! YY_CURRENT_BUFFER ){ \ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_at_bol = at_bol; \ + if ( ! YY_CURRENT_BUFFER ){\ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ } -#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) +#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) + +/* Begin user sect3 */ typedef unsigned char YY_CHAR; + FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; + typedef int yy_state_type; + +extern int yylineno; + +int yylineno = 1; + extern char *yytext; #define yytext_ptr yytext -static yy_state_type yy_get_previous_state YY_PROTO(( void )); -static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); -static int yy_get_next_buffer YY_PROTO(( void )); -static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); +static yy_state_type yy_get_previous_state (void ); +static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); +static int yy_get_next_buffer (void ); +static void yy_fatal_error (yyconst char msg[] ); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ - yytext_ptr = yy_bp; \ - yyleng = (int) (yy_cp - yy_bp); \ - yy_hold_char = *yy_cp; \ + (yytext_ptr) = yy_bp; \ + yyleng = (size_t) (yy_cp - yy_bp); \ + (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ - yy_c_buf_p = yy_cp; + (yy_c_buf_p) = yy_cp; #define YY_NUM_RULES 16 #define YY_END_OF_BUFFER 17 -static yyconst short int yy_accept[46] = +/* This struct is not used in this scanner, + but its presence is necessary. */ +struct yy_trans_info + { + flex_int32_t yy_verify; + flex_int32_t yy_nxt; + }; +static yyconst flex_int16_t yy_accept[46] = { 0, 0, 0, 17, 15, 11, 12, 13, 10, 9, 14, 14, 14, 14, 10, 9, 14, 3, 14, 14, 1, @@ -293,7 +381,7 @@ static yyconst short int yy_accept[46] = 14, 4, 14, 2, 0 } ; -static yyconst int yy_ec[256] = +static yyconst flex_int32_t yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -325,14 +413,14 @@ static yyconst int yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst int yy_meta[23] = +static yyconst flex_int32_t yy_meta[23] = { 0, 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3 } ; -static yyconst short int yy_base[48] = +static yyconst flex_int16_t yy_base[48] = { 0, 0, 0, 56, 57, 57, 57, 57, 0, 49, 0, 12, 13, 34, 0, 47, 0, 0, 40, 31, 0, @@ -341,7 +429,7 @@ static yyconst short int yy_base[48] = 12, 0, 14, 0, 57, 34, 23 } ; -static yyconst short int yy_def[48] = +static yyconst flex_int16_t yy_def[48] = { 0, 45, 1, 45, 45, 45, 45, 45, 46, 47, 47, 47, 47, 47, 46, 47, 47, 47, 47, 47, 47, @@ -350,7 +438,7 @@ static yyconst short int yy_def[48] = 47, 47, 47, 47, 0, 45, 45 } ; -static yyconst short int yy_nxt[80] = +static yyconst flex_int16_t yy_nxt[80] = { 0, 4, 5, 6, 7, 8, 9, 10, 10, 10, 10, 10, 10, 11, 10, 12, 10, 10, 10, 13, 10, @@ -362,7 +450,7 @@ static yyconst short int yy_nxt[80] = 45, 45, 45, 45, 45, 45, 45, 45, 45 } ; -static yyconst short int yy_chk[80] = +static yyconst flex_int16_t yy_chk[80] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -377,6 +465,9 @@ static yyconst short int yy_chk[80] = static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; +extern int yy_flex_debug; +int yy_flex_debug = 0; + /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ @@ -386,7 +477,6 @@ static char *yy_last_accepting_cpos; #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "lex.l" -#define INITIAL 0 #line 2 "lex.l" /* * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan @@ -442,7 +532,23 @@ static int getstring(void); #undef ECHO -#line 446 "lex.yy.c" +#line 536 "lex.yy.c" + +#define INITIAL 0 + +#ifndef YY_NO_UNISTD_H +/* Special case for "unistd.h", since it is non-ANSI. We include it way + * down here because we want the user's section 1 to have been scanned first. + * The user has a chance to override it with an option. + */ +#include +#endif + +#ifndef YY_EXTRA_TYPE +#define YY_EXTRA_TYPE void * +#endif + +static int yy_init_globals (void ); /* Macros after this point can all be overridden by user definitions in * section 1. @@ -450,65 +556,30 @@ static int getstring(void); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int yywrap YY_PROTO(( void )); +extern "C" int yywrap (void ); #else -extern int yywrap YY_PROTO(( void )); -#endif +extern int yywrap (void ); #endif - -#ifndef YY_NO_UNPUT -static void yyunput YY_PROTO(( int c, char *buf_ptr )); #endif + static void yyunput (int c,char *buf_ptr ); + #ifndef yytext_ptr -static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); +static void yy_flex_strncpy (char *,yyconst char *,int ); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen YY_PROTO(( yyconst char * )); +static int yy_flex_strlen (yyconst char * ); #endif #ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput YY_PROTO(( void )); -#else -static int input YY_PROTO(( void )); -#endif -#endif - -#if YY_STACK_USED -static int yy_start_stack_ptr = 0; -static int yy_start_stack_depth = 0; -static int *yy_start_stack = 0; -#ifndef YY_NO_PUSH_STATE -static void yy_push_state YY_PROTO(( int new_state )); -#endif -#ifndef YY_NO_POP_STATE -static void yy_pop_state YY_PROTO(( void )); -#endif -#ifndef YY_NO_TOP_STATE -static int yy_top_state YY_PROTO(( void )); -#endif +#ifdef __cplusplus +static int yyinput (void ); #else -#define YY_NO_PUSH_STATE 1 -#define YY_NO_POP_STATE 1 -#define YY_NO_TOP_STATE 1 +static int input (void ); #endif -#ifdef YY_MALLOC_DECL -YY_MALLOC_DECL -#else -#if __STDC__ -#ifndef __cplusplus -#include -#endif -#else -/* Just try to get by without declaring the routines. This will fail - * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) - * or sizeof(void*) != sizeof(int). - */ -#endif #endif /* Amount of stuff to slurp up with each read. */ @@ -517,7 +588,6 @@ YY_MALLOC_DECL #endif /* Copy whatever the last rule matched to the standard output. */ - #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). @@ -530,9 +600,10 @@ YY_MALLOC_DECL */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) \ + if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ - int c = '*', n; \ + int c = '*'; \ + size_t n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -542,9 +613,22 @@ YY_MALLOC_DECL YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ - else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ - && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); + else \ + { \ + errno=0; \ + while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ + { \ + if( errno != EINTR) \ + { \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + break; \ + } \ + errno=0; \ + clearerr(yyin); \ + } \ + }\ +\ + #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - @@ -565,12 +649,18 @@ YY_MALLOC_DECL #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif +/* end tables serialization structures and prototypes */ + /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL -#define YY_DECL int yylex YY_PROTO(( void )) -#endif +#define YY_DECL_IS_OURS 1 + +extern int yylex (void); + +#define YY_DECL int yylex (void) +#endif /* !YY_DECL */ /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. @@ -587,26 +677,28 @@ YY_MALLOC_DECL #define YY_RULE_SETUP \ YY_USER_ACTION +/** The main scanner function which does all the work. + */ YY_DECL - { +{ register yy_state_type yy_current_state; - register char *yy_cp = NULL, *yy_bp = NULL; + register char *yy_cp, *yy_bp; register int yy_act; - + #line 59 "lex.l" -#line 599 "lex.yy.c" +#line 691 "lex.yy.c" - if ( yy_init ) + if ( !(yy_init) ) { - yy_init = 0; + (yy_init) = 1; #ifdef YY_USER_INIT YY_USER_INIT; #endif - if ( ! yy_start ) - yy_start = 1; /* first start state */ + if ( ! (yy_start) ) + (yy_start) = 1; /* first start state */ if ( ! yyin ) yyin = stdin; @@ -614,34 +706,36 @@ YY_DECL if ( ! yyout ) yyout = stdout; - if ( ! yy_current_buffer ) - yy_current_buffer = - yy_create_buffer( yyin, YY_BUF_SIZE ); + if ( ! YY_CURRENT_BUFFER ) { + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } - yy_load_buffer_state(); + yy_load_buffer_state( ); } while ( 1 ) /* loops until end-of-file is reached */ { - yy_cp = yy_c_buf_p; + yy_cp = (yy_c_buf_p); /* Support of yytext. */ - *yy_cp = yy_hold_char; + *yy_cp = (yy_hold_char); /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; - yy_current_state = yy_start; + yy_current_state = (yy_start); yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -658,24 +752,22 @@ yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; - do_action: /* This label is used only to access EOF actions. */ - switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = yy_hold_char; - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; + *yy_cp = (yy_hold_char); + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); goto yy_find_action; case 1: @@ -734,6 +826,7 @@ YY_RULE_SETUP ; YY_BREAK case 12: +/* rule 12 can match eol */ YY_RULE_SETUP #line 71 "lex.l" { lineno++; } @@ -758,33 +851,33 @@ YY_RULE_SETUP #line 75 "lex.l" ECHO; YY_BREAK -#line 762 "lex.yy.c" +#line 855 "lex.yy.c" case YY_STATE_EOF(INITIAL): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; + int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = yy_hold_char; + *yy_cp = (yy_hold_char); YY_RESTORE_YY_MORE_OFFSET - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure - * consistency between yy_current_buffer and our + * consistency between YY_CURRENT_BUFFER and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ - yy_n_chars = yy_current_buffer->yy_n_chars; - yy_current_buffer->yy_input_file = yyin; - yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position @@ -794,13 +887,13 @@ case YY_STATE_EOF(INITIAL): * end-of-buffer state). Contrast this with the test * in input(). */ - if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) { /* This was really a NUL. */ yy_state_type yy_next_state; - yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; + (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); /* Okay, we're now positioned to make the NUL * transition. We couldn't have @@ -813,30 +906,30 @@ case YY_STATE_EOF(INITIAL): yy_next_state = yy_try_NUL_trans( yy_current_state ); - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_bp = (yytext_ptr) + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ - yy_cp = ++yy_c_buf_p; + yy_cp = ++(yy_c_buf_p); yy_current_state = yy_next_state; goto yy_match; } else { - yy_cp = yy_c_buf_p; + yy_cp = (yy_c_buf_p); goto yy_find_action; } } - else switch ( yy_get_next_buffer() ) + else switch ( yy_get_next_buffer( ) ) { case EOB_ACT_END_OF_FILE: { - yy_did_buffer_switch_on_eof = 0; + (yy_did_buffer_switch_on_eof) = 0; - if ( yywrap() ) + if ( yywrap( ) ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -847,7 +940,7 @@ case YY_STATE_EOF(INITIAL): * YY_NULL, it'll still work - another * YY_NULL will get returned. */ - yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; + (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; @@ -855,30 +948,30 @@ case YY_STATE_EOF(INITIAL): else { - if ( ! yy_did_buffer_switch_on_eof ) + if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = - yytext_ptr + yy_amount_of_matched_text; + (yy_c_buf_p) = + (yytext_ptr) + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: - yy_c_buf_p = - &yy_current_buffer->yy_ch_buf[yy_n_chars]; + (yy_c_buf_p) = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_find_action; } break; @@ -889,8 +982,7 @@ case YY_STATE_EOF(INITIAL): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ - } /* end of yylex */ - +} /* end of yylex */ /* yy_get_next_buffer - try to read in a new buffer * @@ -899,21 +991,20 @@ case YY_STATE_EOF(INITIAL): * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ - -static int yy_get_next_buffer() - { - register char *dest = yy_current_buffer->yy_ch_buf; - register char *source = yytext_ptr; +static int yy_get_next_buffer (void) +{ + register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + register char *source = (yytext_ptr); register int number_to_move, i; int ret_val; - if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) + if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); - if ( yy_current_buffer->yy_fill_buffer == 0 ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ - if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) + if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. @@ -933,34 +1024,30 @@ static int yy_get_next_buffer() /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; + number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ - yy_current_buffer->yy_n_chars = yy_n_chars = 0; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; else { - int num_to_read = - yy_current_buffer->yy_buf_size - number_to_move - 1; + int num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ -#ifdef YY_USES_REJECT - YY_FATAL_ERROR( -"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); -#else /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = yy_current_buffer; + YY_BUFFER_STATE b = YY_CURRENT_BUFFER; int yy_c_buf_p_offset = - (int) (yy_c_buf_p - b->yy_ch_buf); + (int) ((yy_c_buf_p) - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { @@ -973,8 +1060,7 @@ static int yy_get_next_buffer() b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - yy_flex_realloc( (void *) b->yy_ch_buf, - b->yy_buf_size + 2 ); + yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ @@ -984,35 +1070,35 @@ static int yy_get_next_buffer() YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); - yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; + (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; - num_to_read = yy_current_buffer->yy_buf_size - + num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; -#endif + } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ - YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), - yy_n_chars, num_to_read ); + YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), + (yy_n_chars), (size_t) num_to_read ); - yy_current_buffer->yy_n_chars = yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } - if ( yy_n_chars == 0 ) + if ( (yy_n_chars) == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - yyrestart( yyin ); + yyrestart(yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; - yy_current_buffer->yy_buffer_status = + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } @@ -1020,32 +1106,31 @@ static int yy_get_next_buffer() else ret_val = EOB_ACT_CONTINUE_SCAN; - yy_n_chars += number_to_move; - yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; - yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; + (yy_n_chars) += number_to_move; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; - yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; + (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; return ret_val; - } - +} /* yy_get_previous_state - get the state just before the EOB char was reached */ -static yy_state_type yy_get_previous_state() - { + static yy_state_type yy_get_previous_state (void) +{ register yy_state_type yy_current_state; register char *yy_cp; + + yy_current_state = (yy_start); - yy_current_state = yy_start; - - for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) + for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1057,30 +1142,23 @@ static yy_state_type yy_get_previous_state() } return yy_current_state; - } - +} /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ - -#ifdef YY_USE_PROTOS -static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) -#else -static yy_state_type yy_try_NUL_trans( yy_current_state ) -yy_state_type yy_current_state; -#endif - { + static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) +{ register int yy_is_jam; - register char *yy_cp = yy_c_buf_p; + register char *yy_cp = (yy_c_buf_p); register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1092,81 +1170,73 @@ yy_state_type yy_current_state; yy_is_jam = (yy_current_state == 45); return yy_is_jam ? 0 : yy_current_state; - } - +} -#ifndef YY_NO_UNPUT -#ifdef YY_USE_PROTOS -static void yyunput( int c, register char *yy_bp ) -#else -static void yyunput( c, yy_bp ) -int c; -register char *yy_bp; -#endif - { - register char *yy_cp = yy_c_buf_p; + static void yyunput (int c, register char * yy_bp ) +{ + register char *yy_cp; + + yy_cp = (yy_c_buf_p); /* undo effects of setting up yytext */ - *yy_cp = yy_hold_char; + *yy_cp = (yy_hold_char); - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = yy_n_chars + 2; - register char *dest = &yy_current_buffer->yy_ch_buf[ - yy_current_buffer->yy_buf_size + 2]; + register int number_to_move = (yy_n_chars) + 2; + register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; register char *source = - &yy_current_buffer->yy_ch_buf[number_to_move]; + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; - while ( source > yy_current_buffer->yy_ch_buf ) + while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); - yy_current_buffer->yy_n_chars = - yy_n_chars = yy_current_buffer->yy_buf_size; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; - - yytext_ptr = yy_bp; - yy_hold_char = *yy_cp; - yy_c_buf_p = yy_cp; - } -#endif /* ifndef YY_NO_UNPUT */ - + (yytext_ptr) = yy_bp; + (yy_hold_char) = *yy_cp; + (yy_c_buf_p) = yy_cp; +} #ifndef YY_NO_INPUT #ifdef __cplusplus -static int yyinput() + static int yyinput (void) #else -static int input() + static int input (void) #endif - { - int c; - *yy_c_buf_p = yy_hold_char; +{ + int c; + + *(yy_c_buf_p) = (yy_hold_char); - if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) + if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ - if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) /* This was really a NUL. */ - *yy_c_buf_p = '\0'; + *(yy_c_buf_p) = '\0'; else { /* need more input */ - int offset = yy_c_buf_p - yytext_ptr; - ++yy_c_buf_p; + int offset = (yy_c_buf_p) - (yytext_ptr); + ++(yy_c_buf_p); - switch ( yy_get_next_buffer() ) + switch ( yy_get_next_buffer( ) ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() @@ -1180,16 +1250,16 @@ static int input() */ /* Reset buffer status. */ - yyrestart( yyin ); + yyrestart(yyin ); - /* fall through */ + /*FALLTHROUGH*/ case EOB_ACT_END_OF_FILE: { - if ( yywrap() ) + if ( yywrap( ) ) return EOF; - if ( ! yy_did_buffer_switch_on_eof ) + if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); @@ -1199,90 +1269,92 @@ static int input() } case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = yytext_ptr + offset; + (yy_c_buf_p) = (yytext_ptr) + offset; break; } } } - c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ - *yy_c_buf_p = '\0'; /* preserve yytext */ - yy_hold_char = *++yy_c_buf_p; - + c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ + *(yy_c_buf_p) = '\0'; /* preserve yytext */ + (yy_hold_char) = *++(yy_c_buf_p); return c; - } -#endif /* YY_NO_INPUT */ - -#ifdef YY_USE_PROTOS -void yyrestart( FILE *input_file ) -#else -void yyrestart( input_file ) -FILE *input_file; -#endif - { - if ( ! yy_current_buffer ) - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); +} +#endif /* ifndef YY_NO_INPUT */ - yy_init_buffer( yy_current_buffer, input_file ); - yy_load_buffer_state(); +/** Immediately switch to a different input stream. + * @param input_file A readable stream. + * + * @note This function does not reset the start condition to @c INITIAL . + */ + void yyrestart (FILE * input_file ) +{ + + if ( ! YY_CURRENT_BUFFER ){ + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); } + yy_init_buffer(YY_CURRENT_BUFFER,input_file ); + yy_load_buffer_state( ); +} -#ifdef YY_USE_PROTOS -void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) -#else -void yy_switch_to_buffer( new_buffer ) -YY_BUFFER_STATE new_buffer; -#endif - { - if ( yy_current_buffer == new_buffer ) +/** Switch to a different input buffer. + * @param new_buffer The new input buffer. + * + */ + void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) +{ + + /* TODO. We should be able to replace this entire function body + * with + * yypop_buffer_state(); + * yypush_buffer_state(new_buffer); + */ + yyensure_buffer_stack (); + if ( YY_CURRENT_BUFFER == new_buffer ) return; - if ( yy_current_buffer ) + if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ - *yy_c_buf_p = yy_hold_char; - yy_current_buffer->yy_buf_pos = yy_c_buf_p; - yy_current_buffer->yy_n_chars = yy_n_chars; + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } - yy_current_buffer = new_buffer; - yy_load_buffer_state(); + YY_CURRENT_BUFFER_LVALUE = new_buffer; + yy_load_buffer_state( ); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ - yy_did_buffer_switch_on_eof = 1; - } - - -#ifdef YY_USE_PROTOS -void yy_load_buffer_state( void ) -#else -void yy_load_buffer_state() -#endif - { - yy_n_chars = yy_current_buffer->yy_n_chars; - yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; - yyin = yy_current_buffer->yy_input_file; - yy_hold_char = *yy_c_buf_p; - } + (yy_did_buffer_switch_on_eof) = 1; +} +static void yy_load_buffer_state (void) +{ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; + yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; + (yy_hold_char) = *(yy_c_buf_p); +} -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) -#else -YY_BUFFER_STATE yy_create_buffer( file, size ) -FILE *file; -int size; -#endif - { +/** Allocate and initialize an input buffer state. + * @param file A readable stream. + * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. + * + * @return the allocated buffer state. + */ + YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) +{ YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); @@ -1291,75 +1363,75 @@ int size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); + b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - yy_init_buffer( b, file ); + yy_init_buffer(b,file ); return b; - } - +} -#ifdef YY_USE_PROTOS -void yy_delete_buffer( YY_BUFFER_STATE b ) -#else -void yy_delete_buffer( b ) -YY_BUFFER_STATE b; -#endif - { +/** Destroy the buffer. + * @param b a buffer created with yy_create_buffer() + * + */ + void yy_delete_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) return; - if ( b == yy_current_buffer ) - yy_current_buffer = (YY_BUFFER_STATE) 0; + if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ + YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - yy_flex_free( (void *) b->yy_ch_buf ); - - yy_flex_free( (void *) b ); - } - - + yyfree((void *) b->yy_ch_buf ); -#ifdef YY_USE_PROTOS -void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) -#else -void yy_init_buffer( b, file ) -YY_BUFFER_STATE b; -FILE *file; -#endif + yyfree((void *) b ); +} +#ifndef __cplusplus +extern int isatty (int ); +#endif /* __cplusplus */ + +/* Initializes or reinitializes a buffer. + * This function is sometimes called more than once on the same buffer, + * such as during a yyrestart() or at EOF. + */ + static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) - { - yy_flush_buffer( b ); +{ + int oerrno = errno; + + yy_flush_buffer(b ); b->yy_input_file = file; b->yy_fill_buffer = 1; -#if YY_ALWAYS_INTERACTIVE - b->yy_is_interactive = 1; -#else -#if YY_NEVER_INTERACTIVE - b->yy_is_interactive = 0; -#else - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; -#endif -#endif - } - + /* If b is the current buffer, then yy_init_buffer was _probably_ + * called from yyrestart() or through yy_get_next_buffer. + * In that case, we don't want to reset the lineno or column. + */ + if (b != YY_CURRENT_BUFFER){ + b->yy_bs_lineno = 1; + b->yy_bs_column = 0; + } -#ifdef YY_USE_PROTOS -void yy_flush_buffer( YY_BUFFER_STATE b ) -#else -void yy_flush_buffer( b ) -YY_BUFFER_STATE b; -#endif + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; + + errno = oerrno; +} - { - if ( ! b ) +/** Discard all buffered characters. On the next scan, YY_INPUT will be called. + * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. + * + */ + void yy_flush_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) return; b->yy_n_chars = 0; @@ -1376,29 +1448,121 @@ YY_BUFFER_STATE b; b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; - if ( b == yy_current_buffer ) - yy_load_buffer_state(); + if ( b == YY_CURRENT_BUFFER ) + yy_load_buffer_state( ); +} + +/** Pushes the new state onto the stack. The new state becomes + * the current state. This function will allocate the stack + * if necessary. + * @param new_buffer The new state. + * + */ +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) +{ + if (new_buffer == NULL) + return; + + yyensure_buffer_stack(); + + /* This block is copied from yy_switch_to_buffer. */ + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + /* Only push if top exists. Otherwise, replace top. */ + if (YY_CURRENT_BUFFER) + (yy_buffer_stack_top)++; + YY_CURRENT_BUFFER_LVALUE = new_buffer; + + /* copied from yy_switch_to_buffer. */ + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; +} + +/** Removes and deletes the top of the stack, if present. + * The next element becomes the new top. + * + */ +void yypop_buffer_state (void) +{ + if (!YY_CURRENT_BUFFER) + return; + + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + if ((yy_buffer_stack_top) > 0) + --(yy_buffer_stack_top); + + if (YY_CURRENT_BUFFER) { + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; + } +} + +/* Allocates the stack if it does not exist. + * Guarantees space for at least one push. + */ +static void yyensure_buffer_stack (void) +{ + int num_to_alloc; + + if (!(yy_buffer_stack)) { + + /* First allocation is just for 2 elements, since we don't know if this + * scanner will even need a stack. We use 2 instead of 1 to avoid an + * immediate realloc on the next call. + */ + num_to_alloc = 1; + (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc + (num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); + + (yy_buffer_stack_max) = num_to_alloc; + (yy_buffer_stack_top) = 0; + return; } + if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ -#ifndef YY_NO_SCAN_BUFFER -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) -#else -YY_BUFFER_STATE yy_scan_buffer( base, size ) -char *base; -yy_size_t size; -#endif - { - YY_BUFFER_STATE b; + /* Increase the buffer to prepare for a possible push. */ + int grow_size = 8 /* arbitrary grow size */; + num_to_alloc = (yy_buffer_stack_max) + grow_size; + (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc + ((yy_buffer_stack), + num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + /* zero only the new slots.*/ + memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); + (yy_buffer_stack_max) = num_to_alloc; + } +} + +/** Setup the input buffer state to scan directly from a user-specified character buffer. + * @param base the character buffer + * @param size the size in bytes of the character buffer + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) +{ + YY_BUFFER_STATE b; + if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); @@ -1412,56 +1576,51 @@ yy_size_t size; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - yy_switch_to_buffer( b ); + yy_switch_to_buffer(b ); return b; - } -#endif - - -#ifndef YY_NO_SCAN_STRING -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) -#else -YY_BUFFER_STATE yy_scan_string( yy_str ) -yyconst char *yy_str; -#endif - { - int len; - for ( len = 0; yy_str[len]; ++len ) - ; - - return yy_scan_bytes( yy_str, len ); - } -#endif +} +/** Setup the input buffer state to scan a string. The next call to yylex() will + * scan from a @e copy of @a str. + * @param yystr a NUL-terminated string to scan + * + * @return the newly allocated buffer state object. + * @note If you want to scan bytes that may contain NUL values, then use + * yy_scan_bytes() instead. + */ +YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) +{ + + return yy_scan_bytes(yystr,strlen(yystr) ); +} -#ifndef YY_NO_SCAN_BYTES -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) -#else -YY_BUFFER_STATE yy_scan_bytes( bytes, len ) -yyconst char *bytes; -int len; -#endif - { +/** Setup the input buffer state to scan the given bytes. The next call to yylex() will + * scan from a @e copy of @a bytes. + * @param bytes the byte buffer to scan + * @param len the number of bytes in the buffer pointed to by @a bytes. + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) +{ YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; - + /* Get memory for full buffer, including space for trailing EOB's. */ - n = len + 2; - buf = (char *) yy_flex_alloc( n ); + n = _yybytes_len + 2; + buf = (char *) yyalloc(n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - for ( i = 0; i < len; ++i ) - buf[i] = bytes[i]; + for ( i = 0; i < _yybytes_len; ++i ) + buf[i] = yybytes[i]; - buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; + buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; - b = yy_scan_buffer( buf, n ); + b = yy_scan_buffer(buf,n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); @@ -1471,148 +1630,196 @@ int len; b->yy_is_our_buffer = 1; return b; - } +} + +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 #endif +static void yy_fatal_error (yyconst char* msg ) +{ + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); +} + +/* Redefine yyless() so it works in section 3 code. */ -#ifndef YY_NO_PUSH_STATE -#ifdef YY_USE_PROTOS -static void yy_push_state( int new_state ) -#else -static void yy_push_state( new_state ) -int new_state; -#endif - { - if ( yy_start_stack_ptr >= yy_start_stack_depth ) - { - yy_size_t new_size; +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + yytext[yyleng] = (yy_hold_char); \ + (yy_c_buf_p) = yytext + yyless_macro_arg; \ + (yy_hold_char) = *(yy_c_buf_p); \ + *(yy_c_buf_p) = '\0'; \ + yyleng = yyless_macro_arg; \ + } \ + while ( 0 ) - yy_start_stack_depth += YY_START_STACK_INCR; - new_size = yy_start_stack_depth * sizeof( int ); +/* Accessor methods (get/set functions) to struct members. */ - if ( ! yy_start_stack ) - yy_start_stack = (int *) yy_flex_alloc( new_size ); +/** Get the current line number. + * + */ +int yyget_lineno (void) +{ + + return yylineno; +} - else - yy_start_stack = (int *) yy_flex_realloc( - (void *) yy_start_stack, new_size ); +/** Get the input stream. + * + */ +FILE *yyget_in (void) +{ + return yyin; +} - if ( ! yy_start_stack ) - YY_FATAL_ERROR( - "out of memory expanding start-condition stack" ); - } +/** Get the output stream. + * + */ +FILE *yyget_out (void) +{ + return yyout; +} - yy_start_stack[yy_start_stack_ptr++] = YY_START; +/** Get the length of the current token. + * + */ +int yyget_leng (void) +{ + return yyleng; +} - BEGIN(new_state); - } -#endif +/** Get the current token. + * + */ +char *yyget_text (void) +{ + return yytext; +} -#ifndef YY_NO_POP_STATE -static void yy_pop_state() - { - if ( --yy_start_stack_ptr < 0 ) - YY_FATAL_ERROR( "start-condition stack underflow" ); +/** Set the current line number. + * @param line_number + * + */ +void yyset_lineno (int line_number ) +{ + + yylineno = line_number; +} - BEGIN(yy_start_stack[yy_start_stack_ptr]); - } -#endif +/** Set the input stream. This does not discard the current + * input buffer. + * @param in_str A readable stream. + * + * @see yy_switch_to_buffer + */ +void yyset_in (FILE * in_str ) +{ + yyin = in_str ; +} +void yyset_out (FILE * out_str ) +{ + yyout = out_str ; +} -#ifndef YY_NO_TOP_STATE -static int yy_top_state() - { - return yy_start_stack[yy_start_stack_ptr - 1]; - } -#endif +int yyget_debug (void) +{ + return yy_flex_debug; +} -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif +void yyset_debug (int bdebug ) +{ + yy_flex_debug = bdebug ; +} -#ifdef YY_USE_PROTOS -static void yy_fatal_error( yyconst char msg[] ) +static int yy_init_globals (void) +{ + /* Initialization is the same as for the non-reentrant scanner. + * This function is called from yylex_destroy(), so don't allocate here. + */ + + (yy_buffer_stack) = 0; + (yy_buffer_stack_top) = 0; + (yy_buffer_stack_max) = 0; + (yy_c_buf_p) = (char *) 0; + (yy_init) = 0; + (yy_start) = 0; + +/* Defined in main.c */ +#ifdef YY_STDINIT + yyin = stdin; + yyout = stdout; #else -static void yy_fatal_error( msg ) -char msg[]; + yyin = (FILE *) 0; + yyout = (FILE *) 0; #endif - { - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); - } + /* For future reference: Set errno on error, since we are called by + * yylex_init() + */ + return 0; +} +/* yylex_destroy is for both reentrant and non-reentrant scanners. */ +int yylex_destroy (void) +{ + + /* Pop the buffer stack, destroying each element. */ + while(YY_CURRENT_BUFFER){ + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + yypop_buffer_state(); + } -/* Redefine yyless() so it works in section 3 code. */ + /* Destroy the stack itself. */ + yyfree((yy_buffer_stack) ); + (yy_buffer_stack) = NULL; -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - yytext[yyleng] = yy_hold_char; \ - yy_c_buf_p = yytext + n; \ - yy_hold_char = *yy_c_buf_p; \ - *yy_c_buf_p = '\0'; \ - yyleng = n; \ - } \ - while ( 0 ) + /* Reset the globals. This is important in a non-reentrant scanner so the next time + * yylex() is called, initialization will occur. */ + yy_init_globals( ); + return 0; +} -/* Internal utility routines. */ +/* + * Internal utility routines. + */ #ifndef yytext_ptr -#ifdef YY_USE_PROTOS -static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) -#else -static void yy_flex_strncpy( s1, s2, n ) -char *s1; -yyconst char *s2; -int n; -#endif - { +static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) +{ register int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; - } +} #endif #ifdef YY_NEED_STRLEN -#ifdef YY_USE_PROTOS -static int yy_flex_strlen( yyconst char *s ) -#else -static int yy_flex_strlen( s ) -yyconst char *s; -#endif - { +static int yy_flex_strlen (yyconst char * s ) +{ register int n; for ( n = 0; s[n]; ++n ) ; return n; - } +} #endif - -#ifdef YY_USE_PROTOS -static void *yy_flex_alloc( yy_size_t size ) -#else -static void *yy_flex_alloc( size ) -yy_size_t size; -#endif - { +void *yyalloc (yy_size_t size ) +{ return (void *) malloc( size ); - } +} -#ifdef YY_USE_PROTOS -static void *yy_flex_realloc( void *ptr, yy_size_t size ) -#else -static void *yy_flex_realloc( ptr, size ) -void *ptr; -yy_size_t size; -#endif - { +void *yyrealloc (void * ptr, yy_size_t size ) +{ /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -1621,28 +1828,19 @@ yy_size_t size; * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); - } +} -#ifdef YY_USE_PROTOS -static void yy_flex_free( void *ptr ) -#else -static void yy_flex_free( ptr ) -void *ptr; -#endif - { - free( ptr ); - } +void yyfree (void * ptr ) +{ + free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ +} + +#define YYTABLES_NAME "yytables" -#if YY_MAIN -int main() - { - yylex(); - return 0; - } -#endif #line 75 "lex.l" + #ifndef yywrap /* XXX */ int yywrap () @@ -1695,3 +1893,4 @@ error_message (const char *format, ...) va_end (args); numerror++; } + diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index 5d2ce8f3bb..555a0d53f6 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -262,7 +262,7 @@ find_dynamic_method (krb5_context context, if (prefix == NULL) krb5_errx(context, 1, "out of memory"); - if (asprintf(&path, LIBDIR "/hdb_%s.so", prefix) == -1) + if (asprintf(&path, HDBDIR "/hdb_%s.so", prefix) == -1) krb5_errx(context, 1, "out of memory"); #ifndef RTLD_NOW -- cgit From aca4eeac43ad96c3337b1ff5c9a41cfdf4cf4144 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Sep 2006 07:13:35 +0000 Subject: r18204: darn, compilers always look in the directory the source is in for headers with "" even with a -I override. That means our heimdal_build/ roken override doesn't work. Switching to <> style includes in roken fixes this. lha, would be be acceptable upstream? I notice that half your includes of roken.h are with <> now anyway, so should be harmless (and even more consistent!) (This used to be commit 92742b899941687c861a85683ad2c2c6a3083fb6) --- source4/heimdal/lib/roken/bswap.c | 2 +- source4/heimdal/lib/roken/copyhostent.c | 2 +- source4/heimdal/lib/roken/freeaddrinfo.c | 2 +- source4/heimdal/lib/roken/freehostent.c | 2 +- source4/heimdal/lib/roken/gai_strerror.c | 2 +- source4/heimdal/lib/roken/getaddrinfo.c | 2 +- source4/heimdal/lib/roken/getipnodebyaddr.c | 2 +- source4/heimdal/lib/roken/getipnodebyname.c | 2 +- source4/heimdal/lib/roken/getprogname.c | 2 +- source4/heimdal/lib/roken/hex.c | 2 +- source4/heimdal/lib/roken/hostent_find_fqdn.c | 2 +- source4/heimdal/lib/roken/inet_aton.c | 2 +- source4/heimdal/lib/roken/issuid.c | 2 +- source4/heimdal/lib/roken/resolve.c | 2 +- source4/heimdal/lib/roken/setprogname.c | 2 +- source4/heimdal/lib/roken/signal.c | 2 +- source4/heimdal/lib/roken/strsep.c | 2 +- source4/heimdal/lib/roken/strsep_copy.c | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/roken/bswap.c b/source4/heimdal/lib/roken/bswap.c index 48b587d2db..dd7ea832af 100644 --- a/source4/heimdal/lib/roken/bswap.c +++ b/source4/heimdal/lib/roken/bswap.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include #endif -#include "roken.h" +#include RCSID("$Id: bswap.c,v 1.4 2005/04/12 11:28:35 lha Exp $"); diff --git a/source4/heimdal/lib/roken/copyhostent.c b/source4/heimdal/lib/roken/copyhostent.c index d11fa16303..7d458dc1b9 100644 --- a/source4/heimdal/lib/roken/copyhostent.c +++ b/source4/heimdal/lib/roken/copyhostent.c @@ -36,7 +36,7 @@ RCSID("$Id: copyhostent.c,v 1.3 2005/04/12 11:28:36 lha Exp $"); #endif -#include "roken.h" +#include /* * return a malloced copy of `h' diff --git a/source4/heimdal/lib/roken/freeaddrinfo.c b/source4/heimdal/lib/roken/freeaddrinfo.c index 6311aa29d8..cd2898036b 100644 --- a/source4/heimdal/lib/roken/freeaddrinfo.c +++ b/source4/heimdal/lib/roken/freeaddrinfo.c @@ -36,7 +36,7 @@ RCSID("$Id: freeaddrinfo.c,v 1.5 2005/04/12 11:28:41 lha Exp $"); #endif -#include "roken.h" +#include /* * free the list of `struct addrinfo' starting at `ai' diff --git a/source4/heimdal/lib/roken/freehostent.c b/source4/heimdal/lib/roken/freehostent.c index d837ba2503..1ebb01361c 100644 --- a/source4/heimdal/lib/roken/freehostent.c +++ b/source4/heimdal/lib/roken/freehostent.c @@ -36,7 +36,7 @@ RCSID("$Id: freehostent.c,v 1.3 2005/04/12 11:28:41 lha Exp $"); #endif -#include "roken.h" +#include /* * free a malloced hostent diff --git a/source4/heimdal/lib/roken/gai_strerror.c b/source4/heimdal/lib/roken/gai_strerror.c index 52db0f8842..102aa75ea1 100644 --- a/source4/heimdal/lib/roken/gai_strerror.c +++ b/source4/heimdal/lib/roken/gai_strerror.c @@ -36,7 +36,7 @@ RCSID("$Id: gai_strerror.c,v 1.7 2005/08/05 09:31:35 lha Exp $"); #endif -#include "roken.h" +#include static struct gai_error { int code; diff --git a/source4/heimdal/lib/roken/getaddrinfo.c b/source4/heimdal/lib/roken/getaddrinfo.c index b39131de74..86af8b72cc 100644 --- a/source4/heimdal/lib/roken/getaddrinfo.c +++ b/source4/heimdal/lib/roken/getaddrinfo.c @@ -36,7 +36,7 @@ RCSID("$Id: getaddrinfo.c,v 1.14 2005/06/16 17:49:29 lha Exp $"); #endif -#include "roken.h" +#include /* * uses hints->ai_socktype and hints->ai_protocol diff --git a/source4/heimdal/lib/roken/getipnodebyaddr.c b/source4/heimdal/lib/roken/getipnodebyaddr.c index 841fc46a80..3f447d6d06 100644 --- a/source4/heimdal/lib/roken/getipnodebyaddr.c +++ b/source4/heimdal/lib/roken/getipnodebyaddr.c @@ -36,7 +36,7 @@ RCSID("$Id: getipnodebyaddr.c,v 1.3 2005/04/12 11:28:47 lha Exp $"); #endif -#include "roken.h" +#include /* * lookup `src, len' (address family `af') in DNS and return a pointer diff --git a/source4/heimdal/lib/roken/getipnodebyname.c b/source4/heimdal/lib/roken/getipnodebyname.c index 0707e4c16c..b928efcc53 100644 --- a/source4/heimdal/lib/roken/getipnodebyname.c +++ b/source4/heimdal/lib/roken/getipnodebyname.c @@ -36,7 +36,7 @@ RCSID("$Id: getipnodebyname.c,v 1.4 2005/04/12 11:28:47 lha Exp $"); #endif -#include "roken.h" +#include #ifndef HAVE_H_ERRNO static int h_errno = NO_RECOVERY; diff --git a/source4/heimdal/lib/roken/getprogname.c b/source4/heimdal/lib/roken/getprogname.c index f8f1e9d4a2..7eabe40093 100644 --- a/source4/heimdal/lib/roken/getprogname.c +++ b/source4/heimdal/lib/roken/getprogname.c @@ -36,7 +36,7 @@ RCSID("$Id: getprogname.c,v 1.3 2005/04/12 11:28:48 lha Exp $"); #endif -#include "roken.h" +#include #ifndef HAVE___PROGNAME const char *__progname; diff --git a/source4/heimdal/lib/roken/hex.c b/source4/heimdal/lib/roken/hex.c index ba0f4a4fda..e41b508fcb 100644 --- a/source4/heimdal/lib/roken/hex.c +++ b/source4/heimdal/lib/roken/hex.c @@ -35,7 +35,7 @@ #include RCSID("$Id: hex.c,v 1.8 2006/01/09 17:09:29 lha Exp $"); #endif -#include "roken.h" +#include #include #include "hex.h" diff --git a/source4/heimdal/lib/roken/hostent_find_fqdn.c b/source4/heimdal/lib/roken/hostent_find_fqdn.c index 24f3b843d8..1762b11226 100644 --- a/source4/heimdal/lib/roken/hostent_find_fqdn.c +++ b/source4/heimdal/lib/roken/hostent_find_fqdn.c @@ -36,7 +36,7 @@ RCSID("$Id: hostent_find_fqdn.c,v 1.3 2005/04/12 11:28:51 lha Exp $"); #endif -#include "roken.h" +#include /* * Try to find a fqdn (with `.') in he if possible, else return h_name diff --git a/source4/heimdal/lib/roken/inet_aton.c b/source4/heimdal/lib/roken/inet_aton.c index b26dcb87ff..0483a05256 100644 --- a/source4/heimdal/lib/roken/inet_aton.c +++ b/source4/heimdal/lib/roken/inet_aton.c @@ -36,7 +36,7 @@ RCSID("$Id: inet_aton.c,v 1.14 2005/04/12 11:28:52 lha Exp $"); #endif -#include "roken.h" +#include /* Minimal implementation of inet_aton. * Cannot distinguish between failure and a local broadcast address. */ diff --git a/source4/heimdal/lib/roken/issuid.c b/source4/heimdal/lib/roken/issuid.c index 7ccf615451..e6b5248164 100644 --- a/source4/heimdal/lib/roken/issuid.c +++ b/source4/heimdal/lib/roken/issuid.c @@ -36,7 +36,7 @@ RCSID("$Id: issuid.c,v 1.6 2005/05/13 07:42:03 lha Exp $"); #endif -#include "roken.h" +#include int ROKEN_LIB_FUNCTION issuid(void) diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c index 6a14547c62..a72fb24eab 100644 --- a/source4/heimdal/lib/roken/resolve.c +++ b/source4/heimdal/lib/roken/resolve.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include #endif -#include "roken.h" +#include #ifdef HAVE_ARPA_NAMESER_H #include #endif diff --git a/source4/heimdal/lib/roken/setprogname.c b/source4/heimdal/lib/roken/setprogname.c index 315fa52e50..c13e8d4ee1 100644 --- a/source4/heimdal/lib/roken/setprogname.c +++ b/source4/heimdal/lib/roken/setprogname.c @@ -36,7 +36,7 @@ RCSID("$Id: setprogname.c,v 1.4 2005/08/23 10:19:20 lha Exp $"); #endif -#include "roken.h" +#include #ifndef HAVE___PROGNAME extern const char *__progname; diff --git a/source4/heimdal/lib/roken/signal.c b/source4/heimdal/lib/roken/signal.c index d92742d9fb..7076847fb3 100644 --- a/source4/heimdal/lib/roken/signal.c +++ b/source4/heimdal/lib/roken/signal.c @@ -37,7 +37,7 @@ RCSID("$Id: signal.c,v 1.13 2005/04/12 11:29:05 lha Exp $"); #endif #include -#include "roken.h" +#include /* * We would like to always use this signal but there is a link error diff --git a/source4/heimdal/lib/roken/strsep.c b/source4/heimdal/lib/roken/strsep.c index e34c10fe26..f08c33b7a5 100644 --- a/source4/heimdal/lib/roken/strsep.c +++ b/source4/heimdal/lib/roken/strsep.c @@ -38,7 +38,7 @@ RCSID("$Id: strsep.c,v 1.4 2005/04/12 11:29:10 lha Exp $"); #include -#include "roken.h" +#include #ifndef HAVE_STRSEP diff --git a/source4/heimdal/lib/roken/strsep_copy.c b/source4/heimdal/lib/roken/strsep_copy.c index 5149838547..34759fe15c 100644 --- a/source4/heimdal/lib/roken/strsep_copy.c +++ b/source4/heimdal/lib/roken/strsep_copy.c @@ -38,7 +38,7 @@ RCSID("$Id: strsep_copy.c,v 1.5 2005/04/12 11:29:11 lha Exp $"); #include -#include "roken.h" +#include #ifndef HAVE_STRSEP_COPY -- cgit From 85e24e54d29ca8a08ad833831052e41a0bb257b6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Sep 2006 10:01:17 +0000 Subject: r18300: fixed a type bug in heimdal - lha, you happy with this upstream? It showed up on ia_64 systems (This used to be commit 1f38a7ea56944466d90622832e4570dc324adc4e) --- source4/heimdal/lib/gssapi/cfx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/cfx.c b/source4/heimdal/lib/gssapi/cfx.c index 69c9fd3349..8860e938fa 100755 --- a/source4/heimdal/lib/gssapi/cfx.c +++ b/source4/heimdal/lib/gssapi/cfx.c @@ -199,7 +199,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, size_t wrapped_len, cksumsize; uint16_t padlength, rrc = 0; int32_t seq_number; - OM_uint32 padsize; + uint16_t padsize; u_char *p; ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); -- cgit From 66c16b5143041a504afdc6a9041e4928e7cd9ba2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 9 Sep 2006 12:51:32 +0000 Subject: r18308: get this right .... (This used to be commit 3697cd6597875fe22f6885ce20612a32d0be2513) --- source4/heimdal/lib/gssapi/cfx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/cfx.c b/source4/heimdal/lib/gssapi/cfx.c index 8860e938fa..ef7907c0de 100755 --- a/source4/heimdal/lib/gssapi/cfx.c +++ b/source4/heimdal/lib/gssapi/cfx.c @@ -199,7 +199,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, size_t wrapped_len, cksumsize; uint16_t padlength, rrc = 0; int32_t seq_number; - uint16_t padsize; + size_t padsize; u_char *p; ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); -- cgit From d2e72c46c116bffc662024408f1391bda57b9849 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 10 Sep 2006 10:02:10 +0000 Subject: r18322: fixed a compilation problem on AIX caused by lex not putting config.h first. That leads to a conflicting define for lseek() due to _LARGE_FILES being defined after standards headers are included (This used to be commit 9034238e27f22a7077df9fa0d7c83cce4503aabc) --- source4/heimdal/lib/asn1/lex.c | 3 ++- source4/heimdal/lib/com_err/lex.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index 37309ba0aa..70e893197d 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -1,3 +1,4 @@ +#include "config.h" #line 3 "lex.yy.c" @@ -1905,7 +1906,7 @@ static int yy_get_next_buffer (void) /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), num_to_read ); + (yy_n_chars), (size_t) num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index d5d6b20a8d..4697d0a3fd 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -1,3 +1,4 @@ +#include "config.h" #line 3 "lex.yy.c" -- cgit From f7b29f23ad06403673a44915d5d85b09da69857a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 14 Sep 2006 16:08:13 +0000 Subject: r18528: work around what appears to be a compiler bug in gcc on irix. It caused the RPC-SECRETS test to crash smbd in an inlined version of this memcmp() call. This patch should have absolutely no effect at all, but in fact it prevents the crash. Disassembling at the point of the crash, it shows that gcc is inlining the memcmp(). I don't know enough MIPS assembler to actually spot the bug. In case anyone reading this does know MIPS assembler, here is the gcc generated code that crashes: 0x105e0218 : lw $t1,52($sp) 0x105e021c : lw $t1,0($t1) 0x105e0220 : lhu $t1,0($t1) 0x105e0224 : lw $t2,68($sp) 0x105e0228 : lhu $t2,0($t2) 0x105e022c : subu $t1,$t1,$t2 it gets a segv at 0x105e0220. lha, what do you think of this? The change should be innocuous on all other platforms, apart from making the code harder to read :( (This used to be commit 95455b57893c99d6d2dc20c4f75042ae4c1cfe85) --- source4/heimdal/lib/gssapi/decapsulate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/decapsulate.c b/source4/heimdal/lib/gssapi/decapsulate.c index 90e037f09b..08df361776 100644 --- a/source4/heimdal/lib/gssapi/decapsulate.c +++ b/source4/heimdal/lib/gssapi/decapsulate.c @@ -110,7 +110,7 @@ gssapi_krb5_verify_header(u_char **str, if (len < 2) return GSS_S_DEFECTIVE_TOKEN; - if (memcmp (*str, type, 2) != 0) + if ((*str)[0] != type[0] || (*str)[1] != type[1]) return GSS_S_DEFECTIVE_TOKEN; *str += 2; -- cgit From 83558e822b9b1ea64ae89b77b2d815d19211d996 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 22 Sep 2006 18:39:49 +0000 Subject: r18826: Allow 'enterprise' principal names to log in. These principals do not need to be in the same realm as the rest of the ticket, the full principal name is in the first componet of the ASN.1. Samba4's backend will handle getting this to the 'right' place. Andrew Bartlett (This used to be commit 90b01b8af21609e2e5c8b6bd8cab8bd393844acf) --- source4/heimdal/kdc/524.c | 4 ++-- source4/heimdal/kdc/kerberos4.c | 6 ++++-- source4/heimdal/kdc/kerberos5.c | 14 +++++++------- source4/heimdal/lib/krb5/asn1_glue.c | 20 +++++++++++++++----- source4/heimdal/lib/krb5/get_in_tkt.c | 6 ++++-- source4/heimdal/lib/krb5/krb5-private.h | 1 + source4/heimdal/lib/krb5/rd_cred.c | 5 +++-- source4/heimdal/lib/krb5/rd_req.c | 12 +++++++----- 8 files changed, 43 insertions(+), 25 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/524.c b/source4/heimdal/kdc/524.c index 14969aaa52..d61b78d9b6 100644 --- a/source4/heimdal/kdc/524.c +++ b/source4/heimdal/kdc/524.c @@ -53,7 +53,7 @@ fetch_server (krb5_context context, krb5_error_code ret; krb5_principal sprinc; - ret = _krb5_principalname2krb5_principal(&sprinc, t->sname, t->realm); + ret = _krb5_principalname2krb5_principal(context, &sprinc, t->sname, t->realm); if (ret) { kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s", krb5_get_err_text(context, ret)); @@ -90,7 +90,7 @@ log_524 (krb5_context context, char *cpn; krb5_error_code ret; - ret = _krb5_principalname2krb5_principal(&client, et->cname, et->crealm); + ret = _krb5_principalname2krb5_principal(context, &client, et->cname, et->crealm); if (ret) { kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s", krb5_get_err_text (context, ret)); diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c index 4ece1a47d6..d7a3a9cb69 100644 --- a/source4/heimdal/kdc/kerberos4.c +++ b/source4/heimdal/kdc/kerberos4.c @@ -655,7 +655,8 @@ _kdc_encode_v4_ticket(krb5_context context, { krb5_principal princ; - _krb5_principalname2krb5_principal(&princ, + _krb5_principalname2krb5_principal(context, + &princ, *service, et->crealm); ret = krb5_524_conv_principal(context, @@ -667,7 +668,8 @@ _kdc_encode_v4_ticket(krb5_context context, if(ret) return ret; - _krb5_principalname2krb5_principal(&princ, + _krb5_principalname2krb5_principal(context, + &princ, et->cname, et->crealm); diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 877b88c155..a73c2c10b3 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -869,7 +869,7 @@ _kdc_as_rep(krb5_context context, ret = KRB5KRB_ERR_GENERIC; e_text = "No server in request"; } else{ - _krb5_principalname2krb5_principal (&server_princ, + _krb5_principalname2krb5_principal (context, &server_princ, *(b->sname), b->realm); ret = krb5_unparse_name(context, server_princ, &server_name); } @@ -882,7 +882,7 @@ _kdc_as_rep(krb5_context context, ret = KRB5KRB_ERR_GENERIC; e_text = "No client in request"; } else { - _krb5_principalname2krb5_principal (&client_princ, + _krb5_principalname2krb5_principal (context, &client_princ, *(b->cname), b->realm); ret = krb5_unparse_name(context, client_princ, &client_name); } @@ -1270,7 +1270,7 @@ _kdc_as_rep(krb5_context context, if (f.request_anonymous) make_anonymous_principalname (&rep.cname); else - _krb5_principal2principalname(&rep.cname, + _krb5_principal2principalname(&rep.cname, client->entry.principal); rep.ticket.tkt_vno = 5; copy_Realm(&server->entry.principal->realm, &rep.ticket.realm); @@ -2137,7 +2137,7 @@ tgs_rep2(krb5_context context, goto out2; } - _krb5_principalname2krb5_principal(&princ, + _krb5_principalname2krb5_principal(context, &princ, ap_req.ticket.sname, ap_req.ticket.realm); @@ -2340,7 +2340,7 @@ tgs_rep2(krb5_context context, ret = KRB5KDC_ERR_POLICY; goto out2; } - _krb5_principalname2krb5_principal(&p, t->sname, t->realm); + _krb5_principalname2krb5_principal(context, &p, t->sname, t->realm); ret = _kdc_db_fetch(context, config, p, HDB_F_GET_CLIENT|HDB_F_GET_SERVER, &uu); krb5_free_principal(context, p); @@ -2364,11 +2364,11 @@ tgs_rep2(krb5_context context, r = adtkt.crealm; } - _krb5_principalname2krb5_principal(&sp, *s, r); + _krb5_principalname2krb5_principal(context, &sp, *s, r); ret = krb5_unparse_name(context, sp, &spn); if (ret) goto out; - _krb5_principalname2krb5_principal(&cp, tgt->cname, tgt->crealm); + _krb5_principalname2krb5_principal(context, &cp, tgt->cname, tgt->crealm); ret = krb5_unparse_name(context, cp, &cpn); if (ret) goto out; diff --git a/source4/heimdal/lib/krb5/asn1_glue.c b/source4/heimdal/lib/krb5/asn1_glue.c index 01b5d3ee44..8f7b886e80 100644 --- a/source4/heimdal/lib/krb5/asn1_glue.c +++ b/source4/heimdal/lib/krb5/asn1_glue.c @@ -47,13 +47,23 @@ _krb5_principal2principalname (PrincipalName *p, } krb5_error_code KRB5_LIB_FUNCTION -_krb5_principalname2krb5_principal (krb5_principal *principal, +_krb5_principalname2krb5_principal (krb5_context context, + krb5_principal *principal, const PrincipalName from, const Realm realm) { - krb5_principal p = malloc(sizeof(*p)); - copy_PrincipalName(&from, &p->name); - p->realm = strdup(realm); - *principal = p; + if (from.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) { + if (from.name_string.len != 1) { + return KRB5_PARSE_MALFORMED; + } + return krb5_parse_name(context, + from.name_string.val[0], + principal); + } else { + krb5_principal p = malloc(sizeof(*p)); + copy_PrincipalName(&from, &p->name); + p->realm = strdup(realm); + *principal = p; + } return 0; } diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c index 24d6c29f52..5c488d1ddc 100644 --- a/source4/heimdal/lib/krb5/get_in_tkt.c +++ b/source4/heimdal/lib/krb5/get_in_tkt.c @@ -137,7 +137,8 @@ _krb5_extract_ticket(krb5_context context, time_t tmp_time; krb5_timestamp sec_now; - ret = _krb5_principalname2krb5_principal (&tmp_principal, + ret = _krb5_principalname2krb5_principal (context, + &tmp_principal, rep->kdc_rep.cname, rep->kdc_rep.crealm); if (ret) @@ -170,7 +171,8 @@ _krb5_extract_ticket(krb5_context context, /* compare server */ - ret = _krb5_principalname2krb5_principal (&tmp_principal, + ret = _krb5_principalname2krb5_principal (context, + &tmp_principal, rep->kdc_rep.ticket.sname, rep->kdc_rep.ticket.realm); if (ret) diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 17b282f1d8..9ba288e22b 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -372,6 +372,7 @@ _krb5_principal2principalname ( krb5_error_code KRB5_LIB_FUNCTION _krb5_principalname2krb5_principal ( + krb5_context /* context */, krb5_principal */*principal*/, const PrincipalName /*from*/, const Realm /*realm*/); diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c index 520b3a1418..01b5188bae 100644 --- a/source4/heimdal/lib/krb5/rd_cred.c +++ b/source4/heimdal/lib/krb5/rd_cred.c @@ -265,7 +265,7 @@ krb5_rd_cred(krb5_context context, krb5_abortx(context, "internal error in ASN.1 encoder"); copy_EncryptionKey (&kci->key, &creds->session); if (kci->prealm && kci->pname) - _krb5_principalname2krb5_principal (&creds->client, + _krb5_principalname2krb5_principal (context, &creds->client, *kci->pname, *kci->prealm); if (kci->flags) @@ -279,7 +279,8 @@ krb5_rd_cred(krb5_context context, if (kci->renew_till) creds->times.renew_till = *kci->renew_till; if (kci->srealm && kci->sname) - _krb5_principalname2krb5_principal (&creds->server, + _krb5_principalname2krb5_principal (context, + &creds->server, *kci->sname, *kci->srealm); if (kci->caddr) diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index 0d4635b964..c0bb710a59 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -376,10 +376,12 @@ krb5_verify_ap_req2(krb5_context context, if(ret) goto out; - ret = _krb5_principalname2krb5_principal(&t->server, ap_req->ticket.sname, + ret = _krb5_principalname2krb5_principal(context, + &t->server, ap_req->ticket.sname, ap_req->ticket.realm); if (ret) goto out; - ret = _krb5_principalname2krb5_principal(&t->client, t->ticket.cname, + ret = _krb5_principalname2krb5_principal(context, + &t->client, t->ticket.cname, t->ticket.crealm); if (ret) goto out; @@ -400,10 +402,10 @@ krb5_verify_ap_req2(krb5_context context, krb5_principal p1, p2; krb5_boolean res; - _krb5_principalname2krb5_principal(&p1, + _krb5_principalname2krb5_principal(context, &p1, ac->authenticator->cname, ac->authenticator->crealm); - _krb5_principalname2krb5_principal(&p2, + _krb5_principalname2krb5_principal(context, &p2, t->ticket.cname, t->ticket.crealm); res = krb5_principal_compare (context, p1, p2); @@ -605,7 +607,7 @@ krb5_rd_req_return_keyblock(krb5_context context, return ret; if(server == NULL){ - _krb5_principalname2krb5_principal(&service, + _krb5_principalname2krb5_principal(context, &service, ap_req.ticket.sname, ap_req.ticket.realm); server = service; -- cgit From 69e755892ab68c42cfc04f43c3b2ee0d0f29264d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 16 Oct 2006 10:51:23 +0000 Subject: r19325: leak fix from lha (This used to be commit 248f3265e6339f279691be5d17ca4ce733c6590d) --- source4/heimdal/lib/des/hmac.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/des/hmac.c b/source4/heimdal/lib/des/hmac.c index 1d323b3725..4bcb0defa5 100644 --- a/source4/heimdal/lib/des/hmac.c +++ b/source4/heimdal/lib/des/hmac.c @@ -28,7 +28,10 @@ HMAC_CTX_cleanup(HMAC_CTX *ctx) free(ctx->ipad); ctx->ipad = NULL; } - EVP_MD_CTX_cleanup(ctx->ctx); + if (ctx->ctx) { + EVP_MD_CTX_destroy(ctx->ctx); + ctx->ctx = NULL; + } } size_t -- cgit From 3c1e780ec7e16dc6667402bbc65708bf9a5c062f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Nov 2006 06:59:56 +0000 Subject: r19604: This is a massive commit, and I appologise in advance for it's size. This merges Samba4 with lorikeet-heimdal, which itself has been tracking Heimdal CVS for the past couple of weeks. This is such a big change because Heimdal reorganised it's internal structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases. In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO PAC. This matches windows behavour. We also have an option to require the PAC to be present (which allows us to automate the testing of this code). This also includes a restructure of how the kerberos dependencies are handled, due to the fallout of the merge. Andrew Bartlett (This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471) --- source4/heimdal/kdc/524.c | 11 +- source4/heimdal/kdc/default_config.c | 3 +- source4/heimdal/kdc/digest.c | 712 ++++++++ source4/heimdal/kdc/headers.h | 7 +- source4/heimdal/kdc/kaserver.c | 5 +- source4/heimdal/kdc/kdc-private.h | 87 +- source4/heimdal/kdc/kdc-protos.h | 12 +- source4/heimdal/kdc/kdc.h | 11 +- source4/heimdal/kdc/kerberos4.c | 23 +- source4/heimdal/kdc/kerberos5.c | 1337 ++------------- source4/heimdal/kdc/krb5tgs.c | 1781 ++++++++++++++++++++ source4/heimdal/kdc/misc.c | 38 +- source4/heimdal/kdc/pkinit.c | 105 +- source4/heimdal/kdc/process.c | 31 +- source4/heimdal/lib/asn1/CMS.asn1 | 10 +- source4/heimdal/lib/asn1/asn1-common.h | 5 +- source4/heimdal/lib/asn1/der-protos.h | 542 ++++++ source4/heimdal/lib/asn1/der.h | 157 +- source4/heimdal/lib/asn1/der_cmp.c | 17 +- source4/heimdal/lib/asn1/der_copy.c | 35 +- source4/heimdal/lib/asn1/der_format.c | 72 +- source4/heimdal/lib/asn1/der_free.c | 25 +- source4/heimdal/lib/asn1/der_get.c | 13 +- source4/heimdal/lib/asn1/der_length.c | 36 +- source4/heimdal/lib/asn1/der_locl.h | 7 +- source4/heimdal/lib/asn1/der_put.c | 3 + source4/heimdal/lib/asn1/digest.asn1 | 115 ++ source4/heimdal/lib/asn1/gen.c | 6 +- source4/heimdal/lib/asn1/gen_copy.c | 8 +- source4/heimdal/lib/asn1/gen_decode.c | 7 +- source4/heimdal/lib/asn1/gen_free.c | 8 +- source4/heimdal/lib/asn1/gen_length.c | 6 +- source4/heimdal/lib/asn1/gen_locl.h | 6 +- source4/heimdal/lib/asn1/gen_seq.c | 119 ++ source4/heimdal/lib/asn1/heim_asn1.h | 3 - source4/heimdal/lib/asn1/k5.asn1 | 48 +- source4/heimdal/lib/asn1/lex.c | 1562 ++++++++--------- source4/heimdal/lib/asn1/main.c | 14 +- source4/heimdal/lib/asn1/parse.c | 352 ++-- source4/heimdal/lib/asn1/parse.h | 13 +- source4/heimdal/lib/asn1/pkinit.asn1 | 161 ++ source4/heimdal/lib/asn1/rfc2459.asn1 | 426 +++++ source4/heimdal/lib/asn1/test.asn1 | 4 +- source4/heimdal/lib/asn1/timegm.c | 86 + source4/heimdal/lib/com_err/lex.c | 1398 +++++++-------- source4/heimdal/lib/com_err/parse.c | 1734 ++++++++----------- source4/heimdal/lib/com_err/parse.h | 75 +- source4/heimdal/lib/des/evp.c | 83 +- source4/heimdal/lib/des/evp.h | 13 +- source4/heimdal/lib/des/hmac.c | 4 +- source4/heimdal/lib/des/rand-unix.c | 153 ++ source4/heimdal/lib/des/rand.c | 120 ++ source4/heimdal/lib/des/ui.c | 22 +- source4/heimdal/lib/gssapi/8003.c | 248 --- source4/heimdal/lib/gssapi/accept_sec_context.c | 1176 ------------- source4/heimdal/lib/gssapi/acquire_cred.c | 383 ----- source4/heimdal/lib/gssapi/add_oid_set_member.c | 69 - source4/heimdal/lib/gssapi/address_to_krb5addr.c | 76 - source4/heimdal/lib/gssapi/arcfour.c | 691 -------- source4/heimdal/lib/gssapi/arcfour.h | 83 - source4/heimdal/lib/gssapi/ccache_name.c | 80 - source4/heimdal/lib/gssapi/cfx.c | 839 --------- source4/heimdal/lib/gssapi/cfx.h | 105 -- source4/heimdal/lib/gssapi/compat.c | 154 -- source4/heimdal/lib/gssapi/context_time.c | 92 - source4/heimdal/lib/gssapi/copy_ccache.c | 280 --- source4/heimdal/lib/gssapi/create_emtpy_oid_set.c | 52 - source4/heimdal/lib/gssapi/decapsulate.c | 209 --- source4/heimdal/lib/gssapi/delete_sec_context.c | 83 - source4/heimdal/lib/gssapi/display_name.c | 73 - source4/heimdal/lib/gssapi/display_status.c | 230 --- source4/heimdal/lib/gssapi/duplicate_name.c | 59 - source4/heimdal/lib/gssapi/encapsulate.c | 153 -- source4/heimdal/lib/gssapi/external.c | 267 --- source4/heimdal/lib/gssapi/get_mic.c | 314 ---- source4/heimdal/lib/gssapi/gssapi.h | 797 +-------- source4/heimdal/lib/gssapi/gssapi/gssapi.h | 837 +++++++++ source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h | 209 +++ source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h | 58 + source4/heimdal/lib/gssapi/gssapi_locl.h | 315 ---- source4/heimdal/lib/gssapi/gssapi_mech.h | 348 ++++ source4/heimdal/lib/gssapi/import_name.c | 230 --- source4/heimdal/lib/gssapi/init.c | 151 -- source4/heimdal/lib/gssapi/init_sec_context.c | 1261 -------------- source4/heimdal/lib/gssapi/inquire_cred.c | 123 -- source4/heimdal/lib/gssapi/krb5/8003.c | 248 +++ .../heimdal/lib/gssapi/krb5/accept_sec_context.c | 774 +++++++++ source4/heimdal/lib/gssapi/krb5/acquire_cred.c | 379 +++++ source4/heimdal/lib/gssapi/krb5/add_cred.c | 249 +++ .../heimdal/lib/gssapi/krb5/add_oid_set_member.c | 70 + .../heimdal/lib/gssapi/krb5/address_to_krb5addr.c | 76 + source4/heimdal/lib/gssapi/krb5/arcfour.c | 754 +++++++++ .../heimdal/lib/gssapi/krb5/canonicalize_name.c | 46 + source4/heimdal/lib/gssapi/krb5/cfx.c | 887 ++++++++++ source4/heimdal/lib/gssapi/krb5/cfx.h | 80 + source4/heimdal/lib/gssapi/krb5/compare_name.c | 54 + source4/heimdal/lib/gssapi/krb5/compat.c | 125 ++ source4/heimdal/lib/gssapi/krb5/context_time.c | 93 + source4/heimdal/lib/gssapi/krb5/copy_ccache.c | 191 +++ .../heimdal/lib/gssapi/krb5/create_emtpy_oid_set.c | 52 + source4/heimdal/lib/gssapi/krb5/decapsulate.c | 209 +++ .../heimdal/lib/gssapi/krb5/delete_sec_context.c | 80 + source4/heimdal/lib/gssapi/krb5/display_name.c | 72 + source4/heimdal/lib/gssapi/krb5/display_status.c | 230 +++ source4/heimdal/lib/gssapi/krb5/duplicate_name.c | 59 + source4/heimdal/lib/gssapi/krb5/encapsulate.c | 155 ++ source4/heimdal/lib/gssapi/krb5/export_name.c | 93 + .../heimdal/lib/gssapi/krb5/export_sec_context.c | 239 +++ source4/heimdal/lib/gssapi/krb5/external.c | 408 +++++ source4/heimdal/lib/gssapi/krb5/get_mic.c | 317 ++++ source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h | 705 ++++++++ source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h | 133 ++ source4/heimdal/lib/gssapi/krb5/import_name.c | 219 +++ .../heimdal/lib/gssapi/krb5/import_sec_context.c | 229 +++ source4/heimdal/lib/gssapi/krb5/indicate_mechs.c | 58 + source4/heimdal/lib/gssapi/krb5/init.c | 111 ++ source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 789 +++++++++ source4/heimdal/lib/gssapi/krb5/inquire_context.c | 108 ++ source4/heimdal/lib/gssapi/krb5/inquire_cred.c | 178 ++ .../heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c | 83 + .../heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c | 81 + .../lib/gssapi/krb5/inquire_mechs_for_name.c | 57 + .../lib/gssapi/krb5/inquire_names_for_mech.c | 80 + .../lib/gssapi/krb5/inquire_sec_context_by_oid.c | 559 ++++++ .../lib/gssapi/krb5/process_context_token.c | 66 + source4/heimdal/lib/gssapi/krb5/release_buffer.c | 48 + source4/heimdal/lib/gssapi/krb5/release_cred.c | 76 + source4/heimdal/lib/gssapi/krb5/release_name.c | 55 + source4/heimdal/lib/gssapi/krb5/release_oid_set.c | 49 + source4/heimdal/lib/gssapi/krb5/sequence.c | 294 ++++ source4/heimdal/lib/gssapi/krb5/set_cred_option.c | 152 ++ .../lib/gssapi/krb5/set_sec_context_option.c | 147 ++ .../heimdal/lib/gssapi/krb5/test_oid_set_member.c | 55 + source4/heimdal/lib/gssapi/krb5/unwrap.c | 416 +++++ source4/heimdal/lib/gssapi/krb5/verify_mic.c | 339 ++++ source4/heimdal/lib/gssapi/krb5/wrap.c | 545 ++++++ source4/heimdal/lib/gssapi/mech/context.h | 35 + source4/heimdal/lib/gssapi/mech/cred.h | 42 + .../lib/gssapi/mech/gss_accept_sec_context.c | 223 +++ source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c | 164 ++ source4/heimdal/lib/gssapi/mech/gss_add_cred.c | 175 ++ .../lib/gssapi/mech/gss_add_oid_set_member.c | 67 + source4/heimdal/lib/gssapi/mech/gss_buffer_set.c | 125 ++ .../lib/gssapi/mech/gss_canonicalize_name.c | 87 + source4/heimdal/lib/gssapi/mech/gss_compare_name.c | 74 + source4/heimdal/lib/gssapi/mech/gss_context_time.c | 41 + .../lib/gssapi/mech/gss_create_empty_oid_set.c | 52 + .../lib/gssapi/mech/gss_decapsulate_token.c | 74 + .../lib/gssapi/mech/gss_delete_sec_context.c | 58 + source4/heimdal/lib/gssapi/mech/gss_display_name.c | 74 + .../heimdal/lib/gssapi/mech/gss_display_status.c | 184 ++ .../heimdal/lib/gssapi/mech/gss_duplicate_name.c | 75 + .../heimdal/lib/gssapi/mech/gss_duplicate_oid.c | 67 + .../lib/gssapi/mech/gss_encapsulate_token.c | 69 + source4/heimdal/lib/gssapi/mech/gss_export_name.c | 56 + .../lib/gssapi/mech/gss_export_sec_context.c | 73 + source4/heimdal/lib/gssapi/mech/gss_get_mic.c | 44 + source4/heimdal/lib/gssapi/mech/gss_import_name.c | 214 +++ .../lib/gssapi/mech/gss_import_sec_context.c | 82 + .../heimdal/lib/gssapi/mech/gss_indicate_mechs.c | 65 + .../heimdal/lib/gssapi/mech/gss_init_sec_context.c | 133 ++ .../heimdal/lib/gssapi/mech/gss_inquire_context.c | 85 + source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c | 168 ++ .../lib/gssapi/mech/gss_inquire_cred_by_mech.c | 79 + .../lib/gssapi/mech/gss_inquire_cred_by_oid.c | 82 + .../lib/gssapi/mech/gss_inquire_mechs_for_name.c | 77 + .../lib/gssapi/mech/gss_inquire_names_for_mech.c | 73 + .../gssapi/mech/gss_inquire_sec_context_by_oid.c | 69 + source4/heimdal/lib/gssapi/mech/gss_krb5.c | 710 ++++++++ source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 324 ++++ source4/heimdal/lib/gssapi/mech/gss_names.c | 105 ++ source4/heimdal/lib/gssapi/mech/gss_oid_equal.c | 45 + .../lib/gssapi/mech/gss_process_context_token.c | 42 + .../heimdal/lib/gssapi/mech/gss_release_buffer.c | 44 + source4/heimdal/lib/gssapi/mech/gss_release_cred.c | 52 + source4/heimdal/lib/gssapi/mech/gss_release_name.c | 55 + source4/heimdal/lib/gssapi/mech/gss_release_oid.c | 59 + .../heimdal/lib/gssapi/mech/gss_release_oid_set.c | 45 + source4/heimdal/lib/gssapi/mech/gss_seal.c | 46 + .../heimdal/lib/gssapi/mech/gss_set_cred_option.c | 115 ++ .../lib/gssapi/mech/gss_set_sec_context_option.c | 69 + source4/heimdal/lib/gssapi/mech/gss_sign.c | 42 + .../lib/gssapi/mech/gss_test_oid_set_member.c | 47 + source4/heimdal/lib/gssapi/mech/gss_unseal.c | 44 + source4/heimdal/lib/gssapi/mech/gss_unwrap.c | 46 + source4/heimdal/lib/gssapi/mech/gss_utils.c | 66 + source4/heimdal/lib/gssapi/mech/gss_verify.c | 43 + source4/heimdal/lib/gssapi/mech/gss_verify_mic.c | 44 + source4/heimdal/lib/gssapi/mech/gss_wrap.c | 47 + .../heimdal/lib/gssapi/mech/gss_wrap_size_limit.c | 45 + source4/heimdal/lib/gssapi/mech/gssapi.asn1 | 12 + source4/heimdal/lib/gssapi/mech/mech_locl.h | 63 + source4/heimdal/lib/gssapi/mech/mech_switch.h | 42 + source4/heimdal/lib/gssapi/mech/mechqueue.h | 101 ++ source4/heimdal/lib/gssapi/mech/name.h | 47 + source4/heimdal/lib/gssapi/mech/utils.h | 32 + source4/heimdal/lib/gssapi/release_buffer.c | 48 - source4/heimdal/lib/gssapi/release_cred.c | 73 - source4/heimdal/lib/gssapi/release_name.c | 50 - source4/heimdal/lib/gssapi/release_oid_set.c | 49 - source4/heimdal/lib/gssapi/sequence.c | 294 ---- source4/heimdal/lib/gssapi/spnego.asn1 | 42 - .../heimdal/lib/gssapi/spnego/accept_sec_context.c | 873 ++++++++++ source4/heimdal/lib/gssapi/spnego/compat.c | 285 ++++ source4/heimdal/lib/gssapi/spnego/context_stubs.c | 835 +++++++++ source4/heimdal/lib/gssapi/spnego/cred_stubs.c | 291 ++++ source4/heimdal/lib/gssapi/spnego/external.c | 89 + .../heimdal/lib/gssapi/spnego/init_sec_context.c | 578 +++++++ source4/heimdal/lib/gssapi/spnego/spnego-private.h | 347 ++++ source4/heimdal/lib/gssapi/spnego/spnego.asn1 | 51 + source4/heimdal/lib/gssapi/spnego/spnego_locl.h | 96 ++ source4/heimdal/lib/gssapi/test_oid_set_member.c | 55 - source4/heimdal/lib/gssapi/unwrap.c | 413 ----- source4/heimdal/lib/gssapi/verify_mic.c | 336 ---- source4/heimdal/lib/gssapi/wrap.c | 648 ------- source4/heimdal/lib/hdb/db.c | 12 +- source4/heimdal/lib/hdb/ext.c | 36 +- source4/heimdal/lib/hdb/hdb-protos.h | 10 + source4/heimdal/lib/hdb/hdb.asn1 | 17 +- source4/heimdal/lib/hdb/hdb.c | 9 +- source4/heimdal/lib/hdb/hdb.h | 10 +- source4/heimdal/lib/hdb/keys.c | 5 +- source4/heimdal/lib/hdb/keytab.c | 38 +- source4/heimdal/lib/krb5/acache.c | 4 +- source4/heimdal/lib/krb5/addr_families.c | 3 +- source4/heimdal/lib/krb5/asn1_glue.c | 2 +- source4/heimdal/lib/krb5/cache.c | 28 +- source4/heimdal/lib/krb5/context.c | 61 +- source4/heimdal/lib/krb5/crypto.c | 278 +-- source4/heimdal/lib/krb5/data.c | 4 +- source4/heimdal/lib/krb5/expand_hostname.c | 12 +- source4/heimdal/lib/krb5/get_cred.c | 346 +++- source4/heimdal/lib/krb5/get_for_creds.c | 2 +- source4/heimdal/lib/krb5/get_host_realm.c | 74 +- source4/heimdal/lib/krb5/get_in_tkt.c | 21 +- source4/heimdal/lib/krb5/heim_err.c | 162 ++ source4/heimdal/lib/krb5/heim_threads.h | 2 +- source4/heimdal/lib/krb5/init_creds.c | 91 +- source4/heimdal/lib/krb5/init_creds_pw.c | 80 +- source4/heimdal/lib/krb5/k524_err.c | 30 + source4/heimdal/lib/krb5/krb5-private.h | 29 +- source4/heimdal/lib/krb5/krb5-protos.h | 306 +++- source4/heimdal/lib/krb5/krb5.h | 102 +- source4/heimdal/lib/krb5/krb5_err.c | 271 +++ source4/heimdal/lib/krb5/krb5_locl.h | 66 +- source4/heimdal/lib/krb5/krbhst.c | 14 +- source4/heimdal/lib/krb5/misc.c | 51 +- source4/heimdal/lib/krb5/mit_glue.c | 6 +- source4/heimdal/lib/krb5/pkinit.c | 157 +- source4/heimdal/lib/krb5/principal.c | 187 +- source4/heimdal/lib/krb5/rd_cred.c | 5 +- source4/heimdal/lib/krb5/rd_rep.c | 13 +- source4/heimdal/lib/krb5/rd_req.c | 23 +- source4/heimdal/lib/krb5/send_to_kdc.c | 91 +- source4/heimdal/lib/krb5/set_default_realm.c | 15 +- source4/heimdal/lib/krb5/store.c | 72 +- source4/heimdal/lib/krb5/store_fd.c | 9 +- source4/heimdal/lib/krb5/ticket.c | 12 +- source4/heimdal/lib/roken/bswap.c | 2 +- source4/heimdal/lib/roken/copyhostent.c | 2 +- source4/heimdal/lib/roken/freeaddrinfo.c | 2 +- source4/heimdal/lib/roken/freehostent.c | 2 +- source4/heimdal/lib/roken/gai_strerror.c | 2 +- source4/heimdal/lib/roken/getaddrinfo.c | 2 +- source4/heimdal/lib/roken/getipnodebyaddr.c | 2 +- source4/heimdal/lib/roken/getipnodebyname.c | 2 +- source4/heimdal/lib/roken/getprogname.c | 2 +- source4/heimdal/lib/roken/hex.c | 2 +- source4/heimdal/lib/roken/hostent_find_fqdn.c | 2 +- source4/heimdal/lib/roken/inet_aton.c | 2 +- source4/heimdal/lib/roken/issuid.c | 2 +- source4/heimdal/lib/roken/resolve.c | 2 +- source4/heimdal/lib/roken/roken.h | 469 +----- source4/heimdal/lib/roken/setprogname.c | 2 +- source4/heimdal/lib/roken/signal.c | 2 +- source4/heimdal/lib/roken/strsep.c | 2 +- source4/heimdal/lib/roken/strsep_copy.c | 2 +- 277 files changed, 31090 insertions(+), 16300 deletions(-) create mode 100644 source4/heimdal/kdc/digest.c create mode 100644 source4/heimdal/kdc/krb5tgs.c create mode 100644 source4/heimdal/lib/asn1/der-protos.h create mode 100644 source4/heimdal/lib/asn1/digest.asn1 create mode 100644 source4/heimdal/lib/asn1/gen_seq.c create mode 100644 source4/heimdal/lib/asn1/pkinit.asn1 create mode 100644 source4/heimdal/lib/asn1/rfc2459.asn1 create mode 100644 source4/heimdal/lib/asn1/timegm.c create mode 100644 source4/heimdal/lib/des/rand-unix.c create mode 100644 source4/heimdal/lib/des/rand.c delete mode 100644 source4/heimdal/lib/gssapi/8003.c delete mode 100644 source4/heimdal/lib/gssapi/accept_sec_context.c delete mode 100644 source4/heimdal/lib/gssapi/acquire_cred.c delete mode 100644 source4/heimdal/lib/gssapi/add_oid_set_member.c delete mode 100644 source4/heimdal/lib/gssapi/address_to_krb5addr.c delete mode 100644 source4/heimdal/lib/gssapi/arcfour.c delete mode 100644 source4/heimdal/lib/gssapi/arcfour.h delete mode 100755 source4/heimdal/lib/gssapi/ccache_name.c delete mode 100755 source4/heimdal/lib/gssapi/cfx.c delete mode 100755 source4/heimdal/lib/gssapi/cfx.h delete mode 100644 source4/heimdal/lib/gssapi/compat.c delete mode 100644 source4/heimdal/lib/gssapi/context_time.c delete mode 100644 source4/heimdal/lib/gssapi/copy_ccache.c delete mode 100644 source4/heimdal/lib/gssapi/create_emtpy_oid_set.c delete mode 100644 source4/heimdal/lib/gssapi/decapsulate.c delete mode 100644 source4/heimdal/lib/gssapi/delete_sec_context.c delete mode 100644 source4/heimdal/lib/gssapi/display_name.c delete mode 100644 source4/heimdal/lib/gssapi/display_status.c delete mode 100644 source4/heimdal/lib/gssapi/duplicate_name.c delete mode 100644 source4/heimdal/lib/gssapi/encapsulate.c delete mode 100644 source4/heimdal/lib/gssapi/external.c delete mode 100644 source4/heimdal/lib/gssapi/get_mic.c create mode 100644 source4/heimdal/lib/gssapi/gssapi/gssapi.h create mode 100644 source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h create mode 100644 source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h delete mode 100644 source4/heimdal/lib/gssapi/gssapi_locl.h create mode 100644 source4/heimdal/lib/gssapi/gssapi_mech.h delete mode 100644 source4/heimdal/lib/gssapi/import_name.c delete mode 100644 source4/heimdal/lib/gssapi/init.c delete mode 100644 source4/heimdal/lib/gssapi/init_sec_context.c delete mode 100644 source4/heimdal/lib/gssapi/inquire_cred.c create mode 100644 source4/heimdal/lib/gssapi/krb5/8003.c create mode 100644 source4/heimdal/lib/gssapi/krb5/accept_sec_context.c create mode 100644 source4/heimdal/lib/gssapi/krb5/acquire_cred.c create mode 100644 source4/heimdal/lib/gssapi/krb5/add_cred.c create mode 100644 source4/heimdal/lib/gssapi/krb5/add_oid_set_member.c create mode 100644 source4/heimdal/lib/gssapi/krb5/address_to_krb5addr.c create mode 100644 source4/heimdal/lib/gssapi/krb5/arcfour.c create mode 100644 source4/heimdal/lib/gssapi/krb5/canonicalize_name.c create mode 100755 source4/heimdal/lib/gssapi/krb5/cfx.c create mode 100755 source4/heimdal/lib/gssapi/krb5/cfx.h create mode 100644 source4/heimdal/lib/gssapi/krb5/compare_name.c create mode 100644 source4/heimdal/lib/gssapi/krb5/compat.c create mode 100644 source4/heimdal/lib/gssapi/krb5/context_time.c create mode 100644 source4/heimdal/lib/gssapi/krb5/copy_ccache.c create mode 100644 source4/heimdal/lib/gssapi/krb5/create_emtpy_oid_set.c create mode 100644 source4/heimdal/lib/gssapi/krb5/decapsulate.c create mode 100644 source4/heimdal/lib/gssapi/krb5/delete_sec_context.c create mode 100644 source4/heimdal/lib/gssapi/krb5/display_name.c create mode 100644 source4/heimdal/lib/gssapi/krb5/display_status.c create mode 100644 source4/heimdal/lib/gssapi/krb5/duplicate_name.c create mode 100644 source4/heimdal/lib/gssapi/krb5/encapsulate.c create mode 100644 source4/heimdal/lib/gssapi/krb5/export_name.c create mode 100644 source4/heimdal/lib/gssapi/krb5/export_sec_context.c create mode 100644 source4/heimdal/lib/gssapi/krb5/external.c create mode 100644 source4/heimdal/lib/gssapi/krb5/get_mic.c create mode 100644 source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h create mode 100644 source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h create mode 100644 source4/heimdal/lib/gssapi/krb5/import_name.c create mode 100644 source4/heimdal/lib/gssapi/krb5/import_sec_context.c create mode 100644 source4/heimdal/lib/gssapi/krb5/indicate_mechs.c create mode 100644 source4/heimdal/lib/gssapi/krb5/init.c create mode 100644 source4/heimdal/lib/gssapi/krb5/init_sec_context.c create mode 100644 source4/heimdal/lib/gssapi/krb5/inquire_context.c create mode 100644 source4/heimdal/lib/gssapi/krb5/inquire_cred.c create mode 100644 source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c create mode 100644 source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c create mode 100644 source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c create mode 100644 source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c create mode 100644 source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c create mode 100644 source4/heimdal/lib/gssapi/krb5/process_context_token.c create mode 100644 source4/heimdal/lib/gssapi/krb5/release_buffer.c create mode 100644 source4/heimdal/lib/gssapi/krb5/release_cred.c create mode 100644 source4/heimdal/lib/gssapi/krb5/release_name.c create mode 100644 source4/heimdal/lib/gssapi/krb5/release_oid_set.c create mode 100755 source4/heimdal/lib/gssapi/krb5/sequence.c create mode 100644 source4/heimdal/lib/gssapi/krb5/set_cred_option.c create mode 100644 source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c create mode 100644 source4/heimdal/lib/gssapi/krb5/test_oid_set_member.c create mode 100644 source4/heimdal/lib/gssapi/krb5/unwrap.c create mode 100644 source4/heimdal/lib/gssapi/krb5/verify_mic.c create mode 100644 source4/heimdal/lib/gssapi/krb5/wrap.c create mode 100644 source4/heimdal/lib/gssapi/mech/context.h create mode 100644 source4/heimdal/lib/gssapi/mech/cred.h create mode 100644 source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_add_cred.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_buffer_set.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_compare_name.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_context_time.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_display_name.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_display_status.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_duplicate_oid.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_export_name.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_get_mic.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_import_name.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_inquire_context.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_krb5.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_mech_switch.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_names.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_oid_equal.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_process_context_token.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_release_buffer.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_release_cred.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_release_name.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_release_oid.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_seal.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_sign.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_unseal.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_unwrap.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_utils.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_verify.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_verify_mic.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_wrap.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c create mode 100644 source4/heimdal/lib/gssapi/mech/gssapi.asn1 create mode 100644 source4/heimdal/lib/gssapi/mech/mech_locl.h create mode 100644 source4/heimdal/lib/gssapi/mech/mech_switch.h create mode 100644 source4/heimdal/lib/gssapi/mech/mechqueue.h create mode 100644 source4/heimdal/lib/gssapi/mech/name.h create mode 100644 source4/heimdal/lib/gssapi/mech/utils.h delete mode 100644 source4/heimdal/lib/gssapi/release_buffer.c delete mode 100644 source4/heimdal/lib/gssapi/release_cred.c delete mode 100644 source4/heimdal/lib/gssapi/release_name.c delete mode 100644 source4/heimdal/lib/gssapi/release_oid_set.c delete mode 100755 source4/heimdal/lib/gssapi/sequence.c delete mode 100755 source4/heimdal/lib/gssapi/spnego.asn1 create mode 100644 source4/heimdal/lib/gssapi/spnego/accept_sec_context.c create mode 100644 source4/heimdal/lib/gssapi/spnego/compat.c create mode 100644 source4/heimdal/lib/gssapi/spnego/context_stubs.c create mode 100644 source4/heimdal/lib/gssapi/spnego/cred_stubs.c create mode 100644 source4/heimdal/lib/gssapi/spnego/external.c create mode 100644 source4/heimdal/lib/gssapi/spnego/init_sec_context.c create mode 100644 source4/heimdal/lib/gssapi/spnego/spnego-private.h create mode 100644 source4/heimdal/lib/gssapi/spnego/spnego.asn1 create mode 100644 source4/heimdal/lib/gssapi/spnego/spnego_locl.h delete mode 100644 source4/heimdal/lib/gssapi/test_oid_set_member.c delete mode 100644 source4/heimdal/lib/gssapi/unwrap.c delete mode 100644 source4/heimdal/lib/gssapi/verify_mic.c delete mode 100644 source4/heimdal/lib/gssapi/wrap.c create mode 100644 source4/heimdal/lib/krb5/heim_err.c create mode 100644 source4/heimdal/lib/krb5/k524_err.c create mode 100644 source4/heimdal/lib/krb5/krb5_err.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/524.c b/source4/heimdal/kdc/524.c index d61b78d9b6..56c12efd60 100644 --- a/source4/heimdal/kdc/524.c +++ b/source4/heimdal/kdc/524.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: 524.c,v 1.37 2006/04/27 11:33:20 lha Exp $"); +RCSID("$Id: 524.c,v 1.40 2006/10/06 17:06:30 lha Exp $"); #include @@ -53,7 +53,8 @@ fetch_server (krb5_context context, krb5_error_code ret; krb5_principal sprinc; - ret = _krb5_principalname2krb5_principal(context, &sprinc, t->sname, t->realm); + ret = _krb5_principalname2krb5_principal(context, &sprinc, + t->sname, t->realm); if (ret) { kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s", krb5_get_err_text(context, ret)); @@ -66,7 +67,8 @@ fetch_server (krb5_context context, krb5_get_err_text(context, ret)); return ret; } - ret = _kdc_db_fetch(context, config, sprinc, HDB_F_GET_SERVER, server); + ret = _kdc_db_fetch(context, config, sprinc, HDB_F_GET_SERVER, + NULL, server); krb5_free_principal(context, sprinc); if (ret) { kdc_log(context, config, 0, @@ -90,7 +92,8 @@ log_524 (krb5_context context, char *cpn; krb5_error_code ret; - ret = _krb5_principalname2krb5_principal(context, &client, et->cname, et->crealm); + ret = _krb5_principalname2krb5_principal(context, &client, + et->cname, et->crealm); if (ret) { kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s", krb5_get_err_text (context, ret)); diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c index 5152fe9ab1..c4d9f51fd0 100644 --- a/source4/heimdal/kdc/default_config.c +++ b/source4/heimdal/kdc/default_config.c @@ -42,8 +42,9 @@ void krb5_kdc_default_config(krb5_kdc_configuration *config) { + memset(config, 0, sizeof(*config)); config->require_preauth = TRUE; - config->kdc_warn_pwexpire = -1; + config->kdc_warn_pwexpire = 0; config->encode_as_rep_as_tgs_rep = FALSE; /* bug compatibility */ config->check_ticket_addresses = TRUE; config->allow_null_ticket_addresses = TRUE; diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c new file mode 100644 index 0000000000..a5517fb896 --- /dev/null +++ b/source4/heimdal/kdc/digest.c @@ -0,0 +1,712 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdc_locl.h" +#include +#include + +RCSID("$Id: digest.c,v 1.7 2006/10/22 20:11:44 lha Exp $"); + +krb5_error_code +_kdc_do_digest(krb5_context context, + krb5_kdc_configuration *config, + const DigestREQ *req, krb5_data *reply, + const char *from, struct sockaddr *addr) +{ + krb5_error_code ret = 0; + krb5_ticket *ticket = NULL; + krb5_auth_context ac = NULL; + krb5_keytab id = NULL; + krb5_crypto crypto = NULL; + DigestReqInner ireq; + DigestRepInner r; + DigestREP rep; + krb5_flags ap_req_options; + krb5_data buf; + size_t size; + krb5_storage *sp = NULL; + Checksum res; + hdb_entry_ex *server = NULL, *user = NULL; + char *password = NULL; + krb5_data serverNonce; + + if(!config->enable_digest) { + kdc_log(context, config, 0, "Rejected digest request from %s", from); + return KRB5KDC_ERR_POLICY; + } + + krb5_data_zero(&buf); + krb5_data_zero(reply); + krb5_data_zero(&serverNonce); + memset(&ireq, 0, sizeof(ireq)); + memset(&r, 0, sizeof(r)); + memset(&rep, 0, sizeof(rep)); + + kdc_log(context, config, 0, "Digest request from %s", from); + + ret = krb5_kt_resolve(context, "HDB:", &id); + if (ret) { + kdc_log(context, config, 0, "Can't open database for digest"); + goto out; + } + + ret = krb5_rd_req(context, + &ac, + &req->apReq, + NULL, + id, + &ap_req_options, + &ticket); + if (ret) + goto out; + + /* check the server principal in the ticket matches digest/R@R */ + { + krb5_principal principal = NULL; + const char *p, *r; + + ret = krb5_ticket_get_server(context, ticket, &principal); + if (ret) + goto out; + + ret = EINVAL; + krb5_set_error_string(context, "Wrong digest server principal used"); + p = krb5_principal_get_comp_string(context, principal, 0); + if (p == NULL) { + krb5_free_principal(context, principal); + goto out; + } + if (strcmp(p, KRB5_DIGEST_NAME) != 0) { + krb5_free_principal(context, principal); + goto out; + } + + p = krb5_principal_get_comp_string(context, principal, 1); + if (p == NULL) { + krb5_free_principal(context, principal); + goto out; + } + r = krb5_principal_get_realm(context, principal); + if (r == NULL) { + krb5_free_principal(context, principal); + goto out; + } + if (strcmp(p, r) != 0) { + krb5_free_principal(context, principal); + goto out; + } + + ret = _kdc_db_fetch(context, config, principal, + HDB_F_GET_SERVER, NULL, &server); + if (ret) + goto out; + + krb5_free_principal(context, principal); + } + + /* check the client is allowed to do digest auth */ + { + krb5_principal principal = NULL; + hdb_entry_ex *client; + + ret = krb5_ticket_get_client(context, ticket, &principal); + if (ret) + goto out; + + ret = _kdc_db_fetch(context, config, principal, + HDB_F_GET_CLIENT, NULL, &client); + krb5_free_principal(context, principal); + if (ret) + goto out; + + if (client->entry.flags.allow_digest == 0) { + krb5_set_error_string(context, + "Client is not permitted to use digest"); + ret = KRB5KDC_ERR_POLICY; + _kdc_free_ent (context, client); + goto out; + } + _kdc_free_ent (context, client); + } + + /* unpack request */ + { + krb5_keyblock *key; + + ret = krb5_auth_con_getremotesubkey(context, ac, &key); + if (ret) + goto out; + if (key == NULL) { + krb5_set_error_string(context, "digest: remote subkey not found"); + ret = EINVAL; + goto out; + } + + ret = krb5_crypto_init(context, key, 0, &crypto); + krb5_free_keyblock (context, key); + if (ret) + goto out; + } + + ret = krb5_decrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT, + &req->innerReq, &buf); + krb5_crypto_destroy(context, crypto); + crypto = NULL; + if (ret) + goto out; + + ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL); + krb5_data_free(&buf); + if (ret) { + krb5_set_error_string(context, "Failed to decode digest inner request"); + goto out; + } + + /* + * Process the inner request + */ + + switch (ireq.element) { + case choice_DigestReqInner_init: { + unsigned char server_nonce[16], identifier; + + RAND_pseudo_bytes(&identifier, sizeof(identifier)); + RAND_pseudo_bytes(server_nonce, sizeof(server_nonce)); + + server_nonce[0] = kdc_time & 0xff; + server_nonce[1] = (kdc_time >> 8) & 0xff; + server_nonce[2] = (kdc_time >> 16) & 0xff; + server_nonce[3] = (kdc_time >> 24) & 0xff; + + r.element = choice_DigestRepInner_initReply; + + hex_encode(server_nonce, sizeof(server_nonce), &r.u.initReply.nonce); + if (r.u.initReply.nonce == NULL) { + krb5_set_error_string(context, "Failed to decode server nonce"); + ret = ENOMEM; + goto out; + } + + sp = krb5_storage_emem(); + if (sp == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "out of memory"); + goto out; + } + ret = krb5_store_stringz(sp, ireq.u.init.type); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + + if (ireq.u.init.channel) { + char *s; + + asprintf(&s, "%s-%s:%s", r.u.initReply.nonce, + ireq.u.init.channel->cb_type, + ireq.u.init.channel->cb_binding); + if (s == NULL) { + krb5_set_error_string(context, "Failed to allocate " + "channel binding"); + ret = ENOMEM; + goto out; + } + free(r.u.initReply.nonce); + r.u.initReply.nonce = s; + } + + ret = krb5_store_stringz(sp, r.u.initReply.nonce); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + + if (strcasecmp(ireq.u.init.type, "CHAP") == 0) { + r.u.initReply.identifier = + malloc(sizeof(*r.u.initReply.identifier)); + if (r.u.initReply.identifier == NULL) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + + asprintf(r.u.initReply.identifier, "%02X", identifier & 0xff); + if (*r.u.initReply.identifier == NULL) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + + ret = krb5_store_stringz(sp, *r.u.initReply.identifier); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + } else + r.u.initReply.identifier = NULL; + + if (ireq.u.init.hostname) { + ret = krb5_store_stringz(sp, *ireq.u.init.hostname); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + } + + ret = krb5_storage_to_data(sp, &buf); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + + { + Key *key; + krb5_enctype enctype; + + ret = _kdc_get_preferred_key(context, + config, + server, + "digest-service", + &enctype, + &key); + if (ret) + goto out; + ret = krb5_crypto_init(context, &key->key, 0, &crypto); + if (ret) + goto out; + } + + ret = krb5_create_checksum(context, + crypto, + KRB5_KU_DIGEST_OPAQUE, + 0, + buf.data, + buf.length, + &res); + krb5_crypto_destroy(context, crypto); + crypto = NULL; + krb5_data_free(&buf); + if (ret) + goto out; + + ASN1_MALLOC_ENCODE(Checksum, buf.data, buf.length, &res, &size, ret); + free_Checksum(&res); + if (ret) { + krb5_set_error_string(context, "Failed to encode " + "checksum in digest request"); + goto out; + } + if (size != buf.length) + krb5_abortx(context, "ASN1 internal error"); + + hex_encode(buf.data, buf.length, &r.u.initReply.opaque); + free(buf.data); + if (r.u.initReply.opaque == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + break; + } + case choice_DigestReqInner_digestRequest: { + krb5_principal clientprincipal; + HDB *db; + + sp = krb5_storage_emem(); + if (sp == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "out of memory"); + goto out; + } + krb5_store_stringz(sp, ireq.u.digestRequest.type); + + krb5_store_stringz(sp, ireq.u.digestRequest.serverNonce); + if (ireq.u.digestRequest.identifier) { + ret = krb5_store_stringz(sp, *ireq.u.digestRequest.identifier); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + } + if (ireq.u.digestRequest.hostname) { + ret = krb5_store_stringz(sp, *ireq.u.digestRequest.hostname); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + } + + buf.length = strlen(ireq.u.digestRequest.opaque); + buf.data = malloc(buf.length); + if (buf.data == NULL) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + + ret = hex_decode(ireq.u.digestRequest.opaque, buf.data, buf.length); + if (ret <= 0) { + krb5_set_error_string(context, "Failed to decode opaque"); + ret = ENOMEM; + goto out; + } + buf.length = ret; + + ret = decode_Checksum(buf.data, buf.length, &res, NULL); + free(buf.data); + if (ret) { + krb5_set_error_string(context, "Failed to decode digest Checksum"); + goto out; + } + + ret = krb5_storage_to_data(sp, &buf); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + + serverNonce.length = strlen(ireq.u.digestRequest.serverNonce); + serverNonce.data = malloc(serverNonce.length); + if (serverNonce.data == NULL) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + + /* + * CHAP does the checksum of the raw nonce, but do it for all + * types, since we need to check the timestamp. + */ + { + ssize_t ssize; + + ssize = hex_decode(ireq.u.digestRequest.serverNonce, + serverNonce.data, serverNonce.length); + if (ssize <= 0) { + krb5_set_error_string(context, "Failed to decode serverNonce"); + ret = ENOMEM; + goto out; + } + serverNonce.length = ssize; + } + + { + Key *key; + krb5_enctype enctype; + + ret = _kdc_get_preferred_key(context, + config, + server, + "digest-service", + &enctype, + &key); + if (ret) + goto out; + ret = krb5_crypto_init(context, &key->key, 0, &crypto); + if (ret) + goto out; + } + + ret = krb5_verify_checksum(context, crypto, + KRB5_KU_DIGEST_OPAQUE, + buf.data, buf.length, &res); + krb5_crypto_destroy(context, crypto); + crypto = NULL; + if (ret) + goto out; + + /* verify time */ + { + unsigned char *p = serverNonce.data; + uint32_t t; + + if (serverNonce.length < 4) { + krb5_set_error_string(context, "server nonce too short"); + ret = EINVAL; + goto out; + } + t = p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); + + if (abs((kdc_time & 0xffffffff) - t) > context->max_skew) { + krb5_set_error_string(context, "time screw in server nonce "); + ret = EINVAL; + goto out; + } + } + + /* get username */ + ret = krb5_parse_name(context, + ireq.u.digestRequest.username, + &clientprincipal); + if (ret) + goto out; + + ret = _kdc_db_fetch(context, config, clientprincipal, + HDB_F_GET_CLIENT, &db, &user); + + krb5_free_principal(context, clientprincipal); + if (ret) + goto out; + + ret = hdb_entry_get_password(context, db, &user->entry, &password); + if (ret || password == NULL) { + if (ret == 0) { + ret = EINVAL; + krb5_set_error_string(context, "password missing"); + } + goto out; + } + + if (strcasecmp(ireq.u.digestRequest.type, "CHAP") == 0) { + MD5_CTX ctx; + unsigned char md[MD5_DIGEST_LENGTH]; + char id; + + if (ireq.u.digestRequest.identifier == NULL) { + krb5_set_error_string(context, "Identifier missing " + "from CHAP request"); + ret = EINVAL; + goto out; + } + + if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) { + krb5_set_error_string(context, "failed to decode identifier"); + ret = EINVAL; + goto out; + } + + MD5_Init(&ctx); + MD5_Update(&ctx, &id, 1); + MD5_Update(&ctx, password, strlen(password)); + MD5_Update(&ctx, serverNonce.data, serverNonce.length); + MD5_Final(md, &ctx); + + r.element = choice_DigestRepInner_response; + hex_encode(md, sizeof(md), &r.u.response.responseData); + if (r.u.response.responseData == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + } else if (strcasecmp(ireq.u.digestRequest.type, "SASL-DIGEST-MD5") == 0) { + MD5_CTX ctx; + unsigned char md[MD5_DIGEST_LENGTH]; + char *A1, *A2; + + if (ireq.u.digestRequest.nonceCount == NULL) + goto out; + if (ireq.u.digestRequest.clientNonce == NULL) + goto out; + if (ireq.u.digestRequest.qop == NULL) + goto out; + if (ireq.u.digestRequest.realm == NULL) + goto out; + + MD5_Init(&ctx); + MD5_Update(&ctx, ireq.u.digestRequest.username, + strlen(ireq.u.digestRequest.username)); + MD5_Update(&ctx, ":", 1); + MD5_Update(&ctx, *ireq.u.digestRequest.realm, + strlen(*ireq.u.digestRequest.realm)); + MD5_Update(&ctx, ":", 1); + MD5_Update(&ctx, password, strlen(password)); + MD5_Final(md, &ctx); + + MD5_Init(&ctx); + MD5_Update(&ctx, md, sizeof(md)); + MD5_Update(&ctx, ":", 1); + MD5_Update(&ctx, ireq.u.digestRequest.serverNonce, + strlen(ireq.u.digestRequest.serverNonce)); + MD5_Update(&ctx, ":", 1); + MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount, + strlen(*ireq.u.digestRequest.nonceCount)); + if (ireq.u.digestRequest.authid) { + MD5_Update(&ctx, ":", 1); + MD5_Update(&ctx, *ireq.u.digestRequest.authid, + strlen(*ireq.u.digestRequest.authid)); + } + MD5_Final(md, &ctx); + hex_encode(md, sizeof(md), &A1); + if (A1 == NULL) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + + MD5_Init(&ctx); + MD5_Update(&ctx, "AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1); + MD5_Update(&ctx, *ireq.u.digestRequest.uri, + strlen(*ireq.u.digestRequest.uri)); + + /* conf|int */ + if (strcmp(ireq.u.digestRequest.digest, "clear") != 0) { + static char conf_zeros[] = ":00000000000000000000000000000000"; + MD5_Update(&ctx, conf_zeros, sizeof(conf_zeros) - 1); + } + + MD5_Final(md, &ctx); + hex_encode(md, sizeof(md), &A2); + if (A2 == NULL) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + free(A1); + goto out; + } + + MD5_Init(&ctx); + MD5_Update(&ctx, A1, strlen(A2)); + MD5_Update(&ctx, ":", 1); + MD5_Update(&ctx, ireq.u.digestRequest.serverNonce, + strlen(ireq.u.digestRequest.serverNonce)); + MD5_Update(&ctx, ":", 1); + MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount, + strlen(*ireq.u.digestRequest.nonceCount)); + MD5_Update(&ctx, ":", 1); + MD5_Update(&ctx, *ireq.u.digestRequest.clientNonce, + strlen(*ireq.u.digestRequest.clientNonce)); + MD5_Update(&ctx, ":", 1); + MD5_Update(&ctx, *ireq.u.digestRequest.qop, + strlen(*ireq.u.digestRequest.qop)); + MD5_Update(&ctx, ":", 1); + MD5_Update(&ctx, A2, strlen(A2)); + + MD5_Final(md, &ctx); + + r.element = choice_DigestRepInner_response; + hex_encode(md, sizeof(md), &r.u.response.responseData); + + free(A1); + free(A2); + + if (r.u.response.responseData == NULL) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + + } else { + r.element = choice_DigestRepInner_error; + asprintf(&r.u.error.reason, "unsupported digest type %s", + ireq.u.digestRequest.type); + if (r.u.error.reason == NULL) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + r.u.error.code = EINVAL; + } + + break; + } + default: + r.element = choice_DigestRepInner_error; + r.u.error.reason = strdup("unknown operation"); + if (r.u.error.reason == NULL) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + r.u.error.code = EINVAL; + break; + } + + ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret); + if (ret) { + krb5_set_error_string(context, "Failed to encode inner digest reply"); + goto out; + } + if (size != buf.length) + krb5_abortx(context, "ASN1 internal error"); + + krb5_auth_con_addflags(context, ac, KRB5_AUTH_CONTEXT_USE_SUBKEY, NULL); + + ret = krb5_mk_rep (context, ac, &rep.apRep); + if (ret) + goto out; + + { + krb5_keyblock *key; + + ret = krb5_auth_con_getlocalsubkey(context, ac, &key); + if (ret) + goto out; + + ret = krb5_crypto_init(context, key, 0, &crypto); + krb5_free_keyblock (context, key); + if (ret) + goto out; + } + + ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT, + buf.data, buf.length, 0, + &rep.innerRep); + + ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret); + if (ret) { + krb5_set_error_string(context, "Failed to encode digest reply"); + goto out; + } + if (size != reply->length) + krb5_abortx(context, "ASN1 internal error"); + + +out: + if (ac) + krb5_auth_con_free(context, ac); + if (ret) + krb5_warn(context, ret, "Digest request from %s failed", from); + if (ticket) + krb5_free_ticket(context, ticket); + if (id) + krb5_kt_close(context, id); + if (crypto) + krb5_crypto_destroy(context, crypto); + if (sp) + krb5_storage_free(sp); + if (user) + _kdc_free_ent (context, user); + if (server) + _kdc_free_ent (context, server); + if (password) { + memset(password, 0, strlen(password)); + free (password); + } + krb5_data_free(&buf); + krb5_data_free(&serverNonce); + free_DigestREP(&rep); + free_DigestRepInner(&r); + free_DigestReqInner(&ireq); + + return ret; +} diff --git a/source4/heimdal/kdc/headers.h b/source4/heimdal/kdc/headers.h index 86f162aa94..87d713b076 100644 --- a/source4/heimdal/kdc/headers.h +++ b/source4/heimdal/kdc/headers.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ /* - * $Id: headers.h,v 1.16 2005/04/24 13:49:00 lha Exp $ + * $Id: headers.h,v 1.18 2006/10/17 02:22:17 lha Exp $ */ #ifndef __HEADERS_H__ @@ -88,9 +88,10 @@ #include #include #include +#include #include #include -#include /* copy_octet_string */ +#include #undef ALLOC #define ALLOC(X) ((X) = malloc(sizeof(*(X)))) diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c index c08a51b9cc..ac282717ed 100644 --- a/source4/heimdal/kdc/kaserver.c +++ b/source4/heimdal/kdc/kaserver.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kaserver.c,v 1.35 2006/05/05 10:49:50 lha Exp $"); +RCSID("$Id: kaserver.c,v 1.36 2006/08/23 11:43:44 lha Exp $"); #include #include @@ -465,7 +465,8 @@ do_authenticate (krb5_context context, client_name, from, server_name); ret = _kdc_db_fetch4 (context, config, name, instance, - config->v4_realm, HDB_F_GET_CLIENT, &client_entry); + config->v4_realm, HDB_F_GET_CLIENT, + &client_entry); if (ret) { kdc_log(context, config, 0, "Client not found in database: %s: %s", client_name, krb5_get_err_text(context, ret)); diff --git a/source4/heimdal/kdc/kdc-private.h b/source4/heimdal/kdc/kdc-private.h index 251e06b14a..8c2f56002d 100644 --- a/source4/heimdal/kdc/kdc-private.h +++ b/source4/heimdal/kdc/kdc-private.h @@ -4,6 +4,16 @@ #include +krb5_error_code +_kdc_add_KRB5SignedPath ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + hdb_entry_ex */*krbtgt*/, + krb5_enctype /*enctype*/, + krb5_const_principal /*server*/, + KRB5SignedPathPrincipals */*principals*/, + EncTicketPart */*tkt*/); + krb5_error_code _kdc_as_rep ( krb5_context /*context*/, @@ -12,7 +22,15 @@ _kdc_as_rep ( const krb5_data */*req_buffer*/, krb5_data */*reply*/, const char */*from*/, - struct sockaddr */*from_addr*/); + struct sockaddr */*from_addr*/, + int /*datagram_reply*/); + +krb5_boolean +_kdc_check_addresses ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + HostAddresses */*addresses*/, + const struct sockaddr */*from*/); krb5_error_code _kdc_check_flags ( @@ -30,6 +48,7 @@ _kdc_db_fetch ( krb5_kdc_configuration */*config*/, krb5_const_principal /*principal*/, unsigned /*flags*/, + HDB **/*db*/, hdb_entry_ex **/*h*/); krb5_error_code @@ -51,6 +70,15 @@ _kdc_do_524 ( const char */*from*/, struct sockaddr */*addr*/); +krb5_error_code +_kdc_do_digest ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + const DigestREQ */*req*/, + krb5_data */*reply*/, + const char */*from*/, + struct sockaddr */*addr*/); + krb5_error_code _kdc_do_kaserver ( krb5_context /*context*/, @@ -71,6 +99,21 @@ _kdc_do_version4 ( const char */*from*/, struct sockaddr_in */*addr*/); +krb5_error_code +_kdc_encode_reply ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + KDC_REP */*rep*/, + const EncTicketPart */*et*/, + EncKDCRepPart */*ek*/, + krb5_enctype /*etype*/, + int /*skvno*/, + const EncryptionKey */*skey*/, + int /*ckvno*/, + const EncryptionKey */*ckey*/, + const char **/*e_text*/, + krb5_data */*reply*/); + krb5_error_code _kdc_encode_v4_ticket ( krb5_context /*context*/, @@ -81,6 +124,24 @@ _kdc_encode_v4_ticket ( const PrincipalName */*service*/, size_t */*size*/); +krb5_error_code +_kdc_find_etype ( + krb5_context /*context*/, + const hdb_entry_ex */*princ*/, + krb5_enctype */*etypes*/, + unsigned /*len*/, + Key **/*ret_key*/, + krb5_enctype */*ret_etype*/); + +PA_DATA* +_kdc_find_padata ( + KDC_REQ */*req*/, + int */*start*/, + int /*type*/); + +void +_kdc_fix_time (time_t **/*t*/); + void _kdc_free_ent ( krb5_context /*context*/, @@ -94,6 +155,28 @@ _kdc_get_des_key ( krb5_boolean /*prefer_afs_key*/, Key **/*ret_key*/); +krb5_error_code +_kdc_get_preferred_key ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + hdb_entry_ex */*h*/, + const char */*name*/, + krb5_enctype */*enctype*/, + Key **/*key*/); + +void +_kdc_log_timestamp ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + const char */*type*/, + KerberosTime /*authtime*/, + KerberosTime */*starttime*/, + KerberosTime /*endtime*/, + KerberosTime */*renew_till*/); + +krb5_error_code +_kdc_make_anonymous_principalname (PrincipalName */*pn*/); + int _kdc_maybe_version4 ( unsigned char */*buf*/, @@ -120,7 +203,7 @@ _kdc_pk_initialize ( const char */*user_id*/, const char */*anchors*/, char **/*pool*/, - char **/*revoke*/); + char **/*revoke_list*/); krb5_error_code _kdc_pk_mk_pa_reply ( diff --git a/source4/heimdal/kdc/kdc-protos.h b/source4/heimdal/kdc/kdc-protos.h index 5967f933f3..69bc871b01 100644 --- a/source4/heimdal/kdc/kdc-protos.h +++ b/source4/heimdal/kdc/kdc-protos.h @@ -41,25 +41,27 @@ void krb5_kdc_default_config (krb5_kdc_configuration */*config*/); int -krb5_kdc_process_generic_request ( +krb5_kdc_process_krb5_request ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, unsigned char */*buf*/, size_t /*len*/, krb5_data */*reply*/, - krb5_boolean */*prependlength*/, const char */*from*/, - struct sockaddr */*addr*/); + struct sockaddr */*addr*/, + int /*datagram_reply*/); int -krb5_kdc_process_krb5_request ( +krb5_kdc_process_request ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, unsigned char */*buf*/, size_t /*len*/, krb5_data */*reply*/, + krb5_boolean */*prependlength*/, const char */*from*/, - struct sockaddr */*addr*/); + struct sockaddr */*addr*/, + int /*datagram_reply*/); #ifdef __cplusplus } diff --git a/source4/heimdal/kdc/kdc.h b/source4/heimdal/kdc/kdc.h index 2948570e3a..043b6de47d 100644 --- a/source4/heimdal/kdc/kdc.h +++ b/source4/heimdal/kdc/kdc.h @@ -35,7 +35,7 @@ */ /* - * $Id: kdc.h,v 1.6 2006/05/03 12:03:29 lha Exp $ + * $Id: kdc.h,v 1.9 2006/10/09 15:34:07 lha Exp $ */ #ifndef __KDC_H__ @@ -65,10 +65,12 @@ typedef struct krb5_kdc_configuration { char *v4_realm; krb5_boolean enable_v4; + krb5_boolean enable_v4_cross_realm; + krb5_boolean enable_v4_per_principal; + krb5_boolean enable_kaserver; - + krb5_boolean enable_524; - krb5_boolean enable_v4_cross_realm; krb5_boolean enable_pkinit; krb5_boolean enable_pkinit_princ_in_cert; @@ -78,6 +80,9 @@ typedef struct krb5_kdc_configuration { int pkinit_dh_min_bits; + int enable_digest; + size_t max_datagram_reply_length; + } krb5_kdc_configuration; #include diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c index d7a3a9cb69..97e98d86ad 100644 --- a/source4/heimdal/kdc/kerberos4.c +++ b/source4/heimdal/kdc/kerberos4.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,7 +35,7 @@ #include -RCSID("$Id: kerberos4.c,v 1.60 2006/05/05 10:50:44 lha Exp $"); +RCSID("$Id: kerberos4.c,v 1.63 2006/10/08 13:43:27 lha Exp $"); #ifndef swap32 static uint32_t @@ -80,7 +80,7 @@ valid_princ(krb5_context context, ret = krb5_unparse_name(context, princ, &s); if (ret) return FALSE; - ret = _kdc_db_fetch(context, ctx->config, princ, ctx->flags, &ent); + ret = _kdc_db_fetch(context, ctx->config, princ, ctx->flags, NULL, &ent); if (ret) { kdc_log(context, ctx->config, 7, "Lookup %s failed: %s", s, krb5_get_err_text (context, ret)); @@ -111,7 +111,7 @@ _kdc_db_fetch4(krb5_context context, valid_princ, &ctx, 0, &p); if(ret) return ret; - ret = _kdc_db_fetch(context, config, p, flags, ent); + ret = _kdc_db_fetch(context, config, p, flags, NULL, ent); krb5_free_principal(context, p); return ret; } @@ -221,6 +221,17 @@ _kdc_do_version4(krb5_context context, goto out1; } + if (config->enable_v4_per_principal && + client->entry.flags.allow_kerberos4 == 0) + { + kdc_log(context, config, 0, + "Per principal Kerberos 4 flag not turned on for %s", + client_name); + make_err_reply(context, reply, KERB_ERR_NULL_KEY, + "allow kerberos4 flag required"); + goto out1; + } + /* * There's no way to do pre-authentication in v4 and thus no * good error code to return if preauthentication is required. @@ -372,7 +383,7 @@ _kdc_do_version4(krb5_context context, } ret = _kdc_db_fetch(context, config, tgt_princ, - HDB_F_GET_KRBTGT, &tgt); + HDB_F_GET_KRBTGT, NULL, &tgt); if(ret){ char *s; s = kdc_log_msg(context, config, 0, "Ticket-granting ticket not " @@ -668,7 +679,7 @@ _kdc_encode_v4_ticket(krb5_context context, if(ret) return ret; - _krb5_principalname2krb5_principal(context, + _krb5_principalname2krb5_principal(context, &princ, et->cname, et->crealm); diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index a73c2c10b3..19287b31cc 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -33,12 +33,12 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c,v 1.211 2006/04/27 12:01:09 lha Exp $"); +RCSID("$Id: kerberos5.c,v 1.223 2006/10/17 02:16:29 lha Exp $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) -static void -fix_time(time_t **t) +void +_kdc_fix_time(time_t **t) { if(*t == NULL){ ALLOC(*t); @@ -65,13 +65,13 @@ set_salt_padata (METHOD_DATA *md, Salt *salt) if (salt) { realloc_method_data(md); md->val[md->len - 1].padata_type = salt->type; - copy_octet_string(&salt->salt, - &md->val[md->len - 1].padata_value); + der_copy_octet_string(&salt->salt, + &md->val[md->len - 1].padata_value); } } -static PA_DATA* -find_padata(KDC_REQ *req, int *start, int type) +PA_DATA* +_kdc_find_padata(KDC_REQ *req, int *start, int type) { while(*start < req->padata->len){ (*start)++; @@ -87,10 +87,10 @@ find_padata(KDC_REQ *req, int *start, int type) * one, but preferring one that has default salt */ -static krb5_error_code -find_etype(krb5_context context, const hdb_entry_ex *princ, - krb5_enctype *etypes, unsigned len, - Key **ret_key, krb5_enctype *ret_etype) +krb5_error_code +_kdc_find_etype(krb5_context context, const hdb_entry_ex *princ, + krb5_enctype *etypes, unsigned len, + Key **ret_key, krb5_enctype *ret_etype) { int i; krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP; @@ -116,46 +116,8 @@ find_etype(krb5_context context, const hdb_entry_ex *princ, return ret; } -static krb5_error_code -find_keys(krb5_context context, - krb5_kdc_configuration *config, - const hdb_entry_ex *client, - const char *client_name, - const hdb_entry_ex *server, - const char *server_name, - Key **ckey, - krb5_enctype *cetype, - Key **skey, - krb5_enctype *setype, - krb5_enctype *etypes, - unsigned num_etypes) -{ - krb5_error_code ret; - - if(client){ - /* find client key */ - ret = find_etype(context, client, etypes, num_etypes, ckey, cetype); - if (ret) { - kdc_log(context, config, 0, - "Client (%s) has no support for etypes", client_name); - return ret; - } - } - - if(server){ - /* find server key */ - ret = find_etype(context, server, etypes, num_etypes, skey, setype); - if (ret) { - kdc_log(context, config, 0, - "Server (%s) has no support for etypes", server_name); - return ret; - } - } - return 0; -} - -static krb5_error_code -make_anonymous_principalname (PrincipalName *pn) +krb5_error_code +_kdc_make_anonymous_principalname (PrincipalName *pn) { pn->name_type = KRB5_NT_PRINCIPAL; pn->name_string.len = 1; @@ -171,12 +133,12 @@ make_anonymous_principalname (PrincipalName *pn) return 0; } -static void -log_timestamp(krb5_context context, - krb5_kdc_configuration *config, - const char *type, - KerberosTime authtime, KerberosTime *starttime, - KerberosTime endtime, KerberosTime *renew_till) +void +_kdc_log_timestamp(krb5_context context, + krb5_kdc_configuration *config, + const char *type, + KerberosTime authtime, KerberosTime *starttime, + KerberosTime endtime, KerberosTime *renew_till) { char authtime_str[100], starttime_str[100], endtime_str[100], renewtime_str[100]; @@ -248,15 +210,15 @@ log_patypes(krb5_context context, */ -static krb5_error_code -encode_reply(krb5_context context, - krb5_kdc_configuration *config, - KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek, - krb5_enctype etype, - int skvno, EncryptionKey *skey, - int ckvno, EncryptionKey *ckey, - const char **e_text, - krb5_data *reply) +krb5_error_code +_kdc_encode_reply(krb5_context context, + krb5_kdc_configuration *config, + KDC_REP *rep, const EncTicketPart *et, EncKDCRepPart *ek, + krb5_enctype etype, + int skvno, const EncryptionKey *skey, + int ckvno, const EncryptionKey *ckey, + const char **e_text, + krb5_data *reply) { unsigned char *buf; size_t buf_size; @@ -795,10 +757,10 @@ _kdc_check_flags(krb5_context context, * these checks */ -static krb5_boolean -check_addresses(krb5_context context, - krb5_kdc_configuration *config, - HostAddresses *addresses, const struct sockaddr *from) +krb5_boolean +_kdc_check_addresses(krb5_context context, + krb5_kdc_configuration *config, + HostAddresses *addresses, const struct sockaddr *from) { krb5_error_code ret; krb5_address addr; @@ -843,13 +805,14 @@ _kdc_as_rep(krb5_context context, const krb5_data *req_buffer, krb5_data *reply, const char *from, - struct sockaddr *from_addr) + struct sockaddr *from_addr, + int datagram_reply) { KDC_REQ_BODY *b = &req->req_body; AS_REP rep; KDCOptions f = b->kdc_options; hdb_entry_ex *client = NULL, *server = NULL; - krb5_enctype cetype, setype; + krb5_enctype cetype, setype, sessionetype; EncTicketPart et; EncKDCRepPart ek; krb5_principal client_princ = NULL, server_princ = NULL; @@ -869,12 +832,15 @@ _kdc_as_rep(krb5_context context, ret = KRB5KRB_ERR_GENERIC; e_text = "No server in request"; } else{ - _krb5_principalname2krb5_principal (context, &server_princ, - *(b->sname), b->realm); + _krb5_principalname2krb5_principal (context, + &server_princ, + *(b->sname), + b->realm); ret = krb5_unparse_name(context, server_princ, &server_name); } if (ret) { - kdc_log(context, config, 0, "AS-REQ malformed server name from %s", from); + kdc_log(context, config, 0, + "AS-REQ malformed server name from %s", from); goto out; } @@ -882,12 +848,15 @@ _kdc_as_rep(krb5_context context, ret = KRB5KRB_ERR_GENERIC; e_text = "No client in request"; } else { - _krb5_principalname2krb5_principal (context, &client_princ, - *(b->cname), b->realm); + _krb5_principalname2krb5_principal (context, + &client_princ, + *(b->cname), + b->realm); ret = krb5_unparse_name(context, client_princ, &client_name); } if (ret) { - kdc_log(context, config, 0, "AS-REQ malformed client name from %s", from); + kdc_log(context, config, 0, + "AS-REQ malformed client name from %s", from); goto out; } @@ -895,7 +864,7 @@ _kdc_as_rep(krb5_context context, client_name, from, server_name); ret = _kdc_db_fetch(context, config, client_princ, - HDB_F_GET_CLIENT, &client); + HDB_F_GET_CLIENT, NULL, &client); if(ret){ kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name, krb5_get_err_text(context, ret)); @@ -904,7 +873,8 @@ _kdc_as_rep(krb5_context context, } ret = _kdc_db_fetch(context, config, server_princ, - HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, &server); + HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, + NULL, &server); if(ret){ kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name, krb5_get_err_text(context, ret)); @@ -943,11 +913,11 @@ _kdc_as_rep(krb5_context context, e_text = "No PKINIT PA found"; i = 0; - if ((pa = find_padata(req, &i, KRB5_PADATA_PK_AS_REQ))) + if ((pa = _kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_REQ))) ; if (pa == NULL) { i = 0; - if((pa = find_padata(req, &i, KRB5_PADATA_PK_AS_REQ_WIN))) + if((pa = _kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_REQ_WIN))) ; } if (pa) { @@ -995,7 +965,7 @@ _kdc_as_rep(krb5_context context, i = 0; e_text = "No ENC-TS found"; - while((pa = find_padata(req, &i, KRB5_PADATA_ENC_TIMESTAMP))){ + while((pa = _kdc_find_padata(req, &i, KRB5_PADATA_ENC_TIMESTAMP))){ krb5_data ts_data; PA_ENC_TS_ENC p; size_t len; @@ -1056,7 +1026,7 @@ _kdc_as_rep(krb5_context context, if(ret){ krb5_error_code ret2; ret2 = krb5_enctype_to_string(context, - pa_key->key.keytype, &str); + pa_key->key.keytype, &str); if (ret2) str = NULL; kdc_log(context, config, 5, @@ -1092,9 +1062,18 @@ _kdc_as_rep(krb5_context context, } free_PA_ENC_TS_ENC(&p); if (abs(kdc_time - p.patimestamp) > context->max_skew) { + char client_time[100]; + + krb5_format_time(context, p.patimestamp, + client_time, sizeof(client_time), TRUE); + ret = KRB5KRB_AP_ERR_SKEW; kdc_log(context, config, 0, - "Too large time skew -- %s", client_name); + "Too large time skew, client time %s is out by %u > %u seconds -- %s", + client_time, + (unsigned)abs(kdc_time - p.patimestamp), + context->max_skew, + client_name); /* * the following is needed to make windows clients * to retry using the timestamp in the error message @@ -1162,7 +1141,7 @@ _kdc_as_rep(krb5_context context, * both info replies (we send 'info' first in the list). * - If the client is 'modern', because it knows about 'new' * enctype types, then only send the 'info2' reply. - */ + */ /* XXX check ret */ if (only_older_enctype_p(req)) @@ -1197,14 +1176,54 @@ _kdc_as_rep(krb5_context context, goto out2; } - ret = find_keys(context, config, - client, client_name, - server, server_name, - &ckey, &cetype, &skey, &setype, - b->etype.val, b->etype.len); - if(ret) + /* + * Find the client key (for preauth ENC-TS verification and reply + * encryption). Then the best encryption type for the KDC and + * last the best session key that shared between the client and + * KDC runtime enctypes. + */ + + ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len, + &ckey, &cetype); + if (ret) { + kdc_log(context, config, 0, + "Client (%s) has no support for etypes", client_name); goto out; + } + ret = _kdc_get_preferred_key(context, config, + server, server_name, + &setype, &skey); + if(ret) + goto out; + + { + const krb5_enctype *p; + int i, j; + + p = krb5_kerberos_enctypes(context); + + sessionetype = ETYPE_NULL; + + for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) { + if (krb5_enctype_valid(context, p[i]) != 0) + continue; + for (j = 0; j < b->etype.len; j++) { + if (p[i] == b->etype.val[j]) { + sessionetype = p[i]; + break; + } + } + } + if (sessionetype == ETYPE_NULL) { + kdc_log(context, config, 0, + "Client (%s) from %s has no common enctypes with KDC" + "to use for the session key", + client_name, from); + goto out; + } + } + { struct rk_strpool *p = NULL; char *str; @@ -1268,9 +1287,9 @@ _kdc_as_rep(krb5_context context, rep.msg_type = krb_as_rep; copy_Realm(&client->entry.principal->realm, &rep.crealm); if (f.request_anonymous) - make_anonymous_principalname (&rep.cname); + _kdc_make_anonymous_principalname (&rep.cname); else - _krb5_principal2principalname(&rep.cname, + _krb5_principal2principalname(&rep.cname, client->entry.principal); rep.ticket.tkt_vno = 5; copy_Realm(&server->entry.principal->realm, &rep.ticket.realm); @@ -1304,14 +1323,14 @@ _kdc_as_rep(krb5_context context, } /* check for valid set of addresses */ - if(!check_addresses(context, config, b->addresses, from_addr)) { + if(!_kdc_check_addresses(context, config, b->addresses, from_addr)) { ret = KRB5KRB_AP_ERR_BADADDR; kdc_log(context, config, 0, "Bad address list requested -- %s", client_name); goto out; } - krb5_generate_random_keyblock(context, setype, &et.key); + krb5_generate_random_keyblock(context, sessionetype, &et.key); copy_PrincipalName(&rep.cname, &et.cname); copy_Realm(&rep.crealm, &et.crealm); @@ -1327,7 +1346,7 @@ _kdc_as_rep(krb5_context context, et.flags.invalid = 1; et.flags.postdated = 1; /* XXX ??? */ } - fix_time(&b->till); + _kdc_fix_time(&b->till); t = *b->till; /* be careful not overflowing */ @@ -1392,7 +1411,7 @@ _kdc_as_rep(krb5_context context, ek.last_req.len = 0; if (client->entry.pw_end && (config->kdc_warn_pwexpire == 0 - || kdc_time + config->kdc_warn_pwexpire <= *client->entry.pw_end)) { + || kdc_time + config->kdc_warn_pwexpire >= *client->entry.pw_end)) { ek.last_req.val[ek.last_req.len].lr_type = LR_PW_EXPTIME; ek.last_req.val[ek.last_req.len].lr_value = *client->entry.pw_end; ++ek.last_req.len; @@ -1472,15 +1491,37 @@ _kdc_as_rep(krb5_context context, goto out; } - log_timestamp(context, config, "AS-REQ", et.authtime, et.starttime, - et.endtime, et.renew_till); + _kdc_log_timestamp(context, config, "AS-REQ", et.authtime, et.starttime, + et.endtime, et.renew_till); + + /* do this as the last thing since this signs the EncTicketPart */ + ret = _kdc_add_KRB5SignedPath(context, + config, + server, + setype, + NULL, + NULL, + &et); + if (ret) + goto out; - ret = encode_reply(context, config, - &rep, &et, &ek, setype, server->entry.kvno, &skey->key, - client->entry.kvno, reply_key, &e_text, reply); + ret = _kdc_encode_reply(context, config, + &rep, &et, &ek, setype, server->entry.kvno, + &skey->key, client->entry.kvno, + reply_key, &e_text, reply); free_EncTicketPart(&et); free_EncKDCRepPart(&ek); - out: + if (ret) + goto out; + + /* */ + if (datagram_reply && reply->length > config->max_datagram_reply_length) { + krb5_data_free(reply); + ret = KRB5KRB_ERR_RESPONSE_TOO_BIG; + e_text = "Reply packet too large"; + } + +out: free_AS_REP(&rep); if(ret){ krb5_mk_error(context, @@ -1494,7 +1535,7 @@ _kdc_as_rep(krb5_context context, reply); ret = 0; } - out2: +out2: #ifdef PKINIT if (pkp) _kdc_pk_free_client_param(context, pkp); @@ -1511,1089 +1552,3 @@ _kdc_as_rep(krb5_context context, _kdc_free_ent(context, server); return ret; } - - -static krb5_error_code -check_tgs_flags(krb5_context context, - krb5_kdc_configuration *config, - KDC_REQ_BODY *b, EncTicketPart *tgt, EncTicketPart *et) -{ - KDCOptions f = b->kdc_options; - - if(f.validate){ - if(!tgt->flags.invalid || tgt->starttime == NULL){ - kdc_log(context, config, 0, - "Bad request to validate ticket"); - return KRB5KDC_ERR_BADOPTION; - } - if(*tgt->starttime > kdc_time){ - kdc_log(context, config, 0, - "Early request to validate ticket"); - return KRB5KRB_AP_ERR_TKT_NYV; - } - /* XXX tkt = tgt */ - et->flags.invalid = 0; - }else if(tgt->flags.invalid){ - kdc_log(context, config, 0, - "Ticket-granting ticket has INVALID flag set"); - return KRB5KRB_AP_ERR_TKT_INVALID; - } - - if(f.forwardable){ - if(!tgt->flags.forwardable){ - kdc_log(context, config, 0, - "Bad request for forwardable ticket"); - return KRB5KDC_ERR_BADOPTION; - } - et->flags.forwardable = 1; - } - if(f.forwarded){ - if(!tgt->flags.forwardable){ - kdc_log(context, config, 0, - "Request to forward non-forwardable ticket"); - return KRB5KDC_ERR_BADOPTION; - } - et->flags.forwarded = 1; - et->caddr = b->addresses; - } - if(tgt->flags.forwarded) - et->flags.forwarded = 1; - - if(f.proxiable){ - if(!tgt->flags.proxiable){ - kdc_log(context, config, 0, - "Bad request for proxiable ticket"); - return KRB5KDC_ERR_BADOPTION; - } - et->flags.proxiable = 1; - } - if(f.proxy){ - if(!tgt->flags.proxiable){ - kdc_log(context, config, 0, - "Request to proxy non-proxiable ticket"); - return KRB5KDC_ERR_BADOPTION; - } - et->flags.proxy = 1; - et->caddr = b->addresses; - } - if(tgt->flags.proxy) - et->flags.proxy = 1; - - if(f.allow_postdate){ - if(!tgt->flags.may_postdate){ - kdc_log(context, config, 0, - "Bad request for post-datable ticket"); - return KRB5KDC_ERR_BADOPTION; - } - et->flags.may_postdate = 1; - } - if(f.postdated){ - if(!tgt->flags.may_postdate){ - kdc_log(context, config, 0, - "Bad request for postdated ticket"); - return KRB5KDC_ERR_BADOPTION; - } - if(b->from) - *et->starttime = *b->from; - et->flags.postdated = 1; - et->flags.invalid = 1; - }else if(b->from && *b->from > kdc_time + context->max_skew){ - kdc_log(context, config, 0, "Ticket cannot be postdated"); - return KRB5KDC_ERR_CANNOT_POSTDATE; - } - - if(f.renewable){ - if(!tgt->flags.renewable){ - kdc_log(context, config, 0, - "Bad request for renewable ticket"); - return KRB5KDC_ERR_BADOPTION; - } - et->flags.renewable = 1; - ALLOC(et->renew_till); - fix_time(&b->rtime); - *et->renew_till = *b->rtime; - } - if(f.renew){ - time_t old_life; - if(!tgt->flags.renewable || tgt->renew_till == NULL){ - kdc_log(context, config, 0, - "Request to renew non-renewable ticket"); - return KRB5KDC_ERR_BADOPTION; - } - old_life = tgt->endtime; - if(tgt->starttime) - old_life -= *tgt->starttime; - else - old_life -= tgt->authtime; - et->endtime = *et->starttime + old_life; - if (et->renew_till != NULL) - et->endtime = min(*et->renew_till, et->endtime); - } - - /* checks for excess flags */ - if(f.request_anonymous && !config->allow_anonymous){ - kdc_log(context, config, 0, - "Request for anonymous ticket"); - return KRB5KDC_ERR_BADOPTION; - } - return 0; -} - -static krb5_error_code -fix_transited_encoding(krb5_context context, - krb5_kdc_configuration *config, - krb5_boolean check_policy, - TransitedEncoding *tr, - EncTicketPart *et, - const char *client_realm, - const char *server_realm, - const char *tgt_realm) -{ - krb5_error_code ret = 0; - char **realms, **tmp; - int num_realms; - int i; - - switch (tr->tr_type) { - case DOMAIN_X500_COMPRESS: - break; - case 0: - /* - * Allow empty content of type 0 because that is was Microsoft - * generates in their TGT. - */ - if (tr->contents.length == 0) - break; - kdc_log(context, config, 0, - "Transited type 0 with non empty content"); - return KRB5KDC_ERR_TRTYPE_NOSUPP; - default: - kdc_log(context, config, 0, - "Unknown transited type: %u", tr->tr_type); - return KRB5KDC_ERR_TRTYPE_NOSUPP; - } - - ret = krb5_domain_x500_decode(context, - tr->contents, - &realms, - &num_realms, - client_realm, - server_realm); - if(ret){ - krb5_warn(context, ret, - "Decoding transited encoding"); - return ret; - } - if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) { - /* not us, so add the previous realm to transited set */ - if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) { - ret = ERANGE; - goto free_realms; - } - tmp = realloc(realms, (num_realms + 1) * sizeof(*realms)); - if(tmp == NULL){ - ret = ENOMEM; - goto free_realms; - } - realms = tmp; - realms[num_realms] = strdup(tgt_realm); - if(realms[num_realms] == NULL){ - ret = ENOMEM; - goto free_realms; - } - num_realms++; - } - if(num_realms == 0) { - if(strcmp(client_realm, server_realm)) - kdc_log(context, config, 0, - "cross-realm %s -> %s", client_realm, server_realm); - } else { - size_t l = 0; - char *rs; - for(i = 0; i < num_realms; i++) - l += strlen(realms[i]) + 2; - rs = malloc(l); - if(rs != NULL) { - *rs = '\0'; - for(i = 0; i < num_realms; i++) { - if(i > 0) - strlcat(rs, ", ", l); - strlcat(rs, realms[i], l); - } - kdc_log(context, config, 0, - "cross-realm %s -> %s via [%s]", - client_realm, server_realm, rs); - free(rs); - } - } - if(check_policy) { - ret = krb5_check_transited(context, client_realm, - server_realm, - realms, num_realms, NULL); - if(ret) { - krb5_warn(context, ret, "cross-realm %s -> %s", - client_realm, server_realm); - goto free_realms; - } - et->flags.transited_policy_checked = 1; - } - et->transited.tr_type = DOMAIN_X500_COMPRESS; - ret = krb5_domain_x500_encode(realms, num_realms, &et->transited.contents); - if(ret) - krb5_warn(context, ret, "Encoding transited encoding"); - free_realms: - for(i = 0; i < num_realms; i++) - free(realms[i]); - free(realms); - return ret; -} - - -static krb5_error_code -tgs_make_reply(krb5_context context, - krb5_kdc_configuration *config, - KDC_REQ_BODY *b, - EncTicketPart *tgt, - EncTicketPart *adtkt, - AuthorizationData *auth_data, - krb5_ticket *tgs_ticket, - hdb_entry_ex *server, - const char *server_name, - hdb_entry_ex *client, - krb5_principal client_principal, - hdb_entry_ex *krbtgt, - EncryptionKey *tgtkey, - krb5_enctype cetype, - const char **e_text, - krb5_data *reply) -{ - KDC_REP rep; - EncKDCRepPart ek; - EncTicketPart et; - KDCOptions f = b->kdc_options; - krb5_error_code ret; - krb5_enctype etype; - Key *skey; - EncryptionKey *ekey; - AuthorizationData *new_auth_data = NULL; - - if(adtkt) { - int i; - ekey = &adtkt->key; - for(i = 0; i < b->etype.len; i++) - if (b->etype.val[i] == adtkt->key.keytype) - break; - if(i == b->etype.len) { - krb5_clear_error_string(context); - return KRB5KDC_ERR_ETYPE_NOSUPP; - } - etype = b->etype.val[i]; - }else{ - ret = find_keys(context, config, - NULL, NULL, server, server_name, - NULL, NULL, &skey, &etype, - b->etype.val, b->etype.len); - if(ret) - return ret; - ekey = &skey->key; - } - - memset(&rep, 0, sizeof(rep)); - memset(&et, 0, sizeof(et)); - memset(&ek, 0, sizeof(ek)); - - rep.pvno = 5; - rep.msg_type = krb_tgs_rep; - - et.authtime = tgt->authtime; - fix_time(&b->till); - et.endtime = min(tgt->endtime, *b->till); - ALLOC(et.starttime); - *et.starttime = kdc_time; - - ret = check_tgs_flags(context, config, b, tgt, &et); - if(ret) - goto out; - - /* We should check the transited encoding if: - 1) the request doesn't ask not to be checked - 2) globally enforcing a check - 3) principal requires checking - 4) we allow non-check per-principal, but principal isn't marked as allowing this - 5) we don't globally allow this - */ - -#define GLOBAL_FORCE_TRANSITED_CHECK \ - (config->trpolicy == TRPOLICY_ALWAYS_CHECK) -#define GLOBAL_ALLOW_PER_PRINCIPAL \ - (config->trpolicy == TRPOLICY_ALLOW_PER_PRINCIPAL) -#define GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK \ - (config->trpolicy == TRPOLICY_ALWAYS_HONOUR_REQUEST) - -/* these will consult the database in future release */ -#define PRINCIPAL_FORCE_TRANSITED_CHECK(P) 0 -#define PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(P) 0 - - ret = fix_transited_encoding(context, config, - !f.disable_transited_check || - GLOBAL_FORCE_TRANSITED_CHECK || - PRINCIPAL_FORCE_TRANSITED_CHECK(server) || - !((GLOBAL_ALLOW_PER_PRINCIPAL && - PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(server)) || - GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK), - &tgt->transited, &et, - *krb5_princ_realm(context, client_principal), - *krb5_princ_realm(context, server->entry.principal), - *krb5_princ_realm(context, krbtgt->entry.principal)); - if(ret) - goto out; - - copy_Realm(krb5_princ_realm(context, server->entry.principal), - &rep.ticket.realm); - _krb5_principal2principalname(&rep.ticket.sname, server->entry.principal); - copy_Realm(&tgt->crealm, &rep.crealm); - if (f.request_anonymous) - make_anonymous_principalname (&tgt->cname); - else - copy_PrincipalName(&tgt->cname, &rep.cname); - rep.ticket.tkt_vno = 5; - - ek.caddr = et.caddr; - if(et.caddr == NULL) - et.caddr = tgt->caddr; - - { - time_t life; - life = et.endtime - *et.starttime; - if(client && client->entry.max_life) - life = min(life, *client->entry.max_life); - if(server->entry.max_life) - life = min(life, *server->entry.max_life); - et.endtime = *et.starttime + life; - } - if(f.renewable_ok && tgt->flags.renewable && - et.renew_till == NULL && et.endtime < *b->till){ - et.flags.renewable = 1; - ALLOC(et.renew_till); - *et.renew_till = *b->till; - } - if(et.renew_till){ - time_t renew; - renew = *et.renew_till - et.authtime; - if(client && client->entry.max_renew) - renew = min(renew, *client->entry.max_renew); - if(server->entry.max_renew) - renew = min(renew, *server->entry.max_renew); - *et.renew_till = et.authtime + renew; - } - - if(et.renew_till){ - *et.renew_till = min(*et.renew_till, *tgt->renew_till); - *et.starttime = min(*et.starttime, *et.renew_till); - et.endtime = min(et.endtime, *et.renew_till); - } - - *et.starttime = min(*et.starttime, et.endtime); - - if(*et.starttime == et.endtime){ - ret = KRB5KDC_ERR_NEVER_VALID; - goto out; - } - if(et.renew_till && et.endtime == *et.renew_till){ - free(et.renew_till); - et.renew_till = NULL; - et.flags.renewable = 0; - } - - et.flags.pre_authent = tgt->flags.pre_authent; - et.flags.hw_authent = tgt->flags.hw_authent; - et.flags.anonymous = tgt->flags.anonymous; - et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate; - - - krb5_generate_random_keyblock(context, etype, &et.key); - - if (server->authz_data_tgs_req) { - ret = server->authz_data_tgs_req(context, server, - client_principal, - tgs_ticket->ticket.authorization_data, - tgs_ticket->ticket.authtime, - tgtkey, - ekey, - &et.key, - &new_auth_data); - if (ret) { - new_auth_data = NULL; - } - } - - /* XXX Check enc-authorization-data */ - et.authorization_data = new_auth_data; - - et.crealm = tgt->crealm; - et.cname = tgt->cname; - - ek.key = et.key; - /* MIT must have at least one last_req */ - ek.last_req.len = 1; - ek.last_req.val = calloc(1, sizeof(*ek.last_req.val)); - ek.nonce = b->nonce; - ek.flags = et.flags; - ek.authtime = et.authtime; - ek.starttime = et.starttime; - ek.endtime = et.endtime; - ek.renew_till = et.renew_till; - ek.srealm = rep.ticket.realm; - ek.sname = rep.ticket.sname; - - log_timestamp(context, config, "TGS-REQ", et.authtime, et.starttime, - et.endtime, et.renew_till); - - /* It is somewhat unclear where the etype in the following - encryption should come from. What we have is a session - key in the passed tgt, and a list of preferred etypes - *for the new ticket*. Should we pick the best possible - etype, given the keytype in the tgt, or should we look - at the etype list here as well? What if the tgt - session key is DES3 and we want a ticket with a (say) - CAST session key. Should the DES3 etype be added to the - etype list, even if we don't want a session key with - DES3? */ - ret = encode_reply(context, config, - &rep, &et, &ek, etype, adtkt ? 0 : server->entry.kvno, - ekey, 0, &tgt->key, e_text, reply); - out: - free_TGS_REP(&rep); - free_TransitedEncoding(&et.transited); - if(et.starttime) - free(et.starttime); - if(et.renew_till) - free(et.renew_till); - free_LastReq(&ek.last_req); - memset(et.key.keyvalue.data, 0, et.key.keyvalue.length); - free_EncryptionKey(&et.key); - return ret; -} - -static krb5_error_code -tgs_check_authenticator(krb5_context context, - krb5_kdc_configuration *config, - krb5_auth_context ac, - KDC_REQ_BODY *b, - const char **e_text, - krb5_keyblock *key) -{ - krb5_authenticator auth; - size_t len; - unsigned char *buf; - size_t buf_size; - krb5_error_code ret; - krb5_crypto crypto; - - krb5_auth_con_getauthenticator(context, ac, &auth); - if(auth->cksum == NULL){ - kdc_log(context, config, 0, "No authenticator in request"); - ret = KRB5KRB_AP_ERR_INAPP_CKSUM; - goto out; - } - /* - * according to RFC1510 it doesn't need to be keyed, - * but according to the latest draft it needs to. - */ - if ( -#if 0 -!krb5_checksum_is_keyed(context, auth->cksum->cksumtype) - || -#endif - !krb5_checksum_is_collision_proof(context, auth->cksum->cksumtype)) { - kdc_log(context, config, 0, "Bad checksum type in authenticator: %d", - auth->cksum->cksumtype); - ret = KRB5KRB_AP_ERR_INAPP_CKSUM; - goto out; - } - - /* XXX should not re-encode this */ - ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, b, &len, ret); - if(ret){ - kdc_log(context, config, 0, "Failed to encode KDC-REQ-BODY: %s", - krb5_get_err_text(context, ret)); - goto out; - } - if(buf_size != len) { - free(buf); - kdc_log(context, config, 0, "Internal error in ASN.1 encoder"); - *e_text = "KDC internal error"; - ret = KRB5KRB_ERR_GENERIC; - goto out; - } - ret = krb5_crypto_init(context, key, 0, &crypto); - if (ret) { - free(buf); - kdc_log(context, config, 0, "krb5_crypto_init failed: %s", - krb5_get_err_text(context, ret)); - goto out; - } - ret = krb5_verify_checksum(context, - crypto, - KRB5_KU_TGS_REQ_AUTH_CKSUM, - buf, - len, - auth->cksum); - free(buf); - krb5_crypto_destroy(context, crypto); - if(ret){ - kdc_log(context, config, 0, - "Failed to verify authenticator checksum: %s", - krb5_get_err_text(context, ret)); - } -out: - free_Authenticator(auth); - free(auth); - return ret; -} - -/* - * return the realm of a krbtgt-ticket or NULL - */ - -static Realm -get_krbtgt_realm(const PrincipalName *p) -{ - if(p->name_string.len == 2 - && strcmp(p->name_string.val[0], KRB5_TGS_NAME) == 0) - return p->name_string.val[1]; - else - return NULL; -} - -static const char * -find_rpath(krb5_context context, Realm crealm, Realm srealm) -{ - const char *new_realm = krb5_config_get_string(context, - NULL, - "capaths", - crealm, - srealm, - NULL); - return new_realm; -} - - -static krb5_boolean -need_referral(krb5_context context, krb5_principal server, krb5_realm **realms) -{ - if(server->name.name_type != KRB5_NT_SRV_INST || - server->name.name_string.len != 2) - return FALSE; - - return _krb5_get_host_realm_int(context, server->name.name_string.val[1], - FALSE, realms) == 0; -} - -static krb5_error_code -tgs_rep2(krb5_context context, - krb5_kdc_configuration *config, - KDC_REQ_BODY *b, - PA_DATA *tgs_req, - krb5_data *reply, - const char *from, - const struct sockaddr *from_addr, - time_t **csec, - int **cusec) -{ - krb5_ap_req ap_req; - krb5_error_code ret; - krb5_principal princ; - krb5_auth_context ac = NULL; - krb5_ticket *ticket = NULL; - krb5_flags ap_req_options; - krb5_flags verify_ap_req_flags; - const char *e_text = NULL; - krb5_crypto crypto; - - hdb_entry_ex *krbtgt = NULL; - EncTicketPart *tgt; - Key *tkey; - krb5_enctype cetype; - krb5_principal cp = NULL; - krb5_principal sp = NULL; - AuthorizationData *auth_data = NULL; - - *csec = NULL; - *cusec = NULL; - - memset(&ap_req, 0, sizeof(ap_req)); - ret = krb5_decode_ap_req(context, &tgs_req->padata_value, &ap_req); - if(ret){ - kdc_log(context, config, 0, "Failed to decode AP-REQ: %s", - krb5_get_err_text(context, ret)); - goto out2; - } - - if(!get_krbtgt_realm(&ap_req.ticket.sname)){ - /* XXX check for ticket.sname == req.sname */ - kdc_log(context, config, 0, "PA-DATA is not a ticket-granting ticket"); - ret = KRB5KDC_ERR_POLICY; /* ? */ - goto out2; - } - - _krb5_principalname2krb5_principal(context, &princ, - ap_req.ticket.sname, - ap_req.ticket.realm); - - ret = _kdc_db_fetch(context, config, princ, HDB_F_GET_KRBTGT, &krbtgt); - - if(ret) { - char *p; - ret = krb5_unparse_name(context, princ, &p); - if (ret != 0) - p = ""; - krb5_free_principal(context, princ); - kdc_log(context, config, 0, - "Ticket-granting ticket not found in database: %s: %s", - p, krb5_get_err_text(context, ret)); - if (ret == 0) - free(p); - ret = KRB5KRB_AP_ERR_NOT_US; - goto out2; - } - - if(ap_req.ticket.enc_part.kvno && - *ap_req.ticket.enc_part.kvno != krbtgt->entry.kvno){ - char *p; - - ret = krb5_unparse_name (context, princ, &p); - krb5_free_principal(context, princ); - if (ret != 0) - p = ""; - kdc_log(context, config, 0, - "Ticket kvno = %d, DB kvno = %d (%s)", - *ap_req.ticket.enc_part.kvno, - krbtgt->entry.kvno, - p); - if (ret == 0) - free (p); - ret = KRB5KRB_AP_ERR_BADKEYVER; - goto out2; - } - - ret = hdb_enctype2key(context, &krbtgt->entry, - ap_req.ticket.enc_part.etype, &tkey); - if(ret){ - char *str, *p; - krb5_enctype_to_string(context, ap_req.ticket.enc_part.etype, &str); - krb5_unparse_name(context, princ, &p); - kdc_log(context, config, 0, - "No server key with enctype %s found for %s", str, p); - free(str); - free(p); - ret = KRB5KRB_AP_ERR_BADKEYVER; - goto out2; - } - - if (b->kdc_options.validate) - verify_ap_req_flags = KRB5_VERIFY_AP_REQ_IGNORE_INVALID; - else - verify_ap_req_flags = 0; - - ret = krb5_verify_ap_req2(context, - &ac, - &ap_req, - princ, - &tkey->key, - verify_ap_req_flags, - &ap_req_options, - &ticket, - KRB5_KU_TGS_REQ_AUTH); - - krb5_free_principal(context, princ); - if(ret) { - kdc_log(context, config, 0, "Failed to verify AP-REQ: %s", - krb5_get_err_text(context, ret)); - goto out2; - } - - { - krb5_authenticator auth; - - ret = krb5_auth_con_getauthenticator(context, ac, &auth); - if (ret == 0) { - *csec = malloc(sizeof(**csec)); - if (*csec == NULL) { - krb5_free_authenticator(context, &auth); - kdc_log(context, config, 0, "malloc failed"); - goto out2; - } - **csec = auth->ctime; - *cusec = malloc(sizeof(**cusec)); - if (*cusec == NULL) { - krb5_free_authenticator(context, &auth); - kdc_log(context, config, 0, "malloc failed"); - goto out2; - } - **csec = auth->cusec; - krb5_free_authenticator(context, &auth); - } - } - - cetype = ap_req.authenticator.etype; - - tgt = &ticket->ticket; - - ret = tgs_check_authenticator(context, config, - ac, b, &e_text, &tgt->key); - if (ret) { - krb5_auth_con_free(context, ac); - goto out2; - } - - if (b->enc_authorization_data) { - krb5_keyblock *subkey; - krb5_data ad; - ret = krb5_auth_con_getremotesubkey(context, - ac, - &subkey); - if(ret){ - krb5_auth_con_free(context, ac); - kdc_log(context, config, 0, "Failed to get remote subkey: %s", - krb5_get_err_text(context, ret)); - goto out2; - } - if(subkey == NULL){ - ret = krb5_auth_con_getkey(context, ac, &subkey); - if(ret) { - krb5_auth_con_free(context, ac); - kdc_log(context, config, 0, "Failed to get session key: %s", - krb5_get_err_text(context, ret)); - goto out2; - } - } - if(subkey == NULL){ - krb5_auth_con_free(context, ac); - kdc_log(context, config, 0, - "Failed to get key for enc-authorization-data"); - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ - goto out2; - } - ret = krb5_crypto_init(context, subkey, 0, &crypto); - if (ret) { - krb5_auth_con_free(context, ac); - kdc_log(context, config, 0, "krb5_crypto_init failed: %s", - krb5_get_err_text(context, ret)); - goto out2; - } - ret = krb5_decrypt_EncryptedData (context, - crypto, - KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY, - b->enc_authorization_data, - &ad); - krb5_crypto_destroy(context, crypto); - if(ret){ - krb5_auth_con_free(context, ac); - kdc_log(context, config, 0, "Failed to decrypt enc-authorization-data"); - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ - goto out2; - } - krb5_free_keyblock(context, subkey); - ALLOC(auth_data); - ret = decode_AuthorizationData(ad.data, ad.length, auth_data, NULL); - if(ret){ - krb5_auth_con_free(context, ac); - free(auth_data); - auth_data = NULL; - kdc_log(context, config, 0, "Failed to decode authorization data"); - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ - goto out2; - } - } - - krb5_auth_con_free(context, ac); - - { - PrincipalName *s; - Realm r; - char *spn = NULL, *cpn = NULL; - hdb_entry_ex *server = NULL, *client = NULL; - int nloop = 0; - EncTicketPart adtkt; - char opt_str[128]; - - s = b->sname; - r = b->realm; - if(b->kdc_options.enc_tkt_in_skey){ - Ticket *t; - hdb_entry_ex *uu; - krb5_principal p; - Key *uukey; - - if(b->additional_tickets == NULL || - b->additional_tickets->len == 0){ - ret = KRB5KDC_ERR_BADOPTION; /* ? */ - kdc_log(context, config, 0, - "No second ticket present in request"); - goto out; - } - t = &b->additional_tickets->val[0]; - if(!get_krbtgt_realm(&t->sname)){ - kdc_log(context, config, 0, - "Additional ticket is not a ticket-granting ticket"); - ret = KRB5KDC_ERR_POLICY; - goto out2; - } - _krb5_principalname2krb5_principal(context, &p, t->sname, t->realm); - ret = _kdc_db_fetch(context, config, p, - HDB_F_GET_CLIENT|HDB_F_GET_SERVER, &uu); - krb5_free_principal(context, p); - if(ret){ - if (ret == HDB_ERR_NOENTRY) - ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; - goto out; - } - ret = hdb_enctype2key(context, &uu->entry, - t->enc_part.etype, &uukey); - if(ret){ - _kdc_free_ent(context, uu); - ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */ - goto out; - } - ret = krb5_decrypt_ticket(context, t, &uukey->key, &adtkt, 0); - _kdc_free_ent(context, uu); - if(ret) - goto out; - s = &adtkt.cname; - r = adtkt.crealm; - } - - _krb5_principalname2krb5_principal(context, &sp, *s, r); - ret = krb5_unparse_name(context, sp, &spn); - if (ret) - goto out; - _krb5_principalname2krb5_principal(context, &cp, tgt->cname, tgt->crealm); - ret = krb5_unparse_name(context, cp, &cpn); - if (ret) - goto out; - unparse_flags (KDCOptions2int(b->kdc_options), - asn1_KDCOptions_units(), - opt_str, sizeof(opt_str)); - if(*opt_str) - kdc_log(context, config, 0, - "TGS-REQ %s from %s for %s [%s]", - cpn, from, spn, opt_str); - else - kdc_log(context, config, 0, - "TGS-REQ %s from %s for %s", cpn, from, spn); - server_lookup: - ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER, &server); - - if(ret){ - const char *new_rlm; - Realm req_rlm; - krb5_realm *realms; - - if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) { - if(nloop++ < 2) { - new_rlm = find_rpath(context, tgt->crealm, req_rlm); - if(new_rlm) { - kdc_log(context, config, 5, "krbtgt for realm %s not found, trying %s", - req_rlm, new_rlm); - krb5_free_principal(context, sp); - free(spn); - krb5_make_principal(context, &sp, r, - KRB5_TGS_NAME, new_rlm, NULL); - ret = krb5_unparse_name(context, sp, &spn); - if (ret) - goto out; - goto server_lookup; - } - } - } else if(need_referral(context, sp, &realms)) { - if (strcmp(realms[0], sp->realm) != 0) { - kdc_log(context, config, 5, - "Returning a referral to realm %s for " - "server %s that was not found", - realms[0], spn); - krb5_free_principal(context, sp); - free(spn); - krb5_make_principal(context, &sp, r, KRB5_TGS_NAME, - realms[0], NULL); - ret = krb5_unparse_name(context, sp, &spn); - if (ret) - goto out; - krb5_free_host_realm(context, realms); - goto server_lookup; - } - krb5_free_host_realm(context, realms); - } - kdc_log(context, config, 0, - "Server not found in database: %s: %s", spn, - krb5_get_err_text(context, ret)); - if (ret == HDB_ERR_NOENTRY) - ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; - goto out; - } - - ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT, &client); - if(ret) - kdc_log(context, config, 1, "Client not found in database: %s: %s", - cpn, krb5_get_err_text(context, ret)); - - /* - * If the client belongs to the same realm as our krbtgt, it - * should exist in the local database. - * - * If its not the same, check the "direction" on the krbtgt, - * so its not a backward uni-directional trust. - */ - - if(strcmp(krb5_principal_get_realm(context, sp), - krb5_principal_get_comp_string(context, - krbtgt->entry.principal, 1)) == 0) { - if(ret) { - if (ret == HDB_ERR_NOENTRY) - ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; - goto out; - } - } else { - char *tpn; - ret = krb5_unparse_name(context, krbtgt->entry.principal, &tpn); - kdc_log(context, config, 0, - "Request with wrong krbtgt: %s", - (ret == 0) ? tpn : ""); - if(ret == 0) - free(tpn); - ret = KRB5KRB_AP_ERR_NOT_US; - goto out; - - } - - ret = _kdc_check_flags(context, config, - client, cpn, - server, spn, - FALSE); - if(ret) - goto out; - - if((b->kdc_options.validate || b->kdc_options.renew) && - !krb5_principal_compare(context, - krbtgt->entry.principal, - server->entry.principal)){ - kdc_log(context, config, 0, "Inconsistent request."); - ret = KRB5KDC_ERR_SERVER_NOMATCH; - goto out; - } - - /* check for valid set of addresses */ - if(!check_addresses(context, config, tgt->caddr, from_addr)) { - ret = KRB5KRB_AP_ERR_BADADDR; - kdc_log(context, config, 0, "Request from wrong address"); - goto out; - } - - ret = tgs_make_reply(context, - config, - b, - tgt, - b->kdc_options.enc_tkt_in_skey ? &adtkt : NULL, - auth_data, - ticket, - server, - spn, - client, - cp, - krbtgt, - &tkey->key, - cetype, - &e_text, - reply); - - out: - free(spn); - free(cpn); - - if(server) - _kdc_free_ent(context, server); - if(client) - _kdc_free_ent(context, client); - } - out2: - if(ret) { - krb5_mk_error(context, - ret, - e_text, - NULL, - cp, - sp, - NULL, - NULL, - reply); - free(*csec); - free(*cusec); - *csec = NULL; - *cusec = NULL; - } - krb5_free_principal(context, cp); - krb5_free_principal(context, sp); - if (ticket) - krb5_free_ticket(context, ticket); - free_AP_REQ(&ap_req); - if(auth_data){ - free_AuthorizationData(auth_data); - free(auth_data); - } - - if(krbtgt) - _kdc_free_ent(context, krbtgt); - - return ret; -} - - -krb5_error_code -_kdc_tgs_rep(krb5_context context, - krb5_kdc_configuration *config, - KDC_REQ *req, - krb5_data *data, - const char *from, - struct sockaddr *from_addr) -{ - krb5_error_code ret; - int i = 0; - PA_DATA *tgs_req = NULL; - time_t *csec = NULL; - int *cusec = NULL; - - if(req->padata == NULL){ - ret = KRB5KDC_ERR_PREAUTH_REQUIRED; /* XXX ??? */ - kdc_log(context, config, 0, - "TGS-REQ from %s without PA-DATA", from); - goto out; - } - - tgs_req = find_padata(req, &i, KRB5_PADATA_TGS_REQ); - - if(tgs_req == NULL){ - ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; - - kdc_log(context, config, 0, - "TGS-REQ from %s without PA-TGS-REQ", from); - goto out; - } - ret = tgs_rep2(context, config, - &req->req_body, tgs_req, data, from, from_addr, - &csec, &cusec); -out: - if(ret && data->data == NULL){ - krb5_mk_error(context, - ret, - NULL, - NULL, - NULL, - NULL, - csec, - cusec, - data); - } - free(csec); - free(cusec); - return 0; -} diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c new file mode 100644 index 0000000000..dcf29eb6e9 --- /dev/null +++ b/source4/heimdal/kdc/krb5tgs.c @@ -0,0 +1,1781 @@ +/* + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdc_locl.h" + +RCSID("$Id: krb5tgs.c,v 1.16 2006/10/22 15:54:37 lha Exp $"); + +/* + * return the realm of a krbtgt-ticket or NULL + */ + +static Realm +get_krbtgt_realm(const PrincipalName *p) +{ + if(p->name_string.len == 2 + && strcmp(p->name_string.val[0], KRB5_TGS_NAME) == 0) + return p->name_string.val[1]; + else + return NULL; +} + +/* + * The KDC might add a signed path to the ticket authorization data + * field. This is to avoid server impersonating clients and the + * request constrained delegation. + * + * This is done by storing a KRB5_AUTHDATA_IF_RELEVANT with a single + * entry of type KRB5SignedPath. + */ + +static krb5_error_code +find_KRB5SignedPath(krb5_context context, + const AuthorizationData *ad, + krb5_data *data) +{ + AuthorizationData child; + krb5_error_code ret; + int pos; + + if (ad == NULL || ad->len == 0) + return KRB5KDC_ERR_PADATA_TYPE_NOSUPP; + + pos = ad->len - 1; + + if (ad->val[pos].ad_type != KRB5_AUTHDATA_IF_RELEVANT) + return KRB5KDC_ERR_PADATA_TYPE_NOSUPP; + + ret = decode_AuthorizationData(ad->val[pos].ad_data.data, + ad->val[pos].ad_data.length, + &child, + NULL); + if (ret) { + krb5_set_error_string(context, "Failed to decode " + "IF_RELEVANT with %d", ret); + return ret; + } + + if (child.len != 1) { + free_AuthorizationData(&child); + return KRB5KDC_ERR_PADATA_TYPE_NOSUPP; + } + + if (child.val[0].ad_type != KRB5_AUTHDATA_SIGNTICKET) { + free_AuthorizationData(&child); + return KRB5KDC_ERR_PADATA_TYPE_NOSUPP; + } + + if (data) + ret = der_copy_octet_string(&child.val[0].ad_data, data); + free_AuthorizationData(&child); + return ret; +} + +krb5_error_code +_kdc_add_KRB5SignedPath(krb5_context context, + krb5_kdc_configuration *config, + hdb_entry_ex *krbtgt, + krb5_enctype enctype, + krb5_const_principal server, + KRB5SignedPathPrincipals *principals, + EncTicketPart *tkt) +{ + krb5_error_code ret; + KRB5SignedPath sp; + krb5_data data; + krb5_crypto crypto = NULL; + size_t size; + + if (server && principals) { + ret = add_KRB5SignedPathPrincipals(principals, server); + if (ret) + goto out; + } + + { + KRB5SignedPathData spd; + + spd.encticket = *tkt; + spd.delegated = principals; + + ASN1_MALLOC_ENCODE(KRB5SignedPathData, data.data, data.length, + &spd, &size, ret); + if (ret) + goto out; + if (data.length != size) + krb5_abortx(context, "internal asn.1 encoder error"); + } + + { + Key *key; + ret = hdb_enctype2key(context, &krbtgt->entry, enctype, &key); + if (ret == 0) + ret = krb5_crypto_init(context, &key->key, 0, &crypto); + if (ret) { + free(data.data); + return ret; + } + } + + /* + * Fill in KRB5SignedPath + */ + + sp.etype = enctype; + sp.delegated = principals; + + ret = krb5_create_checksum(context, crypto, KRB5_KU_KRB5SIGNEDPATH, 0, + data.data, data.length, &sp.cksum); + krb5_crypto_destroy(context, crypto); + free(data.data); + if (ret) + goto out; + + ASN1_MALLOC_ENCODE(KRB5SignedPath, data.data, data.length, &sp, &size, ret); + free_Checksum(&sp.cksum); + if (ret) + goto out; + if (data.length != size) + krb5_abortx(context, "internal asn.1 encoder error"); + + + /* + * Add IF-RELEVANT(KRB5SignedPath) to the last slot in + * authorization data field. + */ + + if (tkt->authorization_data == NULL) { + tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data)); + if (tkt->authorization_data == NULL) { + ret = ENOMEM; + goto out; + } + } + + /* add the entry to the last element */ + { + AuthorizationData ad = { 0, NULL }; + AuthorizationDataElement ade; + + ade.ad_type = KRB5_AUTHDATA_SIGNTICKET; + ade.ad_data = data; + + ret = add_AuthorizationData(&ad, &ade); + krb5_data_free(&data); + if (ret) + return ret; + + ASN1_MALLOC_ENCODE(AuthorizationData, data.data, data.length, + &ad, &size, ret); + free_AuthorizationData(&ad); + if (ret) + return ret; + if (data.length != size) + krb5_abortx(context, "internal asn.1 encoder error"); + + ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT; + ade.ad_data = data; + + ret = add_AuthorizationData(tkt->authorization_data, &ade); + krb5_data_free(&data); + if (ret) + return ret; + } + +out: + return 0; +} + +static krb5_error_code +check_KRB5SignedPath(krb5_context context, + krb5_kdc_configuration *config, + hdb_entry_ex *krbtgt, + EncTicketPart *tkt, + KRB5SignedPathPrincipals **delegated, + int require_signedpath) +{ + krb5_error_code ret; + krb5_data data; + krb5_crypto crypto = NULL; + + *delegated = NULL; + + ret = find_KRB5SignedPath(context, tkt->authorization_data, &data); + if (ret == 0) { + KRB5SignedPathData spd; + KRB5SignedPath sp; + AuthorizationData *ad; + size_t size; + + ret = decode_KRB5SignedPath(data.data, data.length, &sp, NULL); + krb5_data_free(&data); + if (ret) + return ret; + + spd.encticket = *tkt; + /* the KRB5SignedPath is the last entry */ + ad = spd.encticket.authorization_data; + if (--ad->len == 0) + spd.encticket.authorization_data = NULL; + spd.delegated = sp.delegated; + + ASN1_MALLOC_ENCODE(KRB5SignedPathData, data.data, data.length, + &spd, &size, ret); + ad->len++; + spd.encticket.authorization_data = ad; + if (ret) { + free_KRB5SignedPath(&sp); + return ret; + } + if (data.length != size) + krb5_abortx(context, "internal asn.1 encoder error"); + + { + Key *key; + ret = hdb_enctype2key(context, &krbtgt->entry, sp.etype, &key); + if (ret == 0) + ret = krb5_crypto_init(context, &key->key, 0, &crypto); + if (ret) { + free(data.data); + free_KRB5SignedPath(&sp); + return ret; + } + } + ret = krb5_verify_checksum(context, crypto, KRB5_KU_KRB5SIGNEDPATH, + data.data, data.length, + &sp.cksum); + krb5_crypto_destroy(context, crypto); + free(data.data); + if (ret) { + free_KRB5SignedPath(&sp); + return ret; + } + + if (sp.delegated) { + + *delegated = malloc(sizeof(*sp.delegated)); + if (*delegated == NULL) { + free_KRB5SignedPath(&sp); + return ENOMEM; + } + + ret = copy_KRB5SignedPathPrincipals(*delegated, sp.delegated); + if (ret) { + free_KRB5SignedPath(&sp); + free(*delegated); + *delegated = NULL; + return ret; + } + } + free_KRB5SignedPath(&sp); + + } else { + if (require_signedpath) + return KRB5KDC_ERR_BADOPTION; + } + + return 0; +} + + +/* + * + */ + +static krb5_error_code +check_tgs_flags(krb5_context context, + krb5_kdc_configuration *config, + KDC_REQ_BODY *b, const EncTicketPart *tgt, EncTicketPart *et) +{ + KDCOptions f = b->kdc_options; + + if(f.validate){ + if(!tgt->flags.invalid || tgt->starttime == NULL){ + kdc_log(context, config, 0, + "Bad request to validate ticket"); + return KRB5KDC_ERR_BADOPTION; + } + if(*tgt->starttime > kdc_time){ + kdc_log(context, config, 0, + "Early request to validate ticket"); + return KRB5KRB_AP_ERR_TKT_NYV; + } + /* XXX tkt = tgt */ + et->flags.invalid = 0; + }else if(tgt->flags.invalid){ + kdc_log(context, config, 0, + "Ticket-granting ticket has INVALID flag set"); + return KRB5KRB_AP_ERR_TKT_INVALID; + } + + if(f.forwardable){ + if(!tgt->flags.forwardable){ + kdc_log(context, config, 0, + "Bad request for forwardable ticket"); + return KRB5KDC_ERR_BADOPTION; + } + et->flags.forwardable = 1; + } + if(f.forwarded){ + if(!tgt->flags.forwardable){ + kdc_log(context, config, 0, + "Request to forward non-forwardable ticket"); + return KRB5KDC_ERR_BADOPTION; + } + et->flags.forwarded = 1; + et->caddr = b->addresses; + } + if(tgt->flags.forwarded) + et->flags.forwarded = 1; + + if(f.proxiable){ + if(!tgt->flags.proxiable){ + kdc_log(context, config, 0, + "Bad request for proxiable ticket"); + return KRB5KDC_ERR_BADOPTION; + } + et->flags.proxiable = 1; + } + if(f.proxy){ + if(!tgt->flags.proxiable){ + kdc_log(context, config, 0, + "Request to proxy non-proxiable ticket"); + return KRB5KDC_ERR_BADOPTION; + } + et->flags.proxy = 1; + et->caddr = b->addresses; + } + if(tgt->flags.proxy) + et->flags.proxy = 1; + + if(f.allow_postdate){ + if(!tgt->flags.may_postdate){ + kdc_log(context, config, 0, + "Bad request for post-datable ticket"); + return KRB5KDC_ERR_BADOPTION; + } + et->flags.may_postdate = 1; + } + if(f.postdated){ + if(!tgt->flags.may_postdate){ + kdc_log(context, config, 0, + "Bad request for postdated ticket"); + return KRB5KDC_ERR_BADOPTION; + } + if(b->from) + *et->starttime = *b->from; + et->flags.postdated = 1; + et->flags.invalid = 1; + }else if(b->from && *b->from > kdc_time + context->max_skew){ + kdc_log(context, config, 0, "Ticket cannot be postdated"); + return KRB5KDC_ERR_CANNOT_POSTDATE; + } + + if(f.renewable){ + if(!tgt->flags.renewable){ + kdc_log(context, config, 0, + "Bad request for renewable ticket"); + return KRB5KDC_ERR_BADOPTION; + } + et->flags.renewable = 1; + ALLOC(et->renew_till); + _kdc_fix_time(&b->rtime); + *et->renew_till = *b->rtime; + } + if(f.renew){ + time_t old_life; + if(!tgt->flags.renewable || tgt->renew_till == NULL){ + kdc_log(context, config, 0, + "Request to renew non-renewable ticket"); + return KRB5KDC_ERR_BADOPTION; + } + old_life = tgt->endtime; + if(tgt->starttime) + old_life -= *tgt->starttime; + else + old_life -= tgt->authtime; + et->endtime = *et->starttime + old_life; + if (et->renew_till != NULL) + et->endtime = min(*et->renew_till, et->endtime); + } + + /* checks for excess flags */ + if(f.request_anonymous && !config->allow_anonymous){ + kdc_log(context, config, 0, + "Request for anonymous ticket"); + return KRB5KDC_ERR_BADOPTION; + } + return 0; +} + +/* + * + */ + +static krb5_error_code +check_constrained_delegation(krb5_context context, + krb5_kdc_configuration *config, + hdb_entry_ex *client, + krb5_const_principal server) +{ + const HDB_Ext_Constrained_delegation_acl *acl; + krb5_error_code ret; + int i; + + ret = hdb_entry_get_ConstrainedDelegACL(&client->entry, &acl); + if (ret) { + krb5_clear_error_string(context); + return ret; + } + + if (acl) { + for (i = 0; i < acl->len; i++) { + if (krb5_principal_compare(context, server, &acl->val[i]) == TRUE) + return 0; + } + } + kdc_log(context, config, 0, + "Bad request for constrained delegation"); + return KRB5KDC_ERR_BADOPTION; +} + +/* + * + */ + +static krb5_error_code +verify_flags (krb5_context context, + krb5_kdc_configuration *config, + const EncTicketPart *et, + const char *pstr) +{ + if(et->endtime < kdc_time){ + kdc_log(context, config, 0, "Ticket expired (%s)", pstr); + return KRB5KRB_AP_ERR_TKT_EXPIRED; + } + if(et->flags.invalid){ + kdc_log(context, config, 0, "Ticket not valid (%s)", pstr); + return KRB5KRB_AP_ERR_TKT_NYV; + } + return 0; +} + +/* + * + */ + +static krb5_error_code +fix_transited_encoding(krb5_context context, + krb5_kdc_configuration *config, + krb5_boolean check_policy, + const TransitedEncoding *tr, + EncTicketPart *et, + const char *client_realm, + const char *server_realm, + const char *tgt_realm) +{ + krb5_error_code ret = 0; + char **realms, **tmp; + int num_realms; + int i; + + switch (tr->tr_type) { + case DOMAIN_X500_COMPRESS: + break; + case 0: + /* + * Allow empty content of type 0 because that is was Microsoft + * generates in their TGT. + */ + if (tr->contents.length == 0) + break; + kdc_log(context, config, 0, + "Transited type 0 with non empty content"); + return KRB5KDC_ERR_TRTYPE_NOSUPP; + default: + kdc_log(context, config, 0, + "Unknown transited type: %u", tr->tr_type); + return KRB5KDC_ERR_TRTYPE_NOSUPP; + } + + ret = krb5_domain_x500_decode(context, + tr->contents, + &realms, + &num_realms, + client_realm, + server_realm); + if(ret){ + krb5_warn(context, ret, + "Decoding transited encoding"); + return ret; + } + if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) { + /* not us, so add the previous realm to transited set */ + if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) { + ret = ERANGE; + goto free_realms; + } + tmp = realloc(realms, (num_realms + 1) * sizeof(*realms)); + if(tmp == NULL){ + ret = ENOMEM; + goto free_realms; + } + realms = tmp; + realms[num_realms] = strdup(tgt_realm); + if(realms[num_realms] == NULL){ + ret = ENOMEM; + goto free_realms; + } + num_realms++; + } + if(num_realms == 0) { + if(strcmp(client_realm, server_realm)) + kdc_log(context, config, 0, + "cross-realm %s -> %s", client_realm, server_realm); + } else { + size_t l = 0; + char *rs; + for(i = 0; i < num_realms; i++) + l += strlen(realms[i]) + 2; + rs = malloc(l); + if(rs != NULL) { + *rs = '\0'; + for(i = 0; i < num_realms; i++) { + if(i > 0) + strlcat(rs, ", ", l); + strlcat(rs, realms[i], l); + } + kdc_log(context, config, 0, + "cross-realm %s -> %s via [%s]", + client_realm, server_realm, rs); + free(rs); + } + } + if(check_policy) { + ret = krb5_check_transited(context, client_realm, + server_realm, + realms, num_realms, NULL); + if(ret) { + krb5_warn(context, ret, "cross-realm %s -> %s", + client_realm, server_realm); + goto free_realms; + } + et->flags.transited_policy_checked = 1; + } + et->transited.tr_type = DOMAIN_X500_COMPRESS; + ret = krb5_domain_x500_encode(realms, num_realms, &et->transited.contents); + if(ret) + krb5_warn(context, ret, "Encoding transited encoding"); + free_realms: + for(i = 0; i < num_realms; i++) + free(realms[i]); + free(realms); + return ret; +} + + +static krb5_error_code +tgs_make_reply(krb5_context context, + krb5_kdc_configuration *config, + KDC_REQ_BODY *b, + krb5_const_principal tgt_name, + const EncTicketPart *tgt, + const EncTicketPart *adtkt, + AuthorizationData *auth_data, + krb5_ticket *tgs_ticket, + hdb_entry_ex *server, + const char *server_name, + hdb_entry_ex *client, + krb5_principal client_principal, + hdb_entry_ex *krbtgt, + krb5_enctype krbtgt_etype, + KRB5SignedPathPrincipals *spp, + EncryptionKey *tgtkey, + const char **e_text, + krb5_data *reply) +{ + KDC_REP rep; + EncKDCRepPart ek; + EncTicketPart et; + KDCOptions f = b->kdc_options; + krb5_error_code ret; + krb5_enctype etype; + Key *skey; + const EncryptionKey *ekey; + AuthorizationData *new_auth_data = NULL; + + if(adtkt) { + int i; + ekey = &adtkt->key; + for(i = 0; i < b->etype.len; i++) + if (b->etype.val[i] == adtkt->key.keytype) + break; + if(i == b->etype.len) { + krb5_clear_error_string(context); + return KRB5KDC_ERR_ETYPE_NOSUPP; + } + etype = b->etype.val[i]; + }else{ + ret = _kdc_find_etype(context, server, b->etype.val, b->etype.len, + &skey, &etype); + if(ret) { + kdc_log(context, config, 0, + "Server (%s) has no support for etypes", server_name); + return ret; + } + ekey = &skey->key; + } + + memset(&rep, 0, sizeof(rep)); + memset(&et, 0, sizeof(et)); + memset(&ek, 0, sizeof(ek)); + + rep.pvno = 5; + rep.msg_type = krb_tgs_rep; + + et.authtime = tgt->authtime; + _kdc_fix_time(&b->till); + et.endtime = min(tgt->endtime, *b->till); + ALLOC(et.starttime); + *et.starttime = kdc_time; + + ret = check_tgs_flags(context, config, b, tgt, &et); + if(ret) + goto out; + + /* We should check the transited encoding if: + 1) the request doesn't ask not to be checked + 2) globally enforcing a check + 3) principal requires checking + 4) we allow non-check per-principal, but principal isn't marked as allowing this + 5) we don't globally allow this + */ + +#define GLOBAL_FORCE_TRANSITED_CHECK \ + (config->trpolicy == TRPOLICY_ALWAYS_CHECK) +#define GLOBAL_ALLOW_PER_PRINCIPAL \ + (config->trpolicy == TRPOLICY_ALLOW_PER_PRINCIPAL) +#define GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK \ + (config->trpolicy == TRPOLICY_ALWAYS_HONOUR_REQUEST) + +/* these will consult the database in future release */ +#define PRINCIPAL_FORCE_TRANSITED_CHECK(P) 0 +#define PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(P) 0 + + ret = fix_transited_encoding(context, config, + !f.disable_transited_check || + GLOBAL_FORCE_TRANSITED_CHECK || + PRINCIPAL_FORCE_TRANSITED_CHECK(server) || + !((GLOBAL_ALLOW_PER_PRINCIPAL && + PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(server)) || + GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK), + &tgt->transited, &et, + *krb5_princ_realm(context, client_principal), + *krb5_princ_realm(context, server->entry.principal), + *krb5_princ_realm(context, krbtgt->entry.principal)); + if(ret) + goto out; + + copy_Realm(krb5_princ_realm(context, server->entry.principal), + &rep.ticket.realm); + _krb5_principal2principalname(&rep.ticket.sname, server->entry.principal); + copy_Realm(&tgt_name->realm, &rep.crealm); + if (f.request_anonymous) + _kdc_make_anonymous_principalname (&rep.cname); + else + copy_PrincipalName(&tgt_name->name, &rep.cname); + rep.ticket.tkt_vno = 5; + + ek.caddr = et.caddr; + if(et.caddr == NULL) + et.caddr = tgt->caddr; + + { + time_t life; + life = et.endtime - *et.starttime; + if(client && client->entry.max_life) + life = min(life, *client->entry.max_life); + if(server->entry.max_life) + life = min(life, *server->entry.max_life); + et.endtime = *et.starttime + life; + } + if(f.renewable_ok && tgt->flags.renewable && + et.renew_till == NULL && et.endtime < *b->till){ + et.flags.renewable = 1; + ALLOC(et.renew_till); + *et.renew_till = *b->till; + } + if(et.renew_till){ + time_t renew; + renew = *et.renew_till - et.authtime; + if(client && client->entry.max_renew) + renew = min(renew, *client->entry.max_renew); + if(server->entry.max_renew) + renew = min(renew, *server->entry.max_renew); + *et.renew_till = et.authtime + renew; + } + + if(et.renew_till){ + *et.renew_till = min(*et.renew_till, *tgt->renew_till); + *et.starttime = min(*et.starttime, *et.renew_till); + et.endtime = min(et.endtime, *et.renew_till); + } + + *et.starttime = min(*et.starttime, et.endtime); + + if(*et.starttime == et.endtime){ + ret = KRB5KDC_ERR_NEVER_VALID; + goto out; + } + if(et.renew_till && et.endtime == *et.renew_till){ + free(et.renew_till); + et.renew_till = NULL; + et.flags.renewable = 0; + } + + et.flags.pre_authent = tgt->flags.pre_authent; + et.flags.hw_authent = tgt->flags.hw_authent; + et.flags.anonymous = tgt->flags.anonymous; + et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate; + + + krb5_generate_random_keyblock(context, etype, &et.key); + + if (server->authz_data_tgs_req) { + ret = server->authz_data_tgs_req(context, server, + client_principal, + tgs_ticket->ticket.authorization_data, + tgs_ticket->ticket.authtime, + tgtkey, + ekey, + &et.key, + &new_auth_data); + if (ret) { + new_auth_data = NULL; + } + } + + /* XXX Check enc-authorization-data */ + et.authorization_data = new_auth_data; + + et.crealm = tgt->crealm; + et.cname = tgt_name->name; + + ek.key = et.key; + /* MIT must have at least one last_req */ + ek.last_req.len = 1; + ek.last_req.val = calloc(1, sizeof(*ek.last_req.val)); + ek.nonce = b->nonce; + ek.flags = et.flags; + ek.authtime = et.authtime; + ek.starttime = et.starttime; + ek.endtime = et.endtime; + ek.renew_till = et.renew_till; + ek.srealm = rep.ticket.realm; + ek.sname = rep.ticket.sname; + + _kdc_log_timestamp(context, config, "TGS-REQ", et.authtime, et.starttime, + et.endtime, et.renew_till); + + /* Don't sign cross realm tickets, they can't be checked anyway */ + { + char *r = get_krbtgt_realm(&ek.sname); + + if (r == NULL || strcmp(r, ek.srealm) == 0) { + ret = _kdc_add_KRB5SignedPath(context, + config, + krbtgt, + krbtgt_etype, + NULL, + NULL, + &et); + if (ret) + goto out; + } + } + + /* It is somewhat unclear where the etype in the following + encryption should come from. What we have is a session + key in the passed tgt, and a list of preferred etypes + *for the new ticket*. Should we pick the best possible + etype, given the keytype in the tgt, or should we look + at the etype list here as well? What if the tgt + session key is DES3 and we want a ticket with a (say) + CAST session key. Should the DES3 etype be added to the + etype list, even if we don't want a session key with + DES3? */ + ret = _kdc_encode_reply(context, config, + &rep, &et, &ek, etype, + adtkt ? 0 : server->entry.kvno, + ekey, 0, &tgt->key, e_text, reply); +out: + free_TGS_REP(&rep); + free_TransitedEncoding(&et.transited); + if(et.starttime) + free(et.starttime); + if(et.renew_till) + free(et.renew_till); + if(et.authorization_data) { + free_AuthorizationData(et.authorization_data); + free(et.authorization_data); + } + free_LastReq(&ek.last_req); + memset(et.key.keyvalue.data, 0, et.key.keyvalue.length); + free_EncryptionKey(&et.key); + return ret; +} + +static krb5_error_code +tgs_check_authenticator(krb5_context context, + krb5_kdc_configuration *config, + krb5_auth_context ac, + KDC_REQ_BODY *b, + const char **e_text, + krb5_keyblock *key) +{ + krb5_authenticator auth; + size_t len; + unsigned char *buf; + size_t buf_size; + krb5_error_code ret; + krb5_crypto crypto; + + krb5_auth_con_getauthenticator(context, ac, &auth); + if(auth->cksum == NULL){ + kdc_log(context, config, 0, "No authenticator in request"); + ret = KRB5KRB_AP_ERR_INAPP_CKSUM; + goto out; + } + /* + * according to RFC1510 it doesn't need to be keyed, + * but according to the latest draft it needs to. + */ + if ( +#if 0 +!krb5_checksum_is_keyed(context, auth->cksum->cksumtype) + || +#endif + !krb5_checksum_is_collision_proof(context, auth->cksum->cksumtype)) { + kdc_log(context, config, 0, "Bad checksum type in authenticator: %d", + auth->cksum->cksumtype); + ret = KRB5KRB_AP_ERR_INAPP_CKSUM; + goto out; + } + + /* XXX should not re-encode this */ + ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, b, &len, ret); + if(ret){ + kdc_log(context, config, 0, "Failed to encode KDC-REQ-BODY: %s", + krb5_get_err_text(context, ret)); + goto out; + } + if(buf_size != len) { + free(buf); + kdc_log(context, config, 0, "Internal error in ASN.1 encoder"); + *e_text = "KDC internal error"; + ret = KRB5KRB_ERR_GENERIC; + goto out; + } + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) { + free(buf); + kdc_log(context, config, 0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + goto out; + } + ret = krb5_verify_checksum(context, + crypto, + KRB5_KU_TGS_REQ_AUTH_CKSUM, + buf, + len, + auth->cksum); + free(buf); + krb5_crypto_destroy(context, crypto); + if(ret){ + kdc_log(context, config, 0, + "Failed to verify authenticator checksum: %s", + krb5_get_err_text(context, ret)); + } +out: + free_Authenticator(auth); + free(auth); + return ret; +} + +/* + * + */ + +static const char * +find_rpath(krb5_context context, Realm crealm, Realm srealm) +{ + const char *new_realm = krb5_config_get_string(context, + NULL, + "capaths", + crealm, + srealm, + NULL); + return new_realm; +} + + +static krb5_boolean +need_referral(krb5_context context, krb5_principal server, krb5_realm **realms) +{ + if(server->name.name_type != KRB5_NT_SRV_INST || + server->name.name_string.len != 2) + return FALSE; + + return _krb5_get_host_realm_int(context, server->name.name_string.val[1], + FALSE, realms) == 0; +} + +static krb5_error_code +tgs_parse_request(krb5_context context, + krb5_kdc_configuration *config, + KDC_REQ_BODY *b, + PA_DATA *tgs_req, + hdb_entry_ex **krbtgt, + krb5_enctype *krbtgt_etype, + krb5_ticket **ticket, + const char **e_text, + const char *from, + const struct sockaddr *from_addr, + time_t **csec, + int **cusec, + AuthorizationData **auth_data, + EncryptionKey **tgtkey) +{ + krb5_ap_req ap_req; + krb5_error_code ret; + krb5_principal princ; + krb5_auth_context ac = NULL; + krb5_flags ap_req_options; + krb5_flags verify_ap_req_flags; + krb5_crypto crypto; + Key *tkey; + + *auth_data = NULL; + *csec = NULL; + *cusec = NULL; + + memset(&ap_req, 0, sizeof(ap_req)); + ret = krb5_decode_ap_req(context, &tgs_req->padata_value, &ap_req); + if(ret){ + kdc_log(context, config, 0, "Failed to decode AP-REQ: %s", + krb5_get_err_text(context, ret)); + goto out; + } + + if(!get_krbtgt_realm(&ap_req.ticket.sname)){ + /* XXX check for ticket.sname == req.sname */ + kdc_log(context, config, 0, "PA-DATA is not a ticket-granting ticket"); + ret = KRB5KDC_ERR_POLICY; /* ? */ + goto out; + } + + _krb5_principalname2krb5_principal(context, + &princ, + ap_req.ticket.sname, + ap_req.ticket.realm); + + ret = _kdc_db_fetch(context, config, princ, HDB_F_GET_KRBTGT, NULL, krbtgt); + + if(ret) { + char *p; + ret = krb5_unparse_name(context, princ, &p); + if (ret != 0) + p = ""; + krb5_free_principal(context, princ); + kdc_log(context, config, 0, + "Ticket-granting ticket not found in database: %s: %s", + p, krb5_get_err_text(context, ret)); + if (ret == 0) + free(p); + ret = KRB5KRB_AP_ERR_NOT_US; + goto out; + } + + if(ap_req.ticket.enc_part.kvno && + *ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){ + char *p; + + ret = krb5_unparse_name (context, princ, &p); + krb5_free_principal(context, princ); + if (ret != 0) + p = ""; + kdc_log(context, config, 0, + "Ticket kvno = %d, DB kvno = %d (%s)", + *ap_req.ticket.enc_part.kvno, + (*krbtgt)->entry.kvno, + p); + if (ret == 0) + free (p); + ret = KRB5KRB_AP_ERR_BADKEYVER; + goto out; + } + + *krbtgt_etype = ap_req.ticket.enc_part.etype; + + ret = hdb_enctype2key(context, &(*krbtgt)->entry, + ap_req.ticket.enc_part.etype, &tkey); + if(ret){ + char *str, *p; + krb5_enctype_to_string(context, ap_req.ticket.enc_part.etype, &str); + krb5_unparse_name(context, princ, &p); + kdc_log(context, config, 0, + "No server key with enctype %s found for %s", str, p); + free(str); + free(p); + ret = KRB5KRB_AP_ERR_BADKEYVER; + goto out; + } + + *tgtkey = &tkey->key; + + if (b->kdc_options.validate) + verify_ap_req_flags = KRB5_VERIFY_AP_REQ_IGNORE_INVALID; + else + verify_ap_req_flags = 0; + + ret = krb5_verify_ap_req2(context, + &ac, + &ap_req, + princ, + &tkey->key, + verify_ap_req_flags, + &ap_req_options, + ticket, + KRB5_KU_TGS_REQ_AUTH); + + krb5_free_principal(context, princ); + if(ret) { + kdc_log(context, config, 0, "Failed to verify AP-REQ: %s", + krb5_get_err_text(context, ret)); + goto out; + } + + { + krb5_authenticator auth; + + ret = krb5_auth_con_getauthenticator(context, ac, &auth); + if (ret == 0) { + *csec = malloc(sizeof(**csec)); + if (*csec == NULL) { + krb5_free_authenticator(context, &auth); + kdc_log(context, config, 0, "malloc failed"); + goto out; + } + **csec = auth->ctime; + *cusec = malloc(sizeof(**cusec)); + if (*cusec == NULL) { + krb5_free_authenticator(context, &auth); + kdc_log(context, config, 0, "malloc failed"); + goto out; + } + **cusec = auth->cusec; + krb5_free_authenticator(context, &auth); + } + } + + ret = tgs_check_authenticator(context, config, + ac, b, e_text, &(*ticket)->ticket.key); + if (ret) { + krb5_auth_con_free(context, ac); + goto out; + } + + if (b->enc_authorization_data) { + krb5_keyblock *subkey; + krb5_data ad; + ret = krb5_auth_con_getremotesubkey(context, + ac, + &subkey); + if(ret){ + krb5_auth_con_free(context, ac); + kdc_log(context, config, 0, "Failed to get remote subkey: %s", + krb5_get_err_text(context, ret)); + goto out; + } + if(subkey == NULL){ + ret = krb5_auth_con_getkey(context, ac, &subkey); + if(ret) { + krb5_auth_con_free(context, ac); + kdc_log(context, config, 0, "Failed to get session key: %s", + krb5_get_err_text(context, ret)); + goto out; + } + } + if(subkey == NULL){ + krb5_auth_con_free(context, ac); + kdc_log(context, config, 0, + "Failed to get key for enc-authorization-data"); + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ + goto out; + } + ret = krb5_crypto_init(context, subkey, 0, &crypto); + if (ret) { + krb5_auth_con_free(context, ac); + kdc_log(context, config, 0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + goto out; + } + ret = krb5_decrypt_EncryptedData (context, + crypto, + KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY, + b->enc_authorization_data, + &ad); + krb5_crypto_destroy(context, crypto); + if(ret){ + krb5_auth_con_free(context, ac); + kdc_log(context, config, 0, + "Failed to decrypt enc-authorization-data"); + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ + goto out; + } + krb5_free_keyblock(context, subkey); + ALLOC(*auth_data); + if (*auth_data == NULL) { + krb5_auth_con_free(context, ac); + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ + goto out; + } + ret = decode_AuthorizationData(ad.data, ad.length, *auth_data, NULL); + if(ret){ + krb5_auth_con_free(context, ac); + free(*auth_data); + *auth_data = NULL; + kdc_log(context, config, 0, "Failed to decode authorization data"); + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ + goto out; + } + } + + krb5_auth_con_free(context, ac); + +out: + free_AP_REQ(&ap_req); + + return ret; +} + +static krb5_error_code +tgs_build_reply(krb5_context context, + krb5_kdc_configuration *config, + KDC_REQ *req, + KDC_REQ_BODY *b, + hdb_entry_ex *krbtgt, + krb5_enctype krbtgt_etype, + krb5_ticket *ticket, + krb5_data *reply, + const char *from, + const char **e_text, + AuthorizationData *auth_data, + EncryptionKey *tgtkey, + const struct sockaddr *from_addr) +{ + krb5_error_code ret; + krb5_principal cp = NULL, sp = NULL; + krb5_principal client_principal = NULL; + char *spn = NULL, *cpn = NULL; + hdb_entry_ex *server = NULL, *client = NULL; + EncTicketPart *tgt = &ticket->ticket; + KRB5SignedPathPrincipals *spp = NULL; + + PrincipalName *s; + Realm r; + int nloop = 0; + EncTicketPart adtkt; + char opt_str[128]; + int require_signedpath = 0; + + memset(&adtkt, 0, sizeof(adtkt)); + + s = b->sname; + r = b->realm; + + if(b->kdc_options.enc_tkt_in_skey){ + Ticket *t; + hdb_entry_ex *uu; + krb5_principal p; + Key *uukey; + + if(b->additional_tickets == NULL || + b->additional_tickets->len == 0){ + ret = KRB5KDC_ERR_BADOPTION; /* ? */ + kdc_log(context, config, 0, + "No second ticket present in request"); + goto out; + } + t = &b->additional_tickets->val[0]; + if(!get_krbtgt_realm(&t->sname)){ + kdc_log(context, config, 0, + "Additional ticket is not a ticket-granting ticket"); + ret = KRB5KDC_ERR_POLICY; + goto out; + } + _krb5_principalname2krb5_principal(context, &p, t->sname, t->realm); + ret = _kdc_db_fetch(context, config, p, + HDB_F_GET_CLIENT|HDB_F_GET_SERVER, + NULL, &uu); + krb5_free_principal(context, p); + if(ret){ + if (ret == HDB_ERR_NOENTRY) + ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; + goto out; + } + ret = hdb_enctype2key(context, &uu->entry, + t->enc_part.etype, &uukey); + if(ret){ + _kdc_free_ent(context, uu); + ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */ + goto out; + } + ret = krb5_decrypt_ticket(context, t, &uukey->key, &adtkt, 0); + _kdc_free_ent(context, uu); + if(ret) + goto out; + + ret = verify_flags(context, config, &adtkt, spn); + if (ret) + goto out; + + s = &adtkt.cname; + r = adtkt.crealm; + } + + _krb5_principalname2krb5_principal(context, &sp, *s, r); + ret = krb5_unparse_name(context, sp, &spn); + if (ret) + goto out; + _krb5_principalname2krb5_principal(context, &cp, tgt->cname, tgt->crealm); + ret = krb5_unparse_name(context, cp, &cpn); + if (ret) + goto out; + unparse_flags (KDCOptions2int(b->kdc_options), + asn1_KDCOptions_units(), + opt_str, sizeof(opt_str)); + if(*opt_str) + kdc_log(context, config, 0, + "TGS-REQ %s from %s for %s [%s]", + cpn, from, spn, opt_str); + else + kdc_log(context, config, 0, + "TGS-REQ %s from %s for %s", cpn, from, spn); + + /* + * Fetch server + */ + +server_lookup: + ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER, NULL, &server); + + if(ret){ + const char *new_rlm; + Realm req_rlm; + krb5_realm *realms; + + if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) { + if(nloop++ < 2) { + new_rlm = find_rpath(context, tgt->crealm, req_rlm); + if(new_rlm) { + kdc_log(context, config, 5, "krbtgt for realm %s " + "not found, trying %s", + req_rlm, new_rlm); + krb5_free_principal(context, sp); + free(spn); + krb5_make_principal(context, &sp, r, + KRB5_TGS_NAME, new_rlm, NULL); + ret = krb5_unparse_name(context, sp, &spn); + if (ret) + goto out; + goto server_lookup; + } + } + } else if(need_referral(context, sp, &realms)) { + if (strcmp(realms[0], sp->realm) != 0) { + kdc_log(context, config, 5, + "Returning a referral to realm %s for " + "server %s that was not found", + realms[0], spn); + krb5_free_principal(context, sp); + free(spn); + krb5_make_principal(context, &sp, r, KRB5_TGS_NAME, + realms[0], NULL); + ret = krb5_unparse_name(context, sp, &spn); + if (ret) + goto out; + krb5_free_host_realm(context, realms); + goto server_lookup; + } + krb5_free_host_realm(context, realms); + } + kdc_log(context, config, 0, + "Server not found in database: %s: %s", spn, + krb5_get_err_text(context, ret)); + if (ret == HDB_ERR_NOENTRY) + ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; + goto out; + } + + ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT, NULL, &client); + if(ret) { + const char *krbtgt_realm; + + /* + * If the client belongs to the same realm as our krbtgt, it + * should exist in the local database. + * + */ + + krbtgt_realm = + krb5_principal_get_comp_string(context, + krbtgt->entry.principal, 1); + + if(strcmp(krb5_principal_get_realm(context, cp), krbtgt_realm) == 0) { + if (ret == HDB_ERR_NOENTRY) + ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; + kdc_log(context, config, 1, "Client no longer in database: %s", + cpn); + goto out; + } + + kdc_log(context, config, 1, "Client not found in database: %s: %s", + cpn, krb5_get_err_text(context, ret)); + } + + /* + * Check that service is in the same realm as the krbtgt. If its + * not the same, its someone that is using a uni-directional trust + * backward. + */ + + if (strcmp(krb5_principal_get_realm(context, sp), + krb5_principal_get_comp_string(context, + krbtgt->entry.principal, + 1)) != 0) { + char *tpn; + ret = krb5_unparse_name(context, krbtgt->entry.principal, &tpn); + kdc_log(context, config, 0, + "Request with wrong krbtgt: %s", + (ret == 0) ? tpn : ""); + if(ret == 0) + free(tpn); + ret = KRB5KRB_AP_ERR_NOT_US; + goto out; + } + + /* + * + */ + + client_principal = cp; + + if (client) { + const PA_DATA *sdata; + int i = 0; + + sdata = _kdc_find_padata(req, &i, KRB5_PADATA_S4U2SELF); + if (sdata) { + krb5_crypto crypto; + krb5_data datack; + PA_S4U2Self self; + char *selfcpn = NULL; + const char *str; + + ret = decode_PA_S4U2Self(sdata->padata_value.data, + sdata->padata_value.length, + &self, NULL); + if (ret) { + kdc_log(context, config, 0, "Failed to decode PA-S4U2Self"); + goto out; + } + + ret = _krb5_s4u2self_to_checksumdata(context, &self, &datack); + if (ret) + goto out; + + ret = krb5_crypto_init(context, &tgt->key, 0, &crypto); + if (ret) { + free_PA_S4U2Self(&self); + krb5_data_free(&datack); + kdc_log(context, config, 0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + goto out; + } + + ret = krb5_verify_checksum(context, + crypto, + KRB5_KU_TGS_IMPERSONATE, + datack.data, + datack.length, + &self.cksum); + krb5_data_free(&datack); + krb5_crypto_destroy(context, crypto); + if (ret) { + free_PA_S4U2Self(&self); + kdc_log(context, config, 0, + "krb5_verify_checksum failed for S4U2Self: %s", + krb5_get_err_text(context, ret)); + goto out; + } + + ret = _krb5_principalname2krb5_principal(context, + &client_principal, + self.name, + self.realm); + free_PA_S4U2Self(&self); + if (ret) + goto out; + + ret = krb5_unparse_name(context, client_principal, &selfcpn); + if (ret) + goto out; + + /* + * Check that service doing the impersonating is + * requesting a ticket to it-self. + */ + if (krb5_principal_compare(context, cp, sp) != TRUE) { + kdc_log(context, config, 0, "S4U2Self: %s is not allowed " + "to impersonate some other user " + "(tried for user %s to service %s)", + cpn, selfcpn, spn); + free(selfcpn); + ret = KRB5KDC_ERR_BADOPTION; /* ? */ + goto out; + } + + /* + * If the service isn't trusted for authentication to + * delegation, remove the forward flag. + */ + + if (client->entry.flags.trusted_for_delegation) { + str = "[forwardable]"; + } else { + b->kdc_options.forwardable = 0; + str = ""; + } + kdc_log(context, config, 0, "s4u2self %s impersonating %s to " + "service %s %s", cpn, selfcpn, spn, str); + free(selfcpn); + } + } + + /* + * Constrained delegation + */ + + if (client != NULL + && b->additional_tickets != NULL + && b->additional_tickets->len != 0 + && b->kdc_options.enc_tkt_in_skey == 0) + { + Key *clientkey; + Ticket *t; + char *str; + + t = &b->additional_tickets->val[0]; + + ret = hdb_enctype2key(context, &client->entry, + t->enc_part.etype, &clientkey); + if(ret){ + ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */ + goto out; + } + + ret = krb5_decrypt_ticket(context, t, &clientkey->key, &adtkt, 0); + if (ret) { + kdc_log(context, config, 0, + "failed to decrypt ticket for " + "constrained delegation from %s to %s ", spn, cpn); + goto out; + } + + /* check that ticket is valid */ + + if (adtkt.flags.forwardable == 0) { + kdc_log(context, config, 0, + "Missing forwardable flag on ticket for " + "constrained delegation from %s to %s ", spn, cpn); + ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */ + goto out; + } + + ret = check_constrained_delegation(context, config, client, sp); + if (ret) { + kdc_log(context, config, 0, + "constrained delegation from %s to %s not allowed", + spn, cpn); + goto out; + } + + ret = _krb5_principalname2krb5_principal(context, + &client_principal, + adtkt.cname, + adtkt.crealm); + if (ret) + goto out; + + ret = krb5_unparse_name(context, client_principal, &str); + if (ret) + goto out; + + ret = verify_flags(context, config, &adtkt, str); + if (ret) { + free(str); + goto out; + } + + /* + * Check KRB5SignedPath in authorization data and add new entry to + * make sure servers can't fake a ticket to us. + */ + + ret = check_KRB5SignedPath(context, + config, + krbtgt, + &adtkt, + &spp, + 1); + if (ret) { + kdc_log(context, config, 0, + "KRB5SignedPath check from service %s failed " + "for delegation to %s for client %s " + "from %s failed with %s", + spn, str, cpn, from, krb5_get_err_text(context, ret)); + free(str); + goto out; + } + + kdc_log(context, config, 0, "constrained delegation for %s " + "from %s to %s", str, cpn, spn); + free(str); + + /* + * Also require that the KDC have issue the service's krbtgt + * used to do the request. + */ + require_signedpath = 1; + } + + /* + * Check flags + */ + + ret = _kdc_check_flags(context, config, + client, cpn, + server, spn, + FALSE); + if(ret) + goto out; + + if((b->kdc_options.validate || b->kdc_options.renew) && + !krb5_principal_compare(context, + krbtgt->entry.principal, + server->entry.principal)){ + kdc_log(context, config, 0, "Inconsistent request."); + ret = KRB5KDC_ERR_SERVER_NOMATCH; + goto out; + } + + /* check for valid set of addresses */ + if(!_kdc_check_addresses(context, config, tgt->caddr, from_addr)) { + ret = KRB5KRB_AP_ERR_BADADDR; + kdc_log(context, config, 0, "Request from wrong address"); + goto out; + } + + /* also check the krbtgt for signature */ + ret = check_KRB5SignedPath(context, + config, + krbtgt, + tgt, + &spp, + require_signedpath); + if (ret) { + kdc_log(context, config, 0, + "KRB5SignedPath check failed for %s (%s) from %s with %s", + spn, cpn, from, krb5_get_err_text(context, ret)); + goto out; + } + + /* + * + */ + + ret = tgs_make_reply(context, + config, + b, + client_principal, + tgt, + b->kdc_options.enc_tkt_in_skey ? &adtkt : NULL, + auth_data, + ticket, + server, + spn, + client, + cp, + krbtgt, + krbtgt_etype, + spp, + tgtkey, + e_text, + reply); + +out: + free(spn); + free(cpn); + + if(server) + _kdc_free_ent(context, server); + if(client) + _kdc_free_ent(context, client); + + if (client_principal && client_principal != cp) + krb5_free_principal(context, client_principal); + if (cp) + krb5_free_principal(context, cp); + if (sp) + krb5_free_principal(context, sp); + + free_EncTicketPart(&adtkt); + + return ret; +} + +/* + * + */ + +krb5_error_code +_kdc_tgs_rep(krb5_context context, + krb5_kdc_configuration *config, + KDC_REQ *req, + krb5_data *data, + const char *from, + struct sockaddr *from_addr) +{ + AuthorizationData *auth_data = NULL; + krb5_error_code ret; + int i = 0; + PA_DATA *tgs_req = NULL; + + hdb_entry_ex *krbtgt = NULL; + krb5_ticket *ticket = NULL; + const char *e_text = NULL; + krb5_enctype krbtgt_etype = ETYPE_NULL; + EncryptionKey *tgtkey = NULL; + + + time_t *csec = NULL; + int *cusec = NULL; + + if(req->padata == NULL){ + ret = KRB5KDC_ERR_PREAUTH_REQUIRED; /* XXX ??? */ + kdc_log(context, config, 0, + "TGS-REQ from %s without PA-DATA", from); + goto out; + } + + tgs_req = _kdc_find_padata(req, &i, KRB5_PADATA_TGS_REQ); + + if(tgs_req == NULL){ + ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; + + kdc_log(context, config, 0, + "TGS-REQ from %s without PA-TGS-REQ", from); + goto out; + } + ret = tgs_parse_request(context, config, + &req->req_body, tgs_req, + &krbtgt, + &krbtgt_etype, + &ticket, + &e_text, + from, from_addr, + &csec, &cusec, + &auth_data, + &tgtkey); + if (ret) { + kdc_log(context, config, 0, + "Failed parsing TGS-REQ from %s", from); + goto out; + } + + ret = tgs_build_reply(context, + config, + req, + &req->req_body, + krbtgt, + krbtgt_etype, + ticket, + data, + from, + &e_text, + auth_data, + tgtkey, + from_addr); + if (ret) { + kdc_log(context, config, 0, + "Failed building TGS-REP to %s", from); + goto out; + } + +out: + if(ret && data->data == NULL){ + krb5_mk_error(context, + ret, + NULL, + NULL, + NULL, + NULL, + csec, + cusec, + data); + } + free(csec); + free(cusec); + if (ticket) + krb5_free_ticket(context, ticket); + if(krbtgt) + _kdc_free_ent(context, krbtgt); + + if (auth_data) { + free_AuthorizationData(auth_data); + free(auth_data); + } + + return 0; +} diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c index a61c647f71..b511e1a7a8 100644 --- a/source4/heimdal/kdc/misc.c +++ b/source4/heimdal/kdc/misc.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: misc.c,v 1.29 2006/04/27 11:33:21 lha Exp $"); +RCSID("$Id: misc.c,v 1.32 2006/08/28 14:41:49 lha Exp $"); struct timeval _kdc_now; @@ -42,6 +42,7 @@ _kdc_db_fetch(krb5_context context, krb5_kdc_configuration *config, krb5_const_principal principal, unsigned flags, + HDB **db, hdb_entry_ex **h) { hdb_entry_ex *ent; @@ -66,6 +67,8 @@ _kdc_db_fetch(krb5_context context, ent); config->db[i]->hdb_close(context, config->db[i]); if(ret == 0) { + if (db) + *db = config->db[i]; *h = ent; return 0; } @@ -81,3 +84,36 @@ _kdc_free_ent(krb5_context context, hdb_entry_ex *ent) free (ent); } +/* + * Use the order list of preferred encryption types and sort the + * available keys and return the most preferred key. + */ + +krb5_error_code +_kdc_get_preferred_key(krb5_context context, + krb5_kdc_configuration *config, + hdb_entry_ex *h, + const char *name, + krb5_enctype *enctype, + Key **key) +{ + const krb5_enctype *p; + krb5_error_code ret; + int i; + + p = krb5_kerberos_enctypes(context); + + for (i = 0; p[i] != ETYPE_NULL; i++) { + if (krb5_enctype_valid(context, p[i]) != 0) + continue; + ret = hdb_enctype2key(context, &h->entry, p[i], key); + if (ret == 0) { + *enctype = p[i]; + return 0; + } + } + + krb5_set_error_string(context, "No valid kerberos key found for %s", name); + return EINVAL; +} + diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index c220e70ddd..e3d77c0621 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c,v 1.65 2006/05/06 13:22:33 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.72 2006/10/24 17:51:33 lha Exp $"); #ifdef PKINIT @@ -156,7 +156,7 @@ pk_check_pkauthenticator(krb5_context context, goto out; } - if (heim_octet_string_cmp(a->paChecksum, &checksum.checksum) != 0) { + if (der_heim_octet_string_cmp(a->paChecksum, &checksum.checksum) != 0) { krb5_clear_error_string(context); ret = KRB5KRB_ERR_GENERIC; } @@ -269,7 +269,7 @@ get_dh_param(krb5_context context, memset(&dhparam, 0, sizeof(dhparam)); - if (heim_oid_cmp(&dh_key_info->algorithm.algorithm, oid_id_dhpublicnumber())) { + if (der_heim_oid_cmp(&dh_key_info->algorithm.algorithm, oid_id_dhpublicnumber())) { krb5_set_error_string(context, "PKINIT invalid oid in clientPublicValue"); return KRB5_BADMSGTYPE; @@ -338,7 +338,7 @@ get_dh_param(krb5_context context, client_params->dh_public_key = integer_to_BN(context, "subjectPublicKey", &glue); - free_heim_integer(&glue); + der_free_heim_integer(&glue); if (client_params->dh_public_key == NULL) goto out; } @@ -426,7 +426,7 @@ _kdc_pk_rd_padata(krb5_context context, krb5_data signed_content = { 0, NULL }; const char *type = "unknown type"; const heim_oid *pa_contentType; - int have_data; + int have_data = 0; *ret_params = NULL; @@ -444,7 +444,6 @@ _kdc_pk_rd_padata(krb5_context context, if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) { PA_PK_AS_REQ_Win2k r; - int have_data; type = "PK-INIT-Win2k"; pa_contentType = oid_id_pkcs7_data(); @@ -502,7 +501,7 @@ _kdc_pk_rd_padata(krb5_context context, goto out; } - ret = heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData()); + ret = der_heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData()); if (ret != 0) { krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content " "type oid"); @@ -542,7 +541,7 @@ _kdc_pk_rd_padata(krb5_context context, } /* Signature is correct, now verify the signed message */ - if (heim_oid_cmp(&eContentType, pa_contentType)) { + if (der_heim_oid_cmp(&eContentType, pa_contentType)) { krb5_set_error_string(context, "got wrong oid for pkauthdata"); ret = KRB5_BADMSGTYPE; goto out; @@ -621,8 +620,8 @@ out: if (signed_content.data) free(signed_content.data); krb5_data_free(&eContent); - free_oid(&eContentType); - free_oid(&contentInfoOid); + der_free_oid(&eContentType); + der_free_oid(&contentInfoOid); if (ret) _kdc_pk_free_client_param(context, client_params); else @@ -657,10 +656,11 @@ pk_mk_pa_reply_enckey(krb5_context context, ContentInfo *content_info) { krb5_error_code ret; - krb5_data buf, o; + krb5_data buf, signed_data; size_t size; krb5_data_zero(&buf); + krb5_data_zero(&signed_data); switch (client_params->type) { case PKINIT_COMPAT_WIN2K: { @@ -678,6 +678,7 @@ pk_mk_pa_reply_enckey(krb5_context context, buf.data, buf.length, &kp, &size,ret); free_ReplyKeyPack_Win2k(&kp); + break; } case PKINIT_COMPAT_27: { krb5_crypto ascrypto; @@ -724,21 +725,55 @@ pk_mk_pa_reply_enckey(krb5_context context, if (buf.length != size) krb5_abortx(context, "Internal ASN.1 encoder error"); + { + hx509_query *q; + hx509_cert cert; + + ret = hx509_query_alloc(kdc_identity->hx509ctx, &q); + if (ret) + goto out; + + hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); + hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); + + ret = hx509_certs_find(kdc_identity->hx509ctx, + kdc_identity->certs, + q, + &cert); + hx509_query_free(kdc_identity->hx509ctx, q); + if (ret) + goto out; + + ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx, + oid_id_pkrkeydata(), + buf.data, + buf.length, + NULL, + cert, + kdc_identity->anchors, + kdc_identity->certpool, + &signed_data); + hx509_cert_free(cert); + } + + krb5_data_free(&buf); + if (ret) + goto out; + ret = hx509_cms_envelope_1(kdc_identity->hx509ctx, client_params->cert, - buf.data, buf.length, NULL, - oid_id_pkcs7_signedData(), &o); + signed_data.data, signed_data.length, NULL, + oid_id_pkcs7_signedData(), &buf); if (ret) goto out; ret = _krb5_pk_mk_ContentInfo(context, - &o, + &buf, oid_id_pkcs7_envelopedData(), content_info); - free_octet_string(&o); - - out: +out: krb5_data_free(&buf); + krb5_data_free(&signed_data); return ret; } @@ -1195,6 +1230,7 @@ _kdc_pk_check_client(krb5_context context, pk_client_params *client_params, char **subject_name) { + const HDB_Ext_PKINIT_acl *acl; krb5_error_code ret; hx509_name name; int i; @@ -1210,8 +1246,8 @@ _kdc_pk_check_client(krb5_context context, if (ret) return ret; - kdc_log(context, config, 5, - "Trying to authorize subject DN %s", + kdc_log(context, config, 0, + "Trying to authorize PK-INIT subject DN %s", *subject_name); if (config->enable_pkinit_princ_in_cert) { @@ -1225,6 +1261,28 @@ _kdc_pk_check_client(krb5_context context, } } + ret = hdb_entry_get_pkinit_acl(&client->entry, &acl); + if (ret == 0 && acl != NULL) { + /* + * Cheat here and compare the generated name with the string + * and not the reverse. + */ + for (i = 0; i < acl->len; i++) { + if (strcmp(*subject_name, acl->val[0].subject) != 0) + continue; + + /* Don't support isser and anchor checking right now */ + if (acl->val[0].issuer) + continue; + if (acl->val[0].anchor) + continue; + + kdc_log(context, config, 5, + "Found matching PK-INIT database ACL"); + return 0; + } + } + for (i = 0; i < principal_mappings.len; i++) { krb5_boolean b; @@ -1235,11 +1293,14 @@ _kdc_pk_check_client(krb5_context context, continue; if (strcmp(principal_mappings.val[i].subject, *subject_name) != 0) continue; + kdc_log(context, config, 5, + "Found matching PK-INIT FILE ACL"); return 0; } - free(*subject_name); + free(*subject_name); *subject_name = NULL; + krb5_set_error_string(context, "PKINIT no matching principals"); return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; } @@ -1282,7 +1343,7 @@ _kdc_pk_initialize(krb5_context context, const char *user_id, const char *anchors, char **pool, - char **revoke) + char **revoke_list) { const char *file; krb5_error_code ret; @@ -1305,7 +1366,7 @@ _kdc_pk_initialize(krb5_context context, user_id, anchors, pool, - revoke, + revoke_list, NULL, NULL, NULL); diff --git a/source4/heimdal/kdc/process.c b/source4/heimdal/kdc/process.c index d0f8245bf9..ed5cb3d651 100644 --- a/source4/heimdal/kdc/process.c +++ b/source4/heimdal/kdc/process.c @@ -34,7 +34,7 @@ #include "kdc_locl.h" -RCSID("$Id: process.c,v 1.3 2005/08/12 08:25:48 lha Exp $"); +RCSID("$Id: process.c,v 1.5 2006/10/09 15:37:39 lha Exp $"); /* * handle the request in `buf, len', from `addr' (or `from' as a string), @@ -42,17 +42,19 @@ RCSID("$Id: process.c,v 1.3 2005/08/12 08:25:48 lha Exp $"); */ int -krb5_kdc_process_generic_request(krb5_context context, - krb5_kdc_configuration *config, - unsigned char *buf, - size_t len, - krb5_data *reply, - krb5_boolean *prependlength, - const char *from, - struct sockaddr *addr) +krb5_kdc_process_request(krb5_context context, + krb5_kdc_configuration *config, + unsigned char *buf, + size_t len, + krb5_data *reply, + krb5_boolean *prependlength, + const char *from, + struct sockaddr *addr, + int datagram_reply) { KDC_REQ req; Ticket ticket; + DigestREQ digestreq; krb5_error_code ret; size_t i; @@ -64,7 +66,7 @@ krb5_kdc_process_generic_request(krb5_context context, req_buffer.length = len; ret = _kdc_as_rep(context, config, &req, &req_buffer, - reply, from, addr); + reply, from, addr, datagram_reply); free_AS_REQ(&req); return ret; }else if(decode_TGS_REQ(buf, len, &req, &i) == 0){ @@ -75,6 +77,10 @@ krb5_kdc_process_generic_request(krb5_context context, ret = _kdc_do_524(context, config, &ticket, reply, from, addr); free_Ticket(&ticket); return ret; + }else if(decode_DigestREQ(buf, len, &digestreq, &i) == 0){ + ret = _kdc_do_digest(context, config, &digestreq, reply, from, addr); + free_DigestREQ(&digestreq); + return ret; } else if(_kdc_maybe_version4(buf, len)){ *prependlength = FALSE; /* elbitapmoc sdrawkcab XXX */ _kdc_do_version4(context, config, buf, len, reply, from, @@ -103,7 +109,8 @@ krb5_kdc_process_krb5_request(krb5_context context, size_t len, krb5_data *reply, const char *from, - struct sockaddr *addr) + struct sockaddr *addr, + int datagram_reply) { KDC_REQ req; krb5_error_code ret; @@ -117,7 +124,7 @@ krb5_kdc_process_krb5_request(krb5_context context, req_buffer.length = len; ret = _kdc_as_rep(context, config, &req, &req_buffer, - reply, from, addr); + reply, from, addr, datagram_reply); free_AS_REQ(&req); return ret; }else if(decode_TGS_REQ(buf, len, &req, &i) == 0){ diff --git a/source4/heimdal/lib/asn1/CMS.asn1 b/source4/heimdal/lib/asn1/CMS.asn1 index 78873761b6..ce43c2cd02 100644 --- a/source4/heimdal/lib/asn1/CMS.asn1 +++ b/source4/heimdal/lib/asn1/CMS.asn1 @@ -1,5 +1,5 @@ -- From RFC 3369 -- --- $Id: CMS.asn1,v 1.4 2006/04/15 10:53:25 lha Exp $ -- +-- $Id: CMS.asn1,v 1.5 2006/09/07 12:20:42 lha Exp $ -- CMS DEFINITIONS ::= BEGIN @@ -17,7 +17,13 @@ id-pkcs7-signedAndEnvelopedData OBJECT IDENTIFIER ::= { id-pkcs7 4 } id-pkcs7-digestedData OBJECT IDENTIFIER ::= { id-pkcs7 5 } id-pkcs7-encryptedData OBJECT IDENTIFIER ::= { id-pkcs7 6 } -CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) } +CMSVersion ::= INTEGER { + CMSVersion_v0(0), + CMSVersion_v1(1), + CMSVersion_v2(2), + CMSVersion_v3(3), + CMSVersion_v4(4) +} DigestAlgorithmIdentifier ::= AlgorithmIdentifier DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier diff --git a/source4/heimdal/lib/asn1/asn1-common.h b/source4/heimdal/lib/asn1/asn1-common.h index 01411b384a..ab06ae79dd 100644 --- a/source4/heimdal/lib/asn1/asn1-common.h +++ b/source4/heimdal/lib/asn1/asn1-common.h @@ -1,4 +1,4 @@ -/* $Id: asn1-common.h,v 1.5 2005/07/12 06:27:14 lha Exp $ */ +/* $Id: asn1-common.h,v 1.6 2006/10/14 05:09:47 lha Exp $ */ #include #include @@ -43,6 +43,9 @@ typedef struct heim_bit_string { void *data; } heim_bit_string; +typedef struct heim_octet_string heim_any; +typedef struct heim_octet_string heim_any_set; + #define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ do { \ (BL) = length_##T((S)); \ diff --git a/source4/heimdal/lib/asn1/der-protos.h b/source4/heimdal/lib/asn1/der-protos.h new file mode 100644 index 0000000000..3aee392c96 --- /dev/null +++ b/source4/heimdal/lib/asn1/der-protos.h @@ -0,0 +1,542 @@ +/* This is a generated file */ +#ifndef __der_protos_h__ +#define __der_protos_h__ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +int +copy_heim_any ( + const heim_any */*from*/, + heim_any */*to*/); + +int +copy_heim_any_set ( + const heim_any_set */*from*/, + heim_any_set */*to*/); + +int +decode_heim_any ( + const unsigned char */*p*/, + size_t /*len*/, + heim_any */*data*/, + size_t */*size*/); + +int +decode_heim_any_set ( + const unsigned char */*p*/, + size_t /*len*/, + heim_any_set */*data*/, + size_t */*size*/); + +int +der_copy_bit_string ( + const heim_bit_string */*from*/, + heim_bit_string */*to*/); + +int +der_copy_bmp_string ( + const heim_bmp_string */*from*/, + heim_bmp_string */*to*/); + +int +der_copy_general_string ( + const heim_general_string */*from*/, + heim_general_string */*to*/); + +int +der_copy_heim_integer ( + const heim_integer */*from*/, + heim_integer */*to*/); + +int +der_copy_ia5_string ( + const heim_printable_string */*from*/, + heim_printable_string */*to*/); + +int +der_copy_octet_string ( + const heim_octet_string */*from*/, + heim_octet_string */*to*/); + +int +der_copy_oid ( + const heim_oid */*from*/, + heim_oid */*to*/); + +int +der_copy_printable_string ( + const heim_printable_string */*from*/, + heim_printable_string */*to*/); + +int +der_copy_universal_string ( + const heim_universal_string */*from*/, + heim_universal_string */*to*/); + +int +der_copy_utf8string ( + const heim_utf8_string */*from*/, + heim_utf8_string */*to*/); + +void +der_free_bit_string (heim_bit_string */*k*/); + +void +der_free_bmp_string (heim_bmp_string */*k*/); + +void +der_free_general_string (heim_general_string */*str*/); + +void +der_free_heim_integer (heim_integer */*k*/); + +void +der_free_ia5_string (heim_ia5_string */*str*/); + +void +der_free_octet_string (heim_octet_string */*k*/); + +void +der_free_oid (heim_oid */*k*/); + +void +der_free_printable_string (heim_printable_string */*str*/); + +void +der_free_universal_string (heim_universal_string */*k*/); + +void +der_free_utf8string (heim_utf8_string */*str*/); + +int +der_get_bit_string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_bit_string */*data*/, + size_t */*size*/); + +int +der_get_bmp_string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_bmp_string */*data*/, + size_t */*size*/); + +int +der_get_boolean ( + const unsigned char */*p*/, + size_t /*len*/, + int */*data*/, + size_t */*size*/); + +const char * +der_get_class_name (unsigned /*num*/); + +int +der_get_class_num (const char */*name*/); + +int +der_get_general_string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_general_string */*str*/, + size_t */*size*/); + +int +der_get_generalized_time ( + const unsigned char */*p*/, + size_t /*len*/, + time_t */*data*/, + size_t */*size*/); + +int +der_get_heim_integer ( + const unsigned char */*p*/, + size_t /*len*/, + heim_integer */*data*/, + size_t */*size*/); + +int +der_get_ia5_string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_ia5_string */*str*/, + size_t */*size*/); + +int +der_get_integer ( + const unsigned char */*p*/, + size_t /*len*/, + int */*ret*/, + size_t */*size*/); + +int +der_get_length ( + const unsigned char */*p*/, + size_t /*len*/, + size_t */*val*/, + size_t */*size*/); + +int +der_get_octet_string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_octet_string */*data*/, + size_t */*size*/); + +int +der_get_oid ( + const unsigned char */*p*/, + size_t /*len*/, + heim_oid */*data*/, + size_t */*size*/); + +int +der_get_printable_string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_printable_string */*str*/, + size_t */*size*/); + +int +der_get_tag ( + const unsigned char */*p*/, + size_t /*len*/, + Der_class */*class*/, + Der_type */*type*/, + unsigned int */*tag*/, + size_t */*size*/); + +const char * +der_get_tag_name (unsigned /*num*/); + +int +der_get_tag_num (const char */*name*/); + +const char * +der_get_type_name (unsigned /*num*/); + +int +der_get_type_num (const char */*name*/); + +int +der_get_universal_string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_universal_string */*data*/, + size_t */*size*/); + +int +der_get_unsigned ( + const unsigned char */*p*/, + size_t /*len*/, + unsigned */*ret*/, + size_t */*size*/); + +int +der_get_utctime ( + const unsigned char */*p*/, + size_t /*len*/, + time_t */*data*/, + size_t */*size*/); + +int +der_get_utf8string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_utf8_string */*str*/, + size_t */*size*/); + +int +der_heim_bit_string_cmp ( + const heim_bit_string */*p*/, + const heim_bit_string */*q*/); + +int +der_heim_bmp_string_cmp ( + const heim_bmp_string */*p*/, + const heim_bmp_string */*q*/); + +int +der_heim_integer_cmp ( + const heim_integer */*p*/, + const heim_integer */*q*/); + +int +der_heim_octet_string_cmp ( + const heim_octet_string */*p*/, + const heim_octet_string */*q*/); + +int +der_heim_oid_cmp ( + const heim_oid */*p*/, + const heim_oid */*q*/); + +int +der_heim_universal_string_cmp ( + const heim_universal_string */*p*/, + const heim_universal_string */*q*/); + +size_t +der_length_bit_string (const heim_bit_string */*k*/); + +size_t +der_length_bmp_string (const heim_bmp_string */*data*/); + +size_t +der_length_boolean (const int */*k*/); + +size_t +der_length_enumerated (const unsigned */*data*/); + +size_t +der_length_general_string (const heim_general_string */*data*/); + +size_t +der_length_generalized_time (const time_t */*t*/); + +size_t +der_length_heim_integer (const heim_integer */*k*/); + +size_t +der_length_ia5_string (const heim_ia5_string */*data*/); + +size_t +der_length_integer (const int */*data*/); + +size_t +der_length_len (size_t /*len*/); + +size_t +der_length_octet_string (const heim_octet_string */*k*/); + +size_t +der_length_oid (const heim_oid */*k*/); + +size_t +der_length_printable_string (const heim_printable_string */*data*/); + +size_t +der_length_universal_string (const heim_universal_string */*data*/); + +size_t +der_length_unsigned (const unsigned */*data*/); + +size_t +der_length_utctime (const time_t */*t*/); + +size_t +der_length_utf8string (const heim_utf8_string */*data*/); + +int +der_match_tag ( + const unsigned char */*p*/, + size_t /*len*/, + Der_class /*class*/, + Der_type /*type*/, + unsigned int /*tag*/, + size_t */*size*/); + +int +der_match_tag_and_length ( + const unsigned char */*p*/, + size_t /*len*/, + Der_class /*class*/, + Der_type /*type*/, + unsigned int /*tag*/, + size_t */*length_ret*/, + size_t */*size*/); + +int +der_parse_heim_oid ( + const char */*str*/, + const char */*sep*/, + heim_oid */*data*/); + +int +der_parse_hex_heim_integer ( + const char */*p*/, + heim_integer */*data*/); + +int +der_print_heim_oid ( + const heim_oid */*oid*/, + char /*delim*/, + char **/*str*/); + +int +der_print_hex_heim_integer ( + const heim_integer */*data*/, + char **/*p*/); + +int +der_put_bit_string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_bit_string */*data*/, + size_t */*size*/); + +int +der_put_bmp_string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_bmp_string */*data*/, + size_t */*size*/); + +int +der_put_boolean ( + unsigned char */*p*/, + size_t /*len*/, + const int */*data*/, + size_t */*size*/); + +int +der_put_general_string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_general_string */*str*/, + size_t */*size*/); + +int +der_put_generalized_time ( + unsigned char */*p*/, + size_t /*len*/, + const time_t */*data*/, + size_t */*size*/); + +int +der_put_heim_integer ( + unsigned char */*p*/, + size_t /*len*/, + const heim_integer */*data*/, + size_t */*size*/); + +int +der_put_ia5_string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_ia5_string */*str*/, + size_t */*size*/); + +int +der_put_integer ( + unsigned char */*p*/, + size_t /*len*/, + const int */*v*/, + size_t */*size*/); + +int +der_put_length ( + unsigned char */*p*/, + size_t /*len*/, + size_t /*val*/, + size_t */*size*/); + +int +der_put_length_and_tag ( + unsigned char */*p*/, + size_t /*len*/, + size_t /*len_val*/, + Der_class /*class*/, + Der_type /*type*/, + unsigned int /*tag*/, + size_t */*size*/); + +int +der_put_octet_string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_octet_string */*data*/, + size_t */*size*/); + +int +der_put_oid ( + unsigned char */*p*/, + size_t /*len*/, + const heim_oid */*data*/, + size_t */*size*/); + +int +der_put_printable_string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_printable_string */*str*/, + size_t */*size*/); + +int +der_put_tag ( + unsigned char */*p*/, + size_t /*len*/, + Der_class /*class*/, + Der_type /*type*/, + unsigned int /*tag*/, + size_t */*size*/); + +int +der_put_universal_string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_universal_string */*data*/, + size_t */*size*/); + +int +der_put_unsigned ( + unsigned char */*p*/, + size_t /*len*/, + const unsigned */*v*/, + size_t */*size*/); + +int +der_put_utctime ( + unsigned char */*p*/, + size_t /*len*/, + const time_t */*data*/, + size_t */*size*/); + +int +der_put_utf8string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_utf8_string */*str*/, + size_t */*size*/); + +int +encode_heim_any ( + unsigned char */*p*/, + size_t /*len*/, + const heim_any */*data*/, + size_t */*size*/); + +int +encode_heim_any_set ( + unsigned char */*p*/, + size_t /*len*/, + const heim_any_set */*data*/, + size_t */*size*/); + +void +free_heim_any (heim_any */*data*/); + +void +free_heim_any_set (heim_any_set */*data*/); + +int +heim_any_cmp ( + const heim_any_set */*p*/, + const heim_any_set */*q*/); + +size_t +length_heim_any (const heim_any */*data*/); + +size_t +length_heim_any_set (const heim_any */*data*/); + +#ifdef __cplusplus +} +#endif + +#endif /* __der_protos_h__ */ diff --git a/source4/heimdal/lib/asn1/der.h b/source4/heimdal/lib/asn1/der.h index b9c2b47079..b0170e35fe 100644 --- a/source4/heimdal/lib/asn1/der.h +++ b/source4/heimdal/lib/asn1/der.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: der.h,v 1.32 2006/01/30 15:25:25 lha Exp $ */ +/* $Id: der.h,v 1.36 2006/10/14 05:16:08 lha Exp $ */ #ifndef __DER_H__ #define __DER_H__ @@ -83,164 +83,21 @@ enum { #define ASN1_INDEFINITE 0xdce0deed -typedef struct asn1_der_time_t { +typedef struct heim_der_time_t { time_t dt_sec; unsigned long dt_nsec; -} asn1_der_time_t; +} heim_der_time_t; -typedef struct asn1_ber_time_t { +typedef struct heim_ber_time_t { time_t bt_sec; unsigned bt_nsec; int bt_zone; -} asn1_ber_time_t; +} heim_ber_time_t; -int der_get_unsigned (const unsigned char *p, size_t len, - unsigned *ret, size_t *size); -int der_get_integer (const unsigned char *p, size_t len, - int *ret, size_t *size); -int der_get_heim_integer (const unsigned char *p, size_t len, - heim_integer *ret, size_t *size); -int der_get_boolean(const unsigned char *p, size_t len, - int *data, size_t *size); -int der_get_length (const unsigned char *p, size_t len, - size_t *val, size_t *size); -int der_get_general_string (const unsigned char *p, size_t len, - heim_general_string *str, size_t *size); -int der_get_utf8string (const unsigned char *p, size_t len, - heim_utf8_string *str, size_t *size); -int der_get_universal_string (const unsigned char *p, size_t len, - heim_universal_string *str, size_t *size); -int der_get_bmp_string (const unsigned char *p, size_t len, - heim_bmp_string *str, size_t *size); -int der_get_printable_string (const unsigned char *p, size_t len, - heim_printable_string *str, size_t *size); -int der_get_ia5_string (const unsigned char *p, size_t len, - heim_ia5_string *str, size_t *size); -int der_get_octet_string (const unsigned char *p, size_t len, - heim_octet_string *data, size_t *size); -int der_get_generalized_time (const unsigned char *p, size_t len, - time_t *data, size_t *size); -int der_get_generalized_time_der (const unsigned char *p, size_t len, - asn1_der_time_t *data, size_t *size); -int der_get_generalized_time_ber (const unsigned char *p, size_t len, - asn1_ber_time_t *data, size_t *size); -int der_get_utctime (const unsigned char *p, size_t len, - time_t *data, size_t *size); -int der_get_oid (const unsigned char *p, size_t len, - heim_oid *data, size_t *size); -int der_get_bit_string (const unsigned char *p, size_t len, - heim_bit_string *data, size_t *size); -int der_get_tag (const unsigned char *p, size_t len, - Der_class *class, Der_type *type, - unsigned int *tag, size_t *size); - -int der_match_tag (const unsigned char *p, size_t len, - Der_class class, Der_type type, - unsigned int tag, size_t *size); -int der_match_tag_and_length (const unsigned char *p, size_t len, - Der_class class, Der_type type, unsigned int tag, - size_t *length_ret, size_t *size); - -int der_put_unsigned (unsigned char *p, size_t len, const unsigned *val, size_t*); -int der_put_integer (unsigned char *p, size_t len, const int *val, size_t*); -int der_put_heim_integer (unsigned char *p, size_t len, - const heim_integer *val, size_t*); -int der_put_boolean (unsigned char *p, size_t len, const int *val, size_t*); - -int der_put_length (unsigned char *p, size_t len, size_t val, size_t*); -int der_put_general_string (unsigned char *p, size_t len, - const heim_general_string *str, size_t*); -int der_put_utf8string (unsigned char *p, size_t len, - const heim_utf8_string *str, size_t*); -int der_put_universal_string (unsigned char *p, size_t len, - const heim_universal_string *str, size_t*); -int der_put_bmp_string (unsigned char *p, size_t len, - const heim_bmp_string *str, size_t*); -int der_put_printable_string (unsigned char *p, size_t len, - const heim_printable_string *str, size_t*); -int der_put_ia5_string (unsigned char *p, size_t len, - const heim_ia5_string *str, size_t*); -int der_put_octet_string (unsigned char *p, size_t len, - const heim_octet_string *data, size_t*); -int der_put_generalized_time (unsigned char *p, size_t len, - const time_t *data, size_t *size); -int der_put_utctime (unsigned char *p, size_t len, - const time_t *data, size_t *size); -int der_put_oid (unsigned char *p, size_t len, - const heim_oid *data, size_t *size); -int der_put_bit_string (unsigned char *p, size_t len, - const heim_bit_string *data, size_t *size); -int der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type, - unsigned int tag, size_t*); -int der_put_length_and_tag (unsigned char*, size_t, size_t, - Der_class, Der_type, unsigned int, size_t*); - -void free_integer (int *num); -void free_heim_integer (heim_integer *num); -void free_octet_string (heim_octet_string *k); -void free_general_string (heim_general_string *str); -void free_octet_string (heim_octet_string *k); -void free_oid (heim_oid *k); -void free_bit_string (heim_bit_string *k); -void free_generalized_time (time_t *t); -void free_utctime (time_t *t); -void free_utf8string (heim_utf8_string*); -void free_printable_string (heim_printable_string*); -void free_ia5_string (heim_ia5_string*); -void free_universal_string (heim_universal_string*); -void free_bmp_string (heim_bmp_string*); - -size_t length_len (size_t len); -size_t length_integer (const int *data); -size_t length_heim_integer (const heim_integer *data); -size_t length_unsigned (const unsigned *data); -size_t length_enumerated (const unsigned *data); -size_t length_general_string (const heim_general_string *data); -size_t length_octet_string (const heim_octet_string *k); -size_t length_oid (const heim_oid *k); -size_t length_bit_string (const heim_bit_string *k); -size_t length_generalized_time (const time_t *t); -size_t length_utctime (const time_t *t); -size_t length_utf8string (const heim_utf8_string*); -size_t length_printable_string (const heim_printable_string*); -size_t length_ia5_string (const heim_ia5_string*); -size_t length_bmp_string (const heim_bmp_string*); -size_t length_universal_string (const heim_universal_string*); -size_t length_boolean (const int*); - -int copy_heim_integer (const heim_integer *, heim_integer *); -int copy_general_string (const heim_general_string *, heim_general_string *); -int copy_octet_string (const heim_octet_string *, heim_octet_string *); -int copy_oid (const heim_oid *from, heim_oid *to); -int copy_bit_string (const heim_bit_string *from, heim_bit_string *to); -int copy_utf8string (const heim_utf8_string*, heim_utf8_string*); -int copy_printable_string (const heim_printable_string*,heim_printable_string*); -int copy_ia5_string (const heim_ia5_string*,heim_ia5_string*); -int copy_universal_string(const heim_universal_string*,heim_universal_string*); -int copy_bmp_string (const heim_bmp_string*,heim_bmp_string*); - -int heim_oid_cmp(const heim_oid *, const heim_oid *); -int heim_octet_string_cmp(const heim_octet_string *,const heim_octet_string *); -int heim_bit_string_cmp(const heim_bit_string *, const heim_bit_string *); -int heim_integer_cmp(const heim_integer *, const heim_integer *); -int heim_bmp_string_cmp(const heim_bmp_string *, const heim_bmp_string *); -int heim_universal_string_cmp(const heim_universal_string *, - const heim_universal_string *); - -int der_parse_oid(const char *, heim_oid *); +#include int _heim_fix_dce(size_t reallen, size_t *len); int _heim_der_set_sort(const void *, const void *); int _heim_time2generalizedtime (time_t, heim_octet_string *, int); -const char * der_get_class_name(unsigned); -int der_get_class_num(const char *); -const char * der_get_type_name(unsigned); -int der_get_type_num(const char *); -const char * der_get_tag_name(unsigned); -int der_get_tag_num(const char *); - -int der_parse_hex_heim_integer(const char *, heim_integer *); -int der_print_hex_heim_integer(const heim_integer *, char **); - #endif /* __DER_H__ */ diff --git a/source4/heimdal/lib/asn1/der_cmp.c b/source4/heimdal/lib/asn1/der_cmp.c index 2471312ba8..f27f03c02b 100755 --- a/source4/heimdal/lib/asn1/der_cmp.c +++ b/source4/heimdal/lib/asn1/der_cmp.c @@ -34,7 +34,7 @@ #include "der_locl.h" int -heim_oid_cmp(const heim_oid *p, const heim_oid *q) +der_heim_oid_cmp(const heim_oid *p, const heim_oid *q) { if (p->length != q->length) return p->length - q->length; @@ -44,7 +44,8 @@ heim_oid_cmp(const heim_oid *p, const heim_oid *q) } int -heim_octet_string_cmp(const heim_octet_string *p, const heim_octet_string *q) +der_heim_octet_string_cmp(const heim_octet_string *p, + const heim_octet_string *q) { if (p->length != q->length) return p->length - q->length; @@ -52,7 +53,8 @@ heim_octet_string_cmp(const heim_octet_string *p, const heim_octet_string *q) } int -heim_bit_string_cmp(const heim_bit_string *p, const heim_bit_string *q) +der_heim_bit_string_cmp(const heim_bit_string *p, + const heim_bit_string *q) { int i, r1, r2; if (p->length != q->length) @@ -72,7 +74,8 @@ heim_bit_string_cmp(const heim_bit_string *p, const heim_bit_string *q) } int -heim_integer_cmp(const heim_integer *p, const heim_integer *q) +der_heim_integer_cmp(const heim_integer *p, + const heim_integer *q) { if (p->negative != q->negative) return q->negative - p->negative; @@ -82,7 +85,7 @@ heim_integer_cmp(const heim_integer *p, const heim_integer *q) } int -heim_bmp_string_cmp(const heim_bmp_string *p, const heim_bmp_string *q) +der_heim_bmp_string_cmp(const heim_bmp_string *p, const heim_bmp_string *q) { if (p->length != q->length) return p->length - q->length; @@ -90,8 +93,8 @@ heim_bmp_string_cmp(const heim_bmp_string *p, const heim_bmp_string *q) } int -heim_universal_string_cmp(const heim_universal_string *p, - const heim_universal_string *q) +der_heim_universal_string_cmp(const heim_universal_string *p, + const heim_universal_string *q) { if (p->length != q->length) return p->length - q->length; diff --git a/source4/heimdal/lib/asn1/der_copy.c b/source4/heimdal/lib/asn1/der_copy.c index e0443eed39..96eea9c6d7 100644 --- a/source4/heimdal/lib/asn1/der_copy.c +++ b/source4/heimdal/lib/asn1/der_copy.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,10 +33,11 @@ #include "der_locl.h" -RCSID("$Id: der_copy.c,v 1.14 2006/01/04 23:41:29 lha Exp $"); +RCSID("$Id: der_copy.c,v 1.16 2006/10/14 05:30:02 lha Exp $"); int -copy_general_string (const heim_general_string *from, heim_general_string *to) +der_copy_general_string (const heim_general_string *from, + heim_general_string *to) { *to = strdup(*from); if(*to == NULL) @@ -45,27 +46,27 @@ copy_general_string (const heim_general_string *from, heim_general_string *to) } int -copy_utf8string (const heim_utf8_string *from, heim_utf8_string *to) +der_copy_utf8string (const heim_utf8_string *from, heim_utf8_string *to) { - return copy_general_string(from, to); + return der_copy_general_string(from, to); } int -copy_printable_string (const heim_printable_string *from, +der_copy_printable_string (const heim_printable_string *from, heim_printable_string *to) { - return copy_general_string(from, to); + return der_copy_general_string(from, to); } int -copy_ia5_string (const heim_printable_string *from, - heim_printable_string *to) +der_copy_ia5_string (const heim_printable_string *from, + heim_printable_string *to) { - return copy_general_string(from, to); + return der_copy_general_string(from, to); } int -copy_bmp_string (const heim_bmp_string *from, heim_bmp_string *to) +der_copy_bmp_string (const heim_bmp_string *from, heim_bmp_string *to) { to->length = from->length; to->data = malloc(to->length * sizeof(to->data[0])); @@ -76,8 +77,8 @@ copy_bmp_string (const heim_bmp_string *from, heim_bmp_string *to) } int -copy_universal_string (const heim_universal_string *from, - heim_universal_string *to) +der_copy_universal_string (const heim_universal_string *from, + heim_universal_string *to) { to->length = from->length; to->data = malloc(to->length * sizeof(to->data[0])); @@ -88,7 +89,7 @@ copy_universal_string (const heim_universal_string *from, } int -copy_octet_string (const heim_octet_string *from, heim_octet_string *to) +der_copy_octet_string (const heim_octet_string *from, heim_octet_string *to) { to->length = from->length; to->data = malloc(to->length); @@ -99,7 +100,7 @@ copy_octet_string (const heim_octet_string *from, heim_octet_string *to) } int -copy_heim_integer (const heim_integer *from, heim_integer *to) +der_copy_heim_integer (const heim_integer *from, heim_integer *to) { to->length = from->length; to->data = malloc(to->length); @@ -111,7 +112,7 @@ copy_heim_integer (const heim_integer *from, heim_integer *to) } int -copy_oid (const heim_oid *from, heim_oid *to) +der_copy_oid (const heim_oid *from, heim_oid *to) { to->length = from->length; to->components = malloc(to->length * sizeof(*to->components)); @@ -123,7 +124,7 @@ copy_oid (const heim_oid *from, heim_oid *to) } int -copy_bit_string (const heim_bit_string *from, heim_bit_string *to) +der_copy_bit_string (const heim_bit_string *from, heim_bit_string *to) { size_t len; diff --git a/source4/heimdal/lib/asn1/der_format.c b/source4/heimdal/lib/asn1/der_format.c index 44e39b46c5..9655269356 100644 --- a/source4/heimdal/lib/asn1/der_format.c +++ b/source4/heimdal/lib/asn1/der_format.c @@ -34,7 +34,7 @@ #include "der_locl.h" #include -RCSID("$Id: der_format.c,v 1.2 2006/01/16 23:01:11 lha Exp $"); +RCSID("$Id: der_format.c,v 1.6 2006/10/21 18:24:15 lha Exp $"); int der_parse_hex_heim_integer (const char *p, heim_integer *data) @@ -73,13 +73,13 @@ der_parse_hex_heim_integer (const char *p, heim_integer *data) } { - unsigned char *p = data->data; - while(*p == 0 && len > 0) { - p++; + unsigned char *q = data->data; + while(*q == 0 && len > 0) { + q++; len--; } data->length = len; - memmove(data->data, p, len); + memmove(data->data, q, len); } return 0; } @@ -103,3 +103,65 @@ der_print_hex_heim_integer (const heim_integer *data, char **p) } return 0; } + +int +der_print_heim_oid (const heim_oid *oid, char delim, char **str) +{ + struct rk_strpool *p = NULL; + int i; + + for (i = 0; i < oid->length ; i++) { + p = rk_strpoolprintf(p, "%d%s", + oid->components[i], + i < oid->length - 1 ? " " : ""); + if (p == NULL) { + *str = NULL; + return ENOMEM; + } + } + + *str = rk_strpoolcollect(p); + if (*str == NULL) + return ENOMEM; + return 0; +} + +int +der_parse_heim_oid (const char *str, const char *sep, heim_oid *data) +{ + char *s, *w, *brkt, *endptr; + unsigned int *c; + long l; + + data->length = 0; + data->components = NULL; + + if (sep == NULL) + sep = "."; + + s = strdup(str); + + for (w = strtok_r(s, sep, &brkt); + w != NULL; + w = strtok_r(NULL, sep, &brkt)) { + + c = realloc(data->components, + (data->length + 1) * sizeof(data->components[0])); + if (c == NULL) { + der_free_oid(data); + free(s); + return ENOMEM; + } + data->components = c; + + l = strtol(w, &endptr, 10); + if (*endptr != '\0' || l < 0 || l > INT_MAX) { + der_free_oid(data); + free(s); + return EINVAL; + } + data->components[data->length++] = l; + } + free(s); + return 0; +} diff --git a/source4/heimdal/lib/asn1/der_free.c b/source4/heimdal/lib/asn1/der_free.c index 8959c3b1c3..c3a6a17fff 100644 --- a/source4/heimdal/lib/asn1/der_free.c +++ b/source4/heimdal/lib/asn1/der_free.c @@ -33,37 +33,38 @@ #include "der_locl.h" -RCSID("$Id: der_free.c,v 1.11 2005/07/12 06:27:21 lha Exp $"); +RCSID("$Id: der_free.c,v 1.13 2006/10/14 05:30:47 lha Exp $"); void -free_general_string (heim_general_string *str) +der_free_general_string (heim_general_string *str) { free(*str); *str = NULL; } void -free_utf8string (heim_utf8_string *str) +der_free_utf8string (heim_utf8_string *str) { free(*str); *str = NULL; } void -free_printable_string (heim_printable_string *str) +der_free_printable_string (heim_printable_string *str) { free(*str); *str = NULL; } void -free_ia5_string (heim_ia5_string *str) +der_free_ia5_string (heim_ia5_string *str) { - free_general_string(str); + free(*str); + *str = NULL; } void -free_bmp_string (heim_bmp_string *k) +der_free_bmp_string (heim_bmp_string *k) { free(k->data); k->data = NULL; @@ -71,7 +72,7 @@ free_bmp_string (heim_bmp_string *k) } void -free_universal_string (heim_universal_string *k) +der_free_universal_string (heim_universal_string *k) { free(k->data); k->data = NULL; @@ -79,7 +80,7 @@ free_universal_string (heim_universal_string *k) } void -free_octet_string (heim_octet_string *k) +der_free_octet_string (heim_octet_string *k) { free(k->data); k->data = NULL; @@ -87,7 +88,7 @@ free_octet_string (heim_octet_string *k) } void -free_heim_integer (heim_integer *k) +der_free_heim_integer (heim_integer *k) { free(k->data); k->data = NULL; @@ -95,7 +96,7 @@ free_heim_integer (heim_integer *k) } void -free_oid (heim_oid *k) +der_free_oid (heim_oid *k) { free(k->components); k->components = NULL; @@ -103,7 +104,7 @@ free_oid (heim_oid *k) } void -free_bit_string (heim_bit_string *k) +der_free_bit_string (heim_bit_string *k) { free(k->data); k->data = NULL; diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c index a75ab15c09..7808fa8165 100644 --- a/source4/heimdal/lib/asn1/der_get.c +++ b/source4/heimdal/lib/asn1/der_get.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_get.c,v 1.45 2006/01/20 10:03:50 lha Exp $"); +RCSID("$Id: der_get.c,v 1.50 2006/10/19 16:27:44 lha Exp $"); #include @@ -254,6 +254,8 @@ der_get_heim_integer (const unsigned char *p, size_t len, data->data = malloc(data->length); if (data->data == NULL) { data->length = 0; + if (size) + *size = 0; return ENOMEM; } q = &((unsigned char*)data->data)[data->length - 1]; @@ -276,6 +278,8 @@ der_get_heim_integer (const unsigned char *p, size_t len, data->data = malloc(data->length); if (data->data == NULL && data->length != 0) { data->length = 0; + if (size) + *size = 0; return ENOMEM; } memcpy(data->data, p, data->length); @@ -305,9 +309,10 @@ generalizedtime2time (const char *s, time_t *t) } tm.tm_year -= 1900; tm.tm_mon -= 1; - *t = timegm (&tm); + *t = _der_timegm (&tm); return 0; } +#undef timegm static int der_get_time (const unsigned char *p, size_t len, @@ -378,7 +383,7 @@ der_get_oid (const unsigned char *p, size_t len, u1 = u * 128 + (*p++ % 128); /* check that we don't overflow the element */ if (u1 < u) { - free_oid(data); + der_free_oid(data); return ASN1_OVERRUN; } u = u1; @@ -386,7 +391,7 @@ der_get_oid (const unsigned char *p, size_t len, data->components[n] = u; } if (n > 2 && p[-1] & 0x80) { - free_oid (data); + der_free_oid (data); return ASN1_OVERRUN; } data->length = n; diff --git a/source4/heimdal/lib/asn1/der_length.c b/source4/heimdal/lib/asn1/der_length.c index 2c017ad84e..9b2e9f0998 100644 --- a/source4/heimdal/lib/asn1/der_length.c +++ b/source4/heimdal/lib/asn1/der_length.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_length.c,v 1.18 2006/01/20 10:04:46 lha Exp $"); +RCSID("$Id: der_length.c,v 1.19 2006/10/14 05:26:06 lha Exp $"); size_t _heim_len_unsigned (unsigned val) @@ -98,7 +98,7 @@ len_oid (const heim_oid *oid) } size_t -length_len (size_t len) +der_length_len (size_t len) { if (len < 128) return 1; @@ -113,67 +113,67 @@ length_len (size_t len) } size_t -length_integer (const int *data) +der_length_integer (const int *data) { return _heim_len_int (*data); } size_t -length_unsigned (const unsigned *data) +der_length_unsigned (const unsigned *data) { return _heim_len_unsigned(*data); } size_t -length_enumerated (const unsigned *data) +der_length_enumerated (const unsigned *data) { return _heim_len_int (*data); } size_t -length_general_string (const heim_general_string *data) +der_length_general_string (const heim_general_string *data) { return strlen(*data); } size_t -length_utf8string (const heim_utf8_string *data) +der_length_utf8string (const heim_utf8_string *data) { return strlen(*data); } size_t -length_printable_string (const heim_printable_string *data) +der_length_printable_string (const heim_printable_string *data) { return strlen(*data); } size_t -length_ia5_string (const heim_ia5_string *data) +der_length_ia5_string (const heim_ia5_string *data) { return strlen(*data); } size_t -length_bmp_string (const heim_bmp_string *data) +der_length_bmp_string (const heim_bmp_string *data) { return data->length * 2; } size_t -length_universal_string (const heim_universal_string *data) +der_length_universal_string (const heim_universal_string *data) { return data->length * 4; } size_t -length_octet_string (const heim_octet_string *k) +der_length_octet_string (const heim_octet_string *k) { return k->length; } size_t -length_heim_integer (const heim_integer *k) +der_length_heim_integer (const heim_integer *k) { if (k->length == 0) return 1; @@ -184,13 +184,13 @@ length_heim_integer (const heim_integer *k) } size_t -length_oid (const heim_oid *k) +der_length_oid (const heim_oid *k) { return len_oid (k); } size_t -length_generalized_time (const time_t *t) +der_length_generalized_time (const time_t *t) { heim_octet_string k; size_t ret; @@ -202,7 +202,7 @@ length_generalized_time (const time_t *t) } size_t -length_utctime (const time_t *t) +der_length_utctime (const time_t *t) { heim_octet_string k; size_t ret; @@ -214,13 +214,13 @@ length_utctime (const time_t *t) } size_t -length_boolean (const int *k) +der_length_boolean (const int *k) { return 1; } size_t -length_bit_string (const heim_bit_string *k) +der_length_bit_string (const heim_bit_string *k) { return (k->length + 7) / 8 + 1; } diff --git a/source4/heimdal/lib/asn1/der_locl.h b/source4/heimdal/lib/asn1/der_locl.h index 1127383e6c..1a87aaaee9 100644 --- a/source4/heimdal/lib/asn1/der_locl.h +++ b/source4/heimdal/lib/asn1/der_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: der_locl.h,v 1.6 2005/07/12 06:27:22 lha Exp $ */ +/* $Id: der_locl.h,v 1.8 2006/10/19 16:24:02 lha Exp $ */ #ifndef __DER_LOCL_H__ #define __DER_LOCL_H__ @@ -53,10 +53,7 @@ #include #include -#ifndef HAVE_TIMEGM -time_t timegm (struct tm *); -#endif - +time_t _der_timegm (struct tm *); size_t _heim_len_unsigned (unsigned); size_t _heim_len_int (int); diff --git a/source4/heimdal/lib/asn1/der_put.c b/source4/heimdal/lib/asn1/der_put.c index b006f233ca..2fe90df9a9 100644 --- a/source4/heimdal/lib/asn1/der_put.c +++ b/source4/heimdal/lib/asn1/der_put.c @@ -335,6 +335,9 @@ der_put_utctime (unsigned char *p, size_t len, return 0; } +/* This API is not what you might expect. p is a pointer to the *end* + * (last byte) of the buffer, of length len */ + int der_put_oid (unsigned char *p, size_t len, const heim_oid *data, size_t *size) diff --git a/source4/heimdal/lib/asn1/digest.asn1 b/source4/heimdal/lib/asn1/digest.asn1 new file mode 100644 index 0000000000..1f8f18b5cd --- /dev/null +++ b/source4/heimdal/lib/asn1/digest.asn1 @@ -0,0 +1,115 @@ +-- $Id: digest.asn1,v 1.9 2006/08/25 11:57:54 lha Exp $ + +DIGEST DEFINITIONS ::= +BEGIN + +IMPORTS EncryptedData, Principal FROM krb5; + +DigestInit ::= SEQUENCE { + type UTF8String, -- http, sasl, chap, cram-md5 -- + channel [0] SEQUENCE { + cb-type UTF8String, + cb-binding UTF8String + } OPTIONAL, + hostname [1] UTF8String OPTIONAL -- for chap/cram-md5 +} + +DigestInitReply ::= SEQUENCE { + nonce UTF8String, -- service nonce/challange + opaque UTF8String, -- server state + identifier [0] UTF8String OPTIONAL +} + + +DigestRequest ::= SEQUENCE { + type UTF8String, -- http, sasl-md5, chap, cram-md5 -- + digest UTF8String, -- http:md5/md5-sess sasl:clear/int/conf -- + username UTF8String, -- username user used + authid [0] UTF8String OPTIONAL, + authentication-user [1] Principal OPTIONAL, -- principal to get key from + realm [2] UTF8String OPTIONAL, + method [3] UTF8String OPTIONAL, + uri [4] UTF8String OPTIONAL, + serverNonce UTF8String, -- same as "DigestInitReply.nonce" + clientNonce [5] UTF8String OPTIONAL, + nonceCount [6] UTF8String OPTIONAL, + qop [7] UTF8String OPTIONAL, + identifier [8] UTF8String OPTIONAL, + hostname [9] UTF8String OPTIONAL, + opaque UTF8String -- same as "DigestInitReply.opaque" +} +-- opaque = hex(cksum(type|serverNonce|identifier|hostname,digest-key)) +-- serverNonce = hex(time[4bytes]random[12bytes])(-cbType:cbBinding) + + +DigestError ::= SEQUENCE { + reason UTF8String, + code INTEGER (-2147483648..2147483647) +} + +DigestResponse ::= SEQUENCE { + responseData UTF8String, + rsp [0] UTF8String OPTIONAL, + tickets [1] SEQUENCE OF OCTET STRING OPTIONAL, + channel [2] SEQUENCE { + cb-type UTF8String, + cb-binding UTF8String + } OPTIONAL, + hash-a1 [3] OCTET STRING OPTIONAL +} + +DigestReqInner ::= CHOICE { + init [0] DigestInit, + digestRequest [1] DigestRequest +} + +DigestREQ ::= [APPLICATION 128] SEQUENCE { + apReq [0] OCTET STRING, + innerReq [1] EncryptedData +} + +DigestRepInner ::= CHOICE { + error [0] DigestError, + initReply [1] DigestInitReply, + response [2] DigestResponse +} + +DigestREP ::= [APPLICATION 129] SEQUENCE { + apRep [0] OCTET STRING, + innerRep [1] EncryptedData +} + + +-- HTTP + +-- md5 +-- A1 = unq(username-value) ":" unq(realm-value) ":" passwd +-- md5-sess +-- A1 = HEX(H(unq(username-value) ":" unq(realm-value) ":" passwd ) ":" unq(nonce-value) ":" unq(cnonce-value)) + +-- qop == auth +-- A2 = Method ":" digest-uri-value +-- qop == auth-int +-- A2 = Method ":" digest-uri-value ":" H(entity-body) + +-- request-digest = HEX(KD(HEX(H(A1)), +-- unq(nonce-value) ":" nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" HEX(H(A2)))) +-- no "qop" +-- request-digest = HEX(KD(HEX(H(A1)), unq(nonce-value) ":" HEX(H(A2)))) + + +-- SASL: +-- SS = H( { unq(username-value), ":", unq(realm-value), ":", password } ) +-- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value) } +-- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value), ":", unq(authzid-value) } + +-- A2 = "AUTHENTICATE:", ":", digest-uri-value +-- qop == auth-int,auth-conf +-- A2 = "AUTHENTICATE:", ":", digest-uri-value, ":00000000000000000000000000000000" + +-- response-value = HEX( KD ( HEX(H(A1)), +-- { unq(nonce-value), ":" nc-value, ":", +-- unq(cnonce-value), ":", qop-value, ":", +-- HEX(H(A2)) })) + +END diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c index 3d7c3983ac..c3af316c88 100644 --- a/source4/heimdal/lib/asn1/gen.c +++ b/source4/heimdal/lib/asn1/gen.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c,v 1.67 2006/03/31 02:52:21 lha Exp $"); +RCSID("$Id: gen.c,v 1.69 2006/10/14 05:11:52 lha Exp $"); FILE *headerfile, *codefile, *logfile; @@ -145,6 +145,9 @@ init_generate (const char *filename, const char *base) " size_t length;\n" " void *data;\n" "} heim_bit_string;\n\n"); + fprintf (headerfile, + "typedef struct heim_octet_string heim_any;\n" + "typedef struct heim_octet_string heim_any_set;\n\n"); fputs("#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \\\n" " do { \\\n" " (BL) = length_##T((S)); \\\n" @@ -774,6 +777,7 @@ generate_type (const Symbol *s) generate_type_free (s); generate_type_length (s); generate_type_copy (s); + generate_type_seq (s); generate_glue (s->type, s->gen_name); fprintf(headerfile, "\n\n"); close_codefile(); diff --git a/source4/heimdal/lib/asn1/gen_copy.c b/source4/heimdal/lib/asn1/gen_copy.c index 07b7efba2c..9455f33c6f 100644 --- a/source4/heimdal/lib/asn1/gen_copy.c +++ b/source4/heimdal/lib/asn1/gen_copy.c @@ -33,14 +33,14 @@ #include "gen_locl.h" -RCSID("$Id: gen_copy.c,v 1.16 2005/07/12 06:27:26 lha Exp $"); +RCSID("$Id: gen_copy.c,v 1.18 2006/10/14 05:34:19 lha Exp $"); static int used_fail; static void copy_primitive (const char *typename, const char *from, const char *to) { - fprintf (codefile, "if(copy_%s(%s, %s)) goto fail;\n", + fprintf (codefile, "if(der_copy_%s(%s, %s)) goto fail;\n", typename, from, to); used_fail++; } @@ -86,7 +86,7 @@ copy_type (const char *from, const char *to, const Type *t, int preserve) if ((t->type == TSequence || t->type == TChoice) && preserve) { fprintf(codefile, "{ int ret;\n" - "ret = copy_octet_string(&(%s)->_save, &(%s)->_save);\n" + "ret = der_copy_octet_string(&(%s)->_save, &(%s)->_save);\n" "if (ret) goto fail;\n" "}\n", from, to); @@ -140,7 +140,7 @@ copy_type (const char *from, const char *to, const Type *t, int preserve) if (have_ellipsis) { fprintf(codefile, "case %s: {\n" "int ret;\n" - "ret = copy_octet_string(&(%s)->u.%s, &(%s)->u.%s);\n" + "ret=der_copy_octet_string(&(%s)->u.%s, &(%s)->u.%s);\n" "if (ret) goto fail;\n" "break;\n" "}\n", diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c index 6461a0ada9..193dab40e1 100644 --- a/source4/heimdal/lib/asn1/gen_decode.c +++ b/source4/heimdal/lib/asn1/gen_decode.c @@ -34,7 +34,7 @@ #include "gen_locl.h" #include "lex.h" -RCSID("$Id: gen_decode.c,v 1.29 2005/09/21 00:30:37 lha Exp $"); +RCSID("$Id: gen_decode.c,v 1.30 2006/09/24 09:13:12 lha Exp $"); static void decode_primitive (const char *typename, const char *name, const char *forwstr) @@ -307,7 +307,7 @@ decode_type (const char *name, const Type *t, int optional, decode_type (s, m->type, m->optional, forwstr, m->gen_name); free (s); } - + break; } case TSet: { @@ -632,7 +632,7 @@ generate_type_decode (const Symbol *s) case TType: case TChoice: fprintf (codefile, - "size_t ret = 0, reallen;\n" + "size_t ret = 0;\n" "size_t l;\n" "int e;\n"); if (preserve) @@ -640,7 +640,6 @@ generate_type_decode (const Symbol *s) fprintf (codefile, "\n"); fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); /* hack to avoid `unused variable' */ - fprintf (codefile, "reallen = 0;\n"); decode_type ("data", s->type, 0, "goto fail", "Top"); if (preserve) diff --git a/source4/heimdal/lib/asn1/gen_free.c b/source4/heimdal/lib/asn1/gen_free.c index 36c7474a03..2b143bf818 100644 --- a/source4/heimdal/lib/asn1/gen_free.c +++ b/source4/heimdal/lib/asn1/gen_free.c @@ -33,12 +33,12 @@ #include "gen_locl.h" -RCSID("$Id: gen_free.c,v 1.14 2005/07/25 21:28:29 lha Exp $"); +RCSID("$Id: gen_free.c,v 1.16 2006/10/14 05:33:58 lha Exp $"); static void free_primitive (const char *typename, const char *name) { - fprintf (codefile, "free_%s(%s);\n", typename, name); + fprintf (codefile, "der_free_%s(%s);\n", typename, name); } static void @@ -78,7 +78,7 @@ free_type (const char *name, const Type *t, int preserve) break; if ((t->type == TSequence || t->type == TChoice) && preserve) - fprintf(codefile, "free_octet_string(&data->_save);\n"); + fprintf(codefile, "der_free_octet_string(&data->_save);\n"); if(t->type == TChoice) fprintf(codefile, "switch((%s)->element) {\n", name); @@ -115,7 +115,7 @@ free_type (const char *name, const Type *t, int preserve) if (have_ellipsis) fprintf(codefile, "case %s:\n" - "free_octet_string(&(%s)->u.%s);\n" + "der_free_octet_string(&(%s)->u.%s);\n" "break;", have_ellipsis->label, name, have_ellipsis->gen_name); diff --git a/source4/heimdal/lib/asn1/gen_length.c b/source4/heimdal/lib/asn1/gen_length.c index f3869fa5f2..0c92225b92 100644 --- a/source4/heimdal/lib/asn1/gen_length.c +++ b/source4/heimdal/lib/asn1/gen_length.c @@ -33,14 +33,14 @@ #include "gen_locl.h" -RCSID("$Id: gen_length.c,v 1.19 2005/08/23 11:51:41 lha Exp $"); +RCSID("$Id: gen_length.c,v 1.21 2006/10/14 05:28:28 lha Exp $"); static void length_primitive (const char *typename, const char *name, const char *variable) { - fprintf (codefile, "%s += length_%s(%s);\n", variable, typename, name); + fprintf (codefile, "%s += der_length_%s(%s);\n", variable, typename, name); } static size_t @@ -247,7 +247,7 @@ length_type (const char *name, const Type *t, if (tname == NULL) errx(1, "malloc"); length_type (name, t->subtype, variable, tname); - fprintf (codefile, "ret += %lu + length_len (ret);\n", + fprintf (codefile, "ret += %lu + der_length_len (ret);\n", (unsigned long)length_tag(t->tag.tagvalue)); free(tname); break; diff --git a/source4/heimdal/lib/asn1/gen_locl.h b/source4/heimdal/lib/asn1/gen_locl.h index 5a2ba85c7a..c9ea714c5f 100644 --- a/source4/heimdal/lib/asn1/gen_locl.h +++ b/source4/heimdal/lib/asn1/gen_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gen_locl.h,v 1.13 2005/08/23 10:48:15 lha Exp $ */ +/* $Id: gen_locl.h,v 1.14 2006/09/05 12:29:18 lha Exp $ */ #ifndef __GEN_LOCL_H__ #define __GEN_LOCL_H__ @@ -58,11 +58,10 @@ void generate_type (const Symbol *); void generate_constant (const Symbol *); void generate_type_encode (const Symbol *); void generate_type_decode (const Symbol *); -void generate_seq_type_decode (const Symbol *); void generate_type_free (const Symbol *); void generate_type_length (const Symbol *); void generate_type_copy (const Symbol *); -void generate_type_maybe (const Symbol *); +void generate_type_seq (const Symbol *); void generate_glue (const Type *, const char*); const char *classname(Der_class); @@ -79,6 +78,7 @@ void add_import(const char *); int yyparse(void); int preserve_type(const char *); +int seq_type(const char *); extern FILE *headerfile, *codefile, *logfile; extern int dce_fix; diff --git a/source4/heimdal/lib/asn1/gen_seq.c b/source4/heimdal/lib/asn1/gen_seq.c new file mode 100644 index 0000000000..fa3813fd61 --- /dev/null +++ b/source4/heimdal/lib/asn1/gen_seq.c @@ -0,0 +1,119 @@ +/* + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gen_locl.h" + +RCSID("$Id: gen_seq.c,v 1.4 2006/10/04 10:18:10 lha Exp $"); + +void +generate_type_seq (const Symbol *s) +{ + char *subname; + Type *type; + + if (!seq_type(s->name)) + return; + type = s->type; + while(type->type == TTag) + type = type->subtype; + + if (type->type != TSequenceOf) { + printf("%s not seq of %d\n", s->name, (int)type->type); + return; + } + + /* + * Require the subtype to be a type so we can name it and use + * copy_/free_ + */ + + if (type->subtype->type != TType) { + fprintf(stderr, "%s subtype is not a type, can't generate " + "sequence code for this case: %d\n", + s->name, (int)type->subtype->type); + exit(1); + } + + subname = type->subtype->symbol->gen_name; + + fprintf (headerfile, + "int add_%s (%s *, const %s *);\n" + "int remove_%s (%s *, unsigned int);\n", + s->gen_name, s->gen_name, subname, + s->gen_name, s->gen_name); + + fprintf (codefile, "int\n" + "add_%s(%s *data, const %s *element)\n" + "{\n", + s->gen_name, s->gen_name, subname); + + fprintf (codefile, + "int ret;\n" + "void *ptr;\n" + "\n" + "ptr = realloc(data->val, \n" + "\t(data->len + 1) * sizeof(data->val[0]));\n" + "if (ptr == NULL) return ENOMEM;\n" + "data->val = ptr;\n\n" + "ret = copy_%s(element, &data->val[data->len]);\n" + "if (ret) return ret;\n" + "data->len++;\n" + "return 0;\n", + subname); + + fprintf (codefile, "}\n\n"); + + fprintf (codefile, "int\n" + "remove_%s(%s *data, unsigned int element)\n" + "{\n", + s->gen_name, s->gen_name); + + fprintf (codefile, + "void *ptr;\n" + "\n" + "if (data->len == 0 || element >= data->len)\n" + "\treturn ASN1_OVERRUN;\n" + "free_%s(&data->val[element]);\n" + "data->len--;\n" + /* don't move if its the last element */ + "if (element < data->len)\n" + "\tmemmove(&data->val[element], &data->val[element + 1], \n" + "\t\tsizeof(data->val[0]) * data->len);\n" + /* resize but don't care about failures since it doesn't matter */ + "ptr = realloc(data->val, data->len * sizeof(data->val[0]));\n" + "if (ptr) data->val = ptr;\n" + "return 0;\n", + subname); + + fprintf (codefile, "}\n\n"); +} diff --git a/source4/heimdal/lib/asn1/heim_asn1.h b/source4/heimdal/lib/asn1/heim_asn1.h index 99f8e9514a..afee6f4218 100644 --- a/source4/heimdal/lib/asn1/heim_asn1.h +++ b/source4/heimdal/lib/asn1/heim_asn1.h @@ -34,9 +34,6 @@ #ifndef __HEIM_ANY_H__ #define __HEIM_ANY_H__ 1 -typedef struct heim_octet_string heim_any; -typedef struct heim_octet_string heim_any_set; - int encode_heim_any(unsigned char *, size_t, const heim_any *, size_t *); int decode_heim_any(const unsigned char *, size_t, heim_any *, size_t *); void free_heim_any(heim_any *); diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1 index e314adee0e..3f501f0592 100644 --- a/source4/heimdal/lib/asn1/k5.asn1 +++ b/source4/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1,v 1.47 2006/03/27 22:52:11 lha Exp $ +-- $Id: k5.asn1,v 1.50 2006/09/11 13:28:59 lha Exp $ KERBEROS5 DEFINITIONS ::= BEGIN @@ -70,10 +70,11 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-TD-REQ-NONCE(107), -- INTEGER KRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER KRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com - KRB5-PADATA-PK-AS-09-BINDING(132) -- client send this to + KRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to -- tell KDC that is supports -- the asCheckSum in the -- PK-AS-REP + KRB5-PADATA-S4U2SELF(-17) } AUTHDATA-TYPE ::= INTEGER { @@ -89,7 +90,8 @@ AUTHDATA-TYPE ::= INTEGER { KRB5-AUTHDATA-SESAME(65), KRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66), KRB5-AUTHDATA-WIN2K-PAC(128), - KRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129) -- Authenticator only + KRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129), -- Authenticator only + KRB5-AUTHDATA-SIGNTICKET(-17) } -- checksumtypes @@ -138,12 +140,7 @@ ENCTYPE ::= INTEGER { ETYPE_DES_CFB64_NONE(-0x1002), ETYPE_DES_PCBC_NONE(-0x1003), ETYPE_DIGEST_MD5_NONE(-0x1004), -- private use, lukeh@padl.com - ETYPE_CRAM_MD5_NONE(-0x1005), -- private use, lukeh@padl.com - ETYPE_RC2_CBC_NONE(-0x1006), - ETYPE_AES128_CBC_NONE(-0x1007), - ETYPE_AES192_CBC_NONE(-0x1008), - ETYPE_AES256_CBC_NONE(-0x1009), - ETYPE_DES3_CBC_NONE_CMS(-0x100a) + ETYPE_CRAM_MD5_NONE(-0x1005) -- private use, lukeh@padl.com } @@ -186,11 +183,13 @@ HostAddresses ::= SEQUENCE OF HostAddress KerberosTime ::= GeneralizedTime -- Specifying UTC time zone (Z) -AuthorizationData ::= SEQUENCE OF SEQUENCE { +AuthorizationDataElement ::= SEQUENCE { ad-type[0] krb5int32, ad-data[1] OCTET STRING } +AuthorizationData ::= SEQUENCE OF AuthorizationDataElement + APOptions ::= BIT STRING { reserved(0), use-session-key(1), @@ -307,7 +306,7 @@ Authenticator ::= [APPLICATION 2] SEQUENCE { subkey[6] EncryptionKey OPTIONAL, seq-number[7] krb5uint32 OPTIONAL, authorization-data[8] AuthorizationData OPTIONAL - } +} PA-DATA ::= SEQUENCE { -- might be encoded AP-REQ @@ -601,16 +600,29 @@ PA-ENC-SAM-RESPONSE-ENC ::= SEQUENCE { ... } --- This is really part of CMS, but its here because KCRYPTO provides --- the crypto framework for CMS glue in heimdal. - -RC2CBCParameter ::= SEQUENCE { - rc2ParameterVersion krb5int32, - iv OCTET STRING -- exactly 8 octets +PA-S4U2Self ::= SEQUENCE { + name[0] PrincipalName, + realm[1] Realm, + cksum[2] Checksum, + auth[3] GeneralString } -CBCParameter ::= OCTET STRING +KRB5SignedPathPrincipals ::= SEQUENCE OF Principal +-- never encoded on the wire, just used to checksum over +KRB5SignedPathData ::= SEQUENCE { + encticket[0] EncTicketPart, + delegated[1] KRB5SignedPathPrincipals OPTIONAL +} + +KRB5SignedPath ::= SEQUENCE { + -- DERcoded KRB5SignedPathData + -- krbtgt key (etype), KeyUsage = XXX + etype[0] ENCTYPE, + cksum[1] Checksum, + -- srvs delegated though + delegated[2] KRB5SignedPathPrincipals OPTIONAL +} END diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index 70e893197d..10b4d65a7e 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -1,94 +1,32 @@ -#include "config.h" +/* A lexical scanner generated by flex*/ -#line 3 "lex.yy.c" - -#define YY_INT_ALIGNED short int - -/* A lexical scanner generated by flex */ +/* Scanner skeleton version: + * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ + */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 33 -#if YY_FLEX_SUBMINOR_VERSION > 0 -#define FLEX_BETA -#endif -/* First, we deal with platform-specific or compiler-specific issues. */ - -/* begin standard C headers. */ #include -#include -#include -#include - -/* end standard C headers. */ - -/* flex integer type definitions */ - -#ifndef FLEXINT_H -#define FLEXINT_H - -/* C99 systems have . Non-C99 systems may or may not. */ - -#if __STDC_VERSION__ >= 199901L - -/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, - * if you want the limit (max/min) macros for int types. - */ -#ifndef __STDC_LIMIT_MACROS -#define __STDC_LIMIT_MACROS 1 -#endif +#include -#include -typedef int8_t flex_int8_t; -typedef uint8_t flex_uint8_t; -typedef int16_t flex_int16_t; -typedef uint16_t flex_uint16_t; -typedef int32_t flex_int32_t; -typedef uint32_t flex_uint32_t; -#else -typedef signed char flex_int8_t; -typedef short int flex_int16_t; -typedef int flex_int32_t; -typedef unsigned char flex_uint8_t; -typedef unsigned short int flex_uint16_t; -typedef unsigned int flex_uint32_t; -#endif /* ! C99 */ -/* Limits of integral types. */ -#ifndef INT8_MIN -#define INT8_MIN (-128) -#endif -#ifndef INT16_MIN -#define INT16_MIN (-32767-1) -#endif -#ifndef INT32_MIN -#define INT32_MIN (-2147483647-1) -#endif -#ifndef INT8_MAX -#define INT8_MAX (127) -#endif -#ifndef INT16_MAX -#define INT16_MAX (32767) -#endif -#ifndef INT32_MAX -#define INT32_MAX (2147483647) -#endif -#ifndef UINT8_MAX -#define UINT8_MAX (255U) -#endif -#ifndef UINT16_MAX -#define UINT16_MAX (65535U) +/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ +#ifdef c_plusplus +#ifndef __cplusplus +#define __cplusplus #endif -#ifndef UINT32_MAX -#define UINT32_MAX (4294967295U) #endif -#endif /* ! FLEXINT_H */ #ifdef __cplusplus +#include + +/* Use prototypes in function declarations. */ +#define YY_USE_PROTOS + /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST @@ -96,17 +34,34 @@ typedef unsigned int flex_uint32_t; #if __STDC__ +#define YY_USE_PROTOS #define YY_USE_CONST #endif /* __STDC__ */ #endif /* ! __cplusplus */ +#ifdef __TURBOC__ + #pragma warn -rch + #pragma warn -use +#include +#include +#define YY_USE_CONST +#define YY_USE_PROTOS +#endif + #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif + +#ifdef YY_USE_PROTOS +#define YY_PROTO(proto) proto +#else +#define YY_PROTO(proto) () +#endif + /* Returned upon end-of-file. */ #define YY_NULL 0 @@ -121,75 +76,80 @@ typedef unsigned int flex_uint32_t; * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ -#define BEGIN (yy_start) = 1 + 2 * +#define BEGIN yy_start = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ -#define YY_START (((yy_start) - 1) / 2) +#define YY_START ((yy_start - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart(yyin ) +#define YY_NEW_FILE yyrestart( yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ -#ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 -#endif - -/* The state buf must be large enough to hold one state per character in the main buffer. - */ -#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) -#ifndef YY_TYPEDEF_YY_BUFFER_STATE -#define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; -#endif extern int yyleng; - extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 - #define YY_LESS_LINENO(n) - -/* Return all but the first "n" matched characters back to the input stream. */ +/* The funky do-while in the following #define is used to turn the definition + * int a single C statement (which needs a semi-colon terminator). This + * avoids problems with code like: + * + * if ( condition_holds ) + * yyless( 5 ); + * else + * do_something_else(); + * + * Prior to using the do-while the compiler would get upset at the + * "else" because it interpreted the "if" statement as being all + * done when it reached the ';' after the yyless() call. + */ + +/* Return all but the first 'n' matched characters back to the input stream. */ + #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - *yy_cp = (yy_hold_char); \ + *yy_cp = yy_hold_char; \ YY_RESTORE_YY_MORE_OFFSET \ - (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ + yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) -#define unput(c) yyunput( c, (yytext_ptr) ) +#define unput(c) yyunput( c, yytext_ptr ) + +/* Some routines like yy_flex_realloc() are emitted as static but are + not called by all lexers. This generates warnings in some compilers, + notably GCC. Arrange to suppress these. */ +#ifdef __GNUC__ +#define YY_MAY_BE_UNUSED __attribute__((unused)) +#else +#define YY_MAY_BE_UNUSED +#endif /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). */ - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T typedef unsigned int yy_size_t; -#endif -#ifndef YY_STRUCT_YY_BUFFER_STATE -#define YY_STRUCT_YY_BUFFER_STATE + struct yy_buffer_state { FILE *yy_input_file; @@ -226,16 +186,12 @@ struct yy_buffer_state */ int yy_at_bol; - int yy_bs_lineno; /**< The line count. */ - int yy_bs_column; /**< The column count. */ - /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; - #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process @@ -249,38 +205,28 @@ struct yy_buffer_state * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 - }; -#endif /* !YY_STRUCT_YY_BUFFER_STATE */ -/* Stack of input buffers. */ -static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ -static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ -static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ +static YY_BUFFER_STATE yy_current_buffer = 0; /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". - * - * Returns the top of the stack, or NULL. */ -#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ - ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ - : NULL) +#define YY_CURRENT_BUFFER yy_current_buffer -/* Same as previous macro, but useful when we know that the buffer stack is not - * NULL or when we need an lvalue. For internal use only. - */ -#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; + static int yy_n_chars; /* number of characters read into yy_ch_buf */ + + int yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; -static int yy_init = 0; /* whether we need to initialize */ +static int yy_init = 1; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ /* Flag which is used to allow yywrap()'s to do buffer switches @@ -288,92 +234,66 @@ static int yy_start = 0; /* start state number */ */ static int yy_did_buffer_switch_on_eof; -void yyrestart (FILE *input_file ); -void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); -YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); -void yy_delete_buffer (YY_BUFFER_STATE b ); -void yy_flush_buffer (YY_BUFFER_STATE b ); -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); -void yypop_buffer_state (void ); - -static void yyensure_buffer_stack (void ); -static void yy_load_buffer_state (void ); -static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); +void yyrestart YY_PROTO(( FILE *input_file )); -#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) +void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); +void yy_load_buffer_state YY_PROTO(( void )); +YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); +void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); +void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); +void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); +#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) -YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); -YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); +YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); +YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); +YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); -void *yyalloc (yy_size_t ); -void *yyrealloc (void *,yy_size_t ); -void yyfree (void * ); +static void *yy_flex_alloc YY_PROTO(( yy_size_t )); +static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )) YY_MAY_BE_UNUSED; +static void yy_flex_free YY_PROTO(( void * )); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ - if ( ! YY_CURRENT_BUFFER ){ \ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ - if ( ! YY_CURRENT_BUFFER ){\ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_at_bol = at_bol; \ } -#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) - -/* Begin user sect3 */ +#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) typedef unsigned char YY_CHAR; - FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; - typedef int yy_state_type; - -extern int yylineno; - -int yylineno = 1; - extern char *yytext; #define yytext_ptr yytext -static yy_state_type yy_get_previous_state (void ); -static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); -static int yy_get_next_buffer (void ); -static void yy_fatal_error (yyconst char msg[] ); +static yy_state_type yy_get_previous_state YY_PROTO(( void )); +static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); +static int yy_get_next_buffer YY_PROTO(( void )); +static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ - (yytext_ptr) = yy_bp; \ - yyleng = (size_t) (yy_cp - yy_bp); \ - (yy_hold_char) = *yy_cp; \ + yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yy_hold_char = *yy_cp; \ *yy_cp = '\0'; \ - (yy_c_buf_p) = yy_cp; + yy_c_buf_p = yy_cp; #define YY_NUM_RULES 95 #define YY_END_OF_BUFFER 96 -/* This struct is not used in this scanner, - but its presence is necessary. */ -struct yy_trans_info - { - flex_int32_t yy_verify; - flex_int32_t yy_nxt; - }; -static yyconst flex_int16_t yy_accept[568] = +static yyconst short int yy_accept[568] = { 0, 0, 0, 96, 94, 90, 91, 87, 81, 81, 94, 94, 88, 88, 94, 89, 89, 89, 89, 89, 89, @@ -439,7 +359,7 @@ static yyconst flex_int16_t yy_accept[568] = 32, 89, 59, 70, 77, 53, 0 } ; -static yyconst flex_int32_t yy_ec[256] = +static yyconst int yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -471,7 +391,7 @@ static yyconst flex_int32_t yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst flex_int32_t yy_meta[70] = +static yyconst int yy_meta[70] = { 0, 1, 1, 1, 1, 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, 3, 3, 1, 1, 3, 3, @@ -482,7 +402,7 @@ static yyconst flex_int32_t yy_meta[70] = 2, 2, 2, 2, 2, 2, 2, 2, 2 } ; -static yyconst flex_int16_t yy_base[570] = +static yyconst short int yy_base[570] = { 0, 0, 0, 636, 637, 637, 637, 637, 637, 63, 627, 628, 70, 77, 616, 74, 72, 76, 609, 65, 81, @@ -548,7 +468,7 @@ static yyconst flex_int16_t yy_base[570] = 0, 101, 0, 0, 0, 0, 637, 223, 69 } ; -static yyconst flex_int16_t yy_def[570] = +static yyconst short int yy_def[570] = { 0, 567, 1, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 568, 568, 568, 568, 568, 568, @@ -614,7 +534,7 @@ static yyconst flex_int16_t yy_def[570] = 568, 568, 568, 568, 568, 568, 0, 567, 567 } ; -static yyconst flex_int16_t yy_nxt[707] = +static yyconst short int yy_nxt[707] = { 0, 4, 5, 6, 7, 8, 4, 9, 10, 11, 12, 13, 13, 13, 13, 13, 13, 14, 4, 15, 16, @@ -696,7 +616,7 @@ static yyconst flex_int16_t yy_nxt[707] = 567, 567, 567, 567, 567, 567 } ; -static yyconst flex_int16_t yy_chk[707] = +static yyconst short int yy_chk[707] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -781,9 +701,6 @@ static yyconst flex_int16_t yy_chk[707] = static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; -extern int yy_flex_debug; -int yy_flex_debug = 0; - /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ @@ -793,6 +710,7 @@ int yy_flex_debug = 0; #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "lex.l" +#define INITIAL 0 #line 2 "lex.l" /* * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan @@ -827,7 +745,7 @@ char *yytext; * SUCH DAMAGE. */ -/* $Id: lex.l,v 1.27 2005/09/13 18:17:16 lha Exp $ */ +/* $Id: lex.l,v 1.31 2006/10/21 11:57:22 lha Exp $ */ #ifdef HAVE_CONFIG_H #include @@ -851,23 +769,8 @@ static unsigned lineno = 1; static void unterminated(const char *, unsigned); -#line 854 "lex.yy.c" - -#define INITIAL 0 - -#ifndef YY_NO_UNISTD_H -/* Special case for "unistd.h", since it is non-ANSI. We include it way - * down here because we want the user's section 1 to have been scanned first. - * The user has a chance to override it with an option. - */ -#include -#endif - -#ifndef YY_EXTRA_TYPE -#define YY_EXTRA_TYPE void * -#endif - -static int yy_init_globals (void ); +/* This is for broken old lexes (solaris 10 and hpux) */ +#line 774 "lex.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -875,30 +778,65 @@ static int yy_init_globals (void ); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int yywrap (void ); +extern "C" int yywrap YY_PROTO(( void )); #else -extern int yywrap (void ); +extern int yywrap YY_PROTO(( void )); +#endif #endif + +#ifndef YY_NO_UNPUT +static void yyunput YY_PROTO(( int c, char *buf_ptr )); #endif - static void yyunput (int c,char *buf_ptr ); - #ifndef yytext_ptr -static void yy_flex_strncpy (char *,yyconst char *,int ); +static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * ); +static int yy_flex_strlen YY_PROTO(( yyconst char * )); #endif #ifndef YY_NO_INPUT - #ifdef __cplusplus -static int yyinput (void ); +static int yyinput YY_PROTO(( void )); +#else +static int input YY_PROTO(( void )); +#endif +#endif + +#if YY_STACK_USED +static int yy_start_stack_ptr = 0; +static int yy_start_stack_depth = 0; +static int *yy_start_stack = 0; +#ifndef YY_NO_PUSH_STATE +static void yy_push_state YY_PROTO(( int new_state )); +#endif +#ifndef YY_NO_POP_STATE +static void yy_pop_state YY_PROTO(( void )); +#endif +#ifndef YY_NO_TOP_STATE +static int yy_top_state YY_PROTO(( void )); +#endif + #else -static int input (void ); +#define YY_NO_PUSH_STATE 1 +#define YY_NO_POP_STATE 1 +#define YY_NO_TOP_STATE 1 #endif +#ifdef YY_MALLOC_DECL +YY_MALLOC_DECL +#else +#if __STDC__ +#ifndef __cplusplus +#include +#endif +#else +/* Just try to get by without declaring the routines. This will fail + * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) + * or sizeof(void*) != sizeof(int). + */ +#endif #endif /* Amount of stuff to slurp up with each read. */ @@ -907,6 +845,7 @@ static int input (void ); #endif /* Copy whatever the last rule matched to the standard output. */ + #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). @@ -919,10 +858,9 @@ static int input (void ); */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + if ( yy_current_buffer->yy_is_interactive ) \ { \ - int c = '*'; \ - size_t n; \ + int c = '*', n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -932,22 +870,9 @@ static int input (void ); YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ - else \ - { \ - errno=0; \ - while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ - { \ - if( errno != EINTR) \ - { \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - break; \ - } \ - errno=0; \ - clearerr(yyin); \ - } \ - }\ -\ - + else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ + && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - @@ -968,18 +893,12 @@ static int input (void ); #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif -/* end tables serialization structures and prototypes */ - /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL -#define YY_DECL_IS_OURS 1 - -extern int yylex (void); - -#define YY_DECL int yylex (void) -#endif /* !YY_DECL */ +#define YY_DECL int yylex YY_PROTO(( void )) +#endif /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. @@ -996,28 +915,26 @@ extern int yylex (void); #define YY_RULE_SETUP \ YY_USER_ACTION -/** The main scanner function which does all the work. - */ YY_DECL -{ + { register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; + register char *yy_cp = NULL, *yy_bp = NULL; register int yy_act; - -#line 62 "lex.l" -#line 1009 "lex.yy.c" +#line 68 "lex.l" + +#line 927 "lex.c" - if ( !(yy_init) ) + if ( yy_init ) { - (yy_init) = 1; + yy_init = 0; #ifdef YY_USER_INIT YY_USER_INIT; #endif - if ( ! (yy_start) ) - (yy_start) = 1; /* first start state */ + if ( ! yy_start ) + yy_start = 1; /* first start state */ if ( ! yyin ) yyin = stdin; @@ -1025,36 +942,34 @@ YY_DECL if ( ! yyout ) yyout = stdout; - if ( ! YY_CURRENT_BUFFER ) { - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); - } + if ( ! yy_current_buffer ) + yy_current_buffer = + yy_create_buffer( yyin, YY_BUF_SIZE ); - yy_load_buffer_state( ); + yy_load_buffer_state(); } while ( 1 ) /* loops until end-of-file is reached */ { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; /* Support of yytext. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; - yy_current_state = (yy_start); + yy_current_state = yy_start; yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1071,447 +986,449 @@ yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; + do_action: /* This label is used only to access EOF actions. */ + switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = (yy_hold_char); - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + *yy_cp = yy_hold_char; + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; goto yy_find_action; case 1: YY_RULE_SETUP -#line 63 "lex.l" +#line 69 "lex.l" { return kw_ABSENT; } YY_BREAK case 2: YY_RULE_SETUP -#line 64 "lex.l" +#line 70 "lex.l" { return kw_ABSTRACT_SYNTAX; } YY_BREAK case 3: YY_RULE_SETUP -#line 65 "lex.l" +#line 71 "lex.l" { return kw_ALL; } YY_BREAK case 4: YY_RULE_SETUP -#line 66 "lex.l" +#line 72 "lex.l" { return kw_APPLICATION; } YY_BREAK case 5: YY_RULE_SETUP -#line 67 "lex.l" +#line 73 "lex.l" { return kw_AUTOMATIC; } YY_BREAK case 6: YY_RULE_SETUP -#line 68 "lex.l" +#line 74 "lex.l" { return kw_BEGIN; } YY_BREAK case 7: YY_RULE_SETUP -#line 69 "lex.l" +#line 75 "lex.l" { return kw_BIT; } YY_BREAK case 8: YY_RULE_SETUP -#line 70 "lex.l" +#line 76 "lex.l" { return kw_BMPString; } YY_BREAK case 9: YY_RULE_SETUP -#line 71 "lex.l" +#line 77 "lex.l" { return kw_BOOLEAN; } YY_BREAK case 10: YY_RULE_SETUP -#line 72 "lex.l" +#line 78 "lex.l" { return kw_BY; } YY_BREAK case 11: YY_RULE_SETUP -#line 73 "lex.l" +#line 79 "lex.l" { return kw_CHARACTER; } YY_BREAK case 12: YY_RULE_SETUP -#line 74 "lex.l" +#line 80 "lex.l" { return kw_CHOICE; } YY_BREAK case 13: YY_RULE_SETUP -#line 75 "lex.l" +#line 81 "lex.l" { return kw_CLASS; } YY_BREAK case 14: YY_RULE_SETUP -#line 76 "lex.l" +#line 82 "lex.l" { return kw_COMPONENT; } YY_BREAK case 15: YY_RULE_SETUP -#line 77 "lex.l" +#line 83 "lex.l" { return kw_COMPONENTS; } YY_BREAK case 16: YY_RULE_SETUP -#line 78 "lex.l" +#line 84 "lex.l" { return kw_CONSTRAINED; } YY_BREAK case 17: YY_RULE_SETUP -#line 79 "lex.l" +#line 85 "lex.l" { return kw_CONTAINING; } YY_BREAK case 18: YY_RULE_SETUP -#line 80 "lex.l" +#line 86 "lex.l" { return kw_DEFAULT; } YY_BREAK case 19: YY_RULE_SETUP -#line 81 "lex.l" +#line 87 "lex.l" { return kw_DEFINITIONS; } YY_BREAK case 20: YY_RULE_SETUP -#line 82 "lex.l" +#line 88 "lex.l" { return kw_EMBEDDED; } YY_BREAK case 21: YY_RULE_SETUP -#line 83 "lex.l" +#line 89 "lex.l" { return kw_ENCODED; } YY_BREAK case 22: YY_RULE_SETUP -#line 84 "lex.l" +#line 90 "lex.l" { return kw_END; } YY_BREAK case 23: YY_RULE_SETUP -#line 85 "lex.l" +#line 91 "lex.l" { return kw_ENUMERATED; } YY_BREAK case 24: YY_RULE_SETUP -#line 86 "lex.l" +#line 92 "lex.l" { return kw_EXCEPT; } YY_BREAK case 25: YY_RULE_SETUP -#line 87 "lex.l" +#line 93 "lex.l" { return kw_EXPLICIT; } YY_BREAK case 26: YY_RULE_SETUP -#line 88 "lex.l" +#line 94 "lex.l" { return kw_EXPORTS; } YY_BREAK case 27: YY_RULE_SETUP -#line 89 "lex.l" +#line 95 "lex.l" { return kw_EXTENSIBILITY; } YY_BREAK case 28: YY_RULE_SETUP -#line 90 "lex.l" +#line 96 "lex.l" { return kw_EXTERNAL; } YY_BREAK case 29: YY_RULE_SETUP -#line 91 "lex.l" +#line 97 "lex.l" { return kw_FALSE; } YY_BREAK case 30: YY_RULE_SETUP -#line 92 "lex.l" +#line 98 "lex.l" { return kw_FROM; } YY_BREAK case 31: YY_RULE_SETUP -#line 93 "lex.l" +#line 99 "lex.l" { return kw_GeneralString; } YY_BREAK case 32: YY_RULE_SETUP -#line 94 "lex.l" +#line 100 "lex.l" { return kw_GeneralizedTime; } YY_BREAK case 33: YY_RULE_SETUP -#line 95 "lex.l" +#line 101 "lex.l" { return kw_GraphicString; } YY_BREAK case 34: YY_RULE_SETUP -#line 96 "lex.l" +#line 102 "lex.l" { return kw_IA5String; } YY_BREAK case 35: YY_RULE_SETUP -#line 97 "lex.l" +#line 103 "lex.l" { return kw_IDENTIFIER; } YY_BREAK case 36: YY_RULE_SETUP -#line 98 "lex.l" +#line 104 "lex.l" { return kw_IMPLICIT; } YY_BREAK case 37: YY_RULE_SETUP -#line 99 "lex.l" +#line 105 "lex.l" { return kw_IMPLIED; } YY_BREAK case 38: YY_RULE_SETUP -#line 100 "lex.l" +#line 106 "lex.l" { return kw_IMPORTS; } YY_BREAK case 39: YY_RULE_SETUP -#line 101 "lex.l" +#line 107 "lex.l" { return kw_INCLUDES; } YY_BREAK case 40: YY_RULE_SETUP -#line 102 "lex.l" +#line 108 "lex.l" { return kw_INSTANCE; } YY_BREAK case 41: YY_RULE_SETUP -#line 103 "lex.l" +#line 109 "lex.l" { return kw_INTEGER; } YY_BREAK case 42: YY_RULE_SETUP -#line 104 "lex.l" +#line 110 "lex.l" { return kw_INTERSECTION; } YY_BREAK case 43: YY_RULE_SETUP -#line 105 "lex.l" +#line 111 "lex.l" { return kw_ISO646String; } YY_BREAK case 44: YY_RULE_SETUP -#line 106 "lex.l" +#line 112 "lex.l" { return kw_MAX; } YY_BREAK case 45: YY_RULE_SETUP -#line 107 "lex.l" +#line 113 "lex.l" { return kw_MIN; } YY_BREAK case 46: YY_RULE_SETUP -#line 108 "lex.l" +#line 114 "lex.l" { return kw_MINUS_INFINITY; } YY_BREAK case 47: YY_RULE_SETUP -#line 109 "lex.l" +#line 115 "lex.l" { return kw_NULL; } YY_BREAK case 48: YY_RULE_SETUP -#line 110 "lex.l" +#line 116 "lex.l" { return kw_NumericString; } YY_BREAK case 49: YY_RULE_SETUP -#line 111 "lex.l" +#line 117 "lex.l" { return kw_OBJECT; } YY_BREAK case 50: YY_RULE_SETUP -#line 112 "lex.l" +#line 118 "lex.l" { return kw_OCTET; } YY_BREAK case 51: YY_RULE_SETUP -#line 113 "lex.l" +#line 119 "lex.l" { return kw_OF; } YY_BREAK case 52: YY_RULE_SETUP -#line 114 "lex.l" +#line 120 "lex.l" { return kw_OPTIONAL; } YY_BREAK case 53: YY_RULE_SETUP -#line 115 "lex.l" +#line 121 "lex.l" { return kw_ObjectDescriptor; } YY_BREAK case 54: YY_RULE_SETUP -#line 116 "lex.l" +#line 122 "lex.l" { return kw_PATTERN; } YY_BREAK case 55: YY_RULE_SETUP -#line 117 "lex.l" +#line 123 "lex.l" { return kw_PDV; } YY_BREAK case 56: YY_RULE_SETUP -#line 118 "lex.l" +#line 124 "lex.l" { return kw_PLUS_INFINITY; } YY_BREAK case 57: YY_RULE_SETUP -#line 119 "lex.l" +#line 125 "lex.l" { return kw_PRESENT; } YY_BREAK case 58: YY_RULE_SETUP -#line 120 "lex.l" +#line 126 "lex.l" { return kw_PRIVATE; } YY_BREAK case 59: YY_RULE_SETUP -#line 121 "lex.l" +#line 127 "lex.l" { return kw_PrintableString; } YY_BREAK case 60: YY_RULE_SETUP -#line 122 "lex.l" +#line 128 "lex.l" { return kw_REAL; } YY_BREAK case 61: YY_RULE_SETUP -#line 123 "lex.l" +#line 129 "lex.l" { return kw_RELATIVE_OID; } YY_BREAK case 62: YY_RULE_SETUP -#line 124 "lex.l" +#line 130 "lex.l" { return kw_SEQUENCE; } YY_BREAK case 63: YY_RULE_SETUP -#line 125 "lex.l" +#line 131 "lex.l" { return kw_SET; } YY_BREAK case 64: YY_RULE_SETUP -#line 126 "lex.l" +#line 132 "lex.l" { return kw_SIZE; } YY_BREAK case 65: YY_RULE_SETUP -#line 127 "lex.l" +#line 133 "lex.l" { return kw_STRING; } YY_BREAK case 66: YY_RULE_SETUP -#line 128 "lex.l" +#line 134 "lex.l" { return kw_SYNTAX; } YY_BREAK case 67: YY_RULE_SETUP -#line 129 "lex.l" +#line 135 "lex.l" { return kw_T61String; } YY_BREAK case 68: YY_RULE_SETUP -#line 130 "lex.l" +#line 136 "lex.l" { return kw_TAGS; } YY_BREAK case 69: YY_RULE_SETUP -#line 131 "lex.l" +#line 137 "lex.l" { return kw_TRUE; } YY_BREAK case 70: YY_RULE_SETUP -#line 132 "lex.l" +#line 138 "lex.l" { return kw_TYPE_IDENTIFIER; } YY_BREAK case 71: YY_RULE_SETUP -#line 133 "lex.l" +#line 139 "lex.l" { return kw_TeletexString; } YY_BREAK case 72: YY_RULE_SETUP -#line 134 "lex.l" +#line 140 "lex.l" { return kw_UNION; } YY_BREAK case 73: YY_RULE_SETUP -#line 135 "lex.l" +#line 141 "lex.l" { return kw_UNIQUE; } YY_BREAK case 74: YY_RULE_SETUP -#line 136 "lex.l" +#line 142 "lex.l" { return kw_UNIVERSAL; } YY_BREAK case 75: YY_RULE_SETUP -#line 137 "lex.l" +#line 143 "lex.l" { return kw_UTCTime; } YY_BREAK case 76: YY_RULE_SETUP -#line 138 "lex.l" +#line 144 "lex.l" { return kw_UTF8String; } YY_BREAK case 77: YY_RULE_SETUP -#line 139 "lex.l" +#line 145 "lex.l" { return kw_UniversalString; } YY_BREAK case 78: YY_RULE_SETUP -#line 140 "lex.l" +#line 146 "lex.l" { return kw_VideotexString; } YY_BREAK case 79: YY_RULE_SETUP -#line 141 "lex.l" +#line 147 "lex.l" { return kw_VisibleString; } YY_BREAK case 80: YY_RULE_SETUP -#line 142 "lex.l" +#line 148 "lex.l" { return kw_WITH; } YY_BREAK case 81: YY_RULE_SETUP -#line 143 "lex.l" +#line 149 "lex.l" { return *yytext; } YY_BREAK case 82: YY_RULE_SETUP -#line 144 "lex.l" +#line 150 "lex.l" { return *yytext; } YY_BREAK case 83: YY_RULE_SETUP -#line 145 "lex.l" +#line 151 "lex.l" { return *yytext; } YY_BREAK case 84: YY_RULE_SETUP -#line 146 "lex.l" +#line 152 "lex.l" { return EEQUAL; } YY_BREAK case 85: YY_RULE_SETUP -#line 147 "lex.l" +#line 153 "lex.l" { int c, start_lineno = lineno; int f = 0; @@ -1534,7 +1451,7 @@ YY_RULE_SETUP YY_BREAK case 86: YY_RULE_SETUP -#line 166 "lex.l" +#line 172 "lex.l" { int c, start_lineno = lineno; int level = 1; @@ -1578,7 +1495,7 @@ YY_RULE_SETUP YY_BREAK case 87: YY_RULE_SETUP -#line 206 "lex.l" +#line 212 "lex.l" { int start_lineno = lineno; int c; @@ -1626,7 +1543,7 @@ YY_RULE_SETUP YY_BREAK case 88: YY_RULE_SETUP -#line 251 "lex.l" +#line 257 "lex.l" { char *e, *y = yytext; yylval.constant = strtol((const char *)yytext, &e, 0); @@ -1638,7 +1555,7 @@ YY_RULE_SETUP YY_BREAK case 89: YY_RULE_SETUP -#line 259 "lex.l" +#line 265 "lex.l" { yylval.name = estrdup ((const char *)yytext); return IDENTIFIER; @@ -1646,62 +1563,61 @@ YY_RULE_SETUP YY_BREAK case 90: YY_RULE_SETUP -#line 263 "lex.l" +#line 269 "lex.l" ; YY_BREAK case 91: -/* rule 91 can match eol */ YY_RULE_SETUP -#line 264 "lex.l" +#line 270 "lex.l" { ++lineno; } YY_BREAK case 92: YY_RULE_SETUP -#line 265 "lex.l" +#line 271 "lex.l" { return ELLIPSIS; } YY_BREAK case 93: YY_RULE_SETUP -#line 266 "lex.l" +#line 272 "lex.l" { return RANGE; } YY_BREAK case 94: YY_RULE_SETUP -#line 267 "lex.l" +#line 273 "lex.l" { error_message("Ignoring char(%c)\n", *yytext); } YY_BREAK case 95: YY_RULE_SETUP -#line 268 "lex.l" +#line 274 "lex.l" ECHO; YY_BREAK -#line 1678 "lex.yy.c" +#line 1595 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; + int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; YY_RESTORE_YY_MORE_OFFSET - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure - * consistency between YY_CURRENT_BUFFER and our + * consistency between yy_current_buffer and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; + yy_n_chars = yy_current_buffer->yy_n_chars; + yy_current_buffer->yy_input_file = yyin; + yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position @@ -1711,13 +1627,13 @@ case YY_STATE_EOF(INITIAL): * end-of-buffer state). Contrast this with the test * in input(). */ - if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) { /* This was really a NUL. */ yy_state_type yy_next_state; - (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); /* Okay, we're now positioned to make the NUL * transition. We couldn't have @@ -1730,30 +1646,30 @@ case YY_STATE_EOF(INITIAL): yy_next_state = yy_try_NUL_trans( yy_current_state ); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_bp = yytext_ptr + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ - yy_cp = ++(yy_c_buf_p); + yy_cp = ++yy_c_buf_p; yy_current_state = yy_next_state; goto yy_match; } else { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; goto yy_find_action; } } - else switch ( yy_get_next_buffer( ) ) + else switch ( yy_get_next_buffer() ) { case EOB_ACT_END_OF_FILE: { - (yy_did_buffer_switch_on_eof) = 0; + yy_did_buffer_switch_on_eof = 0; - if ( yywrap( ) ) + if ( yywrap() ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -1764,7 +1680,7 @@ case YY_STATE_EOF(INITIAL): * YY_NULL, it'll still work - another * YY_NULL will get returned. */ - (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; + yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; @@ -1772,30 +1688,30 @@ case YY_STATE_EOF(INITIAL): else { - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = - (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = + yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: - (yy_c_buf_p) = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; + yy_c_buf_p = + &yy_current_buffer->yy_ch_buf[yy_n_chars]; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_find_action; } break; @@ -1806,7 +1722,8 @@ case YY_STATE_EOF(INITIAL): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ -} /* end of yylex */ + } /* end of yylex */ + /* yy_get_next_buffer - try to read in a new buffer * @@ -1815,20 +1732,21 @@ case YY_STATE_EOF(INITIAL): * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ -static int yy_get_next_buffer (void) -{ - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = (yytext_ptr); + +static int yy_get_next_buffer() + { + register char *dest = yy_current_buffer->yy_ch_buf; + register char *source = yytext_ptr; register int number_to_move, i; int ret_val; - if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) + if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); - if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) + if ( yy_current_buffer->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ - if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) + if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. @@ -1848,30 +1766,34 @@ static int yy_get_next_buffer (void) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; + yy_current_buffer->yy_n_chars = yy_n_chars = 0; else { - int num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + int num_to_read = + yy_current_buffer->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ +#ifdef YY_USES_REJECT + YY_FATAL_ERROR( +"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); +#else /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + YY_BUFFER_STATE b = yy_current_buffer; int yy_c_buf_p_offset = - (int) ((yy_c_buf_p) - b->yy_ch_buf); + (int) (yy_c_buf_p - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { @@ -1884,7 +1806,8 @@ static int yy_get_next_buffer (void) b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); + yy_flex_realloc( (void *) b->yy_ch_buf, + b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ @@ -1894,35 +1817,35 @@ static int yy_get_next_buffer (void) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); - (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; + yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; - num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - + num_to_read = yy_current_buffer->yy_buf_size - number_to_move - 1; - +#endif } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ - YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), (size_t) num_to_read ); + YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), + yy_n_chars, num_to_read ); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + yy_current_buffer->yy_n_chars = yy_n_chars; } - if ( (yy_n_chars) == 0 ) + if ( yy_n_chars == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - yyrestart(yyin ); + yyrestart( yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = + yy_current_buffer->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } @@ -1930,31 +1853,32 @@ static int yy_get_next_buffer (void) else ret_val = EOB_ACT_CONTINUE_SCAN; - (yy_n_chars) += number_to_move; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; + yy_n_chars += number_to_move; + yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; + yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; - (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; + yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; return ret_val; -} + } + /* yy_get_previous_state - get the state just before the EOB char was reached */ - static yy_state_type yy_get_previous_state (void) -{ +static yy_state_type yy_get_previous_state() + { register yy_state_type yy_current_state; register char *yy_cp; - - yy_current_state = (yy_start); - for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) + yy_current_state = yy_start; + + for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1966,23 +1890,30 @@ static int yy_get_next_buffer (void) } return yy_current_state; -} + } + /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ - static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) -{ + +#ifdef YY_USE_PROTOS +static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) +#else +static yy_state_type yy_try_NUL_trans( yy_current_state ) +yy_state_type yy_current_state; +#endif + { register int yy_is_jam; - register char *yy_cp = (yy_c_buf_p); + register char *yy_cp = yy_c_buf_p; register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1994,73 +1925,81 @@ static int yy_get_next_buffer (void) yy_is_jam = (yy_current_state == 567); return yy_is_jam ? 0 : yy_current_state; -} + } - static void yyunput (int c, register char * yy_bp ) -{ - register char *yy_cp; - - yy_cp = (yy_c_buf_p); + +#ifndef YY_NO_UNPUT +#ifdef YY_USE_PROTOS +static void yyunput( int c, register char *yy_bp ) +#else +static void yyunput( c, yy_bp ) +int c; +register char *yy_bp; +#endif + { + register char *yy_cp = yy_c_buf_p; /* undo effects of setting up yytext */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; + register int number_to_move = yy_n_chars + 2; + register char *dest = &yy_current_buffer->yy_ch_buf[ + yy_current_buffer->yy_buf_size + 2]; register char *source = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; + &yy_current_buffer->yy_ch_buf[number_to_move]; - while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + while ( source > yy_current_buffer->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + yy_current_buffer->yy_n_chars = + yy_n_chars = yy_current_buffer->yy_buf_size; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; - (yytext_ptr) = yy_bp; - (yy_hold_char) = *yy_cp; - (yy_c_buf_p) = yy_cp; -} + + yytext_ptr = yy_bp; + yy_hold_char = *yy_cp; + yy_c_buf_p = yy_cp; + } +#endif /* ifndef YY_NO_UNPUT */ + #ifndef YY_NO_INPUT #ifdef __cplusplus - static int yyinput (void) +static int yyinput() #else - static int input (void) +static int input() #endif - -{ + { int c; - - *(yy_c_buf_p) = (yy_hold_char); - if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) + *yy_c_buf_p = yy_hold_char; + + if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ - if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) /* This was really a NUL. */ - *(yy_c_buf_p) = '\0'; + *yy_c_buf_p = '\0'; else { /* need more input */ - int offset = (yy_c_buf_p) - (yytext_ptr); - ++(yy_c_buf_p); + int offset = yy_c_buf_p - yytext_ptr; + ++yy_c_buf_p; - switch ( yy_get_next_buffer( ) ) + switch ( yy_get_next_buffer() ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() @@ -2074,16 +2013,16 @@ static int yy_get_next_buffer (void) */ /* Reset buffer status. */ - yyrestart(yyin ); + yyrestart( yyin ); - /*FALLTHROUGH*/ + /* fall through */ case EOB_ACT_END_OF_FILE: { - if ( yywrap( ) ) + if ( yywrap() ) return EOF; - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); @@ -2093,92 +2032,90 @@ static int yy_get_next_buffer (void) } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = (yytext_ptr) + offset; + yy_c_buf_p = yytext_ptr + offset; break; } } } - c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ - *(yy_c_buf_p) = '\0'; /* preserve yytext */ - (yy_hold_char) = *++(yy_c_buf_p); + c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ + *yy_c_buf_p = '\0'; /* preserve yytext */ + yy_hold_char = *++yy_c_buf_p; + return c; -} -#endif /* ifndef YY_NO_INPUT */ + } +#endif /* YY_NO_INPUT */ -/** Immediately switch to a different input stream. - * @param input_file A readable stream. - * - * @note This function does not reset the start condition to @c INITIAL . - */ - void yyrestart (FILE * input_file ) -{ - - if ( ! YY_CURRENT_BUFFER ){ - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); +#ifdef YY_USE_PROTOS +void yyrestart( FILE *input_file ) +#else +void yyrestart( input_file ) +FILE *input_file; +#endif + { + if ( ! yy_current_buffer ) + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); + + yy_init_buffer( yy_current_buffer, input_file ); + yy_load_buffer_state(); } - yy_init_buffer(YY_CURRENT_BUFFER,input_file ); - yy_load_buffer_state( ); -} -/** Switch to a different input buffer. - * @param new_buffer The new input buffer. - * - */ - void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) -{ - - /* TODO. We should be able to replace this entire function body - * with - * yypop_buffer_state(); - * yypush_buffer_state(new_buffer); - */ - yyensure_buffer_stack (); - if ( YY_CURRENT_BUFFER == new_buffer ) +#ifdef YY_USE_PROTOS +void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) +#else +void yy_switch_to_buffer( new_buffer ) +YY_BUFFER_STATE new_buffer; +#endif + { + if ( yy_current_buffer == new_buffer ) return; - if ( YY_CURRENT_BUFFER ) + if ( yy_current_buffer ) { /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + *yy_c_buf_p = yy_hold_char; + yy_current_buffer->yy_buf_pos = yy_c_buf_p; + yy_current_buffer->yy_n_chars = yy_n_chars; } - YY_CURRENT_BUFFER_LVALUE = new_buffer; - yy_load_buffer_state( ); + yy_current_buffer = new_buffer; + yy_load_buffer_state(); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ - (yy_did_buffer_switch_on_eof) = 1; -} + yy_did_buffer_switch_on_eof = 1; + } -static void yy_load_buffer_state (void) -{ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; - yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; - (yy_hold_char) = *(yy_c_buf_p); -} -/** Allocate and initialize an input buffer state. - * @param file A readable stream. - * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. - * - * @return the allocated buffer state. - */ - YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) -{ +#ifdef YY_USE_PROTOS +void yy_load_buffer_state( void ) +#else +void yy_load_buffer_state() +#endif + { + yy_n_chars = yy_current_buffer->yy_n_chars; + yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; + yyin = yy_current_buffer->yy_input_file; + yy_hold_char = *yy_c_buf_p; + } + + +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) +#else +YY_BUFFER_STATE yy_create_buffer( file, size ) +FILE *file; +int size; +#endif + { YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); @@ -2187,75 +2124,75 @@ static void yy_load_buffer_state (void) /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); + b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - yy_init_buffer(b,file ); + yy_init_buffer( b, file ); return b; -} + } -/** Destroy the buffer. - * @param b a buffer created with yy_create_buffer() - * - */ - void yy_delete_buffer (YY_BUFFER_STATE b ) -{ - + +#ifdef YY_USE_PROTOS +void yy_delete_buffer( YY_BUFFER_STATE b ) +#else +void yy_delete_buffer( b ) +YY_BUFFER_STATE b; +#endif + { if ( ! b ) return; - if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ - YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; + if ( b == yy_current_buffer ) + yy_current_buffer = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - yyfree((void *) b->yy_ch_buf ); + yy_flex_free( (void *) b->yy_ch_buf ); - yyfree((void *) b ); -} + yy_flex_free( (void *) b ); + } -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* Initializes or reinitializes a buffer. - * This function is sometimes called more than once on the same buffer, - * such as during a yyrestart() or at EOF. - */ - static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) -{ - int oerrno = errno; - - yy_flush_buffer(b ); + +#ifdef YY_USE_PROTOS +void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) +#else +void yy_init_buffer( b, file ) +YY_BUFFER_STATE b; +FILE *file; +#endif + + + { + yy_flush_buffer( b ); b->yy_input_file = file; b->yy_fill_buffer = 1; - /* If b is the current buffer, then yy_init_buffer was _probably_ - * called from yyrestart() or through yy_get_next_buffer. - * In that case, we don't want to reset the lineno or column. - */ - if (b != YY_CURRENT_BUFFER){ - b->yy_bs_lineno = 1; - b->yy_bs_column = 0; - } - - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; - - errno = oerrno; -} +#if YY_ALWAYS_INTERACTIVE + b->yy_is_interactive = 1; +#else +#if YY_NEVER_INTERACTIVE + b->yy_is_interactive = 0; +#else + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; +#endif +#endif + } -/** Discard all buffered characters. On the next scan, YY_INPUT will be called. - * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. - * - */ - void yy_flush_buffer (YY_BUFFER_STATE b ) -{ - if ( ! b ) + +#ifdef YY_USE_PROTOS +void yy_flush_buffer( YY_BUFFER_STATE b ) +#else +void yy_flush_buffer( b ) +YY_BUFFER_STATE b; +#endif + + { + if ( ! b ) return; b->yy_n_chars = 0; @@ -2272,121 +2209,29 @@ extern int isatty (int ); b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; - if ( b == YY_CURRENT_BUFFER ) - yy_load_buffer_state( ); -} - -/** Pushes the new state onto the stack. The new state becomes - * the current state. This function will allocate the stack - * if necessary. - * @param new_buffer The new state. - * - */ -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) -{ - if (new_buffer == NULL) - return; - - yyensure_buffer_stack(); - - /* This block is copied from yy_switch_to_buffer. */ - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - /* Only push if top exists. Otherwise, replace top. */ - if (YY_CURRENT_BUFFER) - (yy_buffer_stack_top)++; - YY_CURRENT_BUFFER_LVALUE = new_buffer; - - /* copied from yy_switch_to_buffer. */ - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; -} - -/** Removes and deletes the top of the stack, if present. - * The next element becomes the new top. - * - */ -void yypop_buffer_state (void) -{ - if (!YY_CURRENT_BUFFER) - return; - - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - if ((yy_buffer_stack_top) > 0) - --(yy_buffer_stack_top); - - if (YY_CURRENT_BUFFER) { - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; + if ( b == yy_current_buffer ) + yy_load_buffer_state(); } -} - -/* Allocates the stack if it does not exist. - * Guarantees space for at least one push. - */ -static void yyensure_buffer_stack (void) -{ - int num_to_alloc; - - if (!(yy_buffer_stack)) { - - /* First allocation is just for 2 elements, since we don't know if this - * scanner will even need a stack. We use 2 instead of 1 to avoid an - * immediate realloc on the next call. - */ - num_to_alloc = 1; - (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc - (num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - - (yy_buffer_stack_max) = num_to_alloc; - (yy_buffer_stack_top) = 0; - return; - } - - if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ - /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; - num_to_alloc = (yy_buffer_stack_max) + grow_size; - (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc - ((yy_buffer_stack), - num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - /* zero only the new slots.*/ - memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); - (yy_buffer_stack_max) = num_to_alloc; - } -} - -/** Setup the input buffer state to scan directly from a user-specified character buffer. - * @param base the character buffer - * @param size the size in bytes of the character buffer - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) -{ +#ifndef YY_NO_SCAN_BUFFER +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) +#else +YY_BUFFER_STATE yy_scan_buffer( base, size ) +char *base; +yy_size_t size; +#endif + { YY_BUFFER_STATE b; - + if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); @@ -2400,51 +2245,56 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - yy_switch_to_buffer(b ); + yy_switch_to_buffer( b ); return b; -} + } +#endif -/** Setup the input buffer state to scan a string. The next call to yylex() will - * scan from a @e copy of @a str. - * @param yystr a NUL-terminated string to scan - * - * @return the newly allocated buffer state object. - * @note If you want to scan bytes that may contain NUL values, then use - * yy_scan_bytes() instead. - */ -YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) -{ - - return yy_scan_bytes(yystr,strlen(yystr) ); -} -/** Setup the input buffer state to scan the given bytes. The next call to yylex() will - * scan from a @e copy of @a bytes. - * @param bytes the byte buffer to scan - * @param len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) -{ +#ifndef YY_NO_SCAN_STRING +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) +#else +YY_BUFFER_STATE yy_scan_string( yy_str ) +yyconst char *yy_str; +#endif + { + int len; + for ( len = 0; yy_str[len]; ++len ) + ; + + return yy_scan_bytes( yy_str, len ); + } +#endif + + +#ifndef YY_NO_SCAN_BYTES +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) +#else +YY_BUFFER_STATE yy_scan_bytes( bytes, len ) +yyconst char *bytes; +int len; +#endif + { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; - + /* Get memory for full buffer, including space for trailing EOB's. */ - n = _yybytes_len + 2; - buf = (char *) yyalloc(n ); + n = len + 2; + buf = (char *) yy_flex_alloc( n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - for ( i = 0; i < _yybytes_len; ++i ) - buf[i] = yybytes[i]; + for ( i = 0; i < len; ++i ) + buf[i] = bytes[i]; - buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; + buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; - b = yy_scan_buffer(buf,n ); + b = yy_scan_buffer( buf, n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); @@ -2454,196 +2304,148 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) b->yy_is_our_buffer = 1; return b; -} - -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 + } #endif -static void yy_fatal_error (yyconst char* msg ) -{ - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); -} - -/* Redefine yyless() so it works in section 3 code. */ -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - yytext[yyleng] = (yy_hold_char); \ - (yy_c_buf_p) = yytext + yyless_macro_arg; \ - (yy_hold_char) = *(yy_c_buf_p); \ - *(yy_c_buf_p) = '\0'; \ - yyleng = yyless_macro_arg; \ - } \ - while ( 0 ) +#ifndef YY_NO_PUSH_STATE +#ifdef YY_USE_PROTOS +static void yy_push_state( int new_state ) +#else +static void yy_push_state( new_state ) +int new_state; +#endif + { + if ( yy_start_stack_ptr >= yy_start_stack_depth ) + { + yy_size_t new_size; -/* Accessor methods (get/set functions) to struct members. */ + yy_start_stack_depth += YY_START_STACK_INCR; + new_size = yy_start_stack_depth * sizeof( int ); -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} + if ( ! yy_start_stack ) + yy_start_stack = (int *) yy_flex_alloc( new_size ); -/** Get the input stream. - * - */ -FILE *yyget_in (void) -{ - return yyin; -} + else + yy_start_stack = (int *) yy_flex_realloc( + (void *) yy_start_stack, new_size ); -/** Get the output stream. - * - */ -FILE *yyget_out (void) -{ - return yyout; -} + if ( ! yy_start_stack ) + YY_FATAL_ERROR( + "out of memory expanding start-condition stack" ); + } -/** Get the length of the current token. - * - */ -int yyget_leng (void) -{ - return yyleng; -} + yy_start_stack[yy_start_stack_ptr++] = YY_START; -/** Get the current token. - * - */ + BEGIN(new_state); + } +#endif -char *yyget_text (void) -{ - return yytext; -} -/** Set the current line number. - * @param line_number - * - */ -void yyset_lineno (int line_number ) -{ - - yylineno = line_number; -} +#ifndef YY_NO_POP_STATE +static void yy_pop_state() + { + if ( --yy_start_stack_ptr < 0 ) + YY_FATAL_ERROR( "start-condition stack underflow" ); -/** Set the input stream. This does not discard the current - * input buffer. - * @param in_str A readable stream. - * - * @see yy_switch_to_buffer - */ -void yyset_in (FILE * in_str ) -{ - yyin = in_str ; -} + BEGIN(yy_start_stack[yy_start_stack_ptr]); + } +#endif -void yyset_out (FILE * out_str ) -{ - yyout = out_str ; -} -int yyget_debug (void) -{ - return yy_flex_debug; -} +#ifndef YY_NO_TOP_STATE +static int yy_top_state() + { + return yy_start_stack[yy_start_stack_ptr - 1]; + } +#endif -void yyset_debug (int bdebug ) -{ - yy_flex_debug = bdebug ; -} +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif -static int yy_init_globals (void) -{ - /* Initialization is the same as for the non-reentrant scanner. - * This function is called from yylex_destroy(), so don't allocate here. - */ - - (yy_buffer_stack) = 0; - (yy_buffer_stack_top) = 0; - (yy_buffer_stack_max) = 0; - (yy_c_buf_p) = (char *) 0; - (yy_init) = 0; - (yy_start) = 0; - -/* Defined in main.c */ -#ifdef YY_STDINIT - yyin = stdin; - yyout = stdout; +#ifdef YY_USE_PROTOS +static void yy_fatal_error( yyconst char msg[] ) #else - yyin = (FILE *) 0; - yyout = (FILE *) 0; +static void yy_fatal_error( msg ) +char msg[]; #endif + { + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); + } - /* For future reference: Set errno on error, since we are called by - * yylex_init() - */ - return 0; -} -/* yylex_destroy is for both reentrant and non-reentrant scanners. */ -int yylex_destroy (void) -{ - - /* Pop the buffer stack, destroying each element. */ - while(YY_CURRENT_BUFFER){ - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - yypop_buffer_state(); - } - /* Destroy the stack itself. */ - yyfree((yy_buffer_stack) ); - (yy_buffer_stack) = NULL; +/* Redefine yyless() so it works in section 3 code. */ - /* Reset the globals. This is important in a non-reentrant scanner so the next time - * yylex() is called, initialization will occur. */ - yy_init_globals( ); +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + yytext[yyleng] = yy_hold_char; \ + yy_c_buf_p = yytext + n; \ + yy_hold_char = *yy_c_buf_p; \ + *yy_c_buf_p = '\0'; \ + yyleng = n; \ + } \ + while ( 0 ) - return 0; -} -/* - * Internal utility routines. - */ +/* Internal utility routines. */ #ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) -{ +#ifdef YY_USE_PROTOS +static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) +#else +static void yy_flex_strncpy( s1, s2, n ) +char *s1; +yyconst char *s2; +int n; +#endif + { register int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; -} + } #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * s ) -{ +#ifdef YY_USE_PROTOS +static int yy_flex_strlen( yyconst char *s ) +#else +static int yy_flex_strlen( s ) +yyconst char *s; +#endif + { register int n; for ( n = 0; s[n]; ++n ) ; return n; -} + } #endif -void *yyalloc (yy_size_t size ) -{ + +#ifdef YY_USE_PROTOS +static void *yy_flex_alloc( yy_size_t size ) +#else +static void *yy_flex_alloc( size ) +yy_size_t size; +#endif + { return (void *) malloc( size ); -} + } -void *yyrealloc (void * ptr, yy_size_t size ) -{ +#ifdef YY_USE_PROTOS +static void *yy_flex_realloc( void *ptr, yy_size_t size ) +#else +static void *yy_flex_realloc( ptr, size ) +void *ptr; +yy_size_t size; +#endif + { /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -2652,17 +2454,26 @@ void *yyrealloc (void * ptr, yy_size_t size ) * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); -} - -void yyfree (void * ptr ) -{ - free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ -} - -#define YYTABLES_NAME "yytables" + } -#line 268 "lex.l" +#ifdef YY_USE_PROTOS +static void yy_flex_free( void *ptr ) +#else +static void yy_flex_free( ptr ) +void *ptr; +#endif + { + free( ptr ); + } +#if YY_MAIN +int main() + { + yylex(); + return 0; + } +#endif +#line 274 "lex.l" #ifndef yywrap /* XXX */ @@ -2690,4 +2501,3 @@ unterminated(const char *type, unsigned start_lineno) { error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); } - diff --git a/source4/heimdal/lib/asn1/main.c b/source4/heimdal/lib/asn1/main.c index eec775f3ba..bba79b1e4e 100644 --- a/source4/heimdal/lib/asn1/main.c +++ b/source4/heimdal/lib/asn1/main.c @@ -35,11 +35,12 @@ #include #include "lex.h" -RCSID("$Id: main.c,v 1.15 2005/08/23 10:50:12 lha Exp $"); +RCSID("$Id: main.c,v 1.16 2006/09/05 12:27:29 lha Exp $"); extern FILE *yyin; static getarg_strings preserve; +static getarg_strings seq; int preserve_type(const char *p) @@ -51,6 +52,16 @@ preserve_type(const char *p) return 0; } +int +seq_type(const char *p) +{ + int i; + for (i = 0; i < seq.num_strings; i++) + if (strcmp(seq.strings[i], p) == 0) + return 1; + return 0; +} + int dce_fix; int rfc1510_bitstring; int version_flag; @@ -59,6 +70,7 @@ struct getargs args[] = { { "encode-rfc1510-bit-string", 0, arg_flag, &rfc1510_bitstring }, { "decode-dce-ber", 0, arg_flag, &dce_fix }, { "preserve-binary", 0, arg_strings, &preserve }, + { "sequence", 0, arg_strings, &seq }, { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } }; diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index e498d8f965..29d13ed68d 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 2.0. */ +/* A Bison parser, made by GNU Bison 2.1. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,8 +15,8 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. */ + Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. */ /* As a special exception, when this file is copied by Bison into a Bison output file, you may use that output file without restriction. @@ -36,6 +36,9 @@ /* Identify Bison output. */ #define YYBISON 1 +/* Bison version. */ +#define YYBISON_VERSION "2.1" + /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -142,6 +145,7 @@ NUMBER = 344 }; #endif +/* Tokens. */ #define kw_ABSENT 258 #define kw_ABSTRACT_SYNTAX 259 #define kw_ALL 260 @@ -277,6 +281,11 @@ struct string_list { # define YYERROR_VERBOSE 0 #endif +/* Enabling the token table. */ +#ifndef YYTOKEN_TABLE +# define YYTOKEN_TABLE 0 +#endif + #if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) #line 65 "parse.y" typedef union YYSTYPE { @@ -293,8 +302,8 @@ typedef union YYSTYPE { struct memhead *members; struct constraint_spec *constraint_spec; } YYSTYPE; -/* Line 190 of yacc.c. */ -#line 298 "parse.c" +/* Line 196 of yacc.c. */ +#line 307 "parse.c" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 @@ -305,17 +314,36 @@ typedef union YYSTYPE { /* Copy the second part of user declarations. */ -/* Line 213 of yacc.c. */ -#line 310 "parse.c" +/* Line 219 of yacc.c. */ +#line 319 "parse.c" -#if ! defined (yyoverflow) || YYERROR_VERBOSE +#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) +# define YYSIZE_T __SIZE_TYPE__ +#endif +#if ! defined (YYSIZE_T) && defined (size_t) +# define YYSIZE_T size_t +#endif +#if ! defined (YYSIZE_T) && (defined (__STDC__) || defined (__cplusplus)) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +#endif +#if ! defined (YYSIZE_T) +# define YYSIZE_T unsigned int +#endif -# ifndef YYFREE -# define YYFREE free +#ifndef YY_ +# if YYENABLE_NLS +# if ENABLE_NLS +# include /* INFRINGES ON USER NAME SPACE */ +# define YY_(msgid) dgettext ("bison-runtime", msgid) +# endif # endif -# ifndef YYMALLOC -# define YYMALLOC malloc +# ifndef YY_ +# define YY_(msgid) msgid # endif +#endif + +#if ! defined (yyoverflow) || YYERROR_VERBOSE /* The parser invokes alloca or malloc; define the necessary symbols. */ @@ -325,6 +353,10 @@ typedef union YYSTYPE { # define YYSTACK_ALLOC __builtin_alloca # else # define YYSTACK_ALLOC alloca +# if defined (__STDC__) || defined (__cplusplus) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYINCLUDED_STDLIB_H +# endif # endif # endif # endif @@ -332,13 +364,39 @@ typedef union YYSTYPE { # ifdef YYSTACK_ALLOC /* Pacify GCC's `empty if-body' warning. */ # define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) -# else -# if defined (__STDC__) || defined (__cplusplus) -# include /* INFRINGES ON USER NAME SPACE */ -# define YYSIZE_T size_t +# ifndef YYSTACK_ALLOC_MAXIMUM + /* The OS might guarantee only one guard page at the bottom of the stack, + and a page size can be as small as 4096 bytes. So we cannot safely + invoke alloca (N) if N exceeds 4096. Use a slightly smaller number + to allow for a few compiler-allocated temporary stack slots. */ +# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2005 */ # endif +# else # define YYSTACK_ALLOC YYMALLOC # define YYSTACK_FREE YYFREE +# ifndef YYSTACK_ALLOC_MAXIMUM +# define YYSTACK_ALLOC_MAXIMUM ((YYSIZE_T) -1) +# endif +# ifdef __cplusplus +extern "C" { +# endif +# ifndef YYMALLOC +# define YYMALLOC malloc +# if (! defined (malloc) && ! defined (YYINCLUDED_STDLIB_H) \ + && (defined (__STDC__) || defined (__cplusplus))) +void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ +# endif +# endif +# ifndef YYFREE +# define YYFREE free +# if (! defined (free) && ! defined (YYINCLUDED_STDLIB_H) \ + && (defined (__STDC__) || defined (__cplusplus))) +void free (void *); /* INFRINGES ON USER NAME SPACE */ +# endif +# endif +# ifdef __cplusplus +} +# endif # endif #endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */ @@ -373,7 +431,7 @@ union yyalloc # define YYCOPY(To, From, Count) \ do \ { \ - register YYSIZE_T yyi; \ + YYSIZE_T yyi; \ for (yyi = 0; yyi < (Count); yyi++) \ (To)[yyi] = (From)[yyi]; \ } \ @@ -423,7 +481,7 @@ union yyalloc #define YYUNDEFTOK 2 #define YYMAXUTOK 344 -#define YYTRANSLATE(YYX) \ +#define YYTRANSLATE(YYX) \ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) /* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ @@ -548,8 +606,8 @@ static const unsigned short int yyrline[] = }; #endif -#if YYDEBUG || YYERROR_VERBOSE -/* YYTNME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. +#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE +/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { @@ -804,22 +862,6 @@ static const unsigned char yystos[] = 154 }; -#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) -# define YYSIZE_T __SIZE_TYPE__ -#endif -#if ! defined (YYSIZE_T) && defined (size_t) -# define YYSIZE_T size_t -#endif -#if ! defined (YYSIZE_T) -# if defined (__STDC__) || defined (__cplusplus) -# include /* INFRINGES ON USER NAME SPACE */ -# define YYSIZE_T size_t -# endif -#endif -#if ! defined (YYSIZE_T) -# define YYSIZE_T unsigned int -#endif - #define yyerrok (yyerrstatus = 0) #define yyclearin (yychar = YYEMPTY) #define YYEMPTY (-2) @@ -849,8 +891,8 @@ do \ goto yybackup; \ } \ else \ - { \ - yyerror ("syntax error: cannot back up");\ + { \ + yyerror (YY_("syntax error: cannot back up")); \ YYERROR; \ } \ while (0) @@ -929,7 +971,7 @@ do { \ if (yydebug) \ { \ YYFPRINTF (stderr, "%s ", Title); \ - yysymprint (stderr, \ + yysymprint (stderr, \ Type, Value); \ YYFPRINTF (stderr, "\n"); \ } \ @@ -977,13 +1019,13 @@ yy_reduce_print (yyrule) #endif { int yyi; - unsigned int yylno = yyrline[yyrule]; - YYFPRINTF (stderr, "Reducing stack by rule %d (line %u), ", + unsigned long int yylno = yyrline[yyrule]; + YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu), ", yyrule - 1, yylno); /* Print the symbols being reduced, and their result. */ for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++) - YYFPRINTF (stderr, "%s ", yytname [yyrhs[yyi]]); - YYFPRINTF (stderr, "-> %s\n", yytname [yyr1[yyrule]]); + YYFPRINTF (stderr, "%s ", yytname[yyrhs[yyi]]); + YYFPRINTF (stderr, "-> %s\n", yytname[yyr1[yyrule]]); } # define YY_REDUCE_PRINT(Rule) \ @@ -1012,7 +1054,7 @@ int yydebug; if the built-in stack extension method is used). Do not make this value too large; the results are undefined if - SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH) + YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) evaluated with infinite-precision integer arithmetic. */ #ifndef YYMAXDEPTH @@ -1036,7 +1078,7 @@ yystrlen (yystr) const char *yystr; # endif { - register const char *yys = yystr; + const char *yys = yystr; while (*yys++ != '\0') continue; @@ -1061,8 +1103,8 @@ yystpcpy (yydest, yysrc) const char *yysrc; # endif { - register char *yyd = yydest; - register const char *yys = yysrc; + char *yyd = yydest; + const char *yys = yysrc; while ((*yyd++ = *yys++) != '\0') continue; @@ -1072,7 +1114,55 @@ yystpcpy (yydest, yysrc) # endif # endif -#endif /* !YYERROR_VERBOSE */ +# ifndef yytnamerr +/* Copy to YYRES the contents of YYSTR after stripping away unnecessary + quotes and backslashes, so that it's suitable for yyerror. The + heuristic is that double-quoting is unnecessary unless the string + contains an apostrophe, a comma, or backslash (other than + backslash-backslash). YYSTR is taken from yytname. If YYRES is + null, do not copy; instead, return the length of what the result + would have been. */ +static YYSIZE_T +yytnamerr (char *yyres, const char *yystr) +{ + if (*yystr == '"') + { + size_t yyn = 0; + char const *yyp = yystr; + + for (;;) + switch (*++yyp) + { + case '\'': + case ',': + goto do_not_strip_quotes; + + case '\\': + if (*++yyp != '\\') + goto do_not_strip_quotes; + /* Fall through. */ + default: + if (yyres) + yyres[yyn] = *yyp; + yyn++; + break; + + case '"': + if (yyres) + yyres[yyn] = '\0'; + return yyn; + } + do_not_strip_quotes: ; + } + + if (! yyres) + return yystrlen (yystr); + + return yystpcpy (yyres, yystr) - yyres; +} +# endif + +#endif /* YYERROR_VERBOSE */ @@ -1197,8 +1287,8 @@ yyparse () #endif { - register int yystate; - register int yyn; + int yystate; + int yyn; int yyresult; /* Number of tokens to shift before error messages enabled. */ int yyerrstatus; @@ -1216,12 +1306,12 @@ yyparse () /* The state stack. */ short int yyssa[YYINITDEPTH]; short int *yyss = yyssa; - register short int *yyssp; + short int *yyssp; /* The semantic value stack. */ YYSTYPE yyvsa[YYINITDEPTH]; YYSTYPE *yyvs = yyvsa; - register YYSTYPE *yyvsp; + YYSTYPE *yyvsp; @@ -1253,9 +1343,6 @@ yyparse () yyssp = yyss; yyvsp = yyvs; - - yyvsp[0] = yylval; - goto yysetstate; /*------------------------------------------------------------. @@ -1288,7 +1375,7 @@ yyparse () data in use in that stack, in bytes. This used to be a conditional around just the two extra args, but that might be undefined if yyoverflow is a macro. */ - yyoverflow ("parser stack overflow", + yyoverflow (YY_("memory exhausted"), &yyss1, yysize * sizeof (*yyssp), &yyvs1, yysize * sizeof (*yyvsp), @@ -1299,11 +1386,11 @@ yyparse () } #else /* no yyoverflow */ # ifndef YYSTACK_RELOCATE - goto yyoverflowlab; + goto yyexhaustedlab; # else /* Extend the stack our own way. */ if (YYMAXDEPTH <= yystacksize) - goto yyoverflowlab; + goto yyexhaustedlab; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) yystacksize = YYMAXDEPTH; @@ -1313,7 +1400,7 @@ yyparse () union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) - goto yyoverflowlab; + goto yyexhaustedlab; YYSTACK_RELOCATE (yyss); YYSTACK_RELOCATE (yyvs); @@ -2143,10 +2230,11 @@ yyreduce: break; + default: break; } -/* Line 1037 of yacc.c. */ -#line 2150 "parse.c" +/* Line 1126 of yacc.c. */ +#line 2238 "parse.c" yyvsp -= yylen; yyssp -= yylen; @@ -2185,12 +2273,36 @@ yyerrlab: if (YYPACT_NINF < yyn && yyn < YYLAST) { - YYSIZE_T yysize = 0; int yytype = YYTRANSLATE (yychar); - const char* yyprefix; - char *yymsg; + YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); + YYSIZE_T yysize = yysize0; + YYSIZE_T yysize1; + int yysize_overflow = 0; + char *yymsg = 0; +# define YYERROR_VERBOSE_ARGS_MAXIMUM 5 + char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; int yyx; +#if 0 + /* This is so xgettext sees the translatable formats that are + constructed on the fly. */ + YY_("syntax error, unexpected %s"); + YY_("syntax error, unexpected %s, expecting %s"); + YY_("syntax error, unexpected %s, expecting %s or %s"); + YY_("syntax error, unexpected %s, expecting %s or %s or %s"); + YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); +#endif + char *yyfmt; + char const *yyf; + static char const yyunexpected[] = "syntax error, unexpected %s"; + static char const yyexpecting[] = ", expecting %s"; + static char const yyor[] = " or %s"; + char yyformat[sizeof yyunexpected + + sizeof yyexpecting - 1 + + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) + * (sizeof yyor - 1))]; + char const *yyprefix = yyexpecting; + /* Start YYX at -YYN if negative to avoid negative indexes in YYCHECK. */ int yyxbegin = yyn < 0 ? -yyn : 0; @@ -2198,48 +2310,68 @@ yyerrlab: /* Stay within bounds of both yycheck and yytname. */ int yychecklim = YYLAST - yyn; int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; - int yycount = 0; + int yycount = 1; + + yyarg[0] = yytname[yytype]; + yyfmt = yystpcpy (yyformat, yyunexpected); - yyprefix = ", expecting "; for (yyx = yyxbegin; yyx < yyxend; ++yyx) if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) { - yysize += yystrlen (yyprefix) + yystrlen (yytname [yyx]); - yycount += 1; - if (yycount == 5) + if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) { - yysize = 0; + yycount = 1; + yysize = yysize0; + yyformat[sizeof yyunexpected - 1] = '\0'; break; } + yyarg[yycount++] = yytname[yyx]; + yysize1 = yysize + yytnamerr (0, yytname[yyx]); + yysize_overflow |= yysize1 < yysize; + yysize = yysize1; + yyfmt = yystpcpy (yyfmt, yyprefix); + yyprefix = yyor; } - yysize += (sizeof ("syntax error, unexpected ") - + yystrlen (yytname[yytype])); - yymsg = (char *) YYSTACK_ALLOC (yysize); - if (yymsg != 0) - { - char *yyp = yystpcpy (yymsg, "syntax error, unexpected "); - yyp = yystpcpy (yyp, yytname[yytype]); - if (yycount < 5) + yyf = YY_(yyformat); + yysize1 = yysize + yystrlen (yyf); + yysize_overflow |= yysize1 < yysize; + yysize = yysize1; + + if (!yysize_overflow && yysize <= YYSTACK_ALLOC_MAXIMUM) + yymsg = (char *) YYSTACK_ALLOC (yysize); + if (yymsg) + { + /* Avoid sprintf, as that infringes on the user's name space. + Don't have undefined behavior even if the translation + produced a string with the wrong number of "%s"s. */ + char *yyp = yymsg; + int yyi = 0; + while ((*yyp = *yyf)) { - yyprefix = ", expecting "; - for (yyx = yyxbegin; yyx < yyxend; ++yyx) - if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) - { - yyp = yystpcpy (yyp, yyprefix); - yyp = yystpcpy (yyp, yytname[yyx]); - yyprefix = " or "; - } + if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) + { + yyp += yytnamerr (yyp, yyarg[yyi++]); + yyf += 2; + } + else + { + yyp++; + yyf++; + } } yyerror (yymsg); YYSTACK_FREE (yymsg); } else - yyerror ("syntax error; also virtual memory exhausted"); + { + yyerror (YY_("syntax error")); + goto yyexhaustedlab; + } } else #endif /* YYERROR_VERBOSE */ - yyerror ("syntax error"); + yyerror (YY_("syntax error")); } @@ -2251,18 +2383,9 @@ yyerrlab: if (yychar <= YYEOF) { - /* If at end of input, pop the error token, - then the rest of the stack, then return failure. */ + /* Return failure if at end of input. */ if (yychar == YYEOF) - for (;;) - { - - YYPOPSTACK; - if (yyssp == yyss) - YYABORT; - yydestruct ("Error: popping", - yystos[*yyssp], yyvsp); - } + YYABORT; } else { @@ -2281,12 +2404,11 @@ yyerrlab: `---------------------------------------------------*/ yyerrorlab: -#ifdef __GNUC__ - /* Pacify GCC when the user code never invokes YYERROR and the label - yyerrorlab therefore never appears in user code. */ + /* Pacify compilers like GCC when the user code never invokes + YYERROR and the label yyerrorlab therefore never appears in user + code. */ if (0) goto yyerrorlab; -#endif yyvsp -= yylen; yyssp -= yylen; @@ -2349,23 +2471,29 @@ yyacceptlab: | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ yyabortlab: - yydestruct ("Error: discarding lookahead", - yytoken, &yylval); - yychar = YYEMPTY; yyresult = 1; goto yyreturn; #ifndef yyoverflow -/*----------------------------------------------. -| yyoverflowlab -- parser overflow comes here. | -`----------------------------------------------*/ -yyoverflowlab: - yyerror ("parser stack overflow"); +/*-------------------------------------------------. +| yyexhaustedlab -- memory exhaustion comes here. | +`-------------------------------------------------*/ +yyexhaustedlab: + yyerror (YY_("memory exhausted")); yyresult = 2; /* Fall through. */ #endif yyreturn: + if (yychar != YYEOF && yychar != YYEMPTY) + yydestruct ("Cleanup: discarding lookahead", + yytoken, &yylval); + while (yyssp != yyss) + { + yydestruct ("Cleanup: popping", + yystos[*yyssp], yyvsp); + YYPOPSTACK; + } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h index 5cc1342618..df4587501e 100644 --- a/source4/heimdal/lib/asn1/parse.h +++ b/source4/heimdal/lib/asn1/parse.h @@ -1,7 +1,7 @@ -/* A Bison parser, made by GNU Bison 2.0. */ +/* A Bison parser, made by GNU Bison 2.1. */ /* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,8 +15,8 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. */ + Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. */ /* As a special exception, when this file is copied by Bison into a Bison output file, you may use that output file without restriction. @@ -118,6 +118,7 @@ NUMBER = 344 }; #endif +/* Tokens. */ #define kw_ABSENT 258 #define kw_ABSTRACT_SYNTAX 259 #define kw_ALL 260 @@ -225,8 +226,8 @@ typedef union YYSTYPE { struct memhead *members; struct constraint_spec *constraint_spec; } YYSTYPE; -/* Line 1318 of yacc.c. */ -#line 230 "parse.h" +/* Line 1447 of yacc.c. */ +#line 231 "parse.h" # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 diff --git a/source4/heimdal/lib/asn1/pkinit.asn1 b/source4/heimdal/lib/asn1/pkinit.asn1 new file mode 100644 index 0000000000..56d6611677 --- /dev/null +++ b/source4/heimdal/lib/asn1/pkinit.asn1 @@ -0,0 +1,161 @@ +-- $Id$ -- + +PKINIT DEFINITIONS ::= BEGIN + +IMPORTS EncryptionKey, PrincipalName, Realm, KerberosTime, Checksum FROM krb5 + IssuerAndSerialNumber, ContentInfo FROM cms + SubjectPublicKeyInfo, AlgorithmIdentifier FROM rfc2459 + heim_any FROM heim; + +id-pkinit OBJECT IDENTIFIER ::= + { iso (1) org (3) dod (6) internet (1) security (5) + kerberosv5 (2) pkinit (3) } + +id-pkauthdata OBJECT IDENTIFIER ::= { id-pkinit 1 } +id-pkdhkeydata OBJECT IDENTIFIER ::= { id-pkinit 2 } +id-pkrkeydata OBJECT IDENTIFIER ::= { id-pkinit 3 } +id-pkekuoid OBJECT IDENTIFIER ::= { id-pkinit 4 } +id-pkkdcekuoid OBJECT IDENTIFIER ::= { id-pkinit 5 } + +id-pkinit-san OBJECT IDENTIFIER ::= + { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) + x509-sanan(2) } + +id-pkinit-ms-san OBJECT IDENTIFIER ::= + { iso(1) org(3) dod(6) internet(1) foo1(4) + foo2(1) foo3(311) foo4(20) foo5(2) foo6(3) } + +pa-pk-as-req INTEGER ::= 16 +pa-pk-as-rep INTEGER ::= 17 + +ad-initial-verified-cas INTEGER ::= 9 + +td-trusted-certifiers INTEGER ::= 104 +td-invalid-certificates INTEGER ::= 105 +td-dh-parameters INTEGER ::= 109 + +DHNonce ::= OCTET STRING + +TrustedCA ::= SEQUENCE { + caName [0] IMPLICIT OCTET STRING, + certificateSerialNumber [1] INTEGER OPTIONAL, + subjectKeyIdentifier [2] OCTET STRING OPTIONAL, + ... +} + +ExternalPrincipalIdentifier ::= SEQUENCE { + subjectName [0] IMPLICIT OCTET STRING OPTIONAL, + issuerAndSerialNumber [1] IMPLICIT OCTET STRING OPTIONAL, + subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL, + ... +} + +ExternalPrincipalIdentifiers ::= SEQUENCE OF ExternalPrincipalIdentifier + +PA-PK-AS-REQ ::= SEQUENCE { + signedAuthPack [0] IMPLICIT OCTET STRING, + trustedCertifiers [1] ExternalPrincipalIdentifiers OPTIONAL, + kdcPkId [2] IMPLICIT OCTET STRING OPTIONAL, + ... +} + +PKAuthenticator ::= SEQUENCE { + cusec [0] INTEGER -- (0..999999) --, + ctime [1] KerberosTime, + nonce [2] INTEGER (0..4294967295), + paChecksum [3] OCTET STRING OPTIONAL, + ... +} + +AuthPack ::= SEQUENCE { + pkAuthenticator [0] PKAuthenticator, + clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL, + supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL, + clientDHNonce [3] DHNonce OPTIONAL, + ... +} + +TD-TRUSTED-CERTIFIERS ::= ExternalPrincipalIdentifiers +TD-INVALID-CERTIFICATES ::= ExternalPrincipalIdentifiers + +KRB5PrincipalName ::= SEQUENCE { + realm [0] Realm, + principalName [1] PrincipalName +} + +AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier + + +DHRepInfo ::= SEQUENCE { + dhSignedData [0] IMPLICIT OCTET STRING, + serverDHNonce [1] DHNonce OPTIONAL +} + +PA-PK-AS-REP ::= CHOICE { + dhInfo [0] DHRepInfo, + encKeyPack [1] IMPLICIT OCTET STRING, + ... +} + +KDCDHKeyInfo ::= SEQUENCE { + subjectPublicKey [0] BIT STRING, + nonce [1] INTEGER (0..4294967295), + dhKeyExpiration [2] KerberosTime OPTIONAL, + ... +} + +ReplyKeyPack ::= SEQUENCE { + replyKey [0] EncryptionKey, + asChecksum [1] Checksum, + ... +} + +TD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier + + +-- Windows compat glue -- + +PKAuthenticator-Win2k ::= SEQUENCE { + kdcName [0] PrincipalName, + kdcRealm [1] Realm, + cusec [2] INTEGER (0..4294967295), + ctime [3] KerberosTime, + nonce [4] INTEGER (-2147483648..2147483647) +} + +AuthPack-Win2k ::= SEQUENCE { + pkAuthenticator [0] PKAuthenticator-Win2k, + clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL +} + + +TrustedCA-Win2k ::= CHOICE { + caName [1] heim_any, + issuerAndSerial [2] IssuerAndSerialNumber +} + +PA-PK-AS-REQ-Win2k ::= SEQUENCE { + signed-auth-pack [0] IMPLICIT OCTET STRING, + trusted-certifiers [2] SEQUENCE OF TrustedCA-Win2k OPTIONAL, + kdc-cert [3] IMPLICIT OCTET STRING OPTIONAL, + encryption-cert [4] IMPLICIT OCTET STRING OPTIONAL +} + +PA-PK-AS-REP-Win2k ::= CHOICE { + dhSignedData [0] IMPLICIT OCTET STRING, + encKeyPack [1] IMPLICIT OCTET STRING +} + + +KDCDHKeyInfo-Win2k ::= SEQUENCE { + nonce [0] INTEGER (-2147483648..2147483647), + subjectPublicKey [2] BIT STRING +} + +ReplyKeyPack-Win2k ::= SEQUENCE { + replyKey [0] EncryptionKey, + nonce [1] INTEGER (0..4294967295), + ... +} + +END diff --git a/source4/heimdal/lib/asn1/rfc2459.asn1 b/source4/heimdal/lib/asn1/rfc2459.asn1 new file mode 100644 index 0000000000..eebbc3211b --- /dev/null +++ b/source4/heimdal/lib/asn1/rfc2459.asn1 @@ -0,0 +1,426 @@ +-- $Id$ -- +-- Definitions from rfc2459/rfc3280 + +RFC2459 DEFINITIONS ::= BEGIN + +IMPORTS heim_any FROM heim; + +Version ::= INTEGER { + rfc3280_version_1(0), + rfc3280_version_2(1), + rfc3280_version_3(2) +} + +id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) + rsadsi(113549) pkcs(1) 1 } +id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 } +id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 } +id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 } +id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 } +id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 } +id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 } +id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 } + +id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) + rsadsi(113549) pkcs(1) 2 } +id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 } +id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 } +id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 } + +id-rsa-digestAlgorithm OBJECT IDENTIFIER ::= +{ iso(1) member-body(2) us(840) rsadsi(113549) 2 } + +id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 } +id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 } +id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 } + +id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) + rsadsi(113549) pkcs(1) 3 } + +id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 } +id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 } +id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 } + +id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) + rsadsi(113549) 3 } + +id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 } +id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 } + +id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) + oiw(14) secsig(3) algorithm(2) 26 } + +id-nistAlgorithm OBJECT IDENTIFIER ::= { + joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 } + +id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 } + +id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 } +id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 } +id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 } + +id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 } + +id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 } +id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 } +id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 } +id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 } + +id-dhpublicnumber OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-x942(10046) + number-type(2) 1 } + +id-x9-57 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-x942(10046) + 4 } + +id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 } +id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 } + +-- x.520 names types + +id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 } + +id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 } +id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 } +id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 } +id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 } +id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 } +id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 } +id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 } +id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 } +id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 } +id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 } +id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 } +id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 } +id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 } +-- RFC 2247 +id-Userid OBJECT IDENTIFIER ::= + { 0 9 2342 19200300 100 1 1 } +id-domainComponent OBJECT IDENTIFIER ::= + { 0 9 2342 19200300 100 1 25 } + + +-- rfc3280 + +id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} + +AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters heim_any OPTIONAL +} + +AttributeType ::= OBJECT IDENTIFIER + +AttributeValue ::= heim_any + +TeletexStringx ::= [UNIVERSAL 20] IMPLICIT OCTET STRING + +DirectoryString ::= CHOICE { + ia5String IA5String, + teletexString TeletexStringx, + printableString PrintableString, + universalString UniversalString, + utf8String UTF8String, + bmpString BMPString +} + +Attribute ::= SEQUENCE { + type AttributeType, + value SET OF -- AttributeValue -- heim_any +} + +AttributeTypeAndValue ::= SEQUENCE { + type AttributeType, + value DirectoryString +} + +RelativeDistinguishedName ::= SET OF AttributeTypeAndValue + +RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + +Name ::= CHOICE { + rdnSequence RDNSequence +} + +CertificateSerialNumber ::= INTEGER + +Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime +} + +Validity ::= SEQUENCE { + notBefore Time, + notAfter Time +} + +UniqueIdentifier ::= BIT STRING + +SubjectPublicKeyInfo ::= SEQUENCE { + algorithm AlgorithmIdentifier, + subjectPublicKey BIT STRING +} + +Extension ::= SEQUENCE { + extnID OBJECT IDENTIFIER, + critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX + extnValue OCTET STRING +} + +Extensions ::= SEQUENCE OF Extension -- SIZE (1..MAX) + +TBSCertificate ::= SEQUENCE { + version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1, + serialNumber CertificateSerialNumber, + signature AlgorithmIdentifier, + issuer Name, + validity Validity, + subject Name, + subjectPublicKeyInfo SubjectPublicKeyInfo, + issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL, + -- If present, version shall be v2 or v3 + subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL, + -- If present, version shall be v2 or v3 + extensions [3] EXPLICIT Extensions OPTIONAL + -- If present, version shall be v3 +} + +Certificate ::= SEQUENCE { + tbsCertificate TBSCertificate, + signatureAlgorithm AlgorithmIdentifier, + signatureValue BIT STRING +} + +Certificates ::= SEQUENCE OF Certificate + +ValidationParms ::= SEQUENCE { + seed BIT STRING, + pgenCounter INTEGER +} + +DomainParameters ::= SEQUENCE { + p INTEGER, -- odd prime, p=jq +1 + g INTEGER, -- generator, g + q INTEGER, -- factor of p-1 + j INTEGER OPTIONAL, -- subgroup factor + validationParms ValidationParms OPTIONAL -- ValidationParms +} + +DHPublicKey ::= INTEGER + +OtherName ::= SEQUENCE { + type-id OBJECT IDENTIFIER, + value [0] EXPLICIT heim_any +} + +GeneralName ::= CHOICE { + otherName [0] IMPLICIT -- OtherName -- SEQUENCE { + type-id OBJECT IDENTIFIER, + value [0] EXPLICIT heim_any + }, + rfc822Name [1] IMPLICIT IA5String, + dNSName [2] IMPLICIT IA5String, +-- x400Address [3] IMPLICIT ORAddress,-- + directoryName [4] IMPLICIT -- Name -- CHOICE { + rdnSequence RDNSequence + }, +-- ediPartyName [5] IMPLICIT EDIPartyName, -- + uniformResourceIdentifier [6] IMPLICIT IA5String, + iPAddress [7] IMPLICIT OCTET STRING, + registeredID [8] IMPLICIT OBJECT IDENTIFIER +} + +GeneralNames ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralName + +id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 } + +KeyUsage ::= BIT STRING { + digitalSignature (0), + nonRepudiation (1), + keyEncipherment (2), + dataEncipherment (3), + keyAgreement (4), + keyCertSign (5), + cRLSign (6), + encipherOnly (7), + decipherOnly (8) +} + +id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 } + +KeyIdentifier ::= OCTET STRING + +AuthorityKeyIdentifier ::= SEQUENCE { + keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL, + authorityCertIssuer [1] IMPLICIT -- GeneralName -- + SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL, + authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL +} + +id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 } + +SubjectKeyIdentifier ::= KeyIdentifier + +id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 } + +BasicConstraints ::= SEQUENCE { + cA BOOLEAN OPTIONAL -- DEFAULT FALSE --, + pathLenConstraint INTEGER (0..4294967295) OPTIONAL +} + +id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 } + +BaseDistance ::= INTEGER -- (0..MAX) -- + +GeneralSubtree ::= SEQUENCE { + base GeneralName, + minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --, + maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL +} + +GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree + +NameConstraints ::= SEQUENCE { + permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL, + excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL +} + +id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 } +id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 } +id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 } +id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 } +id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 } +id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 } +id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 } + +id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37} + +ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER + +id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 } +id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 } +id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 } +id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 } +id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 } +id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 } +id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 } + +-- rfc3279 + +DSASigValue ::= SEQUENCE { + r INTEGER, + s INTEGER +} + +DSAPublicKey ::= INTEGER + +DSAParams ::= SEQUENCE { + p INTEGER, + q INTEGER, + g INTEGER +} + +-- really pkcs1 + +RSAPublicKey ::= SEQUENCE { + modulus INTEGER, -- n + publicExponent INTEGER -- e +} + +RSAPrivateKey ::= SEQUENCE { + version INTEGER (0..4294967295), + modulus INTEGER, -- n + publicExponent INTEGER, -- e + privateExponent INTEGER, -- d + prime1 INTEGER, -- p + prime2 INTEGER, -- q + exponent1 INTEGER, -- d mod (p-1) + exponent2 INTEGER, -- d mod (q-1) + coefficient INTEGER -- (inverse of q) mod p +} + +DigestInfo ::= SEQUENCE { + digestAlgorithm AlgorithmIdentifier, + digest OCTET STRING +} + +-- some ms ext + +-- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a + +-- UNICODESTRING (0x1E tag) + +-- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as: + +-- TemplateVersion ::= INTEGER (0..4294967295) + +-- CertificateTemplate ::= SEQUENCE { +-- templateID OBJECT IDENTIFIER, +-- templateMajorVersion TemplateVersion, +-- templateMinorVersion TemplateVersion OPTIONAL +-- } + + +-- +-- CRL +-- + +TBSCRLCertList ::= SEQUENCE { + version Version OPTIONAL, -- if present, MUST be v2 + signature AlgorithmIdentifier, + issuer Name, + thisUpdate Time, + nextUpdate Time OPTIONAL, + revokedCertificates SEQUENCE OF SEQUENCE { + userCertificate CertificateSerialNumber, + revocationDate Time, + crlEntryExtensions Extensions OPTIONAL + -- if present, MUST be v2 + } OPTIONAL, + crlExtensions [0] EXPLICIT Extensions OPTIONAL + -- if present, MUST be v2 +} + + +CRLCertificateList ::= SEQUENCE { + tbsCertList TBSCRLCertList, + signatureAlgorithm AlgorithmIdentifier, + signatureValue BIT STRING +} + +id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 } +id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 } +id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 } + +CRLReason ::= ENUMERATED { + unspecified (0), + keyCompromise (1), + cACompromise (2), + affiliationChanged (3), + superseded (4), + cessationOfOperation (5), + certificateHold (6), + removeFromCRL (8), + privilegeWithdrawn (9), + aACompromise (10) +} + +-- RFC 3820 Proxy Certificate Profile + +id-pkix-pe OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) 1 } + +id-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 } + +ProxyPolicy ::= SEQUENCE { + policyLanguage OBJECT IDENTIFIER, + policy OCTET STRING OPTIONAL +} + +ProxyCertInfo ::= SEQUENCE { + pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX + proxyPolicy ProxyPolicy +} + +END diff --git a/source4/heimdal/lib/asn1/test.asn1 b/source4/heimdal/lib/asn1/test.asn1 index 22fcc0b003..1a1179bc30 100644 --- a/source4/heimdal/lib/asn1/test.asn1 +++ b/source4/heimdal/lib/asn1/test.asn1 @@ -1,4 +1,4 @@ --- $Id: test.asn1,v 1.8 2006/01/31 09:42:04 lha Exp $ -- +-- $Id: test.asn1,v 1.9 2006/09/05 14:00:44 lha Exp $ -- TEST DEFINITIONS ::= @@ -83,4 +83,6 @@ TESTUSERCONSTRAINED ::= OCTET STRING (CONSTRAINED BY { -- meh -- }) -- TESTUSERCONSTRAINED3 ::= OCTET STRING (CONSTRAINED BY { INTEGER }) -- TESTUSERCONSTRAINED4 ::= OCTET STRING (CONSTRAINED BY { INTEGER : 1 }) +TESTSeqOf ::= SEQUENCE OF TESTInteger + END diff --git a/source4/heimdal/lib/asn1/timegm.c b/source4/heimdal/lib/asn1/timegm.c new file mode 100644 index 0000000000..86df58d700 --- /dev/null +++ b/source4/heimdal/lib/asn1/timegm.c @@ -0,0 +1,86 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "der_locl.h" + +RCSID("$Id: timegm.c,v 1.11 2006/10/19 16:19:32 lha Exp $"); + +static int +is_leap(unsigned y) +{ + y += 1900; + return (y % 4) == 0 && ((y % 100) != 0 || (y % 400) == 0); +} + +/* + * This is a simplifed version of _der_timegm that doesn't accept out + * of bound values that timegm(3) normally accepts but those are not + * valid in asn1 encodings. + */ + +time_t +_der_timegm (struct tm *tm) +{ + static const unsigned ndays[2][12] ={ + {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}, + {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}}; + time_t res = 0; + unsigned i; + + if (tm->tm_year < 0) + return -1; + if (tm->tm_mon < 0 || tm->tm_mon > 11) + return -1; + if (tm->tm_mday < 1 || tm->tm_mday > ndays[is_leap(tm->tm_year)][tm->tm_mon]) + return -1; + if (tm->tm_hour < 0 || tm->tm_hour > 23) + return -1; + if (tm->tm_min < 0 || tm->tm_min > 59) + return -1; + if (tm->tm_sec < 0 || tm->tm_sec > 59) + return -1; + + for (i = 70; i < tm->tm_year; ++i) + res += is_leap(i) ? 366 : 365; + + for (i = 0; i < tm->tm_mon; ++i) + res += ndays[is_leap(tm->tm_year)][i]; + res += tm->tm_mday - 1; + res *= 24; + res += tm->tm_hour; + res *= 60; + res += tm->tm_min; + res *= 60; + res += tm->tm_sec; + return res; +} diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index 4697d0a3fd..30b44d0c19 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -1,94 +1,32 @@ -#include "config.h" - -#line 3 "lex.yy.c" - -#define YY_INT_ALIGNED short int - /* A lexical scanner generated by flex */ +/* Scanner skeleton version: + * $Header: /cvs/root/flex/flex/skel.c,v 1.2 2004/05/07 00:28:17 jkh Exp $ + */ + #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 33 -#if YY_FLEX_SUBMINOR_VERSION > 0 -#define FLEX_BETA -#endif - -/* First, we deal with platform-specific or compiler-specific issues. */ -/* begin standard C headers. */ #include -#include -#include -#include - -/* end standard C headers. */ - -/* flex integer type definitions */ -#ifndef FLEXINT_H -#define FLEXINT_H -/* C99 systems have . Non-C99 systems may or may not. */ - -#if __STDC_VERSION__ >= 199901L - -/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, - * if you want the limit (max/min) macros for int types. - */ -#ifndef __STDC_LIMIT_MACROS -#define __STDC_LIMIT_MACROS 1 -#endif - -#include -typedef int8_t flex_int8_t; -typedef uint8_t flex_uint8_t; -typedef int16_t flex_int16_t; -typedef uint16_t flex_uint16_t; -typedef int32_t flex_int32_t; -typedef uint32_t flex_uint32_t; -#else -typedef signed char flex_int8_t; -typedef short int flex_int16_t; -typedef int flex_int32_t; -typedef unsigned char flex_uint8_t; -typedef unsigned short int flex_uint16_t; -typedef unsigned int flex_uint32_t; -#endif /* ! C99 */ - -/* Limits of integral types. */ -#ifndef INT8_MIN -#define INT8_MIN (-128) -#endif -#ifndef INT16_MIN -#define INT16_MIN (-32767-1) -#endif -#ifndef INT32_MIN -#define INT32_MIN (-2147483647-1) -#endif -#ifndef INT8_MAX -#define INT8_MAX (127) -#endif -#ifndef INT16_MAX -#define INT16_MAX (32767) -#endif -#ifndef INT32_MAX -#define INT32_MAX (2147483647) -#endif -#ifndef UINT8_MAX -#define UINT8_MAX (255U) -#endif -#ifndef UINT16_MAX -#define UINT16_MAX (65535U) +/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ +#ifdef c_plusplus +#ifndef __cplusplus +#define __cplusplus #endif -#ifndef UINT32_MAX -#define UINT32_MAX (4294967295U) #endif -#endif /* ! FLEXINT_H */ #ifdef __cplusplus +#include +#include + +/* Use prototypes in function declarations. */ +#define YY_USE_PROTOS + /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST @@ -96,17 +34,34 @@ typedef unsigned int flex_uint32_t; #if __STDC__ +#define YY_USE_PROTOS #define YY_USE_CONST #endif /* __STDC__ */ #endif /* ! __cplusplus */ +#ifdef __TURBOC__ + #pragma warn -rch + #pragma warn -use +#include +#include +#define YY_USE_CONST +#define YY_USE_PROTOS +#endif + #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif + +#ifdef YY_USE_PROTOS +#define YY_PROTO(proto) proto +#else +#define YY_PROTO(proto) () +#endif + /* Returned upon end-of-file. */ #define YY_NULL 0 @@ -121,75 +76,71 @@ typedef unsigned int flex_uint32_t; * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ -#define BEGIN (yy_start) = 1 + 2 * +#define BEGIN yy_start = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ -#define YY_START (((yy_start) - 1) / 2) +#define YY_START ((yy_start - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart(yyin ) +#define YY_NEW_FILE yyrestart( yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ -#ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 -#endif - -/* The state buf must be large enough to hold one state per character in the main buffer. - */ -#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) -#ifndef YY_TYPEDEF_YY_BUFFER_STATE -#define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; -#endif extern int yyleng; - extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 - #define YY_LESS_LINENO(n) - -/* Return all but the first "n" matched characters back to the input stream. */ +/* The funky do-while in the following #define is used to turn the definition + * int a single C statement (which needs a semi-colon terminator). This + * avoids problems with code like: + * + * if ( condition_holds ) + * yyless( 5 ); + * else + * do_something_else(); + * + * Prior to using the do-while the compiler would get upset at the + * "else" because it interpreted the "if" statement as being all + * done when it reached the ';' after the yyless() call. + */ + +/* Return all but the first 'n' matched characters back to the input stream. */ + #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - *yy_cp = (yy_hold_char); \ + *yy_cp = yy_hold_char; \ YY_RESTORE_YY_MORE_OFFSET \ - (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ + yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) -#define unput(c) yyunput( c, (yytext_ptr) ) +#define unput(c) yyunput( c, yytext_ptr ) /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). */ - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T typedef unsigned int yy_size_t; -#endif -#ifndef YY_STRUCT_YY_BUFFER_STATE -#define YY_STRUCT_YY_BUFFER_STATE + struct yy_buffer_state { FILE *yy_input_file; @@ -226,16 +177,12 @@ struct yy_buffer_state */ int yy_at_bol; - int yy_bs_lineno; /**< The line count. */ - int yy_bs_column; /**< The column count. */ - /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; - #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process @@ -249,38 +196,28 @@ struct yy_buffer_state * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 - }; -#endif /* !YY_STRUCT_YY_BUFFER_STATE */ -/* Stack of input buffers. */ -static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ -static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ -static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ +static YY_BUFFER_STATE yy_current_buffer = 0; /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". - * - * Returns the top of the stack, or NULL. */ -#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ - ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ - : NULL) +#define YY_CURRENT_BUFFER yy_current_buffer -/* Same as previous macro, but useful when we know that the buffer stack is not - * NULL or when we need an lvalue. For internal use only. - */ -#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; + static int yy_n_chars; /* number of characters read into yy_ch_buf */ + + int yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; -static int yy_init = 0; /* whether we need to initialize */ +static int yy_init = 1; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ /* Flag which is used to allow yywrap()'s to do buffer switches @@ -288,92 +225,66 @@ static int yy_start = 0; /* start state number */ */ static int yy_did_buffer_switch_on_eof; -void yyrestart (FILE *input_file ); -void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); -YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); -void yy_delete_buffer (YY_BUFFER_STATE b ); -void yy_flush_buffer (YY_BUFFER_STATE b ); -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); -void yypop_buffer_state (void ); - -static void yyensure_buffer_stack (void ); -static void yy_load_buffer_state (void ); -static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); +void yyrestart YY_PROTO(( FILE *input_file )); -#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) +void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); +void yy_load_buffer_state YY_PROTO(( void )); +YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); +void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); +void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); +void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); +#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) -YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); -YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); +YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); +YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); +YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); -void *yyalloc (yy_size_t ); -void *yyrealloc (void *,yy_size_t ); -void yyfree (void * ); +static void *yy_flex_alloc YY_PROTO(( yy_size_t )); +static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); +static void yy_flex_free YY_PROTO(( void * )); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ - if ( ! YY_CURRENT_BUFFER ){ \ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ - if ( ! YY_CURRENT_BUFFER ){\ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_at_bol = at_bol; \ } -#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) - -/* Begin user sect3 */ +#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) typedef unsigned char YY_CHAR; - FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; - typedef int yy_state_type; - -extern int yylineno; - -int yylineno = 1; - extern char *yytext; #define yytext_ptr yytext -static yy_state_type yy_get_previous_state (void ); -static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); -static int yy_get_next_buffer (void ); -static void yy_fatal_error (yyconst char msg[] ); +static yy_state_type yy_get_previous_state YY_PROTO(( void )); +static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); +static int yy_get_next_buffer YY_PROTO(( void )); +static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ - (yytext_ptr) = yy_bp; \ - yyleng = (size_t) (yy_cp - yy_bp); \ - (yy_hold_char) = *yy_cp; \ + yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yy_hold_char = *yy_cp; \ *yy_cp = '\0'; \ - (yy_c_buf_p) = yy_cp; + yy_c_buf_p = yy_cp; #define YY_NUM_RULES 16 #define YY_END_OF_BUFFER 17 -/* This struct is not used in this scanner, - but its presence is necessary. */ -struct yy_trans_info - { - flex_int32_t yy_verify; - flex_int32_t yy_nxt; - }; -static yyconst flex_int16_t yy_accept[46] = +static yyconst short int yy_accept[46] = { 0, 0, 0, 17, 15, 11, 12, 13, 10, 9, 14, 14, 14, 14, 10, 9, 14, 3, 14, 14, 1, @@ -382,7 +293,7 @@ static yyconst flex_int16_t yy_accept[46] = 14, 4, 14, 2, 0 } ; -static yyconst flex_int32_t yy_ec[256] = +static yyconst int yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -414,14 +325,14 @@ static yyconst flex_int32_t yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst flex_int32_t yy_meta[23] = +static yyconst int yy_meta[23] = { 0, 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3 } ; -static yyconst flex_int16_t yy_base[48] = +static yyconst short int yy_base[48] = { 0, 0, 0, 56, 57, 57, 57, 57, 0, 49, 0, 12, 13, 34, 0, 47, 0, 0, 40, 31, 0, @@ -430,7 +341,7 @@ static yyconst flex_int16_t yy_base[48] = 12, 0, 14, 0, 57, 34, 23 } ; -static yyconst flex_int16_t yy_def[48] = +static yyconst short int yy_def[48] = { 0, 45, 1, 45, 45, 45, 45, 45, 46, 47, 47, 47, 47, 47, 46, 47, 47, 47, 47, 47, 47, @@ -439,7 +350,7 @@ static yyconst flex_int16_t yy_def[48] = 47, 47, 47, 47, 0, 45, 45 } ; -static yyconst flex_int16_t yy_nxt[80] = +static yyconst short int yy_nxt[80] = { 0, 4, 5, 6, 7, 8, 9, 10, 10, 10, 10, 10, 10, 11, 10, 12, 10, 10, 10, 13, 10, @@ -451,7 +362,7 @@ static yyconst flex_int16_t yy_nxt[80] = 45, 45, 45, 45, 45, 45, 45, 45, 45 } ; -static yyconst flex_int16_t yy_chk[80] = +static yyconst short int yy_chk[80] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -466,9 +377,6 @@ static yyconst flex_int16_t yy_chk[80] = static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; -extern int yy_flex_debug; -int yy_flex_debug = 0; - /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ @@ -477,8 +385,9 @@ int yy_flex_debug = 0; #define YY_MORE_ADJ 0 #define YY_RESTORE_YY_MORE_OFFSET char *yytext; -#line 1 "lex.l" -#line 2 "lex.l" +#line 1 "../../../lib/com_err/lex.l" +#define INITIAL 0 +#line 2 "../../../lib/com_err/lex.l" /* * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). @@ -533,23 +442,7 @@ static int getstring(void); #undef ECHO -#line 536 "lex.yy.c" - -#define INITIAL 0 - -#ifndef YY_NO_UNISTD_H -/* Special case for "unistd.h", since it is non-ANSI. We include it way - * down here because we want the user's section 1 to have been scanned first. - * The user has a chance to override it with an option. - */ -#include -#endif - -#ifndef YY_EXTRA_TYPE -#define YY_EXTRA_TYPE void * -#endif - -static int yy_init_globals (void ); +#line 446 "lex.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -557,30 +450,65 @@ static int yy_init_globals (void ); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int yywrap (void ); +extern "C" int yywrap YY_PROTO(( void )); #else -extern int yywrap (void ); +extern int yywrap YY_PROTO(( void )); #endif #endif - static void yyunput (int c,char *buf_ptr ); - +#ifndef YY_NO_UNPUT +static void yyunput YY_PROTO(( int c, char *buf_ptr )); +#endif + #ifndef yytext_ptr -static void yy_flex_strncpy (char *,yyconst char *,int ); +static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * ); +static int yy_flex_strlen YY_PROTO(( yyconst char * )); #endif #ifndef YY_NO_INPUT - #ifdef __cplusplus -static int yyinput (void ); +static int yyinput YY_PROTO(( void )); +#else +static int input YY_PROTO(( void )); +#endif +#endif + +#if YY_STACK_USED +static int yy_start_stack_ptr = 0; +static int yy_start_stack_depth = 0; +static int *yy_start_stack = 0; +#ifndef YY_NO_PUSH_STATE +static void yy_push_state YY_PROTO(( int new_state )); +#endif +#ifndef YY_NO_POP_STATE +static void yy_pop_state YY_PROTO(( void )); +#endif +#ifndef YY_NO_TOP_STATE +static int yy_top_state YY_PROTO(( void )); +#endif + #else -static int input (void ); +#define YY_NO_PUSH_STATE 1 +#define YY_NO_POP_STATE 1 +#define YY_NO_TOP_STATE 1 #endif +#ifdef YY_MALLOC_DECL +YY_MALLOC_DECL +#else +#if __STDC__ +#ifndef __cplusplus +#include +#endif +#else +/* Just try to get by without declaring the routines. This will fail + * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) + * or sizeof(void*) != sizeof(int). + */ +#endif #endif /* Amount of stuff to slurp up with each read. */ @@ -589,6 +517,7 @@ static int input (void ); #endif /* Copy whatever the last rule matched to the standard output. */ + #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). @@ -601,10 +530,9 @@ static int input (void ); */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + if ( yy_current_buffer->yy_is_interactive ) \ { \ - int c = '*'; \ - size_t n; \ + int c = '*', n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -614,22 +542,9 @@ static int input (void ); YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ - else \ - { \ - errno=0; \ - while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ - { \ - if( errno != EINTR) \ - { \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - break; \ - } \ - errno=0; \ - clearerr(yyin); \ - } \ - }\ -\ - + else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ + && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - @@ -650,18 +565,12 @@ static int input (void ); #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif -/* end tables serialization structures and prototypes */ - /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL -#define YY_DECL_IS_OURS 1 - -extern int yylex (void); - -#define YY_DECL int yylex (void) -#endif /* !YY_DECL */ +#define YY_DECL int yylex YY_PROTO(( void )) +#endif /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. @@ -678,28 +587,26 @@ extern int yylex (void); #define YY_RULE_SETUP \ YY_USER_ACTION -/** The main scanner function which does all the work. - */ YY_DECL -{ + { register yy_state_type yy_current_state; register char *yy_cp, *yy_bp; register int yy_act; - -#line 59 "lex.l" -#line 691 "lex.yy.c" +#line 59 "../../../lib/com_err/lex.l" + +#line 599 "lex.c" - if ( !(yy_init) ) + if ( yy_init ) { - (yy_init) = 1; + yy_init = 0; #ifdef YY_USER_INIT YY_USER_INIT; #endif - if ( ! (yy_start) ) - (yy_start) = 1; /* first start state */ + if ( ! yy_start ) + yy_start = 1; /* first start state */ if ( ! yyin ) yyin = stdin; @@ -707,36 +614,34 @@ YY_DECL if ( ! yyout ) yyout = stdout; - if ( ! YY_CURRENT_BUFFER ) { - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); - } + if ( ! yy_current_buffer ) + yy_current_buffer = + yy_create_buffer( yyin, YY_BUF_SIZE ); - yy_load_buffer_state( ); + yy_load_buffer_state(); } while ( 1 ) /* loops until end-of-file is reached */ { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; /* Support of yytext. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; - yy_current_state = (yy_start); + yy_current_state = yy_start; yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -753,132 +658,133 @@ yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; + do_action: /* This label is used only to access EOF actions. */ + switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = (yy_hold_char); - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + *yy_cp = yy_hold_char; + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; goto yy_find_action; case 1: YY_RULE_SETUP -#line 60 "lex.l" +#line 60 "../../../lib/com_err/lex.l" { return ET; } YY_BREAK case 2: YY_RULE_SETUP -#line 61 "lex.l" +#line 61 "../../../lib/com_err/lex.l" { return ET; } YY_BREAK case 3: YY_RULE_SETUP -#line 62 "lex.l" +#line 62 "../../../lib/com_err/lex.l" { return EC; } YY_BREAK case 4: YY_RULE_SETUP -#line 63 "lex.l" +#line 63 "../../../lib/com_err/lex.l" { return EC; } YY_BREAK case 5: YY_RULE_SETUP -#line 64 "lex.l" +#line 64 "../../../lib/com_err/lex.l" { return PREFIX; } YY_BREAK case 6: YY_RULE_SETUP -#line 65 "lex.l" +#line 65 "../../../lib/com_err/lex.l" { return INDEX; } YY_BREAK case 7: YY_RULE_SETUP -#line 66 "lex.l" +#line 66 "../../../lib/com_err/lex.l" { return ID; } YY_BREAK case 8: YY_RULE_SETUP -#line 67 "lex.l" +#line 67 "../../../lib/com_err/lex.l" { return END; } YY_BREAK case 9: YY_RULE_SETUP -#line 68 "lex.l" +#line 68 "../../../lib/com_err/lex.l" { yylval.number = atoi(yytext); return NUMBER; } YY_BREAK case 10: YY_RULE_SETUP -#line 69 "lex.l" +#line 69 "../../../lib/com_err/lex.l" ; YY_BREAK case 11: YY_RULE_SETUP -#line 70 "lex.l" +#line 70 "../../../lib/com_err/lex.l" ; YY_BREAK case 12: -/* rule 12 can match eol */ YY_RULE_SETUP -#line 71 "lex.l" +#line 71 "../../../lib/com_err/lex.l" { lineno++; } YY_BREAK case 13: YY_RULE_SETUP -#line 72 "lex.l" +#line 72 "../../../lib/com_err/lex.l" { return getstring(); } YY_BREAK case 14: YY_RULE_SETUP -#line 73 "lex.l" +#line 73 "../../../lib/com_err/lex.l" { yylval.string = strdup(yytext); return STRING; } YY_BREAK case 15: YY_RULE_SETUP -#line 74 "lex.l" +#line 74 "../../../lib/com_err/lex.l" { return *yytext; } YY_BREAK case 16: YY_RULE_SETUP -#line 75 "lex.l" +#line 75 "../../../lib/com_err/lex.l" ECHO; YY_BREAK -#line 855 "lex.yy.c" +#line 762 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; + int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; YY_RESTORE_YY_MORE_OFFSET - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure - * consistency between YY_CURRENT_BUFFER and our + * consistency between yy_current_buffer and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; + yy_n_chars = yy_current_buffer->yy_n_chars; + yy_current_buffer->yy_input_file = yyin; + yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position @@ -888,13 +794,13 @@ case YY_STATE_EOF(INITIAL): * end-of-buffer state). Contrast this with the test * in input(). */ - if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) { /* This was really a NUL. */ yy_state_type yy_next_state; - (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); /* Okay, we're now positioned to make the NUL * transition. We couldn't have @@ -907,30 +813,30 @@ case YY_STATE_EOF(INITIAL): yy_next_state = yy_try_NUL_trans( yy_current_state ); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_bp = yytext_ptr + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ - yy_cp = ++(yy_c_buf_p); + yy_cp = ++yy_c_buf_p; yy_current_state = yy_next_state; goto yy_match; } else { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; goto yy_find_action; } } - else switch ( yy_get_next_buffer( ) ) + else switch ( yy_get_next_buffer() ) { case EOB_ACT_END_OF_FILE: { - (yy_did_buffer_switch_on_eof) = 0; + yy_did_buffer_switch_on_eof = 0; - if ( yywrap( ) ) + if ( yywrap() ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -941,7 +847,7 @@ case YY_STATE_EOF(INITIAL): * YY_NULL, it'll still work - another * YY_NULL will get returned. */ - (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; + yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; @@ -949,30 +855,30 @@ case YY_STATE_EOF(INITIAL): else { - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = - (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = + yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: - (yy_c_buf_p) = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; + yy_c_buf_p = + &yy_current_buffer->yy_ch_buf[yy_n_chars]; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_find_action; } break; @@ -983,7 +889,8 @@ case YY_STATE_EOF(INITIAL): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ -} /* end of yylex */ + } /* end of yylex */ + /* yy_get_next_buffer - try to read in a new buffer * @@ -992,20 +899,21 @@ case YY_STATE_EOF(INITIAL): * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ -static int yy_get_next_buffer (void) -{ - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = (yytext_ptr); + +static int yy_get_next_buffer() + { + register char *dest = yy_current_buffer->yy_ch_buf; + register char *source = yytext_ptr; register int number_to_move, i; int ret_val; - if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) + if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); - if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) + if ( yy_current_buffer->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ - if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) + if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. @@ -1025,30 +933,34 @@ static int yy_get_next_buffer (void) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; + yy_current_buffer->yy_n_chars = yy_n_chars = 0; else { - int num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + int num_to_read = + yy_current_buffer->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ +#ifdef YY_USES_REJECT + YY_FATAL_ERROR( +"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); +#else /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + YY_BUFFER_STATE b = yy_current_buffer; int yy_c_buf_p_offset = - (int) ((yy_c_buf_p) - b->yy_ch_buf); + (int) (yy_c_buf_p - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { @@ -1061,7 +973,8 @@ static int yy_get_next_buffer (void) b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); + yy_flex_realloc( (void *) b->yy_ch_buf, + b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ @@ -1071,35 +984,35 @@ static int yy_get_next_buffer (void) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); - (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; + yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; - num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - + num_to_read = yy_current_buffer->yy_buf_size - number_to_move - 1; - +#endif } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ - YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), (size_t) num_to_read ); + YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), + yy_n_chars, num_to_read ); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + yy_current_buffer->yy_n_chars = yy_n_chars; } - if ( (yy_n_chars) == 0 ) + if ( yy_n_chars == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - yyrestart(yyin ); + yyrestart( yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = + yy_current_buffer->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } @@ -1107,31 +1020,32 @@ static int yy_get_next_buffer (void) else ret_val = EOB_ACT_CONTINUE_SCAN; - (yy_n_chars) += number_to_move; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; + yy_n_chars += number_to_move; + yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; + yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; - (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; + yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; return ret_val; -} + } + /* yy_get_previous_state - get the state just before the EOB char was reached */ - static yy_state_type yy_get_previous_state (void) -{ +static yy_state_type yy_get_previous_state() + { register yy_state_type yy_current_state; register char *yy_cp; - - yy_current_state = (yy_start); - for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) + yy_current_state = yy_start; + + for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1143,23 +1057,30 @@ static int yy_get_next_buffer (void) } return yy_current_state; -} + } + /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ - static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) -{ + +#ifdef YY_USE_PROTOS +static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) +#else +static yy_state_type yy_try_NUL_trans( yy_current_state ) +yy_state_type yy_current_state; +#endif + { register int yy_is_jam; - register char *yy_cp = (yy_c_buf_p); + register char *yy_cp = yy_c_buf_p; register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1171,73 +1092,80 @@ static int yy_get_next_buffer (void) yy_is_jam = (yy_current_state == 45); return yy_is_jam ? 0 : yy_current_state; -} + } - static void yyunput (int c, register char * yy_bp ) -{ - register char *yy_cp; - - yy_cp = (yy_c_buf_p); + +#ifndef YY_NO_UNPUT +#ifdef YY_USE_PROTOS +static void yyunput( int c, register char *yy_bp ) +#else +static void yyunput( c, yy_bp ) +int c; +register char *yy_bp; +#endif + { + register char *yy_cp = yy_c_buf_p; /* undo effects of setting up yytext */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; + register int number_to_move = yy_n_chars + 2; + register char *dest = &yy_current_buffer->yy_ch_buf[ + yy_current_buffer->yy_buf_size + 2]; register char *source = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; + &yy_current_buffer->yy_ch_buf[number_to_move]; - while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + while ( source > yy_current_buffer->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + yy_current_buffer->yy_n_chars = + yy_n_chars = yy_current_buffer->yy_buf_size; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; - (yytext_ptr) = yy_bp; - (yy_hold_char) = *yy_cp; - (yy_c_buf_p) = yy_cp; -} -#ifndef YY_NO_INPUT + yytext_ptr = yy_bp; + yy_hold_char = *yy_cp; + yy_c_buf_p = yy_cp; + } +#endif /* ifndef YY_NO_UNPUT */ + + #ifdef __cplusplus - static int yyinput (void) +static int yyinput() #else - static int input (void) +static int input() #endif - -{ + { int c; - - *(yy_c_buf_p) = (yy_hold_char); - if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) + *yy_c_buf_p = yy_hold_char; + + if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ - if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) /* This was really a NUL. */ - *(yy_c_buf_p) = '\0'; + *yy_c_buf_p = '\0'; else { /* need more input */ - int offset = (yy_c_buf_p) - (yytext_ptr); - ++(yy_c_buf_p); + int offset = yy_c_buf_p - yytext_ptr; + ++yy_c_buf_p; - switch ( yy_get_next_buffer( ) ) + switch ( yy_get_next_buffer() ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() @@ -1251,16 +1179,16 @@ static int yy_get_next_buffer (void) */ /* Reset buffer status. */ - yyrestart(yyin ); + yyrestart( yyin ); - /*FALLTHROUGH*/ + /* fall through */ case EOB_ACT_END_OF_FILE: { - if ( yywrap( ) ) + if ( yywrap() ) return EOF; - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); @@ -1270,92 +1198,90 @@ static int yy_get_next_buffer (void) } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = (yytext_ptr) + offset; + yy_c_buf_p = yytext_ptr + offset; break; } } } - c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ - *(yy_c_buf_p) = '\0'; /* preserve yytext */ - (yy_hold_char) = *++(yy_c_buf_p); + c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ + *yy_c_buf_p = '\0'; /* preserve yytext */ + yy_hold_char = *++yy_c_buf_p; + return c; -} -#endif /* ifndef YY_NO_INPUT */ + } -/** Immediately switch to a different input stream. - * @param input_file A readable stream. - * - * @note This function does not reset the start condition to @c INITIAL . - */ - void yyrestart (FILE * input_file ) -{ - - if ( ! YY_CURRENT_BUFFER ){ - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); + +#ifdef YY_USE_PROTOS +void yyrestart( FILE *input_file ) +#else +void yyrestart( input_file ) +FILE *input_file; +#endif + { + if ( ! yy_current_buffer ) + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); + + yy_init_buffer( yy_current_buffer, input_file ); + yy_load_buffer_state(); } - yy_init_buffer(YY_CURRENT_BUFFER,input_file ); - yy_load_buffer_state( ); -} -/** Switch to a different input buffer. - * @param new_buffer The new input buffer. - * - */ - void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) -{ - - /* TODO. We should be able to replace this entire function body - * with - * yypop_buffer_state(); - * yypush_buffer_state(new_buffer); - */ - yyensure_buffer_stack (); - if ( YY_CURRENT_BUFFER == new_buffer ) +#ifdef YY_USE_PROTOS +void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) +#else +void yy_switch_to_buffer( new_buffer ) +YY_BUFFER_STATE new_buffer; +#endif + { + if ( yy_current_buffer == new_buffer ) return; - if ( YY_CURRENT_BUFFER ) + if ( yy_current_buffer ) { /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + *yy_c_buf_p = yy_hold_char; + yy_current_buffer->yy_buf_pos = yy_c_buf_p; + yy_current_buffer->yy_n_chars = yy_n_chars; } - YY_CURRENT_BUFFER_LVALUE = new_buffer; - yy_load_buffer_state( ); + yy_current_buffer = new_buffer; + yy_load_buffer_state(); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ - (yy_did_buffer_switch_on_eof) = 1; -} + yy_did_buffer_switch_on_eof = 1; + } -static void yy_load_buffer_state (void) -{ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; - yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; - (yy_hold_char) = *(yy_c_buf_p); -} -/** Allocate and initialize an input buffer state. - * @param file A readable stream. - * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. - * - * @return the allocated buffer state. - */ - YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) -{ +#ifdef YY_USE_PROTOS +void yy_load_buffer_state( void ) +#else +void yy_load_buffer_state() +#endif + { + yy_n_chars = yy_current_buffer->yy_n_chars; + yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; + yyin = yy_current_buffer->yy_input_file; + yy_hold_char = *yy_c_buf_p; + } + + +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) +#else +YY_BUFFER_STATE yy_create_buffer( file, size ) +FILE *file; +int size; +#endif + { YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); @@ -1364,75 +1290,80 @@ static void yy_load_buffer_state (void) /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); + b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - yy_init_buffer(b,file ); + yy_init_buffer( b, file ); return b; -} + } -/** Destroy the buffer. - * @param b a buffer created with yy_create_buffer() - * - */ - void yy_delete_buffer (YY_BUFFER_STATE b ) -{ - + +#ifdef YY_USE_PROTOS +void yy_delete_buffer( YY_BUFFER_STATE b ) +#else +void yy_delete_buffer( b ) +YY_BUFFER_STATE b; +#endif + { if ( ! b ) return; - if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ - YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; + if ( b == yy_current_buffer ) + yy_current_buffer = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - yyfree((void *) b->yy_ch_buf ); + yy_flex_free( (void *) b->yy_ch_buf ); - yyfree((void *) b ); -} + yy_flex_free( (void *) b ); + } -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* Initializes or reinitializes a buffer. - * This function is sometimes called more than once on the same buffer, - * such as during a yyrestart() or at EOF. - */ - static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) -{ - int oerrno = errno; - - yy_flush_buffer(b ); +#ifndef YY_ALWAYS_INTERACTIVE +#ifndef YY_NEVER_INTERACTIVE +extern int isatty YY_PROTO(( int )); +#endif +#endif + +#ifdef YY_USE_PROTOS +void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) +#else +void yy_init_buffer( b, file ) +YY_BUFFER_STATE b; +FILE *file; +#endif + + + { + yy_flush_buffer( b ); b->yy_input_file = file; b->yy_fill_buffer = 1; - /* If b is the current buffer, then yy_init_buffer was _probably_ - * called from yyrestart() or through yy_get_next_buffer. - * In that case, we don't want to reset the lineno or column. - */ - if (b != YY_CURRENT_BUFFER){ - b->yy_bs_lineno = 1; - b->yy_bs_column = 0; - } +#if YY_ALWAYS_INTERACTIVE + b->yy_is_interactive = 1; +#else +#if YY_NEVER_INTERACTIVE + b->yy_is_interactive = 0; +#else + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; +#endif +#endif + } - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; - - errno = oerrno; -} -/** Discard all buffered characters. On the next scan, YY_INPUT will be called. - * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. - * - */ - void yy_flush_buffer (YY_BUFFER_STATE b ) -{ - if ( ! b ) +#ifdef YY_USE_PROTOS +void yy_flush_buffer( YY_BUFFER_STATE b ) +#else +void yy_flush_buffer( b ) +YY_BUFFER_STATE b; +#endif + + { + if ( ! b ) return; b->yy_n_chars = 0; @@ -1449,121 +1380,29 @@ extern int isatty (int ); b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; - if ( b == YY_CURRENT_BUFFER ) - yy_load_buffer_state( ); -} - -/** Pushes the new state onto the stack. The new state becomes - * the current state. This function will allocate the stack - * if necessary. - * @param new_buffer The new state. - * - */ -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) -{ - if (new_buffer == NULL) - return; - - yyensure_buffer_stack(); - - /* This block is copied from yy_switch_to_buffer. */ - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - /* Only push if top exists. Otherwise, replace top. */ - if (YY_CURRENT_BUFFER) - (yy_buffer_stack_top)++; - YY_CURRENT_BUFFER_LVALUE = new_buffer; - - /* copied from yy_switch_to_buffer. */ - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; -} - -/** Removes and deletes the top of the stack, if present. - * The next element becomes the new top. - * - */ -void yypop_buffer_state (void) -{ - if (!YY_CURRENT_BUFFER) - return; - - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - if ((yy_buffer_stack_top) > 0) - --(yy_buffer_stack_top); - - if (YY_CURRENT_BUFFER) { - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; - } -} - -/* Allocates the stack if it does not exist. - * Guarantees space for at least one push. - */ -static void yyensure_buffer_stack (void) -{ - int num_to_alloc; - - if (!(yy_buffer_stack)) { - - /* First allocation is just for 2 elements, since we don't know if this - * scanner will even need a stack. We use 2 instead of 1 to avoid an - * immediate realloc on the next call. - */ - num_to_alloc = 1; - (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc - (num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - - (yy_buffer_stack_max) = num_to_alloc; - (yy_buffer_stack_top) = 0; - return; + if ( b == yy_current_buffer ) + yy_load_buffer_state(); } - if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ - /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; - - num_to_alloc = (yy_buffer_stack_max) + grow_size; - (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc - ((yy_buffer_stack), - num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - /* zero only the new slots.*/ - memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); - (yy_buffer_stack_max) = num_to_alloc; - } -} - -/** Setup the input buffer state to scan directly from a user-specified character buffer. - * @param base the character buffer - * @param size the size in bytes of the character buffer - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) -{ +#ifndef YY_NO_SCAN_BUFFER +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) +#else +YY_BUFFER_STATE yy_scan_buffer( base, size ) +char *base; +yy_size_t size; +#endif + { YY_BUFFER_STATE b; - + if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); @@ -1577,51 +1416,56 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - yy_switch_to_buffer(b ); + yy_switch_to_buffer( b ); return b; -} + } +#endif -/** Setup the input buffer state to scan a string. The next call to yylex() will - * scan from a @e copy of @a str. - * @param yystr a NUL-terminated string to scan - * - * @return the newly allocated buffer state object. - * @note If you want to scan bytes that may contain NUL values, then use - * yy_scan_bytes() instead. - */ -YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) -{ - - return yy_scan_bytes(yystr,strlen(yystr) ); -} -/** Setup the input buffer state to scan the given bytes. The next call to yylex() will - * scan from a @e copy of @a bytes. - * @param bytes the byte buffer to scan - * @param len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) -{ +#ifndef YY_NO_SCAN_STRING +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) +#else +YY_BUFFER_STATE yy_scan_string( yy_str ) +yyconst char *yy_str; +#endif + { + int len; + for ( len = 0; yy_str[len]; ++len ) + ; + + return yy_scan_bytes( yy_str, len ); + } +#endif + + +#ifndef YY_NO_SCAN_BYTES +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) +#else +YY_BUFFER_STATE yy_scan_bytes( bytes, len ) +yyconst char *bytes; +int len; +#endif + { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; - + /* Get memory for full buffer, including space for trailing EOB's. */ - n = _yybytes_len + 2; - buf = (char *) yyalloc(n ); + n = len + 2; + buf = (char *) yy_flex_alloc( n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - for ( i = 0; i < _yybytes_len; ++i ) - buf[i] = yybytes[i]; + for ( i = 0; i < len; ++i ) + buf[i] = bytes[i]; - buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; + buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; - b = yy_scan_buffer(buf,n ); + b = yy_scan_buffer( buf, n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); @@ -1631,196 +1475,148 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) b->yy_is_our_buffer = 1; return b; -} - -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 + } #endif -static void yy_fatal_error (yyconst char* msg ) -{ - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); -} - -/* Redefine yyless() so it works in section 3 code. */ -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - yytext[yyleng] = (yy_hold_char); \ - (yy_c_buf_p) = yytext + yyless_macro_arg; \ - (yy_hold_char) = *(yy_c_buf_p); \ - *(yy_c_buf_p) = '\0'; \ - yyleng = yyless_macro_arg; \ - } \ - while ( 0 ) +#ifndef YY_NO_PUSH_STATE +#ifdef YY_USE_PROTOS +static void yy_push_state( int new_state ) +#else +static void yy_push_state( new_state ) +int new_state; +#endif + { + if ( yy_start_stack_ptr >= yy_start_stack_depth ) + { + yy_size_t new_size; -/* Accessor methods (get/set functions) to struct members. */ + yy_start_stack_depth += YY_START_STACK_INCR; + new_size = yy_start_stack_depth * sizeof( int ); -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} + if ( ! yy_start_stack ) + yy_start_stack = (int *) yy_flex_alloc( new_size ); -/** Get the input stream. - * - */ -FILE *yyget_in (void) -{ - return yyin; -} + else + yy_start_stack = (int *) yy_flex_realloc( + (void *) yy_start_stack, new_size ); -/** Get the output stream. - * - */ -FILE *yyget_out (void) -{ - return yyout; -} + if ( ! yy_start_stack ) + YY_FATAL_ERROR( + "out of memory expanding start-condition stack" ); + } -/** Get the length of the current token. - * - */ -int yyget_leng (void) -{ - return yyleng; -} + yy_start_stack[yy_start_stack_ptr++] = YY_START; -/** Get the current token. - * - */ + BEGIN(new_state); + } +#endif -char *yyget_text (void) -{ - return yytext; -} -/** Set the current line number. - * @param line_number - * - */ -void yyset_lineno (int line_number ) -{ - - yylineno = line_number; -} +#ifndef YY_NO_POP_STATE +static void yy_pop_state() + { + if ( --yy_start_stack_ptr < 0 ) + YY_FATAL_ERROR( "start-condition stack underflow" ); -/** Set the input stream. This does not discard the current - * input buffer. - * @param in_str A readable stream. - * - * @see yy_switch_to_buffer - */ -void yyset_in (FILE * in_str ) -{ - yyin = in_str ; -} + BEGIN(yy_start_stack[yy_start_stack_ptr]); + } +#endif -void yyset_out (FILE * out_str ) -{ - yyout = out_str ; -} -int yyget_debug (void) -{ - return yy_flex_debug; -} +#ifndef YY_NO_TOP_STATE +static int yy_top_state() + { + return yy_start_stack[yy_start_stack_ptr - 1]; + } +#endif -void yyset_debug (int bdebug ) -{ - yy_flex_debug = bdebug ; -} +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif -static int yy_init_globals (void) -{ - /* Initialization is the same as for the non-reentrant scanner. - * This function is called from yylex_destroy(), so don't allocate here. - */ - - (yy_buffer_stack) = 0; - (yy_buffer_stack_top) = 0; - (yy_buffer_stack_max) = 0; - (yy_c_buf_p) = (char *) 0; - (yy_init) = 0; - (yy_start) = 0; - -/* Defined in main.c */ -#ifdef YY_STDINIT - yyin = stdin; - yyout = stdout; +#ifdef YY_USE_PROTOS +static void yy_fatal_error( yyconst char msg[] ) #else - yyin = (FILE *) 0; - yyout = (FILE *) 0; +static void yy_fatal_error( msg ) +char msg[]; #endif + { + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); + } - /* For future reference: Set errno on error, since we are called by - * yylex_init() - */ - return 0; -} -/* yylex_destroy is for both reentrant and non-reentrant scanners. */ -int yylex_destroy (void) -{ - - /* Pop the buffer stack, destroying each element. */ - while(YY_CURRENT_BUFFER){ - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - yypop_buffer_state(); - } - /* Destroy the stack itself. */ - yyfree((yy_buffer_stack) ); - (yy_buffer_stack) = NULL; +/* Redefine yyless() so it works in section 3 code. */ - /* Reset the globals. This is important in a non-reentrant scanner so the next time - * yylex() is called, initialization will occur. */ - yy_init_globals( ); +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + yytext[yyleng] = yy_hold_char; \ + yy_c_buf_p = yytext + n; \ + yy_hold_char = *yy_c_buf_p; \ + *yy_c_buf_p = '\0'; \ + yyleng = n; \ + } \ + while ( 0 ) - return 0; -} -/* - * Internal utility routines. - */ +/* Internal utility routines. */ #ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) -{ +#ifdef YY_USE_PROTOS +static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) +#else +static void yy_flex_strncpy( s1, s2, n ) +char *s1; +yyconst char *s2; +int n; +#endif + { register int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; -} + } #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * s ) -{ +#ifdef YY_USE_PROTOS +static int yy_flex_strlen( yyconst char *s ) +#else +static int yy_flex_strlen( s ) +yyconst char *s; +#endif + { register int n; for ( n = 0; s[n]; ++n ) ; return n; -} + } #endif -void *yyalloc (yy_size_t size ) -{ + +#ifdef YY_USE_PROTOS +static void *yy_flex_alloc( yy_size_t size ) +#else +static void *yy_flex_alloc( size ) +yy_size_t size; +#endif + { return (void *) malloc( size ); -} + } -void *yyrealloc (void * ptr, yy_size_t size ) -{ +#ifdef YY_USE_PROTOS +static void *yy_flex_realloc( void *ptr, yy_size_t size ) +#else +static void *yy_flex_realloc( ptr, size ) +void *ptr; +yy_size_t size; +#endif + { /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -1829,17 +1625,26 @@ void *yyrealloc (void * ptr, yy_size_t size ) * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); -} - -void yyfree (void * ptr ) -{ - free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ -} - -#define YYTABLES_NAME "yytables" + } -#line 75 "lex.l" +#ifdef YY_USE_PROTOS +static void yy_flex_free( void *ptr ) +#else +static void yy_flex_free( ptr ) +void *ptr; +#endif + { + free( ptr ); + } +#if YY_MAIN +int main() + { + yylex(); + return 0; + } +#endif +#line 75 "../../../lib/com_err/lex.l" #ifndef yywrap /* XXX */ @@ -1894,4 +1699,3 @@ error_message (const char *format, ...) va_end (args); numerror++; } - diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c index e55dafa41e..a7160a4d42 100644 --- a/source4/heimdal/lib/com_err/parse.c +++ b/source4/heimdal/lib/com_err/parse.c @@ -1,82 +1,19 @@ -/* A Bison parser, made by GNU Bison 2.0. */ - -/* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. */ - -/* As a special exception, when this file is copied by Bison into a - Bison output file, you may use that output file without restriction. - This special exception was added by the Free Software Foundation - in version 1.24 of Bison. */ - -/* Written by Richard Stallman by simplifying the original so called - ``semantic'' parser. */ - -/* All symbols defined below should begin with yy or YY, to avoid - infringing on user name space. This should be done even for local - variables, as they might otherwise be expanded by user macros. - There are some unavoidable exceptions within include files to - define necessary library symbols; they are noted "INFRINGES ON - USER NAME SPACE" below. */ - -/* Identify Bison output. */ -#define YYBISON 1 - -/* Skeleton name. */ -#define YYSKELETON_NAME "yacc.c" - -/* Pure parsers. */ -#define YYPURE 0 - -/* Using locations. */ -#define YYLSP_NEEDED 0 - - - -/* Tokens. */ -#ifndef YYTOKENTYPE -# define YYTOKENTYPE - /* Put the tokens into the symbol table, so that GDB and other debuggers - know about them. */ - enum yytokentype { - ET = 258, - INDEX = 259, - PREFIX = 260, - EC = 261, - ID = 262, - END = 263, - STRING = 264, - NUMBER = 265 - }; -#endif -#define ET 258 -#define INDEX 259 -#define PREFIX 260 -#define EC 261 -#define ID 262 -#define END 263 -#define STRING 264 -#define NUMBER 265 +/* A Bison parser, made from ../../../lib/com_err/parse.y + by GNU Bison version 1.28 */ +#define YYBISON 1 /* Identify Bison output. */ +#define ET 257 +#define INDEX 258 +#define PREFIX 259 +#define EC 260 +#define ID 261 +#define END 262 +#define STRING 263 +#define NUMBER 264 -/* Copy the first part of user declarations. */ -#line 1 "parse.y" +#line 1 "../../../lib/com_err/parse.y" /* * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan @@ -128,748 +65,425 @@ extern char *yytext; #endif - -/* Enabling traces. */ -#ifndef YYDEBUG -# define YYDEBUG 0 -#endif - -/* Enabling verbose error messages. */ -#ifdef YYERROR_VERBOSE -# undef YYERROR_VERBOSE -# define YYERROR_VERBOSE 1 -#else -# define YYERROR_VERBOSE 0 -#endif - -#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) -#line 53 "parse.y" -typedef union YYSTYPE { +#line 53 "../../../lib/com_err/parse.y" +typedef union { char *string; int number; } YYSTYPE; -/* Line 190 of yacc.c. */ -#line 153 "$base.c" -# define yystype YYSTYPE /* obsolescent; will be withdrawn */ -# define YYSTYPE_IS_DECLARED 1 -# define YYSTYPE_IS_TRIVIAL 1 -#endif - - - -/* Copy the second part of user declarations. */ - +#include -/* Line 213 of yacc.c. */ -#line 165 "$base.c" +#ifndef __cplusplus +#ifndef __STDC__ +#define const +#endif +#endif -#if ! defined (yyoverflow) || YYERROR_VERBOSE -# ifndef YYFREE -# define YYFREE free -# endif -# ifndef YYMALLOC -# define YYMALLOC malloc -# endif -/* The parser invokes alloca or malloc; define the necessary symbols. */ +#define YYFINAL 24 +#define YYFLAG -32768 +#define YYNTBASE 12 + +#define YYTRANSLATE(x) ((unsigned)(x) <= 264 ? yytranslate[x] : 18) + +static const char yytranslate[] = { 0, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 11, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 1, 3, 4, 5, 6, + 7, 8, 9, 10 +}; -# ifdef YYSTACK_USE_ALLOCA -# if YYSTACK_USE_ALLOCA -# ifdef __GNUC__ -# define YYSTACK_ALLOC __builtin_alloca -# else -# define YYSTACK_ALLOC alloca -# endif -# endif -# endif +#if YYDEBUG != 0 +static const short yyprhs[] = { 0, + 0, 1, 4, 7, 9, 12, 15, 19, 21, 24, + 27, 30, 32, 37 +}; -# ifdef YYSTACK_ALLOC - /* Pacify GCC's `empty if-body' warning. */ -# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) -# else -# if defined (__STDC__) || defined (__cplusplus) -# include /* INFRINGES ON USER NAME SPACE */ -# define YYSIZE_T size_t -# endif -# define YYSTACK_ALLOC YYMALLOC -# define YYSTACK_FREE YYFREE -# endif -#endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */ +static const short yyrhs[] = { -1, + 13, 16, 0, 14, 15, 0, 15, 0, 7, 9, + 0, 3, 9, 0, 3, 9, 9, 0, 17, 0, + 16, 17, 0, 4, 10, 0, 5, 9, 0, 5, + 0, 6, 9, 11, 9, 0, 8, 0 +}; +#endif -#if (! defined (yyoverflow) \ - && (! defined (__cplusplus) \ - || (defined (YYSTYPE_IS_TRIVIAL) && YYSTYPE_IS_TRIVIAL))) +#if YYDEBUG != 0 +static const short yyrline[] = { 0, + 64, 65, 68, 69, 72, 78, 84, 93, 94, 97, + 101, 109, 116, 136 +}; +#endif -/* A type that is properly aligned for any stack member. */ -union yyalloc -{ - short int yyss; - YYSTYPE yyvs; - }; - -/* The size of the maximum gap between one aligned stack and the next. */ -# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) - -/* The size of an array large to enough to hold all stacks, each with - N elements. */ -# define YYSTACK_BYTES(N) \ - ((N) * (sizeof (short int) + sizeof (YYSTYPE)) \ - + YYSTACK_GAP_MAXIMUM) - -/* Copy COUNT objects from FROM to TO. The source and destination do - not overlap. */ -# ifndef YYCOPY -# if defined (__GNUC__) && 1 < __GNUC__ -# define YYCOPY(To, From, Count) \ - __builtin_memcpy (To, From, (Count) * sizeof (*(From))) -# else -# define YYCOPY(To, From, Count) \ - do \ - { \ - register YYSIZE_T yyi; \ - for (yyi = 0; yyi < (Count); yyi++) \ - (To)[yyi] = (From)[yyi]; \ - } \ - while (0) -# endif -# endif - -/* Relocate STACK from its old location to the new one. The - local variables YYSIZE and YYSTACKSIZE give the old and new number of - elements in the stack, and YYPTR gives the new location of the - stack. Advance YYPTR to a properly aligned location for the next - stack. */ -# define YYSTACK_RELOCATE(Stack) \ - do \ - { \ - YYSIZE_T yynewbytes; \ - YYCOPY (&yyptr->Stack, Stack, yysize); \ - Stack = &yyptr->Stack; \ - yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ - yyptr += yynewbytes / sizeof (*yyptr); \ - } \ - while (0) -#endif +#if YYDEBUG != 0 || defined (YYERROR_VERBOSE) -#if defined (__STDC__) || defined (__cplusplus) - typedef signed char yysigned_char; -#else - typedef short int yysigned_char; +static const char * const yytname[] = { "$","error","$undefined.","ET","INDEX", +"PREFIX","EC","ID","END","STRING","NUMBER","','","file","header","id","et","statements", +"statement", NULL +}; #endif -/* YYFINAL -- State number of the termination state. */ -#define YYFINAL 9 -/* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 23 - -/* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 12 -/* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 7 -/* YYNRULES -- Number of rules. */ -#define YYNRULES 15 -/* YYNRULES -- Number of states. */ -#define YYNSTATES 24 - -/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ -#define YYUNDEFTOK 2 -#define YYMAXUTOK 265 - -#define YYTRANSLATE(YYX) \ - ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) - -/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ -static const unsigned char yytranslate[] = -{ - 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 11, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, - 5, 6, 7, 8, 9, 10 +static const short yyr1[] = { 0, + 12, 12, 13, 13, 14, 15, 15, 16, 16, 17, + 17, 17, 17, 17 }; -#if YYDEBUG -/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in - YYRHS. */ -static const unsigned char yyprhs[] = -{ - 0, 0, 3, 4, 7, 10, 12, 15, 18, 22, - 24, 27, 30, 33, 35, 40 +static const short yyr2[] = { 0, + 0, 2, 2, 1, 2, 2, 3, 1, 2, 2, + 2, 1, 4, 1 }; -/* YYRHS -- A `-1'-separated list of the rules' RHS. */ -static const yysigned_char yyrhs[] = -{ - 13, 0, -1, -1, 14, 17, -1, 15, 16, -1, - 16, -1, 7, 9, -1, 3, 9, -1, 3, 9, - 9, -1, 18, -1, 17, 18, -1, 4, 10, -1, - 5, 9, -1, 5, -1, 6, 9, 11, 9, -1, - 8, -1 +static const short yydefact[] = { 1, + 0, 0, 0, 0, 4, 6, 5, 0, 12, 0, + 14, 2, 8, 3, 7, 10, 11, 0, 9, 0, + 13, 0, 0, 0 }; -/* YYRLINE[YYN] -- source line where rule number YYN was defined. */ -static const unsigned char yyrline[] = -{ - 0, 64, 64, 65, 68, 69, 72, 78, 84, 93, - 94, 97, 101, 109, 116, 136 +static const short yydefgoto[] = { 22, + 3, 4, 5, 12, 13 }; -#endif -#if YYDEBUG || YYERROR_VERBOSE -/* YYTNME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. - First, the terminals, then, starting at YYNTOKENS, nonterminals. */ -static const char *const yytname[] = -{ - "$end", "error", "$undefined", "ET", "INDEX", "PREFIX", "EC", "ID", - "END", "STRING", "NUMBER", "','", "$accept", "file", "header", "id", - "et", "statements", "statement", 0 +static const short yypact[] = { 0, + -3, -1, -4, 2,-32768, 1,-32768, 3, 5, 6, +-32768, -4,-32768,-32768,-32768,-32768,-32768, -2,-32768, 7, +-32768, 11, 12,-32768 }; -#endif -# ifdef YYPRINT -/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to - token YYLEX-NUM. */ -static const unsigned short int yytoknum[] = -{ - 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, - 265, 44 +static const short yypgoto[] = {-32768, +-32768,-32768, 13,-32768, 8 }; -# endif -/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ -static const unsigned char yyr1[] = -{ - 0, 12, 13, 13, 14, 14, 15, 16, 16, 17, - 17, 18, 18, 18, 18, 18 -}; -/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ -static const unsigned char yyr2[] = -{ - 0, 2, 0, 2, 2, 1, 2, 2, 3, 1, - 2, 2, 2, 1, 4, 1 -}; +#define YYLAST 20 -/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state - STATE-NUM when YYTABLE doesn't specify something else to do. Zero - means the default is an error. */ -static const unsigned char yydefact[] = -{ - 2, 0, 0, 0, 0, 0, 5, 7, 6, 1, - 0, 13, 0, 15, 3, 9, 4, 8, 11, 12, - 0, 10, 0, 14 -}; -/* YYDEFGOTO[NTERM-NUM]. */ -static const yysigned_char yydefgoto[] = -{ - -1, 3, 4, 5, 6, 14, 15 +static const short yytable[] = { 8, + 9, 10, 1, 11, 1, 6, 2, 7, 20, 15, + 23, 24, 16, 17, 18, 21, 14, 0, 0, 19 }; -/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing - STATE-NUM. */ -#define YYPACT_NINF -5 -static const yysigned_char yypact[] = -{ - 0, -3, -1, 5, -4, 6, -5, 1, -5, -5, - 2, 4, 7, -5, -4, -5, -5, -5, -5, -5, - 3, -5, 8, -5 +static const short yycheck[] = { 4, + 5, 6, 3, 8, 3, 9, 7, 9, 11, 9, + 0, 0, 10, 9, 9, 9, 4, -1, -1, 12 }; +/* -*-C-*- Note some compilers choke on comments on `#line' lines. */ +#line 3 "/usr/share/bison.simple" +/* This file comes from bison-1.28. */ -/* YYPGOTO[NTERM-NUM]. */ -static const yysigned_char yypgoto[] = -{ - -5, -5, -5, -5, 10, -5, 9 -}; +/* Skeleton output parser for bison, + Copyright (C) 1984, 1989, 1990 Free Software Foundation, Inc. -/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If - positive, shift that token. If negative, reduce the rule which - number is the opposite. If zero, do what YYDEFACT says. - If YYTABLE_NINF, syntax error. */ -#define YYTABLE_NINF -1 -static const unsigned char yytable[] = -{ - 10, 11, 12, 1, 13, 9, 7, 2, 8, 1, - 17, 0, 18, 19, 22, 16, 20, 23, 0, 0, - 0, 0, 0, 21 -}; + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. -static const yysigned_char yycheck[] = -{ - 4, 5, 6, 3, 8, 0, 9, 7, 9, 3, - 9, -1, 10, 9, 11, 5, 9, 9, -1, -1, - -1, -1, -1, 14 -}; + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. -/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing - symbol of state STATE-NUM. */ -static const unsigned char yystos[] = -{ - 0, 3, 7, 13, 14, 15, 16, 9, 9, 0, - 4, 5, 6, 8, 17, 18, 16, 9, 10, 9, - 9, 18, 11, 9 -}; + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. */ -#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) -# define YYSIZE_T __SIZE_TYPE__ -#endif -#if ! defined (YYSIZE_T) && defined (size_t) -# define YYSIZE_T size_t +/* As a special exception, when this file is copied by Bison into a + Bison output file, you may use that output file without restriction. + This special exception was added by the Free Software Foundation + in version 1.24 of Bison. */ + +/* This is the parser code that is written into each bison parser + when the %semantic_parser declaration is not specified in the grammar. + It was written by Richard Stallman by simplifying the hairy parser + used when %semantic_parser is specified. */ + +#ifndef YYSTACK_USE_ALLOCA +#ifdef alloca +#define YYSTACK_USE_ALLOCA +#else /* alloca not defined */ +#ifdef __GNUC__ +#define YYSTACK_USE_ALLOCA +#define alloca __builtin_alloca +#else /* not GNU C. */ +#if (!defined (__STDC__) && defined (sparc)) || defined (__sparc__) || defined (__sparc) || defined (__sgi) || (defined (__sun) && defined (__i386)) +#define YYSTACK_USE_ALLOCA +#include +#else /* not sparc */ +/* We think this test detects Watcom and Microsoft C. */ +/* This used to test MSDOS, but that is a bad idea + since that symbol is in the user namespace. */ +#if (defined (_MSDOS) || defined (_MSDOS_)) && !defined (__TURBOC__) +#if 0 /* No need for malloc.h, which pollutes the namespace; + instead, just don't use alloca. */ +#include #endif -#if ! defined (YYSIZE_T) -# if defined (__STDC__) || defined (__cplusplus) -# include /* INFRINGES ON USER NAME SPACE */ -# define YYSIZE_T size_t -# endif +#else /* not MSDOS, or __TURBOC__ */ +#if defined(_AIX) +/* I don't know what this was needed for, but it pollutes the namespace. + So I turned it off. rms, 2 May 1997. */ +/* #include */ + #pragma alloca +#define YYSTACK_USE_ALLOCA +#else /* not MSDOS, or __TURBOC__, or _AIX */ +#if 0 +#ifdef __hpux /* haible@ilog.fr says this works for HPUX 9.05 and up, + and on HPUX 10. Eventually we can turn this on. */ +#define YYSTACK_USE_ALLOCA +#define alloca __builtin_alloca +#endif /* __hpux */ #endif -#if ! defined (YYSIZE_T) -# define YYSIZE_T unsigned int +#endif /* not _AIX */ +#endif /* not MSDOS, or __TURBOC__ */ +#endif /* not sparc */ +#endif /* not GNU C */ +#endif /* alloca not defined */ +#endif /* YYSTACK_USE_ALLOCA not defined */ + +#ifdef YYSTACK_USE_ALLOCA +#define YYSTACK_ALLOC alloca +#else +#define YYSTACK_ALLOC malloc #endif +/* Note: there must be only one dollar sign in this file. + It is replaced by the list of actions, each action + as one case of the switch. */ + #define yyerrok (yyerrstatus = 0) #define yyclearin (yychar = YYEMPTY) -#define YYEMPTY (-2) +#define YYEMPTY -2 #define YYEOF 0 - #define YYACCEPT goto yyacceptlab -#define YYABORT goto yyabortlab -#define YYERROR goto yyerrorlab - - -/* Like YYERROR except do call yyerror. This remains here temporarily - to ease the transition to the new meaning of YYERROR, for GCC. +#define YYABORT goto yyabortlab +#define YYERROR goto yyerrlab1 +/* Like YYERROR except do call yyerror. + This remains here temporarily to ease the + transition to the new meaning of YYERROR, for GCC. Once GCC version 2 has supplanted version 1, this can go. */ - #define YYFAIL goto yyerrlab - #define YYRECOVERING() (!!yyerrstatus) - -#define YYBACKUP(Token, Value) \ +#define YYBACKUP(token, value) \ do \ if (yychar == YYEMPTY && yylen == 1) \ - { \ - yychar = (Token); \ - yylval = (Value); \ - yytoken = YYTRANSLATE (yychar); \ + { yychar = (token), yylval = (value); \ + yychar1 = YYTRANSLATE (yychar); \ YYPOPSTACK; \ goto yybackup; \ } \ else \ - { \ - yyerror ("syntax error: cannot back up");\ - YYERROR; \ - } \ + { yyerror ("syntax error: cannot back up"); YYERROR; } \ while (0) - #define YYTERROR 1 #define YYERRCODE 256 - -/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. - If N is 0, then set CURRENT to the empty location which ends - the previous symbol: RHS[0] (always defined). */ - -#define YYRHSLOC(Rhs, K) ((Rhs)[K]) -#ifndef YYLLOC_DEFAULT -# define YYLLOC_DEFAULT(Current, Rhs, N) \ - do \ - if (N) \ - { \ - (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ - (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ - (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ - (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ - } \ - else \ - { \ - (Current).first_line = (Current).last_line = \ - YYRHSLOC (Rhs, 0).last_line; \ - (Current).first_column = (Current).last_column = \ - YYRHSLOC (Rhs, 0).last_column; \ - } \ - while (0) -#endif - - -/* YY_LOCATION_PRINT -- Print the location on the stream. - This macro was not mandated originally: define only if we know - we won't break user code: when these are the locations we know. */ - -#ifndef YY_LOCATION_PRINT -# if YYLTYPE_IS_TRIVIAL -# define YY_LOCATION_PRINT(File, Loc) \ - fprintf (File, "%d.%d-%d.%d", \ - (Loc).first_line, (Loc).first_column, \ - (Loc).last_line, (Loc).last_column) -# else -# define YY_LOCATION_PRINT(File, Loc) ((void) 0) -# endif +#ifndef YYPURE +#define YYLEX yylex() #endif - -/* YYLEX -- calling `yylex' with the right arguments. */ - +#ifdef YYPURE +#ifdef YYLSP_NEEDED #ifdef YYLEX_PARAM -# define YYLEX yylex (YYLEX_PARAM) +#define YYLEX yylex(&yylval, &yylloc, YYLEX_PARAM) #else -# define YYLEX yylex () +#define YYLEX yylex(&yylval, &yylloc) #endif - -/* Enable debugging if requested. */ -#if YYDEBUG - -# ifndef YYFPRINTF -# include /* INFRINGES ON USER NAME SPACE */ -# define YYFPRINTF fprintf -# endif - -# define YYDPRINTF(Args) \ -do { \ - if (yydebug) \ - YYFPRINTF Args; \ -} while (0) - -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ -do { \ - if (yydebug) \ - { \ - YYFPRINTF (stderr, "%s ", Title); \ - yysymprint (stderr, \ - Type, Value); \ - YYFPRINTF (stderr, "\n"); \ - } \ -} while (0) - -/*------------------------------------------------------------------. -| yy_stack_print -- Print the state stack from its BOTTOM up to its | -| TOP (included). | -`------------------------------------------------------------------*/ - -#if defined (__STDC__) || defined (__cplusplus) -static void -yy_stack_print (short int *bottom, short int *top) +#else /* not YYLSP_NEEDED */ +#ifdef YYLEX_PARAM +#define YYLEX yylex(&yylval, YYLEX_PARAM) #else -static void -yy_stack_print (bottom, top) - short int *bottom; - short int *top; +#define YYLEX yylex(&yylval) +#endif +#endif /* not YYLSP_NEEDED */ #endif -{ - YYFPRINTF (stderr, "Stack now"); - for (/* Nothing. */; bottom <= top; ++bottom) - YYFPRINTF (stderr, " %d", *bottom); - YYFPRINTF (stderr, "\n"); -} -# define YY_STACK_PRINT(Bottom, Top) \ -do { \ - if (yydebug) \ - yy_stack_print ((Bottom), (Top)); \ -} while (0) +/* If nonreentrant, generate the variables here */ +#ifndef YYPURE -/*------------------------------------------------. -| Report that the YYRULE is going to be reduced. | -`------------------------------------------------*/ +int yychar; /* the lookahead symbol */ +YYSTYPE yylval; /* the semantic value of the */ + /* lookahead symbol */ -#if defined (__STDC__) || defined (__cplusplus) -static void -yy_reduce_print (int yyrule) -#else -static void -yy_reduce_print (yyrule) - int yyrule; +#ifdef YYLSP_NEEDED +YYLTYPE yylloc; /* location data for the lookahead */ + /* symbol */ #endif -{ - int yyi; - unsigned int yylno = yyrline[yyrule]; - YYFPRINTF (stderr, "Reducing stack by rule %d (line %u), ", - yyrule - 1, yylno); - /* Print the symbols being reduced, and their result. */ - for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++) - YYFPRINTF (stderr, "%s ", yytname [yyrhs[yyi]]); - YYFPRINTF (stderr, "-> %s\n", yytname [yyr1[yyrule]]); -} -# define YY_REDUCE_PRINT(Rule) \ -do { \ - if (yydebug) \ - yy_reduce_print (Rule); \ -} while (0) +int yynerrs; /* number of parse errors so far */ +#endif /* not YYPURE */ -/* Nonzero means print parse trace. It is left uninitialized so that - multiple parsers can coexist. */ -int yydebug; -#else /* !YYDEBUG */ -# define YYDPRINTF(Args) -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) -# define YY_STACK_PRINT(Bottom, Top) -# define YY_REDUCE_PRINT(Rule) -#endif /* !YYDEBUG */ +#if YYDEBUG != 0 +int yydebug; /* nonzero means print parse trace */ +/* Since this is uninitialized, it does not stop multiple parsers + from coexisting. */ +#endif +/* YYINITDEPTH indicates the initial size of the parser's stacks */ -/* YYINITDEPTH -- initial size of the parser's stacks. */ #ifndef YYINITDEPTH -# define YYINITDEPTH 200 +#define YYINITDEPTH 200 #endif -/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only - if the built-in stack extension method is used). +/* YYMAXDEPTH is the maximum size the stacks can grow to + (effective only if the built-in stack extension method is used). */ - Do not make this value too large; the results are undefined if - SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH) - evaluated with infinite-precision integer arithmetic. */ +#if YYMAXDEPTH == 0 +#undef YYMAXDEPTH +#endif #ifndef YYMAXDEPTH -# define YYMAXDEPTH 10000 +#define YYMAXDEPTH 10000 #endif - - -#if YYERROR_VERBOSE - -# ifndef yystrlen -# if defined (__GLIBC__) && defined (_STRING_H) -# define yystrlen strlen -# else -/* Return the length of YYSTR. */ -static YYSIZE_T -# if defined (__STDC__) || defined (__cplusplus) -yystrlen (const char *yystr) -# else -yystrlen (yystr) - const char *yystr; -# endif -{ - register const char *yys = yystr; - - while (*yys++ != '\0') - continue; - - return yys - yystr - 1; -} -# endif -# endif - -# ifndef yystpcpy -# if defined (__GLIBC__) && defined (_STRING_H) && defined (_GNU_SOURCE) -# define yystpcpy stpcpy -# else -/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in - YYDEST. */ -static char * -# if defined (__STDC__) || defined (__cplusplus) -yystpcpy (char *yydest, const char *yysrc) -# else -yystpcpy (yydest, yysrc) - char *yydest; - const char *yysrc; -# endif +/* Define __yy_memcpy. Note that the size argument + should be passed with type unsigned int, because that is what the non-GCC + definitions require. With GCC, __builtin_memcpy takes an arg + of type size_t, but it can handle unsigned int. */ + +#if __GNUC__ > 1 /* GNU C and GNU C++ define this. */ +#define __yy_memcpy(TO,FROM,COUNT) __builtin_memcpy(TO,FROM,COUNT) +#else /* not GNU C or C++ */ +#ifndef __cplusplus + +/* This is the most reliable way to avoid incompatibilities + in available built-in functions on various systems. */ +static void +__yy_memcpy (to, from, count) + char *to; + char *from; + unsigned int count; { - register char *yyd = yydest; - register const char *yys = yysrc; - - while ((*yyd++ = *yys++) != '\0') - continue; + register char *f = from; + register char *t = to; + register int i = count; - return yyd - 1; + while (i-- > 0) + *t++ = *f++; } -# endif -# endif - -#endif /* !YYERROR_VERBOSE */ - - -#if YYDEBUG -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ +#else /* __cplusplus */ -#if defined (__STDC__) || defined (__cplusplus) -static void -yysymprint (FILE *yyoutput, int yytype, YYSTYPE *yyvaluep) -#else +/* This is the most reliable way to avoid incompatibilities + in available built-in functions on various systems. */ static void -yysymprint (yyoutput, yytype, yyvaluep) - FILE *yyoutput; - int yytype; - YYSTYPE *yyvaluep; -#endif +__yy_memcpy (char *to, char *from, unsigned int count) { - /* Pacify ``unused variable'' warnings. */ - (void) yyvaluep; - - if (yytype < YYNTOKENS) - YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); - else - YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); - + register char *t = to; + register char *f = from; + register int i = count; -# ifdef YYPRINT - if (yytype < YYNTOKENS) - YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); -# endif - switch (yytype) - { - default: - break; - } - YYFPRINTF (yyoutput, ")"); + while (i-- > 0) + *t++ = *f++; } -#endif /* ! YYDEBUG */ -/*-----------------------------------------------. -| Release the memory associated to this symbol. | -`-----------------------------------------------*/ - -#if defined (__STDC__) || defined (__cplusplus) -static void -yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) -#else -static void -yydestruct (yymsg, yytype, yyvaluep) - const char *yymsg; - int yytype; - YYSTYPE *yyvaluep; #endif -{ - /* Pacify ``unused variable'' warnings. */ - (void) yyvaluep; - - if (!yymsg) - yymsg = "Deleting"; - YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); - - switch (yytype) - { - - default: - break; - } -} +#endif +#line 217 "/usr/share/bison.simple" -/* Prevent warnings from -Wmissing-prototypes. */ +/* The user can define YYPARSE_PARAM as the name of an argument to be passed + into yyparse. The argument should have type void *. + It should actually point to an object. + Grammar actions can access the variable by casting it + to the proper pointer type. */ #ifdef YYPARSE_PARAM -# if defined (__STDC__) || defined (__cplusplus) -int yyparse (void *YYPARSE_PARAM); -# else -int yyparse (); -# endif -#else /* ! YYPARSE_PARAM */ -#if defined (__STDC__) || defined (__cplusplus) -int yyparse (void); -#else -int yyparse (); -#endif -#endif /* ! YYPARSE_PARAM */ - - - -/* The look-ahead symbol. */ -int yychar; - -/* The semantic value of the look-ahead symbol. */ -YYSTYPE yylval; - -/* Number of syntax errors so far. */ -int yynerrs; - - - -/*----------. -| yyparse. | -`----------*/ - +#ifdef __cplusplus +#define YYPARSE_PARAM_ARG void *YYPARSE_PARAM +#define YYPARSE_PARAM_DECL +#else /* not __cplusplus */ +#define YYPARSE_PARAM_ARG YYPARSE_PARAM +#define YYPARSE_PARAM_DECL void *YYPARSE_PARAM; +#endif /* not __cplusplus */ +#else /* not YYPARSE_PARAM */ +#define YYPARSE_PARAM_ARG +#define YYPARSE_PARAM_DECL +#endif /* not YYPARSE_PARAM */ + +/* Prevent warning if -Wstrict-prototypes. */ +#ifdef __GNUC__ #ifdef YYPARSE_PARAM -# if defined (__STDC__) || defined (__cplusplus) -int yyparse (void *YYPARSE_PARAM) -# else -int yyparse (YYPARSE_PARAM) - void *YYPARSE_PARAM; -# endif -#else /* ! YYPARSE_PARAM */ -#if defined (__STDC__) || defined (__cplusplus) -int -yyparse (void) +int yyparse (void *); #else -int -yyparse () - +int yyparse (void); #endif #endif + +int +yyparse(YYPARSE_PARAM_ARG) + YYPARSE_PARAM_DECL { - register int yystate; register int yyn; - int yyresult; - /* Number of tokens to shift before error messages enabled. */ - int yyerrstatus; - /* Look-ahead token as an internal (translated) token number. */ - int yytoken = 0; - - /* Three stacks and their tools: - `yyss': related to states, - `yyvs': related to semantic values, - `yyls': related to locations. - - Refer to the stacks thru separate pointers, to allow yyoverflow - to reallocate them elsewhere. */ - - /* The state stack. */ - short int yyssa[YYINITDEPTH]; - short int *yyss = yyssa; - register short int *yyssp; - - /* The semantic value stack. */ - YYSTYPE yyvsa[YYINITDEPTH]; - YYSTYPE *yyvs = yyvsa; + register short *yyssp; register YYSTYPE *yyvsp; + int yyerrstatus; /* number of tokens to shift before error messages enabled */ + int yychar1 = 0; /* lookahead token as an internal (translated) token number */ + short yyssa[YYINITDEPTH]; /* the state stack */ + YYSTYPE yyvsa[YYINITDEPTH]; /* the semantic value stack */ + short *yyss = yyssa; /* refer to the stacks thru separate pointers */ + YYSTYPE *yyvs = yyvsa; /* to allow yyoverflow to reallocate them elsewhere */ +#ifdef YYLSP_NEEDED + YYLTYPE yylsa[YYINITDEPTH]; /* the location stack */ + YYLTYPE *yyls = yylsa; + YYLTYPE *yylsp; + +#define YYPOPSTACK (yyvsp--, yyssp--, yylsp--) +#else #define YYPOPSTACK (yyvsp--, yyssp--) +#endif - YYSIZE_T yystacksize = YYINITDEPTH; + int yystacksize = YYINITDEPTH; + int yyfree_stacks = 0; - /* The variables used to return semantic value and location from the - action routines. */ - YYSTYPE yyval; +#ifdef YYPURE + int yychar; + YYSTYPE yylval; + int yynerrs; +#ifdef YYLSP_NEEDED + YYLTYPE yylloc; +#endif +#endif + YYSTYPE yyval; /* the variable used to return */ + /* semantic values from the action */ + /* routines */ - /* When reducing, the number of symbols on the RHS of the reduced - rule. */ int yylen; - YYDPRINTF ((stderr, "Starting parse\n")); +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Starting parse\n"); +#endif yystate = 0; yyerrstatus = 0; @@ -881,254 +495,295 @@ yyparse () so that they stay on the same level as the state stack. The wasted elements are never initialized. */ - yyssp = yyss; + yyssp = yyss - 1; yyvsp = yyvs; +#ifdef YYLSP_NEEDED + yylsp = yyls; +#endif +/* Push a new state, which is found in yystate . */ +/* In all cases, when you get here, the value and location stacks + have just been pushed. so pushing a state here evens the stacks. */ +yynewstate: - yyvsp[0] = yylval; - - goto yysetstate; - -/*------------------------------------------------------------. -| yynewstate -- Push a new state, which is found in yystate. | -`------------------------------------------------------------*/ - yynewstate: - /* In all cases, when you get here, the value and location stacks - have just been pushed. so pushing a state here evens the stacks. - */ - yyssp++; - - yysetstate: - *yyssp = yystate; + *++yyssp = yystate; - if (yyss + yystacksize - 1 <= yyssp) + if (yyssp >= yyss + yystacksize - 1) { + /* Give user a chance to reallocate the stack */ + /* Use copies of these so that the &'s don't force the real ones into memory. */ + YYSTYPE *yyvs1 = yyvs; + short *yyss1 = yyss; +#ifdef YYLSP_NEEDED + YYLTYPE *yyls1 = yyls; +#endif + /* Get the current used size of the three stacks, in elements. */ - YYSIZE_T yysize = yyssp - yyss + 1; + int size = yyssp - yyss + 1; #ifdef yyoverflow - { - /* Give user a chance to reallocate the stack. Use copies of - these so that the &'s don't force the real ones into - memory. */ - YYSTYPE *yyvs1 = yyvs; - short int *yyss1 = yyss; - - - /* Each stack pointer address is followed by the size of the - data in use in that stack, in bytes. This used to be a - conditional around just the two extra args, but that might - be undefined if yyoverflow is a macro. */ - yyoverflow ("parser stack overflow", - &yyss1, yysize * sizeof (*yyssp), - &yyvs1, yysize * sizeof (*yyvsp), - - &yystacksize); - - yyss = yyss1; - yyvs = yyvs1; - } + /* Each stack pointer address is followed by the size of + the data in use in that stack, in bytes. */ +#ifdef YYLSP_NEEDED + /* This used to be a conditional around just the two extra args, + but that might be undefined if yyoverflow is a macro. */ + yyoverflow("parser stack overflow", + &yyss1, size * sizeof (*yyssp), + &yyvs1, size * sizeof (*yyvsp), + &yyls1, size * sizeof (*yylsp), + &yystacksize); +#else + yyoverflow("parser stack overflow", + &yyss1, size * sizeof (*yyssp), + &yyvs1, size * sizeof (*yyvsp), + &yystacksize); +#endif + + yyss = yyss1; yyvs = yyvs1; +#ifdef YYLSP_NEEDED + yyls = yyls1; +#endif #else /* no yyoverflow */ -# ifndef YYSTACK_RELOCATE - goto yyoverflowlab; -# else /* Extend the stack our own way. */ - if (YYMAXDEPTH <= yystacksize) - goto yyoverflowlab; + if (yystacksize >= YYMAXDEPTH) + { + yyerror("parser stack overflow"); + if (yyfree_stacks) + { + free (yyss); + free (yyvs); +#ifdef YYLSP_NEEDED + free (yyls); +#endif + } + return 2; + } yystacksize *= 2; - if (YYMAXDEPTH < yystacksize) + if (yystacksize > YYMAXDEPTH) yystacksize = YYMAXDEPTH; - - { - short int *yyss1 = yyss; - union yyalloc *yyptr = - (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); - if (! yyptr) - goto yyoverflowlab; - YYSTACK_RELOCATE (yyss); - YYSTACK_RELOCATE (yyvs); - -# undef YYSTACK_RELOCATE - if (yyss1 != yyssa) - YYSTACK_FREE (yyss1); - } -# endif +#ifndef YYSTACK_USE_ALLOCA + yyfree_stacks = 1; +#endif + yyss = (short *) YYSTACK_ALLOC (yystacksize * sizeof (*yyssp)); + __yy_memcpy ((char *)yyss, (char *)yyss1, + size * (unsigned int) sizeof (*yyssp)); + yyvs = (YYSTYPE *) YYSTACK_ALLOC (yystacksize * sizeof (*yyvsp)); + __yy_memcpy ((char *)yyvs, (char *)yyvs1, + size * (unsigned int) sizeof (*yyvsp)); +#ifdef YYLSP_NEEDED + yyls = (YYLTYPE *) YYSTACK_ALLOC (yystacksize * sizeof (*yylsp)); + __yy_memcpy ((char *)yyls, (char *)yyls1, + size * (unsigned int) sizeof (*yylsp)); +#endif #endif /* no yyoverflow */ - yyssp = yyss + yysize - 1; - yyvsp = yyvs + yysize - 1; - + yyssp = yyss + size - 1; + yyvsp = yyvs + size - 1; +#ifdef YYLSP_NEEDED + yylsp = yyls + size - 1; +#endif - YYDPRINTF ((stderr, "Stack size increased to %lu\n", - (unsigned long int) yystacksize)); +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Stack size increased to %d\n", yystacksize); +#endif - if (yyss + yystacksize - 1 <= yyssp) + if (yyssp >= yyss + yystacksize - 1) YYABORT; } - YYDPRINTF ((stderr, "Entering state %d\n", yystate)); +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Entering state %d\n", yystate); +#endif goto yybackup; - -/*-----------. -| yybackup. | -`-----------*/ -yybackup: + yybackup: /* Do appropriate processing given the current state. */ -/* Read a look-ahead token if we need one and don't already have one. */ +/* Read a lookahead token if we need one and don't already have one. */ /* yyresume: */ - /* First try to decide what to do without reference to look-ahead token. */ + /* First try to decide what to do without reference to lookahead token. */ yyn = yypact[yystate]; - if (yyn == YYPACT_NINF) + if (yyn == YYFLAG) goto yydefault; - /* Not known => get a look-ahead token if don't already have one. */ + /* Not known => get a lookahead token if don't already have one. */ + + /* yychar is either YYEMPTY or YYEOF + or a valid token in external form. */ - /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ if (yychar == YYEMPTY) { - YYDPRINTF ((stderr, "Reading a token: ")); +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Reading a token: "); +#endif yychar = YYLEX; } - if (yychar <= YYEOF) + /* Convert token to internal form (in yychar1) for indexing tables with */ + + if (yychar <= 0) /* This means end of input. */ { - yychar = yytoken = YYEOF; - YYDPRINTF ((stderr, "Now at end of input.\n")); + yychar1 = 0; + yychar = YYEOF; /* Don't call YYLEX any more */ + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Now at end of input.\n"); +#endif } else { - yytoken = YYTRANSLATE (yychar); - YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); + yychar1 = YYTRANSLATE(yychar); + +#if YYDEBUG != 0 + if (yydebug) + { + fprintf (stderr, "Next token is %d (%s", yychar, yytname[yychar1]); + /* Give the individual parser a way to print the precise meaning + of a token, for further debugging info. */ +#ifdef YYPRINT + YYPRINT (stderr, yychar, yylval); +#endif + fprintf (stderr, ")\n"); + } +#endif } - /* If the proper action on seeing token YYTOKEN is to reduce or to - detect an error, take that action. */ - yyn += yytoken; - if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) + yyn += yychar1; + if (yyn < 0 || yyn > YYLAST || yycheck[yyn] != yychar1) goto yydefault; + yyn = yytable[yyn]; - if (yyn <= 0) + + /* yyn is what to do for this token type in this state. + Negative => reduce, -yyn is rule number. + Positive => shift, yyn is new state. + New state is final state => don't bother to shift, + just return success. + 0, or most negative number => error. */ + + if (yyn < 0) { - if (yyn == 0 || yyn == YYTABLE_NINF) + if (yyn == YYFLAG) goto yyerrlab; yyn = -yyn; goto yyreduce; } + else if (yyn == 0) + goto yyerrlab; if (yyn == YYFINAL) YYACCEPT; - /* Shift the look-ahead token. */ - YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); + /* Shift the lookahead token. */ + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Shifting token %d (%s), ", yychar, yytname[yychar1]); +#endif /* Discard the token being shifted unless it is eof. */ if (yychar != YYEOF) yychar = YYEMPTY; *++yyvsp = yylval; +#ifdef YYLSP_NEEDED + *++yylsp = yylloc; +#endif - - /* Count tokens shifted since error; after three, turn off error - status. */ - if (yyerrstatus) - yyerrstatus--; + /* count tokens shifted since error; after three, turn off error status. */ + if (yyerrstatus) yyerrstatus--; yystate = yyn; goto yynewstate; - -/*-----------------------------------------------------------. -| yydefault -- do the default action for the current state. | -`-----------------------------------------------------------*/ +/* Do the default action for the current state. */ yydefault: + yyn = yydefact[yystate]; if (yyn == 0) goto yyerrlab; - goto yyreduce; - -/*-----------------------------. -| yyreduce -- Do a reduction. | -`-----------------------------*/ +/* Do a reduction. yyn is the number of a rule to reduce with. */ yyreduce: - /* yyn is the number of a rule to reduce with. */ yylen = yyr2[yyn]; + if (yylen > 0) + yyval = yyvsp[1-yylen]; /* implement default value of the action */ - /* If YYLEN is nonzero, implement the default value of the action: - `$$ = $1'. - - Otherwise, the following line sets YYVAL to garbage. - This behavior is undocumented and Bison - users should not rely upon it. Assigning to YYVAL - unconditionally makes the parser a bit smaller, and it avoids a - GCC warning that YYVAL may be used uninitialized. */ - yyval = yyvsp[1-yylen]; - - - YY_REDUCE_PRINT (yyn); - switch (yyn) +#if YYDEBUG != 0 + if (yydebug) { - case 6: -#line 73 "parse.y" - { - id_str = (yyvsp[0].string); - } - break; + int i; - case 7: -#line 79 "parse.y" - { - base_id = name2number((yyvsp[0].string)); - strlcpy(name, (yyvsp[0].string), sizeof(name)); - free((yyvsp[0].string)); - } - break; + fprintf (stderr, "Reducing via rule %d (line %d), ", + yyn, yyrline[yyn]); - case 8: -#line 85 "parse.y" - { - base_id = name2number((yyvsp[-1].string)); - strlcpy(name, (yyvsp[0].string), sizeof(name)); - free((yyvsp[-1].string)); - free((yyvsp[0].string)); - } - break; + /* Print the symbols being reduced, and their result. */ + for (i = yyprhs[yyn]; yyrhs[i] > 0; i++) + fprintf (stderr, "%s ", yytname[yyrhs[i]]); + fprintf (stderr, " -> %s\n", yytname[yyr1[yyn]]); + } +#endif - case 11: -#line 98 "parse.y" - { - number = (yyvsp[0].number); - } - break; - case 12: -#line 102 "parse.y" - { + switch (yyn) { + +case 5: +#line 73 "../../../lib/com_err/parse.y" +{ + id_str = yyvsp[0].string; + ; + break;} +case 6: +#line 79 "../../../lib/com_err/parse.y" +{ + base_id = name2number(yyvsp[0].string); + strlcpy(name, yyvsp[0].string, sizeof(name)); + free(yyvsp[0].string); + ; + break;} +case 7: +#line 85 "../../../lib/com_err/parse.y" +{ + base_id = name2number(yyvsp[-1].string); + strlcpy(name, yyvsp[0].string, sizeof(name)); + free(yyvsp[-1].string); + free(yyvsp[0].string); + ; + break;} +case 10: +#line 98 "../../../lib/com_err/parse.y" +{ + number = yyvsp[0].number; + ; + break;} +case 11: +#line 102 "../../../lib/com_err/parse.y" +{ free(prefix); - asprintf (&prefix, "%s_", (yyvsp[0].string)); + asprintf (&prefix, "%s_", yyvsp[0].string); if (prefix == NULL) errx(1, "malloc"); - free((yyvsp[0].string)); - } - break; - - case 13: -#line 110 "parse.y" - { + free(yyvsp[0].string); + ; + break;} +case 12: +#line 110 "../../../lib/com_err/parse.y" +{ prefix = realloc(prefix, 1); if (prefix == NULL) errx(1, "malloc"); *prefix = '\0'; - } - break; - - case 14: -#line 117 "parse.y" - { + ; + break;} +case 13: +#line 117 "../../../lib/com_err/parse.y" +{ struct error_code *ec = malloc(sizeof(*ec)); if (ec == NULL) @@ -1137,258 +792,246 @@ yyreduce: ec->next = NULL; ec->number = number; if(prefix && *prefix != '\0') { - asprintf (&ec->name, "%s%s", prefix, (yyvsp[-2].string)); + asprintf (&ec->name, "%s%s", prefix, yyvsp[-2].string); if (ec->name == NULL) errx(1, "malloc"); - free((yyvsp[-2].string)); + free(yyvsp[-2].string); } else - ec->name = (yyvsp[-2].string); - ec->string = (yyvsp[0].string); + ec->name = yyvsp[-2].string; + ec->string = yyvsp[0].string; APPEND(codes, ec); number++; - } - break; - - case 15: -#line 137 "parse.y" - { + ; + break;} +case 14: +#line 137 "../../../lib/com_err/parse.y" +{ YYACCEPT; - } - break; - - - } - -/* Line 1037 of yacc.c. */ -#line 1164 "$base.c" + ; + break;} +} + /* the action file gets copied in in place of this dollarsign */ +#line 543 "/usr/share/bison.simple" yyvsp -= yylen; yyssp -= yylen; +#ifdef YYLSP_NEEDED + yylsp -= yylen; +#endif - - YY_STACK_PRINT (yyss, yyssp); +#if YYDEBUG != 0 + if (yydebug) + { + short *ssp1 = yyss - 1; + fprintf (stderr, "state stack now"); + while (ssp1 != yyssp) + fprintf (stderr, " %d", *++ssp1); + fprintf (stderr, "\n"); + } +#endif *++yyvsp = yyval; +#ifdef YYLSP_NEEDED + yylsp++; + if (yylen == 0) + { + yylsp->first_line = yylloc.first_line; + yylsp->first_column = yylloc.first_column; + yylsp->last_line = (yylsp-1)->last_line; + yylsp->last_column = (yylsp-1)->last_column; + yylsp->text = 0; + } + else + { + yylsp->last_line = (yylsp+yylen-1)->last_line; + yylsp->last_column = (yylsp+yylen-1)->last_column; + } +#endif - /* Now `shift' the result of the reduction. Determine what state - that goes to, based on the state we popped back to and the rule - number reduced by. */ + /* Now "shift" the result of the reduction. + Determine what state that goes to, + based on the state we popped back to + and the rule number reduced by. */ yyn = yyr1[yyn]; - yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; - if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) + yystate = yypgoto[yyn - YYNTBASE] + *yyssp; + if (yystate >= 0 && yystate <= YYLAST && yycheck[yystate] == *yyssp) yystate = yytable[yystate]; else - yystate = yydefgoto[yyn - YYNTOKENS]; + yystate = yydefgoto[yyn - YYNTBASE]; goto yynewstate; +yyerrlab: /* here on detecting error */ -/*------------------------------------. -| yyerrlab -- here on detecting error | -`------------------------------------*/ -yyerrlab: - /* If not already recovering from an error, report this error. */ - if (!yyerrstatus) + if (! yyerrstatus) + /* If not already recovering from an error, report this error. */ { ++yynerrs; -#if YYERROR_VERBOSE + +#ifdef YYERROR_VERBOSE yyn = yypact[yystate]; - if (YYPACT_NINF < yyn && yyn < YYLAST) + if (yyn > YYFLAG && yyn < YYLAST) { - YYSIZE_T yysize = 0; - int yytype = YYTRANSLATE (yychar); - const char* yyprefix; - char *yymsg; - int yyx; - - /* Start YYX at -YYN if negative to avoid negative indexes in - YYCHECK. */ - int yyxbegin = yyn < 0 ? -yyn : 0; - - /* Stay within bounds of both yycheck and yytname. */ - int yychecklim = YYLAST - yyn; - int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; - int yycount = 0; - - yyprefix = ", expecting "; - for (yyx = yyxbegin; yyx < yyxend; ++yyx) - if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) - { - yysize += yystrlen (yyprefix) + yystrlen (yytname [yyx]); - yycount += 1; - if (yycount == 5) - { - yysize = 0; - break; - } - } - yysize += (sizeof ("syntax error, unexpected ") - + yystrlen (yytname[yytype])); - yymsg = (char *) YYSTACK_ALLOC (yysize); - if (yymsg != 0) + int size = 0; + char *msg; + int x, count; + + count = 0; + /* Start X at -yyn if nec to avoid negative indexes in yycheck. */ + for (x = (yyn < 0 ? -yyn : 0); + x < (sizeof(yytname) / sizeof(char *)); x++) + if (yycheck[x + yyn] == x) + size += strlen(yytname[x]) + 15, count++; + msg = (char *) malloc(size + 15); + if (msg != 0) { - char *yyp = yystpcpy (yymsg, "syntax error, unexpected "); - yyp = yystpcpy (yyp, yytname[yytype]); + strcpy(msg, "parse error"); - if (yycount < 5) + if (count < 5) { - yyprefix = ", expecting "; - for (yyx = yyxbegin; yyx < yyxend; ++yyx) - if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) + count = 0; + for (x = (yyn < 0 ? -yyn : 0); + x < (sizeof(yytname) / sizeof(char *)); x++) + if (yycheck[x + yyn] == x) { - yyp = yystpcpy (yyp, yyprefix); - yyp = yystpcpy (yyp, yytname[yyx]); - yyprefix = " or "; + strcat(msg, count == 0 ? ", expecting `" : " or `"); + strcat(msg, yytname[x]); + strcat(msg, "'"); + count++; } } - yyerror (yymsg); - YYSTACK_FREE (yymsg); + yyerror(msg); + free(msg); } else - yyerror ("syntax error; also virtual memory exhausted"); + yyerror ("parse error; also virtual memory exceeded"); } else #endif /* YYERROR_VERBOSE */ - yyerror ("syntax error"); + yyerror("parse error"); } - + goto yyerrlab1; +yyerrlab1: /* here on error raised explicitly by an action */ if (yyerrstatus == 3) { - /* If just tried and failed to reuse look-ahead token after an - error, discard it. */ - - if (yychar <= YYEOF) - { - /* If at end of input, pop the error token, - then the rest of the stack, then return failure. */ - if (yychar == YYEOF) - for (;;) - { - - YYPOPSTACK; - if (yyssp == yyss) - YYABORT; - yydestruct ("Error: popping", - yystos[*yyssp], yyvsp); - } - } - else - { - yydestruct ("Error: discarding", yytoken, &yylval); - yychar = YYEMPTY; - } + /* if just tried and failed to reuse lookahead token after an error, discard it. */ + + /* return failure if at end of input */ + if (yychar == YYEOF) + YYABORT; + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Discarding token %d (%s).\n", yychar, yytname[yychar1]); +#endif + + yychar = YYEMPTY; } - /* Else will try to reuse look-ahead token after shifting the error - token. */ - goto yyerrlab1; + /* Else will try to reuse lookahead token + after shifting the error token. */ + yyerrstatus = 3; /* Each real token shifted decrements this */ -/*---------------------------------------------------. -| yyerrorlab -- error raised explicitly by YYERROR. | -`---------------------------------------------------*/ -yyerrorlab: + goto yyerrhandle; -#ifdef __GNUC__ - /* Pacify GCC when the user code never invokes YYERROR and the label - yyerrorlab therefore never appears in user code. */ - if (0) - goto yyerrorlab; -#endif +yyerrdefault: /* current state does not do anything special for the error token. */ -yyvsp -= yylen; - yyssp -= yylen; - yystate = *yyssp; - goto yyerrlab1; +#if 0 + /* This is wrong; only states that explicitly want error tokens + should shift them. */ + yyn = yydefact[yystate]; /* If its default is to accept any token, ok. Otherwise pop it.*/ + if (yyn) goto yydefault; +#endif +yyerrpop: /* pop the current state because it cannot handle the error token */ -/*-------------------------------------------------------------. -| yyerrlab1 -- common code for both syntax error and YYERROR. | -`-------------------------------------------------------------*/ -yyerrlab1: - yyerrstatus = 3; /* Each real token shifted decrements this. */ + if (yyssp == yyss) YYABORT; + yyvsp--; + yystate = *--yyssp; +#ifdef YYLSP_NEEDED + yylsp--; +#endif - for (;;) +#if YYDEBUG != 0 + if (yydebug) { - yyn = yypact[yystate]; - if (yyn != YYPACT_NINF) - { - yyn += YYTERROR; - if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) - { - yyn = yytable[yyn]; - if (0 < yyn) - break; - } - } + short *ssp1 = yyss - 1; + fprintf (stderr, "Error: state stack now"); + while (ssp1 != yyssp) + fprintf (stderr, " %d", *++ssp1); + fprintf (stderr, "\n"); + } +#endif - /* Pop the current state because it cannot handle the error token. */ - if (yyssp == yyss) - YYABORT; +yyerrhandle: + + yyn = yypact[yystate]; + if (yyn == YYFLAG) + goto yyerrdefault; + yyn += YYTERROR; + if (yyn < 0 || yyn > YYLAST || yycheck[yyn] != YYTERROR) + goto yyerrdefault; - yydestruct ("Error: popping", yystos[yystate], yyvsp); - YYPOPSTACK; - yystate = *yyssp; - YY_STACK_PRINT (yyss, yyssp); + yyn = yytable[yyn]; + if (yyn < 0) + { + if (yyn == YYFLAG) + goto yyerrpop; + yyn = -yyn; + goto yyreduce; } + else if (yyn == 0) + goto yyerrpop; if (yyn == YYFINAL) YYACCEPT; - *++yyvsp = yylval; - +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Shifting error token, "); +#endif - /* Shift the error token. */ - YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); + *++yyvsp = yylval; +#ifdef YYLSP_NEEDED + *++yylsp = yylloc; +#endif yystate = yyn; goto yynewstate; - -/*-------------------------------------. -| yyacceptlab -- YYACCEPT comes here. | -`-------------------------------------*/ -yyacceptlab: - yyresult = 0; - goto yyreturn; - -/*-----------------------------------. -| yyabortlab -- YYABORT comes here. | -`-----------------------------------*/ -yyabortlab: - yydestruct ("Error: discarding lookahead", - yytoken, &yylval); - yychar = YYEMPTY; - yyresult = 1; - goto yyreturn; - -#ifndef yyoverflow -/*----------------------------------------------. -| yyoverflowlab -- parser overflow comes here. | -`----------------------------------------------*/ -yyoverflowlab: - yyerror ("parser stack overflow"); - yyresult = 2; - /* Fall through. */ + yyacceptlab: + /* YYACCEPT comes here. */ + if (yyfree_stacks) + { + free (yyss); + free (yyvs); +#ifdef YYLSP_NEEDED + free (yyls); #endif + } + return 0; -yyreturn: -#ifndef yyoverflow - if (yyss != yyssa) - YYSTACK_FREE (yyss); + yyabortlab: + /* YYABORT comes here. */ + if (yyfree_stacks) + { + free (yyss); + free (yyvs); +#ifdef YYLSP_NEEDED + free (yyls); #endif - return yyresult; + } + return 1; } - - -#line 142 "parse.y" +#line 142 "../../../lib/com_err/parse.y" static long @@ -1421,4 +1064,3 @@ yyerror (char *s) { error_message ("%s\n", s); } - diff --git a/source4/heimdal/lib/com_err/parse.h b/source4/heimdal/lib/com_err/parse.h index ef7b9ba91e..07e33790d3 100644 --- a/source4/heimdal/lib/com_err/parse.h +++ b/source4/heimdal/lib/com_err/parse.h @@ -1,70 +1,15 @@ -/* A Bison parser, made by GNU Bison 2.0. */ - -/* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. */ - -/* As a special exception, when this file is copied by Bison into a - Bison output file, you may use that output file without restriction. - This special exception was added by the Free Software Foundation - in version 1.24 of Bison. */ - -/* Tokens. */ -#ifndef YYTOKENTYPE -# define YYTOKENTYPE - /* Put the tokens into the symbol table, so that GDB and other debuggers - know about them. */ - enum yytokentype { - ET = 258, - INDEX = 259, - PREFIX = 260, - EC = 261, - ID = 262, - END = 263, - STRING = 264, - NUMBER = 265 - }; -#endif -#define ET 258 -#define INDEX 259 -#define PREFIX 260 -#define EC 261 -#define ID 262 -#define END 263 -#define STRING 264 -#define NUMBER 265 - - - - -#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) -#line 53 "parse.y" -typedef union YYSTYPE { +typedef union { char *string; int number; } YYSTYPE; -/* Line 1318 of yacc.c. */ -#line 62 "parse.h" -# define yystype YYSTYPE /* obsolescent; will be withdrawn */ -# define YYSTYPE_IS_DECLARED 1 -# define YYSTYPE_IS_TRIVIAL 1 -#endif - -extern YYSTYPE yylval; - +#define ET 257 +#define INDEX 258 +#define PREFIX 259 +#define EC 260 +#define ID 261 +#define END 262 +#define STRING 263 +#define NUMBER 264 +extern YYSTYPE yylval; diff --git a/source4/heimdal/lib/des/evp.c b/source4/heimdal/lib/des/evp.c index fd6ac63ec2..34480dbe7e 100644 --- a/source4/heimdal/lib/des/evp.c +++ b/source4/heimdal/lib/des/evp.c @@ -17,14 +17,19 @@ #include #include +typedef int (*evp_md_init)(EVP_MD_CTX *); +typedef int (*evp_md_update)(EVP_MD_CTX *,const void *, size_t); +typedef int (*evp_md_final)(void *, EVP_MD_CTX *); +typedef int (*evp_md_cleanup)(EVP_MD_CTX *); + struct hc_evp_md { int hash_size; int block_size; int ctx_size; - int (*init)(EVP_MD_CTX *); - int (*update)(EVP_MD_CTX *,const void *, size_t ); - int (*final)(void *, EVP_MD_CTX *); - int (*cleanup)(EVP_MD_CTX *); + evp_md_init init; + evp_md_update update; + evp_md_final final; + evp_md_cleanup cleanup; }; /* @@ -151,19 +156,18 @@ EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize, * */ -static const struct hc_evp_md sha256 = { - 32, - 64, - sizeof(SHA256_CTX), - (void *)SHA256_Init, - (void *)SHA256_Update, - (void *)SHA256_Final, - NULL -}; - const EVP_MD * EVP_sha256(void) { + static const struct hc_evp_md sha256 = { + 32, + 64, + sizeof(SHA256_CTX), + (evp_md_init)SHA256_Init, + (evp_md_update)SHA256_Update, + (evp_md_final)SHA256_Final, + NULL + }; return &sha256; } @@ -171,9 +175,9 @@ static const struct hc_evp_md sha1 = { 20, 64, sizeof(SHA_CTX), - (void *)SHA1_Init, - (void *)SHA1_Update, - (void *)SHA1_Final, + (evp_md_init)SHA1_Init, + (evp_md_update)SHA1_Update, + (evp_md_final)SHA1_Final, NULL }; @@ -196,9 +200,9 @@ EVP_md5(void) 16, 64, sizeof(MD5_CTX), - (void *)MD5_Init, - (void *)MD5_Update, - (void *)MD5_Final, + (evp_md_init)MD5_Init, + (evp_md_update)MD5_Update, + (evp_md_final)MD5_Final, NULL }; return &md5; @@ -211,9 +215,9 @@ EVP_md4(void) 16, 64, sizeof(MD4_CTX), - (void *)MD4_Init, - (void *)MD4_Update, - (void *)MD4_Final, + (evp_md_init)MD4_Init, + (evp_md_update)MD4_Update, + (evp_md_final)MD4_Final, NULL }; return &md4; @@ -226,9 +230,9 @@ EVP_md2(void) 16, 16, sizeof(MD2_CTX), - (void *)MD2_Init, - (void *)MD2_Update, - (void *)MD2_Final, + (evp_md_init)MD2_Init, + (evp_md_update)MD2_Update, + (evp_md_final)MD2_Final, NULL }; return &md2; @@ -258,9 +262,9 @@ EVP_md_null(void) 0, 0, 0, - (void *)null_Init, - (void *)null_Update, - (void *)null_Final, + (evp_md_init)null_Init, + (evp_md_update)null_Update, + (evp_md_final)null_Final, NULL }; return &null; @@ -878,3 +882,24 @@ EVP_BytesToKey(const EVP_CIPHER *type, return EVP_CIPHER_key_length(type); } +/* + * + */ + +void +OpenSSL_add_all_algorithms(void) +{ + return; +} + +void +OpenSSL_add_all_algorithms_conf(void) +{ + return; +} + +void +OpenSSL_add_all_algorithms_noconf(void) +{ + return; +} diff --git a/source4/heimdal/lib/des/evp.h b/source4/heimdal/lib/des/evp.h index 17d6d5fd41..2fdf8d0765 100644 --- a/source4/heimdal/lib/des/evp.h +++ b/source4/heimdal/lib/des/evp.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: evp.h,v 1.8 2006/04/21 15:00:54 lha Exp $ */ +/* $Id: evp.h,v 1.11 2006/10/07 17:21:24 lha Exp $ */ #ifndef HEIM_EVP_H #define HEIM_EVP_H 1 @@ -89,6 +89,9 @@ #define PKCS5_PBKDF2_HMAC_SHA1 hc_PKCS5_PBKDF2_HMAC_SHA1 #define EVP_BytesToKey hc_EVP_BytesToKey #define EVP_get_cipherbyname hc_EVP_get_cipherbyname +#define OpenSSL_add_all_algorithms hc_OpenSSL_add_all_algorithms +#define OpenSSL_add_all_algorithms_conf hc_OpenSSL_add_all_algorithms_conf +#define OpenSSL_add_all_algorithms_noconf hc_OpenSSL_add_all_algorithms_noconf /* * @@ -241,4 +244,12 @@ int EVP_BytesToKey(const EVP_CIPHER *, const EVP_MD *, unsigned int, void *, void *); +/* + * + */ + +void OpenSSL_add_all_algorithms(void); +void OpenSSL_add_all_algorithms_conf(void); +void OpenSSL_add_all_algorithms_noconf(void); + #endif /* HEIM_EVP_H */ diff --git a/source4/heimdal/lib/des/hmac.c b/source4/heimdal/lib/des/hmac.c index 4bcb0defa5..848b987a90 100644 --- a/source4/heimdal/lib/des/hmac.c +++ b/source4/heimdal/lib/des/hmac.c @@ -29,8 +29,8 @@ HMAC_CTX_cleanup(HMAC_CTX *ctx) ctx->ipad = NULL; } if (ctx->ctx) { - EVP_MD_CTX_destroy(ctx->ctx); - ctx->ctx = NULL; + EVP_MD_CTX_destroy(ctx->ctx); + ctx->ctx = NULL; } } diff --git a/source4/heimdal/lib/des/rand-unix.c b/source4/heimdal/lib/des/rand-unix.c new file mode 100644 index 0000000000..a51c6c0c0d --- /dev/null +++ b/source4/heimdal/lib/des/rand-unix.c @@ -0,0 +1,153 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: rand-unix.c,v 1.2 2006/10/21 21:09:14 lha Exp $"); + +#include +#include +#include + +#include + +/* + * Unix /dev/random + */ + +static int +get_device_fd(int flags) +{ + static const char *rnd_devices[] = { + "/dev/urandom", + "/dev/random", + "/dev/srandom", + "/dev/arandom", + NULL + }; + const char **p; + + for(p = rnd_devices; *p; p++) { + int fd = open(*p, flags | O_NDELAY); + if(fd >= 0) + return fd; + } + return -1; +} + +static void +unix_seed(const void *indata, int size) +{ + int fd; + + if (size <= 0) + return; + + fd = get_device_fd(O_WRONLY); + if (fd < 0) + return; + + write(fd, indata, size); + close(fd); + +} + +static int +unix_bytes(unsigned char *outdata, int size) +{ + ssize_t count; + int fd; + + if (size <= 0) + return 0; + + fd = get_device_fd(O_RDONLY); + if (fd < 0) + return 0; + + while (size > 0) { + count = read (fd, outdata, size); + if (count < 0 && errno == EINTR) + continue; + else if (count <= 0) { + close(fd); + return 0; + } + outdata += count; + size -= count; + } + close(fd); + + return 1; +} + +static void +unix_cleanup(void) +{ +} + +static void +unix_add(const void *indata, int size, double entropi) +{ + unix_seed(indata, size); +} + +static int +unix_pseudorand(unsigned char *outdata, int size) +{ + return unix_bytes(outdata, size); +} + +static int +unix_status(void) +{ + int fd; + + fd = get_device_fd(O_RDONLY); + if (fd < 0) + return 0; + close(fd); + + return 1; +} + +const RAND_METHOD hc_rand_unix_method = { + unix_seed, + unix_bytes, + unix_cleanup, + unix_add, + unix_pseudorand, + unix_status +}; diff --git a/source4/heimdal/lib/des/rand.c b/source4/heimdal/lib/des/rand.c new file mode 100644 index 0000000000..6eb959b724 --- /dev/null +++ b/source4/heimdal/lib/des/rand.c @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: rand.c,v 1.7 2006/10/16 10:23:01 lha Exp $"); + +#include +#include +#include + +#include + +extern RAND_METHOD hc_rand_unix_method; +static const RAND_METHOD *selected_meth = &hc_rand_unix_method; + +void +RAND_seed(const void *indata, size_t size) +{ + (*selected_meth->seed)(indata, size); +} + +int +RAND_bytes(void *outdata, size_t size) +{ + return (*selected_meth->bytes)(outdata, size); +} + +void +RAND_cleanup(void) +{ + (*selected_meth->cleanup)(); +} + +void +RAND_add(const void *indata, size_t size, double entropi) +{ + (*selected_meth->add)(indata, size, entropi); +} + +int +RAND_pseudo_bytes(void *outdata, size_t size) +{ + return (*selected_meth->pseudorand)(outdata, size); +} + +int +RAND_status(void) +{ + return (*selected_meth->status)(); +} + +int +RAND_set_rand_method(const RAND_METHOD *meth) +{ + selected_meth = meth; + return 1; +} + +const RAND_METHOD * +RAND_get_rand_method(void) +{ + return selected_meth; +} + +int +RAND_set_rand_engine(ENGINE *engine) +{ + return 1; +} + +int +RAND_load_file(const char *filename, size_t size) +{ + return 1; +} + +int +RAND_write_file(const char *filename) +{ + return 1; +} + +int +RAND_egd(const char *filename) +{ + return 1; +} diff --git a/source4/heimdal/lib/des/ui.c b/source4/heimdal/lib/des/ui.c index 276367e186..25b0ad293c 100644 --- a/source4/heimdal/lib/des/ui.c +++ b/source4/heimdal/lib/des/ui.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: ui.c,v 1.5 2006/01/08 21:47:29 lha Exp $"); +RCSID("$Id: ui.c,v 1.6 2006/09/22 15:45:57 lha Exp $"); #endif #include @@ -53,11 +53,16 @@ intr(int sig) intr_flag++; } +#ifndef NSIG +#define NSIG 47 +#endif + static int read_string(const char *preprompt, const char *prompt, char *buf, size_t len, int echo) { - struct sigaction sigs[47]; + struct sigaction sigs[NSIG]; + int oksigs[NSIG]; struct sigaction sa; FILE *tty; int ret = 0; @@ -68,12 +73,16 @@ read_string(const char *preprompt, const char *prompt, struct termios t_new, t_old; + memset(&oksigs, 0, sizeof(oksigs)); + memset(&sa, 0, sizeof(sa)); sa.sa_handler = intr; sigemptyset(&sa.sa_mask); sa.sa_flags = 0; - for(i = 0; i < sizeof(sigs) / sizeof(sigs[0]); i++) - if (i != SIGALRM) sigaction(i, &sa, &sigs[i]); + for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++) + if (i != SIGALRM) + if (sigaction(i, &sa, &sigs[i]) == 0) + oksigs[i] = 1; if((tty = fopen("/dev/tty", "r")) == NULL) tty = stdin; @@ -114,8 +123,9 @@ read_string(const char *preprompt, const char *prompt, if(tty != stdin) fclose(tty); - for(i = 0; i < sizeof(sigs) / sizeof(sigs[0]); i++) - if (i != SIGALRM) sigaction(i, &sigs[i], NULL); + for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++) + if (oksigs[i]) + sigaction(i, &sigs[i], NULL); if(ret) return -3; diff --git a/source4/heimdal/lib/gssapi/8003.c b/source4/heimdal/lib/gssapi/8003.c deleted file mode 100644 index 359bb6e715..0000000000 --- a/source4/heimdal/lib/gssapi/8003.c +++ /dev/null @@ -1,248 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: 8003.c,v 1.18 2006/05/04 11:55:40 lha Exp $"); - -krb5_error_code -gssapi_encode_om_uint32(OM_uint32 n, u_char *p) -{ - p[0] = (n >> 0) & 0xFF; - p[1] = (n >> 8) & 0xFF; - p[2] = (n >> 16) & 0xFF; - p[3] = (n >> 24) & 0xFF; - return 0; -} - -krb5_error_code -gssapi_encode_be_om_uint32(OM_uint32 n, u_char *p) -{ - p[0] = (n >> 24) & 0xFF; - p[1] = (n >> 16) & 0xFF; - p[2] = (n >> 8) & 0xFF; - p[3] = (n >> 0) & 0xFF; - return 0; -} - -krb5_error_code -gssapi_decode_om_uint32(const void *ptr, OM_uint32 *n) -{ - const u_char *p = ptr; - *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); - return 0; -} - -krb5_error_code -gssapi_decode_be_om_uint32(const void *ptr, OM_uint32 *n) -{ - const u_char *p = ptr; - *n = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0); - return 0; -} - -static krb5_error_code -hash_input_chan_bindings (const gss_channel_bindings_t b, - u_char *p) -{ - u_char num[4]; - MD5_CTX md5; - - MD5_Init(&md5); - gssapi_encode_om_uint32 (b->initiator_addrtype, num); - MD5_Update (&md5, num, sizeof(num)); - gssapi_encode_om_uint32 (b->initiator_address.length, num); - MD5_Update (&md5, num, sizeof(num)); - if (b->initiator_address.length) - MD5_Update (&md5, - b->initiator_address.value, - b->initiator_address.length); - gssapi_encode_om_uint32 (b->acceptor_addrtype, num); - MD5_Update (&md5, num, sizeof(num)); - gssapi_encode_om_uint32 (b->acceptor_address.length, num); - MD5_Update (&md5, num, sizeof(num)); - if (b->acceptor_address.length) - MD5_Update (&md5, - b->acceptor_address.value, - b->acceptor_address.length); - gssapi_encode_om_uint32 (b->application_data.length, num); - MD5_Update (&md5, num, sizeof(num)); - if (b->application_data.length) - MD5_Update (&md5, - b->application_data.value, - b->application_data.length); - MD5_Final (p, &md5); - return 0; -} - -/* - * create a checksum over the chanel bindings in - * `input_chan_bindings', `flags' and `fwd_data' and return it in - * `result' - */ - -OM_uint32 -gssapi_krb5_create_8003_checksum ( - OM_uint32 *minor_status, - const gss_channel_bindings_t input_chan_bindings, - OM_uint32 flags, - const krb5_data *fwd_data, - Checksum *result) -{ - u_char *p; - - /* - * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value - * field's format) */ - result->cksumtype = CKSUMTYPE_GSSAPI; - if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) - result->checksum.length = 24 + 4 + fwd_data->length; - else - result->checksum.length = 24; - result->checksum.data = malloc (result->checksum.length); - if (result->checksum.data == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = result->checksum.data; - gssapi_encode_om_uint32 (16, p); - p += 4; - if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) { - memset (p, 0, 16); - } else { - hash_input_chan_bindings (input_chan_bindings, p); - } - p += 16; - gssapi_encode_om_uint32 (flags, p); - p += 4; - - if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) { - - *p++ = (1 >> 0) & 0xFF; /* DlgOpt */ /* == 1 */ - *p++ = (1 >> 8) & 0xFF; /* DlgOpt */ /* == 0 */ - *p++ = (fwd_data->length >> 0) & 0xFF; /* Dlgth */ - *p++ = (fwd_data->length >> 8) & 0xFF; /* Dlgth */ - memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length); - - p += fwd_data->length; - } - - return GSS_S_COMPLETE; -} - -/* - * verify the checksum in `cksum' over `input_chan_bindings' - * returning `flags' and `fwd_data' - */ - -OM_uint32 -gssapi_krb5_verify_8003_checksum( - OM_uint32 *minor_status, - const gss_channel_bindings_t input_chan_bindings, - const Checksum *cksum, - OM_uint32 *flags, - krb5_data *fwd_data) -{ - unsigned char hash[16]; - unsigned char *p; - OM_uint32 length; - int DlgOpt; - static unsigned char zeros[16]; - - if (cksum == NULL) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - - /* XXX should handle checksums > 24 bytes */ - if(cksum->cksumtype != CKSUMTYPE_GSSAPI || cksum->checksum.length < 24) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - - p = cksum->checksum.data; - gssapi_decode_om_uint32(p, &length); - if(length != sizeof(hash)) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - - p += 4; - - if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS - && memcmp(p, zeros, sizeof(zeros)) != 0) { - if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - if(memcmp(hash, p, sizeof(hash)) != 0) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - } - - p += sizeof(hash); - - gssapi_decode_om_uint32(p, flags); - p += 4; - - if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) { - if(cksum->checksum.length < 28) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - - DlgOpt = (p[0] << 0) | (p[1] << 8); - p += 2; - if (DlgOpt != 1) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - - fwd_data->length = (p[0] << 0) | (p[1] << 8); - p += 2; - if(cksum->checksum.length < 28 + fwd_data->length) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - fwd_data->data = malloc(fwd_data->length); - if (fwd_data->data == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy(fwd_data->data, p, fwd_data->length); - } - - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/accept_sec_context.c b/source4/heimdal/lib/gssapi/accept_sec_context.c deleted file mode 100644 index 41a54bdab1..0000000000 --- a/source4/heimdal/lib/gssapi/accept_sec_context.c +++ /dev/null @@ -1,1176 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: accept_sec_context.c,v 1.55 2005/11/25 15:57:35 lha Exp $"); - -HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER; -krb5_keytab gssapi_krb5_keytab; - -OM_uint32 -gsskrb5_register_acceptor_identity (const char *identity) -{ - krb5_error_code ret; - - ret = gssapi_krb5_init(); - if(ret) - return GSS_S_FAILURE; - - HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex); - - if(gssapi_krb5_keytab != NULL) { - krb5_kt_close(gssapi_krb5_context, gssapi_krb5_keytab); - gssapi_krb5_keytab = NULL; - } - if (identity == NULL) { - ret = krb5_kt_default(gssapi_krb5_context, &gssapi_krb5_keytab); - } else { - char *p; - - asprintf(&p, "FILE:%s", identity); - if(p == NULL) { - HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); - return GSS_S_FAILURE; - } - ret = krb5_kt_resolve(gssapi_krb5_context, p, &gssapi_krb5_keytab); - free(p); - } - HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); - if(ret) - return GSS_S_FAILURE; - return GSS_S_COMPLETE; -} - -void -gsskrb5_is_cfx(gss_ctx_id_t context_handle, int *is_cfx) -{ - krb5_keyblock *key; - int acceptor = (context_handle->more_flags & LOCAL) == 0; - *is_cfx = 0; - - if (acceptor) { - if (context_handle->auth_context->local_subkey) - key = context_handle->auth_context->local_subkey; - else - key = context_handle->auth_context->remote_subkey; - } else { - if (context_handle->auth_context->remote_subkey) - key = context_handle->auth_context->remote_subkey; - else - key = context_handle->auth_context->local_subkey; - } - if (key == NULL) - key = context_handle->auth_context->keyblock; - - if (key == NULL) - return; - - switch (key->keytype) { - case ETYPE_DES_CBC_CRC: - case ETYPE_DES_CBC_MD4: - case ETYPE_DES_CBC_MD5: - case ETYPE_DES3_CBC_MD5: - case ETYPE_DES3_CBC_SHA1: - case ETYPE_ARCFOUR_HMAC_MD5: - case ETYPE_ARCFOUR_HMAC_MD5_56: - break; - default : - *is_cfx = 1; - if ((acceptor && context_handle->auth_context->local_subkey) || - (!acceptor && context_handle->auth_context->remote_subkey)) - context_handle->more_flags |= ACCEPTOR_SUBKEY; - break; - } -} - - -static OM_uint32 -gsskrb5_accept_delegated_token - (OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - gss_cred_id_t * delegated_cred_handle) -{ - krb5_data *fwd_data = &(*context_handle)->fwd_data; - OM_uint32 *flags = &(*context_handle)->flags; - krb5_principal principal = (*context_handle)->source; - krb5_ccache ccache = NULL; - krb5_error_code kret; - int32_t ac_flags, ret = GSS_S_COMPLETE; - - *minor_status = 0; - - /* XXX Create a new delegated_cred_handle? */ - if (delegated_cred_handle == NULL) - kret = krb5_cc_default (gssapi_krb5_context, &ccache); - else - kret = krb5_cc_gen_new (gssapi_krb5_context, &krb5_mcc_ops, &ccache); - if (kret) { - *flags &= ~GSS_C_DELEG_FLAG; - goto out; - } - - kret = krb5_cc_initialize(gssapi_krb5_context, ccache, principal); - if (kret) { - *flags &= ~GSS_C_DELEG_FLAG; - goto out; - } - - krb5_auth_con_removeflags(gssapi_krb5_context, - (*context_handle)->auth_context, - KRB5_AUTH_CONTEXT_DO_TIME, - &ac_flags); - kret = krb5_rd_cred2(gssapi_krb5_context, - (*context_handle)->auth_context, - ccache, - fwd_data); - if (kret) - gssapi_krb5_set_error_string(); - krb5_auth_con_setflags(gssapi_krb5_context, - (*context_handle)->auth_context, - ac_flags); - if (kret) { - *flags &= ~GSS_C_DELEG_FLAG; - ret = GSS_S_FAILURE; - *minor_status = kret; - goto out; - } - - if (delegated_cred_handle) { - ret = gss_krb5_import_cred(minor_status, - ccache, - NULL, - NULL, - delegated_cred_handle); - if (ret != GSS_S_COMPLETE) - goto out; - - (*delegated_cred_handle)->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE; - ccache = NULL; - } - -out: - if (ccache) { - if (delegated_cred_handle == NULL) - krb5_cc_close(gssapi_krb5_context, ccache); - else - krb5_cc_destroy(gssapi_krb5_context, ccache); - } - return ret; -} - -static OM_uint32 -gsskrb5_acceptor_ready( - OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - gss_cred_id_t * delegated_cred_handle) -{ - OM_uint32 ret; - int32_t seq_number; - int is_cfx = 0; - OM_uint32 *flags = &(*context_handle)->flags; - - krb5_auth_getremoteseqnumber (gssapi_krb5_context, - (*context_handle)->auth_context, - &seq_number); - - gsskrb5_is_cfx(*context_handle, &is_cfx); - - ret = _gssapi_msg_order_create(minor_status, - &(*context_handle)->order, - _gssapi_msg_order_f(*flags), - seq_number, 0, is_cfx); - if (ret) return ret; - - if (!(*flags & GSS_C_MUTUAL_FLAG) && _gssapi_msg_order_f(*flags)) { - krb5_auth_con_setlocalseqnumber(gssapi_krb5_context, - (*context_handle)->auth_context, - seq_number); - } - - /* - * We should handle the delegation ticket, in case it's there - */ - if ((*context_handle)->fwd_data.length > 0 && (*flags & GSS_C_DELEG_FLAG)) { - ret = gsskrb5_accept_delegated_token(minor_status, - context_handle, - delegated_cred_handle); - if (ret) return ret; - } else { - /* Well, looks like it wasn't there after all */ - *flags &= ~GSS_C_DELEG_FLAG; - } - - (*context_handle)->state = ACCEPTOR_READY; - (*context_handle)->more_flags |= OPEN; - - return GSS_S_COMPLETE; -} -static OM_uint32 -gsskrb5_acceptor_start - (OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - const gss_cred_id_t acceptor_cred_handle, - const gss_buffer_t input_token_buffer, - const gss_channel_bindings_t input_chan_bindings, - gss_name_t * src_name, - gss_OID * mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec, - gss_cred_id_t * delegated_cred_handle - ) -{ - krb5_error_code kret; - OM_uint32 ret = GSS_S_COMPLETE; - krb5_data indata; - krb5_flags ap_options; - OM_uint32 flags; - krb5_ticket *ticket = NULL; - krb5_keytab keytab = NULL; - krb5_keyblock *keyblock = NULL; - int is_cfx = 0; - - krb5_data_zero (&(*context_handle)->fwd_data); - - /* - * We may, or may not, have an escapsulation. - */ - ret = gssapi_krb5_decapsulate (minor_status, - input_token_buffer, - &indata, - "\x01\x00", - GSS_KRB5_MECHANISM); - - if (ret) { - /* No OID wrapping apparently available. */ - indata.length = input_token_buffer->length; - indata.data = input_token_buffer->value; - } - - /* - * We need to get our keytab - */ - if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) { - if (gssapi_krb5_keytab != NULL) { - keytab = gssapi_krb5_keytab; - } - } else if (acceptor_cred_handle->keytab != NULL) { - keytab = acceptor_cred_handle->keytab; - } - - /* - * We need to check the ticket and create the AP-REP packet - */ - kret = krb5_rd_req_return_keyblock(gssapi_krb5_context, - &(*context_handle)->auth_context, - &indata, - (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred_handle->principal, - keytab, - &ap_options, - &ticket, - &keyblock); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - return ret; - } - - /* - * We need to remember some data on the context_handle - */ - (*context_handle)->ticket = ticket; - (*context_handle)->service_keyblock = keyblock; - (*context_handle)->lifetime = ticket->ticket.endtime; - - /* - * We need to copy the principal names to the context and the calling layer - */ - kret = krb5_copy_principal(gssapi_krb5_context, - ticket->client, - &(*context_handle)->source); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - } - - kret = krb5_copy_principal (gssapi_krb5_context, - ticket->server, - &(*context_handle)->target); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - return ret; - } - - /* - * We need to setup some compat stuff, this assumes that context_handle->target is already set - */ - ret = _gss_DES3_get_mic_compat(minor_status, *context_handle); - if (ret) { - return ret; - } - - if (src_name != NULL) { - kret = krb5_copy_principal (gssapi_krb5_context, - ticket->client, - src_name); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - return ret; - } - } - - /* - * We need to get the flags out of the 8003 checksum - */ - { - krb5_authenticator authenticator; - - kret = krb5_auth_con_getauthenticator(gssapi_krb5_context, - (*context_handle)->auth_context, - &authenticator); - if(kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - return ret; - } - - if (authenticator->cksum->cksumtype == CKSUMTYPE_GSSAPI) { - ret = gssapi_krb5_verify_8003_checksum(minor_status, - input_chan_bindings, - authenticator->cksum, - &flags, - &(*context_handle)->fwd_data); - - krb5_free_authenticator(gssapi_krb5_context, &authenticator); - if (ret) { - return ret; - } - } else { - krb5_crypto crypto; - - kret = krb5_crypto_init(gssapi_krb5_context, - (*context_handle)->auth_context->keyblock, - 0, &crypto); - if(kret) { - krb5_free_authenticator(gssapi_krb5_context, &authenticator); - - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - return ret; - } - - /* Windows accepts Samba3's use of a kerberos, - rather than GSSAPI checksum here */ - kret = krb5_verify_checksum(gssapi_krb5_context, - crypto, KRB5_KU_AP_REQ_AUTH_CKSUM, NULL, 0, - authenticator->cksum); - krb5_free_authenticator(gssapi_krb5_context, &authenticator); - krb5_crypto_destroy(gssapi_krb5_context, crypto); - - if(kret) { - ret = GSS_S_BAD_SIG; - *minor_status = kret; - gssapi_krb5_set_error_string (); - return ret; - } - - flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; - } - } - - if(flags & GSS_C_MUTUAL_FLAG) { - krb5_data outbuf; - - gsskrb5_is_cfx(*context_handle, &is_cfx); - - if (is_cfx != 0 - || (ap_options & AP_OPTS_USE_SUBKEY)) { - kret = krb5_auth_con_addflags(gssapi_krb5_context, - (*context_handle)->auth_context, - KRB5_AUTH_CONTEXT_USE_SUBKEY, - NULL); - (*context_handle)->more_flags |= ACCEPTOR_SUBKEY; - } - - kret = krb5_mk_rep(gssapi_krb5_context, - (*context_handle)->auth_context, - &outbuf); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - - if (!(flags & GSS_C_DCE_STYLE)) { - ret = gssapi_krb5_encapsulate(minor_status, - &outbuf, - output_token, - "\x02\x00", - GSS_KRB5_MECHANISM); - krb5_data_free (&outbuf); - if (ret) { - return ret; - } - } else { - output_token->length = outbuf.length; - output_token->value = outbuf.data; - } - } - - flags |= GSS_C_TRANS_FLAG; - - /* Remember the flags */ - - (*context_handle)->lifetime = ticket->ticket.endtime; - (*context_handle)->flags = flags; - (*context_handle)->more_flags |= OPEN; - - if (mech_type) - *mech_type = GSS_KRB5_MECHANISM; - - if (time_rec) { - ret = gssapi_lifetime_left(minor_status, - (*context_handle)->lifetime, - time_rec); - if (ret) { - return ret; - } - } - - /* - * When GSS_C_DCE_STYLE is in use, we need ask for a AP-REP from the client - */ - if (flags & GSS_C_DCE_STYLE) { - if (ret_flags) { - /* Return flags to caller, but we haven't processed delgations yet */ - *ret_flags = flags & ~GSS_C_DELEG_FLAG; - } - - (*context_handle)->state = ACCEPTOR_WAIT_FOR_DCESTYLE; - return GSS_S_CONTINUE_NEEDED; - } - - ret = gsskrb5_acceptor_ready(minor_status, context_handle, delegated_cred_handle); - - /* - * We need to send the flags back to the caller - */ - - *ret_flags = (*context_handle)->flags; - return ret; -} - -static OM_uint32 -gsskrb5_acceptor_wait_for_dcestyle( - OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - const gss_cred_id_t acceptor_cred_handle, - const gss_buffer_t input_token_buffer, - const gss_channel_bindings_t input_chan_bindings, - gss_name_t * src_name, - gss_OID * mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec, - gss_cred_id_t * delegated_cred_handle) -{ - OM_uint32 ret; - krb5_error_code kret; - krb5_data inbuf; - OM_uint32 r_seq_number; - OM_uint32 l_seq_number; - - /* We know it's GSS_C_DCE_STYLE so we don't need to decapsulate the AP_REP */ - inbuf.length = input_token_buffer->length; - inbuf.data = input_token_buffer->value; - - /* - * We need to remeber the old remote seq_number, then check if the client has replied with our local seq_number, - * and then reset the remote seq_number to the old value - */ - { - kret = krb5_auth_con_getlocalseqnumber(gssapi_krb5_context, - (*context_handle)->auth_context, - &l_seq_number); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - kret = krb5_auth_getremoteseqnumber(gssapi_krb5_context, - (*context_handle)->auth_context, - &r_seq_number); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - kret = krb5_auth_con_setremoteseqnumber(gssapi_krb5_context, - (*context_handle)->auth_context, - l_seq_number); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - } - - /* We need to verify the AP_REP, but we need to flag that this - is DCE_STYLE, so don't check the timestamps this time - */ - { - krb5_ap_rep_enc_part *repl; - int32_t auth_flags; - - kret = krb5_auth_con_removeflags(gssapi_krb5_context, - (*context_handle)->auth_context, - KRB5_AUTH_CONTEXT_DO_TIME, &auth_flags); - if (kret) { /* Can't happen */ - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - kret = krb5_rd_rep(gssapi_krb5_context, - (*context_handle)->auth_context, - &inbuf, - &repl); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - /* Because the inbuf above is a final leg from client - * to server, we don't have a use for a 'reply' - * here */ - krb5_free_ap_rep_enc_part(gssapi_krb5_context, repl); - - /* Do no harm, put the flags back */ - kret = krb5_auth_con_setflags(gssapi_krb5_context, - (*context_handle)->auth_context, - auth_flags); - if (kret) { /* Can't happen */ - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - } - - /* We need to check the liftime */ - { - OM_uint32 lifetime_rec; - - ret = gssapi_lifetime_left(minor_status, - (*context_handle)->lifetime, - &lifetime_rec); - if (ret) { - return ret; - } - if (lifetime_rec == 0) { - return GSS_S_CONTEXT_EXPIRED; - } - - if (time_rec) *time_rec = lifetime_rec; - } - - /* We need to give the caller the flags which are in use */ - if (ret_flags) *ret_flags = (*context_handle)->flags; - - if (src_name) { - kret = krb5_copy_principal(gssapi_krb5_context, - (*context_handle)->source, - src_name); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - } - - /* - * After the krb5_rd_rep() the remote and local seq_number should be the same, - * because the client just replies the seq_number from our AP-REP in its AP-REP, - * but then the client uses the seq_number from its AP-REQ for GSS_wrap() - */ - { - OM_uint32 tmp_r_seq_number; - OM_uint32 tmp_l_seq_number; - - kret = krb5_auth_getremoteseqnumber(gssapi_krb5_context, - (*context_handle)->auth_context, - &tmp_r_seq_number); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - kret = krb5_auth_con_getlocalseqnumber(gssapi_krb5_context, - (*context_handle)->auth_context, - &tmp_l_seq_number); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - /* - * Here we check if the client has responsed with our local seq_number, - */ - if (tmp_r_seq_number != tmp_l_seq_number) { - return GSS_S_UNSEQ_TOKEN; - } - } - - /* - * We need to reset the remote seq_number, because the client will use, - * the old one for the GSS_wrap() calls - */ - { - kret = krb5_auth_con_setremoteseqnumber(gssapi_krb5_context, - (*context_handle)->auth_context, - r_seq_number); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - } - - return gsskrb5_acceptor_ready(minor_status, context_handle, delegated_cred_handle); -} - -static OM_uint32 -gsskrb5_accept_sec_context - (OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - const gss_cred_id_t acceptor_cred_handle, - const gss_buffer_t input_token_buffer, - const gss_channel_bindings_t input_chan_bindings, - gss_name_t * src_name, - gss_OID * mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec, - gss_cred_id_t * delegated_cred_handle - ) -{ - OM_uint32 ret = GSS_S_COMPLETE; - krb5_data fwd_data; - gss_ctx_id_t local_context; - OM_uint32 minor_status2; - GSSAPI_KRB5_INIT(); - - krb5_data_zero (&fwd_data); - output_token->length = 0; - output_token->value = NULL; - - if (src_name != NULL) - *src_name = NULL; - if (mech_type) - *mech_type = GSS_KRB5_MECHANISM; - - if (*context_handle == GSS_C_NO_CONTEXT) { - ret = _gsskrb5_create_ctx(minor_status, - &local_context, - input_chan_bindings, - ACCEPTOR_START); - if (ret) return ret; - } else { - local_context = *context_handle; - } - - /* - * TODO: check the channel_bindings - * (above just sets them to krb5 layer) - */ - - HEIMDAL_MUTEX_lock(&(local_context)->ctx_id_mutex); - - switch ((local_context)->state) { - case ACCEPTOR_START: - ret = gsskrb5_acceptor_start(minor_status, - &local_context, - acceptor_cred_handle, - input_token_buffer, - input_chan_bindings, - src_name, - mech_type, - output_token, - ret_flags, - time_rec, - delegated_cred_handle); - break; - case ACCEPTOR_WAIT_FOR_DCESTYLE: - ret = gsskrb5_acceptor_wait_for_dcestyle(minor_status, - &local_context, - acceptor_cred_handle, - input_token_buffer, - input_chan_bindings, - src_name, - mech_type, - output_token, - ret_flags, - time_rec, - delegated_cred_handle); - break; - case ACCEPTOR_READY: - /* this function should not be called after it has returned GSS_S_COMPLETE */ - ret = GSS_S_BAD_STATUS; - break; - default: - /* TODO: is this correct here? --metze */ - ret = GSS_S_BAD_STATUS; - break; - } - - HEIMDAL_MUTEX_unlock(&(local_context)->ctx_id_mutex); - - if (*context_handle == GSS_C_NO_CONTEXT) { - if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) { - *context_handle = local_context; - } else { - gss_delete_sec_context(&minor_status2, - &local_context, - NULL); - } - } - - return ret; -} - -static OM_uint32 -code_NegTokenArg(OM_uint32 *minor_status, - const NegTokenTarg *targ, - krb5_data *data, - u_char **ret_buf) -{ - OM_uint32 ret; - u_char *buf; - size_t buf_size, buf_len; - - buf_size = 1024; - buf = malloc(buf_size); - if (buf == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - do { - ret = encode_NegTokenTarg(buf + buf_size - 1, - buf_size, - targ, &buf_len); - if (ret == 0) { - size_t tmp; - - ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, - buf_size - buf_len, - buf_len, - ASN1_C_CONTEXT, - CONS, - 1, - &tmp); - if (ret == 0) - buf_len += tmp; - } - if (ret) { - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - *minor_status = ENOMEM; - free(buf); - return GSS_S_FAILURE; - } - buf = tmp; - } else { - *minor_status = ret; - free(buf); - return GSS_S_FAILURE; - } - } - } while (ret == ASN1_OVERFLOW); - - data->data = buf + buf_size - buf_len; - data->length = buf_len; - *ret_buf = buf; - return GSS_S_COMPLETE; -} - -static OM_uint32 -send_reject (OM_uint32 *minor_status, - gss_buffer_t output_token) -{ - NegTokenTarg targ; - krb5_data data; - u_char *buf; - OM_uint32 ret; - - ALLOC(targ.negResult, 1); - if (targ.negResult == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - *(targ.negResult) = reject; - targ.supportedMech = NULL; - targ.responseToken = NULL; - targ.mechListMIC = NULL; - - ret = code_NegTokenArg (minor_status, &targ, &data, &buf); - free_NegTokenTarg(&targ); - if (ret) - return ret; - -#if 0 - ret = _gssapi_encapsulate(minor_status, - &data, - output_token, - GSS_SPNEGO_MECHANISM); -#else - output_token->value = malloc(data.length); - if (output_token->value == NULL) { - *minor_status = ENOMEM; - ret = GSS_S_FAILURE; - } else { - output_token->length = data.length; - memcpy(output_token->value, data.data, output_token->length); - } -#endif - free(buf); - if (ret) - return ret; - return GSS_S_BAD_MECH; -} - -static OM_uint32 -send_accept (OM_uint32 *minor_status, - OM_uint32 major_status, - gss_buffer_t output_token, - gss_buffer_t mech_token, - gss_ctx_id_t context_handle, - const MechTypeList *mechtypelist) -{ - NegTokenTarg targ; - krb5_data data; - u_char *buf; - OM_uint32 ret; - gss_buffer_desc mech_buf, mech_mic_buf; - krb5_boolean require_mic; - - memset(&targ, 0, sizeof(targ)); - ALLOC(targ.negResult, 1); - if (targ.negResult == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - *(targ.negResult) = accept_completed; - - ALLOC(targ.supportedMech, 1); - if (targ.supportedMech == NULL) { - free_NegTokenTarg(&targ); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - ret = der_get_oid(GSS_KRB5_MECHANISM->elements, - GSS_KRB5_MECHANISM->length, - targ.supportedMech, - NULL); - if (ret) { - free_NegTokenTarg(&targ); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - if (mech_token != NULL && mech_token->length != 0) { - ALLOC(targ.responseToken, 1); - if (targ.responseToken == NULL) { - free_NegTokenTarg(&targ); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - targ.responseToken->length = mech_token->length; - targ.responseToken->data = mech_token->value; - mech_token->length = 0; - mech_token->value = NULL; - } else { - targ.responseToken = NULL; - } - - ret = _gss_spnego_require_mechlist_mic(minor_status, context_handle, - &require_mic); - if (ret) { - free_NegTokenTarg(&targ); - return ret; - } - - if (major_status == GSS_S_COMPLETE && require_mic) { - size_t buf_len; - - ALLOC(targ.mechListMIC, 1); - if (targ.mechListMIC == NULL) { - free_NegTokenTarg(&targ); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - ASN1_MALLOC_ENCODE(MechTypeList, mech_buf.value, mech_buf.length, - mechtypelist, &buf_len, ret); - if (ret) { - free_NegTokenTarg(&targ); - return ret; - } - if (mech_buf.length != buf_len) - abort(); - - ret = gss_get_mic(minor_status, context_handle, 0, &mech_buf, - &mech_mic_buf); - free (mech_buf.value); - if (ret) { - free_NegTokenTarg(&targ); - return ret; - } - - targ.mechListMIC->length = mech_mic_buf.length; - targ.mechListMIC->data = mech_mic_buf.value; - } else - targ.mechListMIC = NULL; - - ret = code_NegTokenArg (minor_status, &targ, &data, &buf); - free_NegTokenTarg(&targ); - if (ret) - return ret; - -#if 0 - ret = _gssapi_encapsulate(minor_status, - &data, - output_token, - GSS_SPNEGO_MECHANISM); -#else - output_token->value = malloc(data.length); - if (output_token->value == NULL) { - *minor_status = ENOMEM; - ret = GSS_S_FAILURE; - } else { - output_token->length = data.length; - memcpy(output_token->value, data.data, output_token->length); - } -#endif - free(buf); - if (ret) - return ret; - return GSS_S_COMPLETE; -} - -static OM_uint32 -spnego_accept_sec_context - (OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - const gss_cred_id_t acceptor_cred_handle, - const gss_buffer_t input_token_buffer, - const gss_channel_bindings_t input_chan_bindings, - gss_name_t * src_name, - gss_OID * mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec, - gss_cred_id_t * delegated_cred_handle - ) -{ - OM_uint32 ret, ret2; - NegTokenInit ni; - size_t ni_len; - int i; - int found = 0; - krb5_data data; - size_t len, taglen; - - output_token->length = 0; - output_token->value = NULL; - - ret = _gssapi_decapsulate (minor_status, - input_token_buffer, - &data, - GSS_SPNEGO_MECHANISM); - if (ret) - return ret; - - ret = der_match_tag_and_length(data.data, data.length, - ASN1_C_CONTEXT, CONS, 0, &len, &taglen); - if (ret) - return ret; - - if(len > data.length - taglen) - return ASN1_OVERRUN; - - ret = decode_NegTokenInit((const unsigned char *)data.data + taglen, len, - &ni, &ni_len); - if (ret) - return GSS_S_DEFECTIVE_TOKEN; - - if (ni.mechTypes == NULL) { - free_NegTokenInit(&ni); - return send_reject (minor_status, output_token); - } - - for (i = 0; !found && i < ni.mechTypes->len; ++i) { - unsigned char mechbuf[17]; - size_t mech_len; - - ret = der_put_oid (mechbuf + sizeof(mechbuf) - 1, - sizeof(mechbuf), - &ni.mechTypes->val[i], - &mech_len); - if (ret) { - free_NegTokenInit(&ni); - return GSS_S_DEFECTIVE_TOKEN; - } - if (mech_len == GSS_KRB5_MECHANISM->length - && memcmp(GSS_KRB5_MECHANISM->elements, - mechbuf + sizeof(mechbuf) - mech_len, - mech_len) == 0) - found = 1; - } - if (found) { - gss_buffer_desc ibuf, obuf; - gss_buffer_t ot = NULL; - OM_uint32 minor; - - if (ni.mechToken != NULL) { - ibuf.length = ni.mechToken->length; - ibuf.value = ni.mechToken->data; - - ret = gsskrb5_accept_sec_context(&minor, - context_handle, - acceptor_cred_handle, - &ibuf, - input_chan_bindings, - src_name, - mech_type, - &obuf, - ret_flags, - time_rec, - delegated_cred_handle); - if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) { - ot = &obuf; - } else { - free_NegTokenInit(&ni); - send_reject (minor_status, output_token); - return ret; - } - } - ret2 = send_accept (minor_status, ret, output_token, ot, - *context_handle, ni.mechTypes); - if (ret2 != GSS_S_COMPLETE) - ret = ret2; - if (ot != NULL) - gss_release_buffer(&minor, ot); - free_NegTokenInit(&ni); - return ret; - } else { - free_NegTokenInit(&ni); - return send_reject (minor_status, output_token); - } -} - -OM_uint32 -gss_accept_sec_context - (OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - const gss_cred_id_t acceptor_cred_handle, - const gss_buffer_t input_token_buffer, - const gss_channel_bindings_t input_chan_bindings, - gss_name_t * src_name, - gss_OID * mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec, - gss_cred_id_t * delegated_cred_handle - ) -{ - OM_uint32 ret; - ssize_t mech_len; - const u_char *p; - - *minor_status = 0; - - mech_len = gssapi_krb5_get_mech (input_token_buffer->value, - input_token_buffer->length, - &p); - - /* This could be 'dce style' kerberos, where the OID is missing :-( */ - if ((mech_len < 0) || ((mech_len == GSS_KRB5_MECHANISM->length) - && memcmp(p, GSS_KRB5_MECHANISM->elements, mech_len) == 0)) - ret = gsskrb5_accept_sec_context(minor_status, - context_handle, - acceptor_cred_handle, - input_token_buffer, - input_chan_bindings, - src_name, - mech_type, - output_token, - ret_flags, - time_rec, - delegated_cred_handle); - else if (mech_len == GSS_SPNEGO_MECHANISM->length - && memcmp(p, GSS_SPNEGO_MECHANISM->elements, mech_len) == 0) - ret = spnego_accept_sec_context(minor_status, - context_handle, - acceptor_cred_handle, - input_token_buffer, - input_chan_bindings, - src_name, - mech_type, - output_token, - ret_flags, - time_rec, - delegated_cred_handle); - else - return GSS_S_BAD_MECH; - - return ret; -} diff --git a/source4/heimdal/lib/gssapi/acquire_cred.c b/source4/heimdal/lib/gssapi/acquire_cred.c deleted file mode 100644 index fa5d709a30..0000000000 --- a/source4/heimdal/lib/gssapi/acquire_cred.c +++ /dev/null @@ -1,383 +0,0 @@ -/* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: acquire_cred.c,v 1.27 2005/12/01 16:26:02 lha Exp $"); - -OM_uint32 -_gssapi_krb5_ccache_lifetime(OM_uint32 *minor_status, - krb5_ccache id, - krb5_principal principal, - OM_uint32 *lifetime) -{ - krb5_creds in_cred, *out_cred; - krb5_const_realm realm; - krb5_error_code kret; - - memset(&in_cred, 0, sizeof(in_cred)); - in_cred.client = principal; - - realm = krb5_principal_get_realm(gssapi_krb5_context, principal); - if (realm == NULL) { - gssapi_krb5_clear_status (); - *minor_status = KRB5_PRINC_NOMATCH; /* XXX */ - return GSS_S_FAILURE; - } - - kret = krb5_make_principal(gssapi_krb5_context, &in_cred.server, - realm, KRB5_TGS_NAME, realm, NULL); - if (kret) { - gssapi_krb5_set_error_string(); - *minor_status = kret; - return GSS_S_FAILURE; - } - - kret = krb5_get_credentials(gssapi_krb5_context, 0, - id, &in_cred, &out_cred); - krb5_free_principal(gssapi_krb5_context, in_cred.server); - if (kret) { - gssapi_krb5_set_error_string(); - *minor_status = kret; - return GSS_S_FAILURE; - } - - *lifetime = out_cred->times.endtime; - krb5_free_creds(gssapi_krb5_context, out_cred); - - return GSS_S_COMPLETE; -} - - - - -static krb5_error_code -get_keytab(krb5_context context, krb5_keytab *keytab) -{ - char kt_name[256]; - krb5_error_code kret; - - HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex); - - if (gssapi_krb5_keytab != NULL) { - kret = krb5_kt_get_name(context, - gssapi_krb5_keytab, - kt_name, sizeof(kt_name)); - if (kret == 0) - kret = krb5_kt_resolve(context, kt_name, keytab); - } else - kret = krb5_kt_default(context, keytab); - - HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); - - return (kret); -} - -static OM_uint32 acquire_initiator_cred - (OM_uint32 * minor_status, - krb5_context context, - const gss_name_t desired_name, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t handle, - gss_OID_set * actual_mechs, - OM_uint32 * time_rec - ) -{ - OM_uint32 ret; - krb5_creds cred; - krb5_principal def_princ; - krb5_get_init_creds_opt *opt; - krb5_ccache ccache; - krb5_error_code kret; - krb5_keytab keytab; - - ccache = NULL; - def_princ = NULL; - ret = GSS_S_FAILURE; - memset(&cred, 0, sizeof(cred)); - - /* If we have a preferred principal, lets try to find it in all - * caches, otherwise, fall back to default cache. Ignore - * errors. */ - if (handle->principal) - kret = krb5_cc_cache_match (gssapi_krb5_context, - handle->principal, - NULL, - &ccache); - - if (ccache == NULL) { - kret = krb5_cc_default(gssapi_krb5_context, &ccache); - if (kret) - goto end; - } - kret = krb5_cc_get_principal(context, ccache, - &def_princ); - if (kret != 0) { - /* we'll try to use a keytab below */ - krb5_cc_destroy(context, ccache); - ccache = NULL; - kret = 0; - } else if (handle->principal == NULL) { - kret = krb5_copy_principal(context, def_princ, - &handle->principal); - if (kret) - goto end; - } else if (handle->principal != NULL && - krb5_principal_compare(context, handle->principal, - def_princ) == FALSE) { - /* Before failing, lets check the keytab */ - krb5_free_principal(context, def_princ); - def_princ = NULL; - } - if (def_princ == NULL) { - /* We have no existing credentials cache, - * so attempt to get a TGT using a keytab. - */ - if (handle->principal == NULL) { - kret = krb5_get_default_principal(context, - &handle->principal); - if (kret) - goto end; - } - kret = get_keytab(context, &keytab); - if (kret) - goto end; - kret = krb5_get_init_creds_opt_alloc(gssapi_krb5_context, &opt); - if (kret) - goto end; - kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred, - handle->principal, keytab, 0, NULL, opt); - krb5_get_init_creds_opt_free(opt); - if (kret) - goto end; - kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops, - &ccache); - if (kret) - goto end; - kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client); - if (kret) - goto end; - kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred); - if (kret) - goto end; - handle->lifetime = cred.times.endtime; - handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE; - } else { - - ret = _gssapi_krb5_ccache_lifetime(minor_status, - ccache, - handle->principal, - &handle->lifetime); - if (ret != GSS_S_COMPLETE) - goto end; - kret = 0; - } - - handle->ccache = ccache; - ret = GSS_S_COMPLETE; - -end: - if (cred.client != NULL) - krb5_free_cred_contents(context, &cred); - if (def_princ != NULL) - krb5_free_principal(context, def_princ); - if (keytab != NULL) - krb5_kt_close(context, keytab); - if (ret != GSS_S_COMPLETE) { - if (ccache != NULL) - krb5_cc_close(gssapi_krb5_context, ccache); - if (kret != 0) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - } - } - return (ret); -} - -static OM_uint32 acquire_acceptor_cred - (OM_uint32 * minor_status, - krb5_context context, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t handle, - gss_OID_set * actual_mechs, - OM_uint32 * time_rec - ) -{ - OM_uint32 ret; - krb5_error_code kret; - - kret = 0; - ret = GSS_S_FAILURE; - kret = get_keytab(context, &handle->keytab); - if (kret) - goto end; - - /* check that the requested principal exists in the keytab */ - if (handle->principal) { - krb5_keytab_entry entry; - - kret = krb5_kt_get_entry(gssapi_krb5_context, handle->keytab, - handle->principal, 0, 0, &entry); - if (kret) - goto end; - krb5_kt_free_entry(gssapi_krb5_context, &entry); - } - ret = GSS_S_COMPLETE; - -end: - if (ret != GSS_S_COMPLETE) { - krb5_kt_close(context, handle->keytab); - if (kret != 0) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - } - } - return (ret); -} - -OM_uint32 gss_acquire_cred - (OM_uint32 * minor_status, - const gss_name_t desired_name, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t * output_cred_handle, - gss_OID_set * actual_mechs, - OM_uint32 * time_rec - ) -{ - gss_cred_id_t handle; - OM_uint32 ret; - - if (cred_usage != GSS_C_ACCEPT && cred_usage != GSS_C_INITIATE && cred_usage != GSS_C_BOTH) { - *minor_status = GSS_KRB5_S_G_BAD_USAGE; - return GSS_S_FAILURE; - } - - GSSAPI_KRB5_INIT (); - - *output_cred_handle = NULL; - if (time_rec) - *time_rec = 0; - if (actual_mechs) - *actual_mechs = GSS_C_NO_OID_SET; - - if (desired_mechs) { - int present = 0; - - ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - desired_mechs, &present); - if (ret) - return ret; - if (!present) { - *minor_status = 0; - return GSS_S_BAD_MECH; - } - } - - handle = (gss_cred_id_t)malloc(sizeof(*handle)); - if (handle == GSS_C_NO_CREDENTIAL) { - *minor_status = ENOMEM; - return (GSS_S_FAILURE); - } - - memset(handle, 0, sizeof (*handle)); - HEIMDAL_MUTEX_init(&handle->cred_id_mutex); - - if (desired_name != GSS_C_NO_NAME) { - ret = gss_duplicate_name(minor_status, desired_name, - &handle->principal); - if (ret != GSS_S_COMPLETE) { - HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); - free(handle); - return (ret); - } - } - if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) { - ret = acquire_initiator_cred(minor_status, gssapi_krb5_context, - desired_name, time_req, - desired_mechs, cred_usage, - handle, actual_mechs, time_rec); - if (ret != GSS_S_COMPLETE) { - HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); - krb5_free_principal(gssapi_krb5_context, handle->principal); - free(handle); - return (ret); - } - } - if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) { - ret = acquire_acceptor_cred(minor_status, gssapi_krb5_context, - time_req, - desired_mechs, cred_usage, - handle, actual_mechs, time_rec); - if (ret != GSS_S_COMPLETE) { - HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); - krb5_free_principal(gssapi_krb5_context, handle->principal); - free(handle); - return (ret); - } - } - ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); - if (ret == GSS_S_COMPLETE) - ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &handle->mechanisms); - if (ret == GSS_S_COMPLETE) - ret = gss_inquire_cred(minor_status, handle, NULL, time_rec, NULL, - actual_mechs); - if (ret != GSS_S_COMPLETE) { - if (handle->mechanisms != NULL) - gss_release_oid_set(NULL, &handle->mechanisms); - HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); - krb5_free_principal(gssapi_krb5_context, handle->principal); - free(handle); - return (ret); - } - *minor_status = 0; - if (time_rec) { - ret = gssapi_lifetime_left(minor_status, - handle->lifetime, - time_rec); - - if (ret) - return ret; - } - handle->usage = cred_usage; - - *output_cred_handle = handle; - return (GSS_S_COMPLETE); -} - diff --git a/source4/heimdal/lib/gssapi/add_oid_set_member.c b/source4/heimdal/lib/gssapi/add_oid_set_member.c deleted file mode 100644 index ed654fc8c5..0000000000 --- a/source4/heimdal/lib/gssapi/add_oid_set_member.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: add_oid_set_member.c,v 1.8 2003/03/16 17:50:49 lha Exp $"); - -OM_uint32 gss_add_oid_set_member ( - OM_uint32 * minor_status, - const gss_OID member_oid, - gss_OID_set * oid_set - ) -{ - gss_OID tmp; - size_t n; - OM_uint32 res; - int present; - - res = gss_test_oid_set_member(minor_status, member_oid, *oid_set, &present); - if (res != GSS_S_COMPLETE) - return res; - - if (present) { - *minor_status = 0; - return GSS_S_COMPLETE; - } - - n = (*oid_set)->count + 1; - tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc)); - if (tmp == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*oid_set)->elements = tmp; - (*oid_set)->count = n; - (*oid_set)->elements[n-1] = *member_oid; - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/address_to_krb5addr.c b/source4/heimdal/lib/gssapi/address_to_krb5addr.c deleted file mode 100644 index 13a6825f55..0000000000 --- a/source4/heimdal/lib/gssapi/address_to_krb5addr.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -#include - -krb5_error_code -gss_address_to_krb5addr(OM_uint32 gss_addr_type, - gss_buffer_desc *gss_addr, - int16_t port, - krb5_address *address) -{ - int addr_type; - struct sockaddr sa; - krb5_socklen_t sa_size = sizeof(sa); - krb5_error_code problem; - - if (gss_addr == NULL) - return GSS_S_FAILURE; - - switch (gss_addr_type) { -#ifdef HAVE_IPV6 - case GSS_C_AF_INET6: addr_type = AF_INET6; - break; -#endif /* HAVE_IPV6 */ - - case GSS_C_AF_INET: addr_type = AF_INET; - break; - default: - return GSS_S_FAILURE; - } - - problem = krb5_h_addr2sockaddr (gssapi_krb5_context, - addr_type, - gss_addr->value, - &sa, - &sa_size, - port); - if (problem) - return GSS_S_FAILURE; - - problem = krb5_sockaddr2address (gssapi_krb5_context, &sa, address); - - return problem; -} diff --git a/source4/heimdal/lib/gssapi/arcfour.c b/source4/heimdal/lib/gssapi/arcfour.c deleted file mode 100644 index 936a20d403..0000000000 --- a/source4/heimdal/lib/gssapi/arcfour.c +++ /dev/null @@ -1,691 +0,0 @@ -/* - * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: arcfour.c,v 1.19 2006/05/04 11:56:50 lha Exp $"); - -/* - * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt - * - * The arcfour message have the following formats: - * - * MIC token - * TOK_ID[2] = 01 01 - * SGN_ALG[2] = 11 00 - * Filler[4] - * SND_SEQ[8] - * SGN_CKSUM[8] - * - * WRAP token - * TOK_ID[2] = 02 01 - * SGN_ALG[2]; - * SEAL_ALG[2] - * Filler[2] - * SND_SEQ[2] - * SGN_CKSUM[8] - * Confounder[8] - */ - - -static krb5_error_code -arcfour_mic_key(krb5_context context, krb5_keyblock *key, - void *cksum_data, size_t cksum_size, - void *key6_data, size_t key6_size) -{ - krb5_error_code ret; - - Checksum cksum_k5; - krb5_keyblock key5; - char k5_data[16]; - - Checksum cksum_k6; - - char T[4]; - - memset(T, 0, 4); - cksum_k5.checksum.data = k5_data; - cksum_k5.checksum.length = sizeof(k5_data); - - if (key->keytype == KEYTYPE_ARCFOUR_56) { - char L40[14] = "fortybits"; - - memcpy(L40 + 10, T, sizeof(T)); - ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5, - L40, 14, 0, key, &cksum_k5); - memset(&k5_data[7], 0xAB, 9); - } else { - ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5, - T, 4, 0, key, &cksum_k5); - } - if (ret) - return ret; - - key5.keytype = KEYTYPE_ARCFOUR; - key5.keyvalue = cksum_k5.checksum; - - cksum_k6.checksum.data = key6_data; - cksum_k6.checksum.length = key6_size; - - return krb5_hmac(context, CKSUMTYPE_RSA_MD5, - cksum_data, cksum_size, 0, &key5, &cksum_k6); -} - - -static krb5_error_code -arcfour_mic_cksum(krb5_keyblock *key, unsigned usage, - u_char *sgn_cksum, size_t sgn_cksum_sz, - const u_char *v1, size_t l1, - const void *v2, size_t l2, - const void *v3, size_t l3) -{ - Checksum CKSUM; - u_char *ptr; - size_t len; - krb5_crypto crypto; - krb5_error_code ret; - - assert(sgn_cksum_sz == 8); - - len = l1 + l2 + l3; - - ptr = malloc(len); - if (ptr == NULL) - return ENOMEM; - - memcpy(ptr, v1, l1); - memcpy(ptr + l1, v2, l2); - memcpy(ptr + l1 + l2, v3, l3); - - ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); - if (ret) { - free(ptr); - return ret; - } - - ret = krb5_create_checksum(gssapi_krb5_context, - crypto, - usage, - 0, - ptr, len, - &CKSUM); - free(ptr); - if (ret == 0) { - memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz); - free_Checksum(&CKSUM); - } - krb5_crypto_destroy(gssapi_krb5_context, crypto); - - return ret; -} - - -OM_uint32 -_gssapi_get_mic_arcfour(OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token, - krb5_keyblock *key) -{ - krb5_error_code ret; - int32_t seq_number; - size_t len, total_len; - u_char k6_data[16], *p0, *p; - RC4_KEY rc4_key; - - gssapi_krb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM); - - message_token->length = total_len; - message_token->value = malloc (total_len); - if (message_token->value == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p0 = _gssapi_make_mech_header(message_token->value, - len, - GSS_KRB5_MECHANISM); - p = p0; - - *p++ = 0x01; /* TOK_ID */ - *p++ = 0x01; - *p++ = 0x11; /* SGN_ALG */ - *p++ = 0x00; - *p++ = 0xff; /* Filler */ - *p++ = 0xff; - *p++ = 0xff; - *p++ = 0xff; - - p = NULL; - - ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN, - p0 + 16, 8, /* SGN_CKSUM */ - p0, 8, /* TOK_ID, SGN_ALG, Filer */ - message_buffer->value, message_buffer->length, - NULL, 0); - if (ret) { - gss_release_buffer(minor_status, message_token); - *minor_status = ret; - return GSS_S_FAILURE; - } - - ret = arcfour_mic_key(gssapi_krb5_context, key, - p0 + 16, 8, /* SGN_CKSUM */ - k6_data, sizeof(k6_data)); - if (ret) { - gss_release_buffer(minor_status, message_token); - *minor_status = ret; - return GSS_S_FAILURE; - } - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - p = p0 + 8; /* SND_SEQ */ - gssapi_encode_be_om_uint32(seq_number, p); - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4); - - RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); - RC4 (&rc4_key, 8, p, p); - - memset(&rc4_key, 0, sizeof(rc4_key)); - memset(k6_data, 0, sizeof(k6_data)); - - *minor_status = 0; - return GSS_S_COMPLETE; -} - - -OM_uint32 -_gssapi_verify_mic_arcfour(OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state, - krb5_keyblock *key, - char *type) -{ - krb5_error_code ret; - int32_t seq_number; - OM_uint32 omret; - u_char SND_SEQ[8], cksum_data[8], *p; - char k6_data[16]; - int cmp; - - if (qop_state) - *qop_state = 0; - - p = token_buffer->value; - omret = gssapi_krb5_verify_header (&p, - token_buffer->length, - (u_char *)type, - GSS_KRB5_MECHANISM); - if (omret) - return omret; - - if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */ - return GSS_S_BAD_SIG; - p += 2; - if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) - return GSS_S_BAD_MIC; - p += 4; - - ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN, - cksum_data, sizeof(cksum_data), - p - 8, 8, - message_buffer->value, message_buffer->length, - NULL, 0); - if (ret) { - *minor_status = ret; - return GSS_S_FAILURE; - } - - ret = arcfour_mic_key(gssapi_krb5_context, key, - cksum_data, sizeof(cksum_data), - k6_data, sizeof(k6_data)); - if (ret) { - *minor_status = ret; - return GSS_S_FAILURE; - } - - cmp = memcmp(cksum_data, p + 8, 8); - if (cmp) { - *minor_status = 0; - return GSS_S_BAD_MIC; - } - - { - RC4_KEY rc4_key; - - RC4_set_key (&rc4_key, sizeof(k6_data), (void*)k6_data); - RC4 (&rc4_key, 8, p, SND_SEQ); - - memset(&rc4_key, 0, sizeof(rc4_key)); - memset(k6_data, 0, sizeof(k6_data)); - } - - gssapi_decode_be_om_uint32(SND_SEQ, &seq_number); - - if (context_handle->more_flags & LOCAL) - cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4); - else - cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4); - - memset(SND_SEQ, 0, sizeof(SND_SEQ)); - if (cmp != 0) { - *minor_status = 0; - return GSS_S_BAD_MIC; - } - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - omret = _gssapi_msg_order_check(context_handle->order, seq_number); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - if (omret) - return omret; - - *minor_status = 0; - return GSS_S_COMPLETE; -} - -OM_uint32 -_gssapi_wrap_size_arcfour(OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - OM_uint32 req_input_size, - OM_uint32 * output_size, - OM_uint32 * padlen, - krb5_keyblock *key) -{ - size_t len, total_len, datalen; - *padlen = 0; - datalen = req_input_size; - len = GSS_ARCFOUR_WRAP_TOKEN_SIZE; - /* if GSS_C_DCE_STYLE is in use: - * - we only need to encapsulate the WRAP token - * - we should not add padding - */ - if (!(context_handle->flags & GSS_C_DCE_STYLE)) { - datalen += 1 /* padding */; - len += datalen; - } - _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); - if (context_handle->flags & GSS_C_DCE_STYLE) { - total_len += datalen; - } - - *output_size = total_len; - return GSS_S_COMPLETE; -} - -OM_uint32 -_gssapi_wrap_arcfour(OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer, - krb5_keyblock *key) -{ - u_char Klocaldata[16], k6_data[16], *p, *p0; - size_t len, total_len, datalen; - krb5_keyblock Klocal; - krb5_error_code ret; - int32_t seq_number; - - if (conf_state) - *conf_state = 0; - - datalen = input_message_buffer->length; - len = GSS_ARCFOUR_WRAP_TOKEN_SIZE; - /* if GSS_C_DCE_STYLE is in use: - * - we only need to encapsulate the WRAP token - * - we should not add padding - */ - if (!(context_handle->flags & GSS_C_DCE_STYLE)) { - datalen += 1 /* padding */; - len += datalen; - } - _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); - if (context_handle->flags & GSS_C_DCE_STYLE) { - total_len += datalen; - } - - output_message_buffer->length = total_len; - output_message_buffer->value = malloc (total_len); - if (output_message_buffer->value == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p0 = _gssapi_make_mech_header(output_message_buffer->value, - len, - GSS_KRB5_MECHANISM); - p = p0; - - *p++ = 0x02; /* TOK_ID */ - *p++ = 0x01; - *p++ = 0x11; /* SGN_ALG */ - *p++ = 0x00; - if (conf_req_flag) { - *p++ = 0x10; /* SEAL_ALG */ - *p++ = 0x00; - } else { - *p++ = 0xff; /* SEAL_ALG */ - *p++ = 0xff; - } - *p++ = 0xff; /* Filler */ - *p++ = 0xff; - - p = NULL; - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - - gssapi_encode_be_om_uint32(seq_number, p0 + 8); - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - memset (p0 + 8 + 4, - (context_handle->more_flags & LOCAL) ? 0 : 0xff, - 4); - - krb5_generate_random_block(p0 + 24, 8); /* fill in Confounder */ - - /* p points to data */ - p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE; - memcpy(p, input_message_buffer->value, input_message_buffer->length); - /* only add padding when GSS_C_DCE_STYLE is not in use */ - if (!(context_handle->flags & GSS_C_DCE_STYLE)) { - p[input_message_buffer->length] = 1; /* PADDING */ - } - - ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL, - p0 + 16, 8, /* SGN_CKSUM */ - p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */ - p0 + 24, 8, /* Confounder */ - p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, - datalen); - if (ret) { - *minor_status = ret; - gss_release_buffer(minor_status, output_message_buffer); - return GSS_S_FAILURE; - } - - { - int i; - - Klocal.keytype = key->keytype; - Klocal.keyvalue.data = Klocaldata; - Klocal.keyvalue.length = sizeof(Klocaldata); - - for (i = 0; i < 16; i++) - Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0; - } - ret = arcfour_mic_key(gssapi_krb5_context, &Klocal, - p0 + 8, 4, /* SND_SEQ */ - k6_data, sizeof(k6_data)); - memset(Klocaldata, 0, sizeof(Klocaldata)); - if (ret) { - gss_release_buffer(minor_status, output_message_buffer); - *minor_status = ret; - return GSS_S_FAILURE; - } - - - if(conf_req_flag) { - RC4_KEY rc4_key; - - RC4_set_key (&rc4_key, sizeof(k6_data), (void *)k6_data); - /* XXX ? */ - RC4 (&rc4_key, 8 + datalen, p0 + 24, p0 + 24); /* Confounder + data */ - memset(&rc4_key, 0, sizeof(rc4_key)); - } - memset(k6_data, 0, sizeof(k6_data)); - - ret = arcfour_mic_key(gssapi_krb5_context, key, - p0 + 16, 8, /* SGN_CKSUM */ - k6_data, sizeof(k6_data)); - if (ret) { - gss_release_buffer(minor_status, output_message_buffer); - *minor_status = ret; - return GSS_S_FAILURE; - } - - { - RC4_KEY rc4_key; - - RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); - RC4 (&rc4_key, 8, p0 + 8, p0 + 8); /* SND_SEQ */ - memset(&rc4_key, 0, sizeof(rc4_key)); - memset(k6_data, 0, sizeof(k6_data)); - } - - if (conf_state) - *conf_state = conf_req_flag; - - *minor_status = 0; - return GSS_S_COMPLETE; -} - -OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int *conf_state, - gss_qop_t *qop_state, - krb5_keyblock *key) -{ - u_char Klocaldata[16]; - krb5_keyblock Klocal; - krb5_error_code ret; - int32_t seq_number; - size_t len, datalen; - OM_uint32 omret; - u_char k6_data[16], SND_SEQ[8], Confounder[8]; - u_char cksum_data[8]; - u_char *p, *p0; - int cmp; - int conf_flag; - size_t padlen = 0; - - if (conf_state) - *conf_state = 0; - if (qop_state) - *qop_state = 0; - - p0 = input_message_buffer->value; - len = input_message_buffer->length; - /* if we have GSS_C_DCE_STYLE in use, we only need to decapsulate the WRAP token */ - if (context_handle->flags & GSS_C_DCE_STYLE) { - if (input_message_buffer->length < (GSS_ARCFOUR_WRAP_TOKEN_OFFSET+GSS_ARCFOUR_WRAP_TOKEN_SIZE)) { - return GSS_S_BAD_MECH; - } - len = GSS_ARCFOUR_WRAP_TOKEN_OFFSET+GSS_ARCFOUR_WRAP_TOKEN_SIZE; - } - omret = _gssapi_verify_mech_header(&p0, - len, - GSS_KRB5_MECHANISM); - if (omret) - return omret; - p = p0; - - datalen = input_message_buffer->length - - (p - ((u_char *)input_message_buffer->value)) - - GSS_ARCFOUR_WRAP_TOKEN_SIZE; - - if (memcmp(p, "\x02\x01", 2) != 0) - return GSS_S_BAD_SIG; - p += 2; - if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */ - return GSS_S_BAD_SIG; - p += 2; - - if (memcmp (p, "\x10\x00", 2) == 0) - conf_flag = 1; - else if (memcmp (p, "\xff\xff", 2) == 0) - conf_flag = 0; - else - return GSS_S_BAD_SIG; - - p += 2; - if (memcmp (p, "\xff\xff", 2) != 0) - return GSS_S_BAD_MIC; - p = NULL; - - ret = arcfour_mic_key(gssapi_krb5_context, key, - p0 + 16, 8, /* SGN_CKSUM */ - k6_data, sizeof(k6_data)); - if (ret) { - *minor_status = ret; - return GSS_S_FAILURE; - } - - { - RC4_KEY rc4_key; - - RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); - RC4 (&rc4_key, 8, p0 + 8, SND_SEQ); /* SND_SEQ */ - memset(&rc4_key, 0, sizeof(rc4_key)); - memset(k6_data, 0, sizeof(k6_data)); - } - - gssapi_decode_be_om_uint32(SND_SEQ, &seq_number); - - if (context_handle->more_flags & LOCAL) - cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4); - else - cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4); - - if (cmp != 0) { - *minor_status = 0; - return GSS_S_BAD_MIC; - } - - { - int i; - - Klocal.keytype = key->keytype; - Klocal.keyvalue.data = Klocaldata; - Klocal.keyvalue.length = sizeof(Klocaldata); - - for (i = 0; i < 16; i++) - Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0; - } - ret = arcfour_mic_key(gssapi_krb5_context, &Klocal, - SND_SEQ, 4, - k6_data, sizeof(k6_data)); - memset(Klocaldata, 0, sizeof(Klocaldata)); - if (ret) { - *minor_status = ret; - return GSS_S_FAILURE; - } - - output_message_buffer->value = malloc(datalen); - if (output_message_buffer->value == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - output_message_buffer->length = datalen; - - if(conf_flag) { - RC4_KEY rc4_key; - - RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); - RC4 (&rc4_key, 8, p0 + 24, Confounder); /* Confounder */ - RC4 (&rc4_key, datalen, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, - output_message_buffer->value); - memset(&rc4_key, 0, sizeof(rc4_key)); - } else { - memcpy(Confounder, p0 + 24, 8); /* Confounder */ - memcpy(output_message_buffer->value, - p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, - datalen); - } - memset(k6_data, 0, sizeof(k6_data)); - - if (!(context_handle->flags & GSS_C_DCE_STYLE)) { - ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen); - if (ret) { - gss_release_buffer(minor_status, output_message_buffer); - *minor_status = 0; - return ret; - } - output_message_buffer->length -= padlen; - } - - ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL, - cksum_data, sizeof(cksum_data), - p0, 8, - Confounder, sizeof(Confounder), - output_message_buffer->value, - output_message_buffer->length + padlen); - if (ret) { - gss_release_buffer(minor_status, output_message_buffer); - *minor_status = ret; - return GSS_S_FAILURE; - } - - cmp = memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */ - if (cmp) { - gss_release_buffer(minor_status, output_message_buffer); - *minor_status = 0; - return GSS_S_BAD_MIC; - } - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - omret = _gssapi_msg_order_check(context_handle->order, seq_number); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - if (omret) - return omret; - - if (conf_state) - *conf_state = conf_flag; - - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/arcfour.h b/source4/heimdal/lib/gssapi/arcfour.h deleted file mode 100644 index 0406b64b09..0000000000 --- a/source4/heimdal/lib/gssapi/arcfour.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: arcfour.h,v 1.5 2004/03/07 22:30:57 lha Exp $ */ - -#ifndef GSSAPI_ARCFOUR_H_ -#define GSSAPI_ARCFOUR_H_ 1 - -#define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32 -#define GSS_ARCFOUR_WRAP_TOKEN_OFFSET 13 - -OM_uint32 _gssapi_wrap_arcfour(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int *conf_state, - gss_buffer_t output_message_buffer, - krb5_keyblock *key); - -OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int *conf_state, - gss_qop_t *qop_state, - krb5_keyblock *key); - -OM_uint32 _gssapi_get_mic_arcfour(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token, - krb5_keyblock *key); - -OM_uint32 _gssapi_verify_mic_arcfour(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t *qop_state, - krb5_keyblock *key, - char *type); -OM_uint32 -_gssapi_wrap_size_arcfour(OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - OM_uint32 req_input_size, - OM_uint32 * output_size, - OM_uint32 * padlen, - krb5_keyblock *key); - -#endif /* GSSAPI_ARCFOUR_H_ */ diff --git a/source4/heimdal/lib/gssapi/ccache_name.c b/source4/heimdal/lib/gssapi/ccache_name.c deleted file mode 100755 index 3bebb83c1f..0000000000 --- a/source4/heimdal/lib/gssapi/ccache_name.c +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: ccache_name.c,v 1.2 2005/06/16 20:38:49 lha Exp $"); - -char *last_out_name; - -OM_uint32 -gss_krb5_ccache_name(OM_uint32 *minor_status, - const char *name, - const char **out_name) -{ - krb5_error_code kret; - - *minor_status = 0; - - GSSAPI_KRB5_INIT(); - - if (out_name) { - const char *n; - - if (last_out_name) { - free(last_out_name); - last_out_name = NULL; - } - - n = krb5_cc_default_name(gssapi_krb5_context); - if (n == NULL) { - *minor_status = ENOMEM; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - last_out_name = strdup(n); - if (last_out_name == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - *out_name = last_out_name; - } - - kret = krb5_cc_set_default_name(gssapi_krb5_context, name); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/cfx.c b/source4/heimdal/lib/gssapi/cfx.c deleted file mode 100755 index ef7907c0de..0000000000 --- a/source4/heimdal/lib/gssapi/cfx.c +++ /dev/null @@ -1,839 +0,0 @@ -/* - * Copyright (c) 2003, PADL Software Pty Ltd. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of PADL Software nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: cfx.c,v 1.19 2006/05/05 10:26:43 lha Exp $"); - -/* - * Implementation of draft-ietf-krb-wg-gssapi-cfx-06.txt - */ - -#define CFXSentByAcceptor (1 << 0) -#define CFXSealed (1 << 1) -#define CFXAcceptorSubkey (1 << 2) - -static krb5_error_code -wrap_length_cfx(krb5_crypto crypto, - int conf_req_flag, - size_t input_length, - size_t *output_length, - size_t *cksumsize, - uint16_t *padlength, - size_t *padsize) -{ - krb5_error_code ret; - krb5_cksumtype type; - - /* 16-byte header is always first */ - *output_length = sizeof(gss_cfx_wrap_token_desc); - *padlength = 0; - - ret = krb5_crypto_get_checksum_type(gssapi_krb5_context, crypto, &type); - if (ret) { - return ret; - } - - ret = krb5_checksumsize(gssapi_krb5_context, type, cksumsize); - if (ret) { - return ret; - } - - if (conf_req_flag) { - - /* Header is concatenated with data before encryption */ - input_length += sizeof(gss_cfx_wrap_token_desc); - - ret = krb5_crypto_getpadsize(gssapi_krb5_context, crypto, padsize); - if (ret) { - return ret; - } - if (*padsize > 1) { - /* XXX check this */ - *padlength = *padsize - (input_length % *padsize); - } - - /* We add the pad ourselves (noted here for completeness only) */ - input_length += *padlength; - - *output_length += krb5_get_wrapped_length(gssapi_krb5_context, - crypto, input_length); - } else { - /* Checksum is concatenated with data */ - *output_length += input_length + *cksumsize; - *padsize = 0; - } - - assert(*output_length > input_length); - - return 0; -} - -OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - OM_uint32 req_input_size, - OM_uint32 *output_len, - OM_uint32 *padsize, - krb5_keyblock *key) -{ - krb5_error_code ret; - krb5_crypto crypto; - uint16_t pad_length; - size_t pad_size; - size_t output_length, cksumsize; - - ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - return GSS_S_FAILURE; - } - - ret = wrap_length_cfx(crypto, conf_req_flag, - req_input_size, - &output_length, &cksumsize, &pad_length, &pad_size); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - return GSS_S_FAILURE; - } - - *output_len = output_length; - *padsize = pad_size; - - krb5_crypto_destroy(gssapi_krb5_context, crypto); - - return GSS_S_COMPLETE; -} - -/* - * Rotate "rrc" bytes to the front or back - */ - -static krb5_error_code -rrc_rotate(void *data, size_t len, uint16_t rrc, krb5_boolean unrotate) -{ - u_char *tmp, buf[256]; - size_t left; - - if (len == 0) - return 0; - - rrc %= len; - - if (rrc == 0) - return 0; - - left = len - rrc; - - if (rrc <= sizeof(buf)) { - tmp = buf; - } else { - tmp = malloc(rrc); - if (tmp == NULL) - return ENOMEM; - } - - if (unrotate) { - memcpy(tmp, data, rrc); - memmove(data, (u_char *)data + rrc, left); - memcpy((u_char *)data + left, tmp, rrc); - } else { - memcpy(tmp, (u_char *)data + left, rrc); - memmove((u_char *)data + rrc, data, left); - memcpy(data, tmp, rrc); - } - - if (rrc > sizeof(buf)) - free(tmp); - - return 0; -} - -OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int *conf_state, - gss_buffer_t output_message_buffer, - krb5_keyblock *key) -{ - krb5_crypto crypto; - gss_cfx_wrap_token token; - krb5_error_code ret; - unsigned usage; - krb5_data cipher; - size_t wrapped_len, cksumsize; - uint16_t padlength, rrc = 0; - int32_t seq_number; - size_t padsize; - u_char *p; - - ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - return GSS_S_FAILURE; - } - - ret = wrap_length_cfx(crypto, conf_req_flag, - input_message_buffer->length, - &wrapped_len, &cksumsize, &padlength, &padsize); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - return GSS_S_FAILURE; - } - - /* Always rotate encrypted token (if any) and checksum to header */ - rrc = (conf_req_flag ? sizeof(*token) : 0) + (uint16_t)cksumsize; - - output_message_buffer->length = wrapped_len; - output_message_buffer->value = malloc(output_message_buffer->length); - if (output_message_buffer->value == NULL) { - *minor_status = ENOMEM; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - return GSS_S_FAILURE; - } - - p = output_message_buffer->value; - token = (gss_cfx_wrap_token)p; - token->TOK_ID[0] = 0x05; - token->TOK_ID[1] = 0x04; - token->Flags = 0; - token->Filler = 0xFF; - if ((context_handle->more_flags & LOCAL) == 0) - token->Flags |= CFXSentByAcceptor; - if (context_handle->more_flags & ACCEPTOR_SUBKEY) - token->Flags |= CFXAcceptorSubkey; - if (conf_req_flag) { - /* - * In Wrap tokens with confidentiality, the EC field is - * used to encode the size (in bytes) of the random filler. - */ - token->Flags |= CFXSealed; - token->EC[0] = (padlength >> 8) & 0xFF; - token->EC[1] = (padlength >> 0) & 0xFF; - } else { - /* - * In Wrap tokens without confidentiality, the EC field is - * used to encode the size (in bytes) of the trailing - * checksum. - * - * This is not used in the checksum calcuation itself, - * because the checksum length could potentially vary - * depending on the data length. - */ - token->EC[0] = 0; - token->EC[1] = 0; - } - - /* - * In Wrap tokens that provide for confidentiality, the RRC - * field in the header contains the hex value 00 00 before - * encryption. - * - * In Wrap tokens that do not provide for confidentiality, - * both the EC and RRC fields in the appended checksum - * contain the hex value 00 00 for the purpose of calculating - * the checksum. - */ - token->RRC[0] = 0; - token->RRC[1] = 0; - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - krb5_auth_con_getlocalseqnumber(gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - gssapi_encode_be_om_uint32(0, &token->SND_SEQ[0]); - gssapi_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]); - krb5_auth_con_setlocalseqnumber(gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - /* - * If confidentiality is requested, the token header is - * appended to the plaintext before encryption; the resulting - * token is {"header" | encrypt(plaintext | pad | "header")}. - * - * If no confidentiality is requested, the checksum is - * calculated over the plaintext concatenated with the - * token header. - */ - if (context_handle->more_flags & LOCAL) { - usage = KRB5_KU_USAGE_INITIATOR_SEAL; - } else { - usage = KRB5_KU_USAGE_ACCEPTOR_SEAL; - } - - if (conf_req_flag) { - /* - * Any necessary padding is added here to ensure that the - * encrypted token header is always at the end of the - * ciphertext. - * - * The specification does not require that the padding - * bytes are initialized. - */ - p += sizeof(*token); - memcpy(p, input_message_buffer->value, input_message_buffer->length); - memset(p + input_message_buffer->length, 0xFF, padlength); - memcpy(p + input_message_buffer->length + padlength, - token, sizeof(*token)); - - ret = krb5_encrypt(gssapi_krb5_context, crypto, - usage, p, - input_message_buffer->length + padlength + - sizeof(*token), - &cipher); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - gss_release_buffer(minor_status, output_message_buffer); - return GSS_S_FAILURE; - } - assert(sizeof(*token) + cipher.length == wrapped_len); - token->RRC[0] = (rrc >> 8) & 0xFF; - token->RRC[1] = (rrc >> 0) & 0xFF; - - ret = rrc_rotate(cipher.data, cipher.length, rrc, FALSE); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - gss_release_buffer(minor_status, output_message_buffer); - return GSS_S_FAILURE; - } - memcpy(p, cipher.data, cipher.length); - krb5_data_free(&cipher); - } else { - char *buf; - Checksum cksum; - - buf = malloc(input_message_buffer->length + sizeof(*token)); - if (buf == NULL) { - *minor_status = ENOMEM; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - gss_release_buffer(minor_status, output_message_buffer); - return GSS_S_FAILURE; - } - memcpy(buf, input_message_buffer->value, input_message_buffer->length); - memcpy(buf + input_message_buffer->length, token, sizeof(*token)); - - ret = krb5_create_checksum(gssapi_krb5_context, crypto, - usage, 0, buf, - input_message_buffer->length + - sizeof(*token), - &cksum); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - gss_release_buffer(minor_status, output_message_buffer); - free(buf); - return GSS_S_FAILURE; - } - - free(buf); - - assert(cksum.checksum.length == cksumsize); - token->EC[0] = (cksum.checksum.length >> 8) & 0xFF; - token->EC[1] = (cksum.checksum.length >> 0) & 0xFF; - token->RRC[0] = (rrc >> 8) & 0xFF; - token->RRC[1] = (rrc >> 0) & 0xFF; - - p += sizeof(*token); - memcpy(p, input_message_buffer->value, input_message_buffer->length); - memcpy(p + input_message_buffer->length, - cksum.checksum.data, cksum.checksum.length); - - ret = rrc_rotate(p, - input_message_buffer->length + cksum.checksum.length, rrc, FALSE); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - gss_release_buffer(minor_status, output_message_buffer); - free_Checksum(&cksum); - return GSS_S_FAILURE; - } - free_Checksum(&cksum); - } - - krb5_crypto_destroy(gssapi_krb5_context, crypto); - - if (conf_state != NULL) { - *conf_state = conf_req_flag; - } - - *minor_status = 0; - return GSS_S_COMPLETE; -} - -OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int *conf_state, - gss_qop_t *qop_state, - krb5_keyblock *key) -{ - krb5_crypto crypto; - gss_cfx_wrap_token token; - u_char token_flags; - krb5_error_code ret; - unsigned usage; - krb5_data data; - uint16_t ec, rrc; - OM_uint32 seq_number_lo, seq_number_hi; - size_t len; - u_char *p; - - *minor_status = 0; - - if (input_message_buffer->length < sizeof(*token)) { - return GSS_S_DEFECTIVE_TOKEN; - } - - p = input_message_buffer->value; - - token = (gss_cfx_wrap_token)p; - - if (token->TOK_ID[0] != 0x05 || token->TOK_ID[1] != 0x04) { - return GSS_S_DEFECTIVE_TOKEN; - } - - /* Ignore unknown flags */ - token_flags = token->Flags & - (CFXSentByAcceptor | CFXSealed | CFXAcceptorSubkey); - - if (token_flags & CFXSentByAcceptor) { - if ((context_handle->more_flags & LOCAL) == 0) - return GSS_S_DEFECTIVE_TOKEN; - } - - if (context_handle->more_flags & ACCEPTOR_SUBKEY) { - if ((token_flags & CFXAcceptorSubkey) == 0) - return GSS_S_DEFECTIVE_TOKEN; - } else { - if (token_flags & CFXAcceptorSubkey) - return GSS_S_DEFECTIVE_TOKEN; - } - - if (token->Filler != 0xFF) { - return GSS_S_DEFECTIVE_TOKEN; - } - - if (conf_state != NULL) { - *conf_state = (token_flags & CFXSealed) ? 1 : 0; - } - - ec = (token->EC[0] << 8) | token->EC[1]; - rrc = (token->RRC[0] << 8) | token->RRC[1]; - - /* - * Check sequence number - */ - gssapi_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi); - gssapi_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo); - if (seq_number_hi) { - /* no support for 64-bit sequence numbers */ - *minor_status = ERANGE; - return GSS_S_UNSEQ_TOKEN; - } - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - ret = _gssapi_msg_order_check(context_handle->order, seq_number_lo); - if (ret != 0) { - *minor_status = 0; - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - gss_release_buffer(minor_status, output_message_buffer); - return ret; - } - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - /* - * Decrypt and/or verify checksum - */ - ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - return GSS_S_FAILURE; - } - - if (context_handle->more_flags & LOCAL) { - usage = KRB5_KU_USAGE_ACCEPTOR_SEAL; - } else { - usage = KRB5_KU_USAGE_INITIATOR_SEAL; - } - - p += sizeof(*token); - len = input_message_buffer->length; - len -= (p - (u_char *)input_message_buffer->value); - - /* Rotate by RRC; bogus to do this in-place XXX */ - *minor_status = rrc_rotate(p, len, rrc, TRUE); - if (*minor_status != 0) { - krb5_crypto_destroy(gssapi_krb5_context, crypto); - return GSS_S_FAILURE; - } - - if (token_flags & CFXSealed) { - ret = krb5_decrypt(gssapi_krb5_context, crypto, usage, - p, len, &data); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - return GSS_S_BAD_MIC; - } - - /* Check that there is room for the pad and token header */ - if (data.length < ec + sizeof(*token)) { - krb5_crypto_destroy(gssapi_krb5_context, crypto); - krb5_data_free(&data); - return GSS_S_DEFECTIVE_TOKEN; - } - p = data.data; - p += data.length - sizeof(*token); - - /* RRC is unprotected; don't modify input buffer */ - ((gss_cfx_wrap_token)p)->RRC[0] = token->RRC[0]; - ((gss_cfx_wrap_token)p)->RRC[1] = token->RRC[1]; - - /* Check the integrity of the header */ - if (memcmp(p, token, sizeof(*token)) != 0) { - krb5_crypto_destroy(gssapi_krb5_context, crypto); - krb5_data_free(&data); - return GSS_S_BAD_MIC; - } - - output_message_buffer->value = data.data; - output_message_buffer->length = data.length - ec - sizeof(*token); - } else { - Checksum cksum; - - /* Determine checksum type */ - ret = krb5_crypto_get_checksum_type(gssapi_krb5_context, - crypto, &cksum.cksumtype); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - return GSS_S_FAILURE; - } - - cksum.checksum.length = ec; - - /* Check we have at least as much data as the checksum */ - if (len < cksum.checksum.length) { - *minor_status = ERANGE; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - return GSS_S_BAD_MIC; - } - - /* Length now is of the plaintext only, no checksum */ - len -= cksum.checksum.length; - cksum.checksum.data = p + len; - - output_message_buffer->length = len; /* for later */ - output_message_buffer->value = malloc(len + sizeof(*token)); - if (output_message_buffer->value == NULL) { - *minor_status = ENOMEM; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - return GSS_S_FAILURE; - } - - /* Checksum is over (plaintext-data | "header") */ - memcpy(output_message_buffer->value, p, len); - memcpy((u_char *)output_message_buffer->value + len, - token, sizeof(*token)); - - /* EC is not included in checksum calculation */ - token = (gss_cfx_wrap_token)((u_char *)output_message_buffer->value + - len); - token->EC[0] = 0; - token->EC[1] = 0; - token->RRC[0] = 0; - token->RRC[1] = 0; - - ret = krb5_verify_checksum(gssapi_krb5_context, crypto, - usage, - output_message_buffer->value, - len + sizeof(*token), - &cksum); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - gss_release_buffer(minor_status, output_message_buffer); - return GSS_S_BAD_MIC; - } - } - - krb5_crypto_destroy(gssapi_krb5_context, crypto); - - if (qop_state != NULL) { - *qop_state = GSS_C_QOP_DEFAULT; - } - - *minor_status = 0; - return GSS_S_COMPLETE; -} - -OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token, - krb5_keyblock *key) -{ - krb5_crypto crypto; - gss_cfx_mic_token token; - krb5_error_code ret; - unsigned usage; - Checksum cksum; - u_char *buf; - size_t len; - int32_t seq_number; - - ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - return GSS_S_FAILURE; - } - - len = message_buffer->length + sizeof(*token); - buf = malloc(len); - if (buf == NULL) { - *minor_status = ENOMEM; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - return GSS_S_FAILURE; - } - - memcpy(buf, message_buffer->value, message_buffer->length); - - token = (gss_cfx_mic_token)(buf + message_buffer->length); - token->TOK_ID[0] = 0x04; - token->TOK_ID[1] = 0x04; - token->Flags = 0; - if ((context_handle->more_flags & LOCAL) == 0) - token->Flags |= CFXSentByAcceptor; - if (context_handle->more_flags & ACCEPTOR_SUBKEY) - token->Flags |= CFXAcceptorSubkey; - memset(token->Filler, 0xFF, 5); - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - krb5_auth_con_getlocalseqnumber(gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - gssapi_encode_be_om_uint32(0, &token->SND_SEQ[0]); - gssapi_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]); - krb5_auth_con_setlocalseqnumber(gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - if (context_handle->more_flags & LOCAL) { - usage = KRB5_KU_USAGE_INITIATOR_SIGN; - } else { - usage = KRB5_KU_USAGE_ACCEPTOR_SIGN; - } - - ret = krb5_create_checksum(gssapi_krb5_context, crypto, - usage, 0, buf, len, &cksum); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - free(buf); - return GSS_S_FAILURE; - } - krb5_crypto_destroy(gssapi_krb5_context, crypto); - - /* Determine MIC length */ - message_token->length = sizeof(*token) + cksum.checksum.length; - message_token->value = malloc(message_token->length); - if (message_token->value == NULL) { - *minor_status = ENOMEM; - free_Checksum(&cksum); - free(buf); - return GSS_S_FAILURE; - } - - /* Token is { "header" | get_mic("header" | plaintext-data) } */ - memcpy(message_token->value, token, sizeof(*token)); - memcpy((u_char *)message_token->value + sizeof(*token), - cksum.checksum.data, cksum.checksum.length); - - free_Checksum(&cksum); - free(buf); - - *minor_status = 0; - return GSS_S_COMPLETE; -} - -OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t *qop_state, - krb5_keyblock *key) -{ - krb5_crypto crypto; - gss_cfx_mic_token token; - u_char token_flags; - krb5_error_code ret; - unsigned usage; - OM_uint32 seq_number_lo, seq_number_hi; - u_char *buf, *p; - Checksum cksum; - - *minor_status = 0; - - if (token_buffer->length < sizeof(*token)) { - return GSS_S_DEFECTIVE_TOKEN; - } - - p = token_buffer->value; - - token = (gss_cfx_mic_token)p; - - if (token->TOK_ID[0] != 0x04 || token->TOK_ID[1] != 0x04) { - return GSS_S_DEFECTIVE_TOKEN; - } - - /* Ignore unknown flags */ - token_flags = token->Flags & (CFXSentByAcceptor | CFXAcceptorSubkey); - - if (token_flags & CFXSentByAcceptor) { - if ((context_handle->more_flags & LOCAL) == 0) - return GSS_S_DEFECTIVE_TOKEN; - } - if (context_handle->more_flags & ACCEPTOR_SUBKEY) { - if ((token_flags & CFXAcceptorSubkey) == 0) - return GSS_S_DEFECTIVE_TOKEN; - } else { - if (token_flags & CFXAcceptorSubkey) - return GSS_S_DEFECTIVE_TOKEN; - } - - if (memcmp(token->Filler, "\xff\xff\xff\xff\xff", 5) != 0) { - return GSS_S_DEFECTIVE_TOKEN; - } - - /* - * Check sequence number - */ - gssapi_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi); - gssapi_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo); - if (seq_number_hi) { - *minor_status = ERANGE; - return GSS_S_UNSEQ_TOKEN; - } - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - ret = _gssapi_msg_order_check(context_handle->order, seq_number_lo); - if (ret != 0) { - *minor_status = 0; - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - return ret; - } - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - /* - * Verify checksum - */ - ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - return GSS_S_FAILURE; - } - - ret = krb5_crypto_get_checksum_type(gssapi_krb5_context, crypto, - &cksum.cksumtype); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - return GSS_S_FAILURE; - } - - cksum.checksum.data = p + sizeof(*token); - cksum.checksum.length = token_buffer->length - sizeof(*token); - - if (context_handle->more_flags & LOCAL) { - usage = KRB5_KU_USAGE_ACCEPTOR_SIGN; - } else { - usage = KRB5_KU_USAGE_INITIATOR_SIGN; - } - - buf = malloc(message_buffer->length + sizeof(*token)); - if (buf == NULL) { - *minor_status = ENOMEM; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - return GSS_S_FAILURE; - } - memcpy(buf, message_buffer->value, message_buffer->length); - memcpy(buf + message_buffer->length, token, sizeof(*token)); - - ret = krb5_verify_checksum(gssapi_krb5_context, crypto, - usage, - buf, - sizeof(*token) + message_buffer->length, - &cksum); - if (ret != 0) { - gssapi_krb5_set_error_string(); - *minor_status = ret; - krb5_crypto_destroy(gssapi_krb5_context, crypto); - free(buf); - return GSS_S_BAD_MIC; - } - - free(buf); - - if (qop_state != NULL) { - *qop_state = GSS_C_QOP_DEFAULT; - } - - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/cfx.h b/source4/heimdal/lib/gssapi/cfx.h deleted file mode 100755 index d9bdd9da19..0000000000 --- a/source4/heimdal/lib/gssapi/cfx.h +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright (c) 2003, PADL Software Pty Ltd. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of PADL Software nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: cfx.h,v 1.5 2003/09/22 21:48:35 lha Exp $ */ - -#ifndef GSSAPI_CFX_H_ -#define GSSAPI_CFX_H_ 1 - -/* - * Implementation of draft-ietf-krb-wg-gssapi-cfx-01.txt - */ - -typedef struct gss_cfx_mic_token_desc_struct { - u_char TOK_ID[2]; /* 04 04 */ - u_char Flags; - u_char Filler[5]; - u_char SND_SEQ[8]; -} gss_cfx_mic_token_desc, *gss_cfx_mic_token; - -typedef struct gss_cfx_wrap_token_desc_struct { - u_char TOK_ID[2]; /* 04 05 */ - u_char Flags; - u_char Filler; - u_char EC[2]; - u_char RRC[2]; - u_char SND_SEQ[8]; -} gss_cfx_wrap_token_desc, *gss_cfx_wrap_token; - -typedef struct gss_cfx_delete_token_desc_struct { - u_char TOK_ID[2]; /* 05 04 */ - u_char Flags; - u_char Filler[5]; - u_char SND_SEQ[8]; -} gss_cfx_delete_token_desc, *gss_cfx_delete_token; - -OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - OM_uint32 req_input_size, - OM_uint32 *output_len, - OM_uint32 *padlen, - krb5_keyblock *key); - -OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int *conf_state, - gss_buffer_t output_message_buffer, - krb5_keyblock *key); - -OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int *conf_state, - gss_qop_t *qop_state, - krb5_keyblock *key); - -OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token, - krb5_keyblock *key); - -OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t *qop_state, - krb5_keyblock *key); - -#endif /* GSSAPI_CFX_H_ */ diff --git a/source4/heimdal/lib/gssapi/compat.c b/source4/heimdal/lib/gssapi/compat.c deleted file mode 100644 index 5605c48023..0000000000 --- a/source4/heimdal/lib/gssapi/compat.c +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: compat.c,v 1.10 2005/05/30 20:51:51 lha Exp $"); - - -krb5_error_code -_gss_check_compat(OM_uint32 *minor_status, gss_name_t name, - const char *option, krb5_boolean *compat, - krb5_boolean match_val) -{ - krb5_error_code ret = 0; - char **p, **q; - krb5_principal match; - - - p = krb5_config_get_strings(gssapi_krb5_context, NULL, "gssapi", - option, NULL); - if(p == NULL) - return 0; - - match = NULL; - for(q = p; *q; q++) { - ret = krb5_parse_name(gssapi_krb5_context, *q, &match); - if (ret) - break; - - if (krb5_principal_match(gssapi_krb5_context, name, match)) { - *compat = match_val; - break; - } - - krb5_free_principal(gssapi_krb5_context, match); - match = NULL; - } - if (match) - krb5_free_principal(gssapi_krb5_context, match); - krb5_config_free_strings(p); - - if (ret) { - if (minor_status) - *minor_status = ret; - return GSS_S_FAILURE; - } - - return 0; -} - -/* - * ctx->ctx_id_mutex is assumed to be locked - */ - -OM_uint32 -_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx) -{ - krb5_boolean use_compat = FALSE; - OM_uint32 ret; - - if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) { - ret = _gss_check_compat(minor_status, ctx->target, - "broken_des3_mic", &use_compat, TRUE); - if (ret) - return ret; - ret = _gss_check_compat(minor_status, ctx->target, - "correct_des3_mic", &use_compat, FALSE); - if (ret) - return ret; - - if (use_compat) - ctx->more_flags |= COMPAT_OLD_DES3; - ctx->more_flags |= COMPAT_OLD_DES3_SELECTED; - } - return 0; -} - -OM_uint32 -gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on) -{ - *minor_status = 0; - - HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); - if (on) { - ctx->more_flags |= COMPAT_OLD_DES3; - } else { - ctx->more_flags &= ~COMPAT_OLD_DES3; - } - ctx->more_flags |= COMPAT_OLD_DES3_SELECTED; - HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - - return 0; -} - -/* - * For compatability with the Windows SPNEGO implementation, the - * default is to ignore the mechListMIC unless the initiator specified - * CFX or configured in krb5.conf with the option - * [gssapi]require_mechlist_mic=target-principal-pattern. - * The option is valid for both initiator and acceptor. - */ -OM_uint32 -_gss_spnego_require_mechlist_mic(OM_uint32 *minor_status, - gss_ctx_id_t ctx, - krb5_boolean *require_mic) -{ - OM_uint32 ret; - int is_cfx = 0; - - gsskrb5_is_cfx(ctx, &is_cfx); - if (is_cfx) { - /* CFX session key was used */ - *require_mic = TRUE; - } else { - *require_mic = FALSE; - ret = _gss_check_compat(minor_status, ctx->target, - "require_mechlist_mic", - require_mic, TRUE); - if (ret) - return ret; - } - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/context_time.c b/source4/heimdal/lib/gssapi/context_time.c deleted file mode 100644 index ee1dc6fe93..0000000000 --- a/source4/heimdal/lib/gssapi/context_time.c +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: context_time.c,v 1.11 2005/12/05 09:19:52 lha Exp $"); - -OM_uint32 -gssapi_lifetime_left(OM_uint32 *minor_status, - OM_uint32 lifetime, - OM_uint32 *lifetime_rec) -{ - krb5_timestamp timeret; - krb5_error_code kret; - - if (lifetime == 0) { - *lifetime_rec = GSS_C_INDEFINITE; - return GSS_S_COMPLETE; - } - - kret = krb5_timeofday(gssapi_krb5_context, &timeret); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - - if (lifetime < timeret) - *lifetime_rec = 0; - else - *lifetime_rec = lifetime - timeret; - - return GSS_S_COMPLETE; -} - - -OM_uint32 gss_context_time - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - OM_uint32 * time_rec - ) -{ - OM_uint32 lifetime; - OM_uint32 major_status; - - GSSAPI_KRB5_INIT (); - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - lifetime = context_handle->lifetime; - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - major_status = gssapi_lifetime_left(minor_status, lifetime, time_rec); - if (major_status != GSS_S_COMPLETE) - return major_status; - - *minor_status = 0; - - if (*time_rec == 0) - return GSS_S_CONTEXT_EXPIRED; - - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/copy_ccache.c b/source4/heimdal/lib/gssapi/copy_ccache.c deleted file mode 100644 index 782b701e44..0000000000 --- a/source4/heimdal/lib/gssapi/copy_ccache.c +++ /dev/null @@ -1,280 +0,0 @@ -/* - * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: copy_ccache.c,v 1.13 2005/11/28 23:05:44 lha Exp $"); - -OM_uint32 -gss_krb5_copy_ccache(OM_uint32 *minor_status, - gss_cred_id_t cred, - krb5_ccache out) -{ - krb5_error_code kret; - - HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); - - if (cred->ccache == NULL) { - HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, out); - HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - *minor_status = 0; - return GSS_S_COMPLETE; -} - - -OM_uint32 -gss_krb5_import_cred(OM_uint32 *minor_status, - krb5_ccache id, - krb5_principal keytab_principal, - krb5_keytab keytab, - gss_cred_id_t *cred) -{ - krb5_error_code kret; - gss_cred_id_t handle; - OM_uint32 ret; - - *cred = NULL; - - GSSAPI_KRB5_INIT (); - - handle = (gss_cred_id_t)calloc(1, sizeof(*handle)); - if (handle == GSS_C_NO_CREDENTIAL) { - gssapi_krb5_clear_status (); - *minor_status = ENOMEM; - return (GSS_S_FAILURE); - } - HEIMDAL_MUTEX_init(&handle->cred_id_mutex); - - handle->usage = 0; - - if (id) { - char *str; - - handle->usage |= GSS_C_INITIATE; - - kret = krb5_cc_get_principal(gssapi_krb5_context, id, - &handle->principal); - if (kret) { - free(handle); - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - if (keytab_principal) { - krb5_boolean match; - - match = krb5_principal_compare(gssapi_krb5_context, - handle->principal, - keytab_principal); - if (match == FALSE) { - krb5_free_principal(gssapi_krb5_context, handle->principal); - free(handle); - gssapi_krb5_clear_status (); - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - } - - ret = _gssapi_krb5_ccache_lifetime(minor_status, - id, - handle->principal, - &handle->lifetime); - if (ret != GSS_S_COMPLETE) { - krb5_free_principal(gssapi_krb5_context, handle->principal); - free(handle); - return ret; - } - - - kret = krb5_cc_get_full_name(gssapi_krb5_context, id, &str); - if (kret) - goto out; - - kret = krb5_cc_resolve(gssapi_krb5_context, str, &handle->ccache); - free(str); - if (kret) - goto out; - } - - - if (keytab) { - char *str; - - handle->usage |= GSS_C_ACCEPT; - - if (keytab_principal && handle->principal == NULL) { - kret = krb5_copy_principal(gssapi_krb5_context, - keytab_principal, - &handle->principal); - if (kret) - goto out; - } - - kret = krb5_kt_get_full_name(gssapi_krb5_context, keytab, &str); - if (kret) - goto out; - - kret = krb5_kt_resolve(gssapi_krb5_context, str, &handle->keytab); - free(str); - if (kret) - goto out; - } - - - if (id || keytab) { - ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); - if (ret == GSS_S_COMPLETE) - ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &handle->mechanisms); - if (ret != GSS_S_COMPLETE) { - kret = *minor_status; - goto out; - } - } - - *minor_status = 0; - *cred = handle; - return GSS_S_COMPLETE; - -out: - gssapi_krb5_set_error_string (); - if (handle->principal) - krb5_free_principal(gssapi_krb5_context, handle->principal); - HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); - free(handle); - *minor_status = kret; - return GSS_S_FAILURE; -} - - -OM_uint32 -gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - int ad_type, - gss_buffer_t ad_data) -{ - krb5_error_code ret; - krb5_data data; - - ad_data->value = NULL; - ad_data->length = 0; - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - if (context_handle->ticket == NULL) { - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - ret = krb5_ticket_get_authorization_data_type(gssapi_krb5_context, - context_handle->ticket, - ad_type, - &data); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - if (ret) { - *minor_status = ret; - return GSS_S_FAILURE; - } - - ad_data->value = malloc(data.length); - if (ad_data->value == NULL) { - krb5_data_free(&data); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - ad_data->length = data.length; - memcpy(ad_data->value, data.data, ad_data->length); - krb5_data_free(&data); - - *minor_status = 0; - return GSS_S_COMPLETE; -} - -OM_uint32 -gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - time_t *authtime) -{ - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - if (context_handle->ticket == NULL) { - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - *authtime = context_handle->ticket->ticket.authtime; - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - *minor_status = 0; - return GSS_S_COMPLETE; -} - -OM_uint32 gss_krb5_copy_service_keyblock - (OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - struct EncryptionKey **out) -{ - krb5_error_code ret; - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - if (context_handle->service_keyblock == NULL) { - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - ret = krb5_copy_keyblock(gssapi_krb5_context, - context_handle->service_keyblock, - out); - - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - if (ret) { - *minor_status = ret; - return GSS_S_FAILURE; - } - - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/create_emtpy_oid_set.c b/source4/heimdal/lib/gssapi/create_emtpy_oid_set.c deleted file mode 100644 index 1a25e0d781..0000000000 --- a/source4/heimdal/lib/gssapi/create_emtpy_oid_set.c +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: create_emtpy_oid_set.c,v 1.5 2003/03/16 17:47:07 lha Exp $"); - -OM_uint32 gss_create_empty_oid_set ( - OM_uint32 * minor_status, - gss_OID_set * oid_set - ) -{ - *oid_set = malloc(sizeof(**oid_set)); - if (*oid_set == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*oid_set)->count = 0; - (*oid_set)->elements = NULL; - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/decapsulate.c b/source4/heimdal/lib/gssapi/decapsulate.c deleted file mode 100644 index 08df361776..0000000000 --- a/source4/heimdal/lib/gssapi/decapsulate.c +++ /dev/null @@ -1,209 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: decapsulate.c,v 1.12 2005/06/16 20:40:49 lha Exp $"); - -/* - * return the length of the mechanism in token or -1 - * (which implies that the token was bad - GSS_S_DEFECTIVE_TOKEN - */ - -ssize_t -gssapi_krb5_get_mech (const u_char *ptr, - size_t total_len, - const u_char **mech_ret) -{ - size_t len, len_len, mech_len, foo; - const u_char *p = ptr; - int e; - - if (total_len < 1) - return -1; - if (*p++ != 0x60) - return -1; - e = der_get_length (p, total_len - 1, &len, &len_len); - if (e || 1 + len_len + len != total_len) - return -1; - p += len_len; - if (*p++ != 0x06) - return -1; - e = der_get_length (p, total_len - 1 - len_len - 1, - &mech_len, &foo); - if (e) - return -1; - p += foo; - *mech_ret = p; - return mech_len; -} - -OM_uint32 -_gssapi_verify_mech_header(u_char **str, - size_t total_len, - gss_OID mech) -{ - const u_char *p; - ssize_t mech_len; - - mech_len = gssapi_krb5_get_mech (*str, total_len, &p); - if (mech_len < 0) - return GSS_S_DEFECTIVE_TOKEN; - - if (mech_len != mech->length) - return GSS_S_BAD_MECH; - if (memcmp(p, - mech->elements, - mech->length) != 0) - return GSS_S_BAD_MECH; - p += mech_len; - *str = rk_UNCONST(p); - return GSS_S_COMPLETE; -} - -OM_uint32 -gssapi_krb5_verify_header(u_char **str, - size_t total_len, - const u_char *type, - gss_OID oid) -{ - OM_uint32 ret; - size_t len; - u_char *p = *str; - - ret = _gssapi_verify_mech_header(str, total_len, oid); - if (ret) - return ret; - - len = total_len - (*str - p); - - if (len < 2) - return GSS_S_DEFECTIVE_TOKEN; - - if ((*str)[0] != type[0] || (*str)[1] != type[1]) - return GSS_S_DEFECTIVE_TOKEN; - *str += 2; - - return 0; -} - -/* - * Remove the GSS-API wrapping from `in_token' giving `out_data. - * Does not copy data, so just free `in_token'. - */ - -OM_uint32 -_gssapi_decapsulate( - OM_uint32 *minor_status, - gss_buffer_t input_token_buffer, - krb5_data *out_data, - const gss_OID mech -) -{ - u_char *p; - OM_uint32 ret; - - p = input_token_buffer->value; - ret = _gssapi_verify_mech_header(&p, - input_token_buffer->length, - mech); - if (ret) { - *minor_status = 0; - return ret; - } - - out_data->length = input_token_buffer->length - - (p - (u_char *)input_token_buffer->value); - out_data->data = p; - return GSS_S_COMPLETE; -} - -/* - * Remove the GSS-API wrapping from `in_token' giving `out_data. - * Does not copy data, so just free `in_token'. - */ - -OM_uint32 -gssapi_krb5_decapsulate(OM_uint32 *minor_status, - gss_buffer_t input_token_buffer, - krb5_data *out_data, - const char *type, - gss_OID oid) -{ - u_char *p; - OM_uint32 ret; - - p = input_token_buffer->value; - ret = gssapi_krb5_verify_header(&p, - input_token_buffer->length, - type, - oid); - if (ret) { - *minor_status = 0; - return ret; - } - - out_data->length = input_token_buffer->length - - (p - (u_char *)input_token_buffer->value); - out_data->data = p; - return GSS_S_COMPLETE; -} - -/* - * Verify padding of a gss wrapped message and return its length. - */ - -OM_uint32 -_gssapi_verify_pad(gss_buffer_t wrapped_token, - size_t datalen, - size_t *padlen) -{ - u_char *pad; - size_t padlength; - int i; - - pad = (u_char *)wrapped_token->value + wrapped_token->length - 1; - padlength = *pad; - - if (padlength > datalen) - return GSS_S_BAD_MECH; - - for (i = padlength; i > 0 && *pad == padlength; i--, pad--) - ; - if (i != 0) - return GSS_S_BAD_MIC; - - *padlen = padlength; - - return 0; -} diff --git a/source4/heimdal/lib/gssapi/delete_sec_context.c b/source4/heimdal/lib/gssapi/delete_sec_context.c deleted file mode 100644 index f1842def7c..0000000000 --- a/source4/heimdal/lib/gssapi/delete_sec_context.c +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: delete_sec_context.c,v 1.16 2006/01/16 13:12:29 lha Exp $"); - -OM_uint32 gss_delete_sec_context - (OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - gss_buffer_t output_token - ) -{ - GSSAPI_KRB5_INIT (); - - *minor_status = 0; - - if (output_token) { - output_token->length = 0; - output_token->value = NULL; - } - - if (*context_handle == GSS_C_NO_CONTEXT) - return GSS_S_COMPLETE; - - HEIMDAL_MUTEX_lock(&(*context_handle)->ctx_id_mutex); - - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - if ((*context_handle)->ticket) - krb5_free_ticket (gssapi_krb5_context, - (*context_handle)->ticket); - if ((*context_handle)->service_keyblock) - krb5_free_keyblock (gssapi_krb5_context, - (*context_handle)->service_keyblock); - if((*context_handle)->order) - _gssapi_msg_order_destroy(&(*context_handle)->order); - if ((*context_handle)->fwd_data.length > 0) - free((*context_handle)->fwd_data.data); - - HEIMDAL_MUTEX_unlock(&(*context_handle)->ctx_id_mutex); - HEIMDAL_MUTEX_destroy(&(*context_handle)->ctx_id_mutex); - memset(*context_handle, 0, sizeof(**context_handle)); - free (*context_handle); - *context_handle = GSS_C_NO_CONTEXT; - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/display_name.c b/source4/heimdal/lib/gssapi/display_name.c deleted file mode 100644 index 27a232fd3c..0000000000 --- a/source4/heimdal/lib/gssapi/display_name.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: display_name.c,v 1.9 2003/03/16 17:46:11 lha Exp $"); - -OM_uint32 gss_display_name - (OM_uint32 * minor_status, - const gss_name_t input_name, - gss_buffer_t output_name_buffer, - gss_OID * output_name_type - ) -{ - krb5_error_code kret; - char *buf; - size_t len; - - GSSAPI_KRB5_INIT (); - kret = krb5_unparse_name (gssapi_krb5_context, - input_name, - &buf); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - len = strlen (buf); - output_name_buffer->length = len; - output_name_buffer->value = malloc(len + 1); - if (output_name_buffer->value == NULL) { - free (buf); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy (output_name_buffer->value, buf, len); - ((char *)output_name_buffer->value)[len] = '\0'; - free (buf); - if (output_name_type) - *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME; - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/display_status.c b/source4/heimdal/lib/gssapi/display_status.c deleted file mode 100644 index 0aa88bb57c..0000000000 --- a/source4/heimdal/lib/gssapi/display_status.c +++ /dev/null @@ -1,230 +0,0 @@ -/* - * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: display_status.c,v 1.14 2005/10/12 07:23:03 lha Exp $"); - -static const char * -calling_error(OM_uint32 v) -{ - static const char *msgs[] = { - NULL, /* 0 */ - "A required input parameter could not be read.", /* */ - "A required output parameter could not be written.", /* */ - "A parameter was malformed" - }; - - v >>= GSS_C_CALLING_ERROR_OFFSET; - - if (v == 0) - return ""; - else if (v >= sizeof(msgs)/sizeof(*msgs)) - return "unknown calling error"; - else - return msgs[v]; -} - -static const char * -routine_error(OM_uint32 v) -{ - static const char *msgs[] = { - NULL, /* 0 */ - "An unsupported mechanism was requested", - "An invalid name was supplied", - "A supplied name was of an unsupported type", - "Incorrect channel bindings were supplied", - "An invalid status code was supplied", - "A token had an invalid MIC", - "No credentials were supplied, " - "or the credentials were unavailable or inaccessible.", - "No context has been established", - "A token was invalid", - "A credential was invalid", - "The referenced credentials have expired", - "The context has expired", - "Miscellaneous failure (see text)", - "The quality-of-protection requested could not be provide", - "The operation is forbidden by local security policy", - "The operation or option is not available", - "The requested credential element already exists", - "The provided name was not a mechanism name.", - }; - - v >>= GSS_C_ROUTINE_ERROR_OFFSET; - - if (v == 0) - return ""; - else if (v >= sizeof(msgs)/sizeof(*msgs)) - return "unknown routine error"; - else - return msgs[v]; -} - -static const char * -supplementary_error(OM_uint32 v) -{ - static const char *msgs[] = { - "normal completion", - "continuation call to routine required", - "duplicate per-message token detected", - "timed-out per-message token detected", - "reordered (early) per-message token detected", - "skipped predecessor token(s) detected" - }; - - v >>= GSS_C_SUPPLEMENTARY_OFFSET; - - if (v >= sizeof(msgs)/sizeof(*msgs)) - return "unknown routine error"; - else - return msgs[v]; -} - -void -gssapi_krb5_clear_status (void) -{ - struct gssapi_thr_context *ctx = gssapi_get_thread_context(1); - if (ctx == NULL) - return; - HEIMDAL_MUTEX_lock(&ctx->mutex); - if (ctx->error_string) - free(ctx->error_string); - ctx->error_string = NULL; - HEIMDAL_MUTEX_unlock(&ctx->mutex); -} - -void -gssapi_krb5_set_status (const char *fmt, ...) -{ - struct gssapi_thr_context *ctx = gssapi_get_thread_context(1); - va_list args; - - if (ctx == NULL) - return; - HEIMDAL_MUTEX_lock(&ctx->mutex); - va_start(args, fmt); - if (ctx->error_string) - free(ctx->error_string); - /* ignore failures, will use status code instead */ - vasprintf(&ctx->error_string, fmt, args); - va_end(args); - HEIMDAL_MUTEX_unlock(&ctx->mutex); -} - -void -gssapi_krb5_set_error_string (void) -{ - char *e; - - e = krb5_get_error_string(gssapi_krb5_context); - if (e) { - gssapi_krb5_set_status("%s", e); - krb5_free_error_string(gssapi_krb5_context, e); - } else - gssapi_krb5_clear_status(); -} - -char * -gssapi_krb5_get_error_string (void) -{ - struct gssapi_thr_context *ctx = gssapi_get_thread_context(0); - char *ret; - - if (ctx == NULL) - return NULL; - HEIMDAL_MUTEX_lock(&ctx->mutex); - ret = ctx->error_string; - ctx->error_string = NULL; - HEIMDAL_MUTEX_unlock(&ctx->mutex); - return ret; -} - -OM_uint32 gss_display_status - (OM_uint32 *minor_status, - OM_uint32 status_value, - int status_type, - const gss_OID mech_type, - OM_uint32 *message_context, - gss_buffer_t status_string) -{ - char *buf; - - GSSAPI_KRB5_INIT (); - - status_string->length = 0; - status_string->value = NULL; - - if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 && - gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) { - *minor_status = 0; - return GSS_C_GSS_CODE; - } - - if (status_type == GSS_C_GSS_CODE) { - if (GSS_SUPPLEMENTARY_INFO(status_value)) - asprintf(&buf, "%s", - supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value))); - else - asprintf (&buf, "%s %s", - calling_error(GSS_CALLING_ERROR(status_value)), - routine_error(GSS_ROUTINE_ERROR(status_value))); - } else if (status_type == GSS_C_MECH_CODE) { - buf = gssapi_krb5_get_error_string (); - if (buf == NULL) { - const char *tmp = krb5_get_err_text (gssapi_krb5_context, - status_value); - if (tmp == NULL) - asprintf(&buf, "unknown mech error-code %u", - (unsigned)status_value); - else - buf = strdup(tmp); - } - } else { - *minor_status = EINVAL; - return GSS_S_BAD_STATUS; - } - - if (buf == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - *message_context = 0; - *minor_status = 0; - - status_string->length = strlen(buf); - status_string->value = buf; - - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/duplicate_name.c b/source4/heimdal/lib/gssapi/duplicate_name.c deleted file mode 100644 index 2b54e90ec8..0000000000 --- a/source4/heimdal/lib/gssapi/duplicate_name.c +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: duplicate_name.c,v 1.7 2003/03/16 17:44:26 lha Exp $"); - -OM_uint32 gss_duplicate_name ( - OM_uint32 * minor_status, - const gss_name_t src_name, - gss_name_t * dest_name - ) -{ - krb5_error_code kret; - - GSSAPI_KRB5_INIT (); - - kret = krb5_copy_principal (gssapi_krb5_context, - src_name, - dest_name); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } else { - *minor_status = 0; - return GSS_S_COMPLETE; - } -} diff --git a/source4/heimdal/lib/gssapi/encapsulate.c b/source4/heimdal/lib/gssapi/encapsulate.c deleted file mode 100644 index 4d488a6c42..0000000000 --- a/source4/heimdal/lib/gssapi/encapsulate.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: encapsulate.c,v 1.8 2003/09/04 18:08:55 lha Exp $"); - -void -_gssapi_encap_length (size_t data_len, - size_t *len, - size_t *total_len, - const gss_OID mech) -{ - size_t len_len; - - *len = 1 + 1 + mech->length + data_len; - - len_len = length_len(*len); - - *total_len = 1 + len_len + *len; -} - -void -gssapi_krb5_encap_length (size_t data_len, - size_t *len, - size_t *total_len, - const gss_OID mech) -{ - _gssapi_encap_length(data_len + 2, len, total_len, mech); -} - -u_char * -gssapi_krb5_make_header (u_char *p, - size_t len, - const u_char *type, - const gss_OID mech) -{ - p = _gssapi_make_mech_header(p, len, mech); - memcpy (p, type, 2); - p += 2; - return p; -} - -u_char * -_gssapi_make_mech_header(u_char *p, - size_t len, - const gss_OID mech) -{ - int e; - size_t len_len, foo; - - *p++ = 0x60; - len_len = length_len(len); - e = der_put_length (p + len_len - 1, len_len, len, &foo); - if(e || foo != len_len) - abort (); - p += len_len; - *p++ = 0x06; - *p++ = mech->length; - memcpy (p, mech->elements, mech->length); - p += mech->length; - return p; -} - -/* - * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings. - */ - -OM_uint32 -_gssapi_encapsulate( - OM_uint32 *minor_status, - const krb5_data *in_data, - gss_buffer_t output_token, - const gss_OID mech -) -{ - size_t len, outer_len; - u_char *p; - - _gssapi_encap_length (in_data->length, &len, &outer_len, mech); - - output_token->length = outer_len; - output_token->value = malloc (outer_len); - if (output_token->value == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = _gssapi_make_mech_header (output_token->value, len, mech); - memcpy (p, in_data->data, in_data->length); - return GSS_S_COMPLETE; -} - -/* - * Give it a krb5_data and it will encapsulate with extra GSS-API krb5 - * wrappings. - */ - -OM_uint32 -gssapi_krb5_encapsulate( - OM_uint32 *minor_status, - const krb5_data *in_data, - gss_buffer_t output_token, - const u_char *type, - const gss_OID mech -) -{ - size_t len, outer_len; - u_char *p; - - gssapi_krb5_encap_length (in_data->length, &len, &outer_len, mech); - - output_token->length = outer_len; - output_token->value = malloc (outer_len); - if (output_token->value == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = gssapi_krb5_make_header (output_token->value, len, type, mech); - memcpy (p, in_data->data, in_data->length); - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/external.c b/source4/heimdal/lib/gssapi/external.c deleted file mode 100644 index f8c1d23f98..0000000000 --- a/source4/heimdal/lib/gssapi/external.c +++ /dev/null @@ -1,267 +0,0 @@ -/* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: external.c,v 1.7 2005/08/23 11:59:47 lha Exp $"); - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x01"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant - * GSS_C_NT_USER_NAME should be initialized to point - * to that gss_OID_desc. - */ - -static gss_OID_desc gss_c_nt_user_name_oid_desc = -{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")}; - -gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x02"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. - * The constant GSS_C_NT_MACHINE_UID_NAME should be - * initialized to point to that gss_OID_desc. - */ - -static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc = -{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")}; - -gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x03"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. - * The constant GSS_C_NT_STRING_UID_NAME should be - * initialized to point to that gss_OID_desc. - */ - -static gss_OID_desc gss_c_nt_string_uid_name_oid_desc = -{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")}; - -gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, - * corresponding to an object-identifier value of - * {iso(1) org(3) dod(6) internet(1) security(5) - * nametypes(6) gss-host-based-services(2)). The constant - * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point - * to that gss_OID_desc. This is a deprecated OID value, and - * implementations wishing to support hostbased-service names - * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, - * defined below, to identify such names; - * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym - * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input - * parameter, but should not be emitted by GSS-API - * implementations - */ - -static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc = -{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")}; - -gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x04"}, corresponding to an - * object-identifier value of {iso(1) member-body(2) - * Unites States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) service_name(4)}. The constant - * GSS_C_NT_HOSTBASED_SERVICE should be initialized - * to point to that gss_OID_desc. - */ -static gss_OID_desc gss_c_nt_hostbased_service_oid_desc = -{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")}; - -gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, - * corresponding to an object identifier value of - * {1(iso), 3(org), 6(dod), 1(internet), 5(security), - * 6(nametypes), 3(gss-anonymous-name)}. The constant - * and GSS_C_NT_ANONYMOUS should be initialized to point - * to that gss_OID_desc. - */ - -static gss_OID_desc gss_c_nt_anonymous_oid_desc = -{6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")}; - -gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, - * corresponding to an object-identifier value of - * {1(iso), 3(org), 6(dod), 1(internet), 5(security), - * 6(nametypes), 4(gss-api-exported-name)}. The constant - * GSS_C_NT_EXPORT_NAME should be initialized to point - * to that gss_OID_desc. - */ - -static gss_OID_desc gss_c_nt_export_name_oid_desc = -{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") }; - -gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc; - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * krb5(2) krb5_name(1)}. The recommended symbolic name for this type - * is "GSS_KRB5_NT_PRINCIPAL_NAME". - */ - -static gss_OID_desc gss_krb5_nt_principal_name_oid_desc = -{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") }; - -gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc; - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) user_name(1)}. The recommended symbolic name for this - * type is "GSS_KRB5_NT_USER_NAME". - */ - -gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) machine_uid_name(2)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". - */ - -gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) string_uid_name(3)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_STRING_UID_NAME". - */ - -gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; - -/* - * To support ongoing experimentation, testing, and evolution of the - * specification, the Kerberos V5 GSS-API mechanism as defined in this - * and any successor memos will be identified with the following Object - * Identifier, as defined in RFC-1510, until the specification is - * advanced to the level of Proposed Standard RFC: - * - * {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)} - * - * Upon advancement to the level of Proposed Standard RFC, the Kerberos - * V5 GSS-API mechanism will be identified by an Object Identifier - * having the value: - * - * {iso(1) member-body(2) United States(840) mit(113554) infosys(1) - * gssapi(2) krb5(2)} - */ - -#if 0 /* This is the old OID */ - -static gss_OID_desc gss_krb5_mechanism_oid_desc = -{5, rk_UNCONST("\x2b\x05\x01\x05\x02")}; - -#endif - -static gss_OID_desc gss_krb5_mechanism_oid_desc = -{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }; - -gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc; - -/* - * RFC2478, SPNEGO: - * The security mechanism of the initial - * negotiation token is identified by the Object Identifier - * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). - */ - -static gss_OID_desc gss_spnego_mechanism_oid_desc = -{6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02")}; - -gss_OID GSS_SPNEGO_MECHANISM = &gss_spnego_mechanism_oid_desc; - -/* - * draft-ietf-cat-iakerb-09, IAKERB: - * The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance - * with the mechanism proposed by SPNEGO [7] for negotiating protocol - * variations, is: {iso(1) org(3) dod(6) internet(1) security(5) - * mechanisms(5) iakerb(10) iakerbProxyProtocol(1)}. The proposed - * mechanism ID for IAKERB minimum messages GSS-API Kerberos, in - * accordance with the mechanism proposed by SPNEGO for negotiating - * protocol variations, is: {iso(1) org(3) dod(6) internet(1) - * security(5) mechanisms(5) iakerb(10) - * iakerbMinimumMessagesProtocol(2)}. - */ - -static gss_OID_desc gss_iakerb_proxy_mechanism_oid_desc = -{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")}; - -gss_OID GSS_IAKERB_PROXY_MECHANISM = &gss_iakerb_proxy_mechanism_oid_desc; - -static gss_OID_desc gss_iakerb_min_msg_mechanism_oid_desc = -{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") }; - -gss_OID GSS_IAKERB_MIN_MSG_MECHANISM = &gss_iakerb_min_msg_mechanism_oid_desc; - -/* - * Context for krb5 calls. - */ - -krb5_context gssapi_krb5_context; diff --git a/source4/heimdal/lib/gssapi/get_mic.c b/source4/heimdal/lib/gssapi/get_mic.c deleted file mode 100644 index 76f69cf41c..0000000000 --- a/source4/heimdal/lib/gssapi/get_mic.c +++ /dev/null @@ -1,314 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: get_mic.c,v 1.31 2006/05/08 09:55:37 lha Exp $"); - -static OM_uint32 -mic_des - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token, - krb5_keyblock *key - ) -{ - u_char *p; - MD5_CTX md5; - u_char hash[16]; - DES_key_schedule schedule; - DES_cblock deskey; - DES_cblock zero; - int32_t seq_number; - size_t len, total_len; - - gssapi_krb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM); - - message_token->length = total_len; - message_token->value = malloc (total_len); - if (message_token->value == NULL) { - message_token->length = 0; - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = gssapi_krb5_make_header(message_token->value, - len, - "\x01\x01", /* TOK_ID */ - GSS_KRB5_MECHANISM); - - memcpy (p, "\x00\x00", 2); /* SGN_ALG = DES MAC MD5 */ - p += 2; - - memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */ - p += 4; - - /* Fill in later (SND-SEQ) */ - memset (p, 0, 16); - p += 16; - - /* checksum */ - MD5_Init (&md5); - MD5_Update (&md5, p - 24, 8); - MD5_Update (&md5, message_buffer->value, message_buffer->length); - MD5_Final (hash, &md5); - - memset (&zero, 0, sizeof(zero)); - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - DES_set_key (&deskey, &schedule); - DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), - &schedule, &zero); - memcpy (p - 8, hash, 8); /* SGN_CKSUM */ - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - /* sequence number */ - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - - p -= 16; /* SND_SEQ */ - p[0] = (seq_number >> 0) & 0xFF; - p[1] = (seq_number >> 8) & 0xFF; - p[2] = (seq_number >> 16) & 0xFF; - p[3] = (seq_number >> 24) & 0xFF; - memset (p + 4, - (context_handle->more_flags & LOCAL) ? 0 : 0xFF, - 4); - - DES_set_key (&deskey, &schedule); - DES_cbc_encrypt ((void *)p, (void *)p, 8, - &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT); - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - memset (deskey, 0, sizeof(deskey)); - memset (&schedule, 0, sizeof(schedule)); - - *minor_status = 0; - return GSS_S_COMPLETE; -} - -static OM_uint32 -mic_des3 - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token, - krb5_keyblock *key - ) -{ - u_char *p; - Checksum cksum; - u_char seq[8]; - - int32_t seq_number; - size_t len, total_len; - - krb5_crypto crypto; - krb5_error_code kret; - krb5_data encdata; - char *tmp; - char ivec[8]; - - gssapi_krb5_encap_length (36, &len, &total_len, GSS_KRB5_MECHANISM); - - message_token->length = total_len; - message_token->value = malloc (total_len); - if (message_token->value == NULL) { - message_token->length = 0; - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = gssapi_krb5_make_header(message_token->value, - len, - "\x01\x01", /* TOK-ID */ - GSS_KRB5_MECHANISM); - - memcpy (p, "\x04\x00", 2); /* SGN_ALG = HMAC SHA1 DES3-KD */ - p += 2; - - memcpy (p, "\xff\xff\xff\xff", 4); /* filler */ - p += 4; - - /* this should be done in parts */ - - tmp = malloc (message_buffer->length + 8); - if (tmp == NULL) { - free (message_token->value); - message_token->value = NULL; - message_token->length = 0; - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy (tmp, p - 8, 8); - memcpy (tmp + 8, message_buffer->value, message_buffer->length); - - kret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); - if (kret) { - free (message_token->value); - message_token->value = NULL; - message_token->length = 0; - free (tmp); - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - kret = krb5_create_checksum (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SIGN, - 0, - tmp, - message_buffer->length + 8, - &cksum); - free (tmp); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (kret) { - free (message_token->value); - message_token->value = NULL; - message_token->length = 0; - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - memcpy (p + 8, cksum.checksum.data, cksum.checksum.length); - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - /* sequence number */ - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - - seq[0] = (seq_number >> 0) & 0xFF; - seq[1] = (seq_number >> 8) & 0xFF; - seq[2] = (seq_number >> 16) & 0xFF; - seq[3] = (seq_number >> 24) & 0xFF; - memset (seq + 4, - (context_handle->more_flags & LOCAL) ? 0 : 0xFF, - 4); - - kret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE, &crypto); - if (kret) { - free (message_token->value); - message_token->value = NULL; - message_token->length = 0; - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - if (context_handle->more_flags & COMPAT_OLD_DES3) - memset(ivec, 0, 8); - else - memcpy(ivec, p + 8, 8); - - kret = krb5_encrypt_ivec (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - seq, 8, &encdata, ivec); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (kret) { - free (message_token->value); - message_token->value = NULL; - message_token->length = 0; - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - assert (encdata.length == 8); - - memcpy (p, encdata.data, encdata.length); - krb5_data_free (&encdata); - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - free_Checksum (&cksum); - *minor_status = 0; - return GSS_S_COMPLETE; -} - -OM_uint32 gss_get_mic - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token - ) -{ - krb5_keyblock *key; - OM_uint32 ret; - krb5_keytype keytype; - - ret = gss_krb5_get_subkey(context_handle, &key); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); - - switch (keytype) { - case KEYTYPE_DES : - ret = mic_des (minor_status, context_handle, qop_req, - message_buffer, message_token, key); - break; - case KEYTYPE_DES3 : - ret = mic_des3 (minor_status, context_handle, qop_req, - message_buffer, message_token, key); - break; - case KEYTYPE_ARCFOUR: - case KEYTYPE_ARCFOUR_56: - ret = _gssapi_get_mic_arcfour (minor_status, context_handle, qop_req, - message_buffer, message_token, key); - break; - default : - ret = _gssapi_mic_cfx (minor_status, context_handle, qop_req, - message_buffer, message_token, key); - break; - } - krb5_free_keyblock (gssapi_krb5_context, key); - return ret; -} diff --git a/source4/heimdal/lib/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi.h index eac2737f43..340b35377d 100644 --- a/source4/heimdal/lib/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,802 +31,11 @@ * SUCH DAMAGE. */ -/* $Id: gssapi.h,v 1.40 2006/05/05 11:08:29 lha Exp $ */ +/* $Id: gssapi.h,v 1.50 2006/10/07 20:57:15 lha Exp $ */ #ifndef GSSAPI_H_ #define GSSAPI_H_ -/* - * First, include stddef.h to get size_t defined. - */ -#include - -#include - -/* - * Now define the three implementation-dependent types. - */ - -typedef uint32_t OM_uint32; - -typedef uint32_t gss_uint32; - -/* - * This is to avoid having to include - */ - -struct krb5_auth_context_data; - -struct Principal; - -/* typedef void *gss_name_t; */ - -typedef struct Principal *gss_name_t; - -struct gss_ctx_id_t_desc_struct; -typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t; - -typedef struct gss_OID_desc_struct { - OM_uint32 length; - void *elements; -} gss_OID_desc, *gss_OID; - -typedef struct gss_OID_set_desc_struct { - size_t count; - gss_OID elements; -} gss_OID_set_desc, *gss_OID_set; - -struct krb5_keytab_data; - -struct krb5_ccache_data; - -typedef int gss_cred_usage_t; - -struct gss_cred_id_t_desc_struct; -typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t; - -typedef struct gss_buffer_desc_struct { - size_t length; - void *value; -} gss_buffer_desc, *gss_buffer_t; - -typedef struct gss_channel_bindings_struct { - OM_uint32 initiator_addrtype; - gss_buffer_desc initiator_address; - OM_uint32 acceptor_addrtype; - gss_buffer_desc acceptor_address; - gss_buffer_desc application_data; -} *gss_channel_bindings_t; - -/* - * For now, define a QOP-type as an OM_uint32 - */ -typedef OM_uint32 gss_qop_t; - -/* - * Flag bits for context-level services. - */ -#define GSS_C_DELEG_FLAG 1 /* 0x00000001 */ -#define GSS_C_MUTUAL_FLAG 2 /* 0x00000002 */ -#define GSS_C_REPLAY_FLAG 4 /* 0x00000004 */ -#define GSS_C_SEQUENCE_FLAG 8 /* 0x00000008 */ -#define GSS_C_CONF_FLAG 16 /* 0x00000010 */ -#define GSS_C_INTEG_FLAG 32 /* 0x00000020 */ -#define GSS_C_ANON_FLAG 64 /* 0x00000040 */ -#define GSS_C_PROT_READY_FLAG 128 /* 0x00000080 */ -#define GSS_C_TRANS_FLAG 256 /* 0x00000100 */ - -/* these are from draft-brezak-win2k-krb-rc4-hmac-04.txt */ -#define GSS_C_DCE_STYLE 4096 /* 0x00001000 */ -#define GSS_C_IDENTIFY_FLAG 8192 /* 0x00002000 */ -#define GSS_C_EXTENDED_ERROR_FLAG 16384 /* 0x00004000 */ - -/* - * Credential usage options - */ -#define GSS_C_BOTH 0 -#define GSS_C_INITIATE 1 -#define GSS_C_ACCEPT 2 - -/* - * Status code types for gss_display_status - */ -#define GSS_C_GSS_CODE 1 -#define GSS_C_MECH_CODE 2 - -/* - * The constant definitions for channel-bindings address families - */ -#define GSS_C_AF_UNSPEC 0 -#define GSS_C_AF_LOCAL 1 -#define GSS_C_AF_INET 2 -#define GSS_C_AF_IMPLINK 3 -#define GSS_C_AF_PUP 4 -#define GSS_C_AF_CHAOS 5 -#define GSS_C_AF_NS 6 -#define GSS_C_AF_NBS 7 -#define GSS_C_AF_ECMA 8 -#define GSS_C_AF_DATAKIT 9 -#define GSS_C_AF_CCITT 10 -#define GSS_C_AF_SNA 11 -#define GSS_C_AF_DECnet 12 -#define GSS_C_AF_DLI 13 -#define GSS_C_AF_LAT 14 -#define GSS_C_AF_HYLINK 15 -#define GSS_C_AF_APPLETALK 16 -#define GSS_C_AF_BSC 17 -#define GSS_C_AF_DSS 18 -#define GSS_C_AF_OSI 19 -#define GSS_C_AF_X25 21 -#define GSS_C_AF_INET6 24 - -#define GSS_C_AF_NULLADDR 255 - -/* - * Various Null values - */ -#define GSS_C_NO_NAME ((gss_name_t) 0) -#define GSS_C_NO_BUFFER ((gss_buffer_t) 0) -#define GSS_C_NO_OID ((gss_OID) 0) -#define GSS_C_NO_OID_SET ((gss_OID_set) 0) -#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) -#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) -#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) -#define GSS_C_EMPTY_BUFFER {0, NULL} - -/* - * Some alternate names for a couple of the above - * values. These are defined for V1 compatibility. - */ -#define GSS_C_NULL_OID GSS_C_NO_OID -#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET - -/* - * Define the default Quality of Protection for per-message - * services. Note that an implementation that offers multiple - * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero - * (as done here) to mean "default protection", or to a specific - * explicit QOP value. However, a value of 0 should always be - * interpreted by a GSSAPI implementation as a request for the - * default protection level. - */ -#define GSS_C_QOP_DEFAULT 0 - -#define GSS_KRB5_CONF_C_QOP_DES 0x0100 -#define GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200 - -/* - * Expiration time of 2^32-1 seconds means infinite lifetime for a - * credential or security context - */ -#define GSS_C_INDEFINITE 0xfffffffful - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x01"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant - * GSS_C_NT_USER_NAME should be initialized to point - * to that gss_OID_desc. - */ -extern gss_OID GSS_C_NT_USER_NAME; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x02"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. - * The constant GSS_C_NT_MACHINE_UID_NAME should be - * initialized to point to that gss_OID_desc. - */ -extern gss_OID GSS_C_NT_MACHINE_UID_NAME; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x03"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. - * The constant GSS_C_NT_STRING_UID_NAME should be - * initialized to point to that gss_OID_desc. - */ -extern gss_OID GSS_C_NT_STRING_UID_NAME; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, - * corresponding to an object-identifier value of - * {iso(1) org(3) dod(6) internet(1) security(5) - * nametypes(6) gss-host-based-services(2)). The constant - * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point - * to that gss_OID_desc. This is a deprecated OID value, and - * implementations wishing to support hostbased-service names - * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, - * defined below, to identify such names; - * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym - * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input - * parameter, but should not be emitted by GSS-API - * implementations - */ -extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x04"}, corresponding to an - * object-identifier value of {iso(1) member-body(2) - * Unites States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) service_name(4)}. The constant - * GSS_C_NT_HOSTBASED_SERVICE should be initialized - * to point to that gss_OID_desc. - */ -extern gss_OID GSS_C_NT_HOSTBASED_SERVICE; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, - * corresponding to an object identifier value of - * {1(iso), 3(org), 6(dod), 1(internet), 5(security), - * 6(nametypes), 3(gss-anonymous-name)}. The constant - * and GSS_C_NT_ANONYMOUS should be initialized to point - * to that gss_OID_desc. - */ -extern gss_OID GSS_C_NT_ANONYMOUS; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, - * corresponding to an object-identifier value of - * {1(iso), 3(org), 6(dod), 1(internet), 5(security), - * 6(nametypes), 4(gss-api-exported-name)}. The constant - * GSS_C_NT_EXPORT_NAME should be initialized to point - * to that gss_OID_desc. - */ -extern gss_OID GSS_C_NT_EXPORT_NAME; - -/* - * RFC2478, SPNEGO: - * The security mechanism of the initial - * negotiation token is identified by the Object Identifier - * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). - */ -extern gss_OID GSS_SPNEGO_MECHANISM; - -/* - * This if for kerberos5 names. - */ - -extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME; -extern gss_OID GSS_KRB5_NT_USER_NAME; -extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME; -extern gss_OID GSS_KRB5_NT_STRING_UID_NAME; - -extern gss_OID GSS_KRB5_MECHANISM; - -/* for compatibility with MIT api */ - -#define gss_mech_krb5 GSS_KRB5_MECHANISM -#define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME +#include -/* Major status codes */ - -#define GSS_S_COMPLETE 0 - -/* - * Some "helper" definitions to make the status code macros obvious. - */ -#define GSS_C_CALLING_ERROR_OFFSET 24 -#define GSS_C_ROUTINE_ERROR_OFFSET 16 -#define GSS_C_SUPPLEMENTARY_OFFSET 0 -#define GSS_C_CALLING_ERROR_MASK 0377ul -#define GSS_C_ROUTINE_ERROR_MASK 0377ul -#define GSS_C_SUPPLEMENTARY_MASK 0177777ul - -/* - * The macros that test status codes for error conditions. - * Note that the GSS_ERROR() macro has changed slightly from - * the V1 GSSAPI so that it now evaluates its argument - * only once. - */ -#define GSS_CALLING_ERROR(x) \ - (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) -#define GSS_ROUTINE_ERROR(x) \ - (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) -#define GSS_SUPPLEMENTARY_INFO(x) \ - (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) -#define GSS_ERROR(x) \ - (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ - (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) - -/* - * Now the actual status code definitions - */ - -/* - * Calling errors: - */ -#define GSS_S_CALL_INACCESSIBLE_READ \ - (1ul << GSS_C_CALLING_ERROR_OFFSET) -#define GSS_S_CALL_INACCESSIBLE_WRITE \ - (2ul << GSS_C_CALLING_ERROR_OFFSET) -#define GSS_S_CALL_BAD_STRUCTURE \ - (3ul << GSS_C_CALLING_ERROR_OFFSET) - -/* - * Routine errors: - */ -#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET) - -#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_MIC GSS_S_BAD_SIG -#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET) - -/* - * Supplementary info bits: - */ -#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) -#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) -#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) -#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) -#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) - -/* - * From RFC1964: - * - * 4.1.1. Non-Kerberos-specific codes - */ - -#define GSS_KRB5_S_G_BAD_SERVICE_NAME 1 - /* "No @ in SERVICE-NAME name string" */ -#define GSS_KRB5_S_G_BAD_STRING_UID 2 - /* "STRING-UID-NAME contains nondigits" */ -#define GSS_KRB5_S_G_NOUSER 3 - /* "UID does not resolve to username" */ -#define GSS_KRB5_S_G_VALIDATE_FAILED 4 - /* "Validation error" */ -#define GSS_KRB5_S_G_BUFFER_ALLOC 5 - /* "Couldn't allocate gss_buffer_t data" */ -#define GSS_KRB5_S_G_BAD_MSG_CTX 6 - /* "Message context invalid" */ -#define GSS_KRB5_S_G_WRONG_SIZE 7 - /* "Buffer is the wrong size" */ -#define GSS_KRB5_S_G_BAD_USAGE 8 - /* "Credential usage type is unknown" */ -#define GSS_KRB5_S_G_UNKNOWN_QOP 9 - /* "Unknown quality of protection specified" */ - - /* - * 4.1.2. Kerberos-specific-codes - */ - -#define GSS_KRB5_S_KG_CCACHE_NOMATCH 10 - /* "Principal in credential cache does not match desired name" */ -#define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11 - /* "No principal in keytab matches desired name" */ -#define GSS_KRB5_S_KG_TGT_MISSING 12 - /* "Credential cache has no TGT" */ -#define GSS_KRB5_S_KG_NO_SUBKEY 13 - /* "Authenticator has no subkey" */ -#define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14 - /* "Context is already fully established" */ -#define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15 - /* "Unknown signature type in token" */ -#define GSS_KRB5_S_KG_BAD_LENGTH 16 - /* "Invalid field length in token" */ -#define GSS_KRB5_S_KG_CTX_INCOMPLETE 17 - /* "Attempt to use incomplete security context" */ - -/* - * Finally, function prototypes for the GSS-API routines. - */ - - -OM_uint32 gss_acquire_cred - (OM_uint32 * /*minor_status*/, - const gss_name_t /*desired_name*/, - OM_uint32 /*time_req*/, - const gss_OID_set /*desired_mechs*/, - gss_cred_usage_t /*cred_usage*/, - gss_cred_id_t * /*output_cred_handle*/, - gss_OID_set * /*actual_mechs*/, - OM_uint32 * /*time_rec*/ - ); - -OM_uint32 gss_release_cred - (OM_uint32 * /*minor_status*/, - gss_cred_id_t * /*cred_handle*/ - ); - -OM_uint32 gss_init_sec_context - (OM_uint32 * /*minor_status*/, - const gss_cred_id_t /*initiator_cred_handle*/, - gss_ctx_id_t * /*context_handle*/, - const gss_name_t /*target_name*/, - const gss_OID /*mech_type*/, - OM_uint32 /*req_flags*/, - OM_uint32 /*time_req*/, - const gss_channel_bindings_t /*input_chan_bindings*/, - const gss_buffer_t /*input_token*/, - gss_OID * /*actual_mech_type*/, - gss_buffer_t /*output_token*/, - OM_uint32 * /*ret_flags*/, - OM_uint32 * /*time_rec*/ - ); - -OM_uint32 gss_accept_sec_context - (OM_uint32 * /*minor_status*/, - gss_ctx_id_t * /*context_handle*/, - const gss_cred_id_t /*acceptor_cred_handle*/, - const gss_buffer_t /*input_token_buffer*/, - const gss_channel_bindings_t /*input_chan_bindings*/, - gss_name_t * /*src_name*/, - gss_OID * /*mech_type*/, - gss_buffer_t /*output_token*/, - OM_uint32 * /*ret_flags*/, - OM_uint32 * /*time_rec*/, - gss_cred_id_t * /*delegated_cred_handle*/ - ); - -OM_uint32 gss_process_context_token - (OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - const gss_buffer_t /*token_buffer*/ - ); - -OM_uint32 gss_delete_sec_context - (OM_uint32 * /*minor_status*/, - gss_ctx_id_t * /*context_handle*/, - gss_buffer_t /*output_token*/ - ); - -OM_uint32 gss_context_time - (OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - OM_uint32 * /*time_rec*/ - ); - -OM_uint32 gss_get_mic - (OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - gss_qop_t /*qop_req*/, - const gss_buffer_t /*message_buffer*/, - gss_buffer_t /*message_token*/ - ); - -OM_uint32 gss_verify_mic - (OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - const gss_buffer_t /*message_buffer*/, - const gss_buffer_t /*token_buffer*/, - gss_qop_t * /*qop_state*/ - ); - -OM_uint32 gss_wrap - (OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - int /*conf_req_flag*/, - gss_qop_t /*qop_req*/, - const gss_buffer_t /*input_message_buffer*/, - int * /*conf_state*/, - gss_buffer_t /*output_message_buffer*/ - ); - -OM_uint32 gss_unwrap - (OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - const gss_buffer_t /*input_message_buffer*/, - gss_buffer_t /*output_message_buffer*/, - int * /*conf_state*/, - gss_qop_t * /*qop_state*/ - ); - -OM_uint32 gss_display_status - (OM_uint32 * /*minor_status*/, - OM_uint32 /*status_value*/, - int /*status_type*/, - const gss_OID /*mech_type*/, - OM_uint32 * /*message_context*/, - gss_buffer_t /*status_string*/ - ); - -OM_uint32 gss_indicate_mechs - (OM_uint32 * /*minor_status*/, - gss_OID_set * /*mech_set*/ - ); - -OM_uint32 gss_compare_name - (OM_uint32 * /*minor_status*/, - const gss_name_t /*name1*/, - const gss_name_t /*name2*/, - int * /*name_equal*/ - ); - -OM_uint32 gss_display_name - (OM_uint32 * /*minor_status*/, - const gss_name_t /*input_name*/, - gss_buffer_t /*output_name_buffer*/, - gss_OID * /*output_name_type*/ - ); - -OM_uint32 gss_import_name - (OM_uint32 * /*minor_status*/, - const gss_buffer_t /*input_name_buffer*/, - const gss_OID /*input_name_type*/, - gss_name_t * /*output_name*/ - ); - -OM_uint32 gss_export_name - (OM_uint32 * /*minor_status*/, - const gss_name_t /*input_name*/, - gss_buffer_t /*exported_name*/ - ); - -OM_uint32 gss_release_name - (OM_uint32 * /*minor_status*/, - gss_name_t * /*input_name*/ - ); - -OM_uint32 gss_release_buffer - (OM_uint32 * /*minor_status*/, - gss_buffer_t /*buffer*/ - ); - -OM_uint32 gss_release_oid_set - (OM_uint32 * /*minor_status*/, - gss_OID_set * /*set*/ - ); - -OM_uint32 gss_inquire_cred - (OM_uint32 * /*minor_status*/, - const gss_cred_id_t /*cred_handle*/, - gss_name_t * /*name*/, - OM_uint32 * /*lifetime*/, - gss_cred_usage_t * /*cred_usage*/, - gss_OID_set * /*mechanisms*/ - ); - -OM_uint32 gss_inquire_context ( - OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - gss_name_t * /*src_name*/, - gss_name_t * /*targ_name*/, - OM_uint32 * /*lifetime_rec*/, - gss_OID * /*mech_type*/, - OM_uint32 * /*ctx_flags*/, - int * /*locally_initiated*/, - int * /*open_context*/ - ); - -OM_uint32 gsskrb5_wrap_size ( - OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - int /*conf_req_flag*/, - gss_qop_t /*qop_req*/, - OM_uint32 /*req_input_size*/, - OM_uint32 * /*output_size*/ - ); - -OM_uint32 gss_wrap_size_limit ( - OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - int /*conf_req_flag*/, - gss_qop_t /*qop_req*/, - OM_uint32 /*req_output_size*/, - OM_uint32 * /*max_input_size*/ - ); - -OM_uint32 gss_add_cred ( - OM_uint32 * /*minor_status*/, - const gss_cred_id_t /*input_cred_handle*/, - const gss_name_t /*desired_name*/, - const gss_OID /*desired_mech*/, - gss_cred_usage_t /*cred_usage*/, - OM_uint32 /*initiator_time_req*/, - OM_uint32 /*acceptor_time_req*/, - gss_cred_id_t * /*output_cred_handle*/, - gss_OID_set * /*actual_mechs*/, - OM_uint32 * /*initiator_time_rec*/, - OM_uint32 * /*acceptor_time_rec*/ - ); - -OM_uint32 gss_inquire_cred_by_mech ( - OM_uint32 * /*minor_status*/, - const gss_cred_id_t /*cred_handle*/, - const gss_OID /*mech_type*/, - gss_name_t * /*name*/, - OM_uint32 * /*initiator_lifetime*/, - OM_uint32 * /*acceptor_lifetime*/, - gss_cred_usage_t * /*cred_usage*/ - ); - -OM_uint32 gss_export_sec_context ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t * /*context_handle*/, - gss_buffer_t /*interprocess_token*/ - ); - -OM_uint32 gss_import_sec_context ( - OM_uint32 * /*minor_status*/, - const gss_buffer_t /*interprocess_token*/, - gss_ctx_id_t * /*context_handle*/ - ); - -OM_uint32 gss_create_empty_oid_set ( - OM_uint32 * /*minor_status*/, - gss_OID_set * /*oid_set*/ - ); - -OM_uint32 gss_add_oid_set_member ( - OM_uint32 * /*minor_status*/, - const gss_OID /*member_oid*/, - gss_OID_set * /*oid_set*/ - ); - -OM_uint32 gss_test_oid_set_member ( - OM_uint32 * /*minor_status*/, - const gss_OID /*member*/, - const gss_OID_set /*set*/, - int * /*present*/ - ); - -OM_uint32 gss_inquire_names_for_mech ( - OM_uint32 * /*minor_status*/, - const gss_OID /*mechanism*/, - gss_OID_set * /*name_types*/ - ); - -OM_uint32 gss_inquire_mechs_for_name ( - OM_uint32 * /*minor_status*/, - const gss_name_t /*input_name*/, - gss_OID_set * /*mech_types*/ - ); - -OM_uint32 gss_canonicalize_name ( - OM_uint32 * /*minor_status*/, - const gss_name_t /*input_name*/, - const gss_OID /*mech_type*/, - gss_name_t * /*output_name*/ - ); - -OM_uint32 gss_duplicate_name ( - OM_uint32 * /*minor_status*/, - const gss_name_t /*src_name*/, - gss_name_t * /*dest_name*/ - ); - -/* - * The following routines are obsolete variants of gss_get_mic, - * gss_verify_mic, gss_wrap and gss_unwrap. They should be - * provided by GSSAPI V2 implementations for backwards - * compatibility with V1 applications. Distinct entrypoints - * (as opposed to #defines) should be provided, both to allow - * GSSAPI V1 applications to link against GSSAPI V2 implementations, - * and to retain the slight parameter type differences between the - * obsolete versions of these routines and their current forms. - */ - -OM_uint32 gss_sign - (OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - int /*qop_req*/, - gss_buffer_t /*message_buffer*/, - gss_buffer_t /*message_token*/ - ); - -OM_uint32 gss_verify - (OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - gss_buffer_t /*message_buffer*/, - gss_buffer_t /*token_buffer*/, - int * /*qop_state*/ - ); - -OM_uint32 gss_seal - (OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - int /*conf_req_flag*/, - int /*qop_req*/, - gss_buffer_t /*input_message_buffer*/, - int * /*conf_state*/, - gss_buffer_t /*output_message_buffer*/ - ); - -OM_uint32 gss_unseal - (OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - gss_buffer_t /*input_message_buffer*/, - gss_buffer_t /*output_message_buffer*/, - int * /*conf_state*/, - int * /*qop_state*/ - ); - -/* - * kerberos mechanism specific functions - */ - -OM_uint32 -gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, - const char * /*name */, - const char ** /*out_name */); - -OM_uint32 gsskrb5_register_acceptor_identity - (const char */*identity*/); - -OM_uint32 gss_krb5_copy_ccache - (OM_uint32 */*minor*/, - gss_cred_id_t /*cred*/, - struct krb5_ccache_data */*out*/); - -OM_uint32 gss_krb5_copy_service_keyblock - (OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - struct EncryptionKey **out); - -OM_uint32 gss_krb5_import_cred(OM_uint32 *minor_status, - struct krb5_ccache_data * /* id */, - struct Principal * /* keytab_principal */, - struct krb5_keytab_data * /* keytab */, - gss_cred_id_t */* cred */); - -OM_uint32 gss_krb5_get_tkt_flags - (OM_uint32 */*minor*/, - gss_ctx_id_t /*context_handle*/, - OM_uint32 */*tkt_flags*/); - -OM_uint32 -gsskrb5_extract_authz_data_from_sec_context - (OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - int /*ad_type*/, - gss_buffer_t /*ad_data*/); -OM_uint32 -gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - time_t *authtime); -OM_uint32 -gsskrb5_get_initiator_subkey - (OM_uint32 * /*minor_status*/, - const gss_ctx_id_t context_handle, - gss_buffer_t /* subkey */); - -#define GSS_C_KRB5_COMPAT_DES3_MIC 1 - -OM_uint32 -gss_krb5_compat_des3_mic(OM_uint32 *, gss_ctx_id_t, int); - -#ifdef __cplusplus -} #endif - -#endif /* GSSAPI_H_ */ diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h new file mode 100644 index 0000000000..238907653e --- /dev/null +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h @@ -0,0 +1,837 @@ +/* + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: gssapi.h,v 1.5 2006/10/19 07:11:14 lha Exp $ */ + +#ifndef GSSAPI_GSSAPI_H_ +#define GSSAPI_GSSAPI_H_ + +/* + * First, include stddef.h to get size_t defined. + */ +#include + +#include + +/* + * Now define the three implementation-dependent types. + */ + +typedef uint32_t OM_uint32; +typedef uint64_t OM_uint64; + +typedef uint32_t gss_uint32; + +struct gss_name_t_desc_struct; +typedef struct gss_name_t_desc_struct *gss_name_t; + +struct gss_ctx_id_t_desc_struct; +typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t; + +typedef struct gss_OID_desc_struct { + OM_uint32 length; + void *elements; +} gss_OID_desc, *gss_OID; + +typedef struct gss_OID_set_desc_struct { + size_t count; + gss_OID elements; +} gss_OID_set_desc, *gss_OID_set; + +typedef int gss_cred_usage_t; + +struct gss_cred_id_t_desc_struct; +typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t; + +typedef struct gss_buffer_desc_struct { + size_t length; + void *value; +} gss_buffer_desc, *gss_buffer_t; + +typedef struct gss_channel_bindings_struct { + OM_uint32 initiator_addrtype; + gss_buffer_desc initiator_address; + OM_uint32 acceptor_addrtype; + gss_buffer_desc acceptor_address; + gss_buffer_desc application_data; +} *gss_channel_bindings_t; + +/* GGF extension data types */ +typedef struct gss_buffer_set_desc_struct { + size_t count; + gss_buffer_desc *elements; +} gss_buffer_set_desc, *gss_buffer_set_t; + +/* + * For now, define a QOP-type as an OM_uint32 + */ +typedef OM_uint32 gss_qop_t; + +/* + * Flag bits for context-level services. + */ +#define GSS_C_DELEG_FLAG 1 +#define GSS_C_MUTUAL_FLAG 2 +#define GSS_C_REPLAY_FLAG 4 +#define GSS_C_SEQUENCE_FLAG 8 +#define GSS_C_CONF_FLAG 16 +#define GSS_C_INTEG_FLAG 32 +#define GSS_C_ANON_FLAG 64 +#define GSS_C_PROT_READY_FLAG 128 +#define GSS_C_TRANS_FLAG 256 + +#define GSS_C_DCE_STYLE 4096 +#define GSS_C_IDENTIFY_FLAG 8192 +#define GSS_C_EXTENDED_ERROR_FLAG 16384 + +/* + * Credential usage options + */ +#define GSS_C_BOTH 0 +#define GSS_C_INITIATE 1 +#define GSS_C_ACCEPT 2 + +/* + * Status code types for gss_display_status + */ +#define GSS_C_GSS_CODE 1 +#define GSS_C_MECH_CODE 2 + +/* + * The constant definitions for channel-bindings address families + */ +#define GSS_C_AF_UNSPEC 0 +#define GSS_C_AF_LOCAL 1 +#define GSS_C_AF_INET 2 +#define GSS_C_AF_IMPLINK 3 +#define GSS_C_AF_PUP 4 +#define GSS_C_AF_CHAOS 5 +#define GSS_C_AF_NS 6 +#define GSS_C_AF_NBS 7 +#define GSS_C_AF_ECMA 8 +#define GSS_C_AF_DATAKIT 9 +#define GSS_C_AF_CCITT 10 +#define GSS_C_AF_SNA 11 +#define GSS_C_AF_DECnet 12 +#define GSS_C_AF_DLI 13 +#define GSS_C_AF_LAT 14 +#define GSS_C_AF_HYLINK 15 +#define GSS_C_AF_APPLETALK 16 +#define GSS_C_AF_BSC 17 +#define GSS_C_AF_DSS 18 +#define GSS_C_AF_OSI 19 +#define GSS_C_AF_X25 21 +#define GSS_C_AF_INET6 24 + +#define GSS_C_AF_NULLADDR 255 + +/* + * Various Null values + */ +#define GSS_C_NO_NAME ((gss_name_t) 0) +#define GSS_C_NO_BUFFER ((gss_buffer_t) 0) +#define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0) +#define GSS_C_NO_OID ((gss_OID) 0) +#define GSS_C_NO_OID_SET ((gss_OID_set) 0) +#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) +#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) +#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) +#define GSS_C_EMPTY_BUFFER {0, NULL} + +/* + * Some alternate names for a couple of the above + * values. These are defined for V1 compatibility. + */ +#define GSS_C_NULL_OID GSS_C_NO_OID +#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET + +/* + * Define the default Quality of Protection for per-message + * services. Note that an implementation that offers multiple + * levels of QOP may define GSS_C_QOP_DEFAULT to be either zero + * (as done here) to mean "default protection", or to a specific + * explicit QOP value. However, a value of 0 should always be + * interpreted by a GSSAPI implementation as a request for the + * default protection level. + */ +#define GSS_C_QOP_DEFAULT 0 + +#define GSS_KRB5_CONF_C_QOP_DES 0x0100 +#define GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200 + +/* + * Expiration time of 2^32-1 seconds means infinite lifetime for a + * credential or security context + */ +#define GSS_C_INDEFINITE 0xfffffffful + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x01"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant + * GSS_C_NT_USER_NAME should be initialized to point + * to that gss_OID_desc. + */ +extern gss_OID GSS_C_NT_USER_NAME; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x02"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. + * The constant GSS_C_NT_MACHINE_UID_NAME should be + * initialized to point to that gss_OID_desc. + */ +extern gss_OID GSS_C_NT_MACHINE_UID_NAME; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x03"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. + * The constant GSS_C_NT_STRING_UID_NAME should be + * initialized to point to that gss_OID_desc. + */ +extern gss_OID GSS_C_NT_STRING_UID_NAME; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, + * corresponding to an object-identifier value of + * {iso(1) org(3) dod(6) internet(1) security(5) + * nametypes(6) gss-host-based-services(2)). The constant + * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point + * to that gss_OID_desc. This is a deprecated OID value, and + * implementations wishing to support hostbased-service names + * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, + * defined below, to identify such names; + * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym + * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input + * parameter, but should not be emitted by GSS-API + * implementations + */ +extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x04"}, corresponding to an + * object-identifier value of {iso(1) member-body(2) + * Unites States(840) mit(113554) infosys(1) gssapi(2) + * generic(1) service_name(4)}. The constant + * GSS_C_NT_HOSTBASED_SERVICE should be initialized + * to point to that gss_OID_desc. + */ +extern gss_OID GSS_C_NT_HOSTBASED_SERVICE; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, + * corresponding to an object identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 3(gss-anonymous-name)}. The constant + * and GSS_C_NT_ANONYMOUS should be initialized to point + * to that gss_OID_desc. + */ +extern gss_OID GSS_C_NT_ANONYMOUS; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, + * corresponding to an object-identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 4(gss-api-exported-name)}. The constant + * GSS_C_NT_EXPORT_NAME should be initialized to point + * to that gss_OID_desc. + */ +extern gss_OID GSS_C_NT_EXPORT_NAME; + +/* + * Digest mechanism + */ + +extern gss_OID GSS_SASL_DIGEST_MD5_MECHANISM; + +/* Major status codes */ + +#define GSS_S_COMPLETE 0 + +/* + * Some "helper" definitions to make the status code macros obvious. + */ +#define GSS_C_CALLING_ERROR_OFFSET 24 +#define GSS_C_ROUTINE_ERROR_OFFSET 16 +#define GSS_C_SUPPLEMENTARY_OFFSET 0 +#define GSS_C_CALLING_ERROR_MASK 0377ul +#define GSS_C_ROUTINE_ERROR_MASK 0377ul +#define GSS_C_SUPPLEMENTARY_MASK 0177777ul + +/* + * The macros that test status codes for error conditions. + * Note that the GSS_ERROR() macro has changed slightly from + * the V1 GSSAPI so that it now evaluates its argument + * only once. + */ +#define GSS_CALLING_ERROR(x) \ + (x & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) +#define GSS_ROUTINE_ERROR(x) \ + (x & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) +#define GSS_SUPPLEMENTARY_INFO(x) \ + (x & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) +#define GSS_ERROR(x) \ + (x & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ + (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) + +/* + * Now the actual status code definitions + */ + +/* + * Calling errors: + */ +#define GSS_S_CALL_INACCESSIBLE_READ \ + (1ul << GSS_C_CALLING_ERROR_OFFSET) +#define GSS_S_CALL_INACCESSIBLE_WRITE \ + (2ul << GSS_C_CALLING_ERROR_OFFSET) +#define GSS_S_CALL_BAD_STRUCTURE \ + (3ul << GSS_C_CALLING_ERROR_OFFSET) + +/* + * Routine errors: + */ +#define GSS_S_BAD_MECH (1ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_NAME (2ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_NAMETYPE (3ul << GSS_C_ROUTINE_ERROR_OFFSET) + +#define GSS_S_BAD_BINDINGS (4ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_STATUS (5ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_SIG (6ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_MIC GSS_S_BAD_SIG +#define GSS_S_NO_CRED (7ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_NO_CONTEXT (8ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_DEFECTIVE_TOKEN (9ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_DEFECTIVE_CREDENTIAL (10ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_CREDENTIALS_EXPIRED (11ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_CONTEXT_EXPIRED (12ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_FAILURE (13ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_QOP (14ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_UNAUTHORIZED (15ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET) + +/* + * Supplementary info bits: + */ +#define GSS_S_CONTINUE_NEEDED (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) +#define GSS_S_DUPLICATE_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) +#define GSS_S_OLD_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) +#define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) +#define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) + +/* + * From RFC1964: + * + * 4.1.1. Non-Kerberos-specific codes + */ + +#define GSS_KRB5_S_G_BAD_SERVICE_NAME 1 + /* "No @ in SERVICE-NAME name string" */ +#define GSS_KRB5_S_G_BAD_STRING_UID 2 + /* "STRING-UID-NAME contains nondigits" */ +#define GSS_KRB5_S_G_NOUSER 3 + /* "UID does not resolve to username" */ +#define GSS_KRB5_S_G_VALIDATE_FAILED 4 + /* "Validation error" */ +#define GSS_KRB5_S_G_BUFFER_ALLOC 5 + /* "Couldn't allocate gss_buffer_t data" */ +#define GSS_KRB5_S_G_BAD_MSG_CTX 6 + /* "Message context invalid" */ +#define GSS_KRB5_S_G_WRONG_SIZE 7 + /* "Buffer is the wrong size" */ +#define GSS_KRB5_S_G_BAD_USAGE 8 + /* "Credential usage type is unknown" */ +#define GSS_KRB5_S_G_UNKNOWN_QOP 9 + /* "Unknown quality of protection specified" */ + + /* + * 4.1.2. Kerberos-specific-codes + */ + +#define GSS_KRB5_S_KG_CCACHE_NOMATCH 10 + /* "Principal in credential cache does not match desired name" */ +#define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11 + /* "No principal in keytab matches desired name" */ +#define GSS_KRB5_S_KG_TGT_MISSING 12 + /* "Credential cache has no TGT" */ +#define GSS_KRB5_S_KG_NO_SUBKEY 13 + /* "Authenticator has no subkey" */ +#define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14 + /* "Context is already fully established" */ +#define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15 + /* "Unknown signature type in token" */ +#define GSS_KRB5_S_KG_BAD_LENGTH 16 + /* "Invalid field length in token" */ +#define GSS_KRB5_S_KG_CTX_INCOMPLETE 17 + /* "Attempt to use incomplete security context" */ + +/* + * This is used to make sure mechs that don't want to have external + * references don't get any prototypes, and thus can get warnings. + */ + +/* + * Finally, function prototypes for the GSS-API routines. + */ + +OM_uint32 gss_acquire_cred + (OM_uint32 * /*minor_status*/, + const gss_name_t /*desired_name*/, + OM_uint32 /*time_req*/, + const gss_OID_set /*desired_mechs*/, + gss_cred_usage_t /*cred_usage*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * /*time_rec*/ + ); + +OM_uint32 gss_release_cred + (OM_uint32 * /*minor_status*/, + gss_cred_id_t * /*cred_handle*/ + ); + +OM_uint32 gss_init_sec_context + (OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*initiator_cred_handle*/, + gss_ctx_id_t * /*context_handle*/, + const gss_name_t /*target_name*/, + const gss_OID /*mech_type*/, + OM_uint32 /*req_flags*/, + OM_uint32 /*time_req*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + const gss_buffer_t /*input_token*/, + gss_OID * /*actual_mech_type*/, + gss_buffer_t /*output_token*/, + OM_uint32 * /*ret_flags*/, + OM_uint32 * /*time_rec*/ + ); + +OM_uint32 gss_accept_sec_context + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + const gss_cred_id_t /*acceptor_cred_handle*/, + const gss_buffer_t /*input_token_buffer*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + gss_name_t * /*src_name*/, + gss_OID * /*mech_type*/, + gss_buffer_t /*output_token*/, + OM_uint32 * /*ret_flags*/, + OM_uint32 * /*time_rec*/, + gss_cred_id_t * /*delegated_cred_handle*/ + ); + +OM_uint32 gss_process_context_token + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t /*token_buffer*/ + ); + +OM_uint32 gss_delete_sec_context + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + gss_buffer_t /*output_token*/ + ); + +OM_uint32 gss_context_time + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + OM_uint32 * /*time_rec*/ + ); + +OM_uint32 gss_get_mic + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*message_buffer*/, + gss_buffer_t /*message_token*/ + ); + +OM_uint32 gss_verify_mic + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t /*message_buffer*/, + const gss_buffer_t /*token_buffer*/, + gss_qop_t * /*qop_state*/ + ); + +OM_uint32 gss_wrap + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*input_message_buffer*/, + int * /*conf_state*/, + gss_buffer_t /*output_message_buffer*/ + ); + +OM_uint32 gss_unwrap + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*output_message_buffer*/, + int * /*conf_state*/, + gss_qop_t * /*qop_state*/ + ); + +OM_uint32 gss_display_status + (OM_uint32 * /*minor_status*/, + OM_uint32 /*status_value*/, + int /*status_type*/, + const gss_OID /*mech_type*/, + OM_uint32 * /*message_context*/, + gss_buffer_t /*status_string*/ + ); + +OM_uint32 gss_indicate_mechs + (OM_uint32 * /*minor_status*/, + gss_OID_set * /*mech_set*/ + ); + +OM_uint32 gss_compare_name + (OM_uint32 * /*minor_status*/, + const gss_name_t /*name1*/, + const gss_name_t /*name2*/, + int * /*name_equal*/ + ); + +OM_uint32 gss_display_name + (OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_buffer_t /*output_name_buffer*/, + gss_OID * /*output_name_type*/ + ); + +OM_uint32 gss_import_name + (OM_uint32 * /*minor_status*/, + const gss_buffer_t /*input_name_buffer*/, + const gss_OID /*input_name_type*/, + gss_name_t * /*output_name*/ + ); + +OM_uint32 gss_export_name + (OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_buffer_t /*exported_name*/ + ); + +OM_uint32 gss_release_name + (OM_uint32 * /*minor_status*/, + gss_name_t * /*input_name*/ + ); + +OM_uint32 gss_release_buffer + (OM_uint32 * /*minor_status*/, + gss_buffer_t /*buffer*/ + ); + +OM_uint32 gss_release_oid_set + (OM_uint32 * /*minor_status*/, + gss_OID_set * /*set*/ + ); + +OM_uint32 gss_inquire_cred + (OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*cred_handle*/, + gss_name_t * /*name*/, + OM_uint32 * /*lifetime*/, + gss_cred_usage_t * /*cred_usage*/, + gss_OID_set * /*mechanisms*/ + ); + +OM_uint32 gss_inquire_context ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + gss_name_t * /*src_name*/, + gss_name_t * /*targ_name*/, + OM_uint32 * /*lifetime_rec*/, + gss_OID * /*mech_type*/, + OM_uint32 * /*ctx_flags*/, + int * /*locally_initiated*/, + int * /*open_context*/ + ); + +OM_uint32 gss_wrap_size_limit ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + OM_uint32 /*req_output_size*/, + OM_uint32 * /*max_input_size*/ + ); + +OM_uint32 gss_add_cred ( + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*input_cred_handle*/, + const gss_name_t /*desired_name*/, + const gss_OID /*desired_mech*/, + gss_cred_usage_t /*cred_usage*/, + OM_uint32 /*initiator_time_req*/, + OM_uint32 /*acceptor_time_req*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * /*initiator_time_rec*/, + OM_uint32 * /*acceptor_time_rec*/ + ); + +OM_uint32 gss_inquire_cred_by_mech ( + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*cred_handle*/, + const gss_OID /*mech_type*/, + gss_name_t * /*name*/, + OM_uint32 * /*initiator_lifetime*/, + OM_uint32 * /*acceptor_lifetime*/, + gss_cred_usage_t * /*cred_usage*/ + ); + +OM_uint32 gss_export_sec_context ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + gss_buffer_t /*interprocess_token*/ + ); + +OM_uint32 gss_import_sec_context ( + OM_uint32 * /*minor_status*/, + const gss_buffer_t /*interprocess_token*/, + gss_ctx_id_t * /*context_handle*/ + ); + +OM_uint32 gss_create_empty_oid_set ( + OM_uint32 * /*minor_status*/, + gss_OID_set * /*oid_set*/ + ); + +OM_uint32 gss_add_oid_set_member ( + OM_uint32 * /*minor_status*/, + const gss_OID /*member_oid*/, + gss_OID_set * /*oid_set*/ + ); + +OM_uint32 gss_test_oid_set_member ( + OM_uint32 * /*minor_status*/, + const gss_OID /*member*/, + const gss_OID_set /*set*/, + int * /*present*/ + ); + +OM_uint32 gss_inquire_names_for_mech ( + OM_uint32 * /*minor_status*/, + const gss_OID /*mechanism*/, + gss_OID_set * /*name_types*/ + ); + +OM_uint32 gss_inquire_mechs_for_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_OID_set * /*mech_types*/ + ); + +OM_uint32 gss_canonicalize_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + const gss_OID /*mech_type*/, + gss_name_t * /*output_name*/ + ); + +OM_uint32 gss_duplicate_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*src_name*/, + gss_name_t * /*dest_name*/ + ); + +OM_uint32 gss_duplicate_oid ( + OM_uint32 * /* minor_status */, + gss_OID /* src_oid */, + gss_OID * /* dest_oid */ + ); +OM_uint32 +gss_release_oid + (OM_uint32 * /*minor_status*/, + gss_OID * /* oid */ + ); + +OM_uint32 +gss_oid_to_str( + OM_uint32 * /*minor_status*/, + gss_OID /* oid */, + gss_buffer_t /* str */ + ); + +OM_uint32 +gss_inquire_sec_context_by_oid( + OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set + ); + +OM_uint32 +gss_set_sec_context_option (OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID desired_object, + const gss_buffer_t value); + +OM_uint32 +gss_set_cred_option (OM_uint32 *minor_status, + gss_cred_id_t *cred_handle, + const gss_OID object, + const gss_buffer_t value); + +int +gss_oid_equal(const gss_OID a, const gss_OID b); + +OM_uint32 +gss_create_empty_buffer_set + (OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set); + +OM_uint32 +gss_add_buffer_set_member + (OM_uint32 * minor_status, + const gss_buffer_t member_buffer, + gss_buffer_set_t *buffer_set); + +OM_uint32 +gss_release_buffer_set + (OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set); + +OM_uint32 +gss_inquire_cred_by_oid(OM_uint32 *minor_status, + const gss_cred_id_t cred_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set); + +/* + * The following routines are obsolete variants of gss_get_mic, + * gss_verify_mic, gss_wrap and gss_unwrap. They should be + * provided by GSSAPI V2 implementations for backwards + * compatibility with V1 applications. Distinct entrypoints + * (as opposed to #defines) should be provided, both to allow + * GSSAPI V1 applications to link against GSSAPI V2 implementations, + * and to retain the slight parameter type differences between the + * obsolete versions of these routines and their current forms. + */ + +OM_uint32 gss_sign + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*qop_req*/, + gss_buffer_t /*message_buffer*/, + gss_buffer_t /*message_token*/ + ); + +OM_uint32 gss_verify + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + gss_buffer_t /*message_buffer*/, + gss_buffer_t /*token_buffer*/, + int * /*qop_state*/ + ); + +OM_uint32 gss_seal + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + int /*qop_req*/, + gss_buffer_t /*input_message_buffer*/, + int * /*conf_state*/, + gss_buffer_t /*output_message_buffer*/ + ); + +OM_uint32 gss_unseal + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*output_message_buffer*/, + int * /*conf_state*/, + int * /*qop_state*/ + ); + +/* + * + */ + +OM_uint32 +gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set); + +OM_uint32 +gss_encapsulate_token(gss_buffer_t /* input_token */, + gss_OID /* oid */, + gss_buffer_t /* output_token */); + +OM_uint32 +gss_decapsulate_token(gss_buffer_t /* input_token */, + gss_OID /* oid */, + gss_buffer_t /* output_token */); + + + +#ifdef __cplusplus +} +#endif + +#include +#include + +#endif /* GSSAPI_GSSAPI_H_ */ diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h new file mode 100644 index 0000000000..8c025c8366 --- /dev/null +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h @@ -0,0 +1,209 @@ +/* + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: gssapi_krb5.h,v 1.10 2006/10/20 22:04:03 lha Exp $ */ + +#ifndef GSSAPI_KRB5_H_ +#define GSSAPI_KRB5_H_ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * This is for kerberos5 names. + */ + +extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME; +extern gss_OID GSS_KRB5_NT_USER_NAME; +extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME; +extern gss_OID GSS_KRB5_NT_STRING_UID_NAME; + +extern gss_OID GSS_KRB5_MECHANISM; + +/* for compatibility with MIT api */ + +#define gss_mech_krb5 GSS_KRB5_MECHANISM +#define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME + +/* Extensions set contexts options */ +extern gss_OID GSS_KRB5_COPY_CCACHE_X; +extern gss_OID GSS_KRB5_COMPAT_DES3_MIC_X; +extern gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X; +extern gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X; +extern gss_OID GSS_KRB5_SEND_TO_KDC_X; +/* Extensions inquire context */ +extern gss_OID GSS_KRB5_GET_TKT_FLAGS_X; +extern gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X; +extern gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO; +extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X; +extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X; +extern gss_OID GSS_KRB5_GET_SUBKEY_X; +extern gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X; +extern gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X; +extern gss_OID GSS_KRB5_GET_AUTHTIME_X; +extern gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X; +/* Extensions creds */ +extern gss_OID GSS_KRB5_IMPORT_CRED_X; + +/* + * kerberos mechanism specific functions + */ + +struct krb5_keytab_data; +struct krb5_ccache_data; +struct Principal; + +OM_uint32 +gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, + const char * /*name */, + const char ** /*out_name */); + +OM_uint32 gsskrb5_register_acceptor_identity + (const char */*identity*/); + +OM_uint32 gss_krb5_copy_ccache + (OM_uint32 */*minor*/, + gss_cred_id_t /*cred*/, + struct krb5_ccache_data */*out*/); + +OM_uint32 +gss_krb5_import_cred(OM_uint32 */*minor*/, + struct krb5_ccache_data * /*in*/, + struct Principal * /*keytab_principal*/, + struct krb5_keytab_data * /*keytab*/, + gss_cred_id_t */*out*/); + +OM_uint32 gss_krb5_get_tkt_flags + (OM_uint32 */*minor*/, + gss_ctx_id_t /*context_handle*/, + OM_uint32 */*tkt_flags*/); + +OM_uint32 +gsskrb5_extract_authz_data_from_sec_context + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*ad_type*/, + gss_buffer_t /*ad_data*/); + +OM_uint32 +gsskrb5_set_dns_canonicalize(int); + +struct gsskrb5_send_to_kdc { + void *func; + void *ptr; +}; + +OM_uint32 +gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *); + +OM_uint32 +gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *); + +struct EncryptionKey; + +OM_uint32 +gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + struct EncryptionKey **out); +OM_uint32 +gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + struct EncryptionKey **out); +OM_uint32 +gsskrb5_get_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + struct EncryptionKey **out); + +/* + * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to + * do GSS content token handling in-kernel. + */ + +typedef struct gss_krb5_lucid_key { + OM_uint32 type; + OM_uint32 length; + void * data; +} gss_krb5_lucid_key_t; + +typedef struct gss_krb5_rfc1964_keydata { + OM_uint32 sign_alg; + OM_uint32 seal_alg; + gss_krb5_lucid_key_t ctx_key; +} gss_krb5_rfc1964_keydata_t; + +typedef struct gss_krb5_cfx_keydata { + OM_uint32 have_acceptor_subkey; + gss_krb5_lucid_key_t ctx_key; + gss_krb5_lucid_key_t acceptor_subkey; +} gss_krb5_cfx_keydata_t; + +typedef struct gss_krb5_lucid_context_v1 { + OM_uint32 version; + OM_uint32 initiate; + OM_uint32 endtime; + OM_uint64 send_seq; + OM_uint64 recv_seq; + OM_uint32 protocol; + gss_krb5_rfc1964_keydata_t rfc1964_kd; + gss_krb5_cfx_keydata_t cfx_kd; +} gss_krb5_lucid_context_v1_t; + +typedef struct gss_krb5_lucid_context_version { + OM_uint32 version; /* Structure version number */ +} gss_krb5_lucid_context_version_t; + +/* + * Function declarations + */ + +OM_uint32 +gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + OM_uint32 version, + void **kctx); + + +OM_uint32 +gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, + void *kctx); + + + +#ifdef __cplusplus +} +#endif + +#endif /* GSSAPI_SPNEGO_H_ */ diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h new file mode 100644 index 0000000000..0a856e39aa --- /dev/null +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: gssapi_spnego.h,v 1.1 2006/10/07 22:26:21 lha Exp $ */ + +#ifndef GSSAPI_SPNEGO_H_ +#define GSSAPI_SPNEGO_H_ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * RFC2478, SPNEGO: + * The security mechanism of the initial + * negotiation token is identified by the Object Identifier + * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). + */ +extern gss_OID GSS_SPNEGO_MECHANISM; +#define gss_mech_spnego GSS_SPNEGO_MECHANISM + +#ifdef __cplusplus +} +#endif + +#endif /* GSSAPI_SPNEGO_H_ */ diff --git a/source4/heimdal/lib/gssapi/gssapi_locl.h b/source4/heimdal/lib/gssapi/gssapi_locl.h deleted file mode 100644 index 81169a8500..0000000000 --- a/source4/heimdal/lib/gssapi/gssapi_locl.h +++ /dev/null @@ -1,315 +0,0 @@ -/* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: gssapi_locl.h,v 1.45 2006/05/04 11:56:14 lha Exp $ */ - -#ifndef GSSAPI_LOCL_H -#define GSSAPI_LOCL_H - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include -#include - -#include "cfx.h" -#include "arcfour.h" - -#include "spnego_asn1.h" - -/* - * - */ - -struct gss_msg_order; - -typedef struct gss_ctx_id_t_desc_struct { - struct krb5_auth_context_data *auth_context; - gss_name_t source, target; - enum gss_ctx_id_t_state { - INITIATOR_START = 1, INITIATOR_WAIT_FOR_MUTAL = 2, INITIATOR_READY= 3, - ACCEPTOR_START = 11, ACCEPTOR_WAIT_FOR_DCESTYLE = 12, ACCEPTOR_READY = 13 - } state; - OM_uint32 flags; - enum {LOCAL = 1, - OPEN = 2, - COMPAT_OLD_DES3 = 4, - COMPAT_OLD_DES3_SELECTED = 8, - ACCEPTOR_SUBKEY = 16 - } more_flags; - struct krb5_ticket *ticket; - krb5_keyblock *service_keyblock; - krb5_data fwd_data; - OM_uint32 lifetime; - HEIMDAL_MUTEX ctx_id_mutex; - struct gss_msg_order *order; -} gss_ctx_id_t_desc; - -typedef struct gss_cred_id_t_desc_struct { - gss_name_t principal; - int cred_flags; -#define GSS_CF_DESTROY_CRED_ON_RELEASE 1 - struct krb5_keytab_data *keytab; - OM_uint32 lifetime; - gss_cred_usage_t usage; - gss_OID_set mechanisms; - struct krb5_ccache_data *ccache; - HEIMDAL_MUTEX cred_id_mutex; -} gss_cred_id_t_desc; - -/* - * - */ - -extern krb5_context gssapi_krb5_context; - -extern krb5_keytab gssapi_krb5_keytab; -extern HEIMDAL_MUTEX gssapi_keytab_mutex; - -struct gssapi_thr_context { - HEIMDAL_MUTEX mutex; - char *error_string; -}; - -/* - * Prototypes - */ - -krb5_error_code gssapi_krb5_init (void); - -krb5_error_code gssapi_krb5_init_ev (void *); - -#define GSSAPI_KRB5_INIT() do { \ - krb5_error_code kret_gss_init; \ - if((kret_gss_init = gssapi_krb5_init ()) != 0) { \ - *minor_status = kret_gss_init; \ - return GSS_S_FAILURE; \ - } \ -} while (0) - -struct gssapi_thr_context * -gssapi_get_thread_context(int); - -OM_uint32 -_gsskrb5_create_ctx( - OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - const gss_channel_bindings_t input_chan_bindings, - enum gss_ctx_id_t_state state); - -void -gsskrb5_is_cfx(gss_ctx_id_t, int *); - -OM_uint32 -gssapi_krb5_create_8003_checksum ( - OM_uint32 *minor_status, - const gss_channel_bindings_t input_chan_bindings, - OM_uint32 flags, - const krb5_data *fwd_data, - Checksum *result); - -OM_uint32 -gssapi_krb5_verify_8003_checksum ( - OM_uint32 *minor_status, - const gss_channel_bindings_t input_chan_bindings, - const Checksum *cksum, - OM_uint32 *flags, - krb5_data *fwd_data); - -void -_gssapi_encap_length (size_t data_len, - size_t *len, - size_t *total_len, - const gss_OID mech); - -void -gssapi_krb5_encap_length (size_t data_len, - size_t *len, - size_t *total_len, - const gss_OID mech); - - - -OM_uint32 -_gssapi_encapsulate(OM_uint32 *minor_status, - const krb5_data *in_data, - gss_buffer_t output_token, - const gss_OID mech); - - -OM_uint32 -gssapi_krb5_encapsulate(OM_uint32 *minor_status, - const krb5_data *in_data, - gss_buffer_t output_token, - const u_char *type, - const gss_OID mech); - -OM_uint32 -gssapi_krb5_decapsulate(OM_uint32 *minor_status, - gss_buffer_t input_token_buffer, - krb5_data *out_data, - const char *type, - gss_OID oid); - -u_char * -gssapi_krb5_make_header (u_char *p, - size_t len, - const u_char *type, - const gss_OID mech); - -u_char * -_gssapi_make_mech_header(u_char *p, - size_t len, - const gss_OID mech); - -OM_uint32 -_gssapi_verify_mech_header(u_char **str, - size_t total_len, - gss_OID oid); - -OM_uint32 -gssapi_krb5_verify_header(u_char **str, - size_t total_len, - const u_char *type, - gss_OID oid); - -OM_uint32 -_gssapi_decapsulate(OM_uint32 *minor_status, - gss_buffer_t input_token_buffer, - krb5_data *out_data, - const gss_OID mech); - - -ssize_t -gssapi_krb5_get_mech (const u_char *, size_t, const u_char **); - -OM_uint32 -_gssapi_verify_pad(gss_buffer_t, size_t, size_t *); - -OM_uint32 -gss_verify_mic_internal(OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state, - char * type); - -OM_uint32 -gss_krb5_get_subkey(const gss_ctx_id_t context_handle, - krb5_keyblock **key); - -krb5_error_code -gss_address_to_krb5addr(OM_uint32 gss_addr_type, - gss_buffer_desc *gss_addr, - int16_t port, - krb5_address *address); - -/* sec_context flags */ - -#define SC_LOCAL_ADDRESS 0x01 -#define SC_REMOTE_ADDRESS 0x02 -#define SC_KEYBLOCK 0x04 -#define SC_LOCAL_SUBKEY 0x08 -#define SC_REMOTE_SUBKEY 0x10 - -int -gss_oid_equal(const gss_OID a, const gss_OID b); - -void -gssapi_krb5_clear_status (void); - -void -gssapi_krb5_set_status (const char *fmt, ...); - -void -gssapi_krb5_set_error_string (void); - -char * -gssapi_krb5_get_error_string (void); - -OM_uint32 -_gss_DES3_get_mic_compat(OM_uint32 *, gss_ctx_id_t); - -OM_uint32 -_gss_spnego_require_mechlist_mic(OM_uint32 *, gss_ctx_id_t, krb5_boolean *); - -krb5_error_code -_gss_check_compat(OM_uint32 *, gss_name_t, const char *, - krb5_boolean *, krb5_boolean); - -OM_uint32 -gssapi_lifetime_left(OM_uint32 *, OM_uint32, OM_uint32 *); - -OM_uint32 -_gssapi_krb5_ccache_lifetime(OM_uint32 *, krb5_ccache, - krb5_principal, OM_uint32 *); - -/* sequence */ - -OM_uint32 -_gssapi_msg_order_create(OM_uint32 *, struct gss_msg_order **, - OM_uint32, OM_uint32, OM_uint32, int); -OM_uint32 -_gssapi_msg_order_destroy(struct gss_msg_order **); - -OM_uint32 -_gssapi_msg_order_check(struct gss_msg_order *, OM_uint32); - -OM_uint32 -_gssapi_msg_order_f(OM_uint32); - -OM_uint32 -_gssapi_msg_order_import(OM_uint32 *, krb5_storage *, - struct gss_msg_order **); - -krb5_error_code -_gssapi_msg_order_export(krb5_storage *, struct gss_msg_order *); - - -/* 8003 */ - -krb5_error_code -gssapi_encode_om_uint32(OM_uint32, u_char *); - -krb5_error_code -gssapi_encode_be_om_uint32(OM_uint32, u_char *); - -krb5_error_code -gssapi_decode_om_uint32(const void *, OM_uint32 *); - -krb5_error_code -gssapi_decode_be_om_uint32(const void *, OM_uint32 *); - -#endif diff --git a/source4/heimdal/lib/gssapi/gssapi_mech.h b/source4/heimdal/lib/gssapi/gssapi_mech.h new file mode 100644 index 0000000000..a05919b510 --- /dev/null +++ b/source4/heimdal/lib/gssapi/gssapi_mech.h @@ -0,0 +1,348 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/mech_switch.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#ifndef GSSAPI_MECH_H +#define GSSAPI_MECH_H 1 + +#include + +typedef OM_uint32 _gss_acquire_cred_t + (OM_uint32 *, /* minor_status */ + const gss_name_t, /* desired_name */ + OM_uint32, /* time_req */ + const gss_OID_set, /* desired_mechs */ + gss_cred_usage_t, /* cred_usage */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 * /* time_rec */ + ); + +typedef OM_uint32 _gss_release_cred_t + (OM_uint32 *, /* minor_status */ + gss_cred_id_t * /* cred_handle */ + ); + +typedef OM_uint32 _gss_init_sec_context_t + (OM_uint32 *, /* minor_status */ + const gss_cred_id_t, /* initiator_cred_handle */ + gss_ctx_id_t *, /* context_handle */ + const gss_name_t, /* target_name */ + const gss_OID, /* mech_type */ + OM_uint32, /* req_flags */ + OM_uint32, /* time_req */ + const gss_channel_bindings_t, + /* input_chan_bindings */ + const gss_buffer_t, /* input_token */ + gss_OID *, /* actual_mech_type */ + gss_buffer_t, /* output_token */ + OM_uint32 *, /* ret_flags */ + OM_uint32 * /* time_rec */ + ); + +typedef OM_uint32 _gss_accept_sec_context_t + (OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + const gss_cred_id_t, /* acceptor_cred_handle */ + const gss_buffer_t, /* input_token_buffer */ + const gss_channel_bindings_t, + /* input_chan_bindings */ + gss_name_t *, /* src_name */ + gss_OID *, /* mech_type */ + gss_buffer_t, /* output_token */ + OM_uint32 *, /* ret_flags */ + OM_uint32 *, /* time_rec */ + gss_cred_id_t * /* delegated_cred_handle */ + ); + +typedef OM_uint32 _gss_process_context_token_t + (OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + const gss_buffer_t /* token_buffer */ + ); + +typedef OM_uint32 _gss_delete_sec_context_t + (OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + gss_buffer_t /* output_token */ + ); + +typedef OM_uint32 _gss_context_time_t + (OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + OM_uint32 * /* time_rec */ + ); + +typedef OM_uint32 _gss_get_mic_t + (OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + gss_qop_t, /* qop_req */ + const gss_buffer_t, /* message_buffer */ + gss_buffer_t /* message_token */ + ); + +typedef OM_uint32 _gss_verify_mic_t + (OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + const gss_buffer_t, /* message_buffer */ + const gss_buffer_t, /* token_buffer */ + gss_qop_t * /* qop_state */ + ); + +typedef OM_uint32 _gss_wrap_t + (OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + const gss_buffer_t, /* input_message_buffer */ + int *, /* conf_state */ + gss_buffer_t /* output_message_buffer */ + ); + +typedef OM_uint32 _gss_unwrap_t + (OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + const gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* output_message_buffer */ + int *, /* conf_state */ + gss_qop_t * /* qop_state */ + ); + +typedef OM_uint32 _gss_display_status_t + (OM_uint32 *, /* minor_status */ + OM_uint32, /* status_value */ + int, /* status_type */ + const gss_OID, /* mech_type */ + OM_uint32 *, /* message_context */ + gss_buffer_t /* status_string */ + ); + +typedef OM_uint32 _gss_indicate_mechs_t + (OM_uint32 *, /* minor_status */ + gss_OID_set * /* mech_set */ + ); + +typedef OM_uint32 _gss_compare_name_t + (OM_uint32 *, /* minor_status */ + const gss_name_t, /* name1 */ + const gss_name_t, /* name2 */ + int * /* name_equal */ + ); + +typedef OM_uint32 _gss_display_name_t + (OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + gss_buffer_t, /* output_name_buffer */ + gss_OID * /* output_name_type */ + ); + +typedef OM_uint32 _gss_import_name_t + (OM_uint32 *, /* minor_status */ + const gss_buffer_t, /* input_name_buffer */ + const gss_OID, /* input_name_type */ + gss_name_t * /* output_name */ + ); + +typedef OM_uint32 _gss_export_name_t + (OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + gss_buffer_t /* exported_name */ + ); + +typedef OM_uint32 _gss_release_name_t + (OM_uint32 *, /* minor_status */ + gss_name_t * /* input_name */ + ); + +typedef OM_uint32 _gss_inquire_cred_t + (OM_uint32 *, /* minor_status */ + const gss_cred_id_t, /* cred_handle */ + gss_name_t *, /* name */ + OM_uint32 *, /* lifetime */ + gss_cred_usage_t *, /* cred_usage */ + gss_OID_set * /* mechanisms */ + ); + +typedef OM_uint32 _gss_inquire_context_t + (OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + gss_name_t *, /* src_name */ + gss_name_t *, /* targ_name */ + OM_uint32 *, /* lifetime_rec */ + gss_OID *, /* mech_type */ + OM_uint32 *, /* ctx_flags */ + int *, /* locally_initiated */ + int * /* open */ + ); + +typedef OM_uint32 _gss_wrap_size_limit_t + (OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + OM_uint32, /* req_output_size */ + OM_uint32 * /* max_input_size */ + ); + +typedef OM_uint32 _gss_add_cred_t ( + OM_uint32 *, /* minor_status */ + const gss_cred_id_t, /* input_cred_handle */ + const gss_name_t, /* desired_name */ + const gss_OID, /* desired_mech */ + gss_cred_usage_t, /* cred_usage */ + OM_uint32, /* initiator_time_req */ + OM_uint32, /* acceptor_time_req */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 *, /* initiator_time_rec */ + OM_uint32 * /* acceptor_time_rec */ + ); + +typedef OM_uint32 _gss_inquire_cred_by_mech_t ( + OM_uint32 *, /* minor_status */ + const gss_cred_id_t, /* cred_handle */ + const gss_OID, /* mech_type */ + gss_name_t *, /* name */ + OM_uint32 *, /* initiator_lifetime */ + OM_uint32 *, /* acceptor_lifetime */ + gss_cred_usage_t * /* cred_usage */ + ); + +typedef OM_uint32 _gss_export_sec_context_t ( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + gss_buffer_t /* interprocess_token */ + ); + +typedef OM_uint32 _gss_import_sec_context_t ( + OM_uint32 *, /* minor_status */ + const gss_buffer_t, /* interprocess_token */ + gss_ctx_id_t * /* context_handle */ + ); + +typedef OM_uint32 _gss_inquire_names_for_mech_t ( + OM_uint32 *, /* minor_status */ + const gss_OID, /* mechanism */ + gss_OID_set * /* name_types */ + ); + +typedef OM_uint32 _gss_inquire_mechs_for_name_t ( + OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + gss_OID_set * /* mech_types */ + ); + +typedef OM_uint32 _gss_canonicalize_name_t ( + OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + const gss_OID, /* mech_type */ + gss_name_t * /* output_name */ + ); + +typedef OM_uint32 _gss_duplicate_name_t ( + OM_uint32 *, /* minor_status */ + const gss_name_t, /* src_name */ + gss_name_t * /* dest_name */ + ); + +typedef OM_uint32 _gss_inquire_sec_context_by_oid ( + OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set + ); + +typedef OM_uint32 _gss_inquire_cred_by_oid ( + OM_uint32 *minor_status, + const gss_cred_id_t cred, + const gss_OID desired_object, + gss_buffer_set_t *data_set + ); + +typedef OM_uint32 _gss_set_sec_context_option ( + OM_uint32 *minor_status, + gss_ctx_id_t *cred_handle, + const gss_OID desired_object, + const gss_buffer_t value + ); + +typedef OM_uint32 _gss_set_cred_option ( + OM_uint32 *minor_status, + gss_cred_id_t *cred_handle, + const gss_OID desired_object, + const gss_buffer_t value + ); + + +#define GMI_VERSION 1 + +typedef struct gssapi_mech_interface_desc { + unsigned gm_version; + const char *gm_name; + gss_OID_desc gm_mech_oid; + _gss_acquire_cred_t *gm_acquire_cred; + _gss_release_cred_t *gm_release_cred; + _gss_init_sec_context_t *gm_init_sec_context; + _gss_accept_sec_context_t *gm_accept_sec_context; + _gss_process_context_token_t *gm_process_context_token; + _gss_delete_sec_context_t *gm_delete_sec_context; + _gss_context_time_t *gm_context_time; + _gss_get_mic_t *gm_get_mic; + _gss_verify_mic_t *gm_verify_mic; + _gss_wrap_t *gm_wrap; + _gss_unwrap_t *gm_unwrap; + _gss_display_status_t *gm_display_status; + _gss_indicate_mechs_t *gm_indicate_mechs; + _gss_compare_name_t *gm_compare_name; + _gss_display_name_t *gm_display_name; + _gss_import_name_t *gm_import_name; + _gss_export_name_t *gm_export_name; + _gss_release_name_t *gm_release_name; + _gss_inquire_cred_t *gm_inquire_cred; + _gss_inquire_context_t *gm_inquire_context; + _gss_wrap_size_limit_t *gm_wrap_size_limit; + _gss_add_cred_t *gm_add_cred; + _gss_inquire_cred_by_mech_t *gm_inquire_cred_by_mech; + _gss_export_sec_context_t *gm_export_sec_context; + _gss_import_sec_context_t *gm_import_sec_context; + _gss_inquire_names_for_mech_t *gm_inquire_names_for_mech; + _gss_inquire_mechs_for_name_t *gm_inquire_mechs_for_name; + _gss_canonicalize_name_t *gm_canonicalize_name; + _gss_duplicate_name_t *gm_duplicate_name; + _gss_inquire_sec_context_by_oid *gm_inquire_sec_context_by_oid; + _gss_inquire_cred_by_oid *gm_inquire_cred_by_oid; + _gss_set_sec_context_option *gm_set_sec_context_option; + _gss_set_cred_option *gm_set_cred_option; +} gssapi_mech_interface_desc, *gssapi_mech_interface; + +gssapi_mech_interface +__gss_get_mechanism(gss_OID /* oid */); + +gssapi_mech_interface __gss_spnego_initialize(void); +gssapi_mech_interface __gss_krb5_initialize(void); + +#endif /* GSSAPI_MECH_H */ diff --git a/source4/heimdal/lib/gssapi/import_name.c b/source4/heimdal/lib/gssapi/import_name.c deleted file mode 100644 index d393aa1a51..0000000000 --- a/source4/heimdal/lib/gssapi/import_name.c +++ /dev/null @@ -1,230 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: import_name.c,v 1.14 2006/02/15 11:59:10 lha Exp $"); - -static OM_uint32 -parse_krb5_name (OM_uint32 *minor_status, - const char *name, - gss_name_t *output_name) -{ - krb5_error_code kerr; - - kerr = krb5_parse_name (gssapi_krb5_context, name, output_name); - - if (kerr == 0) - return GSS_S_COMPLETE; - else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { - gssapi_krb5_set_error_string (); - *minor_status = kerr; - return GSS_S_BAD_NAME; - } else { - gssapi_krb5_set_error_string (); - *minor_status = kerr; - return GSS_S_FAILURE; - } -} - -static OM_uint32 -import_krb5_name (OM_uint32 *minor_status, - const gss_buffer_t input_name_buffer, - gss_name_t *output_name) -{ - OM_uint32 ret; - char *tmp; - - tmp = malloc (input_name_buffer->length + 1); - if (tmp == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy (tmp, - input_name_buffer->value, - input_name_buffer->length); - tmp[input_name_buffer->length] = '\0'; - - ret = parse_krb5_name(minor_status, tmp, output_name); - free(tmp); - - return ret; -} - -static OM_uint32 -import_hostbased_name (OM_uint32 *minor_status, - const gss_buffer_t input_name_buffer, - gss_name_t *output_name) -{ - krb5_error_code kerr; - char *tmp; - char *p; - char *host; - char local_hostname[MAXHOSTNAMELEN]; - - *output_name = NULL; - - tmp = malloc (input_name_buffer->length + 1); - if (tmp == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy (tmp, - input_name_buffer->value, - input_name_buffer->length); - tmp[input_name_buffer->length] = '\0'; - - p = strchr (tmp, '@'); - if (p != NULL) { - *p = '\0'; - host = p + 1; - } else { - if (gethostname(local_hostname, sizeof(local_hostname)) < 0) { - *minor_status = errno; - free (tmp); - return GSS_S_FAILURE; - } - host = local_hostname; - } - - kerr = krb5_sname_to_principal (gssapi_krb5_context, - host, - tmp, - KRB5_NT_SRV_HST, - output_name); - free (tmp); - *minor_status = kerr; - if (kerr == 0) - return GSS_S_COMPLETE; - else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { - gssapi_krb5_set_error_string (); - *minor_status = kerr; - return GSS_S_BAD_NAME; - } else { - gssapi_krb5_set_error_string (); - *minor_status = kerr; - return GSS_S_FAILURE; - } -} - -static OM_uint32 -import_export_name (OM_uint32 *minor_status, - const gss_buffer_t input_name_buffer, - gss_name_t *output_name) -{ - unsigned char *p; - uint32_t length; - OM_uint32 ret; - char *name; - - if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length) - return GSS_S_BAD_NAME; - - /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */ - - p = input_name_buffer->value; - - if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 || - p[3] != GSS_KRB5_MECHANISM->length + 2 || - p[4] != 0x06 || - p[5] != GSS_KRB5_MECHANISM->length || - memcmp(&p[6], GSS_KRB5_MECHANISM->elements, - GSS_KRB5_MECHANISM->length) != 0) - return GSS_S_BAD_NAME; - - p += 6 + GSS_KRB5_MECHANISM->length; - - length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3]; - p += 4; - - if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length) - return GSS_S_BAD_NAME; - - name = malloc(length + 1); - if (name == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy(name, p, length); - name[length] = '\0'; - - ret = parse_krb5_name(minor_status, name, output_name); - free(name); - - return ret; -} - -int -gss_oid_equal(const gss_OID a, const gss_OID b) -{ - if (a == b) - return 1; - else if (a == GSS_C_NO_OID || b == GSS_C_NO_OID || a->length != b->length) - return 0; - else - return memcmp(a->elements, b->elements, a->length) == 0; -} - -OM_uint32 gss_import_name - (OM_uint32 * minor_status, - const gss_buffer_t input_name_buffer, - const gss_OID input_name_type, - gss_name_t * output_name - ) -{ - GSSAPI_KRB5_INIT (); - - *minor_status = 0; - *output_name = GSS_C_NO_NAME; - - if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE) || - gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE_X)) - return import_hostbased_name (minor_status, - input_name_buffer, - output_name); - else if (gss_oid_equal(input_name_type, GSS_C_NO_OID) - || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME) - || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) - /* default printable syntax */ - return import_krb5_name (minor_status, - input_name_buffer, - output_name); - else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) { - return import_export_name(minor_status, - input_name_buffer, - output_name); - } else { - *minor_status = 0; - return GSS_S_BAD_NAMETYPE; - } -} diff --git a/source4/heimdal/lib/gssapi/init.c b/source4/heimdal/lib/gssapi/init.c deleted file mode 100644 index 11d7c9bb9f..0000000000 --- a/source4/heimdal/lib/gssapi/init.c +++ /dev/null @@ -1,151 +0,0 @@ -/* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: init.c,v 1.7 2003/07/22 19:50:11 lha Exp $"); - -#ifdef _SAMBA_BUILD_ -#include "auth/kerberos/krb5_init_context.h" -#endif - -static HEIMDAL_MUTEX gssapi_krb5_context_mutex = HEIMDAL_MUTEX_INITIALIZER; -static int created_key; -static HEIMDAL_thread_key gssapi_context_key; - -static void -gssapi_destroy_thread_context(void *ptr) -{ - struct gssapi_thr_context *ctx = ptr; - - if (ctx == NULL) - return; - if (ctx->error_string) - free(ctx->error_string); - HEIMDAL_MUTEX_destroy(&ctx->mutex); - free(ctx); -} - - -struct gssapi_thr_context * -gssapi_get_thread_context(int createp) -{ - struct gssapi_thr_context *ctx; - int ret; - - HEIMDAL_MUTEX_lock(&gssapi_krb5_context_mutex); - - if (!created_key) - abort(); - ctx = HEIMDAL_getspecific(gssapi_context_key); - if (ctx == NULL) { - if (!createp) - goto fail; - ctx = malloc(sizeof(*ctx)); - if (ctx == NULL) - goto fail; - ctx->error_string = NULL; - HEIMDAL_MUTEX_init(&ctx->mutex); - HEIMDAL_setspecific(gssapi_context_key, ctx, ret); - if (ret) - goto fail; - } - HEIMDAL_MUTEX_unlock(&gssapi_krb5_context_mutex); - return ctx; - fail: - HEIMDAL_MUTEX_unlock(&gssapi_krb5_context_mutex); - if (ctx) - free(ctx); - return NULL; -} - -#ifdef _SAMBA_BUILD_ -/* Init krb5 with an event context. Disgusting Samba-specific hack */ - -krb5_error_code -gssapi_krb5_init_ev (void *event_context) -{ - static struct smb_krb5_context *smb_krb5_context; - krb5_error_code ret = 0; - - HEIMDAL_MUTEX_lock(&gssapi_krb5_context_mutex); - - if(smb_krb5_context == NULL) { - ret = smb_krb5_init_context(event_context, &smb_krb5_context); - } - if (ret == 0 && !created_key) { - HEIMDAL_key_create(&gssapi_context_key, - gssapi_destroy_thread_context, - ret); - if (ret) { - smb_krb5_free_context(smb_krb5_context); - smb_krb5_context = NULL; - } else - created_key = 1; - } - if (ret == 0) { - gssapi_krb5_context = smb_krb5_context->krb5_context; - } - - HEIMDAL_MUTEX_unlock(&gssapi_krb5_context_mutex); - return ret; -} -#endif - -krb5_error_code -gssapi_krb5_init (void) -{ - krb5_error_code ret = 0; -#ifdef _SAMBA_BUILD_ - ret = gssapi_krb5_init_ev(NULL); -#else - HEIMDAL_MUTEX_lock(&gssapi_krb5_context_mutex); - - if(gssapi_krb5_context == NULL) { - ret = krb5_init_context (&gssapi_krb5_context); - } - if (ret == 0 && !created_key) { - HEIMDAL_key_create(&gssapi_context_key, - gssapi_destroy_thread_context, - ret); - if (ret) { - krb5_free_context(gssapi_krb5_context); - gssapi_krb5_context = NULL; - } else - created_key = 1; - } - - HEIMDAL_MUTEX_unlock(&gssapi_krb5_context_mutex); -#endif - return ret; -} diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c deleted file mode 100644 index 4f0d237241..0000000000 --- a/source4/heimdal/lib/gssapi/init_sec_context.c +++ /dev/null @@ -1,1261 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: init_sec_context.c,v 1.63 2006/05/05 10:27:13 lha Exp $"); - -/* - * copy the addresses from `input_chan_bindings' (if any) to - * the auth context `ac' - */ - -static OM_uint32 -set_addresses (krb5_auth_context ac, - const gss_channel_bindings_t input_chan_bindings) -{ - /* Port numbers are expected to be in application_data.value, - * initator's port first */ - - krb5_address initiator_addr, acceptor_addr; - krb5_error_code kret; - - if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS - || input_chan_bindings->application_data.length != - 2 * sizeof(ac->local_port)) - return 0; - - memset(&initiator_addr, 0, sizeof(initiator_addr)); - memset(&acceptor_addr, 0, sizeof(acceptor_addr)); - - ac->local_port = - *(int16_t *) input_chan_bindings->application_data.value; - - ac->remote_port = - *((int16_t *) input_chan_bindings->application_data.value + 1); - - kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype, - &input_chan_bindings->acceptor_address, - ac->remote_port, - &acceptor_addr); - if (kret) - return kret; - - kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype, - &input_chan_bindings->initiator_address, - ac->local_port, - &initiator_addr); - if (kret) { - krb5_free_address (gssapi_krb5_context, &acceptor_addr); - return kret; - } - - kret = krb5_auth_con_setaddrs(gssapi_krb5_context, - ac, - &initiator_addr, /* local address */ - &acceptor_addr); /* remote address */ - - krb5_free_address (gssapi_krb5_context, &initiator_addr); - krb5_free_address (gssapi_krb5_context, &acceptor_addr); - -#if 0 - free(input_chan_bindings->application_data.value); - input_chan_bindings->application_data.value = NULL; - input_chan_bindings->application_data.length = 0; -#endif - - return kret; -} - -OM_uint32 -_gsskrb5_create_ctx( - OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - const gss_channel_bindings_t input_chan_bindings, - enum gss_ctx_id_t_state state) -{ - krb5_error_code kret; - - *context_handle = malloc(sizeof(**context_handle)); - if (*context_handle == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*context_handle)->auth_context = NULL; - (*context_handle)->source = NULL; - (*context_handle)->target = NULL; - (*context_handle)->state = state; - (*context_handle)->flags = 0; - (*context_handle)->more_flags = 0; - (*context_handle)->service_keyblock = NULL; - (*context_handle)->ticket = NULL; - krb5_data_zero(&(*context_handle)->fwd_data); - (*context_handle)->lifetime = GSS_C_INDEFINITE; - (*context_handle)->order = NULL; - HEIMDAL_MUTEX_init(&(*context_handle)->ctx_id_mutex); - - kret = krb5_auth_con_init (gssapi_krb5_context, - &(*context_handle)->auth_context); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - - HEIMDAL_MUTEX_destroy(&(*context_handle)->ctx_id_mutex); - - return GSS_S_FAILURE; - } - - kret = set_addresses((*context_handle)->auth_context, - input_chan_bindings); - if (kret) { - *minor_status = kret; - - HEIMDAL_MUTEX_destroy(&(*context_handle)->ctx_id_mutex); - - krb5_auth_con_free(gssapi_krb5_context, (*context_handle)->auth_context); - - return GSS_S_BAD_BINDINGS; - } - - /* - * We need a sequence number - */ - - krb5_auth_con_addflags(gssapi_krb5_context, - (*context_handle)->auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE, - NULL); - - return GSS_S_COMPLETE; -} - -static OM_uint32 -gsskrb5_get_creds( - OM_uint32 * minor_status, - krb5_ccache ccache, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - OM_uint32 time_req, - OM_uint32 * time_rec, - krb5_creds ** cred) -{ - OM_uint32 ret; - krb5_error_code kret; - krb5_creds this_cred; - OM_uint32 lifetime_rec; - - *cred = NULL; - - kret = krb5_cc_get_principal(gssapi_krb5_context, - ccache, - &(*context_handle)->source); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - kret = krb5_copy_principal(gssapi_krb5_context, - target_name, - &(*context_handle)->target); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - memset(&this_cred, 0, sizeof(this_cred)); - this_cred.client = (*context_handle)->source; - this_cred.server = (*context_handle)->target; - - if (time_req && time_req != GSS_C_INDEFINITE) { - krb5_timestamp ts; - - krb5_timeofday (gssapi_krb5_context, &ts); - this_cred.times.endtime = ts + time_req; - } else { - this_cred.times.endtime = 0; - } - - this_cred.session.keytype = KEYTYPE_NULL; - - kret = krb5_get_credentials(gssapi_krb5_context, - 0, - ccache, - &this_cred, - cred); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - (*context_handle)->lifetime = (*cred)->times.endtime; - - ret = gssapi_lifetime_left(minor_status, - (*context_handle)->lifetime, - &lifetime_rec); - if (ret) return ret; - - if (lifetime_rec == 0) { - *minor_status = 0; - return GSS_S_CONTEXT_EXPIRED; - } - - if (time_rec) *time_rec = lifetime_rec; - - return GSS_S_COMPLETE; -} - -static OM_uint32 -gsskrb5_initiator_ready( - OM_uint32 * minor_status, - gss_ctx_id_t * context_handle) -{ - OM_uint32 ret; - int32_t seq_number; - int is_cfx = 0; - OM_uint32 flags = (*context_handle)->flags; - - krb5_auth_getremoteseqnumber (gssapi_krb5_context, - (*context_handle)->auth_context, - &seq_number); - - gsskrb5_is_cfx(*context_handle, &is_cfx); - - ret = _gssapi_msg_order_create(minor_status, - &(*context_handle)->order, - _gssapi_msg_order_f(flags), - seq_number, 0, is_cfx); - if (ret) return ret; - - (*context_handle)->state = INITIATOR_READY; - (*context_handle)->more_flags |= OPEN; - - return GSS_S_COMPLETE; -} - -/* - * handle delegated creds in init-sec-context - */ - -static void -do_delegation (krb5_auth_context ac, - krb5_ccache ccache, - krb5_creds *cred, - const gss_name_t target_name, - krb5_data *fwd_data, - OM_uint32 *flags) -{ - krb5_creds creds; - krb5_kdc_flags fwd_flags; - krb5_error_code kret; - - memset (&creds, 0, sizeof(creds)); - krb5_data_zero (fwd_data); - - kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, &creds.client); - if (kret) - goto out; - - kret = krb5_build_principal(gssapi_krb5_context, - &creds.server, - strlen(creds.client->realm), - creds.client->realm, - KRB5_TGS_NAME, - creds.client->realm, - NULL); - if (kret) - goto out; - - creds.times.endtime = 0; - - fwd_flags.i = 0; - fwd_flags.b.forwarded = 1; - fwd_flags.b.forwardable = 1; - - if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/ - target_name->name.name_string.len < 2) - goto out; - - kret = krb5_get_forwarded_creds(gssapi_krb5_context, - ac, - ccache, - fwd_flags.i, - target_name->name.name_string.val[1], - &creds, - fwd_data); - - out: - if (kret) - *flags &= ~GSS_C_DELEG_FLAG; - else - *flags |= GSS_C_DELEG_FLAG; - - if (creds.client) - krb5_free_principal(gssapi_krb5_context, creds.client); - if (creds.server) - krb5_free_principal(gssapi_krb5_context, creds.server); -} - -/* - * first stage of init-sec-context - */ - -static OM_uint32 -gsskrb5_initiator_start -(OM_uint32 * minor_status, - krb5_ccache ccache, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec - ) -{ - OM_uint32 ret = GSS_S_FAILURE; - krb5_error_code kret; - krb5_flags ap_options; - krb5_creds *cred = NULL; - krb5_data outbuf; - OM_uint32 flags; - krb5_data authenticator; - Checksum cksum; - krb5_enctype enctype; - krb5_data fwd_data; - int is_cfx; - - krb5_data_zero(&outbuf); - krb5_data_zero(&fwd_data); - - (*context_handle)->more_flags |= LOCAL; - - /* We need to get the credentials for the requested target */ - ret = gsskrb5_get_creds(minor_status, - ccache, - context_handle, - target_name, - time_req, - time_rec, - &cred); - if (ret) return ret; - - /* - * We need to setup some compat stuff, this assumes that context_handle->target is already set - */ - ret = _gss_DES3_get_mic_compat(minor_status, *context_handle); - if (ret) return ret; - - /* We need the key and a random local subkey */ - { - kret = krb5_auth_con_setkey(gssapi_krb5_context, - (*context_handle)->auth_context, - &cred->session); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context, - (*context_handle)->auth_context, - &cred->session); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - } - - /* We need to prepare the flags used for this context */ - { - flags = 0; - ap_options = 0; - - /* - * The KDC may have issued us a service ticket marked NOT - * ok-as-delegate. We may still wish to force the matter, and to - * allow this we check a per-realm gssapi [appdefaults] config - * option. If ok-as-delegate in the config file is set to TRUE - * (default FALSE) and our caller has so requested, we will still - * attempt to forward the ticket. - * - * Otherwise, strip the GSS_C_DELEG_FLAG (so we don't attempt a - * delegation) - */ - if (!cred->flags.b.ok_as_delegate) { - krb5_boolean delegate; - - krb5_appdefault_boolean(gssapi_krb5_context, - "gssapi", target_name->realm, - "ok-as-delegate", FALSE, &delegate); - if (!delegate) - req_flags &= ~GSS_C_DELEG_FLAG; - } - - if (req_flags & GSS_C_DELEG_FLAG) { - do_delegation((*context_handle)->auth_context, - ccache, cred, target_name, &fwd_data, &flags); - } - - if (req_flags & GSS_C_MUTUAL_FLAG) { - flags |= GSS_C_MUTUAL_FLAG; - ap_options |= AP_OPTS_MUTUAL_REQUIRED; - } - - if (req_flags & GSS_C_REPLAY_FLAG) { - flags |= GSS_C_REPLAY_FLAG; - } - - if (req_flags & GSS_C_SEQUENCE_FLAG) { - flags |= GSS_C_SEQUENCE_FLAG; - } - - if (req_flags & GSS_C_ANON_FLAG) { - ;/* XXX */ - } - - if (req_flags & GSS_C_DCE_STYLE) { - flags |= GSS_C_DCE_STYLE; - /* GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG */ - flags |= GSS_C_MUTUAL_FLAG; - ap_options |= AP_OPTS_MUTUAL_REQUIRED; - } - - if (req_flags & GSS_C_IDENTIFY_FLAG) { - flags |= GSS_C_IDENTIFY_FLAG; - } - - if (req_flags & GSS_C_EXTENDED_ERROR_FLAG) { - flags |= GSS_C_EXTENDED_ERROR_FLAG; - } - - /* TODO: why are this always there? --metze */ - flags |= GSS_C_CONF_FLAG; - flags |= GSS_C_INTEG_FLAG; - flags |= GSS_C_TRANS_FLAG; - - if (ret_flags) *ret_flags = flags; - (*context_handle)->flags = flags; - } - - /* We need to generate the 8003 checksum */ - { - ret = gssapi_krb5_create_8003_checksum(minor_status, - input_chan_bindings, - flags, - &fwd_data, - &cksum); - krb5_data_free (&fwd_data); - if (ret) return ret; - } - - enctype = (*context_handle)->auth_context->keyblock->keytype; - - gsskrb5_is_cfx(*context_handle, &is_cfx); - - if (is_cfx != 0) { - kret = krb5_auth_con_addflags(gssapi_krb5_context, - (*context_handle)->auth_context, - KRB5_AUTH_CONTEXT_USE_SUBKEY, - NULL); - (*context_handle)->more_flags |= ACCEPTOR_SUBKEY; - } - - /* We need to create an Authenticator */ - { - kret = krb5_build_authenticator (gssapi_krb5_context, - (*context_handle)->auth_context, - enctype, - cred, - &cksum, - NULL, - &authenticator, - KRB5_KU_AP_REQ_AUTH); - free_Checksum(&cksum); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - } - - /* We need to create the AP_REQ */ - { - kret = krb5_build_ap_req(gssapi_krb5_context, - enctype, - cred, - ap_options, - authenticator, - &outbuf); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - } - - /* We need to encapsulate the AP_REQ if GSS_C_DCE_STYLE isn't in use */ - { - if (!(flags & GSS_C_DCE_STYLE)) { - ret = gssapi_krb5_encapsulate(minor_status, &outbuf, output_token, - "\x01\x00", GSS_KRB5_MECHANISM); - krb5_data_free (&outbuf); - if (ret) return ret; - } else { - output_token->length = outbuf.length; - output_token->value = outbuf.data; - } - } - - /* We no longer need the creds */ - krb5_free_creds(gssapi_krb5_context, cred); - - /* We are done if GSS_C_MUTUAL_FLAG is in use */ - if (flags & GSS_C_MUTUAL_FLAG) { - (*context_handle)->state = INITIATOR_WAIT_FOR_MUTAL; - return GSS_S_CONTINUE_NEEDED; - } - - return gsskrb5_initiator_ready(minor_status, context_handle); -} - -static OM_uint32 -gsskrb5_initiator_wait_for_mutual( - OM_uint32 * minor_status, - krb5_ccache ccache, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec) -{ - OM_uint32 ret; - krb5_error_code kret; - krb5_data inbuf; - OM_uint32 flags = (*context_handle)->flags; - int32_t l_seq_number; - int32_t r_seq_number; - - /* We need to decapsulate the AP_REP if GSS_C_DCE_STYLE isn't in use */ - { - if (!(flags & GSS_C_DCE_STYLE)) { - ret = gssapi_krb5_decapsulate(minor_status, input_token, &inbuf, - "\x02\x00", GSS_KRB5_MECHANISM); - if (ret) return ret; - } else { - inbuf.length = input_token->length; - inbuf.data = input_token->value; - } - } - - /* We need to verify the AP_REP */ - { - krb5_ap_rep_enc_part *repl; - - kret = krb5_rd_rep(gssapi_krb5_context, - (*context_handle)->auth_context, - &inbuf, - &repl); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - krb5_free_ap_rep_enc_part(gssapi_krb5_context, repl); - } - - /* We need to check the liftime */ - { - OM_uint32 lifetime_rec; - - ret = gssapi_lifetime_left(minor_status, - (*context_handle)->lifetime, - &lifetime_rec); - if (ret) return ret; - - if (lifetime_rec == 0) { - return GSS_S_CONTEXT_EXPIRED; - } - - if (time_rec) *time_rec = lifetime_rec; - } - - /* We need to give the caller the flags which are in use */ - if (ret_flags) *ret_flags = (*context_handle)->flags; - - /* We are done here if GSS_C_DCE_STYLE isn't in use */ - if (!(flags & GSS_C_DCE_STYLE)) { - return gsskrb5_initiator_ready(minor_status, context_handle); - } - - /* - * We need to set the local seq_number to the remote one just for the krb5_mk_rep(), - * and then we need to use the old local seq_number again for the GSS_Wrap() messages - */ - { - kret = krb5_auth_getremoteseqnumber(gssapi_krb5_context, - (*context_handle)->auth_context, - &r_seq_number); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - kret = krb5_auth_con_getlocalseqnumber(gssapi_krb5_context, - (*context_handle)->auth_context, - &l_seq_number); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - kret = krb5_auth_con_setlocalseqnumber(gssapi_krb5_context, - (*context_handle)->auth_context, - r_seq_number); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - } - - /* We need to create an AP_REP */ - { - krb5_data outbuf; - - kret = krb5_mk_rep(gssapi_krb5_context, - (*context_handle)->auth_context, - &outbuf); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - output_token->length = outbuf.length; - output_token->value = outbuf.data; - } - - /* We need to reset the local seq_number */ - { - kret = krb5_auth_con_setlocalseqnumber(gssapi_krb5_context, - (*context_handle)->auth_context, - l_seq_number); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - } - - return gsskrb5_initiator_ready(minor_status, context_handle); -} - -static OM_uint32 -gsskrb5_init_sec_context - (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec - ) -{ - OM_uint32 ret; - krb5_error_code kret; - krb5_ccache ccache = NULL; - - if (*context_handle == GSS_C_NO_CONTEXT) { - ret = _gsskrb5_create_ctx(minor_status, - context_handle, - input_chan_bindings, - INITIATOR_START); - if (ret) return ret; - } - - if (actual_mech_type) *actual_mech_type = GSS_KRB5_MECHANISM; - - if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) { - kret = krb5_cc_default (gssapi_krb5_context, &ccache); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - } else { - ccache = initiator_cred_handle->ccache; - } - - HEIMDAL_MUTEX_lock(&(*context_handle)->ctx_id_mutex); - - switch ((*context_handle)->state) { - case INITIATOR_START: - ret = gsskrb5_initiator_start(minor_status, - ccache, - context_handle, - target_name, - mech_type, - req_flags, - time_req, - input_chan_bindings, - input_token, - output_token, - ret_flags, - time_rec); - break; - case INITIATOR_WAIT_FOR_MUTAL: - ret = gsskrb5_initiator_wait_for_mutual(minor_status, - ccache, - context_handle, - target_name, - mech_type, - req_flags, - time_req, - input_chan_bindings, - input_token, - output_token, - ret_flags, - time_rec); - break; - case INITIATOR_READY: - /* should this be GSS_S_BAD_STATUS ? --metze */ - - /* We need to check the liftime */ - { - OM_uint32 lifetime_rec; - - ret = gssapi_lifetime_left(minor_status, - (*context_handle)->lifetime, - &lifetime_rec); - if (ret) break; - - if (lifetime_rec == 0) { - *minor_status = 0; - ret = GSS_S_CONTEXT_EXPIRED; - break; - } - - if (time_rec) *time_rec = lifetime_rec; - } - - /* We need to give the caller the flags which are in use */ - if (ret_flags) *ret_flags = (*context_handle)->flags; - - ret = GSS_S_COMPLETE; - break; - default: - /* TODO: is this correct here? --metze */ - ret = GSS_S_BAD_STATUS; - break; - } - - if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) { - krb5_cc_close(gssapi_krb5_context, ccache); - } - - HEIMDAL_MUTEX_unlock(&(*context_handle)->ctx_id_mutex); - - return ret; -} - -static OM_uint32 -spnego_reply - (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec - ) -{ - OM_uint32 ret; - krb5_data indata; - NegTokenTarg targ; - u_char oidbuf[17]; - size_t oidlen; - gss_buffer_desc sub_token; - ssize_t mech_len; - const u_char *p; - size_t len, taglen; - krb5_boolean require_mic; - - output_token->length = 0; - output_token->value = NULL; - - /* - * SPNEGO doesn't include gss wrapping on SubsequentContextToken - * like the Kerberos 5 mech does. But lets check for it anyway. - */ - - mech_len = gssapi_krb5_get_mech (input_token->value, - input_token->length, - &p); - - if (mech_len < 0) { - indata.data = input_token->value; - indata.length = input_token->length; - } else if (mech_len == GSS_KRB5_MECHANISM->length - && memcmp(GSS_KRB5_MECHANISM->elements, p, mech_len) == 0) - return gsskrb5_init_sec_context (minor_status, - initiator_cred_handle, - context_handle, - target_name, - GSS_KRB5_MECHANISM, - req_flags, - time_req, - input_chan_bindings, - input_token, - actual_mech_type, - output_token, - ret_flags, - time_rec); - else if (mech_len == GSS_SPNEGO_MECHANISM->length - && memcmp(GSS_SPNEGO_MECHANISM->elements, p, mech_len) == 0){ - ret = _gssapi_decapsulate (minor_status, - input_token, - &indata, - GSS_SPNEGO_MECHANISM); - if (ret) - return ret; - } else - return GSS_S_BAD_MECH; - - ret = der_match_tag_and_length((const char *)indata.data, - indata.length, - ASN1_C_CONTEXT, CONS, 1, &len, &taglen); - if (ret) { - gssapi_krb5_set_status("Failed to decode NegToken choice"); - *minor_status = ret; - return GSS_S_FAILURE; - } - - if(len > indata.length - taglen) { - gssapi_krb5_set_status("Buffer overrun in NegToken choice"); - *minor_status = ASN1_OVERRUN; - return GSS_S_FAILURE; - } - - ret = decode_NegTokenTarg((const char *)indata.data + taglen, - len, &targ, NULL); - if (ret) { - gssapi_krb5_set_status("Failed to decode NegTokenTarg"); - *minor_status = ret; - return GSS_S_FAILURE; - } - - if (targ.negResult == NULL - || *(targ.negResult) == reject - || targ.supportedMech == NULL) { - free_NegTokenTarg(&targ); - return GSS_S_BAD_MECH; - } - - ret = der_put_oid(oidbuf + sizeof(oidbuf) - 1, - sizeof(oidbuf), - targ.supportedMech, - &oidlen); - if (ret || oidlen != GSS_KRB5_MECHANISM->length - || memcmp(oidbuf + sizeof(oidbuf) - oidlen, - GSS_KRB5_MECHANISM->elements, - oidlen) != 0) { - free_NegTokenTarg(&targ); - return GSS_S_BAD_MECH; - } - - if (targ.responseToken != NULL) { - sub_token.length = targ.responseToken->length; - sub_token.value = targ.responseToken->data; - } else { - sub_token.length = 0; - sub_token.value = NULL; - } - - ret = gsskrb5_init_sec_context(minor_status, - initiator_cred_handle, - context_handle, - target_name, - GSS_KRB5_MECHANISM, - req_flags, - time_req, - input_chan_bindings, - &sub_token, - actual_mech_type, - output_token, - ret_flags, - time_rec); - if (ret) { - free_NegTokenTarg(&targ); - return ret; - } - - /* - * Verify the mechListMIC if CFX was used; or if local policy - * dictated so. - */ - ret = _gss_spnego_require_mechlist_mic(minor_status, *context_handle, - &require_mic); - if (ret) { - free_NegTokenTarg(&targ); - return ret; - } - - if (require_mic) { - MechTypeList mechlist; - MechType m0; - size_t buf_len; - gss_buffer_desc mic_buf, mech_buf; - - if (targ.mechListMIC == NULL) { - free_NegTokenTarg(&targ); - *minor_status = 0; - return GSS_S_BAD_MIC; - } - - mechlist.len = 1; - mechlist.val = &m0; - - ret = der_get_oid(GSS_KRB5_MECHANISM->elements, - GSS_KRB5_MECHANISM->length, - &m0, - NULL); - if (ret) { - free_NegTokenTarg(&targ); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - ASN1_MALLOC_ENCODE(MechTypeList, mech_buf.value, mech_buf.length, - &mechlist, &buf_len, ret); - if (ret) { - free_NegTokenTarg(&targ); - free_oid(&m0); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - if (mech_buf.length != buf_len) - abort(); - - mic_buf.length = targ.mechListMIC->length; - mic_buf.value = targ.mechListMIC->data; - - ret = gss_verify_mic(minor_status, *context_handle, - &mech_buf, &mic_buf, NULL); - free(mech_buf.value); - free_oid(&m0); - } - free_NegTokenTarg(&targ); - return ret; -} - -static OM_uint32 -spnego_initial - (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec - ) -{ - NegTokenInit ni; - int ret; - OM_uint32 sub, minor; - gss_buffer_desc mech_token; - u_char *buf; - size_t buf_size, buf_len; - krb5_data data; - - memset (&ni, 0, sizeof(ni)); - - ALLOC(ni.mechTypes, 1); - if (ni.mechTypes == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - ALLOC_SEQ(ni.mechTypes, 1); - if (ni.mechTypes->val == NULL) { - free_NegTokenInit(&ni); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - ret = der_get_oid(GSS_KRB5_MECHANISM->elements, - GSS_KRB5_MECHANISM->length, - &ni.mechTypes->val[0], - NULL); - if (ret) { - free_NegTokenInit(&ni); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - -#if 0 - ALLOC(ni.reqFlags, 1); - if (ni.reqFlags == NULL) { - free_NegTokenInit(&ni); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - ni.reqFlags->delegFlag = req_flags & GSS_C_DELEG_FLAG; - ni.reqFlags->mutualFlag = req_flags & GSS_C_MUTUAL_FLAG; - ni.reqFlags->replayFlag = req_flags & GSS_C_REPLAY_FLAG; - ni.reqFlags->sequenceFlag = req_flags & GSS_C_SEQUENCE_FLAG; - ni.reqFlags->anonFlag = req_flags & GSS_C_ANON_FLAG; - ni.reqFlags->confFlag = req_flags & GSS_C_CONF_FLAG; - ni.reqFlags->integFlag = req_flags & GSS_C_INTEG_FLAG; -#else - ni.reqFlags = NULL; -#endif - - sub = gsskrb5_init_sec_context(&minor, - initiator_cred_handle, - context_handle, - target_name, - GSS_KRB5_MECHANISM, - req_flags, - time_req, - input_chan_bindings, - GSS_C_NO_BUFFER, - actual_mech_type, - &mech_token, - ret_flags, - time_rec); - if (GSS_ERROR(sub)) { - free_NegTokenInit(&ni); - return sub; - } - if (mech_token.length != 0) { - ALLOC(ni.mechToken, 1); - if (ni.mechToken == NULL) { - free_NegTokenInit(&ni); - gss_release_buffer(&minor, &mech_token); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - ni.mechToken->length = mech_token.length; - ni.mechToken->data = malloc(mech_token.length); - if (ni.mechToken->data == NULL && mech_token.length != 0) { - free_NegTokenInit(&ni); - gss_release_buffer(&minor, &mech_token); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy(ni.mechToken->data, mech_token.value, mech_token.length); - gss_release_buffer(&minor, &mech_token); - } else - ni.mechToken = NULL; - - /* XXX ignore mech list mic for now */ - ni.mechListMIC = NULL; - - - { - NegotiationToken nt; - - nt.element = choice_NegotiationToken_negTokenInit; - nt.u.negTokenInit = ni; - - ASN1_MALLOC_ENCODE(NegotiationToken, buf, buf_size, - &nt, &buf_len, ret); - if (ret == 0 && buf_size != buf_len) - abort(); - } - - data.data = buf; - data.length = buf_size; - - free_NegTokenInit(&ni); - if (ret) - return ret; - - sub = _gssapi_encapsulate(minor_status, - &data, - output_token, - GSS_SPNEGO_MECHANISM); - free (buf); - - if (sub) - return sub; - - return GSS_S_CONTINUE_NEEDED; -} - -static OM_uint32 -spnego_init_sec_context - (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec - ) -{ - if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) - return spnego_initial (minor_status, - initiator_cred_handle, - context_handle, - target_name, - mech_type, - req_flags, - time_req, - input_chan_bindings, - input_token, - actual_mech_type, - output_token, - ret_flags, - time_rec); - else - return spnego_reply (minor_status, - initiator_cred_handle, - context_handle, - target_name, - mech_type, - req_flags, - time_req, - input_chan_bindings, - input_token, - actual_mech_type, - output_token, - ret_flags, - time_rec); -} - -/* - * gss_init_sec_context - */ - -OM_uint32 gss_init_sec_context - (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec - ) -{ - GSSAPI_KRB5_INIT (); - - output_token->length = 0; - output_token->value = NULL; - - if (ret_flags) - *ret_flags = 0; - if (time_rec) - *time_rec = 0; - - if (target_name == GSS_C_NO_NAME) { - if (actual_mech_type) - *actual_mech_type = GSS_C_NO_OID; - *minor_status = 0; - return GSS_S_BAD_NAME; - } - - if (mech_type == GSS_C_NO_OID || - gss_oid_equal(mech_type, GSS_KRB5_MECHANISM)) - return gsskrb5_init_sec_context(minor_status, - initiator_cred_handle, - context_handle, - target_name, - mech_type, - req_flags, - time_req, - input_chan_bindings, - input_token, - actual_mech_type, - output_token, - ret_flags, - time_rec); - else if (gss_oid_equal(mech_type, GSS_SPNEGO_MECHANISM)) - return spnego_init_sec_context (minor_status, - initiator_cred_handle, - context_handle, - target_name, - mech_type, - req_flags, - time_req, - input_chan_bindings, - input_token, - actual_mech_type, - output_token, - ret_flags, - time_rec); - else - return GSS_S_BAD_MECH; -} diff --git a/source4/heimdal/lib/gssapi/inquire_cred.c b/source4/heimdal/lib/gssapi/inquire_cred.c deleted file mode 100644 index 9ed1ff4cc4..0000000000 --- a/source4/heimdal/lib/gssapi/inquire_cred.c +++ /dev/null @@ -1,123 +0,0 @@ -/* - * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: inquire_cred.c,v 1.7 2004/11/30 19:27:11 lha Exp $"); - -OM_uint32 gss_inquire_cred - (OM_uint32 * minor_status, - const gss_cred_id_t cred_handle, - gss_name_t * name, - OM_uint32 * lifetime, - gss_cred_usage_t * cred_usage, - gss_OID_set * mechanisms - ) -{ - gss_cred_id_t cred; - OM_uint32 ret; - - *minor_status = 0; - - if (name) - *name = NULL; - if (mechanisms) - *mechanisms = GSS_C_NO_OID_SET; - - if (cred_handle == GSS_C_NO_CREDENTIAL) { - ret = gss_acquire_cred(minor_status, - GSS_C_NO_NAME, - GSS_C_INDEFINITE, - GSS_C_NO_OID_SET, - GSS_C_BOTH, - &cred, - NULL, - NULL); - if (ret) - return ret; - } else - cred = (gss_cred_id_t)cred_handle; - - HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); - - if (name != NULL) { - if (cred->principal != NULL) { - ret = gss_duplicate_name(minor_status, cred->principal, - name); - if (ret) - goto out; - } else if (cred->usage == GSS_C_ACCEPT) { - *minor_status = krb5_sname_to_principal(gssapi_krb5_context, NULL, - NULL, KRB5_NT_SRV_HST, name); - if (*minor_status) { - ret = GSS_S_FAILURE; - goto out; - } - } else { - *minor_status = krb5_get_default_principal(gssapi_krb5_context, - name); - if (*minor_status) { - ret = GSS_S_FAILURE; - goto out; - } - } - } - if (lifetime != NULL) { - ret = gssapi_lifetime_left(minor_status, - cred->lifetime, - lifetime); - if (ret) - goto out; - } - if (cred_usage != NULL) - *cred_usage = cred->usage; - - if (mechanisms != NULL) { - ret = gss_create_empty_oid_set(minor_status, mechanisms); - if (ret) - goto out; - ret = gss_add_oid_set_member(minor_status, - &cred->mechanisms->elements[0], - mechanisms); - if (ret) - goto out; - } - ret = GSS_S_COMPLETE; - out: - HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); - - if (cred_handle == GSS_C_NO_CREDENTIAL) - ret = gss_release_cred(minor_status, &cred); - - return ret; -} diff --git a/source4/heimdal/lib/gssapi/krb5/8003.c b/source4/heimdal/lib/gssapi/krb5/8003.c new file mode 100644 index 0000000000..0123f67e09 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/8003.c @@ -0,0 +1,248 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: 8003.c,v 1.20 2006/10/07 22:13:51 lha Exp $"); + +krb5_error_code +_gsskrb5_encode_om_uint32(OM_uint32 n, u_char *p) +{ + p[0] = (n >> 0) & 0xFF; + p[1] = (n >> 8) & 0xFF; + p[2] = (n >> 16) & 0xFF; + p[3] = (n >> 24) & 0xFF; + return 0; +} + +krb5_error_code +_gsskrb5_encode_be_om_uint32(OM_uint32 n, u_char *p) +{ + p[0] = (n >> 24) & 0xFF; + p[1] = (n >> 16) & 0xFF; + p[2] = (n >> 8) & 0xFF; + p[3] = (n >> 0) & 0xFF; + return 0; +} + +krb5_error_code +_gsskrb5_decode_om_uint32(const void *ptr, OM_uint32 *n) +{ + const u_char *p = ptr; + *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); + return 0; +} + +krb5_error_code +_gsskrb5_decode_be_om_uint32(const void *ptr, OM_uint32 *n) +{ + const u_char *p = ptr; + *n = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0); + return 0; +} + +static krb5_error_code +hash_input_chan_bindings (const gss_channel_bindings_t b, + u_char *p) +{ + u_char num[4]; + MD5_CTX md5; + + MD5_Init(&md5); + _gsskrb5_encode_om_uint32 (b->initiator_addrtype, num); + MD5_Update (&md5, num, sizeof(num)); + _gsskrb5_encode_om_uint32 (b->initiator_address.length, num); + MD5_Update (&md5, num, sizeof(num)); + if (b->initiator_address.length) + MD5_Update (&md5, + b->initiator_address.value, + b->initiator_address.length); + _gsskrb5_encode_om_uint32 (b->acceptor_addrtype, num); + MD5_Update (&md5, num, sizeof(num)); + _gsskrb5_encode_om_uint32 (b->acceptor_address.length, num); + MD5_Update (&md5, num, sizeof(num)); + if (b->acceptor_address.length) + MD5_Update (&md5, + b->acceptor_address.value, + b->acceptor_address.length); + _gsskrb5_encode_om_uint32 (b->application_data.length, num); + MD5_Update (&md5, num, sizeof(num)); + if (b->application_data.length) + MD5_Update (&md5, + b->application_data.value, + b->application_data.length); + MD5_Final (p, &md5); + return 0; +} + +/* + * create a checksum over the chanel bindings in + * `input_chan_bindings', `flags' and `fwd_data' and return it in + * `result' + */ + +OM_uint32 +_gsskrb5_create_8003_checksum ( + OM_uint32 *minor_status, + const gss_channel_bindings_t input_chan_bindings, + OM_uint32 flags, + const krb5_data *fwd_data, + Checksum *result) +{ + u_char *p; + + /* + * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value + * field's format) */ + result->cksumtype = CKSUMTYPE_GSSAPI; + if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) + result->checksum.length = 24 + 4 + fwd_data->length; + else + result->checksum.length = 24; + result->checksum.data = malloc (result->checksum.length); + if (result->checksum.data == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = result->checksum.data; + _gsskrb5_encode_om_uint32 (16, p); + p += 4; + if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) { + memset (p, 0, 16); + } else { + hash_input_chan_bindings (input_chan_bindings, p); + } + p += 16; + _gsskrb5_encode_om_uint32 (flags, p); + p += 4; + + if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) { + + *p++ = (1 >> 0) & 0xFF; /* DlgOpt */ /* == 1 */ + *p++ = (1 >> 8) & 0xFF; /* DlgOpt */ /* == 0 */ + *p++ = (fwd_data->length >> 0) & 0xFF; /* Dlgth */ + *p++ = (fwd_data->length >> 8) & 0xFF; /* Dlgth */ + memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length); + + p += fwd_data->length; + } + + return GSS_S_COMPLETE; +} + +/* + * verify the checksum in `cksum' over `input_chan_bindings' + * returning `flags' and `fwd_data' + */ + +OM_uint32 +_gsskrb5_verify_8003_checksum( + OM_uint32 *minor_status, + const gss_channel_bindings_t input_chan_bindings, + const Checksum *cksum, + OM_uint32 *flags, + krb5_data *fwd_data) +{ + unsigned char hash[16]; + unsigned char *p; + OM_uint32 length; + int DlgOpt; + static unsigned char zeros[16]; + + if (cksum == NULL) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + + /* XXX should handle checksums > 24 bytes */ + if(cksum->cksumtype != CKSUMTYPE_GSSAPI || cksum->checksum.length < 24) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + + p = cksum->checksum.data; + _gsskrb5_decode_om_uint32(p, &length); + if(length != sizeof(hash)) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + + p += 4; + + if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS + && memcmp(p, zeros, sizeof(zeros)) != 0) { + if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + if(memcmp(hash, p, sizeof(hash)) != 0) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + } + + p += sizeof(hash); + + _gsskrb5_decode_om_uint32(p, flags); + p += 4; + + if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) { + if(cksum->checksum.length < 28) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + + DlgOpt = (p[0] << 0) | (p[1] << 8); + p += 2; + if (DlgOpt != 1) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + + fwd_data->length = (p[0] << 0) | (p[1] << 8); + p += 2; + if(cksum->checksum.length < 28 + fwd_data->length) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + fwd_data->data = malloc(fwd_data->length); + if (fwd_data->data == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(fwd_data->data, p, fwd_data->length); + } + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c new file mode 100644 index 0000000000..e42bb11b85 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -0,0 +1,774 @@ +/* + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: accept_sec_context.c,v 1.64 2006/10/25 04:19:45 lha Exp $"); + +HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER; +krb5_keytab _gsskrb5_keytab; + +OM_uint32 +_gsskrb5_register_acceptor_identity (const char *identity) +{ + krb5_error_code ret; + + ret = _gsskrb5_init(); + if(ret) + return GSS_S_FAILURE; + + HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex); + + if(_gsskrb5_keytab != NULL) { + krb5_kt_close(_gsskrb5_context, _gsskrb5_keytab); + _gsskrb5_keytab = NULL; + } + if (identity == NULL) { + ret = krb5_kt_default(_gsskrb5_context, &_gsskrb5_keytab); + } else { + char *p; + + asprintf(&p, "FILE:%s", identity); + if(p == NULL) { + HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); + return GSS_S_FAILURE; + } + ret = krb5_kt_resolve(_gsskrb5_context, p, &_gsskrb5_keytab); + free(p); + } + HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); + if(ret) + return GSS_S_FAILURE; + return GSS_S_COMPLETE; +} + +void +_gsskrb5i_is_cfx(gsskrb5_ctx ctx, int *is_cfx) +{ + krb5_keyblock *key; + int acceptor = (ctx->more_flags & LOCAL) == 0; + + *is_cfx = 0; + + if (acceptor) { + if (ctx->auth_context->local_subkey) + key = ctx->auth_context->local_subkey; + else + key = ctx->auth_context->remote_subkey; + } else { + if (ctx->auth_context->remote_subkey) + key = ctx->auth_context->remote_subkey; + else + key = ctx->auth_context->local_subkey; + } + if (key == NULL) + key = ctx->auth_context->keyblock; + + if (key == NULL) + return; + + switch (key->keytype) { + case ETYPE_DES_CBC_CRC: + case ETYPE_DES_CBC_MD4: + case ETYPE_DES_CBC_MD5: + case ETYPE_DES3_CBC_MD5: + case ETYPE_DES3_CBC_SHA1: + case ETYPE_ARCFOUR_HMAC_MD5: + case ETYPE_ARCFOUR_HMAC_MD5_56: + break; + default : + *is_cfx = 1; + if ((acceptor && ctx->auth_context->local_subkey) || + (!acceptor && ctx->auth_context->remote_subkey)) + ctx->more_flags |= ACCEPTOR_SUBKEY; + break; + } +} + + +static OM_uint32 +gsskrb5_accept_delegated_token +(OM_uint32 * minor_status, + gsskrb5_ctx ctx, + gss_cred_id_t * delegated_cred_handle + ) +{ + krb5_ccache ccache = NULL; + krb5_error_code kret; + int32_t ac_flags, ret = GSS_S_COMPLETE; + + *minor_status = 0; + + /* XXX Create a new delegated_cred_handle? */ + if (delegated_cred_handle == NULL) { + kret = krb5_cc_default (_gsskrb5_context, &ccache); + } else { + *delegated_cred_handle = NULL; + kret = krb5_cc_gen_new (_gsskrb5_context, &krb5_mcc_ops, &ccache); + } + if (kret) { + ctx->flags &= ~GSS_C_DELEG_FLAG; + goto out; + } + + kret = krb5_cc_initialize(_gsskrb5_context, ccache, ctx->source); + if (kret) { + ctx->flags &= ~GSS_C_DELEG_FLAG; + goto out; + } + + krb5_auth_con_removeflags(_gsskrb5_context, + ctx->auth_context, + KRB5_AUTH_CONTEXT_DO_TIME, + &ac_flags); + kret = krb5_rd_cred2(_gsskrb5_context, + ctx->auth_context, + ccache, + &ctx->fwd_data); + if (kret) + _gsskrb5_set_error_string(); + krb5_auth_con_setflags(_gsskrb5_context, + ctx->auth_context, + ac_flags); + if (kret) { + ctx->flags &= ~GSS_C_DELEG_FLAG; + ret = GSS_S_FAILURE; + *minor_status = kret; + goto out; + } + + if (delegated_cred_handle) { + gsskrb5_cred handle; + + ret = _gsskrb5_import_cred(minor_status, + ccache, + NULL, + NULL, + delegated_cred_handle); + if (ret != GSS_S_COMPLETE) + goto out; + + handle = (gsskrb5_cred) *delegated_cred_handle; + + handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE; + krb5_cc_close(_gsskrb5_context, ccache); + ccache = NULL; + } + +out: + if (ccache) { + if (delegated_cred_handle == NULL) + krb5_cc_close(_gsskrb5_context, ccache); + else + krb5_cc_destroy(_gsskrb5_context, ccache); + } + return ret; +} + +static OM_uint32 +gsskrb5_acceptor_ready(OM_uint32 * minor_status, + gsskrb5_ctx ctx, + gss_cred_id_t *delegated_cred_handle) +{ + OM_uint32 ret; + int32_t seq_number; + int is_cfx = 0; + + krb5_auth_getremoteseqnumber (_gsskrb5_context, + ctx->auth_context, + &seq_number); + + _gsskrb5i_is_cfx(ctx, &is_cfx); + + ret = _gssapi_msg_order_create(minor_status, + &ctx->order, + _gssapi_msg_order_f(ctx->flags), + seq_number, 0, is_cfx); + if (ret) + return ret; + + /* + * If requested, set local sequence num to remote sequence if this + * isn't a mutual authentication context + */ + if (!(ctx->flags & GSS_C_MUTUAL_FLAG) && _gssapi_msg_order_f(ctx->flags)) { + krb5_auth_con_setlocalseqnumber(_gsskrb5_context, + ctx->auth_context, + seq_number); + } + + /* + * We should handle the delegation ticket, in case it's there + */ + if (ctx->fwd_data.length > 0 && (ctx->flags & GSS_C_DELEG_FLAG)) { + ret = gsskrb5_accept_delegated_token(minor_status, + ctx, + delegated_cred_handle); + if (ret) + return ret; + } else { + /* Well, looks like it wasn't there after all */ + ctx->flags &= ~GSS_C_DELEG_FLAG; + } + + ctx->state = ACCEPTOR_READY; + ctx->more_flags |= OPEN; + + return GSS_S_COMPLETE; +} + +static OM_uint32 +gsskrb5_acceptor_start(OM_uint32 * minor_status, + gsskrb5_ctx ctx, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token_buffer, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t * src_name, + gss_OID * mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec, + gss_cred_id_t * delegated_cred_handle) +{ + krb5_error_code kret; + OM_uint32 ret = GSS_S_COMPLETE; + krb5_data indata; + krb5_flags ap_options; + krb5_ticket *ticket = NULL; + krb5_keytab keytab = NULL; + krb5_keyblock *keyblock = NULL; + int is_cfx = 0; + const gsskrb5_cred acceptor_cred = (gsskrb5_cred)acceptor_cred_handle; + + /* + * We may, or may not, have an escapsulation. + */ + ret = _gsskrb5_decapsulate (minor_status, + input_token_buffer, + &indata, + "\x01\x00", + GSS_KRB5_MECHANISM); + + if (ret) { + /* Assume that there is no OID wrapping. */ + indata.length = input_token_buffer->length; + indata.data = input_token_buffer->value; + } + + /* + * We need to get our keytab + */ + if (acceptor_cred == NULL) { + if (_gsskrb5_keytab != NULL) + keytab = _gsskrb5_keytab; + } else if (acceptor_cred->keytab != NULL) { + keytab = acceptor_cred->keytab; + } + + /* + * We need to check the ticket and create the AP-REP packet + */ + kret = krb5_rd_req_return_keyblock(_gsskrb5_context, + &ctx->auth_context, + &indata, + (acceptor_cred == NULL) ? NULL : acceptor_cred->principal, + keytab, + &ap_options, + &ticket, + &keyblock); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + _gsskrb5_set_error_string (); + return ret; + } + + /* + * We need to remember some data on the context_handle. + */ + ctx->ticket = ticket; + ctx->service_keyblock = keyblock; + ctx->lifetime = ticket->ticket.endtime; + + /* + * We need to copy the principal names to the context and the + * calling layer. + */ + kret = krb5_copy_principal(_gsskrb5_context, + ticket->client, + &ctx->source); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + _gsskrb5_set_error_string (); + } + + kret = krb5_copy_principal(_gsskrb5_context, ticket->server, &ctx->target); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + _gsskrb5_set_error_string (); + return ret; + } + + /* + * We need to setup some compat stuff, this assumes that + * context_handle->target is already set. + */ + ret = _gss_DES3_get_mic_compat(minor_status, ctx); + if (ret) + return ret; + + if (src_name != NULL) { + kret = krb5_copy_principal (_gsskrb5_context, + ticket->client, + (gsskrb5_name*)src_name); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + _gsskrb5_set_error_string (); + return ret; + } + } + + /* + * We need to get the flags out of the 8003 checksum. + */ + { + krb5_authenticator authenticator; + + kret = krb5_auth_con_getauthenticator(_gsskrb5_context, + ctx->auth_context, + &authenticator); + if(kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + _gsskrb5_set_error_string (); + return ret; + } + + if (authenticator->cksum->cksumtype == CKSUMTYPE_GSSAPI) { + ret = _gsskrb5_verify_8003_checksum(minor_status, + input_chan_bindings, + authenticator->cksum, + &ctx->flags, + &ctx->fwd_data); + + krb5_free_authenticator(_gsskrb5_context, &authenticator); + if (ret) { + return ret; + } + } else { + krb5_crypto crypto; + + kret = krb5_crypto_init(_gsskrb5_context, + ctx->auth_context->keyblock, + 0, &crypto); + if(kret) { + krb5_free_authenticator(_gsskrb5_context, &authenticator); + + ret = GSS_S_FAILURE; + *minor_status = kret; + _gsskrb5_set_error_string (); + return ret; + } + + /* + * Windows accepts Samba3's use of a kerberos, rather than + * GSSAPI checksum here + */ + + kret = krb5_verify_checksum(_gsskrb5_context, + crypto, KRB5_KU_AP_REQ_AUTH_CKSUM, NULL, 0, + authenticator->cksum); + krb5_free_authenticator(_gsskrb5_context, &authenticator); + krb5_crypto_destroy(_gsskrb5_context, crypto); + + if(kret) { + ret = GSS_S_BAD_SIG; + *minor_status = kret; + _gsskrb5_set_error_string (); + return ret; + } + + /* + * Samba style get some flags (but not DCE-STYLE) + */ + ctx->flags = + GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; + } + } + + if(ctx->flags & GSS_C_MUTUAL_FLAG) { + krb5_data outbuf; + + _gsskrb5i_is_cfx(ctx, &is_cfx); + + if (is_cfx != 0 + || (ap_options & AP_OPTS_USE_SUBKEY)) { + kret = krb5_auth_con_addflags(_gsskrb5_context, + ctx->auth_context, + KRB5_AUTH_CONTEXT_USE_SUBKEY, + NULL); + ctx->more_flags |= ACCEPTOR_SUBKEY; + } + + kret = krb5_mk_rep(_gsskrb5_context, + ctx->auth_context, + &outbuf); + if (kret) { + *minor_status = kret; + _gsskrb5_set_error_string (); + return GSS_S_FAILURE; + } + + if (ctx->flags & GSS_C_DCE_STYLE) { + output_token->length = outbuf.length; + output_token->value = outbuf.data; + } else { + ret = _gsskrb5_encapsulate(minor_status, + &outbuf, + output_token, + "\x02\x00", + GSS_KRB5_MECHANISM); + krb5_data_free (&outbuf); + if (ret) + return ret; + } + } + + ctx->flags |= GSS_C_TRANS_FLAG; + + /* Remember the flags */ + + ctx->lifetime = ticket->ticket.endtime; + ctx->more_flags |= OPEN; + + if (mech_type) + *mech_type = GSS_KRB5_MECHANISM; + + if (time_rec) { + ret = _gsskrb5_lifetime_left(minor_status, + ctx->lifetime, + time_rec); + if (ret) { + return ret; + } + } + + /* + * When GSS_C_DCE_STYLE is in use, we need ask for a AP-REP from + * the client. + */ + if (ctx->flags & GSS_C_DCE_STYLE) { + /* + * Return flags to caller, but we haven't processed + * delgations yet + */ + if (ret_flags) + *ret_flags = (ctx->flags & ~GSS_C_DELEG_FLAG); + + ctx->state = ACCEPTOR_WAIT_FOR_DCESTYLE; + return GSS_S_CONTINUE_NEEDED; + } + + ret = gsskrb5_acceptor_ready(minor_status, ctx, delegated_cred_handle); + + if (ret_flags) + *ret_flags = ctx->flags; + + return ret; +} + +static OM_uint32 +acceptor_wait_for_dcestyle(OM_uint32 * minor_status, + gsskrb5_ctx ctx, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token_buffer, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t * src_name, + gss_OID * mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec, + gss_cred_id_t * delegated_cred_handle) +{ + OM_uint32 ret; + krb5_error_code kret; + krb5_data inbuf; + int32_t r_seq_number, l_seq_number; + + /* + * We know it's GSS_C_DCE_STYLE so we don't need to decapsulate the AP_REP + */ + + inbuf.length = input_token_buffer->length; + inbuf.data = input_token_buffer->value; + + /* + * We need to remeber the old remote seq_number, then check if the + * client has replied with our local seq_number, and then reset + * the remote seq_number to the old value + */ + { + kret = krb5_auth_con_getlocalseqnumber(_gsskrb5_context, + ctx->auth_context, + &l_seq_number); + if (kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_auth_getremoteseqnumber(_gsskrb5_context, + ctx->auth_context, + &r_seq_number); + if (kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_auth_con_setremoteseqnumber(_gsskrb5_context, + ctx->auth_context, + l_seq_number); + if (kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + } + + /* + * We need to verify the AP_REP, but we need to flag that this is + * DCE_STYLE, so don't check the timestamps this time, but put the + * flag DO_TIME back afterward. + */ + { + krb5_ap_rep_enc_part *repl; + int32_t auth_flags; + + krb5_auth_con_removeflags(_gsskrb5_context, + ctx->auth_context, + KRB5_AUTH_CONTEXT_DO_TIME, + &auth_flags); + + kret = krb5_rd_rep(_gsskrb5_context, ctx->auth_context, &inbuf, &repl); + if (kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + krb5_free_ap_rep_enc_part(_gsskrb5_context, repl); + krb5_auth_con_setflags(_gsskrb5_context, ctx->auth_context, auth_flags); + } + + /* We need to check the liftime */ + { + OM_uint32 lifetime_rec; + + ret = _gsskrb5_lifetime_left(minor_status, + ctx->lifetime, + &lifetime_rec); + if (ret) { + return ret; + } + if (lifetime_rec == 0) { + return GSS_S_CONTEXT_EXPIRED; + } + + if (time_rec) *time_rec = lifetime_rec; + } + + /* We need to give the caller the flags which are in use */ + if (ret_flags) *ret_flags = ctx->flags; + + if (src_name) { + kret = krb5_copy_principal(_gsskrb5_context, + ctx->source, + (gsskrb5_name*)src_name); + if (kret) { + *minor_status = kret; + _gsskrb5_set_error_string (); + return GSS_S_FAILURE; + } + } + + /* + * After the krb5_rd_rep() the remote and local seq_number should + * be the same, because the client just replies the seq_number + * from our AP-REP in its AP-REP, but then the client uses the + * seq_number from its AP-REQ for GSS_wrap() + */ + { + int32_t tmp_r_seq_number, tmp_l_seq_number; + + kret = krb5_auth_getremoteseqnumber(_gsskrb5_context, + ctx->auth_context, + &tmp_r_seq_number); + if (kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_auth_con_getlocalseqnumber(_gsskrb5_context, + ctx->auth_context, + &tmp_l_seq_number); + if (kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + /* + * Here we check if the client has responsed with our local seq_number, + */ + if (tmp_r_seq_number != tmp_l_seq_number) { + return GSS_S_UNSEQ_TOKEN; + } + } + + /* + * We need to reset the remote seq_number, because the client will use, + * the old one for the GSS_wrap() calls + */ + { + kret = krb5_auth_con_setremoteseqnumber(_gsskrb5_context, + ctx->auth_context, + r_seq_number); + if (kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + } + + return gsskrb5_acceptor_ready(minor_status, ctx, delegated_cred_handle); +} + + +OM_uint32 +_gsskrb5_accept_sec_context(OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token_buffer, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t * src_name, + gss_OID * mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec, + gss_cred_id_t * delegated_cred_handle) +{ + OM_uint32 ret; + gsskrb5_ctx ctx; + + GSSAPI_KRB5_INIT(); + + output_token->length = 0; + output_token->value = NULL; + + if (src_name != NULL) + *src_name = NULL; + if (mech_type) + *mech_type = GSS_KRB5_MECHANISM; + + if (*context_handle == GSS_C_NO_CONTEXT) { + ret = _gsskrb5_create_ctx(minor_status, + context_handle, + input_chan_bindings, + ACCEPTOR_START); + if (ret) + return ret; + } + + ctx = (gsskrb5_ctx)*context_handle; + + + /* + * TODO: check the channel_bindings + * (above just sets them to krb5 layer) + */ + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + + switch (ctx->state) { + case ACCEPTOR_START: + ret = gsskrb5_acceptor_start(minor_status, + ctx, + acceptor_cred_handle, + input_token_buffer, + input_chan_bindings, + src_name, + mech_type, + output_token, + ret_flags, + time_rec, + delegated_cred_handle); + break; + case ACCEPTOR_WAIT_FOR_DCESTYLE: + ret = acceptor_wait_for_dcestyle(minor_status, + ctx, + acceptor_cred_handle, + input_token_buffer, + input_chan_bindings, + src_name, + mech_type, + output_token, + ret_flags, + time_rec, + delegated_cred_handle); + break; + case ACCEPTOR_READY: + /* + * If we get there, the caller have called + * gss_accept_sec_context() one time too many. + */ + ret = GSS_S_BAD_STATUS; + break; + default: + /* TODO: is this correct here? --metze */ + ret = GSS_S_BAD_STATUS; + break; + } + + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + if (GSS_ERROR(ret)) { + OM_uint32 min2; + _gsskrb5_delete_sec_context(&min2, context_handle, GSS_C_NO_BUFFER); + } + + return ret; +} diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c new file mode 100644 index 0000000000..df6e137402 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c @@ -0,0 +1,379 @@ +/* + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: acquire_cred.c,v 1.31 2006/10/07 22:13:55 lha Exp $"); + +OM_uint32 +__gsskrb5_ccache_lifetime(OM_uint32 *minor_status, + krb5_ccache id, + krb5_principal principal, + OM_uint32 *lifetime) +{ + krb5_creds in_cred, *out_cred; + krb5_const_realm realm; + krb5_error_code kret; + + memset(&in_cred, 0, sizeof(in_cred)); + in_cred.client = principal; + + realm = krb5_principal_get_realm(_gsskrb5_context, principal); + if (realm == NULL) { + _gsskrb5_clear_status (); + *minor_status = KRB5_PRINC_NOMATCH; /* XXX */ + return GSS_S_FAILURE; + } + + kret = krb5_make_principal(_gsskrb5_context, &in_cred.server, + realm, KRB5_TGS_NAME, realm, NULL); + if (kret) { + _gsskrb5_set_error_string(); + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_get_credentials(_gsskrb5_context, 0, + id, &in_cred, &out_cred); + krb5_free_principal(_gsskrb5_context, in_cred.server); + if (kret) { + _gsskrb5_set_error_string(); + *minor_status = kret; + return GSS_S_FAILURE; + } + + *lifetime = out_cred->times.endtime; + krb5_free_creds(_gsskrb5_context, out_cred); + + return GSS_S_COMPLETE; +} + + + + +static krb5_error_code +get_keytab(krb5_keytab *keytab) +{ + char kt_name[256]; + krb5_error_code kret; + + HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex); + + if (_gsskrb5_keytab != NULL) { + kret = krb5_kt_get_name(_gsskrb5_context, + _gsskrb5_keytab, + kt_name, sizeof(kt_name)); + if (kret == 0) + kret = krb5_kt_resolve(_gsskrb5_context, kt_name, keytab); + } else + kret = krb5_kt_default(_gsskrb5_context, keytab); + + HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); + + return (kret); +} + +static OM_uint32 acquire_initiator_cred + (OM_uint32 * minor_status, + const gss_name_t desired_name, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gsskrb5_cred handle, + gss_OID_set * actual_mechs, + OM_uint32 * time_rec + ) +{ + OM_uint32 ret; + krb5_creds cred; + krb5_principal def_princ; + krb5_get_init_creds_opt *opt; + krb5_ccache ccache; + krb5_keytab keytab; + krb5_error_code kret; + + keytab = NULL; + ccache = NULL; + def_princ = NULL; + ret = GSS_S_FAILURE; + memset(&cred, 0, sizeof(cred)); + + /* If we have a preferred principal, lets try to find it in all + * caches, otherwise, fall back to default cache. Ignore + * errors. */ + if (handle->principal) + kret = krb5_cc_cache_match (_gsskrb5_context, + handle->principal, + NULL, + &ccache); + + if (ccache == NULL) { + kret = krb5_cc_default(_gsskrb5_context, &ccache); + if (kret) + goto end; + } + kret = krb5_cc_get_principal(_gsskrb5_context, ccache, + &def_princ); + if (kret != 0) { + /* we'll try to use a keytab below */ + krb5_cc_destroy(_gsskrb5_context, ccache); + ccache = NULL; + kret = 0; + } else if (handle->principal == NULL) { + kret = krb5_copy_principal(_gsskrb5_context, def_princ, + &handle->principal); + if (kret) + goto end; + } else if (handle->principal != NULL && + krb5_principal_compare(_gsskrb5_context, handle->principal, + def_princ) == FALSE) { + /* Before failing, lets check the keytab */ + krb5_free_principal(_gsskrb5_context, def_princ); + def_princ = NULL; + } + if (def_princ == NULL) { + /* We have no existing credentials cache, + * so attempt to get a TGT using a keytab. + */ + if (handle->principal == NULL) { + kret = krb5_get_default_principal(_gsskrb5_context, + &handle->principal); + if (kret) + goto end; + } + kret = get_keytab(&keytab); + if (kret) + goto end; + kret = krb5_get_init_creds_opt_alloc(_gsskrb5_context, &opt); + if (kret) + goto end; + kret = krb5_get_init_creds_keytab(_gsskrb5_context, &cred, + handle->principal, keytab, 0, NULL, opt); + krb5_get_init_creds_opt_free(opt); + if (kret) + goto end; + kret = krb5_cc_gen_new(_gsskrb5_context, &krb5_mcc_ops, + &ccache); + if (kret) + goto end; + kret = krb5_cc_initialize(_gsskrb5_context, ccache, cred.client); + if (kret) + goto end; + kret = krb5_cc_store_cred(_gsskrb5_context, ccache, &cred); + if (kret) + goto end; + handle->lifetime = cred.times.endtime; + handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE; + } else { + + ret = __gsskrb5_ccache_lifetime(minor_status, + ccache, + handle->principal, + &handle->lifetime); + if (ret != GSS_S_COMPLETE) + goto end; + kret = 0; + } + + handle->ccache = ccache; + ret = GSS_S_COMPLETE; + +end: + if (cred.client != NULL) + krb5_free_cred_contents(_gsskrb5_context, &cred); + if (def_princ != NULL) + krb5_free_principal(_gsskrb5_context, def_princ); + if (keytab != NULL) + krb5_kt_close(_gsskrb5_context, keytab); + if (ret != GSS_S_COMPLETE) { + if (ccache != NULL) + krb5_cc_close(_gsskrb5_context, ccache); + if (kret != 0) { + *minor_status = kret; + _gsskrb5_set_error_string (); + } + } + return (ret); +} + +static OM_uint32 acquire_acceptor_cred + (OM_uint32 * minor_status, + const gss_name_t desired_name, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gsskrb5_cred handle, + gss_OID_set * actual_mechs, + OM_uint32 * time_rec + ) +{ + OM_uint32 ret; + krb5_error_code kret; + + kret = 0; + ret = GSS_S_FAILURE; + kret = get_keytab(&handle->keytab); + if (kret) + goto end; + + /* check that the requested principal exists in the keytab */ + if (handle->principal) { + krb5_keytab_entry entry; + + kret = krb5_kt_get_entry(_gsskrb5_context, handle->keytab, + handle->principal, 0, 0, &entry); + if (kret) + goto end; + krb5_kt_free_entry(_gsskrb5_context, &entry); + } + ret = GSS_S_COMPLETE; + +end: + if (ret != GSS_S_COMPLETE) { + if (handle->keytab != NULL) + krb5_kt_close(_gsskrb5_context, handle->keytab); + if (kret != 0) { + *minor_status = kret; + _gsskrb5_set_error_string (); + } + } + return (ret); +} + +OM_uint32 _gsskrb5_acquire_cred +(OM_uint32 * minor_status, + const gss_name_t desired_name, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t * output_cred_handle, + gss_OID_set * actual_mechs, + OM_uint32 * time_rec + ) +{ + gsskrb5_cred handle; + OM_uint32 ret; + + if (cred_usage != GSS_C_ACCEPT && cred_usage != GSS_C_INITIATE && cred_usage != GSS_C_BOTH) { + *minor_status = GSS_KRB5_S_G_BAD_USAGE; + return GSS_S_FAILURE; + } + + GSSAPI_KRB5_INIT (); + + *output_cred_handle = NULL; + if (time_rec) + *time_rec = 0; + if (actual_mechs) + *actual_mechs = GSS_C_NO_OID_SET; + + if (desired_mechs) { + int present = 0; + + ret = _gsskrb5_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + desired_mechs, &present); + if (ret) + return ret; + if (!present) { + *minor_status = 0; + return GSS_S_BAD_MECH; + } + } + + handle = calloc(1, sizeof(*handle)); + if (handle == NULL) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + + HEIMDAL_MUTEX_init(&handle->cred_id_mutex); + + if (desired_name != GSS_C_NO_NAME) { + krb5_principal name = (krb5_principal)desired_name; + ret = krb5_copy_principal(_gsskrb5_context, name, &handle->principal); + if (ret) { + HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); + _gsskrb5_set_error_string(); + *minor_status = ret; + free(handle); + return GSS_S_FAILURE; + } + } + if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) { + ret = acquire_initiator_cred(minor_status, desired_name, time_req, + desired_mechs, cred_usage, handle, actual_mechs, time_rec); + if (ret != GSS_S_COMPLETE) { + HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); + krb5_free_principal(_gsskrb5_context, handle->principal); + free(handle); + return (ret); + } + } + if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) { + ret = acquire_acceptor_cred(minor_status, desired_name, time_req, + desired_mechs, cred_usage, handle, actual_mechs, time_rec); + if (ret != GSS_S_COMPLETE) { + HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); + krb5_free_principal(_gsskrb5_context, handle->principal); + free(handle); + return (ret); + } + } + ret = _gsskrb5_create_empty_oid_set(minor_status, &handle->mechanisms); + if (ret == GSS_S_COMPLETE) + ret = _gsskrb5_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &handle->mechanisms); + if (ret == GSS_S_COMPLETE) + ret = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)handle, + NULL, time_rec, NULL, actual_mechs); + if (ret != GSS_S_COMPLETE) { + if (handle->mechanisms != NULL) + _gsskrb5_release_oid_set(NULL, &handle->mechanisms); + HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); + krb5_free_principal(_gsskrb5_context, handle->principal); + free(handle); + return (ret); + } + *minor_status = 0; + if (time_rec) { + ret = _gsskrb5_lifetime_left(minor_status, + handle->lifetime, + time_rec); + + if (ret) + return ret; + } + handle->usage = cred_usage; + *output_cred_handle = (gss_cred_id_t)handle; + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/krb5/add_cred.c b/source4/heimdal/lib/gssapi/krb5/add_cred.c new file mode 100644 index 0000000000..4892e84798 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/add_cred.c @@ -0,0 +1,249 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: add_cred.c,v 1.9 2006/10/07 22:13:58 lha Exp $"); + +OM_uint32 _gsskrb5_add_cred ( + OM_uint32 *minor_status, + const gss_cred_id_t input_cred_handle, + const gss_name_t desired_name, + const gss_OID desired_mech, + gss_cred_usage_t cred_usage, + OM_uint32 initiator_time_req, + OM_uint32 acceptor_time_req, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *initiator_time_rec, + OM_uint32 *acceptor_time_rec) +{ + OM_uint32 ret, lifetime; + gsskrb5_cred cred, handle; + krb5_const_principal dname; + + handle = NULL; + cred = (gsskrb5_cred)input_cred_handle; + dname = (krb5_const_principal)desired_name; + + if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) { + *minor_status = 0; + return GSS_S_BAD_MECH; + } + + if (cred == NULL && output_cred_handle == NULL) { + *minor_status = 0; + return GSS_S_NO_CRED; + } + + if (cred == NULL) { /* XXX standard conformance failure */ + *minor_status = 0; + return GSS_S_NO_CRED; + } + + /* check if requested output usage is compatible with output usage */ + if (output_cred_handle != NULL) { + HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); + if (cred->usage != cred_usage && cred->usage != GSS_C_BOTH) { + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + *minor_status = GSS_KRB5_S_G_BAD_USAGE; + return(GSS_S_FAILURE); + } + } + + /* check that we have the same name */ + if (dname != NULL && + krb5_principal_compare(_gsskrb5_context, dname, + cred->principal) != FALSE) { + if (output_cred_handle) + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + *minor_status = 0; + return GSS_S_BAD_NAME; + } + + /* make a copy */ + if (output_cred_handle) { + krb5_error_code kret; + + handle = calloc(1, sizeof(*handle)); + if (handle == NULL) { + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + + handle->usage = cred_usage; + handle->lifetime = cred->lifetime; + handle->principal = NULL; + handle->keytab = NULL; + handle->ccache = NULL; + handle->mechanisms = NULL; + HEIMDAL_MUTEX_init(&handle->cred_id_mutex); + + ret = GSS_S_FAILURE; + + kret = krb5_copy_principal(_gsskrb5_context, cred->principal, + &handle->principal); + if (kret) { + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + free(handle); + *minor_status = kret; + return GSS_S_FAILURE; + } + + if (cred->keytab) { + char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN]; + int len; + + ret = GSS_S_FAILURE; + + kret = krb5_kt_get_type(_gsskrb5_context, cred->keytab, + name, KRB5_KT_PREFIX_MAX_LEN); + if (kret) { + *minor_status = kret; + goto failure; + } + len = strlen(name); + name[len++] = ':'; + + kret = krb5_kt_get_name(_gsskrb5_context, cred->keytab, + name + len, + sizeof(name) - len); + if (kret) { + *minor_status = kret; + goto failure; + } + + kret = krb5_kt_resolve(_gsskrb5_context, name, + &handle->keytab); + if (kret){ + *minor_status = kret; + goto failure; + } + } + + if (cred->ccache) { + const char *type, *name; + char *type_name; + + ret = GSS_S_FAILURE; + + type = krb5_cc_get_type(_gsskrb5_context, cred->ccache); + if (type == NULL){ + *minor_status = ENOMEM; + goto failure; + } + + if (strcmp(type, "MEMORY") == 0) { + ret = krb5_cc_gen_new(_gsskrb5_context, &krb5_mcc_ops, + &handle->ccache); + if (ret) { + *minor_status = ret; + goto failure; + } + + ret = krb5_cc_copy_cache(_gsskrb5_context, cred->ccache, + handle->ccache); + if (ret) { + *minor_status = ret; + goto failure; + } + + } else { + name = krb5_cc_get_name(_gsskrb5_context, cred->ccache); + if (name == NULL) { + *minor_status = ENOMEM; + goto failure; + } + + asprintf(&type_name, "%s:%s", type, name); + if (type_name == NULL) { + *minor_status = ENOMEM; + goto failure; + } + + kret = krb5_cc_resolve(_gsskrb5_context, type_name, + &handle->ccache); + free(type_name); + if (kret) { + *minor_status = kret; + goto failure; + } + } + } + ret = _gsskrb5_create_empty_oid_set(minor_status, &handle->mechanisms); + if (ret) + goto failure; + + ret = _gsskrb5_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &handle->mechanisms); + if (ret) + goto failure; + } + + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + + ret = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)cred, + NULL, &lifetime, NULL, actual_mechs); + if (ret) + goto failure; + + if (initiator_time_rec) + *initiator_time_rec = lifetime; + if (acceptor_time_rec) + *acceptor_time_rec = lifetime; + + if (output_cred_handle) { + *output_cred_handle = (gss_cred_id_t)handle; + } + + *minor_status = 0; + return ret; + + failure: + + if (handle) { + if (handle->principal) + krb5_free_principal(_gsskrb5_context, handle->principal); + if (handle->keytab) + krb5_kt_close(_gsskrb5_context, handle->keytab); + if (handle->ccache) + krb5_cc_destroy(_gsskrb5_context, handle->ccache); + if (handle->mechanisms) + _gsskrb5_release_oid_set(NULL, &handle->mechanisms); + free(handle); + } + if (output_cred_handle) + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + return ret; +} diff --git a/source4/heimdal/lib/gssapi/krb5/add_oid_set_member.c b/source4/heimdal/lib/gssapi/krb5/add_oid_set_member.c new file mode 100644 index 0000000000..b0ec2c60d8 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/add_oid_set_member.c @@ -0,0 +1,70 @@ +/* + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: add_oid_set_member.c,v 1.10 2006/10/07 22:14:00 lha Exp $"); + +OM_uint32 _gsskrb5_add_oid_set_member ( + OM_uint32 * minor_status, + const gss_OID member_oid, + gss_OID_set * oid_set + ) +{ + gss_OID tmp; + size_t n; + OM_uint32 res; + int present; + + res = _gsskrb5_test_oid_set_member(minor_status, member_oid, + *oid_set, &present); + if (res != GSS_S_COMPLETE) + return res; + + if (present) { + *minor_status = 0; + return GSS_S_COMPLETE; + } + + n = (*oid_set)->count + 1; + tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc)); + if (tmp == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + (*oid_set)->elements = tmp; + (*oid_set)->count = n; + (*oid_set)->elements[n-1] = *member_oid; + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/address_to_krb5addr.c b/source4/heimdal/lib/gssapi/krb5/address_to_krb5addr.c new file mode 100644 index 0000000000..9aec53faaa --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/address_to_krb5addr.c @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +#include + +krb5_error_code +_gsskrb5i_address_to_krb5addr(OM_uint32 gss_addr_type, + gss_buffer_desc *gss_addr, + int16_t port, + krb5_address *address) +{ + int addr_type; + struct sockaddr sa; + krb5_socklen_t sa_size = sizeof(sa); + krb5_error_code problem; + + if (gss_addr == NULL) + return GSS_S_FAILURE; + + switch (gss_addr_type) { +#ifdef HAVE_IPV6 + case GSS_C_AF_INET6: addr_type = AF_INET6; + break; +#endif /* HAVE_IPV6 */ + + case GSS_C_AF_INET: addr_type = AF_INET; + break; + default: + return GSS_S_FAILURE; + } + + problem = krb5_h_addr2sockaddr (_gsskrb5_context, + addr_type, + gss_addr->value, + &sa, + &sa_size, + port); + if (problem) + return GSS_S_FAILURE; + + problem = krb5_sockaddr2address (_gsskrb5_context, &sa, address); + + return problem; +} diff --git a/source4/heimdal/lib/gssapi/krb5/arcfour.c b/source4/heimdal/lib/gssapi/krb5/arcfour.c new file mode 100644 index 0000000000..82851f5a78 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/arcfour.c @@ -0,0 +1,754 @@ +/* + * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: arcfour.c,v 1.29 2006/10/07 22:14:05 lha Exp $"); + +/* + * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt + * + * The arcfour message have the following formats: + * + * MIC token + * TOK_ID[2] = 01 01 + * SGN_ALG[2] = 11 00 + * Filler[4] + * SND_SEQ[8] + * SGN_CKSUM[8] + * + * WRAP token + * TOK_ID[2] = 02 01 + * SGN_ALG[2]; + * SEAL_ALG[2] + * Filler[2] + * SND_SEQ[2] + * SGN_CKSUM[8] + * Confounder[8] + */ + +/* + * WRAP in DCE-style have a fixed size header, the oid and length over + * the WRAP header is a total of + * GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE + + * GSS_ARCFOUR_WRAP_TOKEN_SIZE byte (ie total of 45 bytes overhead, + * remember the 2 bytes from APPL [0] SEQ). + */ + +#define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32 +#define GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE 13 + + +static krb5_error_code +arcfour_mic_key(krb5_context context, krb5_keyblock *key, + void *cksum_data, size_t cksum_size, + void *key6_data, size_t key6_size) +{ + krb5_error_code ret; + + Checksum cksum_k5; + krb5_keyblock key5; + char k5_data[16]; + + Checksum cksum_k6; + + char T[4]; + + memset(T, 0, 4); + cksum_k5.checksum.data = k5_data; + cksum_k5.checksum.length = sizeof(k5_data); + + if (key->keytype == KEYTYPE_ARCFOUR_56) { + char L40[14] = "fortybits"; + + memcpy(L40 + 10, T, sizeof(T)); + ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5, + L40, 14, 0, key, &cksum_k5); + memset(&k5_data[7], 0xAB, 9); + } else { + ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5, + T, 4, 0, key, &cksum_k5); + } + if (ret) + return ret; + + key5.keytype = KEYTYPE_ARCFOUR; + key5.keyvalue = cksum_k5.checksum; + + cksum_k6.checksum.data = key6_data; + cksum_k6.checksum.length = key6_size; + + return krb5_hmac(context, CKSUMTYPE_RSA_MD5, + cksum_data, cksum_size, 0, &key5, &cksum_k6); +} + + +static krb5_error_code +arcfour_mic_cksum(krb5_keyblock *key, unsigned usage, + u_char *sgn_cksum, size_t sgn_cksum_sz, + const u_char *v1, size_t l1, + const void *v2, size_t l2, + const void *v3, size_t l3) +{ + Checksum CKSUM; + u_char *ptr; + size_t len; + krb5_crypto crypto; + krb5_error_code ret; + + assert(sgn_cksum_sz == 8); + + len = l1 + l2 + l3; + + ptr = malloc(len); + if (ptr == NULL) + return ENOMEM; + + memcpy(ptr, v1, l1); + memcpy(ptr + l1, v2, l2); + memcpy(ptr + l1 + l2, v3, l3); + + ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + if (ret) { + free(ptr); + return ret; + } + + ret = krb5_create_checksum(_gsskrb5_context, + crypto, + usage, + 0, + ptr, len, + &CKSUM); + free(ptr); + if (ret == 0) { + memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz); + free_Checksum(&CKSUM); + } + krb5_crypto_destroy(_gsskrb5_context, crypto); + + return ret; +} + + +OM_uint32 +_gssapi_get_mic_arcfour(OM_uint32 * minor_status, + const gsskrb5_ctx context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token, + krb5_keyblock *key) +{ + krb5_error_code ret; + int32_t seq_number; + size_t len, total_len; + u_char k6_data[16], *p0, *p; + RC4_KEY rc4_key; + + _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM); + + message_token->length = total_len; + message_token->value = malloc (total_len); + if (message_token->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p0 = _gssapi_make_mech_header(message_token->value, + len, + GSS_KRB5_MECHANISM); + p = p0; + + *p++ = 0x01; /* TOK_ID */ + *p++ = 0x01; + *p++ = 0x11; /* SGN_ALG */ + *p++ = 0x00; + *p++ = 0xff; /* Filler */ + *p++ = 0xff; + *p++ = 0xff; + *p++ = 0xff; + + p = NULL; + + ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN, + p0 + 16, 8, /* SGN_CKSUM */ + p0, 8, /* TOK_ID, SGN_ALG, Filer */ + message_buffer->value, message_buffer->length, + NULL, 0); + if (ret) { + _gsskrb5_release_buffer(minor_status, message_token); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = arcfour_mic_key(_gsskrb5_context, key, + p0 + 16, 8, /* SGN_CKSUM */ + k6_data, sizeof(k6_data)); + if (ret) { + _gsskrb5_release_buffer(minor_status, message_token); + *minor_status = ret; + return GSS_S_FAILURE; + } + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + krb5_auth_con_getlocalseqnumber (_gsskrb5_context, + context_handle->auth_context, + &seq_number); + p = p0 + 8; /* SND_SEQ */ + _gsskrb5_encode_be_om_uint32(seq_number, p); + + krb5_auth_con_setlocalseqnumber (_gsskrb5_context, + context_handle->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4); + + RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); + RC4 (&rc4_key, 8, p, p); + + memset(&rc4_key, 0, sizeof(rc4_key)); + memset(k6_data, 0, sizeof(k6_data)); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + + +OM_uint32 +_gssapi_verify_mic_arcfour(OM_uint32 * minor_status, + const gsskrb5_ctx context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state, + krb5_keyblock *key, + char *type) +{ + krb5_error_code ret; + uint32_t seq_number; + OM_uint32 omret; + u_char SND_SEQ[8], cksum_data[8], *p; + char k6_data[16]; + int cmp; + + if (qop_state) + *qop_state = 0; + + p = token_buffer->value; + omret = _gsskrb5_verify_header (&p, + token_buffer->length, + (u_char *)type, + GSS_KRB5_MECHANISM); + if (omret) + return omret; + + if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */ + return GSS_S_BAD_SIG; + p += 2; + if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) + return GSS_S_BAD_MIC; + p += 4; + + ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN, + cksum_data, sizeof(cksum_data), + p - 8, 8, + message_buffer->value, message_buffer->length, + NULL, 0); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = arcfour_mic_key(_gsskrb5_context, key, + cksum_data, sizeof(cksum_data), + k6_data, sizeof(k6_data)); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + cmp = memcmp(cksum_data, p + 8, 8); + if (cmp) { + *minor_status = 0; + return GSS_S_BAD_MIC; + } + + { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k6_data), (void*)k6_data); + RC4 (&rc4_key, 8, p, SND_SEQ); + + memset(&rc4_key, 0, sizeof(rc4_key)); + memset(k6_data, 0, sizeof(k6_data)); + } + + _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number); + + if (context_handle->more_flags & LOCAL) + cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4); + else + cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4); + + memset(SND_SEQ, 0, sizeof(SND_SEQ)); + if (cmp != 0) { + *minor_status = 0; + return GSS_S_BAD_MIC; + } + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + omret = _gssapi_msg_order_check(context_handle->order, seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + if (omret) + return omret; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +_gssapi_wrap_arcfour(OM_uint32 * minor_status, + const gsskrb5_ctx context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int * conf_state, + gss_buffer_t output_message_buffer, + krb5_keyblock *key) +{ + u_char Klocaldata[16], k6_data[16], *p, *p0; + size_t len, total_len, datalen; + krb5_keyblock Klocal; + krb5_error_code ret; + int32_t seq_number; + + if (conf_state) + *conf_state = 0; + + if ((context_handle->flags & GSS_C_DCE_STYLE) == 0) { + datalen = input_message_buffer->length + 1 /* padding */; + + len = datalen + GSS_ARCFOUR_WRAP_TOKEN_SIZE; + _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); + } else { + datalen = input_message_buffer->length; + + len = GSS_ARCFOUR_WRAP_TOKEN_SIZE; + _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); + total_len += datalen; + } + + output_message_buffer->length = total_len; + output_message_buffer->value = malloc (total_len); + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p0 = _gssapi_make_mech_header(output_message_buffer->value, + len, + GSS_KRB5_MECHANISM); + p = p0; + + *p++ = 0x02; /* TOK_ID */ + *p++ = 0x01; + *p++ = 0x11; /* SGN_ALG */ + *p++ = 0x00; + if (conf_req_flag) { + *p++ = 0x10; /* SEAL_ALG */ + *p++ = 0x00; + } else { + *p++ = 0xff; /* SEAL_ALG */ + *p++ = 0xff; + } + *p++ = 0xff; /* Filler */ + *p++ = 0xff; + + p = NULL; + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + krb5_auth_con_getlocalseqnumber (_gsskrb5_context, + context_handle->auth_context, + &seq_number); + + _gsskrb5_encode_be_om_uint32(seq_number, p0 + 8); + + krb5_auth_con_setlocalseqnumber (_gsskrb5_context, + context_handle->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + memset (p0 + 8 + 4, + (context_handle->more_flags & LOCAL) ? 0 : 0xff, + 4); + + krb5_generate_random_block(p0 + 24, 8); /* fill in Confounder */ + + /* p points to data */ + p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE; + memcpy(p, input_message_buffer->value, input_message_buffer->length); + + if ((context_handle->flags & GSS_C_DCE_STYLE) == 0) { + p[input_message_buffer->length] = 1; /* PADDING */ + } + + ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL, + p0 + 16, 8, /* SGN_CKSUM */ + p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */ + p0 + 24, 8, /* Confounder */ + p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, + datalen); + if (ret) { + *minor_status = ret; + _gsskrb5_release_buffer(minor_status, output_message_buffer); + return GSS_S_FAILURE; + } + + { + int i; + + Klocal.keytype = key->keytype; + Klocal.keyvalue.data = Klocaldata; + Klocal.keyvalue.length = sizeof(Klocaldata); + + for (i = 0; i < 16; i++) + Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0; + } + ret = arcfour_mic_key(_gsskrb5_context, &Klocal, + p0 + 8, 4, /* SND_SEQ */ + k6_data, sizeof(k6_data)); + memset(Klocaldata, 0, sizeof(Klocaldata)); + if (ret) { + _gsskrb5_release_buffer(minor_status, output_message_buffer); + *minor_status = ret; + return GSS_S_FAILURE; + } + + + if(conf_req_flag) { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k6_data), (void *)k6_data); + /* XXX ? */ + RC4 (&rc4_key, 8 + datalen, p0 + 24, p0 + 24); /* Confounder + data */ + memset(&rc4_key, 0, sizeof(rc4_key)); + } + memset(k6_data, 0, sizeof(k6_data)); + + ret = arcfour_mic_key(_gsskrb5_context, key, + p0 + 16, 8, /* SGN_CKSUM */ + k6_data, sizeof(k6_data)); + if (ret) { + _gsskrb5_release_buffer(minor_status, output_message_buffer); + *minor_status = ret; + return GSS_S_FAILURE; + } + + { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); + RC4 (&rc4_key, 8, p0 + 8, p0 + 8); /* SND_SEQ */ + memset(&rc4_key, 0, sizeof(rc4_key)); + memset(k6_data, 0, sizeof(k6_data)); + } + + if (conf_state) + *conf_state = conf_req_flag; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, + const gsskrb5_ctx context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state, + krb5_keyblock *key) +{ + u_char Klocaldata[16]; + krb5_keyblock Klocal; + krb5_error_code ret; + uint32_t seq_number; + size_t datalen; + OM_uint32 omret; + u_char k6_data[16], SND_SEQ[8], Confounder[8]; + u_char cksum_data[8]; + u_char *p, *p0; + int cmp; + int conf_flag; + size_t padlen = 0, len; + + if (conf_state) + *conf_state = 0; + if (qop_state) + *qop_state = 0; + + p0 = input_message_buffer->value; + + if ((context_handle->flags & GSS_C_DCE_STYLE) == 0) { + len = input_message_buffer->length; + } else { + len = GSS_ARCFOUR_WRAP_TOKEN_SIZE + + GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE; + if (input_message_buffer->length < len) + return GSS_S_BAD_MECH; + } + + omret = _gssapi_verify_mech_header(&p0, + len, + GSS_KRB5_MECHANISM); + if (omret) + return omret; + + /* length of mech header */ + len = (p0 - (u_char *)input_message_buffer->value) + + GSS_ARCFOUR_WRAP_TOKEN_SIZE; + + if (len > input_message_buffer->length) + return GSS_S_BAD_MECH; + + /* length of data */ + datalen = input_message_buffer->length - len; + + p = p0; + + if (memcmp(p, "\x02\x01", 2) != 0) + return GSS_S_BAD_SIG; + p += 2; + if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */ + return GSS_S_BAD_SIG; + p += 2; + + if (memcmp (p, "\x10\x00", 2) == 0) + conf_flag = 1; + else if (memcmp (p, "\xff\xff", 2) == 0) + conf_flag = 0; + else + return GSS_S_BAD_SIG; + + p += 2; + if (memcmp (p, "\xff\xff", 2) != 0) + return GSS_S_BAD_MIC; + p = NULL; + + ret = arcfour_mic_key(_gsskrb5_context, key, + p0 + 16, 8, /* SGN_CKSUM */ + k6_data, sizeof(k6_data)); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); + RC4 (&rc4_key, 8, p0 + 8, SND_SEQ); /* SND_SEQ */ + memset(&rc4_key, 0, sizeof(rc4_key)); + memset(k6_data, 0, sizeof(k6_data)); + } + + _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number); + + if (context_handle->more_flags & LOCAL) + cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4); + else + cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4); + + if (cmp != 0) { + *minor_status = 0; + return GSS_S_BAD_MIC; + } + + { + int i; + + Klocal.keytype = key->keytype; + Klocal.keyvalue.data = Klocaldata; + Klocal.keyvalue.length = sizeof(Klocaldata); + + for (i = 0; i < 16; i++) + Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0; + } + ret = arcfour_mic_key(_gsskrb5_context, &Klocal, + SND_SEQ, 4, + k6_data, sizeof(k6_data)); + memset(Klocaldata, 0, sizeof(Klocaldata)); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + output_message_buffer->value = malloc(datalen); + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + output_message_buffer->length = datalen; + + if(conf_flag) { + RC4_KEY rc4_key; + + RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); + RC4 (&rc4_key, 8, p0 + 24, Confounder); /* Confounder */ + RC4 (&rc4_key, datalen, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, + output_message_buffer->value); + memset(&rc4_key, 0, sizeof(rc4_key)); + } else { + memcpy(Confounder, p0 + 24, 8); /* Confounder */ + memcpy(output_message_buffer->value, + p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, + datalen); + } + memset(k6_data, 0, sizeof(k6_data)); + + if ((context_handle->flags & GSS_C_DCE_STYLE) == 0) { + ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen); + if (ret) { + _gsskrb5_release_buffer(minor_status, output_message_buffer); + *minor_status = 0; + return ret; + } + output_message_buffer->length -= padlen; + } + + ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL, + cksum_data, sizeof(cksum_data), + p0, 8, + Confounder, sizeof(Confounder), + output_message_buffer->value, + output_message_buffer->length + padlen); + if (ret) { + _gsskrb5_release_buffer(minor_status, output_message_buffer); + *minor_status = ret; + return GSS_S_FAILURE; + } + + cmp = memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */ + if (cmp) { + _gsskrb5_release_buffer(minor_status, output_message_buffer); + *minor_status = 0; + return GSS_S_BAD_MIC; + } + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + omret = _gssapi_msg_order_check(context_handle->order, seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + if (omret) + return omret; + + if (conf_state) + *conf_state = conf_flag; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +static OM_uint32 +max_wrap_length_arcfour(const gsskrb5_ctx ctx, + krb5_crypto crypto, + size_t input_length, + OM_uint32 *max_input_size) +{ + /* + * if GSS_C_DCE_STYLE is in use: + * - we only need to encapsulate the WRAP token + * However, since this is a fixed since, we just + */ + if (ctx->flags & GSS_C_DCE_STYLE) { + size_t len, total_len; + + len = GSS_ARCFOUR_WRAP_TOKEN_SIZE; + _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); + + if (input_length < len) + *max_input_size = 0; + else + *max_input_size = input_length - len; + + } else { + size_t extrasize = GSS_ARCFOUR_WRAP_TOKEN_SIZE; + size_t blocksize = 8; + size_t len, total_len; + + len = 8 + input_length + blocksize + extrasize; + + _gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); + + total_len -= input_length; /* token length */ + if (total_len < input_length) { + *max_input_size = (input_length - total_len); + (*max_input_size) &= (~(OM_uint32)(blocksize - 1)); + } else { + *max_input_size = 0; + } + } + + return GSS_S_COMPLETE; +} + +OM_uint32 +_gssapi_wrap_size_arcfour(OM_uint32 *minor_status, + const gsskrb5_ctx ctx, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_output_size, + OM_uint32 *max_input_size, + krb5_keyblock *key) +{ + krb5_error_code ret; + krb5_crypto crypto; + + ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = max_wrap_length_arcfour(ctx, crypto, + req_output_size, max_input_size); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(_gsskrb5_context, crypto); + return GSS_S_FAILURE; + } + + krb5_crypto_destroy(_gsskrb5_context, crypto); + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/canonicalize_name.c b/source4/heimdal/lib/gssapi/krb5/canonicalize_name.c new file mode 100644 index 0000000000..f69300b590 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/canonicalize_name.c @@ -0,0 +1,46 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: canonicalize_name.c,v 1.4 2006/10/07 22:14:08 lha Exp $"); + +OM_uint32 _gsskrb5_canonicalize_name ( + OM_uint32 * minor_status, + const gss_name_t input_name, + const gss_OID mech_type, + gss_name_t * output_name + ) +{ + return _gsskrb5_duplicate_name (minor_status, input_name, output_name); +} diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.c b/source4/heimdal/lib/gssapi/krb5/cfx.c new file mode 100755 index 0000000000..cb3f9ee5d3 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/cfx.c @@ -0,0 +1,887 @@ +/* + * Copyright (c) 2003, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: cfx.c,v 1.24 2006/10/24 21:13:22 lha Exp $"); + +/* + * Implementation of draft-ietf-krb-wg-gssapi-cfx-06.txt + */ + +#define CFXSentByAcceptor (1 << 0) +#define CFXSealed (1 << 1) +#define CFXAcceptorSubkey (1 << 2) + +krb5_error_code +_gsskrb5cfx_wrap_length_cfx(krb5_crypto crypto, + int conf_req_flag, + size_t input_length, + size_t *output_length, + size_t *cksumsize, + uint16_t *padlength) +{ + krb5_error_code ret; + krb5_cksumtype type; + + /* 16-byte header is always first */ + *output_length = sizeof(gss_cfx_wrap_token_desc); + *padlength = 0; + + ret = krb5_crypto_get_checksum_type(_gsskrb5_context, crypto, &type); + if (ret) + return ret; + + ret = krb5_checksumsize(_gsskrb5_context, type, cksumsize); + if (ret) + return ret; + + if (conf_req_flag) { + size_t padsize; + + /* Header is concatenated with data before encryption */ + input_length += sizeof(gss_cfx_wrap_token_desc); + + ret = krb5_crypto_getpadsize(_gsskrb5_context, crypto, &padsize); + if (ret) { + return ret; + } + if (padsize > 1) { + /* XXX check this */ + *padlength = padsize - (input_length % padsize); + + /* We add the pad ourselves (noted here for completeness only) */ + input_length += *padlength; + } + + *output_length += krb5_get_wrapped_length(_gsskrb5_context, + crypto, input_length); + } else { + /* Checksum is concatenated with data */ + *output_length += input_length + *cksumsize; + } + + assert(*output_length > input_length); + + return 0; +} + +krb5_error_code +_gsskrb5cfx_max_wrap_length_cfx(krb5_crypto crypto, + int conf_req_flag, + size_t input_length, + OM_uint32 *output_length) +{ + krb5_error_code ret; + + *output_length = 0; + + /* 16-byte header is always first */ + if (input_length < 16) + return 0; + input_length -= 16; + + if (conf_req_flag) { + size_t wrapped_size, sz; + + wrapped_size = input_length + 1; + do { + wrapped_size--; + sz = krb5_get_wrapped_length(_gsskrb5_context, + crypto, wrapped_size); + } while (wrapped_size && sz > input_length); + if (wrapped_size == 0) { + *output_length = 0; + return 0; + } + + /* inner header */ + if (wrapped_size < 16) { + *output_length = 0; + return 0; + } + wrapped_size -= 16; + + *output_length = wrapped_size; + } else { + krb5_cksumtype type; + size_t cksumsize; + + ret = krb5_crypto_get_checksum_type(_gsskrb5_context, crypto, &type); + if (ret) + return ret; + + ret = krb5_checksumsize(_gsskrb5_context, type, &cksumsize); + if (ret) + return ret; + + if (input_length < cksumsize) + return 0; + + /* Checksum is concatenated with data */ + *output_length = input_length - cksumsize; + } + + return 0; +} + + +OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status, + const gsskrb5_ctx context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_output_size, + OM_uint32 *max_input_size, + krb5_keyblock *key) +{ + krb5_error_code ret; + krb5_crypto crypto; + + ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = _gsskrb5cfx_max_wrap_length_cfx(crypto, conf_req_flag, + req_output_size, max_input_size); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(_gsskrb5_context, crypto); + return GSS_S_FAILURE; + } + + krb5_crypto_destroy(_gsskrb5_context, crypto); + + return GSS_S_COMPLETE; +} + +/* + * Rotate "rrc" bytes to the front or back + */ + +static krb5_error_code +rrc_rotate(void *data, size_t len, uint16_t rrc, krb5_boolean unrotate) +{ + u_char *tmp, buf[256]; + size_t left; + + if (len == 0) + return 0; + + rrc %= len; + + if (rrc == 0) + return 0; + + left = len - rrc; + + if (rrc <= sizeof(buf)) { + tmp = buf; + } else { + tmp = malloc(rrc); + if (tmp == NULL) + return ENOMEM; + } + + if (unrotate) { + memcpy(tmp, data, rrc); + memmove(data, (u_char *)data + rrc, left); + memcpy((u_char *)data + left, tmp, rrc); + } else { + memcpy(tmp, (u_char *)data + left, rrc); + memmove((u_char *)data + rrc, data, left); + memcpy(data, tmp, rrc); + } + + if (rrc > sizeof(buf)) + free(tmp); + + return 0; +} + +OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, + const gsskrb5_ctx context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int *conf_state, + gss_buffer_t output_message_buffer, + krb5_keyblock *key) +{ + krb5_crypto crypto; + gss_cfx_wrap_token token; + krb5_error_code ret; + unsigned usage; + krb5_data cipher; + size_t wrapped_len, cksumsize; + uint16_t padlength, rrc = 0; + int32_t seq_number; + u_char *p; + + ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = _gsskrb5cfx_wrap_length_cfx(crypto, conf_req_flag, + input_message_buffer->length, + &wrapped_len, &cksumsize, &padlength); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(_gsskrb5_context, crypto); + return GSS_S_FAILURE; + } + + /* Always rotate encrypted token (if any) and checksum to header */ + rrc = (conf_req_flag ? sizeof(*token) : 0) + (uint16_t)cksumsize; + + output_message_buffer->length = wrapped_len; + output_message_buffer->value = malloc(output_message_buffer->length); + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; + krb5_crypto_destroy(_gsskrb5_context, crypto); + return GSS_S_FAILURE; + } + + p = output_message_buffer->value; + token = (gss_cfx_wrap_token)p; + token->TOK_ID[0] = 0x05; + token->TOK_ID[1] = 0x04; + token->Flags = 0; + token->Filler = 0xFF; + if ((context_handle->more_flags & LOCAL) == 0) + token->Flags |= CFXSentByAcceptor; + if (context_handle->more_flags & ACCEPTOR_SUBKEY) + token->Flags |= CFXAcceptorSubkey; + if (conf_req_flag) { + /* + * In Wrap tokens with confidentiality, the EC field is + * used to encode the size (in bytes) of the random filler. + */ + token->Flags |= CFXSealed; + token->EC[0] = (padlength >> 8) & 0xFF; + token->EC[1] = (padlength >> 0) & 0xFF; + } else { + /* + * In Wrap tokens without confidentiality, the EC field is + * used to encode the size (in bytes) of the trailing + * checksum. + * + * This is not used in the checksum calcuation itself, + * because the checksum length could potentially vary + * depending on the data length. + */ + token->EC[0] = 0; + token->EC[1] = 0; + } + + /* + * In Wrap tokens that provide for confidentiality, the RRC + * field in the header contains the hex value 00 00 before + * encryption. + * + * In Wrap tokens that do not provide for confidentiality, + * both the EC and RRC fields in the appended checksum + * contain the hex value 00 00 for the purpose of calculating + * the checksum. + */ + token->RRC[0] = 0; + token->RRC[1] = 0; + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + krb5_auth_con_getlocalseqnumber(_gsskrb5_context, + context_handle->auth_context, + &seq_number); + _gsskrb5_encode_be_om_uint32(0, &token->SND_SEQ[0]); + _gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]); + krb5_auth_con_setlocalseqnumber(_gsskrb5_context, + context_handle->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + /* + * If confidentiality is requested, the token header is + * appended to the plaintext before encryption; the resulting + * token is {"header" | encrypt(plaintext | pad | "header")}. + * + * If no confidentiality is requested, the checksum is + * calculated over the plaintext concatenated with the + * token header. + */ + if (context_handle->more_flags & LOCAL) { + usage = KRB5_KU_USAGE_INITIATOR_SEAL; + } else { + usage = KRB5_KU_USAGE_ACCEPTOR_SEAL; + } + + if (conf_req_flag) { + /* + * Any necessary padding is added here to ensure that the + * encrypted token header is always at the end of the + * ciphertext. + * + * The specification does not require that the padding + * bytes are initialized. + */ + p += sizeof(*token); + memcpy(p, input_message_buffer->value, input_message_buffer->length); + memset(p + input_message_buffer->length, 0xFF, padlength); + memcpy(p + input_message_buffer->length + padlength, + token, sizeof(*token)); + + ret = krb5_encrypt(_gsskrb5_context, crypto, + usage, p, + input_message_buffer->length + padlength + + sizeof(*token), + &cipher); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(_gsskrb5_context, crypto); + _gsskrb5_release_buffer(minor_status, output_message_buffer); + return GSS_S_FAILURE; + } + assert(sizeof(*token) + cipher.length == wrapped_len); + token->RRC[0] = (rrc >> 8) & 0xFF; + token->RRC[1] = (rrc >> 0) & 0xFF; + + ret = rrc_rotate(cipher.data, cipher.length, rrc, FALSE); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(_gsskrb5_context, crypto); + _gsskrb5_release_buffer(minor_status, output_message_buffer); + return GSS_S_FAILURE; + } + memcpy(p, cipher.data, cipher.length); + krb5_data_free(&cipher); + } else { + char *buf; + Checksum cksum; + + buf = malloc(input_message_buffer->length + sizeof(*token)); + if (buf == NULL) { + *minor_status = ENOMEM; + krb5_crypto_destroy(_gsskrb5_context, crypto); + _gsskrb5_release_buffer(minor_status, output_message_buffer); + return GSS_S_FAILURE; + } + memcpy(buf, input_message_buffer->value, input_message_buffer->length); + memcpy(buf + input_message_buffer->length, token, sizeof(*token)); + + ret = krb5_create_checksum(_gsskrb5_context, crypto, + usage, 0, buf, + input_message_buffer->length + + sizeof(*token), + &cksum); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(_gsskrb5_context, crypto); + _gsskrb5_release_buffer(minor_status, output_message_buffer); + free(buf); + return GSS_S_FAILURE; + } + + free(buf); + + assert(cksum.checksum.length == cksumsize); + token->EC[0] = (cksum.checksum.length >> 8) & 0xFF; + token->EC[1] = (cksum.checksum.length >> 0) & 0xFF; + token->RRC[0] = (rrc >> 8) & 0xFF; + token->RRC[1] = (rrc >> 0) & 0xFF; + + p += sizeof(*token); + memcpy(p, input_message_buffer->value, input_message_buffer->length); + memcpy(p + input_message_buffer->length, + cksum.checksum.data, cksum.checksum.length); + + ret = rrc_rotate(p, + input_message_buffer->length + cksum.checksum.length, rrc, FALSE); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(_gsskrb5_context, crypto); + _gsskrb5_release_buffer(minor_status, output_message_buffer); + free_Checksum(&cksum); + return GSS_S_FAILURE; + } + free_Checksum(&cksum); + } + + krb5_crypto_destroy(_gsskrb5_context, crypto); + + if (conf_state != NULL) { + *conf_state = conf_req_flag; + } + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, + const gsskrb5_ctx context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state, + krb5_keyblock *key) +{ + krb5_crypto crypto; + gss_cfx_wrap_token token; + u_char token_flags; + krb5_error_code ret; + unsigned usage; + krb5_data data; + uint16_t ec, rrc; + OM_uint32 seq_number_lo, seq_number_hi; + size_t len; + u_char *p; + + *minor_status = 0; + + if (input_message_buffer->length < sizeof(*token)) { + return GSS_S_DEFECTIVE_TOKEN; + } + + p = input_message_buffer->value; + + token = (gss_cfx_wrap_token)p; + + if (token->TOK_ID[0] != 0x05 || token->TOK_ID[1] != 0x04) { + return GSS_S_DEFECTIVE_TOKEN; + } + + /* Ignore unknown flags */ + token_flags = token->Flags & + (CFXSentByAcceptor | CFXSealed | CFXAcceptorSubkey); + + if (token_flags & CFXSentByAcceptor) { + if ((context_handle->more_flags & LOCAL) == 0) + return GSS_S_DEFECTIVE_TOKEN; + } + + if (context_handle->more_flags & ACCEPTOR_SUBKEY) { + if ((token_flags & CFXAcceptorSubkey) == 0) + return GSS_S_DEFECTIVE_TOKEN; + } else { + if (token_flags & CFXAcceptorSubkey) + return GSS_S_DEFECTIVE_TOKEN; + } + + if (token->Filler != 0xFF) { + return GSS_S_DEFECTIVE_TOKEN; + } + + if (conf_state != NULL) { + *conf_state = (token_flags & CFXSealed) ? 1 : 0; + } + + ec = (token->EC[0] << 8) | token->EC[1]; + rrc = (token->RRC[0] << 8) | token->RRC[1]; + + /* + * Check sequence number + */ + _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi); + _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo); + if (seq_number_hi) { + /* no support for 64-bit sequence numbers */ + *minor_status = ERANGE; + return GSS_S_UNSEQ_TOKEN; + } + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + ret = _gssapi_msg_order_check(context_handle->order, seq_number_lo); + if (ret != 0) { + *minor_status = 0; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + _gsskrb5_release_buffer(minor_status, output_message_buffer); + return ret; + } + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + /* + * Decrypt and/or verify checksum + */ + ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + return GSS_S_FAILURE; + } + + if (context_handle->more_flags & LOCAL) { + usage = KRB5_KU_USAGE_ACCEPTOR_SEAL; + } else { + usage = KRB5_KU_USAGE_INITIATOR_SEAL; + } + + p += sizeof(*token); + len = input_message_buffer->length; + len -= (p - (u_char *)input_message_buffer->value); + + /* Rotate by RRC; bogus to do this in-place XXX */ + *minor_status = rrc_rotate(p, len, rrc, TRUE); + if (*minor_status != 0) { + krb5_crypto_destroy(_gsskrb5_context, crypto); + return GSS_S_FAILURE; + } + + if (token_flags & CFXSealed) { + ret = krb5_decrypt(_gsskrb5_context, crypto, usage, + p, len, &data); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(_gsskrb5_context, crypto); + return GSS_S_BAD_MIC; + } + + /* Check that there is room for the pad and token header */ + if (data.length < ec + sizeof(*token)) { + krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_data_free(&data); + return GSS_S_DEFECTIVE_TOKEN; + } + p = data.data; + p += data.length - sizeof(*token); + + /* RRC is unprotected; don't modify input buffer */ + ((gss_cfx_wrap_token)p)->RRC[0] = token->RRC[0]; + ((gss_cfx_wrap_token)p)->RRC[1] = token->RRC[1]; + + /* Check the integrity of the header */ + if (memcmp(p, token, sizeof(*token)) != 0) { + krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_data_free(&data); + return GSS_S_BAD_MIC; + } + + output_message_buffer->value = data.data; + output_message_buffer->length = data.length - ec - sizeof(*token); + } else { + Checksum cksum; + + /* Determine checksum type */ + ret = krb5_crypto_get_checksum_type(_gsskrb5_context, + crypto, &cksum.cksumtype); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(_gsskrb5_context, crypto); + return GSS_S_FAILURE; + } + + cksum.checksum.length = ec; + + /* Check we have at least as much data as the checksum */ + if (len < cksum.checksum.length) { + *minor_status = ERANGE; + krb5_crypto_destroy(_gsskrb5_context, crypto); + return GSS_S_BAD_MIC; + } + + /* Length now is of the plaintext only, no checksum */ + len -= cksum.checksum.length; + cksum.checksum.data = p + len; + + output_message_buffer->length = len; /* for later */ + output_message_buffer->value = malloc(len + sizeof(*token)); + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; + krb5_crypto_destroy(_gsskrb5_context, crypto); + return GSS_S_FAILURE; + } + + /* Checksum is over (plaintext-data | "header") */ + memcpy(output_message_buffer->value, p, len); + memcpy((u_char *)output_message_buffer->value + len, + token, sizeof(*token)); + + /* EC is not included in checksum calculation */ + token = (gss_cfx_wrap_token)((u_char *)output_message_buffer->value + + len); + token->EC[0] = 0; + token->EC[1] = 0; + token->RRC[0] = 0; + token->RRC[1] = 0; + + ret = krb5_verify_checksum(_gsskrb5_context, crypto, + usage, + output_message_buffer->value, + len + sizeof(*token), + &cksum); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(_gsskrb5_context, crypto); + _gsskrb5_release_buffer(minor_status, output_message_buffer); + return GSS_S_BAD_MIC; + } + } + + krb5_crypto_destroy(_gsskrb5_context, crypto); + + if (qop_state != NULL) { + *qop_state = GSS_C_QOP_DEFAULT; + } + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, + const gsskrb5_ctx context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token, + krb5_keyblock *key) +{ + krb5_crypto crypto; + gss_cfx_mic_token token; + krb5_error_code ret; + unsigned usage; + Checksum cksum; + u_char *buf; + size_t len; + int32_t seq_number; + + ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + return GSS_S_FAILURE; + } + + len = message_buffer->length + sizeof(*token); + buf = malloc(len); + if (buf == NULL) { + *minor_status = ENOMEM; + krb5_crypto_destroy(_gsskrb5_context, crypto); + return GSS_S_FAILURE; + } + + memcpy(buf, message_buffer->value, message_buffer->length); + + token = (gss_cfx_mic_token)(buf + message_buffer->length); + token->TOK_ID[0] = 0x04; + token->TOK_ID[1] = 0x04; + token->Flags = 0; + if ((context_handle->more_flags & LOCAL) == 0) + token->Flags |= CFXSentByAcceptor; + if (context_handle->more_flags & ACCEPTOR_SUBKEY) + token->Flags |= CFXAcceptorSubkey; + memset(token->Filler, 0xFF, 5); + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + krb5_auth_con_getlocalseqnumber(_gsskrb5_context, + context_handle->auth_context, + &seq_number); + _gsskrb5_encode_be_om_uint32(0, &token->SND_SEQ[0]); + _gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]); + krb5_auth_con_setlocalseqnumber(_gsskrb5_context, + context_handle->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + if (context_handle->more_flags & LOCAL) { + usage = KRB5_KU_USAGE_INITIATOR_SIGN; + } else { + usage = KRB5_KU_USAGE_ACCEPTOR_SIGN; + } + + ret = krb5_create_checksum(_gsskrb5_context, crypto, + usage, 0, buf, len, &cksum); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(_gsskrb5_context, crypto); + free(buf); + return GSS_S_FAILURE; + } + krb5_crypto_destroy(_gsskrb5_context, crypto); + + /* Determine MIC length */ + message_token->length = sizeof(*token) + cksum.checksum.length; + message_token->value = malloc(message_token->length); + if (message_token->value == NULL) { + *minor_status = ENOMEM; + free_Checksum(&cksum); + free(buf); + return GSS_S_FAILURE; + } + + /* Token is { "header" | get_mic("header" | plaintext-data) } */ + memcpy(message_token->value, token, sizeof(*token)); + memcpy((u_char *)message_token->value + sizeof(*token), + cksum.checksum.data, cksum.checksum.length); + + free_Checksum(&cksum); + free(buf); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status, + const gsskrb5_ctx context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t *qop_state, + krb5_keyblock *key) +{ + krb5_crypto crypto; + gss_cfx_mic_token token; + u_char token_flags; + krb5_error_code ret; + unsigned usage; + OM_uint32 seq_number_lo, seq_number_hi; + u_char *buf, *p; + Checksum cksum; + + *minor_status = 0; + + if (token_buffer->length < sizeof(*token)) { + return GSS_S_DEFECTIVE_TOKEN; + } + + p = token_buffer->value; + + token = (gss_cfx_mic_token)p; + + if (token->TOK_ID[0] != 0x04 || token->TOK_ID[1] != 0x04) { + return GSS_S_DEFECTIVE_TOKEN; + } + + /* Ignore unknown flags */ + token_flags = token->Flags & (CFXSentByAcceptor | CFXAcceptorSubkey); + + if (token_flags & CFXSentByAcceptor) { + if ((context_handle->more_flags & LOCAL) == 0) + return GSS_S_DEFECTIVE_TOKEN; + } + if (context_handle->more_flags & ACCEPTOR_SUBKEY) { + if ((token_flags & CFXAcceptorSubkey) == 0) + return GSS_S_DEFECTIVE_TOKEN; + } else { + if (token_flags & CFXAcceptorSubkey) + return GSS_S_DEFECTIVE_TOKEN; + } + + if (memcmp(token->Filler, "\xff\xff\xff\xff\xff", 5) != 0) { + return GSS_S_DEFECTIVE_TOKEN; + } + + /* + * Check sequence number + */ + _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi); + _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo); + if (seq_number_hi) { + *minor_status = ERANGE; + return GSS_S_UNSEQ_TOKEN; + } + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + ret = _gssapi_msg_order_check(context_handle->order, seq_number_lo); + if (ret != 0) { + *minor_status = 0; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return ret; + } + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + /* + * Verify checksum + */ + ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_crypto_get_checksum_type(_gsskrb5_context, crypto, + &cksum.cksumtype); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + krb5_crypto_destroy(_gsskrb5_context, crypto); + return GSS_S_FAILURE; + } + + cksum.checksum.data = p + sizeof(*token); + cksum.checksum.length = token_buffer->length - sizeof(*token); + + if (context_handle->more_flags & LOCAL) { + usage = KRB5_KU_USAGE_ACCEPTOR_SIGN; + } else { + usage = KRB5_KU_USAGE_INITIATOR_SIGN; + } + + buf = malloc(message_buffer->length + sizeof(*token)); + if (buf == NULL) { + *minor_status = ENOMEM; + krb5_crypto_destroy(_gsskrb5_context, crypto); + return GSS_S_FAILURE; + } + memcpy(buf, message_buffer->value, message_buffer->length); + memcpy(buf + message_buffer->length, token, sizeof(*token)); + + ret = krb5_verify_checksum(_gsskrb5_context, crypto, + usage, + buf, + sizeof(*token) + message_buffer->length, + &cksum); + krb5_crypto_destroy(_gsskrb5_context, crypto); + if (ret != 0) { + _gsskrb5_set_error_string(); + *minor_status = ret; + free(buf); + return GSS_S_BAD_MIC; + } + + free(buf); + + if (qop_state != NULL) { + *qop_state = GSS_C_QOP_DEFAULT; + } + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.h b/source4/heimdal/lib/gssapi/krb5/cfx.h new file mode 100755 index 0000000000..1120544fbe --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/cfx.h @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2003, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: cfx.h,v 1.7 2006/07/19 14:16:33 lha Exp $ */ + +#ifndef GSSAPI_CFX_H_ +#define GSSAPI_CFX_H_ 1 + +/* + * Implementation of draft-ietf-krb-wg-gssapi-cfx-01.txt + */ + +typedef struct gss_cfx_mic_token_desc_struct { + u_char TOK_ID[2]; /* 04 04 */ + u_char Flags; + u_char Filler[5]; + u_char SND_SEQ[8]; +} gss_cfx_mic_token_desc, *gss_cfx_mic_token; + +typedef struct gss_cfx_wrap_token_desc_struct { + u_char TOK_ID[2]; /* 04 05 */ + u_char Flags; + u_char Filler; + u_char EC[2]; + u_char RRC[2]; + u_char SND_SEQ[8]; +} gss_cfx_wrap_token_desc, *gss_cfx_wrap_token; + +typedef struct gss_cfx_delete_token_desc_struct { + u_char TOK_ID[2]; /* 05 04 */ + u_char Flags; + u_char Filler[5]; + u_char SND_SEQ[8]; +} gss_cfx_delete_token_desc, *gss_cfx_delete_token; + +krb5_error_code +_gsskrb5cfx_wrap_length_cfx(krb5_crypto crypto, + int conf_req_flag, + size_t input_length, + size_t *output_length, + size_t *cksumsize, + uint16_t *padlength); + +krb5_error_code +_gsskrb5cfx_max_wrap_length_cfx(krb5_crypto crypto, + int conf_req_flag, + size_t input_length, + OM_uint32 *output_length); + + +#endif /* GSSAPI_CFX_H_ */ diff --git a/source4/heimdal/lib/gssapi/krb5/compare_name.c b/source4/heimdal/lib/gssapi/krb5/compare_name.c new file mode 100644 index 0000000000..3e0f7edfee --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/compare_name.c @@ -0,0 +1,54 @@ +/* + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: compare_name.c,v 1.7 2006/10/07 22:14:15 lha Exp $"); + +OM_uint32 _gsskrb5_compare_name + (OM_uint32 * minor_status, + const gss_name_t name1, + const gss_name_t name2, + int * name_equal + ) +{ + krb5_const_principal princ1 = (krb5_const_principal)name1; + krb5_const_principal princ2 = (krb5_const_principal)name2; + + GSSAPI_KRB5_INIT(); + + *name_equal = krb5_principal_compare (_gsskrb5_context, + princ1, princ2); + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/compat.c b/source4/heimdal/lib/gssapi/krb5/compat.c new file mode 100644 index 0000000000..0ea2fce0e8 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/compat.c @@ -0,0 +1,125 @@ +/* + * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: compat.c,v 1.13 2006/10/07 22:14:17 lha Exp $"); + + +static krb5_error_code +check_compat(OM_uint32 *minor_status, krb5_const_principal name, + const char *option, krb5_boolean *compat, + krb5_boolean match_val) +{ + krb5_error_code ret = 0; + char **p, **q; + krb5_principal match; + + + p = krb5_config_get_strings(_gsskrb5_context, NULL, "gssapi", + option, NULL); + if(p == NULL) + return 0; + + match = NULL; + for(q = p; *q; q++) { + ret = krb5_parse_name(_gsskrb5_context, *q, &match); + if (ret) + break; + + if (krb5_principal_match(_gsskrb5_context, name, match)) { + *compat = match_val; + break; + } + + krb5_free_principal(_gsskrb5_context, match); + match = NULL; + } + if (match) + krb5_free_principal(_gsskrb5_context, match); + krb5_config_free_strings(p); + + if (ret) { + if (minor_status) + *minor_status = ret; + return GSS_S_FAILURE; + } + + return 0; +} + +/* + * ctx->ctx_id_mutex is assumed to be locked + */ + +OM_uint32 +_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gsskrb5_ctx ctx) +{ + krb5_boolean use_compat = FALSE; + OM_uint32 ret; + + if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) { + ret = check_compat(minor_status, ctx->target, + "broken_des3_mic", &use_compat, TRUE); + if (ret) + return ret; + ret = check_compat(minor_status, ctx->target, + "correct_des3_mic", &use_compat, FALSE); + if (ret) + return ret; + + if (use_compat) + ctx->more_flags |= COMPAT_OLD_DES3; + ctx->more_flags |= COMPAT_OLD_DES3_SELECTED; + } + return 0; +} + +#if 0 +OM_uint32 +gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on) +{ + *minor_status = 0; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + if (on) { + ctx->more_flags |= COMPAT_OLD_DES3; + } else { + ctx->more_flags &= ~COMPAT_OLD_DES3; + } + ctx->more_flags |= COMPAT_OLD_DES3_SELECTED; + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + return 0; +} +#endif diff --git a/source4/heimdal/lib/gssapi/krb5/context_time.c b/source4/heimdal/lib/gssapi/krb5/context_time.c new file mode 100644 index 0000000000..4e9d9f5d1d --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/context_time.c @@ -0,0 +1,93 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: context_time.c,v 1.13 2006/10/07 22:14:19 lha Exp $"); + +OM_uint32 +_gsskrb5_lifetime_left(OM_uint32 *minor_status, + OM_uint32 lifetime, + OM_uint32 *lifetime_rec) +{ + krb5_timestamp timeret; + krb5_error_code kret; + + if (lifetime == 0) { + *lifetime_rec = GSS_C_INDEFINITE; + return GSS_S_COMPLETE; + } + + kret = krb5_timeofday(_gsskrb5_context, &timeret); + if (kret) { + *minor_status = kret; + _gsskrb5_set_error_string (); + return GSS_S_FAILURE; + } + + if (lifetime < timeret) + *lifetime_rec = 0; + else + *lifetime_rec = lifetime - timeret; + + return GSS_S_COMPLETE; +} + + +OM_uint32 _gsskrb5_context_time + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + OM_uint32 * time_rec + ) +{ + OM_uint32 lifetime; + OM_uint32 major_status; + const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; + + GSSAPI_KRB5_INIT (); + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + lifetime = ctx->lifetime; + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + major_status = _gsskrb5_lifetime_left(minor_status, lifetime, time_rec); + if (major_status != GSS_S_COMPLETE) + return major_status; + + *minor_status = 0; + + if (*time_rec == 0) + return GSS_S_CONTEXT_EXPIRED; + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c new file mode 100644 index 0000000000..99aa2ccb43 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c @@ -0,0 +1,191 @@ +/* + * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: copy_ccache.c,v 1.15 2006/10/07 22:14:22 lha Exp $"); + +#if 0 +OM_uint32 +gss_krb5_copy_ccache(OM_uint32 *minor_status, + gss_cred_id_t cred, + krb5_ccache out) +{ + krb5_error_code kret; + + HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); + + if (cred->ccache == NULL) { + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + kret = krb5_cc_copy_cache(_gsskrb5_context, cred->ccache, out); + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + if (kret) { + *minor_status = kret; + _gsskrb5_set_error_string (); + return GSS_S_FAILURE; + } + *minor_status = 0; + return GSS_S_COMPLETE; +} +#endif + + +OM_uint32 +_gsskrb5_import_cred(OM_uint32 *minor_status, + krb5_ccache id, + krb5_principal keytab_principal, + krb5_keytab keytab, + gss_cred_id_t *cred) +{ + krb5_error_code kret; + gsskrb5_cred handle; + OM_uint32 ret; + + *cred = NULL; + + GSSAPI_KRB5_INIT (); + + handle = calloc(1, sizeof(*handle)); + if (handle == NULL) { + _gsskrb5_clear_status (); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + HEIMDAL_MUTEX_init(&handle->cred_id_mutex); + + handle->usage = 0; + + if (id) { + char *str; + + handle->usage |= GSS_C_INITIATE; + + kret = krb5_cc_get_principal(_gsskrb5_context, id, + &handle->principal); + if (kret) { + free(handle); + _gsskrb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + if (keytab_principal) { + krb5_boolean match; + + match = krb5_principal_compare(_gsskrb5_context, + handle->principal, + keytab_principal); + if (match == FALSE) { + krb5_free_principal(_gsskrb5_context, handle->principal); + free(handle); + _gsskrb5_clear_status (); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + } + + ret = __gsskrb5_ccache_lifetime(minor_status, + id, + handle->principal, + &handle->lifetime); + if (ret != GSS_S_COMPLETE) { + krb5_free_principal(_gsskrb5_context, handle->principal); + free(handle); + return ret; + } + + + kret = krb5_cc_get_full_name(_gsskrb5_context, id, &str); + if (kret) + goto out; + + kret = krb5_cc_resolve(_gsskrb5_context, str, &handle->ccache); + free(str); + if (kret) + goto out; + } + + + if (keytab) { + char *str; + + handle->usage |= GSS_C_ACCEPT; + + if (keytab_principal && handle->principal == NULL) { + kret = krb5_copy_principal(_gsskrb5_context, + keytab_principal, + &handle->principal); + if (kret) + goto out; + } + + kret = krb5_kt_get_full_name(_gsskrb5_context, keytab, &str); + if (kret) + goto out; + + kret = krb5_kt_resolve(_gsskrb5_context, str, &handle->keytab); + free(str); + if (kret) + goto out; + } + + + if (id || keytab) { + ret = _gsskrb5_create_empty_oid_set(minor_status, &handle->mechanisms); + if (ret == GSS_S_COMPLETE) + ret = _gsskrb5_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &handle->mechanisms); + if (ret != GSS_S_COMPLETE) { + kret = *minor_status; + goto out; + } + } + + *minor_status = 0; + *cred = (gss_cred_id_t)handle; + return GSS_S_COMPLETE; + +out: + _gsskrb5_set_error_string (); + if (handle->principal) + krb5_free_principal(_gsskrb5_context, handle->principal); + HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); + free(handle); + *minor_status = kret; + return GSS_S_FAILURE; +} + diff --git a/source4/heimdal/lib/gssapi/krb5/create_emtpy_oid_set.c b/source4/heimdal/lib/gssapi/krb5/create_emtpy_oid_set.c new file mode 100644 index 0000000000..550995125a --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/create_emtpy_oid_set.c @@ -0,0 +1,52 @@ +/* + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: create_emtpy_oid_set.c,v 1.7 2006/10/07 22:14:24 lha Exp $"); + +OM_uint32 _gsskrb5_create_empty_oid_set ( + OM_uint32 * minor_status, + gss_OID_set * oid_set + ) +{ + *oid_set = malloc(sizeof(**oid_set)); + if (*oid_set == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + (*oid_set)->count = 0; + (*oid_set)->elements = NULL; + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/decapsulate.c b/source4/heimdal/lib/gssapi/krb5/decapsulate.c new file mode 100644 index 0000000000..eadec1ef03 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/decapsulate.c @@ -0,0 +1,209 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: decapsulate.c,v 1.16 2006/10/07 22:14:26 lha Exp $"); + +/* + * return the length of the mechanism in token or -1 + * (which implies that the token was bad - GSS_S_DEFECTIVE_TOKEN + */ + +ssize_t +_gsskrb5_get_mech (const u_char *ptr, + size_t total_len, + const u_char **mech_ret) +{ + size_t len, len_len, mech_len, foo; + const u_char *p = ptr; + int e; + + if (total_len < 1) + return -1; + if (*p++ != 0x60) + return -1; + e = der_get_length (p, total_len - 1, &len, &len_len); + if (e || 1 + len_len + len != total_len) + return -1; + p += len_len; + if (*p++ != 0x06) + return -1; + e = der_get_length (p, total_len - 1 - len_len - 1, + &mech_len, &foo); + if (e) + return -1; + p += foo; + *mech_ret = p; + return mech_len; +} + +OM_uint32 +_gssapi_verify_mech_header(u_char **str, + size_t total_len, + gss_OID mech) +{ + const u_char *p; + ssize_t mech_len; + + mech_len = _gsskrb5_get_mech (*str, total_len, &p); + if (mech_len < 0) + return GSS_S_DEFECTIVE_TOKEN; + + if (mech_len != mech->length) + return GSS_S_BAD_MECH; + if (memcmp(p, + mech->elements, + mech->length) != 0) + return GSS_S_BAD_MECH; + p += mech_len; + *str = rk_UNCONST(p); + return GSS_S_COMPLETE; +} + +OM_uint32 +_gsskrb5_verify_header(u_char **str, + size_t total_len, + const void *type, + gss_OID oid) +{ + OM_uint32 ret; + size_t len; + u_char *p = *str; + + ret = _gssapi_verify_mech_header(str, total_len, oid); + if (ret) + return ret; + + len = total_len - (*str - p); + + if (len < 2) + return GSS_S_DEFECTIVE_TOKEN; + + if (memcmp (*str, type, 2) != 0) + return GSS_S_DEFECTIVE_TOKEN; + *str += 2; + + return 0; +} + +/* + * Remove the GSS-API wrapping from `in_token' giving `out_data. + * Does not copy data, so just free `in_token'. + */ + +OM_uint32 +_gssapi_decapsulate( + OM_uint32 *minor_status, + gss_buffer_t input_token_buffer, + krb5_data *out_data, + const gss_OID mech +) +{ + u_char *p; + OM_uint32 ret; + + p = input_token_buffer->value; + ret = _gssapi_verify_mech_header(&p, + input_token_buffer->length, + mech); + if (ret) { + *minor_status = 0; + return ret; + } + + out_data->length = input_token_buffer->length - + (p - (u_char *)input_token_buffer->value); + out_data->data = p; + return GSS_S_COMPLETE; +} + +/* + * Remove the GSS-API wrapping from `in_token' giving `out_data. + * Does not copy data, so just free `in_token'. + */ + +OM_uint32 +_gsskrb5_decapsulate(OM_uint32 *minor_status, + gss_buffer_t input_token_buffer, + krb5_data *out_data, + const void *type, + gss_OID oid) +{ + u_char *p; + OM_uint32 ret; + + p = input_token_buffer->value; + ret = _gsskrb5_verify_header(&p, + input_token_buffer->length, + type, + oid); + if (ret) { + *minor_status = 0; + return ret; + } + + out_data->length = input_token_buffer->length - + (p - (u_char *)input_token_buffer->value); + out_data->data = p; + return GSS_S_COMPLETE; +} + +/* + * Verify padding of a gss wrapped message and return its length. + */ + +OM_uint32 +_gssapi_verify_pad(gss_buffer_t wrapped_token, + size_t datalen, + size_t *padlen) +{ + u_char *pad; + size_t padlength; + int i; + + pad = (u_char *)wrapped_token->value + wrapped_token->length - 1; + padlength = *pad; + + if (padlength > datalen) + return GSS_S_BAD_MECH; + + for (i = padlength; i > 0 && *pad == padlength; i--, pad--) + ; + if (i != 0) + return GSS_S_BAD_MIC; + + *padlen = padlength; + + return 0; +} diff --git a/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c b/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c new file mode 100644 index 0000000000..e890d7d2c2 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c @@ -0,0 +1,80 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: delete_sec_context.c,v 1.19 2006/10/07 22:14:28 lha Exp $"); + +OM_uint32 +_gsskrb5_delete_sec_context(OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + gss_buffer_t output_token) +{ + gsskrb5_ctx ctx; + + GSSAPI_KRB5_INIT (); + + *minor_status = 0; + + if (output_token) { + output_token->length = 0; + output_token->value = NULL; + } + + if (*context_handle == GSS_C_NO_CONTEXT) + return GSS_S_COMPLETE; + + ctx = (gsskrb5_ctx) *context_handle; + *context_handle = GSS_C_NO_CONTEXT; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + + krb5_auth_con_free (_gsskrb5_context, ctx->auth_context); + if(ctx->source) + krb5_free_principal (_gsskrb5_context, ctx->source); + if(ctx->target) + krb5_free_principal (_gsskrb5_context, ctx->target); + if (ctx->ticket) + krb5_free_ticket (_gsskrb5_context, ctx->ticket); + if(ctx->order) + _gssapi_msg_order_destroy(&ctx->order); + if (ctx->service_keyblock) + krb5_free_keyblock (_gsskrb5_context, ctx->service_keyblock); + krb5_data_free(&ctx->fwd_data); + + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); + memset(ctx, 0, sizeof(*ctx)); + free (ctx); + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/display_name.c b/source4/heimdal/lib/gssapi/krb5/display_name.c new file mode 100644 index 0000000000..8fce7d8572 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/display_name.c @@ -0,0 +1,72 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: display_name.c,v 1.12 2006/10/07 22:14:31 lha Exp $"); + +OM_uint32 _gsskrb5_display_name + (OM_uint32 * minor_status, + const gss_name_t input_name, + gss_buffer_t output_name_buffer, + gss_OID * output_name_type + ) +{ + krb5_const_principal name = (krb5_const_principal)input_name; + krb5_error_code kret; + char *buf; + size_t len; + + GSSAPI_KRB5_INIT (); + kret = krb5_unparse_name (_gsskrb5_context, name, &buf); + if (kret) { + *minor_status = kret; + _gsskrb5_set_error_string (); + return GSS_S_FAILURE; + } + len = strlen (buf); + output_name_buffer->length = len; + output_name_buffer->value = malloc(len + 1); + if (output_name_buffer->value == NULL) { + free (buf); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy (output_name_buffer->value, buf, len); + ((char *)output_name_buffer->value)[len] = '\0'; + free (buf); + if (output_name_type) + *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME; + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/display_status.c b/source4/heimdal/lib/gssapi/krb5/display_status.c new file mode 100644 index 0000000000..11926ca557 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/display_status.c @@ -0,0 +1,230 @@ +/* + * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: display_status.c,v 1.16 2006/10/07 22:14:33 lha Exp $"); + +static const char * +calling_error(OM_uint32 v) +{ + static const char *msgs[] = { + NULL, /* 0 */ + "A required input parameter could not be read.", /* */ + "A required output parameter could not be written.", /* */ + "A parameter was malformed" + }; + + v >>= GSS_C_CALLING_ERROR_OFFSET; + + if (v == 0) + return ""; + else if (v >= sizeof(msgs)/sizeof(*msgs)) + return "unknown calling error"; + else + return msgs[v]; +} + +static const char * +routine_error(OM_uint32 v) +{ + static const char *msgs[] = { + NULL, /* 0 */ + "An unsupported mechanism was requested", + "An invalid name was supplied", + "A supplied name was of an unsupported type", + "Incorrect channel bindings were supplied", + "An invalid status code was supplied", + "A token had an invalid MIC", + "No credentials were supplied, " + "or the credentials were unavailable or inaccessible.", + "No context has been established", + "A token was invalid", + "A credential was invalid", + "The referenced credentials have expired", + "The context has expired", + "Miscellaneous failure (see text)", + "The quality-of-protection requested could not be provide", + "The operation is forbidden by local security policy", + "The operation or option is not available", + "The requested credential element already exists", + "The provided name was not a mechanism name.", + }; + + v >>= GSS_C_ROUTINE_ERROR_OFFSET; + + if (v == 0) + return ""; + else if (v >= sizeof(msgs)/sizeof(*msgs)) + return "unknown routine error"; + else + return msgs[v]; +} + +static const char * +supplementary_error(OM_uint32 v) +{ + static const char *msgs[] = { + "normal completion", + "continuation call to routine required", + "duplicate per-message token detected", + "timed-out per-message token detected", + "reordered (early) per-message token detected", + "skipped predecessor token(s) detected" + }; + + v >>= GSS_C_SUPPLEMENTARY_OFFSET; + + if (v >= sizeof(msgs)/sizeof(*msgs)) + return "unknown routine error"; + else + return msgs[v]; +} + +void +_gsskrb5_clear_status (void) +{ + struct gssapi_thr_context *ctx = _gsskrb5_get_thread_context(1); + if (ctx == NULL) + return; + HEIMDAL_MUTEX_lock(&ctx->mutex); + if (ctx->error_string) + free(ctx->error_string); + ctx->error_string = NULL; + HEIMDAL_MUTEX_unlock(&ctx->mutex); +} + +void +_gsskrb5_set_status (const char *fmt, ...) +{ + struct gssapi_thr_context *ctx = _gsskrb5_get_thread_context(1); + va_list args; + + if (ctx == NULL) + return; + HEIMDAL_MUTEX_lock(&ctx->mutex); + va_start(args, fmt); + if (ctx->error_string) + free(ctx->error_string); + /* ignore failures, will use status code instead */ + vasprintf(&ctx->error_string, fmt, args); + va_end(args); + HEIMDAL_MUTEX_unlock(&ctx->mutex); +} + +void +_gsskrb5_set_error_string (void) +{ + char *e; + + e = krb5_get_error_string(_gsskrb5_context); + if (e) { + _gsskrb5_set_status("%s", e); + krb5_free_error_string(_gsskrb5_context, e); + } else + _gsskrb5_clear_status(); +} + +char * +_gsskrb5_get_error_string (void) +{ + struct gssapi_thr_context *ctx = _gsskrb5_get_thread_context(0); + char *ret; + + if (ctx == NULL) + return NULL; + HEIMDAL_MUTEX_lock(&ctx->mutex); + ret = ctx->error_string; + ctx->error_string = NULL; + HEIMDAL_MUTEX_unlock(&ctx->mutex); + return ret; +} + +OM_uint32 _gsskrb5_display_status + (OM_uint32 *minor_status, + OM_uint32 status_value, + int status_type, + const gss_OID mech_type, + OM_uint32 *message_context, + gss_buffer_t status_string) +{ + char *buf; + + GSSAPI_KRB5_INIT (); + + status_string->length = 0; + status_string->value = NULL; + + if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 && + gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) { + *minor_status = 0; + return GSS_C_GSS_CODE; + } + + if (status_type == GSS_C_GSS_CODE) { + if (GSS_SUPPLEMENTARY_INFO(status_value)) + asprintf(&buf, "%s", + supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value))); + else + asprintf (&buf, "%s %s", + calling_error(GSS_CALLING_ERROR(status_value)), + routine_error(GSS_ROUTINE_ERROR(status_value))); + } else if (status_type == GSS_C_MECH_CODE) { + buf = _gsskrb5_get_error_string (); + if (buf == NULL) { + const char *tmp = krb5_get_err_text (_gsskrb5_context, + status_value); + if (tmp == NULL) + asprintf(&buf, "unknown mech error-code %u", + (unsigned)status_value); + else + buf = strdup(tmp); + } + } else { + *minor_status = EINVAL; + return GSS_S_BAD_STATUS; + } + + if (buf == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + *message_context = 0; + *minor_status = 0; + + status_string->length = strlen(buf); + status_string->value = buf; + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/duplicate_name.c b/source4/heimdal/lib/gssapi/krb5/duplicate_name.c new file mode 100644 index 0000000000..475ae61efc --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/duplicate_name.c @@ -0,0 +1,59 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: duplicate_name.c,v 1.10 2006/10/07 22:14:35 lha Exp $"); + +OM_uint32 _gsskrb5_duplicate_name ( + OM_uint32 * minor_status, + const gss_name_t src_name, + gss_name_t * dest_name + ) +{ + krb5_const_principal src = (krb5_const_principal)src_name; + krb5_principal *dest = (krb5_principal *)dest_name; + krb5_error_code kret; + + GSSAPI_KRB5_INIT (); + + kret = krb5_copy_principal (_gsskrb5_context, src, dest); + if (kret) { + *minor_status = kret; + _gsskrb5_set_error_string (); + return GSS_S_FAILURE; + } else { + *minor_status = 0; + return GSS_S_COMPLETE; + } +} diff --git a/source4/heimdal/lib/gssapi/krb5/encapsulate.c b/source4/heimdal/lib/gssapi/krb5/encapsulate.c new file mode 100644 index 0000000000..a015a95103 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/encapsulate.c @@ -0,0 +1,155 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: encapsulate.c,v 1.12 2006/10/14 10:02:56 lha Exp $"); + +void +_gssapi_encap_length (size_t data_len, + size_t *len, + size_t *total_len, + const gss_OID mech) +{ + size_t len_len; + + *len = 1 + 1 + mech->length + data_len; + + len_len = der_length_len(*len); + + *total_len = 1 + len_len + *len; +} + +void +_gsskrb5_encap_length (size_t data_len, + size_t *len, + size_t *total_len, + const gss_OID mech) +{ + _gssapi_encap_length(data_len + 2, len, total_len, mech); +} + +void * +_gsskrb5_make_header (void *ptr, + size_t len, + const void *type, + const gss_OID mech) +{ + u_char *p = ptr; + p = _gssapi_make_mech_header(p, len, mech); + memcpy (p, type, 2); + p += 2; + return p; +} + +void * +_gssapi_make_mech_header(void *ptr, + size_t len, + const gss_OID mech) +{ + u_char *p = ptr; + int e; + size_t len_len, foo; + + *p++ = 0x60; + len_len = der_length_len(len); + e = der_put_length (p + len_len - 1, len_len, len, &foo); + if(e || foo != len_len) + abort (); + p += len_len; + *p++ = 0x06; + *p++ = mech->length; + memcpy (p, mech->elements, mech->length); + p += mech->length; + return p; +} + +/* + * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings. + */ + +OM_uint32 +_gssapi_encapsulate( + OM_uint32 *minor_status, + const krb5_data *in_data, + gss_buffer_t output_token, + const gss_OID mech +) +{ + size_t len, outer_len; + void *p; + + _gssapi_encap_length (in_data->length, &len, &outer_len, mech); + + output_token->length = outer_len; + output_token->value = malloc (outer_len); + if (output_token->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = _gssapi_make_mech_header (output_token->value, len, mech); + memcpy (p, in_data->data, in_data->length); + return GSS_S_COMPLETE; +} + +/* + * Give it a krb5_data and it will encapsulate with extra GSS-API krb5 + * wrappings. + */ + +OM_uint32 +_gsskrb5_encapsulate( + OM_uint32 *minor_status, + const krb5_data *in_data, + gss_buffer_t output_token, + const void *type, + const gss_OID mech +) +{ + size_t len, outer_len; + u_char *p; + + _gsskrb5_encap_length (in_data->length, &len, &outer_len, mech); + + output_token->length = outer_len; + output_token->value = malloc (outer_len); + if (output_token->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = _gsskrb5_make_header (output_token->value, len, type, mech); + memcpy (p, in_data->data, in_data->length); + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/export_name.c b/source4/heimdal/lib/gssapi/krb5/export_name.c new file mode 100644 index 0000000000..d00c458898 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/export_name.c @@ -0,0 +1,93 @@ +/* + * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: export_name.c,v 1.8 2006/10/07 22:14:40 lha Exp $"); + +OM_uint32 _gsskrb5_export_name + (OM_uint32 * minor_status, + const gss_name_t input_name, + gss_buffer_t exported_name + ) +{ + krb5_const_principal princ = (krb5_const_principal)input_name; + krb5_error_code kret; + char *buf, *name; + size_t len; + + GSSAPI_KRB5_INIT (); + kret = krb5_unparse_name (_gsskrb5_context, princ, &name); + if (kret) { + *minor_status = kret; + _gsskrb5_set_error_string (); + return GSS_S_FAILURE; + } + len = strlen (name); + + exported_name->length = 10 + len + GSS_KRB5_MECHANISM->length; + exported_name->value = malloc(exported_name->length); + if (exported_name->value == NULL) { + free (name); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */ + + buf = exported_name->value; + memcpy(buf, "\x04\x01", 2); + buf += 2; + buf[0] = ((GSS_KRB5_MECHANISM->length + 2) >> 8) & 0xff; + buf[1] = (GSS_KRB5_MECHANISM->length + 2) & 0xff; + buf+= 2; + buf[0] = 0x06; + buf[1] = (GSS_KRB5_MECHANISM->length) & 0xFF; + buf+= 2; + + memcpy(buf, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length); + buf += GSS_KRB5_MECHANISM->length; + + buf[0] = (len >> 24) & 0xff; + buf[1] = (len >> 16) & 0xff; + buf[2] = (len >> 8) & 0xff; + buf[3] = (len) & 0xff; + buf += 4; + + memcpy (buf, name, len); + + free (name); + + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/export_sec_context.c b/source4/heimdal/lib/gssapi/krb5/export_sec_context.c new file mode 100644 index 0000000000..aff03a0b67 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/export_sec_context.c @@ -0,0 +1,239 @@ +/* + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: export_sec_context.c,v 1.11 2006/10/07 22:14:42 lha Exp $"); + +OM_uint32 +_gsskrb5_export_sec_context ( + OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + gss_buffer_t interprocess_token + ) +{ + const gsskrb5_ctx ctx = (const gsskrb5_ctx) *context_handle; + krb5_storage *sp; + krb5_auth_context ac; + OM_uint32 ret = GSS_S_COMPLETE; + krb5_data data; + gss_buffer_desc buffer; + int flags; + OM_uint32 minor; + krb5_error_code kret; + + GSSAPI_KRB5_INIT (); + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + + if (!(ctx->flags & GSS_C_TRANS_FLAG)) { + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + *minor_status = 0; + return GSS_S_UNAVAILABLE; + } + + sp = krb5_storage_emem (); + if (sp == NULL) { + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + ac = ctx->auth_context; + + /* flagging included fields */ + + flags = 0; + if (ac->local_address) + flags |= SC_LOCAL_ADDRESS; + if (ac->remote_address) + flags |= SC_REMOTE_ADDRESS; + if (ac->keyblock) + flags |= SC_KEYBLOCK; + if (ac->local_subkey) + flags |= SC_LOCAL_SUBKEY; + if (ac->remote_subkey) + flags |= SC_REMOTE_SUBKEY; + + kret = krb5_store_int32 (sp, flags); + if (kret) { + *minor_status = kret; + goto failure; + } + + /* marshall auth context */ + + kret = krb5_store_int32 (sp, ac->flags); + if (kret) { + *minor_status = kret; + goto failure; + } + if (ac->local_address) { + kret = krb5_store_address (sp, *ac->local_address); + if (kret) { + *minor_status = kret; + goto failure; + } + } + if (ac->remote_address) { + kret = krb5_store_address (sp, *ac->remote_address); + if (kret) { + *minor_status = kret; + goto failure; + } + } + kret = krb5_store_int16 (sp, ac->local_port); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int16 (sp, ac->remote_port); + if (kret) { + *minor_status = kret; + goto failure; + } + if (ac->keyblock) { + kret = krb5_store_keyblock (sp, *ac->keyblock); + if (kret) { + *minor_status = kret; + goto failure; + } + } + if (ac->local_subkey) { + kret = krb5_store_keyblock (sp, *ac->local_subkey); + if (kret) { + *minor_status = kret; + goto failure; + } + } + if (ac->remote_subkey) { + kret = krb5_store_keyblock (sp, *ac->remote_subkey); + if (kret) { + *minor_status = kret; + goto failure; + } + } + kret = krb5_store_int32 (sp, ac->local_seqnumber); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int32 (sp, ac->remote_seqnumber); + if (kret) { + *minor_status = kret; + goto failure; + } + + kret = krb5_store_int32 (sp, ac->keytype); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int32 (sp, ac->cksumtype); + if (kret) { + *minor_status = kret; + goto failure; + } + + /* names */ + + ret = _gsskrb5_export_name (minor_status, + (gss_name_t)ctx->source, &buffer); + if (ret) + goto failure; + data.data = buffer.value; + data.length = buffer.length; + kret = krb5_store_data (sp, data); + _gsskrb5_release_buffer (&minor, &buffer); + if (kret) { + *minor_status = kret; + goto failure; + } + + ret = _gsskrb5_export_name (minor_status, + (gss_name_t)ctx->target, &buffer); + if (ret) + goto failure; + data.data = buffer.value; + data.length = buffer.length; + + ret = GSS_S_FAILURE; + + kret = krb5_store_data (sp, data); + _gsskrb5_release_buffer (&minor, &buffer); + if (kret) { + *minor_status = kret; + goto failure; + } + + kret = krb5_store_int32 (sp, ctx->flags); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int32 (sp, ctx->more_flags); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int32 (sp, ctx->lifetime); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = _gssapi_msg_order_export(sp, ctx->order); + if (kret ) { + *minor_status = kret; + goto failure; + } + + kret = krb5_storage_to_data (sp, &data); + krb5_storage_free (sp); + if (kret) { + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + *minor_status = kret; + return GSS_S_FAILURE; + } + interprocess_token->length = data.length; + interprocess_token->value = data.data; + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + ret = _gsskrb5_delete_sec_context (minor_status, context_handle, + GSS_C_NO_BUFFER); + if (ret != GSS_S_COMPLETE) + _gsskrb5_release_buffer (NULL, interprocess_token); + *minor_status = 0; + return ret; + failure: + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + krb5_storage_free (sp); + return ret; +} diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c new file mode 100644 index 0000000000..7419bc2fe8 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/external.c @@ -0,0 +1,408 @@ +/* + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" +#include + +RCSID("$Id: external.c,v 1.18 2006/10/20 21:50:24 lha Exp $"); + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x01"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant + * GSS_C_NT_USER_NAME should be initialized to point + * to that gss_OID_desc. + */ + +static gss_OID_desc gss_c_nt_user_name_oid_desc = +{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")}; + +gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x02"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. + * The constant GSS_C_NT_MACHINE_UID_NAME should be + * initialized to point to that gss_OID_desc. + */ + +static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc = +{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")}; + +gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x03"}, + * corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. + * The constant GSS_C_NT_STRING_UID_NAME should be + * initialized to point to that gss_OID_desc. + */ + +static gss_OID_desc gss_c_nt_string_uid_name_oid_desc = +{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")}; + +gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, + * corresponding to an object-identifier value of + * {iso(1) org(3) dod(6) internet(1) security(5) + * nametypes(6) gss-host-based-services(2)). The constant + * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point + * to that gss_OID_desc. This is a deprecated OID value, and + * implementations wishing to support hostbased-service names + * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, + * defined below, to identify such names; + * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym + * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input + * parameter, but should not be emitted by GSS-API + * implementations + */ + +static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc = +{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")}; + +gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" + * "\x01\x02\x01\x04"}, corresponding to an + * object-identifier value of {iso(1) member-body(2) + * Unites States(840) mit(113554) infosys(1) gssapi(2) + * generic(1) service_name(4)}. The constant + * GSS_C_NT_HOSTBASED_SERVICE should be initialized + * to point to that gss_OID_desc. + */ +static gss_OID_desc gss_c_nt_hostbased_service_oid_desc = +{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")}; + +gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, + * corresponding to an object identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 3(gss-anonymous-name)}. The constant + * and GSS_C_NT_ANONYMOUS should be initialized to point + * to that gss_OID_desc. + */ + +static gss_OID_desc gss_c_nt_anonymous_oid_desc = +{6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")}; + +gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc; + +/* + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value + * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, + * corresponding to an object-identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 4(gss-api-exported-name)}. The constant + * GSS_C_NT_EXPORT_NAME should be initialized to point + * to that gss_OID_desc. + */ + +static gss_OID_desc gss_c_nt_export_name_oid_desc = +{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") }; + +gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc; + +/* + * This name form shall be represented by the Object Identifier {iso(1) + * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) + * krb5(2) krb5_name(1)}. The recommended symbolic name for this type + * is "GSS_KRB5_NT_PRINCIPAL_NAME". + */ + +static gss_OID_desc gss_krb5_nt_principal_name_oid_desc = +{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") }; + +gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc; + +/* + * This name form shall be represented by the Object Identifier {iso(1) + * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) + * generic(1) user_name(1)}. The recommended symbolic name for this + * type is "GSS_KRB5_NT_USER_NAME". + */ + +gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; + +/* + * This name form shall be represented by the Object Identifier {iso(1) + * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) + * generic(1) machine_uid_name(2)}. The recommended symbolic name for + * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". + */ + +gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; + +/* + * This name form shall be represented by the Object Identifier {iso(1) + * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) + * generic(1) string_uid_name(3)}. The recommended symbolic name for + * this type is "GSS_KRB5_NT_STRING_UID_NAME". + */ + +gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; + +/* + * To support ongoing experimentation, testing, and evolution of the + * specification, the Kerberos V5 GSS-API mechanism as defined in this + * and any successor memos will be identified with the following Object + * Identifier, as defined in RFC-1510, until the specification is + * advanced to the level of Proposed Standard RFC: + * + * {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)} + * + * Upon advancement to the level of Proposed Standard RFC, the Kerberos + * V5 GSS-API mechanism will be identified by an Object Identifier + * having the value: + * + * {iso(1) member-body(2) United States(840) mit(113554) infosys(1) + * gssapi(2) krb5(2)} + */ + +#if 0 /* This is the old OID */ + +static gss_OID_desc gss_krb5_mechanism_oid_desc = +{5, rk_UNCONST("\x2b\x05\x01\x05\x02")}; + +#endif + +static gss_OID_desc gss_krb5_mechanism_oid_desc = +{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }; + +gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc; + +/* + * draft-ietf-cat-iakerb-09, IAKERB: + * The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance + * with the mechanism proposed by SPNEGO [7] for negotiating protocol + * variations, is: {iso(1) org(3) dod(6) internet(1) security(5) + * mechanisms(5) iakerb(10) iakerbProxyProtocol(1)}. The proposed + * mechanism ID for IAKERB minimum messages GSS-API Kerberos, in + * accordance with the mechanism proposed by SPNEGO for negotiating + * protocol variations, is: {iso(1) org(3) dod(6) internet(1) + * security(5) mechanisms(5) iakerb(10) + * iakerbMinimumMessagesProtocol(2)}. + */ + +static gss_OID_desc gss_iakerb_proxy_mechanism_oid_desc = +{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")}; + +gss_OID GSS_IAKERB_PROXY_MECHANISM = &gss_iakerb_proxy_mechanism_oid_desc; + +static gss_OID_desc gss_iakerb_min_msg_mechanism_oid_desc = +{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") }; + +gss_OID GSS_IAKERB_MIN_MSG_MECHANISM = &gss_iakerb_min_msg_mechanism_oid_desc; + +/* + * + */ + +static gss_OID_desc gss_c_peer_has_updated_spnego_oid_desc = +{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"}; + +gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO = &gss_c_peer_has_updated_spnego_oid_desc; + +/* + * 1.2.752.43.13 Heimdal GSS-API Extentions + */ + +/* 1.2.752.43.13.1 */ +static gss_OID_desc gss_krb5_copy_ccache_x_oid_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")}; + +gss_OID GSS_KRB5_COPY_CCACHE_X = &gss_krb5_copy_ccache_x_oid_desc; + +/* 1.2.752.43.13.2 */ +static gss_OID_desc gss_krb5_get_tkt_flags_x_oid_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")}; + +gss_OID GSS_KRB5_GET_TKT_FLAGS_X = &gss_krb5_get_tkt_flags_x_oid_desc; + +/* 1.2.752.43.13.3 */ +static gss_OID_desc gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")}; + +gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X = &gss_krb5_extract_authz_data_from_sec_context_x_oid_desc; + +/* 1.2.752.43.13.4 */ +static gss_OID_desc gss_krb5_compat_des3_mic_x_oid_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")}; + +gss_OID GSS_KRB5_COMPAT_DES3_MIC_X = &gss_krb5_compat_des3_mic_x_oid_desc; + +/* 1.2.752.43.13.5 */ +static gss_OID_desc gss_krb5_register_acceptor_identity_x_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")}; + +gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X = &gss_krb5_register_acceptor_identity_x_desc; + +/* 1.2.752.43.13.6 */ +static gss_OID_desc gss_krb5_export_lucid_context_x_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")}; + +gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X = &gss_krb5_export_lucid_context_x_desc; + +/* 1.2.752.43.13.6.1 */ +static gss_OID_desc gss_krb5_export_lucid_context_v1_x_desc = +{7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")}; + +gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X = &gss_krb5_export_lucid_context_v1_x_desc; + +/* 1.2.752.43.13.7 */ +static gss_OID_desc gss_krb5_set_dns_canonicalize_x_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")}; + +gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X = &gss_krb5_set_dns_canonicalize_x_desc; + +/* 1.2.752.43.13.8 */ +static gss_OID_desc gss_krb5_get_subkey_x_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")}; + +gss_OID GSS_KRB5_GET_SUBKEY_X = &gss_krb5_get_subkey_x_desc; + +/* 1.2.752.43.13.9 */ +static gss_OID_desc gss_krb5_get_initiator_subkey_x_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")}; + +gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X = &gss_krb5_get_initiator_subkey_x_desc; + +/* 1.2.752.43.13.10 */ +static gss_OID_desc gss_krb5_get_acceptor_subkey_x_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")}; + +gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X = &gss_krb5_get_acceptor_subkey_x_desc; + +/* 1.2.752.43.13.11 */ +static gss_OID_desc gss_krb5_send_to_kdc_x_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")}; + +gss_OID GSS_KRB5_SEND_TO_KDC_X = &gss_krb5_send_to_kdc_x_desc; + +/* 1.2.752.43.13.12 */ +static gss_OID_desc gss_krb5_get_authtime_x_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")}; + +gss_OID GSS_KRB5_GET_AUTHTIME_X = &gss_krb5_get_authtime_x_desc; + +/* 1.2.752.43.13.14 */ +static gss_OID_desc gss_krb5_get_service_keyblock_x_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")}; + +gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X = &gss_krb5_get_service_keyblock_x_desc; + +/* 1.2.752.43.14.1 */ +static gss_OID_desc gss_sasl_digest_md5_mechanism_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") }; + +gss_OID GSS_SASL_DIGEST_MD5_MECHANISM = &gss_sasl_digest_md5_mechanism_desc; + +/* + * Context for krb5 calls. + */ + +krb5_context _gsskrb5_context; + +/* + * + */ + +static gssapi_mech_interface_desc krb5_mech = { + GMI_VERSION, + "kerberos 5", + {9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }, + _gsskrb5_acquire_cred, + _gsskrb5_release_cred, + _gsskrb5_init_sec_context, + _gsskrb5_accept_sec_context, + _gsskrb5_process_context_token, + _gsskrb5_delete_sec_context, + _gsskrb5_context_time, + _gsskrb5_get_mic, + _gsskrb5_verify_mic, + _gsskrb5_wrap, + _gsskrb5_unwrap, + _gsskrb5_display_status, + _gsskrb5_indicate_mechs, + _gsskrb5_compare_name, + _gsskrb5_display_name, + _gsskrb5_import_name, + _gsskrb5_export_name, + _gsskrb5_release_name, + _gsskrb5_inquire_cred, + _gsskrb5_inquire_context, + _gsskrb5_wrap_size_limit, + _gsskrb5_add_cred, + _gsskrb5_inquire_cred_by_mech, + _gsskrb5_export_sec_context, + _gsskrb5_import_sec_context, + _gsskrb5_inquire_names_for_mech, + _gsskrb5_inquire_mechs_for_name, + _gsskrb5_canonicalize_name, + _gsskrb5_duplicate_name, + _gsskrb5_inquire_sec_context_by_oid, + _gsskrb5_inquire_cred_by_oid, + _gsskrb5_set_sec_context_option, + _gsskrb5_set_cred_option +}; + +gssapi_mech_interface +__gss_krb5_initialize(void) +{ + return &krb5_mech; +} diff --git a/source4/heimdal/lib/gssapi/krb5/get_mic.c b/source4/heimdal/lib/gssapi/krb5/get_mic.c new file mode 100644 index 0000000000..5a078d634d --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/get_mic.c @@ -0,0 +1,317 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: get_mic.c,v 1.34 2006/10/18 15:59:23 lha Exp $"); + +static OM_uint32 +mic_des + (OM_uint32 * minor_status, + const gsskrb5_ctx ctx, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token, + krb5_keyblock *key + ) +{ + u_char *p; + MD5_CTX md5; + u_char hash[16]; + DES_key_schedule schedule; + DES_cblock deskey; + DES_cblock zero; + int32_t seq_number; + size_t len, total_len; + + _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM); + + message_token->length = total_len; + message_token->value = malloc (total_len); + if (message_token->value == NULL) { + message_token->length = 0; + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = _gsskrb5_make_header(message_token->value, + len, + "\x01\x01", /* TOK_ID */ + GSS_KRB5_MECHANISM); + + memcpy (p, "\x00\x00", 2); /* SGN_ALG = DES MAC MD5 */ + p += 2; + + memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */ + p += 4; + + /* Fill in later (SND-SEQ) */ + memset (p, 0, 16); + p += 16; + + /* checksum */ + MD5_Init (&md5); + MD5_Update (&md5, p - 24, 8); + MD5_Update (&md5, message_buffer->value, message_buffer->length); + MD5_Final (hash, &md5); + + memset (&zero, 0, sizeof(zero)); + memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); + DES_set_key (&deskey, &schedule); + DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), + &schedule, &zero); + memcpy (p - 8, hash, 8); /* SGN_CKSUM */ + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + /* sequence number */ + krb5_auth_con_getlocalseqnumber (_gsskrb5_context, + ctx->auth_context, + &seq_number); + + p -= 16; /* SND_SEQ */ + p[0] = (seq_number >> 0) & 0xFF; + p[1] = (seq_number >> 8) & 0xFF; + p[2] = (seq_number >> 16) & 0xFF; + p[3] = (seq_number >> 24) & 0xFF; + memset (p + 4, + (ctx->more_flags & LOCAL) ? 0 : 0xFF, + 4); + + DES_set_key (&deskey, &schedule); + DES_cbc_encrypt ((void *)p, (void *)p, 8, + &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT); + + krb5_auth_con_setlocalseqnumber (_gsskrb5_context, + ctx->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +static OM_uint32 +mic_des3 + (OM_uint32 * minor_status, + const gsskrb5_ctx ctx, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token, + krb5_keyblock *key + ) +{ + u_char *p; + Checksum cksum; + u_char seq[8]; + + int32_t seq_number; + size_t len, total_len; + + krb5_crypto crypto; + krb5_error_code kret; + krb5_data encdata; + char *tmp; + char ivec[8]; + + _gsskrb5_encap_length (36, &len, &total_len, GSS_KRB5_MECHANISM); + + message_token->length = total_len; + message_token->value = malloc (total_len); + if (message_token->value == NULL) { + message_token->length = 0; + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = _gsskrb5_make_header(message_token->value, + len, + "\x01\x01", /* TOK-ID */ + GSS_KRB5_MECHANISM); + + memcpy (p, "\x04\x00", 2); /* SGN_ALG = HMAC SHA1 DES3-KD */ + p += 2; + + memcpy (p, "\xff\xff\xff\xff", 4); /* filler */ + p += 4; + + /* this should be done in parts */ + + tmp = malloc (message_buffer->length + 8); + if (tmp == NULL) { + free (message_token->value); + message_token->value = NULL; + message_token->length = 0; + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy (tmp, p - 8, 8); + memcpy (tmp + 8, message_buffer->value, message_buffer->length); + + kret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + if (kret) { + free (message_token->value); + message_token->value = NULL; + message_token->length = 0; + free (tmp); + _gsskrb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_create_checksum (_gsskrb5_context, + crypto, + KRB5_KU_USAGE_SIGN, + 0, + tmp, + message_buffer->length + 8, + &cksum); + free (tmp); + krb5_crypto_destroy (_gsskrb5_context, crypto); + if (kret) { + free (message_token->value); + message_token->value = NULL; + message_token->length = 0; + _gsskrb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + memcpy (p + 8, cksum.checksum.data, cksum.checksum.length); + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + /* sequence number */ + krb5_auth_con_getlocalseqnumber (_gsskrb5_context, + ctx->auth_context, + &seq_number); + + seq[0] = (seq_number >> 0) & 0xFF; + seq[1] = (seq_number >> 8) & 0xFF; + seq[2] = (seq_number >> 16) & 0xFF; + seq[3] = (seq_number >> 24) & 0xFF; + memset (seq + 4, + (ctx->more_flags & LOCAL) ? 0 : 0xFF, + 4); + + kret = krb5_crypto_init(_gsskrb5_context, key, + ETYPE_DES3_CBC_NONE, &crypto); + if (kret) { + free (message_token->value); + message_token->value = NULL; + message_token->length = 0; + _gsskrb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + if (ctx->more_flags & COMPAT_OLD_DES3) + memset(ivec, 0, 8); + else + memcpy(ivec, p + 8, 8); + + kret = krb5_encrypt_ivec (_gsskrb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + seq, 8, &encdata, ivec); + krb5_crypto_destroy (_gsskrb5_context, crypto); + if (kret) { + free (message_token->value); + message_token->value = NULL; + message_token->length = 0; + _gsskrb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + assert (encdata.length == 8); + + memcpy (p, encdata.data, encdata.length); + krb5_data_free (&encdata); + + krb5_auth_con_setlocalseqnumber (_gsskrb5_context, + ctx->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + free_Checksum (&cksum); + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 _gsskrb5_get_mic + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token + ) +{ + const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; + krb5_keyblock *key; + OM_uint32 ret; + krb5_keytype keytype; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + ret = _gsskrb5i_get_token_key(ctx, &key); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + if (ret) { + _gsskrb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + krb5_enctype_to_keytype (_gsskrb5_context, key->keytype, &keytype); + + switch (keytype) { + case KEYTYPE_DES : + ret = mic_des (minor_status, ctx, qop_req, + message_buffer, message_token, key); + break; + case KEYTYPE_DES3 : + ret = mic_des3 (minor_status, ctx, qop_req, + message_buffer, message_token, key); + break; + case KEYTYPE_ARCFOUR: + case KEYTYPE_ARCFOUR_56: + ret = _gssapi_get_mic_arcfour (minor_status, ctx, qop_req, + message_buffer, message_token, key); + break; + default : + ret = _gssapi_mic_cfx (minor_status, ctx, qop_req, + message_buffer, message_token, key); + break; + } + krb5_free_keyblock (_gsskrb5_context, key); + return ret; +} diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h new file mode 100644 index 0000000000..426c0ab200 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h @@ -0,0 +1,705 @@ +/* This is a generated file */ +#ifndef __gsskrb5_private_h__ +#define __gsskrb5_private_h__ + +#include + +gssapi_mech_interface +__gss_krb5_initialize (void); + +OM_uint32 +__gsskrb5_ccache_lifetime ( + OM_uint32 */*minor_status*/, + krb5_ccache /*id*/, + krb5_principal /*principal*/, + OM_uint32 */*lifetime*/); + +OM_uint32 +_gss_DES3_get_mic_compat ( + OM_uint32 */*minor_status*/, + gsskrb5_ctx /*ctx*/); + +OM_uint32 +_gssapi_decapsulate ( + OM_uint32 */*minor_status*/, + gss_buffer_t /*input_token_buffer*/, + krb5_data */*out_data*/, + const gss_OID mech ); + +void +_gssapi_encap_length ( + size_t /*data_len*/, + size_t */*len*/, + size_t */*total_len*/, + const gss_OID /*mech*/); + +OM_uint32 +_gssapi_encapsulate ( + OM_uint32 */*minor_status*/, + const krb5_data */*in_data*/, + gss_buffer_t /*output_token*/, + const gss_OID mech ); + +OM_uint32 +_gssapi_get_mic_arcfour ( + OM_uint32 * /*minor_status*/, + const gsskrb5_ctx /*context_handle*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*message_buffer*/, + gss_buffer_t /*message_token*/, + krb5_keyblock */*key*/); + +void * +_gssapi_make_mech_header ( + void */*ptr*/, + size_t /*len*/, + const gss_OID /*mech*/); + +OM_uint32 +_gssapi_mic_cfx ( + OM_uint32 */*minor_status*/, + const gsskrb5_ctx /*context_handle*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*message_buffer*/, + gss_buffer_t /*message_token*/, + krb5_keyblock */*key*/); + +OM_uint32 +_gssapi_msg_order_check ( + struct gss_msg_order */*o*/, + OM_uint32 /*seq_num*/); + +OM_uint32 +_gssapi_msg_order_create ( + OM_uint32 */*minor_status*/, + struct gss_msg_order **/*o*/, + OM_uint32 /*flags*/, + OM_uint32 /*seq_num*/, + OM_uint32 /*jitter_window*/, + int /*use_64*/); + +OM_uint32 +_gssapi_msg_order_destroy (struct gss_msg_order **/*m*/); + +krb5_error_code +_gssapi_msg_order_export ( + krb5_storage */*sp*/, + struct gss_msg_order */*o*/); + +OM_uint32 +_gssapi_msg_order_f (OM_uint32 /*flags*/); + +OM_uint32 +_gssapi_msg_order_import ( + OM_uint32 */*minor_status*/, + krb5_storage */*sp*/, + struct gss_msg_order **/*o*/); + +OM_uint32 +_gssapi_unwrap_arcfour ( + OM_uint32 */*minor_status*/, + const gsskrb5_ctx /*context_handle*/, + const gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*output_message_buffer*/, + int */*conf_state*/, + gss_qop_t */*qop_state*/, + krb5_keyblock */*key*/); + +OM_uint32 +_gssapi_unwrap_cfx ( + OM_uint32 */*minor_status*/, + const gsskrb5_ctx /*context_handle*/, + const gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*output_message_buffer*/, + int */*conf_state*/, + gss_qop_t */*qop_state*/, + krb5_keyblock */*key*/); + +OM_uint32 +_gssapi_verify_mech_header ( + u_char **/*str*/, + size_t /*total_len*/, + gss_OID /*mech*/); + +OM_uint32 +_gssapi_verify_mic_arcfour ( + OM_uint32 * /*minor_status*/, + const gsskrb5_ctx /*context_handle*/, + const gss_buffer_t /*message_buffer*/, + const gss_buffer_t /*token_buffer*/, + gss_qop_t * /*qop_state*/, + krb5_keyblock */*key*/, + char */*type*/); + +OM_uint32 +_gssapi_verify_mic_cfx ( + OM_uint32 */*minor_status*/, + const gsskrb5_ctx /*context_handle*/, + const gss_buffer_t /*message_buffer*/, + const gss_buffer_t /*token_buffer*/, + gss_qop_t */*qop_state*/, + krb5_keyblock */*key*/); + +OM_uint32 +_gssapi_verify_pad ( + gss_buffer_t /*wrapped_token*/, + size_t /*datalen*/, + size_t */*padlen*/); + +OM_uint32 +_gssapi_wrap_arcfour ( + OM_uint32 * /*minor_status*/, + const gsskrb5_ctx /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*input_message_buffer*/, + int * /*conf_state*/, + gss_buffer_t /*output_message_buffer*/, + krb5_keyblock */*key*/); + +OM_uint32 +_gssapi_wrap_cfx ( + OM_uint32 */*minor_status*/, + const gsskrb5_ctx /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*input_message_buffer*/, + int */*conf_state*/, + gss_buffer_t /*output_message_buffer*/, + krb5_keyblock */*key*/); + +OM_uint32 +_gssapi_wrap_size_arcfour ( + OM_uint32 */*minor_status*/, + const gsskrb5_ctx /*ctx*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + OM_uint32 /*req_output_size*/, + OM_uint32 */*max_input_size*/, + krb5_keyblock */*key*/); + +OM_uint32 +_gssapi_wrap_size_cfx ( + OM_uint32 */*minor_status*/, + const gsskrb5_ctx /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + OM_uint32 /*req_output_size*/, + OM_uint32 */*max_input_size*/, + krb5_keyblock */*key*/); + +OM_uint32 +_gsskrb5_accept_sec_context ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + const gss_cred_id_t /*acceptor_cred_handle*/, + const gss_buffer_t /*input_token_buffer*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + gss_name_t * /*src_name*/, + gss_OID * /*mech_type*/, + gss_buffer_t /*output_token*/, + OM_uint32 * /*ret_flags*/, + OM_uint32 * /*time_rec*/, + gss_cred_id_t * /*delegated_cred_handle*/); + +OM_uint32 +_gsskrb5_acquire_cred ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*desired_name*/, + OM_uint32 /*time_req*/, + const gss_OID_set /*desired_mechs*/, + gss_cred_usage_t /*cred_usage*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * time_rec ); + +OM_uint32 +_gsskrb5_add_cred ( + OM_uint32 */*minor_status*/, + const gss_cred_id_t /*input_cred_handle*/, + const gss_name_t /*desired_name*/, + const gss_OID /*desired_mech*/, + gss_cred_usage_t /*cred_usage*/, + OM_uint32 /*initiator_time_req*/, + OM_uint32 /*acceptor_time_req*/, + gss_cred_id_t */*output_cred_handle*/, + gss_OID_set */*actual_mechs*/, + OM_uint32 */*initiator_time_rec*/, + OM_uint32 */*acceptor_time_rec*/); + +OM_uint32 +_gsskrb5_add_oid_set_member ( + OM_uint32 * /*minor_status*/, + const gss_OID /*member_oid*/, + gss_OID_set * oid_set ); + +OM_uint32 +_gsskrb5_canonicalize_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + const gss_OID /*mech_type*/, + gss_name_t * output_name ); + +void +_gsskrb5_clear_status (void); + +OM_uint32 +_gsskrb5_compare_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*name1*/, + const gss_name_t /*name2*/, + int * name_equal ); + +OM_uint32 +_gsskrb5_context_time ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + OM_uint32 * time_rec ); + +OM_uint32 +_gsskrb5_create_8003_checksum ( + OM_uint32 */*minor_status*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + OM_uint32 /*flags*/, + const krb5_data */*fwd_data*/, + Checksum */*result*/); + +OM_uint32 +_gsskrb5_create_ctx ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + enum gss_ctx_id_t_state /*state*/); + +OM_uint32 +_gsskrb5_create_empty_oid_set ( + OM_uint32 * /*minor_status*/, + gss_OID_set * oid_set ); + +OM_uint32 +_gsskrb5_decapsulate ( + OM_uint32 */*minor_status*/, + gss_buffer_t /*input_token_buffer*/, + krb5_data */*out_data*/, + const void */*type*/, + gss_OID /*oid*/); + +krb5_error_code +_gsskrb5_decode_be_om_uint32 ( + const void */*ptr*/, + OM_uint32 */*n*/); + +krb5_error_code +_gsskrb5_decode_om_uint32 ( + const void */*ptr*/, + OM_uint32 */*n*/); + +OM_uint32 +_gsskrb5_delete_sec_context ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + gss_buffer_t /*output_token*/); + +OM_uint32 +_gsskrb5_display_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_buffer_t /*output_name_buffer*/, + gss_OID * output_name_type ); + +OM_uint32 +_gsskrb5_display_status ( + OM_uint32 */*minor_status*/, + OM_uint32 /*status_value*/, + int /*status_type*/, + const gss_OID /*mech_type*/, + OM_uint32 */*message_context*/, + gss_buffer_t /*status_string*/); + +OM_uint32 +_gsskrb5_duplicate_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*src_name*/, + gss_name_t * dest_name ); + +void +_gsskrb5_encap_length ( + size_t /*data_len*/, + size_t */*len*/, + size_t */*total_len*/, + const gss_OID /*mech*/); + +OM_uint32 +_gsskrb5_encapsulate ( + OM_uint32 */*minor_status*/, + const krb5_data */*in_data*/, + gss_buffer_t /*output_token*/, + const void */*type*/, + const gss_OID mech ); + +krb5_error_code +_gsskrb5_encode_be_om_uint32 ( + OM_uint32 /*n*/, + u_char */*p*/); + +krb5_error_code +_gsskrb5_encode_om_uint32 ( + OM_uint32 /*n*/, + u_char */*p*/); + +OM_uint32 +_gsskrb5_export_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_buffer_t exported_name ); + +OM_uint32 +_gsskrb5_export_sec_context ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + gss_buffer_t interprocess_token ); + +char * +_gsskrb5_get_error_string (void); + +ssize_t +_gsskrb5_get_mech ( + const u_char */*ptr*/, + size_t /*total_len*/, + const u_char **/*mech_ret*/); + +OM_uint32 +_gsskrb5_get_mic ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*message_buffer*/, + gss_buffer_t message_token ); + +struct gssapi_thr_context * +_gsskrb5_get_thread_context (int /*createp*/); + +OM_uint32 +_gsskrb5_get_tkt_flags ( + OM_uint32 */*minor_status*/, + gsskrb5_ctx /*ctx*/, + OM_uint32 */*tkt_flags*/); + +OM_uint32 +_gsskrb5_import_cred ( + OM_uint32 */*minor_status*/, + krb5_ccache /*id*/, + krb5_principal /*keytab_principal*/, + krb5_keytab /*keytab*/, + gss_cred_id_t */*cred*/); + +OM_uint32 +_gsskrb5_import_name ( + OM_uint32 * /*minor_status*/, + const gss_buffer_t /*input_name_buffer*/, + const gss_OID /*input_name_type*/, + gss_name_t * output_name ); + +OM_uint32 +_gsskrb5_import_sec_context ( + OM_uint32 * /*minor_status*/, + const gss_buffer_t /*interprocess_token*/, + gss_ctx_id_t * context_handle ); + +OM_uint32 +_gsskrb5_indicate_mechs ( + OM_uint32 * /*minor_status*/, + gss_OID_set * mech_set ); + +krb5_error_code +_gsskrb5_init (void); + +OM_uint32 +_gsskrb5_init_sec_context ( + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*initiator_cred_handle*/, + gss_ctx_id_t * /*context_handle*/, + const gss_name_t /*target_name*/, + const gss_OID /*mech_type*/, + OM_uint32 /*req_flags*/, + OM_uint32 /*time_req*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + const gss_buffer_t /*input_token*/, + gss_OID * /*actual_mech_type*/, + gss_buffer_t /*output_token*/, + OM_uint32 * /*ret_flags*/, + OM_uint32 * time_rec ); + +OM_uint32 +_gsskrb5_inquire_context ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + gss_name_t * /*src_name*/, + gss_name_t * /*targ_name*/, + OM_uint32 * /*lifetime_rec*/, + gss_OID * /*mech_type*/, + OM_uint32 * /*ctx_flags*/, + int * /*locally_initiated*/, + int * open_context ); + +OM_uint32 +_gsskrb5_inquire_cred ( + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*cred_handle*/, + gss_name_t * /*output_name*/, + OM_uint32 * /*lifetime*/, + gss_cred_usage_t * /*cred_usage*/, + gss_OID_set * mechanisms ); + +OM_uint32 +_gsskrb5_inquire_cred_by_mech ( + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*cred_handle*/, + const gss_OID /*mech_type*/, + gss_name_t * /*name*/, + OM_uint32 * /*initiator_lifetime*/, + OM_uint32 * /*acceptor_lifetime*/, + gss_cred_usage_t * cred_usage ); + +OM_uint32 +_gsskrb5_inquire_cred_by_oid ( + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*cred_handle*/, + const gss_OID /*desired_object*/, + gss_buffer_set_t */*data_set*/); + +OM_uint32 +_gsskrb5_inquire_mechs_for_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_OID_set * mech_types ); + +OM_uint32 +_gsskrb5_inquire_names_for_mech ( + OM_uint32 * /*minor_status*/, + const gss_OID /*mechanism*/, + gss_OID_set * name_types ); + +OM_uint32 +_gsskrb5_inquire_sec_context_by_oid ( + OM_uint32 */*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_OID /*desired_object*/, + gss_buffer_set_t */*data_set*/); + +OM_uint32 +_gsskrb5_krb5_ccache_name ( + OM_uint32 */*minor_status*/, + const char */*name*/, + const char **/*out_name*/); + +OM_uint32 +_gsskrb5_lifetime_left ( + OM_uint32 */*minor_status*/, + OM_uint32 /*lifetime*/, + OM_uint32 */*lifetime_rec*/); + +void * +_gsskrb5_make_header ( + void */*ptr*/, + size_t /*len*/, + const void */*type*/, + const gss_OID /*mech*/); + +OM_uint32 +_gsskrb5_process_context_token ( + OM_uint32 */*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t token_buffer ); + +OM_uint32 +_gsskrb5_register_acceptor_identity (const char */*identity*/); + +OM_uint32 +_gsskrb5_release_buffer ( + OM_uint32 * /*minor_status*/, + gss_buffer_t buffer ); + +OM_uint32 +_gsskrb5_release_cred ( + OM_uint32 * /*minor_status*/, + gss_cred_id_t * cred_handle ); + +OM_uint32 +_gsskrb5_release_name ( + OM_uint32 * /*minor_status*/, + gss_name_t * input_name ); + +OM_uint32 +_gsskrb5_release_oid_set ( + OM_uint32 * /*minor_status*/, + gss_OID_set * set ); + +OM_uint32 +_gsskrb5_seal ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + int /*qop_req*/, + gss_buffer_t /*input_message_buffer*/, + int * /*conf_state*/, + gss_buffer_t output_message_buffer ); + +OM_uint32 +_gsskrb5_set_cred_option ( + OM_uint32 */*minor_status*/, + gss_cred_id_t */*cred_handle*/, + const gss_OID /*desired_object*/, + const gss_buffer_t /*value*/); + +void +_gsskrb5_set_error_string (void); + +OM_uint32 +_gsskrb5_set_sec_context_option ( + OM_uint32 */*minor_status*/, + gss_ctx_id_t */*context_handle*/, + const gss_OID /*desired_object*/, + const gss_buffer_t /*value*/); + +void +_gsskrb5_set_status ( + const char */*fmt*/, + ...); + +OM_uint32 +_gsskrb5_sign ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*qop_req*/, + gss_buffer_t /*message_buffer*/, + gss_buffer_t message_token ); + +OM_uint32 +_gsskrb5_test_oid_set_member ( + OM_uint32 * /*minor_status*/, + const gss_OID /*member*/, + const gss_OID_set /*set*/, + int * present ); + +OM_uint32 +_gsskrb5_unseal ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*output_message_buffer*/, + int * /*conf_state*/, + int * qop_state ); + +OM_uint32 +_gsskrb5_unwrap ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*output_message_buffer*/, + int * /*conf_state*/, + gss_qop_t * qop_state ); + +OM_uint32 +_gsskrb5_verify ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + gss_buffer_t /*message_buffer*/, + gss_buffer_t /*token_buffer*/, + int * qop_state ); + +OM_uint32 +_gsskrb5_verify_8003_checksum ( + OM_uint32 */*minor_status*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + const Checksum */*cksum*/, + OM_uint32 */*flags*/, + krb5_data */*fwd_data*/); + +OM_uint32 +_gsskrb5_verify_header ( + u_char **/*str*/, + size_t /*total_len*/, + const void */*type*/, + gss_OID /*oid*/); + +OM_uint32 +_gsskrb5_verify_mic ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t /*message_buffer*/, + const gss_buffer_t /*token_buffer*/, + gss_qop_t * qop_state ); + +OM_uint32 +_gsskrb5_verify_mic_internal ( + OM_uint32 * /*minor_status*/, + const gsskrb5_ctx /*context_handle*/, + const gss_buffer_t /*message_buffer*/, + const gss_buffer_t /*token_buffer*/, + gss_qop_t * /*qop_state*/, + char * type ); + +OM_uint32 +_gsskrb5_wrap ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*input_message_buffer*/, + int * /*conf_state*/, + gss_buffer_t output_message_buffer ); + +OM_uint32 +_gsskrb5_wrap_size_limit ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + OM_uint32 /*req_output_size*/, + OM_uint32 * max_input_size ); + +krb5_error_code +_gsskrb5cfx_max_wrap_length_cfx ( + krb5_crypto /*crypto*/, + int /*conf_req_flag*/, + size_t /*input_length*/, + OM_uint32 */*output_length*/); + +krb5_error_code +_gsskrb5cfx_wrap_length_cfx ( + krb5_crypto /*crypto*/, + int /*conf_req_flag*/, + size_t /*input_length*/, + size_t */*output_length*/, + size_t */*cksumsize*/, + uint16_t */*padlength*/); + +krb5_error_code +_gsskrb5i_address_to_krb5addr ( + OM_uint32 /*gss_addr_type*/, + gss_buffer_desc */*gss_addr*/, + int16_t /*port*/, + krb5_address */*address*/); + +krb5_error_code +_gsskrb5i_get_acceptor_subkey ( + const gsskrb5_ctx /*ctx*/, + krb5_keyblock **/*key*/); + +krb5_error_code +_gsskrb5i_get_initiator_subkey ( + const gsskrb5_ctx /*ctx*/, + krb5_keyblock **/*key*/); + +OM_uint32 +_gsskrb5i_get_token_key ( + const gsskrb5_ctx /*ctx*/, + krb5_keyblock **/*key*/); + +void +_gsskrb5i_is_cfx ( + gsskrb5_ctx /*ctx*/, + int */*is_cfx*/); + +#endif /* __gsskrb5_private_h__ */ diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h new file mode 100644 index 0000000000..4d814032c3 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h @@ -0,0 +1,133 @@ +/* + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: gsskrb5_locl.h,v 1.6 2006/10/07 22:14:49 lha Exp $ */ + +#ifndef GSSKRB5_LOCL_H +#define GSSKRB5_LOCL_H + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include "cfx.h" + +/* + * + */ + +struct gss_msg_order; + +typedef struct { + struct krb5_auth_context_data *auth_context; + krb5_principal source, target; + OM_uint32 flags; + enum { LOCAL = 1, OPEN = 2, + COMPAT_OLD_DES3 = 4, + COMPAT_OLD_DES3_SELECTED = 8, + ACCEPTOR_SUBKEY = 16 + } more_flags; + enum gss_ctx_id_t_state { + /* initiator states */ + INITIATOR_START, + INITIATOR_WAIT_FOR_MUTAL, + INITIATOR_READY, + /* acceptor states */ + ACCEPTOR_START, + ACCEPTOR_WAIT_FOR_DCESTYLE, + ACCEPTOR_READY + } state; + struct krb5_ticket *ticket; + OM_uint32 lifetime; + HEIMDAL_MUTEX ctx_id_mutex; + struct gss_msg_order *order; + krb5_keyblock *service_keyblock; + krb5_data fwd_data; +} *gsskrb5_ctx; + +typedef struct { + krb5_principal principal; + int cred_flags; +#define GSS_CF_DESTROY_CRED_ON_RELEASE 1 + struct krb5_keytab_data *keytab; + OM_uint32 lifetime; + gss_cred_usage_t usage; + gss_OID_set mechanisms; + struct krb5_ccache_data *ccache; + HEIMDAL_MUTEX cred_id_mutex; +} *gsskrb5_cred; + +typedef struct Principal *gsskrb5_name; + +/* + * + */ + +extern krb5_context _gsskrb5_context; + +extern krb5_keytab _gsskrb5_keytab; +extern HEIMDAL_MUTEX gssapi_keytab_mutex; + +struct gssapi_thr_context { + HEIMDAL_MUTEX mutex; + char *error_string; +}; + +/* + * Prototypes + */ + +#include + +#define GSSAPI_KRB5_INIT() do { \ + krb5_error_code kret_gss_init; \ + if((kret_gss_init = _gsskrb5_init ()) != 0) { \ + *minor_status = kret_gss_init; \ + return GSS_S_FAILURE; \ + } \ +} while (0) + +/* sec_context flags */ + +#define SC_LOCAL_ADDRESS 0x01 +#define SC_REMOTE_ADDRESS 0x02 +#define SC_KEYBLOCK 0x04 +#define SC_LOCAL_SUBKEY 0x08 +#define SC_REMOTE_SUBKEY 0x10 + +#endif diff --git a/source4/heimdal/lib/gssapi/krb5/import_name.c b/source4/heimdal/lib/gssapi/krb5/import_name.c new file mode 100644 index 0000000000..dc24ed5cf2 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/import_name.c @@ -0,0 +1,219 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: import_name.c,v 1.17 2006/10/07 22:14:51 lha Exp $"); + +static OM_uint32 +parse_krb5_name (OM_uint32 *minor_status, + const char *name, + gss_name_t *output_name) +{ + krb5_principal princ; + krb5_error_code kerr; + + kerr = krb5_parse_name (_gsskrb5_context, name, &princ); + + if (kerr == 0) { + *output_name = (gss_name_t)princ; + return GSS_S_COMPLETE; + } + _gsskrb5_set_error_string (); + *minor_status = kerr; + + if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) + return GSS_S_BAD_NAME; + + return GSS_S_FAILURE; +} + +static OM_uint32 +import_krb5_name (OM_uint32 *minor_status, + const gss_buffer_t input_name_buffer, + gss_name_t *output_name) +{ + OM_uint32 ret; + char *tmp; + + tmp = malloc (input_name_buffer->length + 1); + if (tmp == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy (tmp, + input_name_buffer->value, + input_name_buffer->length); + tmp[input_name_buffer->length] = '\0'; + + ret = parse_krb5_name(minor_status, tmp, output_name); + free(tmp); + + return ret; +} + +static OM_uint32 +import_hostbased_name (OM_uint32 *minor_status, + const gss_buffer_t input_name_buffer, + gss_name_t *output_name) +{ + krb5_error_code kerr; + char *tmp; + char *p; + char *host; + char local_hostname[MAXHOSTNAMELEN]; + krb5_principal princ = NULL; + + tmp = malloc (input_name_buffer->length + 1); + if (tmp == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy (tmp, + input_name_buffer->value, + input_name_buffer->length); + tmp[input_name_buffer->length] = '\0'; + + p = strchr (tmp, '@'); + if (p != NULL) { + *p = '\0'; + host = p + 1; + } else { + if (gethostname(local_hostname, sizeof(local_hostname)) < 0) { + *minor_status = errno; + free (tmp); + return GSS_S_FAILURE; + } + host = local_hostname; + } + + kerr = krb5_sname_to_principal (_gsskrb5_context, + host, + tmp, + KRB5_NT_SRV_HST, + &princ); + free (tmp); + *minor_status = kerr; + if (kerr == 0) { + *output_name = (gss_name_t)princ; + return GSS_S_COMPLETE; + } + _gsskrb5_set_error_string (); + *minor_status = kerr; + + if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) + return GSS_S_BAD_NAME; + + return GSS_S_FAILURE; +} + +static OM_uint32 +import_export_name (OM_uint32 *minor_status, + const gss_buffer_t input_name_buffer, + gss_name_t *output_name) +{ + unsigned char *p; + uint32_t length; + OM_uint32 ret; + char *name; + + if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length) + return GSS_S_BAD_NAME; + + /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */ + + p = input_name_buffer->value; + + if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 || + p[3] != GSS_KRB5_MECHANISM->length + 2 || + p[4] != 0x06 || + p[5] != GSS_KRB5_MECHANISM->length || + memcmp(&p[6], GSS_KRB5_MECHANISM->elements, + GSS_KRB5_MECHANISM->length) != 0) + return GSS_S_BAD_NAME; + + p += 6 + GSS_KRB5_MECHANISM->length; + + length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3]; + p += 4; + + if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length) + return GSS_S_BAD_NAME; + + name = malloc(length + 1); + if (name == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(name, p, length); + name[length] = '\0'; + + ret = parse_krb5_name(minor_status, name, output_name); + free(name); + + return ret; +} + +OM_uint32 _gsskrb5_import_name + (OM_uint32 * minor_status, + const gss_buffer_t input_name_buffer, + const gss_OID input_name_type, + gss_name_t * output_name + ) +{ + GSSAPI_KRB5_INIT (); + + *minor_status = 0; + *output_name = GSS_C_NO_NAME; + + if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE) || + gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE_X)) + return import_hostbased_name (minor_status, + input_name_buffer, + output_name); + else if (gss_oid_equal(input_name_type, GSS_C_NO_OID) + || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME) + || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) + /* default printable syntax */ + return import_krb5_name (minor_status, + input_name_buffer, + output_name); + else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) { + return import_export_name(minor_status, + input_name_buffer, + output_name); + } else { + *minor_status = 0; + return GSS_S_BAD_NAMETYPE; + } +} diff --git a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c new file mode 100644 index 0000000000..8131e2621d --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c @@ -0,0 +1,229 @@ +/* + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: import_sec_context.c,v 1.17 2006/10/07 22:14:53 lha Exp $"); + +OM_uint32 +_gsskrb5_import_sec_context ( + OM_uint32 * minor_status, + const gss_buffer_t interprocess_token, + gss_ctx_id_t * context_handle + ) +{ + OM_uint32 ret = GSS_S_FAILURE; + krb5_error_code kret; + krb5_storage *sp; + krb5_auth_context ac; + krb5_address local, remote; + krb5_address *localp, *remotep; + krb5_data data; + gss_buffer_desc buffer; + krb5_keyblock keyblock; + int32_t tmp; + int32_t flags; + gsskrb5_ctx ctx; + gss_name_t name; + + GSSAPI_KRB5_INIT (); + + *context_handle = GSS_C_NO_CONTEXT; + + localp = remotep = NULL; + + sp = krb5_storage_from_mem (interprocess_token->value, + interprocess_token->length); + if (sp == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + ctx = calloc(1, sizeof(*ctx)); + if (ctx == NULL) { + *minor_status = ENOMEM; + krb5_storage_free (sp); + return GSS_S_FAILURE; + } + HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex); + + kret = krb5_auth_con_init (_gsskrb5_context, + &ctx->auth_context); + if (kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } + + /* flags */ + + *minor_status = 0; + + if (krb5_ret_int32 (sp, &flags) != 0) + goto failure; + + /* retrieve the auth context */ + + ac = ctx->auth_context; + if (krb5_ret_uint32 (sp, &ac->flags) != 0) + goto failure; + if (flags & SC_LOCAL_ADDRESS) { + if (krb5_ret_address (sp, localp = &local) != 0) + goto failure; + } + + if (flags & SC_REMOTE_ADDRESS) { + if (krb5_ret_address (sp, remotep = &remote) != 0) + goto failure; + } + + krb5_auth_con_setaddrs (_gsskrb5_context, ac, localp, remotep); + if (localp) + krb5_free_address (_gsskrb5_context, localp); + if (remotep) + krb5_free_address (_gsskrb5_context, remotep); + localp = remotep = NULL; + + if (krb5_ret_int16 (sp, &ac->local_port) != 0) + goto failure; + + if (krb5_ret_int16 (sp, &ac->remote_port) != 0) + goto failure; + if (flags & SC_KEYBLOCK) { + if (krb5_ret_keyblock (sp, &keyblock) != 0) + goto failure; + krb5_auth_con_setkey (_gsskrb5_context, ac, &keyblock); + krb5_free_keyblock_contents (_gsskrb5_context, &keyblock); + } + if (flags & SC_LOCAL_SUBKEY) { + if (krb5_ret_keyblock (sp, &keyblock) != 0) + goto failure; + krb5_auth_con_setlocalsubkey (_gsskrb5_context, ac, &keyblock); + krb5_free_keyblock_contents (_gsskrb5_context, &keyblock); + } + if (flags & SC_REMOTE_SUBKEY) { + if (krb5_ret_keyblock (sp, &keyblock) != 0) + goto failure; + krb5_auth_con_setremotesubkey (_gsskrb5_context, ac, &keyblock); + krb5_free_keyblock_contents (_gsskrb5_context, &keyblock); + } + if (krb5_ret_uint32 (sp, &ac->local_seqnumber)) + goto failure; + if (krb5_ret_uint32 (sp, &ac->remote_seqnumber)) + goto failure; + + if (krb5_ret_int32 (sp, &tmp) != 0) + goto failure; + ac->keytype = tmp; + if (krb5_ret_int32 (sp, &tmp) != 0) + goto failure; + ac->cksumtype = tmp; + + /* names */ + + if (krb5_ret_data (sp, &data)) + goto failure; + buffer.value = data.data; + buffer.length = data.length; + + ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME, + &name); + if (ret) { + ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NO_OID, + &name); + if (ret) { + krb5_data_free (&data); + goto failure; + } + } + ctx->source = (krb5_principal)name; + krb5_data_free (&data); + + if (krb5_ret_data (sp, &data) != 0) + goto failure; + buffer.value = data.data; + buffer.length = data.length; + + ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME, + &name); + if (ret) { + ret = _gsskrb5_import_name (minor_status, &buffer, GSS_C_NO_OID, + &name); + if (ret) { + krb5_data_free (&data); + goto failure; + } + } + ctx->target = (krb5_principal)name; + krb5_data_free (&data); + + if (krb5_ret_int32 (sp, &tmp)) + goto failure; + ctx->flags = tmp; + if (krb5_ret_int32 (sp, &tmp)) + goto failure; + ctx->more_flags = tmp; + if (krb5_ret_int32 (sp, &tmp)) + goto failure; + ctx->lifetime = tmp; + + ret = _gssapi_msg_order_import(minor_status, sp, &ctx->order); + if (ret) + goto failure; + + krb5_storage_free (sp); + + *context_handle = (gss_ctx_id_t)ctx; + + return GSS_S_COMPLETE; + +failure: + krb5_auth_con_free (_gsskrb5_context, + ctx->auth_context); + if (ctx->source != NULL) + krb5_free_principal(_gsskrb5_context, ctx->source); + if (ctx->target != NULL) + krb5_free_principal(_gsskrb5_context, ctx->target); + if (localp) + krb5_free_address (_gsskrb5_context, localp); + if (remotep) + krb5_free_address (_gsskrb5_context, remotep); + if(ctx->order) + _gssapi_msg_order_destroy(&ctx->order); + HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); + krb5_storage_free (sp); + free (ctx); + *context_handle = GSS_C_NO_CONTEXT; + return ret; +} diff --git a/source4/heimdal/lib/gssapi/krb5/indicate_mechs.c b/source4/heimdal/lib/gssapi/krb5/indicate_mechs.c new file mode 100644 index 0000000000..3827533219 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/indicate_mechs.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: indicate_mechs.c,v 1.9 2006/10/07 22:14:56 lha Exp $"); + +OM_uint32 _gsskrb5_indicate_mechs + (OM_uint32 * minor_status, + gss_OID_set * mech_set + ) +{ + OM_uint32 ret, junk; + + ret = _gsskrb5_create_empty_oid_set(minor_status, mech_set); + if (ret) + return ret; + + ret = _gsskrb5_add_oid_set_member(minor_status, + GSS_KRB5_MECHANISM, mech_set); + if (ret) { + _gsskrb5_release_oid_set(&junk, mech_set); + return ret; + } + + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/init.c b/source4/heimdal/lib/gssapi/krb5/init.c new file mode 100644 index 0000000000..cbef8740b7 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/init.c @@ -0,0 +1,111 @@ +/* + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: init.c,v 1.9 2006/10/07 22:14:58 lha Exp $"); + +static HEIMDAL_MUTEX _gsskrb5_context_mutex = HEIMDAL_MUTEX_INITIALIZER; +static int created_key; +static HEIMDAL_thread_key gssapi_context_key; + +static void +gssapi_destroy_thread_context(void *ptr) +{ + struct gssapi_thr_context *ctx = ptr; + + if (ctx == NULL) + return; + if (ctx->error_string) + free(ctx->error_string); + HEIMDAL_MUTEX_destroy(&ctx->mutex); + free(ctx); +} + + +struct gssapi_thr_context * +_gsskrb5_get_thread_context(int createp) +{ + struct gssapi_thr_context *ctx; + int ret; + + HEIMDAL_MUTEX_lock(&_gsskrb5_context_mutex); + + if (!created_key) + abort(); + ctx = HEIMDAL_getspecific(gssapi_context_key); + if (ctx == NULL) { + if (!createp) + goto fail; + ctx = malloc(sizeof(*ctx)); + if (ctx == NULL) + goto fail; + ctx->error_string = NULL; + HEIMDAL_MUTEX_init(&ctx->mutex); + HEIMDAL_setspecific(gssapi_context_key, ctx, ret); + if (ret) + goto fail; + } + HEIMDAL_MUTEX_unlock(&_gsskrb5_context_mutex); + return ctx; + fail: + HEIMDAL_MUTEX_unlock(&_gsskrb5_context_mutex); + if (ctx) + free(ctx); + return NULL; +} + +krb5_error_code +_gsskrb5_init (void) +{ + krb5_error_code ret = 0; + + HEIMDAL_MUTEX_lock(&_gsskrb5_context_mutex); + + if(_gsskrb5_context == NULL) + ret = krb5_init_context (&_gsskrb5_context); + if (ret == 0 && !created_key) { + HEIMDAL_key_create(&gssapi_context_key, + gssapi_destroy_thread_context, + ret); + if (ret) { + krb5_free_context(_gsskrb5_context); + _gsskrb5_context = NULL; + } else + created_key = 1; + } + + HEIMDAL_MUTEX_unlock(&_gsskrb5_context_mutex); + + return ret; +} diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c new file mode 100644 index 0000000000..00f2543833 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -0,0 +1,789 @@ +/* + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: init_sec_context.c,v 1.72 2006/10/24 23:03:19 lha Exp $"); + +/* + * copy the addresses from `input_chan_bindings' (if any) to + * the auth context `ac' + */ + +static OM_uint32 +set_addresses (krb5_auth_context ac, + const gss_channel_bindings_t input_chan_bindings) +{ + /* Port numbers are expected to be in application_data.value, + * initator's port first */ + + krb5_address initiator_addr, acceptor_addr; + krb5_error_code kret; + + if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS + || input_chan_bindings->application_data.length != + 2 * sizeof(ac->local_port)) + return 0; + + memset(&initiator_addr, 0, sizeof(initiator_addr)); + memset(&acceptor_addr, 0, sizeof(acceptor_addr)); + + ac->local_port = + *(int16_t *) input_chan_bindings->application_data.value; + + ac->remote_port = + *((int16_t *) input_chan_bindings->application_data.value + 1); + + kret = _gsskrb5i_address_to_krb5addr(input_chan_bindings->acceptor_addrtype, + &input_chan_bindings->acceptor_address, + ac->remote_port, + &acceptor_addr); + if (kret) + return kret; + + kret = _gsskrb5i_address_to_krb5addr(input_chan_bindings->initiator_addrtype, + &input_chan_bindings->initiator_address, + ac->local_port, + &initiator_addr); + if (kret) { + krb5_free_address (_gsskrb5_context, &acceptor_addr); + return kret; + } + + kret = krb5_auth_con_setaddrs(_gsskrb5_context, + ac, + &initiator_addr, /* local address */ + &acceptor_addr); /* remote address */ + + krb5_free_address (_gsskrb5_context, &initiator_addr); + krb5_free_address (_gsskrb5_context, &acceptor_addr); + +#if 0 + free(input_chan_bindings->application_data.value); + input_chan_bindings->application_data.value = NULL; + input_chan_bindings->application_data.length = 0; +#endif + + return kret; +} + +OM_uint32 +_gsskrb5_create_ctx( + OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + const gss_channel_bindings_t input_chan_bindings, + enum gss_ctx_id_t_state state) +{ + krb5_error_code kret; + gsskrb5_ctx ctx; + + *context_handle = NULL; + + ctx = malloc(sizeof(*ctx)); + if (ctx == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + ctx->auth_context = NULL; + ctx->source = NULL; + ctx->target = NULL; + ctx->state = state; + ctx->flags = 0; + ctx->more_flags = 0; + ctx->service_keyblock = NULL; + ctx->ticket = NULL; + krb5_data_zero(&ctx->fwd_data); + ctx->lifetime = GSS_C_INDEFINITE; + ctx->order = NULL; + HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex); + + kret = krb5_auth_con_init (_gsskrb5_context, &ctx->auth_context); + if (kret) { + *minor_status = kret; + _gsskrb5_set_error_string (); + + HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); + + return GSS_S_FAILURE; + } + + kret = set_addresses(ctx->auth_context, input_chan_bindings); + if (kret) { + *minor_status = kret; + + HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); + + krb5_auth_con_free(_gsskrb5_context, ctx->auth_context); + + return GSS_S_BAD_BINDINGS; + } + + /* + * We need a sequence number + */ + + krb5_auth_con_addflags(_gsskrb5_context, + ctx->auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE | + KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED, + NULL); + + *context_handle = (gss_ctx_id_t)ctx; + + return GSS_S_COMPLETE; +} + + +static OM_uint32 +gsskrb5_get_creds( + OM_uint32 * minor_status, + krb5_ccache ccache, + gsskrb5_ctx ctx, + krb5_const_principal target_name, + OM_uint32 time_req, + OM_uint32 * time_rec, + krb5_creds ** cred) +{ + OM_uint32 ret; + krb5_error_code kret; + krb5_creds this_cred; + OM_uint32 lifetime_rec; + + *cred = NULL; + + memset(&this_cred, 0, sizeof(this_cred)); + this_cred.client = ctx->source; + this_cred.server = ctx->target; + + if (time_req && time_req != GSS_C_INDEFINITE) { + krb5_timestamp ts; + + krb5_timeofday (_gsskrb5_context, &ts); + this_cred.times.endtime = ts + time_req; + } else { + this_cred.times.endtime = 0; + } + + this_cred.session.keytype = KEYTYPE_NULL; + + kret = krb5_get_credentials(_gsskrb5_context, + 0, + ccache, + &this_cred, + cred); + if (kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + ctx->lifetime = (*cred)->times.endtime; + + ret = _gsskrb5_lifetime_left(minor_status, ctx->lifetime, &lifetime_rec); + if (ret) return ret; + + if (lifetime_rec == 0) { + *minor_status = 0; + return GSS_S_CONTEXT_EXPIRED; + } + + if (time_rec) *time_rec = lifetime_rec; + + return GSS_S_COMPLETE; +} + +static OM_uint32 +gsskrb5_initiator_ready( + OM_uint32 * minor_status, + gsskrb5_ctx ctx) +{ + OM_uint32 ret; + int32_t seq_number; + int is_cfx = 0; + OM_uint32 flags = ctx->flags; + + krb5_auth_getremoteseqnumber (_gsskrb5_context, + ctx->auth_context, + &seq_number); + + _gsskrb5i_is_cfx(ctx, &is_cfx); + + ret = _gssapi_msg_order_create(minor_status, + &ctx->order, + _gssapi_msg_order_f(flags), + seq_number, 0, is_cfx); + if (ret) return ret; + + ctx->state = INITIATOR_READY; + ctx->more_flags |= OPEN; + + return GSS_S_COMPLETE; +} + +/* + * handle delegated creds in init-sec-context + */ + +static void +do_delegation (krb5_auth_context ac, + krb5_ccache ccache, + krb5_creds *cred, + krb5_const_principal name, + krb5_data *fwd_data, + uint32_t *flags) +{ + krb5_creds creds; + KDCOptions fwd_flags; + krb5_error_code kret; + + memset (&creds, 0, sizeof(creds)); + krb5_data_zero (fwd_data); + + kret = krb5_cc_get_principal(_gsskrb5_context, ccache, &creds.client); + if (kret) + goto out; + + kret = krb5_build_principal(_gsskrb5_context, + &creds.server, + strlen(creds.client->realm), + creds.client->realm, + KRB5_TGS_NAME, + creds.client->realm, + NULL); + if (kret) + goto out; + + creds.times.endtime = 0; + + memset(&fwd_flags, 0, sizeof(fwd_flags)); + fwd_flags.forwarded = 1; + fwd_flags.forwardable = 1; + + if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/ + name->name.name_string.len < 2) + goto out; + + kret = krb5_get_forwarded_creds(_gsskrb5_context, + ac, + ccache, + KDCOptions2int(fwd_flags), + name->name.name_string.val[1], + &creds, + fwd_data); + + out: + if (kret) + *flags &= ~GSS_C_DELEG_FLAG; + else + *flags |= GSS_C_DELEG_FLAG; + + if (creds.client) + krb5_free_principal(_gsskrb5_context, creds.client); + if (creds.server) + krb5_free_principal(_gsskrb5_context, creds.server); +} + +/* + * first stage of init-sec-context + */ + +static OM_uint32 +init_auth +(OM_uint32 * minor_status, + gsskrb5_cred initiator_cred_handle, + gsskrb5_ctx ctx, + krb5_const_principal name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec + ) +{ + OM_uint32 ret = GSS_S_FAILURE; + krb5_error_code kret; + krb5_flags ap_options; + krb5_creds *cred = NULL; + krb5_data outbuf; + krb5_ccache ccache = NULL; + uint32_t flags; + krb5_data authenticator; + Checksum cksum; + krb5_enctype enctype; + krb5_data fwd_data; + OM_uint32 lifetime_rec; + + krb5_data_zero(&outbuf); + krb5_data_zero(&fwd_data); + + *minor_status = 0; + + if (actual_mech_type) + *actual_mech_type = GSS_KRB5_MECHANISM; + + if (initiator_cred_handle == NULL) { + kret = krb5_cc_default (_gsskrb5_context, &ccache); + if (kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } + } else + ccache = initiator_cred_handle->ccache; + + kret = krb5_cc_get_principal (_gsskrb5_context, ccache, &ctx->source); + if (kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } + + kret = krb5_copy_principal (_gsskrb5_context, name, &ctx->target); + if (kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } + + ret = _gss_DES3_get_mic_compat(minor_status, ctx); + if (ret) + goto failure; + + + ret = gsskrb5_get_creds(minor_status, + ccache, + ctx, + ctx->target, + time_req, + time_rec, + &cred); + if (ret) + goto failure; + + ctx->lifetime = cred->times.endtime; + + ret = _gsskrb5_lifetime_left(minor_status, + ctx->lifetime, + &lifetime_rec); + if (ret) { + goto failure; + } + + if (lifetime_rec == 0) { + *minor_status = 0; + ret = GSS_S_CONTEXT_EXPIRED; + goto failure; + } + + krb5_auth_con_setkey(_gsskrb5_context, + ctx->auth_context, + &cred->session); + + kret = krb5_auth_con_generatelocalsubkey(_gsskrb5_context, + ctx->auth_context, + &cred->session); + if(kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } + + /* + * If the credential doesn't have ok-as-delegate, check what local + * policy say about ok-as-delegate, default is FALSE that makes + * code ignore the KDC setting and follow what the application + * requested. If its TRUE, strip of the GSS_C_DELEG_FLAG if the + * KDC doesn't set ok-as-delegate. + */ + if (!cred->flags.b.ok_as_delegate) { + krb5_boolean delegate; + + krb5_appdefault_boolean(_gsskrb5_context, + "gssapi", name->realm, + "ok-as-delegate", FALSE, &delegate); + if (delegate) + req_flags &= ~GSS_C_DELEG_FLAG; + } + + flags = 0; + ap_options = 0; + if (req_flags & GSS_C_DELEG_FLAG) + do_delegation (ctx->auth_context, + ccache, cred, name, &fwd_data, &flags); + + if (req_flags & GSS_C_MUTUAL_FLAG) { + flags |= GSS_C_MUTUAL_FLAG; + ap_options |= AP_OPTS_MUTUAL_REQUIRED; + } + + if (req_flags & GSS_C_REPLAY_FLAG) + flags |= GSS_C_REPLAY_FLAG; + if (req_flags & GSS_C_SEQUENCE_FLAG) + flags |= GSS_C_SEQUENCE_FLAG; + if (req_flags & GSS_C_ANON_FLAG) + ; /* XXX */ + if (req_flags & GSS_C_DCE_STYLE) { + /* GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG */ + flags |= GSS_C_DCE_STYLE | GSS_C_MUTUAL_FLAG; + ap_options |= AP_OPTS_MUTUAL_REQUIRED; + } + if (req_flags & GSS_C_IDENTIFY_FLAG) + flags |= GSS_C_IDENTIFY_FLAG; + if (req_flags & GSS_C_EXTENDED_ERROR_FLAG) + flags |= GSS_C_EXTENDED_ERROR_FLAG; + + flags |= GSS_C_CONF_FLAG; + flags |= GSS_C_INTEG_FLAG; + flags |= GSS_C_TRANS_FLAG; + + if (ret_flags) + *ret_flags = flags; + ctx->flags = flags; + ctx->more_flags |= LOCAL; + + ret = _gsskrb5_create_8003_checksum (minor_status, + input_chan_bindings, + flags, + &fwd_data, + &cksum); + krb5_data_free (&fwd_data); + if (ret) + goto failure; + + enctype = ctx->auth_context->keyblock->keytype; + + kret = krb5_build_authenticator (_gsskrb5_context, + ctx->auth_context, + enctype, + cred, + &cksum, + NULL, + &authenticator, + KRB5_KU_AP_REQ_AUTH); + + if (kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } + + kret = krb5_build_ap_req (_gsskrb5_context, + enctype, + cred, + ap_options, + authenticator, + &outbuf); + + if (kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } + + ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token, + (u_char *)"\x01\x00", GSS_KRB5_MECHANISM); + if (ret) + goto failure; + + krb5_data_free (&outbuf); + krb5_free_creds(_gsskrb5_context, cred); + free_Checksum(&cksum); + if (initiator_cred_handle == NULL) + krb5_cc_close(_gsskrb5_context, ccache); + + if (flags & GSS_C_MUTUAL_FLAG) { + ctx->state = INITIATOR_WAIT_FOR_MUTAL; + return GSS_S_CONTINUE_NEEDED; + } + + return gsskrb5_initiator_ready(minor_status, ctx); +failure: + if(cred) + krb5_free_creds(_gsskrb5_context, cred); + if (ccache && initiator_cred_handle == NULL) + krb5_cc_close(_gsskrb5_context, ccache); + + return ret; + +} + +static OM_uint32 +repl_mutual + (OM_uint32 * minor_status, + gsskrb5_ctx ctx, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec + ) +{ + OM_uint32 ret; + krb5_error_code kret; + krb5_data indata; + krb5_ap_rep_enc_part *repl; + int is_cfx = 0; + + output_token->length = 0; + output_token->value = NULL; + + if (actual_mech_type) + *actual_mech_type = GSS_KRB5_MECHANISM; + + if (req_flags & GSS_C_DCE_STYLE) { + /* There is no OID wrapping. */ + indata.length = input_token->length; + indata.data = input_token->value; + } else { + ret = _gsskrb5_decapsulate (minor_status, + input_token, + &indata, + "\x02\x00", + GSS_KRB5_MECHANISM); + if (ret) { + /* XXX - Handle AP_ERROR */ + return ret; + } + } + + kret = krb5_rd_rep (_gsskrb5_context, + ctx->auth_context, + &indata, + &repl); + if (kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + krb5_free_ap_rep_enc_part (_gsskrb5_context, + repl); + + _gsskrb5i_is_cfx(ctx, &is_cfx); + if (is_cfx) { + krb5_keyblock *key = NULL; + + kret = krb5_auth_con_getremotesubkey(_gsskrb5_context, + ctx->auth_context, + &key); + if (kret == 0 && key != NULL) { + ctx->more_flags |= ACCEPTOR_SUBKEY; + krb5_free_keyblock (_gsskrb5_context, key); + } + } + + + *minor_status = 0; + if (time_rec) { + ret = _gsskrb5_lifetime_left(minor_status, + ctx->lifetime, + time_rec); + } else { + ret = GSS_S_COMPLETE; + } + if (ret_flags) + *ret_flags = ctx->flags; + + if (req_flags & GSS_C_DCE_STYLE) { + int32_t con_flags; + krb5_data outbuf; + + /* Do don't do sequence number for the mk-rep */ + krb5_auth_con_removeflags(_gsskrb5_context, + ctx->auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE, + &con_flags); + + kret = krb5_mk_rep(_gsskrb5_context, + ctx->auth_context, + &outbuf); + if (kret) { + _gsskrb5_set_error_string (); + *minor_status = kret; + return GSS_S_FAILURE; + } + + output_token->length = outbuf.length; + output_token->value = outbuf.data; + + krb5_auth_con_removeflags(_gsskrb5_context, + ctx->auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE, + NULL); + } + + return gsskrb5_initiator_ready(minor_status, ctx); +} + +/* + * gss_init_sec_context + */ + +OM_uint32 _gsskrb5_init_sec_context +(OM_uint32 * minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec + ) +{ + gsskrb5_cred cred = (gsskrb5_cred)initiator_cred_handle; + krb5_const_principal name = (krb5_const_principal)target_name; + gsskrb5_ctx ctx; + OM_uint32 ret; + + GSSAPI_KRB5_INIT (); + + output_token->length = 0; + output_token->value = NULL; + + if (context_handle == NULL) { + *minor_status = 0; + return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE; + } + + if (ret_flags) + *ret_flags = 0; + if (time_rec) + *time_rec = 0; + + if (target_name == GSS_C_NO_NAME) { + if (actual_mech_type) + *actual_mech_type = GSS_C_NO_OID; + *minor_status = 0; + return GSS_S_BAD_NAME; + } + + if (mech_type != GSS_C_NO_OID && + !gss_oid_equal(mech_type, GSS_KRB5_MECHANISM)) + return GSS_S_BAD_MECH; + + if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) { + OM_uint32 ret; + + if (*context_handle != GSS_C_NO_CONTEXT) { + *minor_status = 0; + return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE; + } + + ret = _gsskrb5_create_ctx(minor_status, + context_handle, + input_chan_bindings, + INITIATOR_START); + if (ret) + return ret; + } + + if (*context_handle == GSS_C_NO_CONTEXT) { + *minor_status = 0; + return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE; + } + + ctx = (gsskrb5_ctx) *context_handle; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + + switch (ctx->state) { + case INITIATOR_START: + ret = init_auth(minor_status, + cred, + ctx, + name, + mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); + break; + case INITIATOR_WAIT_FOR_MUTAL: + ret = repl_mutual(minor_status, + ctx, + mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); + break; + case INITIATOR_READY: + /* + * If we get there, the caller have called + * gss_init_sec_context() one time too many. + */ + *minor_status = 0; + ret = GSS_S_BAD_STATUS; + break; + default: + *minor_status = 0; + ret = GSS_S_BAD_STATUS; + break; + } + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + /* destroy context in case of error */ + if (GSS_ERROR(ret)) { + OM_uint32 min2; + _gsskrb5_delete_sec_context(&min2, context_handle, GSS_C_NO_BUFFER); + } + + return ret; + +} diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_context.c b/source4/heimdal/lib/gssapi/krb5/inquire_context.c new file mode 100644 index 0000000000..ef43e6852c --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/inquire_context.c @@ -0,0 +1,108 @@ +/* + * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: inquire_context.c,v 1.10 2006/10/07 22:15:03 lha Exp $"); + +OM_uint32 _gsskrb5_inquire_context ( + OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + gss_name_t * src_name, + gss_name_t * targ_name, + OM_uint32 * lifetime_rec, + gss_OID * mech_type, + OM_uint32 * ctx_flags, + int * locally_initiated, + int * open_context + ) +{ + OM_uint32 ret; + gsskrb5_ctx ctx = (gsskrb5_ctx)context_handle; + gss_name_t name; + + if (src_name) + *src_name = GSS_C_NO_NAME; + if (targ_name) + *targ_name = GSS_C_NO_NAME; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + + if (src_name) { + name = (gss_name_t)ctx->source; + ret = _gsskrb5_duplicate_name (minor_status, name, src_name); + if (ret) + goto failed; + } + + if (targ_name) { + name = (gss_name_t)ctx->target; + ret = _gsskrb5_duplicate_name (minor_status, name, targ_name); + if (ret) + goto failed; + } + + if (lifetime_rec) { + ret = _gsskrb5_lifetime_left(minor_status, + ctx->lifetime, + lifetime_rec); + if (ret) + goto failed; + } + + if (mech_type) + *mech_type = GSS_KRB5_MECHANISM; + + if (ctx_flags) + *ctx_flags = ctx->flags; + + if (locally_initiated) + *locally_initiated = ctx->more_flags & LOCAL; + + if (open_context) + *open_context = ctx->more_flags & OPEN; + + *minor_status = 0; + + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return GSS_S_COMPLETE; + +failed: + if (src_name) + _gsskrb5_release_name(NULL, src_name); + if (targ_name) + _gsskrb5_release_name(NULL, targ_name); + + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return ret; +} diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_cred.c b/source4/heimdal/lib/gssapi/krb5/inquire_cred.c new file mode 100644 index 0000000000..0593729365 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/inquire_cred.c @@ -0,0 +1,178 @@ +/* + * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: inquire_cred.c,v 1.12 2006/10/07 22:15:06 lha Exp $"); + +OM_uint32 _gsskrb5_inquire_cred +(OM_uint32 * minor_status, + const gss_cred_id_t cred_handle, + gss_name_t * output_name, + OM_uint32 * lifetime, + gss_cred_usage_t * cred_usage, + gss_OID_set * mechanisms + ) +{ + gss_cred_id_t aqcred_init = GSS_C_NO_CREDENTIAL; + gss_cred_id_t aqcred_accept = GSS_C_NO_CREDENTIAL; + gsskrb5_cred acred = NULL, icred = NULL; + OM_uint32 ret; + + *minor_status = 0; + + if (output_name) + *output_name = NULL; + if (mechanisms) + *mechanisms = GSS_C_NO_OID_SET; + + if (cred_handle == GSS_C_NO_CREDENTIAL) { + ret = _gsskrb5_acquire_cred(minor_status, + GSS_C_NO_NAME, + GSS_C_INDEFINITE, + GSS_C_NO_OID_SET, + GSS_C_ACCEPT, + &aqcred_accept, + NULL, + NULL); + if (ret == GSS_S_COMPLETE) + acred = (gsskrb5_cred)aqcred_accept; + + ret = _gsskrb5_acquire_cred(minor_status, + GSS_C_NO_NAME, + GSS_C_INDEFINITE, + GSS_C_NO_OID_SET, + GSS_C_INITIATE, + &aqcred_init, + NULL, + NULL); + if (ret == GSS_S_COMPLETE) + acred = (gsskrb5_cred)aqcred_init; + + if (icred == NULL && acred == NULL) { + *minor_status = 0; + return GSS_S_NO_CRED; + } + } else + acred = (gsskrb5_cred)cred_handle; + + if (acred) + HEIMDAL_MUTEX_lock(&acred->cred_id_mutex); + if (icred) + HEIMDAL_MUTEX_lock(&icred->cred_id_mutex); + + if (output_name != NULL) { + if (icred && icred->principal != NULL) { + gss_name_t name; + + if (acred) + name = (gss_name_t)acred->principal; + else + name = (gss_name_t)icred->principal; + + ret = _gsskrb5_duplicate_name(minor_status, name, output_name); + if (ret) + goto out; + } else if (acred && acred->usage == GSS_C_ACCEPT) { + krb5_principal princ; + *minor_status = krb5_sname_to_principal(_gsskrb5_context, NULL, + NULL, KRB5_NT_SRV_HST, + &princ); + if (*minor_status) { + ret = GSS_S_FAILURE; + goto out; + } + *output_name = (gss_name_t)princ; + } else { + krb5_principal princ; + *minor_status = krb5_get_default_principal(_gsskrb5_context, + &princ); + if (*minor_status) { + ret = GSS_S_FAILURE; + goto out; + } + *output_name = (gss_name_t)princ; + } + } + if (lifetime != NULL) { + OM_uint32 alife = GSS_C_INDEFINITE, ilife = GSS_C_INDEFINITE; + + if (acred) alife = acred->lifetime; + if (icred) ilife = icred->lifetime; + + ret = _gsskrb5_lifetime_left(minor_status, + min(alife,ilife), + lifetime); + if (ret) + goto out; + } + if (cred_usage != NULL) { + if (acred && icred) + *cred_usage = GSS_C_BOTH; + else if (acred) + *cred_usage = GSS_C_ACCEPT; + else if (icred) + *cred_usage = GSS_C_INITIATE; + else + abort(); + } + + if (mechanisms != NULL) { + ret = _gsskrb5_create_empty_oid_set(minor_status, mechanisms); + if (ret) + goto out; + if (acred) + ret = _gsskrb5_add_oid_set_member(minor_status, + &acred->mechanisms->elements[0], + mechanisms); + if (ret == GSS_S_COMPLETE && icred) + ret = _gsskrb5_add_oid_set_member(minor_status, + &icred->mechanisms->elements[0], + mechanisms); + if (ret) + goto out; + } + ret = GSS_S_COMPLETE; +out: + if (acred) + HEIMDAL_MUTEX_unlock(&acred->cred_id_mutex); + if (icred) + HEIMDAL_MUTEX_unlock(&icred->cred_id_mutex); + + if (aqcred_init != GSS_C_NO_CREDENTIAL) + ret = _gsskrb5_release_cred(minor_status, &aqcred_init); + if (aqcred_accept != GSS_C_NO_CREDENTIAL) + ret = _gsskrb5_release_cred(minor_status, &aqcred_accept); + + return ret; +} diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c new file mode 100644 index 0000000000..954a5e3119 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: inquire_cred_by_mech.c,v 1.4 2006/10/07 22:15:08 lha Exp $"); + +OM_uint32 _gsskrb5_inquire_cred_by_mech ( + OM_uint32 * minor_status, + const gss_cred_id_t cred_handle, + const gss_OID mech_type, + gss_name_t * name, + OM_uint32 * initiator_lifetime, + OM_uint32 * acceptor_lifetime, + gss_cred_usage_t * cred_usage + ) +{ + OM_uint32 ret; + OM_uint32 lifetime; + + if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 && + gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) { + *minor_status = EINVAL; + return GSS_S_BAD_MECH; + } + + ret = _gsskrb5_inquire_cred (minor_status, + cred_handle, + name, + &lifetime, + cred_usage, + NULL); + + if (ret == 0 && cred_handle != GSS_C_NO_CREDENTIAL) { + gsskrb5_cred cred = (gsskrb5_cred)cred_handle; + gss_cred_usage_t usage; + + HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); + usage = cred->usage; + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + + if (initiator_lifetime) { + if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH) + *initiator_lifetime = lifetime; + } + if (acceptor_lifetime) { + if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH) + *acceptor_lifetime = lifetime; + } + } + + return ret; +} diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c new file mode 100644 index 0000000000..26927c740c --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c @@ -0,0 +1,81 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: inquire_cred_by_oid.c,v 1.4 2006/10/07 22:15:10 lha Exp $"); + +OM_uint32 _gsskrb5_inquire_cred_by_oid + (OM_uint32 * minor_status, + const gss_cred_id_t cred_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + gsskrb5_cred cred = (gsskrb5_cred)cred_handle; + krb5_error_code ret; + gss_buffer_desc buffer; + char *str; + + if (gss_oid_equal(desired_object, GSS_KRB5_COPY_CCACHE_X) == 0) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); + + if (cred->ccache == NULL) { + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + ret = krb5_cc_get_full_name(_gsskrb5_context, cred->ccache, &str); + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + if (ret) { + *minor_status = ret; + _gsskrb5_set_error_string (); + return GSS_S_FAILURE; + } + + buffer.value = str; + buffer.length = strlen(str); + + ret = gss_add_buffer_set_member(minor_status, &buffer, data_set); + if (ret != GSS_S_COMPLETE) + _gsskrb5_clear_status (); + + free(str); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c b/source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c new file mode 100644 index 0000000000..5c1f082f45 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: inquire_mechs_for_name.c,v 1.3 2006/10/07 22:15:13 lha Exp $"); + +OM_uint32 _gsskrb5_inquire_mechs_for_name ( + OM_uint32 * minor_status, + const gss_name_t input_name, + gss_OID_set * mech_types + ) +{ + OM_uint32 ret; + + ret = _gsskrb5_create_empty_oid_set(minor_status, mech_types); + if (ret) + return ret; + + ret = _gsskrb5_add_oid_set_member(minor_status, + GSS_KRB5_MECHANISM, + mech_types); + if (ret) + _gsskrb5_release_oid_set(NULL, mech_types); + + return ret; +} diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c b/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c new file mode 100644 index 0000000000..5d8aefab1c --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: inquire_names_for_mech.c,v 1.3 2006/10/07 22:15:15 lha Exp $"); + + +static gss_OID *name_list[] = { + &GSS_C_NT_HOSTBASED_SERVICE, + &GSS_C_NT_USER_NAME, + &GSS_KRB5_NT_PRINCIPAL_NAME, + &GSS_C_NT_EXPORT_NAME, + NULL +}; + +OM_uint32 _gsskrb5_inquire_names_for_mech ( + OM_uint32 * minor_status, + const gss_OID mechanism, + gss_OID_set * name_types + ) +{ + OM_uint32 ret; + int i; + + *minor_status = 0; + + if (gss_oid_equal(mechanism, GSS_KRB5_MECHANISM) == 0 && + gss_oid_equal(mechanism, GSS_C_NULL_OID) == 0) { + *name_types = GSS_C_NO_OID_SET; + return GSS_S_BAD_MECH; + } + + ret = _gsskrb5_create_empty_oid_set(minor_status, name_types); + if (ret != GSS_S_COMPLETE) + return ret; + + for (i = 0; name_list[i] != NULL; i++) { + ret = _gsskrb5_add_oid_set_member(minor_status, + *(name_list[i]), + name_types); + if (ret != GSS_S_COMPLETE) + break; + } + + if (ret != GSS_S_COMPLETE) + _gsskrb5_release_oid_set(NULL, name_types); + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c new file mode 100644 index 0000000000..0b46cc5495 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c @@ -0,0 +1,559 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: inquire_sec_context_by_oid.c,v 1.8 2006/10/24 15:55:28 lha Exp $"); + +static int +oid_prefix_equal(gss_OID oid_enc, gss_OID prefix_enc, unsigned *suffix) +{ + int ret; + heim_oid oid; + heim_oid prefix; + + *suffix = 0; + + ret = der_get_oid(oid_enc->elements, oid_enc->length, + &oid, NULL); + if (ret) { + return 0; + } + + ret = der_get_oid(prefix_enc->elements, prefix_enc->length, + &prefix, NULL); + if (ret) { + der_free_oid(&oid); + return 0; + } + + ret = 0; + + if (oid.length - 1 == prefix.length) { + *suffix = oid.components[oid.length - 1]; + oid.length--; + ret = (der_heim_oid_cmp(&oid, &prefix) == 0); + oid.length++; + } + + der_free_oid(&oid); + der_free_oid(&prefix); + + return ret; +} + +static OM_uint32 inquire_sec_context_tkt_flags + (OM_uint32 *minor_status, + const gsskrb5_ctx context_handle, + gss_buffer_set_t *data_set) +{ + OM_uint32 tkt_flags; + unsigned char buf[4]; + gss_buffer_desc value; + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + + if (context_handle->ticket == NULL) { + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + _gsskrb5_set_status("No ticket from which to obtain flags"); + *minor_status = EINVAL; + return GSS_S_BAD_MECH; + } + + tkt_flags = TicketFlags2int(context_handle->ticket->ticket.flags); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + _gsskrb5_encode_om_uint32(tkt_flags, buf); + value.length = sizeof(buf); + value.value = buf; + + return gss_add_buffer_set_member(minor_status, + &value, + data_set); +} + +enum keytype { ACCEPTOR_KEY, INITIATOR_KEY, TOKEN_KEY }; + +static OM_uint32 inquire_sec_context_get_subkey + (OM_uint32 *minor_status, + const gsskrb5_ctx context_handle, + enum keytype keytype, + gss_buffer_set_t *data_set) +{ + krb5_keyblock *key = NULL; + krb5_storage *sp = NULL; + krb5_data data; + OM_uint32 maj_stat = GSS_S_COMPLETE; + krb5_error_code ret; + + krb5_data_zero(&data); + + sp = krb5_storage_emem(); + if (sp == NULL) { + _gsskrb5_clear_status(); + ret = ENOMEM; + goto out; + } + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + switch(keytype) { + case ACCEPTOR_KEY: + ret = _gsskrb5i_get_acceptor_subkey(context_handle, &key); + if (ret) + _gsskrb5_set_error_string (); + break; + case INITIATOR_KEY: + ret = _gsskrb5i_get_initiator_subkey(context_handle, &key); + if (ret) + _gsskrb5_set_error_string (); + break; + case TOKEN_KEY: + ret = _gsskrb5i_get_token_key(context_handle, &key); + if (ret) + _gsskrb5_set_error_string (); + break; + default: + _gsskrb5_set_status("%d is not a valid subkey type", keytype); + ret = EINVAL; + break; + } + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + if (ret) + goto out; + + ret = krb5_store_keyblock(sp, *key); + krb5_free_keyblock (_gsskrb5_context, key); + if (ret) { + _gsskrb5_set_error_string (); + goto out; + } + + ret = krb5_storage_to_data(sp, &data); + if (ret) { + _gsskrb5_set_error_string (); + goto out; + } + + { + gss_buffer_desc value; + + value.length = data.length; + value.value = data.data; + + maj_stat = gss_add_buffer_set_member(minor_status, + &value, + data_set); + } + +out: + krb5_data_free(&data); + if (sp) + krb5_storage_free(sp); + if (ret) { + *minor_status = ret; + maj_stat = GSS_S_FAILURE; + } + return maj_stat; +} + +static OM_uint32 inquire_sec_context_authz_data + (OM_uint32 *minor_status, + const gsskrb5_ctx context_handle, + unsigned ad_type, + gss_buffer_set_t *data_set) +{ + krb5_data data; + gss_buffer_desc ad_data; + OM_uint32 ret; + + *minor_status = 0; + *data_set = GSS_C_NO_BUFFER_SET; + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + if (context_handle->ticket == NULL) { + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + *minor_status = EINVAL; + _gsskrb5_set_status("No ticket to obtain authz data from"); + return GSS_S_NO_CONTEXT; + } + + ret = krb5_ticket_get_authorization_data_type(_gsskrb5_context, + context_handle->ticket, + ad_type, + &data); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + if (ret) { + _gsskrb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ad_data.value = data.data; + ad_data.length = data.length; + + ret = gss_add_buffer_set_member(minor_status, + &ad_data, + data_set); + + krb5_data_free(&data); + + return ret; +} + +static OM_uint32 inquire_sec_context_has_updated_spnego + (OM_uint32 *minor_status, + const gsskrb5_ctx context_handle, + gss_buffer_set_t *data_set) +{ + int is_updated = 0; + + *minor_status = 0; + *data_set = GSS_C_NO_BUFFER_SET; + + /* + * For Windows SPNEGO implementations, both the initiator and the + * acceptor are assumed to have been updated if a "newer" [CLAR] or + * different enctype is negotiated for use by the Kerberos GSS-API + * mechanism. + */ + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + _gsskrb5i_is_cfx(context_handle, &is_updated); + if (is_updated == 0) { + krb5_keyblock *acceptor_subkey; + + if (context_handle->more_flags & LOCAL) + acceptor_subkey = context_handle->auth_context->remote_subkey; + else + acceptor_subkey = context_handle->auth_context->local_subkey; + + if (acceptor_subkey != NULL) + is_updated = (acceptor_subkey->keytype != + context_handle->auth_context->keyblock->keytype); + } + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + return is_updated ? GSS_S_COMPLETE : GSS_S_FAILURE; +} + +/* + * + */ + +static OM_uint32 +export_lucid_sec_context_v1(OM_uint32 *minor_status, + gsskrb5_ctx context_handle, + gss_buffer_set_t *data_set) +{ + krb5_storage *sp = NULL; + OM_uint32 major_status = GSS_S_COMPLETE; + krb5_error_code ret; + krb5_keyblock *key = NULL; + int32_t number; + int is_cfx; + krb5_data data; + + *minor_status = 0; + + GSSAPI_KRB5_INIT (); + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + + _gsskrb5i_is_cfx(context_handle, &is_cfx); + + sp = krb5_storage_emem(); + if (sp == NULL) { + _gsskrb5_clear_status(); + ret = ENOMEM; + goto out; + } + + ret = krb5_store_int32(sp, 1); + if (ret) goto out; + ret = krb5_store_int32(sp, (context_handle->more_flags & LOCAL) ? 1 : 0); + if (ret) goto out; + ret = krb5_store_int32(sp, context_handle->lifetime); + if (ret) goto out; + krb5_auth_con_getlocalseqnumber (_gsskrb5_context, + context_handle->auth_context, + &number); + ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */ + ret = krb5_store_uint32(sp, (uint32_t)number); + krb5_auth_getremoteseqnumber (_gsskrb5_context, + context_handle->auth_context, + &number); + ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */ + ret = krb5_store_uint32(sp, (uint32_t)number); + ret = krb5_store_int32(sp, (is_cfx) ? 1 : 0); + if (ret) goto out; + + ret = _gsskrb5i_get_token_key(context_handle, &key); + if (ret) goto out; + + if (is_cfx == 0) { + int sign_alg, seal_alg; + + switch (key->keytype) { + case ETYPE_DES_CBC_CRC: + case ETYPE_DES_CBC_MD4: + case ETYPE_DES_CBC_MD5: + sign_alg = 0; + seal_alg = 0; + break; + case ETYPE_DES3_CBC_MD5: + case ETYPE_DES3_CBC_SHA1: + sign_alg = 4; + seal_alg = 2; + break; + case ETYPE_ARCFOUR_HMAC_MD5: + case ETYPE_ARCFOUR_HMAC_MD5_56: + sign_alg = 17; + seal_alg = 16; + break; + default: + sign_alg = -1; + seal_alg = -1; + break; + } + ret = krb5_store_int32(sp, sign_alg); + if (ret) goto out; + ret = krb5_store_int32(sp, seal_alg); + if (ret) goto out; + /* ctx_key */ + ret = krb5_store_keyblock(sp, *key); + if (ret) goto out; + } else { + int subkey_p = (context_handle->more_flags & ACCEPTOR_SUBKEY) ? 1 : 0; + + /* have_acceptor_subkey */ + ret = krb5_store_int32(sp, subkey_p); + if (ret) goto out; + /* ctx_key */ + ret = krb5_store_keyblock(sp, *key); + if (ret) goto out; + /* acceptor_subkey */ + if (subkey_p) { + ret = krb5_store_keyblock(sp, *key); + if (ret) goto out; + } + } + ret = krb5_storage_to_data(sp, &data); + if (ret) goto out; + + { + gss_buffer_desc ad_data; + + ad_data.value = data.data; + ad_data.length = data.length; + + ret = gss_add_buffer_set_member(minor_status, &ad_data, data_set); + krb5_data_free(&data); + if (ret) + goto out; + } + +out: + if (key) + krb5_free_keyblock (_gsskrb5_context, key); + if (sp) + krb5_storage_free(sp); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + } + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return major_status; +} + +static OM_uint32 +get_authtime(OM_uint32 *minor_status, + gsskrb5_ctx ctx, + gss_buffer_set_t *data_set) + +{ + gss_buffer_desc value; + OM_uint32 authtime; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + if (ctx->ticket == NULL) { + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + _gsskrb5_set_status("No ticket to obtain auth time from"); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + authtime = ctx->ticket->ticket.authtime; + + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + value.length = 4; + value.value = malloc(value.length); + if (!value.value) { + _gsskrb5_clear_status(); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + _gsskrb5_encode_om_uint32(authtime, value.value); + + return gss_add_buffer_set_member(minor_status, + &value, + data_set); +} + + +static OM_uint32 +get_service_keyblock + (OM_uint32 *minor_status, + gsskrb5_ctx ctx, + gss_buffer_set_t *data_set) +{ + krb5_storage *sp = NULL; + krb5_data data; + OM_uint32 maj_stat = GSS_S_COMPLETE; + krb5_error_code ret = EINVAL; + + sp = krb5_storage_emem(); + if (sp == NULL) { + _gsskrb5_clear_status(); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + if (ctx->service_keyblock == NULL) { + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + _gsskrb5_set_status("No service keyblock on gssapi context"); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + krb5_data_zero(&data); + + ret = krb5_store_keyblock(sp, *ctx->service_keyblock); + + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + if (ret) + goto out; + + ret = krb5_storage_to_data(sp, &data); + if (ret) + goto out; + + { + gss_buffer_desc value; + + value.length = data.length; + value.value = data.data; + + maj_stat = gss_add_buffer_set_member(minor_status, + &value, + data_set); + } + +out: + krb5_data_free(&data); + if (sp) + krb5_storage_free(sp); + if (ret) { + _gsskrb5_set_error_string (); + *minor_status = ret; + maj_stat = GSS_S_FAILURE; + } + return maj_stat; +} +/* + * + */ + +OM_uint32 _gsskrb5_inquire_sec_context_by_oid + (OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; + unsigned suffix; + + if (ctx == NULL) { + *minor_status = EINVAL; + return GSS_S_NO_CONTEXT; + } + + if (gss_oid_equal(desired_object, GSS_KRB5_GET_TKT_FLAGS_X)) { + return inquire_sec_context_tkt_flags(minor_status, + ctx, + data_set); + } else if (gss_oid_equal(desired_object, GSS_C_PEER_HAS_UPDATED_SPNEGO)) { + return inquire_sec_context_has_updated_spnego(minor_status, + ctx, + data_set); + } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_SUBKEY_X)) { + return inquire_sec_context_get_subkey(minor_status, + ctx, + TOKEN_KEY, + data_set); + } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_INITIATOR_SUBKEY_X)) { + return inquire_sec_context_get_subkey(minor_status, + ctx, + INITIATOR_KEY, + data_set); + } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_ACCEPTOR_SUBKEY_X)) { + return inquire_sec_context_get_subkey(minor_status, + ctx, + ACCEPTOR_KEY, + data_set); + } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_AUTHTIME_X)) { + return get_authtime(minor_status, ctx, data_set); + } else if (oid_prefix_equal(desired_object, + GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X, + &suffix)) { + return inquire_sec_context_authz_data(minor_status, + ctx, + suffix, + data_set); + } else if (oid_prefix_equal(desired_object, + GSS_KRB5_EXPORT_LUCID_CONTEXT_X, + &suffix)) { + if (suffix == 1) + return export_lucid_sec_context_v1(minor_status, + ctx, + data_set); + *minor_status = 0; + return GSS_S_FAILURE; + } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_SERVICE_KEYBLOCK_X)) { + return get_service_keyblock(minor_status, ctx, data_set); + } else { + *minor_status = 0; + return GSS_S_FAILURE; + } +} + diff --git a/source4/heimdal/lib/gssapi/krb5/process_context_token.c b/source4/heimdal/lib/gssapi/krb5/process_context_token.c new file mode 100644 index 0000000000..99568c9dd0 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/process_context_token.c @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: process_context_token.c,v 1.4 2006/10/07 22:15:19 lha Exp $"); + +OM_uint32 _gsskrb5_process_context_token ( + OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t token_buffer + ) +{ + OM_uint32 ret = GSS_S_FAILURE; + gss_buffer_desc empty_buffer; + gss_qop_t qop_state; + + empty_buffer.length = 0; + empty_buffer.value = NULL; + + qop_state = GSS_C_QOP_DEFAULT; + + ret = _gsskrb5_verify_mic_internal(minor_status, + (gsskrb5_ctx)context_handle, + token_buffer, &empty_buffer, + GSS_C_QOP_DEFAULT, "\x01\x02"); + + if (ret == GSS_S_COMPLETE) + ret = _gsskrb5_delete_sec_context(minor_status, + rk_UNCONST(&context_handle), + GSS_C_NO_BUFFER); + if (ret == GSS_S_COMPLETE) + *minor_status = 0; + + return ret; +} diff --git a/source4/heimdal/lib/gssapi/krb5/release_buffer.c b/source4/heimdal/lib/gssapi/krb5/release_buffer.c new file mode 100644 index 0000000000..b62ad02117 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/release_buffer.c @@ -0,0 +1,48 @@ +/* + * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: release_buffer.c,v 1.7 2006/10/07 22:15:22 lha Exp $"); + +OM_uint32 _gsskrb5_release_buffer + (OM_uint32 * minor_status, + gss_buffer_t buffer + ) +{ + *minor_status = 0; + free (buffer->value); + buffer->value = NULL; + buffer->length = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/release_cred.c b/source4/heimdal/lib/gssapi/krb5/release_cred.c new file mode 100644 index 0000000000..662461ccfd --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/release_cred.c @@ -0,0 +1,76 @@ +/* + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: release_cred.c,v 1.13 2006/10/07 22:15:24 lha Exp $"); + +OM_uint32 _gsskrb5_release_cred + (OM_uint32 * minor_status, + gss_cred_id_t * cred_handle + ) +{ + gsskrb5_cred cred; + + *minor_status = 0; + + if (*cred_handle == NULL) + return GSS_S_COMPLETE; + + cred = (gsskrb5_cred)*cred_handle; + *cred_handle = GSS_C_NO_CREDENTIAL; + + GSSAPI_KRB5_INIT (); + + HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); + + if (cred->principal != NULL) + krb5_free_principal(_gsskrb5_context, cred->principal); + if (cred->keytab != NULL) + krb5_kt_close(_gsskrb5_context, cred->keytab); + if (cred->ccache != NULL) { + const krb5_cc_ops *ops; + ops = krb5_cc_get_ops(_gsskrb5_context, cred->ccache); + if (cred->cred_flags & GSS_CF_DESTROY_CRED_ON_RELEASE) + krb5_cc_destroy(_gsskrb5_context, cred->ccache); + else + krb5_cc_close(_gsskrb5_context, cred->ccache); + } + _gsskrb5_release_oid_set(NULL, &cred->mechanisms); + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + HEIMDAL_MUTEX_destroy(&cred->cred_id_mutex); + memset(cred, 0, sizeof(*cred)); + free(cred); + return GSS_S_COMPLETE; +} + diff --git a/source4/heimdal/lib/gssapi/krb5/release_name.c b/source4/heimdal/lib/gssapi/krb5/release_name.c new file mode 100644 index 0000000000..a92ad939a5 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/release_name.c @@ -0,0 +1,55 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: release_name.c,v 1.10 2006/10/07 22:15:26 lha Exp $"); + +OM_uint32 _gsskrb5_release_name + (OM_uint32 * minor_status, + gss_name_t * input_name + ) +{ + krb5_principal name = (krb5_principal)*input_name; + + GSSAPI_KRB5_INIT (); + + if (minor_status) + *minor_status = 0; + + *input_name = GSS_C_NO_NAME; + + krb5_free_principal(_gsskrb5_context, name); + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/release_oid_set.c b/source4/heimdal/lib/gssapi/krb5/release_oid_set.c new file mode 100644 index 0000000000..a9f79a3082 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/release_oid_set.c @@ -0,0 +1,49 @@ +/* + * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: release_oid_set.c,v 1.7 2006/10/07 22:15:30 lha Exp $"); + +OM_uint32 _gsskrb5_release_oid_set + (OM_uint32 * minor_status, + gss_OID_set * set + ) +{ + if (minor_status) + *minor_status = 0; + free ((*set)->elements); + free (*set); + *set = GSS_C_NO_OID_SET; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/sequence.c b/source4/heimdal/lib/gssapi/krb5/sequence.c new file mode 100755 index 0000000000..3014edd04d --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/sequence.c @@ -0,0 +1,294 @@ +/* + * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: sequence.c,v 1.8 2006/10/07 22:15:32 lha Exp $"); + +#define DEFAULT_JITTER_WINDOW 20 + +struct gss_msg_order { + OM_uint32 flags; + OM_uint32 start; + OM_uint32 length; + OM_uint32 jitter_window; + OM_uint32 first_seq; + OM_uint32 elem[1]; +}; + + +/* + * + */ + +static OM_uint32 +msg_order_alloc(OM_uint32 *minor_status, + struct gss_msg_order **o, + OM_uint32 jitter_window) +{ + size_t len; + + len = jitter_window * sizeof((*o)->elem[0]); + len += sizeof(**o); + len -= sizeof((*o)->elem[0]); + + *o = calloc(1, len); + if (*o == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +/* + * + */ + +OM_uint32 +_gssapi_msg_order_create(OM_uint32 *minor_status, + struct gss_msg_order **o, + OM_uint32 flags, + OM_uint32 seq_num, + OM_uint32 jitter_window, + int use_64) +{ + OM_uint32 ret; + + if (jitter_window == 0) + jitter_window = DEFAULT_JITTER_WINDOW; + + ret = msg_order_alloc(minor_status, o, jitter_window); + if(ret != GSS_S_COMPLETE) + return ret; + + (*o)->flags = flags; + (*o)->length = 0; + (*o)->first_seq = seq_num; + (*o)->jitter_window = jitter_window; + (*o)->elem[0] = seq_num - 1; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +_gssapi_msg_order_destroy(struct gss_msg_order **m) +{ + free(*m); + *m = NULL; + return GSS_S_COMPLETE; +} + +static void +elem_set(struct gss_msg_order *o, unsigned int slot, OM_uint32 val) +{ + o->elem[slot % o->jitter_window] = val; +} + +static void +elem_insert(struct gss_msg_order *o, + unsigned int after_slot, + OM_uint32 seq_num) +{ + assert(o->jitter_window > after_slot); + + if (o->length > after_slot) + memmove(&o->elem[after_slot + 1], &o->elem[after_slot], + (o->length - after_slot - 1) * sizeof(o->elem[0])); + + elem_set(o, after_slot, seq_num); + + if (o->length < o->jitter_window) + o->length++; +} + +/* rule 1: expected sequence number */ +/* rule 2: > expected sequence number */ +/* rule 3: seqnum < seqnum(first) */ +/* rule 4+5: seqnum in [seqnum(first),seqnum(last)] */ + +OM_uint32 +_gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num) +{ + OM_uint32 r; + int i; + + if (o == NULL) + return GSS_S_COMPLETE; + + if ((o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG)) == 0) + return GSS_S_COMPLETE; + + /* check if the packet is the next in order */ + if (o->elem[0] == seq_num - 1) { + elem_insert(o, 0, seq_num); + return GSS_S_COMPLETE; + } + + r = (o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG))==GSS_C_REPLAY_FLAG; + + /* sequence number larger then largest sequence number + * or smaller then the first sequence number */ + if (seq_num > o->elem[0] + || seq_num < o->first_seq + || o->length == 0) + { + elem_insert(o, 0, seq_num); + if (r) { + return GSS_S_COMPLETE; + } else { + return GSS_S_GAP_TOKEN; + } + } + + assert(o->length > 0); + + /* sequence number smaller the first sequence number */ + if (seq_num < o->elem[o->length - 1]) { + if (r) + return(GSS_S_OLD_TOKEN); + else + return(GSS_S_UNSEQ_TOKEN); + } + + if (seq_num == o->elem[o->length - 1]) { + return GSS_S_DUPLICATE_TOKEN; + } + + for (i = 0; i < o->length - 1; i++) { + if (o->elem[i] == seq_num) + return GSS_S_DUPLICATE_TOKEN; + if (o->elem[i + 1] < seq_num && o->elem[i] < seq_num) { + elem_insert(o, i, seq_num); + if (r) + return GSS_S_COMPLETE; + else + return GSS_S_UNSEQ_TOKEN; + } + } + + return GSS_S_FAILURE; +} + +OM_uint32 +_gssapi_msg_order_f(OM_uint32 flags) +{ + return flags & (GSS_C_SEQUENCE_FLAG|GSS_C_REPLAY_FLAG); +} + +/* + * Translate `o` into inter-process format and export in to `sp'. + */ + +krb5_error_code +_gssapi_msg_order_export(krb5_storage *sp, struct gss_msg_order *o) +{ + krb5_error_code kret; + OM_uint32 i; + + kret = krb5_store_int32(sp, o->flags); + if (kret) + return kret; + kret = krb5_store_int32(sp, o->start); + if (kret) + return kret; + kret = krb5_store_int32(sp, o->length); + if (kret) + return kret; + kret = krb5_store_int32(sp, o->jitter_window); + if (kret) + return kret; + kret = krb5_store_int32(sp, o->first_seq); + if (kret) + return kret; + + for (i = 0; i < o->jitter_window; i++) { + kret = krb5_store_int32(sp, o->elem[i]); + if (kret) + return kret; + } + + return 0; +} + +OM_uint32 +_gssapi_msg_order_import(OM_uint32 *minor_status, + krb5_storage *sp, + struct gss_msg_order **o) +{ + OM_uint32 ret; + krb5_error_code kret; + int32_t i, flags, start, length, jitter_window, first_seq; + + kret = krb5_ret_int32(sp, &flags); + if (kret) + goto failed; + ret = krb5_ret_int32(sp, &start); + if (kret) + goto failed; + ret = krb5_ret_int32(sp, &length); + if (kret) + goto failed; + ret = krb5_ret_int32(sp, &jitter_window); + if (kret) + goto failed; + ret = krb5_ret_int32(sp, &first_seq); + if (kret) + goto failed; + + ret = msg_order_alloc(minor_status, o, jitter_window); + if (ret != GSS_S_COMPLETE) + return ret; + + (*o)->flags = flags; + (*o)->start = start; + (*o)->length = length; + (*o)->jitter_window = jitter_window; + (*o)->first_seq = first_seq; + + for( i = 0; i < jitter_window; i++ ) { + kret = krb5_ret_int32(sp, (int32_t*)&((*o)->elem[i])); + if (kret) + goto failed; + } + + *minor_status = 0; + return GSS_S_COMPLETE; + +failed: + _gssapi_msg_order_destroy(o); + *minor_status = kret; + return GSS_S_FAILURE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c new file mode 100644 index 0000000000..5807ef0166 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c @@ -0,0 +1,152 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: set_cred_option.c,v 1.4 2006/10/24 20:14:13 lha Exp $"); + +static gss_OID_desc gss_krb5_import_cred_x_oid_desc = +{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x04"}; /* XXX */ + +gss_OID GSS_KRB5_IMPORT_CRED_X = &gss_krb5_import_cred_x_oid_desc; + +static OM_uint32 +import_cred(OM_uint32 *minor_status, + gss_cred_id_t *cred_handle, + const gss_buffer_t value) +{ + OM_uint32 major_stat; + krb5_error_code ret; + krb5_principal keytab_principal = NULL; + krb5_keytab keytab = NULL; + krb5_storage *sp = NULL; + krb5_ccache id = NULL; + char *str; + + if (cred_handle == NULL || *cred_handle != GSS_C_NO_CREDENTIAL) { + *minor_status = 0; + return GSS_S_FAILURE; + } + + sp = krb5_storage_from_mem(value->value, value->length); + if (sp == NULL) { + *minor_status = 0; + return GSS_S_FAILURE; + } + + /* credential cache name */ + ret = krb5_ret_string(sp, &str); + if (ret) { + *minor_status = ret; + major_stat = GSS_S_FAILURE; + goto out; + } + if (str[0]) { + ret = krb5_cc_resolve(_gsskrb5_context, str, &id); + if (ret) { + *minor_status = ret; + major_stat = GSS_S_FAILURE; + goto out; + } + } + free(str); + str = NULL; + + /* keytab principal name */ + ret = krb5_ret_string(sp, &str); + if (ret == 0 && str[0]) + ret = krb5_parse_name(_gsskrb5_context, str, &keytab_principal); + if (ret) { + *minor_status = ret; + major_stat = GSS_S_FAILURE; + goto out; + } + free(str); + str = NULL; + + /* keytab principal */ + ret = krb5_ret_string(sp, &str); + if (ret) { + *minor_status = ret; + major_stat = GSS_S_FAILURE; + goto out; + } + if (str[0]) { + ret = krb5_kt_resolve(_gsskrb5_context, str, &keytab); + if (ret) { + *minor_status = ret; + major_stat = GSS_S_FAILURE; + goto out; + } + } + free(str); + str = NULL; + + major_stat = _gsskrb5_import_cred(minor_status, id, keytab_principal, + keytab, cred_handle); +out: + if (id) + krb5_cc_close(_gsskrb5_context, id); + if (keytab_principal) + krb5_free_principal(_gsskrb5_context, keytab_principal); + if (keytab) + krb5_kt_close(_gsskrb5_context, keytab); + if (str) + free(str); + if (sp) + krb5_storage_free(sp); + + return major_stat; +} + + +OM_uint32 +_gsskrb5_set_cred_option + (OM_uint32 *minor_status, + gss_cred_id_t *cred_handle, + const gss_OID desired_object, + const gss_buffer_t value) +{ + GSSAPI_KRB5_INIT (); + + if (value == GSS_C_NO_BUFFER) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + if (gss_oid_equal(desired_object, GSS_KRB5_IMPORT_CRED_X)) { + return import_cred(minor_status, cred_handle, value); + } + + *minor_status = EINVAL; + return GSS_S_FAILURE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c new file mode 100644 index 0000000000..67f5e8e722 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c @@ -0,0 +1,147 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * glue routine for _gsskrb5_inquire_sec_context_by_oid + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: set_sec_context_option.c,v 1.6 2006/10/20 18:58:22 lha Exp $"); + +static OM_uint32 +get_bool(OM_uint32 *minor_status, + const gss_buffer_t value, + int *flag) +{ + if (value->value == NULL || value->length != 1) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + *flag = *((const char *)value->value) != 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +_gsskrb5_set_sec_context_option + (OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID desired_object, + const gss_buffer_t value) +{ + OM_uint32 maj_stat; + + GSSAPI_KRB5_INIT (); + + if (value == GSS_C_NO_BUFFER) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + if (gss_oid_equal(desired_object, GSS_KRB5_COMPAT_DES3_MIC_X)) { + gsskrb5_ctx ctx; + int flag; + + if (*context_handle == GSS_C_NO_CONTEXT) { + *minor_status = EINVAL; + return GSS_S_NO_CONTEXT; + } + + maj_stat = get_bool(minor_status, value, &flag); + if (maj_stat != GSS_S_COMPLETE) + return maj_stat; + + ctx = (gsskrb5_ctx)*context_handle; + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + if (flag) + ctx->more_flags |= COMPAT_OLD_DES3; + else + ctx->more_flags &= ~COMPAT_OLD_DES3; + ctx->more_flags |= COMPAT_OLD_DES3_SELECTED; + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return GSS_S_COMPLETE; + } else if (gss_oid_equal(desired_object, GSS_KRB5_SET_DNS_CANONICALIZE_X)) { + int flag; + + maj_stat = get_bool(minor_status, value, &flag); + if (maj_stat != GSS_S_COMPLETE) + return maj_stat; + + krb5_set_dns_canonicalize_hostname(_gsskrb5_context, flag); + return GSS_S_COMPLETE; + + } else if (gss_oid_equal(desired_object, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X)) { + char *str; + + if (value == NULL || value->length == 0) { + str = NULL; + } else { + str = malloc(value->length + 1); + if (str) { + *minor_status = 0; + return GSS_S_UNAVAILABLE; + } + memcpy(str, value->value, value->length); + str[value->length] = '\0'; + } + + _gsskrb5_register_acceptor_identity(str); + free(str); + + *minor_status = 0; + return GSS_S_COMPLETE; + + } else if (gss_oid_equal(desired_object, GSS_KRB5_SEND_TO_KDC_X)) { + + if (value == NULL || value->length == 0) { + krb5_set_send_to_kdc_func(_gsskrb5_context, NULL, NULL); + } else { + struct gsskrb5_send_to_kdc c; + + if (value->length != sizeof(c)) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + memcpy(&c, value->value, sizeof(c)); + krb5_set_send_to_kdc_func(_gsskrb5_context, + (krb5_send_to_kdc_func)c.func, + c.ptr); + } + + *minor_status = 0; + return GSS_S_COMPLETE; + } + + + *minor_status = EINVAL; + return GSS_S_FAILURE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/test_oid_set_member.c b/source4/heimdal/lib/gssapi/krb5/test_oid_set_member.c new file mode 100644 index 0000000000..5a0ac4418f --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/test_oid_set_member.c @@ -0,0 +1,55 @@ +/* + * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: test_oid_set_member.c,v 1.7 2006/10/07 22:15:50 lha Exp $"); + +OM_uint32 _gsskrb5_test_oid_set_member + (OM_uint32 * minor_status, + const gss_OID member, + const gss_OID_set set, + int * present + ) +{ + size_t i; + + *minor_status = 0; + *present = 0; + for (i = 0; i < set->count; ++i) + if (gss_oid_equal(member, &set->elements[i]) != 0) { + *present = 1; + break; + } + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/unwrap.c b/source4/heimdal/lib/gssapi/krb5/unwrap.c new file mode 100644 index 0000000000..758390080c --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/unwrap.c @@ -0,0 +1,416 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: unwrap.c,v 1.38 2006/10/18 15:59:28 lha Exp $"); + +static OM_uint32 +unwrap_des + (OM_uint32 * minor_status, + const gsskrb5_ctx context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int * conf_state, + gss_qop_t * qop_state, + krb5_keyblock *key + ) +{ + u_char *p, *seq; + size_t len; + MD5_CTX md5; + u_char hash[16]; + DES_key_schedule schedule; + DES_cblock deskey; + DES_cblock zero; + int i; + uint32_t seq_number; + size_t padlength; + OM_uint32 ret; + int cstate; + int cmp; + + p = input_message_buffer->value; + ret = _gsskrb5_verify_header (&p, + input_message_buffer->length, + "\x02\x01", + GSS_KRB5_MECHANISM); + if (ret) + return ret; + + if (memcmp (p, "\x00\x00", 2) != 0) + return GSS_S_BAD_SIG; + p += 2; + if (memcmp (p, "\x00\x00", 2) == 0) { + cstate = 1; + } else if (memcmp (p, "\xFF\xFF", 2) == 0) { + cstate = 0; + } else + return GSS_S_BAD_MIC; + p += 2; + if(conf_state != NULL) + *conf_state = cstate; + if (memcmp (p, "\xff\xff", 2) != 0) + return GSS_S_DEFECTIVE_TOKEN; + p += 2; + p += 16; + + len = p - (u_char *)input_message_buffer->value; + + if(cstate) { + /* decrypt data */ + memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); + + for (i = 0; i < sizeof(deskey); ++i) + deskey[i] ^= 0xf0; + DES_set_key (&deskey, &schedule); + memset (&zero, 0, sizeof(zero)); + DES_cbc_encrypt ((void *)p, + (void *)p, + input_message_buffer->length - len, + &schedule, + &zero, + DES_DECRYPT); + + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + } + /* check pad */ + ret = _gssapi_verify_pad(input_message_buffer, + input_message_buffer->length - len, + &padlength); + if (ret) + return ret; + + MD5_Init (&md5); + MD5_Update (&md5, p - 24, 8); + MD5_Update (&md5, p, input_message_buffer->length - len); + MD5_Final (hash, &md5); + + memset (&zero, 0, sizeof(zero)); + memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); + DES_set_key (&deskey, &schedule); + DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), + &schedule, &zero); + if (memcmp (p - 8, hash, 8) != 0) + return GSS_S_BAD_MIC; + + /* verify sequence number */ + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + + p -= 16; + DES_set_key (&deskey, &schedule); + DES_cbc_encrypt ((void *)p, (void *)p, 8, + &schedule, (DES_cblock *)hash, DES_DECRYPT); + + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + + seq = p; + _gsskrb5_decode_om_uint32(seq, &seq_number); + + if (context_handle->more_flags & LOCAL) + cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); + else + cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); + + if (cmp != 0) { + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return GSS_S_BAD_MIC; + } + + ret = _gssapi_msg_order_check(context_handle->order, seq_number); + if (ret) { + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return ret; + } + + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + /* copy out data */ + + output_message_buffer->length = input_message_buffer->length + - len - padlength - 8; + output_message_buffer->value = malloc(output_message_buffer->length); + if(output_message_buffer->length != 0 && output_message_buffer->value == NULL) + return GSS_S_FAILURE; + memcpy (output_message_buffer->value, + p + 24, + output_message_buffer->length); + return GSS_S_COMPLETE; +} + +static OM_uint32 +unwrap_des3 + (OM_uint32 * minor_status, + const gsskrb5_ctx context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int * conf_state, + gss_qop_t * qop_state, + krb5_keyblock *key + ) +{ + u_char *p; + size_t len; + u_char *seq; + krb5_data seq_data; + u_char cksum[20]; + uint32_t seq_number; + size_t padlength; + OM_uint32 ret; + int cstate; + krb5_crypto crypto; + Checksum csum; + int cmp; + + p = input_message_buffer->value; + ret = _gsskrb5_verify_header (&p, + input_message_buffer->length, + "\x02\x01", + GSS_KRB5_MECHANISM); + if (ret) + return ret; + + if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */ + return GSS_S_BAD_SIG; + p += 2; + if (memcmp (p, "\x02\x00", 2) == 0) { + cstate = 1; + } else if (memcmp (p, "\xff\xff", 2) == 0) { + cstate = 0; + } else + return GSS_S_BAD_MIC; + p += 2; + if(conf_state != NULL) + *conf_state = cstate; + if (memcmp (p, "\xff\xff", 2) != 0) + return GSS_S_DEFECTIVE_TOKEN; + p += 2; + p += 28; + + len = p - (u_char *)input_message_buffer->value; + + if(cstate) { + /* decrypt data */ + krb5_data tmp; + + ret = krb5_crypto_init(_gsskrb5_context, key, + ETYPE_DES3_CBC_NONE, &crypto); + if (ret) { + _gsskrb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + ret = krb5_decrypt(_gsskrb5_context, crypto, KRB5_KU_USAGE_SEAL, + p, input_message_buffer->length - len, &tmp); + krb5_crypto_destroy(_gsskrb5_context, crypto); + if (ret) { + _gsskrb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + assert (tmp.length == input_message_buffer->length - len); + + memcpy (p, tmp.data, tmp.length); + krb5_data_free(&tmp); + } + /* check pad */ + ret = _gssapi_verify_pad(input_message_buffer, + input_message_buffer->length - len, + &padlength); + if (ret) + return ret; + + /* verify sequence number */ + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + + p -= 28; + + ret = krb5_crypto_init(_gsskrb5_context, key, + ETYPE_DES3_CBC_NONE, &crypto); + if (ret) { + _gsskrb5_set_error_string (); + *minor_status = ret; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return GSS_S_FAILURE; + } + { + DES_cblock ivec; + + memcpy(&ivec, p + 8, 8); + ret = krb5_decrypt_ivec (_gsskrb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + p, 8, &seq_data, + &ivec); + } + krb5_crypto_destroy (_gsskrb5_context, crypto); + if (ret) { + _gsskrb5_set_error_string (); + *minor_status = ret; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return GSS_S_FAILURE; + } + if (seq_data.length != 8) { + krb5_data_free (&seq_data); + *minor_status = 0; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return GSS_S_BAD_MIC; + } + + seq = seq_data.data; + _gsskrb5_decode_om_uint32(seq, &seq_number); + + if (context_handle->more_flags & LOCAL) + cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); + else + cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); + + krb5_data_free (&seq_data); + if (cmp != 0) { + *minor_status = 0; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return GSS_S_BAD_MIC; + } + + ret = _gssapi_msg_order_check(context_handle->order, seq_number); + if (ret) { + *minor_status = 0; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return ret; + } + + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + /* verify checksum */ + + memcpy (cksum, p + 8, 20); + + memcpy (p + 20, p - 8, 8); + + csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3; + csum.checksum.length = 20; + csum.checksum.data = cksum; + + ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + if (ret) { + _gsskrb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_verify_checksum (_gsskrb5_context, crypto, + KRB5_KU_USAGE_SIGN, + p + 20, + input_message_buffer->length - len + 8, + &csum); + krb5_crypto_destroy (_gsskrb5_context, crypto); + if (ret) { + _gsskrb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + + /* copy out data */ + + output_message_buffer->length = input_message_buffer->length + - len - padlength - 8; + output_message_buffer->value = malloc(output_message_buffer->length); + if(output_message_buffer->length != 0 && output_message_buffer->value == NULL) + return GSS_S_FAILURE; + memcpy (output_message_buffer->value, + p + 36, + output_message_buffer->length); + return GSS_S_COMPLETE; +} + +OM_uint32 _gsskrb5_unwrap + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int * conf_state, + gss_qop_t * qop_state + ) +{ + krb5_keyblock *key; + OM_uint32 ret; + krb5_keytype keytype; + gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle; + + output_message_buffer->value = NULL; + output_message_buffer->length = 0; + + if (qop_state != NULL) + *qop_state = GSS_C_QOP_DEFAULT; + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + ret = _gsskrb5i_get_token_key(ctx, &key); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + if (ret) { + _gsskrb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + krb5_enctype_to_keytype (_gsskrb5_context, key->keytype, &keytype); + + *minor_status = 0; + + switch (keytype) { + case KEYTYPE_DES : + ret = unwrap_des (minor_status, ctx, + input_message_buffer, output_message_buffer, + conf_state, qop_state, key); + break; + case KEYTYPE_DES3 : + ret = unwrap_des3 (minor_status, ctx, + input_message_buffer, output_message_buffer, + conf_state, qop_state, key); + break; + case KEYTYPE_ARCFOUR: + case KEYTYPE_ARCFOUR_56: + ret = _gssapi_unwrap_arcfour (minor_status, ctx, + input_message_buffer, output_message_buffer, + conf_state, qop_state, key); + break; + default : + ret = _gssapi_unwrap_cfx (minor_status, ctx, + input_message_buffer, output_message_buffer, + conf_state, qop_state, key); + break; + } + krb5_free_keyblock (_gsskrb5_context, key); + return ret; +} diff --git a/source4/heimdal/lib/gssapi/krb5/verify_mic.c b/source4/heimdal/lib/gssapi/krb5/verify_mic.c new file mode 100644 index 0000000000..920937cafc --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/verify_mic.c @@ -0,0 +1,339 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: verify_mic.c,v 1.36 2006/10/18 15:59:30 lha Exp $"); + +static OM_uint32 +verify_mic_des + (OM_uint32 * minor_status, + const gsskrb5_ctx context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state, + krb5_keyblock *key, + char *type + ) +{ + u_char *p; + MD5_CTX md5; + u_char hash[16], *seq; + DES_key_schedule schedule; + DES_cblock zero; + DES_cblock deskey; + uint32_t seq_number; + OM_uint32 ret; + int cmp; + + p = token_buffer->value; + ret = _gsskrb5_verify_header (&p, + token_buffer->length, + type, + GSS_KRB5_MECHANISM); + if (ret) + return ret; + + if (memcmp(p, "\x00\x00", 2) != 0) + return GSS_S_BAD_SIG; + p += 2; + if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) + return GSS_S_BAD_MIC; + p += 4; + p += 16; + + /* verify checksum */ + MD5_Init (&md5); + MD5_Update (&md5, p - 24, 8); + MD5_Update (&md5, message_buffer->value, + message_buffer->length); + MD5_Final (hash, &md5); + + memset (&zero, 0, sizeof(zero)); + memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); + + DES_set_key (&deskey, &schedule); + DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), + &schedule, &zero); + if (memcmp (p - 8, hash, 8) != 0) { + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + return GSS_S_BAD_MIC; + } + + /* verify sequence number */ + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + + p -= 16; + DES_set_key (&deskey, &schedule); + DES_cbc_encrypt ((void *)p, (void *)p, 8, + &schedule, (DES_cblock *)hash, DES_DECRYPT); + + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + + seq = p; + _gsskrb5_decode_om_uint32(seq, &seq_number); + + if (context_handle->more_flags & LOCAL) + cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); + else + cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); + + if (cmp != 0) { + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return GSS_S_BAD_MIC; + } + + ret = _gssapi_msg_order_check(context_handle->order, seq_number); + if (ret) { + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return ret; + } + + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + return GSS_S_COMPLETE; +} + +static OM_uint32 +verify_mic_des3 + (OM_uint32 * minor_status, + const gsskrb5_ctx context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state, + krb5_keyblock *key, + char *type + ) +{ + u_char *p; + u_char *seq; + uint32_t seq_number; + OM_uint32 ret; + krb5_crypto crypto; + krb5_data seq_data; + int cmp, docompat; + Checksum csum; + char *tmp; + char ivec[8]; + + p = token_buffer->value; + ret = _gsskrb5_verify_header (&p, + token_buffer->length, + type, + GSS_KRB5_MECHANISM); + if (ret) + return ret; + + if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */ + return GSS_S_BAD_SIG; + p += 2; + if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) + return GSS_S_BAD_MIC; + p += 4; + + ret = krb5_crypto_init(_gsskrb5_context, key, + ETYPE_DES3_CBC_NONE, &crypto); + if (ret){ + _gsskrb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + + /* verify sequence number */ + docompat = 0; +retry: + if (docompat) + memset(ivec, 0, 8); + else + memcpy(ivec, p + 8, 8); + + ret = krb5_decrypt_ivec (_gsskrb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + p, 8, &seq_data, ivec); + if (ret) { + if (docompat++) { + _gsskrb5_set_error_string (); + krb5_crypto_destroy (_gsskrb5_context, crypto); + *minor_status = ret; + return GSS_S_FAILURE; + } else + goto retry; + } + + if (seq_data.length != 8) { + krb5_data_free (&seq_data); + if (docompat++) { + krb5_crypto_destroy (_gsskrb5_context, crypto); + return GSS_S_BAD_MIC; + } else + goto retry; + } + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + + seq = seq_data.data; + _gsskrb5_decode_om_uint32(seq, &seq_number); + + if (context_handle->more_flags & LOCAL) + cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); + else + cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); + + krb5_data_free (&seq_data); + if (cmp != 0) { + krb5_crypto_destroy (_gsskrb5_context, crypto); + *minor_status = 0; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return GSS_S_BAD_MIC; + } + + ret = _gssapi_msg_order_check(context_handle->order, seq_number); + if (ret) { + krb5_crypto_destroy (_gsskrb5_context, crypto); + *minor_status = 0; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return ret; + } + + /* verify checksum */ + + tmp = malloc (message_buffer->length + 8); + if (tmp == NULL) { + krb5_crypto_destroy (_gsskrb5_context, crypto); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + memcpy (tmp, p - 8, 8); + memcpy (tmp + 8, message_buffer->value, message_buffer->length); + + csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3; + csum.checksum.length = 20; + csum.checksum.data = p + 8; + + ret = krb5_verify_checksum (_gsskrb5_context, crypto, + KRB5_KU_USAGE_SIGN, + tmp, message_buffer->length + 8, + &csum); + free (tmp); + if (ret) { + _gsskrb5_set_error_string (); + krb5_crypto_destroy (_gsskrb5_context, crypto); + *minor_status = ret; + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + return GSS_S_BAD_MIC; + } + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + krb5_crypto_destroy (_gsskrb5_context, crypto); + return GSS_S_COMPLETE; +} + +OM_uint32 +_gsskrb5_verify_mic_internal + (OM_uint32 * minor_status, + const gsskrb5_ctx context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state, + char * type + ) +{ + krb5_keyblock *key; + OM_uint32 ret; + krb5_keytype keytype; + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + ret = _gsskrb5i_get_token_key(context_handle, &key); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + if (ret) { + _gsskrb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + *minor_status = 0; + krb5_enctype_to_keytype (_gsskrb5_context, key->keytype, &keytype); + switch (keytype) { + case KEYTYPE_DES : + ret = verify_mic_des (minor_status, context_handle, + message_buffer, token_buffer, qop_state, key, + type); + break; + case KEYTYPE_DES3 : + ret = verify_mic_des3 (minor_status, context_handle, + message_buffer, token_buffer, qop_state, key, + type); + break; + case KEYTYPE_ARCFOUR : + case KEYTYPE_ARCFOUR_56 : + ret = _gssapi_verify_mic_arcfour (minor_status, context_handle, + message_buffer, token_buffer, + qop_state, key, type); + break; + default : + ret = _gssapi_verify_mic_cfx (minor_status, context_handle, + message_buffer, token_buffer, qop_state, + key); + break; + } + krb5_free_keyblock (_gsskrb5_context, key); + + return ret; +} + +OM_uint32 +_gsskrb5_verify_mic + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state + ) +{ + OM_uint32 ret; + + if (qop_state != NULL) + *qop_state = GSS_C_QOP_DEFAULT; + + ret = _gsskrb5_verify_mic_internal(minor_status, + (gsskrb5_ctx)context_handle, + message_buffer, token_buffer, + qop_state, "\x01\x01"); + + return ret; +} diff --git a/source4/heimdal/lib/gssapi/krb5/wrap.c b/source4/heimdal/lib/gssapi/krb5/wrap.c new file mode 100644 index 0000000000..8514137999 --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/wrap.c @@ -0,0 +1,545 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: wrap.c,v 1.37 2006/10/18 15:59:33 lha Exp $"); + +/* + * Return initiator subkey, or if that doesn't exists, the subkey. + */ + +krb5_error_code +_gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx, krb5_keyblock **key) +{ + krb5_error_code ret; + *key = NULL; + + if (ctx->more_flags & LOCAL) { + ret = krb5_auth_con_getlocalsubkey(_gsskrb5_context, + ctx->auth_context, + key); + } else { + ret = krb5_auth_con_getremotesubkey(_gsskrb5_context, + ctx->auth_context, + key); + } + if (*key == NULL) + ret = krb5_auth_con_getkey(_gsskrb5_context, + ctx->auth_context, + key); + if (*key == NULL) { + _gsskrb5_set_status("No initiator subkey available"); + return GSS_KRB5_S_KG_NO_SUBKEY; + } + return ret; +} + +krb5_error_code +_gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx, krb5_keyblock **key) +{ + krb5_error_code ret; + *key = NULL; + + if (ctx->more_flags & LOCAL) { + ret = krb5_auth_con_getremotesubkey(_gsskrb5_context, + ctx->auth_context, + key); + } else { + ret = krb5_auth_con_getlocalsubkey(_gsskrb5_context, + ctx->auth_context, + key); + } + if (*key == NULL) { + _gsskrb5_set_status("No acceptor subkey available"); + return GSS_KRB5_S_KG_NO_SUBKEY; + } + return ret; +} + +OM_uint32 +_gsskrb5i_get_token_key(const gsskrb5_ctx ctx, krb5_keyblock **key) +{ + _gsskrb5i_get_acceptor_subkey(ctx, key); + if(*key == NULL) { + /* + * Only use the initiator subkey or ticket session key if an + * acceptor subkey was not required. + */ + if ((ctx->more_flags & ACCEPTOR_SUBKEY) == 0) + _gsskrb5i_get_initiator_subkey(ctx, key); + } + if (*key == NULL) { + _gsskrb5_set_status("No token key available"); + return GSS_KRB5_S_KG_NO_SUBKEY; + } + _gsskrb5_clear_status(); + return 0; +} + +static OM_uint32 +sub_wrap_size ( + OM_uint32 req_output_size, + OM_uint32 * max_input_size, + int blocksize, + int extrasize + ) +{ + size_t len, total_len; + + len = 8 + req_output_size + blocksize + extrasize; + + _gsskrb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); + + total_len -= req_output_size; /* token length */ + if (total_len < req_output_size) { + *max_input_size = (req_output_size - total_len); + (*max_input_size) &= (~(OM_uint32)(blocksize - 1)); + } else { + *max_input_size = 0; + } + return GSS_S_COMPLETE; +} + +OM_uint32 +_gsskrb5_wrap_size_limit ( + OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_output_size, + OM_uint32 * max_input_size + ) +{ + krb5_keyblock *key; + OM_uint32 ret; + krb5_keytype keytype; + const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + ret = _gsskrb5i_get_token_key(ctx, &key); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + if (ret) { + _gsskrb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + krb5_enctype_to_keytype (_gsskrb5_context, key->keytype, &keytype); + + switch (keytype) { + case KEYTYPE_DES : + ret = sub_wrap_size(req_output_size, max_input_size, 8, 22); + break; + case KEYTYPE_ARCFOUR: + case KEYTYPE_ARCFOUR_56: + ret = _gssapi_wrap_size_arcfour(minor_status, ctx, + conf_req_flag, qop_req, + req_output_size, max_input_size, key); + break; + case KEYTYPE_DES3 : + ret = sub_wrap_size(req_output_size, max_input_size, 8, 34); + break; + default : + ret = _gssapi_wrap_size_cfx(minor_status, ctx, + conf_req_flag, qop_req, + req_output_size, max_input_size, key); + break; + } + krb5_free_keyblock (_gsskrb5_context, key); + *minor_status = 0; + return ret; +} + +static OM_uint32 +wrap_des + (OM_uint32 * minor_status, + const gsskrb5_ctx ctx, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int * conf_state, + gss_buffer_t output_message_buffer, + krb5_keyblock *key + ) +{ + u_char *p; + MD5_CTX md5; + u_char hash[16]; + DES_key_schedule schedule; + DES_cblock deskey; + DES_cblock zero; + int i; + int32_t seq_number; + size_t len, total_len, padlength, datalen; + + padlength = 8 - (input_message_buffer->length % 8); + datalen = input_message_buffer->length + padlength + 8; + len = datalen + 22; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + + output_message_buffer->length = total_len; + output_message_buffer->value = malloc (total_len); + if (output_message_buffer->value == NULL) { + output_message_buffer->length = 0; + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = _gsskrb5_make_header(output_message_buffer->value, + len, + "\x02\x01", /* TOK_ID */ + GSS_KRB5_MECHANISM); + + /* SGN_ALG */ + memcpy (p, "\x00\x00", 2); + p += 2; + /* SEAL_ALG */ + if(conf_req_flag) + memcpy (p, "\x00\x00", 2); + else + memcpy (p, "\xff\xff", 2); + p += 2; + /* Filler */ + memcpy (p, "\xff\xff", 2); + p += 2; + + /* fill in later */ + memset (p, 0, 16); + p += 16; + + /* confounder + data + pad */ + krb5_generate_random_block(p, 8); + memcpy (p + 8, input_message_buffer->value, + input_message_buffer->length); + memset (p + 8 + input_message_buffer->length, padlength, padlength); + + /* checksum */ + MD5_Init (&md5); + MD5_Update (&md5, p - 24, 8); + MD5_Update (&md5, p, datalen); + MD5_Final (hash, &md5); + + memset (&zero, 0, sizeof(zero)); + memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); + DES_set_key (&deskey, &schedule); + DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), + &schedule, &zero); + memcpy (p - 8, hash, 8); + + /* sequence number */ + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + krb5_auth_con_getlocalseqnumber (_gsskrb5_context, + ctx->auth_context, + &seq_number); + + p -= 16; + p[0] = (seq_number >> 0) & 0xFF; + p[1] = (seq_number >> 8) & 0xFF; + p[2] = (seq_number >> 16) & 0xFF; + p[3] = (seq_number >> 24) & 0xFF; + memset (p + 4, + (ctx->more_flags & LOCAL) ? 0 : 0xFF, + 4); + + DES_set_key (&deskey, &schedule); + DES_cbc_encrypt ((void *)p, (void *)p, 8, + &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT); + + krb5_auth_con_setlocalseqnumber (_gsskrb5_context, + ctx->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + /* encrypt the data */ + p += 16; + + if(conf_req_flag) { + memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); + + for (i = 0; i < sizeof(deskey); ++i) + deskey[i] ^= 0xf0; + DES_set_key (&deskey, &schedule); + memset (&zero, 0, sizeof(zero)); + DES_cbc_encrypt ((void *)p, + (void *)p, + datalen, + &schedule, + &zero, + DES_ENCRYPT); + } + memset (deskey, 0, sizeof(deskey)); + memset (&schedule, 0, sizeof(schedule)); + + if(conf_state != NULL) + *conf_state = conf_req_flag; + *minor_status = 0; + return GSS_S_COMPLETE; +} + +static OM_uint32 +wrap_des3 + (OM_uint32 * minor_status, + const gsskrb5_ctx ctx, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int * conf_state, + gss_buffer_t output_message_buffer, + krb5_keyblock *key + ) +{ + u_char *p; + u_char seq[8]; + int32_t seq_number; + size_t len, total_len, padlength, datalen; + uint32_t ret; + krb5_crypto crypto; + Checksum cksum; + krb5_data encdata; + + padlength = 8 - (input_message_buffer->length % 8); + datalen = input_message_buffer->length + padlength + 8; + len = datalen + 34; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + + output_message_buffer->length = total_len; + output_message_buffer->value = malloc (total_len); + if (output_message_buffer->value == NULL) { + output_message_buffer->length = 0; + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = _gsskrb5_make_header(output_message_buffer->value, + len, + "\x02\x01", /* TOK_ID */ + GSS_KRB5_MECHANISM); + + /* SGN_ALG */ + memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */ + p += 2; + /* SEAL_ALG */ + if(conf_req_flag) + memcpy (p, "\x02\x00", 2); /* DES3-KD */ + else + memcpy (p, "\xff\xff", 2); + p += 2; + /* Filler */ + memcpy (p, "\xff\xff", 2); + p += 2; + + /* calculate checksum (the above + confounder + data + pad) */ + + memcpy (p + 20, p - 8, 8); + krb5_generate_random_block(p + 28, 8); + memcpy (p + 28 + 8, input_message_buffer->value, + input_message_buffer->length); + memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength); + + ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + if (ret) { + _gsskrb5_set_error_string (); + free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_create_checksum (_gsskrb5_context, + crypto, + KRB5_KU_USAGE_SIGN, + 0, + p + 20, + datalen + 8, + &cksum); + krb5_crypto_destroy (_gsskrb5_context, crypto); + if (ret) { + _gsskrb5_set_error_string (); + free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; + *minor_status = ret; + return GSS_S_FAILURE; + } + + /* zero out SND_SEQ + SGN_CKSUM in case */ + memset (p, 0, 28); + + memcpy (p + 8, cksum.checksum.data, cksum.checksum.length); + free_Checksum (&cksum); + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + /* sequence number */ + krb5_auth_con_getlocalseqnumber (_gsskrb5_context, + ctx->auth_context, + &seq_number); + + seq[0] = (seq_number >> 0) & 0xFF; + seq[1] = (seq_number >> 8) & 0xFF; + seq[2] = (seq_number >> 16) & 0xFF; + seq[3] = (seq_number >> 24) & 0xFF; + memset (seq + 4, + (ctx->more_flags & LOCAL) ? 0 : 0xFF, + 4); + + + ret = krb5_crypto_init(_gsskrb5_context, key, ETYPE_DES3_CBC_NONE, + &crypto); + if (ret) { + free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; + *minor_status = ret; + return GSS_S_FAILURE; + } + + { + DES_cblock ivec; + + memcpy (&ivec, p + 8, 8); + ret = krb5_encrypt_ivec (_gsskrb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + seq, 8, &encdata, + &ivec); + } + krb5_crypto_destroy (_gsskrb5_context, crypto); + if (ret) { + _gsskrb5_set_error_string (); + free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; + *minor_status = ret; + return GSS_S_FAILURE; + } + + assert (encdata.length == 8); + + memcpy (p, encdata.data, encdata.length); + krb5_data_free (&encdata); + + krb5_auth_con_setlocalseqnumber (_gsskrb5_context, + ctx->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + /* encrypt the data */ + p += 28; + + if(conf_req_flag) { + krb5_data tmp; + + ret = krb5_crypto_init(_gsskrb5_context, key, + ETYPE_DES3_CBC_NONE, &crypto); + if (ret) { + _gsskrb5_set_error_string (); + free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; + *minor_status = ret; + return GSS_S_FAILURE; + } + ret = krb5_encrypt(_gsskrb5_context, crypto, KRB5_KU_USAGE_SEAL, + p, datalen, &tmp); + krb5_crypto_destroy(_gsskrb5_context, crypto); + if (ret) { + _gsskrb5_set_error_string (); + free (output_message_buffer->value); + output_message_buffer->length = 0; + output_message_buffer->value = NULL; + *minor_status = ret; + return GSS_S_FAILURE; + } + assert (tmp.length == datalen); + + memcpy (p, tmp.data, datalen); + krb5_data_free(&tmp); + } + if(conf_state != NULL) + *conf_state = conf_req_flag; + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 _gsskrb5_wrap + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int * conf_state, + gss_buffer_t output_message_buffer + ) +{ + krb5_keyblock *key; + OM_uint32 ret; + krb5_keytype keytype; + const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + ret = _gsskrb5i_get_token_key(ctx, &key); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + if (ret) { + _gsskrb5_set_error_string (); + *minor_status = ret; + return GSS_S_FAILURE; + } + krb5_enctype_to_keytype (_gsskrb5_context, key->keytype, &keytype); + + switch (keytype) { + case KEYTYPE_DES : + ret = wrap_des (minor_status, ctx, conf_req_flag, + qop_req, input_message_buffer, conf_state, + output_message_buffer, key); + break; + case KEYTYPE_DES3 : + ret = wrap_des3 (minor_status, ctx, conf_req_flag, + qop_req, input_message_buffer, conf_state, + output_message_buffer, key); + break; + case KEYTYPE_ARCFOUR: + case KEYTYPE_ARCFOUR_56: + ret = _gssapi_wrap_arcfour (minor_status, ctx, conf_req_flag, + qop_req, input_message_buffer, conf_state, + output_message_buffer, key); + break; + default : + ret = _gssapi_wrap_cfx (minor_status, ctx, conf_req_flag, + qop_req, input_message_buffer, conf_state, + output_message_buffer, key); + break; + } + krb5_free_keyblock (_gsskrb5_context, key); + return ret; +} diff --git a/source4/heimdal/lib/gssapi/mech/context.h b/source4/heimdal/lib/gssapi/mech/context.h new file mode 100644 index 0000000000..7a215dd7d8 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/context.h @@ -0,0 +1,35 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/context.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ + * $Id: context.h,v 1.2 2006/06/28 09:00:25 lha Exp $ + */ + +#include + +struct _gss_context { + gssapi_mech_interface gc_mech; + gss_ctx_id_t gc_ctx; +}; diff --git a/source4/heimdal/lib/gssapi/mech/cred.h b/source4/heimdal/lib/gssapi/mech/cred.h new file mode 100644 index 0000000000..df89e79727 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/cred.h @@ -0,0 +1,42 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/cred.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ + * $Id: cred.h,v 1.3 2006/10/05 18:26:54 lha Exp $ + */ + +struct _gss_mechanism_cred { + SLIST_ENTRY(_gss_mechanism_cred) gmc_link; + gssapi_mech_interface gmc_mech; /* mechanism ops for MC */ + gss_OID gmc_mech_oid; /* mechanism oid for MC */ + gss_cred_id_t gmc_cred; /* underlying MC */ +}; +SLIST_HEAD(_gss_mechanism_cred_list, _gss_mechanism_cred); + +struct _gss_cred { + gss_cred_usage_t gc_usage; + struct _gss_mechanism_cred_list gc_mc; +}; + diff --git a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c new file mode 100644 index 0000000000..4d634bf20f --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c @@ -0,0 +1,223 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_accept_sec_context.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_accept_sec_context.c,v 1.6 2006/10/25 00:45:12 lha Exp $"); + +OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t *src_name, + gss_OID *mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec, + gss_cred_id_t *delegated_cred_handle) +{ + OM_uint32 major_status, mech_ret_flags; + gssapi_mech_interface m; + struct _gss_context *ctx = (struct _gss_context *) *context_handle; + struct _gss_cred *cred = (struct _gss_cred *) acceptor_cred_handle; + struct _gss_mechanism_cred *mc; + gss_cred_id_t acceptor_mc, delegated_mc; + gss_name_t src_mn; + int allocated_ctx; + + *minor_status = 0; + if (src_name) *src_name = 0; + if (mech_type) *mech_type = 0; + if (ret_flags) *ret_flags = 0; + if (time_rec) *time_rec = 0; + if (delegated_cred_handle) *delegated_cred_handle = 0; + output_token->length = 0; + output_token->value = 0; + + /* + * If this is the first call (*context_handle is NULL), we must + * parse the input token to figure out the mechanism to use. + */ + if (*context_handle == GSS_C_NO_CONTEXT) { + unsigned char *p = input_token->value; + size_t len = input_token->length; + size_t a, b; + gss_OID_desc mech_oid; + + /* + * Token must start with [APPLICATION 0] SEQUENCE. + * But if it doesn't assume its DCE-STYLE Kerberos! + */ + if (len == 0) + return (GSS_S_DEFECTIVE_TOKEN); + if (*p != 0x60) { + mech_oid = *GSS_KRB5_MECHANISM; + } else { + p++; + len--; + + /* + * Decode the length and make sure it agrees with the + * token length. + */ + if (len == 0) + return (GSS_S_DEFECTIVE_TOKEN); + if ((*p & 0x80) == 0) { + a = *p; + p++; + len--; + } else { + b = *p & 0x7f; + p++; + len--; + if (len < b) + return (GSS_S_DEFECTIVE_TOKEN); + a = 0; + while (b) { + a = (a << 8) | *p; + p++; + len--; + b--; + } + } + if (a != len) + return (GSS_S_DEFECTIVE_TOKEN); + + /* + * Decode the OID for the mechanism. Simplify life by + * assuming that the OID length is less than 128 bytes. + */ + if (len < 2 || *p != 0x06) + return (GSS_S_DEFECTIVE_TOKEN); + if ((p[1] & 0x80) || p[1] > (len - 2)) + return (GSS_S_DEFECTIVE_TOKEN); + mech_oid.length = p[1]; + p += 2; + len -= 2; + mech_oid.elements = p; + } + /* + * Now that we have a mechanism, we can find the + * implementation. + */ + ctx = malloc(sizeof(struct _gss_context)); + if (!ctx) { + *minor_status = ENOMEM; + return (GSS_S_DEFECTIVE_TOKEN); + } + memset(ctx, 0, sizeof(struct _gss_context)); + m = ctx->gc_mech = __gss_get_mechanism(&mech_oid); + if (!m) { + free(ctx); + return (GSS_S_BAD_MECH); + } + allocated_ctx = 1; + } else { + m = ctx->gc_mech; + allocated_ctx = 0; + } + + if (cred) { + SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) + if (mc->gmc_mech == m) + break; + if (!mc) + return (GSS_S_BAD_MECH); + acceptor_mc = mc->gmc_cred; + } else { + acceptor_mc = GSS_C_NO_CREDENTIAL; + } + delegated_mc = GSS_C_NO_CREDENTIAL; + + mech_ret_flags = 0; + major_status = m->gm_accept_sec_context(minor_status, + &ctx->gc_ctx, + acceptor_mc, + input_token, + input_chan_bindings, + &src_mn, + mech_type, + output_token, + &mech_ret_flags, + time_rec, + &delegated_mc); + if (major_status != GSS_S_COMPLETE && + major_status != GSS_S_CONTINUE_NEEDED) + return (major_status); + + if (!src_name) { + m->gm_release_name(minor_status, &src_mn); + } else { + /* + * Make a new name and mark it as an MN. + */ + struct _gss_name *name = _gss_make_name(m, src_mn); + + if (!name) { + m->gm_release_name(minor_status, &src_mn); + return (GSS_S_FAILURE); + } + *src_name = (gss_name_t) name; + } + + if (mech_ret_flags & GSS_C_DELEG_FLAG) { + if (!delegated_cred_handle) { + m->gm_release_cred(minor_status, &delegated_mc); + *ret_flags &= ~GSS_C_DELEG_FLAG; + } else { + struct _gss_cred *dcred; + struct _gss_mechanism_cred *dmc; + + dcred = malloc(sizeof(struct _gss_cred)); + if (!dcred) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + SLIST_INIT(&dcred->gc_mc); + dmc = malloc(sizeof(struct _gss_mechanism_cred)); + if (!dmc) { + free(dcred); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + m->gm_inquire_cred(minor_status, delegated_mc, + 0, 0, &dcred->gc_usage, 0); + dmc->gmc_mech = m; + dmc->gmc_mech_oid = &m->gm_mech_oid; + dmc->gmc_cred = delegated_mc; + SLIST_INSERT_HEAD(&dcred->gc_mc, dmc, gmc_link); + + *delegated_cred_handle = (gss_cred_id_t) dcred; + } + } + + if (ret_flags) + *ret_flags = mech_ret_flags; + *context_handle = (gss_ctx_id_t) ctx; + return (major_status); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c new file mode 100644 index 0000000000..0b3554c0fa --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c @@ -0,0 +1,164 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_acquire_cred.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_acquire_cred.c,v 1.4 2006/10/25 00:44:55 lha Exp $"); + +OM_uint32 +gss_acquire_cred(OM_uint32 *minor_status, + const gss_name_t desired_name, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *time_rec) +{ + OM_uint32 major_status; + gss_OID_set mechs = desired_mechs; + gss_OID_set_desc set; + struct _gss_name *name = (struct _gss_name *) desired_name; + gssapi_mech_interface m; + struct _gss_cred *cred; + struct _gss_mechanism_cred *mc; + OM_uint32 min_time, cred_time; + int i; + + _gss_load_mech(); + + /* + * First make sure that at least one of the requested + * mechanisms is one that we support. + */ + if (mechs) { + for (i = 0; i < mechs->count; i++) { + int t; + gss_test_oid_set_member(minor_status, + &mechs->elements[i], _gss_mech_oids, &t); + if (t) + break; + } + if (i == mechs->count) { + *output_cred_handle = 0; + *minor_status = 0; + return (GSS_S_BAD_MECH); + } + } + + if (actual_mechs) { + major_status = gss_create_empty_oid_set(minor_status, + actual_mechs); + if (major_status) + return (major_status); + } + + cred = malloc(sizeof(struct _gss_cred)); + if (!cred) { + if (actual_mechs) + gss_release_oid_set(minor_status, actual_mechs); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + cred->gc_usage = cred_usage; + SLIST_INIT(&cred->gc_mc); + + if (mechs == GSS_C_NO_OID_SET) + mechs = _gss_mech_oids; + + set.count = 1; + min_time = GSS_C_INDEFINITE; + for (i = 0; i < mechs->count; i++) { + struct _gss_mechanism_name *mn = NULL; + + m = __gss_get_mechanism(&mechs->elements[i]); + if (!m) + continue; + + if (desired_name != GSS_C_NO_NAME) { + mn = _gss_find_mn(name, &mechs->elements[i]); + if (!mn) + continue; + } + + mc = malloc(sizeof(struct _gss_mechanism_cred)); + if (!mc) { + continue; + } + SLIST_INIT(&cred->gc_mc); + mc->gmc_mech = m; + mc->gmc_mech_oid = &m->gm_mech_oid; + + /* + * XXX Probably need to do something with actual_mechs. + */ + set.elements = &mechs->elements[i]; + major_status = m->gm_acquire_cred(minor_status, + (desired_name != GSS_C_NO_NAME + ? mn->gmn_name : GSS_C_NO_NAME), + time_req, &set, cred_usage, + &mc->gmc_cred, NULL, &cred_time); + if (major_status) { + free(mc); + continue; + } + if (cred_time < min_time) + min_time = cred_time; + + if (actual_mechs) { + major_status = gss_add_oid_set_member(minor_status, + mc->gmc_mech_oid, actual_mechs); + if (major_status) { + m->gm_release_cred(minor_status, + &mc->gmc_cred); + free(mc); + continue; + } + } + + SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link); + } + + /* + * If we didn't manage to create a single credential, return + * an error. + */ + if (!SLIST_FIRST(&cred->gc_mc)) { + free(cred); + if (actual_mechs) + gss_release_oid_set(minor_status, actual_mechs); + *output_cred_handle = 0; + *minor_status = 0; + return (GSS_S_NO_CRED); + } + + if (time_rec) + *time_rec = min_time; + *output_cred_handle = (gss_cred_id_t) cred; + *minor_status = 0; + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c new file mode 100644 index 0000000000..beffd54e29 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c @@ -0,0 +1,175 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_add_cred.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_add_cred.c,v 1.3 2006/06/29 08:23:53 lha Exp $"); + +static struct _gss_mechanism_cred * +_gss_copy_cred(struct _gss_mechanism_cred *mc) +{ + struct _gss_mechanism_cred *new_mc; + gssapi_mech_interface m = mc->gmc_mech; + OM_uint32 major_status, minor_status; + gss_name_t name; + gss_cred_id_t cred; + OM_uint32 initiator_lifetime, acceptor_lifetime; + gss_cred_usage_t cred_usage; + + major_status = m->gm_inquire_cred_by_mech(&minor_status, + mc->gmc_cred, mc->gmc_mech_oid, + &name, &initiator_lifetime, &acceptor_lifetime, &cred_usage); + if (major_status) + return (0); + + major_status = m->gm_add_cred(&minor_status, + GSS_C_NO_CREDENTIAL, name, mc->gmc_mech_oid, + cred_usage, initiator_lifetime, acceptor_lifetime, + &cred, 0, 0, 0); + m->gm_release_name(&minor_status, &name); + + if (major_status) + return (0); + + new_mc = malloc(sizeof(struct _gss_mechanism_cred)); + if (!new_mc) { + m->gm_release_cred(&minor_status, &cred); + return (0); + } + new_mc->gmc_mech = m; + new_mc->gmc_mech_oid = &m->gm_mech_oid; + new_mc->gmc_cred = cred; + + return (new_mc); +} + +OM_uint32 +gss_add_cred(OM_uint32 *minor_status, + const gss_cred_id_t input_cred_handle, + const gss_name_t desired_name, + const gss_OID desired_mech, + gss_cred_usage_t cred_usage, + OM_uint32 initiator_time_req, + OM_uint32 acceptor_time_req, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *initiator_time_rec, + OM_uint32 *acceptor_time_rec) +{ + OM_uint32 major_status; + gssapi_mech_interface m; + struct _gss_cred *cred = (struct _gss_cred *) input_cred_handle; + struct _gss_cred *new_cred; + gss_cred_id_t release_cred; + struct _gss_mechanism_cred *mc, *target_mc, *copy_mc; + struct _gss_mechanism_name *mn; + OM_uint32 junk; + + *output_cred_handle = 0; + *minor_status = 0; + + new_cred = malloc(sizeof(struct _gss_cred)); + if (!new_cred) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + new_cred->gc_usage = cred_usage; + SLIST_INIT(&new_cred->gc_mc); + + /* + * We go through all the mc attached to the input_cred_handle + * and check the mechanism. If it matches, we call + * gss_add_cred for that mechanism, otherwise we copy the mc + * to new_cred. + */ + target_mc = 0; + if (cred) { + SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { + if (gss_oid_equal(mc->gmc_mech_oid, desired_mech)) { + target_mc = mc; + } + copy_mc = _gss_copy_cred(mc); + if (!copy_mc) { + release_cred = (gss_cred_id_t)new_cred; + gss_release_cred(&junk, &release_cred); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + SLIST_INSERT_HEAD(&new_cred->gc_mc, copy_mc, gmc_link); + } + } + + /* + * Figure out a suitable mn, if any. + */ + if (desired_name) { + mn = _gss_find_mn((struct _gss_name *) desired_name, + desired_mech); + if (!mn) { + free(new_cred); + return (GSS_S_BAD_NAME); + } + } else { + mn = 0; + } + + m = __gss_get_mechanism(desired_mech); + + mc = malloc(sizeof(struct _gss_mechanism_cred)); + if (!mc) { + release_cred = (gss_cred_id_t)new_cred; + gss_release_cred(&junk, &release_cred); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + mc->gmc_mech = m; + mc->gmc_mech_oid = &m->gm_mech_oid; + + major_status = m->gm_add_cred(minor_status, + target_mc ? target_mc->gmc_cred : GSS_C_NO_CREDENTIAL, + desired_name ? mn->gmn_name : GSS_C_NO_NAME, + desired_mech, + cred_usage, + initiator_time_req, + acceptor_time_req, + &mc->gmc_cred, + actual_mechs, + initiator_time_rec, + acceptor_time_rec); + + if (major_status) { + release_cred = (gss_cred_id_t)new_cred; + gss_release_cred(&junk, &release_cred); + free(mc); + return (major_status); + } + SLIST_INSERT_HEAD(&new_cred->gc_mc, mc, gmc_link); + *output_cred_handle = (gss_cred_id_t) new_cred; + + return (GSS_S_COMPLETE); +} + diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c b/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c new file mode 100644 index 0000000000..5806cec009 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c @@ -0,0 +1,67 @@ +/* + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id: gss_add_oid_set_member.c,v 1.3 2006/10/22 09:36:13 lha Exp $"); + +OM_uint32 +gss_add_oid_set_member (OM_uint32 * minor_status, + const gss_OID member_oid, + gss_OID_set * oid_set) +{ + gss_OID tmp; + size_t n; + OM_uint32 res; + int present; + + res = gss_test_oid_set_member(minor_status, member_oid, *oid_set, &present); + if (res != GSS_S_COMPLETE) + return res; + + if (present) { + *minor_status = 0; + return GSS_S_COMPLETE; + } + + n = (*oid_set)->count + 1; + tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc)); + if (tmp == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + (*oid_set)->elements = tmp; + (*oid_set)->count = n; + (*oid_set)->elements[n-1] = *member_oid; + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c b/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c new file mode 100644 index 0000000000..9e9bd5e790 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c @@ -0,0 +1,125 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id: gss_buffer_set.c,v 1.2 2006/10/24 21:53:02 lha Exp $"); + +OM_uint32 +gss_create_empty_buffer_set + (OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set) +{ + gss_buffer_set_t set; + + set = (gss_buffer_set_desc *) malloc(sizeof(*set)); + if (set == GSS_C_NO_BUFFER_SET) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + set->count = 0; + set->elements = NULL; + + *buffer_set = set; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +gss_add_buffer_set_member + (OM_uint32 * minor_status, + const gss_buffer_t member_buffer, + gss_buffer_set_t *buffer_set) +{ + gss_buffer_set_t set; + gss_buffer_t p; + OM_uint32 ret; + + if (*buffer_set == GSS_C_NO_BUFFER_SET) { + ret = gss_create_empty_buffer_set(minor_status, + buffer_set); + if (ret) { + return ret; + } + } + + set = *buffer_set; + set->elements = realloc(set->elements, + (set->count + 1) * sizeof(set->elements[0])); + if (set->elements == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = &set->elements[set->count]; + + p->value = malloc(member_buffer->length); + if (p->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(p->value, member_buffer->value, member_buffer->length); + p->length = member_buffer->length; + + set->count++; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +gss_release_buffer_set(OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set) +{ + int i; + OM_uint32 minor; + + *minor_status = 0; + + if (*buffer_set == GSS_C_NO_BUFFER_SET) + return GSS_S_COMPLETE; + + for (i = 0; i < (*buffer_set)->count; i++) + gss_release_buffer(&minor, &((*buffer_set)->elements[i])); + + free((*buffer_set)->elements); + + (*buffer_set)->elements = NULL; + (*buffer_set)->count = 0; + + free(*buffer_set); + *buffer_set = GSS_C_NO_BUFFER_SET; + + return GSS_S_COMPLETE; +} + diff --git a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c new file mode 100644 index 0000000000..38a464be46 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c @@ -0,0 +1,87 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_canonicalize_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_canonicalize_name.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_canonicalize_name(OM_uint32 *minor_status, + const gss_name_t input_name, + const gss_OID mech_type, + gss_name_t *output_name) +{ + OM_uint32 major_status; + struct _gss_name *name = (struct _gss_name *) input_name; + struct _gss_mechanism_name *mn; + gssapi_mech_interface m = __gss_get_mechanism(mech_type); + gss_name_t new_canonical_name; + + *minor_status = 0; + *output_name = 0; + + mn = _gss_find_mn(name, mech_type); + if (!mn) { + return (GSS_S_BAD_MECH); + } + + m = mn->gmn_mech; + major_status = m->gm_canonicalize_name(minor_status, + mn->gmn_name, mech_type, &new_canonical_name); + if (major_status) + return (major_status); + + /* + * Now we make a new name and mark it as an MN. + */ + *minor_status = 0; + name = malloc(sizeof(struct _gss_name)); + if (!name) { + m->gm_release_name(minor_status, &new_canonical_name); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + memset(name, 0, sizeof(struct _gss_name)); + + mn = malloc(sizeof(struct _gss_mechanism_name)); + if (!mn) { + m->gm_release_name(minor_status, &new_canonical_name); + free(name); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + + SLIST_INIT(&name->gn_mn); + mn->gmn_mech = m; + mn->gmn_mech_oid = &m->gm_mech_oid; + mn->gmn_name = new_canonical_name; + SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); + + *output_name = (gss_name_t) name; + + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c new file mode 100644 index 0000000000..1068bfabf6 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c @@ -0,0 +1,74 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_compare_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_compare_name.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_compare_name(OM_uint32 *minor_status, + const gss_name_t name1_arg, + const gss_name_t name2_arg, + int *name_equal) +{ + struct _gss_name *name1 = (struct _gss_name *) name1_arg; + struct _gss_name *name2 = (struct _gss_name *) name2_arg; + + /* + * First check the implementation-independant name if both + * names have one. Otherwise, try to find common mechanism + * names and compare them. + */ + if (name1->gn_value.value && name2->gn_value.value) { + *name_equal = 1; + if (!gss_oid_equal(&name1->gn_type, &name2->gn_type)) { + *name_equal = 0; + } else if (name1->gn_value.length != name2->gn_value.length || + memcmp(name1->gn_value.value, name1->gn_value.value, + name1->gn_value.length)) { + *name_equal = 0; + } + } else { + struct _gss_mechanism_name *mn1; + struct _gss_mechanism_name *mn2; + + SLIST_FOREACH(mn1, &name1->gn_mn, gmn_link) { + mn2 = _gss_find_mn(name2, mn1->gmn_mech_oid); + if (mn2) { + return (mn1->gmn_mech->gm_compare_name( + minor_status, + mn1->gmn_name, + mn2->gmn_name, + name_equal)); + } + } + *name_equal = 0; + } + + *minor_status = 0; + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_context_time.c b/source4/heimdal/lib/gssapi/mech/gss_context_time.c new file mode 100644 index 0000000000..4b17381776 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_context_time.c @@ -0,0 +1,41 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_context_time.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_context_time.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_context_time(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + OM_uint32 *time_rec) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m = ctx->gc_mech; + + return (m->gm_context_time(minor_status, ctx->gc_ctx, time_rec)); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c b/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c new file mode 100644 index 0000000000..7298ec9e83 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c @@ -0,0 +1,52 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_create_empty_oid_set.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_create_empty_oid_set.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_create_empty_oid_set(OM_uint32 *minor_status, + gss_OID_set *oid_set) +{ + gss_OID_set set; + + *minor_status = 0; + *oid_set = 0; + + set = malloc(sizeof(gss_OID_set_desc)); + if (!set) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + + set->count = 0; + set->elements = 0; + *oid_set = set; + + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c b/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c new file mode 100644 index 0000000000..8ebb848188 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id: gss_decapsulate_token.c,v 1.2 2006/10/14 10:04:45 lha Exp $"); + +OM_uint32 +gss_decapsulate_token(gss_buffer_t input_token, + gss_OID oid, + gss_buffer_t output_token) +{ + GSSAPIContextToken ct; + heim_oid o; + OM_uint32 status; + int ret; + size_t size; + + output_token->length = 0; + output_token->value = NULL; + + ret = der_get_oid (oid->elements, oid->length, &o, &size); + if (ret) + return GSS_S_FAILURE; + + ret = decode_GSSAPIContextToken(input_token->value, input_token->length, + &ct, NULL); + if (ret) { + der_free_oid(&o); + return GSS_S_FAILURE; + } + + if (der_heim_oid_cmp(&ct.thisMech, &o) == 0) { + status = GSS_S_COMPLETE; + output_token->value = ct.innerContextToken.data; + output_token->length = ct.innerContextToken.length; + der_free_oid(&ct.thisMech); + } else { + free_GSSAPIContextToken(&ct); + status = GSS_S_FAILURE; + } + der_free_oid(&o); + + return status; +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c new file mode 100644 index 0000000000..06ef8e6d09 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c @@ -0,0 +1,58 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_delete_sec_context.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_delete_sec_context.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_delete_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_buffer_t output_token) +{ + OM_uint32 major_status; + struct _gss_context *ctx = (struct _gss_context *) *context_handle; + + *minor_status = 0; + if (ctx) { + /* + * If we have an implementation ctx, delete it, + * otherwise fake an empty token. + */ + if (ctx->gc_ctx) { + major_status = ctx->gc_mech->gm_delete_sec_context( + minor_status, &ctx->gc_ctx, output_token); + } else if (output_token != GSS_C_NO_BUFFER) { + output_token->length = 0; + output_token->value = 0; + } + free(ctx); + *context_handle = 0; + } + + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_display_name.c b/source4/heimdal/lib/gssapi/mech/gss_display_name.c new file mode 100644 index 0000000000..79f62a7a4f --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_display_name.c @@ -0,0 +1,74 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_display_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_display_name.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_display_name(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_buffer_t output_name_buffer, + gss_OID *output_name_type) +{ + OM_uint32 major_status; + struct _gss_name *name = (struct _gss_name *) input_name; + struct _gss_mechanism_name *mn; + + /* + * If we know it, copy the buffer used to import the name in + * the first place. Otherwise, ask all the MNs in turn if + * they can display the thing. + */ + if (name->gn_value.value) { + output_name_buffer->value = malloc(name->gn_value.length); + if (!output_name_buffer->value) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + output_name_buffer->length = name->gn_value.length; + memcpy(output_name_buffer->value, name->gn_value.value, + output_name_buffer->length); + if (output_name_type) + *output_name_type = &name->gn_type; + + *minor_status = 0; + return (GSS_S_COMPLETE); + } else { + SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + major_status = mn->gmn_mech->gm_display_name( + minor_status, mn->gmn_name, + output_name_buffer, + output_name_type); + if (major_status == GSS_S_COMPLETE) + return (GSS_S_COMPLETE); + } + } + + *minor_status = 0; + return (GSS_S_FAILURE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_display_status.c b/source4/heimdal/lib/gssapi/mech/gss_display_status.c new file mode 100644 index 0000000000..7871f5338b --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_display_status.c @@ -0,0 +1,184 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_display_status.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ +/* + * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id: gss_display_status.c,v 1.4 2006/07/19 11:02:33 lha Exp $"); + +static const char * +calling_error(OM_uint32 v) +{ + static const char *msgs[] = { + NULL, /* 0 */ + "A required input parameter could not be read.", /* */ + "A required output parameter could not be written.", /* */ + "A parameter was malformed" + }; + + v >>= GSS_C_CALLING_ERROR_OFFSET; + + if (v == 0) + return ""; + else if (v >= sizeof(msgs)/sizeof(*msgs)) + return "unknown calling error"; + else + return msgs[v]; +} + +static const char * +routine_error(OM_uint32 v) +{ + static const char *msgs[] = { + NULL, /* 0 */ + "An unsupported mechanism was requested", + "An invalid name was supplied", + "A supplied name was of an unsupported type", + "Incorrect channel bindings were supplied", + "An invalid status code was supplied", + "A token had an invalid MIC", + "No credentials were supplied, " + "or the credentials were unavailable or inaccessible.", + "No context has been established", + "A token was invalid", + "A credential was invalid", + "The referenced credentials have expired", + "The context has expired", + "Miscellaneous failure (see text)", + "The quality-of-protection requested could not be provide", + "The operation is forbidden by local security policy", + "The operation or option is not available", + "The requested credential element already exists", + "The provided name was not a mechanism name.", + }; + + v >>= GSS_C_ROUTINE_ERROR_OFFSET; + + if (v == 0) + return ""; + else if (v >= sizeof(msgs)/sizeof(*msgs)) + return "unknown routine error"; + else + return msgs[v]; +} + +static const char * +supplementary_error(OM_uint32 v) +{ + static const char *msgs[] = { + "normal completion", + "continuation call to routine required", + "duplicate per-message token detected", + "timed-out per-message token detected", + "reordered (early) per-message token detected", + "skipped predecessor token(s) detected" + }; + + v >>= GSS_C_SUPPLEMENTARY_OFFSET; + + if (v >= sizeof(msgs)/sizeof(*msgs)) + return "unknown routine error"; + else + return msgs[v]; +} + + +OM_uint32 +gss_display_status(OM_uint32 *minor_status, + OM_uint32 status_value, + int status_type, + const gss_OID mech_type, + OM_uint32 *message_content, + gss_buffer_t status_string) +{ + OM_uint32 major_status; + + *minor_status = 0; + switch (status_type) { + case GSS_C_GSS_CODE: { + char *buf; + + if (GSS_SUPPLEMENTARY_INFO(status_value)) + asprintf(&buf, "%s", supplementary_error( + GSS_SUPPLEMENTARY_INFO(status_value))); + else + asprintf (&buf, "%s %s", + calling_error(GSS_CALLING_ERROR(status_value)), + routine_error(GSS_ROUTINE_ERROR(status_value))); + + status_string->length = strlen(buf); + status_string->value = buf; + + return GSS_S_COMPLETE; + } + case GSS_C_MECH_CODE: { + gssapi_mech_interface m; + m = __gss_get_mechanism(mech_type); + if (m) { + major_status = m->gm_display_status(minor_status, + status_value, status_type, mech_type, + message_content, status_string); + if (major_status == GSS_S_COMPLETE) + return (GSS_S_COMPLETE); + } + } + } + status_string->value = NULL; + status_string->length = 0; + return (GSS_S_BAD_STATUS); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c new file mode 100644 index 0000000000..5ef828f472 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c @@ -0,0 +1,75 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_duplicate_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_duplicate_name.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, + const gss_name_t src_name, + gss_name_t *dest_name) +{ + OM_uint32 major_status; + struct _gss_name *name = (struct _gss_name *) src_name; + struct _gss_name *new_name; + struct _gss_mechanism_name *mn; + + *minor_status = 0; + + /* + * If this name has a value (i.e. it didn't come from + * gss_canonicalize_name(), we re-import the thing. Otherwise, + * we make an empty name to hold the MN copy. + */ + if (name->gn_value.value) { + major_status = gss_import_name(minor_status, + &name->gn_value, &name->gn_type, dest_name); + if (major_status != GSS_S_COMPLETE) + return (major_status); + new_name = (struct _gss_name *) *dest_name; + } else { + new_name = malloc(sizeof(struct _gss_name)); + if (!new_name) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + memset(new_name, 0, sizeof(struct _gss_name)); + SLIST_INIT(&name->gn_mn); + *dest_name = (gss_name_t) new_name; + } + + /* + * Import the new name into any mechanisms listed in the + * original name. We could probably get away with only doing + * this if the original was canonical. + */ + SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + _gss_find_mn(new_name, mn->gmn_mech_oid); + } + + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_duplicate_oid.c b/source4/heimdal/lib/gssapi/mech/gss_duplicate_oid.c new file mode 100644 index 0000000000..bfb0e75315 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_duplicate_oid.c @@ -0,0 +1,67 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id: gss_duplicate_oid.c,v 1.1 2006/06/28 09:07:07 lha Exp $"); + +OM_uint32 gss_duplicate_oid ( + OM_uint32 *minor_status, + gss_OID src_oid, + gss_OID *dest_oid + ) +{ + *minor_status = 0; + + if (src_oid == GSS_C_NO_OID) { + *dest_oid = GSS_C_NO_OID; + return GSS_S_COMPLETE; + } + + *dest_oid = malloc(sizeof(**dest_oid)); + if (*dest_oid == GSS_C_NO_OID) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + (*dest_oid)->elements = malloc(src_oid->length); + if ((*dest_oid)->elements == NULL) { + free(*dest_oid); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy((*dest_oid)->elements, src_oid->elements, src_oid->length); + (*dest_oid)->length = src_oid->length; + + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c b/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c new file mode 100644 index 0000000000..d1285815ee --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id: gss_encapsulate_token.c,v 1.2 2006/10/14 10:05:12 lha Exp $"); + +OM_uint32 +gss_encapsulate_token(gss_buffer_t input_token, + gss_OID oid, + gss_buffer_t output_token) +{ + GSSAPIContextToken ct; + int ret; + size_t size; + + ret = der_get_oid (oid->elements, oid->length, &ct.thisMech, &size); + if (ret) { + output_token->value = NULL; + output_token->length = 0; + return GSS_S_FAILURE; + } + + ct.innerContextToken.data = input_token->value; + ct.innerContextToken.length = input_token->length; + + ASN1_MALLOC_ENCODE(GSSAPIContextToken, + output_token->value, output_token->length, + &ct, &size, ret); + der_free_oid(&ct.thisMech); + if (ret) { + output_token->length = 0; + output_token->value = NULL; + return GSS_S_FAILURE; + } + if (output_token->length != size) + abort(); + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_export_name.c b/source4/heimdal/lib/gssapi/mech/gss_export_name.c new file mode 100644 index 0000000000..bc1c39c8ee --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_export_name.c @@ -0,0 +1,56 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_export_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_export_name.c,v 1.3 2006/07/05 22:41:57 lha Exp $"); + +OM_uint32 +gss_export_name(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_buffer_t exported_name) +{ + struct _gss_name *name = (struct _gss_name *) input_name; + struct _gss_mechanism_name *mn; + + exported_name->value = NULL; + exported_name->length = 0; + + /* + * If this name already has any attached MNs, export the first + * one, otherwise export based on the first mechanism in our + * list. + */ + mn = SLIST_FIRST(&name->gn_mn); + if (!mn) { + *minor_status = 0; + return (GSS_S_NAME_NOT_MN); + } + + return mn->gmn_mech->gm_export_name(minor_status, + mn->gmn_name, exported_name); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c new file mode 100644 index 0000000000..1acc72b33d --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c @@ -0,0 +1,73 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_export_sec_context.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_export_sec_context.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_export_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_buffer_t interprocess_token) +{ + OM_uint32 major_status; + struct _gss_context *ctx = (struct _gss_context *) *context_handle; + gssapi_mech_interface m = ctx->gc_mech; + gss_buffer_desc buf; + + major_status = m->gm_export_sec_context(minor_status, + &ctx->gc_ctx, &buf); + + if (major_status == GSS_S_COMPLETE) { + unsigned char *p; + + free(ctx); + *context_handle = GSS_C_NO_CONTEXT; + interprocess_token->length = buf.length + + 2 + m->gm_mech_oid.length; + interprocess_token->value = malloc(interprocess_token->length); + if (!interprocess_token->value) { + /* + * We are in trouble here - the context is + * already gone. This is allowed as long as we + * set the caller's context_handle to + * GSS_C_NO_CONTEXT, which we did above. + * Return GSS_S_FAILURE. + */ + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + p = interprocess_token->value; + p[0] = m->gm_mech_oid.length >> 8; + p[1] = m->gm_mech_oid.length; + memcpy(p + 2, m->gm_mech_oid.elements, m->gm_mech_oid.length); + memcpy(p + 2 + m->gm_mech_oid.length, buf.value, buf.length); + gss_release_buffer(minor_status, &buf); + } + + return (major_status); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_get_mic.c b/source4/heimdal/lib/gssapi/mech/gss_get_mic.c new file mode 100644 index 0000000000..e9a8f294a4 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_get_mic.c @@ -0,0 +1,44 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_get_mic.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_get_mic.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_get_mic(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m = ctx->gc_mech; + + return (m->gm_get_mic(minor_status, ctx->gc_ctx, qop_req, + message_buffer, message_token)); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_import_name.c b/source4/heimdal/lib/gssapi/mech/gss_import_name.c new file mode 100644 index 0000000000..9684301ba4 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_import_name.c @@ -0,0 +1,214 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_import_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_import_name.c,v 1.3 2006/06/29 21:23:13 lha Exp $"); + +static OM_uint32 +_gss_import_export_name(OM_uint32 *minor_status, + const gss_buffer_t input_name_buffer, + gss_name_t *output_name) +{ + OM_uint32 major_status; + unsigned char *p = input_name_buffer->value; + size_t len = input_name_buffer->length; + size_t t; + gss_OID_desc mech_oid; + gssapi_mech_interface m; + struct _gss_name *name; + gss_name_t new_canonical_name; + + *minor_status = 0; + *output_name = 0; + + /* + * Make sure that TOK_ID is {4, 1}. + */ + if (len < 2) + return (GSS_S_BAD_NAME); + if (p[0] != 4 || p[1] != 1) + return (GSS_S_BAD_NAME); + p += 2; + len -= 2; + + /* + * Get the mech length and the name length and sanity + * check the size of of the buffer. + */ + if (len < 2) + return (GSS_S_BAD_NAME); + t = (p[0] << 8) + p[1]; + p += 2; + len -= 2; + + /* + * Check the DER encoded OID to make sure it agrees with the + * length we just decoded. + */ + if (p[0] != 6) /* 6=OID */ + return (GSS_S_BAD_NAME); + p++; + len--; + t--; + if (p[0] & 0x80) { + int digits = p[0]; + p++; + len--; + t--; + mech_oid.length = 0; + while (digits--) { + mech_oid.length = (mech_oid.length << 8) | p[0]; + p++; + len--; + t--; + } + } else { + mech_oid.length = p[0]; + p++; + len--; + t--; + } + if (mech_oid.length != t) + return (GSS_S_BAD_NAME); + + mech_oid.elements = p; + + if (len < t + 4) + return (GSS_S_BAD_NAME); + p += t; + len -= t; + + t = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + p += 4; + len -= 4; + + if (len != t) + return (GSS_S_BAD_NAME); + + m = __gss_get_mechanism(&mech_oid); + if (!m) + return (GSS_S_BAD_MECH); + + /* + * Ask the mechanism to import the name. + */ + major_status = m->gm_import_name(minor_status, + input_name_buffer, GSS_C_NT_EXPORT_NAME, &new_canonical_name); + + /* + * Now we make a new name and mark it as an MN. + */ + name = _gss_make_name(m, new_canonical_name); + if (!name) { + m->gm_release_name(minor_status, &new_canonical_name); + return (GSS_S_FAILURE); + } + + *output_name = (gss_name_t) name; + + *minor_status = 0; + return (GSS_S_COMPLETE); +} + +OM_uint32 +gss_import_name(OM_uint32 *minor_status, + const gss_buffer_t input_name_buffer, + const gss_OID input_name_type, + gss_name_t *output_name) +{ + gss_OID name_type = input_name_type; + OM_uint32 major_status; + struct _gss_name *name; + + if (input_name_buffer->length == 0) { + *minor_status = 0; + *output_name = 0; + return (GSS_S_BAD_NAME); + } + + /* + * Use GSS_NT_USER_NAME as default name type. + */ + if (name_type == GSS_C_NO_OID) + name_type = GSS_C_NT_USER_NAME; + + /* + * If this is an exported name, we need to parse it to find + * the mechanism and then import it as an MN. See RFC 2743 + * section 3.2 for a description of the format. + */ + if (gss_oid_equal(name_type, GSS_C_NT_EXPORT_NAME)) { + return _gss_import_export_name(minor_status, + input_name_buffer, output_name); + } + + /* + * Only allow certain name types. This is pretty bogus - we + * should figure out the list of supported name types using + * gss_inquire_names_for_mech. + */ + if (!gss_oid_equal(name_type, GSS_C_NT_USER_NAME) + && !gss_oid_equal(name_type, GSS_C_NT_MACHINE_UID_NAME) + && !gss_oid_equal(name_type, GSS_C_NT_STRING_UID_NAME) + && !gss_oid_equal(name_type, GSS_C_NT_HOSTBASED_SERVICE_X) + && !gss_oid_equal(name_type, GSS_C_NT_HOSTBASED_SERVICE) + && !gss_oid_equal(name_type, GSS_C_NT_ANONYMOUS) + && !gss_oid_equal(name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) { + *minor_status = 0; + *output_name = 0; + return (GSS_S_BAD_NAMETYPE); + } + + *minor_status = 0; + name = malloc(sizeof(struct _gss_name)); + if (!name) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + memset(name, 0, sizeof(struct _gss_name)); + + major_status = _gss_copy_oid(minor_status, + name_type, &name->gn_type); + if (major_status) { + free(name); + return (GSS_S_FAILURE); + } + + major_status = _gss_copy_buffer(minor_status, + input_name_buffer, &name->gn_value); + if (major_status) { + gss_name_t rname = (gss_name_t)name; + gss_release_name(minor_status, &rname); + return (GSS_S_FAILURE); + } + + SLIST_INIT(&name->gn_mn); + + *output_name = (gss_name_t) name; + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c new file mode 100644 index 0000000000..5466f97cf4 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c @@ -0,0 +1,82 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_import_sec_context.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_import_sec_context.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_import_sec_context(OM_uint32 *minor_status, + const gss_buffer_t interprocess_token, + gss_ctx_id_t *context_handle) +{ + OM_uint32 major_status; + gssapi_mech_interface m; + struct _gss_context *ctx; + gss_OID_desc mech_oid; + gss_buffer_desc buf; + unsigned char *p; + size_t len; + + *minor_status = 0; + *context_handle = 0; + + /* + * We added an oid to the front of the token in + * gss_export_sec_context. + */ + p = interprocess_token->value; + len = interprocess_token->length; + if (len < 2) + return (GSS_S_DEFECTIVE_TOKEN); + mech_oid.length = (p[0] << 8) | p[1]; + if (len < mech_oid.length + 2) + return (GSS_S_DEFECTIVE_TOKEN); + mech_oid.elements = p + 2; + buf.length = len - 2 - mech_oid.length; + buf.value = p + 2 + mech_oid.length; + + m = __gss_get_mechanism(&mech_oid); + if (!m) + return (GSS_S_DEFECTIVE_TOKEN); + + ctx = malloc(sizeof(struct _gss_context)); + if (!ctx) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + ctx->gc_mech = m; + major_status = m->gm_import_sec_context(minor_status, + &buf, &ctx->gc_ctx); + if (major_status != GSS_S_COMPLETE) { + free(ctx); + } else { + *context_handle = (gss_ctx_id_t) ctx; + } + + return (major_status); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c b/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c new file mode 100644 index 0000000000..0da6c48834 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c @@ -0,0 +1,65 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_indicate_mechs.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_indicate_mechs.c,v 1.3 2006/07/05 22:36:49 lha Exp $"); + +OM_uint32 +gss_indicate_mechs(OM_uint32 *minor_status, + gss_OID_set *mech_set) +{ + struct _gss_mech_switch *m; + OM_uint32 major_status; + gss_OID_set set; + int i; + + _gss_load_mech(); + + major_status = gss_create_empty_oid_set(minor_status, mech_set); + if (major_status) + return (major_status); + + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (m->gm_mech.gm_indicate_mechs) { + major_status = m->gm_mech.gm_indicate_mechs( + minor_status, &set); + if (major_status) + continue; + for (i = 0; i < set->count; i++) + major_status = gss_add_oid_set_member( + minor_status, &set->elements[i], mech_set); + gss_release_oid_set(minor_status, &set); + } else { + major_status = gss_add_oid_set_member( + minor_status, &m->gm_mech_oid, mech_set); + } + } + + *minor_status = 0; + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c new file mode 100644 index 0000000000..ccaf91ba9d --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c @@ -0,0 +1,133 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_init_sec_context.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_init_sec_context.c,v 1.3 2006/07/06 22:30:09 lha Exp $"); + +OM_uint32 +gss_init_sec_context(OM_uint32 * minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + const gss_OID input_mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec) +{ + OM_uint32 major_status; + gssapi_mech_interface m; + struct _gss_name *name = (struct _gss_name *) target_name; + struct _gss_mechanism_name *mn; + struct _gss_context *ctx = (struct _gss_context *) *context_handle; + struct _gss_cred *cred = (struct _gss_cred *) initiator_cred_handle; + struct _gss_mechanism_cred *mc; + gss_cred_id_t cred_handle; + int allocated_ctx; + gss_OID mech_type = input_mech_type; + + *minor_status = 0; + + /* + * If we haven't allocated a context yet, do so now and lookup + * the mechanism switch table. If we have one already, make + * sure we use the same mechanism switch as before. + */ + if (!ctx) { + if (mech_type == NULL) + mech_type = GSS_KRB5_MECHANISM; + + ctx = malloc(sizeof(struct _gss_context)); + if (!ctx) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + memset(ctx, 0, sizeof(struct _gss_context)); + m = ctx->gc_mech = __gss_get_mechanism(mech_type); + if (!m) { + free(ctx); + return (GSS_S_BAD_MECH); + } + allocated_ctx = 1; + } else { + m = ctx->gc_mech; + mech_type = &ctx->gc_mech->gm_mech_oid; + allocated_ctx = 0; + } + + /* + * Find the MN for this mechanism. + */ + mn = _gss_find_mn(name, mech_type); + if (mn == NULL) { + if (allocated_ctx) + free(ctx); + return GSS_S_BAD_NAME; + } + + /* + * If we have a cred, find the cred for this mechanism. + */ + cred_handle = GSS_C_NO_CREDENTIAL; + if (cred) { + SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { + if (gss_oid_equal(mech_type, mc->gmc_mech_oid)) { + cred_handle = mc->gmc_cred; + break; + } + } + } + + major_status = m->gm_init_sec_context(minor_status, + cred_handle, + &ctx->gc_ctx, + mn->gmn_name, + mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); + + if (major_status != GSS_S_COMPLETE + && major_status != GSS_S_CONTINUE_NEEDED) { + if (allocated_ctx) + free(ctx); + } else { + *context_handle = (gss_ctx_id_t) ctx; + } + + return (major_status); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c new file mode 100644 index 0000000000..88bbb3941f --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c @@ -0,0 +1,85 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_inquire_context.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_inquire_context.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_inquire_context(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_name_t *src_name, + gss_name_t *targ_name, + OM_uint32 *lifetime_rec, + gss_OID *mech_type, + OM_uint32 *ctx_flags, + int *locally_initiated, + int *open) +{ + OM_uint32 major_status; + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m = ctx->gc_mech; + struct _gss_name *name; + gss_name_t src_mn, targ_mn; + + major_status = m->gm_inquire_context(minor_status, + ctx->gc_ctx, + src_name ? &src_mn : 0, + targ_name ? &targ_mn : 0, + lifetime_rec, + mech_type, + ctx_flags, + locally_initiated, + open); + + if (src_name) *src_name = 0; + if (targ_name) *targ_name = 0; + + if (major_status != GSS_S_COMPLETE) { + return (major_status); + } + + if (src_name) { + name = _gss_make_name(m, src_mn); + if (!name) { + minor_status = 0; + return (GSS_S_FAILURE); + } + *src_name = (gss_name_t) name; + } + + if (targ_name) { + name = _gss_make_name(m, targ_mn); + if (!name) { + minor_status = 0; + return (GSS_S_FAILURE); + } + *targ_name = (gss_name_t) name; + } + + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c new file mode 100644 index 0000000000..223140205d --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c @@ -0,0 +1,168 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_inquire_cred.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_inquire_cred.c,v 1.5 2006/07/20 02:03:18 lha Exp $"); + +OM_uint32 +gss_inquire_cred(OM_uint32 *minor_status, + const gss_cred_id_t cred_handle, + gss_name_t *name_ret, + OM_uint32 *lifetime, + gss_cred_usage_t *cred_usage, + gss_OID_set *mechanisms) +{ + OM_uint32 major_status; + struct _gss_mech_switch *m; + struct _gss_cred *cred = (struct _gss_cred *) cred_handle; + struct _gss_name *name; + struct _gss_mechanism_name *mn; + OM_uint32 min_lifetime; + int found = 0; + + _gss_load_mech(); + + *minor_status = 0; + if (name_ret) + *name_ret = 0; + if (lifetime) + *lifetime = 0; + if (cred_usage) + *cred_usage = 0; + + if (name_ret) { + name = malloc(sizeof(struct _gss_name)); + if (!name) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + memset(name, 0, sizeof(struct _gss_name)); + SLIST_INIT(&name->gn_mn); + } else { + name = 0; + } + + if (mechanisms) { + major_status = gss_create_empty_oid_set(minor_status, + mechanisms); + if (major_status) { + if (name) free(name); + return (major_status); + } + } + + min_lifetime = GSS_C_INDEFINITE; + if (cred) { + struct _gss_mechanism_cred *mc; + + SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { + gss_name_t mc_name; + OM_uint32 mc_lifetime; + + major_status = mc->gmc_mech->gm_inquire_cred(minor_status, + mc->gmc_cred, &mc_name, &mc_lifetime, NULL, NULL); + if (major_status) + continue; + + if (name) { + mn = malloc(sizeof(struct _gss_mechanism_name)); + if (!mn) { + mc->gmc_mech->gm_release_name(minor_status, + &mc_name); + continue; + } + mn->gmn_mech = mc->gmc_mech; + mn->gmn_mech_oid = mc->gmc_mech_oid; + mn->gmn_name = mc_name; + SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); + } else { + mc->gmc_mech->gm_release_name(minor_status, + &mc_name); + } + + if (mc_lifetime < min_lifetime) + min_lifetime = mc_lifetime; + + if (mechanisms) + gss_add_oid_set_member(minor_status, + mc->gmc_mech_oid, mechanisms); + found++; + } + } else { + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + gss_name_t mc_name; + OM_uint32 mc_lifetime; + + major_status = m->gm_mech.gm_inquire_cred(minor_status, + GSS_C_NO_CREDENTIAL, &mc_name, &mc_lifetime, + cred_usage, NULL); + if (major_status) + continue; + + if (name && mc_name) { + mn = malloc( + sizeof(struct _gss_mechanism_name)); + if (!mn) { + m->gm_mech.gm_release_name( + minor_status, &mc_name); + continue; + } + mn->gmn_mech = &m->gm_mech; + mn->gmn_mech_oid = &m->gm_mech_oid; + mn->gmn_name = mc_name; + SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); + } else if (mc_name) { + m->gm_mech.gm_release_name(minor_status, + &mc_name); + } + + if (mc_lifetime < min_lifetime) + min_lifetime = mc_lifetime; + + if (mechanisms) + gss_add_oid_set_member(minor_status, + &m->gm_mech_oid, mechanisms); + found++; + } + } + + if (found == 0) { + gss_release_oid_set(minor_status, mechanisms); + *minor_status = 0; + return (GSS_S_NO_CRED); + } + + *minor_status = 0; + if (name_ret) + *name_ret = (gss_name_t) name; + if (lifetime) + *lifetime = min_lifetime; + if (cred && cred_usage) + *cred_usage = cred->gc_usage; + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c new file mode 100644 index 0000000000..771a6956a5 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c @@ -0,0 +1,79 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_inquire_cred_by_mech.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_inquire_cred_by_mech.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_inquire_cred_by_mech(OM_uint32 *minor_status, + const gss_cred_id_t cred_handle, + const gss_OID mech_type, + gss_name_t *cred_name, + OM_uint32 *initiator_lifetime, + OM_uint32 *acceptor_lifetime, + gss_cred_usage_t *cred_usage) +{ + OM_uint32 major_status; + gssapi_mech_interface m; + struct _gss_mechanism_cred *mcp; + gss_cred_id_t mc; + gss_name_t mn; + struct _gss_name *name; + + *minor_status = 0; + + m = __gss_get_mechanism(mech_type); + if (!m) + return (GSS_S_NO_CRED); + + if (cred_handle != GSS_C_NO_CREDENTIAL) { + struct _gss_cred *cred = (struct _gss_cred *) cred_handle; + SLIST_FOREACH(mcp, &cred->gc_mc, gmc_link) + if (mcp->gmc_mech == m) + break; + if (!mcp) + return (GSS_S_NO_CRED); + mc = mcp->gmc_cred; + } else { + mc = GSS_C_NO_CREDENTIAL; + } + + major_status = m->gm_inquire_cred_by_mech(minor_status, mc, mech_type, + &mn, initiator_lifetime, acceptor_lifetime, cred_usage); + if (major_status != GSS_S_COMPLETE) + return (major_status); + + name = _gss_make_name(m, mn); + if (!name) { + m->gm_release_name(minor_status, &mn); + return (GSS_S_NO_CRED); + } + + *cred_name = (gss_name_t) name; + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c new file mode 100644 index 0000000000..3cfe89af21 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id: gss_inquire_cred_by_oid.c,v 1.2 2006/06/28 16:20:41 lha Exp $"); + +OM_uint32 +gss_inquire_cred_by_oid (OM_uint32 *minor_status, + const gss_cred_id_t cred_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + struct _gss_cred *cred = (struct _gss_cred *) cred_handle; + OM_uint32 status = GSS_S_COMPLETE; + struct _gss_mechanism_cred *mc; + gssapi_mech_interface m; + gss_buffer_set_t set = GSS_C_NO_BUFFER_SET; + + *minor_status = 0; + + if (cred == NULL) + return GSS_S_NO_CRED; + + SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { + gss_buffer_set_t rset = GSS_C_NO_BUFFER_SET; + int i; + + m = mc->gmc_mech; + if (m == NULL) + return GSS_S_BAD_MECH; + + if (m->gm_inquire_cred_by_oid == NULL) + continue; + + status = m->gm_inquire_cred_by_oid(minor_status, + mc->gmc_cred, desired_object, &rset); + if (status != GSS_S_COMPLETE) + continue; + + for (i = 0; i < rset->count; i++) { + status = gss_add_buffer_set_member(minor_status, + &rset->elements[i], &set); + if (status != GSS_S_COMPLETE) + break; + } + gss_release_buffer_set(minor_status, &rset); + } + if (set == GSS_C_NO_BUFFER_SET) + status = GSS_S_FAILURE; + *data_set = set; + return status; +} + diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c new file mode 100644 index 0000000000..7052bf8b72 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c @@ -0,0 +1,77 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_inquire_mechs_for_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_inquire_mechs_for_name.c,v 1.3 2006/07/20 02:04:00 lha Exp $"); + +OM_uint32 +gss_inquire_mechs_for_name(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_OID_set *mech_types) +{ + OM_uint32 major_status; + struct _gss_name *name = (struct _gss_name *) input_name; + struct _gss_mech_switch *m; + gss_OID_set name_types; + int present; + + *minor_status = 0; + + _gss_load_mech(); + + major_status = gss_create_empty_oid_set(minor_status, mech_types); + if (major_status) + return (major_status); + + /* + * We go through all the loaded mechanisms and see if this + * name's type is supported by the mechanism. If it is, add + * the mechanism to the set. + */ + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + major_status = gss_inquire_names_for_mech(minor_status, + &m->gm_mech_oid, &name_types); + if (major_status) { + gss_release_oid_set(minor_status, mech_types); + return (major_status); + } + gss_test_oid_set_member(minor_status, + &name->gn_type, name_types, &present); + gss_release_oid_set(minor_status, &name_types); + if (present) { + major_status = gss_add_oid_set_member(minor_status, + &m->gm_mech_oid, mech_types); + if (major_status) { + gss_release_oid_set(minor_status, mech_types); + return (major_status); + } + } + } + + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c new file mode 100644 index 0000000000..2293163b03 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c @@ -0,0 +1,73 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_inquire_names_for_mech.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_inquire_names_for_mech.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_inquire_names_for_mech(OM_uint32 *minor_status, + const gss_OID mechanism, + gss_OID_set *name_types) +{ + OM_uint32 major_status; + gssapi_mech_interface m = __gss_get_mechanism(mechanism); + + *minor_status = 0; + if (!m) + return (GSS_S_BAD_MECH); + + /* + * If the implementation can do it, ask it for a list of + * names, otherwise fake it. + */ + if (m->gm_inquire_names_for_mech) { + return (m->gm_inquire_names_for_mech(minor_status, + mechanism, name_types)); + } else { + major_status = gss_create_empty_oid_set(minor_status, + name_types); + if (major_status) + return (major_status); + major_status = gss_add_oid_set_member(minor_status, + GSS_C_NT_HOSTBASED_SERVICE, name_types); + if (major_status) { + OM_uint32 ms; + gss_release_oid_set(&ms, name_types); + return (major_status); + } + major_status = gss_add_oid_set_member(minor_status, + GSS_C_NT_USER_NAME, name_types); + if (major_status) { + OM_uint32 ms; + gss_release_oid_set(&ms, name_types); + return (major_status); + } + } + + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c new file mode 100644 index 0000000000..7f5632ac55 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id: gss_inquire_sec_context_by_oid.c,v 1.1 2006/06/28 09:07:08 lha Exp $"); + +OM_uint32 +gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + OM_uint32 major_status; + gssapi_mech_interface m; + + *minor_status = 0; + + if (ctx == NULL) + return GSS_S_NO_CONTEXT; + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + m = ctx->gc_mech; + + if (m == NULL) + return GSS_S_BAD_MECH; + + if (m->gm_inquire_sec_context_by_oid != NULL) + major_status = m->gm_inquire_sec_context_by_oid(minor_status, + ctx->gc_ctx, desired_object, data_set); + else + major_status = GSS_S_BAD_MECH; + + return major_status; +} + diff --git a/source4/heimdal/lib/gssapi/mech/gss_krb5.c b/source4/heimdal/lib/gssapi/mech/gss_krb5.c new file mode 100644 index 0000000000..c6ea3cecb7 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_krb5.c @@ -0,0 +1,710 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_krb5.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +#include "krb5/gsskrb5_locl.h" +RCSID("$Id: gss_krb5.c,v 1.13 2006/10/20 22:05:02 lha Exp $"); + +#include +#include + + +OM_uint32 +gss_krb5_copy_ccache(OM_uint32 *minor_status, + gss_cred_id_t cred, + krb5_ccache out) +{ + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + krb5_context context; + krb5_error_code kret; + krb5_ccache id; + OM_uint32 ret; + char *str; + + ret = gss_inquire_cred_by_oid(minor_status, + cred, + GSS_KRB5_COPY_CCACHE_X, + &data_set); + if (ret) + return ret; + + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + kret = krb5_init_context(&context); + if (kret) { + *minor_status = kret; + gss_release_buffer_set(minor_status, &data_set); + return GSS_S_FAILURE; + } + + kret = asprintf(&str, "%.*s", (int)data_set->elements[0].length, + (char *)data_set->elements[0].value); + gss_release_buffer_set(minor_status, &data_set); + if (kret == -1) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + kret = krb5_cc_resolve(context, str, &id); + free(str); + if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_cc_copy_cache(context, id, out); + krb5_cc_close(context, id); + krb5_free_context(context); + if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; + } + + return ret; +} + +OM_uint32 +gss_krb5_import_cred(OM_uint32 *minor_status, + krb5_ccache id, + krb5_principal keytab_principal, + krb5_keytab keytab, + gss_cred_id_t *cred) +{ + gss_buffer_desc buffer; + OM_uint32 major_status; + krb5_context context; + krb5_error_code ret; + krb5_storage *sp; + krb5_data data; + char *str; + + *cred = GSS_C_NO_CREDENTIAL; + + ret = krb5_init_context(&context); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + sp = krb5_storage_emem(); + if (sp == NULL) { + *minor_status = ENOMEM; + major_status = GSS_S_FAILURE; + goto out; + } + + if (id) { + ret = krb5_cc_get_full_name(context, id, &str); + if (ret == 0) { + ret = krb5_store_string(sp, str); + free(str); + } + } else + ret = krb5_store_string(sp, ""); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto out; + } + + if (keytab_principal) { + ret = krb5_unparse_name(context, keytab_principal, &str); + if (ret == 0) { + ret = krb5_store_string(sp, str); + free(str); + } + } else + krb5_store_string(sp, ""); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto out; + } + + + if (keytab) { + ret = krb5_kt_get_full_name(context, keytab, &str); + if (ret == 0) { + ret = krb5_store_string(sp, str); + free(str); + } + } else + krb5_store_string(sp, ""); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto out; + } + + krb5_storage_to_data(sp, &data); + + buffer.value = data.data; + buffer.length = data.length; + + major_status = gss_set_cred_option(minor_status, + cred, + GSS_KRB5_IMPORT_CRED_X, + &buffer); + krb5_data_free(&data); +out: + if (sp) + krb5_storage_free(sp); + krb5_free_context(context); + return major_status; +} + +OM_uint32 +gsskrb5_register_acceptor_identity(const char *identity) +{ + struct _gss_mech_switch *m; + gss_buffer_desc buffer; + OM_uint32 junk; + + _gss_load_mech(); + + buffer.value = rk_UNCONST(identity); + buffer.length = strlen(identity); + + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (m->gm_mech.gm_set_sec_context_option == NULL) + continue; + m->gm_mech.gm_set_sec_context_option(&junk, NULL, + GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X, &buffer); + } + + return (GSS_S_COMPLETE); +} + +OM_uint32 +gsskrb5_set_dns_canonicalize(int flag) +{ + struct _gss_mech_switch *m; + gss_buffer_desc buffer; + OM_uint32 junk; + char b = (flag != 0); + + _gss_load_mech(); + + buffer.value = &b; + buffer.length = sizeof(b); + + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (m->gm_mech.gm_set_sec_context_option == NULL) + continue; + m->gm_mech.gm_set_sec_context_option(&junk, NULL, + GSS_KRB5_SET_DNS_CANONICALIZE_X, &buffer); + } + + return (GSS_S_COMPLETE); +} + + + +static krb5_error_code +set_key(krb5_keyblock *keyblock, gss_krb5_lucid_key_t *key) +{ + key->type = keyblock->keytype; + key->length = keyblock->keyvalue.length; + key->data = malloc(key->length); + if (key->data == NULL && key->length != 0) + return ENOMEM; + memcpy(key->data, keyblock->keyvalue.data, key->length); + return 0; +} + +static void +free_key(gss_krb5_lucid_key_t *key) +{ + memset(key->data, 0, key->length); + free(key->data); + memset(key, 0, sizeof(*key)); +} + + +OM_uint32 +gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + OM_uint32 version, + void **rctx) +{ + krb5_context context = NULL; + krb5_error_code ret; + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + OM_uint32 major_status; + gss_krb5_lucid_context_v1_t *ctx = NULL; + krb5_storage *sp = NULL; + uint32_t num; + + if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT || version != 1) { + ret = EINVAL; + return GSS_S_FAILURE; + } + + major_status = + gss_inquire_sec_context_by_oid (minor_status, + *context_handle, + GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X, + &data_set); + if (major_status) + return major_status; + + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + ret = krb5_init_context(&context); + if (ret) + goto out; + + ctx = calloc(1, sizeof(*ctx)); + if (ctx == NULL) { + ret = ENOMEM; + goto out; + } + + sp = krb5_storage_from_mem(data_set->elements[0].value, + data_set->elements[0].length); + if (sp == NULL) { + ret = ENOMEM; + goto out; + } + + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + if (num != 1) { + ret = EINVAL; + goto out; + } + ctx->version = 1; + /* initiator */ + ret = krb5_ret_uint32(sp, &ctx->initiate); + if (ret) goto out; + /* endtime */ + ret = krb5_ret_uint32(sp, &ctx->endtime); + if (ret) goto out; + /* send_seq */ + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + ctx->send_seq = ((uint64_t)num) << 32; + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + ctx->send_seq |= num; + /* recv_seq */ + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + ctx->recv_seq = ((uint64_t)num) << 32; + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + ctx->recv_seq |= num; + /* protocol */ + ret = krb5_ret_uint32(sp, &ctx->protocol); + if (ret) goto out; + if (ctx->protocol == 0) { + krb5_keyblock key; + + /* sign_alg */ + ret = krb5_ret_uint32(sp, &ctx->rfc1964_kd.sign_alg); + if (ret) goto out; + /* seal_alg */ + ret = krb5_ret_uint32(sp, &ctx->rfc1964_kd.seal_alg); + if (ret) goto out; + /* ctx_key */ + ret = krb5_ret_keyblock(sp, &key); + if (ret) goto out; + ret = set_key(&key, &ctx->rfc1964_kd.ctx_key); + krb5_free_keyblock_contents(context, &key); + if (ret) goto out; + } else if (ctx->protocol == 1) { + krb5_keyblock key; + + /* acceptor_subkey */ + ret = krb5_ret_uint32(sp, &ctx->cfx_kd.have_acceptor_subkey); + if (ret) goto out; + /* ctx_key */ + ret = krb5_ret_keyblock(sp, &key); + if (ret) goto out; + ret = set_key(&key, &ctx->cfx_kd.ctx_key); + krb5_free_keyblock_contents(context, &key); + if (ret) goto out; + /* acceptor_subkey */ + if (ctx->cfx_kd.have_acceptor_subkey) { + ret = krb5_ret_keyblock(sp, &key); + if (ret) goto out; + ret = set_key(&key, &ctx->cfx_kd.acceptor_subkey); + krb5_free_keyblock_contents(context, &key); + if (ret) goto out; + } + } else { + ret = EINVAL; + goto out; + } + + *rctx = ctx; + +out: + gss_release_buffer_set(minor_status, &data_set); + if (sp) + krb5_storage_free(sp); + if (context) + krb5_free_context(context); + + if (ret) { + if (ctx) + gss_krb5_free_lucid_sec_context(NULL, ctx); + + *minor_status = ret; + return GSS_S_FAILURE; + } + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c) +{ + gss_krb5_lucid_context_v1_t *ctx = c; + + if (ctx->version != 1) { + if (minor_status) + *minor_status = 0; + return GSS_S_FAILURE; + } + + if (ctx->protocol == 0) { + free_key(&ctx->rfc1964_kd.ctx_key); + } else if (ctx->protocol == 1) { + free_key(&ctx->cfx_kd.ctx_key); + if (ctx->cfx_kd.have_acceptor_subkey) + free_key(&ctx->cfx_kd.acceptor_subkey); + } + free(ctx); + if (minor_status) + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c) +{ + struct _gss_mech_switch *m; + gss_buffer_desc buffer; + OM_uint32 junk; + + _gss_load_mech(); + + if (c) { + buffer.value = c; + buffer.length = sizeof(*c); + } else { + buffer.value = NULL; + buffer.length = 0; + } + + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (m->gm_mech.gm_set_sec_context_option == NULL) + continue; + m->gm_mech.gm_set_sec_context_option(&junk, NULL, + GSS_KRB5_SEND_TO_KDC_X, &buffer); + } + + return (GSS_S_COMPLETE); +} + +OM_uint32 +gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + time_t *authtime) +{ + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + OM_uint32 maj_stat; + krb5_error_code ret; + OM_uint32 time32; + + if (context_handle == GSS_C_NO_CONTEXT) { + _gsskrb5_set_status("no context handle"); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + maj_stat = + gss_inquire_sec_context_by_oid (minor_status, + context_handle, + GSS_KRB5_GET_AUTHTIME_X, + &data_set); + if (maj_stat) + return maj_stat; + + if (data_set == GSS_C_NO_BUFFER_SET) { + _gsskrb5_set_status("no buffers returned"); + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + if (data_set->count != 1) { + _gsskrb5_set_status("%d != 1 buffers returned", data_set->count); + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + if (data_set->elements[0].length != 4) { + gss_release_buffer_set(minor_status, &data_set); + _gsskrb5_set_status("Error extracting authtime from security context: only got %d < 4 bytes", + data_set->elements[0].length); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + ret = _gsskrb5_decode_om_uint32(data_set->elements[0].value, &time32); + if (ret) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = ret; + return GSS_S_FAILURE; + } + *authtime = time32; + + gss_release_buffer_set(minor_status, &data_set); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int ad_type, + gss_buffer_t ad_data) +{ + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + OM_uint32 maj_stat; + gss_OID_desc authz_oid_flat; + heim_oid authz_oid; + heim_oid new_authz_oid; + size_t size; + + if (context_handle == GSS_C_NO_CONTEXT) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + /* All this to append an integer to an oid... */ + + if (der_get_oid(GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->elements, + GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->length, + &authz_oid, NULL) != 0) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + new_authz_oid.length = authz_oid.length + 1; + new_authz_oid.components = malloc(new_authz_oid.length * sizeof(*new_authz_oid.components)); + if (!new_authz_oid.components) { + free(authz_oid.components); + + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + memcpy(new_authz_oid.components, authz_oid.components, + authz_oid.length * sizeof(*authz_oid.components)); + + free(authz_oid.components); + + new_authz_oid.components[new_authz_oid.length - 1] = ad_type; + + authz_oid_flat.length = der_length_oid(&new_authz_oid); + authz_oid_flat.elements = malloc(authz_oid_flat.length); + + if (!authz_oid_flat.elements) { + free(new_authz_oid.components); + + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + if (der_put_oid((unsigned char *)authz_oid_flat.elements + authz_oid_flat.length - 1, + authz_oid_flat.length, + &new_authz_oid, &size) != 0) { + free(new_authz_oid.components); + + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + free(new_authz_oid.components); + + /* FINALLY, we have the OID */ + + maj_stat = + gss_inquire_sec_context_by_oid (minor_status, + context_handle, + &authz_oid_flat, + &data_set); + + free(authz_oid_flat.elements); + + if (maj_stat) + return maj_stat; + + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + ad_data->value = malloc(data_set->elements[0].length); + if (ad_data->value == NULL) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + ad_data->length = data_set->elements[0].length; + memcpy(ad_data->value, data_set->elements[0].value, ad_data->length); + gss_release_buffer_set(minor_status, &data_set); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +static OM_uint32 +gsskrb5_extract_key(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + const gss_OID oid, + krb5_keyblock **keyblock) +{ + krb5_error_code ret; + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + OM_uint32 major_status; + krb5_storage *sp = NULL; + + ret = _gsskrb5_init(); + if(ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + if (context_handle == GSS_C_NO_CONTEXT) { + _gsskrb5_set_status("no context handle"); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + major_status = + gss_inquire_sec_context_by_oid (minor_status, + context_handle, + oid, + &data_set); + if (major_status) + return major_status; + + if (data_set == GSS_C_NO_BUFFER_SET) { + _gsskrb5_set_status("no buffers returned"); + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + if (data_set->count != 1) { + _gsskrb5_set_status("%d != 1 buffers returned", data_set->count); + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + sp = krb5_storage_from_mem(data_set->elements[0].value, + data_set->elements[0].length); + if (sp == NULL) { + ret = ENOMEM; + goto out; + } + + *keyblock = calloc(1, sizeof(**keyblock)); + if (keyblock == NULL) { + ret = ENOMEM; + goto out; + } + + ret = krb5_ret_keyblock(sp, *keyblock); + +out: + gss_release_buffer_set(minor_status, &data_set); + if (sp) + krb5_storage_free(sp); + if (ret) { + _gsskrb5_set_error_string(); + if (keyblock) { + krb5_free_keyblock(_gsskrb5_context, *keyblock); + } + + *minor_status = ret; + return GSS_S_FAILURE; + } + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_keyblock **keyblock) +{ + return gsskrb5_extract_key(minor_status, + context_handle, + GSS_KRB5_GET_SERVICE_KEYBLOCK_X, + keyblock); +} + +OM_uint32 +gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_keyblock **keyblock) +{ + return gsskrb5_extract_key(minor_status, + context_handle, + GSS_KRB5_GET_INITIATOR_SUBKEY_X, + keyblock); +} + +OM_uint32 +gsskrb5_get_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_keyblock **keyblock) +{ + return gsskrb5_extract_key(minor_status, + context_handle, + GSS_KRB5_GET_ACCEPTOR_SUBKEY_X, + keyblock); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c new file mode 100644 index 0000000000..3d01ba69d4 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -0,0 +1,324 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_mech_switch.c,v 1.2 2006/02/04 09:40:21 dfr Exp $ + */ + +#include "mech_locl.h" +#include +RCSID("$Id: gss_mech_switch.c,v 1.7 2006/10/09 11:13:30 lha Exp $"); + +#ifndef _PATH_GSS_MECH +#define _PATH_GSS_MECH "/etc/gss/mech" +#endif + +struct _gss_mech_switch_list _gss_mechs = { NULL } ; +gss_OID_set _gss_mech_oids; +static HEIMDAL_MUTEX _gss_mech_mutex = HEIMDAL_MUTEX_INITIALIZER; + +/* + * Convert a string containing an OID in 'dot' form + * (e.g. 1.2.840.113554.1.2.2) to a gss_OID. + */ +static int +_gss_string_to_oid(const char* s, gss_OID oid) +{ + int number_count, i, j; + int byte_count; + const char *p, *q; + char *res; + + /* + * First figure out how many numbers in the oid, then + * calculate the compiled oid size. + */ + number_count = 0; + for (p = s; p; p = q) { + q = strchr(p, '.'); + if (q) q = q + 1; + number_count++; + } + + /* + * The first two numbers are in the first byte and each + * subsequent number is encoded in a variable byte sequence. + */ + if (number_count < 2) + return (EINVAL); + + /* + * We do this in two passes. The first pass, we just figure + * out the size. Second time around, we actually encode the + * number. + */ + res = 0; + for (i = 0; i < 2; i++) { + byte_count = 0; + for (p = s, j = 0; p; p = q, j++) { + unsigned int number = 0; + + /* + * Find the end of this number. + */ + q = strchr(p, '.'); + if (q) q = q + 1; + + /* + * Read the number of of the string. Don't + * bother with anything except base ten. + */ + while (*p && *p != '.') { + number = 10 * number + (*p - '0'); + p++; + } + + /* + * Encode the number. The first two numbers + * are packed into the first byte. Subsequent + * numbers are encoded in bytes seven bits at + * a time with the last byte having the high + * bit set. + */ + if (j == 0) { + if (res) + *res = number * 40; + } else if (j == 1) { + if (res) { + *res += number; + res++; + } + byte_count++; + } else if (j >= 2) { + /* + * The number is encoded in seven bit chunks. + */ + unsigned int t; + int bytes; + + bytes = 0; + for (t = number; t; t >>= 7) + bytes++; + if (bytes == 0) bytes = 1; + while (bytes) { + if (res) { + int bit = 7*(bytes-1); + + *res = (number >> bit) & 0x7f; + if (bytes != 1) + *res |= 0x80; + res++; + } + byte_count++; + bytes--; + } + } + } + if (!res) { + res = malloc(byte_count); + if (!res) + return (ENOMEM); + oid->length = byte_count; + oid->elements = res; + } + } + + return (0); +} + +#define SYM(name) \ +do { \ + m->gm_mech.gm_ ## name = dlsym(so, "gss_" #name); \ + if (!m->gm_mech.gm_ ## name) { \ + fprintf(stderr, "can't find symbol gss_" #name "\n"); \ + goto bad; \ + } \ +} while (0) + +#define OPTSYM(name) \ +do { \ + m->gm_mech.gm_ ## name = dlsym(so, "gss_" #name); \ +} while (0) + +/* + * + */ +static int +add_builtin(gssapi_mech_interface mech) +{ + struct _gss_mech_switch *m; + OM_uint32 minor_status; + + m = malloc(sizeof(*m)); + if (m == NULL) + return 1; + m->gm_so = NULL; + m->gm_mech = *mech; + m->gm_mech_oid = mech->gm_mech_oid; /* XXX */ + gss_add_oid_set_member(&minor_status, + &m->gm_mech.gm_mech_oid, &_gss_mech_oids); + + SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link); + return 0; +} + +/* + * Load the mechanisms file (/etc/gss/mech). + */ +void +_gss_load_mech(void) +{ + OM_uint32 major_status, minor_status; + FILE *fp; + char buf[256]; + char *p; + char *name, *oid, *lib, *kobj; + struct _gss_mech_switch *m; + void *so; + + + HEIMDAL_MUTEX_lock(&_gss_mech_mutex); + + if (SLIST_FIRST(&_gss_mechs)) { + HEIMDAL_MUTEX_unlock(&_gss_mech_mutex); + return; + } + + major_status = gss_create_empty_oid_set(&minor_status, + &_gss_mech_oids); + if (major_status) { + HEIMDAL_MUTEX_unlock(&_gss_mech_mutex); + return; + } + + add_builtin(__gss_krb5_initialize()); + add_builtin(__gss_spnego_initialize()); + + fp = fopen(_PATH_GSS_MECH, "r"); + if (!fp) { +/* perror(_PATH_GSS_MECH); */ + HEIMDAL_MUTEX_unlock(&_gss_mech_mutex); + return; + } + + while (fgets(buf, sizeof(buf), fp)) { + if (*buf == '#') + continue; + p = buf; + name = strsep(&p, "\t\n "); + if (p) while (isspace((unsigned char)*p)) p++; + oid = strsep(&p, "\t\n "); + if (p) while (isspace((unsigned char)*p)) p++; + lib = strsep(&p, "\t\n "); + if (p) while (isspace((unsigned char)*p)) p++; + kobj = strsep(&p, "\t\n "); + if (!name || !oid || !lib || !kobj) + continue; + +#ifndef RTLD_LOCAL +#define RTLD_LOCAL 0 +#endif + + so = dlopen(lib, RTLD_LOCAL); + if (!so) { +/* fprintf(stderr, "dlopen: %s\n", dlerror()); */ + continue; + } + + m = malloc(sizeof(*m)); + if (!m) + break; + m->gm_so = so; + if (_gss_string_to_oid(oid, &m->gm_mech.gm_mech_oid)) { + free(m); + continue; + } + + major_status = gss_add_oid_set_member(&minor_status, + &m->gm_mech.gm_mech_oid, &_gss_mech_oids); + if (major_status) { + free(m->gm_mech.gm_mech_oid.elements); + free(m); + continue; + } + + SYM(acquire_cred); + SYM(release_cred); + SYM(init_sec_context); + SYM(accept_sec_context); + SYM(process_context_token); + SYM(delete_sec_context); + SYM(context_time); + SYM(get_mic); + SYM(verify_mic); + SYM(wrap); + SYM(unwrap); + SYM(display_status); + SYM(indicate_mechs); + SYM(compare_name); + SYM(display_name); + SYM(import_name); + SYM(export_name); + SYM(release_name); + SYM(inquire_cred); + SYM(inquire_context); + SYM(wrap_size_limit); + SYM(add_cred); + SYM(inquire_cred_by_mech); + SYM(export_sec_context); + SYM(import_sec_context); + SYM(inquire_names_for_mech); + SYM(inquire_mechs_for_name); + SYM(canonicalize_name); + SYM(duplicate_name); + OPTSYM(inquire_cred_by_oid); + OPTSYM(inquire_sec_context_by_oid); + OPTSYM(set_sec_context_option); + OPTSYM(set_cred_option); + + SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link); + continue; + + bad: + free(m->gm_mech.gm_mech_oid.elements); + free(m); + dlclose(so); + continue; + } + fclose(fp); + HEIMDAL_MUTEX_unlock(&_gss_mech_mutex); +} + +gssapi_mech_interface +__gss_get_mechanism(gss_OID mech) +{ + struct _gss_mech_switch *m; + + _gss_load_mech(); + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (gss_oid_equal(&m->gm_mech.gm_mech_oid, mech)) + return &m->gm_mech; + } + return NULL; +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_names.c b/source4/heimdal/lib/gssapi/mech/gss_names.c new file mode 100644 index 0000000000..833c582006 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_names.c @@ -0,0 +1,105 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_names.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_names.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +struct _gss_mechanism_name * +_gss_find_mn(struct _gss_name *name, gss_OID mech) +{ + OM_uint32 major_status, minor_status; + gssapi_mech_interface m; + struct _gss_mechanism_name *mn; + + SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + if (gss_oid_equal(mech, mn->gmn_mech_oid)) + break; + } + + if (!mn) { + /* + * If this name is canonical (i.e. there is only an + * MN but it is from a different mech), give up now. + */ + if (!name->gn_value.value) + return (0); + + m = __gss_get_mechanism(mech); + if (!m) + return (0); + + mn = malloc(sizeof(struct _gss_mechanism_name)); + if (!mn) + return (0); + + major_status = m->gm_import_name(&minor_status, + &name->gn_value, + (name->gn_type.elements + ? &name->gn_type : GSS_C_NO_OID), + &mn->gmn_name); + if (major_status) { + free(mn); + return (0); + } + + mn->gmn_mech = m; + mn->gmn_mech_oid = &m->gm_mech_oid; + SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); + } + return (mn); +} + +/* + * Make a name from an MN. + */ +struct _gss_name * +_gss_make_name(gssapi_mech_interface m, gss_name_t new_mn) +{ + struct _gss_name *name; + struct _gss_mechanism_name *mn; + + name = malloc(sizeof(struct _gss_name)); + if (!name) + return (0); + memset(name, 0, sizeof(struct _gss_name)); + + mn = malloc(sizeof(struct _gss_mechanism_name)); + if (!mn) { + free(name); + return (0); + } + + SLIST_INIT(&name->gn_mn); + mn->gmn_mech = m; + mn->gmn_mech_oid = &m->gm_mech_oid; + mn->gmn_name = new_mn; + SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); + + return (name); +} + diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c new file mode 100644 index 0000000000..1a8b811f37 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id: gss_oid_equal.c,v 1.1 2006/06/28 09:07:08 lha Exp $"); + +int +gss_oid_equal(const gss_OID a, const gss_OID b) +{ + if (a == b) + return 1; + if (a == GSS_C_NO_OID || b == GSS_C_NO_OID || a->length != b->length) + return 0; + return memcmp(a->elements, b->elements, a->length) == 0; +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c b/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c new file mode 100644 index 0000000000..1e6f39979f --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c @@ -0,0 +1,42 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_process_context_token.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_process_context_token.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_process_context_token(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t token_buffer) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m = ctx->gc_mech; + + return (m->gm_process_context_token(minor_status, ctx->gc_ctx, + token_buffer)); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c b/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c new file mode 100644 index 0000000000..66705bb40e --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c @@ -0,0 +1,44 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_release_buffer.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_release_buffer.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_release_buffer(OM_uint32 *minor_status, + gss_buffer_t buffer) +{ + + *minor_status = 0; + if (buffer->value) + free(buffer->value); + buffer->length = 0; + buffer->value = 0; + + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_cred.c b/source4/heimdal/lib/gssapi/mech/gss_release_cred.c new file mode 100644 index 0000000000..760621c861 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_release_cred.c @@ -0,0 +1,52 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_release_cred.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_release_cred.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) +{ + struct _gss_cred *cred = (struct _gss_cred *) *cred_handle; + struct _gss_mechanism_cred *mc; + + if (*cred_handle == GSS_C_NO_CREDENTIAL) + return (GSS_S_COMPLETE); + + while (SLIST_FIRST(&cred->gc_mc)) { + mc = SLIST_FIRST(&cred->gc_mc); + SLIST_REMOVE_HEAD(&cred->gc_mc, gmc_link); + mc->gmc_mech->gm_release_cred(minor_status, &mc->gmc_cred); + free(mc); + } + free(cred); + + *minor_status = 0; + *cred_handle = 0; + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_name.c b/source4/heimdal/lib/gssapi/mech/gss_release_name.c new file mode 100644 index 0000000000..1286cd3b79 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_release_name.c @@ -0,0 +1,55 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_release_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_release_name.c,v 1.3 2006/10/22 07:59:06 lha Exp $"); + +OM_uint32 +gss_release_name(OM_uint32 *minor_status, + gss_name_t *input_name) +{ + struct _gss_name *name = (struct _gss_name *) *input_name; + + *minor_status = 0; + if (name) { + if (name->gn_type.elements) + free(name->gn_type.elements); + while (SLIST_FIRST(&name->gn_mn)) { + struct _gss_mechanism_name *mn; + mn = SLIST_FIRST(&name->gn_mn); + SLIST_REMOVE_HEAD(&name->gn_mn, gmn_link); + mn->gmn_mech->gm_release_name(minor_status, + &mn->gmn_name); + free(mn); + } + gss_release_buffer(minor_status, &name->gn_value); + free(name); + *input_name = GSS_C_NO_NAME; + } + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_oid.c b/source4/heimdal/lib/gssapi/mech/gss_release_oid.c new file mode 100644 index 0000000000..fc84fabd29 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_release_oid.c @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +RCSID("$Id: gss_release_oid.c,v 1.1 2006/06/30 09:34:54 lha Exp $"); + +OM_uint32 +gss_release_oid(OM_uint32 *minor_status, gss_OID *oid) +{ + gss_OID o = *oid; + + *oid = GSS_C_NO_OID; + + if (minor_status != NULL) + *minor_status = 0; + + if (o == GSS_C_NO_OID) + return GSS_S_COMPLETE; + + if (o->elements != NULL) { + free(o->elements); + o->elements = NULL; + } + o->length = 0; + free(o); + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c b/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c new file mode 100644 index 0000000000..101657e4fb --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c @@ -0,0 +1,45 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_release_oid_set.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_release_oid_set.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_release_oid_set(OM_uint32 *minor_status, + gss_OID_set *set) +{ + + *minor_status = 0; + if (*set) { + if ((*set)->elements) + free((*set)->elements); + free(*set); + *set = 0; + } + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_seal.c b/source4/heimdal/lib/gssapi/mech/gss_seal.c new file mode 100644 index 0000000000..2f66f90d4f --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_seal.c @@ -0,0 +1,46 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_seal.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_seal.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_seal(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + int qop_req, + gss_buffer_t input_message_buffer, + int *conf_state, + gss_buffer_t output_message_buffer) +{ + + return (gss_wrap(minor_status, + context_handle, conf_req_flag, qop_req, + input_message_buffer, conf_state, + output_message_buffer)); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c new file mode 100644 index 0000000000..f8e013da18 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c @@ -0,0 +1,115 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id: gss_set_cred_option.c,v 1.7 2006/07/01 08:50:49 lha Exp $"); + +OM_uint32 +gss_set_cred_option (OM_uint32 *minor_status, + gss_cred_id_t *cred_handle, + const gss_OID object, + const gss_buffer_t value) +{ + struct _gss_cred *cred = (struct _gss_cred *) *cred_handle; + OM_uint32 major_status = GSS_S_COMPLETE; + struct _gss_mechanism_cred *mc; + int one_ok = 0; + + *minor_status = 0; + + _gss_load_mech(); + + if (cred == NULL) { + struct _gss_mech_switch *m; + + cred = malloc(sizeof(*cred)); + if (cred == NULL) + return GSS_S_FAILURE; + + cred->gc_usage = GSS_C_BOTH; /* XXX */ + SLIST_INIT(&cred->gc_mc); + + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + + if (m->gm_mech.gm_set_cred_option == NULL) + continue; + + mc = malloc(sizeof(*mc)); + if (mc == NULL) { + /* XXX free the other mc's */ + return GSS_S_FAILURE; + } + + mc->gmc_mech = &m->gm_mech; + mc->gmc_mech_oid = &m->gm_mech_oid; + mc->gmc_cred = GSS_C_NO_CREDENTIAL; + + major_status = m->gm_mech.gm_set_cred_option( + minor_status, &mc->gmc_cred, object, value); + + if (major_status) { + free(mc); + continue; + } + one_ok = 1; + SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link); + } + *cred_handle = (gss_cred_id_t)cred; + if (!one_ok) { + OM_uint32 junk; + gss_release_cred(&junk, cred_handle); + } + } else { + gssapi_mech_interface m; + + SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { + m = mc->gmc_mech; + + if (m == NULL) + return GSS_S_BAD_MECH; + + if (m->gm_set_cred_option == NULL) + continue; + + major_status = m->gm_set_cred_option(minor_status, + &mc->gmc_cred, object, value); + if (major_status == GSS_S_BAD_MECH) + one_ok = 1; + } + } + if (one_ok) { + *minor_status = 0; + return GSS_S_COMPLETE; + } + return major_status; +} + diff --git a/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c b/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c new file mode 100644 index 0000000000..aa562a23b6 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id: gss_set_sec_context_option.c,v 1.2 2006/06/28 14:39:00 lha Exp $"); + +OM_uint32 +gss_set_sec_context_option (OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID object, + const gss_buffer_t value) +{ + struct _gss_context *ctx; + OM_uint32 major_status; + gssapi_mech_interface m; + + *minor_status = 0; + + if (context_handle == NULL) + return GSS_S_NO_CONTEXT; + + ctx = (struct _gss_context *) *context_handle; + + if (ctx == NULL) + return GSS_S_NO_CONTEXT; + + m = ctx->gc_mech; + + if (m == NULL) + return GSS_S_BAD_MECH; + + if (m->gm_set_sec_context_option != NULL) + major_status = m->gm_set_sec_context_option(minor_status, + &ctx->gc_ctx, object, value); + else + major_status = GSS_S_BAD_MECH; + + return major_status; +} + diff --git a/source4/heimdal/lib/gssapi/mech/gss_sign.c b/source4/heimdal/lib/gssapi/mech/gss_sign.c new file mode 100644 index 0000000000..8c854e5e43 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_sign.c @@ -0,0 +1,42 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_sign.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_sign.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_sign(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int qop_req, + gss_buffer_t message_buffer, + gss_buffer_t message_token) +{ + + return gss_get_mic(minor_status, + context_handle, qop_req, message_buffer, message_token); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c b/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c new file mode 100644 index 0000000000..a71a8b7c92 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c @@ -0,0 +1,47 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_test_oid_set_member.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_test_oid_set_member.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_test_oid_set_member(OM_uint32 *minor_status, + const gss_OID member, + const gss_OID_set set, + int *present) +{ + int i; + + *present = 0; + for (i = 0; i < set->count; i++) + if (gss_oid_equal(member, &set->elements[i])) + *present = 1; + + *minor_status = 0; + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_unseal.c b/source4/heimdal/lib/gssapi/mech/gss_unseal.c new file mode 100644 index 0000000000..128dc7883c --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_unseal.c @@ -0,0 +1,44 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_unseal.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_unseal.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_unseal(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + int *qop_state) +{ + + return (gss_unwrap(minor_status, + context_handle, input_message_buffer, + output_message_buffer, conf_state, (gss_qop_t *)qop_state)); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_unwrap.c b/source4/heimdal/lib/gssapi/mech/gss_unwrap.c new file mode 100644 index 0000000000..1c9484b18d --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_unwrap.c @@ -0,0 +1,46 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_unwrap.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_unwrap.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_unwrap(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m = ctx->gc_mech; + + return (m->gm_unwrap(minor_status, ctx->gc_ctx, + input_message_buffer, output_message_buffer, + conf_state, qop_state)); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_utils.c b/source4/heimdal/lib/gssapi/mech/gss_utils.c new file mode 100644 index 0000000000..33ee033209 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_utils.c @@ -0,0 +1,66 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_utils.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_utils.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +_gss_copy_oid(OM_uint32 *minor_status, + const gss_OID from_oid, gss_OID to_oid) +{ + size_t len = from_oid->length; + + *minor_status = 0; + to_oid->elements = malloc(len); + if (!to_oid->elements) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + to_oid->length = len; + memcpy(to_oid->elements, from_oid->elements, len); + return (GSS_S_COMPLETE); +} + + +OM_uint32 +_gss_copy_buffer(OM_uint32 *minor_status, + const gss_buffer_t from_buf, gss_buffer_t to_buf) +{ + size_t len = from_buf->length; + + *minor_status = 0; + to_buf->value = malloc(len); + if (!to_buf->value) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + to_buf->length = len; + memcpy(to_buf->value, from_buf->value, len); + return (GSS_S_COMPLETE); +} + diff --git a/source4/heimdal/lib/gssapi/mech/gss_verify.c b/source4/heimdal/lib/gssapi/mech/gss_verify.c new file mode 100644 index 0000000000..a99d17e2d7 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_verify.c @@ -0,0 +1,43 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_verify.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_verify.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_verify(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t message_buffer, + gss_buffer_t token_buffer, + int *qop_state) +{ + + return (gss_verify_mic(minor_status, + context_handle, message_buffer, token_buffer, + (gss_qop_t *)qop_state)); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c b/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c new file mode 100644 index 0000000000..b51ed7a8c4 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c @@ -0,0 +1,44 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_verify_mic.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_verify_mic.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); + +OM_uint32 +gss_verify_mic(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t *qop_state) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m = ctx->gc_mech; + + return (m->gm_verify_mic(minor_status, ctx->gc_ctx, + message_buffer, token_buffer, qop_state)); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_wrap.c b/source4/heimdal/lib/gssapi/mech/gss_wrap.c new file mode 100644 index 0000000000..a97ec1308f --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_wrap.c @@ -0,0 +1,47 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_wrap.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_wrap.c,v 1.2 2006/06/28 09:00:26 lha Exp $"); + +OM_uint32 +gss_wrap(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int *conf_state, + gss_buffer_t output_message_buffer) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m = ctx->gc_mech; + + return (m->gm_wrap(minor_status, ctx->gc_ctx, + conf_req_flag, qop_req, input_message_buffer, + conf_state, output_message_buffer)); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c b/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c new file mode 100644 index 0000000000..27493aa90d --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c @@ -0,0 +1,45 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_wrap_size_limit.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" +RCSID("$Id: gss_wrap_size_limit.c,v 1.2 2006/06/28 09:00:26 lha Exp $"); + +OM_uint32 +gss_wrap_size_limit(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_output_size, + OM_uint32 *max_input_size) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m = ctx->gc_mech; + + return (m->gm_wrap_size_limit(minor_status, ctx->gc_ctx, + conf_req_flag, qop_req, req_output_size, max_input_size)); +} diff --git a/source4/heimdal/lib/gssapi/mech/gssapi.asn1 b/source4/heimdal/lib/gssapi/mech/gssapi.asn1 new file mode 100644 index 0000000000..544618b7d4 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gssapi.asn1 @@ -0,0 +1,12 @@ +-- $Id: gssapi.asn1,v 1.3 2006/10/18 21:08:19 lha Exp $ + +GSS-API DEFINITIONS ::= BEGIN + +IMPORTS heim_any_set FROM heim; + +GSSAPIContextToken ::= [APPLICATION 0] IMPLICIT SEQUENCE { + thisMech OBJECT IDENTIFIER, + innerContextToken heim_any_set +} + +END \ No newline at end of file diff --git a/source4/heimdal/lib/gssapi/mech/mech_locl.h b/source4/heimdal/lib/gssapi/mech/mech_locl.h new file mode 100644 index 0000000000..f5db15c5fa --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/mech_locl.h @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: mech_locl.h,v 1.4 2006/10/07 18:25:27 lha Exp $ */ + +#include + +#include + +#include + +#include +#include +#include +#include +#include +#include + +#include +#include + +#include + +#include +#include + +#include "mechqueue.h" + +#include "context.h" +#include "cred.h" +#include "mech_switch.h" +#include "name.h" +#include "utils.h" diff --git a/source4/heimdal/lib/gssapi/mech/mech_switch.h b/source4/heimdal/lib/gssapi/mech/mech_switch.h new file mode 100644 index 0000000000..0984d36ef3 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/mech_switch.h @@ -0,0 +1,42 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/mech_switch.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ + * $Id: mech_switch.h,v 1.3 2006/10/05 18:31:53 lha Exp $ + */ + +#include + +struct _gss_mech_switch { + SLIST_ENTRY(_gss_mech_switch) gm_link; + gss_OID_desc gm_mech_oid; + void *gm_so; + gssapi_mech_interface_desc gm_mech; +}; +SLIST_HEAD(_gss_mech_switch_list, _gss_mech_switch); +extern struct _gss_mech_switch_list _gss_mechs; +extern gss_OID_set _gss_mech_oids; + +void _gss_load_mech(void); diff --git a/source4/heimdal/lib/gssapi/mech/mechqueue.h b/source4/heimdal/lib/gssapi/mech/mechqueue.h new file mode 100644 index 0000000000..8434b76c00 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/mechqueue.h @@ -0,0 +1,101 @@ +/* $NetBSD: queue.h,v 1.39 2004/04/18 14:25:34 lukem Exp $ */ + +/* + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)queue.h 8.5 (Berkeley) 8/20/94 + */ + +#ifndef _MECHQUEUE_H_ +#define _MECHQUEUE_H_ + +#ifndef SLIST_HEAD + +/* + * Singly-linked List definitions. + */ +#define SLIST_HEAD(name, type) \ +struct name { \ + struct type *slh_first; /* first element */ \ +} + +#define SLIST_HEAD_INITIALIZER(head) \ + { NULL } + +#define SLIST_ENTRY(type) \ +struct { \ + struct type *sle_next; /* next element */ \ +} + +/* + * Singly-linked List functions. + */ +#define SLIST_INIT(head) do { \ + (head)->slh_first = NULL; \ +} while (/*CONSTCOND*/0) + +#define SLIST_INSERT_AFTER(slistelm, elm, field) do { \ + (elm)->field.sle_next = (slistelm)->field.sle_next; \ + (slistelm)->field.sle_next = (elm); \ +} while (/*CONSTCOND*/0) + +#define SLIST_INSERT_HEAD(head, elm, field) do { \ + (elm)->field.sle_next = (head)->slh_first; \ + (head)->slh_first = (elm); \ +} while (/*CONSTCOND*/0) + +#define SLIST_REMOVE_HEAD(head, field) do { \ + (head)->slh_first = (head)->slh_first->field.sle_next; \ +} while (/*CONSTCOND*/0) + +#define SLIST_REMOVE(head, elm, type, field) do { \ + if ((head)->slh_first == (elm)) { \ + SLIST_REMOVE_HEAD((head), field); \ + } \ + else { \ + struct type *curelm = (head)->slh_first; \ + while(curelm->field.sle_next != (elm)) \ + curelm = curelm->field.sle_next; \ + curelm->field.sle_next = \ + curelm->field.sle_next->field.sle_next; \ + } \ +} while (/*CONSTCOND*/0) + +#define SLIST_FOREACH(var, head, field) \ + for((var) = (head)->slh_first; (var); (var) = (var)->field.sle_next) + +/* + * Singly-linked List access methods. + */ +#define SLIST_EMPTY(head) ((head)->slh_first == NULL) +#define SLIST_FIRST(head) ((head)->slh_first) +#define SLIST_NEXT(elm, field) ((elm)->field.sle_next) + +#endif /* SLIST_HEAD */ + +#endif /* !_MECHQUEUE_H_ */ diff --git a/source4/heimdal/lib/gssapi/mech/name.h b/source4/heimdal/lib/gssapi/mech/name.h new file mode 100644 index 0000000000..3e7443ba20 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/name.h @@ -0,0 +1,47 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/name.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ + * $Id: name.h,v 1.4 2006/10/05 18:36:07 lha Exp $ + */ + +struct _gss_mechanism_name { + SLIST_ENTRY(_gss_mechanism_name) gmn_link; + gssapi_mech_interface gmn_mech; /* mechanism ops for MN */ + gss_OID gmn_mech_oid; /* mechanism oid for MN */ + gss_name_t gmn_name; /* underlying MN */ +}; +SLIST_HEAD(_gss_mechanism_name_list, _gss_mechanism_name); + +struct _gss_name { + gss_OID_desc gn_type; /* type of name */ + gss_buffer_desc gn_value; /* value (as imported) */ + struct _gss_mechanism_name_list gn_mn; /* list of MNs */ +}; + +struct _gss_mechanism_name * + _gss_find_mn(struct _gss_name *name, gss_OID mech); +struct _gss_name * + _gss_make_name(gssapi_mech_interface m, gss_name_t new_mn); diff --git a/source4/heimdal/lib/gssapi/mech/utils.h b/source4/heimdal/lib/gssapi/mech/utils.h new file mode 100644 index 0000000000..75a507298c --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/utils.h @@ -0,0 +1,32 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/utils.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ + * $Id: utils.h,v 1.3 2006/07/20 01:48:25 lha Exp $ + */ + +OM_uint32 _gss_copy_oid(OM_uint32 *, const gss_OID, gss_OID); +OM_uint32 _gss_copy_buffer(OM_uint32 *minor_status, + const gss_buffer_t from_buf, gss_buffer_t to_buf); diff --git a/source4/heimdal/lib/gssapi/release_buffer.c b/source4/heimdal/lib/gssapi/release_buffer.c deleted file mode 100644 index 258b76f627..0000000000 --- a/source4/heimdal/lib/gssapi/release_buffer.c +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: release_buffer.c,v 1.5 2003/03/16 17:58:20 lha Exp $"); - -OM_uint32 gss_release_buffer - (OM_uint32 * minor_status, - gss_buffer_t buffer - ) -{ - *minor_status = 0; - free (buffer->value); - buffer->value = NULL; - buffer->length = 0; - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/release_cred.c b/source4/heimdal/lib/gssapi/release_cred.c deleted file mode 100644 index fc9fc3fc01..0000000000 --- a/source4/heimdal/lib/gssapi/release_cred.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: release_cred.c,v 1.11 2005/11/02 08:57:35 lha Exp $"); - -OM_uint32 gss_release_cred - (OM_uint32 * minor_status, - gss_cred_id_t * cred_handle - ) -{ - *minor_status = 0; - - if (*cred_handle == GSS_C_NO_CREDENTIAL) { - return GSS_S_COMPLETE; - } - - GSSAPI_KRB5_INIT (); - - HEIMDAL_MUTEX_lock(&(*cred_handle)->cred_id_mutex); - - if ((*cred_handle)->principal != NULL) - krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); - if ((*cred_handle)->keytab != NULL) - krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab); - if ((*cred_handle)->ccache != NULL) { - const krb5_cc_ops *ops; - ops = krb5_cc_get_ops(gssapi_krb5_context, (*cred_handle)->ccache); - if ((*cred_handle)->cred_flags & GSS_CF_DESTROY_CRED_ON_RELEASE) - krb5_cc_destroy(gssapi_krb5_context, (*cred_handle)->ccache); - else - krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache); - } - gss_release_oid_set(NULL, &(*cred_handle)->mechanisms); - HEIMDAL_MUTEX_unlock(&(*cred_handle)->cred_id_mutex); - HEIMDAL_MUTEX_destroy(&(*cred_handle)->cred_id_mutex); - memset(*cred_handle, 0, sizeof(**cred_handle)); - free(*cred_handle); - *cred_handle = GSS_C_NO_CREDENTIAL; - return GSS_S_COMPLETE; -} - diff --git a/source4/heimdal/lib/gssapi/release_name.c b/source4/heimdal/lib/gssapi/release_name.c deleted file mode 100644 index 6894ffae49..0000000000 --- a/source4/heimdal/lib/gssapi/release_name.c +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: release_name.c,v 1.7 2003/03/16 17:52:48 lha Exp $"); - -OM_uint32 gss_release_name - (OM_uint32 * minor_status, - gss_name_t * input_name - ) -{ - GSSAPI_KRB5_INIT (); - if (minor_status) - *minor_status = 0; - krb5_free_principal(gssapi_krb5_context, - *input_name); - *input_name = GSS_C_NO_NAME; - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/release_oid_set.c b/source4/heimdal/lib/gssapi/release_oid_set.c deleted file mode 100644 index 04eb01565f..0000000000 --- a/source4/heimdal/lib/gssapi/release_oid_set.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: release_oid_set.c,v 1.5 2003/03/16 17:53:25 lha Exp $"); - -OM_uint32 gss_release_oid_set - (OM_uint32 * minor_status, - gss_OID_set * set - ) -{ - if (minor_status) - *minor_status = 0; - free ((*set)->elements); - free (*set); - *set = GSS_C_NO_OID_SET; - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/sequence.c b/source4/heimdal/lib/gssapi/sequence.c deleted file mode 100755 index 35a9b924af..0000000000 --- a/source4/heimdal/lib/gssapi/sequence.c +++ /dev/null @@ -1,294 +0,0 @@ -/* - * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: sequence.c,v 1.6 2006/04/12 17:43:39 lha Exp $"); - -#define DEFAULT_JITTER_WINDOW 20 - -struct gss_msg_order { - OM_uint32 flags; - OM_uint32 start; - OM_uint32 length; - OM_uint32 jitter_window; - OM_uint32 first_seq; - OM_uint32 elem[1]; -}; - - -/* - * - */ - -static OM_uint32 -msg_order_alloc(OM_uint32 *minor_status, - struct gss_msg_order **o, - OM_uint32 jitter_window) -{ - size_t len; - - len = jitter_window * sizeof((*o)->elem[0]); - len += sizeof(**o); - len -= sizeof((*o)->elem[0]); - - *o = calloc(1, len); - if (*o == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - *minor_status = 0; - return GSS_S_COMPLETE; -} - -/* - * - */ - -OM_uint32 -_gssapi_msg_order_create(OM_uint32 *minor_status, - struct gss_msg_order **o, - OM_uint32 flags, - OM_uint32 seq_num, - OM_uint32 jitter_window, - int use_64) -{ - OM_uint32 ret; - - if (jitter_window == 0) - jitter_window = DEFAULT_JITTER_WINDOW; - - ret = msg_order_alloc(minor_status, o, jitter_window); - if(ret != GSS_S_COMPLETE) - return ret; - - (*o)->flags = flags; - (*o)->length = 0; - (*o)->first_seq = seq_num; - (*o)->jitter_window = jitter_window; - (*o)->elem[0] = seq_num - 1; - - *minor_status = 0; - return GSS_S_COMPLETE; -} - -OM_uint32 -_gssapi_msg_order_destroy(struct gss_msg_order **m) -{ - free(*m); - *m = NULL; - return GSS_S_COMPLETE; -} - -static void -elem_set(struct gss_msg_order *o, unsigned int slot, OM_uint32 val) -{ - o->elem[slot % o->jitter_window] = val; -} - -static void -elem_insert(struct gss_msg_order *o, - unsigned int after_slot, - OM_uint32 seq_num) -{ - assert(o->jitter_window > after_slot); - - if (o->length > after_slot) - memmove(&o->elem[after_slot + 1], &o->elem[after_slot], - (o->length - after_slot - 1) * sizeof(o->elem[0])); - - elem_set(o, after_slot, seq_num); - - if (o->length < o->jitter_window) - o->length++; -} - -/* rule 1: expected sequence number */ -/* rule 2: > expected sequence number */ -/* rule 3: seqnum < seqnum(first) */ -/* rule 4+5: seqnum in [seqnum(first),seqnum(last)] */ - -OM_uint32 -_gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num) -{ - OM_uint32 r; - int i; - - if (o == NULL) - return GSS_S_COMPLETE; - - if ((o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG)) == 0) - return GSS_S_COMPLETE; - - /* check if the packet is the next in order */ - if (o->elem[0] == seq_num - 1) { - elem_insert(o, 0, seq_num); - return GSS_S_COMPLETE; - } - - r = (o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG))==GSS_C_REPLAY_FLAG; - - /* sequence number larger than largest sequence number - * or smaller than the first sequence number */ - if (seq_num > o->elem[0] - || seq_num < o->first_seq - || o->length == 0) - { - elem_insert(o, 0, seq_num); - if (r) { - return GSS_S_COMPLETE; - } else { - return GSS_S_GAP_TOKEN; - } - } - - assert(o->length > 0); - - /* sequence number smaller the first sequence number */ - if (seq_num < o->elem[o->length - 1]) { - if (r) - return(GSS_S_OLD_TOKEN); - else - return(GSS_S_UNSEQ_TOKEN); - } - - if (seq_num == o->elem[o->length - 1]) { - return GSS_S_DUPLICATE_TOKEN; - } - - for (i = 0; i < o->length - 1; i++) { - if (o->elem[i] == seq_num) - return GSS_S_DUPLICATE_TOKEN; - if (o->elem[i + 1] < seq_num && o->elem[i] < seq_num) { - elem_insert(o, i, seq_num); - if (r) - return GSS_S_COMPLETE; - else - return GSS_S_UNSEQ_TOKEN; - } - } - - return GSS_S_FAILURE; -} - -OM_uint32 -_gssapi_msg_order_f(OM_uint32 flags) -{ - return flags & (GSS_C_SEQUENCE_FLAG|GSS_C_REPLAY_FLAG); -} - -/* - * Translate `o` into inter-process format and export in to `sp'. - */ - -krb5_error_code -_gssapi_msg_order_export(krb5_storage *sp, struct gss_msg_order *o) -{ - krb5_error_code kret; - OM_uint32 i; - - kret = krb5_store_int32(sp, o->flags); - if (kret) - return kret; - kret = krb5_store_int32(sp, o->start); - if (kret) - return kret; - kret = krb5_store_int32(sp, o->length); - if (kret) - return kret; - kret = krb5_store_int32(sp, o->jitter_window); - if (kret) - return kret; - kret = krb5_store_int32(sp, o->first_seq); - if (kret) - return kret; - - for (i = 0; i < o->jitter_window; i++) { - kret = krb5_store_int32(sp, o->elem[i]); - if (kret) - return kret; - } - - return 0; -} - -OM_uint32 -_gssapi_msg_order_import(OM_uint32 *minor_status, - krb5_storage *sp, - struct gss_msg_order **o) -{ - OM_uint32 ret; - krb5_error_code kret; - int32_t i, flags, start, length, jitter_window, first_seq; - - kret = krb5_ret_int32(sp, &flags); - if (kret) - goto failed; - ret = krb5_ret_int32(sp, &start); - if (kret) - goto failed; - ret = krb5_ret_int32(sp, &length); - if (kret) - goto failed; - ret = krb5_ret_int32(sp, &jitter_window); - if (kret) - goto failed; - ret = krb5_ret_int32(sp, &first_seq); - if (kret) - goto failed; - - ret = msg_order_alloc(minor_status, o, jitter_window); - if (ret != GSS_S_COMPLETE) - return ret; - - (*o)->flags = flags; - (*o)->start = start; - (*o)->length = length; - (*o)->jitter_window = jitter_window; - (*o)->first_seq = first_seq; - - for( i = 0; i < jitter_window; i++ ) { - kret = krb5_ret_int32(sp, (int32_t*)&((*o)->elem[i])); - if (kret) - goto failed; - } - - *minor_status = 0; - return GSS_S_COMPLETE; - -failed: - _gssapi_msg_order_destroy(o); - *minor_status = kret; - return GSS_S_FAILURE; -} diff --git a/source4/heimdal/lib/gssapi/spnego.asn1 b/source4/heimdal/lib/gssapi/spnego.asn1 deleted file mode 100755 index 5dc767cf76..0000000000 --- a/source4/heimdal/lib/gssapi/spnego.asn1 +++ /dev/null @@ -1,42 +0,0 @@ --- $Id: spnego.asn1,v 1.4 2004/03/07 13:38:08 lha Exp $ - -SPNEGO DEFINITIONS ::= -BEGIN - -MechType::= OBJECT IDENTIFIER - -MechTypeList ::= SEQUENCE OF MechType - -ContextFlags ::= BIT STRING { - delegFlag (0), - mutualFlag (1), - replayFlag (2), - sequenceFlag (3), - anonFlag (4), - confFlag (5), - integFlag (6) -} - -NegTokenInit ::= SEQUENCE { - mechTypes [0] MechTypeList OPTIONAL, - reqFlags [1] ContextFlags OPTIONAL, - mechToken [2] OCTET STRING OPTIONAL, - mechListMIC [3] OCTET STRING OPTIONAL - } - -NegTokenTarg ::= SEQUENCE { - negResult [0] ENUMERATED { - accept_completed (0), - accept_incomplete (1), - reject (2) } OPTIONAL, - supportedMech [1] MechType OPTIONAL, - responseToken [2] OCTET STRING OPTIONAL, - mechListMIC [3] OCTET STRING OPTIONAL -} - -NegotiationToken ::= CHOICE { - negTokenInit[0] NegTokenInit, - negTokenTarg[1] NegTokenTarg -} - -END diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c new file mode 100644 index 0000000000..8a885a3e2f --- /dev/null +++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c @@ -0,0 +1,873 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * Portions Copyright (c) 2004 PADL Software Pty Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "spnego/spnego_locl.h" + +RCSID("$Id: accept_sec_context.c,v 1.6 2006/10/07 22:26:57 lha Exp $"); + +OM_uint32 +_gss_spnego_encode_response(OM_uint32 *minor_status, + const NegTokenResp *resp, + gss_buffer_t data, + u_char **ret_buf) +{ + OM_uint32 ret; + u_char *buf; + size_t buf_size, buf_len; + + buf_size = 1024; + buf = malloc(buf_size); + if (buf == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + do { + ret = encode_NegTokenResp(buf + buf_size - 1, + buf_size, + resp, &buf_len); + if (ret == 0) { + size_t tmp; + + ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, + buf_size - buf_len, + buf_len, + ASN1_C_CONTEXT, + CONS, + 1, + &tmp); + if (ret == 0) + buf_len += tmp; + } + if (ret) { + if (ret == ASN1_OVERFLOW) { + u_char *tmp; + + buf_size *= 2; + tmp = realloc (buf, buf_size); + if (tmp == NULL) { + *minor_status = ENOMEM; + free(buf); + return GSS_S_FAILURE; + } + buf = tmp; + } else { + *minor_status = ret; + free(buf); + return GSS_S_FAILURE; + } + } + } while (ret == ASN1_OVERFLOW); + + data->value = buf + buf_size - buf_len; + data->length = buf_len; + *ret_buf = buf; + + return GSS_S_COMPLETE; +} + +static OM_uint32 +send_reject (OM_uint32 *minor_status, + gss_buffer_t output_token) +{ + NegTokenResp resp; + gss_buffer_desc data; + u_char *buf; + OM_uint32 ret; + + ALLOC(resp.negResult, 1); + if (resp.negResult == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + *(resp.negResult) = reject; + resp.supportedMech = NULL; + resp.responseToken = NULL; + resp.mechListMIC = NULL; + + ret = _gss_spnego_encode_response (minor_status, &resp, &data, &buf); + free_NegTokenResp(&resp); + if (ret != GSS_S_COMPLETE) + return ret; + + output_token->value = malloc(data.length); + if (output_token->value == NULL) { + *minor_status = ENOMEM; + ret = GSS_S_FAILURE; + } else { + output_token->length = data.length; + memcpy(output_token->value, data.value, output_token->length); + } + free(buf); + if (ret != GSS_S_COMPLETE) + return ret; + return GSS_S_BAD_MECH; +} + +OM_uint32 +_gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status, + int includeMSCompatOID, + const gssspnego_cred cred_handle, + MechTypeList *mechtypelist, + gss_OID *preferred_mech) +{ + OM_uint32 ret; + gss_OID_set supported_mechs = GSS_C_NO_OID_SET; + int i, count; + + if (cred_handle != NULL) { + ret = gss_inquire_cred(minor_status, + cred_handle->negotiated_cred_id, + NULL, + NULL, + NULL, + &supported_mechs); + } else { + ret = gss_indicate_mechs(minor_status, &supported_mechs); + } + + if (ret != GSS_S_COMPLETE) { + return ret; + } + + if (supported_mechs->count == 0) { + *minor_status = ENOENT; + gss_release_oid_set(minor_status, &supported_mechs); + return GSS_S_FAILURE; + } + + count = supported_mechs->count; + if (includeMSCompatOID) + count++; + + mechtypelist->len = 0; + mechtypelist->val = calloc(count, sizeof(MechType)); + if (mechtypelist->val == NULL) { + *minor_status = ENOMEM; + gss_release_oid_set(minor_status, &supported_mechs); + return GSS_S_FAILURE; + } + + for (i = 0; i < supported_mechs->count; i++) { + ret = _gss_spnego_add_mech_type(&supported_mechs->elements[i], + includeMSCompatOID, + mechtypelist); + if (ret != 0) { + *minor_status = ENOMEM; + ret = GSS_S_FAILURE; + break; + } + } + + if (ret == GSS_S_COMPLETE && preferred_mech != NULL) { + ret = gss_duplicate_oid(minor_status, + &supported_mechs->elements[0], + preferred_mech); + } + + if (ret != GSS_S_COMPLETE) { + free_MechTypeList(mechtypelist); + mechtypelist->len = 0; + mechtypelist->val = NULL; + } + gss_release_oid_set(minor_status, &supported_mechs); + + return ret; +} + +static OM_uint32 +send_supported_mechs (OM_uint32 *minor_status, + gss_buffer_t output_token) +{ + NegTokenInit ni; + char hostname[MAXHOSTNAMELEN], *p; + gss_buffer_desc name_buf; + gss_OID name_type; + gss_name_t target_princ; + gss_name_t canon_princ; + OM_uint32 ret, minor; + u_char *buf; + size_t buf_size, buf_len; + gss_buffer_desc data; + + memset(&ni, 0, sizeof(ni)); + + ni.reqFlags = NULL; + ni.mechToken = NULL; + ni.negHints = NULL; + ni.mechListMIC = NULL; + + ret = _gss_spnego_indicate_mechtypelist(minor_status, 1, + NULL, + &ni.mechTypes, NULL); + if (ret != GSS_S_COMPLETE) { + return ret; + } + + memset(&target_princ, 0, sizeof(target_princ)); + if (gethostname(hostname, sizeof(hostname) - 1) != 0) { + *minor_status = errno; + free_NegTokenInit(&ni); + return GSS_S_FAILURE; + } + + /* Send the constructed SAM name for this host */ + for (p = hostname; *p != '\0' && *p != '.'; p++) { + *p = toupper((unsigned char)*p); + } + *p++ = '$'; + *p = '\0'; + + name_buf.length = strlen(hostname); + name_buf.value = hostname; + + ret = gss_import_name(minor_status, &name_buf, + GSS_C_NO_OID, + &target_princ); + if (ret != GSS_S_COMPLETE) { + return ret; + } + + name_buf.length = 0; + name_buf.value = NULL; + + /* Canonicalize the name using the preferred mechanism */ + ret = gss_canonicalize_name(minor_status, + target_princ, + GSS_C_NO_OID, + &canon_princ); + if (ret != GSS_S_COMPLETE) { + gss_release_name(&minor, &target_princ); + return ret; + } + + ret = gss_display_name(minor_status, canon_princ, + &name_buf, &name_type); + if (ret != GSS_S_COMPLETE) { + gss_release_name(&minor, &canon_princ); + gss_release_name(&minor, &target_princ); + return ret; + } + + gss_release_name(&minor, &canon_princ); + gss_release_name(&minor, &target_princ); + + ALLOC(ni.negHints, 1); + if (ni.negHints == NULL) { + *minor_status = ENOMEM; + gss_release_buffer(&minor, &name_buf); + free_NegTokenInit(&ni); + return GSS_S_FAILURE; + } + + ALLOC(ni.negHints->hintName, 1); + if (ni.negHints->hintName == NULL) { + *minor_status = ENOMEM; + gss_release_buffer(&minor, &name_buf); + free_NegTokenInit(&ni); + return GSS_S_FAILURE; + } + + *(ni.negHints->hintName) = name_buf.value; + name_buf.value = NULL; + ni.negHints->hintAddress = NULL; + + buf_size = 1024; + buf = malloc(buf_size); + if (buf == NULL) { + free_NegTokenInit(&ni); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + do { + ret = encode_NegTokenInit(buf + buf_size - 1, + buf_size, + &ni, &buf_len); + if (ret == 0) { + size_t tmp; + + ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, + buf_size - buf_len, + buf_len, + ASN1_C_CONTEXT, + CONS, + 0, + &tmp); + if (ret == 0) + buf_len += tmp; + } + if (ret) { + if (ret == ASN1_OVERFLOW) { + u_char *tmp; + + buf_size *= 2; + tmp = realloc (buf, buf_size); + if (tmp == NULL) { + *minor_status = ENOMEM; + free(buf); + free_NegTokenInit(&ni); + return GSS_S_FAILURE; + } + buf = tmp; + } else { + *minor_status = ret; + free(buf); + free_NegTokenInit(&ni); + return GSS_S_FAILURE; + } + } + } while (ret == ASN1_OVERFLOW); + + data.value = buf + buf_size - buf_len; + data.length = buf_len; + + ret = gss_encapsulate_token(&data, + GSS_SPNEGO_MECHANISM, + output_token); + free (buf); + free_NegTokenInit (&ni); + + if (ret != GSS_S_COMPLETE) + return ret; + + *minor_status = 0; + + return GSS_S_CONTINUE_NEEDED; +} + +static OM_uint32 +send_accept (OM_uint32 *minor_status, + gssspnego_ctx context_handle, + gss_buffer_t mech_token, + int initial_response, + gss_buffer_t mech_buf, + gss_buffer_t output_token) +{ + NegTokenResp resp; + gss_buffer_desc data; + u_char *buf; + OM_uint32 ret; + gss_buffer_desc mech_mic_buf; + + memset(&resp, 0, sizeof(resp)); + + ALLOC(resp.negResult, 1); + if (resp.negResult == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + if (context_handle->open) { + if (mech_token != GSS_C_NO_BUFFER + && mech_token->length != 0 + && mech_buf != GSS_C_NO_BUFFER) + *(resp.negResult) = accept_incomplete; + else + *(resp.negResult) = accept_completed; + } else { + if (initial_response && context_handle->require_mic) + *(resp.negResult) = request_mic; + else + *(resp.negResult) = accept_incomplete; + } + + if (initial_response) { + ALLOC(resp.supportedMech, 1); + if (resp.supportedMech == NULL) { + free_NegTokenResp(&resp); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + ret = der_get_oid(context_handle->preferred_mech_type->elements, + context_handle->preferred_mech_type->length, + resp.supportedMech, + NULL); + if (ret) { + free_NegTokenResp(&resp); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + } else { + resp.supportedMech = NULL; + } + + if (mech_token != GSS_C_NO_BUFFER && mech_token->length != 0) { + ALLOC(resp.responseToken, 1); + if (resp.responseToken == NULL) { + free_NegTokenResp(&resp); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + resp.responseToken->length = mech_token->length; + resp.responseToken->data = mech_token->value; + mech_token->length = 0; + mech_token->value = NULL; + } else { + resp.responseToken = NULL; + } + + if (mech_buf != GSS_C_NO_BUFFER) { + ALLOC(resp.mechListMIC, 1); + if (resp.mechListMIC == NULL) { + free_NegTokenResp(&resp); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + ret = gss_get_mic(minor_status, + context_handle->negotiated_ctx_id, + 0, + mech_buf, + &mech_mic_buf); + if (ret != GSS_S_COMPLETE) { + free_NegTokenResp(&resp); + return ret; + } + + resp.mechListMIC->length = mech_mic_buf.length; + resp.mechListMIC->data = mech_mic_buf.value; + } else + resp.mechListMIC = NULL; + + ret = _gss_spnego_encode_response (minor_status, &resp, &data, &buf); + if (ret != GSS_S_COMPLETE) { + free_NegTokenResp(&resp); + return ret; + } + + /* + * The response should not be encapsulated, because + * it is a SubsequentContextToken (note though RFC 1964 + * specifies encapsulation for all _Kerberos_ tokens). + */ + output_token->value = malloc(data.length); + if (output_token->value == NULL) { + *minor_status = ENOMEM; + ret = GSS_S_FAILURE; + } else { + output_token->length = data.length; + memcpy(output_token->value, data.value, output_token->length); + } + free(buf); + if (ret != GSS_S_COMPLETE) { + free_NegTokenResp(&resp); + return ret; + } + + ret = (*(resp.negResult) == accept_completed) ? GSS_S_COMPLETE : + GSS_S_CONTINUE_NEEDED; + free_NegTokenResp(&resp); + return ret; +} + + +static OM_uint32 +verify_mechlist_mic + (OM_uint32 *minor_status, + gssspnego_ctx context_handle, + gss_buffer_t mech_buf, + heim_octet_string *mechListMIC + ) +{ + OM_uint32 ret; + gss_buffer_desc mic_buf; + + if (context_handle->verified_mic) { + /* This doesn't make sense, we've already verified it? */ + *minor_status = 0; + return GSS_S_DUPLICATE_TOKEN; + } + + if (mechListMIC == NULL) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + + mic_buf.length = mechListMIC->length; + mic_buf.value = mechListMIC->data; + + ret = gss_verify_mic(minor_status, + context_handle->negotiated_ctx_id, + mech_buf, + &mic_buf, + NULL); + + if (ret != GSS_S_COMPLETE) + ret = GSS_S_DEFECTIVE_TOKEN; + + return ret; +} + +OM_uint32 +_gss_spnego_accept_sec_context + (OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token_buffer, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t * src_name, + gss_OID * mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec, + gss_cred_id_t *delegated_cred_handle + ) +{ + OM_uint32 ret, ret2, minor; + NegTokenInit ni; + NegTokenResp na; + size_t ni_len, na_len; + int i; + gss_buffer_desc data; + size_t len, taglen; + int initialToken; + unsigned int negResult = accept_incomplete; + gss_buffer_t mech_input_token = GSS_C_NO_BUFFER; + gss_buffer_t mech_output_token = GSS_C_NO_BUFFER; + gss_buffer_desc mech_buf; + gss_OID preferred_mech_type = GSS_C_NO_OID; + gssspnego_ctx ctx; + gssspnego_cred acceptor_cred = (gssspnego_cred)acceptor_cred_handle; + + *minor_status = 0; + + output_token->length = 0; + output_token->value = NULL; + + if (src_name != NULL) + *src_name = GSS_C_NO_NAME; + + if (mech_type != NULL) + *mech_type = GSS_C_NO_OID; + + if (ret_flags != NULL) + *ret_flags = 0; + + if (time_rec != NULL) + *time_rec = 0; + + if (delegated_cred_handle != NULL) + *delegated_cred_handle = GSS_C_NO_CREDENTIAL; + + mech_buf.value = NULL; + + if (*context_handle == GSS_C_NO_CONTEXT) { + ret = _gss_spnego_alloc_sec_context(minor_status, + context_handle); + if (ret != GSS_S_COMPLETE) + return ret; + + if (input_token_buffer->length == 0) { + return send_supported_mechs (minor_status, + output_token); + } + } + + ctx = (gssspnego_ctx)*context_handle; + + /* + * The GSS-API encapsulation is only present on the initial + * context token (negTokenInit). + */ + ret = gss_decapsulate_token (input_token_buffer, + GSS_SPNEGO_MECHANISM, + &data); + initialToken = (ret == GSS_S_COMPLETE); + + if (!initialToken) { + data.value = input_token_buffer->value; + data.length = input_token_buffer->length; + } + + ret = der_match_tag_and_length(data.value, data.length, + ASN1_C_CONTEXT, CONS, + initialToken ? 0 : 1, + &len, &taglen); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + if (len > data.length - taglen) { + *minor_status = ASN1_OVERRUN; + return GSS_S_FAILURE; + } + + if (initialToken) { + ret = decode_NegTokenInit((const unsigned char *)data.value + taglen, + len, &ni, &ni_len); + } else { + ret = decode_NegTokenResp((const unsigned char *)data.value + taglen, + len, &na, &na_len); + } + if (ret) { + *minor_status = ret; + return GSS_S_DEFECTIVE_TOKEN; + } + + if (!initialToken && na.negResult != NULL) { + negResult = *(na.negResult); + } + + if (negResult == reject || negResult == request_mic) { + /* request_mic should only be sent by acceptor */ + free_NegTokenResp(&na); + return GSS_S_DEFECTIVE_TOKEN; + } + + if (initialToken) { + for (i = 0; i < ni.mechTypes.len; ++i) { + /* Call glue layer to find first mech we support */ + ret = _gss_spnego_select_mech(minor_status, &ni.mechTypes.val[i], + &preferred_mech_type); + if (ret == 0) + break; + } + if (preferred_mech_type == GSS_C_NO_OID) { + free_NegTokenInit(&ni); + return GSS_S_BAD_MECH; + } + } + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + + if (initialToken) { + ctx->preferred_mech_type = preferred_mech_type; + ctx->initiator_mech_types.len = ni.mechTypes.len; + ctx->initiator_mech_types.val = ni.mechTypes.val; + ni.mechTypes.len = 0; + ni.mechTypes.val = NULL; + } + + { + gss_buffer_desc ibuf, obuf; + int require_mic, verify_mic, get_mic; + int require_response; + heim_octet_string *mic; + + if (initialToken) { + if (ni.mechToken != NULL) { + ibuf.length = ni.mechToken->length; + ibuf.value = ni.mechToken->data; + mech_input_token = &ibuf; + } + } else { + if (na.responseToken != NULL) { + ibuf.length = na.responseToken->length; + ibuf.value = na.responseToken->data; + mech_input_token = &ibuf; + } + } + + if (mech_input_token != GSS_C_NO_BUFFER) { + gss_cred_id_t mech_cred; + gss_cred_id_t mech_delegated_cred; + gss_cred_id_t *mech_delegated_cred_p; + + if (acceptor_cred != NULL) + mech_cred = acceptor_cred->negotiated_cred_id; + else + mech_cred = GSS_C_NO_CREDENTIAL; + + if (delegated_cred_handle != NULL) { + mech_delegated_cred = GSS_C_NO_CREDENTIAL; + mech_delegated_cred_p = &mech_delegated_cred; + } else { + mech_delegated_cred_p = NULL; + } + + if (ctx->mech_src_name != GSS_C_NO_NAME) + gss_release_name(&minor, &ctx->mech_src_name); + + if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL) + _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id); + + ret = gss_accept_sec_context(&minor, + &ctx->negotiated_ctx_id, + mech_cred, + mech_input_token, + input_chan_bindings, + &ctx->mech_src_name, + &ctx->negotiated_mech_type, + &obuf, + &ctx->mech_flags, + &ctx->mech_time_rec, + mech_delegated_cred_p); + if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) { + if (mech_delegated_cred_p != NULL && + mech_delegated_cred != GSS_C_NO_CREDENTIAL) { + ret2 = _gss_spnego_alloc_cred(minor_status, + mech_delegated_cred, + &ctx->delegated_cred_id); + if (ret2 != GSS_S_COMPLETE) + ret = ret2; + } + mech_output_token = &obuf; + } + if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) { + if (initialToken) + free_NegTokenInit(&ni); + else + free_NegTokenResp(&na); + send_reject (minor_status, output_token); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return ret; + } + if (ret == GSS_S_COMPLETE) + ctx->open = 1; + } else + ret = GSS_S_COMPLETE; + + ret2 = _gss_spnego_require_mechlist_mic(minor_status, + ctx, + &require_mic); + if (ret2) + goto out; + + ctx->require_mic = require_mic; + + mic = initialToken ? ni.mechListMIC : na.mechListMIC; + if (mic != NULL) + require_mic = 1; + + if (ctx->open && require_mic) { + if (mech_input_token == GSS_C_NO_BUFFER) { /* Even/One */ + verify_mic = 1; + get_mic = 0; + } else if (mech_output_token != GSS_C_NO_BUFFER && + mech_output_token->length == 0) { /* Odd */ + get_mic = verify_mic = 1; + } else { /* Even/One */ + verify_mic = 0; + get_mic = 1; + } + + if (verify_mic || get_mic) { + int eret; + size_t buf_len; + + ASN1_MALLOC_ENCODE(MechTypeList, + mech_buf.value, mech_buf.length, + &ctx->initiator_mech_types, &buf_len, eret); + if (eret) { + ret2 = GSS_S_FAILURE; + *minor_status = eret; + goto out; + } + if (mech_buf.length != buf_len) + abort(); + } + + if (verify_mic) { + ret2 = verify_mechlist_mic(minor_status, ctx, &mech_buf, mic); + if (ret2) { + if (get_mic) + send_reject (minor_status, output_token); + goto out; + } + + ctx->verified_mic = 1; + } + } else + verify_mic = get_mic = 0; + + if (ctx->mech_flags & GSS_C_DCE_STYLE) + require_response = (negResult != accept_completed); + else + require_response = 0; + + /* + * Check whether we need to send a result: there should be only + * one accept_completed response sent in the entire negotiation + */ + if ((mech_output_token != GSS_C_NO_BUFFER && + mech_output_token->length != 0) + || require_response + || get_mic) { + ret2 = send_accept (minor_status, + ctx, + mech_output_token, + initialToken, + get_mic ? &mech_buf : NULL, + output_token); + if (ret2) + goto out; + } + + out: + if (ret2 != GSS_S_COMPLETE) + ret = ret2; + if (mech_output_token != NULL) + gss_release_buffer(&minor, mech_output_token); + if (mech_buf.value != NULL) + free(mech_buf.value); + if (initialToken) + free_NegTokenInit(&ni); + else + free_NegTokenResp(&na); + } + + if (ret == GSS_S_COMPLETE) { + if (src_name != NULL) { + ret2 = gss_duplicate_name(minor_status, + ctx->mech_src_name, + src_name); + if (ret2 != GSS_S_COMPLETE) + ret = ret2; + } + if (delegated_cred_handle != NULL) { + *delegated_cred_handle = ctx->delegated_cred_id; + ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL; + } + } + + if (mech_type != NULL) + *mech_type = ctx->negotiated_mech_type; + if (ret_flags != NULL) + *ret_flags = ctx->mech_flags; + if (time_rec != NULL) + *time_rec = ctx->mech_time_rec; + + if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) { + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return ret; + } + + _gss_spnego_internal_delete_sec_context(&minor, context_handle, + GSS_C_NO_BUFFER); + + return ret; +} + diff --git a/source4/heimdal/lib/gssapi/spnego/compat.c b/source4/heimdal/lib/gssapi/spnego/compat.c new file mode 100644 index 0000000000..aeae088258 --- /dev/null +++ b/source4/heimdal/lib/gssapi/spnego/compat.c @@ -0,0 +1,285 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "spnego/spnego_locl.h" + +RCSID("$Id: compat.c,v 1.6 2006/10/07 22:26:59 lha Exp $"); + +/* + * Apparently Microsoft got the OID wrong, and used + * 1.2.840.48018.1.2.2 instead. We need both this and + * the correct Kerberos OID here in order to deal with + * this. Because this is manifest in SPNEGO only I'd + * prefer to deal with this here rather than inside the + * Kerberos mechanism. + */ +static gss_OID_desc gss_mskrb_mechanism_oid_desc = + {9, (void *)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"}; + +static gss_OID_desc gss_krb5_mechanism_oid_desc = + {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; + +/* + * Allocate a SPNEGO context handle + */ +OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status, + gss_ctx_id_t *context_handle) +{ + gssspnego_ctx ctx; + + ctx = calloc(1, sizeof(*ctx)); + if (ctx == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + ctx->initiator_mech_types.len = 0; + ctx->initiator_mech_types.val = NULL; + ctx->preferred_mech_type = GSS_C_NO_OID; + ctx->negotiated_mech_type = GSS_C_NO_OID; + ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT; + + /* + * Cache these so we can return them before returning + * GSS_S_COMPLETE, even if the mechanism has itself + * completed earlier + */ + ctx->mech_flags = 0; + ctx->mech_time_rec = 0; + ctx->mech_src_name = GSS_C_NO_NAME; + ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL; + + ctx->open = 0; + ctx->local = 0; + ctx->require_mic = 0; + ctx->verified_mic = 0; + + HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex); + + *context_handle = (gss_ctx_id_t)ctx; + + return GSS_S_COMPLETE; +} + +/* + * Free a SPNEGO context handle. The caller must have acquired + * the lock before this is called. + */ +OM_uint32 _gss_spnego_internal_delete_sec_context + (OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_buffer_t output_token + ) +{ + gssspnego_ctx ctx; + OM_uint32 ret, minor; + + *minor_status = 0; + + if (context_handle == NULL) { + return GSS_S_NO_CONTEXT; + } + + if (output_token != GSS_C_NO_BUFFER) { + output_token->length = 0; + output_token->value = NULL; + } + + ctx = (gssspnego_ctx)*context_handle; + *context_handle = GSS_C_NO_CONTEXT; + + if (ctx == NULL) { + return GSS_S_NO_CONTEXT; + } + + if (ctx->initiator_mech_types.val != NULL) + free_MechTypeList(&ctx->initiator_mech_types); + + _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id); + + gss_release_oid(&minor, &ctx->preferred_mech_type); + ctx->negotiated_mech_type = GSS_C_NO_OID; + + gss_release_name(&minor, &ctx->mech_src_name); + + if (ctx->negotiated_ctx_id != GSS_C_NO_CONTEXT) { + ret = gss_delete_sec_context(minor_status, + &ctx->negotiated_ctx_id, + output_token); + ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT; + } else { + ret = GSS_S_COMPLETE; + } + + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); + + free(ctx); + *context_handle = NULL; + + return ret; +} + +/* + * For compatability with the Windows SPNEGO implementation, the + * default is to ignore the mechListMIC unless CFX is used and + * a non-preferred mechanism was negotiated + */ + +OM_uint32 +_gss_spnego_require_mechlist_mic(OM_uint32 *minor_status, + gssspnego_ctx ctx, + int *require_mic) +{ + gss_buffer_set_t buffer_set = GSS_C_NO_BUFFER_SET; + OM_uint32 minor; + + *minor_status = 0; + *require_mic = 0; + + if (ctx == NULL) { + return GSS_S_COMPLETE; + } + + if (ctx->require_mic) { + /* Acceptor requested it: mandatory to honour */ + *require_mic = 1; + return GSS_S_COMPLETE; + } + + /* + * Check whether peer indicated implicit support for updated SPNEGO + * (eg. in the Kerberos case by using CFX) + */ + if (gss_inquire_sec_context_by_oid(&minor, ctx->negotiated_ctx_id, + GSS_C_PEER_HAS_UPDATED_SPNEGO, + &buffer_set) == GSS_S_COMPLETE) { + *require_mic = 1; + gss_release_buffer_set(&minor, &buffer_set); + } + + /* Safe-to-omit MIC rules follow */ + if (*require_mic) { + if (gss_oid_equal(ctx->negotiated_mech_type, ctx->preferred_mech_type)) { + *require_mic = 0; + } else if (gss_oid_equal(ctx->negotiated_mech_type, &gss_krb5_mechanism_oid_desc) && + gss_oid_equal(ctx->preferred_mech_type, &gss_mskrb_mechanism_oid_desc)) { + *require_mic = 0; + } + } + + return GSS_S_COMPLETE; +} + +int _gss_spnego_add_mech_type(gss_OID mech_type, + int includeMSCompatOID, + MechTypeList *mechtypelist) +{ + int ret; + + if (gss_oid_equal(mech_type, GSS_SPNEGO_MECHANISM)) + return 0; + + if (includeMSCompatOID && + gss_oid_equal(mech_type, &gss_krb5_mechanism_oid_desc)) { + ret = der_get_oid(gss_mskrb_mechanism_oid_desc.elements, + gss_mskrb_mechanism_oid_desc.length, + &mechtypelist->val[mechtypelist->len], + NULL); + if (ret) + return ret; + mechtypelist->len++; + } + ret = der_get_oid(mech_type->elements, + mech_type->length, + &mechtypelist->val[mechtypelist->len], + NULL); + if (ret) + return ret; + mechtypelist->len++; + + return 0; +} + +OM_uint32 +_gss_spnego_select_mech(OM_uint32 *minor_status, + MechType *mechType, + gss_OID *mech_p) +{ + char mechbuf[64]; + size_t mech_len; + gss_OID_desc oid; + OM_uint32 ret; + + ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1, + sizeof(mechbuf), + mechType, + &mech_len); + if (ret) { + return GSS_S_DEFECTIVE_TOKEN; + } + + oid.length = mech_len; + oid.elements = mechbuf + sizeof(mechbuf) - mech_len; + + if (gss_oid_equal(&oid, GSS_SPNEGO_MECHANISM)) { + return GSS_S_BAD_MECH; + } + + *minor_status = 0; + + /* Translate broken MS Kebreros OID */ + if (gss_oid_equal(&oid, &gss_mskrb_mechanism_oid_desc)) { + gssapi_mech_interface mech; + + mech = __gss_get_mechanism(&gss_krb5_mechanism_oid_desc); + if (mech == NULL) + return GSS_S_BAD_MECH; + + ret = gss_duplicate_oid(minor_status, + &gss_mskrb_mechanism_oid_desc, + mech_p); + } else { + gssapi_mech_interface mech; + + mech = __gss_get_mechanism(&oid); + if (mech == NULL) + return GSS_S_BAD_MECH; + + ret = gss_duplicate_oid(minor_status, + &mech->gm_mech_oid, + mech_p); + } + + return ret; +} + diff --git a/source4/heimdal/lib/gssapi/spnego/context_stubs.c b/source4/heimdal/lib/gssapi/spnego/context_stubs.c new file mode 100644 index 0000000000..902ddbbdf9 --- /dev/null +++ b/source4/heimdal/lib/gssapi/spnego/context_stubs.c @@ -0,0 +1,835 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "spnego/spnego_locl.h" + +RCSID("$Id: context_stubs.c,v 1.8 2006/10/07 22:27:01 lha Exp $"); + +static OM_uint32 +spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs) +{ + OM_uint32 ret, junk; + gss_OID_set m; + int i; + + ret = gss_indicate_mechs(minor_status, &m); + if (ret != GSS_S_COMPLETE) + return ret; + + ret = gss_create_empty_oid_set(minor_status, mechs); + if (ret != GSS_S_COMPLETE) { + gss_release_oid_set(&junk, &m); + return ret; + } + + for (i = 0; i < m->count; i++) { + if (gss_oid_equal(&m->elements[i], GSS_SPNEGO_MECHANISM)) + continue; + + ret = gss_add_oid_set_member(minor_status, &m->elements[i], mechs); + if (ret) { + gss_release_oid_set(&junk, &m); + gss_release_oid_set(&junk, mechs); + return ret; + } + } + return ret; +} + + + +OM_uint32 _gss_spnego_process_context_token + (OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t token_buffer + ) +{ + gss_ctx_id_t context ; + gssspnego_ctx ctx; + OM_uint32 ret; + + if (context_handle == GSS_C_NO_CONTEXT) + return GSS_S_NO_CONTEXT; + + context = context_handle; + ctx = (gssspnego_ctx)context_handle; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + + ret = gss_process_context_token(minor_status, + ctx->negotiated_ctx_id, + token_buffer); + if (ret != GSS_S_COMPLETE) { + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return ret; + } + + ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT; + + return _gss_spnego_internal_delete_sec_context(minor_status, + &context, + GSS_C_NO_BUFFER); +} + +OM_uint32 _gss_spnego_delete_sec_context + (OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_buffer_t output_token + ) +{ + gssspnego_ctx ctx; + + if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) + return GSS_S_NO_CONTEXT; + + ctx = (gssspnego_ctx)*context_handle; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + + return _gss_spnego_internal_delete_sec_context(minor_status, + context_handle, + output_token); +} + +OM_uint32 _gss_spnego_context_time + (OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + OM_uint32 *time_rec + ) +{ + gssspnego_ctx ctx; + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + return gss_context_time(minor_status, + ctx->negotiated_ctx_id, + time_rec); +} + +OM_uint32 _gss_spnego_get_mic + (OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token + ) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + return gss_get_mic(minor_status, ctx->negotiated_ctx_id, + qop_req, message_buffer, message_token); +} + +OM_uint32 _gss_spnego_verify_mic + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state + ) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + return gss_verify_mic(minor_status, + ctx->negotiated_ctx_id, + message_buffer, + token_buffer, + qop_state); +} + +OM_uint32 _gss_spnego_wrap + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int * conf_state, + gss_buffer_t output_message_buffer + ) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + return gss_wrap(minor_status, + ctx->negotiated_ctx_id, + conf_req_flag, + qop_req, + input_message_buffer, + conf_state, + output_message_buffer); +} + +OM_uint32 _gss_spnego_unwrap + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int * conf_state, + gss_qop_t * qop_state + ) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + return gss_unwrap(minor_status, + ctx->negotiated_ctx_id, + input_message_buffer, + output_message_buffer, + conf_state, + qop_state); +} + +OM_uint32 _gss_spnego_display_status + (OM_uint32 * minor_status, + OM_uint32 status_value, + int status_type, + const gss_OID mech_type, + OM_uint32 * message_context, + gss_buffer_t status_string + ) +{ + return GSS_S_FAILURE; +} + +OM_uint32 _gss_spnego_compare_name + (OM_uint32 *minor_status, + const gss_name_t name1, + const gss_name_t name2, + int * name_equal + ) +{ + return gss_compare_name(minor_status, name1, name2, name_equal); +} + +OM_uint32 _gss_spnego_display_name + (OM_uint32 * minor_status, + const gss_name_t input_name, + gss_buffer_t output_name_buffer, + gss_OID * output_name_type + ) +{ + return gss_display_name(minor_status, input_name, + output_name_buffer, output_name_type); +} + +OM_uint32 _gss_spnego_import_name + (OM_uint32 * minor_status, + const gss_buffer_t input_name_buffer, + const gss_OID input_name_type, + gss_name_t * output_name + ) +{ + return gss_import_name(minor_status, input_name_buffer, + input_name_type, output_name); +} + +OM_uint32 _gss_spnego_export_name + (OM_uint32 * minor_status, + const gss_name_t input_name, + gss_buffer_t exported_name + ) +{ + return gss_export_name(minor_status, input_name, + exported_name); +} + +OM_uint32 _gss_spnego_release_name + (OM_uint32 * minor_status, + gss_name_t * input_name + ) +{ + return gss_release_name(minor_status, input_name); +} + +OM_uint32 _gss_spnego_inquire_context ( + OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + gss_name_t * src_name, + gss_name_t * targ_name, + OM_uint32 * lifetime_rec, + gss_OID * mech_type, + OM_uint32 * ctx_flags, + int * locally_initiated, + int * open_context + ) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + return gss_inquire_context(minor_status, + ctx->negotiated_ctx_id, + src_name, + targ_name, + lifetime_rec, + mech_type, + ctx_flags, + locally_initiated, + open_context); +} + +OM_uint32 _gss_spnego_wrap_size_limit ( + OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_output_size, + OM_uint32 * max_input_size + ) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + return gss_wrap_size_limit(minor_status, + ctx->negotiated_ctx_id, + conf_req_flag, + qop_req, + req_output_size, + max_input_size); +} + +OM_uint32 _gss_spnego_export_sec_context ( + OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + gss_buffer_t interprocess_token + ) +{ + gssspnego_ctx ctx; + OM_uint32 ret; + + *minor_status = 0; + + if (context_handle == NULL) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)*context_handle; + + if (ctx == NULL) + return GSS_S_NO_CONTEXT; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return GSS_S_NO_CONTEXT; + } + + ret = gss_export_sec_context(minor_status, + &ctx->negotiated_ctx_id, + interprocess_token); + if (ret == GSS_S_COMPLETE) { + ret = _gss_spnego_internal_delete_sec_context(minor_status, + context_handle, + GSS_C_NO_BUFFER); + if (ret == GSS_S_COMPLETE) + return GSS_S_COMPLETE; + } + + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + return ret; +} + +OM_uint32 _gss_spnego_import_sec_context ( + OM_uint32 * minor_status, + const gss_buffer_t interprocess_token, + gss_ctx_id_t *context_handle + ) +{ + OM_uint32 ret, minor; + gss_ctx_id_t context; + gssspnego_ctx ctx; + + ret = _gss_spnego_alloc_sec_context(minor_status, &context); + if (ret != GSS_S_COMPLETE) { + return ret; + } + ctx = (gssspnego_ctx)context; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + + ret = gss_import_sec_context(minor_status, + interprocess_token, + &ctx->negotiated_ctx_id); + if (ret != GSS_S_COMPLETE) { + _gss_spnego_internal_delete_sec_context(&minor, context_handle, GSS_C_NO_BUFFER); + return ret; + } + + ctx->open = 1; + /* don't bother filling in the rest of the fields */ + + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + *context_handle = (gss_ctx_id_t)ctx; + + return GSS_S_COMPLETE; +} + +OM_uint32 _gss_spnego_inquire_names_for_mech ( + OM_uint32 * minor_status, + const gss_OID mechanism, + gss_OID_set * name_types + ) +{ + gss_OID_set mechs, names, n; + OM_uint32 ret, junk; + int i, j; + + *name_types = NULL; + + ret = spnego_supported_mechs(minor_status, &mechs); + if (ret != GSS_S_COMPLETE) + return ret; + + ret = gss_create_empty_oid_set(minor_status, &names); + if (ret != GSS_S_COMPLETE) + goto out; + + for (i = 0; i < mechs->count; i++) { + ret = gss_inquire_names_for_mech(minor_status, + &mechs->elements[i], + &n); + if (ret) + continue; + + for (j = 0; j < n->count; j++) + gss_add_oid_set_member(minor_status, + &n->elements[j], + &names); + gss_release_oid_set(&junk, &n); + } + + ret = GSS_S_COMPLETE; + *name_types = names; +out: + + gss_release_oid_set(&junk, &mechs); + + return GSS_S_COMPLETE; +} + +OM_uint32 _gss_spnego_inquire_mechs_for_name ( + OM_uint32 * minor_status, + const gss_name_t input_name, + gss_OID_set * mech_types + ) +{ + OM_uint32 ret, junk; + + ret = gss_create_empty_oid_set(minor_status, mech_types); + if (ret) + return ret; + + ret = gss_add_oid_set_member(minor_status, + GSS_SPNEGO_MECHANISM, + mech_types); + if (ret) + gss_release_oid_set(&junk, mech_types); + + return ret; +} + +OM_uint32 _gss_spnego_canonicalize_name ( + OM_uint32 * minor_status, + const gss_name_t input_name, + const gss_OID mech_type, + gss_name_t * output_name + ) +{ + /* XXX */ + return gss_duplicate_name(minor_status, input_name, output_name); +} + +OM_uint32 _gss_spnego_duplicate_name ( + OM_uint32 * minor_status, + const gss_name_t src_name, + gss_name_t * dest_name + ) +{ + return gss_duplicate_name(minor_status, src_name, dest_name); +} + +OM_uint32 _gss_spnego_sign + (OM_uint32 * minor_status, + gss_ctx_id_t context_handle, + int qop_req, + gss_buffer_t message_buffer, + gss_buffer_t message_token + ) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + return gss_sign(minor_status, + ctx->negotiated_ctx_id, + qop_req, + message_buffer, + message_token); +} + +OM_uint32 _gss_spnego_verify + (OM_uint32 * minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t message_buffer, + gss_buffer_t token_buffer, + int * qop_state + ) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + return gss_verify(minor_status, + ctx->negotiated_ctx_id, + message_buffer, + token_buffer, + qop_state); +} + +OM_uint32 _gss_spnego_seal + (OM_uint32 * minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + int qop_req, + gss_buffer_t input_message_buffer, + int * conf_state, + gss_buffer_t output_message_buffer + ) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + return gss_seal(minor_status, + ctx->negotiated_ctx_id, + conf_req_flag, + qop_req, + input_message_buffer, + conf_state, + output_message_buffer); +} + +OM_uint32 _gss_spnego_unseal + (OM_uint32 * minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int * conf_state, + int * qop_state + ) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + return gss_unseal(minor_status, + ctx->negotiated_ctx_id, + input_message_buffer, + output_message_buffer, + conf_state, + qop_state); +} + +#if 0 +OM_uint32 _gss_spnego_unwrap_ex + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t token_header_buffer, + const gss_buffer_t associated_data_buffer, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int * conf_state, + gss_qop_t * qop_state) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + return gss_unwrap_ex(minor_status, + ctx->negotiated_ctx_id, + token_header_buffer, + associated_data_buffer, + input_message_buffer, + output_message_buffer, + conf_state, + qop_state); +} + +OM_uint32 _gss_spnego_wrap_ex + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t associated_data_buffer, + const gss_buffer_t input_message_buffer, + int * conf_state, + gss_buffer_t output_token_buffer, + gss_buffer_t output_message_buffer + ) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + if ((ctx->mech_flags & GSS_C_DCE_STYLE) == 0 && + associated_data_buffer->length != input_message_buffer->length) { + *minor_status = EINVAL; + return GSS_S_BAD_QOP; + } + + return gss_wrap_ex(minor_status, + ctx->negotiated_ctx_id, + conf_req_flag, + qop_req, + associated_data_buffer, + input_message_buffer, + conf_state, + output_token_buffer, + output_message_buffer); +} + +OM_uint32 _gss_spnego_complete_auth_token + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + return gss_complete_auth_token(minor_status, + ctx->negotiated_ctx_id, + input_message_buffer); +} +#endif + +OM_uint32 _gss_spnego_inquire_sec_context_by_oid + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + return gss_inquire_sec_context_by_oid(minor_status, + ctx->negotiated_ctx_id, + desired_object, + data_set); +} + +OM_uint32 _gss_spnego_set_sec_context_option + (OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + const gss_OID desired_object, + const gss_buffer_t value) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + return GSS_S_NO_CONTEXT; + } + + return gss_set_sec_context_option(minor_status, + &ctx->negotiated_ctx_id, + desired_object, + value); +} + diff --git a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c new file mode 100644 index 0000000000..8f8edab15e --- /dev/null +++ b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c @@ -0,0 +1,291 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "spnego/spnego_locl.h" + +RCSID("$Id: cred_stubs.c,v 1.5 2006/10/07 22:27:04 lha Exp $"); + +OM_uint32 +_gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) +{ + gssspnego_cred cred; + OM_uint32 ret; + + *minor_status = 0; + + if (*cred_handle == GSS_C_NO_CREDENTIAL) { + return GSS_S_COMPLETE; + } + cred = (gssspnego_cred)*cred_handle; + + ret = gss_release_cred(minor_status, &cred->negotiated_cred_id); + + free(cred); + *cred_handle = GSS_C_NO_CREDENTIAL; + + return ret; +} + +OM_uint32 +_gss_spnego_alloc_cred(OM_uint32 *minor_status, + gss_cred_id_t mech_cred_handle, + gss_cred_id_t *cred_handle) +{ + gssspnego_cred cred; + + if (*cred_handle != GSS_C_NO_CREDENTIAL) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + cred = calloc(1, sizeof(*cred)); + if (cred == NULL) { + *cred_handle = GSS_C_NO_CREDENTIAL; + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + cred->negotiated_cred_id = mech_cred_handle; + + *cred_handle = (gss_cred_id_t)cred; + + return GSS_S_COMPLETE; +} + +/* + * For now, just a simple wrapper that avoids recursion. When + * we support gss_{get,set}_neg_mechs() we will need to expose + * more functionality. + */ +OM_uint32 _gss_spnego_acquire_cred +(OM_uint32 *minor_status, + const gss_name_t desired_name, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t * output_cred_handle, + gss_OID_set * actual_mechs, + OM_uint32 * time_rec + ) +{ + OM_uint32 ret, tmp; + gss_OID_set_desc actual_desired_mechs; + gss_OID_set mechs; + int i, j; + gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL; + gssspnego_cred cred; + + *output_cred_handle = GSS_C_NO_CREDENTIAL; + + ret = gss_indicate_mechs(minor_status, &mechs); + if (ret != GSS_S_COMPLETE) + return ret; + + /* Remove ourselves from this list */ + actual_desired_mechs.count = mechs->count; + actual_desired_mechs.elements = malloc(actual_desired_mechs.count * + sizeof(gss_OID_desc)); + if (actual_desired_mechs.elements == NULL) { + *minor_status = ENOMEM; + ret = GSS_S_FAILURE; + goto out; + } + + for (i = 0, j = 0; i < mechs->count; i++) { + if (gss_oid_equal(&mechs->elements[i], GSS_SPNEGO_MECHANISM)) + continue; + + actual_desired_mechs.elements[j] = mechs->elements[i]; + j++; + } + actual_desired_mechs.count = j; + + ret = _gss_spnego_alloc_cred(minor_status, GSS_C_NO_CREDENTIAL, + &cred_handle); + if (ret != GSS_S_COMPLETE) + goto out; + + cred = (gssspnego_cred)cred_handle; + ret = gss_acquire_cred(minor_status, desired_name, + time_req, &actual_desired_mechs, + cred_usage, + &cred->negotiated_cred_id, + actual_mechs, time_rec); + if (ret != GSS_S_COMPLETE) + goto out; + + *output_cred_handle = cred_handle; + +out: + gss_release_oid_set(&tmp, &mechs); + if (actual_desired_mechs.elements != NULL) { + free(actual_desired_mechs.elements); + } + if (ret != GSS_S_COMPLETE) { + _gss_spnego_release_cred(&tmp, &cred_handle); + } + + return ret; +} + +OM_uint32 _gss_spnego_inquire_cred + (OM_uint32 * minor_status, + const gss_cred_id_t cred_handle, + gss_name_t * name, + OM_uint32 * lifetime, + gss_cred_usage_t * cred_usage, + gss_OID_set * mechanisms + ) +{ + gssspnego_cred cred; + OM_uint32 ret; + + if (cred_handle == GSS_C_NO_CREDENTIAL) { + *minor_status = 0; + return GSS_S_NO_CRED; + } + + cred = (gssspnego_cred)cred_handle; + + ret = gss_inquire_cred(minor_status, + cred->negotiated_cred_id, + name, + lifetime, + cred_usage, + mechanisms); + + return ret; +} + +OM_uint32 _gss_spnego_add_cred ( + OM_uint32 * minor_status, + const gss_cred_id_t input_cred_handle, + const gss_name_t desired_name, + const gss_OID desired_mech, + gss_cred_usage_t cred_usage, + OM_uint32 initiator_time_req, + OM_uint32 acceptor_time_req, + gss_cred_id_t * output_cred_handle, + gss_OID_set * actual_mechs, + OM_uint32 * initiator_time_rec, + OM_uint32 * acceptor_time_rec + ) +{ + gss_cred_id_t spnego_output_cred_handle = GSS_C_NO_CREDENTIAL; + OM_uint32 ret, tmp; + gssspnego_cred input_cred, output_cred; + + *output_cred_handle = GSS_C_NO_CREDENTIAL; + + ret = _gss_spnego_alloc_cred(minor_status, GSS_C_NO_CREDENTIAL, + &spnego_output_cred_handle); + if (ret) + return ret; + + input_cred = (gssspnego_cred)input_cred_handle; + output_cred = (gssspnego_cred)spnego_output_cred_handle; + + ret = gss_add_cred(minor_status, + input_cred->negotiated_cred_id, + desired_name, + desired_mech, + cred_usage, + initiator_time_req, + acceptor_time_req, + &output_cred->negotiated_cred_id, + actual_mechs, + initiator_time_rec, + acceptor_time_rec); + if (ret) { + _gss_spnego_release_cred(&tmp, &spnego_output_cred_handle); + return ret; + } + + *output_cred_handle = spnego_output_cred_handle; + + return GSS_S_COMPLETE; +} + +OM_uint32 _gss_spnego_inquire_cred_by_mech ( + OM_uint32 * minor_status, + const gss_cred_id_t cred_handle, + const gss_OID mech_type, + gss_name_t * name, + OM_uint32 * initiator_lifetime, + OM_uint32 * acceptor_lifetime, + gss_cred_usage_t * cred_usage + ) +{ + gssspnego_cred cred; + OM_uint32 ret; + + if (cred_handle == GSS_C_NO_CREDENTIAL) { + *minor_status = 0; + return GSS_S_NO_CRED; + } + + cred = (gssspnego_cred)cred_handle; + + ret = gss_inquire_cred_by_mech(minor_status, + cred->negotiated_cred_id, + mech_type, + name, + initiator_lifetime, + acceptor_lifetime, + cred_usage); + + return ret; +} + +OM_uint32 _gss_spnego_inquire_cred_by_oid + (OM_uint32 * minor_status, + const gss_cred_id_t cred_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + gssspnego_cred cred; + OM_uint32 ret; + + if (cred_handle == GSS_C_NO_CREDENTIAL) { + *minor_status = 0; + return GSS_S_NO_CRED; + } + cred = (gssspnego_cred)cred_handle; + + ret = gss_inquire_cred_by_oid(minor_status, + cred->negotiated_cred_id, + desired_object, + data_set); + + return ret; +} + diff --git a/source4/heimdal/lib/gssapi/spnego/external.c b/source4/heimdal/lib/gssapi/spnego/external.c new file mode 100644 index 0000000000..b7e02a55e1 --- /dev/null +++ b/source4/heimdal/lib/gssapi/spnego/external.c @@ -0,0 +1,89 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "spnego/spnego_locl.h" +#include + +RCSID("$Id: external.c,v 1.7 2006/10/07 22:27:06 lha Exp $"); + +/* + * RFC2478, SPNEGO: + * The security mechanism of the initial + * negotiation token is identified by the Object Identifier + * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). + */ + +static gssapi_mech_interface_desc spnego_mech = { + GMI_VERSION, + "spnego", + {6, (void *)"\x2b\x06\x01\x05\x05\x02"}, + _gss_spnego_acquire_cred, + _gss_spnego_release_cred, + _gss_spnego_init_sec_context, + _gss_spnego_accept_sec_context, + _gss_spnego_process_context_token, + _gss_spnego_internal_delete_sec_context, + _gss_spnego_context_time, + _gss_spnego_get_mic, + _gss_spnego_verify_mic, + _gss_spnego_wrap, + _gss_spnego_unwrap, + _gss_spnego_display_status, + NULL, + _gss_spnego_compare_name, + _gss_spnego_display_name, + _gss_spnego_import_name, + _gss_spnego_export_name, + _gss_spnego_release_name, + _gss_spnego_inquire_cred, + _gss_spnego_inquire_context, + _gss_spnego_wrap_size_limit, + _gss_spnego_add_cred, + _gss_spnego_inquire_cred_by_mech, + _gss_spnego_export_sec_context, + _gss_spnego_import_sec_context, + _gss_spnego_inquire_names_for_mech, + _gss_spnego_inquire_mechs_for_name, + _gss_spnego_canonicalize_name, + _gss_spnego_duplicate_name +}; + +gssapi_mech_interface +__gss_spnego_initialize(void) +{ + return &spnego_mech; +} + +static gss_OID_desc _gss_spnego_mechanism_desc = + {6, (void *)"\x2b\x06\x01\x05\x05\x02"}; + +gss_OID GSS_SPNEGO_MECHANISM = &_gss_spnego_mechanism_desc; diff --git a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c new file mode 100644 index 0000000000..5a652fdb2e --- /dev/null +++ b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c @@ -0,0 +1,578 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * Portions Copyright (c) 2004 PADL Software Pty Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "spnego/spnego_locl.h" + +RCSID("$Id: init_sec_context.c,v 1.6 2006/10/14 10:09:15 lha Exp $"); + +/* + * Send a reply. Note that we only need to send a reply if we + * need to send a MIC or a mechanism token. Otherwise, we can + * return an empty buffer. + * + * The return value of this will be returned to the API, so it + * must return GSS_S_CONTINUE_NEEDED if a token was generated. + */ +static OM_uint32 +spnego_reply_internal(OM_uint32 *minor_status, + gssspnego_ctx context_handle, + const gss_buffer_t mech_buf, + gss_buffer_t mech_token, + gss_buffer_t output_token) +{ + NegTokenResp resp; + gss_buffer_desc mic_buf; + OM_uint32 ret; + gss_buffer_desc data; + u_char *buf; + + if (mech_buf == GSS_C_NO_BUFFER && mech_token->length == 0) { + output_token->length = 0; + output_token->value = NULL; + + return context_handle->open ? GSS_S_COMPLETE : GSS_S_FAILURE; + } + + memset(&resp, 0, sizeof(resp)); + + ALLOC(resp.negResult, 1); + if (resp.negResult == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + resp.supportedMech = NULL; + + output_token->length = 0; + output_token->value = NULL; + + if (mech_token->length == 0) { + resp.responseToken = NULL; + *(resp.negResult) = accept_completed; + } else { + ALLOC(resp.responseToken, 1); + if (resp.responseToken == NULL) { + free_NegTokenResp(&resp); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + resp.responseToken->length = mech_token->length; + resp.responseToken->data = mech_token->value; + mech_token->length = 0; + mech_token->value = NULL; + + *(resp.negResult) = accept_incomplete; + } + + if (mech_buf != GSS_C_NO_BUFFER) { + ALLOC(resp.mechListMIC, 1); + if (resp.mechListMIC == NULL) { + free_NegTokenResp(&resp); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + ret = gss_get_mic(minor_status, + context_handle->negotiated_ctx_id, + 0, + mech_buf, + &mic_buf); + if (ret) { + free_NegTokenResp(&resp); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + resp.mechListMIC->length = mic_buf.length; + resp.mechListMIC->data = mic_buf.value; + } else { + resp.mechListMIC = NULL; + } + + ret = _gss_spnego_encode_response (minor_status, &resp, + &data, &buf); + if (ret) { + free_NegTokenResp(&resp); + return ret; + } + + output_token->value = malloc(data.length); + if (output_token->value == NULL) { + *minor_status = ENOMEM; + ret = GSS_S_FAILURE; + } else { + output_token->length = data.length; + memcpy(output_token->value, data.value, output_token->length); + } + free(buf); + + if (*(resp.negResult) == accept_completed) + ret = GSS_S_COMPLETE; + else + ret = GSS_S_CONTINUE_NEEDED; + + free_NegTokenResp(&resp); + return ret; +} + +static OM_uint32 +spnego_initial + (OM_uint32 * minor_status, + gssspnego_cred cred, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec + ) +{ + NegTokenInit ni; + int ret; + OM_uint32 sub, minor; + gss_buffer_desc mech_token; + u_char *buf; + size_t buf_size, buf_len; + gss_buffer_desc data; + size_t ni_len; + gss_ctx_id_t context; + gssspnego_ctx ctx; + + memset (&ni, 0, sizeof(ni)); + + *context_handle = GSS_C_NO_CONTEXT; + + *minor_status = 0; + + sub = _gss_spnego_alloc_sec_context(&minor, &context); + if (GSS_ERROR(sub)) { + *minor_status = minor; + return sub; + } + ctx = (gssspnego_ctx)context; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + + ctx->local = 1; + + sub = _gss_spnego_indicate_mechtypelist(&minor, 0, + cred, + &ni.mechTypes, + &ctx->preferred_mech_type); + if (GSS_ERROR(sub)) { + *minor_status = minor; + _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); + return sub; + } + + ni.reqFlags = NULL; + + /* + * If we have a credential handle, use it to select the mechanism + * that we will use + */ + + /* generate optimistic token */ + sub = gss_init_sec_context(&minor, + (cred != NULL) ? cred->negotiated_cred_id : + GSS_C_NO_CREDENTIAL, + &ctx->negotiated_ctx_id, + target_name, + GSS_C_NO_OID, + req_flags, + time_req, + input_chan_bindings, + input_token, + &ctx->negotiated_mech_type, + &mech_token, + &ctx->mech_flags, + &ctx->mech_time_rec); + if (GSS_ERROR(sub)) { + free_NegTokenInit(&ni); + *minor_status = minor; + _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); + return sub; + } + + if (mech_token.length != 0) { + ALLOC(ni.mechToken, 1); + if (ni.mechToken == NULL) { + free_NegTokenInit(&ni); + gss_release_buffer(&minor, &mech_token); + _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + ni.mechToken->length = mech_token.length; + ni.mechToken->data = malloc(mech_token.length); + if (ni.mechToken->data == NULL && mech_token.length != 0) { + free_NegTokenInit(&ni); + gss_release_buffer(&minor, &mech_token); + *minor_status = ENOMEM; + _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); + return GSS_S_FAILURE; + } + memcpy(ni.mechToken->data, mech_token.value, mech_token.length); + gss_release_buffer(&minor, &mech_token); + } else + ni.mechToken = NULL; + + ni.mechListMIC = NULL; + + ni_len = length_NegTokenInit(&ni); + buf_size = 1 + der_length_len(ni_len) + ni_len; + + buf = malloc(buf_size); + if (buf == NULL) { + free_NegTokenInit(&ni); + *minor_status = ENOMEM; + _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); + return GSS_S_FAILURE; + } + + ret = encode_NegTokenInit(buf + buf_size - 1, + ni_len, + &ni, &buf_len); + if (ret == 0 && ni_len != buf_len) + abort(); + + if (ret == 0) { + size_t tmp; + + ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, + buf_size - buf_len, + buf_len, + ASN1_C_CONTEXT, + CONS, + 0, + &tmp); + if (ret == 0 && tmp + buf_len != buf_size) + abort(); + } + if (ret) { + *minor_status = ret; + free(buf); + free_NegTokenInit(&ni); + _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); + return GSS_S_FAILURE; + } + + data.value = buf; + data.length = buf_size; + + ctx->initiator_mech_types.len = ni.mechTypes.len; + ctx->initiator_mech_types.val = ni.mechTypes.val; + ni.mechTypes.len = 0; + ni.mechTypes.val = NULL; + + free_NegTokenInit(&ni); + + sub = gss_encapsulate_token(&data, + GSS_SPNEGO_MECHANISM, + output_token); + free (buf); + + if (sub) { + _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); + return sub; + } + + if (actual_mech_type) + *actual_mech_type = ctx->negotiated_mech_type; + if (ret_flags) + *ret_flags = ctx->mech_flags; + if (time_rec) + *time_rec = ctx->mech_time_rec; + + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + *context_handle = context; + + return GSS_S_CONTINUE_NEEDED; +} + +static OM_uint32 +spnego_reply + (OM_uint32 * minor_status, + const gssspnego_cred cred, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec + ) +{ + OM_uint32 ret, minor; + NegTokenResp resp; + u_char oidbuf[17]; + size_t oidlen; + size_t len, taglen; + gss_OID_desc mech; + int require_mic; + size_t buf_len; + gss_buffer_desc mic_buf, mech_buf; + gss_buffer_desc mech_output_token; + gssspnego_ctx ctx; + + *minor_status = 0; + + ctx = (gssspnego_ctx)*context_handle; + + output_token->length = 0; + output_token->value = NULL; + + mech_output_token.length = 0; + mech_output_token.value = NULL; + + mech_buf.value = NULL; + mech_buf.length = 0; + + ret = der_match_tag_and_length(input_token->value, input_token->length, + ASN1_C_CONTEXT, CONS, 1, &len, &taglen); + if (ret) + return ret; + + if (len > input_token->length - taglen) + return ASN1_OVERRUN; + + ret = decode_NegTokenResp((const unsigned char *)input_token->value+taglen, + len, &resp, NULL); + if (ret) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + if (resp.negResult == NULL + || *(resp.negResult) == reject + || resp.supportedMech == NULL) { + free_NegTokenResp(&resp); + return GSS_S_BAD_MECH; + } + + ret = der_put_oid(oidbuf + sizeof(oidbuf) - 1, + sizeof(oidbuf), + resp.supportedMech, + &oidlen); + if (ret || (oidlen == GSS_SPNEGO_MECHANISM->length && + memcmp(oidbuf + sizeof(oidbuf) - oidlen, + GSS_SPNEGO_MECHANISM->elements, + oidlen) == 0)) { + /* Avoid recursively embedded SPNEGO */ + free_NegTokenResp(&resp); + return GSS_S_BAD_MECH; + } + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + + if (resp.responseToken != NULL) { + gss_buffer_desc mech_input_token; + + mech_input_token.length = resp.responseToken->length; + mech_input_token.value = resp.responseToken->data; + + mech.length = oidlen; + mech.elements = oidbuf + sizeof(oidbuf) - oidlen; + + /* Fall through as if the negotiated mechanism + was requested explicitly */ + ret = gss_init_sec_context(&minor, + (cred != NULL) ? cred->negotiated_cred_id : + GSS_C_NO_CREDENTIAL, + &ctx->negotiated_ctx_id, + target_name, + &mech, + req_flags, + time_req, + input_chan_bindings, + &mech_input_token, + &ctx->negotiated_mech_type, + &mech_output_token, + &ctx->mech_flags, + &ctx->mech_time_rec); + if (GSS_ERROR(ret)) { + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + free_NegTokenResp(&resp); + *minor_status = minor; + return ret; + } + if (ret == GSS_S_COMPLETE) { + ctx->open = 1; + } + } + + if (*(resp.negResult) == request_mic) { + ctx->require_mic = 1; + } + + if (ctx->open) { + /* + * Verify the mechListMIC if one was provided or CFX was + * used and a non-preferred mechanism was selected + */ + if (resp.mechListMIC != NULL) { + require_mic = 1; + } else { + ret = _gss_spnego_require_mechlist_mic(minor_status, ctx, + &require_mic); + if (ret) { + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + free_NegTokenResp(&resp); + gss_release_buffer(&minor, &mech_output_token); + return ret; + } + } + } else { + require_mic = 0; + } + + if (require_mic) { + ASN1_MALLOC_ENCODE(MechTypeList, mech_buf.value, mech_buf.length, + &ctx->initiator_mech_types, &buf_len, ret); + if (ret) { + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + free_NegTokenResp(&resp); + gss_release_buffer(&minor, &mech_output_token); + *minor_status = ret; + return GSS_S_FAILURE; + } + if (mech_buf.length != buf_len) + abort(); + + if (resp.mechListMIC == NULL) { + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + free(mech_buf.value); + free_NegTokenResp(&resp); + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + mic_buf.length = resp.mechListMIC->length; + mic_buf.value = resp.mechListMIC->data; + + if (mech_output_token.length == 0) { + ret = gss_verify_mic(minor_status, + ctx->negotiated_ctx_id, + &mech_buf, + &mic_buf, + NULL); + if (ret) { + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + free(mech_buf.value); + gss_release_buffer(&minor, &mech_output_token); + free_NegTokenResp(&resp); + return GSS_S_DEFECTIVE_TOKEN; + } + ctx->verified_mic = 1; + } + } + + ret = spnego_reply_internal(minor_status, ctx, + require_mic ? &mech_buf : NULL, + &mech_output_token, + output_token); + + if (mech_buf.value != NULL) + free(mech_buf.value); + + free_NegTokenResp(&resp); + gss_release_buffer(&minor, &mech_output_token); + + if (actual_mech_type) + *actual_mech_type = ctx->negotiated_mech_type; + if (ret_flags) + *ret_flags = ctx->mech_flags; + if (time_rec) + *time_rec = ctx->mech_time_rec; + + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return ret; +} + +OM_uint32 _gss_spnego_init_sec_context + (OM_uint32 * minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec + ) +{ + gssspnego_cred cred = (gssspnego_cred)initiator_cred_handle; + + if (*context_handle == GSS_C_NO_CONTEXT) + return spnego_initial (minor_status, + cred, + context_handle, + target_name, + mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); + else + return spnego_reply (minor_status, + cred, + context_handle, + target_name, + mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); +} + diff --git a/source4/heimdal/lib/gssapi/spnego/spnego-private.h b/source4/heimdal/lib/gssapi/spnego/spnego-private.h new file mode 100644 index 0000000000..df50f65580 --- /dev/null +++ b/source4/heimdal/lib/gssapi/spnego/spnego-private.h @@ -0,0 +1,347 @@ +/* This is a generated file */ +#ifndef __spnego_private_h__ +#define __spnego_private_h__ + +#include + +gssapi_mech_interface +__gss_spnego_initialize (void); + +OM_uint32 +_gss_spnego_accept_sec_context ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + const gss_cred_id_t /*acceptor_cred_handle*/, + const gss_buffer_t /*input_token_buffer*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + gss_name_t * /*src_name*/, + gss_OID * /*mech_type*/, + gss_buffer_t /*output_token*/, + OM_uint32 * /*ret_flags*/, + OM_uint32 * /*time_rec*/, + gss_cred_id_t *delegated_cred_handle ); + +OM_uint32 +_gss_spnego_acquire_cred ( + OM_uint32 */*minor_status*/, + const gss_name_t /*desired_name*/, + OM_uint32 /*time_req*/, + const gss_OID_set /*desired_mechs*/, + gss_cred_usage_t /*cred_usage*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * time_rec ); + +OM_uint32 +_gss_spnego_add_cred ( + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*input_cred_handle*/, + const gss_name_t /*desired_name*/, + const gss_OID /*desired_mech*/, + gss_cred_usage_t /*cred_usage*/, + OM_uint32 /*initiator_time_req*/, + OM_uint32 /*acceptor_time_req*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * /*initiator_time_rec*/, + OM_uint32 * acceptor_time_rec ); + +int +_gss_spnego_add_mech_type ( + gss_OID /*mech_type*/, + int /*includeMSCompatOID*/, + MechTypeList */*mechtypelist*/); + +OM_uint32 +_gss_spnego_alloc_cred ( + OM_uint32 */*minor_status*/, + gss_cred_id_t /*mech_cred_handle*/, + gss_cred_id_t */*cred_handle*/); + +OM_uint32 +_gss_spnego_alloc_sec_context ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t */*context_handle*/); + +OM_uint32 +_gss_spnego_canonicalize_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + const gss_OID /*mech_type*/, + gss_name_t * output_name ); + +OM_uint32 +_gss_spnego_compare_name ( + OM_uint32 */*minor_status*/, + const gss_name_t /*name1*/, + const gss_name_t /*name2*/, + int * name_equal ); + +OM_uint32 +_gss_spnego_context_time ( + OM_uint32 */*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + OM_uint32 *time_rec ); + +OM_uint32 +_gss_spnego_delete_sec_context ( + OM_uint32 */*minor_status*/, + gss_ctx_id_t */*context_handle*/, + gss_buffer_t output_token ); + +OM_uint32 +_gss_spnego_display_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_buffer_t /*output_name_buffer*/, + gss_OID * output_name_type ); + +OM_uint32 +_gss_spnego_display_status ( + OM_uint32 * /*minor_status*/, + OM_uint32 /*status_value*/, + int /*status_type*/, + const gss_OID /*mech_type*/, + OM_uint32 * /*message_context*/, + gss_buffer_t status_string ); + +OM_uint32 +_gss_spnego_duplicate_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*src_name*/, + gss_name_t * dest_name ); + +OM_uint32 +_gss_spnego_encode_response ( + OM_uint32 */*minor_status*/, + const NegTokenResp */*resp*/, + gss_buffer_t /*data*/, + u_char **/*ret_buf*/); + +OM_uint32 +_gss_spnego_export_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_buffer_t exported_name ); + +OM_uint32 +_gss_spnego_export_sec_context ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + gss_buffer_t interprocess_token ); + +OM_uint32 +_gss_spnego_get_mic ( + OM_uint32 */*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*message_buffer*/, + gss_buffer_t message_token ); + +OM_uint32 +_gss_spnego_import_name ( + OM_uint32 * /*minor_status*/, + const gss_buffer_t /*input_name_buffer*/, + const gss_OID /*input_name_type*/, + gss_name_t * output_name ); + +OM_uint32 +_gss_spnego_import_sec_context ( + OM_uint32 * /*minor_status*/, + const gss_buffer_t /*interprocess_token*/, + gss_ctx_id_t *context_handle ); + +OM_uint32 +_gss_spnego_indicate_mechtypelist ( + OM_uint32 */*minor_status*/, + int /*includeMSCompatOID*/, + const gssspnego_cred /*cred_handle*/, + MechTypeList */*mechtypelist*/, + gss_OID */*preferred_mech*/); + +OM_uint32 +_gss_spnego_init_sec_context ( + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*initiator_cred_handle*/, + gss_ctx_id_t * /*context_handle*/, + const gss_name_t /*target_name*/, + const gss_OID /*mech_type*/, + OM_uint32 /*req_flags*/, + OM_uint32 /*time_req*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + const gss_buffer_t /*input_token*/, + gss_OID * /*actual_mech_type*/, + gss_buffer_t /*output_token*/, + OM_uint32 * /*ret_flags*/, + OM_uint32 * time_rec ); + +OM_uint32 +_gss_spnego_inquire_context ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + gss_name_t * /*src_name*/, + gss_name_t * /*targ_name*/, + OM_uint32 * /*lifetime_rec*/, + gss_OID * /*mech_type*/, + OM_uint32 * /*ctx_flags*/, + int * /*locally_initiated*/, + int * open_context ); + +OM_uint32 +_gss_spnego_inquire_cred ( + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*cred_handle*/, + gss_name_t * /*name*/, + OM_uint32 * /*lifetime*/, + gss_cred_usage_t * /*cred_usage*/, + gss_OID_set * mechanisms ); + +OM_uint32 +_gss_spnego_inquire_cred_by_mech ( + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*cred_handle*/, + const gss_OID /*mech_type*/, + gss_name_t * /*name*/, + OM_uint32 * /*initiator_lifetime*/, + OM_uint32 * /*acceptor_lifetime*/, + gss_cred_usage_t * cred_usage ); + +OM_uint32 +_gss_spnego_inquire_cred_by_oid ( + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*cred_handle*/, + const gss_OID /*desired_object*/, + gss_buffer_set_t */*data_set*/); + +OM_uint32 +_gss_spnego_inquire_mechs_for_name ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_OID_set * mech_types ); + +OM_uint32 +_gss_spnego_inquire_names_for_mech ( + OM_uint32 * /*minor_status*/, + const gss_OID /*mechanism*/, + gss_OID_set * name_types ); + +OM_uint32 +_gss_spnego_inquire_sec_context_by_oid ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_OID /*desired_object*/, + gss_buffer_set_t */*data_set*/); + +OM_uint32 +_gss_spnego_internal_delete_sec_context ( + OM_uint32 */*minor_status*/, + gss_ctx_id_t */*context_handle*/, + gss_buffer_t output_token ); + +OM_uint32 +_gss_spnego_process_context_token ( + OM_uint32 */*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t token_buffer ); + +OM_uint32 +_gss_spnego_release_cred ( + OM_uint32 */*minor_status*/, + gss_cred_id_t */*cred_handle*/); + +OM_uint32 +_gss_spnego_release_name ( + OM_uint32 * /*minor_status*/, + gss_name_t * input_name ); + +OM_uint32 +_gss_spnego_require_mechlist_mic ( + OM_uint32 */*minor_status*/, + gssspnego_ctx /*ctx*/, + int */*require_mic*/); + +OM_uint32 +_gss_spnego_seal ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + int /*qop_req*/, + gss_buffer_t /*input_message_buffer*/, + int * /*conf_state*/, + gss_buffer_t output_message_buffer ); + +OM_uint32 +_gss_spnego_select_mech ( + OM_uint32 */*minor_status*/, + MechType */*mechType*/, + gss_OID */*mech_p*/); + +OM_uint32 +_gss_spnego_set_sec_context_option ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + const gss_OID /*desired_object*/, + const gss_buffer_t /*value*/); + +OM_uint32 +_gss_spnego_sign ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*qop_req*/, + gss_buffer_t /*message_buffer*/, + gss_buffer_t message_token ); + +OM_uint32 +_gss_spnego_unseal ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*output_message_buffer*/, + int * /*conf_state*/, + int * qop_state ); + +OM_uint32 +_gss_spnego_unwrap ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*output_message_buffer*/, + int * /*conf_state*/, + gss_qop_t * qop_state ); + +OM_uint32 +_gss_spnego_verify ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + gss_buffer_t /*message_buffer*/, + gss_buffer_t /*token_buffer*/, + int * qop_state ); + +OM_uint32 +_gss_spnego_verify_mic ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t /*message_buffer*/, + const gss_buffer_t /*token_buffer*/, + gss_qop_t * qop_state ); + +OM_uint32 +_gss_spnego_wrap ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*input_message_buffer*/, + int * /*conf_state*/, + gss_buffer_t output_message_buffer ); + +OM_uint32 +_gss_spnego_wrap_size_limit ( + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + OM_uint32 /*req_output_size*/, + OM_uint32 * max_input_size ); + +#endif /* __spnego_private_h__ */ diff --git a/source4/heimdal/lib/gssapi/spnego/spnego.asn1 b/source4/heimdal/lib/gssapi/spnego/spnego.asn1 new file mode 100644 index 0000000000..187ce0a0a6 --- /dev/null +++ b/source4/heimdal/lib/gssapi/spnego/spnego.asn1 @@ -0,0 +1,51 @@ +-- $Id: spnego.asn1,v 1.1.1.1 2006/06/28 08:34:45 lha Exp $ + +SPNEGO DEFINITIONS ::= +BEGIN + +MechType::= OBJECT IDENTIFIER + +MechTypeList ::= SEQUENCE OF MechType + +ContextFlags ::= BIT STRING { + delegFlag (0), + mutualFlag (1), + replayFlag (2), + sequenceFlag (3), + anonFlag (4), + confFlag (5), + integFlag (6) +} + +NegHints ::= SEQUENCE { + hintName [0] GeneralString OPTIONAL, + hintAddress [1] OCTET STRING OPTIONAL +} + +NegTokenInit ::= SEQUENCE { + mechTypes [0] MechTypeList, + reqFlags [1] ContextFlags OPTIONAL, + mechToken [2] OCTET STRING OPTIONAL, + negHints [3] NegHints OPTIONAL, + mechListMIC [4] OCTET STRING OPTIONAL + } + +-- NB: negResult is not OPTIONAL in the new SPNEGO spec but +-- Windows clients do not always send it +NegTokenResp ::= SEQUENCE { + negResult [0] ENUMERATED { + accept_completed (0), + accept_incomplete (1), + reject (2), + request-mic (3) } OPTIONAL, + supportedMech [1] MechType OPTIONAL, + responseToken [2] OCTET STRING OPTIONAL, + mechListMIC [3] OCTET STRING OPTIONAL +} + +NegotiationToken ::= CHOICE { + negTokenInit[0] NegTokenInit, + negTokenResp[1] NegTokenResp +} + +END diff --git a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h new file mode 100644 index 0000000000..571bce5569 --- /dev/null +++ b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: spnego_locl.h,v 1.11 2006/10/12 06:28:06 lha Exp $ */ + +#ifndef SPNEGO_LOCL_H +#define SPNEGO_LOCL_H + +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_PARAM_H +#include +#endif + +#ifdef HAVE_PTHREAD_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_NETDB_H +#include +#endif + +#include +#include + +#include + +#include "spnego_asn1.h" +#include + +#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) + +typedef struct { + gss_cred_id_t negotiated_cred_id; +} *gssspnego_cred; + +typedef struct { + MechTypeList initiator_mech_types; + gss_OID preferred_mech_type; + gss_OID negotiated_mech_type; + gss_ctx_id_t negotiated_ctx_id; + OM_uint32 mech_flags; + OM_uint32 mech_time_rec; + gss_name_t mech_src_name; + gss_cred_id_t delegated_cred_id; + int open : 1; + int local : 1; + int require_mic : 1; + int verified_mic : 1; + HEIMDAL_MUTEX ctx_id_mutex; +} *gssspnego_ctx; + +#include + +#endif /* SPNEGO_LOCL_H */ diff --git a/source4/heimdal/lib/gssapi/test_oid_set_member.c b/source4/heimdal/lib/gssapi/test_oid_set_member.c deleted file mode 100644 index e747c5acc1..0000000000 --- a/source4/heimdal/lib/gssapi/test_oid_set_member.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: test_oid_set_member.c,v 1.5 2003/03/16 17:54:06 lha Exp $"); - -OM_uint32 gss_test_oid_set_member ( - OM_uint32 * minor_status, - const gss_OID member, - const gss_OID_set set, - int * present - ) -{ - size_t i; - - *minor_status = 0; - *present = 0; - for (i = 0; i < set->count; ++i) - if (gss_oid_equal(member, &set->elements[i]) != 0) { - *present = 1; - break; - } - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/unwrap.c b/source4/heimdal/lib/gssapi/unwrap.c deleted file mode 100644 index c358c1aa24..0000000000 --- a/source4/heimdal/lib/gssapi/unwrap.c +++ /dev/null @@ -1,413 +0,0 @@ -/* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: unwrap.c,v 1.34 2005/04/27 17:50:40 lha Exp $"); - -static OM_uint32 -unwrap_des - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - gss_qop_t * qop_state, - krb5_keyblock *key - ) -{ - u_char *p, *seq; - size_t len; - MD5_CTX md5; - u_char hash[16]; - DES_key_schedule schedule; - DES_cblock deskey; - DES_cblock zero; - int i; - int32_t seq_number; - size_t padlength; - OM_uint32 ret; - int cstate; - int cmp; - - p = input_message_buffer->value; - ret = gssapi_krb5_verify_header (&p, - input_message_buffer->length, - "\x02\x01", - GSS_KRB5_MECHANISM); - if (ret) - return ret; - - if (memcmp (p, "\x00\x00", 2) != 0) - return GSS_S_BAD_SIG; - p += 2; - if (memcmp (p, "\x00\x00", 2) == 0) { - cstate = 1; - } else if (memcmp (p, "\xFF\xFF", 2) == 0) { - cstate = 0; - } else - return GSS_S_BAD_MIC; - p += 2; - if(conf_state != NULL) - *conf_state = cstate; - if (memcmp (p, "\xff\xff", 2) != 0) - return GSS_S_DEFECTIVE_TOKEN; - p += 2; - p += 16; - - len = p - (u_char *)input_message_buffer->value; - - if(cstate) { - /* decrypt data */ - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - - for (i = 0; i < sizeof(deskey); ++i) - deskey[i] ^= 0xf0; - DES_set_key (&deskey, &schedule); - memset (&zero, 0, sizeof(zero)); - DES_cbc_encrypt ((void *)p, - (void *)p, - input_message_buffer->length - len, - &schedule, - &zero, - DES_DECRYPT); - - memset (deskey, 0, sizeof(deskey)); - memset (&schedule, 0, sizeof(schedule)); - } - /* check pad */ - ret = _gssapi_verify_pad(input_message_buffer, - input_message_buffer->length - len, - &padlength); - if (ret) - return ret; - - MD5_Init (&md5); - MD5_Update (&md5, p - 24, 8); - MD5_Update (&md5, p, input_message_buffer->length - len); - MD5_Final (hash, &md5); - - memset (&zero, 0, sizeof(zero)); - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - DES_set_key (&deskey, &schedule); - DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), - &schedule, &zero); - if (memcmp (p - 8, hash, 8) != 0) - return GSS_S_BAD_MIC; - - /* verify sequence number */ - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - - p -= 16; - DES_set_key (&deskey, &schedule); - DES_cbc_encrypt ((void *)p, (void *)p, 8, - &schedule, (DES_cblock *)hash, DES_DECRYPT); - - memset (deskey, 0, sizeof(deskey)); - memset (&schedule, 0, sizeof(schedule)); - - seq = p; - gssapi_decode_om_uint32(seq, &seq_number); - - if (context_handle->more_flags & LOCAL) - cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); - else - cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); - - if (cmp != 0) { - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - return GSS_S_BAD_MIC; - } - - ret = _gssapi_msg_order_check(context_handle->order, seq_number); - if (ret) { - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - return ret; - } - - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - /* copy out data */ - - output_message_buffer->length = input_message_buffer->length - - len - padlength - 8; - output_message_buffer->value = malloc(output_message_buffer->length); - if(output_message_buffer->length != 0 && output_message_buffer->value == NULL) - return GSS_S_FAILURE; - memcpy (output_message_buffer->value, - p + 24, - output_message_buffer->length); - return GSS_S_COMPLETE; -} - -static OM_uint32 -unwrap_des3 - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - gss_qop_t * qop_state, - krb5_keyblock *key - ) -{ - u_char *p; - size_t len; - u_char *seq; - krb5_data seq_data; - u_char cksum[20]; - int32_t seq_number; - size_t padlength; - OM_uint32 ret; - int cstate; - krb5_crypto crypto; - Checksum csum; - int cmp; - - p = input_message_buffer->value; - ret = gssapi_krb5_verify_header (&p, - input_message_buffer->length, - "\x02\x01", - GSS_KRB5_MECHANISM); - if (ret) - return ret; - - if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */ - return GSS_S_BAD_SIG; - p += 2; - if (memcmp (p, "\x02\x00", 2) == 0) { - cstate = 1; - } else if (memcmp (p, "\xff\xff", 2) == 0) { - cstate = 0; - } else - return GSS_S_BAD_MIC; - p += 2; - if(conf_state != NULL) - *conf_state = cstate; - if (memcmp (p, "\xff\xff", 2) != 0) - return GSS_S_DEFECTIVE_TOKEN; - p += 2; - p += 28; - - len = p - (u_char *)input_message_buffer->value; - - if(cstate) { - /* decrypt data */ - krb5_data tmp; - - ret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE, &crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - ret = krb5_decrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL, - p, input_message_buffer->length - len, &tmp); - krb5_crypto_destroy(gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - assert (tmp.length == input_message_buffer->length - len); - - memcpy (p, tmp.data, tmp.length); - krb5_data_free(&tmp); - } - /* check pad */ - ret = _gssapi_verify_pad(input_message_buffer, - input_message_buffer->length - len, - &padlength); - if (ret) - return ret; - - /* verify sequence number */ - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - - p -= 28; - - ret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE, &crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - return GSS_S_FAILURE; - } - { - DES_cblock ivec; - - memcpy(&ivec, p + 8, 8); - ret = krb5_decrypt_ivec (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - p, 8, &seq_data, - &ivec); - } - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - return GSS_S_FAILURE; - } - if (seq_data.length != 8) { - krb5_data_free (&seq_data); - *minor_status = 0; - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - return GSS_S_BAD_MIC; - } - - seq = seq_data.data; - gssapi_decode_om_uint32(seq, &seq_number); - - if (context_handle->more_flags & LOCAL) - cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); - else - cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); - - krb5_data_free (&seq_data); - if (cmp != 0) { - *minor_status = 0; - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - return GSS_S_BAD_MIC; - } - - ret = _gssapi_msg_order_check(context_handle->order, seq_number); - if (ret) { - *minor_status = 0; - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - return ret; - } - - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - /* verify checksum */ - - memcpy (cksum, p + 8, 20); - - memcpy (p + 20, p - 8, 8); - - csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3; - csum.checksum.length = 20; - csum.checksum.data = cksum; - - ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - - ret = krb5_verify_checksum (gssapi_krb5_context, crypto, - KRB5_KU_USAGE_SIGN, - p + 20, - input_message_buffer->length - len + 8, - &csum); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - - /* copy out data */ - - output_message_buffer->length = input_message_buffer->length - - len - padlength - 8; - output_message_buffer->value = malloc(output_message_buffer->length); - if(output_message_buffer->length != 0 && output_message_buffer->value == NULL) - return GSS_S_FAILURE; - memcpy (output_message_buffer->value, - p + 36, - output_message_buffer->length); - return GSS_S_COMPLETE; -} - -OM_uint32 gss_unwrap - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - gss_qop_t * qop_state - ) -{ - krb5_keyblock *key; - OM_uint32 ret; - krb5_keytype keytype; - - output_message_buffer->value = NULL; - output_message_buffer->length = 0; - - if (qop_state != NULL) - *qop_state = GSS_C_QOP_DEFAULT; - ret = gss_krb5_get_subkey(context_handle, &key); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); - - *minor_status = 0; - - switch (keytype) { - case KEYTYPE_DES : - ret = unwrap_des (minor_status, context_handle, - input_message_buffer, output_message_buffer, - conf_state, qop_state, key); - break; - case KEYTYPE_DES3 : - ret = unwrap_des3 (minor_status, context_handle, - input_message_buffer, output_message_buffer, - conf_state, qop_state, key); - break; - case KEYTYPE_ARCFOUR: - case KEYTYPE_ARCFOUR_56: - ret = _gssapi_unwrap_arcfour (minor_status, context_handle, - input_message_buffer, output_message_buffer, - conf_state, qop_state, key); - break; - default : - ret = _gssapi_unwrap_cfx (minor_status, context_handle, - input_message_buffer, output_message_buffer, - conf_state, qop_state, key); - break; - } - krb5_free_keyblock (gssapi_krb5_context, key); - return ret; -} diff --git a/source4/heimdal/lib/gssapi/verify_mic.c b/source4/heimdal/lib/gssapi/verify_mic.c deleted file mode 100644 index 7b7d437e99..0000000000 --- a/source4/heimdal/lib/gssapi/verify_mic.c +++ /dev/null @@ -1,336 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: verify_mic.c,v 1.32 2005/04/27 17:51:04 lha Exp $"); - -static OM_uint32 -verify_mic_des - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state, - krb5_keyblock *key, - char *type - ) -{ - u_char *p; - MD5_CTX md5; - u_char hash[16], *seq; - DES_key_schedule schedule; - DES_cblock zero; - DES_cblock deskey; - int32_t seq_number; - OM_uint32 ret; - int cmp; - - p = token_buffer->value; - ret = gssapi_krb5_verify_header (&p, - token_buffer->length, - type, - GSS_KRB5_MECHANISM); - if (ret) - return ret; - - if (memcmp(p, "\x00\x00", 2) != 0) - return GSS_S_BAD_SIG; - p += 2; - if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) - return GSS_S_BAD_MIC; - p += 4; - p += 16; - - /* verify checksum */ - MD5_Init (&md5); - MD5_Update (&md5, p - 24, 8); - MD5_Update (&md5, message_buffer->value, - message_buffer->length); - MD5_Final (hash, &md5); - - memset (&zero, 0, sizeof(zero)); - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - - DES_set_key (&deskey, &schedule); - DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), - &schedule, &zero); - if (memcmp (p - 8, hash, 8) != 0) { - memset (deskey, 0, sizeof(deskey)); - memset (&schedule, 0, sizeof(schedule)); - return GSS_S_BAD_MIC; - } - - /* verify sequence number */ - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - - p -= 16; - DES_set_key (&deskey, &schedule); - DES_cbc_encrypt ((void *)p, (void *)p, 8, - &schedule, (DES_cblock *)hash, DES_DECRYPT); - - memset (deskey, 0, sizeof(deskey)); - memset (&schedule, 0, sizeof(schedule)); - - seq = p; - gssapi_decode_om_uint32(seq, &seq_number); - - if (context_handle->more_flags & LOCAL) - cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); - else - cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); - - if (cmp != 0) { - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - return GSS_S_BAD_MIC; - } - - ret = _gssapi_msg_order_check(context_handle->order, seq_number); - if (ret) { - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - return ret; - } - - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - return GSS_S_COMPLETE; -} - -static OM_uint32 -verify_mic_des3 - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state, - krb5_keyblock *key, - char *type - ) -{ - u_char *p; - u_char *seq; - int32_t seq_number; - OM_uint32 ret; - krb5_crypto crypto; - krb5_data seq_data; - int cmp, docompat; - Checksum csum; - char *tmp; - char ivec[8]; - - p = token_buffer->value; - ret = gssapi_krb5_verify_header (&p, - token_buffer->length, - type, - GSS_KRB5_MECHANISM); - if (ret) - return ret; - - if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */ - return GSS_S_BAD_SIG; - p += 2; - if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) - return GSS_S_BAD_MIC; - p += 4; - - ret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE, &crypto); - if (ret){ - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - - /* verify sequence number */ - docompat = 0; -retry: - if (docompat) - memset(ivec, 0, 8); - else - memcpy(ivec, p + 8, 8); - - ret = krb5_decrypt_ivec (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - p, 8, &seq_data, ivec); - if (ret) { - if (docompat++) { - gssapi_krb5_set_error_string (); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - *minor_status = ret; - return GSS_S_FAILURE; - } else - goto retry; - } - - if (seq_data.length != 8) { - krb5_data_free (&seq_data); - if (docompat++) { - krb5_crypto_destroy (gssapi_krb5_context, crypto); - return GSS_S_BAD_MIC; - } else - goto retry; - } - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - - seq = seq_data.data; - gssapi_decode_om_uint32(seq, &seq_number); - - if (context_handle->more_flags & LOCAL) - cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); - else - cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); - - krb5_data_free (&seq_data); - if (cmp != 0) { - krb5_crypto_destroy (gssapi_krb5_context, crypto); - *minor_status = 0; - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - return GSS_S_BAD_MIC; - } - - ret = _gssapi_msg_order_check(context_handle->order, seq_number); - if (ret) { - krb5_crypto_destroy (gssapi_krb5_context, crypto); - *minor_status = 0; - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - return ret; - } - - /* verify checksum */ - - tmp = malloc (message_buffer->length + 8); - if (tmp == NULL) { - krb5_crypto_destroy (gssapi_krb5_context, crypto); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - memcpy (tmp, p - 8, 8); - memcpy (tmp + 8, message_buffer->value, message_buffer->length); - - csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3; - csum.checksum.length = 20; - csum.checksum.data = p + 8; - - ret = krb5_verify_checksum (gssapi_krb5_context, crypto, - KRB5_KU_USAGE_SIGN, - tmp, message_buffer->length + 8, - &csum); - free (tmp); - if (ret) { - gssapi_krb5_set_error_string (); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - *minor_status = ret; - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - return GSS_S_BAD_MIC; - } - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - krb5_crypto_destroy (gssapi_krb5_context, crypto); - return GSS_S_COMPLETE; -} - -OM_uint32 -gss_verify_mic_internal - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state, - char * type - ) -{ - krb5_keyblock *key; - OM_uint32 ret; - krb5_keytype keytype; - - ret = gss_krb5_get_subkey(context_handle, &key); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - *minor_status = 0; - krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); - switch (keytype) { - case KEYTYPE_DES : - ret = verify_mic_des (minor_status, context_handle, - message_buffer, token_buffer, qop_state, key, - type); - break; - case KEYTYPE_DES3 : - ret = verify_mic_des3 (minor_status, context_handle, - message_buffer, token_buffer, qop_state, key, - type); - break; - case KEYTYPE_ARCFOUR : - case KEYTYPE_ARCFOUR_56 : - ret = _gssapi_verify_mic_arcfour (minor_status, context_handle, - message_buffer, token_buffer, - qop_state, key, type); - break; - default : - ret = _gssapi_verify_mic_cfx (minor_status, context_handle, - message_buffer, token_buffer, qop_state, - key); - break; - } - krb5_free_keyblock (gssapi_krb5_context, key); - - return ret; -} - -OM_uint32 -gss_verify_mic - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state - ) -{ - OM_uint32 ret; - - if (qop_state != NULL) - *qop_state = GSS_C_QOP_DEFAULT; - - ret = gss_verify_mic_internal(minor_status, context_handle, - message_buffer, token_buffer, - qop_state, "\x01\x01"); - - return ret; -} diff --git a/source4/heimdal/lib/gssapi/wrap.c b/source4/heimdal/lib/gssapi/wrap.c deleted file mode 100644 index 7072ca2754..0000000000 --- a/source4/heimdal/lib/gssapi/wrap.c +++ /dev/null @@ -1,648 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: wrap.c,v 1.33 2006/05/05 10:27:36 lha Exp $"); - -OM_uint32 -gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t key) -{ - krb5_error_code ret; - krb5_keyblock *skey = NULL; - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - if (context_handle->more_flags & LOCAL) { - ret = krb5_auth_con_getlocalsubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if (ret) { - *minor_status = ret; - return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ - } - - } else { - ret = krb5_auth_con_getremotesubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if (ret) { - *minor_status = ret; - return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ - } - - } - - /* If there was no subkey, perhaps try this... */ - if(skey == NULL) { - krb5_auth_con_getkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - } - - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - /* ensure never to segfault */ - if(skey == NULL) { - return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ - } - - key->length = skey->keyvalue.length; - key->value = malloc (key->length); - if (!key->value) { - krb5_free_keyblock(gssapi_krb5_context, skey); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy(key->value, skey->keyvalue.data, key->length); - krb5_free_keyblock(gssapi_krb5_context, skey); - return 0; -} - -OM_uint32 -gss_krb5_get_subkey(const gss_ctx_id_t context_handle, - krb5_keyblock **key) -{ - krb5_keyblock *skey = NULL; - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - if (context_handle->more_flags & LOCAL) { - krb5_auth_con_getremotesubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - } else { - krb5_auth_con_getlocalsubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - } - /* - * Only use the initiator subkey or ticket session key if - * an acceptor subkey was not required. - */ - if (skey == NULL && - (context_handle->more_flags & ACCEPTOR_SUBKEY) == 0) { - if (context_handle->more_flags & LOCAL) { - krb5_auth_con_getlocalsubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - } else { - krb5_auth_con_getremotesubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - } - if(skey == NULL) - krb5_auth_con_getkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - } - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - if(skey == NULL) - return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ - *key = skey; - return 0; -} - -static OM_uint32 -sub_wrap_size_limit ( - OM_uint32 req_output_size, - OM_uint32 * max_input_size, - int blocksize, - int extrasize - ) -{ - size_t len, total_len; - - len = 8 + req_output_size + blocksize + extrasize; - - gssapi_krb5_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); - - total_len -= req_output_size; /* token length */ - if (total_len < req_output_size) { - *max_input_size = (req_output_size - total_len); - (*max_input_size) &= (~(OM_uint32)(blocksize - 1)); - } else { - *max_input_size = 0; - } - return GSS_S_COMPLETE; -} - -OM_uint32 -gss_wrap_size_limit ( - OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - OM_uint32 req_output_size, - OM_uint32 * max_input_size - ) -{ - krb5_keyblock *key; - OM_uint32 ret; - krb5_keytype keytype; - OM_uint32 output_size; - OM_uint32 blocksize; - - ret = gss_krb5_get_subkey(context_handle, &key); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); - - switch (keytype) { - case KEYTYPE_DES : - ret = sub_wrap_size_limit(req_output_size, max_input_size, 8, 22); - break; - case KEYTYPE_DES3 : - ret = sub_wrap_size_limit(req_output_size, max_input_size, 8, 34); - break; - case KEYTYPE_ARCFOUR: - case KEYTYPE_ARCFOUR_56: - ret = _gssapi_wrap_size_arcfour(minor_status, context_handle, - conf_req_flag, qop_req, - req_output_size, &output_size, - &blocksize, key); - - if (output_size > req_output_size) { - *max_input_size = req_output_size - (output_size - req_output_size); - (*max_input_size) &= (~(OM_uint32)(blocksize - 1)); - } else { - *max_input_size = 0; - } - break; - default : - ret = _gssapi_wrap_size_cfx(minor_status, context_handle, - conf_req_flag, qop_req, - req_output_size, &output_size, - &blocksize, key); - if (output_size > req_output_size) { - *max_input_size = req_output_size - (output_size - req_output_size); - (*max_input_size) &= (~(OM_uint32)(blocksize - 1)); - } else { - *max_input_size = 0; - } - break; - } - krb5_free_keyblock (gssapi_krb5_context, key); - *minor_status = 0; - return ret; -} - -static OM_uint32 -sub_wrap_size ( - OM_uint32 req_input_size, - OM_uint32 * output_size, - int blocksize, - int extrasize - ) -{ - size_t len, total_len, padlength, datalen; - - padlength = blocksize - (req_input_size % blocksize); - datalen = req_input_size + padlength + 8; - len = datalen + extrasize; - gssapi_krb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); - - *output_size = total_len; - - return GSS_S_COMPLETE; -} - -OM_uint32 -gsskrb5_wrap_size ( - OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - OM_uint32 req_input_size, - OM_uint32 * output_size - ) -{ - krb5_keyblock *key; - OM_uint32 ret, padlen; - krb5_keytype keytype; - - ret = gss_krb5_get_subkey(context_handle, &key); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); - - switch (keytype) { - case KEYTYPE_DES : - ret = sub_wrap_size(req_input_size, output_size, 8, 22); - break; - case KEYTYPE_DES3 : - ret = sub_wrap_size(req_input_size, output_size, 8, 34); - break; - case KEYTYPE_ARCFOUR: - case KEYTYPE_ARCFOUR_56: - ret = _gssapi_wrap_size_arcfour(minor_status, context_handle, - conf_req_flag, qop_req, - req_input_size, output_size, &padlen, key); - break; - default : - ret = _gssapi_wrap_size_cfx(minor_status, context_handle, - conf_req_flag, qop_req, - req_input_size, output_size, &padlen, key); - break; - } - krb5_free_keyblock (gssapi_krb5_context, key); - *minor_status = 0; - return ret; -} - -static OM_uint32 -wrap_des - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer, - krb5_keyblock *key - ) -{ - u_char *p; - MD5_CTX md5; - u_char hash[16]; - DES_key_schedule schedule; - DES_cblock deskey; - DES_cblock zero; - int i; - int32_t seq_number; - size_t len, total_len, padlength, datalen; - - padlength = 8 - (input_message_buffer->length % 8); - datalen = input_message_buffer->length + padlength + 8; - len = datalen + 22; - gssapi_krb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); - - output_message_buffer->length = total_len; - output_message_buffer->value = malloc (total_len); - if (output_message_buffer->value == NULL) { - output_message_buffer->length = 0; - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = gssapi_krb5_make_header(output_message_buffer->value, - len, - "\x02\x01", /* TOK_ID */ - GSS_KRB5_MECHANISM); - - /* SGN_ALG */ - memcpy (p, "\x00\x00", 2); - p += 2; - /* SEAL_ALG */ - if(conf_req_flag) - memcpy (p, "\x00\x00", 2); - else - memcpy (p, "\xff\xff", 2); - p += 2; - /* Filler */ - memcpy (p, "\xff\xff", 2); - p += 2; - - /* fill in later */ - memset (p, 0, 16); - p += 16; - - /* confounder + data + pad */ - krb5_generate_random_block(p, 8); - memcpy (p + 8, input_message_buffer->value, - input_message_buffer->length); - memset (p + 8 + input_message_buffer->length, padlength, padlength); - - /* checksum */ - MD5_Init (&md5); - MD5_Update (&md5, p - 24, 8); - MD5_Update (&md5, p, datalen); - MD5_Final (hash, &md5); - - memset (&zero, 0, sizeof(zero)); - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - DES_set_key (&deskey, &schedule); - DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), - &schedule, &zero); - memcpy (p - 8, hash, 8); - - /* sequence number */ - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - - p -= 16; - p[0] = (seq_number >> 0) & 0xFF; - p[1] = (seq_number >> 8) & 0xFF; - p[2] = (seq_number >> 16) & 0xFF; - p[3] = (seq_number >> 24) & 0xFF; - memset (p + 4, - (context_handle->more_flags & LOCAL) ? 0 : 0xFF, - 4); - - DES_set_key (&deskey, &schedule); - DES_cbc_encrypt ((void *)p, (void *)p, 8, - &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT); - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - /* encrypt the data */ - p += 16; - - if(conf_req_flag) { - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - - for (i = 0; i < sizeof(deskey); ++i) - deskey[i] ^= 0xf0; - DES_set_key (&deskey, &schedule); - memset (&zero, 0, sizeof(zero)); - DES_cbc_encrypt ((void *)p, - (void *)p, - datalen, - &schedule, - &zero, - DES_ENCRYPT); - } - memset (deskey, 0, sizeof(deskey)); - memset (&schedule, 0, sizeof(schedule)); - - if(conf_state != NULL) - *conf_state = conf_req_flag; - *minor_status = 0; - return GSS_S_COMPLETE; -} - -static OM_uint32 -wrap_des3 - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer, - krb5_keyblock *key - ) -{ - u_char *p; - u_char seq[8]; - int32_t seq_number; - size_t len, total_len, padlength, datalen; - uint32_t ret; - krb5_crypto crypto; - Checksum cksum; - krb5_data encdata; - - padlength = 8 - (input_message_buffer->length % 8); - datalen = input_message_buffer->length + padlength + 8; - len = datalen + 34; - gssapi_krb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); - - output_message_buffer->length = total_len; - output_message_buffer->value = malloc (total_len); - if (output_message_buffer->value == NULL) { - output_message_buffer->length = 0; - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = gssapi_krb5_make_header(output_message_buffer->value, - len, - "\x02\x01", /* TOK_ID */ - GSS_KRB5_MECHANISM); - - /* SGN_ALG */ - memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */ - p += 2; - /* SEAL_ALG */ - if(conf_req_flag) - memcpy (p, "\x02\x00", 2); /* DES3-KD */ - else - memcpy (p, "\xff\xff", 2); - p += 2; - /* Filler */ - memcpy (p, "\xff\xff", 2); - p += 2; - - /* calculate checksum (the above + confounder + data + pad) */ - - memcpy (p + 20, p - 8, 8); - krb5_generate_random_block(p + 28, 8); - memcpy (p + 28 + 8, input_message_buffer->value, - input_message_buffer->length); - memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength); - - ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); - if (ret) { - gssapi_krb5_set_error_string (); - free (output_message_buffer->value); - output_message_buffer->length = 0; - output_message_buffer->value = NULL; - *minor_status = ret; - return GSS_S_FAILURE; - } - - ret = krb5_create_checksum (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SIGN, - 0, - p + 20, - datalen + 8, - &cksum); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - free (output_message_buffer->value); - output_message_buffer->length = 0; - output_message_buffer->value = NULL; - *minor_status = ret; - return GSS_S_FAILURE; - } - - /* zero out SND_SEQ + SGN_CKSUM in case */ - memset (p, 0, 28); - - memcpy (p + 8, cksum.checksum.data, cksum.checksum.length); - free_Checksum (&cksum); - - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - /* sequence number */ - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - - seq[0] = (seq_number >> 0) & 0xFF; - seq[1] = (seq_number >> 8) & 0xFF; - seq[2] = (seq_number >> 16) & 0xFF; - seq[3] = (seq_number >> 24) & 0xFF; - memset (seq + 4, - (context_handle->more_flags & LOCAL) ? 0 : 0xFF, - 4); - - - ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, - &crypto); - if (ret) { - free (output_message_buffer->value); - output_message_buffer->length = 0; - output_message_buffer->value = NULL; - *minor_status = ret; - return GSS_S_FAILURE; - } - - { - DES_cblock ivec; - - memcpy (&ivec, p + 8, 8); - ret = krb5_encrypt_ivec (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - seq, 8, &encdata, - &ivec); - } - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - free (output_message_buffer->value); - output_message_buffer->length = 0; - output_message_buffer->value = NULL; - *minor_status = ret; - return GSS_S_FAILURE; - } - - assert (encdata.length == 8); - - memcpy (p, encdata.data, encdata.length); - krb5_data_free (&encdata); - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - - /* encrypt the data */ - p += 28; - - if(conf_req_flag) { - krb5_data tmp; - - ret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE, &crypto); - if (ret) { - gssapi_krb5_set_error_string (); - free (output_message_buffer->value); - output_message_buffer->length = 0; - output_message_buffer->value = NULL; - *minor_status = ret; - return GSS_S_FAILURE; - } - ret = krb5_encrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL, - p, datalen, &tmp); - krb5_crypto_destroy(gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - free (output_message_buffer->value); - output_message_buffer->length = 0; - output_message_buffer->value = NULL; - *minor_status = ret; - return GSS_S_FAILURE; - } - assert (tmp.length == datalen); - - memcpy (p, tmp.data, datalen); - krb5_data_free(&tmp); - } - if(conf_state != NULL) - *conf_state = conf_req_flag; - *minor_status = 0; - return GSS_S_COMPLETE; -} - -OM_uint32 gss_wrap - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer - ) -{ - krb5_keyblock *key; - OM_uint32 ret; - krb5_keytype keytype; - - ret = gss_krb5_get_subkey(context_handle, &key); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); - - switch (keytype) { - case KEYTYPE_DES : - ret = wrap_des (minor_status, context_handle, conf_req_flag, - qop_req, input_message_buffer, conf_state, - output_message_buffer, key); - break; - case KEYTYPE_DES3 : - ret = wrap_des3 (minor_status, context_handle, conf_req_flag, - qop_req, input_message_buffer, conf_state, - output_message_buffer, key); - break; - case KEYTYPE_ARCFOUR: - case KEYTYPE_ARCFOUR_56: - ret = _gssapi_wrap_arcfour (minor_status, context_handle, conf_req_flag, - qop_req, input_message_buffer, conf_state, - output_message_buffer, key); - break; - default : - ret = _gssapi_wrap_cfx (minor_status, context_handle, conf_req_flag, - qop_req, input_message_buffer, conf_state, - output_message_buffer, key); - break; - } - krb5_free_keyblock (gssapi_krb5_context, key); - return ret; -} diff --git a/source4/heimdal/lib/hdb/db.c b/source4/heimdal/lib/hdb/db.c index 4b4e6e673d..0bbf6f2210 100644 --- a/source4/heimdal/lib/hdb/db.c +++ b/source4/heimdal/lib/hdb/db.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: db.c,v 1.35 2005/12/13 11:52:55 lha Exp $"); +RCSID("$Id: db.c,v 1.36 2006/09/12 18:12:37 lha Exp $"); #if HAVE_DB1 @@ -47,7 +47,7 @@ static krb5_error_code DB_close(krb5_context context, HDB *db) { DB *d = (DB*)db->hdb_db; - d->close(d); + (*d->close)(d); return 0; } @@ -95,7 +95,7 @@ DB_seq(krb5_context context, HDB *db, code = db->hdb_lock(context, db, HDB_RLOCK); if(code == -1) return HDB_ERR_DB_INUSE; - code = d->seq(d, &key, &value, flag); + code = (*d->seq)(d, &key, &value, flag); db->hdb_unlock(context, db); /* XXX check value */ if(code == -1) return errno; @@ -172,7 +172,7 @@ DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply) code = db->hdb_lock(context, db, HDB_RLOCK); if(code) return code; - code = d->get(d, &k, &v, 0); + code = (*d->get)(d, &k, &v, 0); db->hdb_unlock(context, db); if(code < 0) return errno; @@ -198,7 +198,7 @@ DB__put(krb5_context context, HDB *db, int replace, code = db->hdb_lock(context, db, HDB_WLOCK); if(code) return code; - code = d->put(d, &k, &v, replace ? 0 : R_NOOVERWRITE); + code = (*d->put)(d, &k, &v, replace ? 0 : R_NOOVERWRITE); db->hdb_unlock(context, db); if(code < 0) return errno; @@ -218,7 +218,7 @@ DB__del(krb5_context context, HDB *db, krb5_data key) code = db->hdb_lock(context, db, HDB_WLOCK); if(code) return code; - code = d->del(d, &k, 0); + code = (*d->del)(d, &k, 0); db->hdb_unlock(context, db); if(code == 1) return HDB_ERR_NOENTRY; diff --git a/source4/heimdal/lib/hdb/ext.c b/source4/heimdal/lib/hdb/ext.c index a8995e4138..141c63a8ac 100644 --- a/source4/heimdal/lib/hdb/ext.c +++ b/source4/heimdal/lib/hdb/ext.c @@ -34,7 +34,7 @@ #include "hdb_locl.h" #include -RCSID("$Id: ext.c,v 1.2 2006/04/25 10:20:22 lha Exp $"); +RCSID("$Id: ext.c,v 1.6 2006/10/14 10:13:03 lha Exp $"); krb5_error_code hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) @@ -219,6 +219,20 @@ hdb_entry_get_pkinit_acl(const hdb_entry *entry, const HDB_Ext_PKINIT_acl **a) return 0; } +krb5_error_code +hdb_entry_get_pkinit_hash(const hdb_entry *entry, const HDB_Ext_PKINIT_hash **a) +{ + const HDB_extension *ext; + + ext = hdb_find_extension(entry, choice_HDB_extension_data_pkinit_cert_hash); + if (ext) + *a = &ext->data.u.pkinit_cert_hash; + else + *a = NULL; + + return 0; +} + krb5_error_code hdb_entry_get_pw_change_time(const hdb_entry *entry, time_t *t) { @@ -278,7 +292,7 @@ hdb_entry_get_password(krb5_context context, HDB *db, ext->data.u.password.password.length, &pw); } else { - ret = copy_octet_string(&ext->data.u.password.password, &pw); + ret = der_copy_octet_string(&ext->data.u.password.password, &pw); } if (ret) { krb5_clear_error_string(context); @@ -293,7 +307,7 @@ hdb_entry_get_password(krb5_context context, HDB *db, *p = strdup(str); - free_octet_string(&pw); + der_free_octet_string(&pw); if (*p == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; @@ -364,3 +378,19 @@ hdb_entry_clear_password(krb5_context context, hdb_entry *entry) return hdb_clear_extension(context, entry, choice_HDB_extension_data_password); } + +krb5_error_code +hdb_entry_get_ConstrainedDelegACL(const hdb_entry *entry, + const HDB_Ext_Constrained_delegation_acl **a) +{ + const HDB_extension *ext; + + ext = hdb_find_extension(entry, + choice_HDB_extension_data_allowed_to_delegate_to); + if (ext) + *a = &ext->data.u.allowed_to_delegate_to; + else + *a = NULL; + + return 0; +} diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h index 3cc7d2131a..de0545a037 100644 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -71,6 +71,11 @@ hdb_entry_clear_password ( krb5_context /*context*/, hdb_entry */*entry*/); +krb5_error_code +hdb_entry_get_ConstrainedDelegACL ( + const hdb_entry */*entry*/, + const HDB_Ext_Constrained_delegation_acl **/*a*/); + int hdb_entry_get_password ( krb5_context /*context*/, @@ -83,6 +88,11 @@ hdb_entry_get_pkinit_acl ( const hdb_entry */*entry*/, const HDB_Ext_PKINIT_acl **/*a*/); +krb5_error_code +hdb_entry_get_pkinit_hash ( + const hdb_entry */*entry*/, + const HDB_Ext_PKINIT_hash **/*a*/); + krb5_error_code hdb_entry_get_pw_change_time ( const hdb_entry */*entry*/, diff --git a/source4/heimdal/lib/hdb/hdb.asn1 b/source4/heimdal/lib/hdb/hdb.asn1 index c8a1a34b4f..c8c276ff6e 100644 --- a/source4/heimdal/lib/hdb/hdb.asn1 +++ b/source4/heimdal/lib/hdb/hdb.asn1 @@ -1,4 +1,4 @@ --- $Id: hdb.asn1,v 1.13 2005/08/11 13:15:44 lha Exp $ +-- $Id: hdb.asn1,v 1.17 2006/08/24 10:45:19 lha Exp $ HDB DEFINITIONS ::= BEGIN @@ -41,7 +41,10 @@ HDBFlags ::= BIT STRING { require-hwauth(10), -- must use hwauth ok-as-delegate(11), -- as in TicketFlags user-to-user(12), -- may use user-to-user auth - immutable(13) -- may not be deleted + immutable(13), -- may not be deleted + trusted-for-delegation(14), -- Trusted to print forwardabled tickets + allow-kerberos4(15), -- Allow Kerberos 4 requests + allow-digest(16) -- Allow digest requests } GENERATION ::= SEQUENCE { @@ -52,10 +55,14 @@ GENERATION ::= SEQUENCE { HDB-Ext-PKINIT-acl ::= SEQUENCE OF SEQUENCE { subject[0] UTF8String, - issuer[1] UTF8String + issuer[1] UTF8String OPTIONAL, + anchor[2] UTF8String OPTIONAL } -HDB-Ext-PKINIT-certificate ::= SEQUENCE OF OCTET STRING +HDB-Ext-PKINIT-hash ::= SEQUENCE OF SEQUENCE { + digest-type[0] OBJECT IDENTIFIER, + digest[1] OCTET STRING +} HDB-Ext-Constrained-delegation-acl ::= SEQUENCE OF Principal @@ -80,7 +87,7 @@ HDB-extension ::= SEQUENCE { -- be rejected data[1] CHOICE { pkinit-acl[0] HDB-Ext-PKINIT-acl, - pkinit-cert[1] HDB-Ext-PKINIT-certificate, + pkinit-cert-hash[1] HDB-Ext-PKINIT-hash, allowed-to-delegate-to[2] HDB-Ext-Constrained-delegation-acl, -- referral-info[3] HDB-Ext-Referrals, lm-owf[4] HDB-Ext-Lan-Manager-OWF, diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index 555a0d53f6..d1fa4ffd6a 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: hdb.c,v 1.61 2006/04/24 20:57:58 lha Exp $"); +RCSID("$Id: hdb.c,v 1.62 2006/10/06 16:47:22 lha Exp $"); #ifdef HAVE_DLFCN_H #include @@ -57,6 +57,9 @@ static struct hdb_method methods[] = { #endif #ifdef _SAMBA_BUILD_ {"ldb:", hdb_ldb_create}, +#endif +#ifdef HAVE_LDB /* Used for integrated samba build */ + {"ldb:", hdb_ldb_create}, #endif {NULL, NULL} }; @@ -262,7 +265,7 @@ find_dynamic_method (krb5_context context, if (prefix == NULL) krb5_errx(context, 1, "out of memory"); - if (asprintf(&path, HDBDIR "/hdb_%s.so", prefix) == -1) + if (asprintf(&path, LIBDIR "/hdb_%s.so", prefix) == -1) krb5_errx(context, 1, "out of memory"); #ifndef RTLD_NOW @@ -398,6 +401,6 @@ hdb_create(krb5_context context, HDB **db, const char *filename) h = find_dynamic_method (context, filename, &residual); #endif if (h == NULL) - krb5_errx(context, 1, "No database support! (hdb_create(%s))", filename); + krb5_errx(context, 1, "No database support for %s", filename); return (*h->create)(context, db, residual); } diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index d14eea7ddc..69c91d12ad 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -66,17 +66,17 @@ typedef struct hdb_entry_ex { struct hdb_entry_ex *, METHOD_DATA* pa_data_seq, time_t authtime, - EncryptionKey *tgtkey, - EncryptionKey *sessionkey, + const EncryptionKey *tgtkey, + const EncryptionKey *sessionkey, AuthorizationData **out); krb5_error_code (*authz_data_tgs_req)(krb5_context, struct hdb_entry_ex *, krb5_principal client, AuthorizationData *in, time_t authtime, - EncryptionKey *tgtkey, - EncryptionKey *servicekey, - EncryptionKey *sessionkey, + const EncryptionKey *tgtkey, + const EncryptionKey *servicekey, + const EncryptionKey *sessionkey, AuthorizationData **out); } hdb_entry_ex; diff --git a/source4/heimdal/lib/hdb/keys.c b/source4/heimdal/lib/hdb/keys.c index d7c2f2c89b..8d4810f5c9 100644 --- a/source4/heimdal/lib/hdb/keys.c +++ b/source4/heimdal/lib/hdb/keys.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: keys.c,v 1.5 2006/04/25 08:09:38 lha Exp $"); +RCSID("$Id: keys.c,v 1.6 2006/10/22 09:40:12 lha Exp $"); /* * free all the memory used by (len, keys) @@ -334,6 +334,9 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal, *ret_key_set = key_set; out: + if (ktypes != default_keytypes) + krb5_config_free_strings(ktypes); + if (ret) { krb5_warn(context, ret, "failed to parse the [kadmin]default_keys values"); diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index c87b8eca2c..8f473a68a4 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,7 +35,7 @@ /* keytab backend for HDB databases */ -RCSID("$Id: keytab.c,v 1.11 2006/04/27 11:01:30 lha Exp $"); +RCSID("$Id: keytab.c,v 1.16 2006/10/09 12:36:40 lha Exp $"); struct hdb_data { char *dbname; @@ -59,7 +59,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id) return ENOMEM; } db = name; - mkey = strrchr(name, ':'); + mkey = strchr(name, ':'); if(mkey == NULL || mkey[1] == '\0') { if(*name == '\0') d->dbname = NULL; @@ -201,6 +201,8 @@ hdb_get_entry(krb5_context context, const char *dbname = d->dbname; const char *mkey = d->mkey; + memset(&ent, 0, sizeof(ent)); + if (dbname == NULL) find_db (context, &dbname, &mkey, principal); @@ -218,26 +220,21 @@ hdb_get_entry(krb5_context context, (*db->hdb_destroy)(context, db); return ret; } - ret = (*db->hdb_fetch)(context, db, principal, HDB_F_DECRYPT|HDB_F_GET_CLIENT|HDB_F_GET_SERVER, &ent); - + ret = (*db->hdb_fetch)(context, db, principal, + HDB_F_DECRYPT| + HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, + &ent); - /* Shutdown the hdb on error */ if(ret == HDB_ERR_NOENTRY) { - (*db->hdb_close)(context, db); - (*db->hdb_destroy)(context, db); - return KRB5_KT_NOTFOUND; - } else if (ret) { - (*db->hdb_close)(context, db); - (*db->hdb_destroy)(context, db); - return ret; - } + ret = KRB5_KT_NOTFOUND; + goto out; + }else if(ret) + goto out; + if(kvno && ent.entry.kvno != kvno) { - /* The order here matters, we must free these in this order - * due to hdb-ldb and Samba4's talloc */ hdb_free_entry(context, &ent); - (*db->hdb_close)(context, db); - (*db->hdb_destroy)(context, db); - return KRB5_KT_NOTFOUND; + ret = KRB5_KT_NOTFOUND; + goto out; } if(enctype == 0) if(ent.entry.keys.len > 0) @@ -254,9 +251,8 @@ hdb_get_entry(krb5_context context, break; } } - /* The order here matters, we must free these in this order - * due to hdb-ldb and Samba4's talloc */ hdb_free_entry(context, &ent); +out: (*db->hdb_close)(context, db); (*db->hdb_destroy)(context, db); return ret; diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c index b38104fc2d..004926bc89 100644 --- a/source4/heimdal/lib/krb5/acache.c +++ b/source4/heimdal/lib/krb5/acache.c @@ -37,7 +37,7 @@ #include #endif -RCSID("$Id: acache.c,v 1.15 2006/03/27 04:22:23 lha Exp $"); +RCSID("$Id: acache.c,v 1.16 2006/10/19 11:41:38 lha Exp $"); /* XXX should we fetch these for each open ? */ static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; @@ -113,7 +113,7 @@ init_ccapi(krb5_context context) return KRB5_CC_NOSUPP; } - init_func = dlsym(cc_handle, "cc_initialize"); + init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize"); HEIMDAL_MUTEX_unlock(&acc_mutex); if (init_func == NULL) { krb5_set_error_string(context, "Failed to find cc_initialize" diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c index 895b01f9d8..f68be423b0 100644 --- a/source4/heimdal/lib/krb5/addr_families.c +++ b/source4/heimdal/lib/krb5/addr_families.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c,v 1.52 2006/05/05 09:26:22 lha Exp $"); +RCSID("$Id: addr_families.c,v 1.53 2006/10/22 06:54:00 lha Exp $"); struct addr_operations { int af; @@ -551,6 +551,7 @@ arange_free (krb5_context context, krb5_address *addr) a = addr->address.data; krb5_free_address(context, &a->low); krb5_free_address(context, &a->high); + krb5_data_free(&addr->address); return 0; } diff --git a/source4/heimdal/lib/krb5/asn1_glue.c b/source4/heimdal/lib/krb5/asn1_glue.c index 8f7b886e80..b07e058550 100644 --- a/source4/heimdal/lib/krb5/asn1_glue.c +++ b/source4/heimdal/lib/krb5/asn1_glue.c @@ -37,7 +37,7 @@ #include "krb5_locl.h" -RCSID("$Id: asn1_glue.c,v 1.9 2004/12/29 18:54:15 lha Exp $"); +RCSID("$Id: asn1_glue.c,v 1.10 2006/10/06 17:02:48 lha Exp $"); krb5_error_code KRB5_LIB_FUNCTION _krb5_principal2principalname (PrincipalName *p, diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index b21d42d653..a96870a7de 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c,v 1.79 2006/04/02 00:54:48 lha Exp $"); +RCSID("$Id: cache.c,v 1.82 2006/09/12 17:35:33 lha Exp $"); /* * Add a new ccache type with operations `ops', overwriting any @@ -188,7 +188,7 @@ krb5_cc_new_unique(krb5_context context, const char *type, const krb5_cc_ops *ops; if (type == NULL) - type = "FILE"; + type = KRB5_DEFAULT_CCNAME; ops = krb5_cc_get_prefix_ops(context, type); if (ops == NULL) { @@ -423,7 +423,7 @@ krb5_cc_initialize(krb5_context context, krb5_ccache id, krb5_principal primary_principal) { - return id->ops->init(context, id, primary_principal); + return (*id->ops->init)(context, id, primary_principal); } @@ -438,7 +438,7 @@ krb5_cc_destroy(krb5_context context, { krb5_error_code ret; - ret = id->ops->destroy(context, id); + ret = (*id->ops->destroy)(context, id); krb5_cc_close (context, id); return ret; } @@ -453,7 +453,7 @@ krb5_cc_close(krb5_context context, krb5_ccache id) { krb5_error_code ret; - ret = id->ops->close(context, id); + ret = (*id->ops->close)(context, id); free(id); return ret; } @@ -468,7 +468,7 @@ krb5_cc_store_cred(krb5_context context, krb5_ccache id, krb5_creds *creds) { - return id->ops->store(context, id, creds); + return (*id->ops->store)(context, id, creds); } /* @@ -488,8 +488,8 @@ krb5_cc_retrieve_cred(krb5_context context, krb5_cc_cursor cursor; if (id->ops->retrieve != NULL) { - return id->ops->retrieve(context, id, whichfields, - mcreds, creds); + return (*id->ops->retrieve)(context, id, whichfields, + mcreds, creds); } krb5_cc_start_seq_get(context, id, &cursor); @@ -514,7 +514,7 @@ krb5_cc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *principal) { - return id->ops->get_princ(context, id, principal); + return (*id->ops->get_princ)(context, id, principal); } /* @@ -528,7 +528,7 @@ krb5_cc_start_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor) { - return id->ops->get_first(context, id, cursor); + return (*id->ops->get_first)(context, id, cursor); } /* @@ -543,7 +543,7 @@ krb5_cc_next_cred (krb5_context context, krb5_cc_cursor *cursor, krb5_creds *creds) { - return id->ops->get_next(context, id, cursor, creds); + return (*id->ops->get_next)(context, id, cursor, creds); } /* like krb5_cc_next_cred, but allow for selective retrieval */ @@ -576,7 +576,7 @@ krb5_cc_end_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor) { - return id->ops->end_get(context, id, cursor); + return (*id->ops->end_get)(context, id, cursor); } /* @@ -607,7 +607,7 @@ krb5_cc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags) { - return id->ops->set_flags(context, id, flags); + return (*id->ops->set_flags)(context, id, flags); } /* @@ -672,7 +672,7 @@ krb5_cc_get_version(krb5_context context, const krb5_ccache id) { if(id->ops->get_version) - return id->ops->get_version(context, id); + return (*id->ops->get_version)(context, id); else return 0; } diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index 594665235b..f7b3ffbf9e 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: context.c,v 1.102 2005/05/18 04:20:50 lha Exp $"); +RCSID("$Id: context.c,v 1.108 2006/10/20 22:26:10 lha Exp $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -181,8 +181,8 @@ init_context_from_config_file(krb5_context context) INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc"); INIT_FIELD(context, int, large_msg_size, 6000, "large_message_size"); + INIT_FIELD(context, bool, dns_canonicalize_hostname, TRUE, "dns_canonize_hostname"); context->default_cc_name = NULL; - INIT_FIELD(context, bool, fdns, TRUE, "fdns"); return 0; } @@ -263,7 +263,7 @@ krb5_free_context(krb5_context context) krb5_closelog(context, context->warn_dest); krb5_set_extra_addresses(context, NULL); krb5_set_ignore_addresses(context, NULL); - free(context->send_and_recv); + krb5_set_send_to_kdc_func(context, NULL, NULL); if (context->mutex != NULL) { HEIMDAL_MUTEX_destroy(context->mutex); free(context->mutex); @@ -424,13 +424,17 @@ krb5_free_config_files(char **filenames) } /* - * set `etype' to a malloced list of the default enctypes + * Returns the list of Kerberos encryption types sorted in order of + * most preferred to least preferred encryption type. The array ends + * with ETYPE_NULL. Note that some encryption types might be + * disabled, so you need to check with krb5_enctype_valid() before + * using the encryption type. */ -static krb5_error_code -default_etypes(krb5_context context, krb5_enctype **etype) +const krb5_enctype * KRB5_LIB_FUNCTION +krb5_kerberos_enctypes(krb5_context context) { - krb5_enctype p[] = { + static const krb5_enctype p[] = { ETYPE_AES256_CTS_HMAC_SHA1_96, ETYPE_AES128_CTS_HMAC_SHA1_96, ETYPE_DES3_CBC_SHA1, @@ -438,12 +442,26 @@ default_etypes(krb5_context context, krb5_enctype **etype) ETYPE_ARCFOUR_HMAC_MD5, ETYPE_DES_CBC_MD5, ETYPE_DES_CBC_MD4, - ETYPE_DES_CBC_CRC + ETYPE_DES_CBC_CRC, + ETYPE_NULL }; + return p; +} + +/* + * set `etype' to a malloced list of the default enctypes + */ + +static krb5_error_code +default_etypes(krb5_context context, krb5_enctype **etype) +{ + const krb5_enctype *p; krb5_enctype *e = NULL, *ep; int i, n = 0; - for (i = 0; i < sizeof(p)/sizeof(p[0]); i++) { + p = krb5_kerberos_enctypes(context); + + for (i = 0; p[i] != ETYPE_NULL; i++) { if (krb5_enctype_valid(context, p[i]) != 0) continue; ep = realloc(e, (n + 2) * sizeof(*e)); @@ -537,6 +555,9 @@ krb5_init_ets(krb5_context context) krb5_add_et_list(context, initialize_asn1_error_table_r); krb5_add_et_list(context, initialize_heim_error_table_r); krb5_add_et_list(context, initialize_k524_error_table_r); +#ifdef PKINIT + krb5_add_et_list(context, initialize_hx_error_table_r); +#endif } } @@ -662,3 +683,25 @@ krb5_is_thread_safe(void) return FALSE; #endif } + +void KRB5_LIB_FUNCTION +krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag) +{ + context->dns_canonicalize_hostname = flag; +} + +krb5_boolean KRB5_LIB_FUNCTION +krb5_get_dns_canonize_hostname (krb5_context context) +{ + return context->dns_canonicalize_hostname; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec) +{ + if (sec) + *sec = context->kdc_sec_offset; + if (usec) + *usec = context->kdc_usec_offset; + return 0; +} diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index a3c58051f9..9f6ef6b82b 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.138 2006/05/08 13:47:24 lha Exp $"); +RCSID("$Id: crypto.c,v 1.145 2006/10/22 07:32:40 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -55,7 +55,6 @@ struct krb5_crypto_data { struct key_data key; int num_key_usage; struct key_usage *key_usage; - void *params; }; #define kcrypto_oid_enc(n) { sizeof(n)/sizeof(n[0]), n } @@ -89,13 +88,9 @@ struct key_type { krb5_enctype best_etype; #endif void (*random_key)(krb5_context, krb5_keyblock*); - void (*schedule)(krb5_context, struct key_data *, const void *); + void (*schedule)(krb5_context, struct key_data *); struct salt_type *string_to_key; void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t); - krb5_error_code (*get_params)(krb5_context, const krb5_data *, - void **, krb5_data *); - krb5_error_code (*set_params)(krb5_context, const void *, - const krb5_data *, krb5_data *); }; struct checksum_type { @@ -181,8 +176,7 @@ krb5_DES_random_key(krb5_context context, static void krb5_DES_schedule(krb5_context context, - struct key_data *key, - const void *params) + struct key_data *key) { DES_set_key(key->key->keyvalue.data, key->schedule->data); } @@ -392,8 +386,7 @@ DES3_random_key(krb5_context context, static void DES3_schedule(krb5_context context, - struct key_data *key, - const void *params) + struct key_data *key) { DES_cblock *k = key->key->keyvalue.data; DES_key_schedule *s = key->schedule->data; @@ -546,8 +539,7 @@ DES3_random_to_key(krb5_context context, static void ARCFOUR_schedule(krb5_context context, - struct key_data *kd, - const void *params) + struct key_data *kd) { RC4_set_key (kd->schedule->data, kd->key->keyvalue.length, kd->key->keyvalue.data); @@ -618,15 +610,16 @@ AES_string_to_key(krb5_context context, if (et == NULL) return KRB5_PROG_KEYTYPE_NOSUPP; - key->keytype = enctype; - ret = krb5_data_alloc(&key->keyvalue, et->keytype->size); - if (ret) { - krb5_set_error_string(context, "Failed to allocate pkcs5 key"); - return ret; + kd.schedule = NULL; + ALLOC(kd.key, 1); + if(kd.key == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; } - ret = krb5_copy_keyblock(context, key, &kd.key); + kd.key->keytype = enctype; + ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); if (ret) { - krb5_free_keyblock(context, key); + krb5_set_error_string(context, "Failed to allocate pkcs5 key"); return ret; } @@ -634,8 +627,8 @@ AES_string_to_key(krb5_context context, salt.saltvalue.data, salt.saltvalue.length, iter, et->keytype->size, kd.key->keyvalue.data); - kd.schedule = NULL; if (ret != 1) { + free_key_data(context, &kd); krb5_set_error_string(context, "Error calculating s2k"); return KRB5_PROG_KEYTYPE_NOSUPP; } @@ -655,8 +648,7 @@ struct krb5_aes_schedule { static void AES_schedule(krb5_context context, - struct key_data *kd, - const void *params) + struct key_data *kd) { struct krb5_aes_schedule *key = kd->schedule->data; int bits = kd->key->keyvalue.length * 8; @@ -666,115 +658,6 @@ AES_schedule(krb5_context context, AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key->dkey); } -/* - * RC2 - */ - -struct _RC2_params { - int maximum_effective_key; -}; - -static krb5_error_code -rc2_get_params(krb5_context context, - const krb5_data *data, - void **params, - krb5_data *ivec) -{ - RC2CBCParameter rc2params; - struct _RC2_params *p; - krb5_error_code ret; - size_t size; - - ret = decode_RC2CBCParameter(data->data, data->length, &rc2params, &size); - if (ret) { - krb5_set_error_string(context, "Can't decode RC2 parameters"); - return ret; - } - p = malloc(sizeof(*p)); - if (p == NULL) { - free_RC2CBCParameter(&rc2params); - krb5_set_error_string(context, "malloc - out of memory"); - return ENOMEM; - } - /* XXX */ - switch(rc2params.rc2ParameterVersion) { - case 160: - p->maximum_effective_key = 40; - break; - case 120: - p->maximum_effective_key = 64; - break; - case 58: - p->maximum_effective_key = 128; - break; - - } - if (ivec) - ret = copy_octet_string(&rc2params.iv, ivec); - free_RC2CBCParameter(&rc2params); - *params = p; - - return ret; -} - -static krb5_error_code -rc2_set_params(krb5_context context, - const void *params, - const krb5_data *ivec, - krb5_data *data) -{ - RC2CBCParameter rc2params; - const struct _RC2_params *p = params; - int maximum_effective_key = 128; - krb5_error_code ret; - size_t size; - - memset(&rc2params, 0, sizeof(rc2params)); - - if (p) - maximum_effective_key = p->maximum_effective_key; - - /* XXX */ - switch(maximum_effective_key) { - case 40: - rc2params.rc2ParameterVersion = 160; - break; - case 64: - rc2params.rc2ParameterVersion = 120; - break; - case 128: - rc2params.rc2ParameterVersion = 58; - break; - } - ret = copy_octet_string(ivec, &rc2params.iv); - if (ret) - return ret; - - ASN1_MALLOC_ENCODE(RC2CBCParameter, data->data, data->length, - &rc2params, &size, ret); - if (ret == 0 && size != data->length) - krb5_abortx(context, "Internal asn1 encoder failure"); - free_RC2CBCParameter(&rc2params); - - return ret; -} - -static void -rc2_schedule(krb5_context context, - struct key_data *kd, - const void *params) -{ - const struct _RC2_params *p = params; - int maximum_effective_key = 128; - if (p) - maximum_effective_key = p->maximum_effective_key; - RC2_set_key (kd->schedule->data, - kd->key->keyvalue.length, - kd->key->keyvalue.data, - maximum_effective_key); -} - - /* * */ @@ -898,18 +781,6 @@ static struct key_type keytype_aes128 = { AES_salt }; -static struct key_type keytype_aes192 = { - KEYTYPE_AES192, - "aes-192", - 192, - 24, - 24, - sizeof(struct krb5_aes_schedule), - NULL, - AES_schedule, - AES_salt -}; - static struct key_type keytype_aes256 = { KEYTYPE_AES256, "aes-256", @@ -934,30 +805,13 @@ static struct key_type keytype_arcfour = { arcfour_salt }; -static struct key_type keytype_rc2 = { - KEYTYPE_RC2, - "rc2", - 128, - 16, - 1, - sizeof(RC2_KEY), - NULL, - rc2_schedule, - NULL, /* XXX salt */ - NULL, - rc2_get_params, - rc2_set_params -}; - static struct key_type *keytypes[] = { &keytype_null, &keytype_des, &keytype_des3_derived, &keytype_des3, &keytype_aes128, - &keytype_aes192, &keytype_aes256, - &keytype_rc2, &keytype_arcfour }; @@ -1247,8 +1101,7 @@ krb5_generate_random_keyblock(krb5_context context, static krb5_error_code _key_schedule(krb5_context context, - struct key_data *key, - const void *params) + struct key_data *key) { krb5_error_code ret; struct encryption_type *et = _find_enctype(key->key->keytype); @@ -1269,7 +1122,7 @@ _key_schedule(krb5_context context, key->schedule = NULL; return ret; } - (*kt->schedule)(context, key, params); + (*kt->schedule)(context, key); return 0; } @@ -1933,7 +1786,7 @@ get_checksum_key(krb5_context context, *key = &crypto->key; } if(ret == 0) - ret = _key_schedule(context, *key, crypto->params); + ret = _key_schedule(context, *key); return ret; } @@ -2290,16 +2143,15 @@ DES_PCBC_encrypt_key_ivec(krb5_context context, void KRB5_LIB_FUNCTION _krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *aes_key, + size_t len, const AES_KEY *key, unsigned char *ivec, const int encryptp) { unsigned char tmp[AES_BLOCK_SIZE]; - const AES_KEY *key = aes_key; /* XXX remove this when we always have AES */ int i; /* * In the framework of kerberos, the length can never be shorter - * than at least one blocksize. + * then at least one blocksize. */ if (encryptp) { @@ -2838,7 +2690,7 @@ krb5_string_to_enctype(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_enctype_to_oid(krb5_context context, +_krb5_enctype_to_oid(krb5_context context, krb5_enctype etype, heim_oid *oid) { @@ -2853,7 +2705,7 @@ krb5_enctype_to_oid(krb5_context context, return KRB5_PROG_ETYPE_NOSUPP; } krb5_clear_error_string(context); - return copy_oid(et->oid, oid); + return der_copy_oid(et->oid, oid); } krb5_error_code KRB5_LIB_FUNCTION @@ -2863,7 +2715,7 @@ _krb5_oid_to_enctype(krb5_context context, { int i; for(i = 0; i < num_etypes; i++) { - if(etypes[i]->oid && heim_oid_cmp(etypes[i]->oid, oid) == 0) { + if(etypes[i]->oid && der_heim_oid_cmp(etypes[i]->oid, oid) == 0) { *etype = etypes[i]->type; return 0; } @@ -3080,7 +2932,7 @@ encrypt_internal_derived(krb5_context context, ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); if(ret) goto fail; - ret = _key_schedule(context, dkey, crypto->params); + ret = _key_schedule(context, dkey); if(ret) goto fail; #ifdef CRYPTO_DEBUG @@ -3146,7 +2998,7 @@ encrypt_internal(krb5_context context, goto fail; memcpy(p + et->confoundersize, cksum.checksum.data, cksum.checksum.length); free_Checksum(&cksum); - ret = _key_schedule(context, &crypto->key, crypto->params); + ret = _key_schedule(context, &crypto->key); if(ret) goto fail; #ifdef CRYPTO_DEBUG @@ -3246,7 +3098,7 @@ decrypt_internal_derived(krb5_context context, free(p); return ret; } - ret = _key_schedule(context, dkey, crypto->params); + ret = _key_schedule(context, dkey); if(ret) { free(p); return ret; @@ -3313,7 +3165,7 @@ decrypt_internal(krb5_context context, } memcpy(p, data, len); - ret = _key_schedule(context, &crypto->key, crypto->params); + ret = _key_schedule(context, &crypto->key); if(ret) { free(p); return ret; @@ -3613,11 +3465,9 @@ derive_key(krb5_context context, unsigned char *k; unsigned int nblocks = 0, i; krb5_error_code ret = 0; - struct key_type *kt = et->keytype; - /* since RC2 is only the weird crypto alg with parameter and this - * function not defined with work with RC2, this is ok */ - ret = _key_schedule(context, key, NULL); + + ret = _key_schedule(context, key); if(ret) return ret; if(et->blocksize * 8 < kt->bits || @@ -3795,7 +3645,6 @@ krb5_crypto_init(krb5_context context, (*crypto)->key.schedule = NULL; (*crypto)->num_key_usage = 0; (*crypto)->key_usage = NULL; - (*crypto)->params = NULL; return 0; } @@ -3825,79 +3674,10 @@ krb5_crypto_destroy(krb5_context context, free_key_usage(context, &crypto->key_usage[i]); free(crypto->key_usage); free_key_data(context, &crypto->key); - free(crypto->params); free (crypto); return 0; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_get_params(krb5_context context, - const krb5_crypto crypto, - const krb5_data *params, - krb5_data *ivec) -{ - krb5_error_code (*gp)(krb5_context, const krb5_data *,void **,krb5_data *); - krb5_error_code ret; - - gp = crypto->et->keytype->get_params; - if (gp) { - if (crypto->params) { - krb5_set_error_string(context, - "krb5_crypto_get_params called " - "more than once"); - return KRB5_PROG_ETYPE_NOSUPP; - } - ret = (*gp)(context, params, &crypto->params, ivec); - } else { - size_t size; - if (ivec == NULL) - return 0; - ret = decode_CBCParameter(params->data, params->length, ivec, &size); - } - if (ret) - return ret; - if (ivec->length < crypto->et->blocksize) { - krb5_data_free(ivec); - krb5_set_error_string(context, "%s IV of wrong size", - crypto->et->name); - return ASN1_PARSE_ERROR; - } - return 0; -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_set_params(krb5_context context, - const krb5_crypto crypto, - const krb5_data *ivec, - krb5_data *params) -{ - krb5_error_code (*sp)(krb5_context, const void *, - const krb5_data *, krb5_data *); - krb5_error_code ret; - - sp = crypto->et->keytype->set_params; - if (sp == NULL) { - size_t size; - if (ivec == NULL) - return 0; - ASN1_MALLOC_ENCODE(CBCParameter, params->data, params->length, - ivec, &size, ret); - if (ret) - return ret; - if (size != params->length) - krb5_abortx(context, "Internal asn1 encoder failure"); - return 0; - } - if (crypto->params) { - krb5_set_error_string(context, - "krb5_crypto_set_params called " - "more than once"); - return KRB5_PROG_ETYPE_NOSUPP; - } - return (*sp)(context, crypto->params, ivec, params); -} - - krb5_error_code KRB5_LIB_FUNCTION krb5_crypto_getblocksize(krb5_context context, krb5_crypto crypto, diff --git a/source4/heimdal/lib/krb5/data.c b/source4/heimdal/lib/krb5/data.c index 3192c4c64f..f0c6d00abe 100644 --- a/source4/heimdal/lib/krb5/data.c +++ b/source4/heimdal/lib/krb5/data.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: data.c,v 1.20 2006/04/02 01:06:07 lha Exp $"); +RCSID("$Id: data.c,v 1.21 2006/10/14 09:45:41 lha Exp $"); void KRB5_LIB_FUNCTION krb5_data_zero(krb5_data *p) @@ -110,7 +110,7 @@ krb5_copy_data(krb5_context context, krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } - ret = copy_octet_string(indata, *outdata); + ret = der_copy_octet_string(indata, *outdata); if(ret) { krb5_clear_error_string (context); free(*outdata); diff --git a/source4/heimdal/lib/krb5/expand_hostname.c b/source4/heimdal/lib/krb5/expand_hostname.c index f03bf15807..4d0692bcfa 100644 --- a/source4/heimdal/lib/krb5/expand_hostname.c +++ b/source4/heimdal/lib/krb5/expand_hostname.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: expand_hostname.c,v 1.12 2004/05/25 21:24:14 lha Exp $"); +RCSID("$Id: expand_hostname.c,v 1.13 2006/10/17 09:16:32 lha Exp $"); static krb5_error_code copy_hostname(krb5_context context, @@ -62,13 +62,12 @@ krb5_expand_hostname (krb5_context context, struct addrinfo *ai, *a, hints; int error; + if (!context->dns_canonicalize_hostname) + return copy_hostname (context, orig_hostname, new_hostname); + memset (&hints, 0, sizeof(hints)); hints.ai_flags = AI_CANONNAME; - if (!context->fdns) { - return copy_hostname (context, orig_hostname, new_hostname); - } - error = getaddrinfo (orig_hostname, NULL, &hints, &ai); if (error) return copy_hostname (context, orig_hostname, new_hostname); @@ -128,10 +127,9 @@ krb5_expand_hostname_realms (krb5_context context, int error; krb5_error_code ret = 0; - if (!context->fdns) { + if (!context->dns_canonicalize_hostname) return vanilla_hostname (context, orig_hostname, new_hostname, realms); - } memset (&hints, 0, sizeof(hints)); hints.ai_flags = AI_CANONNAME; diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index 1fa3f9143e..b404c30f6e 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_cred.c,v 1.109 2006/02/03 11:41:02 lha Exp $"); +RCSID("$Id: get_cred.c,v 1.112 2006/06/06 21:22:54 lha Exp $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -142,6 +142,7 @@ init_tgs_req (krb5_context context, krb5_creds *in_creds, krb5_creds *krbtgt, unsigned nonce, + const METHOD_DATA *padata, krb5_keyblock **subkey, TGS_REQ *t, krb5_key_usage usage) @@ -220,12 +221,22 @@ init_tgs_req (krb5_context context, krb5_set_error_string(context, "malloc: out of memory"); goto fail; } - ALLOC_SEQ(t->padata, 1); + ALLOC_SEQ(t->padata, 1 + padata->len); if (t->padata->val == NULL) { ret = ENOMEM; krb5_set_error_string(context, "malloc: out of memory"); goto fail; } + { + int i; + for (i = 0; i < padata->len; i++) { + ret = copy_PA_DATA(&padata->val[i], &t->padata->val[i + 1]); + if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + } + } { krb5_auth_context ac; @@ -268,7 +279,7 @@ init_tgs_req (krb5_context context, ret = make_pa_tgs_req(context, ac, &t->req_body, - t->padata->val, + &t->padata->val[0], krbtgt, usage); if(ret) { @@ -383,8 +394,10 @@ get_cred_kdc_usage(krb5_context context, krb5_ccache id, krb5_kdc_flags flags, krb5_addresses *addresses, - krb5_creds *in_creds, + krb5_creds *in_creds, krb5_creds *krbtgt, + krb5_principal impersonate_principal, + Ticket *second_ticket, krb5_creds *out_creds, krb5_key_usage usage) { @@ -397,36 +410,91 @@ get_cred_kdc_usage(krb5_context context, unsigned nonce; krb5_keyblock *subkey = NULL; size_t len; - Ticket second_ticket; + Ticket second_ticket_data; int send_to_kdc_flags = 0; + METHOD_DATA padata; krb5_data_zero(&resp); krb5_data_zero(&enc); + padata.val = NULL; + padata.len = 0; krb5_generate_random_block(&nonce, sizeof(nonce)); nonce &= 0xffffffff; - if(flags.b.enc_tkt_in_skey){ + if(flags.b.enc_tkt_in_skey && second_ticket == NULL){ ret = decode_Ticket(in_creds->second_ticket.data, in_creds->second_ticket.length, - &second_ticket, &len); + &second_ticket_data, &len); if(ret) return ret; + second_ticket = &second_ticket_data; + } + + + if (impersonate_principal) { + krb5_crypto crypto; + PA_S4U2Self self; + krb5_data data; + void *buf; + size_t size; + + self.name = impersonate_principal->name; + self.realm = impersonate_principal->realm; + self.auth = estrdup("Kerberos"); + + ret = _krb5_s4u2self_to_checksumdata(context, &self, &data); + if (ret) { + free(self.auth); + goto out; + } + + ret = krb5_crypto_init(context, &krbtgt->session, 0, &crypto); + if (ret) { + free(self.auth); + krb5_data_free(&data); + goto out; + } + + ret = krb5_create_checksum(context, + crypto, + KRB5_KU_TGS_IMPERSONATE, + 0, + data.data, + data.length, + &self.cksum); + krb5_crypto_destroy(context, crypto); + krb5_data_free(&data); + if (ret) { + free(self.auth); + goto out; + } + + ASN1_MALLOC_ENCODE(PA_S4U2Self, buf, len, &self, &size, ret); + free(self.auth); + free_Checksum(&self.cksum); + if (ret) + goto out; + if (len != size) + krb5_abortx(context, "internal asn1 error"); + + ret = krb5_padata_add(context, &padata, KRB5_PADATA_S4U2SELF, buf, len); + if (ret) + goto out; } ret = init_tgs_req (context, id, addresses, flags, - flags.b.enc_tkt_in_skey ? &second_ticket : NULL, + second_ticket, in_creds, krbtgt, nonce, + &padata, &subkey, &req, usage); - if(flags.b.enc_tkt_in_skey) - free_Ticket(&second_ticket); if (ret) goto out; @@ -475,7 +543,7 @@ again: &krbtgt->addresses, nonce, TRUE, - flags.b.request_anonymous, + TRUE /* flags.b.request_anonymous */, decrypt_tkt_with_subkey, subkey); krb5_free_kdc_rep(context, &rep); @@ -497,6 +565,9 @@ again: } out: + if (second_ticket == &second_ticket_data) + free_Ticket(&second_ticket_data); + free_METHOD_DATA(&padata); krb5_data_free(&resp); krb5_data_free(&enc); if(subkey){ @@ -514,16 +585,20 @@ get_cred_kdc(krb5_context context, krb5_addresses *addresses, krb5_creds *in_creds, krb5_creds *krbtgt, + krb5_principal impersonate_principal, + Ticket *second_ticket, krb5_creds *out_creds) { krb5_error_code ret; ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds, - krbtgt, out_creds, KRB5_KU_TGS_REQ_AUTH); + krbtgt, impersonate_principal, second_ticket, + out_creds, KRB5_KU_TGS_REQ_AUTH); if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) { krb5_clear_error_string (context); ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds, - krbtgt, out_creds, KRB5_KU_AP_REQ_AUTH); + krbtgt, impersonate_principal, second_ticket, + out_creds, KRB5_KU_AP_REQ_AUTH); } return ret; } @@ -533,6 +608,7 @@ get_cred_kdc(krb5_context context, static krb5_error_code get_cred_kdc_la(krb5_context context, krb5_ccache id, krb5_kdc_flags flags, krb5_creds *in_creds, krb5_creds *krbtgt, + krb5_principal impersonate_principal, Ticket *second_ticket, krb5_creds *out_creds) { krb5_error_code ret; @@ -543,7 +619,8 @@ get_cred_kdc_la(krb5_context context, krb5_ccache id, krb5_kdc_flags flags, if(addresses.len == 0) addrs = NULL; ret = get_cred_kdc(context, id, flags, addrs, - in_creds, krbtgt, out_creds); + in_creds, krbtgt, impersonate_principal, second_ticket, + out_creds); krb5_free_addresses(context, &addresses); return ret; } @@ -575,7 +652,7 @@ krb5_get_kdc_cred(krb5_context context, return ret; } ret = get_cred_kdc(context, id, flags, addresses, - in_creds, krbtgt, *out_creds); + in_creds, krbtgt, NULL, NULL, *out_creds); krb5_free_creds (context, krbtgt); if(ret) free(*out_creds); @@ -607,7 +684,17 @@ find_cred(krb5_context context, } tgts++; } - krb5_clear_error_string(context); + { + char *str; + ret = krb5_unparse_name(context, server, &str); + if(ret == 0) { + krb5_set_error_string(context, "Matching credential " + "(%s) not found", str); + free(str); + } else { + krb5_clear_error_string(context); + } + } return KRB5_CC_NOTFOUND; } @@ -650,6 +737,8 @@ get_cred_from_kdc_flags(krb5_context context, krb5_kdc_flags flags, krb5_ccache ccache, krb5_creds *in_creds, + krb5_principal impersonate_principal, + Ticket *second_ticket, krb5_creds **out_creds, krb5_creds ***ret_tgts) { @@ -707,10 +796,16 @@ get_cred_from_kdc_flags(krb5_context context, if (noaddr) ret = get_cred_kdc(context, ccache, flags, NULL, - in_creds, &tgts, *out_creds); + in_creds, &tgts, + impersonate_principal, + second_ticket, + *out_creds); else ret = get_cred_kdc_la(context, ccache, flags, - in_creds, &tgts, *out_creds); + in_creds, &tgts, + impersonate_principal, + second_ticket, + *out_creds); if (ret) { free (*out_creds); *out_creds = NULL; @@ -731,7 +826,7 @@ get_cred_from_kdc_flags(krb5_context context, heim_general_string tgt_inst; ret = get_cred_from_kdc_flags(context, flags, ccache, &tmp_creds, - &tgt, ret_tgts); + NULL, NULL, &tgt, ret_tgts); if(ret) { krb5_free_principal(context, tmp_creds.server); krb5_free_principal(context, tmp_creds.client); @@ -776,10 +871,12 @@ get_cred_from_kdc_flags(krb5_context context, &noaddr); if (noaddr) ret = get_cred_kdc (context, ccache, flags, NULL, - in_creds, tgt, *out_creds); + in_creds, tgt, NULL, NULL, + *out_creds); else ret = get_cred_kdc_la(context, ccache, flags, - in_creds, tgt, *out_creds); + in_creds, tgt, NULL, NULL, + *out_creds); if (ret) { free (*out_creds); *out_creds = NULL; @@ -800,7 +897,8 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_kdc_flags f; f.i = flags; return get_cred_from_kdc_flags(context, f, ccache, - in_creds, out_creds, ret_tgts); + in_creds, NULL, NULL, + out_creds, ret_tgts); } krb5_error_code KRB5_LIB_FUNCTION @@ -879,15 +977,18 @@ krb5_get_credentials_with_flags(krb5_context context, } if(options & KRB5_GC_USER_USER) flags.b.enc_tkt_in_skey = 1; + if (flags.b.enc_tkt_in_skey) + options |= KRB5_GC_NO_STORE; + tgts = NULL; ret = get_cred_from_kdc_flags(context, flags, ccache, - in_creds, out_creds, &tgts); + in_creds, NULL, NULL, out_creds, &tgts); for(i = 0; tgts && tgts[i]; i++) { krb5_cc_store_cred(context, ccache, tgts[i]); krb5_free_creds(context, tgts[i]); } free(tgts); - if(ret == 0 && flags.b.enc_tkt_in_skey == 0) + if(ret == 0 && (options & KRB5_GC_NO_STORE) == 0) krb5_cc_store_cred(context, ccache, *out_creds); return ret; } @@ -904,3 +1005,200 @@ krb5_get_credentials(krb5_context context, return krb5_get_credentials_with_flags(context, options, flags, ccache, in_creds, out_creds); } + +struct krb5_get_creds_opt_data { + krb5_principal self; + krb5_flags options; + krb5_enctype enctype; + Ticket *ticket; +}; + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt) +{ + *opt = calloc(1, sizeof(**opt)); + if (*opt == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + return 0; +} + +void KRB5_LIB_FUNCTION +krb5_get_creds_opt_free(krb5_context context, krb5_get_creds_opt opt) +{ + if (opt->self) + krb5_free_principal(context, opt->self); + memset(opt, 0, sizeof(*opt)); + free(opt); +} + +void KRB5_LIB_FUNCTION +krb5_get_creds_opt_set_options(krb5_context context, + krb5_get_creds_opt opt, + krb5_flags options) +{ + opt->options = options; +} + +void KRB5_LIB_FUNCTION +krb5_get_creds_opt_add_options(krb5_context context, + krb5_get_creds_opt opt, + krb5_flags options) +{ + opt->options |= options; +} + +void KRB5_LIB_FUNCTION +krb5_get_creds_opt_set_enctype(krb5_context context, + krb5_get_creds_opt opt, + krb5_enctype enctype) +{ + opt->enctype = enctype; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_creds_opt_set_impersonate(krb5_context context, + krb5_get_creds_opt opt, + krb5_const_principal self) +{ + if (opt->self) + krb5_free_principal(context, opt->self); + return krb5_copy_principal(context, self, &opt->self); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_creds_opt_set_ticket(krb5_context context, + krb5_get_creds_opt opt, + const Ticket *ticket) +{ + if (opt->ticket) { + free_Ticket(opt->ticket); + free(opt->ticket); + opt->ticket = NULL; + } + if (ticket) { + krb5_error_code ret; + + opt->ticket = malloc(sizeof(*ticket)); + if (opt->ticket == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + ret = copy_Ticket(ticket, opt->ticket); + if (ret) { + free(opt->ticket); + opt->ticket = NULL; + krb5_set_error_string(context, "malloc: out of memory"); + return ret; + } + } + return 0; +} + + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_creds(krb5_context context, + krb5_get_creds_opt opt, + krb5_ccache ccache, + krb5_const_principal inprinc, + krb5_creds **out_creds) +{ + krb5_kdc_flags flags; + krb5_flags options; + krb5_creds in_creds; + krb5_error_code ret; + krb5_creds **tgts; + krb5_creds *res_creds; + int i; + + memset(&in_creds, 0, sizeof(in_creds)); + in_creds.server = rk_UNCONST(inprinc); + + ret = krb5_cc_get_principal(context, ccache, &in_creds.client); + if (ret) + return ret; + + options = opt->options; + flags.i = 0; + + *out_creds = NULL; + res_creds = calloc(1, sizeof(*res_creds)); + if (res_creds == NULL) { + krb5_free_principal(context, in_creds.client); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + if (opt->enctype) { + in_creds.session.keytype = opt->enctype; + options |= KRB5_TC_MATCH_KEYTYPE; + } + + /* + * If we got a credential, check if credential is expired before + * returning it. + */ + ret = krb5_cc_retrieve_cred(context, + ccache, + opt->enctype ? KRB5_TC_MATCH_KEYTYPE : 0, + &in_creds, res_creds); + /* + * If we got a credential, check if credential is expired before + * returning it, but only if KRB5_GC_EXPIRED_OK is not set. + */ + if (ret == 0) { + krb5_timestamp timeret; + + /* If expired ok, don't bother checking */ + if(options & KRB5_GC_EXPIRED_OK) { + *out_creds = res_creds; + krb5_free_principal(context, in_creds.client); + return 0; + } + + krb5_timeofday(context, &timeret); + if(res_creds->times.endtime > timeret) { + *out_creds = res_creds; + krb5_free_principal(context, in_creds.client); + return 0; + } + if(options & KRB5_GC_CACHED) + krb5_cc_remove_cred(context, ccache, 0, res_creds); + + } else if(ret != KRB5_CC_END) { + free(res_creds); + krb5_free_principal(context, in_creds.client); + return ret; + } + free(res_creds); + if(options & KRB5_GC_CACHED) { + krb5_clear_error_string (context); + krb5_free_principal(context, in_creds.client); + return KRB5_CC_NOTFOUND; + } + if(options & KRB5_GC_USER_USER) { + flags.b.enc_tkt_in_skey = 1; + options |= KRB5_GC_NO_STORE; + } + if (options & KRB5_GC_FORWARDABLE) + flags.b.forwardable = 1; + if (options & KRB5_GC_NO_TRANSIT_CHECK) + flags.b.disable_transited_check = 1; + + tgts = NULL; + ret = get_cred_from_kdc_flags(context, flags, ccache, + &in_creds, opt->self, opt->ticket, + out_creds, &tgts); + krb5_free_principal(context, in_creds.client); + for(i = 0; tgts && tgts[i]; i++) { + krb5_cc_store_cred(context, ccache, tgts[i]); + krb5_free_creds(context, tgts[i]); + } + free(tgts); + if(ret == 0 && (options & KRB5_GC_NO_STORE) == 0) + krb5_cc_store_cred(context, ccache, *out_creds); + return ret; +} diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index f042cdb573..661d05663b 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -376,7 +376,7 @@ krb5_get_forwarded_creds (krb5_context context, cred.enc_part.cipher.length = buf_size; } else { /* - * Here older versions than 0.7.2 of Heimdal used the local or + * Here older versions then 0.7.2 of Heimdal used the local or * remote subkey. That is wrong, the session key should be * used. Heimdal 0.7.2 and newer have code to try both in the * receiving end. diff --git a/source4/heimdal/lib/krb5/get_host_realm.c b/source4/heimdal/lib/krb5/get_host_realm.c index 33a3438b12..ffc646d98b 100644 --- a/source4/heimdal/lib/krb5/get_host_realm.c +++ b/source4/heimdal/lib/krb5/get_host_realm.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: get_host_realm.c,v 1.35 2005/08/23 08:14:02 lha Exp $"); +RCSID("$Id: get_host_realm.c,v 1.37 2006/10/17 19:28:36 lha Exp $"); /* To automagically find the correct realm of a host (without * [domain_realm] in krb5.conf) add a text record for your domain with @@ -187,65 +187,71 @@ _krb5_get_host_realm_int (krb5_context context, return 0; } } - - *realms = malloc(2 * sizeof(krb5_realm)); - if (*realms == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - (*realms)[1] = NULL; - p = strchr(host, '.'); if(p != NULL) { p++; - (*realms)[0] = strdup(p); - if((*realms)[0] == NULL) { - free(*realms); + *realms = malloc(2 * sizeof(krb5_realm)); + if (*realms == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } - strupr((*realms)[0]); - } else { - krb5_error_code ret; - ret = krb5_get_default_realm(context, &(*realms)[0]); - if(ret) { + + (*realms)[0] = strdup(p); + if((*realms)[0] == NULL) { free(*realms); krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } - if((*realms)[0] == NULL) { - free(*realms); - krb5_set_error_string(context, "unable to find realm of host %s", host); - return KRB5_ERR_HOST_REALM_UNKNOWN; - } + strupr((*realms)[0]); + (*realms)[1] = NULL; + return 0; } - return 0; + krb5_set_error_string(context, "unable to find realm of host %s", host); + return KRB5_ERR_HOST_REALM_UNKNOWN; } /* - * Return the realm(s) of `host' as a NULL-terminated list in `realms'. + * Return the realm(s) of `host' as a NULL-terminated list in + * `realms'. Free `realms' with krb5_free_host_realm(). */ krb5_error_code KRB5_LIB_FUNCTION krb5_get_host_realm(krb5_context context, - const char *host, + const char *targethost, krb5_realm **realms) { + const char *host = targethost; char hostname[MAXHOSTNAMELEN]; - krb5_boolean use_dns; + krb5_error_code ret; + int use_dns; if (host == NULL) { - if (gethostname (hostname, sizeof(hostname))) + if (gethostname (hostname, sizeof(hostname))) { + *realms = NULL; return errno; + } host = hostname; } - if (strchr(host, '.') == NULL) { - use_dns = FALSE; - } else { - use_dns = TRUE; - } + /* + * If our local hostname is without components, don't even try to dns. + */ + + use_dns = (strchr(host, '.') != NULL); - return _krb5_get_host_realm_int (context, host, use_dns, realms); + ret = _krb5_get_host_realm_int (context, host, use_dns, realms); + if (ret && targethost != NULL) { + /* + * If there was no realm mapping for the host (and we wasn't + * looking for ourself), guess at the local realm, maybe our + * KDC knows better then we do and we get a referral back. + */ + ret = krb5_get_default_realms(context, realms); + if (ret) { + krb5_set_error_string(context, "Unable to find realm of host %s", + host); + return KRB5_ERR_HOST_REALM_UNKNOWN; + } + } + return ret; } diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c index 5c488d1ddc..ebc96f2279 100644 --- a/source4/heimdal/lib/krb5/get_in_tkt.c +++ b/source4/heimdal/lib/krb5/get_in_tkt.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt.c,v 1.116 2005/06/15 02:53:20 lha Exp $"); +RCSID("$Id: get_in_tkt.c,v 1.119 2006/10/06 17:05:08 lha Exp $"); krb5_error_code KRB5_LIB_FUNCTION krb5_init_etype (krb5_context context, @@ -137,7 +137,7 @@ _krb5_extract_ticket(krb5_context context, time_t tmp_time; krb5_timestamp sec_now; - ret = _krb5_principalname2krb5_principal (context, + ret = _krb5_principalname2krb5_principal (context, &tmp_principal, rep->kdc_rep.cname, rep->kdc_rep.crealm); @@ -171,7 +171,7 @@ _krb5_extract_ticket(krb5_context context, /* compare server */ - ret = _krb5_principalname2krb5_principal (context, + ret = _krb5_principalname2krb5_principal (context, &tmp_principal, rep->kdc_rep.ticket.sname, rep->kdc_rep.ticket.realm); @@ -411,7 +411,7 @@ add_padata(krb5_context context, static krb5_error_code init_as_req (krb5_context context, - krb5_kdc_flags opts, + KDCOptions opts, krb5_creds *creds, const krb5_addresses *addrs, const krb5_enctype *etypes, @@ -429,7 +429,7 @@ init_as_req (krb5_context context, a->pvno = 5; a->msg_type = krb_as_req; - a->req_body.kdc_options = opts.b; + a->req_body.kdc_options = opts; a->req_body.cname = malloc(sizeof(*a->req_body.cname)); if (a->req_body.cname == NULL) { ret = ENOMEM; @@ -649,14 +649,14 @@ krb5_get_in_cred(krb5_context context, krb5_salt salt; krb5_keyblock *key; size_t size; - krb5_kdc_flags opts; + KDCOptions opts; PA_DATA *pa; krb5_enctype etype; krb5_preauthdata *my_preauth = NULL; unsigned nonce; int done; - opts.i = options; + opts = int2KDCOptions(options); krb5_generate_random_block (&nonce, sizeof(nonce)); nonce &= 0xffffffff; @@ -771,7 +771,7 @@ krb5_get_in_cred(krb5_context context, NULL, nonce, FALSE, - opts.b.request_anonymous, + opts.request_anonymous, decrypt_proc, decryptarg); memset (key->keyvalue.data, 0, key->keyvalue.length); @@ -801,12 +801,9 @@ krb5_get_in_tkt(krb5_context context, krb5_kdc_rep *ret_as_reply) { krb5_error_code ret; - krb5_kdc_flags opts; - opts.i = 0; - opts.b = int2KDCOptions(options); ret = krb5_get_in_cred (context, - opts.i, + options, addrs, etypes, ptypes, diff --git a/source4/heimdal/lib/krb5/heim_err.c b/source4/heimdal/lib/krb5/heim_err.c new file mode 100644 index 0000000000..f72a265ba9 --- /dev/null +++ b/source4/heimdal/lib/krb5/heim_err.c @@ -0,0 +1,162 @@ +/* Generated from heim_err.et */ +/* $Id: heim_err.et,v 1.13 2004/02/13 16:23:40 lha Exp $ */ + +#include +#include +#include "heim_err.h" + +static const char *heim_error_strings[] = { + /* 000 */ "Error parsing log destination", + /* 001 */ "Failed to convert v4 principal", + /* 002 */ "Salt type is not supported by enctype", + /* 003 */ "Host not found", + /* 004 */ "Operation not supported", + /* 005 */ "End of file", + /* 006 */ "Failed to get the master key", + /* 007 */ "Unacceptable service used", + /* 008 */ "Reserved heim error (8)", + /* 009 */ "Reserved heim error (9)", + /* 010 */ "Reserved heim error (10)", + /* 011 */ "Reserved heim error (11)", + /* 012 */ "Reserved heim error (12)", + /* 013 */ "Reserved heim error (13)", + /* 014 */ "Reserved heim error (14)", + /* 015 */ "Reserved heim error (15)", + /* 016 */ "Reserved heim error (16)", + /* 017 */ "Reserved heim error (17)", + /* 018 */ "Reserved heim error (18)", + /* 019 */ "Reserved heim error (19)", + /* 020 */ "Reserved heim error (20)", + /* 021 */ "Reserved heim error (21)", + /* 022 */ "Reserved heim error (22)", + /* 023 */ "Reserved heim error (23)", + /* 024 */ "Reserved heim error (24)", + /* 025 */ "Reserved heim error (25)", + /* 026 */ "Reserved heim error (26)", + /* 027 */ "Reserved heim error (27)", + /* 028 */ "Reserved heim error (28)", + /* 029 */ "Reserved heim error (29)", + /* 030 */ "Reserved heim error (30)", + /* 031 */ "Reserved heim error (31)", + /* 032 */ "Reserved heim error (32)", + /* 033 */ "Reserved heim error (33)", + /* 034 */ "Reserved heim error (34)", + /* 035 */ "Reserved heim error (35)", + /* 036 */ "Reserved heim error (36)", + /* 037 */ "Reserved heim error (37)", + /* 038 */ "Reserved heim error (38)", + /* 039 */ "Reserved heim error (39)", + /* 040 */ "Reserved heim error (40)", + /* 041 */ "Reserved heim error (41)", + /* 042 */ "Reserved heim error (42)", + /* 043 */ "Reserved heim error (43)", + /* 044 */ "Reserved heim error (44)", + /* 045 */ "Reserved heim error (45)", + /* 046 */ "Reserved heim error (46)", + /* 047 */ "Reserved heim error (47)", + /* 048 */ "Reserved heim error (48)", + /* 049 */ "Reserved heim error (49)", + /* 050 */ "Reserved heim error (50)", + /* 051 */ "Reserved heim error (51)", + /* 052 */ "Reserved heim error (52)", + /* 053 */ "Reserved heim error (53)", + /* 054 */ "Reserved heim error (54)", + /* 055 */ "Reserved heim error (55)", + /* 056 */ "Reserved heim error (56)", + /* 057 */ "Reserved heim error (57)", + /* 058 */ "Reserved heim error (58)", + /* 059 */ "Reserved heim error (59)", + /* 060 */ "Reserved heim error (60)", + /* 061 */ "Reserved heim error (61)", + /* 062 */ "Reserved heim error (62)", + /* 063 */ "Reserved heim error (63)", + /* 064 */ "Certificate missing", + /* 065 */ "Private key missing", + /* 066 */ "No valid certificate authority", + /* 067 */ "Certificate invalid", + /* 068 */ "Private key invalid", + /* 069 */ "Reserved heim error (69)", + /* 070 */ "Reserved heim error (70)", + /* 071 */ "Reserved heim error (71)", + /* 072 */ "Reserved heim error (72)", + /* 073 */ "Reserved heim error (73)", + /* 074 */ "Reserved heim error (74)", + /* 075 */ "Reserved heim error (75)", + /* 076 */ "Reserved heim error (76)", + /* 077 */ "Reserved heim error (77)", + /* 078 */ "Reserved heim error (78)", + /* 079 */ "Reserved heim error (79)", + /* 080 */ "Reserved heim error (80)", + /* 081 */ "Reserved heim error (81)", + /* 082 */ "Reserved heim error (82)", + /* 083 */ "Reserved heim error (83)", + /* 084 */ "Reserved heim error (84)", + /* 085 */ "Reserved heim error (85)", + /* 086 */ "Reserved heim error (86)", + /* 087 */ "Reserved heim error (87)", + /* 088 */ "Reserved heim error (88)", + /* 089 */ "Reserved heim error (89)", + /* 090 */ "Reserved heim error (90)", + /* 091 */ "Reserved heim error (91)", + /* 092 */ "Reserved heim error (92)", + /* 093 */ "Reserved heim error (93)", + /* 094 */ "Reserved heim error (94)", + /* 095 */ "Reserved heim error (95)", + /* 096 */ "Reserved heim error (96)", + /* 097 */ "Reserved heim error (97)", + /* 098 */ "Reserved heim error (98)", + /* 099 */ "Reserved heim error (99)", + /* 100 */ "Reserved heim error (100)", + /* 101 */ "Reserved heim error (101)", + /* 102 */ "Reserved heim error (102)", + /* 103 */ "Reserved heim error (103)", + /* 104 */ "Reserved heim error (104)", + /* 105 */ "Reserved heim error (105)", + /* 106 */ "Reserved heim error (106)", + /* 107 */ "Reserved heim error (107)", + /* 108 */ "Reserved heim error (108)", + /* 109 */ "Reserved heim error (109)", + /* 110 */ "Reserved heim error (110)", + /* 111 */ "Reserved heim error (111)", + /* 112 */ "Reserved heim error (112)", + /* 113 */ "Reserved heim error (113)", + /* 114 */ "Reserved heim error (114)", + /* 115 */ "Reserved heim error (115)", + /* 116 */ "Reserved heim error (116)", + /* 117 */ "Reserved heim error (117)", + /* 118 */ "Reserved heim error (118)", + /* 119 */ "Reserved heim error (119)", + /* 120 */ "Reserved heim error (120)", + /* 121 */ "Reserved heim error (121)", + /* 122 */ "Reserved heim error (122)", + /* 123 */ "Reserved heim error (123)", + /* 124 */ "Reserved heim error (124)", + /* 125 */ "Reserved heim error (125)", + /* 126 */ "Reserved heim error (126)", + /* 127 */ "Reserved heim error (127)", + /* 128 */ "unknown error from getaddrinfo", + /* 129 */ "address family for nodename not supported", + /* 130 */ "temporary failure in name resolution", + /* 131 */ "invalid value for ai_flags", + /* 132 */ "non-recoverable failure in name resolution", + /* 133 */ "ai_family not supported", + /* 134 */ "memory allocation failure", + /* 135 */ "no address associated with nodename", + /* 136 */ "nodename nor servname provided, or not known", + /* 137 */ "servname not supported for ai_socktype", + /* 138 */ "ai_socktype not supported", + /* 139 */ "system error returned in errno", + NULL +}; + +#define num_errors 140 + +void initialize_heim_error_table_r(struct et_list **list) +{ + initialize_error_table_r(list, heim_error_strings, num_errors, ERROR_TABLE_BASE_heim); +} + +void initialize_heim_error_table(void) +{ + init_error_table(heim_error_strings, ERROR_TABLE_BASE_heim, num_errors); +} diff --git a/source4/heimdal/lib/krb5/heim_threads.h b/source4/heimdal/lib/krb5/heim_threads.h index 41f0f83306..3ebe66beee 100755 --- a/source4/heimdal/lib/krb5/heim_threads.h +++ b/source4/heimdal/lib/krb5/heim_threads.h @@ -53,7 +53,7 @@ /* * NetBSD have a thread lib that we can use that part of libc that * works regardless if application are linked to pthreads or not. - * NetBSD newer than 2.99.11 just use pthread.h, and the same thing + * NetBSD newer then 2.99.11 just use pthread.h, and the same thing * will happen. */ #include diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c index 88de280a00..6dacb316d8 100644 --- a/source4/heimdal/lib/krb5/init_creds.c +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds.c,v 1.23 2006/04/02 01:08:30 lha Exp $"); +RCSID("$Id: init_creds.c,v 1.28 2006/09/04 14:28:54 lha Exp $"); void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) @@ -96,6 +96,39 @@ _krb5_get_init_creds_opt_copy(krb5_context context, return 0; } +void KRB5_LIB_FUNCTION +_krb5_get_init_creds_opt_free_krb5_error(krb5_get_init_creds_opt *opt) +{ + if (opt->opt_private == NULL || opt->opt_private->error == NULL) + return; + free_KRB_ERROR(opt->opt_private->error); + free(opt->opt_private->error); + opt->opt_private->error = NULL; +} + +void KRB5_LIB_FUNCTION +_krb5_get_init_creds_opt_set_krb5_error(krb5_context context, + krb5_get_init_creds_opt *opt, + const KRB_ERROR *error) +{ + krb5_error_code ret; + + if (opt->opt_private == NULL) + return; + + _krb5_get_init_creds_opt_free_krb5_error(opt); + + opt->opt_private->error = malloc(sizeof(*opt->opt_private->error)); + if (opt->opt_private->error == NULL) + return; + ret = copy_KRB_ERROR(error, opt->opt_private->error); + if (ret) { + free(opt->opt_private->error); + opt->opt_private->error = NULL; + } +} + + void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_free(krb5_get_init_creds_opt *opt) { @@ -104,6 +137,7 @@ krb5_get_init_creds_opt_free(krb5_get_init_creds_opt *opt) if (opt->opt_private->refcount < 1) /* abort ? */ return; if (--opt->opt_private->refcount == 0) { + _krb5_get_init_creds_opt_free_krb5_error(opt); _krb5_get_init_creds_opt_free_pkinit(opt); free(opt->opt_private); } @@ -160,8 +194,6 @@ get_config_bool (krb5_context context, * [realms] or [libdefaults] for some of the values. */ -static krb5_addresses no_addrs = {0, NULL}; - void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_set_default_flags(krb5_context context, const char *appname, @@ -192,9 +224,9 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context, krb5_get_init_creds_opt_set_renew_life(opt, t); krb5_appdefault_boolean(context, appname, realm, "no-addresses", - KRB5_ADDRESSLESS_DEFAULT, &b); + FALSE, &b); if (b) - krb5_get_init_creds_opt_set_address_list (opt, &no_addrs); + krb5_get_init_creds_opt_set_addressless (context, opt, TRUE); #if 0 krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b); @@ -326,7 +358,52 @@ krb5_get_init_creds_opt_set_pac_request(krb5_context context, if (ret) return ret; opt->opt_private->req_pac = req_pac ? - KRB5_PA_PAC_REQ_TRUE : - KRB5_PA_PAC_REQ_FALSE; + KRB5_INIT_CREDS_TRISTATE_TRUE : + KRB5_INIT_CREDS_TRISTATE_FALSE; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_get_error(krb5_context context, + krb5_get_init_creds_opt *opt, + KRB_ERROR **error) +{ + krb5_error_code ret; + + *error = NULL; + + ret = require_ext_opt(context, opt, "init_creds_opt_get_error"); + if (ret) + return ret; + + if (opt->opt_private->error == NULL) + return 0; + + *error = malloc(sizeof(**error)); + if (*error == NULL) { + krb5_set_error_string(context, "malloc - out memory"); + return ENOMEM; + } + + ret = copy_KRB_ERROR(*error, opt->opt_private->error); + if (ret) + krb5_clear_error_string(context); + + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_addressless(krb5_context context, + krb5_get_init_creds_opt *opt, + krb5_boolean addressless) +{ + krb5_error_code ret; + ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req"); + if (ret) + return ret; + if (addressless) + opt->opt_private->addressless = KRB5_INIT_CREDS_TRISTATE_TRUE; + else + opt->opt_private->addressless = KRB5_INIT_CREDS_TRISTATE_FALSE; return 0; } diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index c05386ec23..d43ae0ae6f 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -33,10 +33,10 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c,v 1.94 2006/04/24 08:49:08 lha Exp $"); +RCSID("$Id: init_creds_pw.c,v 1.101 2006/10/02 12:00:59 lha Exp $"); typedef struct krb5_get_init_creds_ctx { - krb5_kdc_flags flags; + KDCOptions flags; krb5_creds cred; krb5_addresses *addrs; krb5_enctype *etypes; @@ -52,7 +52,7 @@ typedef struct krb5_get_init_creds_ctx { const char *password; krb5_s2k_proc key_proc; - krb5_get_init_creds_req_pac req_pac; + krb5_get_init_creds_tristate req_pac; krb5_pk_init_ctx pk_init_ctx; } krb5_get_init_creds_ctx; @@ -256,9 +256,10 @@ print_expire (krb5_context context, } } +static krb5_addresses no_addrs = { 0, NULL }; + static krb5_error_code get_init_creds_common(krb5_context context, - krb5_creds *creds, krb5_principal client, krb5_deltat start_time, const char *in_tkt_service, @@ -275,6 +276,8 @@ get_init_creds_common(krb5_context context, if (options == NULL) { krb5_get_init_creds_opt_init (&default_opt); options = &default_opt; + } else { + _krb5_get_init_creds_opt_free_krb5_error(options); } if (options->opt_private) { @@ -283,13 +286,12 @@ get_init_creds_common(krb5_context context, ctx->req_pac = options->opt_private->req_pac; ctx->pk_init_ctx = options->opt_private->pk_init_ctx; } else - ctx->req_pac = KRB5_PA_PAC_DONT_CARE; + ctx->req_pac = KRB5_INIT_CREDS_TRISTATE_UNSET; if (ctx->key_proc == NULL) ctx->key_proc = default_s2k_func; ctx->pre_auth_types = NULL; - ctx->flags.i = 0; ctx->addrs = NULL; ctx->etypes = NULL; ctx->pre_auth_types = NULL; @@ -300,20 +302,35 @@ get_init_creds_common(krb5_context context, if (ret) return ret; - ctx->flags.i = 0; - if (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE) - ctx->flags.b.forwardable = options->forwardable; + ctx->flags.forwardable = options->forwardable; if (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE) - ctx->flags.b.proxiable = options->proxiable; + ctx->flags.proxiable = options->proxiable; if (start_time) - ctx->flags.b.postdated = 1; + ctx->flags.postdated = 1; if (ctx->cred.times.renew_till) - ctx->flags.b.renewable = 1; - if (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST) + ctx->flags.renewable = 1; + if (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST) { ctx->addrs = options->address_list; + } else if (options->opt_private) { + switch (options->opt_private->addressless) { + case KRB5_INIT_CREDS_TRISTATE_UNSET: +#if KRB5_ADDRESSLESS_DEFAULT == TRUE + ctx->addrs = &no_addrs; +#else + ctx->addrs = NULL; +#endif + break; + case KRB5_INIT_CREDS_TRISTATE_FALSE: + ctx->addrs = NULL; + break; + case KRB5_INIT_CREDS_TRISTATE_TRUE: + ctx->addrs = &no_addrs; + break; + } + } if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) { etypes = malloc((options->etype_list_length + 1) * sizeof(krb5_enctype)); @@ -341,7 +358,7 @@ get_init_creds_common(krb5_context context, if (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT) ; /* XXX */ if (options->flags & KRB5_GET_INIT_CREDS_OPT_ANONYMOUS) - ctx->flags.b.request_anonymous = options->anonymous; + ctx->flags.request_anonymous = options->anonymous; return 0; } @@ -478,7 +495,7 @@ krb5_get_init_creds_keytab(krb5_context context, krb5_error_code ret; krb5_keytab_key_proc_args *a; - ret = get_init_creds_common(context, creds, client, start_time, + ret = get_init_creds_common(context, client, start_time, in_tkt_service, options, &ctx); if (ret) goto out; @@ -493,7 +510,7 @@ krb5_get_init_creds_keytab(krb5_context context, a->keytab = keytab; ret = krb5_get_in_cred (context, - ctx.flags.i, + KDCOptions2int(ctx.flags), ctx.addrs, ctx.etypes, ctx.pre_auth_types, @@ -522,7 +539,7 @@ krb5_get_init_creds_keytab(krb5_context context, static krb5_error_code init_creds_init_as_req (krb5_context context, - krb5_kdc_flags opts, + KDCOptions opts, const krb5_creds *creds, const krb5_addresses *addrs, const krb5_enctype *etypes, @@ -534,7 +551,7 @@ init_creds_init_as_req (krb5_context context, a->pvno = 5; a->msg_type = krb_as_req; - a->req_body.kdc_options = opts.b; + a->req_body.kdc_options = opts; a->req_body.cname = malloc(sizeof(*a->req_body.cname)); if (a->req_body.cname == NULL) { ret = ENOMEM; @@ -1028,12 +1045,12 @@ pa_data_add_pac_request(krb5_context context, void *buf; switch (ctx->req_pac) { - case KRB5_PA_PAC_DONT_CARE: + case KRB5_INIT_CREDS_TRISTATE_UNSET: return 0; /* don't bother */ - case KRB5_PA_PAC_REQ_TRUE: + case KRB5_INIT_CREDS_TRISTATE_TRUE: req.include_pac = 1; break; - case KRB5_PA_PAC_REQ_FALSE: + case KRB5_INIT_CREDS_TRISTATE_FALSE: req.include_pac = 0; } @@ -1176,7 +1193,7 @@ process_pa_data_to_key(krb5_context context, static krb5_error_code init_cred_loop(krb5_context context, - const krb5_get_init_creds_opt *init_cred_opts, + krb5_get_init_creds_opt *init_cred_opts, const krb5_prompter_fct prompter, void *prompter_data, krb5_get_init_creds_ctx *ctx, @@ -1196,6 +1213,8 @@ init_cred_loop(krb5_context context, memset(&md, 0, sizeof(md)); memset(&rep, 0, sizeof(rep)); + _krb5_get_init_creds_opt_free_krb5_error(init_cred_opts); + if (ret_as_reply) memset(ret_as_reply, 0, sizeof(*ret_as_reply)); @@ -1211,7 +1230,7 @@ init_cred_loop(krb5_context context, ctx->pk_nonce = ctx->nonce; /* - * Increase counter when we want other pre-auth types than + * Increase counter when we want other pre-auth types then * KRB5_PA_ENC_TIMESTAMP. */ #define MAX_PA_COUNTER 3 @@ -1306,6 +1325,9 @@ init_cred_loop(krb5_context context, krb5_free_error_contents(context, &error); send_to_kdc_flags |= KRB5_KRBHST_FLAGS_LARGE_MSG; } else { + _krb5_get_init_creds_opt_set_krb5_error(context, + init_cred_opts, + &error); if (ret_as_reply) rep.error = error; else @@ -1332,7 +1354,7 @@ init_cred_loop(krb5_context context, NULL, ctx->nonce, FALSE, - ctx->flags.b.request_anonymous, + ctx->flags.request_anonymous, NULL, NULL); krb5_free_keyblock(context, key); @@ -1344,7 +1366,7 @@ out: if (ret == 0 && ret_as_reply) *ret_as_reply = rep; - else + else krb5_free_kdc_rep (context, &rep); return ret; } @@ -1367,7 +1389,7 @@ krb5_get_init_creds(krb5_context context, memset(&kdc_reply, 0, sizeof(kdc_reply)); - ret = get_init_creds_common(context, creds, client, start_time, + ret = get_init_creds_common(context, client, start_time, in_tkt_service, options, &ctx); if (ret) goto out; @@ -1391,7 +1413,7 @@ krb5_get_init_creds(krb5_context context, case KRB5KDC_ERR_KEY_EXPIRED : /* try to avoid recursion */ - /* don't try to change password where there where none */ + /* don't try to change password where then where none */ if (prompter == NULL || ctx.password == NULL) goto out; @@ -1528,13 +1550,13 @@ krb5_get_init_creds_keyblock(krb5_context context, struct krb5_get_init_creds_ctx ctx; krb5_error_code ret; - ret = get_init_creds_common(context, creds, client, start_time, + ret = get_init_creds_common(context, client, start_time, in_tkt_service, options, &ctx); if (ret) goto out; ret = krb5_get_in_cred (context, - ctx.flags.i, + KDCOptions2int(ctx.flags), ctx.addrs, ctx.etypes, ctx.pre_auth_types, diff --git a/source4/heimdal/lib/krb5/k524_err.c b/source4/heimdal/lib/krb5/k524_err.c new file mode 100644 index 0000000000..266d3ee577 --- /dev/null +++ b/source4/heimdal/lib/krb5/k524_err.c @@ -0,0 +1,30 @@ +/* Generated from k524_err.et */ +/* $Id: k524_err.et,v 1.1 2001/06/20 02:44:11 joda Exp $ */ + +#include +#include +#include "k524_err.h" + +static const char *k524_error_strings[] = { + /* 000 */ "wrong keytype in ticket", + /* 001 */ "incorrect network address", + /* 002 */ "cannot convert V5 principal", + /* 003 */ "V5 realm name longer than V4 maximum", + /* 004 */ "kerberos V4 error server", + /* 005 */ "encoding too large at server", + /* 006 */ "decoding out of data", + /* 007 */ "service not responding", + NULL +}; + +#define num_errors 8 + +void initialize_k524_error_table_r(struct et_list **list) +{ + initialize_error_table_r(list, k524_error_strings, num_errors, ERROR_TABLE_BASE_k524); +} + +void initialize_k524_error_table(void) +{ + init_error_table(k524_error_strings, ERROR_TABLE_BASE_k524, num_errors); +} diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 9ba288e22b..968b6079b7 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -17,7 +17,7 @@ _krb5_aes_cts_encrypt ( const unsigned char */*in*/, unsigned char */*out*/, size_t /*len*/, - const void */*aes_key*/, + const AES_KEY */*key*/, unsigned char */*ivec*/, const int /*encryptp*/); @@ -46,6 +46,12 @@ _krb5_dh_group_ok ( struct krb5_dh_moduli **/*moduli*/, char **/*name*/); +krb5_error_code KRB5_LIB_FUNCTION +_krb5_enctype_to_oid ( + krb5_context /*context*/, + krb5_enctype /*etype*/, + heim_oid */*oid*/); + krb5_error_code _krb5_expand_default_cc_name ( krb5_context /*context*/, @@ -100,9 +106,18 @@ _krb5_get_init_creds_opt_copy ( const krb5_get_init_creds_opt */*in*/, krb5_get_init_creds_opt **/*out*/); +void KRB5_LIB_FUNCTION +_krb5_get_init_creds_opt_free_krb5_error (krb5_get_init_creds_opt */*opt*/); + void KRB5_LIB_FUNCTION _krb5_get_init_creds_opt_free_pkinit (krb5_get_init_creds_opt */*opt*/); +void KRB5_LIB_FUNCTION +_krb5_get_init_creds_opt_set_krb5_error ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + const KRB_ERROR */*error*/); + krb5_ssize_t KRB5_LIB_FUNCTION _krb5_get_int ( void */*buffer*/, @@ -312,8 +327,8 @@ _krb5_pk_load_id ( struct krb5_pk_identity **/*ret_id*/, const char */*user_id*/, const char */*anchor_id*/, - char * const */*chain*/, - char * const */*revoke*/, + char * const */*chain_list*/, + char * const */*revoke_list*/, krb5_prompter_fct /*prompter*/, void */*prompter_data*/, char */*password*/); @@ -372,7 +387,7 @@ _krb5_principal2principalname ( krb5_error_code KRB5_LIB_FUNCTION _krb5_principalname2krb5_principal ( - krb5_context /* context */, + krb5_context /*context*/, krb5_principal */*principal*/, const PrincipalName /*from*/, const Realm /*realm*/); @@ -383,6 +398,12 @@ _krb5_put_int ( unsigned long /*value*/, size_t /*size*/); +krb5_error_code KRB5_LIB_FUNCTION +_krb5_s4u2self_to_checksumdata ( + krb5_context /*context*/, + const PA_S4U2Self */*self*/, + krb5_data */*data*/); + int _krb5_send_and_recv_tcp ( int /*fd*/, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 37293ff982..2010e25f5a 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -1065,13 +1065,6 @@ krb5_crypto_get_checksum_type ( krb5_crypto /*crypto*/, krb5_cksumtype */*type*/); -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_get_params ( - krb5_context /*context*/, - const krb5_crypto /*crypto*/, - const krb5_data */*params*/, - krb5_data */*ivec*/); - krb5_error_code KRB5_LIB_FUNCTION krb5_crypto_getblocksize ( krb5_context /*context*/, @@ -1103,13 +1096,6 @@ krb5_crypto_init ( krb5_enctype /*etype*/, krb5_crypto */*crypto*/); -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_set_params ( - krb5_context /*context*/, - const krb5_crypto /*crypto*/, - const krb5_data */*ivec*/, - krb5_data */*params*/); - krb5_error_code KRB5_LIB_FUNCTION krb5_data_alloc ( krb5_data */*p*/, @@ -1246,6 +1232,169 @@ krb5_derive_key ( size_t /*constant_len*/, krb5_keyblock **/*derived_key*/); +krb5_error_code +krb5_digest_alloc ( + krb5_context /*context*/, + krb5_digest */*digest*/); + +void +krb5_digest_free (krb5_digest /*digest*/); + +krb5_error_code +krb5_digest_get_a1_hash ( + krb5_context /*context*/, + krb5_digest /*digest*/, + krb5_data */*data*/); + +krb5_error_code +krb5_digest_get_client_binding ( + krb5_context /*context*/, + krb5_digest /*digest*/, + char **/*type*/, + char **/*binding*/); + +const char * +krb5_digest_get_identifier ( + krb5_context /*context*/, + krb5_digest /*digest*/); + +const char * +krb5_digest_get_opaque ( + krb5_context /*context*/, + krb5_digest /*digest*/); + +const char * +krb5_digest_get_responseData ( + krb5_context /*context*/, + krb5_digest /*digest*/); + +const char * +krb5_digest_get_rsp ( + krb5_context /*context*/, + krb5_digest /*digest*/); + +const char * +krb5_digest_get_server_nonce ( + krb5_context /*context*/, + krb5_digest /*digest*/); + +krb5_error_code +krb5_digest_get_tickets ( + krb5_context /*context*/, + krb5_digest /*digest*/, + Ticket **/*tickets*/); + +krb5_error_code +krb5_digest_init_request ( + krb5_context /*context*/, + krb5_digest /*digest*/, + krb5_realm /*realm*/, + krb5_ccache /*ccache*/); + +krb5_error_code +krb5_digest_request ( + krb5_context /*context*/, + krb5_digest /*digest*/, + krb5_realm /*realm*/, + krb5_ccache /*ccache*/); + +krb5_error_code +krb5_digest_set_authentication_user ( + krb5_context /*context*/, + krb5_digest /*digest*/, + krb5_principal /*authentication_user*/); + +krb5_error_code +krb5_digest_set_authid ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*authid*/); + +krb5_error_code +krb5_digest_set_client_nonce ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*nonce*/); + +krb5_error_code +krb5_digest_set_digest ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*dgst*/); + +krb5_error_code +krb5_digest_set_hostname ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*hostname*/); + +krb5_error_code +krb5_digest_set_identifier ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*id*/); + +krb5_error_code +krb5_digest_set_method ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*method*/); + +krb5_error_code +krb5_digest_set_nonceCount ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*nonce_count*/); + +krb5_error_code +krb5_digest_set_opaque ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*opaque*/); + +krb5_error_code +krb5_digest_set_qop ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*qop*/); + +krb5_error_code +krb5_digest_set_realm ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*realm*/); + +krb5_error_code +krb5_digest_set_server_cb ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*type*/, + const char */*binding*/); + +krb5_error_code +krb5_digest_set_server_nonce ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*nonce*/); + +krb5_error_code +krb5_digest_set_type ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*type*/); + +krb5_error_code +krb5_digest_set_uri ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*uri*/); + +krb5_error_code +krb5_digest_set_username ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*username*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_domain_x500_decode ( krb5_context /*context*/, @@ -1376,12 +1525,6 @@ krb5_enctype_to_keytype ( krb5_enctype /*etype*/, krb5_keytype */*keytype*/); -krb5_error_code KRB5_LIB_FUNCTION -krb5_enctype_to_oid ( - krb5_context /*context*/, - krb5_enctype /*etype*/, - heim_oid */*oid*/); - krb5_error_code KRB5_LIB_FUNCTION krb5_enctype_to_string ( krb5_context /*context*/, @@ -1651,6 +1794,54 @@ krb5_get_credentials_with_flags ( krb5_creds */*in_creds*/, krb5_creds **/*out_creds*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_creds ( + krb5_context /*context*/, + krb5_get_creds_opt /*opt*/, + krb5_ccache /*ccache*/, + krb5_const_principal /*inprinc*/, + krb5_creds **/*out_creds*/); + +void KRB5_LIB_FUNCTION +krb5_get_creds_opt_add_options ( + krb5_context /*context*/, + krb5_get_creds_opt /*opt*/, + krb5_flags /*options*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_creds_opt_alloc ( + krb5_context /*context*/, + krb5_get_creds_opt */*opt*/); + +void KRB5_LIB_FUNCTION +krb5_get_creds_opt_free ( + krb5_context /*context*/, + krb5_get_creds_opt /*opt*/); + +void KRB5_LIB_FUNCTION +krb5_get_creds_opt_set_enctype ( + krb5_context /*context*/, + krb5_get_creds_opt /*opt*/, + krb5_enctype /*enctype*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_creds_opt_set_impersonate ( + krb5_context /*context*/, + krb5_get_creds_opt /*opt*/, + krb5_const_principal /*self*/); + +void KRB5_LIB_FUNCTION +krb5_get_creds_opt_set_options ( + krb5_context /*context*/, + krb5_get_creds_opt /*opt*/, + krb5_flags /*options*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_creds_opt_set_ticket ( + krb5_context /*context*/, + krb5_get_creds_opt /*opt*/, + const Ticket */*ticket*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_get_default_config_files (char ***/*pfilenames*/); @@ -1674,6 +1865,9 @@ krb5_get_default_realms ( krb5_context /*context*/, krb5_realm **/*realms*/); +krb5_boolean KRB5_LIB_FUNCTION +krb5_get_dns_canonize_hostname (krb5_context /*context*/); + const char* KRB5_LIB_FUNCTION krb5_get_err_text ( krb5_context /*context*/, @@ -1710,7 +1904,7 @@ krb5_get_forwarded_creds ( krb5_error_code KRB5_LIB_FUNCTION krb5_get_host_realm ( krb5_context /*context*/, - const char */*host*/, + const char */*targethost*/, krb5_realm **/*realms*/); krb5_error_code KRB5_LIB_FUNCTION @@ -1823,6 +2017,12 @@ krb5_get_init_creds_opt_alloc ( void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_free (krb5_get_init_creds_opt */*opt*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_get_error ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + KRB_ERROR **/*error*/); + void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_init (krb5_get_init_creds_opt */*opt*/); @@ -1831,6 +2031,12 @@ krb5_get_init_creds_opt_set_address_list ( krb5_get_init_creds_opt */*opt*/, krb5_addresses */*addresses*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_addressless ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + krb5_boolean /*addressless*/); + void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_set_anonymous ( krb5_get_init_creds_opt */*opt*/, @@ -1874,8 +2080,8 @@ krb5_get_init_creds_opt_set_pkinit ( krb5_principal /*principal*/, const char */*user_id*/, const char */*x509_anchors*/, - char * const * /*chain*/, - char * const * /*revoke*/, + char * const * /*pool*/, + char * const * /*pki_revoke*/, int /*flags*/, krb5_prompter_fct /*prompter*/, void */*prompter_data*/, @@ -1929,6 +2135,12 @@ krb5_get_kdc_cred ( krb5_creds */*in_creds*/, krb5_creds **out_creds ); +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_kdc_sec_offset ( + krb5_context /*context*/, + int32_t */*sec*/, + int32_t */*usec*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_get_krb524hst ( krb5_context /*context*/, @@ -2035,6 +2247,9 @@ krb5_initlog ( krb5_boolean KRB5_LIB_FUNCTION krb5_is_thread_safe (void); +const krb5_enctype * KRB5_LIB_FUNCTION +krb5_kerberos_enctypes (krb5_context /*context*/); + krb5_enctype krb5_keyblock_get_enctype (const krb5_keyblock */*block*/); @@ -2412,15 +2627,10 @@ krb5_parse_name ( krb5_principal */*principal*/); krb5_error_code KRB5_LIB_FUNCTION -krb5_parse_name_mustrealm ( - krb5_context /*context*/, - const char */*name*/, - krb5_principal */*principal*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_parse_name_norealm ( +krb5_parse_name_flags ( krb5_context /*context*/, const char */*name*/, + int /*flags*/, krb5_principal */*principal*/); const char* KRB5_LIB_FUNCTION @@ -2447,7 +2657,7 @@ krb5_prepend_config_files_default ( const char */*filelist*/, char ***/*pfilenames*/); -krb5_realm* KRB5_LIB_FUNCTION +krb5_realm * KRB5_LIB_FUNCTION krb5_princ_realm ( krb5_context /*context*/, krb5_principal /*principal*/); @@ -2792,6 +3002,11 @@ krb5_ret_string ( krb5_storage */*sp*/, char **/*string*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_stringnl ( + krb5_storage */*sp*/, + char **/*string*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_ret_stringz ( krb5_storage */*sp*/, @@ -2877,6 +3092,11 @@ krb5_set_default_realm ( krb5_context /*context*/, const char */*realm*/); +void KRB5_LIB_FUNCTION +krb5_set_dns_canonicalize_hostname ( + krb5_context /*context*/, + krb5_boolean /*flag*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_set_error_string ( krb5_context /*context*/, @@ -2926,10 +3146,9 @@ krb5_set_real_time ( int32_t /*usec*/); krb5_error_code KRB5_LIB_FUNCTION -krb5_set_send_recv_func ( +krb5_set_send_to_kdc_func ( krb5_context /*context*/, - krb5_send_and_recv_func_t /*func*/, - krb5_send_and_recv_close_func_t /*close_fn*/, + krb5_send_to_kdc_func /*func*/, void */*data*/); void KRB5_LIB_FUNCTION @@ -3109,6 +3328,11 @@ krb5_store_string ( krb5_storage */*sp*/, const char */*s*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_stringnl ( + krb5_storage */*sp*/, + const char */*s*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_store_stringz ( krb5_storage */*sp*/, @@ -3254,24 +3478,26 @@ krb5_unparse_name_fixed ( size_t /*len*/); krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_fixed_short ( +krb5_unparse_name_fixed_flags ( krb5_context /*context*/, krb5_const_principal /*principal*/, + int /*flags*/, char */*name*/, size_t /*len*/); krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_norealm ( +krb5_unparse_name_fixed_short ( krb5_context /*context*/, krb5_const_principal /*principal*/, - char **/*name*/); + char */*name*/, + size_t /*len*/); krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_norealm_fixed ( +krb5_unparse_name_flags ( krb5_context /*context*/, krb5_const_principal /*principal*/, - char */*name*/, - size_t /*len*/); + int /*flags*/, + char **/*name*/); krb5_error_code KRB5_LIB_FUNCTION krb5_unparse_name_short ( diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index 32fdd6d383..4b5058094b 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.241 2006/05/05 09:29:36 lha Exp $ */ +/* $Id: krb5.h,v 1.253 2006/10/20 18:12:06 lha Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -72,6 +72,12 @@ typedef const void *krb5_const_pointer; struct krb5_crypto_data; typedef struct krb5_crypto_data *krb5_crypto; +struct krb5_get_creds_opt_data; +typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt; + +struct krb5_digest; +typedef struct krb5_digest *krb5_digest; + typedef CKSUMTYPE krb5_cksumtype; typedef Checksum krb5_checksum; @@ -203,8 +209,16 @@ typedef enum krb5_key_usage { /* Encryption of the SAM-TRACK-ID field */ KRB5_KU_PA_SERVER_REFERRAL = 26, /* Keyusage for the server referral in a TGS req */ - KRB5_KU_SAM_ENC_NONCE_SAD = 27 + KRB5_KU_SAM_ENC_NONCE_SAD = 27, /* Encryption of the SAM-NONCE-OR-SAD field */ + KRB5_KU_TGS_IMPERSONATE = -17, + /* Checksum type used in the impersonate field */ + KRB5_KU_DIGEST_ENCRYPT = -18, + /* Encryption key usage used in the digest encryption field */ + KRB5_KU_DIGEST_OPAQUE = -19, + /* Checksum key usage used in the digest opaque field */ + KRB5_KU_KRB5SIGNEDPATH = -21 + /* Checksum key usage on KRB5SignedPath */ } krb5_key_usage; typedef krb5_key_usage krb5_keyusage; @@ -256,9 +270,7 @@ typedef enum krb5_keytype { KEYTYPE_AES128 = 17, KEYTYPE_AES256 = 18, KEYTYPE_ARCFOUR = 23, - KEYTYPE_ARCFOUR_56 = 24, - KEYTYPE_RC2 = -0x1005, - KEYTYPE_AES192 = -0x1006 + KEYTYPE_ARCFOUR_56 = 24 } krb5_keytype; typedef EncryptionKey krb5_keyblock; @@ -339,6 +351,9 @@ typedef union { #define KRB5_GC_CACHED (1U << 0) #define KRB5_GC_USER_USER (1U << 1) #define KRB5_GC_EXPIRED_OK (1U << 2) +#define KRB5_GC_NO_STORE (1U << 3) +#define KRB5_GC_FORWARDABLE (1U << 4) +#define KRB5_GC_NO_TRANSIT_CHECK (1U << 5) /* constants for compare_creds (and cc_retrieve_cred) */ #define KRB5_TC_DONT_MATCH_REALM (1U << 31) @@ -413,49 +428,6 @@ typedef struct krb5_config_binding krb5_config_binding; typedef krb5_config_binding krb5_config_section; -typedef struct krb5_context_data { - krb5_enctype *etypes; - krb5_enctype *etypes_des; - char **default_realms; - time_t max_skew; - time_t kdc_timeout; - unsigned max_retries; - int32_t kdc_sec_offset; - int32_t kdc_usec_offset; - krb5_config_section *cf; - struct et_list *et_list; - struct krb5_log_facility *warn_dest; - krb5_cc_ops *cc_ops; - int num_cc_ops; - const char *http_proxy; - const char *time_fmt; - krb5_boolean log_utc; - const char *default_keytab; - const char *default_keytab_modify; - krb5_boolean use_admin_kdc; - krb5_addresses *extra_addresses; - krb5_boolean scan_interfaces; /* `ifconfig -a' */ - krb5_boolean srv_lookup; /* do SRV lookups */ - krb5_boolean srv_try_txt; /* try TXT records also */ - int32_t fcache_vno; /* create cache files w/ this - version */ - int num_kt_types; /* # of registered keytab types */ - struct krb5_keytab_data *kt_types; /* registered keytab types */ - const char *date_fmt; - char *error_string; - char error_buf[256]; - krb5_addresses *ignore_addresses; - char *default_cc_name; - int pkinit_flags; - void *mutex; /* protects error_string/error_buf */ - int large_msg_size; - krb5_boolean fdns; /* Lookup hostnames to find full name, or send as-is */ - struct send_and_recv *send_and_recv; /* Alternate functions for KDC communication */ - void *mem_ctx; /* Some parts of Samba4 need a valid - memory context (under the event - context) to use */ -} krb5_context_data; - enum { KRB5_PKINIT_WIN2K = 1, /* wire compatible with Windows 2k */ KRB5_PKINIT_PACKET_CABLE = 2 /* use packet cable standard */ @@ -578,8 +550,8 @@ typedef struct krb5_auth_context_data { krb5_rcache rcache; - krb5_keytype keytype; /* ¿requested key type ? */ - krb5_cksumtype cksumtype; /* ¡requested checksum type! */ + krb5_keytype keytype; /* ¿requested key type ? */ + krb5_cksumtype cksumtype; /* ¡requested checksum type! */ }krb5_auth_context_data, *krb5_auth_context; @@ -609,6 +581,8 @@ typedef EncAPRepPart krb5_ap_rep_enc_part; #define KRB5_TGS_NAME_SIZE (6) #define KRB5_TGS_NAME ("krbtgt") +#define KRB5_DIGEST_NAME ("digest") + /* variables */ extern const char *krb5_config_file; @@ -618,7 +592,8 @@ typedef enum { KRB5_PROMPT_TYPE_PASSWORD = 0x1, KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2, KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3, - KRB5_PROMPT_TYPE_PREAUTH = 0x4 + KRB5_PROMPT_TYPE_PREAUTH = 0x4, + KRB5_PROMPT_TYPE_INFO = 0x5 } krb5_prompt_type; typedef struct _krb5_prompt { @@ -754,12 +729,23 @@ enum { KRB5_KRBHST_FLAGS_LARGE_MSG = 2 }; -typedef int (*krb5_send_and_recv_func_t)(krb5_context, - void *, - krb5_krbhst_info *, - const krb5_data *, - krb5_data *); -typedef void (*krb5_send_and_recv_close_func_t)(krb5_context, void*); +typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, + void *, + krb5_krbhst_info *, + const krb5_data *, + krb5_data *); + +/* flags for krb5_parse_name_flags */ +enum { + KRB5_PRINCIPAL_PARSE_NO_REALM = 1, + KRB5_PRINCIPAL_PARSE_MUST_REALM = 2 +}; + +/* flags for krb5_unparse_name_flags */ +enum { + KRB5_PRINCIPAL_UNPARSE_SHORT = 1, + KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2 +}; struct credentials; /* this is to keep the compiler happy */ struct getargs; diff --git a/source4/heimdal/lib/krb5/krb5_err.c b/source4/heimdal/lib/krb5/krb5_err.c new file mode 100644 index 0000000000..9185f729d5 --- /dev/null +++ b/source4/heimdal/lib/krb5/krb5_err.c @@ -0,0 +1,271 @@ +/* Generated from krb5_err.et */ +/* $Id: krb5_err.et,v 1.14 2006/02/13 11:28:22 lha Exp $ */ + +#include +#include +#include "krb5_err.h" + +static const char *krb5_error_strings[] = { + /* 000 */ "No error", + /* 001 */ "Client's entry in database has expired", + /* 002 */ "Server's entry in database has expired", + /* 003 */ "Requested protocol version not supported", + /* 004 */ "Client's key is encrypted in an old master key", + /* 005 */ "Server's key is encrypted in an old master key", + /* 006 */ "Client not found in Kerberos database", + /* 007 */ "Server not found in Kerberos database", + /* 008 */ "Principal has multiple entries in Kerberos database", + /* 009 */ "Client or server has a null key", + /* 010 */ "Ticket is ineligible for postdating", + /* 011 */ "Requested effective lifetime is negative or too short", + /* 012 */ "KDC policy rejects request", + /* 013 */ "KDC can't fulfill requested option", + /* 014 */ "KDC has no support for encryption type", + /* 015 */ "KDC has no support for checksum type", + /* 016 */ "KDC has no support for padata type", + /* 017 */ "KDC has no support for transited type", + /* 018 */ "Clients credentials have been revoked", + /* 019 */ "Credentials for server have been revoked", + /* 020 */ "TGT has been revoked", + /* 021 */ "Client not yet valid - try again later", + /* 022 */ "Server not yet valid - try again later", + /* 023 */ "Password has expired", + /* 024 */ "Preauthentication failed", + /* 025 */ "Additional pre-authentication required", + /* 026 */ "Requested server and ticket don't match", + /* 027 */ "Reserved krb5 error (27)", + /* 028 */ "Reserved krb5 error (28)", + /* 029 */ "Reserved krb5 error (29)", + /* 030 */ "Reserved krb5 error (30)", + /* 031 */ "Decrypt integrity check failed", + /* 032 */ "Ticket expired", + /* 033 */ "Ticket not yet valid", + /* 034 */ "Request is a replay", + /* 035 */ "The ticket isn't for us", + /* 036 */ "Ticket/authenticator don't match", + /* 037 */ "Clock skew too great", + /* 038 */ "Incorrect net address", + /* 039 */ "Protocol version mismatch", + /* 040 */ "Invalid message type", + /* 041 */ "Message stream modified", + /* 042 */ "Message out of order", + /* 043 */ "Invalid cross-realm ticket", + /* 044 */ "Key version is not available", + /* 045 */ "Service key not available", + /* 046 */ "Mutual authentication failed", + /* 047 */ "Incorrect message direction", + /* 048 */ "Alternative authentication method required", + /* 049 */ "Incorrect sequence number in message", + /* 050 */ "Inappropriate type of checksum in message", + /* 051 */ "Policy rejects transited path", + /* 052 */ "Response too big for UDP, retry with TCP", + /* 053 */ "Reserved krb5 error (53)", + /* 054 */ "Reserved krb5 error (54)", + /* 055 */ "Reserved krb5 error (55)", + /* 056 */ "Reserved krb5 error (56)", + /* 057 */ "Reserved krb5 error (57)", + /* 058 */ "Reserved krb5 error (58)", + /* 059 */ "Reserved krb5 error (59)", + /* 060 */ "Generic error (see e-text)", + /* 061 */ "Field is too long for this implementation", + /* 062 */ "Client not trusted", + /* 063 */ "KDC not trusted", + /* 064 */ "Invalid signature", + /* 065 */ "DH parameters not accepted", + /* 066 */ "Reserved krb5 error (66)", + /* 067 */ "Reserved krb5 error (67)", + /* 068 */ "Reserved krb5 error (68)", + /* 069 */ "User to user required", + /* 070 */ "Cannot verify certificate", + /* 071 */ "Certificate invalid", + /* 072 */ "Certificate revoked", + /* 073 */ "Revocation status unknown", + /* 074 */ "Revocation status unknown", + /* 075 */ "Inconsistent key purpose", + /* 076 */ "Digest in certificate not accepted", + /* 077 */ "paChecksum must be included", + /* 078 */ "Digest in signedData not accepted", + /* 079 */ "Public key encryption not supported", + /* 080 */ "Reserved krb5 error (80)", + /* 081 */ "Reserved krb5 error (81)", + /* 082 */ "Reserved krb5 error (82)", + /* 083 */ "Reserved krb5 error (83)", + /* 084 */ "Reserved krb5 error (84)", + /* 085 */ "Reserved krb5 error (85)", + /* 086 */ "Reserved krb5 error (86)", + /* 087 */ "Reserved krb5 error (87)", + /* 088 */ "Reserved krb5 error (88)", + /* 089 */ "Reserved krb5 error (89)", + /* 090 */ "Reserved krb5 error (90)", + /* 091 */ "Reserved krb5 error (91)", + /* 092 */ "Reserved krb5 error (92)", + /* 093 */ "Reserved krb5 error (93)", + /* 094 */ "Reserved krb5 error (94)", + /* 095 */ "Reserved krb5 error (95)", + /* 096 */ "Reserved krb5 error (96)", + /* 097 */ "Reserved krb5 error (97)", + /* 098 */ "Reserved krb5 error (98)", + /* 099 */ "Reserved krb5 error (99)", + /* 100 */ "Reserved krb5 error (100)", + /* 101 */ "Reserved krb5 error (101)", + /* 102 */ "Reserved krb5 error (102)", + /* 103 */ "Reserved krb5 error (103)", + /* 104 */ "Reserved krb5 error (104)", + /* 105 */ "Reserved krb5 error (105)", + /* 106 */ "Reserved krb5 error (106)", + /* 107 */ "Reserved krb5 error (107)", + /* 108 */ "Reserved krb5 error (108)", + /* 109 */ "Reserved krb5 error (109)", + /* 110 */ "Reserved krb5 error (110)", + /* 111 */ "Reserved krb5 error (111)", + /* 112 */ "Reserved krb5 error (112)", + /* 113 */ "Reserved krb5 error (113)", + /* 114 */ "Reserved krb5 error (114)", + /* 115 */ "Reserved krb5 error (115)", + /* 116 */ "Reserved krb5 error (116)", + /* 117 */ "Reserved krb5 error (117)", + /* 118 */ "Reserved krb5 error (118)", + /* 119 */ "Reserved krb5 error (119)", + /* 120 */ "Reserved krb5 error (120)", + /* 121 */ "Reserved krb5 error (121)", + /* 122 */ "Reserved krb5 error (122)", + /* 123 */ "Reserved krb5 error (123)", + /* 124 */ "Reserved krb5 error (124)", + /* 125 */ "Reserved krb5 error (125)", + /* 126 */ "Reserved krb5 error (126)", + /* 127 */ "Reserved krb5 error (127)", + /* 128 */ "$Id: krb5_err.et,v 1.14 2006/02/13 11:28:22 lha Exp $", + /* 129 */ "Invalid flag for file lock mode", + /* 130 */ "Cannot read password", + /* 131 */ "Password mismatch", + /* 132 */ "Password read interrupted", + /* 133 */ "Invalid character in component name", + /* 134 */ "Malformed representation of principal", + /* 135 */ "Can't open/find configuration file", + /* 136 */ "Improper format of configuration file", + /* 137 */ "Insufficient space to return complete information", + /* 138 */ "Invalid message type specified for encoding", + /* 139 */ "Credential cache name malformed", + /* 140 */ "Unknown credential cache type", + /* 141 */ "Matching credential not found", + /* 142 */ "End of credential cache reached", + /* 143 */ "Request did not supply a ticket", + /* 144 */ "Wrong principal in request", + /* 145 */ "Ticket has invalid flag set", + /* 146 */ "Requested principal and ticket don't match", + /* 147 */ "KDC reply did not match expectations", + /* 148 */ "Clock skew too great in KDC reply", + /* 149 */ "Client/server realm mismatch in initial ticket request", + /* 150 */ "Program lacks support for encryption type", + /* 151 */ "Program lacks support for key type", + /* 152 */ "Requested encryption type not used in message", + /* 153 */ "Program lacks support for checksum type", + /* 154 */ "Cannot find KDC for requested realm", + /* 155 */ "Kerberos service unknown", + /* 156 */ "Cannot contact any KDC for requested realm", + /* 157 */ "No local name found for principal name", + /* 158 */ "Mutual authentication failed", + /* 159 */ "Replay cache type is already registered", + /* 160 */ "No more memory to allocate (in replay cache code)", + /* 161 */ "Replay cache type is unknown", + /* 162 */ "Generic unknown RC error", + /* 163 */ "Message is a replay", + /* 164 */ "Replay I/O operation failed XXX", + /* 165 */ "Replay cache type does not support non-volatile storage", + /* 166 */ "Replay cache name parse/format error", + /* 167 */ "End-of-file on replay cache I/O", + /* 168 */ "No more memory to allocate (in replay cache I/O code)", + /* 169 */ "Permission denied in replay cache code", + /* 170 */ "I/O error in replay cache i/o code", + /* 171 */ "Generic unknown RC/IO error", + /* 172 */ "Insufficient system space to store replay information", + /* 173 */ "Can't open/find realm translation file", + /* 174 */ "Improper format of realm translation file", + /* 175 */ "Can't open/find lname translation database", + /* 176 */ "No translation available for requested principal", + /* 177 */ "Improper format of translation database entry", + /* 178 */ "Cryptosystem internal error", + /* 179 */ "Key table name malformed", + /* 180 */ "Unknown Key table type", + /* 181 */ "Key table entry not found", + /* 182 */ "End of key table reached", + /* 183 */ "Cannot write to specified key table", + /* 184 */ "Error writing to key table", + /* 185 */ "Cannot find ticket for requested realm", + /* 186 */ "DES key has bad parity", + /* 187 */ "DES key is a weak key", + /* 188 */ "Bad encryption type", + /* 189 */ "Key size is incompatible with encryption type", + /* 190 */ "Message size is incompatible with encryption type", + /* 191 */ "Credentials cache type is already registered.", + /* 192 */ "Key table type is already registered.", + /* 193 */ "Credentials cache I/O operation failed XXX", + /* 194 */ "Credentials cache file permissions incorrect", + /* 195 */ "No credentials cache file found", + /* 196 */ "Internal file credentials cache error", + /* 197 */ "Error writing to credentials cache file", + /* 198 */ "No more memory to allocate (in credentials cache code)", + /* 199 */ "Bad format in credentials cache", + /* 200 */ "No credentials found with supported encryption types", + /* 201 */ "Invalid KDC option combination (library internal error)", + /* 202 */ "Request missing second ticket", + /* 203 */ "No credentials supplied to library routine", + /* 204 */ "Bad sendauth version was sent", + /* 205 */ "Bad application version was sent (via sendauth)", + /* 206 */ "Bad response (during sendauth exchange)", + /* 207 */ "Server rejected authentication (during sendauth exchange)", + /* 208 */ "Unsupported preauthentication type", + /* 209 */ "Required preauthentication key not supplied", + /* 210 */ "Generic preauthentication failure", + /* 211 */ "Unsupported replay cache format version number", + /* 212 */ "Unsupported credentials cache format version number", + /* 213 */ "Unsupported key table format version number", + /* 214 */ "Program lacks support for address type", + /* 215 */ "Message replay detection requires rcache parameter", + /* 216 */ "Hostname cannot be canonicalized", + /* 217 */ "Cannot determine realm for host", + /* 218 */ "Conversion to service principal undefined for name type", + /* 219 */ "Initial Ticket response appears to be Version 4", + /* 220 */ "Cannot resolve KDC for requested realm", + /* 221 */ "Requesting ticket can't get forwardable tickets", + /* 222 */ "Bad principal name while trying to forward credentials", + /* 223 */ "Looping detected inside krb5_get_in_tkt", + /* 224 */ "Configuration file does not specify default realm", + /* 225 */ "Bad SAM flags in obtain_sam_padata", + /* 226 */ "Invalid encryption type in SAM challenge", + /* 227 */ "Missing checksum in SAM challenge", + /* 228 */ "Bad checksum in SAM challenge", + /* 229 */ "Reserved krb5 error (229)", + /* 230 */ "Reserved krb5 error (230)", + /* 231 */ "Reserved krb5 error (231)", + /* 232 */ "Reserved krb5 error (232)", + /* 233 */ "Reserved krb5 error (233)", + /* 234 */ "Reserved krb5 error (234)", + /* 235 */ "Reserved krb5 error (235)", + /* 236 */ "Reserved krb5 error (236)", + /* 237 */ "Reserved krb5 error (237)", + /* 238 */ "Program called an obsolete, deleted function", + /* 239 */ "Reserved krb5 error (239)", + /* 240 */ "Reserved krb5 error (240)", + /* 241 */ "Reserved krb5 error (241)", + /* 242 */ "Reserved krb5 error (242)", + /* 243 */ "Reserved krb5 error (243)", + /* 244 */ "Reserved krb5 error (244)", + /* 245 */ "Invalid key generation parameters from KDC", + /* 246 */ "Service not available", + /* 247 */ "Credential cache function not supported", + /* 248 */ "Invalid format of Kerberos lifetime or clock skew string", + NULL +}; + +#define num_errors 249 + +void initialize_krb5_error_table_r(struct et_list **list) +{ + initialize_error_table_r(list, krb5_error_strings, num_errors, ERROR_TABLE_BASE_krb5); +} + +void initialize_krb5_error_table(void) +{ + init_error_table(krb5_error_strings, ERROR_TABLE_BASE_krb5, num_errors); +} diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index 4dcac40c7a..89b3c6ad40 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h,v 1.87 2006/02/09 11:36:27 lha Exp $ */ +/* $Id: krb5_locl.h,v 1.93 2006/10/20 18:13:31 lha Exp $ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ @@ -136,6 +136,8 @@ struct sockaddr_dl; #include +struct send_to_kdc; + /* XXX glue for pkinit */ struct krb5_pk_identity; struct krb5_pk_cert; @@ -151,6 +153,9 @@ struct _krb5_krb_auth_data; #include #include #include +#ifdef PKINIT +#include +#endif #include #include "heim_threads.h" @@ -171,10 +176,10 @@ struct _krb5_krb_auth_data; #define KRB5_BUFSIZ 1024 typedef enum { - KRB5_PA_PAC_DONT_CARE = 0, - KRB5_PA_PAC_REQ_TRUE, - KRB5_PA_PAC_REQ_FALSE -} krb5_get_init_creds_req_pac; + KRB5_INIT_CREDS_TRISTATE_UNSET = 0, + KRB5_INIT_CREDS_TRISTATE_TRUE, + KRB5_INIT_CREDS_TRISTATE_FALSE +} krb5_get_init_creds_tristate; struct _krb5_get_init_creds_opt_private { int refcount; @@ -182,12 +187,57 @@ struct _krb5_get_init_creds_opt_private { const char *password; krb5_s2k_proc key_proc; /* PA_PAC_REQUEST */ - krb5_get_init_creds_req_pac req_pac; + krb5_get_init_creds_tristate req_pac; /* PKINIT */ krb5_pk_init_ctx pk_init_ctx; int canonicalize; + KRB_ERROR *error; + krb5_get_init_creds_tristate addressless; }; +typedef struct krb5_context_data { + krb5_enctype *etypes; + krb5_enctype *etypes_des; + char **default_realms; + time_t max_skew; + time_t kdc_timeout; + unsigned max_retries; + int32_t kdc_sec_offset; + int32_t kdc_usec_offset; + krb5_config_section *cf; + struct et_list *et_list; + struct krb5_log_facility *warn_dest; + krb5_cc_ops *cc_ops; + int num_cc_ops; + const char *http_proxy; + const char *time_fmt; + krb5_boolean log_utc; + const char *default_keytab; + const char *default_keytab_modify; + krb5_boolean use_admin_kdc; + krb5_addresses *extra_addresses; + krb5_boolean scan_interfaces; /* `ifconfig -a' */ + krb5_boolean srv_lookup; /* do SRV lookups */ + krb5_boolean srv_try_txt; /* try TXT records also */ + int32_t fcache_vno; /* create cache files w/ this + version */ + int num_kt_types; /* # of registered keytab types */ + struct krb5_keytab_data *kt_types; /* registered keytab types */ + const char *date_fmt; + char *error_string; + char error_buf[256]; + krb5_addresses *ignore_addresses; + char *default_cc_name; + int pkinit_flags; + void *mutex; /* protects error_string/error_buf */ + int large_msg_size; + int dns_canonicalize_hostname; + struct send_to_kdc *send_to_kdc; + void *mem_ctx; /* Some parts of Samba4 need a valid + memory context (under the event + context) to use */ +} krb5_context_data; + /* * Configurable options */ @@ -201,7 +251,7 @@ struct _krb5_get_init_creds_opt_private { #endif #ifndef KRB5_ADDRESSLESS_DEFAULT -#define KRB5_ADDRESSLESS_DEFAULT FALSE +#define KRB5_ADDRESSLESS_DEFAULT TRUE #endif #endif /* __KRB5_LOCL_H__ */ diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c index 221bd706f4..e7b2579229 100644 --- a/source4/heimdal/lib/krb5/krbhst.c +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: krbhst.c,v 1.55 2006/04/02 10:32:20 lha Exp $"); +RCSID("$Id: krbhst.c,v 1.57 2006/10/06 17:11:02 lha Exp $"); static int string_to_proto(const char *string) @@ -422,6 +422,15 @@ fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, struct addrinfo hints; char portstr[NI_MAXSERV]; + /* + * Don't try forever in case the DNS server keep returning us + * entries (like wildcard entries or the .nu TLD) + */ + if(kd->fallback_count >= 5) { + kd->flags |= KD_FALLBACK; + return 0; + } + if(kd->fallback_count == 0) asprintf(&host, "%s.%s.", serv_string, kd->realm); else @@ -659,9 +668,8 @@ common_init(krb5_context context, } /* For 'realms' without a . do not even think of going to DNS */ - if (!strchr(realm, '.')) { + if (!strchr(realm, '.')) kd->flags |= KD_CONFIG_EXISTS; - } if (flags & KRB5_KRBHST_FLAGS_LARGE_MSG) kd->flags |= KD_LARGE_MSG; diff --git a/source4/heimdal/lib/krb5/misc.c b/source4/heimdal/lib/krb5/misc.c index baf63f6d52..f04f8d9996 100644 --- a/source4/heimdal/lib/krb5/misc.c +++ b/source4/heimdal/lib/krb5/misc.c @@ -33,4 +33,53 @@ #include "krb5_locl.h" -RCSID("$Id: misc.c,v 1.5 1999/12/02 17:05:11 joda Exp $"); +RCSID("$Id: misc.c,v 1.6 2006/06/06 14:57:47 lha Exp $"); + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_s4u2self_to_checksumdata(krb5_context context, + const PA_S4U2Self *self, + krb5_data *data) +{ + krb5_error_code ret; + krb5_ssize_t ssize; + krb5_storage *sp; + size_t size; + int i; + + sp = krb5_storage_emem(); + if (sp == NULL) { + krb5_clear_error_string(context); + return ENOMEM; + } + ret = krb5_store_int32(sp, self->name.name_type); + if (ret) + goto out; + for (i = 0; i < self->name.name_string.len; i++) { + size = strlen(self->name.name_string.val[i]); + ssize = krb5_storage_write(sp, self->name.name_string.val[i], size); + if (ssize != size) { + ret = ENOMEM; + goto out; + } + } + size = strlen(self->realm); + ssize = krb5_storage_write(sp, self->realm, size); + if (ssize != size) { + ret = ENOMEM; + goto out; + } + size = strlen(self->auth); + ssize = krb5_storage_write(sp, self->auth, size); + if (ssize != size) { + ret = ENOMEM; + goto out; + } + + ret = krb5_storage_to_data(sp, data); + krb5_storage_free(sp); + return ret; + +out: + krb5_clear_error_string(context); + return ret; +} diff --git a/source4/heimdal/lib/krb5/mit_glue.c b/source4/heimdal/lib/krb5/mit_glue.c index b7f06c1582..b9075b3079 100755 --- a/source4/heimdal/lib/krb5/mit_glue.c +++ b/source4/heimdal/lib/krb5/mit_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: mit_glue.c,v 1.7 2005/05/18 04:21:44 lha Exp $"); +RCSID("$Id: mit_glue.c,v 1.8 2006/10/14 09:51:02 lha Exp $"); /* * Glue for MIT API @@ -98,7 +98,7 @@ krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum, if (*data == NULL) return ENOMEM; - ret = copy_octet_string(&cksum->checksum, *data); + ret = der_copy_octet_string(&cksum->checksum, *data); if (ret) { free(*data); *data = NULL; @@ -113,7 +113,7 @@ krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum, krb5_cksumtype type, const krb5_data *data) { cksum->cksumtype = type; - return copy_octet_string(data, &cksum->checksum); + return der_copy_octet_string(data, &cksum->checksum); } void KRB5_LIB_FUNCTION diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 00f7b4ebd9..f519b5ad08 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c,v 1.99 2006/05/07 12:32:38 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.110 2006/10/14 09:52:50 lha Exp $"); struct krb5_dh_moduli { char *name; @@ -69,7 +69,7 @@ struct krb5_pk_identity { hx509_certs certs; hx509_certs anchors; hx509_certs certpool; - hx509_revoke_ctx revoke; + hx509_revoke_ctx revokectx; }; struct krb5_pk_cert { @@ -344,8 +344,8 @@ build_auth_pack(krb5_context context, ALLOC(a->clientPublicValue, 1); if (a->clientPublicValue == NULL) return ENOMEM; - ret = copy_oid(oid_id_dhpublicnumber(), - &a->clientPublicValue->algorithm.algorithm); + ret = der_copy_oid(oid_id_dhpublicnumber(), + &a->clientPublicValue->algorithm.algorithm); if (ret) return ret; @@ -392,7 +392,7 @@ build_auth_pack(krb5_context context, ASN1_MALLOC_ENCODE(DHPublicKey, dhbuf.data, dhbuf.length, &dh_pub_key, &size, ret); - free_heim_integer(&dh_pub_key); + der_free_heim_integer(&dh_pub_key); if (ret) return ret; if (size != dhbuf.length) @@ -413,7 +413,7 @@ _krb5_pk_mk_ContentInfo(krb5_context context, { krb5_error_code ret; - ret = copy_oid(oid, &content_info->contentType); + ret = der_copy_oid(oid, &content_info->contentType); if (ret) return ret; ALLOC(content_info->content, 1); @@ -672,8 +672,16 @@ _krb5_pk_verify_sign(krb5_context context, contentType, content, &signer_certs); - if (ret) + if (ret) { + char *s = hx509_get_error_string(id->hx509ctx, ret); + if (s) { + krb5_set_error_string(context, + "CMS verify signed failed with %s", s); + free(s); + } else + krb5_clear_error_string(context); return ret; + } *signer = calloc(1, sizeof(**signer)); if (*signer == NULL) { @@ -833,7 +841,9 @@ pk_verify_host(krb5_context context, oid_id_pkinit_san(), &list); if (ret) { - krb5_clear_error_string(context); + krb5_set_error_string(context, "Failed to find the PK-INIT " + "subjectAltName in the KDC certificate"); + return ret; } @@ -845,7 +855,9 @@ pk_verify_host(krb5_context context, &r, NULL); if (ret) { - krb5_clear_error_string(context); + krb5_set_error_string(context, "Failed to decode the PK-INIT " + "subjectAltName in the KDC certificate"); + break; } @@ -856,7 +868,7 @@ pk_verify_host(krb5_context context, { krb5_set_error_string(context, "KDC have wrong realm name in " "the certificate"); - ret = EINVAL; + ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; } free_KRB5PrincipalName(&r); @@ -875,7 +887,8 @@ pk_verify_host(krb5_context context, hi->ai->ai_addr, hi->ai->ai_addrlen); if (ret) - krb5_set_error_string(context, "Address mismatch in the KDC certificate"); + krb5_set_error_string(context, "Address mismatch in " + "the KDC certificate"); } return ret; } @@ -901,7 +914,7 @@ pk_rd_pa_reply_enckey(krb5_context context, krb5_data content; heim_oid contentType = { 0, NULL }; - if (heim_oid_cmp(oid_id_pkcs7_envelopedData(), &rep->contentType)) { + if (der_heim_oid_cmp(oid_id_pkcs7_envelopedData(), &rep->contentType)) { krb5_set_error_string(context, "PKINIT: Invalid content type"); return EINVAL; } @@ -913,8 +926,10 @@ pk_rd_pa_reply_enckey(krb5_context context, ret = hx509_cms_unenvelope(ctx->id->hx509ctx, ctx->id->certs, + HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT, rep->content->data, rep->content->length, + NULL, &contentType, &content); if (ret) @@ -935,7 +950,7 @@ pk_rd_pa_reply_enckey(krb5_context context, goto out; } - if (heim_oid_cmp(&ci.contentType, oid_id_pkcs7_signedData())) { + if (der_heim_oid_cmp(&ci.contentType, oid_id_pkcs7_signedData())) { ret = EINVAL; /* XXX */ krb5_set_error_string(context, "PKINIT: Invalid content type"); goto out; @@ -964,19 +979,18 @@ pk_rd_pa_reply_enckey(krb5_context context, /* make sure that it is the kdc's certificate */ ret = pk_verify_host(context, realm, hi, ctx, host); if (ret) { - krb5_set_error_string(context, "PKINIT: failed verify host: %d", ret); goto out; } #if 0 if (type == COMPAT_WIN2K) { - if (heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) { + if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) { krb5_set_error_string(context, "PKINIT: reply key, wrong oid"); ret = KRB5KRB_AP_ERR_MSG_TYPE; goto out; } } else { - if (heim_oid_cmp(&contentType, oid_id_pkrkeydata()) != 0) { + if (der_heim_oid_cmp(&contentType, oid_id_pkrkeydata()) != 0) { krb5_set_error_string(context, "PKINIT: reply key, wrong oid"); ret = KRB5KRB_AP_ERR_MSG_TYPE; goto out; @@ -1002,7 +1016,7 @@ pk_rd_pa_reply_enckey(krb5_context context, out: if (host) _krb5_pk_cert_free(host); - free_oid(&contentType); + der_free_oid(&contentType); krb5_data_free(&content); return ret; @@ -1034,7 +1048,7 @@ pk_rd_pa_reply_dh(krb5_context context, krb5_data_zero(&content); memset(&kdc_dh_info, 0, sizeof(kdc_dh_info)); - if (heim_oid_cmp(oid_id_pkcs7_signedData(), &rep->contentType)) { + if (der_heim_oid_cmp(oid_id_pkcs7_signedData(), &rep->contentType)) { krb5_set_error_string(context, "PKINIT: Invalid content type"); return EINVAL; } @@ -1059,7 +1073,7 @@ pk_rd_pa_reply_dh(krb5_context context, if (ret) goto out; - if (heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) { + if (der_heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) { krb5_set_error_string(context, "pkinit - dh reply contains wrong oid"); ret = KRB5KRB_AP_ERR_MSG_TYPE; goto out; @@ -1324,20 +1338,28 @@ hx_pass_prompter(void *data, const hx509_prompt *prompter) password_data.data = prompter->reply.data; password_data.length = prompter->reply.length; - prompt.prompt = "Enter your private key passphrase: "; - prompt.hidden = 1; + + prompt.prompt = prompter->prompt; + prompt.hidden = hx509_prompt_hidden(prompter->type); prompt.reply = &password_data; - if (prompter->hidden) + + switch (prompter->type) { + case HX509_PROMPT_TYPE_INFO: + prompt.type = KRB5_PROMPT_TYPE_INFO; + break; + case HX509_PROMPT_TYPE_PASSWORD: + case HX509_PROMPT_TYPE_QUESTION: + default: prompt.type = KRB5_PROMPT_TYPE_PASSWORD; - else - prompt.type = KRB5_PROMPT_TYPE_PREAUTH; /* XXX */ + break; + } ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt); if (ret) { memset (prompter->reply.data, 0, prompter->reply.length); - return 0; + return 1; } - return strlen(prompter->reply.data); + return 0; } @@ -1354,8 +1376,8 @@ _krb5_pk_load_id(krb5_context context, struct krb5_pk_identity **ret_id, const char *user_id, const char *anchor_id, - char * const *chain, - char * const *revoke, + char * const *chain_list, + char * const *revoke_list, krb5_prompter_fct prompter, void *prompter_data, char *password) @@ -1392,7 +1414,7 @@ _krb5_pk_load_id(krb5_context context, goto out; ret = hx509_lock_init(id->hx509ctx, &lock); - if (password) + if (password && password[0]) hx509_lock_add_password(lock, password); if (prompter) { @@ -1405,7 +1427,7 @@ _krb5_pk_load_id(krb5_context context, goto out; } - ret = hx509_certs_init(id->hx509ctx, user_id, 0, NULL, &id->certs); + ret = hx509_certs_init(id->hx509ctx, user_id, 0, lock, &id->certs); if (ret) goto out; @@ -1418,33 +1440,36 @@ _krb5_pk_load_id(krb5_context context, if (ret) goto out; - while (chain && *chain) { - ret = hx509_certs_append(id->hx509ctx, id->certpool, NULL, *chain); + while (chain_list && *chain_list) { + ret = hx509_certs_append(id->hx509ctx, id->certpool, + NULL, *chain_list); if (ret) { krb5_set_error_string(context, "pkinit failed to load chain %s", - *chain); + *chain_list); goto out; } - chain++; + chain_list++; } - if (revoke) { - ret = hx509_revoke_init(id->hx509ctx, &id->revoke); + if (revoke_list) { + ret = hx509_revoke_init(id->hx509ctx, &id->revokectx); if (ret) { krb5_set_error_string(context, "revoke failed to init"); goto out; } - while (*revoke) { - ret = hx509_revoke_add_crl(id->hx509ctx, id->revoke, *revoke); + while (*revoke_list) { + ret = hx509_revoke_add_crl(id->hx509ctx, + id->revokectx, + *revoke_list); if (ret) { krb5_set_error_string(context, "pkinit failed to load revoke %s", - *revoke); + *revoke_list); goto out; } - revoke++; + revoke_list++; } } else hx509_context_set_missing_revoke(id->hx509ctx, 1); @@ -1454,7 +1479,7 @@ _krb5_pk_load_id(krb5_context context, goto out; hx509_verify_attach_anchors(id->verify_ctx, id->anchors); - hx509_verify_attach_revoke(id->verify_ctx, id->revoke); + hx509_verify_attach_revoke(id->verify_ctx, id->revokectx); out: if (ret) { @@ -1462,7 +1487,7 @@ out: hx509_certs_free(&id->certs); hx509_certs_free(&id->anchors); hx509_certs_free(&id->certpool); - hx509_revoke_free(&id->revoke); + hx509_revoke_free(&id->revokectx); hx509_context_free(&id->hx509ctx); free(id); } else @@ -1588,9 +1613,9 @@ _krb5_parse_moduli_line(krb5_context context, return 0; out: free(m1->name); - free_heim_integer(&m1->p); - free_heim_integer(&m1->g); - free_heim_integer(&m1->q); + der_free_heim_integer(&m1->p); + der_free_heim_integer(&m1->g); + der_free_heim_integer(&m1->q); free(m1); return ret; } @@ -1601,9 +1626,9 @@ _krb5_free_moduli(struct krb5_dh_moduli **moduli) int i; for (i = 0; moduli[i] != NULL; i++) { free(moduli[i]->name); - free_heim_integer(&moduli[i]->p); - free_heim_integer(&moduli[i]->g); - free_heim_integer(&moduli[i]->q); + der_free_heim_integer(&moduli[i]->p); + der_free_heim_integer(&moduli[i]->g); + der_free_heim_integer(&moduli[i]->q); free(moduli[i]); } free(moduli); @@ -1712,9 +1737,9 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits, *name = NULL; for (i = 0; moduli[i] != NULL; i++) { - if (heim_integer_cmp(&moduli[i]->g, g) == 0 && - heim_integer_cmp(&moduli[i]->p, p) == 0 && - (q == NULL || heim_integer_cmp(&moduli[i]->q, q) == 0)) + if (der_heim_integer_cmp(&moduli[i]->g, g) == 0 && + der_heim_integer_cmp(&moduli[i]->p, p) == 0 && + (q == NULL || der_heim_integer_cmp(&moduli[i]->q, q) == 0)) { if (bits && bits > moduli[i]->bits) { krb5_set_error_string(context, "PKINIT: DH group parameter %s " @@ -1769,8 +1794,8 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, krb5_principal principal, const char *user_id, const char *x509_anchors, - char * const * chain, - char * const * revoke, + char * const * pool, + char * const * pki_revoke, int flags, krb5_prompter_fct prompter, void *prompter_data, @@ -1778,6 +1803,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, { #ifdef PKINIT krb5_error_code ret; + char *anchors = NULL; if (opt->opt_private == NULL) { krb5_set_error_string(context, "PKINIT: on non extendable opt"); @@ -1797,12 +1823,33 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, opt->opt_private->pk_init_ctx->require_eku = 1; opt->opt_private->pk_init_ctx->require_krbtgt_otherName = 1; + + /* XXX implement krb5_appdefault_strings */ + if (pool == NULL) + pool = krb5_config_get_strings(context, NULL, + "appdefaults", + "pkinit-pool", + NULL); + + if (pki_revoke == NULL) + pki_revoke = krb5_config_get_strings(context, NULL, + "appdefaults", + "pkinit-revoke", + NULL); + + if (x509_anchors == NULL) { + krb5_appdefault_string(context, "kinit", + krb5_principal_get_realm(context, principal), + "pkinit-anchors", NULL, &anchors); + x509_anchors = anchors; + } + ret = _krb5_pk_load_id(context, &opt->opt_private->pk_init_ctx->id, user_id, x509_anchors, - chain, - revoke, + pool, + pki_revoke, prompter, prompter_data, password); diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index f6e3847cce..4d13e7db11 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -41,7 +41,7 @@ #include #include "resolve.h" -RCSID("$Id: principal.c,v 1.95 2006/04/24 15:16:14 lha Exp $"); +RCSID("$Id: principal.c,v 1.99 2006/10/18 06:53:22 lha Exp $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) @@ -91,17 +91,11 @@ krb5_principal_get_comp_string(krb5_context context, return princ_ncomp(principal, component); } -enum realm_presence { - MAY, - MUSTNOT, - MUST -}; - -static krb5_error_code -parse_name(krb5_context context, - const char *name, - enum realm_presence realm_presence, - krb5_principal *principal) +krb5_error_code KRB5_LIB_FUNCTION +krb5_parse_name_flags(krb5_context context, + const char *name, + int flags, + krb5_principal *principal) { krb5_error_code ret; heim_general_string *comp; @@ -117,6 +111,17 @@ parse_name(krb5_context context, char c; int got_realm = 0; + *principal = NULL; + +#define RFLAGS (KRB5_PRINCIPAL_PARSE_NO_REALM|KRB5_PRINCIPAL_PARSE_MUST_REALM) + + if ((flags & RFLAGS) == RFLAGS) { + krb5_set_error_string(context, "Can't require both realm and " + "no realm at the same time"); + return KRB5_ERR_NO_SERVICE; + } +#undef RFLAGS + /* count number of component */ ncomp = 1; for(p = name; *p; p++){ @@ -191,32 +196,33 @@ parse_name(krb5_context context, } *q++ = c; } - if (got_realm) { - if (realm_presence == MUSTNOT) { - krb5_set_error_string (context, "realm found in 'short' principal expected to be without one!"); + if(got_realm){ + if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) { + krb5_set_error_string (context, "realm found in 'short' principal " + "expected to be without one"); ret = KRB5_PARSE_MALFORMED; goto exit; - } else { - realm = malloc(q - start + 1); - if (realm == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - ret = ENOMEM; - goto exit; - } - memcpy(realm, start, q - start); - realm[q - start] = 0; } + realm = malloc(q - start + 1); + if (realm == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + ret = ENOMEM; + goto exit; + } + memcpy(realm, start, q - start); + realm[q - start] = 0; }else{ - if (realm_presence == MAY) { - ret = krb5_get_default_realm (context, &realm); - if (ret) - goto exit; - } else if (realm_presence == MUSTNOT) { - realm = NULL; - } else if (realm_presence == MUST) { - krb5_set_error_string (context, "realm NOT found in principal expected to be with one!"); + if (flags & KRB5_PRINCIPAL_PARSE_MUST_REALM) { + krb5_set_error_string (context, "realm NOT found in principal " + "expected to be with one"); ret = KRB5_PARSE_MALFORMED; goto exit; + } else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) { + realm = NULL; + } else { + ret = krb5_get_default_realm (context, &realm); + if (ret) + goto exit; } comp[n] = malloc(q - start + 1); @@ -256,24 +262,9 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *principal) { - return parse_name(context, name, MAY, principal); + return krb5_parse_name_flags(context, name, 0, principal); } -krb5_error_code KRB5_LIB_FUNCTION -krb5_parse_name_norealm(krb5_context context, - const char *name, - krb5_principal *principal) -{ - return parse_name(context, name, MUSTNOT, principal); -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_parse_name_mustrealm(krb5_context context, - const char *name, - krb5_principal *principal) -{ - return parse_name(context, name, MUST, principal); -} static const char quotable_chars[] = " \n\t\b\\/@"; static const char replace_chars[] = " ntb\\/@"; @@ -301,23 +292,47 @@ unparse_name_fixed(krb5_context context, krb5_const_principal principal, char *name, size_t len, - krb5_boolean short_form) + int flags) { size_t idx = 0; int i; + int short_form = (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) != 0; + int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0; + + if (!no_realm && princ_realm(principal) == NULL) { + krb5_set_error_string(context, "Realm missing from principal, " + "can't unparse"); + return ERANGE; + } + for(i = 0; i < princ_num_comp(principal); i++){ if(i) add_char(name, idx, len, '/'); idx = quote_string(princ_ncomp(principal, i), name, idx, len); - if(idx == len) + if(idx == len) { + krb5_set_error_string(context, "Out of space printing principal"); return ERANGE; + } } /* add realm if different from default realm */ - if(!short_form) { + if(short_form && !no_realm) { + krb5_realm r; + krb5_error_code ret; + ret = krb5_get_default_realm(context, &r); + if(ret) + return ret; + if(strcmp(princ_realm(principal), r) != 0) + short_form = 0; + free(r); + } + if(!short_form && !no_realm) { add_char(name, idx, len, '@'); idx = quote_string(princ_realm(principal), name, idx, len); - if(idx == len) + if(idx == len) { + krb5_set_error_string(context, + "Out of space printing realm of principal"); return ERANGE; + } } return 0; } @@ -328,57 +343,48 @@ krb5_unparse_name_fixed(krb5_context context, char *name, size_t len) { - return unparse_name_fixed(context, principal, name, len, FALSE); + return unparse_name_fixed(context, principal, name, len, 0); } krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_norealm_fixed(krb5_context context, - krb5_const_principal principal, - char *name, - size_t len) +krb5_unparse_name_fixed_short(krb5_context context, + krb5_const_principal principal, + char *name, + size_t len) { - return unparse_name_fixed(context, principal, name, len, TRUE); + return unparse_name_fixed(context, principal, name, len, + KRB5_PRINCIPAL_UNPARSE_SHORT); } krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_fixed_short(krb5_context context, +krb5_unparse_name_fixed_flags(krb5_context context, krb5_const_principal principal, + int flags, char *name, size_t len) { - krb5_realm r; - krb5_error_code ret; - krb5_boolean short_form = TRUE; - ret = krb5_get_default_realm(context, &r); - if(ret) - return ret; - if(strcmp(princ_realm(principal), r) != 0) - short_form = 0; - free(r); - return unparse_name_fixed(context, principal, name, len, short_form); + return unparse_name_fixed(context, principal, name, len, flags); } static krb5_error_code unparse_name(krb5_context context, krb5_const_principal principal, char **name, - krb5_boolean short_flag) + int flags) { size_t len = 0, plen; int i; krb5_error_code ret; /* count length */ - if (!short_flag) { + if (princ_realm(principal)) { plen = strlen(princ_realm(principal)); + if(strcspn(princ_realm(principal), quotable_chars) == plen) len += plen; else len += 2*plen; - len++; - } else { - len = 0; + len++; /* '@' */ } - for(i = 0; i < princ_num_comp(principal); i++){ plen = strlen(princ_ncomp(principal, i)); if(strcspn(princ_ncomp(principal, i), quotable_chars) == plen) @@ -387,13 +393,13 @@ unparse_name(krb5_context context, len += 2*plen; len++; } - len++; + len++; /* '\0' */ *name = malloc(len); if(*name == NULL) { krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } - ret = unparse_name_fixed(context, principal, *name, len, short_flag); + ret = unparse_name_fixed(context, principal, *name, len, flags); if(ret) { free(*name); *name = NULL; @@ -406,32 +412,24 @@ krb5_unparse_name(krb5_context context, krb5_const_principal principal, char **name) { - return unparse_name(context, principal, name, FALSE); + return unparse_name(context, principal, name, 0); } krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_short(krb5_context context, +krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal, + int flags, char **name) { - krb5_realm r; - krb5_error_code ret; - krb5_boolean short_form = TRUE; - ret = krb5_get_default_realm(context, &r); - if(ret) - return ret; - if(strcmp(princ_realm(principal), r) != 0) - short_form = 0; - free(r); - return unparse_name(context, principal, name, short_form); + return unparse_name(context, principal, name, flags); } krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_norealm(krb5_context context, - krb5_const_principal principal, - char **name) +krb5_unparse_name_short(krb5_context context, + krb5_const_principal principal, + char **name) { - return unparse_name(context, principal, name, TRUE); + return unparse_name(context, principal, name, KRB5_PRINCIPAL_UNPARSE_SHORT); } #if 0 /* not implemented */ @@ -447,7 +445,7 @@ krb5_unparse_name_ext(krb5_context context, #endif -krb5_realm* KRB5_LIB_FUNCTION +krb5_realm * KRB5_LIB_FUNCTION krb5_princ_realm(krb5_context context, krb5_principal principal) { @@ -455,7 +453,6 @@ krb5_princ_realm(krb5_context context, } - void KRB5_LIB_FUNCTION krb5_princ_set_realm(krb5_context context, krb5_principal principal, diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c index 01b5188bae..46a36c9aac 100644 --- a/source4/heimdal/lib/krb5/rd_cred.c +++ b/source4/heimdal/lib/krb5/rd_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_cred.c,v 1.28 2006/04/02 02:27:33 lha Exp $"); +RCSID("$Id: rd_cred.c,v 1.29 2006/10/06 17:04:47 lha Exp $"); static krb5_error_code compare_addrs(krb5_context context, @@ -265,7 +265,8 @@ krb5_rd_cred(krb5_context context, krb5_abortx(context, "internal error in ASN.1 encoder"); copy_EncryptionKey (&kci->key, &creds->session); if (kci->prealm && kci->pname) - _krb5_principalname2krb5_principal (context, &creds->client, + _krb5_principalname2krb5_principal (context, + &creds->client, *kci->pname, *kci->prealm); if (kci->flags) diff --git a/source4/heimdal/lib/krb5/rd_rep.c b/source4/heimdal/lib/krb5/rd_rep.c index 53138d9f45..6b7f27c3cf 100644 --- a/source4/heimdal/lib/krb5/rd_rep.c +++ b/source4/heimdal/lib/krb5/rd_rep.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_rep.c,v 1.25 2005/06/17 07:49:33 lha Exp $"); +RCSID("$Id: rd_rep.c,v 1.26 2006/08/21 09:19:22 lha Exp $"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_rep(krb5_context context, @@ -92,7 +92,10 @@ krb5_rd_rep(krb5_context context, if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { if ((*repl)->ctime != auth_context->authenticator->ctime || - (*repl)->cusec != auth_context->authenticator->cusec) { + (*repl)->cusec != auth_context->authenticator->cusec) + { + krb5_free_ap_rep_enc_part(context, *repl); + *repl = NULL; ret = KRB5KRB_AP_ERR_MUT_FAIL; krb5_clear_error_string (context); goto out; @@ -114,6 +117,8 @@ void KRB5_LIB_FUNCTION krb5_free_ap_rep_enc_part (krb5_context context, krb5_ap_rep_enc_part *val) { - free_EncAPRepPart (val); - free (val); + if (val) { + free_EncAPRepPart (val); + free (val); + } } diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index c0bb710a59..c424a73a34 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001, 2003 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001, 2003 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_req.c,v 1.63 2006/04/10 10:14:44 lha Exp $"); +RCSID("$Id: rd_req.c,v 1.66 2006/10/06 17:04:29 lha Exp $"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -376,12 +376,14 @@ krb5_verify_ap_req2(krb5_context context, if(ret) goto out; - ret = _krb5_principalname2krb5_principal(context, - &t->server, ap_req->ticket.sname, + ret = _krb5_principalname2krb5_principal(context, + &t->server, + ap_req->ticket.sname, ap_req->ticket.realm); if (ret) goto out; - ret = _krb5_principalname2krb5_principal(context, - &t->client, t->ticket.cname, + ret = _krb5_principalname2krb5_principal(context, + &t->client, + t->ticket.cname, t->ticket.crealm); if (ret) goto out; @@ -402,10 +404,12 @@ krb5_verify_ap_req2(krb5_context context, krb5_principal p1, p2; krb5_boolean res; - _krb5_principalname2krb5_principal(context, &p1, + _krb5_principalname2krb5_principal(context, + &p1, ac->authenticator->cname, ac->authenticator->crealm); - _krb5_principalname2krb5_principal(context, &p2, + _krb5_principalname2krb5_principal(context, + &p2, t->ticket.cname, t->ticket.crealm); res = krb5_principal_compare (context, p1, p2); @@ -607,7 +611,8 @@ krb5_rd_req_return_keyblock(krb5_context context, return ret; if(server == NULL){ - _krb5_principalname2krb5_principal(context, &service, + _krb5_principalname2krb5_principal(context, + &service, ap_req.ticket.sname, ap_req.ticket.realm); server = service; diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c index 0bcafa70a1..11c07c9e8f 100644 --- a/source4/heimdal/lib/krb5/send_to_kdc.c +++ b/source4/heimdal/lib/krb5/send_to_kdc.c @@ -33,32 +33,13 @@ #include "krb5_locl.h" -RCSID("$Id: send_to_kdc.c,v 1.58 2006/04/02 02:32:03 lha Exp $"); +RCSID("$Id: send_to_kdc.c,v 1.60 2006/10/20 18:42:01 lha Exp $"); -struct send_and_recv { - krb5_send_and_recv_func_t func; - krb5_send_and_recv_close_func_t close; - void *data; +struct send_to_kdc { + krb5_send_to_kdc_func func; + void *data; }; -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_send_recv_func(krb5_context context, - krb5_send_and_recv_func_t func, - krb5_send_and_recv_close_func_t close_fn, - void *data) -{ - free(context->send_and_recv); - context->send_and_recv = malloc(sizeof(*context->send_and_recv)); - if (!context->send_and_recv) { - return ENOMEM; - } - context->send_and_recv->func = func; - context->send_and_recv->close = close_fn; - context->send_and_recv->data = data; - return 0; -} - - /* * send the data in `req' on the socket `fd' (which is datagram iff udp) * waiting `tmout' for a reply and returning the reply in `rep'. @@ -346,7 +327,7 @@ krb5_sendto (krb5_context context, krb5_krbhst_handle handle, krb5_data *receive) { - krb5_error_code ret = 0; + krb5_error_code ret; int fd; int i; @@ -356,27 +337,22 @@ krb5_sendto (krb5_context context, while (krb5_krbhst_next(context, handle, &hi) == 0) { struct addrinfo *ai, *a; - if (context->send_and_recv) { - ret = context->send_and_recv->func(context, - context->send_and_recv->data, - hi, send_data, receive); - if (ret) { - continue; - } else if (receive->length != 0) { - return 0; - } else { - continue; - } + if (context->send_to_kdc) { + struct send_to_kdc *s = context->send_to_kdc; + + ret = (*s->func)(context, s->data, + hi, send_data, receive); + if (ret == 0 && receive->length != 0) + goto out; + continue; } if(hi->proto == KRB5_KRBHST_HTTP && context->http_proxy) { - if (send_via_proxy (context, hi, send_data, receive)) { - /* Try again, with next host */ - continue; - } else { - /* Success */ - return 0; + if (send_via_proxy (context, hi, send_data, receive) == 0) { + ret = 0; + goto out; } + continue; } ret = krb5_krbhst_get_addrinfo(context, hi, &ai); @@ -406,15 +382,16 @@ krb5_sendto (krb5_context context, break; } close (fd); - if(ret == 0 && receive->length != 0) { - return 0; - } + if(ret == 0 && receive->length != 0) + goto out; } } krb5_krbhst_reset(context, handle); } krb5_clear_error_string (context); - return KRB5_KDC_UNREACH; + ret = KRB5_KDC_UNREACH; +out: + return ret; } krb5_error_code KRB5_LIB_FUNCTION @@ -456,3 +433,27 @@ krb5_sendto_kdc_flags(krb5_context context, "unable to reach any KDC in realm %s", *realm); return ret; } + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_send_to_kdc_func(krb5_context context, + krb5_send_to_kdc_func func, + void *data) +{ + free(context->send_to_kdc); + if (func == NULL) { + context->send_to_kdc = NULL; + return 0; + } + + context->send_to_kdc = malloc(sizeof(*context->send_to_kdc)); + if (context->send_to_kdc == NULL) { + krb5_set_error_string(context, "Out of memory"); + return ENOMEM; + } + + context->send_to_kdc->func = func; + context->send_to_kdc->data = data; + return 0; +} + + diff --git a/source4/heimdal/lib/krb5/set_default_realm.c b/source4/heimdal/lib/krb5/set_default_realm.c index fd57b6fe67..965883309c 100644 --- a/source4/heimdal/lib/krb5/set_default_realm.c +++ b/source4/heimdal/lib/krb5/set_default_realm.c @@ -77,19 +77,8 @@ krb5_set_default_realm(krb5_context context, "libdefaults", "default_realm", NULL); - if (realms == NULL) { - char hostname[MAXHOSTNAMELEN]; - if (gethostname (hostname, sizeof(hostname))) { - return errno; - } - - if (strchr(hostname, '.') == NULL) { - /* There is no way we can get this mapping, as we can't do DNS */ - return KRB5_CONFIG_NODEFREALM; - } - ret = krb5_get_host_realm(context, hostname, - &realms); - } + if (realms == NULL) + ret = krb5_get_host_realm(context, NULL, &realms); } else { ret = string_to_list (context, realm, &realms); } diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c index a6f4a011a1..e75f28ca5f 100644 --- a/source4/heimdal/lib/krb5/store.c +++ b/source4/heimdal/lib/krb5/store.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store.c,v 1.58 2006/05/05 07:15:18 lha Exp $"); +RCSID("$Id: store.c,v 1.59 2006/08/18 08:39:13 lha Exp $"); #define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V)) #define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE) @@ -440,6 +440,76 @@ krb5_ret_stringz(krb5_storage *sp, return 0; } +krb5_error_code KRB5_LIB_FUNCTION +krb5_store_stringnl(krb5_storage *sp, const char *s) +{ + size_t len = strlen(s); + ssize_t ret; + + ret = sp->store(sp, s, len); + if(ret != len) { + if(ret < 0) + return ret; + else + return sp->eof_code; + } + ret = sp->store(sp, "\n", 1); + if(ret != 1) { + if(ret < 0) + return ret; + else + return sp->eof_code; + } + + return 0; + +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_ret_stringnl(krb5_storage *sp, + char **string) +{ + int expect_nl = 0; + char c; + char *s = NULL; + size_t len = 0; + ssize_t ret; + + while((ret = sp->fetch(sp, &c, 1)) == 1){ + char *tmp; + + if (c == '\r') { + expect_nl = 1; + continue; + } + if (expect_nl && c != '\n') { + free(s); + return KRB5_BADMSGTYPE; + } + + len++; + tmp = realloc (s, len); + if (tmp == NULL) { + free (s); + return ENOMEM; + } + s = tmp; + if(c == '\n') { + s[len - 1] = '\0'; + break; + } + s[len - 1] = c; + } + if(ret != 1){ + free(s); + if(ret == 0) + return sp->eof_code; + return ret; + } + *string = s; + return 0; +} + krb5_error_code KRB5_LIB_FUNCTION krb5_store_principal(krb5_storage *sp, diff --git a/source4/heimdal/lib/krb5/store_fd.c b/source4/heimdal/lib/krb5/store_fd.c index 46043a6761..835d3478e2 100644 --- a/source4/heimdal/lib/krb5/store_fd.c +++ b/source4/heimdal/lib/krb5/store_fd.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_fd.c,v 1.12 2004/05/25 21:43:57 lha Exp $"); +RCSID("$Id: store_fd.c,v 1.13 2006/06/30 21:23:19 lha Exp $"); typedef struct fd_storage { int fd; @@ -74,13 +74,16 @@ krb5_storage_from_fd(int fd) fd = dup(fd); if (fd < 0) return NULL; - sp = malloc(sizeof(krb5_storage)); - if (sp == NULL) + sp = malloc(sizeof(krb5_storage)); + if (sp == NULL) { + close(fd); return NULL; + } sp->data = malloc(sizeof(fd_storage)); if (sp->data == NULL) { + close(fd); free(sp); return NULL; } diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c index 99cb778722..fdc2a1b3a5 100644 --- a/source4/heimdal/lib/krb5/ticket.c +++ b/source4/heimdal/lib/krb5/ticket.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: ticket.c,v 1.14 2005/10/27 13:21:42 lha Exp $"); +RCSID("$Id: ticket.c,v 1.15 2006/10/14 09:53:19 lha Exp $"); krb5_error_code KRB5_LIB_FUNCTION krb5_free_ticket(krb5_context context, @@ -107,12 +107,16 @@ find_type_in_ad(krb5_context context, const AuthorizationData *ad, int level) { - krb5_error_code ret = ENOENT; + /* It is not an error if nothing in here, that is reported by *found */ + /* Setting a default error causes found to be set to FALSE, on + * recursion to an second embedded authz data even if the first + * element contains the required type */ + krb5_error_code ret = 0; int i; if (level > 9) { krb5_set_error_string(context, "Authorization data nested deeper " - "than %d levels, stop searching", level); + "then %d levels, stop searching", level); ret = ENOENT; /* XXX */ goto out; } @@ -124,7 +128,7 @@ find_type_in_ad(krb5_context context, */ for (i = 0; i < ad->len; i++) { if (!*found && ad->val[i].ad_type == type) { - ret = copy_octet_string(&ad->val[i].ad_data, data); + ret = der_copy_octet_string(&ad->val[i].ad_data, data); if (ret) { krb5_set_error_string(context, "malloc - out of memory"); goto out; diff --git a/source4/heimdal/lib/roken/bswap.c b/source4/heimdal/lib/roken/bswap.c index dd7ea832af..48b587d2db 100644 --- a/source4/heimdal/lib/roken/bswap.c +++ b/source4/heimdal/lib/roken/bswap.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include #endif -#include +#include "roken.h" RCSID("$Id: bswap.c,v 1.4 2005/04/12 11:28:35 lha Exp $"); diff --git a/source4/heimdal/lib/roken/copyhostent.c b/source4/heimdal/lib/roken/copyhostent.c index 7d458dc1b9..d11fa16303 100644 --- a/source4/heimdal/lib/roken/copyhostent.c +++ b/source4/heimdal/lib/roken/copyhostent.c @@ -36,7 +36,7 @@ RCSID("$Id: copyhostent.c,v 1.3 2005/04/12 11:28:36 lha Exp $"); #endif -#include +#include "roken.h" /* * return a malloced copy of `h' diff --git a/source4/heimdal/lib/roken/freeaddrinfo.c b/source4/heimdal/lib/roken/freeaddrinfo.c index cd2898036b..6311aa29d8 100644 --- a/source4/heimdal/lib/roken/freeaddrinfo.c +++ b/source4/heimdal/lib/roken/freeaddrinfo.c @@ -36,7 +36,7 @@ RCSID("$Id: freeaddrinfo.c,v 1.5 2005/04/12 11:28:41 lha Exp $"); #endif -#include +#include "roken.h" /* * free the list of `struct addrinfo' starting at `ai' diff --git a/source4/heimdal/lib/roken/freehostent.c b/source4/heimdal/lib/roken/freehostent.c index 1ebb01361c..d837ba2503 100644 --- a/source4/heimdal/lib/roken/freehostent.c +++ b/source4/heimdal/lib/roken/freehostent.c @@ -36,7 +36,7 @@ RCSID("$Id: freehostent.c,v 1.3 2005/04/12 11:28:41 lha Exp $"); #endif -#include +#include "roken.h" /* * free a malloced hostent diff --git a/source4/heimdal/lib/roken/gai_strerror.c b/source4/heimdal/lib/roken/gai_strerror.c index 102aa75ea1..52db0f8842 100644 --- a/source4/heimdal/lib/roken/gai_strerror.c +++ b/source4/heimdal/lib/roken/gai_strerror.c @@ -36,7 +36,7 @@ RCSID("$Id: gai_strerror.c,v 1.7 2005/08/05 09:31:35 lha Exp $"); #endif -#include +#include "roken.h" static struct gai_error { int code; diff --git a/source4/heimdal/lib/roken/getaddrinfo.c b/source4/heimdal/lib/roken/getaddrinfo.c index 86af8b72cc..b39131de74 100644 --- a/source4/heimdal/lib/roken/getaddrinfo.c +++ b/source4/heimdal/lib/roken/getaddrinfo.c @@ -36,7 +36,7 @@ RCSID("$Id: getaddrinfo.c,v 1.14 2005/06/16 17:49:29 lha Exp $"); #endif -#include +#include "roken.h" /* * uses hints->ai_socktype and hints->ai_protocol diff --git a/source4/heimdal/lib/roken/getipnodebyaddr.c b/source4/heimdal/lib/roken/getipnodebyaddr.c index 3f447d6d06..841fc46a80 100644 --- a/source4/heimdal/lib/roken/getipnodebyaddr.c +++ b/source4/heimdal/lib/roken/getipnodebyaddr.c @@ -36,7 +36,7 @@ RCSID("$Id: getipnodebyaddr.c,v 1.3 2005/04/12 11:28:47 lha Exp $"); #endif -#include +#include "roken.h" /* * lookup `src, len' (address family `af') in DNS and return a pointer diff --git a/source4/heimdal/lib/roken/getipnodebyname.c b/source4/heimdal/lib/roken/getipnodebyname.c index b928efcc53..0707e4c16c 100644 --- a/source4/heimdal/lib/roken/getipnodebyname.c +++ b/source4/heimdal/lib/roken/getipnodebyname.c @@ -36,7 +36,7 @@ RCSID("$Id: getipnodebyname.c,v 1.4 2005/04/12 11:28:47 lha Exp $"); #endif -#include +#include "roken.h" #ifndef HAVE_H_ERRNO static int h_errno = NO_RECOVERY; diff --git a/source4/heimdal/lib/roken/getprogname.c b/source4/heimdal/lib/roken/getprogname.c index 7eabe40093..f8f1e9d4a2 100644 --- a/source4/heimdal/lib/roken/getprogname.c +++ b/source4/heimdal/lib/roken/getprogname.c @@ -36,7 +36,7 @@ RCSID("$Id: getprogname.c,v 1.3 2005/04/12 11:28:48 lha Exp $"); #endif -#include +#include "roken.h" #ifndef HAVE___PROGNAME const char *__progname; diff --git a/source4/heimdal/lib/roken/hex.c b/source4/heimdal/lib/roken/hex.c index e41b508fcb..ba0f4a4fda 100644 --- a/source4/heimdal/lib/roken/hex.c +++ b/source4/heimdal/lib/roken/hex.c @@ -35,7 +35,7 @@ #include RCSID("$Id: hex.c,v 1.8 2006/01/09 17:09:29 lha Exp $"); #endif -#include +#include "roken.h" #include #include "hex.h" diff --git a/source4/heimdal/lib/roken/hostent_find_fqdn.c b/source4/heimdal/lib/roken/hostent_find_fqdn.c index 1762b11226..24f3b843d8 100644 --- a/source4/heimdal/lib/roken/hostent_find_fqdn.c +++ b/source4/heimdal/lib/roken/hostent_find_fqdn.c @@ -36,7 +36,7 @@ RCSID("$Id: hostent_find_fqdn.c,v 1.3 2005/04/12 11:28:51 lha Exp $"); #endif -#include +#include "roken.h" /* * Try to find a fqdn (with `.') in he if possible, else return h_name diff --git a/source4/heimdal/lib/roken/inet_aton.c b/source4/heimdal/lib/roken/inet_aton.c index 0483a05256..b26dcb87ff 100644 --- a/source4/heimdal/lib/roken/inet_aton.c +++ b/source4/heimdal/lib/roken/inet_aton.c @@ -36,7 +36,7 @@ RCSID("$Id: inet_aton.c,v 1.14 2005/04/12 11:28:52 lha Exp $"); #endif -#include +#include "roken.h" /* Minimal implementation of inet_aton. * Cannot distinguish between failure and a local broadcast address. */ diff --git a/source4/heimdal/lib/roken/issuid.c b/source4/heimdal/lib/roken/issuid.c index e6b5248164..7ccf615451 100644 --- a/source4/heimdal/lib/roken/issuid.c +++ b/source4/heimdal/lib/roken/issuid.c @@ -36,7 +36,7 @@ RCSID("$Id: issuid.c,v 1.6 2005/05/13 07:42:03 lha Exp $"); #endif -#include +#include "roken.h" int ROKEN_LIB_FUNCTION issuid(void) diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c index a72fb24eab..6a14547c62 100644 --- a/source4/heimdal/lib/roken/resolve.c +++ b/source4/heimdal/lib/roken/resolve.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include #endif -#include +#include "roken.h" #ifdef HAVE_ARPA_NAMESER_H #include #endif diff --git a/source4/heimdal/lib/roken/roken.h b/source4/heimdal/lib/roken/roken.h index 853de9b112..9d1ead97e2 100644 --- a/source4/heimdal/lib/roken/roken.h +++ b/source4/heimdal/lib/roken/roken.h @@ -1,6 +1,12 @@ +/* This is an OS dependent, generated file */ + + +#ifndef __ROKEN_H__ +#define __ROKEN_H__ + /* -*- C -*- */ /* - * Copyright (c) 1995-2005 Kungliga Tekniska Högskolan + * Copyright (c) 1995-2005 Kungliga Tekniska H * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,375 +38,122 @@ * SUCH DAMAGE. */ -/* $Id: roken.h.in,v 1.178 2005/09/28 03:04:54 lha Exp $ */ +/* $Id: roken.h.in,v 1.182 2006/10/19 16:35:16 lha Exp $ */ #include #include #include -#ifdef HAVE_STDINT_H #include -#endif #include #include -#ifdef _AIX -struct ether_addr; -struct sockaddr_dl; -#endif -#ifdef HAVE_SYS_PARAM_H #include -#endif -#ifdef HAVE_INTTYPES_H #include -#endif -#ifdef HAVE_SYS_TYPES_H #include -#endif -#ifdef HAVE_SYS_BITYPES_H #include -#endif -#ifdef HAVE_BIND_BITYPES_H -#include -#endif -#ifdef HAVE_NETINET_IN6_MACHTYPES_H -#include -#endif -#ifdef HAVE_UNISTD_H #include -#endif -#ifdef HAVE_SYS_SOCKET_H #include -#endif -#ifdef HAVE_SYS_UIO_H #include -#endif -#ifdef HAVE_GRP_H #include -#endif -#ifdef HAVE_SYS_STAT_H #include -#endif -#ifdef HAVE_NETINET_IN_H #include -#endif -#ifdef HAVE_NETINET_IN6_H -#include -#endif -#ifdef HAVE_NETINET6_IN6_H -#include -#endif -#ifdef HAVE_ARPA_INET_H #include -#endif -#ifdef HAVE_NETDB_H #include -#endif -#ifdef HAVE_ARPA_NAMESER_H #include -#endif -#ifdef HAVE_RESOLV_H #include -#endif -#ifdef HAVE_SYSLOG_H #include -#endif -#ifdef HAVE_FCNTL_H #include -#endif -#ifdef HAVE_ERRNO_H #include -#endif #include -#ifdef HAVE_TERMIOS_H #include -#endif -#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 #include -#endif -#ifdef TIME_WITH_SYS_TIME #include #include -#elif defined(HAVE_SYS_TIME_H) -#include -#else -#include -#endif -#ifdef HAVE_STRINGS_H #include -#endif -#ifdef HAVE_PATHS_H #include -#endif -#ifndef HAVE_SSIZE_T -typedef int ssize_t; -#endif #include ROKEN_CPP_START -#ifdef HAVE_UINTPTR_T #define rk_UNCONST(x) ((void *)(uintptr_t)(const void *)(x)) -#else -#define rk_UNCONST(x) ((void *)(unsigned long)(const void *)(x)) -#endif -#if !defined(HAVE_SETSID) && defined(HAVE__SETSID) -#define setsid _setsid -#endif -#ifndef HAVE_PUTENV -int ROKEN_LIB_FUNCTION putenv(const char *); -#endif -#if !defined(HAVE_SETENV) || defined(NEED_SETENV_PROTO) -int ROKEN_LIB_FUNCTION setenv(const char *, const char *, int); -#endif -#if !defined(HAVE_UNSETENV) || defined(NEED_UNSETENV_PROTO) -void ROKEN_LIB_FUNCTION unsetenv(const char *); -#endif -#if !defined(HAVE_GETUSERSHELL) || defined(NEED_GETUSERSHELL_PROTO) -char * ROKEN_LIB_FUNCTION getusershell(void); -void ROKEN_LIB_FUNCTION endusershell(void); -#endif -#if !defined(HAVE_SNPRINTF) || defined(NEED_SNPRINTF_PROTO) -int ROKEN_LIB_FUNCTION snprintf (char *, size_t, const char *, ...) - __attribute__ ((format (printf, 3, 4))); -#endif -#if !defined(HAVE_VSNPRINTF) || defined(NEED_VSNPRINTF_PROTO) -int ROKEN_LIB_FUNCTION - vsnprintf (char *, size_t, const char *, va_list) - __attribute__((format (printf, 3, 0))); -#endif -#if !defined(HAVE_ASPRINTF) || defined(NEED_ASPRINTF_PROTO) -int ROKEN_LIB_FUNCTION - asprintf (char **, const char *, ...) - __attribute__ ((format (printf, 2, 3))); -#endif -#if !defined(HAVE_VASPRINTF) || defined(NEED_VASPRINTF_PROTO) -int ROKEN_LIB_FUNCTION - vasprintf (char **, const char *, va_list) - __attribute__((format (printf, 2, 0))); -#endif -#if !defined(HAVE_ASNPRINTF) || defined(NEED_ASNPRINTF_PROTO) int ROKEN_LIB_FUNCTION asnprintf (char **, size_t, const char *, ...) __attribute__ ((format (printf, 3, 4))); -#endif -#if !defined(HAVE_VASNPRINTF) || defined(NEED_VASNPRINTF_PROTO) int ROKEN_LIB_FUNCTION vasnprintf (char **, size_t, const char *, va_list) __attribute__((format (printf, 3, 0))); -#endif -#ifndef HAVE_STRDUP -char * ROKEN_LIB_FUNCTION strdup(const char *); -#endif -#if !defined(HAVE_STRNDUP) || defined(NEED_STRNDUP_PROTO) -char * ROKEN_LIB_FUNCTION strndup(const char *, size_t); -#endif -#ifndef HAVE_STRLWR char * ROKEN_LIB_FUNCTION strlwr(char *); -#endif -#ifndef HAVE_STRNLEN -size_t ROKEN_LIB_FUNCTION strnlen(const char*, size_t); -#endif -#if !defined(HAVE_STRSEP) || defined(NEED_STRSEP_PROTO) -char * ROKEN_LIB_FUNCTION strsep(char**, const char*); -#endif -#if !defined(HAVE_STRSEP_COPY) || defined(NEED_STRSEP_COPY_PROTO) ssize_t ROKEN_LIB_FUNCTION strsep_copy(const char**, const char*, char*, size_t); -#endif -#ifndef HAVE_STRCASECMP -int ROKEN_LIB_FUNCTION strcasecmp(const char *, const char *); -#endif -#ifdef NEED_FCLOSE_PROTO -int ROKEN_LIB_FUNCTION fclose(FILE *); -#endif -#ifdef NEED_STRTOK_R_PROTO -char * ROKEN_LIB_FUNCTION strtok_r(char *, const char *, char **); -#endif -#ifndef HAVE_STRUPR char * ROKEN_LIB_FUNCTION strupr(char *); -#endif -#ifndef HAVE_STRLCPY size_t ROKEN_LIB_FUNCTION strlcpy (char *, const char *, size_t); -#endif -#ifndef HAVE_STRLCAT size_t ROKEN_LIB_FUNCTION strlcat (char *, const char *, size_t); -#endif -#ifndef HAVE_GETDTABLESIZE -int ROKEN_LIB_FUNCTION getdtablesize(void); -#endif -#if !defined(HAVE_STRERROR) && !defined(strerror) -char * ROKEN_LIB_FUNCTION strerror(int); -#endif -#if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO) -/* This causes a fatal error under Psoriasis */ -#if !(defined(SunOS) && (SunOS >= 50)) -const char * ROKEN_LIB_FUNCTION hstrerror(int); -#endif -#endif -#if !HAVE_DECL_H_ERRNO -extern int h_errno; -#endif -#if !defined(HAVE_INET_ATON) || defined(NEED_INET_ATON_PROTO) -int ROKEN_LIB_FUNCTION inet_aton(const char *, struct in_addr *); -#endif -#ifndef HAVE_INET_NTOP -const char * ROKEN_LIB_FUNCTION -inet_ntop(int af, const void *src, char *dst, size_t size); -#endif -#ifndef HAVE_INET_PTON -int ROKEN_LIB_FUNCTION -inet_pton(int, const char *, void *); -#endif -#if !defined(HAVE_GETCWD) -char* ROKEN_LIB_FUNCTION getcwd(char *, size_t); -#endif -#ifdef HAVE_PWD_H #include struct passwd * ROKEN_LIB_FUNCTION k_getpwnam (const char *); struct passwd * ROKEN_LIB_FUNCTION k_getpwuid (uid_t); -#endif const char * ROKEN_LIB_FUNCTION get_default_username (void); -#ifndef HAVE_SETEUID -int ROKEN_LIB_FUNCTION seteuid(uid_t); -#endif -#ifndef HAVE_SETEGID -int ROKEN_LIB_FUNCTION setegid(gid_t); -#endif -#ifndef HAVE_LSTAT -int ROKEN_LIB_FUNCTION lstat(const char *, struct stat *); -#endif -#if !defined(HAVE_MKSTEMP) || defined(NEED_MKSTEMP_PROTO) int ROKEN_LIB_FUNCTION mkstemp(char *); -#endif -#ifndef HAVE_CGETENT int ROKEN_LIB_FUNCTION cgetent(char **, char **, const char *); int ROKEN_LIB_FUNCTION cgetstr(char *, const char *, char **); -#endif -#ifndef HAVE_INITGROUPS -int ROKEN_LIB_FUNCTION initgroups(const char *, gid_t); -#endif -#ifndef HAVE_FCHOWN -int ROKEN_LIB_FUNCTION fchown(int, uid_t, gid_t); -#endif -#if !defined(HAVE_DAEMON) || defined(NEED_DAEMON_PROTO) -int ROKEN_LIB_FUNCTION daemon(int, int); -#endif -#ifndef HAVE_INNETGR -int ROKEN_LIB_FUNCTION innetgr(const char *, const char *, - const char *, const char *); -#endif -#ifndef HAVE_CHOWN -int ROKEN_LIB_FUNCTION chown(const char *, uid_t, gid_t); -#endif -#ifndef HAVE_RCMD -int ROKEN_LIB_FUNCTION - rcmd(char **, unsigned short, const char *, - const char *, const char *, int *); -#endif - -#if !defined(HAVE_INNETGR) || defined(NEED_INNETGR_PROTO) -int ROKEN_LIB_FUNCTION innetgr(const char*, const char*, - const char*, const char*); -#endif - -#ifndef HAVE_IRUSEROK -int ROKEN_LIB_FUNCTION iruserok(unsigned, int, - const char *, const char *); -#endif - -#if !defined(HAVE_GETHOSTNAME) || defined(NEED_GETHOSTNAME_PROTO) -int ROKEN_LIB_FUNCTION gethostname(char *, int); -#endif - -#ifndef HAVE_WRITEV -ssize_t ROKEN_LIB_FUNCTION -writev(int, const struct iovec *, int); -#endif - -#ifndef HAVE_READV -ssize_t ROKEN_LIB_FUNCTION -readv(int, const struct iovec *, int); -#endif - -#ifndef HAVE_MKSTEMP -int ROKEN_LIB_FUNCTION -mkstemp(char *); -#endif -#ifndef HAVE_PIDFILE + + + + + + void ROKEN_LIB_FUNCTION pidfile (const char*); -#endif -#ifndef HAVE_BSWAP32 unsigned int ROKEN_LIB_FUNCTION bswap32(unsigned int); -#endif -#ifndef HAVE_BSWAP16 unsigned short ROKEN_LIB_FUNCTION bswap16(unsigned short); -#endif - -#ifndef HAVE_FLOCK -#ifndef LOCK_SH -#define LOCK_SH 1 /* Shared lock */ -#endif -#ifndef LOCK_EX -#define LOCK_EX 2 /* Exclusive lock */ -#endif -#ifndef LOCK_NB -#define LOCK_NB 4 /* Don't block when locking */ -#endif -#ifndef LOCK_UN -#define LOCK_UN 8 /* Unlock */ -#endif - -int flock(int fd, int operation); -#endif /* HAVE_FLOCK */ + time_t ROKEN_LIB_FUNCTION tm2time (struct tm, int); @@ -421,140 +174,30 @@ ssize_t ROKEN_LIB_FUNCTION net_read (int, void *, size_t); int ROKEN_LIB_FUNCTION issuid(void); -#ifndef HAVE_STRUCT_WINSIZE -struct winsize { - unsigned short ws_row, ws_col; - unsigned short ws_xpixel, ws_ypixel; -}; -#endif int ROKEN_LIB_FUNCTION get_window_size(int fd, struct winsize *); -#ifndef HAVE_VSYSLOG -void ROKEN_LIB_FUNCTION vsyslog(int, const char *, va_list); -#endif - -#if !HAVE_DECL_OPTARG -extern char *optarg; -#endif -#if !HAVE_DECL_OPTIND -extern int optind; -#endif -#if !HAVE_DECL_OPTERR -extern int opterr; -#endif - -#if !HAVE_DECL_ENVIRON -extern char **environ; -#endif - -#ifndef HAVE_GETIPNODEBYNAME + + + struct hostent * ROKEN_LIB_FUNCTION getipnodebyname (const char *, int, int, int *); -#endif -#ifndef HAVE_GETIPNODEBYADDR struct hostent * ROKEN_LIB_FUNCTION getipnodebyaddr (const void *, size_t, int, int *); -#endif -#ifndef HAVE_FREEHOSTENT void ROKEN_LIB_FUNCTION freehostent (struct hostent *); -#endif -#ifndef HAVE_COPYHOSTENT struct hostent * ROKEN_LIB_FUNCTION copyhostent (const struct hostent *); -#endif -#ifndef HAVE_SOCKLEN_T -typedef int socklen_t; -#endif -#ifndef HAVE_STRUCT_SOCKADDR_STORAGE -#ifndef HAVE_SA_FAMILY_T -typedef unsigned short sa_family_t; -#endif -#ifdef HAVE_IPV6 -#define _SS_MAXSIZE sizeof(struct sockaddr_in6) -#else -#define _SS_MAXSIZE sizeof(struct sockaddr_in) -#endif -#define _SS_ALIGNSIZE sizeof(unsigned long) -#if HAVE_STRUCT_SOCKADDR_SA_LEN -typedef unsigned char roken_sa_family_t; - -#define _SS_PAD1SIZE ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t) - sizeof(unsigned char)) % _SS_ALIGNSIZE) -#define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + sizeof(unsigned char) + _SS_PAD1SIZE + _SS_ALIGNSIZE)) - -struct sockaddr_storage { - unsigned char ss_len; - roken_sa_family_t ss_family; - char __ss_pad1[_SS_PAD1SIZE]; - unsigned long __ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1]; -}; - -#else /* !HAVE_STRUCT_SOCKADDR_SA_LEN */ - -typedef unsigned short roken_sa_family_t; - -#define _SS_PAD1SIZE ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t)) % _SS_ALIGNSIZE) -#define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + _SS_PAD1SIZE + _SS_ALIGNSIZE)) - -struct sockaddr_storage { - roken_sa_family_t ss_family; - char __ss_pad1[_SS_PAD1SIZE]; - unsigned long __ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1]; -}; - -#endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */ - -#endif /* HAVE_STRUCT_SOCKADDR_STORAGE */ - -#ifndef HAVE_STRUCT_ADDRINFO -struct addrinfo { - int ai_flags; - int ai_family; - int ai_socktype; - int ai_protocol; - size_t ai_addrlen; - char *ai_canonname; - struct sockaddr *ai_addr; - struct addrinfo *ai_next; -}; -#endif - -#ifndef HAVE_GETADDRINFO -int ROKEN_LIB_FUNCTION -getaddrinfo(const char *, - const char *, - const struct addrinfo *, - struct addrinfo **); -#endif - -#ifndef HAVE_GETNAMEINFO -int ROKEN_LIB_FUNCTION -getnameinfo(const struct sockaddr *, socklen_t, - char *, size_t, - char *, size_t, - int); -#endif - -#ifndef HAVE_FREEADDRINFO -void ROKEN_LIB_FUNCTION -freeaddrinfo(struct addrinfo *); -#endif - -#ifndef HAVE_GAI_STRERROR -const char * ROKEN_LIB_FUNCTION -gai_strerror(int); -#endif int ROKEN_LIB_FUNCTION getnameinfo_verified(const struct sockaddr *, socklen_t, @@ -567,130 +210,68 @@ roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **); int ROKEN_LIB_FUNCTION roken_getaddrinfo_hostspec2(const char *, int, int, struct addrinfo **); -#ifndef HAVE_STRFTIME -size_t ROKEN_LIB_FUNCTION -strftime (char *, size_t, const char *, const struct tm *); -#endif -#ifndef HAVE_STRPTIME -char * ROKEN_LIB_FUNCTION -strptime (const char *, const char *, struct tm *); -#endif -#ifndef HAVE_EMALLOC void * ROKEN_LIB_FUNCTION emalloc (size_t); -#endif -#ifndef HAVE_ECALLOC void * ROKEN_LIB_FUNCTION ecalloc(size_t, size_t); -#endif -#ifndef HAVE_EREALLOC void * ROKEN_LIB_FUNCTION erealloc (void *, size_t); -#endif -#ifndef HAVE_ESTRDUP char * ROKEN_LIB_FUNCTION estrdup (const char *); -#endif /* * kludges and such */ -#if 1 int ROKEN_LIB_FUNCTION roken_gethostby_setup(const char*, const char*); struct hostent* ROKEN_LIB_FUNCTION roken_gethostbyname(const char*); struct hostent* ROKEN_LIB_FUNCTION roken_gethostbyaddr(const void*, size_t, int); -#else -#ifdef GETHOSTBYNAME_PROTO_COMPATIBLE -#define roken_gethostbyname(x) gethostbyname(x) -#else -#define roken_gethostbyname(x) gethostbyname((char *)x) -#endif - -#ifdef GETHOSTBYADDR_PROTO_COMPATIBLE -#define roken_gethostbyaddr(a, l, t) gethostbyaddr(a, l, t) -#else -#define roken_gethostbyaddr(a, l, t) gethostbyaddr((char *)a, l, t) -#endif -#endif - -#ifdef GETSERVBYNAME_PROTO_COMPATIBLE + #define roken_getservbyname(x,y) getservbyname(x,y) -#else -#define roken_getservbyname(x,y) getservbyname((char *)x, (char *)y) -#endif -#ifdef OPENLOG_PROTO_COMPATIBLE #define roken_openlog(a,b,c) openlog(a,b,c) -#else -#define roken_openlog(a,b,c) openlog((char *)a,b,c) -#endif -#ifdef GETSOCKNAME_PROTO_COMPATIBLE #define roken_getsockname(a,b,c) getsockname(a,b,c) -#else -#define roken_getsockname(a,b,c) getsockname(a, b, (void*)c) -#endif -#ifndef HAVE_SETPROGNAME void ROKEN_LIB_FUNCTION setprogname(const char *); -#endif -#ifndef HAVE_GETPROGNAME const char * ROKEN_LIB_FUNCTION getprogname(void); -#endif -#if !defined(HAVE_SETPROGNAME) && !defined(HAVE_GETPROGNAME) && !HAVE_DECL___PROGNAME extern const char *__progname; -#endif void ROKEN_LIB_FUNCTION mini_inetd_addrinfo (struct addrinfo*); void ROKEN_LIB_FUNCTION mini_inetd (int); -#ifndef HAVE_LOCALTIME_R -struct tm * ROKEN_LIB_FUNCTION -localtime_r(const time_t *, struct tm *); -#endif -#if !defined(HAVE_STRSVIS) || defined(NEED_STRSVIS_PROTO) int ROKEN_LIB_FUNCTION strsvis(char *, const char *, int, const char *); -#endif -#if !defined(HAVE_STRUNVIS) || defined(NEED_STRUNVIS_PROTO) int ROKEN_LIB_FUNCTION strunvis(char *, const char *); -#endif -#if !defined(HAVE_STRVIS) || defined(NEED_STRVIS_PROTO) int ROKEN_LIB_FUNCTION strvis(char *, const char *, int); -#endif -#if !defined(HAVE_STRVISX) || defined(NEED_STRVISX_PROTO) int ROKEN_LIB_FUNCTION strvisx(char *, const char *, size_t, int); -#endif -#if !defined(HAVE_SVIS) || defined(NEED_SVIS_PROTO) char * ROKEN_LIB_FUNCTION svis(char *, int, int, int, const char *); -#endif -#if !defined(HAVE_UNVIS) || defined(NEED_UNVIS_PROTO) int ROKEN_LIB_FUNCTION unvis(char *, int, int *, int); -#endif -#if !defined(HAVE_VIS) || defined(NEED_VIS_PROTO) char * ROKEN_LIB_FUNCTION vis(char *, int, int, int); -#endif -#if !defined(HAVE_CLOSEFROM) int ROKEN_LIB_FUNCTION closefrom(int); -#endif + + +#include ROKEN_CPP_END +#define ROKEN_VERSION 0.8pre-samba + +#endif /* __ROKEN_H__ */ diff --git a/source4/heimdal/lib/roken/setprogname.c b/source4/heimdal/lib/roken/setprogname.c index c13e8d4ee1..315fa52e50 100644 --- a/source4/heimdal/lib/roken/setprogname.c +++ b/source4/heimdal/lib/roken/setprogname.c @@ -36,7 +36,7 @@ RCSID("$Id: setprogname.c,v 1.4 2005/08/23 10:19:20 lha Exp $"); #endif -#include +#include "roken.h" #ifndef HAVE___PROGNAME extern const char *__progname; diff --git a/source4/heimdal/lib/roken/signal.c b/source4/heimdal/lib/roken/signal.c index 7076847fb3..d92742d9fb 100644 --- a/source4/heimdal/lib/roken/signal.c +++ b/source4/heimdal/lib/roken/signal.c @@ -37,7 +37,7 @@ RCSID("$Id: signal.c,v 1.13 2005/04/12 11:29:05 lha Exp $"); #endif #include -#include +#include "roken.h" /* * We would like to always use this signal but there is a link error diff --git a/source4/heimdal/lib/roken/strsep.c b/source4/heimdal/lib/roken/strsep.c index f08c33b7a5..e34c10fe26 100644 --- a/source4/heimdal/lib/roken/strsep.c +++ b/source4/heimdal/lib/roken/strsep.c @@ -38,7 +38,7 @@ RCSID("$Id: strsep.c,v 1.4 2005/04/12 11:29:10 lha Exp $"); #include -#include +#include "roken.h" #ifndef HAVE_STRSEP diff --git a/source4/heimdal/lib/roken/strsep_copy.c b/source4/heimdal/lib/roken/strsep_copy.c index 34759fe15c..5149838547 100644 --- a/source4/heimdal/lib/roken/strsep_copy.c +++ b/source4/heimdal/lib/roken/strsep_copy.c @@ -38,7 +38,7 @@ RCSID("$Id: strsep_copy.c,v 1.5 2005/04/12 11:29:11 lha Exp $"); #include -#include +#include "roken.h" #ifndef HAVE_STRSEP_COPY -- cgit From 601f0e63166d1cbae59bbfd397f2daac4d0de285 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Nov 2006 10:40:50 +0000 Subject: r19606: Remove generated files Andrew Bartlett (This used to be commit 7b7e1fe15358d9ed1893305fbf8a1010293ed772) --- source4/heimdal/lib/krb5/heim_err.c | 162 --------------------- source4/heimdal/lib/krb5/k524_err.c | 30 ---- source4/heimdal/lib/krb5/krb5_err.c | 271 ------------------------------------ 3 files changed, 463 deletions(-) delete mode 100644 source4/heimdal/lib/krb5/heim_err.c delete mode 100644 source4/heimdal/lib/krb5/k524_err.c delete mode 100644 source4/heimdal/lib/krb5/krb5_err.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/heim_err.c b/source4/heimdal/lib/krb5/heim_err.c deleted file mode 100644 index f72a265ba9..0000000000 --- a/source4/heimdal/lib/krb5/heim_err.c +++ /dev/null @@ -1,162 +0,0 @@ -/* Generated from heim_err.et */ -/* $Id: heim_err.et,v 1.13 2004/02/13 16:23:40 lha Exp $ */ - -#include -#include -#include "heim_err.h" - -static const char *heim_error_strings[] = { - /* 000 */ "Error parsing log destination", - /* 001 */ "Failed to convert v4 principal", - /* 002 */ "Salt type is not supported by enctype", - /* 003 */ "Host not found", - /* 004 */ "Operation not supported", - /* 005 */ "End of file", - /* 006 */ "Failed to get the master key", - /* 007 */ "Unacceptable service used", - /* 008 */ "Reserved heim error (8)", - /* 009 */ "Reserved heim error (9)", - /* 010 */ "Reserved heim error (10)", - /* 011 */ "Reserved heim error (11)", - /* 012 */ "Reserved heim error (12)", - /* 013 */ "Reserved heim error (13)", - /* 014 */ "Reserved heim error (14)", - /* 015 */ "Reserved heim error (15)", - /* 016 */ "Reserved heim error (16)", - /* 017 */ "Reserved heim error (17)", - /* 018 */ "Reserved heim error (18)", - /* 019 */ "Reserved heim error (19)", - /* 020 */ "Reserved heim error (20)", - /* 021 */ "Reserved heim error (21)", - /* 022 */ "Reserved heim error (22)", - /* 023 */ "Reserved heim error (23)", - /* 024 */ "Reserved heim error (24)", - /* 025 */ "Reserved heim error (25)", - /* 026 */ "Reserved heim error (26)", - /* 027 */ "Reserved heim error (27)", - /* 028 */ "Reserved heim error (28)", - /* 029 */ "Reserved heim error (29)", - /* 030 */ "Reserved heim error (30)", - /* 031 */ "Reserved heim error (31)", - /* 032 */ "Reserved heim error (32)", - /* 033 */ "Reserved heim error (33)", - /* 034 */ "Reserved heim error (34)", - /* 035 */ "Reserved heim error (35)", - /* 036 */ "Reserved heim error (36)", - /* 037 */ "Reserved heim error (37)", - /* 038 */ "Reserved heim error (38)", - /* 039 */ "Reserved heim error (39)", - /* 040 */ "Reserved heim error (40)", - /* 041 */ "Reserved heim error (41)", - /* 042 */ "Reserved heim error (42)", - /* 043 */ "Reserved heim error (43)", - /* 044 */ "Reserved heim error (44)", - /* 045 */ "Reserved heim error (45)", - /* 046 */ "Reserved heim error (46)", - /* 047 */ "Reserved heim error (47)", - /* 048 */ "Reserved heim error (48)", - /* 049 */ "Reserved heim error (49)", - /* 050 */ "Reserved heim error (50)", - /* 051 */ "Reserved heim error (51)", - /* 052 */ "Reserved heim error (52)", - /* 053 */ "Reserved heim error (53)", - /* 054 */ "Reserved heim error (54)", - /* 055 */ "Reserved heim error (55)", - /* 056 */ "Reserved heim error (56)", - /* 057 */ "Reserved heim error (57)", - /* 058 */ "Reserved heim error (58)", - /* 059 */ "Reserved heim error (59)", - /* 060 */ "Reserved heim error (60)", - /* 061 */ "Reserved heim error (61)", - /* 062 */ "Reserved heim error (62)", - /* 063 */ "Reserved heim error (63)", - /* 064 */ "Certificate missing", - /* 065 */ "Private key missing", - /* 066 */ "No valid certificate authority", - /* 067 */ "Certificate invalid", - /* 068 */ "Private key invalid", - /* 069 */ "Reserved heim error (69)", - /* 070 */ "Reserved heim error (70)", - /* 071 */ "Reserved heim error (71)", - /* 072 */ "Reserved heim error (72)", - /* 073 */ "Reserved heim error (73)", - /* 074 */ "Reserved heim error (74)", - /* 075 */ "Reserved heim error (75)", - /* 076 */ "Reserved heim error (76)", - /* 077 */ "Reserved heim error (77)", - /* 078 */ "Reserved heim error (78)", - /* 079 */ "Reserved heim error (79)", - /* 080 */ "Reserved heim error (80)", - /* 081 */ "Reserved heim error (81)", - /* 082 */ "Reserved heim error (82)", - /* 083 */ "Reserved heim error (83)", - /* 084 */ "Reserved heim error (84)", - /* 085 */ "Reserved heim error (85)", - /* 086 */ "Reserved heim error (86)", - /* 087 */ "Reserved heim error (87)", - /* 088 */ "Reserved heim error (88)", - /* 089 */ "Reserved heim error (89)", - /* 090 */ "Reserved heim error (90)", - /* 091 */ "Reserved heim error (91)", - /* 092 */ "Reserved heim error (92)", - /* 093 */ "Reserved heim error (93)", - /* 094 */ "Reserved heim error (94)", - /* 095 */ "Reserved heim error (95)", - /* 096 */ "Reserved heim error (96)", - /* 097 */ "Reserved heim error (97)", - /* 098 */ "Reserved heim error (98)", - /* 099 */ "Reserved heim error (99)", - /* 100 */ "Reserved heim error (100)", - /* 101 */ "Reserved heim error (101)", - /* 102 */ "Reserved heim error (102)", - /* 103 */ "Reserved heim error (103)", - /* 104 */ "Reserved heim error (104)", - /* 105 */ "Reserved heim error (105)", - /* 106 */ "Reserved heim error (106)", - /* 107 */ "Reserved heim error (107)", - /* 108 */ "Reserved heim error (108)", - /* 109 */ "Reserved heim error (109)", - /* 110 */ "Reserved heim error (110)", - /* 111 */ "Reserved heim error (111)", - /* 112 */ "Reserved heim error (112)", - /* 113 */ "Reserved heim error (113)", - /* 114 */ "Reserved heim error (114)", - /* 115 */ "Reserved heim error (115)", - /* 116 */ "Reserved heim error (116)", - /* 117 */ "Reserved heim error (117)", - /* 118 */ "Reserved heim error (118)", - /* 119 */ "Reserved heim error (119)", - /* 120 */ "Reserved heim error (120)", - /* 121 */ "Reserved heim error (121)", - /* 122 */ "Reserved heim error (122)", - /* 123 */ "Reserved heim error (123)", - /* 124 */ "Reserved heim error (124)", - /* 125 */ "Reserved heim error (125)", - /* 126 */ "Reserved heim error (126)", - /* 127 */ "Reserved heim error (127)", - /* 128 */ "unknown error from getaddrinfo", - /* 129 */ "address family for nodename not supported", - /* 130 */ "temporary failure in name resolution", - /* 131 */ "invalid value for ai_flags", - /* 132 */ "non-recoverable failure in name resolution", - /* 133 */ "ai_family not supported", - /* 134 */ "memory allocation failure", - /* 135 */ "no address associated with nodename", - /* 136 */ "nodename nor servname provided, or not known", - /* 137 */ "servname not supported for ai_socktype", - /* 138 */ "ai_socktype not supported", - /* 139 */ "system error returned in errno", - NULL -}; - -#define num_errors 140 - -void initialize_heim_error_table_r(struct et_list **list) -{ - initialize_error_table_r(list, heim_error_strings, num_errors, ERROR_TABLE_BASE_heim); -} - -void initialize_heim_error_table(void) -{ - init_error_table(heim_error_strings, ERROR_TABLE_BASE_heim, num_errors); -} diff --git a/source4/heimdal/lib/krb5/k524_err.c b/source4/heimdal/lib/krb5/k524_err.c deleted file mode 100644 index 266d3ee577..0000000000 --- a/source4/heimdal/lib/krb5/k524_err.c +++ /dev/null @@ -1,30 +0,0 @@ -/* Generated from k524_err.et */ -/* $Id: k524_err.et,v 1.1 2001/06/20 02:44:11 joda Exp $ */ - -#include -#include -#include "k524_err.h" - -static const char *k524_error_strings[] = { - /* 000 */ "wrong keytype in ticket", - /* 001 */ "incorrect network address", - /* 002 */ "cannot convert V5 principal", - /* 003 */ "V5 realm name longer than V4 maximum", - /* 004 */ "kerberos V4 error server", - /* 005 */ "encoding too large at server", - /* 006 */ "decoding out of data", - /* 007 */ "service not responding", - NULL -}; - -#define num_errors 8 - -void initialize_k524_error_table_r(struct et_list **list) -{ - initialize_error_table_r(list, k524_error_strings, num_errors, ERROR_TABLE_BASE_k524); -} - -void initialize_k524_error_table(void) -{ - init_error_table(k524_error_strings, ERROR_TABLE_BASE_k524, num_errors); -} diff --git a/source4/heimdal/lib/krb5/krb5_err.c b/source4/heimdal/lib/krb5/krb5_err.c deleted file mode 100644 index 9185f729d5..0000000000 --- a/source4/heimdal/lib/krb5/krb5_err.c +++ /dev/null @@ -1,271 +0,0 @@ -/* Generated from krb5_err.et */ -/* $Id: krb5_err.et,v 1.14 2006/02/13 11:28:22 lha Exp $ */ - -#include -#include -#include "krb5_err.h" - -static const char *krb5_error_strings[] = { - /* 000 */ "No error", - /* 001 */ "Client's entry in database has expired", - /* 002 */ "Server's entry in database has expired", - /* 003 */ "Requested protocol version not supported", - /* 004 */ "Client's key is encrypted in an old master key", - /* 005 */ "Server's key is encrypted in an old master key", - /* 006 */ "Client not found in Kerberos database", - /* 007 */ "Server not found in Kerberos database", - /* 008 */ "Principal has multiple entries in Kerberos database", - /* 009 */ "Client or server has a null key", - /* 010 */ "Ticket is ineligible for postdating", - /* 011 */ "Requested effective lifetime is negative or too short", - /* 012 */ "KDC policy rejects request", - /* 013 */ "KDC can't fulfill requested option", - /* 014 */ "KDC has no support for encryption type", - /* 015 */ "KDC has no support for checksum type", - /* 016 */ "KDC has no support for padata type", - /* 017 */ "KDC has no support for transited type", - /* 018 */ "Clients credentials have been revoked", - /* 019 */ "Credentials for server have been revoked", - /* 020 */ "TGT has been revoked", - /* 021 */ "Client not yet valid - try again later", - /* 022 */ "Server not yet valid - try again later", - /* 023 */ "Password has expired", - /* 024 */ "Preauthentication failed", - /* 025 */ "Additional pre-authentication required", - /* 026 */ "Requested server and ticket don't match", - /* 027 */ "Reserved krb5 error (27)", - /* 028 */ "Reserved krb5 error (28)", - /* 029 */ "Reserved krb5 error (29)", - /* 030 */ "Reserved krb5 error (30)", - /* 031 */ "Decrypt integrity check failed", - /* 032 */ "Ticket expired", - /* 033 */ "Ticket not yet valid", - /* 034 */ "Request is a replay", - /* 035 */ "The ticket isn't for us", - /* 036 */ "Ticket/authenticator don't match", - /* 037 */ "Clock skew too great", - /* 038 */ "Incorrect net address", - /* 039 */ "Protocol version mismatch", - /* 040 */ "Invalid message type", - /* 041 */ "Message stream modified", - /* 042 */ "Message out of order", - /* 043 */ "Invalid cross-realm ticket", - /* 044 */ "Key version is not available", - /* 045 */ "Service key not available", - /* 046 */ "Mutual authentication failed", - /* 047 */ "Incorrect message direction", - /* 048 */ "Alternative authentication method required", - /* 049 */ "Incorrect sequence number in message", - /* 050 */ "Inappropriate type of checksum in message", - /* 051 */ "Policy rejects transited path", - /* 052 */ "Response too big for UDP, retry with TCP", - /* 053 */ "Reserved krb5 error (53)", - /* 054 */ "Reserved krb5 error (54)", - /* 055 */ "Reserved krb5 error (55)", - /* 056 */ "Reserved krb5 error (56)", - /* 057 */ "Reserved krb5 error (57)", - /* 058 */ "Reserved krb5 error (58)", - /* 059 */ "Reserved krb5 error (59)", - /* 060 */ "Generic error (see e-text)", - /* 061 */ "Field is too long for this implementation", - /* 062 */ "Client not trusted", - /* 063 */ "KDC not trusted", - /* 064 */ "Invalid signature", - /* 065 */ "DH parameters not accepted", - /* 066 */ "Reserved krb5 error (66)", - /* 067 */ "Reserved krb5 error (67)", - /* 068 */ "Reserved krb5 error (68)", - /* 069 */ "User to user required", - /* 070 */ "Cannot verify certificate", - /* 071 */ "Certificate invalid", - /* 072 */ "Certificate revoked", - /* 073 */ "Revocation status unknown", - /* 074 */ "Revocation status unknown", - /* 075 */ "Inconsistent key purpose", - /* 076 */ "Digest in certificate not accepted", - /* 077 */ "paChecksum must be included", - /* 078 */ "Digest in signedData not accepted", - /* 079 */ "Public key encryption not supported", - /* 080 */ "Reserved krb5 error (80)", - /* 081 */ "Reserved krb5 error (81)", - /* 082 */ "Reserved krb5 error (82)", - /* 083 */ "Reserved krb5 error (83)", - /* 084 */ "Reserved krb5 error (84)", - /* 085 */ "Reserved krb5 error (85)", - /* 086 */ "Reserved krb5 error (86)", - /* 087 */ "Reserved krb5 error (87)", - /* 088 */ "Reserved krb5 error (88)", - /* 089 */ "Reserved krb5 error (89)", - /* 090 */ "Reserved krb5 error (90)", - /* 091 */ "Reserved krb5 error (91)", - /* 092 */ "Reserved krb5 error (92)", - /* 093 */ "Reserved krb5 error (93)", - /* 094 */ "Reserved krb5 error (94)", - /* 095 */ "Reserved krb5 error (95)", - /* 096 */ "Reserved krb5 error (96)", - /* 097 */ "Reserved krb5 error (97)", - /* 098 */ "Reserved krb5 error (98)", - /* 099 */ "Reserved krb5 error (99)", - /* 100 */ "Reserved krb5 error (100)", - /* 101 */ "Reserved krb5 error (101)", - /* 102 */ "Reserved krb5 error (102)", - /* 103 */ "Reserved krb5 error (103)", - /* 104 */ "Reserved krb5 error (104)", - /* 105 */ "Reserved krb5 error (105)", - /* 106 */ "Reserved krb5 error (106)", - /* 107 */ "Reserved krb5 error (107)", - /* 108 */ "Reserved krb5 error (108)", - /* 109 */ "Reserved krb5 error (109)", - /* 110 */ "Reserved krb5 error (110)", - /* 111 */ "Reserved krb5 error (111)", - /* 112 */ "Reserved krb5 error (112)", - /* 113 */ "Reserved krb5 error (113)", - /* 114 */ "Reserved krb5 error (114)", - /* 115 */ "Reserved krb5 error (115)", - /* 116 */ "Reserved krb5 error (116)", - /* 117 */ "Reserved krb5 error (117)", - /* 118 */ "Reserved krb5 error (118)", - /* 119 */ "Reserved krb5 error (119)", - /* 120 */ "Reserved krb5 error (120)", - /* 121 */ "Reserved krb5 error (121)", - /* 122 */ "Reserved krb5 error (122)", - /* 123 */ "Reserved krb5 error (123)", - /* 124 */ "Reserved krb5 error (124)", - /* 125 */ "Reserved krb5 error (125)", - /* 126 */ "Reserved krb5 error (126)", - /* 127 */ "Reserved krb5 error (127)", - /* 128 */ "$Id: krb5_err.et,v 1.14 2006/02/13 11:28:22 lha Exp $", - /* 129 */ "Invalid flag for file lock mode", - /* 130 */ "Cannot read password", - /* 131 */ "Password mismatch", - /* 132 */ "Password read interrupted", - /* 133 */ "Invalid character in component name", - /* 134 */ "Malformed representation of principal", - /* 135 */ "Can't open/find configuration file", - /* 136 */ "Improper format of configuration file", - /* 137 */ "Insufficient space to return complete information", - /* 138 */ "Invalid message type specified for encoding", - /* 139 */ "Credential cache name malformed", - /* 140 */ "Unknown credential cache type", - /* 141 */ "Matching credential not found", - /* 142 */ "End of credential cache reached", - /* 143 */ "Request did not supply a ticket", - /* 144 */ "Wrong principal in request", - /* 145 */ "Ticket has invalid flag set", - /* 146 */ "Requested principal and ticket don't match", - /* 147 */ "KDC reply did not match expectations", - /* 148 */ "Clock skew too great in KDC reply", - /* 149 */ "Client/server realm mismatch in initial ticket request", - /* 150 */ "Program lacks support for encryption type", - /* 151 */ "Program lacks support for key type", - /* 152 */ "Requested encryption type not used in message", - /* 153 */ "Program lacks support for checksum type", - /* 154 */ "Cannot find KDC for requested realm", - /* 155 */ "Kerberos service unknown", - /* 156 */ "Cannot contact any KDC for requested realm", - /* 157 */ "No local name found for principal name", - /* 158 */ "Mutual authentication failed", - /* 159 */ "Replay cache type is already registered", - /* 160 */ "No more memory to allocate (in replay cache code)", - /* 161 */ "Replay cache type is unknown", - /* 162 */ "Generic unknown RC error", - /* 163 */ "Message is a replay", - /* 164 */ "Replay I/O operation failed XXX", - /* 165 */ "Replay cache type does not support non-volatile storage", - /* 166 */ "Replay cache name parse/format error", - /* 167 */ "End-of-file on replay cache I/O", - /* 168 */ "No more memory to allocate (in replay cache I/O code)", - /* 169 */ "Permission denied in replay cache code", - /* 170 */ "I/O error in replay cache i/o code", - /* 171 */ "Generic unknown RC/IO error", - /* 172 */ "Insufficient system space to store replay information", - /* 173 */ "Can't open/find realm translation file", - /* 174 */ "Improper format of realm translation file", - /* 175 */ "Can't open/find lname translation database", - /* 176 */ "No translation available for requested principal", - /* 177 */ "Improper format of translation database entry", - /* 178 */ "Cryptosystem internal error", - /* 179 */ "Key table name malformed", - /* 180 */ "Unknown Key table type", - /* 181 */ "Key table entry not found", - /* 182 */ "End of key table reached", - /* 183 */ "Cannot write to specified key table", - /* 184 */ "Error writing to key table", - /* 185 */ "Cannot find ticket for requested realm", - /* 186 */ "DES key has bad parity", - /* 187 */ "DES key is a weak key", - /* 188 */ "Bad encryption type", - /* 189 */ "Key size is incompatible with encryption type", - /* 190 */ "Message size is incompatible with encryption type", - /* 191 */ "Credentials cache type is already registered.", - /* 192 */ "Key table type is already registered.", - /* 193 */ "Credentials cache I/O operation failed XXX", - /* 194 */ "Credentials cache file permissions incorrect", - /* 195 */ "No credentials cache file found", - /* 196 */ "Internal file credentials cache error", - /* 197 */ "Error writing to credentials cache file", - /* 198 */ "No more memory to allocate (in credentials cache code)", - /* 199 */ "Bad format in credentials cache", - /* 200 */ "No credentials found with supported encryption types", - /* 201 */ "Invalid KDC option combination (library internal error)", - /* 202 */ "Request missing second ticket", - /* 203 */ "No credentials supplied to library routine", - /* 204 */ "Bad sendauth version was sent", - /* 205 */ "Bad application version was sent (via sendauth)", - /* 206 */ "Bad response (during sendauth exchange)", - /* 207 */ "Server rejected authentication (during sendauth exchange)", - /* 208 */ "Unsupported preauthentication type", - /* 209 */ "Required preauthentication key not supplied", - /* 210 */ "Generic preauthentication failure", - /* 211 */ "Unsupported replay cache format version number", - /* 212 */ "Unsupported credentials cache format version number", - /* 213 */ "Unsupported key table format version number", - /* 214 */ "Program lacks support for address type", - /* 215 */ "Message replay detection requires rcache parameter", - /* 216 */ "Hostname cannot be canonicalized", - /* 217 */ "Cannot determine realm for host", - /* 218 */ "Conversion to service principal undefined for name type", - /* 219 */ "Initial Ticket response appears to be Version 4", - /* 220 */ "Cannot resolve KDC for requested realm", - /* 221 */ "Requesting ticket can't get forwardable tickets", - /* 222 */ "Bad principal name while trying to forward credentials", - /* 223 */ "Looping detected inside krb5_get_in_tkt", - /* 224 */ "Configuration file does not specify default realm", - /* 225 */ "Bad SAM flags in obtain_sam_padata", - /* 226 */ "Invalid encryption type in SAM challenge", - /* 227 */ "Missing checksum in SAM challenge", - /* 228 */ "Bad checksum in SAM challenge", - /* 229 */ "Reserved krb5 error (229)", - /* 230 */ "Reserved krb5 error (230)", - /* 231 */ "Reserved krb5 error (231)", - /* 232 */ "Reserved krb5 error (232)", - /* 233 */ "Reserved krb5 error (233)", - /* 234 */ "Reserved krb5 error (234)", - /* 235 */ "Reserved krb5 error (235)", - /* 236 */ "Reserved krb5 error (236)", - /* 237 */ "Reserved krb5 error (237)", - /* 238 */ "Program called an obsolete, deleted function", - /* 239 */ "Reserved krb5 error (239)", - /* 240 */ "Reserved krb5 error (240)", - /* 241 */ "Reserved krb5 error (241)", - /* 242 */ "Reserved krb5 error (242)", - /* 243 */ "Reserved krb5 error (243)", - /* 244 */ "Reserved krb5 error (244)", - /* 245 */ "Invalid key generation parameters from KDC", - /* 246 */ "Service not available", - /* 247 */ "Credential cache function not supported", - /* 248 */ "Invalid format of Kerberos lifetime or clock skew string", - NULL -}; - -#define num_errors 249 - -void initialize_krb5_error_table_r(struct et_list **list) -{ - initialize_error_table_r(list, krb5_error_strings, num_errors, ERROR_TABLE_BASE_krb5); -} - -void initialize_krb5_error_table(void) -{ - init_error_table(krb5_error_strings, ERROR_TABLE_BASE_krb5, num_errors); -} -- cgit From b14dafc3e2abeae3efcf3250b65c3354b0954baa Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 7 Nov 2006 12:08:30 +0000 Subject: r19612: fix the build with auto dependencies the samba4 heimdal copy should do not need to use socket_wrapper metze (This used to be commit 704fe739406fb5eae38f4be9602b77be5ea1dff1) --- source4/heimdal/lib/roken/roken.h | 3 --- 1 file changed, 3 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/roken/roken.h b/source4/heimdal/lib/roken/roken.h index 9d1ead97e2..cba8b3c036 100644 --- a/source4/heimdal/lib/roken/roken.h +++ b/source4/heimdal/lib/roken/roken.h @@ -268,9 +268,6 @@ vis(char *, int, int, int); int ROKEN_LIB_FUNCTION closefrom(int); - -#include - ROKEN_CPP_END #define ROKEN_VERSION 0.8pre-samba -- cgit From 7b1551c4c67f22fb8ff5e04ec2eb115614bb5928 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 7 Nov 2006 12:10:46 +0000 Subject: r19613: remove diff between samba4 and lorikeet metze (This used to be commit bec1783c4c8ebba76c5467982c96e823491ce023) --- source4/heimdal/lib/roken/roken.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/roken/roken.h b/source4/heimdal/lib/roken/roken.h index cba8b3c036..8aa3cc82ce 100644 --- a/source4/heimdal/lib/roken/roken.h +++ b/source4/heimdal/lib/roken/roken.h @@ -268,6 +268,8 @@ vis(char *, int, int, int); int ROKEN_LIB_FUNCTION closefrom(int); + + ROKEN_CPP_END #define ROKEN_VERSION 0.8pre-samba -- cgit From 6f9bed3d3eb71666d8418bcab992d878eadca0c7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 7 Nov 2006 12:47:46 +0000 Subject: r19615: include roken.h.in as this still includes the ifdef's we need in samba4 this should fix the portability of samba4 metze (This used to be commit 497543a17eaea16c3c7f379ed238e573427e28da) --- source4/heimdal/lib/roken/roken.h | 276 -------------- source4/heimdal/lib/roken/roken.h.in | 706 +++++++++++++++++++++++++++++++++++ 2 files changed, 706 insertions(+), 276 deletions(-) delete mode 100644 source4/heimdal/lib/roken/roken.h create mode 100644 source4/heimdal/lib/roken/roken.h.in (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/roken/roken.h b/source4/heimdal/lib/roken/roken.h deleted file mode 100644 index 8aa3cc82ce..0000000000 --- a/source4/heimdal/lib/roken/roken.h +++ /dev/null @@ -1,276 +0,0 @@ -/* This is an OS dependent, generated file */ - - -#ifndef __ROKEN_H__ -#define __ROKEN_H__ - -/* -*- C -*- */ -/* - * Copyright (c) 1995-2005 Kungliga Tekniska H - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: roken.h.in,v 1.182 2006/10/19 16:35:16 lha Exp $ */ - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - - -#include - -ROKEN_CPP_START - -#define rk_UNCONST(x) ((void *)(uintptr_t)(const void *)(x)) - - - - - - - - - - -int ROKEN_LIB_FUNCTION - asnprintf (char **, size_t, const char *, ...) - __attribute__ ((format (printf, 3, 4))); - -int ROKEN_LIB_FUNCTION - vasnprintf (char **, size_t, const char *, va_list) - __attribute__((format (printf, 3, 0))); - - - -char * ROKEN_LIB_FUNCTION strlwr(char *); - - - -ssize_t ROKEN_LIB_FUNCTION strsep_copy(const char**, const char*, char*, size_t); - - - - -char * ROKEN_LIB_FUNCTION strupr(char *); - -size_t ROKEN_LIB_FUNCTION strlcpy (char *, const char *, size_t); - -size_t ROKEN_LIB_FUNCTION strlcat (char *, const char *, size_t); - - - - - - - - - -#include -struct passwd * ROKEN_LIB_FUNCTION k_getpwnam (const char *); -struct passwd * ROKEN_LIB_FUNCTION k_getpwuid (uid_t); - -const char * ROKEN_LIB_FUNCTION get_default_username (void); - - - - -int ROKEN_LIB_FUNCTION mkstemp(char *); - -int ROKEN_LIB_FUNCTION cgetent(char **, char **, const char *); -int ROKEN_LIB_FUNCTION cgetstr(char *, const char *, char **); - - - - - - - - - - - - - -void ROKEN_LIB_FUNCTION pidfile (const char*); - -unsigned int ROKEN_LIB_FUNCTION bswap32(unsigned int); - -unsigned short ROKEN_LIB_FUNCTION bswap16(unsigned short); - - -time_t ROKEN_LIB_FUNCTION tm2time (struct tm, int); - -int ROKEN_LIB_FUNCTION unix_verify_user(char *, char *); - -int ROKEN_LIB_FUNCTION roken_concat (char *, size_t, ...); - -size_t ROKEN_LIB_FUNCTION roken_mconcat (char **, size_t, ...); - -int ROKEN_LIB_FUNCTION roken_vconcat (char *, size_t, va_list); - -size_t ROKEN_LIB_FUNCTION - roken_vmconcat (char **, size_t, va_list); - -ssize_t ROKEN_LIB_FUNCTION net_write (int, const void *, size_t); - -ssize_t ROKEN_LIB_FUNCTION net_read (int, void *, size_t); - -int ROKEN_LIB_FUNCTION issuid(void); - - -int ROKEN_LIB_FUNCTION get_window_size(int fd, struct winsize *); - - - - -struct hostent * ROKEN_LIB_FUNCTION -getipnodebyname (const char *, int, int, int *); - -struct hostent * ROKEN_LIB_FUNCTION -getipnodebyaddr (const void *, size_t, int, int *); - -void ROKEN_LIB_FUNCTION -freehostent (struct hostent *); - -struct hostent * ROKEN_LIB_FUNCTION -copyhostent (const struct hostent *); - - - - - - - - -int ROKEN_LIB_FUNCTION -getnameinfo_verified(const struct sockaddr *, socklen_t, - char *, size_t, - char *, size_t, - int); - -int ROKEN_LIB_FUNCTION -roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **); -int ROKEN_LIB_FUNCTION -roken_getaddrinfo_hostspec2(const char *, int, int, struct addrinfo **); - - - -void * ROKEN_LIB_FUNCTION emalloc (size_t); -void * ROKEN_LIB_FUNCTION ecalloc(size_t, size_t); -void * ROKEN_LIB_FUNCTION erealloc (void *, size_t); -char * ROKEN_LIB_FUNCTION estrdup (const char *); - -/* - * kludges and such - */ - -int ROKEN_LIB_FUNCTION -roken_gethostby_setup(const char*, const char*); -struct hostent* ROKEN_LIB_FUNCTION -roken_gethostbyname(const char*); -struct hostent* ROKEN_LIB_FUNCTION -roken_gethostbyaddr(const void*, size_t, int); - -#define roken_getservbyname(x,y) getservbyname(x,y) - -#define roken_openlog(a,b,c) openlog(a,b,c) - -#define roken_getsockname(a,b,c) getsockname(a,b,c) - -void ROKEN_LIB_FUNCTION setprogname(const char *); - -const char * ROKEN_LIB_FUNCTION getprogname(void); - -extern const char *__progname; - -void ROKEN_LIB_FUNCTION mini_inetd_addrinfo (struct addrinfo*); -void ROKEN_LIB_FUNCTION mini_inetd (int); - - -int ROKEN_LIB_FUNCTION -strsvis(char *, const char *, int, const char *); - -int ROKEN_LIB_FUNCTION -strunvis(char *, const char *); - -int ROKEN_LIB_FUNCTION -strvis(char *, const char *, int); - -int ROKEN_LIB_FUNCTION -strvisx(char *, const char *, size_t, int); - -char * ROKEN_LIB_FUNCTION -svis(char *, int, int, int, const char *); - -int ROKEN_LIB_FUNCTION -unvis(char *, int, int *, int); - -char * ROKEN_LIB_FUNCTION -vis(char *, int, int, int); - -int ROKEN_LIB_FUNCTION -closefrom(int); - - - -ROKEN_CPP_END -#define ROKEN_VERSION 0.8pre-samba - -#endif /* __ROKEN_H__ */ diff --git a/source4/heimdal/lib/roken/roken.h.in b/source4/heimdal/lib/roken/roken.h.in new file mode 100644 index 0000000000..82473d7053 --- /dev/null +++ b/source4/heimdal/lib/roken/roken.h.in @@ -0,0 +1,706 @@ +/* -*- C -*- */ +/* + * Copyright (c) 1995-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: roken.h.in,v 1.182 2006/10/19 16:35:16 lha Exp $ */ + +#include +#include +#include +#ifdef HAVE_STDINT_H +#include +#endif +#include +#include + +#ifdef _AIX +struct ether_addr; +struct sockaddr_dl; +#endif +#ifdef HAVE_SYS_PARAM_H +#include +#endif +#ifdef HAVE_INTTYPES_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_BIND_BITYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN6_MACHTYPES_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_SYS_UIO_H +#include +#endif +#ifdef HAVE_GRP_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETINET_IN6_H +#include +#endif +#ifdef HAVE_NETINET6_IN6_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif +#ifdef HAVE_SYSLOG_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#ifdef HAVE_ERRNO_H +#include +#endif +#include +#ifdef HAVE_TERMIOS_H +#include +#endif +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 +#include +#endif +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif +#ifdef HAVE_STRINGS_H +#include +#endif + +#ifdef HAVE_PATHS_H +#include +#endif + +#ifndef HAVE_SSIZE_T +typedef int ssize_t; +#endif + +#include + +ROKEN_CPP_START + +#ifdef HAVE_UINTPTR_T +#define rk_UNCONST(x) ((void *)(uintptr_t)(const void *)(x)) +#else +#define rk_UNCONST(x) ((void *)(unsigned long)(const void *)(x)) +#endif + +#if !defined(HAVE_SETSID) && defined(HAVE__SETSID) +#define setsid _setsid +#endif + +#ifndef HAVE_PUTENV +int ROKEN_LIB_FUNCTION putenv(const char *); +#endif + +#if !defined(HAVE_SETENV) || defined(NEED_SETENV_PROTO) +int ROKEN_LIB_FUNCTION setenv(const char *, const char *, int); +#endif + +#if !defined(HAVE_UNSETENV) || defined(NEED_UNSETENV_PROTO) +void ROKEN_LIB_FUNCTION unsetenv(const char *); +#endif + +#if !defined(HAVE_GETUSERSHELL) || defined(NEED_GETUSERSHELL_PROTO) +char * ROKEN_LIB_FUNCTION getusershell(void); +void ROKEN_LIB_FUNCTION endusershell(void); +#endif + +#if !defined(HAVE_SNPRINTF) || defined(NEED_SNPRINTF_PROTO) +int ROKEN_LIB_FUNCTION snprintf (char *, size_t, const char *, ...) + __attribute__ ((format (printf, 3, 4))); +#endif + +#if !defined(HAVE_VSNPRINTF) || defined(NEED_VSNPRINTF_PROTO) +int ROKEN_LIB_FUNCTION + vsnprintf (char *, size_t, const char *, va_list) + __attribute__((format (printf, 3, 0))); +#endif + +#if !defined(HAVE_ASPRINTF) || defined(NEED_ASPRINTF_PROTO) +int ROKEN_LIB_FUNCTION + asprintf (char **, const char *, ...) + __attribute__ ((format (printf, 2, 3))); +#endif + +#if !defined(HAVE_VASPRINTF) || defined(NEED_VASPRINTF_PROTO) +int ROKEN_LIB_FUNCTION + vasprintf (char **, const char *, va_list) + __attribute__((format (printf, 2, 0))); +#endif + +#if !defined(HAVE_ASNPRINTF) || defined(NEED_ASNPRINTF_PROTO) +int ROKEN_LIB_FUNCTION + asnprintf (char **, size_t, const char *, ...) + __attribute__ ((format (printf, 3, 4))); +#endif + +#if !defined(HAVE_VASNPRINTF) || defined(NEED_VASNPRINTF_PROTO) +int ROKEN_LIB_FUNCTION + vasnprintf (char **, size_t, const char *, va_list) + __attribute__((format (printf, 3, 0))); +#endif + +#ifndef HAVE_STRDUP +char * ROKEN_LIB_FUNCTION strdup(const char *); +#endif + +#if !defined(HAVE_STRNDUP) || defined(NEED_STRNDUP_PROTO) +char * ROKEN_LIB_FUNCTION strndup(const char *, size_t); +#endif + +#ifndef HAVE_STRLWR +char * ROKEN_LIB_FUNCTION strlwr(char *); +#endif + +#ifndef HAVE_STRNLEN +size_t ROKEN_LIB_FUNCTION strnlen(const char*, size_t); +#endif + +#if !defined(HAVE_STRSEP) || defined(NEED_STRSEP_PROTO) +char * ROKEN_LIB_FUNCTION strsep(char**, const char*); +#endif + +#if !defined(HAVE_STRSEP_COPY) || defined(NEED_STRSEP_COPY_PROTO) +ssize_t ROKEN_LIB_FUNCTION strsep_copy(const char**, const char*, char*, size_t); +#endif + +#ifndef HAVE_STRCASECMP +int ROKEN_LIB_FUNCTION strcasecmp(const char *, const char *); +#endif + +#ifdef NEED_FCLOSE_PROTO +int ROKEN_LIB_FUNCTION fclose(FILE *); +#endif + +#ifdef NEED_STRTOK_R_PROTO +char * ROKEN_LIB_FUNCTION strtok_r(char *, const char *, char **); +#endif + +#ifndef HAVE_STRUPR +char * ROKEN_LIB_FUNCTION strupr(char *); +#endif + +#ifndef HAVE_STRLCPY +size_t ROKEN_LIB_FUNCTION strlcpy (char *, const char *, size_t); +#endif + +#ifndef HAVE_STRLCAT +size_t ROKEN_LIB_FUNCTION strlcat (char *, const char *, size_t); +#endif + +#ifndef HAVE_GETDTABLESIZE +int ROKEN_LIB_FUNCTION getdtablesize(void); +#endif + +#if !defined(HAVE_STRERROR) && !defined(strerror) +char * ROKEN_LIB_FUNCTION strerror(int); +#endif + +#if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO) +/* This causes a fatal error under Psoriasis */ +#if !(defined(SunOS) && (SunOS >= 50)) +const char * ROKEN_LIB_FUNCTION hstrerror(int); +#endif +#endif + +#if !HAVE_DECL_H_ERRNO +extern int h_errno; +#endif + +#if !defined(HAVE_INET_ATON) || defined(NEED_INET_ATON_PROTO) +int ROKEN_LIB_FUNCTION inet_aton(const char *, struct in_addr *); +#endif + +#ifndef HAVE_INET_NTOP +const char * ROKEN_LIB_FUNCTION +inet_ntop(int af, const void *src, char *dst, size_t size); +#endif + +#ifndef HAVE_INET_PTON +int ROKEN_LIB_FUNCTION +inet_pton(int, const char *, void *); +#endif + +#if !defined(HAVE_GETCWD) +char* ROKEN_LIB_FUNCTION getcwd(char *, size_t); +#endif + +#ifdef HAVE_PWD_H +#include +struct passwd * ROKEN_LIB_FUNCTION k_getpwnam (const char *); +struct passwd * ROKEN_LIB_FUNCTION k_getpwuid (uid_t); +#endif + +const char * ROKEN_LIB_FUNCTION get_default_username (void); + +#ifndef HAVE_SETEUID +int ROKEN_LIB_FUNCTION seteuid(uid_t); +#endif + +#ifndef HAVE_SETEGID +int ROKEN_LIB_FUNCTION setegid(gid_t); +#endif + +#ifndef HAVE_LSTAT +int ROKEN_LIB_FUNCTION lstat(const char *, struct stat *); +#endif + +#if !defined(HAVE_MKSTEMP) || defined(NEED_MKSTEMP_PROTO) +int ROKEN_LIB_FUNCTION mkstemp(char *); +#endif + +#ifndef HAVE_CGETENT +int ROKEN_LIB_FUNCTION cgetent(char **, char **, const char *); +int ROKEN_LIB_FUNCTION cgetstr(char *, const char *, char **); +#endif + +#ifndef HAVE_INITGROUPS +int ROKEN_LIB_FUNCTION initgroups(const char *, gid_t); +#endif + +#ifndef HAVE_FCHOWN +int ROKEN_LIB_FUNCTION fchown(int, uid_t, gid_t); +#endif + +#if !defined(HAVE_DAEMON) || defined(NEED_DAEMON_PROTO) +int ROKEN_LIB_FUNCTION daemon(int, int); +#endif + +#ifndef HAVE_INNETGR +int ROKEN_LIB_FUNCTION innetgr(const char *, const char *, + const char *, const char *); +#endif + +#ifndef HAVE_CHOWN +int ROKEN_LIB_FUNCTION chown(const char *, uid_t, gid_t); +#endif + +#ifndef HAVE_RCMD +int ROKEN_LIB_FUNCTION + rcmd(char **, unsigned short, const char *, + const char *, const char *, int *); +#endif + +#if !defined(HAVE_INNETGR) || defined(NEED_INNETGR_PROTO) +int ROKEN_LIB_FUNCTION innetgr(const char*, const char*, + const char*, const char*); +#endif + +#ifndef HAVE_IRUSEROK +int ROKEN_LIB_FUNCTION iruserok(unsigned, int, + const char *, const char *); +#endif + +#if !defined(HAVE_GETHOSTNAME) || defined(NEED_GETHOSTNAME_PROTO) +int ROKEN_LIB_FUNCTION gethostname(char *, int); +#endif + +#ifndef HAVE_WRITEV +ssize_t ROKEN_LIB_FUNCTION +writev(int, const struct iovec *, int); +#endif + +#ifndef HAVE_READV +ssize_t ROKEN_LIB_FUNCTION +readv(int, const struct iovec *, int); +#endif + +#ifndef HAVE_MKSTEMP +int ROKEN_LIB_FUNCTION +mkstemp(char *); +#endif + +#ifndef HAVE_PIDFILE +void ROKEN_LIB_FUNCTION pidfile (const char*); +#endif + +#ifndef HAVE_BSWAP32 +unsigned int ROKEN_LIB_FUNCTION bswap32(unsigned int); +#endif + +#ifndef HAVE_BSWAP16 +unsigned short ROKEN_LIB_FUNCTION bswap16(unsigned short); +#endif + +#ifndef HAVE_FLOCK +#ifndef LOCK_SH +#define LOCK_SH 1 /* Shared lock */ +#endif +#ifndef LOCK_EX +#define LOCK_EX 2 /* Exclusive lock */ +#endif +#ifndef LOCK_NB +#define LOCK_NB 4 /* Don't block when locking */ +#endif +#ifndef LOCK_UN +#define LOCK_UN 8 /* Unlock */ +#endif + +int flock(int fd, int operation); +#endif /* HAVE_FLOCK */ + +time_t ROKEN_LIB_FUNCTION tm2time (struct tm, int); + +int ROKEN_LIB_FUNCTION unix_verify_user(char *, char *); + +int ROKEN_LIB_FUNCTION roken_concat (char *, size_t, ...); + +size_t ROKEN_LIB_FUNCTION roken_mconcat (char **, size_t, ...); + +int ROKEN_LIB_FUNCTION roken_vconcat (char *, size_t, va_list); + +size_t ROKEN_LIB_FUNCTION + roken_vmconcat (char **, size_t, va_list); + +ssize_t ROKEN_LIB_FUNCTION net_write (int, const void *, size_t); + +ssize_t ROKEN_LIB_FUNCTION net_read (int, void *, size_t); + +int ROKEN_LIB_FUNCTION issuid(void); + +#ifndef HAVE_STRUCT_WINSIZE +struct winsize { + unsigned short ws_row, ws_col; + unsigned short ws_xpixel, ws_ypixel; +}; +#endif + +int ROKEN_LIB_FUNCTION get_window_size(int fd, struct winsize *); + +#ifndef HAVE_VSYSLOG +void ROKEN_LIB_FUNCTION vsyslog(int, const char *, va_list); +#endif + +#if !HAVE_DECL_OPTARG +extern char *optarg; +#endif +#if !HAVE_DECL_OPTIND +extern int optind; +#endif +#if !HAVE_DECL_OPTERR +extern int opterr; +#endif + +#if !HAVE_DECL_ENVIRON +extern char **environ; +#endif + +#ifndef HAVE_GETIPNODEBYNAME +struct hostent * ROKEN_LIB_FUNCTION +getipnodebyname (const char *, int, int, int *); +#endif + +#ifndef HAVE_GETIPNODEBYADDR +struct hostent * ROKEN_LIB_FUNCTION +getipnodebyaddr (const void *, size_t, int, int *); +#endif + +#ifndef HAVE_FREEHOSTENT +void ROKEN_LIB_FUNCTION +freehostent (struct hostent *); +#endif + +#ifndef HAVE_COPYHOSTENT +struct hostent * ROKEN_LIB_FUNCTION +copyhostent (const struct hostent *); +#endif + +#ifndef HAVE_SOCKLEN_T +typedef int socklen_t; +#endif + +#ifndef HAVE_STRUCT_SOCKADDR_STORAGE + +#ifndef HAVE_SA_FAMILY_T +typedef unsigned short sa_family_t; +#endif + +#ifdef HAVE_IPV6 +#define _SS_MAXSIZE sizeof(struct sockaddr_in6) +#else +#define _SS_MAXSIZE sizeof(struct sockaddr_in) +#endif + +#define _SS_ALIGNSIZE sizeof(unsigned long) + +#if HAVE_STRUCT_SOCKADDR_SA_LEN + +typedef unsigned char roken_sa_family_t; + +#define _SS_PAD1SIZE ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t) - sizeof(unsigned char)) % _SS_ALIGNSIZE) +#define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + sizeof(unsigned char) + _SS_PAD1SIZE + _SS_ALIGNSIZE)) + +struct sockaddr_storage { + unsigned char ss_len; + roken_sa_family_t ss_family; + char __ss_pad1[_SS_PAD1SIZE]; + unsigned long __ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1]; +}; + +#else /* !HAVE_STRUCT_SOCKADDR_SA_LEN */ + +typedef unsigned short roken_sa_family_t; + +#define _SS_PAD1SIZE ((2 * _SS_ALIGNSIZE - sizeof (roken_sa_family_t)) % _SS_ALIGNSIZE) +#define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof (roken_sa_family_t) + _SS_PAD1SIZE + _SS_ALIGNSIZE)) + +struct sockaddr_storage { + roken_sa_family_t ss_family; + char __ss_pad1[_SS_PAD1SIZE]; + unsigned long __ss_align[_SS_PAD2SIZE / sizeof(unsigned long) + 1]; +}; + +#endif /* HAVE_STRUCT_SOCKADDR_SA_LEN */ + +#endif /* HAVE_STRUCT_SOCKADDR_STORAGE */ + +#ifndef HAVE_STRUCT_ADDRINFO +struct addrinfo { + int ai_flags; + int ai_family; + int ai_socktype; + int ai_protocol; + size_t ai_addrlen; + char *ai_canonname; + struct sockaddr *ai_addr; + struct addrinfo *ai_next; +}; +#endif + +#ifndef HAVE_GETADDRINFO +int ROKEN_LIB_FUNCTION +getaddrinfo(const char *, + const char *, + const struct addrinfo *, + struct addrinfo **); +#endif + +#ifndef HAVE_GETNAMEINFO +int ROKEN_LIB_FUNCTION +getnameinfo(const struct sockaddr *, socklen_t, + char *, size_t, + char *, size_t, + int); +#endif + +#ifndef HAVE_FREEADDRINFO +void ROKEN_LIB_FUNCTION +freeaddrinfo(struct addrinfo *); +#endif + +#ifndef HAVE_GAI_STRERROR +const char * ROKEN_LIB_FUNCTION +gai_strerror(int); +#endif + +int ROKEN_LIB_FUNCTION +getnameinfo_verified(const struct sockaddr *, socklen_t, + char *, size_t, + char *, size_t, + int); + +int ROKEN_LIB_FUNCTION +roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **); +int ROKEN_LIB_FUNCTION +roken_getaddrinfo_hostspec2(const char *, int, int, struct addrinfo **); + +#ifndef HAVE_STRFTIME +size_t ROKEN_LIB_FUNCTION +strftime (char *, size_t, const char *, const struct tm *); +#endif + +#ifndef HAVE_STRPTIME +char * ROKEN_LIB_FUNCTION +strptime (const char *, const char *, struct tm *); +#endif + +#ifndef HAVE_EMALLOC +void * ROKEN_LIB_FUNCTION emalloc (size_t); +#endif +#ifndef HAVE_ECALLOC +void * ROKEN_LIB_FUNCTION ecalloc(size_t, size_t); +#endif +#ifndef HAVE_EREALLOC +void * ROKEN_LIB_FUNCTION erealloc (void *, size_t); +#endif +#ifndef HAVE_ESTRDUP +char * ROKEN_LIB_FUNCTION estrdup (const char *); +#endif + +/* + * kludges and such + */ + +#if 1 +int ROKEN_LIB_FUNCTION +roken_gethostby_setup(const char*, const char*); +struct hostent* ROKEN_LIB_FUNCTION +roken_gethostbyname(const char*); +struct hostent* ROKEN_LIB_FUNCTION +roken_gethostbyaddr(const void*, size_t, int); +#else +#ifdef GETHOSTBYNAME_PROTO_COMPATIBLE +#define roken_gethostbyname(x) gethostbyname(x) +#else +#define roken_gethostbyname(x) gethostbyname((char *)x) +#endif + +#ifdef GETHOSTBYADDR_PROTO_COMPATIBLE +#define roken_gethostbyaddr(a, l, t) gethostbyaddr(a, l, t) +#else +#define roken_gethostbyaddr(a, l, t) gethostbyaddr((char *)a, l, t) +#endif +#endif + +#ifdef GETSERVBYNAME_PROTO_COMPATIBLE +#define roken_getservbyname(x,y) getservbyname(x,y) +#else +#define roken_getservbyname(x,y) getservbyname((char *)x, (char *)y) +#endif + +#ifdef OPENLOG_PROTO_COMPATIBLE +#define roken_openlog(a,b,c) openlog(a,b,c) +#else +#define roken_openlog(a,b,c) openlog((char *)a,b,c) +#endif + +#ifdef GETSOCKNAME_PROTO_COMPATIBLE +#define roken_getsockname(a,b,c) getsockname(a,b,c) +#else +#define roken_getsockname(a,b,c) getsockname(a, b, (void*)c) +#endif + +#ifndef HAVE_SETPROGNAME +void ROKEN_LIB_FUNCTION setprogname(const char *); +#endif + +#ifndef HAVE_GETPROGNAME +const char * ROKEN_LIB_FUNCTION getprogname(void); +#endif + +#if !defined(HAVE_SETPROGNAME) && !defined(HAVE_GETPROGNAME) && !HAVE_DECL___PROGNAME +extern const char *__progname; +#endif + +void ROKEN_LIB_FUNCTION mini_inetd_addrinfo (struct addrinfo*); +void ROKEN_LIB_FUNCTION mini_inetd (int); + +#ifndef HAVE_LOCALTIME_R +struct tm * ROKEN_LIB_FUNCTION +localtime_r(const time_t *, struct tm *); +#endif + +#if !defined(HAVE_STRSVIS) || defined(NEED_STRSVIS_PROTO) +int ROKEN_LIB_FUNCTION +strsvis(char *, const char *, int, const char *); +#endif + +#if !defined(HAVE_STRUNVIS) || defined(NEED_STRUNVIS_PROTO) +int ROKEN_LIB_FUNCTION +strunvis(char *, const char *); +#endif + +#if !defined(HAVE_STRVIS) || defined(NEED_STRVIS_PROTO) +int ROKEN_LIB_FUNCTION +strvis(char *, const char *, int); +#endif + +#if !defined(HAVE_STRVISX) || defined(NEED_STRVISX_PROTO) +int ROKEN_LIB_FUNCTION +strvisx(char *, const char *, size_t, int); +#endif + +#if !defined(HAVE_SVIS) || defined(NEED_SVIS_PROTO) +char * ROKEN_LIB_FUNCTION +svis(char *, int, int, int, const char *); +#endif + +#if !defined(HAVE_UNVIS) || defined(NEED_UNVIS_PROTO) +int ROKEN_LIB_FUNCTION +unvis(char *, int, int *, int); +#endif + +#if !defined(HAVE_VIS) || defined(NEED_VIS_PROTO) +char * ROKEN_LIB_FUNCTION +vis(char *, int, int, int); +#endif + +#if !defined(HAVE_CLOSEFROM) +int ROKEN_LIB_FUNCTION +closefrom(int); +#endif + +#if !defined(HAVE_TIMEGM) +#define timegm rk_timegm +time_t ROKEN_LIB_FUNCTION +rk_timegm(struct tm *tm); +#endif + +#ifdef SOCKET_WRAPPER_REPLACE +#include +#endif + +ROKEN_CPP_END -- cgit From 14b00f10d9279b580c8bc6479b9e0402a74daf11 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 7 Nov 2006 12:50:24 +0000 Subject: r19616: the heimdal spnego mech doesn't seem to use roken.h and isn't portable (it doesn't compile on suse 10.1 because gethostname() isn't found, unistd.h isn't included...) as we don't need the spnego mech, disable it till it gets fixed in heimdal metze (This used to be commit 0a52e11a9c34281c9ea284e007086b2ae6fce6c7) --- source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c index 3d01ba69d4..b6f261fe29 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c +++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -213,7 +213,9 @@ _gss_load_mech(void) } add_builtin(__gss_krb5_initialize()); +#ifndef _SAMBA_BUILD_ add_builtin(__gss_spnego_initialize()); +#endif fp = fopen(_PATH_GSS_MECH, "r"); if (!fp) { -- cgit From e10791a36451da82906cd7cec66c7a54802353b5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 8 Nov 2006 01:43:23 +0000 Subject: r19632: This got missed in the heimdal merge. Without this, we don't keep the full database name. The existing code (needed for when we use the HDB as a keytab, such as for the kpasswd service) only works for HDB keytabs not prefixed with a type. Andrew Bartlett (This used to be commit 12dc157daea4a20200f910d8e71c49670e35ef50) --- source4/heimdal/lib/hdb/keytab.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index 8f473a68a4..7ae3ec3150 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -59,7 +59,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id) return ENOMEM; } db = name; - mkey = strchr(name, ':'); + mkey = strrchr(name, ':'); if(mkey == NULL || mkey[1] == '\0') { if(*name == '\0') d->dbname = NULL; -- cgit From f722b0743811a4a5caf5288fa901cc8f683b9ffd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 8 Nov 2006 01:48:35 +0000 Subject: r19633: Merge to lorikeet-heimdal, removing krb5_rd_req_return_keyblock in favour of a more tasteful replacement. Remove kerberos_verify.c, as we don't need that code any more. Replace with code for using the new krb5_rd_req_ctx() borrowed from Heimdal's accecpt_sec_context.c Andrew Bartlett (This used to be commit 13c9df1d4f0517468c80040d3756310d4dcbdd50) --- source4/heimdal/kdc/kerberos5.c | 13 +- source4/heimdal/kdc/pkinit.c | 38 ++- source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h | 2 +- .../heimdal/lib/gssapi/krb5/accept_sec_context.c | 83 ++++-- source4/heimdal/lib/gssapi/krb5/arcfour.c | 30 +-- source4/heimdal/lib/gssapi/krb5/external.c | 10 +- source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h | 3 +- source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 32 +-- .../lib/gssapi/krb5/inquire_sec_context_by_oid.c | 19 +- .../lib/gssapi/krb5/set_sec_context_option.c | 2 +- source4/heimdal/lib/gssapi/krb5/wrap.c | 1 - source4/heimdal/lib/gssapi/mech/gss_krb5.c | 108 ++++---- source4/heimdal/lib/gssapi/spnego/spnego_locl.h | 4 +- source4/heimdal/lib/krb5/context.c | 18 +- source4/heimdal/lib/krb5/expand_hostname.c | 2 +- source4/heimdal/lib/krb5/krb5-private.h | 5 + source4/heimdal/lib/krb5/krb5-protos.h | 63 ++++- source4/heimdal/lib/krb5/krb5.h | 5 +- source4/heimdal/lib/krb5/rd_req.c | 294 ++++++++++++++++----- 19 files changed, 508 insertions(+), 224 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 19287b31cc..84c16190f9 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c,v 1.223 2006/10/17 02:16:29 lha Exp $"); +RCSID("$Id: kerberos5.c,v 1.224 2006/11/04 17:05:28 lha Exp $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -1063,13 +1063,14 @@ _kdc_as_rep(krb5_context context, free_PA_ENC_TS_ENC(&p); if (abs(kdc_time - p.patimestamp) > context->max_skew) { char client_time[100]; - + krb5_format_time(context, p.patimestamp, client_time, sizeof(client_time), TRUE); - ret = KRB5KRB_AP_ERR_SKEW; - kdc_log(context, config, 0, - "Too large time skew, client time %s is out by %u > %u seconds -- %s", + ret = KRB5KRB_AP_ERR_SKEW; + kdc_log(context, config, 0, + "Too large time skew, " + "client time %s is out by %u > %u seconds -- %s", client_time, (unsigned)abs(kdc_time - p.patimestamp), context->max_skew, diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index e3d77c0621..1a300cce3e 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c,v 1.72 2006/10/24 17:51:33 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.73 2006/11/07 17:24:57 lha Exp $"); #ifdef PKINIT @@ -528,8 +528,10 @@ _kdc_pk_rd_padata(krb5_context context, &eContent, &signer_certs); if (ret) { - kdc_log(context, config, 0, - "PK-INIT failed to verify signature %d", ret); + char *s = hx509_get_error_string(kdc_identity->hx509ctx, ret); + krb5_warnx(context, "PKINIT: failed to verify signature: %s: %d", + s, ret); + free(s); goto out; } @@ -1376,6 +1378,36 @@ _kdc_pk_initialize(krb5_context context, return ret; } + { + hx509_query *q; + hx509_cert cert; + + ret = hx509_query_alloc(kdc_identity->hx509ctx, &q); + if (ret) { + krb5_warnx(context, "PKINIT: out of memory"); + return ENOMEM; + } + + hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); + hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); + + ret = hx509_certs_find(kdc_identity->hx509ctx, + kdc_identity->certs, + q, + &cert); + hx509_query_free(kdc_identity->hx509ctx, q); + if (ret == 0) { + if (hx509_cert_check_eku(kdc_identity->hx509ctx, cert, + oid_id_pkkdcekuoid(), 0)) + krb5_warnx(context, "WARNING Found KDC certificate " + "is missing the PK-INIT KDC EKU, this is bad for " + "interoperability."); + hx509_cert_free(cert); + } else + krb5_warnx(context, "PKINIT: failed to find a signing " + "certifiate with a public key"); + } + ret = krb5_config_get_bool_default(context, NULL, FALSE, diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h index 8c025c8366..67a9a12bfe 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_krb5.h,v 1.10 2006/10/20 22:04:03 lha Exp $ */ +/* $Id: gssapi_krb5.h,v 1.12 2006/11/05 00:06:09 lha Exp $ */ #ifndef GSSAPI_KRB5_H_ #define GSSAPI_KRB5_H_ diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index e42bb11b85..6ac80461c3 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: accept_sec_context.c,v 1.64 2006/10/25 04:19:45 lha Exp $"); +RCSID("$Id: accept_sec_context.c,v 1.65 2006/11/07 14:52:05 lha Exp $"); HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER; krb5_keytab _gsskrb5_keytab; @@ -264,9 +264,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, OM_uint32 ret = GSS_S_COMPLETE; krb5_data indata; krb5_flags ap_options; - krb5_ticket *ticket = NULL; krb5_keytab keytab = NULL; - krb5_keyblock *keyblock = NULL; int is_cfx = 0; const gsskrb5_cred acceptor_cred = (gsskrb5_cred)acceptor_cred_handle; @@ -298,34 +296,65 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, /* * We need to check the ticket and create the AP-REP packet */ - kret = krb5_rd_req_return_keyblock(_gsskrb5_context, - &ctx->auth_context, - &indata, - (acceptor_cred == NULL) ? NULL : acceptor_cred->principal, - keytab, - &ap_options, - &ticket, - &keyblock); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - _gsskrb5_set_error_string (); - return ret; + + { + krb5_rd_req_in_ctx in = NULL; + krb5_rd_req_out_ctx out = NULL; + + kret = krb5_rd_req_in_ctx_alloc(_gsskrb5_context, &in); + if (kret == 0) + kret = krb5_rd_req_in_set_keytab(_gsskrb5_context, in, keytab); + if (kret) { + if (in) + krb5_rd_req_in_ctx_free(_gsskrb5_context, in); + ret = GSS_S_FAILURE; + *minor_status = kret; + _gsskrb5_set_error_string (); + return ret; + } + + kret = krb5_rd_req_ctx(_gsskrb5_context, + &ctx->auth_context, + &indata, + (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred->principal, + in, &out); + krb5_rd_req_in_ctx_free(_gsskrb5_context, in); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + _gsskrb5_set_error_string (); + return ret; + } + + /* + * We need to remember some data on the context_handle. + */ + kret = krb5_rd_req_out_get_ap_req_options(_gsskrb5_context, out, + &ap_options); + if (kret == 0) + kret = krb5_rd_req_out_get_ticket(_gsskrb5_context, out, + &ctx->ticket); + if (kret == 0) + kret = krb5_rd_req_out_get_keyblock(_gsskrb5_context, out, + &ctx->service_keyblock); + ctx->lifetime = ctx->ticket->ticket.endtime; + + krb5_rd_req_out_ctx_free(_gsskrb5_context, out); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + _gsskrb5_set_error_string (); + return ret; + } } - /* - * We need to remember some data on the context_handle. - */ - ctx->ticket = ticket; - ctx->service_keyblock = keyblock; - ctx->lifetime = ticket->ticket.endtime; /* * We need to copy the principal names to the context and the * calling layer. */ kret = krb5_copy_principal(_gsskrb5_context, - ticket->client, + ctx->ticket->client, &ctx->source); if (kret) { ret = GSS_S_FAILURE; @@ -333,7 +362,9 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, _gsskrb5_set_error_string (); } - kret = krb5_copy_principal(_gsskrb5_context, ticket->server, &ctx->target); + kret = krb5_copy_principal(_gsskrb5_context, + ctx->ticket->server, + &ctx->target); if (kret) { ret = GSS_S_FAILURE; *minor_status = kret; @@ -351,7 +382,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, if (src_name != NULL) { kret = krb5_copy_principal (_gsskrb5_context, - ticket->client, + ctx->ticket->client, (gsskrb5_name*)src_name); if (kret) { ret = GSS_S_FAILURE; @@ -471,7 +502,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, /* Remember the flags */ - ctx->lifetime = ticket->ticket.endtime; + ctx->lifetime = ctx->ticket->ticket.endtime; ctx->more_flags |= OPEN; if (mech_type) diff --git a/source4/heimdal/lib/gssapi/krb5/arcfour.c b/source4/heimdal/lib/gssapi/krb5/arcfour.c index 82851f5a78..2c43ed8b32 100644 --- a/source4/heimdal/lib/gssapi/krb5/arcfour.c +++ b/source4/heimdal/lib/gssapi/krb5/arcfour.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: arcfour.c,v 1.29 2006/10/07 22:14:05 lha Exp $"); +RCSID("$Id: arcfour.c,v 1.30 2006/11/07 19:05:16 lha Exp $"); /* * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt @@ -355,17 +355,16 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, if (conf_state) *conf_state = 0; - if ((context_handle->flags & GSS_C_DCE_STYLE) == 0) { - datalen = input_message_buffer->length + 1 /* padding */; - - len = datalen + GSS_ARCFOUR_WRAP_TOKEN_SIZE; - _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); - } else { - datalen = input_message_buffer->length; + datalen = input_message_buffer->length; + if (IS_DCE_STYLE(context_handle)) { len = GSS_ARCFOUR_WRAP_TOKEN_SIZE; _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); total_len += datalen; + } else { + datalen += 1; /* padding */ + len = datalen + GSS_ARCFOUR_WRAP_TOKEN_SIZE; + _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); } output_message_buffer->length = total_len; @@ -418,9 +417,8 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE; memcpy(p, input_message_buffer->value, input_message_buffer->length); - if ((context_handle->flags & GSS_C_DCE_STYLE) == 0) { - p[input_message_buffer->length] = 1; /* PADDING */ - } + if (!IS_DCE_STYLE(context_handle)) + p[input_message_buffer->length] = 1; /* padding */ ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL, p0 + 16, 8, /* SGN_CKSUM */ @@ -518,13 +516,13 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, p0 = input_message_buffer->value; - if ((context_handle->flags & GSS_C_DCE_STYLE) == 0) { - len = input_message_buffer->length; - } else { + if (IS_DCE_STYLE(context_handle)) { len = GSS_ARCFOUR_WRAP_TOKEN_SIZE + GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE; if (input_message_buffer->length < len) return GSS_S_BAD_MECH; + } else { + len = input_message_buffer->length; } omret = _gssapi_verify_mech_header(&p0, @@ -635,7 +633,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, } memset(k6_data, 0, sizeof(k6_data)); - if ((context_handle->flags & GSS_C_DCE_STYLE) == 0) { + if (!IS_DCE_STYLE(context_handle)) { ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen); if (ret) { _gsskrb5_release_buffer(minor_status, output_message_buffer); @@ -688,7 +686,7 @@ max_wrap_length_arcfour(const gsskrb5_ctx ctx, * - we only need to encapsulate the WRAP token * However, since this is a fixed since, we just */ - if (ctx->flags & GSS_C_DCE_STYLE) { + if (IS_DCE_STYLE(ctx)) { size_t len, total_len; len = GSS_ARCFOUR_WRAP_TOKEN_SIZE; diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c index 7419bc2fe8..ece03ddf57 100644 --- a/source4/heimdal/lib/gssapi/krb5/external.c +++ b/source4/heimdal/lib/gssapi/krb5/external.c @@ -34,7 +34,7 @@ #include "krb5/gsskrb5_locl.h" #include -RCSID("$Id: external.c,v 1.18 2006/10/20 21:50:24 lha Exp $"); +RCSID("$Id: external.c,v 1.21 2006/11/07 21:05:03 lha Exp $"); /* * The implementation must reserve static storage for a @@ -340,12 +340,18 @@ static gss_OID_desc gss_krb5_get_authtime_x_desc = gss_OID GSS_KRB5_GET_AUTHTIME_X = &gss_krb5_get_authtime_x_desc; -/* 1.2.752.43.13.14 */ +/* 1.2.752.43.13.13 */ static gss_OID_desc gss_krb5_get_service_keyblock_x_desc = {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")}; gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X = &gss_krb5_get_service_keyblock_x_desc; +/* 1.2.752.43.13.14 */ +static gss_OID_desc gss_krb5_set_allowable_enctypes_x_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")}; + +gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X = &gss_krb5_set_allowable_enctypes_x_desc; + /* 1.2.752.43.14.1 */ static gss_OID_desc gss_sasl_digest_md5_mechanism_desc = {6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") }; diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h index 4d814032c3..ea7a561b5b 100644 --- a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h +++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gsskrb5_locl.h,v 1.6 2006/10/07 22:14:49 lha Exp $ */ +/* $Id: gsskrb5_locl.h,v 1.7 2006/11/07 17:57:43 lha Exp $ */ #ifndef GSSKRB5_LOCL_H #define GSSKRB5_LOCL_H @@ -56,6 +56,7 @@ struct gss_msg_order; typedef struct { struct krb5_auth_context_data *auth_context; krb5_principal source, target; +#define IS_DCE_STYLE(ctx) (((ctx)->flags & GSS_C_DCE_STYLE) != 0) OM_uint32 flags; enum { LOCAL = 1, OPEN = 2, COMPAT_OLD_DES3 = 4, diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c index 00f2543833..7a97b6262c 100644 --- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: init_sec_context.c,v 1.72 2006/10/24 23:03:19 lha Exp $"); +RCSID("$Id: init_sec_context.c,v 1.73 2006/11/07 17:40:01 lha Exp $"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -549,18 +549,18 @@ failure: static OM_uint32 repl_mutual - (OM_uint32 * minor_status, - gsskrb5_ctx ctx, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec - ) +(OM_uint32 * minor_status, + gsskrb5_ctx ctx, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec + ) { OM_uint32 ret; krb5_error_code kret; @@ -574,7 +574,7 @@ repl_mutual if (actual_mech_type) *actual_mech_type = GSS_KRB5_MECHANISM; - if (req_flags & GSS_C_DCE_STYLE) { + if (ctx->flags & GSS_C_DCE_STYLE) { /* There is no OID wrapping. */ indata.length = input_token->length; indata.data = input_token->value; @@ -619,8 +619,8 @@ repl_mutual *minor_status = 0; if (time_rec) { ret = _gsskrb5_lifetime_left(minor_status, - ctx->lifetime, - time_rec); + ctx->lifetime, + time_rec); } else { ret = GSS_S_COMPLETE; } diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c index 0b46cc5495..ee4210d74a 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_sec_context_by_oid.c,v 1.8 2006/10/24 15:55:28 lha Exp $"); +RCSID("$Id: inquire_sec_context_by_oid.c,v 1.11 2006/11/07 14:34:35 lha Exp $"); static int oid_prefix_equal(gss_OID oid_enc, gss_OID prefix_enc, unsigned *suffix) @@ -149,6 +149,11 @@ static OM_uint32 inquire_sec_context_get_subkey HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); if (ret) goto out; + if (key == NULL) { + _gsskrb5_set_status("have no subkey of type %d", keytype); + ret = EINVAL; + goto out; + } ret = krb5_store_keyblock(sp, *key); krb5_free_keyblock (_gsskrb5_context, key); @@ -400,6 +405,7 @@ get_authtime(OM_uint32 *minor_status, { gss_buffer_desc value; + unsigned char buf[4]; OM_uint32 authtime; HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); @@ -414,14 +420,9 @@ get_authtime(OM_uint32 *minor_status, HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - value.length = 4; - value.value = malloc(value.length); - if (!value.value) { - _gsskrb5_clear_status(); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - _gsskrb5_encode_om_uint32(authtime, value.value); + _gsskrb5_encode_om_uint32(authtime, buf); + value.length = sizeof(buf); + value.value = buf; return gss_add_buffer_set_member(minor_status, &value, diff --git a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c index 67f5e8e722..fb098679b2 100644 --- a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c +++ b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c @@ -36,7 +36,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: set_sec_context_option.c,v 1.6 2006/10/20 18:58:22 lha Exp $"); +RCSID("$Id: set_sec_context_option.c,v 1.7 2006/11/04 03:01:14 lha Exp $"); static OM_uint32 get_bool(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/wrap.c b/source4/heimdal/lib/gssapi/krb5/wrap.c index 8514137999..ebbc975b8a 100644 --- a/source4/heimdal/lib/gssapi/krb5/wrap.c +++ b/source4/heimdal/lib/gssapi/krb5/wrap.c @@ -103,7 +103,6 @@ _gsskrb5i_get_token_key(const gsskrb5_ctx ctx, krb5_keyblock **key) _gsskrb5_set_status("No token key available"); return GSS_KRB5_S_KG_NO_SUBKEY; } - _gsskrb5_clear_status(); return 0; } diff --git a/source4/heimdal/lib/gssapi/mech/gss_krb5.c b/source4/heimdal/lib/gssapi/mech/gss_krb5.c index c6ea3cecb7..fd66fb04f5 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_krb5.c +++ b/source4/heimdal/lib/gssapi/mech/gss_krb5.c @@ -27,12 +27,11 @@ */ #include "mech_locl.h" -#include "krb5/gsskrb5_locl.h" -RCSID("$Id: gss_krb5.c,v 1.13 2006/10/20 22:05:02 lha Exp $"); +RCSID("$Id: gss_krb5.c,v 1.16 2006/11/07 14:41:35 lha Exp $"); #include #include - +#include "krb5/gsskrb5_locl.h" OM_uint32 gss_krb5_copy_ccache(OM_uint32 *minor_status, @@ -264,7 +263,10 @@ gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, krb5_storage *sp = NULL; uint32_t num; - if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT || version != 1) { + if (context_handle == NULL + || *context_handle == GSS_C_NO_CONTEXT + || version != 1) + { ret = EINVAL; return GSS_S_FAILURE; } @@ -509,9 +511,8 @@ gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, { gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; OM_uint32 maj_stat; - gss_OID_desc authz_oid_flat; - heim_oid authz_oid; - heim_oid new_authz_oid; + gss_OID_desc oid_flat; + heim_oid baseoid, oid; size_t size; if (context_handle == GSS_C_NO_CONTEXT) { @@ -523,57 +524,55 @@ gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, if (der_get_oid(GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->elements, GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->length, - &authz_oid, NULL) != 0) { + &baseoid, NULL) != 0) { *minor_status = EINVAL; return GSS_S_FAILURE; } - new_authz_oid.length = authz_oid.length + 1; - new_authz_oid.components = malloc(new_authz_oid.length * sizeof(*new_authz_oid.components)); - if (!new_authz_oid.components) { - free(authz_oid.components); + oid.length = baseoid.length + 1; + oid.components = calloc(oid.length, sizeof(*oid.components)); + if (oid.components == NULL) { + der_free_oid(&baseoid); *minor_status = ENOMEM; return GSS_S_FAILURE; } - memcpy(new_authz_oid.components, authz_oid.components, - authz_oid.length * sizeof(*authz_oid.components)); + memcpy(oid.components, baseoid.components, + baseoid.length * sizeof(*baseoid.components)); - free(authz_oid.components); + der_free_oid(&baseoid); - new_authz_oid.components[new_authz_oid.length - 1] = ad_type; - - authz_oid_flat.length = der_length_oid(&new_authz_oid); - authz_oid_flat.elements = malloc(authz_oid_flat.length); - - if (!authz_oid_flat.elements) { - free(new_authz_oid.components); + oid.components[oid.length - 1] = ad_type; + oid_flat.length = der_length_oid(&oid); + oid_flat.elements = malloc(oid_flat.length); + if (oid_flat.elements == NULL) { + free(oid.components); *minor_status = ENOMEM; return GSS_S_FAILURE; } - if (der_put_oid((unsigned char *)authz_oid_flat.elements + authz_oid_flat.length - 1, - authz_oid_flat.length, - &new_authz_oid, &size) != 0) { - free(new_authz_oid.components); + if (der_put_oid((unsigned char *)oid_flat.elements + oid_flat.length - 1, + oid_flat.length, &oid, &size) != 0) { + free(oid.components); *minor_status = EINVAL; return GSS_S_FAILURE; } + if (oid_flat.length != size) + abort(); - free(new_authz_oid.components); + free(oid.components); /* FINALLY, we have the OID */ - maj_stat = - gss_inquire_sec_context_by_oid (minor_status, - context_handle, - &authz_oid_flat, - &data_set); + maj_stat = gss_inquire_sec_context_by_oid (minor_status, + context_handle, + &oid_flat, + &data_set); - free(authz_oid_flat.elements); + free(oid_flat.elements); if (maj_stat) return maj_stat; @@ -608,20 +607,20 @@ gsskrb5_extract_key(OM_uint32 *minor_status, krb5_error_code ret; gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; OM_uint32 major_status; + krb5_context context = NULL; krb5_storage *sp = NULL; - ret = _gsskrb5_init(); + if (context_handle == GSS_C_NO_CONTEXT) { + ret = EINVAL; + return GSS_S_FAILURE; + } + + ret = krb5_init_context(&context); if(ret) { *minor_status = ret; return GSS_S_FAILURE; } - if (context_handle == GSS_C_NO_CONTEXT) { - _gsskrb5_set_status("no context handle"); - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - major_status = gss_inquire_sec_context_by_oid (minor_status, context_handle, @@ -630,15 +629,7 @@ gsskrb5_extract_key(OM_uint32 *minor_status, if (major_status) return major_status; - if (data_set == GSS_C_NO_BUFFER_SET) { - _gsskrb5_set_status("no buffers returned"); - gss_release_buffer_set(minor_status, &data_set); - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - if (data_set->count != 1) { - _gsskrb5_set_status("%d != 1 buffers returned", data_set->count); + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { gss_release_buffer_set(minor_status, &data_set); *minor_status = EINVAL; return GSS_S_FAILURE; @@ -663,16 +654,17 @@ out: gss_release_buffer_set(minor_status, &data_set); if (sp) krb5_storage_free(sp); - if (ret) { - _gsskrb5_set_error_string(); - if (keyblock) { - krb5_free_keyblock(_gsskrb5_context, *keyblock); - } + if (ret && keyblock) { + krb5_free_keyblock(context, *keyblock); + *keyblock = NULL; + } + if (context) + krb5_free_context(context); - *minor_status = ret; + *minor_status = ret; + if (ret) return GSS_S_FAILURE; - } - *minor_status = 0; + return GSS_S_COMPLETE; } @@ -705,6 +697,6 @@ gsskrb5_get_subkey(OM_uint32 *minor_status, { return gsskrb5_extract_key(minor_status, context_handle, - GSS_KRB5_GET_ACCEPTOR_SUBKEY_X, + GSS_KRB5_GET_SUBKEY_X, keyblock); } diff --git a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h index 571bce5569..255e07d056 100644 --- a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h +++ b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h @@ -30,7 +30,7 @@ * SUCH DAMAGE. */ -/* $Id: spnego_locl.h,v 1.11 2006/10/12 06:28:06 lha Exp $ */ +/* $Id: spnego_locl.h,v 1.12 2006/11/07 19:53:40 lha Exp $ */ #ifndef SPNEGO_LOCL_H #define SPNEGO_LOCL_H @@ -69,6 +69,8 @@ #include "spnego_asn1.h" #include +#include + #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) typedef struct { diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index f7b3ffbf9e..a25bb80786 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: context.c,v 1.108 2006/10/20 22:26:10 lha Exp $"); +RCSID("$Id: context.c,v 1.110 2006/11/04 03:27:47 lha Exp $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -181,7 +181,7 @@ init_context_from_config_file(krb5_context context) INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc"); INIT_FIELD(context, int, large_msg_size, 6000, "large_message_size"); - INIT_FIELD(context, bool, dns_canonicalize_hostname, TRUE, "dns_canonize_hostname"); + INIT_FIELD(context, bool, dns_canonicalize_hostname, TRUE, "dns_canonicalize_hostname"); context->default_cc_name = NULL; return 0; } @@ -691,7 +691,7 @@ krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag) } krb5_boolean KRB5_LIB_FUNCTION -krb5_get_dns_canonize_hostname (krb5_context context) +krb5_get_dns_canonicalize_hostname (krb5_context context) { return context->dns_canonicalize_hostname; } @@ -705,3 +705,15 @@ krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec) *usec = context->kdc_usec_offset; return 0; } + +time_t KRB5_LIB_FUNCTION +krb5_get_time_wrap (krb5_context context) +{ + return context->max_skew; +} + +void KRB5_LIB_FUNCTION +krb5_set_time_wrap (krb5_context context, time_t t) +{ + context->max_skew = t; +} diff --git a/source4/heimdal/lib/krb5/expand_hostname.c b/source4/heimdal/lib/krb5/expand_hostname.c index 4d0692bcfa..46e784f561 100644 --- a/source4/heimdal/lib/krb5/expand_hostname.c +++ b/source4/heimdal/lib/krb5/expand_hostname.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: expand_hostname.c,v 1.13 2006/10/17 09:16:32 lha Exp $"); +RCSID("$Id: expand_hostname.c,v 1.14 2006/11/04 03:34:57 lha Exp $"); static krb5_error_code copy_hostname(krb5_context context, diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 968b6079b7..0bf184a530 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -398,6 +398,11 @@ _krb5_put_int ( unsigned long /*value*/, size_t /*size*/); +krb5_error_code KRB5_LIB_FUNCTION +_krb5_rd_req_out_ctx_alloc ( + krb5_context /*context*/, + krb5_rd_req_out_ctx */*ctx*/); + krb5_error_code KRB5_LIB_FUNCTION _krb5_s4u2self_to_checksumdata ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 2010e25f5a..104f10bdf2 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -1866,7 +1866,7 @@ krb5_get_default_realms ( krb5_realm **/*realms*/); krb5_boolean KRB5_LIB_FUNCTION -krb5_get_dns_canonize_hostname (krb5_context /*context*/); +krb5_get_dns_canonicalize_hostname (krb5_context /*context*/); const char* KRB5_LIB_FUNCTION krb5_get_err_text ( @@ -2177,6 +2177,9 @@ krb5_get_server_rcache ( const krb5_data */*piece*/, krb5_rcache */*id*/); +time_t KRB5_LIB_FUNCTION +krb5_get_time_wrap (krb5_context /*context*/); + krb5_boolean KRB5_LIB_FUNCTION krb5_get_use_admin_kdc (krb5_context /*context*/); @@ -2865,15 +2868,58 @@ krb5_rd_req ( krb5_ticket **/*ticket*/); krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_return_keyblock ( +krb5_rd_req_ctx ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, const krb5_data */*inbuf*/, krb5_const_principal /*server*/, - krb5_keytab /*keytab*/, - krb5_flags */*ap_req_options*/, - krb5_ticket **/*ticket*/, - krb5_keyblock **/*return_keyblock*/); + krb5_rd_req_in_ctx /*inctx*/, + krb5_rd_req_out_ctx */*outctx*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_in_ctx_alloc ( + krb5_context /*context*/, + krb5_rd_req_in_ctx */*ctx*/); + +void KRB5_LIB_FUNCTION +krb5_rd_req_in_ctx_free ( + krb5_context /*context*/, + krb5_rd_req_in_ctx /*ctx*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_in_set_keyblock ( + krb5_context /*context*/, + krb5_rd_req_in_ctx /*in*/, + krb5_keyblock */*keyblock*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_in_set_keytab ( + krb5_context /*context*/, + krb5_rd_req_in_ctx /*in*/, + krb5_keytab /*keytab*/); + +void KRB5_LIB_FUNCTION +krb5_rd_req_out_ctx_free ( + krb5_context /*context*/, + krb5_rd_req_out_ctx /*ctx*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_out_get_ap_req_options ( + krb5_context /*context*/, + krb5_rd_req_out_ctx /*out*/, + krb5_flags */*ap_req_options*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_out_get_keyblock ( + krb5_context /*context*/, + krb5_rd_req_out_ctx /*out*/, + krb5_keyblock **/*keyblock*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_out_get_ticket ( + krb5_context /*context*/, + krb5_rd_req_out_ctx /*out*/, + krb5_ticket **/*ticket*/); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_req_with_keyblock ( @@ -3151,6 +3197,11 @@ krb5_set_send_to_kdc_func ( krb5_send_to_kdc_func /*func*/, void */*data*/); +void KRB5_LIB_FUNCTION +krb5_set_time_wrap ( + krb5_context /*context*/, + time_t /*t*/); + void KRB5_LIB_FUNCTION krb5_set_use_admin_kdc ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index 4b5058094b..f5c8b069de 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.253 2006/10/20 18:12:06 lha Exp $ */ +/* $Id: krb5.h,v 1.254 2006/11/07 00:17:42 lha Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -78,6 +78,9 @@ typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt; struct krb5_digest; typedef struct krb5_digest *krb5_digest; +typedef struct krb5_rd_req_in_ctx *krb5_rd_req_in_ctx; +typedef struct krb5_rd_req_out_ctx *krb5_rd_req_out_ctx; + typedef CKSUMTYPE krb5_cksumtype; typedef Checksum krb5_checksum; diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index c424a73a34..3352334f65 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001, 2003 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001, 2003 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_req.c,v 1.66 2006/10/06 17:04:29 lha Exp $"); +RCSID("$Id: rd_req.c,v 1.68 2006/11/07 17:11:31 lha Exp $"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -506,6 +506,151 @@ krb5_verify_ap_req2(krb5_context context, return ret; } +/* + * + */ + +struct krb5_rd_req_in_ctx { + krb5_keytab keytab; + krb5_keyblock *keyblock; +}; + +struct krb5_rd_req_out_ctx { + krb5_keyblock *keyblock; + krb5_flags ap_req_options; + krb5_ticket *ticket; +}; + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx) +{ + *ctx = calloc(1, sizeof(**ctx)); + if (*ctx == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_in_set_keytab(krb5_context context, + krb5_rd_req_in_ctx in, + krb5_keytab keytab) +{ + in->keytab = keytab; /* XXX should make copy */ + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_in_set_keyblock(krb5_context context, + krb5_rd_req_in_ctx in, + krb5_keyblock *keyblock) +{ + in->keyblock = keyblock; /* XXX should make copy */ + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_out_get_ap_req_options(krb5_context context, + krb5_rd_req_out_ctx out, + krb5_flags *ap_req_options) +{ + *ap_req_options = out->ap_req_options; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_out_get_ticket(krb5_context context, + krb5_rd_req_out_ctx out, + krb5_ticket **ticket) +{ + return krb5_copy_ticket(context, out->ticket, ticket); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_out_get_keyblock(krb5_context context, + krb5_rd_req_out_ctx out, + krb5_keyblock **keyblock) +{ + return krb5_copy_keyblock(context, out->keyblock, keyblock); +} + +void KRB5_LIB_FUNCTION +krb5_rd_req_in_ctx_free(krb5_context context, krb5_rd_req_in_ctx ctx) +{ + free(ctx); +} + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_rd_req_out_ctx_alloc(krb5_context context, krb5_rd_req_out_ctx *ctx) +{ + *ctx = calloc(1, sizeof(**ctx)); + if (*ctx == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + return 0; +} + +void KRB5_LIB_FUNCTION +krb5_rd_req_out_ctx_free(krb5_context context, krb5_rd_req_out_ctx ctx) +{ + krb5_free_keyblock(context, ctx->keyblock); + free(ctx); +} + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req(krb5_context context, + krb5_auth_context *auth_context, + const krb5_data *inbuf, + krb5_const_principal server, + krb5_keytab keytab, + krb5_flags *ap_req_options, + krb5_ticket **ticket) +{ + krb5_error_code ret; + krb5_rd_req_in_ctx in; + krb5_rd_req_out_ctx out; + + ret = krb5_rd_req_in_ctx_alloc(context, &in); + if (ret) + return ret; + + ret = krb5_rd_req_in_set_keytab(context, in, keytab); + if (ret) { + krb5_rd_req_in_ctx_free(context, in); + return ret; + } + + ret = krb5_rd_req_ctx(context, auth_context, inbuf, server, in, &out); + krb5_rd_req_in_ctx_free(context, in); + if (ret) + return ret; + + if (ap_req_options) + *ap_req_options = out->ap_req_options; + if (ticket) { + ret = krb5_copy_ticket(context, out->ticket, ticket); + if (ret) + goto out; + } + +out: + krb5_rd_req_out_ctx_free(context, out); + return ret; +} + +/* + * + */ krb5_error_code KRB5_LIB_FUNCTION krb5_rd_req_with_keyblock(krb5_context context, @@ -517,31 +662,41 @@ krb5_rd_req_with_keyblock(krb5_context context, krb5_ticket **ticket) { krb5_error_code ret; - krb5_ap_req ap_req; + krb5_rd_req_in_ctx in; + krb5_rd_req_out_ctx out; - if (*auth_context == NULL) { - ret = krb5_auth_con_init(context, auth_context); - if (ret) - return ret; + ret = krb5_rd_req_in_ctx_alloc(context, &in); + if (ret) + return ret; + + ret = krb5_rd_req_in_set_keyblock(context, in, keyblock); + if (ret) { + krb5_rd_req_in_ctx_free(context, in); + return ret; } - ret = krb5_decode_ap_req(context, inbuf, &ap_req); - if(ret) + ret = krb5_rd_req_ctx(context, auth_context, inbuf, server, in, &out); + krb5_rd_req_in_ctx_free(context, in); + if (ret) return ret; - ret = krb5_verify_ap_req(context, - auth_context, - &ap_req, - server, - keyblock, - 0, - ap_req_options, - ticket); + if (ap_req_options) + *ap_req_options = out->ap_req_options; + if (ticket) { + ret = krb5_copy_ticket(context, out->ticket, ticket); + if (ret) + goto out; + } - free_AP_REQ(&ap_req); +out: + krb5_rd_req_out_ctx_free(context, out); return ret; } +/* + * + */ + static krb5_error_code get_key_from_keytab(krb5_context context, krb5_auth_context *auth_context, @@ -582,39 +737,44 @@ out: return ret; } +/* + * + */ + krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_return_keyblock(krb5_context context, - krb5_auth_context *auth_context, - const krb5_data *inbuf, - krb5_const_principal server, - krb5_keytab keytab, - krb5_flags *ap_req_options, - krb5_ticket **ticket, - krb5_keyblock **return_keyblock) +krb5_rd_req_ctx(krb5_context context, + krb5_auth_context *auth_context, + const krb5_data *inbuf, + krb5_const_principal server, + krb5_rd_req_in_ctx inctx, + krb5_rd_req_out_ctx *outctx) { krb5_error_code ret; krb5_ap_req ap_req; - krb5_keyblock *keyblock = NULL; krb5_principal service = NULL; + krb5_rd_req_out_ctx o = NULL; - if (return_keyblock) - *return_keyblock = NULL; + ret = _krb5_rd_req_out_ctx_alloc(context, &o); + if (ret) + goto out; if (*auth_context == NULL) { ret = krb5_auth_con_init(context, auth_context); if (ret) - return ret; + goto out; } ret = krb5_decode_ap_req(context, inbuf, &ap_req); if(ret) - return ret; + goto out; if(server == NULL){ - _krb5_principalname2krb5_principal(context, - &service, - ap_req.ticket.sname, - ap_req.ticket.realm); + ret = _krb5_principalname2krb5_principal(context, + &service, + ap_req.ticket.sname, + ap_req.ticket.realm); + if (ret) + goto out; server = service; } if (ap_req.ap_options.use_session_key && @@ -625,61 +785,51 @@ krb5_rd_req_return_keyblock(krb5_context context, goto out; } - if((*auth_context)->keyblock == NULL){ + if((*auth_context)->keyblock){ + ret = krb5_copy_keyblock(context, + (*auth_context)->keyblock, + &o->keyblock); + if (ret) + goto out; + } else if(inctx->keyblock){ + ret = krb5_copy_keyblock(context, + inctx->keyblock, + &o->keyblock); + if (ret) + goto out; + } else { + krb5_keytab keytab = NULL; + + if (inctx && inctx->keytab) + keytab = inctx->keytab; + ret = get_key_from_keytab(context, auth_context, &ap_req, server, keytab, - &keyblock); + &o->keyblock); if(ret) goto out; - } else { - ret = krb5_copy_keyblock(context, - (*auth_context)->keyblock, - &keyblock); - if (ret) - goto out; } ret = krb5_verify_ap_req(context, auth_context, &ap_req, server, - keyblock, + o->keyblock, 0, - ap_req_options, - ticket); - - if (ret == 0 && return_keyblock) - *return_keyblock = keyblock; - else - krb5_free_keyblock(context, keyblock); + &o->ap_req_options, + &o->ticket); out: + if (ret || outctx == NULL) { + krb5_rd_req_out_ctx_free(context, o); + } else + *outctx = o; + free_AP_REQ(&ap_req); if(service) krb5_free_principal(context, service); return ret; } - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req(krb5_context context, - krb5_auth_context *auth_context, - const krb5_data *inbuf, - krb5_const_principal server, - krb5_keytab keytab, - krb5_flags *ap_req_options, - krb5_ticket **ticket) -{ - return krb5_rd_req_return_keyblock(context, - auth_context, - inbuf, - server, - keytab, - ap_req_options, - ticket, - NULL); - -} - -- cgit From ed77e4e57beee0c9c8b0c4c75626c41ebfc5b0c4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 9 Nov 2006 00:33:43 +0000 Subject: r19644: Merge up to current lorikeet-heimdal, incling adding gsskrb5_set_default_realm(), which should fix mimir's issues. Andrew Bartlett (This used to be commit 8117e76d2adee163925a29df872015ff5021a1d3) --- source4/heimdal/lib/asn1/der_put.c | 3 - source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h | 6 +- source4/heimdal/lib/gssapi/krb5/copy_ccache.c | 5 +- source4/heimdal/lib/gssapi/krb5/external.c | 9 ++- .../lib/gssapi/krb5/set_sec_context_option.c | 23 +++++- source4/heimdal/lib/gssapi/mech/gss_krb5.c | 79 +++++++++++++++---- source4/heimdal/lib/krb5/context.c | 6 +- source4/heimdal/lib/krb5/get_for_creds.c | 88 +++++++++++----------- source4/heimdal/lib/krb5/mk_req.c | 2 - source4/heimdal/lib/krb5/store_mem.c | 33 +++++++- 10 files changed, 181 insertions(+), 73 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/der_put.c b/source4/heimdal/lib/asn1/der_put.c index 2fe90df9a9..b006f233ca 100644 --- a/source4/heimdal/lib/asn1/der_put.c +++ b/source4/heimdal/lib/asn1/der_put.c @@ -335,9 +335,6 @@ der_put_utctime (unsigned char *p, size_t len, return 0; } -/* This API is not what you might expect. p is a pointer to the *end* - * (last byte) of the buffer, of length len */ - int der_put_oid (unsigned char *p, size_t len, const heim_oid *data, size_t *size) diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h index 67a9a12bfe..f06a994008 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_krb5.h,v 1.12 2006/11/05 00:06:09 lha Exp $ */ +/* $Id: gssapi_krb5.h,v 1.14 2006/11/08 23:01:01 lha Exp $ */ #ifndef GSSAPI_KRB5_H_ #define GSSAPI_KRB5_H_ @@ -64,6 +64,7 @@ extern gss_OID GSS_KRB5_COMPAT_DES3_MIC_X; extern gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X; extern gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X; extern gss_OID GSS_KRB5_SEND_TO_KDC_X; +extern gss_OID GSS_KRB5_SET_DEFAULT_REALM_X; /* Extensions inquire context */ extern gss_OID GSS_KRB5_GET_TKT_FLAGS_X; extern gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X; @@ -129,6 +130,9 @@ struct gsskrb5_send_to_kdc { OM_uint32 gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *); +OM_uint32 +gsskrb5_set_default_realm(const char *); + OM_uint32 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *); diff --git a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c index 99aa2ccb43..91d21a1aec 100644 --- a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c +++ b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: copy_ccache.c,v 1.15 2006/10/07 22:14:22 lha Exp $"); +RCSID("$Id: copy_ccache.c,v 1.16 2006/11/08 02:42:50 lha Exp $"); #if 0 OM_uint32 @@ -188,4 +188,3 @@ out: *minor_status = kret; return GSS_S_FAILURE; } - diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c index ece03ddf57..0681bd4038 100644 --- a/source4/heimdal/lib/gssapi/krb5/external.c +++ b/source4/heimdal/lib/gssapi/krb5/external.c @@ -34,7 +34,7 @@ #include "krb5/gsskrb5_locl.h" #include -RCSID("$Id: external.c,v 1.21 2006/11/07 21:05:03 lha Exp $"); +RCSID("$Id: external.c,v 1.22 2006/11/08 23:00:20 lha Exp $"); /* * The implementation must reserve static storage for a @@ -352,6 +352,13 @@ static gss_OID_desc gss_krb5_set_allowable_enctypes_x_desc = gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X = &gss_krb5_set_allowable_enctypes_x_desc; +/* 1.2.752.43.13.15 */ +static gss_OID_desc gss_krb5_set_default_realm_x_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")}; + +gss_OID GSS_KRB5_SET_DEFAULT_REALM_X = &gss_krb5_set_default_realm_x_desc; + + /* 1.2.752.43.14.1 */ static gss_OID_desc gss_sasl_digest_md5_mechanism_desc = {6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") }; diff --git a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c index fb098679b2..dc1495efc1 100644 --- a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c +++ b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c @@ -36,7 +36,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: set_sec_context_option.c,v 1.7 2006/11/04 03:01:14 lha Exp $"); +RCSID("$Id: set_sec_context_option.c,v 1.8 2006/11/08 23:06:42 lha Exp $"); static OM_uint32 get_bool(OM_uint32 *minor_status, @@ -120,6 +120,27 @@ _gsskrb5_set_sec_context_option *minor_status = 0; return GSS_S_COMPLETE; + } else if (gss_oid_equal(desired_object, GSS_KRB5_SET_DEFAULT_REALM_X)) { + char *str; + + if (value == NULL || value->length == 0) { + *minor_status = 0; + return GSS_S_CALL_INACCESSIBLE_READ; + } + str = malloc(value->length + 1); + if (str) { + *minor_status = 0; + return GSS_S_UNAVAILABLE; + } + memcpy(str, value->value, value->length); + str[value->length] = '\0'; + + krb5_set_default_realm(_gsskrb5_context, str); + free(str); + + *minor_status = 0; + return GSS_S_COMPLETE; + } else if (gss_oid_equal(desired_object, GSS_KRB5_SEND_TO_KDC_X)) { if (value == NULL || value->length == 0) { diff --git a/source4/heimdal/lib/gssapi/mech/gss_krb5.c b/source4/heimdal/lib/gssapi/mech/gss_krb5.c index fd66fb04f5..34cdbeb3c1 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_krb5.c +++ b/source4/heimdal/lib/gssapi/mech/gss_krb5.c @@ -27,11 +27,11 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_krb5.c,v 1.16 2006/11/07 14:41:35 lha Exp $"); +RCSID("$Id: gss_krb5.c,v 1.20 2006/11/08 23:11:03 lha Exp $"); #include #include -#include "krb5/gsskrb5_locl.h" + OM_uint32 gss_krb5_copy_ccache(OM_uint32 *minor_status, @@ -416,6 +416,24 @@ gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c) return GSS_S_COMPLETE; } +/* + * + */ + +OM_uint32 +gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, + gss_cred_id_t cred, + OM_uint32 num_enctypes, + krb5_enctype *enctypes) +{ + *minor_status = 0; + return GSS_S_COMPLETE; +} + +/* + * + */ + OM_uint32 gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c) { @@ -443,6 +461,10 @@ gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c) return (GSS_S_COMPLETE); } +/* + * + */ + OM_uint32 gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, gss_ctx_id_t context_handle, @@ -450,11 +472,8 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, { gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; OM_uint32 maj_stat; - krb5_error_code ret; - OM_uint32 time32; if (context_handle == GSS_C_NO_CONTEXT) { - _gsskrb5_set_status("no context handle"); *minor_status = EINVAL; return GSS_S_FAILURE; } @@ -468,14 +487,12 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, return maj_stat; if (data_set == GSS_C_NO_BUFFER_SET) { - _gsskrb5_set_status("no buffers returned"); gss_release_buffer_set(minor_status, &data_set); *minor_status = EINVAL; return GSS_S_FAILURE; } if (data_set->count != 1) { - _gsskrb5_set_status("%d != 1 buffers returned", data_set->count); gss_release_buffer_set(minor_status, &data_set); *minor_status = EINVAL; return GSS_S_FAILURE; @@ -483,26 +500,26 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, if (data_set->elements[0].length != 4) { gss_release_buffer_set(minor_status, &data_set); - _gsskrb5_set_status("Error extracting authtime from security context: only got %d < 4 bytes", - data_set->elements[0].length); *minor_status = EINVAL; return GSS_S_FAILURE; } - ret = _gsskrb5_decode_om_uint32(data_set->elements[0].value, &time32); - if (ret) { - gss_release_buffer_set(minor_status, &data_set); - *minor_status = ret; - return GSS_S_FAILURE; + { + unsigned char *buf = data_set->elements[0].value; + *authtime = (buf[3] <<24) | (buf[2] << 16) | + (buf[1] << 8) | (buf[0] << 0); } - *authtime = time32; gss_release_buffer_set(minor_status, &data_set); - + *minor_status = 0; return GSS_S_COMPLETE; } +/* + * + */ + OM_uint32 gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, gss_ctx_id_t context_handle, @@ -598,6 +615,10 @@ gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, return GSS_S_COMPLETE; } +/* + * + */ + static OM_uint32 gsskrb5_extract_key(OM_uint32 *minor_status, gss_ctx_id_t context_handle, @@ -668,6 +689,10 @@ out: return GSS_S_COMPLETE; } +/* + * + */ + OM_uint32 gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, gss_ctx_id_t context_handle, @@ -700,3 +725,25 @@ gsskrb5_get_subkey(OM_uint32 *minor_status, GSS_KRB5_GET_SUBKEY_X, keyblock); } + +OM_uint32 +gsskrb5_set_default_realm(const char *realm) +{ + struct _gss_mech_switch *m; + gss_buffer_desc buffer; + OM_uint32 junk; + + _gss_load_mech(); + + buffer.value = rk_UNCONST(realm); + buffer.length = strlen(realm); + + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (m->gm_mech.gm_set_sec_context_option == NULL) + continue; + m->gm_mech.gm_set_sec_context_option(&junk, NULL, + GSS_KRB5_SET_DEFAULT_REALM_X, &buffer); + } + + return (GSS_S_COMPLETE); +} diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index a25bb80786..f3b0fad347 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: context.c,v 1.110 2006/11/04 03:27:47 lha Exp $"); +RCSID("$Id: context.c,v 1.111 2006/11/08 02:55:46 lha Exp $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -707,13 +707,13 @@ krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec) } time_t KRB5_LIB_FUNCTION -krb5_get_time_wrap (krb5_context context) +krb5_get_max_time_skew (krb5_context context) { return context->max_skew; } void KRB5_LIB_FUNCTION -krb5_set_time_wrap (krb5_context context, time_t t) +krb5_set_max_time_skew (krb5_context context, time_t t) { context->max_skew = t; } diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index 661d05663b..6eebf1fa80 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -162,8 +162,7 @@ krb5_get_forwarded_creds (krb5_context context, { krb5_error_code ret; krb5_creds *out_creds; - krb5_addresses *paddrs = NULL; - krb5_addresses addrs; + krb5_addresses addrs, *paddrs; KRB_CRED cred; KrbCredInfo *krb_cred_info; EncKrbCredPart enc_krb_cred_part; @@ -172,53 +171,58 @@ krb5_get_forwarded_creds (krb5_context context, size_t buf_size; krb5_kdc_flags kdc_flags; krb5_crypto crypto; + struct addrinfo *ai; int save_errno; krb5_creds *ticket; char *realm; - krb5_boolean noaddr_ever; - - addrs.len = 0; - addrs.val = NULL; realm = in_creds->client->realm; - krb5_appdefault_boolean(context, NULL, realm, "no-addresses-ever", - TRUE, &noaddr_ever); - if (!noaddr_ever) { - struct addrinfo *ai; - paddrs = &addrs; - - /* - * If tickets are address-less, forward address-less tickets. - */ - - ret = _krb5_get_krbtgt (context, - ccache, - realm, - &ticket); - if(ret == 0) { - if (ticket->addresses.len == 0) - paddrs = NULL; - krb5_free_creds (context, ticket); - } - - if (paddrs != NULL) { - - ret = getaddrinfo (hostname, NULL, NULL, &ai); - if (ret) { - save_errno = errno; - krb5_set_error_string(context, "resolving %s: %s", - hostname, gai_strerror(ret)); - return krb5_eai_to_heim_errno(ret, save_errno); - } - - ret = add_addrs (context, &addrs, ai); - freeaddrinfo (ai); - if (ret) - return ret; - } + addrs.len = 0; + addrs.val = NULL; + paddrs = &addrs; + + { + krb5_boolean noaddr; + krb5_appdefault_boolean(context, NULL, realm, + "no-addresses", KRB5_ADDRESSLESS_DEFAULT, + &noaddr); + if (noaddr) + paddrs = NULL; } + + /* + * If tickets are address-less, forward address-less tickets. + */ + + if (paddrs) { + ret = _krb5_get_krbtgt (context, + ccache, + realm, + &ticket); + if(ret == 0) { + if (ticket->addresses.len == 0) + paddrs = NULL; + krb5_free_creds (context, ticket); + } + } + + if (paddrs != NULL) { + ret = getaddrinfo (hostname, NULL, NULL, &ai); + if (ret) { + save_errno = errno; + krb5_set_error_string(context, "resolving %s: %s", + hostname, gai_strerror(ret)); + return krb5_eai_to_heim_errno(ret, save_errno); + } + + ret = add_addrs (context, &addrs, ai); + freeaddrinfo (ai); + if (ret) + return ret; + } + kdc_flags.b = int2KDCOptions(flags); ret = krb5_get_kdc_cred (context, diff --git a/source4/heimdal/lib/krb5/mk_req.c b/source4/heimdal/lib/krb5/mk_req.c index 44e5d9c222..adc077e13f 100644 --- a/source4/heimdal/lib/krb5/mk_req.c +++ b/source4/heimdal/lib/krb5/mk_req.c @@ -64,9 +64,7 @@ krb5_mk_req_exact(krb5_context context, if (auth_context && *auth_context && (*auth_context)->keytype) this_cred.session.keytype = (*auth_context)->keytype; - /* This is the network contact with the KDC */ ret = krb5_get_credentials (context, 0, ccache, &this_cred, &cred); - krb5_free_cred_contents(context, &this_cred); if (ret) return ret; diff --git a/source4/heimdal/lib/krb5/store_mem.c b/source4/heimdal/lib/krb5/store_mem.c index decf74adce..d2b6d18252 100644 --- a/source4/heimdal/lib/krb5/store_mem.c +++ b/source4/heimdal/lib/krb5/store_mem.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_mem.c,v 1.12 2004/05/25 21:44:17 lha Exp $"); +RCSID("$Id: store_mem.c,v 1.13 2006/11/07 23:02:53 lha Exp $"); typedef struct mem_storage{ unsigned char *base; @@ -64,6 +64,12 @@ mem_store(krb5_storage *sp, const void *data, size_t size) return size; } +static ssize_t +mem_no_store(krb5_storage *sp, const void *data, size_t size) +{ + return -1; +} + static off_t mem_seek(krb5_storage *sp, off_t offset, int whence) { @@ -117,3 +123,28 @@ krb5_storage_from_data(krb5_data *data) { return krb5_storage_from_mem(data->data, data->length); } + +krb5_storage * KRB5_LIB_FUNCTION +krb5_storage_from_readonly_mem(const void *buf, size_t len) +{ + krb5_storage *sp = malloc(sizeof(krb5_storage)); + mem_storage *s; + if(sp == NULL) + return NULL; + s = malloc(sizeof(*s)); + if(s == NULL) { + free(sp); + return NULL; + } + sp->data = s; + sp->flags = 0; + sp->eof_code = HEIM_ERR_EOF; + s->base = rk_UNCONST(buf); + s->size = len; + s->ptr = rk_UNCONST(buf); + sp->fetch = mem_fetch; + sp->store = mem_no_store; + sp->seek = mem_seek; + sp->free = NULL; + return sp; +} -- cgit From e5974a1b5f736cf61146e82a33f65540289926a1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 10 Nov 2006 02:44:38 +0000 Subject: r19650: Allow Samba to use Heimdal's SPNEGO code. Currently this can only negotiate krb5, but if this works, I'll add NTLM as a GSSAPI backend by some means or other. Andrew Bartlett (This used to be commit 476452e143f61a3878a3646864729daaddccdf68) --- source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c | 7 ++++--- source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 2 -- 2 files changed, 4 insertions(+), 5 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c index 4d634bf20f..d3a21464da 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c @@ -72,10 +72,11 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, /* * Token must start with [APPLICATION 0] SEQUENCE. * But if it doesn't assume its DCE-STYLE Kerberos! + * And if it's not there at all, then we are requesting a mech list from SPNEGO */ - if (len == 0) - return (GSS_S_DEFECTIVE_TOKEN); - if (*p != 0x60) { + if (len == 0) { + mech_oid = *GSS_SPNEGO_MECHANISM; + } else if (*p != 0x60) { mech_oid = *GSS_KRB5_MECHANISM; } else { p++; diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c index b6f261fe29..3d01ba69d4 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c +++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -213,9 +213,7 @@ _gss_load_mech(void) } add_builtin(__gss_krb5_initialize()); -#ifndef _SAMBA_BUILD_ add_builtin(__gss_spnego_initialize()); -#endif fp = fopen(_PATH_GSS_MECH, "r"); if (!fp) { -- cgit From d822b963f9c178f3f2278be717ac97fbcb8de01c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 11 Nov 2006 14:00:24 +0000 Subject: r19663: merge changes from lorikeet heimdal: support for netbios domain based realms metze (This used to be commit dcec6eebf1b474ae3055449efebf491b1106a458) --- source4/heimdal/lib/krb5/get_in_tkt.c | 74 ++++++++++++++++++++++++----------- 1 file changed, 52 insertions(+), 22 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c index ebc96f2279..e140011413 100644 --- a/source4/heimdal/lib/krb5/get_in_tkt.c +++ b/source4/heimdal/lib/krb5/get_in_tkt.c @@ -131,12 +131,21 @@ _krb5_extract_ticket(krb5_context context, krb5_const_pointer decryptarg) { krb5_error_code ret; - krb5_principal tmp_principal; + krb5_principal tmp_principal, srv_principal = NULL; int tmp; size_t len; time_t tmp_time; krb5_timestamp sec_now; +/* + * HACK: + * this is really a ugly hack, to support using the Netbios Domain Name + * as realm against windows KDC's, they always return the full realm + * based on the DNS Name. + */ +allow_server_mismatch = 1; +ignore_cname = 1; + ret = _krb5_principalname2krb5_principal (context, &tmp_principal, rep->kdc_rep.cname, @@ -168,44 +177,63 @@ _krb5_extract_ticket(krb5_context context, krb5_abortx(context, "internal error in ASN.1 encoder"); creds->second_ticket.length = 0; creds->second_ticket.data = NULL; + + /* decrypt */ + + if (decrypt_proc == NULL) + decrypt_proc = decrypt_tkt; + + ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep); + if (ret) + goto out; + +#if 0 + /* XXX should this decode be here, or in the decrypt_proc? */ + ret = krb5_decode_keyblock(context, &rep->enc_part.key, 1); + if(ret) + goto out; +#endif /* compare server */ ret = _krb5_principalname2krb5_principal (context, - &tmp_principal, + &srv_principal, rep->kdc_rep.ticket.sname, rep->kdc_rep.ticket.realm); if (ret) goto out; + + ret = _krb5_principalname2krb5_principal (context, + &tmp_principal, + rep->enc_part.sname, + rep->enc_part.srealm); + if (ret) + goto out; + + /* + * see if the service principal matches in the ticket + * and in the enc_part + */ + tmp = krb5_principal_compare (context, tmp_principal, srv_principal); + krb5_free_principal (context, tmp_principal); + if (!tmp) { + ret = KRB5KRB_AP_ERR_MODIFIED; + krb5_clear_error_string (context); + goto out; + } + if(allow_server_mismatch){ krb5_free_principal(context, creds->server); - creds->server = tmp_principal; - tmp_principal = NULL; + creds->server = srv_principal; + srv_principal = NULL; }else{ - tmp = krb5_principal_compare (context, tmp_principal, creds->server); - krb5_free_principal (context, tmp_principal); + tmp = krb5_principal_compare (context, srv_principal, creds->server); if (!tmp) { ret = KRB5KRB_AP_ERR_MODIFIED; krb5_clear_error_string (context); goto out; } } - - /* decrypt */ - - if (decrypt_proc == NULL) - decrypt_proc = decrypt_tkt; - - ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep); - if (ret) - goto out; - -#if 0 - /* XXX should this decode be here, or in the decrypt_proc? */ - ret = krb5_decode_keyblock(context, &rep->enc_part.key, 1); - if(ret) - goto out; -#endif /* compare nonces */ @@ -301,6 +329,8 @@ _krb5_extract_ticket(krb5_context context, out: memset (rep->enc_part.key.keyvalue.data, 0, rep->enc_part.key.keyvalue.length); + if (srv_principal) + krb5_free_principal (context, srv_principal); return ret; } -- cgit From 5a6288f45891be30bd8e22978f61faf487214de6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 13 Nov 2006 03:19:59 +0000 Subject: r19681: Update to current lorikeet-heimdal. I'm looking at using the realm lookup plugin, the new PAC validation code as well as Heimdal's SPNEGO implementation. Andrew Bartlett (This used to be commit 05421f45ed7811697ea491e26c9d991a7faa1a64) --- source4/heimdal/kdc/kdc-private.h | 1 - source4/heimdal/kdc/kerberos5.c | 3 +- source4/heimdal/kdc/pkinit.c | 7 +- source4/heimdal/lib/asn1/asn1_err.et | 3 +- source4/heimdal/lib/gssapi/gssapi/gssapi.h | 53 +--- source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h | 8 +- source4/heimdal/lib/gssapi/krb5/gkrb5_err.et | 30 ++ source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h | 3 +- .../lib/gssapi/mech/gss_accept_sec_context.c | 163 +++++++---- source4/heimdal/lib/gssapi/mech/gss_krb5.c | 38 ++- source4/heimdal/lib/krb5/krb5-private.h | 54 ++++ source4/heimdal/lib/krb5/krb5-protos.h | 27 +- source4/heimdal/lib/krb5/krb5.h | 4 +- source4/heimdal/lib/krb5/krb5_locl.h | 6 + source4/heimdal/lib/krb5/krbhst.c | 97 ++++++- source4/heimdal/lib/krb5/locate_plugin.h | 64 +++++ source4/heimdal/lib/krb5/mit_glue.c | 10 +- source4/heimdal/lib/krb5/plugin.c | 242 +++++++++++++++++ source4/heimdal/lib/roken/socket.c | 302 +++++++++++++++++++++ 19 files changed, 978 insertions(+), 137 deletions(-) create mode 100644 source4/heimdal/lib/gssapi/krb5/gkrb5_err.et create mode 100644 source4/heimdal/lib/krb5/locate_plugin.h create mode 100644 source4/heimdal/lib/krb5/plugin.c create mode 100644 source4/heimdal/lib/roken/socket.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kdc-private.h b/source4/heimdal/kdc/kdc-private.h index 8c2f56002d..6d4fd2a29b 100644 --- a/source4/heimdal/kdc/kdc-private.h +++ b/source4/heimdal/kdc/kdc-private.h @@ -186,7 +186,6 @@ krb5_error_code _kdc_pk_check_client ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, - krb5_principal /*client_princ*/, const hdb_entry_ex */*client*/, pk_client_params */*client_params*/, char **/*subject_name*/); diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 84c16190f9..dd88e2ea50 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c,v 1.224 2006/11/04 17:05:28 lha Exp $"); +RCSID("$Id: kerberos5.c,v 1.225 2006/11/10 03:36:32 lha Exp $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -936,7 +936,6 @@ _kdc_as_rep(krb5_context context, ret = _kdc_pk_check_client(context, config, - client_princ, client, pkp, &client_cert); diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index 1a300cce3e..6657ab7c44 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c,v 1.73 2006/11/07 17:24:57 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.74 2006/11/10 03:37:43 lha Exp $"); #ifdef PKINIT @@ -1227,7 +1227,6 @@ out: krb5_error_code _kdc_pk_check_client(krb5_context context, krb5_kdc_configuration *config, - krb5_principal client_princ, const hdb_entry_ex *client, pk_client_params *client_params, char **subject_name) @@ -1255,7 +1254,7 @@ _kdc_pk_check_client(krb5_context context, if (config->enable_pkinit_princ_in_cert) { ret = pk_principal_from_X509(context, config, client_params->cert, - client_princ); + client->entry.principal); if (ret == 0) { kdc_log(context, config, 5, "Found matching PK-INIT SAN in certificate"); @@ -1289,7 +1288,7 @@ _kdc_pk_check_client(krb5_context context, krb5_boolean b; b = krb5_principal_compare(context, - client_princ, + client->entry.principal, principal_mappings.val[i].principal); if (b == FALSE) continue; diff --git a/source4/heimdal/lib/asn1/asn1_err.et b/source4/heimdal/lib/asn1/asn1_err.et index 8f1f272ccc..938b8eb988 100644 --- a/source4/heimdal/lib/asn1/asn1_err.et +++ b/source4/heimdal/lib/asn1/asn1_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: asn1_err.et,v 1.5 1998/02/16 16:17:17 joda Exp $" +id "$Id: asn1_err.et,v 1.6 2006/10/24 14:11:20 lha Exp $" error_table asn1 prefix ASN1 @@ -17,4 +17,5 @@ error_code BAD_ID, "ASN.1 identifier doesn't match expected value" error_code BAD_LENGTH, "ASN.1 length doesn't match expected value" error_code BAD_FORMAT, "ASN.1 badly-formatted encoding" error_code PARSE_ERROR, "ASN.1 parse error" +error_code EXTRA_DATA, "ASN.1 extra data past end of end structure" end diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h index 238907653e..f89e5dfbee 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi.h,v 1.5 2006/10/19 07:11:14 lha Exp $ */ +/* $Id: gssapi.h,v 1.6 2006/11/10 00:39:50 lha Exp $ */ #ifndef GSSAPI_GSSAPI_H_ #define GSSAPI_GSSAPI_H_ @@ -377,57 +377,6 @@ extern gss_OID GSS_SASL_DIGEST_MD5_MECHANISM; #define GSS_S_UNSEQ_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) #define GSS_S_GAP_TOKEN (1ul << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) -/* - * From RFC1964: - * - * 4.1.1. Non-Kerberos-specific codes - */ - -#define GSS_KRB5_S_G_BAD_SERVICE_NAME 1 - /* "No @ in SERVICE-NAME name string" */ -#define GSS_KRB5_S_G_BAD_STRING_UID 2 - /* "STRING-UID-NAME contains nondigits" */ -#define GSS_KRB5_S_G_NOUSER 3 - /* "UID does not resolve to username" */ -#define GSS_KRB5_S_G_VALIDATE_FAILED 4 - /* "Validation error" */ -#define GSS_KRB5_S_G_BUFFER_ALLOC 5 - /* "Couldn't allocate gss_buffer_t data" */ -#define GSS_KRB5_S_G_BAD_MSG_CTX 6 - /* "Message context invalid" */ -#define GSS_KRB5_S_G_WRONG_SIZE 7 - /* "Buffer is the wrong size" */ -#define GSS_KRB5_S_G_BAD_USAGE 8 - /* "Credential usage type is unknown" */ -#define GSS_KRB5_S_G_UNKNOWN_QOP 9 - /* "Unknown quality of protection specified" */ - - /* - * 4.1.2. Kerberos-specific-codes - */ - -#define GSS_KRB5_S_KG_CCACHE_NOMATCH 10 - /* "Principal in credential cache does not match desired name" */ -#define GSS_KRB5_S_KG_KEYTAB_NOMATCH 11 - /* "No principal in keytab matches desired name" */ -#define GSS_KRB5_S_KG_TGT_MISSING 12 - /* "Credential cache has no TGT" */ -#define GSS_KRB5_S_KG_NO_SUBKEY 13 - /* "Authenticator has no subkey" */ -#define GSS_KRB5_S_KG_CONTEXT_ESTABLISHED 14 - /* "Context is already fully established" */ -#define GSS_KRB5_S_KG_BAD_SIGN_TYPE 15 - /* "Unknown signature type in token" */ -#define GSS_KRB5_S_KG_BAD_LENGTH 16 - /* "Invalid field length in token" */ -#define GSS_KRB5_S_KG_CTX_INCOMPLETE 17 - /* "Attempt to use incomplete security context" */ - -/* - * This is used to make sure mechs that don't want to have external - * references don't get any prototypes, and thus can get warnings. - */ - /* * Finally, function prototypes for the GSS-API routines. */ diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h index f06a994008..ecd90a6656 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_krb5.h,v 1.14 2006/11/08 23:01:01 lha Exp $ */ +/* $Id: gssapi_krb5.h,v 1.17 2006/11/10 01:05:34 lha Exp $ */ #ifndef GSSAPI_KRB5_H_ #define GSSAPI_KRB5_H_ @@ -78,6 +78,7 @@ extern gss_OID GSS_KRB5_GET_AUTHTIME_X; extern gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X; /* Extensions creds */ extern gss_OID GSS_KRB5_IMPORT_CRED_X; +extern gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X; /* * kerberos mechanism specific functions @@ -205,6 +206,11 @@ gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *kctx); +OM_uint32 +gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, + gss_cred_id_t cred, + OM_uint32 num_enctypes, + int32_t *enctypes); #ifdef __cplusplus } diff --git a/source4/heimdal/lib/gssapi/krb5/gkrb5_err.et b/source4/heimdal/lib/gssapi/krb5/gkrb5_err.et new file mode 100644 index 0000000000..97e98c5e1e --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/gkrb5_err.et @@ -0,0 +1,30 @@ +# +# extended gss krb5 error messages +# + +id "$Id: gkrb5_err.et,v 1.1 2006/11/09 23:52:17 lha Exp $" + +error_table gk5 + +prefix GSS_KRB5_S + +error_code G_BAD_SERVICE_NAME, "No @ in SERVICE-NAME name string" +error_code G_BAD_STRING_UID, "STRING-UID-NAME contains nondigits" +error_code G_NOUSER, "UID does not resolve to username" +error_code G_VALIDATE_FAILED, "Validation error" +error_code G_BUFFER_ALLOC, "Couldn't allocate gss_buffer_t data" +error_code G_BAD_MSG_CTX, "Message context invalid" +error_code G_WRONG_SIZE, "Buffer is the wrong size" +error_code G_BAD_USAGE, "Credential usage type is unknown" +error_code G_UNKNOWN_QOP, "Unknown quality of protection specified" + +index 128 + +error_code KG_CCACHE_NOMATCH, "Principal in credential cache does not match desired name" +error_code KG_KEYTAB_NOMATCH, "No principal in keytab matches desired name" +error_code KG_TGT_MISSING, "Credential cache has no TGT" +error_code KG_NO_SUBKEY, "Authenticator has no subkey" +error_code KG_CONTEXT_ESTABLISHED, "Context is already fully established" +error_code KG_BAD_SIGN_TYPE, "Unknown signature type in token" +error_code KG_BAD_LENGTH, "Invalid field length in token" +error_code KG_CTX_INCOMPLETE, "Attempt to use incomplete security context" diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h index ea7a561b5b..39c800bf31 100644 --- a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h +++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gsskrb5_locl.h,v 1.7 2006/11/07 17:57:43 lha Exp $ */ +/* $Id: gsskrb5_locl.h,v 1.8 2006/11/10 00:36:40 lha Exp $ */ #ifndef GSSKRB5_LOCL_H #define GSSKRB5_LOCL_H @@ -41,6 +41,7 @@ #endif #include +#include #include #include #include diff --git a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c index d3a21464da..73207806a0 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c @@ -27,7 +27,108 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_accept_sec_context.c,v 1.6 2006/10/25 00:45:12 lha Exp $"); +RCSID("$Id: gss_accept_sec_context.c,v 1.7 2006/11/10 03:30:12 lha Exp $"); + +static OM_uint32 +parse_header(const gss_buffer_t input_token, gss_OID mech_oid) +{ + unsigned char *p = input_token->value; + size_t len = input_token->length; + size_t a, b; + + /* + * Token must start with [APPLICATION 0] SEQUENCE. + * But if it doesn't assume its DCE-STYLE Kerberos! + */ + if (len == 0) + return (GSS_S_DEFECTIVE_TOKEN); + + p++; + len--; + + /* + * Decode the length and make sure it agrees with the + * token length. + */ + if (len == 0) + return (GSS_S_DEFECTIVE_TOKEN); + if ((*p & 0x80) == 0) { + a = *p; + p++; + len--; + } else { + b = *p & 0x7f; + p++; + len--; + if (len < b) + return (GSS_S_DEFECTIVE_TOKEN); + a = 0; + while (b) { + a = (a << 8) | *p; + p++; + len--; + b--; + } + } + if (a != len) + return (GSS_S_DEFECTIVE_TOKEN); + + /* + * Decode the OID for the mechanism. Simplify life by + * assuming that the OID length is less than 128 bytes. + */ + if (len < 2 || *p != 0x06) + return (GSS_S_DEFECTIVE_TOKEN); + if ((p[1] & 0x80) || p[1] > (len - 2)) + return (GSS_S_DEFECTIVE_TOKEN); + mech_oid->length = p[1]; + p += 2; + len -= 2; + mech_oid->elements = p; + + return GSS_S_COMPLETE; +} + +static gss_OID_desc krb5_mechanism = + {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02")}; +static gss_OID_desc spnego_mechanism = + {6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02")}; + +static OM_uint32 +choose_mech(const gss_buffer_t input, gss_OID mech_oid) +{ + OM_uint32 status; + + /* + * First try to parse the gssapi token header and see if its a + * correct header, use that in the first hand. + */ + + status = parse_header(input, mech_oid); + if (status == GSS_S_COMPLETE) + return GSS_S_COMPLETE; + + /* + * Lets guess what mech is really is, callback function to mech ?? + */ + + if (input->length != 0 && ((const char *)input->value)[0] == 0x6E) { + /* Could be a raw AP-REQ (check for APPLICATION tag) */ + *mech_oid = krb5_mechanism; + return GSS_S_COMPLETE; + } else if (input->length == 0) { + /* + * There is the a wiered mode of SPNEGO (in CIFS and + * SASL GSS-SPENGO where the first token is zero + * length and the acceptor returns a mech_list, lets + * home that is what is happening now. + */ + *mech_oid = spnego_mechanism; + return GSS_S_COMPLETE; + } + return status; +} + OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, @@ -64,64 +165,12 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, * parse the input token to figure out the mechanism to use. */ if (*context_handle == GSS_C_NO_CONTEXT) { - unsigned char *p = input_token->value; - size_t len = input_token->length; - size_t a, b; gss_OID_desc mech_oid; - /* - * Token must start with [APPLICATION 0] SEQUENCE. - * But if it doesn't assume its DCE-STYLE Kerberos! - * And if it's not there at all, then we are requesting a mech list from SPNEGO - */ - if (len == 0) { - mech_oid = *GSS_SPNEGO_MECHANISM; - } else if (*p != 0x60) { - mech_oid = *GSS_KRB5_MECHANISM; - } else { - p++; - len--; - - /* - * Decode the length and make sure it agrees with the - * token length. - */ - if (len == 0) - return (GSS_S_DEFECTIVE_TOKEN); - if ((*p & 0x80) == 0) { - a = *p; - p++; - len--; - } else { - b = *p & 0x7f; - p++; - len--; - if (len < b) - return (GSS_S_DEFECTIVE_TOKEN); - a = 0; - while (b) { - a = (a << 8) | *p; - p++; - len--; - b--; - } - } - if (a != len) - return (GSS_S_DEFECTIVE_TOKEN); - - /* - * Decode the OID for the mechanism. Simplify life by - * assuming that the OID length is less than 128 bytes. - */ - if (len < 2 || *p != 0x06) - return (GSS_S_DEFECTIVE_TOKEN); - if ((p[1] & 0x80) || p[1] > (len - 2)) - return (GSS_S_DEFECTIVE_TOKEN); - mech_oid.length = p[1]; - p += 2; - len -= 2; - mech_oid.elements = p; - } + major_status = choose_mech(input_token, &mech_oid); + if (major_status != GSS_S_COMPLETE) + return major_status; + /* * Now that we have a mechanism, we can find the * implementation. diff --git a/source4/heimdal/lib/gssapi/mech/gss_krb5.c b/source4/heimdal/lib/gssapi/mech/gss_krb5.c index 34cdbeb3c1..76a2c2b637 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_krb5.c +++ b/source4/heimdal/lib/gssapi/mech/gss_krb5.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_krb5.c,v 1.20 2006/11/08 23:11:03 lha Exp $"); +RCSID("$Id: gss_krb5.c,v 1.21 2006/11/10 00:57:27 lha Exp $"); #include #include @@ -421,13 +421,41 @@ gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c) */ OM_uint32 -gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, +gss_krb5_set_allowable_enctypes(OM_uint32 *min_status, gss_cred_id_t cred, OM_uint32 num_enctypes, - krb5_enctype *enctypes) + int32_t *enctypes) { - *minor_status = 0; - return GSS_S_COMPLETE; + OM_uint32 maj_status; + gss_buffer_desc buffer; + krb5_storage *sp; + krb5_data data; + + sp = krb5_storage_emem(); + if (sp == NULL) { + *min_status = ENOMEM; + maj_status = GSS_S_FAILURE; + goto out; + } + + while(*enctypes) { + krb5_store_int32(sp, *enctypes); + enctypes++; + } + + krb5_storage_to_data(sp, &data); + + buffer.value = data.data; + buffer.length = data.length; + + maj_status = gss_set_cred_option(min_status, + &cred, + GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X, + &buffer); +out: + if (sp) + krb5_storage_free(sp); + return maj_status; } /* diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 0bf184a530..ba2f75ad22 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -299,6 +299,37 @@ _krb5_oid_to_enctype ( const heim_oid */*oid*/, krb5_enctype */*etype*/); +void +_krb5_pac_free ( + krb5_context /*context*/, + struct krb5_pac */*pac*/); + +krb5_error_code +_krb5_pac_parse ( + krb5_context /*context*/, + const void */*ptr*/, + size_t /*len*/, + struct krb5_pac **/*pac*/); + +krb5_error_code +_krb5_pac_sign ( + krb5_context /*context*/, + struct krb5_pac */*p*/, + time_t /*authtime*/, + krb5_principal /*principal*/, + krb5_keyblock */*server_key*/, + krb5_keyblock */*priv_key*/, + krb5_data */*data*/); + +krb5_error_code +_krb5_pac_verify ( + krb5_context /*context*/, + struct krb5_pac */*pac*/, + time_t /*authtime*/, + krb5_principal /*principal*/, + krb5_keyblock */*server*/, + krb5_keyblock */*privsvr*/); + krb5_error_code _krb5_parse_moduli ( krb5_context /*context*/, @@ -380,6 +411,29 @@ _krb5_pk_verify_sign ( krb5_data */*content*/, struct krb5_pk_cert **/*signer*/); +krb5_error_code +_krb5_plugin_find ( + krb5_context /*context*/, + enum plugin_type /*type*/, + const char */*name*/, + struct krb5_plugin **/*list*/); + +void +_krb5_plugin_free (struct krb5_plugin */*list*/); + +struct krb5_plugin * +_krb5_plugin_get_next (struct krb5_plugin */*p*/); + +void * +_krb5_plugin_get_symbol (struct krb5_plugin */*p*/); + +krb5_error_code +_krb5_plugin_register ( + krb5_context /*context*/, + enum plugin_type /*type*/, + const char */*name*/, + void */*symbol*/); + krb5_error_code KRB5_LIB_FUNCTION _krb5_principal2principalname ( PrincipalName */*p*/, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 104f10bdf2..8b61e8d7d2 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -498,6 +498,12 @@ krb5_c_is_coll_proof_cksum (krb5_cksumtype /*ctype*/); krb5_boolean KRB5_LIB_FUNCTION krb5_c_is_keyed_cksum (krb5_cksumtype /*ctype*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_keylength ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + size_t */*len*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_c_make_checksum ( krb5_context /*context*/, @@ -2165,6 +2171,9 @@ krb5_get_krbhst ( const krb5_realm */*realm*/, char ***/*hostlist*/); +time_t KRB5_LIB_FUNCTION +krb5_get_max_time_skew (krb5_context /*context*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_get_pw_salt ( krb5_context /*context*/, @@ -2177,9 +2186,6 @@ krb5_get_server_rcache ( const krb5_data */*piece*/, krb5_rcache */*id*/); -time_t KRB5_LIB_FUNCTION -krb5_get_time_wrap (krb5_context /*context*/); - krb5_boolean KRB5_LIB_FUNCTION krb5_get_use_admin_kdc (krb5_context /*context*/); @@ -3165,6 +3171,11 @@ krb5_set_ignore_addresses ( krb5_context /*context*/, const krb5_addresses */*addresses*/); +void KRB5_LIB_FUNCTION +krb5_set_max_time_skew ( + krb5_context /*context*/, + time_t /*t*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_set_password ( krb5_context /*context*/, @@ -3197,11 +3208,6 @@ krb5_set_send_to_kdc_func ( krb5_send_to_kdc_func /*func*/, void */*data*/); -void KRB5_LIB_FUNCTION -krb5_set_time_wrap ( - krb5_context /*context*/, - time_t /*t*/); - void KRB5_LIB_FUNCTION krb5_set_use_admin_kdc ( krb5_context /*context*/, @@ -3271,6 +3277,11 @@ krb5_storage_from_mem ( void */*buf*/, size_t /*len*/); +krb5_storage * KRB5_LIB_FUNCTION +krb5_storage_from_readonly_mem ( + const void */*buf*/, + size_t /*len*/); + krb5_flags KRB5_LIB_FUNCTION krb5_storage_get_byteorder ( krb5_storage */*sp*/, diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index f5c8b069de..1b26e8b3e7 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.254 2006/11/07 00:17:42 lha Exp $ */ +/* $Id: krb5.h,v 1.255 2006/11/12 08:33:07 lha Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -78,6 +78,8 @@ typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt; struct krb5_digest; typedef struct krb5_digest *krb5_digest; +struct krb5_pac; + typedef struct krb5_rd_req_in_ctx *krb5_rd_req_in_ctx; typedef struct krb5_rd_req_out_ctx *krb5_rd_req_out_ctx; diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index 89b3c6ad40..3fb5461b3c 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -148,6 +148,12 @@ struct krb5_dh_moduli; /* v4 glue */ struct _krb5_krb_auth_data; +struct krb5_plugin; +enum plugin_type { + PLUGIN_TYPE_DATA = 1, + PLUGIN_TYPE_FUNC +}; + #include #include diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c index e7b2579229..f395f0d0c3 100644 --- a/source4/heimdal/lib/krb5/krbhst.c +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -33,8 +33,9 @@ #include "krb5_locl.h" #include +#include "locate_plugin.h" -RCSID("$Id: krbhst.c,v 1.57 2006/10/06 17:11:02 lha Exp $"); +RCSID("$Id: krbhst.c,v 1.58 2006/11/12 20:05:20 lha Exp $"); static int string_to_proto(const char *string) @@ -147,6 +148,7 @@ struct krb5_krbhst_data { #define KD_FALLBACK 16 #define KD_CONFIG_EXISTS 32 #define KD_LARGE_MSG 64 +#define KD_PLUGIN 128 krb5_error_code (*get_next)(krb5_context, struct krb5_krbhst_data *, krb5_krbhst_info**); @@ -460,8 +462,8 @@ fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, hi->proto = proto; hi->port = hi->def_port = port; hi->ai = ai; - memmove(hi->hostname, host, hostlen - 1); - hi->hostname[hostlen - 1] = '\0'; + memmove(hi->hostname, host, hostlen); + hi->hostname[hostlen] = '\0'; free(host); append_host_hostinfo(kd, hi); kd->fallback_count++; @@ -469,6 +471,88 @@ fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, return 0; } +/* + * Fetch hosts from plugin + */ + +static krb5_error_code +add_locate(void *ctx, int type, struct sockaddr *addr) +{ + struct krb5_krbhst_info *hi; + struct krb5_krbhst_data *kd = ctx; + char host[NI_MAXHOST], port[NI_MAXSERV]; + struct addrinfo hints, *ai; + socklen_t socklen; + size_t hostlen; + int ret; + + socklen = socket_sockaddr_size(addr); + + ret = getnameinfo(addr, socklen, host, sizeof(host), port, sizeof(port), + NI_NUMERICHOST|NI_NUMERICSERV); + if (ret != 0) + return 0; + + memset(&hints, 0, sizeof(hints)); + ret = getaddrinfo(host, port, &hints, &ai); + if (ret) + return 0; + + hostlen = strlen(host); + + hi = calloc(1, sizeof(*hi) + hostlen); + if(hi == NULL) { + free(host); + return ENOMEM; + } + + hi->proto = krbhst_get_default_proto(kd); + hi->port = hi->def_port = socket_get_port(addr); + hi->ai = ai; + memmove(hi->hostname, host, hostlen); + hi->hostname[hostlen] = '\0'; + append_host_hostinfo(kd, hi); + + return 0; +} + +static void +plugin_get_hosts(krb5_context context, + struct krb5_krbhst_data *kd, + enum locate_service_type type) +{ + struct krb5_plugin *list, *e; + krb5_error_code ret; + + ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "resolve", &list); + if(ret != 0 || list == NULL) + return; + + kd->flags |= KD_CONFIG_EXISTS; + + for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) { + krb5plugin_service_locate_ftable *service; + void *ctx; + + service = _krb5_plugin_get_symbol(e); + if (service->minor_version != 0) + continue; + + (*service->init)(context, &ctx); + ret = (*service->lookup)(ctx, type, kd->realm, 0, 0, add_locate, kd); + (*service->fini)(ctx); + if (ret) { + krb5_set_error_string(context, "Plugin failed to lookup"); + break; + } + } + _krb5_plugin_free(list); +} + +/* + * + */ + static krb5_error_code kdc_get_next(krb5_context context, struct krb5_krbhst_data *kd, @@ -476,6 +560,13 @@ kdc_get_next(krb5_context context, { krb5_error_code ret; + if ((kd->flags & KD_PLUGIN) == 0) { + plugin_get_hosts(context, kd, locate_service_kdc); + kd->flags |= KD_PLUGIN; + if(get_next(kd, host)) + return 0; + } + if((kd->flags & KD_CONFIG) == 0) { config_get_hosts(context, kd, "kdc"); kd->flags |= KD_CONFIG; diff --git a/source4/heimdal/lib/krb5/locate_plugin.h b/source4/heimdal/lib/krb5/locate_plugin.h new file mode 100644 index 0000000000..ec06d362cf --- /dev/null +++ b/source4/heimdal/lib/krb5/locate_plugin.h @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: locate_plugin.h,v 1.1 2006/11/12 19:00:03 lha Exp $ */ + +#ifndef HEIMDAL_KRB5_LOCATE_PLUGIN_H +#define HEIMDAL_KRB5_LOCATE_PLUGIN_H 1 + +#include + +enum locate_service_type { + locate_service_kdc = 1, + locate_service_master_kdc, + locate_service_kadmin, + locate_service_krb524, + locate_service_kpasswd +}; + +typedef krb5_error_code +(*krb5plugin_service_locate_lookup) (void *, enum locate_service_type, + const char *, int, int, + int (*)(void *,int,struct sockaddr *), + void *); + + +typedef struct krb5plugin_service_locate_ftable { + int minor_version; + krb5_error_code (*init)(krb5_context, void **); + void (*fini)(void *); + krb5plugin_service_locate_lookup lookup; +} krb5plugin_service_locate_ftable; + +#endif /* HEIMDAL_KRB5_LOCATE_PLUGIN_H */ + diff --git a/source4/heimdal/lib/krb5/mit_glue.c b/source4/heimdal/lib/krb5/mit_glue.c index b9075b3079..493c4cd845 100755 --- a/source4/heimdal/lib/krb5/mit_glue.c +++ b/source4/heimdal/lib/krb5/mit_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: mit_glue.c,v 1.8 2006/10/14 09:51:02 lha Exp $"); +RCSID("$Id: mit_glue.c,v 1.9 2006/11/09 21:24:16 lha Exp $"); /* * Glue for MIT API @@ -325,3 +325,11 @@ krb5_c_make_random_key(krb5_context context, { return krb5_generate_random_keyblock(context, enctype, random_key); } + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_keylength(krb5_context context, + krb5_enctype enctype, + size_t *len) +{ + return krb5_enctype_keysize(context, enctype, len); +} diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c new file mode 100644 index 0000000000..294807faab --- /dev/null +++ b/source4/heimdal/lib/krb5/plugin.c @@ -0,0 +1,242 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +RCSID("$Id: plugin.c,v 1.2 2006/11/12 21:39:43 lha Exp $"); +#ifdef HAVE_DLFCN_H +#include +#endif +#include + +struct krb5_plugin { + void *symbol; + void *dsohandle; + struct krb5_plugin *next; +}; + +struct plugin { + enum plugin_type type; + void *name; + void *symbol; + struct plugin *next; +}; + +static HEIMDAL_MUTEX plugin_mutex = HEIMDAL_MUTEX_INITIALIZER; +static struct plugin *registered = NULL; + +static const char *plugin_dir = LIBDIR "/plugin/krb5"; + +/* + * + */ + +void * +_krb5_plugin_get_symbol(struct krb5_plugin *p) +{ + return p->symbol; +} + +struct krb5_plugin * +_krb5_plugin_get_next(struct krb5_plugin *p) +{ + return p->next; +} + +/* + * + */ + +static krb5_error_code +loadlib(krb5_context context, + enum plugin_type type, + const char *name, + const char *lib, + struct krb5_plugin **e) +{ + *e = calloc(1, sizeof(**e)); + if (*e == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + + (*e)->dsohandle = dlopen(lib, 0); + if ((*e)->dsohandle == NULL) { + free(*e); + krb5_set_error_string(context, "Failed to load %s: %s", + lib, dlerror()); + return ENOMEM; + } + + /* dlsym doesn't care about the type */ + (*e)->symbol = dlsym((*e)->dsohandle, name); + if ((*e)->symbol == NULL) { + dlclose((*e)->dsohandle); + free(*e); + krb5_clear_error_string(context); + return ENOMEM; + } + + return 0; +} + +krb5_error_code +_krb5_plugin_register(krb5_context context, + enum plugin_type type, + const char *name, + void *symbol) +{ + struct plugin *e; + + e = calloc(1, sizeof(*e)); + if (e == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + e->type = type; + e->name = strdup(name); + if (e->name == NULL) { + free(e); + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + e->symbol = symbol; + + HEIMDAL_MUTEX_lock(&plugin_mutex); + e->next = registered; + registered = e; + HEIMDAL_MUTEX_unlock(&plugin_mutex); + + return 0; +} + +krb5_error_code +_krb5_plugin_find(krb5_context context, + enum plugin_type type, + const char *name, + struct krb5_plugin **list) +{ + struct krb5_plugin *e; + struct plugin *p; + krb5_error_code ret; + char *sysdirs[2] = { NULL, NULL }; + char **dirs = NULL, **di; + struct dirent *entry; + char *path; + DIR *d = NULL; + + *list = NULL; + + HEIMDAL_MUTEX_lock(&plugin_mutex); + + for (p = registered; p != NULL; p = p->next) { + if (p->type != type || strcmp(p->name, name) != 0) + continue; + + e = calloc(1, sizeof(*e)); + if (e == NULL) { + HEIMDAL_MUTEX_unlock(&plugin_mutex); + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + e->symbol = p->symbol; + e->dsohandle = NULL; + e->next = *list; + *list = e; + } + HEIMDAL_MUTEX_unlock(&plugin_mutex); + + dirs = krb5_config_get_strings(context, NULL, "libdefaults", + "plugin_dir", NULL); + if (dirs == NULL) { + sysdirs[0] = rk_UNCONST(plugin_dir); + dirs = sysdirs; + } + + for (di = dirs; *di != NULL; di++) { + + d = opendir(*di); + if (d == NULL) + continue; + + while ((entry = readdir(d)) != NULL) { + asprintf(&path, "%s/%s", *di, entry->d_name); + if (path == NULL) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + ret = loadlib(context, type, name, path, &e); + free(path); + if (ret) + continue; + + e->next = *list; + *list = e; + } + closedir(d); + } + if (dirs != sysdirs) + krb5_config_free_strings(dirs); + + if (*list == NULL) { + krb5_set_error_string(context, "Did not find a plugin for %s", name); + return ENOENT; + } + + return 0; + +out: + if (dirs && dirs != sysdirs) + krb5_config_free_strings(dirs); + if (d) + closedir(d); + _krb5_plugin_free(*list); + *list = NULL; + + return ret; +} + +void +_krb5_plugin_free(struct krb5_plugin *list) +{ + struct krb5_plugin *next; + while (list) { + next = list->next; + if (list->dsohandle) + dlclose(list->dsohandle); + free(list); + list = next; + } +} + diff --git a/source4/heimdal/lib/roken/socket.c b/source4/heimdal/lib/roken/socket.c new file mode 100644 index 0000000000..5f77aacf43 --- /dev/null +++ b/source4/heimdal/lib/roken/socket.c @@ -0,0 +1,302 @@ +/* + * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: socket.c,v 1.11 2005/09/01 18:48:17 lha Exp $"); +#endif + +#include +#include + +/* + * Set `sa' to the unitialized address of address family `af' + */ + +void ROKEN_LIB_FUNCTION +socket_set_any (struct sockaddr *sa, int af) +{ + switch (af) { + case AF_INET : { + struct sockaddr_in *sin4 = (struct sockaddr_in *)sa; + + memset (sin4, 0, sizeof(*sin4)); + sin4->sin_family = AF_INET; + sin4->sin_port = 0; + sin4->sin_addr.s_addr = INADDR_ANY; + break; + } +#ifdef HAVE_IPV6 + case AF_INET6 : { + struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa; + + memset (sin6, 0, sizeof(*sin6)); + sin6->sin6_family = AF_INET6; + sin6->sin6_port = 0; + sin6->sin6_addr = in6addr_any; + break; + } +#endif + default : + errx (1, "unknown address family %d", sa->sa_family); + break; + } +} + +/* + * set `sa' to (`ptr', `port') + */ + +void ROKEN_LIB_FUNCTION +socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port) +{ + switch (sa->sa_family) { + case AF_INET : { + struct sockaddr_in *sin4 = (struct sockaddr_in *)sa; + + memset (sin4, 0, sizeof(*sin4)); + sin4->sin_family = AF_INET; + sin4->sin_port = port; + memcpy (&sin4->sin_addr, ptr, sizeof(struct in_addr)); + break; + } +#ifdef HAVE_IPV6 + case AF_INET6 : { + struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa; + + memset (sin6, 0, sizeof(*sin6)); + sin6->sin6_family = AF_INET6; + sin6->sin6_port = port; + memcpy (&sin6->sin6_addr, ptr, sizeof(struct in6_addr)); + break; + } +#endif + default : + errx (1, "unknown address family %d", sa->sa_family); + break; + } +} + +/* + * Return the size of an address of the type in `sa' + */ + +size_t ROKEN_LIB_FUNCTION +socket_addr_size (const struct sockaddr *sa) +{ + switch (sa->sa_family) { + case AF_INET : + return sizeof(struct in_addr); +#ifdef HAVE_IPV6 + case AF_INET6 : + return sizeof(struct in6_addr); +#endif + default : + errx (1, "unknown address family %d", sa->sa_family); + break; + } +} + +/* + * Return the size of a `struct sockaddr' in `sa'. + */ + +size_t ROKEN_LIB_FUNCTION +socket_sockaddr_size (const struct sockaddr *sa) +{ + switch (sa->sa_family) { + case AF_INET : + return sizeof(struct sockaddr_in); +#ifdef HAVE_IPV6 + case AF_INET6 : + return sizeof(struct sockaddr_in6); +#endif + default : + errx (1, "unknown address family %d", sa->sa_family); + break; + } +} + +/* + * Return the binary address of `sa'. + */ + +void * ROKEN_LIB_FUNCTION +socket_get_address (struct sockaddr *sa) +{ + switch (sa->sa_family) { + case AF_INET : { + struct sockaddr_in *sin4 = (struct sockaddr_in *)sa; + return &sin4->sin_addr; + } +#ifdef HAVE_IPV6 + case AF_INET6 : { + struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa; + return &sin6->sin6_addr; + } +#endif + default : + errx (1, "unknown address family %d", sa->sa_family); + break; + } +} + +/* + * Return the port number from `sa'. + */ + +int ROKEN_LIB_FUNCTION +socket_get_port (const struct sockaddr *sa) +{ + switch (sa->sa_family) { + case AF_INET : { + const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa; + return sin4->sin_port; + } +#ifdef HAVE_IPV6 + case AF_INET6 : { + const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa; + return sin6->sin6_port; + } +#endif + default : + errx (1, "unknown address family %d", sa->sa_family); + break; + } +} + +/* + * Set the port in `sa' to `port'. + */ + +void ROKEN_LIB_FUNCTION +socket_set_port (struct sockaddr *sa, int port) +{ + switch (sa->sa_family) { + case AF_INET : { + struct sockaddr_in *sin4 = (struct sockaddr_in *)sa; + sin4->sin_port = port; + break; + } +#ifdef HAVE_IPV6 + case AF_INET6 : { + struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa; + sin6->sin6_port = port; + break; + } +#endif + default : + errx (1, "unknown address family %d", sa->sa_family); + break; + } +} + +/* + * Set the range of ports to use when binding with port = 0. + */ +void ROKEN_LIB_FUNCTION +socket_set_portrange (int sock, int restr, int af) +{ +#if defined(IP_PORTRANGE) + if (af == AF_INET) { + int on = restr ? IP_PORTRANGE_HIGH : IP_PORTRANGE_DEFAULT; + if (setsockopt (sock, IPPROTO_IP, IP_PORTRANGE, &on, + sizeof(on)) < 0) + warn ("setsockopt IP_PORTRANGE (ignored)"); + } +#endif +#if defined(IPV6_PORTRANGE) + if (af == AF_INET6) { + int on = restr ? IPV6_PORTRANGE_HIGH : + IPV6_PORTRANGE_DEFAULT; + if (setsockopt (sock, IPPROTO_IPV6, IPV6_PORTRANGE, &on, + sizeof(on)) < 0) + warn ("setsockopt IPV6_PORTRANGE (ignored)"); + } +#endif +} + +/* + * Enable debug on `sock'. + */ + +void ROKEN_LIB_FUNCTION +socket_set_debug (int sock) +{ +#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT) + int on = 1; + + if (setsockopt (sock, SOL_SOCKET, SO_DEBUG, (void *) &on, sizeof (on)) < 0) + warn ("setsockopt SO_DEBUG (ignored)"); +#endif +} + +/* + * Set the type-of-service of `sock' to `tos'. + */ + +void ROKEN_LIB_FUNCTION +socket_set_tos (int sock, int tos) +{ +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + if (setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof (int)) < 0) + if (errno != EINVAL) + warn ("setsockopt TOS (ignored)"); +#endif +} + +/* + * set the reuse of addresses on `sock' to `val'. + */ + +void ROKEN_LIB_FUNCTION +socket_set_reuseaddr (int sock, int val) +{ +#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) + if(setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&val, + sizeof(val)) < 0) + err (1, "setsockopt SO_REUSEADDR"); +#endif +} + +/* + * Set the that the `sock' should bind to only IPv6 addresses. + */ + +void ROKEN_LIB_FUNCTION +socket_set_ipv6only (int sock, int val) +{ +#if defined(IPV6_V6ONLY) && defined(HAVE_SETSOCKOPT) + setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&val, sizeof(val)); +#endif +} -- cgit From f2784a8bb0fbf4243bb959e7b9dfd3c2e108d470 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 12 Dec 2006 22:38:23 +0000 Subject: r20139: only add GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG if the caller requested it! this is needed to create plain, singed or sealed LDAP connections. this should go into lorikeet and main heimdal... metze (This used to be commit 75c037cae21714e394a63f2506387e1049eb4406) --- source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c index 7a97b6262c..27d859ddd8 100644 --- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -470,8 +470,11 @@ init_auth if (req_flags & GSS_C_EXTENDED_ERROR_FLAG) flags |= GSS_C_EXTENDED_ERROR_FLAG; - flags |= GSS_C_CONF_FLAG; - flags |= GSS_C_INTEG_FLAG; + if (req_flags & GSS_C_CONF_FLAG) + flags |= GSS_C_CONF_FLAG; + if (req_flags & GSS_C_INTEG_FLAG) + flags |= GSS_C_INTEG_FLAG; + flags |= GSS_C_TRANS_FLAG; if (ret_flags) -- cgit From f7242f643763ccb6e10801af4ce53d0873e2d3e1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 10 Jan 2007 01:57:32 +0000 Subject: r20640: Commit part 2/2 Update Heimdal to match current lorikeet-heimdal. This includes integrated PAC hooks, so Samba doesn't have to handle this any more. This also brings in the PKINIT code, hence so many new files. Andrew Bartlett (This used to be commit 351f7040f7bb73b9a60b22b564686f7c2f98a729) --- source4/heimdal/cf/check-var.m4 | 2 + source4/heimdal/kdc/digest.c | 542 +++- source4/heimdal/kdc/headers.h | 9 +- source4/heimdal/kdc/kdc-private.h | 56 +- source4/heimdal/kdc/kdc.h | 6 +- source4/heimdal/kdc/kdc_locl.h | 4 +- source4/heimdal/kdc/kerberos5.c | 273 +- source4/heimdal/kdc/krb5tgs.c | 338 +- source4/heimdal/kdc/kx509.c | 370 +++ source4/heimdal/kdc/pkinit.c | 202 +- source4/heimdal/kdc/process.c | 11 +- source4/heimdal/kdc/windc.c | 108 + source4/heimdal/kdc/windc_plugin.h | 80 + source4/heimdal/lib/asn1/asn1-common.h | 3 +- source4/heimdal/lib/asn1/der-protos.h | 25 + source4/heimdal/lib/asn1/der_copy.c | 9 +- source4/heimdal/lib/asn1/der_format.c | 11 +- source4/heimdal/lib/asn1/der_free.c | 9 +- source4/heimdal/lib/asn1/der_get.c | 9 +- source4/heimdal/lib/asn1/der_length.c | 8 +- source4/heimdal/lib/asn1/der_put.c | 9 +- source4/heimdal/lib/asn1/digest.asn1 | 42 +- source4/heimdal/lib/asn1/gen.c | 13 +- source4/heimdal/lib/asn1/gen_copy.c | 5 +- source4/heimdal/lib/asn1/gen_decode.c | 14 +- source4/heimdal/lib/asn1/gen_encode.c | 46 +- source4/heimdal/lib/asn1/gen_free.c | 5 +- source4/heimdal/lib/asn1/gen_length.c | 5 +- source4/heimdal/lib/asn1/k5.asn1 | 6 +- source4/heimdal/lib/asn1/kx509.asn1 | 20 + source4/heimdal/lib/asn1/lex.l | 8 +- source4/heimdal/lib/asn1/parse.c | 388 +-- source4/heimdal/lib/asn1/parse.y | 11 +- source4/heimdal/lib/asn1/rfc2459.asn1 | 22 +- source4/heimdal/lib/asn1/symbol.h | 5 +- source4/heimdal/lib/com_err/lex.c | 74 +- source4/heimdal/lib/com_err/parse.c | 1874 ++++++----- source4/heimdal/lib/com_err/parse.h | 76 +- source4/heimdal/lib/des/bn.c | 445 +++ source4/heimdal/lib/des/dh-imath.c | 243 ++ source4/heimdal/lib/des/dh.c | 294 ++ source4/heimdal/lib/des/dsa.c | 125 + source4/heimdal/lib/des/engine.c | 345 +++ source4/heimdal/lib/des/imath/LICENSE | 21 + source4/heimdal/lib/des/imath/imath.c | 3246 ++++++++++++++++++++ source4/heimdal/lib/des/imath/imath.h | 220 ++ source4/heimdal/lib/des/imath/iprime.c | 186 ++ source4/heimdal/lib/des/imath/iprime.h | 51 + source4/heimdal/lib/des/pkcs12.c | 145 + source4/heimdal/lib/des/resource.h | 18 + source4/heimdal/lib/des/rsa-imath.c | 661 ++++ source4/heimdal/lib/des/rsa.c | 471 +++ source4/heimdal/lib/des/rsa.h | 11 +- source4/heimdal/lib/gssapi/gssapi/gssapi.h | 8 +- source4/heimdal/lib/gssapi/gssapi_mech.h | 1 + .../heimdal/lib/gssapi/krb5/accept_sec_context.c | 143 +- source4/heimdal/lib/gssapi/krb5/acquire_cred.c | 112 +- source4/heimdal/lib/gssapi/krb5/add_cred.c | 31 +- .../heimdal/lib/gssapi/krb5/address_to_krb5addr.c | 7 +- source4/heimdal/lib/gssapi/krb5/arcfour.c | 56 +- source4/heimdal/lib/gssapi/krb5/cfx.c | 133 +- source4/heimdal/lib/gssapi/krb5/cfx.h | 17 +- source4/heimdal/lib/gssapi/krb5/compare_name.c | 7 +- source4/heimdal/lib/gssapi/krb5/compat.c | 23 +- source4/heimdal/lib/gssapi/krb5/context_time.c | 16 +- source4/heimdal/lib/gssapi/krb5/copy_ccache.c | 38 +- .../heimdal/lib/gssapi/krb5/delete_sec_context.c | 15 +- source4/heimdal/lib/gssapi/krb5/display_name.c | 9 +- source4/heimdal/lib/gssapi/krb5/display_status.c | 168 +- source4/heimdal/lib/gssapi/krb5/duplicate_name.c | 8 +- source4/heimdal/lib/gssapi/krb5/export_name.c | 9 +- .../heimdal/lib/gssapi/krb5/export_sec_context.c | 5 +- source4/heimdal/lib/gssapi/krb5/external.c | 4 +- source4/heimdal/lib/gssapi/krb5/get_mic.c | 50 +- source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h | 34 +- source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h | 8 +- source4/heimdal/lib/gssapi/krb5/import_name.c | 24 +- .../heimdal/lib/gssapi/krb5/import_sec_context.c | 36 +- source4/heimdal/lib/gssapi/krb5/init.c | 86 +- source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 130 +- source4/heimdal/lib/gssapi/krb5/inquire_context.c | 6 +- source4/heimdal/lib/gssapi/krb5/inquire_cred.c | 10 +- .../heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c | 8 +- .../lib/gssapi/krb5/inquire_sec_context_by_oid.c | 49 +- .../lib/gssapi/krb5/process_context_token.c | 6 +- source4/heimdal/lib/gssapi/krb5/release_cred.c | 15 +- source4/heimdal/lib/gssapi/krb5/release_name.c | 9 +- source4/heimdal/lib/gssapi/krb5/set_cred_option.c | 21 +- .../lib/gssapi/krb5/set_sec_context_option.c | 15 +- source4/heimdal/lib/gssapi/krb5/unwrap.c | 43 +- source4/heimdal/lib/gssapi/krb5/verify_mic.c | 47 +- source4/heimdal/lib/gssapi/krb5/wrap.c | 109 +- .../lib/gssapi/mech/gss_accept_sec_context.c | 13 +- .../heimdal/lib/gssapi/mech/gss_init_sec_context.c | 30 +- source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 5 +- .../heimdal/lib/gssapi/mech/gss_set_cred_option.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_utils.c | 13 +- source4/heimdal/lib/gssapi/mech/utils.h | 3 +- .../heimdal/lib/gssapi/spnego/accept_sec_context.c | 978 +++--- source4/heimdal/lib/gssapi/spnego/compat.c | 154 +- source4/heimdal/lib/gssapi/spnego/context_stubs.c | 88 +- .../heimdal/lib/gssapi/spnego/init_sec_context.c | 219 +- source4/heimdal/lib/gssapi/spnego/spnego-private.h | 25 +- source4/heimdal/lib/gssapi/spnego/spnego.asn1 | 17 +- source4/heimdal/lib/gssapi/spnego/spnego_locl.h | 27 +- source4/heimdal/lib/hdb/hdb.c | 2 +- source4/heimdal/lib/hdb/hdb.h | 18 - source4/heimdal/lib/hx509/asn1_id_pkix_ocsp.x | 22 + .../heimdal/lib/hx509/asn1_id_pkix_ocsp_basic.x | 22 + .../heimdal/lib/hx509/asn1_id_pkix_ocsp_nonce.x | 22 + source4/heimdal/lib/hx509/ca.c | 893 ++++++ source4/heimdal/lib/hx509/cert.c | 2214 +++++++++++++ source4/heimdal/lib/hx509/cms.c | 1279 ++++++++ source4/heimdal/lib/hx509/collector.c | 324 ++ source4/heimdal/lib/hx509/crmf.asn1 | 113 + source4/heimdal/lib/hx509/crypto.c | 2438 +++++++++++++++ source4/heimdal/lib/hx509/error.c | 141 + source4/heimdal/lib/hx509/file.c | 115 + source4/heimdal/lib/hx509/hx509-protos.h | 824 +++++ source4/heimdal/lib/hx509/hx509.h | 111 + source4/heimdal/lib/hx509/hx509_err.c | 157 + source4/heimdal/lib/hx509/hx509_err.et | 100 + source4/heimdal/lib/hx509/hx_locl.h | 184 ++ source4/heimdal/lib/hx509/keyset.c | 439 +++ source4/heimdal/lib/hx509/ks_dir.c | 223 ++ source4/heimdal/lib/hx509/ks_file.c | 794 +++++ source4/heimdal/lib/hx509/ks_mem.c | 223 ++ source4/heimdal/lib/hx509/ks_null.c | 92 + source4/heimdal/lib/hx509/ks_p11.c | 1183 +++++++ source4/heimdal/lib/hx509/ks_p12.c | 697 +++++ source4/heimdal/lib/hx509/lock.c | 242 ++ source4/heimdal/lib/hx509/name.c | 550 ++++ source4/heimdal/lib/hx509/ocsp.asn1 | 113 + source4/heimdal/lib/hx509/peer.c | 148 + source4/heimdal/lib/hx509/pkcs10.asn1 | 25 + source4/heimdal/lib/hx509/print.c | 538 ++++ source4/heimdal/lib/hx509/req.c | 217 ++ source4/heimdal/lib/hx509/revoke.c | 1020 ++++++ source4/heimdal/lib/hx509/test_name.c | 92 + source4/heimdal/lib/krb5/acache.c | 9 +- source4/heimdal/lib/krb5/config_file.c | 8 +- source4/heimdal/lib/krb5/context.c | 4 +- source4/heimdal/lib/krb5/crypto.c | 17 +- source4/heimdal/lib/krb5/fcache.c | 63 +- source4/heimdal/lib/krb5/get_cred.c | 4 +- source4/heimdal/lib/krb5/init_creds.c | 7 +- source4/heimdal/lib/krb5/init_creds_pw.c | 36 +- source4/heimdal/lib/krb5/krb5-private.h | 34 +- source4/heimdal/lib/krb5/krb5-protos.h | 189 +- source4/heimdal/lib/krb5/krb5.h | 9 +- source4/heimdal/lib/krb5/krb5_locl.h | 14 +- source4/heimdal/lib/krb5/krbhst.c | 27 +- source4/heimdal/lib/krb5/log.c | 4 +- source4/heimdal/lib/krb5/mit_glue.c | 17 +- source4/heimdal/lib/krb5/mk_req_ext.c | 6 +- source4/heimdal/lib/krb5/pac.c | 1034 +++++++ source4/heimdal/lib/krb5/pkinit.c | 220 +- source4/heimdal/lib/krb5/plugin.c | 10 +- source4/heimdal/lib/krb5/principal.c | 4 +- source4/heimdal/lib/krb5/rd_req.c | 43 +- source4/heimdal/lib/krb5/store.c | 3 +- source4/heimdal/lib/krb5/ticket.c | 38 +- source4/heimdal/lib/krb5/warn.c | 8 +- source4/heimdal/lib/ntlm/heimntlm-protos.h | 120 + source4/heimdal/lib/ntlm/heimntlm.h | 95 + source4/heimdal/lib/ntlm/ntlm.c | 1078 +++++++ source4/heimdal/lib/roken/closefrom.c | 60 + source4/heimdal/lib/roken/dumpdata.c | 57 + source4/heimdal/lib/roken/erealloc.c | 56 + source4/heimdal/lib/roken/parse_bytes.h | 56 + source4/heimdal/lib/roken/resolve.c | 6 +- source4/heimdal/lib/roken/simple_exec.c | 331 ++ source4/heimdal/lib/roken/strcollect.c | 96 + source4/heimdal/lib/roken/vis.c | 47 +- source4/heimdal/lib/roken/vis.hin | 35 +- source4/heimdal/lib/vers/print_version.c | 6 +- 176 files changed, 30855 insertions(+), 2843 deletions(-) create mode 100644 source4/heimdal/kdc/kx509.c create mode 100644 source4/heimdal/kdc/windc.c create mode 100644 source4/heimdal/kdc/windc_plugin.h create mode 100644 source4/heimdal/lib/asn1/kx509.asn1 create mode 100644 source4/heimdal/lib/des/bn.c create mode 100644 source4/heimdal/lib/des/dh-imath.c create mode 100644 source4/heimdal/lib/des/dh.c create mode 100644 source4/heimdal/lib/des/dsa.c create mode 100644 source4/heimdal/lib/des/engine.c create mode 100644 source4/heimdal/lib/des/imath/LICENSE create mode 100755 source4/heimdal/lib/des/imath/imath.c create mode 100755 source4/heimdal/lib/des/imath/imath.h create mode 100755 source4/heimdal/lib/des/imath/iprime.c create mode 100755 source4/heimdal/lib/des/imath/iprime.h create mode 100644 source4/heimdal/lib/des/pkcs12.c create mode 100644 source4/heimdal/lib/des/resource.h create mode 100644 source4/heimdal/lib/des/rsa-imath.c create mode 100644 source4/heimdal/lib/des/rsa.c create mode 100644 source4/heimdal/lib/hx509/asn1_id_pkix_ocsp.x create mode 100644 source4/heimdal/lib/hx509/asn1_id_pkix_ocsp_basic.x create mode 100644 source4/heimdal/lib/hx509/asn1_id_pkix_ocsp_nonce.x create mode 100644 source4/heimdal/lib/hx509/ca.c create mode 100644 source4/heimdal/lib/hx509/cert.c create mode 100644 source4/heimdal/lib/hx509/cms.c create mode 100644 source4/heimdal/lib/hx509/collector.c create mode 100644 source4/heimdal/lib/hx509/crmf.asn1 create mode 100644 source4/heimdal/lib/hx509/crypto.c create mode 100644 source4/heimdal/lib/hx509/error.c create mode 100644 source4/heimdal/lib/hx509/file.c create mode 100644 source4/heimdal/lib/hx509/hx509-protos.h create mode 100644 source4/heimdal/lib/hx509/hx509.h create mode 100644 source4/heimdal/lib/hx509/hx509_err.c create mode 100644 source4/heimdal/lib/hx509/hx509_err.et create mode 100644 source4/heimdal/lib/hx509/hx_locl.h create mode 100644 source4/heimdal/lib/hx509/keyset.c create mode 100644 source4/heimdal/lib/hx509/ks_dir.c create mode 100644 source4/heimdal/lib/hx509/ks_file.c create mode 100644 source4/heimdal/lib/hx509/ks_mem.c create mode 100644 source4/heimdal/lib/hx509/ks_null.c create mode 100644 source4/heimdal/lib/hx509/ks_p11.c create mode 100644 source4/heimdal/lib/hx509/ks_p12.c create mode 100644 source4/heimdal/lib/hx509/lock.c create mode 100644 source4/heimdal/lib/hx509/name.c create mode 100644 source4/heimdal/lib/hx509/ocsp.asn1 create mode 100644 source4/heimdal/lib/hx509/peer.c create mode 100644 source4/heimdal/lib/hx509/pkcs10.asn1 create mode 100644 source4/heimdal/lib/hx509/print.c create mode 100644 source4/heimdal/lib/hx509/req.c create mode 100644 source4/heimdal/lib/hx509/revoke.c create mode 100644 source4/heimdal/lib/hx509/test_name.c create mode 100644 source4/heimdal/lib/krb5/pac.c create mode 100644 source4/heimdal/lib/ntlm/heimntlm-protos.h create mode 100644 source4/heimdal/lib/ntlm/heimntlm.h create mode 100644 source4/heimdal/lib/ntlm/ntlm.c create mode 100644 source4/heimdal/lib/roken/closefrom.c create mode 100644 source4/heimdal/lib/roken/dumpdata.c create mode 100644 source4/heimdal/lib/roken/erealloc.c create mode 100644 source4/heimdal/lib/roken/parse_bytes.h create mode 100644 source4/heimdal/lib/roken/simple_exec.c create mode 100644 source4/heimdal/lib/roken/strcollect.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/cf/check-var.m4 b/source4/heimdal/cf/check-var.m4 index 41401f6dd9..b33b5c6e28 100644 --- a/source4/heimdal/cf/check-var.m4 +++ b/source4/heimdal/cf/check-var.m4 @@ -23,3 +23,5 @@ if test "$ac_foo" = yes; then fi ]) +AC_WARNING_ENABLE([obsolete]) +AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo]) diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c index a5517fb896..2c012a2ead 100644 --- a/source4/heimdal/kdc/digest.c +++ b/source4/heimdal/kdc/digest.c @@ -32,10 +32,112 @@ */ #include "kdc_locl.h" -#include #include -RCSID("$Id: digest.c,v 1.7 2006/10/22 20:11:44 lha Exp $"); +RCSID("$Id: digest.c,v 1.19 2006/12/28 17:03:51 lha Exp $"); + +#define CHAP_MD5 0x10 +#define DIGEST_MD5 0x08 +#define NTLM_V2 0x04 +#define NTLM_V1_SESSION 0x02 +#define NTLM_V1 0x01 + +const struct units _kdc_digestunits[] = { + {"chap-md5", 1U << 4}, + {"digest-md5", 1U << 3}, + {"ntlm-v2", 1U << 2}, + {"ntlm-v1-session", 1U << 1}, + {"ntlm-v1", 1U << 0}, + {NULL, 0} +}; + + +static krb5_error_code +get_digest_key(krb5_context context, + krb5_kdc_configuration *config, + hdb_entry_ex *server, + krb5_crypto *crypto) +{ + krb5_error_code ret; + krb5_enctype enctype; + Key *key; + + ret = _kdc_get_preferred_key(context, + config, + server, + "digest-service", + &enctype, + &key); + if (ret) + return ret; + return krb5_crypto_init(context, &key->key, 0, crypto); +} + +/* + * + */ + +static char * +get_ntlm_targetname(krb5_context context, + hdb_entry_ex *client) +{ + char *targetname, *p; + + targetname = strdup(krb5_principal_get_realm(context, + client->entry.principal)); + if (targetname == NULL) + return NULL; + + p = strchr(targetname, '.'); + if (p) + *p = '\0'; + + strupr(targetname); + return targetname; +} + +static krb5_error_code +fill_targetinfo(krb5_context context, + char *targetname, + hdb_entry_ex *client, + krb5_data *data) +{ + struct ntlm_targetinfo ti; + krb5_error_code ret; + struct ntlm_buf d; + krb5_principal p; + const char *str; + + memset(&ti, 0, sizeof(ti)); + + ti.domainname = targetname; + p = client->entry.principal; + str = krb5_principal_get_comp_string(context, p, 0); + if (str != NULL && + (strcmp("host", str) == 0 || + strcmp("ftp", str) == 0 || + strcmp("imap", str) == 0 || + strcmp("pop", str) == 0 || + strcmp("smtp", str))) + { + str = krb5_principal_get_comp_string(context, p, 1); + ti.dnsservername = rk_UNCONST(str); + } + + ret = heim_ntlm_encode_targetinfo(&ti, 1, &d); + if (ret) + return ret; + + data->data = d.data; + data->length = d.length; + + return 0; +} + + +/* + * + */ krb5_error_code _kdc_do_digest(krb5_context context, @@ -57,11 +159,13 @@ _kdc_do_digest(krb5_context context, krb5_storage *sp = NULL; Checksum res; hdb_entry_ex *server = NULL, *user = NULL; - char *password = NULL; + hdb_entry_ex *client = NULL; + char *client_name = NULL, *password = NULL; krb5_data serverNonce; if(!config->enable_digest) { - kdc_log(context, config, 0, "Rejected digest request from %s", from); + kdc_log(context, config, 0, + "Rejected digest request (disabled) from %s", from); return KRB5KDC_ERR_POLICY; } @@ -125,6 +229,7 @@ _kdc_do_digest(krb5_context context, krb5_free_principal(context, principal); goto out; } + krb5_clear_error_string(context); ret = _kdc_db_fetch(context, config, principal, HDB_F_GET_SERVER, NULL, &server); @@ -137,12 +242,17 @@ _kdc_do_digest(krb5_context context, /* check the client is allowed to do digest auth */ { krb5_principal principal = NULL; - hdb_entry_ex *client; ret = krb5_ticket_get_client(context, ticket, &principal); if (ret) goto out; + ret = krb5_unparse_name(context, principal, &client_name); + if (ret) { + krb5_free_principal(context, principal); + goto out; + } + ret = _kdc_db_fetch(context, config, principal, HDB_F_GET_CLIENT, NULL, &client); krb5_free_principal(context, principal); @@ -150,13 +260,15 @@ _kdc_do_digest(krb5_context context, goto out; if (client->entry.flags.allow_digest == 0) { + kdc_log(context, config, 0, + "Client %s tried to use digest " + "but is not allowed to", + client_name); krb5_set_error_string(context, "Client is not permitted to use digest"); ret = KRB5KDC_ERR_POLICY; - _kdc_free_ent (context, client); goto out; } - _kdc_free_ent (context, client); } /* unpack request */ @@ -192,6 +304,9 @@ _kdc_do_digest(krb5_context context, goto out; } + kdc_log(context, config, 0, "Valid digest request from %s (%s)", + client_name, from); + /* * Process the inner request */ @@ -289,22 +404,9 @@ _kdc_do_digest(krb5_context context, goto out; } - { - Key *key; - krb5_enctype enctype; - - ret = _kdc_get_preferred_key(context, - config, - server, - "digest-service", - &enctype, - &key); - if (ret) - goto out; - ret = krb5_crypto_init(context, &key->key, 0, &crypto); - if (ret) - goto out; - } + ret = get_digest_key(context, config, server, &crypto); + if (ret) + goto out; ret = krb5_create_checksum(context, crypto, @@ -337,6 +439,9 @@ _kdc_do_digest(krb5_context context, goto out; } + kdc_log(context, config, 0, "Digest %s init request successful from %s", + ireq.u.init.type, from); + break; } case choice_DigestReqInner_digestRequest: { @@ -349,7 +454,11 @@ _kdc_do_digest(krb5_context context, krb5_set_error_string(context, "out of memory"); goto out; } - krb5_store_stringz(sp, ireq.u.digestRequest.type); + ret = krb5_store_stringz(sp, ireq.u.digestRequest.type); + if (ret) { + krb5_clear_error_string(context); + goto out; + } krb5_store_stringz(sp, ireq.u.digestRequest.serverNonce); if (ireq.u.digestRequest.identifier) { @@ -421,22 +530,9 @@ _kdc_do_digest(krb5_context context, serverNonce.length = ssize; } - { - Key *key; - krb5_enctype enctype; - - ret = _kdc_get_preferred_key(context, - config, - server, - "digest-service", - &enctype, - &key); - if (ret) - goto out; - ret = krb5_crypto_init(context, &key->key, 0, &crypto); - if (ret) - goto out; - } + ret = get_digest_key(context, config, server, &crypto); + if (ret) + goto out; ret = krb5_verify_checksum(context, crypto, KRB5_KU_DIGEST_OPAQUE, @@ -493,6 +589,11 @@ _kdc_do_digest(krb5_context context, unsigned char md[MD5_DIGEST_LENGTH]; char id; + if ((config->digests_allowed & CHAP_MD5) == 0) { + kdc_log(context, config, 0, "Digest CHAP MD5 not allowed"); + goto out; + } + if (ireq.u.digestRequest.identifier == NULL) { krb5_set_error_string(context, "Identifier missing " "from CHAP request"); @@ -524,6 +625,11 @@ _kdc_do_digest(krb5_context context, unsigned char md[MD5_DIGEST_LENGTH]; char *A1, *A2; + if ((config->digests_allowed & DIGEST_MD5) == 0) { + kdc_log(context, config, 0, "Digest SASL MD5 not allowed"); + goto out; + } + if (ireq.u.digestRequest.nonceCount == NULL) goto out; if (ireq.u.digestRequest.clientNonce == NULL) @@ -627,6 +733,358 @@ _kdc_do_digest(krb5_context context, r.u.error.code = EINVAL; } + kdc_log(context, config, 0, "Digest %s request successful %s", + ireq.u.digestRequest.type, from); + + break; + } + case choice_DigestReqInner_ntlmInit: + + if ((config->digests_allowed & (NTLM_V1|NTLM_V1_SESSION|NTLM_V2)) == 0) { + kdc_log(context, config, 0, "NTLM not allowed"); + goto out; + } + + + r.element = choice_DigestRepInner_ntlmInitReply; + + r.u.ntlmInitReply.flags = NTLM_NEG_UNICODE; + + if ((ireq.u.ntlmInit.flags & NTLM_NEG_UNICODE) == 0) { + kdc_log(context, config, 0, "NTLM client have no unicode"); + goto out; + } + + if (ireq.u.ntlmInit.flags & NTLM_NEG_NTLM) + r.u.ntlmInitReply.flags |= NTLM_NEG_NTLM; + else { + kdc_log(context, config, 0, "NTLM client doesn't support NTLM"); + goto out; + } + + r.u.ntlmInitReply.flags |= + NTLM_NEG_TARGET_DOMAIN | + NTLM_ENC_128; + +#define ALL \ + NTLM_NEG_SIGN| \ + NTLM_NEG_SEAL| \ + NTLM_NEG_ALWAYS_SIGN| \ + NTLM_NEG_NTLM2_SESSION| \ + NTLM_NEG_KEYEX + + r.u.ntlmInitReply.flags |= (ireq.u.ntlmInit.flags & (ALL)); + +#undef ALL + + r.u.ntlmInitReply.targetname = + get_ntlm_targetname(context, client); + if (r.u.ntlmInitReply.targetname == NULL) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + r.u.ntlmInitReply.challange.data = malloc(8); + if (r.u.ntlmInitReply.challange.data == NULL) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + r.u.ntlmInitReply.challange.length = 8; + if (RAND_bytes(r.u.ntlmInitReply.challange.data, + r.u.ntlmInitReply.challange.length) != 1) + { + krb5_set_error_string(context, "out of random error"); + ret = ENOMEM; + goto out; + } + /* XXX fix targetinfo */ + ALLOC(r.u.ntlmInitReply.targetinfo); + if (r.u.ntlmInitReply.targetinfo == NULL) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + + ret = fill_targetinfo(context, + r.u.ntlmInitReply.targetname, + client, + r.u.ntlmInitReply.targetinfo); + if (ret) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + + /* + * Save data encryted in opaque for the second part of the + * ntlm authentication + */ + sp = krb5_storage_emem(); + if (sp == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "out of memory"); + goto out; + } + + ret = krb5_storage_write(sp, r.u.ntlmInitReply.challange.data, 8); + if (ret != 8) { + ret = ENOMEM; + krb5_set_error_string(context, "storage write challange"); + goto out; + } + ret = krb5_store_uint32(sp, r.u.ntlmInitReply.flags); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + + ret = krb5_storage_to_data(sp, &buf); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + + ret = get_digest_key(context, config, server, &crypto); + if (ret) + goto out; + + ret = krb5_encrypt(context, crypto, KRB5_KU_DIGEST_OPAQUE, + buf.data, buf.length, &r.u.ntlmInitReply.opaque); + krb5_data_free(&buf); + krb5_crypto_destroy(context, crypto); + crypto = NULL; + if (ret) + goto out; + + kdc_log(context, config, 0, "NTLM init from %s", from); + + break; + + case choice_DigestReqInner_ntlmRequest: { + krb5_principal clientprincipal; + unsigned char sessionkey[16]; + unsigned char challange[8]; + uint32_t flags; + Key *key = NULL; + int version; + + r.element = choice_DigestRepInner_ntlmResponse; + r.u.ntlmResponse.success = 0; + r.u.ntlmResponse.flags = 0; + r.u.ntlmResponse.sessionkey = NULL; + r.u.ntlmResponse.tickets = NULL; + + /* get username */ + ret = krb5_parse_name(context, + ireq.u.ntlmRequest.username, + &clientprincipal); + if (ret) + goto out; + + ret = _kdc_db_fetch(context, config, clientprincipal, + HDB_F_GET_CLIENT, NULL, &user); + krb5_free_principal(context, clientprincipal); + if (ret) { + krb5_set_error_string(context, "NTLM user %s not in database", + ireq.u.ntlmRequest.username); + goto out; + } + + ret = get_digest_key(context, config, server, &crypto); + if (ret) + goto out; + + ret = krb5_decrypt(context, crypto, KRB5_KU_DIGEST_OPAQUE, + ireq.u.ntlmRequest.opaque.data, + ireq.u.ntlmRequest.opaque.length, &buf); + krb5_crypto_destroy(context, crypto); + crypto = NULL; + if (ret) + goto out; + + sp = krb5_storage_from_data(&buf); + if (sp == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "out of memory"); + goto out; + } + + ret = krb5_storage_read(sp, challange, sizeof(challange)); + if (ret != sizeof(challange)) { + krb5_set_error_string(context, "NTLM storage read challange"); + ret = ENOMEM; + goto out; + } + ret = krb5_ret_uint32(sp, &flags); + if (ret) { + krb5_set_error_string(context, "NTLM storage read flags"); + goto out; + } + krb5_data_free(&buf); + + if ((flags & NTLM_NEG_NTLM) == 0) { + ret = EINVAL; + krb5_set_error_string(context, "NTLM not negotiated"); + goto out; + } + + ret = hdb_enctype2key(context, &user->entry, + ETYPE_ARCFOUR_HMAC_MD5, &key); + if (ret) { + krb5_set_error_string(context, "NTLM missing arcfour key"); + goto out; + } + + /* check if this is NTLMv2 */ + if (ireq.u.ntlmRequest.ntlm.length != 24) { + struct ntlm_buf infotarget, answer; + char *targetname; + + if ((config->digests_allowed & NTLM_V2) == 0) { + kdc_log(context, config, 0, "NTLM v2 not allowed"); + goto out; + } + + version = 2; + + targetname = get_ntlm_targetname(context, client); + if (targetname == NULL) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + + answer.length = ireq.u.ntlmRequest.ntlm.length; + answer.data = ireq.u.ntlmRequest.ntlm.data; + + ret = heim_ntlm_verify_ntlm2(key->key.keyvalue.data, + key->key.keyvalue.length, + ireq.u.ntlmRequest.username, + targetname, + 0, + challange, + &answer, + &infotarget, + sessionkey); + free(targetname); + if (ret) { + krb5_set_error_string(context, "NTLM v2 verify failed"); + goto out; + } + + /* XXX verify infotarget matches client (checksum ?) */ + + free(infotarget.data); + /* */ + + } else { + struct ntlm_buf answer; + + version = 1; + + if (flags & NTLM_NEG_NTLM2_SESSION) { + char sessionhash[MD5_DIGEST_LENGTH]; + MD5_CTX md5ctx; + + if ((config->digests_allowed & NTLM_V1_SESSION) == 0) { + kdc_log(context, config, 0, "NTLM v1-session not allowed"); + goto out; + } + + if (ireq.u.ntlmRequest.lm.length != 24) { + krb5_set_error_string(context, "LM hash have wrong length " + "for NTLM session key"); + ret = EINVAL; + goto out; + } + + MD5_Init(&md5ctx); + MD5_Update(&md5ctx, challange, sizeof(challange)); + MD5_Update(&md5ctx, ireq.u.ntlmRequest.lm.data, 8); + MD5_Final(sessionhash, &md5ctx); + memcpy(challange, sessionhash, sizeof(challange)); + } else { + if ((config->digests_allowed & NTLM_V1) == 0) { + kdc_log(context, config, 0, "NTLM v1 not allowed"); + goto out; + } + } + + ret = heim_ntlm_calculate_ntlm1(key->key.keyvalue.data, + key->key.keyvalue.length, + challange, &answer); + if (ret) { + krb5_set_error_string(context, "NTLM missing arcfour key"); + goto out; + } + + if (ireq.u.ntlmRequest.ntlm.length != answer.length || + memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0) + { + free(answer.data); + ret = EINVAL; + krb5_set_error_string(context, "NTLM hash mismatch"); + goto out; + } + free(answer.data); + + { + MD4_CTX ctx; + + MD4_Init(&ctx); + MD4_Update(&ctx, + key->key.keyvalue.data, key->key.keyvalue.length); + MD4_Final(sessionkey, &ctx); + } + } + + if (ireq.u.ntlmRequest.sessionkey) { + unsigned char masterkey[MD4_DIGEST_LENGTH]; + RC4_KEY rc4; + size_t len; + + if ((flags & NTLM_NEG_KEYEX) == 0) { + krb5_set_error_string(context, + "NTLM client failed to neg key " + "exchange but still sent key"); + goto out; + } + + len = ireq.u.ntlmRequest.sessionkey->length; + if (len != sizeof(masterkey)){ + krb5_set_error_string(context, + "NTLM master key wrong length: %lu", + (unsigned long)len); + goto out; + } + + RC4_set_key(&rc4, sizeof(sessionkey), sessionkey); + + RC4(&rc4, sizeof(masterkey), + ireq.u.ntlmRequest.sessionkey->data, + masterkey); + memset(&rc4, 0, sizeof(rc4)); + + r.u.ntlmResponse.sessionkey = + malloc(sizeof(*r.u.ntlmResponse.sessionkey)); + if (r.u.ntlmResponse.sessionkey == NULL) { + krb5_set_error_string(context, "out of memory"); + goto out; + } + + ret = krb5_data_copy(r.u.ntlmResponse.sessionkey, + masterkey, sizeof(masterkey)); + if (ret) { + krb5_set_error_string(context, "out of memory"); + goto out; + } + } + + r.u.ntlmResponse.success = 1; + kdc_log(context, config, 0, "NTLM version %d successful for %s", + version, ireq.u.ntlmRequest.username); + break; } default: @@ -698,10 +1156,14 @@ out: _kdc_free_ent (context, user); if (server) _kdc_free_ent (context, server); + if (client) + _kdc_free_ent (context, client); if (password) { memset(password, 0, strlen(password)); free (password); } + if (client_name) + free (client_name); krb5_data_free(&buf); krb5_data_free(&serverNonce); free_DigestREP(&rep); diff --git a/source4/heimdal/kdc/headers.h b/source4/heimdal/kdc/headers.h index 87d713b076..56ddc8090b 100644 --- a/source4/heimdal/kdc/headers.h +++ b/source4/heimdal/kdc/headers.h @@ -32,7 +32,7 @@ */ /* - * $Id: headers.h,v 1.18 2006/10/17 02:22:17 lha Exp $ + * $Id: headers.h,v 1.22 2007/01/04 00:15:34 lha Exp $ */ #ifndef __HEADERS_H__ @@ -72,6 +72,9 @@ #ifdef HAVE_ARPA_INET_H #include #endif +#ifdef HAVE_SYS_WAIT_H +#include +#endif #ifdef HAVE_NETDB_H #include #endif @@ -89,10 +92,14 @@ #include #include #include +#include #include #include #include +#include +#include + #undef ALLOC #define ALLOC(X) ((X) = malloc(sizeof(*(X)))) #undef ALLOC_SEQ diff --git a/source4/heimdal/kdc/kdc-private.h b/source4/heimdal/kdc/kdc-private.h index 6d4fd2a29b..d896bd10e9 100644 --- a/source4/heimdal/kdc/kdc-private.h +++ b/source4/heimdal/kdc/kdc-private.h @@ -14,6 +14,13 @@ _kdc_add_KRB5SignedPath ( KRB5SignedPathPrincipals */*principals*/, EncTicketPart */*tkt*/); +krb5_error_code +_kdc_add_inital_verified_cas ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + pk_client_params */*params*/, + EncTicketPart */*tkt*/); + krb5_error_code _kdc_as_rep ( krb5_context /*context*/, @@ -89,6 +96,15 @@ _kdc_do_kaserver ( const char */*from*/, struct sockaddr_in */*addr*/); +krb5_error_code +_kdc_do_kx509 ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + const Kx509Request */*req*/, + krb5_data */*reply*/, + const char */*from*/, + struct sockaddr */*addr*/); + krb5_error_code _kdc_do_version4 ( krb5_context /*context*/, @@ -182,6 +198,20 @@ _kdc_maybe_version4 ( unsigned char */*buf*/, int /*len*/); +krb5_error_code +_kdc_pac_generate ( + krb5_context /*context*/, + hdb_entry_ex */*client*/, + krb5_pac */*pac*/); + +krb5_error_code +_kdc_pac_verify ( + krb5_context /*context*/, + const krb5_principal /*client_principal*/, + hdb_entry_ex */*client*/, + hdb_entry_ex */*server*/, + krb5_pac */*pac*/); + krb5_error_code _kdc_pk_check_client ( krb5_context /*context*/, @@ -230,6 +260,30 @@ _kdc_tgs_rep ( KDC_REQ */*req*/, krb5_data */*data*/, const char */*from*/, - struct sockaddr */*from_addr*/); + struct sockaddr */*from_addr*/, + int /*datagram_reply*/); + +krb5_error_code +_kdc_tkt_add_if_relevant_ad ( + krb5_context /*context*/, + EncTicketPart */*tkt*/, + int /*type*/, + const krb5_data */*data*/); + +krb5_error_code +_kdc_try_kx509_request ( + void */*ptr*/, + size_t /*len*/, + Kx509Request */*req*/, + size_t */*size*/); + +krb5_error_code +_kdc_windc_client_access ( + krb5_context /*context*/, + struct hdb_entry_ex */*client*/, + KDC_REQ */*req*/); + +krb5_error_code +_kdc_windc_init (krb5_context /*context*/); #endif /* __kdc_private_h__ */ diff --git a/source4/heimdal/kdc/kdc.h b/source4/heimdal/kdc/kdc.h index 043b6de47d..ea9eb7125e 100644 --- a/source4/heimdal/kdc/kdc.h +++ b/source4/heimdal/kdc/kdc.h @@ -35,7 +35,7 @@ */ /* - * $Id: kdc.h,v 1.9 2006/10/09 15:34:07 lha Exp $ + * $Id: kdc.h,v 1.11 2006/12/28 21:06:56 lha Exp $ */ #ifndef __KDC_H__ @@ -81,8 +81,12 @@ typedef struct krb5_kdc_configuration { int pkinit_dh_min_bits; int enable_digest; + int digests_allowed; + size_t max_datagram_reply_length; + int enable_kx509; + } krb5_kdc_configuration; #include diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h index ca8672c062..ed3010b673 100644 --- a/source4/heimdal/kdc/kdc_locl.h +++ b/source4/heimdal/kdc/kdc_locl.h @@ -32,7 +32,7 @@ */ /* - * $Id: kdc_locl.h,v 1.74 2005/12/12 12:23:33 lha Exp $ + * $Id: kdc_locl.h,v 1.76 2006/12/26 17:18:14 lha Exp $ */ #ifndef __KDC_LOCL_H__ @@ -55,6 +55,8 @@ extern int enable_http; extern int detach_from_console; +extern const struct units _kdc_digestunits[]; + #define _PATH_KDC_CONF HDB_DB_DIR "/kdc.conf" #define DEFAULT_LOG_DEST "0-1/FILE:" HDB_DB_DIR "/kdc.log" diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index dd88e2ea50..bf727ee739 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c,v 1.225 2006/11/10 03:36:32 lha Exp $"); +RCSID("$Id: kerberos5.c,v 1.231 2007/01/04 13:27:27 lha Exp $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -634,6 +634,69 @@ get_pa_etype_info2(krb5_context context, return 0; } +/* + * + */ + +static void +log_as_req(krb5_context context, + krb5_kdc_configuration *config, + krb5_enctype cetype, + krb5_enctype setype, + const KDC_REQ_BODY *b) +{ + krb5_error_code ret; + struct rk_strpool *p = NULL; + char *str; + int i; + + for (i = 0; i < b->etype.len; i++) { + ret = krb5_enctype_to_string(context, b->etype.val[i], &str); + if (ret == 0) { + p = rk_strpoolprintf(p, "%s", str); + free(str); + } else + p = rk_strpoolprintf(p, "%d", b->etype.val[i]); + if (p && i + 1 < b->etype.len) + p = rk_strpoolprintf(p, ", "); + if (p == NULL) { + kdc_log(context, config, 0, "out of memory"); + return; + } + } + if (p == NULL) + p = rk_strpoolprintf(p, "no encryption types"); + + str = rk_strpoolcollect(p); + kdc_log(context, config, 0, "Client supported enctypes: %s", str); + free(str); + + { + char *cet; + char *set; + + ret = krb5_enctype_to_string(context, cetype, &cet); + if(ret == 0) { + ret = krb5_enctype_to_string(context, setype, &set); + if (ret == 0) { + kdc_log(context, config, 5, "Using %s/%s", cet, set); + free(set); + } + free(cet); + } + if (ret != 0) + kdc_log(context, config, 5, "Using e-types %d/%d", cetype, setype); + } + + { + char str[128]; + unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(), + str, sizeof(str)); + if(*str) + kdc_log(context, config, 2, "Requested flags: %s", str); + } +} + /* * verify the flags on `client' and `server', returning 0 * if they are OK and generating an error messages and returning @@ -798,6 +861,39 @@ _kdc_check_addresses(krb5_context context, return result; } +/* + * + */ + +static krb5_boolean +send_pac_p(krb5_context context, KDC_REQ *req) +{ + krb5_error_code ret; + PA_PAC_REQUEST pacreq; + PA_DATA *pa; + int i = 0; + + pa = _kdc_find_padata(req, &i, KRB5_PADATA_PA_PAC_REQUEST); + if (pa == NULL) + return TRUE; + + ret = decode_PA_PAC_REQUEST(pa->padata_value.data, + pa->padata_value.length, + &pacreq, + NULL); + if (ret) + return TRUE; + i = pacreq.include_pac; + free_PA_PAC_REQUEST(&pacreq); + if (i == 0) + return FALSE; + return TRUE; +} + +/* + * + */ + krb5_error_code _kdc_as_rep(krb5_context context, krb5_kdc_configuration *config, @@ -882,6 +978,10 @@ _kdc_as_rep(krb5_context context, goto out; } + ret = _kdc_windc_client_access(context, client, req); + if(ret) + goto out; + ret = _kdc_check_flags(context, config, client, client_name, server, server_name, @@ -889,13 +989,6 @@ _kdc_as_rep(krb5_context context, if(ret) goto out; - if (client->check_client_access) { - ret = client->check_client_access(context, client, - b->addresses); - if(ret) - goto out; - } - memset(&et, 0, sizeof(et)); memset(&ek, 0, sizeof(ek)); @@ -1224,57 +1317,7 @@ _kdc_as_rep(krb5_context context, } } - { - struct rk_strpool *p = NULL; - char *str; - int i; - - for (i = 0; i < b->etype.len; i++) { - ret = krb5_enctype_to_string(context, b->etype.val[i], &str); - if (ret == 0) { - p = rk_strpoolprintf(p, "%s", str); - free(str); - } else - p = rk_strpoolprintf(p, "%d", b->etype.val[i]); - if (p && i + 1 < b->etype.len) - p = rk_strpoolprintf(p, ", "); - if (p == NULL) { - kdc_log(context, config, 0, "out of memory"); - goto out; - } - } - if (p == NULL) - p = rk_strpoolprintf(p, "no encryption types"); - - str = rk_strpoolcollect(p); - kdc_log(context, config, 0, "Client supported enctypes: %s", str); - free(str); - } - { - char *cet; - char *set; - - ret = krb5_enctype_to_string(context, cetype, &cet); - if(ret == 0) { - ret = krb5_enctype_to_string(context, setype, &set); - if (ret == 0) { - kdc_log(context, config, 5, "Using %s/%s", cet, set); - free(set); - } - free(cet); - } - if (ret != 0) - kdc_log(context, config, 5, "Using e-types %d/%d", cetype, setype); - } - - { - char str[128]; - unparse_flags(KDCOptions2int(f), asn1_KDCOptions_units(), - str, sizeof(str)); - if(*str) - kdc_log(context, config, 2, "Requested flags: %s", str); - } - + log_as_req(context, config, cetype, setype, b); if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey || (f.request_anonymous && !config->allow_anonymous)) { @@ -1330,7 +1373,9 @@ _kdc_as_rep(krb5_context context, goto out; } - krb5_generate_random_keyblock(context, sessionetype, &et.key); + ret = krb5_generate_random_keyblock(context, sessionetype, &et.key); + if (ret) + goto out; copy_PrincipalName(&rep.cname, &et.cname); copy_Realm(&rep.crealm, &et.crealm); @@ -1469,6 +1514,12 @@ _kdc_as_rep(krb5_context context, &reply_key, rep.padata); if (ret) goto out; + ret = _kdc_add_inital_verified_cas(context, + config, + pkp, + &et); + if (ret) + goto out; } #endif @@ -1479,16 +1530,37 @@ _kdc_as_rep(krb5_context context, rep.padata = NULL; } - /* Add the PAC, via a HDB abstraction */ - if (client->authz_data_as_req) { - ret = client->authz_data_as_req(context, client, - req->padata, - et.authtime, - &skey->key, - &et.key, - &et.authorization_data); - if (ret) - goto out; + /* Add the PAC */ + if (send_pac_p(context, req)) { + krb5_pac p = NULL; + krb5_data data; + + ret = _kdc_pac_generate(context, client, &p); + if (ret) { + kdc_log(context, config, 0, "PAC generation failed for -- %s", + client_name); + goto out; + } + if (p != NULL) { + ret = _krb5_pac_sign(context, p, et.authtime, + client->entry.principal, + &skey->key, /* Server key */ + &skey->key, /* FIXME: should be krbtgt key */ + &data); + krb5_pac_free(context, p); + if (ret) { + kdc_log(context, config, 0, "PAC signing failed for -- %s", + client_name); + goto out; + } + + ret = _kdc_tkt_add_if_relevant_ad(context, &et, + KRB5_AUTHDATA_WIN2K_PAC, + &data); + krb5_data_free(&data); + if (ret) + goto out; + } } _kdc_log_timestamp(context, config, "AS-REQ", et.authtime, et.starttime, @@ -1552,3 +1624,64 @@ out2: _kdc_free_ent(context, server); return ret; } + +/* + * Add the AuthorizationData `data´ of `type´ to the last element in + * the sequence of authorization_data in `tkt´ wrapped in an IF_RELEVANT + */ + +krb5_error_code +_kdc_tkt_add_if_relevant_ad(krb5_context context, + EncTicketPart *tkt, + int type, + const krb5_data *data) +{ + krb5_error_code ret; + size_t size; + + if (tkt->authorization_data == NULL) { + tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data)); + if (tkt->authorization_data == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + } + + /* add the entry to the last element */ + { + AuthorizationData ad = { 0, NULL }; + AuthorizationDataElement ade; + + ade.ad_type = type; + ade.ad_data = *data; + + ret = add_AuthorizationData(&ad, &ade); + if (ret) { + krb5_set_error_string(context, "add AuthorizationData failed"); + return ret; + } + + ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT; + + ASN1_MALLOC_ENCODE(AuthorizationData, + ade.ad_data.data, ade.ad_data.length, + &ad, &size, ret); + free_AuthorizationData(&ad); + if (ret) { + krb5_set_error_string(context, "ASN.1 encode of " + "AuthorizationData failed"); + return ret; + } + if (ade.ad_data.length != size) + krb5_abortx(context, "internal asn.1 encoder error"); + + ret = add_AuthorizationData(tkt->authorization_data, &ade); + der_free_octet_string(&ade.ad_data); + if (ret) { + krb5_set_error_string(context, "add AuthorizationData failed"); + return ret; + } + } + + return 0; +} diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index dcf29eb6e9..a056839e5f 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: krb5tgs.c,v 1.16 2006/10/22 15:54:37 lha Exp $"); +RCSID("$Id: krb5tgs.c,v 1.25 2007/01/04 12:49:45 lha Exp $"); /* * return the realm of a krbtgt-ticket or NULL @@ -119,7 +119,7 @@ _kdc_add_KRB5SignedPath(krb5_context context, if (server && principals) { ret = add_KRB5SignedPathPrincipals(principals, server); if (ret) - goto out; + return ret; } { @@ -131,7 +131,7 @@ _kdc_add_KRB5SignedPath(krb5_context context, ASN1_MALLOC_ENCODE(KRB5SignedPathData, data.data, data.length, &spd, &size, ret); if (ret) - goto out; + return ret; if (data.length != size) krb5_abortx(context, "internal asn.1 encoder error"); } @@ -159,12 +159,12 @@ _kdc_add_KRB5SignedPath(krb5_context context, krb5_crypto_destroy(context, crypto); free(data.data); if (ret) - goto out; + return ret; ASN1_MALLOC_ENCODE(KRB5SignedPath, data.data, data.length, &sp, &size, ret); free_Checksum(&sp.cksum); if (ret) - goto out; + return ret; if (data.length != size) krb5_abortx(context, "internal asn.1 encoder error"); @@ -174,46 +174,11 @@ _kdc_add_KRB5SignedPath(krb5_context context, * authorization data field. */ - if (tkt->authorization_data == NULL) { - tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data)); - if (tkt->authorization_data == NULL) { - ret = ENOMEM; - goto out; - } - } - - /* add the entry to the last element */ - { - AuthorizationData ad = { 0, NULL }; - AuthorizationDataElement ade; - - ade.ad_type = KRB5_AUTHDATA_SIGNTICKET; - ade.ad_data = data; - - ret = add_AuthorizationData(&ad, &ade); - krb5_data_free(&data); - if (ret) - return ret; - - ASN1_MALLOC_ENCODE(AuthorizationData, data.data, data.length, - &ad, &size, ret); - free_AuthorizationData(&ad); - if (ret) - return ret; - if (data.length != size) - krb5_abortx(context, "internal asn.1 encoder error"); - - ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT; - ade.ad_data = data; - - ret = add_AuthorizationData(tkt->authorization_data, &ade); - krb5_data_free(&data); - if (ret) - return ret; - } + ret = _kdc_tkt_add_if_relevant_ad(context, tkt, + KRB5_AUTHDATA_SIGNTICKET, &data); + krb5_data_free(&data); -out: - return 0; + return ret; } static krb5_error_code @@ -307,6 +272,87 @@ check_KRB5SignedPath(krb5_context context, return 0; } +/* + * + */ + +static krb5_error_code +check_PAC(krb5_context context, + krb5_kdc_configuration *config, + const krb5_principal client_principal, + hdb_entry_ex *client, + hdb_entry_ex *server, + const EncryptionKey *server_key, + const EncryptionKey *krbtgt_key, + EncTicketPart *tkt, + krb5_data *rspac, + int *require_signedpath) +{ + AuthorizationData *ad = tkt->authorization_data; + unsigned i, j; + krb5_error_code ret; + + if (ad == NULL || ad->len == 0) + return 0; + + for (i = 0; i < ad->len; i++) { + AuthorizationData child; + + if (ad->val[i].ad_type != KRB5_AUTHDATA_IF_RELEVANT) + continue; + + ret = decode_AuthorizationData(ad->val[i].ad_data.data, + ad->val[i].ad_data.length, + &child, + NULL); + if (ret) { + krb5_set_error_string(context, "Failed to decode " + "IF_RELEVANT with %d", ret); + return ret; + } + for (j = 0; j < child.len; j++) { + + if (child.val[j].ad_type == KRB5_AUTHDATA_WIN2K_PAC) { + krb5_pac pac; + + /* Found PAC */ + ret = krb5_pac_parse(context, + child.val[j].ad_data.data, + child.val[j].ad_data.length, + &pac); + free_AuthorizationData(&child); + if (ret) + return ret; + + ret = krb5_pac_verify(context, pac, tkt->authtime, + client_principal, + krbtgt_key, NULL); + if (ret) { + krb5_pac_free(context, pac); + return ret; + } + + ret = _kdc_pac_verify(context, client_principal, + client, server, &pac); + if (ret) { + krb5_pac_free(context, pac); + return ret; + } + *require_signedpath = 0; + + ret = _krb5_pac_sign(context, pac, tkt->authtime, + client_principal, + server_key, krbtgt_key, rspac); + + krb5_pac_free(context, pac); + + return ret; + } + } + free_AuthorizationData(&child); + } + return 0; +} /* * @@ -610,9 +656,10 @@ tgs_make_reply(krb5_context context, KDC_REQ_BODY *b, krb5_const_principal tgt_name, const EncTicketPart *tgt, - const EncTicketPart *adtkt, + const EncryptionKey *ekey, + const krb5_keyblock *sessionkey, + krb5_kvno kvno, AuthorizationData *auth_data, - krb5_ticket *tgs_ticket, hdb_entry_ex *server, const char *server_name, hdb_entry_ex *client, @@ -620,7 +667,7 @@ tgs_make_reply(krb5_context context, hdb_entry_ex *krbtgt, krb5_enctype krbtgt_etype, KRB5SignedPathPrincipals *spp, - EncryptionKey *tgtkey, + const krb5_data *rspac, const char **e_text, krb5_data *reply) { @@ -629,32 +676,6 @@ tgs_make_reply(krb5_context context, EncTicketPart et; KDCOptions f = b->kdc_options; krb5_error_code ret; - krb5_enctype etype; - Key *skey; - const EncryptionKey *ekey; - AuthorizationData *new_auth_data = NULL; - - if(adtkt) { - int i; - ekey = &adtkt->key; - for(i = 0; i < b->etype.len; i++) - if (b->etype.val[i] == adtkt->key.keytype) - break; - if(i == b->etype.len) { - krb5_clear_error_string(context); - return KRB5KDC_ERR_ETYPE_NOSUPP; - } - etype = b->etype.val[i]; - }else{ - ret = _kdc_find_etype(context, server, b->etype.val, b->etype.len, - &skey, &etype); - if(ret) { - kdc_log(context, config, 0, - "Server (%s) has no support for etypes", server_name); - return ret; - } - ekey = &skey->key; - } memset(&rep, 0, sizeof(rep)); memset(&et, 0, sizeof(et)); @@ -768,26 +789,47 @@ tgs_make_reply(krb5_context context, et.flags.anonymous = tgt->flags.anonymous; et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate; - - krb5_generate_random_keyblock(context, etype, &et.key); - - if (server->authz_data_tgs_req) { - ret = server->authz_data_tgs_req(context, server, - client_principal, - tgs_ticket->ticket.authorization_data, - tgs_ticket->ticket.authtime, - tgtkey, - ekey, - &et.key, - &new_auth_data); - if (ret) { - new_auth_data = NULL; + if (auth_data) { + /* XXX Check enc-authorization-data */ + et.authorization_data = calloc(1, sizeof(*et.authorization_data)); + if (et.authorization_data == NULL) { + ret = ENOMEM; + goto out; + } + ret = copy_AuthorizationData(auth_data, et.authorization_data); + if (ret) + goto out; + + /* Filter out type KRB5SignedPath */ + ret = find_KRB5SignedPath(context, et.authorization_data, NULL); + if (ret == 0) { + if (et.authorization_data->len == 1) { + free_AuthorizationData(et.authorization_data); + free(et.authorization_data); + et.authorization_data = NULL; + } else { + AuthorizationData *ad = et.authorization_data; + free_AuthorizationDataElement(&ad->val[ad->len - 1]); + ad->len--; } + } } - /* XXX Check enc-authorization-data */ - et.authorization_data = new_auth_data; + if(rspac->length) { + /* + * No not need to filter out the any PAC from the + * auth_data since its signed by the KDC. + */ + ret = _kdc_tkt_add_if_relevant_ad(context, &et, + KRB5_AUTHDATA_WIN2K_PAC, + rspac); + if (ret) + goto out; + } + ret = krb5_copy_keyblock_contents(context, sessionkey, &et.key); + if (ret) + goto out; et.crealm = tgt->crealm; et.cname = tgt_name->name; @@ -795,6 +837,10 @@ tgs_make_reply(krb5_context context, /* MIT must have at least one last_req */ ek.last_req.len = 1; ek.last_req.val = calloc(1, sizeof(*ek.last_req.val)); + if (ek.last_req.val == NULL) { + ret = ENOMEM; + goto out; + } ek.nonce = b->nonce; ek.flags = et.flags; ek.authtime = et.authtime; @@ -817,7 +863,7 @@ tgs_make_reply(krb5_context context, krbtgt, krbtgt_etype, NULL, - NULL, + spp, &et); if (ret) goto out; @@ -835,8 +881,8 @@ tgs_make_reply(krb5_context context, etype list, even if we don't want a session key with DES3? */ ret = _kdc_encode_reply(context, config, - &rep, &et, &ek, etype, - adtkt ? 0 : server->entry.kvno, + &rep, &et, &ek, et.key.keytype, + kvno, ekey, 0, &tgt->key, e_text, reply); out: free_TGS_REP(&rep); @@ -973,8 +1019,7 @@ tgs_parse_request(krb5_context context, const struct sockaddr *from_addr, time_t **csec, int **cusec, - AuthorizationData **auth_data, - EncryptionKey **tgtkey) + AuthorizationData **auth_data) { krb5_ap_req ap_req; krb5_error_code ret; @@ -1060,8 +1105,6 @@ tgs_parse_request(krb5_context context, ret = KRB5KRB_AP_ERR_BADKEYVER; goto out; } - - *tgtkey = &tkey->key; if (b->kdc_options.validate) verify_ap_req_flags = KRB5_VERIFY_AP_REQ_IGNORE_INVALID; @@ -1201,8 +1244,8 @@ tgs_build_reply(krb5_context context, const char *from, const char **e_text, AuthorizationData *auth_data, - EncryptionKey *tgtkey, - const struct sockaddr *from_addr) + const struct sockaddr *from_addr, + int datagram_reply) { krb5_error_code ret; krb5_principal cp = NULL, sp = NULL; @@ -1211,6 +1254,10 @@ tgs_build_reply(krb5_context context, hdb_entry_ex *server = NULL, *client = NULL; EncTicketPart *tgt = &ticket->ticket; KRB5SignedPathPrincipals *spp = NULL; + const EncryptionKey *ekey; + krb5_keyblock sessionkey; + krb5_kvno kvno; + krb5_data rspac; PrincipalName *s; Realm r; @@ -1219,7 +1266,9 @@ tgs_build_reply(krb5_context context, char opt_str[128]; int require_signedpath = 0; + memset(&sessionkey, 0, sizeof(sessionkey)); memset(&adtkt, 0, sizeof(adtkt)); + krb5_data_zero(&rspac); s = b->sname; r = b->realm; @@ -1436,7 +1485,7 @@ server_lookup: ret = krb5_verify_checksum(context, crypto, - KRB5_KU_TGS_IMPERSONATE, + KRB5_KU_OTHER_CKSUM, datack.data, datack.length, &self.cksum); @@ -1617,6 +1666,67 @@ server_lookup: goto out; } + /* + * Select enctype, return key and kvno. + */ + + { + krb5_enctype etype; + + if(b->kdc_options.enc_tkt_in_skey) { + int i; + ekey = &adtkt.key; + for(i = 0; i < b->etype.len; i++) + if (b->etype.val[i] == adtkt.key.keytype) + break; + if(i == b->etype.len) { + krb5_clear_error_string(context); + return KRB5KDC_ERR_ETYPE_NOSUPP; + } + etype = b->etype.val[i]; + kvno = 0; + } else { + Key *skey; + + ret = _kdc_find_etype(context, server, b->etype.val, b->etype.len, + &skey, &etype); + if(ret) { + kdc_log(context, config, 0, + "Server (%s) has no support for etypes", spp); + return ret; + } + ekey = &skey->key; + kvno = server->entry.kvno; + } + + ret = krb5_generate_random_keyblock(context, etype, &sessionkey); + if (ret) + goto out; + } + + /* check PAC if there is one */ + { + Key *tkey; + + ret = hdb_enctype2key(context, &krbtgt->entry, + krbtgt_etype, &tkey); + if(ret) { + kdc_log(context, config, 0, + "Failed to find key for krbtgt PAC check"); + goto out; + } + + ret = check_PAC(context, config, client_principal, + client, server, ekey, &tkey->key, + tgt, &rspac, &require_signedpath); + if (ret) { + kdc_log(context, config, 0, + "check_PAC check failed for %s (%s) from %s with %s", + spn, cpn, from, krb5_get_err_text(context, ret)); + goto out; + } + } + /* also check the krbtgt for signature */ ret = check_KRB5SignedPath(context, config, @@ -1640,9 +1750,10 @@ server_lookup: b, client_principal, tgt, - b->kdc_options.enc_tkt_in_skey ? &adtkt : NULL, + ekey, + &sessionkey, + kvno, auth_data, - ticket, server, spn, client, @@ -1650,7 +1761,7 @@ server_lookup: krbtgt, krbtgt_etype, spp, - tgtkey, + &rspac, e_text, reply); @@ -1658,6 +1769,8 @@ out: free(spn); free(cpn); + krb5_data_free(&rspac); + krb5_free_keyblock_contents(context, &sessionkey); if(server) _kdc_free_ent(context, server); if(client) @@ -1685,7 +1798,8 @@ _kdc_tgs_rep(krb5_context context, KDC_REQ *req, krb5_data *data, const char *from, - struct sockaddr *from_addr) + struct sockaddr *from_addr, + int datagram_reply) { AuthorizationData *auth_data = NULL; krb5_error_code ret; @@ -1696,8 +1810,6 @@ _kdc_tgs_rep(krb5_context context, krb5_ticket *ticket = NULL; const char *e_text = NULL; krb5_enctype krbtgt_etype = ETYPE_NULL; - EncryptionKey *tgtkey = NULL; - time_t *csec = NULL; int *cusec = NULL; @@ -1726,8 +1838,7 @@ _kdc_tgs_rep(krb5_context context, &e_text, from, from_addr, &csec, &cusec, - &auth_data, - &tgtkey); + &auth_data); if (ret) { kdc_log(context, config, 0, "Failed parsing TGS-REQ from %s", from); @@ -1745,14 +1856,21 @@ _kdc_tgs_rep(krb5_context context, from, &e_text, auth_data, - tgtkey, - from_addr); + from_addr, + datagram_reply); if (ret) { kdc_log(context, config, 0, "Failed building TGS-REP to %s", from); goto out; } + /* */ + if (datagram_reply && data->length > config->max_datagram_reply_length) { + krb5_data_free(data); + ret = KRB5KRB_ERR_RESPONSE_TOO_BIG; + e_text = "Reply packet too large"; + } + out: if(ret && data->data == NULL){ krb5_mk_error(context, diff --git a/source4/heimdal/kdc/kx509.c b/source4/heimdal/kdc/kx509.c new file mode 100644 index 0000000000..d817338f73 --- /dev/null +++ b/source4/heimdal/kdc/kx509.c @@ -0,0 +1,370 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdc_locl.h" +#include + +RCSID("$Id: kx509.c,v 1.1 2006/12/28 21:03:53 lha Exp $"); + +/* + * + */ + +krb5_error_code +_kdc_try_kx509_request(void *ptr, size_t len, Kx509Request *req, size_t *size) +{ + if (len < 4) + return -1; + if (memcmp("\x00\x00\x02\x00", ptr, 4) != 0) + return -1; + return decode_Kx509Request(((unsigned char *)ptr) + 4, len - 4, req, size); +} + +/* + * + */ + +static const char version_2_0[4] = {0 , 0, 2, 0}; + +static krb5_error_code +verify_req_hash(krb5_context context, + const Kx509Request *req, + krb5_keyblock *key) +{ + unsigned char digest[SHA_DIGEST_LENGTH]; + HMAC_CTX ctx; + + if (req->pk_hash.length != sizeof(digest)) { + krb5_set_error_string(context, "pk-hash have wrong length: %lu", + (unsigned long)req->pk_hash.length); + return KRB5KDC_ERR_PREAUTH_FAILED; + } + + HMAC_CTX_init(&ctx); + HMAC_Init_ex(&ctx, + key->keyvalue.data, key->keyvalue.length, + EVP_sha1(), NULL); + if (sizeof(digest) != HMAC_size(&ctx)) + krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509"); + HMAC_Update(&ctx, version_2_0, sizeof(version_2_0)); + HMAC_Update(&ctx, req->pk_key.data, req->pk_key.length); + HMAC_Final(&ctx, digest, 0); + HMAC_CTX_cleanup(&ctx); + + if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) { + krb5_set_error_string(context, "pk-hash is not correct"); + return KRB5KDC_ERR_PREAUTH_FAILED; + } + return 0; +} + +static krb5_error_code +calculate_reply_hash(krb5_context context, + krb5_keyblock *key, + Kx509Response *rep) +{ + HMAC_CTX ctx; + + HMAC_CTX_init(&ctx); + + HMAC_Init_ex(&ctx, + key->keyvalue.data, key->keyvalue.length, + EVP_sha1(), NULL); + rep->hash->length = HMAC_size(&ctx); + rep->hash->data = malloc(rep->hash->length); + if (rep->hash->data == NULL) { + HMAC_CTX_cleanup(&ctx); + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + + HMAC_Update(&ctx, version_2_0, sizeof(version_2_0)); + if (rep->error_code) { + int32_t t = *rep->error_code; + do { + unsigned char p = (t & 0xff); + HMAC_Update(&ctx, &p, 1); + t >>= 8; + } while (t); + } + if (rep->certificate) + HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length); + if (rep->e_text) + HMAC_Update(&ctx, *rep->e_text, strlen(*rep->e_text)); + + HMAC_Final(&ctx, rep->hash->data, 0); + HMAC_CTX_cleanup(&ctx); + + return 0; +} + +/* + * Build a certifate for `principal´ that will expire at `endtime´. + */ + +static krb5_error_code +build_certificate(krb5_context context, + krb5_kdc_configuration *config, + const krb5_data *key, + time_t endtime, + krb5_principal principal, + krb5_data *certificate) +{ + /* XXX write code here to generate certificates */ + FILE *in, *out; + krb5_error_code ret; + const char *program; + char *str, *strkey; + char tstr[64]; + pid_t pid; + + snprintf(tstr, sizeof(tstr), "%lu", (unsigned long)endtime); + + ret = base64_encode(key->data, key->length, &strkey); + if (ret < 0) { + krb5_set_error_string(context, "failed to base64 encode key"); + return ENOMEM; + } + + program = krb5_config_get_string(context, + NULL, + "kdc", + "kx509_cert_program", + NULL); + if (program == NULL) { + free(strkey); + krb5_set_error_string(context, "no certificate program configured"); + return ENOENT; + } + + ret = krb5_unparse_name(context, principal, &str); + if (ret) { + free(strkey); + return ret; + } + + pid = pipe_execv(&in, &out, NULL, program, str, tstr, NULL); + free(str); + if (pid <= 0) { + free(strkey); + krb5_set_error_string(context, + "Failed to run the cert program %s", + program); + return ret; + } + fprintf(in, "%s\n", strkey); + fclose(in); + free(strkey); + + { + unsigned buf[1024 * 10]; + size_t len; + + len = fread(buf, 1, sizeof(buf), out); + fclose(out); + if(len == 0) { + krb5_set_error_string(context, + "Certificate program returned no data"); + return KRB5KDC_ERR_PREAUTH_FAILED; + } + ret = krb5_data_copy(certificate, buf, len); + if (ret) { + krb5_set_error_string(context, "Failed To copy certificate"); + return ret; + } + } + kill(pid, SIGKILL); + waitpid(pid, NULL, 0); + return 0; +} + +/* + * + */ + +krb5_error_code +_kdc_do_kx509(krb5_context context, + krb5_kdc_configuration *config, + const Kx509Request *req, krb5_data *reply, + const char *from, struct sockaddr *addr) +{ + krb5_error_code ret; + krb5_ticket *ticket = NULL; + krb5_flags ap_req_options; + krb5_auth_context ac = NULL; + krb5_keytab id = NULL; + krb5_principal sprincipal = NULL, cprincipal = NULL; + char *cname = NULL; + Kx509Response rep; + size_t size; + krb5_keyblock *key = NULL; + + krb5_data_zero(reply); + memset(&rep, 0, sizeof(rep)); + + if(!config->enable_kx509) { + kdc_log(context, config, 0, + "Rejected kx509 request (disabled) from %s", from); + return KRB5KDC_ERR_POLICY; + } + + kdc_log(context, config, 0, "Kx509 request from %s", from); + + ret = krb5_kt_resolve(context, "HDB:", &id); + if (ret) { + kdc_log(context, config, 0, "Can't open database for digest"); + goto out; + } + + ret = krb5_rd_req(context, + &ac, + &req->authenticator, + NULL, + id, + &ap_req_options, + &ticket); + if (ret) + goto out; + + ret = krb5_ticket_get_client(context, ticket, &cprincipal); + if (ret) + goto out; + + ret = krb5_unparse_name(context, cprincipal, &cname); + if (ret) + goto out; + + /* verify server principal */ + + ret = krb5_sname_to_principal(context, NULL, "kca_service", + KRB5_NT_UNKNOWN, &sprincipal); + if (ret) + goto out; + + { + krb5_principal principal = NULL; + + ret = krb5_ticket_get_server(context, ticket, &principal); + if (ret) + goto out; + + ret = krb5_principal_compare(context, sprincipal, principal); + krb5_free_principal(context, principal); + if (ret != TRUE) { + ret = KRB5KDC_ERR_SERVER_NOMATCH; + krb5_set_error_string(context, + "User %s used wrong Kx509 service principal", + cname); + goto out; + } + } + + ret = krb5_auth_con_getkey(context, ac, &key); + if (ret || key == NULL) { + krb5_set_error_string(context, "Kx509 can't get session key"); + goto out; + } + + ret = verify_req_hash(context, req, key); + if (ret) + goto out; + + ALLOC(rep.certificate); + if (rep.certificate == NULL) + goto out; + krb5_data_zero(rep.certificate); + ALLOC(rep.hash); + if (rep.hash == NULL) + goto out; + krb5_data_zero(rep.hash); + + ret = build_certificate(context, config, &req->pk_key, + krb5_ticket_get_endtime(context, ticket), + cprincipal, rep.certificate); + if (ret) + goto out; + + ret = calculate_reply_hash(context, key, &rep); + if (ret) + goto out; + + /* + * Encode reply, [ version | Kx509Response ] + */ + + { + krb5_data data; + + ASN1_MALLOC_ENCODE(Kx509Response, data.data, data.length, &rep, + &size, ret); + if (ret) { + krb5_set_error_string(context, "Failed to encode kx509 reply"); + goto out; + } + if (size != data.length) + krb5_abortx(context, "ASN1 internal error"); + + ret = krb5_data_alloc(reply, data.length + sizeof(version_2_0)); + if (ret) { + free(data.data); + goto out; + } + memcpy(reply->data, version_2_0, sizeof(version_2_0)); + memcpy(((unsigned char *)reply->data) + sizeof(version_2_0), + data.data, data.length); + free(data.data); + } + + kdc_log(context, config, 0, "Successful Kx509 request for %s", cname); + +out: + if (ac) + krb5_auth_con_free(context, ac); + if (ret) + krb5_warn(context, ret, "Kx509 request from %s failed", from); + if (ticket) + krb5_free_ticket(context, ticket); + if (id) + krb5_kt_close(context, id); + if (sprincipal) + krb5_free_principal(context, sprincipal); + if (cprincipal) + krb5_free_principal(context, cprincipal); + if (key) + krb5_free_keyblock (context, key); + if (cname) + free(cname); + free_Kx509Response(&rep); + + return 0; +} diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index 6657ab7c44..418a38d030 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c,v 1.74 2006/11/10 03:37:43 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.86 2007/01/04 12:54:09 lha Exp $"); #ifdef PKINIT @@ -68,6 +68,8 @@ struct pk_client_params { DH *dh; EncryptionKey reply_key; char *dh_group_name; + hx509_peer_info peer; + hx509_certs client_anchors; }; struct pk_principal_mapping { @@ -180,6 +182,10 @@ _kdc_pk_free_client_param(krb5_context context, krb5_free_keyblock_contents(context, &client_params->reply_key); if (client_params->dh_group_name) free(client_params->dh_group_name); + if (client_params->peer) + hx509_peer_info_free(client_params->peer); + if (client_params->client_anchors) + hx509_certs_free(&client_params->client_anchors); memset(client_params, 0, sizeof(*client_params)); free(client_params); } @@ -302,8 +308,10 @@ get_dh_param(krb5_context context, ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits, &dhparam.p, &dhparam.g, &dhparam.q, moduli, &client_params->dh_group_name); - if (ret) + if (ret) { + /* XXX send back proposal of better group */ goto out; + } dh = DH_new(); if (dh == NULL) { @@ -354,64 +362,6 @@ get_dh_param(krb5_context context, return ret; } -#if 0 -/* - * XXX We only need this function if there are several certs for the - * KDC to choose from, and right now, we can't handle that so punt for - * now. - * - * If client has sent a list of CA's trusted by him, make sure our - * CA is in the list. - * - */ - -static void -verify_trusted_ca(PA_PK_AS_REQ_19 *r) -{ - - if (r.trustedCertifiers != NULL) { - X509_NAME *kdc_issuer; - X509 *kdc_cert; - - kdc_cert = sk_X509_value(kdc_identity->cert, 0); - kdc_issuer = X509_get_issuer_name(kdc_cert); - - /* XXX will work for heirarchical CA's ? */ - /* XXX also serial_number should be compared */ - - ret = KRB5_KDC_ERR_KDC_NOT_TRUSTED; - for (i = 0; i < r.trustedCertifiers->len; i++) { - TrustedCA_19 *ca = &r.trustedCertifiers->val[i]; - - switch (ca->element) { - case choice_TrustedCA_19_caName: { - X509_NAME *name; - unsigned char *p; - - p = ca->u.caName.data; - name = d2i_X509_NAME(NULL, &p, ca->u.caName.length); - if (name == NULL) /* XXX should this be a failure instead ? */ - break; - if (X509_NAME_cmp(name, kdc_issuer) == 0) - ret = 0; - X509_NAME_free(name); - break; - } - case choice_TrustedCA_19_issuerAndSerial: - /* IssuerAndSerialNumber issuerAndSerial */ - break; - default: - break; - } - if (ret == 0) - break; - } - if (ret) - goto out; - } -} -#endif /* 0 */ - krb5_error_code _kdc_pk_rd_padata(krb5_context context, krb5_kdc_configuration *config, @@ -483,7 +433,61 @@ _kdc_pk_rd_padata(krb5_context context, goto out; } - /* XXX look at r.trustedCertifiers and r.kdcPkId */ + /* XXX look at r.kdcPkId */ + if (r.trustedCertifiers) { + ExternalPrincipalIdentifiers *edi = r.trustedCertifiers; + unsigned int i; + + ret = hx509_certs_init(kdc_identity->hx509ctx, + "MEMORY:client-anchors", + 0, NULL, + &client_params->client_anchors); + if (ret) { + krb5_set_error_string(context, "Can't allocate client anchors: %d", ret); + goto out; + + } + for (i = 0; i < edi->len; i++) { + IssuerAndSerialNumber iasn; + hx509_query *q; + hx509_cert cert; + size_t size; + + if (edi->val[i].issuerAndSerialNumber == NULL) + continue; + + ret = hx509_query_alloc(kdc_identity->hx509ctx, &q); + if (ret) { + krb5_set_error_string(context, + "Failed to allocate hx509_query"); + goto out; + } + + ret = decode_IssuerAndSerialNumber(edi->val[i].issuerAndSerialNumber->data, + edi->val[i].issuerAndSerialNumber->length, + &iasn, + &size); + if (ret || size != 0) { + hx509_query_free(kdc_identity->hx509ctx, q); + continue; + } + ret = hx509_query_match_issuer_serial(q, &iasn.issuer, &iasn.serialNumber); + free_IssuerAndSerialNumber(&iasn); + if (ret) + continue; + + ret = hx509_certs_find(kdc_identity->hx509ctx, + kdc_identity->certs, + q, + &cert); + hx509_query_free(kdc_identity->hx509ctx, q); + if (ret) + continue; + hx509_certs_add(kdc_identity->hx509ctx, + client_params->client_anchors, cert); + hx509_cert_free(cert); + } + } ret = hx509_cms_unwrap_ContentInfo(&r.signedAuthPack, &contentInfoOid, @@ -611,6 +615,23 @@ _kdc_pk_rd_padata(krb5_context context, goto out; } } + + if (ap.supportedCMSTypes) { + ret = hx509_peer_info_alloc(kdc_identity->hx509ctx, + &client_params->peer); + if (ret) { + free_AuthPack(&ap); + goto out; + } + ret = hx509_peer_info_set_cms_algs(kdc_identity->hx509ctx, + client_params->peer, + ap.supportedCMSTypes->val, + ap.supportedCMSTypes->len); + if (ret) { + free_AuthPack(&ap); + goto out; + } + } free_AuthPack(&ap); } else krb5_abortx(context, "internal pkinit error"); @@ -752,7 +773,8 @@ pk_mk_pa_reply_enckey(krb5_context context, buf.length, NULL, cert, - kdc_identity->anchors, + client_params->peer, + client_params->client_anchors, kdc_identity->certpool, &signed_data); hx509_cert_free(cert); @@ -864,7 +886,8 @@ pk_mk_pa_reply_dh(krb5_context context, buf.length, NULL, cert, - kdc_identity->anchors, + client_params->peer, + client_params->client_anchors, kdc_identity->certpool, &signed_data); *kdc_cert = cert; @@ -948,8 +971,12 @@ _kdc_pk_mk_pa_reply(krb5_context context, rep.element = choice_PA_PK_AS_REP_encKeyPack; - krb5_generate_random_keyblock(context, enctype, - &client_params->reply_key); + ret = krb5_generate_random_keyblock(context, enctype, + &client_params->reply_key); + if (ret) { + free_PA_PK_AS_REP(&rep); + goto out; + } ret = pk_mk_pa_reply_enckey(context, client_params, req, @@ -1039,8 +1066,12 @@ _kdc_pk_mk_pa_reply(krb5_context context, pa_type = KRB5_PADATA_PK_AS_REP_19; rep.element = choice_PA_PK_AS_REP_encKeyPack; - krb5_generate_random_keyblock(context, enctype, - &client_params->reply_key); + ret = krb5_generate_random_keyblock(context, enctype, + &client_params->reply_key); + if (ret) { + free_PA_PK_AS_REP_Win2k(&rep); + goto out; + } ret = pk_mk_pa_reply_enckey(context, client_params, req, @@ -1337,6 +1368,35 @@ add_principal_mapping(krb5_context context, return 0; } +krb5_error_code +_kdc_add_inital_verified_cas(krb5_context context, + krb5_kdc_configuration *config, + pk_client_params *params, + EncTicketPart *tkt) +{ + AD_INITIAL_VERIFIED_CAS cas; + krb5_error_code ret; + krb5_data data; + size_t size; + + memset(&cas, 0, sizeof(cas)); + + /* XXX add CAs to cas here */ + + ASN1_MALLOC_ENCODE(AD_INITIAL_VERIFIED_CAS, data.data, data.length, + &cas, &size, ret); + if (ret) + return ret; + if (data.length != size) + krb5_abortx(context, "internal asn.1 encoder error"); + + ret = _kdc_tkt_add_if_relevant_ad(context, tkt, + ad_initial_verified_cas, &data); + krb5_data_free(&data); + return ret; +} + + krb5_error_code _kdc_pk_initialize(krb5_context context, @@ -1372,7 +1432,7 @@ _kdc_pk_initialize(krb5_context context, NULL, NULL); if (ret) { - krb5_warn(context, ret, "PKINIT: failed to load"); + krb5_warn(context, ret, "PKINIT: "); config->enable_pkinit = 0; return ret; } @@ -1411,7 +1471,7 @@ _kdc_pk_initialize(krb5_context context, NULL, FALSE, "kdc", - "pki-allow-proxy-certificate", + "pkinit_allow_proxy_certificate", NULL); _krb5_pk_allow_proxy_certificate(kdc_identity, ret); @@ -1419,7 +1479,7 @@ _kdc_pk_initialize(krb5_context context, NULL, HDB_DB_DIR "/pki-mapping", "kdc", - "pki-mappings-file", + "pkinit_mappings_file", NULL); f = fopen(file, "r"); if (f == NULL) { diff --git a/source4/heimdal/kdc/process.c b/source4/heimdal/kdc/process.c index ed5cb3d651..a64efaa05d 100644 --- a/source4/heimdal/kdc/process.c +++ b/source4/heimdal/kdc/process.c @@ -34,7 +34,7 @@ #include "kdc_locl.h" -RCSID("$Id: process.c,v 1.5 2006/10/09 15:37:39 lha Exp $"); +RCSID("$Id: process.c,v 1.7 2006/12/28 21:09:35 lha Exp $"); /* * handle the request in `buf, len', from `addr' (or `from' as a string), @@ -55,6 +55,7 @@ krb5_kdc_process_request(krb5_context context, KDC_REQ req; Ticket ticket; DigestREQ digestreq; + Kx509Request kx509req; krb5_error_code ret; size_t i; @@ -70,7 +71,7 @@ krb5_kdc_process_request(krb5_context context, free_AS_REQ(&req); return ret; }else if(decode_TGS_REQ(buf, len, &req, &i) == 0){ - ret = _kdc_tgs_rep(context, config, &req, reply, from, addr); + ret = _kdc_tgs_rep(context, config, &req, reply, from, addr, datagram_reply); free_TGS_REQ(&req); return ret; }else if(decode_Ticket(buf, len, &ticket, &i) == 0){ @@ -81,6 +82,10 @@ krb5_kdc_process_request(krb5_context context, ret = _kdc_do_digest(context, config, &digestreq, reply, from, addr); free_DigestREQ(&digestreq); return ret; + } else if (_kdc_try_kx509_request(buf, len, &kx509req, &i) == 0) { + ret = _kdc_do_kx509(context, config, &kx509req, reply, from, addr); + free_Kx509Request(&kx509req); + return ret; } else if(_kdc_maybe_version4(buf, len)){ *prependlength = FALSE; /* elbitapmoc sdrawkcab XXX */ _kdc_do_version4(context, config, buf, len, reply, from, @@ -128,7 +133,7 @@ krb5_kdc_process_krb5_request(krb5_context context, free_AS_REQ(&req); return ret; }else if(decode_TGS_REQ(buf, len, &req, &i) == 0){ - ret = _kdc_tgs_rep(context, config, &req, reply, from, addr); + ret = _kdc_tgs_rep(context, config, &req, reply, from, addr, datagram_reply); free_TGS_REQ(&req); return ret; } diff --git a/source4/heimdal/kdc/windc.c b/source4/heimdal/kdc/windc.c new file mode 100644 index 0000000000..41e4ad1bbc --- /dev/null +++ b/source4/heimdal/kdc/windc.c @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdc_locl.h" + +RCSID("$Id: windc.c,v 1.3 2007/01/04 11:10:06 lha Exp $"); + +static krb5plugin_windc_ftable *windcft; +static void *windcctx; + +/* + * Pick the first WINDC module that we find. + */ + +krb5_error_code +_kdc_windc_init(krb5_context context) +{ + struct krb5_plugin *list = NULL, *e; + krb5_error_code ret; + + ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "windc", &list); + if(ret != 0 || list == NULL) + return 0; + + for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) { + + windcft = _krb5_plugin_get_symbol(e); + if (windcft->minor_version < KRB5_WINDC_PLUGING_MINOR) + continue; + + (*windcft->init)(context, &windcctx); + break; + } + if (e == NULL) { + _krb5_plugin_free(list); + krb5_set_error_string(context, "Did not find any WINDC plugin"); + windcft = NULL; + return ENOENT; + } + + return 0; +} + + +krb5_error_code +_kdc_pac_generate(krb5_context context, + hdb_entry_ex *client, + krb5_pac *pac) +{ + *pac = NULL; + if (windcft == NULL) + return 0; + return (windcft->pac_generate)(windcctx, context, client, pac); +} + +krb5_error_code +_kdc_pac_verify(krb5_context context, + const krb5_principal client_principal, + hdb_entry_ex *client, + hdb_entry_ex *server, + krb5_pac *pac) +{ + if (windcft == NULL) { + krb5_set_error_string(context, "Can't verify WINDC, no function"); + return EINVAL; + } + return (windcft->pac_verify)(windcctx, context, client_principal, client, server, pac); +} + +krb5_error_code +_kdc_windc_client_access(krb5_context context, + struct hdb_entry_ex *client, + KDC_REQ *req) +{ + if (windcft == NULL) + return 0; + return (windcft->client_access)(windcctx, context, client, req); +} diff --git a/source4/heimdal/kdc/windc_plugin.h b/source4/heimdal/kdc/windc_plugin.h new file mode 100644 index 0000000000..a3b7534480 --- /dev/null +++ b/source4/heimdal/kdc/windc_plugin.h @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: windc_plugin.h,v 1.2 2007/01/04 11:13:51 lha Exp $ */ + +#ifndef HEIMDAL_KRB5_PAC_PLUGIN_H +#define HEIMDAL_KRB5_PAC_PLUGIN_H 1 + +#include + +/* + * The PAC generate function should allocate a krb5_pac using + * krb5_pac_init and fill in the PAC structure for the principal using + * krb5_pac_add_buffer. + * + * The PAC verify function should verify all components in the PAC + * using krb5_pac_get_types and krb5_pac_get_buffer for all types. + * + * Check client access function check if the client is authorized. + */ + +struct hdb_entry_ex; + +typedef krb5_error_code +(*krb5plugin_windc_pac_generate)(void *, krb5_context, + struct hdb_entry_ex *, krb5_pac *); + +typedef krb5_error_code +(*krb5plugin_windc_pac_verify)(void *, krb5_context, + const krb5_principal, + struct hdb_entry_ex *, struct hdb_entry_ex *, krb5_pac *); + +typedef krb5_error_code +(*krb5plugin_windc_client_access)( + void *, krb5_context, struct hdb_entry_ex *, KDC_REQ *); + + +#define KRB5_WINDC_PLUGING_MINOR 2 + +typedef struct krb5plugin_windc_ftable { + int minor_version; + krb5_error_code (*init)(krb5_context, void **); + void (*fini)(void *); + krb5plugin_windc_pac_generate pac_generate; + krb5plugin_windc_pac_verify pac_verify; + krb5plugin_windc_client_access client_access; +} krb5plugin_windc_ftable; + +#endif /* HEIMDAL_KRB5_PAC_PLUGIN_H */ + diff --git a/source4/heimdal/lib/asn1/asn1-common.h b/source4/heimdal/lib/asn1/asn1-common.h index ab06ae79dd..5f09cd6794 100644 --- a/source4/heimdal/lib/asn1/asn1-common.h +++ b/source4/heimdal/lib/asn1/asn1-common.h @@ -1,4 +1,4 @@ -/* $Id: asn1-common.h,v 1.6 2006/10/14 05:09:47 lha Exp $ */ +/* $Id: asn1-common.h,v 1.7 2006/12/28 17:14:10 lha Exp $ */ #include #include @@ -32,6 +32,7 @@ typedef struct heim_universal_string { uint32_t *data; } heim_universal_string; +typedef char *heim_visible_string; typedef struct heim_oid { size_t length; diff --git a/source4/heimdal/lib/asn1/der-protos.h b/source4/heimdal/lib/asn1/der-protos.h index 3aee392c96..7bfe02ebb4 100644 --- a/source4/heimdal/lib/asn1/der-protos.h +++ b/source4/heimdal/lib/asn1/der-protos.h @@ -82,6 +82,11 @@ der_copy_utf8string ( const heim_utf8_string */*from*/, heim_utf8_string */*to*/); +int +der_copy_visible_string ( + const heim_visible_string */*from*/, + heim_visible_string */*to*/); + void der_free_bit_string (heim_bit_string */*k*/); @@ -112,6 +117,9 @@ der_free_universal_string (heim_universal_string */*k*/); void der_free_utf8string (heim_utf8_string */*str*/); +void +der_free_visible_string (heim_visible_string */*str*/); + int der_get_bit_string ( const unsigned char */*p*/, @@ -251,6 +259,13 @@ der_get_utf8string ( heim_utf8_string */*str*/, size_t */*size*/); +int +der_get_visible_string ( + const unsigned char */*p*/, + size_t /*len*/, + heim_visible_string */*str*/, + size_t */*size*/); + int der_heim_bit_string_cmp ( const heim_bit_string */*p*/, @@ -332,6 +347,9 @@ der_length_utctime (const time_t */*t*/); size_t der_length_utf8string (const heim_utf8_string */*data*/); +size_t +der_length_visible_string (const heim_visible_string */*data*/); + int der_match_tag ( const unsigned char */*p*/, @@ -504,6 +522,13 @@ der_put_utf8string ( const heim_utf8_string */*str*/, size_t */*size*/); +int +der_put_visible_string ( + unsigned char */*p*/, + size_t /*len*/, + const heim_visible_string */*str*/, + size_t */*size*/); + int encode_heim_any ( unsigned char */*p*/, diff --git a/source4/heimdal/lib/asn1/der_copy.c b/source4/heimdal/lib/asn1/der_copy.c index 96eea9c6d7..15e7b817a0 100644 --- a/source4/heimdal/lib/asn1/der_copy.c +++ b/source4/heimdal/lib/asn1/der_copy.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_copy.c,v 1.16 2006/10/14 05:30:02 lha Exp $"); +RCSID("$Id: der_copy.c,v 1.17 2006/12/28 17:14:17 lha Exp $"); int der_copy_general_string (const heim_general_string *from, @@ -88,6 +88,13 @@ der_copy_universal_string (const heim_universal_string *from, return 0; } +int +der_copy_visible_string (const heim_visible_string *from, + heim_visible_string *to) +{ + return der_copy_general_string(from, to); +} + int der_copy_octet_string (const heim_octet_string *from, heim_octet_string *to) { diff --git a/source4/heimdal/lib/asn1/der_format.c b/source4/heimdal/lib/asn1/der_format.c index 9655269356..32cf23cb39 100644 --- a/source4/heimdal/lib/asn1/der_format.c +++ b/source4/heimdal/lib/asn1/der_format.c @@ -34,7 +34,7 @@ #include "der_locl.h" #include -RCSID("$Id: der_format.c,v 1.6 2006/10/21 18:24:15 lha Exp $"); +RCSID("$Id: der_format.c,v 1.8 2006/11/27 10:32:21 lha Exp $"); int der_parse_hex_heim_integer (const char *p, heim_integer *data) @@ -110,10 +110,13 @@ der_print_heim_oid (const heim_oid *oid, char delim, char **str) struct rk_strpool *p = NULL; int i; + if (oid->length == 0) + return EINVAL; + for (i = 0; i < oid->length ; i++) { - p = rk_strpoolprintf(p, "%d%s", - oid->components[i], - i < oid->length - 1 ? " " : ""); + p = rk_strpoolprintf(p, "%d", oid->components[i]); + if (p && i < oid->length - 1) + p = rk_strpoolprintf(p, "%c", delim); if (p == NULL) { *str = NULL; return ENOMEM; diff --git a/source4/heimdal/lib/asn1/der_free.c b/source4/heimdal/lib/asn1/der_free.c index c3a6a17fff..6827486d9f 100644 --- a/source4/heimdal/lib/asn1/der_free.c +++ b/source4/heimdal/lib/asn1/der_free.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_free.c,v 1.13 2006/10/14 05:30:47 lha Exp $"); +RCSID("$Id: der_free.c,v 1.14 2006/12/28 17:14:21 lha Exp $"); void der_free_general_string (heim_general_string *str) @@ -79,6 +79,13 @@ der_free_universal_string (heim_universal_string *k) k->length = 0; } +void +der_free_visible_string (heim_visible_string *str) +{ + free(*str); + *str = NULL; +} + void der_free_octet_string (heim_octet_string *k) { diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c index 7808fa8165..a1ed23f10b 100644 --- a/source4/heimdal/lib/asn1/der_get.c +++ b/source4/heimdal/lib/asn1/der_get.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_get.c,v 1.50 2006/10/19 16:27:44 lha Exp $"); +RCSID("$Id: der_get.c,v 1.51 2006/12/28 17:14:25 lha Exp $"); #include @@ -214,6 +214,13 @@ der_get_universal_string (const unsigned char *p, size_t len, return 0; } +int +der_get_visible_string (const unsigned char *p, size_t len, + heim_visible_string *str, size_t *size) +{ + return der_get_general_string(p, len, str, size); +} + int der_get_octet_string (const unsigned char *p, size_t len, heim_octet_string *data, size_t *size) diff --git a/source4/heimdal/lib/asn1/der_length.c b/source4/heimdal/lib/asn1/der_length.c index 9b2e9f0998..93cabe466c 100644 --- a/source4/heimdal/lib/asn1/der_length.c +++ b/source4/heimdal/lib/asn1/der_length.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_length.c,v 1.19 2006/10/14 05:26:06 lha Exp $"); +RCSID("$Id: der_length.c,v 1.20 2006/12/28 17:14:28 lha Exp $"); size_t _heim_len_unsigned (unsigned val) @@ -166,6 +166,12 @@ der_length_universal_string (const heim_universal_string *data) return data->length * 4; } +size_t +der_length_visible_string (const heim_visible_string *data) +{ + return strlen(*data); +} + size_t der_length_octet_string (const heim_octet_string *k) { diff --git a/source4/heimdal/lib/asn1/der_put.c b/source4/heimdal/lib/asn1/der_put.c index b006f233ca..9ed8f21906 100644 --- a/source4/heimdal/lib/asn1/der_put.c +++ b/source4/heimdal/lib/asn1/der_put.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_put.c,v 1.33 2005/07/12 06:27:23 lha Exp $"); +RCSID("$Id: der_put.c,v 1.34 2006/12/28 17:14:33 lha Exp $"); /* * All encoding functions take a pointer `p' to first position in @@ -230,6 +230,13 @@ der_put_universal_string (unsigned char *p, size_t len, return 0; } +int +der_put_visible_string (unsigned char *p, size_t len, + const heim_visible_string *str, size_t *size) +{ + return der_put_general_string(p, len, str, size); +} + int der_put_octet_string (unsigned char *p, size_t len, const heim_octet_string *data, size_t *size) diff --git a/source4/heimdal/lib/asn1/digest.asn1 b/source4/heimdal/lib/asn1/digest.asn1 index 1f8f18b5cd..92bfb23234 100644 --- a/source4/heimdal/lib/asn1/digest.asn1 +++ b/source4/heimdal/lib/asn1/digest.asn1 @@ -1,4 +1,4 @@ --- $Id: digest.asn1,v 1.9 2006/08/25 11:57:54 lha Exp $ +-- $Id: digest.asn1,v 1.10 2006/12/15 19:13:39 lha Exp $ DIGEST DEFINITIONS ::= BEGIN @@ -58,9 +58,43 @@ DigestResponse ::= SEQUENCE { hash-a1 [3] OCTET STRING OPTIONAL } +NTLMInit ::= SEQUENCE { + flags [0] INTEGER (0..4294967295), + hostname [1] UTF8String OPTIONAL, + domain [1] UTF8String OPTIONAL +} + +NTLMInitReply ::= SEQUENCE { + flags [0] INTEGER (0..4294967295), + opaque [1] OCTET STRING, + targetname [2] UTF8String, + challange [3] OCTET STRING, + targetinfo [4] OCTET STRING OPTIONAL +} + +NTLMRequest ::= SEQUENCE { + flags [0] INTEGER (0..4294967295), + opaque [1] OCTET STRING, + username [2] UTF8String, + targetname [3] UTF8String, + targetinfo [4] OCTET STRING OPTIONAL, + lm [5] OCTET STRING, + ntlm [6] OCTET STRING, + sessionkey [7] OCTET STRING OPTIONAL +} + +NTLMResponse ::= SEQUENCE { + success [0] BOOLEAN, + flags [1] INTEGER (0..4294967295), + sessionkey [2] OCTET STRING OPTIONAL, + tickets [3] SEQUENCE OF OCTET STRING OPTIONAL +} + DigestReqInner ::= CHOICE { init [0] DigestInit, - digestRequest [1] DigestRequest + digestRequest [1] DigestRequest, + ntlmInit [2] NTLMInit, + ntlmRequest [3] NTLMRequest } DigestREQ ::= [APPLICATION 128] SEQUENCE { @@ -71,7 +105,9 @@ DigestREQ ::= [APPLICATION 128] SEQUENCE { DigestRepInner ::= CHOICE { error [0] DigestError, initReply [1] DigestInitReply, - response [2] DigestResponse + response [2] DigestResponse, + ntlmInitReply [3] NTLMInitReply, + ntlmResponse [4] NTLMResponse } DigestREP ::= [APPLICATION 129] SEQUENCE { diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c index c3af316c88..3bb9022be8 100644 --- a/source4/heimdal/lib/asn1/gen.c +++ b/source4/heimdal/lib/asn1/gen.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c,v 1.69 2006/10/14 05:11:52 lha Exp $"); +RCSID("$Id: gen.c,v 1.70 2006/12/28 17:14:37 lha Exp $"); FILE *headerfile, *codefile, *logfile; @@ -135,6 +135,9 @@ init_generate (const char *filename, const char *base) " size_t length;\n" " uint32_t *data;\n" "} heim_universal_string;\n\n"); + fprintf (headerfile, + "typedef char *heim_visible_string;\n\n" + ); fprintf (headerfile, "typedef struct heim_oid {\n" " size_t length;\n" @@ -504,6 +507,10 @@ define_asn1 (int level, Type *t) space(level); fprintf (headerfile, "UniversalString"); break; + case TVisibleString: + space(level); + fprintf (headerfile, "VisibleString"); + break; case TOID : space(level); fprintf(headerfile, "OBJECT IDENTIFIER"); @@ -736,6 +743,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) space(level); fprintf (headerfile, "heim_universal_string %s;\n", name); break; + case TVisibleString: + space(level); + fprintf (headerfile, "heim_visible_string %s;\n", name); + break; case TOID : space(level); fprintf (headerfile, "heim_oid %s;\n", name); diff --git a/source4/heimdal/lib/asn1/gen_copy.c b/source4/heimdal/lib/asn1/gen_copy.c index 9455f33c6f..95646d0a3c 100644 --- a/source4/heimdal/lib/asn1/gen_copy.c +++ b/source4/heimdal/lib/asn1/gen_copy.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_copy.c,v 1.18 2006/10/14 05:34:19 lha Exp $"); +RCSID("$Id: gen_copy.c,v 1.19 2006/12/28 17:14:42 lha Exp $"); static int used_fail; @@ -202,6 +202,9 @@ copy_type (const char *from, const char *to, const Type *t, int preserve) case TUniversalString: copy_primitive ("universal_string", from, to); break; + case TVisibleString: + copy_primitive ("visible_string", from, to); + break; case TTag: copy_type (from, to, t->subtype, preserve); break; diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c index 193dab40e1..19ddbb46db 100644 --- a/source4/heimdal/lib/asn1/gen_decode.c +++ b/source4/heimdal/lib/asn1/gen_decode.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "gen_locl.h" #include "lex.h" -RCSID("$Id: gen_decode.c,v 1.30 2006/09/24 09:13:12 lha Exp $"); +RCSID("$Id: gen_decode.c,v 1.32 2006/12/29 17:30:32 lha Exp $"); static void decode_primitive (const char *typename, const char *name, const char *forwstr) @@ -74,6 +74,7 @@ is_primitive_type(int type) case TIA5String: case TBMPString: case TUniversalString: + case TVisibleString: case TNull: return 1; default: @@ -191,6 +192,11 @@ find_tag (const Type *t, *ty = PRIM; *tag = UT_UniversalString; break; + case TVisibleString: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_VisibleString; + break; default: abort(); } @@ -580,6 +586,9 @@ decode_type (const char *name, const Type *t, int optional, case TUniversalString: decode_primitive ("universal_string", name, forwstr); break; + case TVisibleString: + decode_primitive ("visible_string", name, forwstr); + break; case TNull: fprintf (codefile, "/* NULL */\n"); break; @@ -620,6 +629,7 @@ generate_type_decode (const Symbol *s) case TIA5String: case TBMPString: case TUniversalString: + case TVisibleString: case TUTCTime: case TNull: case TEnumerated: diff --git a/source4/heimdal/lib/asn1/gen_encode.c b/source4/heimdal/lib/asn1/gen_encode.c index 4099fbf643..bc2aff86e5 100644 --- a/source4/heimdal/lib/asn1/gen_encode.c +++ b/source4/heimdal/lib/asn1/gen_encode.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_encode.c,v 1.19 2005/08/23 11:52:16 lha Exp $"); +RCSID("$Id: gen_encode.c,v 1.22 2006/12/29 17:30:03 lha Exp $"); static void encode_primitive (const char *typename, const char *name) @@ -151,7 +151,6 @@ encode_type (const char *name, const Type *t, const char *tmpstr) case TBitString: { Member *m; int pos; - int rest; if (ASN1_TAILQ_EMPTY(t->members)) { encode_primitive("bit_string", name); @@ -163,6 +162,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr) "unsigned char c = 0;\n"); if (!rfc1510_bitstring) fprintf (codefile, + "int rest = 0;\n" "int bit_set = 0;\n"); #if 0 pos = t->members->prev->val; @@ -181,9 +181,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr) if (rfc1510_bitstring) { if (pos < 31) pos = 31; - rest = 7 - (pos % 8); - } else - rest = 0; + } ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) { while (m->val / 8 < pos / 8) { @@ -192,20 +190,27 @@ encode_type (const char *name, const Type *t, const char *tmpstr) "if (c != 0 || bit_set) {\n"); fprintf (codefile, "if (len < 1) return ASN1_OVERFLOW;\n" - "*p-- = c; len--; ret++;\n" - "c = 0;\n"); + "*p-- = c; len--; ret++;\n"); if (!rfc1510_bitstring) fprintf (codefile, + "if (!bit_set) {\n" + "rest = 0;\n" + "while(c) { \n" + "if (c & 1) break;\n" + "c = c >> 1;\n" + "rest++;\n" + "}\n" "bit_set = 1;\n" + "}\n" "}\n"); + fprintf (codefile, + "c = 0;\n"); pos -= 8; } fprintf (codefile, "if((%s)->%s) {\n" "c |= 1<<%d;\n", name, m->gen_name, 7 - m->val % 8); - if (!rfc1510_bitstring) - rest = 7 - m->val % 8; fprintf (codefile, "}\n"); } @@ -218,15 +223,25 @@ encode_type (const char *name, const Type *t, const char *tmpstr) "*p-- = c; len--; ret++;\n"); if (!rfc1510_bitstring) fprintf (codefile, + "if (!bit_set) {\n" + "rest = 0;\n" + "if(c) { \n" + "while(c) { \n" + "if (c & 1) break;\n" + "c = c >> 1;\n" + "rest++;\n" + "}\n" + "}\n" + "}\n" "}\n"); - + fprintf (codefile, "if (len < 1) return ASN1_OVERFLOW;\n" - "*p-- = %d;\n" + "*p-- = %s;\n" "len -= 1;\n" "ret += 1;\n" "}\n\n", - rest); + rfc1510_bitstring ? "0" : "rest"); constructed = 0; break; } @@ -467,6 +482,10 @@ encode_type (const char *name, const Type *t, const char *tmpstr) encode_primitive ("universal_string", name); constructed = 0; break; + case TVisibleString: + encode_primitive ("visible_string", name); + constructed = 0; + break; case TNull: fprintf (codefile, "/* NULL */\n"); constructed = 0; @@ -503,6 +522,7 @@ generate_type_encode (const Symbol *s) case TIA5String: case TBMPString: case TUniversalString: + case TVisibleString: case TNull: case TBitString: case TEnumerated: diff --git a/source4/heimdal/lib/asn1/gen_free.c b/source4/heimdal/lib/asn1/gen_free.c index 2b143bf818..26e02e39dd 100644 --- a/source4/heimdal/lib/asn1/gen_free.c +++ b/source4/heimdal/lib/asn1/gen_free.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_free.c,v 1.16 2006/10/14 05:33:58 lha Exp $"); +RCSID("$Id: gen_free.c,v 1.17 2006/12/28 17:14:54 lha Exp $"); static void free_primitive (const char *typename, const char *name) @@ -160,6 +160,9 @@ free_type (const char *name, const Type *t, int preserve) case TUniversalString: free_primitive ("universal_string", name); break; + case TVisibleString: + free_primitive ("visible_string", name); + break; case TTag: free_type (name, t->subtype, preserve); break; diff --git a/source4/heimdal/lib/asn1/gen_length.c b/source4/heimdal/lib/asn1/gen_length.c index 0c92225b92..7f9dc7257b 100644 --- a/source4/heimdal/lib/asn1/gen_length.c +++ b/source4/heimdal/lib/asn1/gen_length.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_length.c,v 1.21 2006/10/14 05:28:28 lha Exp $"); +RCSID("$Id: gen_length.c,v 1.22 2006/12/28 17:14:57 lha Exp $"); static void length_primitive (const char *typename, @@ -238,6 +238,9 @@ length_type (const char *name, const Type *t, case TUniversalString: length_primitive ("universal_string", name, variable); break; + case TVisibleString: + length_primitive ("visible_string", name, variable); + break; case TNull: fprintf (codefile, "/* NULL */\n"); break; diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1 index 3f501f0592..a86df38a99 100644 --- a/source4/heimdal/lib/asn1/k5.asn1 +++ b/source4/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1,v 1.50 2006/09/11 13:28:59 lha Exp $ +-- $Id: k5.asn1,v 1.51 2006/11/21 05:17:47 lha Exp $ KERBEROS5 DEFINITIONS ::= BEGIN @@ -70,11 +70,11 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-TD-REQ-NONCE(107), -- INTEGER KRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER KRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com - KRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to + KRB5-PADATA-S4U2SELF(129), + KRB5-PADATA-PK-AS-09-BINDING(132) -- client send this to -- tell KDC that is supports -- the asCheckSum in the -- PK-AS-REP - KRB5-PADATA-S4U2SELF(-17) } AUTHDATA-TYPE ::= INTEGER { diff --git a/source4/heimdal/lib/asn1/kx509.asn1 b/source4/heimdal/lib/asn1/kx509.asn1 new file mode 100644 index 0000000000..9706b061c3 --- /dev/null +++ b/source4/heimdal/lib/asn1/kx509.asn1 @@ -0,0 +1,20 @@ +-- $Id: kx509.asn1,v 1.1 2006/12/28 21:05:23 lha Exp $ + +KX509 DEFINITIONS ::= +BEGIN + +Kx509Request ::= SEQUENCE { + authenticator OCTET STRING, + pk-hash OCTET STRING, + pk-key OCTET STRING +} + +Kx509Response ::= SEQUENCE { + error-code[0] INTEGER (-2147483648..2147483647) + OPTIONAL -- DEFAULT 0 --, + hash[1] OCTET STRING OPTIONAL, + certificate[2] OCTET STRING OPTIONAL, + e-text[3] VisibleString OPTIONAL +} + +END diff --git a/source4/heimdal/lib/asn1/lex.l b/source4/heimdal/lib/asn1/lex.l index 4b2c5af062..6ec7b67bb9 100644 --- a/source4/heimdal/lib/asn1/lex.l +++ b/source4/heimdal/lib/asn1/lex.l @@ -32,7 +32,7 @@ * SUCH DAMAGE. */ -/* $Id: lex.l,v 1.27 2005/09/13 18:17:16 lha Exp $ */ +/* $Id: lex.l,v 1.31 2006/10/21 11:57:22 lha Exp $ */ #ifdef HAVE_CONFIG_H #include @@ -58,6 +58,12 @@ static void unterminated(const char *, unsigned); %} +/* This is for broken old lexes (solaris 10 and hpux) */ +%e 2000 +%p 5000 +%a 5000 +%n 1000 +%o 10000 %% ABSENT { return kw_ABSENT; } diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index 29d13ed68d..fc9f195e1f 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -251,7 +251,7 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y,v 1.28 2006/04/28 10:51:35 lha Exp $"); +RCSID("$Id: parse.y,v 1.29 2006/12/28 17:15:02 lha Exp $"); static Type *new_type (Typetype t); static struct constraint_spec *new_constraint_spec(enum ctype); @@ -466,16 +466,16 @@ union yyalloc /* YYFINAL -- State number of the termination state. */ #define YYFINAL 4 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 168 +#define YYLAST 169 /* YYNTOKENS -- Number of terminals. */ #define YYNTOKENS 98 /* YYNNTS -- Number of nonterminals. */ #define YYNNTS 67 /* YYNRULES -- Number of rules. */ -#define YYNRULES 130 +#define YYNRULES 131 /* YYNRULES -- Number of states. */ -#define YYNSTATES 201 +#define YYNSTATES 202 /* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ #define YYUNDEFTOK 2 @@ -538,11 +538,11 @@ static const unsigned short int yyprhs[] = 167, 171, 176, 180, 184, 189, 191, 193, 195, 197, 199, 202, 206, 208, 210, 212, 215, 219, 225, 230, 234, 239, 240, 242, 244, 246, 247, 249, 251, 256, - 258, 260, 262, 264, 266, 268, 270, 272, 276, 280, - 283, 285, 288, 292, 294, 298, 303, 305, 306, 310, - 311, 314, 319, 321, 323, 325, 327, 329, 331, 333, + 258, 260, 262, 264, 266, 268, 270, 272, 274, 278, + 282, 285, 287, 290, 294, 296, 300, 305, 307, 308, + 312, 313, 316, 321, 323, 325, 327, 329, 331, 333, 335, 337, 339, 341, 343, 345, 347, 349, 351, 353, - 355 + 355, 357 }; /* YYRHS -- A `-1'-separated list of the rules' RHS. */ @@ -574,16 +574,16 @@ static const short int yyrhs[] = 139, 141, 111, -1, 96, 140, 89, 97, -1, -1, 76, -1, 6, -1, 60, -1, -1, 27, -1, 38, -1, 86, 111, 84, 154, -1, 144, -1, 33, -1, - 78, -1, 61, -1, 36, -1, 10, -1, 79, -1, - 147, -1, 145, 91, 147, -1, 145, 91, 85, -1, - 86, 111, -1, 146, -1, 146, 54, -1, 146, 20, - 154, -1, 149, -1, 148, 91, 149, -1, 86, 92, - 89, 93, -1, 151, -1, -1, 94, 152, 95, -1, - -1, 153, 152, -1, 86, 92, 89, 93, -1, 86, - -1, 89, -1, 155, -1, 156, -1, 160, -1, 159, - -1, 161, -1, 164, -1, 163, -1, 157, -1, 158, - -1, 86, -1, 88, -1, 71, -1, 31, -1, 162, - -1, 89, -1, 49, -1, 151, -1 + 78, -1, 61, -1, 81, -1, 36, -1, 10, -1, + 79, -1, 147, -1, 145, 91, 147, -1, 145, 91, + 85, -1, 86, 111, -1, 146, -1, 146, 54, -1, + 146, 20, 154, -1, 149, -1, 148, 91, 149, -1, + 86, 92, 89, 93, -1, 151, -1, -1, 94, 152, + 95, -1, -1, 153, 152, -1, 86, 92, 89, 93, + -1, 86, -1, 89, -1, 155, -1, 156, -1, 160, + -1, 159, -1, 161, -1, 164, -1, 163, -1, 157, + -1, 158, -1, 86, -1, 88, -1, 71, -1, 31, + -1, 162, -1, 89, -1, 49, -1, 151, -1 }; /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ @@ -598,11 +598,11 @@ static const unsigned short int yyrline[] = 456, 464, 470, 478, 486, 493, 494, 497, 508, 513, 520, 536, 542, 545, 546, 549, 555, 563, 573, 579, 592, 601, 604, 608, 612, 619, 622, 626, 633, 644, - 647, 652, 657, 662, 667, 672, 680, 686, 691, 702, - 713, 719, 725, 733, 739, 746, 759, 760, 763, 770, - 773, 784, 788, 799, 805, 806, 809, 810, 811, 812, - 813, 816, 819, 822, 833, 841, 847, 855, 863, 866, - 871 + 647, 652, 657, 662, 667, 672, 677, 685, 691, 696, + 707, 718, 724, 730, 738, 744, 751, 764, 765, 768, + 775, 778, 789, 793, 804, 810, 811, 814, 815, 816, + 817, 818, 821, 824, 827, 838, 846, 852, 860, 868, + 871, 876 }; #endif @@ -682,11 +682,11 @@ static const unsigned char yyr1[] = 125, 126, 126, 127, 128, 129, 129, 130, 131, 131, 132, 133, 134, 135, 135, 136, 136, 136, 137, 138, 139, 140, 140, 140, 140, 141, 141, 141, 142, 143, - 144, 144, 144, 144, 144, 144, 145, 145, 145, 146, - 147, 147, 147, 148, 148, 149, 150, 150, 151, 152, - 152, 153, 153, 153, 154, 154, 155, 155, 155, 155, - 155, 156, 157, 158, 159, 160, 160, 161, 162, 163, - 164 + 144, 144, 144, 144, 144, 144, 144, 145, 145, 145, + 146, 147, 147, 147, 148, 148, 149, 150, 150, 151, + 152, 152, 153, 153, 153, 154, 154, 155, 155, 155, + 155, 155, 156, 157, 158, 159, 160, 160, 161, 162, + 163, 164 }; /* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ @@ -701,11 +701,11 @@ static const unsigned char yyr2[] = 3, 4, 3, 3, 4, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 2, 3, 5, 4, 3, 4, 0, 1, 1, 1, 0, 1, 1, 4, 1, - 1, 1, 1, 1, 1, 1, 1, 3, 3, 2, - 1, 2, 3, 1, 3, 4, 1, 0, 3, 0, - 2, 4, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 3, 3, + 2, 1, 2, 3, 1, 3, 4, 1, 0, 3, + 0, 2, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1 + 1, 1 }; /* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state @@ -716,76 +716,76 @@ static const unsigned char yydefact[] = 0, 0, 0, 6, 1, 0, 0, 0, 8, 5, 3, 4, 0, 0, 7, 0, 10, 14, 0, 0, 23, 0, 13, 15, 0, 2, 0, 9, 18, 20, - 21, 0, 11, 16, 0, 0, 94, 42, 0, 0, - 90, 68, 93, 44, 57, 0, 0, 92, 0, 0, - 69, 91, 95, 0, 67, 81, 0, 25, 29, 33, - 32, 28, 35, 36, 34, 37, 38, 39, 40, 31, - 26, 65, 66, 27, 41, 85, 30, 89, 19, 22, - 107, 53, 0, 0, 0, 0, 45, 55, 56, 0, - 0, 0, 0, 24, 83, 84, 82, 0, 0, 0, - 70, 86, 87, 0, 109, 17, 106, 0, 0, 0, - 100, 96, 0, 52, 47, 0, 126, 129, 125, 123, - 124, 128, 130, 0, 114, 115, 121, 122, 117, 116, - 118, 127, 120, 119, 0, 60, 59, 0, 63, 62, - 0, 0, 88, 0, 0, 0, 0, 72, 73, 74, - 79, 112, 113, 0, 109, 0, 0, 103, 99, 0, - 64, 0, 101, 0, 0, 51, 0, 46, 58, 61, - 80, 0, 75, 0, 71, 0, 108, 110, 0, 0, - 54, 98, 97, 102, 0, 49, 48, 0, 0, 0, - 76, 0, 0, 104, 50, 43, 78, 0, 111, 105, - 77 + 21, 0, 11, 16, 0, 0, 95, 42, 0, 0, + 90, 68, 94, 44, 57, 0, 0, 92, 0, 0, + 69, 91, 96, 93, 0, 67, 81, 0, 25, 29, + 33, 32, 28, 35, 36, 34, 37, 38, 39, 40, + 31, 26, 65, 66, 27, 41, 85, 30, 89, 19, + 22, 108, 53, 0, 0, 0, 0, 45, 55, 56, + 0, 0, 0, 0, 24, 83, 84, 82, 0, 0, + 0, 70, 86, 87, 0, 110, 17, 107, 0, 0, + 0, 101, 97, 0, 52, 47, 0, 127, 130, 126, + 124, 125, 129, 131, 0, 115, 116, 122, 123, 118, + 117, 119, 128, 121, 120, 0, 60, 59, 0, 63, + 62, 0, 0, 88, 0, 0, 0, 0, 72, 73, + 74, 79, 113, 114, 0, 110, 0, 0, 104, 100, + 0, 64, 0, 102, 0, 0, 51, 0, 46, 58, + 61, 80, 0, 75, 0, 71, 0, 109, 111, 0, + 0, 54, 99, 98, 103, 0, 49, 48, 0, 0, + 0, 76, 0, 0, 105, 50, 43, 78, 0, 112, + 106, 77 }; /* YYDEFGOTO[NTERM-NUM]. */ static const short int yydefgoto[] = { -1, 2, 8, 13, 18, 19, 21, 22, 23, 27, - 28, 24, 29, 56, 57, 58, 86, 59, 113, 114, - 60, 115, 61, 62, 63, 64, 65, 66, 67, 68, - 69, 70, 71, 72, 73, 100, 146, 147, 148, 149, - 74, 75, 97, 103, 30, 76, 77, 109, 110, 111, - 156, 157, 105, 122, 153, 154, 123, 124, 125, 126, - 127, 128, 129, 130, 131, 132, 133 + 28, 24, 29, 57, 58, 59, 87, 60, 114, 115, + 61, 116, 62, 63, 64, 65, 66, 67, 68, 69, + 70, 71, 72, 73, 74, 101, 147, 148, 149, 150, + 75, 76, 98, 104, 30, 77, 78, 110, 111, 112, + 157, 158, 106, 123, 154, 155, 124, 125, 126, 127, + 128, 129, 130, 131, 132, 133, 134 }; /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing STATE-NUM. */ -#define YYPACT_NINF -99 +#define YYPACT_NINF -100 static const short int yypact[] = { - -46, 20, 13, 21, -99, 11, 23, 25, 54, -99, - -99, -99, 58, 6, -99, 90, -34, 15, 80, 19, - 16, 18, 15, -99, 74, -99, -7, -99, 19, -99, - -99, 15, -99, -99, 24, 42, -99, -99, 17, 26, - -99, -99, -99, -73, -99, 76, 50, -99, -45, -44, - -99, -99, -99, 51, -99, 4, -67, -99, -99, -99, - -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, - -99, -99, -99, -99, -99, -16, -99, -99, -99, -99, - 27, 28, 33, 37, 47, 37, -99, -99, -99, 51, - -72, 51, -71, 22, -99, -99, -99, 35, 47, 12, - -99, -99, -99, 51, 2, -99, -99, 39, 51, -75, - -8, -99, 34, 36, -99, 43, -99, -99, -99, -99, - -99, -99, -99, 48, -99, -99, -99, -99, -99, -99, - -99, -99, -99, -99, -57, 22, -99, -48, 22, -99, - -22, 45, -99, 120, 51, 122, 46, -99, -99, -99, - 22, 52, -99, 53, 2, 57, -9, -99, 22, -53, - -99, 47, -99, 56, -19, -99, 47, -99, -99, -99, - -99, 49, -18, 47, -99, 61, -99, -99, 62, 39, - -99, -99, -99, -99, 59, -99, -99, 60, 63, 128, - -99, 64, 66, -99, -99, -99, -99, 47, -99, -99, - -99 + -65, 19, 33, 5, -100, -29, -17, 11, 53, -100, + -100, -100, 47, 13, -100, 90, -34, 18, 81, 20, + 16, 21, 18, -100, 76, -100, -7, -100, 20, -100, + -100, 18, -100, -100, 23, 43, -100, -100, 24, 25, + -100, -100, -100, -4, -100, 77, 46, -100, -48, -45, + -100, -100, -100, -100, 51, -100, 4, -64, -100, -100, + -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, + -100, -100, -100, -100, -100, -100, -16, -100, -100, -100, + -100, 26, 27, 31, 36, 52, 36, -100, -100, -100, + 51, -71, 51, -70, 32, -100, -100, -100, 37, 52, + 12, -100, -100, -100, 51, -39, -100, -100, 39, 51, + -78, -6, -100, 35, 40, -100, 38, -100, -100, -100, + -100, -100, -100, -100, 56, -100, -100, -100, -100, -100, + -100, -100, -100, -100, -100, -72, 32, -100, -57, 32, + -100, -36, 45, -100, 122, 51, 123, 50, -100, -100, + -100, 32, 44, -100, 49, -39, 57, -22, -100, 32, + -19, -100, 52, -100, 59, 10, -100, 52, -100, -100, + -100, -100, 58, -14, 52, -100, 61, -100, -100, 62, + 39, -100, -100, -100, -100, 60, -100, -100, 63, 64, + 133, -100, 65, 67, -100, -100, -100, -100, 52, -100, + -100, -100 }; /* YYPGOTO[NTERM-NUM]. */ -static const yysigned_char yypgoto[] = +static const short int yypgoto[] = { - -99, -99, -99, -99, -99, -99, -99, -99, 124, 126, - -99, 125, -99, -52, -99, -99, -99, -99, 70, -4, - -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, - -99, -99, -99, -99, -99, -99, -99, -99, -99, -99, - -99, -99, -99, -99, -99, -99, -99, -37, -99, 3, - -99, -15, -99, 81, 9, -99, -98, -99, -99, -99, - -99, -99, -99, -99, 5, -99, -99 + -100, -100, -100, -100, -100, -100, -100, -100, 132, 127, + -100, 126, -100, -53, -100, -100, -100, -100, 75, -3, + -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, + -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, + -100, -100, -100, -100, -100, -100, -100, 0, -100, 3, + -100, -15, -100, 83, 14, -100, -99, -100, -100, -100, + -100, -100, -100, -100, 2, -100, -100 }; /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If @@ -795,44 +795,44 @@ static const yysigned_char yypgoto[] = #define YYTABLE_NINF -13 static const short int yytable[] = { - 142, 93, 35, 36, 37, 189, 17, 38, 89, 91, - 94, 101, 161, 4, 108, 108, 159, 98, 39, 84, - 160, 85, 102, 136, 139, 99, 40, 41, 5, 42, - 143, 144, 181, 108, 164, 145, 43, 135, 167, 138, - 1, 3, 44, 159, 45, 46, 162, 168, 6, 90, - 92, 150, -12, 137, 47, 140, 158, 48, 49, 7, - 35, 36, 37, 183, 95, 38, 185, 112, 187, 159, - 50, 51, 52, 169, 99, 190, 39, 53, 116, 54, - 96, 9, 179, 12, 40, 41, 180, 42, 151, 55, - 15, 152, 172, 10, 43, 11, 117, 14, 16, 200, - 44, 20, 45, 46, 25, 26, 34, 31, 32, 81, - 80, 82, 47, 87, 99, 48, 49, 88, 118, 108, - 83, 104, 107, 112, 141, 155, 163, 164, 50, 51, - 52, 166, 171, 119, 173, 120, 121, 54, 165, 174, - 197, 104, 170, 188, 175, 121, 33, 55, 176, 178, - 191, 192, 194, 195, 78, 134, 79, 198, 196, 199, - 186, 106, 182, 177, 193, 0, 0, 0, 184 + 143, 94, 35, 36, 37, 90, 17, 38, 92, 190, + 95, 102, 5, 160, 162, 109, 109, 161, 39, 165, + 99, 1, 103, 168, 137, 140, 40, 41, 100, 42, + 144, 145, 6, 4, 160, 146, 43, 136, 169, 139, + 3, 9, 44, 7, 45, 46, 91, 152, 163, 93, + 153, 151, -12, 10, 47, 160, 159, 48, 49, 170, + 35, 36, 37, 184, 96, 38, 182, 109, 188, 180, + 50, 51, 52, 181, 53, 191, 39, 54, 100, 55, + 97, 11, 12, 117, 40, 41, 14, 42, 85, 56, + 86, 138, 173, 141, 43, 186, 113, 15, 16, 201, + 44, 118, 45, 46, 20, 25, 26, 31, 34, 81, + 82, 32, 47, 89, 88, 48, 49, 109, 83, 84, + 105, 108, 113, 119, 100, 156, 142, 164, 50, 51, + 52, 165, 53, 166, 172, 174, 176, 55, 120, 167, + 121, 122, 171, 175, 177, 198, 105, 56, 122, 179, + 192, 193, 189, 195, 33, 79, 196, 80, 199, 197, + 200, 135, 187, 183, 107, 194, 185, 0, 0, 178 }; static const short int yycheck[] = { - 98, 53, 9, 10, 11, 23, 40, 14, 53, 53, - 6, 27, 20, 0, 86, 86, 91, 84, 25, 92, - 95, 94, 38, 95, 95, 92, 33, 34, 7, 36, - 18, 19, 85, 86, 91, 23, 43, 89, 95, 91, - 86, 21, 49, 91, 51, 52, 54, 95, 27, 94, - 94, 103, 86, 90, 61, 92, 108, 64, 65, 38, - 9, 10, 11, 161, 60, 14, 85, 86, 166, 91, - 77, 78, 79, 95, 92, 173, 25, 84, 31, 86, - 76, 70, 91, 29, 33, 34, 95, 36, 86, 96, - 84, 89, 144, 70, 43, 70, 49, 39, 8, 197, - 49, 86, 51, 52, 24, 86, 32, 91, 90, 67, - 86, 94, 61, 37, 92, 64, 65, 67, 71, 86, - 94, 94, 94, 86, 89, 86, 92, 91, 77, 78, - 79, 83, 12, 86, 12, 88, 89, 86, 95, 93, - 12, 94, 97, 94, 92, 89, 22, 96, 95, 92, - 89, 89, 93, 93, 28, 85, 31, 93, 95, 93, - 164, 80, 159, 154, 179, -1, -1, -1, 163 + 99, 54, 9, 10, 11, 53, 40, 14, 53, 23, + 6, 27, 7, 91, 20, 86, 86, 95, 25, 91, + 84, 86, 38, 95, 95, 95, 33, 34, 92, 36, + 18, 19, 27, 0, 91, 23, 43, 90, 95, 92, + 21, 70, 49, 38, 51, 52, 94, 86, 54, 94, + 89, 104, 86, 70, 61, 91, 109, 64, 65, 95, + 9, 10, 11, 162, 60, 14, 85, 86, 167, 91, + 77, 78, 79, 95, 81, 174, 25, 84, 92, 86, + 76, 70, 29, 31, 33, 34, 39, 36, 92, 96, + 94, 91, 145, 93, 43, 85, 86, 84, 8, 198, + 49, 49, 51, 52, 86, 24, 86, 91, 32, 86, + 67, 90, 61, 67, 37, 64, 65, 86, 94, 94, + 94, 94, 86, 71, 92, 86, 89, 92, 77, 78, + 79, 91, 81, 95, 12, 12, 92, 86, 86, 83, + 88, 89, 97, 93, 95, 12, 94, 96, 89, 92, + 89, 89, 94, 93, 22, 28, 93, 31, 93, 95, + 93, 86, 165, 160, 81, 180, 164, -1, -1, 155 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing @@ -844,22 +844,22 @@ static const unsigned char yystos[] = 86, 104, 105, 106, 109, 24, 86, 107, 108, 110, 142, 91, 90, 106, 32, 9, 10, 11, 14, 25, 33, 34, 36, 43, 49, 51, 52, 61, 64, 65, - 77, 78, 79, 84, 86, 96, 111, 112, 113, 115, - 118, 120, 121, 122, 123, 124, 125, 126, 127, 128, - 129, 130, 131, 132, 138, 139, 143, 144, 107, 109, - 86, 67, 94, 94, 92, 94, 114, 37, 67, 53, - 94, 53, 94, 111, 6, 60, 76, 140, 84, 92, - 133, 27, 38, 141, 94, 150, 151, 94, 86, 145, - 146, 147, 86, 116, 117, 119, 31, 49, 71, 86, - 88, 89, 151, 154, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 116, 111, 95, 145, 111, 95, - 145, 89, 154, 18, 19, 23, 134, 135, 136, 137, - 111, 86, 89, 152, 153, 86, 148, 149, 111, 91, - 95, 20, 54, 92, 91, 95, 83, 95, 95, 95, - 97, 12, 111, 12, 93, 92, 95, 152, 92, 91, - 95, 85, 147, 154, 162, 85, 117, 154, 94, 23, - 154, 89, 89, 149, 93, 93, 95, 12, 93, 93, - 154 + 77, 78, 79, 81, 84, 86, 96, 111, 112, 113, + 115, 118, 120, 121, 122, 123, 124, 125, 126, 127, + 128, 129, 130, 131, 132, 138, 139, 143, 144, 107, + 109, 86, 67, 94, 94, 92, 94, 114, 37, 67, + 53, 94, 53, 94, 111, 6, 60, 76, 140, 84, + 92, 133, 27, 38, 141, 94, 150, 151, 94, 86, + 145, 146, 147, 86, 116, 117, 119, 31, 49, 71, + 86, 88, 89, 151, 154, 155, 156, 157, 158, 159, + 160, 161, 162, 163, 164, 116, 111, 95, 145, 111, + 95, 145, 89, 154, 18, 19, 23, 134, 135, 136, + 137, 111, 86, 89, 152, 153, 86, 148, 149, 111, + 91, 95, 20, 54, 92, 91, 95, 83, 95, 95, + 95, 97, 12, 111, 12, 93, 92, 95, 152, 92, + 91, 95, 85, 147, 154, 162, 85, 117, 154, 94, + 23, 154, 89, 89, 149, 93, 93, 95, 12, 93, + 93, 154 }; #define yyerrok (yyerrstatus = 0) @@ -1987,29 +1987,37 @@ yyreduce: case 93: #line 663 "parse.y" { - (yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, - TE_EXPLICIT, new_type(TIA5String)); + (yyval.type) = new_tag(ASN1_C_UNIV, UT_VisibleString, + TE_EXPLICIT, new_type(TVisibleString)); } break; case 94: #line 668 "parse.y" { - (yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, - TE_EXPLICIT, new_type(TBMPString)); + (yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, + TE_EXPLICIT, new_type(TIA5String)); } break; case 95: #line 673 "parse.y" + { + (yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, + TE_EXPLICIT, new_type(TBMPString)); + } + break; + + case 96: +#line 678 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString, TE_EXPLICIT, new_type(TUniversalString)); } break; - case 96: -#line 681 "parse.y" + case 97: +#line 686 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -2017,16 +2025,16 @@ yyreduce: } break; - case 97: -#line 687 "parse.y" + case 98: +#line 692 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members); (yyval.members) = (yyvsp[-2].members); } break; - case 98: -#line 692 "parse.y" + case 99: +#line 697 "parse.y" { struct member *m = ecalloc(1, sizeof(*m)); m->name = estrdup("..."); @@ -2037,8 +2045,8 @@ yyreduce: } break; - case 99: -#line 703 "parse.y" + case 100: +#line 708 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[-1].name); @@ -2049,8 +2057,8 @@ yyreduce: } break; - case 100: -#line 714 "parse.y" + case 101: +#line 719 "parse.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->optional = 0; @@ -2058,8 +2066,8 @@ yyreduce: } break; - case 101: -#line 720 "parse.y" + case 102: +#line 725 "parse.y" { (yyval.member) = (yyvsp[-1].member); (yyval.member)->optional = 1; @@ -2067,8 +2075,8 @@ yyreduce: } break; - case 102: -#line 726 "parse.y" + case 103: +#line 731 "parse.y" { (yyval.member) = (yyvsp[-2].member); (yyval.member)->optional = 0; @@ -2076,8 +2084,8 @@ yyreduce: } break; - case 103: -#line 734 "parse.y" + case 104: +#line 739 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -2085,16 +2093,16 @@ yyreduce: } break; - case 104: -#line 740 "parse.y" + case 105: +#line 745 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members); (yyval.members) = (yyvsp[-2].members); } break; - case 105: -#line 747 "parse.y" + case 106: +#line 752 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[-3].name); @@ -2107,27 +2115,27 @@ yyreduce: } break; - case 107: -#line 760 "parse.y" + case 108: +#line 765 "parse.y" { (yyval.objid) = NULL; } break; - case 108: -#line 764 "parse.y" + case 109: +#line 769 "parse.y" { (yyval.objid) = (yyvsp[-1].objid); } break; - case 109: -#line 770 "parse.y" + case 110: +#line 775 "parse.y" { (yyval.objid) = NULL; } break; - case 110: -#line 774 "parse.y" + case 111: +#line 779 "parse.y" { if ((yyvsp[0].objid)) { (yyval.objid) = (yyvsp[0].objid); @@ -2138,15 +2146,15 @@ yyreduce: } break; - case 111: -#line 785 "parse.y" + case 112: +#line 790 "parse.y" { (yyval.objid) = new_objid((yyvsp[-3].name), (yyvsp[-1].constant)); } break; - case 112: -#line 789 "parse.y" + case 113: +#line 794 "parse.y" { Symbol *s = addsym((yyvsp[0].name)); if(s->stype != SValue || @@ -2159,15 +2167,15 @@ yyreduce: } break; - case 113: -#line 800 "parse.y" + case 114: +#line 805 "parse.y" { (yyval.objid) = new_objid(NULL, (yyvsp[0].constant)); } break; - case 123: -#line 823 "parse.y" + case 124: +#line 828 "parse.y" { Symbol *s = addsym((yyvsp[0].name)); if(s->stype != SValue) @@ -2178,8 +2186,8 @@ yyreduce: } break; - case 124: -#line 834 "parse.y" + case 125: +#line 839 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = stringvalue; @@ -2187,8 +2195,8 @@ yyreduce: } break; - case 125: -#line 842 "parse.y" + case 126: +#line 847 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2196,8 +2204,8 @@ yyreduce: } break; - case 126: -#line 848 "parse.y" + case 127: +#line 853 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2205,8 +2213,8 @@ yyreduce: } break; - case 127: -#line 856 "parse.y" + case 128: +#line 861 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = integervalue; @@ -2214,14 +2222,14 @@ yyreduce: } break; - case 129: -#line 867 "parse.y" + case 130: +#line 872 "parse.y" { } break; - case 130: -#line 872 "parse.y" + case 131: +#line 877 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = objectidentifiervalue; @@ -2234,7 +2242,7 @@ yyreduce: } /* Line 1126 of yacc.c. */ -#line 2238 "parse.c" +#line 2246 "parse.c" yyvsp -= yylen; yyssp -= yylen; @@ -2502,7 +2510,7 @@ yyreturn: } -#line 879 "parse.y" +#line 884 "parse.y" void diff --git a/source4/heimdal/lib/asn1/parse.y b/source4/heimdal/lib/asn1/parse.y index 2238478284..029cef9f0f 100644 --- a/source4/heimdal/lib/asn1/parse.y +++ b/source4/heimdal/lib/asn1/parse.y @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse.y,v 1.27 2005/12/14 09:44:36 lha Exp $ */ +/* $Id: parse.y,v 1.29 2006/12/28 17:15:02 lha Exp $ */ %{ #ifdef HAVE_CONFIG_H @@ -45,7 +45,7 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y,v 1.27 2005/12/14 09:44:36 lha Exp $"); +RCSID("$Id: parse.y,v 1.29 2006/12/28 17:15:02 lha Exp $"); static Type *new_type (Typetype t); static struct constraint_spec *new_constraint_spec(enum ctype); @@ -537,8 +537,10 @@ Constraint : '(' ConstraintSpec ')' { $$ = $2; } + ; ConstraintSpec : GeneralConstraint + ; GeneralConstraint: ContentsConstraint | UserDefinedConstraint @@ -657,6 +659,11 @@ RestrictedCharactedStringType: kw_GeneralString $$ = new_tag(ASN1_C_UNIV, UT_PrintableString, TE_EXPLICIT, new_type(TPrintableString)); } + | kw_VisibleString + { + $$ = new_tag(ASN1_C_UNIV, UT_VisibleString, + TE_EXPLICIT, new_type(TVisibleString)); + } | kw_IA5String { $$ = new_tag(ASN1_C_UNIV, UT_IA5String, diff --git a/source4/heimdal/lib/asn1/rfc2459.asn1 b/source4/heimdal/lib/asn1/rfc2459.asn1 index eebbc3211b..430674a5ee 100644 --- a/source4/heimdal/lib/asn1/rfc2459.asn1 +++ b/source4/heimdal/lib/asn1/rfc2459.asn1 @@ -406,13 +406,31 @@ CRLReason ::= ENUMERATED { aACompromise (10) } +id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) } + +id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 } +id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 } + +id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 } +id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 } +id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 } +id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 } +id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 } +id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 } + -- RFC 3820 Proxy Certificate Profile -id-pkix-pe OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) - dod(6) internet(1) security(5) mechanisms(5) pkix(7) 1 } +id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 } id-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 } +id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 } + +id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 } +id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 } +id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 } + ProxyPolicy ::= SEQUENCE { policyLanguage OBJECT IDENTIFIER, policy OCTET STRING OPTIONAL diff --git a/source4/heimdal/lib/asn1/symbol.h b/source4/heimdal/lib/asn1/symbol.h index 93a6e019bd..436bd043a1 100644 --- a/source4/heimdal/lib/asn1/symbol.h +++ b/source4/heimdal/lib/asn1/symbol.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: symbol.h,v 1.13 2005/12/06 19:59:52 lha Exp $ */ +/* $Id: symbol.h,v 1.14 2006/12/28 17:15:05 lha Exp $ */ #ifndef _SYMBOL_H #define _SYMBOL_H @@ -60,7 +60,8 @@ enum typetype { TUTCTime, TUTF8String, TBMPString, - TUniversalString + TUniversalString, + TVisibleString }; typedef enum typetype Typetype; diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index 30b44d0c19..8b7113baa2 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -1,7 +1,8 @@ -/* A lexical scanner generated by flex */ +#include "config.h" +/* A lexical scanner generated by flex*/ /* Scanner skeleton version: - * $Header: /cvs/root/flex/flex/skel.c,v 1.2 2004/05/07 00:28:17 jkh Exp $ + * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ */ #define FLEX_SCANNER @@ -9,6 +10,7 @@ #define YY_FLEX_MINOR_VERSION 5 #include +#include /* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ @@ -22,7 +24,6 @@ #ifdef __cplusplus #include -#include /* Use prototypes in function declarations. */ #define YY_USE_PROTOS @@ -134,6 +135,15 @@ extern FILE *yyin, *yyout; #define unput(c) yyunput( c, yytext_ptr ) +/* Some routines like yy_flex_realloc() are emitted as static but are + not called by all lexers. This generates warnings in some compilers, + notably GCC. Arrange to suppress these. */ +#ifdef __GNUC__ +#define YY_MAY_BE_UNUSED __attribute__((unused)) +#else +#define YY_MAY_BE_UNUSED +#endif + /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). @@ -240,7 +250,7 @@ YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); static void *yy_flex_alloc YY_PROTO(( yy_size_t )); -static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); +static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )) YY_MAY_BE_UNUSED; static void yy_flex_free YY_PROTO(( void * )); #define yy_new_buffer yy_create_buffer @@ -385,9 +395,9 @@ static char *yy_last_accepting_cpos; #define YY_MORE_ADJ 0 #define YY_RESTORE_YY_MORE_OFFSET char *yytext; -#line 1 "../../../lib/com_err/lex.l" +#line 1 "lex.l" #define INITIAL 0 -#line 2 "../../../lib/com_err/lex.l" +#line 2 "lex.l" /* * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). @@ -442,7 +452,7 @@ static int getstring(void); #undef ECHO -#line 446 "lex.c" +#line 455 "lex.yy.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -590,12 +600,12 @@ YY_MALLOC_DECL YY_DECL { register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; + register char *yy_cp = NULL, *yy_bp = NULL; register int yy_act; -#line 59 "../../../lib/com_err/lex.l" +#line 59 "lex.l" -#line 599 "lex.c" +#line 608 "lex.yy.c" if ( yy_init ) { @@ -680,85 +690,85 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP -#line 60 "../../../lib/com_err/lex.l" +#line 60 "lex.l" { return ET; } YY_BREAK case 2: YY_RULE_SETUP -#line 61 "../../../lib/com_err/lex.l" +#line 61 "lex.l" { return ET; } YY_BREAK case 3: YY_RULE_SETUP -#line 62 "../../../lib/com_err/lex.l" +#line 62 "lex.l" { return EC; } YY_BREAK case 4: YY_RULE_SETUP -#line 63 "../../../lib/com_err/lex.l" +#line 63 "lex.l" { return EC; } YY_BREAK case 5: YY_RULE_SETUP -#line 64 "../../../lib/com_err/lex.l" +#line 64 "lex.l" { return PREFIX; } YY_BREAK case 6: YY_RULE_SETUP -#line 65 "../../../lib/com_err/lex.l" +#line 65 "lex.l" { return INDEX; } YY_BREAK case 7: YY_RULE_SETUP -#line 66 "../../../lib/com_err/lex.l" +#line 66 "lex.l" { return ID; } YY_BREAK case 8: YY_RULE_SETUP -#line 67 "../../../lib/com_err/lex.l" +#line 67 "lex.l" { return END; } YY_BREAK case 9: YY_RULE_SETUP -#line 68 "../../../lib/com_err/lex.l" +#line 68 "lex.l" { yylval.number = atoi(yytext); return NUMBER; } YY_BREAK case 10: YY_RULE_SETUP -#line 69 "../../../lib/com_err/lex.l" +#line 69 "lex.l" ; YY_BREAK case 11: YY_RULE_SETUP -#line 70 "../../../lib/com_err/lex.l" +#line 70 "lex.l" ; YY_BREAK case 12: YY_RULE_SETUP -#line 71 "../../../lib/com_err/lex.l" +#line 71 "lex.l" { lineno++; } YY_BREAK case 13: YY_RULE_SETUP -#line 72 "../../../lib/com_err/lex.l" +#line 72 "lex.l" { return getstring(); } YY_BREAK case 14: YY_RULE_SETUP -#line 73 "../../../lib/com_err/lex.l" +#line 73 "lex.l" { yylval.string = strdup(yytext); return STRING; } YY_BREAK case 15: YY_RULE_SETUP -#line 74 "../../../lib/com_err/lex.l" +#line 74 "lex.l" { return *yytext; } YY_BREAK case 16: YY_RULE_SETUP -#line 75 "../../../lib/com_err/lex.l" +#line 75 "lex.l" ECHO; YY_BREAK -#line 762 "lex.c" +#line 771 "lex.yy.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -1140,6 +1150,7 @@ register char *yy_bp; #endif /* ifndef YY_NO_UNPUT */ +#ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput() #else @@ -1211,7 +1222,7 @@ static int input() return c; } - +#endif /* YY_NO_INPUT */ #ifdef YY_USE_PROTOS void yyrestart( FILE *input_file ) @@ -1322,11 +1333,6 @@ YY_BUFFER_STATE b; } -#ifndef YY_ALWAYS_INTERACTIVE -#ifndef YY_NEVER_INTERACTIVE -extern int isatty YY_PROTO(( int )); -#endif -#endif #ifdef YY_USE_PROTOS void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) @@ -1644,7 +1650,7 @@ int main() return 0; } #endif -#line 75 "../../../lib/com_err/lex.l" +#line 75 "lex.l" #ifndef yywrap /* XXX */ diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c index a7160a4d42..4cef0c492d 100644 --- a/source4/heimdal/lib/com_err/parse.c +++ b/source4/heimdal/lib/com_err/parse.c @@ -1,19 +1,86 @@ +/* A Bison parser, made by GNU Bison 2.1. */ -/* A Bison parser, made from ../../../lib/com_err/parse.y - by GNU Bison version 1.28 */ +/* Skeleton parser for Yacc-like parsing with Bison, + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. -#define YYBISON 1 /* Identify Bison output. */ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. */ + +/* As a special exception, when this file is copied by Bison into a + Bison output file, you may use that output file without restriction. + This special exception was added by the Free Software Foundation + in version 1.24 of Bison. */ + +/* Written by Richard Stallman by simplifying the original so called + ``semantic'' parser. */ + +/* All symbols defined below should begin with yy or YY, to avoid + infringing on user name space. This should be done even for local + variables, as they might otherwise be expanded by user macros. + There are some unavoidable exceptions within include files to + define necessary library symbols; they are noted "INFRINGES ON + USER NAME SPACE" below. */ + +/* Identify Bison output. */ +#define YYBISON 1 + +/* Bison version. */ +#define YYBISON_VERSION "2.1" + +/* Skeleton name. */ +#define YYSKELETON_NAME "yacc.c" -#define ET 257 -#define INDEX 258 -#define PREFIX 259 -#define EC 260 -#define ID 261 -#define END 262 -#define STRING 263 -#define NUMBER 264 +/* Pure parsers. */ +#define YYPURE 0 -#line 1 "../../../lib/com_err/parse.y" +/* Using locations. */ +#define YYLSP_NEEDED 0 + + + +/* Tokens. */ +#ifndef YYTOKENTYPE +# define YYTOKENTYPE + /* Put the tokens into the symbol table, so that GDB and other debuggers + know about them. */ + enum yytokentype { + ET = 258, + INDEX = 259, + PREFIX = 260, + EC = 261, + ID = 262, + END = 263, + STRING = 264, + NUMBER = 265 + }; +#endif +/* Tokens. */ +#define ET 258 +#define INDEX 259 +#define PREFIX 260 +#define EC 261 +#define ID 262 +#define END 263 +#define STRING 264 +#define NUMBER 265 + + + + +/* Copy the first part of user declarations. */ +#line 1 "parse.y" /* * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan @@ -65,425 +132,834 @@ extern char *yytext; #endif -#line 53 "../../../lib/com_err/parse.y" -typedef union { + +/* Enabling traces. */ +#ifndef YYDEBUG +# define YYDEBUG 0 +#endif + +/* Enabling verbose error messages. */ +#ifdef YYERROR_VERBOSE +# undef YYERROR_VERBOSE +# define YYERROR_VERBOSE 1 +#else +# define YYERROR_VERBOSE 0 +#endif + +/* Enabling the token table. */ +#ifndef YYTOKEN_TABLE +# define YYTOKEN_TABLE 0 +#endif + +#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) +#line 53 "parse.y" +typedef union YYSTYPE { char *string; int number; } YYSTYPE; -#include - -#ifndef __cplusplus -#ifndef __STDC__ -#define const -#endif +/* Line 196 of yacc.c. */ +#line 162 "$base.c" +# define yystype YYSTYPE /* obsolescent; will be withdrawn */ +# define YYSTYPE_IS_DECLARED 1 +# define YYSTYPE_IS_TRIVIAL 1 #endif -#define YYFINAL 24 -#define YYFLAG -32768 -#define YYNTBASE 12 - -#define YYTRANSLATE(x) ((unsigned)(x) <= 264 ? yytranslate[x] : 18) - -static const char yytranslate[] = { 0, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 11, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 1, 3, 4, 5, 6, - 7, 8, 9, 10 -}; +/* Copy the second part of user declarations. */ -#if YYDEBUG != 0 -static const short yyprhs[] = { 0, - 0, 1, 4, 7, 9, 12, 15, 19, 21, 24, - 27, 30, 32, 37 -}; -static const short yyrhs[] = { -1, - 13, 16, 0, 14, 15, 0, 15, 0, 7, 9, - 0, 3, 9, 0, 3, 9, 9, 0, 17, 0, - 16, 17, 0, 4, 10, 0, 5, 9, 0, 5, - 0, 6, 9, 11, 9, 0, 8, 0 -}; +/* Line 219 of yacc.c. */ +#line 174 "$base.c" +#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) +# define YYSIZE_T __SIZE_TYPE__ +#endif +#if ! defined (YYSIZE_T) && defined (size_t) +# define YYSIZE_T size_t +#endif +#if ! defined (YYSIZE_T) && (defined (__STDC__) || defined (__cplusplus)) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +#endif +#if ! defined (YYSIZE_T) +# define YYSIZE_T unsigned int #endif -#if YYDEBUG != 0 -static const short yyrline[] = { 0, - 64, 65, 68, 69, 72, 78, 84, 93, 94, 97, - 101, 109, 116, 136 -}; +#ifndef YY_ +# if YYENABLE_NLS +# if ENABLE_NLS +# include /* INFRINGES ON USER NAME SPACE */ +# define YY_(msgid) dgettext ("bison-runtime", msgid) +# endif +# endif +# ifndef YY_ +# define YY_(msgid) msgid +# endif #endif +#if ! defined (yyoverflow) || YYERROR_VERBOSE + +/* The parser invokes alloca or malloc; define the necessary symbols. */ + +# ifdef YYSTACK_USE_ALLOCA +# if YYSTACK_USE_ALLOCA +# ifdef __GNUC__ +# define YYSTACK_ALLOC __builtin_alloca +# else +# define YYSTACK_ALLOC alloca +# if defined (__STDC__) || defined (__cplusplus) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYINCLUDED_STDLIB_H +# endif +# endif +# endif +# endif + +# ifdef YYSTACK_ALLOC + /* Pacify GCC's `empty if-body' warning. */ +# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) +# ifndef YYSTACK_ALLOC_MAXIMUM + /* The OS might guarantee only one guard page at the bottom of the stack, + and a page size can be as small as 4096 bytes. So we cannot safely + invoke alloca (N) if N exceeds 4096. Use a slightly smaller number + to allow for a few compiler-allocated temporary stack slots. */ +# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2005 */ +# endif +# else +# define YYSTACK_ALLOC YYMALLOC +# define YYSTACK_FREE YYFREE +# ifndef YYSTACK_ALLOC_MAXIMUM +# define YYSTACK_ALLOC_MAXIMUM ((YYSIZE_T) -1) +# endif +# ifdef __cplusplus +extern "C" { +# endif +# ifndef YYMALLOC +# define YYMALLOC malloc +# if (! defined (malloc) && ! defined (YYINCLUDED_STDLIB_H) \ + && (defined (__STDC__) || defined (__cplusplus))) +void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ +# endif +# endif +# ifndef YYFREE +# define YYFREE free +# if (! defined (free) && ! defined (YYINCLUDED_STDLIB_H) \ + && (defined (__STDC__) || defined (__cplusplus))) +void free (void *); /* INFRINGES ON USER NAME SPACE */ +# endif +# endif +# ifdef __cplusplus +} +# endif +# endif +#endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */ -#if YYDEBUG != 0 || defined (YYERROR_VERBOSE) -static const char * const yytname[] = { "$","error","$undefined.","ET","INDEX", -"PREFIX","EC","ID","END","STRING","NUMBER","','","file","header","id","et","statements", -"statement", NULL -}; +#if (! defined (yyoverflow) \ + && (! defined (__cplusplus) \ + || (defined (YYSTYPE_IS_TRIVIAL) && YYSTYPE_IS_TRIVIAL))) + +/* A type that is properly aligned for any stack member. */ +union yyalloc +{ + short int yyss; + YYSTYPE yyvs; + }; + +/* The size of the maximum gap between one aligned stack and the next. */ +# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) + +/* The size of an array large to enough to hold all stacks, each with + N elements. */ +# define YYSTACK_BYTES(N) \ + ((N) * (sizeof (short int) + sizeof (YYSTYPE)) \ + + YYSTACK_GAP_MAXIMUM) + +/* Copy COUNT objects from FROM to TO. The source and destination do + not overlap. */ +# ifndef YYCOPY +# if defined (__GNUC__) && 1 < __GNUC__ +# define YYCOPY(To, From, Count) \ + __builtin_memcpy (To, From, (Count) * sizeof (*(From))) +# else +# define YYCOPY(To, From, Count) \ + do \ + { \ + YYSIZE_T yyi; \ + for (yyi = 0; yyi < (Count); yyi++) \ + (To)[yyi] = (From)[yyi]; \ + } \ + while (0) +# endif +# endif + +/* Relocate STACK from its old location to the new one. The + local variables YYSIZE and YYSTACKSIZE give the old and new number of + elements in the stack, and YYPTR gives the new location of the + stack. Advance YYPTR to a properly aligned location for the next + stack. */ +# define YYSTACK_RELOCATE(Stack) \ + do \ + { \ + YYSIZE_T yynewbytes; \ + YYCOPY (&yyptr->Stack, Stack, yysize); \ + Stack = &yyptr->Stack; \ + yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ + yyptr += yynewbytes / sizeof (*yyptr); \ + } \ + while (0) + #endif -static const short yyr1[] = { 0, - 12, 12, 13, 13, 14, 15, 15, 16, 16, 17, - 17, 17, 17, 17 -}; +#if defined (__STDC__) || defined (__cplusplus) + typedef signed char yysigned_char; +#else + typedef short int yysigned_char; +#endif -static const short yyr2[] = { 0, - 0, 2, 2, 1, 2, 2, 3, 1, 2, 2, - 2, 1, 4, 1 +/* YYFINAL -- State number of the termination state. */ +#define YYFINAL 9 +/* YYLAST -- Last index in YYTABLE. */ +#define YYLAST 23 + +/* YYNTOKENS -- Number of terminals. */ +#define YYNTOKENS 12 +/* YYNNTS -- Number of nonterminals. */ +#define YYNNTS 7 +/* YYNRULES -- Number of rules. */ +#define YYNRULES 15 +/* YYNRULES -- Number of states. */ +#define YYNSTATES 24 + +/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ +#define YYUNDEFTOK 2 +#define YYMAXUTOK 265 + +#define YYTRANSLATE(YYX) \ + ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) + +/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ +static const unsigned char yytranslate[] = +{ + 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 11, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, + 5, 6, 7, 8, 9, 10 }; -static const short yydefact[] = { 1, - 0, 0, 0, 0, 4, 6, 5, 0, 12, 0, - 14, 2, 8, 3, 7, 10, 11, 0, 9, 0, - 13, 0, 0, 0 +#if YYDEBUG +/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in + YYRHS. */ +static const unsigned char yyprhs[] = +{ + 0, 0, 3, 4, 7, 10, 12, 15, 18, 22, + 24, 27, 30, 33, 35, 40 }; -static const short yydefgoto[] = { 22, - 3, 4, 5, 12, 13 +/* YYRHS -- A `-1'-separated list of the rules' RHS. */ +static const yysigned_char yyrhs[] = +{ + 13, 0, -1, -1, 14, 17, -1, 15, 16, -1, + 16, -1, 7, 9, -1, 3, 9, -1, 3, 9, + 9, -1, 18, -1, 17, 18, -1, 4, 10, -1, + 5, 9, -1, 5, -1, 6, 9, 11, 9, -1, + 8, -1 }; -static const short yypact[] = { 0, - -3, -1, -4, 2,-32768, 1,-32768, 3, 5, 6, --32768, -4,-32768,-32768,-32768,-32768,-32768, -2,-32768, 7, --32768, 11, 12,-32768 +/* YYRLINE[YYN] -- source line where rule number YYN was defined. */ +static const unsigned char yyrline[] = +{ + 0, 64, 64, 65, 68, 69, 72, 78, 84, 93, + 94, 97, 101, 109, 116, 136 }; +#endif -static const short yypgoto[] = {-32768, --32768,-32768, 13,-32768, 8 +#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE +/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. + First, the terminals, then, starting at YYNTOKENS, nonterminals. */ +static const char *const yytname[] = +{ + "$end", "error", "$undefined", "ET", "INDEX", "PREFIX", "EC", "ID", + "END", "STRING", "NUMBER", "','", "$accept", "file", "header", "id", + "et", "statements", "statement", 0 }; +#endif +# ifdef YYPRINT +/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to + token YYLEX-NUM. */ +static const unsigned short int yytoknum[] = +{ + 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, + 265, 44 +}; +# endif -#define YYLAST 20 - - -static const short yytable[] = { 8, - 9, 10, 1, 11, 1, 6, 2, 7, 20, 15, - 23, 24, 16, 17, 18, 21, 14, 0, 0, 19 +/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ +static const unsigned char yyr1[] = +{ + 0, 12, 13, 13, 14, 14, 15, 16, 16, 17, + 17, 18, 18, 18, 18, 18 }; -static const short yycheck[] = { 4, - 5, 6, 3, 8, 3, 9, 7, 9, 11, 9, - 0, 0, 10, 9, 9, 9, 4, -1, -1, 12 +/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ +static const unsigned char yyr2[] = +{ + 0, 2, 0, 2, 2, 1, 2, 2, 3, 1, + 2, 2, 2, 1, 4, 1 }; -/* -*-C-*- Note some compilers choke on comments on `#line' lines. */ -#line 3 "/usr/share/bison.simple" -/* This file comes from bison-1.28. */ -/* Skeleton output parser for bison, - Copyright (C) 1984, 1989, 1990 Free Software Foundation, Inc. +/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state + STATE-NUM when YYTABLE doesn't specify something else to do. Zero + means the default is an error. */ +static const unsigned char yydefact[] = +{ + 2, 0, 0, 0, 0, 0, 5, 7, 6, 1, + 0, 13, 0, 15, 3, 9, 4, 8, 11, 12, + 0, 10, 0, 14 +}; - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. +/* YYDEFGOTO[NTERM-NUM]. */ +static const yysigned_char yydefgoto[] = +{ + -1, 3, 4, 5, 6, 14, 15 +}; - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. +/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing + STATE-NUM. */ +#define YYPACT_NINF -5 +static const yysigned_char yypact[] = +{ + 0, -3, -1, 5, -4, 6, -5, 1, -5, -5, + 2, 4, 7, -5, -4, -5, -5, -5, -5, -5, + 3, -5, 8, -5 +}; - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. */ +/* YYPGOTO[NTERM-NUM]. */ +static const yysigned_char yypgoto[] = +{ + -5, -5, -5, -5, 10, -5, 9 +}; -/* As a special exception, when this file is copied by Bison into a - Bison output file, you may use that output file without restriction. - This special exception was added by the Free Software Foundation - in version 1.24 of Bison. */ +/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If + positive, shift that token. If negative, reduce the rule which + number is the opposite. If zero, do what YYDEFACT says. + If YYTABLE_NINF, syntax error. */ +#define YYTABLE_NINF -1 +static const unsigned char yytable[] = +{ + 10, 11, 12, 1, 13, 9, 7, 2, 8, 1, + 17, 0, 18, 19, 22, 16, 20, 23, 0, 0, + 0, 0, 0, 21 +}; -/* This is the parser code that is written into each bison parser - when the %semantic_parser declaration is not specified in the grammar. - It was written by Richard Stallman by simplifying the hairy parser - used when %semantic_parser is specified. */ - -#ifndef YYSTACK_USE_ALLOCA -#ifdef alloca -#define YYSTACK_USE_ALLOCA -#else /* alloca not defined */ -#ifdef __GNUC__ -#define YYSTACK_USE_ALLOCA -#define alloca __builtin_alloca -#else /* not GNU C. */ -#if (!defined (__STDC__) && defined (sparc)) || defined (__sparc__) || defined (__sparc) || defined (__sgi) || (defined (__sun) && defined (__i386)) -#define YYSTACK_USE_ALLOCA -#include -#else /* not sparc */ -/* We think this test detects Watcom and Microsoft C. */ -/* This used to test MSDOS, but that is a bad idea - since that symbol is in the user namespace. */ -#if (defined (_MSDOS) || defined (_MSDOS_)) && !defined (__TURBOC__) -#if 0 /* No need for malloc.h, which pollutes the namespace; - instead, just don't use alloca. */ -#include -#endif -#else /* not MSDOS, or __TURBOC__ */ -#if defined(_AIX) -/* I don't know what this was needed for, but it pollutes the namespace. - So I turned it off. rms, 2 May 1997. */ -/* #include */ - #pragma alloca -#define YYSTACK_USE_ALLOCA -#else /* not MSDOS, or __TURBOC__, or _AIX */ -#if 0 -#ifdef __hpux /* haible@ilog.fr says this works for HPUX 9.05 and up, - and on HPUX 10. Eventually we can turn this on. */ -#define YYSTACK_USE_ALLOCA -#define alloca __builtin_alloca -#endif /* __hpux */ -#endif -#endif /* not _AIX */ -#endif /* not MSDOS, or __TURBOC__ */ -#endif /* not sparc */ -#endif /* not GNU C */ -#endif /* alloca not defined */ -#endif /* YYSTACK_USE_ALLOCA not defined */ - -#ifdef YYSTACK_USE_ALLOCA -#define YYSTACK_ALLOC alloca -#else -#define YYSTACK_ALLOC malloc -#endif +static const yysigned_char yycheck[] = +{ + 4, 5, 6, 3, 8, 0, 9, 7, 9, 3, + 9, -1, 10, 9, 11, 5, 9, 9, -1, -1, + -1, -1, -1, 14 +}; -/* Note: there must be only one dollar sign in this file. - It is replaced by the list of actions, each action - as one case of the switch. */ +/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing + symbol of state STATE-NUM. */ +static const unsigned char yystos[] = +{ + 0, 3, 7, 13, 14, 15, 16, 9, 9, 0, + 4, 5, 6, 8, 17, 18, 16, 9, 10, 9, + 9, 18, 11, 9 +}; #define yyerrok (yyerrstatus = 0) #define yyclearin (yychar = YYEMPTY) -#define YYEMPTY -2 +#define YYEMPTY (-2) #define YYEOF 0 + #define YYACCEPT goto yyacceptlab -#define YYABORT goto yyabortlab -#define YYERROR goto yyerrlab1 -/* Like YYERROR except do call yyerror. - This remains here temporarily to ease the - transition to the new meaning of YYERROR, for GCC. +#define YYABORT goto yyabortlab +#define YYERROR goto yyerrorlab + + +/* Like YYERROR except do call yyerror. This remains here temporarily + to ease the transition to the new meaning of YYERROR, for GCC. Once GCC version 2 has supplanted version 1, this can go. */ + #define YYFAIL goto yyerrlab + #define YYRECOVERING() (!!yyerrstatus) -#define YYBACKUP(token, value) \ + +#define YYBACKUP(Token, Value) \ do \ if (yychar == YYEMPTY && yylen == 1) \ - { yychar = (token), yylval = (value); \ - yychar1 = YYTRANSLATE (yychar); \ + { \ + yychar = (Token); \ + yylval = (Value); \ + yytoken = YYTRANSLATE (yychar); \ YYPOPSTACK; \ goto yybackup; \ } \ else \ - { yyerror ("syntax error: cannot back up"); YYERROR; } \ + { \ + yyerror (YY_("syntax error: cannot back up")); \ + YYERROR; \ + } \ while (0) + #define YYTERROR 1 #define YYERRCODE 256 -#ifndef YYPURE -#define YYLEX yylex() + +/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. + If N is 0, then set CURRENT to the empty location which ends + the previous symbol: RHS[0] (always defined). */ + +#define YYRHSLOC(Rhs, K) ((Rhs)[K]) +#ifndef YYLLOC_DEFAULT +# define YYLLOC_DEFAULT(Current, Rhs, N) \ + do \ + if (N) \ + { \ + (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ + (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ + (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ + (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ + } \ + else \ + { \ + (Current).first_line = (Current).last_line = \ + YYRHSLOC (Rhs, 0).last_line; \ + (Current).first_column = (Current).last_column = \ + YYRHSLOC (Rhs, 0).last_column; \ + } \ + while (0) #endif -#ifdef YYPURE -#ifdef YYLSP_NEEDED -#ifdef YYLEX_PARAM -#define YYLEX yylex(&yylval, &yylloc, YYLEX_PARAM) -#else -#define YYLEX yylex(&yylval, &yylloc) + +/* YY_LOCATION_PRINT -- Print the location on the stream. + This macro was not mandated originally: define only if we know + we won't break user code: when these are the locations we know. */ + +#ifndef YY_LOCATION_PRINT +# if YYLTYPE_IS_TRIVIAL +# define YY_LOCATION_PRINT(File, Loc) \ + fprintf (File, "%d.%d-%d.%d", \ + (Loc).first_line, (Loc).first_column, \ + (Loc).last_line, (Loc).last_column) +# else +# define YY_LOCATION_PRINT(File, Loc) ((void) 0) +# endif #endif -#else /* not YYLSP_NEEDED */ + + +/* YYLEX -- calling `yylex' with the right arguments. */ + #ifdef YYLEX_PARAM -#define YYLEX yylex(&yylval, YYLEX_PARAM) +# define YYLEX yylex (YYLEX_PARAM) #else -#define YYLEX yylex(&yylval) +# define YYLEX yylex () #endif -#endif /* not YYLSP_NEEDED */ + +/* Enable debugging if requested. */ +#if YYDEBUG + +# ifndef YYFPRINTF +# include /* INFRINGES ON USER NAME SPACE */ +# define YYFPRINTF fprintf +# endif + +# define YYDPRINTF(Args) \ +do { \ + if (yydebug) \ + YYFPRINTF Args; \ +} while (0) + +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ +do { \ + if (yydebug) \ + { \ + YYFPRINTF (stderr, "%s ", Title); \ + yysymprint (stderr, \ + Type, Value); \ + YYFPRINTF (stderr, "\n"); \ + } \ +} while (0) + +/*------------------------------------------------------------------. +| yy_stack_print -- Print the state stack from its BOTTOM up to its | +| TOP (included). | +`------------------------------------------------------------------*/ + +#if defined (__STDC__) || defined (__cplusplus) +static void +yy_stack_print (short int *bottom, short int *top) +#else +static void +yy_stack_print (bottom, top) + short int *bottom; + short int *top; #endif +{ + YYFPRINTF (stderr, "Stack now"); + for (/* Nothing. */; bottom <= top; ++bottom) + YYFPRINTF (stderr, " %d", *bottom); + YYFPRINTF (stderr, "\n"); +} -/* If nonreentrant, generate the variables here */ +# define YY_STACK_PRINT(Bottom, Top) \ +do { \ + if (yydebug) \ + yy_stack_print ((Bottom), (Top)); \ +} while (0) -#ifndef YYPURE -int yychar; /* the lookahead symbol */ -YYSTYPE yylval; /* the semantic value of the */ - /* lookahead symbol */ +/*------------------------------------------------. +| Report that the YYRULE is going to be reduced. | +`------------------------------------------------*/ -#ifdef YYLSP_NEEDED -YYLTYPE yylloc; /* location data for the lookahead */ - /* symbol */ +#if defined (__STDC__) || defined (__cplusplus) +static void +yy_reduce_print (int yyrule) +#else +static void +yy_reduce_print (yyrule) + int yyrule; #endif +{ + int yyi; + unsigned long int yylno = yyrline[yyrule]; + YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu), ", + yyrule - 1, yylno); + /* Print the symbols being reduced, and their result. */ + for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++) + YYFPRINTF (stderr, "%s ", yytname[yyrhs[yyi]]); + YYFPRINTF (stderr, "-> %s\n", yytname[yyr1[yyrule]]); +} -int yynerrs; /* number of parse errors so far */ -#endif /* not YYPURE */ +# define YY_REDUCE_PRINT(Rule) \ +do { \ + if (yydebug) \ + yy_reduce_print (Rule); \ +} while (0) -#if YYDEBUG != 0 -int yydebug; /* nonzero means print parse trace */ -/* Since this is uninitialized, it does not stop multiple parsers - from coexisting. */ -#endif +/* Nonzero means print parse trace. It is left uninitialized so that + multiple parsers can coexist. */ +int yydebug; +#else /* !YYDEBUG */ +# define YYDPRINTF(Args) +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) +# define YY_STACK_PRINT(Bottom, Top) +# define YY_REDUCE_PRINT(Rule) +#endif /* !YYDEBUG */ -/* YYINITDEPTH indicates the initial size of the parser's stacks */ +/* YYINITDEPTH -- initial size of the parser's stacks. */ #ifndef YYINITDEPTH -#define YYINITDEPTH 200 +# define YYINITDEPTH 200 #endif -/* YYMAXDEPTH is the maximum size the stacks can grow to - (effective only if the built-in stack extension method is used). */ +/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only + if the built-in stack extension method is used). -#if YYMAXDEPTH == 0 -#undef YYMAXDEPTH -#endif + Do not make this value too large; the results are undefined if + YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) + evaluated with infinite-precision integer arithmetic. */ #ifndef YYMAXDEPTH -#define YYMAXDEPTH 10000 +# define YYMAXDEPTH 10000 #endif + -/* Define __yy_memcpy. Note that the size argument - should be passed with type unsigned int, because that is what the non-GCC - definitions require. With GCC, __builtin_memcpy takes an arg - of type size_t, but it can handle unsigned int. */ - -#if __GNUC__ > 1 /* GNU C and GNU C++ define this. */ -#define __yy_memcpy(TO,FROM,COUNT) __builtin_memcpy(TO,FROM,COUNT) -#else /* not GNU C or C++ */ -#ifndef __cplusplus - -/* This is the most reliable way to avoid incompatibilities - in available built-in functions on various systems. */ -static void -__yy_memcpy (to, from, count) - char *to; - char *from; - unsigned int count; + +#if YYERROR_VERBOSE + +# ifndef yystrlen +# if defined (__GLIBC__) && defined (_STRING_H) +# define yystrlen strlen +# else +/* Return the length of YYSTR. */ +static YYSIZE_T +# if defined (__STDC__) || defined (__cplusplus) +yystrlen (const char *yystr) +# else +yystrlen (yystr) + const char *yystr; +# endif { - register char *f = from; - register char *t = to; - register int i = count; + const char *yys = yystr; - while (i-- > 0) - *t++ = *f++; + while (*yys++ != '\0') + continue; + + return yys - yystr - 1; } +# endif +# endif + +# ifndef yystpcpy +# if defined (__GLIBC__) && defined (_STRING_H) && defined (_GNU_SOURCE) +# define yystpcpy stpcpy +# else +/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in + YYDEST. */ +static char * +# if defined (__STDC__) || defined (__cplusplus) +yystpcpy (char *yydest, const char *yysrc) +# else +yystpcpy (yydest, yysrc) + char *yydest; + const char *yysrc; +# endif +{ + char *yyd = yydest; + const char *yys = yysrc; -#else /* __cplusplus */ + while ((*yyd++ = *yys++) != '\0') + continue; -/* This is the most reliable way to avoid incompatibilities - in available built-in functions on various systems. */ -static void -__yy_memcpy (char *to, char *from, unsigned int count) + return yyd - 1; +} +# endif +# endif + +# ifndef yytnamerr +/* Copy to YYRES the contents of YYSTR after stripping away unnecessary + quotes and backslashes, so that it's suitable for yyerror. The + heuristic is that double-quoting is unnecessary unless the string + contains an apostrophe, a comma, or backslash (other than + backslash-backslash). YYSTR is taken from yytname. If YYRES is + null, do not copy; instead, return the length of what the result + would have been. */ +static YYSIZE_T +yytnamerr (char *yyres, const char *yystr) { - register char *t = to; - register char *f = from; - register int i = count; + if (*yystr == '"') + { + size_t yyn = 0; + char const *yyp = yystr; + + for (;;) + switch (*++yyp) + { + case '\'': + case ',': + goto do_not_strip_quotes; + + case '\\': + if (*++yyp != '\\') + goto do_not_strip_quotes; + /* Fall through. */ + default: + if (yyres) + yyres[yyn] = *yyp; + yyn++; + break; + + case '"': + if (yyres) + yyres[yyn] = '\0'; + return yyn; + } + do_not_strip_quotes: ; + } + + if (! yyres) + return yystrlen (yystr); - while (i-- > 0) - *t++ = *f++; + return yystpcpy (yyres, yystr) - yyres; } +# endif + +#endif /* YYERROR_VERBOSE */ + + + +#if YYDEBUG +/*--------------------------------. +| Print this symbol on YYOUTPUT. | +`--------------------------------*/ +#if defined (__STDC__) || defined (__cplusplus) +static void +yysymprint (FILE *yyoutput, int yytype, YYSTYPE *yyvaluep) +#else +static void +yysymprint (yyoutput, yytype, yyvaluep) + FILE *yyoutput; + int yytype; + YYSTYPE *yyvaluep; #endif +{ + /* Pacify ``unused variable'' warnings. */ + (void) yyvaluep; + + if (yytype < YYNTOKENS) + YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); + else + YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + + +# ifdef YYPRINT + if (yytype < YYNTOKENS) + YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); +# endif + switch (yytype) + { + default: + break; + } + YYFPRINTF (yyoutput, ")"); +} + +#endif /* ! YYDEBUG */ +/*-----------------------------------------------. +| Release the memory associated to this symbol. | +`-----------------------------------------------*/ + +#if defined (__STDC__) || defined (__cplusplus) +static void +yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) +#else +static void +yydestruct (yymsg, yytype, yyvaluep) + const char *yymsg; + int yytype; + YYSTYPE *yyvaluep; #endif +{ + /* Pacify ``unused variable'' warnings. */ + (void) yyvaluep; + + if (!yymsg) + yymsg = "Deleting"; + YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); + + switch (yytype) + { + + default: + break; + } +} -#line 217 "/usr/share/bison.simple" -/* The user can define YYPARSE_PARAM as the name of an argument to be passed - into yyparse. The argument should have type void *. - It should actually point to an object. - Grammar actions can access the variable by casting it - to the proper pointer type. */ +/* Prevent warnings from -Wmissing-prototypes. */ #ifdef YYPARSE_PARAM -#ifdef __cplusplus -#define YYPARSE_PARAM_ARG void *YYPARSE_PARAM -#define YYPARSE_PARAM_DECL -#else /* not __cplusplus */ -#define YYPARSE_PARAM_ARG YYPARSE_PARAM -#define YYPARSE_PARAM_DECL void *YYPARSE_PARAM; -#endif /* not __cplusplus */ -#else /* not YYPARSE_PARAM */ -#define YYPARSE_PARAM_ARG -#define YYPARSE_PARAM_DECL -#endif /* not YYPARSE_PARAM */ - -/* Prevent warning if -Wstrict-prototypes. */ -#ifdef __GNUC__ -#ifdef YYPARSE_PARAM -int yyparse (void *); -#else +# if defined (__STDC__) || defined (__cplusplus) +int yyparse (void *YYPARSE_PARAM); +# else +int yyparse (); +# endif +#else /* ! YYPARSE_PARAM */ +#if defined (__STDC__) || defined (__cplusplus) int yyparse (void); +#else +int yyparse (); #endif -#endif +#endif /* ! YYPARSE_PARAM */ + + + +/* The look-ahead symbol. */ +int yychar; + +/* The semantic value of the look-ahead symbol. */ +YYSTYPE yylval; + +/* Number of syntax errors so far. */ +int yynerrs; + + +/*----------. +| yyparse. | +`----------*/ + +#ifdef YYPARSE_PARAM +# if defined (__STDC__) || defined (__cplusplus) +int yyparse (void *YYPARSE_PARAM) +# else +int yyparse (YYPARSE_PARAM) + void *YYPARSE_PARAM; +# endif +#else /* ! YYPARSE_PARAM */ +#if defined (__STDC__) || defined (__cplusplus) +int +yyparse (void) +#else int -yyparse(YYPARSE_PARAM_ARG) - YYPARSE_PARAM_DECL +yyparse () + +#endif +#endif { - register int yystate; - register int yyn; - register short *yyssp; - register YYSTYPE *yyvsp; - int yyerrstatus; /* number of tokens to shift before error messages enabled */ - int yychar1 = 0; /* lookahead token as an internal (translated) token number */ + + int yystate; + int yyn; + int yyresult; + /* Number of tokens to shift before error messages enabled. */ + int yyerrstatus; + /* Look-ahead token as an internal (translated) token number. */ + int yytoken = 0; - short yyssa[YYINITDEPTH]; /* the state stack */ - YYSTYPE yyvsa[YYINITDEPTH]; /* the semantic value stack */ + /* Three stacks and their tools: + `yyss': related to states, + `yyvs': related to semantic values, + `yyls': related to locations. + + Refer to the stacks thru separate pointers, to allow yyoverflow + to reallocate them elsewhere. */ + + /* The state stack. */ + short int yyssa[YYINITDEPTH]; + short int *yyss = yyssa; + short int *yyssp; + + /* The semantic value stack. */ + YYSTYPE yyvsa[YYINITDEPTH]; + YYSTYPE *yyvs = yyvsa; + YYSTYPE *yyvsp; - short *yyss = yyssa; /* refer to the stacks thru separate pointers */ - YYSTYPE *yyvs = yyvsa; /* to allow yyoverflow to reallocate them elsewhere */ -#ifdef YYLSP_NEEDED - YYLTYPE yylsa[YYINITDEPTH]; /* the location stack */ - YYLTYPE *yyls = yylsa; - YYLTYPE *yylsp; -#define YYPOPSTACK (yyvsp--, yyssp--, yylsp--) -#else #define YYPOPSTACK (yyvsp--, yyssp--) -#endif - int yystacksize = YYINITDEPTH; - int yyfree_stacks = 0; + YYSIZE_T yystacksize = YYINITDEPTH; -#ifdef YYPURE - int yychar; - YYSTYPE yylval; - int yynerrs; -#ifdef YYLSP_NEEDED - YYLTYPE yylloc; -#endif -#endif + /* The variables used to return semantic value and location from the + action routines. */ + YYSTYPE yyval; - YYSTYPE yyval; /* the variable used to return */ - /* semantic values from the action */ - /* routines */ + /* When reducing, the number of symbols on the RHS of the reduced + rule. */ int yylen; -#if YYDEBUG != 0 - if (yydebug) - fprintf(stderr, "Starting parse\n"); -#endif + YYDPRINTF ((stderr, "Starting parse\n")); yystate = 0; yyerrstatus = 0; @@ -495,295 +971,251 @@ yyparse(YYPARSE_PARAM_ARG) so that they stay on the same level as the state stack. The wasted elements are never initialized. */ - yyssp = yyss - 1; + yyssp = yyss; yyvsp = yyvs; -#ifdef YYLSP_NEEDED - yylsp = yyls; -#endif -/* Push a new state, which is found in yystate . */ -/* In all cases, when you get here, the value and location stacks - have just been pushed. so pushing a state here evens the stacks. */ -yynewstate: + goto yysetstate; - *++yyssp = yystate; +/*------------------------------------------------------------. +| yynewstate -- Push a new state, which is found in yystate. | +`------------------------------------------------------------*/ + yynewstate: + /* In all cases, when you get here, the value and location stacks + have just been pushed. so pushing a state here evens the stacks. + */ + yyssp++; - if (yyssp >= yyss + yystacksize - 1) - { - /* Give user a chance to reallocate the stack */ - /* Use copies of these so that the &'s don't force the real ones into memory. */ - YYSTYPE *yyvs1 = yyvs; - short *yyss1 = yyss; -#ifdef YYLSP_NEEDED - YYLTYPE *yyls1 = yyls; -#endif + yysetstate: + *yyssp = yystate; + if (yyss + yystacksize - 1 <= yyssp) + { /* Get the current used size of the three stacks, in elements. */ - int size = yyssp - yyss + 1; + YYSIZE_T yysize = yyssp - yyss + 1; #ifdef yyoverflow - /* Each stack pointer address is followed by the size of - the data in use in that stack, in bytes. */ -#ifdef YYLSP_NEEDED - /* This used to be a conditional around just the two extra args, - but that might be undefined if yyoverflow is a macro. */ - yyoverflow("parser stack overflow", - &yyss1, size * sizeof (*yyssp), - &yyvs1, size * sizeof (*yyvsp), - &yyls1, size * sizeof (*yylsp), - &yystacksize); -#else - yyoverflow("parser stack overflow", - &yyss1, size * sizeof (*yyssp), - &yyvs1, size * sizeof (*yyvsp), - &yystacksize); -#endif - - yyss = yyss1; yyvs = yyvs1; -#ifdef YYLSP_NEEDED - yyls = yyls1; -#endif + { + /* Give user a chance to reallocate the stack. Use copies of + these so that the &'s don't force the real ones into + memory. */ + YYSTYPE *yyvs1 = yyvs; + short int *yyss1 = yyss; + + + /* Each stack pointer address is followed by the size of the + data in use in that stack, in bytes. This used to be a + conditional around just the two extra args, but that might + be undefined if yyoverflow is a macro. */ + yyoverflow (YY_("memory exhausted"), + &yyss1, yysize * sizeof (*yyssp), + &yyvs1, yysize * sizeof (*yyvsp), + + &yystacksize); + + yyss = yyss1; + yyvs = yyvs1; + } #else /* no yyoverflow */ +# ifndef YYSTACK_RELOCATE + goto yyexhaustedlab; +# else /* Extend the stack our own way. */ - if (yystacksize >= YYMAXDEPTH) - { - yyerror("parser stack overflow"); - if (yyfree_stacks) - { - free (yyss); - free (yyvs); -#ifdef YYLSP_NEEDED - free (yyls); -#endif - } - return 2; - } + if (YYMAXDEPTH <= yystacksize) + goto yyexhaustedlab; yystacksize *= 2; - if (yystacksize > YYMAXDEPTH) + if (YYMAXDEPTH < yystacksize) yystacksize = YYMAXDEPTH; -#ifndef YYSTACK_USE_ALLOCA - yyfree_stacks = 1; -#endif - yyss = (short *) YYSTACK_ALLOC (yystacksize * sizeof (*yyssp)); - __yy_memcpy ((char *)yyss, (char *)yyss1, - size * (unsigned int) sizeof (*yyssp)); - yyvs = (YYSTYPE *) YYSTACK_ALLOC (yystacksize * sizeof (*yyvsp)); - __yy_memcpy ((char *)yyvs, (char *)yyvs1, - size * (unsigned int) sizeof (*yyvsp)); -#ifdef YYLSP_NEEDED - yyls = (YYLTYPE *) YYSTACK_ALLOC (yystacksize * sizeof (*yylsp)); - __yy_memcpy ((char *)yyls, (char *)yyls1, - size * (unsigned int) sizeof (*yylsp)); -#endif + + { + short int *yyss1 = yyss; + union yyalloc *yyptr = + (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); + if (! yyptr) + goto yyexhaustedlab; + YYSTACK_RELOCATE (yyss); + YYSTACK_RELOCATE (yyvs); + +# undef YYSTACK_RELOCATE + if (yyss1 != yyssa) + YYSTACK_FREE (yyss1); + } +# endif #endif /* no yyoverflow */ - yyssp = yyss + size - 1; - yyvsp = yyvs + size - 1; -#ifdef YYLSP_NEEDED - yylsp = yyls + size - 1; -#endif + yyssp = yyss + yysize - 1; + yyvsp = yyvs + yysize - 1; -#if YYDEBUG != 0 - if (yydebug) - fprintf(stderr, "Stack size increased to %d\n", yystacksize); -#endif - if (yyssp >= yyss + yystacksize - 1) + YYDPRINTF ((stderr, "Stack size increased to %lu\n", + (unsigned long int) yystacksize)); + + if (yyss + yystacksize - 1 <= yyssp) YYABORT; } -#if YYDEBUG != 0 - if (yydebug) - fprintf(stderr, "Entering state %d\n", yystate); -#endif + YYDPRINTF ((stderr, "Entering state %d\n", yystate)); goto yybackup; - yybackup: + +/*-----------. +| yybackup. | +`-----------*/ +yybackup: /* Do appropriate processing given the current state. */ -/* Read a lookahead token if we need one and don't already have one. */ +/* Read a look-ahead token if we need one and don't already have one. */ /* yyresume: */ - /* First try to decide what to do without reference to lookahead token. */ + /* First try to decide what to do without reference to look-ahead token. */ yyn = yypact[yystate]; - if (yyn == YYFLAG) + if (yyn == YYPACT_NINF) goto yydefault; - /* Not known => get a lookahead token if don't already have one. */ - - /* yychar is either YYEMPTY or YYEOF - or a valid token in external form. */ + /* Not known => get a look-ahead token if don't already have one. */ + /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ if (yychar == YYEMPTY) { -#if YYDEBUG != 0 - if (yydebug) - fprintf(stderr, "Reading a token: "); -#endif + YYDPRINTF ((stderr, "Reading a token: ")); yychar = YYLEX; } - /* Convert token to internal form (in yychar1) for indexing tables with */ - - if (yychar <= 0) /* This means end of input. */ + if (yychar <= YYEOF) { - yychar1 = 0; - yychar = YYEOF; /* Don't call YYLEX any more */ - -#if YYDEBUG != 0 - if (yydebug) - fprintf(stderr, "Now at end of input.\n"); -#endif + yychar = yytoken = YYEOF; + YYDPRINTF ((stderr, "Now at end of input.\n")); } else { - yychar1 = YYTRANSLATE(yychar); - -#if YYDEBUG != 0 - if (yydebug) - { - fprintf (stderr, "Next token is %d (%s", yychar, yytname[yychar1]); - /* Give the individual parser a way to print the precise meaning - of a token, for further debugging info. */ -#ifdef YYPRINT - YYPRINT (stderr, yychar, yylval); -#endif - fprintf (stderr, ")\n"); - } -#endif + yytoken = YYTRANSLATE (yychar); + YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); } - yyn += yychar1; - if (yyn < 0 || yyn > YYLAST || yycheck[yyn] != yychar1) + /* If the proper action on seeing token YYTOKEN is to reduce or to + detect an error, take that action. */ + yyn += yytoken; + if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) goto yydefault; - yyn = yytable[yyn]; - - /* yyn is what to do for this token type in this state. - Negative => reduce, -yyn is rule number. - Positive => shift, yyn is new state. - New state is final state => don't bother to shift, - just return success. - 0, or most negative number => error. */ - - if (yyn < 0) + if (yyn <= 0) { - if (yyn == YYFLAG) + if (yyn == 0 || yyn == YYTABLE_NINF) goto yyerrlab; yyn = -yyn; goto yyreduce; } - else if (yyn == 0) - goto yyerrlab; if (yyn == YYFINAL) YYACCEPT; - /* Shift the lookahead token. */ - -#if YYDEBUG != 0 - if (yydebug) - fprintf(stderr, "Shifting token %d (%s), ", yychar, yytname[yychar1]); -#endif + /* Shift the look-ahead token. */ + YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); /* Discard the token being shifted unless it is eof. */ if (yychar != YYEOF) yychar = YYEMPTY; *++yyvsp = yylval; -#ifdef YYLSP_NEEDED - *++yylsp = yylloc; -#endif - /* count tokens shifted since error; after three, turn off error status. */ - if (yyerrstatus) yyerrstatus--; + + /* Count tokens shifted since error; after three, turn off error + status. */ + if (yyerrstatus) + yyerrstatus--; yystate = yyn; goto yynewstate; -/* Do the default action for the current state. */ -yydefault: +/*-----------------------------------------------------------. +| yydefault -- do the default action for the current state. | +`-----------------------------------------------------------*/ +yydefault: yyn = yydefact[yystate]; if (yyn == 0) goto yyerrlab; + goto yyreduce; + -/* Do a reduction. yyn is the number of a rule to reduce with. */ +/*-----------------------------. +| yyreduce -- Do a reduction. | +`-----------------------------*/ yyreduce: + /* yyn is the number of a rule to reduce with. */ yylen = yyr2[yyn]; - if (yylen > 0) - yyval = yyvsp[1-yylen]; /* implement default value of the action */ -#if YYDEBUG != 0 - if (yydebug) - { - int i; + /* If YYLEN is nonzero, implement the default value of the action: + `$$ = $1'. - fprintf (stderr, "Reducing via rule %d (line %d), ", - yyn, yyrline[yyn]); + Otherwise, the following line sets YYVAL to garbage. + This behavior is undocumented and Bison + users should not rely upon it. Assigning to YYVAL + unconditionally makes the parser a bit smaller, and it avoids a + GCC warning that YYVAL may be used uninitialized. */ + yyval = yyvsp[1-yylen]; - /* Print the symbols being reduced, and their result. */ - for (i = yyprhs[yyn]; yyrhs[i] > 0; i++) - fprintf (stderr, "%s ", yytname[yyrhs[i]]); - fprintf (stderr, " -> %s\n", yytname[yyr1[yyn]]); - } -#endif + YY_REDUCE_PRINT (yyn); + switch (yyn) + { + case 6: +#line 73 "parse.y" + { + id_str = (yyvsp[0].string); + } + break; - switch (yyn) { + case 7: +#line 79 "parse.y" + { + base_id = name2number((yyvsp[0].string)); + strlcpy(name, (yyvsp[0].string), sizeof(name)); + free((yyvsp[0].string)); + } + break; -case 5: -#line 73 "../../../lib/com_err/parse.y" -{ - id_str = yyvsp[0].string; - ; - break;} -case 6: -#line 79 "../../../lib/com_err/parse.y" -{ - base_id = name2number(yyvsp[0].string); - strlcpy(name, yyvsp[0].string, sizeof(name)); - free(yyvsp[0].string); - ; - break;} -case 7: -#line 85 "../../../lib/com_err/parse.y" -{ - base_id = name2number(yyvsp[-1].string); - strlcpy(name, yyvsp[0].string, sizeof(name)); - free(yyvsp[-1].string); - free(yyvsp[0].string); - ; - break;} -case 10: -#line 98 "../../../lib/com_err/parse.y" -{ - number = yyvsp[0].number; - ; - break;} -case 11: -#line 102 "../../../lib/com_err/parse.y" -{ + case 8: +#line 85 "parse.y" + { + base_id = name2number((yyvsp[-1].string)); + strlcpy(name, (yyvsp[0].string), sizeof(name)); + free((yyvsp[-1].string)); + free((yyvsp[0].string)); + } + break; + + case 11: +#line 98 "parse.y" + { + number = (yyvsp[0].number); + } + break; + + case 12: +#line 102 "parse.y" + { free(prefix); - asprintf (&prefix, "%s_", yyvsp[0].string); + asprintf (&prefix, "%s_", (yyvsp[0].string)); if (prefix == NULL) errx(1, "malloc"); - free(yyvsp[0].string); - ; - break;} -case 12: -#line 110 "../../../lib/com_err/parse.y" -{ + free((yyvsp[0].string)); + } + break; + + case 13: +#line 110 "parse.y" + { prefix = realloc(prefix, 1); if (prefix == NULL) errx(1, "malloc"); *prefix = '\0'; - ; - break;} -case 13: -#line 117 "../../../lib/com_err/parse.y" -{ + } + break; + + case 14: +#line 117 "parse.y" + { struct error_code *ec = malloc(sizeof(*ec)); if (ec == NULL) @@ -792,246 +1224,299 @@ case 13: ec->next = NULL; ec->number = number; if(prefix && *prefix != '\0') { - asprintf (&ec->name, "%s%s", prefix, yyvsp[-2].string); + asprintf (&ec->name, "%s%s", prefix, (yyvsp[-2].string)); if (ec->name == NULL) errx(1, "malloc"); - free(yyvsp[-2].string); + free((yyvsp[-2].string)); } else - ec->name = yyvsp[-2].string; - ec->string = yyvsp[0].string; + ec->name = (yyvsp[-2].string); + ec->string = (yyvsp[0].string); APPEND(codes, ec); number++; - ; - break;} -case 14: -#line 137 "../../../lib/com_err/parse.y" -{ + } + break; + + case 15: +#line 137 "parse.y" + { YYACCEPT; - ; - break;} -} - /* the action file gets copied in in place of this dollarsign */ -#line 543 "/usr/share/bison.simple" + } + break; + + + default: break; + } + +/* Line 1126 of yacc.c. */ +#line 1252 "$base.c" yyvsp -= yylen; yyssp -= yylen; -#ifdef YYLSP_NEEDED - yylsp -= yylen; -#endif -#if YYDEBUG != 0 - if (yydebug) - { - short *ssp1 = yyss - 1; - fprintf (stderr, "state stack now"); - while (ssp1 != yyssp) - fprintf (stderr, " %d", *++ssp1); - fprintf (stderr, "\n"); - } -#endif + + YY_STACK_PRINT (yyss, yyssp); *++yyvsp = yyval; -#ifdef YYLSP_NEEDED - yylsp++; - if (yylen == 0) - { - yylsp->first_line = yylloc.first_line; - yylsp->first_column = yylloc.first_column; - yylsp->last_line = (yylsp-1)->last_line; - yylsp->last_column = (yylsp-1)->last_column; - yylsp->text = 0; - } - else - { - yylsp->last_line = (yylsp+yylen-1)->last_line; - yylsp->last_column = (yylsp+yylen-1)->last_column; - } -#endif - /* Now "shift" the result of the reduction. - Determine what state that goes to, - based on the state we popped back to - and the rule number reduced by. */ + /* Now `shift' the result of the reduction. Determine what state + that goes to, based on the state we popped back to and the rule + number reduced by. */ yyn = yyr1[yyn]; - yystate = yypgoto[yyn - YYNTBASE] + *yyssp; - if (yystate >= 0 && yystate <= YYLAST && yycheck[yystate] == *yyssp) + yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; + if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) yystate = yytable[yystate]; else - yystate = yydefgoto[yyn - YYNTBASE]; + yystate = yydefgoto[yyn - YYNTOKENS]; goto yynewstate; -yyerrlab: /* here on detecting error */ - if (! yyerrstatus) - /* If not already recovering from an error, report this error. */ +/*------------------------------------. +| yyerrlab -- here on detecting error | +`------------------------------------*/ +yyerrlab: + /* If not already recovering from an error, report this error. */ + if (!yyerrstatus) { ++yynerrs; - -#ifdef YYERROR_VERBOSE +#if YYERROR_VERBOSE yyn = yypact[yystate]; - if (yyn > YYFLAG && yyn < YYLAST) + if (YYPACT_NINF < yyn && yyn < YYLAST) { - int size = 0; - char *msg; - int x, count; - - count = 0; - /* Start X at -yyn if nec to avoid negative indexes in yycheck. */ - for (x = (yyn < 0 ? -yyn : 0); - x < (sizeof(yytname) / sizeof(char *)); x++) - if (yycheck[x + yyn] == x) - size += strlen(yytname[x]) + 15, count++; - msg = (char *) malloc(size + 15); - if (msg != 0) - { - strcpy(msg, "parse error"); + int yytype = YYTRANSLATE (yychar); + YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); + YYSIZE_T yysize = yysize0; + YYSIZE_T yysize1; + int yysize_overflow = 0; + char *yymsg = 0; +# define YYERROR_VERBOSE_ARGS_MAXIMUM 5 + char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; + int yyx; - if (count < 5) +#if 0 + /* This is so xgettext sees the translatable formats that are + constructed on the fly. */ + YY_("syntax error, unexpected %s"); + YY_("syntax error, unexpected %s, expecting %s"); + YY_("syntax error, unexpected %s, expecting %s or %s"); + YY_("syntax error, unexpected %s, expecting %s or %s or %s"); + YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); +#endif + char *yyfmt; + char const *yyf; + static char const yyunexpected[] = "syntax error, unexpected %s"; + static char const yyexpecting[] = ", expecting %s"; + static char const yyor[] = " or %s"; + char yyformat[sizeof yyunexpected + + sizeof yyexpecting - 1 + + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) + * (sizeof yyor - 1))]; + char const *yyprefix = yyexpecting; + + /* Start YYX at -YYN if negative to avoid negative indexes in + YYCHECK. */ + int yyxbegin = yyn < 0 ? -yyn : 0; + + /* Stay within bounds of both yycheck and yytname. */ + int yychecklim = YYLAST - yyn; + int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; + int yycount = 1; + + yyarg[0] = yytname[yytype]; + yyfmt = yystpcpy (yyformat, yyunexpected); + + for (yyx = yyxbegin; yyx < yyxend; ++yyx) + if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) + { + if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) + { + yycount = 1; + yysize = yysize0; + yyformat[sizeof yyunexpected - 1] = '\0'; + break; + } + yyarg[yycount++] = yytname[yyx]; + yysize1 = yysize + yytnamerr (0, yytname[yyx]); + yysize_overflow |= yysize1 < yysize; + yysize = yysize1; + yyfmt = yystpcpy (yyfmt, yyprefix); + yyprefix = yyor; + } + + yyf = YY_(yyformat); + yysize1 = yysize + yystrlen (yyf); + yysize_overflow |= yysize1 < yysize; + yysize = yysize1; + + if (!yysize_overflow && yysize <= YYSTACK_ALLOC_MAXIMUM) + yymsg = (char *) YYSTACK_ALLOC (yysize); + if (yymsg) + { + /* Avoid sprintf, as that infringes on the user's name space. + Don't have undefined behavior even if the translation + produced a string with the wrong number of "%s"s. */ + char *yyp = yymsg; + int yyi = 0; + while ((*yyp = *yyf)) { - count = 0; - for (x = (yyn < 0 ? -yyn : 0); - x < (sizeof(yytname) / sizeof(char *)); x++) - if (yycheck[x + yyn] == x) - { - strcat(msg, count == 0 ? ", expecting `" : " or `"); - strcat(msg, yytname[x]); - strcat(msg, "'"); - count++; - } + if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) + { + yyp += yytnamerr (yyp, yyarg[yyi++]); + yyf += 2; + } + else + { + yyp++; + yyf++; + } } - yyerror(msg); - free(msg); + yyerror (yymsg); + YYSTACK_FREE (yymsg); } else - yyerror ("parse error; also virtual memory exceeded"); + { + yyerror (YY_("syntax error")); + goto yyexhaustedlab; + } } else #endif /* YYERROR_VERBOSE */ - yyerror("parse error"); + yyerror (YY_("syntax error")); } - goto yyerrlab1; -yyerrlab1: /* here on error raised explicitly by an action */ + if (yyerrstatus == 3) { - /* if just tried and failed to reuse lookahead token after an error, discard it. */ - - /* return failure if at end of input */ - if (yychar == YYEOF) - YYABORT; - -#if YYDEBUG != 0 - if (yydebug) - fprintf(stderr, "Discarding token %d (%s).\n", yychar, yytname[yychar1]); -#endif - - yychar = YYEMPTY; + /* If just tried and failed to reuse look-ahead token after an + error, discard it. */ + + if (yychar <= YYEOF) + { + /* Return failure if at end of input. */ + if (yychar == YYEOF) + YYABORT; + } + else + { + yydestruct ("Error: discarding", yytoken, &yylval); + yychar = YYEMPTY; + } } - /* Else will try to reuse lookahead token - after shifting the error token. */ + /* Else will try to reuse look-ahead token after shifting the error + token. */ + goto yyerrlab1; - yyerrstatus = 3; /* Each real token shifted decrements this */ - goto yyerrhandle; +/*---------------------------------------------------. +| yyerrorlab -- error raised explicitly by YYERROR. | +`---------------------------------------------------*/ +yyerrorlab: -yyerrdefault: /* current state does not do anything special for the error token. */ + /* Pacify compilers like GCC when the user code never invokes + YYERROR and the label yyerrorlab therefore never appears in user + code. */ + if (0) + goto yyerrorlab; -#if 0 - /* This is wrong; only states that explicitly want error tokens - should shift them. */ - yyn = yydefact[yystate]; /* If its default is to accept any token, ok. Otherwise pop it.*/ - if (yyn) goto yydefault; -#endif +yyvsp -= yylen; + yyssp -= yylen; + yystate = *yyssp; + goto yyerrlab1; -yyerrpop: /* pop the current state because it cannot handle the error token */ - if (yyssp == yyss) YYABORT; - yyvsp--; - yystate = *--yyssp; -#ifdef YYLSP_NEEDED - yylsp--; -#endif +/*-------------------------------------------------------------. +| yyerrlab1 -- common code for both syntax error and YYERROR. | +`-------------------------------------------------------------*/ +yyerrlab1: + yyerrstatus = 3; /* Each real token shifted decrements this. */ -#if YYDEBUG != 0 - if (yydebug) + for (;;) { - short *ssp1 = yyss - 1; - fprintf (stderr, "Error: state stack now"); - while (ssp1 != yyssp) - fprintf (stderr, " %d", *++ssp1); - fprintf (stderr, "\n"); - } -#endif - -yyerrhandle: + yyn = yypact[yystate]; + if (yyn != YYPACT_NINF) + { + yyn += YYTERROR; + if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) + { + yyn = yytable[yyn]; + if (0 < yyn) + break; + } + } - yyn = yypact[yystate]; - if (yyn == YYFLAG) - goto yyerrdefault; + /* Pop the current state because it cannot handle the error token. */ + if (yyssp == yyss) + YYABORT; - yyn += YYTERROR; - if (yyn < 0 || yyn > YYLAST || yycheck[yyn] != YYTERROR) - goto yyerrdefault; - yyn = yytable[yyn]; - if (yyn < 0) - { - if (yyn == YYFLAG) - goto yyerrpop; - yyn = -yyn; - goto yyreduce; + yydestruct ("Error: popping", yystos[yystate], yyvsp); + YYPOPSTACK; + yystate = *yyssp; + YY_STACK_PRINT (yyss, yyssp); } - else if (yyn == 0) - goto yyerrpop; if (yyn == YYFINAL) YYACCEPT; -#if YYDEBUG != 0 - if (yydebug) - fprintf(stderr, "Shifting error token, "); -#endif - *++yyvsp = yylval; -#ifdef YYLSP_NEEDED - *++yylsp = yylloc; -#endif + + + /* Shift the error token. */ + YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); yystate = yyn; goto yynewstate; - yyacceptlab: - /* YYACCEPT comes here. */ - if (yyfree_stacks) - { - free (yyss); - free (yyvs); -#ifdef YYLSP_NEEDED - free (yyls); + +/*-------------------------------------. +| yyacceptlab -- YYACCEPT comes here. | +`-------------------------------------*/ +yyacceptlab: + yyresult = 0; + goto yyreturn; + +/*-----------------------------------. +| yyabortlab -- YYABORT comes here. | +`-----------------------------------*/ +yyabortlab: + yyresult = 1; + goto yyreturn; + +#ifndef yyoverflow +/*-------------------------------------------------. +| yyexhaustedlab -- memory exhaustion comes here. | +`-------------------------------------------------*/ +yyexhaustedlab: + yyerror (YY_("memory exhausted")); + yyresult = 2; + /* Fall through. */ #endif - } - return 0; - yyabortlab: - /* YYABORT comes here. */ - if (yyfree_stacks) +yyreturn: + if (yychar != YYEOF && yychar != YYEMPTY) + yydestruct ("Cleanup: discarding lookahead", + yytoken, &yylval); + while (yyssp != yyss) { - free (yyss); - free (yyvs); -#ifdef YYLSP_NEEDED - free (yyls); -#endif + yydestruct ("Cleanup: popping", + yystos[*yyssp], yyvsp); + YYPOPSTACK; } - return 1; +#ifndef yyoverflow + if (yyss != yyssa) + YYSTACK_FREE (yyss); +#endif + return yyresult; } -#line 142 "../../../lib/com_err/parse.y" + + +#line 142 "parse.y" static long @@ -1064,3 +1549,4 @@ yyerror (char *s) { error_message ("%s\n", s); } + diff --git a/source4/heimdal/lib/com_err/parse.h b/source4/heimdal/lib/com_err/parse.h index 07e33790d3..2f9755e19b 100644 --- a/source4/heimdal/lib/com_err/parse.h +++ b/source4/heimdal/lib/com_err/parse.h @@ -1,15 +1,71 @@ -typedef union { +/* A Bison parser, made by GNU Bison 2.1. */ + +/* Skeleton parser for Yacc-like parsing with Bison, + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. */ + +/* As a special exception, when this file is copied by Bison into a + Bison output file, you may use that output file without restriction. + This special exception was added by the Free Software Foundation + in version 1.24 of Bison. */ + +/* Tokens. */ +#ifndef YYTOKENTYPE +# define YYTOKENTYPE + /* Put the tokens into the symbol table, so that GDB and other debuggers + know about them. */ + enum yytokentype { + ET = 258, + INDEX = 259, + PREFIX = 260, + EC = 261, + ID = 262, + END = 263, + STRING = 264, + NUMBER = 265 + }; +#endif +/* Tokens. */ +#define ET 258 +#define INDEX 259 +#define PREFIX 260 +#define EC 261 +#define ID 262 +#define END 263 +#define STRING 264 +#define NUMBER 265 + + + + +#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) +#line 53 "parse.y" +typedef union YYSTYPE { char *string; int number; } YYSTYPE; -#define ET 257 -#define INDEX 258 -#define PREFIX 259 -#define EC 260 -#define ID 261 -#define END 262 -#define STRING 263 -#define NUMBER 264 - +/* Line 1447 of yacc.c. */ +#line 63 "parse.h" +# define yystype YYSTYPE /* obsolescent; will be withdrawn */ +# define YYSTYPE_IS_DECLARED 1 +# define YYSTYPE_IS_TRIVIAL 1 +#endif extern YYSTYPE yylval; + + + diff --git a/source4/heimdal/lib/des/bn.c b/source4/heimdal/lib/des/bn.c new file mode 100644 index 0000000000..c4230b6abc --- /dev/null +++ b/source4/heimdal/lib/des/bn.c @@ -0,0 +1,445 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: bn.c,v 1.9 2006/10/14 09:21:09 lha Exp $"); + +#include +#include +#include +#include + +#include +#include /* XXX */ +#include + +#include +#include +#include + +BIGNUM * +BN_new(void) +{ + heim_integer *hi; + hi = calloc(1, sizeof(*hi)); + return (BIGNUM *)hi; +} + +void +BN_free(BIGNUM *bn) +{ + BN_clear(bn); + free(bn); +} + +void +BN_clear(BIGNUM *bn) +{ + heim_integer *hi = (heim_integer *)bn; + if (hi->data) { + memset(hi->data, 0, hi->length); + free(hi->data); + } + memset(hi, 0, sizeof(*hi)); +} + +void +BN_clear_free(BIGNUM *bn) +{ + BN_free(bn); +} + +BIGNUM * +BN_dup(const BIGNUM *bn) +{ + BIGNUM *b = BN_new(); + if (der_copy_heim_integer((const heim_integer *)bn, (heim_integer *)b)) { + BN_free(b); + return NULL; + } + return b; +} + +/* + * If the caller really want to know the number of bits used, subtract + * one from the length, multiply by 8, and then lookup in the table + * how many bits the hightest byte uses. + */ +int +BN_num_bits(const BIGNUM *bn) +{ + static unsigned char num2bits[256] = { + 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4, 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5, + 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, + 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, + 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + }; + const heim_integer *i = (const void *)bn; + if (i->length == 0) + return 0; + return (i->length - 1) * 8 + num2bits[((unsigned char *)i->data)[0]]; +} + +int +BN_num_bytes(const BIGNUM *bn) +{ + return ((const heim_integer *)bn)->length; +} + +/* + * Ignore negative flag. + */ + +BIGNUM * +BN_bin2bn(const void *s, int len, BIGNUM *bn) +{ + heim_integer *hi = (void *)bn; + + if (len < 0) + return NULL; + + if (hi == NULL) { + hi = (heim_integer *)BN_new(); + if (hi == NULL) + return NULL; + } + if (hi->data) + BN_clear((BIGNUM *)hi); + hi->negative = 0; + hi->data = malloc(len); + if (hi->data == NULL && len != 0) { + if (bn == NULL) + BN_free((BIGNUM *)hi); + return NULL; + } + hi->length = len; + memcpy(hi->data, s, len); + return (BIGNUM *)hi; +} + +int +BN_bn2bin(const BIGNUM *bn, void *to) +{ + const heim_integer *hi = (const void *)bn; + memcpy(to, hi->data, hi->length); + return hi->length; +} + +int +BN_hex2bn(BIGNUM **bnp, const char *in) +{ + int negative; + ssize_t ret; + size_t len; + void *data; + + len = strlen(in); + data = malloc(len); + if (data == NULL) + return 0; + + if (*in == '-') { + negative = 1; + in++; + } else + negative = 0; + + ret = hex_decode(in, data, len); + if (ret < 0) { + free(data); + return 0; + } + + *bnp = BN_bin2bn(data, ret, NULL); + free(data); + if (*bnp == NULL) + return 0; + BN_set_negative(*bnp, negative); + return 1; +} + +char * +BN_bn2hex(const BIGNUM *bn) +{ + ssize_t ret; + size_t len; + void *data; + char *str; + + len = BN_num_bytes(bn); + data = malloc(len); + if (data == NULL) + return 0; + + len = BN_bn2bin(bn, data); + + ret = hex_encode(data, len, &str); + free(data); + if (ret < 0) + return 0; + + return str; +} + +int +BN_cmp(const BIGNUM *bn1, const BIGNUM *bn2) +{ + return der_heim_integer_cmp((const heim_integer *)bn1, + (const heim_integer *)bn2); +} + +void +BN_set_negative(BIGNUM *bn, int flag) +{ + ((heim_integer *)bn)->negative = (flag ? 1 : 0); +} + +int +BN_is_negative(BIGNUM *bn) +{ + return ((heim_integer *)bn)->negative ? 1 : 0; +} + +static const unsigned char is_set[8] = { 1, 2, 4, 8, 16, 32, 64, 128 }; + +int +BN_is_bit_set(const BIGNUM *bn, int bit) +{ + heim_integer *hi = (heim_integer *)bn; + unsigned char *p = hi->data; + + if ((bit / 8) > hi->length || hi->length == 0) + return 0; + + return p[hi->length - 1 - (bit / 8)] & is_set[bit % 8]; +} + +int +BN_set_bit(BIGNUM *bn, int bit) +{ + heim_integer *hi = (heim_integer *)bn; + unsigned char *p; + + if ((bit / 8) > hi->length || hi->length == 0) { + size_t len = (bit + 7) / 8; + void *d = realloc(hi->data, len); + if (d == NULL) + return 0; + hi->data = d; + p = hi->data; + memset(&p[hi->length], 0, len); + hi->length = len; + } else + p = hi->data; + + p[hi->length - 1 - (bit / 8)] |= is_set[bit % 8]; + return 1; +} + +int +BN_clear_bit(BIGNUM *bn, int bit) +{ + heim_integer *hi = (heim_integer *)bn; + unsigned char *p = hi->data; + + if ((bit / 8) > hi->length || hi->length == 0) + return 0; + + p[hi->length - 1 - (bit / 8)] &= (unsigned char)(~(is_set[bit % 8])); + + return 1; +} + +int +BN_set_word(BIGNUM *bn, unsigned long num) +{ + unsigned char p[sizeof(num)]; + unsigned long num2; + int i, len; + + for (num2 = num, i = 0; num2 > 0; i++) + num2 = num2 >> 8; + + len = i - 1; + for (; i > 0; i--) { + p[i - 1] = (num & 0xff); + num = num >> 8; + } + + bn = BN_bin2bn(p, len + 1, bn); + return bn != NULL; +} + +unsigned long +BN_get_word(const BIGNUM *bn) +{ + heim_integer *hi = (heim_integer *)bn; + unsigned long num = 0; + int i; + + if (hi->negative || hi->length > sizeof(num)) + return ULONG_MAX; + + for (i = 0; i < hi->length; i++) + num = ((unsigned char *)hi->data)[i] | (num << 8); + return num; +} + +int +BN_rand(BIGNUM *bn, int bits, int top, int bottom) +{ + size_t len = (bits + 7) / 8; + heim_integer *i = (heim_integer *)bn; + + BN_clear(bn); + + i->negative = 0; + i->data = malloc(len); + if (i->data == NULL && len != 0) + return 0; + i->length = len; + + if (RAND_bytes(i->data, i->length) != 1) { + free(i->data); + i->data = NULL; + return 0; + } + + { + size_t j = len * 8; + while(j > bits) { + BN_clear_bit(bn, j - 1); + j--; + } + } + + if (top == -1) { + ; + } else if (top == 0 && bits > 0) { + BN_set_bit(bn, bits - 1); + } else if (top == 1 && bits > 1) { + BN_set_bit(bn, bits - 1); + BN_set_bit(bn, bits - 2); + } else { + BN_clear(bn); + return 0; + } + + if (bottom && bits > 0) + BN_set_bit(bn, 0); + + return 1; +} + +/* + * + */ + +int +BN_uadd(BIGNUM *res, const BIGNUM *a, const BIGNUM *b) +{ + const heim_integer *ai = (const heim_integer *)a; + const heim_integer *bi = (const heim_integer *)b; + const unsigned char *ap, *bp; + unsigned char *cp; + heim_integer ci; + int carry = 0; + ssize_t len; + + if (ai->negative && bi->negative) + return 0; + if (ai->length < bi->length) { + const heim_integer *si = bi; + bi = ai; ai = si; + } + + ci.negative = 0; + ci.length = ai->length + 1; + ci.data = malloc(ci.length); + if (ci.data == NULL) + return 0; + + ap = &((const unsigned char *)ai->data)[ai->length - 1]; + bp = &((const unsigned char *)bi->data)[bi->length - 1]; + cp = &((unsigned char *)ci.data)[ci.length - 1]; + + for (len = bi->length; len > 0; len--) { + carry = *ap + *bp + carry; + *cp = carry & 0xff; + carry = (carry & ~0xff) ? 1 : 0; + ap--; bp--; cp--; + } + for (len = ai->length - bi->length; len > 0; len--) { + carry = *ap + carry; + *cp = carry & 0xff; + carry = (carry & ~0xff) ? 1 : 0; + ap--; cp--; + } + if (!carry) + memmove(cp, cp + 1, --ci.length); + else + *cp = carry; + + BN_clear(res); + *((heim_integer *)res) = ci; + + return 1; +} + + +/* + * Callback when doing slow generation of numbers, like primes. + */ + +void +BN_GENCB_set(BN_GENCB *gencb, int (*cb_2)(int, int, BN_GENCB *), void *ctx) +{ + gencb->ver = 2; + gencb->cb.cb_2 = cb_2; + gencb->arg = ctx; +} + +int +BN_GENCB_call(BN_GENCB *cb, int a, int b) +{ + if (cb == NULL || cb->cb.cb_2 == NULL) + return 1; + return cb->cb.cb_2(a, b, cb); +} diff --git a/source4/heimdal/lib/des/dh-imath.c b/source4/heimdal/lib/des/dh-imath.c new file mode 100644 index 0000000000..ebf02c72be --- /dev/null +++ b/source4/heimdal/lib/des/dh-imath.c @@ -0,0 +1,243 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include + +#include "imath/imath.h" + +RCSID("$Id: dh-imath.c,v 1.6 2006/10/20 06:56:57 lha Exp $"); + +static void +BN2mpz(mpz_t *s, const BIGNUM *bn) +{ + size_t len; + void *p; + + len = BN_num_bytes(bn); + p = malloc(len); + BN_bn2bin(bn, p); + mp_int_read_unsigned(s, p, len); + free(p); +} + + +static BIGNUM * +mpz2BN(mpz_t *s) +{ + size_t size; + BIGNUM *bn; + void *p; + + size = mp_int_unsigned_len(s); + p = malloc(size); + if (p == NULL && size != 0) + return NULL; + mp_int_to_unsigned(s, p, size); + + bn = BN_bin2bn(p, size, NULL); + free(p); + return bn; +} + +/* + * + */ + +#define DH_NUM_TRIES 10 + +static int +dh_generate_key(DH *dh) +{ + mpz_t pub, priv_key, g, p; + int have_private_key = (dh->priv_key != NULL); + int codes, times = 0; + mp_result res; + + if (dh->p == NULL || dh->g == NULL) + return 0; + + while (times++ < DH_NUM_TRIES) { + if (!have_private_key) { + size_t bits = BN_num_bits(dh->p); + + if (dh->priv_key) + BN_free(dh->priv_key); + + dh->priv_key = BN_new(); + if (dh->priv_key == NULL) + return 0; + if (!BN_rand(dh->priv_key, bits - 1, 0, 0)) { + BN_clear_free(dh->priv_key); + dh->priv_key = NULL; + return 0; + } + } + if (dh->pub_key) + BN_free(dh->pub_key); + + mp_int_init(&pub); + mp_int_init(&priv_key); + mp_int_init(&g); + mp_int_init(&p); + + BN2mpz(&priv_key, dh->priv_key); + BN2mpz(&g, dh->g); + BN2mpz(&p, dh->p); + + res = mp_int_exptmod(&g, &priv_key, &p, &pub); + + mp_int_clear(&priv_key); + mp_int_clear(&g); + mp_int_clear(&p); + if (res != MP_OK) + continue; + + dh->pub_key = mpz2BN(&pub); + mp_int_clear(&pub); + if (dh->pub_key == NULL) + return 0; + + if (DH_check_pubkey(dh, dh->pub_key, &codes) && codes == 0) + break; + if (have_private_key) + return 0; + } + + if (times >= DH_NUM_TRIES) { + if (!have_private_key && dh->priv_key) { + BN_free(dh->priv_key); + dh->priv_key = NULL; + } + if (dh->pub_key) { + BN_free(dh->pub_key); + dh->pub_key = NULL; + } + return 0; + } + + return 1; +} + +static int +dh_compute_key(unsigned char *shared, const BIGNUM * pub, DH *dh) +{ + mpz_t s, priv_key, p, peer_pub; + size_t size = 0; + mp_result res; + + if (dh->pub_key == NULL || dh->g == NULL || dh->priv_key == NULL) + return -1; + + mp_int_init(&p); + BN2mpz(&p, dh->p); + + mp_int_init(&peer_pub); + BN2mpz(&peer_pub, pub); + + /* check if peers pubkey is reasonable */ + if (MP_SIGN(&peer_pub) == MP_NEG + || mp_int_compare(&peer_pub, &p) >= 0 + || mp_int_compare_value(&peer_pub, 1) <= 0) + { + mp_int_clear(&p); + mp_int_clear(&peer_pub); + return -1; + } + + mp_int_init(&priv_key); + BN2mpz(&priv_key, dh->priv_key); + + mp_int_init(&s); + + mp_int_exptmod(&peer_pub, &priv_key, &p, &s); + + mp_int_clear(&p); + mp_int_clear(&peer_pub); + mp_int_clear(&priv_key); + + size = mp_int_unsigned_len(&s); + res = mp_int_to_unsigned(&s, shared, size); + mp_int_clear(&s); + + return (res == MP_OK) ? size : -1; +} + +static int +dh_generate_params(DH *dh, int a, int b, BN_GENCB *callback) +{ + /* groups should already be known, we don't care about this */ + return 0; +} + +static int +dh_init(DH *dh) +{ + return 1; +} + +static int +dh_finish(DH *dh) +{ + return 1; +} + + +/* + * + */ + +const DH_METHOD hc_dh_imath_method = { + "hcrypto imath DH", + dh_generate_key, + dh_compute_key, + NULL, + dh_init, + dh_finish, + 0, + NULL, + dh_generate_params +}; + +const DH_METHOD * +DH_imath_method(void) +{ + return &hc_dh_imath_method; +} diff --git a/source4/heimdal/lib/des/dh.c b/source4/heimdal/lib/des/dh.c new file mode 100644 index 0000000000..66d611f6d4 --- /dev/null +++ b/source4/heimdal/lib/des/dh.c @@ -0,0 +1,294 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: dh.c,v 1.10 2006/10/19 17:31:51 lha Exp $"); + +#include +#include +#include + +#include + +/* + * + */ + +DH * +DH_new(void) +{ + return DH_new_method(NULL); +} + +DH * +DH_new_method(ENGINE *engine) +{ + DH *dh; + + dh = calloc(1, sizeof(*dh)); + if (dh == NULL) + return NULL; + + dh->references = 1; + + if (engine) { + ENGINE_up_ref(engine); + dh->engine = engine; + } else { + dh->engine = ENGINE_get_default_DH(); + } + + if (dh->engine) { + dh->meth = ENGINE_get_DH(dh->engine); + if (dh->meth == NULL) { + ENGINE_finish(engine); + free(dh); + return 0; + } + } + + if (dh->meth == NULL) + dh->meth = DH_get_default_method(); + + (*dh->meth->init)(dh); + + return dh; +} + +void +DH_free(DH *dh) +{ + if (dh->references <= 0) + abort(); + + if (--dh->references > 0) + return; + + (*dh->meth->finish)(dh); + + if (dh->engine) + ENGINE_finish(dh->engine); + +#define free_if(f) if (f) { BN_free(f); } + free_if(dh->p); + free_if(dh->g); + free_if(dh->pub_key); + free_if(dh->priv_key); + free_if(dh->q); + free_if(dh->j); + free_if(dh->counter); +#undef free_if + + memset(dh, 0, sizeof(*dh)); + free(dh); +} + +int +DH_up_ref(DH *dh) +{ + return ++dh->references; +} + +int +DH_size(const DH *dh) +{ + return BN_num_bytes(dh->p); +} + +int +DH_set_ex_data(DH *dh, int idx, void *data) +{ + dh->ex_data.sk = data; + return 1; +} + +void * +DH_get_ex_data(DH *dh, int idx) +{ + return dh->ex_data.sk; +} + +int +DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb) +{ + if (dh->meth->generate_params) + return dh->meth->generate_params(dh, prime_len, generator, cb); + return 0; +} + +/* + * Check that + * + * pub_key > 1 and pub_key < p - 1 + * + * to avoid small subgroups attack. + */ + +int +DH_check_pubkey(const DH *dh, const BIGNUM *pub_key, int *codes) +{ + BIGNUM *bn = NULL, *sum = NULL; + int ret = 0; + + *codes = 0; + + bn = BN_new(); + if (bn == NULL) + goto out; + + if (!BN_set_word(bn, 1)) + goto out; + + if (BN_cmp(bn, pub_key) >= 0) + *codes |= DH_CHECK_PUBKEY_TOO_SMALL; + + sum = BN_new(); + if (sum == NULL) + goto out; + + BN_uadd(sum, pub_key, bn); + + if (BN_cmp(sum, dh->p) >= 0) + *codes |= DH_CHECK_PUBKEY_TOO_LARGE; + + ret = 1; +out: + if (bn) + BN_free(bn); + if (sum) + BN_free(sum); + + return ret; +} + +int +DH_generate_key(DH *dh) +{ + return dh->meth->generate_key(dh); +} + +int +DH_compute_key(unsigned char *shared_key, + const BIGNUM *peer_pub_key, DH *dh) +{ + int codes; + + if (!DH_check_pubkey(dh, peer_pub_key, &codes) || codes != 0) + return -1; + + return dh->meth->compute_key(shared_key, peer_pub_key, dh); +} + +int +DH_set_method(DH *dh, const DH_METHOD *method) +{ + (*dh->meth->finish)(dh); + if (dh->engine) { + ENGINE_finish(dh->engine); + dh->engine = NULL; + } + dh->meth = method; + (*dh->meth->init)(dh); + return 1; +} + +/* + * + */ + +static int +dh_null_generate_key(DH *dh) +{ + return 0; +} + +static int +dh_null_compute_key(unsigned char *shared,const BIGNUM *pub, DH *dh) +{ + return 0; +} + +static int +dh_null_init(DH *dh) +{ + return 1; +} + +static int +dh_null_finish(DH *dh) +{ + return 1; +} + +static int +dh_null_generate_params(DH *dh, int prime_num, int len, BN_GENCB *cb) +{ + return 0; +} + +static const DH_METHOD dh_null_method = { + "hcrypto null DH", + dh_null_generate_key, + dh_null_compute_key, + NULL, + dh_null_init, + dh_null_finish, + 0, + NULL, + dh_null_generate_params +}; + +extern const DH_METHOD hc_dh_imath_method; +static const DH_METHOD *dh_default_method = &hc_dh_imath_method; + +const DH_METHOD * +DH_null_method(void) +{ + return &dh_null_method; +} + +void +DH_set_default_method(const DH_METHOD *meth) +{ + dh_default_method = meth; +} + +const DH_METHOD * +DH_get_default_method(void) +{ + return dh_default_method; +} + diff --git a/source4/heimdal/lib/des/dsa.c b/source4/heimdal/lib/des/dsa.c new file mode 100644 index 0000000000..411597b1c6 --- /dev/null +++ b/source4/heimdal/lib/des/dsa.c @@ -0,0 +1,125 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: dsa.c,v 1.2 2006/05/07 11:31:58 lha Exp $"); + +#include +#include +#include + +#include + +/* + * + */ + +DSA * +DSA_new(void) +{ + DSA *dsa = calloc(1, sizeof(*dsa)); + dsa->meth = rk_UNCONST(DSA_get_default_method()); + dsa->references = 1; + return dsa; +} + +void +DSA_free(DSA *dsa) +{ + if (dsa->references <= 0) + abort(); + + if (--dsa->references > 0) + return; + + (*dsa->meth->finish)(dsa); + +#define free_if(f) if (f) { BN_free(f); } + free_if(dsa->p); + free_if(dsa->q); + free_if(dsa->g); + free_if(dsa->pub_key); + free_if(dsa->priv_key); + free_if(dsa->kinv); + free_if(dsa->r); +#undef free_if + + memset(dsa, 0, sizeof(*dsa)); + free(dsa); + +} + +int +DSA_up_ref(DSA *dsa) +{ + return ++dsa->references; +} + +/* + * + */ + +static const DSA_METHOD dsa_null_method = { + "hcrypto null DSA" +}; + +const DSA_METHOD * +DSA_null_method(void) +{ + return &dsa_null_method; +} + + +const DSA_METHOD *dsa_default_mech = &dsa_null_method; + +void +DSA_set_default_method(const DSA_METHOD *mech) +{ + dsa_default_mech = mech; +} + +const DSA_METHOD * +DSA_get_default_method(void) +{ + return dsa_default_mech; +} + +int +DSA_verify(int type, const unsigned char * digest, int digest_len, + const unsigned char *sig, int sig_len, DSA *dsa) +{ + return -1; +} diff --git a/source4/heimdal/lib/des/engine.c b/source4/heimdal/lib/des/engine.c new file mode 100644 index 0000000000..b72339c362 --- /dev/null +++ b/source4/heimdal/lib/des/engine.c @@ -0,0 +1,345 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: engine.c,v 1.11 2006/10/19 14:23:00 lha Exp $"); + +#include +#include +#include + +#include + +#ifdef HAVE_DLFCN_H +#include +#ifndef RTLD_NOW +#define RTLD_NOW 0 +#endif +#endif + +struct hc_engine { + int references; + char *name; + char *id; + void (*destroy)(ENGINE *); + const RSA_METHOD *rsa; + const DH_METHOD *dh; + const RAND_METHOD *rand; +}; + +int +ENGINE_finish(ENGINE *engine) +{ + if (engine->references-- <= 0) + abort(); + if (engine->references > 0) + return 1; + + if (engine->name) + free(engine->name); + if (engine->id) + free(engine->id); + if(engine->destroy) + (*engine->destroy)(engine); + + memset(engine, 0, sizeof(engine)); + engine->references = -1; + + + free(engine); + return 1; +} + +int +ENGINE_up_ref(ENGINE *engine) +{ + if (engine->references < 0) + abort(); + engine->references++; + return 1; +} + +int +ENGINE_set_id(ENGINE *engine, const char *id) +{ + engine->id = strdup(id); + return (engine->id == NULL) ? 0 : 1; +} + +int +ENGINE_set_name(ENGINE *engine, const char *name) +{ + engine->name = strdup(name); + return (engine->name == NULL) ? 0 : 1; +} + +int +ENGINE_set_RSA(ENGINE *engine, const RSA_METHOD *method) +{ + engine->rsa = method; + return 1; +} + +int +ENGINE_set_DH(ENGINE *engine, const DH_METHOD *method) +{ + engine->dh = method; + return 1; +} + +int +ENGINE_set_destroy_function(ENGINE *e, void (*destroy)(ENGINE *)) +{ + e->destroy = destroy; + return 1; +} + +const char * +ENGINE_get_id(const ENGINE *engine) +{ + return engine->id; +} + +const char * +ENGINE_get_name(const ENGINE *engine) +{ + return engine->name; +} + +const RSA_METHOD * +ENGINE_get_RSA(const ENGINE *engine) +{ + return engine->rsa; +} + +const DH_METHOD * +ENGINE_get_DH(const ENGINE *engine) +{ + return engine->dh; +} + +const RAND_METHOD * +ENGINE_get_RAND(const ENGINE *engine) +{ + return engine->rand; +} + +/* + * + */ + +#define SG_default_engine(type) \ +static ENGINE *type##_engine; \ +int \ +ENGINE_set_default_##type(ENGINE *engine) \ +{ \ + if (type##_engine) \ + ENGINE_finish(type##_engine); \ + type##_engine = engine; \ + if (type##_engine) \ + ENGINE_up_ref(type##_engine); \ + return 1; \ +} \ +ENGINE * \ +ENGINE_get_default_##type(void) \ +{ \ + if (type##_engine) \ + ENGINE_up_ref(type##_engine); \ + return type##_engine; \ +} + +SG_default_engine(RSA) +SG_default_engine(DH) + +#undef SG_default_engine + +/* + * + */ + +static ENGINE **engines; +static unsigned int num_engines; + +static int +add_engine(ENGINE *engine) +{ + ENGINE **d, *dup; + + dup = ENGINE_by_id(engine->id); + if (dup) { + ENGINE_finish(dup); + return 0; + } + + d = realloc(engines, (num_engines + 1) * sizeof(*engines)); + if (d == NULL) + return 1; + engines = d; + engines[num_engines++] = engine; + + return 1; +} + +void +ENGINE_load_builtin_engines(void) +{ + ENGINE *engine; + int ret; + + engine = calloc(1, sizeof(*engine)); + if (engine == NULL) + return; + + ENGINE_set_id(engine, "builtin"); + ENGINE_set_name(engine, + "Heimdal crypto builtin engine version " PACKAGE_VERSION); + ENGINE_set_RSA(engine, RSA_imath_method()); + ENGINE_set_DH(engine, DH_imath_method()); + + ret = add_engine(engine); + if (ret != 1) + ENGINE_finish(engine); +} + +ENGINE * +ENGINE_by_dso(const char *path, const char *id) +{ +#ifdef HAVE_DLOPEN + ENGINE *engine; + void *handle; + int ret; + + engine = calloc(1, sizeof(*engine)); + if (engine == NULL) + return NULL; + + handle = dlopen(path, RTLD_NOW); + if (handle == NULL) { + /* printf("error: %s\n", dlerror()); */ + free(engine); + return NULL; + } + + { + unsigned long version; + openssl_v_check v_check; + + v_check = (openssl_v_check)dlsym(handle, "v_check"); + if (v_check == NULL) { + dlclose(handle); + free(engine); + return NULL; + } + + version = (*v_check)(OPENSSL_DYNAMIC_VERSION); + if (version == 0) { + dlclose(handle); + free(engine); + return NULL; + } + } + + { + openssl_bind_engine bind_engine; + + bind_engine = (openssl_bind_engine)dlsym(handle, "bind_engine"); + if (bind_engine == NULL) { + dlclose(handle); + free(engine); + return NULL; + } + + ret = (*bind_engine)(engine, id, NULL); /* XXX fix third arg */ + if (ret != 1) { + dlclose(handle); + free(engine); + return NULL; + } + } + + ENGINE_up_ref(engine); + + ret = add_engine(engine); + if (ret != 1) { + dlclose(handle); + ENGINE_finish(engine); + return NULL; + } + + return engine; +#else + return NULL; +#endif +} + +ENGINE * +ENGINE_by_id(const char *id) +{ + int i; + + for (i = 0; i < num_engines; i++) { + if (strcmp(id, engines[i]->id) == 0) { + ENGINE_up_ref(engines[i]); + return engines[i]; + } + } + return NULL; +} + +void +ENGINE_add_conf_module(void) +{ + ENGINE *engine; + + /* + * XXX Parse configuration file instead + */ + + engine = ENGINE_by_dso("/usr/heimdal/lib/hc-modules/hc-gmp.so", NULL); + if (engine == NULL) + return; + { + const RSA_METHOD *method = ENGINE_get_RSA(engine); + if (method) + RSA_set_default_method(method); + } + { + const DH_METHOD *method = ENGINE_get_DH(engine); + if (method) + DH_set_default_method(method); + } + +} diff --git a/source4/heimdal/lib/des/imath/LICENSE b/source4/heimdal/lib/des/imath/LICENSE new file mode 100644 index 0000000000..cecfb11404 --- /dev/null +++ b/source4/heimdal/lib/des/imath/LICENSE @@ -0,0 +1,21 @@ +IMath is Copyright 2002-2006 Michael J. Fromberger +You may use it subject to the following Licensing Terms: + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/source4/heimdal/lib/des/imath/imath.c b/source4/heimdal/lib/des/imath/imath.c new file mode 100755 index 0000000000..0a124fa13f --- /dev/null +++ b/source4/heimdal/lib/des/imath/imath.c @@ -0,0 +1,3246 @@ +/* + Name: imath.c + Purpose: Arbitrary precision integer arithmetic routines. + Author: M. J. Fromberger + Info: $Id: imath.c,v 1.6 2007/01/08 10:17:31 lha Exp $ + + Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved. + + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation files + (the "Software"), to deal in the Software without restriction, + including without limitation the rights to use, copy, modify, merge, + publish, distribute, sublicense, and/or sell copies of the Software, + and to permit persons to whom the Software is furnished to do so, + subject to the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + */ + +#include "imath.h" + +#if DEBUG +#include +#endif + +#include +#include +#include +#include + +#include + +/* {{{ Constants */ + +const mp_result MP_OK = 0; /* no error, all is well */ +const mp_result MP_FALSE = 0; /* boolean false */ +const mp_result MP_TRUE = -1; /* boolean true */ +const mp_result MP_MEMORY = -2; /* out of memory */ +const mp_result MP_RANGE = -3; /* argument out of range */ +const mp_result MP_UNDEF = -4; /* result undefined */ +const mp_result MP_TRUNC = -5; /* output truncated */ +const mp_result MP_BADARG = -6; /* invalid null argument */ + +const mp_sign MP_NEG = 1; /* value is strictly negative */ +const mp_sign MP_ZPOS = 0; /* value is non-negative */ + +static const char *s_unknown_err = "unknown result code"; +static const char *s_error_msg[] = { + "error code 0", + "boolean true", + "out of memory", + "argument out of range", + "result undefined", + "output truncated", + "invalid null argument", + NULL +}; + +/* }}} */ + +/* Argument checking macros + Use CHECK() where a return value is required; NRCHECK() elsewhere */ +#define CHECK(TEST) assert(TEST) +#define NRCHECK(TEST) assert(TEST) + +/* {{{ Logarithm table for computing output sizes */ + +/* The ith entry of this table gives the value of log_i(2). + + An integer value n requires ceil(log_i(n)) digits to be represented + in base i. Since it is easy to compute lg(n), by counting bits, we + can compute log_i(n) = lg(n) * log_i(2). + + The use of this table eliminates a dependency upon linkage against + the standard math libraries. + */ +static const double s_log2[] = { + 0.000000000, 0.000000000, 1.000000000, 0.630929754, /* 0 1 2 3 */ + 0.500000000, 0.430676558, 0.386852807, 0.356207187, /* 4 5 6 7 */ + 0.333333333, 0.315464877, 0.301029996, 0.289064826, /* 8 9 10 11 */ + 0.278942946, 0.270238154, 0.262649535, 0.255958025, /* 12 13 14 15 */ + 0.250000000, 0.244650542, 0.239812467, 0.235408913, /* 16 17 18 19 */ + 0.231378213, 0.227670249, 0.224243824, 0.221064729, /* 20 21 22 23 */ + 0.218104292, 0.215338279, 0.212746054, 0.210309918, /* 24 25 26 27 */ + 0.208014598, 0.205846832, 0.203795047, 0.201849087, /* 28 29 30 31 */ + 0.200000000, 0.198239863, 0.196561632, 0.194959022, /* 32 33 34 35 */ + 0.193426404, 0.191958720, 0.190551412, 0.189200360, /* 36 37 38 39 */ + 0.187901825, 0.186652411, 0.185449023, 0.184288833, /* 40 41 42 43 */ + 0.183169251, 0.182087900, 0.181042597, 0.180031327, /* 44 45 46 47 */ + 0.179052232, 0.178103594, 0.177183820, 0.176291434, /* 48 49 50 51 */ + 0.175425064, 0.174583430, 0.173765343, 0.172969690, /* 52 53 54 55 */ + 0.172195434, 0.171441601, 0.170707280, 0.169991616, /* 56 57 58 59 */ + 0.169293808, 0.168613099, 0.167948779, 0.167300179, /* 60 61 62 63 */ + 0.166666667 +}; + +/* }}} */ +/* {{{ Various macros */ + +/* Return the number of digits needed to represent a static value */ +#define MP_VALUE_DIGITS(V) \ +((sizeof(V)+(sizeof(mp_digit)-1))/sizeof(mp_digit)) + +/* Round precision P to nearest word boundary */ +#define ROUND_PREC(P) ((mp_size)(2*(((P)+1)/2))) + +/* Set array P of S digits to zero */ +#define ZERO(P, S) \ +do{mp_size i__=(S)*sizeof(mp_digit);mp_digit *p__=(P);memset(p__,0,i__);}while(0) + +/* Copy S digits from array P to array Q */ +#define COPY(P, Q, S) \ +do{mp_size i__=(S)*sizeof(mp_digit);mp_digit *p__=(P),*q__=(Q);\ +memcpy(q__,p__,i__);}while(0) + +/* Reverse N elements of type T in array A */ +#define REV(T, A, N) \ +do{T *u_=(A),*v_=u_+(N)-1;while(u_ 1 && (*dz_-- == 0)) --uz_;MP_USED(z_)=uz_;}while(0) +#endif + +#define MIN(A, B) ((B)<(A)?(B):(A)) +#define MAX(A, B) ((B)>(A)?(B):(A)) +#define SWAP(T, A, B) do{T t_=(A);A=(B);B=t_;}while(0) + +#define TEMP(K) (temp + (K)) +#define SETUP(E, C) \ +do{if((res = (E)) != MP_OK) goto CLEANUP; ++(C);}while(0) + +#define CMPZ(Z) \ +(((Z)->used==1&&(Z)->digits[0]==0)?0:((Z)->sign==MP_NEG)?-1:1) + +#define UMUL(X, Y, Z) \ +do{mp_size ua_=MP_USED(X),ub_=MP_USED(Y);mp_size o_=ua_+ub_;\ +ZERO(MP_DIGITS(Z),o_);\ +(void) s_kmul(MP_DIGITS(X),MP_DIGITS(Y),MP_DIGITS(Z),ua_,ub_);\ +MP_USED(Z)=o_;CLAMP(Z);}while(0) + +#define USQR(X, Z) \ +do{mp_size ua_=MP_USED(X),o_=ua_+ua_;ZERO(MP_DIGITS(Z),o_);\ +(void) s_ksqr(MP_DIGITS(X),MP_DIGITS(Z),ua_);MP_USED(Z)=o_;CLAMP(Z);}while(0) + +#define UPPER_HALF(W) ((mp_word)((W) >> MP_DIGIT_BIT)) +#define LOWER_HALF(W) ((mp_digit)(W)) +#define HIGH_BIT_SET(W) ((W) >> (MP_WORD_BIT - 1)) +#define ADD_WILL_OVERFLOW(W, V) ((MP_WORD_MAX - (V)) < (W)) + +/* }}} */ +/* {{{ Default configuration settings */ + +/* Default number of digits allocated to a new mp_int */ +#if IMATH_TEST +mp_size default_precision = MP_DEFAULT_PREC; +#else +static const mp_size default_precision = MP_DEFAULT_PREC; +#endif + +/* Minimum number of digits to invoke recursive multiply */ +#if IMATH_TEST +mp_size multiply_threshold = MP_MULT_THRESH; +#else +static const mp_size multiply_threshold = MP_MULT_THRESH; +#endif + +/* }}} */ + +/* Allocate a buffer of (at least) num digits, or return + NULL if that couldn't be done. */ +static mp_digit *s_alloc(mp_size num); +#if TRACEABLE_FREE +static void s_free(void *ptr); +#else +#define s_free(P) free(P) +#endif + +/* Insure that z has at least min digits allocated, resizing if + necessary. Returns true if successful, false if out of memory. */ +int s_pad(mp_int z, mp_size min); + +/* Normalize by removing leading zeroes (except when z = 0) */ +#if TRACEABLE_CLAMP +static void s_clamp(mp_int z); +#endif + +/* Fill in a "fake" mp_int on the stack with a given value */ +static void s_fake(mp_int z, int value, mp_digit vbuf[]); + +/* Compare two runs of digits of given length, returns <0, 0, >0 */ +static int s_cdig(mp_digit *da, mp_digit *db, mp_size len); + +/* Pack the unsigned digits of v into array t */ +static int s_vpack(int v, mp_digit t[]); + +/* Compare magnitudes of a and b, returns <0, 0, >0 */ +static int s_ucmp(mp_int a, mp_int b); + +/* Compare magnitudes of a and v, returns <0, 0, >0 */ +static int s_vcmp(mp_int a, int v); + +/* Unsigned magnitude addition; assumes dc is big enough. + Carry out is returned (no memory allocated). */ +static mp_digit s_uadd(mp_digit *da, mp_digit *db, mp_digit *dc, + mp_size size_a, mp_size size_b); + +/* Unsigned magnitude subtraction. Assumes dc is big enough. */ +static void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc, + mp_size size_a, mp_size size_b); + +/* Unsigned recursive multiplication. Assumes dc is big enough. */ +static int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc, + mp_size size_a, mp_size size_b); + +/* Unsigned magnitude multiplication. Assumes dc is big enough. */ +static void s_umul(mp_digit *da, mp_digit *db, mp_digit *dc, + mp_size size_a, mp_size size_b); + +/* Unsigned recursive squaring. Assumes dc is big enough. */ +static int s_ksqr(mp_digit *da, mp_digit *dc, mp_size size_a); + +/* Unsigned magnitude squaring. Assumes dc is big enough. */ +static void s_usqr(mp_digit *da, mp_digit *dc, mp_size size_a); + +/* Single digit addition. Assumes a is big enough. */ +static void s_dadd(mp_int a, mp_digit b); + +/* Single digit multiplication. Assumes a is big enough. */ +static void s_dmul(mp_int a, mp_digit b); + +/* Single digit multiplication on buffers; assumes dc is big enough. */ +static void s_dbmul(mp_digit *da, mp_digit b, mp_digit *dc, + mp_size size_a); + +/* Single digit division. Replaces a with the quotient, + returns the remainder. */ +static mp_digit s_ddiv(mp_int a, mp_digit b); + +/* Quick division by a power of 2, replaces z (no allocation) */ +static void s_qdiv(mp_int z, mp_size p2); + +/* Quick remainder by a power of 2, replaces z (no allocation) */ +static void s_qmod(mp_int z, mp_size p2); + +/* Quick multiplication by a power of 2, replaces z. + Allocates if necessary; returns false in case this fails. */ +static int s_qmul(mp_int z, mp_size p2); + +/* Quick subtraction from a power of 2, replaces z. + Allocates if necessary; returns false in case this fails. */ +static int s_qsub(mp_int z, mp_size p2); + +/* Return maximum k such that 2^k divides z. */ +static int s_dp2k(mp_int z); + +/* Return k >= 0 such that z = 2^k, or -1 if there is no such k. */ +static int s_isp2(mp_int z); + +/* Set z to 2^k. May allocate; returns false in case this fails. */ +static int s_2expt(mp_int z, int k); + +/* Normalize a and b for division, returns normalization constant */ +static int s_norm(mp_int a, mp_int b); + +/* Compute constant mu for Barrett reduction, given modulus m, result + replaces z, m is untouched. */ +static mp_result s_brmu(mp_int z, mp_int m); + +/* Reduce a modulo m, using Barrett's algorithm. */ +static int s_reduce(mp_int x, mp_int m, mp_int mu, mp_int q1, mp_int q2); + +/* Modular exponentiation, using Barrett reduction */ +mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c); + +/* Unsigned magnitude division. Assumes |a| > |b|. Allocates + temporaries; overwrites a with quotient, b with remainder. */ +static mp_result s_udiv(mp_int a, mp_int b); + +/* Compute the number of digits in radix r required to represent the + given value. Does not account for sign flags, terminators, etc. */ +static int s_outlen(mp_int z, mp_size r); + +/* Guess how many digits of precision will be needed to represent a + radix r value of the specified number of digits. Returns a value + guaranteed to be no smaller than the actual number required. */ +static mp_size s_inlen(int len, mp_size r); + +/* Convert a character to a digit value in radix r, or + -1 if out of range */ +static int s_ch2val(char c, int r); + +/* Convert a digit value to a character */ +static char s_val2ch(int v, int caps); + +/* Take 2's complement of a buffer in place */ +static void s_2comp(unsigned char *buf, int len); + +/* Convert a value to binary, ignoring sign. On input, *limpos is the + bound on how many bytes should be written to buf; on output, *limpos + is set to the number of bytes actually written. */ +static mp_result s_tobin(mp_int z, unsigned char *buf, int *limpos, int pad); + +#if DEBUG +/* Dump a representation of the mp_int to standard output */ +void s_print(char *tag, mp_int z); +void s_print_buf(char *tag, mp_digit *buf, mp_size num); +#endif + +/* {{{ mp_int_init(z) */ + +mp_result mp_int_init(mp_int z) +{ + if(z == NULL) + return MP_BADARG; + + z->single = 0; + z->digits = &(z->single); + z->alloc = 1; + z->used = 1; + z->sign = MP_ZPOS; + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_alloc() */ + +mp_int mp_int_alloc(void) +{ + mp_int out = malloc(sizeof(mpz_t)); + + if(out != NULL) + mp_int_init(out); + + return out; +} + +/* }}} */ + +/* {{{ mp_int_init_size(z, prec) */ + +mp_result mp_int_init_size(mp_int z, mp_size prec) +{ + CHECK(z != NULL); + + if(prec == 0) + prec = default_precision; + else if(prec == 1) + return mp_int_init(z); + else + prec = (mp_size) ROUND_PREC(prec); + + if((MP_DIGITS(z) = s_alloc(prec)) == NULL) + return MP_MEMORY; + + z->digits[0] = 0; + MP_USED(z) = 1; + MP_ALLOC(z) = prec; + MP_SIGN(z) = MP_ZPOS; + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_init_copy(z, old) */ + +mp_result mp_int_init_copy(mp_int z, mp_int old) +{ + mp_result res; + mp_size uold; + + CHECK(z != NULL && old != NULL); + + uold = MP_USED(old); + if(uold == 1) { + mp_int_init(z); + } + else { + mp_size target = MAX(uold, default_precision); + + if((res = mp_int_init_size(z, target)) != MP_OK) + return res; + } + + MP_USED(z) = uold; + MP_SIGN(z) = MP_SIGN(old); + COPY(MP_DIGITS(old), MP_DIGITS(z), uold); + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_init_value(z, value) */ + +mp_result mp_int_init_value(mp_int z, int value) +{ + mpz_t vtmp; + mp_digit vbuf[MP_VALUE_DIGITS(value)]; + + s_fake(&vtmp, value, vbuf); + return mp_int_init_copy(z, &vtmp); +} + +/* }}} */ + +/* {{{ mp_int_set_value(z, value) */ + +mp_result mp_int_set_value(mp_int z, int value) +{ + mpz_t vtmp; + mp_digit vbuf[MP_VALUE_DIGITS(value)]; + + s_fake(&vtmp, value, vbuf); + return mp_int_copy(&vtmp, z); +} + +/* }}} */ + +/* {{{ mp_int_clear(z) */ + +void mp_int_clear(mp_int z) +{ + if(z == NULL) + return; + + if(MP_DIGITS(z) != NULL) { + if((void *) MP_DIGITS(z) != (void *) z) + s_free(MP_DIGITS(z)); + + MP_DIGITS(z) = NULL; + } +} + +/* }}} */ + +/* {{{ mp_int_free(z) */ + +void mp_int_free(mp_int z) +{ + NRCHECK(z != NULL); + + mp_int_clear(z); + free(z); +} + +/* }}} */ + +/* {{{ mp_int_copy(a, c) */ + +mp_result mp_int_copy(mp_int a, mp_int c) +{ + CHECK(a != NULL && c != NULL); + + if(a != c) { + mp_size ua = MP_USED(a); + mp_digit *da, *dc; + + if(!s_pad(c, ua)) + return MP_MEMORY; + + da = MP_DIGITS(a); dc = MP_DIGITS(c); + COPY(da, dc, ua); + + MP_USED(c) = ua; + MP_SIGN(c) = MP_SIGN(a); + } + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_swap(a, c) */ + +void mp_int_swap(mp_int a, mp_int c) +{ + if(a != c) { + mpz_t tmp = *a; + + *a = *c; + *c = tmp; + } +} + +/* }}} */ + +/* {{{ mp_int_zero(z) */ + +void mp_int_zero(mp_int z) +{ + NRCHECK(z != NULL); + + z->digits[0] = 0; + MP_USED(z) = 1; + MP_SIGN(z) = MP_ZPOS; +} + +/* }}} */ + +/* {{{ mp_int_abs(a, c) */ + +mp_result mp_int_abs(mp_int a, mp_int c) +{ + mp_result res; + + CHECK(a != NULL && c != NULL); + + if((res = mp_int_copy(a, c)) != MP_OK) + return res; + + MP_SIGN(c) = MP_ZPOS; + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_neg(a, c) */ + +mp_result mp_int_neg(mp_int a, mp_int c) +{ + mp_result res; + + CHECK(a != NULL && c != NULL); + + if((res = mp_int_copy(a, c)) != MP_OK) + return res; + + if(CMPZ(c) != 0) + MP_SIGN(c) = 1 - MP_SIGN(a); + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_add(a, b, c) */ + +mp_result mp_int_add(mp_int a, mp_int b, mp_int c) +{ + mp_size ua, ub, uc, max; + + CHECK(a != NULL && b != NULL && c != NULL); + + ua = MP_USED(a); ub = MP_USED(b); uc = MP_USED(c); + max = MAX(ua, ub); + + if(MP_SIGN(a) == MP_SIGN(b)) { + /* Same sign -- add magnitudes, preserve sign of addends */ + mp_digit carry; + + if(!s_pad(c, max)) + return MP_MEMORY; + + carry = s_uadd(MP_DIGITS(a), MP_DIGITS(b), MP_DIGITS(c), ua, ub); + uc = max; + + if(carry) { + if(!s_pad(c, max + 1)) + return MP_MEMORY; + + c->digits[max] = carry; + ++uc; + } + + MP_USED(c) = uc; + MP_SIGN(c) = MP_SIGN(a); + + } + else { + /* Different signs -- subtract magnitudes, preserve sign of greater */ + mp_int x, y; + int cmp = s_ucmp(a, b); /* magnitude comparision, sign ignored */ + + /* Set x to max(a, b), y to min(a, b) to simplify later code */ + if(cmp >= 0) { + x = a; y = b; + } + else { + x = b; y = a; + } + + if(!s_pad(c, MP_USED(x))) + return MP_MEMORY; + + /* Subtract smaller from larger */ + s_usub(MP_DIGITS(x), MP_DIGITS(y), MP_DIGITS(c), MP_USED(x), MP_USED(y)); + MP_USED(c) = MP_USED(x); + CLAMP(c); + + /* Give result the sign of the larger */ + MP_SIGN(c) = MP_SIGN(x); + } + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_add_value(a, value, c) */ + +mp_result mp_int_add_value(mp_int a, int value, mp_int c) +{ + mpz_t vtmp; + mp_digit vbuf[MP_VALUE_DIGITS(value)]; + + s_fake(&vtmp, value, vbuf); + + return mp_int_add(a, &vtmp, c); +} + +/* }}} */ + +/* {{{ mp_int_sub(a, b, c) */ + +mp_result mp_int_sub(mp_int a, mp_int b, mp_int c) +{ + mp_size ua, ub, uc, max; + + CHECK(a != NULL && b != NULL && c != NULL); + + ua = MP_USED(a); ub = MP_USED(b); uc = MP_USED(c); + max = MAX(ua, ub); + + if(MP_SIGN(a) != MP_SIGN(b)) { + /* Different signs -- add magnitudes and keep sign of a */ + mp_digit carry; + + if(!s_pad(c, max)) + return MP_MEMORY; + + carry = s_uadd(MP_DIGITS(a), MP_DIGITS(b), MP_DIGITS(c), ua, ub); + uc = max; + + if(carry) { + if(!s_pad(c, max + 1)) + return MP_MEMORY; + + c->digits[max] = carry; + ++uc; + } + + MP_USED(c) = uc; + MP_SIGN(c) = MP_SIGN(a); + + } + else { + /* Same signs -- subtract magnitudes */ + mp_int x, y; + mp_sign osign; + int cmp = s_ucmp(a, b); + + if(!s_pad(c, max)) + return MP_MEMORY; + + if(cmp >= 0) { + x = a; y = b; osign = MP_ZPOS; + } + else { + x = b; y = a; osign = MP_NEG; + } + + if(MP_SIGN(a) == MP_NEG && cmp != 0) + osign = 1 - osign; + + s_usub(MP_DIGITS(x), MP_DIGITS(y), MP_DIGITS(c), MP_USED(x), MP_USED(y)); + MP_USED(c) = MP_USED(x); + CLAMP(c); + + MP_SIGN(c) = osign; + } + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_sub_value(a, value, c) */ + +mp_result mp_int_sub_value(mp_int a, int value, mp_int c) +{ + mpz_t vtmp; + mp_digit vbuf[MP_VALUE_DIGITS(value)]; + + s_fake(&vtmp, value, vbuf); + + return mp_int_sub(a, &vtmp, c); +} + +/* }}} */ + +/* {{{ mp_int_mul(a, b, c) */ + +mp_result mp_int_mul(mp_int a, mp_int b, mp_int c) +{ + mp_digit *out; + mp_size osize, ua, ub, p = 0; + mp_sign osign; + + CHECK(a != NULL && b != NULL && c != NULL); + + /* If either input is zero, we can shortcut multiplication */ + if(mp_int_compare_zero(a) == 0 || mp_int_compare_zero(b) == 0) { + mp_int_zero(c); + return MP_OK; + } + + /* Output is positive if inputs have same sign, otherwise negative */ + osign = (MP_SIGN(a) == MP_SIGN(b)) ? MP_ZPOS : MP_NEG; + + /* If the output is not equal to any of the inputs, we'll write the + results there directly; otherwise, allocate a temporary space. */ + ua = MP_USED(a); ub = MP_USED(b); + osize = ua + ub; + + if(c == a || c == b) { + p = ROUND_PREC(osize); + p = MAX(p, default_precision); + + if((out = s_alloc(p)) == NULL) + return MP_MEMORY; + } + else { + if(!s_pad(c, osize)) + return MP_MEMORY; + + out = MP_DIGITS(c); + } + ZERO(out, osize); + + if(!s_kmul(MP_DIGITS(a), MP_DIGITS(b), out, ua, ub)) + return MP_MEMORY; + + /* If we allocated a new buffer, get rid of whatever memory c was + already using, and fix up its fields to reflect that. + */ + if(out != MP_DIGITS(c)) { + if((void *) MP_DIGITS(c) != (void *) c) + s_free(MP_DIGITS(c)); + MP_DIGITS(c) = out; + MP_ALLOC(c) = p; + } + + MP_USED(c) = osize; /* might not be true, but we'll fix it ... */ + CLAMP(c); /* ... right here */ + MP_SIGN(c) = osign; + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_mul_value(a, value, c) */ + +mp_result mp_int_mul_value(mp_int a, int value, mp_int c) +{ + mpz_t vtmp; + mp_digit vbuf[MP_VALUE_DIGITS(value)]; + + s_fake(&vtmp, value, vbuf); + + return mp_int_mul(a, &vtmp, c); +} + +/* }}} */ + +/* {{{ mp_int_mul_pow2(a, p2, c) */ + +mp_result mp_int_mul_pow2(mp_int a, int p2, mp_int c) +{ + mp_result res; + CHECK(a != NULL && c != NULL && p2 >= 0); + + if((res = mp_int_copy(a, c)) != MP_OK) + return res; + + if(s_qmul(c, (mp_size) p2)) + return MP_OK; + else + return MP_MEMORY; +} + +/* }}} */ + +/* {{{ mp_int_sqr(a, c) */ + +mp_result mp_int_sqr(mp_int a, mp_int c) +{ + mp_digit *out; + mp_size osize, p = 0; + + CHECK(a != NULL && c != NULL); + + /* Get a temporary buffer big enough to hold the result */ + osize = (mp_size) 2 * MP_USED(a); + if(a == c) { + p = ROUND_PREC(osize); + p = MAX(p, default_precision); + + if((out = s_alloc(p)) == NULL) + return MP_MEMORY; + } + else { + if(!s_pad(c, osize)) + return MP_MEMORY; + + out = MP_DIGITS(c); + } + ZERO(out, osize); + + s_ksqr(MP_DIGITS(a), out, MP_USED(a)); + + /* Get rid of whatever memory c was already using, and fix up its + fields to reflect the new digit array it's using + */ + if(out != MP_DIGITS(c)) { + if((void *) MP_DIGITS(c) != (void *) c) + s_free(MP_DIGITS(c)); + MP_DIGITS(c) = out; + MP_ALLOC(c) = p; + } + + MP_USED(c) = osize; /* might not be true, but we'll fix it ... */ + CLAMP(c); /* ... right here */ + MP_SIGN(c) = MP_ZPOS; + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_div(a, b, q, r) */ + +mp_result mp_int_div(mp_int a, mp_int b, mp_int q, mp_int r) +{ + int cmp, last = 0, lg; + mp_result res = MP_OK; + mpz_t temp[2]; + mp_int qout, rout; + mp_sign sa = MP_SIGN(a), sb = MP_SIGN(b); + + CHECK(a != NULL && b != NULL && q != r); + + if(CMPZ(b) == 0) + return MP_UNDEF; + else if((cmp = s_ucmp(a, b)) < 0) { + /* If |a| < |b|, no division is required: + q = 0, r = a + */ + if(r && (res = mp_int_copy(a, r)) != MP_OK) + return res; + + if(q) + mp_int_zero(q); + + return MP_OK; + } + else if(cmp == 0) { + /* If |a| = |b|, no division is required: + q = 1 or -1, r = 0 + */ + if(r) + mp_int_zero(r); + + if(q) { + mp_int_zero(q); + q->digits[0] = 1; + + if(sa != sb) + MP_SIGN(q) = MP_NEG; + } + + return MP_OK; + } + + /* When |a| > |b|, real division is required. We need someplace to + store quotient and remainder, but q and r are allowed to be NULL + or to overlap with the inputs. + */ + if((lg = s_isp2(b)) < 0) { + if(q && b != q && (res = mp_int_copy(a, q)) == MP_OK) { + qout = q; + } + else { + qout = TEMP(last); + SETUP(mp_int_init_copy(TEMP(last), a), last); + } + + if(r && a != r && (res = mp_int_copy(b, r)) == MP_OK) { + rout = r; + } + else { + rout = TEMP(last); + SETUP(mp_int_init_copy(TEMP(last), b), last); + } + + if((res = s_udiv(qout, rout)) != MP_OK) goto CLEANUP; + } + else { + if(q && (res = mp_int_copy(a, q)) != MP_OK) goto CLEANUP; + if(r && (res = mp_int_copy(a, r)) != MP_OK) goto CLEANUP; + + if(q) s_qdiv(q, (mp_size) lg); qout = q; + if(r) s_qmod(r, (mp_size) lg); rout = r; + } + + /* Recompute signs for output */ + if(rout) { + MP_SIGN(rout) = sa; + if(CMPZ(rout) == 0) + MP_SIGN(rout) = MP_ZPOS; + } + if(qout) { + MP_SIGN(qout) = (sa == sb) ? MP_ZPOS : MP_NEG; + if(CMPZ(qout) == 0) + MP_SIGN(qout) = MP_ZPOS; + } + + if(q && (res = mp_int_copy(qout, q)) != MP_OK) goto CLEANUP; + if(r && (res = mp_int_copy(rout, r)) != MP_OK) goto CLEANUP; + + CLEANUP: + while(--last >= 0) + mp_int_clear(TEMP(last)); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_mod(a, m, c) */ + +mp_result mp_int_mod(mp_int a, mp_int m, mp_int c) +{ + mp_result res; + mpz_t tmp; + mp_int out; + + if(m == c) { + mp_int_init(&tmp); + out = &tmp; + } + else { + out = c; + } + + if((res = mp_int_div(a, m, NULL, out)) != MP_OK) + goto CLEANUP; + + if(CMPZ(out) < 0) + res = mp_int_add(out, m, c); + else + res = mp_int_copy(out, c); + + CLEANUP: + if(out != c) + mp_int_clear(&tmp); + + return res; +} + +/* }}} */ + + +/* {{{ mp_int_div_value(a, value, q, r) */ + +mp_result mp_int_div_value(mp_int a, int value, mp_int q, int *r) +{ + mpz_t vtmp, rtmp; + mp_digit vbuf[MP_VALUE_DIGITS(value)]; + mp_result res; + + mp_int_init(&rtmp); + s_fake(&vtmp, value, vbuf); + + if((res = mp_int_div(a, &vtmp, q, &rtmp)) != MP_OK) + goto CLEANUP; + + if(r) + (void) mp_int_to_int(&rtmp, r); /* can't fail */ + + CLEANUP: + mp_int_clear(&rtmp); + return res; +} + +/* }}} */ + +/* {{{ mp_int_div_pow2(a, p2, q, r) */ + +mp_result mp_int_div_pow2(mp_int a, int p2, mp_int q, mp_int r) +{ + mp_result res = MP_OK; + + CHECK(a != NULL && p2 >= 0 && q != r); + + if(q != NULL && (res = mp_int_copy(a, q)) == MP_OK) + s_qdiv(q, (mp_size) p2); + + if(res == MP_OK && r != NULL && (res = mp_int_copy(a, r)) == MP_OK) + s_qmod(r, (mp_size) p2); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_expt(a, b, c) */ + +mp_result mp_int_expt(mp_int a, int b, mp_int c) +{ + mpz_t t; + mp_result res; + unsigned int v = abs(b); + + CHECK(b >= 0 && c != NULL); + + if((res = mp_int_init_copy(&t, a)) != MP_OK) + return res; + + (void) mp_int_set_value(c, 1); + while(v != 0) { + if(v & 1) { + if((res = mp_int_mul(c, &t, c)) != MP_OK) + goto CLEANUP; + } + + v >>= 1; + if(v == 0) break; + + if((res = mp_int_sqr(&t, &t)) != MP_OK) + goto CLEANUP; + } + + CLEANUP: + mp_int_clear(&t); + return res; +} + +/* }}} */ + +/* {{{ mp_int_expt_value(a, b, c) */ + +mp_result mp_int_expt_value(int a, int b, mp_int c) +{ + mpz_t t; + mp_result res; + unsigned int v = abs(b); + + CHECK(b >= 0 && c != NULL); + + if((res = mp_int_init_value(&t, a)) != MP_OK) + return res; + + (void) mp_int_set_value(c, 1); + while(v != 0) { + if(v & 1) { + if((res = mp_int_mul(c, &t, c)) != MP_OK) + goto CLEANUP; + } + + v >>= 1; + if(v == 0) break; + + if((res = mp_int_sqr(&t, &t)) != MP_OK) + goto CLEANUP; + } + + CLEANUP: + mp_int_clear(&t); + return res; +} + +/* }}} */ + +/* {{{ mp_int_compare(a, b) */ + +int mp_int_compare(mp_int a, mp_int b) +{ + mp_sign sa; + + CHECK(a != NULL && b != NULL); + + sa = MP_SIGN(a); + if(sa == MP_SIGN(b)) { + int cmp = s_ucmp(a, b); + + /* If they're both zero or positive, the normal comparison + applies; if both negative, the sense is reversed. */ + if(sa == MP_ZPOS) + return cmp; + else + return -cmp; + + } + else { + if(sa == MP_ZPOS) + return 1; + else + return -1; + } +} + +/* }}} */ + +/* {{{ mp_int_compare_unsigned(a, b) */ + +int mp_int_compare_unsigned(mp_int a, mp_int b) +{ + NRCHECK(a != NULL && b != NULL); + + return s_ucmp(a, b); +} + +/* }}} */ + +/* {{{ mp_int_compare_zero(z) */ + +int mp_int_compare_zero(mp_int z) +{ + NRCHECK(z != NULL); + + if(MP_USED(z) == 1 && z->digits[0] == 0) + return 0; + else if(MP_SIGN(z) == MP_ZPOS) + return 1; + else + return -1; +} + +/* }}} */ + +/* {{{ mp_int_compare_value(z, value) */ + +int mp_int_compare_value(mp_int z, int value) +{ + mp_sign vsign = (value < 0) ? MP_NEG : MP_ZPOS; + int cmp; + + CHECK(z != NULL); + + if(vsign == MP_SIGN(z)) { + cmp = s_vcmp(z, value); + + if(vsign == MP_ZPOS) + return cmp; + else + return -cmp; + } + else { + if(value < 0) + return 1; + else + return -1; + } +} + +/* }}} */ + +/* {{{ mp_int_exptmod(a, b, m, c) */ + +mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m, mp_int c) +{ + mp_result res; + mp_size um; + mpz_t temp[3]; + mp_int s; + int last = 0; + + CHECK(a != NULL && b != NULL && c != NULL && m != NULL); + + /* Zero moduli and negative exponents are not considered. */ + if(CMPZ(m) == 0) + return MP_UNDEF; + if(CMPZ(b) < 0) + return MP_RANGE; + + um = MP_USED(m); + SETUP(mp_int_init_size(TEMP(0), 2 * um), last); + SETUP(mp_int_init_size(TEMP(1), 2 * um), last); + + if(c == b || c == m) { + SETUP(mp_int_init_size(TEMP(2), 2 * um), last); + s = TEMP(2); + } + else { + s = c; + } + + if((res = mp_int_mod(a, m, TEMP(0))) != MP_OK) goto CLEANUP; + + if((res = s_brmu(TEMP(1), m)) != MP_OK) goto CLEANUP; + + if((res = s_embar(TEMP(0), b, m, TEMP(1), s)) != MP_OK) + goto CLEANUP; + + res = mp_int_copy(s, c); + + CLEANUP: + while(--last >= 0) + mp_int_clear(TEMP(last)); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_exptmod_evalue(a, value, m, c) */ + +mp_result mp_int_exptmod_evalue(mp_int a, int value, mp_int m, mp_int c) +{ + mpz_t vtmp; + mp_digit vbuf[MP_VALUE_DIGITS(value)]; + + s_fake(&vtmp, value, vbuf); + + return mp_int_exptmod(a, &vtmp, m, c); +} + +/* }}} */ + +/* {{{ mp_int_exptmod_bvalue(v, b, m, c) */ + +mp_result mp_int_exptmod_bvalue(int value, mp_int b, + mp_int m, mp_int c) +{ + mpz_t vtmp; + mp_digit vbuf[MP_VALUE_DIGITS(value)]; + + s_fake(&vtmp, value, vbuf); + + return mp_int_exptmod(&vtmp, b, m, c); +} + +/* }}} */ + +/* {{{ mp_int_exptmod_known(a, b, m, mu, c) */ + +mp_result mp_int_exptmod_known(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c) +{ + mp_result res; + mp_size um; + mpz_t temp[2]; + mp_int s; + int last = 0; + + CHECK(a && b && m && c); + + /* Zero moduli and negative exponents are not considered. */ + if(CMPZ(m) == 0) + return MP_UNDEF; + if(CMPZ(b) < 0) + return MP_RANGE; + + um = MP_USED(m); + SETUP(mp_int_init_size(TEMP(0), 2 * um), last); + + if(c == b || c == m) { + SETUP(mp_int_init_size(TEMP(1), 2 * um), last); + s = TEMP(1); + } + else { + s = c; + } + + if((res = mp_int_mod(a, m, TEMP(0))) != MP_OK) goto CLEANUP; + + if((res = s_embar(TEMP(0), b, m, mu, s)) != MP_OK) + goto CLEANUP; + + res = mp_int_copy(s, c); + + CLEANUP: + while(--last >= 0) + mp_int_clear(TEMP(last)); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_redux_const(m, c) */ + +mp_result mp_int_redux_const(mp_int m, mp_int c) +{ + CHECK(m != NULL && c != NULL && m != c); + + return s_brmu(c, m); +} + +/* }}} */ + +/* {{{ mp_int_invmod(a, m, c) */ + +mp_result mp_int_invmod(mp_int a, mp_int m, mp_int c) +{ + mp_result res; + mp_sign sa; + int last = 0; + mpz_t temp[2]; + + CHECK(a != NULL && m != NULL && c != NULL); + + if(CMPZ(a) == 0 || CMPZ(m) <= 0) + return MP_RANGE; + + sa = MP_SIGN(a); /* need this for the result later */ + + for(last = 0; last < 2; ++last) + mp_int_init(TEMP(last)); + + if((res = mp_int_egcd(a, m, TEMP(0), TEMP(1), NULL)) != MP_OK) + goto CLEANUP; + + if(mp_int_compare_value(TEMP(0), 1) != 0) { + res = MP_UNDEF; + goto CLEANUP; + } + + /* It is first necessary to constrain the value to the proper range */ + if((res = mp_int_mod(TEMP(1), m, TEMP(1))) != MP_OK) + goto CLEANUP; + + /* Now, if 'a' was originally negative, the value we have is + actually the magnitude of the negative representative; to get the + positive value we have to subtract from the modulus. Otherwise, + the value is okay as it stands. + */ + if(sa == MP_NEG) + res = mp_int_sub(m, TEMP(1), c); + else + res = mp_int_copy(TEMP(1), c); + + CLEANUP: + while(--last >= 0) + mp_int_clear(TEMP(last)); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_gcd(a, b, c) */ + +/* Binary GCD algorithm due to Josef Stein, 1961 */ +mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c) +{ + int ca, cb, k = 0; + mpz_t u, v, t; + mp_result res; + + CHECK(a != NULL && b != NULL && c != NULL); + + ca = CMPZ(a); + cb = CMPZ(b); + if(ca == 0 && cb == 0) + return MP_UNDEF; + else if(ca == 0) + return mp_int_abs(b, c); + else if(cb == 0) + return mp_int_abs(a, c); + + mp_int_init(&t); + if((res = mp_int_init_copy(&u, a)) != MP_OK) + goto U; + if((res = mp_int_init_copy(&v, b)) != MP_OK) + goto V; + + MP_SIGN(&u) = MP_ZPOS; MP_SIGN(&v) = MP_ZPOS; + + { /* Divide out common factors of 2 from u and v */ + int div2_u = s_dp2k(&u), div2_v = s_dp2k(&v); + + k = MIN(div2_u, div2_v); + s_qdiv(&u, (mp_size) k); + s_qdiv(&v, (mp_size) k); + } + + if(mp_int_is_odd(&u)) { + if((res = mp_int_neg(&v, &t)) != MP_OK) + goto CLEANUP; + } + else { + if((res = mp_int_copy(&u, &t)) != MP_OK) + goto CLEANUP; + } + + for(;;) { + s_qdiv(&t, s_dp2k(&t)); + + if(CMPZ(&t) > 0) { + if((res = mp_int_copy(&t, &u)) != MP_OK) + goto CLEANUP; + } + else { + if((res = mp_int_neg(&t, &v)) != MP_OK) + goto CLEANUP; + } + + if((res = mp_int_sub(&u, &v, &t)) != MP_OK) + goto CLEANUP; + + if(CMPZ(&t) == 0) + break; + } + + if((res = mp_int_abs(&u, c)) != MP_OK) + goto CLEANUP; + if(!s_qmul(c, (mp_size) k)) + res = MP_MEMORY; + + CLEANUP: + mp_int_clear(&v); + V: mp_int_clear(&u); + U: mp_int_clear(&t); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_egcd(a, b, c, x, y) */ + +/* This is the binary GCD algorithm again, but this time we keep track + of the elementary matrix operations as we go, so we can get values + x and y satisfying c = ax + by. + */ +mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, + mp_int x, mp_int y) +{ + int k, last = 0, ca, cb; + mpz_t temp[8]; + mp_result res; + + CHECK(a != NULL && b != NULL && c != NULL && + (x != NULL || y != NULL)); + + ca = CMPZ(a); + cb = CMPZ(b); + if(ca == 0 && cb == 0) + return MP_UNDEF; + else if(ca == 0) { + if((res = mp_int_abs(b, c)) != MP_OK) return res; + mp_int_zero(x); (void) mp_int_set_value(y, 1); return MP_OK; + } + else if(cb == 0) { + if((res = mp_int_abs(a, c)) != MP_OK) return res; + (void) mp_int_set_value(x, 1); mp_int_zero(y); return MP_OK; + } + + /* Initialize temporaries: + A:0, B:1, C:2, D:3, u:4, v:5, ou:6, ov:7 */ + for(last = 0; last < 4; ++last) + mp_int_init(TEMP(last)); + TEMP(0)->digits[0] = 1; + TEMP(3)->digits[0] = 1; + + SETUP(mp_int_init_copy(TEMP(4), a), last); + SETUP(mp_int_init_copy(TEMP(5), b), last); + + /* We will work with absolute values here */ + MP_SIGN(TEMP(4)) = MP_ZPOS; + MP_SIGN(TEMP(5)) = MP_ZPOS; + + { /* Divide out common factors of 2 from u and v */ + int div2_u = s_dp2k(TEMP(4)), div2_v = s_dp2k(TEMP(5)); + + k = MIN(div2_u, div2_v); + s_qdiv(TEMP(4), k); + s_qdiv(TEMP(5), k); + } + + SETUP(mp_int_init_copy(TEMP(6), TEMP(4)), last); + SETUP(mp_int_init_copy(TEMP(7), TEMP(5)), last); + + for(;;) { + while(mp_int_is_even(TEMP(4))) { + s_qdiv(TEMP(4), 1); + + if(mp_int_is_odd(TEMP(0)) || mp_int_is_odd(TEMP(1))) { + if((res = mp_int_add(TEMP(0), TEMP(7), TEMP(0))) != MP_OK) + goto CLEANUP; + if((res = mp_int_sub(TEMP(1), TEMP(6), TEMP(1))) != MP_OK) + goto CLEANUP; + } + + s_qdiv(TEMP(0), 1); + s_qdiv(TEMP(1), 1); + } + + while(mp_int_is_even(TEMP(5))) { + s_qdiv(TEMP(5), 1); + + if(mp_int_is_odd(TEMP(2)) || mp_int_is_odd(TEMP(3))) { + if((res = mp_int_add(TEMP(2), TEMP(7), TEMP(2))) != MP_OK) + goto CLEANUP; + if((res = mp_int_sub(TEMP(3), TEMP(6), TEMP(3))) != MP_OK) + goto CLEANUP; + } + + s_qdiv(TEMP(2), 1); + s_qdiv(TEMP(3), 1); + } + + if(mp_int_compare(TEMP(4), TEMP(5)) >= 0) { + if((res = mp_int_sub(TEMP(4), TEMP(5), TEMP(4))) != MP_OK) goto CLEANUP; + if((res = mp_int_sub(TEMP(0), TEMP(2), TEMP(0))) != MP_OK) goto CLEANUP; + if((res = mp_int_sub(TEMP(1), TEMP(3), TEMP(1))) != MP_OK) goto CLEANUP; + } + else { + if((res = mp_int_sub(TEMP(5), TEMP(4), TEMP(5))) != MP_OK) goto CLEANUP; + if((res = mp_int_sub(TEMP(2), TEMP(0), TEMP(2))) != MP_OK) goto CLEANUP; + if((res = mp_int_sub(TEMP(3), TEMP(1), TEMP(3))) != MP_OK) goto CLEANUP; + } + + if(CMPZ(TEMP(4)) == 0) { + if(x && (res = mp_int_copy(TEMP(2), x)) != MP_OK) goto CLEANUP; + if(y && (res = mp_int_copy(TEMP(3), y)) != MP_OK) goto CLEANUP; + if(c) { + if(!s_qmul(TEMP(5), k)) { + res = MP_MEMORY; + goto CLEANUP; + } + + res = mp_int_copy(TEMP(5), c); + } + + break; + } + } + + CLEANUP: + while(--last >= 0) + mp_int_clear(TEMP(last)); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_divisible_value(a, v) */ + +int mp_int_divisible_value(mp_int a, int v) +{ + int rem = 0; + + if(mp_int_div_value(a, v, NULL, &rem) != MP_OK) + return 0; + + return rem == 0; +} + +/* }}} */ + +/* {{{ mp_int_is_pow2(z) */ + +int mp_int_is_pow2(mp_int z) +{ + CHECK(z != NULL); + + return s_isp2(z); +} + +/* }}} */ + +/* {{{ mp_int_sqrt(a, c) */ + +mp_result mp_int_sqrt(mp_int a, mp_int c) +{ + mp_result res = MP_OK; + mpz_t temp[2]; + int last = 0; + + CHECK(a != NULL && c != NULL); + + /* The square root of a negative value does not exist in the integers. */ + if(MP_SIGN(a) == MP_NEG) + return MP_UNDEF; + + SETUP(mp_int_init_copy(TEMP(last), a), last); + SETUP(mp_int_init(TEMP(last)), last); + + for(;;) { + if((res = mp_int_sqr(TEMP(0), TEMP(1))) != MP_OK) + goto CLEANUP; + + if(mp_int_compare_unsigned(a, TEMP(1)) == 0) break; + + if((res = mp_int_copy(a, TEMP(1))) != MP_OK) + goto CLEANUP; + if((res = mp_int_div(TEMP(1), TEMP(0), TEMP(1), NULL)) != MP_OK) + goto CLEANUP; + if((res = mp_int_add(TEMP(0), TEMP(1), TEMP(1))) != MP_OK) + goto CLEANUP; + if((res = mp_int_div_pow2(TEMP(1), 1, TEMP(1), NULL)) != MP_OK) + goto CLEANUP; + + if(mp_int_compare_unsigned(TEMP(0), TEMP(1)) == 0) break; + if((res = mp_int_sub_value(TEMP(0), 1, TEMP(0))) != MP_OK) goto CLEANUP; + if(mp_int_compare_unsigned(TEMP(0), TEMP(1)) == 0) break; + + if((res = mp_int_copy(TEMP(1), TEMP(0))) != MP_OK) goto CLEANUP; + } + + res = mp_int_copy(TEMP(0), c); + + CLEANUP: + while(--last >= 0) + mp_int_clear(TEMP(last)); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_to_int(z, out) */ + +mp_result mp_int_to_int(mp_int z, int *out) +{ + unsigned int uv = 0; + mp_size uz; + mp_digit *dz; + mp_sign sz; + + CHECK(z != NULL); + + /* Make sure the value is representable as an int */ + sz = MP_SIGN(z); + if((sz == MP_ZPOS && mp_int_compare_value(z, INT_MAX) > 0) || + mp_int_compare_value(z, INT_MIN) < 0) + return MP_RANGE; + + uz = MP_USED(z); + dz = MP_DIGITS(z) + uz - 1; + + while(uz > 0) { + uv <<= MP_DIGIT_BIT/2; + uv = (uv << (MP_DIGIT_BIT/2)) | *dz--; + --uz; + } + + if(out) + *out = (sz == MP_NEG) ? -(int)uv : (int)uv; + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_to_string(z, radix, str, limit) */ + +mp_result mp_int_to_string(mp_int z, mp_size radix, + char *str, int limit) +{ + mp_result res; + int cmp = 0; + + CHECK(z != NULL && str != NULL && limit >= 2); + + if(radix < MP_MIN_RADIX || radix > MP_MAX_RADIX) + return MP_RANGE; + + if(CMPZ(z) == 0) { + *str++ = s_val2ch(0, 1); + } + else { + mpz_t tmp; + char *h, *t; + + if((res = mp_int_init_copy(&tmp, z)) != MP_OK) + return res; + + if(MP_SIGN(z) == MP_NEG) { + *str++ = '-'; + --limit; + } + h = str; + + /* Generate digits in reverse order until finished or limit reached */ + for(/* */; limit > 0; --limit) { + mp_digit d; + + if((cmp = CMPZ(&tmp)) == 0) + break; + + d = s_ddiv(&tmp, (mp_digit)radix); + *str++ = s_val2ch(d, 1); + } + t = str - 1; + + /* Put digits back in correct output order */ + while(h < t) { + char tc = *h; + *h++ = *t; + *t-- = tc; + } + + mp_int_clear(&tmp); + } + + *str = '\0'; + if(cmp == 0) + return MP_OK; + else + return MP_TRUNC; +} + +/* }}} */ + +/* {{{ mp_int_string_len(z, radix) */ + +mp_result mp_int_string_len(mp_int z, mp_size radix) +{ + int len; + + CHECK(z != NULL); + + if(radix < MP_MIN_RADIX || radix > MP_MAX_RADIX) + return MP_RANGE; + + len = s_outlen(z, radix) + 1; /* for terminator */ + + /* Allow for sign marker on negatives */ + if(MP_SIGN(z) == MP_NEG) + len += 1; + + return len; +} + +/* }}} */ + +/* {{{ mp_int_read_string(z, radix, *str) */ + +/* Read zero-terminated string into z */ +mp_result mp_int_read_string(mp_int z, mp_size radix, const char *str) +{ + return mp_int_read_cstring(z, radix, str, NULL); + +} + +/* }}} */ + +/* {{{ mp_int_read_cstring(z, radix, *str, **end) */ + +mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str, char **end) +{ + int ch; + + CHECK(z != NULL && str != NULL); + + if(radix < MP_MIN_RADIX || radix > MP_MAX_RADIX) + return MP_RANGE; + + /* Skip leading whitespace */ + while(isspace((int)*str)) + ++str; + + /* Handle leading sign tag (+/-, positive default) */ + switch(*str) { + case '-': + MP_SIGN(z) = MP_NEG; + ++str; + break; + case '+': + ++str; /* fallthrough */ + default: + MP_SIGN(z) = MP_ZPOS; + break; + } + + /* Skip leading zeroes */ + while((ch = s_ch2val(*str, radix)) == 0) + ++str; + + /* Make sure there is enough space for the value */ + if(!s_pad(z, s_inlen(strlen(str), radix))) + return MP_MEMORY; + + MP_USED(z) = 1; z->digits[0] = 0; + + while(*str != '\0' && ((ch = s_ch2val(*str, radix)) >= 0)) { + s_dmul(z, (mp_digit)radix); + s_dadd(z, (mp_digit)ch); + ++str; + } + + CLAMP(z); + + /* Override sign for zero, even if negative specified. */ + if(CMPZ(z) == 0) + MP_SIGN(z) = MP_ZPOS; + + if(end != NULL) + *end = (char *)str; + + /* Return a truncation error if the string has unprocessed + characters remaining, so the caller can tell if the whole string + was done */ + if(*str != '\0') + return MP_TRUNC; + else + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_count_bits(z) */ + +mp_result mp_int_count_bits(mp_int z) +{ + mp_size nbits = 0, uz; + mp_digit d; + + CHECK(z != NULL); + + uz = MP_USED(z); + if(uz == 1 && z->digits[0] == 0) + return 1; + + --uz; + nbits = uz * MP_DIGIT_BIT; + d = z->digits[uz]; + + while(d != 0) { + d >>= 1; + ++nbits; + } + + return nbits; +} + +/* }}} */ + +/* {{{ mp_int_to_binary(z, buf, limit) */ + +mp_result mp_int_to_binary(mp_int z, unsigned char *buf, int limit) +{ + static const int PAD_FOR_2C = 1; + + mp_result res; + int limpos = limit; + + CHECK(z != NULL && buf != NULL); + + res = s_tobin(z, buf, &limpos, PAD_FOR_2C); + + if(MP_SIGN(z) == MP_NEG) + s_2comp(buf, limpos); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_read_binary(z, buf, len) */ + +mp_result mp_int_read_binary(mp_int z, unsigned char *buf, int len) +{ + mp_size need, i; + unsigned char *tmp; + mp_digit *dz; + + CHECK(z != NULL && buf != NULL && len > 0); + + /* Figure out how many digits are needed to represent this value */ + need = ((len * CHAR_BIT) + (MP_DIGIT_BIT - 1)) / MP_DIGIT_BIT; + if(!s_pad(z, need)) + return MP_MEMORY; + + mp_int_zero(z); + + /* If the high-order bit is set, take the 2's complement before + reading the value (it will be restored afterward) */ + if(buf[0] >> (CHAR_BIT - 1)) { + MP_SIGN(z) = MP_NEG; + s_2comp(buf, len); + } + + dz = MP_DIGITS(z); + for(tmp = buf, i = len; i > 0; --i, ++tmp) { + s_qmul(z, (mp_size) CHAR_BIT); + *dz |= *tmp; + } + + /* Restore 2's complement if we took it before */ + if(MP_SIGN(z) == MP_NEG) + s_2comp(buf, len); + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_binary_len(z) */ + +mp_result mp_int_binary_len(mp_int z) +{ + mp_result res = mp_int_count_bits(z); + int bytes = mp_int_unsigned_len(z); + + if(res <= 0) + return res; + + bytes = (res + (CHAR_BIT - 1)) / CHAR_BIT; + + /* If the highest-order bit falls exactly on a byte boundary, we + need to pad with an extra byte so that the sign will be read + correctly when reading it back in. */ + if(bytes * CHAR_BIT == res) + ++bytes; + + return bytes; +} + +/* }}} */ + +/* {{{ mp_int_to_unsigned(z, buf, limit) */ + +mp_result mp_int_to_unsigned(mp_int z, unsigned char *buf, int limit) +{ + static const int NO_PADDING = 0; + + CHECK(z != NULL && buf != NULL); + + return s_tobin(z, buf, &limit, NO_PADDING); +} + +/* }}} */ + +/* {{{ mp_int_read_unsigned(z, buf, len) */ + +mp_result mp_int_read_unsigned(mp_int z, unsigned char *buf, int len) +{ + mp_size need, i; + unsigned char *tmp; + mp_digit *dz; + + CHECK(z != NULL && buf != NULL && len > 0); + + /* Figure out how many digits are needed to represent this value */ + need = ((len * CHAR_BIT) + (MP_DIGIT_BIT - 1)) / MP_DIGIT_BIT; + if(!s_pad(z, need)) + return MP_MEMORY; + + mp_int_zero(z); + + dz = MP_DIGITS(z); + for(tmp = buf, i = len; i > 0; --i, ++tmp) { + (void) s_qmul(z, CHAR_BIT); + *dz |= *tmp; + } + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_unsigned_len(z) */ + +mp_result mp_int_unsigned_len(mp_int z) +{ + mp_result res = mp_int_count_bits(z); + int bytes; + + if(res <= 0) + return res; + + bytes = (res + (CHAR_BIT - 1)) / CHAR_BIT; + + return bytes; +} + +/* }}} */ + +/* {{{ mp_error_string(res) */ + +const char *mp_error_string(mp_result res) +{ + int ix; + if(res > 0) + return s_unknown_err; + + res = -res; + for(ix = 0; ix < res && s_error_msg[ix] != NULL; ++ix) + ; + + if(s_error_msg[ix] != NULL) + return s_error_msg[ix]; + else + return s_unknown_err; +} + +/* }}} */ + +/*------------------------------------------------------------------------*/ +/* Private functions for internal use. These make assumptions. */ + +/* {{{ s_alloc(num) */ + +static mp_digit *s_alloc(mp_size num) +{ + mp_digit *out = malloc(num * sizeof(mp_digit)); + + assert(out != NULL); /* for debugging */ + + return out; +} + +/* }}} */ + +/* {{{ s_realloc(old, num) */ + +static mp_digit *s_realloc(mp_digit *old, mp_size num) +{ + mp_digit *new = realloc(old, num * sizeof(mp_digit)); + + assert(new != NULL); /* for debugging */ + + return new; +} + +/* }}} */ + +/* {{{ s_free(ptr) */ + +#if TRACEABLE_FREE +static void s_free(void *ptr) +{ + free(ptr); +} +#endif + +/* }}} */ + +/* {{{ s_pad(z, min) */ + +int s_pad(mp_int z, mp_size min) +{ + if(MP_ALLOC(z) < min) { + mp_size nsize = ROUND_PREC(min); + mp_digit *tmp; + + if((void *)z->digits == (void *)z) { + if((tmp = s_alloc(nsize)) == NULL) + return 0; + + COPY(MP_DIGITS(z), tmp, MP_USED(z)); + } + else if((tmp = s_realloc(MP_DIGITS(z), nsize)) == NULL) + return 0; + + MP_DIGITS(z) = tmp; + MP_ALLOC(z) = nsize; + } + + return 1; +} + +/* }}} */ + +/* {{{ s_clamp(z) */ + +#if TRACEABLE_CLAMP +static void s_clamp(mp_int z) +{ + mp_size uz = MP_USED(z); + mp_digit *zd = MP_DIGITS(z) + uz - 1; + + while(uz > 1 && (*zd-- == 0)) + --uz; + + MP_USED(z) = uz; +} +#endif + +/* }}} */ + +/* {{{ s_fake(z, value, vbuf) */ + +static void s_fake(mp_int z, int value, mp_digit vbuf[]) +{ + mp_size uv = (mp_size) s_vpack(value, vbuf); + + z->used = uv; + z->alloc = MP_VALUE_DIGITS(value); + z->sign = (value < 0) ? MP_NEG : MP_ZPOS; + z->digits = vbuf; +} + +/* }}} */ + +/* {{{ s_cdig(da, db, len) */ + +static int s_cdig(mp_digit *da, mp_digit *db, mp_size len) +{ + mp_digit *dat = da + len - 1, *dbt = db + len - 1; + + for(/* */; len != 0; --len, --dat, --dbt) { + if(*dat > *dbt) + return 1; + else if(*dat < *dbt) + return -1; + } + + return 0; +} + +/* }}} */ + +/* {{{ s_vpack(v, t[]) */ + +static int s_vpack(int v, mp_digit t[]) +{ + unsigned int uv = (unsigned int)((v < 0) ? -v : v); + int ndig = 0; + + if(uv == 0) + t[ndig++] = 0; + else { + while(uv != 0) { + t[ndig++] = (mp_digit) uv; + uv >>= MP_DIGIT_BIT/2; + uv >>= MP_DIGIT_BIT/2; + } + } + + return ndig; +} + +/* }}} */ + +/* {{{ s_ucmp(a, b) */ + +static int s_ucmp(mp_int a, mp_int b) +{ + mp_size ua = MP_USED(a), ub = MP_USED(b); + + if(ua > ub) + return 1; + else if(ub > ua) + return -1; + else + return s_cdig(MP_DIGITS(a), MP_DIGITS(b), ua); +} + +/* }}} */ + +/* {{{ s_vcmp(a, v) */ + +static int s_vcmp(mp_int a, int v) +{ + mp_digit vdig[MP_VALUE_DIGITS(v)]; + int ndig = 0; + mp_size ua = MP_USED(a); + + ndig = s_vpack(v, vdig); + + if(ua > ndig) + return 1; + else if(ua < ndig) + return -1; + else + return s_cdig(MP_DIGITS(a), vdig, ndig); +} + +/* }}} */ + +/* {{{ s_uadd(da, db, dc, size_a, size_b) */ + +static mp_digit s_uadd(mp_digit *da, mp_digit *db, mp_digit *dc, + mp_size size_a, mp_size size_b) +{ + mp_size pos; + mp_word w = 0; + + /* Insure that da is the longer of the two to simplify later code */ + if(size_b > size_a) { + SWAP(mp_digit *, da, db); + SWAP(mp_size, size_a, size_b); + } + + /* Add corresponding digits until the shorter number runs out */ + for(pos = 0; pos < size_b; ++pos, ++da, ++db, ++dc) { + w = w + (mp_word) *da + (mp_word) *db; + *dc = LOWER_HALF(w); + w = UPPER_HALF(w); + } + + /* Propagate carries as far as necessary */ + for(/* */; pos < size_a; ++pos, ++da, ++dc) { + w = w + *da; + + *dc = LOWER_HALF(w); + w = UPPER_HALF(w); + } + + /* Return carry out */ + return (mp_digit)w; +} + +/* }}} */ + +/* {{{ s_usub(da, db, dc, size_a, size_b) */ + +static void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc, + mp_size size_a, mp_size size_b) +{ + mp_size pos; + mp_word w = 0; + + /* We assume that |a| >= |b| so this should definitely hold */ + assert(size_a >= size_b); + + /* Subtract corresponding digits and propagate borrow */ + for(pos = 0; pos < size_b; ++pos, ++da, ++db, ++dc) { + w = ((mp_word)MP_DIGIT_MAX + 1 + /* MP_RADIX */ + (mp_word)*da) - w - (mp_word)*db; + + *dc = LOWER_HALF(w); + w = (UPPER_HALF(w) == 0); + } + + /* Finish the subtraction for remaining upper digits of da */ + for(/* */; pos < size_a; ++pos, ++da, ++dc) { + w = ((mp_word)MP_DIGIT_MAX + 1 + /* MP_RADIX */ + (mp_word)*da) - w; + + *dc = LOWER_HALF(w); + w = (UPPER_HALF(w) == 0); + } + + /* If there is a borrow out at the end, it violates the precondition */ + assert(w == 0); +} + +/* }}} */ + +/* {{{ s_kmul(da, db, dc, size_a, size_b) */ + +static int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc, + mp_size size_a, mp_size size_b) +{ + mp_size bot_size; + + /* Make sure b is the smaller of the two input values */ + if(size_b > size_a) { + SWAP(mp_digit *, da, db); + SWAP(mp_size, size_a, size_b); + } + + /* Insure that the bottom is the larger half in an odd-length split; + the code below relies on this being true. + */ + bot_size = (size_a + 1) / 2; + + /* If the values are big enough to bother with recursion, use the + Karatsuba algorithm to compute the product; otherwise use the + normal multiplication algorithm + */ + if(multiply_threshold && + size_a >= multiply_threshold && + size_b > bot_size) { + + mp_digit *t1, *t2, *t3, carry; + + mp_digit *a_top = da + bot_size; + mp_digit *b_top = db + bot_size; + + mp_size at_size = size_a - bot_size; + mp_size bt_size = size_b - bot_size; + mp_size buf_size = 2 * bot_size; + + /* Do a single allocation for all three temporary buffers needed; + each buffer must be big enough to hold the product of two + bottom halves, and one buffer needs space for the completed + product; twice the space is plenty. + */ + if((t1 = s_alloc(4 * buf_size)) == NULL) return 0; + t2 = t1 + buf_size; + t3 = t2 + buf_size; + ZERO(t1, 4 * buf_size); + + /* t1 and t2 are initially used as temporaries to compute the inner product + (a1 + a0)(b1 + b0) = a1b1 + a1b0 + a0b1 + a0b0 + */ + carry = s_uadd(da, a_top, t1, bot_size, at_size); /* t1 = a1 + a0 */ + t1[bot_size] = carry; + + carry = s_uadd(db, b_top, t2, bot_size, bt_size); /* t2 = b1 + b0 */ + t2[bot_size] = carry; + + (void) s_kmul(t1, t2, t3, bot_size + 1, bot_size + 1); /* t3 = t1 * t2 */ + + /* Now we'll get t1 = a0b0 and t2 = a1b1, and subtract them out so that + we're left with only the pieces we want: t3 = a1b0 + a0b1 + */ + ZERO(t1, bot_size + 1); + ZERO(t2, bot_size + 1); + (void) s_kmul(da, db, t1, bot_size, bot_size); /* t1 = a0 * b0 */ + (void) s_kmul(a_top, b_top, t2, at_size, bt_size); /* t2 = a1 * b1 */ + + /* Subtract out t1 and t2 to get the inner product */ + s_usub(t3, t1, t3, buf_size + 2, buf_size); + s_usub(t3, t2, t3, buf_size + 2, buf_size); + + /* Assemble the output value */ + COPY(t1, dc, buf_size); + (void) s_uadd(t3, dc + bot_size, dc + bot_size, + buf_size + 1, buf_size + 1); + + (void) s_uadd(t2, dc + 2*bot_size, dc + 2*bot_size, + buf_size, buf_size); + + s_free(t1); /* note t2 and t3 are just internal pointers to t1 */ + } + else { + s_umul(da, db, dc, size_a, size_b); + } + + return 1; +} + +/* }}} */ + +/* {{{ s_umul(da, db, dc, size_a, size_b) */ + +static void s_umul(mp_digit *da, mp_digit *db, mp_digit *dc, + mp_size size_a, mp_size size_b) +{ + mp_size a, b; + mp_word w; + + for(a = 0; a < size_a; ++a, ++dc, ++da) { + mp_digit *dct = dc; + mp_digit *dbt = db; + + if(*da == 0) + continue; + + w = 0; + for(b = 0; b < size_b; ++b, ++dbt, ++dct) { + w = (mp_word)*da * (mp_word)*dbt + w + (mp_word)*dct; + + *dct = LOWER_HALF(w); + w = UPPER_HALF(w); + } + + *dct = (mp_digit)w; + } +} + +/* }}} */ + +/* {{{ s_ksqr(da, dc, size_a) */ + +static int s_ksqr(mp_digit *da, mp_digit *dc, mp_size size_a) +{ + if(multiply_threshold && size_a > multiply_threshold) { + mp_size bot_size = (size_a + 1) / 2; + mp_digit *a_top = da + bot_size; + mp_digit *t1, *t2, *t3; + mp_size at_size = size_a - bot_size; + mp_size buf_size = 2 * bot_size; + + if((t1 = s_alloc(4 * buf_size)) == NULL) return 0; + t2 = t1 + buf_size; + t3 = t2 + buf_size; + ZERO(t1, 4 * buf_size); + + (void) s_ksqr(da, t1, bot_size); /* t1 = a0 ^ 2 */ + (void) s_ksqr(a_top, t2, at_size); /* t2 = a1 ^ 2 */ + + (void) s_kmul(da, a_top, t3, bot_size, at_size); /* t3 = a0 * a1 */ + + /* Quick multiply t3 by 2, shifting left (can't overflow) */ + { + int i, top = bot_size + at_size; + mp_word w, save = 0; + + for(i = 0; i < top; ++i) { + w = t3[i]; + w = (w << 1) | save; + t3[i] = LOWER_HALF(w); + save = UPPER_HALF(w); + } + t3[i] = LOWER_HALF(save); + } + + /* Assemble the output value */ + COPY(t1, dc, 2 * bot_size); + (void) s_uadd(t3, dc + bot_size, dc + bot_size, + buf_size + 1, buf_size + 1); + + (void) s_uadd(t2, dc + 2*bot_size, dc + 2*bot_size, + buf_size, buf_size); + + free(t1); /* note that t2 and t2 are internal pointers only */ + + } + else { + s_usqr(da, dc, size_a); + } + + return 1; +} + +/* }}} */ + +/* {{{ s_usqr(da, dc, size_a) */ + +static void s_usqr(mp_digit *da, mp_digit *dc, mp_size size_a) +{ + mp_size i, j; + mp_word w; + + for(i = 0; i < size_a; ++i, dc += 2, ++da) { + mp_digit *dct = dc, *dat = da; + + if(*da == 0) + continue; + + /* Take care of the first digit, no rollover */ + w = (mp_word)*dat * (mp_word)*dat + (mp_word)*dct; + *dct = LOWER_HALF(w); + w = UPPER_HALF(w); + ++dat; ++dct; + + for(j = i + 1; j < size_a; ++j, ++dat, ++dct) { + mp_word t = (mp_word)*da * (mp_word)*dat; + mp_word u = w + (mp_word)*dct, ov = 0; + + /* Check if doubling t will overflow a word */ + if(HIGH_BIT_SET(t)) + ov = 1; + + w = t + t; + + /* Check if adding u to w will overflow a word */ + if(ADD_WILL_OVERFLOW(w, u)) + ov = 1; + + w += u; + + *dct = LOWER_HALF(w); + w = UPPER_HALF(w); + if(ov) { + w += MP_DIGIT_MAX; /* MP_RADIX */ + ++w; + } + } + + w = w + *dct; + *dct = (mp_digit)w; + while((w = UPPER_HALF(w)) != 0) { + ++dct; w = w + *dct; + *dct = LOWER_HALF(w); + } + + assert(w == 0); + } +} + +/* }}} */ + +/* {{{ s_dadd(a, b) */ + +static void s_dadd(mp_int a, mp_digit b) +{ + mp_word w = 0; + mp_digit *da = MP_DIGITS(a); + mp_size ua = MP_USED(a); + + w = (mp_word)*da + b; + *da++ = LOWER_HALF(w); + w = UPPER_HALF(w); + + for(ua -= 1; ua > 0; --ua, ++da) { + w = (mp_word)*da + w; + + *da = LOWER_HALF(w); + w = UPPER_HALF(w); + } + + if(w) { + *da = (mp_digit)w; + MP_USED(a) += 1; + } +} + +/* }}} */ + +/* {{{ s_dmul(a, b) */ + +static void s_dmul(mp_int a, mp_digit b) +{ + mp_word w = 0; + mp_digit *da = MP_DIGITS(a); + mp_size ua = MP_USED(a); + + while(ua > 0) { + w = (mp_word)*da * b + w; + *da++ = LOWER_HALF(w); + w = UPPER_HALF(w); + --ua; + } + + if(w) { + *da = (mp_digit)w; + MP_USED(a) += 1; + } +} + +/* }}} */ + +/* {{{ s_dbmul(da, b, dc, size_a) */ + +static void s_dbmul(mp_digit *da, mp_digit b, mp_digit *dc, mp_size size_a) +{ + mp_word w = 0; + + while(size_a > 0) { + w = (mp_word)*da++ * (mp_word)b + w; + + *dc++ = LOWER_HALF(w); + w = UPPER_HALF(w); + --size_a; + } + + if(w) + *dc = LOWER_HALF(w); +} + +/* }}} */ + +/* {{{ s_ddiv(da, d, dc, size_a) */ + +static mp_digit s_ddiv(mp_int a, mp_digit b) +{ + mp_word w = 0, qdigit; + mp_size ua = MP_USED(a); + mp_digit *da = MP_DIGITS(a) + ua - 1; + + for(/* */; ua > 0; --ua, --da) { + w = (w << MP_DIGIT_BIT) | *da; + + if(w >= b) { + qdigit = w / b; + w = w % b; + } + else { + qdigit = 0; + } + + *da = (mp_digit)qdigit; + } + + CLAMP(a); + return (mp_digit)w; +} + +/* }}} */ + +/* {{{ s_qdiv(z, p2) */ + +static void s_qdiv(mp_int z, mp_size p2) +{ + mp_size ndig = p2 / MP_DIGIT_BIT, nbits = p2 % MP_DIGIT_BIT; + mp_size uz = MP_USED(z); + + if(ndig) { + mp_size mark; + mp_digit *to, *from; + + if(ndig >= uz) { + mp_int_zero(z); + return; + } + + to = MP_DIGITS(z); from = to + ndig; + + for(mark = ndig; mark < uz; ++mark) + *to++ = *from++; + + MP_USED(z) = uz - ndig; + } + + if(nbits) { + mp_digit d = 0, *dz, save; + mp_size up = MP_DIGIT_BIT - nbits; + + uz = MP_USED(z); + dz = MP_DIGITS(z) + uz - 1; + + for(/* */; uz > 0; --uz, --dz) { + save = *dz; + + *dz = (*dz >> nbits) | (d << up); + d = save; + } + + CLAMP(z); + } + + if(MP_USED(z) == 1 && z->digits[0] == 0) + MP_SIGN(z) = MP_ZPOS; +} + +/* }}} */ + +/* {{{ s_qmod(z, p2) */ + +static void s_qmod(mp_int z, mp_size p2) +{ + mp_size start = p2 / MP_DIGIT_BIT + 1, rest = p2 % MP_DIGIT_BIT; + mp_size uz = MP_USED(z); + mp_digit mask = (1 << rest) - 1; + + if(start <= uz) { + MP_USED(z) = start; + z->digits[start - 1] &= mask; + CLAMP(z); + } +} + +/* }}} */ + +/* {{{ s_qmul(z, p2) */ + +static int s_qmul(mp_int z, mp_size p2) +{ + mp_size uz, need, rest, extra, i; + mp_digit *from, *to, d; + + if(p2 == 0) + return 1; + + uz = MP_USED(z); + need = p2 / MP_DIGIT_BIT; rest = p2 % MP_DIGIT_BIT; + + /* Figure out if we need an extra digit at the top end; this occurs + if the topmost `rest' bits of the high-order digit of z are not + zero, meaning they will be shifted off the end if not preserved */ + extra = 0; + if(rest != 0) { + mp_digit *dz = MP_DIGITS(z) + uz - 1; + + if((*dz >> (MP_DIGIT_BIT - rest)) != 0) + extra = 1; + } + + if(!s_pad(z, uz + need + extra)) + return 0; + + /* If we need to shift by whole digits, do that in one pass, then + to back and shift by partial digits. + */ + if(need > 0) { + from = MP_DIGITS(z) + uz - 1; + to = from + need; + + for(i = 0; i < uz; ++i) + *to-- = *from--; + + ZERO(MP_DIGITS(z), need); + uz += need; + } + + if(rest) { + d = 0; + for(i = need, from = MP_DIGITS(z) + need; i < uz; ++i, ++from) { + mp_digit save = *from; + + *from = (*from << rest) | (d >> (MP_DIGIT_BIT - rest)); + d = save; + } + + d >>= (MP_DIGIT_BIT - rest); + if(d != 0) { + *from = d; + uz += extra; + } + } + + MP_USED(z) = uz; + CLAMP(z); + + return 1; +} + +/* }}} */ + +/* {{{ s_qsub(z, p2) */ + +/* Subtract |z| from 2^p2, assuming 2^p2 > |z|, and set z to be positive */ +static int s_qsub(mp_int z, mp_size p2) +{ + mp_digit hi = (1 << (p2 % MP_DIGIT_BIT)), *zp; + mp_size tdig = (p2 / MP_DIGIT_BIT), pos; + mp_word w = 0; + + if(!s_pad(z, tdig + 1)) + return 0; + + for(pos = 0, zp = MP_DIGITS(z); pos < tdig; ++pos, ++zp) { + w = ((mp_word) MP_DIGIT_MAX + 1) - w - (mp_word)*zp; + + *zp = LOWER_HALF(w); + w = UPPER_HALF(w) ? 0 : 1; + } + + w = ((mp_word) MP_DIGIT_MAX + 1 + hi) - w - (mp_word)*zp; + *zp = LOWER_HALF(w); + + assert(UPPER_HALF(w) != 0); /* no borrow out should be possible */ + + MP_SIGN(z) = MP_ZPOS; + CLAMP(z); + + return 1; +} + +/* }}} */ + +/* {{{ s_dp2k(z) */ + +static int s_dp2k(mp_int z) +{ + int k = 0; + mp_digit *dp = MP_DIGITS(z), d; + + if(MP_USED(z) == 1 && *dp == 0) + return 1; + + while(*dp == 0) { + k += MP_DIGIT_BIT; + ++dp; + } + + d = *dp; + while((d & 1) == 0) { + d >>= 1; + ++k; + } + + return k; +} + +/* }}} */ + +/* {{{ s_isp2(z) */ + +static int s_isp2(mp_int z) +{ + mp_size uz = MP_USED(z), k = 0; + mp_digit *dz = MP_DIGITS(z), d; + + while(uz > 1) { + if(*dz++ != 0) + return -1; + k += MP_DIGIT_BIT; + --uz; + } + + d = *dz; + while(d > 1) { + if(d & 1) + return -1; + ++k; d >>= 1; + } + + return (int) k; +} + +/* }}} */ + +/* {{{ s_2expt(z, k) */ + +static int s_2expt(mp_int z, int k) +{ + mp_size ndig, rest; + mp_digit *dz; + + ndig = (k + MP_DIGIT_BIT) / MP_DIGIT_BIT; + rest = k % MP_DIGIT_BIT; + + if(!s_pad(z, ndig)) + return 0; + + dz = MP_DIGITS(z); + ZERO(dz, ndig); + *(dz + ndig - 1) = (1 << rest); + MP_USED(z) = ndig; + + return 1; +} + +/* }}} */ + +/* {{{ s_norm(a, b) */ + +static int s_norm(mp_int a, mp_int b) +{ + mp_digit d = b->digits[MP_USED(b) - 1]; + int k = 0; + + while(d < (mp_digit) (1 << (MP_DIGIT_BIT - 1))) { /* d < (MP_RADIX / 2) */ + d <<= 1; + ++k; + } + + /* These multiplications can't fail */ + if(k != 0) { + (void) s_qmul(a, (mp_size) k); + (void) s_qmul(b, (mp_size) k); + } + + return k; +} + +/* }}} */ + +/* {{{ s_brmu(z, m) */ + +static mp_result s_brmu(mp_int z, mp_int m) +{ + mp_size um = MP_USED(m) * 2; + + if(!s_pad(z, um)) + return MP_MEMORY; + + s_2expt(z, MP_DIGIT_BIT * um); + return mp_int_div(z, m, z, NULL); +} + +/* }}} */ + +/* {{{ s_reduce(x, m, mu, q1, q2) */ + +static int s_reduce(mp_int x, mp_int m, mp_int mu, mp_int q1, mp_int q2) +{ + mp_size um = MP_USED(m), umb_p1, umb_m1; + + umb_p1 = (um + 1) * MP_DIGIT_BIT; + umb_m1 = (um - 1) * MP_DIGIT_BIT; + + if(mp_int_copy(x, q1) != MP_OK) + return 0; + + /* Compute q2 = floor((floor(x / b^(k-1)) * mu) / b^(k+1)) */ + s_qdiv(q1, umb_m1); + UMUL(q1, mu, q2); + s_qdiv(q2, umb_p1); + + /* Set x = x mod b^(k+1) */ + s_qmod(x, umb_p1); + + /* Now, q is a guess for the quotient a / m. + Compute x - q * m mod b^(k+1), replacing x. This may be off + by a factor of 2m, but no more than that. + */ + UMUL(q2, m, q1); + s_qmod(q1, umb_p1); + (void) mp_int_sub(x, q1, x); /* can't fail */ + + /* The result may be < 0; if it is, add b^(k+1) to pin it in the + proper range. */ + if((CMPZ(x) < 0) && !s_qsub(x, umb_p1)) + return 0; + + /* If x > m, we need to back it off until it is in range. + This will be required at most twice. */ + if(mp_int_compare(x, m) >= 0) + (void) mp_int_sub(x, m, x); + if(mp_int_compare(x, m) >= 0) + (void) mp_int_sub(x, m, x); + + /* At this point, x has been properly reduced. */ + return 1; +} + +/* }}} */ + +/* {{{ s_embar(a, b, m, mu, c) */ + +/* Perform modular exponentiation using Barrett's method, where mu is + the reduction constant for m. Assumes a < m, b > 0. */ +mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c) +{ + mp_digit *db, *dbt, umu, d; + mpz_t temp[3]; + mp_result res; + int last = 0; + + umu = MP_USED(mu); db = MP_DIGITS(b); dbt = db + MP_USED(b) - 1; + + while(last < 3) + SETUP(mp_int_init_size(TEMP(last), 4 * umu), last); + + (void) mp_int_set_value(c, 1); + + /* Take care of low-order digits */ + while(db < dbt) { + int i; + + for(d = *db, i = MP_DIGIT_BIT; i > 0; --i, d >>= 1) { + if(d & 1) { + /* The use of a second temporary avoids allocation */ + UMUL(c, a, TEMP(0)); + if(!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) { + res = MP_MEMORY; goto CLEANUP; + } + mp_int_copy(TEMP(0), c); + } + + + USQR(a, TEMP(0)); + assert(MP_SIGN(TEMP(0)) == MP_ZPOS); + if(!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) { + res = MP_MEMORY; goto CLEANUP; + } + assert(MP_SIGN(TEMP(0)) == MP_ZPOS); + mp_int_copy(TEMP(0), a); + + + } + + ++db; + } + + /* Take care of highest-order digit */ + d = *dbt; + for(;;) { + if(d & 1) { + UMUL(c, a, TEMP(0)); + if(!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) { + res = MP_MEMORY; goto CLEANUP; + } + mp_int_copy(TEMP(0), c); + } + + d >>= 1; + if(!d) break; + + USQR(a, TEMP(0)); + if(!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) { + res = MP_MEMORY; goto CLEANUP; + } + (void) mp_int_copy(TEMP(0), a); + } + + CLEANUP: + while(--last >= 0) + mp_int_clear(TEMP(last)); + + return res; +} + +/* }}} */ + +/* {{{ s_udiv(a, b) */ + +/* Precondition: a >= b and b > 0 + Postcondition: a' = a / b, b' = a % b + */ +static mp_result s_udiv(mp_int a, mp_int b) +{ + mpz_t q, r, t; + mp_size ua, ub, qpos = 0; + mp_digit *da, btop; + mp_result res = MP_OK; + int k, skip = 0; + + /* Force signs to positive */ + MP_SIGN(a) = MP_ZPOS; + MP_SIGN(b) = MP_ZPOS; + + /* Normalize, per Knuth */ + k = s_norm(a, b); + + ua = MP_USED(a); ub = MP_USED(b); btop = b->digits[ub - 1]; + if((res = mp_int_init_size(&q, ua)) != MP_OK) return res; + if((res = mp_int_init_size(&t, ua + 1)) != MP_OK) goto CLEANUP; + + da = MP_DIGITS(a); + r.digits = da + ua - 1; /* The contents of r are shared with a */ + r.used = 1; + r.sign = MP_ZPOS; + r.alloc = MP_ALLOC(a); + ZERO(t.digits, t.alloc); + + /* Solve for quotient digits, store in q.digits in reverse order */ + while(r.digits >= da) { + if (qpos > q.alloc) { + char buf[1024]; + printf("qpos = %d q.alloc = %d da = %d ua = %d\n", + (int)qpos, (int)q.alloc, (int)da, (int)ua); + mp_int_to_string(a, 10, buf, sizeof(buf)); + printf("a = %s\n", buf); + mp_int_to_string(b, 10, buf, sizeof(buf)); + printf("b = %s\n", buf); + assert(qpos <= q.alloc); + } + + if(s_ucmp(b, &r) > 0) { + r.digits -= 1; + r.used += 1; + + if(++skip > 1) + q.digits[qpos++] = 0; + + CLAMP(&r); + } + else { + mp_word pfx = r.digits[r.used - 1]; + mp_word qdigit; + + if(r.used > 1 && (pfx < btop || r.digits[r.used - 2] == 0)) { + pfx <<= MP_DIGIT_BIT / 2; + pfx <<= MP_DIGIT_BIT / 2; + pfx |= r.digits[r.used - 2]; + } + + qdigit = pfx / btop; + if(qdigit > MP_DIGIT_MAX) + qdigit = 1; + + s_dbmul(MP_DIGITS(b), (mp_digit) qdigit, t.digits, ub); + t.used = ub + 1; CLAMP(&t); + while(s_ucmp(&t, &r) > 0) { + --qdigit; + (void) mp_int_sub(&t, b, &t); /* cannot fail */ + } + + s_usub(r.digits, t.digits, r.digits, r.used, t.used); + CLAMP(&r); + + q.digits[qpos++] = (mp_digit) qdigit; + ZERO(t.digits, t.used); + skip = 0; + } + } + + /* Put quotient digits in the correct order, and discard extra zeroes */ + q.used = qpos; + REV(mp_digit, q.digits, qpos); + CLAMP(&q); + + /* Denormalize the remainder */ + CLAMP(a); + if(k != 0) + s_qdiv(a, k); + + mp_int_copy(a, b); /* ok: 0 <= r < b */ + mp_int_copy(&q, a); /* ok: q <= a */ + + mp_int_clear(&t); + CLEANUP: + mp_int_clear(&q); + return res; +} + +/* }}} */ + +/* {{{ s_outlen(z, r) */ + +/* Precondition: 2 <= r < 64 */ +static int s_outlen(mp_int z, mp_size r) +{ + mp_result bits; + double raw; + + bits = mp_int_count_bits(z); + raw = (double)bits * s_log2[r]; + + return (int)(raw + 0.999999); +} + +/* }}} */ + +/* {{{ s_inlen(len, r) */ + +static mp_size s_inlen(int len, mp_size r) +{ + double raw = (double)len / s_log2[r]; + mp_size bits = (mp_size)(raw + 0.5); + + return (mp_size)((bits + (MP_DIGIT_BIT - 1)) / MP_DIGIT_BIT); +} + +/* }}} */ + +/* {{{ s_ch2val(c, r) */ + +static int s_ch2val(char c, int r) +{ + int out; + + if(isdigit((unsigned char) c)) + out = c - '0'; + else if(r > 10 && isalpha((unsigned char) c)) + out = toupper(c) - 'A' + 10; + else + return -1; + + return (out >= r) ? -1 : out; +} + +/* }}} */ + +/* {{{ s_val2ch(v, caps) */ + +static char s_val2ch(int v, int caps) +{ + assert(v >= 0); + + if(v < 10) + return v + '0'; + else { + char out = (v - 10) + 'a'; + + if(caps) + return toupper(out); + else + return out; + } +} + +/* }}} */ + +/* {{{ s_2comp(buf, len) */ + +static void s_2comp(unsigned char *buf, int len) +{ + int i; + unsigned short s = 1; + + for(i = len - 1; i >= 0; --i) { + unsigned char c = ~buf[i]; + + s = c + s; + c = s & UCHAR_MAX; + s >>= CHAR_BIT; + + buf[i] = c; + } + + /* last carry out is ignored */ +} + +/* }}} */ + +/* {{{ s_tobin(z, buf, *limpos) */ + +static mp_result s_tobin(mp_int z, unsigned char *buf, int *limpos, int pad) +{ + mp_size uz; + mp_digit *dz; + int pos = 0, limit = *limpos; + + uz = MP_USED(z); dz = MP_DIGITS(z); + while(uz > 0 && pos < limit) { + mp_digit d = *dz++; + int i; + + for(i = sizeof(mp_digit); i > 0 && pos < limit; --i) { + buf[pos++] = (unsigned char)d; + d >>= CHAR_BIT; + + /* Don't write leading zeroes */ + if(d == 0 && uz == 1) + i = 0; /* exit loop without signaling truncation */ + } + + /* Detect truncation (loop exited with pos >= limit) */ + if(i > 0) break; + + --uz; + } + + if(pad != 0 && (buf[pos - 1] >> (CHAR_BIT - 1))) { + if(pos < limit) + buf[pos++] = 0; + else + uz = 1; + } + + /* Digits are in reverse order, fix that */ + REV(unsigned char, buf, pos); + + /* Return the number of bytes actually written */ + *limpos = pos; + + return (uz == 0) ? MP_OK : MP_TRUNC; +} + +/* }}} */ + +/* {{{ s_print(tag, z) */ + +#if DEBUG +void s_print(char *tag, mp_int z) +{ + int i; + + fprintf(stderr, "%s: %c ", tag, + (MP_SIGN(z) == MP_NEG) ? '-' : '+'); + + for(i = MP_USED(z) - 1; i >= 0; --i) + fprintf(stderr, "%0*X", (int)(MP_DIGIT_BIT / 4), z->digits[i]); + + fputc('\n', stderr); + +} + +void s_print_buf(char *tag, mp_digit *buf, mp_size num) +{ + int i; + + fprintf(stderr, "%s: ", tag); + + for(i = num - 1; i >= 0; --i) + fprintf(stderr, "%0*X", (int)(MP_DIGIT_BIT / 4), buf[i]); + + fputc('\n', stderr); +} +#endif + +/* }}} */ + +/* HERE THERE BE DRAGONS */ diff --git a/source4/heimdal/lib/des/imath/imath.h b/source4/heimdal/lib/des/imath/imath.h new file mode 100755 index 0000000000..93cc35654d --- /dev/null +++ b/source4/heimdal/lib/des/imath/imath.h @@ -0,0 +1,220 @@ +/* + Name: imath.h + Purpose: Arbitrary precision integer arithmetic routines. + Author: M. J. Fromberger + Info: $Id: imath.h,v 1.3 2006/10/21 16:32:15 lha Exp $ + + Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved. + + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation files + (the "Software"), to deal in the Software without restriction, + including without limitation the rights to use, copy, modify, merge, + publish, distribute, sublicense, and/or sell copies of the Software, + and to permit persons to whom the Software is furnished to do so, + subject to the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + */ + +#ifndef IMATH_H_ +#define IMATH_H_ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef unsigned char mp_sign; +typedef unsigned int mp_size; +typedef int mp_result; +#ifdef USE_LONG_LONG +typedef unsigned int mp_digit; +typedef unsigned long long mp_word; +#else +typedef unsigned short mp_digit; +typedef unsigned int mp_word; +#endif + +typedef struct mpz { + mp_digit single; + mp_digit *digits; + mp_size alloc; + mp_size used; + mp_sign sign; +} mpz_t, *mp_int; + +#define MP_DIGITS(Z) ((Z)->digits) +#define MP_ALLOC(Z) ((Z)->alloc) +#define MP_USED(Z) ((Z)->used) +#define MP_SIGN(Z) ((Z)->sign) + +extern const mp_result MP_OK; +extern const mp_result MP_FALSE; +extern const mp_result MP_TRUE; +extern const mp_result MP_MEMORY; +extern const mp_result MP_RANGE; +extern const mp_result MP_UNDEF; +extern const mp_result MP_TRUNC; +extern const mp_result MP_BADARG; + +#define MP_DIGIT_BIT (sizeof(mp_digit) * CHAR_BIT) +#define MP_WORD_BIT (sizeof(mp_word) * CHAR_BIT) + +#ifdef USE_LONG_LONG +# ifndef ULONG_LONG_MAX +# ifdef ULLONG_MAX +# define ULONG_LONG_MAX ULLONG_MAX +# else +# error "Maximum value of unsigned long long not defined!" +# endif +# endif +# define MP_DIGIT_MAX (ULONG_MAX * 1ULL) +# define MP_WORD_MAX ULONG_LONG_MAX +#else +# define MP_DIGIT_MAX (USHRT_MAX * 1UL) +# define MP_WORD_MAX (UINT_MAX * 1UL) +#endif + +#define MP_MIN_RADIX 2 +#define MP_MAX_RADIX 36 + +/* Values with fewer than this many significant digits use the + standard multiplication algorithm; otherwise, a recursive algorithm + is used. Choose a value to suit your platform. + */ +#define MP_MULT_THRESH 32 + +#define MP_DEFAULT_PREC 8 /* default memory allocation, in digits */ + +extern const mp_sign MP_NEG; +extern const mp_sign MP_ZPOS; + +#define mp_int_is_odd(Z) ((Z)->digits[0] & 1) +#define mp_int_is_even(Z) !((Z)->digits[0] & 1) + +mp_result mp_int_init(mp_int z); +mp_int mp_int_alloc(void); +mp_result mp_int_init_size(mp_int z, mp_size prec); +mp_result mp_int_init_copy(mp_int z, mp_int old); +mp_result mp_int_init_value(mp_int z, int value); +mp_result mp_int_set_value(mp_int z, int value); +void mp_int_clear(mp_int z); +void mp_int_free(mp_int z); + +mp_result mp_int_copy(mp_int a, mp_int c); /* c = a */ +void mp_int_swap(mp_int a, mp_int c); /* swap a, c */ +void mp_int_zero(mp_int z); /* z = 0 */ +mp_result mp_int_abs(mp_int a, mp_int c); /* c = |a| */ +mp_result mp_int_neg(mp_int a, mp_int c); /* c = -a */ +mp_result mp_int_add(mp_int a, mp_int b, mp_int c); /* c = a + b */ +mp_result mp_int_add_value(mp_int a, int value, mp_int c); +mp_result mp_int_sub(mp_int a, mp_int b, mp_int c); /* c = a - b */ +mp_result mp_int_sub_value(mp_int a, int value, mp_int c); +mp_result mp_int_mul(mp_int a, mp_int b, mp_int c); /* c = a * b */ +mp_result mp_int_mul_value(mp_int a, int value, mp_int c); +mp_result mp_int_mul_pow2(mp_int a, int p2, mp_int c); +mp_result mp_int_sqr(mp_int a, mp_int c); /* c = a * a */ +mp_result mp_int_div(mp_int a, mp_int b, /* q = a / b */ + mp_int q, mp_int r); /* r = a % b */ +mp_result mp_int_div_value(mp_int a, int value, /* q = a / value */ + mp_int q, int *r); /* r = a % value */ +mp_result mp_int_div_pow2(mp_int a, int p2, /* q = a / 2^p2 */ + mp_int q, mp_int r); /* r = q % 2^p2 */ +mp_result mp_int_mod(mp_int a, mp_int m, mp_int c); /* c = a % m */ +#define mp_int_mod_value(A, V, R) mp_int_div_value((A), (V), 0, (R)) +mp_result mp_int_expt(mp_int a, int b, mp_int c); /* c = a^b */ +mp_result mp_int_expt_value(int a, int b, mp_int c); /* c = a^b */ + +int mp_int_compare(mp_int a, mp_int b); /* a <=> b */ +int mp_int_compare_unsigned(mp_int a, mp_int b); /* |a| <=> |b| */ +int mp_int_compare_zero(mp_int z); /* a <=> 0 */ +int mp_int_compare_value(mp_int z, int value); /* a <=> v */ + +/* Returns true if v|a, false otherwise (including errors) */ +int mp_int_divisible_value(mp_int a, int v); + +/* Returns k >= 0 such that z = 2^k, if one exists; otherwise < 0 */ +int mp_int_is_pow2(mp_int z); + +mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m, + mp_int c); /* c = a^b (mod m) */ +mp_result mp_int_exptmod_evalue(mp_int a, int value, + mp_int m, mp_int c); /* c = a^v (mod m) */ +mp_result mp_int_exptmod_bvalue(int value, mp_int b, + mp_int m, mp_int c); /* c = v^b (mod m) */ +mp_result mp_int_exptmod_known(mp_int a, mp_int b, + mp_int m, mp_int mu, + mp_int c); /* c = a^b (mod m) */ +mp_result mp_int_redux_const(mp_int m, mp_int c); + +mp_result mp_int_invmod(mp_int a, mp_int m, mp_int c); /* c = 1/a (mod m) */ + +mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c); /* c = gcd(a, b) */ + +mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, /* c = gcd(a, b) */ + mp_int x, mp_int y); /* c = ax + by */ + +mp_result mp_int_sqrt(mp_int a, mp_int c); /* c = floor(sqrt(q)) */ + +/* Convert to an int, if representable (returns MP_RANGE if not). */ +mp_result mp_int_to_int(mp_int z, int *out); + +/* Convert to nul-terminated string with the specified radix, writing at + most limit characters including the nul terminator */ +mp_result mp_int_to_string(mp_int z, mp_size radix, + char *str, int limit); + +/* Return the number of characters required to represent + z in the given radix. May over-estimate. */ +mp_result mp_int_string_len(mp_int z, mp_size radix); + +/* Read zero-terminated string into z */ +mp_result mp_int_read_string(mp_int z, mp_size radix, const char *str); +mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str, + char **end); + +/* Return the number of significant bits in z */ +mp_result mp_int_count_bits(mp_int z); + +/* Convert z to two's complement binary, writing at most limit bytes */ +mp_result mp_int_to_binary(mp_int z, unsigned char *buf, int limit); + +/* Read a two's complement binary value into z from the given buffer */ +mp_result mp_int_read_binary(mp_int z, unsigned char *buf, int len); + +/* Return the number of bytes required to represent z in binary. */ +mp_result mp_int_binary_len(mp_int z); + +/* Convert z to unsigned binary, writing at most limit bytes */ +mp_result mp_int_to_unsigned(mp_int z, unsigned char *buf, int limit); + +/* Read an unsigned binary value into z from the given buffer */ +mp_result mp_int_read_unsigned(mp_int z, unsigned char *buf, int len); + +/* Return the number of bytes required to represent z as unsigned output */ +mp_result mp_int_unsigned_len(mp_int z); + +/* Return a statically allocated string describing error code res */ +const char *mp_error_string(mp_result res); + +#if DEBUG +void s_print(char *tag, mp_int z); +void s_print_buf(char *tag, mp_digit *buf, mp_size num); +#endif + +#ifdef __cplusplus +} +#endif +#endif /* end IMATH_H_ */ diff --git a/source4/heimdal/lib/des/imath/iprime.c b/source4/heimdal/lib/des/imath/iprime.c new file mode 100755 index 0000000000..582ade0f54 --- /dev/null +++ b/source4/heimdal/lib/des/imath/iprime.c @@ -0,0 +1,186 @@ +/* + Name: iprime.c + Purpose: Pseudoprimality testing routines + Author: M. J. Fromberger + Info: $Id: iprime.c,v 1.5 2007/01/05 21:01:48 lha Exp $ + + Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved. + + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation files + (the "Software"), to deal in the Software without restriction, + including without limitation the rights to use, copy, modify, merge, + publish, distribute, sublicense, and/or sell copies of the Software, + and to permit persons to whom the Software is furnished to do so, + subject to the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + */ + +#include "iprime.h" +#include + +static const int s_ptab[] = { + 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, + 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, + 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, + 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, + 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, + 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, + 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, + 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, + 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, + 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, + 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, + 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, + 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, + 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, + 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, + 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, + 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, + 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, + 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, + 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277, + 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, + 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399, + 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, + 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, + 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559, + 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609, + 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, + 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733, + 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789, + 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, + 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931, + 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997, + 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, + 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, + 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161, + 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, + 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297, + 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, + 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, + 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473, + 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, + 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, + 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687, + 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729, + 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, + 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851, + 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917, + 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999, + 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, + 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137, + 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209, + 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, + 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331, + 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391, + 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467, + 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, + 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583, + 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643, + 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709, + 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, + 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851, + 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917, + 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, + 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049, + 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111, + 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177, + 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, + 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297, + 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391, + 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457, + 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, + 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597, + 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657, + 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, + 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799, + 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, + 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, + 4957, 4967, 4969, 4973, 4987, 4993, 4999 +}; +static const int s_ptab_size = sizeof(s_ptab)/sizeof(s_ptab[0]); + + +/* {{{ mp_int_is_prime(z) */ + +/* Test whether z is likely to be prime: + MP_TRUE means it is probably prime + MP_FALSE means it is definitely composite + */ +mp_result mp_int_is_prime(mp_int z) +{ + int i, rem; + mp_result res; + + /* First check for divisibility by small primes; this eliminates a + large number of composite candidates quickly + */ + for(i = 0; i < s_ptab_size; ++i) { + if((res = mp_int_div_value(z, s_ptab[i], NULL, &rem)) != MP_OK) + return res; + + if(rem == 0) + return MP_FALSE; + } + + /* Now try Fermat's test for several prime witnesses (since we now + know from the above that z is not a multiple of any of them) + */ + { + mpz_t tmp; + + if((res = mp_int_init(&tmp)) != MP_OK) return res; + + for(i = 0; i < 10 && i < s_ptab_size; ++i) { + if((res = mp_int_exptmod_bvalue(s_ptab[i], z, z, &tmp)) != MP_OK) + return res; + + if(mp_int_compare_value(&tmp, s_ptab[i]) != 0) { + mp_int_clear(&tmp); + return MP_FALSE; + } + } + + mp_int_clear(&tmp); + } + + return MP_TRUE; +} + +/* }}} */ + +/* {{{ mp_int_find_prime(z) */ + +/* Find the first apparent prime in ascending order from z */ +mp_result mp_int_find_prime(mp_int z) +{ + mp_result res; + + if(mp_int_is_even(z) && ((res = mp_int_add_value(z, 1, z)) != MP_OK)) + return res; + + while((res = mp_int_is_prime(z)) == MP_FALSE) { + if((res = mp_int_add_value(z, 2, z)) != MP_OK) + break; + + } + + return res; +} + +/* }}} */ + +/* Here there be dragons */ diff --git a/source4/heimdal/lib/des/imath/iprime.h b/source4/heimdal/lib/des/imath/iprime.h new file mode 100755 index 0000000000..cd54a73127 --- /dev/null +++ b/source4/heimdal/lib/des/imath/iprime.h @@ -0,0 +1,51 @@ +/* + Name: iprime.h + Purpose: Pseudoprimality testing routines + Author: M. J. Fromberger + Info: $Id: iprime.h,v 1.3 2006/10/21 16:32:30 lha Exp $ + + Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved. + + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation files + (the "Software"), to deal in the Software without restriction, + including without limitation the rights to use, copy, modify, merge, + publish, distribute, sublicense, and/or sell copies of the Software, + and to permit persons to whom the Software is furnished to do so, + subject to the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + */ + +#ifndef IPRIME_H_ +#define IPRIME_H_ + +#include "imath.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* Test whether z is likely to be prime + MP_YES means it is probably prime + MP_NO means it is definitely composite + */ +mp_result mp_int_is_prime(mp_int z); + +/* Find the first apparent prime in ascending order from z */ +mp_result mp_int_find_prime(mp_int z); + +#ifdef __cplusplus +} +#endif +#endif /* IPRIME_H_ */ diff --git a/source4/heimdal/lib/des/pkcs12.c b/source4/heimdal/lib/des/pkcs12.c new file mode 100644 index 0000000000..cc92285754 --- /dev/null +++ b/source4/heimdal/lib/des/pkcs12.c @@ -0,0 +1,145 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: pkcs12.c,v 1.1 2006/01/13 08:26:49 lha Exp $"); + +#include +#include +#include + +#include +#include + +#include + +int +PKCS12_key_gen(const void *key, size_t keylen, + const void *salt, size_t saltlen, + int id, int iteration, size_t outkeysize, + void *out, const EVP_MD *md) +{ + unsigned char *v, *I, hash[EVP_MAX_MD_SIZE]; + unsigned int size, size_I = 0; + unsigned char idc = id; + EVP_MD_CTX ctx; + unsigned char *outp = out; + int i, vlen; + + EVP_MD_CTX_init(&ctx); + + vlen = EVP_MD_block_size(md); + v = malloc(vlen + 1); + if (v == NULL) + return 0; + + I = calloc(1, vlen * 2); + if (I == NULL) { + free(v); + return 0; + } + + if (salt && saltlen > 0) { + for (i = 0; i < vlen; i++) + I[i] = ((unsigned char*)salt)[i % saltlen]; + size_I += vlen; + } + if (key && keylen > 0) { + for (i = 0; i < vlen / 2; i++) { + I[(i * 2) + size_I] = 0; + I[(i * 2) + size_I + 1] = ((unsigned char*)key)[i % (keylen + 1)]; + } + size_I += vlen; + } + + while (1) { + BIGNUM *bnB, *bnOne; + + if (!EVP_DigestInit_ex(&ctx, md, NULL)) + return 0; + for (i = 0; i < vlen; i++) + EVP_DigestUpdate(&ctx, &idc, 1); + EVP_DigestUpdate(&ctx, I, size_I); + EVP_DigestFinal_ex(&ctx, hash, &size); + + for (i = 1; i < iteration; i++) + EVP_Digest(hash, size, hash, &size, md, NULL); + + memcpy(outp, hash, min(outkeysize, size)); + if (outkeysize < size) + break; + outkeysize -= size; + outp += size; + + for (i = 0; i < vlen; i++) + v[i] = hash[i % size]; + + bnB = BN_bin2bn(v, vlen, NULL); + bnOne = BN_new(); + BN_set_word(bnOne, 1); + + BN_uadd(bnB, bnB, bnOne); + + for (i = 0; i < vlen * 2; i += vlen) { + BIGNUM *bnI; + int j; + + bnI = BN_bin2bn(I + i, vlen, NULL); + + BN_uadd(bnI, bnI, bnB); + + j = BN_num_bytes(bnI); + if (j > vlen) { + assert(j == vlen + 1); + BN_bn2bin(bnI, v); + memcpy(I + i, v + 1, vlen); + } else { + memset(I + i, 0, vlen - j); + BN_bn2bin(bnI, I + i + vlen - j); + } + BN_free(bnI); + } + BN_free(bnB); + BN_free(bnOne); + size_I = vlen * 2; + } + + EVP_MD_CTX_cleanup(&ctx); + free(I); + free(v); + + return 1; +} diff --git a/source4/heimdal/lib/des/resource.h b/source4/heimdal/lib/des/resource.h new file mode 100644 index 0000000000..02c6a7c6d9 --- /dev/null +++ b/source4/heimdal/lib/des/resource.h @@ -0,0 +1,18 @@ +//{{NO_DEPENDENCIES}} +// Microsoft Developer Studio generated include file. +// Used by passwd_dialog.rc +// +#define IDD_PASSWD_DIALOG 101 +#define IDC_EDIT1 1000 +#define IDC_PASSWD_EDIT 1001 + +// Next default values for new objects +// +#ifdef APSTUDIO_INVOKED +#ifndef APSTUDIO_READONLY_SYMBOLS +#define _APS_NEXT_RESOURCE_VALUE 102 +#define _APS_NEXT_COMMAND_VALUE 40001 +#define _APS_NEXT_CONTROL_VALUE 1002 +#define _APS_NEXT_SYMED_VALUE 101 +#endif +#endif diff --git a/source4/heimdal/lib/des/rsa-imath.c b/source4/heimdal/lib/des/rsa-imath.c new file mode 100644 index 0000000000..298affadfe --- /dev/null +++ b/source4/heimdal/lib/des/rsa-imath.c @@ -0,0 +1,661 @@ +/* + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: rsa-imath.c,v 1.23 2007/01/06 13:45:25 lha Exp $"); + +#include +#include +#include +#include + +#include + +#include + +#include "imath/imath.h" +#include "imath/iprime.h" + +static void +BN2mpz(mpz_t *s, const BIGNUM *bn) +{ + size_t len; + void *p; + + mp_int_init(s); + + len = BN_num_bytes(bn); + p = malloc(len); + BN_bn2bin(bn, p); + mp_int_read_unsigned(s, p, len); + free(p); +} + +static BIGNUM * +mpz2BN(mpz_t *s) +{ + size_t size; + BIGNUM *bn; + void *p; + + size = mp_int_unsigned_len(s); + p = malloc(size); + if (p == NULL && size != 0) + return NULL; + mp_int_to_unsigned(s, p, size); + + bn = BN_bin2bn(p, size, NULL); + free(p); + return bn; +} + +static int random_num(mp_int, size_t); + +static void +setup_blind(mp_int n, mp_int b, mp_int bi) +{ + mp_int_init(b); + mp_int_init(bi); + random_num(b, mp_int_count_bits(n)); + mp_int_mod(b, n, b); + mp_int_invmod(b, n, bi); +} + +static void +blind(mp_int in, mp_int b, mp_int e, mp_int n) +{ + mpz_t t1; + mp_int_init(&t1); + /* in' = (in * b^e) mod n */ + mp_int_exptmod(b, e, n, &t1); + mp_int_mul(&t1, in, in); + mp_int_mod(in, n, in); + mp_int_clear(&t1); +} + +static void +unblind(mp_int out, mp_int bi, mp_int n) +{ + /* out' = (out * 1/b) mod n */ + mp_int_mul(out, bi, out); + mp_int_mod(out, n, out); +} + +static mp_result +rsa_private_calculate(mp_int in, mp_int p, mp_int q, + mp_int dmp1, mp_int dmq1, mp_int iqmp, + mp_int out) +{ + mpz_t vp, vq, u; + mp_int_init(&vp); mp_int_init(&vq); mp_int_init(&u); + + /* vq = c ^ (d mod (q - 1)) mod q */ + /* vp = c ^ (d mod (p - 1)) mod p */ + mp_int_mod(in, p, &u); + mp_int_exptmod(&u, dmp1, p, &vp); + mp_int_mod(in, q, &u); + mp_int_exptmod(&u, dmq1, q, &vq); + + /* C2 = 1/q mod p (iqmp) */ + /* u = (vp - vq)C2 mod p. */ + mp_int_sub(&vp, &vq, &u); + if (mp_int_compare_zero(&u) < 0) + mp_int_add(&u, p, &u); + mp_int_mul(&u, iqmp, &u); + mp_int_mod(&u, p, &u); + + /* c ^ d mod n = vq + u q */ + mp_int_mul(&u, q, &u); + mp_int_add(&u, &vq, out); + + mp_int_clear(&vp); + mp_int_clear(&vq); + mp_int_clear(&u); + + return MP_OK; +} + +/* + * + */ + +static int +imath_rsa_public_encrypt(int flen, const unsigned char* from, + unsigned char* to, RSA* rsa, int padding) +{ + unsigned char *p, *p0; + mp_result res; + size_t size, padlen; + mpz_t enc, dec, n, e; + + if (padding != RSA_PKCS1_PADDING) + return -1; + + size = RSA_size(rsa); + + if (size < RSA_PKCS1_PADDING_SIZE || size - RSA_PKCS1_PADDING_SIZE < flen) + return -2; + + BN2mpz(&n, rsa->n); + BN2mpz(&e, rsa->e); + + p = p0 = malloc(size - 1); + if (p0 == NULL) { + mp_int_clear(&e); + mp_int_clear(&n); + return -3; + } + + padlen = size - flen - 3; + assert(padlen >= 8); + + *p++ = 2; + if (RAND_bytes(p, padlen) != 1) { + mp_int_clear(&e); + mp_int_clear(&n); + free(p0); + return -4; + } + while(padlen) { + if (*p == 0) + *p = 1; + padlen--; + p++; + } + *p++ = 0; + memcpy(p, from, flen); + p += flen; + assert((p - p0) == size - 1); + + mp_int_init(&enc); + mp_int_init(&dec); + mp_int_read_unsigned(&dec, p0, size - 1); + free(p0); + + res = mp_int_exptmod(&dec, &e, &n, &enc); + + mp_int_clear(&dec); + mp_int_clear(&e); + mp_int_clear(&n); + { + size_t ssize; + ssize = mp_int_unsigned_len(&enc); + assert(size >= ssize); + mp_int_to_unsigned(&enc, to, ssize); + size = ssize; + } + mp_int_clear(&enc); + + return size; +} + +static int +imath_rsa_public_decrypt(int flen, const unsigned char* from, + unsigned char* to, RSA* rsa, int padding) +{ + unsigned char *p; + mp_result res; + size_t size; + mpz_t s, us, n, e; + + if (padding != RSA_PKCS1_PADDING) + return -1; + + if (flen > RSA_size(rsa)) + return -2; + + BN2mpz(&n, rsa->n); + BN2mpz(&e, rsa->e); + +#if 0 + /* Check that the exponent is larger then 3 */ + if (mp_int_compare_value(&e, 3) <= 0) { + mp_int_clear(&n); + mp_int_clear(&e); + return -3; + } +#endif + + mp_int_init(&s); + mp_int_init(&us); + mp_int_read_unsigned(&s, rk_UNCONST(from), flen); + + if (mp_int_compare(&s, &n) >= 0) { + mp_int_clear(&n); + mp_int_clear(&e); + return -4; + } + + res = mp_int_exptmod(&s, &e, &n, &us); + + mp_int_clear(&s); + mp_int_clear(&n); + mp_int_clear(&e); + + if (res != MP_OK) + return -5; + p = to; + + + size = mp_int_unsigned_len(&us); + assert(size <= RSA_size(rsa)); + mp_int_to_unsigned(&us, p, size); + + mp_int_clear(&us); + + /* head zero was skipped by mp_int_to_unsigned */ + if (*p == 0) + return -6; + if (*p != 1) + return -7; + size--; p++; + while (size && *p == 0xff) { + size--; p++; + } + if (size == 0 || *p != 0) + return -8; + size--; p++; + + memmove(to, p, size); + + return size; +} + +static int +imath_rsa_private_encrypt(int flen, const unsigned char* from, + unsigned char* to, RSA* rsa, int padding) +{ + unsigned char *p, *p0; + mp_result res; + size_t size; + mpz_t in, out, n, e, b, bi; + int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0; + + if (padding != RSA_PKCS1_PADDING) + return -1; + + size = RSA_size(rsa); + + if (size < RSA_PKCS1_PADDING_SIZE || size - RSA_PKCS1_PADDING_SIZE < flen) + return -2; + + p0 = p = malloc(size); + *p++ = 0; + *p++ = 1; + memset(p, 0xff, size - flen - 3); + p += size - flen - 3; + *p++ = 0; + memcpy(p, from, flen); + p += flen; + assert((p - p0) == size); + + BN2mpz(&n, rsa->n); + BN2mpz(&e, rsa->e); + + mp_int_init(&in); + mp_int_init(&out); + mp_int_read_unsigned(&in, p0, size); + free(p0); + + if(mp_int_compare_zero(&in) < 0 || + mp_int_compare(&in, &n) >= 0) { + size = 0; + goto out; + } + + if (blinding) { + setup_blind(&n, &b, &bi); + blind(&in, &b, &e, &n); + } + + if (rsa->p && rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) { + mpz_t p, q, dmp1, dmq1, iqmp; + + BN2mpz(&p, rsa->p); + BN2mpz(&q, rsa->q); + BN2mpz(&dmp1, rsa->dmp1); + BN2mpz(&dmq1, rsa->dmq1); + BN2mpz(&iqmp, rsa->iqmp); + + res = rsa_private_calculate(&in, &p, &q, &dmp1, &dmq1, &iqmp, &out); + + mp_int_clear(&p); + mp_int_clear(&q); + mp_int_clear(&dmp1); + mp_int_clear(&dmq1); + mp_int_clear(&iqmp); + } else { + mpz_t d; + + BN2mpz(&d, rsa->d); + res = mp_int_exptmod(&in, &d, &n, &out); + mp_int_clear(&d); + if (res != MP_OK) { + size = 0; + goto out; + } + } + + if (blinding) { + unblind(&out, &bi, &n); + mp_int_clear(&b); + mp_int_clear(&bi); + } + + { + size_t ssize; + ssize = mp_int_unsigned_len(&out); + assert(size >= ssize); + mp_int_to_unsigned(&out, to, size); + size = ssize; + } + +out: + mp_int_clear(&e); + mp_int_clear(&n); + mp_int_clear(&in); + mp_int_clear(&out); + + return size; +} + +static int +imath_rsa_private_decrypt(int flen, const unsigned char* from, + unsigned char* to, RSA* rsa, int padding) +{ + unsigned char *ptr; + mp_result res; + size_t size; + mpz_t in, out, n, e, b, bi; + int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0; + + if (padding != RSA_PKCS1_PADDING) + return -1; + + size = RSA_size(rsa); + if (flen > size) + return -2; + + mp_int_init(&in); + mp_int_init(&out); + + BN2mpz(&n, rsa->n); + BN2mpz(&e, rsa->e); + + res = mp_int_read_unsigned(&in, rk_UNCONST(from), flen); + if (res != MP_OK) { + size = -1; + goto out; + } + + if(mp_int_compare_zero(&in) < 0 || + mp_int_compare(&in, &n) >= 0) { + size = 0; + goto out; + } + + if (blinding) { + setup_blind(&n, &b, &bi); + blind(&in, &b, &e, &n); + } + + if (rsa->p && rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) { + mpz_t p, q, dmp1, dmq1, iqmp; + + BN2mpz(&p, rsa->p); + BN2mpz(&q, rsa->q); + BN2mpz(&dmp1, rsa->dmp1); + BN2mpz(&dmq1, rsa->dmq1); + BN2mpz(&iqmp, rsa->iqmp); + + res = rsa_private_calculate(&in, &p, &q, &dmp1, &dmq1, &iqmp, &out); + + mp_int_clear(&p); + mp_int_clear(&q); + mp_int_clear(&dmp1); + mp_int_clear(&dmq1); + mp_int_clear(&iqmp); + } else { + mpz_t d; + + if(mp_int_compare_zero(&in) < 0 || + mp_int_compare(&in, &n) >= 0) + return MP_RANGE; + + BN2mpz(&d, rsa->d); + res = mp_int_exptmod(&in, &d, &n, &out); + mp_int_clear(&d); + if (res != MP_OK) { + size = 0; + goto out; + } + } + + if (blinding) { + unblind(&out, &bi, &n); + mp_int_clear(&b); + mp_int_clear(&bi); + } + + ptr = to; + { + size_t ssize; + ssize = mp_int_unsigned_len(&out); + assert(size >= ssize); + mp_int_to_unsigned(&out, ptr, ssize); + size = ssize; + } + + /* head zero was skipped by mp_int_to_unsigned */ + if (*ptr != 2) + return -3; + size--; ptr++; + while (size && *ptr != 0) { + size--; ptr++; + } + if (size == 0) + return -4; + size--; ptr++; + + memmove(to, ptr, size); + +out: + mp_int_clear(&e); + mp_int_clear(&n); + mp_int_clear(&in); + mp_int_clear(&out); + + return size; +} + +static int +random_num(mp_int num, size_t len) +{ + unsigned char *p; + mp_result res; + + len = (len + 7) / 8; + p = malloc(len); + if (p == NULL) + return 1; + if (RAND_bytes(p, len) != 1) { + free(p); + return 1; + } + res = mp_int_read_unsigned(num, p, len); + free(p); + if (res != MP_OK) + return 1; + return 0; +} + +#define CHECK(f, v) if ((f) != (v)) { goto out; } + +static int +imath_rsa_generate_key(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) +{ + mpz_t el, p, q, n, d, dmp1, dmq1, iqmp, t1, t2, t3; + int counter, ret; + + if (bits < 789) + return -1; + + ret = -1; + + mp_int_init(&el); + mp_int_init(&p); + mp_int_init(&q); + mp_int_init(&n); + mp_int_init(&d); + mp_int_init(&dmp1); + mp_int_init(&dmq1); + mp_int_init(&iqmp); + mp_int_init(&t1); + mp_int_init(&t2); + mp_int_init(&t3); + + BN2mpz(&el, e); + + /* generate p and q so that p != q and bits(pq) ~ bits */ + counter = 0; + do { + BN_GENCB_call(cb, 2, counter++); + CHECK(random_num(&p, bits / 2 + 1), 0); + CHECK(mp_int_find_prime(&p), MP_TRUE); + + CHECK(mp_int_sub_value(&p, 1, &t1), MP_OK); + CHECK(mp_int_gcd(&t1, &el, &t2), MP_OK); + } while(mp_int_compare_value(&t2, 1) != 0); + + BN_GENCB_call(cb, 3, 0); + + counter = 0; + do { + BN_GENCB_call(cb, 2, counter++); + CHECK(random_num(&q, bits / 2 + 1), 0); + CHECK(mp_int_find_prime(&q), MP_TRUE); + + if (mp_int_compare(&p, &q) == 0) /* don't let p and q be the same */ + continue; + + CHECK(mp_int_sub_value(&q, 1, &t1), MP_OK); + CHECK(mp_int_gcd(&t1, &el, &t2), MP_OK); + } while(mp_int_compare_value(&t2, 1) != 0); + + /* make p > q */ + if (mp_int_compare(&p, &q) < 0) + mp_int_swap(&p, &q); + + BN_GENCB_call(cb, 3, 1); + + /* calculate n, n = p * q */ + CHECK(mp_int_mul(&p, &q, &n), MP_OK); + + /* calculate d, d = 1/e mod (p - 1)(q - 1) */ + CHECK(mp_int_sub_value(&p, 1, &t1), MP_OK); + CHECK(mp_int_sub_value(&q, 1, &t2), MP_OK); + CHECK(mp_int_mul(&t1, &t2, &t3), MP_OK); + CHECK(mp_int_invmod(&el, &t3, &d), MP_OK); + + /* calculate dmp1 dmp1 = d mod (p-1) */ + CHECK(mp_int_mod(&d, &t1, &dmp1), MP_OK); + /* calculate dmq1 dmq1 = d mod (q-1) */ + CHECK(mp_int_mod(&d, &t2, &dmq1), MP_OK); + /* calculate iqmp iqmp = 1/q mod p */ + CHECK(mp_int_invmod(&q, &p, &iqmp), MP_OK); + + /* fill in RSA key */ + + rsa->e = mpz2BN(&el); + rsa->p = mpz2BN(&p); + rsa->q = mpz2BN(&q); + rsa->n = mpz2BN(&n); + rsa->d = mpz2BN(&d); + rsa->dmp1 = mpz2BN(&dmp1); + rsa->dmq1 = mpz2BN(&dmq1); + rsa->iqmp = mpz2BN(&iqmp); + + ret = 1; +out: + mp_int_clear(&el); + mp_int_clear(&p); + mp_int_clear(&q); + mp_int_clear(&n); + mp_int_clear(&d); + mp_int_clear(&dmp1); + mp_int_clear(&dmq1); + mp_int_clear(&iqmp); + mp_int_clear(&t1); + mp_int_clear(&t2); + mp_int_clear(&t3); + + return ret; +} + +static int +imath_rsa_init(RSA *rsa) +{ + return 1; +} + +static int +imath_rsa_finish(RSA *rsa) +{ + return 1; +} + +const RSA_METHOD hc_rsa_imath_method = { + "hcrypto imath RSA", + imath_rsa_public_encrypt, + imath_rsa_public_decrypt, + imath_rsa_private_encrypt, + imath_rsa_private_decrypt, + NULL, + NULL, + imath_rsa_init, + imath_rsa_finish, + 0, + NULL, + NULL, + NULL, + imath_rsa_generate_key +}; + +const RSA_METHOD * +RSA_imath_method(void) +{ + return &hc_rsa_imath_method; +} diff --git a/source4/heimdal/lib/des/rsa.c b/source4/heimdal/lib/des/rsa.c new file mode 100644 index 0000000000..241afb2e46 --- /dev/null +++ b/source4/heimdal/lib/des/rsa.c @@ -0,0 +1,471 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: rsa.c,v 1.19 2007/01/09 10:04:20 lha Exp $"); + +#include +#include +#include +#include + +#include + +#include + +RSA * +RSA_new(void) +{ + return RSA_new_method(NULL); +} + +RSA * +RSA_new_method(ENGINE *engine) +{ + RSA *rsa; + + rsa = calloc(1, sizeof(*rsa)); + if (rsa == NULL) + return NULL; + + rsa->references = 1; + + if (engine) { + ENGINE_up_ref(engine); + rsa->engine = engine; + } else { + rsa->engine = ENGINE_get_default_RSA(); + } + + if (rsa->engine) { + rsa->meth = ENGINE_get_RSA(rsa->engine); + if (rsa->meth == NULL) { + ENGINE_finish(engine); + free(rsa); + return 0; + } + } + + if (rsa->meth == NULL) + rsa->meth = rk_UNCONST(RSA_get_default_method()); + + (*rsa->meth->init)(rsa); + + return rsa; +} + + +void +RSA_free(RSA *rsa) +{ + if (rsa->references <= 0) + abort(); + + if (--rsa->references > 0) + return; + + (*rsa->meth->finish)(rsa); + + if (rsa->engine) + ENGINE_finish(rsa->engine); + +#define free_if(f) if (f) { BN_free(f); } + free_if(rsa->n); + free_if(rsa->e); + free_if(rsa->d); + free_if(rsa->p); + free_if(rsa->q); + free_if(rsa->dmp1); + free_if(rsa->dmq1); +#undef free_if + + memset(rsa, 0, sizeof(*rsa)); + free(rsa); +} + +int +RSA_up_ref(RSA *rsa) +{ + return ++rsa->references; +} + +const RSA_METHOD * +RSA_get_method(const RSA *rsa) +{ + return rsa->meth; +} + +int +RSA_set_method(RSA *rsa, const RSA_METHOD *method) +{ + (*rsa->meth->finish)(rsa); + + if (rsa->engine) { + ENGINE_finish(rsa->engine); + rsa->engine = NULL; + } + + rsa->meth = method; + (*rsa->meth->init)(rsa); + return 1; +} + +int +RSA_set_app_data(RSA *rsa, void *arg) +{ + rsa->ex_data.sk = arg; + return 1; +} + +void * +RSA_get_app_data(RSA *rsa) +{ + return rsa->ex_data.sk; +} + +int +RSA_check_key(const RSA *key) +{ + static const unsigned char inbuf[] = "hello, world!"; + RSA *rsa = rk_UNCONST(key); + void *buffer; + int ret; + + /* + * XXX I have no clue how to implement this w/o a bignum library. + * Well, when we have a RSA key pair, we can try to encrypt/sign + * and then decrypt/verify. + */ + + if ((rsa->d == NULL || rsa->n == NULL) && + (rsa->p == NULL || rsa->q || rsa->dmp1 == NULL || rsa->dmq1 == NULL || rsa->iqmp == NULL)) + return 0; + + buffer = malloc(RSA_size(rsa)); + if (buffer == NULL) + return 0; + + ret = RSA_private_encrypt(sizeof(inbuf), inbuf, buffer, + rsa, RSA_PKCS1_PADDING); + if (ret == -1) { + free(buffer); + return 0; + } + + ret = RSA_public_decrypt(ret, buffer, buffer, + rsa, RSA_PKCS1_PADDING); + if (ret == -1) { + free(buffer); + return 0; + } + + if (ret == sizeof(inbuf) && memcmp(buffer, inbuf, sizeof(inbuf)) == 0) { + free(buffer); + return 1; + } + free(buffer); + return 0; +} + +int +RSA_size(const RSA *rsa) +{ + return BN_num_bytes(rsa->n); +} + +#define RSAFUNC(name, body) \ +int \ +name(int flen,const unsigned char* f, unsigned char* t, RSA* r, int p){\ + return body; \ +} + +RSAFUNC(RSA_public_encrypt, (r)->meth->rsa_pub_enc(flen, f, t, r, p)) +RSAFUNC(RSA_public_decrypt, (r)->meth->rsa_pub_dec(flen, f, t, r, p)) +RSAFUNC(RSA_private_encrypt, (r)->meth->rsa_priv_enc(flen, f, t, r, p)) +RSAFUNC(RSA_private_decrypt, (r)->meth->rsa_priv_dec(flen, f, t, r, p)) + +/* XXX */ +int +RSA_sign(int type, const unsigned char *from, unsigned int flen, + unsigned char *to, unsigned int *tlen, RSA *rsa) +{ + return -1; +} + +int +RSA_verify(int type, const unsigned char *from, unsigned int flen, + unsigned char *to, unsigned int tlen, RSA *rsa) +{ + return -1; +} + +/* + * A NULL RSA_METHOD that returns failure for all operations. This is + * used as the default RSA method is we don't have any native + * support. + */ + +static RSAFUNC(null_rsa_public_encrypt, -1) +static RSAFUNC(null_rsa_public_decrypt, -1) +static RSAFUNC(null_rsa_private_encrypt, -1) +static RSAFUNC(null_rsa_private_decrypt, -1) + +/* + * + */ + +int +RSA_generate_key_ex(RSA *r, int bits, BIGNUM *e, BN_GENCB *cb) +{ + if (r->meth->rsa_keygen) + return (*r->meth->rsa_keygen)(r, bits, e, cb); + return 0; +} + + +/* + * + */ + +static int +null_rsa_init(RSA *rsa) +{ + return 1; +} + +static int +null_rsa_finish(RSA *rsa) +{ + return 1; +} + +static const RSA_METHOD rsa_null_method = { + "hcrypto null RSA", + null_rsa_public_encrypt, + null_rsa_public_decrypt, + null_rsa_private_encrypt, + null_rsa_private_decrypt, + NULL, + NULL, + null_rsa_init, + null_rsa_finish, + 0, + NULL, + NULL, + NULL +}; + +const RSA_METHOD * +RSA_null_method(void) +{ + return &rsa_null_method; +} + +extern const RSA_METHOD hc_rsa_imath_method; +static const RSA_METHOD *default_rsa_method = &hc_rsa_imath_method; + +const RSA_METHOD * +RSA_get_default_method(void) +{ + return default_rsa_method; +} + +void +RSA_set_default_method(const RSA_METHOD *meth) +{ + default_rsa_method = meth; +} + +/* + * + */ + +static BIGNUM * +heim_int2BN(const heim_integer *i) +{ + BIGNUM *bn; + + bn = BN_bin2bn(i->data, i->length, NULL); + if (bn) + BN_set_negative(bn, i->negative); + return bn; +} + +static int +bn2heim_int(BIGNUM *bn, heim_integer *integer) +{ + integer->length = BN_num_bytes(bn); + integer->data = malloc(integer->length); + if (integer->data == NULL) { + integer->length = 0; + return ENOMEM; + } + BN_bn2bin(bn, integer->data); + integer->negative = BN_is_negative(bn); + return 0; +} + + +RSA * +d2i_RSAPrivateKey(RSA *rsa, const unsigned char **pp, size_t len) +{ + RSAPrivateKey data; + RSA *k = rsa; + size_t size; + int ret; + + ret = decode_RSAPrivateKey(*pp, len, &data, &size); + if (ret) + return NULL; + + *pp += size; + + if (k == NULL) { + k = RSA_new(); + if (k == NULL) { + free_RSAPrivateKey(&data); + return NULL; + } + } + + k->n = heim_int2BN(&data.modulus); + k->e = heim_int2BN(&data.publicExponent); + k->d = heim_int2BN(&data.privateExponent); + k->p = heim_int2BN(&data.prime1); + k->q = heim_int2BN(&data.prime2); + k->dmp1 = heim_int2BN(&data.exponent1); + k->dmq1 = heim_int2BN(&data.exponent2); + k->iqmp = heim_int2BN(&data.coefficient); + free_RSAPrivateKey(&data); + + if (k->n == NULL || k->e == NULL || k->d == NULL || k->p == NULL || + k->q == NULL || k->dmp1 == NULL || k->dmq1 == NULL || k->iqmp == NULL) + { + RSA_free(k); + return NULL; + } + + return k; +} + +int +i2d_RSAPrivateKey(RSA *rsa, unsigned char **pp) +{ + RSAPrivateKey data; + size_t size; + int ret; + + if (rsa->n == NULL || rsa->e == NULL || rsa->d == NULL || rsa->p == NULL || + rsa->q == NULL || rsa->dmp1 == NULL || rsa->dmq1 == NULL || + rsa->iqmp == NULL) + return -1; + + memset(&data, 0, sizeof(data)); + + ret = bn2heim_int(rsa->n, &data.modulus); + ret |= bn2heim_int(rsa->e, &data.publicExponent); + ret |= bn2heim_int(rsa->d, &data.privateExponent); + ret |= bn2heim_int(rsa->p, &data.prime1); + ret |= bn2heim_int(rsa->q, &data.prime2); + ret |= bn2heim_int(rsa->dmp1, &data.exponent1); + ret |= bn2heim_int(rsa->dmq1, &data.exponent2); + ret |= bn2heim_int(rsa->iqmp, &data.coefficient); + if (ret) { + free_RSAPrivateKey(&data); + return -1; + } + + if (pp == NULL) { + size = length_RSAPrivateKey(&data); + free_RSAPrivateKey(&data); + } else { + void *p; + size_t len; + + ASN1_MALLOC_ENCODE(RSAPrivateKey, p, len, &data, &size, ret); + free_RSAPrivateKey(&data); + if (ret) + return -1; + if (len != size) + abort(); + + memcpy(*pp, p, size); + free(p); + + *pp += size; + + } + return size; +} + +int +i2d_RSAPublicKey(RSA *rsa, unsigned char **pp) +{ + RSAPublicKey data; + size_t size; + int ret; + + memset(&data, 0, sizeof(data)); + + if (bn2heim_int(rsa->n, &data.modulus) || + bn2heim_int(rsa->e, &data.publicExponent)) + { + free_RSAPublicKey(&data); + return -1; + } + + if (pp == NULL) { + size = length_RSAPublicKey(&data); + free_RSAPublicKey(&data); + } else { + void *p; + size_t len; + + ASN1_MALLOC_ENCODE(RSAPublicKey, p, len, &data, &size, ret); + free_RSAPublicKey(&data); + if (ret) + return -1; + if (len != size) + abort(); + + memcpy(*pp, p, size); + free(p); + + *pp += size; + } + + return size; +} diff --git a/source4/heimdal/lib/des/rsa.h b/source4/heimdal/lib/des/rsa.h index 137dd9894b..0aceb9f9da 100644 --- a/source4/heimdal/lib/des/rsa.h +++ b/source4/heimdal/lib/des/rsa.h @@ -32,7 +32,7 @@ */ /* - * $Id: rsa.h,v 1.5 2006/05/07 11:34:02 lha Exp $ + * $Id: rsa.h,v 1.9 2007/01/05 20:26:23 lha Exp $ */ #ifndef _HEIM_RSA_H @@ -59,7 +59,9 @@ #define RSA_private_decrypt hc_RSA_private_decrypt #define RSA_sign hc_RSA_sign #define RSA_verify hc_RSA_verify +#define RSA_generate_key_ex hc_RSA_generate_key_ex #define d2i_RSAPrivateKey hc_d2i_RSAPrivateKey +#define i2d_RSAPrivateKey hc_i2d_RSAPrivateKey #define i2d_RSAPublicKey hc_i2d_RSAPublicKey /* @@ -119,9 +121,10 @@ struct RSA { void *mt_blinding; }; -#define RSA_FLAG_SIGN_VER 0x40 +#define RSA_FLAG_NO_BLINDING 0x0080 #define RSA_PKCS1_PADDING 1 +#define RSA_PKCS1_OAEP_PADDING 4 #define RSA_PKCS1_PADDING_SIZE 11 /* @@ -162,7 +165,11 @@ int RSA_sign(int, const unsigned char *, unsigned int, int RSA_verify(int, const unsigned char *, unsigned int, unsigned char *, unsigned int, RSA *); +int RSA_generate_key_ex(RSA *, int, BIGNUM *, BN_GENCB *); + RSA * d2i_RSAPrivateKey(RSA *, const unsigned char **, size_t); +int i2d_RSAPrivateKey(RSA *, unsigned char **); + int i2d_RSAPublicKey(RSA *, unsigned char **); #endif /* _HEIM_RSA_H */ diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h index f89e5dfbee..8077aeb223 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi.h,v 1.6 2006/11/10 00:39:50 lha Exp $ */ +/* $Id: gssapi.h,v 1.7 2006/12/15 20:02:54 lha Exp $ */ #ifndef GSSAPI_GSSAPI_H_ #define GSSAPI_GSSAPI_H_ @@ -300,6 +300,12 @@ extern gss_OID GSS_C_NT_EXPORT_NAME; extern gss_OID GSS_SASL_DIGEST_MD5_MECHANISM; +/* + * NTLM mechanism + */ + +extern gss_OID GSS_NTLM_MECHANISM; + /* Major status codes */ #define GSS_S_COMPLETE 0 diff --git a/source4/heimdal/lib/gssapi/gssapi_mech.h b/source4/heimdal/lib/gssapi/gssapi_mech.h index a05919b510..2bb5ecedf5 100644 --- a/source4/heimdal/lib/gssapi/gssapi_mech.h +++ b/source4/heimdal/lib/gssapi/gssapi_mech.h @@ -344,5 +344,6 @@ __gss_get_mechanism(gss_OID /* oid */); gssapi_mech_interface __gss_spnego_initialize(void); gssapi_mech_interface __gss_krb5_initialize(void); +gssapi_mech_interface __gss_ntlm_initialize(void); #endif /* GSSAPI_MECH_H */ diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index 6ac80461c3..434fbee352 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: accept_sec_context.c,v 1.65 2006/11/07 14:52:05 lha Exp $"); +RCSID("$Id: accept_sec_context.c,v 1.66 2006/11/13 18:00:54 lha Exp $"); HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER; krb5_keytab _gsskrb5_keytab; @@ -41,20 +41,21 @@ krb5_keytab _gsskrb5_keytab; OM_uint32 _gsskrb5_register_acceptor_identity (const char *identity) { + krb5_context context; krb5_error_code ret; - ret = _gsskrb5_init(); + ret = _gsskrb5_init(&context); if(ret) return GSS_S_FAILURE; HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex); if(_gsskrb5_keytab != NULL) { - krb5_kt_close(_gsskrb5_context, _gsskrb5_keytab); + krb5_kt_close(context, _gsskrb5_keytab); _gsskrb5_keytab = NULL; } if (identity == NULL) { - ret = krb5_kt_default(_gsskrb5_context, &_gsskrb5_keytab); + ret = krb5_kt_default(context, &_gsskrb5_keytab); } else { char *p; @@ -63,7 +64,7 @@ _gsskrb5_register_acceptor_identity (const char *identity) HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); return GSS_S_FAILURE; } - ret = krb5_kt_resolve(_gsskrb5_context, p, &_gsskrb5_keytab); + ret = krb5_kt_resolve(context, p, &_gsskrb5_keytab); free(p); } HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); @@ -120,6 +121,7 @@ static OM_uint32 gsskrb5_accept_delegated_token (OM_uint32 * minor_status, gsskrb5_ctx ctx, + krb5_context context, gss_cred_id_t * delegated_cred_handle ) { @@ -131,33 +133,31 @@ gsskrb5_accept_delegated_token /* XXX Create a new delegated_cred_handle? */ if (delegated_cred_handle == NULL) { - kret = krb5_cc_default (_gsskrb5_context, &ccache); + kret = krb5_cc_default (context, &ccache); } else { *delegated_cred_handle = NULL; - kret = krb5_cc_gen_new (_gsskrb5_context, &krb5_mcc_ops, &ccache); + kret = krb5_cc_gen_new (context, &krb5_mcc_ops, &ccache); } if (kret) { ctx->flags &= ~GSS_C_DELEG_FLAG; goto out; } - kret = krb5_cc_initialize(_gsskrb5_context, ccache, ctx->source); + kret = krb5_cc_initialize(context, ccache, ctx->source); if (kret) { ctx->flags &= ~GSS_C_DELEG_FLAG; goto out; } - krb5_auth_con_removeflags(_gsskrb5_context, + krb5_auth_con_removeflags(context, ctx->auth_context, KRB5_AUTH_CONTEXT_DO_TIME, &ac_flags); - kret = krb5_rd_cred2(_gsskrb5_context, + kret = krb5_rd_cred2(context, ctx->auth_context, ccache, &ctx->fwd_data); - if (kret) - _gsskrb5_set_error_string(); - krb5_auth_con_setflags(_gsskrb5_context, + krb5_auth_con_setflags(context, ctx->auth_context, ac_flags); if (kret) { @@ -181,16 +181,16 @@ gsskrb5_accept_delegated_token handle = (gsskrb5_cred) *delegated_cred_handle; handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE; - krb5_cc_close(_gsskrb5_context, ccache); + krb5_cc_close(context, ccache); ccache = NULL; } out: if (ccache) { if (delegated_cred_handle == NULL) - krb5_cc_close(_gsskrb5_context, ccache); + krb5_cc_close(context, ccache); else - krb5_cc_destroy(_gsskrb5_context, ccache); + krb5_cc_destroy(context, ccache); } return ret; } @@ -198,13 +198,14 @@ out: static OM_uint32 gsskrb5_acceptor_ready(OM_uint32 * minor_status, gsskrb5_ctx ctx, + krb5_context context, gss_cred_id_t *delegated_cred_handle) { OM_uint32 ret; int32_t seq_number; int is_cfx = 0; - krb5_auth_getremoteseqnumber (_gsskrb5_context, + krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number); @@ -222,7 +223,7 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status, * isn't a mutual authentication context */ if (!(ctx->flags & GSS_C_MUTUAL_FLAG) && _gssapi_msg_order_f(ctx->flags)) { - krb5_auth_con_setlocalseqnumber(_gsskrb5_context, + krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, seq_number); } @@ -233,6 +234,7 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status, if (ctx->fwd_data.length > 0 && (ctx->flags & GSS_C_DELEG_FLAG)) { ret = gsskrb5_accept_delegated_token(minor_status, ctx, + context, delegated_cred_handle); if (ret) return ret; @@ -250,6 +252,7 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status, static OM_uint32 gsskrb5_acceptor_start(OM_uint32 * minor_status, gsskrb5_ctx ctx, + krb5_context context, const gss_cred_id_t acceptor_cred_handle, const gss_buffer_t input_token_buffer, const gss_channel_bindings_t input_chan_bindings, @@ -301,49 +304,46 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, krb5_rd_req_in_ctx in = NULL; krb5_rd_req_out_ctx out = NULL; - kret = krb5_rd_req_in_ctx_alloc(_gsskrb5_context, &in); + kret = krb5_rd_req_in_ctx_alloc(context, &in); if (kret == 0) - kret = krb5_rd_req_in_set_keytab(_gsskrb5_context, in, keytab); + kret = krb5_rd_req_in_set_keytab(context, in, keytab); if (kret) { if (in) - krb5_rd_req_in_ctx_free(_gsskrb5_context, in); + krb5_rd_req_in_ctx_free(context, in); ret = GSS_S_FAILURE; *minor_status = kret; - _gsskrb5_set_error_string (); return ret; } - kret = krb5_rd_req_ctx(_gsskrb5_context, + kret = krb5_rd_req_ctx(context, &ctx->auth_context, &indata, (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred->principal, in, &out); - krb5_rd_req_in_ctx_free(_gsskrb5_context, in); + krb5_rd_req_in_ctx_free(context, in); if (kret) { ret = GSS_S_FAILURE; *minor_status = kret; - _gsskrb5_set_error_string (); return ret; } /* * We need to remember some data on the context_handle. */ - kret = krb5_rd_req_out_get_ap_req_options(_gsskrb5_context, out, + kret = krb5_rd_req_out_get_ap_req_options(context, out, &ap_options); if (kret == 0) - kret = krb5_rd_req_out_get_ticket(_gsskrb5_context, out, + kret = krb5_rd_req_out_get_ticket(context, out, &ctx->ticket); if (kret == 0) - kret = krb5_rd_req_out_get_keyblock(_gsskrb5_context, out, + kret = krb5_rd_req_out_get_keyblock(context, out, &ctx->service_keyblock); ctx->lifetime = ctx->ticket->ticket.endtime; - krb5_rd_req_out_ctx_free(_gsskrb5_context, out); + krb5_rd_req_out_ctx_free(context, out); if (kret) { ret = GSS_S_FAILURE; *minor_status = kret; - _gsskrb5_set_error_string (); return ret; } } @@ -353,22 +353,20 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, * We need to copy the principal names to the context and the * calling layer. */ - kret = krb5_copy_principal(_gsskrb5_context, + kret = krb5_copy_principal(context, ctx->ticket->client, &ctx->source); if (kret) { ret = GSS_S_FAILURE; *minor_status = kret; - _gsskrb5_set_error_string (); } - kret = krb5_copy_principal(_gsskrb5_context, + kret = krb5_copy_principal(context, ctx->ticket->server, &ctx->target); if (kret) { ret = GSS_S_FAILURE; *minor_status = kret; - _gsskrb5_set_error_string (); return ret; } @@ -376,18 +374,17 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, * We need to setup some compat stuff, this assumes that * context_handle->target is already set. */ - ret = _gss_DES3_get_mic_compat(minor_status, ctx); + ret = _gss_DES3_get_mic_compat(minor_status, ctx, context); if (ret) return ret; if (src_name != NULL) { - kret = krb5_copy_principal (_gsskrb5_context, + kret = krb5_copy_principal (context, ctx->ticket->client, (gsskrb5_name*)src_name); if (kret) { ret = GSS_S_FAILURE; *minor_status = kret; - _gsskrb5_set_error_string (); return ret; } } @@ -398,13 +395,12 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, { krb5_authenticator authenticator; - kret = krb5_auth_con_getauthenticator(_gsskrb5_context, + kret = krb5_auth_con_getauthenticator(context, ctx->auth_context, &authenticator); if(kret) { ret = GSS_S_FAILURE; *minor_status = kret; - _gsskrb5_set_error_string (); return ret; } @@ -415,22 +411,21 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, &ctx->flags, &ctx->fwd_data); - krb5_free_authenticator(_gsskrb5_context, &authenticator); + krb5_free_authenticator(context, &authenticator); if (ret) { return ret; } } else { krb5_crypto crypto; - kret = krb5_crypto_init(_gsskrb5_context, + kret = krb5_crypto_init(context, ctx->auth_context->keyblock, 0, &crypto); if(kret) { - krb5_free_authenticator(_gsskrb5_context, &authenticator); + krb5_free_authenticator(context, &authenticator); ret = GSS_S_FAILURE; *minor_status = kret; - _gsskrb5_set_error_string (); return ret; } @@ -439,16 +434,15 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, * GSSAPI checksum here */ - kret = krb5_verify_checksum(_gsskrb5_context, + kret = krb5_verify_checksum(context, crypto, KRB5_KU_AP_REQ_AUTH_CKSUM, NULL, 0, authenticator->cksum); - krb5_free_authenticator(_gsskrb5_context, &authenticator); - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_free_authenticator(context, &authenticator); + krb5_crypto_destroy(context, crypto); if(kret) { ret = GSS_S_BAD_SIG; *minor_status = kret; - _gsskrb5_set_error_string (); return ret; } @@ -467,23 +461,22 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, if (is_cfx != 0 || (ap_options & AP_OPTS_USE_SUBKEY)) { - kret = krb5_auth_con_addflags(_gsskrb5_context, + kret = krb5_auth_con_addflags(context, ctx->auth_context, KRB5_AUTH_CONTEXT_USE_SUBKEY, NULL); ctx->more_flags |= ACCEPTOR_SUBKEY; } - kret = krb5_mk_rep(_gsskrb5_context, + kret = krb5_mk_rep(context, ctx->auth_context, &outbuf); if (kret) { *minor_status = kret; - _gsskrb5_set_error_string (); return GSS_S_FAILURE; } - if (ctx->flags & GSS_C_DCE_STYLE) { + if (IS_DCE_STYLE(ctx)) { output_token->length = outbuf.length; output_token->value = outbuf.data; } else { @@ -510,6 +503,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, if (time_rec) { ret = _gsskrb5_lifetime_left(minor_status, + context, ctx->lifetime, time_rec); if (ret) { @@ -521,7 +515,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, * When GSS_C_DCE_STYLE is in use, we need ask for a AP-REP from * the client. */ - if (ctx->flags & GSS_C_DCE_STYLE) { + if (IS_DCE_STYLE(ctx)) { /* * Return flags to caller, but we haven't processed * delgations yet @@ -533,7 +527,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, return GSS_S_CONTINUE_NEEDED; } - ret = gsskrb5_acceptor_ready(minor_status, ctx, delegated_cred_handle); + ret = gsskrb5_acceptor_ready(minor_status, ctx, context, + delegated_cred_handle); if (ret_flags) *ret_flags = ctx->flags; @@ -544,6 +539,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, static OM_uint32 acceptor_wait_for_dcestyle(OM_uint32 * minor_status, gsskrb5_ctx ctx, + krb5_context context, const gss_cred_id_t acceptor_cred_handle, const gss_buffer_t input_token_buffer, const gss_channel_bindings_t input_chan_bindings, @@ -572,29 +568,26 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, * the remote seq_number to the old value */ { - kret = krb5_auth_con_getlocalseqnumber(_gsskrb5_context, + kret = krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &l_seq_number); if (kret) { - _gsskrb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } - kret = krb5_auth_getremoteseqnumber(_gsskrb5_context, + kret = krb5_auth_getremoteseqnumber(context, ctx->auth_context, &r_seq_number); if (kret) { - _gsskrb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } - kret = krb5_auth_con_setremoteseqnumber(_gsskrb5_context, + kret = krb5_auth_con_setremoteseqnumber(context, ctx->auth_context, l_seq_number); if (kret) { - _gsskrb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -609,19 +602,18 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, krb5_ap_rep_enc_part *repl; int32_t auth_flags; - krb5_auth_con_removeflags(_gsskrb5_context, + krb5_auth_con_removeflags(context, ctx->auth_context, KRB5_AUTH_CONTEXT_DO_TIME, &auth_flags); - kret = krb5_rd_rep(_gsskrb5_context, ctx->auth_context, &inbuf, &repl); + kret = krb5_rd_rep(context, ctx->auth_context, &inbuf, &repl); if (kret) { - _gsskrb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } - krb5_free_ap_rep_enc_part(_gsskrb5_context, repl); - krb5_auth_con_setflags(_gsskrb5_context, ctx->auth_context, auth_flags); + krb5_free_ap_rep_enc_part(context, repl); + krb5_auth_con_setflags(context, ctx->auth_context, auth_flags); } /* We need to check the liftime */ @@ -629,6 +621,7 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, OM_uint32 lifetime_rec; ret = _gsskrb5_lifetime_left(minor_status, + context, ctx->lifetime, &lifetime_rec); if (ret) { @@ -645,12 +638,11 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, if (ret_flags) *ret_flags = ctx->flags; if (src_name) { - kret = krb5_copy_principal(_gsskrb5_context, + kret = krb5_copy_principal(context, ctx->source, (gsskrb5_name*)src_name); if (kret) { *minor_status = kret; - _gsskrb5_set_error_string (); return GSS_S_FAILURE; } } @@ -664,20 +656,19 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, { int32_t tmp_r_seq_number, tmp_l_seq_number; - kret = krb5_auth_getremoteseqnumber(_gsskrb5_context, + kret = krb5_auth_getremoteseqnumber(context, ctx->auth_context, &tmp_r_seq_number); if (kret) { - _gsskrb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } - kret = krb5_auth_con_getlocalseqnumber(_gsskrb5_context, + kret = krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &tmp_l_seq_number); if (kret) { - _gsskrb5_set_error_string (); + *minor_status = kret; return GSS_S_FAILURE; } @@ -695,17 +686,17 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, * the old one for the GSS_wrap() calls */ { - kret = krb5_auth_con_setremoteseqnumber(_gsskrb5_context, + kret = krb5_auth_con_setremoteseqnumber(context, ctx->auth_context, r_seq_number); if (kret) { - _gsskrb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } } - return gsskrb5_acceptor_ready(minor_status, ctx, delegated_cred_handle); + return gsskrb5_acceptor_ready(minor_status, ctx, context, + delegated_cred_handle); } @@ -722,10 +713,11 @@ _gsskrb5_accept_sec_context(OM_uint32 * minor_status, OM_uint32 * time_rec, gss_cred_id_t * delegated_cred_handle) { + krb5_context context; OM_uint32 ret; gsskrb5_ctx ctx; - GSSAPI_KRB5_INIT(); + GSSAPI_KRB5_INIT(&context); output_token->length = 0; output_token->value = NULL; @@ -738,6 +730,7 @@ _gsskrb5_accept_sec_context(OM_uint32 * minor_status, if (*context_handle == GSS_C_NO_CONTEXT) { ret = _gsskrb5_create_ctx(minor_status, context_handle, + context, input_chan_bindings, ACCEPTOR_START); if (ret) @@ -758,6 +751,7 @@ _gsskrb5_accept_sec_context(OM_uint32 * minor_status, case ACCEPTOR_START: ret = gsskrb5_acceptor_start(minor_status, ctx, + context, acceptor_cred_handle, input_token_buffer, input_chan_bindings, @@ -771,6 +765,7 @@ _gsskrb5_accept_sec_context(OM_uint32 * minor_status, case ACCEPTOR_WAIT_FOR_DCESTYLE: ret = acceptor_wait_for_dcestyle(minor_status, ctx, + context, acceptor_cred_handle, input_token_buffer, input_chan_bindings, diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c index df6e137402..e811a99a8b 100644 --- a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c @@ -33,13 +33,14 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: acquire_cred.c,v 1.31 2006/10/07 22:13:55 lha Exp $"); +RCSID("$Id: acquire_cred.c,v 1.33 2006/11/20 18:09:30 lha Exp $"); OM_uint32 __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, - krb5_ccache id, - krb5_principal principal, - OM_uint32 *lifetime) + krb5_context context, + krb5_ccache id, + krb5_principal principal, + OM_uint32 *lifetime) { krb5_creds in_cred, *out_cred; krb5_const_realm realm; @@ -48,32 +49,30 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, memset(&in_cred, 0, sizeof(in_cred)); in_cred.client = principal; - realm = krb5_principal_get_realm(_gsskrb5_context, principal); + realm = krb5_principal_get_realm(context, principal); if (realm == NULL) { _gsskrb5_clear_status (); *minor_status = KRB5_PRINC_NOMATCH; /* XXX */ return GSS_S_FAILURE; } - kret = krb5_make_principal(_gsskrb5_context, &in_cred.server, + kret = krb5_make_principal(context, &in_cred.server, realm, KRB5_TGS_NAME, realm, NULL); if (kret) { - _gsskrb5_set_error_string(); *minor_status = kret; return GSS_S_FAILURE; } - kret = krb5_get_credentials(_gsskrb5_context, 0, + kret = krb5_get_credentials(context, 0, id, &in_cred, &out_cred); - krb5_free_principal(_gsskrb5_context, in_cred.server); + krb5_free_principal(context, in_cred.server); if (kret) { - _gsskrb5_set_error_string(); *minor_status = kret; return GSS_S_FAILURE; } *lifetime = out_cred->times.endtime; - krb5_free_creds(_gsskrb5_context, out_cred); + krb5_free_creds(context, out_cred); return GSS_S_COMPLETE; } @@ -82,7 +81,7 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, static krb5_error_code -get_keytab(krb5_keytab *keytab) +get_keytab(krb5_context context, krb5_keytab *keytab) { char kt_name[256]; krb5_error_code kret; @@ -90,13 +89,13 @@ get_keytab(krb5_keytab *keytab) HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex); if (_gsskrb5_keytab != NULL) { - kret = krb5_kt_get_name(_gsskrb5_context, + kret = krb5_kt_get_name(context, _gsskrb5_keytab, kt_name, sizeof(kt_name)); if (kret == 0) - kret = krb5_kt_resolve(_gsskrb5_context, kt_name, keytab); + kret = krb5_kt_resolve(context, kt_name, keytab); } else - kret = krb5_kt_default(_gsskrb5_context, keytab); + kret = krb5_kt_default(context, keytab); HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); @@ -105,6 +104,7 @@ get_keytab(krb5_keytab *keytab) static OM_uint32 acquire_initiator_cred (OM_uint32 * minor_status, + krb5_context context, const gss_name_t desired_name, OM_uint32 time_req, const gss_OID_set desired_mechs, @@ -132,33 +132,33 @@ static OM_uint32 acquire_initiator_cred * caches, otherwise, fall back to default cache. Ignore * errors. */ if (handle->principal) - kret = krb5_cc_cache_match (_gsskrb5_context, + kret = krb5_cc_cache_match (context, handle->principal, NULL, &ccache); if (ccache == NULL) { - kret = krb5_cc_default(_gsskrb5_context, &ccache); + kret = krb5_cc_default(context, &ccache); if (kret) goto end; } - kret = krb5_cc_get_principal(_gsskrb5_context, ccache, + kret = krb5_cc_get_principal(context, ccache, &def_princ); if (kret != 0) { /* we'll try to use a keytab below */ - krb5_cc_destroy(_gsskrb5_context, ccache); + krb5_cc_destroy(context, ccache); ccache = NULL; kret = 0; } else if (handle->principal == NULL) { - kret = krb5_copy_principal(_gsskrb5_context, def_princ, + kret = krb5_copy_principal(context, def_princ, &handle->principal); if (kret) goto end; } else if (handle->principal != NULL && - krb5_principal_compare(_gsskrb5_context, handle->principal, + krb5_principal_compare(context, handle->principal, def_princ) == FALSE) { /* Before failing, lets check the keytab */ - krb5_free_principal(_gsskrb5_context, def_princ); + krb5_free_principal(context, def_princ); def_princ = NULL; } if (def_princ == NULL) { @@ -166,30 +166,30 @@ static OM_uint32 acquire_initiator_cred * so attempt to get a TGT using a keytab. */ if (handle->principal == NULL) { - kret = krb5_get_default_principal(_gsskrb5_context, + kret = krb5_get_default_principal(context, &handle->principal); if (kret) goto end; } - kret = get_keytab(&keytab); + kret = get_keytab(context, &keytab); if (kret) goto end; - kret = krb5_get_init_creds_opt_alloc(_gsskrb5_context, &opt); + kret = krb5_get_init_creds_opt_alloc(context, &opt); if (kret) goto end; - kret = krb5_get_init_creds_keytab(_gsskrb5_context, &cred, + kret = krb5_get_init_creds_keytab(context, &cred, handle->principal, keytab, 0, NULL, opt); - krb5_get_init_creds_opt_free(opt); + krb5_get_init_creds_opt_free(context, opt); if (kret) goto end; - kret = krb5_cc_gen_new(_gsskrb5_context, &krb5_mcc_ops, + kret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache); if (kret) goto end; - kret = krb5_cc_initialize(_gsskrb5_context, ccache, cred.client); + kret = krb5_cc_initialize(context, ccache, cred.client); if (kret) goto end; - kret = krb5_cc_store_cred(_gsskrb5_context, ccache, &cred); + kret = krb5_cc_store_cred(context, ccache, &cred); if (kret) goto end; handle->lifetime = cred.times.endtime; @@ -197,9 +197,10 @@ static OM_uint32 acquire_initiator_cred } else { ret = __gsskrb5_ccache_lifetime(minor_status, - ccache, - handle->principal, - &handle->lifetime); + context, + ccache, + handle->principal, + &handle->lifetime); if (ret != GSS_S_COMPLETE) goto end; kret = 0; @@ -210,17 +211,16 @@ static OM_uint32 acquire_initiator_cred end: if (cred.client != NULL) - krb5_free_cred_contents(_gsskrb5_context, &cred); + krb5_free_cred_contents(context, &cred); if (def_princ != NULL) - krb5_free_principal(_gsskrb5_context, def_princ); + krb5_free_principal(context, def_princ); if (keytab != NULL) - krb5_kt_close(_gsskrb5_context, keytab); + krb5_kt_close(context, keytab); if (ret != GSS_S_COMPLETE) { if (ccache != NULL) - krb5_cc_close(_gsskrb5_context, ccache); + krb5_cc_close(context, ccache); if (kret != 0) { *minor_status = kret; - _gsskrb5_set_error_string (); } } return (ret); @@ -228,6 +228,7 @@ end: static OM_uint32 acquire_acceptor_cred (OM_uint32 * minor_status, + krb5_context context, const gss_name_t desired_name, OM_uint32 time_req, const gss_OID_set desired_mechs, @@ -242,7 +243,7 @@ static OM_uint32 acquire_acceptor_cred kret = 0; ret = GSS_S_FAILURE; - kret = get_keytab(&handle->keytab); + kret = get_keytab(context, &handle->keytab); if (kret) goto end; @@ -250,21 +251,20 @@ static OM_uint32 acquire_acceptor_cred if (handle->principal) { krb5_keytab_entry entry; - kret = krb5_kt_get_entry(_gsskrb5_context, handle->keytab, + kret = krb5_kt_get_entry(context, handle->keytab, handle->principal, 0, 0, &entry); if (kret) goto end; - krb5_kt_free_entry(_gsskrb5_context, &entry); + krb5_kt_free_entry(context, &entry); } ret = GSS_S_COMPLETE; end: if (ret != GSS_S_COMPLETE) { if (handle->keytab != NULL) - krb5_kt_close(_gsskrb5_context, handle->keytab); + krb5_kt_close(context, handle->keytab); if (kret != 0) { *minor_status = kret; - _gsskrb5_set_error_string (); } } return (ret); @@ -281,6 +281,7 @@ OM_uint32 _gsskrb5_acquire_cred OM_uint32 * time_rec ) { + krb5_context context; gsskrb5_cred handle; OM_uint32 ret; @@ -289,7 +290,7 @@ OM_uint32 _gsskrb5_acquire_cred return GSS_S_FAILURE; } - GSSAPI_KRB5_INIT (); + GSSAPI_KRB5_INIT(&context); *output_cred_handle = NULL; if (time_rec) @@ -320,31 +321,33 @@ OM_uint32 _gsskrb5_acquire_cred if (desired_name != GSS_C_NO_NAME) { krb5_principal name = (krb5_principal)desired_name; - ret = krb5_copy_principal(_gsskrb5_context, name, &handle->principal); + ret = krb5_copy_principal(context, name, &handle->principal); if (ret) { HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); - _gsskrb5_set_error_string(); *minor_status = ret; free(handle); return GSS_S_FAILURE; } } if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) { - ret = acquire_initiator_cred(minor_status, desired_name, time_req, - desired_mechs, cred_usage, handle, actual_mechs, time_rec); + ret = acquire_initiator_cred(minor_status, context, + desired_name, time_req, + desired_mechs, cred_usage, handle, + actual_mechs, time_rec); if (ret != GSS_S_COMPLETE) { HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); - krb5_free_principal(_gsskrb5_context, handle->principal); + krb5_free_principal(context, handle->principal); free(handle); return (ret); } } if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) { - ret = acquire_acceptor_cred(minor_status, desired_name, time_req, + ret = acquire_acceptor_cred(minor_status, context, + desired_name, time_req, desired_mechs, cred_usage, handle, actual_mechs, time_rec); if (ret != GSS_S_COMPLETE) { HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); - krb5_free_principal(_gsskrb5_context, handle->principal); + krb5_free_principal(context, handle->principal); free(handle); return (ret); } @@ -360,15 +363,16 @@ OM_uint32 _gsskrb5_acquire_cred if (handle->mechanisms != NULL) _gsskrb5_release_oid_set(NULL, &handle->mechanisms); HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); - krb5_free_principal(_gsskrb5_context, handle->principal); + krb5_free_principal(context, handle->principal); free(handle); return (ret); } *minor_status = 0; if (time_rec) { ret = _gsskrb5_lifetime_left(minor_status, - handle->lifetime, - time_rec); + context, + handle->lifetime, + time_rec); if (ret) return ret; diff --git a/source4/heimdal/lib/gssapi/krb5/add_cred.c b/source4/heimdal/lib/gssapi/krb5/add_cred.c index 4892e84798..3b0272af80 100644 --- a/source4/heimdal/lib/gssapi/krb5/add_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/add_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: add_cred.c,v 1.9 2006/10/07 22:13:58 lha Exp $"); +RCSID("$Id: add_cred.c,v 1.10 2006/11/13 18:01:01 lha Exp $"); OM_uint32 _gsskrb5_add_cred ( OM_uint32 *minor_status, @@ -48,6 +48,7 @@ OM_uint32 _gsskrb5_add_cred ( OM_uint32 *initiator_time_rec, OM_uint32 *acceptor_time_rec) { + krb5_context context; OM_uint32 ret, lifetime; gsskrb5_cred cred, handle; krb5_const_principal dname; @@ -56,6 +57,8 @@ OM_uint32 _gsskrb5_add_cred ( cred = (gsskrb5_cred)input_cred_handle; dname = (krb5_const_principal)desired_name; + GSSAPI_KRB5_INIT (&context); + if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) { *minor_status = 0; return GSS_S_BAD_MECH; @@ -83,7 +86,7 @@ OM_uint32 _gsskrb5_add_cred ( /* check that we have the same name */ if (dname != NULL && - krb5_principal_compare(_gsskrb5_context, dname, + krb5_principal_compare(context, dname, cred->principal) != FALSE) { if (output_cred_handle) HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); @@ -112,7 +115,7 @@ OM_uint32 _gsskrb5_add_cred ( ret = GSS_S_FAILURE; - kret = krb5_copy_principal(_gsskrb5_context, cred->principal, + kret = krb5_copy_principal(context, cred->principal, &handle->principal); if (kret) { HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); @@ -127,7 +130,7 @@ OM_uint32 _gsskrb5_add_cred ( ret = GSS_S_FAILURE; - kret = krb5_kt_get_type(_gsskrb5_context, cred->keytab, + kret = krb5_kt_get_type(context, cred->keytab, name, KRB5_KT_PREFIX_MAX_LEN); if (kret) { *minor_status = kret; @@ -136,7 +139,7 @@ OM_uint32 _gsskrb5_add_cred ( len = strlen(name); name[len++] = ':'; - kret = krb5_kt_get_name(_gsskrb5_context, cred->keytab, + kret = krb5_kt_get_name(context, cred->keytab, name + len, sizeof(name) - len); if (kret) { @@ -144,7 +147,7 @@ OM_uint32 _gsskrb5_add_cred ( goto failure; } - kret = krb5_kt_resolve(_gsskrb5_context, name, + kret = krb5_kt_resolve(context, name, &handle->keytab); if (kret){ *minor_status = kret; @@ -158,21 +161,21 @@ OM_uint32 _gsskrb5_add_cred ( ret = GSS_S_FAILURE; - type = krb5_cc_get_type(_gsskrb5_context, cred->ccache); + type = krb5_cc_get_type(context, cred->ccache); if (type == NULL){ *minor_status = ENOMEM; goto failure; } if (strcmp(type, "MEMORY") == 0) { - ret = krb5_cc_gen_new(_gsskrb5_context, &krb5_mcc_ops, + ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &handle->ccache); if (ret) { *minor_status = ret; goto failure; } - ret = krb5_cc_copy_cache(_gsskrb5_context, cred->ccache, + ret = krb5_cc_copy_cache(context, cred->ccache, handle->ccache); if (ret) { *minor_status = ret; @@ -180,7 +183,7 @@ OM_uint32 _gsskrb5_add_cred ( } } else { - name = krb5_cc_get_name(_gsskrb5_context, cred->ccache); + name = krb5_cc_get_name(context, cred->ccache); if (name == NULL) { *minor_status = ENOMEM; goto failure; @@ -192,7 +195,7 @@ OM_uint32 _gsskrb5_add_cred ( goto failure; } - kret = krb5_cc_resolve(_gsskrb5_context, type_name, + kret = krb5_cc_resolve(context, type_name, &handle->ccache); free(type_name); if (kret) { @@ -234,11 +237,11 @@ OM_uint32 _gsskrb5_add_cred ( if (handle) { if (handle->principal) - krb5_free_principal(_gsskrb5_context, handle->principal); + krb5_free_principal(context, handle->principal); if (handle->keytab) - krb5_kt_close(_gsskrb5_context, handle->keytab); + krb5_kt_close(context, handle->keytab); if (handle->ccache) - krb5_cc_destroy(_gsskrb5_context, handle->ccache); + krb5_cc_destroy(context, handle->ccache); if (handle->mechanisms) _gsskrb5_release_oid_set(NULL, &handle->mechanisms); free(handle); diff --git a/source4/heimdal/lib/gssapi/krb5/address_to_krb5addr.c b/source4/heimdal/lib/gssapi/krb5/address_to_krb5addr.c index 9aec53faaa..18a90fe9a7 100644 --- a/source4/heimdal/lib/gssapi/krb5/address_to_krb5addr.c +++ b/source4/heimdal/lib/gssapi/krb5/address_to_krb5addr.c @@ -36,7 +36,8 @@ #include krb5_error_code -_gsskrb5i_address_to_krb5addr(OM_uint32 gss_addr_type, +_gsskrb5i_address_to_krb5addr(krb5_context context, + OM_uint32 gss_addr_type, gss_buffer_desc *gss_addr, int16_t port, krb5_address *address) @@ -61,7 +62,7 @@ _gsskrb5i_address_to_krb5addr(OM_uint32 gss_addr_type, return GSS_S_FAILURE; } - problem = krb5_h_addr2sockaddr (_gsskrb5_context, + problem = krb5_h_addr2sockaddr (context, addr_type, gss_addr->value, &sa, @@ -70,7 +71,7 @@ _gsskrb5i_address_to_krb5addr(OM_uint32 gss_addr_type, if (problem) return GSS_S_FAILURE; - problem = krb5_sockaddr2address (_gsskrb5_context, &sa, address); + problem = krb5_sockaddr2address (context, &sa, address); return problem; } diff --git a/source4/heimdal/lib/gssapi/krb5/arcfour.c b/source4/heimdal/lib/gssapi/krb5/arcfour.c index 2c43ed8b32..d1bdbb641f 100644 --- a/source4/heimdal/lib/gssapi/krb5/arcfour.c +++ b/source4/heimdal/lib/gssapi/krb5/arcfour.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: arcfour.c,v 1.30 2006/11/07 19:05:16 lha Exp $"); +RCSID("$Id: arcfour.c,v 1.31 2006/11/13 18:01:08 lha Exp $"); /* * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt @@ -114,7 +114,8 @@ arcfour_mic_key(krb5_context context, krb5_keyblock *key, static krb5_error_code -arcfour_mic_cksum(krb5_keyblock *key, unsigned usage, +arcfour_mic_cksum(krb5_context context, + krb5_keyblock *key, unsigned usage, u_char *sgn_cksum, size_t sgn_cksum_sz, const u_char *v1, size_t l1, const void *v2, size_t l2, @@ -138,13 +139,13 @@ arcfour_mic_cksum(krb5_keyblock *key, unsigned usage, memcpy(ptr + l1, v2, l2); memcpy(ptr + l1 + l2, v3, l3); - ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { free(ptr); return ret; } - ret = krb5_create_checksum(_gsskrb5_context, + ret = krb5_create_checksum(context, crypto, usage, 0, @@ -155,7 +156,7 @@ arcfour_mic_cksum(krb5_keyblock *key, unsigned usage, memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz); free_Checksum(&CKSUM); } - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); return ret; } @@ -164,6 +165,7 @@ arcfour_mic_cksum(krb5_keyblock *key, unsigned usage, OM_uint32 _gssapi_get_mic_arcfour(OM_uint32 * minor_status, const gsskrb5_ctx context_handle, + krb5_context context, gss_qop_t qop_req, const gss_buffer_t message_buffer, gss_buffer_t message_token, @@ -200,7 +202,8 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status, p = NULL; - ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN, + ret = arcfour_mic_cksum(context, + key, KRB5_KU_USAGE_SIGN, p0 + 16, 8, /* SGN_CKSUM */ p0, 8, /* TOK_ID, SGN_ALG, Filer */ message_buffer->value, message_buffer->length, @@ -211,7 +214,7 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status, return GSS_S_FAILURE; } - ret = arcfour_mic_key(_gsskrb5_context, key, + ret = arcfour_mic_key(context, key, p0 + 16, 8, /* SGN_CKSUM */ k6_data, sizeof(k6_data)); if (ret) { @@ -221,13 +224,13 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status, } HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - krb5_auth_con_getlocalseqnumber (_gsskrb5_context, + krb5_auth_con_getlocalseqnumber (context, context_handle->auth_context, &seq_number); p = p0 + 8; /* SND_SEQ */ _gsskrb5_encode_be_om_uint32(seq_number, p); - krb5_auth_con_setlocalseqnumber (_gsskrb5_context, + krb5_auth_con_setlocalseqnumber (context, context_handle->auth_context, ++seq_number); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); @@ -248,6 +251,7 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status, OM_uint32 _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, const gsskrb5_ctx context_handle, + krb5_context context, const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, gss_qop_t * qop_state, @@ -279,7 +283,8 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, return GSS_S_BAD_MIC; p += 4; - ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN, + ret = arcfour_mic_cksum(context, + key, KRB5_KU_USAGE_SIGN, cksum_data, sizeof(cksum_data), p - 8, 8, message_buffer->value, message_buffer->length, @@ -289,7 +294,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, return GSS_S_FAILURE; } - ret = arcfour_mic_key(_gsskrb5_context, key, + ret = arcfour_mic_key(context, key, cksum_data, sizeof(cksum_data), k6_data, sizeof(k6_data)); if (ret) { @@ -339,6 +344,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, OM_uint32 _gssapi_wrap_arcfour(OM_uint32 * minor_status, const gsskrb5_ctx context_handle, + krb5_context context, int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, @@ -396,13 +402,13 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, p = NULL; HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - krb5_auth_con_getlocalseqnumber (_gsskrb5_context, + krb5_auth_con_getlocalseqnumber (context, context_handle->auth_context, &seq_number); _gsskrb5_encode_be_om_uint32(seq_number, p0 + 8); - krb5_auth_con_setlocalseqnumber (_gsskrb5_context, + krb5_auth_con_setlocalseqnumber (context, context_handle->auth_context, ++seq_number); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); @@ -420,7 +426,8 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, if (!IS_DCE_STYLE(context_handle)) p[input_message_buffer->length] = 1; /* padding */ - ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL, + ret = arcfour_mic_cksum(context, + key, KRB5_KU_USAGE_SEAL, p0 + 16, 8, /* SGN_CKSUM */ p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */ p0 + 24, 8, /* Confounder */ @@ -442,7 +449,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, for (i = 0; i < 16; i++) Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0; } - ret = arcfour_mic_key(_gsskrb5_context, &Klocal, + ret = arcfour_mic_key(context, &Klocal, p0 + 8, 4, /* SND_SEQ */ k6_data, sizeof(k6_data)); memset(Klocaldata, 0, sizeof(Klocaldata)); @@ -463,7 +470,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, } memset(k6_data, 0, sizeof(k6_data)); - ret = arcfour_mic_key(_gsskrb5_context, key, + ret = arcfour_mic_key(context, key, p0 + 16, 8, /* SGN_CKSUM */ k6_data, sizeof(k6_data)); if (ret) { @@ -490,6 +497,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, const gsskrb5_ctx context_handle, + krb5_context context, const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int *conf_state, @@ -562,7 +570,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, return GSS_S_BAD_MIC; p = NULL; - ret = arcfour_mic_key(_gsskrb5_context, key, + ret = arcfour_mic_key(context, key, p0 + 16, 8, /* SGN_CKSUM */ k6_data, sizeof(k6_data)); if (ret) { @@ -601,7 +609,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, for (i = 0; i < 16; i++) Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0; } - ret = arcfour_mic_key(_gsskrb5_context, &Klocal, + ret = arcfour_mic_key(context, &Klocal, SND_SEQ, 4, k6_data, sizeof(k6_data)); memset(Klocaldata, 0, sizeof(Klocaldata)); @@ -643,7 +651,8 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, output_message_buffer->length -= padlen; } - ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL, + ret = arcfour_mic_cksum(context, + key, KRB5_KU_USAGE_SEAL, cksum_data, sizeof(cksum_data), p0, 8, Confounder, sizeof(Confounder), @@ -721,6 +730,7 @@ max_wrap_length_arcfour(const gsskrb5_ctx ctx, OM_uint32 _gssapi_wrap_size_arcfour(OM_uint32 *minor_status, const gsskrb5_ctx ctx, + krb5_context context, int conf_req_flag, gss_qop_t qop_req, OM_uint32 req_output_size, @@ -730,9 +740,8 @@ _gssapi_wrap_size_arcfour(OM_uint32 *minor_status, krb5_error_code ret; krb5_crypto crypto; - ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; return GSS_S_FAILURE; } @@ -740,13 +749,12 @@ _gssapi_wrap_size_arcfour(OM_uint32 *minor_status, ret = max_wrap_length_arcfour(ctx, crypto, req_output_size, max_input_size); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); return GSS_S_COMPLETE; } diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.c b/source4/heimdal/lib/gssapi/krb5/cfx.c index cb3f9ee5d3..e75fe5da9d 100755 --- a/source4/heimdal/lib/gssapi/krb5/cfx.c +++ b/source4/heimdal/lib/gssapi/krb5/cfx.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: cfx.c,v 1.24 2006/10/24 21:13:22 lha Exp $"); +RCSID("$Id: cfx.c,v 1.25 2006/11/13 18:01:14 lha Exp $"); /* * Implementation of draft-ietf-krb-wg-gssapi-cfx-06.txt @@ -43,7 +43,8 @@ RCSID("$Id: cfx.c,v 1.24 2006/10/24 21:13:22 lha Exp $"); #define CFXAcceptorSubkey (1 << 2) krb5_error_code -_gsskrb5cfx_wrap_length_cfx(krb5_crypto crypto, +_gsskrb5cfx_wrap_length_cfx(krb5_context context, + krb5_crypto crypto, int conf_req_flag, size_t input_length, size_t *output_length, @@ -57,11 +58,11 @@ _gsskrb5cfx_wrap_length_cfx(krb5_crypto crypto, *output_length = sizeof(gss_cfx_wrap_token_desc); *padlength = 0; - ret = krb5_crypto_get_checksum_type(_gsskrb5_context, crypto, &type); + ret = krb5_crypto_get_checksum_type(context, crypto, &type); if (ret) return ret; - ret = krb5_checksumsize(_gsskrb5_context, type, cksumsize); + ret = krb5_checksumsize(context, type, cksumsize); if (ret) return ret; @@ -71,7 +72,7 @@ _gsskrb5cfx_wrap_length_cfx(krb5_crypto crypto, /* Header is concatenated with data before encryption */ input_length += sizeof(gss_cfx_wrap_token_desc); - ret = krb5_crypto_getpadsize(_gsskrb5_context, crypto, &padsize); + ret = krb5_crypto_getpadsize(context, crypto, &padsize); if (ret) { return ret; } @@ -83,7 +84,7 @@ _gsskrb5cfx_wrap_length_cfx(krb5_crypto crypto, input_length += *padlength; } - *output_length += krb5_get_wrapped_length(_gsskrb5_context, + *output_length += krb5_get_wrapped_length(context, crypto, input_length); } else { /* Checksum is concatenated with data */ @@ -96,7 +97,8 @@ _gsskrb5cfx_wrap_length_cfx(krb5_crypto crypto, } krb5_error_code -_gsskrb5cfx_max_wrap_length_cfx(krb5_crypto crypto, +_gsskrb5cfx_max_wrap_length_cfx(krb5_context context, + krb5_crypto crypto, int conf_req_flag, size_t input_length, OM_uint32 *output_length) @@ -116,7 +118,7 @@ _gsskrb5cfx_max_wrap_length_cfx(krb5_crypto crypto, wrapped_size = input_length + 1; do { wrapped_size--; - sz = krb5_get_wrapped_length(_gsskrb5_context, + sz = krb5_get_wrapped_length(context, crypto, wrapped_size); } while (wrapped_size && sz > input_length); if (wrapped_size == 0) { @@ -136,11 +138,11 @@ _gsskrb5cfx_max_wrap_length_cfx(krb5_crypto crypto, krb5_cksumtype type; size_t cksumsize; - ret = krb5_crypto_get_checksum_type(_gsskrb5_context, crypto, &type); + ret = krb5_crypto_get_checksum_type(context, crypto, &type); if (ret) return ret; - ret = krb5_checksumsize(_gsskrb5_context, type, &cksumsize); + ret = krb5_checksumsize(context, type, &cksumsize); if (ret) return ret; @@ -157,6 +159,7 @@ _gsskrb5cfx_max_wrap_length_cfx(krb5_crypto crypto, OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status, const gsskrb5_ctx context_handle, + krb5_context context, int conf_req_flag, gss_qop_t qop_req, OM_uint32 req_output_size, @@ -166,23 +169,21 @@ OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status, krb5_error_code ret; krb5_crypto crypto; - ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; return GSS_S_FAILURE; } - ret = _gsskrb5cfx_max_wrap_length_cfx(crypto, conf_req_flag, + ret = _gsskrb5cfx_max_wrap_length_cfx(context, crypto, conf_req_flag, req_output_size, max_input_size); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); return GSS_S_COMPLETE; } @@ -233,6 +234,7 @@ rrc_rotate(void *data, size_t len, uint16_t rrc, krb5_boolean unrotate) OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, const gsskrb5_ctx context_handle, + krb5_context context, int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, @@ -250,20 +252,19 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, int32_t seq_number; u_char *p; - ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; return GSS_S_FAILURE; } - ret = _gsskrb5cfx_wrap_length_cfx(crypto, conf_req_flag, + ret = _gsskrb5cfx_wrap_length_cfx(context, + crypto, conf_req_flag, input_message_buffer->length, &wrapped_len, &cksumsize, &padlength); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } @@ -274,7 +275,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, output_message_buffer->value = malloc(output_message_buffer->length); if (output_message_buffer->value == NULL) { *minor_status = ENOMEM; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } @@ -324,12 +325,12 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, token->RRC[1] = 0; HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - krb5_auth_con_getlocalseqnumber(_gsskrb5_context, + krb5_auth_con_getlocalseqnumber(context, context_handle->auth_context, &seq_number); _gsskrb5_encode_be_om_uint32(0, &token->SND_SEQ[0]); _gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]); - krb5_auth_con_setlocalseqnumber(_gsskrb5_context, + krb5_auth_con_setlocalseqnumber(context, context_handle->auth_context, ++seq_number); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); @@ -364,15 +365,14 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, memcpy(p + input_message_buffer->length + padlength, token, sizeof(*token)); - ret = krb5_encrypt(_gsskrb5_context, crypto, + ret = krb5_encrypt(context, crypto, usage, p, input_message_buffer->length + padlength + sizeof(*token), &cipher); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); _gsskrb5_release_buffer(minor_status, output_message_buffer); return GSS_S_FAILURE; } @@ -382,9 +382,8 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, ret = rrc_rotate(cipher.data, cipher.length, rrc, FALSE); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); _gsskrb5_release_buffer(minor_status, output_message_buffer); return GSS_S_FAILURE; } @@ -397,22 +396,21 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, buf = malloc(input_message_buffer->length + sizeof(*token)); if (buf == NULL) { *minor_status = ENOMEM; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); _gsskrb5_release_buffer(minor_status, output_message_buffer); return GSS_S_FAILURE; } memcpy(buf, input_message_buffer->value, input_message_buffer->length); memcpy(buf + input_message_buffer->length, token, sizeof(*token)); - ret = krb5_create_checksum(_gsskrb5_context, crypto, + ret = krb5_create_checksum(context, crypto, usage, 0, buf, input_message_buffer->length + sizeof(*token), &cksum); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); _gsskrb5_release_buffer(minor_status, output_message_buffer); free(buf); return GSS_S_FAILURE; @@ -434,9 +432,8 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, ret = rrc_rotate(p, input_message_buffer->length + cksum.checksum.length, rrc, FALSE); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); _gsskrb5_release_buffer(minor_status, output_message_buffer); free_Checksum(&cksum); return GSS_S_FAILURE; @@ -444,7 +441,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, free_Checksum(&cksum); } - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); if (conf_state != NULL) { *conf_state = conf_req_flag; @@ -456,6 +453,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, const gsskrb5_ctx context_handle, + krb5_context context, const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int *conf_state, @@ -539,9 +537,8 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, /* * Decrypt and/or verify checksum */ - ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; return GSS_S_FAILURE; } @@ -559,23 +556,22 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, /* Rotate by RRC; bogus to do this in-place XXX */ *minor_status = rrc_rotate(p, len, rrc, TRUE); if (*minor_status != 0) { - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } if (token_flags & CFXSealed) { - ret = krb5_decrypt(_gsskrb5_context, crypto, usage, + ret = krb5_decrypt(context, crypto, usage, p, len, &data); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); return GSS_S_BAD_MIC; } /* Check that there is room for the pad and token header */ if (data.length < ec + sizeof(*token)) { - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); krb5_data_free(&data); return GSS_S_DEFECTIVE_TOKEN; } @@ -588,7 +584,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, /* Check the integrity of the header */ if (memcmp(p, token, sizeof(*token)) != 0) { - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); krb5_data_free(&data); return GSS_S_BAD_MIC; } @@ -599,12 +595,11 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, Checksum cksum; /* Determine checksum type */ - ret = krb5_crypto_get_checksum_type(_gsskrb5_context, + ret = krb5_crypto_get_checksum_type(context, crypto, &cksum.cksumtype); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } @@ -613,7 +608,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, /* Check we have at least as much data as the checksum */ if (len < cksum.checksum.length) { *minor_status = ERANGE; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); return GSS_S_BAD_MIC; } @@ -625,7 +620,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, output_message_buffer->value = malloc(len + sizeof(*token)); if (output_message_buffer->value == NULL) { *minor_status = ENOMEM; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } @@ -642,21 +637,20 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, token->RRC[0] = 0; token->RRC[1] = 0; - ret = krb5_verify_checksum(_gsskrb5_context, crypto, + ret = krb5_verify_checksum(context, crypto, usage, output_message_buffer->value, len + sizeof(*token), &cksum); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); _gsskrb5_release_buffer(minor_status, output_message_buffer); return GSS_S_BAD_MIC; } } - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); if (qop_state != NULL) { *qop_state = GSS_C_QOP_DEFAULT; @@ -668,6 +662,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, const gsskrb5_ctx context_handle, + krb5_context context, gss_qop_t qop_req, const gss_buffer_t message_buffer, gss_buffer_t message_token, @@ -682,9 +677,8 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, size_t len; int32_t seq_number; - ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; return GSS_S_FAILURE; } @@ -693,7 +687,7 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, buf = malloc(len); if (buf == NULL) { *minor_status = ENOMEM; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } @@ -710,12 +704,12 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, memset(token->Filler, 0xFF, 5); HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - krb5_auth_con_getlocalseqnumber(_gsskrb5_context, + krb5_auth_con_getlocalseqnumber(context, context_handle->auth_context, &seq_number); _gsskrb5_encode_be_om_uint32(0, &token->SND_SEQ[0]); _gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]); - krb5_auth_con_setlocalseqnumber(_gsskrb5_context, + krb5_auth_con_setlocalseqnumber(context, context_handle->auth_context, ++seq_number); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); @@ -726,16 +720,15 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, usage = KRB5_KU_USAGE_ACCEPTOR_SIGN; } - ret = krb5_create_checksum(_gsskrb5_context, crypto, + ret = krb5_create_checksum(context, crypto, usage, 0, buf, len, &cksum); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); free(buf); return GSS_S_FAILURE; } - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); /* Determine MIC length */ message_token->length = sizeof(*token) + cksum.checksum.length; @@ -761,6 +754,7 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status, const gsskrb5_ctx context_handle, + krb5_context context, const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, gss_qop_t *qop_state, @@ -830,19 +824,17 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status, /* * Verify checksum */ - ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; return GSS_S_FAILURE; } - ret = krb5_crypto_get_checksum_type(_gsskrb5_context, crypto, + ret = krb5_crypto_get_checksum_type(context, crypto, &cksum.cksumtype); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } @@ -858,20 +850,19 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status, buf = malloc(message_buffer->length + sizeof(*token)); if (buf == NULL) { *minor_status = ENOMEM; - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } memcpy(buf, message_buffer->value, message_buffer->length); memcpy(buf + message_buffer->length, token, sizeof(*token)); - ret = krb5_verify_checksum(_gsskrb5_context, crypto, + ret = krb5_verify_checksum(context, crypto, usage, buf, sizeof(*token) + message_buffer->length, &cksum); - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); if (ret != 0) { - _gsskrb5_set_error_string(); *minor_status = ret; free(buf); return GSS_S_BAD_MIC; diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.h b/source4/heimdal/lib/gssapi/krb5/cfx.h index 1120544fbe..ce021aa099 100755 --- a/source4/heimdal/lib/gssapi/krb5/cfx.h +++ b/source4/heimdal/lib/gssapi/krb5/cfx.h @@ -30,7 +30,7 @@ * SUCH DAMAGE. */ -/* $Id: cfx.h,v 1.7 2006/07/19 14:16:33 lha Exp $ */ +/* $Id: cfx.h,v 1.8 2006/11/13 18:01:17 lha Exp $ */ #ifndef GSSAPI_CFX_H_ #define GSSAPI_CFX_H_ 1 @@ -62,19 +62,4 @@ typedef struct gss_cfx_delete_token_desc_struct { u_char SND_SEQ[8]; } gss_cfx_delete_token_desc, *gss_cfx_delete_token; -krb5_error_code -_gsskrb5cfx_wrap_length_cfx(krb5_crypto crypto, - int conf_req_flag, - size_t input_length, - size_t *output_length, - size_t *cksumsize, - uint16_t *padlength); - -krb5_error_code -_gsskrb5cfx_max_wrap_length_cfx(krb5_crypto crypto, - int conf_req_flag, - size_t input_length, - OM_uint32 *output_length); - - #endif /* GSSAPI_CFX_H_ */ diff --git a/source4/heimdal/lib/gssapi/krb5/compare_name.c b/source4/heimdal/lib/gssapi/krb5/compare_name.c index 3e0f7edfee..6b537468df 100644 --- a/source4/heimdal/lib/gssapi/krb5/compare_name.c +++ b/source4/heimdal/lib/gssapi/krb5/compare_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: compare_name.c,v 1.7 2006/10/07 22:14:15 lha Exp $"); +RCSID("$Id: compare_name.c,v 1.8 2006/11/13 18:01:20 lha Exp $"); OM_uint32 _gsskrb5_compare_name (OM_uint32 * minor_status, @@ -44,10 +44,11 @@ OM_uint32 _gsskrb5_compare_name { krb5_const_principal princ1 = (krb5_const_principal)name1; krb5_const_principal princ2 = (krb5_const_principal)name2; + krb5_context context; - GSSAPI_KRB5_INIT(); + GSSAPI_KRB5_INIT(&context); - *name_equal = krb5_principal_compare (_gsskrb5_context, + *name_equal = krb5_principal_compare (context, princ1, princ2); *minor_status = 0; return GSS_S_COMPLETE; diff --git a/source4/heimdal/lib/gssapi/krb5/compat.c b/source4/heimdal/lib/gssapi/krb5/compat.c index 0ea2fce0e8..3e64df03db 100644 --- a/source4/heimdal/lib/gssapi/krb5/compat.c +++ b/source4/heimdal/lib/gssapi/krb5/compat.c @@ -33,11 +33,12 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: compat.c,v 1.13 2006/10/07 22:14:17 lha Exp $"); +RCSID("$Id: compat.c,v 1.14 2006/11/13 18:01:23 lha Exp $"); static krb5_error_code -check_compat(OM_uint32 *minor_status, krb5_const_principal name, +check_compat(OM_uint32 *minor_status, + krb5_context context, krb5_const_principal name, const char *option, krb5_boolean *compat, krb5_boolean match_val) { @@ -46,27 +47,27 @@ check_compat(OM_uint32 *minor_status, krb5_const_principal name, krb5_principal match; - p = krb5_config_get_strings(_gsskrb5_context, NULL, "gssapi", + p = krb5_config_get_strings(context, NULL, "gssapi", option, NULL); if(p == NULL) return 0; match = NULL; for(q = p; *q; q++) { - ret = krb5_parse_name(_gsskrb5_context, *q, &match); + ret = krb5_parse_name(context, *q, &match); if (ret) break; - if (krb5_principal_match(_gsskrb5_context, name, match)) { + if (krb5_principal_match(context, name, match)) { *compat = match_val; break; } - krb5_free_principal(_gsskrb5_context, match); + krb5_free_principal(context, match); match = NULL; } if (match) - krb5_free_principal(_gsskrb5_context, match); + krb5_free_principal(context, match); krb5_config_free_strings(p); if (ret) { @@ -83,17 +84,19 @@ check_compat(OM_uint32 *minor_status, krb5_const_principal name, */ OM_uint32 -_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gsskrb5_ctx ctx) +_gss_DES3_get_mic_compat(OM_uint32 *minor_status, + gsskrb5_ctx ctx, + krb5_context context) { krb5_boolean use_compat = FALSE; OM_uint32 ret; if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) { - ret = check_compat(minor_status, ctx->target, + ret = check_compat(minor_status, context, ctx->target, "broken_des3_mic", &use_compat, TRUE); if (ret) return ret; - ret = check_compat(minor_status, ctx->target, + ret = check_compat(minor_status, context, ctx->target, "correct_des3_mic", &use_compat, FALSE); if (ret) return ret; diff --git a/source4/heimdal/lib/gssapi/krb5/context_time.c b/source4/heimdal/lib/gssapi/krb5/context_time.c index 4e9d9f5d1d..9012dd0b7f 100644 --- a/source4/heimdal/lib/gssapi/krb5/context_time.c +++ b/source4/heimdal/lib/gssapi/krb5/context_time.c @@ -33,12 +33,13 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: context_time.c,v 1.13 2006/10/07 22:14:19 lha Exp $"); +RCSID("$Id: context_time.c,v 1.14 2006/11/13 18:01:26 lha Exp $"); OM_uint32 _gsskrb5_lifetime_left(OM_uint32 *minor_status, - OM_uint32 lifetime, - OM_uint32 *lifetime_rec) + krb5_context context, + OM_uint32 lifetime, + OM_uint32 *lifetime_rec) { krb5_timestamp timeret; krb5_error_code kret; @@ -48,10 +49,9 @@ _gsskrb5_lifetime_left(OM_uint32 *minor_status, return GSS_S_COMPLETE; } - kret = krb5_timeofday(_gsskrb5_context, &timeret); + kret = krb5_timeofday(context, &timeret); if (kret) { *minor_status = kret; - _gsskrb5_set_error_string (); return GSS_S_FAILURE; } @@ -70,17 +70,19 @@ OM_uint32 _gsskrb5_context_time OM_uint32 * time_rec ) { + krb5_context context; OM_uint32 lifetime; OM_uint32 major_status; const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; - GSSAPI_KRB5_INIT (); + GSSAPI_KRB5_INIT (&context); HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); lifetime = ctx->lifetime; HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - major_status = _gsskrb5_lifetime_left(minor_status, lifetime, time_rec); + major_status = _gsskrb5_lifetime_left(minor_status, context, + lifetime, time_rec); if (major_status != GSS_S_COMPLETE) return major_status; diff --git a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c index 91d21a1aec..4387a4e6ef 100644 --- a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c +++ b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c @@ -33,11 +33,12 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: copy_ccache.c,v 1.16 2006/11/08 02:42:50 lha Exp $"); +RCSID("$Id: copy_ccache.c,v 1.17 2006/11/13 18:01:29 lha Exp $"); #if 0 OM_uint32 gss_krb5_copy_ccache(OM_uint32 *minor_status, + krb5_context context, gss_cred_id_t cred, krb5_ccache out) { @@ -51,11 +52,10 @@ gss_krb5_copy_ccache(OM_uint32 *minor_status, return GSS_S_FAILURE; } - kret = krb5_cc_copy_cache(_gsskrb5_context, cred->ccache, out); + kret = krb5_cc_copy_cache(context, cred->ccache, out); HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); if (kret) { *minor_status = kret; - _gsskrb5_set_error_string (); return GSS_S_FAILURE; } *minor_status = 0; @@ -71,13 +71,14 @@ _gsskrb5_import_cred(OM_uint32 *minor_status, krb5_keytab keytab, gss_cred_id_t *cred) { + krb5_context context; krb5_error_code kret; gsskrb5_cred handle; OM_uint32 ret; *cred = NULL; - GSSAPI_KRB5_INIT (); + GSSAPI_KRB5_INIT (&context); handle = calloc(1, sizeof(*handle)); if (handle == NULL) { @@ -94,11 +95,10 @@ _gsskrb5_import_cred(OM_uint32 *minor_status, handle->usage |= GSS_C_INITIATE; - kret = krb5_cc_get_principal(_gsskrb5_context, id, + kret = krb5_cc_get_principal(context, id, &handle->principal); if (kret) { free(handle); - _gsskrb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -106,11 +106,11 @@ _gsskrb5_import_cred(OM_uint32 *minor_status, if (keytab_principal) { krb5_boolean match; - match = krb5_principal_compare(_gsskrb5_context, + match = krb5_principal_compare(context, handle->principal, keytab_principal); if (match == FALSE) { - krb5_free_principal(_gsskrb5_context, handle->principal); + krb5_free_principal(context, handle->principal); free(handle); _gsskrb5_clear_status (); *minor_status = EINVAL; @@ -119,21 +119,22 @@ _gsskrb5_import_cred(OM_uint32 *minor_status, } ret = __gsskrb5_ccache_lifetime(minor_status, - id, - handle->principal, - &handle->lifetime); + context, + id, + handle->principal, + &handle->lifetime); if (ret != GSS_S_COMPLETE) { - krb5_free_principal(_gsskrb5_context, handle->principal); + krb5_free_principal(context, handle->principal); free(handle); return ret; } - kret = krb5_cc_get_full_name(_gsskrb5_context, id, &str); + kret = krb5_cc_get_full_name(context, id, &str); if (kret) goto out; - kret = krb5_cc_resolve(_gsskrb5_context, str, &handle->ccache); + kret = krb5_cc_resolve(context, str, &handle->ccache); free(str); if (kret) goto out; @@ -146,18 +147,18 @@ _gsskrb5_import_cred(OM_uint32 *minor_status, handle->usage |= GSS_C_ACCEPT; if (keytab_principal && handle->principal == NULL) { - kret = krb5_copy_principal(_gsskrb5_context, + kret = krb5_copy_principal(context, keytab_principal, &handle->principal); if (kret) goto out; } - kret = krb5_kt_get_full_name(_gsskrb5_context, keytab, &str); + kret = krb5_kt_get_full_name(context, keytab, &str); if (kret) goto out; - kret = krb5_kt_resolve(_gsskrb5_context, str, &handle->keytab); + kret = krb5_kt_resolve(context, str, &handle->keytab); free(str); if (kret) goto out; @@ -180,9 +181,8 @@ _gsskrb5_import_cred(OM_uint32 *minor_status, return GSS_S_COMPLETE; out: - _gsskrb5_set_error_string (); if (handle->principal) - krb5_free_principal(_gsskrb5_context, handle->principal); + krb5_free_principal(context, handle->principal); HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); free(handle); *minor_status = kret; diff --git a/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c b/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c index e890d7d2c2..c7f2ee262d 100644 --- a/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c @@ -33,16 +33,17 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: delete_sec_context.c,v 1.19 2006/10/07 22:14:28 lha Exp $"); +RCSID("$Id: delete_sec_context.c,v 1.20 2006/11/13 18:01:32 lha Exp $"); OM_uint32 _gsskrb5_delete_sec_context(OM_uint32 * minor_status, gss_ctx_id_t * context_handle, gss_buffer_t output_token) { + krb5_context context; gsskrb5_ctx ctx; - GSSAPI_KRB5_INIT (); + GSSAPI_KRB5_INIT (&context); *minor_status = 0; @@ -59,17 +60,17 @@ _gsskrb5_delete_sec_context(OM_uint32 * minor_status, HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); - krb5_auth_con_free (_gsskrb5_context, ctx->auth_context); + krb5_auth_con_free (context, ctx->auth_context); if(ctx->source) - krb5_free_principal (_gsskrb5_context, ctx->source); + krb5_free_principal (context, ctx->source); if(ctx->target) - krb5_free_principal (_gsskrb5_context, ctx->target); + krb5_free_principal (context, ctx->target); if (ctx->ticket) - krb5_free_ticket (_gsskrb5_context, ctx->ticket); + krb5_free_ticket (context, ctx->ticket); if(ctx->order) _gssapi_msg_order_destroy(&ctx->order); if (ctx->service_keyblock) - krb5_free_keyblock (_gsskrb5_context, ctx->service_keyblock); + krb5_free_keyblock (context, ctx->service_keyblock); krb5_data_free(&ctx->fwd_data); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); diff --git a/source4/heimdal/lib/gssapi/krb5/display_name.c b/source4/heimdal/lib/gssapi/krb5/display_name.c index 8fce7d8572..4956c2d77f 100644 --- a/source4/heimdal/lib/gssapi/krb5/display_name.c +++ b/source4/heimdal/lib/gssapi/krb5/display_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: display_name.c,v 1.12 2006/10/07 22:14:31 lha Exp $"); +RCSID("$Id: display_name.c,v 1.13 2006/11/13 18:01:36 lha Exp $"); OM_uint32 _gsskrb5_display_name (OM_uint32 * minor_status, @@ -42,16 +42,17 @@ OM_uint32 _gsskrb5_display_name gss_OID * output_name_type ) { + krb5_context context; krb5_const_principal name = (krb5_const_principal)input_name; krb5_error_code kret; char *buf; size_t len; - GSSAPI_KRB5_INIT (); - kret = krb5_unparse_name (_gsskrb5_context, name, &buf); + GSSAPI_KRB5_INIT (&context); + + kret = krb5_unparse_name (context, name, &buf); if (kret) { *minor_status = kret; - _gsskrb5_set_error_string (); return GSS_S_FAILURE; } len = strlen (buf); diff --git a/source4/heimdal/lib/gssapi/krb5/display_status.c b/source4/heimdal/lib/gssapi/krb5/display_status.c index 11926ca557..b0155a7fdf 100644 --- a/source4/heimdal/lib/gssapi/krb5/display_status.c +++ b/source4/heimdal/lib/gssapi/krb5/display_status.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: display_status.c,v 1.16 2006/10/07 22:14:33 lha Exp $"); +RCSID("$Id: display_status.c,v 1.17 2006/11/13 18:01:38 lha Exp $"); static const char * calling_error(OM_uint32 v) @@ -114,117 +114,87 @@ supplementary_error(OM_uint32 v) void _gsskrb5_clear_status (void) { - struct gssapi_thr_context *ctx = _gsskrb5_get_thread_context(1); - if (ctx == NULL) + krb5_context context; + + if (_gsskrb5_init (&context) != 0) return; - HEIMDAL_MUTEX_lock(&ctx->mutex); - if (ctx->error_string) - free(ctx->error_string); - ctx->error_string = NULL; - HEIMDAL_MUTEX_unlock(&ctx->mutex); + krb5_clear_error_string(context); } void _gsskrb5_set_status (const char *fmt, ...) { - struct gssapi_thr_context *ctx = _gsskrb5_get_thread_context(1); + krb5_context context; va_list args; + char *str; - if (ctx == NULL) + if (_gsskrb5_init (&context) != 0) return; - HEIMDAL_MUTEX_lock(&ctx->mutex); + va_start(args, fmt); - if (ctx->error_string) - free(ctx->error_string); - /* ignore failures, will use status code instead */ - vasprintf(&ctx->error_string, fmt, args); + vasprintf(&str, fmt, args); va_end(args); - HEIMDAL_MUTEX_unlock(&ctx->mutex); -} - -void -_gsskrb5_set_error_string (void) -{ - char *e; - - e = krb5_get_error_string(_gsskrb5_context); - if (e) { - _gsskrb5_set_status("%s", e); - krb5_free_error_string(_gsskrb5_context, e); - } else - _gsskrb5_clear_status(); -} - -char * -_gsskrb5_get_error_string (void) -{ - struct gssapi_thr_context *ctx = _gsskrb5_get_thread_context(0); - char *ret; - - if (ctx == NULL) - return NULL; - HEIMDAL_MUTEX_lock(&ctx->mutex); - ret = ctx->error_string; - ctx->error_string = NULL; - HEIMDAL_MUTEX_unlock(&ctx->mutex); - return ret; + if (str) { + krb5_set_error_string(context, str); + free(str); + } } OM_uint32 _gsskrb5_display_status - (OM_uint32 *minor_status, - OM_uint32 status_value, - int status_type, - const gss_OID mech_type, - OM_uint32 *message_context, - gss_buffer_t status_string) +(OM_uint32 *minor_status, + OM_uint32 status_value, + int status_type, + const gss_OID mech_type, + OM_uint32 *message_context, + gss_buffer_t status_string) { - char *buf; - - GSSAPI_KRB5_INIT (); - - status_string->length = 0; - status_string->value = NULL; - - if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 && - gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) { - *minor_status = 0; - return GSS_C_GSS_CODE; - } - - if (status_type == GSS_C_GSS_CODE) { - if (GSS_SUPPLEMENTARY_INFO(status_value)) - asprintf(&buf, "%s", - supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value))); - else - asprintf (&buf, "%s %s", - calling_error(GSS_CALLING_ERROR(status_value)), - routine_error(GSS_ROUTINE_ERROR(status_value))); - } else if (status_type == GSS_C_MECH_CODE) { - buf = _gsskrb5_get_error_string (); - if (buf == NULL) { - const char *tmp = krb5_get_err_text (_gsskrb5_context, - status_value); - if (tmp == NULL) - asprintf(&buf, "unknown mech error-code %u", - (unsigned)status_value); - else - buf = strdup(tmp); - } - } else { - *minor_status = EINVAL; - return GSS_S_BAD_STATUS; - } - - if (buf == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - *message_context = 0; - *minor_status = 0; - - status_string->length = strlen(buf); - status_string->value = buf; + krb5_context context; + char *buf; + + GSSAPI_KRB5_INIT (&context); + + status_string->length = 0; + status_string->value = NULL; + + if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 && + gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) { + *minor_status = 0; + return GSS_C_GSS_CODE; + } + + if (status_type == GSS_C_GSS_CODE) { + if (GSS_SUPPLEMENTARY_INFO(status_value)) + asprintf(&buf, "%s", + supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value))); + else + asprintf (&buf, "%s %s", + calling_error(GSS_CALLING_ERROR(status_value)), + routine_error(GSS_ROUTINE_ERROR(status_value))); + } else if (status_type == GSS_C_MECH_CODE) { + buf = krb5_get_error_string(context); + if (buf == NULL) { + const char *tmp = krb5_get_err_text (context, status_value); + if (tmp == NULL) + asprintf(&buf, "unknown mech error-code %u", + (unsigned)status_value); + else + buf = strdup(tmp); + } + } else { + *minor_status = EINVAL; + return GSS_S_BAD_STATUS; + } + + if (buf == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + *message_context = 0; + *minor_status = 0; + + status_string->length = strlen(buf); + status_string->value = buf; - return GSS_S_COMPLETE; + return GSS_S_COMPLETE; } diff --git a/source4/heimdal/lib/gssapi/krb5/duplicate_name.c b/source4/heimdal/lib/gssapi/krb5/duplicate_name.c index 475ae61efc..8375257180 100644 --- a/source4/heimdal/lib/gssapi/krb5/duplicate_name.c +++ b/source4/heimdal/lib/gssapi/krb5/duplicate_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: duplicate_name.c,v 1.10 2006/10/07 22:14:35 lha Exp $"); +RCSID("$Id: duplicate_name.c,v 1.11 2006/11/13 18:01:42 lha Exp $"); OM_uint32 _gsskrb5_duplicate_name ( OM_uint32 * minor_status, @@ -41,16 +41,16 @@ OM_uint32 _gsskrb5_duplicate_name ( gss_name_t * dest_name ) { + krb5_context context; krb5_const_principal src = (krb5_const_principal)src_name; krb5_principal *dest = (krb5_principal *)dest_name; krb5_error_code kret; - GSSAPI_KRB5_INIT (); + GSSAPI_KRB5_INIT (&context); - kret = krb5_copy_principal (_gsskrb5_context, src, dest); + kret = krb5_copy_principal (context, src, dest); if (kret) { *minor_status = kret; - _gsskrb5_set_error_string (); return GSS_S_FAILURE; } else { *minor_status = 0; diff --git a/source4/heimdal/lib/gssapi/krb5/export_name.c b/source4/heimdal/lib/gssapi/krb5/export_name.c index d00c458898..646fdafb7c 100644 --- a/source4/heimdal/lib/gssapi/krb5/export_name.c +++ b/source4/heimdal/lib/gssapi/krb5/export_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: export_name.c,v 1.8 2006/10/07 22:14:40 lha Exp $"); +RCSID("$Id: export_name.c,v 1.9 2006/11/13 18:01:50 lha Exp $"); OM_uint32 _gsskrb5_export_name (OM_uint32 * minor_status, @@ -41,16 +41,17 @@ OM_uint32 _gsskrb5_export_name gss_buffer_t exported_name ) { + krb5_context context; krb5_const_principal princ = (krb5_const_principal)input_name; krb5_error_code kret; char *buf, *name; size_t len; - GSSAPI_KRB5_INIT (); - kret = krb5_unparse_name (_gsskrb5_context, princ, &name); + GSSAPI_KRB5_INIT (&context); + + kret = krb5_unparse_name (context, princ, &name); if (kret) { *minor_status = kret; - _gsskrb5_set_error_string (); return GSS_S_FAILURE; } len = strlen (name); diff --git a/source4/heimdal/lib/gssapi/krb5/export_sec_context.c b/source4/heimdal/lib/gssapi/krb5/export_sec_context.c index aff03a0b67..ffa671a4a1 100644 --- a/source4/heimdal/lib/gssapi/krb5/export_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/export_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: export_sec_context.c,v 1.11 2006/10/07 22:14:42 lha Exp $"); +RCSID("$Id: export_sec_context.c,v 1.12 2006/11/13 18:01:55 lha Exp $"); OM_uint32 _gsskrb5_export_sec_context ( @@ -42,6 +42,7 @@ _gsskrb5_export_sec_context ( gss_buffer_t interprocess_token ) { + krb5_context context; const gsskrb5_ctx ctx = (const gsskrb5_ctx) *context_handle; krb5_storage *sp; krb5_auth_context ac; @@ -52,7 +53,7 @@ _gsskrb5_export_sec_context ( OM_uint32 minor; krb5_error_code kret; - GSSAPI_KRB5_INIT (); + GSSAPI_KRB5_INIT (&context); HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c index 0681bd4038..bf7f64cf20 100644 --- a/source4/heimdal/lib/gssapi/krb5/external.c +++ b/source4/heimdal/lib/gssapi/krb5/external.c @@ -34,7 +34,7 @@ #include "krb5/gsskrb5_locl.h" #include -RCSID("$Id: external.c,v 1.22 2006/11/08 23:00:20 lha Exp $"); +RCSID("$Id: external.c,v 1.23 2006/11/13 18:01:57 lha Exp $"); /* * The implementation must reserve static storage for a @@ -369,7 +369,7 @@ gss_OID GSS_SASL_DIGEST_MD5_MECHANISM = &gss_sasl_digest_md5_mechanism_desc; * Context for krb5 calls. */ -krb5_context _gsskrb5_context; +krb5_context context; /* * diff --git a/source4/heimdal/lib/gssapi/krb5/get_mic.c b/source4/heimdal/lib/gssapi/krb5/get_mic.c index 5a078d634d..790c9b6166 100644 --- a/source4/heimdal/lib/gssapi/krb5/get_mic.c +++ b/source4/heimdal/lib/gssapi/krb5/get_mic.c @@ -33,12 +33,13 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: get_mic.c,v 1.34 2006/10/18 15:59:23 lha Exp $"); +RCSID("$Id: get_mic.c,v 1.35 2006/11/13 18:02:00 lha Exp $"); static OM_uint32 mic_des (OM_uint32 * minor_status, const gsskrb5_ctx ctx, + krb5_context context, gss_qop_t qop_req, const gss_buffer_t message_buffer, gss_buffer_t message_token, @@ -94,9 +95,9 @@ mic_des HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); /* sequence number */ - krb5_auth_con_getlocalseqnumber (_gsskrb5_context, - ctx->auth_context, - &seq_number); + krb5_auth_con_getlocalseqnumber (context, + ctx->auth_context, + &seq_number); p -= 16; /* SND_SEQ */ p[0] = (seq_number >> 0) & 0xFF; @@ -111,7 +112,7 @@ mic_des DES_cbc_encrypt ((void *)p, (void *)p, 8, &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT); - krb5_auth_con_setlocalseqnumber (_gsskrb5_context, + krb5_auth_con_setlocalseqnumber (context, ctx->auth_context, ++seq_number); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); @@ -127,6 +128,7 @@ static OM_uint32 mic_des3 (OM_uint32 * minor_status, const gsskrb5_ctx ctx, + krb5_context context, gss_qop_t qop_req, const gss_buffer_t message_buffer, gss_buffer_t message_token, @@ -180,18 +182,17 @@ mic_des3 memcpy (tmp, p - 8, 8); memcpy (tmp + 8, message_buffer->value, message_buffer->length); - kret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + kret = krb5_crypto_init(context, key, 0, &crypto); if (kret) { free (message_token->value); message_token->value = NULL; message_token->length = 0; free (tmp); - _gsskrb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } - kret = krb5_create_checksum (_gsskrb5_context, + kret = krb5_create_checksum (context, crypto, KRB5_KU_USAGE_SIGN, 0, @@ -199,12 +200,11 @@ mic_des3 message_buffer->length + 8, &cksum); free (tmp); - krb5_crypto_destroy (_gsskrb5_context, crypto); + krb5_crypto_destroy (context, crypto); if (kret) { free (message_token->value); message_token->value = NULL; message_token->length = 0; - _gsskrb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -213,7 +213,7 @@ mic_des3 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); /* sequence number */ - krb5_auth_con_getlocalseqnumber (_gsskrb5_context, + krb5_auth_con_getlocalseqnumber (context, ctx->auth_context, &seq_number); @@ -225,13 +225,12 @@ mic_des3 (ctx->more_flags & LOCAL) ? 0 : 0xFF, 4); - kret = krb5_crypto_init(_gsskrb5_context, key, + kret = krb5_crypto_init(context, key, ETYPE_DES3_CBC_NONE, &crypto); if (kret) { free (message_token->value); message_token->value = NULL; message_token->length = 0; - _gsskrb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -241,16 +240,15 @@ mic_des3 else memcpy(ivec, p + 8, 8); - kret = krb5_encrypt_ivec (_gsskrb5_context, + kret = krb5_encrypt_ivec (context, crypto, KRB5_KU_USAGE_SEQ, seq, 8, &encdata, ivec); - krb5_crypto_destroy (_gsskrb5_context, crypto); + krb5_crypto_destroy (context, crypto); if (kret) { free (message_token->value); message_token->value = NULL; message_token->length = 0; - _gsskrb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -260,7 +258,7 @@ mic_des3 memcpy (p, encdata.data, encdata.length); krb5_data_free (&encdata); - krb5_auth_con_setlocalseqnumber (_gsskrb5_context, + krb5_auth_con_setlocalseqnumber (context, ctx->auth_context, ++seq_number); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); @@ -278,40 +276,42 @@ OM_uint32 _gsskrb5_get_mic gss_buffer_t message_token ) { + krb5_context context; const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; krb5_keyblock *key; OM_uint32 ret; krb5_keytype keytype; + GSSAPI_KRB5_INIT (&context); + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); - ret = _gsskrb5i_get_token_key(ctx, &key); + ret = _gsskrb5i_get_token_key(ctx, context, &key); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); if (ret) { - _gsskrb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } - krb5_enctype_to_keytype (_gsskrb5_context, key->keytype, &keytype); + krb5_enctype_to_keytype (context, key->keytype, &keytype); switch (keytype) { case KEYTYPE_DES : - ret = mic_des (minor_status, ctx, qop_req, + ret = mic_des (minor_status, ctx, context, qop_req, message_buffer, message_token, key); break; case KEYTYPE_DES3 : - ret = mic_des3 (minor_status, ctx, qop_req, + ret = mic_des3 (minor_status, ctx, context, qop_req, message_buffer, message_token, key); break; case KEYTYPE_ARCFOUR: case KEYTYPE_ARCFOUR_56: - ret = _gssapi_get_mic_arcfour (minor_status, ctx, qop_req, + ret = _gssapi_get_mic_arcfour (minor_status, ctx, context, qop_req, message_buffer, message_token, key); break; default : - ret = _gssapi_mic_cfx (minor_status, ctx, qop_req, + ret = _gssapi_mic_cfx (minor_status, ctx, context, qop_req, message_buffer, message_token, key); break; } - krb5_free_keyblock (_gsskrb5_context, key); + krb5_free_keyblock (context, key); return ret; } diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h index 426c0ab200..15bd5c77da 100644 --- a/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h +++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h @@ -10,6 +10,7 @@ __gss_krb5_initialize (void); OM_uint32 __gsskrb5_ccache_lifetime ( OM_uint32 */*minor_status*/, + krb5_context /*context*/, krb5_ccache /*id*/, krb5_principal /*principal*/, OM_uint32 */*lifetime*/); @@ -17,7 +18,8 @@ __gsskrb5_ccache_lifetime ( OM_uint32 _gss_DES3_get_mic_compat ( OM_uint32 */*minor_status*/, - gsskrb5_ctx /*ctx*/); + gsskrb5_ctx /*ctx*/, + krb5_context /*context*/); OM_uint32 _gssapi_decapsulate ( @@ -44,6 +46,7 @@ OM_uint32 _gssapi_get_mic_arcfour ( OM_uint32 * /*minor_status*/, const gsskrb5_ctx /*context_handle*/, + krb5_context /*context*/, gss_qop_t /*qop_req*/, const gss_buffer_t /*message_buffer*/, gss_buffer_t /*message_token*/, @@ -59,6 +62,7 @@ OM_uint32 _gssapi_mic_cfx ( OM_uint32 */*minor_status*/, const gsskrb5_ctx /*context_handle*/, + krb5_context /*context*/, gss_qop_t /*qop_req*/, const gss_buffer_t /*message_buffer*/, gss_buffer_t /*message_token*/, @@ -99,6 +103,7 @@ OM_uint32 _gssapi_unwrap_arcfour ( OM_uint32 */*minor_status*/, const gsskrb5_ctx /*context_handle*/, + krb5_context /*context*/, const gss_buffer_t /*input_message_buffer*/, gss_buffer_t /*output_message_buffer*/, int */*conf_state*/, @@ -109,6 +114,7 @@ OM_uint32 _gssapi_unwrap_cfx ( OM_uint32 */*minor_status*/, const gsskrb5_ctx /*context_handle*/, + krb5_context /*context*/, const gss_buffer_t /*input_message_buffer*/, gss_buffer_t /*output_message_buffer*/, int */*conf_state*/, @@ -125,6 +131,7 @@ OM_uint32 _gssapi_verify_mic_arcfour ( OM_uint32 * /*minor_status*/, const gsskrb5_ctx /*context_handle*/, + krb5_context /*context*/, const gss_buffer_t /*message_buffer*/, const gss_buffer_t /*token_buffer*/, gss_qop_t * /*qop_state*/, @@ -135,6 +142,7 @@ OM_uint32 _gssapi_verify_mic_cfx ( OM_uint32 */*minor_status*/, const gsskrb5_ctx /*context_handle*/, + krb5_context /*context*/, const gss_buffer_t /*message_buffer*/, const gss_buffer_t /*token_buffer*/, gss_qop_t */*qop_state*/, @@ -150,6 +158,7 @@ OM_uint32 _gssapi_wrap_arcfour ( OM_uint32 * /*minor_status*/, const gsskrb5_ctx /*context_handle*/, + krb5_context /*context*/, int /*conf_req_flag*/, gss_qop_t /*qop_req*/, const gss_buffer_t /*input_message_buffer*/, @@ -161,6 +170,7 @@ OM_uint32 _gssapi_wrap_cfx ( OM_uint32 */*minor_status*/, const gsskrb5_ctx /*context_handle*/, + krb5_context /*context*/, int /*conf_req_flag*/, gss_qop_t /*qop_req*/, const gss_buffer_t /*input_message_buffer*/, @@ -172,6 +182,7 @@ OM_uint32 _gssapi_wrap_size_arcfour ( OM_uint32 */*minor_status*/, const gsskrb5_ctx /*ctx*/, + krb5_context /*context*/, int /*conf_req_flag*/, gss_qop_t /*qop_req*/, OM_uint32 /*req_output_size*/, @@ -182,6 +193,7 @@ OM_uint32 _gssapi_wrap_size_cfx ( OM_uint32 */*minor_status*/, const gsskrb5_ctx /*context_handle*/, + krb5_context /*context*/, int /*conf_req_flag*/, gss_qop_t /*qop_req*/, OM_uint32 /*req_output_size*/, @@ -268,6 +280,7 @@ OM_uint32 _gsskrb5_create_ctx ( OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*context_handle*/, + krb5_context /*context*/, const gss_channel_bindings_t /*input_chan_bindings*/, enum gss_ctx_id_t_state /*state*/); @@ -359,9 +372,6 @@ _gsskrb5_export_sec_context ( gss_ctx_id_t * /*context_handle*/, gss_buffer_t interprocess_token ); -char * -_gsskrb5_get_error_string (void); - ssize_t _gsskrb5_get_mech ( const u_char */*ptr*/, @@ -376,9 +386,6 @@ _gsskrb5_get_mic ( const gss_buffer_t /*message_buffer*/, gss_buffer_t message_token ); -struct gssapi_thr_context * -_gsskrb5_get_thread_context (int /*createp*/); - OM_uint32 _gsskrb5_get_tkt_flags ( OM_uint32 */*minor_status*/, @@ -412,7 +419,7 @@ _gsskrb5_indicate_mechs ( gss_OID_set * mech_set ); krb5_error_code -_gsskrb5_init (void); +_gsskrb5_init (krb5_context */*context*/); OM_uint32 _gsskrb5_init_sec_context ( @@ -496,6 +503,7 @@ _gsskrb5_krb5_ccache_name ( OM_uint32 _gsskrb5_lifetime_left ( OM_uint32 */*minor_status*/, + krb5_context /*context*/, OM_uint32 /*lifetime*/, OM_uint32 */*lifetime_rec*/); @@ -552,9 +560,6 @@ _gsskrb5_set_cred_option ( const gss_OID /*desired_object*/, const gss_buffer_t /*value*/); -void -_gsskrb5_set_error_string (void); - OM_uint32 _gsskrb5_set_sec_context_option ( OM_uint32 */*minor_status*/, @@ -635,6 +640,7 @@ OM_uint32 _gsskrb5_verify_mic_internal ( OM_uint32 * /*minor_status*/, const gsskrb5_ctx /*context_handle*/, + krb5_context /*context*/, const gss_buffer_t /*message_buffer*/, const gss_buffer_t /*token_buffer*/, gss_qop_t * /*qop_state*/, @@ -661,6 +667,7 @@ _gsskrb5_wrap_size_limit ( krb5_error_code _gsskrb5cfx_max_wrap_length_cfx ( + krb5_context /*context*/, krb5_crypto /*crypto*/, int /*conf_req_flag*/, size_t /*input_length*/, @@ -668,6 +675,7 @@ _gsskrb5cfx_max_wrap_length_cfx ( krb5_error_code _gsskrb5cfx_wrap_length_cfx ( + krb5_context /*context*/, krb5_crypto /*crypto*/, int /*conf_req_flag*/, size_t /*input_length*/, @@ -677,6 +685,7 @@ _gsskrb5cfx_wrap_length_cfx ( krb5_error_code _gsskrb5i_address_to_krb5addr ( + krb5_context /*context*/, OM_uint32 /*gss_addr_type*/, gss_buffer_desc */*gss_addr*/, int16_t /*port*/, @@ -685,16 +694,19 @@ _gsskrb5i_address_to_krb5addr ( krb5_error_code _gsskrb5i_get_acceptor_subkey ( const gsskrb5_ctx /*ctx*/, + krb5_context /*context*/, krb5_keyblock **/*key*/); krb5_error_code _gsskrb5i_get_initiator_subkey ( const gsskrb5_ctx /*ctx*/, + krb5_context /*context*/, krb5_keyblock **/*key*/); OM_uint32 _gsskrb5i_get_token_key ( const gsskrb5_ctx /*ctx*/, + krb5_context /*context*/, krb5_keyblock **/*key*/); void diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h index 39c800bf31..1983a9b8e4 100644 --- a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h +++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gsskrb5_locl.h,v 1.8 2006/11/10 00:36:40 lha Exp $ */ +/* $Id: gsskrb5_locl.h,v 1.9 2006/11/13 18:02:03 lha Exp $ */ #ifndef GSSKRB5_LOCL_H #define GSSKRB5_LOCL_H @@ -100,8 +100,6 @@ typedef struct Principal *gsskrb5_name; * */ -extern krb5_context _gsskrb5_context; - extern krb5_keytab _gsskrb5_keytab; extern HEIMDAL_MUTEX gssapi_keytab_mutex; @@ -116,9 +114,9 @@ struct gssapi_thr_context { #include -#define GSSAPI_KRB5_INIT() do { \ +#define GSSAPI_KRB5_INIT(ctx) do { \ krb5_error_code kret_gss_init; \ - if((kret_gss_init = _gsskrb5_init ()) != 0) { \ + if((kret_gss_init = _gsskrb5_init (ctx)) != 0) { \ *minor_status = kret_gss_init; \ return GSS_S_FAILURE; \ } \ diff --git a/source4/heimdal/lib/gssapi/krb5/import_name.c b/source4/heimdal/lib/gssapi/krb5/import_name.c index dc24ed5cf2..15311b4614 100644 --- a/source4/heimdal/lib/gssapi/krb5/import_name.c +++ b/source4/heimdal/lib/gssapi/krb5/import_name.c @@ -33,23 +33,23 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: import_name.c,v 1.17 2006/10/07 22:14:51 lha Exp $"); +RCSID("$Id: import_name.c,v 1.18 2006/11/13 18:02:06 lha Exp $"); static OM_uint32 parse_krb5_name (OM_uint32 *minor_status, + krb5_context context, const char *name, gss_name_t *output_name) { krb5_principal princ; krb5_error_code kerr; - kerr = krb5_parse_name (_gsskrb5_context, name, &princ); + kerr = krb5_parse_name (context, name, &princ); if (kerr == 0) { *output_name = (gss_name_t)princ; return GSS_S_COMPLETE; } - _gsskrb5_set_error_string (); *minor_status = kerr; if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) @@ -60,6 +60,7 @@ parse_krb5_name (OM_uint32 *minor_status, static OM_uint32 import_krb5_name (OM_uint32 *minor_status, + krb5_context context, const gss_buffer_t input_name_buffer, gss_name_t *output_name) { @@ -76,7 +77,7 @@ import_krb5_name (OM_uint32 *minor_status, input_name_buffer->length); tmp[input_name_buffer->length] = '\0'; - ret = parse_krb5_name(minor_status, tmp, output_name); + ret = parse_krb5_name(minor_status, context, tmp, output_name); free(tmp); return ret; @@ -84,6 +85,7 @@ import_krb5_name (OM_uint32 *minor_status, static OM_uint32 import_hostbased_name (OM_uint32 *minor_status, + krb5_context context, const gss_buffer_t input_name_buffer, gss_name_t *output_name) { @@ -117,7 +119,7 @@ import_hostbased_name (OM_uint32 *minor_status, host = local_hostname; } - kerr = krb5_sname_to_principal (_gsskrb5_context, + kerr = krb5_sname_to_principal (context, host, tmp, KRB5_NT_SRV_HST, @@ -128,8 +130,6 @@ import_hostbased_name (OM_uint32 *minor_status, *output_name = (gss_name_t)princ; return GSS_S_COMPLETE; } - _gsskrb5_set_error_string (); - *minor_status = kerr; if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) return GSS_S_BAD_NAME; @@ -139,6 +139,7 @@ import_hostbased_name (OM_uint32 *minor_status, static OM_uint32 import_export_name (OM_uint32 *minor_status, + krb5_context context, const gss_buffer_t input_name_buffer, gss_name_t *output_name) { @@ -178,7 +179,7 @@ import_export_name (OM_uint32 *minor_status, memcpy(name, p, length); name[length] = '\0'; - ret = parse_krb5_name(minor_status, name, output_name); + ret = parse_krb5_name(minor_status, context, name, output_name); free(name); return ret; @@ -191,14 +192,17 @@ OM_uint32 _gsskrb5_import_name gss_name_t * output_name ) { - GSSAPI_KRB5_INIT (); + krb5_context context; *minor_status = 0; *output_name = GSS_C_NO_NAME; + GSSAPI_KRB5_INIT (&context); + if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE) || gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE_X)) return import_hostbased_name (minor_status, + context, input_name_buffer, output_name); else if (gss_oid_equal(input_name_type, GSS_C_NO_OID) @@ -206,10 +210,12 @@ OM_uint32 _gsskrb5_import_name || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) /* default printable syntax */ return import_krb5_name (minor_status, + context, input_name_buffer, output_name); else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) { return import_export_name(minor_status, + context, input_name_buffer, output_name); } else { diff --git a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c index 8131e2621d..bbdc1d36d0 100644 --- a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: import_sec_context.c,v 1.17 2006/10/07 22:14:53 lha Exp $"); +RCSID("$Id: import_sec_context.c,v 1.18 2006/11/13 18:02:09 lha Exp $"); OM_uint32 _gsskrb5_import_sec_context ( @@ -43,6 +43,7 @@ _gsskrb5_import_sec_context ( ) { OM_uint32 ret = GSS_S_FAILURE; + krb5_context context; krb5_error_code kret; krb5_storage *sp; krb5_auth_context ac; @@ -56,7 +57,7 @@ _gsskrb5_import_sec_context ( gsskrb5_ctx ctx; gss_name_t name; - GSSAPI_KRB5_INIT (); + GSSAPI_KRB5_INIT (&context); *context_handle = GSS_C_NO_CONTEXT; @@ -77,10 +78,9 @@ _gsskrb5_import_sec_context ( } HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex); - kret = krb5_auth_con_init (_gsskrb5_context, + kret = krb5_auth_con_init (context, &ctx->auth_context); if (kret) { - _gsskrb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -108,11 +108,11 @@ _gsskrb5_import_sec_context ( goto failure; } - krb5_auth_con_setaddrs (_gsskrb5_context, ac, localp, remotep); + krb5_auth_con_setaddrs (context, ac, localp, remotep); if (localp) - krb5_free_address (_gsskrb5_context, localp); + krb5_free_address (context, localp); if (remotep) - krb5_free_address (_gsskrb5_context, remotep); + krb5_free_address (context, remotep); localp = remotep = NULL; if (krb5_ret_int16 (sp, &ac->local_port) != 0) @@ -123,20 +123,20 @@ _gsskrb5_import_sec_context ( if (flags & SC_KEYBLOCK) { if (krb5_ret_keyblock (sp, &keyblock) != 0) goto failure; - krb5_auth_con_setkey (_gsskrb5_context, ac, &keyblock); - krb5_free_keyblock_contents (_gsskrb5_context, &keyblock); + krb5_auth_con_setkey (context, ac, &keyblock); + krb5_free_keyblock_contents (context, &keyblock); } if (flags & SC_LOCAL_SUBKEY) { if (krb5_ret_keyblock (sp, &keyblock) != 0) goto failure; - krb5_auth_con_setlocalsubkey (_gsskrb5_context, ac, &keyblock); - krb5_free_keyblock_contents (_gsskrb5_context, &keyblock); + krb5_auth_con_setlocalsubkey (context, ac, &keyblock); + krb5_free_keyblock_contents (context, &keyblock); } if (flags & SC_REMOTE_SUBKEY) { if (krb5_ret_keyblock (sp, &keyblock) != 0) goto failure; - krb5_auth_con_setremotesubkey (_gsskrb5_context, ac, &keyblock); - krb5_free_keyblock_contents (_gsskrb5_context, &keyblock); + krb5_auth_con_setremotesubkey (context, ac, &keyblock); + krb5_free_keyblock_contents (context, &keyblock); } if (krb5_ret_uint32 (sp, &ac->local_seqnumber)) goto failure; @@ -209,16 +209,16 @@ _gsskrb5_import_sec_context ( return GSS_S_COMPLETE; failure: - krb5_auth_con_free (_gsskrb5_context, + krb5_auth_con_free (context, ctx->auth_context); if (ctx->source != NULL) - krb5_free_principal(_gsskrb5_context, ctx->source); + krb5_free_principal(context, ctx->source); if (ctx->target != NULL) - krb5_free_principal(_gsskrb5_context, ctx->target); + krb5_free_principal(context, ctx->target); if (localp) - krb5_free_address (_gsskrb5_context, localp); + krb5_free_address (context, localp); if (remotep) - krb5_free_address (_gsskrb5_context, remotep); + krb5_free_address (context, remotep); if(ctx->order) _gssapi_msg_order_destroy(&ctx->order); HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); diff --git a/source4/heimdal/lib/gssapi/krb5/init.c b/source4/heimdal/lib/gssapi/krb5/init.c index cbef8740b7..3eece8e086 100644 --- a/source4/heimdal/lib/gssapi/krb5/init.c +++ b/source4/heimdal/lib/gssapi/krb5/init.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001, 2003, 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,79 +33,51 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: init.c,v 1.9 2006/10/07 22:14:58 lha Exp $"); +RCSID("$Id: init.c,v 1.10 2006/11/13 18:02:12 lha Exp $"); -static HEIMDAL_MUTEX _gsskrb5_context_mutex = HEIMDAL_MUTEX_INITIALIZER; +static HEIMDAL_MUTEX context_mutex = HEIMDAL_MUTEX_INITIALIZER; static int created_key; -static HEIMDAL_thread_key gssapi_context_key; +static HEIMDAL_thread_key context_key; static void -gssapi_destroy_thread_context(void *ptr) +destroy_context(void *ptr) { - struct gssapi_thr_context *ctx = ptr; + krb5_context context = ptr; - if (ctx == NULL) + if (context == NULL) return; - if (ctx->error_string) - free(ctx->error_string); - HEIMDAL_MUTEX_destroy(&ctx->mutex); - free(ctx); -} - - -struct gssapi_thr_context * -_gsskrb5_get_thread_context(int createp) -{ - struct gssapi_thr_context *ctx; - int ret; - - HEIMDAL_MUTEX_lock(&_gsskrb5_context_mutex); - - if (!created_key) - abort(); - ctx = HEIMDAL_getspecific(gssapi_context_key); - if (ctx == NULL) { - if (!createp) - goto fail; - ctx = malloc(sizeof(*ctx)); - if (ctx == NULL) - goto fail; - ctx->error_string = NULL; - HEIMDAL_MUTEX_init(&ctx->mutex); - HEIMDAL_setspecific(gssapi_context_key, ctx, ret); - if (ret) - goto fail; - } - HEIMDAL_MUTEX_unlock(&_gsskrb5_context_mutex); - return ctx; - fail: - HEIMDAL_MUTEX_unlock(&_gsskrb5_context_mutex); - if (ctx) - free(ctx); - return NULL; + krb5_free_context(context); } krb5_error_code -_gsskrb5_init (void) +_gsskrb5_init (krb5_context *context) { krb5_error_code ret = 0; - HEIMDAL_MUTEX_lock(&_gsskrb5_context_mutex); + HEIMDAL_MUTEX_lock(&context_mutex); - if(_gsskrb5_context == NULL) - ret = krb5_init_context (&_gsskrb5_context); - if (ret == 0 && !created_key) { - HEIMDAL_key_create(&gssapi_context_key, - gssapi_destroy_thread_context, - ret); + if (!created_key) { + HEIMDAL_key_create(&context_key, destroy_context, ret); if (ret) { - krb5_free_context(_gsskrb5_context); - _gsskrb5_context = NULL; - } else - created_key = 1; + HEIMDAL_MUTEX_unlock(&context_mutex); + return ret; + } + created_key = 1; } + HEIMDAL_MUTEX_unlock(&context_mutex); - HEIMDAL_MUTEX_unlock(&_gsskrb5_context_mutex); + *context = HEIMDAL_getspecific(context_key); + if (*context == NULL) { + + ret = krb5_init_context(context); + if (ret == 0) { + HEIMDAL_setspecific(context_key, *context, ret); + if (ret) { + krb5_free_context(*context); + *context = NULL; + } + } + } return ret; } diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c index 27d859ddd8..d5f183b0ba 100644 --- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: init_sec_context.c,v 1.73 2006/11/07 17:40:01 lha Exp $"); +RCSID("$Id: init_sec_context.c,v 1.75 2006/12/13 10:33:20 lha Exp $"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -41,7 +41,8 @@ RCSID("$Id: init_sec_context.c,v 1.73 2006/11/07 17:40:01 lha Exp $"); */ static OM_uint32 -set_addresses (krb5_auth_context ac, +set_addresses (krb5_context context, + krb5_auth_context ac, const gss_channel_bindings_t input_chan_bindings) { /* Port numbers are expected to be in application_data.value, @@ -64,29 +65,31 @@ set_addresses (krb5_auth_context ac, ac->remote_port = *((int16_t *) input_chan_bindings->application_data.value + 1); - kret = _gsskrb5i_address_to_krb5addr(input_chan_bindings->acceptor_addrtype, + kret = _gsskrb5i_address_to_krb5addr(context, + input_chan_bindings->acceptor_addrtype, &input_chan_bindings->acceptor_address, ac->remote_port, &acceptor_addr); if (kret) return kret; - kret = _gsskrb5i_address_to_krb5addr(input_chan_bindings->initiator_addrtype, + kret = _gsskrb5i_address_to_krb5addr(context, + input_chan_bindings->initiator_addrtype, &input_chan_bindings->initiator_address, ac->local_port, &initiator_addr); if (kret) { - krb5_free_address (_gsskrb5_context, &acceptor_addr); + krb5_free_address (context, &acceptor_addr); return kret; } - kret = krb5_auth_con_setaddrs(_gsskrb5_context, + kret = krb5_auth_con_setaddrs(context, ac, &initiator_addr, /* local address */ &acceptor_addr); /* remote address */ - krb5_free_address (_gsskrb5_context, &initiator_addr); - krb5_free_address (_gsskrb5_context, &acceptor_addr); + krb5_free_address (context, &initiator_addr); + krb5_free_address (context, &acceptor_addr); #if 0 free(input_chan_bindings->application_data.value); @@ -101,6 +104,7 @@ OM_uint32 _gsskrb5_create_ctx( OM_uint32 * minor_status, gss_ctx_id_t * context_handle, + krb5_context context, const gss_channel_bindings_t input_chan_bindings, enum gss_ctx_id_t_state state) { @@ -127,23 +131,22 @@ _gsskrb5_create_ctx( ctx->order = NULL; HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex); - kret = krb5_auth_con_init (_gsskrb5_context, &ctx->auth_context); + kret = krb5_auth_con_init (context, &ctx->auth_context); if (kret) { *minor_status = kret; - _gsskrb5_set_error_string (); HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); return GSS_S_FAILURE; } - kret = set_addresses(ctx->auth_context, input_chan_bindings); + kret = set_addresses(context, ctx->auth_context, input_chan_bindings); if (kret) { *minor_status = kret; HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); - krb5_auth_con_free(_gsskrb5_context, ctx->auth_context); + krb5_auth_con_free(context, ctx->auth_context); return GSS_S_BAD_BINDINGS; } @@ -152,7 +155,7 @@ _gsskrb5_create_ctx( * We need a sequence number */ - krb5_auth_con_addflags(_gsskrb5_context, + krb5_auth_con_addflags(context, ctx->auth_context, KRB5_AUTH_CONTEXT_DO_SEQUENCE | KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED, @@ -167,6 +170,7 @@ _gsskrb5_create_ctx( static OM_uint32 gsskrb5_get_creds( OM_uint32 * minor_status, + krb5_context context, krb5_ccache ccache, gsskrb5_ctx ctx, krb5_const_principal target_name, @@ -188,7 +192,7 @@ gsskrb5_get_creds( if (time_req && time_req != GSS_C_INDEFINITE) { krb5_timestamp ts; - krb5_timeofday (_gsskrb5_context, &ts); + krb5_timeofday (context, &ts); this_cred.times.endtime = ts + time_req; } else { this_cred.times.endtime = 0; @@ -196,20 +200,20 @@ gsskrb5_get_creds( this_cred.session.keytype = KEYTYPE_NULL; - kret = krb5_get_credentials(_gsskrb5_context, + kret = krb5_get_credentials(context, 0, ccache, &this_cred, cred); if (kret) { - _gsskrb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } ctx->lifetime = (*cred)->times.endtime; - ret = _gsskrb5_lifetime_left(minor_status, ctx->lifetime, &lifetime_rec); + ret = _gsskrb5_lifetime_left(minor_status, context, + ctx->lifetime, &lifetime_rec); if (ret) return ret; if (lifetime_rec == 0) { @@ -225,14 +229,15 @@ gsskrb5_get_creds( static OM_uint32 gsskrb5_initiator_ready( OM_uint32 * minor_status, - gsskrb5_ctx ctx) + gsskrb5_ctx ctx, + krb5_context context) { OM_uint32 ret; int32_t seq_number; int is_cfx = 0; OM_uint32 flags = ctx->flags; - krb5_auth_getremoteseqnumber (_gsskrb5_context, + krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number); @@ -255,7 +260,8 @@ gsskrb5_initiator_ready( */ static void -do_delegation (krb5_auth_context ac, +do_delegation (krb5_context context, + krb5_auth_context ac, krb5_ccache ccache, krb5_creds *cred, krb5_const_principal name, @@ -269,11 +275,11 @@ do_delegation (krb5_auth_context ac, memset (&creds, 0, sizeof(creds)); krb5_data_zero (fwd_data); - kret = krb5_cc_get_principal(_gsskrb5_context, ccache, &creds.client); + kret = krb5_cc_get_principal(context, ccache, &creds.client); if (kret) goto out; - kret = krb5_build_principal(_gsskrb5_context, + kret = krb5_build_principal(context, &creds.server, strlen(creds.client->realm), creds.client->realm, @@ -293,7 +299,7 @@ do_delegation (krb5_auth_context ac, name->name.name_string.len < 2) goto out; - kret = krb5_get_forwarded_creds(_gsskrb5_context, + kret = krb5_get_forwarded_creds(context, ac, ccache, KDCOptions2int(fwd_flags), @@ -308,9 +314,9 @@ do_delegation (krb5_auth_context ac, *flags |= GSS_C_DELEG_FLAG; if (creds.client) - krb5_free_principal(_gsskrb5_context, creds.client); + krb5_free_principal(context, creds.client); if (creds.server) - krb5_free_principal(_gsskrb5_context, creds.server); + krb5_free_principal(context, creds.server); } /* @@ -322,6 +328,7 @@ init_auth (OM_uint32 * minor_status, gsskrb5_cred initiator_cred_handle, gsskrb5_ctx ctx, + krb5_context context, krb5_const_principal name, const gss_OID mech_type, OM_uint32 req_flags, @@ -356,9 +363,8 @@ init_auth *actual_mech_type = GSS_KRB5_MECHANISM; if (initiator_cred_handle == NULL) { - kret = krb5_cc_default (_gsskrb5_context, &ccache); + kret = krb5_cc_default (context, &ccache); if (kret) { - _gsskrb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -366,28 +372,27 @@ init_auth } else ccache = initiator_cred_handle->ccache; - kret = krb5_cc_get_principal (_gsskrb5_context, ccache, &ctx->source); + kret = krb5_cc_get_principal (context, ccache, &ctx->source); if (kret) { - _gsskrb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; } - kret = krb5_copy_principal (_gsskrb5_context, name, &ctx->target); + kret = krb5_copy_principal (context, name, &ctx->target); if (kret) { - _gsskrb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; } - ret = _gss_DES3_get_mic_compat(minor_status, ctx); + ret = _gss_DES3_get_mic_compat(minor_status, ctx, context); if (ret) goto failure; ret = gsskrb5_get_creds(minor_status, + context, ccache, ctx, ctx->target, @@ -400,8 +405,9 @@ init_auth ctx->lifetime = cred->times.endtime; ret = _gsskrb5_lifetime_left(minor_status, - ctx->lifetime, - &lifetime_rec); + context, + ctx->lifetime, + &lifetime_rec); if (ret) { goto failure; } @@ -412,15 +418,14 @@ init_auth goto failure; } - krb5_auth_con_setkey(_gsskrb5_context, + krb5_auth_con_setkey(context, ctx->auth_context, &cred->session); - kret = krb5_auth_con_generatelocalsubkey(_gsskrb5_context, + kret = krb5_auth_con_generatelocalsubkey(context, ctx->auth_context, &cred->session); if(kret) { - _gsskrb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -436,7 +441,7 @@ init_auth if (!cred->flags.b.ok_as_delegate) { krb5_boolean delegate; - krb5_appdefault_boolean(_gsskrb5_context, + krb5_appdefault_boolean(context, "gssapi", name->realm, "ok-as-delegate", FALSE, &delegate); if (delegate) @@ -446,7 +451,8 @@ init_auth flags = 0; ap_options = 0; if (req_flags & GSS_C_DELEG_FLAG) - do_delegation (ctx->auth_context, + do_delegation (context, + ctx->auth_context, ccache, cred, name, &fwd_data, &flags); if (req_flags & GSS_C_MUTUAL_FLAG) { @@ -471,9 +477,9 @@ init_auth flags |= GSS_C_EXTENDED_ERROR_FLAG; if (req_flags & GSS_C_CONF_FLAG) - flags |= GSS_C_CONF_FLAG; + flags |= GSS_C_CONF_FLAG; if (req_flags & GSS_C_INTEG_FLAG) - flags |= GSS_C_INTEG_FLAG; + flags |= GSS_C_INTEG_FLAG; flags |= GSS_C_TRANS_FLAG; @@ -493,7 +499,7 @@ init_auth enctype = ctx->auth_context->keyblock->keytype; - kret = krb5_build_authenticator (_gsskrb5_context, + kret = krb5_build_authenticator (context, ctx->auth_context, enctype, cred, @@ -503,13 +509,12 @@ init_auth KRB5_KU_AP_REQ_AUTH); if (kret) { - _gsskrb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; } - kret = krb5_build_ap_req (_gsskrb5_context, + kret = krb5_build_ap_req (context, enctype, cred, ap_options, @@ -517,7 +522,6 @@ init_auth &outbuf); if (kret) { - _gsskrb5_set_error_string (); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -529,22 +533,22 @@ init_auth goto failure; krb5_data_free (&outbuf); - krb5_free_creds(_gsskrb5_context, cred); + krb5_free_creds(context, cred); free_Checksum(&cksum); if (initiator_cred_handle == NULL) - krb5_cc_close(_gsskrb5_context, ccache); + krb5_cc_close(context, ccache); if (flags & GSS_C_MUTUAL_FLAG) { ctx->state = INITIATOR_WAIT_FOR_MUTAL; return GSS_S_CONTINUE_NEEDED; } - return gsskrb5_initiator_ready(minor_status, ctx); + return gsskrb5_initiator_ready(minor_status, ctx, context); failure: if(cred) - krb5_free_creds(_gsskrb5_context, cred); + krb5_free_creds(context, cred); if (ccache && initiator_cred_handle == NULL) - krb5_cc_close(_gsskrb5_context, ccache); + krb5_cc_close(context, ccache); return ret; @@ -554,6 +558,7 @@ static OM_uint32 repl_mutual (OM_uint32 * minor_status, gsskrb5_ctx ctx, + krb5_context context, const gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, @@ -593,28 +598,27 @@ repl_mutual } } - kret = krb5_rd_rep (_gsskrb5_context, + kret = krb5_rd_rep (context, ctx->auth_context, &indata, &repl); if (kret) { - _gsskrb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } - krb5_free_ap_rep_enc_part (_gsskrb5_context, + krb5_free_ap_rep_enc_part (context, repl); _gsskrb5i_is_cfx(ctx, &is_cfx); if (is_cfx) { krb5_keyblock *key = NULL; - kret = krb5_auth_con_getremotesubkey(_gsskrb5_context, + kret = krb5_auth_con_getremotesubkey(context, ctx->auth_context, &key); if (kret == 0 && key != NULL) { ctx->more_flags |= ACCEPTOR_SUBKEY; - krb5_free_keyblock (_gsskrb5_context, key); + krb5_free_keyblock (context, key); } } @@ -622,6 +626,7 @@ repl_mutual *minor_status = 0; if (time_rec) { ret = _gsskrb5_lifetime_left(minor_status, + context, ctx->lifetime, time_rec); } else { @@ -635,16 +640,15 @@ repl_mutual krb5_data outbuf; /* Do don't do sequence number for the mk-rep */ - krb5_auth_con_removeflags(_gsskrb5_context, + krb5_auth_con_removeflags(context, ctx->auth_context, KRB5_AUTH_CONTEXT_DO_SEQUENCE, &con_flags); - kret = krb5_mk_rep(_gsskrb5_context, + kret = krb5_mk_rep(context, ctx->auth_context, &outbuf); if (kret) { - _gsskrb5_set_error_string (); *minor_status = kret; return GSS_S_FAILURE; } @@ -652,13 +656,13 @@ repl_mutual output_token->length = outbuf.length; output_token->value = outbuf.data; - krb5_auth_con_removeflags(_gsskrb5_context, + krb5_auth_con_removeflags(context, ctx->auth_context, KRB5_AUTH_CONTEXT_DO_SEQUENCE, NULL); } - return gsskrb5_initiator_ready(minor_status, ctx); + return gsskrb5_initiator_ready(minor_status, ctx, context); } /* @@ -681,12 +685,13 @@ OM_uint32 _gsskrb5_init_sec_context OM_uint32 * time_rec ) { + krb5_context context; gsskrb5_cred cred = (gsskrb5_cred)initiator_cred_handle; krb5_const_principal name = (krb5_const_principal)target_name; gsskrb5_ctx ctx; OM_uint32 ret; - GSSAPI_KRB5_INIT (); + GSSAPI_KRB5_INIT (&context); output_token->length = 0; output_token->value = NULL; @@ -722,6 +727,7 @@ OM_uint32 _gsskrb5_init_sec_context ret = _gsskrb5_create_ctx(minor_status, context_handle, + context, input_chan_bindings, INITIATOR_START); if (ret) @@ -742,6 +748,7 @@ OM_uint32 _gsskrb5_init_sec_context ret = init_auth(minor_status, cred, ctx, + context, name, mech_type, req_flags, @@ -756,6 +763,7 @@ OM_uint32 _gsskrb5_init_sec_context case INITIATOR_WAIT_FOR_MUTAL: ret = repl_mutual(minor_status, ctx, + context, mech_type, req_flags, time_req, diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_context.c b/source4/heimdal/lib/gssapi/krb5/inquire_context.c index ef43e6852c..bdaa01b108 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_context.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_context.c,v 1.10 2006/10/07 22:15:03 lha Exp $"); +RCSID("$Id: inquire_context.c,v 1.11 2006/11/13 18:02:18 lha Exp $"); OM_uint32 _gsskrb5_inquire_context ( OM_uint32 * minor_status, @@ -47,6 +47,7 @@ OM_uint32 _gsskrb5_inquire_context ( int * open_context ) { + krb5_context context; OM_uint32 ret; gsskrb5_ctx ctx = (gsskrb5_ctx)context_handle; gss_name_t name; @@ -56,6 +57,8 @@ OM_uint32 _gsskrb5_inquire_context ( if (targ_name) *targ_name = GSS_C_NO_NAME; + GSSAPI_KRB5_INIT (&context); + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); if (src_name) { @@ -74,6 +77,7 @@ OM_uint32 _gsskrb5_inquire_context ( if (lifetime_rec) { ret = _gsskrb5_lifetime_left(minor_status, + context, ctx->lifetime, lifetime_rec); if (ret) diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_cred.c b/source4/heimdal/lib/gssapi/krb5/inquire_cred.c index 0593729365..74018559a0 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_cred.c,v 1.12 2006/10/07 22:15:06 lha Exp $"); +RCSID("$Id: inquire_cred.c,v 1.13 2006/11/13 18:02:21 lha Exp $"); OM_uint32 _gsskrb5_inquire_cred (OM_uint32 * minor_status, @@ -44,6 +44,7 @@ OM_uint32 _gsskrb5_inquire_cred gss_OID_set * mechanisms ) { + krb5_context context; gss_cred_id_t aqcred_init = GSS_C_NO_CREDENTIAL; gss_cred_id_t aqcred_accept = GSS_C_NO_CREDENTIAL; gsskrb5_cred acred = NULL, icred = NULL; @@ -56,6 +57,8 @@ OM_uint32 _gsskrb5_inquire_cred if (mechanisms) *mechanisms = GSS_C_NO_OID_SET; + GSSAPI_KRB5_INIT (&context); + if (cred_handle == GSS_C_NO_CREDENTIAL) { ret = _gsskrb5_acquire_cred(minor_status, GSS_C_NO_NAME, @@ -105,7 +108,7 @@ OM_uint32 _gsskrb5_inquire_cred goto out; } else if (acred && acred->usage == GSS_C_ACCEPT) { krb5_principal princ; - *minor_status = krb5_sname_to_principal(_gsskrb5_context, NULL, + *minor_status = krb5_sname_to_principal(context, NULL, NULL, KRB5_NT_SRV_HST, &princ); if (*minor_status) { @@ -115,7 +118,7 @@ OM_uint32 _gsskrb5_inquire_cred *output_name = (gss_name_t)princ; } else { krb5_principal princ; - *minor_status = krb5_get_default_principal(_gsskrb5_context, + *minor_status = krb5_get_default_principal(context, &princ); if (*minor_status) { ret = GSS_S_FAILURE; @@ -131,6 +134,7 @@ OM_uint32 _gsskrb5_inquire_cred if (icred) ilife = icred->lifetime; ret = _gsskrb5_lifetime_left(minor_status, + context, min(alife,ilife), lifetime); if (ret) diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c index 26927c740c..1a36896019 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_cred_by_oid.c,v 1.4 2006/10/07 22:15:10 lha Exp $"); +RCSID("$Id: inquire_cred_by_oid.c,v 1.5 2006/11/13 18:02:24 lha Exp $"); OM_uint32 _gsskrb5_inquire_cred_by_oid (OM_uint32 * minor_status, @@ -40,11 +40,14 @@ OM_uint32 _gsskrb5_inquire_cred_by_oid const gss_OID desired_object, gss_buffer_set_t *data_set) { + krb5_context context; gsskrb5_cred cred = (gsskrb5_cred)cred_handle; krb5_error_code ret; gss_buffer_desc buffer; char *str; + GSSAPI_KRB5_INIT (&context); + if (gss_oid_equal(desired_object, GSS_KRB5_COPY_CCACHE_X) == 0) { *minor_status = EINVAL; return GSS_S_FAILURE; @@ -58,11 +61,10 @@ OM_uint32 _gsskrb5_inquire_cred_by_oid return GSS_S_FAILURE; } - ret = krb5_cc_get_full_name(_gsskrb5_context, cred->ccache, &str); + ret = krb5_cc_get_full_name(context, cred->ccache, &str); HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); if (ret) { *minor_status = ret; - _gsskrb5_set_error_string (); return GSS_S_FAILURE; } diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c index ee4210d74a..97e86a95c7 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_sec_context_by_oid.c,v 1.11 2006/11/07 14:34:35 lha Exp $"); +RCSID("$Id: inquire_sec_context_by_oid.c,v 1.12 2006/11/13 18:02:27 lha Exp $"); static int oid_prefix_equal(gss_OID oid_enc, gss_OID prefix_enc, unsigned *suffix) @@ -106,6 +106,7 @@ enum keytype { ACCEPTOR_KEY, INITIATOR_KEY, TOKEN_KEY }; static OM_uint32 inquire_sec_context_get_subkey (OM_uint32 *minor_status, const gsskrb5_ctx context_handle, + krb5_context context, enum keytype keytype, gss_buffer_set_t *data_set) { @@ -127,19 +128,13 @@ static OM_uint32 inquire_sec_context_get_subkey HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); switch(keytype) { case ACCEPTOR_KEY: - ret = _gsskrb5i_get_acceptor_subkey(context_handle, &key); - if (ret) - _gsskrb5_set_error_string (); + ret = _gsskrb5i_get_acceptor_subkey(context_handle, context, &key); break; case INITIATOR_KEY: - ret = _gsskrb5i_get_initiator_subkey(context_handle, &key); - if (ret) - _gsskrb5_set_error_string (); + ret = _gsskrb5i_get_initiator_subkey(context_handle, context, &key); break; case TOKEN_KEY: - ret = _gsskrb5i_get_token_key(context_handle, &key); - if (ret) - _gsskrb5_set_error_string (); + ret = _gsskrb5i_get_token_key(context_handle, context, &key); break; default: _gsskrb5_set_status("%d is not a valid subkey type", keytype); @@ -156,17 +151,13 @@ static OM_uint32 inquire_sec_context_get_subkey } ret = krb5_store_keyblock(sp, *key); - krb5_free_keyblock (_gsskrb5_context, key); - if (ret) { - _gsskrb5_set_error_string (); + krb5_free_keyblock (context, key); + if (ret) goto out; - } ret = krb5_storage_to_data(sp, &data); - if (ret) { - _gsskrb5_set_error_string (); + if (ret) goto out; - } { gss_buffer_desc value; @@ -193,6 +184,7 @@ out: static OM_uint32 inquire_sec_context_authz_data (OM_uint32 *minor_status, const gsskrb5_ctx context_handle, + krb5_context context, unsigned ad_type, gss_buffer_set_t *data_set) { @@ -211,13 +203,12 @@ static OM_uint32 inquire_sec_context_authz_data return GSS_S_NO_CONTEXT; } - ret = krb5_ticket_get_authorization_data_type(_gsskrb5_context, + ret = krb5_ticket_get_authorization_data_type(context, context_handle->ticket, ad_type, &data); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); if (ret) { - _gsskrb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -276,6 +267,7 @@ static OM_uint32 inquire_sec_context_has_updated_spnego static OM_uint32 export_lucid_sec_context_v1(OM_uint32 *minor_status, gsskrb5_ctx context_handle, + krb5_context context, gss_buffer_set_t *data_set) { krb5_storage *sp = NULL; @@ -288,8 +280,6 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status, *minor_status = 0; - GSSAPI_KRB5_INIT (); - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); _gsskrb5i_is_cfx(context_handle, &is_cfx); @@ -307,12 +297,12 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status, if (ret) goto out; ret = krb5_store_int32(sp, context_handle->lifetime); if (ret) goto out; - krb5_auth_con_getlocalseqnumber (_gsskrb5_context, + krb5_auth_con_getlocalseqnumber (context, context_handle->auth_context, &number); ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */ ret = krb5_store_uint32(sp, (uint32_t)number); - krb5_auth_getremoteseqnumber (_gsskrb5_context, + krb5_auth_getremoteseqnumber (context, context_handle->auth_context, &number); ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */ @@ -320,7 +310,7 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status, ret = krb5_store_int32(sp, (is_cfx) ? 1 : 0); if (ret) goto out; - ret = _gsskrb5i_get_token_key(context_handle, &key); + ret = _gsskrb5i_get_token_key(context_handle, context, &key); if (ret) goto out; if (is_cfx == 0) { @@ -387,7 +377,7 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status, out: if (key) - krb5_free_keyblock (_gsskrb5_context, key); + krb5_free_keyblock (context, key); if (sp) krb5_storage_free(sp); if (ret) { @@ -485,7 +475,6 @@ out: if (sp) krb5_storage_free(sp); if (ret) { - _gsskrb5_set_error_string (); *minor_status = ret; maj_stat = GSS_S_FAILURE; } @@ -501,6 +490,7 @@ OM_uint32 _gsskrb5_inquire_sec_context_by_oid const gss_OID desired_object, gss_buffer_set_t *data_set) { + krb5_context context; const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; unsigned suffix; @@ -509,6 +499,8 @@ OM_uint32 _gsskrb5_inquire_sec_context_by_oid return GSS_S_NO_CONTEXT; } + GSSAPI_KRB5_INIT (&context); + if (gss_oid_equal(desired_object, GSS_KRB5_GET_TKT_FLAGS_X)) { return inquire_sec_context_tkt_flags(minor_status, ctx, @@ -520,16 +512,19 @@ OM_uint32 _gsskrb5_inquire_sec_context_by_oid } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_SUBKEY_X)) { return inquire_sec_context_get_subkey(minor_status, ctx, + context, TOKEN_KEY, data_set); } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_INITIATOR_SUBKEY_X)) { return inquire_sec_context_get_subkey(minor_status, ctx, + context, INITIATOR_KEY, data_set); } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_ACCEPTOR_SUBKEY_X)) { return inquire_sec_context_get_subkey(minor_status, ctx, + context, ACCEPTOR_KEY, data_set); } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_AUTHTIME_X)) { @@ -539,6 +534,7 @@ OM_uint32 _gsskrb5_inquire_sec_context_by_oid &suffix)) { return inquire_sec_context_authz_data(minor_status, ctx, + context, suffix, data_set); } else if (oid_prefix_equal(desired_object, @@ -547,6 +543,7 @@ OM_uint32 _gsskrb5_inquire_sec_context_by_oid if (suffix == 1) return export_lucid_sec_context_v1(minor_status, ctx, + context, data_set); *minor_status = 0; return GSS_S_FAILURE; diff --git a/source4/heimdal/lib/gssapi/krb5/process_context_token.c b/source4/heimdal/lib/gssapi/krb5/process_context_token.c index 99568c9dd0..411d689635 100644 --- a/source4/heimdal/lib/gssapi/krb5/process_context_token.c +++ b/source4/heimdal/lib/gssapi/krb5/process_context_token.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: process_context_token.c,v 1.4 2006/10/07 22:15:19 lha Exp $"); +RCSID("$Id: process_context_token.c,v 1.5 2006/11/13 18:02:30 lha Exp $"); OM_uint32 _gsskrb5_process_context_token ( OM_uint32 *minor_status, @@ -41,6 +41,7 @@ OM_uint32 _gsskrb5_process_context_token ( const gss_buffer_t token_buffer ) { + krb5_context context; OM_uint32 ret = GSS_S_FAILURE; gss_buffer_desc empty_buffer; gss_qop_t qop_state; @@ -48,10 +49,13 @@ OM_uint32 _gsskrb5_process_context_token ( empty_buffer.length = 0; empty_buffer.value = NULL; + GSSAPI_KRB5_INIT (&context); + qop_state = GSS_C_QOP_DEFAULT; ret = _gsskrb5_verify_mic_internal(minor_status, (gsskrb5_ctx)context_handle, + context, token_buffer, &empty_buffer, GSS_C_QOP_DEFAULT, "\x01\x02"); diff --git a/source4/heimdal/lib/gssapi/krb5/release_cred.c b/source4/heimdal/lib/gssapi/krb5/release_cred.c index 662461ccfd..f6d98b29c6 100644 --- a/source4/heimdal/lib/gssapi/krb5/release_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/release_cred.c @@ -33,13 +33,14 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: release_cred.c,v 1.13 2006/10/07 22:15:24 lha Exp $"); +RCSID("$Id: release_cred.c,v 1.14 2006/11/13 18:02:34 lha Exp $"); OM_uint32 _gsskrb5_release_cred (OM_uint32 * minor_status, gss_cred_id_t * cred_handle ) { + krb5_context context; gsskrb5_cred cred; *minor_status = 0; @@ -50,21 +51,21 @@ OM_uint32 _gsskrb5_release_cred cred = (gsskrb5_cred)*cred_handle; *cred_handle = GSS_C_NO_CREDENTIAL; - GSSAPI_KRB5_INIT (); + GSSAPI_KRB5_INIT (&context); HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); if (cred->principal != NULL) - krb5_free_principal(_gsskrb5_context, cred->principal); + krb5_free_principal(context, cred->principal); if (cred->keytab != NULL) - krb5_kt_close(_gsskrb5_context, cred->keytab); + krb5_kt_close(context, cred->keytab); if (cred->ccache != NULL) { const krb5_cc_ops *ops; - ops = krb5_cc_get_ops(_gsskrb5_context, cred->ccache); + ops = krb5_cc_get_ops(context, cred->ccache); if (cred->cred_flags & GSS_CF_DESTROY_CRED_ON_RELEASE) - krb5_cc_destroy(_gsskrb5_context, cred->ccache); + krb5_cc_destroy(context, cred->ccache); else - krb5_cc_close(_gsskrb5_context, cred->ccache); + krb5_cc_close(context, cred->ccache); } _gsskrb5_release_oid_set(NULL, &cred->mechanisms); HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); diff --git a/source4/heimdal/lib/gssapi/krb5/release_name.c b/source4/heimdal/lib/gssapi/krb5/release_name.c index a92ad939a5..cc9c0934f7 100644 --- a/source4/heimdal/lib/gssapi/krb5/release_name.c +++ b/source4/heimdal/lib/gssapi/krb5/release_name.c @@ -33,23 +33,24 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: release_name.c,v 1.10 2006/10/07 22:15:26 lha Exp $"); +RCSID("$Id: release_name.c,v 1.11 2006/11/13 18:02:37 lha Exp $"); OM_uint32 _gsskrb5_release_name (OM_uint32 * minor_status, gss_name_t * input_name ) { + krb5_context context; krb5_principal name = (krb5_principal)*input_name; - GSSAPI_KRB5_INIT (); - if (minor_status) *minor_status = 0; + GSSAPI_KRB5_INIT (&context); + *input_name = GSS_C_NO_NAME; - krb5_free_principal(_gsskrb5_context, name); + krb5_free_principal(context, name); return GSS_S_COMPLETE; } diff --git a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c index 5807ef0166..849760ee4a 100644 --- a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c +++ b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: set_cred_option.c,v 1.4 2006/10/24 20:14:13 lha Exp $"); +RCSID("$Id: set_cred_option.c,v 1.5 2006/11/13 18:02:39 lha Exp $"); static gss_OID_desc gss_krb5_import_cred_x_oid_desc = {9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x04"}; /* XXX */ @@ -41,6 +41,7 @@ gss_OID GSS_KRB5_IMPORT_CRED_X = &gss_krb5_import_cred_x_oid_desc; static OM_uint32 import_cred(OM_uint32 *minor_status, + krb5_context context, gss_cred_id_t *cred_handle, const gss_buffer_t value) { @@ -71,7 +72,7 @@ import_cred(OM_uint32 *minor_status, goto out; } if (str[0]) { - ret = krb5_cc_resolve(_gsskrb5_context, str, &id); + ret = krb5_cc_resolve(context, str, &id); if (ret) { *minor_status = ret; major_stat = GSS_S_FAILURE; @@ -84,7 +85,7 @@ import_cred(OM_uint32 *minor_status, /* keytab principal name */ ret = krb5_ret_string(sp, &str); if (ret == 0 && str[0]) - ret = krb5_parse_name(_gsskrb5_context, str, &keytab_principal); + ret = krb5_parse_name(context, str, &keytab_principal); if (ret) { *minor_status = ret; major_stat = GSS_S_FAILURE; @@ -101,7 +102,7 @@ import_cred(OM_uint32 *minor_status, goto out; } if (str[0]) { - ret = krb5_kt_resolve(_gsskrb5_context, str, &keytab); + ret = krb5_kt_resolve(context, str, &keytab); if (ret) { *minor_status = ret; major_stat = GSS_S_FAILURE; @@ -115,11 +116,11 @@ import_cred(OM_uint32 *minor_status, keytab, cred_handle); out: if (id) - krb5_cc_close(_gsskrb5_context, id); + krb5_cc_close(context, id); if (keytab_principal) - krb5_free_principal(_gsskrb5_context, keytab_principal); + krb5_free_principal(context, keytab_principal); if (keytab) - krb5_kt_close(_gsskrb5_context, keytab); + krb5_kt_close(context, keytab); if (str) free(str); if (sp) @@ -136,7 +137,9 @@ _gsskrb5_set_cred_option const gss_OID desired_object, const gss_buffer_t value) { - GSSAPI_KRB5_INIT (); + krb5_context context; + + GSSAPI_KRB5_INIT (&context); if (value == GSS_C_NO_BUFFER) { *minor_status = EINVAL; @@ -144,7 +147,7 @@ _gsskrb5_set_cred_option } if (gss_oid_equal(desired_object, GSS_KRB5_IMPORT_CRED_X)) { - return import_cred(minor_status, cred_handle, value); + return import_cred(minor_status, context, cred_handle, value); } *minor_status = EINVAL; diff --git a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c index dc1495efc1..4a5f60ce94 100644 --- a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c +++ b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c @@ -36,7 +36,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: set_sec_context_option.c,v 1.8 2006/11/08 23:06:42 lha Exp $"); +RCSID("$Id: set_sec_context_option.c,v 1.10 2006/12/14 11:02:16 lha Exp $"); static OM_uint32 get_bool(OM_uint32 *minor_status, @@ -58,9 +58,10 @@ _gsskrb5_set_sec_context_option const gss_OID desired_object, const gss_buffer_t value) { + krb5_context context; OM_uint32 maj_stat; - GSSAPI_KRB5_INIT (); + GSSAPI_KRB5_INIT (&context); if (value == GSS_C_NO_BUFFER) { *minor_status = EINVAL; @@ -96,7 +97,7 @@ _gsskrb5_set_sec_context_option if (maj_stat != GSS_S_COMPLETE) return maj_stat; - krb5_set_dns_canonicalize_hostname(_gsskrb5_context, flag); + krb5_set_dns_canonicalize_hostname(context, flag); return GSS_S_COMPLETE; } else if (gss_oid_equal(desired_object, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X)) { @@ -128,14 +129,14 @@ _gsskrb5_set_sec_context_option return GSS_S_CALL_INACCESSIBLE_READ; } str = malloc(value->length + 1); - if (str) { + if (str == NULL) { *minor_status = 0; return GSS_S_UNAVAILABLE; } memcpy(str, value->value, value->length); str[value->length] = '\0'; - krb5_set_default_realm(_gsskrb5_context, str); + krb5_set_default_realm(context, str); free(str); *minor_status = 0; @@ -144,7 +145,7 @@ _gsskrb5_set_sec_context_option } else if (gss_oid_equal(desired_object, GSS_KRB5_SEND_TO_KDC_X)) { if (value == NULL || value->length == 0) { - krb5_set_send_to_kdc_func(_gsskrb5_context, NULL, NULL); + krb5_set_send_to_kdc_func(context, NULL, NULL); } else { struct gsskrb5_send_to_kdc c; @@ -153,7 +154,7 @@ _gsskrb5_set_sec_context_option return GSS_S_FAILURE; } memcpy(&c, value->value, sizeof(c)); - krb5_set_send_to_kdc_func(_gsskrb5_context, + krb5_set_send_to_kdc_func(context, (krb5_send_to_kdc_func)c.func, c.ptr); } diff --git a/source4/heimdal/lib/gssapi/krb5/unwrap.c b/source4/heimdal/lib/gssapi/krb5/unwrap.c index 758390080c..3dd7618561 100644 --- a/source4/heimdal/lib/gssapi/krb5/unwrap.c +++ b/source4/heimdal/lib/gssapi/krb5/unwrap.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: unwrap.c,v 1.38 2006/10/18 15:59:28 lha Exp $"); +RCSID("$Id: unwrap.c,v 1.39 2006/11/13 18:02:51 lha Exp $"); static OM_uint32 unwrap_des @@ -175,6 +175,7 @@ static OM_uint32 unwrap_des3 (OM_uint32 * minor_status, const gsskrb5_ctx context_handle, + krb5_context context, const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int * conf_state, @@ -226,18 +227,16 @@ unwrap_des3 /* decrypt data */ krb5_data tmp; - ret = krb5_crypto_init(_gsskrb5_context, key, + ret = krb5_crypto_init(context, key, ETYPE_DES3_CBC_NONE, &crypto); if (ret) { - _gsskrb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } - ret = krb5_decrypt(_gsskrb5_context, crypto, KRB5_KU_USAGE_SEAL, + ret = krb5_decrypt(context, crypto, KRB5_KU_USAGE_SEAL, p, input_message_buffer->length - len, &tmp); - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); if (ret) { - _gsskrb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -259,10 +258,9 @@ unwrap_des3 p -= 28; - ret = krb5_crypto_init(_gsskrb5_context, key, + ret = krb5_crypto_init(context, key, ETYPE_DES3_CBC_NONE, &crypto); if (ret) { - _gsskrb5_set_error_string (); *minor_status = ret; HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); return GSS_S_FAILURE; @@ -271,15 +269,14 @@ unwrap_des3 DES_cblock ivec; memcpy(&ivec, p + 8, 8); - ret = krb5_decrypt_ivec (_gsskrb5_context, + ret = krb5_decrypt_ivec (context, crypto, KRB5_KU_USAGE_SEQ, p, 8, &seq_data, &ivec); } - krb5_crypto_destroy (_gsskrb5_context, crypto); + krb5_crypto_destroy (context, crypto); if (ret) { - _gsskrb5_set_error_string (); *minor_status = ret; HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); return GSS_S_FAILURE; @@ -325,21 +322,19 @@ unwrap_des3 csum.checksum.length = 20; csum.checksum.data = cksum; - ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { - _gsskrb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } - ret = krb5_verify_checksum (_gsskrb5_context, crypto, + ret = krb5_verify_checksum (context, crypto, KRB5_KU_USAGE_SIGN, p + 20, input_message_buffer->length - len + 8, &csum); - krb5_crypto_destroy (_gsskrb5_context, crypto); + krb5_crypto_destroy (context, crypto); if (ret) { - _gsskrb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -367,6 +362,7 @@ OM_uint32 _gsskrb5_unwrap ) { krb5_keyblock *key; + krb5_context context; OM_uint32 ret; krb5_keytype keytype; gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle; @@ -374,17 +370,18 @@ OM_uint32 _gsskrb5_unwrap output_message_buffer->value = NULL; output_message_buffer->length = 0; + GSSAPI_KRB5_INIT (&context); + if (qop_state != NULL) *qop_state = GSS_C_QOP_DEFAULT; HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); - ret = _gsskrb5i_get_token_key(ctx, &key); + ret = _gsskrb5i_get_token_key(ctx, context, &key); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); if (ret) { - _gsskrb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } - krb5_enctype_to_keytype (_gsskrb5_context, key->keytype, &keytype); + krb5_enctype_to_keytype (context, key->keytype, &keytype); *minor_status = 0; @@ -395,22 +392,22 @@ OM_uint32 _gsskrb5_unwrap conf_state, qop_state, key); break; case KEYTYPE_DES3 : - ret = unwrap_des3 (minor_status, ctx, + ret = unwrap_des3 (minor_status, ctx, context, input_message_buffer, output_message_buffer, conf_state, qop_state, key); break; case KEYTYPE_ARCFOUR: case KEYTYPE_ARCFOUR_56: - ret = _gssapi_unwrap_arcfour (minor_status, ctx, + ret = _gssapi_unwrap_arcfour (minor_status, ctx, context, input_message_buffer, output_message_buffer, conf_state, qop_state, key); break; default : - ret = _gssapi_unwrap_cfx (minor_status, ctx, + ret = _gssapi_unwrap_cfx (minor_status, ctx, context, input_message_buffer, output_message_buffer, conf_state, qop_state, key); break; } - krb5_free_keyblock (_gsskrb5_context, key); + krb5_free_keyblock (context, key); return ret; } diff --git a/source4/heimdal/lib/gssapi/krb5/verify_mic.c b/source4/heimdal/lib/gssapi/krb5/verify_mic.c index 920937cafc..29b3a7f4bb 100644 --- a/source4/heimdal/lib/gssapi/krb5/verify_mic.c +++ b/source4/heimdal/lib/gssapi/krb5/verify_mic.c @@ -33,12 +33,13 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: verify_mic.c,v 1.36 2006/10/18 15:59:30 lha Exp $"); +RCSID("$Id: verify_mic.c,v 1.37 2006/11/13 18:02:54 lha Exp $"); static OM_uint32 verify_mic_des (OM_uint32 * minor_status, const gsskrb5_ctx context_handle, + krb5_context context, const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, gss_qop_t * qop_state, @@ -131,6 +132,7 @@ static OM_uint32 verify_mic_des3 (OM_uint32 * minor_status, const gsskrb5_ctx context_handle, + krb5_context context, const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, gss_qop_t * qop_state, @@ -164,10 +166,9 @@ verify_mic_des3 return GSS_S_BAD_MIC; p += 4; - ret = krb5_crypto_init(_gsskrb5_context, key, + ret = krb5_crypto_init(context, key, ETYPE_DES3_CBC_NONE, &crypto); if (ret){ - _gsskrb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } @@ -180,14 +181,13 @@ retry: else memcpy(ivec, p + 8, 8); - ret = krb5_decrypt_ivec (_gsskrb5_context, + ret = krb5_decrypt_ivec (context, crypto, KRB5_KU_USAGE_SEQ, p, 8, &seq_data, ivec); if (ret) { if (docompat++) { - _gsskrb5_set_error_string (); - krb5_crypto_destroy (_gsskrb5_context, crypto); + krb5_crypto_destroy (context, crypto); *minor_status = ret; return GSS_S_FAILURE; } else @@ -197,7 +197,7 @@ retry: if (seq_data.length != 8) { krb5_data_free (&seq_data); if (docompat++) { - krb5_crypto_destroy (_gsskrb5_context, crypto); + krb5_crypto_destroy (context, crypto); return GSS_S_BAD_MIC; } else goto retry; @@ -215,7 +215,7 @@ retry: krb5_data_free (&seq_data); if (cmp != 0) { - krb5_crypto_destroy (_gsskrb5_context, crypto); + krb5_crypto_destroy (context, crypto); *minor_status = 0; HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); return GSS_S_BAD_MIC; @@ -223,7 +223,7 @@ retry: ret = _gssapi_msg_order_check(context_handle->order, seq_number); if (ret) { - krb5_crypto_destroy (_gsskrb5_context, crypto); + krb5_crypto_destroy (context, crypto); *minor_status = 0; HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); return ret; @@ -233,7 +233,7 @@ retry: tmp = malloc (message_buffer->length + 8); if (tmp == NULL) { - krb5_crypto_destroy (_gsskrb5_context, crypto); + krb5_crypto_destroy (context, crypto); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); *minor_status = ENOMEM; return GSS_S_FAILURE; @@ -246,21 +246,20 @@ retry: csum.checksum.length = 20; csum.checksum.data = p + 8; - ret = krb5_verify_checksum (_gsskrb5_context, crypto, + ret = krb5_verify_checksum (context, crypto, KRB5_KU_USAGE_SIGN, tmp, message_buffer->length + 8, &csum); free (tmp); if (ret) { - _gsskrb5_set_error_string (); - krb5_crypto_destroy (_gsskrb5_context, crypto); + krb5_crypto_destroy (context, crypto); *minor_status = ret; HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); return GSS_S_BAD_MIC; } HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - krb5_crypto_destroy (_gsskrb5_context, crypto); + krb5_crypto_destroy (context, crypto); return GSS_S_COMPLETE; } @@ -268,6 +267,7 @@ OM_uint32 _gsskrb5_verify_mic_internal (OM_uint32 * minor_status, const gsskrb5_ctx context_handle, + krb5_context context, const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, gss_qop_t * qop_state, @@ -279,39 +279,40 @@ _gsskrb5_verify_mic_internal krb5_keytype keytype; HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - ret = _gsskrb5i_get_token_key(context_handle, &key); + ret = _gsskrb5i_get_token_key(context_handle, context, &key); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); if (ret) { - _gsskrb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } *minor_status = 0; - krb5_enctype_to_keytype (_gsskrb5_context, key->keytype, &keytype); + krb5_enctype_to_keytype (context, key->keytype, &keytype); switch (keytype) { case KEYTYPE_DES : - ret = verify_mic_des (minor_status, context_handle, + ret = verify_mic_des (minor_status, context_handle, context, message_buffer, token_buffer, qop_state, key, type); break; case KEYTYPE_DES3 : - ret = verify_mic_des3 (minor_status, context_handle, + ret = verify_mic_des3 (minor_status, context_handle, context, message_buffer, token_buffer, qop_state, key, type); break; case KEYTYPE_ARCFOUR : case KEYTYPE_ARCFOUR_56 : ret = _gssapi_verify_mic_arcfour (minor_status, context_handle, + context, message_buffer, token_buffer, qop_state, key, type); break; default : ret = _gssapi_verify_mic_cfx (minor_status, context_handle, + context, message_buffer, token_buffer, qop_state, key); break; } - krb5_free_keyblock (_gsskrb5_context, key); + krb5_free_keyblock (context, key); return ret; } @@ -325,13 +326,17 @@ _gsskrb5_verify_mic gss_qop_t * qop_state ) { + krb5_context context; OM_uint32 ret; + GSSAPI_KRB5_INIT (&context); + if (qop_state != NULL) *qop_state = GSS_C_QOP_DEFAULT; ret = _gsskrb5_verify_mic_internal(minor_status, - (gsskrb5_ctx)context_handle, + (gsskrb5_ctx)context_handle, + context, message_buffer, token_buffer, qop_state, "\x01\x01"); diff --git a/source4/heimdal/lib/gssapi/krb5/wrap.c b/source4/heimdal/lib/gssapi/krb5/wrap.c index ebbc975b8a..79cfb48ed2 100644 --- a/source4/heimdal/lib/gssapi/krb5/wrap.c +++ b/source4/heimdal/lib/gssapi/krb5/wrap.c @@ -33,74 +33,80 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: wrap.c,v 1.37 2006/10/18 15:59:33 lha Exp $"); +RCSID("$Id: wrap.c,v 1.39 2006/11/14 09:49:56 lha Exp $"); /* * Return initiator subkey, or if that doesn't exists, the subkey. */ krb5_error_code -_gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx, krb5_keyblock **key) +_gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx, + krb5_context context, + krb5_keyblock **key) { krb5_error_code ret; *key = NULL; if (ctx->more_flags & LOCAL) { - ret = krb5_auth_con_getlocalsubkey(_gsskrb5_context, + ret = krb5_auth_con_getlocalsubkey(context, ctx->auth_context, key); } else { - ret = krb5_auth_con_getremotesubkey(_gsskrb5_context, + ret = krb5_auth_con_getremotesubkey(context, ctx->auth_context, key); } - if (*key == NULL) - ret = krb5_auth_con_getkey(_gsskrb5_context, + if (ret == 0 && *key == NULL) + ret = krb5_auth_con_getkey(context, ctx->auth_context, key); - if (*key == NULL) { - _gsskrb5_set_status("No initiator subkey available"); + if (ret == 0 && *key == NULL) { + krb5_set_error_string(context, "No initiator subkey available"); return GSS_KRB5_S_KG_NO_SUBKEY; } return ret; } krb5_error_code -_gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx, krb5_keyblock **key) +_gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx, + krb5_context context, + krb5_keyblock **key) { krb5_error_code ret; *key = NULL; if (ctx->more_flags & LOCAL) { - ret = krb5_auth_con_getremotesubkey(_gsskrb5_context, + ret = krb5_auth_con_getremotesubkey(context, ctx->auth_context, key); } else { - ret = krb5_auth_con_getlocalsubkey(_gsskrb5_context, + ret = krb5_auth_con_getlocalsubkey(context, ctx->auth_context, key); } - if (*key == NULL) { - _gsskrb5_set_status("No acceptor subkey available"); + if (ret == 0 && *key == NULL) { + krb5_set_error_string(context, "No acceptor subkey available"); return GSS_KRB5_S_KG_NO_SUBKEY; } return ret; } OM_uint32 -_gsskrb5i_get_token_key(const gsskrb5_ctx ctx, krb5_keyblock **key) +_gsskrb5i_get_token_key(const gsskrb5_ctx ctx, + krb5_context context, + krb5_keyblock **key) { - _gsskrb5i_get_acceptor_subkey(ctx, key); + _gsskrb5i_get_acceptor_subkey(ctx, context, key); if(*key == NULL) { /* * Only use the initiator subkey or ticket session key if an * acceptor subkey was not required. */ if ((ctx->more_flags & ACCEPTOR_SUBKEY) == 0) - _gsskrb5i_get_initiator_subkey(ctx, key); + _gsskrb5i_get_initiator_subkey(ctx, context, key); } if (*key == NULL) { - _gsskrb5_set_status("No token key available"); + krb5_set_error_string(context, "No token key available"); return GSS_KRB5_S_KG_NO_SUBKEY; } return 0; @@ -140,20 +146,22 @@ _gsskrb5_wrap_size_limit ( OM_uint32 * max_input_size ) { + krb5_context context; krb5_keyblock *key; OM_uint32 ret; krb5_keytype keytype; const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; + GSSAPI_KRB5_INIT (&context); + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); - ret = _gsskrb5i_get_token_key(ctx, &key); + ret = _gsskrb5i_get_token_key(ctx, context, &key); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); if (ret) { - _gsskrb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } - krb5_enctype_to_keytype (_gsskrb5_context, key->keytype, &keytype); + krb5_enctype_to_keytype (context, key->keytype, &keytype); switch (keytype) { case KEYTYPE_DES : @@ -161,7 +169,7 @@ _gsskrb5_wrap_size_limit ( break; case KEYTYPE_ARCFOUR: case KEYTYPE_ARCFOUR_56: - ret = _gssapi_wrap_size_arcfour(minor_status, ctx, + ret = _gssapi_wrap_size_arcfour(minor_status, ctx, context, conf_req_flag, qop_req, req_output_size, max_input_size, key); break; @@ -169,12 +177,12 @@ _gsskrb5_wrap_size_limit ( ret = sub_wrap_size(req_output_size, max_input_size, 8, 34); break; default : - ret = _gssapi_wrap_size_cfx(minor_status, ctx, + ret = _gssapi_wrap_size_cfx(minor_status, ctx, context, conf_req_flag, qop_req, req_output_size, max_input_size, key); break; } - krb5_free_keyblock (_gsskrb5_context, key); + krb5_free_keyblock (context, key); *minor_status = 0; return ret; } @@ -183,6 +191,7 @@ static OM_uint32 wrap_des (OM_uint32 * minor_status, const gsskrb5_ctx ctx, + krb5_context context, int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, @@ -257,9 +266,9 @@ wrap_des /* sequence number */ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); - krb5_auth_con_getlocalseqnumber (_gsskrb5_context, - ctx->auth_context, - &seq_number); + krb5_auth_con_getlocalseqnumber (context, + ctx->auth_context, + &seq_number); p -= 16; p[0] = (seq_number >> 0) & 0xFF; @@ -274,7 +283,7 @@ wrap_des DES_cbc_encrypt ((void *)p, (void *)p, 8, &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT); - krb5_auth_con_setlocalseqnumber (_gsskrb5_context, + krb5_auth_con_setlocalseqnumber (context, ctx->auth_context, ++seq_number); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); @@ -309,6 +318,7 @@ static OM_uint32 wrap_des3 (OM_uint32 * minor_status, const gsskrb5_ctx ctx, + krb5_context context, int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, @@ -365,9 +375,8 @@ wrap_des3 input_message_buffer->length); memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength); - ret = krb5_crypto_init(_gsskrb5_context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { - _gsskrb5_set_error_string (); free (output_message_buffer->value); output_message_buffer->length = 0; output_message_buffer->value = NULL; @@ -375,16 +384,15 @@ wrap_des3 return GSS_S_FAILURE; } - ret = krb5_create_checksum (_gsskrb5_context, + ret = krb5_create_checksum (context, crypto, KRB5_KU_USAGE_SIGN, 0, p + 20, datalen + 8, &cksum); - krb5_crypto_destroy (_gsskrb5_context, crypto); + krb5_crypto_destroy (context, crypto); if (ret) { - _gsskrb5_set_error_string (); free (output_message_buffer->value); output_message_buffer->length = 0; output_message_buffer->value = NULL; @@ -400,7 +408,7 @@ wrap_des3 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); /* sequence number */ - krb5_auth_con_getlocalseqnumber (_gsskrb5_context, + krb5_auth_con_getlocalseqnumber (context, ctx->auth_context, &seq_number); @@ -413,7 +421,7 @@ wrap_des3 4); - ret = krb5_crypto_init(_gsskrb5_context, key, ETYPE_DES3_CBC_NONE, + ret = krb5_crypto_init(context, key, ETYPE_DES3_CBC_NONE, &crypto); if (ret) { free (output_message_buffer->value); @@ -427,15 +435,14 @@ wrap_des3 DES_cblock ivec; memcpy (&ivec, p + 8, 8); - ret = krb5_encrypt_ivec (_gsskrb5_context, + ret = krb5_encrypt_ivec (context, crypto, KRB5_KU_USAGE_SEQ, seq, 8, &encdata, &ivec); } - krb5_crypto_destroy (_gsskrb5_context, crypto); + krb5_crypto_destroy (context, crypto); if (ret) { - _gsskrb5_set_error_string (); free (output_message_buffer->value); output_message_buffer->length = 0; output_message_buffer->value = NULL; @@ -448,7 +455,7 @@ wrap_des3 memcpy (p, encdata.data, encdata.length); krb5_data_free (&encdata); - krb5_auth_con_setlocalseqnumber (_gsskrb5_context, + krb5_auth_con_setlocalseqnumber (context, ctx->auth_context, ++seq_number); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); @@ -459,21 +466,19 @@ wrap_des3 if(conf_req_flag) { krb5_data tmp; - ret = krb5_crypto_init(_gsskrb5_context, key, + ret = krb5_crypto_init(context, key, ETYPE_DES3_CBC_NONE, &crypto); if (ret) { - _gsskrb5_set_error_string (); free (output_message_buffer->value); output_message_buffer->length = 0; output_message_buffer->value = NULL; *minor_status = ret; return GSS_S_FAILURE; } - ret = krb5_encrypt(_gsskrb5_context, crypto, KRB5_KU_USAGE_SEAL, + ret = krb5_encrypt(context, crypto, KRB5_KU_USAGE_SEAL, p, datalen, &tmp); - krb5_crypto_destroy(_gsskrb5_context, crypto); + krb5_crypto_destroy(context, crypto); if (ret) { - _gsskrb5_set_error_string (); free (output_message_buffer->value); output_message_buffer->length = 0; output_message_buffer->value = NULL; @@ -501,44 +506,46 @@ OM_uint32 _gsskrb5_wrap gss_buffer_t output_message_buffer ) { + krb5_context context; krb5_keyblock *key; OM_uint32 ret; krb5_keytype keytype; const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; + GSSAPI_KRB5_INIT (&context); + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); - ret = _gsskrb5i_get_token_key(ctx, &key); + ret = _gsskrb5i_get_token_key(ctx, context, &key); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); if (ret) { - _gsskrb5_set_error_string (); *minor_status = ret; return GSS_S_FAILURE; } - krb5_enctype_to_keytype (_gsskrb5_context, key->keytype, &keytype); + krb5_enctype_to_keytype (context, key->keytype, &keytype); switch (keytype) { case KEYTYPE_DES : - ret = wrap_des (minor_status, ctx, conf_req_flag, + ret = wrap_des (minor_status, ctx, context, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer, key); break; case KEYTYPE_DES3 : - ret = wrap_des3 (minor_status, ctx, conf_req_flag, + ret = wrap_des3 (minor_status, ctx, context, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer, key); break; case KEYTYPE_ARCFOUR: case KEYTYPE_ARCFOUR_56: - ret = _gssapi_wrap_arcfour (minor_status, ctx, conf_req_flag, + ret = _gssapi_wrap_arcfour (minor_status, ctx, context, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer, key); break; default : - ret = _gssapi_wrap_cfx (minor_status, ctx, conf_req_flag, + ret = _gssapi_wrap_cfx (minor_status, ctx, context, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer, key); break; } - krb5_free_keyblock (_gsskrb5_context, key); + krb5_free_keyblock (context, key); return ret; } diff --git a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c index 73207806a0..7df8a3483e 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_accept_sec_context.c,v 1.7 2006/11/10 03:30:12 lha Exp $"); +RCSID("$Id: gss_accept_sec_context.c,v 1.9 2006/12/15 20:12:20 lha Exp $"); static OM_uint32 parse_header(const gss_buffer_t input_token, gss_OID mech_oid) @@ -91,6 +91,8 @@ parse_header(const gss_buffer_t input_token, gss_OID mech_oid) static gss_OID_desc krb5_mechanism = {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02")}; +static gss_OID_desc ntlm_mechanism = + {10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a")}; static gss_OID_desc spnego_mechanism = {6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02")}; @@ -112,7 +114,14 @@ choose_mech(const gss_buffer_t input, gss_OID mech_oid) * Lets guess what mech is really is, callback function to mech ?? */ - if (input->length != 0 && ((const char *)input->value)[0] == 0x6E) { + if (input->length > 8 && + memcmp((const char *)input->value, "NTLMSSP\x00", 8) == 0) + { + *mech_oid = ntlm_mechanism; + return GSS_S_COMPLETE; + } else if (input->length != 0 && + ((const char *)input->value)[0] == 0x6E) + { /* Could be a raw AP-REQ (check for APPLICATION tag) */ *mech_oid = krb5_mechanism; return GSS_S_COMPLETE; diff --git a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c index ccaf91ba9d..0d50bbd92b 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c @@ -27,7 +27,23 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_init_sec_context.c,v 1.3 2006/07/06 22:30:09 lha Exp $"); +RCSID("$Id: gss_init_sec_context.c,v 1.4 2006/11/14 12:33:11 lha Exp $"); + +static gss_cred_id_t +_gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type) +{ + struct _gss_cred *cred = (struct _gss_cred *)cred_handle; + struct _gss_mechanism_cred *mc; + + if (cred == NULL) + return GSS_C_NO_CREDENTIAL; + + SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { + if (gss_oid_equal(mech_type, mc->gmc_mech_oid)) + return mc->gmc_cred; + } + return GSS_C_NO_CREDENTIAL; +} OM_uint32 gss_init_sec_context(OM_uint32 * minor_status, @@ -49,8 +65,6 @@ gss_init_sec_context(OM_uint32 * minor_status, struct _gss_name *name = (struct _gss_name *) target_name; struct _gss_mechanism_name *mn; struct _gss_context *ctx = (struct _gss_context *) *context_handle; - struct _gss_cred *cred = (struct _gss_cred *) initiator_cred_handle; - struct _gss_mechanism_cred *mc; gss_cred_id_t cred_handle; int allocated_ctx; gss_OID mech_type = input_mech_type; @@ -97,15 +111,7 @@ gss_init_sec_context(OM_uint32 * minor_status, /* * If we have a cred, find the cred for this mechanism. */ - cred_handle = GSS_C_NO_CREDENTIAL; - if (cred) { - SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { - if (gss_oid_equal(mech_type, mc->gmc_mech_oid)) { - cred_handle = mc->gmc_cred; - break; - } - } - } + cred_handle = _gss_mech_cred_find(initiator_cred_handle, mech_type); major_status = m->gm_init_sec_context(minor_status, cred_handle, diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c index 3d01ba69d4..b8fdefdca1 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c +++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -28,7 +28,7 @@ #include "mech_locl.h" #include -RCSID("$Id: gss_mech_switch.c,v 1.7 2006/10/09 11:13:30 lha Exp $"); +RCSID("$Id: gss_mech_switch.c,v 1.8 2006/12/15 20:05:43 lha Exp $"); #ifndef _PATH_GSS_MECH #define _PATH_GSS_MECH "/etc/gss/mech" @@ -169,6 +169,8 @@ add_builtin(gssapi_mech_interface mech) { struct _gss_mech_switch *m; OM_uint32 minor_status; + if (!mech) + return 0; m = malloc(sizeof(*m)); if (m == NULL) @@ -214,6 +216,7 @@ _gss_load_mech(void) add_builtin(__gss_krb5_initialize()); add_builtin(__gss_spnego_initialize()); + add_builtin(__gss_ntlm_initialize()); fp = fopen(_PATH_GSS_MECH, "r"); if (!fp) { diff --git a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c index f8e013da18..f813d72ac8 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c +++ b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_set_cred_option.c,v 1.7 2006/07/01 08:50:49 lha Exp $"); +RCSID("$Id: gss_set_cred_option.c,v 1.8 2006/11/13 08:59:43 lha Exp $"); OM_uint32 gss_set_cred_option (OM_uint32 *minor_status, @@ -102,7 +102,7 @@ gss_set_cred_option (OM_uint32 *minor_status, major_status = m->gm_set_cred_option(minor_status, &mc->gmc_cred, object, value); - if (major_status == GSS_S_BAD_MECH) + if (major_status == GSS_S_COMPLETE) one_ok = 1; } } diff --git a/source4/heimdal/lib/gssapi/mech/gss_utils.c b/source4/heimdal/lib/gssapi/mech/gss_utils.c index 33ee033209..d674fb163b 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_utils.c +++ b/source4/heimdal/lib/gssapi/mech/gss_utils.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_utils.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_utils.c,v 1.3 2006/12/18 13:01:25 lha Exp $"); OM_uint32 _gss_copy_oid(OM_uint32 *minor_status, @@ -46,6 +46,17 @@ _gss_copy_oid(OM_uint32 *minor_status, return (GSS_S_COMPLETE); } +OM_uint32 +_gss_free_oid(OM_uint32 *minor_status, gss_OID oid) +{ + *minor_status = 0; + if (oid->elements) { + free(oid->elements); + oid->elements = NULL; + oid->length = 0; + } + return (GSS_S_COMPLETE); +} OM_uint32 _gss_copy_buffer(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/utils.h b/source4/heimdal/lib/gssapi/mech/utils.h index 75a507298c..42e92c3f42 100644 --- a/source4/heimdal/lib/gssapi/mech/utils.h +++ b/source4/heimdal/lib/gssapi/mech/utils.h @@ -24,9 +24,10 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/utils.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: utils.h,v 1.3 2006/07/20 01:48:25 lha Exp $ + * $Id: utils.h,v 1.4 2006/12/18 13:01:40 lha Exp $ */ +OM_uint32 _gss_free_oid(OM_uint32 *, gss_OID); OM_uint32 _gss_copy_oid(OM_uint32 *, const gss_OID, gss_OID); OM_uint32 _gss_copy_buffer(OM_uint32 *minor_status, const gss_buffer_t from_buf, gss_buffer_t to_buf); diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c index 8a885a3e2f..2c86b3f794 100644 --- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * Portions Copyright (c) 2004 PADL Software Pty Ltd. * @@ -33,203 +33,85 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: accept_sec_context.c,v 1.6 2006/10/07 22:26:57 lha Exp $"); - -OM_uint32 -_gss_spnego_encode_response(OM_uint32 *minor_status, - const NegTokenResp *resp, - gss_buffer_t data, - u_char **ret_buf) -{ - OM_uint32 ret; - u_char *buf; - size_t buf_size, buf_len; - - buf_size = 1024; - buf = malloc(buf_size); - if (buf == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - do { - ret = encode_NegTokenResp(buf + buf_size - 1, - buf_size, - resp, &buf_len); - if (ret == 0) { - size_t tmp; - - ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, - buf_size - buf_len, - buf_len, - ASN1_C_CONTEXT, - CONS, - 1, - &tmp); - if (ret == 0) - buf_len += tmp; - } - if (ret) { - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - *minor_status = ENOMEM; - free(buf); - return GSS_S_FAILURE; - } - buf = tmp; - } else { - *minor_status = ret; - free(buf); - return GSS_S_FAILURE; - } - } - } while (ret == ASN1_OVERFLOW); - - data->value = buf + buf_size - buf_len; - data->length = buf_len; - *ret_buf = buf; - - return GSS_S_COMPLETE; -} +RCSID("$Id: accept_sec_context.c,v 1.16 2006/12/19 12:10:35 lha Exp $"); static OM_uint32 send_reject (OM_uint32 *minor_status, gss_buffer_t output_token) { - NegTokenResp resp; - gss_buffer_desc data; - u_char *buf; - OM_uint32 ret; + NegotiationToken nt; + size_t size; + + nt.element = choice_NegotiationToken_negTokenResp; - ALLOC(resp.negResult, 1); - if (resp.negResult == NULL) { + ALLOC(nt.u.negTokenResp.negResult, 1); + if (nt.u.negTokenResp.negResult == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } - *(resp.negResult) = reject; - resp.supportedMech = NULL; - resp.responseToken = NULL; - resp.mechListMIC = NULL; + *(nt.u.negTokenResp.negResult) = reject; + nt.u.negTokenResp.supportedMech = NULL; + nt.u.negTokenResp.responseToken = NULL; + nt.u.negTokenResp.mechListMIC = NULL; - ret = _gss_spnego_encode_response (minor_status, &resp, &data, &buf); - free_NegTokenResp(&resp); - if (ret != GSS_S_COMPLETE) - return ret; + ASN1_MALLOC_ENCODE(NegotiationToken, + output_token->value, output_token->length, &nt, + &size, *minor_status); + free_NegotiationToken(&nt); + if (*minor_status != 0) + return GSS_S_FAILURE; - output_token->value = malloc(data.length); - if (output_token->value == NULL) { - *minor_status = ENOMEM; - ret = GSS_S_FAILURE; - } else { - output_token->length = data.length; - memcpy(output_token->value, data.value, output_token->length); - } - free(buf); - if (ret != GSS_S_COMPLETE) - return ret; return GSS_S_BAD_MECH; } -OM_uint32 -_gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status, - int includeMSCompatOID, - const gssspnego_cred cred_handle, - MechTypeList *mechtypelist, - gss_OID *preferred_mech) +static OM_uint32 +acceptor_approved(gss_name_t target_name, gss_OID mech) { - OM_uint32 ret; - gss_OID_set supported_mechs = GSS_C_NO_OID_SET; - int i, count; - - if (cred_handle != NULL) { - ret = gss_inquire_cred(minor_status, - cred_handle->negotiated_cred_id, - NULL, - NULL, - NULL, - &supported_mechs); - } else { - ret = gss_indicate_mechs(minor_status, &supported_mechs); - } + gss_cred_id_t cred = GSS_C_NO_CREDENTIAL; + gss_OID_set oidset; + OM_uint32 junk, ret; - if (ret != GSS_S_COMPLETE) { - return ret; - } + if (target_name == GSS_C_NO_NAME) + return GSS_S_COMPLETE; - if (supported_mechs->count == 0) { - *minor_status = ENOENT; - gss_release_oid_set(minor_status, &supported_mechs); - return GSS_S_FAILURE; - } - - count = supported_mechs->count; - if (includeMSCompatOID) - count++; - - mechtypelist->len = 0; - mechtypelist->val = calloc(count, sizeof(MechType)); - if (mechtypelist->val == NULL) { - *minor_status = ENOMEM; - gss_release_oid_set(minor_status, &supported_mechs); - return GSS_S_FAILURE; - } - - for (i = 0; i < supported_mechs->count; i++) { - ret = _gss_spnego_add_mech_type(&supported_mechs->elements[i], - includeMSCompatOID, - mechtypelist); - if (ret != 0) { - *minor_status = ENOMEM; - ret = GSS_S_FAILURE; - break; - } - } - - if (ret == GSS_S_COMPLETE && preferred_mech != NULL) { - ret = gss_duplicate_oid(minor_status, - &supported_mechs->elements[0], - preferred_mech); - } - - if (ret != GSS_S_COMPLETE) { - free_MechTypeList(mechtypelist); - mechtypelist->len = 0; - mechtypelist->val = NULL; - } - gss_release_oid_set(minor_status, &supported_mechs); - - return ret; + gss_create_empty_oid_set(&junk, &oidset); + gss_add_oid_set_member(&junk, mech, &oidset); + + ret = gss_acquire_cred(&junk, target_name, GSS_C_INDEFINITE, oidset, + GSS_C_ACCEPT, &cred, NULL, NULL); + gss_release_oid_set(&junk, &oidset); + if (ret != GSS_S_COMPLETE) + return ret; + gss_release_cred(&junk, &cred); + + return GSS_S_COMPLETE; } static OM_uint32 send_supported_mechs (OM_uint32 *minor_status, gss_buffer_t output_token) { - NegTokenInit ni; + NegotiationTokenWin nt; char hostname[MAXHOSTNAMELEN], *p; gss_buffer_desc name_buf; gss_OID name_type; gss_name_t target_princ; gss_name_t canon_princ; - OM_uint32 ret, minor; - u_char *buf; - size_t buf_size, buf_len; + OM_uint32 minor; + size_t buf_len; gss_buffer_desc data; + OM_uint32 ret; - memset(&ni, 0, sizeof(ni)); + memset(&nt, 0, sizeof(nt)); - ni.reqFlags = NULL; - ni.mechToken = NULL; - ni.negHints = NULL; - ni.mechListMIC = NULL; + nt.element = choice_NegotiationTokenWin_negTokenInit; + nt.u.negTokenInit.reqFlags = NULL; + nt.u.negTokenInit.mechToken = NULL; + nt.u.negTokenInit.negHints = NULL; - ret = _gss_spnego_indicate_mechtypelist(minor_status, 1, - NULL, - &ni.mechTypes, NULL); + ret = _gss_spnego_indicate_mechtypelist(minor_status, GSS_C_NO_NAME, + acceptor_approved, 1, NULL, + &nt.u.negTokenInit.mechTypes, NULL); if (ret != GSS_S_COMPLETE) { return ret; } @@ -237,7 +119,7 @@ send_supported_mechs (OM_uint32 *minor_status, memset(&target_princ, 0, sizeof(target_princ)); if (gethostname(hostname, sizeof(hostname) - 1) != 0) { *minor_status = errno; - free_NegTokenInit(&ni); + free_NegotiationTokenWin(&nt); return GSS_S_FAILURE; } @@ -255,6 +137,7 @@ send_supported_mechs (OM_uint32 *minor_status, GSS_C_NO_OID, &target_princ); if (ret != GSS_S_COMPLETE) { + free_NegotiationTokenWin(&nt); return ret; } @@ -267,6 +150,7 @@ send_supported_mechs (OM_uint32 *minor_status, GSS_C_NO_OID, &canon_princ); if (ret != GSS_S_COMPLETE) { + free_NegotiationTokenWin(&nt); gss_release_name(&minor, &target_princ); return ret; } @@ -274,6 +158,7 @@ send_supported_mechs (OM_uint32 *minor_status, ret = gss_display_name(minor_status, canon_princ, &name_buf, &name_type); if (ret != GSS_S_COMPLETE) { + free_NegotiationTokenWin(&nt); gss_release_name(&minor, &canon_princ); gss_release_name(&minor, &target_princ); return ret; @@ -282,81 +167,38 @@ send_supported_mechs (OM_uint32 *minor_status, gss_release_name(&minor, &canon_princ); gss_release_name(&minor, &target_princ); - ALLOC(ni.negHints, 1); - if (ni.negHints == NULL) { + ALLOC(nt.u.negTokenInit.negHints, 1); + if (nt.u.negTokenInit.negHints == NULL) { *minor_status = ENOMEM; gss_release_buffer(&minor, &name_buf); - free_NegTokenInit(&ni); + free_NegotiationTokenWin(&nt); return GSS_S_FAILURE; } - ALLOC(ni.negHints->hintName, 1); - if (ni.negHints->hintName == NULL) { + ALLOC(nt.u.negTokenInit.negHints->hintName, 1); + if (nt.u.negTokenInit.negHints->hintName == NULL) { *minor_status = ENOMEM; gss_release_buffer(&minor, &name_buf); - free_NegTokenInit(&ni); + free_NegotiationTokenWin(&nt); return GSS_S_FAILURE; } - *(ni.negHints->hintName) = name_buf.value; + *(nt.u.negTokenInit.negHints->hintName) = name_buf.value; name_buf.value = NULL; - ni.negHints->hintAddress = NULL; + nt.u.negTokenInit.negHints->hintAddress = NULL; - buf_size = 1024; - buf = malloc(buf_size); - if (buf == NULL) { - free_NegTokenInit(&ni); - *minor_status = ENOMEM; - return GSS_S_FAILURE; + ASN1_MALLOC_ENCODE(NegotiationTokenWin, + data.value, data.length, &nt, &buf_len, ret); + free_NegotiationTokenWin(&nt); + if (ret) { + return ret; } + if (data.length != buf_len) + abort(); - do { - ret = encode_NegTokenInit(buf + buf_size - 1, - buf_size, - &ni, &buf_len); - if (ret == 0) { - size_t tmp; - - ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, - buf_size - buf_len, - buf_len, - ASN1_C_CONTEXT, - CONS, - 0, - &tmp); - if (ret == 0) - buf_len += tmp; - } - if (ret) { - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - *minor_status = ENOMEM; - free(buf); - free_NegTokenInit(&ni); - return GSS_S_FAILURE; - } - buf = tmp; - } else { - *minor_status = ret; - free(buf); - free_NegTokenInit(&ni); - return GSS_S_FAILURE; - } - } - } while (ret == ASN1_OVERFLOW); + ret = gss_encapsulate_token(&data, GSS_SPNEGO_MECHANISM, output_token); - data.value = buf + buf_size - buf_len; - data.length = buf_len; - - ret = gss_encapsulate_token(&data, - GSS_SPNEGO_MECHANISM, - output_token); - free (buf); - free_NegTokenInit (&ni); + free (data.value); if (ret != GSS_S_COMPLETE) return ret; @@ -374,16 +216,17 @@ send_accept (OM_uint32 *minor_status, gss_buffer_t mech_buf, gss_buffer_t output_token) { - NegTokenResp resp; - gss_buffer_desc data; - u_char *buf; + NegotiationToken nt; OM_uint32 ret; gss_buffer_desc mech_mic_buf; + size_t size; - memset(&resp, 0, sizeof(resp)); + memset(&nt, 0, sizeof(nt)); - ALLOC(resp.negResult, 1); - if (resp.negResult == NULL) { + nt.element = choice_NegotiationToken_negTokenResp; + + ALLOC(nt.u.negTokenResp.negResult, 1); + if (nt.u.negTokenResp.negResult == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } @@ -392,79 +235,85 @@ send_accept (OM_uint32 *minor_status, if (mech_token != GSS_C_NO_BUFFER && mech_token->length != 0 && mech_buf != GSS_C_NO_BUFFER) - *(resp.negResult) = accept_incomplete; + *(nt.u.negTokenResp.negResult) = accept_incomplete; else - *(resp.negResult) = accept_completed; + *(nt.u.negTokenResp.negResult) = accept_completed; } else { if (initial_response && context_handle->require_mic) - *(resp.negResult) = request_mic; + *(nt.u.negTokenResp.negResult) = request_mic; else - *(resp.negResult) = accept_incomplete; + *(nt.u.negTokenResp.negResult) = accept_incomplete; } if (initial_response) { - ALLOC(resp.supportedMech, 1); - if (resp.supportedMech == NULL) { - free_NegTokenResp(&resp); + ALLOC(nt.u.negTokenResp.supportedMech, 1); + if (nt.u.negTokenResp.supportedMech == NULL) { + free_NegotiationToken(&nt); *minor_status = ENOMEM; return GSS_S_FAILURE; } ret = der_get_oid(context_handle->preferred_mech_type->elements, context_handle->preferred_mech_type->length, - resp.supportedMech, + nt.u.negTokenResp.supportedMech, NULL); if (ret) { - free_NegTokenResp(&resp); + free_NegotiationToken(&nt); *minor_status = ENOMEM; return GSS_S_FAILURE; } } else { - resp.supportedMech = NULL; + nt.u.negTokenResp.supportedMech = NULL; } if (mech_token != GSS_C_NO_BUFFER && mech_token->length != 0) { - ALLOC(resp.responseToken, 1); - if (resp.responseToken == NULL) { - free_NegTokenResp(&resp); + ALLOC(nt.u.negTokenResp.responseToken, 1); + if (nt.u.negTokenResp.responseToken == NULL) { + free_NegotiationToken(&nt); *minor_status = ENOMEM; return GSS_S_FAILURE; } - resp.responseToken->length = mech_token->length; - resp.responseToken->data = mech_token->value; + nt.u.negTokenResp.responseToken->length = mech_token->length; + nt.u.negTokenResp.responseToken->data = mech_token->value; mech_token->length = 0; mech_token->value = NULL; } else { - resp.responseToken = NULL; + nt.u.negTokenResp.responseToken = NULL; } if (mech_buf != GSS_C_NO_BUFFER) { - ALLOC(resp.mechListMIC, 1); - if (resp.mechListMIC == NULL) { - free_NegTokenResp(&resp); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - ret = gss_get_mic(minor_status, context_handle->negotiated_ctx_id, 0, mech_buf, &mech_mic_buf); - if (ret != GSS_S_COMPLETE) { - free_NegTokenResp(&resp); + if (ret == GSS_S_COMPLETE) { + ALLOC(nt.u.negTokenResp.mechListMIC, 1); + if (nt.u.negTokenResp.mechListMIC == NULL) { + gss_release_buffer(minor_status, &mech_mic_buf); + free_NegotiationToken(&nt); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + nt.u.negTokenResp.mechListMIC->length = mech_mic_buf.length; + nt.u.negTokenResp.mechListMIC->data = mech_mic_buf.value; + } else if (ret == GSS_S_UNAVAILABLE) { + nt.u.negTokenResp.mechListMIC = NULL; + } else { + free_NegotiationToken(&nt); return ret; } - resp.mechListMIC->length = mech_mic_buf.length; - resp.mechListMIC->data = mech_mic_buf.value; } else - resp.mechListMIC = NULL; + nt.u.negTokenResp.mechListMIC = NULL; - ret = _gss_spnego_encode_response (minor_status, &resp, &data, &buf); - if (ret != GSS_S_COMPLETE) { - free_NegTokenResp(&resp); - return ret; + ASN1_MALLOC_ENCODE(NegotiationToken, + output_token->value, output_token->length, + &nt, &size, ret); + if (ret) { + free_NegotiationToken(&nt); + *minor_status = ret; + return GSS_S_FAILURE; } /* @@ -472,23 +321,12 @@ send_accept (OM_uint32 *minor_status, * it is a SubsequentContextToken (note though RFC 1964 * specifies encapsulation for all _Kerberos_ tokens). */ - output_token->value = malloc(data.length); - if (output_token->value == NULL) { - *minor_status = ENOMEM; - ret = GSS_S_FAILURE; - } else { - output_token->length = data.length; - memcpy(output_token->value, data.value, output_token->length); - } - free(buf); - if (ret != GSS_S_COMPLETE) { - free_NegTokenResp(&resp); - return ret; - } - ret = (*(resp.negResult) == accept_completed) ? GSS_S_COMPLETE : - GSS_S_CONTINUE_NEEDED; - free_NegTokenResp(&resp); + if (*(nt.u.negTokenResp.negResult) == accept_completed) + ret = GSS_S_COMPLETE; + else + ret = GSS_S_CONTINUE_NEEDED; + free_NegotiationToken(&nt); return ret; } @@ -530,8 +368,164 @@ verify_mechlist_mic return ret; } -OM_uint32 -_gss_spnego_accept_sec_context +static OM_uint32 +select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p, + gss_OID *mech_p) +{ + char mechbuf[64]; + size_t mech_len; + gss_OID_desc oid; + OM_uint32 ret, junk; + + ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1, + sizeof(mechbuf), + mechType, + &mech_len); + if (ret) { + return GSS_S_DEFECTIVE_TOKEN; + } + + oid.length = mech_len; + oid.elements = mechbuf + sizeof(mechbuf) - mech_len; + + if (gss_oid_equal(&oid, GSS_SPNEGO_MECHANISM)) { + return GSS_S_BAD_MECH; + } + + *minor_status = 0; + + /* Translate broken MS Kebreros OID */ + if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc)) { + gssapi_mech_interface mech; + + mech = __gss_get_mechanism(&_gss_spnego_krb5_mechanism_oid_desc); + if (mech == NULL) + return GSS_S_BAD_MECH; + + ret = gss_duplicate_oid(minor_status, + &_gss_spnego_mskrb_mechanism_oid_desc, + mech_p); + } else { + gssapi_mech_interface mech; + + mech = __gss_get_mechanism(&oid); + if (mech == NULL) + return GSS_S_BAD_MECH; + + ret = gss_duplicate_oid(minor_status, + &mech->gm_mech_oid, + mech_p); + } + + if (verify_p) { + gss_name_t name = GSS_C_NO_NAME; + gss_buffer_desc namebuf; + char *str = NULL, *host, hostname[MAXHOSTNAMELEN]; + + host = getenv("GSSAPI_SPNEGO_NAME"); + if (host == NULL || issuid()) { + if (gethostname(hostname, sizeof(hostname)) != 0) { + *minor_status = errno; + return GSS_S_FAILURE; + } + asprintf(&str, "host@%s", hostname); + host = str; + } + + namebuf.length = strlen(host); + namebuf.value = host; + + ret = gss_import_name(minor_status, &namebuf, + GSS_C_NT_HOSTBASED_SERVICE, &name); + if (str) + free(str); + if (ret != GSS_S_COMPLETE) + return ret; + + ret = acceptor_approved(name, *mech_p); + gss_release_name(&junk, &name); + } + + return ret; +} + + +static OM_uint32 +acceptor_complete(OM_uint32 * minor_status, + gssspnego_ctx ctx, + int *get_mic, + gss_buffer_t mech_buf, + gss_buffer_t mech_input_token, + gss_buffer_t mech_output_token, + heim_octet_string *mic, + gss_buffer_t output_token) +{ + OM_uint32 ret; + int require_mic, verify_mic; + gss_buffer_desc buf; + + buf.length = 0; + buf.value = NULL; + + ret = _gss_spnego_require_mechlist_mic(minor_status, ctx, &require_mic); + if (ret) + return ret; + + ctx->require_mic = require_mic; + + if (mic != NULL) + require_mic = 1; + + if (ctx->open && require_mic) { + if (mech_input_token == GSS_C_NO_BUFFER) { /* Even/One */ + verify_mic = 1; + *get_mic = 0; + } else if (mech_output_token != GSS_C_NO_BUFFER && + mech_output_token->length == 0) { /* Odd */ + *get_mic = verify_mic = 1; + } else { /* Even/One */ + verify_mic = 0; + *get_mic = 1; + } + + if (verify_mic || get_mic) { + int eret; + size_t buf_len; + + ASN1_MALLOC_ENCODE(MechTypeList, + mech_buf->value, mech_buf->length, + &ctx->initiator_mech_types, &buf_len, eret); + if (eret) { + *minor_status = eret; + return GSS_S_FAILURE; + } + if (buf.length != buf_len) + abort(); + } + + if (verify_mic) { + ret = verify_mechlist_mic(minor_status, ctx, mech_buf, mic); + if (ret) { + if (get_mic) + send_reject (minor_status, output_token); + if (buf.value) + free(buf.value); + return ret; + } + ctx->verified_mic = 1; + } + if (buf.value) + free(buf.value); + + } else + *get_mic = verify_mic = 0; + + return GSS_S_COMPLETE; +} + + +static OM_uint32 +acceptor_start (OM_uint32 * minor_status, gss_ctx_id_t * context_handle, const gss_cred_id_t acceptor_cred_handle, @@ -547,40 +541,21 @@ _gss_spnego_accept_sec_context { OM_uint32 ret, ret2, minor; NegTokenInit ni; - NegTokenResp na; - size_t ni_len, na_len; + size_t ni_len; int i; gss_buffer_desc data; size_t len, taglen; - int initialToken; - unsigned int negResult = accept_incomplete; gss_buffer_t mech_input_token = GSS_C_NO_BUFFER; - gss_buffer_t mech_output_token = GSS_C_NO_BUFFER; + gss_buffer_desc mech_output_token; gss_buffer_desc mech_buf; gss_OID preferred_mech_type = GSS_C_NO_OID; gssspnego_ctx ctx; gssspnego_cred acceptor_cred = (gssspnego_cred)acceptor_cred_handle; + int get_mic = 0; + int first_ok = 0; - *minor_status = 0; - - output_token->length = 0; - output_token->value = NULL; - - if (src_name != NULL) - *src_name = GSS_C_NO_NAME; - - if (mech_type != NULL) - *mech_type = GSS_C_NO_OID; - - if (ret_flags != NULL) - *ret_flags = 0; - - if (time_rec != NULL) - *time_rec = 0; - - if (delegated_cred_handle != NULL) - *delegated_cred_handle = GSS_C_NO_CREDENTIAL; - + mech_output_token.value = NULL; + mech_output_token.length = 0; mech_buf.value = NULL; if (*context_handle == GSS_C_NO_CONTEXT) { @@ -590,8 +565,7 @@ _gss_spnego_accept_sec_context return ret; if (input_token_buffer->length == 0) { - return send_supported_mechs (minor_status, - output_token); + return send_supported_mechs (minor_status, output_token); } } @@ -604,16 +578,12 @@ _gss_spnego_accept_sec_context ret = gss_decapsulate_token (input_token_buffer, GSS_SPNEGO_MECHANISM, &data); - initialToken = (ret == GSS_S_COMPLETE); - - if (!initialToken) { - data.value = input_token_buffer->value; - data.length = input_token_buffer->length; - } + if (ret) + return ret; ret = der_match_tag_and_length(data.value, data.length, ASN1_C_CONTEXT, CONS, - initialToken ? 0 : 1, + 0, &len, &taglen); if (ret) { *minor_status = ret; @@ -625,70 +595,263 @@ _gss_spnego_accept_sec_context return GSS_S_FAILURE; } - if (initialToken) { - ret = decode_NegTokenInit((const unsigned char *)data.value + taglen, + ret = decode_NegTokenInit((const unsigned char *)data.value + taglen, len, &ni, &ni_len); - } else { - ret = decode_NegTokenResp((const unsigned char *)data.value + taglen, - len, &na, &na_len); - } if (ret) { *minor_status = ret; return GSS_S_DEFECTIVE_TOKEN; } - if (!initialToken && na.negResult != NULL) { - negResult = *(na.negResult); + if (ni.mechTypes.len < 1) { + free_NegTokenInit(&ni); + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; } - if (negResult == reject || negResult == request_mic) { - /* request_mic should only be sent by acceptor */ - free_NegTokenResp(&na); - return GSS_S_DEFECTIVE_TOKEN; + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + + ret = copy_MechTypeList(&ni.mechTypes, &ctx->initiator_mech_types); + if (ret) { + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + free_NegTokenInit(&ni); + *minor_status = ret; + return GSS_S_FAILURE; } - if (initialToken) { - for (i = 0; i < ni.mechTypes.len; ++i) { - /* Call glue layer to find first mech we support */ - ret = _gss_spnego_select_mech(minor_status, &ni.mechTypes.val[i], - &preferred_mech_type); + /* + * First we try the opportunistic token if we have support for it, + * don't try to verify we have credential for the token, + * gss_accept_sec_context will (hopefully) tell us that. + * If that failes, + */ + + ret = select_mech(minor_status, + &ni.mechTypes.val[0], + 0, + &preferred_mech_type); + + if (ret == 0 && ni.mechToken != NULL) { + gss_cred_id_t mech_delegated_cred = GSS_C_NO_CREDENTIAL; + gss_cred_id_t mech_cred; + gss_buffer_desc ibuf; + + ibuf.length = ni.mechToken->length; + ibuf.value = ni.mechToken->data; + mech_input_token = &ibuf; + + if (acceptor_cred != NULL) + mech_cred = acceptor_cred->negotiated_cred_id; + else + mech_cred = GSS_C_NO_CREDENTIAL; + + if (ctx->mech_src_name != GSS_C_NO_NAME) + gss_release_name(&minor, &ctx->mech_src_name); + + if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL) + _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id); + + ret = gss_accept_sec_context(&minor, + &ctx->negotiated_ctx_id, + mech_cred, + mech_input_token, + input_chan_bindings, + &ctx->mech_src_name, + &ctx->negotiated_mech_type, + &mech_output_token, + &ctx->mech_flags, + &ctx->mech_time_rec, + &mech_delegated_cred); + if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) { + if (delegated_cred_handle) + ret = _gss_spnego_alloc_cred(minor_status, + mech_delegated_cred, + delegated_cred_handle); + else + gss_release_cred(&ret2, &mech_delegated_cred); + + ctx->preferred_mech_type = preferred_mech_type; + ctx->negotiated_mech_type = preferred_mech_type; + if (ret == GSS_S_COMPLETE) + ctx->open = 1; + + ret = acceptor_complete(minor_status, + ctx, + &get_mic, + &mech_buf, + mech_input_token, + &mech_output_token, + ni.mechListMIC, + output_token); + if (ret != GSS_S_COMPLETE) + goto out; + + first_ok = 1; + } + } + + /* + * If opportunistic token failed, lets try the other mechs. + */ + + if (!first_ok) { + + /* Call glue layer to find first mech we support */ + for (i = 1; i < ni.mechTypes.len; ++i) { + ret = select_mech(minor_status, + &ni.mechTypes.val[i], + 1, + &preferred_mech_type); if (ret == 0) break; } if (preferred_mech_type == GSS_C_NO_OID) { + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); free_NegTokenInit(&ni); return GSS_S_BAD_MECH; } + + ctx->preferred_mech_type = preferred_mech_type; + ctx->negotiated_mech_type = preferred_mech_type; } - HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + /* + * The initial token always have a response + */ - if (initialToken) { - ctx->preferred_mech_type = preferred_mech_type; - ctx->initiator_mech_types.len = ni.mechTypes.len; - ctx->initiator_mech_types.val = ni.mechTypes.val; - ni.mechTypes.len = 0; - ni.mechTypes.val = NULL; + ret = send_accept (minor_status, + ctx, + &mech_output_token, + 1, + get_mic ? &mech_buf : NULL, + output_token); + if (ret) + goto out; + +out: + if (mech_output_token.value != NULL) + gss_release_buffer(&minor, &mech_output_token); + if (mech_buf.value != NULL) { + free(mech_buf.value); + mech_buf.value = NULL; + } + free_NegTokenInit(&ni); + + if (ret == GSS_S_COMPLETE) { + if (src_name != NULL && ctx->mech_src_name != NULL) { + spnego_name name; + + name = calloc(1, sizeof(*name)); + if (name) { + name->mech = ctx->mech_src_name; + ctx->mech_src_name = NULL; + *src_name = (gss_name_t)name; + } else + *src_name = GSS_C_NO_NAME; + } + if (delegated_cred_handle != NULL) { + *delegated_cred_handle = ctx->delegated_cred_id; + ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL; + } + } + + if (mech_type != NULL) + *mech_type = ctx->negotiated_mech_type; + if (ret_flags != NULL) + *ret_flags = ctx->mech_flags; + if (time_rec != NULL) + *time_rec = ctx->mech_time_rec; + + if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) { + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return ret; } + _gss_spnego_internal_delete_sec_context(&minor, context_handle, + GSS_C_NO_BUFFER); + + return ret; +} + + +static OM_uint32 +acceptor_continue + (OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token_buffer, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t * src_name, + gss_OID * mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec, + gss_cred_id_t *delegated_cred_handle + ) +{ + OM_uint32 ret, ret2, minor; + NegTokenResp na; + size_t na_len; + gss_buffer_desc data; + size_t len, taglen; + unsigned int negResult = accept_incomplete; + gss_buffer_t mech_input_token = GSS_C_NO_BUFFER; + gss_buffer_t mech_output_token = GSS_C_NO_BUFFER; + gss_buffer_desc mech_buf; + gssspnego_ctx ctx; + gssspnego_cred acceptor_cred = (gssspnego_cred)acceptor_cred_handle; + + mech_buf.value = NULL; + + ctx = (gssspnego_ctx)*context_handle; + + /* + * The GSS-API encapsulation is only present on the initial + * context token (negTokenInit). + */ + + data.value = input_token_buffer->value; + data.length = input_token_buffer->length; + + ret = der_match_tag_and_length(data.value, data.length, + ASN1_C_CONTEXT, CONS, + 1, + &len, &taglen); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + if (len > data.length - taglen) { + *minor_status = ASN1_OVERRUN; + return GSS_S_FAILURE; + } + + ret = decode_NegTokenResp((const unsigned char *)data.value + taglen, + len, &na, &na_len); + if (ret) { + *minor_status = ret; + return GSS_S_DEFECTIVE_TOKEN; + } + + if (na.negResult != NULL) { + negResult = *(na.negResult); + } + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + { gss_buffer_desc ibuf, obuf; - int require_mic, verify_mic, get_mic; + int require_mic, get_mic; int require_response; heim_octet_string *mic; - if (initialToken) { - if (ni.mechToken != NULL) { - ibuf.length = ni.mechToken->length; - ibuf.value = ni.mechToken->data; - mech_input_token = &ibuf; - } + if (na.responseToken != NULL) { + ibuf.length = na.responseToken->length; + ibuf.value = na.responseToken->data; + mech_input_token = &ibuf; } else { - if (na.responseToken != NULL) { - ibuf.length = na.responseToken->length; - ibuf.value = na.responseToken->data; - mech_input_token = &ibuf; - } + ibuf.value = NULL; + ibuf.length = 0; } if (mech_input_token != GSS_C_NO_BUFFER) { @@ -737,10 +900,7 @@ _gss_spnego_accept_sec_context mech_output_token = &obuf; } if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) { - if (initialToken) - free_NegTokenInit(&ni); - else - free_NegTokenResp(&na); + free_NegTokenResp(&na); send_reject (minor_status, output_token); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); return ret; @@ -758,50 +918,19 @@ _gss_spnego_accept_sec_context ctx->require_mic = require_mic; - mic = initialToken ? ni.mechListMIC : na.mechListMIC; + mic = na.mechListMIC; if (mic != NULL) require_mic = 1; - if (ctx->open && require_mic) { - if (mech_input_token == GSS_C_NO_BUFFER) { /* Even/One */ - verify_mic = 1; - get_mic = 0; - } else if (mech_output_token != GSS_C_NO_BUFFER && - mech_output_token->length == 0) { /* Odd */ - get_mic = verify_mic = 1; - } else { /* Even/One */ - verify_mic = 0; - get_mic = 1; - } - - if (verify_mic || get_mic) { - int eret; - size_t buf_len; - - ASN1_MALLOC_ENCODE(MechTypeList, - mech_buf.value, mech_buf.length, - &ctx->initiator_mech_types, &buf_len, eret); - if (eret) { - ret2 = GSS_S_FAILURE; - *minor_status = eret; - goto out; - } - if (mech_buf.length != buf_len) - abort(); - } - - if (verify_mic) { - ret2 = verify_mechlist_mic(minor_status, ctx, &mech_buf, mic); - if (ret2) { - if (get_mic) - send_reject (minor_status, output_token); - goto out; - } - - ctx->verified_mic = 1; - } - } else - verify_mic = get_mic = 0; + if (ret == GSS_S_COMPLETE) + ret = acceptor_complete(minor_status, + ctx, + &get_mic, + &mech_buf, + mech_input_token, + mech_output_token, + na.mechListMIC, + output_token); if (ctx->mech_flags & GSS_C_DCE_STYLE) require_response = (negResult != accept_completed); @@ -814,12 +943,13 @@ _gss_spnego_accept_sec_context */ if ((mech_output_token != GSS_C_NO_BUFFER && mech_output_token->length != 0) + || (ctx->open && negResult == accept_incomplete) || require_response || get_mic) { ret2 = send_accept (minor_status, ctx, mech_output_token, - initialToken, + 0, get_mic ? &mech_buf : NULL, output_token); if (ret2) @@ -833,10 +963,7 @@ _gss_spnego_accept_sec_context gss_release_buffer(&minor, mech_output_token); if (mech_buf.value != NULL) free(mech_buf.value); - if (initialToken) - free_NegTokenInit(&ni); - else - free_NegTokenResp(&na); + free_NegTokenResp(&na); } if (ret == GSS_S_COMPLETE) { @@ -871,3 +998,48 @@ _gss_spnego_accept_sec_context return ret; } +OM_uint32 +_gss_spnego_accept_sec_context + (OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token_buffer, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t * src_name, + gss_OID * mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec, + gss_cred_id_t *delegated_cred_handle + ) +{ + _gss_accept_sec_context_t *func; + + *minor_status = 0; + + output_token->length = 0; + output_token->value = NULL; + + if (src_name != NULL) + *src_name = GSS_C_NO_NAME; + if (mech_type != NULL) + *mech_type = GSS_C_NO_OID; + if (ret_flags != NULL) + *ret_flags = 0; + if (time_rec != NULL) + *time_rec = 0; + if (delegated_cred_handle != NULL) + *delegated_cred_handle = GSS_C_NO_CREDENTIAL; + + + if (*context_handle == GSS_C_NO_CONTEXT) + func = acceptor_start; + else + func = acceptor_continue; + + + return (*func)(minor_status, context_handle, acceptor_cred_handle, + input_token_buffer, input_chan_bindings, + src_name, mech_type, output_token, ret_flags, + time_rec, delegated_cred_handle); +} diff --git a/source4/heimdal/lib/gssapi/spnego/compat.c b/source4/heimdal/lib/gssapi/spnego/compat.c index aeae088258..786eac1340 100644 --- a/source4/heimdal/lib/gssapi/spnego/compat.c +++ b/source4/heimdal/lib/gssapi/spnego/compat.c @@ -32,7 +32,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: compat.c,v 1.6 2006/10/07 22:26:59 lha Exp $"); +RCSID("$Id: compat.c,v 1.9 2006/12/18 17:52:26 lha Exp $"); /* * Apparently Microsoft got the OID wrong, and used @@ -42,10 +42,10 @@ RCSID("$Id: compat.c,v 1.6 2006/10/07 22:26:59 lha Exp $"); * prefer to deal with this here rather than inside the * Kerberos mechanism. */ -static gss_OID_desc gss_mskrb_mechanism_oid_desc = +gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc = {9, (void *)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"}; -static gss_OID_desc gss_krb5_mechanism_oid_desc = +gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc = {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; /* @@ -191,8 +191,8 @@ _gss_spnego_require_mechlist_mic(OM_uint32 *minor_status, if (*require_mic) { if (gss_oid_equal(ctx->negotiated_mech_type, ctx->preferred_mech_type)) { *require_mic = 0; - } else if (gss_oid_equal(ctx->negotiated_mech_type, &gss_krb5_mechanism_oid_desc) && - gss_oid_equal(ctx->preferred_mech_type, &gss_mskrb_mechanism_oid_desc)) { + } else if (gss_oid_equal(ctx->negotiated_mech_type, &_gss_spnego_krb5_mechanism_oid_desc) && + gss_oid_equal(ctx->preferred_mech_type, &_gss_spnego_mskrb_mechanism_oid_desc)) { *require_mic = 0; } } @@ -200,86 +200,122 @@ _gss_spnego_require_mechlist_mic(OM_uint32 *minor_status, return GSS_S_COMPLETE; } -int _gss_spnego_add_mech_type(gss_OID mech_type, - int includeMSCompatOID, - MechTypeList *mechtypelist) +static int +add_mech_type(gss_OID mech_type, + int includeMSCompatOID, + MechTypeList *mechtypelist) { + MechType mech; int ret; if (gss_oid_equal(mech_type, GSS_SPNEGO_MECHANISM)) return 0; if (includeMSCompatOID && - gss_oid_equal(mech_type, &gss_krb5_mechanism_oid_desc)) { - ret = der_get_oid(gss_mskrb_mechanism_oid_desc.elements, - gss_mskrb_mechanism_oid_desc.length, - &mechtypelist->val[mechtypelist->len], + gss_oid_equal(mech_type, &_gss_spnego_krb5_mechanism_oid_desc)) { + ret = der_get_oid(_gss_spnego_mskrb_mechanism_oid_desc.elements, + _gss_spnego_mskrb_mechanism_oid_desc.length, + &mech, NULL); if (ret) return ret; - mechtypelist->len++; + ret = add_MechTypeList(mechtypelist, &mech); + free_MechType(&mech); + if (ret) + return ret; } - ret = der_get_oid(mech_type->elements, - mech_type->length, - &mechtypelist->val[mechtypelist->len], - NULL); + ret = der_get_oid(mech_type->elements, mech_type->length, &mech, NULL); if (ret) return ret; - mechtypelist->len++; - - return 0; + ret = add_MechTypeList(mechtypelist, &mech); + free_MechType(&mech); + return ret; } + OM_uint32 -_gss_spnego_select_mech(OM_uint32 *minor_status, - MechType *mechType, - gss_OID *mech_p) +_gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status, + gss_name_t target_name, + OM_uint32 (*func)(gss_name_t, gss_OID), + int includeMSCompatOID, + const gssspnego_cred cred_handle, + MechTypeList *mechtypelist, + gss_OID *preferred_mech) { - char mechbuf[64]; - size_t mech_len; - gss_OID_desc oid; + gss_OID_set supported_mechs = GSS_C_NO_OID_SET; + gss_OID first_mech = GSS_C_NO_OID; OM_uint32 ret; - - ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1, - sizeof(mechbuf), - mechType, - &mech_len); - if (ret) { - return GSS_S_DEFECTIVE_TOKEN; + int i; + + mechtypelist->len = 0; + mechtypelist->val = NULL; + + if (cred_handle != NULL) { + ret = gss_inquire_cred(minor_status, + cred_handle->negotiated_cred_id, + NULL, + NULL, + NULL, + &supported_mechs); + } else { + ret = gss_indicate_mechs(minor_status, &supported_mechs); } - oid.length = mech_len; - oid.elements = mechbuf + sizeof(mechbuf) - mech_len; - - if (gss_oid_equal(&oid, GSS_SPNEGO_MECHANISM)) { - return GSS_S_BAD_MECH; + if (ret != GSS_S_COMPLETE) { + return ret; } - *minor_status = 0; - - /* Translate broken MS Kebreros OID */ - if (gss_oid_equal(&oid, &gss_mskrb_mechanism_oid_desc)) { - gssapi_mech_interface mech; - - mech = __gss_get_mechanism(&gss_krb5_mechanism_oid_desc); - if (mech == NULL) - return GSS_S_BAD_MECH; + if (supported_mechs->count == 0) { + *minor_status = ENOENT; + gss_release_oid_set(minor_status, &supported_mechs); + return GSS_S_FAILURE; + } - ret = gss_duplicate_oid(minor_status, - &gss_mskrb_mechanism_oid_desc, - mech_p); - } else { - gssapi_mech_interface mech; + ret = (*func)(target_name, GSS_KRB5_MECHANISM); + if (ret == GSS_S_COMPLETE) { + ret = add_mech_type(GSS_KRB5_MECHANISM, + includeMSCompatOID, + mechtypelist); + if (!GSS_ERROR(ret)) + first_mech = GSS_KRB5_MECHANISM; + } + ret = GSS_S_COMPLETE; + + for (i = 0; i < supported_mechs->count; i++) { + OM_uint32 subret; + if (gss_oid_equal(&supported_mechs->elements[i], GSS_SPNEGO_MECHANISM)) + continue; + if (gss_oid_equal(&supported_mechs->elements[i], GSS_KRB5_MECHANISM)) + continue; + + subret = (*func)(target_name, &supported_mechs->elements[i]); + if (subret != GSS_S_COMPLETE) + continue; + + ret = add_mech_type(&supported_mechs->elements[i], + includeMSCompatOID, + mechtypelist); + if (ret != 0) { + *minor_status = ret; + ret = GSS_S_FAILURE; + break; + } + if (first_mech == GSS_C_NO_OID) + first_mech = &supported_mechs->elements[i]; + } - mech = __gss_get_mechanism(&oid); - if (mech == NULL) - return GSS_S_BAD_MECH; + if (mechtypelist->len == 0) { + gss_release_oid_set(minor_status, &supported_mechs); + *minor_status = 0; + return GSS_S_BAD_MECH; + } - ret = gss_duplicate_oid(minor_status, - &mech->gm_mech_oid, - mech_p); + if (preferred_mech != NULL) { + ret = gss_duplicate_oid(minor_status, first_mech, preferred_mech); + if (ret != GSS_S_COMPLETE) + free_MechTypeList(mechtypelist); } + gss_release_oid_set(minor_status, &supported_mechs); return ret; } - diff --git a/source4/heimdal/lib/gssapi/spnego/context_stubs.c b/source4/heimdal/lib/gssapi/spnego/context_stubs.c index 902ddbbdf9..57bc45a492 100644 --- a/source4/heimdal/lib/gssapi/spnego/context_stubs.c +++ b/source4/heimdal/lib/gssapi/spnego/context_stubs.c @@ -32,7 +32,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: context_stubs.c,v 1.8 2006/10/07 22:27:01 lha Exp $"); +RCSID("$Id: context_stubs.c,v 1.9 2006/12/18 12:59:44 lha Exp $"); static OM_uint32 spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs) @@ -282,7 +282,21 @@ OM_uint32 _gss_spnego_compare_name int * name_equal ) { - return gss_compare_name(minor_status, name1, name2, name_equal); + spnego_name n1 = (spnego_name)name1; + spnego_name n2 = (spnego_name)name2; + + *name_equal = 0; + + if (!gss_oid_equal(&n1->type, &n2->type)) + return GSS_S_COMPLETE; + if (n1->value.length != n2->value.length) + return GSS_S_COMPLETE; + if (memcmp(n1->value.value, n2->value.value, n2->value.length) != 0) + return GSS_S_COMPLETE; + + *name_equal = 1; + + return GSS_S_COMPLETE; } OM_uint32 _gss_spnego_display_name @@ -292,19 +306,51 @@ OM_uint32 _gss_spnego_display_name gss_OID * output_name_type ) { - return gss_display_name(minor_status, input_name, + spnego_name name = (spnego_name)input_name; + + *minor_status = 0; + + if (name->mech == GSS_C_NO_NAME) + return GSS_S_FAILURE; + + return gss_display_name(minor_status, name->mech, output_name_buffer, output_name_type); } OM_uint32 _gss_spnego_import_name (OM_uint32 * minor_status, - const gss_buffer_t input_name_buffer, - const gss_OID input_name_type, + const gss_buffer_t name_buffer, + const gss_OID name_type, gss_name_t * output_name ) { - return gss_import_name(minor_status, input_name_buffer, - input_name_type, output_name); + spnego_name name; + OM_uint32 maj_stat; + + *minor_status = 0; + + name = calloc(1, sizeof(*name)); + if (name == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + maj_stat = _gss_copy_oid(minor_status, name_type, &name->type); + if (maj_stat) { + free(name); + return GSS_S_FAILURE; + } + + maj_stat = _gss_copy_buffer(minor_status, name_buffer, &name->value); + if (maj_stat) { + gss_name_t rname = (gss_name_t)name; + _gss_spnego_release_name(minor_status, &rname); + return GSS_S_FAILURE; + } + name->mech = GSS_C_NO_NAME; + *output_name = (gss_name_t)name; + + return GSS_S_COMPLETE; } OM_uint32 _gss_spnego_export_name @@ -313,8 +359,17 @@ OM_uint32 _gss_spnego_export_name gss_buffer_t exported_name ) { - return gss_export_name(minor_status, input_name, - exported_name); + spnego_name name; + *minor_status = 0; + + if (input_name == GSS_C_NO_NAME) + return GSS_S_BAD_NAME; + + name = (spnego_name)input_name; + if (name->mech == GSS_C_NO_NAME) + return GSS_S_BAD_NAME; + + return gss_export_name(minor_status, name->mech, exported_name); } OM_uint32 _gss_spnego_release_name @@ -322,7 +377,20 @@ OM_uint32 _gss_spnego_release_name gss_name_t * input_name ) { - return gss_release_name(minor_status, input_name); + *minor_status = 0; + + if (*input_name != GSS_C_NO_NAME) { + OM_uint32 junk; + spnego_name name = (spnego_name)*input_name; + _gss_free_oid(&junk, &name->type); + gss_release_buffer(&junk, &name->value); + if (name->mech != GSS_C_NO_NAME) + gss_release_name(&junk, &name->mech); + free(name); + + *input_name = GSS_C_NO_NAME; + } + return GSS_S_COMPLETE; } OM_uint32 _gss_spnego_inquire_context ( diff --git a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c index 5a652fdb2e..a221281a70 100644 --- a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c @@ -33,7 +33,39 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: init_sec_context.c,v 1.6 2006/10/14 10:09:15 lha Exp $"); +RCSID("$Id: init_sec_context.c,v 1.11 2006/12/18 15:42:03 lha Exp $"); + +/* + * Is target_name an sane target for `mech´. + */ + +static OM_uint32 +initiator_approved(gss_name_t target_name, gss_OID mech) +{ + OM_uint32 min_stat, maj_stat; + gss_ctx_id_t ctx = GSS_C_NO_CONTEXT; + gss_buffer_desc out; + + maj_stat = gss_init_sec_context(&min_stat, + GSS_C_NO_CREDENTIAL, + &ctx, + target_name, + mech, + 0, + GSS_C_INDEFINITE, + GSS_C_NO_CHANNEL_BINDINGS, + GSS_C_NO_BUFFER, + NULL, + &out, + NULL, + NULL); + if (GSS_ERROR(maj_stat)) + return GSS_S_BAD_MECH; + gss_release_buffer(&min_stat, &out); + gss_delete_sec_context(&min_stat, &ctx, NULL); + + return GSS_S_COMPLETE; +} /* * Send a reply. Note that we only need to send a reply if we @@ -50,11 +82,10 @@ spnego_reply_internal(OM_uint32 *minor_status, gss_buffer_t mech_token, gss_buffer_t output_token) { - NegTokenResp resp; + NegotiationToken nt; gss_buffer_desc mic_buf; OM_uint32 ret; - gss_buffer_desc data; - u_char *buf; + size_t size; if (mech_buf == GSS_C_NO_BUFFER && mech_token->length == 0) { output_token->length = 0; @@ -63,85 +94,83 @@ spnego_reply_internal(OM_uint32 *minor_status, return context_handle->open ? GSS_S_COMPLETE : GSS_S_FAILURE; } - memset(&resp, 0, sizeof(resp)); + memset(&nt, 0, sizeof(nt)); - ALLOC(resp.negResult, 1); - if (resp.negResult == NULL) { + nt.element = choice_NegotiationToken_negTokenResp; + + ALLOC(nt.u.negTokenResp.negResult, 1); + if (nt.u.negTokenResp.negResult == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } - resp.supportedMech = NULL; + nt.u.negTokenResp.supportedMech = NULL; output_token->length = 0; output_token->value = NULL; if (mech_token->length == 0) { - resp.responseToken = NULL; - *(resp.negResult) = accept_completed; + nt.u.negTokenResp.responseToken = NULL; + *(nt.u.negTokenResp.negResult) = accept_completed; } else { - ALLOC(resp.responseToken, 1); - if (resp.responseToken == NULL) { - free_NegTokenResp(&resp); + ALLOC(nt.u.negTokenResp.responseToken, 1); + if (nt.u.negTokenResp.responseToken == NULL) { + free_NegotiationToken(&nt); *minor_status = ENOMEM; return GSS_S_FAILURE; } - resp.responseToken->length = mech_token->length; - resp.responseToken->data = mech_token->value; + nt.u.negTokenResp.responseToken->length = mech_token->length; + nt.u.negTokenResp.responseToken->data = mech_token->value; mech_token->length = 0; mech_token->value = NULL; - *(resp.negResult) = accept_incomplete; + *(nt.u.negTokenResp.negResult) = accept_incomplete; } if (mech_buf != GSS_C_NO_BUFFER) { - ALLOC(resp.mechListMIC, 1); - if (resp.mechListMIC == NULL) { - free_NegTokenResp(&resp); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } ret = gss_get_mic(minor_status, context_handle->negotiated_ctx_id, 0, mech_buf, &mic_buf); - if (ret) { - free_NegTokenResp(&resp); + if (ret == GSS_S_COMPLETE) { + ALLOC(nt.u.negTokenResp.mechListMIC, 1); + if (nt.u.negTokenResp.mechListMIC == NULL) { + gss_release_buffer(minor_status, &mic_buf); + free_NegotiationToken(&nt); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + nt.u.negTokenResp.mechListMIC->length = mic_buf.length; + nt.u.negTokenResp.mechListMIC->data = mic_buf.value; + } else if (ret == GSS_S_UNAVAILABLE) { + nt.u.negTokenResp.mechListMIC = NULL; + } if (ret) { + free_NegotiationToken(&nt); *minor_status = ENOMEM; return GSS_S_FAILURE; } - - resp.mechListMIC->length = mic_buf.length; - resp.mechListMIC->data = mic_buf.value; } else { - resp.mechListMIC = NULL; + nt.u.negTokenResp.mechListMIC = NULL; } - ret = _gss_spnego_encode_response (minor_status, &resp, - &data, &buf); + ASN1_MALLOC_ENCODE(NegotiationToken, + output_token->value, output_token->length, + &nt, &size, ret); if (ret) { - free_NegTokenResp(&resp); - return ret; - } - - output_token->value = malloc(data.length); - if (output_token->value == NULL) { - *minor_status = ENOMEM; - ret = GSS_S_FAILURE; - } else { - output_token->length = data.length; - memcpy(output_token->value, data.value, output_token->length); + free_NegotiationToken(&nt); + *minor_status = ret; + return GSS_S_FAILURE; } - free(buf); - if (*(resp.negResult) == accept_completed) + if (*(nt.u.negTokenResp.negResult) == accept_completed) ret = GSS_S_COMPLETE; else ret = GSS_S_CONTINUE_NEEDED; - free_NegTokenResp(&resp); + free_NegotiationToken(&nt); return ret; } @@ -172,12 +201,16 @@ spnego_initial size_t ni_len; gss_ctx_id_t context; gssspnego_ctx ctx; + spnego_name name = (spnego_name)target_name; + + *minor_status = 0; memset (&ni, 0, sizeof(ni)); *context_handle = GSS_C_NO_CONTEXT; - *minor_status = 0; + if (target_name == GSS_C_NO_NAME) + return GSS_S_BAD_NAME; sub = _gss_spnego_alloc_sec_context(&minor, &context); if (GSS_ERROR(sub)) { @@ -190,7 +223,17 @@ spnego_initial ctx->local = 1; - sub = _gss_spnego_indicate_mechtypelist(&minor, 0, + sub = gss_import_name(&minor, &name->value, &name->type, &ctx->target_name); + if (GSS_ERROR(sub)) { + *minor_status = minor; + _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); + return sub; + } + + sub = _gss_spnego_indicate_mechtypelist(&minor, + ctx->target_name, + initiator_approved, + 0, cred, &ni.mechTypes, &ctx->preferred_mech_type); @@ -212,8 +255,8 @@ spnego_initial (cred != NULL) ? cred->negotiated_cred_id : GSS_C_NO_CREDENTIAL, &ctx->negotiated_ctx_id, - target_name, - GSS_C_NO_OID, + ctx->target_name, + ctx->preferred_mech_type, req_flags, time_req, input_chan_bindings, @@ -228,6 +271,8 @@ spnego_initial _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); return sub; } + if (sub == GSS_S_COMPLETE) + ctx->maybe_open = 1; if (mech_token.length != 0) { ALLOC(ni.mechToken, 1); @@ -345,8 +390,6 @@ spnego_reply { OM_uint32 ret, minor; NegTokenResp resp; - u_char oidbuf[17]; - size_t oidlen; size_t len, taglen; gss_OID_desc mech; int require_mic; @@ -385,34 +428,73 @@ spnego_reply if (resp.negResult == NULL || *(resp.negResult) == reject - || resp.supportedMech == NULL) { + /* || resp.supportedMech == NULL */ + ) + { free_NegTokenResp(&resp); return GSS_S_BAD_MECH; } - ret = der_put_oid(oidbuf + sizeof(oidbuf) - 1, - sizeof(oidbuf), - resp.supportedMech, - &oidlen); - if (ret || (oidlen == GSS_SPNEGO_MECHANISM->length && - memcmp(oidbuf + sizeof(oidbuf) - oidlen, - GSS_SPNEGO_MECHANISM->elements, - oidlen) == 0)) { + /* + * Pick up the mechanism that the acceptor selected, only allow it + * to be sent in packet. + */ + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + + if (resp.supportedMech) { + + if (ctx->oidlen) { + free_NegTokenResp(&resp); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return GSS_S_BAD_MECH; + } + ret = der_put_oid(ctx->oidbuf + sizeof(ctx->oidbuf) - 1, + sizeof(ctx->oidbuf), + resp.supportedMech, + &ctx->oidlen); /* Avoid recursively embedded SPNEGO */ + if (ret || (ctx->oidlen == GSS_SPNEGO_MECHANISM->length && + memcmp(ctx->oidbuf + sizeof(ctx->oidbuf) - ctx->oidlen, + GSS_SPNEGO_MECHANISM->elements, + ctx->oidlen) == 0)) + { + free_NegTokenResp(&resp); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return GSS_S_BAD_MECH; + } + + /* check if the acceptor took our optimistic token */ + if (ctx->oidlen != ctx->preferred_mech_type->length || + memcmp(ctx->oidbuf + sizeof(ctx->oidbuf) - ctx->oidlen, + ctx->preferred_mech_type->elements, + ctx->oidlen) != 0) + { + gss_delete_sec_context(&minor, &ctx->negotiated_ctx_id, + GSS_C_NO_BUFFER); + ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT; + } + } else if (ctx->oidlen == 0) { free_NegTokenResp(&resp); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); return GSS_S_BAD_MECH; } - HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); - - if (resp.responseToken != NULL) { + if (resp.responseToken != NULL || + ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { gss_buffer_desc mech_input_token; - mech_input_token.length = resp.responseToken->length; - mech_input_token.value = resp.responseToken->data; + if (resp.responseToken) { + mech_input_token.length = resp.responseToken->length; + mech_input_token.value = resp.responseToken->data; + } else { + mech_input_token.length = 0; + mech_input_token.value = NULL; + } - mech.length = oidlen; - mech.elements = oidbuf + sizeof(oidbuf) - oidlen; + + mech.length = ctx->oidlen; + mech.elements = ctx->oidbuf + sizeof(ctx->oidbuf) - ctx->oidlen; /* Fall through as if the negotiated mechanism was requested explicitly */ @@ -420,7 +502,7 @@ spnego_reply (cred != NULL) ? cred->negotiated_cred_id : GSS_C_NO_CREDENTIAL, &ctx->negotiated_ctx_id, - target_name, + ctx->target_name, &mech, req_flags, time_req, @@ -439,6 +521,9 @@ spnego_reply if (ret == GSS_S_COMPLETE) { ctx->open = 1; } + } else if (*(resp.negResult) == accept_completed) { + if (ctx->maybe_open) + ctx->open = 1; } if (*(resp.negResult) == request_mic) { diff --git a/source4/heimdal/lib/gssapi/spnego/spnego-private.h b/source4/heimdal/lib/gssapi/spnego/spnego-private.h index df50f65580..d80db0018a 100644 --- a/source4/heimdal/lib/gssapi/spnego/spnego-private.h +++ b/source4/heimdal/lib/gssapi/spnego/spnego-private.h @@ -46,12 +46,6 @@ _gss_spnego_add_cred ( OM_uint32 * /*initiator_time_rec*/, OM_uint32 * acceptor_time_rec ); -int -_gss_spnego_add_mech_type ( - gss_OID /*mech_type*/, - int /*includeMSCompatOID*/, - MechTypeList */*mechtypelist*/); - OM_uint32 _gss_spnego_alloc_cred ( OM_uint32 */*minor_status*/, @@ -111,13 +105,6 @@ _gss_spnego_duplicate_name ( const gss_name_t /*src_name*/, gss_name_t * dest_name ); -OM_uint32 -_gss_spnego_encode_response ( - OM_uint32 */*minor_status*/, - const NegTokenResp */*resp*/, - gss_buffer_t /*data*/, - u_char **/*ret_buf*/); - OM_uint32 _gss_spnego_export_name ( OM_uint32 * /*minor_status*/, @@ -141,8 +128,8 @@ _gss_spnego_get_mic ( OM_uint32 _gss_spnego_import_name ( OM_uint32 * /*minor_status*/, - const gss_buffer_t /*input_name_buffer*/, - const gss_OID /*input_name_type*/, + const gss_buffer_t /*name_buffer*/, + const gss_OID /*name_type*/, gss_name_t * output_name ); OM_uint32 @@ -154,6 +141,8 @@ _gss_spnego_import_sec_context ( OM_uint32 _gss_spnego_indicate_mechtypelist ( OM_uint32 */*minor_status*/, + gss_name_t /*target_name*/, + OM_uint32 (*/*func*/)(gss_name_t, gss_OID), int /*includeMSCompatOID*/, const gssspnego_cred /*cred_handle*/, MechTypeList */*mechtypelist*/, @@ -270,12 +259,6 @@ _gss_spnego_seal ( int * /*conf_state*/, gss_buffer_t output_message_buffer ); -OM_uint32 -_gss_spnego_select_mech ( - OM_uint32 */*minor_status*/, - MechType */*mechType*/, - gss_OID */*mech_p*/); - OM_uint32 _gss_spnego_set_sec_context_option ( OM_uint32 * /*minor_status*/, diff --git a/source4/heimdal/lib/gssapi/spnego/spnego.asn1 b/source4/heimdal/lib/gssapi/spnego/spnego.asn1 index 187ce0a0a6..76fafa356c 100644 --- a/source4/heimdal/lib/gssapi/spnego/spnego.asn1 +++ b/source4/heimdal/lib/gssapi/spnego/spnego.asn1 @@ -1,4 +1,4 @@ --- $Id: spnego.asn1,v 1.1.1.1 2006/06/28 08:34:45 lha Exp $ +-- $Id: spnego.asn1,v 1.3 2006/12/18 18:28:49 lha Exp $ SPNEGO DEFINITIONS ::= BEGIN @@ -22,14 +22,21 @@ NegHints ::= SEQUENCE { hintAddress [1] OCTET STRING OPTIONAL } +NegTokenInitWin ::= SEQUENCE { + mechTypes [0] MechTypeList, + reqFlags [1] ContextFlags OPTIONAL, + mechToken [2] OCTET STRING OPTIONAL, + negHints [3] NegHints OPTIONAL + } + NegTokenInit ::= SEQUENCE { mechTypes [0] MechTypeList, reqFlags [1] ContextFlags OPTIONAL, mechToken [2] OCTET STRING OPTIONAL, - negHints [3] NegHints OPTIONAL, - mechListMIC [4] OCTET STRING OPTIONAL + mechListMIC [3] OCTET STRING OPTIONAL } + -- NB: negResult is not OPTIONAL in the new SPNEGO spec but -- Windows clients do not always send it NegTokenResp ::= SEQUENCE { @@ -48,4 +55,8 @@ NegotiationToken ::= CHOICE { negTokenResp[1] NegTokenResp } +NegotiationTokenWin ::= CHOICE { + negTokenInit[0] NegTokenInitWin +} + END diff --git a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h index 255e07d056..45dff04313 100644 --- a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h +++ b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h @@ -30,7 +30,7 @@ * SUCH DAMAGE. */ -/* $Id: spnego_locl.h,v 1.12 2006/11/07 19:53:40 lha Exp $ */ +/* $Id: spnego_locl.h,v 1.15 2006/12/18 15:42:03 lha Exp $ */ #ifndef SPNEGO_LOCL_H #define SPNEGO_LOCL_H @@ -67,6 +67,7 @@ #include #include "spnego_asn1.h" +#include "mech/utils.h" #include #include @@ -86,13 +87,29 @@ typedef struct { OM_uint32 mech_time_rec; gss_name_t mech_src_name; gss_cred_id_t delegated_cred_id; - int open : 1; - int local : 1; - int require_mic : 1; - int verified_mic : 1; + unsigned int open : 1; + unsigned int local : 1; + unsigned int require_mic : 1; + unsigned int verified_mic : 1; + unsigned int maybe_open : 1; HEIMDAL_MUTEX ctx_id_mutex; + + gss_name_t target_name; + + u_char oidbuf[17]; + size_t oidlen; + } *gssspnego_ctx; +typedef struct { + gss_OID_desc type; + gss_buffer_desc value; + gss_name_t mech; +} *spnego_name; + +extern gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc; +extern gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc; + #include #endif /* SPNEGO_LOCL_H */ diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index d1fa4ffd6a..cd4f24a732 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: hdb.c,v 1.62 2006/10/06 16:47:22 lha Exp $"); +RCSID("$Id: hdb.c,v 1.64 2006/11/28 14:24:27 lha Exp $"); #ifdef HAVE_DLFCN_H #include diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index 69c91d12ad..dcfceb58f0 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -60,24 +60,6 @@ typedef struct hdb_entry_ex { void *ctx; hdb_entry entry; void (*free_entry)(krb5_context, struct hdb_entry_ex *); - krb5_error_code (*check_client_access)(krb5_context, struct hdb_entry_ex *, - HostAddresses *); - krb5_error_code (*authz_data_as_req)(krb5_context, - struct hdb_entry_ex *, - METHOD_DATA* pa_data_seq, - time_t authtime, - const EncryptionKey *tgtkey, - const EncryptionKey *sessionkey, - AuthorizationData **out); - krb5_error_code (*authz_data_tgs_req)(krb5_context, - struct hdb_entry_ex *, - krb5_principal client, - AuthorizationData *in, - time_t authtime, - const EncryptionKey *tgtkey, - const EncryptionKey *servicekey, - const EncryptionKey *sessionkey, - AuthorizationData **out); } hdb_entry_ex; diff --git a/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp.x b/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp.x new file mode 100644 index 0000000000..e17bad6ed8 --- /dev/null +++ b/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp.x @@ -0,0 +1,22 @@ +/* Generated from /home/data/samba/samba4/svn/source/heimdal/lib/hx509/ocsp.asn1 */ +/* Do not edit */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static unsigned oid_id_pkix_ocsp_variable_num[9] = {1, 3, 6, 1, 5, 5, 7, 48, 1 }; +static const heim_oid oid_id_pkix_ocsp_variable = { 9, oid_id_pkix_ocsp_variable_num }; + +const heim_oid *oid_id_pkix_ocsp(void) +{ +return &oid_id_pkix_ocsp_variable; +} + diff --git a/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp_basic.x b/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp_basic.x new file mode 100644 index 0000000000..6f030f1713 --- /dev/null +++ b/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp_basic.x @@ -0,0 +1,22 @@ +/* Generated from /home/data/samba/samba4/svn/source/heimdal/lib/hx509/ocsp.asn1 */ +/* Do not edit */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static unsigned oid_id_pkix_ocsp_basic_variable_num[10] = {1, 3, 6, 1, 5, 5, 7, 48, 1, 1 }; +static const heim_oid oid_id_pkix_ocsp_basic_variable = { 10, oid_id_pkix_ocsp_basic_variable_num }; + +const heim_oid *oid_id_pkix_ocsp_basic(void) +{ +return &oid_id_pkix_ocsp_basic_variable; +} + diff --git a/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp_nonce.x b/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp_nonce.x new file mode 100644 index 0000000000..36d7422a0d --- /dev/null +++ b/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp_nonce.x @@ -0,0 +1,22 @@ +/* Generated from /home/data/samba/samba4/svn/source/heimdal/lib/hx509/ocsp.asn1 */ +/* Do not edit */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static unsigned oid_id_pkix_ocsp_nonce_variable_num[10] = {1, 3, 6, 1, 5, 5, 7, 48, 1, 2 }; +static const heim_oid oid_id_pkix_ocsp_nonce_variable = { 10, oid_id_pkix_ocsp_nonce_variable_num }; + +const heim_oid *oid_id_pkix_ocsp_nonce(void) +{ +return &oid_id_pkix_ocsp_nonce_variable; +} + diff --git a/source4/heimdal/lib/hx509/ca.c b/source4/heimdal/lib/hx509/ca.c new file mode 100644 index 0000000000..1a5b4947be --- /dev/null +++ b/source4/heimdal/lib/hx509/ca.c @@ -0,0 +1,893 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +#include +RCSID("$Id: ca.c,v 1.12 2007/01/05 18:40:46 lha Exp $"); + +struct hx509_ca_tbs { + hx509_name subject; + SubjectPublicKeyInfo spki; + ExtKeyUsage eku; + GeneralNames san; + unsigned key_usage; + heim_integer serial; + struct { + unsigned int proxy:1; + unsigned int ca:1; + unsigned int key:1; + unsigned int serial:1; + } flags; + time_t notBefore; + time_t notAfter; + int pathLenConstraint; /* both for CA and Proxy */ +}; + +int +hx509_ca_tbs_init(hx509_context context, hx509_ca_tbs *tbs) +{ + *tbs = calloc(1, sizeof(**tbs)); + if (*tbs == NULL) + return ENOMEM; + + (*tbs)->subject = NULL; + (*tbs)->san.len = 0; + (*tbs)->san.val = NULL; + (*tbs)->eku.len = 0; + (*tbs)->eku.val = NULL; + (*tbs)->pathLenConstraint = 0; + + return 0; +} + +void +hx509_ca_tbs_free(hx509_ca_tbs *tbs) +{ + if (tbs == NULL || *tbs == NULL) + return; + + free_SubjectPublicKeyInfo(&(*tbs)->spki); + free_GeneralNames(&(*tbs)->san); + free_ExtKeyUsage(&(*tbs)->eku); + der_free_heim_integer(&(*tbs)->serial); + + hx509_name_free(&(*tbs)->subject); + + memset(*tbs, 0, sizeof(**tbs)); + free(*tbs); + *tbs = NULL; +} + +int +hx509_ca_tbs_set_notBefore(hx509_context context, + hx509_ca_tbs tbs, + time_t t) +{ + tbs->notBefore = t; + return 0; +} + +int +hx509_ca_tbs_set_notAfter(hx509_context context, + hx509_ca_tbs tbs, + time_t t) +{ + tbs->notAfter = t; + return 0; +} + +int +hx509_ca_tbs_set_notAfter_lifetime(hx509_context context, + hx509_ca_tbs tbs, + time_t delta) +{ + return hx509_ca_tbs_set_notAfter(context, tbs, time(NULL) + delta); +} + +int +hx509_ca_tbs_set_ca(hx509_context context, + hx509_ca_tbs tbs, + int pathLenConstraint) +{ + tbs->flags.ca = 1; + tbs->pathLenConstraint = pathLenConstraint; + return 0; +} + +int +hx509_ca_tbs_set_proxy(hx509_context context, + hx509_ca_tbs tbs, + int pathLenConstraint) +{ + tbs->flags.proxy = 1; + tbs->pathLenConstraint = pathLenConstraint; + return 0; +} + + +int +hx509_ca_tbs_set_spki(hx509_context context, + hx509_ca_tbs tbs, + const SubjectPublicKeyInfo *spki) +{ + int ret; + free_SubjectPublicKeyInfo(&tbs->spki); + ret = copy_SubjectPublicKeyInfo(spki, &tbs->spki); + tbs->flags.key = !ret; + return ret; +} + +int +hx509_ca_tbs_set_serialnumber(hx509_context context, + hx509_ca_tbs tbs, + const heim_integer *serialNumber) +{ + int ret; + der_free_heim_integer(&tbs->serial); + ret = der_copy_heim_integer(serialNumber, &tbs->serial); + tbs->flags.serial = !ret; + return ret; +} + +int +hx509_ca_tbs_add_eku(hx509_context contex, + hx509_ca_tbs tbs, + const heim_oid *oid) +{ + void *ptr; + int ret; + + ptr = realloc(tbs->eku.val, sizeof(tbs->eku.val[0]) * (tbs->eku.len + 1)); + if (ptr == NULL) + return ENOMEM; + tbs->eku.val = ptr; + ret = der_copy_oid(oid, &tbs->eku.val[tbs->eku.len]); + if (ret) + return ret; + tbs->eku.len += 1; + return 0; +} + +int +hx509_ca_tbs_add_san_otherName(hx509_context context, + hx509_ca_tbs tbs, + const heim_oid *oid, + const heim_octet_string *os) +{ + GeneralName gn; + + memset(&gn, 0, sizeof(gn)); + gn.element = choice_GeneralName_otherName; + gn.u.otherName.type_id = *oid; + gn.u.otherName.value = *os; + + return add_GeneralNames(&tbs->san, &gn); +} + + +int +hx509_ca_tbs_add_san_pkinit(hx509_context context, + hx509_ca_tbs tbs, + const char *principal) +{ + heim_octet_string os; + KRB5PrincipalName p; + size_t size; + int ret; + char *s = NULL; + + memset(&p, 0, sizeof(p)); + + /* parse principal */ + { + const char *str; + char *q; + int n; + + /* count number of component */ + n = 1; + for(str = principal; *str != '\0' && *str != '@'; str++){ + if(*str=='\\'){ + if(str[1] == '\0' || str[1] == '@') { + ret = HX509_PARSING_NAME_FAILED; + hx509_set_error_string(context, 0, ret, + "trailing \\ in principal name"); + goto out; + } + str++; + } else if(*str == '/') + n++; + } + p.principalName.name_string.val = + calloc(n, sizeof(*p.principalName.name_string.val)); + if (p.principalName.name_string.val == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "malloc: out of memory"); + goto out; + } + p.principalName.name_string.len = n; + + p.principalName.name_type = KRB5_NT_PRINCIPAL; + q = s = strdup(principal); + if (q == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "malloc: out of memory"); + goto out; + } + p.realm = strrchr(q, '@'); + if (p.realm == NULL) { + ret = HX509_PARSING_NAME_FAILED; + hx509_set_error_string(context, 0, ret, "Missing @ in principal"); + goto out; + }; + *p.realm++ = '\0'; + + n = 0; + while (q) { + p.principalName.name_string.val[n++] = q; + q = strchr(q, '/'); + if (q) + *q++ = '\0'; + } + } + + ASN1_MALLOC_ENCODE(KRB5PrincipalName, os.data, os.length, &p, &size, ret); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + if (size != os.length) + _hx509_abort("internal ASN.1 encoder error"); + + ret = hx509_ca_tbs_add_san_otherName(context, + tbs, + oid_id_pkinit_san(), + &os); + free(os.data); +out: + if (p.principalName.name_string.val) + free (p.principalName.name_string.val); + if (s) + free(s); + return ret; +} + +int +hx509_ca_tbs_add_san_hostname(hx509_context context, + hx509_ca_tbs tbs, + const char *dnsname) +{ + GeneralName gn; + + memset(&gn, 0, sizeof(gn)); + gn.element = choice_GeneralName_dNSName; + gn.u.dNSName = rk_UNCONST(dnsname); + + return add_GeneralNames(&tbs->san, &gn); +} + +int +hx509_ca_tbs_add_san_rfc822name(hx509_context context, + hx509_ca_tbs tbs, + const char *rfc822Name) +{ + GeneralName gn; + + memset(&gn, 0, sizeof(gn)); + gn.element = choice_GeneralName_rfc822Name; + gn.u.rfc822Name = rk_UNCONST(rfc822Name); + + return add_GeneralNames(&tbs->san, &gn); +} + + +int +hx509_ca_tbs_set_subject(hx509_context context, + hx509_ca_tbs tbs, + hx509_name subject) +{ + if (tbs->subject) + hx509_name_free(&tbs->subject); + return hx509_name_copy(context, subject, &tbs->subject); +} + +static int +add_extension(hx509_context context, + TBSCertificate *tbsc, + int critical_flag, + const heim_oid *oid, + const heim_octet_string *data) +{ + Extension ext; + int ret; + + memset(&ext, 0, sizeof(ext)); + + if (critical_flag) { + ext.critical = malloc(sizeof(*ext.critical)); + if (ext.critical == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + *ext.critical = TRUE; + } + + ret = der_copy_oid(oid, &ext.extnID); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + ret = der_copy_octet_string(data, &ext.extnValue); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + ret = add_Extensions(tbsc->extensions, &ext); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } +out: + free_Extension(&ext); + return ret; +} + +static int +build_proxy_prefix(hx509_context context, const Name *issuer, Name *subject) +{ + char *tstr; + time_t t; + int ret; + + ret = copy_Name(issuer, subject); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to copy subject name"); + return ret; + } + + t = time(NULL); + asprintf(&tstr, "ts-%lu", (unsigned long)t); + if (tstr == NULL) { + hx509_set_error_string(context, 0, ENOMEM, + "Failed to copy subject name"); + return ENOMEM; + } + /* prefix with CN=,...*/ + ret = _hx509_name_modify(context, subject, 1, oid_id_at_commonName(), tstr); + free(tstr); + if (ret) + free_Name(subject); + return ret; +} + +static int +ca_sign(hx509_context context, + hx509_ca_tbs tbs, + hx509_private_key signer, + const AuthorityKeyIdentifier *ai, + const Name *issuername, + hx509_cert *certificate) +{ + heim_octet_string data; + Certificate c; + TBSCertificate *tbsc; + size_t size; + int ret; + const AlgorithmIdentifier *sigalg; + time_t notBefore; + time_t notAfter; + unsigned key_usage; + + sigalg = hx509_signature_rsa_with_sha1(); + + memset(&c, 0, sizeof(c)); + + /* + * Default values are: Valid since 24h ago, valid one year into + * the future, KeyUsage digitalSignature and keyEncipherment set, + * and keyCertSign for CA certificates. + */ + notBefore = tbs->notBefore; + if (notBefore == 0) + notBefore = time(NULL) - 3600 * 24; + notAfter = tbs->notAfter; + if (notAfter == 0) + notAfter = time(NULL) + 3600 * 24 * 365; + + key_usage = tbs->key_usage; + if (key_usage == 0) { + KeyUsage ku; + memset(&ku, 0, sizeof(ku)); + ku.digitalSignature = 1; + ku.keyEncipherment = 1; + key_usage = KeyUsage2int(ku); + } + + if (tbs->flags.ca) { + KeyUsage ku; + memset(&ku, 0, sizeof(ku)); + ku.keyCertSign = 1; + key_usage |= KeyUsage2int(ku); + } + + /* + * + */ + + tbsc = &c.tbsCertificate; + + if (tbs->flags.key == 0) { + ret = EINVAL; + hx509_set_error_string(context, 0, ret, "No public key set"); + return ret; + } + if (tbs->subject == NULL && !tbs->flags.proxy) { + ret = EINVAL; + hx509_set_error_string(context, 0, ret, "No subject name set"); + return ret; + } + if (tbs->flags.ca && tbs->flags.proxy) { + ret = EINVAL; + hx509_set_error_string(context, 0, ret, "Can't be proxy and CA " + "at the same time"); + return ret; + } + if (tbs->flags.proxy) { + if (tbs->san.len > 0) { + hx509_set_error_string(context, 0, EINVAL, + "Proxy certificate is not allowed " + "to have SubjectAltNames"); + return EINVAL; + } + } + + /* version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1, */ + tbsc->version = calloc(1, sizeof(*tbsc->version)); + if (tbsc->version == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + *tbsc->version = rfc3280_version_3; + /* serialNumber CertificateSerialNumber, */ + if (tbs->flags.serial) { + ret = der_copy_heim_integer(&tbs->serial, &tbsc->serialNumber); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + } else { + tbsc->serialNumber.length = 20; + tbsc->serialNumber.data = malloc(tbsc->serialNumber.length); + if (tbsc->serialNumber.data == NULL){ + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + /* XXX diffrent */ + RAND_bytes(tbsc->serialNumber.data, tbsc->serialNumber.length); + ((unsigned char *)tbsc->serialNumber.data)[0] &= 0x7f; + } + /* signature AlgorithmIdentifier, */ + ret = copy_AlgorithmIdentifier(sigalg, &tbsc->signature); + if (ret) { + hx509_set_error_string(context, 0, ret, "Failed to copy sigature alg"); + goto out; + } + /* issuer Name, */ + if (issuername) + ret = copy_Name(issuername, &tbsc->issuer); + else + ret = hx509_name_to_Name(tbs->subject, &tbsc->issuer); + if (ret) { + hx509_set_error_string(context, 0, ret, "Failed to copy issuer name"); + goto out; + } + /* validity Validity, */ + tbsc->validity.notBefore.element = choice_Time_generalTime; + tbsc->validity.notBefore.u.generalTime = notBefore; + tbsc->validity.notAfter.element = choice_Time_generalTime; + tbsc->validity.notAfter.u.generalTime = notAfter; + /* subject Name, */ + if (tbs->flags.proxy) { + ret = build_proxy_prefix(context, &tbsc->issuer, &tbsc->subject); + if (ret) + goto out; + } else { + ret = hx509_name_to_Name(tbs->subject, &tbsc->subject); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to copy subject name"); + goto out; + } + } + /* subjectPublicKeyInfo SubjectPublicKeyInfo, */ + ret = copy_SubjectPublicKeyInfo(&tbs->spki, &tbsc->subjectPublicKeyInfo); + if (ret) { + hx509_set_error_string(context, 0, ret, "Failed to copy spki"); + goto out; + } + /* issuerUniqueID [1] IMPLICIT BIT STRING OPTIONAL */ + /* subjectUniqueID [2] IMPLICIT BIT STRING OPTIONAL */ + /* extensions [3] EXPLICIT Extensions OPTIONAL */ + tbsc->extensions = calloc(1, sizeof(*tbsc->extensions)); + if (tbsc->extensions == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + + /* add KeyUsage */ + { + KeyUsage ku; + + ku = int2KeyUsage(key_usage); + ASN1_MALLOC_ENCODE(KeyUsage, data.data, data.length, &ku, &size, ret); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + if (size != data.length) + _hx509_abort("internal ASN.1 encoder error"); + ret = add_extension(context, tbsc, 1, + oid_id_x509_ce_keyUsage(), &data); + free(data.data); + if (ret) + goto out; + } + + /* add ExtendedKeyUsage */ + if (tbs->eku.len > 0) { + ASN1_MALLOC_ENCODE(ExtKeyUsage, data.data, data.length, + &tbs->eku, &size, ret); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + if (size != data.length) + _hx509_abort("internal ASN.1 encoder error"); + ret = add_extension(context, tbsc, 0, + oid_id_x509_ce_extKeyUsage(), &data); + free(data.data); + if (ret) + goto out; + } + + /* add Subject Alternative Name */ + if (tbs->san.len > 0) { + ASN1_MALLOC_ENCODE(GeneralNames, data.data, data.length, + &tbs->san, &size, ret); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + if (size != data.length) + _hx509_abort("internal ASN.1 encoder error"); + ret = add_extension(context, tbsc, 0, + oid_id_x509_ce_subjectAltName(), + &data); + free(data.data); + if (ret) + goto out; + } + + /* Add Authority Key Identifier */ + if (ai) { + ASN1_MALLOC_ENCODE(AuthorityKeyIdentifier, data.data, data.length, + ai, &size, ret); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + if (size != data.length) + _hx509_abort("internal ASN.1 encoder error"); + ret = add_extension(context, tbsc, 0, + oid_id_x509_ce_authorityKeyIdentifier(), + &data); + free(data.data); + if (ret) + goto out; + } + + /* Add Subject Key Identifier */ + { + SubjectKeyIdentifier si; + unsigned char hash[SHA_DIGEST_LENGTH]; + + { + SHA_CTX m; + + SHA1_Init(&m); + SHA1_Update(&m, tbs->spki.subjectPublicKey.data, + tbs->spki.subjectPublicKey.length / 8); + SHA1_Final (hash, &m); + } + + si.data = hash; + si.length = sizeof(hash); + + ASN1_MALLOC_ENCODE(SubjectKeyIdentifier, data.data, data.length, + &si, &size, ret); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + if (size != data.length) + _hx509_abort("internal ASN.1 encoder error"); + ret = add_extension(context, tbsc, 0, + oid_id_x509_ce_subjectKeyIdentifier(), + &data); + free(data.data); + if (ret) + goto out; + } + + /* Add BasicConstraints */ + { + BasicConstraints bc; + int aCA = 1; + uint32_t path; + + memset(&bc, 0, sizeof(bc)); + + if (tbs->flags.ca) { + bc.cA = &aCA; + if (tbs->pathLenConstraint >= 0) { + path = tbs->pathLenConstraint; + bc.pathLenConstraint = &path; + } + } + + ASN1_MALLOC_ENCODE(BasicConstraints, data.data, data.length, + &bc, &size, ret); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + if (size != data.length) + _hx509_abort("internal ASN.1 encoder error"); + ret = add_extension(context, tbsc, 0, + oid_id_x509_ce_basicConstraints(), + &data); + free(data.data); + if (ret) + goto out; + } + + /* add Proxy */ + if (tbs->flags.proxy) { + ProxyCertInfo info; + + memset(&info, 0, sizeof(info)); + + if (tbs->pathLenConstraint >= 0) { + info.pCPathLenConstraint = + malloc(sizeof(*info.pCPathLenConstraint)); + if (info.pCPathLenConstraint == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + *info.pCPathLenConstraint = tbs->pathLenConstraint; + } + + ret = der_copy_oid(oid_id_pkix_ppl_inheritAll(), + &info.proxyPolicy.policyLanguage); + if (ret) { + free_ProxyCertInfo(&info); + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + + ASN1_MALLOC_ENCODE(ProxyCertInfo, data.data, data.length, + &info, &size, ret); + free_ProxyCertInfo(&info); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + if (size != data.length) + _hx509_abort("internal ASN.1 encoder error"); + ret = add_extension(context, tbsc, 0, + oid_id_pe_proxyCertInfo(), + &data); + free(data.data); + if (ret) + goto out; + } + + + ASN1_MALLOC_ENCODE(TBSCertificate, data.data, data.length,tbsc, &size, ret); + if (ret) { + hx509_set_error_string(context, 0, ret, "malloc out of memory"); + goto out; + } + if (data.length != size) + _hx509_abort("internal ASN.1 encoder error"); + + ret = _hx509_create_signature_bitstring(context, + signer, + sigalg, + &data, + &c.signatureAlgorithm, + &c.signatureValue); + free(data.data); + if (ret) + goto out; + + ret = hx509_cert_init(context, &c, certificate); + if (ret) + goto out; + + free_Certificate(&c); + + return 0; + +out: + free_Certificate(&c); + return ret; +} + +static int +get_AuthorityKeyIdentifier(hx509_context context, + const Certificate *certificate, + AuthorityKeyIdentifier *ai) +{ + SubjectKeyIdentifier si; + int ret; + + ret = _hx509_find_extension_subject_key_id(certificate, &si); + if (ret == 0) { + ai->keyIdentifier = calloc(1, sizeof(*ai->keyIdentifier)); + if (ai->keyIdentifier == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + ret = der_copy_octet_string(&si, ai->keyIdentifier); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + } else { + GeneralNames gns; + GeneralName gn; + Name name; + + memset(&gn, 0, sizeof(gn)); + memset(&gns, 0, sizeof(gns)); + memset(&name, 0, sizeof(name)); + + ai->authorityCertIssuer = + calloc(1, sizeof(*ai->authorityCertIssuer)); + if (ai->authorityCertIssuer == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + ai->authorityCertSerialNumber = + calloc(1, sizeof(*ai->authorityCertSerialNumber)); + if (ai->authorityCertSerialNumber == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + + /* + * XXX unbreak when asn1 compiler handle IMPLICIT + * + * This is so horrible. + */ + + ret = copy_Name(&certificate->tbsCertificate.subject, &name); + if (ai->authorityCertSerialNumber == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + + gn.element = choice_GeneralName_directoryName; + gn.u.directoryName.element = + choice_GeneralName_directoryName_rdnSequence; + gn.u.directoryName.u.rdnSequence = name.u.rdnSequence; + + ret = add_GeneralNames(&gns, &gn); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + + ai->authorityCertIssuer->val = gns.val; + ai->authorityCertIssuer->len = gns.len; + + ret = der_copy_heim_integer(&certificate->tbsCertificate.serialNumber, + ai->authorityCertSerialNumber); + if (ai->authorityCertSerialNumber == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + } +out: + if (ret) + free_AuthorityKeyIdentifier(ai); + return ret; +} + + +int +hx509_ca_sign(hx509_context context, + hx509_ca_tbs tbs, + hx509_cert signer, + hx509_cert *certificate) +{ + const Certificate *signer_cert; + AuthorityKeyIdentifier ai; + int ret; + + memset(&ai, 0, sizeof(ai)); + + signer_cert = _hx509_get_cert(signer); + + ret = get_AuthorityKeyIdentifier(context, signer_cert, &ai); + if (ret) + goto out; + + ret = ca_sign(context, + tbs, + _hx509_cert_private_key(signer), + &ai, + &signer_cert->tbsCertificate.subject, + certificate); + +out: + free_AuthorityKeyIdentifier(&ai); + + return ret; +} + +int +hx509_ca_sign_self(hx509_context context, + hx509_ca_tbs tbs, + hx509_private_key signer, + hx509_cert *certificate) +{ + return ca_sign(context, + tbs, + signer, + NULL, + NULL, + certificate); +} diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c new file mode 100644 index 0000000000..f84c61a798 --- /dev/null +++ b/source4/heimdal/lib/hx509/cert.c @@ -0,0 +1,2214 @@ +/* + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: cert.c,v 1.82 2007/01/09 10:52:03 lha Exp $"); +#include "crypto-headers.h" + +struct hx509_verify_ctx_data { + hx509_certs trust_anchors; + int flags; +#define HX509_VERIFY_CTX_F_TIME_SET 1 +#define HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE 2 +#define HX509_VERIFY_CTX_F_REQUIRE_RFC3280 4 +#define HX509_VERIFY_CTX_F_CHECK_TRUST_ANCHORS 8 + time_t time_now; + unsigned int max_depth; +#define HX509_VERIFY_MAX_DEPTH 30 + hx509_revoke_ctx revoke_ctx; +}; + +#define REQUIRE_RFC3280(ctx) ((ctx)->flags & HX509_VERIFY_CTX_F_REQUIRE_RFC3280) +#define CHECK_TA(ctx) ((ctx)->flags & HX509_VERIFY_CTX_F_CHECK_TRUST_ANCHORS) + +struct _hx509_cert_attrs { + size_t len; + hx509_cert_attribute *val; +}; + +struct hx509_cert_data { + unsigned int ref; + char *friendlyname; + Certificate *data; + hx509_private_key private_key; + struct _hx509_cert_attrs attrs; + hx509_name basename; + _hx509_cert_release_func release; + void *ctx; +}; + +typedef struct hx509_name_constraints { + NameConstraints *val; + size_t len; +} hx509_name_constraints; + +#define GeneralSubtrees_SET(g,var) \ + (g)->len = (var)->len, (g)->val = (var)->val; + +/* + * + */ + +void +_hx509_abort(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + vprintf(fmt, ap); + va_end(ap); + printf("\n"); + fflush(stdout); + abort(); +} + +/* + * + */ + +int +hx509_context_init(hx509_context *context) +{ + *context = calloc(1, sizeof(**context)); + if (*context == NULL) + return ENOMEM; + + _hx509_ks_mem_register(*context); + _hx509_ks_file_register(*context); + _hx509_ks_pkcs12_register(*context); + _hx509_ks_pkcs11_register(*context); + _hx509_ks_dir_register(*context); + + ENGINE_add_conf_module(); + OpenSSL_add_all_algorithms(); + + (*context)->ocsp_time_diff = HX509_DEFAULT_OCSP_TIME_DIFF; + + initialize_hx_error_table_r(&(*context)->et_list); + initialize_asn1_error_table_r(&(*context)->et_list); + + return 0; +} + +void +hx509_context_set_missing_revoke(hx509_context context, int flag) +{ + if (flag) + context->flags |= HX509_CTX_VERIFY_MISSING_OK; + else + context->flags &= ~HX509_CTX_VERIFY_MISSING_OK; +} + +void +hx509_context_free(hx509_context *context) +{ + hx509_clear_error_string(*context); + if ((*context)->ks_ops) { + free((*context)->ks_ops); + (*context)->ks_ops = NULL; + } + (*context)->ks_num_ops = 0; + free_error_table ((*context)->et_list); + free(*context); + *context = NULL; +} + + +/* + * + */ + +Certificate * +_hx509_get_cert(hx509_cert cert) +{ + return cert->data; +} + +/* + * + */ + +#if 0 +void +_hx509_print_cert_subject(hx509_cert cert) +{ + char *subject_name; + hx509_name name; + int ret; + + ret = hx509_cert_get_subject(cert, &name); + if (ret) + abort(); + + ret = hx509_name_to_string(name, &subject_name); + hx509_name_free(&name); + if (ret) + abort(); + + printf("name: %s\n", subject_name); + + free(subject_name); +} +#endif + +/* + * + */ + +int +_hx509_cert_get_version(const Certificate *t) +{ + return t->tbsCertificate.version ? *t->tbsCertificate.version + 1 : 1; +} + +int +hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert) +{ + int ret; + + *cert = malloc(sizeof(**cert)); + if (*cert == NULL) + return ENOMEM; + (*cert)->ref = 1; + (*cert)->friendlyname = NULL; + (*cert)->attrs.len = 0; + (*cert)->attrs.val = NULL; + (*cert)->private_key = NULL; + (*cert)->basename = NULL; + (*cert)->release = NULL; + (*cert)->ctx = NULL; + + (*cert)->data = calloc(1, sizeof(*(*cert)->data)); + if ((*cert)->data == NULL) { + free(*cert); + return ENOMEM; + } + ret = copy_Certificate(c, (*cert)->data); + if (ret) { + free((*cert)->data); + free(*cert); + } + return ret; +} + +void +_hx509_cert_set_release(hx509_cert cert, + _hx509_cert_release_func release, + void *ctx) +{ + cert->release = release; + cert->ctx = ctx; +} + + +/* Doesn't make a copy of `private_key'. */ + +int +_hx509_cert_assign_key(hx509_cert cert, hx509_private_key private_key) +{ + if (cert->private_key) + _hx509_private_key_free(&cert->private_key); + cert->private_key = _hx509_private_key_ref(private_key); + return 0; +} + +void +hx509_cert_free(hx509_cert cert) +{ + int i; + + if (cert == NULL) + return; + + if (cert->ref <= 0) + _hx509_abort("refcount <= 0"); + if (--cert->ref > 0) + return; + + if (cert->release) + (cert->release)(cert, cert->ctx); + + if (cert->private_key) + _hx509_private_key_free(&cert->private_key); + + free_Certificate(cert->data); + free(cert->data); + + for (i = 0; i < cert->attrs.len; i++) { + der_free_octet_string(&cert->attrs.val[i]->data); + der_free_oid(&cert->attrs.val[i]->oid); + free(cert->attrs.val[i]); + } + free(cert->attrs.val); + free(cert->friendlyname); + if (cert->basename) + hx509_name_free(&cert->basename); + memset(cert, 0, sizeof(cert)); + free(cert); +} + +hx509_cert +hx509_cert_ref(hx509_cert cert) +{ + if (cert->ref <= 0) + _hx509_abort("refcount <= 0"); + cert->ref++; + if (cert->ref == 0) + _hx509_abort("refcount == 0"); + return cert; +} + +int +hx509_verify_init_ctx(hx509_context context, hx509_verify_ctx *ctx) +{ + hx509_verify_ctx c; + + c = calloc(1, sizeof(*c)); + if (c == NULL) + return ENOMEM; + + c->max_depth = HX509_VERIFY_MAX_DEPTH; + + *ctx = c; + + return 0; +} + +void +hx509_verify_destroy_ctx(hx509_verify_ctx ctx) +{ + if (ctx) + memset(ctx, 0, sizeof(*ctx)); + free(ctx); +} + +void +hx509_verify_attach_anchors(hx509_verify_ctx ctx, hx509_certs set) +{ + ctx->trust_anchors = set; +} + +void +hx509_verify_attach_revoke(hx509_verify_ctx ctx, hx509_revoke_ctx revoke_ctx) +{ + ctx->revoke_ctx = revoke_ctx; +} + +void +hx509_verify_set_time(hx509_verify_ctx ctx, time_t t) +{ + ctx->flags |= HX509_VERIFY_CTX_F_TIME_SET; + ctx->time_now = t; +} + +void +hx509_verify_set_proxy_certificate(hx509_verify_ctx ctx, int boolean) +{ + if (boolean) + ctx->flags |= HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE; + else + ctx->flags &= ~HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE; +} + +void +hx509_verify_set_strict_rfc3280_verification(hx509_verify_ctx ctx, int boolean) +{ + if (boolean) + ctx->flags |= HX509_VERIFY_CTX_F_REQUIRE_RFC3280; + else + ctx->flags &= ~HX509_VERIFY_CTX_F_REQUIRE_RFC3280; +} + +static const Extension * +find_extension(const Certificate *cert, const heim_oid *oid, int *idx) +{ + const TBSCertificate *c = &cert->tbsCertificate; + + if (c->version == NULL || *c->version < 2 || c->extensions == NULL) + return NULL; + + for (;*idx < c->extensions->len; (*idx)++) { + if (der_heim_oid_cmp(&c->extensions->val[*idx].extnID, oid) == 0) + return &c->extensions->val[(*idx)++]; + } + return NULL; +} + +static int +find_extension_auth_key_id(const Certificate *subject, + AuthorityKeyIdentifier *ai) +{ + const Extension *e; + size_t size; + int i = 0; + + memset(ai, 0, sizeof(*ai)); + + e = find_extension(subject, oid_id_x509_ce_authorityKeyIdentifier(), &i); + if (e == NULL) + return HX509_EXTENSION_NOT_FOUND; + + return decode_AuthorityKeyIdentifier(e->extnValue.data, + e->extnValue.length, + ai, &size); +} + +int +_hx509_find_extension_subject_key_id(const Certificate *issuer, + SubjectKeyIdentifier *si) +{ + const Extension *e; + size_t size; + int i = 0; + + memset(si, 0, sizeof(*si)); + + e = find_extension(issuer, oid_id_x509_ce_subjectKeyIdentifier(), &i); + if (e == NULL) + return HX509_EXTENSION_NOT_FOUND; + + return decode_SubjectKeyIdentifier(e->extnValue.data, + e->extnValue.length, + si, &size); +} + +static int +find_extension_name_constraints(const Certificate *subject, + NameConstraints *nc) +{ + const Extension *e; + size_t size; + int i = 0; + + memset(nc, 0, sizeof(*nc)); + + e = find_extension(subject, oid_id_x509_ce_nameConstraints(), &i); + if (e == NULL) + return HX509_EXTENSION_NOT_FOUND; + + return decode_NameConstraints(e->extnValue.data, + e->extnValue.length, + nc, &size); +} + +static int +find_extension_subject_alt_name(const Certificate *cert, int *i, + GeneralNames *sa) +{ + const Extension *e; + size_t size; + + memset(sa, 0, sizeof(*sa)); + + e = find_extension(cert, oid_id_x509_ce_subjectAltName(), i); + if (e == NULL) + return HX509_EXTENSION_NOT_FOUND; + + return decode_GeneralNames(e->extnValue.data, + e->extnValue.length, + sa, &size); +} + +static int +find_extension_eku(const Certificate *cert, ExtKeyUsage *eku) +{ + const Extension *e; + size_t size; + int i = 0; + + memset(eku, 0, sizeof(*eku)); + + e = find_extension(cert, oid_id_x509_ce_extKeyUsage(), &i); + if (e == NULL) + return HX509_EXTENSION_NOT_FOUND; + + return decode_ExtKeyUsage(e->extnValue.data, + e->extnValue.length, + eku, &size); +} + +static int +add_to_list(hx509_octet_string_list *list, const heim_octet_string *entry) +{ + void *p; + int ret; + + p = realloc(list->val, (list->len + 1) * sizeof(list->val[0])); + if (p == NULL) + return ENOMEM; + list->val = p; + ret = der_copy_octet_string(entry, &list->val[list->len]); + if (ret) + return ret; + list->len++; + return 0; +} + +void +hx509_free_octet_string_list(hx509_octet_string_list *list) +{ + int i; + for (i = 0; i < list->len; i++) + der_free_octet_string(&list->val[i]); + free(list->val); + list->val = NULL; + list->len = 0; +} + +int +hx509_cert_find_subjectAltName_otherName(hx509_cert cert, + const heim_oid *oid, + hx509_octet_string_list *list) +{ + GeneralNames sa; + int ret, i, j; + + list->val = NULL; + list->len = 0; + + i = 0; + while (1) { + ret = find_extension_subject_alt_name(_hx509_get_cert(cert), &i, &sa); + i++; + if (ret == HX509_EXTENSION_NOT_FOUND) { + ret = 0; + break; + } else if (ret != 0) + break; + + + for (j = 0; j < sa.len; j++) { + if (sa.val[j].element == choice_GeneralName_otherName && + der_heim_oid_cmp(&sa.val[j].u.otherName.type_id, oid) == 0) + { + ret = add_to_list(list, &sa.val[j].u.otherName.value); + if (ret) { + free_GeneralNames(&sa); + return ret; + } + } + } + free_GeneralNames(&sa); + } + return ret; +} + + +static int +check_key_usage(hx509_context context, const Certificate *cert, + unsigned flags, int req_present) +{ + const Extension *e; + KeyUsage ku; + size_t size; + int ret, i = 0; + unsigned ku_flags; + + if (_hx509_cert_get_version(cert) < 3) + return 0; + + e = find_extension(cert, oid_id_x509_ce_keyUsage(), &i); + if (e == NULL) { + if (req_present) { + hx509_set_error_string(context, 0, HX509_KU_CERT_MISSING, + "Required extension key " + "usage missing from certifiate"); + return HX509_KU_CERT_MISSING; + } + return 0; + } + + ret = decode_KeyUsage(e->extnValue.data, e->extnValue.length, &ku, &size); + if (ret) + return ret; + ku_flags = KeyUsage2int(ku); + if ((ku_flags & flags) != flags) { + unsigned missing = (~ku_flags) & flags; + char buf[256], *name; + + unparse_flags(missing, asn1_KeyUsage_units(), buf, sizeof(buf)); + _hx509_unparse_Name(&cert->tbsCertificate.subject, &name); + hx509_set_error_string(context, 0, HX509_KU_CERT_MISSING, + "Key usage %s required but missing " + "from certifiate %s", buf, name); + free(name); + return HX509_KU_CERT_MISSING; + } + return 0; +} + +int +_hx509_check_key_usage(hx509_context context, hx509_cert cert, + unsigned flags, int req_present) +{ + return check_key_usage(context, _hx509_get_cert(cert), flags, req_present); +} + +enum certtype { PROXY_CERT, EE_CERT, CA_CERT }; + +static int +check_basic_constraints(hx509_context context, const Certificate *cert, + enum certtype type, int depth) +{ + BasicConstraints bc; + const Extension *e; + size_t size; + int ret, i = 0; + + if (_hx509_cert_get_version(cert) < 3) + return 0; + + e = find_extension(cert, oid_id_x509_ce_basicConstraints(), &i); + if (e == NULL) { + switch(type) { + case PROXY_CERT: + case EE_CERT: + return 0; + case CA_CERT: { + char *name; + ret = _hx509_unparse_Name(&cert->tbsCertificate.subject, &name); + assert(ret == 0); + hx509_set_error_string(context, 0, HX509_EXTENSION_NOT_FOUND, + "basicConstraints missing from " + "CA certifiacte %s", name); + free(name); + return HX509_EXTENSION_NOT_FOUND; + } + } + } + + ret = decode_BasicConstraints(e->extnValue.data, + e->extnValue.length, &bc, + &size); + if (ret) + return ret; + switch(type) { + case PROXY_CERT: + if (bc.cA != NULL && *bc.cA) + ret = HX509_PARENT_IS_CA; + break; + case EE_CERT: + ret = 0; + break; + case CA_CERT: + if (bc.cA == NULL || !*bc.cA) + ret = HX509_PARENT_NOT_CA; + else if (bc.pathLenConstraint) + if (depth - 1 > *bc.pathLenConstraint) + ret = HX509_CA_PATH_TOO_DEEP; + break; + } + free_BasicConstraints(&bc); + return ret; +} + +int +_hx509_cert_is_parent_cmp(const Certificate *subject, + const Certificate *issuer, + int allow_self_signed) +{ + int diff; + AuthorityKeyIdentifier ai; + SubjectKeyIdentifier si; + int ret_ai, ret_si; + + diff = _hx509_name_cmp(&issuer->tbsCertificate.subject, + &subject->tbsCertificate.issuer); + if (diff) + return diff; + + memset(&ai, 0, sizeof(ai)); + memset(&si, 0, sizeof(si)); + + /* + * Try to find AuthorityKeyIdentifier, if its not present in the + * subject certificate nor the parent. + */ + + ret_ai = find_extension_auth_key_id(subject, &ai); + if (ret_ai && ret_ai != HX509_EXTENSION_NOT_FOUND) + return 1; + ret_si = _hx509_find_extension_subject_key_id(issuer, &si); + if (ret_si && ret_si != HX509_EXTENSION_NOT_FOUND) + return -1; + + if (ret_si && ret_ai) + goto out; + if (ret_ai) + goto out; + if (ret_si) { + if (allow_self_signed) { + diff = 0; + goto out; + } else if (ai.keyIdentifier) { + diff = -1; + goto out; + } + } + + if (ai.keyIdentifier == NULL) { + Name name; + + if (ai.authorityCertIssuer == NULL) + return -1; + if (ai.authorityCertSerialNumber == NULL) + return -1; + + diff = der_heim_integer_cmp(ai.authorityCertSerialNumber, + &issuer->tbsCertificate.serialNumber); + if (diff) + return diff; + if (ai.authorityCertIssuer->len != 1) + return -1; + if (ai.authorityCertIssuer->val[0].element != choice_GeneralName_directoryName) + return -1; + + name.element = + ai.authorityCertIssuer->val[0].u.directoryName.element; + name.u.rdnSequence = + ai.authorityCertIssuer->val[0].u.directoryName.u.rdnSequence; + + diff = _hx509_name_cmp(&issuer->tbsCertificate.subject, + &name); + if (diff) + return diff; + diff = 0; + } else + diff = der_heim_octet_string_cmp(ai.keyIdentifier, &si); + if (diff) + goto out; + + out: + free_AuthorityKeyIdentifier(&ai); + free_SubjectKeyIdentifier(&si); + return diff; +} + +static int +certificate_is_anchor(hx509_context context, + hx509_certs trust_anchors, + const hx509_cert cert) +{ + hx509_query q; + hx509_cert c; + int ret; + + if (trust_anchors == NULL) + return 0; + + _hx509_query_clear(&q); + + q.match = HX509_QUERY_MATCH_CERTIFICATE; + q.certificate = _hx509_get_cert(cert); + + ret = hx509_certs_find(context, trust_anchors, &q, &c); + if (ret == 0) + hx509_cert_free(c); + return ret == 0; +} + +static int +certificate_is_self_signed(const Certificate *cert) +{ + return _hx509_cert_is_parent_cmp(cert, cert, 1) == 0; +} + +/* + * The subjectName is "null" when its empty set of relative DBs. + */ + +static int +subject_null_p(const Certificate *c) +{ + return c->tbsCertificate.subject.u.rdnSequence.len == 0; +} + + +static int +find_parent(hx509_context context, + time_t time_now, + hx509_certs trust_anchors, + hx509_path *path, + hx509_certs pool, + hx509_cert current, + hx509_cert *parent) +{ + AuthorityKeyIdentifier ai; + hx509_query q; + int ret; + + *parent = NULL; + memset(&ai, 0, sizeof(ai)); + + _hx509_query_clear(&q); + + if (!subject_null_p(current->data)) { + q.match |= HX509_QUERY_FIND_ISSUER_CERT; + q.subject = _hx509_get_cert(current); + } else { + ret = find_extension_auth_key_id(current->data, &ai); + if (ret) { + hx509_set_error_string(context, 0, HX509_CERTIFICATE_MALFORMED, + "Subjectless certificate missing AuthKeyID"); + return HX509_CERTIFICATE_MALFORMED; + } + + if (ai.keyIdentifier == NULL) { + free_AuthorityKeyIdentifier(&ai); + hx509_set_error_string(context, 0, HX509_CERTIFICATE_MALFORMED, + "Subjectless certificate missing keyIdentifier " + "inside AuthKeyID"); + return HX509_CERTIFICATE_MALFORMED; + } + + q.subject_id = ai.keyIdentifier; + q.match = HX509_QUERY_MATCH_SUBJECT_KEY_ID; + } + + q.path = path; + q.match |= HX509_QUERY_NO_MATCH_PATH; + + if (pool) { + q.timenow = time_now; + q.match |= HX509_QUERY_MATCH_TIME; + + ret = hx509_certs_find(context, pool, &q, parent); + if (ret == 0) { + free_AuthorityKeyIdentifier(&ai); + return 0; + } + q.match &= ~HX509_QUERY_MATCH_TIME; + } + + if (trust_anchors) { + ret = hx509_certs_find(context, trust_anchors, &q, parent); + if (ret == 0) { + free_AuthorityKeyIdentifier(&ai); + return ret; + } + } + free_AuthorityKeyIdentifier(&ai); + + { + hx509_name name; + char *str; + + ret = hx509_cert_get_subject(current, &name); + if (ret) { + hx509_clear_error_string(context); + return HX509_ISSUER_NOT_FOUND; + } + ret = hx509_name_to_string(name, &str); + hx509_name_free(&name); + if (ret) { + hx509_clear_error_string(context); + return HX509_ISSUER_NOT_FOUND; + } + + hx509_set_error_string(context, 0, HX509_ISSUER_NOT_FOUND, + "Failed to find issuer for " + "certificate with subject: %s", str); + free(str); + } + return HX509_ISSUER_NOT_FOUND; +} + +/* + * + */ + +static int +is_proxy_cert(hx509_context context, const Certificate *cert, ProxyCertInfo *rinfo) +{ + ProxyCertInfo info; + const Extension *e; + size_t size; + int ret, i = 0; + + if (rinfo) + memset(rinfo, 0, sizeof(*rinfo)); + + e = find_extension(cert, oid_id_pe_proxyCertInfo(), &i); + if (e == NULL) { + hx509_clear_error_string(context); + return HX509_EXTENSION_NOT_FOUND; + } + + ret = decode_ProxyCertInfo(e->extnValue.data, + e->extnValue.length, + &info, + &size); + if (ret) { + hx509_clear_error_string(context); + return ret; + } + if (size != e->extnValue.length) { + free_ProxyCertInfo(&info); + hx509_clear_error_string(context); + return HX509_EXTRA_DATA_AFTER_STRUCTURE; + } + if (rinfo) + *rinfo = info; + + return 0; +} + +/* + * Path operations are like MEMORY based keyset, but with exposed + * internal so we can do easy searches. + */ + +int +_hx509_path_append(hx509_context context, hx509_path *path, hx509_cert cert) +{ + hx509_cert *val; + val = realloc(path->val, (path->len + 1) * sizeof(path->val[0])); + if (val == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + + path->val = val; + path->val[path->len] = hx509_cert_ref(cert); + path->len++; + + return 0; +} + +void +_hx509_path_free(hx509_path *path) +{ + unsigned i; + + for (i = 0; i < path->len; i++) + hx509_cert_free(path->val[i]); + free(path->val); + path->val = NULL; + path->len = 0; +} + +/* + * Find path by looking up issuer for the top certificate and continue + * until an anchor certificate is found or max limit is found. A + * certificate never included twice in the path. + * + * If the trust anchors are not given, calculate optimistic path, just + * follow the chain upward until we no longer find a parent or we hit + * the max path limit. In this case, a failure will always be returned + * depending on what error condition is hit first. + * + * The path includes a path from the top certificate to the anchor + * certificate. + * + * The caller needs to free `path´ both on successful built path and + * failure. + */ + +int +_hx509_calculate_path(hx509_context context, + int flags, + time_t time_now, + hx509_certs anchors, + unsigned int max_depth, + hx509_cert cert, + hx509_certs pool, + hx509_path *path) +{ + hx509_cert parent, current; + int ret; + + if (max_depth == 0) + max_depth = HX509_VERIFY_MAX_DEPTH; + + ret = _hx509_path_append(context, path, cert); + if (ret) + return ret; + + current = hx509_cert_ref(cert); + + while (!certificate_is_anchor(context, anchors, current)) { + + ret = find_parent(context, time_now, anchors, path, + pool, current, &parent); + hx509_cert_free(current); + if (ret) + return ret; + + ret = _hx509_path_append(context, path, parent); + if (ret) + return ret; + current = parent; + + if (path->len > max_depth) { + hx509_set_error_string(context, 0, HX509_PATH_TOO_LONG, + "Path too long while bulding certificate chain"); + return HX509_PATH_TOO_LONG; + } + } + + if ((flags & HX509_CALCULATE_PATH_NO_ANCHOR) && + path->len > 0 && + certificate_is_anchor(context, anchors, path->val[path->len - 1])) + { + hx509_cert_free(path->val[path->len - 1]); + path->len--; + } + + hx509_cert_free(current); + return 0; +} + +static int +AlgorithmIdentifier_cmp(const AlgorithmIdentifier *p, + const AlgorithmIdentifier *q) +{ + int diff; + diff = der_heim_oid_cmp(&p->algorithm, &q->algorithm); + if (diff) + return diff; + if (p->parameters) { + if (q->parameters) + return heim_any_cmp(p->parameters, + q->parameters); + else + return 1; + } else { + if (q->parameters) + return -1; + else + return 0; + } +} + +int +_hx509_Certificate_cmp(const Certificate *p, const Certificate *q) +{ + int diff; + diff = der_heim_bit_string_cmp(&p->signatureValue, &q->signatureValue); + if (diff) + return diff; + diff = AlgorithmIdentifier_cmp(&p->signatureAlgorithm, + &q->signatureAlgorithm); + if (diff) + return diff; + diff = der_heim_octet_string_cmp(&p->tbsCertificate._save, + &q->tbsCertificate._save); + return diff; +} + +int +hx509_cert_cmp(hx509_cert p, hx509_cert q) +{ + return _hx509_Certificate_cmp(p->data, q->data); +} + +int +hx509_cert_get_issuer(hx509_cert p, hx509_name *name) +{ + return _hx509_name_from_Name(&p->data->tbsCertificate.issuer, name); +} + +int +hx509_cert_get_subject(hx509_cert p, hx509_name *name) +{ + return _hx509_name_from_Name(&p->data->tbsCertificate.subject, name); +} + +int +hx509_cert_get_base_subject(hx509_context context, hx509_cert c, + hx509_name *name) +{ + if (c->basename) + return hx509_name_copy(context, c->basename, name); + if (is_proxy_cert(context, c->data, NULL) == 0) { + int ret = HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED; + hx509_set_error_string(context, 0, ret, + "Proxy certificate have not been " + "canonicalize yet, no base name"); + return ret; + } + return _hx509_name_from_Name(&c->data->tbsCertificate.subject, name); +} + +int +hx509_cert_get_serialnumber(hx509_cert p, heim_integer *i) +{ + return der_copy_heim_integer(&p->data->tbsCertificate.serialNumber, i); +} + +hx509_private_key +_hx509_cert_private_key(hx509_cert p) +{ + return p->private_key; +} + +int +_hx509_cert_private_key_exportable(hx509_cert p) +{ + if (p->private_key == NULL) + return 0; + return _hx509_private_key_exportable(p->private_key); +} + +int +_hx509_cert_private_decrypt(hx509_context context, + const heim_octet_string *ciphertext, + const heim_oid *encryption_oid, + hx509_cert p, + heim_octet_string *cleartext) +{ + cleartext->data = NULL; + cleartext->length = 0; + + if (p->private_key == NULL) { + hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING, + "Private key missing"); + return HX509_PRIVATE_KEY_MISSING; + } + + return _hx509_private_key_private_decrypt(context, + ciphertext, + encryption_oid, + p->private_key, + cleartext); +} + +int +_hx509_cert_public_encrypt(hx509_context context, + const heim_octet_string *cleartext, + const hx509_cert p, + heim_oid *encryption_oid, + heim_octet_string *ciphertext) +{ + return _hx509_public_encrypt(context, + cleartext, p->data, + encryption_oid, ciphertext); +} + +/* + * + */ + +time_t +_hx509_Time2time_t(const Time *t) +{ + switch(t->element) { + case choice_Time_utcTime: + return t->u.utcTime; + case choice_Time_generalTime: + return t->u.generalTime; + } + return 0; +} + +/* + * + */ + +static int +init_name_constraints(hx509_name_constraints *nc) +{ + memset(nc, 0, sizeof(*nc)); + return 0; +} + +static int +add_name_constraints(hx509_context context, const Certificate *c, int not_ca, + hx509_name_constraints *nc) +{ + NameConstraints tnc; + int ret; + + ret = find_extension_name_constraints(c, &tnc); + if (ret == HX509_EXTENSION_NOT_FOUND) + return 0; + else if (ret) { + hx509_set_error_string(context, 0, ret, "Failed getting NameConstraints"); + return ret; + } else if (not_ca) { + ret = HX509_VERIFY_CONSTRAINTS; + hx509_set_error_string(context, 0, ret, "Not a CA and " + "have NameConstraints"); + } else { + NameConstraints *val; + val = realloc(nc->val, sizeof(nc->val[0]) * (nc->len + 1)); + if (val == NULL) { + hx509_clear_error_string(context); + ret = ENOMEM; + goto out; + } + nc->val = val; + ret = copy_NameConstraints(&tnc, &nc->val[nc->len]); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + nc->len += 1; + } +out: + free_NameConstraints(&tnc); + return ret; +} + +static int +match_RDN(const RelativeDistinguishedName *c, + const RelativeDistinguishedName *n) +{ + int i; + + if (c->len != n->len) + return HX509_NAME_CONSTRAINT_ERROR; + + for (i = 0; i < n->len; i++) { + if (der_heim_oid_cmp(&c->val[i].type, &n->val[i].type) != 0) + return HX509_NAME_CONSTRAINT_ERROR; + if (_hx509_name_ds_cmp(&c->val[i].value, &n->val[i].value) != 0) + return HX509_NAME_CONSTRAINT_ERROR; + } + return 0; +} + +static int +match_X501Name(const Name *c, const Name *n) +{ + int i, ret; + + if (c->element != choice_Name_rdnSequence + || n->element != choice_Name_rdnSequence) + return 0; + if (c->u.rdnSequence.len > n->u.rdnSequence.len) + return HX509_NAME_CONSTRAINT_ERROR; + for (i = 0; i < c->u.rdnSequence.len; i++) { + ret = match_RDN(&c->u.rdnSequence.val[i], &n->u.rdnSequence.val[i]); + if (ret) + return ret; + } + return 0; +} + + +static int +match_general_name(const GeneralName *c, const GeneralName *n, int *match) +{ + /* + * Name constraints only apply to the same name type, see RFC3280, + * 4.2.1.11. + */ + assert(c->element == n->element); + + switch(c->element) { + case choice_GeneralName_otherName: + if (der_heim_oid_cmp(&c->u.otherName.type_id, + &n->u.otherName.type_id) != 0) + return HX509_NAME_CONSTRAINT_ERROR; + if (heim_any_cmp(&c->u.otherName.value, + &n->u.otherName.value) != 0) + return HX509_NAME_CONSTRAINT_ERROR; + *match = 1; + return 0; + case choice_GeneralName_rfc822Name: { + const char *s; + size_t len1, len2; + s = strchr(c->u.rfc822Name, '@'); + if (s) { + if (strcasecmp(c->u.rfc822Name, n->u.rfc822Name) != 0) + return HX509_NAME_CONSTRAINT_ERROR; + } else { + s = strchr(n->u.rfc822Name, '@'); + if (s == NULL) + return HX509_NAME_CONSTRAINT_ERROR; + len1 = strlen(c->u.rfc822Name); + len2 = strlen(s + 1); + if (len1 > len2) + return HX509_NAME_CONSTRAINT_ERROR; + if (strcasecmp(s + 1 + len2 - len1, c->u.rfc822Name) != 0) + return HX509_NAME_CONSTRAINT_ERROR; + if (len1 < len2 && s[len2 - len1] != '.') + return HX509_NAME_CONSTRAINT_ERROR; + } + *match = 1; + return 0; + } + case choice_GeneralName_dNSName: { + size_t len1, len2; + + len1 = strlen(c->u.dNSName); + len2 = strlen(n->u.dNSName); + if (len1 > len2) + return HX509_NAME_CONSTRAINT_ERROR; + if (strcasecmp(&n->u.dNSName[len2 - len1], c->u.dNSName) != 0) + return HX509_NAME_CONSTRAINT_ERROR; + *match = 1; + return 0; + } + case choice_GeneralName_directoryName: { + Name c_name, n_name; + int ret; + + c_name._save.data = NULL; + c_name._save.length = 0; + c_name.element = c->u.directoryName.element; + c_name.u.rdnSequence = c->u.directoryName.u.rdnSequence; + + n_name._save.data = NULL; + n_name._save.length = 0; + n_name.element = n->u.directoryName.element; + n_name.u.rdnSequence = n->u.directoryName.u.rdnSequence; + + ret = match_X501Name(&c_name, &n_name); + if (ret == 0) + *match = 1; + return ret; + } + case choice_GeneralName_uniformResourceIdentifier: + case choice_GeneralName_iPAddress: + case choice_GeneralName_registeredID: + default: + return HX509_NAME_CONSTRAINT_ERROR; + } +} + +static int +match_alt_name(const GeneralName *n, const Certificate *c, + int *same, int *match) +{ + GeneralNames sa; + int ret, i, j; + + i = 0; + do { + ret = find_extension_subject_alt_name(c, &i, &sa); + if (ret == HX509_EXTENSION_NOT_FOUND) { + ret = 0; + break; + } else if (ret != 0) + break; + + for (j = 0; j < sa.len; j++) { + if (n->element == sa.val[j].element) { + *same = 1; + ret = match_general_name(n, &sa.val[j], match); + } + } + free_GeneralNames(&sa); + } while (1); + + return ret; +} + + +static int +match_tree(const GeneralSubtrees *t, const Certificate *c, int *match) +{ + int name, alt_name, same; + unsigned int i; + int ret = 0; + + name = alt_name = same = *match = 0; + for (i = 0; i < t->len; i++) { + if (t->val[i].minimum && t->val[i].maximum) + return HX509_RANGE; + + /* + * If the constraint apply to directoryNames, test is with + * subjectName of the certificate if the certificate have a + * non-null (empty) subjectName. + */ + + if (t->val[i].base.element == choice_GeneralName_directoryName + && !subject_null_p(c)) + { + GeneralName certname; + + + certname.element = choice_GeneralName_directoryName; + certname.u.directoryName.element = + c->tbsCertificate.subject.element; + certname.u.directoryName.u.rdnSequence = + c->tbsCertificate.subject.u.rdnSequence; + + ret = match_general_name(&t->val[i].base, &certname, &name); + } + + /* Handle subjectAltNames, this is icky since they + * restrictions only apply if the subjectAltName is of the + * same type. So if there have been a match of type, require + * altname to be set. + */ + ret = match_alt_name(&t->val[i].base, c, &same, &alt_name); + } + if (name && (!same || alt_name)) + *match = 1; + return ret; +} + +static int +check_name_constraints(hx509_context context, + const hx509_name_constraints *nc, + const Certificate *c) +{ + int match, ret; + int i; + + for (i = 0 ; i < nc->len; i++) { + GeneralSubtrees gs; + + if (nc->val[i].permittedSubtrees) { + GeneralSubtrees_SET(&gs, nc->val[i].permittedSubtrees); + ret = match_tree(&gs, c, &match); + if (ret) { + hx509_clear_error_string(context); + return ret; + } + /* allow null subjectNames, they wont matches anything */ + if (match == 0 && !subject_null_p(c)) { + hx509_clear_error_string(context); + return HX509_VERIFY_CONSTRAINTS; + } + } + if (nc->val[i].excludedSubtrees) { + GeneralSubtrees_SET(&gs, nc->val[i].excludedSubtrees); + ret = match_tree(&gs, c, &match); + if (ret) { + hx509_clear_error_string(context); + return ret; + } + if (match) { + hx509_clear_error_string(context); + return HX509_VERIFY_CONSTRAINTS; + } + } + } + return 0; +} + +static void +free_name_constraints(hx509_name_constraints *nc) +{ + int i; + + for (i = 0 ; i < nc->len; i++) + free_NameConstraints(&nc->val[i]); + free(nc->val); +} + +int +hx509_verify_path(hx509_context context, + hx509_verify_ctx ctx, + hx509_cert cert, + hx509_certs pool) +{ + hx509_name_constraints nc; + hx509_path path; +#if 0 + const AlgorithmIdentifier *alg_id; +#endif + int ret, i, proxy_cert_depth; + enum certtype type; + Name proxy_issuer; + + memset(&proxy_issuer, 0, sizeof(proxy_issuer)); + + ret = init_name_constraints(&nc); + if (ret) + return ret; + + path.val = NULL; + path.len = 0; + + if ((ctx->flags & HX509_VERIFY_CTX_F_TIME_SET) == 0) + ctx->time_now = time(NULL); + + /* + * Calculate the path from the certificate user presented to the + * to an anchor. + */ + ret = _hx509_calculate_path(context, 0, ctx->time_now, + ctx->trust_anchors, ctx->max_depth, + cert, pool, &path); + if (ret) + goto out; + +#if 0 + alg_id = path.val[path->len - 1]->data->tbsCertificate.signature; +#endif + + /* + * Check CA and proxy certificate chain from the top of the + * certificate chain. Also check certificate is valid with respect + * to the current time. + * + */ + + proxy_cert_depth = 0; + + if (ctx->flags & HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE) + type = PROXY_CERT; + else + type = EE_CERT; + + for (i = 0; i < path.len; i++) { + Certificate *c; + time_t t; + + c = _hx509_get_cert(path.val[i]); + + /* + * Lets do some basic check on issuer like + * keyUsage.keyCertSign and basicConstraints.cA bit depending + * on what type of certificate this is. + */ + + switch (type) { + case CA_CERT: + /* XXX make constants for keyusage */ + ret = check_key_usage(context, c, 1 << 5, + REQUIRE_RFC3280(ctx) ? TRUE : FALSE); + if (ret) { + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + "Key usage missing from CA certificate"); + goto out; + } + break; + case PROXY_CERT: { + ProxyCertInfo info; + + if (is_proxy_cert(context, c, &info) == 0) { + int j; + + if (info.pCPathLenConstraint != NULL && + *info.pCPathLenConstraint < i) + { + free_ProxyCertInfo(&info); + ret = HX509_PATH_TOO_LONG; + hx509_set_error_string(context, 0, ret, + "Proxy certificate chain " + "longer then allowed"); + goto out; + } + /* XXX MUST check info.proxyPolicy */ + free_ProxyCertInfo(&info); + + j = 0; + if (find_extension(c, oid_id_x509_ce_subjectAltName(), &j)) { + ret = HX509_PROXY_CERT_INVALID; + hx509_set_error_string(context, 0, ret, + "Proxy certificate have explicity " + "forbidden subjectAltName"); + goto out; + } + + j = 0; + if (find_extension(c, oid_id_x509_ce_issuerAltName(), &j)) { + ret = HX509_PROXY_CERT_INVALID; + hx509_set_error_string(context, 0, ret, + "Proxy certificate have explicity " + "forbidden issuerAltName"); + goto out; + } + + /* + * The subject name of the proxy certificate should be + * CN=XXX,, prune of CN and check if its + * the same over the whole chain of proxy certs and + * then check with the EE cert when we get to it. + */ + + if (proxy_cert_depth) { + ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.subject); + if (ret) { + ret = HX509_PROXY_CERT_NAME_WRONG; + hx509_set_error_string(context, 0, ret, + "Base proxy name not right"); + goto out; + } + } + + free_Name(&proxy_issuer); + + ret = copy_Name(&c->tbsCertificate.subject, &proxy_issuer); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + + j = proxy_issuer.u.rdnSequence.len; + if (proxy_issuer.u.rdnSequence.len < 2 + || proxy_issuer.u.rdnSequence.val[j - 1].len > 1 + || der_heim_oid_cmp(&proxy_issuer.u.rdnSequence.val[j - 1].val[0].type, + oid_id_at_commonName())) + { + ret = HX509_PROXY_CERT_NAME_WRONG; + hx509_set_error_string(context, 0, ret, + "Proxy name too short or " + "does not have Common name " + "at the top"); + goto out; + } + + free_RelativeDistinguishedName(&proxy_issuer.u.rdnSequence.val[j - 1]); + proxy_issuer.u.rdnSequence.len -= 1; + + ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.issuer); + if (ret != 0) { + ret = HX509_PROXY_CERT_NAME_WRONG; + hx509_set_error_string(context, 0, ret, + "Proxy issuer name not as expected"); + goto out; + } + + break; + } else { + /* + * Now we are done with the proxy certificates, this + * cert was an EE cert and we we will fall though to + * EE checking below. + */ + type = EE_CERT; + /* FALLTHOUGH */ + } + } + case EE_CERT: + /* + * If there where any proxy certificates in the chain + * (proxy_cert_depth > 0), check that the proxy issuer + * matched proxy certificates "base" subject. + */ + if (proxy_cert_depth) { + + ret = _hx509_name_cmp(&proxy_issuer, + &c->tbsCertificate.subject); + if (ret) { + ret = HX509_PROXY_CERT_NAME_WRONG; + hx509_clear_error_string(context); + goto out; + } + if (cert->basename) + hx509_name_free(&cert->basename); + + ret = _hx509_name_from_Name(&proxy_issuer, &cert->basename); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + } + + break; + } + + ret = check_basic_constraints(context, c, type, i - proxy_cert_depth); + if (ret) + goto out; + + /* + * Don't check the trust anchors expiration time since they + * are transported out of band, from RFC3820. + */ + if (i + 1 != path.len || CHECK_TA(ctx)) { + + t = _hx509_Time2time_t(&c->tbsCertificate.validity.notBefore); + if (t > ctx->time_now) { + ret = HX509_CERT_USED_BEFORE_TIME; + hx509_clear_error_string(context); + goto out; + } + t = _hx509_Time2time_t(&c->tbsCertificate.validity.notAfter); + if (t < ctx->time_now) { + ret = HX509_CERT_USED_AFTER_TIME; + hx509_clear_error_string(context); + goto out; + } + } + + if (type == EE_CERT) + type = CA_CERT; + else if (type == PROXY_CERT) + proxy_cert_depth++; + } + + /* + * Verify constraints, do this backward so path constraints are + * checked in the right order. + */ + + for (ret = 0, i = path.len - 1; i >= 0; i--) { + Certificate *c; + + c = _hx509_get_cert(path.val[i]); + +#if 0 + /* check that algorithm and parameters is the same */ + /* XXX this is wrong */ + ret = alg_cmp(&c->tbsCertificate.signature, alg_id); + if (ret) { + hx509_clear_error_string(context); + ret = HX509_PATH_ALGORITHM_CHANGED; + goto out; + } +#endif + + /* verify name constraints, not for selfsigned and anchor */ + if (!certificate_is_self_signed(c) || i == path.len - 1) { + ret = check_name_constraints(context, &nc, c); + if (ret) { + goto out; + } + } + ret = add_name_constraints(context, c, i == 0, &nc); + if (ret) + goto out; + + /* XXX verify all other silly constraints */ + + } + + /* + * Verify that no certificates has been revoked. + */ + + if (ctx->revoke_ctx) { + hx509_certs certs; + + ret = hx509_certs_init(context, "MEMORY:revoke-certs", 0, + NULL, &certs); + if (ret) + goto out; + + for (i = 0; i < path.len; i++) { + ret = hx509_certs_add(context, certs, path.val[i]); + if (ret) { + hx509_certs_free(&certs); + goto out; + } + } + ret = hx509_certs_merge(context, certs, pool); + if (ret) { + hx509_certs_free(&certs); + goto out; + } + + for (i = 0; i < path.len - 1; i++) { + int parent = (i < path.len - 1) ? i + 1 : i; + + ret = hx509_revoke_verify(context, + ctx->revoke_ctx, + certs, + ctx->time_now, + path.val[i], + path.val[parent]); + if (ret) { + hx509_certs_free(&certs); + goto out; + } + } + hx509_certs_free(&certs); + } + +#if 0 + for (i = path.len - 1; i >= 0; i--) { + _hx509_print_cert_subject(path.val[i]); + } +#endif + + /* + * Verify signatures, do this backward so public key working + * parameter is passed up from the anchor up though the chain. + */ + + for (i = path.len - 1; i >= 0; i--) { + Certificate *signer, *c; + + c = _hx509_get_cert(path.val[i]); + + /* is last in chain (trust anchor) */ + if (i == path.len - 1) { + signer = path.val[i]->data; + + /* if trust anchor is not self signed, don't check sig */ + if (!certificate_is_self_signed(signer)) + continue; + } else { + /* take next certificate in chain */ + signer = path.val[i + 1]->data; + } + + /* verify signatureValue */ + ret = _hx509_verify_signature_bitstring(context, + signer, + &c->signatureAlgorithm, + &c->tbsCertificate._save, + &c->signatureValue); + if (ret) { + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + "Failed to verify signature of certificate"); + goto out; + } + } + +out: + free_Name(&proxy_issuer); + free_name_constraints(&nc); + _hx509_path_free(&path); + + return ret; +} + +int +hx509_verify_signature(hx509_context context, + const hx509_cert signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + const heim_octet_string *sig) +{ + return _hx509_verify_signature(context, signer->data, alg, data, sig); +} + +int +hx509_verify_hostname(hx509_context context, + const hx509_cert cert, + int require_match, + const char *hostname, + const struct sockaddr *sa, + /* XXX krb5_socklen_t */ int sa_size) +{ + if (sa && sa_size <= 0) + return EINVAL; + return 0; +} + +int +_hx509_set_cert_attribute(hx509_context context, + hx509_cert cert, + const heim_oid *oid, + const heim_octet_string *attr) +{ + hx509_cert_attribute a; + void *d; + + if (hx509_cert_get_attribute(cert, oid) != NULL) + return 0; + + d = realloc(cert->attrs.val, + sizeof(cert->attrs.val[0]) * (cert->attrs.len + 1)); + if (d == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + cert->attrs.val = d; + + a = malloc(sizeof(*a)); + if (a == NULL) + return ENOMEM; + + der_copy_octet_string(attr, &a->data); + der_copy_oid(oid, &a->oid); + + cert->attrs.val[cert->attrs.len] = a; + cert->attrs.len++; + + return 0; +} + +hx509_cert_attribute +hx509_cert_get_attribute(hx509_cert cert, const heim_oid *oid) +{ + int i; + for (i = 0; i < cert->attrs.len; i++) + if (der_heim_oid_cmp(oid, &cert->attrs.val[i]->oid) == 0) + return cert->attrs.val[i]; + return NULL; +} + +int +hx509_cert_set_friendly_name(hx509_cert cert, const char *name) +{ + if (cert->friendlyname) + free(cert->friendlyname); + cert->friendlyname = strdup(name); + if (cert->friendlyname == NULL) + return ENOMEM; + return 0; +} + + +const char * +hx509_cert_get_friendly_name(hx509_cert cert) +{ + hx509_cert_attribute a; + PKCS9_friendlyName n; + size_t sz; + int ret, i; + + if (cert->friendlyname) + return cert->friendlyname; + + a = hx509_cert_get_attribute(cert, oid_id_pkcs_9_at_friendlyName()); + if (a == NULL) { + /* XXX use subject name ? */ + return NULL; + } + + ret = decode_PKCS9_friendlyName(a->data.data, a->data.length, &n, &sz); + if (ret) + return NULL; + + if (n.len != 1) { + free_PKCS9_friendlyName(&n); + return NULL; + } + + cert->friendlyname = malloc(n.val[0].length + 1); + if (cert->friendlyname == NULL) { + free_PKCS9_friendlyName(&n); + return NULL; + } + + for (i = 0; i < n.val[0].length; i++) { + if (n.val[0].data[i] <= 0xff) + cert->friendlyname[i] = n.val[0].data[i] & 0xff; + else + cert->friendlyname[i] = 'X'; + } + cert->friendlyname[i] = '\0'; + free_PKCS9_friendlyName(&n); + + return cert->friendlyname; +} + +void +_hx509_query_clear(hx509_query *q) +{ + memset(q, 0, sizeof(*q)); +} + +int +hx509_query_alloc(hx509_context context, hx509_query **q) +{ + *q = calloc(1, sizeof(**q)); + if (*q == NULL) + return ENOMEM; + return 0; +} + +void +hx509_query_match_option(hx509_query *q, hx509_query_option option) +{ + switch(option) { + case HX509_QUERY_OPTION_PRIVATE_KEY: + q->match |= HX509_QUERY_PRIVATE_KEY; + break; + case HX509_QUERY_OPTION_KU_ENCIPHERMENT: + q->match |= HX509_QUERY_KU_ENCIPHERMENT; + break; + case HX509_QUERY_OPTION_KU_DIGITALSIGNATURE: + q->match |= HX509_QUERY_KU_DIGITALSIGNATURE; + break; + case HX509_QUERY_OPTION_KU_KEYCERTSIGN: + q->match |= HX509_QUERY_KU_KEYCERTSIGN; + break; + case HX509_QUERY_OPTION_END: + default: + break; + } +} + +int +hx509_query_match_issuer_serial(hx509_query *q, + const Name *issuer, + const heim_integer *serialNumber) +{ + int ret; + if (q->serial) { + der_free_heim_integer(q->serial); + free(q->serial); + } + q->serial = malloc(sizeof(*q->serial)); + if (q->serial == NULL) + return ENOMEM; + ret = der_copy_heim_integer(serialNumber, q->serial); + if (ret) { + free(q->serial); + q->serial = NULL; + return ret; + } + if (q->issuer_name) { + free_Name(q->issuer_name); + free(q->issuer_name); + } + q->issuer_name = malloc(sizeof(*q->issuer_name)); + if (q->issuer_name == NULL) + return ENOMEM; + ret = copy_Name(issuer, q->issuer_name); + if (ret) { + free(q->issuer_name); + q->issuer_name = NULL; + return ret; + } + q->match |= HX509_QUERY_MATCH_SERIALNUMBER|HX509_QUERY_MATCH_ISSUER_NAME; + return 0; +} + + +int +hx509_query_match_friendly_name(hx509_query *q, const char *name) +{ + if (q->friendlyname) + free(q->friendlyname); + q->friendlyname = strdup(name); + if (q->friendlyname == NULL) + return ENOMEM; + q->match |= HX509_QUERY_MATCH_FRIENDLY_NAME; + return 0; +} + +int +hx509_query_match_cmp_func(hx509_query *q, + int (*func)(void *, hx509_cert), + void *ctx) +{ + if (func) + q->match |= HX509_QUERY_MATCH_FUNCTION; + else + q->match &= ~HX509_QUERY_MATCH_FUNCTION; + q->cmp_func = func; + q->cmp_func_ctx = ctx; + return 0; +} + + +void +hx509_query_free(hx509_context context, hx509_query *q) +{ + if (q->serial) { + der_free_heim_integer(q->serial); + free(q->serial); + q->serial = NULL; + } + if (q->issuer_name) { + free_Name(q->issuer_name); + free(q->issuer_name); + q->issuer_name = NULL; + } + if (q) { + free(q->friendlyname); + memset(q, 0, sizeof(*q)); + } + free(q); +} + +int +_hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert cert) +{ + Certificate *c = _hx509_get_cert(cert); + + if ((q->match & HX509_QUERY_FIND_ISSUER_CERT) && + _hx509_cert_is_parent_cmp(q->subject, c, 0) != 0) + return 0; + + if ((q->match & HX509_QUERY_MATCH_CERTIFICATE) && + _hx509_Certificate_cmp(q->certificate, c) != 0) + return 0; + + if ((q->match & HX509_QUERY_MATCH_SERIALNUMBER) + && der_heim_integer_cmp(&c->tbsCertificate.serialNumber, q->serial) != 0) + return 0; + + if ((q->match & HX509_QUERY_MATCH_ISSUER_NAME) + && _hx509_name_cmp(&c->tbsCertificate.issuer, q->issuer_name) != 0) + return 0; + + if ((q->match & HX509_QUERY_MATCH_SUBJECT_NAME) + && _hx509_name_cmp(&c->tbsCertificate.subject, q->subject_name) != 0) + return 0; + + if (q->match & HX509_QUERY_MATCH_SUBJECT_KEY_ID) { + SubjectKeyIdentifier si; + int ret; + + ret = _hx509_find_extension_subject_key_id(c, &si); + if (ret == 0) { + if (der_heim_octet_string_cmp(&si, q->subject_id) != 0) + ret = 1; + free_SubjectKeyIdentifier(&si); + } + if (ret) + return 0; + } + if ((q->match & HX509_QUERY_MATCH_ISSUER_ID)) + return 0; + if ((q->match & HX509_QUERY_PRIVATE_KEY) && + _hx509_cert_private_key(cert) == NULL) + return 0; + + { + unsigned ku = 0; + if (q->match & HX509_QUERY_KU_DIGITALSIGNATURE) + ku |= (1 << 0); + if (q->match & HX509_QUERY_KU_NONREPUDIATION) + ku |= (1 << 1); + if (q->match & HX509_QUERY_KU_ENCIPHERMENT) + ku |= (1 << 2); + if (q->match & HX509_QUERY_KU_DATAENCIPHERMENT) + ku |= (1 << 3); + if (q->match & HX509_QUERY_KU_KEYAGREEMENT) + ku |= (1 << 4); + if (q->match & HX509_QUERY_KU_KEYCERTSIGN) + ku |= (1 << 5); + if (q->match & HX509_QUERY_KU_CRLSIGN) + ku |= (1 << 6); + if (ku && check_key_usage(context, c, ku, TRUE)) + return 0; + } + if ((q->match & HX509_QUERY_ANCHOR)) + return 0; + + if (q->match & HX509_QUERY_MATCH_LOCAL_KEY_ID) { + hx509_cert_attribute a; + + a = hx509_cert_get_attribute(cert, oid_id_pkcs_9_at_localKeyId()); + if (a == NULL) + return 0; + if (der_heim_octet_string_cmp(&a->data, q->local_key_id) != 0) + return 0; + } + + if (q->match & HX509_QUERY_NO_MATCH_PATH) { + size_t i; + + for (i = 0; i < q->path->len; i++) + if (hx509_cert_cmp(q->path->val[i], cert) == 0) + return 0; + } + if (q->match & HX509_QUERY_MATCH_FRIENDLY_NAME) { + const char *name = hx509_cert_get_friendly_name(cert); + if (name == NULL) + return 0; + if (strcasecmp(q->friendlyname, name) != 0) + return 0; + } + if (q->match & HX509_QUERY_MATCH_FUNCTION) { + int ret = (*q->cmp_func)(q->cmp_func_ctx, cert); + if (ret != 0) + return 0; + } + + if (q->match & HX509_QUERY_MATCH_KEY_HASH_SHA1) { + heim_octet_string os; + int ret; + + os.data = c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data; + os.length = + c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8; + + ret = _hx509_verify_signature(context, + NULL, + hx509_signature_sha1(), + &os, + q->keyhash_sha1); + if (ret != 0) + return 0; + } + + if (q->match & HX509_QUERY_MATCH_TIME) { + time_t t; + t = _hx509_Time2time_t(&c->tbsCertificate.validity.notBefore); + if (t > q->timenow) + return 0; + t = _hx509_Time2time_t(&c->tbsCertificate.validity.notAfter); + if (t < q->timenow) + return 0; + } + + if (q->match & ~HX509_QUERY_MASK) + return 0; + + return 1; +} + +int +hx509_cert_check_eku(hx509_context context, hx509_cert cert, + const heim_oid *eku, int allow_any_eku) +{ + ExtKeyUsage e; + int ret, i; + + ret = find_extension_eku(_hx509_get_cert(cert), &e); + if (ret) { + hx509_clear_error_string(context); + return ret; + } + + for (i = 0; i < e.len; i++) { + if (der_heim_oid_cmp(eku, &e.val[i]) == 0) { + free_ExtKeyUsage(&e); + return 0; + } + if (allow_any_eku) { +#if 0 + if (der_heim_oid_cmp(id_any_eku, &e.val[i]) == 0) { + free_ExtKeyUsage(&e); + return 0; + } +#endif + } + } + free_ExtKeyUsage(&e); + hx509_clear_error_string(context); + return HX509_CERTIFICATE_MISSING_EKU; +} + +int +_hx509_cert_get_keyusage(hx509_context context, + hx509_cert c, + KeyUsage *ku) +{ + Certificate *cert; + const Extension *e; + size_t size; + int ret, i = 0; + + memset(ku, 0, sizeof(*ku)); + + cert = _hx509_get_cert(c); + + if (_hx509_cert_get_version(cert) < 3) + return 0; + + e = find_extension(cert, oid_id_x509_ce_keyUsage(), &i); + if (e == NULL) + return HX509_KU_CERT_MISSING; + + ret = decode_KeyUsage(e->extnValue.data, e->extnValue.length, ku, &size); + if (ret) + return ret; + return 0; +} diff --git a/source4/heimdal/lib/hx509/cms.c b/source4/heimdal/lib/hx509/cms.c new file mode 100644 index 0000000000..4ed70b8f84 --- /dev/null +++ b/source4/heimdal/lib/hx509/cms.c @@ -0,0 +1,1279 @@ +/* + * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: cms.c,v 1.48 2007/01/08 18:45:03 lha Exp $"); + +#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) +#define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0) + +int +hx509_cms_wrap_ContentInfo(const heim_oid *oid, + const heim_octet_string *buf, + heim_octet_string *res) +{ + ContentInfo ci; + size_t size; + int ret; + + memset(res, 0, sizeof(*res)); + memset(&ci, 0, sizeof(ci)); + + ret = der_copy_oid(oid, &ci.contentType); + if (ret) + return ret; + ALLOC(ci.content, 1); + if (ci.content == NULL) { + free_ContentInfo(&ci); + return ENOMEM; + } + ci.content->data = malloc(buf->length); + if (ci.content->data == NULL) { + free_ContentInfo(&ci); + return ENOMEM; + } + memcpy(ci.content->data, buf->data, buf->length); + ci.content->length = buf->length; + + ASN1_MALLOC_ENCODE(ContentInfo, res->data, res->length, &ci, &size, ret); + free_ContentInfo(&ci); + if (ret) + return ret; + if (res->length != size) + _hx509_abort("internal ASN.1 encoder error"); + + return 0; +} + +int +hx509_cms_unwrap_ContentInfo(const heim_octet_string *in, + heim_oid *oid, + heim_octet_string *out, + int *have_data) +{ + ContentInfo ci; + size_t size; + int ret; + + memset(oid, 0, sizeof(*oid)); + memset(out, 0, sizeof(*out)); + + ret = decode_ContentInfo(in->data, in->length, &ci, &size); + if (ret) + return ret; + + ret = der_copy_oid(&ci.contentType, oid); + if (ret) { + free_ContentInfo(&ci); + return ret; + } + if (ci.content) { + ret = der_copy_octet_string(ci.content, out); + if (ret) { + der_free_oid(oid); + free_ContentInfo(&ci); + return ret; + } + } else + memset(out, 0, sizeof(*out)); + + if (have_data) + *have_data = (ci.content != NULL) ? 1 : 0; + + free_ContentInfo(&ci); + + return 0; +} + +static int +fill_CMSIdentifier(const hx509_cert cert, CMSIdentifier *id) +{ + hx509_name name; + int ret; + + id->element = choice_CMSIdentifier_issuerAndSerialNumber; + ret = hx509_cert_get_issuer(cert, &name); + if (ret) + return ret; + ret = copy_Name(&name->der_name, + &id->u.issuerAndSerialNumber.issuer); + hx509_name_free(&name); + if (ret) + return ret; + + ret = hx509_cert_get_serialnumber(cert, + &id->u.issuerAndSerialNumber.serialNumber); + return ret; +} + +static int +unparse_CMSIdentifier(hx509_context context, + CMSIdentifier *id, + char **str) +{ + int ret; + + *str = NULL; + switch (id->element) { + case choice_CMSIdentifier_issuerAndSerialNumber: { + IssuerAndSerialNumber *iasn; + char *serial, *name; + + iasn = &id->u.issuerAndSerialNumber; + + ret = _hx509_Name_to_string(&iasn->issuer, &name); + if(ret) + return ret; + ret = der_print_hex_heim_integer(&iasn->serialNumber, &serial); + if (ret) { + free(name); + return ret; + } + asprintf(str, "certificate issued by %s with serial number %s", + name, serial); + free(name); + free(serial); + break; + } + case choice_CMSIdentifier_subjectKeyIdentifier: { + KeyIdentifier *ki = &id->u.subjectKeyIdentifier; + char *keyid; + ssize_t len; + + len = hex_encode(ki->data, ki->length, &keyid); + if (len < 0) + return ENOMEM; + + asprintf(str, "certificate with id %s", keyid); + free(keyid); + break; + } + default: + asprintf(str, "certificate have unknown CMSidentifier type"); + break; + } + if (*str == NULL) + return ENOMEM; + return 0; +} + +static int +find_CMSIdentifier(hx509_context context, + CMSIdentifier *client, + hx509_certs certs, + hx509_cert *signer_cert, + int match) +{ + hx509_query q; + hx509_cert cert; + Certificate c; + int ret; + + memset(&c, 0, sizeof(c)); + _hx509_query_clear(&q); + + *signer_cert = NULL; + + switch (client->element) { + case choice_CMSIdentifier_issuerAndSerialNumber: + q.serial = &client->u.issuerAndSerialNumber.serialNumber; + q.issuer_name = &client->u.issuerAndSerialNumber.issuer; + q.match = HX509_QUERY_MATCH_SERIALNUMBER|HX509_QUERY_MATCH_ISSUER_NAME; + break; + case choice_CMSIdentifier_subjectKeyIdentifier: + q.subject_id = &client->u.subjectKeyIdentifier; + q.match = HX509_QUERY_MATCH_SUBJECT_KEY_ID; + break; + default: + hx509_set_error_string(context, 0, HX509_CMS_NO_RECIPIENT_CERTIFICATE, + "unknown CMS identifier element"); + return HX509_CMS_NO_RECIPIENT_CERTIFICATE; + } + + q.match |= match; + + q.match |= HX509_QUERY_MATCH_TIME; + q.timenow = time(NULL); + + ret = hx509_certs_find(context, certs, &q, &cert); + if (ret == HX509_CERT_NOT_FOUND) { + char *str; + + ret = unparse_CMSIdentifier(context, client, &str); + if (ret == 0) { + hx509_set_error_string(context, 0, + HX509_CMS_NO_RECIPIENT_CERTIFICATE, + "Failed to find %s", str); + } else + hx509_clear_error_string(context); + return HX509_CMS_NO_RECIPIENT_CERTIFICATE; + } else if (ret) { + hx509_set_error_string(context, HX509_ERROR_APPEND, + HX509_CMS_NO_RECIPIENT_CERTIFICATE, + "Failed to find CMS id in cert store"); + return HX509_CMS_NO_RECIPIENT_CERTIFICATE; + } + + *signer_cert = cert; + + return 0; +} + +int +hx509_cms_unenvelope(hx509_context context, + hx509_certs certs, + int flags, + const void *data, + size_t length, + const heim_octet_string *encryptedContent, + heim_oid *contentType, + heim_octet_string *content) +{ + heim_octet_string key; + EnvelopedData ed; + hx509_cert cert; + AlgorithmIdentifier *ai; + const heim_octet_string *enccontent; + heim_octet_string *params, params_data; + heim_octet_string ivec; + size_t size; + int ret, i, matched = 0, findflags = 0; + + + memset(&key, 0, sizeof(key)); + memset(&ed, 0, sizeof(ed)); + memset(&ivec, 0, sizeof(ivec)); + memset(content, 0, sizeof(*content)); + memset(contentType, 0, sizeof(*contentType)); + + if ((flags & HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT) == 0) + findflags |= HX509_QUERY_KU_ENCIPHERMENT; + + ret = decode_EnvelopedData(data, length, &ed, &size); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to decode EnvelopedData"); + return ret; + } + + if (ed.recipientInfos.len == 0) { + ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE; + hx509_set_error_string(context, 0, ret, + "No recipient info in enveloped data"); + goto out; + } + + enccontent = ed.encryptedContentInfo.encryptedContent; + if (enccontent == NULL) { + if (encryptedContent == NULL) { + ret = HX509_CMS_NO_DATA_AVAILABLE; + hx509_set_error_string(context, 0, ret, + "Content missing from encrypted data"); + goto out; + } + enccontent = encryptedContent; + } + + cert = NULL; + for (i = 0; i < ed.recipientInfos.len; i++) { + KeyTransRecipientInfo *ri; + char *str; + int ret2; + + ri = &ed.recipientInfos.val[i]; + + /* ret = search_keyset(ri, + * PRIVATE_KEY, + * ki->keyEncryptionAlgorithm.algorithm); + */ + + ret = find_CMSIdentifier(context, &ri->rid, certs, &cert, + HX509_QUERY_PRIVATE_KEY|findflags); + if (ret) + continue; + + matched = 1; /* found a matching certificate, let decrypt */ + + ret = _hx509_cert_private_decrypt(context, + &ri->encryptedKey, + &ri->keyEncryptionAlgorithm.algorithm, + cert, &key); + + hx509_cert_free(cert); + if (ret == 0) + break; /* succuessfully decrypted cert */ + cert = NULL; + ret2 = unparse_CMSIdentifier(context, &ri->rid, &str); + if (ret2 == 0) { + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + "Failed to decrypt with %s", str); + free(str); + } + } + + if (!matched) { + ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE; + hx509_set_error_string(context, 0, ret, + "No private key matched any certificate"); + goto out; + } + + if (cert == NULL) { + ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE; + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + "No private key decrypted the transfer key"); + goto out; + } + + ret = der_copy_oid(&ed.encryptedContentInfo.contentType, contentType); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to copy EnvelopedData content oid"); + goto out; + } + + ai = &ed.encryptedContentInfo.contentEncryptionAlgorithm; + if (ai->parameters) { + params_data.data = ai->parameters->data; + params_data.length = ai->parameters->length; + params = ¶ms_data; + } else + params = NULL; + + { + hx509_crypto crypto; + + ret = hx509_crypto_init(context, NULL, &ai->algorithm, &crypto); + if (ret) + goto out; + + if (params) { + ret = hx509_crypto_set_params(context, crypto, params, &ivec); + if (ret) { + hx509_crypto_destroy(crypto); + goto out; + } + } + + ret = hx509_crypto_set_key_data(crypto, key.data, key.length); + if (ret) { + hx509_crypto_destroy(crypto); + hx509_set_error_string(context, 0, ret, + "Failed to set key for decryption " + "of EnvelopedData"); + goto out; + } + + ret = hx509_crypto_decrypt(crypto, + enccontent->data, + enccontent->length, + ivec.length ? &ivec : NULL, + content); + hx509_crypto_destroy(crypto); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to decrypt EnvelopedData"); + goto out; + } + } + +out: + + free_EnvelopedData(&ed); + der_free_octet_string(&key); + if (ivec.length) + der_free_octet_string(&ivec); + if (ret) { + der_free_oid(contentType); + der_free_octet_string(content); + } + + return ret; +} + +int +hx509_cms_envelope_1(hx509_context context, + hx509_cert cert, + const void *data, + size_t length, + const heim_oid *encryption_type, + const heim_oid *contentType, + heim_octet_string *content) +{ + KeyTransRecipientInfo *ri; + heim_octet_string ivec; + heim_octet_string key; + hx509_crypto crypto = NULL; + EnvelopedData ed; + size_t size; + int ret; + + memset(&ivec, 0, sizeof(ivec)); + memset(&key, 0, sizeof(key)); + memset(&ed, 0, sizeof(ed)); + memset(content, 0, sizeof(*content)); + + if (encryption_type == NULL) + encryption_type = oid_id_aes_256_cbc(); + + ret = _hx509_check_key_usage(context, cert, 1 << 2, TRUE); + if (ret) + goto out; + + ret = hx509_crypto_init(context, NULL, encryption_type, &crypto); + if (ret) + goto out; + + ret = hx509_crypto_set_random_key(crypto, &key); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Create random key for EnvelopedData content"); + goto out; + } + + ret = hx509_crypto_encrypt(crypto, + data, + length, + &ivec, + &ed.encryptedContentInfo.encryptedContent); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to encrypt EnvelopedData content"); + goto out; + } + + { + AlgorithmIdentifier *enc_alg; + enc_alg = &ed.encryptedContentInfo.contentEncryptionAlgorithm; + ret = der_copy_oid(encryption_type, &enc_alg->algorithm); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to set crypto oid " + "for EnvelopedData"); + goto out; + } + ALLOC(enc_alg->parameters, 1); + if (enc_alg->parameters == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, + "Failed to allocate crypto paramaters " + "for EnvelopedData"); + goto out; + } + + ret = hx509_crypto_get_params(context, + crypto, + &ivec, + enc_alg->parameters); + if (ret) { + goto out; + } + } + + ALLOC_SEQ(&ed.recipientInfos, 1); + if (ed.recipientInfos.val == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, + "Failed to allocate recipients info " + "for EnvelopedData"); + goto out; + } + + ri = &ed.recipientInfos.val[0]; + + ri->version = 0; + ret = fill_CMSIdentifier(cert, &ri->rid); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to set CMS identifier info " + "for EnvelopedData"); + goto out; + } + + ret = _hx509_cert_public_encrypt(context, + &key, cert, + &ri->keyEncryptionAlgorithm.algorithm, + &ri->encryptedKey); + if (ret) { + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + "Failed to encrypt transport key for " + "EnvelopedData"); + goto out; + } + + /* + * + */ + + ed.version = 0; + ed.originatorInfo = NULL; + + ret = der_copy_oid(contentType, &ed.encryptedContentInfo.contentType); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to copy content oid for " + "EnvelopedData"); + goto out; + } + + ed.unprotectedAttrs = NULL; + + ASN1_MALLOC_ENCODE(EnvelopedData, content->data, content->length, + &ed, &size, ret); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to encode EnvelopedData"); + goto out; + } + if (size != content->length) + _hx509_abort("internal ASN.1 encoder error"); + +out: + if (crypto) + hx509_crypto_destroy(crypto); + if (ret) + der_free_octet_string(content); + der_free_octet_string(&key); + der_free_octet_string(&ivec); + free_EnvelopedData(&ed); + + return ret; +} + +static int +any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs) +{ + int ret, i; + + if (sd->certificates == NULL) + return 0; + + for (i = 0; i < sd->certificates->len; i++) { + Certificate cert; + hx509_cert c; + + const void *p = sd->certificates->val[i].data; + size_t size, length = sd->certificates->val[i].length; + + ret = decode_Certificate(p, length, &cert, &size); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to decode certificate %d " + "in SignedData.certificates", i); + return ret; + } + + ret = hx509_cert_init(context, &cert, &c); + free_Certificate(&cert); + if (ret) + return ret; + ret = hx509_certs_add(context, certs, c); + hx509_cert_free(c); + if (ret) + return ret; + } + + return 0; +} + +static const Attribute * +find_attribute(const CMSAttributes *attr, const heim_oid *oid) +{ + int i; + for (i = 0; i < attr->len; i++) + if (der_heim_oid_cmp(&attr->val[i].type, oid) == 0) + return &attr->val[i]; + return NULL; +} + +int +hx509_cms_verify_signed(hx509_context context, + hx509_verify_ctx ctx, + const void *data, + size_t length, + hx509_certs store, + heim_oid *contentType, + heim_octet_string *content, + hx509_certs *signer_certs) +{ + SignerInfo *signer_info; + hx509_cert cert = NULL; + hx509_certs certs = NULL; + SignedData sd; + size_t size; + int ret, i, found_valid_sig; + + *signer_certs = NULL; + content->data = NULL; + content->length = 0; + contentType->length = 0; + contentType->components = NULL; + + memset(&sd, 0, sizeof(sd)); + + ret = decode_SignedData(data, length, &sd, &size); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to decode SignedData"); + goto out; + } + + if (sd.encapContentInfo.eContent == NULL) { + ret = HX509_CMS_NO_DATA_AVAILABLE; + hx509_set_error_string(context, 0, ret, + "No content data in SignedData"); + goto out; + } + + ret = hx509_certs_init(context, "MEMORY:cms-cert-buffer", + 0, NULL, &certs); + if (ret) + goto out; + + ret = hx509_certs_init(context, "MEMORY:cms-signer-certs", + 0, NULL, signer_certs); + if (ret) + goto out; + + /* XXX Check CMS version */ + + ret = any_to_certs(context, &sd, certs); + if (ret) + goto out; + + if (store) { + ret = hx509_certs_merge(context, certs, store); + if (ret) + goto out; + } + + for (found_valid_sig = 0, i = 0; i < sd.signerInfos.len; i++) { + heim_octet_string *signed_data; + const heim_oid *match_oid; + heim_oid decode_oid; + + signer_info = &sd.signerInfos.val[i]; + match_oid = NULL; + + if (signer_info->signature.length == 0) { + ret = HX509_CMS_MISSING_SIGNER_DATA; + hx509_set_error_string(context, 0, ret, + "SignerInfo %d in SignedData " + "missing sigature", i); + continue; + } + + ret = find_CMSIdentifier(context, &signer_info->sid, certs, &cert, + HX509_QUERY_KU_DIGITALSIGNATURE); + if (ret) + continue; + + if (signer_info->signedAttrs) { + const Attribute *attr; + + CMSAttributes sa; + heim_octet_string os; + + sa.val = signer_info->signedAttrs->val; + sa.len = signer_info->signedAttrs->len; + + /* verify that sigature exists */ + attr = find_attribute(&sa, oid_id_pkcs9_messageDigest()); + if (attr == NULL) { + ret = HX509_CRYPTO_SIGNATURE_MISSING; + hx509_set_error_string(context, 0, ret, + "SignerInfo have signed attributes " + "but messageDigest (signature) " + "is missing"); + goto next_sigature; + } + if (attr->value.len != 1) { + ret = HX509_CRYPTO_SIGNATURE_MISSING; + hx509_set_error_string(context, 0, ret, + "SignerInfo have more then one " + "messageDigest (signature)"); + goto next_sigature; + } + + ret = decode_MessageDigest(attr->value.val[0].data, + attr->value.val[0].length, + &os, + &size); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to decode " + "messageDigest (signature)"); + goto next_sigature; + } + + ret = _hx509_verify_signature(context, + NULL, + &signer_info->digestAlgorithm, + sd.encapContentInfo.eContent, + &os); + der_free_octet_string(&os); + if (ret) { + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + "Failed to verify messageDigest"); + goto next_sigature; + } + + /* + * Fetch content oid inside signedAttrs or set it to + * id-pkcs7-data. + */ + attr = find_attribute(&sa, oid_id_pkcs9_contentType()); + if (attr == NULL) { + match_oid = oid_id_pkcs7_data(); + } else { + if (attr->value.len != 1) { + ret = HX509_CMS_DATA_OID_MISMATCH; + hx509_set_error_string(context, 0, ret, + "More then one oid in signedAttrs"); + goto next_sigature; + + } + ret = decode_ContentType(attr->value.val[0].data, + attr->value.val[0].length, + &decode_oid, + &size); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to decode " + "oid in signedAttrs"); + goto next_sigature; + } + match_oid = &decode_oid; + } + + ALLOC(signed_data, 1); + if (signed_data == NULL) { + if (match_oid == &decode_oid) + der_free_oid(&decode_oid); + ret = ENOMEM; + hx509_clear_error_string(context); + goto next_sigature; + } + + ASN1_MALLOC_ENCODE(CMSAttributes, + signed_data->data, + signed_data->length, + &sa, + &size, ret); + if (ret) { + if (match_oid == &decode_oid) + der_free_oid(&decode_oid); + free(signed_data); + hx509_clear_error_string(context); + goto next_sigature; + } + if (size != signed_data->length) + _hx509_abort("internal ASN.1 encoder error"); + + } else { + signed_data = sd.encapContentInfo.eContent; + match_oid = oid_id_pkcs7_data(); + } + + if (der_heim_oid_cmp(match_oid, &sd.encapContentInfo.eContentType)) { + ret = HX509_CMS_DATA_OID_MISMATCH; + hx509_set_error_string(context, 0, ret, + "Oid in message mismatch from the expected"); + } + if (match_oid == &decode_oid) + der_free_oid(&decode_oid); + + if (ret == 0) { + ret = hx509_verify_signature(context, + cert, + &signer_info->signatureAlgorithm, + signed_data, + &signer_info->signature); + if (ret) + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + "Failed to verify sigature in " + "CMS SignedData"); + } + if (signed_data != sd.encapContentInfo.eContent) { + der_free_octet_string(signed_data); + free(signed_data); + } + if (ret) + goto next_sigature; + + ret = hx509_verify_path(context, ctx, cert, certs); + if (ret) + goto next_sigature; + + ret = hx509_certs_add(context, *signer_certs, cert); + if (ret) + goto next_sigature; + + found_valid_sig++; + + next_sigature: + if (cert) + hx509_cert_free(cert); + cert = NULL; + } + if (found_valid_sig == 0) { + if (ret == 0) { + ret = HX509_CMS_SIGNER_NOT_FOUND; + hx509_set_error_string(context, 0, ret, + "No signers where found"); + } + goto out; + } + + ret = der_copy_oid(&sd.encapContentInfo.eContentType, contentType); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + + content->data = malloc(sd.encapContentInfo.eContent->length); + if (content->data == NULL) { + hx509_clear_error_string(context); + ret = ENOMEM; + goto out; + } + content->length = sd.encapContentInfo.eContent->length; + memcpy(content->data,sd.encapContentInfo.eContent->data,content->length); + +out: + free_SignedData(&sd); + if (certs) + hx509_certs_free(&certs); + if (ret) { + if (*signer_certs) + hx509_certs_free(signer_certs); + der_free_oid(contentType); + der_free_octet_string(content); + } + + return ret; +} + +int +_hx509_set_digest_alg(DigestAlgorithmIdentifier *id, + const heim_oid *oid, + void *param, size_t length) +{ + int ret; + if (param) { + id->parameters = malloc(sizeof(*id->parameters)); + if (id->parameters == NULL) + return ENOMEM; + id->parameters->data = malloc(length); + if (id->parameters->data == NULL) { + free(id->parameters); + id->parameters = NULL; + return ENOMEM; + } + memcpy(id->parameters->data, param, length); + id->parameters->length = length; + } else + id->parameters = NULL; + ret = der_copy_oid(oid, &id->algorithm); + if (ret) { + if (id->parameters) { + free(id->parameters->data); + free(id->parameters); + id->parameters = NULL; + } + return ret; + } + return 0; +} + +static int +add_one_attribute(Attribute **attr, + unsigned int *len, + const heim_oid *oid, + heim_octet_string *data) +{ + void *d; + int ret; + + d = realloc(*attr, sizeof((*attr)[0]) * (*len + 1)); + if (d == NULL) + return ENOMEM; + (*attr) = d; + + ret = der_copy_oid(oid, &(*attr)[*len].type); + if (ret) + return ret; + + ALLOC_SEQ(&(*attr)[*len].value, 1); + if ((*attr)[*len].value.val == NULL) { + der_free_oid(&(*attr)[*len].type); + return ENOMEM; + } + + (*attr)[*len].value.val[0].data = data->data; + (*attr)[*len].value.val[0].length = data->length; + + *len += 1; + + return 0; +} + +int +hx509_cms_create_signed_1(hx509_context context, + const heim_oid *eContentType, + const void *data, size_t length, + const AlgorithmIdentifier *digest_alg, + hx509_cert cert, + hx509_peer_info peer, + hx509_certs anchors, + hx509_certs pool, + heim_octet_string *signed_data) +{ + AlgorithmIdentifier digest; + hx509_name name; + SignerInfo *signer_info; + heim_octet_string buf; + SignedData sd; + int ret; + size_t size; + hx509_path path; + + memset(&sd, 0, sizeof(sd)); + memset(&name, 0, sizeof(name)); + memset(&path, 0, sizeof(path)); + memset(&digest, 0, sizeof(digest)); + + if (_hx509_cert_private_key(cert) == NULL) { + hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING, + "Private key missing for signing"); + return HX509_PRIVATE_KEY_MISSING; + } + + if (digest_alg == NULL) { + ret = hx509_crypto_select(context, HX509_SELECT_DIGEST, + _hx509_cert_private_key(cert), peer, &digest); + } else { + ret = copy_AlgorithmIdentifier(digest_alg, &digest); + if (ret) + hx509_clear_error_string(context); + } + if (ret) + goto out; + + sd.version = CMSVersion_v3; + + der_copy_oid(eContentType, &sd.encapContentInfo.eContentType); + ALLOC(sd.encapContentInfo.eContent, 1); + if (sd.encapContentInfo.eContent == NULL) { + hx509_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + sd.encapContentInfo.eContent->data = malloc(length); + if (sd.encapContentInfo.eContent->data == NULL) { + hx509_clear_error_string(context); + ret = ENOMEM; + goto out; + } + memcpy(sd.encapContentInfo.eContent->data, data, length); + sd.encapContentInfo.eContent->length = length; + + ALLOC_SEQ(&sd.signerInfos, 1); + if (sd.signerInfos.val == NULL) { + hx509_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + signer_info = &sd.signerInfos.val[0]; + + signer_info->version = 1; + + ret = fill_CMSIdentifier(cert, &signer_info->sid); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + + signer_info->signedAttrs = NULL; + signer_info->unsignedAttrs = NULL; + + ALLOC(signer_info->signedAttrs, 1); + if (signer_info->signedAttrs == NULL) { + ret = ENOMEM; + goto out; + } + + { + heim_octet_string data; + + ret = copy_AlgorithmIdentifier(&digest, &signer_info->digestAlgorithm); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + + ret = _hx509_create_signature(context, + NULL, + &digest, + sd.encapContentInfo.eContent, + NULL, + &data); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + + ASN1_MALLOC_ENCODE(MessageDigest, + buf.data, + buf.length, + &data, + &size, + ret); + der_free_octet_string(&data); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + if (size != buf.length) + _hx509_abort("internal ASN.1 encoder error"); + + ret = add_one_attribute(&signer_info->signedAttrs->val, + &signer_info->signedAttrs->len, + oid_id_pkcs9_messageDigest(), + &buf); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + + } + + if (der_heim_oid_cmp(eContentType, oid_id_pkcs7_data()) != 0) { + + ASN1_MALLOC_ENCODE(ContentType, + buf.data, + buf.length, + eContentType, + &size, + ret); + if (ret) + goto out; + if (size != buf.length) + _hx509_abort("internal ASN.1 encoder error"); + + ret = add_one_attribute(&signer_info->signedAttrs->val, + &signer_info->signedAttrs->len, + oid_id_pkcs9_contentType(), + &buf); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + } + + + { + CMSAttributes sa; + heim_octet_string os; + + sa.val = signer_info->signedAttrs->val; + sa.len = signer_info->signedAttrs->len; + + ASN1_MALLOC_ENCODE(CMSAttributes, + os.data, + os.length, + &sa, + &size, + ret); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + if (size != os.length) + _hx509_abort("internal ASN.1 encoder error"); + + ret = _hx509_create_signature(context, + _hx509_cert_private_key(cert), + hx509_signature_rsa_with_sha1(), + &os, + &signer_info->signatureAlgorithm, + &signer_info->signature); + + der_free_octet_string(&os); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + } + + ALLOC_SEQ(&sd.digestAlgorithms, 1); + if (sd.digestAlgorithms.val == NULL) { + ret = ENOMEM; + hx509_clear_error_string(context); + goto out; + } + + ret = copy_AlgorithmIdentifier(&digest, &sd.digestAlgorithms.val[0]); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + + /* + * Provide best effort path + */ + if (pool) { + _hx509_calculate_path(context, + HX509_CALCULATE_PATH_NO_ANCHOR, + time(NULL), + anchors, + 0, + cert, + pool, + &path); + } else + _hx509_path_append(context, &path, cert); + + + if (path.len) { + int i; + + ALLOC(sd.certificates, 1); + if (sd.certificates == NULL) { + hx509_clear_error_string(context); + ret = ENOMEM; + goto out; + } + ALLOC_SEQ(sd.certificates, path.len); + if (sd.certificates->val == NULL) { + hx509_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + for (i = 0; i < path.len; i++) { + ASN1_MALLOC_ENCODE(Certificate, + sd.certificates->val[i].data, + sd.certificates->val[i].length, + _hx509_get_cert(path.val[i]), + &size, ret); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + if (sd.certificates->val[i].length != size) + _hx509_abort("internal ASN.1 encoder error"); + } + } + + ASN1_MALLOC_ENCODE(SignedData, + signed_data->data, signed_data->length, + &sd, &size, ret); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + if (signed_data->length != size) + _hx509_abort("internal ASN.1 encoder error"); + +out: + free_AlgorithmIdentifier(&digest); + _hx509_path_free(&path); + free_SignedData(&sd); + + return ret; +} + +int +hx509_cms_decrypt_encrypted(hx509_context context, + hx509_lock lock, + const void *data, + size_t length, + heim_oid *contentType, + heim_octet_string *content) +{ + heim_octet_string cont; + CMSEncryptedData ed; + AlgorithmIdentifier *ai; + int ret; + + memset(content, 0, sizeof(*content)); + memset(&cont, 0, sizeof(cont)); + + ret = decode_CMSEncryptedData(data, length, &ed, NULL); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to decode CMSEncryptedData"); + return ret; + } + + if (ed.encryptedContentInfo.encryptedContent == NULL) { + ret = HX509_CMS_NO_DATA_AVAILABLE; + hx509_set_error_string(context, 0, ret, + "No content in EncryptedData"); + goto out; + } + + ret = der_copy_oid(&ed.encryptedContentInfo.contentType, contentType); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + + ai = &ed.encryptedContentInfo.contentEncryptionAlgorithm; + if (ai->parameters == NULL) { + ret = HX509_ALG_NOT_SUPP; + hx509_clear_error_string(context); + goto out; + } + + ret = _hx509_pbe_decrypt(context, + lock, + ai, + ed.encryptedContentInfo.encryptedContent, + &cont); + if (ret) + goto out; + + *content = cont; + +out: + if (ret) { + if (cont.data) + free(cont.data); + } + free_CMSEncryptedData(&ed); + return ret; +} diff --git a/source4/heimdal/lib/hx509/collector.c b/source4/heimdal/lib/hx509/collector.c new file mode 100644 index 0000000000..ec172f46f4 --- /dev/null +++ b/source4/heimdal/lib/hx509/collector.c @@ -0,0 +1,324 @@ +/* + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: collector.c,v 1.16 2007/01/09 10:52:04 lha Exp $"); + +struct private_key { + AlgorithmIdentifier alg; + hx509_private_key private_key; + heim_octet_string localKeyId; +}; + +struct hx509_collector { + hx509_lock lock; + hx509_certs unenvelop_certs; + hx509_certs certs; + struct { + struct private_key **data; + size_t len; + } val; +}; + + +struct hx509_collector * +_hx509_collector_alloc(hx509_context context, hx509_lock lock) +{ + struct hx509_collector *c; + int ret; + + c = calloc(1, sizeof(*c)); + if (c == NULL) + return NULL; + c->lock = lock; + + ret = hx509_certs_init(context, "MEMORY:collector-unenvelop-cert", + 0,NULL, &c->unenvelop_certs); + if (ret) { + free(c); + return NULL; + } + c->val.data = NULL; + c->val.len = 0; + ret = hx509_certs_init(context, "MEMORY:collector-tmp-store", + 0, NULL, &c->certs); + if (ret) { + hx509_certs_free(&c->unenvelop_certs); + free(c); + return NULL; + } + + return c; +} + +hx509_lock +_hx509_collector_get_lock(struct hx509_collector *c) +{ + return c->lock; +} + + +int +_hx509_collector_certs_add(hx509_context context, + struct hx509_collector *c, + hx509_cert cert) +{ + return hx509_certs_add(context, c->certs, cert); +} + +static void +free_private_key(struct private_key *key) +{ + free_AlgorithmIdentifier(&key->alg); + if (key->private_key) + _hx509_private_key_free(&key->private_key); + der_free_octet_string(&key->localKeyId); + free(key); +} + +int +_hx509_collector_private_key_add(hx509_context context, + struct hx509_collector *c, + const AlgorithmIdentifier *alg, + hx509_private_key private_key, + const heim_octet_string *key_data, + const heim_octet_string *localKeyId) +{ + struct private_key *key; + void *d; + int ret; + + key = calloc(1, sizeof(*key)); + if (key == NULL) + return ENOMEM; + + d = realloc(c->val.data, (c->val.len + 1) * sizeof(c->val.data[0])); + if (d == NULL) { + free(key); + hx509_set_error_string(context, 0, ENOMEM, "Out of memory"); + return ENOMEM; + } + c->val.data = d; + + ret = copy_AlgorithmIdentifier(alg, &key->alg); + if (ret) { + hx509_set_error_string(context, 0, ret, "Failed to copy " + "AlgorithmIdentifier"); + goto out; + } + if (private_key) { + key->private_key = private_key; + } else { + ret = _hx509_parse_private_key(context, &alg->algorithm, + key_data->data, key_data->length, + &key->private_key); + if (ret) + goto out; + } + if (localKeyId) { + ret = der_copy_octet_string(localKeyId, &key->localKeyId); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to copy localKeyId"); + goto out; + } + } else + memset(&key->localKeyId, 0, sizeof(key->localKeyId)); + + c->val.data[c->val.len] = key; + c->val.len++; + +out: + if (ret) + free_private_key(key); + + return ret; +} + +static int +match_localkeyid(hx509_context context, + struct private_key *value, + hx509_certs certs) +{ + hx509_cert cert; + hx509_query q; + int ret; + + if (value->localKeyId.length == 0) { + hx509_set_error_string(context, 0, HX509_LOCAL_ATTRIBUTE_MISSING, + "No local key attribute on private key"); + return HX509_LOCAL_ATTRIBUTE_MISSING; + } + + _hx509_query_clear(&q); + q.match |= HX509_QUERY_MATCH_LOCAL_KEY_ID; + + q.local_key_id = &value->localKeyId; + + ret = hx509_certs_find(context, certs, &q, &cert); + if (ret == 0) { + + if (value->private_key) + _hx509_cert_assign_key(cert, value->private_key); + hx509_cert_free(cert); + } + return ret; +} + +static int +match_keys(hx509_context context, struct private_key *value, hx509_certs certs) +{ + hx509_cursor cursor; + hx509_cert c; + int ret, found = HX509_CERT_NOT_FOUND; + + if (value->private_key == NULL) { + hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING, + "No private key to compare with"); + return HX509_PRIVATE_KEY_MISSING; + } + + ret = hx509_certs_start_seq(context, certs, &cursor); + if (ret) + return ret; + + c = NULL; + while (1) { + ret = hx509_certs_next_cert(context, certs, cursor, &c); + if (ret) + break; + if (c == NULL) + break; + if (_hx509_cert_private_key(c)) { + hx509_cert_free(c); + continue; + } + + ret = _hx509_match_keys(c, value->private_key); + if (ret) { + _hx509_cert_assign_key(c, value->private_key); + hx509_cert_free(c); + found = 0; + break; + } + hx509_cert_free(c); + } + + hx509_certs_end_seq(context, certs, cursor); + + if (found) + hx509_clear_error_string(context); + + return found; +} + +int +_hx509_collector_collect_certs(hx509_context context, + struct hx509_collector *c, + hx509_certs *ret_certs) +{ + hx509_certs certs; + int ret, i; + + *ret_certs = NULL; + + ret = hx509_certs_init(context, "MEMORY:collector-store", 0, NULL, &certs); + if (ret) + return ret; + + ret = hx509_certs_merge(context, certs, c->certs); + if (ret) { + hx509_certs_free(&certs); + return ret; + } + + for (i = 0; i < c->val.len; i++) { + ret = match_localkeyid(context, c->val.data[i], certs); + if (ret == 0) + continue; + ret = match_keys(context, c->val.data[i], certs); + if (ret == 0) + continue; + } + + *ret_certs = certs; + + return 0; +} + +int +_hx509_collector_collect_private_keys(hx509_context context, + struct hx509_collector *c, + hx509_private_key **keys) +{ + int i, nkeys; + + *keys = NULL; + + for (i = 0, nkeys = 0; i < c->val.len; i++) + if (c->val.data[i]->private_key) + nkeys++; + + *keys = calloc(nkeys + 1, sizeof(**keys)); + if (*keys == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "malloc - out of memory"); + return ENOMEM; + } + + for (i = 0, nkeys = 0; i < c->val.len; i++) { + if (c->val.data[i]->private_key) { + (*keys)[nkeys++] = c->val.data[i]->private_key; + c->val.data[i]->private_key = NULL; + } + } + (*keys)[nkeys++] = NULL; + + return 0; +} + + +void +_hx509_collector_free(struct hx509_collector *c) +{ + int i; + + if (c->unenvelop_certs) + hx509_certs_free(&c->unenvelop_certs); + if (c->certs) + hx509_certs_free(&c->certs); + for (i = 0; i < c->val.len; i++) + free_private_key(c->val.data[i]); + if (c->val.data) + free(c->val.data); + free(c); +} diff --git a/source4/heimdal/lib/hx509/crmf.asn1 b/source4/heimdal/lib/hx509/crmf.asn1 new file mode 100644 index 0000000000..4f02b26872 --- /dev/null +++ b/source4/heimdal/lib/hx509/crmf.asn1 @@ -0,0 +1,113 @@ +-- $Id: crmf.asn1,v 1.1 2006/04/18 13:05:21 lha Exp $ +PKCS10 DEFINITIONS ::= + +BEGIN + +IMPORTS + Time, + GeneralName, + SubjectPublicKeyInfo, + RelativeDistinguishedName, + AttributeTypeAndValue, + Extension, + AlgorithmIdentifier + FROM rfc2459 + heim_any + FROM heim; + +CRMFRDNSequence ::= SEQUENCE OF RelativeDistinguishedName + +Controls ::= SEQUENCE -- SIZE(1..MAX) -- OF AttributeTypeAndValue + +-- XXX IMPLICIT brokenness +POPOSigningKey ::= SEQUENCE { + poposkInput [0] IMPLICIT POPOSigningKeyInput OPTIONAL, + algorithmIdentifier AlgorithmIdentifier, + signature BIT STRING } + +PKMACValue ::= SEQUENCE { + algId AlgorithmIdentifier, + value BIT STRING +} + +-- XXX IMPLICIT brokenness +POPOSigningKeyInput ::= SEQUENCE { + authInfo CHOICE { + sender [0] IMPLICIT GeneralName, + publicKeyMAC PKMACValue + }, + publicKey SubjectPublicKeyInfo +} -- from CertTemplate + + +PBMParameter ::= SEQUENCE { + salt OCTET STRING, + owf AlgorithmIdentifier, + iterationCount INTEGER, + mac AlgorithmIdentifier +} + +SubsequentMessage ::= INTEGER { + encrCert (0), + challengeResp (1) +} + +-- XXX IMPLICIT brokenness +POPOPrivKey ::= CHOICE { + thisMessage [0] BIT STRING, -- Deprecated + subsequentMessage [1] IMPLICIT SubsequentMessage, + dhMAC [2] BIT STRING, -- Deprecated + agreeMAC [3] IMPLICIT PKMACValue, + encryptedKey [4] heim_any +} + +-- XXX IMPLICIT brokenness +ProofOfPossession ::= CHOICE { + raVerified [0] NULL, + signature [1] POPOSigningKey, + keyEncipherment [2] POPOPrivKey, + keyAgreement [3] POPOPrivKey +} + +CertTemplate ::= SEQUENCE { + version [0] INTEGER OPTIONAL, + serialNumber [1] INTEGER OPTIONAL, + signingAlg [2] SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters heim_any OPTIONAL + } -- AlgorithmIdentifier -- OPTIONAL, + issuer [3] IMPLICIT CHOICE { + rdnSequence CRMFRDNSequence + } -- Name -- OPTIONAL, + validity [4] SEQUENCE { + notBefore [0] Time OPTIONAL, + notAfter [1] Time OPTIONAL + } -- OptionalValidity -- OPTIONAL, + subject [5] IMPLICIT CHOICE { + rdnSequence CRMFRDNSequence + } -- Name -- OPTIONAL, + publicKey [6] IMPLICIT SEQUENCE { + algorithm AlgorithmIdentifier, + subjectPublicKey BIT STRING OPTIONAL + } -- SubjectPublicKeyInfo -- OPTIONAL, + issuerUID [7] IMPLICIT BIT STRING OPTIONAL, + subjectUID [8] IMPLICIT BIT STRING OPTIONAL, + extensions [9] IMPLICIT SEQUENCE OF Extension OPTIONAL +} + +CertRequest ::= SEQUENCE { + certReqId INTEGER, + certTemplate CertTemplate, + controls Controls OPTIONAL +} + +CertReqMsg ::= SEQUENCE { + certReq CertRequest, + popo ProofOfPossession OPTIONAL, + regInfo SEQUENCE OF AttributeTypeAndValue OPTIONAL } + +CertReqMessages ::= SEQUENCE OF CertReqMsg + + +END + diff --git a/source4/heimdal/lib/hx509/crypto.c b/source4/heimdal/lib/hx509/crypto.c new file mode 100644 index 0000000000..dac0a8160b --- /dev/null +++ b/source4/heimdal/lib/hx509/crypto.c @@ -0,0 +1,2438 @@ +/* + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: crypto.c,v 1.63 2007/01/09 10:52:05 lha Exp $"); + +struct hx509_crypto; + +struct signature_alg; + +enum crypto_op_type { + COT_SIGN +}; + + +struct hx509_private_key_ops { + const char *pemtype; + const heim_oid *(*key_oid)(void); + int (*get_spki)(hx509_context, + const hx509_private_key, + SubjectPublicKeyInfo *); + int (*export)(hx509_context context, + const hx509_private_key, + heim_octet_string *); + int (*import)(hx509_context, + const void *data, + size_t len, + hx509_private_key private_key); + int (*generate_private_key)(hx509_context context, + hx509_private_key private_key); + int (*handle_alg)(const hx509_private_key, + const AlgorithmIdentifier *, + enum crypto_op_type); + int (*sign)(hx509_context context, + const hx509_private_key, + const AlgorithmIdentifier *, + const heim_octet_string *, + AlgorithmIdentifier *, + heim_octet_string *); +#if 0 + const AlgorithmIdentifier *(*preferred_sig_alg) + (const hx509_private_key, + const hx509_peer_info); + int (*unwrap)(hx509_context context, + const hx509_private_key, + const AlgorithmIdentifier *, + const heim_octet_string *, + heim_octet_string *); +#endif +}; + +struct hx509_private_key { + unsigned int ref; + const struct signature_alg *md; + const heim_oid *signature_alg; + union { + RSA *rsa; + void *keydata; + } private_key; + /* new crypto layer */ + hx509_private_key_ops *ops; +}; + +/* + * + */ + +struct signature_alg { + char *name; + const heim_oid *(*sig_oid)(void); + const AlgorithmIdentifier *(*sig_alg)(void); + const heim_oid *(*key_oid)(void); + const heim_oid *(*digest_oid)(void); + int flags; +#define PROVIDE_CONF 1 +#define REQUIRE_SIGNER 2 + +#define SIG_DIGEST 0x100 +#define SIG_PUBLIC_SIG 0x200 +#define SIG_PUBLIC_ENC 0x400 +#define SIG_SECRET 0x800 + + int (*verify_signature)(hx509_context context, + const struct signature_alg *, + const Certificate *, + const AlgorithmIdentifier *, + const heim_octet_string *, + const heim_octet_string *); + int (*create_signature)(hx509_context, + const struct signature_alg *, + const hx509_private_key, + const AlgorithmIdentifier *, + const heim_octet_string *, + AlgorithmIdentifier *, + heim_octet_string *); + int (*private_key2SPKI)(hx509_context, + hx509_private_key, + SubjectPublicKeyInfo *); +}; + +/* + * + */ + +static BIGNUM * +heim_int2BN(const heim_integer *i) +{ + BIGNUM *bn; + + bn = BN_bin2bn(i->data, i->length, NULL); + BN_set_negative(bn, i->negative); + return bn; +} + +static int +rsa_verify_signature(hx509_context context, + const struct signature_alg *sig_alg, + const Certificate *signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + const heim_octet_string *sig) +{ + const SubjectPublicKeyInfo *spi; + DigestInfo di; + unsigned char *to; + int tosize, retsize; + int ret; + RSA *rsa; + RSAPublicKey pk; + size_t size; + + memset(&di, 0, sizeof(di)); + + spi = &signer->tbsCertificate.subjectPublicKeyInfo; + + rsa = RSA_new(); + if (rsa == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + ret = decode_RSAPublicKey(spi->subjectPublicKey.data, + spi->subjectPublicKey.length / 8, + &pk, &size); + if (ret) { + hx509_set_error_string(context, 0, ret, "Failed to decode RSAPublicKey"); + goto out; + } + + rsa->n = heim_int2BN(&pk.modulus); + rsa->e = heim_int2BN(&pk.publicExponent); + + free_RSAPublicKey(&pk); + + if (rsa->n == NULL || rsa->e == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "out of memory"); + goto out; + } + + tosize = RSA_size(rsa); + to = malloc(tosize); + if (to == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "out of memory"); + goto out; + } + + retsize = RSA_public_decrypt(sig->length, (unsigned char *)sig->data, + to, rsa, RSA_PKCS1_PADDING); + if (retsize <= 0) { + ret = HX509_CRYPTO_SIG_INVALID_FORMAT; + hx509_set_error_string(context, 0, ret, + "RSA public decrypt failed: %d", retsize); + free(to); + goto out; + } + if (retsize > tosize) + _hx509_abort("internal rsa decryption failure: ret > tosize"); + ret = decode_DigestInfo(to, retsize, &di, &size); + free(to); + if (ret) { + goto out; + } + + /* Check for extra data inside the sigature */ + if (size != retsize) { + ret = HX509_CRYPTO_SIG_INVALID_FORMAT; + hx509_set_error_string(context, 0, ret, "size from decryption mismatch"); + goto out; + } + + if (sig_alg->digest_oid && + der_heim_oid_cmp(&di.digestAlgorithm.algorithm, + (*sig_alg->digest_oid)()) != 0) + { + ret = HX509_CRYPTO_OID_MISMATCH; + hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch"); + goto out; + } + + /* verify that the parameters are NULL or the NULL-type */ + if (di.digestAlgorithm.parameters != NULL && + (di.digestAlgorithm.parameters->length != 2 || + memcmp(di.digestAlgorithm.parameters->data, "\x05\x00", 2) != 0)) + { + ret = HX509_CRYPTO_SIG_INVALID_FORMAT; + hx509_set_error_string(context, 0, ret, "Extra parameters inside RSA signature"); + goto out; + } + + ret = _hx509_verify_signature(context, + NULL, + &di.digestAlgorithm, + data, + &di.digest); + out: + free_DigestInfo(&di); + RSA_free(rsa); + return ret; +} + +static int +rsa_create_signature(hx509_context context, + const struct signature_alg *sig_alg, + const hx509_private_key signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + AlgorithmIdentifier *signatureAlgorithm, + heim_octet_string *sig) +{ + const AlgorithmIdentifier *digest_alg; + heim_octet_string indata; + const heim_oid *sig_oid; + DigestInfo di; + size_t size; + int ret; + + if (alg) + sig_oid = &alg->algorithm; + else + sig_oid = signer->signature_alg; + + if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_sha256WithRSAEncryption()) == 0) { + digest_alg = hx509_signature_sha256(); + } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_sha1WithRSAEncryption()) == 0) { + digest_alg = hx509_signature_sha1(); + } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_md5WithRSAEncryption()) == 0) { + digest_alg = hx509_signature_md5(); + } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_md5WithRSAEncryption()) == 0) { + digest_alg = hx509_signature_md5(); + } else if (der_heim_oid_cmp(sig_oid, oid_id_dsa_with_sha1()) == 0) { + digest_alg = hx509_signature_sha1(); + } else + return HX509_ALG_NOT_SUPP; + + if (signatureAlgorithm) { + ret = _hx509_set_digest_alg(signatureAlgorithm, + sig_oid, "\x05\x00", 2); + if (ret) { + hx509_clear_error_string(context); + return ret; + } + } + + memset(&di, 0, sizeof(di)); + + ret = _hx509_create_signature(context, + NULL, + digest_alg, + data, + &di.digestAlgorithm, + &di.digest); + if (ret) + return ret; + ASN1_MALLOC_ENCODE(DigestInfo, + indata.data, + indata.length, + &di, + &size, + ret); + free_DigestInfo(&di); + if (ret) { + hx509_set_error_string(context, 0, ret, "out of memory"); + return ret; + } + if (indata.length != size) + _hx509_abort("internal ASN.1 encoder error"); + + sig->length = RSA_size(signer->private_key.rsa); + sig->data = malloc(sig->length); + if (sig->data == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + + ret = RSA_private_encrypt(indata.length, indata.data, + sig->data, + signer->private_key.rsa, + RSA_PKCS1_PADDING); + der_free_octet_string(&indata); + if (ret <= 0) { + ret = HX509_CMS_FAILED_CREATE_SIGATURE; + hx509_set_error_string(context, 0, ret, + "RSA private decrypt failed: %d", ret); + return ret; + } + if (ret > sig->length) + _hx509_abort("RSA signature prelen longer the output len"); + + sig->length = ret; + + return 0; +} + +static int +rsa_private_key_import(hx509_context context, + const void *data, + size_t len, + hx509_private_key private_key) +{ + const unsigned char *p = data; + + private_key->private_key.rsa = + d2i_RSAPrivateKey(NULL, &p, len); + if (private_key->private_key.rsa == NULL) { + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "Failed to parse RSA key"); + return HX509_PARSING_KEY_FAILED; + } + private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption(); + + return 0; +} + +static int +rsa_private_key2SPKI(hx509_context context, + hx509_private_key private_key, + SubjectPublicKeyInfo *spki) +{ + int len, ret; + + memset(spki, 0, sizeof(*spki)); + + len = i2d_RSAPublicKey(private_key->private_key.rsa, NULL); + + spki->subjectPublicKey.data = malloc(len); + if (spki->subjectPublicKey.data == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "malloc - out of memory"); + return ENOMEM; + } + spki->subjectPublicKey.length = len * 8; + + ret = _hx509_set_digest_alg(&spki->algorithm, + oid_id_pkcs1_rsaEncryption(), + "\x05\x00", 2); + if (ret) { + hx509_set_error_string(context, 0, ret, "malloc - out of memory"); + free(spki->subjectPublicKey.data); + spki->subjectPublicKey.data = NULL; + spki->subjectPublicKey.length = 0; + return ret; + } + + { + unsigned char *pp = spki->subjectPublicKey.data; + i2d_RSAPublicKey(private_key->private_key.rsa, &pp); + } + + return 0; +} + +static int +cb_func(int a, int b, BN_GENCB *c) +{ + return 1; +} + +static int +rsa_generate_private_key(hx509_context context, hx509_private_key private_key) +{ + BN_GENCB cb; + BIGNUM *e; + int ret; + + static const int default_rsa_e = 65537; + static const int default_rsa_bits = 1024; + + private_key->private_key.rsa = RSA_new(); + if (private_key->private_key.rsa == NULL) { + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "Failed to generate RSA key"); + return HX509_PARSING_KEY_FAILED; + } + + e = BN_new(); + BN_set_word(e, default_rsa_e); + + BN_GENCB_set(&cb, cb_func, NULL); + ret = RSA_generate_key_ex(private_key->private_key.rsa, + default_rsa_bits, e, &cb); + BN_free(e); + if (ret != 1) { + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "Failed to generate RSA key"); + return HX509_PARSING_KEY_FAILED; + } + private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption(); + + return 0; +} + +static int +rsa_private_key_export(hx509_context context, + const hx509_private_key key, + heim_octet_string *data) +{ + int ret; + + data->data = NULL; + data->length = 0; + + ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL); + if (ret <= 0) { + ret = EINVAL; + hx509_set_error_string(context, 0, ret, + "Private key is not exportable"); + return ret; + } + + data->data = malloc(ret); + if (data->data == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "malloc out of memory"); + return ret; + } + data->length = ret; + + { + unsigned char *p = data->data; + i2d_RSAPrivateKey(key->private_key.rsa, &p); + } + + return 0; +} + + +static hx509_private_key_ops rsa_private_key_ops = { + "RSA PRIVATE KEY", + oid_id_pkcs1_rsaEncryption, + rsa_private_key2SPKI, + rsa_private_key_export, + rsa_private_key_import, + rsa_generate_private_key +}; + + +/* + * + */ + +static int +dsa_verify_signature(hx509_context context, + const struct signature_alg *sig_alg, + const Certificate *signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + const heim_octet_string *sig) +{ + const SubjectPublicKeyInfo *spi; + DSAPublicKey pk; + DSAParams param; + size_t size; + DSA *dsa; + int ret; + + spi = &signer->tbsCertificate.subjectPublicKeyInfo; + + dsa = DSA_new(); + if (dsa == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + + ret = decode_DSAPublicKey(spi->subjectPublicKey.data, + spi->subjectPublicKey.length / 8, + &pk, &size); + if (ret) + goto out; + + dsa->pub_key = heim_int2BN(&pk); + + free_DSAPublicKey(&pk); + + if (dsa->pub_key == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "out of memory"); + goto out; + } + + if (spi->algorithm.parameters == NULL) { + ret = HX509_CRYPTO_SIG_INVALID_FORMAT; + hx509_set_error_string(context, 0, ret, "DSA parameters missing"); + goto out; + } + + ret = decode_DSAParams(spi->algorithm.parameters->data, + spi->algorithm.parameters->length, + ¶m, + &size); + if (ret) { + hx509_set_error_string(context, 0, ret, "DSA parameters failed to decode"); + goto out; + } + + dsa->p = heim_int2BN(¶m.p); + dsa->q = heim_int2BN(¶m.q); + dsa->g = heim_int2BN(¶m.g); + + free_DSAParams(¶m); + + if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "out of memory"); + goto out; + } + + ret = DSA_verify(-1, data->data, data->length, + (unsigned char*)sig->data, sig->length, + dsa); + if (ret == 1) + ret = 0; + else if (ret == 0 || ret == -1) { + ret = HX509_CRYPTO_BAD_SIGNATURE; + hx509_set_error_string(context, 0, ret, "BAD DSA sigature"); + } else { + ret = HX509_CRYPTO_SIG_INVALID_FORMAT; + hx509_set_error_string(context, 0, ret, "Invalid format of DSA sigature"); + } + + out: + DSA_free(dsa); + + return ret; +} + +#if 0 +static int +dsa_parse_private_key(hx509_context context, + const void *data, + size_t len, + hx509_private_key private_key) +{ + const unsigned char *p = data; + + private_key->private_key.dsa = + d2i_DSAPrivateKey(NULL, &p, len); + if (private_key->private_key.dsa == NULL) + return EINVAL; + private_key->signature_alg = oid_id_dsa_with_sha1(); + + return 0; +/* else */ + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "No support to parse DSA keys"); + return HX509_PARSING_KEY_FAILED; +} +#endif + + +static int +sha1_verify_signature(hx509_context context, + const struct signature_alg *sig_alg, + const Certificate *signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + const heim_octet_string *sig) +{ + unsigned char digest[SHA_DIGEST_LENGTH]; + SHA_CTX m; + + if (sig->length != SHA_DIGEST_LENGTH) { + hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, + "SHA1 sigature have wrong length"); + return HX509_CRYPTO_SIG_INVALID_FORMAT; + } + + SHA1_Init(&m); + SHA1_Update(&m, data->data, data->length); + SHA1_Final (digest, &m); + + if (memcmp(digest, sig->data, SHA_DIGEST_LENGTH) != 0) { + hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE, + "Bad SHA1 sigature"); + return HX509_CRYPTO_BAD_SIGNATURE; + } + + return 0; +} + +static int +sha256_create_signature(hx509_context context, + const struct signature_alg *sig_alg, + const hx509_private_key signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + AlgorithmIdentifier *signatureAlgorithm, + heim_octet_string *sig) +{ + SHA256_CTX m; + + memset(sig, 0, sizeof(*sig)); + + if (signatureAlgorithm) { + int ret; + ret = _hx509_set_digest_alg(signatureAlgorithm, + (*sig_alg->sig_oid)(), "\x05\x00", 2); + if (ret) + return ret; + } + + + sig->data = malloc(SHA256_DIGEST_LENGTH); + if (sig->data == NULL) { + sig->length = 0; + return ENOMEM; + } + sig->length = SHA256_DIGEST_LENGTH; + + SHA256_Init(&m); + SHA256_Update(&m, data->data, data->length); + SHA256_Final (sig->data, &m); + + return 0; +} + +static int +sha256_verify_signature(hx509_context context, + const struct signature_alg *sig_alg, + const Certificate *signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + const heim_octet_string *sig) +{ + unsigned char digest[SHA256_DIGEST_LENGTH]; + SHA256_CTX m; + + if (sig->length != SHA256_DIGEST_LENGTH) { + hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, + "SHA256 sigature have wrong length"); + return HX509_CRYPTO_SIG_INVALID_FORMAT; + } + + SHA256_Init(&m); + SHA256_Update(&m, data->data, data->length); + SHA256_Final (digest, &m); + + if (memcmp(digest, sig->data, SHA256_DIGEST_LENGTH) != 0) { + hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE, + "Bad SHA256 sigature"); + return HX509_CRYPTO_BAD_SIGNATURE; + } + + return 0; +} + +static int +sha1_create_signature(hx509_context context, + const struct signature_alg *sig_alg, + const hx509_private_key signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + AlgorithmIdentifier *signatureAlgorithm, + heim_octet_string *sig) +{ + SHA_CTX m; + + memset(sig, 0, sizeof(*sig)); + + if (signatureAlgorithm) { + int ret; + ret = _hx509_set_digest_alg(signatureAlgorithm, + (*sig_alg->sig_oid)(), "\x05\x00", 2); + if (ret) + return ret; + } + + + sig->data = malloc(SHA_DIGEST_LENGTH); + if (sig->data == NULL) { + sig->length = 0; + return ENOMEM; + } + sig->length = SHA_DIGEST_LENGTH; + + SHA1_Init(&m); + SHA1_Update(&m, data->data, data->length); + SHA1_Final (sig->data, &m); + + return 0; +} + +static int +md5_verify_signature(hx509_context context, + const struct signature_alg *sig_alg, + const Certificate *signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + const heim_octet_string *sig) +{ + unsigned char digest[MD5_DIGEST_LENGTH]; + MD5_CTX m; + + if (sig->length != MD5_DIGEST_LENGTH) { + hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, + "MD5 sigature have wrong length"); + return HX509_CRYPTO_SIG_INVALID_FORMAT; + } + + MD5_Init(&m); + MD5_Update(&m, data->data, data->length); + MD5_Final (digest, &m); + + if (memcmp(digest, sig->data, MD5_DIGEST_LENGTH) != 0) { + hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE, + "Bad MD5 sigature"); + return HX509_CRYPTO_BAD_SIGNATURE; + } + + return 0; +} + +static int +md2_verify_signature(hx509_context context, + const struct signature_alg *sig_alg, + const Certificate *signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + const heim_octet_string *sig) +{ + unsigned char digest[MD2_DIGEST_LENGTH]; + MD2_CTX m; + + if (sig->length != MD2_DIGEST_LENGTH) { + hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, + "MD2 sigature have wrong length"); + return HX509_CRYPTO_SIG_INVALID_FORMAT; + } + + MD2_Init(&m); + MD2_Update(&m, data->data, data->length); + MD2_Final (digest, &m); + + if (memcmp(digest, sig->data, MD2_DIGEST_LENGTH) != 0) { + hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE, + "Bad MD2 sigature"); + return HX509_CRYPTO_BAD_SIGNATURE; + } + + return 0; +} + +static struct signature_alg pkcs1_rsa_sha1_alg = { + "rsa", + oid_id_pkcs1_rsaEncryption, + hx509_signature_rsa_with_sha1, + oid_id_pkcs1_rsaEncryption, + NULL, + PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, + rsa_verify_signature, + rsa_create_signature, + rsa_private_key2SPKI +}; + +static struct signature_alg rsa_with_sha256_alg = { + "rsa-with-sha256", + oid_id_pkcs1_sha256WithRSAEncryption, + hx509_signature_rsa_with_sha256, + oid_id_pkcs1_rsaEncryption, + oid_id_sha256, + PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, + rsa_verify_signature, + rsa_create_signature, + rsa_private_key2SPKI +}; + +static struct signature_alg rsa_with_sha1_alg = { + "rsa-with-sha1", + oid_id_pkcs1_sha1WithRSAEncryption, + hx509_signature_rsa_with_sha1, + oid_id_pkcs1_rsaEncryption, + oid_id_secsig_sha_1, + PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, + rsa_verify_signature, + rsa_create_signature, + rsa_private_key2SPKI +}; + +static struct signature_alg rsa_with_md5_alg = { + "rsa-with-md5", + oid_id_pkcs1_md5WithRSAEncryption, + hx509_signature_rsa_with_md5, + oid_id_pkcs1_rsaEncryption, + oid_id_rsa_digest_md5, + PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, + rsa_verify_signature, + rsa_create_signature, + rsa_private_key2SPKI +}; + +static struct signature_alg rsa_with_md2_alg = { + "rsa-with-md2", + oid_id_pkcs1_md2WithRSAEncryption, + hx509_signature_rsa_with_md2, + oid_id_pkcs1_rsaEncryption, + oid_id_rsa_digest_md2, + PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, + rsa_verify_signature, + rsa_create_signature, + rsa_private_key2SPKI +}; + +static struct signature_alg dsa_sha1_alg = { + "dsa-with-sha1", + oid_id_dsa_with_sha1, + NULL, + oid_id_dsa, + oid_id_secsig_sha_1, + PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, + dsa_verify_signature, + /* create_signature */ NULL, +}; + +static struct signature_alg sha256_alg = { + "sha-256", + oid_id_sha256, + hx509_signature_sha256, + NULL, + NULL, + SIG_DIGEST, + sha256_verify_signature, + sha256_create_signature +}; + +static struct signature_alg sha1_alg = { + "sha1", + oid_id_secsig_sha_1, + hx509_signature_sha1, + NULL, + NULL, + SIG_DIGEST, + sha1_verify_signature, + sha1_create_signature +}; + +static struct signature_alg md5_alg = { + "rsa-md5", + oid_id_rsa_digest_md5, + hx509_signature_md5, + NULL, + NULL, + SIG_DIGEST, + md5_verify_signature +}; + +static struct signature_alg md2_alg = { + "rsa-md2", + oid_id_rsa_digest_md2, + hx509_signature_md2, + NULL, + NULL, + SIG_DIGEST, + md2_verify_signature +}; + +/* + * Order matter in this structure, "best" first for each "key + * compatible" type (type is RSA, DSA, none, etc) + */ + +static struct signature_alg *sig_algs[] = { + &rsa_with_sha256_alg, + &rsa_with_sha1_alg, + &pkcs1_rsa_sha1_alg, + &rsa_with_md5_alg, + &rsa_with_md2_alg, + &dsa_sha1_alg, + &sha256_alg, + &sha1_alg, + &md5_alg, + &md2_alg, + NULL +}; + +static const struct signature_alg * +find_sig_alg(const heim_oid *oid) +{ + int i; + for (i = 0; sig_algs[i]; i++) + if (der_heim_oid_cmp((*sig_algs[i]->sig_oid)(), oid) == 0) + return sig_algs[i]; + return NULL; +} + +/* + * + */ + +static struct hx509_private_key_ops *private_algs[] = { + &rsa_private_key_ops, + NULL +}; + +static hx509_private_key_ops * +find_private_alg(const heim_oid *oid) +{ + int i; + for (i = 0; private_algs[i]; i++) { + if (private_algs[i]->key_oid == NULL) + continue; + if (der_heim_oid_cmp((*private_algs[i]->key_oid)(), oid) == 0) + return private_algs[i]; + } + return NULL; +} + + +int +_hx509_verify_signature(hx509_context context, + const Certificate *signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + const heim_octet_string *sig) +{ + const struct signature_alg *md; + + md = find_sig_alg(&alg->algorithm); + if (md == NULL) { + hx509_clear_error_string(context); + return HX509_SIG_ALG_NO_SUPPORTED; + } + if (signer && (md->flags & PROVIDE_CONF) == 0) { + hx509_clear_error_string(context); + return HX509_CRYPTO_SIG_NO_CONF; + } + if (signer == NULL && (md->flags & REQUIRE_SIGNER)) { + hx509_clear_error_string(context); + return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER; + } + if (md->key_oid && signer) { + const SubjectPublicKeyInfo *spi; + spi = &signer->tbsCertificate.subjectPublicKeyInfo; + + if (der_heim_oid_cmp(&spi->algorithm.algorithm, (*md->key_oid)()) != 0) { + hx509_clear_error_string(context); + return HX509_SIG_ALG_DONT_MATCH_KEY_ALG; + } + } + return (*md->verify_signature)(context, md, signer, alg, data, sig); +} + +int +_hx509_verify_signature_bitstring(hx509_context context, + const Certificate *signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + const heim_bit_string *sig) +{ + heim_octet_string os; + + if (sig->length & 7) { + hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, + "signature not multiple of 8 bits"); + return HX509_CRYPTO_SIG_INVALID_FORMAT; + } + + os.data = sig->data; + os.length = sig->length / 8; + + return _hx509_verify_signature(context, signer, alg, data, &os); +} + +int +_hx509_create_signature(hx509_context context, + const hx509_private_key signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + AlgorithmIdentifier *signatureAlgorithm, + heim_octet_string *sig) +{ + const struct signature_alg *md; + + if (signer && signer->ops && signer->ops->handle_alg && + (*signer->ops->handle_alg)(signer, alg, COT_SIGN)) + { + return (*signer->ops->sign)(context, signer, alg, data, + signatureAlgorithm, sig); + } + + md = find_sig_alg(&alg->algorithm); + if (md == NULL) { + hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED, + "algorithm no supported"); + return HX509_SIG_ALG_NO_SUPPORTED; + } + + if (signer && (md->flags & PROVIDE_CONF) == 0) { + hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED, + "algorithm provides no conf"); + return HX509_CRYPTO_SIG_NO_CONF; + } + + return (*md->create_signature)(context, md, signer, alg, data, + signatureAlgorithm, sig); +} + +int +_hx509_create_signature_bitstring(hx509_context context, + const hx509_private_key signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + AlgorithmIdentifier *signatureAlgorithm, + heim_bit_string *sig) +{ + heim_octet_string os; + int ret; + + ret = _hx509_create_signature(context, signer, alg, + data, signatureAlgorithm, &os); + if (ret) + return ret; + sig->data = os.data; + sig->length = os.length * 8; + return 0; +} + +int +_hx509_public_encrypt(hx509_context context, + const heim_octet_string *cleartext, + const Certificate *cert, + heim_oid *encryption_oid, + heim_octet_string *ciphertext) +{ + const SubjectPublicKeyInfo *spi; + unsigned char *to; + int tosize; + int ret; + RSA *rsa; + RSAPublicKey pk; + size_t size; + + ciphertext->data = NULL; + ciphertext->length = 0; + + spi = &cert->tbsCertificate.subjectPublicKeyInfo; + + rsa = RSA_new(); + if (rsa == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + + ret = decode_RSAPublicKey(spi->subjectPublicKey.data, + spi->subjectPublicKey.length / 8, + &pk, &size); + if (ret) { + RSA_free(rsa); + hx509_set_error_string(context, 0, ret, "RSAPublicKey decode failure"); + return ret; + } + rsa->n = heim_int2BN(&pk.modulus); + rsa->e = heim_int2BN(&pk.publicExponent); + + free_RSAPublicKey(&pk); + + if (rsa->n == NULL || rsa->e == NULL) { + RSA_free(rsa); + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + + tosize = RSA_size(rsa); + to = malloc(tosize); + if (to == NULL) { + RSA_free(rsa); + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + + ret = RSA_public_encrypt(cleartext->length, + (unsigned char *)cleartext->data, + to, rsa, RSA_PKCS1_PADDING); + RSA_free(rsa); + if (ret <= 0) { + free(to); + hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT, + "RSA public encrypt failed with %d", ret); + return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT; + } + if (ret > tosize) + _hx509_abort("internal rsa decryption failure: ret > tosize"); + + ciphertext->length = ret; + ciphertext->data = to; + + ret = der_copy_oid(oid_id_pkcs1_rsaEncryption(), encryption_oid); + if (ret) { + der_free_octet_string(ciphertext); + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + + return 0; +} + +int +_hx509_private_key_private_decrypt(hx509_context context, + const heim_octet_string *ciphertext, + const heim_oid *encryption_oid, + hx509_private_key p, + heim_octet_string *cleartext) +{ + int ret; + + cleartext->data = NULL; + cleartext->length = 0; + + if (p->private_key.rsa == NULL) { + hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING, + "Private RSA key missing"); + return HX509_PRIVATE_KEY_MISSING; + } + + cleartext->length = RSA_size(p->private_key.rsa); + cleartext->data = malloc(cleartext->length); + if (cleartext->data == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + ret = RSA_private_decrypt(ciphertext->length, ciphertext->data, + cleartext->data, + p->private_key.rsa, + RSA_PKCS1_PADDING); + if (ret <= 0) { + der_free_octet_string(cleartext); + hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT, + "Failed to decrypt using private key: %d", ret); + return HX509_CRYPTO_RSA_PRIVATE_DECRYPT; + } + if (cleartext->length < ret) + _hx509_abort("internal rsa decryption failure: ret > tosize"); + + cleartext->length = ret; + + return 0; +} + + +int +_hx509_parse_private_key(hx509_context context, + const heim_oid *key_oid, + const void *data, + size_t len, + hx509_private_key *private_key) +{ + struct hx509_private_key_ops *ops; + int ret; + + *private_key = NULL; + + ops = find_private_alg(key_oid); + if (ops == NULL) { + hx509_clear_error_string(context); + return HX509_SIG_ALG_NO_SUPPORTED; + } + + ret = _hx509_private_key_init(private_key, ops, NULL); + if (ret) { + hx509_set_error_string(context, 0, ret, "out of memory"); + return ret; + } + + ret = (*ops->import)(context, data, len, *private_key); + if (ret) + _hx509_private_key_free(private_key); + + return ret; +} + +/* + * + */ + +int +_hx509_private_key2SPKI(hx509_context context, + hx509_private_key private_key, + SubjectPublicKeyInfo *spki) +{ + const struct hx509_private_key_ops *ops = private_key->ops; + if (ops == NULL || ops->get_spki == NULL) { + hx509_set_error_string(context, 0, HX509_UNIMPLEMENTED_OPERATION, + "Private key have no key2SPKI function"); + return HX509_UNIMPLEMENTED_OPERATION; + } + return (*ops->get_spki)(context, private_key, spki); +} + +int +_hx509_generate_private_key(hx509_context context, + const heim_oid *key_oid, + hx509_private_key *private_key) +{ + struct hx509_private_key_ops *ops; + int ret; + + *private_key = NULL; + + ops = find_private_alg(key_oid); + if (ops == NULL) { + hx509_clear_error_string(context); + return HX509_SIG_ALG_NO_SUPPORTED; + } + + ret = _hx509_private_key_init(private_key, ops, NULL); + if (ret) { + hx509_set_error_string(context, 0, ret, "out of memory"); + return ret; + } + + ret = (*ops->generate_private_key)(context, *private_key); + if (ret) + _hx509_private_key_free(private_key); + + return ret; +} + + +/* + * + */ + +static const heim_octet_string null_entry_oid = { 2, "\x05\x00" }; + +static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 3 }; +const AlgorithmIdentifier _hx509_signature_sha512_data = { + { 8, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid) +}; + +static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2 }; +const AlgorithmIdentifier _hx509_signature_sha384_data = { + { 8, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid) +}; + +static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 }; +const AlgorithmIdentifier _hx509_signature_sha256_data = { + { 8, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid) +}; + +static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 }; +const AlgorithmIdentifier _hx509_signature_sha1_data = { + { 6, rk_UNCONST(sha1_oid_tree) }, rk_UNCONST(&null_entry_oid) +}; + +static const unsigned md5_oid_tree[] = { 1, 2, 840, 113549, 2, 5 }; +const AlgorithmIdentifier _hx509_signature_md5_data = { + { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid) +}; + +static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 }; +const AlgorithmIdentifier _hx509_signature_md2_data = { + { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid) +}; + +static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 }; +const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = { + { 7, rk_UNCONST(rsa_with_sha512_oid) }, NULL +}; + +static const unsigned rsa_with_sha384_oid[] ={ 1, 2, 840, 113549, 1, 1, 12 }; +const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data = { + { 7, rk_UNCONST(rsa_with_sha384_oid) }, NULL +}; + +static const unsigned rsa_with_sha256_oid[] ={ 1, 2, 840, 113549, 1, 1, 11 }; +const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data = { + { 7, rk_UNCONST(rsa_with_sha256_oid) }, NULL +}; + +static const unsigned rsa_with_sha1_oid[] ={ 1, 2, 840, 113549, 1, 1, 5 }; +const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = { + { 7, rk_UNCONST(rsa_with_sha1_oid) }, NULL +}; + +static const unsigned rsa_with_md5_oid[] ={ 1, 2, 840, 113549, 1, 1, 4 }; +const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = { + { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL +}; + +static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 }; +const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = { + { 7, rk_UNCONST(rsa_with_md2_oid) }, NULL +}; + +static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 }; +const AlgorithmIdentifier _hx509_signature_rsa_data = { + { 7, rk_UNCONST(rsa_oid) }, NULL +}; + + +const AlgorithmIdentifier * +hx509_signature_sha512(void) +{ return &_hx509_signature_sha512_data; } + +const AlgorithmIdentifier * +hx509_signature_sha384(void) +{ return &_hx509_signature_sha384_data; } + +const AlgorithmIdentifier * +hx509_signature_sha256(void) +{ return &_hx509_signature_sha256_data; } + +const AlgorithmIdentifier * +hx509_signature_sha1(void) +{ return &_hx509_signature_sha1_data; } + +const AlgorithmIdentifier * +hx509_signature_md5(void) +{ return &_hx509_signature_md5_data; } + +const AlgorithmIdentifier * +hx509_signature_md2(void) +{ return &_hx509_signature_md2_data; } + +const AlgorithmIdentifier * +hx509_signature_rsa_with_sha512(void) +{ return &_hx509_signature_rsa_with_sha512_data; } + +const AlgorithmIdentifier * +hx509_signature_rsa_with_sha384(void) +{ return &_hx509_signature_rsa_with_sha384_data; } + +const AlgorithmIdentifier * +hx509_signature_rsa_with_sha256(void) +{ return &_hx509_signature_rsa_with_sha256_data; } + +const AlgorithmIdentifier * +hx509_signature_rsa_with_sha1(void) +{ return &_hx509_signature_rsa_with_sha1_data; } + +const AlgorithmIdentifier * +hx509_signature_rsa_with_md5(void) +{ return &_hx509_signature_rsa_with_md5_data; } + +const AlgorithmIdentifier * +hx509_signature_rsa_with_md2(void) +{ return &_hx509_signature_rsa_with_md2_data; } + +const AlgorithmIdentifier * +hx509_signature_rsa(void) +{ return &_hx509_signature_rsa_data; } + +int +_hx509_private_key_init(hx509_private_key *key, + hx509_private_key_ops *ops, + void *keydata) +{ + *key = calloc(1, sizeof(**key)); + if (*key == NULL) + return ENOMEM; + (*key)->ref = 1; + (*key)->ops = ops; + (*key)->private_key.keydata = keydata; + return 0; +} + +hx509_private_key +_hx509_private_key_ref(hx509_private_key key) +{ + if (key->ref <= 0) + _hx509_abort("refcount <= 0"); + key->ref++; + if (key->ref == 0) + _hx509_abort("refcount == 0"); + return key; +} + +const char * +_hx509_private_pem_name(hx509_private_key key) +{ + return key->ops->pemtype; +} + +int +_hx509_private_key_free(hx509_private_key *key) +{ + if (key == NULL || *key == NULL) + return 0; + + if ((*key)->ref <= 0) + _hx509_abort("refcount <= 0"); + if (--(*key)->ref > 0) + return 0; + + if ((*key)->private_key.rsa) + RSA_free((*key)->private_key.rsa); + (*key)->private_key.rsa = NULL; + free(*key); + *key = NULL; + return 0; +} + +void +_hx509_private_key_assign_rsa(hx509_private_key key, void *ptr) +{ + if (key->private_key.rsa) + RSA_free(key->private_key.rsa); + key->private_key.rsa = ptr; + key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption(); + key->md = &pkcs1_rsa_sha1_alg; +} + +int +_hx509_private_key_oid(hx509_context context, + const hx509_private_key key, + heim_oid *data) +{ + int ret; + ret = der_copy_oid((*key->ops->key_oid)(), data); + if (ret) + hx509_set_error_string(context, 0, ret, "malloc out of memory"); + return ret; +} + +int +_hx509_private_key_exportable(hx509_private_key key) +{ + if (key->ops->export == NULL) + return 0; + return 1; +} + +int +_hx509_private_key_export(hx509_context context, + const hx509_private_key key, + heim_octet_string *data) +{ + if (key->ops->export == NULL) { + hx509_clear_error_string(context); + return HX509_UNIMPLEMENTED_OPERATION; + } + return (*key->ops->export)(context, key, data); +} + +/* + * + */ + +struct hx509cipher { + const char *name; + const heim_oid *(*oid_func)(void); + const EVP_CIPHER *(*evp_func)(void); + int (*get_params)(hx509_context, const hx509_crypto, + const heim_octet_string *, heim_octet_string *); + int (*set_params)(hx509_context, const heim_octet_string *, + hx509_crypto, heim_octet_string *); +}; + +struct hx509_crypto_data { + char *name; + const struct hx509cipher *cipher; + const EVP_CIPHER *c; + heim_octet_string key; + heim_oid oid; + void *param; +}; + +/* + * + */ + +static const heim_oid * +oid_private_rc2_40(void) +{ + static unsigned oid_data[] = { 127, 1 }; + static const heim_oid oid = { 2, oid_data }; + + return &oid; +} + + +/* + * + */ + +static int +CMSCBCParam_get(hx509_context context, const hx509_crypto crypto, + const heim_octet_string *ivec, heim_octet_string *param) +{ + size_t size; + int ret; + + assert(crypto->param == NULL); + if (ivec == NULL) + return 0; + + ASN1_MALLOC_ENCODE(CMSCBCParameter, param->data, param->length, + ivec, &size, ret); + if (ret == 0 && size != param->length) + _hx509_abort("Internal asn1 encoder failure"); + if (ret) + hx509_clear_error_string(context); + return ret; +} + +static int +CMSCBCParam_set(hx509_context context, const heim_octet_string *param, + hx509_crypto crypto, heim_octet_string *ivec) +{ + int ret; + if (ivec == NULL) + return 0; + + ret = decode_CMSCBCParameter(param->data, param->length, ivec, NULL); + if (ret) + hx509_clear_error_string(context); + + return ret; +} + +struct _RC2_params { + int maximum_effective_key; +}; + +static int +CMSRC2CBCParam_get(hx509_context context, const hx509_crypto crypto, + const heim_octet_string *ivec, heim_octet_string *param) +{ + CMSRC2CBCParameter rc2params; + const struct _RC2_params *p = crypto->param; + int maximum_effective_key = 128; + size_t size; + int ret; + + memset(&rc2params, 0, sizeof(rc2params)); + + if (p) + maximum_effective_key = p->maximum_effective_key; + + switch(maximum_effective_key) { + case 40: + rc2params.rc2ParameterVersion = 160; + break; + case 64: + rc2params.rc2ParameterVersion = 120; + break; + case 128: + rc2params.rc2ParameterVersion = 58; + break; + } + rc2params.iv = *ivec; + + ASN1_MALLOC_ENCODE(CMSRC2CBCParameter, param->data, param->length, + &rc2params, &size, ret); + if (ret == 0 && size != param->length) + _hx509_abort("Internal asn1 encoder failure"); + + return ret; +} + +static int +CMSRC2CBCParam_set(hx509_context context, const heim_octet_string *param, + hx509_crypto crypto, heim_octet_string *ivec) +{ + CMSRC2CBCParameter rc2param; + struct _RC2_params *p; + size_t size; + int ret; + + ret = decode_CMSRC2CBCParameter(param->data, param->length, + &rc2param, &size); + if (ret) { + hx509_clear_error_string(context); + return ret; + } + + p = calloc(1, sizeof(*p)); + if (p == NULL) { + free_CMSRC2CBCParameter(&rc2param); + hx509_clear_error_string(context); + return ENOMEM; + } + switch(rc2param.rc2ParameterVersion) { + case 160: + crypto->c = EVP_rc2_40_cbc(); + p->maximum_effective_key = 40; + break; + case 120: + crypto->c = EVP_rc2_64_cbc(); + p->maximum_effective_key = 64; + break; + case 58: + crypto->c = EVP_rc2_cbc(); + p->maximum_effective_key = 128; + break; + default: + free_CMSRC2CBCParameter(&rc2param); + return HX509_CRYPTO_SIG_INVALID_FORMAT; + } + if (ivec) + ret = der_copy_octet_string(&rc2param.iv, ivec); + free_CMSRC2CBCParameter(&rc2param); + if (ret) + hx509_clear_error_string(context); + else + crypto->param = p; + + return ret; +} + +/* + * + */ + +static const struct hx509cipher ciphers[] = { + { + "rc2-cbc", + oid_id_pkcs3_rc2_cbc, + EVP_rc2_cbc, + CMSRC2CBCParam_get, + CMSRC2CBCParam_set + }, + { + "rc2-cbc", + oid_id_rsadsi_rc2_cbc, + EVP_rc2_cbc, + CMSRC2CBCParam_get, + CMSRC2CBCParam_set + }, + { + "rc2-40-cbc", + oid_private_rc2_40, + EVP_rc2_40_cbc, + CMSRC2CBCParam_get, + CMSRC2CBCParam_set + }, + { + "des-ede3-cbc", + oid_id_pkcs3_des_ede3_cbc, + EVP_des_ede3_cbc, + CMSCBCParam_get, + CMSCBCParam_set + }, + { + "des-ede3-cbc", + oid_id_rsadsi_des_ede3_cbc, + EVP_des_ede3_cbc, + CMSCBCParam_get, + CMSCBCParam_set + }, + { + "aes-128-cbc", + oid_id_aes_128_cbc, + EVP_aes_128_cbc, + CMSCBCParam_get, + CMSCBCParam_set + }, + { + "aes-192-cbc", + oid_id_aes_192_cbc, + EVP_aes_192_cbc, + CMSCBCParam_get, + CMSCBCParam_set + }, + { + "aes-256-cbc", + oid_id_aes_256_cbc, + EVP_aes_256_cbc, + CMSCBCParam_get, + CMSCBCParam_set + } +}; + +static const struct hx509cipher * +find_cipher_by_oid(const heim_oid *oid) +{ + int i; + + for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) + if (der_heim_oid_cmp(oid, (*ciphers[i].oid_func)()) == 0) + return &ciphers[i]; + + return NULL; +} + +static const struct hx509cipher * +find_cipher_by_name(const char *name) +{ + int i; + + for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) + if (strcasecmp(name, ciphers[i].name) == 0) + return &ciphers[i]; + + return NULL; +} + + +const heim_oid * +hx509_crypto_enctype_by_name(const char *name) +{ + const struct hx509cipher *cipher; + + cipher = find_cipher_by_name(name); + if (cipher == NULL) + return NULL; + return (*cipher->oid_func)(); +} + +int +hx509_crypto_init(hx509_context context, + const char *provider, + const heim_oid *enctype, + hx509_crypto *crypto) +{ + const struct hx509cipher *cipher; + + *crypto = NULL; + + cipher = find_cipher_by_oid(enctype); + if (cipher == NULL) { + hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP, + "Algorithm not supported"); + return HX509_ALG_NOT_SUPP; + } + + *crypto = calloc(1, sizeof(**crypto)); + if (*crypto == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + + (*crypto)->cipher = cipher; + (*crypto)->c = (*cipher->evp_func)(); + + if (der_copy_oid(enctype, &(*crypto)->oid)) { + hx509_crypto_destroy(*crypto); + *crypto = NULL; + hx509_clear_error_string(context); + return ENOMEM; + } + + return 0; +} + +const char * +hx509_crypto_provider(hx509_crypto crypto) +{ + return "unknown"; +} + +void +hx509_crypto_destroy(hx509_crypto crypto) +{ + if (crypto->name) + free(crypto->name); + if (crypto->key.data) + free(crypto->key.data); + if (crypto->param) + free(crypto->param); + der_free_oid(&crypto->oid); + memset(crypto, 0, sizeof(*crypto)); + free(crypto); +} + +int +hx509_crypto_set_key_name(hx509_crypto crypto, const char *name) +{ + return 0; +} + +int +hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length) +{ + if (EVP_CIPHER_key_length(crypto->c) > length) + return HX509_CRYPTO_INTERNAL_ERROR; + + if (crypto->key.data) { + free(crypto->key.data); + crypto->key.data = NULL; + crypto->key.length = 0; + } + crypto->key.data = malloc(length); + if (crypto->key.data == NULL) + return ENOMEM; + memcpy(crypto->key.data, data, length); + crypto->key.length = length; + + return 0; +} + +int +hx509_crypto_set_random_key(hx509_crypto crypto, heim_octet_string *key) +{ + if (crypto->key.data) { + free(crypto->key.data); + crypto->key.length = 0; + } + + crypto->key.length = EVP_CIPHER_key_length(crypto->c); + crypto->key.data = malloc(crypto->key.length); + if (crypto->key.data == NULL) { + crypto->key.length = 0; + return ENOMEM; + } + if (RAND_bytes(crypto->key.data, crypto->key.length) <= 0) { + free(crypto->key.data); + crypto->key.data = NULL; + crypto->key.length = 0; + return HX509_CRYPTO_INTERNAL_ERROR; + } + if (key) + return der_copy_octet_string(&crypto->key, key); + else + return 0; +} + +int +hx509_crypto_set_params(hx509_context context, + hx509_crypto crypto, + const heim_octet_string *param, + heim_octet_string *ivec) +{ + return (*crypto->cipher->set_params)(context, param, crypto, ivec); +} + +int +hx509_crypto_get_params(hx509_context context, + hx509_crypto crypto, + const heim_octet_string *ivec, + heim_octet_string *param) +{ + return (*crypto->cipher->get_params)(context, crypto, ivec, param); +} + +int +hx509_crypto_encrypt(hx509_crypto crypto, + const void *data, + const size_t length, + heim_octet_string *ivec, + heim_octet_string **ciphertext) +{ + EVP_CIPHER_CTX evp; + size_t padsize; + int ret; + + *ciphertext = NULL; + + EVP_CIPHER_CTX_init(&evp); + + ivec->length = EVP_CIPHER_iv_length(crypto->c); + ivec->data = malloc(ivec->length); + if (ivec->data == NULL) { + ret = ENOMEM; + goto out; + } + + if (RAND_bytes(ivec->data, ivec->length) <= 0) { + ret = HX509_CRYPTO_INTERNAL_ERROR; + goto out; + } + + ret = EVP_CipherInit_ex(&evp, crypto->c, NULL, + crypto->key.data, ivec->data, 1); + if (ret != 1) { + EVP_CIPHER_CTX_cleanup(&evp); + ret = HX509_CRYPTO_INTERNAL_ERROR; + goto out; + } + + *ciphertext = calloc(1, sizeof(**ciphertext)); + if (*ciphertext == NULL) { + ret = ENOMEM; + goto out; + } + + if (EVP_CIPHER_block_size(crypto->c) == 1) { + padsize = 0; + } else { + int bsize = EVP_CIPHER_block_size(crypto->c); + padsize = bsize - (length % bsize); + } + (*ciphertext)->length = length + padsize; + (*ciphertext)->data = malloc(length + padsize); + if ((*ciphertext)->data == NULL) { + ret = ENOMEM; + goto out; + } + + memcpy((*ciphertext)->data, data, length); + if (padsize) { + int i; + unsigned char *p = (*ciphertext)->data; + p += length; + for (i = 0; i < padsize; i++) + *p++ = padsize; + } + + ret = EVP_Cipher(&evp, (*ciphertext)->data, + (*ciphertext)->data, + length + padsize); + if (ret != 1) { + ret = HX509_CRYPTO_INTERNAL_ERROR; + goto out; + } + ret = 0; + + out: + if (ret) { + if (ivec->data) { + free(ivec->data); + memset(ivec, 0, sizeof(*ivec)); + } + if (*ciphertext) { + if ((*ciphertext)->data) { + free((*ciphertext)->data); + } + free(*ciphertext); + *ciphertext = NULL; + } + } + EVP_CIPHER_CTX_cleanup(&evp); + + return ret; +} + +int +hx509_crypto_decrypt(hx509_crypto crypto, + const void *data, + const size_t length, + heim_octet_string *ivec, + heim_octet_string *clear) +{ + EVP_CIPHER_CTX evp; + void *idata = NULL; + int ret; + + clear->data = NULL; + clear->length = 0; + + if (ivec && EVP_CIPHER_iv_length(crypto->c) < ivec->length) + return HX509_CRYPTO_INTERNAL_ERROR; + + if (crypto->key.data == NULL) + return HX509_CRYPTO_INTERNAL_ERROR; + + if (ivec) + idata = ivec->data; + + EVP_CIPHER_CTX_init(&evp); + + ret = EVP_CipherInit_ex(&evp, crypto->c, NULL, + crypto->key.data, idata, 0); + if (ret != 1) { + EVP_CIPHER_CTX_cleanup(&evp); + return HX509_CRYPTO_INTERNAL_ERROR; + } + + clear->length = length; + clear->data = malloc(length); + if (clear->data == NULL) { + EVP_CIPHER_CTX_cleanup(&evp); + clear->length = 0; + return ENOMEM; + } + + if (EVP_Cipher(&evp, clear->data, data, length) != 1) { + return HX509_CRYPTO_INTERNAL_ERROR; + } + EVP_CIPHER_CTX_cleanup(&evp); + + if (EVP_CIPHER_block_size(crypto->c) > 1) { + int padsize; + unsigned char *p; + int j, bsize = EVP_CIPHER_block_size(crypto->c); + + if (clear->length < bsize) { + ret = HX509_CMS_PADDING_ERROR; + goto out; + } + + p = clear->data; + p += clear->length - 1; + padsize = *p; + if (padsize > bsize) { + ret = HX509_CMS_PADDING_ERROR; + goto out; + } + clear->length -= padsize; + for (j = 0; j < padsize; j++) { + if (*p-- != padsize) { + ret = HX509_CMS_PADDING_ERROR; + goto out; + } + } + } + + return 0; + + out: + if (clear->data) + free(clear->data); + clear->data = NULL; + clear->length = 0; + return ret; +} + +typedef int (*PBE_string2key_func)(hx509_context, + const char *, + const heim_octet_string *, + hx509_crypto *, heim_octet_string *, + heim_octet_string *, + const heim_oid *, const EVP_MD *); + +static int +PBE_string2key(hx509_context context, + const char *password, + const heim_octet_string *parameters, + hx509_crypto *crypto, + heim_octet_string *key, heim_octet_string *iv, + const heim_oid *enc_oid, + const EVP_MD *md) +{ + PKCS12_PBEParams p12params; + int passwordlen = strlen(password); + hx509_crypto c; + int iter, saltlen, ret; + unsigned char *salt; + + if (parameters == NULL) + return HX509_ALG_NOT_SUPP; + + ret = decode_PKCS12_PBEParams(parameters->data, + parameters->length, + &p12params, NULL); + if (ret) + goto out; + + if (p12params.iterations) + iter = *p12params.iterations; + else + iter = 1; + salt = p12params.salt.data; + saltlen = p12params.salt.length; + + /* XXX It needs to be here, but why ? */ + if (passwordlen == 0) + password = NULL; + + if (!PKCS12_key_gen (password, passwordlen, salt, saltlen, + PKCS12_KEY_ID, iter, key->length, key->data, md)) { + ret = HX509_CRYPTO_INTERNAL_ERROR; + goto out; + } + + if (!PKCS12_key_gen (password, passwordlen, salt, saltlen, + PKCS12_IV_ID, iter, iv->length, iv->data, md)) { + ret = HX509_CRYPTO_INTERNAL_ERROR; + goto out; + } + + ret = hx509_crypto_init(context, NULL, enc_oid, &c); + if (ret) + goto out; + + ret = hx509_crypto_set_key_data(c, key->data, key->length); + if (ret) { + hx509_crypto_destroy(c); + goto out; + } + + *crypto = c; +out: + free_PKCS12_PBEParams(&p12params); + return ret; +} + +static const heim_oid * +find_string2key(const heim_oid *oid, + const EVP_CIPHER **c, + const EVP_MD **md, + PBE_string2key_func *s2k) +{ + if (der_heim_oid_cmp(oid, oid_id_pbewithSHAAnd40BitRC2_CBC()) == 0) { + *c = EVP_rc2_40_cbc(); + *md = EVP_sha1(); + *s2k = PBE_string2key; + return oid_private_rc2_40(); + } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd128BitRC2_CBC()) == 0) { + *c = EVP_rc2_cbc(); + *md = EVP_sha1(); + *s2k = PBE_string2key; + return oid_id_pkcs3_rc2_cbc(); +#if 0 + } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd40BitRC4()) == 0) { + *c = EVP_rc4_40(); + *md = EVP_sha1(); + *s2k = PBE_string2key; + return NULL; + } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd128BitRC4()) == 0) { + *c = EVP_rc4(); + *md = EVP_sha1(); + *s2k = PBE_string2key; + return oid_id_pkcs3_rc4(); +#endif + } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd3_KeyTripleDES_CBC()) == 0) { + *c = EVP_des_ede3_cbc(); + *md = EVP_sha1(); + *s2k = PBE_string2key; + return oid_id_pkcs3_des_ede3_cbc(); + } + + return NULL; +} + + +int +_hx509_pbe_decrypt(hx509_context context, + hx509_lock lock, + const AlgorithmIdentifier *ai, + const heim_octet_string *econtent, + heim_octet_string *content) +{ + const struct _hx509_password *pw; + heim_octet_string key, iv; + const heim_oid *enc_oid; + const EVP_CIPHER *c; + const EVP_MD *md; + PBE_string2key_func s2k; + int i, ret = 0; + + memset(&key, 0, sizeof(key)); + memset(&iv, 0, sizeof(iv)); + + memset(content, 0, sizeof(*content)); + + enc_oid = find_string2key(&ai->algorithm, &c, &md, &s2k); + if (enc_oid == NULL) { + hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP, + "String to key algorithm not supported"); + ret = HX509_ALG_NOT_SUPP; + goto out; + } + + key.length = EVP_CIPHER_key_length(c); + key.data = malloc(key.length); + if (key.data == NULL) { + ret = ENOMEM; + hx509_clear_error_string(context); + goto out; + } + + iv.length = EVP_CIPHER_iv_length(c); + iv.data = malloc(iv.length); + if (iv.data == NULL) { + ret = ENOMEM; + hx509_clear_error_string(context); + goto out; + } + + pw = _hx509_lock_get_passwords(lock); + + ret = HX509_CRYPTO_INTERNAL_ERROR; + for (i = 0; i < pw->len + 1; i++) { + hx509_crypto crypto; + const char *password; + + if (i < pw->len) + password = pw->val[i]; + else + password = ""; + + ret = (*s2k)(context, password, ai->parameters, &crypto, + &key, &iv, enc_oid, md); + if (ret) + goto out; + + ret = hx509_crypto_decrypt(crypto, + econtent->data, + econtent->length, + &iv, + content); + hx509_crypto_destroy(crypto); + if (ret == 0) + goto out; + + } +out: + if (key.data) + der_free_octet_string(&key); + if (iv.data) + der_free_octet_string(&iv); + return ret; +} + +/* + * + */ + + +int +_hx509_match_keys(hx509_cert c, hx509_private_key private_key) +{ + const Certificate *cert; + const SubjectPublicKeyInfo *spi; + RSAPublicKey pk; + RSA *rsa; + size_t size; + int ret; + + if (private_key->private_key.rsa == NULL) + return 0; + + rsa = private_key->private_key.rsa; + if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL) + return 0; + + cert = _hx509_get_cert(c); + spi = &cert->tbsCertificate.subjectPublicKeyInfo; + + rsa = RSA_new(); + if (rsa == NULL) + return 0; + + ret = decode_RSAPublicKey(spi->subjectPublicKey.data, + spi->subjectPublicKey.length / 8, + &pk, &size); + if (ret) { + RSA_free(rsa); + return 0; + } + rsa->n = heim_int2BN(&pk.modulus); + rsa->e = heim_int2BN(&pk.publicExponent); + + free_RSAPublicKey(&pk); + + rsa->d = BN_dup(private_key->private_key.rsa->d); + rsa->p = BN_dup(private_key->private_key.rsa->p); + rsa->q = BN_dup(private_key->private_key.rsa->q); + rsa->dmp1 = BN_dup(private_key->private_key.rsa->dmp1); + rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1); + rsa->iqmp = BN_dup(private_key->private_key.rsa->iqmp); + + if (rsa->n == NULL || rsa->e == NULL || + rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL || + rsa->dmp1 == NULL || rsa->dmq1 == NULL) { + RSA_free(rsa); + return 0; + } + + ret = RSA_check_key(rsa); + RSA_free(rsa); + + return ret == 1; +} + +static const heim_oid * +find_keytype(const hx509_private_key key) +{ + const struct signature_alg *md; + + if (key == NULL) + return NULL; + + md = find_sig_alg(key->signature_alg); + if (md == NULL) + return NULL; + return (*md->key_oid)(); +} + + +int +hx509_crypto_select(const hx509_context context, + int type, + const hx509_private_key source, + hx509_peer_info peer, + AlgorithmIdentifier *selected) +{ + const heim_oid *keytype = NULL; + const AlgorithmIdentifier *def; + size_t i, j; + int ret, bits; + + memset(selected, 0, sizeof(*selected)); + + if (type == HX509_SELECT_DIGEST) { + bits = SIG_DIGEST; + def = hx509_signature_sha1(); + } else if (type == HX509_SELECT_PUBLIC_SIG) { + bits = SIG_PUBLIC_SIG; + /* XXX depend on `source´ and `peer´ */ + def = hx509_signature_rsa_with_sha1(); + } else { + hx509_set_error_string(context, 0, EINVAL, + "Unknown type %d of selection", type); + return EINVAL; + } + + keytype = find_keytype(source); + + if (peer) { + for (i = 0; i < peer->len; i++) { + for (j = 0; sig_algs[j]; j++) { + if ((sig_algs[j]->flags & bits) != bits) + continue; + if (der_heim_oid_cmp((*sig_algs[j]->sig_oid)(), + &peer->val[i].algorithm) != 0) + continue; + if (keytype && sig_algs[j]->key_oid && + der_heim_oid_cmp(keytype, (*sig_algs[j]->key_oid)())) + continue; + + /* found one, use that */ + ret = copy_AlgorithmIdentifier(&peer->val[i], selected); + if (ret) + hx509_clear_error_string(context); + return ret; + } + } + } + + /* use default */ + ret = copy_AlgorithmIdentifier(def, selected); + if (ret) + hx509_clear_error_string(context); + return ret; +} + +int +hx509_crypto_available(hx509_context context, + int type, + hx509_cert source, + AlgorithmIdentifier **val, + unsigned int *plen) +{ + const heim_oid *keytype = NULL; + unsigned int len, i; + void *ptr; + int bits, ret; + + *val = NULL; + + if (type == HX509_SELECT_ALL) { + bits = SIG_DIGEST | SIG_PUBLIC_SIG; + } else if (type == HX509_SELECT_DIGEST) { + bits = SIG_DIGEST; + } else if (type == HX509_SELECT_PUBLIC_SIG) { + bits = SIG_PUBLIC_SIG; + } else { + hx509_set_error_string(context, 0, EINVAL, + "Unknown type %d of available", type); + return EINVAL; + } + + if (source) + keytype = find_keytype(_hx509_cert_private_key(source)); + + len = 0; + for (i = 0; sig_algs[i]; i++) { + if ((sig_algs[i]->flags & bits) == 0) + continue; + if (sig_algs[i]->sig_alg == NULL) + continue; + if (keytype && sig_algs[i]->key_oid && + der_heim_oid_cmp((*sig_algs[i]->key_oid)(), keytype)) + continue; + + /* found one, add that to the list */ + ptr = realloc(*val, sizeof(**val) * (len + 1)); + if (ptr == NULL) + goto out; + *val = ptr; + + ret = copy_AlgorithmIdentifier((*sig_algs[i]->sig_alg)(), &(*val)[len]); + if (ret) + goto out; + len++; + } + + *plen = len; + return 0; + +out: + for (i = 0; i < len; i++) + free_AlgorithmIdentifier(&(*val)[i]); + free(*val); + *val = NULL; + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; +} + +void +hx509_crypto_free_algs(AlgorithmIdentifier *val, + unsigned int len) +{ + unsigned int i; + for (i = 0; i < len; i++) + free_AlgorithmIdentifier(&val[i]); + free(val); +} diff --git a/source4/heimdal/lib/hx509/error.c b/source4/heimdal/lib/hx509/error.c new file mode 100644 index 0000000000..770b71981a --- /dev/null +++ b/source4/heimdal/lib/hx509/error.c @@ -0,0 +1,141 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: error.c,v 1.4 2006/11/16 15:08:09 lha Exp $"); + +struct hx509_error_data { + hx509_error next; + int code; + char *msg; +}; + +static void +free_error_string(hx509_error msg) +{ + while(msg) { + hx509_error m2 = msg->next; + free(msg->msg); + free(msg); + msg = m2; + } +} + +void +hx509_clear_error_string(hx509_context context) +{ + free_error_string(context->error); + context->error = NULL; +} + +void +hx509_set_error_stringv(hx509_context context, int flags, int code, + const char *fmt, va_list ap) +{ + hx509_error msg; + + msg = calloc(1, sizeof(*msg)); + if (msg == NULL) { + hx509_clear_error_string(context); + return; + } + + if (vasprintf(&msg->msg, fmt, ap) == -1) { + hx509_clear_error_string(context); + free(msg); + return; + } + msg->code = code; + + if (flags & HX509_ERROR_APPEND) { + msg->next = context->error; + context->error = msg; + } else { + free_error_string(context->error); + context->error = msg; + } +} + +void +hx509_set_error_string(hx509_context context, int flags, int code, const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + hx509_set_error_stringv(context, flags, code, fmt, ap); + va_end(ap); +} + +char * +hx509_get_error_string(hx509_context context, int error_code) +{ + struct rk_strpool *p = NULL; + hx509_error msg; + + if (context->error == NULL) { + const char *cstr; + char *str; + + cstr = com_right(context->et_list, error_code); + if (cstr) + return strdup(cstr); + cstr = strerror(error_code); + if (cstr) + return strdup(cstr); + if (asprintf(&str, "", error_code) == -1) + return NULL; + return str; + } + + for (msg = context->error; msg; msg = msg->next) + p = rk_strpoolprintf(p, "%s%s", msg->msg, + msg->next != NULL ? "; " : ""); + + return rk_strpoolcollect(p); +} + +void +hx509_err(hx509_context context, int exit_code, int error_code, char *fmt, ...) +{ + va_list ap; + char *msg, *str; + + va_start(ap, fmt); + vasprintf(&str, fmt, ap); + va_end(ap); + msg = hx509_get_error_string(context, error_code); + if (msg == NULL) + msg = "no error"; + + errx(exit_code, "%s: %s", str, msg); +} diff --git a/source4/heimdal/lib/hx509/file.c b/source4/heimdal/lib/hx509/file.c new file mode 100644 index 0000000000..39497fc3a9 --- /dev/null +++ b/source4/heimdal/lib/hx509/file.c @@ -0,0 +1,115 @@ +/* + * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$ID$"); + +int +_hx509_map_file(const char *fn, void **data, size_t *length, struct stat *rsb) +{ + struct stat sb; + size_t len; + ssize_t l; + int ret; + void *d; + int fd; + + *data = NULL; + *length = 0; + + fd = open(fn, O_RDONLY); + if (fd < 0) + return errno; + + if (fstat(fd, &sb) < 0) { + ret = errno; + close(fd); + return ret; + } + + len = sb.st_size; + + d = malloc(len); + if (d == NULL) { + close(fd); + return ENOMEM; + } + + l = read(fd, d, len); + close(fd); + if (l < 0 || l != len) { + free(d); + return EINVAL; + } + + if (rsb) + *rsb = sb; + *data = d; + *length = len; + return 0; +} + +void +_hx509_unmap_file(void *data, size_t len) +{ + free(data); +} + +int +_hx509_write_file(const char *fn, const void *data, size_t length) +{ + ssize_t sz; + const unsigned char *p = data; + int fd; + + fd = open(fn, O_WRONLY|O_TRUNC|O_CREAT, 0644); + if (fd < 0) + return errno; + + do { + sz = write(fd, p, length); + if (sz < 0) { + int saved_errno = errno; + close(fd); + return saved_errno; + } + if (sz == 0) + break; + length -= sz; + } while (length > 0); + + if (close(fd) == -1) + return errno; + + return 0; +} diff --git a/source4/heimdal/lib/hx509/hx509-protos.h b/source4/heimdal/lib/hx509/hx509-protos.h new file mode 100644 index 0000000000..4fcab70ff8 --- /dev/null +++ b/source4/heimdal/lib/hx509/hx509-protos.h @@ -0,0 +1,824 @@ +/* This is a generated file */ +#ifndef __hx509_protos_h__ +#define __hx509_protos_h__ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +void +hx509_bitstring_print ( + const heim_bit_string */*b*/, + hx509_vprint_func /*func*/, + void */*ctx*/); + +int +hx509_ca_sign ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + hx509_cert /*signer*/, + hx509_cert */*certificate*/); + +int +hx509_ca_sign_self ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + hx509_private_key /*signer*/, + hx509_cert */*certificate*/); + +int +hx509_ca_tbs_add_eku ( + hx509_context /*contex*/, + hx509_ca_tbs /*tbs*/, + const heim_oid */*oid*/); + +int +hx509_ca_tbs_add_san_hostname ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const char */*dnsname*/); + +int +hx509_ca_tbs_add_san_otherName ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const heim_oid */*oid*/, + const heim_octet_string */*os*/); + +int +hx509_ca_tbs_add_san_pkinit ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const char */*principal*/); + +int +hx509_ca_tbs_add_san_rfc822name ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const char */*rfc822Name*/); + +void +hx509_ca_tbs_free (hx509_ca_tbs */*tbs*/); + +int +hx509_ca_tbs_init ( + hx509_context /*context*/, + hx509_ca_tbs */*tbs*/); + +int +hx509_ca_tbs_set_ca ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + int /*pathLenConstraint*/); + +int +hx509_ca_tbs_set_notAfter ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + time_t /*t*/); + +int +hx509_ca_tbs_set_notAfter_lifetime ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + time_t /*delta*/); + +int +hx509_ca_tbs_set_notBefore ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + time_t /*t*/); + +int +hx509_ca_tbs_set_proxy ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + int /*pathLenConstraint*/); + +int +hx509_ca_tbs_set_serialnumber ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const heim_integer */*serialNumber*/); + +int +hx509_ca_tbs_set_spki ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const SubjectPublicKeyInfo */*spki*/); + +int +hx509_ca_tbs_set_subject ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + hx509_name /*subject*/); + +int +hx509_cert_check_eku ( + hx509_context /*context*/, + hx509_cert /*cert*/, + const heim_oid */*eku*/, + int /*allow_any_eku*/); + +int +hx509_cert_cmp ( + hx509_cert /*p*/, + hx509_cert /*q*/); + +int +hx509_cert_find_subjectAltName_otherName ( + hx509_cert /*cert*/, + const heim_oid */*oid*/, + hx509_octet_string_list */*list*/); + +void +hx509_cert_free (hx509_cert /*cert*/); + +hx509_cert_attribute +hx509_cert_get_attribute ( + hx509_cert /*cert*/, + const heim_oid */*oid*/); + +int +hx509_cert_get_base_subject ( + hx509_context /*context*/, + hx509_cert /*c*/, + hx509_name */*name*/); + +const char * +hx509_cert_get_friendly_name (hx509_cert /*cert*/); + +int +hx509_cert_get_issuer ( + hx509_cert /*p*/, + hx509_name */*name*/); + +int +hx509_cert_get_serialnumber ( + hx509_cert /*p*/, + heim_integer */*i*/); + +int +hx509_cert_get_subject ( + hx509_cert /*p*/, + hx509_name */*name*/); + +int +hx509_cert_init ( + hx509_context /*context*/, + const Certificate */*c*/, + hx509_cert */*cert*/); + +int +hx509_cert_keyusage_print ( + hx509_context /*context*/, + hx509_cert /*c*/, + char **/*s*/); + +hx509_cert +hx509_cert_ref (hx509_cert /*cert*/); + +int +hx509_cert_set_friendly_name ( + hx509_cert /*cert*/, + const char */*name*/); + +int +hx509_certs_add ( + hx509_context /*context*/, + hx509_certs /*certs*/, + hx509_cert /*cert*/); + +int +hx509_certs_append ( + hx509_context /*context*/, + hx509_certs /*to*/, + hx509_lock /*lock*/, + const char */*name*/); + +int +hx509_certs_end_seq ( + hx509_context /*context*/, + hx509_certs /*certs*/, + hx509_cursor /*cursor*/); + +int +hx509_certs_find ( + hx509_context /*context*/, + hx509_certs /*certs*/, + const hx509_query */*q*/, + hx509_cert */*r*/); + +void +hx509_certs_free (hx509_certs */*certs*/); + +int +hx509_certs_info ( + hx509_context /*context*/, + hx509_certs /*certs*/, + int (*/*func*/)(void *, char *), + void */*ctx*/); + +int +hx509_certs_init ( + hx509_context /*context*/, + const char */*name*/, + int /*flags*/, + hx509_lock /*lock*/, + hx509_certs */*certs*/); + +int +hx509_certs_iter ( + hx509_context /*context*/, + hx509_certs /*certs*/, + int (*/*fn*/)(hx509_context, void *, hx509_cert), + void */*ctx*/); + +int +hx509_certs_merge ( + hx509_context /*context*/, + hx509_certs /*to*/, + hx509_certs /*from*/); + +int +hx509_certs_next_cert ( + hx509_context /*context*/, + hx509_certs /*certs*/, + hx509_cursor /*cursor*/, + hx509_cert */*cert*/); + +int +hx509_certs_start_seq ( + hx509_context /*context*/, + hx509_certs /*certs*/, + hx509_cursor */*cursor*/); + +int +hx509_certs_store ( + hx509_context /*context*/, + hx509_certs /*certs*/, + int /*flags*/, + hx509_lock /*lock*/); + +int +hx509_ci_print_names ( + hx509_context /*context*/, + void */*ctx*/, + hx509_cert /*c*/); + +void +hx509_clear_error_string (hx509_context /*context*/); + +int +hx509_cms_create_signed_1 ( + hx509_context /*context*/, + const heim_oid */*eContentType*/, + const void */*data*/, + size_t /*length*/, + const AlgorithmIdentifier */*digest_alg*/, + hx509_cert /*cert*/, + hx509_peer_info /*peer*/, + hx509_certs /*anchors*/, + hx509_certs /*pool*/, + heim_octet_string */*signed_data*/); + +int +hx509_cms_decrypt_encrypted ( + hx509_context /*context*/, + hx509_lock /*lock*/, + const void */*data*/, + size_t /*length*/, + heim_oid */*contentType*/, + heim_octet_string */*content*/); + +int +hx509_cms_envelope_1 ( + hx509_context /*context*/, + hx509_cert /*cert*/, + const void */*data*/, + size_t /*length*/, + const heim_oid */*encryption_type*/, + const heim_oid */*contentType*/, + heim_octet_string */*content*/); + +int +hx509_cms_unenvelope ( + hx509_context /*context*/, + hx509_certs /*certs*/, + int /*flags*/, + const void */*data*/, + size_t /*length*/, + const heim_octet_string */*encryptedContent*/, + heim_oid */*contentType*/, + heim_octet_string */*content*/); + +int +hx509_cms_unwrap_ContentInfo ( + const heim_octet_string */*in*/, + heim_oid */*oid*/, + heim_octet_string */*out*/, + int */*have_data*/); + +int +hx509_cms_verify_signed ( + hx509_context /*context*/, + hx509_verify_ctx /*ctx*/, + const void */*data*/, + size_t /*length*/, + hx509_certs /*store*/, + heim_oid */*contentType*/, + heim_octet_string */*content*/, + hx509_certs */*signer_certs*/); + +int +hx509_cms_wrap_ContentInfo ( + const heim_oid */*oid*/, + const heim_octet_string */*buf*/, + heim_octet_string */*res*/); + +void +hx509_context_free (hx509_context */*context*/); + +int +hx509_context_init (hx509_context */*context*/); + +void +hx509_context_set_missing_revoke ( + hx509_context /*context*/, + int /*flag*/); + +int +hx509_crypto_available ( + hx509_context /*context*/, + int /*type*/, + hx509_cert /*source*/, + AlgorithmIdentifier **/*val*/, + unsigned int */*plen*/); + +int +hx509_crypto_decrypt ( + hx509_crypto /*crypto*/, + const void */*data*/, + const size_t /*length*/, + heim_octet_string */*ivec*/, + heim_octet_string */*clear*/); + +void +hx509_crypto_destroy (hx509_crypto /*crypto*/); + +int +hx509_crypto_encrypt ( + hx509_crypto /*crypto*/, + const void */*data*/, + const size_t /*length*/, + heim_octet_string */*ivec*/, + heim_octet_string **/*ciphertext*/); + +const heim_oid * +hx509_crypto_enctype_by_name (const char */*name*/); + +void +hx509_crypto_free_algs ( + AlgorithmIdentifier */*val*/, + unsigned int /*len*/); + +int +hx509_crypto_get_params ( + hx509_context /*context*/, + hx509_crypto /*crypto*/, + const heim_octet_string */*ivec*/, + heim_octet_string */*param*/); + +int +hx509_crypto_init ( + hx509_context /*context*/, + const char */*provider*/, + const heim_oid */*enctype*/, + hx509_crypto */*crypto*/); + +const char * +hx509_crypto_provider (hx509_crypto /*crypto*/); + +int +hx509_crypto_select ( + const hx509_context /*context*/, + int /*type*/, + const hx509_private_key /*source*/, + hx509_peer_info /*peer*/, + AlgorithmIdentifier */*selected*/); + +int +hx509_crypto_set_key_data ( + hx509_crypto /*crypto*/, + const void */*data*/, + size_t /*length*/); + +int +hx509_crypto_set_key_name ( + hx509_crypto /*crypto*/, + const char */*name*/); + +int +hx509_crypto_set_params ( + hx509_context /*context*/, + hx509_crypto /*crypto*/, + const heim_octet_string */*param*/, + heim_octet_string */*ivec*/); + +int +hx509_crypto_set_random_key ( + hx509_crypto /*crypto*/, + heim_octet_string */*key*/); + +void +hx509_err ( + hx509_context /*context*/, + int /*exit_code*/, + int /*error_code*/, + char */*fmt*/, + ...); + +void +hx509_free_octet_string_list (hx509_octet_string_list */*list*/); + +char * +hx509_get_error_string ( + hx509_context /*context*/, + int /*error_code*/); + +int +hx509_get_one_cert ( + hx509_context /*context*/, + hx509_certs /*certs*/, + hx509_cert */*c*/); + +int +hx509_lock_add_cert ( + hx509_context /*context*/, + hx509_lock /*lock*/, + hx509_cert /*cert*/); + +int +hx509_lock_add_certs ( + hx509_context /*context*/, + hx509_lock /*lock*/, + hx509_certs /*certs*/); + +int +hx509_lock_add_password ( + hx509_lock /*lock*/, + const char */*password*/); + +int +hx509_lock_command_string ( + hx509_lock /*lock*/, + const char */*string*/); + +void +hx509_lock_free (hx509_lock /*lock*/); + +int +hx509_lock_init ( + hx509_context /*context*/, + hx509_lock */*lock*/); + +int +hx509_lock_prompt ( + hx509_lock /*lock*/, + hx509_prompt */*prompt*/); + +void +hx509_lock_reset_certs ( + hx509_context /*context*/, + hx509_lock /*lock*/); + +void +hx509_lock_reset_passwords (hx509_lock /*lock*/); + +void +hx509_lock_reset_promper (hx509_lock /*lock*/); + +int +hx509_lock_set_prompter ( + hx509_lock /*lock*/, + hx509_prompter_fct /*prompt*/, + void */*data*/); + +int +hx509_name_copy ( + hx509_context /*context*/, + const hx509_name /*from*/, + hx509_name */*to*/); + +void +hx509_name_free (hx509_name */*name*/); + +int +hx509_name_is_null_p (const hx509_name /*name*/); + +int +hx509_name_to_Name ( + const hx509_name /*from*/, + Name */*to*/); + +int +hx509_name_to_der_name ( + const hx509_name /*name*/, + void **/*data*/, + size_t */*length*/); + +int +hx509_name_to_string ( + const hx509_name /*name*/, + char **/*str*/); + +int +hx509_ocsp_request ( + hx509_context /*context*/, + hx509_certs /*reqcerts*/, + hx509_certs /*pool*/, + hx509_cert /*signer*/, + const AlgorithmIdentifier */*digest*/, + heim_octet_string */*request*/, + heim_octet_string */*nonce*/); + +int +hx509_ocsp_verify ( + hx509_context /*context*/, + time_t /*now*/, + hx509_cert /*cert*/, + int /*flags*/, + const void */*data*/, + size_t /*length*/, + time_t */*expiration*/); + +void +hx509_oid_print ( + const heim_oid */*oid*/, + hx509_vprint_func /*func*/, + void */*ctx*/); + +int +hx509_oid_sprint ( + const heim_oid */*oid*/, + char **/*str*/); + +int +hx509_parse_name ( + hx509_context /*context*/, + const char */*str*/, + hx509_name */*name*/); + +int +hx509_peer_info_alloc ( + hx509_context /*context*/, + hx509_peer_info */*peer*/); + +int +hx509_peer_info_free (hx509_peer_info /*peer*/); + +int +hx509_peer_info_set_cert ( + hx509_peer_info /*peer*/, + hx509_cert /*cert*/); + +int +hx509_peer_info_set_cms_algs ( + hx509_context /*context*/, + hx509_peer_info /*peer*/, + const AlgorithmIdentifier */*val*/, + size_t /*len*/); + +void +hx509_print_func ( + hx509_vprint_func /*func*/, + void */*ctx*/, + const char */*fmt*/, + ...); + +void +hx509_print_stdout ( + void */*ctx*/, + const char */*fmt*/, + va_list /*va*/); + +int +hx509_prompt_hidden (hx509_prompt_type /*type*/); + +int +hx509_query_alloc ( + hx509_context /*context*/, + hx509_query **/*q*/); + +void +hx509_query_free ( + hx509_context /*context*/, + hx509_query */*q*/); + +int +hx509_query_match_cmp_func ( + hx509_query */*q*/, + int (*/*func*/)(void *, hx509_cert), + void */*ctx*/); + +int +hx509_query_match_friendly_name ( + hx509_query */*q*/, + const char */*name*/); + +int +hx509_query_match_issuer_serial ( + hx509_query */*q*/, + const Name */*issuer*/, + const heim_integer */*serialNumber*/); + +void +hx509_query_match_option ( + hx509_query */*q*/, + hx509_query_option /*option*/); + +int +hx509_revoke_add_crl ( + hx509_context /*context*/, + hx509_revoke_ctx /*ctx*/, + const char */*path*/); + +int +hx509_revoke_add_ocsp ( + hx509_context /*context*/, + hx509_revoke_ctx /*ctx*/, + const char */*path*/); + +void +hx509_revoke_free (hx509_revoke_ctx */*ctx*/); + +int +hx509_revoke_init ( + hx509_context /*context*/, + hx509_revoke_ctx */*ctx*/); + +int +hx509_revoke_ocsp_print ( + hx509_context /*context*/, + const char */*path*/, + FILE */*out*/); + +int +hx509_revoke_verify ( + hx509_context /*context*/, + hx509_revoke_ctx /*ctx*/, + hx509_certs /*certs*/, + time_t /*now*/, + hx509_cert /*cert*/, + hx509_cert /*parent_cert*/); + +void +hx509_set_error_string ( + hx509_context /*context*/, + int /*flags*/, + int /*code*/, + const char */*fmt*/, + ...); + +void +hx509_set_error_stringv ( + hx509_context /*context*/, + int /*flags*/, + int /*code*/, + const char */*fmt*/, + va_list /*ap*/); + +const AlgorithmIdentifier * +hx509_signature_md2 (void); + +const AlgorithmIdentifier * +hx509_signature_md5 (void); + +const AlgorithmIdentifier * +hx509_signature_rsa (void); + +const AlgorithmIdentifier * +hx509_signature_rsa_with_md2 (void); + +const AlgorithmIdentifier * +hx509_signature_rsa_with_md5 (void); + +const AlgorithmIdentifier * +hx509_signature_rsa_with_sha1 (void); + +const AlgorithmIdentifier * +hx509_signature_rsa_with_sha256 (void); + +const AlgorithmIdentifier * +hx509_signature_rsa_with_sha384 (void); + +const AlgorithmIdentifier * +hx509_signature_rsa_with_sha512 (void); + +const AlgorithmIdentifier * +hx509_signature_sha1 (void); + +const AlgorithmIdentifier * +hx509_signature_sha256 (void); + +const AlgorithmIdentifier * +hx509_signature_sha384 (void); + +const AlgorithmIdentifier * +hx509_signature_sha512 (void); + +int +hx509_unparse_der_name ( + const void */*data*/, + size_t /*length*/, + char **/*str*/); + +int +hx509_validate_cert ( + hx509_context /*context*/, + hx509_validate_ctx /*ctx*/, + hx509_cert /*cert*/); + +void +hx509_validate_ctx_add_flags ( + hx509_validate_ctx /*ctx*/, + int /*flags*/); + +void +hx509_validate_ctx_free (hx509_validate_ctx /*ctx*/); + +int +hx509_validate_ctx_init ( + hx509_context /*context*/, + hx509_validate_ctx */*ctx*/); + +void +hx509_validate_ctx_set_print ( + hx509_validate_ctx /*ctx*/, + hx509_vprint_func /*func*/, + void */*c*/); + +void +hx509_verify_attach_anchors ( + hx509_verify_ctx /*ctx*/, + hx509_certs /*set*/); + +void +hx509_verify_attach_revoke ( + hx509_verify_ctx /*ctx*/, + hx509_revoke_ctx /*revoke_ctx*/); + +void +hx509_verify_destroy_ctx (hx509_verify_ctx /*ctx*/); + +int +hx509_verify_hostname ( + hx509_context /*context*/, + const hx509_cert /*cert*/, + int /*require_match*/, + const char */*hostname*/, + const struct sockaddr */*sa*/, + int /*sa_size*/); + +int +hx509_verify_init_ctx ( + hx509_context /*context*/, + hx509_verify_ctx */*ctx*/); + +int +hx509_verify_path ( + hx509_context /*context*/, + hx509_verify_ctx /*ctx*/, + hx509_cert /*cert*/, + hx509_certs /*pool*/); + +void +hx509_verify_set_proxy_certificate ( + hx509_verify_ctx /*ctx*/, + int /*boolean*/); + +void +hx509_verify_set_strict_rfc3280_verification ( + hx509_verify_ctx /*ctx*/, + int /*boolean*/); + +void +hx509_verify_set_time ( + hx509_verify_ctx /*ctx*/, + time_t /*t*/); + +int +hx509_verify_signature ( + hx509_context /*context*/, + const hx509_cert /*signer*/, + const AlgorithmIdentifier */*alg*/, + const heim_octet_string */*data*/, + const heim_octet_string */*sig*/); + +#ifdef __cplusplus +} +#endif + +#endif /* __hx509_protos_h__ */ diff --git a/source4/heimdal/lib/hx509/hx509.h b/source4/heimdal/lib/hx509/hx509.h new file mode 100644 index 0000000000..70f29ea92d --- /dev/null +++ b/source4/heimdal/lib/hx509/hx509.h @@ -0,0 +1,111 @@ +/* + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: hx509.h,v 1.16 2007/01/09 10:52:05 lha Exp $ */ + +typedef struct hx509_cert_attribute_data *hx509_cert_attribute; +typedef struct hx509_cert_data *hx509_cert; +typedef struct hx509_certs_data *hx509_certs; +typedef struct hx509_context_data *hx509_context; +typedef struct hx509_crypto_data *hx509_crypto; +typedef struct hx509_lock_data *hx509_lock; +typedef struct hx509_name_data *hx509_name; +typedef struct hx509_private_key *hx509_private_key; +typedef struct hx509_validate_ctx_data *hx509_validate_ctx; +typedef struct hx509_verify_ctx_data *hx509_verify_ctx; +typedef struct hx509_revoke_ctx_data *hx509_revoke_ctx; +typedef struct hx509_query_data hx509_query; +typedef void * hx509_cursor; +typedef struct hx509_request_data *hx509_request; +typedef struct hx509_error_data *hx509_error; +typedef struct hx509_peer_info *hx509_peer_info; +typedef struct hx509_ca_tbs *hx509_ca_tbs; + +typedef void (*hx509_vprint_func)(void *, const char *, va_list); + +enum { + HX509_VALIDATE_F_VALIDATE = 1, + HX509_VALIDATE_F_VERBOSE = 2 +}; + +struct hx509_cert_attribute_data { + heim_oid oid; + heim_octet_string data; +}; + +typedef enum { + HX509_PROMPT_TYPE_PASSWORD = 0x1, /* password, hidden */ + HX509_PROMPT_TYPE_QUESTION = 0x2, /* question, not hidden */ + HX509_PROMPT_TYPE_INFO = 0x4 /* infomation, reply doesn't matter */ +} hx509_prompt_type; + +typedef struct hx509_prompt { + const char *prompt; + hx509_prompt_type type; + heim_octet_string reply; +} hx509_prompt; + +typedef int (*hx509_prompter_fct)(void *, const hx509_prompt *); + +typedef struct hx509_octet_string_list { + size_t len; + heim_octet_string *val; +} hx509_octet_string_list; + +/* + * Options passed to hx509_query_match_option. + */ +typedef enum { + HX509_QUERY_OPTION_PRIVATE_KEY = 1, + HX509_QUERY_OPTION_KU_ENCIPHERMENT = 2, + HX509_QUERY_OPTION_KU_DIGITALSIGNATURE = 3, + HX509_QUERY_OPTION_KU_KEYCERTSIGN = 4, + HX509_QUERY_OPTION_END = 0xffff +} hx509_query_option; + +/* flags to hx509_certs_init */ +#define HX509_CERTS_CREATE 0x01 + +/* flags to hx509_set_error_string */ +#define HX509_ERROR_APPEND 0x01 + +/* flags to hx509_cms_unenvelope */ +#define HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT 0x01 + +/* selectors passed to hx509_crypto_select and hx509_crypto_available */ +#define HX509_SELECT_ALL 0 +#define HX509_SELECT_DIGEST 1 +#define HX509_SELECT_PUBLIC_SIG 2 +#define HX509_SELECT_PUBLIC_ENC 3 + +#include diff --git a/source4/heimdal/lib/hx509/hx509_err.c b/source4/heimdal/lib/hx509/hx509_err.c new file mode 100644 index 0000000000..339759d6b7 --- /dev/null +++ b/source4/heimdal/lib/hx509/hx509_err.c @@ -0,0 +1,157 @@ +/* Generated from /home/data/samba/samba4/svn/source/heimdal/lib/hx509/hx509_err.et */ +/* $Id: hx509_err.et,v 1.19 2006/12/30 23:05:39 lha Exp $ */ + +#include +#include +#include "hx509_err.h" + +static const char *hx_error_strings[] = { + /* 000 */ "ASN.1 failed call to system time library", + /* 001 */ "Extension not found", + /* 002 */ "Certification path not found", + /* 003 */ "Parent certificate is not a CA", + /* 004 */ "CA path too deep", + /* 005 */ "Signature algorithm not supported", + /* 006 */ "Signature algorithm doesn't match certificate key", + /* 007 */ "Certificate used before it became valid", + /* 008 */ "Certificate used after it became invalid", + /* 009 */ "Private key required for the operation is missing", + /* 010 */ "Algorithm not supported", + /* 011 */ "Issuer couldn't be found", + /* 012 */ "Error verifing constraints", + /* 013 */ "Number too large", + /* 014 */ "Error while verifing name constraints", + /* 015 */ "Path is too long, failed to find valid anchor", + /* 016 */ "Required keyusage for this certificate is missing", + /* 017 */ "Certificate not found", + /* 018 */ "Unknown lock command", + /* 019 */ "Parent certificate is a CA", + /* 020 */ "Extra data was found after the structure", + /* 021 */ "Proxy certificate is invalid", + /* 022 */ "Proxy certificate name is wrong", + /* 023 */ "Name is malformated", + /* 024 */ "Certificate is malformated", + /* 025 */ "Certificate is missing a required EKU", + /* 026 */ "Proxy certificate not canonicalize", + /* 027 */ "Reserved hx error (27)", + /* 028 */ "Reserved hx error (28)", + /* 029 */ "Reserved hx error (29)", + /* 030 */ "Reserved hx error (30)", + /* 031 */ "Reserved hx error (31)", + /* 032 */ "Failed to create signature", + /* 033 */ "Missing signer data", + /* 034 */ "Couldn't find signers certificate", + /* 035 */ "No data to perform the operation on", + /* 036 */ "Data in the message is invalid", + /* 037 */ "Padding in the message invalid", + /* 038 */ "Couldn't find recipient certificate", + /* 039 */ "Mismatch bewteen signed type and unsigned type", + /* 040 */ "Reserved hx error (40)", + /* 041 */ "Reserved hx error (41)", + /* 042 */ "Reserved hx error (42)", + /* 043 */ "Reserved hx error (43)", + /* 044 */ "Reserved hx error (44)", + /* 045 */ "Reserved hx error (45)", + /* 046 */ "Reserved hx error (46)", + /* 047 */ "Reserved hx error (47)", + /* 048 */ "Reserved hx error (48)", + /* 049 */ "Reserved hx error (49)", + /* 050 */ "Reserved hx error (50)", + /* 051 */ "Reserved hx error (51)", + /* 052 */ "Reserved hx error (52)", + /* 053 */ "Reserved hx error (53)", + /* 054 */ "Reserved hx error (54)", + /* 055 */ "Reserved hx error (55)", + /* 056 */ "Reserved hx error (56)", + /* 057 */ "Reserved hx error (57)", + /* 058 */ "Reserved hx error (58)", + /* 059 */ "Reserved hx error (59)", + /* 060 */ "Reserved hx error (60)", + /* 061 */ "Reserved hx error (61)", + /* 062 */ "Reserved hx error (62)", + /* 063 */ "Reserved hx error (63)", + /* 064 */ "Internal error in the crypto engine", + /* 065 */ "External error in the crypto engine", + /* 066 */ "Signature missing for data", + /* 067 */ "Signature is not valid", + /* 068 */ "Sigature doesn't provide confidentiality", + /* 069 */ "Invalid format on signature", + /* 070 */ "Mismatch bewteen oids", + /* 071 */ "No prompter function defined", + /* 072 */ "Signature require signer, but non available", + /* 073 */ "RSA public encyption failed", + /* 074 */ "RSA public encyption failed", + /* 075 */ "RSA private decryption failed", + /* 076 */ "RSA private decryption failed", + /* 077 */ "Reserved hx error (77)", + /* 078 */ "Reserved hx error (78)", + /* 079 */ "Reserved hx error (79)", + /* 080 */ "Reserved hx error (80)", + /* 081 */ "Reserved hx error (81)", + /* 082 */ "Reserved hx error (82)", + /* 083 */ "Reserved hx error (83)", + /* 084 */ "Reserved hx error (84)", + /* 085 */ "Reserved hx error (85)", + /* 086 */ "Reserved hx error (86)", + /* 087 */ "Reserved hx error (87)", + /* 088 */ "Reserved hx error (88)", + /* 089 */ "Reserved hx error (89)", + /* 090 */ "Reserved hx error (90)", + /* 091 */ "Reserved hx error (91)", + /* 092 */ "Reserved hx error (92)", + /* 093 */ "Reserved hx error (93)", + /* 094 */ "Reserved hx error (94)", + /* 095 */ "Reserved hx error (95)", + /* 096 */ "CRL used before it became valid", + /* 097 */ "CRL used after it became invalid", + /* 098 */ "CRL have invalid format", + /* 099 */ "Certificate is included in CRL", + /* 100 */ "No revoke status found for certificates", + /* 101 */ "Unknown extension", + /* 102 */ "Got wrong CRL/OCSP data from server", + /* 103 */ "Doesn't have same parent as other certificaes", + /* 104 */ "Reserved hx error (104)", + /* 105 */ "Reserved hx error (105)", + /* 106 */ "Reserved hx error (106)", + /* 107 */ "Reserved hx error (107)", + /* 108 */ "No local key attribute", + /* 109 */ "Failed to parse key", + /* 110 */ "Unsupported operation", + /* 111 */ "Unimplemented operation", + /* 112 */ "Failed to parse name", + /* 113 */ "Reserved hx error (113)", + /* 114 */ "Reserved hx error (114)", + /* 115 */ "Reserved hx error (115)", + /* 116 */ "Reserved hx error (116)", + /* 117 */ "Reserved hx error (117)", + /* 118 */ "Reserved hx error (118)", + /* 119 */ "Reserved hx error (119)", + /* 120 */ "Reserved hx error (120)", + /* 121 */ "Reserved hx error (121)", + /* 122 */ "Reserved hx error (122)", + /* 123 */ "Reserved hx error (123)", + /* 124 */ "Reserved hx error (124)", + /* 125 */ "Reserved hx error (125)", + /* 126 */ "Reserved hx error (126)", + /* 127 */ "Reserved hx error (127)", + /* 128 */ "No smartcard reader/device found", + /* 129 */ "No smartcard in reader", + /* 130 */ "No supported mech(s)", + /* 131 */ "Token or slot failed in inconsistent way", + /* 132 */ "Failed to open session to slot", + /* 133 */ "Failed to login to slot", + /* 134 */ "Failed to load PKCS module", + NULL +}; + +#define num_errors 135 + +void initialize_hx_error_table_r(struct et_list **list) +{ + initialize_error_table_r(list, hx_error_strings, num_errors, ERROR_TABLE_BASE_hx); +} + +void initialize_hx_error_table(void) +{ + init_error_table(hx_error_strings, ERROR_TABLE_BASE_hx, num_errors); +} diff --git a/source4/heimdal/lib/hx509/hx509_err.et b/source4/heimdal/lib/hx509/hx509_err.et new file mode 100644 index 0000000000..54ec177e47 --- /dev/null +++ b/source4/heimdal/lib/hx509/hx509_err.et @@ -0,0 +1,100 @@ +# +# Error messages for the hx509 library +# +# This might look like a com_err file, but is not +# +id "$Id: hx509_err.et,v 1.19 2006/12/30 23:05:39 lha Exp $" + +error_table hx +prefix HX509 + +# path validateion and construction related errors +error_code BAD_TIMEFORMAT, "ASN.1 failed call to system time library" +error_code EXTENSION_NOT_FOUND, "Extension not found" +error_code NO_PATH, "Certification path not found" +error_code PARENT_NOT_CA, "Parent certificate is not a CA" +error_code CA_PATH_TOO_DEEP, "CA path too deep" +error_code SIG_ALG_NO_SUPPORTED, "Signature algorithm not supported" +error_code SIG_ALG_DONT_MATCH_KEY_ALG, "Signature algorithm doesn't match certificate key" +error_code CERT_USED_BEFORE_TIME, "Certificate used before it became valid" +error_code CERT_USED_AFTER_TIME, "Certificate used after it became invalid" +error_code PRIVATE_KEY_MISSING, "Private key required for the operation is missing" +error_code ALG_NOT_SUPP, "Algorithm not supported" +error_code ISSUER_NOT_FOUND, "Issuer couldn't be found" +error_code VERIFY_CONSTRAINTS, "Error verifing constraints" +error_code RANGE, "Number too large" +error_code NAME_CONSTRAINT_ERROR, "Error while verifing name constraints" +error_code PATH_TOO_LONG, "Path is too long, failed to find valid anchor" +error_code KU_CERT_MISSING, "Required keyusage for this certificate is missing" +error_code CERT_NOT_FOUND, "Certificate not found" +error_code UNKNOWN_LOCK_COMMAND, "Unknown lock command" +error_code PARENT_IS_CA, "Parent certificate is a CA" +error_code EXTRA_DATA_AFTER_STRUCTURE, "Extra data was found after the structure" +error_code PROXY_CERT_INVALID, "Proxy certificate is invalid" +error_code PROXY_CERT_NAME_WRONG, "Proxy certificate name is wrong" +error_code NAME_MALFORMED, "Name is malformated" +error_code CERTIFICATE_MALFORMED, "Certificate is malformated" +error_code CERTIFICATE_MISSING_EKU, "Certificate is missing a required EKU" +error_code PROXY_CERTIFICATE_NOT_CANONICALIZED, "Proxy certificate not canonicalize" + +# cms related errors +index 32 +prefix HX509_CMS +error_code FAILED_CREATE_SIGATURE, "Failed to create signature" +error_code MISSING_SIGNER_DATA, "Missing signer data" +error_code SIGNER_NOT_FOUND, "Couldn't find signers certificate" +error_code NO_DATA_AVAILABLE, "No data to perform the operation on" +error_code INVALID_DATA, "Data in the message is invalid" +error_code PADDING_ERROR, "Padding in the message invalid" +error_code NO_RECIPIENT_CERTIFICATE, "Couldn't find recipient certificate" +error_code DATA_OID_MISMATCH, "Mismatch bewteen signed type and unsigned type" + +# crypto related errors +index 64 +prefix HX509_CRYPTO +error_code INTERNAL_ERROR, "Internal error in the crypto engine" +error_code EXTERNAL_ERROR, "External error in the crypto engine" +error_code SIGNATURE_MISSING, "Signature missing for data" +error_code BAD_SIGNATURE, "Signature is not valid" +error_code SIG_NO_CONF, "Sigature doesn't provide confidentiality" +error_code SIG_INVALID_FORMAT, "Invalid format on signature" +error_code OID_MISMATCH, "Mismatch bewteen oids" +error_code NO_PROMPTER, "No prompter function defined" +error_code SIGNATURE_WITHOUT_SIGNER, "Signature require signer, but non available" +error_code RSA_PUBLIC_ENCRYPT, "RSA public encyption failed" +error_code RSA_PRIVATE_ENCRYPT, "RSA public encyption failed" +error_code RSA_PUBLIC_DECRYPT, "RSA private decryption failed" +error_code RSA_PRIVATE_DECRYPT, "RSA private decryption failed" + +# revoke related errors +index 96 +prefix HX509 +error_code CRL_USED_BEFORE_TIME, "CRL used before it became valid" +error_code CRL_USED_AFTER_TIME, "CRL used after it became invalid" +error_code CRL_INVALID_FORMAT, "CRL have invalid format" +error_code CRL_CERT_REVOKED, "Certificate is included in CRL" +error_code REVOKE_STATUS_MISSING, "No revoke status found for certificates" +error_code CRL_UNKNOWN_EXTENSION, "Unknown extension" +error_code REVOKE_WRONG_DATA, "Got wrong CRL/OCSP data from server" +error_code REVOKE_NOT_SAME_PARENT, "Doesn't have same parent as other certificaes" + +# misc error +index 108 +error_code LOCAL_ATTRIBUTE_MISSING, "No local key attribute" +error_code PARSING_KEY_FAILED, "Failed to parse key" +error_code UNSUPPORTED_OPERATION, "Unsupported operation" +error_code UNIMPLEMENTED_OPERATION, "Unimplemented operation" +error_code PARSING_NAME_FAILED, "Failed to parse name" + +# keystore related error +index 128 +prefix HX509_PKCS11 +error_code NO_SLOT, "No smartcard reader/device found" +error_code NO_TOKEN, "No smartcard in reader" +error_code NO_MECH, "No supported mech(s)" +error_code TOKEN_CONFUSED, "Token or slot failed in inconsistent way" +error_code OPEN_SESSION, "Failed to open session to slot" +error_code LOGIN, "Failed to login to slot" +error_code LOAD, "Failed to load PKCS module" + +end diff --git a/source4/heimdal/lib/hx509/hx_locl.h b/source4/heimdal/lib/hx509/hx_locl.h new file mode 100644 index 0000000000..78d158f8b1 --- /dev/null +++ b/source4/heimdal/lib/hx509/hx_locl.h @@ -0,0 +1,184 @@ +/* + * Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: hx_locl.h,v 1.30 2007/01/09 10:52:06 lha Exp $ */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "crypto-headers.h" + +struct hx509_keyset_ops; +struct hx509_collector; +typedef struct hx509_path hx509_path; + +#include + +typedef void (*_hx509_cert_release_func)(struct hx509_cert_data *, void *); + +typedef struct hx509_private_key_ops hx509_private_key_ops; + +#include +#include + +struct hx509_peer_info { + hx509_cert cert; + AlgorithmIdentifier *val; + size_t len; +}; + +#define HX509_CERTS_FIND_SERIALNUMBER 1 +#define HX509_CERTS_FIND_ISSUER 2 +#define HX509_CERTS_FIND_SUBJECT 4 +#define HX509_CERTS_FIND_ISSUER_KEY_ID 8 +#define HX509_CERTS_FIND_SUBJECT_KEY_ID 16 + +struct hx509_name_data { + Name der_name; +}; + +struct hx509_path { + size_t len; + hx509_cert *val; +}; + +struct hx509_query_data { + int match; +#define HX509_QUERY_FIND_ISSUER_CERT 0x000001 +#define HX509_QUERY_MATCH_SERIALNUMBER 0x000002 +#define HX509_QUERY_MATCH_ISSUER_NAME 0x000004 +#define HX509_QUERY_MATCH_SUBJECT_NAME 0x000008 +#define HX509_QUERY_MATCH_SUBJECT_KEY_ID 0x000010 +#define HX509_QUERY_MATCH_ISSUER_ID 0x000020 +#define HX509_QUERY_PRIVATE_KEY 0x000040 +#define HX509_QUERY_KU_ENCIPHERMENT 0x000080 +#define HX509_QUERY_KU_DIGITALSIGNATURE 0x000100 +#define HX509_QUERY_KU_KEYCERTSIGN 0x000200 +#define HX509_QUERY_KU_CRLSIGN 0x000400 +#define HX509_QUERY_KU_NONREPUDIATION 0x000800 +#define HX509_QUERY_KU_KEYAGREEMENT 0x001000 +#define HX509_QUERY_KU_DATAENCIPHERMENT 0x002000 +#define HX509_QUERY_ANCHOR 0x004000 +#define HX509_QUERY_MATCH_CERTIFICATE 0x008000 +#define HX509_QUERY_MATCH_LOCAL_KEY_ID 0x010000 +#define HX509_QUERY_NO_MATCH_PATH 0x020000 +#define HX509_QUERY_MATCH_FRIENDLY_NAME 0x040000 +#define HX509_QUERY_MATCH_FUNCTION 0x080000 +#define HX509_QUERY_MATCH_KEY_HASH_SHA1 0x100000 +#define HX509_QUERY_MATCH_TIME 0x200000 +#define HX509_QUERY_MASK 0x3fffff + Certificate *subject; + Certificate *certificate; + heim_integer *serial; + heim_octet_string *subject_id; + heim_octet_string *local_key_id; + Name *issuer_name; + Name *subject_name; + hx509_path *path; + char *friendlyname; + int (*cmp_func)(void *, hx509_cert); + void *cmp_func_ctx; + heim_octet_string *keyhash_sha1; + time_t timenow; +}; + +struct hx509_keyset_ops { + char *name; + int flags; + int (*init)(hx509_context, hx509_certs, void **, + int, const char *, hx509_lock); + int (*store)(hx509_context, hx509_certs, void *, int, hx509_lock); + int (*free)(hx509_certs, void *); + int (*add)(hx509_context, hx509_certs, void *, hx509_cert); + int (*query)(hx509_context, hx509_certs, void *, + const hx509_query *, hx509_cert *); + int (*iter_start)(hx509_context, hx509_certs, void *, void **); + int (*iter)(hx509_context, hx509_certs, void *, void *, hx509_cert *); + int (*iter_end)(hx509_context, hx509_certs, void *, void *); + int (*printinfo)(hx509_context, hx509_certs, + void *, int (*)(void *, char *), void *); + int (*getkeys)(hx509_context, hx509_certs, void *, hx509_private_key **); + int (*addkey)(hx509_context, hx509_certs, void *, hx509_private_key); +}; + +struct _hx509_password { + size_t len; + char **val; +}; + +extern hx509_lock _hx509_empty_lock; + +struct hx509_context_data { + struct hx509_keyset_ops **ks_ops; + int ks_num_ops; + int flags; +#define HX509_CTX_VERIFY_MISSING_OK 1 + int ocsp_time_diff; +#define HX509_DEFAULT_OCSP_TIME_DIFF (5*60) + hx509_error error; + struct et_list *et_list; +}; + +/* _hx509_calculate_path flag field */ +#define HX509_CALCULATE_PATH_NO_ANCHOR 1 diff --git a/source4/heimdal/lib/hx509/keyset.c b/source4/heimdal/lib/hx509/keyset.c new file mode 100644 index 0000000000..c3d5ee210c --- /dev/null +++ b/source4/heimdal/lib/hx509/keyset.c @@ -0,0 +1,439 @@ +/* + * Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: keyset.c,v 1.18 2007/01/09 10:52:07 lha Exp $"); + +struct hx509_certs_data { + struct hx509_keyset_ops *ops; + void *ops_data; +}; + +static struct hx509_keyset_ops * +_hx509_ks_type(hx509_context context, const char *type) +{ + int i; + + for (i = 0; i < context->ks_num_ops; i++) + if (strcasecmp(type, context->ks_ops[i]->name) == 0) + return context->ks_ops[i]; + + return NULL; +} + +void +_hx509_ks_register(hx509_context context, struct hx509_keyset_ops *ops) +{ + struct hx509_keyset_ops **val; + + if (_hx509_ks_type(context, ops->name)) + return; + + val = realloc(context->ks_ops, + (context->ks_num_ops + 1) * sizeof(context->ks_ops[0])); + if (val == NULL) + return; + val[context->ks_num_ops] = ops; + context->ks_ops = val; + context->ks_num_ops++; +} + +int +hx509_certs_init(hx509_context context, + const char *name, int flags, + hx509_lock lock, hx509_certs *certs) +{ + struct hx509_keyset_ops *ops; + const char *residue; + hx509_certs c; + char *type; + int ret; + + *certs = NULL; + + residue = strchr(name, ':'); + if (residue) { + type = malloc(residue - name + 1); + if (type) + strlcpy(type, name, residue - name + 1); + residue++; + if (residue[0] == '\0') + residue = NULL; + } else { + type = strdup("MEMORY"); + residue = name; + } + if (type == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + + ops = _hx509_ks_type(context, type); + free(type); + if (ops == NULL) { + hx509_set_error_string(context, 0, ENOENT, + "Keyset type %s is not supported", type); + return ENOENT; + } + c = calloc(1, sizeof(*c)); + if (c == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + c->ops = ops; + + ret = (*ops->init)(context, c, &c->ops_data, flags, residue, lock); + if (ret) { + free(c); + return ret; + } + + *certs = c; + return 0; +} + +int +hx509_certs_store(hx509_context context, + hx509_certs certs, + int flags, + hx509_lock lock) +{ + if (certs->ops->store == NULL) { + hx509_set_error_string(context, 0, EINVAL, + "keystore if type %s doesn't support " + "store operation", + certs->ops->name); + return EINVAL; + } + + return (*certs->ops->store)(context, certs, certs->ops_data, flags, lock); +} + + +void +hx509_certs_free(hx509_certs *certs) +{ + if (*certs) { + (*(*certs)->ops->free)(*certs, (*certs)->ops_data); + free(*certs); + *certs = NULL; + } +} + +int +hx509_certs_start_seq(hx509_context context, + hx509_certs certs, + hx509_cursor *cursor) +{ + int ret; + + if (certs->ops->iter_start == NULL) { + hx509_set_error_string(context, 0, ENOENT, + "Keyset type %s doesn't support iteration", + certs->ops->name); + return ENOENT; + } + + ret = (*certs->ops->iter_start)(context, certs, certs->ops_data, cursor); + if (ret) + return ret; + + return 0; +} + +int +hx509_certs_next_cert(hx509_context context, + hx509_certs certs, + hx509_cursor cursor, + hx509_cert *cert) +{ + *cert = NULL; + return (*certs->ops->iter)(context, certs, certs->ops_data, cursor, cert); +} + +int +hx509_certs_end_seq(hx509_context context, + hx509_certs certs, + hx509_cursor cursor) +{ + (*certs->ops->iter_end)(context, certs, certs->ops_data, cursor); + return 0; +} + + +int +hx509_certs_iter(hx509_context context, + hx509_certs certs, + int (*fn)(hx509_context, void *, hx509_cert), + void *ctx) +{ + hx509_cursor cursor; + hx509_cert c; + int ret; + + ret = hx509_certs_start_seq(context, certs, &cursor); + if (ret) + return ret; + + while (1) { + ret = hx509_certs_next_cert(context, certs, cursor, &c); + if (ret) + break; + if (c == NULL) { + ret = 0; + break; + } + ret = (*fn)(context, ctx, c); + hx509_cert_free(c); + if (ret) + break; + } + + hx509_certs_end_seq(context, certs, cursor); + + return ret; +} + +int +hx509_ci_print_names(hx509_context context, void *ctx, hx509_cert c) +{ + Certificate *cert; + hx509_name n; + char *s, *i; + + cert = _hx509_get_cert(c); + + _hx509_name_from_Name(&cert->tbsCertificate.subject, &n); + hx509_name_to_string(n, &s); + hx509_name_free(&n); + _hx509_name_from_Name(&cert->tbsCertificate.issuer, &n); + hx509_name_to_string(n, &i); + hx509_name_free(&n); + fprintf(ctx, "subject: %s\nissuer: %s\n", s, i); + free(s); + free(i); + return 0; +} + +/* + * The receiving keyset `certs´ will either increase reference counter + * of the `cert´ or make a deep copy, either way, the caller needs to + * free the `cert´ itself. + */ + +int +hx509_certs_add(hx509_context context, hx509_certs certs, hx509_cert cert) +{ + if (certs->ops->add == NULL) { + hx509_set_error_string(context, 0, ENOENT, + "Keyset type %s doesn't support add operation", + certs->ops->name); + return ENOENT; + } + + return (*certs->ops->add)(context, certs, certs->ops_data, cert); +} + +int +hx509_certs_find(hx509_context context, + hx509_certs certs, + const hx509_query *q, + hx509_cert *r) +{ + hx509_cursor cursor; + hx509_cert c; + int ret; + + *r = NULL; + + if (certs->ops->query) + return (*certs->ops->query)(context, certs, certs->ops_data, q, r); + + ret = hx509_certs_start_seq(context, certs, &cursor); + if (ret) + return ret; + + c = NULL; + while (1) { + ret = hx509_certs_next_cert(context, certs, cursor, &c); + if (ret) + break; + if (c == NULL) + break; + if (_hx509_query_match_cert(context, q, c)) { + *r = c; + break; + } + hx509_cert_free(c); + } + + hx509_certs_end_seq(context, certs, cursor); + if (ret) + return ret; + if (c == NULL) { + hx509_clear_error_string(context); + return HX509_CERT_NOT_FOUND; + } + + return 0; +} + +static int +certs_merge_func(hx509_context context, void *ctx, hx509_cert c) +{ + return hx509_certs_add(context, (hx509_certs)ctx, c); +} + +int +hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from) +{ + return hx509_certs_iter(context, from, certs_merge_func, to); +} + +int +hx509_certs_append(hx509_context context, + hx509_certs to, + hx509_lock lock, + const char *name) +{ + hx509_certs s; + int ret; + + ret = hx509_certs_init(context, name, 0, lock, &s); + if (ret) + return ret; + ret = hx509_certs_merge(context, to, s); + hx509_certs_free(&s); + return ret; +} + +int +hx509_get_one_cert(hx509_context context, hx509_certs certs, hx509_cert *c) +{ + hx509_cursor cursor; + int ret; + + *c = NULL; + + ret = hx509_certs_start_seq(context, certs, &cursor); + if (ret) + return ret; + + ret = hx509_certs_next_cert(context, certs, cursor, c); + if (ret) + return ret; + + hx509_certs_end_seq(context, certs, cursor); + return 0; +} + +static int +certs_info_stdio(void *ctx, char *str) +{ + FILE *f = ctx; + fprintf(f, "%s\n", str); + return 0; +} + +int +hx509_certs_info(hx509_context context, + hx509_certs certs, + int (*func)(void *, char *), + void *ctx) +{ + if (func == NULL) { + func = certs_info_stdio; + if (ctx == NULL) + ctx = stdout; + } + if (certs->ops->printinfo == NULL) { + (*func)(ctx, "No info function for certs"); + return 0; + } + return (*certs->ops->printinfo)(context, certs, certs->ops_data, + func, ctx); +} + +void +_hx509_pi_printf(int (*func)(void *, char *), void *ctx, + char *fmt, ...) +{ + va_list ap; + char *str; + + va_start(ap, fmt); + vasprintf(&str, fmt, ap); + va_end(ap); + if (str == NULL) + return; + (*func)(ctx, str); + free(str); +} + +int +_hx509_certs_keys_get(hx509_context context, + hx509_certs certs, + hx509_private_key **keys) +{ + if (certs->ops->getkeys == NULL) { + *keys = NULL; + return 0; + } + return (*certs->ops->getkeys)(context, certs, certs->ops_data, keys); +} + +int +_hx509_certs_keys_add(hx509_context context, + hx509_certs certs, + hx509_private_key key) +{ + if (certs->ops->addkey == NULL) { + hx509_set_error_string(context, 0, EINVAL, + "keystore if type %s doesn't support " + "key add operation", + certs->ops->name); + return EINVAL; + } + return (*certs->ops->addkey)(context, certs, certs->ops_data, key); +} + + +void +_hx509_certs_keys_free(hx509_context context, + hx509_private_key *keys) +{ + int i; + for (i = 0; keys[i]; i++) + _hx509_private_key_free(&keys[i]); + free(keys); +} diff --git a/source4/heimdal/lib/hx509/ks_dir.c b/source4/heimdal/lib/hx509/ks_dir.c new file mode 100644 index 0000000000..01dcf5795b --- /dev/null +++ b/source4/heimdal/lib/hx509/ks_dir.c @@ -0,0 +1,223 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: ks_dir.c,v 1.7 2007/01/09 10:52:08 lha Exp $"); +#include + +/* + * The DIR keyset module is strange compared to the other modules + * since it does lazy evaluation and really doesn't keep any local + * state except for the directory iteration and cert iteration of + * files. DIR ignores most errors so that the consumer doesn't get + * failes for stray files in directories. + */ + +struct dircursor { + DIR *dir; + hx509_certs certs; + void *iter; +}; + +/* + * + */ + +static int +dir_init(hx509_context context, + hx509_certs certs, void **data, int flags, + const char *residue, hx509_lock lock) +{ + *data = NULL; + + { + struct stat sb; + int ret; + + ret = stat(residue, &sb); + if (ret == -1) { + hx509_set_error_string(context, 0, ENOENT, + "No such file %s", residue); + return ENOENT; + } + + if ((sb.st_mode & S_IFDIR) == 0) { + hx509_set_error_string(context, 0, ENOTDIR, + "%s is not a directory", residue); + return ENOTDIR; + } + } + + *data = strdup(residue); + if (*data == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + + return 0; +} + +static int +dir_free(hx509_certs certs, void *data) +{ + free(data); + return 0; +} + + + +static int +dir_iter_start(hx509_context context, + hx509_certs certs, void *data, void **cursor) +{ + struct dircursor *d; + + *cursor = NULL; + + d = calloc(1, sizeof(*d)); + if (d == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + + d->dir = opendir(data); + if (d->dir == NULL) { + hx509_clear_error_string(context); + free(d); + return errno; + } + d->certs = NULL; + d->iter = NULL; + + *cursor = d; + return 0; +} + +static int +dir_iter(hx509_context context, + hx509_certs certs, void *data, void *iter, hx509_cert *cert) +{ + struct dircursor *d = iter; + int ret = 0; + + *cert = NULL; + + do { + struct dirent *dir; + char *fn; + + if (d->certs) { + ret = hx509_certs_next_cert(context, d->certs, d->iter, cert); + if (ret) { + hx509_certs_end_seq(context, d->certs, d->iter); + d->iter = NULL; + hx509_certs_free(&d->certs); + return ret; + } + if (*cert) { + ret = 0; + break; + } + hx509_certs_end_seq(context, d->certs, d->iter); + d->iter = NULL; + hx509_certs_free(&d->certs); + } + + dir = readdir(d->dir); + if (dir == NULL) { + ret = 0; + break; + } + if (strcmp(dir->d_name, ".") == 0 || strcmp(dir->d_name, "..") == 0) + continue; + + if (asprintf(&fn, "FILE:%s/%s", (char *)data, dir->d_name) == -1) + return ENOMEM; + + ret = hx509_certs_init(context, fn, 0, NULL, &d->certs); + if (ret == 0) { + + ret = hx509_certs_start_seq(context, d->certs, &d->iter); + if (ret) + hx509_certs_free(&d->certs); + } + /* ignore errors */ + if (ret) { + d->certs = NULL; + ret = 0; + } + + free(fn); + } while(ret == 0); + + return ret; +} + + +static int +dir_iter_end(hx509_context context, + hx509_certs certs, + void *data, + void *cursor) +{ + struct dircursor *d = cursor; + + if (d->certs) { + hx509_certs_end_seq(context, d->certs, d->iter); + d->iter = NULL; + hx509_certs_free(&d->certs); + } + closedir(d->dir); + free(d); + return 0; +} + + +static struct hx509_keyset_ops keyset_dir = { + "DIR", + 0, + dir_init, + NULL, + dir_free, + NULL, + NULL, + dir_iter_start, + dir_iter, + dir_iter_end +}; + +void +_hx509_ks_dir_register(hx509_context context) +{ + _hx509_ks_register(context, &keyset_dir); +} diff --git a/source4/heimdal/lib/hx509/ks_file.c b/source4/heimdal/lib/hx509/ks_file.c new file mode 100644 index 0000000000..db0f475129 --- /dev/null +++ b/source4/heimdal/lib/hx509/ks_file.c @@ -0,0 +1,794 @@ +/* + * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: ks_file.c,v 1.31 2007/01/09 10:52:08 lha Exp $"); + +struct ks_file { + hx509_certs certs; + char *fn; +}; + +struct header { + char *header; + char *value; + struct header *next; +}; + +static int +add_headers(struct header **headers, const char *header, const char *value) +{ + struct header *h; + h = calloc(1, sizeof(*h)); + if (h == NULL) + return ENOMEM; + h->header = strdup(header); + if (h->header == NULL) { + free(h); + return ENOMEM; + } + h->value = strdup(value); + if (h->value == NULL) { + free(h->header); + free(h); + return ENOMEM; + } + + h->next = *headers; + *headers = h; + + return 0; +} + +static void +free_headers(struct header *headers) +{ + struct header *h; + while (headers) { + h = headers; + headers = headers->next; + free(h->header); + free(h->value); + free(h); + } +} + +static const char * +find_header(const struct header *headers, const char *header) +{ + while(headers) { + if (strcmp(header, headers->header) == 0) + return headers->value; + headers = headers->next; + } + return NULL; +} + +/* + * + */ + +static int +parse_certificate(hx509_context context, const char *fn, + struct hx509_collector *c, + const struct header *headers, + const void *data, size_t len) +{ + hx509_cert cert; + Certificate t; + size_t size; + int ret; + + ret = decode_Certificate(data, len, &t, &size); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to parse certificate in %s", + fn); + return ret; + } + + ret = hx509_cert_init(context, &t, &cert); + free_Certificate(&t); + if (ret) + return ret; + + ret = _hx509_collector_certs_add(context, c, cert); + hx509_cert_free(cert); + return ret; +} + +static int +try_decrypt(hx509_context context, + struct hx509_collector *collector, + const AlgorithmIdentifier *alg, + const EVP_CIPHER *c, + const void *ivdata, + const void *password, + size_t passwordlen, + const void *cipher, + size_t len) +{ + heim_octet_string clear; + size_t keylen; + void *key; + int ret; + + keylen = EVP_CIPHER_key_length(c); + + key = malloc(keylen); + if (key == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + + ret = EVP_BytesToKey(c, EVP_md5(), ivdata, + password, passwordlen, + 1, key, NULL); + if (ret <= 0) { + hx509_set_error_string(context, 0, HX509_CRYPTO_INTERNAL_ERROR, + "Failed to do string2key for private key"); + return HX509_CRYPTO_INTERNAL_ERROR; + } + + clear.data = malloc(len); + if (clear.data == NULL) { + hx509_set_error_string(context, 0, ENOMEM, + "Out of memory to decrypt for private key"); + ret = ENOMEM; + goto out; + } + clear.length = len; + + { + EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX_init(&ctx); + EVP_CipherInit_ex(&ctx, c, NULL, key, ivdata, 0); + EVP_Cipher(&ctx, clear.data, cipher, len); + EVP_CIPHER_CTX_cleanup(&ctx); + } + + ret = _hx509_collector_private_key_add(context, + collector, + alg, + NULL, + &clear, + NULL); + + memset(clear.data, 0, clear.length); + free(clear.data); +out: + memset(key, 0, keylen); + free(key); + return ret; +} + +static int +parse_rsa_private_key(hx509_context context, const char *fn, + struct hx509_collector *c, + const struct header *headers, + const void *data, size_t len) +{ + int ret = 0; + const char *enc; + + enc = find_header(headers, "Proc-Type"); + if (enc) { + const char *dek; + char *type, *iv; + ssize_t ssize, size; + void *ivdata; + const EVP_CIPHER *cipher; + const struct _hx509_password *pw; + hx509_lock lock; + int i, decrypted = 0; + + lock = _hx509_collector_get_lock(c); + if (lock == NULL) { + hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP, + "Failed to get password for " + "password protected file %s", fn); + return HX509_ALG_NOT_SUPP; + } + + if (strcmp(enc, "4,ENCRYPTED") != 0) { + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "RSA key encrypted in unknown method %s " + "in file", + enc, fn); + hx509_clear_error_string(context); + return HX509_PARSING_KEY_FAILED; + } + + dek = find_header(headers, "DEK-Info"); + if (dek == NULL) { + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "Encrypted RSA missing DEK-Info"); + return HX509_PARSING_KEY_FAILED; + } + + type = strdup(dek); + if (type == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + + iv = strchr(type, ','); + if (iv) + *iv++ = '\0'; + + size = strlen(iv); + ivdata = malloc(size); + if (ivdata == NULL) { + hx509_clear_error_string(context); + free(type); + return ENOMEM; + } + + cipher = EVP_get_cipherbyname(type); + if (cipher == NULL) { + free(ivdata); + hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP, + "RSA key encrypted with " + "unsupported cipher: %s", + type); + free(type); + return HX509_ALG_NOT_SUPP; + } + +#define PKCS5_SALT_LEN 8 + + ssize = hex_decode(iv, ivdata, size); + free(type); + type = NULL; + iv = NULL; + + if (ssize < 0 || ssize < PKCS5_SALT_LEN || ssize < EVP_CIPHER_iv_length(cipher)) { + free(ivdata); + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "Salt have wrong length in RSA key file"); + return HX509_PARSING_KEY_FAILED; + } + + pw = _hx509_lock_get_passwords(lock); + if (pw != NULL) { + const void *password; + size_t passwordlen; + + for (i = 0; i < pw->len; i++) { + password = pw->val[i]; + passwordlen = strlen(password); + + ret = try_decrypt(context, c, hx509_signature_rsa(), + cipher, ivdata, password, passwordlen, + data, len); + if (ret == 0) { + decrypted = 1; + break; + } + } + } + if (!decrypted) { + hx509_prompt prompt; + char password[128]; + + memset(&prompt, 0, sizeof(prompt)); + + prompt.prompt = "Password for keyfile: "; + prompt.type = HX509_PROMPT_TYPE_PASSWORD; + prompt.reply.data = password; + prompt.reply.length = sizeof(password); + + ret = hx509_lock_prompt(lock, &prompt); + if (ret == 0) + ret = try_decrypt(context, c, hx509_signature_rsa(), + cipher, ivdata, password, strlen(password), + data, len); + /* XXX add password to lock password collection ? */ + memset(password, 0, sizeof(password)); + } + free(ivdata); + + } else { + heim_octet_string keydata; + + keydata.data = rk_UNCONST(data); + keydata.length = len; + + ret = _hx509_collector_private_key_add(context, + c, + hx509_signature_rsa(), + NULL, + &keydata, + NULL); + } + + return ret; +} + + +struct pem_formats { + const char *name; + int (*func)(hx509_context, const char *, struct hx509_collector *, + const struct header *, const void *, size_t); +} formats[] = { + { "CERTIFICATE", parse_certificate }, + { "RSA PRIVATE KEY", parse_rsa_private_key } +}; + + +static int +parse_pem_file(hx509_context context, + const char *fn, + struct hx509_collector *c, + int *found_data) +{ + struct header *headers = NULL; + char *type = NULL; + void *data = NULL; + size_t len = 0; + char buf[1024]; + int ret; + FILE *f; + + + enum { BEFORE, SEARCHHEADER, INHEADER, INDATA, DONE } where; + + where = BEFORE; + *found_data = 0; + + if ((f = fopen(fn, "r")) == NULL) { + hx509_set_error_string(context, 0, ENOENT, + "Failed to open PEM file \"%s\": %s", + fn, strerror(errno)); + return ENOENT; + } + ret = 0; + + while (fgets(buf, sizeof(buf), f) != NULL) { + char *p; + int i; + + i = strcspn(buf, "\n"); + if (buf[i] == '\n') { + buf[i] = '\0'; + if (i > 0) + i--; + } + if (buf[i] == '\r') { + buf[i] = '\0'; + if (i > 0) + i--; + } + + switch (where) { + case BEFORE: + if (strncmp("-----BEGIN ", buf, 11) == 0) { + type = strdup(buf + 11); + if (type == NULL) + break; + p = strchr(type, '-'); + if (p) + *p = '\0'; + *found_data = 1; + where = SEARCHHEADER; + } + break; + case SEARCHHEADER: + p = strchr(buf, ':'); + if (p == NULL) { + where = INDATA; + goto indata; + } + /* FALLTHOUGH */ + case INHEADER: + if (buf[0] == '\0') { + where = INDATA; + break; + } + p = strchr(buf, ':'); + if (p) { + *p++ = '\0'; + while (isspace((int)*p)) + p++; + add_headers(&headers, buf, p); + } + break; + case INDATA: + indata: + + if (strncmp("-----END ", buf, 9) == 0) { + where = DONE; + break; + } + + p = emalloc(i); + i = base64_decode(buf, p); + if (i < 0) { + free(p); + goto out; + } + + data = erealloc(data, len + i); + memcpy(((char *)data) + len, p, i); + free(p); + len += i; + break; + case DONE: + abort(); + } + + if (where == DONE) { + int j; + + for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) { + const char *q = formats[j].name; + if (strcasecmp(type, q) == 0) { + ret = (*formats[j].func)(context, fn, c, + headers, data, len); + break; + } + } + if (j == sizeof(formats)/sizeof(formats[0])) { + ret = HX509_UNSUPPORTED_OPERATION; + hx509_set_error_string(context, 0, ret, + "Found no matching PEM format for %s", + type); + } + out: + free(data); + data = NULL; + len = 0; + free(type); + type = NULL; + where = BEFORE; + free_headers(headers); + headers = NULL; + if (ret) + break; + } + } + + fclose(f); + + if (where != BEFORE) { + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "File ends before end of PEM end tag"); + ret = HX509_PARSING_KEY_FAILED; + } + if (data) + free(data); + if (type) + free(type); + if (headers) + free_headers(headers); + + return ret; +} + +/* + * + */ + +static int +file_init(hx509_context context, + hx509_certs certs, void **data, int flags, + const char *residue, hx509_lock lock) +{ + char *p, *pnext; + struct ks_file *f = NULL; + struct hx509_collector *c = NULL; + hx509_private_key *keys = NULL; + int ret; + + *data = NULL; + + if (lock == NULL) + lock = _hx509_empty_lock; + + f = calloc(1, sizeof(*f)); + if (f == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + + f->fn = strdup(residue); + if (f->fn == NULL) { + hx509_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + /* + * XXX this is broken, the function should parse the file before + * overwriting it + */ + + if (flags & HX509_CERTS_CREATE) { + ret = hx509_certs_init(context, "MEMORY:ks-file-create", + 0, lock, &f->certs); + if (ret) + goto out; + *data = f; + return 0; + } + + c = _hx509_collector_alloc(context, lock); + if (c == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "out of memory"); + goto out; + } + + for (p = f->fn; p != NULL; p = pnext) { + int found_data; + + pnext = strchr(p, ','); + if (pnext) + *pnext++ = '\0'; + + ret = parse_pem_file(context, p, c, &found_data); + if (ret) + goto out; + + if (!found_data) { + size_t length; + void *ptr; + int i; + + ret = _hx509_map_file(p, &ptr, &length, NULL); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + + for (i = 0; i < sizeof(formats)/sizeof(formats[0]); i++) { + ret = (*formats[i].func)(context, p, c, NULL, ptr, length); + if (ret == 0) + break; + } + _hx509_unmap_file(ptr, length); + if (ret) + goto out; + } + } + + ret = _hx509_collector_collect_certs(context, c, &f->certs); + if (ret) + goto out; + + ret = _hx509_collector_collect_private_keys(context, c, &keys); + if (ret == 0) { + int i; + + for (i = 0; keys[i]; i++) + _hx509_certs_keys_add(context, f->certs, keys[i]); + _hx509_certs_keys_free(context, keys); + } + +out: + if (ret == 0) + *data = f; + else { + if (f->fn) + free(f->fn); + free(f); + } + if (c) + _hx509_collector_free(c); + return ret; +} + +static int +file_free(hx509_certs certs, void *data) +{ + struct ks_file *f = data; + hx509_certs_free(&f->certs); + free(f->fn); + free(f); + return 0; +} + +static void +pem_header(FILE *f, const char *type, const char *str) +{ + fprintf(f, "-----%s %s-----\n", type, str); +} + +static int +dump_pem_file(hx509_context context, const char *header, + FILE *f, const void *data, size_t size) +{ + const char *p = data; + size_t length; + char *line; + +#define ENCODE_LINE_LENGTH 54 + + pem_header(f, "BEGIN", header); + + while (size > 0) { + ssize_t l; + + length = size; + if (length > ENCODE_LINE_LENGTH) + length = ENCODE_LINE_LENGTH; + + l = base64_encode(p, length, &line); + if (l < 0) { + hx509_set_error_string(context, 0, ENOMEM, + "malloc - out of memory"); + return ENOMEM; + } + size -= length; + fprintf(f, "%s\n", line); + p += length; + free(line); + } + + pem_header(f, "END", header); + + return 0; +} + +static int +store_private_key(hx509_context context, FILE *f, hx509_private_key key) +{ + heim_octet_string data; + int ret; + + ret = _hx509_private_key_export(context, key, &data); + if (ret == 0) + dump_pem_file(context, _hx509_private_pem_name(key), f, + data.data, data.length); + free(data.data); + return ret; +} + +static int +store_func(hx509_context context, void *ctx, hx509_cert c) +{ + FILE *f = (FILE *)ctx; + size_t size; + heim_octet_string data; + int ret; + + ASN1_MALLOC_ENCODE(Certificate, data.data, data.length, + _hx509_get_cert(c), &size, ret); + if (ret) + return ret; + if (data.length != size) + _hx509_abort("internal ASN.1 encoder error"); + + dump_pem_file(context, "CERTIFICATE", f, data.data, data.length); + free(data.data); + + if (_hx509_cert_private_key_exportable(c)) + store_private_key(context, f, _hx509_cert_private_key(c)); + + return 0; +} + +static int +file_store(hx509_context context, + hx509_certs certs, void *data, int flags, hx509_lock lock) +{ + struct ks_file *f = data; + FILE *fh; + int ret; + + fh = fopen(f->fn, "w"); + if (fh == NULL) { + hx509_set_error_string(context, 0, ENOENT, + "Failed to open file %s for writing"); + return ENOENT; + } + + ret = hx509_certs_iter(context, f->certs, store_func, fh); + fclose(fh); + return ret; +} + +static int +file_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c) +{ + struct ks_file *f = data; + return hx509_certs_add(context, f->certs, c); +} + +static int +file_iter_start(hx509_context context, + hx509_certs certs, void *data, void **cursor) +{ + struct ks_file *f = data; + return hx509_certs_start_seq(context, f->certs, cursor); +} + +static int +file_iter(hx509_context context, + hx509_certs certs, void *data, void *iter, hx509_cert *cert) +{ + struct ks_file *f = data; + return hx509_certs_next_cert(context, f->certs, iter, cert); +} + +static int +file_iter_end(hx509_context context, + hx509_certs certs, + void *data, + void *cursor) +{ + struct ks_file *f = data; + return hx509_certs_end_seq(context, f->certs, cursor); +} + +static int +file_getkeys(hx509_context context, + hx509_certs certs, + void *data, + hx509_private_key **keys) +{ + struct ks_file *f = data; + return _hx509_certs_keys_get(context, f->certs, keys); +} + +static int +file_addkey(hx509_context context, + hx509_certs certs, + void *data, + hx509_private_key key) +{ + struct ks_file *f = data; + return _hx509_certs_keys_add(context, f->certs, key); +} + +static struct hx509_keyset_ops keyset_file = { + "FILE", + 0, + file_init, + file_store, + file_free, + file_add, + NULL, + file_iter_start, + file_iter, + file_iter_end, + NULL, + file_getkeys, + file_addkey +}; + +void +_hx509_ks_file_register(hx509_context context) +{ + _hx509_ks_register(context, &keyset_file); +} diff --git a/source4/heimdal/lib/hx509/ks_mem.c b/source4/heimdal/lib/hx509/ks_mem.c new file mode 100644 index 0000000000..dd7b7166bc --- /dev/null +++ b/source4/heimdal/lib/hx509/ks_mem.c @@ -0,0 +1,223 @@ +/* + * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("Id$"); + +/* + * Should use two hash/tree certificates intead of a array. Criteria + * should be subject and subjectKeyIdentifier since those two are + * commonly seached on in CMS and path building. + */ + +struct mem_data { + char *name; + struct { + unsigned long len; + hx509_cert *val; + } certs; + hx509_private_key *keys; +}; + +static int +mem_init(hx509_context context, + hx509_certs certs, void **data, int flags, + const char *residue, hx509_lock lock) +{ + struct mem_data *mem; + mem = calloc(1, sizeof(*mem)); + if (mem == NULL) + return ENOMEM; + if (residue == NULL || residue[0] == '\0') + residue = "anonymous"; + mem->name = strdup(residue); + if (mem->name == NULL) { + free(mem); + return ENOMEM; + } + *data = mem; + return 0; +} + +static int +mem_free(hx509_certs certs, void *data) +{ + struct mem_data *mem = data; + unsigned long i; + + for (i = 0; i < mem->certs.len; i++) + hx509_cert_free(mem->certs.val[i]); + free(mem->certs.val); + for (i = 0; mem->keys && mem->keys[i]; i++) + _hx509_private_key_free(&mem->keys[i]); + free(mem->name); + free(mem); + + return 0; +} + +static int +mem_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c) +{ + struct mem_data *mem = data; + hx509_cert *val; + + val = realloc(mem->certs.val, + (mem->certs.len + 1) * sizeof(mem->certs.val[0])); + if (val == NULL) + return ENOMEM; + + mem->certs.val = val; + mem->certs.val[mem->certs.len] = hx509_cert_ref(c); + mem->certs.len++; + + return 0; +} + +static int +mem_iter_start(hx509_context context, + hx509_certs certs, + void *data, + void **cursor) +{ + unsigned long *iter = malloc(sizeof(*iter)); + + if (iter == NULL) + return ENOMEM; + + *iter = 0; + *cursor = iter; + + return 0; +} + +static int +mem_iter(hx509_context contexst, + hx509_certs certs, + void *data, + void *cursor, + hx509_cert *cert) +{ + unsigned long *iter = cursor; + struct mem_data *mem = data; + + if (*iter >= mem->certs.len) { + *cert = NULL; + return 0; + } + + *cert = hx509_cert_ref(mem->certs.val[*iter]); + (*iter)++; + return 0; +} + +static int +mem_iter_end(hx509_context context, + hx509_certs certs, + void *data, + void *cursor) +{ + free(cursor); + return 0; +} + +static int +mem_getkeys(hx509_context context, + hx509_certs certs, + void *data, + hx509_private_key **keys) +{ + struct mem_data *mem = data; + int i; + + for (i = 0; mem->keys && mem->keys[i]; i++) + ; + *keys = calloc(i, sizeof(**keys)); + for (i = 0; mem->keys && mem->keys[i]; i++) { + (*keys)[i] = _hx509_private_key_ref(mem->keys[i]); + if ((*keys)[i] == NULL) { + while (--i >= 0) + _hx509_private_key_free(&(*keys)[i]); + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + } + (*keys)[i] = NULL; + return 0; +} + +static int +mem_addkey(hx509_context context, + hx509_certs certs, + void *data, + hx509_private_key key) +{ + struct mem_data *mem = data; + void *ptr; + int i; + + for (i = 0; mem->keys && mem->keys[i]; i++) + ; + ptr = realloc(mem->keys, (i + 2) * sizeof(*mem->keys)); + if (ptr == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + mem->keys = ptr; + mem->keys[i++] = _hx509_private_key_ref(key); + mem->keys[i++] = NULL; + return 0; +} + + +static struct hx509_keyset_ops keyset_mem = { + "MEMORY", + 0, + mem_init, + NULL, + mem_free, + mem_add, + NULL, + mem_iter_start, + mem_iter, + mem_iter_end, + NULL, + mem_getkeys, + mem_addkey +}; + +void +_hx509_ks_mem_register(hx509_context context) +{ + _hx509_ks_register(context, &keyset_mem); +} diff --git a/source4/heimdal/lib/hx509/ks_null.c b/source4/heimdal/lib/hx509/ks_null.c new file mode 100644 index 0000000000..1e6c2ea3fb --- /dev/null +++ b/source4/heimdal/lib/hx509/ks_null.c @@ -0,0 +1,92 @@ +/* + * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: ks_null.c,v 1.5 2007/01/09 10:52:10 lha Exp $"); + + +static int +null_init(hx509_context context, + hx509_certs certs, void **data, int flags, + const char *residue, hx509_lock lock) +{ + *data = NULL; + return 0; +} + +static int +null_free(hx509_certs certs, void *data) +{ + assert(data == NULL); + return 0; +} + +static int +null_iter_start(hx509_context context, + hx509_certs certs, void *data, void **cursor) +{ + *cursor = NULL; + return 0; +} + +static int +null_iter(hx509_context context, + hx509_certs certs, void *data, void *iter, hx509_cert *cert) +{ + *cert = NULL; + return ENOENT; +} + +static int +null_iter_end(hx509_context context, + hx509_certs certs, + void *data, + void *cursor) +{ + assert(cursor == NULL); + return 0; +} + + +struct hx509_keyset_ops keyset_null = { + "NULL", + 0, + null_init, + NULL, + null_free, + NULL, + NULL, + null_iter_start, + null_iter, + null_iter_end +}; diff --git a/source4/heimdal/lib/hx509/ks_p11.c b/source4/heimdal/lib/hx509/ks_p11.c new file mode 100644 index 0000000000..b103264b7a --- /dev/null +++ b/source4/heimdal/lib/hx509/ks_p11.c @@ -0,0 +1,1183 @@ +/* + * Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: ks_p11.c,v 1.45 2007/01/09 19:43:35 lha Exp $"); +#ifdef HAVE_DLFCN_H +#include +#endif + +#ifdef HAVE_DLOPEN + +#include "pkcs11.h" + +struct p11_slot { + int flags; +#define P11_SESSION 1 +#define P11_SESSION_IN_USE 2 +#define P11_LOGIN_REQ 4 +#define P11_LOGIN_DONE 8 +#define P11_TOKEN_PRESENT 16 + CK_SESSION_HANDLE session; + CK_SLOT_ID id; + CK_BBOOL token; + char *name; + hx509_certs certs; + char *pin; + struct { + CK_MECHANISM_TYPE_PTR list; + CK_ULONG num; + CK_MECHANISM_INFO_PTR *infos; + } mechs; +}; + +struct p11_module { + void *dl_handle; + CK_FUNCTION_LIST_PTR funcs; + CK_ULONG num_slots; + unsigned int refcount; + struct p11_slot *slot; +}; + +#define P11FUNC(module,f,args) (*(module)->funcs->C_##f)args + +static int p11_get_session(hx509_context, + struct p11_module *, + struct p11_slot *, + hx509_lock, + CK_SESSION_HANDLE *); +static int p11_put_session(struct p11_module *, + struct p11_slot *, + CK_SESSION_HANDLE); +static void p11_release_module(struct p11_module *); + +static int p11_list_keys(hx509_context, + struct p11_module *, + struct p11_slot *, + CK_SESSION_HANDLE, + hx509_lock, + hx509_certs *); + +/* + * + */ + +struct p11_rsa { + struct p11_module *p; + struct p11_slot *slot; + CK_OBJECT_HANDLE private_key; + CK_OBJECT_HANDLE public_key; +}; + +static int +p11_rsa_public_encrypt(int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, + int padding) +{ + return -1; +} + +static int +p11_rsa_public_decrypt(int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, + int padding) +{ + return -1; +} + + +static int +p11_rsa_private_encrypt(int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, + int padding) +{ + struct p11_rsa *p11rsa = RSA_get_app_data(rsa); + CK_OBJECT_HANDLE key = p11rsa->private_key; + CK_SESSION_HANDLE session; + CK_MECHANISM mechanism; + CK_ULONG ck_sigsize; + int ret; + + if (padding != RSA_PKCS1_PADDING) + return -1; + + memset(&mechanism, 0, sizeof(mechanism)); + mechanism.mechanism = CKM_RSA_PKCS; + + ck_sigsize = RSA_size(rsa); + + ret = p11_get_session(NULL, p11rsa->p, p11rsa->slot, NULL, &session); + if (ret) + return -1; + + ret = P11FUNC(p11rsa->p, SignInit, (session, &mechanism, key)); + if (ret != CKR_OK) { + p11_put_session(p11rsa->p, p11rsa->slot, session); + return -1; + } + + ret = P11FUNC(p11rsa->p, Sign, + (session, (CK_BYTE *)from, flen, to, &ck_sigsize)); + p11_put_session(p11rsa->p, p11rsa->slot, session); + if (ret != CKR_OK) + return -1; + + return ck_sigsize; +} + +static int +p11_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to, + RSA * rsa, int padding) +{ + struct p11_rsa *p11rsa = RSA_get_app_data(rsa); + CK_OBJECT_HANDLE key = p11rsa->private_key; + CK_SESSION_HANDLE session; + CK_MECHANISM mechanism; + CK_ULONG ck_sigsize; + int ret; + + if (padding != RSA_PKCS1_PADDING) + return -1; + + memset(&mechanism, 0, sizeof(mechanism)); + mechanism.mechanism = CKM_RSA_PKCS; + + ck_sigsize = RSA_size(rsa); + + ret = p11_get_session(NULL, p11rsa->p, p11rsa->slot, NULL, &session); + if (ret) + return -1; + + ret = P11FUNC(p11rsa->p, DecryptInit, (session, &mechanism, key)); + if (ret != CKR_OK) { + p11_put_session(p11rsa->p, p11rsa->slot, session); + return -1; + } + + ret = P11FUNC(p11rsa->p, Decrypt, + (session, (CK_BYTE *)from, flen, to, &ck_sigsize)); + p11_put_session(p11rsa->p, p11rsa->slot, session); + if (ret != CKR_OK) + return -1; + + return ck_sigsize; +} + +static int +p11_rsa_init(RSA *rsa) +{ + return 1; +} + +static int +p11_rsa_finish(RSA *rsa) +{ + struct p11_rsa *p11rsa = RSA_get_app_data(rsa); + p11_release_module(p11rsa->p); + free(p11rsa); + return 1; +} + +static const RSA_METHOD rsa_pkcs1_method = { + "hx509 PKCS11 PKCS#1 RSA", + p11_rsa_public_encrypt, + p11_rsa_public_decrypt, + p11_rsa_private_encrypt, + p11_rsa_private_decrypt, + NULL, + NULL, + p11_rsa_init, + p11_rsa_finish, + 0, + NULL, + NULL, + NULL +}; + +/* + * + */ + +static int +p11_mech_info(hx509_context context, + struct p11_module *p, + struct p11_slot *slot, + int num) +{ + CK_ULONG i; + int ret; + + ret = P11FUNC(p, GetMechanismList, (slot->id, NULL_PTR, &i)); + if (ret) { + hx509_set_error_string(context, 0, HX509_PKCS11_NO_MECH, + "Failed to get mech list count for slot %d", + num); + return HX509_PKCS11_NO_MECH; + } + if (i == 0) { + hx509_set_error_string(context, 0, HX509_PKCS11_NO_MECH, + "no mech supported for slot %d", num); + return HX509_PKCS11_NO_MECH; + } + slot->mechs.list = calloc(i, sizeof(slot->mechs.list[0])); + if (slot->mechs.list == NULL) { + hx509_set_error_string(context, 0, ENOMEM, + "out of memory"); + return ENOMEM; + } + slot->mechs.num = i; + ret = P11FUNC(p, GetMechanismList, (slot->id, slot->mechs.list, &i)); + if (ret) { + hx509_set_error_string(context, 0, HX509_PKCS11_NO_MECH, + "Failed to get mech list for slot %d", + num); + return HX509_PKCS11_NO_MECH; + } + assert(i == slot->mechs.num); + + slot->mechs.infos = calloc(i, sizeof(*slot->mechs.infos)); + if (slot->mechs.list == NULL) { + hx509_set_error_string(context, 0, ENOMEM, + "out of memory"); + return ENOMEM; + } + + for (i = 0; i < slot->mechs.num; i++) { + slot->mechs.infos[i] = calloc(1, sizeof(*(slot->mechs.infos[0]))); + if (slot->mechs.infos[i] == NULL) { + hx509_set_error_string(context, 0, ENOMEM, + "out of memory"); + return ENOMEM; + } + ret = P11FUNC(p, GetMechanismInfo, (slot->id, slot->mechs.list[i], + slot->mechs.infos[i])); + if (ret) { + hx509_set_error_string(context, 0, HX509_PKCS11_NO_MECH, + "Failed to get mech info for slot %d", + num); + return HX509_PKCS11_NO_MECH; + } + } + + return 0; +} + +static int +p11_init_slot(hx509_context context, + struct p11_module *p, + hx509_lock lock, + CK_SLOT_ID id, + int num, + struct p11_slot *slot) +{ + CK_SESSION_HANDLE session; + CK_SLOT_INFO slot_info; + CK_TOKEN_INFO token_info; + int ret, i; + + slot->certs = NULL; + slot->id = id; + + ret = P11FUNC(p, GetSlotInfo, (slot->id, &slot_info)); + if (ret) { + hx509_set_error_string(context, 0, HX509_PKCS11_TOKEN_CONFUSED, + "Failed to init PKCS11 slot %d", + num); + return HX509_PKCS11_TOKEN_CONFUSED; + } + + for (i = sizeof(slot_info.slotDescription) - 1; i > 0; i--) { + char c = slot_info.slotDescription[i]; + if (c == ' ' || c == '\t' || c == '\n' || c == '\r' || c == '\0') + continue; + i++; + break; + } + + asprintf(&slot->name, "%.*s", + i, slot_info.slotDescription); + + if ((slot_info.flags & CKF_TOKEN_PRESENT) == 0) + return 0; + + ret = P11FUNC(p, GetTokenInfo, (slot->id, &token_info)); + if (ret) { + hx509_set_error_string(context, 0, HX509_PKCS11_NO_TOKEN, + "Failed to init PKCS11 slot %d " + "with error 0x08x", + num, ret); + return HX509_PKCS11_NO_TOKEN; + } + slot->flags |= P11_TOKEN_PRESENT; + + if (token_info.flags & CKF_LOGIN_REQUIRED) + slot->flags |= P11_LOGIN_REQ; + + ret = p11_get_session(context, p, slot, lock, &session); + if (ret) + return ret; + + ret = p11_mech_info(context, p, slot, num); + if (ret) + goto out; + + ret = p11_list_keys(context, p, slot, session, lock, &slot->certs); + out: + p11_put_session(p, slot, session); + + return ret; +} + +static int +p11_get_session(hx509_context context, + struct p11_module *p, + struct p11_slot *slot, + hx509_lock lock, + CK_SESSION_HANDLE *psession) +{ + CK_RV ret; + + if (slot->flags & P11_SESSION_IN_USE) + _hx509_abort("slot already in session"); + + if (slot->flags & P11_SESSION) { + slot->flags |= P11_SESSION_IN_USE; + *psession = slot->session; + return 0; + } + + ret = P11FUNC(p, OpenSession, (slot->id, + CKF_SERIAL_SESSION, + NULL, + NULL, + &slot->session)); + if (ret != CKR_OK) { + if (context) + hx509_set_error_string(context, 0, HX509_PKCS11_OPEN_SESSION, + "Failed to OpenSession for slot id %d " + "with error: 0x%08x", + (int)slot->id, ret); + return HX509_PKCS11_OPEN_SESSION; + } + + slot->flags |= P11_SESSION; + + /* + * If we have have to login, and haven't tried before and have a + * prompter or known to work pin code. + * + * This code is very conversative and only uses the prompter in + * the hx509_lock, the reason is that its bad to try many + * passwords on a pkcs11 token, it might lock up and have to be + * unlocked by a administrator. + * + * XXX try harder to not use pin several times on the same card. + */ + + if ( (slot->flags & P11_LOGIN_REQ) + && (slot->flags & P11_LOGIN_DONE) == 0 + && (lock || slot->pin)) + { + hx509_prompt prompt; + char pin[20]; + char *str; + + slot->flags |= P11_LOGIN_DONE; + + if (slot->pin == NULL) { + + memset(&prompt, 0, sizeof(prompt)); + + asprintf(&str, "PIN code for %s: ", slot->name); + prompt.prompt = str; + prompt.type = HX509_PROMPT_TYPE_PASSWORD; + prompt.reply.data = pin; + prompt.reply.length = sizeof(pin); + + ret = hx509_lock_prompt(lock, &prompt); + if (ret) { + free(str); + if (context) + hx509_set_error_string(context, 0, ret, + "Failed to get pin code for slot " + "id %d with error: %d", + (int)slot->id, ret); + return ret; + } + free(str); + } else { + strlcpy(pin, slot->pin, sizeof(pin)); + } + + ret = P11FUNC(p, Login, (slot->session, CKU_USER, + (unsigned char*)pin, strlen(pin))); + if (ret != CKR_OK) { + if (context) + hx509_set_error_string(context, 0, HX509_PKCS11_LOGIN, + "Failed to login on slot id %d " + "with error: 0x%08x", + (int)slot->id, ret); + p11_put_session(p, slot, slot->session); + return HX509_PKCS11_LOGIN; + } + if (slot->pin == NULL) { + slot->pin = strdup(pin); + if (slot->pin == NULL) { + if (context) + hx509_set_error_string(context, 0, ENOMEM, + "out of memory"); + p11_put_session(p, slot, slot->session); + return ENOMEM; + } + } + } else + slot->flags |= P11_LOGIN_DONE; + + slot->flags |= P11_SESSION_IN_USE; + + *psession = slot->session; + + return 0; +} + +static int +p11_put_session(struct p11_module *p, + struct p11_slot *slot, + CK_SESSION_HANDLE session) +{ + if ((slot->flags & P11_SESSION_IN_USE) == 0) + _hx509_abort("slot not in session"); + slot->flags &= ~P11_SESSION_IN_USE; + + return 0; +} + +static int +iterate_entries(hx509_context context, + struct p11_module *p, struct p11_slot *slot, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE *search_data, int num_search_data, + CK_ATTRIBUTE *query, int num_query, + int (*func)(hx509_context, + struct p11_module *, struct p11_slot *, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + void *, CK_ATTRIBUTE *, int), void *ptr) +{ + CK_OBJECT_HANDLE object; + CK_ULONG object_count; + int ret, i; + + ret = P11FUNC(p, FindObjectsInit, (session, search_data, num_search_data)); + if (ret != CKR_OK) { + return -1; + } + while (1) { + ret = P11FUNC(p, FindObjects, (session, &object, 1, &object_count)); + if (ret != CKR_OK) { + return -1; + } + if (object_count == 0) + break; + + for (i = 0; i < num_query; i++) + query[i].pValue = NULL; + + ret = P11FUNC(p, GetAttributeValue, + (session, object, query, num_query)); + if (ret != CKR_OK) { + return -1; + } + for (i = 0; i < num_query; i++) { + query[i].pValue = malloc(query[i].ulValueLen); + if (query[i].pValue == NULL) { + ret = ENOMEM; + goto out; + } + } + ret = P11FUNC(p, GetAttributeValue, + (session, object, query, num_query)); + if (ret != CKR_OK) { + ret = -1; + goto out; + } + + ret = (*func)(context, p, slot, session, object, ptr, query, num_query); + if (ret) + goto out; + + for (i = 0; i < num_query; i++) { + if (query[i].pValue) + free(query[i].pValue); + query[i].pValue = NULL; + } + } + out: + + for (i = 0; i < num_query; i++) { + if (query[i].pValue) + free(query[i].pValue); + query[i].pValue = NULL; + } + + ret = P11FUNC(p, FindObjectsFinal, (session)); + if (ret != CKR_OK) { + return -2; + } + + + return 0; +} + +static BIGNUM * +getattr_bn(struct p11_module *p, + struct p11_slot *slot, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + unsigned int type) +{ + CK_ATTRIBUTE query; + BIGNUM *bn; + int ret; + + query.type = type; + query.pValue = NULL; + query.ulValueLen = 0; + + ret = P11FUNC(p, GetAttributeValue, + (session, object, &query, 1)); + if (ret != CKR_OK) + return NULL; + + query.pValue = malloc(query.ulValueLen); + + ret = P11FUNC(p, GetAttributeValue, + (session, object, &query, 1)); + if (ret != CKR_OK) { + free(query.pValue); + return NULL; + } + bn = BN_bin2bn(query.pValue, query.ulValueLen, NULL); + free(query.pValue); + + return bn; +} + +static int +collect_private_key(hx509_context context, + struct p11_module *p, struct p11_slot *slot, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + void *ptr, CK_ATTRIBUTE *query, int num_query) +{ + struct hx509_collector *collector = ptr; + hx509_private_key key; + heim_octet_string localKeyId; + int ret; + RSA *rsa; + struct p11_rsa *p11rsa; + + localKeyId.data = query[0].pValue; + localKeyId.length = query[0].ulValueLen; + + ret = _hx509_private_key_init(&key, NULL, NULL); + if (ret) + return ret; + + rsa = RSA_new(); + if (rsa == NULL) + _hx509_abort("out of memory"); + + /* + * The exponent and modulus should always be present according to + * the pkcs11 specification, but some smartcards leaves it out, + * let ignore any failure to fetch it. + */ + rsa->n = getattr_bn(p, slot, session, object, CKA_MODULUS); + rsa->e = getattr_bn(p, slot, session, object, CKA_PUBLIC_EXPONENT); + + p11rsa = calloc(1, sizeof(*p11rsa)); + if (p11rsa == NULL) + _hx509_abort("out of memory"); + + p11rsa->p = p; + p11rsa->slot = slot; + p11rsa->private_key = object; + + p->refcount++; + if (p->refcount == 0) + _hx509_abort("pkcs11 refcount to high"); + + RSA_set_method(rsa, &rsa_pkcs1_method); + ret = RSA_set_app_data(rsa, p11rsa); + if (ret != 1) + _hx509_abort("RSA_set_app_data"); + + _hx509_private_key_assign_rsa(key, rsa); + + ret = _hx509_collector_private_key_add(context, + collector, + hx509_signature_rsa(), + key, + NULL, + &localKeyId); + + if (ret) { + _hx509_private_key_free(&key); + return ret; + } + return 0; +} + +static void +p11_cert_release(hx509_cert cert, void *ctx) +{ + struct p11_module *p = ctx; + p11_release_module(p); +} + + +static int +collect_cert(hx509_context context, + struct p11_module *p, struct p11_slot *slot, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + void *ptr, CK_ATTRIBUTE *query, int num_query) +{ + struct hx509_collector *collector = ptr; + hx509_cert cert; + Certificate t; + int ret; + + if ((CK_LONG)query[0].ulValueLen == -1 || + (CK_LONG)query[1].ulValueLen == -1) + { + return 0; + } + + + ret = decode_Certificate(query[1].pValue, query[1].ulValueLen, + &t, NULL); + if (ret) { + hx509_clear_error_string(context); + return 0; + } + + ret = hx509_cert_init(context, &t, &cert); + free_Certificate(&t); + if (ret) + return ret; + + p->refcount++; + if (p->refcount == 0) + _hx509_abort("pkcs11 refcount to high"); + + _hx509_cert_set_release(cert, p11_cert_release, p); + + { + heim_octet_string data; + + data.data = query[0].pValue; + data.length = query[0].ulValueLen; + + _hx509_set_cert_attribute(context, + cert, + oid_id_pkcs_9_at_localKeyId(), + &data); + } + + if ((CK_LONG)query[2].ulValueLen != -1) { + char *str; + + asprintf(&str, "%.*s", + (int)query[2].ulValueLen, (char *)query[2].pValue); + if (str) { + hx509_cert_set_friendly_name(cert, str); + free(str); + } + } + + ret = _hx509_collector_certs_add(context, collector, cert); + hx509_cert_free(cert); + + return ret; +} + + +static int +p11_list_keys(hx509_context context, + struct p11_module *p, + struct p11_slot *slot, + CK_SESSION_HANDLE session, + hx509_lock lock, + hx509_certs *certs) +{ + struct hx509_collector *collector; + CK_OBJECT_CLASS key_class; + CK_ATTRIBUTE search_data[] = { + {CKA_CLASS, NULL, 0}, + }; + CK_ATTRIBUTE query_data[3] = { + {CKA_ID, NULL, 0}, + {CKA_VALUE, NULL, 0}, + {CKA_LABEL, NULL, 0} + }; + int ret; + + search_data[0].pValue = &key_class; + search_data[0].ulValueLen = sizeof(key_class); + + if (lock == NULL) + lock = _hx509_empty_lock; + + collector = _hx509_collector_alloc(context, lock); + if (collector == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + + key_class = CKO_PRIVATE_KEY; + ret = iterate_entries(context, p, slot, session, + search_data, 1, + query_data, 1, + collect_private_key, collector); + if (ret) + goto out; + + key_class = CKO_CERTIFICATE; + ret = iterate_entries(context, p, slot, session, + search_data, 1, + query_data, 3, + collect_cert, collector); + if (ret) + goto out; + + ret = _hx509_collector_collect_certs(context, collector, &slot->certs); + +out: + _hx509_collector_free(collector); + + return ret; +} + + +static int +p11_init(hx509_context context, + hx509_certs certs, void **data, int flags, + const char *residue, hx509_lock lock) +{ + CK_C_GetFunctionList getFuncs; + struct p11_module *p; + char *list, *str; + int ret; + + *data = NULL; + + list = strdup(residue); + if (list == NULL) + return ENOMEM; + + p = calloc(1, sizeof(*p)); + if (p == NULL) { + free(list); + return ENOMEM; + } + + p->refcount = 1; + + str = strchr(list, ','); + if (str) + *str++ = '\0'; + while (str) { + char *strnext; + strnext = strchr(str, ','); + if (strnext) + *strnext++ = '\0'; +#if 0 + if (strncasecmp(str, "slot=", 5) == 0) + p->selected_slot = atoi(str + 5); +#endif + str = strnext; + } + + p->dl_handle = dlopen(list, RTLD_NOW); + free(list); + if (p->dl_handle == NULL) { + ret = HX509_PKCS11_LOAD; + hx509_set_error_string(context, 0, ret, + "Failed to open %s: %s", list, dlerror()); + goto out; + } + + getFuncs = dlsym(p->dl_handle, "C_GetFunctionList"); + if (getFuncs == NULL) { + ret = HX509_PKCS11_LOAD; + hx509_set_error_string(context, 0, ret, + "C_GetFunctionList missing in %s: %s", + list, dlerror()); + goto out; + } + + ret = (*getFuncs)(&p->funcs); + if (ret) { + ret = HX509_PKCS11_LOAD; + hx509_set_error_string(context, 0, ret, + "C_GetFunctionList failed in %s", list); + goto out; + } + + ret = P11FUNC(p, Initialize, (NULL_PTR)); + if (ret != CKR_OK) { + ret = HX509_PKCS11_TOKEN_CONFUSED; + hx509_set_error_string(context, 0, ret, + "Failed initialize the PKCS11 module"); + goto out; + } + + ret = P11FUNC(p, GetSlotList, (FALSE, NULL, &p->num_slots)); + if (ret) { + ret = HX509_PKCS11_TOKEN_CONFUSED; + hx509_set_error_string(context, 0, ret, + "Failed to get number of PKCS11 slots"); + goto out; + } + + if (p->num_slots == 0) { + ret = HX509_PKCS11_NO_SLOT; + hx509_set_error_string(context, 0, ret, + "Selected PKCS11 module have no slots"); + goto out; + } + + + { + CK_SLOT_ID_PTR slot_ids; + int i, num_tokens = 0; + + slot_ids = malloc(p->num_slots * sizeof(*slot_ids)); + if (slot_ids == NULL) { + hx509_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + ret = P11FUNC(p, GetSlotList, (FALSE, slot_ids, &p->num_slots)); + if (ret) { + free(slot_ids); + hx509_set_error_string(context, 0, HX509_PKCS11_TOKEN_CONFUSED, + "Failed getting slot-list from " + "PKCS11 module"); + ret = HX509_PKCS11_TOKEN_CONFUSED; + goto out; + } + + p->slot = calloc(p->num_slots, sizeof(p->slot[0])); + if (p->slot == NULL) { + free(slot_ids); + hx509_set_error_string(context, 0, ENOMEM, + "Failed to get memory for slot-list"); + ret = ENOMEM; + goto out; + } + + for (i = 0; i < p->num_slots; i++) { + ret = p11_init_slot(context, p, lock, slot_ids[i], i, &p->slot[i]); + if (ret) + break; + if (p->slot[i].flags & P11_TOKEN_PRESENT) + num_tokens++; + } + free(slot_ids); + if (ret) + goto out; + if (num_tokens == 0) { + ret = HX509_PKCS11_NO_TOKEN; + goto out; + } + } + + *data = p; + + return 0; + out: + p11_release_module(p); + return ret; +} + +static void +p11_release_module(struct p11_module *p) +{ + int i; + + if (p->refcount == 0) + _hx509_abort("pkcs11 refcount to low"); + if (--p->refcount > 0) + return; + + for (i = 0; i < p->num_slots; i++) { + if (p->slot[i].flags & P11_SESSION_IN_USE) + _hx509_abort("pkcs11 module release while session in use"); + if (p->slot[i].flags & P11_SESSION) { + int ret; + + ret = P11FUNC(p, CloseSession, (p->slot[i].session)); + if (ret != CKR_OK) + ; + } + + if (p->slot[i].name) + free(p->slot[i].name); + if (p->slot[i].pin) { + memset(p->slot[i].pin, 0, strlen(p->slot[i].pin)); + free(p->slot[i].pin); + } + if (p->slot[i].mechs.num) { + free(p->slot[i].mechs.list); + + if (p->slot[i].mechs.infos) { + int j; + + for (j = 0 ; j < p->slot[i].mechs.num ; j++) + free(p->slot[i].mechs.infos[j]); + free(p->slot[i].mechs.infos); + } + } + } + free(p->slot); + + if (p->funcs) + P11FUNC(p, Finalize, (NULL)); + + if (p->dl_handle) + dlclose(p->dl_handle); + + memset(p, 0, sizeof(*p)); + free(p); +} + +static int +p11_free(hx509_certs certs, void *data) +{ + struct p11_module *p = data; + int i; + + for (i = 0; i < p->num_slots; i++) { + if (p->slot[i].certs) + hx509_certs_free(&p->slot[i].certs); + } + p11_release_module(p); + return 0; +} + +struct p11_cursor { + hx509_certs certs; + void *cursor; +}; + +static int +p11_iter_start(hx509_context context, + hx509_certs certs, void *data, void **cursor) +{ + struct p11_module *p = data; + struct p11_cursor *c; + int ret, i; + + c = malloc(sizeof(*c)); + if (c == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + ret = hx509_certs_init(context, "MEMORY:pkcs11-iter", 0, NULL, &c->certs); + if (ret) { + free(c); + return ret; + } + + for (i = 0 ; i < p->num_slots; i++) { + if (p->slot[i].certs == NULL) + continue; + ret = hx509_certs_merge(context, c->certs, p->slot[i].certs); + if (ret) { + hx509_certs_free(&c->certs); + free(c); + return ret; + } + } + + ret = hx509_certs_start_seq(context, c->certs, &c->cursor); + if (ret) { + hx509_certs_free(&c->certs); + free(c); + return 0; + } + *cursor = c; + + return 0; +} + +static int +p11_iter(hx509_context context, + hx509_certs certs, void *data, void *cursor, hx509_cert *cert) +{ + struct p11_cursor *c = cursor; + return hx509_certs_next_cert(context, c->certs, c->cursor, cert); +} + +static int +p11_iter_end(hx509_context context, + hx509_certs certs, void *data, void *cursor) +{ + struct p11_cursor *c = cursor; + int ret; + ret = hx509_certs_end_seq(context, c->certs, c->cursor); + hx509_certs_free(&c->certs); + free(c); + return ret; +} + +#define MECHFLAG(x) { "unknown-flag-" #x, x } +static struct units mechflags[] = { + MECHFLAG(0x80000000), + MECHFLAG(0x40000000), + MECHFLAG(0x20000000), + MECHFLAG(0x10000000), + MECHFLAG(0x08000000), + MECHFLAG(0x04000000), + {"ec-compress", 0x2000000 }, + {"ec-uncompress", 0x1000000 }, + {"ec-namedcurve", 0x0800000 }, + {"ec-ecparameters", 0x0400000 }, + {"ec-f-2m", 0x0200000 }, + {"ec-f-p", 0x0100000 }, + {"derive", 0x0080000 }, + {"unwrap", 0x0040000 }, + {"wrap", 0x0020000 }, + {"genereate-key-pair", 0x0010000 }, + {"generate", 0x0008000 }, + {"verify-recover", 0x0004000 }, + {"verify", 0x0002000 }, + {"sign-recover", 0x0001000 }, + {"sign", 0x0000800 }, + {"digest", 0x0000400 }, + {"decrypt", 0x0000200 }, + {"encrypt", 0x0000100 }, + MECHFLAG(0x00080), + MECHFLAG(0x00040), + MECHFLAG(0x00020), + MECHFLAG(0x00010), + MECHFLAG(0x00008), + MECHFLAG(0x00004), + MECHFLAG(0x00002), + {"hw", 0x0000001 }, + { NULL, 0x0000000 } +}; +#undef MECHFLAG + +static int +p11_printinfo(hx509_context context, + hx509_certs certs, + void *data, + int (*func)(void *, char *), + void *ctx) +{ + struct p11_module *p = data; + int i, j; + + _hx509_pi_printf(func, ctx, "pkcs11 driver with %d slot%s", + p->num_slots, p->num_slots > 1 ? "s" : ""); + + for (i = 0; i < p->num_slots; i++) { + struct p11_slot *s = &p->slot[i]; + + _hx509_pi_printf(func, ctx, "slot %d: id: %d name: %s flags: %08x", + i, (int)s->id, s->name, s->flags); + + _hx509_pi_printf(func, ctx, "number of supported mechanisms: %lu", + (unsigned long)s->mechs.num); + for (j = 0; j < s->mechs.num; j++) { + const char *mechname = "unknown"; + char flags[256], unknownname[40]; +#define MECHNAME(s,n) case s: mechname = n; break + switch(s->mechs.list[j]) { + MECHNAME(CKM_RSA_PKCS_KEY_PAIR_GEN, "rsa-pkcs-key-pair-gen"); + MECHNAME(CKM_RSA_PKCS, "rsa-pkcs"); + MECHNAME(CKM_RSA_X_509, "rsa-x-509"); + MECHNAME(CKM_MD5_RSA_PKCS, "md5-rsa-pkcs"); + MECHNAME(CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs"); + default: + snprintf(unknownname, sizeof(unknownname), + "unknown-mech-%lu", + (unsigned long)s->mechs.list[j]); + mechname = unknownname; + break; + } +#undef MECHNAME + unparse_flags(s->mechs.infos[j]->flags, mechflags, + flags, sizeof(flags)); + + _hx509_pi_printf(func, ctx, " %s: %s", mechname, flags); + } + } + + return 0; +} + +static struct hx509_keyset_ops keyset_pkcs11 = { + "PKCS11", + 0, + p11_init, + NULL, + p11_free, + NULL, + NULL, + p11_iter_start, + p11_iter, + p11_iter_end, + p11_printinfo +}; + +#endif /* HAVE_DLOPEN */ + +void +_hx509_ks_pkcs11_register(hx509_context context) +{ +#ifdef HAVE_DLOPEN + _hx509_ks_register(context, &keyset_pkcs11); +#endif +} diff --git a/source4/heimdal/lib/hx509/ks_p12.c b/source4/heimdal/lib/hx509/ks_p12.c new file mode 100644 index 0000000000..69dba802e5 --- /dev/null +++ b/source4/heimdal/lib/hx509/ks_p12.c @@ -0,0 +1,697 @@ +/* + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: ks_p12.c,v 1.18 2007/01/09 10:52:11 lha Exp $"); + +struct ks_pkcs12 { + hx509_certs certs; + char *fn; +}; + +typedef int (*collector_func)(hx509_context, + struct hx509_collector *, + const void *, size_t, + const PKCS12_Attributes *); + +struct type { + const heim_oid * (*oid)(void); + collector_func func; +}; + +static void +parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *, + const void *, size_t, const PKCS12_Attributes *); + + +static const PKCS12_Attribute * +find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid) +{ + int i; + if (attrs == NULL) + return NULL; + for (i = 0; i < attrs->len; i++) + if (der_heim_oid_cmp(oid, &attrs->val[i].attrId) == 0) + return &attrs->val[i]; + return NULL; +} + +static int +keyBag_parser(hx509_context context, + struct hx509_collector *c, + const void *data, size_t length, + const PKCS12_Attributes *attrs) +{ + const PKCS12_Attribute *attr; + PKCS8PrivateKeyInfo ki; + const heim_octet_string *os = NULL; + int ret; + + attr = find_attribute(attrs, oid_id_pkcs_9_at_localKeyId()); + if (attr) + os = &attr->attrValues; + + ret = decode_PKCS8PrivateKeyInfo(data, length, &ki, NULL); + if (ret) + return ret; + + _hx509_collector_private_key_add(context, + c, + &ki.privateKeyAlgorithm, + NULL, + &ki.privateKey, + &attr->attrValues); + free_PKCS8PrivateKeyInfo(&ki); + return 0; +} + +static int +ShroudedKeyBag_parser(hx509_context context, + struct hx509_collector *c, + const void *data, size_t length, + const PKCS12_Attributes *attrs) +{ + PKCS8EncryptedPrivateKeyInfo pk; + heim_octet_string content; + int ret; + + memset(&pk, 0, sizeof(pk)); + + ret = decode_PKCS8EncryptedPrivateKeyInfo(data, length, &pk, NULL); + if (ret) + return ret; + + ret = _hx509_pbe_decrypt(context, + _hx509_collector_get_lock(c), + &pk.encryptionAlgorithm, + &pk.encryptedData, + &content); + free_PKCS8EncryptedPrivateKeyInfo(&pk); + if (ret) + return ret; + + ret = keyBag_parser(context, c, content.data, content.length, attrs); + der_free_octet_string(&content); + return ret; +} + +static int +certBag_parser(hx509_context context, + struct hx509_collector *c, + const void *data, size_t length, + const PKCS12_Attributes *attrs) +{ + heim_octet_string os; + Certificate t; + hx509_cert cert; + PKCS12_CertBag cb; + int ret; + + ret = decode_PKCS12_CertBag(data, length, &cb, NULL); + if (ret) + return ret; + + if (der_heim_oid_cmp(oid_id_pkcs_9_at_certTypes_x509(), &cb.certType)) { + free_PKCS12_CertBag(&cb); + return 0; + } + + ret = decode_PKCS12_OctetString(cb.certValue.data, + cb.certValue.length, + &os, + NULL); + free_PKCS12_CertBag(&cb); + if (ret) + return ret; + + ret = decode_Certificate(os.data, os.length, &t, NULL); + der_free_octet_string(&os); + if (ret) + return ret; + + ret = hx509_cert_init(context, &t, &cert); + free_Certificate(&t); + if (ret) + return ret; + + ret = _hx509_collector_certs_add(context, c, cert); + if (ret) { + hx509_cert_free(cert); + return ret; + } + + { + const PKCS12_Attribute *attr; + const heim_oid * (*oids[])(void) = { + oid_id_pkcs_9_at_localKeyId, oid_id_pkcs_9_at_friendlyName + }; + int i; + + for (i = 0; i < sizeof(oids)/sizeof(oids[0]); i++) { + const heim_oid *oid = (*(oids[i]))(); + attr = find_attribute(attrs, oid); + if (attr) + _hx509_set_cert_attribute(context, cert, oid, + &attr->attrValues); + } + } + + hx509_cert_free(cert); + + return 0; +} + +static int +parse_safe_content(hx509_context context, + struct hx509_collector *c, + const unsigned char *p, size_t len) +{ + PKCS12_SafeContents sc; + int ret, i; + + memset(&sc, 0, sizeof(sc)); + + ret = decode_PKCS12_SafeContents(p, len, &sc, NULL); + if (ret) + return ret; + + for (i = 0; i < sc.len ; i++) + parse_pkcs12_type(context, + c, + &sc.val[i].bagId, + sc.val[i].bagValue.data, + sc.val[i].bagValue.length, + sc.val[i].bagAttributes); + + free_PKCS12_SafeContents(&sc); + return 0; +} + +static int +safeContent_parser(hx509_context context, + struct hx509_collector *c, + const void *data, size_t length, + const PKCS12_Attributes *attrs) +{ + heim_octet_string os; + int ret; + + ret = decode_PKCS12_OctetString(data, length, &os, NULL); + if (ret) + return ret; + ret = parse_safe_content(context, c, os.data, os.length); + der_free_octet_string(&os); + return ret; +} + +static int +encryptedData_parser(hx509_context context, + struct hx509_collector *c, + const void *data, size_t length, + const PKCS12_Attributes *attrs) +{ + heim_octet_string content; + heim_oid contentType; + int ret; + + memset(&contentType, 0, sizeof(contentType)); + + ret = hx509_cms_decrypt_encrypted(context, + _hx509_collector_get_lock(c), + data, length, + &contentType, + &content); + if (ret) + return ret; + + if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0) + ret = parse_safe_content(context, c, content.data, content.length); + + der_free_octet_string(&content); + der_free_oid(&contentType); + return ret; +} + +static int +envelopedData_parser(hx509_context context, + struct hx509_collector *c, + const void *data, size_t length, + const PKCS12_Attributes *attrs) +{ + heim_octet_string content; + heim_oid contentType; + hx509_lock lock; + int ret; + + memset(&contentType, 0, sizeof(contentType)); + + lock = _hx509_collector_get_lock(c); + + ret = hx509_cms_unenvelope(context, + _hx509_lock_unlock_certs(lock), + 0, + data, length, + NULL, + &contentType, + &content); + if (ret) { + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + "PKCS12 failed to unenvelope"); + return ret; + } + + if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0) + ret = parse_safe_content(context, c, content.data, content.length); + + der_free_octet_string(&content); + der_free_oid(&contentType); + + return ret; +} + + +struct type bagtypes[] = { + { oid_id_pkcs12_keyBag, keyBag_parser }, + { oid_id_pkcs12_pkcs8ShroudedKeyBag, ShroudedKeyBag_parser }, + { oid_id_pkcs12_certBag, certBag_parser }, + { oid_id_pkcs7_data, safeContent_parser }, + { oid_id_pkcs7_encryptedData, encryptedData_parser }, + { oid_id_pkcs7_envelopedData, envelopedData_parser } +}; + +static void +parse_pkcs12_type(hx509_context context, + struct hx509_collector *c, + const heim_oid *oid, + const void *data, size_t length, + const PKCS12_Attributes *attrs) +{ + int i; + + for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++) + if (der_heim_oid_cmp((*bagtypes[i].oid)(), oid) == 0) + (*bagtypes[i].func)(context, c, data, length, attrs); +} + +static int +p12_init(hx509_context context, + hx509_certs certs, void **data, int flags, + const char *residue, hx509_lock lock) +{ + struct ks_pkcs12 *p12; + size_t len; + void *buf; + PKCS12_PFX pfx; + PKCS12_AuthenticatedSafe as; + int ret, i; + struct hx509_collector *c; + + *data = NULL; + + if (lock == NULL) + lock = _hx509_empty_lock; + + c = _hx509_collector_alloc(context, lock); + if (c == NULL) + return ENOMEM; + + p12 = calloc(1, sizeof(*p12)); + if (p12 == NULL) { + ret = ENOMEM; + goto out; + } + + p12->fn = strdup(residue); + if (p12->fn == NULL) { + ret = ENOMEM; + goto out; + } + + if (flags & HX509_CERTS_CREATE) { + ret = hx509_certs_init(context, "MEMORY:ks-file-create", + 0, lock, &p12->certs); + if (ret) + goto out; + *data = p12; + return 0; + } + + ret = _hx509_map_file(residue, &buf, &len, NULL); + if (ret) + goto out; + + ret = decode_PKCS12_PFX(buf, len, &pfx, NULL); + _hx509_unmap_file(buf, len); + if (ret) + goto out; + + if (der_heim_oid_cmp(&pfx.authSafe.contentType, oid_id_pkcs7_data()) != 0) { + free_PKCS12_PFX(&pfx); + ret = EINVAL; + hx509_set_error_string(context, 0, ret, + "PKCS PFX isn't a pkcs7-data container"); + goto out; + } + + if (pfx.authSafe.content == NULL) { + free_PKCS12_PFX(&pfx); + ret = EINVAL; + hx509_set_error_string(context, 0, ret, + "PKCS PFX missing data"); + goto out; + } + + { + heim_octet_string asdata; + + ret = decode_PKCS12_OctetString(pfx.authSafe.content->data, + pfx.authSafe.content->length, + &asdata, + NULL); + free_PKCS12_PFX(&pfx); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + ret = decode_PKCS12_AuthenticatedSafe(asdata.data, + asdata.length, + &as, + NULL); + der_free_octet_string(&asdata); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + } + + for (i = 0; i < as.len; i++) + parse_pkcs12_type(context, + c, + &as.val[i].contentType, + as.val[i].content->data, + as.val[i].content->length, + NULL); + + free_PKCS12_AuthenticatedSafe(&as); + + ret = _hx509_collector_collect_certs(context, c, &p12->certs); + if (ret == 0) + *data = p12; + +out: + _hx509_collector_free(c); + + if (ret) { + if (p12->certs) + hx509_certs_free(&p12->certs); + free(p12); + } + + return ret; +} + +static int +addBag(hx509_context context, + PKCS12_AuthenticatedSafe *as, + const heim_oid *oid, + void *data, + size_t length) +{ + void *ptr; + int ret; + + ptr = realloc(as->val, sizeof(as->val[0]) * (as->len + 1)); + if (ptr == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "malloc out of memory"); + return ENOMEM; + } + as->val = ptr; + + ret = der_copy_oid(oid, &as->val[as->len].contentType); + + as->val[as->len].content = calloc(1, sizeof(*as->val[0].content)); + if (as->val[as->len].content == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "malloc out of memory"); + return ENOMEM; + } + + as->val[as->len].content->data = data; + as->val[as->len].content->length = length; + + as->len++; + + return 0; +} + +static int +store_func(hx509_context context, void *ctx, hx509_cert c) +{ + PKCS12_AuthenticatedSafe *as = ctx; + PKCS12_OctetString os; + PKCS12_CertBag cb; + size_t size; + int ret; + + memset(&os, 0, sizeof(os)); + memset(&cb, 0, sizeof(cb)); + + os.data = NULL; + os.length = 0; + + ASN1_MALLOC_ENCODE(Certificate, os.data, os.length, + _hx509_get_cert(c), &size, ret); + if (ret) + goto out; + ASN1_MALLOC_ENCODE(PKCS12_OctetString, + cb.certValue.data,cb.certValue.length, + &os, &size, ret); + free(os.data); + if (ret) + goto out; + ret = der_copy_oid(oid_id_pkcs_9_at_certTypes_x509(), &cb.certType); + if (ret) { + free_PKCS12_CertBag(&cb); + goto out; + } + ASN1_MALLOC_ENCODE(PKCS12_CertBag, os.data, os.length, + &cb, &size, ret); + free(cb.certValue.data); + if (ret) + goto out; + + ret = addBag(context, as, oid_id_pkcs12_certBag(), os.data, os.length); + + if (_hx509_cert_private_key_exportable(c)) { + hx509_private_key key = _hx509_cert_private_key(c); + PKCS8PrivateKeyInfo pki; + + memset(&pki, 0, sizeof(pki)); + + ret = der_parse_hex_heim_integer("00", &pki.version); + if (ret) + return ret; + ret = _hx509_private_key_oid(context, key, + &pki.privateKeyAlgorithm.algorithm); + if (ret) { + free_PKCS8PrivateKeyInfo(&pki); + return ret; + } + ret = _hx509_private_key_export(context, + _hx509_cert_private_key(c), + &pki.privateKey); + if (ret) { + free_PKCS8PrivateKeyInfo(&pki); + return ret; + } + /* set attribute, oid_id_pkcs_9_at_localKeyId() */ + + ASN1_MALLOC_ENCODE(PKCS8PrivateKeyInfo, os.data, os.length, + &pki, &size, ret); + free_PKCS8PrivateKeyInfo(&pki); + if (ret) + return ret; + + ret = addBag(context, as, oid_id_pkcs12_keyBag(), os.data, os.length); + if (ret) + return ret; + } + +out: + return ret; +} + +static int +p12_store(hx509_context context, + hx509_certs certs, void *data, int flags, hx509_lock lock) +{ + struct ks_pkcs12 *p12 = data; + PKCS12_PFX pfx; + PKCS12_AuthenticatedSafe as; + PKCS12_OctetString asdata; + size_t size; + int ret; + + memset(&as, 0, sizeof(as)); + memset(&pfx, 0, sizeof(pfx)); + + ret = hx509_certs_iter(context, p12->certs, store_func, &as); + if (ret) + goto out; + + ASN1_MALLOC_ENCODE(PKCS12_AuthenticatedSafe, asdata.data, asdata.length, + &as, &size, ret); + free_PKCS12_AuthenticatedSafe(&as); + if (ret) + return ret; + + ret = der_parse_hex_heim_integer("03", &pfx.version); + if (ret) { + free(asdata.data); + goto out; + } + + pfx.authSafe.content = calloc(1, sizeof(*pfx.authSafe.content)); + + ASN1_MALLOC_ENCODE(PKCS12_OctetString, + pfx.authSafe.content->data, + pfx.authSafe.content->length, + &asdata, &size, ret); + free(asdata.data); + if (ret) + goto out; + + ret = der_copy_oid(oid_id_pkcs7_data(), &pfx.authSafe.contentType); + if (ret) + goto out; + + ASN1_MALLOC_ENCODE(PKCS12_PFX, asdata.data, asdata.length, + &pfx, &size, ret); + if (ret) + goto out; + +#if 0 + const struct _hx509_password *pw; + + pw = _hx509_lock_get_passwords(lock); + if (pw != NULL) { + pfx.macData = calloc(1, sizeof(*pfx.macData)); + if (pfx.macData == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "malloc out of memory"); + return ret; + } + if (pfx.macData == NULL) { + free(asdata.data); + goto out; + } + } + ret = calculate_hash(&aspath, pw, pfx.macData); +#endif + + rk_dumpdata(p12->fn, asdata.data, asdata.length); + free(asdata.data); + +out: + free_PKCS12_AuthenticatedSafe(&as); + free_PKCS12_PFX(&pfx); + + return ret; +} + + +static int +p12_free(hx509_certs certs, void *data) +{ + struct ks_pkcs12 *p12 = data; + hx509_certs_free(&p12->certs); + free(p12->fn); + free(p12); + return 0; +} + +static int +p12_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c) +{ + struct ks_pkcs12 *p12 = data; + return hx509_certs_add(context, p12->certs, c); +} + +static int +p12_iter_start(hx509_context context, + hx509_certs certs, + void *data, + void **cursor) +{ + struct ks_pkcs12 *p12 = data; + return hx509_certs_start_seq(context, p12->certs, cursor); +} + +static int +p12_iter(hx509_context context, + hx509_certs certs, + void *data, + void *cursor, + hx509_cert *cert) +{ + struct ks_pkcs12 *p12 = data; + return hx509_certs_next_cert(context, p12->certs, cursor, cert); +} + +static int +p12_iter_end(hx509_context context, + hx509_certs certs, + void *data, + void *cursor) +{ + struct ks_pkcs12 *p12 = data; + return hx509_certs_end_seq(context, p12->certs, cursor); +} + +static struct hx509_keyset_ops keyset_pkcs12 = { + "PKCS12", + 0, + p12_init, + p12_store, + p12_free, + p12_add, + NULL, + p12_iter_start, + p12_iter, + p12_iter_end +}; + +void +_hx509_ks_pkcs12_register(hx509_context context) +{ + _hx509_ks_register(context, &keyset_pkcs12); +} diff --git a/source4/heimdal/lib/hx509/lock.c b/source4/heimdal/lib/hx509/lock.c new file mode 100644 index 0000000000..95fc0aa26d --- /dev/null +++ b/source4/heimdal/lib/hx509/lock.c @@ -0,0 +1,242 @@ +/* + * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: lock.c,v 1.13 2006/10/14 09:41:05 lha Exp $"); + +struct hx509_lock_data { + struct _hx509_password password; + hx509_certs certs; + hx509_prompter_fct prompt; + void *prompt_data; +}; + +static struct hx509_lock_data empty_lock_data = { + { 0, NULL } +}; + +hx509_lock _hx509_empty_lock = &empty_lock_data; + +/* + * + */ + +int +hx509_lock_init(hx509_context context, hx509_lock *lock) +{ + hx509_lock l; + int ret; + + *lock = NULL; + + l = calloc(1, sizeof(*l)); + if (l == NULL) + return ENOMEM; + + ret = hx509_certs_init(context, + "MEMORY:locks-internal", + 0, + NULL, + &l->certs); + if (ret) { + free(l); + return ret; + } + + *lock = l; + + return 0; +} + +int +hx509_lock_add_password(hx509_lock lock, const char *password) +{ + void *d; + char *s; + + s = strdup(password); + if (s == NULL) + return ENOMEM; + + d = realloc(lock->password.val, + (lock->password.len + 1) * sizeof(lock->password.val[0])); + if (d == NULL) { + free(s); + return ENOMEM; + } + lock->password.val = d; + lock->password.val[lock->password.len] = s; + lock->password.len++; + + return 0; +} + +const struct _hx509_password * +_hx509_lock_get_passwords(hx509_lock lock) +{ + return &lock->password; +} + +hx509_certs +_hx509_lock_unlock_certs(hx509_lock lock) +{ + return lock->certs; +} + +void +hx509_lock_reset_passwords(hx509_lock lock) +{ + int i; + for (i = 0; i < lock->password.len; i++) + free(lock->password.val[i]); + free(lock->password.val); + lock->password.val = NULL; + lock->password.len = 0; +} + +int +hx509_lock_add_cert(hx509_context context, hx509_lock lock, hx509_cert cert) +{ + return hx509_certs_add(context, lock->certs, cert); +} + +int +hx509_lock_add_certs(hx509_context context, hx509_lock lock, hx509_certs certs) +{ + return hx509_certs_merge(context, lock->certs, certs); +} + +void +hx509_lock_reset_certs(hx509_context context, hx509_lock lock) +{ + hx509_certs certs = lock->certs; + int ret; + + ret = hx509_certs_init(context, + "MEMORY:locks-internal", + 0, + NULL, + &lock->certs); + if (ret == 0) + hx509_certs_free(&certs); + else + lock->certs = certs; +} + +int +_hx509_lock_find_cert(hx509_lock lock, const hx509_query *q, hx509_cert *c) +{ + *c = NULL; + return 0; +} + +int +hx509_lock_set_prompter(hx509_lock lock, hx509_prompter_fct prompt, void *data) +{ + lock->prompt = prompt; + lock->prompt_data = data; + return 0; +} + +void +hx509_lock_reset_promper(hx509_lock lock) +{ + lock->prompt = NULL; + lock->prompt_data = NULL; +} + +static int +default_prompter(void *data, const hx509_prompt *prompter) +{ + if (hx509_prompt_hidden(prompter->type)) { + if(UI_UTIL_read_pw_string(prompter->reply.data, + prompter->reply.length, + prompter->prompt, + 0)) + return 1; + } else { + char *s = prompter->reply.data; + + fputs (prompter->prompt, stdout); + fflush (stdout); + if(fgets(prompter->reply.data, + prompter->reply.length, + stdin) == NULL) + return 1; + s[strcspn(s, "\n")] = '\0'; + } + return 0; +} + +int +hx509_lock_prompt(hx509_lock lock, hx509_prompt *prompt) +{ + if (lock->prompt == NULL) + return HX509_CRYPTO_NO_PROMPTER; + return (*lock->prompt)(lock->prompt_data, prompt); +} + +void +hx509_lock_free(hx509_lock lock) +{ + hx509_certs_free(&lock->certs); + hx509_lock_reset_passwords(lock); + memset(lock, 0, sizeof(*lock)); + free(lock); +} + +int +hx509_prompt_hidden(hx509_prompt_type type) +{ + /* default to hidden if unknown */ + + switch (type) { + case HX509_PROMPT_TYPE_QUESTION: + case HX509_PROMPT_TYPE_INFO: + return 0; + default: + return 1; + } +} + +int +hx509_lock_command_string(hx509_lock lock, const char *string) +{ + if (strncasecmp(string, "PASS:", 5) == 0) { + hx509_lock_add_password(lock, string + 5); + } else if (strcasecmp(string, "PROMPT") == 0) { + hx509_lock_set_prompter(lock, default_prompter, NULL); + } else + return HX509_UNKNOWN_LOCK_COMMAND; + return 0; +} diff --git a/source4/heimdal/lib/hx509/name.c b/source4/heimdal/lib/hx509/name.c new file mode 100644 index 0000000000..92e9e6f974 --- /dev/null +++ b/source4/heimdal/lib/hx509/name.c @@ -0,0 +1,550 @@ +/* + * Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: name.c,v 1.33 2006/12/30 23:04:11 lha Exp $"); + +/* + * name parsing from rfc2253 + * fix so parsing rfc1779 works too + * rfc3280 + */ + +static const struct { + char *n; + const heim_oid *(*o)(void); +} no[] = { + { "C", oid_id_at_countryName }, + { "CN", oid_id_at_commonName }, + { "DC", oid_id_domainComponent }, + { "L", oid_id_at_localityName }, + { "O", oid_id_at_organizationName }, + { "OU", oid_id_at_organizationalUnitName }, + { "S", oid_id_at_stateOrProvinceName }, + { "UID", oid_id_Userid }, + { "emailAddress", oid_id_pkcs9_emailAddress }, + { "serialNumber", oid_id_at_serialNumber } +}; + +static char * +quote_string(const char *f, size_t len, size_t *rlen) +{ + size_t i, j, tolen; + const char *from = f; + char *to; + + tolen = len * 3 + 1; + to = malloc(tolen); + if (to == NULL) + return NULL; + + for (i = 0, j = 0; i < len; i++) { + if (from[i] == ' ' && i + 1 < len) + to[j++] = from[i]; + else if (from[i] == ',' || from[i] == '=' || from[i] == '+' || + from[i] == '<' || from[i] == '>' || from[i] == '#' || + from[i] == ';' || from[i] == ' ') + { + to[j++] = '\\'; + to[j++] = from[i]; + } else if (((unsigned char)from[i]) >= 32 && ((unsigned char)from[i]) <= 127) { + to[j++] = from[i]; + } else { + int l = snprintf(&to[j], tolen - j - 1, + "#%02x", (unsigned int)from[i]); + j += l; + } + } + to[j] = '\0'; + *rlen = j; + return to; +} + + +static int +append_string(char **str, size_t *total_len, char *ss, size_t len, int quote) +{ + char *s, *qs; + + if (quote) + qs = quote_string(ss, len, &len); + else + qs = ss; + + s = realloc(*str, len + *total_len + 1); + if (s == NULL) + _hx509_abort("allocation failure"); /* XXX */ + memcpy(s + *total_len, qs, len); + if (qs != ss) + free(qs); + s[*total_len + len] = '\0'; + *str = s; + *total_len += len; + return 0; +} + +static char * +oidtostring(const heim_oid *type) +{ + char *s; + size_t i; + + for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) { + if (der_heim_oid_cmp((*no[i].o)(), type) == 0) + return strdup(no[i].n); + } + if (der_print_heim_oid(type, '.', &s) != 0) + return NULL; + return s; +} + +static int +stringtooid(const char *name, size_t len, heim_oid *oid) +{ + int i, ret; + char *s; + + memset(oid, 0, sizeof(*oid)); + + for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) { + if (strncasecmp(no[i].n, name, len) == 0) + return der_copy_oid((*no[i].o)(), oid); + } + s = malloc(len + 1); + if (s == NULL) + return ENOMEM; + memcpy(s, name, len); + s[len] = '\0'; + ret = der_parse_heim_oid(s, ".", oid); + free(s); + return ret; +} + +int +hx509_name_to_string(const hx509_name name, char **str) +{ + return _hx509_Name_to_string(&name->der_name, str); +} + +int +_hx509_Name_to_string(const Name *n, char **str) +{ + size_t total_len = 0; + int i, j; + + *str = strdup(""); + if (*str == NULL) + return ENOMEM; + + for (i = n->u.rdnSequence.len - 1 ; i >= 0 ; i--) { + int len; + + for (j = 0; j < n->u.rdnSequence.val[i].len; j++) { + DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value; + char *oidname; + char *ss; + + oidname = oidtostring(&n->u.rdnSequence.val[i].val[j].type); + + switch(ds->element) { + case choice_DirectoryString_ia5String: + ss = ds->u.ia5String; + break; + case choice_DirectoryString_printableString: + ss = ds->u.ia5String; + break; + case choice_DirectoryString_utf8String: + ss = ds->u.ia5String; + break; + case choice_DirectoryString_bmpString: { + uint16_t *bmp = ds->u.bmpString.data; + size_t bmplen = ds->u.bmpString.length; + size_t k; + + ss = malloc(bmplen + 1); + if (ss == NULL) + _hx509_abort("allocation failure"); /* XXX */ + for (k = 0; k < bmplen; k++) + ss[k] = bmp[k] & 0xff; /* XXX */ + ss[k] = '\0'; + break; + } + case choice_DirectoryString_teletexString: + ss = "teletex-string"; /* XXX */ + break; + case choice_DirectoryString_universalString: + ss = "universalString"; /* XXX */ + break; + default: + _hx509_abort("unknown directory type: %d", ds->element); + exit(1); + } + append_string(str, &total_len, oidname, strlen(oidname), 0); + free(oidname); + append_string(str, &total_len, "=", 1, 0); + len = strlen(ss); + append_string(str, &total_len, ss, len, 1); + if (ds->element == choice_DirectoryString_bmpString) + free(ss); + if (j + 1 < n->u.rdnSequence.val[i].len) + append_string(str, &total_len, "+", 1, 0); + } + + if (i > 0) + append_string(str, &total_len, ",", 1, 0); + } + return 0; +} + +/* + * XXX this function is broken, it needs to compare code points, not + * bytes. + */ + +int +_hx509_name_ds_cmp(const DirectoryString *ds1, const DirectoryString *ds2) +{ + int c; + + c = ds1->element - ds2->element; + if (c) + return c; + + switch(ds1->element) { + case choice_DirectoryString_ia5String: + c = strcmp(ds1->u.ia5String, ds2->u.ia5String); + break; + case choice_DirectoryString_teletexString: + c = der_heim_octet_string_cmp(&ds1->u.teletexString, + &ds2->u.teletexString); + break; + case choice_DirectoryString_printableString: + c = strcasecmp(ds1->u.printableString, ds2->u.printableString); + break; + case choice_DirectoryString_utf8String: + c = strcmp(ds1->u.utf8String, ds2->u.utf8String); + break; + case choice_DirectoryString_universalString: + c = der_heim_universal_string_cmp(&ds1->u.universalString, + &ds2->u.universalString); + break; + case choice_DirectoryString_bmpString: + c = der_heim_bmp_string_cmp(&ds1->u.bmpString, + &ds2->u.bmpString); + break; + default: + c = 1; + break; + } + return c; +} + +int +_hx509_name_cmp(const Name *n1, const Name *n2) +{ + int i, j, c; + + c = n1->u.rdnSequence.len - n2->u.rdnSequence.len; + if (c) + return c; + + for (i = 0 ; i < n1->u.rdnSequence.len; i++) { + c = n1->u.rdnSequence.val[i].len - n2->u.rdnSequence.val[i].len; + if (c) + return c; + + for (j = 0; j < n1->u.rdnSequence.val[i].len; j++) { + c = der_heim_oid_cmp(&n1->u.rdnSequence.val[i].val[j].type, + &n1->u.rdnSequence.val[i].val[j].type); + if (c) + return c; + + c = _hx509_name_ds_cmp(&n1->u.rdnSequence.val[i].val[j].value, + &n2->u.rdnSequence.val[i].val[j].value); + if (c) + return c; + } + } + return 0; +} + +int +_hx509_name_from_Name(const Name *n, hx509_name *name) +{ + int ret; + *name = calloc(1, sizeof(**name)); + if (*name == NULL) + return ENOMEM; + ret = copy_Name(n, &(*name)->der_name); + if (ret) { + free(*name); + *name = NULL; + } + return ret; +} + +static int +hx509_der_parse_name(const void *data, size_t length, hx509_name *name) +{ + int ret; + Name n; + + *name = NULL; + ret = decode_Name(data, length, &n, NULL); + if (ret) + return ret; + return _hx509_name_from_Name(&n, name); +} + +int +_hx509_name_modify(hx509_context context, + Name *name, + int append, + const heim_oid *oid, + const char *str) +{ + RelativeDistinguishedName *rdn; + int ret; + void *ptr; + + ptr = realloc(name->u.rdnSequence.val, + sizeof(name->u.rdnSequence.val[0]) * + (name->u.rdnSequence.len + 1)); + if (ptr == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "Out of memory"); + return ENOMEM; + } + name->u.rdnSequence.val = ptr; + + if (append) { + rdn = &name->u.rdnSequence.val[name->u.rdnSequence.len]; + } else { + memmove(&name->u.rdnSequence.val[1], + &name->u.rdnSequence.val[0], + name->u.rdnSequence.len * + sizeof(name->u.rdnSequence.val[0])); + + rdn = &name->u.rdnSequence.val[0]; + } + rdn->val = malloc(sizeof(rdn->val[0])); + if (rdn->val == NULL) + return ENOMEM; + rdn->len = 1; + ret = der_copy_oid(oid, &rdn->val[0].type); + if (ret) + return ret; + rdn->val[0].value.element = choice_DirectoryString_utf8String; + rdn->val[0].value.u.utf8String = strdup(str); + if (rdn->val[0].value.u.utf8String == NULL) + return ENOMEM; + name->u.rdnSequence.len += 1; + + return 0; +} + +int +hx509_parse_name(hx509_context context, const char *str, hx509_name *name) +{ + const char *p, *q; + size_t len; + hx509_name n; + int ret; + + *name = NULL; + + n = calloc(1, sizeof(*n)); + if (n == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + + n->der_name.element = choice_Name_rdnSequence; + + p = str; + + while (p != NULL && *p != '\0') { + heim_oid oid; + int last; + + q = strchr(p, ','); + if (q) { + len = (q - p); + last = 1; + } else { + len = strlen(p); + last = 0; + } + + q = strchr(p, '='); + if (q == NULL) { + ret = HX509_PARSING_NAME_FAILED; + hx509_set_error_string(context, 0, ret, "missing = in %s", p); + goto out; + } + if (q == p) { + ret = HX509_PARSING_NAME_FAILED; + hx509_set_error_string(context, 0, ret, + "missing name before = in %s", p); + goto out; + } + + if ((q - p) > len) { + ret = HX509_PARSING_NAME_FAILED; + hx509_set_error_string(context, 0, ret, " = after , in %s", p); + goto out; + } + + ret = stringtooid(p, q - p, &oid); + if (ret) { + ret = HX509_PARSING_NAME_FAILED; + hx509_set_error_string(context, 0, ret, + "unknown type: %.*s", (int)(q - p), p); + goto out; + } + + { + size_t pstr_len = len - (q - p) - 1; + const char *pstr = p + (q - p) + 1; + char *r; + + r = malloc(pstr_len + 1); + if (r == NULL) { + der_free_oid(&oid); + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "out of memory"); + goto out; + } + memcpy(r, pstr, pstr_len); + r[pstr_len] = '\0'; + + ret = _hx509_name_modify(context, &n->der_name, 0, &oid, r); + free(r); + der_free_oid(&oid); + if(ret) + goto out; + } + p += len + last; + } + + *name = n; + + return 0; +out: + hx509_name_free(&n); + return HX509_NAME_MALFORMED; +} + +int +hx509_name_copy(hx509_context context, const hx509_name from, hx509_name *to) +{ + int ret; + + *to = calloc(1, sizeof(**to)); + if (*to == NULL) + return ENOMEM; + ret = copy_Name(&from->der_name, &(*to)->der_name); + if (ret) { + free(*to); + *to = NULL; + return ENOMEM; + } + return 0; +} + +int +hx509_name_to_Name(const hx509_name from, Name *to) +{ + return copy_Name(&from->der_name, to); +} + + +void +hx509_name_free(hx509_name *name) +{ + free_Name(&(*name)->der_name); + memset(*name, 0, sizeof(**name)); + free(*name); + *name = NULL; +} + +int +hx509_unparse_der_name(const void *data, size_t length, char **str) +{ + hx509_name name; + int ret; + + ret = hx509_der_parse_name(data, length, &name); + if (ret) + return ret; + + ret = hx509_name_to_string(name, str); + hx509_name_free(&name); + return ret; +} + +int +hx509_name_to_der_name(const hx509_name name, void **data, size_t *length) +{ + size_t size; + int ret; + + ASN1_MALLOC_ENCODE(Name, *data, *length, &name->der_name, &size, ret); + if (ret) + return ret; + if (*length != size) + _hx509_abort("internal ASN.1 encoder error"); + + return 0; +} + + +int +_hx509_unparse_Name(const Name *aname, char **str) +{ + hx509_name name; + int ret; + + ret = _hx509_name_from_Name(aname, &name); + if (ret) + return ret; + + ret = hx509_name_to_string(name, str); + hx509_name_free(&name); + return ret; +} + +int +hx509_name_is_null_p(const hx509_name name) +{ + return name->der_name.u.rdnSequence.len == 0; +} diff --git a/source4/heimdal/lib/hx509/ocsp.asn1 b/source4/heimdal/lib/hx509/ocsp.asn1 new file mode 100644 index 0000000000..62a2750b96 --- /dev/null +++ b/source4/heimdal/lib/hx509/ocsp.asn1 @@ -0,0 +1,113 @@ +-- From rfc2560 +-- $Id: ocsp.asn1,v 1.4 2006/12/30 12:38:44 lha Exp $ +OCSP DEFINITIONS EXPLICIT TAGS::= + +BEGIN + +IMPORTS + Certificate, AlgorithmIdentifier, CRLReason, + Name, GeneralName, CertificateSerialNumber, Extensions + FROM rfc2459; + +OCSPVersion ::= INTEGER { ocsp-v1(0) } + +OCSPCertStatus ::= CHOICE { + good [0] IMPLICIT NULL, + revoked [1] IMPLICIT -- OCSPRevokedInfo -- SEQUENCE { + revocationTime GeneralizedTime, + revocationReason[0] EXPLICIT CRLReason OPTIONAL + }, + unknown [2] IMPLICIT NULL } + +OCSPCertID ::= SEQUENCE { + hashAlgorithm AlgorithmIdentifier, + issuerNameHash OCTET STRING, -- Hash of Issuer's DN + issuerKeyHash OCTET STRING, -- Hash of Issuers public key + serialNumber CertificateSerialNumber } + +OCSPSingleResponse ::= SEQUENCE { + certID OCSPCertID, + certStatus OCSPCertStatus, + thisUpdate GeneralizedTime, + nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, + singleExtensions [1] EXPLICIT Extensions OPTIONAL } + +OCSPInnerRequest ::= SEQUENCE { + reqCert OCSPCertID, + singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } + +OCSPTBSRequest ::= SEQUENCE { + version [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL, + requestorName [1] EXPLICIT GeneralName OPTIONAL, + requestList SEQUENCE OF OCSPInnerRequest, + requestExtensions [2] EXPLICIT Extensions OPTIONAL } + +OCSPSignature ::= SEQUENCE { + signatureAlgorithm AlgorithmIdentifier, + signature BIT STRING, + certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + +OCSPRequest ::= SEQUENCE { + tbsRequest OCSPTBSRequest, + optionalSignature [0] EXPLICIT OCSPSignature OPTIONAL } + +OCSPResponseBytes ::= SEQUENCE { + responseType OBJECT IDENTIFIER, + response OCTET STRING } + +OCSPResponseStatus ::= ENUMERATED { + successful (0), --Response has valid confirmations + malformedRequest (1), --Illegal confirmation request + internalError (2), --Internal error in issuer + tryLater (3), --Try again later + --(4) is not used + sigRequired (5), --Must sign the request + unauthorized (6) --Request unauthorized +} + +OCSPResponse ::= SEQUENCE { + responseStatus OCSPResponseStatus, + responseBytes [0] EXPLICIT OCSPResponseBytes OPTIONAL } + +OCSPKeyHash ::= OCTET STRING --SHA-1 hash of responder's public key + --(excluding the tag and length fields) + +OCSPResponderID ::= CHOICE { + byName [1] Name, + byKey [2] OCSPKeyHash } + +OCSPResponseData ::= SEQUENCE { + version [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL, + responderID OCSPResponderID, + producedAt GeneralizedTime, + responses SEQUENCE OF OCSPSingleResponse, + responseExtensions [1] EXPLICIT Extensions OPTIONAL } + +OCSPBasicOCSPResponse ::= SEQUENCE { + tbsResponseData OCSPResponseData, + signatureAlgorithm AlgorithmIdentifier, + signature BIT STRING, + certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + +-- ArchiveCutoff ::= GeneralizedTime + +-- AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER + +-- Object Identifiers + +id-pkix-ocsp OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) pkix-ad(48) 1 +} + +id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 } +id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 } +-- id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 } +-- id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 } +-- id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 } +-- id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 } +-- id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 } + + +END + diff --git a/source4/heimdal/lib/hx509/peer.c b/source4/heimdal/lib/hx509/peer.c new file mode 100644 index 0000000000..f82f2877f6 --- /dev/null +++ b/source4/heimdal/lib/hx509/peer.c @@ -0,0 +1,148 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: peer.c,v 1.1 2006/11/26 15:49:01 lha Exp $"); + +int +hx509_peer_info_alloc(hx509_context context, hx509_peer_info *peer) +{ + *peer = calloc(1, sizeof(**peer)); + if (*peer == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + return 0; +} + + +static void +free_cms_alg(hx509_peer_info peer) +{ + if (peer->val) { + size_t i; + for (i = 0; i < peer->len; i++) + free_AlgorithmIdentifier(&peer->val[i]); + free(peer->val); + peer->val = NULL; + peer->len = 0; + } +} + +int +hx509_peer_info_free(hx509_peer_info peer) +{ + if (peer->cert) + hx509_cert_free(peer->cert); + free_cms_alg(peer); + memset(peer, 0, sizeof(*peer)); + return 0; +} + +int +hx509_peer_info_set_cert(hx509_peer_info peer, + hx509_cert cert) +{ + if (peer->cert) + hx509_cert_free(peer->cert); + peer->cert = hx509_cert_ref(cert); + return 0; +} + +int +hx509_peer_info_set_cms_algs(hx509_context context, + hx509_peer_info peer, + const AlgorithmIdentifier *val, + size_t len) +{ + size_t i; + + free_cms_alg(peer); + + peer->val = calloc(len, sizeof(*peer->val)); + if (peer->val == NULL) { + peer->len = 0; + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + peer->len = len; + for (i = 0; i < len; i++) { + int ret; + ret = copy_AlgorithmIdentifier(&val[i], &peer->val[i]); + if (ret) { + hx509_clear_error_string(context); + free_cms_alg(peer); + return ret; + } + } + return 0; +} + +#if 0 + +/* + * S/MIME + */ + +int +hx509_peer_info_parse_smime(hx509_peer_info peer, + const heim_octet_string *data) +{ + return 0; +} + +int +hx509_peer_info_unparse_smime(hx509_peer_info peer, + heim_octet_string *data) +{ + return 0; +} + +/* + * For storing hx509_peer_info to be able to cache them. + */ + +int +hx509_peer_info_parse(hx509_peer_info peer, + const heim_octet_string *data) +{ + return 0; +} + +int +hx509_peer_info_unparse(hx509_peer_info peer, + heim_octet_string *data) +{ + return 0; +} +#endif diff --git a/source4/heimdal/lib/hx509/pkcs10.asn1 b/source4/heimdal/lib/hx509/pkcs10.asn1 new file mode 100644 index 0000000000..c33fd36cb2 --- /dev/null +++ b/source4/heimdal/lib/hx509/pkcs10.asn1 @@ -0,0 +1,25 @@ +-- $Id: pkcs10.asn1,v 1.1 2006/04/01 09:46:57 lha Exp $ +PKCS10 DEFINITIONS ::= + +BEGIN + +IMPORTS + Name, SubjectPublicKeyInfo, Attribute, AlgorithmIdentifier + FROM rfc2459; + + +CertificationRequestInfo ::= SEQUENCE { + version INTEGER { pkcs10-v1(0) }, + subject Name, + subjectPKInfo SubjectPublicKeyInfo, + attributes [0] IMPLICIT SET OF Attribute OPTIONAL +} + +CertificationRequest ::= SEQUENCE { + certificationRequestInfo CertificationRequestInfo, + signatureAlgorithm AlgorithmIdentifier, + signature BIT STRING +} + +END + diff --git a/source4/heimdal/lib/hx509/print.c b/source4/heimdal/lib/hx509/print.c new file mode 100644 index 0000000000..802ac12b4e --- /dev/null +++ b/source4/heimdal/lib/hx509/print.c @@ -0,0 +1,538 @@ +/* + * Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: print.c,v 1.15 2006/12/07 20:37:57 lha Exp $"); + + +struct hx509_validate_ctx_data { + int flags; + hx509_vprint_func vprint_func; + void *ctx; +}; + +/* + * + */ + +static int +Time2string(const Time *T, char **str) +{ + time_t t; + char *s; + struct tm *tm; + + *str = NULL; + t = _hx509_Time2time_t(T); + tm = gmtime (&t); + s = malloc(30); + if (s == NULL) + return ENOMEM; + strftime(s, 30, "%Y-%m-%d %H:%M:%S", tm); + *str = s; + return 0; +} + +void +hx509_print_stdout(void *ctx, const char *fmt, va_list va) +{ + FILE *f = ctx; + vfprintf(f, fmt, va); +} + +void +hx509_print_func(hx509_vprint_func func, void *ctx, const char *fmt, ...) +{ + va_list va; + va_start(va, fmt); + (*func)(ctx, fmt, va); + va_end(va); +} + +int +hx509_oid_sprint(const heim_oid *oid, char **str) +{ + return der_print_heim_oid(oid, '.', str); +} + +void +hx509_oid_print(const heim_oid *oid, hx509_vprint_func func, void *ctx) +{ + char *str; + hx509_oid_sprint(oid, &str); + hx509_print_func(func, ctx, "%s", str); + free(str); +} + +void +hx509_bitstring_print(const heim_bit_string *b, + hx509_vprint_func func, void *ctx) +{ + int i; + hx509_print_func(func, ctx, "\tlength: %d\n\t", b->length); + for (i = 0; i < (b->length + 7) / 8; i++) + hx509_print_func(func, ctx, "%02x%s%s", + ((unsigned char *)b->data)[i], + i < (b->length - 7) / 8 + && (i == 0 || (i % 16) != 15) ? ":" : "", + i != 0 && (i % 16) == 15 ? + (i <= ((b->length + 7) / 8 - 2) ? "\n\t" : "\n"):""); +} + +int +hx509_cert_keyusage_print(hx509_context context, hx509_cert c, char **s) +{ + KeyUsage ku; + char buf[256]; + int ret; + + *s = NULL; + + ret = _hx509_cert_get_keyusage(context, c, &ku); + if (ret) + return ret; + unparse_flags(KeyUsage2int(ku), asn1_KeyUsage_units(), buf, sizeof(buf)); + *s = strdup(buf); + if (*s == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + + return 0; +} + +/* + * + */ + +static void +validate_vprint(void *c, const char *fmt, va_list va) +{ + hx509_validate_ctx ctx = c; + if (ctx->vprint_func == NULL) + return; + (ctx->vprint_func)(ctx->ctx, fmt, va); +} + +static void +validate_print(hx509_validate_ctx ctx, int flags, const char *fmt, ...) +{ + va_list va; + if ((ctx->flags & flags) == 0) + return; + va_start(va, fmt); + validate_vprint(ctx, fmt, va); + va_end(va); +} + +enum critical_flag { D_C = 0, S_C, S_N_C, M_C, M_N_C }; + +static int +check_Null(hx509_validate_ctx ctx, enum critical_flag cf, const Extension *e) +{ + switch(cf) { + case D_C: + break; + case S_C: + if (!e->critical) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "\tCritical not set on SHOULD\n"); + break; + case S_N_C: + if (e->critical) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "\tCritical set on SHOULD NOT\n"); + break; + case M_C: + if (!e->critical) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "\tCritical not set on MUST\n"); + break; + case M_N_C: + if (e->critical) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "\tCritical set on MUST NOT\n"); + break; + default: + _hx509_abort("internal check_Null state error"); + } + return 0; +} + +static int +check_subjectKeyIdentifier(hx509_validate_ctx ctx, + enum critical_flag cf, + const Extension *e) +{ + check_Null(ctx, cf, e); + return 0; +} + +static int +check_pkinit_san(hx509_validate_ctx ctx, heim_any *a) +{ + KRB5PrincipalName kn; + unsigned i; + size_t size; + int ret; + + ret = decode_KRB5PrincipalName(a->data, a->length, + &kn, &size); + if (ret) { + printf("Decoding kerberos name in SAN failed: %d", ret); + return 1; + } + + if (size != a->length) { + printf("Decoding kerberos name have extra bits on the end"); + return 1; + } + + /* print kerberos principal, add code to quote / within components */ + for (i = 0; i < kn.principalName.name_string.len; i++) { + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s", + kn.principalName.name_string.val[i]); + if (i + 1 < kn.principalName.name_string.len) + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "/"); + } + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "@"); + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s", kn.realm); + + free_KRB5PrincipalName(&kn); + return 0; +} + +static int +check_dnssrv_san(hx509_validate_ctx ctx, heim_any *a) +{ + return 0; +} + +struct { + const char *name; + const heim_oid *(*oid)(void); + int (*func)(hx509_validate_ctx, heim_any *); +} check_altname[] = { + { "pk-init", oid_id_pkinit_san, check_pkinit_san }, + { "dns-srv", oid_id_pkix_on_dnsSRV, check_dnssrv_san } +}; + +static int +check_altName(hx509_validate_ctx ctx, + const char *name, + enum critical_flag cf, + const Extension *e) +{ + GeneralNames gn; + size_t size; + int ret, i; + + check_Null(ctx, cf, e); + + if (e->extnValue.length == 0) { + printf("%sAltName empty, not allowed", name); + return 1; + } + ret = decode_GeneralNames(e->extnValue.data, e->extnValue.length, + &gn, &size); + if (ret) { + printf("\tret = %d while decoding %s GeneralNames\n", ret, name); + return 1; + } + if (gn.len == 0) { + printf("%sAltName generalName empty, not allowed", name); + return 1; + } + + for (i = 0; i < gn.len; i++) { + switch (gn.val[i].element) { + case choice_GeneralName_otherName: { + unsigned j; + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%sAltName otherName ", name); + + for (j = 0; j < sizeof(check_altname)/sizeof(check_altname[0]); j++) { + if (der_heim_oid_cmp((*check_altname[j].oid)(), + &gn.val[i].u.otherName.type_id) != 0) + continue; + + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s: ", + check_altname[j].name); + (*check_altname[j].func)(ctx, &gn.val[i].u.otherName.value); + break; + } + if (j == sizeof(check_altname)/sizeof(check_altname[0])) { + hx509_oid_print(&gn.val[i].u.otherName.type_id, + validate_vprint, ctx); + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, " unknown"); + } + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "\n"); + break; + } + case choice_GeneralName_rfc822Name: + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "rfc822Name: %s\n", + gn.val[i].u.rfc822Name); + break; + case choice_GeneralName_dNSName: + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "dNSName: %s\n", + gn.val[i].u.dNSName); + break; + case choice_GeneralName_directoryName: { + Name dir; + char *s; + dir.element = gn.val[i].u.directoryName.element; + dir.u.rdnSequence = gn.val[i].u.directoryName.u.rdnSequence; + ret = _hx509_unparse_Name(&dir, &s); + if (ret) { + printf("unable to parse %sAltName directoryName\n", name); + return 1; + } + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "directoryName: %s\n", s); + free(s); + break; + } + case choice_GeneralName_uniformResourceIdentifier: + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "uri: %s\n", + gn.val[i].u.uniformResourceIdentifier); + break; + case choice_GeneralName_iPAddress: + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "ip address\n"); + break; + case choice_GeneralName_registeredID: + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "registered id: "); + hx509_oid_print(&gn.val[i].u.registeredID, + validate_vprint, ctx); + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "\n"); + break; + } + } + + free_GeneralNames(&gn); + + return 0; +} + +static int +check_subjectAltName(hx509_validate_ctx ctx, + enum critical_flag cf, + const Extension *e) +{ + return check_altName(ctx, "subject", cf, e); +} + +static int +check_issuerAltName(hx509_validate_ctx ctx, + enum critical_flag cf, + const Extension *e) +{ + return check_altName(ctx, "issuer", cf, e); +} + + +static int +check_basicConstraints(hx509_validate_ctx ctx, + enum critical_flag cf, + const Extension *e) +{ + BasicConstraints b; + size_t size; + int ret; + + check_Null(ctx, cf, e); + + ret = decode_BasicConstraints(e->extnValue.data, e->extnValue.length, + &b, &size); + if (ret) { + printf("\tret = %d while decoding BasicConstraints\n", ret); + return 0; + } + if (size != e->extnValue.length) + printf("\tlength of der data isn't same as extension\n"); + + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "\tis %sa CA\n", b.cA && *b.cA ? "" : "NOT "); + if (b.pathLenConstraint) + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "\tpathLenConstraint: %d\n", *b.pathLenConstraint); + + return 0; +} + +struct { + const char *name; + const heim_oid *(*oid)(void); + int (*func)(hx509_validate_ctx ctx, + enum critical_flag cf, + const Extension *); + enum critical_flag cf; +} check_extension[] = { +#define ext(name, checkname) #name, &oid_id_x509_ce_##name, check_##checkname + { ext(subjectDirectoryAttributes, Null), M_N_C }, + { ext(subjectKeyIdentifier, subjectKeyIdentifier), M_N_C }, + { ext(keyUsage, Null), S_C }, + { ext(subjectAltName, subjectAltName), M_N_C }, + { ext(issuerAltName, issuerAltName), S_N_C }, + { ext(basicConstraints, basicConstraints), M_C }, + { ext(cRLNumber, Null), M_N_C }, + { ext(cRLReason, Null), M_N_C }, + { ext(holdInstructionCode, Null), M_N_C }, + { ext(invalidityDate, Null), M_N_C }, + { ext(deltaCRLIndicator, Null), M_C }, + { ext(issuingDistributionPoint, Null), M_C }, + { ext(certificateIssuer, Null), M_C }, + { ext(nameConstraints, Null), M_C }, + { ext(cRLDistributionPoints, Null), S_N_C }, + { ext(certificatePolicies, Null) }, + { ext(policyMappings, Null), M_N_C }, + { ext(authorityKeyIdentifier, Null), M_N_C }, + { ext(policyConstraints, Null), D_C }, + { ext(extKeyUsage, Null), D_C }, + { ext(freshestCRL, Null), M_N_C }, + { ext(inhibitAnyPolicy, Null), M_C }, + { NULL } +}; + +int +hx509_validate_ctx_init(hx509_context context, hx509_validate_ctx *ctx) +{ + *ctx = malloc(sizeof(**ctx)); + if (*ctx == NULL) + return ENOMEM; + memset(*ctx, 0, sizeof(**ctx)); + return 0; +} + +void +hx509_validate_ctx_set_print(hx509_validate_ctx ctx, + hx509_vprint_func func, + void *c) +{ + ctx->vprint_func = func; + ctx->ctx = c; +} + +void +hx509_validate_ctx_add_flags(hx509_validate_ctx ctx, int flags) +{ + ctx->flags |= flags; +} + +void +hx509_validate_ctx_free(hx509_validate_ctx ctx) +{ + free(ctx); +} + +int +hx509_validate_cert(hx509_context context, + hx509_validate_ctx ctx, + hx509_cert cert) +{ + Certificate *c = _hx509_get_cert(cert); + TBSCertificate *t = &c->tbsCertificate; + hx509_name name; + char *str; + + if (_hx509_cert_get_version(c) != 3) + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "Not version 3 certificate\n"); + + if (t->version && *t->version < 2 && t->extensions) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Not version 3 certificate with extensions\n"); + + _hx509_name_from_Name(&t->subject, &name); + hx509_name_to_string(name, &str); + hx509_name_free(&name); + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "subject name: %s\n", str); + free(str); + + _hx509_name_from_Name(&t->issuer, &name); + hx509_name_to_string(name, &str); + hx509_name_free(&name); + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "issuer name: %s\n", str); + free(str); + + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "Validity:\n"); + + Time2string(&t->validity.notBefore, &str); + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "\tnotBefore %s\n", str); + free(str); + Time2string(&t->validity.notAfter, &str); + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "\tnotAfter %s\n", str); + free(str); + + if (t->extensions) { + int i, j; + + if (t->extensions->len == 0) { + validate_print(ctx, + HX509_VALIDATE_F_VALIDATE|HX509_VALIDATE_F_VERBOSE, + "The empty extensions list is not " + "allowed by PKIX\n"); + } + + for (i = 0; i < t->extensions->len; i++) { + + for (j = 0; check_extension[j].name; j++) + if (der_heim_oid_cmp((*check_extension[j].oid)(), + &t->extensions->val[i].extnID) == 0) + break; + if (check_extension[j].name == NULL) { + int flags = HX509_VALIDATE_F_VERBOSE; + if (t->extensions->val[i].critical) + flags |= HX509_VALIDATE_F_VALIDATE; + validate_print(ctx, flags, "don't know what "); + if (t->extensions->val[i].critical) + validate_print(ctx, flags, "and is CRITICAL "); + if (ctx->flags & flags) + hx509_oid_print(&t->extensions->val[i].extnID, + validate_vprint, ctx); + validate_print(ctx, flags, " is\n"); + continue; + } + validate_print(ctx, + HX509_VALIDATE_F_VALIDATE|HX509_VALIDATE_F_VERBOSE, + "checking extention: %s\n", + check_extension[j].name); + (*check_extension[j].func)(ctx, + check_extension[j].cf, + &t->extensions->val[i]); + } + } else + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "no extentions\n"); + + return 0; +} diff --git a/source4/heimdal/lib/hx509/req.c b/source4/heimdal/lib/hx509/req.c new file mode 100644 index 0000000000..ca7baa514b --- /dev/null +++ b/source4/heimdal/lib/hx509/req.c @@ -0,0 +1,217 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +#include +RCSID("$Id: req.c,v 1.7 2007/01/04 20:20:11 lha Exp $"); + +struct hx509_request_data { + hx509_name name; + SubjectPublicKeyInfo key; + ExtKeyUsage eku; + GeneralNames san; +}; + +/* + * + */ + +int +_hx509_request_init(hx509_context context, hx509_request *req) +{ + *req = calloc(1, sizeof(**req)); + if (*req == NULL) + return ENOMEM; + + return 0; +} + +void +_hx509_request_free(hx509_request *req) +{ + if ((*req)->name) + hx509_name_free(&(*req)->name); + free_SubjectPublicKeyInfo(&(*req)->key); + free_ExtKeyUsage(&(*req)->eku); + free_GeneralNames(&(*req)->san); + memset(*req, 0, sizeof(**req)); + free(*req); + *req = NULL; +} + +int +_hx509_request_set_name(hx509_context context, + hx509_request req, + hx509_name name) +{ + if (req->name) + hx509_name_free(&req->name); + if (name) { + int ret = hx509_name_copy(context, name, &req->name); + if (ret) + return ret; + } + return 0; +} + +int +_hx509_request_set_SubjectPublicKeyInfo(hx509_context context, + hx509_request req, + const SubjectPublicKeyInfo *key) +{ + free_SubjectPublicKeyInfo(&req->key); + return copy_SubjectPublicKeyInfo(key, &req->key); +} + +int +_hx509_request_add_eku(hx509_context context, + hx509_request req, + const heim_oid *oid) +{ + void *val; + int ret; + + val = realloc(req->eku.val, sizeof(req->eku.val[0]) * (req->eku.len + 1)); + if (val == NULL) + return ENOMEM; + req->eku.val = val; + + ret = der_copy_oid(oid, &req->eku.val[req->eku.len]); + if (ret) + return ret; + + req->eku.len += 1; + + return 0; +} + +int +_hx509_request_add_dns_name(hx509_context context, + hx509_request req, + const char *hostname) +{ + GeneralName name; + + memset(&name, 0, sizeof(name)); + name.element = choice_GeneralName_dNSName; + name.u.dNSName = rk_UNCONST(hostname); + + return add_GeneralNames(&req->san, &name); +} + +int +_hx509_request_add_email(hx509_context context, + hx509_request req, + const char *email) +{ + GeneralName name; + + memset(&name, 0, sizeof(name)); + name.element = choice_GeneralName_rfc822Name; + name.u.dNSName = rk_UNCONST(email); + + return add_GeneralNames(&req->san, &name); +} + + + +int +_hx509_request_to_pkcs10(hx509_context context, + const hx509_request req, + const hx509_private_key signer, + heim_octet_string *request) +{ + CertificationRequest r; + heim_octet_string data, os; + int ret; + size_t size; + + if (req->name == NULL) { + hx509_set_error_string(context, 0, EINVAL, + "PKCS10 needs to have a subject"); + return EINVAL; + } + + memset(&r, 0, sizeof(r)); + memset(request, 0, sizeof(*request)); + + r.certificationRequestInfo.version = pkcs10_v1; + + ret = copy_Name(&req->name->der_name, + &r.certificationRequestInfo.subject); + if (ret) + goto out; + ret = copy_SubjectPublicKeyInfo(&req->key, + &r.certificationRequestInfo.subjectPKInfo); + if (ret) + goto out; + r.certificationRequestInfo.attributes = + calloc(1, sizeof(*r.certificationRequestInfo.attributes)); + if (r.certificationRequestInfo.attributes == NULL) { + ret = ENOMEM; + goto out; + } + + ASN1_MALLOC_ENCODE(CertificationRequestInfo, data.data, data.length, + &r.certificationRequestInfo, &size, ret); + if (ret) + goto out; + if (data.length != size) + abort(); + + ret = _hx509_create_signature(context, + signer, + hx509_signature_rsa_with_sha1(), + &data, + &r.signatureAlgorithm, + &os); + free(data.data); + if (ret) + goto out; + r.signature.data = os.data; + r.signature.length = os.length * 8; + + ASN1_MALLOC_ENCODE(CertificationRequest, data.data, data.length, + &r, &size, ret); + if (ret) + goto out; + if (data.length != size) + abort(); + + *request = data; + +out: + free_CertificationRequest(&r); + + return ret; +} diff --git a/source4/heimdal/lib/hx509/revoke.c b/source4/heimdal/lib/hx509/revoke.c new file mode 100644 index 0000000000..8067b29c10 --- /dev/null +++ b/source4/heimdal/lib/hx509/revoke.c @@ -0,0 +1,1020 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: revoke.c,v 1.32 2006/12/30 17:09:06 lha Exp $"); + +struct revoke_crl { + char *path; + time_t last_modfied; + CRLCertificateList crl; + int verified; +}; + +struct revoke_ocsp { + char *path; + time_t last_modfied; + OCSPBasicOCSPResponse ocsp; + hx509_certs certs; + hx509_cert signer; +}; + + +struct hx509_revoke_ctx_data { + struct { + struct revoke_crl *val; + size_t len; + } crls; + struct { + struct revoke_ocsp *val; + size_t len; + } ocsps; +}; + +int +hx509_revoke_init(hx509_context context, hx509_revoke_ctx *ctx) +{ + *ctx = calloc(1, sizeof(**ctx)); + if (*ctx == NULL) + return ENOMEM; + + (*ctx)->crls.len = 0; + (*ctx)->crls.val = NULL; + (*ctx)->ocsps.len = 0; + (*ctx)->ocsps.val = NULL; + + return 0; +} + +static void +free_ocsp(struct revoke_ocsp *ocsp) +{ + free(ocsp->path); + free_OCSPBasicOCSPResponse(&ocsp->ocsp); + hx509_certs_free(&ocsp->certs); + hx509_cert_free(ocsp->signer); +} + +void +hx509_revoke_free(hx509_revoke_ctx *ctx) +{ + size_t i ; + + if (ctx == NULL || *ctx == NULL) + return; + + for (i = 0; i < (*ctx)->crls.len; i++) { + free((*ctx)->crls.val[i].path); + free_CRLCertificateList(&(*ctx)->crls.val[i].crl); + } + + for (i = 0; i < (*ctx)->ocsps.len; i++) + free_ocsp(&(*ctx)->ocsps.val[i]); + free((*ctx)->ocsps.val); + + free((*ctx)->crls.val); + + memset(*ctx, 0, sizeof(**ctx)); + free(*ctx); + *ctx = NULL; +} + +static int +verify_ocsp(hx509_context context, + struct revoke_ocsp *ocsp, + time_t time_now, + hx509_certs certs, + hx509_cert parent) +{ + hx509_cert signer = NULL; + hx509_query q; + int ret; + + _hx509_query_clear(&q); + + /* + * Need to match on issuer too in case there are two CA that have + * issued the same name to a certificate. One example of this is + * the www.openvalidation.org test's ocsp validator. + */ + + q.match = HX509_QUERY_MATCH_ISSUER_NAME; + q.issuer_name = &_hx509_get_cert(parent)->tbsCertificate.issuer; + + switch(ocsp->ocsp.tbsResponseData.responderID.element) { + case choice_OCSPResponderID_byName: + q.match |= HX509_QUERY_MATCH_SUBJECT_NAME; + q.subject_name = &ocsp->ocsp.tbsResponseData.responderID.u.byName; + break; + case choice_OCSPResponderID_byKey: + q.match |= HX509_QUERY_MATCH_KEY_HASH_SHA1; + q.keyhash_sha1 = &ocsp->ocsp.tbsResponseData.responderID.u.byKey; + break; + } + + ret = hx509_certs_find(context, certs, &q, &signer); + if (ret && ocsp->certs) + ret = hx509_certs_find(context, ocsp->certs, &q, &signer); + if (ret) + goto out; + + /* + * If signer certificate isn't the CA certificate, lets check the + * its the CA that signed the signer certificate and the OCSP EKU + * is set. + */ + if (hx509_cert_cmp(signer, parent) != 0) { + Certificate *p = _hx509_get_cert(parent); + Certificate *s = _hx509_get_cert(signer); + + ret = _hx509_cert_is_parent_cmp(s, p, 0); + if (ret != 0) { + ret = HX509_PARENT_NOT_CA; + hx509_set_error_string(context, 0, ret, "Revoke OSCP signer is " + "doesn't have CA as signer certificate"); + goto out; + } + + ret = _hx509_verify_signature_bitstring(context, + p, + &s->signatureAlgorithm, + &s->tbsCertificate._save, + &s->signatureValue); + if (ret) { + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + "OSCP signer signature invalid"); + goto out; + } + + ret = hx509_cert_check_eku(context, signer, + oid_id_pkix_kp_OCSPSigning(), 0); + if (ret) + goto out; + } + + ret = _hx509_verify_signature_bitstring(context, + _hx509_get_cert(signer), + &ocsp->ocsp.signatureAlgorithm, + &ocsp->ocsp.tbsResponseData._save, + &ocsp->ocsp.signature); + if (ret) { + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + "OSCP signature invalid"); + goto out; + } + + ocsp->signer = signer; + signer = NULL; +out: + if (signer) + hx509_cert_free(signer); + + return ret; +} + +/* + * + */ + +static int +parse_ocsp_basic(const void *data, size_t length, OCSPBasicOCSPResponse *basic) +{ + OCSPResponse resp; + size_t size; + int ret; + + memset(basic, 0, sizeof(*basic)); + + ret = decode_OCSPResponse(data, length, &resp, &size); + if (ret) + return ret; + if (length != size) { + free_OCSPResponse(&resp); + return ASN1_EXTRA_DATA; + } + + switch (resp.responseStatus) { + case successful: + break; + default: + free_OCSPResponse(&resp); + return HX509_REVOKE_WRONG_DATA; + } + + if (resp.responseBytes == NULL) { + free_OCSPResponse(&resp); + return EINVAL; + } + + ret = der_heim_oid_cmp(&resp.responseBytes->responseType, + oid_id_pkix_ocsp_basic()); + if (ret != 0) { + free_OCSPResponse(&resp); + return HX509_REVOKE_WRONG_DATA; + } + + ret = decode_OCSPBasicOCSPResponse(resp.responseBytes->response.data, + resp.responseBytes->response.length, + basic, + &size); + if (ret) { + free_OCSPResponse(&resp); + return ret; + } + if (size != resp.responseBytes->response.length) { + free_OCSPResponse(&resp); + free_OCSPBasicOCSPResponse(basic); + return ASN1_EXTRA_DATA; + } + free_OCSPResponse(&resp); + + return 0; +} + +/* + * + */ + +static int +load_ocsp(hx509_context context, struct revoke_ocsp *ocsp) +{ + OCSPBasicOCSPResponse basic; + hx509_certs certs = NULL; + size_t length; + struct stat sb; + void *data; + int ret; + + ret = _hx509_map_file(ocsp->path, &data, &length, &sb); + if (ret) + return ret; + + ret = parse_ocsp_basic(data, length, &basic); + _hx509_unmap_file(data, length); + if (ret) + return ret; + + if (basic.certs) { + int i; + + ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0, + NULL, &certs); + if (ret) { + free_OCSPBasicOCSPResponse(&basic); + return ret; + } + + for (i = 0; i < basic.certs->len; i++) { + hx509_cert c; + + ret = hx509_cert_init(context, &basic.certs->val[i], &c); + if (ret) + continue; + + ret = hx509_certs_add(context, certs, c); + hx509_cert_free(c); + if (ret) + continue; + } + } + + ocsp->last_modfied = sb.st_mtime; + + free_OCSPBasicOCSPResponse(&ocsp->ocsp); + hx509_certs_free(&ocsp->certs); + hx509_cert_free(ocsp->signer); + + ocsp->ocsp = basic; + ocsp->certs = certs; + ocsp->signer = NULL; + + return 0; +} + +int +hx509_revoke_add_ocsp(hx509_context context, + hx509_revoke_ctx ctx, + const char *path) +{ + void *data; + int ret; + size_t i; + + if (strncmp(path, "FILE:", 5) != 0) { + hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION, + "unsupport type in %s", path); + return HX509_UNSUPPORTED_OPERATION; + } + + path += 5; + + for (i = 0; i < ctx->ocsps.len; i++) { + if (strcmp(ctx->ocsps.val[0].path, path) == 0) + return 0; + } + + data = realloc(ctx->ocsps.val, + (ctx->ocsps.len + 1) * sizeof(ctx->ocsps.val[0])); + if (data == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + + ctx->ocsps.val = data; + + memset(&ctx->ocsps.val[ctx->ocsps.len], 0, + sizeof(ctx->ocsps.val[0])); + + ctx->ocsps.val[ctx->ocsps.len].path = strdup(path); + if (ctx->ocsps.val[ctx->ocsps.len].path == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + + ret = load_ocsp(context, &ctx->ocsps.val[ctx->ocsps.len]); + if (ret) { + free(ctx->ocsps.val[ctx->ocsps.len].path); + return ret; + } + ctx->ocsps.len++; + + return ret; +} + +/* + * + */ + +static int +verify_crl(hx509_context context, + CRLCertificateList *crl, + time_t time_now, + hx509_certs certs, + hx509_cert parent) +{ + hx509_cert signer; + hx509_query q; + time_t t; + int ret; + + t = _hx509_Time2time_t(&crl->tbsCertList.thisUpdate); + if (t > time_now) + return HX509_CRL_USED_BEFORE_TIME; + + if (crl->tbsCertList.nextUpdate == NULL) + return HX509_CRL_INVALID_FORMAT; + + t = _hx509_Time2time_t(crl->tbsCertList.nextUpdate); + if (t < time_now) + return HX509_CRL_USED_AFTER_TIME; + + _hx509_query_clear(&q); + + q.match = HX509_QUERY_MATCH_SUBJECT_NAME; + q.subject_name = &crl->tbsCertList.issuer; + + ret = hx509_certs_find(context, certs, &q, &signer); + if (ret) + return ret; + + /* verify is parent or CRLsigner */ + if (hx509_cert_cmp(signer, parent) != 0) { + Certificate *p = _hx509_get_cert(parent); + Certificate *s = _hx509_get_cert(signer); + + ret = _hx509_cert_is_parent_cmp(s, p, 0); + if (ret != 0) { + ret = HX509_PARENT_NOT_CA; + hx509_set_error_string(context, 0, ret, "Revoke CRL signer is " + "doesn't have CA as signer certificate"); + goto out; + } + + ret = _hx509_verify_signature_bitstring(context, + p, + &s->signatureAlgorithm, + &s->tbsCertificate._save, + &s->signatureValue); + if (ret) { + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + "CRL signer signature invalid"); + goto out; + } + + ret = _hx509_check_key_usage(context, signer, 1 << 6, TRUE); /* crl */ + if (ret != 0) + goto out; + } + + ret = _hx509_verify_signature_bitstring(context, + _hx509_get_cert(signer), + &crl->signatureAlgorithm, + &crl->tbsCertList._save, + &crl->signatureValue); + if (ret) { + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, "CRL signature invalid"); + goto out; + } + +out: + hx509_cert_free(signer); + + return ret; +} + +static int +load_crl(const char *path, time_t *t, CRLCertificateList *crl) +{ + size_t length, size; + struct stat sb; + void *data; + int ret; + + memset(crl, 0, sizeof(*crl)); + + ret = _hx509_map_file(path, &data, &length, &sb); + if (ret) + return ret; + + *t = sb.st_mtime; + + ret = decode_CRLCertificateList(data, length, crl, &size); + _hx509_unmap_file(data, length); + if (ret) + return ret; + + /* check signature is aligned */ + if (crl->signatureValue.length & 7) { + free_CRLCertificateList(crl); + return HX509_CRYPTO_SIG_INVALID_FORMAT; + } + return 0; +} + +int +hx509_revoke_add_crl(hx509_context context, + hx509_revoke_ctx ctx, + const char *path) +{ + void *data; + size_t i; + int ret; + + if (strncmp(path, "FILE:", 5) != 0) { + hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION, + "unsupport type in %s", path); + return HX509_UNSUPPORTED_OPERATION; + } + + + path += 5; + + for (i = 0; i < ctx->crls.len; i++) { + if (strcmp(ctx->crls.val[0].path, path) == 0) + return 0; + } + + data = realloc(ctx->crls.val, + (ctx->crls.len + 1) * sizeof(ctx->crls.val[0])); + if (data == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + ctx->crls.val = data; + + memset(&ctx->crls.val[ctx->crls.len], 0, sizeof(ctx->crls.val[0])); + + ctx->crls.val[ctx->crls.len].path = strdup(path); + if (ctx->crls.val[ctx->crls.len].path == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + + ret = load_crl(path, + &ctx->crls.val[ctx->crls.len].last_modfied, + &ctx->crls.val[ctx->crls.len].crl); + if (ret) { + free(ctx->crls.val[ctx->crls.len].path); + return ret; + } + + ctx->crls.len++; + + return ret; +} + + +int +hx509_revoke_verify(hx509_context context, + hx509_revoke_ctx ctx, + hx509_certs certs, + time_t now, + hx509_cert cert, + hx509_cert parent_cert) +{ + const Certificate *c = _hx509_get_cert(cert); + const Certificate *p = _hx509_get_cert(parent_cert); + unsigned long i, j, k; + int ret; + + for (i = 0; i < ctx->ocsps.len; i++) { + struct revoke_ocsp *ocsp = &ctx->ocsps.val[i]; + struct stat sb; + + /* check this ocsp apply to this cert */ + + /* check if there is a newer version of the file */ + ret = stat(ocsp->path, &sb); + if (ret == 0 && ocsp->last_modfied != sb.st_mtime) { + ret = load_ocsp(context, ocsp); + if (ret) + continue; + } + + /* verify signature in ocsp if not already done */ + if (ocsp->signer == NULL) { + ret = verify_ocsp(context, ocsp, now, certs, parent_cert); + if (ret) + continue; + } + + for (i = 0; i < ocsp->ocsp.tbsResponseData.responses.len; i++) { + heim_octet_string os; + + ret = der_heim_integer_cmp(&ocsp->ocsp.tbsResponseData.responses.val[i].certID.serialNumber, + &c->tbsCertificate.serialNumber); + if (ret != 0) + continue; + + /* verify issuer hashes hash */ + ret = _hx509_verify_signature(context, + NULL, + &ocsp->ocsp.tbsResponseData.responses.val[i].certID.hashAlgorithm, + &c->tbsCertificate.issuer._save, + &ocsp->ocsp.tbsResponseData.responses.val[i].certID.issuerNameHash); + if (ret != 0) + continue; + + os.data = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data; + os.length = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8; + + ret = _hx509_verify_signature(context, + NULL, + &ocsp->ocsp.tbsResponseData.responses.val[i].certID.hashAlgorithm, + &os, + &ocsp->ocsp.tbsResponseData.responses.val[i].certID.issuerKeyHash); + if (ret != 0) + continue; + + switch (ocsp->ocsp.tbsResponseData.responses.val[i].certStatus.element) { + case choice_OCSPCertStatus_good: + break; + case choice_OCSPCertStatus_revoked: + case choice_OCSPCertStatus_unknown: + continue; + } + + /* don't allow the update to be in the future */ + if (ocsp->ocsp.tbsResponseData.responses.val[i].thisUpdate > + now + context->ocsp_time_diff) + continue; + + /* don't allow the next updte to be in the past */ + if (ocsp->ocsp.tbsResponseData.responses.val[i].nextUpdate) { + if (*ocsp->ocsp.tbsResponseData.responses.val[i].nextUpdate < now) + continue; + } else + /* Should force a refetch, but can we ? */; + + return 0; + } + } + + for (i = 0; i < ctx->crls.len; i++) { + struct revoke_crl *crl = &ctx->crls.val[i]; + struct stat sb; + + /* check if cert.issuer == crls.val[i].crl.issuer */ + ret = _hx509_name_cmp(&c->tbsCertificate.issuer, + &crl->crl.tbsCertList.issuer); + if (ret) + continue; + + ret = stat(crl->path, &sb); + if (ret == 0 && crl->last_modfied != sb.st_mtime) { + CRLCertificateList cl; + + ret = load_crl(crl->path, &crl->last_modfied, &cl); + if (ret == 0) { + free_CRLCertificateList(&crl->crl); + crl->crl = cl; + crl->verified = 0; + } + } + + /* verify signature in crl if not already done */ + if (crl->verified == 0) { + ret = verify_crl(context, &crl->crl, now, certs, parent_cert); + if (ret) + return ret; + crl->verified = 1; + } + + if (crl->crl.tbsCertList.crlExtensions) + for (j = 0; j < crl->crl.tbsCertList.crlExtensions->len; j++) + if (crl->crl.tbsCertList.crlExtensions->val[j].critical) + return HX509_CRL_UNKNOWN_EXTENSION; + + if (crl->crl.tbsCertList.revokedCertificates == NULL) + return 0; + + /* check if cert is in crl */ + for (j = 0; j < crl->crl.tbsCertList.revokedCertificates->len; j++) { + time_t t; + + ret = der_heim_integer_cmp(&crl->crl.tbsCertList.revokedCertificates->val[j].userCertificate, + &c->tbsCertificate.serialNumber); + if (ret != 0) + continue; + + t = _hx509_Time2time_t(&crl->crl.tbsCertList.revokedCertificates->val[j].revocationDate); + if (t > now) + continue; + + if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions) + for (k = 0; k < crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->len; k++) + if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->val[k].critical) + return HX509_CRL_UNKNOWN_EXTENSION; + + return HX509_CRL_CERT_REVOKED; + } + + return 0; + } + + + if (context->flags & HX509_CTX_VERIFY_MISSING_OK) + return 0; + return HX509_REVOKE_STATUS_MISSING; +} + +struct ocsp_add_ctx { + OCSPTBSRequest *req; + hx509_certs certs; + const AlgorithmIdentifier *digest; + hx509_cert parent; +}; + +static int +add_to_req(hx509_context context, void *ptr, hx509_cert cert) +{ + struct ocsp_add_ctx *ctx = ptr; + OCSPInnerRequest *one; + hx509_cert parent = NULL; + Certificate *p, *c = _hx509_get_cert(cert); + heim_octet_string os; + int ret; + hx509_query q; + void *d; + + d = realloc(ctx->req->requestList.val, + sizeof(ctx->req->requestList.val[0]) * + (ctx->req->requestList.len + 1)); + if (d == NULL) + return ENOMEM; + ctx->req->requestList.val = d; + + one = &ctx->req->requestList.val[ctx->req->requestList.len]; + memset(one, 0, sizeof(*one)); + + _hx509_query_clear(&q); + + q.match |= HX509_QUERY_FIND_ISSUER_CERT; + q.subject = c; + + ret = hx509_certs_find(context, ctx->certs, &q, &parent); + if (ret) + goto out; + + if (ctx->parent) { + if (hx509_cert_cmp(ctx->parent, parent) != 0) { + ret = HX509_REVOKE_NOT_SAME_PARENT; + hx509_set_error_string(context, 0, ret, + "Not same parent certifate as " + "last certificate in request"); + goto out; + } + } else + ctx->parent = hx509_cert_ref(parent); + + p = _hx509_get_cert(parent); + + ret = copy_AlgorithmIdentifier(ctx->digest, &one->reqCert.hashAlgorithm); + if (ret) + goto out; + + ret = _hx509_create_signature(context, + NULL, + &one->reqCert.hashAlgorithm, + &c->tbsCertificate.issuer._save, + NULL, + &one->reqCert.issuerNameHash); + if (ret) + goto out; + + os.data = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data; + os.length = + p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8; + + ret = _hx509_create_signature(context, + NULL, + &one->reqCert.hashAlgorithm, + &os, + NULL, + &one->reqCert.issuerKeyHash); + if (ret) + goto out; + + ret = copy_CertificateSerialNumber(&c->tbsCertificate.serialNumber, + &one->reqCert.serialNumber); + if (ret) + goto out; + + ctx->req->requestList.len++; +out: + hx509_cert_free(parent); + if (ret) { + free_OCSPInnerRequest(one); + memset(one, 0, sizeof(*one)); + } + + return ret; +} + + +int +hx509_ocsp_request(hx509_context context, + hx509_certs reqcerts, + hx509_certs pool, + hx509_cert signer, + const AlgorithmIdentifier *digest, + heim_octet_string *request, + heim_octet_string *nonce) +{ + OCSPRequest req; + size_t size; + int ret; + struct ocsp_add_ctx ctx; + Extensions *es; + + memset(&req, 0, sizeof(req)); + + if (digest == NULL) + digest = hx509_signature_sha1(); + + ctx.req = &req.tbsRequest; + ctx.certs = pool; + ctx.digest = digest; + ctx.parent = NULL; + + ret = hx509_certs_iter(context, reqcerts, add_to_req, &ctx); + hx509_cert_free(ctx.parent); + if (ret) { + free_OCSPRequest(&req); + return ret; + } + + if (nonce) { + + req.tbsRequest.requestExtensions = + calloc(1, sizeof(*req.tbsRequest.requestExtensions)); + if (req.tbsRequest.requestExtensions == NULL) { + free_OCSPRequest(&req); + return ENOMEM; + } + + es = req.tbsRequest.requestExtensions; + + es->len = 1; + es->val = calloc(es->len, sizeof(es->val[0])); + + ret = der_copy_oid(oid_id_pkix_ocsp_nonce(), &es->val[0].extnID); + if (ret) + abort(); + + es->val[0].extnValue.data = malloc(10); + if (es->val[0].extnValue.data == NULL) { + free_OCSPRequest(&req); + return ENOMEM; + } + es->val[0].extnValue.length = 10; + + ret = RAND_bytes(es->val[0].extnValue.data, + es->val[0].extnValue.length); + if (ret != 1) { + free_OCSPRequest(&req); + return HX509_CRYPTO_INTERNAL_ERROR; + } + } + + ASN1_MALLOC_ENCODE(OCSPRequest, request->data, request->length, + &req, &size, ret); + free_OCSPRequest(&req); + if (ret) + return ret; + if (size != request->length) + _hx509_abort("internal ASN.1 encoder error"); + + + return 0; +} + +static char * +printable_time(time_t t) +{ + static char s[128]; + strlcpy(s, ctime(&t)+ 4, sizeof(s)); + s[20] = 0; + return s; +} + +int +hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out) +{ + struct revoke_ocsp ocsp; + int ret, i; + + if (out == NULL) + out = stdout; + + memset(&ocsp, 0, sizeof(ocsp)); + + ocsp.path = strdup(path); + if (ocsp.path == NULL) + return ENOMEM; + + ret = load_ocsp(context, &ocsp); + if (ret) { + free_ocsp(&ocsp); + return ret; + } + + fprintf(out, "signer: "); + + switch(ocsp.ocsp.tbsResponseData.responderID.element) { + case choice_OCSPResponderID_byName: { + hx509_name n; + char *s; + _hx509_name_from_Name(&ocsp.ocsp.tbsResponseData.responderID.u.byName, &n); + hx509_name_to_string(n, &s); + hx509_name_free(&n); + fprintf(out, " byName: %s\n", s); + free(s); + break; + } + case choice_OCSPResponderID_byKey: { + char *s; + hex_encode(ocsp.ocsp.tbsResponseData.responderID.u.byKey.data, + ocsp.ocsp.tbsResponseData.responderID.u.byKey.length, + &s); + fprintf(out, " byKey: %s\n", s); + free(s); + break; + } + default: + _hx509_abort("choice_OCSPResponderID unknown"); + break; + } + + fprintf(out, "producedAt: %s\n", + printable_time(ocsp.ocsp.tbsResponseData.producedAt)); + + fprintf(out, "replies: %d\n", ocsp.ocsp.tbsResponseData.responses.len); + + for (i = 0; i < ocsp.ocsp.tbsResponseData.responses.len; i++) { + char *status; + switch (ocsp.ocsp.tbsResponseData.responses.val[i].certStatus.element) { + case choice_OCSPCertStatus_good: + status = "good"; + break; + case choice_OCSPCertStatus_revoked: + status = "revoked"; + break; + case choice_OCSPCertStatus_unknown: + status = "unknown"; + break; + default: + status = "element unknown"; + } + + fprintf(out, "\t%d. status: %s\n", i, status); + + fprintf(out, "\tthisUpdate: %s\n", + printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate)); + if (ocsp.ocsp.tbsResponseData.responses.val[i].nextUpdate) + fprintf(out, "\tproducedAt: %s\n", + printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate)); + + } + + fprintf(out, "appended certs:\n"); + if (ocsp.certs) + ret = hx509_certs_iter(context, ocsp.certs, hx509_ci_print_names, out); + + free_ocsp(&ocsp); + return ret; +} + +int +hx509_ocsp_verify(hx509_context context, + time_t now, + hx509_cert cert, + int flags, + const void *data, size_t length, + time_t *expiration) +{ + const Certificate *c = _hx509_get_cert(cert); + OCSPBasicOCSPResponse basic; + int ret, i; + + *expiration = 0; + + ret = parse_ocsp_basic(data, length, &basic); + if (ret) + return ret; + + + for (i = 0; i < basic.tbsResponseData.responses.len; i++) { + + ret = der_heim_integer_cmp(&basic.tbsResponseData.responses.val[i].certID.serialNumber, + &c->tbsCertificate.serialNumber); + if (ret != 0) + continue; + + /* verify issuer hashes hash */ + ret = _hx509_verify_signature(context, + NULL, + &basic.tbsResponseData.responses.val[i].certID.hashAlgorithm, + &c->tbsCertificate.issuer._save, + &basic.tbsResponseData.responses.val[i].certID.issuerNameHash); + if (ret != 0) + continue; + + switch (basic.tbsResponseData.responses.val[i].certStatus.element) { + case choice_OCSPCertStatus_good: + break; + case choice_OCSPCertStatus_revoked: + case choice_OCSPCertStatus_unknown: + continue; + } + + /* don't allow the update to be in the future */ + if (basic.tbsResponseData.responses.val[i].thisUpdate > + now + context->ocsp_time_diff) + continue; + + /* don't allow the next updte to be in the past */ + if (basic.tbsResponseData.responses.val[i].nextUpdate) { + if (*basic.tbsResponseData.responses.val[i].nextUpdate < now) + continue; + } else + continue; + + *expiration = *basic.tbsResponseData.responses.val[i].nextUpdate; + + return 0; + } + free_OCSPBasicOCSPResponse(&basic); + + return 0; +} diff --git a/source4/heimdal/lib/hx509/test_name.c b/source4/heimdal/lib/hx509/test_name.c new file mode 100644 index 0000000000..9017e54ab1 --- /dev/null +++ b/source4/heimdal/lib/hx509/test_name.c @@ -0,0 +1,92 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: test_name.c,v 1.6 2006/12/30 23:04:54 lha Exp $"); + +static int +test_name(hx509_context context, const char *name) +{ + hx509_name n; + char *s; + int ret; + + ret = hx509_parse_name(context, name, &n); + if (ret) + return 1; + + ret = hx509_name_to_string(n, &s); + if (ret) + return 1; + + if (strcmp(s, name) != 0) + return 1; + + hx509_name_free(&n); + free(s); + + return 0; +} + +static int +test_name_fail(hx509_context context, const char *name) +{ + hx509_name n; + + if (hx509_parse_name(context, name, &n) == HX509_NAME_MALFORMED) + return 0; + hx509_name_free(&n); + return 1; +} + +int +main(int argc, char **argv) +{ + hx509_context context; + int ret = 0; + + ret = hx509_context_init(&context); + if (ret) + errx(1, "hx509_context_init failed with %d", ret); + + ret += test_name(context, "CN=foo,C=SE"); + ret += test_name(context, "CN=foo,CN=kaka,CN=FOO,DC=ad1,C=SE"); + ret += test_name(context, "1.2.3.4=foo,C=SE"); + ret += test_name_fail(context, "="); + ret += test_name_fail(context, "CN=foo,=foo"); + ret += test_name_fail(context, "CN=foo,really-unknown-type=foo"); + + hx509_context_free(&context); + + return ret; +} diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c index 004926bc89..d20c24699b 100644 --- a/source4/heimdal/lib/krb5/acache.c +++ b/source4/heimdal/lib/krb5/acache.c @@ -37,7 +37,7 @@ #include #endif -RCSID("$Id: acache.c,v 1.16 2006/10/19 11:41:38 lha Exp $"); +RCSID("$Id: acache.c,v 1.17 2007/01/08 15:31:01 lha Exp $"); /* XXX should we fetch these for each open ? */ static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; @@ -106,7 +106,12 @@ init_ccapi(krb5_context context) } #ifdef HAVE_DLOPEN - cc_handle = dlopen(lib, 0); + +#ifndef RTLD_LAZY +#define RTLD_LAZY 0 +#endif + + cc_handle = dlopen(lib, RTLD_LAZY); if (cc_handle == NULL) { HEIMDAL_MUTEX_unlock(&acc_mutex); krb5_set_error_string(context, "Failed to load %s", lib); diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c index 66051303ed..bbd9cf4c78 100644 --- a/source4/heimdal/lib/krb5/config_file.c +++ b/source4/heimdal/lib/krb5/config_file.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file.c,v 1.54 2006/04/02 00:59:19 lha Exp $"); +RCSID("$Id: config_file.c,v 1.55 2006/12/04 23:35:54 lha Exp $"); #ifndef HAVE_NETINFO @@ -158,8 +158,7 @@ parse_list(struct fileptr *f, unsigned *lineno, krb5_config_binding **parent, char *p; ++*lineno; - if (buf[strlen(buf) - 1] == '\n') - buf[strlen(buf) - 1] = '\0'; + buf[strcspn(buf, "\r\n")] = '\0'; p = buf; while(isspace((unsigned char)*p)) ++p; @@ -255,8 +254,7 @@ krb5_config_parse_debug (struct fileptr *f, char *p; ++*lineno; - if(buf[strlen(buf) - 1] == '\n') - buf[strlen(buf) - 1] = '\0'; + buf[strcspn(buf, "\r\n")] = '\0'; p = buf; while(isspace((unsigned char)*p)) ++p; diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index f3b0fad347..d0317da375 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: context.c,v 1.111 2006/11/08 02:55:46 lha Exp $"); +RCSID("$Id: context.c,v 1.112 2006/11/24 14:24:33 lha Exp $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -180,7 +180,7 @@ init_context_from_config_file(krb5_context context) /* prefer dns_lookup_kdc over srv_lookup. */ INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc"); - INIT_FIELD(context, int, large_msg_size, 6000, "large_message_size"); + INIT_FIELD(context, int, large_msg_size, 1400, "large_message_size"); INIT_FIELD(context, bool, dns_canonicalize_hostname, TRUE, "dns_canonicalize_hostname"); context->default_cc_name = NULL; return 0; diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 9f6ef6b82b..6d4a81baa8 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.145 2006/10/22 07:32:40 lha Exp $"); +RCSID("$Id: crypto.c,v 1.146 2006/11/17 21:58:47 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -1075,6 +1075,21 @@ krb5_enctype_keysize(krb5_context context, return 0; } +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_keybits(krb5_context context, + krb5_enctype type, + size_t *keybits) +{ + struct encryption_type *et = _find_enctype(type); + if(et == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + type); + return KRB5_PROG_ETYPE_NOSUPP; + } + *keybits = et->keytype->bits; + return 0; +} + krb5_error_code KRB5_LIB_FUNCTION krb5_generate_random_keyblock(krb5_context context, krb5_enctype type, diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c index 79b809d2a2..7441509e38 100644 --- a/source4/heimdal/lib/krb5/fcache.c +++ b/source4/heimdal/lib/krb5/fcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: fcache.c,v 1.52 2006/04/02 01:04:37 lha Exp $"); +RCSID("$Id: fcache.c,v 1.54 2006/12/15 21:35:52 lha Exp $"); typedef struct krb5_fcache{ char *filename; @@ -699,6 +699,62 @@ fcc_get_version(krb5_context context, return FCACHE(id)->version; } +struct fcache_iter { + int first; +}; + +static krb5_error_code +fcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) +{ + struct fcache_iter *iter; + + iter = calloc(1, sizeof(*iter)); + if (iter == NULL) { + krb5_set_error_string(context, "malloc - out of memory"); + return ENOMEM; + } + iter->first = 1; + *cursor = iter; + return 0; +} + +static krb5_error_code +fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) +{ + struct fcache_iter *iter = cursor; + krb5_error_code ret; + const char *fn; + char *expandedfn = NULL; + + if (!iter->first) { + krb5_clear_error_string(context); + return KRB5_CC_END; + } + iter->first = 0; + + fn = krb5_cc_default_name(context); + if (strncasecmp(fn, "FILE:", 5) != 0) { + ret = _krb5_expand_default_cc_name(context, + KRB5_DEFAULT_CCNAME_FILE, + &expandedfn); + if (ret) + return ret; + } + ret = krb5_cc_resolve(context, fn, id); + if (expandedfn) + free(expandedfn); + + return ret; +} + +static krb5_error_code +fcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) +{ + struct fcache_iter *iter = cursor; + free(iter); + return 0; +} + const krb5_cc_ops krb5_fcc_ops = { "FILE", fcc_get_name, @@ -715,5 +771,8 @@ const krb5_cc_ops krb5_fcc_ops = { fcc_end_get, fcc_remove_cred, fcc_set_flags, - fcc_get_version + fcc_get_version, + fcc_get_cache_first, + fcc_get_cache_next, + fcc_end_cache_get }; diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index b404c30f6e..663b5e7f1b 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_cred.c,v 1.112 2006/06/06 21:22:54 lha Exp $"); +RCSID("$Id: get_cred.c,v 1.113 2006/11/21 05:14:01 lha Exp $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -458,7 +458,7 @@ get_cred_kdc_usage(krb5_context context, ret = krb5_create_checksum(context, crypto, - KRB5_KU_TGS_IMPERSONATE, + KRB5_KU_OTHER_CKSUM, 0, data.data, data.length, diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c index 6dacb316d8..a331524a7e 100644 --- a/source4/heimdal/lib/krb5/init_creds.c +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds.c,v 1.28 2006/09/04 14:28:54 lha Exp $"); +RCSID("$Id: init_creds.c,v 1.30 2006/11/23 16:27:36 lha Exp $"); void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) @@ -130,9 +130,10 @@ _krb5_get_init_creds_opt_set_krb5_error(krb5_context context, void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_free(krb5_get_init_creds_opt *opt) +krb5_get_init_creds_opt_free(krb5_context context, + krb5_get_init_creds_opt *opt) { - if (opt->opt_private == NULL) + if (opt == NULL || opt->opt_private == NULL) return; if (opt->opt_private->refcount < 1) /* abort ? */ return; diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index d43ae0ae6f..f6f6eac7d5 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c,v 1.101 2006/10/02 12:00:59 lha Exp $"); +RCSID("$Id: init_creds_pw.c,v 1.105 2007/01/09 10:44:59 lha Exp $"); typedef struct krb5_get_init_creds_ctx { KDCOptions flags; @@ -656,7 +656,7 @@ free_paid(krb5_context context, struct pa_info_data *ppaid) { krb5_free_salt(context, ppaid->salt); if (ppaid->s2kparams) - krb5_data_free(ppaid->s2kparams); + krb5_free_data(context, ppaid->s2kparams); } @@ -729,8 +729,8 @@ pa_etype_info2(krb5_context context, if (e.val[i].salt == NULL) krb5_free_salt(context, salt); if (ret == 0) { - free_ETYPE_INFO2(&e); - return paid; + free_ETYPE_INFO2(&e); + return paid; } } } @@ -1092,23 +1092,31 @@ process_pa_data_to_md(krb5_context context, (*out_md)->len = 0; (*out_md)->val = NULL; - if (in_md->len != 0) { - struct pa_info_data paid, *ppaid; + /* + * Make sure we don't sent both ENC-TS and PK-INIT pa data, no + * need to expose our password protecting our PKCS12 key. + */ - memset(&paid, 0, sizeof(paid)); + if (ctx->pk_init_ctx) { + + ret = pa_data_to_md_pkinit(context, a, creds->client, ctx, *out_md); + if (ret) + return ret; + } else if (in_md->len != 0) { + struct pa_info_data paid, *ppaid; + + memset(&paid, 0, sizeof(paid)); + paid.etype = ENCTYPE_NULL; ppaid = process_pa_info(context, creds->client, a, &paid, in_md); - + pa_data_to_md_ts_enc(context, a, creds->client, ctx, ppaid, *out_md); if (ppaid) free_paid(context, ppaid); } pa_data_add_pac_request(context, ctx, *out_md); - ret = pa_data_to_md_pkinit(context, a, creds->client, ctx, *out_md); - if (ret) - return ret; if ((*out_md)->len == 0) { free(*out_md); @@ -1503,7 +1511,7 @@ krb5_get_init_creds_password(krb5_context context, free (q); if (ret) { memset (buf, 0, sizeof(buf)); - krb5_get_init_creds_opt_free(options); + krb5_get_init_creds_opt_free(context, options); ret = KRB5_LIBOS_PWDINTR; krb5_clear_error_string (context); return ret; @@ -1515,7 +1523,7 @@ krb5_get_init_creds_password(krb5_context context, ret = krb5_get_init_creds_opt_set_pa_password(context, options, password, NULL); if (ret) { - krb5_get_init_creds_opt_free(options); + krb5_get_init_creds_opt_free(context, options); memset(buf, 0, sizeof(buf)); return ret; } @@ -1523,7 +1531,7 @@ krb5_get_init_creds_password(krb5_context context, ret = krb5_get_init_creds(context, creds, client, prompter, data, start_time, in_tkt_service, options); - krb5_get_init_creds_opt_free(options); + krb5_get_init_creds_opt_free(context, options); memset(buf, 0, sizeof(buf)); return ret; } diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index ba2f75ad22..c3e5732753 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -73,15 +73,6 @@ _krb5_extract_ticket ( krb5_decrypt_proc /*decrypt_proc*/, krb5_const_pointer /*decryptarg*/); -int -_krb5_find_type_in_ad ( - krb5_context /*context*/, - int /*type*/, - krb5_data */*data*/, - krb5_boolean */*found*/, - krb5_keyblock */*sessionkey*/, - const AuthorizationData */*ad*/); - void _krb5_free_krbhst_info (krb5_krbhst_info */*hi*/); @@ -299,37 +290,16 @@ _krb5_oid_to_enctype ( const heim_oid */*oid*/, krb5_enctype */*etype*/); -void -_krb5_pac_free ( - krb5_context /*context*/, - struct krb5_pac */*pac*/); - -krb5_error_code -_krb5_pac_parse ( - krb5_context /*context*/, - const void */*ptr*/, - size_t /*len*/, - struct krb5_pac **/*pac*/); - krb5_error_code _krb5_pac_sign ( krb5_context /*context*/, struct krb5_pac */*p*/, time_t /*authtime*/, krb5_principal /*principal*/, - krb5_keyblock */*server_key*/, - krb5_keyblock */*priv_key*/, + const krb5_keyblock */*server_key*/, + const krb5_keyblock */*priv_key*/, krb5_data */*data*/); -krb5_error_code -_krb5_pac_verify ( - krb5_context /*context*/, - struct krb5_pac */*pac*/, - time_t /*authtime*/, - krb5_principal /*principal*/, - krb5_keyblock */*server*/, - krb5_keyblock */*privsvr*/); - krb5_error_code _krb5_parse_moduli ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 8b61e8d7d2..9dfe487b0a 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -499,10 +499,11 @@ krb5_boolean KRB5_LIB_FUNCTION krb5_c_is_keyed_cksum (krb5_cksumtype /*ctype*/); krb5_error_code KRB5_LIB_FUNCTION -krb5_c_keylength ( +krb5_c_keylengths ( krb5_context /*context*/, krb5_enctype /*enctype*/, - size_t */*len*/); + size_t */*ilen*/, + size_t */*keylen*/); krb5_error_code KRB5_LIB_FUNCTION krb5_c_make_checksum ( @@ -1519,6 +1520,12 @@ krb5_enctype_disable ( krb5_context /*context*/, krb5_enctype /*enctype*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_keybits ( + krb5_context /*context*/, + krb5_enctype /*type*/, + size_t */*keybits*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_enctype_keysize ( krb5_context /*context*/, @@ -2021,7 +2028,9 @@ krb5_get_init_creds_opt_alloc ( krb5_get_init_creds_opt **/*opt*/); void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_free (krb5_get_init_creds_opt */*opt*/); +krb5_get_init_creds_opt_free ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/); krb5_error_code KRB5_LIB_FUNCTION krb5_get_init_creds_opt_get_error ( @@ -2189,6 +2198,9 @@ krb5_get_server_rcache ( krb5_boolean KRB5_LIB_FUNCTION krb5_get_use_admin_kdc (krb5_context /*context*/); +krb5_log_facility * KRB5_LIB_FUNCTION +krb5_get_warn_dest (krb5_context /*context*/); + size_t krb5_get_wrapped_length ( krb5_context /*context*/, @@ -2609,12 +2621,172 @@ krb5_net_write_block ( size_t /*len*/, time_t /*timeout*/); +krb5_error_code +krb5_ntlm_alloc ( + krb5_context /*context*/, + krb5_ntlm */*ntlm*/); + +krb5_error_code +krb5_ntlm_free ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/); + +krb5_error_code +krb5_ntlm_init_get_challange ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + krb5_data */*challange*/); + +krb5_error_code +krb5_ntlm_init_get_flags ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + uint32_t */*flags*/); + +krb5_error_code +krb5_ntlm_init_get_opaque ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + krb5_data */*opaque*/); + +krb5_error_code +krb5_ntlm_init_get_targetinfo ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + krb5_data */*data*/); + +krb5_error_code +krb5_ntlm_init_get_targetname ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + char **/*name*/); + +krb5_error_code +krb5_ntlm_init_request ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + krb5_realm /*realm*/, + krb5_ccache /*ccache*/, + uint32_t /*flags*/, + const char */*hostname*/, + const char */*domainname*/); + +krb5_error_code +krb5_ntlm_rep_get_sessionkey ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + krb5_data */*data*/); + +krb5_boolean +krb5_ntlm_rep_get_status ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/); + +krb5_error_code +krb5_ntlm_req_set_flags ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + uint32_t /*flags*/); + +krb5_error_code +krb5_ntlm_req_set_lm ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + void */*hash*/, + size_t /*len*/); + +krb5_error_code +krb5_ntlm_req_set_ntlm ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + void */*hash*/, + size_t /*len*/); + +krb5_error_code +krb5_ntlm_req_set_opaque ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + krb5_data */*opaque*/); + +krb5_error_code +krb5_ntlm_req_set_session ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + void */*sessionkey*/, + size_t /*length*/); + +krb5_error_code +krb5_ntlm_req_set_targetname ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + const char */*targetname*/); + +krb5_error_code +krb5_ntlm_req_set_username ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + const char */*username*/); + +krb5_error_code +krb5_ntlm_request ( + krb5_context /*context*/, + krb5_ntlm /*ntlm*/, + krb5_realm /*realm*/, + krb5_ccache /*ccache*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_openlog ( krb5_context /*context*/, const char */*program*/, krb5_log_facility **/*fac*/); +krb5_error_code +krb5_pac_add_buffer ( + krb5_context /*context*/, + struct krb5_pac */*p*/, + uint32_t /*type*/, + const krb5_data */*data*/); + +void +krb5_pac_free ( + krb5_context /*context*/, + struct krb5_pac */*pac*/); + +krb5_error_code +krb5_pac_get_buffer ( + krb5_context /*context*/, + struct krb5_pac */*p*/, + uint32_t /*type*/, + krb5_data */*data*/); + +krb5_error_code +krb5_pac_get_types ( + krb5_context /*context*/, + struct krb5_pac */*p*/, + size_t */*len*/, + uint32_t **/*types*/); + +krb5_error_code +krb5_pac_init ( + krb5_context /*context*/, + struct krb5_pac **/*pac*/); + +krb5_error_code +krb5_pac_parse ( + krb5_context /*context*/, + const void */*ptr*/, + size_t /*len*/, + struct krb5_pac **/*pac*/); + +krb5_error_code +krb5_pac_verify ( + krb5_context /*context*/, + const struct krb5_pac */*pac*/, + time_t /*authtime*/, + krb5_const_principal /*principal*/, + const krb5_keyblock */*server*/, + const krb5_keyblock */*privsvr*/); + int KRB5_LIB_FUNCTION krb5_padata_add ( krb5_context /*context*/, @@ -2904,6 +3076,12 @@ krb5_rd_req_in_set_keytab ( krb5_rd_req_in_ctx /*in*/, krb5_keytab /*keytab*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_in_set_pac_check ( + krb5_context /*context*/, + krb5_rd_req_in_ctx /*in*/, + krb5_boolean /*flag*/); + void KRB5_LIB_FUNCTION krb5_rd_req_out_ctx_free ( krb5_context /*context*/, @@ -3515,6 +3693,11 @@ krb5_ticket_get_client ( const krb5_ticket */*ticket*/, krb5_principal */*client*/); +time_t KRB5_LIB_FUNCTION +krb5_ticket_get_endtime ( + krb5_context /*context*/, + const krb5_ticket */*ticket*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_ticket_get_server ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index 1b26e8b3e7..55a83fb533 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.255 2006/11/12 08:33:07 lha Exp $ */ +/* $Id: krb5.h,v 1.259 2007/01/03 18:51:52 lha Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -77,8 +77,10 @@ typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt; struct krb5_digest; typedef struct krb5_digest *krb5_digest; +struct krb5_ntlm; +typedef struct krb5_ntlm *krb5_ntlm; -struct krb5_pac; +typedef struct krb5_pac *krb5_pac; typedef struct krb5_rd_req_in_ctx *krb5_rd_req_in_ctx; typedef struct krb5_rd_req_out_ctx *krb5_rd_req_out_ctx; @@ -216,8 +218,6 @@ typedef enum krb5_key_usage { /* Keyusage for the server referral in a TGS req */ KRB5_KU_SAM_ENC_NONCE_SAD = 27, /* Encryption of the SAM-NONCE-OR-SAD field */ - KRB5_KU_TGS_IMPERSONATE = -17, - /* Checksum type used in the impersonate field */ KRB5_KU_DIGEST_ENCRYPT = -18, /* Encryption key usage used in the digest encryption field */ KRB5_KU_DIGEST_OPAQUE = -19, @@ -716,6 +716,7 @@ typedef struct krb5_krbhst_data *krb5_krbhst_handle; #define KRB5_KRBHST_ADMIN 2 #define KRB5_KRBHST_CHANGEPW 3 #define KRB5_KRBHST_KRB524 4 +#define KRB5_KRBHST_KCA 5 typedef struct krb5_krbhst_info { enum { KRB5_KRBHST_UDP, diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index 3fb5461b3c..35d046c8d9 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h,v 1.93 2006/10/20 18:13:31 lha Exp $ */ +/* $Id: krb5_locl.h,v 1.97 2006/12/15 16:46:51 lha Exp $ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ @@ -239,20 +239,20 @@ typedef struct krb5_context_data { int large_msg_size; int dns_canonicalize_hostname; struct send_to_kdc *send_to_kdc; - void *mem_ctx; /* Some parts of Samba4 need a valid - memory context (under the event - context) to use */ } krb5_context_data; +#define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}" +#define KRB5_DEFAULT_CCNAME_API "API:" + /* * Configurable options */ #ifndef KRB5_DEFAULT_CCNAME #ifdef __APPLE__ -#define KRB5_DEFAULT_CCNAME "API:" +#define KRB5_DEFAULT_CCNAME KRB5_DEFAULT_CCNAME_API #else -#define KRB5_DEFAULT_CCNAME "FILE:/tmp/krb5cc_%{uid}" +#define KRB5_DEFAULT_CCNAME KRB5_DEFAULT_CCNAME_FILE #endif #endif diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c index f395f0d0c3..3e281e5c63 100644 --- a/source4/heimdal/lib/krb5/krbhst.c +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -35,7 +35,7 @@ #include #include "locate_plugin.h" -RCSID("$Id: krbhst.c,v 1.58 2006/11/12 20:05:20 lha Exp $"); +RCSID("$Id: krbhst.c,v 1.61 2006/11/30 17:23:08 lha Exp $"); static int string_to_proto(const char *string) @@ -493,7 +493,7 @@ add_locate(void *ctx, int type, struct sockaddr *addr) if (ret != 0) return 0; - memset(&hints, 0, sizeof(hints)); + make_hints(&hints, krbhst_get_default_proto(kd)); ret = getaddrinfo(host, port, &hints, &ai); if (ret) return 0; @@ -521,7 +521,7 @@ plugin_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, enum locate_service_type type) { - struct krb5_plugin *list, *e; + struct krb5_plugin *list = NULL, *e; krb5_error_code ret; ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "resolve", &list); @@ -619,6 +619,13 @@ admin_get_next(krb5_context context, { krb5_error_code ret; + if ((kd->flags & KD_PLUGIN) == 0) { + plugin_get_hosts(context, kd, locate_service_kadmin); + kd->flags |= KD_PLUGIN; + if(get_next(kd, host)) + return 0; + } + if((kd->flags & KD_CONFIG) == 0) { config_get_hosts(context, kd, "admin_server"); kd->flags |= KD_CONFIG; @@ -660,6 +667,13 @@ kpasswd_get_next(krb5_context context, { krb5_error_code ret; + if ((kd->flags & KD_PLUGIN) == 0) { + plugin_get_hosts(context, kd, locate_service_kpasswd); + kd->flags |= KD_PLUGIN; + if(get_next(kd, host)) + return 0; + } + if((kd->flags & KD_CONFIG) == 0) { config_get_hosts(context, kd, "kpasswd_server"); kd->flags |= KD_CONFIG; @@ -705,6 +719,13 @@ krb524_get_next(krb5_context context, struct krb5_krbhst_data *kd, krb5_krbhst_info **host) { + if ((kd->flags & KD_PLUGIN) == 0) { + plugin_get_hosts(context, kd, locate_service_krb524); + kd->flags |= KD_PLUGIN; + if(get_next(kd, host)) + return 0; + } + if((kd->flags & KD_CONFIG) == 0) { config_get_hosts(context, kd, "krb524_server"); if(get_next(kd, host)) diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c index e6fcb6bbb9..9523ca848c 100644 --- a/source4/heimdal/lib/krb5/log.c +++ b/source4/heimdal/lib/krb5/log.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: log.c,v 1.39 2006/04/24 15:09:27 lha Exp $"); +RCSID("$Id: log.c,v 1.40 2006/11/21 08:08:46 lha Exp $"); struct facility { int min; diff --git a/source4/heimdal/lib/krb5/mit_glue.c b/source4/heimdal/lib/krb5/mit_glue.c index 493c4cd845..c4d3ff5390 100755 --- a/source4/heimdal/lib/krb5/mit_glue.c +++ b/source4/heimdal/lib/krb5/mit_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: mit_glue.c,v 1.9 2006/11/09 21:24:16 lha Exp $"); +RCSID("$Id: mit_glue.c,v 1.12 2006/11/17 22:17:46 lha Exp $"); /* * Glue for MIT API @@ -327,9 +327,16 @@ krb5_c_make_random_key(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_c_keylength(krb5_context context, - krb5_enctype enctype, - size_t *len) +krb5_c_keylengths(krb5_context context, + krb5_enctype enctype, + size_t *ilen, + size_t *keylen) { - return krb5_enctype_keysize(context, enctype, len); + krb5_error_code ret; + + ret = krb5_enctype_keybits(context, enctype, ilen); + if (ret) + return ret; + *ilen = (*ilen + 7) / 8; + return krb5_enctype_keysize(context, enctype, keylen); } diff --git a/source4/heimdal/lib/krb5/mk_req_ext.c b/source4/heimdal/lib/krb5/mk_req_ext.c index 18b0e3552f..8646c4ebea 100644 --- a/source4/heimdal/lib/krb5/mk_req_ext.c +++ b/source4/heimdal/lib/krb5/mk_req_ext.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_req_ext.c,v 1.32 2006/03/19 20:33:13 lha Exp $"); +RCSID("$Id: mk_req_ext.c,v 1.33 2006/12/27 12:07:22 lha Exp $"); krb5_error_code _krb5_mk_req_internal(krb5_context context, @@ -91,7 +91,9 @@ _krb5_mk_req_internal(krb5_context context, in_data->length, &c); } else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 || - ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56) { + ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56 || + ac->keyblock->keytype == ETYPE_DES_CBC_MD4 || + ac->keyblock->keytype == ETYPE_DES_CBC_MD5) { /* this is to make MS kdc happy */ ret = krb5_create_checksum(context, NULL, diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c new file mode 100644 index 0000000000..5bc7235459 --- /dev/null +++ b/source4/heimdal/lib/krb5/pac.c @@ -0,0 +1,1034 @@ +/* + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: pac.c,v 1.13 2007/01/09 11:22:56 lha Exp $"); + +struct PAC_INFO_BUFFER { + uint32_t type; + uint32_t buffersize; + uint32_t offset_hi; + uint32_t offset_lo; +}; + +struct PACTYPE { + uint32_t numbuffers; + uint32_t version; + struct PAC_INFO_BUFFER buffers[1]; +}; + +struct krb5_pac { + struct PACTYPE *pac; + krb5_data data; + struct PAC_INFO_BUFFER *server_checksum; + struct PAC_INFO_BUFFER *privsvr_checksum; + struct PAC_INFO_BUFFER *logon_name; +}; + +#define PAC_ALIGNMENT 8 + +#define PACTYPE_SIZE 8 +#define PAC_INFO_BUFFER_SIZE 16 + +#define PAC_SERVER_CHECKSUM 6 +#define PAC_PRIVSVR_CHECKSUM 7 +#define PAC_LOGON_NAME 10 + +#define CHECK(r,f,l) \ + do { \ + if (((r) = f ) != 0) { \ + krb5_clear_error_string(context); \ + goto l; \ + } \ + } while(0) + +static const char zeros[PAC_ALIGNMENT] = { 0 }; + +/* + * + */ + +krb5_error_code +krb5_pac_parse(krb5_context context, const void *ptr, size_t len, + struct krb5_pac **pac) +{ + krb5_error_code ret; + struct krb5_pac *p; + krb5_storage *sp = NULL; + uint32_t i, tmp, tmp2, header_end; + + p = calloc(1, sizeof(*p)); + if (p == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "out of memory"); + goto out; + } + + sp = krb5_storage_from_readonly_mem(ptr, len); + if (sp == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "out of memory"); + goto out; + } + krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); + + CHECK(ret, krb5_ret_uint32(sp, &tmp), out); + CHECK(ret, krb5_ret_uint32(sp, &tmp2), out); + if (tmp < 1) { + krb5_set_error_string(context, "PAC have too few buffer"); + ret = EINVAL; /* Too few buffers */ + goto out; + } + if (tmp2 != 0) { + krb5_set_error_string(context, "PAC have wrong version"); + ret = EINVAL; /* Wrong version */ + goto out; + } + + p->pac = calloc(1, + sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1))); + if (p->pac == NULL) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + + p->pac->numbuffers = tmp; + p->pac->version = tmp2; + + header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers); + if (header_end > len) { + ret = EINVAL; + goto out; + } + + for (i = 0; i < p->pac->numbuffers; i++) { + CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].type), out); + CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].buffersize), out); + CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_lo), out); + CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_hi), out); + + /* consistency checks */ + if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) { + krb5_set_error_string(context, "PAC out of allignment"); + ret = EINVAL; + goto out; + } + if (p->pac->buffers[i].offset_hi) { + krb5_set_error_string(context, "PAC high offset set"); + ret = EINVAL; + goto out; + } + if (p->pac->buffers[i].offset_lo > len) { + krb5_set_error_string(context, "PAC offset off end"); + ret = EINVAL; + goto out; + } + if (p->pac->buffers[i].offset_lo < header_end) { + krb5_set_error_string(context, "PAC offset inside header: %d %d", + p->pac->buffers[i].offset_lo, header_end); + ret = EINVAL; + goto out; + } + if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){ + krb5_set_error_string(context, "PAC length off end"); + ret = EINVAL; + goto out; + } + + /* let save pointer to data we need later */ + if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) { + if (p->server_checksum) { + krb5_set_error_string(context, "PAC have two server checksums"); + ret = EINVAL; + goto out; + } + p->server_checksum = &p->pac->buffers[i]; + } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) { + if (p->privsvr_checksum) { + krb5_set_error_string(context, "PAC have two KDC checksums"); + ret = EINVAL; + goto out; + } + p->privsvr_checksum = &p->pac->buffers[i]; + } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) { + if (p->logon_name) { + krb5_set_error_string(context, "PAC have two logon names"); + ret = EINVAL; + goto out; + } + p->logon_name = &p->pac->buffers[i]; + } + } + + ret = krb5_data_copy(&p->data, ptr, len); + if (ret) + goto out; + + krb5_storage_free(sp); + + *pac = p; + return 0; + +out: + if (sp) + krb5_storage_free(sp); + if (p) { + if (p->pac) + free(p->pac); + free(p); + } + *pac = NULL; + + return ret; +} + +krb5_error_code +krb5_pac_init(krb5_context context, struct krb5_pac **pac) +{ + krb5_error_code ret; + struct krb5_pac *p; + + p = calloc(1, sizeof(*p)); + if (p == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + + p->pac = calloc(1, sizeof(*p->pac)); + if (p->pac == NULL) { + free(p); + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + + ret = krb5_data_alloc(&p->data, PACTYPE_SIZE); + if (ret) { + free (p->pac); + free(p); + krb5_set_error_string(context, "out of memory"); + return ret; + } + + + *pac = p; + return 0; +} + +krb5_error_code +krb5_pac_add_buffer(krb5_context context, struct krb5_pac *p, + uint32_t type, const krb5_data *data) +{ + krb5_error_code ret; + void *ptr; + size_t len, offset, header_end; + uint32_t i; + + len = p->pac->numbuffers + 1; + if (len < p->pac->numbuffers) + return EINVAL; + + ptr = realloc(p->pac, + sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len)); + if (ptr == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + p->pac = ptr; + + for (i = 0; i < len; i++) + p->pac->buffers[i].offset_lo += PAC_INFO_BUFFER_SIZE; + + offset = p->data.length + PAC_INFO_BUFFER_SIZE; + + p->pac->buffers[len - 1].type = type; + p->pac->buffers[len - 1].buffersize = data->length; + p->pac->buffers[len - 1].offset_lo = offset; + p->pac->buffers[len - 1].offset_hi = 0; + + len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE; + if (len < p->data.length) { + krb5_set_error_string(context, "integer overrun"); + return EINVAL; + } + + /* align to PAC_ALIGNMENT */ + len = ((len + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT; + + ret = krb5_data_realloc(&p->data, len); + if (ret) { + krb5_set_error_string(context, "out of memory"); + return ret; + } + + /* make place for PAC INFO BUFFER header */ + header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers); + memmove((unsigned char *)p->data.data + header_end, + (unsigned char *)p->data.data + header_end + PAC_INFO_BUFFER_SIZE, + PAC_INFO_BUFFER_SIZE); + + /* + * + */ + + memcpy((unsigned char *)p->data.data + offset, + data->data, data->length); + memset((unsigned char *)p->data.data + offset + data->length, + 0, p->data.length - offset - data->length); + + p->pac->numbuffers += 1; + + return 0; +} + +krb5_error_code +krb5_pac_get_buffer(krb5_context context, struct krb5_pac *p, + uint32_t type, krb5_data *data) +{ + krb5_error_code ret; + uint32_t i; + + /* + * Hide the checksums from external consumers + */ + + if (type == PAC_PRIVSVR_CHECKSUM || type == PAC_SERVER_CHECKSUM) { + ret = krb5_data_alloc(data, 16); + if (ret) { + krb5_set_error_string(context, "out of memory"); + return ret; + } + memset(data->data, 0, data->length); + return 0; + } + + for (i = 0; i < p->pac->numbuffers; i++) { + size_t len = p->pac->buffers[i].buffersize; + size_t offset = p->pac->buffers[i].offset_lo; + + if (p->pac->buffers[i].type != type) + continue; + + ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len); + if (ret) { + krb5_set_error_string(context, "Out of memory"); + return ret; + } + return 0; + } + krb5_set_error_string(context, "No PAC buffer of type %lu was found", + (unsigned long)type); + return ENOENT; +} + +/* + * + */ + +krb5_error_code +krb5_pac_get_types(krb5_context context, + struct krb5_pac *p, + size_t *len, + uint32_t **types) +{ + size_t i; + + *types = calloc(p->pac->numbuffers, sizeof(*types)); + if (*types == NULL) { + *len = 0; + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + for (i = 0; i < p->pac->numbuffers; i++) + (*types)[i] = p->pac->buffers[i].type; + *len = p->pac->numbuffers; + + return 0; +} + +/* + * + */ + +void +krb5_pac_free(krb5_context context, struct krb5_pac *pac) +{ + krb5_data_free(&pac->data); + free(pac->pac); + free(pac); +} + +/* + * + */ + +static krb5_error_code +verify_checksum(krb5_context context, + const struct PAC_INFO_BUFFER *sig, + const krb5_data *data, + void *ptr, size_t len, + const krb5_keyblock *key) +{ + krb5_crypto crypto = NULL; + krb5_storage *sp = NULL; + uint32_t type; + krb5_error_code ret; + Checksum cksum; + + sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo, + sig->buffersize); + if (sp == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); + + CHECK(ret, krb5_ret_uint32(sp, &type), out); + cksum.cksumtype = type; + cksum.checksum.length = + sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR); + cksum.checksum.data = malloc(cksum.checksum.length); + if (cksum.checksum.data == NULL) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length); + if (ret != cksum.checksum.length) { + krb5_set_error_string(context, "PAC checksum missing checksum"); + ret = EINVAL; + goto out; + } + + if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) { + krb5_set_error_string (context, "Checksum type %d not keyed", + cksum.cksumtype); + ret = EINVAL; + goto out; + } + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + goto out; + + ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, + ptr, len, &cksum); + krb5_crypto_destroy(context, crypto); + krb5_storage_free(sp); + + return ret; + +out: + if (sp) + krb5_storage_free(sp); + if (crypto) + krb5_crypto_destroy(context, crypto); + return ret; +} + +static krb5_error_code +create_checksum(krb5_context context, + const krb5_keyblock *key, + void *data, size_t datalen, + void *sig, size_t siglen) +{ + krb5_crypto crypto = NULL; + krb5_error_code ret; + Checksum cksum; + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; + + ret = krb5_create_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 0, + data, datalen, &cksum); + krb5_crypto_destroy(context, crypto); + if (ret) + return ret; + + if (cksum.checksum.length != siglen) { + krb5_set_error_string(context, "pac checksum wrong length"); + free_Checksum(&cksum); + return EINVAL; + } + + memcpy(sig, cksum.checksum.data, siglen); + free_Checksum(&cksum); + + return 0; +} + + +/* + * + */ + +#define NTTIME_EPOCH 0x019DB1DED53E8000LL + +static uint64_t +unix2nttime(time_t unix_time) +{ + long long wt; + wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH; + return wt; +} + +static krb5_error_code +verify_logonname(krb5_context context, + const struct PAC_INFO_BUFFER *logon_name, + const krb5_data *data, + time_t authtime, + krb5_const_principal principal) +{ + krb5_error_code ret; + krb5_principal p2; + uint32_t time1, time2; + krb5_storage *sp; + uint16_t len; + char *s; + + sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo, + logon_name->buffersize); + if (sp == NULL) { + krb5_set_error_string(context, "Out of memory"); + return ENOMEM; + } + + krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); + + CHECK(ret, krb5_ret_uint32(sp, &time1), out); + CHECK(ret, krb5_ret_uint32(sp, &time2), out); + + { + uint64_t t1, t2; + t1 = unix2nttime(authtime); + t2 = ((uint64_t)time2 << 32) | time1; + if (t1 != t2) { + krb5_storage_free(sp); + krb5_set_error_string(context, "PAC timestamp mismatch"); + return EINVAL; + } + } + CHECK(ret, krb5_ret_uint16(sp, &len), out); + if (len == 0) { + krb5_storage_free(sp); + krb5_set_error_string(context, "PAC logon name length missing"); + return EINVAL; + } + + s = malloc(len); + if (s == NULL) { + krb5_storage_free(sp); + krb5_set_error_string(context, "Out of memory"); + return ENOMEM; + } + ret = krb5_storage_read(sp, s, len); + if (ret != len) { + krb5_storage_free(sp); + krb5_set_error_string(context, "Failed to read pac logon name"); + return EINVAL; + } + krb5_storage_free(sp); +#if 1 /* cheat for now */ + { + size_t i; + + if (len & 1) { + krb5_set_error_string(context, "PAC logon name malformed"); + return EINVAL; + } + + for (i = 0; i < len / 2; i++) { + if (s[(i * 2) + 1]) { + krb5_set_error_string(context, "PAC logon name not ASCII"); + return EINVAL; + } + s[i] = s[i * 2]; + } + s[i] = '\0'; + } +#else + { + uint16_t *ucs2; + ssize_t ucs2len; + size_t u8len; + + ucs2 = malloc(sizeof(ucs2[0]) * len / 2); + if (ucs2) + abort(); + ucs2len = wind_ucs2read(s, len / 2, ucs2); + free(s); + if (len < 0) + return -1; + ret = wind_ucs2toutf8(ucs2, ucs2len, NULL, &u8len); + if (ret < 0) + abort(); + s = malloc(u8len + 1); + if (s == NULL) + abort(); + wind_ucs2toutf8(ucs2, ucs2len, s, &u8len); + free(ucs2); + } +#endif + ret = krb5_parse_name_flags(context, s, KRB5_PRINCIPAL_PARSE_NO_REALM, &p2); + free(s); + if (ret) + return ret; + + if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) { + krb5_set_error_string(context, "PAC logon name mismatch"); + ret = EINVAL; + } + krb5_free_principal(context, p2); + return ret; +out: + return ret; +} + +/* + * + */ + +static krb5_error_code +build_logon_name(krb5_context context, + time_t authtime, + krb5_const_principal principal, + krb5_data *logon) +{ + krb5_error_code ret; + krb5_storage *sp; + uint64_t t; + char *s, *s2; + size_t i, len; + + t = unix2nttime(authtime); + + krb5_data_zero(logon); + + sp = krb5_storage_emem(); + if (sp == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); + + CHECK(ret, krb5_store_uint32(sp, t & 0xffffffff), out); + CHECK(ret, krb5_store_uint32(sp, t >> 32), out); + + ret = krb5_unparse_name_flags(context, principal, + KRB5_PRINCIPAL_UNPARSE_NO_REALM, &s); + if (ret) + goto out; + + len = strlen(s); + + CHECK(ret, krb5_store_uint16(sp, len * 2), out); + +#if 1 /* cheat for now */ + s2 = malloc(len * 2); + if (s2 == NULL) { + ret = ENOMEM; + free(s); + goto out; + } + for (i = 0; i < len; i++) { + s2[i * 2] = s[i]; + s2[i * 2 + 1] = 0; + } + free(s); +#else + /* write libwind code here */ +#endif + + ret = krb5_storage_write(sp, s2, len * 2); + free(s2); + if (ret != len * 2) { + ret = ENOMEM; + goto out; + } + ret = krb5_storage_to_data(sp, logon); + if (ret) + goto out; + krb5_storage_free(sp); + + return 0; +out: + krb5_storage_free(sp); + return ret; +} + + +/* + * + */ + +krb5_error_code +krb5_pac_verify(krb5_context context, + const struct krb5_pac *pac, + time_t authtime, + krb5_const_principal principal, + const krb5_keyblock *server, + const krb5_keyblock *privsvr) +{ + krb5_error_code ret; + + if (pac->server_checksum == NULL) { + krb5_set_error_string(context, "PAC missing server checksum"); + return EINVAL; + } + if (pac->privsvr_checksum == NULL) { + krb5_set_error_string(context, "PAC missing kdc checksum"); + return EINVAL; + } + if (pac->logon_name == NULL) { + krb5_set_error_string(context, "PAC missing logon name"); + return EINVAL; + } + + ret = verify_logonname(context, + pac->logon_name, + &pac->data, + authtime, + principal); + if (ret) + return ret; + + /* + * in the service case, clean out data option of the privsvr and + * server checksum before checking the checksum. + */ + { + krb5_data *copy; + + ret = krb5_copy_data(context, &pac->data, ©); + if (ret) + return ret; + + if (pac->server_checksum->buffersize < 4) + return EINVAL; + if (pac->privsvr_checksum->buffersize < 4) + return EINVAL; + + memset((char *)copy->data + pac->server_checksum->offset_lo + 4, + 0, + pac->server_checksum->buffersize - 4); + + memset((char *)copy->data + pac->privsvr_checksum->offset_lo + 4, + 0, + pac->privsvr_checksum->buffersize - 4); + + ret = verify_checksum(context, + pac->server_checksum, + &pac->data, + copy->data, + copy->length, + server); + krb5_free_data(context, copy); + if (ret) + return ret; + } + if (privsvr) { + ret = verify_checksum(context, + pac->privsvr_checksum, + &pac->data, + (char *)pac->data.data + + pac->server_checksum->offset_lo + 4, + pac->server_checksum->buffersize - 4, + privsvr); + if (ret) + return ret; + } + + return 0; +} + +/* + * + */ + +static krb5_error_code +fill_zeros(krb5_context context, krb5_storage *sp, size_t len) +{ + ssize_t sret; + size_t l; + + while (len) { + l = len; + if (l > sizeof(zeros)) + l = sizeof(zeros); + sret = krb5_storage_write(sp, zeros, l); + if (sret <= 0) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + len -= sret; + } + return 0; +} + +static krb5_error_code +pac_checksum(krb5_context context, + const krb5_keyblock *key, + uint32_t *cksumtype, + size_t *cksumsize) +{ + krb5_cksumtype cktype; + krb5_error_code ret; + krb5_crypto crypto = NULL; + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; + + ret = krb5_crypto_get_checksum_type(context, crypto, &cktype); + ret = krb5_crypto_destroy(context, crypto); + if (ret) + return ret; + + if (krb5_checksum_is_keyed(context, cktype) == FALSE) { + krb5_set_error_string(context, "PAC checksum type is not keyed"); + return EINVAL; + } + + ret = krb5_checksumsize(context, cktype, cksumsize); + if (ret) + return ret; + + *cksumtype = (uint32_t)cktype; + + return 0; +} + +krb5_error_code +_krb5_pac_sign(krb5_context context, + struct krb5_pac *p, + time_t authtime, + krb5_principal principal, + const krb5_keyblock *server_key, + const krb5_keyblock *priv_key, + krb5_data *data) +{ + krb5_error_code ret; + krb5_storage *sp = NULL, *spdata = NULL; + uint32_t end; + size_t server_size, priv_size; + uint32_t server_offset = 0, priv_offset = 0; + uint32_t server_cksumtype = 0, priv_cksumtype = 0; + int i, num = 0; + krb5_data logon, d; + + krb5_data_zero(&logon); + + if (p->server_checksum == NULL) + num++; + if (p->privsvr_checksum == NULL) + num++; + if (p->logon_name == NULL) + num++; + + if (num) { + void *ptr; + + ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1))); + if (ptr == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + p->pac = ptr; + + if (p->server_checksum == NULL) { + p->server_checksum = &p->pac->buffers[p->pac->numbuffers++]; + memset(p->server_checksum, 0, sizeof(*p->server_checksum)); + p->server_checksum->type = PAC_SERVER_CHECKSUM; + } + if (p->privsvr_checksum == NULL) { + p->privsvr_checksum = &p->pac->buffers[p->pac->numbuffers++]; + memset(p->privsvr_checksum, 0, sizeof(*p->privsvr_checksum)); + p->privsvr_checksum->type = PAC_PRIVSVR_CHECKSUM; + } + if (p->logon_name == NULL) { + p->logon_name = &p->pac->buffers[p->pac->numbuffers++]; + memset(p->logon_name, 0, sizeof(*p->logon_name)); + p->logon_name->type = PAC_LOGON_NAME; + } + } + + /* Calculate LOGON NAME */ + ret = build_logon_name(context, authtime, principal, &logon); + if (ret) + goto out; + + /* Set lengths for checksum */ + + ret = pac_checksum(context, server_key, &server_cksumtype, &server_size); + if (ret) + goto out; + ret = pac_checksum(context, priv_key, &priv_cksumtype, &priv_size); + if (ret) + goto out; + + /* Encode PAC */ + sp = krb5_storage_emem(); + if (sp == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); + + spdata = krb5_storage_emem(); + if (spdata == NULL) { + krb5_storage_free(sp); + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE); + + CHECK(ret, krb5_store_uint32(sp, p->pac->numbuffers), out); + CHECK(ret, krb5_store_uint32(sp, p->pac->version), out); + + end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers); + + for (i = 0; i < p->pac->numbuffers; i++) { + uint32_t len; + size_t sret; + void *ptr = NULL; + + /* store data */ + + if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) { + len = server_size + 4; + server_offset = end + 4; + CHECK(ret, krb5_store_uint32(spdata, server_cksumtype), out); + CHECK(ret, fill_zeros(context, spdata, server_size), out); + } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) { + len = priv_size + 4; + priv_offset = end + 4; + CHECK(ret, krb5_store_uint32(spdata, priv_cksumtype), out); + CHECK(ret, fill_zeros(context, spdata, priv_size), out); + } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) { + len = krb5_storage_write(spdata, logon.data, logon.length); + if (logon.length != len) { + ret = EINVAL; + goto out; + } + } else { + len = p->pac->buffers[i].buffersize; + ptr = (char *)p->data.data + p->pac->buffers[i].offset_lo; + + sret = krb5_storage_write(spdata, ptr, len); + if (sret != len) { + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + /* XXX if not aligned, fill_zeros */ + } + + /* write header */ + CHECK(ret, krb5_store_uint32(sp, p->pac->buffers[i].type), out); + CHECK(ret, krb5_store_uint32(sp, len), out); + CHECK(ret, krb5_store_uint32(sp, end), out); + CHECK(ret, krb5_store_uint32(sp, 0), out); + + /* advance data endpointer and align */ + { + int32_t e; + + end += len; + e = ((end + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT; + if (end != e) { + CHECK(ret, fill_zeros(context, spdata, e - end), out); + } + end = e; + } + + } + + /* assert (server_offset != 0 && priv_offset != 0); */ + + /* export PAC */ + ret = krb5_storage_to_data(spdata, &d); + if (ret) { + krb5_set_error_string(context, "out of memory"); + goto out; + } + ret = krb5_storage_write(sp, d.data, d.length); + if (ret != d.length) { + krb5_data_free(&d); + krb5_set_error_string(context, "out of memory"); + ret = ENOMEM; + goto out; + } + krb5_data_free(&d); + + ret = krb5_storage_to_data(sp, &d); + if (ret) { + krb5_set_error_string(context, "out of memory"); + goto out; + } + + /* sign */ + + ret = create_checksum(context, server_key, + d.data, d.length, + (char *)d.data + server_offset, server_size); + if (ret) { + krb5_data_free(&d); + goto out; + } + + ret = create_checksum(context, priv_key, + (char *)d.data + server_offset, server_size, + (char *)d.data + priv_offset, priv_size); + if (ret) { + krb5_data_free(&d); + goto out; + } + + /* done */ + *data = d; + + krb5_data_free(&logon); + krb5_storage_free(sp); + krb5_storage_free(spdata); + + return 0; +out: + krb5_data_free(&logon); + if (sp) + krb5_storage_free(sp); + if (spdata) + krb5_storage_free(spdata); + return ret; +} diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index f519b5ad08..4f8ed8fe07 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c,v 1.110 2006/10/14 09:52:50 lha Exp $"); +RCSID("$Id: pkinit.c,v 1.120 2006/12/08 02:48:09 lha Exp $"); struct krb5_dh_moduli { char *name; @@ -81,12 +81,26 @@ struct krb5_pk_init_ctx_data { DH *dh; krb5_data *clientDHNonce; struct krb5_dh_moduli **m; + hx509_peer_info peer; + int type; int require_binding; int require_eku; int require_krbtgt_otherName; int require_hostname_match; }; +static void +_krb5_pk_copy_error(krb5_context context, + hx509_context hx509ctx, + int hxret, + const char *fmt, + ...) + __attribute__ ((format (printf, 4, 5))); + +/* + * + */ + void KRB5_LIB_FUNCTION _krb5_pk_cert_free(struct krb5_pk_cert *cert) { @@ -130,6 +144,7 @@ _krb5_pk_create_sign(krb5_context context, const heim_oid *eContentType, krb5_data *eContent, struct krb5_pk_identity *id, + hx509_peer_info peer, krb5_data *sd_data) { hx509_cert cert; @@ -137,16 +152,22 @@ _krb5_pk_create_sign(krb5_context context, int ret; ret = hx509_query_alloc(id->hx509ctx, &q); - if (ret) + if (ret) { + _krb5_pk_copy_error(context, id->hx509ctx, ret, + "Allocate query to find signing certificate"); return ret; + } hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); ret = hx509_certs_find(id->hx509ctx, id->certs, q, &cert); hx509_query_free(id->hx509ctx, q); - if (ret) + if (ret) { + _krb5_pk_copy_error(context, id->hx509ctx, ret, + "Find certificate to signed CMS data"); return ret; + } ret = hx509_cms_create_signed_1(id->hx509ctx, eContentType, @@ -154,9 +175,12 @@ _krb5_pk_create_sign(krb5_context context, eContent->length, NULL, cert, + peer, NULL, - NULL, + id->certs, sd_data); + if (ret) + _krb5_pk_copy_error(context, id->hx509ctx, ret, "create CMS signedData"); hx509_cert_free(cert); return ret; @@ -402,6 +426,19 @@ build_auth_pack(krb5_context context, a->clientPublicValue->subjectPublicKey.data = dhbuf.data; } + { + a->supportedCMSTypes = calloc(1, sizeof(*a->supportedCMSTypes)); + if (a->supportedCMSTypes == NULL) + return ENOMEM; + + ret = hx509_crypto_available(ctx->id->hx509ctx, HX509_SELECT_ALL, NULL, + &a->supportedCMSTypes->val, + &a->supportedCMSTypes->len); + if (ret) + return ret; + } + + return ret; } @@ -429,7 +466,6 @@ _krb5_pk_mk_ContentInfo(krb5_context context, static krb5_error_code pk_mk_padata(krb5_context context, - int compat, krb5_pk_init_ctx ctx, const KDC_REQ_BODY *req_body, unsigned nonce, @@ -446,7 +482,7 @@ pk_mk_padata(krb5_context context, krb5_data_zero(&sd_buf); memset(&content_info, 0, sizeof(content_info)); - if (compat == COMPAT_WIN2K) { + if (ctx->type == COMPAT_WIN2K) { AuthPack_Win2k ap; krb5_timestamp sec; int32_t usec; @@ -483,7 +519,7 @@ pk_mk_padata(krb5_context context, krb5_abortx(context, "internal ASN1 encoder error"); oid = oid_id_pkcs7_data(); - } else if (compat == COMPAT_IETF) { + } else if (ctx->type == COMPAT_IETF) { AuthPack ap; memset(&ap, 0, sizeof(ap)); @@ -510,7 +546,8 @@ pk_mk_padata(krb5_context context, ret = _krb5_pk_create_sign(context, oid, &buf, - ctx->id, + ctx->id, + ctx->peer, &sd_buf); krb5_data_free(&buf); if (ret) @@ -529,7 +566,7 @@ pk_mk_padata(krb5_context context, if (buf.length != size) krb5_abortx(context, "Internal ASN1 encoder error"); - if (compat == COMPAT_WIN2K) { + if (ctx->type == COMPAT_WIN2K) { PA_PK_AS_REQ_Win2k winreq; pa_type = KRB5_PADATA_PK_AS_REQ_WIN; @@ -542,7 +579,7 @@ pk_mk_padata(krb5_context context, &winreq, &size, ret); free_PA_PK_AS_REQ_Win2k(&winreq); - } else if (compat == COMPAT_IETF) { + } else if (ctx->type == COMPAT_IETF) { PA_PK_AS_REQ req; pa_type = KRB5_PADATA_PK_AS_REQ; @@ -583,7 +620,7 @@ pk_mk_padata(krb5_context context, if (ret) free(buf.data); - if (ret == 0 && compat == COMPAT_WIN2K) + if (ret == 0 && ctx->type == COMPAT_WIN2K) krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0); out: @@ -601,13 +638,13 @@ _krb5_pk_mk_padata(krb5_context context, METHOD_DATA *md) { krb5_pk_init_ctx ctx = c; - int win2k_compat, type; + int win2k_compat; win2k_compat = krb5_config_get_bool_default(context, NULL, FALSE, "realms", req_body->realm, - "win2k_pkinit", + "pkinit_win2k", NULL); if (context->pkinit_flags & KRB5_PKINIT_WIN2K) win2k_compat = 1; @@ -618,11 +655,11 @@ _krb5_pk_mk_padata(krb5_context context, FALSE, "realms", req_body->realm, - "win2k_pkinit_require_binding", + "pkinit_win2k_require_binding", NULL); - type = COMPAT_WIN2K; + ctx->type = COMPAT_WIN2K; } else - type = COMPAT_IETF; + ctx->type = COMPAT_IETF; ctx->require_eku = krb5_config_get_bool_default(context, NULL, @@ -647,7 +684,7 @@ _krb5_pk_mk_padata(krb5_context context, "pkinit_require_hostname_match", NULL); - return pk_mk_padata(context, type, ctx, req_body, nonce, md); + return pk_mk_padata(context, ctx, req_body, nonce, md); } krb5_error_code KRB5_LIB_FUNCTION @@ -673,13 +710,8 @@ _krb5_pk_verify_sign(krb5_context context, content, &signer_certs); if (ret) { - char *s = hx509_get_error_string(id->hx509ctx, ret); - if (s) { - krb5_set_error_string(context, - "CMS verify signed failed with %s", s); - free(s); - } else - krb5_clear_error_string(context); + _krb5_pk_copy_error(context, id->hx509ctx, ret, + "CMS verify signed failed"); return ret; } @@ -692,7 +724,8 @@ _krb5_pk_verify_sign(krb5_context context, ret = hx509_get_one_cert(id->hx509ctx, signer_certs, &(*signer)->cert); if (ret) { - krb5_clear_error_string(context); + _krb5_pk_copy_error(context, id->hx509ctx, ret, + "Failed to get on of the signer certs"); goto out; } @@ -932,8 +965,11 @@ pk_rd_pa_reply_enckey(krb5_context context, NULL, &contentType, &content); - if (ret) + if (ret) { + _krb5_pk_copy_error(context, ctx->id->hx509ctx, ret, + "Failed to unenvelope CMS data in PK-INIT reply"); return ret; + } p = content.data; length = content.length; @@ -1212,8 +1248,13 @@ _krb5_pk_rd_pa_reply(krb5_context context, size_t size; /* Check for IETF PK-INIT first */ - if (pa->padata_type == KRB5_PADATA_PK_AS_REP) { + if (ctx->type == COMPAT_IETF) { PA_PK_AS_REP rep; + + if (pa->padata_type != KRB5_PADATA_PK_AS_REP) { + krb5_set_error_string(context, "PKINIT: wrong padata recv"); + return EINVAL; + } memset(&rep, 0, sizeof(rep)); @@ -1269,14 +1310,19 @@ _krb5_pk_rd_pa_reply(krb5_context context, ret = EINVAL; break; } - if (ret == 0) - return ret; - } - /* Check for Windows encoding of the AS-REP pa data */ - { + } else if (ctx->type == COMPAT_WIN2K) { PA_PK_AS_REP_Win2k w2krep; + /* Check for Windows encoding of the AS-REP pa data */ + +#if 0 /* should this be ? */ + if (pa->padata_type != KRB5_PADATA_PK_AS_REP) { + krb5_set_error_string(context, "PKINIT: wrong padata recv"); + return EINVAL; + } +#endif + memset(&w2krep, 0, sizeof(w2krep)); ret = decode_PA_PK_AS_REP_Win2k(pa->padata_value.data, @@ -1317,6 +1363,9 @@ _krb5_pk_rd_pa_reply(krb5_context context, break; } + } else { + krb5_set_error_string(context, "PKINIT: unknown reply type"); + ret = EINVAL; } return ret; @@ -1428,25 +1477,34 @@ _krb5_pk_load_id(krb5_context context, } ret = hx509_certs_init(id->hx509ctx, user_id, 0, lock, &id->certs); - if (ret) + if (ret) { + _krb5_pk_copy_error(context, id->hx509ctx, ret, + "Failed to init cert certs"); goto out; + } ret = hx509_certs_init(id->hx509ctx, anchor_id, 0, NULL, &id->anchors); - if (ret) + if (ret) { + _krb5_pk_copy_error(context, id->hx509ctx, ret, + "Failed to init anchors"); goto out; + } ret = hx509_certs_init(id->hx509ctx, "MEMORY:pkinit-cert-chain", 0, NULL, &id->certpool); - if (ret) + if (ret) { + _krb5_pk_copy_error(context, id->hx509ctx, ret, + "Failed to init chain"); goto out; + } while (chain_list && *chain_list) { ret = hx509_certs_append(id->hx509ctx, id->certpool, NULL, *chain_list); if (ret) { - krb5_set_error_string(context, - "pkinit failed to load chain %s", - *chain_list); + _krb5_pk_copy_error(context, id->hx509ctx, ret, + "Failed to laod chain %s", + *chain_list); goto out; } chain_list++; @@ -1455,7 +1513,8 @@ _krb5_pk_load_id(krb5_context context, if (revoke_list) { ret = hx509_revoke_init(id->hx509ctx, &id->revokectx); if (ret) { - krb5_set_error_string(context, "revoke failed to init"); + _krb5_pk_copy_error(context, id->hx509ctx, ret, + "Failed init revoke list"); goto out; } @@ -1464,9 +1523,8 @@ _krb5_pk_load_id(krb5_context context, id->revokectx, *revoke_list); if (ret) { - krb5_set_error_string(context, - "pkinit failed to load revoke %s", - *revoke_list); + _krb5_pk_copy_error(context, id->hx509ctx, ret, + "Failed load revoke list"); goto out; } revoke_list++; @@ -1475,8 +1533,11 @@ _krb5_pk_load_id(krb5_context context, hx509_context_set_missing_revoke(id->hx509ctx, 1); ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx); - if (ret) + if (ret) { + _krb5_pk_copy_error(context, id->hx509ctx, ret, + "Failed init verify context"); goto out; + } hx509_verify_attach_anchors(id->verify_ctx, id->anchors); hx509_verify_attach_revoke(id->verify_ctx, id->revokectx); @@ -1504,9 +1565,25 @@ select_dh_group(krb5_context context, DH *dh, unsigned long bits, { const struct krb5_dh_moduli *m; - m = moduli[1]; /* XXX */ - if (m == NULL) - m = moduli[0]; /* XXX */ + if (bits == 0) { + m = moduli[1]; /* XXX */ + if (m == NULL) + m = moduli[0]; /* XXX */ + } else { + int i; + for (i = 0; moduli[i] != NULL; i++) { + if (bits < moduli[i]->bits) + break; + } + if (moduli[i] == NULL) { + krb5_set_error_string(context, + "Did not find a DH group parameter " + "matching requirement of %lu bits", + bits); + return EINVAL; + } + m = moduli[i]; + } dh->p = integer_to_BN(context, "p", &m->p); if (dh->p == NULL) @@ -1822,25 +1899,25 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, opt->opt_private->pk_init_ctx->require_binding = 0; opt->opt_private->pk_init_ctx->require_eku = 1; opt->opt_private->pk_init_ctx->require_krbtgt_otherName = 1; - + opt->opt_private->pk_init_ctx->peer = NULL; /* XXX implement krb5_appdefault_strings */ if (pool == NULL) pool = krb5_config_get_strings(context, NULL, "appdefaults", - "pkinit-pool", + "pkinit_pool", NULL); if (pki_revoke == NULL) pki_revoke = krb5_config_get_strings(context, NULL, "appdefaults", - "pkinit-revoke", + "pkinit_revoke", NULL); if (x509_anchors == NULL) { krb5_appdefault_string(context, "kinit", krb5_principal_get_realm(context, principal), - "pkinit-anchors", NULL, &anchors); + "pkinit_anchors", NULL, &anchors); x509_anchors = anchors; } @@ -1861,12 +1938,19 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, if ((flags & 2) == 0) { const char *moduli_file; + unsigned long dh_min_bits; moduli_file = krb5_config_get_string(context, NULL, "libdefaults", "moduli", NULL); + dh_min_bits = + krb5_config_get_int_default(context, NULL, 0, + "libdefaults", + "pkinit_dh_min_bits", + NULL); + ret = _krb5_parse_moduli(context, moduli_file, &opt->opt_private->pk_init_ctx->m); if (ret) { @@ -1881,7 +1965,8 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, return ENOMEM; } - ret = select_dh_group(context, opt->opt_private->pk_init_ctx->dh, 0, + ret = select_dh_group(context, opt->opt_private->pk_init_ctx->dh, + dh_min_bits, opt->opt_private->pk_init_ctx->m); if (ret) { _krb5_get_init_creds_opt_free_pkinit(opt); @@ -1901,3 +1986,36 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, return EINVAL; #endif } + +/* + * + */ + +static void +_krb5_pk_copy_error(krb5_context context, + hx509_context hx509ctx, + int hxret, + const char *fmt, + ...) +{ + va_list va; + char *s, *f; + + va_start(va, fmt); + vasprintf(&f, fmt, va); + va_end(va); + if (f == NULL) { + krb5_clear_error_string(context); + return; + } + + s = hx509_get_error_string(hx509ctx, hxret); + if (s == NULL) { + krb5_clear_error_string(context); + free(f); + return; + } + krb5_set_error_string(context, "%s: %s", f, s); + free(s); + free(f); +} diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c index 294807faab..ce7171dbf0 100644 --- a/source4/heimdal/lib/krb5/plugin.c +++ b/source4/heimdal/lib/krb5/plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: plugin.c,v 1.2 2006/11/12 21:39:43 lha Exp $"); +RCSID("$Id: plugin.c,v 1.4 2007/01/09 17:46:01 lha Exp $"); #ifdef HAVE_DLFCN_H #include #endif @@ -89,7 +89,11 @@ loadlib(krb5_context context, return ENOMEM; } - (*e)->dsohandle = dlopen(lib, 0); +#ifndef RTLD_LAZY +#define RTLD_LAZY 0 +#endif + + (*e)->dsohandle = dlopen(lib, RTLD_LAZY); if ((*e)->dsohandle == NULL) { free(*e); krb5_set_error_string(context, "Failed to load %s: %s", diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index 4d13e7db11..57fcf63dcf 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -41,7 +41,7 @@ #include #include "resolve.h" -RCSID("$Id: principal.c,v 1.99 2006/10/18 06:53:22 lha Exp $"); +RCSID("$Id: principal.c,v 1.100 2006/12/17 22:53:39 lha Exp $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index 3352334f65..b7dea2a327 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_req.c,v 1.68 2006/11/07 17:11:31 lha Exp $"); +RCSID("$Id: rd_req.c,v 1.70 2007/01/04 11:27:20 lha Exp $"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -513,6 +513,7 @@ krb5_verify_ap_req2(krb5_context context, struct krb5_rd_req_in_ctx { krb5_keytab keytab; krb5_keyblock *keyblock; + krb5_boolean no_pac_check; }; struct krb5_rd_req_out_ctx { @@ -545,6 +546,16 @@ krb5_rd_req_in_set_keytab(krb5_context context, return 0; } +krb5_error_code KRB5_LIB_FUNCTION +krb5_rd_req_in_set_pac_check(krb5_context context, + krb5_rd_req_in_ctx in, + krb5_boolean flag) +{ + in->no_pac_check = !flag; + return 0; +} + + krb5_error_code KRB5_LIB_FUNCTION krb5_rd_req_in_set_keyblock(krb5_context context, krb5_rd_req_in_ctx in, @@ -822,6 +833,36 @@ krb5_rd_req_ctx(krb5_context context, &o->ap_req_options, &o->ticket); + if (ret) + goto out; + + /* If there is a PAC, verify its server signature */ + if (inctx->no_pac_check == FALSE) { + krb5_pac pac; + krb5_data data; + + ret = krb5_ticket_get_authorization_data_type(context, + o->ticket, + KRB5_AUTHDATA_WIN2K_PAC, + &data); + if (ret == 0) { + ret = krb5_pac_parse(context, data.data, data.length, &pac); + krb5_data_free(&data); + if (ret) + goto out; + + ret = krb5_pac_verify(context, + pac, + o->ticket->ticket.authtime, + o->ticket->client, + o->keyblock, + NULL); + krb5_pac_free(context, pac); + if (ret) + goto out; + } + ret = 0; + } out: if (ret || outctx == NULL) { krb5_rd_req_out_ctx_free(context, o); diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c index e75f28ca5f..5422c540b9 100644 --- a/source4/heimdal/lib/krb5/store.c +++ b/source4/heimdal/lib/krb5/store.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store.c,v 1.59 2006/08/18 08:39:13 lha Exp $"); +RCSID("$Id: store.c,v 1.60 2006/12/17 22:49:37 lha Exp $"); #define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V)) #define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE) @@ -577,6 +577,7 @@ krb5_ret_principal(krb5_storage *sp, p->name.name_string.val = calloc(ncomp, sizeof(*p->name.name_string.val)); if(p->name.name_string.val == NULL && ncomp != 0){ free(p->realm); + free(p); return ENOMEM; } for(i = 0; i < ncomp; i++){ diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c index fdc2a1b3a5..81372c158e 100644 --- a/source4/heimdal/lib/krb5/ticket.c +++ b/source4/heimdal/lib/krb5/ticket.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: ticket.c,v 1.15 2006/10/14 09:53:19 lha Exp $"); +RCSID("$Id: ticket.c,v 1.18 2006/12/28 20:49:18 lha Exp $"); krb5_error_code KRB5_LIB_FUNCTION krb5_free_ticket(krb5_context context, @@ -97,6 +97,13 @@ krb5_ticket_get_server(krb5_context context, return krb5_copy_principal(context, ticket->server, server); } +time_t KRB5_LIB_FUNCTION +krb5_ticket_get_endtime(krb5_context context, + const krb5_ticket *ticket) +{ + return ticket->ticket.endtime; +} + static int find_type_in_ad(krb5_context context, int type, @@ -107,10 +114,6 @@ find_type_in_ad(krb5_context context, const AuthorizationData *ad, int level) { - /* It is not an error if nothing in here, that is reported by *found */ - /* Setting a default error causes found to be set to FALSE, on - * recursion to an second embedded authz data even if the first - * element contains the required type */ krb5_error_code ret = 0; int i; @@ -148,8 +151,8 @@ find_type_in_ad(krb5_context context, "IF_RELEVANT with %d", ret); goto out; } - ret = find_type_in_ad(context, type, data, found, 0, sessionkey, - &child, level + 1); + ret = find_type_in_ad(context, type, data, found, FALSE, + sessionkey, &child, level + 1); free_AuthorizationData(&child); if (ret) goto out; @@ -232,19 +235,6 @@ out: return ret; } -int -_krb5_find_type_in_ad(krb5_context context, - int type, - krb5_data *data, - krb5_boolean *found, - krb5_keyblock *sessionkey, - const AuthorizationData *ad) -{ - krb5_data_zero(data); - return find_type_in_ad(context, type, data, found, TRUE, sessionkey, ad, 0); -} - - /* * Extract the authorization data type of `type' from the * 'ticket'. Store the field in `data'. This function is to use for @@ -259,7 +249,9 @@ krb5_ticket_get_authorization_data_type(krb5_context context, { AuthorizationData *ad; krb5_error_code ret; - krb5_boolean found = 0; + krb5_boolean found = FALSE; + + krb5_data_zero(data); ad = ticket->ticket.authorization_data; if (ticket->ticket.authorization_data == NULL) { @@ -267,8 +259,8 @@ krb5_ticket_get_authorization_data_type(krb5_context context, return ENOENT; /* XXX */ } - ret = _krb5_find_type_in_ad(context, type, data, &found, &ticket->ticket.key, - ticket->ticket.authorization_data); + ret = find_type_in_ad(context, type, data, &found, TRUE, + &ticket->ticket.key, ad, 0); if (ret) return ret; if (!found) { diff --git a/source4/heimdal/lib/krb5/warn.c b/source4/heimdal/lib/krb5/warn.c index f9825914ee..4252865301 100644 --- a/source4/heimdal/lib/krb5/warn.c +++ b/source4/heimdal/lib/krb5/warn.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: warn.c,v 1.15 2004/05/25 21:46:26 lha Exp $"); +RCSID("$Id: warn.c,v 1.16 2006/11/21 08:06:40 lha Exp $"); static krb5_error_code _warnerr(krb5_context context, int do_errtext, krb5_error_code code, int level, const char *fmt, va_list ap) @@ -203,3 +203,9 @@ krb5_set_warn_dest(krb5_context context, krb5_log_facility *fac) context->warn_dest = fac; return 0; } + +krb5_log_facility * KRB5_LIB_FUNCTION +krb5_get_warn_dest(krb5_context context) +{ + return context->warn_dest; +} diff --git a/source4/heimdal/lib/ntlm/heimntlm-protos.h b/source4/heimdal/lib/ntlm/heimntlm-protos.h new file mode 100644 index 0000000000..e9e0837003 --- /dev/null +++ b/source4/heimdal/lib/ntlm/heimntlm-protos.h @@ -0,0 +1,120 @@ +/* This is a generated file */ +#ifndef __heimntlm_protos_h__ +#define __heimntlm_protos_h__ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +int +heim_ntlm_build_ntlm1_master ( + void */*key*/, + size_t /*len*/, + struct ntlm_buf */*session*/, + struct ntlm_buf */*master*/); + +int +heim_ntlm_calculate_ntlm1 ( + void */*key*/, + size_t /*len*/, + unsigned char challange[8], + struct ntlm_buf */*answer*/); + +int +heim_ntlm_calculate_ntlm2 ( + const void */*key*/, + size_t /*len*/, + const char */*username*/, + const char */*target*/, + const unsigned char serverchallange[8], + const struct ntlm_buf */*infotarget*/, + unsigned char ntlmv2[16], + struct ntlm_buf */*answer*/); + +int +heim_ntlm_decode_targetinfo ( + struct ntlm_buf */*data*/, + int /*ucs2*/, + struct ntlm_targetinfo */*ti*/); + +int +heim_ntlm_decode_type1 ( + const struct ntlm_buf */*buf*/, + struct ntlm_type1 */*data*/); + +int +heim_ntlm_decode_type2 ( + const struct ntlm_buf */*buf*/, + struct ntlm_type2 */*type2*/); + +int +heim_ntlm_decode_type3 ( + const struct ntlm_buf */*buf*/, + int /*ucs2*/, + struct ntlm_type3 */*type3*/); + +int +heim_ntlm_encode_targetinfo ( + struct ntlm_targetinfo */*ti*/, + int /*ucs2*/, + struct ntlm_buf */*data*/); + +int +heim_ntlm_encode_type1 ( + const struct ntlm_type1 */*type1*/, + struct ntlm_buf */*data*/); + +int +heim_ntlm_encode_type2 ( + struct ntlm_type2 */*type2*/, + struct ntlm_buf */*data*/); + +int +heim_ntlm_encode_type3 ( + struct ntlm_type3 */*type3*/, + struct ntlm_buf */*data*/); + +void +heim_ntlm_free_targetinfo (struct ntlm_targetinfo */*ti*/); + +void +heim_ntlm_free_type1 (struct ntlm_type1 */*data*/); + +void +heim_ntlm_free_type2 (struct ntlm_type2 */*type2*/); + +void +heim_ntlm_free_type3 (struct ntlm_type3 */*data*/); + +int +heim_ntlm_nt_key ( + const char */*password*/, + struct ntlm_buf */*key*/); + +void +heim_ntlm_ntlmv2_key ( + const void */*key*/, + size_t /*len*/, + const char */*username*/, + const char */*target*/, + unsigned char ntlmv2[16]); + +int +heim_ntlm_verify_ntlm2 ( + const void */*key*/, + size_t /*len*/, + const char */*username*/, + const char */*target*/, + time_t /*now*/, + const unsigned char serverchallange[8], + const struct ntlm_buf */*answer*/, + struct ntlm_buf */*infotarget*/, + unsigned char ntlmv2[16]); + +#ifdef __cplusplus +} +#endif + +#endif /* __heimntlm_protos_h__ */ diff --git a/source4/heimdal/lib/ntlm/heimntlm.h b/source4/heimdal/lib/ntlm/heimntlm.h new file mode 100644 index 0000000000..1e38b2e400 --- /dev/null +++ b/source4/heimdal/lib/ntlm/heimntlm.h @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: heimntlm.h,v 1.4 2006/12/20 07:28:37 lha Exp $ */ + +#ifndef HEIM_NTLM_H +#define HEIM_NTLM_H + +struct ntlm_buf { + size_t length; + void *data; +}; + +#define NTLM_NEG_UNICODE 0x00000001 +#define NTLM_NEG_SIGN 0x00000010 +#define NTLM_NEG_SEAL 0x00000020 +#define NTLM_NEG_NTLM 0x00000200 + +#define NTLM_SUPPLIED_DOMAIN 0x00001000 +#define NTLM_SUPPLIED_WORKSTAION 0x00002000 + +#define NTLM_NEG_ALWAYS_SIGN 0x00008000 +#define NTLM_NEG_NTLM2_SESSION 0x00080000 + +#define NTLM_NEG_TARGET_DOMAIN 0x00010000 +#define NTLM_ENC_128 0x20000000 +#define NTLM_NEG_KEYEX 0x40000000 + +struct ntlm_targetinfo { + char *servername; + char *domainname; + char *dnsdomainname; + char *dnsservername; +}; + +struct ntlm_type1 { + uint32_t flags; + char *domain; + char *hostname; + uint32_t os[2]; +}; + +struct ntlm_type2 { + uint32_t flags; + char *targetname; + struct ntlm_buf targetinfo; + unsigned char challange[8]; + uint32_t context[2]; + uint32_t os[2]; +}; + +struct ntlm_type3 { + uint32_t flags; + char *username; + char *targetname; + struct ntlm_buf lm; + struct ntlm_buf ntlm; + struct ntlm_buf sessionkey; + char *ws; + uint32_t os[2]; +}; + +#include + +#endif /* NTLM_NTLM_H */ diff --git a/source4/heimdal/lib/ntlm/ntlm.c b/source4/heimdal/lib/ntlm/ntlm.c new file mode 100644 index 0000000000..430e80505e --- /dev/null +++ b/source4/heimdal/lib/ntlm/ntlm.c @@ -0,0 +1,1078 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +RCSID("$Id: ntlm.c,v 1.8 2006/12/26 00:25:17 lha Exp $"); + +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "krb5-types.h" +#include "crypto-headers.h" + +#include + + +struct sec_buffer { + uint16_t length; + uint16_t allocated; + uint32_t offset; +}; + +static const unsigned char ntlmsigature[8] = "NTLMSSP\x00"; + +/* + * + */ + +#define CHECK(f, e) \ + do { ret = f ; if (ret != (e)) { ret = EINVAL; goto out; } } while(0) + +static void +_ntlm_free_buf(struct ntlm_buf *p) +{ + if (p->data) + free(p->data); + p->data = NULL; + p->length = 0; +} + + +static int +ascii2ucs2le(const char *string, int up, struct ntlm_buf *buf) +{ + unsigned char *p; + size_t len, i; + + len = strlen(string); + if (len / 2 > UINT_MAX) + return ERANGE; + + buf->length = len * 2; + buf->data = malloc(buf->length); + if (buf->data == NULL && len != 0) { + _ntlm_free_buf(buf); + return ENOMEM; + } + + p = buf->data; + for (i = 0; i < len; i++) { + unsigned char t = (unsigned char)string[i]; + if (t & 0x80) { + _ntlm_free_buf(buf); + return EINVAL; + } + if (up) + t = toupper(t); + p[(i * 2) + 0] = t; + p[(i * 2) + 1] = 0; + } + return 0; +} + +/* + * + */ + +static krb5_error_code +ret_sec_buffer(krb5_storage *sp, struct sec_buffer *buf) +{ + krb5_error_code ret; + CHECK(krb5_ret_uint16(sp, &buf->length), 0); + CHECK(krb5_ret_uint16(sp, &buf->allocated), 0); + CHECK(krb5_ret_uint32(sp, &buf->offset), 0); +out: + return ret; +} + +static krb5_error_code +store_sec_buffer(krb5_storage *sp, const struct sec_buffer *buf) +{ + krb5_error_code ret; + CHECK(krb5_store_uint16(sp, buf->length), 0); + CHECK(krb5_store_uint16(sp, buf->allocated), 0); + CHECK(krb5_store_uint32(sp, buf->offset), 0); +out: + return ret; +} + +/* + * Strings are either OEM or UNICODE. The later is encoded as ucs2 on + * wire, but using utf8 in memory. + */ + +static krb5_error_code +len_string(int ucs2, const char *s) +{ + size_t len = strlen(s); + if (ucs2) + len *= 2; + return len; +} + +static krb5_error_code +ret_string(krb5_storage *sp, int ucs2, struct sec_buffer *desc, char **s) +{ + krb5_error_code ret; + + *s = malloc(desc->length + 1); + CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset); + CHECK(krb5_storage_read(sp, *s, desc->length), desc->length); + (*s)[desc->length] = '\0'; + + if (ucs2) { + size_t i; + for (i = 0; i < desc->length / 2; i++) { + (*s)[i] = (*s)[i * 2]; + if ((*s)[i * 2 + 1]) { + free(*s); + *s = NULL; + return EINVAL; + } + } + (*s)[i] = '\0'; + } + ret = 0; +out: + return ret; + + return 0; +} + +static krb5_error_code +put_string(krb5_storage *sp, int ucs2, const char *s) +{ + krb5_error_code ret; + struct ntlm_buf buf; + + if (ucs2) { + ret = ascii2ucs2le(s, 0, &buf); + if (ret) + return ret; + } else { + buf.data = rk_UNCONST(s); + buf.length = strlen(s); + } + + CHECK(krb5_storage_write(sp, buf.data, buf.length), buf.length); + if (ucs2) + _ntlm_free_buf(&buf); + ret = 0; +out: + return ret; +} + +/* + * + */ + +static krb5_error_code +ret_buf(krb5_storage *sp, struct sec_buffer *desc, struct ntlm_buf *buf) +{ + krb5_error_code ret; + + buf->data = malloc(desc->length); + buf->length = desc->length; + CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset); + CHECK(krb5_storage_read(sp, buf->data, buf->length), buf->length); + ret = 0; +out: + return ret; +} + +static krb5_error_code +put_buf(krb5_storage *sp, struct ntlm_buf *buf) +{ + krb5_error_code ret; + CHECK(krb5_storage_write(sp, buf->data, buf->length), buf->length); + ret = 0; +out: + return ret; +} + +/* + * + */ + +void +heim_ntlm_free_targetinfo(struct ntlm_targetinfo *ti) +{ + free(ti->servername); + free(ti->domainname); + free(ti->dnsdomainname); + free(ti->dnsservername); + memset(ti, 0, sizeof(*ti)); +} + +static int +encode_ti_blob(krb5_storage *out, uint16_t type, int ucs2, char *s) +{ + krb5_error_code ret; + CHECK(krb5_store_uint16(out, type), 0); + CHECK(krb5_store_uint16(out, len_string(ucs2, s)), 0); + CHECK(put_string(out, ucs2, s), 0); +out: + return ret; +} + +int +heim_ntlm_encode_targetinfo(struct ntlm_targetinfo *ti, + int ucs2, + struct ntlm_buf *data) +{ + krb5_error_code ret; + krb5_storage *out; + + data->data = NULL; + data->length = 0; + + out = krb5_storage_emem(); + if (out == NULL) + return ENOMEM; + + if (ti->servername) + CHECK(encode_ti_blob(out, 1, ucs2, ti->servername), 0); + if (ti->domainname) + CHECK(encode_ti_blob(out, 2, ucs2, ti->domainname), 0); + if (ti->dnsservername) + CHECK(encode_ti_blob(out, 3, ucs2, ti->dnsservername), 0); + if (ti->dnsdomainname) + CHECK(encode_ti_blob(out, 4, ucs2, ti->dnsdomainname), 0); + + /* end tag */ + CHECK(krb5_store_int16(out, 0), 0); + CHECK(krb5_store_int16(out, 0), 0); + + { + krb5_data d; + ret = krb5_storage_to_data(out, &d); + data->data = d.data; + data->length = d.length; + } +out: + krb5_storage_free(out); + return ret; +} + +int +heim_ntlm_decode_targetinfo(struct ntlm_buf *data, int ucs2, + struct ntlm_targetinfo *ti) +{ + memset(ti, 0, sizeof(*ti)); + return 0; +} + +/* + * encoder/decoder type1 messages + */ + +void +heim_ntlm_free_type1(struct ntlm_type1 *data) +{ + free(data->domain); + free(data->hostname); + memset(data, 0, sizeof(*data)); +} + +int +heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data) +{ + krb5_error_code ret; + unsigned char sig[8]; + uint32_t type; + struct sec_buffer domain, hostname; + krb5_storage *in; + + memset(data, 0, sizeof(*data)); + + in = krb5_storage_from_readonly_mem(buf->data, buf->length); + if (in == NULL) { + ret = EINVAL; + goto out; + } + krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE); + + CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig)); + CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0); + CHECK(krb5_ret_uint32(in, &type), 0); + CHECK(type, 1); + CHECK(krb5_ret_uint32(in, &data->flags), 0); + if (data->flags & NTLM_SUPPLIED_DOMAIN) + CHECK(ret_sec_buffer(in, &domain), 0); + if (data->flags & NTLM_SUPPLIED_WORKSTAION) + CHECK(ret_sec_buffer(in, &hostname), 0); +#if 0 + if (domain.offset > 32) { + CHECK(krb5_ret_uint32(in, &data->os[0]), 0); + CHECK(krb5_ret_uint32(in, &data->os[1]), 0); + } +#endif + if (data->flags & NTLM_SUPPLIED_DOMAIN) + CHECK(ret_string(in, 0, &domain, &data->domain), 0); + if (data->flags & NTLM_SUPPLIED_WORKSTAION) + CHECK(ret_string(in, 0, &hostname, &data->hostname), 0); + +out: + krb5_storage_free(in); + if (ret) + heim_ntlm_free_type1(data); + + return ret; +} + +int +heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data) +{ + krb5_error_code ret; + struct sec_buffer domain, hostname; + krb5_storage *out; + uint32_t base, flags; + + flags = type1->flags; + base = 16; + + if (type1->domain) { + base += 8; + flags |= NTLM_SUPPLIED_DOMAIN; + } + if (type1->hostname) { + base += 8; + flags |= NTLM_SUPPLIED_WORKSTAION; + } + if (type1->os[0]) + base += 8; + + if (type1->domain) { + domain.offset = base; + domain.length = len_string(0, type1->domain); + domain.allocated = domain.length; + } + if (type1->hostname) { + hostname.offset = domain.allocated + domain.offset; + hostname.length = len_string(0, type1->hostname); + hostname.allocated = hostname.length; + } + + out = krb5_storage_emem(); + if (out == NULL) + return ENOMEM; + + krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE); + CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), + sizeof(ntlmsigature)); + CHECK(krb5_store_uint32(out, 1), 0); + CHECK(krb5_store_uint32(out, flags), 0); + + if (type1->domain) + CHECK(store_sec_buffer(out, &domain), 0); + if (type1->hostname) + CHECK(store_sec_buffer(out, &hostname), 0); + if (type1->os[0]) { + CHECK(krb5_store_uint32(out, type1->os[0]), 0); + CHECK(krb5_store_uint32(out, type1->os[1]), 0); + } + if (type1->domain) + CHECK(put_string(out, 0, type1->domain), 0); + if (type1->hostname) + CHECK(put_string(out, 0, type1->hostname), 0); + + { + krb5_data d; + ret = krb5_storage_to_data(out, &d); + data->data = d.data; + data->length = d.length; + } +out: + krb5_storage_free(out); + + return ret; +} + +/* + * encoder/decoder type 2 messages + */ + +void +heim_ntlm_free_type2(struct ntlm_type2 *type2) +{ + memset(type2, 0, sizeof(*type2)); +} + +int +heim_ntlm_decode_type2(const struct ntlm_buf *buf, struct ntlm_type2 *type2) +{ + krb5_error_code ret; + unsigned char sig[8]; + uint32_t type, ctx[2]; + struct sec_buffer targetname, targetinfo; + krb5_storage *in; + int ucs2 = 0; + + memset(type2, 0, sizeof(*type2)); + + in = krb5_storage_from_readonly_mem(buf->data, buf->length); + if (in == NULL) { + ret = EINVAL; + goto out; + } + krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE); + + CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig)); + CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0); + CHECK(krb5_ret_uint32(in, &type), 0); + CHECK(type, 2); + + CHECK(ret_sec_buffer(in, &targetname), 0); + CHECK(krb5_ret_uint32(in, &type2->flags), 0); + if (type2->flags & NTLM_NEG_UNICODE) + ucs2 = 1; + CHECK(krb5_storage_read(in, type2->challange, sizeof(type2->challange)), + sizeof(type2->challange)); + CHECK(krb5_ret_uint32(in, &ctx[0]), 0); /* context */ + CHECK(krb5_ret_uint32(in, &ctx[1]), 0); + CHECK(ret_sec_buffer(in, &targetinfo), 0); + /* os version */ +#if 0 + CHECK(krb5_ret_uint32(in, &type2->os[0]), 0); + CHECK(krb5_ret_uint32(in, &type2->os[1]), 0); +#endif + + CHECK(ret_string(in, ucs2, &targetname, &type2->targetname), 0); + CHECK(ret_buf(in, &targetinfo, &type2->targetinfo), 0); + ret = 0; + +out: + krb5_storage_free(in); + if (ret) + heim_ntlm_free_type2(type2); + + return ret; +} + +int +heim_ntlm_encode_type2(struct ntlm_type2 *type2, struct ntlm_buf *data) +{ + struct sec_buffer targetname, targetinfo; + krb5_error_code ret; + krb5_storage *out = NULL; + uint32_t base; + int ucs2 = 0; + + if (type2->os[0]) + base = 56; + else + base = 48; + + if (type2->flags & NTLM_NEG_UNICODE) + ucs2 = 1; + + targetname.offset = base; + targetname.length = len_string(ucs2, type2->targetname); + targetname.allocated = targetname.length; + + targetinfo.offset = targetname.allocated + targetname.offset; + targetinfo.length = type2->targetinfo.length; + targetinfo.allocated = type2->targetinfo.length; + + out = krb5_storage_emem(); + if (out == NULL) + return ENOMEM; + + krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE); + CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), + sizeof(ntlmsigature)); + CHECK(krb5_store_uint32(out, 2), 0); + CHECK(store_sec_buffer(out, &targetname), 0); + CHECK(krb5_store_uint32(out, type2->flags), 0); + CHECK(krb5_storage_write(out, type2->challange, sizeof(type2->challange)), + sizeof(type2->challange)); + CHECK(krb5_store_uint32(out, 0), 0); /* context */ + CHECK(krb5_store_uint32(out, 0), 0); + CHECK(store_sec_buffer(out, &targetinfo), 0); + /* os version */ + if (type2->os[0]) { + CHECK(krb5_store_uint32(out, type2->os[0]), 0); + CHECK(krb5_store_uint32(out, type2->os[1]), 0); + } + CHECK(put_string(out, ucs2, type2->targetname), 0); + CHECK(krb5_storage_write(out, type2->targetinfo.data, + type2->targetinfo.length), + type2->targetinfo.length); + + { + krb5_data d; + ret = krb5_storage_to_data(out, &d); + data->data = d.data; + data->length = d.length; + } + +out: + krb5_storage_free(out); + + return ret; +} + +/* + * encoder/decoder type 2 messages + */ + +void +heim_ntlm_free_type3(struct ntlm_type3 *data) +{ + memset(data, 0, sizeof(*data)); +} + + +/* + * + */ + +int +heim_ntlm_decode_type3(const struct ntlm_buf *buf, + int ucs2, + struct ntlm_type3 *type3) +{ + krb5_error_code ret; + unsigned char sig[8]; + uint32_t type; + krb5_storage *in; + struct sec_buffer lm, ntlm, target, username, sessionkey, ws; + + memset(type3, 0, sizeof(*type3)); + memset(&sessionkey, 0, sizeof(sessionkey)); + + in = krb5_storage_from_readonly_mem(buf->data, buf->length); + if (in == NULL) { + ret = EINVAL; + goto out; + } + krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE); + + CHECK(krb5_storage_read(in, sig, sizeof(sig)), sizeof(sig)); + CHECK(memcmp(ntlmsigature, sig, sizeof(ntlmsigature)), 0); + CHECK(krb5_ret_uint32(in, &type), 0); + CHECK(type, 3); + CHECK(ret_sec_buffer(in, &lm), 0); + CHECK(ret_sec_buffer(in, &ntlm), 0); + CHECK(ret_sec_buffer(in, &target), 0); + CHECK(ret_sec_buffer(in, &username), 0); + CHECK(ret_sec_buffer(in, &ws), 0); + if (lm.offset >= 60) { + CHECK(ret_sec_buffer(in, &sessionkey), 0); + } + if (lm.offset >= 64) { + CHECK(krb5_ret_uint32(in, &type3->flags), 0); + } + if (lm.offset >= 72) { + CHECK(krb5_ret_uint32(in, &type3->os[0]), 0); + CHECK(krb5_ret_uint32(in, &type3->os[1]), 0); + } + CHECK(ret_buf(in, &lm, &type3->lm), 0); + CHECK(ret_buf(in, &ntlm, &type3->ntlm), 0); + CHECK(ret_string(in, ucs2, &target, &type3->targetname), 0); + CHECK(ret_string(in, ucs2, &username, &type3->username), 0); + CHECK(ret_string(in, ucs2, &username, &type3->ws), 0); + if (sessionkey.offset) + CHECK(ret_buf(in, &sessionkey, &type3->sessionkey), 0); + +out: + krb5_storage_free(in); + if (ret) + heim_ntlm_free_type3(type3); + + return ret; +} + +int +heim_ntlm_encode_type3(struct ntlm_type3 *type3, struct ntlm_buf *data) +{ + struct sec_buffer lm, ntlm, target, username, sessionkey, ws; + krb5_error_code ret; + krb5_storage *out = NULL; + uint32_t base; + int ucs2 = 0; + + memset(&lm, 0, sizeof(lm)); + memset(&ntlm, 0, sizeof(ntlm)); + memset(&target, 0, sizeof(target)); + memset(&username, 0, sizeof(username)); + memset(&ws, 0, sizeof(ws)); + memset(&sessionkey, 0, sizeof(sessionkey)); + + base = 52; + if (type3->sessionkey.length) { + base += 8; /* sessionkey sec buf */ + base += 4; /* flags */ + } + if (type3->os[0]) { + base += 8; + } + + if (type3->flags & NTLM_NEG_UNICODE) + ucs2 = 1; + + lm.offset = base; + lm.length = type3->lm.length; + lm.allocated = type3->lm.length; + + ntlm.offset = lm.offset + lm.allocated; + ntlm.length = type3->ntlm.length; + ntlm.allocated = ntlm.length; + + target.offset = ntlm.offset + ntlm.allocated; + target.length = len_string(ucs2, type3->targetname); + target.allocated = target.length; + + username.offset = target.offset + target.allocated; + username.length = len_string(ucs2, type3->username); + username.allocated = username.length; + + ws.offset = username.offset + username.allocated; + ws.length = len_string(ucs2, type3->ws); + ws.allocated = ws.length; + + sessionkey.offset = ws.offset + ws.allocated; + sessionkey.length = type3->sessionkey.length; + sessionkey.allocated = type3->sessionkey.length; + + out = krb5_storage_emem(); + if (out == NULL) + return ENOMEM; + + krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE); + CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), + sizeof(ntlmsigature)); + CHECK(krb5_store_uint32(out, 3), 0); + + CHECK(store_sec_buffer(out, &lm), 0); + CHECK(store_sec_buffer(out, &ntlm), 0); + CHECK(store_sec_buffer(out, &target), 0); + CHECK(store_sec_buffer(out, &username), 0); + CHECK(store_sec_buffer(out, &ws), 0); + /* optional */ + if (type3->sessionkey.length) { + CHECK(store_sec_buffer(out, &sessionkey), 0); + CHECK(krb5_store_uint32(out, type3->flags), 0); + } +#if 0 + CHECK(krb5_store_uint32(out, 0), 0); /* os0 */ + CHECK(krb5_store_uint32(out, 0), 0); /* os1 */ +#endif + + CHECK(put_buf(out, &type3->lm), 0); + CHECK(put_buf(out, &type3->ntlm), 0); + CHECK(put_string(out, ucs2, type3->targetname), 0); + CHECK(put_string(out, ucs2, type3->username), 0); + CHECK(put_string(out, ucs2, type3->ws), 0); + CHECK(put_buf(out, &type3->sessionkey), 0); + + { + krb5_data d; + ret = krb5_storage_to_data(out, &d); + data->data = d.data; + data->length = d.length; + } + +out: + krb5_storage_free(out); + + return ret; +} + + +/* + * + */ + +static void +splitandenc(unsigned char *hash, + unsigned char *challange, + unsigned char *answer) +{ + DES_cblock key; + DES_key_schedule sched; + + ((unsigned char*)key)[0] = hash[0]; + ((unsigned char*)key)[1] = (hash[0] << 7) | (hash[1] >> 1); + ((unsigned char*)key)[2] = (hash[1] << 6) | (hash[2] >> 2); + ((unsigned char*)key)[3] = (hash[2] << 5) | (hash[3] >> 3); + ((unsigned char*)key)[4] = (hash[3] << 4) | (hash[4] >> 4); + ((unsigned char*)key)[5] = (hash[4] << 3) | (hash[5] >> 5); + ((unsigned char*)key)[6] = (hash[5] << 2) | (hash[6] >> 6); + ((unsigned char*)key)[7] = (hash[6] << 1); + + DES_set_odd_parity(&key); + DES_set_key(&key, &sched); + DES_ecb_encrypt((DES_cblock *)challange, (DES_cblock *)answer, &sched, 1); + memset(&sched, 0, sizeof(sched)); + memset(key, 0, sizeof(key)); +} + +int +heim_ntlm_nt_key(const char *password, struct ntlm_buf *key) +{ + struct ntlm_buf buf; + MD4_CTX ctx; + int ret; + + key->data = malloc(MD5_DIGEST_LENGTH); + if (key->data == NULL) + return ENOMEM; + key->length = MD5_DIGEST_LENGTH; + + ret = ascii2ucs2le(password, 0, &buf); + if (ret) { + _ntlm_free_buf(key); + return ret; + } + MD4_Init(&ctx); + MD4_Update(&ctx, buf.data, buf.length); + MD4_Final(key->data, &ctx); + _ntlm_free_buf(&buf); + return 0; +} + +int +heim_ntlm_calculate_ntlm1(void *key, size_t len, + unsigned char challange[8], + struct ntlm_buf *answer) +{ + unsigned char res[21]; + + if (len != MD4_DIGEST_LENGTH) + return EINVAL; + + memcpy(res, key, len); + memset(&res[MD4_DIGEST_LENGTH], 0, sizeof(res) - MD4_DIGEST_LENGTH); + + answer->data = malloc(24); + if (answer->data == NULL) + return ENOMEM; + answer->length = 24; + + splitandenc(&res[0], challange, ((unsigned char *)answer->data) + 0); + splitandenc(&res[7], challange, ((unsigned char *)answer->data) + 8); + splitandenc(&res[14], challange, ((unsigned char *)answer->data) + 16); + + return 0; +} + +int +heim_ntlm_build_ntlm1_master(void *key, size_t len, + struct ntlm_buf *session, + struct ntlm_buf *master) +{ + RC4_KEY rc4; + + memset(master, 0, sizeof(*master)); + memset(session, 0, sizeof(*session)); + + if (len != MD4_DIGEST_LENGTH) + return EINVAL; + + session->length = MD4_DIGEST_LENGTH; + session->data = malloc(session->length); + if (session->data == NULL) { + session->length = 0; + return EINVAL; + } + master->length = MD4_DIGEST_LENGTH; + master->data = malloc(master->length); + if (master->data == NULL) { + _ntlm_free_buf(master); + _ntlm_free_buf(session); + return EINVAL; + } + + { + unsigned char sessionkey[MD4_DIGEST_LENGTH]; + MD4_CTX ctx; + + MD4_Init(&ctx); + MD4_Update(&ctx, key, len); + MD4_Final(sessionkey, &ctx); + + RC4_set_key(&rc4, sizeof(sessionkey), sessionkey); + } + + if (RAND_bytes(session->data, session->length) != 1) { + _ntlm_free_buf(master); + _ntlm_free_buf(session); + return EINVAL; + } + + RC4(&rc4, master->length, session->data, master->data); + memset(&rc4, 0, sizeof(rc4)); + + return 0; +} + +/* + * + */ + +void +heim_ntlm_ntlmv2_key(const void *key, size_t len, + const char *username, + const char *target, + unsigned char ntlmv2[16]) +{ + unsigned int hmaclen; + HMAC_CTX c; + + HMAC_CTX_init(&c); + HMAC_Init_ex(&c, key, len, EVP_md5(), NULL); + { + struct ntlm_buf buf; + /* uppercase username and turn it inte ucs2-le */ + ascii2ucs2le(username, 1, &buf); + HMAC_Update(&c, buf.data, buf.length); + free(buf.data); + /* turn target into ucs2-le */ + ascii2ucs2le(target, 0, &buf); + HMAC_Update(&c, buf.data, buf.length); + free(buf.data); + } + HMAC_Final(&c, ntlmv2, &hmaclen); + HMAC_CTX_cleanup(&c); + +} + +/* + * + */ + +#define NTTIME_EPOCH 0x019DB1DED53E8000LL + +static uint64_t +unix2nttime(time_t unix_time) +{ + long long wt; + wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH; + return wt; +} + +static time_t +nt2unixtime(uint64_t t) +{ + t = ((t - (uint64_t)NTTIME_EPOCH) / (uint64_t)10000000); + if (t > (((time_t)(~(uint64_t)0)) >> 1)) + return 0; + return (time_t)t; +} + + +int +heim_ntlm_calculate_ntlm2(const void *key, size_t len, + const char *username, + const char *target, + const unsigned char serverchallange[8], + const struct ntlm_buf *infotarget, + unsigned char ntlmv2[16], + struct ntlm_buf *answer) +{ + krb5_error_code ret; + krb5_data data; + unsigned int hmaclen; + unsigned char ntlmv2answer[16]; + krb5_storage *sp; + unsigned char clientchallange[8]; + HMAC_CTX c; + uint64_t t; + + t = unix2nttime(time(NULL)); + + if (RAND_bytes(clientchallange, sizeof(clientchallange)) != 1) + return EINVAL; + + /* calculate ntlmv2 key */ + + heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2); + + /* calculate and build ntlmv2 answer */ + + sp = krb5_storage_emem(); + if (sp == NULL) + return ENOMEM; + krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); + + CHECK(krb5_store_uint32(sp, 0x01010000), 0); + CHECK(krb5_store_uint32(sp, 0), 0); + /* timestamp le 64 bit ts */ + CHECK(krb5_store_uint32(sp, t & 0xffffffff), 0); + CHECK(krb5_store_uint32(sp, t >> 32), 0); + CHECK(krb5_storage_write(sp, clientchallange, 8), 8); + CHECK(krb5_storage_write(sp, infotarget->data, infotarget->length), + infotarget->length); + /* unknown */ + /* CHECK(krb5_store_uint32(sp, 0), 0); */ + + CHECK(krb5_storage_to_data(sp, &data), 0); + krb5_storage_free(sp); + sp = NULL; + + HMAC_CTX_init(&c); + HMAC_Init_ex(&c, ntlmv2, sizeof(ntlmv2), EVP_md5(), NULL); + HMAC_Update(&c, data.data, data.length); + HMAC_Update(&c, serverchallange, 8); + HMAC_Final(&c, ntlmv2answer, &hmaclen); + HMAC_CTX_cleanup(&c); + + sp = krb5_storage_emem(); + if (sp == NULL) { + krb5_data_free(&data); + return ENOMEM; + } + + CHECK(krb5_storage_write(sp, ntlmv2answer, 16), 16); + CHECK(krb5_storage_write(sp, data.data, data.length), data.length); + krb5_data_free(&data); + + CHECK(krb5_storage_to_data(sp, &data), 0); + krb5_storage_free(sp); + sp = NULL; + + answer->data = data.data; + answer->length = data.length; + + return 0; +out: + if (sp) + krb5_storage_free(sp); + return ret; +} + +static const int authtimediff = 3600 * 2; /* 2 hours */ + +int +heim_ntlm_verify_ntlm2(const void *key, size_t len, + const char *username, + const char *target, + time_t now, + const unsigned char serverchallange[8], + const struct ntlm_buf *answer, + struct ntlm_buf *infotarget, + unsigned char ntlmv2[16]) +{ + krb5_error_code ret; + unsigned int hmaclen; + unsigned char clientanswer[16]; + unsigned char serveranswer[16]; + krb5_storage *sp; + HMAC_CTX c; + uint64_t t; + time_t authtime; + uint32_t temp; + + infotarget->length = 0; + infotarget->data = NULL; + + if (answer->length < 16) + return EINVAL; + + if (now == 0) + now = time(NULL); + + /* calculate ntlmv2 key */ + + heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2); + + /* calculate and build ntlmv2 answer */ + + sp = krb5_storage_from_readonly_mem(answer->data, answer->length); + if (sp == NULL) + return ENOMEM; + krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); + + CHECK(krb5_storage_read(sp, clientanswer, 16), 16); + + CHECK(krb5_ret_uint32(sp, &temp), 0); + CHECK(temp, 0x01010000); + CHECK(krb5_ret_uint32(sp, &temp), 0); + CHECK(temp, 0); + /* timestamp le 64 bit ts */ + CHECK(krb5_ret_uint32(sp, &temp), 0); + t = temp; + CHECK(krb5_ret_uint32(sp, &temp), 0); + t |= ((uint64_t)temp)<< 32; + + authtime = nt2unixtime(t); + + if (abs((int)(authtime - now)) > authtimediff) { + ret = EINVAL; + goto out; + } + + /* client challange */ + CHECK(krb5_storage_read(sp, serveranswer, 8), 8); + + infotarget->length = answer->length - 40; + infotarget->data = malloc(infotarget->length); + if (infotarget->data == NULL) { + ret = ENOMEM; + goto out; + } + CHECK(krb5_storage_read(sp, infotarget->data, infotarget->length), + infotarget->length); + /* XXX remove the unknown uint32_t */ + krb5_storage_free(sp); + sp = NULL; + + HMAC_CTX_init(&c); + HMAC_Init_ex(&c, ntlmv2, sizeof(ntlmv2), EVP_md5(), NULL); + HMAC_Update(&c, ((char *)answer->data) + 16, answer->length - 16); + HMAC_Update(&c, serverchallange, 8); + HMAC_Final(&c, serveranswer, &hmaclen); + HMAC_CTX_cleanup(&c); + + if (memcmp(serveranswer, clientanswer, 16) != 0) { + _ntlm_free_buf(infotarget); + return EINVAL; + } + + return 0; +out: + _ntlm_free_buf(infotarget); + if (sp) + krb5_storage_free(sp); + return ret; +} diff --git a/source4/heimdal/lib/roken/closefrom.c b/source4/heimdal/lib/roken/closefrom.c new file mode 100644 index 0000000000..6b02f1ebca --- /dev/null +++ b/source4/heimdal/lib/roken/closefrom.c @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: closefrom.c,v 1.2 2005/04/13 08:01:38 lha Exp $"); +#endif + +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif + +#include + +int ROKEN_LIB_FUNCTION +closefrom(int fd) +{ + int num = getdtablesize(); + + if (num < 0) + num = 1024; /* XXX */ + + for (; fd <= num; fd++) + close(fd); + + return 0; +} diff --git a/source4/heimdal/lib/roken/dumpdata.c b/source4/heimdal/lib/roken/dumpdata.c new file mode 100644 index 0000000000..402b4b1cb9 --- /dev/null +++ b/source4/heimdal/lib/roken/dumpdata.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: dumpdata.c,v 1.1 2005/09/22 23:51:35 lha Exp $"); +#endif + +#include + +#include + +/* + * Write datablob to a filename, don't care about errors. + */ + +void ROKEN_LIB_FUNCTION +rk_dumpdata (const char *filename, const void *buf, size_t size) +{ + int fd; + + fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0640); + if (fd < 0) + return; + net_write(fd, buf, size); + close(fd); +} diff --git a/source4/heimdal/lib/roken/erealloc.c b/source4/heimdal/lib/roken/erealloc.c new file mode 100644 index 0000000000..497b1e7ec2 --- /dev/null +++ b/source4/heimdal/lib/roken/erealloc.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: erealloc.c,v 1.6 2005/04/12 11:28:37 lha Exp $"); +#endif + +#include +#include + +#include + +/* + * Like realloc but never fails. + */ + +void * ROKEN_LIB_FUNCTION +erealloc (void *ptr, size_t sz) +{ + void *tmp = realloc (ptr, sz); + + if (tmp == NULL && sz != 0) + errx (1, "realloc %lu failed", (unsigned long)sz); + return tmp; +} diff --git a/source4/heimdal/lib/roken/parse_bytes.h b/source4/heimdal/lib/roken/parse_bytes.h new file mode 100644 index 0000000000..1537d16c33 --- /dev/null +++ b/source4/heimdal/lib/roken/parse_bytes.h @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: parse_bytes.h,v 1.4 2005/04/13 13:19:07 lha Exp $ */ + +#ifndef __PARSE_BYTES_H__ +#define __PARSE_BYTES_H__ + +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION _stdcall +#else +#define ROKEN_LIB_FUNCTION +#endif +#endif + +int ROKEN_LIB_FUNCTION +parse_bytes (const char *s, const char *def_unit); + +int ROKEN_LIB_FUNCTION +unparse_bytes (int t, char *s, size_t len); + +int ROKEN_LIB_FUNCTION +unparse_bytes_short (int t, char *s, size_t len); + +#endif /* __PARSE_BYTES_H__ */ diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c index 6a14547c62..0f45bc57b2 100644 --- a/source4/heimdal/lib/roken/resolve.c +++ b/source4/heimdal/lib/roken/resolve.c @@ -504,7 +504,7 @@ dns_lookup_int(const char *domain, int rr_class, int rr_type) memset(&state, 0, sizeof(state)); if(res_ninit(&state)) return NULL; /* is this the best we can do? */ -#elif defined(HAVE__RES) && defined(HAVE_DECL__RES) +#elif defined(HAVE__RES) u_long old_options = 0; #endif @@ -520,7 +520,7 @@ dns_lookup_int(const char *domain, int rr_class, int rr_type) if (_resolve_debug) { #ifdef HAVE_RES_NSEARCH state.options |= RES_DEBUG; -#elif defined(HAVE__RES) && defined(HAVE_DECL__RES) +#elif defined(HAVE__RES) old_options = _res.options; _res.options |= RES_DEBUG; #endif @@ -540,7 +540,7 @@ dns_lookup_int(const char *domain, int rr_class, int rr_type) len = res_search(domain, rr_class, rr_type, reply, size); #endif if (_resolve_debug) { -#if defined(HAVE__RES) && defined(HAVE_DECL__RES) && !defined(HAVE_RES_NSEARCH) +#if defined(HAVE__RES) && !defined(HAVE_RES_NSEARCH) _res.options = old_options; #endif fprintf(stderr, "dns_lookup(%s, %d, %s) --> %d\n", diff --git a/source4/heimdal/lib/roken/simple_exec.c b/source4/heimdal/lib/roken/simple_exec.c new file mode 100644 index 0000000000..048f2846dd --- /dev/null +++ b/source4/heimdal/lib/roken/simple_exec.c @@ -0,0 +1,331 @@ +/* + * Copyright (c) 1998 - 2001, 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: simple_exec.c,v 1.14 2005/04/13 11:39:00 lha Exp $"); +#endif + +#include +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_WAIT_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +#include + +#include + +#define EX_NOEXEC 126 +#define EX_NOTFOUND 127 + +/* return values: + -1 on `unspecified' system errors + -2 on fork failures + -3 on waitpid errors + -4 exec timeout + 0- is return value from subprocess + 126 if the program couldn't be executed + 127 if the program couldn't be found + 128- is 128 + signal that killed subprocess + + possible values `func' can return: + ((time_t)-2) exit loop w/o killing child and return + `exec timeout'/-4 from simple_exec + ((time_t)-1) kill child with SIGTERM and wait for child to exit + 0 don't timeout again + n seconds to next timeout + */ + +static int sig_alarm; + +static RETSIGTYPE +sigtimeout(int sig) +{ + sig_alarm = 1; + SIGRETURN(0); +} + +int ROKEN_LIB_FUNCTION +wait_for_process_timed(pid_t pid, time_t (*func)(void *), + void *ptr, time_t timeout) +{ + RETSIGTYPE (*old_func)(int sig) = NULL; + unsigned int oldtime = 0; + int ret; + + sig_alarm = 0; + + if (func) { + old_func = signal(SIGALRM, sigtimeout); + oldtime = alarm(timeout); + } + + while(1) { + int status; + + while(waitpid(pid, &status, 0) < 0) { + if (errno != EINTR) { + ret = -3; + goto out; + } + if (func == NULL) + continue; + if (sig_alarm == 0) + continue; + timeout = (*func)(ptr); + if (timeout == (time_t)-1) { + kill(pid, SIGTERM); + continue; + } else if (timeout == (time_t)-2) { + ret = -4; + goto out; + } + alarm(timeout); + } + if(WIFSTOPPED(status)) + continue; + if(WIFEXITED(status)) { + ret = WEXITSTATUS(status); + break; + } + if(WIFSIGNALED(status)) { + ret = WTERMSIG(status) + 128; + break; + } + } + out: + if (func) { + signal(SIGALRM, old_func); + alarm(oldtime); + } + return ret; +} + +int ROKEN_LIB_FUNCTION +wait_for_process(pid_t pid) +{ + return wait_for_process_timed(pid, NULL, NULL, 0); +} + +int ROKEN_LIB_FUNCTION +pipe_execv(FILE **stdin_fd, FILE **stdout_fd, FILE **stderr_fd, + const char *file, ...) +{ + int in_fd[2], out_fd[2], err_fd[2]; + pid_t pid; + va_list ap; + char **argv; + + if(stdin_fd != NULL) + pipe(in_fd); + if(stdout_fd != NULL) + pipe(out_fd); + if(stderr_fd != NULL) + pipe(err_fd); + pid = fork(); + switch(pid) { + case 0: + va_start(ap, file); + argv = vstrcollect(&ap); + va_end(ap); + if(argv == NULL) + exit(-1); + + /* close pipes we're not interested in */ + if(stdin_fd != NULL) + close(in_fd[1]); + if(stdout_fd != NULL) + close(out_fd[0]); + if(stderr_fd != NULL) + close(err_fd[0]); + + /* pipe everything caller doesn't care about to /dev/null */ + if(stdin_fd == NULL) + in_fd[0] = open(_PATH_DEVNULL, O_RDONLY); + if(stdout_fd == NULL) + out_fd[1] = open(_PATH_DEVNULL, O_WRONLY); + if(stderr_fd == NULL) + err_fd[1] = open(_PATH_DEVNULL, O_WRONLY); + + /* move to proper descriptors */ + if(in_fd[0] != STDIN_FILENO) { + dup2(in_fd[0], STDIN_FILENO); + close(in_fd[0]); + } + if(out_fd[1] != STDOUT_FILENO) { + dup2(out_fd[1], STDOUT_FILENO); + close(out_fd[1]); + } + if(err_fd[1] != STDERR_FILENO) { + dup2(err_fd[1], STDERR_FILENO); + close(err_fd[1]); + } + + closefrom(3); + + execv(file, argv); + exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC); + case -1: + if(stdin_fd != NULL) { + close(in_fd[0]); + close(in_fd[1]); + } + if(stdout_fd != NULL) { + close(out_fd[0]); + close(out_fd[1]); + } + if(stderr_fd != NULL) { + close(err_fd[0]); + close(err_fd[1]); + } + return -2; + default: + if(stdin_fd != NULL) { + close(in_fd[0]); + *stdin_fd = fdopen(in_fd[1], "w"); + } + if(stdout_fd != NULL) { + close(out_fd[1]); + *stdout_fd = fdopen(out_fd[0], "r"); + } + if(stderr_fd != NULL) { + close(err_fd[1]); + *stderr_fd = fdopen(err_fd[0], "r"); + } + } + return pid; +} + +int ROKEN_LIB_FUNCTION +simple_execvp_timed(const char *file, char *const args[], + time_t (*func)(void *), void *ptr, time_t timeout) +{ + pid_t pid = fork(); + switch(pid){ + case -1: + return -2; + case 0: + execvp(file, args); + exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC); + default: + return wait_for_process_timed(pid, func, ptr, timeout); + } +} + +int ROKEN_LIB_FUNCTION +simple_execvp(const char *file, char *const args[]) +{ + return simple_execvp_timed(file, args, NULL, NULL, 0); +} + +/* gee, I'd like a execvpe */ +int ROKEN_LIB_FUNCTION +simple_execve_timed(const char *file, char *const args[], char *const envp[], + time_t (*func)(void *), void *ptr, time_t timeout) +{ + pid_t pid = fork(); + switch(pid){ + case -1: + return -2; + case 0: + execve(file, args, envp); + exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC); + default: + return wait_for_process_timed(pid, func, ptr, timeout); + } +} + +int ROKEN_LIB_FUNCTION +simple_execve(const char *file, char *const args[], char *const envp[]) +{ + return simple_execve_timed(file, args, envp, NULL, NULL, 0); +} + +int ROKEN_LIB_FUNCTION +simple_execlp(const char *file, ...) +{ + va_list ap; + char **argv; + int ret; + + va_start(ap, file); + argv = vstrcollect(&ap); + va_end(ap); + if(argv == NULL) + return -1; + ret = simple_execvp(file, argv); + free(argv); + return ret; +} + +int ROKEN_LIB_FUNCTION +simple_execle(const char *file, ... /* ,char *const envp[] */) +{ + va_list ap; + char **argv; + char *const* envp; + int ret; + + va_start(ap, file); + argv = vstrcollect(&ap); + envp = va_arg(ap, char **); + va_end(ap); + if(argv == NULL) + return -1; + ret = simple_execve(file, argv, envp); + free(argv); + return ret; +} + +int ROKEN_LIB_FUNCTION +simple_execl(const char *file, ...) +{ + va_list ap; + char **argv; + int ret; + + va_start(ap, file); + argv = vstrcollect(&ap); + va_end(ap); + if(argv == NULL) + return -1; + ret = simple_execve(file, argv, environ); + free(argv); + return ret; +} diff --git a/source4/heimdal/lib/roken/strcollect.c b/source4/heimdal/lib/roken/strcollect.c new file mode 100644 index 0000000000..d6f3077348 --- /dev/null +++ b/source4/heimdal/lib/roken/strcollect.c @@ -0,0 +1,96 @@ +/* + * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: strcollect.c,v 1.2 2005/04/12 11:29:07 lha Exp $"); +#endif + +#include +#include +#include +#include +#include + +enum { initial = 10, increment = 5 }; + +static char ** +sub (char **argv, int i, int argc, va_list *ap) +{ + do { + if(i == argc) { + /* realloc argv */ + char **tmp = realloc(argv, (argc + increment) * sizeof(*argv)); + if(tmp == NULL) { + free(argv); + errno = ENOMEM; + return NULL; + } + argv = tmp; + argc += increment; + } + argv[i++] = va_arg(*ap, char*); + } while(argv[i - 1] != NULL); + return argv; +} + +/* + * return a malloced vector of pointers to the strings in `ap' + * terminated by NULL. + */ + +char ** ROKEN_LIB_FUNCTION +vstrcollect(va_list *ap) +{ + return sub (NULL, 0, 0, ap); +} + +/* + * + */ + +char ** ROKEN_LIB_FUNCTION +strcollect(char *first, ...) +{ + va_list ap; + char **ret = malloc (initial * sizeof(char *)); + + if (ret == NULL) + return ret; + + ret[0] = first; + va_start(ap, first); + ret = sub (ret, 1, initial, &ap); + va_end(ap); + return ret; +} diff --git a/source4/heimdal/lib/roken/vis.c b/source4/heimdal/lib/roken/vis.c index a4bde71e9b..3e54f6d58a 100644 --- a/source4/heimdal/lib/roken/vis.c +++ b/source4/heimdal/lib/roken/vis.c @@ -65,7 +65,7 @@ #if 1 #ifdef HAVE_CONFIG_H #include -RCSID("$Id: vis.c,v 1.9 2005/04/12 11:29:15 lha Exp $"); +RCSID("$Id: vis.c,v 1.13 2006/12/15 11:49:22 lha Exp $"); #endif #include #ifndef _DIAGASSERT @@ -108,6 +108,20 @@ __weak_alias(vis,_vis) #define BELL '\007' #endif +char ROKEN_LIB_FUNCTION + *rk_vis (char *, int, int, int); +char ROKEN_LIB_FUNCTION + *rk_svis (char *, int, int, int, const char *); +int ROKEN_LIB_FUNCTION + rk_strvis (char *, const char *, int); +int ROKEN_LIB_FUNCTION + rk_strsvis (char *, const char *, int, const char *); +int ROKEN_LIB_FUNCTION + rk_strvisx (char *, const char *, size_t, int); +int ROKEN_LIB_FUNCTION + rk_strsvisx (char *, const char *, size_t, int, const char *); + + #define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7') #define iswhite(c) (c == ' ' || c == '\t' || c == '\n') #define issafe(c) (c == '\b' || c == BELL || c == '\r') @@ -208,9 +222,9 @@ do { \ * svis - visually encode characters, also encoding the characters * pointed to by `extra' */ -#ifndef HAVE_SVIS + char * ROKEN_LIB_FUNCTION -svis(char *dst, int c, int flag, int nextc, const char *extra) +rk_svis(char *dst, int c, int flag, int nextc, const char *extra) { _DIAGASSERT(dst != NULL); _DIAGASSERT(extra != NULL); @@ -219,7 +233,6 @@ svis(char *dst, int c, int flag, int nextc, const char *extra) *dst = '\0'; return(dst); } -#endif /* @@ -237,9 +250,9 @@ svis(char *dst, int c, int flag, int nextc, const char *extra) * Strsvisx encodes exactly len bytes from src into dst. * This is useful for encoding a block of data. */ -#ifndef HAVE_STRSVIS + int ROKEN_LIB_FUNCTION -strsvis(char *dst, const char *src, int flag, const char *extra) +rk_strsvis(char *dst, const char *src, int flag, const char *extra) { char c; char *start; @@ -253,12 +266,10 @@ strsvis(char *dst, const char *src, int flag, const char *extra) *dst = '\0'; return (dst - start); } -#endif -#ifndef HAVE_STRVISX int ROKEN_LIB_FUNCTION -strsvisx(char *dst, const char *src, size_t len, int flag, const char *extra) +rk_strsvisx(char *dst, const char *src, size_t len, int flag, const char *extra) { char c; char *start; @@ -274,15 +285,13 @@ strsvisx(char *dst, const char *src, size_t len, int flag, const char *extra) *dst = '\0'; return (dst - start); } -#endif /* * vis - visually encode characters */ -#ifndef HAVE_VIS char * ROKEN_LIB_FUNCTION -vis(char *dst, int c, int flag, int nextc) +rk_vis(char *dst, int c, int flag, int nextc) { char extra[MAXEXTRAS]; @@ -293,7 +302,6 @@ vis(char *dst, int c, int flag, int nextc) *dst = '\0'; return (dst); } -#endif /* @@ -306,25 +314,22 @@ vis(char *dst, int c, int flag, int nextc) * Strvisx encodes exactly len bytes from src into dst. * This is useful for encoding a block of data. */ -#ifndef HAVE_STRVIS + int ROKEN_LIB_FUNCTION -strvis(char *dst, const char *src, int flag) +rk_strvis(char *dst, const char *src, int flag) { char extra[MAXEXTRAS]; MAKEEXTRALIST(flag, extra); - return (strsvis(dst, src, flag, extra)); + return (rk_strsvis(dst, src, flag, extra)); } -#endif -#ifndef HAVE_STRVISX int ROKEN_LIB_FUNCTION -strvisx(char *dst, const char *src, size_t len, int flag) +rk_strvisx(char *dst, const char *src, size_t len, int flag) { char extra[MAXEXTRAS]; MAKEEXTRALIST(flag, extra); - return (strsvisx(dst, src, len, flag, extra)); + return (rk_strsvisx(dst, src, len, flag, extra)); } -#endif diff --git a/source4/heimdal/lib/roken/vis.hin b/source4/heimdal/lib/roken/vis.hin index 5b45c94362..b7a6f3ceff 100644 --- a/source4/heimdal/lib/roken/vis.hin +++ b/source4/heimdal/lib/roken/vis.hin @@ -1,5 +1,5 @@ /* $NetBSD: vis.h,v 1.11 1999/11/25 16:55:50 wennmach Exp $ */ -/* $Id: vis.hin,v 1.3 2005/04/12 11:29:15 lha Exp $ */ +/* $Id: vis.hin,v 1.7 2006/12/15 11:53:09 lha Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -79,20 +79,37 @@ #define UNVIS_END 1 /* no more characters */ char ROKEN_LIB_FUNCTION - *vis (char *, int, int, int); + *rk_vis (char *, int, int, int); char ROKEN_LIB_FUNCTION - *svis (char *, int, int, int, const char *); + *rk_svis (char *, int, int, int, const char *); int ROKEN_LIB_FUNCTION - strvis (char *, const char *, int); + rk_strvis (char *, const char *, int); int ROKEN_LIB_FUNCTION - strsvis (char *, const char *, int, const char *); + rk_strsvis (char *, const char *, int, const char *); int ROKEN_LIB_FUNCTION - strvisx (char *, const char *, size_t, int); + rk_strvisx (char *, const char *, size_t, int); int ROKEN_LIB_FUNCTION - strsvisx (char *, const char *, size_t, int, const char *); + rk_strsvisx (char *, const char *, size_t, int, const char *); int ROKEN_LIB_FUNCTION - strunvis (char *, const char *); + rk_strunvis (char *, const char *); int ROKEN_LIB_FUNCTION - unvis (char *, int, int *, int); + rk_unvis (char *, int, int *, int); + +#undef vis +#define vis(a,b,c,d) rk_vis(a,b,c,d) +#undef svis +#define svis(a,b,c,d,e) rk_svis(a,b,c,d,e) +#undef strvis +#define strvis(a,b,c) rk_strvis(a,b,c) +#undef strsvis +#define strsvis(a,b,c,d) rk_strsvis(a,b,c,d) +#undef strvisx +#define strvisx(a,b,c,d) rk_strvisx(a,b,c,d) +#undef strsvisx +#define strsvisx(a,b,c,d,e) rk_strsvisx(a,b,c,d,e) +#undef strunvis +#define strunvis(a,b) rk_strunvis(a,b) +#undef unvis +#define unvis(a,b,c,d) rk_unvis(a,b,c,d) #endif /* !_VIS_H_ */ diff --git a/source4/heimdal/lib/vers/print_version.c b/source4/heimdal/lib/vers/print_version.c index 92c709b494..5f5a2c4a4a 100644 --- a/source4/heimdal/lib/vers/print_version.c +++ b/source4/heimdal/lib/vers/print_version.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: print_version.c,v 1.9 2005/01/01 14:27:47 lha Exp $"); +RCSID("$Id: print_version.c,v 1.10 2006/12/29 16:00:16 lha Exp $"); #endif #include "roken.h" @@ -50,6 +50,6 @@ print_version(const char *progname) if(*package_list == '\0') package_list = "no version information"; fprintf(stderr, "%s (%s)\n", progname, package_list); - fprintf(stderr, "Copyright 1999-2005 Kungliga Tekniska Högskolan\n"); + fprintf(stderr, "Copyright 1995-2007 Kungliga Tekniska Högskolan\n"); fprintf(stderr, "Send bug-reports to %s\n", PACKAGE_BUGREPORT); } -- cgit From 126b48e5ab9e8b441e785f3a1a941595bdcfc1b3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 10 Jan 2007 02:37:27 +0000 Subject: r20642: This bit of autoconf causes us pain. Revert back to how we had things before the last merge. Andrew Bartlett (This used to be commit 9e7124cc85ec9ed8291769689aa38ab14b3754d8) --- source4/heimdal/cf/check-var.m4 | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/cf/check-var.m4 b/source4/heimdal/cf/check-var.m4 index b33b5c6e28..1f06b479c6 100644 --- a/source4/heimdal/cf/check-var.m4 +++ b/source4/heimdal/cf/check-var.m4 @@ -23,5 +23,4 @@ if test "$ac_foo" = yes; then fi ]) -AC_WARNING_ENABLE([obsolete]) AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo]) -- cgit From 2309c52444619c9296f49d6d2a4ba142893eb835 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 10 Jan 2007 02:49:40 +0000 Subject: r20643: Remove generated files accidentilly committed. Andrew Bartlett (This used to be commit 12953ee765de1beeab547cb30ab292b77501d9c9) --- source4/heimdal/lib/hx509/asn1_id_pkix_ocsp.x | 22 --- .../heimdal/lib/hx509/asn1_id_pkix_ocsp_basic.x | 22 --- .../heimdal/lib/hx509/asn1_id_pkix_ocsp_nonce.x | 22 --- source4/heimdal/lib/hx509/hx509_err.c | 157 --------------------- 4 files changed, 223 deletions(-) delete mode 100644 source4/heimdal/lib/hx509/asn1_id_pkix_ocsp.x delete mode 100644 source4/heimdal/lib/hx509/asn1_id_pkix_ocsp_basic.x delete mode 100644 source4/heimdal/lib/hx509/asn1_id_pkix_ocsp_nonce.x delete mode 100644 source4/heimdal/lib/hx509/hx509_err.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp.x b/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp.x deleted file mode 100644 index e17bad6ed8..0000000000 --- a/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp.x +++ /dev/null @@ -1,22 +0,0 @@ -/* Generated from /home/data/samba/samba4/svn/source/heimdal/lib/hx509/ocsp.asn1 */ -/* Do not edit */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static unsigned oid_id_pkix_ocsp_variable_num[9] = {1, 3, 6, 1, 5, 5, 7, 48, 1 }; -static const heim_oid oid_id_pkix_ocsp_variable = { 9, oid_id_pkix_ocsp_variable_num }; - -const heim_oid *oid_id_pkix_ocsp(void) -{ -return &oid_id_pkix_ocsp_variable; -} - diff --git a/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp_basic.x b/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp_basic.x deleted file mode 100644 index 6f030f1713..0000000000 --- a/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp_basic.x +++ /dev/null @@ -1,22 +0,0 @@ -/* Generated from /home/data/samba/samba4/svn/source/heimdal/lib/hx509/ocsp.asn1 */ -/* Do not edit */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static unsigned oid_id_pkix_ocsp_basic_variable_num[10] = {1, 3, 6, 1, 5, 5, 7, 48, 1, 1 }; -static const heim_oid oid_id_pkix_ocsp_basic_variable = { 10, oid_id_pkix_ocsp_basic_variable_num }; - -const heim_oid *oid_id_pkix_ocsp_basic(void) -{ -return &oid_id_pkix_ocsp_basic_variable; -} - diff --git a/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp_nonce.x b/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp_nonce.x deleted file mode 100644 index 36d7422a0d..0000000000 --- a/source4/heimdal/lib/hx509/asn1_id_pkix_ocsp_nonce.x +++ /dev/null @@ -1,22 +0,0 @@ -/* Generated from /home/data/samba/samba4/svn/source/heimdal/lib/hx509/ocsp.asn1 */ -/* Do not edit */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static unsigned oid_id_pkix_ocsp_nonce_variable_num[10] = {1, 3, 6, 1, 5, 5, 7, 48, 1, 2 }; -static const heim_oid oid_id_pkix_ocsp_nonce_variable = { 10, oid_id_pkix_ocsp_nonce_variable_num }; - -const heim_oid *oid_id_pkix_ocsp_nonce(void) -{ -return &oid_id_pkix_ocsp_nonce_variable; -} - diff --git a/source4/heimdal/lib/hx509/hx509_err.c b/source4/heimdal/lib/hx509/hx509_err.c deleted file mode 100644 index 339759d6b7..0000000000 --- a/source4/heimdal/lib/hx509/hx509_err.c +++ /dev/null @@ -1,157 +0,0 @@ -/* Generated from /home/data/samba/samba4/svn/source/heimdal/lib/hx509/hx509_err.et */ -/* $Id: hx509_err.et,v 1.19 2006/12/30 23:05:39 lha Exp $ */ - -#include -#include -#include "hx509_err.h" - -static const char *hx_error_strings[] = { - /* 000 */ "ASN.1 failed call to system time library", - /* 001 */ "Extension not found", - /* 002 */ "Certification path not found", - /* 003 */ "Parent certificate is not a CA", - /* 004 */ "CA path too deep", - /* 005 */ "Signature algorithm not supported", - /* 006 */ "Signature algorithm doesn't match certificate key", - /* 007 */ "Certificate used before it became valid", - /* 008 */ "Certificate used after it became invalid", - /* 009 */ "Private key required for the operation is missing", - /* 010 */ "Algorithm not supported", - /* 011 */ "Issuer couldn't be found", - /* 012 */ "Error verifing constraints", - /* 013 */ "Number too large", - /* 014 */ "Error while verifing name constraints", - /* 015 */ "Path is too long, failed to find valid anchor", - /* 016 */ "Required keyusage for this certificate is missing", - /* 017 */ "Certificate not found", - /* 018 */ "Unknown lock command", - /* 019 */ "Parent certificate is a CA", - /* 020 */ "Extra data was found after the structure", - /* 021 */ "Proxy certificate is invalid", - /* 022 */ "Proxy certificate name is wrong", - /* 023 */ "Name is malformated", - /* 024 */ "Certificate is malformated", - /* 025 */ "Certificate is missing a required EKU", - /* 026 */ "Proxy certificate not canonicalize", - /* 027 */ "Reserved hx error (27)", - /* 028 */ "Reserved hx error (28)", - /* 029 */ "Reserved hx error (29)", - /* 030 */ "Reserved hx error (30)", - /* 031 */ "Reserved hx error (31)", - /* 032 */ "Failed to create signature", - /* 033 */ "Missing signer data", - /* 034 */ "Couldn't find signers certificate", - /* 035 */ "No data to perform the operation on", - /* 036 */ "Data in the message is invalid", - /* 037 */ "Padding in the message invalid", - /* 038 */ "Couldn't find recipient certificate", - /* 039 */ "Mismatch bewteen signed type and unsigned type", - /* 040 */ "Reserved hx error (40)", - /* 041 */ "Reserved hx error (41)", - /* 042 */ "Reserved hx error (42)", - /* 043 */ "Reserved hx error (43)", - /* 044 */ "Reserved hx error (44)", - /* 045 */ "Reserved hx error (45)", - /* 046 */ "Reserved hx error (46)", - /* 047 */ "Reserved hx error (47)", - /* 048 */ "Reserved hx error (48)", - /* 049 */ "Reserved hx error (49)", - /* 050 */ "Reserved hx error (50)", - /* 051 */ "Reserved hx error (51)", - /* 052 */ "Reserved hx error (52)", - /* 053 */ "Reserved hx error (53)", - /* 054 */ "Reserved hx error (54)", - /* 055 */ "Reserved hx error (55)", - /* 056 */ "Reserved hx error (56)", - /* 057 */ "Reserved hx error (57)", - /* 058 */ "Reserved hx error (58)", - /* 059 */ "Reserved hx error (59)", - /* 060 */ "Reserved hx error (60)", - /* 061 */ "Reserved hx error (61)", - /* 062 */ "Reserved hx error (62)", - /* 063 */ "Reserved hx error (63)", - /* 064 */ "Internal error in the crypto engine", - /* 065 */ "External error in the crypto engine", - /* 066 */ "Signature missing for data", - /* 067 */ "Signature is not valid", - /* 068 */ "Sigature doesn't provide confidentiality", - /* 069 */ "Invalid format on signature", - /* 070 */ "Mismatch bewteen oids", - /* 071 */ "No prompter function defined", - /* 072 */ "Signature require signer, but non available", - /* 073 */ "RSA public encyption failed", - /* 074 */ "RSA public encyption failed", - /* 075 */ "RSA private decryption failed", - /* 076 */ "RSA private decryption failed", - /* 077 */ "Reserved hx error (77)", - /* 078 */ "Reserved hx error (78)", - /* 079 */ "Reserved hx error (79)", - /* 080 */ "Reserved hx error (80)", - /* 081 */ "Reserved hx error (81)", - /* 082 */ "Reserved hx error (82)", - /* 083 */ "Reserved hx error (83)", - /* 084 */ "Reserved hx error (84)", - /* 085 */ "Reserved hx error (85)", - /* 086 */ "Reserved hx error (86)", - /* 087 */ "Reserved hx error (87)", - /* 088 */ "Reserved hx error (88)", - /* 089 */ "Reserved hx error (89)", - /* 090 */ "Reserved hx error (90)", - /* 091 */ "Reserved hx error (91)", - /* 092 */ "Reserved hx error (92)", - /* 093 */ "Reserved hx error (93)", - /* 094 */ "Reserved hx error (94)", - /* 095 */ "Reserved hx error (95)", - /* 096 */ "CRL used before it became valid", - /* 097 */ "CRL used after it became invalid", - /* 098 */ "CRL have invalid format", - /* 099 */ "Certificate is included in CRL", - /* 100 */ "No revoke status found for certificates", - /* 101 */ "Unknown extension", - /* 102 */ "Got wrong CRL/OCSP data from server", - /* 103 */ "Doesn't have same parent as other certificaes", - /* 104 */ "Reserved hx error (104)", - /* 105 */ "Reserved hx error (105)", - /* 106 */ "Reserved hx error (106)", - /* 107 */ "Reserved hx error (107)", - /* 108 */ "No local key attribute", - /* 109 */ "Failed to parse key", - /* 110 */ "Unsupported operation", - /* 111 */ "Unimplemented operation", - /* 112 */ "Failed to parse name", - /* 113 */ "Reserved hx error (113)", - /* 114 */ "Reserved hx error (114)", - /* 115 */ "Reserved hx error (115)", - /* 116 */ "Reserved hx error (116)", - /* 117 */ "Reserved hx error (117)", - /* 118 */ "Reserved hx error (118)", - /* 119 */ "Reserved hx error (119)", - /* 120 */ "Reserved hx error (120)", - /* 121 */ "Reserved hx error (121)", - /* 122 */ "Reserved hx error (122)", - /* 123 */ "Reserved hx error (123)", - /* 124 */ "Reserved hx error (124)", - /* 125 */ "Reserved hx error (125)", - /* 126 */ "Reserved hx error (126)", - /* 127 */ "Reserved hx error (127)", - /* 128 */ "No smartcard reader/device found", - /* 129 */ "No smartcard in reader", - /* 130 */ "No supported mech(s)", - /* 131 */ "Token or slot failed in inconsistent way", - /* 132 */ "Failed to open session to slot", - /* 133 */ "Failed to login to slot", - /* 134 */ "Failed to load PKCS module", - NULL -}; - -#define num_errors 135 - -void initialize_hx_error_table_r(struct et_list **list) -{ - initialize_error_table_r(list, hx_error_strings, num_errors, ERROR_TABLE_BASE_hx); -} - -void initialize_hx_error_table(void) -{ - init_error_table(hx_error_strings, ERROR_TABLE_BASE_hx, num_errors); -} -- cgit From f6274959ba381b6b5d025cb0cee78665107a72a6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 10 Jan 2007 11:16:11 +0000 Subject: r20647: add cluster code (This used to be commit 5870830b99a8d76bda1ff5af3fcf8dda9aba50ec) --- source4/heimdal/lib/asn1/lex.c | 1365 +++++++++++++++++++++++----------------- 1 file changed, 778 insertions(+), 587 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index 10b4d65a7e..fb9a081244 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -1,31 +1,93 @@ -/* A lexical scanner generated by flex*/ +#include "config.h" -/* Scanner skeleton version: - * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ - */ +#line 3 "lex.yy.c" + +#define YY_INT_ALIGNED short int + +/* A lexical scanner generated by flex */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 +#define YY_FLEX_SUBMINOR_VERSION 33 +#if YY_FLEX_SUBMINOR_VERSION > 0 +#define FLEX_BETA +#endif +/* First, we deal with platform-specific or compiler-specific issues. */ + +/* begin standard C headers. */ #include -#include +#include +#include +#include +/* end standard C headers. */ -/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ -#ifdef c_plusplus -#ifndef __cplusplus -#define __cplusplus -#endif +/* flex integer type definitions */ + +#ifndef FLEXINT_H +#define FLEXINT_H + +/* C99 systems have . Non-C99 systems may or may not. */ + +#if __STDC_VERSION__ >= 199901L + +/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, + * if you want the limit (max/min) macros for int types. + */ +#ifndef __STDC_LIMIT_MACROS +#define __STDC_LIMIT_MACROS 1 #endif +#include +typedef int8_t flex_int8_t; +typedef uint8_t flex_uint8_t; +typedef int16_t flex_int16_t; +typedef uint16_t flex_uint16_t; +typedef int32_t flex_int32_t; +typedef uint32_t flex_uint32_t; +#else +typedef signed char flex_int8_t; +typedef short int flex_int16_t; +typedef int flex_int32_t; +typedef unsigned char flex_uint8_t; +typedef unsigned short int flex_uint16_t; +typedef unsigned int flex_uint32_t; +#endif /* ! C99 */ -#ifdef __cplusplus +/* Limits of integral types. */ +#ifndef INT8_MIN +#define INT8_MIN (-128) +#endif +#ifndef INT16_MIN +#define INT16_MIN (-32767-1) +#endif +#ifndef INT32_MIN +#define INT32_MIN (-2147483647-1) +#endif +#ifndef INT8_MAX +#define INT8_MAX (127) +#endif +#ifndef INT16_MAX +#define INT16_MAX (32767) +#endif +#ifndef INT32_MAX +#define INT32_MAX (2147483647) +#endif +#ifndef UINT8_MAX +#define UINT8_MAX (255U) +#endif +#ifndef UINT16_MAX +#define UINT16_MAX (65535U) +#endif +#ifndef UINT32_MAX +#define UINT32_MAX (4294967295U) +#endif -#include +#endif /* ! FLEXINT_H */ -/* Use prototypes in function declarations. */ -#define YY_USE_PROTOS +#ifdef __cplusplus /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST @@ -34,34 +96,17 @@ #if __STDC__ -#define YY_USE_PROTOS #define YY_USE_CONST #endif /* __STDC__ */ #endif /* ! __cplusplus */ -#ifdef __TURBOC__ - #pragma warn -rch - #pragma warn -use -#include -#include -#define YY_USE_CONST -#define YY_USE_PROTOS -#endif - #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif - -#ifdef YY_USE_PROTOS -#define YY_PROTO(proto) proto -#else -#define YY_PROTO(proto) () -#endif - /* Returned upon end-of-file. */ #define YY_NULL 0 @@ -76,80 +121,75 @@ * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ -#define BEGIN yy_start = 1 + 2 * +#define BEGIN (yy_start) = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ -#define YY_START ((yy_start - 1) / 2) +#define YY_START (((yy_start) - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart( yyin ) +#define YY_NEW_FILE yyrestart(yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ +#ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 +#endif +/* The state buf must be large enough to hold one state per character in the main buffer. + */ +#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) + +#ifndef YY_TYPEDEF_YY_BUFFER_STATE +#define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; +#endif extern int yyleng; + extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 -/* The funky do-while in the following #define is used to turn the definition - * int a single C statement (which needs a semi-colon terminator). This - * avoids problems with code like: - * - * if ( condition_holds ) - * yyless( 5 ); - * else - * do_something_else(); - * - * Prior to using the do-while the compiler would get upset at the - * "else" because it interpreted the "if" statement as being all - * done when it reached the ';' after the yyless() call. - */ - -/* Return all but the first 'n' matched characters back to the input stream. */ - + #define YY_LESS_LINENO(n) + +/* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ - *yy_cp = yy_hold_char; \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + *yy_cp = (yy_hold_char); \ YY_RESTORE_YY_MORE_OFFSET \ - yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ + (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) -#define unput(c) yyunput( c, yytext_ptr ) - -/* Some routines like yy_flex_realloc() are emitted as static but are - not called by all lexers. This generates warnings in some compilers, - notably GCC. Arrange to suppress these. */ -#ifdef __GNUC__ -#define YY_MAY_BE_UNUSED __attribute__((unused)) -#else -#define YY_MAY_BE_UNUSED -#endif +#define unput(c) yyunput( c, (yytext_ptr) ) /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). */ -typedef unsigned int yy_size_t; +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef unsigned int yy_size_t; +#endif +#ifndef YY_STRUCT_YY_BUFFER_STATE +#define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state { FILE *yy_input_file; @@ -186,12 +226,16 @@ struct yy_buffer_state */ int yy_at_bol; + int yy_bs_lineno; /**< The line count. */ + int yy_bs_column; /**< The column count. */ + /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; + #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process @@ -205,28 +249,38 @@ struct yy_buffer_state * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 + }; +#endif /* !YY_STRUCT_YY_BUFFER_STATE */ -static YY_BUFFER_STATE yy_current_buffer = 0; +/* Stack of input buffers. */ +static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ +static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ +static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". + * + * Returns the top of the stack, or NULL. */ -#define YY_CURRENT_BUFFER yy_current_buffer +#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ + ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ + : NULL) +/* Same as previous macro, but useful when we know that the buffer stack is not + * NULL or when we need an lvalue. For internal use only. + */ +#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; - static int yy_n_chars; /* number of characters read into yy_ch_buf */ - - int yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; -static int yy_init = 1; /* whether we need to initialize */ +static int yy_init = 0; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ /* Flag which is used to allow yywrap()'s to do buffer switches @@ -234,66 +288,92 @@ static int yy_start = 0; /* start state number */ */ static int yy_did_buffer_switch_on_eof; -void yyrestart YY_PROTO(( FILE *input_file )); +void yyrestart (FILE *input_file ); +void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); +YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); +void yy_delete_buffer (YY_BUFFER_STATE b ); +void yy_flush_buffer (YY_BUFFER_STATE b ); +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); +void yypop_buffer_state (void ); + +static void yyensure_buffer_stack (void ); +static void yy_load_buffer_state (void ); +static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); -void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); -void yy_load_buffer_state YY_PROTO(( void )); -YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); -void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); -void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); -void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); -#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) +#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) -YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); -YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); -YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); +YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); +YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); +YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); -static void *yy_flex_alloc YY_PROTO(( yy_size_t )); -static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )) YY_MAY_BE_UNUSED; -static void yy_flex_free YY_PROTO(( void * )); +void *yyalloc (yy_size_t ); +void *yyrealloc (void *,yy_size_t ); +void yyfree (void * ); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_is_interactive = is_interactive; \ + if ( ! YY_CURRENT_BUFFER ){ \ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_at_bol = at_bol; \ + if ( ! YY_CURRENT_BUFFER ){\ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ } -#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) +#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) + +/* Begin user sect3 */ typedef unsigned char YY_CHAR; + FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; + typedef int yy_state_type; + +extern int yylineno; + +int yylineno = 1; + extern char *yytext; #define yytext_ptr yytext -static yy_state_type yy_get_previous_state YY_PROTO(( void )); -static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); -static int yy_get_next_buffer YY_PROTO(( void )); -static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); +static yy_state_type yy_get_previous_state (void ); +static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); +static int yy_get_next_buffer (void ); +static void yy_fatal_error (yyconst char msg[] ); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ - yytext_ptr = yy_bp; \ - yyleng = (int) (yy_cp - yy_bp); \ - yy_hold_char = *yy_cp; \ + (yytext_ptr) = yy_bp; \ + yyleng = (size_t) (yy_cp - yy_bp); \ + (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ - yy_c_buf_p = yy_cp; + (yy_c_buf_p) = yy_cp; #define YY_NUM_RULES 95 #define YY_END_OF_BUFFER 96 -static yyconst short int yy_accept[568] = +/* This struct is not used in this scanner, + but its presence is necessary. */ +struct yy_trans_info + { + flex_int32_t yy_verify; + flex_int32_t yy_nxt; + }; +static yyconst flex_int16_t yy_accept[568] = { 0, 0, 0, 96, 94, 90, 91, 87, 81, 81, 94, 94, 88, 88, 94, 89, 89, 89, 89, 89, 89, @@ -359,7 +439,7 @@ static yyconst short int yy_accept[568] = 32, 89, 59, 70, 77, 53, 0 } ; -static yyconst int yy_ec[256] = +static yyconst flex_int32_t yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -391,7 +471,7 @@ static yyconst int yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst int yy_meta[70] = +static yyconst flex_int32_t yy_meta[70] = { 0, 1, 1, 1, 1, 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, 3, 3, 1, 1, 3, 3, @@ -402,7 +482,7 @@ static yyconst int yy_meta[70] = 2, 2, 2, 2, 2, 2, 2, 2, 2 } ; -static yyconst short int yy_base[570] = +static yyconst flex_int16_t yy_base[570] = { 0, 0, 0, 636, 637, 637, 637, 637, 637, 63, 627, 628, 70, 77, 616, 74, 72, 76, 609, 65, 81, @@ -468,7 +548,7 @@ static yyconst short int yy_base[570] = 0, 101, 0, 0, 0, 0, 637, 223, 69 } ; -static yyconst short int yy_def[570] = +static yyconst flex_int16_t yy_def[570] = { 0, 567, 1, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 568, 568, 568, 568, 568, 568, @@ -534,7 +614,7 @@ static yyconst short int yy_def[570] = 568, 568, 568, 568, 568, 568, 0, 567, 567 } ; -static yyconst short int yy_nxt[707] = +static yyconst flex_int16_t yy_nxt[707] = { 0, 4, 5, 6, 7, 8, 4, 9, 10, 11, 12, 13, 13, 13, 13, 13, 13, 14, 4, 15, 16, @@ -616,7 +696,7 @@ static yyconst short int yy_nxt[707] = 567, 567, 567, 567, 567, 567 } ; -static yyconst short int yy_chk[707] = +static yyconst flex_int16_t yy_chk[707] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -701,6 +781,9 @@ static yyconst short int yy_chk[707] = static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; +extern int yy_flex_debug; +int yy_flex_debug = 0; + /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ @@ -710,7 +793,6 @@ static char *yy_last_accepting_cpos; #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "lex.l" -#define INITIAL 0 #line 2 "lex.l" /* * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan @@ -770,7 +852,23 @@ static unsigned lineno = 1; static void unterminated(const char *, unsigned); /* This is for broken old lexes (solaris 10 and hpux) */ -#line 774 "lex.c" +#line 855 "lex.yy.c" + +#define INITIAL 0 + +#ifndef YY_NO_UNISTD_H +/* Special case for "unistd.h", since it is non-ANSI. We include it way + * down here because we want the user's section 1 to have been scanned first. + * The user has a chance to override it with an option. + */ +#include +#endif + +#ifndef YY_EXTRA_TYPE +#define YY_EXTRA_TYPE void * +#endif + +static int yy_init_globals (void ); /* Macros after this point can all be overridden by user definitions in * section 1. @@ -778,65 +876,30 @@ static void unterminated(const char *, unsigned); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int yywrap YY_PROTO(( void )); +extern "C" int yywrap (void ); #else -extern int yywrap YY_PROTO(( void )); +extern int yywrap (void ); #endif #endif -#ifndef YY_NO_UNPUT -static void yyunput YY_PROTO(( int c, char *buf_ptr )); -#endif - + static void yyunput (int c,char *buf_ptr ); + #ifndef yytext_ptr -static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); +static void yy_flex_strncpy (char *,yyconst char *,int ); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen YY_PROTO(( yyconst char * )); +static int yy_flex_strlen (yyconst char * ); #endif #ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput YY_PROTO(( void )); -#else -static int input YY_PROTO(( void )); -#endif -#endif - -#if YY_STACK_USED -static int yy_start_stack_ptr = 0; -static int yy_start_stack_depth = 0; -static int *yy_start_stack = 0; -#ifndef YY_NO_PUSH_STATE -static void yy_push_state YY_PROTO(( int new_state )); -#endif -#ifndef YY_NO_POP_STATE -static void yy_pop_state YY_PROTO(( void )); -#endif -#ifndef YY_NO_TOP_STATE -static int yy_top_state YY_PROTO(( void )); -#endif +#ifdef __cplusplus +static int yyinput (void ); #else -#define YY_NO_PUSH_STATE 1 -#define YY_NO_POP_STATE 1 -#define YY_NO_TOP_STATE 1 +static int input (void ); #endif -#ifdef YY_MALLOC_DECL -YY_MALLOC_DECL -#else -#if __STDC__ -#ifndef __cplusplus -#include -#endif -#else -/* Just try to get by without declaring the routines. This will fail - * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) - * or sizeof(void*) != sizeof(int). - */ -#endif #endif /* Amount of stuff to slurp up with each read. */ @@ -845,7 +908,6 @@ YY_MALLOC_DECL #endif /* Copy whatever the last rule matched to the standard output. */ - #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). @@ -858,9 +920,10 @@ YY_MALLOC_DECL */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) \ + if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ - int c = '*', n; \ + int c = '*'; \ + size_t n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -870,9 +933,22 @@ YY_MALLOC_DECL YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ - else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ - && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); + else \ + { \ + errno=0; \ + while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ + { \ + if( errno != EINTR) \ + { \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + break; \ + } \ + errno=0; \ + clearerr(yyin); \ + } \ + }\ +\ + #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - @@ -893,12 +969,18 @@ YY_MALLOC_DECL #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif +/* end tables serialization structures and prototypes */ + /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL -#define YY_DECL int yylex YY_PROTO(( void )) -#endif +#define YY_DECL_IS_OURS 1 + +extern int yylex (void); + +#define YY_DECL int yylex (void) +#endif /* !YY_DECL */ /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. @@ -915,26 +997,28 @@ YY_MALLOC_DECL #define YY_RULE_SETUP \ YY_USER_ACTION +/** The main scanner function which does all the work. + */ YY_DECL - { +{ register yy_state_type yy_current_state; - register char *yy_cp = NULL, *yy_bp = NULL; + register char *yy_cp, *yy_bp; register int yy_act; - + #line 68 "lex.l" -#line 927 "lex.c" +#line 1010 "lex.yy.c" - if ( yy_init ) + if ( !(yy_init) ) { - yy_init = 0; + (yy_init) = 1; #ifdef YY_USER_INIT YY_USER_INIT; #endif - if ( ! yy_start ) - yy_start = 1; /* first start state */ + if ( ! (yy_start) ) + (yy_start) = 1; /* first start state */ if ( ! yyin ) yyin = stdin; @@ -942,34 +1026,36 @@ YY_DECL if ( ! yyout ) yyout = stdout; - if ( ! yy_current_buffer ) - yy_current_buffer = - yy_create_buffer( yyin, YY_BUF_SIZE ); + if ( ! YY_CURRENT_BUFFER ) { + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } - yy_load_buffer_state(); + yy_load_buffer_state( ); } while ( 1 ) /* loops until end-of-file is reached */ { - yy_cp = yy_c_buf_p; + yy_cp = (yy_c_buf_p); /* Support of yytext. */ - *yy_cp = yy_hold_char; + *yy_cp = (yy_hold_char); /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; - yy_current_state = yy_start; + yy_current_state = (yy_start); yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -986,24 +1072,22 @@ yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; - do_action: /* This label is used only to access EOF actions. */ - switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = yy_hold_char; - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; + *yy_cp = (yy_hold_char); + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); goto yy_find_action; case 1: @@ -1567,6 +1651,7 @@ YY_RULE_SETUP ; YY_BREAK case 91: +/* rule 91 can match eol */ YY_RULE_SETUP #line 270 "lex.l" { ++lineno; } @@ -1591,33 +1676,33 @@ YY_RULE_SETUP #line 274 "lex.l" ECHO; YY_BREAK -#line 1595 "lex.c" +#line 1679 "lex.yy.c" case YY_STATE_EOF(INITIAL): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; + int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = yy_hold_char; + *yy_cp = (yy_hold_char); YY_RESTORE_YY_MORE_OFFSET - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure - * consistency between yy_current_buffer and our + * consistency between YY_CURRENT_BUFFER and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ - yy_n_chars = yy_current_buffer->yy_n_chars; - yy_current_buffer->yy_input_file = yyin; - yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position @@ -1627,13 +1712,13 @@ case YY_STATE_EOF(INITIAL): * end-of-buffer state). Contrast this with the test * in input(). */ - if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) { /* This was really a NUL. */ yy_state_type yy_next_state; - yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; + (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); /* Okay, we're now positioned to make the NUL * transition. We couldn't have @@ -1646,30 +1731,30 @@ case YY_STATE_EOF(INITIAL): yy_next_state = yy_try_NUL_trans( yy_current_state ); - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_bp = (yytext_ptr) + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ - yy_cp = ++yy_c_buf_p; + yy_cp = ++(yy_c_buf_p); yy_current_state = yy_next_state; goto yy_match; } else { - yy_cp = yy_c_buf_p; + yy_cp = (yy_c_buf_p); goto yy_find_action; } } - else switch ( yy_get_next_buffer() ) + else switch ( yy_get_next_buffer( ) ) { case EOB_ACT_END_OF_FILE: { - yy_did_buffer_switch_on_eof = 0; + (yy_did_buffer_switch_on_eof) = 0; - if ( yywrap() ) + if ( yywrap( ) ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -1680,7 +1765,7 @@ case YY_STATE_EOF(INITIAL): * YY_NULL, it'll still work - another * YY_NULL will get returned. */ - yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; + (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; @@ -1688,30 +1773,30 @@ case YY_STATE_EOF(INITIAL): else { - if ( ! yy_did_buffer_switch_on_eof ) + if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = - yytext_ptr + yy_amount_of_matched_text; + (yy_c_buf_p) = + (yytext_ptr) + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: - yy_c_buf_p = - &yy_current_buffer->yy_ch_buf[yy_n_chars]; + (yy_c_buf_p) = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_find_action; } break; @@ -1722,8 +1807,7 @@ case YY_STATE_EOF(INITIAL): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ - } /* end of yylex */ - +} /* end of yylex */ /* yy_get_next_buffer - try to read in a new buffer * @@ -1732,21 +1816,20 @@ case YY_STATE_EOF(INITIAL): * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ - -static int yy_get_next_buffer() - { - register char *dest = yy_current_buffer->yy_ch_buf; - register char *source = yytext_ptr; +static int yy_get_next_buffer (void) +{ + register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + register char *source = (yytext_ptr); register int number_to_move, i; int ret_val; - if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) + if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); - if ( yy_current_buffer->yy_fill_buffer == 0 ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ - if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) + if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. @@ -1766,34 +1849,30 @@ static int yy_get_next_buffer() /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; + number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ - yy_current_buffer->yy_n_chars = yy_n_chars = 0; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; else { - int num_to_read = - yy_current_buffer->yy_buf_size - number_to_move - 1; + int num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ -#ifdef YY_USES_REJECT - YY_FATAL_ERROR( -"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); -#else /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = yy_current_buffer; + YY_BUFFER_STATE b = YY_CURRENT_BUFFER; int yy_c_buf_p_offset = - (int) (yy_c_buf_p - b->yy_ch_buf); + (int) ((yy_c_buf_p) - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { @@ -1806,8 +1885,7 @@ static int yy_get_next_buffer() b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - yy_flex_realloc( (void *) b->yy_ch_buf, - b->yy_buf_size + 2 ); + yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ @@ -1817,35 +1895,35 @@ static int yy_get_next_buffer() YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); - yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; + (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; - num_to_read = yy_current_buffer->yy_buf_size - + num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; -#endif + } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ - YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), - yy_n_chars, num_to_read ); + YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), + (yy_n_chars), (size_t) num_to_read ); - yy_current_buffer->yy_n_chars = yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } - if ( yy_n_chars == 0 ) + if ( (yy_n_chars) == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - yyrestart( yyin ); + yyrestart(yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; - yy_current_buffer->yy_buffer_status = + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } @@ -1853,32 +1931,31 @@ static int yy_get_next_buffer() else ret_val = EOB_ACT_CONTINUE_SCAN; - yy_n_chars += number_to_move; - yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; - yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; + (yy_n_chars) += number_to_move; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; - yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; + (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; return ret_val; - } - +} /* yy_get_previous_state - get the state just before the EOB char was reached */ -static yy_state_type yy_get_previous_state() - { + static yy_state_type yy_get_previous_state (void) +{ register yy_state_type yy_current_state; register char *yy_cp; + + yy_current_state = (yy_start); - yy_current_state = yy_start; - - for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) + for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1890,30 +1967,23 @@ static yy_state_type yy_get_previous_state() } return yy_current_state; - } - +} /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ - -#ifdef YY_USE_PROTOS -static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) -#else -static yy_state_type yy_try_NUL_trans( yy_current_state ) -yy_state_type yy_current_state; -#endif - { + static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) +{ register int yy_is_jam; - register char *yy_cp = yy_c_buf_p; + register char *yy_cp = (yy_c_buf_p); register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1925,81 +1995,73 @@ yy_state_type yy_current_state; yy_is_jam = (yy_current_state == 567); return yy_is_jam ? 0 : yy_current_state; - } - +} -#ifndef YY_NO_UNPUT -#ifdef YY_USE_PROTOS -static void yyunput( int c, register char *yy_bp ) -#else -static void yyunput( c, yy_bp ) -int c; -register char *yy_bp; -#endif - { - register char *yy_cp = yy_c_buf_p; + static void yyunput (int c, register char * yy_bp ) +{ + register char *yy_cp; + + yy_cp = (yy_c_buf_p); /* undo effects of setting up yytext */ - *yy_cp = yy_hold_char; + *yy_cp = (yy_hold_char); - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = yy_n_chars + 2; - register char *dest = &yy_current_buffer->yy_ch_buf[ - yy_current_buffer->yy_buf_size + 2]; + register int number_to_move = (yy_n_chars) + 2; + register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; register char *source = - &yy_current_buffer->yy_ch_buf[number_to_move]; + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; - while ( source > yy_current_buffer->yy_ch_buf ) + while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); - yy_current_buffer->yy_n_chars = - yy_n_chars = yy_current_buffer->yy_buf_size; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; - - yytext_ptr = yy_bp; - yy_hold_char = *yy_cp; - yy_c_buf_p = yy_cp; - } -#endif /* ifndef YY_NO_UNPUT */ - + (yytext_ptr) = yy_bp; + (yy_hold_char) = *yy_cp; + (yy_c_buf_p) = yy_cp; +} #ifndef YY_NO_INPUT #ifdef __cplusplus -static int yyinput() + static int yyinput (void) #else -static int input() + static int input (void) #endif - { - int c; - *yy_c_buf_p = yy_hold_char; +{ + int c; + + *(yy_c_buf_p) = (yy_hold_char); - if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) + if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ - if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) /* This was really a NUL. */ - *yy_c_buf_p = '\0'; + *(yy_c_buf_p) = '\0'; else { /* need more input */ - int offset = yy_c_buf_p - yytext_ptr; - ++yy_c_buf_p; + int offset = (yy_c_buf_p) - (yytext_ptr); + ++(yy_c_buf_p); - switch ( yy_get_next_buffer() ) + switch ( yy_get_next_buffer( ) ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() @@ -2013,16 +2075,16 @@ static int input() */ /* Reset buffer status. */ - yyrestart( yyin ); + yyrestart(yyin ); - /* fall through */ + /*FALLTHROUGH*/ case EOB_ACT_END_OF_FILE: { - if ( yywrap() ) + if ( yywrap( ) ) return EOF; - if ( ! yy_did_buffer_switch_on_eof ) + if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); @@ -2032,90 +2094,92 @@ static int input() } case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = yytext_ptr + offset; + (yy_c_buf_p) = (yytext_ptr) + offset; break; } } } - c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ - *yy_c_buf_p = '\0'; /* preserve yytext */ - yy_hold_char = *++yy_c_buf_p; - + c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ + *(yy_c_buf_p) = '\0'; /* preserve yytext */ + (yy_hold_char) = *++(yy_c_buf_p); return c; - } -#endif /* YY_NO_INPUT */ - -#ifdef YY_USE_PROTOS -void yyrestart( FILE *input_file ) -#else -void yyrestart( input_file ) -FILE *input_file; -#endif - { - if ( ! yy_current_buffer ) - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); +} +#endif /* ifndef YY_NO_INPUT */ - yy_init_buffer( yy_current_buffer, input_file ); - yy_load_buffer_state(); +/** Immediately switch to a different input stream. + * @param input_file A readable stream. + * + * @note This function does not reset the start condition to @c INITIAL . + */ + void yyrestart (FILE * input_file ) +{ + + if ( ! YY_CURRENT_BUFFER ){ + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); } + yy_init_buffer(YY_CURRENT_BUFFER,input_file ); + yy_load_buffer_state( ); +} -#ifdef YY_USE_PROTOS -void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) -#else -void yy_switch_to_buffer( new_buffer ) -YY_BUFFER_STATE new_buffer; -#endif - { - if ( yy_current_buffer == new_buffer ) +/** Switch to a different input buffer. + * @param new_buffer The new input buffer. + * + */ + void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) +{ + + /* TODO. We should be able to replace this entire function body + * with + * yypop_buffer_state(); + * yypush_buffer_state(new_buffer); + */ + yyensure_buffer_stack (); + if ( YY_CURRENT_BUFFER == new_buffer ) return; - if ( yy_current_buffer ) + if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ - *yy_c_buf_p = yy_hold_char; - yy_current_buffer->yy_buf_pos = yy_c_buf_p; - yy_current_buffer->yy_n_chars = yy_n_chars; + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } - yy_current_buffer = new_buffer; - yy_load_buffer_state(); + YY_CURRENT_BUFFER_LVALUE = new_buffer; + yy_load_buffer_state( ); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ - yy_did_buffer_switch_on_eof = 1; - } - - -#ifdef YY_USE_PROTOS -void yy_load_buffer_state( void ) -#else -void yy_load_buffer_state() -#endif - { - yy_n_chars = yy_current_buffer->yy_n_chars; - yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; - yyin = yy_current_buffer->yy_input_file; - yy_hold_char = *yy_c_buf_p; - } + (yy_did_buffer_switch_on_eof) = 1; +} +static void yy_load_buffer_state (void) +{ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; + yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; + (yy_hold_char) = *(yy_c_buf_p); +} -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) -#else -YY_BUFFER_STATE yy_create_buffer( file, size ) -FILE *file; -int size; -#endif - { +/** Allocate and initialize an input buffer state. + * @param file A readable stream. + * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. + * + * @return the allocated buffer state. + */ + YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) +{ YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); @@ -2124,75 +2188,75 @@ int size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); + b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - yy_init_buffer( b, file ); + yy_init_buffer(b,file ); return b; - } - +} -#ifdef YY_USE_PROTOS -void yy_delete_buffer( YY_BUFFER_STATE b ) -#else -void yy_delete_buffer( b ) -YY_BUFFER_STATE b; -#endif - { +/** Destroy the buffer. + * @param b a buffer created with yy_create_buffer() + * + */ + void yy_delete_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) return; - if ( b == yy_current_buffer ) - yy_current_buffer = (YY_BUFFER_STATE) 0; + if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ + YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - yy_flex_free( (void *) b->yy_ch_buf ); + yyfree((void *) b->yy_ch_buf ); - yy_flex_free( (void *) b ); - } - - - -#ifdef YY_USE_PROTOS -void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) -#else -void yy_init_buffer( b, file ) -YY_BUFFER_STATE b; -FILE *file; -#endif + yyfree((void *) b ); +} +#ifndef __cplusplus +extern int isatty (int ); +#endif /* __cplusplus */ + +/* Initializes or reinitializes a buffer. + * This function is sometimes called more than once on the same buffer, + * such as during a yyrestart() or at EOF. + */ + static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) - { - yy_flush_buffer( b ); +{ + int oerrno = errno; + + yy_flush_buffer(b ); b->yy_input_file = file; b->yy_fill_buffer = 1; -#if YY_ALWAYS_INTERACTIVE - b->yy_is_interactive = 1; -#else -#if YY_NEVER_INTERACTIVE - b->yy_is_interactive = 0; -#else - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; -#endif -#endif - } - - -#ifdef YY_USE_PROTOS -void yy_flush_buffer( YY_BUFFER_STATE b ) -#else -void yy_flush_buffer( b ) -YY_BUFFER_STATE b; -#endif + /* If b is the current buffer, then yy_init_buffer was _probably_ + * called from yyrestart() or through yy_get_next_buffer. + * In that case, we don't want to reset the lineno or column. + */ + if (b != YY_CURRENT_BUFFER){ + b->yy_bs_lineno = 1; + b->yy_bs_column = 0; + } + + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; + + errno = oerrno; +} - { - if ( ! b ) +/** Discard all buffered characters. On the next scan, YY_INPUT will be called. + * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. + * + */ + void yy_flush_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) return; b->yy_n_chars = 0; @@ -2209,29 +2273,121 @@ YY_BUFFER_STATE b; b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; - if ( b == yy_current_buffer ) - yy_load_buffer_state(); + if ( b == YY_CURRENT_BUFFER ) + yy_load_buffer_state( ); +} + +/** Pushes the new state onto the stack. The new state becomes + * the current state. This function will allocate the stack + * if necessary. + * @param new_buffer The new state. + * + */ +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) +{ + if (new_buffer == NULL) + return; + + yyensure_buffer_stack(); + + /* This block is copied from yy_switch_to_buffer. */ + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + /* Only push if top exists. Otherwise, replace top. */ + if (YY_CURRENT_BUFFER) + (yy_buffer_stack_top)++; + YY_CURRENT_BUFFER_LVALUE = new_buffer; + + /* copied from yy_switch_to_buffer. */ + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; +} + +/** Removes and deletes the top of the stack, if present. + * The next element becomes the new top. + * + */ +void yypop_buffer_state (void) +{ + if (!YY_CURRENT_BUFFER) + return; + + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + if ((yy_buffer_stack_top) > 0) + --(yy_buffer_stack_top); + + if (YY_CURRENT_BUFFER) { + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; } +} +/* Allocates the stack if it does not exist. + * Guarantees space for at least one push. + */ +static void yyensure_buffer_stack (void) +{ + int num_to_alloc; + + if (!(yy_buffer_stack)) { + + /* First allocation is just for 2 elements, since we don't know if this + * scanner will even need a stack. We use 2 instead of 1 to avoid an + * immediate realloc on the next call. + */ + num_to_alloc = 1; + (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc + (num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); + + (yy_buffer_stack_max) = num_to_alloc; + (yy_buffer_stack_top) = 0; + return; + } -#ifndef YY_NO_SCAN_BUFFER -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) -#else -YY_BUFFER_STATE yy_scan_buffer( base, size ) -char *base; -yy_size_t size; -#endif - { - YY_BUFFER_STATE b; + if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ + /* Increase the buffer to prepare for a possible push. */ + int grow_size = 8 /* arbitrary grow size */; + + num_to_alloc = (yy_buffer_stack_max) + grow_size; + (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc + ((yy_buffer_stack), + num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + /* zero only the new slots.*/ + memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); + (yy_buffer_stack_max) = num_to_alloc; + } +} + +/** Setup the input buffer state to scan directly from a user-specified character buffer. + * @param base the character buffer + * @param size the size in bytes of the character buffer + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) +{ + YY_BUFFER_STATE b; + if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); @@ -2245,56 +2401,51 @@ yy_size_t size; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - yy_switch_to_buffer( b ); + yy_switch_to_buffer(b ); return b; - } -#endif - - -#ifndef YY_NO_SCAN_STRING -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) -#else -YY_BUFFER_STATE yy_scan_string( yy_str ) -yyconst char *yy_str; -#endif - { - int len; - for ( len = 0; yy_str[len]; ++len ) - ; - - return yy_scan_bytes( yy_str, len ); - } -#endif +} +/** Setup the input buffer state to scan a string. The next call to yylex() will + * scan from a @e copy of @a str. + * @param yystr a NUL-terminated string to scan + * + * @return the newly allocated buffer state object. + * @note If you want to scan bytes that may contain NUL values, then use + * yy_scan_bytes() instead. + */ +YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) +{ + + return yy_scan_bytes(yystr,strlen(yystr) ); +} -#ifndef YY_NO_SCAN_BYTES -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) -#else -YY_BUFFER_STATE yy_scan_bytes( bytes, len ) -yyconst char *bytes; -int len; -#endif - { +/** Setup the input buffer state to scan the given bytes. The next call to yylex() will + * scan from a @e copy of @a bytes. + * @param bytes the byte buffer to scan + * @param len the number of bytes in the buffer pointed to by @a bytes. + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) +{ YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; - + /* Get memory for full buffer, including space for trailing EOB's. */ - n = len + 2; - buf = (char *) yy_flex_alloc( n ); + n = _yybytes_len + 2; + buf = (char *) yyalloc(n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - for ( i = 0; i < len; ++i ) - buf[i] = bytes[i]; + for ( i = 0; i < _yybytes_len; ++i ) + buf[i] = yybytes[i]; - buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; + buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; - b = yy_scan_buffer( buf, n ); + b = yy_scan_buffer(buf,n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); @@ -2304,148 +2455,196 @@ int len; b->yy_is_our_buffer = 1; return b; - } +} + +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 #endif +static void yy_fatal_error (yyconst char* msg ) +{ + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); +} + +/* Redefine yyless() so it works in section 3 code. */ -#ifndef YY_NO_PUSH_STATE -#ifdef YY_USE_PROTOS -static void yy_push_state( int new_state ) -#else -static void yy_push_state( new_state ) -int new_state; -#endif - { - if ( yy_start_stack_ptr >= yy_start_stack_depth ) - { - yy_size_t new_size; +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + yytext[yyleng] = (yy_hold_char); \ + (yy_c_buf_p) = yytext + yyless_macro_arg; \ + (yy_hold_char) = *(yy_c_buf_p); \ + *(yy_c_buf_p) = '\0'; \ + yyleng = yyless_macro_arg; \ + } \ + while ( 0 ) - yy_start_stack_depth += YY_START_STACK_INCR; - new_size = yy_start_stack_depth * sizeof( int ); +/* Accessor methods (get/set functions) to struct members. */ - if ( ! yy_start_stack ) - yy_start_stack = (int *) yy_flex_alloc( new_size ); +/** Get the current line number. + * + */ +int yyget_lineno (void) +{ + + return yylineno; +} - else - yy_start_stack = (int *) yy_flex_realloc( - (void *) yy_start_stack, new_size ); +/** Get the input stream. + * + */ +FILE *yyget_in (void) +{ + return yyin; +} - if ( ! yy_start_stack ) - YY_FATAL_ERROR( - "out of memory expanding start-condition stack" ); - } +/** Get the output stream. + * + */ +FILE *yyget_out (void) +{ + return yyout; +} - yy_start_stack[yy_start_stack_ptr++] = YY_START; +/** Get the length of the current token. + * + */ +int yyget_leng (void) +{ + return yyleng; +} - BEGIN(new_state); - } -#endif +/** Get the current token. + * + */ +char *yyget_text (void) +{ + return yytext; +} -#ifndef YY_NO_POP_STATE -static void yy_pop_state() - { - if ( --yy_start_stack_ptr < 0 ) - YY_FATAL_ERROR( "start-condition stack underflow" ); +/** Set the current line number. + * @param line_number + * + */ +void yyset_lineno (int line_number ) +{ + + yylineno = line_number; +} - BEGIN(yy_start_stack[yy_start_stack_ptr]); - } -#endif +/** Set the input stream. This does not discard the current + * input buffer. + * @param in_str A readable stream. + * + * @see yy_switch_to_buffer + */ +void yyset_in (FILE * in_str ) +{ + yyin = in_str ; +} +void yyset_out (FILE * out_str ) +{ + yyout = out_str ; +} -#ifndef YY_NO_TOP_STATE -static int yy_top_state() - { - return yy_start_stack[yy_start_stack_ptr - 1]; - } -#endif +int yyget_debug (void) +{ + return yy_flex_debug; +} -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif +void yyset_debug (int bdebug ) +{ + yy_flex_debug = bdebug ; +} -#ifdef YY_USE_PROTOS -static void yy_fatal_error( yyconst char msg[] ) +static int yy_init_globals (void) +{ + /* Initialization is the same as for the non-reentrant scanner. + * This function is called from yylex_destroy(), so don't allocate here. + */ + + (yy_buffer_stack) = 0; + (yy_buffer_stack_top) = 0; + (yy_buffer_stack_max) = 0; + (yy_c_buf_p) = (char *) 0; + (yy_init) = 0; + (yy_start) = 0; + +/* Defined in main.c */ +#ifdef YY_STDINIT + yyin = stdin; + yyout = stdout; #else -static void yy_fatal_error( msg ) -char msg[]; + yyin = (FILE *) 0; + yyout = (FILE *) 0; #endif - { - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); - } + /* For future reference: Set errno on error, since we are called by + * yylex_init() + */ + return 0; +} +/* yylex_destroy is for both reentrant and non-reentrant scanners. */ +int yylex_destroy (void) +{ + + /* Pop the buffer stack, destroying each element. */ + while(YY_CURRENT_BUFFER){ + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + yypop_buffer_state(); + } -/* Redefine yyless() so it works in section 3 code. */ + /* Destroy the stack itself. */ + yyfree((yy_buffer_stack) ); + (yy_buffer_stack) = NULL; -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - yytext[yyleng] = yy_hold_char; \ - yy_c_buf_p = yytext + n; \ - yy_hold_char = *yy_c_buf_p; \ - *yy_c_buf_p = '\0'; \ - yyleng = n; \ - } \ - while ( 0 ) + /* Reset the globals. This is important in a non-reentrant scanner so the next time + * yylex() is called, initialization will occur. */ + yy_init_globals( ); + return 0; +} -/* Internal utility routines. */ +/* + * Internal utility routines. + */ #ifndef yytext_ptr -#ifdef YY_USE_PROTOS -static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) -#else -static void yy_flex_strncpy( s1, s2, n ) -char *s1; -yyconst char *s2; -int n; -#endif - { +static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) +{ register int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; - } +} #endif #ifdef YY_NEED_STRLEN -#ifdef YY_USE_PROTOS -static int yy_flex_strlen( yyconst char *s ) -#else -static int yy_flex_strlen( s ) -yyconst char *s; -#endif - { +static int yy_flex_strlen (yyconst char * s ) +{ register int n; for ( n = 0; s[n]; ++n ) ; return n; - } +} #endif - -#ifdef YY_USE_PROTOS -static void *yy_flex_alloc( yy_size_t size ) -#else -static void *yy_flex_alloc( size ) -yy_size_t size; -#endif - { +void *yyalloc (yy_size_t size ) +{ return (void *) malloc( size ); - } +} -#ifdef YY_USE_PROTOS -static void *yy_flex_realloc( void *ptr, yy_size_t size ) -#else -static void *yy_flex_realloc( ptr, size ) -void *ptr; -yy_size_t size; -#endif - { +void *yyrealloc (void * ptr, yy_size_t size ) +{ /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -2454,28 +2653,19 @@ yy_size_t size; * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); - } +} -#ifdef YY_USE_PROTOS -static void yy_flex_free( void *ptr ) -#else -static void yy_flex_free( ptr ) -void *ptr; -#endif - { - free( ptr ); - } +void yyfree (void * ptr ) +{ + free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ +} + +#define YYTABLES_NAME "yytables" -#if YY_MAIN -int main() - { - yylex(); - return 0; - } -#endif #line 274 "lex.l" + #ifndef yywrap /* XXX */ int yywrap () @@ -2501,3 +2691,4 @@ unterminated(const char *type, unsigned start_lineno) { error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); } + -- cgit From 2ffd009a74f0c5b1705e29b8cda99b16378b8f46 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 10 Jan 2007 11:43:50 +0000 Subject: r20648: Closer to a build... Add missing header file. (This used to be commit a4051a2d6537a536266ce7562cd6b833528dd263) --- source4/heimdal/lib/hx509/hx509-private.h | 434 ++++++++++++++++++++++++++++++ 1 file changed, 434 insertions(+) create mode 100644 source4/heimdal/lib/hx509/hx509-private.h (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/hx509/hx509-private.h b/source4/heimdal/lib/hx509/hx509-private.h new file mode 100644 index 0000000000..2db3f4f932 --- /dev/null +++ b/source4/heimdal/lib/hx509/hx509-private.h @@ -0,0 +1,434 @@ +/* This is a generated file */ +#ifndef __hx509_private_h__ +#define __hx509_private_h__ + +#include + +int +_hx509_Certificate_cmp ( + const Certificate */*p*/, + const Certificate */*q*/); + +int +_hx509_Name_to_string ( + const Name */*n*/, + char **/*str*/); + +time_t +_hx509_Time2time_t (const Time */*t*/); + +void +_hx509_abort ( + const char */*fmt*/, + ...); + +int +_hx509_calculate_path ( + hx509_context /*context*/, + int /*flags*/, + time_t /*time_now*/, + hx509_certs /*anchors*/, + unsigned int /*max_depth*/, + hx509_cert /*cert*/, + hx509_certs /*pool*/, + hx509_path */*path*/); + +int +_hx509_cert_assign_key ( + hx509_cert /*cert*/, + hx509_private_key /*private_key*/); + +int +_hx509_cert_get_keyusage ( + hx509_context /*context*/, + hx509_cert /*c*/, + KeyUsage */*ku*/); + +int +_hx509_cert_get_version (const Certificate */*t*/); + +int +_hx509_cert_is_parent_cmp ( + const Certificate */*subject*/, + const Certificate */*issuer*/, + int /*allow_self_signed*/); + +int +_hx509_cert_private_decrypt ( + hx509_context /*context*/, + const heim_octet_string */*ciphertext*/, + const heim_oid */*encryption_oid*/, + hx509_cert /*p*/, + heim_octet_string */*cleartext*/); + +hx509_private_key +_hx509_cert_private_key (hx509_cert /*p*/); + +int +_hx509_cert_private_key_exportable (hx509_cert /*p*/); + +int +_hx509_cert_public_encrypt ( + hx509_context /*context*/, + const heim_octet_string */*cleartext*/, + const hx509_cert /*p*/, + heim_oid */*encryption_oid*/, + heim_octet_string */*ciphertext*/); + +void +_hx509_cert_set_release ( + hx509_cert /*cert*/, + _hx509_cert_release_func /*release*/, + void */*ctx*/); + +int +_hx509_certs_keys_add ( + hx509_context /*context*/, + hx509_certs /*certs*/, + hx509_private_key /*key*/); + +void +_hx509_certs_keys_free ( + hx509_context /*context*/, + hx509_private_key */*keys*/); + +int +_hx509_certs_keys_get ( + hx509_context /*context*/, + hx509_certs /*certs*/, + hx509_private_key **/*keys*/); + +int +_hx509_check_key_usage ( + hx509_context /*context*/, + hx509_cert /*cert*/, + unsigned /*flags*/, + int /*req_present*/); + +struct hx509_collector * +_hx509_collector_alloc ( + hx509_context /*context*/, + hx509_lock /*lock*/); + +int +_hx509_collector_certs_add ( + hx509_context /*context*/, + struct hx509_collector */*c*/, + hx509_cert /*cert*/); + +int +_hx509_collector_collect_certs ( + hx509_context /*context*/, + struct hx509_collector */*c*/, + hx509_certs */*ret_certs*/); + +int +_hx509_collector_collect_private_keys ( + hx509_context /*context*/, + struct hx509_collector */*c*/, + hx509_private_key **/*keys*/); + +void +_hx509_collector_free (struct hx509_collector */*c*/); + +hx509_lock +_hx509_collector_get_lock (struct hx509_collector */*c*/); + +int +_hx509_collector_private_key_add ( + hx509_context /*context*/, + struct hx509_collector */*c*/, + const AlgorithmIdentifier */*alg*/, + hx509_private_key /*private_key*/, + const heim_octet_string */*key_data*/, + const heim_octet_string */*localKeyId*/); + +int +_hx509_create_signature ( + hx509_context /*context*/, + const hx509_private_key /*signer*/, + const AlgorithmIdentifier */*alg*/, + const heim_octet_string */*data*/, + AlgorithmIdentifier */*signatureAlgorithm*/, + heim_octet_string */*sig*/); + +int +_hx509_create_signature_bitstring ( + hx509_context /*context*/, + const hx509_private_key /*signer*/, + const AlgorithmIdentifier */*alg*/, + const heim_octet_string */*data*/, + AlgorithmIdentifier */*signatureAlgorithm*/, + heim_bit_string */*sig*/); + +int +_hx509_find_extension_subject_key_id ( + const Certificate */*issuer*/, + SubjectKeyIdentifier */*si*/); + +int +_hx509_generate_private_key ( + hx509_context /*context*/, + const heim_oid */*key_oid*/, + hx509_private_key */*private_key*/); + +Certificate * +_hx509_get_cert (hx509_cert /*cert*/); + +void +_hx509_ks_dir_register (hx509_context /*context*/); + +void +_hx509_ks_file_register (hx509_context /*context*/); + +void +_hx509_ks_mem_register (hx509_context /*context*/); + +void +_hx509_ks_pkcs11_register (hx509_context /*context*/); + +void +_hx509_ks_pkcs12_register (hx509_context /*context*/); + +void +_hx509_ks_register ( + hx509_context /*context*/, + struct hx509_keyset_ops */*ops*/); + +int +_hx509_lock_find_cert ( + hx509_lock /*lock*/, + const hx509_query */*q*/, + hx509_cert */*c*/); + +const struct _hx509_password * +_hx509_lock_get_passwords (hx509_lock /*lock*/); + +hx509_certs +_hx509_lock_unlock_certs (hx509_lock /*lock*/); + +int +_hx509_map_file ( + const char */*fn*/, + void **/*data*/, + size_t */*length*/, + struct stat */*rsb*/); + +int +_hx509_match_keys ( + hx509_cert /*c*/, + hx509_private_key /*private_key*/); + +int +_hx509_name_cmp ( + const Name */*n1*/, + const Name */*n2*/); + +int +_hx509_name_ds_cmp ( + const DirectoryString */*ds1*/, + const DirectoryString */*ds2*/); + +int +_hx509_name_from_Name ( + const Name */*n*/, + hx509_name */*name*/); + +int +_hx509_name_modify ( + hx509_context /*context*/, + Name */*name*/, + int /*append*/, + const heim_oid */*oid*/, + const char */*str*/); + +int +_hx509_parse_private_key ( + hx509_context /*context*/, + const heim_oid */*key_oid*/, + const void */*data*/, + size_t /*len*/, + hx509_private_key */*private_key*/); + +int +_hx509_path_append ( + hx509_context /*context*/, + hx509_path */*path*/, + hx509_cert /*cert*/); + +void +_hx509_path_free (hx509_path */*path*/); + +int +_hx509_pbe_decrypt ( + hx509_context /*context*/, + hx509_lock /*lock*/, + const AlgorithmIdentifier */*ai*/, + const heim_octet_string */*econtent*/, + heim_octet_string */*content*/); + +void +_hx509_pi_printf ( + int (*/*func*/)(void *, char *), + void */*ctx*/, + char */*fmt*/, + ...); + +int +_hx509_private_key2SPKI ( + hx509_context /*context*/, + hx509_private_key /*private_key*/, + SubjectPublicKeyInfo */*spki*/); + +void +_hx509_private_key_assign_rsa ( + hx509_private_key /*key*/, + void */*ptr*/); + +int +_hx509_private_key_export ( + hx509_context /*context*/, + const hx509_private_key /*key*/, + heim_octet_string */*data*/); + +int +_hx509_private_key_exportable (hx509_private_key /*key*/); + +int +_hx509_private_key_free (hx509_private_key */*key*/); + +int +_hx509_private_key_init ( + hx509_private_key */*key*/, + hx509_private_key_ops */*ops*/, + void */*keydata*/); + +int +_hx509_private_key_oid ( + hx509_context /*context*/, + const hx509_private_key /*key*/, + heim_oid */*data*/); + +int +_hx509_private_key_private_decrypt ( + hx509_context /*context*/, + const heim_octet_string */*ciphertext*/, + const heim_oid */*encryption_oid*/, + hx509_private_key /*p*/, + heim_octet_string */*cleartext*/); + +hx509_private_key +_hx509_private_key_ref (hx509_private_key /*key*/); + +const char * +_hx509_private_pem_name (hx509_private_key /*key*/); + +int +_hx509_public_encrypt ( + hx509_context /*context*/, + const heim_octet_string */*cleartext*/, + const Certificate */*cert*/, + heim_oid */*encryption_oid*/, + heim_octet_string */*ciphertext*/); + +void +_hx509_query_clear (hx509_query */*q*/); + +int +_hx509_query_match_cert ( + hx509_context /*context*/, + const hx509_query */*q*/, + hx509_cert /*cert*/); + +int +_hx509_request_add_dns_name ( + hx509_context /*context*/, + hx509_request /*req*/, + const char */*hostname*/); + +int +_hx509_request_add_eku ( + hx509_context /*context*/, + hx509_request /*req*/, + const heim_oid */*oid*/); + +int +_hx509_request_add_email ( + hx509_context /*context*/, + hx509_request /*req*/, + const char */*email*/); + +void +_hx509_request_free (hx509_request */*req*/); + +int +_hx509_request_init ( + hx509_context /*context*/, + hx509_request */*req*/); + +int +_hx509_request_set_SubjectPublicKeyInfo ( + hx509_context /*context*/, + hx509_request /*req*/, + const SubjectPublicKeyInfo */*key*/); + +int +_hx509_request_set_name ( + hx509_context /*context*/, + hx509_request /*req*/, + hx509_name /*name*/); + +int +_hx509_request_to_pkcs10 ( + hx509_context /*context*/, + const hx509_request /*req*/, + const hx509_private_key /*signer*/, + heim_octet_string */*request*/); + +int +_hx509_set_cert_attribute ( + hx509_context /*context*/, + hx509_cert /*cert*/, + const heim_oid */*oid*/, + const heim_octet_string */*attr*/); + +int +_hx509_set_digest_alg ( + DigestAlgorithmIdentifier */*id*/, + const heim_oid */*oid*/, + void */*param*/, + size_t /*length*/); + +void +_hx509_unmap_file ( + void */*data*/, + size_t /*len*/); + +int +_hx509_unparse_Name ( + const Name */*aname*/, + char **/*str*/); + +int +_hx509_verify_signature ( + hx509_context /*context*/, + const Certificate */*signer*/, + const AlgorithmIdentifier */*alg*/, + const heim_octet_string */*data*/, + const heim_octet_string */*sig*/); + +int +_hx509_verify_signature_bitstring ( + hx509_context /*context*/, + const Certificate */*signer*/, + const AlgorithmIdentifier */*alg*/, + const heim_octet_string */*data*/, + const heim_bit_string */*sig*/); + +int +_hx509_write_file ( + const char */*fn*/, + const void */*data*/, + size_t /*length*/); + +#endif /* __hx509_private_h__ */ -- cgit From 1c211a2e43db46c649a963ec883481cc4321870a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 10 Jan 2007 11:50:33 +0000 Subject: r20650: revert a bunch of code I didn't mean to commit yet (This used to be commit b3e2d4908781781a487eaeb683d22eb967e5597d) --- source4/heimdal/lib/asn1/lex.c | 1365 +++++++++++++++++----------------------- 1 file changed, 587 insertions(+), 778 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index fb9a081244..10b4d65a7e 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -1,94 +1,32 @@ -#include "config.h" +/* A lexical scanner generated by flex*/ -#line 3 "lex.yy.c" - -#define YY_INT_ALIGNED short int - -/* A lexical scanner generated by flex */ +/* Scanner skeleton version: + * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ + */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 33 -#if YY_FLEX_SUBMINOR_VERSION > 0 -#define FLEX_BETA -#endif -/* First, we deal with platform-specific or compiler-specific issues. */ - -/* begin standard C headers. */ #include -#include -#include -#include - -/* end standard C headers. */ - -/* flex integer type definitions */ - -#ifndef FLEXINT_H -#define FLEXINT_H - -/* C99 systems have . Non-C99 systems may or may not. */ - -#if __STDC_VERSION__ >= 199901L - -/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, - * if you want the limit (max/min) macros for int types. - */ -#ifndef __STDC_LIMIT_MACROS -#define __STDC_LIMIT_MACROS 1 -#endif +#include -#include -typedef int8_t flex_int8_t; -typedef uint8_t flex_uint8_t; -typedef int16_t flex_int16_t; -typedef uint16_t flex_uint16_t; -typedef int32_t flex_int32_t; -typedef uint32_t flex_uint32_t; -#else -typedef signed char flex_int8_t; -typedef short int flex_int16_t; -typedef int flex_int32_t; -typedef unsigned char flex_uint8_t; -typedef unsigned short int flex_uint16_t; -typedef unsigned int flex_uint32_t; -#endif /* ! C99 */ -/* Limits of integral types. */ -#ifndef INT8_MIN -#define INT8_MIN (-128) -#endif -#ifndef INT16_MIN -#define INT16_MIN (-32767-1) -#endif -#ifndef INT32_MIN -#define INT32_MIN (-2147483647-1) -#endif -#ifndef INT8_MAX -#define INT8_MAX (127) -#endif -#ifndef INT16_MAX -#define INT16_MAX (32767) -#endif -#ifndef INT32_MAX -#define INT32_MAX (2147483647) -#endif -#ifndef UINT8_MAX -#define UINT8_MAX (255U) -#endif -#ifndef UINT16_MAX -#define UINT16_MAX (65535U) +/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ +#ifdef c_plusplus +#ifndef __cplusplus +#define __cplusplus #endif -#ifndef UINT32_MAX -#define UINT32_MAX (4294967295U) #endif -#endif /* ! FLEXINT_H */ #ifdef __cplusplus +#include + +/* Use prototypes in function declarations. */ +#define YY_USE_PROTOS + /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST @@ -96,17 +34,34 @@ typedef unsigned int flex_uint32_t; #if __STDC__ +#define YY_USE_PROTOS #define YY_USE_CONST #endif /* __STDC__ */ #endif /* ! __cplusplus */ +#ifdef __TURBOC__ + #pragma warn -rch + #pragma warn -use +#include +#include +#define YY_USE_CONST +#define YY_USE_PROTOS +#endif + #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif + +#ifdef YY_USE_PROTOS +#define YY_PROTO(proto) proto +#else +#define YY_PROTO(proto) () +#endif + /* Returned upon end-of-file. */ #define YY_NULL 0 @@ -121,75 +76,80 @@ typedef unsigned int flex_uint32_t; * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ -#define BEGIN (yy_start) = 1 + 2 * +#define BEGIN yy_start = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ -#define YY_START (((yy_start) - 1) / 2) +#define YY_START ((yy_start - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart(yyin ) +#define YY_NEW_FILE yyrestart( yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ -#ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 -#endif -/* The state buf must be large enough to hold one state per character in the main buffer. - */ -#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) - -#ifndef YY_TYPEDEF_YY_BUFFER_STATE -#define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; -#endif extern int yyleng; - extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 - #define YY_LESS_LINENO(n) - -/* Return all but the first "n" matched characters back to the input stream. */ +/* The funky do-while in the following #define is used to turn the definition + * int a single C statement (which needs a semi-colon terminator). This + * avoids problems with code like: + * + * if ( condition_holds ) + * yyless( 5 ); + * else + * do_something_else(); + * + * Prior to using the do-while the compiler would get upset at the + * "else" because it interpreted the "if" statement as being all + * done when it reached the ';' after the yyless() call. + */ + +/* Return all but the first 'n' matched characters back to the input stream. */ + #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - *yy_cp = (yy_hold_char); \ + *yy_cp = yy_hold_char; \ YY_RESTORE_YY_MORE_OFFSET \ - (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ + yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) -#define unput(c) yyunput( c, (yytext_ptr) ) +#define unput(c) yyunput( c, yytext_ptr ) + +/* Some routines like yy_flex_realloc() are emitted as static but are + not called by all lexers. This generates warnings in some compilers, + notably GCC. Arrange to suppress these. */ +#ifdef __GNUC__ +#define YY_MAY_BE_UNUSED __attribute__((unused)) +#else +#define YY_MAY_BE_UNUSED +#endif /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). */ - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T typedef unsigned int yy_size_t; -#endif -#ifndef YY_STRUCT_YY_BUFFER_STATE -#define YY_STRUCT_YY_BUFFER_STATE + struct yy_buffer_state { FILE *yy_input_file; @@ -226,16 +186,12 @@ struct yy_buffer_state */ int yy_at_bol; - int yy_bs_lineno; /**< The line count. */ - int yy_bs_column; /**< The column count. */ - /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; - #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process @@ -249,38 +205,28 @@ struct yy_buffer_state * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 - }; -#endif /* !YY_STRUCT_YY_BUFFER_STATE */ -/* Stack of input buffers. */ -static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ -static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ -static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ +static YY_BUFFER_STATE yy_current_buffer = 0; /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". - * - * Returns the top of the stack, or NULL. */ -#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ - ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ - : NULL) +#define YY_CURRENT_BUFFER yy_current_buffer -/* Same as previous macro, but useful when we know that the buffer stack is not - * NULL or when we need an lvalue. For internal use only. - */ -#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; + static int yy_n_chars; /* number of characters read into yy_ch_buf */ + + int yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; -static int yy_init = 0; /* whether we need to initialize */ +static int yy_init = 1; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ /* Flag which is used to allow yywrap()'s to do buffer switches @@ -288,92 +234,66 @@ static int yy_start = 0; /* start state number */ */ static int yy_did_buffer_switch_on_eof; -void yyrestart (FILE *input_file ); -void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); -YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); -void yy_delete_buffer (YY_BUFFER_STATE b ); -void yy_flush_buffer (YY_BUFFER_STATE b ); -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); -void yypop_buffer_state (void ); - -static void yyensure_buffer_stack (void ); -static void yy_load_buffer_state (void ); -static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); +void yyrestart YY_PROTO(( FILE *input_file )); -#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) +void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); +void yy_load_buffer_state YY_PROTO(( void )); +YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); +void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); +void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); +void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); +#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) -YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); -YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); +YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); +YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); +YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); -void *yyalloc (yy_size_t ); -void *yyrealloc (void *,yy_size_t ); -void yyfree (void * ); +static void *yy_flex_alloc YY_PROTO(( yy_size_t )); +static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )) YY_MAY_BE_UNUSED; +static void yy_flex_free YY_PROTO(( void * )); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ - if ( ! YY_CURRENT_BUFFER ){ \ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ - if ( ! YY_CURRENT_BUFFER ){\ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_at_bol = at_bol; \ } -#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) - -/* Begin user sect3 */ +#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) typedef unsigned char YY_CHAR; - FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; - typedef int yy_state_type; - -extern int yylineno; - -int yylineno = 1; - extern char *yytext; #define yytext_ptr yytext -static yy_state_type yy_get_previous_state (void ); -static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); -static int yy_get_next_buffer (void ); -static void yy_fatal_error (yyconst char msg[] ); +static yy_state_type yy_get_previous_state YY_PROTO(( void )); +static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); +static int yy_get_next_buffer YY_PROTO(( void )); +static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ - (yytext_ptr) = yy_bp; \ - yyleng = (size_t) (yy_cp - yy_bp); \ - (yy_hold_char) = *yy_cp; \ + yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yy_hold_char = *yy_cp; \ *yy_cp = '\0'; \ - (yy_c_buf_p) = yy_cp; + yy_c_buf_p = yy_cp; #define YY_NUM_RULES 95 #define YY_END_OF_BUFFER 96 -/* This struct is not used in this scanner, - but its presence is necessary. */ -struct yy_trans_info - { - flex_int32_t yy_verify; - flex_int32_t yy_nxt; - }; -static yyconst flex_int16_t yy_accept[568] = +static yyconst short int yy_accept[568] = { 0, 0, 0, 96, 94, 90, 91, 87, 81, 81, 94, 94, 88, 88, 94, 89, 89, 89, 89, 89, 89, @@ -439,7 +359,7 @@ static yyconst flex_int16_t yy_accept[568] = 32, 89, 59, 70, 77, 53, 0 } ; -static yyconst flex_int32_t yy_ec[256] = +static yyconst int yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -471,7 +391,7 @@ static yyconst flex_int32_t yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst flex_int32_t yy_meta[70] = +static yyconst int yy_meta[70] = { 0, 1, 1, 1, 1, 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, 3, 3, 1, 1, 3, 3, @@ -482,7 +402,7 @@ static yyconst flex_int32_t yy_meta[70] = 2, 2, 2, 2, 2, 2, 2, 2, 2 } ; -static yyconst flex_int16_t yy_base[570] = +static yyconst short int yy_base[570] = { 0, 0, 0, 636, 637, 637, 637, 637, 637, 63, 627, 628, 70, 77, 616, 74, 72, 76, 609, 65, 81, @@ -548,7 +468,7 @@ static yyconst flex_int16_t yy_base[570] = 0, 101, 0, 0, 0, 0, 637, 223, 69 } ; -static yyconst flex_int16_t yy_def[570] = +static yyconst short int yy_def[570] = { 0, 567, 1, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 568, 568, 568, 568, 568, 568, @@ -614,7 +534,7 @@ static yyconst flex_int16_t yy_def[570] = 568, 568, 568, 568, 568, 568, 0, 567, 567 } ; -static yyconst flex_int16_t yy_nxt[707] = +static yyconst short int yy_nxt[707] = { 0, 4, 5, 6, 7, 8, 4, 9, 10, 11, 12, 13, 13, 13, 13, 13, 13, 14, 4, 15, 16, @@ -696,7 +616,7 @@ static yyconst flex_int16_t yy_nxt[707] = 567, 567, 567, 567, 567, 567 } ; -static yyconst flex_int16_t yy_chk[707] = +static yyconst short int yy_chk[707] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -781,9 +701,6 @@ static yyconst flex_int16_t yy_chk[707] = static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; -extern int yy_flex_debug; -int yy_flex_debug = 0; - /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ @@ -793,6 +710,7 @@ int yy_flex_debug = 0; #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "lex.l" +#define INITIAL 0 #line 2 "lex.l" /* * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan @@ -852,23 +770,7 @@ static unsigned lineno = 1; static void unterminated(const char *, unsigned); /* This is for broken old lexes (solaris 10 and hpux) */ -#line 855 "lex.yy.c" - -#define INITIAL 0 - -#ifndef YY_NO_UNISTD_H -/* Special case for "unistd.h", since it is non-ANSI. We include it way - * down here because we want the user's section 1 to have been scanned first. - * The user has a chance to override it with an option. - */ -#include -#endif - -#ifndef YY_EXTRA_TYPE -#define YY_EXTRA_TYPE void * -#endif - -static int yy_init_globals (void ); +#line 774 "lex.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -876,30 +778,65 @@ static int yy_init_globals (void ); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int yywrap (void ); +extern "C" int yywrap YY_PROTO(( void )); #else -extern int yywrap (void ); +extern int yywrap YY_PROTO(( void )); #endif #endif - static void yyunput (int c,char *buf_ptr ); - +#ifndef YY_NO_UNPUT +static void yyunput YY_PROTO(( int c, char *buf_ptr )); +#endif + #ifndef yytext_ptr -static void yy_flex_strncpy (char *,yyconst char *,int ); +static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * ); +static int yy_flex_strlen YY_PROTO(( yyconst char * )); #endif #ifndef YY_NO_INPUT - #ifdef __cplusplus -static int yyinput (void ); +static int yyinput YY_PROTO(( void )); +#else +static int input YY_PROTO(( void )); +#endif +#endif + +#if YY_STACK_USED +static int yy_start_stack_ptr = 0; +static int yy_start_stack_depth = 0; +static int *yy_start_stack = 0; +#ifndef YY_NO_PUSH_STATE +static void yy_push_state YY_PROTO(( int new_state )); +#endif +#ifndef YY_NO_POP_STATE +static void yy_pop_state YY_PROTO(( void )); +#endif +#ifndef YY_NO_TOP_STATE +static int yy_top_state YY_PROTO(( void )); +#endif + #else -static int input (void ); +#define YY_NO_PUSH_STATE 1 +#define YY_NO_POP_STATE 1 +#define YY_NO_TOP_STATE 1 #endif +#ifdef YY_MALLOC_DECL +YY_MALLOC_DECL +#else +#if __STDC__ +#ifndef __cplusplus +#include +#endif +#else +/* Just try to get by without declaring the routines. This will fail + * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) + * or sizeof(void*) != sizeof(int). + */ +#endif #endif /* Amount of stuff to slurp up with each read. */ @@ -908,6 +845,7 @@ static int input (void ); #endif /* Copy whatever the last rule matched to the standard output. */ + #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). @@ -920,10 +858,9 @@ static int input (void ); */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + if ( yy_current_buffer->yy_is_interactive ) \ { \ - int c = '*'; \ - size_t n; \ + int c = '*', n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -933,22 +870,9 @@ static int input (void ); YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ - else \ - { \ - errno=0; \ - while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ - { \ - if( errno != EINTR) \ - { \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - break; \ - } \ - errno=0; \ - clearerr(yyin); \ - } \ - }\ -\ - + else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ + && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - @@ -969,18 +893,12 @@ static int input (void ); #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif -/* end tables serialization structures and prototypes */ - /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL -#define YY_DECL_IS_OURS 1 - -extern int yylex (void); - -#define YY_DECL int yylex (void) -#endif /* !YY_DECL */ +#define YY_DECL int yylex YY_PROTO(( void )) +#endif /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. @@ -997,28 +915,26 @@ extern int yylex (void); #define YY_RULE_SETUP \ YY_USER_ACTION -/** The main scanner function which does all the work. - */ YY_DECL -{ + { register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; + register char *yy_cp = NULL, *yy_bp = NULL; register int yy_act; - + #line 68 "lex.l" -#line 1010 "lex.yy.c" +#line 927 "lex.c" - if ( !(yy_init) ) + if ( yy_init ) { - (yy_init) = 1; + yy_init = 0; #ifdef YY_USER_INIT YY_USER_INIT; #endif - if ( ! (yy_start) ) - (yy_start) = 1; /* first start state */ + if ( ! yy_start ) + yy_start = 1; /* first start state */ if ( ! yyin ) yyin = stdin; @@ -1026,36 +942,34 @@ YY_DECL if ( ! yyout ) yyout = stdout; - if ( ! YY_CURRENT_BUFFER ) { - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); - } + if ( ! yy_current_buffer ) + yy_current_buffer = + yy_create_buffer( yyin, YY_BUF_SIZE ); - yy_load_buffer_state( ); + yy_load_buffer_state(); } while ( 1 ) /* loops until end-of-file is reached */ { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; /* Support of yytext. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; - yy_current_state = (yy_start); + yy_current_state = yy_start; yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1072,22 +986,24 @@ yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; + do_action: /* This label is used only to access EOF actions. */ + switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = (yy_hold_char); - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); + *yy_cp = yy_hold_char; + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; goto yy_find_action; case 1: @@ -1651,7 +1567,6 @@ YY_RULE_SETUP ; YY_BREAK case 91: -/* rule 91 can match eol */ YY_RULE_SETUP #line 270 "lex.l" { ++lineno; } @@ -1676,33 +1591,33 @@ YY_RULE_SETUP #line 274 "lex.l" ECHO; YY_BREAK -#line 1679 "lex.yy.c" +#line 1595 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; + int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; YY_RESTORE_YY_MORE_OFFSET - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure - * consistency between YY_CURRENT_BUFFER and our + * consistency between yy_current_buffer and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; + yy_n_chars = yy_current_buffer->yy_n_chars; + yy_current_buffer->yy_input_file = yyin; + yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position @@ -1712,13 +1627,13 @@ case YY_STATE_EOF(INITIAL): * end-of-buffer state). Contrast this with the test * in input(). */ - if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) { /* This was really a NUL. */ yy_state_type yy_next_state; - (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); /* Okay, we're now positioned to make the NUL * transition. We couldn't have @@ -1731,30 +1646,30 @@ case YY_STATE_EOF(INITIAL): yy_next_state = yy_try_NUL_trans( yy_current_state ); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_bp = yytext_ptr + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ - yy_cp = ++(yy_c_buf_p); + yy_cp = ++yy_c_buf_p; yy_current_state = yy_next_state; goto yy_match; } else { - yy_cp = (yy_c_buf_p); + yy_cp = yy_c_buf_p; goto yy_find_action; } } - else switch ( yy_get_next_buffer( ) ) + else switch ( yy_get_next_buffer() ) { case EOB_ACT_END_OF_FILE: { - (yy_did_buffer_switch_on_eof) = 0; + yy_did_buffer_switch_on_eof = 0; - if ( yywrap( ) ) + if ( yywrap() ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -1765,7 +1680,7 @@ case YY_STATE_EOF(INITIAL): * YY_NULL, it'll still work - another * YY_NULL will get returned. */ - (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; + yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; @@ -1773,30 +1688,30 @@ case YY_STATE_EOF(INITIAL): else { - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = - (yytext_ptr) + yy_amount_of_matched_text; + yy_c_buf_p = + yytext_ptr + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: - (yy_c_buf_p) = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; + yy_c_buf_p = + &yy_current_buffer->yy_ch_buf[yy_n_chars]; - yy_current_state = yy_get_previous_state( ); + yy_current_state = yy_get_previous_state(); - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; goto yy_find_action; } break; @@ -1807,7 +1722,8 @@ case YY_STATE_EOF(INITIAL): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ -} /* end of yylex */ + } /* end of yylex */ + /* yy_get_next_buffer - try to read in a new buffer * @@ -1816,20 +1732,21 @@ case YY_STATE_EOF(INITIAL): * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ -static int yy_get_next_buffer (void) -{ - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = (yytext_ptr); + +static int yy_get_next_buffer() + { + register char *dest = yy_current_buffer->yy_ch_buf; + register char *source = yytext_ptr; register int number_to_move, i; int ret_val; - if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) + if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); - if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) + if ( yy_current_buffer->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ - if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) + if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. @@ -1849,30 +1766,34 @@ static int yy_get_next_buffer (void) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; + yy_current_buffer->yy_n_chars = yy_n_chars = 0; else { - int num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + int num_to_read = + yy_current_buffer->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ +#ifdef YY_USES_REJECT + YY_FATAL_ERROR( +"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); +#else /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + YY_BUFFER_STATE b = yy_current_buffer; int yy_c_buf_p_offset = - (int) ((yy_c_buf_p) - b->yy_ch_buf); + (int) (yy_c_buf_p - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { @@ -1885,7 +1806,8 @@ static int yy_get_next_buffer (void) b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); + yy_flex_realloc( (void *) b->yy_ch_buf, + b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ @@ -1895,35 +1817,35 @@ static int yy_get_next_buffer (void) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); - (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; + yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; - num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - + num_to_read = yy_current_buffer->yy_buf_size - number_to_move - 1; - +#endif } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ - YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), (size_t) num_to_read ); + YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), + yy_n_chars, num_to_read ); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + yy_current_buffer->yy_n_chars = yy_n_chars; } - if ( (yy_n_chars) == 0 ) + if ( yy_n_chars == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - yyrestart(yyin ); + yyrestart( yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = + yy_current_buffer->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } @@ -1931,31 +1853,32 @@ static int yy_get_next_buffer (void) else ret_val = EOB_ACT_CONTINUE_SCAN; - (yy_n_chars) += number_to_move; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; + yy_n_chars += number_to_move; + yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; + yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; - (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; + yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; return ret_val; -} + } + /* yy_get_previous_state - get the state just before the EOB char was reached */ - static yy_state_type yy_get_previous_state (void) -{ +static yy_state_type yy_get_previous_state() + { register yy_state_type yy_current_state; register char *yy_cp; - - yy_current_state = (yy_start); - for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) + yy_current_state = yy_start; + + for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1967,23 +1890,30 @@ static int yy_get_next_buffer (void) } return yy_current_state; -} + } + /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ - static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) -{ + +#ifdef YY_USE_PROTOS +static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) +#else +static yy_state_type yy_try_NUL_trans( yy_current_state ) +yy_state_type yy_current_state; +#endif + { register int yy_is_jam; - register char *yy_cp = (yy_c_buf_p); + register char *yy_cp = yy_c_buf_p; register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1995,73 +1925,81 @@ static int yy_get_next_buffer (void) yy_is_jam = (yy_current_state == 567); return yy_is_jam ? 0 : yy_current_state; -} + } - static void yyunput (int c, register char * yy_bp ) -{ - register char *yy_cp; - - yy_cp = (yy_c_buf_p); + +#ifndef YY_NO_UNPUT +#ifdef YY_USE_PROTOS +static void yyunput( int c, register char *yy_bp ) +#else +static void yyunput( c, yy_bp ) +int c; +register char *yy_bp; +#endif + { + register char *yy_cp = yy_c_buf_p; /* undo effects of setting up yytext */ - *yy_cp = (yy_hold_char); + *yy_cp = yy_hold_char; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; + register int number_to_move = yy_n_chars + 2; + register char *dest = &yy_current_buffer->yy_ch_buf[ + yy_current_buffer->yy_buf_size + 2]; register char *source = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; + &yy_current_buffer->yy_ch_buf[number_to_move]; - while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + while ( source > yy_current_buffer->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + yy_current_buffer->yy_n_chars = + yy_n_chars = yy_current_buffer->yy_buf_size; - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; - (yytext_ptr) = yy_bp; - (yy_hold_char) = *yy_cp; - (yy_c_buf_p) = yy_cp; -} + + yytext_ptr = yy_bp; + yy_hold_char = *yy_cp; + yy_c_buf_p = yy_cp; + } +#endif /* ifndef YY_NO_UNPUT */ + #ifndef YY_NO_INPUT #ifdef __cplusplus - static int yyinput (void) +static int yyinput() #else - static int input (void) +static int input() #endif - -{ + { int c; - - *(yy_c_buf_p) = (yy_hold_char); - if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) + *yy_c_buf_p = yy_hold_char; + + if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ - if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) /* This was really a NUL. */ - *(yy_c_buf_p) = '\0'; + *yy_c_buf_p = '\0'; else { /* need more input */ - int offset = (yy_c_buf_p) - (yytext_ptr); - ++(yy_c_buf_p); + int offset = yy_c_buf_p - yytext_ptr; + ++yy_c_buf_p; - switch ( yy_get_next_buffer( ) ) + switch ( yy_get_next_buffer() ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() @@ -2075,16 +2013,16 @@ static int yy_get_next_buffer (void) */ /* Reset buffer status. */ - yyrestart(yyin ); + yyrestart( yyin ); - /*FALLTHROUGH*/ + /* fall through */ case EOB_ACT_END_OF_FILE: { - if ( yywrap( ) ) + if ( yywrap() ) return EOF; - if ( ! (yy_did_buffer_switch_on_eof) ) + if ( ! yy_did_buffer_switch_on_eof ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); @@ -2094,92 +2032,90 @@ static int yy_get_next_buffer (void) } case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = (yytext_ptr) + offset; + yy_c_buf_p = yytext_ptr + offset; break; } } } - c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ - *(yy_c_buf_p) = '\0'; /* preserve yytext */ - (yy_hold_char) = *++(yy_c_buf_p); + c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ + *yy_c_buf_p = '\0'; /* preserve yytext */ + yy_hold_char = *++yy_c_buf_p; + return c; -} -#endif /* ifndef YY_NO_INPUT */ + } +#endif /* YY_NO_INPUT */ -/** Immediately switch to a different input stream. - * @param input_file A readable stream. - * - * @note This function does not reset the start condition to @c INITIAL . - */ - void yyrestart (FILE * input_file ) -{ - - if ( ! YY_CURRENT_BUFFER ){ - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); +#ifdef YY_USE_PROTOS +void yyrestart( FILE *input_file ) +#else +void yyrestart( input_file ) +FILE *input_file; +#endif + { + if ( ! yy_current_buffer ) + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); + + yy_init_buffer( yy_current_buffer, input_file ); + yy_load_buffer_state(); } - yy_init_buffer(YY_CURRENT_BUFFER,input_file ); - yy_load_buffer_state( ); -} -/** Switch to a different input buffer. - * @param new_buffer The new input buffer. - * - */ - void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) -{ - - /* TODO. We should be able to replace this entire function body - * with - * yypop_buffer_state(); - * yypush_buffer_state(new_buffer); - */ - yyensure_buffer_stack (); - if ( YY_CURRENT_BUFFER == new_buffer ) +#ifdef YY_USE_PROTOS +void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) +#else +void yy_switch_to_buffer( new_buffer ) +YY_BUFFER_STATE new_buffer; +#endif + { + if ( yy_current_buffer == new_buffer ) return; - if ( YY_CURRENT_BUFFER ) + if ( yy_current_buffer ) { /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + *yy_c_buf_p = yy_hold_char; + yy_current_buffer->yy_buf_pos = yy_c_buf_p; + yy_current_buffer->yy_n_chars = yy_n_chars; } - YY_CURRENT_BUFFER_LVALUE = new_buffer; - yy_load_buffer_state( ); + yy_current_buffer = new_buffer; + yy_load_buffer_state(); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ - (yy_did_buffer_switch_on_eof) = 1; -} + yy_did_buffer_switch_on_eof = 1; + } -static void yy_load_buffer_state (void) -{ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; - yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; - (yy_hold_char) = *(yy_c_buf_p); -} -/** Allocate and initialize an input buffer state. - * @param file A readable stream. - * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. - * - * @return the allocated buffer state. - */ - YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) -{ +#ifdef YY_USE_PROTOS +void yy_load_buffer_state( void ) +#else +void yy_load_buffer_state() +#endif + { + yy_n_chars = yy_current_buffer->yy_n_chars; + yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; + yyin = yy_current_buffer->yy_input_file; + yy_hold_char = *yy_c_buf_p; + } + + +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) +#else +YY_BUFFER_STATE yy_create_buffer( file, size ) +FILE *file; +int size; +#endif + { YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); @@ -2188,75 +2124,75 @@ static void yy_load_buffer_state (void) /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); + b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - yy_init_buffer(b,file ); + yy_init_buffer( b, file ); return b; -} + } -/** Destroy the buffer. - * @param b a buffer created with yy_create_buffer() - * - */ - void yy_delete_buffer (YY_BUFFER_STATE b ) -{ - + +#ifdef YY_USE_PROTOS +void yy_delete_buffer( YY_BUFFER_STATE b ) +#else +void yy_delete_buffer( b ) +YY_BUFFER_STATE b; +#endif + { if ( ! b ) return; - if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ - YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; + if ( b == yy_current_buffer ) + yy_current_buffer = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - yyfree((void *) b->yy_ch_buf ); + yy_flex_free( (void *) b->yy_ch_buf ); - yyfree((void *) b ); -} + yy_flex_free( (void *) b ); + } -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* Initializes or reinitializes a buffer. - * This function is sometimes called more than once on the same buffer, - * such as during a yyrestart() or at EOF. - */ - static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) -{ - int oerrno = errno; - - yy_flush_buffer(b ); + +#ifdef YY_USE_PROTOS +void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) +#else +void yy_init_buffer( b, file ) +YY_BUFFER_STATE b; +FILE *file; +#endif + + + { + yy_flush_buffer( b ); b->yy_input_file = file; b->yy_fill_buffer = 1; - /* If b is the current buffer, then yy_init_buffer was _probably_ - * called from yyrestart() or through yy_get_next_buffer. - * In that case, we don't want to reset the lineno or column. - */ - if (b != YY_CURRENT_BUFFER){ - b->yy_bs_lineno = 1; - b->yy_bs_column = 0; - } - - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; - - errno = oerrno; -} +#if YY_ALWAYS_INTERACTIVE + b->yy_is_interactive = 1; +#else +#if YY_NEVER_INTERACTIVE + b->yy_is_interactive = 0; +#else + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; +#endif +#endif + } -/** Discard all buffered characters. On the next scan, YY_INPUT will be called. - * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. - * - */ - void yy_flush_buffer (YY_BUFFER_STATE b ) -{ - if ( ! b ) + +#ifdef YY_USE_PROTOS +void yy_flush_buffer( YY_BUFFER_STATE b ) +#else +void yy_flush_buffer( b ) +YY_BUFFER_STATE b; +#endif + + { + if ( ! b ) return; b->yy_n_chars = 0; @@ -2273,121 +2209,29 @@ extern int isatty (int ); b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; - if ( b == YY_CURRENT_BUFFER ) - yy_load_buffer_state( ); -} - -/** Pushes the new state onto the stack. The new state becomes - * the current state. This function will allocate the stack - * if necessary. - * @param new_buffer The new state. - * - */ -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) -{ - if (new_buffer == NULL) - return; - - yyensure_buffer_stack(); - - /* This block is copied from yy_switch_to_buffer. */ - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - /* Only push if top exists. Otherwise, replace top. */ - if (YY_CURRENT_BUFFER) - (yy_buffer_stack_top)++; - YY_CURRENT_BUFFER_LVALUE = new_buffer; - - /* copied from yy_switch_to_buffer. */ - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; -} - -/** Removes and deletes the top of the stack, if present. - * The next element becomes the new top. - * - */ -void yypop_buffer_state (void) -{ - if (!YY_CURRENT_BUFFER) - return; - - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - if ((yy_buffer_stack_top) > 0) - --(yy_buffer_stack_top); - - if (YY_CURRENT_BUFFER) { - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; - } -} - -/* Allocates the stack if it does not exist. - * Guarantees space for at least one push. - */ -static void yyensure_buffer_stack (void) -{ - int num_to_alloc; - - if (!(yy_buffer_stack)) { - - /* First allocation is just for 2 elements, since we don't know if this - * scanner will even need a stack. We use 2 instead of 1 to avoid an - * immediate realloc on the next call. - */ - num_to_alloc = 1; - (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc - (num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - - (yy_buffer_stack_max) = num_to_alloc; - (yy_buffer_stack_top) = 0; - return; + if ( b == yy_current_buffer ) + yy_load_buffer_state(); } - if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ - /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; - - num_to_alloc = (yy_buffer_stack_max) + grow_size; - (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc - ((yy_buffer_stack), - num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - /* zero only the new slots.*/ - memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); - (yy_buffer_stack_max) = num_to_alloc; - } -} - -/** Setup the input buffer state to scan directly from a user-specified character buffer. - * @param base the character buffer - * @param size the size in bytes of the character buffer - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) -{ +#ifndef YY_NO_SCAN_BUFFER +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) +#else +YY_BUFFER_STATE yy_scan_buffer( base, size ) +char *base; +yy_size_t size; +#endif + { YY_BUFFER_STATE b; - + if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); @@ -2401,51 +2245,56 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - yy_switch_to_buffer(b ); + yy_switch_to_buffer( b ); return b; -} + } +#endif -/** Setup the input buffer state to scan a string. The next call to yylex() will - * scan from a @e copy of @a str. - * @param yystr a NUL-terminated string to scan - * - * @return the newly allocated buffer state object. - * @note If you want to scan bytes that may contain NUL values, then use - * yy_scan_bytes() instead. - */ -YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) -{ - - return yy_scan_bytes(yystr,strlen(yystr) ); -} -/** Setup the input buffer state to scan the given bytes. The next call to yylex() will - * scan from a @e copy of @a bytes. - * @param bytes the byte buffer to scan - * @param len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) -{ +#ifndef YY_NO_SCAN_STRING +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) +#else +YY_BUFFER_STATE yy_scan_string( yy_str ) +yyconst char *yy_str; +#endif + { + int len; + for ( len = 0; yy_str[len]; ++len ) + ; + + return yy_scan_bytes( yy_str, len ); + } +#endif + + +#ifndef YY_NO_SCAN_BYTES +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) +#else +YY_BUFFER_STATE yy_scan_bytes( bytes, len ) +yyconst char *bytes; +int len; +#endif + { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; - + /* Get memory for full buffer, including space for trailing EOB's. */ - n = _yybytes_len + 2; - buf = (char *) yyalloc(n ); + n = len + 2; + buf = (char *) yy_flex_alloc( n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - for ( i = 0; i < _yybytes_len; ++i ) - buf[i] = yybytes[i]; + for ( i = 0; i < len; ++i ) + buf[i] = bytes[i]; - buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; + buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; - b = yy_scan_buffer(buf,n ); + b = yy_scan_buffer( buf, n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); @@ -2455,196 +2304,148 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) b->yy_is_our_buffer = 1; return b; -} - -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 + } #endif -static void yy_fatal_error (yyconst char* msg ) -{ - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); -} - -/* Redefine yyless() so it works in section 3 code. */ -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - yytext[yyleng] = (yy_hold_char); \ - (yy_c_buf_p) = yytext + yyless_macro_arg; \ - (yy_hold_char) = *(yy_c_buf_p); \ - *(yy_c_buf_p) = '\0'; \ - yyleng = yyless_macro_arg; \ - } \ - while ( 0 ) +#ifndef YY_NO_PUSH_STATE +#ifdef YY_USE_PROTOS +static void yy_push_state( int new_state ) +#else +static void yy_push_state( new_state ) +int new_state; +#endif + { + if ( yy_start_stack_ptr >= yy_start_stack_depth ) + { + yy_size_t new_size; -/* Accessor methods (get/set functions) to struct members. */ + yy_start_stack_depth += YY_START_STACK_INCR; + new_size = yy_start_stack_depth * sizeof( int ); -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} + if ( ! yy_start_stack ) + yy_start_stack = (int *) yy_flex_alloc( new_size ); -/** Get the input stream. - * - */ -FILE *yyget_in (void) -{ - return yyin; -} + else + yy_start_stack = (int *) yy_flex_realloc( + (void *) yy_start_stack, new_size ); -/** Get the output stream. - * - */ -FILE *yyget_out (void) -{ - return yyout; -} + if ( ! yy_start_stack ) + YY_FATAL_ERROR( + "out of memory expanding start-condition stack" ); + } -/** Get the length of the current token. - * - */ -int yyget_leng (void) -{ - return yyleng; -} + yy_start_stack[yy_start_stack_ptr++] = YY_START; -/** Get the current token. - * - */ + BEGIN(new_state); + } +#endif -char *yyget_text (void) -{ - return yytext; -} -/** Set the current line number. - * @param line_number - * - */ -void yyset_lineno (int line_number ) -{ - - yylineno = line_number; -} +#ifndef YY_NO_POP_STATE +static void yy_pop_state() + { + if ( --yy_start_stack_ptr < 0 ) + YY_FATAL_ERROR( "start-condition stack underflow" ); -/** Set the input stream. This does not discard the current - * input buffer. - * @param in_str A readable stream. - * - * @see yy_switch_to_buffer - */ -void yyset_in (FILE * in_str ) -{ - yyin = in_str ; -} + BEGIN(yy_start_stack[yy_start_stack_ptr]); + } +#endif -void yyset_out (FILE * out_str ) -{ - yyout = out_str ; -} -int yyget_debug (void) -{ - return yy_flex_debug; -} +#ifndef YY_NO_TOP_STATE +static int yy_top_state() + { + return yy_start_stack[yy_start_stack_ptr - 1]; + } +#endif -void yyset_debug (int bdebug ) -{ - yy_flex_debug = bdebug ; -} +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif -static int yy_init_globals (void) -{ - /* Initialization is the same as for the non-reentrant scanner. - * This function is called from yylex_destroy(), so don't allocate here. - */ - - (yy_buffer_stack) = 0; - (yy_buffer_stack_top) = 0; - (yy_buffer_stack_max) = 0; - (yy_c_buf_p) = (char *) 0; - (yy_init) = 0; - (yy_start) = 0; - -/* Defined in main.c */ -#ifdef YY_STDINIT - yyin = stdin; - yyout = stdout; +#ifdef YY_USE_PROTOS +static void yy_fatal_error( yyconst char msg[] ) #else - yyin = (FILE *) 0; - yyout = (FILE *) 0; +static void yy_fatal_error( msg ) +char msg[]; #endif + { + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); + } - /* For future reference: Set errno on error, since we are called by - * yylex_init() - */ - return 0; -} -/* yylex_destroy is for both reentrant and non-reentrant scanners. */ -int yylex_destroy (void) -{ - - /* Pop the buffer stack, destroying each element. */ - while(YY_CURRENT_BUFFER){ - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - yypop_buffer_state(); - } - /* Destroy the stack itself. */ - yyfree((yy_buffer_stack) ); - (yy_buffer_stack) = NULL; +/* Redefine yyless() so it works in section 3 code. */ - /* Reset the globals. This is important in a non-reentrant scanner so the next time - * yylex() is called, initialization will occur. */ - yy_init_globals( ); +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + yytext[yyleng] = yy_hold_char; \ + yy_c_buf_p = yytext + n; \ + yy_hold_char = *yy_c_buf_p; \ + *yy_c_buf_p = '\0'; \ + yyleng = n; \ + } \ + while ( 0 ) - return 0; -} -/* - * Internal utility routines. - */ +/* Internal utility routines. */ #ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) -{ +#ifdef YY_USE_PROTOS +static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) +#else +static void yy_flex_strncpy( s1, s2, n ) +char *s1; +yyconst char *s2; +int n; +#endif + { register int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; -} + } #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * s ) -{ +#ifdef YY_USE_PROTOS +static int yy_flex_strlen( yyconst char *s ) +#else +static int yy_flex_strlen( s ) +yyconst char *s; +#endif + { register int n; for ( n = 0; s[n]; ++n ) ; return n; -} + } #endif -void *yyalloc (yy_size_t size ) -{ + +#ifdef YY_USE_PROTOS +static void *yy_flex_alloc( yy_size_t size ) +#else +static void *yy_flex_alloc( size ) +yy_size_t size; +#endif + { return (void *) malloc( size ); -} + } -void *yyrealloc (void * ptr, yy_size_t size ) -{ +#ifdef YY_USE_PROTOS +static void *yy_flex_realloc( void *ptr, yy_size_t size ) +#else +static void *yy_flex_realloc( ptr, size ) +void *ptr; +yy_size_t size; +#endif + { /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -2653,19 +2454,28 @@ void *yyrealloc (void * ptr, yy_size_t size ) * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); -} - -void yyfree (void * ptr ) -{ - free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ -} + } -#define YYTABLES_NAME "yytables" +#ifdef YY_USE_PROTOS +static void yy_flex_free( void *ptr ) +#else +static void yy_flex_free( ptr ) +void *ptr; +#endif + { + free( ptr ); + } +#if YY_MAIN +int main() + { + yylex(); + return 0; + } +#endif #line 274 "lex.l" - #ifndef yywrap /* XXX */ int yywrap () @@ -2691,4 +2501,3 @@ unterminated(const char *type, unsigned start_lineno) { error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); } - -- cgit From c448896c7eda9a71c7ecc7debd46e977b507c183 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 15 Jan 2007 02:23:40 +0000 Subject: r20786: Fix the build. (This used to be commit 42bb335bd50a5070ee59c9d9748db8a9e9d6a9b0) --- source4/heimdal/lib/com_err/lex.c | 1362 +++++++++++++++++++++---------------- 1 file changed, 776 insertions(+), 586 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index 8b7113baa2..4697d0a3fd 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -1,32 +1,93 @@ #include "config.h" -/* A lexical scanner generated by flex*/ -/* Scanner skeleton version: - * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ - */ +#line 3 "lex.yy.c" + +#define YY_INT_ALIGNED short int + +/* A lexical scanner generated by flex */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 +#define YY_FLEX_SUBMINOR_VERSION 33 +#if YY_FLEX_SUBMINOR_VERSION > 0 +#define FLEX_BETA +#endif +/* First, we deal with platform-specific or compiler-specific issues. */ + +/* begin standard C headers. */ #include -#include +#include +#include +#include +/* end standard C headers. */ -/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ -#ifdef c_plusplus -#ifndef __cplusplus -#define __cplusplus -#endif +/* flex integer type definitions */ + +#ifndef FLEXINT_H +#define FLEXINT_H + +/* C99 systems have . Non-C99 systems may or may not. */ + +#if __STDC_VERSION__ >= 199901L + +/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, + * if you want the limit (max/min) macros for int types. + */ +#ifndef __STDC_LIMIT_MACROS +#define __STDC_LIMIT_MACROS 1 #endif +#include +typedef int8_t flex_int8_t; +typedef uint8_t flex_uint8_t; +typedef int16_t flex_int16_t; +typedef uint16_t flex_uint16_t; +typedef int32_t flex_int32_t; +typedef uint32_t flex_uint32_t; +#else +typedef signed char flex_int8_t; +typedef short int flex_int16_t; +typedef int flex_int32_t; +typedef unsigned char flex_uint8_t; +typedef unsigned short int flex_uint16_t; +typedef unsigned int flex_uint32_t; +#endif /* ! C99 */ -#ifdef __cplusplus +/* Limits of integral types. */ +#ifndef INT8_MIN +#define INT8_MIN (-128) +#endif +#ifndef INT16_MIN +#define INT16_MIN (-32767-1) +#endif +#ifndef INT32_MIN +#define INT32_MIN (-2147483647-1) +#endif +#ifndef INT8_MAX +#define INT8_MAX (127) +#endif +#ifndef INT16_MAX +#define INT16_MAX (32767) +#endif +#ifndef INT32_MAX +#define INT32_MAX (2147483647) +#endif +#ifndef UINT8_MAX +#define UINT8_MAX (255U) +#endif +#ifndef UINT16_MAX +#define UINT16_MAX (65535U) +#endif +#ifndef UINT32_MAX +#define UINT32_MAX (4294967295U) +#endif -#include +#endif /* ! FLEXINT_H */ -/* Use prototypes in function declarations. */ -#define YY_USE_PROTOS +#ifdef __cplusplus /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST @@ -35,34 +96,17 @@ #if __STDC__ -#define YY_USE_PROTOS #define YY_USE_CONST #endif /* __STDC__ */ #endif /* ! __cplusplus */ -#ifdef __TURBOC__ - #pragma warn -rch - #pragma warn -use -#include -#include -#define YY_USE_CONST -#define YY_USE_PROTOS -#endif - #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif - -#ifdef YY_USE_PROTOS -#define YY_PROTO(proto) proto -#else -#define YY_PROTO(proto) () -#endif - /* Returned upon end-of-file. */ #define YY_NULL 0 @@ -77,80 +121,75 @@ * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ -#define BEGIN yy_start = 1 + 2 * +#define BEGIN (yy_start) = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ -#define YY_START ((yy_start - 1) / 2) +#define YY_START (((yy_start) - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart( yyin ) +#define YY_NEW_FILE yyrestart(yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ +#ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 +#endif + +/* The state buf must be large enough to hold one state per character in the main buffer. + */ +#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) +#ifndef YY_TYPEDEF_YY_BUFFER_STATE +#define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; +#endif extern int yyleng; + extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 -/* The funky do-while in the following #define is used to turn the definition - * int a single C statement (which needs a semi-colon terminator). This - * avoids problems with code like: - * - * if ( condition_holds ) - * yyless( 5 ); - * else - * do_something_else(); - * - * Prior to using the do-while the compiler would get upset at the - * "else" because it interpreted the "if" statement as being all - * done when it reached the ';' after the yyless() call. - */ - -/* Return all but the first 'n' matched characters back to the input stream. */ - + #define YY_LESS_LINENO(n) + +/* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ - *yy_cp = yy_hold_char; \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + *yy_cp = (yy_hold_char); \ YY_RESTORE_YY_MORE_OFFSET \ - yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ + (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) -#define unput(c) yyunput( c, yytext_ptr ) - -/* Some routines like yy_flex_realloc() are emitted as static but are - not called by all lexers. This generates warnings in some compilers, - notably GCC. Arrange to suppress these. */ -#ifdef __GNUC__ -#define YY_MAY_BE_UNUSED __attribute__((unused)) -#else -#define YY_MAY_BE_UNUSED -#endif +#define unput(c) yyunput( c, (yytext_ptr) ) /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). */ -typedef unsigned int yy_size_t; +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef unsigned int yy_size_t; +#endif +#ifndef YY_STRUCT_YY_BUFFER_STATE +#define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state { FILE *yy_input_file; @@ -187,12 +226,16 @@ struct yy_buffer_state */ int yy_at_bol; + int yy_bs_lineno; /**< The line count. */ + int yy_bs_column; /**< The column count. */ + /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; + #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process @@ -206,28 +249,38 @@ struct yy_buffer_state * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 + }; +#endif /* !YY_STRUCT_YY_BUFFER_STATE */ -static YY_BUFFER_STATE yy_current_buffer = 0; +/* Stack of input buffers. */ +static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ +static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ +static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". + * + * Returns the top of the stack, or NULL. */ -#define YY_CURRENT_BUFFER yy_current_buffer +#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ + ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ + : NULL) +/* Same as previous macro, but useful when we know that the buffer stack is not + * NULL or when we need an lvalue. For internal use only. + */ +#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; - static int yy_n_chars; /* number of characters read into yy_ch_buf */ - - int yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; -static int yy_init = 1; /* whether we need to initialize */ +static int yy_init = 0; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ /* Flag which is used to allow yywrap()'s to do buffer switches @@ -235,66 +288,92 @@ static int yy_start = 0; /* start state number */ */ static int yy_did_buffer_switch_on_eof; -void yyrestart YY_PROTO(( FILE *input_file )); +void yyrestart (FILE *input_file ); +void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); +YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); +void yy_delete_buffer (YY_BUFFER_STATE b ); +void yy_flush_buffer (YY_BUFFER_STATE b ); +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); +void yypop_buffer_state (void ); -void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); -void yy_load_buffer_state YY_PROTO(( void )); -YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); -void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); -void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); -void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); -#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) +static void yyensure_buffer_stack (void ); +static void yy_load_buffer_state (void ); +static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); -YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); -YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); -YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); +#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) -static void *yy_flex_alloc YY_PROTO(( yy_size_t )); -static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )) YY_MAY_BE_UNUSED; -static void yy_flex_free YY_PROTO(( void * )); +YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); +YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); +YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); + +void *yyalloc (yy_size_t ); +void *yyrealloc (void *,yy_size_t ); +void yyfree (void * ); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_is_interactive = is_interactive; \ + if ( ! YY_CURRENT_BUFFER ){ \ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_at_bol = at_bol; \ + if ( ! YY_CURRENT_BUFFER ){\ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ } -#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) +#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) + +/* Begin user sect3 */ typedef unsigned char YY_CHAR; + FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; + typedef int yy_state_type; + +extern int yylineno; + +int yylineno = 1; + extern char *yytext; #define yytext_ptr yytext -static yy_state_type yy_get_previous_state YY_PROTO(( void )); -static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); -static int yy_get_next_buffer YY_PROTO(( void )); -static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); +static yy_state_type yy_get_previous_state (void ); +static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); +static int yy_get_next_buffer (void ); +static void yy_fatal_error (yyconst char msg[] ); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ - yytext_ptr = yy_bp; \ - yyleng = (int) (yy_cp - yy_bp); \ - yy_hold_char = *yy_cp; \ + (yytext_ptr) = yy_bp; \ + yyleng = (size_t) (yy_cp - yy_bp); \ + (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ - yy_c_buf_p = yy_cp; + (yy_c_buf_p) = yy_cp; #define YY_NUM_RULES 16 #define YY_END_OF_BUFFER 17 -static yyconst short int yy_accept[46] = +/* This struct is not used in this scanner, + but its presence is necessary. */ +struct yy_trans_info + { + flex_int32_t yy_verify; + flex_int32_t yy_nxt; + }; +static yyconst flex_int16_t yy_accept[46] = { 0, 0, 0, 17, 15, 11, 12, 13, 10, 9, 14, 14, 14, 14, 10, 9, 14, 3, 14, 14, 1, @@ -303,7 +382,7 @@ static yyconst short int yy_accept[46] = 14, 4, 14, 2, 0 } ; -static yyconst int yy_ec[256] = +static yyconst flex_int32_t yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -335,14 +414,14 @@ static yyconst int yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst int yy_meta[23] = +static yyconst flex_int32_t yy_meta[23] = { 0, 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3 } ; -static yyconst short int yy_base[48] = +static yyconst flex_int16_t yy_base[48] = { 0, 0, 0, 56, 57, 57, 57, 57, 0, 49, 0, 12, 13, 34, 0, 47, 0, 0, 40, 31, 0, @@ -351,7 +430,7 @@ static yyconst short int yy_base[48] = 12, 0, 14, 0, 57, 34, 23 } ; -static yyconst short int yy_def[48] = +static yyconst flex_int16_t yy_def[48] = { 0, 45, 1, 45, 45, 45, 45, 45, 46, 47, 47, 47, 47, 47, 46, 47, 47, 47, 47, 47, 47, @@ -360,7 +439,7 @@ static yyconst short int yy_def[48] = 47, 47, 47, 47, 0, 45, 45 } ; -static yyconst short int yy_nxt[80] = +static yyconst flex_int16_t yy_nxt[80] = { 0, 4, 5, 6, 7, 8, 9, 10, 10, 10, 10, 10, 10, 11, 10, 12, 10, 10, 10, 13, 10, @@ -372,7 +451,7 @@ static yyconst short int yy_nxt[80] = 45, 45, 45, 45, 45, 45, 45, 45, 45 } ; -static yyconst short int yy_chk[80] = +static yyconst flex_int16_t yy_chk[80] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -387,6 +466,9 @@ static yyconst short int yy_chk[80] = static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; +extern int yy_flex_debug; +int yy_flex_debug = 0; + /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ @@ -396,7 +478,6 @@ static char *yy_last_accepting_cpos; #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "lex.l" -#define INITIAL 0 #line 2 "lex.l" /* * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan @@ -452,7 +533,23 @@ static int getstring(void); #undef ECHO -#line 455 "lex.yy.c" +#line 536 "lex.yy.c" + +#define INITIAL 0 + +#ifndef YY_NO_UNISTD_H +/* Special case for "unistd.h", since it is non-ANSI. We include it way + * down here because we want the user's section 1 to have been scanned first. + * The user has a chance to override it with an option. + */ +#include +#endif + +#ifndef YY_EXTRA_TYPE +#define YY_EXTRA_TYPE void * +#endif + +static int yy_init_globals (void ); /* Macros after this point can all be overridden by user definitions in * section 1. @@ -460,65 +557,30 @@ static int getstring(void); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int yywrap YY_PROTO(( void )); +extern "C" int yywrap (void ); #else -extern int yywrap YY_PROTO(( void )); -#endif +extern int yywrap (void ); #endif - -#ifndef YY_NO_UNPUT -static void yyunput YY_PROTO(( int c, char *buf_ptr )); #endif + static void yyunput (int c,char *buf_ptr ); + #ifndef yytext_ptr -static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); +static void yy_flex_strncpy (char *,yyconst char *,int ); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen YY_PROTO(( yyconst char * )); +static int yy_flex_strlen (yyconst char * ); #endif #ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput YY_PROTO(( void )); -#else -static int input YY_PROTO(( void )); -#endif -#endif - -#if YY_STACK_USED -static int yy_start_stack_ptr = 0; -static int yy_start_stack_depth = 0; -static int *yy_start_stack = 0; -#ifndef YY_NO_PUSH_STATE -static void yy_push_state YY_PROTO(( int new_state )); -#endif -#ifndef YY_NO_POP_STATE -static void yy_pop_state YY_PROTO(( void )); -#endif -#ifndef YY_NO_TOP_STATE -static int yy_top_state YY_PROTO(( void )); -#endif +#ifdef __cplusplus +static int yyinput (void ); #else -#define YY_NO_PUSH_STATE 1 -#define YY_NO_POP_STATE 1 -#define YY_NO_TOP_STATE 1 +static int input (void ); #endif -#ifdef YY_MALLOC_DECL -YY_MALLOC_DECL -#else -#if __STDC__ -#ifndef __cplusplus -#include -#endif -#else -/* Just try to get by without declaring the routines. This will fail - * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) - * or sizeof(void*) != sizeof(int). - */ -#endif #endif /* Amount of stuff to slurp up with each read. */ @@ -527,7 +589,6 @@ YY_MALLOC_DECL #endif /* Copy whatever the last rule matched to the standard output. */ - #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). @@ -540,9 +601,10 @@ YY_MALLOC_DECL */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) \ + if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ - int c = '*', n; \ + int c = '*'; \ + size_t n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -552,9 +614,22 @@ YY_MALLOC_DECL YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ - else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ - && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); + else \ + { \ + errno=0; \ + while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ + { \ + if( errno != EINTR) \ + { \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + break; \ + } \ + errno=0; \ + clearerr(yyin); \ + } \ + }\ +\ + #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - @@ -575,12 +650,18 @@ YY_MALLOC_DECL #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif +/* end tables serialization structures and prototypes */ + /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL -#define YY_DECL int yylex YY_PROTO(( void )) -#endif +#define YY_DECL_IS_OURS 1 + +extern int yylex (void); + +#define YY_DECL int yylex (void) +#endif /* !YY_DECL */ /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. @@ -597,26 +678,28 @@ YY_MALLOC_DECL #define YY_RULE_SETUP \ YY_USER_ACTION +/** The main scanner function which does all the work. + */ YY_DECL - { +{ register yy_state_type yy_current_state; - register char *yy_cp = NULL, *yy_bp = NULL; + register char *yy_cp, *yy_bp; register int yy_act; - + #line 59 "lex.l" -#line 608 "lex.yy.c" +#line 691 "lex.yy.c" - if ( yy_init ) + if ( !(yy_init) ) { - yy_init = 0; + (yy_init) = 1; #ifdef YY_USER_INIT YY_USER_INIT; #endif - if ( ! yy_start ) - yy_start = 1; /* first start state */ + if ( ! (yy_start) ) + (yy_start) = 1; /* first start state */ if ( ! yyin ) yyin = stdin; @@ -624,34 +707,36 @@ YY_DECL if ( ! yyout ) yyout = stdout; - if ( ! yy_current_buffer ) - yy_current_buffer = - yy_create_buffer( yyin, YY_BUF_SIZE ); + if ( ! YY_CURRENT_BUFFER ) { + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } - yy_load_buffer_state(); + yy_load_buffer_state( ); } while ( 1 ) /* loops until end-of-file is reached */ { - yy_cp = yy_c_buf_p; + yy_cp = (yy_c_buf_p); /* Support of yytext. */ - *yy_cp = yy_hold_char; + *yy_cp = (yy_hold_char); /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; - yy_current_state = yy_start; + yy_current_state = (yy_start); yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -668,24 +753,22 @@ yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; - do_action: /* This label is used only to access EOF actions. */ - switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = yy_hold_char; - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; + *yy_cp = (yy_hold_char); + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); goto yy_find_action; case 1: @@ -744,6 +827,7 @@ YY_RULE_SETUP ; YY_BREAK case 12: +/* rule 12 can match eol */ YY_RULE_SETUP #line 71 "lex.l" { lineno++; } @@ -768,33 +852,33 @@ YY_RULE_SETUP #line 75 "lex.l" ECHO; YY_BREAK -#line 771 "lex.yy.c" +#line 855 "lex.yy.c" case YY_STATE_EOF(INITIAL): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; + int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = yy_hold_char; + *yy_cp = (yy_hold_char); YY_RESTORE_YY_MORE_OFFSET - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure - * consistency between yy_current_buffer and our + * consistency between YY_CURRENT_BUFFER and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ - yy_n_chars = yy_current_buffer->yy_n_chars; - yy_current_buffer->yy_input_file = yyin; - yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position @@ -804,13 +888,13 @@ case YY_STATE_EOF(INITIAL): * end-of-buffer state). Contrast this with the test * in input(). */ - if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) { /* This was really a NUL. */ yy_state_type yy_next_state; - yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; + (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); /* Okay, we're now positioned to make the NUL * transition. We couldn't have @@ -823,30 +907,30 @@ case YY_STATE_EOF(INITIAL): yy_next_state = yy_try_NUL_trans( yy_current_state ); - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_bp = (yytext_ptr) + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ - yy_cp = ++yy_c_buf_p; + yy_cp = ++(yy_c_buf_p); yy_current_state = yy_next_state; goto yy_match; } else { - yy_cp = yy_c_buf_p; + yy_cp = (yy_c_buf_p); goto yy_find_action; } } - else switch ( yy_get_next_buffer() ) + else switch ( yy_get_next_buffer( ) ) { case EOB_ACT_END_OF_FILE: { - yy_did_buffer_switch_on_eof = 0; + (yy_did_buffer_switch_on_eof) = 0; - if ( yywrap() ) + if ( yywrap( ) ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -857,7 +941,7 @@ case YY_STATE_EOF(INITIAL): * YY_NULL, it'll still work - another * YY_NULL will get returned. */ - yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; + (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; @@ -865,30 +949,30 @@ case YY_STATE_EOF(INITIAL): else { - if ( ! yy_did_buffer_switch_on_eof ) + if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = - yytext_ptr + yy_amount_of_matched_text; + (yy_c_buf_p) = + (yytext_ptr) + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: - yy_c_buf_p = - &yy_current_buffer->yy_ch_buf[yy_n_chars]; + (yy_c_buf_p) = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_find_action; } break; @@ -899,8 +983,7 @@ case YY_STATE_EOF(INITIAL): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ - } /* end of yylex */ - +} /* end of yylex */ /* yy_get_next_buffer - try to read in a new buffer * @@ -909,21 +992,20 @@ case YY_STATE_EOF(INITIAL): * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ - -static int yy_get_next_buffer() - { - register char *dest = yy_current_buffer->yy_ch_buf; - register char *source = yytext_ptr; +static int yy_get_next_buffer (void) +{ + register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + register char *source = (yytext_ptr); register int number_to_move, i; int ret_val; - if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) + if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); - if ( yy_current_buffer->yy_fill_buffer == 0 ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ - if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) + if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. @@ -943,34 +1025,30 @@ static int yy_get_next_buffer() /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; + number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ - yy_current_buffer->yy_n_chars = yy_n_chars = 0; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; else { - int num_to_read = - yy_current_buffer->yy_buf_size - number_to_move - 1; + int num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ -#ifdef YY_USES_REJECT - YY_FATAL_ERROR( -"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); -#else /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = yy_current_buffer; + YY_BUFFER_STATE b = YY_CURRENT_BUFFER; int yy_c_buf_p_offset = - (int) (yy_c_buf_p - b->yy_ch_buf); + (int) ((yy_c_buf_p) - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { @@ -983,8 +1061,7 @@ static int yy_get_next_buffer() b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - yy_flex_realloc( (void *) b->yy_ch_buf, - b->yy_buf_size + 2 ); + yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ @@ -994,35 +1071,35 @@ static int yy_get_next_buffer() YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); - yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; + (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; - num_to_read = yy_current_buffer->yy_buf_size - + num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; -#endif + } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ - YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), - yy_n_chars, num_to_read ); + YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), + (yy_n_chars), (size_t) num_to_read ); - yy_current_buffer->yy_n_chars = yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } - if ( yy_n_chars == 0 ) + if ( (yy_n_chars) == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - yyrestart( yyin ); + yyrestart(yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; - yy_current_buffer->yy_buffer_status = + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } @@ -1030,32 +1107,31 @@ static int yy_get_next_buffer() else ret_val = EOB_ACT_CONTINUE_SCAN; - yy_n_chars += number_to_move; - yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; - yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; + (yy_n_chars) += number_to_move; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; - yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; + (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; return ret_val; - } - +} /* yy_get_previous_state - get the state just before the EOB char was reached */ -static yy_state_type yy_get_previous_state() - { + static yy_state_type yy_get_previous_state (void) +{ register yy_state_type yy_current_state; register char *yy_cp; + + yy_current_state = (yy_start); - yy_current_state = yy_start; - - for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) + for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1067,30 +1143,23 @@ static yy_state_type yy_get_previous_state() } return yy_current_state; - } - +} /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ - -#ifdef YY_USE_PROTOS -static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) -#else -static yy_state_type yy_try_NUL_trans( yy_current_state ) -yy_state_type yy_current_state; -#endif - { + static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) +{ register int yy_is_jam; - register char *yy_cp = yy_c_buf_p; + register char *yy_cp = (yy_c_buf_p); register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1102,81 +1171,73 @@ yy_state_type yy_current_state; yy_is_jam = (yy_current_state == 45); return yy_is_jam ? 0 : yy_current_state; - } - +} -#ifndef YY_NO_UNPUT -#ifdef YY_USE_PROTOS -static void yyunput( int c, register char *yy_bp ) -#else -static void yyunput( c, yy_bp ) -int c; -register char *yy_bp; -#endif - { - register char *yy_cp = yy_c_buf_p; + static void yyunput (int c, register char * yy_bp ) +{ + register char *yy_cp; + + yy_cp = (yy_c_buf_p); /* undo effects of setting up yytext */ - *yy_cp = yy_hold_char; + *yy_cp = (yy_hold_char); - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = yy_n_chars + 2; - register char *dest = &yy_current_buffer->yy_ch_buf[ - yy_current_buffer->yy_buf_size + 2]; + register int number_to_move = (yy_n_chars) + 2; + register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; register char *source = - &yy_current_buffer->yy_ch_buf[number_to_move]; + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; - while ( source > yy_current_buffer->yy_ch_buf ) + while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); - yy_current_buffer->yy_n_chars = - yy_n_chars = yy_current_buffer->yy_buf_size; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; - - yytext_ptr = yy_bp; - yy_hold_char = *yy_cp; - yy_c_buf_p = yy_cp; - } -#endif /* ifndef YY_NO_UNPUT */ - + (yytext_ptr) = yy_bp; + (yy_hold_char) = *yy_cp; + (yy_c_buf_p) = yy_cp; +} #ifndef YY_NO_INPUT #ifdef __cplusplus -static int yyinput() + static int yyinput (void) #else -static int input() + static int input (void) #endif - { - int c; - *yy_c_buf_p = yy_hold_char; +{ + int c; + + *(yy_c_buf_p) = (yy_hold_char); - if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) + if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ - if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) /* This was really a NUL. */ - *yy_c_buf_p = '\0'; + *(yy_c_buf_p) = '\0'; else { /* need more input */ - int offset = yy_c_buf_p - yytext_ptr; - ++yy_c_buf_p; + int offset = (yy_c_buf_p) - (yytext_ptr); + ++(yy_c_buf_p); - switch ( yy_get_next_buffer() ) + switch ( yy_get_next_buffer( ) ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() @@ -1190,16 +1251,16 @@ static int input() */ /* Reset buffer status. */ - yyrestart( yyin ); + yyrestart(yyin ); - /* fall through */ + /*FALLTHROUGH*/ case EOB_ACT_END_OF_FILE: { - if ( yywrap() ) + if ( yywrap( ) ) return EOF; - if ( ! yy_did_buffer_switch_on_eof ) + if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); @@ -1209,90 +1270,92 @@ static int input() } case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = yytext_ptr + offset; + (yy_c_buf_p) = (yytext_ptr) + offset; break; } } } - c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ - *yy_c_buf_p = '\0'; /* preserve yytext */ - yy_hold_char = *++yy_c_buf_p; - + c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ + *(yy_c_buf_p) = '\0'; /* preserve yytext */ + (yy_hold_char) = *++(yy_c_buf_p); return c; - } -#endif /* YY_NO_INPUT */ - -#ifdef YY_USE_PROTOS -void yyrestart( FILE *input_file ) -#else -void yyrestart( input_file ) -FILE *input_file; -#endif - { - if ( ! yy_current_buffer ) - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); +} +#endif /* ifndef YY_NO_INPUT */ - yy_init_buffer( yy_current_buffer, input_file ); - yy_load_buffer_state(); +/** Immediately switch to a different input stream. + * @param input_file A readable stream. + * + * @note This function does not reset the start condition to @c INITIAL . + */ + void yyrestart (FILE * input_file ) +{ + + if ( ! YY_CURRENT_BUFFER ){ + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); } + yy_init_buffer(YY_CURRENT_BUFFER,input_file ); + yy_load_buffer_state( ); +} -#ifdef YY_USE_PROTOS -void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) -#else -void yy_switch_to_buffer( new_buffer ) -YY_BUFFER_STATE new_buffer; -#endif - { - if ( yy_current_buffer == new_buffer ) +/** Switch to a different input buffer. + * @param new_buffer The new input buffer. + * + */ + void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) +{ + + /* TODO. We should be able to replace this entire function body + * with + * yypop_buffer_state(); + * yypush_buffer_state(new_buffer); + */ + yyensure_buffer_stack (); + if ( YY_CURRENT_BUFFER == new_buffer ) return; - if ( yy_current_buffer ) + if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ - *yy_c_buf_p = yy_hold_char; - yy_current_buffer->yy_buf_pos = yy_c_buf_p; - yy_current_buffer->yy_n_chars = yy_n_chars; + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } - yy_current_buffer = new_buffer; - yy_load_buffer_state(); + YY_CURRENT_BUFFER_LVALUE = new_buffer; + yy_load_buffer_state( ); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ - yy_did_buffer_switch_on_eof = 1; - } - - -#ifdef YY_USE_PROTOS -void yy_load_buffer_state( void ) -#else -void yy_load_buffer_state() -#endif - { - yy_n_chars = yy_current_buffer->yy_n_chars; - yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; - yyin = yy_current_buffer->yy_input_file; - yy_hold_char = *yy_c_buf_p; - } + (yy_did_buffer_switch_on_eof) = 1; +} +static void yy_load_buffer_state (void) +{ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; + yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; + (yy_hold_char) = *(yy_c_buf_p); +} -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) -#else -YY_BUFFER_STATE yy_create_buffer( file, size ) -FILE *file; -int size; -#endif - { +/** Allocate and initialize an input buffer state. + * @param file A readable stream. + * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. + * + * @return the allocated buffer state. + */ + YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) +{ YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); @@ -1301,75 +1364,75 @@ int size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); + b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - yy_init_buffer( b, file ); + yy_init_buffer(b,file ); return b; - } - +} -#ifdef YY_USE_PROTOS -void yy_delete_buffer( YY_BUFFER_STATE b ) -#else -void yy_delete_buffer( b ) -YY_BUFFER_STATE b; -#endif - { +/** Destroy the buffer. + * @param b a buffer created with yy_create_buffer() + * + */ + void yy_delete_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) return; - if ( b == yy_current_buffer ) - yy_current_buffer = (YY_BUFFER_STATE) 0; + if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ + YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - yy_flex_free( (void *) b->yy_ch_buf ); + yyfree((void *) b->yy_ch_buf ); - yy_flex_free( (void *) b ); - } - - - -#ifdef YY_USE_PROTOS -void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) -#else -void yy_init_buffer( b, file ) -YY_BUFFER_STATE b; -FILE *file; -#endif + yyfree((void *) b ); +} +#ifndef __cplusplus +extern int isatty (int ); +#endif /* __cplusplus */ + +/* Initializes or reinitializes a buffer. + * This function is sometimes called more than once on the same buffer, + * such as during a yyrestart() or at EOF. + */ + static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) - { - yy_flush_buffer( b ); +{ + int oerrno = errno; + + yy_flush_buffer(b ); b->yy_input_file = file; b->yy_fill_buffer = 1; -#if YY_ALWAYS_INTERACTIVE - b->yy_is_interactive = 1; -#else -#if YY_NEVER_INTERACTIVE - b->yy_is_interactive = 0; -#else - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; -#endif -#endif - } - + /* If b is the current buffer, then yy_init_buffer was _probably_ + * called from yyrestart() or through yy_get_next_buffer. + * In that case, we don't want to reset the lineno or column. + */ + if (b != YY_CURRENT_BUFFER){ + b->yy_bs_lineno = 1; + b->yy_bs_column = 0; + } -#ifdef YY_USE_PROTOS -void yy_flush_buffer( YY_BUFFER_STATE b ) -#else -void yy_flush_buffer( b ) -YY_BUFFER_STATE b; -#endif + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; + + errno = oerrno; +} - { - if ( ! b ) +/** Discard all buffered characters. On the next scan, YY_INPUT will be called. + * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. + * + */ + void yy_flush_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) return; b->yy_n_chars = 0; @@ -1386,29 +1449,121 @@ YY_BUFFER_STATE b; b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; - if ( b == yy_current_buffer ) - yy_load_buffer_state(); + if ( b == YY_CURRENT_BUFFER ) + yy_load_buffer_state( ); +} + +/** Pushes the new state onto the stack. The new state becomes + * the current state. This function will allocate the stack + * if necessary. + * @param new_buffer The new state. + * + */ +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) +{ + if (new_buffer == NULL) + return; + + yyensure_buffer_stack(); + + /* This block is copied from yy_switch_to_buffer. */ + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + /* Only push if top exists. Otherwise, replace top. */ + if (YY_CURRENT_BUFFER) + (yy_buffer_stack_top)++; + YY_CURRENT_BUFFER_LVALUE = new_buffer; + + /* copied from yy_switch_to_buffer. */ + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; +} + +/** Removes and deletes the top of the stack, if present. + * The next element becomes the new top. + * + */ +void yypop_buffer_state (void) +{ + if (!YY_CURRENT_BUFFER) + return; + + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + if ((yy_buffer_stack_top) > 0) + --(yy_buffer_stack_top); + + if (YY_CURRENT_BUFFER) { + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; + } +} + +/* Allocates the stack if it does not exist. + * Guarantees space for at least one push. + */ +static void yyensure_buffer_stack (void) +{ + int num_to_alloc; + + if (!(yy_buffer_stack)) { + + /* First allocation is just for 2 elements, since we don't know if this + * scanner will even need a stack. We use 2 instead of 1 to avoid an + * immediate realloc on the next call. + */ + num_to_alloc = 1; + (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc + (num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); + + (yy_buffer_stack_max) = num_to_alloc; + (yy_buffer_stack_top) = 0; + return; } + if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ -#ifndef YY_NO_SCAN_BUFFER -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) -#else -YY_BUFFER_STATE yy_scan_buffer( base, size ) -char *base; -yy_size_t size; -#endif - { - YY_BUFFER_STATE b; + /* Increase the buffer to prepare for a possible push. */ + int grow_size = 8 /* arbitrary grow size */; + num_to_alloc = (yy_buffer_stack_max) + grow_size; + (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc + ((yy_buffer_stack), + num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + /* zero only the new slots.*/ + memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); + (yy_buffer_stack_max) = num_to_alloc; + } +} + +/** Setup the input buffer state to scan directly from a user-specified character buffer. + * @param base the character buffer + * @param size the size in bytes of the character buffer + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) +{ + YY_BUFFER_STATE b; + if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); @@ -1422,56 +1577,51 @@ yy_size_t size; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - yy_switch_to_buffer( b ); + yy_switch_to_buffer(b ); return b; - } -#endif - - -#ifndef YY_NO_SCAN_STRING -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) -#else -YY_BUFFER_STATE yy_scan_string( yy_str ) -yyconst char *yy_str; -#endif - { - int len; - for ( len = 0; yy_str[len]; ++len ) - ; - - return yy_scan_bytes( yy_str, len ); - } -#endif +} +/** Setup the input buffer state to scan a string. The next call to yylex() will + * scan from a @e copy of @a str. + * @param yystr a NUL-terminated string to scan + * + * @return the newly allocated buffer state object. + * @note If you want to scan bytes that may contain NUL values, then use + * yy_scan_bytes() instead. + */ +YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) +{ + + return yy_scan_bytes(yystr,strlen(yystr) ); +} -#ifndef YY_NO_SCAN_BYTES -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) -#else -YY_BUFFER_STATE yy_scan_bytes( bytes, len ) -yyconst char *bytes; -int len; -#endif - { +/** Setup the input buffer state to scan the given bytes. The next call to yylex() will + * scan from a @e copy of @a bytes. + * @param bytes the byte buffer to scan + * @param len the number of bytes in the buffer pointed to by @a bytes. + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) +{ YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; - + /* Get memory for full buffer, including space for trailing EOB's. */ - n = len + 2; - buf = (char *) yy_flex_alloc( n ); + n = _yybytes_len + 2; + buf = (char *) yyalloc(n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - for ( i = 0; i < len; ++i ) - buf[i] = bytes[i]; + for ( i = 0; i < _yybytes_len; ++i ) + buf[i] = yybytes[i]; - buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; + buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; - b = yy_scan_buffer( buf, n ); + b = yy_scan_buffer(buf,n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); @@ -1481,148 +1631,196 @@ int len; b->yy_is_our_buffer = 1; return b; - } +} + +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 #endif +static void yy_fatal_error (yyconst char* msg ) +{ + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); +} -#ifndef YY_NO_PUSH_STATE -#ifdef YY_USE_PROTOS -static void yy_push_state( int new_state ) -#else -static void yy_push_state( new_state ) -int new_state; -#endif - { - if ( yy_start_stack_ptr >= yy_start_stack_depth ) - { - yy_size_t new_size; +/* Redefine yyless() so it works in section 3 code. */ - yy_start_stack_depth += YY_START_STACK_INCR; - new_size = yy_start_stack_depth * sizeof( int ); +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + yytext[yyleng] = (yy_hold_char); \ + (yy_c_buf_p) = yytext + yyless_macro_arg; \ + (yy_hold_char) = *(yy_c_buf_p); \ + *(yy_c_buf_p) = '\0'; \ + yyleng = yyless_macro_arg; \ + } \ + while ( 0 ) - if ( ! yy_start_stack ) - yy_start_stack = (int *) yy_flex_alloc( new_size ); +/* Accessor methods (get/set functions) to struct members. */ - else - yy_start_stack = (int *) yy_flex_realloc( - (void *) yy_start_stack, new_size ); +/** Get the current line number. + * + */ +int yyget_lineno (void) +{ + + return yylineno; +} - if ( ! yy_start_stack ) - YY_FATAL_ERROR( - "out of memory expanding start-condition stack" ); - } +/** Get the input stream. + * + */ +FILE *yyget_in (void) +{ + return yyin; +} - yy_start_stack[yy_start_stack_ptr++] = YY_START; +/** Get the output stream. + * + */ +FILE *yyget_out (void) +{ + return yyout; +} - BEGIN(new_state); - } -#endif +/** Get the length of the current token. + * + */ +int yyget_leng (void) +{ + return yyleng; +} +/** Get the current token. + * + */ -#ifndef YY_NO_POP_STATE -static void yy_pop_state() - { - if ( --yy_start_stack_ptr < 0 ) - YY_FATAL_ERROR( "start-condition stack underflow" ); +char *yyget_text (void) +{ + return yytext; +} - BEGIN(yy_start_stack[yy_start_stack_ptr]); - } -#endif +/** Set the current line number. + * @param line_number + * + */ +void yyset_lineno (int line_number ) +{ + + yylineno = line_number; +} +/** Set the input stream. This does not discard the current + * input buffer. + * @param in_str A readable stream. + * + * @see yy_switch_to_buffer + */ +void yyset_in (FILE * in_str ) +{ + yyin = in_str ; +} -#ifndef YY_NO_TOP_STATE -static int yy_top_state() - { - return yy_start_stack[yy_start_stack_ptr - 1]; - } -#endif +void yyset_out (FILE * out_str ) +{ + yyout = out_str ; +} -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif +int yyget_debug (void) +{ + return yy_flex_debug; +} + +void yyset_debug (int bdebug ) +{ + yy_flex_debug = bdebug ; +} -#ifdef YY_USE_PROTOS -static void yy_fatal_error( yyconst char msg[] ) +static int yy_init_globals (void) +{ + /* Initialization is the same as for the non-reentrant scanner. + * This function is called from yylex_destroy(), so don't allocate here. + */ + + (yy_buffer_stack) = 0; + (yy_buffer_stack_top) = 0; + (yy_buffer_stack_max) = 0; + (yy_c_buf_p) = (char *) 0; + (yy_init) = 0; + (yy_start) = 0; + +/* Defined in main.c */ +#ifdef YY_STDINIT + yyin = stdin; + yyout = stdout; #else -static void yy_fatal_error( msg ) -char msg[]; + yyin = (FILE *) 0; + yyout = (FILE *) 0; #endif - { - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); - } + /* For future reference: Set errno on error, since we are called by + * yylex_init() + */ + return 0; +} +/* yylex_destroy is for both reentrant and non-reentrant scanners. */ +int yylex_destroy (void) +{ + + /* Pop the buffer stack, destroying each element. */ + while(YY_CURRENT_BUFFER){ + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + yypop_buffer_state(); + } -/* Redefine yyless() so it works in section 3 code. */ + /* Destroy the stack itself. */ + yyfree((yy_buffer_stack) ); + (yy_buffer_stack) = NULL; -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - yytext[yyleng] = yy_hold_char; \ - yy_c_buf_p = yytext + n; \ - yy_hold_char = *yy_c_buf_p; \ - *yy_c_buf_p = '\0'; \ - yyleng = n; \ - } \ - while ( 0 ) + /* Reset the globals. This is important in a non-reentrant scanner so the next time + * yylex() is called, initialization will occur. */ + yy_init_globals( ); + return 0; +} -/* Internal utility routines. */ +/* + * Internal utility routines. + */ #ifndef yytext_ptr -#ifdef YY_USE_PROTOS -static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) -#else -static void yy_flex_strncpy( s1, s2, n ) -char *s1; -yyconst char *s2; -int n; -#endif - { +static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) +{ register int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; - } +} #endif #ifdef YY_NEED_STRLEN -#ifdef YY_USE_PROTOS -static int yy_flex_strlen( yyconst char *s ) -#else -static int yy_flex_strlen( s ) -yyconst char *s; -#endif - { +static int yy_flex_strlen (yyconst char * s ) +{ register int n; for ( n = 0; s[n]; ++n ) ; return n; - } +} #endif - -#ifdef YY_USE_PROTOS -static void *yy_flex_alloc( yy_size_t size ) -#else -static void *yy_flex_alloc( size ) -yy_size_t size; -#endif - { +void *yyalloc (yy_size_t size ) +{ return (void *) malloc( size ); - } +} -#ifdef YY_USE_PROTOS -static void *yy_flex_realloc( void *ptr, yy_size_t size ) -#else -static void *yy_flex_realloc( ptr, size ) -void *ptr; -yy_size_t size; -#endif - { +void *yyrealloc (void * ptr, yy_size_t size ) +{ /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -1631,28 +1829,19 @@ yy_size_t size; * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); - } +} -#ifdef YY_USE_PROTOS -static void yy_flex_free( void *ptr ) -#else -static void yy_flex_free( ptr ) -void *ptr; -#endif - { - free( ptr ); - } +void yyfree (void * ptr ) +{ + free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ +} + +#define YYTABLES_NAME "yytables" -#if YY_MAIN -int main() - { - yylex(); - return 0; - } -#endif #line 75 "lex.l" + #ifndef yywrap /* XXX */ int yywrap () @@ -1705,3 +1894,4 @@ error_message (const char *format, ...) va_end (args); numerror++; } + -- cgit From d5bbd817fe83aed1ee48ed4f478f3887c059f7b9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 24 Jan 2007 02:48:40 +0000 Subject: r20988: Call out to Heimdal's krb5.conf processing to configure many aspects of KDC behaviour. This should allow PKINIT to be turned on and managed with reasonable sanity. This also means that the krb5.conf in the same directory as the smb.conf will always have priority in Samba4, which I think will be useful. Andrew Bartlett (This used to be commit a50bbde81b010bc5d06e3fc3417ade44627eb771) --- source4/heimdal/kdc/config.c | 359 +++++++++++++++++++++++++++++++++++ source4/heimdal/kdc/default_config.c | 316 +++++++++++++++++++++++++++++- source4/heimdal/kdc/kdc_locl.h | 14 ++ 3 files changed, 685 insertions(+), 4 deletions(-) create mode 100644 source4/heimdal/kdc/config.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/config.c b/source4/heimdal/kdc/config.c new file mode 100644 index 0000000000..3c855607a4 --- /dev/null +++ b/source4/heimdal/kdc/config.c @@ -0,0 +1,359 @@ +/* + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdc_locl.h" +#include +#include + +RCSID("$Id: config.c,v 1.82 2007/01/03 18:52:45 lha Exp $"); + +struct dbinfo { + char *realm; + char *dbname; + char *mkey_file; + struct dbinfo *next; +}; + +static const char *config_file; /* location of kdc config file */ +static char *max_request_str; /* `max_request' as a string */ + +static int builtin_hdb_flag; +static int help_flag; +static int version_flag; + +static struct getarg_strings addresses_str; /* addresses to listen on */ + +static struct getargs args[] = { + { + "config-file", 'c', arg_string, &config_file, + "location of config file", "file" + }, + { + "require-preauth", 'p', arg_negative_flag, &require_preauth, + "don't require pa-data in as-reqs" + }, + { + "max-request", 0, arg_string, &max_request, + "max size for a kdc-request", "size" + }, + { "enable-http", 'H', arg_flag, &enable_http, "turn on HTTP support" }, + { "524", 0, arg_negative_flag, &enable_524, + "don't respond to 524 requests" + }, + { + "kaserver", 'K', arg_flag, &enable_kaserver, + "enable kaserver support" + }, + { "kerberos4", 0, arg_flag, &enable_v4, + "respond to kerberos 4 requests" + }, + { + "v4-realm", 'r', arg_string, &v4_realm, + "realm to serve v4-requests for" + }, + { "kerberos4-cross-realm", 0, arg_flag, + &enable_v4_cross_realm, + "respond to kerberos 4 requests from foreign realms" + }, + { "ports", 'P', arg_string, &port_str, + "ports to listen to", "portspec" + }, +#if DETACH_IS_DEFAULT + { + "detach", 'D', arg_negative_flag, &detach_from_console, + "don't detach from console" + }, +#else + { + "detach", 0 , arg_flag, &detach_from_console, + "detach from console" + }, +#endif + { "addresses", 0, arg_strings, &addresses_str, + "addresses to listen on", "list of addresses" }, + { "disable-des", 0, arg_flag, &disable_des, + "disable DES" }, + { "builtin-hdb", 0, arg_flag, &builtin_hdb_flag, + "list builtin hdb backends"}, + { "help", 'h', arg_flag, &help_flag }, + { "version", 'v', arg_flag, &version_flag } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage(int ret) +{ + arg_printusage (args, num_args, NULL, ""); + exit (ret); +} + +static void +get_dbinfo(krb5_context context, krb5_kdc_configuration *config) +{ + const krb5_config_binding *top_binding = NULL; + const krb5_config_binding *db_binding; + const krb5_config_binding *default_binding = NULL; + struct dbinfo *di, **dt; + const char *default_dbname = HDB_DEFAULT_DB; + const char *default_mkey = HDB_DB_DIR "/m-key"; + const char *p; + krb5_error_code ret; + + struct dbinfo *databases = NULL; + + dt = &databases; + while((db_binding = (const krb5_config_binding *) + krb5_config_get_next(context, NULL, &top_binding, + krb5_config_list, + "kdc", + "database", + NULL))) { + p = krb5_config_get_string(context, db_binding, "realm", NULL); + if(p == NULL) { + if(default_binding) { + krb5_warnx(context, "WARNING: more than one realm-less " + "database specification"); + krb5_warnx(context, "WARNING: using the first encountered"); + } else + default_binding = db_binding; + continue; + } + di = calloc(1, sizeof(*di)); + di->realm = strdup(p); + p = krb5_config_get_string(context, db_binding, "dbname", NULL); + if(p) + di->dbname = strdup(p); + p = krb5_config_get_string(context, db_binding, "mkey_file", NULL); + if(p) + di->mkey_file = strdup(p); + *dt = di; + dt = &di->next; + } + if(default_binding) { + di = calloc(1, sizeof(*di)); + p = krb5_config_get_string(context, default_binding, "dbname", NULL); + if(p) { + di->dbname = strdup(p); + default_dbname = p; + } + p = krb5_config_get_string(context, default_binding, "mkey_file", NULL); + if(p) { + di->mkey_file = strdup(p); + default_mkey = p; + } + *dt = di; + dt = &di->next; + } else if(databases == NULL) { + /* if there are none specified, use some default */ + di = calloc(1, sizeof(*di)); + di->dbname = strdup(default_dbname); + di->mkey_file = strdup(default_mkey); + *dt = di; + dt = &di->next; + } + for(di = databases; di; di = di->next) { + if(di->dbname == NULL) + di->dbname = strdup(default_dbname); + if(di->mkey_file == NULL) { + p = strrchr(di->dbname, '.'); + if(p == NULL || strchr(p, '/') != NULL) + /* final pathname component does not contain a . */ + asprintf(&di->mkey_file, "%s.mkey", di->dbname); + else + /* the filename is something.else, replace .else with + .mkey */ + asprintf(&di->mkey_file, "%.*s.mkey", + (int)(p - di->dbname), di->dbname); + } + } + + if (databases == NULL) { + config->db = malloc(sizeof(*config->db)); + config->num_db = 1; + ret = hdb_create(context, &config->db[0], NULL); + if(ret) + krb5_err(context, 1, ret, "hdb_create %s", HDB_DEFAULT_DB); + ret = hdb_set_master_keyfile(context, config->db[0], NULL); + if (ret) + krb5_err(context, 1, ret, "hdb_set_master_keyfile"); + } else { + struct dbinfo *d; + int i; + /* count databases */ + for(d = databases, i = 0; d; d = d->next, i++); + config->db = malloc(i * sizeof(*config->db)); + for(d = databases, config->num_db = 0; d; d = d->next, config->num_db++) { + ret = hdb_create(context, &config->db[config->num_db], d->dbname); + if(ret) + krb5_err(context, 1, ret, "hdb_create %s", d->dbname); + ret = hdb_set_master_keyfile(context, config->db[config->num_db], d->mkey_file); + if (ret) + krb5_err(context, 1, ret, "hdb_set_master_keyfile"); + } + } + +} + +static void +add_one_address (krb5_context context, const char *str, int first) +{ + krb5_error_code ret; + krb5_addresses tmp; + + ret = krb5_parse_address (context, str, &tmp); + if (ret) + krb5_err (context, 1, ret, "parse_address `%s'", str); + if (first) + krb5_copy_addresses(context, &tmp, &explicit_addresses); + else + krb5_append_addresses(context, &explicit_addresses, &tmp); + krb5_free_addresses (context, &tmp); +} + +krb5_kdc_configuration * +configure(krb5_context context, int argc, char **argv) +{ + const char *p; + krb5_kdc_configuration *config; + krb5_error_code ret; + int optidx = 0; + + while(getarg(args, num_args, argc, argv, &optidx)) + warnx("error at argument `%s'", argv[optidx]); + + if(help_flag) + usage (0); + + if (version_flag) { + print_version(NULL); + exit(0); + } + + if (builtin_hdb_flag) { + char *list; + ret = hdb_list_builtin(context, &list); + if (ret) + krb5_err(context, 1, ret, "listing builtin hdb backends"); + printf("builtin hdb backends: %s\n", list); + free(list); + exit(0); + } + + argc -= optidx; + argv += optidx; + + if (argc != 0) + usage(1); + + { + char **files; + + if(config_file == NULL) + config_file = _PATH_KDC_CONF; + + ret = krb5_prepend_config_files_default(config_file, &files); + if (ret) + krb5_err(context, 1, ret, "getting configuration files"); + + ret = krb5_set_config_files(context, files); + krb5_free_config_files(files); + if(ret) + krb5_err(context, 1, ret, "reading configuration files"); + } + + if(max_request_str) + max_request = parse_bytes(max_request_str, NULL); + + if(max_request == 0){ + p = krb5_config_get_string (context, + NULL, + "kdc", + "max-request", + NULL); + if(p) + max_request = parse_bytes(p, NULL); + } + + if(max_request == 0) + max_request = 64 * 1024; + + if(port_str == NULL){ + p = krb5_config_get_string(context, NULL, "kdc", "ports", NULL); + if (p != NULL) + port_str = strdup(p); + } + + if (port_str == NULL) + port_str = "+"; + + explicit_addresses.len = 0; + + if (addresses_str.num_strings) { + int i; + + for (i = 0; i < addresses_str.num_strings; ++i) + add_one_address (context, addresses_str.strings[i], i == 0); + free_getarg_strings (&addresses_str); + } else { + char **foo = krb5_config_get_strings (context, NULL, + "kdc", "addresses", NULL); + + if (foo != NULL) { + add_one_address (context, *foo++, TRUE); + while (*foo) + add_one_address (context, *foo++, FALSE); + } + } + + if(enable_http == -1) + enable_http = krb5_config_get_bool(context, NULL, "kdc", + "enable-http", NULL); + + config = malloc(sizeof(*config)); + + if (!config) { + return NULL; + } + + krb5_kdc_default_config(config); + + kdc_openlog(context, config); + + get_dbinfo(context, config); + + krb5_kdc_configure(context, config); + + return config; +} diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c index c4d9f51fd0..2352020d86 100644 --- a/source4/heimdal/kdc/default_config.c +++ b/source4/heimdal/kdc/default_config.c @@ -1,6 +1,7 @@ /* - * Copyright (c) 2005 Andrew Bartlett - * + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -14,10 +15,14 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -29,6 +34,19 @@ #include "kdc_locl.h" +int require_preauth = -1; /* 1 == require preauth for all principals */ + +const char *trpolicy_str; + +int disable_des = -1; +int enable_v4 = -1; +int enable_kaserver = -1; +int enable_524 = -1; +int enable_v4_cross_realm = -1; +int detach_from_console = -1; + +char *v4_realm; + /* * Setup some of the defaults for the KDC configuration. * @@ -60,3 +78,293 @@ krb5_kdc_default_config(krb5_kdc_configuration *config) config->num_db = 0; config->logf = NULL; } + + +/* + * Setup some valudes for the KDC configuration, from the config file + * + * Note: Caller must also fill in: + * - db + * - num_db + * - logf + * +*/ + +void krb5_kdc_configure(krb5_context context, krb5_kdc_configuration *config) +{ + const char *p; + if(require_preauth == -1) { + config->require_preauth = krb5_config_get_bool_default(context, NULL, + config->require_preauth, + "kdc", + "require-preauth", NULL); + } else { + config->require_preauth = require_preauth; + } + + if(enable_v4 == -1) { + config->enable_v4 = krb5_config_get_bool_default(context, NULL, + config->enable_v4, + "kdc", + "enable-kerberos4", + NULL); + } else { + config->enable_v4 = enable_v4; + } + + if(enable_v4_cross_realm == -1) { + config->enable_v4_cross_realm = + krb5_config_get_bool_default(context, NULL, + config->enable_v4_cross_realm, + "kdc", + "enable-kerberos4-cross-realm", + NULL); + } else { + config->enable_v4_cross_realm = enable_v4_cross_realm; + } + + if(enable_524 == -1) { + config->enable_524 = krb5_config_get_bool_default(context, NULL, + config->enable_v4, + "kdc", "enable-524", + NULL); + } else { + config->enable_524 = enable_524; + } + + config->enable_digest = + krb5_config_get_bool_default(context, NULL, + FALSE, + "kdc", + "enable-digest", NULL); + + { + const char *digests; + + digests = krb5_config_get_string(context, NULL, + "kdc", + "digests_allowed", NULL); + if (digests == NULL) + digests = "ntlm-v2"; + config->digests_allowed = parse_flags(digests, + _kdc_digestunits, + 0); + if (config->digests_allowed == -1) { + kdc_log(context, config, 0, + "unparsable digest units (%s), turning off digest", + digests); + config->enable_digest = 0; + } else if (config->digests_allowed == 0) { + kdc_log(context, config, 0, + "no digest enable, turning digest off", + digests); + config->enable_digest = 0; + } + } + + config->enable_kx509 = + krb5_config_get_bool_default(context, NULL, + FALSE, + "kdc", + "enable-kx509", NULL); + + config->check_ticket_addresses = + krb5_config_get_bool_default(context, NULL, + config->check_ticket_addresses, + "kdc", + "check-ticket-addresses", NULL); + config->allow_null_ticket_addresses = + krb5_config_get_bool_default(context, NULL, + config->allow_null_ticket_addresses, + "kdc", + "allow-null-ticket-addresses", NULL); + + config->allow_anonymous = + krb5_config_get_bool_default(context, NULL, + config->allow_anonymous, + "kdc", + "allow-anonymous", NULL); + + config->max_datagram_reply_length = + krb5_config_get_int_default(context, + NULL, + 1400, + "kdc", + "max-kdc-datagram-reply-length", + NULL); + + trpolicy_str = + krb5_config_get_string_default(context, NULL, "DEFAULT", "kdc", + "transited-policy", NULL); + if(strcasecmp(trpolicy_str, "always-check") == 0) { + config->trpolicy = TRPOLICY_ALWAYS_CHECK; + } else if(strcasecmp(trpolicy_str, "allow-per-principal") == 0) { + config->trpolicy = TRPOLICY_ALLOW_PER_PRINCIPAL; + } else if(strcasecmp(trpolicy_str, "always-honour-request") == 0) { + config->trpolicy = TRPOLICY_ALWAYS_HONOUR_REQUEST; + } else if(strcasecmp(trpolicy_str, "DEFAULT") == 0) { + /* default */ + } else { + kdc_log(context, config, + 0, "unknown transited-policy: %s, reverting to default (always-check)", + trpolicy_str); + } + + if (krb5_config_get_string(context, NULL, "kdc", + "enforce-transited-policy", NULL)) + krb5_errx(context, 1, "enforce-transited-policy deprecated, " + "use [kdc]transited-policy instead"); + + if(v4_realm == NULL){ + p = krb5_config_get_string (context, NULL, + "kdc", + "v4-realm", + NULL); + if(p != NULL) { + config->v4_realm = strdup(p); + if (config->v4_realm == NULL) + krb5_errx(context, 1, "out of memory"); + } else { + config->v4_realm = NULL; + } + } else { + config->v4_realm = v4_realm; + } + + if (enable_kaserver == -1) { + config->enable_kaserver = + krb5_config_get_bool_default(context, + NULL, + config->enable_kaserver, + "kdc", + "enable-kaserver", + NULL); + } else { + config->enable_kaserver = enable_kaserver; + } + + config->encode_as_rep_as_tgs_rep = + krb5_config_get_bool_default(context, NULL, + config->encode_as_rep_as_tgs_rep, + "kdc", + "encode_as_rep_as_tgs_rep", + NULL); + + config->kdc_warn_pwexpire = + krb5_config_get_time_default (context, NULL, + config->kdc_warn_pwexpire, + "kdc", + "kdc_warn_pwexpire", + NULL); + + if(detach_from_console == -1) + detach_from_console = krb5_config_get_bool_default(context, NULL, + DETACH_IS_DEFAULT, + "kdc", + "detach", NULL); + +#ifdef PKINIT + config->enable_pkinit = + krb5_config_get_bool_default(context, + NULL, + config->enable_pkinit, + "kdc", + "enable-pkinit", + NULL); + if (config->enable_pkinit) { + const char *user_id, *anchors, *ocsp_file; + char **pool_list, **revoke_list; + + user_id = krb5_config_get_string(context, NULL, + "kdc", + "pkinit_identity", + NULL); + if (user_id == NULL) + krb5_errx(context, 1, "pkinit enabled but no identity"); + + anchors = krb5_config_get_string(context, NULL, + "kdc", + "pkinit_anchors", + NULL); + if (anchors == NULL) + krb5_errx(context, 1, "pkinit enabled but no X509 anchors"); + + pool_list = krb5_config_get_strings(context, NULL, + "kdc", + "pkinit_pool", + NULL); + + revoke_list = krb5_config_get_strings(context, NULL, + "kdc", + "pkinit_revoke", + NULL); + + ocsp_file = + krb5_config_get_string(context, NULL, + "kdc", + "pkinit_kdc_ocsp", + NULL); + if (ocsp_file) { + config->pkinit_kdc_ocsp_file = strdup(ocsp_file); + if (config->pkinit_kdc_ocsp_file == NULL) + krb5_errx(context, 1, "out of memory"); + } + _kdc_pk_initialize(context, config, user_id, anchors, + pool_list, revoke_list); + + krb5_config_free_strings(pool_list); + krb5_config_free_strings(revoke_list); + + config->enable_pkinit_princ_in_cert = + krb5_config_get_bool_default(context, + NULL, + config->enable_pkinit_princ_in_cert, + "kdc", + "pkinit_principal_in_certificate", + NULL); + } + + config->pkinit_dh_min_bits = + krb5_config_get_int_default(context, + NULL, + 0, + "kdc", + "pkinit_dh_min_bits", + NULL); + +#endif + + if(config->v4_realm == NULL && (config->enable_kaserver || config->enable_v4)){ +#ifdef KRB4 + config->v4_realm = malloc(40); /* REALM_SZ */ + if (config->v4_realm == NULL) + krb5_errx(context, 1, "out of memory"); + krb_get_lrealm(config->v4_realm, 1); +#else + krb5_errx(context, 1, "No Kerberos 4 realm configured"); +#endif + } + if(disable_des == -1) + disable_des = krb5_config_get_bool_default(context, NULL, + FALSE, + "kdc", + "disable-des", NULL); + if(disable_des) { + krb5_enctype_disable(context, ETYPE_DES_CBC_CRC); + krb5_enctype_disable(context, ETYPE_DES_CBC_MD4); + krb5_enctype_disable(context, ETYPE_DES_CBC_MD5); + krb5_enctype_disable(context, ETYPE_DES_CBC_NONE); + krb5_enctype_disable(context, ETYPE_DES_CFB64_NONE); + krb5_enctype_disable(context, ETYPE_DES_PCBC_NONE); + + kdc_log(context, config, + 0, "DES was disabled, turned off Kerberos V4, 524 " + "and kaserver"); + config->enable_v4 = 0; + config->enable_524 = 0; + config->enable_kaserver = 0; + } + + _kdc_windc_init(context); +} + diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h index ed3010b673..ae3b6584a5 100644 --- a/source4/heimdal/kdc/kdc_locl.h +++ b/source4/heimdal/kdc/kdc_locl.h @@ -55,6 +55,18 @@ extern int enable_http; extern int detach_from_console; +extern int require_preauth; /* 1 == require preauth for all principals */ + +extern const char *trpolicy_str; + +extern int disable_des; +extern int enable_v4; +extern int enable_kaserver; +extern int enable_524; +extern int enable_v4_cross_realm; + +extern char *v4_realm; + extern const struct units _kdc_digestunits[]; #define _PATH_KDC_CONF HDB_DB_DIR "/kdc.conf" @@ -69,4 +81,6 @@ loop(krb5_context context, krb5_kdc_configuration *config); krb5_kdc_configuration * configure(krb5_context context, int argc, char **argv); +void krb5_kdc_configure(krb5_context context, krb5_kdc_configuration *config); + #endif /* __KDC_LOCL_H__ */ -- cgit From 5cd79db03e143eaaa9b63a28d3f0824edb1295d2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 18 Feb 2007 23:27:42 +0000 Subject: r21436: Choose the TGT session key enctype also by checking what enctypes the krbtgt hdb entry provides. We need to make sure other KDC's with the same hdb backend data can accept the TGT. (w2k and w2k3 don't support aes256-cts-hmac-sha1-96 (18) session keys.) Love: I'm not sure if this is the correct way of doing it... metze (This used to be commit 5840f50d8954e95a7071a90a1c4dcce9ae05d77c) --- source4/heimdal/kdc/kerberos5.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index bf727ee739..0cac0765ca 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -1292,19 +1292,35 @@ _kdc_as_rep(krb5_context context, { const krb5_enctype *p; - int i, j; + int i, j, y; p = krb5_kerberos_enctypes(context); sessionetype = ETYPE_NULL; for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) { + /* check it's valid */ if (krb5_enctype_valid(context, p[i]) != 0) continue; - for (j = 0; j < b->etype.len; j++) { + + /* check if the client supports it */ + for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) { if (p[i] == b->etype.val[j]) { - sessionetype = p[i]; - break; + /* + * if the server (krbtgt) has explicit etypes, + * check if it also supports it + */ + if (server->entry.etypes) { + for (y = 0; y < server->entry.etypes->len; y++) { + if (p[i] == server->entry.etypes->val[y]) { + sessionetype = p[i]; + break; + } + } + } else { + sessionetype = p[i]; + break; + } } } } -- cgit From 837f283f813a98a321d193a3d5c9ce8c8ea72a0a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 18 Feb 2007 23:49:29 +0000 Subject: r21438: create the PAC element in the same order as w2k3, maybe there's some broken code in windows which relies on this... love: can you merge this to heimdal? metze (This used to be commit b64abf9113a939308dc9e92ff7ddaad7be6ab551) --- source4/heimdal/lib/krb5/pac.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c index 5bc7235459..283759c98b 100644 --- a/source4/heimdal/lib/krb5/pac.c +++ b/source4/heimdal/lib/krb5/pac.c @@ -850,12 +850,12 @@ _krb5_pac_sign(krb5_context context, krb5_data_zero(&logon); + if (p->logon_name == NULL) + num++; if (p->server_checksum == NULL) num++; if (p->privsvr_checksum == NULL) num++; - if (p->logon_name == NULL) - num++; if (num) { void *ptr; @@ -867,6 +867,11 @@ _krb5_pac_sign(krb5_context context, } p->pac = ptr; + if (p->logon_name == NULL) { + p->logon_name = &p->pac->buffers[p->pac->numbuffers++]; + memset(p->logon_name, 0, sizeof(*p->logon_name)); + p->logon_name->type = PAC_LOGON_NAME; + } if (p->server_checksum == NULL) { p->server_checksum = &p->pac->buffers[p->pac->numbuffers++]; memset(p->server_checksum, 0, sizeof(*p->server_checksum)); @@ -877,11 +882,6 @@ _krb5_pac_sign(krb5_context context, memset(p->privsvr_checksum, 0, sizeof(*p->privsvr_checksum)); p->privsvr_checksum->type = PAC_PRIVSVR_CHECKSUM; } - if (p->logon_name == NULL) { - p->logon_name = &p->pac->buffers[p->pac->numbuffers++]; - memset(p->logon_name, 0, sizeof(*p->logon_name)); - p->logon_name->type = PAC_LOGON_NAME; - } } /* Calculate LOGON NAME */ -- cgit From f280849a6f45c563ca5beb6afe1dcf0bbba8f4e3 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 18 Feb 2007 23:56:19 +0000 Subject: r21439: fix compiler warnings metze (This used to be commit ac347d7aa588574f6a18229083569608327874d8) --- source4/heimdal/kdc/kerberos5.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 0cac0765ca..dbea7e3268 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -430,7 +430,7 @@ get_pa_etype_info(krb5_context context, char *name; ret = krb5_unparse_name(context, client->principal, &name); if (ret) - name = ""; + name = rk_UNCONST(""); kdc_log(context, config, 0, "internal error in get_pa_etype_info(%s): %d != %d", name, n, pa.len); if (ret == 0) @@ -610,7 +610,7 @@ get_pa_etype_info2(krb5_context context, char *name; ret = krb5_unparse_name(context, client->principal, &name); if (ret) - name = ""; + name = rk_UNCONST(""); kdc_log(context, config, 0, "internal error in get_pa_etype_info2(%s): %d != %d", name, n, pa.len); @@ -689,11 +689,11 @@ log_as_req(krb5_context context, } { - char str[128]; + char _str[128]; unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(), - str, sizeof(str)); - if(*str) - kdc_log(context, config, 2, "Requested flags: %s", str); + _str, sizeof(_str)); + if(*_str) + kdc_log(context, config, 2, "Requested flags: %s", _str); } } -- cgit From 544e17896eb52efea904be2bcd821185c6d1b4c9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 19 Feb 2007 13:38:11 +0000 Subject: r21447: make handling of replying e_data more generic love: please merge this metze (This used to be commit 3e4ff2de9c57170d275adf54ffa00ac81253a714) --- source4/heimdal/kdc/kerberos5.c | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index dbea7e3268..3d45c1099c 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -915,6 +915,7 @@ _kdc_as_rep(krb5_context context, char *client_name = NULL, *server_name = NULL; krb5_error_code ret = 0; const char *e_text = NULL; + krb5_data e_data; krb5_crypto crypto; Key *ckey, *skey; EncryptionKey *reply_key; @@ -923,6 +924,7 @@ _kdc_as_rep(krb5_context context, #endif memset(&rep, 0, sizeof(rep)); + memset(&e_data, 0, sizeof(e_data)); if(b->sname == NULL){ ret = KRB5KRB_ERR_GENERIC; @@ -1208,7 +1210,6 @@ _kdc_as_rep(krb5_context context, PA_DATA *pa; unsigned char *buf; size_t len; - krb5_data foo_data; use_pa: method_data.len = 0; @@ -1248,25 +1249,17 @@ _kdc_as_rep(krb5_context context, ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret); free_METHOD_DATA(&method_data); - foo_data.data = buf; - foo_data.length = len; - + + e_data.data = buf; + e_data.length = len; + e_text ="Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ", ret = KRB5KDC_ERR_PREAUTH_REQUIRED; - krb5_mk_error(context, - ret, - "Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ", - &foo_data, - client_princ, - server_princ, - NULL, - NULL, - reply); - free(buf); + kdc_log(context, config, 0, "No preauth found, returning PREAUTH-REQUIRED -- %s", client_name); - ret = 0; - goto out2; + + goto out; } /* @@ -1615,7 +1608,7 @@ out: krb5_mk_error(context, ret, e_text, - NULL, + (e_data.data ? &e_data : NULL), client_princ, server_princ, NULL, @@ -1623,11 +1616,12 @@ out: reply); ret = 0; } -out2: #ifdef PKINIT if (pkp) _kdc_pk_free_client_param(context, pkp); #endif + if (e_data.data) + free(e_data.data); if (client_princ) krb5_free_principal(context, client_princ); free(client_name); -- cgit From 3db368ad768857ec0a2e1b322ee9a9c59ad9a297 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 19 Feb 2007 13:45:03 +0000 Subject: r21448: return the same error codes as a windows KDC metze (This used to be commit e4d69b83dcee2f50e95690d84f95d9e69acf858e) --- source4/heimdal/kdc/kerberos5.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 3d45c1099c..bb0fda89e7 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -1085,7 +1085,7 @@ _kdc_as_rep(krb5_context context, if(ret){ char *estr; e_text = "No key matches pa-data"; - ret = KRB5KDC_ERR_PREAUTH_FAILED; + ret = KRB5KDC_ERR_ETYPE_NOSUPP; if(krb5_enctype_to_string(context, enc_data.etype, &estr)) estr = NULL; if(estr == NULL) @@ -1137,7 +1137,7 @@ _kdc_as_rep(krb5_context context, e_text = "Failed to decrypt PA-DATA"; free_EncryptedData(&enc_data); - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + ret = KRB5KDC_ERR_PREAUTH_FAILED; continue; } free_EncryptedData(&enc_data); @@ -1148,7 +1148,7 @@ _kdc_as_rep(krb5_context context, krb5_data_free(&ts_data); if(ret){ e_text = "Failed to decode PA-ENC-TS-ENC"; - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + ret = KRB5KDC_ERR_PREAUTH_FAILED; kdc_log(context, config, 5, "Failed to decode PA-ENC-TS_ENC -- %s", client_name); -- cgit From 3bdf3aa144797d1bf9e6e5533c95ba26bf31ee20 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 1 Mar 2007 04:37:26 +0000 Subject: r21620: commit updated versions (with correct paths) (This used to be commit 2694bfb143eeb78a9a0b121dbc6a3e0a908ca06c) --- source4/heimdal/lib/asn1/parse.c | 1126 ++++++++++++++++++++--------------- source4/heimdal/lib/asn1/parse.h | 40 +- source4/heimdal/lib/com_err/parse.c | 858 +++++++++++++++----------- source4/heimdal/lib/com_err/parse.h | 40 +- 4 files changed, 1206 insertions(+), 858 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index fc9f195e1f..affe4f2a9c 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -1,7 +1,9 @@ -/* A Bison parser, made by GNU Bison 2.1. */ +/* A Bison parser, made by GNU Bison 2.3. */ -/* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. +/* Skeleton implementation for Bison's Yacc-like parsers in C + + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 + Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -18,13 +20,21 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ -/* As a special exception, when this file is copied by Bison into a - Bison output file, you may use that output file without restriction. - This special exception was added by the Free Software Foundation - in version 1.24 of Bison. */ +/* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work + under terms of your choice, so long as that work isn't itself a + parser generator using the skeleton or a modified version thereof + as a parser skeleton. Alternatively, if you modify or redistribute + the parser skeleton itself, you may (at your option) remove this + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. + + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. */ -/* Written by Richard Stallman by simplifying the original so called - ``semantic'' parser. */ +/* C LALR(1) parser skeleton written by Richard Stallman, by + simplifying the original so-called "semantic" parser. */ /* All symbols defined below should begin with yy or YY, to avoid infringing on user name space. This should be done even for local @@ -37,7 +47,7 @@ #define YYBISON 1 /* Bison version. */ -#define YYBISON_VERSION "2.1" +#define YYBISON_VERSION "2.3" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -238,7 +248,7 @@ /* Copy the first part of user declarations. */ -#line 36 "parse.y" +#line 36 "heimdal/lib/asn1/parse.y" #ifdef HAVE_CONFIG_H #include @@ -270,7 +280,7 @@ struct string_list { /* Enabling traces. */ #ifndef YYDEBUG -# define YYDEBUG 1 +# define YYDEBUG 0 #endif /* Enabling verbose error messages. */ @@ -286,9 +296,10 @@ struct string_list { # define YYTOKEN_TABLE 0 #endif -#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) -#line 65 "parse.y" -typedef union YYSTYPE { +#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED +typedef union YYSTYPE +#line 65 "heimdal/lib/asn1/parse.y" +{ int constant; struct value *value; struct range range; @@ -301,9 +312,10 @@ typedef union YYSTYPE { struct tagtype tag; struct memhead *members; struct constraint_spec *constraint_spec; -} YYSTYPE; -/* Line 196 of yacc.c. */ -#line 307 "parse.c" +} +/* Line 187 of yacc.c. */ +#line 318 "heimdal/lib/asn1/parse.y" + YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 @@ -314,23 +326,56 @@ typedef union YYSTYPE { /* Copy the second part of user declarations. */ -/* Line 219 of yacc.c. */ -#line 319 "parse.c" +/* Line 216 of yacc.c. */ +#line 331 "heimdal/lib/asn1/parse.y" -#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) -# define YYSIZE_T __SIZE_TYPE__ +#ifdef short +# undef short #endif -#if ! defined (YYSIZE_T) && defined (size_t) -# define YYSIZE_T size_t + +#ifdef YYTYPE_UINT8 +typedef YYTYPE_UINT8 yytype_uint8; +#else +typedef unsigned char yytype_uint8; #endif -#if ! defined (YYSIZE_T) && (defined (__STDC__) || defined (__cplusplus)) -# include /* INFRINGES ON USER NAME SPACE */ -# define YYSIZE_T size_t + +#ifdef YYTYPE_INT8 +typedef YYTYPE_INT8 yytype_int8; +#elif (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +typedef signed char yytype_int8; +#else +typedef short int yytype_int8; +#endif + +#ifdef YYTYPE_UINT16 +typedef YYTYPE_UINT16 yytype_uint16; +#else +typedef unsigned short int yytype_uint16; +#endif + +#ifdef YYTYPE_INT16 +typedef YYTYPE_INT16 yytype_int16; +#else +typedef short int yytype_int16; #endif -#if ! defined (YYSIZE_T) -# define YYSIZE_T unsigned int + +#ifndef YYSIZE_T +# ifdef __SIZE_TYPE__ +# define YYSIZE_T __SIZE_TYPE__ +# elif defined size_t +# define YYSIZE_T size_t +# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +# else +# define YYSIZE_T unsigned int +# endif #endif +#define YYSIZE_MAXIMUM ((YYSIZE_T) -1) + #ifndef YY_ # if YYENABLE_NLS # if ENABLE_NLS @@ -343,7 +388,32 @@ typedef union YYSTYPE { # endif #endif -#if ! defined (yyoverflow) || YYERROR_VERBOSE +/* Suppress unused-variable warnings by "using" E. */ +#if ! defined lint || defined __GNUC__ +# define YYUSE(e) ((void) (e)) +#else +# define YYUSE(e) /* empty */ +#endif + +/* Identity function, used to suppress warnings about constant conditions. */ +#ifndef lint +# define YYID(n) (n) +#else +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static int +YYID (int i) +#else +static int +YYID (i) + int i; +#endif +{ + return i; +} +#endif + +#if ! defined yyoverflow || YYERROR_VERBOSE /* The parser invokes alloca or malloc; define the necessary symbols. */ @@ -351,64 +421,76 @@ typedef union YYSTYPE { # if YYSTACK_USE_ALLOCA # ifdef __GNUC__ # define YYSTACK_ALLOC __builtin_alloca +# elif defined __BUILTIN_VA_ARG_INCR +# include /* INFRINGES ON USER NAME SPACE */ +# elif defined _AIX +# define YYSTACK_ALLOC __alloca +# elif defined _MSC_VER +# include /* INFRINGES ON USER NAME SPACE */ +# define alloca _alloca # else # define YYSTACK_ALLOC alloca -# if defined (__STDC__) || defined (__cplusplus) +# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) # include /* INFRINGES ON USER NAME SPACE */ -# define YYINCLUDED_STDLIB_H +# ifndef _STDLIB_H +# define _STDLIB_H 1 +# endif # endif # endif # endif # endif # ifdef YYSTACK_ALLOC - /* Pacify GCC's `empty if-body' warning. */ -# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) + /* Pacify GCC's `empty if-body' warning. */ +# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0)) # ifndef YYSTACK_ALLOC_MAXIMUM /* The OS might guarantee only one guard page at the bottom of the stack, and a page size can be as small as 4096 bytes. So we cannot safely invoke alloca (N) if N exceeds 4096. Use a slightly smaller number to allow for a few compiler-allocated temporary stack slots. */ -# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2005 */ +# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ # endif # else # define YYSTACK_ALLOC YYMALLOC # define YYSTACK_FREE YYFREE # ifndef YYSTACK_ALLOC_MAXIMUM -# define YYSTACK_ALLOC_MAXIMUM ((YYSIZE_T) -1) +# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM # endif -# ifdef __cplusplus -extern "C" { +# if (defined __cplusplus && ! defined _STDLIB_H \ + && ! ((defined YYMALLOC || defined malloc) \ + && (defined YYFREE || defined free))) +# include /* INFRINGES ON USER NAME SPACE */ +# ifndef _STDLIB_H +# define _STDLIB_H 1 +# endif # endif # ifndef YYMALLOC # define YYMALLOC malloc -# if (! defined (malloc) && ! defined (YYINCLUDED_STDLIB_H) \ - && (defined (__STDC__) || defined (__cplusplus))) +# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ # endif # endif # ifndef YYFREE # define YYFREE free -# if (! defined (free) && ! defined (YYINCLUDED_STDLIB_H) \ - && (defined (__STDC__) || defined (__cplusplus))) +# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) void free (void *); /* INFRINGES ON USER NAME SPACE */ # endif # endif -# ifdef __cplusplus -} -# endif # endif -#endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */ +#endif /* ! defined yyoverflow || YYERROR_VERBOSE */ -#if (! defined (yyoverflow) \ - && (! defined (__cplusplus) \ - || (defined (YYSTYPE_IS_TRIVIAL) && YYSTYPE_IS_TRIVIAL))) +#if (! defined yyoverflow \ + && (! defined __cplusplus \ + || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) /* A type that is properly aligned for any stack member. */ union yyalloc { - short int yyss; + yytype_int16 yyss; YYSTYPE yyvs; }; @@ -418,13 +500,13 @@ union yyalloc /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ - ((N) * (sizeof (short int) + sizeof (YYSTYPE)) \ + ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) /* Copy COUNT objects from FROM to TO. The source and destination do not overlap. */ # ifndef YYCOPY -# if defined (__GNUC__) && 1 < __GNUC__ +# if defined __GNUC__ && 1 < __GNUC__ # define YYCOPY(To, From, Count) \ __builtin_memcpy (To, From, (Count) * sizeof (*(From))) # else @@ -435,7 +517,7 @@ union yyalloc for (yyi = 0; yyi < (Count); yyi++) \ (To)[yyi] = (From)[yyi]; \ } \ - while (0) + while (YYID (0)) # endif # endif @@ -453,28 +535,22 @@ union yyalloc yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ yyptr += yynewbytes / sizeof (*yyptr); \ } \ - while (0) + while (YYID (0)) #endif -#if defined (__STDC__) || defined (__cplusplus) - typedef signed char yysigned_char; -#else - typedef short int yysigned_char; -#endif - -/* YYFINAL -- State number of the termination state. */ +/* YYFINAL -- State number of the termination state. */ #define YYFINAL 4 /* YYLAST -- Last index in YYTABLE. */ #define YYLAST 169 -/* YYNTOKENS -- Number of terminals. */ +/* YYNTOKENS -- Number of terminals. */ #define YYNTOKENS 98 -/* YYNNTS -- Number of nonterminals. */ +/* YYNNTS -- Number of nonterminals. */ #define YYNNTS 67 -/* YYNRULES -- Number of rules. */ +/* YYNRULES -- Number of rules. */ #define YYNRULES 131 -/* YYNRULES -- Number of states. */ +/* YYNRULES -- Number of states. */ #define YYNSTATES 202 /* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ @@ -485,7 +561,7 @@ union yyalloc ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) /* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ -static const unsigned char yytranslate[] = +static const yytype_uint8 yytranslate[] = { 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -527,7 +603,7 @@ static const unsigned char yytranslate[] = #if YYDEBUG /* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in YYRHS. */ -static const unsigned short int yyprhs[] = +static const yytype_uint16 yyprhs[] = { 0, 0, 3, 12, 15, 18, 21, 22, 25, 26, 29, 30, 34, 35, 37, 38, 40, 43, 48, 50, @@ -545,8 +621,8 @@ static const unsigned short int yyprhs[] = 355, 357 }; -/* YYRHS -- A `-1'-separated list of the rules' RHS. */ -static const short int yyrhs[] = +/* YYRHS -- A `-1'-separated list of the rules' RHS. */ +static const yytype_int16 yyrhs[] = { 99, 0, -1, 86, 21, 100, 101, 84, 8, 102, 24, -1, 27, 70, -1, 38, 70, -1, 7, 70, @@ -587,7 +663,7 @@ static const short int yyrhs[] = }; /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ -static const unsigned short int yyrline[] = +static const yytype_uint16 yyrline[] = { 0, 231, 231, 238, 239, 241, 243, 246, 248, 251, 252, 255, 256, 259, 260, 263, 264, 267, 278, 279, @@ -608,7 +684,7 @@ static const unsigned short int yyrline[] = #if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. - First, the terminals, then, starting at YYNTOKENS, nonterminals. */ + First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { "$end", "error", "$undefined", "kw_ABSENT", "kw_ABSTRACT_SYNTAX", @@ -655,7 +731,7 @@ static const char *const yytname[] = # ifdef YYPRINT /* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to token YYLEX-NUM. */ -static const unsigned short int yytoknum[] = +static const yytype_uint16 yytoknum[] = { 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, @@ -671,7 +747,7 @@ static const unsigned short int yytoknum[] = # endif /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ -static const unsigned char yyr1[] = +static const yytype_uint8 yyr1[] = { 0, 98, 99, 100, 100, 100, 100, 101, 101, 102, 102, 103, 103, 104, 104, 105, 105, 106, 107, 107, @@ -690,7 +766,7 @@ static const unsigned char yyr1[] = }; /* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ -static const unsigned char yyr2[] = +static const yytype_uint8 yyr2[] = { 0, 2, 8, 2, 2, 2, 0, 2, 0, 2, 0, 3, 0, 1, 0, 1, 2, 4, 1, 2, @@ -711,7 +787,7 @@ static const unsigned char yyr2[] = /* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state STATE-NUM when YYTABLE doesn't specify something else to do. Zero means the default is an error. */ -static const unsigned char yydefact[] = +static const yytype_uint8 yydefact[] = { 0, 0, 0, 6, 1, 0, 0, 0, 8, 5, 3, 4, 0, 0, 7, 0, 10, 14, 0, 0, @@ -736,8 +812,8 @@ static const unsigned char yydefact[] = 106, 77 }; -/* YYDEFGOTO[NTERM-NUM]. */ -static const short int yydefgoto[] = +/* YYDEFGOTO[NTERM-NUM]. */ +static const yytype_int16 yydefgoto[] = { -1, 2, 8, 13, 18, 19, 21, 22, 23, 27, 28, 24, 29, 57, 58, 59, 87, 60, 114, 115, @@ -751,7 +827,7 @@ static const short int yydefgoto[] = /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing STATE-NUM. */ #define YYPACT_NINF -100 -static const short int yypact[] = +static const yytype_int16 yypact[] = { -65, 19, 33, 5, -100, -29, -17, 11, 53, -100, -100, -100, 47, 13, -100, 90, -34, 18, 81, 20, @@ -777,7 +853,7 @@ static const short int yypact[] = }; /* YYPGOTO[NTERM-NUM]. */ -static const short int yypgoto[] = +static const yytype_int16 yypgoto[] = { -100, -100, -100, -100, -100, -100, -100, -100, 132, 127, -100, 126, -100, -53, -100, -100, -100, -100, 75, -3, @@ -793,7 +869,7 @@ static const short int yypgoto[] = number is the opposite. If zero, do what YYDEFACT says. If YYTABLE_NINF, syntax error. */ #define YYTABLE_NINF -13 -static const short int yytable[] = +static const yytype_int16 yytable[] = { 143, 94, 35, 36, 37, 90, 17, 38, 92, 190, 95, 102, 5, 160, 162, 109, 109, 161, 39, 165, @@ -814,7 +890,7 @@ static const short int yytable[] = 200, 135, 187, 183, 107, 194, 185, 0, 0, 178 }; -static const short int yycheck[] = +static const yytype_int16 yycheck[] = { 99, 54, 9, 10, 11, 53, 40, 14, 53, 23, 6, 27, 7, 91, 20, 86, 86, 95, 25, 91, @@ -837,7 +913,7 @@ static const short int yycheck[] = /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ -static const unsigned char yystos[] = +static const yytype_uint8 yystos[] = { 0, 86, 99, 21, 0, 7, 27, 38, 100, 70, 70, 70, 29, 101, 39, 84, 8, 40, 102, 103, @@ -887,7 +963,7 @@ do \ yychar = (Token); \ yylval = (Value); \ yytoken = YYTRANSLATE (yychar); \ - YYPOPSTACK; \ + YYPOPSTACK (1); \ goto yybackup; \ } \ else \ @@ -895,7 +971,7 @@ do \ yyerror (YY_("syntax error: cannot back up")); \ YYERROR; \ } \ -while (0) +while (YYID (0)) #define YYTERROR 1 @@ -910,7 +986,7 @@ while (0) #ifndef YYLLOC_DEFAULT # define YYLLOC_DEFAULT(Current, Rhs, N) \ do \ - if (N) \ + if (YYID (N)) \ { \ (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ @@ -924,7 +1000,7 @@ while (0) (Current).first_column = (Current).last_column = \ YYRHSLOC (Rhs, 0).last_column; \ } \ - while (0) + while (YYID (0)) #endif @@ -936,8 +1012,8 @@ while (0) # if YYLTYPE_IS_TRIVIAL # define YY_LOCATION_PRINT(File, Loc) \ fprintf (File, "%d.%d-%d.%d", \ - (Loc).first_line, (Loc).first_column, \ - (Loc).last_line, (Loc).last_column) + (Loc).first_line, (Loc).first_column, \ + (Loc).last_line, (Loc).last_column) # else # define YY_LOCATION_PRINT(File, Loc) ((void) 0) # endif @@ -964,36 +1040,96 @@ while (0) do { \ if (yydebug) \ YYFPRINTF Args; \ -} while (0) +} while (YYID (0)) + +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ +do { \ + if (yydebug) \ + { \ + YYFPRINTF (stderr, "%s ", Title); \ + yy_symbol_print (stderr, \ + Type, Value); \ + YYFPRINTF (stderr, "\n"); \ + } \ +} while (YYID (0)) -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ -do { \ - if (yydebug) \ - { \ - YYFPRINTF (stderr, "%s ", Title); \ - yysymprint (stderr, \ - Type, Value); \ - YYFPRINTF (stderr, "\n"); \ - } \ -} while (0) + +/*--------------------------------. +| Print this symbol on YYOUTPUT. | +`--------------------------------*/ + +/*ARGSUSED*/ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) +#else +static void +yy_symbol_value_print (yyoutput, yytype, yyvaluep) + FILE *yyoutput; + int yytype; + YYSTYPE const * const yyvaluep; +#endif +{ + if (!yyvaluep) + return; +# ifdef YYPRINT + if (yytype < YYNTOKENS) + YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); +# else + YYUSE (yyoutput); +# endif + switch (yytype) + { + default: + break; + } +} + + +/*--------------------------------. +| Print this symbol on YYOUTPUT. | +`--------------------------------*/ + +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) +#else +static void +yy_symbol_print (yyoutput, yytype, yyvaluep) + FILE *yyoutput; + int yytype; + YYSTYPE const * const yyvaluep; +#endif +{ + if (yytype < YYNTOKENS) + YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); + else + YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + + yy_symbol_value_print (yyoutput, yytype, yyvaluep); + YYFPRINTF (yyoutput, ")"); +} /*------------------------------------------------------------------. | yy_stack_print -- Print the state stack from its BOTTOM up to its | | TOP (included). | `------------------------------------------------------------------*/ -#if defined (__STDC__) || defined (__cplusplus) +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) static void -yy_stack_print (short int *bottom, short int *top) +yy_stack_print (yytype_int16 *bottom, yytype_int16 *top) #else static void yy_stack_print (bottom, top) - short int *bottom; - short int *top; + yytype_int16 *bottom; + yytype_int16 *top; #endif { YYFPRINTF (stderr, "Stack now"); - for (/* Nothing. */; bottom <= top; ++bottom) + for (; bottom <= top; ++bottom) YYFPRINTF (stderr, " %d", *bottom); YYFPRINTF (stderr, "\n"); } @@ -1002,37 +1138,45 @@ yy_stack_print (bottom, top) do { \ if (yydebug) \ yy_stack_print ((Bottom), (Top)); \ -} while (0) +} while (YYID (0)) /*------------------------------------------------. | Report that the YYRULE is going to be reduced. | `------------------------------------------------*/ -#if defined (__STDC__) || defined (__cplusplus) +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) static void -yy_reduce_print (int yyrule) +yy_reduce_print (YYSTYPE *yyvsp, int yyrule) #else static void -yy_reduce_print (yyrule) +yy_reduce_print (yyvsp, yyrule) + YYSTYPE *yyvsp; int yyrule; #endif { + int yynrhs = yyr2[yyrule]; int yyi; unsigned long int yylno = yyrline[yyrule]; - YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu), ", - yyrule - 1, yylno); - /* Print the symbols being reduced, and their result. */ - for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++) - YYFPRINTF (stderr, "%s ", yytname[yyrhs[yyi]]); - YYFPRINTF (stderr, "-> %s\n", yytname[yyr1[yyrule]]); + YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", + yyrule - 1, yylno); + /* The symbols being reduced. */ + for (yyi = 0; yyi < yynrhs; yyi++) + { + fprintf (stderr, " $%d = ", yyi + 1); + yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], + &(yyvsp[(yyi + 1) - (yynrhs)]) + ); + fprintf (stderr, "\n"); + } } # define YY_REDUCE_PRINT(Rule) \ do { \ if (yydebug) \ - yy_reduce_print (Rule); \ -} while (0) + yy_reduce_print (yyvsp, Rule); \ +} while (YYID (0)) /* Nonzero means print parse trace. It is left uninitialized so that multiple parsers can coexist. */ @@ -1066,42 +1210,44 @@ int yydebug; #if YYERROR_VERBOSE # ifndef yystrlen -# if defined (__GLIBC__) && defined (_STRING_H) +# if defined __GLIBC__ && defined _STRING_H # define yystrlen strlen # else /* Return the length of YYSTR. */ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) static YYSIZE_T -# if defined (__STDC__) || defined (__cplusplus) yystrlen (const char *yystr) -# else +#else +static YYSIZE_T yystrlen (yystr) - const char *yystr; -# endif + const char *yystr; +#endif { - const char *yys = yystr; - - while (*yys++ != '\0') + YYSIZE_T yylen; + for (yylen = 0; yystr[yylen]; yylen++) continue; - - return yys - yystr - 1; + return yylen; } # endif # endif # ifndef yystpcpy -# if defined (__GLIBC__) && defined (_STRING_H) && defined (_GNU_SOURCE) +# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE # define yystpcpy stpcpy # else /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in YYDEST. */ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) static char * -# if defined (__STDC__) || defined (__cplusplus) yystpcpy (char *yydest, const char *yysrc) -# else +#else +static char * yystpcpy (yydest, yysrc) - char *yydest; - const char *yysrc; -# endif + char *yydest; + const char *yysrc; +#endif { char *yyd = yydest; const char *yys = yysrc; @@ -1127,7 +1273,7 @@ yytnamerr (char *yyres, const char *yystr) { if (*yystr == '"') { - size_t yyn = 0; + YYSIZE_T yyn = 0; char const *yyp = yystr; for (;;) @@ -1162,53 +1308,123 @@ yytnamerr (char *yyres, const char *yystr) } # endif -#endif /* YYERROR_VERBOSE */ - - - -#if YYDEBUG -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ - -#if defined (__STDC__) || defined (__cplusplus) -static void -yysymprint (FILE *yyoutput, int yytype, YYSTYPE *yyvaluep) -#else -static void -yysymprint (yyoutput, yytype, yyvaluep) - FILE *yyoutput; - int yytype; - YYSTYPE *yyvaluep; -#endif +/* Copy into YYRESULT an error message about the unexpected token + YYCHAR while in state YYSTATE. Return the number of bytes copied, + including the terminating null byte. If YYRESULT is null, do not + copy anything; just return the number of bytes that would be + copied. As a special case, return 0 if an ordinary "syntax error" + message will do. Return YYSIZE_MAXIMUM if overflow occurs during + size calculation. */ +static YYSIZE_T +yysyntax_error (char *yyresult, int yystate, int yychar) { - /* Pacify ``unused variable'' warnings. */ - (void) yyvaluep; + int yyn = yypact[yystate]; - if (yytype < YYNTOKENS) - YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); + if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) + return 0; else - YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + { + int yytype = YYTRANSLATE (yychar); + YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); + YYSIZE_T yysize = yysize0; + YYSIZE_T yysize1; + int yysize_overflow = 0; + enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; + char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; + int yyx; + +# if 0 + /* This is so xgettext sees the translatable formats that are + constructed on the fly. */ + YY_("syntax error, unexpected %s"); + YY_("syntax error, unexpected %s, expecting %s"); + YY_("syntax error, unexpected %s, expecting %s or %s"); + YY_("syntax error, unexpected %s, expecting %s or %s or %s"); + YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); +# endif + char *yyfmt; + char const *yyf; + static char const yyunexpected[] = "syntax error, unexpected %s"; + static char const yyexpecting[] = ", expecting %s"; + static char const yyor[] = " or %s"; + char yyformat[sizeof yyunexpected + + sizeof yyexpecting - 1 + + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) + * (sizeof yyor - 1))]; + char const *yyprefix = yyexpecting; + + /* Start YYX at -YYN if negative to avoid negative indexes in + YYCHECK. */ + int yyxbegin = yyn < 0 ? -yyn : 0; + + /* Stay within bounds of both yycheck and yytname. */ + int yychecklim = YYLAST - yyn + 1; + int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; + int yycount = 1; + + yyarg[0] = yytname[yytype]; + yyfmt = yystpcpy (yyformat, yyunexpected); + + for (yyx = yyxbegin; yyx < yyxend; ++yyx) + if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) + { + if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) + { + yycount = 1; + yysize = yysize0; + yyformat[sizeof yyunexpected - 1] = '\0'; + break; + } + yyarg[yycount++] = yytname[yyx]; + yysize1 = yysize + yytnamerr (0, yytname[yyx]); + yysize_overflow |= (yysize1 < yysize); + yysize = yysize1; + yyfmt = yystpcpy (yyfmt, yyprefix); + yyprefix = yyor; + } + yyf = YY_(yyformat); + yysize1 = yysize + yystrlen (yyf); + yysize_overflow |= (yysize1 < yysize); + yysize = yysize1; -# ifdef YYPRINT - if (yytype < YYNTOKENS) - YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); -# endif - switch (yytype) - { - default: - break; + if (yysize_overflow) + return YYSIZE_MAXIMUM; + + if (yyresult) + { + /* Avoid sprintf, as that infringes on the user's name space. + Don't have undefined behavior even if the translation + produced a string with the wrong number of "%s"s. */ + char *yyp = yyresult; + int yyi = 0; + while ((*yyp = *yyf) != '\0') + { + if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) + { + yyp += yytnamerr (yyp, yyarg[yyi++]); + yyf += 2; + } + else + { + yyp++; + yyf++; + } + } + } + return yysize; } - YYFPRINTF (yyoutput, ")"); } +#endif /* YYERROR_VERBOSE */ + -#endif /* ! YYDEBUG */ /*-----------------------------------------------. | Release the memory associated to this symbol. | `-----------------------------------------------*/ -#if defined (__STDC__) || defined (__cplusplus) +/*ARGSUSED*/ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) static void yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) #else @@ -1219,8 +1435,7 @@ yydestruct (yymsg, yytype, yyvaluep) YYSTYPE *yyvaluep; #endif { - /* Pacify ``unused variable'' warnings. */ - (void) yyvaluep; + YYUSE (yyvaluep); if (!yymsg) yymsg = "Deleting"; @@ -1230,7 +1445,7 @@ yydestruct (yymsg, yytype, yyvaluep) { default: - break; + break; } } @@ -1238,13 +1453,13 @@ yydestruct (yymsg, yytype, yyvaluep) /* Prevent warnings from -Wmissing-prototypes. */ #ifdef YYPARSE_PARAM -# if defined (__STDC__) || defined (__cplusplus) +#if defined __STDC__ || defined __cplusplus int yyparse (void *YYPARSE_PARAM); -# else +#else int yyparse (); -# endif +#endif #else /* ! YYPARSE_PARAM */ -#if defined (__STDC__) || defined (__cplusplus) +#if defined __STDC__ || defined __cplusplus int yyparse (void); #else int yyparse (); @@ -1269,14 +1484,18 @@ int yynerrs; `----------*/ #ifdef YYPARSE_PARAM -# if defined (__STDC__) || defined (__cplusplus) -int yyparse (void *YYPARSE_PARAM) -# else -int yyparse (YYPARSE_PARAM) - void *YYPARSE_PARAM; -# endif +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +int +yyparse (void *YYPARSE_PARAM) +#else +int +yyparse (YYPARSE_PARAM) + void *YYPARSE_PARAM; +#endif #else /* ! YYPARSE_PARAM */ -#if defined (__STDC__) || defined (__cplusplus) +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) int yyparse (void) #else @@ -1294,6 +1513,12 @@ yyparse () int yyerrstatus; /* Look-ahead token as an internal (translated) token number. */ int yytoken = 0; +#if YYERROR_VERBOSE + /* Buffer for error messages, and its allocated size. */ + char yymsgbuf[128]; + char *yymsg = yymsgbuf; + YYSIZE_T yymsg_alloc = sizeof yymsgbuf; +#endif /* Three stacks and their tools: `yyss': related to states, @@ -1304,9 +1529,9 @@ yyparse () to reallocate them elsewhere. */ /* The state stack. */ - short int yyssa[YYINITDEPTH]; - short int *yyss = yyssa; - short int *yyssp; + yytype_int16 yyssa[YYINITDEPTH]; + yytype_int16 *yyss = yyssa; + yytype_int16 *yyssp; /* The semantic value stack. */ YYSTYPE yyvsa[YYINITDEPTH]; @@ -1315,7 +1540,7 @@ yyparse () -#define YYPOPSTACK (yyvsp--, yyssp--) +#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) YYSIZE_T yystacksize = YYINITDEPTH; @@ -1324,9 +1549,9 @@ yyparse () YYSTYPE yyval; - /* When reducing, the number of symbols on the RHS of the reduced - rule. */ - int yylen; + /* The number of symbols on the RHS of the reduced rule. + Keep to zero when no symbol should be popped. */ + int yylen = 0; YYDPRINTF ((stderr, "Starting parse\n")); @@ -1350,8 +1575,7 @@ yyparse () `------------------------------------------------------------*/ yynewstate: /* In all cases, when you get here, the value and location stacks - have just been pushed. so pushing a state here evens the stacks. - */ + have just been pushed. So pushing a state here evens the stacks. */ yyssp++; yysetstate: @@ -1364,11 +1588,11 @@ yyparse () #ifdef yyoverflow { - /* Give user a chance to reallocate the stack. Use copies of + /* Give user a chance to reallocate the stack. Use copies of these so that the &'s don't force the real ones into memory. */ YYSTYPE *yyvs1 = yyvs; - short int *yyss1 = yyss; + yytype_int16 *yyss1 = yyss; /* Each stack pointer address is followed by the size of the @@ -1396,7 +1620,7 @@ yyparse () yystacksize = YYMAXDEPTH; { - short int *yyss1 = yyss; + yytype_int16 *yyss1 = yyss; union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) @@ -1431,12 +1655,10 @@ yyparse () `-----------*/ yybackup: -/* Do appropriate processing given the current state. */ -/* Read a look-ahead token if we need one and don't already have one. */ -/* yyresume: */ + /* Do appropriate processing given the current state. Read a + look-ahead token if we need one and don't already have one. */ /* First try to decide what to do without reference to look-ahead token. */ - yyn = yypact[yystate]; if (yyn == YYPACT_NINF) goto yydefault; @@ -1478,22 +1700,21 @@ yybackup: if (yyn == YYFINAL) YYACCEPT; + /* Count tokens shifted since error; after three, turn off error + status. */ + if (yyerrstatus) + yyerrstatus--; + /* Shift the look-ahead token. */ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); - /* Discard the token being shifted unless it is eof. */ + /* Discard the shifted token unless it is eof. */ if (yychar != YYEOF) yychar = YYEMPTY; + yystate = yyn; *++yyvsp = yylval; - - /* Count tokens shifted since error; after three, turn off error - status. */ - if (yyerrstatus) - yyerrstatus--; - - yystate = yyn; goto yynewstate; @@ -1529,70 +1750,70 @@ yyreduce: switch (yyn) { case 2: -#line 233 "parse.y" +#line 233 "heimdal/lib/asn1/parse.y" { checkundefined(); } break; case 4: -#line 240 "parse.y" +#line 240 "heimdal/lib/asn1/parse.y" { error_message("implicit tagging is not supported"); } break; case 5: -#line 242 "parse.y" +#line 242 "heimdal/lib/asn1/parse.y" { error_message("automatic tagging is not supported"); } break; case 7: -#line 247 "parse.y" +#line 247 "heimdal/lib/asn1/parse.y" { error_message("no extensibility options supported"); } break; case 17: -#line 268 "parse.y" +#line 268 "heimdal/lib/asn1/parse.y" { struct string_list *sl; - for(sl = (yyvsp[-3].sl); sl != NULL; sl = sl->next) { + for(sl = (yyvsp[(1) - (4)].sl); sl != NULL; sl = sl->next) { Symbol *s = addsym(sl->string); s->stype = Stype; } - add_import((yyvsp[-1].name)); + add_import((yyvsp[(3) - (4)].name)); } break; case 22: -#line 287 "parse.y" +#line 287 "heimdal/lib/asn1/parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); - (yyval.sl)->string = (yyvsp[-2].name); - (yyval.sl)->next = (yyvsp[0].sl); + (yyval.sl)->string = (yyvsp[(1) - (3)].name); + (yyval.sl)->next = (yyvsp[(3) - (3)].sl); } break; case 23: -#line 293 "parse.y" +#line 293 "heimdal/lib/asn1/parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); - (yyval.sl)->string = (yyvsp[0].name); + (yyval.sl)->string = (yyvsp[(1) - (1)].name); (yyval.sl)->next = NULL; } break; case 24: -#line 301 "parse.y" +#line 301 "heimdal/lib/asn1/parse.y" { - Symbol *s = addsym ((yyvsp[-2].name)); + Symbol *s = addsym ((yyvsp[(1) - (3)].name)); s->stype = Stype; - s->type = (yyvsp[0].type); + s->type = (yyvsp[(3) - (3)].type); fix_labels(s); generate_type (s); } break; case 42: -#line 332 "parse.y" +#line 332 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean, TE_EXPLICIT, new_type(TBoolean)); @@ -1600,18 +1821,18 @@ yyreduce: break; case 43: -#line 339 "parse.y" +#line 339 "heimdal/lib/asn1/parse.y" { - if((yyvsp[-3].value)->type != integervalue || - (yyvsp[-1].value)->type != integervalue) + if((yyvsp[(2) - (5)].value)->type != integervalue || + (yyvsp[(4) - (5)].value)->type != integervalue) error_message("Non-integer value used in range"); - (yyval.range).min = (yyvsp[-3].value)->u.integervalue; - (yyval.range).max = (yyvsp[-1].value)->u.integervalue; + (yyval.range).min = (yyvsp[(2) - (5)].value)->u.integervalue; + (yyval.range).max = (yyvsp[(4) - (5)].value)->u.integervalue; } break; case 44: -#line 349 "parse.y" +#line 349 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, new_type(TInteger)); @@ -1619,54 +1840,54 @@ yyreduce: break; case 45: -#line 354 "parse.y" +#line 354 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->range = emalloc(sizeof(*(yyval.type)->range)); - *((yyval.type)->range) = (yyvsp[0].range); + *((yyval.type)->range) = (yyvsp[(2) - (2)].range); (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, (yyval.type)); } break; case 46: -#line 361 "parse.y" +#line 361 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TInteger); - (yyval.type)->members = (yyvsp[-1].members); + (yyval.type)->members = (yyvsp[(3) - (4)].members); (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, (yyval.type)); } break; case 47: -#line 369 "parse.y" +#line 369 "heimdal/lib/asn1/parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); - ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[0].member), members); + ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[(1) - (1)].member), members); } break; case 48: -#line 375 "parse.y" +#line 375 "heimdal/lib/asn1/parse.y" { - ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members); - (yyval.members) = (yyvsp[-2].members); + ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); + (yyval.members) = (yyvsp[(1) - (3)].members); } break; case 49: -#line 380 "parse.y" - { (yyval.members) = (yyvsp[-2].members); } +#line 380 "heimdal/lib/asn1/parse.y" + { (yyval.members) = (yyvsp[(1) - (3)].members); } break; case 50: -#line 384 "parse.y" +#line 384 "heimdal/lib/asn1/parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); - (yyval.member)->name = (yyvsp[-3].name); - (yyval.member)->gen_name = estrdup((yyvsp[-3].name)); + (yyval.member)->name = (yyvsp[(1) - (4)].name); + (yyval.member)->gen_name = estrdup((yyvsp[(1) - (4)].name)); output_name ((yyval.member)->gen_name); - (yyval.member)->val = (yyvsp[-1].constant); + (yyval.member)->val = (yyvsp[(3) - (4)].constant); (yyval.member)->optional = 0; (yyval.member)->ellipsis = 0; (yyval.member)->type = NULL; @@ -1674,16 +1895,16 @@ yyreduce: break; case 51: -#line 397 "parse.y" +#line 397 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TInteger); - (yyval.type)->members = (yyvsp[-1].members); + (yyval.type)->members = (yyvsp[(3) - (4)].members); (yyval.type) = new_tag(ASN1_C_UNIV, UT_Enumerated, TE_EXPLICIT, (yyval.type)); } break; case 53: -#line 408 "parse.y" +#line 408 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = emalloc(sizeof(*(yyval.type)->members)); @@ -1693,16 +1914,16 @@ yyreduce: break; case 54: -#line 415 "parse.y" +#line 415 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TBitString); - (yyval.type)->members = (yyvsp[-1].members); + (yyval.type)->members = (yyvsp[(4) - (5)].members); (yyval.type) = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, (yyval.type)); } break; case 55: -#line 423 "parse.y" +#line 423 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_OID, TE_EXPLICIT, new_type(TOID)); @@ -1710,7 +1931,7 @@ yyreduce: break; case 56: -#line 429 "parse.y" +#line 429 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_OctetString, TE_EXPLICIT, new_type(TOctetString)); @@ -1718,7 +1939,7 @@ yyreduce: break; case 57: -#line 436 "parse.y" +#line 436 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Null, TE_EXPLICIT, new_type(TNull)); @@ -1726,16 +1947,16 @@ yyreduce: break; case 58: -#line 443 "parse.y" +#line 443 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSequence); - (yyval.type)->members = (yyvsp[-1].members); + (yyval.type)->members = (yyvsp[(3) - (4)].members); (yyval.type) = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, (yyval.type)); } break; case 59: -#line 449 "parse.y" +#line 449 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = NULL; @@ -1744,25 +1965,25 @@ yyreduce: break; case 60: -#line 457 "parse.y" +#line 457 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSequenceOf); - (yyval.type)->subtype = (yyvsp[0].type); + (yyval.type)->subtype = (yyvsp[(3) - (3)].type); (yyval.type) = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, (yyval.type)); } break; case 61: -#line 465 "parse.y" +#line 465 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSet); - (yyval.type)->members = (yyvsp[-1].members); + (yyval.type)->members = (yyvsp[(3) - (4)].members); (yyval.type) = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, (yyval.type)); } break; case 62: -#line 471 "parse.y" +#line 471 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = NULL; @@ -1771,36 +1992,36 @@ yyreduce: break; case 63: -#line 479 "parse.y" +#line 479 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSetOf); - (yyval.type)->subtype = (yyvsp[0].type); + (yyval.type)->subtype = (yyvsp[(3) - (3)].type); (yyval.type) = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, (yyval.type)); } break; case 64: -#line 487 "parse.y" +#line 487 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TChoice); - (yyval.type)->members = (yyvsp[-1].members); + (yyval.type)->members = (yyvsp[(3) - (4)].members); } break; case 67: -#line 498 "parse.y" +#line 498 "heimdal/lib/asn1/parse.y" { - Symbol *s = addsym((yyvsp[0].name)); + Symbol *s = addsym((yyvsp[(1) - (1)].name)); (yyval.type) = new_type(TType); if(s->stype != Stype && s->stype != SUndefined) - error_message ("%s is not a type\n", (yyvsp[0].name)); + error_message ("%s is not a type\n", (yyvsp[(1) - (1)].name)); else (yyval.type)->symbol = s; } break; case 68: -#line 509 "parse.y" +#line 509 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, TE_EXPLICIT, new_type(TGeneralizedTime)); @@ -1808,7 +2029,7 @@ yyreduce: break; case 69: -#line 514 "parse.y" +#line 514 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime, TE_EXPLICIT, new_type(TUTCTime)); @@ -1816,7 +2037,7 @@ yyreduce: break; case 70: -#line 521 "parse.y" +#line 521 "heimdal/lib/asn1/parse.y" { /* if (Constraint.type == contentConstrant) { assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too @@ -1832,136 +2053,136 @@ yyreduce: break; case 71: -#line 537 "parse.y" +#line 537 "heimdal/lib/asn1/parse.y" { - (yyval.constraint_spec) = (yyvsp[-1].constraint_spec); + (yyval.constraint_spec) = (yyvsp[(2) - (3)].constraint_spec); } break; case 75: -#line 550 "parse.y" +#line 550 "heimdal/lib/asn1/parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); - (yyval.constraint_spec)->u.content.type = (yyvsp[0].type); + (yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (2)].type); (yyval.constraint_spec)->u.content.encoding = NULL; } break; case 76: -#line 556 "parse.y" +#line 556 "heimdal/lib/asn1/parse.y" { - if ((yyvsp[0].value)->type != objectidentifiervalue) + if ((yyvsp[(3) - (3)].value)->type != objectidentifiervalue) error_message("Non-OID used in ENCODED BY constraint"); (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); (yyval.constraint_spec)->u.content.type = NULL; - (yyval.constraint_spec)->u.content.encoding = (yyvsp[0].value); + (yyval.constraint_spec)->u.content.encoding = (yyvsp[(3) - (3)].value); } break; case 77: -#line 564 "parse.y" +#line 564 "heimdal/lib/asn1/parse.y" { - if ((yyvsp[0].value)->type != objectidentifiervalue) + if ((yyvsp[(5) - (5)].value)->type != objectidentifiervalue) error_message("Non-OID used in ENCODED BY constraint"); (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); - (yyval.constraint_spec)->u.content.type = (yyvsp[-3].type); - (yyval.constraint_spec)->u.content.encoding = (yyvsp[0].value); + (yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (5)].type); + (yyval.constraint_spec)->u.content.encoding = (yyvsp[(5) - (5)].value); } break; case 78: -#line 574 "parse.y" +#line 574 "heimdal/lib/asn1/parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_USER); } break; case 79: -#line 580 "parse.y" +#line 580 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TTag); - (yyval.type)->tag = (yyvsp[-2].tag); - (yyval.type)->tag.tagenv = (yyvsp[-1].constant); - if((yyvsp[0].type)->type == TTag && (yyvsp[-1].constant) == TE_IMPLICIT) { - (yyval.type)->subtype = (yyvsp[0].type)->subtype; - free((yyvsp[0].type)); + (yyval.type)->tag = (yyvsp[(1) - (3)].tag); + (yyval.type)->tag.tagenv = (yyvsp[(2) - (3)].constant); + if((yyvsp[(3) - (3)].type)->type == TTag && (yyvsp[(2) - (3)].constant) == TE_IMPLICIT) { + (yyval.type)->subtype = (yyvsp[(3) - (3)].type)->subtype; + free((yyvsp[(3) - (3)].type)); } else - (yyval.type)->subtype = (yyvsp[0].type); + (yyval.type)->subtype = (yyvsp[(3) - (3)].type); } break; case 80: -#line 593 "parse.y" +#line 593 "heimdal/lib/asn1/parse.y" { - (yyval.tag).tagclass = (yyvsp[-2].constant); - (yyval.tag).tagvalue = (yyvsp[-1].constant); + (yyval.tag).tagclass = (yyvsp[(2) - (4)].constant); + (yyval.tag).tagvalue = (yyvsp[(3) - (4)].constant); (yyval.tag).tagenv = TE_EXPLICIT; } break; case 81: -#line 601 "parse.y" +#line 601 "heimdal/lib/asn1/parse.y" { (yyval.constant) = ASN1_C_CONTEXT; } break; case 82: -#line 605 "parse.y" +#line 605 "heimdal/lib/asn1/parse.y" { (yyval.constant) = ASN1_C_UNIV; } break; case 83: -#line 609 "parse.y" +#line 609 "heimdal/lib/asn1/parse.y" { (yyval.constant) = ASN1_C_APPL; } break; case 84: -#line 613 "parse.y" +#line 613 "heimdal/lib/asn1/parse.y" { (yyval.constant) = ASN1_C_PRIVATE; } break; case 85: -#line 619 "parse.y" +#line 619 "heimdal/lib/asn1/parse.y" { (yyval.constant) = TE_EXPLICIT; } break; case 86: -#line 623 "parse.y" +#line 623 "heimdal/lib/asn1/parse.y" { (yyval.constant) = TE_EXPLICIT; } break; case 87: -#line 627 "parse.y" +#line 627 "heimdal/lib/asn1/parse.y" { (yyval.constant) = TE_IMPLICIT; } break; case 88: -#line 634 "parse.y" +#line 634 "heimdal/lib/asn1/parse.y" { Symbol *s; - s = addsym ((yyvsp[-3].name)); + s = addsym ((yyvsp[(1) - (4)].name)); s->stype = SValue; - s->value = (yyvsp[0].value); + s->value = (yyvsp[(4) - (4)].value); generate_constant (s); } break; case 90: -#line 648 "parse.y" +#line 648 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString, TE_EXPLICIT, new_type(TGeneralString)); @@ -1969,7 +2190,7 @@ yyreduce: break; case 91: -#line 653 "parse.y" +#line 653 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String, TE_EXPLICIT, new_type(TUTF8String)); @@ -1977,7 +2198,7 @@ yyreduce: break; case 92: -#line 658 "parse.y" +#line 658 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString, TE_EXPLICIT, new_type(TPrintableString)); @@ -1985,7 +2206,7 @@ yyreduce: break; case 93: -#line 663 "parse.y" +#line 663 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_VisibleString, TE_EXPLICIT, new_type(TVisibleString)); @@ -1993,7 +2214,7 @@ yyreduce: break; case 94: -#line 668 "parse.y" +#line 668 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, TE_EXPLICIT, new_type(TIA5String)); @@ -2001,7 +2222,7 @@ yyreduce: break; case 95: -#line 673 "parse.y" +#line 673 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, TE_EXPLICIT, new_type(TBMPString)); @@ -2009,7 +2230,7 @@ yyreduce: break; case 96: -#line 678 "parse.y" +#line 678 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString, TE_EXPLICIT, new_type(TUniversalString)); @@ -2017,98 +2238,98 @@ yyreduce: break; case 97: -#line 686 "parse.y" +#line 686 "heimdal/lib/asn1/parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); - ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[0].member), members); + ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[(1) - (1)].member), members); } break; case 98: -#line 692 "parse.y" +#line 692 "heimdal/lib/asn1/parse.y" { - ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members); - (yyval.members) = (yyvsp[-2].members); + ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); + (yyval.members) = (yyvsp[(1) - (3)].members); } break; case 99: -#line 697 "parse.y" +#line 697 "heimdal/lib/asn1/parse.y" { struct member *m = ecalloc(1, sizeof(*m)); m->name = estrdup("..."); m->gen_name = estrdup("asn1_ellipsis"); m->ellipsis = 1; - ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), m, members); - (yyval.members) = (yyvsp[-2].members); + ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), m, members); + (yyval.members) = (yyvsp[(1) - (3)].members); } break; case 100: -#line 708 "parse.y" +#line 708 "heimdal/lib/asn1/parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); - (yyval.member)->name = (yyvsp[-1].name); - (yyval.member)->gen_name = estrdup((yyvsp[-1].name)); + (yyval.member)->name = (yyvsp[(1) - (2)].name); + (yyval.member)->gen_name = estrdup((yyvsp[(1) - (2)].name)); output_name ((yyval.member)->gen_name); - (yyval.member)->type = (yyvsp[0].type); + (yyval.member)->type = (yyvsp[(2) - (2)].type); (yyval.member)->ellipsis = 0; } break; case 101: -#line 719 "parse.y" +#line 719 "heimdal/lib/asn1/parse.y" { - (yyval.member) = (yyvsp[0].member); + (yyval.member) = (yyvsp[(1) - (1)].member); (yyval.member)->optional = 0; (yyval.member)->defval = NULL; } break; case 102: -#line 725 "parse.y" +#line 725 "heimdal/lib/asn1/parse.y" { - (yyval.member) = (yyvsp[-1].member); + (yyval.member) = (yyvsp[(1) - (2)].member); (yyval.member)->optional = 1; (yyval.member)->defval = NULL; } break; case 103: -#line 731 "parse.y" +#line 731 "heimdal/lib/asn1/parse.y" { - (yyval.member) = (yyvsp[-2].member); + (yyval.member) = (yyvsp[(1) - (3)].member); (yyval.member)->optional = 0; - (yyval.member)->defval = (yyvsp[0].value); + (yyval.member)->defval = (yyvsp[(3) - (3)].value); } break; case 104: -#line 739 "parse.y" +#line 739 "heimdal/lib/asn1/parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); - ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[0].member), members); + ASN1_TAILQ_INSERT_HEAD((yyval.members), (yyvsp[(1) - (1)].member), members); } break; case 105: -#line 745 "parse.y" +#line 745 "heimdal/lib/asn1/parse.y" { - ASN1_TAILQ_INSERT_TAIL((yyvsp[-2].members), (yyvsp[0].member), members); - (yyval.members) = (yyvsp[-2].members); + ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); + (yyval.members) = (yyvsp[(1) - (3)].members); } break; case 106: -#line 752 "parse.y" +#line 752 "heimdal/lib/asn1/parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); - (yyval.member)->name = (yyvsp[-3].name); - (yyval.member)->gen_name = estrdup((yyvsp[-3].name)); + (yyval.member)->name = (yyvsp[(1) - (4)].name); + (yyval.member)->gen_name = estrdup((yyvsp[(1) - (4)].name)); output_name ((yyval.member)->gen_name); - (yyval.member)->val = (yyvsp[-1].constant); + (yyval.member)->val = (yyvsp[(3) - (4)].constant); (yyval.member)->optional = 0; (yyval.member)->ellipsis = 0; (yyval.member)->type = NULL; @@ -2116,47 +2337,47 @@ yyreduce: break; case 108: -#line 765 "parse.y" +#line 765 "heimdal/lib/asn1/parse.y" { (yyval.objid) = NULL; } break; case 109: -#line 769 "parse.y" +#line 769 "heimdal/lib/asn1/parse.y" { - (yyval.objid) = (yyvsp[-1].objid); + (yyval.objid) = (yyvsp[(2) - (3)].objid); } break; case 110: -#line 775 "parse.y" +#line 775 "heimdal/lib/asn1/parse.y" { (yyval.objid) = NULL; } break; case 111: -#line 779 "parse.y" +#line 779 "heimdal/lib/asn1/parse.y" { - if ((yyvsp[0].objid)) { - (yyval.objid) = (yyvsp[0].objid); - add_oid_to_tail((yyvsp[0].objid), (yyvsp[-1].objid)); + if ((yyvsp[(2) - (2)].objid)) { + (yyval.objid) = (yyvsp[(2) - (2)].objid); + add_oid_to_tail((yyvsp[(2) - (2)].objid), (yyvsp[(1) - (2)].objid)); } else { - (yyval.objid) = (yyvsp[-1].objid); + (yyval.objid) = (yyvsp[(1) - (2)].objid); } } break; case 112: -#line 790 "parse.y" +#line 790 "heimdal/lib/asn1/parse.y" { - (yyval.objid) = new_objid((yyvsp[-3].name), (yyvsp[-1].constant)); + (yyval.objid) = new_objid((yyvsp[(1) - (4)].name), (yyvsp[(3) - (4)].constant)); } break; case 113: -#line 794 "parse.y" +#line 794 "heimdal/lib/asn1/parse.y" { - Symbol *s = addsym((yyvsp[0].name)); + Symbol *s = addsym((yyvsp[(1) - (1)].name)); if(s->stype != SValue || s->value->type != objectidentifiervalue) { error_message("%s is not an object identifier\n", @@ -2168,16 +2389,16 @@ yyreduce: break; case 114: -#line 805 "parse.y" +#line 805 "heimdal/lib/asn1/parse.y" { - (yyval.objid) = new_objid(NULL, (yyvsp[0].constant)); + (yyval.objid) = new_objid(NULL, (yyvsp[(1) - (1)].constant)); } break; case 124: -#line 828 "parse.y" +#line 828 "heimdal/lib/asn1/parse.y" { - Symbol *s = addsym((yyvsp[0].name)); + Symbol *s = addsym((yyvsp[(1) - (1)].name)); if(s->stype != SValue) error_message ("%s is not a value\n", s->name); @@ -2187,16 +2408,16 @@ yyreduce: break; case 125: -#line 839 "parse.y" +#line 839 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = stringvalue; - (yyval.value)->u.stringvalue = (yyvsp[0].name); + (yyval.value)->u.stringvalue = (yyvsp[(1) - (1)].name); } break; case 126: -#line 847 "parse.y" +#line 847 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2205,7 +2426,7 @@ yyreduce: break; case 127: -#line 853 "parse.y" +#line 853 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2214,40 +2435,38 @@ yyreduce: break; case 128: -#line 861 "parse.y" +#line 861 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = integervalue; - (yyval.value)->u.integervalue = (yyvsp[0].constant); + (yyval.value)->u.integervalue = (yyvsp[(1) - (1)].constant); } break; case 130: -#line 872 "parse.y" +#line 872 "heimdal/lib/asn1/parse.y" { } break; case 131: -#line 877 "parse.y" +#line 877 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = objectidentifiervalue; - (yyval.value)->u.objectidentifiervalue = (yyvsp[0].objid); + (yyval.value)->u.objectidentifiervalue = (yyvsp[(1) - (1)].objid); } break; +/* Line 1267 of yacc.c. */ +#line 2464 "heimdal/lib/asn1/parse.y" default: break; } + YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); -/* Line 1126 of yacc.c. */ -#line 2246 "parse.c" - - yyvsp -= yylen; - yyssp -= yylen; - - + YYPOPSTACK (yylen); + yylen = 0; YY_STACK_PRINT (yyss, yyssp); *++yyvsp = yyval; @@ -2276,110 +2495,41 @@ yyerrlab: if (!yyerrstatus) { ++yynerrs; -#if YYERROR_VERBOSE - yyn = yypact[yystate]; - - if (YYPACT_NINF < yyn && yyn < YYLAST) - { - int yytype = YYTRANSLATE (yychar); - YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); - YYSIZE_T yysize = yysize0; - YYSIZE_T yysize1; - int yysize_overflow = 0; - char *yymsg = 0; -# define YYERROR_VERBOSE_ARGS_MAXIMUM 5 - char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; - int yyx; - -#if 0 - /* This is so xgettext sees the translatable formats that are - constructed on the fly. */ - YY_("syntax error, unexpected %s"); - YY_("syntax error, unexpected %s, expecting %s"); - YY_("syntax error, unexpected %s, expecting %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); -#endif - char *yyfmt; - char const *yyf; - static char const yyunexpected[] = "syntax error, unexpected %s"; - static char const yyexpecting[] = ", expecting %s"; - static char const yyor[] = " or %s"; - char yyformat[sizeof yyunexpected - + sizeof yyexpecting - 1 - + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) - * (sizeof yyor - 1))]; - char const *yyprefix = yyexpecting; - - /* Start YYX at -YYN if negative to avoid negative indexes in - YYCHECK. */ - int yyxbegin = yyn < 0 ? -yyn : 0; - - /* Stay within bounds of both yycheck and yytname. */ - int yychecklim = YYLAST - yyn; - int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; - int yycount = 1; - - yyarg[0] = yytname[yytype]; - yyfmt = yystpcpy (yyformat, yyunexpected); - - for (yyx = yyxbegin; yyx < yyxend; ++yyx) - if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) +#if ! YYERROR_VERBOSE + yyerror (YY_("syntax error")); +#else + { + YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); + if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) + { + YYSIZE_T yyalloc = 2 * yysize; + if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) + yyalloc = YYSTACK_ALLOC_MAXIMUM; + if (yymsg != yymsgbuf) + YYSTACK_FREE (yymsg); + yymsg = (char *) YYSTACK_ALLOC (yyalloc); + if (yymsg) + yymsg_alloc = yyalloc; + else { - if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) - { - yycount = 1; - yysize = yysize0; - yyformat[sizeof yyunexpected - 1] = '\0'; - break; - } - yyarg[yycount++] = yytname[yyx]; - yysize1 = yysize + yytnamerr (0, yytname[yyx]); - yysize_overflow |= yysize1 < yysize; - yysize = yysize1; - yyfmt = yystpcpy (yyfmt, yyprefix); - yyprefix = yyor; + yymsg = yymsgbuf; + yymsg_alloc = sizeof yymsgbuf; } + } - yyf = YY_(yyformat); - yysize1 = yysize + yystrlen (yyf); - yysize_overflow |= yysize1 < yysize; - yysize = yysize1; - - if (!yysize_overflow && yysize <= YYSTACK_ALLOC_MAXIMUM) - yymsg = (char *) YYSTACK_ALLOC (yysize); - if (yymsg) - { - /* Avoid sprintf, as that infringes on the user's name space. - Don't have undefined behavior even if the translation - produced a string with the wrong number of "%s"s. */ - char *yyp = yymsg; - int yyi = 0; - while ((*yyp = *yyf)) - { - if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) - { - yyp += yytnamerr (yyp, yyarg[yyi++]); - yyf += 2; - } - else - { - yyp++; - yyf++; - } - } - yyerror (yymsg); - YYSTACK_FREE (yymsg); - } - else - { - yyerror (YY_("syntax error")); + if (0 < yysize && yysize <= yymsg_alloc) + { + (void) yysyntax_error (yymsg, yystate, yychar); + yyerror (yymsg); + } + else + { + yyerror (YY_("syntax error")); + if (yysize != 0) goto yyexhaustedlab; - } - } - else -#endif /* YYERROR_VERBOSE */ - yyerror (YY_("syntax error")); + } + } +#endif } @@ -2390,14 +2540,15 @@ yyerrlab: error, discard it. */ if (yychar <= YYEOF) - { + { /* Return failure if at end of input. */ if (yychar == YYEOF) YYABORT; - } + } else { - yydestruct ("Error: discarding", yytoken, &yylval); + yydestruct ("Error: discarding", + yytoken, &yylval); yychar = YYEMPTY; } } @@ -2415,11 +2566,14 @@ yyerrorlab: /* Pacify compilers like GCC when the user code never invokes YYERROR and the label yyerrorlab therefore never appears in user code. */ - if (0) + if (/*CONSTCOND*/ 0) goto yyerrorlab; -yyvsp -= yylen; - yyssp -= yylen; + /* Do not reclaim the symbols of the rule which action triggered + this YYERROR. */ + YYPOPSTACK (yylen); + yylen = 0; + YY_STACK_PRINT (yyss, yyssp); yystate = *yyssp; goto yyerrlab1; @@ -2449,8 +2603,9 @@ yyerrlab1: YYABORT; - yydestruct ("Error: popping", yystos[yystate], yyvsp); - YYPOPSTACK; + yydestruct ("Error: popping", + yystos[yystate], yyvsp); + YYPOPSTACK (1); yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); } @@ -2461,7 +2616,7 @@ yyerrlab1: *++yyvsp = yylval; - /* Shift the error token. */ + /* Shift the error token. */ YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); yystate = yyn; @@ -2496,21 +2651,30 @@ yyreturn: if (yychar != YYEOF && yychar != YYEMPTY) yydestruct ("Cleanup: discarding lookahead", yytoken, &yylval); + /* Do not reclaim the symbols of the rule which action triggered + this YYABORT or YYACCEPT. */ + YYPOPSTACK (yylen); + YY_STACK_PRINT (yyss, yyssp); while (yyssp != yyss) { yydestruct ("Cleanup: popping", yystos[*yyssp], yyvsp); - YYPOPSTACK; + YYPOPSTACK (1); } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); #endif - return yyresult; +#if YYERROR_VERBOSE + if (yymsg != yymsgbuf) + YYSTACK_FREE (yymsg); +#endif + /* Make sure YYID is used. */ + return YYID (yyresult); } -#line 884 "parse.y" +#line 884 "heimdal/lib/asn1/parse.y" void diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h index df4587501e..868bb2543a 100644 --- a/source4/heimdal/lib/asn1/parse.h +++ b/source4/heimdal/lib/asn1/parse.h @@ -1,7 +1,9 @@ -/* A Bison parser, made by GNU Bison 2.1. */ +/* A Bison parser, made by GNU Bison 2.3. */ -/* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. +/* Skeleton interface for Bison's Yacc-like parsers in C + + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 + Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -18,10 +20,18 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ -/* As a special exception, when this file is copied by Bison into a - Bison output file, you may use that output file without restriction. - This special exception was added by the Free Software Foundation - in version 1.24 of Bison. */ +/* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work + under terms of your choice, so long as that work isn't itself a + parser generator using the skeleton or a modified version thereof + as a parser skeleton. Alternatively, if you modify or redistribute + the parser skeleton itself, you may (at your option) remove this + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. + + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. */ /* Tokens. */ #ifndef YYTOKENTYPE @@ -210,9 +220,10 @@ -#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) -#line 65 "parse.y" -typedef union YYSTYPE { +#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED +typedef union YYSTYPE +#line 65 "heimdal/lib/asn1/parse.y" +{ int constant; struct value *value; struct range range; @@ -225,9 +236,10 @@ typedef union YYSTYPE { struct tagtype tag; struct memhead *members; struct constraint_spec *constraint_spec; -} YYSTYPE; -/* Line 1447 of yacc.c. */ -#line 231 "parse.h" +} +/* Line 1489 of yacc.c. */ +#line 242 "heimdal/lib/asn1/parse.y" + YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 @@ -235,5 +247,3 @@ typedef union YYSTYPE { extern YYSTYPE yylval; - - diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c index 4cef0c492d..9fb19b33ce 100644 --- a/source4/heimdal/lib/com_err/parse.c +++ b/source4/heimdal/lib/com_err/parse.c @@ -1,7 +1,9 @@ -/* A Bison parser, made by GNU Bison 2.1. */ +/* A Bison parser, made by GNU Bison 2.3. */ -/* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. +/* Skeleton implementation for Bison's Yacc-like parsers in C + + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 + Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -18,13 +20,21 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ -/* As a special exception, when this file is copied by Bison into a - Bison output file, you may use that output file without restriction. - This special exception was added by the Free Software Foundation - in version 1.24 of Bison. */ +/* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work + under terms of your choice, so long as that work isn't itself a + parser generator using the skeleton or a modified version thereof + as a parser skeleton. Alternatively, if you modify or redistribute + the parser skeleton itself, you may (at your option) remove this + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. + + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. */ -/* Written by Richard Stallman by simplifying the original so called - ``semantic'' parser. */ +/* C LALR(1) parser skeleton written by Richard Stallman, by + simplifying the original so-called "semantic" parser. */ /* All symbols defined below should begin with yy or YY, to avoid infringing on user name space. This should be done even for local @@ -37,7 +47,7 @@ #define YYBISON 1 /* Bison version. */ -#define YYBISON_VERSION "2.1" +#define YYBISON_VERSION "2.3" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -80,7 +90,7 @@ /* Copy the first part of user declarations. */ -#line 1 "parse.y" +#line 1 "./heimdal/lib/com_err/parse.y" /* * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan @@ -151,14 +161,16 @@ extern char *yytext; # define YYTOKEN_TABLE 0 #endif -#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) -#line 53 "parse.y" -typedef union YYSTYPE { +#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED +typedef union YYSTYPE +#line 53 "./heimdal/lib/com_err/parse.y" +{ char *string; int number; -} YYSTYPE; -/* Line 196 of yacc.c. */ -#line 162 "$base.c" +} +/* Line 187 of yacc.c. */ +#line 173 "./heimdal/lib/com_err/parse.y" + YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 @@ -169,23 +181,56 @@ typedef union YYSTYPE { /* Copy the second part of user declarations. */ -/* Line 219 of yacc.c. */ -#line 174 "$base.c" +/* Line 216 of yacc.c. */ +#line 186 "./heimdal/lib/com_err/parse.y" -#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) -# define YYSIZE_T __SIZE_TYPE__ +#ifdef short +# undef short #endif -#if ! defined (YYSIZE_T) && defined (size_t) -# define YYSIZE_T size_t + +#ifdef YYTYPE_UINT8 +typedef YYTYPE_UINT8 yytype_uint8; +#else +typedef unsigned char yytype_uint8; #endif -#if ! defined (YYSIZE_T) && (defined (__STDC__) || defined (__cplusplus)) -# include /* INFRINGES ON USER NAME SPACE */ -# define YYSIZE_T size_t + +#ifdef YYTYPE_INT8 +typedef YYTYPE_INT8 yytype_int8; +#elif (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +typedef signed char yytype_int8; +#else +typedef short int yytype_int8; +#endif + +#ifdef YYTYPE_UINT16 +typedef YYTYPE_UINT16 yytype_uint16; +#else +typedef unsigned short int yytype_uint16; +#endif + +#ifdef YYTYPE_INT16 +typedef YYTYPE_INT16 yytype_int16; +#else +typedef short int yytype_int16; #endif -#if ! defined (YYSIZE_T) -# define YYSIZE_T unsigned int + +#ifndef YYSIZE_T +# ifdef __SIZE_TYPE__ +# define YYSIZE_T __SIZE_TYPE__ +# elif defined size_t +# define YYSIZE_T size_t +# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +# else +# define YYSIZE_T unsigned int +# endif #endif +#define YYSIZE_MAXIMUM ((YYSIZE_T) -1) + #ifndef YY_ # if YYENABLE_NLS # if ENABLE_NLS @@ -198,7 +243,32 @@ typedef union YYSTYPE { # endif #endif -#if ! defined (yyoverflow) || YYERROR_VERBOSE +/* Suppress unused-variable warnings by "using" E. */ +#if ! defined lint || defined __GNUC__ +# define YYUSE(e) ((void) (e)) +#else +# define YYUSE(e) /* empty */ +#endif + +/* Identity function, used to suppress warnings about constant conditions. */ +#ifndef lint +# define YYID(n) (n) +#else +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static int +YYID (int i) +#else +static int +YYID (i) + int i; +#endif +{ + return i; +} +#endif + +#if ! defined yyoverflow || YYERROR_VERBOSE /* The parser invokes alloca or malloc; define the necessary symbols. */ @@ -206,64 +276,76 @@ typedef union YYSTYPE { # if YYSTACK_USE_ALLOCA # ifdef __GNUC__ # define YYSTACK_ALLOC __builtin_alloca +# elif defined __BUILTIN_VA_ARG_INCR +# include /* INFRINGES ON USER NAME SPACE */ +# elif defined _AIX +# define YYSTACK_ALLOC __alloca +# elif defined _MSC_VER +# include /* INFRINGES ON USER NAME SPACE */ +# define alloca _alloca # else # define YYSTACK_ALLOC alloca -# if defined (__STDC__) || defined (__cplusplus) +# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) # include /* INFRINGES ON USER NAME SPACE */ -# define YYINCLUDED_STDLIB_H +# ifndef _STDLIB_H +# define _STDLIB_H 1 +# endif # endif # endif # endif # endif # ifdef YYSTACK_ALLOC - /* Pacify GCC's `empty if-body' warning. */ -# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) + /* Pacify GCC's `empty if-body' warning. */ +# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0)) # ifndef YYSTACK_ALLOC_MAXIMUM /* The OS might guarantee only one guard page at the bottom of the stack, and a page size can be as small as 4096 bytes. So we cannot safely invoke alloca (N) if N exceeds 4096. Use a slightly smaller number to allow for a few compiler-allocated temporary stack slots. */ -# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2005 */ +# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ # endif # else # define YYSTACK_ALLOC YYMALLOC # define YYSTACK_FREE YYFREE # ifndef YYSTACK_ALLOC_MAXIMUM -# define YYSTACK_ALLOC_MAXIMUM ((YYSIZE_T) -1) +# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM # endif -# ifdef __cplusplus -extern "C" { +# if (defined __cplusplus && ! defined _STDLIB_H \ + && ! ((defined YYMALLOC || defined malloc) \ + && (defined YYFREE || defined free))) +# include /* INFRINGES ON USER NAME SPACE */ +# ifndef _STDLIB_H +# define _STDLIB_H 1 +# endif # endif # ifndef YYMALLOC # define YYMALLOC malloc -# if (! defined (malloc) && ! defined (YYINCLUDED_STDLIB_H) \ - && (defined (__STDC__) || defined (__cplusplus))) +# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ # endif # endif # ifndef YYFREE # define YYFREE free -# if (! defined (free) && ! defined (YYINCLUDED_STDLIB_H) \ - && (defined (__STDC__) || defined (__cplusplus))) +# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) void free (void *); /* INFRINGES ON USER NAME SPACE */ # endif # endif -# ifdef __cplusplus -} -# endif # endif -#endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */ +#endif /* ! defined yyoverflow || YYERROR_VERBOSE */ -#if (! defined (yyoverflow) \ - && (! defined (__cplusplus) \ - || (defined (YYSTYPE_IS_TRIVIAL) && YYSTYPE_IS_TRIVIAL))) +#if (! defined yyoverflow \ + && (! defined __cplusplus \ + || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) /* A type that is properly aligned for any stack member. */ union yyalloc { - short int yyss; + yytype_int16 yyss; YYSTYPE yyvs; }; @@ -273,13 +355,13 @@ union yyalloc /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ - ((N) * (sizeof (short int) + sizeof (YYSTYPE)) \ + ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) /* Copy COUNT objects from FROM to TO. The source and destination do not overlap. */ # ifndef YYCOPY -# if defined (__GNUC__) && 1 < __GNUC__ +# if defined __GNUC__ && 1 < __GNUC__ # define YYCOPY(To, From, Count) \ __builtin_memcpy (To, From, (Count) * sizeof (*(From))) # else @@ -290,7 +372,7 @@ union yyalloc for (yyi = 0; yyi < (Count); yyi++) \ (To)[yyi] = (From)[yyi]; \ } \ - while (0) + while (YYID (0)) # endif # endif @@ -308,28 +390,22 @@ union yyalloc yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ yyptr += yynewbytes / sizeof (*yyptr); \ } \ - while (0) + while (YYID (0)) #endif -#if defined (__STDC__) || defined (__cplusplus) - typedef signed char yysigned_char; -#else - typedef short int yysigned_char; -#endif - -/* YYFINAL -- State number of the termination state. */ +/* YYFINAL -- State number of the termination state. */ #define YYFINAL 9 /* YYLAST -- Last index in YYTABLE. */ #define YYLAST 23 -/* YYNTOKENS -- Number of terminals. */ +/* YYNTOKENS -- Number of terminals. */ #define YYNTOKENS 12 -/* YYNNTS -- Number of nonterminals. */ +/* YYNNTS -- Number of nonterminals. */ #define YYNNTS 7 -/* YYNRULES -- Number of rules. */ +/* YYNRULES -- Number of rules. */ #define YYNRULES 15 -/* YYNRULES -- Number of states. */ +/* YYNRULES -- Number of states. */ #define YYNSTATES 24 /* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ @@ -340,7 +416,7 @@ union yyalloc ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) /* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ -static const unsigned char yytranslate[] = +static const yytype_uint8 yytranslate[] = { 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -374,14 +450,14 @@ static const unsigned char yytranslate[] = #if YYDEBUG /* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in YYRHS. */ -static const unsigned char yyprhs[] = +static const yytype_uint8 yyprhs[] = { 0, 0, 3, 4, 7, 10, 12, 15, 18, 22, 24, 27, 30, 33, 35, 40 }; -/* YYRHS -- A `-1'-separated list of the rules' RHS. */ -static const yysigned_char yyrhs[] = +/* YYRHS -- A `-1'-separated list of the rules' RHS. */ +static const yytype_int8 yyrhs[] = { 13, 0, -1, -1, 14, 17, -1, 15, 16, -1, 16, -1, 7, 9, -1, 3, 9, -1, 3, 9, @@ -391,7 +467,7 @@ static const yysigned_char yyrhs[] = }; /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ -static const unsigned char yyrline[] = +static const yytype_uint8 yyrline[] = { 0, 64, 64, 65, 68, 69, 72, 78, 84, 93, 94, 97, 101, 109, 116, 136 @@ -400,7 +476,7 @@ static const unsigned char yyrline[] = #if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. - First, the terminals, then, starting at YYNTOKENS, nonterminals. */ + First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { "$end", "error", "$undefined", "ET", "INDEX", "PREFIX", "EC", "ID", @@ -412,7 +488,7 @@ static const char *const yytname[] = # ifdef YYPRINT /* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to token YYLEX-NUM. */ -static const unsigned short int yytoknum[] = +static const yytype_uint16 yytoknum[] = { 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 44 @@ -420,14 +496,14 @@ static const unsigned short int yytoknum[] = # endif /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ -static const unsigned char yyr1[] = +static const yytype_uint8 yyr1[] = { 0, 12, 13, 13, 14, 14, 15, 16, 16, 17, 17, 18, 18, 18, 18, 18 }; /* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ -static const unsigned char yyr2[] = +static const yytype_uint8 yyr2[] = { 0, 2, 0, 2, 2, 1, 2, 2, 3, 1, 2, 2, 2, 1, 4, 1 @@ -436,15 +512,15 @@ static const unsigned char yyr2[] = /* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state STATE-NUM when YYTABLE doesn't specify something else to do. Zero means the default is an error. */ -static const unsigned char yydefact[] = +static const yytype_uint8 yydefact[] = { 2, 0, 0, 0, 0, 0, 5, 7, 6, 1, 0, 13, 0, 15, 3, 9, 4, 8, 11, 12, 0, 10, 0, 14 }; -/* YYDEFGOTO[NTERM-NUM]. */ -static const yysigned_char yydefgoto[] = +/* YYDEFGOTO[NTERM-NUM]. */ +static const yytype_int8 yydefgoto[] = { -1, 3, 4, 5, 6, 14, 15 }; @@ -452,7 +528,7 @@ static const yysigned_char yydefgoto[] = /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing STATE-NUM. */ #define YYPACT_NINF -5 -static const yysigned_char yypact[] = +static const yytype_int8 yypact[] = { 0, -3, -1, 5, -4, 6, -5, 1, -5, -5, 2, 4, 7, -5, -4, -5, -5, -5, -5, -5, @@ -460,7 +536,7 @@ static const yysigned_char yypact[] = }; /* YYPGOTO[NTERM-NUM]. */ -static const yysigned_char yypgoto[] = +static const yytype_int8 yypgoto[] = { -5, -5, -5, -5, 10, -5, 9 }; @@ -470,14 +546,14 @@ static const yysigned_char yypgoto[] = number is the opposite. If zero, do what YYDEFACT says. If YYTABLE_NINF, syntax error. */ #define YYTABLE_NINF -1 -static const unsigned char yytable[] = +static const yytype_uint8 yytable[] = { 10, 11, 12, 1, 13, 9, 7, 2, 8, 1, 17, 0, 18, 19, 22, 16, 20, 23, 0, 0, 0, 0, 0, 21 }; -static const yysigned_char yycheck[] = +static const yytype_int8 yycheck[] = { 4, 5, 6, 3, 8, 0, 9, 7, 9, 3, 9, -1, 10, 9, 11, 5, 9, 9, -1, -1, @@ -486,7 +562,7 @@ static const yysigned_char yycheck[] = /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ -static const unsigned char yystos[] = +static const yytype_uint8 yystos[] = { 0, 3, 7, 13, 14, 15, 16, 9, 9, 0, 4, 5, 6, 8, 17, 18, 16, 9, 10, 9, @@ -518,7 +594,7 @@ do \ yychar = (Token); \ yylval = (Value); \ yytoken = YYTRANSLATE (yychar); \ - YYPOPSTACK; \ + YYPOPSTACK (1); \ goto yybackup; \ } \ else \ @@ -526,7 +602,7 @@ do \ yyerror (YY_("syntax error: cannot back up")); \ YYERROR; \ } \ -while (0) +while (YYID (0)) #define YYTERROR 1 @@ -541,7 +617,7 @@ while (0) #ifndef YYLLOC_DEFAULT # define YYLLOC_DEFAULT(Current, Rhs, N) \ do \ - if (N) \ + if (YYID (N)) \ { \ (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ @@ -555,7 +631,7 @@ while (0) (Current).first_column = (Current).last_column = \ YYRHSLOC (Rhs, 0).last_column; \ } \ - while (0) + while (YYID (0)) #endif @@ -567,8 +643,8 @@ while (0) # if YYLTYPE_IS_TRIVIAL # define YY_LOCATION_PRINT(File, Loc) \ fprintf (File, "%d.%d-%d.%d", \ - (Loc).first_line, (Loc).first_column, \ - (Loc).last_line, (Loc).last_column) + (Loc).first_line, (Loc).first_column, \ + (Loc).last_line, (Loc).last_column) # else # define YY_LOCATION_PRINT(File, Loc) ((void) 0) # endif @@ -595,36 +671,96 @@ while (0) do { \ if (yydebug) \ YYFPRINTF Args; \ -} while (0) +} while (YYID (0)) -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ -do { \ - if (yydebug) \ - { \ - YYFPRINTF (stderr, "%s ", Title); \ - yysymprint (stderr, \ - Type, Value); \ - YYFPRINTF (stderr, "\n"); \ - } \ -} while (0) +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ +do { \ + if (yydebug) \ + { \ + YYFPRINTF (stderr, "%s ", Title); \ + yy_symbol_print (stderr, \ + Type, Value); \ + YYFPRINTF (stderr, "\n"); \ + } \ +} while (YYID (0)) + + +/*--------------------------------. +| Print this symbol on YYOUTPUT. | +`--------------------------------*/ + +/*ARGSUSED*/ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) +#else +static void +yy_symbol_value_print (yyoutput, yytype, yyvaluep) + FILE *yyoutput; + int yytype; + YYSTYPE const * const yyvaluep; +#endif +{ + if (!yyvaluep) + return; +# ifdef YYPRINT + if (yytype < YYNTOKENS) + YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); +# else + YYUSE (yyoutput); +# endif + switch (yytype) + { + default: + break; + } +} + + +/*--------------------------------. +| Print this symbol on YYOUTPUT. | +`--------------------------------*/ + +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) +#else +static void +yy_symbol_print (yyoutput, yytype, yyvaluep) + FILE *yyoutput; + int yytype; + YYSTYPE const * const yyvaluep; +#endif +{ + if (yytype < YYNTOKENS) + YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); + else + YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + + yy_symbol_value_print (yyoutput, yytype, yyvaluep); + YYFPRINTF (yyoutput, ")"); +} /*------------------------------------------------------------------. | yy_stack_print -- Print the state stack from its BOTTOM up to its | | TOP (included). | `------------------------------------------------------------------*/ -#if defined (__STDC__) || defined (__cplusplus) +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) static void -yy_stack_print (short int *bottom, short int *top) +yy_stack_print (yytype_int16 *bottom, yytype_int16 *top) #else static void yy_stack_print (bottom, top) - short int *bottom; - short int *top; + yytype_int16 *bottom; + yytype_int16 *top; #endif { YYFPRINTF (stderr, "Stack now"); - for (/* Nothing. */; bottom <= top; ++bottom) + for (; bottom <= top; ++bottom) YYFPRINTF (stderr, " %d", *bottom); YYFPRINTF (stderr, "\n"); } @@ -633,37 +769,45 @@ yy_stack_print (bottom, top) do { \ if (yydebug) \ yy_stack_print ((Bottom), (Top)); \ -} while (0) +} while (YYID (0)) /*------------------------------------------------. | Report that the YYRULE is going to be reduced. | `------------------------------------------------*/ -#if defined (__STDC__) || defined (__cplusplus) +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) static void -yy_reduce_print (int yyrule) +yy_reduce_print (YYSTYPE *yyvsp, int yyrule) #else static void -yy_reduce_print (yyrule) +yy_reduce_print (yyvsp, yyrule) + YYSTYPE *yyvsp; int yyrule; #endif { + int yynrhs = yyr2[yyrule]; int yyi; unsigned long int yylno = yyrline[yyrule]; - YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu), ", - yyrule - 1, yylno); - /* Print the symbols being reduced, and their result. */ - for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++) - YYFPRINTF (stderr, "%s ", yytname[yyrhs[yyi]]); - YYFPRINTF (stderr, "-> %s\n", yytname[yyr1[yyrule]]); + YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", + yyrule - 1, yylno); + /* The symbols being reduced. */ + for (yyi = 0; yyi < yynrhs; yyi++) + { + fprintf (stderr, " $%d = ", yyi + 1); + yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], + &(yyvsp[(yyi + 1) - (yynrhs)]) + ); + fprintf (stderr, "\n"); + } } # define YY_REDUCE_PRINT(Rule) \ do { \ if (yydebug) \ - yy_reduce_print (Rule); \ -} while (0) + yy_reduce_print (yyvsp, Rule); \ +} while (YYID (0)) /* Nonzero means print parse trace. It is left uninitialized so that multiple parsers can coexist. */ @@ -697,42 +841,44 @@ int yydebug; #if YYERROR_VERBOSE # ifndef yystrlen -# if defined (__GLIBC__) && defined (_STRING_H) +# if defined __GLIBC__ && defined _STRING_H # define yystrlen strlen # else /* Return the length of YYSTR. */ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) static YYSIZE_T -# if defined (__STDC__) || defined (__cplusplus) yystrlen (const char *yystr) -# else +#else +static YYSIZE_T yystrlen (yystr) - const char *yystr; -# endif + const char *yystr; +#endif { - const char *yys = yystr; - - while (*yys++ != '\0') + YYSIZE_T yylen; + for (yylen = 0; yystr[yylen]; yylen++) continue; - - return yys - yystr - 1; + return yylen; } # endif # endif # ifndef yystpcpy -# if defined (__GLIBC__) && defined (_STRING_H) && defined (_GNU_SOURCE) +# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE # define yystpcpy stpcpy # else /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in YYDEST. */ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) static char * -# if defined (__STDC__) || defined (__cplusplus) yystpcpy (char *yydest, const char *yysrc) -# else +#else +static char * yystpcpy (yydest, yysrc) - char *yydest; - const char *yysrc; -# endif + char *yydest; + const char *yysrc; +#endif { char *yyd = yydest; const char *yys = yysrc; @@ -758,7 +904,7 @@ yytnamerr (char *yyres, const char *yystr) { if (*yystr == '"') { - size_t yyn = 0; + YYSIZE_T yyn = 0; char const *yyp = yystr; for (;;) @@ -793,53 +939,123 @@ yytnamerr (char *yyres, const char *yystr) } # endif -#endif /* YYERROR_VERBOSE */ - - - -#if YYDEBUG -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ - -#if defined (__STDC__) || defined (__cplusplus) -static void -yysymprint (FILE *yyoutput, int yytype, YYSTYPE *yyvaluep) -#else -static void -yysymprint (yyoutput, yytype, yyvaluep) - FILE *yyoutput; - int yytype; - YYSTYPE *yyvaluep; -#endif +/* Copy into YYRESULT an error message about the unexpected token + YYCHAR while in state YYSTATE. Return the number of bytes copied, + including the terminating null byte. If YYRESULT is null, do not + copy anything; just return the number of bytes that would be + copied. As a special case, return 0 if an ordinary "syntax error" + message will do. Return YYSIZE_MAXIMUM if overflow occurs during + size calculation. */ +static YYSIZE_T +yysyntax_error (char *yyresult, int yystate, int yychar) { - /* Pacify ``unused variable'' warnings. */ - (void) yyvaluep; + int yyn = yypact[yystate]; - if (yytype < YYNTOKENS) - YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); + if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) + return 0; else - YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + { + int yytype = YYTRANSLATE (yychar); + YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); + YYSIZE_T yysize = yysize0; + YYSIZE_T yysize1; + int yysize_overflow = 0; + enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; + char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; + int yyx; + +# if 0 + /* This is so xgettext sees the translatable formats that are + constructed on the fly. */ + YY_("syntax error, unexpected %s"); + YY_("syntax error, unexpected %s, expecting %s"); + YY_("syntax error, unexpected %s, expecting %s or %s"); + YY_("syntax error, unexpected %s, expecting %s or %s or %s"); + YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); +# endif + char *yyfmt; + char const *yyf; + static char const yyunexpected[] = "syntax error, unexpected %s"; + static char const yyexpecting[] = ", expecting %s"; + static char const yyor[] = " or %s"; + char yyformat[sizeof yyunexpected + + sizeof yyexpecting - 1 + + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) + * (sizeof yyor - 1))]; + char const *yyprefix = yyexpecting; + + /* Start YYX at -YYN if negative to avoid negative indexes in + YYCHECK. */ + int yyxbegin = yyn < 0 ? -yyn : 0; + + /* Stay within bounds of both yycheck and yytname. */ + int yychecklim = YYLAST - yyn + 1; + int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; + int yycount = 1; + + yyarg[0] = yytname[yytype]; + yyfmt = yystpcpy (yyformat, yyunexpected); + + for (yyx = yyxbegin; yyx < yyxend; ++yyx) + if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) + { + if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) + { + yycount = 1; + yysize = yysize0; + yyformat[sizeof yyunexpected - 1] = '\0'; + break; + } + yyarg[yycount++] = yytname[yyx]; + yysize1 = yysize + yytnamerr (0, yytname[yyx]); + yysize_overflow |= (yysize1 < yysize); + yysize = yysize1; + yyfmt = yystpcpy (yyfmt, yyprefix); + yyprefix = yyor; + } + yyf = YY_(yyformat); + yysize1 = yysize + yystrlen (yyf); + yysize_overflow |= (yysize1 < yysize); + yysize = yysize1; -# ifdef YYPRINT - if (yytype < YYNTOKENS) - YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); -# endif - switch (yytype) - { - default: - break; + if (yysize_overflow) + return YYSIZE_MAXIMUM; + + if (yyresult) + { + /* Avoid sprintf, as that infringes on the user's name space. + Don't have undefined behavior even if the translation + produced a string with the wrong number of "%s"s. */ + char *yyp = yyresult; + int yyi = 0; + while ((*yyp = *yyf) != '\0') + { + if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) + { + yyp += yytnamerr (yyp, yyarg[yyi++]); + yyf += 2; + } + else + { + yyp++; + yyf++; + } + } + } + return yysize; } - YYFPRINTF (yyoutput, ")"); } +#endif /* YYERROR_VERBOSE */ + -#endif /* ! YYDEBUG */ /*-----------------------------------------------. | Release the memory associated to this symbol. | `-----------------------------------------------*/ -#if defined (__STDC__) || defined (__cplusplus) +/*ARGSUSED*/ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) static void yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) #else @@ -850,8 +1066,7 @@ yydestruct (yymsg, yytype, yyvaluep) YYSTYPE *yyvaluep; #endif { - /* Pacify ``unused variable'' warnings. */ - (void) yyvaluep; + YYUSE (yyvaluep); if (!yymsg) yymsg = "Deleting"; @@ -861,7 +1076,7 @@ yydestruct (yymsg, yytype, yyvaluep) { default: - break; + break; } } @@ -869,13 +1084,13 @@ yydestruct (yymsg, yytype, yyvaluep) /* Prevent warnings from -Wmissing-prototypes. */ #ifdef YYPARSE_PARAM -# if defined (__STDC__) || defined (__cplusplus) +#if defined __STDC__ || defined __cplusplus int yyparse (void *YYPARSE_PARAM); -# else +#else int yyparse (); -# endif +#endif #else /* ! YYPARSE_PARAM */ -#if defined (__STDC__) || defined (__cplusplus) +#if defined __STDC__ || defined __cplusplus int yyparse (void); #else int yyparse (); @@ -900,14 +1115,18 @@ int yynerrs; `----------*/ #ifdef YYPARSE_PARAM -# if defined (__STDC__) || defined (__cplusplus) -int yyparse (void *YYPARSE_PARAM) -# else -int yyparse (YYPARSE_PARAM) - void *YYPARSE_PARAM; -# endif +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +int +yyparse (void *YYPARSE_PARAM) +#else +int +yyparse (YYPARSE_PARAM) + void *YYPARSE_PARAM; +#endif #else /* ! YYPARSE_PARAM */ -#if defined (__STDC__) || defined (__cplusplus) +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) int yyparse (void) #else @@ -925,6 +1144,12 @@ yyparse () int yyerrstatus; /* Look-ahead token as an internal (translated) token number. */ int yytoken = 0; +#if YYERROR_VERBOSE + /* Buffer for error messages, and its allocated size. */ + char yymsgbuf[128]; + char *yymsg = yymsgbuf; + YYSIZE_T yymsg_alloc = sizeof yymsgbuf; +#endif /* Three stacks and their tools: `yyss': related to states, @@ -935,9 +1160,9 @@ yyparse () to reallocate them elsewhere. */ /* The state stack. */ - short int yyssa[YYINITDEPTH]; - short int *yyss = yyssa; - short int *yyssp; + yytype_int16 yyssa[YYINITDEPTH]; + yytype_int16 *yyss = yyssa; + yytype_int16 *yyssp; /* The semantic value stack. */ YYSTYPE yyvsa[YYINITDEPTH]; @@ -946,7 +1171,7 @@ yyparse () -#define YYPOPSTACK (yyvsp--, yyssp--) +#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) YYSIZE_T yystacksize = YYINITDEPTH; @@ -955,9 +1180,9 @@ yyparse () YYSTYPE yyval; - /* When reducing, the number of symbols on the RHS of the reduced - rule. */ - int yylen; + /* The number of symbols on the RHS of the reduced rule. + Keep to zero when no symbol should be popped. */ + int yylen = 0; YYDPRINTF ((stderr, "Starting parse\n")); @@ -981,8 +1206,7 @@ yyparse () `------------------------------------------------------------*/ yynewstate: /* In all cases, when you get here, the value and location stacks - have just been pushed. so pushing a state here evens the stacks. - */ + have just been pushed. So pushing a state here evens the stacks. */ yyssp++; yysetstate: @@ -995,11 +1219,11 @@ yyparse () #ifdef yyoverflow { - /* Give user a chance to reallocate the stack. Use copies of + /* Give user a chance to reallocate the stack. Use copies of these so that the &'s don't force the real ones into memory. */ YYSTYPE *yyvs1 = yyvs; - short int *yyss1 = yyss; + yytype_int16 *yyss1 = yyss; /* Each stack pointer address is followed by the size of the @@ -1027,7 +1251,7 @@ yyparse () yystacksize = YYMAXDEPTH; { - short int *yyss1 = yyss; + yytype_int16 *yyss1 = yyss; union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) @@ -1062,12 +1286,10 @@ yyparse () `-----------*/ yybackup: -/* Do appropriate processing given the current state. */ -/* Read a look-ahead token if we need one and don't already have one. */ -/* yyresume: */ + /* Do appropriate processing given the current state. Read a + look-ahead token if we need one and don't already have one. */ /* First try to decide what to do without reference to look-ahead token. */ - yyn = yypact[yystate]; if (yyn == YYPACT_NINF) goto yydefault; @@ -1109,22 +1331,21 @@ yybackup: if (yyn == YYFINAL) YYACCEPT; + /* Count tokens shifted since error; after three, turn off error + status. */ + if (yyerrstatus) + yyerrstatus--; + /* Shift the look-ahead token. */ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); - /* Discard the token being shifted unless it is eof. */ + /* Discard the shifted token unless it is eof. */ if (yychar != YYEOF) yychar = YYEMPTY; + yystate = yyn; *++yyvsp = yylval; - - /* Count tokens shifted since error; after three, turn off error - status. */ - if (yyerrstatus) - yyerrstatus--; - - yystate = yyn; goto yynewstate; @@ -1160,51 +1381,51 @@ yyreduce: switch (yyn) { case 6: -#line 73 "parse.y" +#line 73 "./heimdal/lib/com_err/parse.y" { - id_str = (yyvsp[0].string); + id_str = (yyvsp[(2) - (2)].string); } break; case 7: -#line 79 "parse.y" +#line 79 "./heimdal/lib/com_err/parse.y" { - base_id = name2number((yyvsp[0].string)); - strlcpy(name, (yyvsp[0].string), sizeof(name)); - free((yyvsp[0].string)); + base_id = name2number((yyvsp[(2) - (2)].string)); + strlcpy(name, (yyvsp[(2) - (2)].string), sizeof(name)); + free((yyvsp[(2) - (2)].string)); } break; case 8: -#line 85 "parse.y" +#line 85 "./heimdal/lib/com_err/parse.y" { - base_id = name2number((yyvsp[-1].string)); - strlcpy(name, (yyvsp[0].string), sizeof(name)); - free((yyvsp[-1].string)); - free((yyvsp[0].string)); + base_id = name2number((yyvsp[(2) - (3)].string)); + strlcpy(name, (yyvsp[(3) - (3)].string), sizeof(name)); + free((yyvsp[(2) - (3)].string)); + free((yyvsp[(3) - (3)].string)); } break; case 11: -#line 98 "parse.y" +#line 98 "./heimdal/lib/com_err/parse.y" { - number = (yyvsp[0].number); + number = (yyvsp[(2) - (2)].number); } break; case 12: -#line 102 "parse.y" +#line 102 "./heimdal/lib/com_err/parse.y" { free(prefix); - asprintf (&prefix, "%s_", (yyvsp[0].string)); + asprintf (&prefix, "%s_", (yyvsp[(2) - (2)].string)); if (prefix == NULL) errx(1, "malloc"); - free((yyvsp[0].string)); + free((yyvsp[(2) - (2)].string)); } break; case 13: -#line 110 "parse.y" +#line 110 "./heimdal/lib/com_err/parse.y" { prefix = realloc(prefix, 1); if (prefix == NULL) @@ -1214,7 +1435,7 @@ yyreduce: break; case 14: -#line 117 "parse.y" +#line 117 "./heimdal/lib/com_err/parse.y" { struct error_code *ec = malloc(sizeof(*ec)); @@ -1224,36 +1445,34 @@ yyreduce: ec->next = NULL; ec->number = number; if(prefix && *prefix != '\0') { - asprintf (&ec->name, "%s%s", prefix, (yyvsp[-2].string)); + asprintf (&ec->name, "%s%s", prefix, (yyvsp[(2) - (4)].string)); if (ec->name == NULL) errx(1, "malloc"); - free((yyvsp[-2].string)); + free((yyvsp[(2) - (4)].string)); } else - ec->name = (yyvsp[-2].string); - ec->string = (yyvsp[0].string); + ec->name = (yyvsp[(2) - (4)].string); + ec->string = (yyvsp[(4) - (4)].string); APPEND(codes, ec); number++; } break; case 15: -#line 137 "parse.y" +#line 137 "./heimdal/lib/com_err/parse.y" { YYACCEPT; } break; +/* Line 1267 of yacc.c. */ +#line 1470 "./heimdal/lib/com_err/parse.y" default: break; } + YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); -/* Line 1126 of yacc.c. */ -#line 1252 "$base.c" - - yyvsp -= yylen; - yyssp -= yylen; - - + YYPOPSTACK (yylen); + yylen = 0; YY_STACK_PRINT (yyss, yyssp); *++yyvsp = yyval; @@ -1282,110 +1501,41 @@ yyerrlab: if (!yyerrstatus) { ++yynerrs; -#if YYERROR_VERBOSE - yyn = yypact[yystate]; - - if (YYPACT_NINF < yyn && yyn < YYLAST) - { - int yytype = YYTRANSLATE (yychar); - YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); - YYSIZE_T yysize = yysize0; - YYSIZE_T yysize1; - int yysize_overflow = 0; - char *yymsg = 0; -# define YYERROR_VERBOSE_ARGS_MAXIMUM 5 - char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; - int yyx; - -#if 0 - /* This is so xgettext sees the translatable formats that are - constructed on the fly. */ - YY_("syntax error, unexpected %s"); - YY_("syntax error, unexpected %s, expecting %s"); - YY_("syntax error, unexpected %s, expecting %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); -#endif - char *yyfmt; - char const *yyf; - static char const yyunexpected[] = "syntax error, unexpected %s"; - static char const yyexpecting[] = ", expecting %s"; - static char const yyor[] = " or %s"; - char yyformat[sizeof yyunexpected - + sizeof yyexpecting - 1 - + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) - * (sizeof yyor - 1))]; - char const *yyprefix = yyexpecting; - - /* Start YYX at -YYN if negative to avoid negative indexes in - YYCHECK. */ - int yyxbegin = yyn < 0 ? -yyn : 0; - - /* Stay within bounds of both yycheck and yytname. */ - int yychecklim = YYLAST - yyn; - int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; - int yycount = 1; - - yyarg[0] = yytname[yytype]; - yyfmt = yystpcpy (yyformat, yyunexpected); - - for (yyx = yyxbegin; yyx < yyxend; ++yyx) - if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) +#if ! YYERROR_VERBOSE + yyerror (YY_("syntax error")); +#else + { + YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); + if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) + { + YYSIZE_T yyalloc = 2 * yysize; + if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) + yyalloc = YYSTACK_ALLOC_MAXIMUM; + if (yymsg != yymsgbuf) + YYSTACK_FREE (yymsg); + yymsg = (char *) YYSTACK_ALLOC (yyalloc); + if (yymsg) + yymsg_alloc = yyalloc; + else { - if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) - { - yycount = 1; - yysize = yysize0; - yyformat[sizeof yyunexpected - 1] = '\0'; - break; - } - yyarg[yycount++] = yytname[yyx]; - yysize1 = yysize + yytnamerr (0, yytname[yyx]); - yysize_overflow |= yysize1 < yysize; - yysize = yysize1; - yyfmt = yystpcpy (yyfmt, yyprefix); - yyprefix = yyor; + yymsg = yymsgbuf; + yymsg_alloc = sizeof yymsgbuf; } + } - yyf = YY_(yyformat); - yysize1 = yysize + yystrlen (yyf); - yysize_overflow |= yysize1 < yysize; - yysize = yysize1; - - if (!yysize_overflow && yysize <= YYSTACK_ALLOC_MAXIMUM) - yymsg = (char *) YYSTACK_ALLOC (yysize); - if (yymsg) - { - /* Avoid sprintf, as that infringes on the user's name space. - Don't have undefined behavior even if the translation - produced a string with the wrong number of "%s"s. */ - char *yyp = yymsg; - int yyi = 0; - while ((*yyp = *yyf)) - { - if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) - { - yyp += yytnamerr (yyp, yyarg[yyi++]); - yyf += 2; - } - else - { - yyp++; - yyf++; - } - } - yyerror (yymsg); - YYSTACK_FREE (yymsg); - } - else - { - yyerror (YY_("syntax error")); + if (0 < yysize && yysize <= yymsg_alloc) + { + (void) yysyntax_error (yymsg, yystate, yychar); + yyerror (yymsg); + } + else + { + yyerror (YY_("syntax error")); + if (yysize != 0) goto yyexhaustedlab; - } - } - else -#endif /* YYERROR_VERBOSE */ - yyerror (YY_("syntax error")); + } + } +#endif } @@ -1396,14 +1546,15 @@ yyerrlab: error, discard it. */ if (yychar <= YYEOF) - { + { /* Return failure if at end of input. */ if (yychar == YYEOF) YYABORT; - } + } else { - yydestruct ("Error: discarding", yytoken, &yylval); + yydestruct ("Error: discarding", + yytoken, &yylval); yychar = YYEMPTY; } } @@ -1421,11 +1572,14 @@ yyerrorlab: /* Pacify compilers like GCC when the user code never invokes YYERROR and the label yyerrorlab therefore never appears in user code. */ - if (0) + if (/*CONSTCOND*/ 0) goto yyerrorlab; -yyvsp -= yylen; - yyssp -= yylen; + /* Do not reclaim the symbols of the rule which action triggered + this YYERROR. */ + YYPOPSTACK (yylen); + yylen = 0; + YY_STACK_PRINT (yyss, yyssp); yystate = *yyssp; goto yyerrlab1; @@ -1455,8 +1609,9 @@ yyerrlab1: YYABORT; - yydestruct ("Error: popping", yystos[yystate], yyvsp); - YYPOPSTACK; + yydestruct ("Error: popping", + yystos[yystate], yyvsp); + YYPOPSTACK (1); yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); } @@ -1467,7 +1622,7 @@ yyerrlab1: *++yyvsp = yylval; - /* Shift the error token. */ + /* Shift the error token. */ YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); yystate = yyn; @@ -1502,21 +1657,30 @@ yyreturn: if (yychar != YYEOF && yychar != YYEMPTY) yydestruct ("Cleanup: discarding lookahead", yytoken, &yylval); + /* Do not reclaim the symbols of the rule which action triggered + this YYABORT or YYACCEPT. */ + YYPOPSTACK (yylen); + YY_STACK_PRINT (yyss, yyssp); while (yyssp != yyss) { yydestruct ("Cleanup: popping", yystos[*yyssp], yyvsp); - YYPOPSTACK; + YYPOPSTACK (1); } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); #endif - return yyresult; +#if YYERROR_VERBOSE + if (yymsg != yymsgbuf) + YYSTACK_FREE (yymsg); +#endif + /* Make sure YYID is used. */ + return YYID (yyresult); } -#line 142 "parse.y" +#line 142 "./heimdal/lib/com_err/parse.y" static long diff --git a/source4/heimdal/lib/com_err/parse.h b/source4/heimdal/lib/com_err/parse.h index 2f9755e19b..cb1d09276c 100644 --- a/source4/heimdal/lib/com_err/parse.h +++ b/source4/heimdal/lib/com_err/parse.h @@ -1,7 +1,9 @@ -/* A Bison parser, made by GNU Bison 2.1. */ +/* A Bison parser, made by GNU Bison 2.3. */ -/* Skeleton parser for Yacc-like parsing with Bison, - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. +/* Skeleton interface for Bison's Yacc-like parsers in C + + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 + Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -18,10 +20,18 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ -/* As a special exception, when this file is copied by Bison into a - Bison output file, you may use that output file without restriction. - This special exception was added by the Free Software Foundation - in version 1.24 of Bison. */ +/* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work + under terms of your choice, so long as that work isn't itself a + parser generator using the skeleton or a modified version thereof + as a parser skeleton. Alternatively, if you modify or redistribute + the parser skeleton itself, you may (at your option) remove this + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. + + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. */ /* Tokens. */ #ifndef YYTOKENTYPE @@ -52,14 +62,16 @@ -#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED) -#line 53 "parse.y" -typedef union YYSTYPE { +#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED +typedef union YYSTYPE +#line 53 "./heimdal/lib/com_err/parse.y" +{ char *string; int number; -} YYSTYPE; -/* Line 1447 of yacc.c. */ -#line 63 "parse.h" +} +/* Line 1489 of yacc.c. */ +#line 74 "./heimdal/lib/com_err/parse.y" + YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 @@ -67,5 +79,3 @@ typedef union YYSTYPE { extern YYSTYPE yylval; - - -- cgit From 548ffe7cf6856c7295daf3344a734a23119315df Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 7 Mar 2007 11:42:21 +0000 Subject: r21746: We don't link in this file any more. (This used to be commit 123ae858c77c2507bdac6a93be1e2932a3fd7375) --- source4/heimdal/kdc/config.c | 359 ------------------------------------------- 1 file changed, 359 deletions(-) delete mode 100644 source4/heimdal/kdc/config.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/config.c b/source4/heimdal/kdc/config.c deleted file mode 100644 index 3c855607a4..0000000000 --- a/source4/heimdal/kdc/config.c +++ /dev/null @@ -1,359 +0,0 @@ -/* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "kdc_locl.h" -#include -#include - -RCSID("$Id: config.c,v 1.82 2007/01/03 18:52:45 lha Exp $"); - -struct dbinfo { - char *realm; - char *dbname; - char *mkey_file; - struct dbinfo *next; -}; - -static const char *config_file; /* location of kdc config file */ -static char *max_request_str; /* `max_request' as a string */ - -static int builtin_hdb_flag; -static int help_flag; -static int version_flag; - -static struct getarg_strings addresses_str; /* addresses to listen on */ - -static struct getargs args[] = { - { - "config-file", 'c', arg_string, &config_file, - "location of config file", "file" - }, - { - "require-preauth", 'p', arg_negative_flag, &require_preauth, - "don't require pa-data in as-reqs" - }, - { - "max-request", 0, arg_string, &max_request, - "max size for a kdc-request", "size" - }, - { "enable-http", 'H', arg_flag, &enable_http, "turn on HTTP support" }, - { "524", 0, arg_negative_flag, &enable_524, - "don't respond to 524 requests" - }, - { - "kaserver", 'K', arg_flag, &enable_kaserver, - "enable kaserver support" - }, - { "kerberos4", 0, arg_flag, &enable_v4, - "respond to kerberos 4 requests" - }, - { - "v4-realm", 'r', arg_string, &v4_realm, - "realm to serve v4-requests for" - }, - { "kerberos4-cross-realm", 0, arg_flag, - &enable_v4_cross_realm, - "respond to kerberos 4 requests from foreign realms" - }, - { "ports", 'P', arg_string, &port_str, - "ports to listen to", "portspec" - }, -#if DETACH_IS_DEFAULT - { - "detach", 'D', arg_negative_flag, &detach_from_console, - "don't detach from console" - }, -#else - { - "detach", 0 , arg_flag, &detach_from_console, - "detach from console" - }, -#endif - { "addresses", 0, arg_strings, &addresses_str, - "addresses to listen on", "list of addresses" }, - { "disable-des", 0, arg_flag, &disable_des, - "disable DES" }, - { "builtin-hdb", 0, arg_flag, &builtin_hdb_flag, - "list builtin hdb backends"}, - { "help", 'h', arg_flag, &help_flag }, - { "version", 'v', arg_flag, &version_flag } -}; - -static int num_args = sizeof(args) / sizeof(args[0]); - -static void -usage(int ret) -{ - arg_printusage (args, num_args, NULL, ""); - exit (ret); -} - -static void -get_dbinfo(krb5_context context, krb5_kdc_configuration *config) -{ - const krb5_config_binding *top_binding = NULL; - const krb5_config_binding *db_binding; - const krb5_config_binding *default_binding = NULL; - struct dbinfo *di, **dt; - const char *default_dbname = HDB_DEFAULT_DB; - const char *default_mkey = HDB_DB_DIR "/m-key"; - const char *p; - krb5_error_code ret; - - struct dbinfo *databases = NULL; - - dt = &databases; - while((db_binding = (const krb5_config_binding *) - krb5_config_get_next(context, NULL, &top_binding, - krb5_config_list, - "kdc", - "database", - NULL))) { - p = krb5_config_get_string(context, db_binding, "realm", NULL); - if(p == NULL) { - if(default_binding) { - krb5_warnx(context, "WARNING: more than one realm-less " - "database specification"); - krb5_warnx(context, "WARNING: using the first encountered"); - } else - default_binding = db_binding; - continue; - } - di = calloc(1, sizeof(*di)); - di->realm = strdup(p); - p = krb5_config_get_string(context, db_binding, "dbname", NULL); - if(p) - di->dbname = strdup(p); - p = krb5_config_get_string(context, db_binding, "mkey_file", NULL); - if(p) - di->mkey_file = strdup(p); - *dt = di; - dt = &di->next; - } - if(default_binding) { - di = calloc(1, sizeof(*di)); - p = krb5_config_get_string(context, default_binding, "dbname", NULL); - if(p) { - di->dbname = strdup(p); - default_dbname = p; - } - p = krb5_config_get_string(context, default_binding, "mkey_file", NULL); - if(p) { - di->mkey_file = strdup(p); - default_mkey = p; - } - *dt = di; - dt = &di->next; - } else if(databases == NULL) { - /* if there are none specified, use some default */ - di = calloc(1, sizeof(*di)); - di->dbname = strdup(default_dbname); - di->mkey_file = strdup(default_mkey); - *dt = di; - dt = &di->next; - } - for(di = databases; di; di = di->next) { - if(di->dbname == NULL) - di->dbname = strdup(default_dbname); - if(di->mkey_file == NULL) { - p = strrchr(di->dbname, '.'); - if(p == NULL || strchr(p, '/') != NULL) - /* final pathname component does not contain a . */ - asprintf(&di->mkey_file, "%s.mkey", di->dbname); - else - /* the filename is something.else, replace .else with - .mkey */ - asprintf(&di->mkey_file, "%.*s.mkey", - (int)(p - di->dbname), di->dbname); - } - } - - if (databases == NULL) { - config->db = malloc(sizeof(*config->db)); - config->num_db = 1; - ret = hdb_create(context, &config->db[0], NULL); - if(ret) - krb5_err(context, 1, ret, "hdb_create %s", HDB_DEFAULT_DB); - ret = hdb_set_master_keyfile(context, config->db[0], NULL); - if (ret) - krb5_err(context, 1, ret, "hdb_set_master_keyfile"); - } else { - struct dbinfo *d; - int i; - /* count databases */ - for(d = databases, i = 0; d; d = d->next, i++); - config->db = malloc(i * sizeof(*config->db)); - for(d = databases, config->num_db = 0; d; d = d->next, config->num_db++) { - ret = hdb_create(context, &config->db[config->num_db], d->dbname); - if(ret) - krb5_err(context, 1, ret, "hdb_create %s", d->dbname); - ret = hdb_set_master_keyfile(context, config->db[config->num_db], d->mkey_file); - if (ret) - krb5_err(context, 1, ret, "hdb_set_master_keyfile"); - } - } - -} - -static void -add_one_address (krb5_context context, const char *str, int first) -{ - krb5_error_code ret; - krb5_addresses tmp; - - ret = krb5_parse_address (context, str, &tmp); - if (ret) - krb5_err (context, 1, ret, "parse_address `%s'", str); - if (first) - krb5_copy_addresses(context, &tmp, &explicit_addresses); - else - krb5_append_addresses(context, &explicit_addresses, &tmp); - krb5_free_addresses (context, &tmp); -} - -krb5_kdc_configuration * -configure(krb5_context context, int argc, char **argv) -{ - const char *p; - krb5_kdc_configuration *config; - krb5_error_code ret; - int optidx = 0; - - while(getarg(args, num_args, argc, argv, &optidx)) - warnx("error at argument `%s'", argv[optidx]); - - if(help_flag) - usage (0); - - if (version_flag) { - print_version(NULL); - exit(0); - } - - if (builtin_hdb_flag) { - char *list; - ret = hdb_list_builtin(context, &list); - if (ret) - krb5_err(context, 1, ret, "listing builtin hdb backends"); - printf("builtin hdb backends: %s\n", list); - free(list); - exit(0); - } - - argc -= optidx; - argv += optidx; - - if (argc != 0) - usage(1); - - { - char **files; - - if(config_file == NULL) - config_file = _PATH_KDC_CONF; - - ret = krb5_prepend_config_files_default(config_file, &files); - if (ret) - krb5_err(context, 1, ret, "getting configuration files"); - - ret = krb5_set_config_files(context, files); - krb5_free_config_files(files); - if(ret) - krb5_err(context, 1, ret, "reading configuration files"); - } - - if(max_request_str) - max_request = parse_bytes(max_request_str, NULL); - - if(max_request == 0){ - p = krb5_config_get_string (context, - NULL, - "kdc", - "max-request", - NULL); - if(p) - max_request = parse_bytes(p, NULL); - } - - if(max_request == 0) - max_request = 64 * 1024; - - if(port_str == NULL){ - p = krb5_config_get_string(context, NULL, "kdc", "ports", NULL); - if (p != NULL) - port_str = strdup(p); - } - - if (port_str == NULL) - port_str = "+"; - - explicit_addresses.len = 0; - - if (addresses_str.num_strings) { - int i; - - for (i = 0; i < addresses_str.num_strings; ++i) - add_one_address (context, addresses_str.strings[i], i == 0); - free_getarg_strings (&addresses_str); - } else { - char **foo = krb5_config_get_strings (context, NULL, - "kdc", "addresses", NULL); - - if (foo != NULL) { - add_one_address (context, *foo++, TRUE); - while (*foo) - add_one_address (context, *foo++, FALSE); - } - } - - if(enable_http == -1) - enable_http = krb5_config_get_bool(context, NULL, "kdc", - "enable-http", NULL); - - config = malloc(sizeof(*config)); - - if (!config) { - return NULL; - } - - krb5_kdc_default_config(config); - - kdc_openlog(context, config); - - get_dbinfo(context, config); - - krb5_kdc_configure(context, config); - - return config; -} -- cgit From cc275f011ea8ca17d270de6946eb54015a4f7055 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 12 Apr 2007 11:23:58 +0000 Subject: r22191: Add a samba4kinit binary to the build, so I can test using an existing ccache, as well as PKINIT. Andrew Bartlett (This used to be commit 440b8d9e4b09d5e8c943504ade85c17f752fe705) --- source4/heimdal/kuser/kinit.c | 930 ++++++++++++++++++++++++++++++ source4/heimdal/kuser/kuser_locl.h | 90 +++ source4/heimdal/lib/krb5/convert_creds.c | 179 ++++++ source4/heimdal/lib/krb5/prompter_posix.c | 74 +++ 4 files changed, 1273 insertions(+) create mode 100644 source4/heimdal/kuser/kinit.c create mode 100644 source4/heimdal/kuser/kuser_locl.h create mode 100644 source4/heimdal/lib/krb5/convert_creds.c create mode 100644 source4/heimdal/lib/krb5/prompter_posix.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/kuser/kinit.c b/source4/heimdal/kuser/kinit.c new file mode 100644 index 0000000000..667e0963b0 --- /dev/null +++ b/source4/heimdal/kuser/kinit.c @@ -0,0 +1,930 @@ +/* + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kuser_locl.h" +RCSID("$Id: kinit.c,v 1.141 2006/12/12 16:35:41 lha Exp $"); + +#ifndef KRB4 +#include "krb5-v4compat.h" +#endif + +struct krb5_pk_identity; +struct krb5_pk_cert; +struct ContentInfo; +struct _krb5_krb_auth_data; +struct krb5_dh_moduli; +struct krb5_plugin; +enum plugin_type; +#include "krb5-private.h" + +int forwardable_flag = -1; +int proxiable_flag = -1; +int renewable_flag = -1; +int renew_flag = 0; +int pac_flag = -1; +int validate_flag = 0; +int version_flag = 0; +int help_flag = 0; +int addrs_flag = -1; +struct getarg_strings extra_addresses; +int anonymous_flag = 0; +char *lifetime = NULL; +char *renew_life = NULL; +char *server_str = NULL; +char *cred_cache = NULL; +char *start_str = NULL; +struct getarg_strings etype_str; +int use_keytab = 0; +char *keytab_str = NULL; +int do_afslog = -1; +int get_v4_tgt = -1; +int convert_524 = 0; +int fcache_version; +char *password_file = NULL; +char *pk_user_id = NULL; +char *pk_x509_anchors = NULL; +int pk_use_enckey = 0; + +static char *krb4_cc_name; + +static struct getargs args[] = { + /* + * used by MIT + * a: ~A + * V: verbose + * F: ~f + * P: ~p + * C: v4 cache name? + * 5: + */ + { "524init", '4', arg_flag, &get_v4_tgt, + "obtain version 4 TGT" }, + + { "524convert", '9', arg_flag, &convert_524, + "only convert ticket to version 4" }, + + { "afslog", 0 , arg_flag, &do_afslog, + "obtain afs tokens" }, + + { "cache", 'c', arg_string, &cred_cache, + "credentials cache", "cachename" }, + + { "forwardable", 'f', arg_flag, &forwardable_flag, + "get forwardable tickets"}, + + { "keytab", 't', arg_string, &keytab_str, + "keytab to use", "keytabname" }, + + { "lifetime", 'l', arg_string, &lifetime, + "lifetime of tickets", "time"}, + + { "proxiable", 'p', arg_flag, &proxiable_flag, + "get proxiable tickets" }, + + { "renew", 'R', arg_flag, &renew_flag, + "renew TGT" }, + + { "renewable", 0, arg_flag, &renewable_flag, + "get renewable tickets" }, + + { "renewable-life", 'r', arg_string, &renew_life, + "renewable lifetime of tickets", "time" }, + + { "server", 'S', arg_string, &server_str, + "server to get ticket for", "principal" }, + + { "start-time", 's', arg_string, &start_str, + "when ticket gets valid", "time" }, + + { "use-keytab", 'k', arg_flag, &use_keytab, + "get key from keytab" }, + + { "validate", 'v', arg_flag, &validate_flag, + "validate TGT" }, + + { "enctypes", 'e', arg_strings, &etype_str, + "encryption types to use", "enctypes" }, + + { "fcache-version", 0, arg_integer, &fcache_version, + "file cache version to create" }, + + { "addresses", 'A', arg_negative_flag, &addrs_flag, + "request a ticket with no addresses" }, + + { "extra-addresses",'a', arg_strings, &extra_addresses, + "include these extra addresses", "addresses" }, + + { "anonymous", 0, arg_flag, &anonymous_flag, + "request an anonymous ticket" }, + + { "request-pac", 0, arg_flag, &pac_flag, + "request a Windows PAC" }, + + { "password-file", 0, arg_string, &password_file, + "read the password from a file" }, + +#ifdef PKINIT + { "pk-user", 'C', arg_string, &pk_user_id, + "principal's public/private/certificate identifier", + "id" }, + + { "x509-anchors", 'D', arg_string, &pk_x509_anchors, + "directory with CA certificates", "directory" }, + + { "pk-use-enckey", 0, arg_flag, &pk_use_enckey, + "Use RSA encrypted reply (instead of DH)" }, + +#endif + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; + +static void +usage (int ret) +{ + arg_printusage (args, + sizeof(args)/sizeof(*args), + NULL, + "[principal [command]]"); + exit (ret); +} + +#ifdef KRB4 +/* for when the KDC tells us it's a v4 one, we try to talk that */ + +static int +key_to_key(const char *user, + char *instance, + const char *realm, + const void *arg, + des_cblock *key) +{ + memcpy(key, arg, sizeof(des_cblock)); + return 0; +} + +static int +do_v4_fallback (krb5_context context, + const krb5_principal principal, + int lifetime, + int use_srvtab, const char *srvtab_str, + const char *passwd) +{ + int ret; + krb_principal princ; + des_cblock key; + krb5_error_code kret; + + if (lifetime == 0) + lifetime = DEFAULT_TKT_LIFE; + else + lifetime = krb_time_to_life (0, lifetime); + + kret = krb5_524_conv_principal (context, principal, + princ.name, + princ.instance, + princ.realm); + if (kret) { + krb5_warn (context, kret, "krb5_524_conv_principal"); + return 1; + } + + if (use_srvtab || srvtab_str) { + if (srvtab_str == NULL) + srvtab_str = KEYFILE; + + ret = read_service_key (princ.name, princ.instance, princ.realm, + 0, srvtab_str, (char *)&key); + if (ret) { + warnx ("read_service_key %s: %s", srvtab_str, + krb_get_err_text (ret)); + return 1; + } + ret = krb_get_in_tkt (princ.name, princ.instance, princ.realm, + KRB_TICKET_GRANTING_TICKET, princ.realm, + lifetime, key_to_key, NULL, key); + } else { + ret = krb_get_pw_in_tkt(princ.name, princ.instance, princ.realm, + KRB_TICKET_GRANTING_TICKET, princ.realm, + lifetime, passwd); + } + memset (key, 0, sizeof(key)); + if (ret) { + warnx ("%s", krb_get_err_text(ret)); + return 1; + } + if (do_afslog && k_hasafs()) { + if ((ret = krb_afslog(NULL, NULL)) != 0 && ret != KDC_PR_UNKNOWN) { + if(ret > 0) + warnx ("%s", krb_get_err_text(ret)); + else + warnx ("failed to store AFS token"); + } + } + return 0; +} + + +/* + * the special version of get_default_principal that takes v4 into account + */ + +static krb5_error_code +kinit_get_default_principal (krb5_context context, + krb5_principal *princ) +{ + krb5_error_code ret; + krb5_ccache id; + krb_principal v4_princ; + int kret; + + ret = krb5_cc_default (context, &id); + if (ret == 0) { + ret = krb5_cc_get_principal (context, id, princ); + krb5_cc_close (context, id); + if (ret == 0) + return 0; + } + + kret = krb_get_tf_fullname (tkt_string(), + v4_princ.name, + v4_princ.instance, + v4_princ.realm); + if (kret == KSUCCESS) { + ret = krb5_425_conv_principal (context, + v4_princ.name, + v4_princ.instance, + v4_princ.realm, + princ); + if (ret == 0) + return 0; + } + return krb5_get_default_principal (context, princ); +} + +#else /* !KRB4 */ + +static krb5_error_code +kinit_get_default_principal (krb5_context context, + krb5_principal *princ) +{ + return krb5_get_default_principal (context, princ); +} + +#endif /* !KRB4 */ + +static krb5_error_code +get_server(krb5_context context, + krb5_principal client, + const char *server, + krb5_principal *princ) +{ + krb5_realm *client_realm; + if(server) + return krb5_parse_name(context, server, princ); + + client_realm = krb5_princ_realm (context, client); + return krb5_make_principal(context, princ, *client_realm, + KRB5_TGS_NAME, *client_realm, NULL); +} + +static krb5_error_code +do_524init(krb5_context context, krb5_ccache ccache, + krb5_creds *creds, const char *server) +{ + krb5_error_code ret; + + struct credentials c; + krb5_creds in_creds, *real_creds; + + if(creds != NULL) + real_creds = creds; + else { + krb5_principal client; + krb5_cc_get_principal(context, ccache, &client); + memset(&in_creds, 0, sizeof(in_creds)); + ret = get_server(context, client, server, &in_creds.server); + if(ret) { + krb5_free_principal(context, client); + return ret; + } + in_creds.client = client; + ret = krb5_get_credentials(context, 0, ccache, &in_creds, &real_creds); + krb5_free_principal(context, client); + krb5_free_principal(context, in_creds.server); + if(ret) + return ret; + } + ret = krb524_convert_creds_kdc_ccache(context, ccache, real_creds, &c); + if(ret) + krb5_warn(context, ret, "converting creds"); + else { + krb5_error_code tret = _krb5_krb_tf_setup(context, &c, NULL, 0); + if(tret) + krb5_warn(context, tret, "saving v4 creds"); + } + + if(creds == NULL) + krb5_free_creds(context, real_creds); + memset(&c, 0, sizeof(c)); + + return ret; +} + +static int +renew_validate(krb5_context context, + int renew, + int validate, + krb5_ccache cache, + const char *server, + krb5_deltat life) +{ + krb5_error_code ret; + krb5_creds in, *out = NULL; + krb5_kdc_flags flags; + + memset(&in, 0, sizeof(in)); + + ret = krb5_cc_get_principal(context, cache, &in.client); + if(ret) { + krb5_warn(context, ret, "krb5_cc_get_principal"); + return ret; + } + ret = get_server(context, in.client, server, &in.server); + if(ret) { + krb5_warn(context, ret, "get_server"); + goto out; + } + + if (renew) { + /* + * no need to check the error here, its only to be + * friendly to the user + */ + krb5_get_credentials(context, KRB5_GC_CACHED, cache, &in, &out); + } + + flags.i = 0; + flags.b.renewable = flags.b.renew = renew; + flags.b.validate = validate; + + if (forwardable_flag != -1) + flags.b.forwardable = forwardable_flag; + else if (out) + flags.b.forwardable = out->flags.b.forwardable; + + if (proxiable_flag != -1) + flags.b.proxiable = proxiable_flag; + else if (out) + flags.b.proxiable = out->flags.b.proxiable; + + if (anonymous_flag != -1) + flags.b.request_anonymous = anonymous_flag; + if(life) + in.times.endtime = time(NULL) + life; + + if (out) { + krb5_free_creds (context, out); + out = NULL; + } + + + ret = krb5_get_kdc_cred(context, + cache, + flags, + NULL, + NULL, + &in, + &out); + if(ret) { + krb5_warn(context, ret, "krb5_get_kdc_cred"); + goto out; + } + ret = krb5_cc_initialize(context, cache, in.client); + if(ret) { + krb5_free_creds (context, out); + krb5_warn(context, ret, "krb5_cc_initialize"); + goto out; + } + ret = krb5_cc_store_cred(context, cache, out); + + if(ret == 0 && server == NULL) { + /* only do this if it's a general renew-my-tgt request */ + if(get_v4_tgt) + do_524init(context, cache, out, NULL); + if(do_afslog && k_hasafs()) + krb5_afslog(context, cache, NULL, NULL); + } + + krb5_free_creds (context, out); + if(ret) { + krb5_warn(context, ret, "krb5_cc_store_cred"); + goto out; + } +out: + krb5_free_cred_contents(context, &in); + return ret; +} + +static krb5_error_code +get_new_tickets(krb5_context context, + krb5_principal principal, + krb5_ccache ccache, + krb5_deltat ticket_life, + int interactive) +{ + krb5_error_code ret; + krb5_get_init_creds_opt *opt; + krb5_creds cred; + char passwd[256]; + krb5_deltat start_time = 0; + krb5_deltat renew = 0; + char *renewstr = NULL; + krb5_enctype *enctype = NULL; + + passwd[0] = '\0'; + + if (password_file) { + FILE *f; + + if (strcasecmp("STDIN", password_file) == 0) + f = stdin; + else + f = fopen(password_file, "r"); + if (f == NULL) + krb5_errx(context, 1, "Failed to open the password file %s", + password_file); + + if (fgets(passwd, sizeof(passwd), f) == NULL) + krb5_errx(context, 1, + "Failed to read password from file %s", password_file); + if (f != stdin) + fclose(f); + passwd[strcspn(passwd, "\n")] = '\0'; + } + + + memset(&cred, 0, sizeof(cred)); + + ret = krb5_get_init_creds_opt_alloc (context, &opt); + if (ret) + krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc"); + + krb5_get_init_creds_opt_set_default_flags(context, "kinit", + /* XXX */principal->realm, opt); + + if(forwardable_flag != -1) + krb5_get_init_creds_opt_set_forwardable (opt, forwardable_flag); + if(proxiable_flag != -1) + krb5_get_init_creds_opt_set_proxiable (opt, proxiable_flag); + if(anonymous_flag != -1) + krb5_get_init_creds_opt_set_anonymous (opt, anonymous_flag); + if (pac_flag != -1) + krb5_get_init_creds_opt_set_pac_request(context, opt, + pac_flag ? TRUE : FALSE); + if (pk_user_id) { + ret = krb5_get_init_creds_opt_set_pkinit(context, opt, + principal, + pk_user_id, + pk_x509_anchors, + NULL, + NULL, + pk_use_enckey ? 2 : 0, + krb5_prompter_posix, + NULL, + passwd); + if (ret) + krb5_err(context, 1, ret, "krb5_get_init_creds_opt_set_pkinit"); + } + + if (addrs_flag != -1) + krb5_get_init_creds_opt_set_addressless(context, opt, + addrs_flag ? FALSE : TRUE); + + if (renew_life == NULL && renewable_flag) + renewstr = "1 month"; + if (renew_life) + renewstr = renew_life; + if (renewstr) { + renew = parse_time (renewstr, "s"); + if (renew < 0) + errx (1, "unparsable time: %s", renewstr); + + krb5_get_init_creds_opt_set_renew_life (opt, renew); + } + + if(ticket_life != 0) + krb5_get_init_creds_opt_set_tkt_life (opt, ticket_life); + + if(start_str) { + int tmp = parse_time (start_str, "s"); + if (tmp < 0) + errx (1, "unparsable time: %s", start_str); + + start_time = tmp; + } + + if(etype_str.num_strings) { + int i; + + enctype = malloc(etype_str.num_strings * sizeof(*enctype)); + if(enctype == NULL) + errx(1, "out of memory"); + for(i = 0; i < etype_str.num_strings; i++) { + ret = krb5_string_to_enctype(context, + etype_str.strings[i], + &enctype[i]); + if(ret) + errx(1, "unrecognized enctype: %s", etype_str.strings[i]); + } + krb5_get_init_creds_opt_set_etype_list(opt, enctype, + etype_str.num_strings); + } + + if(use_keytab || keytab_str) { + krb5_keytab kt; + if(keytab_str) + ret = krb5_kt_resolve(context, keytab_str, &kt); + else + ret = krb5_kt_default(context, &kt); + if (ret) + krb5_err (context, 1, ret, "resolving keytab"); + ret = krb5_get_init_creds_keytab (context, + &cred, + principal, + kt, + start_time, + server_str, + opt); + krb5_kt_close(context, kt); + } else if (pk_user_id) { + ret = krb5_get_init_creds_password (context, + &cred, + principal, + passwd, + krb5_prompter_posix, + NULL, + start_time, + server_str, + opt); + } else if (!interactive) { + krb5_warnx(context, "Not interactive, failed to get initial ticket"); + krb5_get_init_creds_opt_free(context, opt); + return 0; + } else { + + if (passwd[0] == '\0') { + char *p, *prompt; + + krb5_unparse_name (context, principal, &p); + asprintf (&prompt, "%s's Password: ", p); + free (p); + + if (UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){ + memset(passwd, 0, sizeof(passwd)); + exit(1); + } + free (prompt); + } + + + ret = krb5_get_init_creds_password (context, + &cred, + principal, + passwd, + krb5_prompter_posix, + NULL, + start_time, + server_str, + opt); + } + krb5_get_init_creds_opt_free(context, opt); +#ifdef KRB4 + if (ret == KRB5KRB_AP_ERR_V4_REPLY || ret == KRB5_KDC_UNREACH) { + int exit_val; + + exit_val = do_v4_fallback (context, principal, ticket_life, + use_keytab, keytab_str, passwd); + get_v4_tgt = 0; + do_afslog = 0; + memset(passwd, 0, sizeof(passwd)); + if (exit_val == 0 || ret == KRB5KRB_AP_ERR_V4_REPLY) + return exit_val; + } +#endif + memset(passwd, 0, sizeof(passwd)); + + switch(ret){ + case 0: + break; + case KRB5_LIBOS_PWDINTR: /* don't print anything if it was just C-c:ed */ + exit(1); + case KRB5KRB_AP_ERR_BAD_INTEGRITY: + case KRB5KRB_AP_ERR_MODIFIED: + krb5_errx(context, 1, "Password incorrect"); + break; + default: + krb5_err(context, 1, ret, "krb5_get_init_creds"); + } + + if(ticket_life != 0) { + if(abs(cred.times.endtime - cred.times.starttime - ticket_life) > 30) { + char life[64]; + unparse_time_approx(cred.times.endtime - cred.times.starttime, + life, sizeof(life)); + krb5_warnx(context, "NOTICE: ticket lifetime is %s", life); + } + } + if(renew_life) { + if(abs(cred.times.renew_till - cred.times.starttime - renew) > 30) { + char life[64]; + unparse_time_approx(cred.times.renew_till - cred.times.starttime, + life, sizeof(life)); + krb5_warnx(context, "NOTICE: ticket renewable lifetime is %s", + life); + } + } + + ret = krb5_cc_initialize (context, ccache, cred.client); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_initialize"); + + ret = krb5_cc_store_cred (context, ccache, &cred); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_store_cred"); + + krb5_free_cred_contents (context, &cred); + + if (enctype) + free(enctype); + + return 0; +} + +static time_t +ticket_lifetime(krb5_context context, krb5_ccache cache, + krb5_principal client, const char *server) +{ + krb5_creds in_cred, *cred; + krb5_error_code ret; + time_t timeout; + + memset(&in_cred, 0, sizeof(in_cred)); + + ret = krb5_cc_get_principal(context, cache, &in_cred.client); + if(ret) { + krb5_warn(context, ret, "krb5_cc_get_principal"); + return 0; + } + ret = get_server(context, in_cred.client, server, &in_cred.server); + if(ret) { + krb5_free_principal(context, in_cred.client); + krb5_warn(context, ret, "get_server"); + return 0; + } + + ret = krb5_get_credentials(context, KRB5_GC_CACHED, + cache, &in_cred, &cred); + krb5_free_principal(context, in_cred.client); + krb5_free_principal(context, in_cred.server); + if(ret) { + krb5_warn(context, ret, "krb5_get_credentials"); + return 0; + } + timeout = cred->times.endtime - cred->times.starttime; + if (timeout < 0) + timeout = 0; + krb5_free_creds(context, cred); + return timeout; +} + +struct renew_ctx { + krb5_context context; + krb5_ccache ccache; + krb5_principal principal; + krb5_deltat ticket_life; +}; + +static time_t +renew_func(void *ptr) +{ + struct renew_ctx *ctx = ptr; + krb5_error_code ret; + time_t expire; + int new_tickets = 0; + + if (renewable_flag) { + ret = renew_validate(ctx->context, renewable_flag, validate_flag, + ctx->ccache, server_str, ctx->ticket_life); + if (ret) + new_tickets = 1; + } else + new_tickets = 1; + + if (new_tickets) + get_new_tickets(ctx->context, ctx->principal, + ctx->ccache, ctx->ticket_life, 0); + + if(get_v4_tgt || convert_524) + do_524init(ctx->context, ctx->ccache, NULL, server_str); + if(do_afslog && k_hasafs()) + krb5_afslog(ctx->context, ctx->ccache, NULL, NULL); + + expire = ticket_lifetime(ctx->context, ctx->ccache, ctx->principal, + server_str) / 2; + return expire + 1; +} + +int +main (int argc, char **argv) +{ + krb5_error_code ret; + krb5_context context; + krb5_ccache ccache; + krb5_principal principal; + int optidx = 0; + krb5_deltat ticket_life = 0; + + setprogname (argv[0]); + + ret = krb5_init_context (&context); + if (ret == KRB5_CONFIG_BADFORMAT) + errx (1, "krb5_init_context failed to parse configuration file"); + else if (ret) + errx(1, "krb5_init_context failed: %d", ret); + + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) + usage(1); + + if (help_flag) + usage (0); + + if(version_flag) { + print_version(NULL); + exit(0); + } + + argc -= optidx; + argv += optidx; + + if (argv[0]) { + ret = krb5_parse_name (context, argv[0], &principal); + if (ret) + krb5_err (context, 1, ret, "krb5_parse_name"); + } else { + ret = kinit_get_default_principal (context, &principal); + if (ret) + krb5_err (context, 1, ret, "krb5_get_default_principal"); + } + + if(fcache_version) + krb5_set_fcache_version(context, fcache_version); + + if(renewable_flag == -1) + /* this seems somewhat pointless, but whatever */ + krb5_appdefault_boolean(context, "kinit", + krb5_principal_get_realm(context, principal), + "renewable", FALSE, &renewable_flag); + if(get_v4_tgt == -1) + krb5_appdefault_boolean(context, "kinit", + krb5_principal_get_realm(context, principal), + "krb4_get_tickets", FALSE, &get_v4_tgt); + if(do_afslog == -1) + krb5_appdefault_boolean(context, "kinit", + krb5_principal_get_realm(context, principal), + "afslog", TRUE, &do_afslog); + + if(cred_cache) + ret = krb5_cc_resolve(context, cred_cache, &ccache); + else { + if(argc > 1) { + char s[1024]; + ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &ccache); + if(ret) + krb5_err(context, 1, ret, "creating cred cache"); + snprintf(s, sizeof(s), "%s:%s", + krb5_cc_get_type(context, ccache), + krb5_cc_get_name(context, ccache)); + setenv("KRB5CCNAME", s, 1); + if (get_v4_tgt) { + int fd; + if (asprintf(&krb4_cc_name, "%s_XXXXXX", TKT_ROOT) < 0) + krb5_errx(context, 1, "out of memory"); + if((fd = mkstemp(krb4_cc_name)) >= 0) { + close(fd); + setenv("KRBTKFILE", krb4_cc_name, 1); + } else { + free(krb4_cc_name); + krb4_cc_name = NULL; + } + } + } else + ret = krb5_cc_default (context, &ccache); + } + if (ret) + krb5_err (context, 1, ret, "resolving credentials cache"); + + if(argc > 1 && k_hasafs ()) + k_setpag(); + + if (lifetime) { + int tmp = parse_time (lifetime, "s"); + if (tmp < 0) + errx (1, "unparsable time: %s", lifetime); + + ticket_life = tmp; + } + + if(addrs_flag == 0 && extra_addresses.num_strings > 0) + krb5_errx(context, 1, "specifying both extra addresses and " + "no addresses makes no sense"); + { + int i; + krb5_addresses addresses; + memset(&addresses, 0, sizeof(addresses)); + for(i = 0; i < extra_addresses.num_strings; i++) { + ret = krb5_parse_address(context, extra_addresses.strings[i], + &addresses); + if (ret == 0) { + krb5_add_extra_addresses(context, &addresses); + krb5_free_addresses(context, &addresses); + } + } + free_getarg_strings(&extra_addresses); + } + + if(renew_flag || validate_flag) { + ret = renew_validate(context, renew_flag, validate_flag, + ccache, server_str, ticket_life); + exit(ret != 0); + } + + if(!convert_524) + get_new_tickets(context, principal, ccache, ticket_life, 1); + + if(get_v4_tgt || convert_524) + do_524init(context, ccache, NULL, server_str); + if(do_afslog && k_hasafs()) + krb5_afslog(context, ccache, NULL, NULL); + if(argc > 1) { + struct renew_ctx ctx; + time_t timeout; + + timeout = ticket_lifetime(context, ccache, principal, server_str) / 2; + + ctx.context = context; + ctx.ccache = ccache; + ctx.principal = principal; + ctx.ticket_life = ticket_life; + + ret = simple_execvp_timed(argv[1], argv+1, + renew_func, &ctx, timeout); +#define EX_NOEXEC 126 +#define EX_NOTFOUND 127 + if(ret == EX_NOEXEC) + krb5_warnx(context, "permission denied: %s", argv[1]); + else if(ret == EX_NOTFOUND) + krb5_warnx(context, "command not found: %s", argv[1]); + + krb5_cc_destroy(context, ccache); + _krb5_krb_dest_tkt(context, krb4_cc_name); + if(k_hasafs()) + k_unlog(); + } else { + krb5_cc_close (context, ccache); + ret = 0; + } + krb5_free_principal(context, principal); + krb5_free_context (context); + return ret; +} diff --git a/source4/heimdal/kuser/kuser_locl.h b/source4/heimdal/kuser/kuser_locl.h new file mode 100644 index 0000000000..06403cbe67 --- /dev/null +++ b/source4/heimdal/kuser/kuser_locl.h @@ -0,0 +1,90 @@ +/* + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kuser_locl.h,v 1.13 2003/01/21 14:13:51 nectar Exp $ */ + +#ifndef __KUSER_LOCL_H__ +#define __KUSER_LOCL_H__ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_PWD_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETINET_IN6_H +#include +#endif +#ifdef HAVE_NETINET6_IN6_H +#include +#endif + +#ifdef HAVE_ARPA_INET_H +#include +#endif +#include +#include +#include +#include +#include + +#ifdef KRB4 +#include +#endif +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 +#include +#endif +#ifdef HAVE_SYS_IOCCOM_H +#include +#endif +#include +#include "crypto-headers.h" /* for des_read_pw_string */ + +#endif /* __KUSER_LOCL_H__ */ diff --git a/source4/heimdal/lib/krb5/convert_creds.c b/source4/heimdal/lib/krb5/convert_creds.c new file mode 100644 index 0000000000..bff56a2602 --- /dev/null +++ b/source4/heimdal/lib/krb5/convert_creds.c @@ -0,0 +1,179 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" +RCSID("$Id: convert_creds.c,v 1.32 2005/04/23 19:40:57 lha Exp $"); + +#include "krb5-v4compat.h" + +static krb5_error_code +check_ticket_flags(TicketFlags f) +{ + return 0; /* maybe add some more tests here? */ +} + +/* Convert the v5 credentials in `in_cred' to v4-dito in `v4creds'. + * This is done by sending them to the 524 function in the KDC. If + * `in_cred' doesn't contain a DES session key, then a new one is + * gotten from the KDC and stored in the cred cache `ccache'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb524_convert_creds_kdc(krb5_context context, + krb5_creds *in_cred, + struct credentials *v4creds) +{ + krb5_error_code ret; + krb5_data reply; + krb5_storage *sp; + int32_t tmp; + krb5_data ticket; + char realm[REALM_SZ]; + krb5_creds *v5_creds = in_cred; + + ret = check_ticket_flags(v5_creds->flags.b); + if(ret) + goto out2; + + { + krb5_krbhst_handle handle; + + ret = krb5_krbhst_init(context, + krb5_principal_get_realm(context, + v5_creds->server), + KRB5_KRBHST_KRB524, + &handle); + if (ret) + goto out2; + + ret = krb5_sendto (context, + &v5_creds->ticket, + handle, + &reply); + krb5_krbhst_free(context, handle); + if (ret) + goto out2; + } + sp = krb5_storage_from_mem(reply.data, reply.length); + if(sp == NULL) { + ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); + goto out2; + } + krb5_ret_int32(sp, &tmp); + ret = tmp; + if(ret == 0) { + memset(v4creds, 0, sizeof(*v4creds)); + ret = krb5_ret_int32(sp, &tmp); + if(ret) + goto out; + v4creds->kvno = tmp; + ret = krb5_ret_data(sp, &ticket); + if(ret) + goto out; + v4creds->ticket_st.length = ticket.length; + memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length); + krb5_data_free(&ticket); + ret = krb5_524_conv_principal(context, + v5_creds->server, + v4creds->service, + v4creds->instance, + v4creds->realm); + if(ret) + goto out; + v4creds->issue_date = v5_creds->times.starttime; + v4creds->lifetime = _krb5_krb_time_to_life(v4creds->issue_date, + v5_creds->times.endtime); + ret = krb5_524_conv_principal(context, v5_creds->client, + v4creds->pname, + v4creds->pinst, + realm); + if(ret) + goto out; + memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8); + } else { + krb5_set_error_string(context, "converting credentials: %s", + krb5_get_err_text(context, ret)); + } +out: + krb5_storage_free(sp); + krb5_data_free(&reply); +out2: + if (v5_creds != in_cred) + krb5_free_creds (context, v5_creds); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb524_convert_creds_kdc_ccache(krb5_context context, + krb5_ccache ccache, + krb5_creds *in_cred, + struct credentials *v4creds) +{ + krb5_error_code ret; + krb5_creds *v5_creds = in_cred; + krb5_keytype keytype; + + keytype = v5_creds->session.keytype; + + if (keytype != ENCTYPE_DES_CBC_CRC) { + /* MIT krb524d doesn't like nothing but des-cbc-crc tickets, + so go get one */ + krb5_creds template; + + memset (&template, 0, sizeof(template)); + template.session.keytype = ENCTYPE_DES_CBC_CRC; + ret = krb5_copy_principal (context, in_cred->client, &template.client); + if (ret) { + krb5_free_cred_contents (context, &template); + return ret; + } + ret = krb5_copy_principal (context, in_cred->server, &template.server); + if (ret) { + krb5_free_cred_contents (context, &template); + return ret; + } + + ret = krb5_get_credentials (context, 0, ccache, + &template, &v5_creds); + krb5_free_cred_contents (context, &template); + if (ret) + return ret; + } + + ret = krb524_convert_creds_kdc(context, v5_creds, v4creds); + + if (v5_creds != in_cred) + krb5_free_creds (context, v5_creds); + return ret; +} diff --git a/source4/heimdal/lib/krb5/prompter_posix.c b/source4/heimdal/lib/krb5/prompter_posix.c new file mode 100644 index 0000000000..3ea512c9a7 --- /dev/null +++ b/source4/heimdal/lib/krb5/prompter_posix.c @@ -0,0 +1,74 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: prompter_posix.c,v 1.10 2004/05/25 21:38:14 lha Exp $"); + +int KRB5_LIB_FUNCTION +krb5_prompter_posix (krb5_context context, + void *data, + const char *name, + const char *banner, + int num_prompts, + krb5_prompt prompts[]) +{ + int i; + + if (name) + fprintf (stderr, "%s\n", name); + if (banner) + fprintf (stderr, "%s\n", banner); + if (name || banner) + fflush(stderr); + for (i = 0; i < num_prompts; ++i) { + if (prompts[i].hidden) { + if(UI_UTIL_read_pw_string(prompts[i].reply->data, + prompts[i].reply->length, + prompts[i].prompt, + 0)) + return 1; + } else { + char *s = prompts[i].reply->data; + + fputs (prompts[i].prompt, stdout); + fflush (stdout); + if(fgets(prompts[i].reply->data, + prompts[i].reply->length, + stdin) == NULL) + return 1; + s[strcspn(s, "\n")] = '\0'; + } + } + return 0; +} -- cgit From 1a55a364012c80cb1b15b4adecdb228dc29f3a18 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 22 May 2007 04:13:17 +0000 Subject: r23060: use #include consistently. Using "roken.h" in this directory breaks Samba builds on some systems as they find the wrong roken.h (This used to be commit 59cd26b664af5edebc979d2bc746bf9621333130) --- source4/heimdal/lib/roken/bswap.c | 2 +- source4/heimdal/lib/roken/copyhostent.c | 2 +- source4/heimdal/lib/roken/freeaddrinfo.c | 2 +- source4/heimdal/lib/roken/freehostent.c | 2 +- source4/heimdal/lib/roken/gai_strerror.c | 2 +- source4/heimdal/lib/roken/getaddrinfo.c | 2 +- source4/heimdal/lib/roken/getipnodebyaddr.c | 2 +- source4/heimdal/lib/roken/getipnodebyname.c | 2 +- source4/heimdal/lib/roken/getprogname.c | 2 +- source4/heimdal/lib/roken/hex.c | 2 +- source4/heimdal/lib/roken/hostent_find_fqdn.c | 2 +- source4/heimdal/lib/roken/inet_aton.c | 2 +- source4/heimdal/lib/roken/issuid.c | 2 +- source4/heimdal/lib/roken/resolve.c | 2 +- source4/heimdal/lib/roken/setprogname.c | 2 +- source4/heimdal/lib/roken/signal.c | 2 +- source4/heimdal/lib/roken/strsep.c | 2 +- source4/heimdal/lib/roken/strsep_copy.c | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/roken/bswap.c b/source4/heimdal/lib/roken/bswap.c index 48b587d2db..dd7ea832af 100644 --- a/source4/heimdal/lib/roken/bswap.c +++ b/source4/heimdal/lib/roken/bswap.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include #endif -#include "roken.h" +#include RCSID("$Id: bswap.c,v 1.4 2005/04/12 11:28:35 lha Exp $"); diff --git a/source4/heimdal/lib/roken/copyhostent.c b/source4/heimdal/lib/roken/copyhostent.c index d11fa16303..7d458dc1b9 100644 --- a/source4/heimdal/lib/roken/copyhostent.c +++ b/source4/heimdal/lib/roken/copyhostent.c @@ -36,7 +36,7 @@ RCSID("$Id: copyhostent.c,v 1.3 2005/04/12 11:28:36 lha Exp $"); #endif -#include "roken.h" +#include /* * return a malloced copy of `h' diff --git a/source4/heimdal/lib/roken/freeaddrinfo.c b/source4/heimdal/lib/roken/freeaddrinfo.c index 6311aa29d8..cd2898036b 100644 --- a/source4/heimdal/lib/roken/freeaddrinfo.c +++ b/source4/heimdal/lib/roken/freeaddrinfo.c @@ -36,7 +36,7 @@ RCSID("$Id: freeaddrinfo.c,v 1.5 2005/04/12 11:28:41 lha Exp $"); #endif -#include "roken.h" +#include /* * free the list of `struct addrinfo' starting at `ai' diff --git a/source4/heimdal/lib/roken/freehostent.c b/source4/heimdal/lib/roken/freehostent.c index d837ba2503..1ebb01361c 100644 --- a/source4/heimdal/lib/roken/freehostent.c +++ b/source4/heimdal/lib/roken/freehostent.c @@ -36,7 +36,7 @@ RCSID("$Id: freehostent.c,v 1.3 2005/04/12 11:28:41 lha Exp $"); #endif -#include "roken.h" +#include /* * free a malloced hostent diff --git a/source4/heimdal/lib/roken/gai_strerror.c b/source4/heimdal/lib/roken/gai_strerror.c index 52db0f8842..102aa75ea1 100644 --- a/source4/heimdal/lib/roken/gai_strerror.c +++ b/source4/heimdal/lib/roken/gai_strerror.c @@ -36,7 +36,7 @@ RCSID("$Id: gai_strerror.c,v 1.7 2005/08/05 09:31:35 lha Exp $"); #endif -#include "roken.h" +#include static struct gai_error { int code; diff --git a/source4/heimdal/lib/roken/getaddrinfo.c b/source4/heimdal/lib/roken/getaddrinfo.c index b39131de74..86af8b72cc 100644 --- a/source4/heimdal/lib/roken/getaddrinfo.c +++ b/source4/heimdal/lib/roken/getaddrinfo.c @@ -36,7 +36,7 @@ RCSID("$Id: getaddrinfo.c,v 1.14 2005/06/16 17:49:29 lha Exp $"); #endif -#include "roken.h" +#include /* * uses hints->ai_socktype and hints->ai_protocol diff --git a/source4/heimdal/lib/roken/getipnodebyaddr.c b/source4/heimdal/lib/roken/getipnodebyaddr.c index 841fc46a80..3f447d6d06 100644 --- a/source4/heimdal/lib/roken/getipnodebyaddr.c +++ b/source4/heimdal/lib/roken/getipnodebyaddr.c @@ -36,7 +36,7 @@ RCSID("$Id: getipnodebyaddr.c,v 1.3 2005/04/12 11:28:47 lha Exp $"); #endif -#include "roken.h" +#include /* * lookup `src, len' (address family `af') in DNS and return a pointer diff --git a/source4/heimdal/lib/roken/getipnodebyname.c b/source4/heimdal/lib/roken/getipnodebyname.c index 0707e4c16c..b928efcc53 100644 --- a/source4/heimdal/lib/roken/getipnodebyname.c +++ b/source4/heimdal/lib/roken/getipnodebyname.c @@ -36,7 +36,7 @@ RCSID("$Id: getipnodebyname.c,v 1.4 2005/04/12 11:28:47 lha Exp $"); #endif -#include "roken.h" +#include #ifndef HAVE_H_ERRNO static int h_errno = NO_RECOVERY; diff --git a/source4/heimdal/lib/roken/getprogname.c b/source4/heimdal/lib/roken/getprogname.c index f8f1e9d4a2..7eabe40093 100644 --- a/source4/heimdal/lib/roken/getprogname.c +++ b/source4/heimdal/lib/roken/getprogname.c @@ -36,7 +36,7 @@ RCSID("$Id: getprogname.c,v 1.3 2005/04/12 11:28:48 lha Exp $"); #endif -#include "roken.h" +#include #ifndef HAVE___PROGNAME const char *__progname; diff --git a/source4/heimdal/lib/roken/hex.c b/source4/heimdal/lib/roken/hex.c index ba0f4a4fda..e41b508fcb 100644 --- a/source4/heimdal/lib/roken/hex.c +++ b/source4/heimdal/lib/roken/hex.c @@ -35,7 +35,7 @@ #include RCSID("$Id: hex.c,v 1.8 2006/01/09 17:09:29 lha Exp $"); #endif -#include "roken.h" +#include #include #include "hex.h" diff --git a/source4/heimdal/lib/roken/hostent_find_fqdn.c b/source4/heimdal/lib/roken/hostent_find_fqdn.c index 24f3b843d8..1762b11226 100644 --- a/source4/heimdal/lib/roken/hostent_find_fqdn.c +++ b/source4/heimdal/lib/roken/hostent_find_fqdn.c @@ -36,7 +36,7 @@ RCSID("$Id: hostent_find_fqdn.c,v 1.3 2005/04/12 11:28:51 lha Exp $"); #endif -#include "roken.h" +#include /* * Try to find a fqdn (with `.') in he if possible, else return h_name diff --git a/source4/heimdal/lib/roken/inet_aton.c b/source4/heimdal/lib/roken/inet_aton.c index b26dcb87ff..0483a05256 100644 --- a/source4/heimdal/lib/roken/inet_aton.c +++ b/source4/heimdal/lib/roken/inet_aton.c @@ -36,7 +36,7 @@ RCSID("$Id: inet_aton.c,v 1.14 2005/04/12 11:28:52 lha Exp $"); #endif -#include "roken.h" +#include /* Minimal implementation of inet_aton. * Cannot distinguish between failure and a local broadcast address. */ diff --git a/source4/heimdal/lib/roken/issuid.c b/source4/heimdal/lib/roken/issuid.c index 7ccf615451..e6b5248164 100644 --- a/source4/heimdal/lib/roken/issuid.c +++ b/source4/heimdal/lib/roken/issuid.c @@ -36,7 +36,7 @@ RCSID("$Id: issuid.c,v 1.6 2005/05/13 07:42:03 lha Exp $"); #endif -#include "roken.h" +#include int ROKEN_LIB_FUNCTION issuid(void) diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c index 0f45bc57b2..9b54fc50f0 100644 --- a/source4/heimdal/lib/roken/resolve.c +++ b/source4/heimdal/lib/roken/resolve.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include #endif -#include "roken.h" +#include #ifdef HAVE_ARPA_NAMESER_H #include #endif diff --git a/source4/heimdal/lib/roken/setprogname.c b/source4/heimdal/lib/roken/setprogname.c index 315fa52e50..c13e8d4ee1 100644 --- a/source4/heimdal/lib/roken/setprogname.c +++ b/source4/heimdal/lib/roken/setprogname.c @@ -36,7 +36,7 @@ RCSID("$Id: setprogname.c,v 1.4 2005/08/23 10:19:20 lha Exp $"); #endif -#include "roken.h" +#include #ifndef HAVE___PROGNAME extern const char *__progname; diff --git a/source4/heimdal/lib/roken/signal.c b/source4/heimdal/lib/roken/signal.c index d92742d9fb..7076847fb3 100644 --- a/source4/heimdal/lib/roken/signal.c +++ b/source4/heimdal/lib/roken/signal.c @@ -37,7 +37,7 @@ RCSID("$Id: signal.c,v 1.13 2005/04/12 11:29:05 lha Exp $"); #endif #include -#include "roken.h" +#include /* * We would like to always use this signal but there is a link error diff --git a/source4/heimdal/lib/roken/strsep.c b/source4/heimdal/lib/roken/strsep.c index e34c10fe26..f08c33b7a5 100644 --- a/source4/heimdal/lib/roken/strsep.c +++ b/source4/heimdal/lib/roken/strsep.c @@ -38,7 +38,7 @@ RCSID("$Id: strsep.c,v 1.4 2005/04/12 11:29:10 lha Exp $"); #include -#include "roken.h" +#include #ifndef HAVE_STRSEP diff --git a/source4/heimdal/lib/roken/strsep_copy.c b/source4/heimdal/lib/roken/strsep_copy.c index 5149838547..34759fe15c 100644 --- a/source4/heimdal/lib/roken/strsep_copy.c +++ b/source4/heimdal/lib/roken/strsep_copy.c @@ -38,7 +38,7 @@ RCSID("$Id: strsep_copy.c,v 1.5 2005/04/12 11:29:11 lha Exp $"); #include -#include "roken.h" +#include #ifndef HAVE_STRSEP_COPY -- cgit From 4690d5c5531fe2f68eb2dfb75874fb6a110031a7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 29 May 2007 15:19:37 +0000 Subject: r23209: import getnameinfo.c, inet_ntop.c and inet_pton.c from loikeet-heimdal metze (This used to be commit 48eb20199e7a01f4ab7f5194a5256ad7dd03ad86) --- source4/heimdal/lib/roken/getnameinfo.c | 127 ++++++++++++++++++++++++++++++ source4/heimdal/lib/roken/inet_ntop.c | 133 ++++++++++++++++++++++++++++++++ source4/heimdal/lib/roken/inet_pton.c | 49 ++++++++++++ 3 files changed, 309 insertions(+) create mode 100644 source4/heimdal/lib/roken/getnameinfo.c create mode 100644 source4/heimdal/lib/roken/inet_ntop.c create mode 100644 source4/heimdal/lib/roken/inet_pton.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/roken/getnameinfo.c b/source4/heimdal/lib/roken/getnameinfo.c new file mode 100644 index 0000000000..2cf81897f8 --- /dev/null +++ b/source4/heimdal/lib/roken/getnameinfo.c @@ -0,0 +1,127 @@ +/* + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: getnameinfo.c,v 1.6 2005/06/16 16:53:09 lha Exp $"); +#endif + +#include "roken.h" + +static int +doit (int af, + const void *addr, + size_t addrlen, + int port, + char *host, size_t hostlen, + char *serv, size_t servlen, + int flags) +{ + if (host != NULL) { + if (flags & NI_NUMERICHOST) { + if (inet_ntop (af, addr, host, hostlen) == NULL) + return EAI_SYSTEM; + } else { + struct hostent *he = gethostbyaddr (addr, + addrlen, + af); + if (he != NULL) { + strlcpy (host, hostent_find_fqdn(he), hostlen); + if (flags & NI_NOFQDN) { + char *dot = strchr (host, '.'); + if (dot != NULL) + *dot = '\0'; + } + } else if (flags & NI_NAMEREQD) { + return EAI_NONAME; + } else if (inet_ntop (af, addr, host, hostlen) == NULL) + return EAI_SYSTEM; + } + } + + if (serv != NULL) { + if (flags & NI_NUMERICSERV) { + snprintf (serv, servlen, "%u", ntohs(port)); + } else { + const char *proto = "tcp"; + struct servent *se; + + if (flags & NI_DGRAM) + proto = "udp"; + + se = getservbyport (port, proto); + if (se == NULL) { + snprintf (serv, servlen, "%u", ntohs(port)); + } else { + strlcpy (serv, se->s_name, servlen); + } + } + } + return 0; +} + +/* + * + */ + +int ROKEN_LIB_FUNCTION +getnameinfo(const struct sockaddr *sa, socklen_t salen, + char *host, size_t hostlen, + char *serv, size_t servlen, + int flags) +{ + switch (sa->sa_family) { +#ifdef HAVE_IPV6 + case AF_INET6 : { + const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa; + + return doit (AF_INET6, &sin6->sin6_addr, sizeof(sin6->sin6_addr), + sin6->sin6_port, + host, hostlen, + serv, servlen, + flags); + } +#endif + case AF_INET : { + const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa; + + return doit (AF_INET, &sin4->sin_addr, sizeof(sin4->sin_addr), + sin4->sin_port, + host, hostlen, + serv, servlen, + flags); + } + default : + return EAI_FAMILY; + } +} diff --git a/source4/heimdal/lib/roken/inet_ntop.c b/source4/heimdal/lib/roken/inet_ntop.c new file mode 100644 index 0000000000..35e96eb49b --- /dev/null +++ b/source4/heimdal/lib/roken/inet_ntop.c @@ -0,0 +1,133 @@ +/* + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: inet_ntop.c,v 1.6 2005/04/12 11:28:52 lha Exp $"); +#endif + +#include + +/* + * + */ + +static const char * +inet_ntop_v4 (const void *src, char *dst, size_t size) +{ + const char digits[] = "0123456789"; + int i; + struct in_addr *addr = (struct in_addr *)src; + u_long a = ntohl(addr->s_addr); + const char *orig_dst = dst; + + if (size < INET_ADDRSTRLEN) { + errno = ENOSPC; + return NULL; + } + for (i = 0; i < 4; ++i) { + int n = (a >> (24 - i * 8)) & 0xFF; + int non_zerop = 0; + + if (non_zerop || n / 100 > 0) { + *dst++ = digits[n / 100]; + n %= 100; + non_zerop = 1; + } + if (non_zerop || n / 10 > 0) { + *dst++ = digits[n / 10]; + n %= 10; + non_zerop = 1; + } + *dst++ = digits[n]; + if (i != 3) + *dst++ = '.'; + } + *dst++ = '\0'; + return orig_dst; +} + +#ifdef HAVE_IPV6 +static const char * +inet_ntop_v6 (const void *src, char *dst, size_t size) +{ + const char xdigits[] = "0123456789abcdef"; + int i; + const struct in6_addr *addr = (struct in6_addr *)src; + const u_char *ptr = addr->s6_addr; + const char *orig_dst = dst; + + if (size < INET6_ADDRSTRLEN) { + errno = ENOSPC; + return NULL; + } + for (i = 0; i < 8; ++i) { + int non_zerop = 0; + + if (non_zerop || (ptr[0] >> 4)) { + *dst++ = xdigits[ptr[0] >> 4]; + non_zerop = 1; + } + if (non_zerop || (ptr[0] & 0x0F)) { + *dst++ = xdigits[ptr[0] & 0x0F]; + non_zerop = 1; + } + if (non_zerop || (ptr[1] >> 4)) { + *dst++ = xdigits[ptr[1] >> 4]; + non_zerop = 1; + } + *dst++ = xdigits[ptr[1] & 0x0F]; + if (i != 7) + *dst++ = ':'; + ptr += 2; + } + *dst++ = '\0'; + return orig_dst; +} +#endif /* HAVE_IPV6 */ + +const char * ROKEN_LIB_FUNCTION +inet_ntop(int af, const void *src, char *dst, size_t size) +{ + switch (af) { + case AF_INET : + return inet_ntop_v4 (src, dst, size); +#ifdef HAVE_IPV6 + case AF_INET6 : + return inet_ntop_v6 (src, dst, size); +#endif + default : + errno = EAFNOSUPPORT; + return NULL; + } +} diff --git a/source4/heimdal/lib/roken/inet_pton.c b/source4/heimdal/lib/roken/inet_pton.c new file mode 100644 index 0000000000..21606accb1 --- /dev/null +++ b/source4/heimdal/lib/roken/inet_pton.c @@ -0,0 +1,49 @@ +/* + * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: inet_pton.c,v 1.4 2005/04/12 11:28:52 lha Exp $"); +#endif + +#include + +int ROKEN_LIB_FUNCTION +inet_pton(int af, const char *src, void *dst) +{ + if (af != AF_INET) { + errno = EAFNOSUPPORT; + return -1; + } + return inet_aton (src, dst); +} -- cgit From 91adebe749beb0dc23cacaea316cb2b724776aad Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 13 Jun 2007 05:44:24 +0000 Subject: r23456: Update Samba4 to current lorikeet-heimdal. Andrew Bartlett (This used to be commit ae0f81ab235c72cceb120bcdeb051a483cf3cc4f) --- source4/heimdal/kdc/524.c | 2 +- source4/heimdal/kdc/default_config.c | 376 +-- source4/heimdal/kdc/digest.c | 277 +- source4/heimdal/kdc/headers.h | 2 +- source4/heimdal/kdc/kaserver.c | 2 +- source4/heimdal/kdc/kdc-private.h | 11 +- source4/heimdal/kdc/kdc-protos.h | 21 +- source4/heimdal/kdc/kdc.h | 4 +- source4/heimdal/kdc/kdc_locl.h | 17 +- source4/heimdal/kdc/kerberos4.c | 2 +- source4/heimdal/kdc/kerberos5.c | 198 +- source4/heimdal/kdc/krb5tgs.c | 35 +- source4/heimdal/kdc/kx509.c | 196 +- source4/heimdal/kdc/log.c | 2 +- source4/heimdal/kdc/misc.c | 2 +- source4/heimdal/kdc/pkinit.c | 264 +- source4/heimdal/kdc/process.c | 84 +- source4/heimdal/kdc/rx.h | 2 +- source4/heimdal/kdc/windc.c | 9 +- source4/heimdal/kdc/windc_plugin.h | 6 +- source4/heimdal/kuser/kinit.c | 221 +- source4/heimdal/kuser/kuser_locl.h | 5 +- source4/heimdal/lib/asn1/CMS.asn1 | 2 +- source4/heimdal/lib/asn1/asn1-common.h | 2 +- source4/heimdal/lib/asn1/asn1_err.et | 3 +- source4/heimdal/lib/asn1/asn1_gen.c | 2 +- source4/heimdal/lib/asn1/asn1_queue.h | 2 +- source4/heimdal/lib/asn1/canthandle.asn1 | 2 +- source4/heimdal/lib/asn1/der.c | 2 +- source4/heimdal/lib/asn1/der.h | 2 +- source4/heimdal/lib/asn1/der_copy.c | 2 +- source4/heimdal/lib/asn1/der_format.c | 6 +- source4/heimdal/lib/asn1/der_free.c | 2 +- source4/heimdal/lib/asn1/der_get.c | 28 +- source4/heimdal/lib/asn1/der_length.c | 2 +- source4/heimdal/lib/asn1/der_locl.h | 2 +- source4/heimdal/lib/asn1/der_put.c | 2 +- source4/heimdal/lib/asn1/digest.asn1 | 7 +- source4/heimdal/lib/asn1/extra.c | 2 +- source4/heimdal/lib/asn1/gen.c | 3 +- source4/heimdal/lib/asn1/gen_copy.c | 2 +- source4/heimdal/lib/asn1/gen_decode.c | 2 +- source4/heimdal/lib/asn1/gen_encode.c | 2 +- source4/heimdal/lib/asn1/gen_free.c | 2 +- source4/heimdal/lib/asn1/gen_glue.c | 2 +- source4/heimdal/lib/asn1/gen_length.c | 2 +- source4/heimdal/lib/asn1/gen_locl.h | 2 +- source4/heimdal/lib/asn1/gen_seq.c | 4 +- source4/heimdal/lib/asn1/hash.c | 2 +- source4/heimdal/lib/asn1/hash.h | 2 +- source4/heimdal/lib/asn1/k5.asn1 | 31 +- source4/heimdal/lib/asn1/kx509.asn1 | 2 +- source4/heimdal/lib/asn1/lex.c | 1366 ++++---- source4/heimdal/lib/asn1/lex.h | 2 +- source4/heimdal/lib/asn1/libasn1.h | 2 +- source4/heimdal/lib/asn1/main.c | 4 +- source4/heimdal/lib/asn1/parse.c | 176 +- source4/heimdal/lib/asn1/parse.h | 4 +- source4/heimdal/lib/asn1/pkcs12.asn1 | 2 +- source4/heimdal/lib/asn1/pkcs8.asn1 | 2 +- source4/heimdal/lib/asn1/pkcs9.asn1 | 2 +- source4/heimdal/lib/asn1/pkinit.asn1 | 10 +- source4/heimdal/lib/asn1/rfc2459.asn1 | 51 + source4/heimdal/lib/asn1/symbol.c | 2 +- source4/heimdal/lib/asn1/symbol.h | 2 +- source4/heimdal/lib/asn1/test.asn1 | 2 +- source4/heimdal/lib/asn1/timegm.c | 2 +- source4/heimdal/lib/com_err/com_err.c | 2 +- source4/heimdal/lib/com_err/com_err.h | 2 +- source4/heimdal/lib/com_err/com_right.h | 2 +- source4/heimdal/lib/com_err/compile_et.c | 2 +- source4/heimdal/lib/com_err/compile_et.h | 2 +- source4/heimdal/lib/com_err/error.c | 2 +- source4/heimdal/lib/com_err/lex.c | 15 +- source4/heimdal/lib/com_err/lex.h | 2 +- source4/heimdal/lib/com_err/parse.c | 30 +- source4/heimdal/lib/com_err/parse.h | 4 +- source4/heimdal/lib/des/aes.c | 124 - source4/heimdal/lib/des/aes.h | 71 - source4/heimdal/lib/des/bn.c | 445 --- source4/heimdal/lib/des/bn.h | 121 - source4/heimdal/lib/des/des-tables.h | 196 -- source4/heimdal/lib/des/des.c | 967 ------ source4/heimdal/lib/des/des.h | 124 - source4/heimdal/lib/des/dh-imath.c | 243 -- source4/heimdal/lib/des/dh.c | 294 -- source4/heimdal/lib/des/dh.h | 141 - source4/heimdal/lib/des/dsa.c | 125 - source4/heimdal/lib/des/dsa.h | 140 - source4/heimdal/lib/des/engine.c | 345 --- source4/heimdal/lib/des/engine.h | 103 - source4/heimdal/lib/des/evp.c | 905 ------ source4/heimdal/lib/des/evp.h | 255 -- source4/heimdal/lib/des/hash.h | 71 - source4/heimdal/lib/des/hmac.c | 122 - source4/heimdal/lib/des/hmac.h | 82 - source4/heimdal/lib/des/imath/LICENSE | 21 - source4/heimdal/lib/des/imath/imath.c | 3246 ------------------- source4/heimdal/lib/des/imath/imath.h | 220 -- source4/heimdal/lib/des/imath/iprime.c | 186 -- source4/heimdal/lib/des/imath/iprime.h | 51 - source4/heimdal/lib/des/md2.c | 138 - source4/heimdal/lib/des/md2.h | 63 - source4/heimdal/lib/des/md4.c | 250 -- source4/heimdal/lib/des/md4.h | 62 - source4/heimdal/lib/des/md5.c | 274 -- source4/heimdal/lib/des/md5.h | 62 - source4/heimdal/lib/des/pkcs12.c | 145 - source4/heimdal/lib/des/pkcs12.h | 57 - source4/heimdal/lib/des/pkcs5.c | 116 - source4/heimdal/lib/des/rand-unix.c | 153 - source4/heimdal/lib/des/rand.c | 120 - source4/heimdal/lib/des/rand.h | 96 - source4/heimdal/lib/des/rc2.c | 245 -- source4/heimdal/lib/des/rc2.h | 71 - source4/heimdal/lib/des/rc4.c | 82 - source4/heimdal/lib/des/rc4.h | 46 - source4/heimdal/lib/des/resource.h | 18 - source4/heimdal/lib/des/rijndael-alg-fst.c | 1231 -------- source4/heimdal/lib/des/rijndael-alg-fst.h | 46 - source4/heimdal/lib/des/rnd_keys.c | 509 --- source4/heimdal/lib/des/rsa-imath.c | 661 ---- source4/heimdal/lib/des/rsa.c | 471 --- source4/heimdal/lib/des/rsa.h | 175 -- source4/heimdal/lib/des/sha.c | 300 -- source4/heimdal/lib/des/sha.h | 83 - source4/heimdal/lib/des/sha256.c | 233 -- source4/heimdal/lib/des/ui.c | 164 - source4/heimdal/lib/des/ui.h | 45 - source4/heimdal/lib/gssapi/gssapi.h | 41 - source4/heimdal/lib/gssapi/gssapi/gssapi.h | 21 +- source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h | 3 +- source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h | 2 +- source4/heimdal/lib/gssapi/gssapi_mech.h | 10 + source4/heimdal/lib/gssapi/krb5/8003.c | 2 +- .../heimdal/lib/gssapi/krb5/accept_sec_context.c | 3 +- source4/heimdal/lib/gssapi/krb5/acquire_cred.c | 14 +- source4/heimdal/lib/gssapi/krb5/add_cred.c | 10 +- .../heimdal/lib/gssapi/krb5/add_oid_set_member.c | 70 - source4/heimdal/lib/gssapi/krb5/arcfour.c | 2 +- .../heimdal/lib/gssapi/krb5/canonicalize_name.c | 2 +- source4/heimdal/lib/gssapi/krb5/cfx.c | 2 +- source4/heimdal/lib/gssapi/krb5/cfx.h | 2 +- source4/heimdal/lib/gssapi/krb5/compare_name.c | 2 +- source4/heimdal/lib/gssapi/krb5/compat.c | 2 +- source4/heimdal/lib/gssapi/krb5/context_time.c | 2 +- source4/heimdal/lib/gssapi/krb5/copy_ccache.c | 13 +- .../heimdal/lib/gssapi/krb5/create_emtpy_oid_set.c | 52 - source4/heimdal/lib/gssapi/krb5/decapsulate.c | 2 +- .../heimdal/lib/gssapi/krb5/delete_sec_context.c | 2 +- source4/heimdal/lib/gssapi/krb5/display_name.c | 2 +- source4/heimdal/lib/gssapi/krb5/display_status.c | 2 +- source4/heimdal/lib/gssapi/krb5/duplicate_name.c | 2 +- source4/heimdal/lib/gssapi/krb5/encapsulate.c | 2 +- source4/heimdal/lib/gssapi/krb5/export_name.c | 2 +- .../heimdal/lib/gssapi/krb5/export_sec_context.c | 2 +- source4/heimdal/lib/gssapi/krb5/external.c | 10 +- source4/heimdal/lib/gssapi/krb5/get_mic.c | 2 +- source4/heimdal/lib/gssapi/krb5/gkrb5_err.et | 3 +- source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h | 32 +- source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h | 3 +- source4/heimdal/lib/gssapi/krb5/import_name.c | 2 +- .../heimdal/lib/gssapi/krb5/import_sec_context.c | 2 +- source4/heimdal/lib/gssapi/krb5/indicate_mechs.c | 9 +- source4/heimdal/lib/gssapi/krb5/init.c | 2 +- source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 25 +- source4/heimdal/lib/gssapi/krb5/inquire_context.c | 2 +- source4/heimdal/lib/gssapi/krb5/inquire_cred.c | 20 +- .../heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c | 57 +- .../heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c | 2 +- .../lib/gssapi/krb5/inquire_mechs_for_name.c | 12 +- .../lib/gssapi/krb5/inquire_names_for_mech.c | 12 +- .../lib/gssapi/krb5/inquire_sec_context_by_oid.c | 2 +- source4/heimdal/lib/gssapi/krb5/prf.c | 142 + .../lib/gssapi/krb5/process_context_token.c | 2 +- source4/heimdal/lib/gssapi/krb5/release_buffer.c | 2 +- source4/heimdal/lib/gssapi/krb5/release_cred.c | 7 +- source4/heimdal/lib/gssapi/krb5/release_name.c | 2 +- source4/heimdal/lib/gssapi/krb5/release_oid_set.c | 49 - source4/heimdal/lib/gssapi/krb5/sequence.c | 2 +- source4/heimdal/lib/gssapi/krb5/set_cred_option.c | 80 +- .../lib/gssapi/krb5/set_sec_context_option.c | 65 +- .../heimdal/lib/gssapi/krb5/test_oid_set_member.c | 55 - source4/heimdal/lib/gssapi/krb5/unwrap.c | 2 +- source4/heimdal/lib/gssapi/krb5/verify_mic.c | 2 +- source4/heimdal/lib/gssapi/krb5/wrap.c | 2 +- source4/heimdal/lib/gssapi/mech/context.c | 141 + source4/heimdal/lib/gssapi/mech/context.h | 8 +- source4/heimdal/lib/gssapi/mech/cred.h | 3 +- .../lib/gssapi/mech/gss_accept_sec_context.c | 30 +- source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c | 14 +- source4/heimdal/lib/gssapi/mech/gss_add_cred.c | 20 +- .../lib/gssapi/mech/gss_add_oid_set_member.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_buffer_set.c | 2 +- .../lib/gssapi/mech/gss_canonicalize_name.c | 6 +- source4/heimdal/lib/gssapi/mech/gss_compare_name.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_context_time.c | 2 +- .../lib/gssapi/mech/gss_create_empty_oid_set.c | 4 +- .../lib/gssapi/mech/gss_decapsulate_token.c | 5 +- .../lib/gssapi/mech/gss_delete_sec_context.c | 10 +- source4/heimdal/lib/gssapi/mech/gss_display_name.c | 6 +- .../heimdal/lib/gssapi/mech/gss_display_status.c | 50 +- .../heimdal/lib/gssapi/mech/gss_duplicate_name.c | 3 +- .../heimdal/lib/gssapi/mech/gss_duplicate_oid.c | 3 +- .../lib/gssapi/mech/gss_encapsulate_token.c | 8 +- source4/heimdal/lib/gssapi/mech/gss_export_name.c | 5 +- .../lib/gssapi/mech/gss_export_sec_context.c | 7 +- source4/heimdal/lib/gssapi/mech/gss_get_mic.c | 8 +- source4/heimdal/lib/gssapi/mech/gss_import_name.c | 10 +- .../lib/gssapi/mech/gss_import_sec_context.c | 5 +- .../heimdal/lib/gssapi/mech/gss_indicate_mechs.c | 2 +- .../heimdal/lib/gssapi/mech/gss_init_sec_context.c | 12 +- .../heimdal/lib/gssapi/mech/gss_inquire_context.c | 34 +- source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c | 48 +- .../lib/gssapi/mech/gss_inquire_cred_by_mech.c | 14 +- .../lib/gssapi/mech/gss_inquire_cred_by_oid.c | 9 +- .../lib/gssapi/mech/gss_inquire_mechs_for_name.c | 2 +- .../lib/gssapi/mech/gss_inquire_names_for_mech.c | 11 +- .../gssapi/mech/gss_inquire_sec_context_by_oid.c | 10 +- source4/heimdal/lib/gssapi/mech/gss_krb5.c | 67 +- source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 12 +- source4/heimdal/lib/gssapi/mech/gss_names.c | 5 +- source4/heimdal/lib/gssapi/mech/gss_oid_equal.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c | 65 + .../lib/gssapi/mech/gss_process_context_token.c | 2 +- .../heimdal/lib/gssapi/mech/gss_release_buffer.c | 5 +- source4/heimdal/lib/gssapi/mech/gss_release_cred.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_release_name.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_release_oid.c | 2 +- .../heimdal/lib/gssapi/mech/gss_release_oid_set.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_seal.c | 2 +- .../heimdal/lib/gssapi/mech/gss_set_cred_option.c | 6 +- .../lib/gssapi/mech/gss_set_sec_context_option.c | 8 +- source4/heimdal/lib/gssapi/mech/gss_sign.c | 2 +- .../lib/gssapi/mech/gss_test_oid_set_member.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_unseal.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_unwrap.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_utils.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_verify.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_verify_mic.c | 9 +- source4/heimdal/lib/gssapi/mech/gss_wrap.c | 10 +- .../heimdal/lib/gssapi/mech/gss_wrap_size_limit.c | 8 +- source4/heimdal/lib/gssapi/mech/gssapi.asn1 | 2 +- source4/heimdal/lib/gssapi/mech/mech_locl.h | 5 +- source4/heimdal/lib/gssapi/mech/mech_switch.h | 2 +- source4/heimdal/lib/gssapi/mech/name.h | 2 +- source4/heimdal/lib/gssapi/mech/utils.h | 2 +- .../heimdal/lib/gssapi/spnego/accept_sec_context.c | 17 +- source4/heimdal/lib/gssapi/spnego/compat.c | 2 +- source4/heimdal/lib/gssapi/spnego/context_stubs.c | 4 +- source4/heimdal/lib/gssapi/spnego/cred_stubs.c | 57 +- source4/heimdal/lib/gssapi/spnego/external.c | 2 +- .../heimdal/lib/gssapi/spnego/init_sec_context.c | 2 +- source4/heimdal/lib/gssapi/spnego/spnego.asn1 | 2 +- source4/heimdal/lib/gssapi/spnego/spnego_locl.h | 2 +- source4/heimdal/lib/hcrypto/aes.c | 124 + source4/heimdal/lib/hcrypto/aes.h | 71 + source4/heimdal/lib/hcrypto/bn.c | 445 +++ source4/heimdal/lib/hcrypto/bn.h | 121 + source4/heimdal/lib/hcrypto/des-tables.h | 196 ++ source4/heimdal/lib/hcrypto/des.c | 967 ++++++ source4/heimdal/lib/hcrypto/des.h | 124 + source4/heimdal/lib/hcrypto/dh-imath.c | 243 ++ source4/heimdal/lib/hcrypto/dh.c | 294 ++ source4/heimdal/lib/hcrypto/dh.h | 141 + source4/heimdal/lib/hcrypto/dsa.c | 125 + source4/heimdal/lib/hcrypto/dsa.h | 140 + source4/heimdal/lib/hcrypto/engine.c | 325 ++ source4/heimdal/lib/hcrypto/engine.h | 103 + source4/heimdal/lib/hcrypto/evp.c | 905 ++++++ source4/heimdal/lib/hcrypto/evp.h | 255 ++ source4/heimdal/lib/hcrypto/hash.h | 71 + source4/heimdal/lib/hcrypto/hmac.c | 122 + source4/heimdal/lib/hcrypto/hmac.h | 82 + source4/heimdal/lib/hcrypto/imath/LICENSE | 21 + source4/heimdal/lib/hcrypto/imath/imath.c | 3267 ++++++++++++++++++++ source4/heimdal/lib/hcrypto/imath/imath.h | 220 ++ source4/heimdal/lib/hcrypto/imath/iprime.c | 186 ++ source4/heimdal/lib/hcrypto/imath/iprime.h | 51 + source4/heimdal/lib/hcrypto/md2.c | 138 + source4/heimdal/lib/hcrypto/md2.h | 63 + source4/heimdal/lib/hcrypto/md4.c | 250 ++ source4/heimdal/lib/hcrypto/md4.h | 62 + source4/heimdal/lib/hcrypto/md5.c | 274 ++ source4/heimdal/lib/hcrypto/md5.h | 62 + source4/heimdal/lib/hcrypto/pkcs12.c | 150 + source4/heimdal/lib/hcrypto/pkcs12.h | 57 + source4/heimdal/lib/hcrypto/pkcs5.c | 116 + source4/heimdal/lib/hcrypto/rand-egd.c | 262 ++ source4/heimdal/lib/hcrypto/rand-fortuna.c | 563 ++++ source4/heimdal/lib/hcrypto/rand-unix.c | 161 + source4/heimdal/lib/hcrypto/rand.c | 215 ++ source4/heimdal/lib/hcrypto/rand.h | 108 + source4/heimdal/lib/hcrypto/randi.h | 45 + source4/heimdal/lib/hcrypto/rc2.c | 245 ++ source4/heimdal/lib/hcrypto/rc2.h | 71 + source4/heimdal/lib/hcrypto/rc4.c | 82 + source4/heimdal/lib/hcrypto/rc4.h | 46 + source4/heimdal/lib/hcrypto/resource.h | 18 + source4/heimdal/lib/hcrypto/rijndael-alg-fst.c | 1231 ++++++++ source4/heimdal/lib/hcrypto/rijndael-alg-fst.h | 46 + source4/heimdal/lib/hcrypto/rnd_keys.c | 509 +++ source4/heimdal/lib/hcrypto/rsa-imath.c | 661 ++++ source4/heimdal/lib/hcrypto/rsa.c | 472 +++ source4/heimdal/lib/hcrypto/rsa.h | 175 ++ source4/heimdal/lib/hcrypto/sha.c | 300 ++ source4/heimdal/lib/hcrypto/sha.h | 83 + source4/heimdal/lib/hcrypto/sha256.c | 233 ++ source4/heimdal/lib/hcrypto/ui.c | 164 + source4/heimdal/lib/hcrypto/ui.h | 45 + source4/heimdal/lib/hdb/db.c | 60 +- source4/heimdal/lib/hdb/ext.c | 16 +- source4/heimdal/lib/hdb/hdb-protos.h | 64 +- source4/heimdal/lib/hdb/hdb.asn1 | 6 +- source4/heimdal/lib/hdb/hdb.c | 19 +- source4/heimdal/lib/hdb/hdb.h | 9 +- source4/heimdal/lib/hdb/hdb_err.et | 2 +- source4/heimdal/lib/hdb/hdb_locl.h | 2 +- source4/heimdal/lib/hdb/keys.c | 2 +- source4/heimdal/lib/hdb/keytab.c | 2 +- source4/heimdal/lib/hdb/mkey.c | 2 +- source4/heimdal/lib/hdb/ndbm.c | 2 +- source4/heimdal/lib/hx509/ca.c | 331 +- source4/heimdal/lib/hx509/cert.c | 236 +- source4/heimdal/lib/hx509/cms.c | 191 +- source4/heimdal/lib/hx509/collector.c | 21 +- source4/heimdal/lib/hx509/crmf.asn1 | 2 +- source4/heimdal/lib/hx509/crypto.c | 316 +- source4/heimdal/lib/hx509/env.c | 111 + source4/heimdal/lib/hx509/error.c | 17 +- source4/heimdal/lib/hx509/file.c | 21 + source4/heimdal/lib/hx509/hx509-private.h | 65 +- source4/heimdal/lib/hx509/hx509-protos.h | 168 +- source4/heimdal/lib/hx509/hx509.h | 17 +- source4/heimdal/lib/hx509/hx509_err.et | 5 +- source4/heimdal/lib/hx509/hx_locl.h | 21 +- source4/heimdal/lib/hx509/keyset.c | 16 +- source4/heimdal/lib/hx509/ks_dir.c | 2 +- source4/heimdal/lib/hx509/ks_file.c | 15 +- source4/heimdal/lib/hx509/ks_keychain.c | 487 +++ source4/heimdal/lib/hx509/ks_mem.c | 3 +- source4/heimdal/lib/hx509/ks_null.c | 8 +- source4/heimdal/lib/hx509/ks_p11.c | 27 +- source4/heimdal/lib/hx509/ks_p12.c | 45 +- source4/heimdal/lib/hx509/lock.c | 2 +- source4/heimdal/lib/hx509/name.c | 240 +- source4/heimdal/lib/hx509/ocsp.asn1 | 2 +- source4/heimdal/lib/hx509/peer.c | 8 +- source4/heimdal/lib/hx509/pkcs10.asn1 | 2 +- source4/heimdal/lib/hx509/print.c | 401 ++- source4/heimdal/lib/hx509/req.c | 4 +- source4/heimdal/lib/hx509/revoke.c | 265 +- source4/heimdal/lib/hx509/test_name.c | 44 +- source4/heimdal/lib/krb5/acache.c | 2 +- source4/heimdal/lib/krb5/add_et_list.c | 2 +- source4/heimdal/lib/krb5/addr_families.c | 2 +- source4/heimdal/lib/krb5/appdefault.c | 2 +- source4/heimdal/lib/krb5/asn1_glue.c | 21 +- source4/heimdal/lib/krb5/auth_context.c | 2 +- source4/heimdal/lib/krb5/build_ap_req.c | 2 +- source4/heimdal/lib/krb5/build_auth.c | 2 +- source4/heimdal/lib/krb5/cache.c | 5 +- source4/heimdal/lib/krb5/changepw.c | 2 +- source4/heimdal/lib/krb5/codec.c | 2 +- source4/heimdal/lib/krb5/config_file.c | 2 +- source4/heimdal/lib/krb5/config_file_netinfo.c | 2 +- source4/heimdal/lib/krb5/constants.c | 2 +- source4/heimdal/lib/krb5/context.c | 2 +- source4/heimdal/lib/krb5/convert_creds.c | 2 +- source4/heimdal/lib/krb5/copy_host_realm.c | 2 +- source4/heimdal/lib/krb5/crc.c | 2 +- source4/heimdal/lib/krb5/creds.c | 2 +- source4/heimdal/lib/krb5/crypto.c | 225 +- source4/heimdal/lib/krb5/data.c | 10 +- source4/heimdal/lib/krb5/eai_to_heim_errno.c | 2 +- source4/heimdal/lib/krb5/error_string.c | 2 +- source4/heimdal/lib/krb5/expand_hostname.c | 2 +- source4/heimdal/lib/krb5/fcache.c | 2 +- source4/heimdal/lib/krb5/free.c | 2 +- source4/heimdal/lib/krb5/free_host_realm.c | 2 +- source4/heimdal/lib/krb5/generate_seq_number.c | 2 +- source4/heimdal/lib/krb5/generate_subkey.c | 2 +- source4/heimdal/lib/krb5/get_cred.c | 40 +- source4/heimdal/lib/krb5/get_default_principal.c | 2 +- source4/heimdal/lib/krb5/get_default_realm.c | 2 +- source4/heimdal/lib/krb5/get_for_creds.c | 2 +- source4/heimdal/lib/krb5/get_host_realm.c | 2 +- source4/heimdal/lib/krb5/get_in_tkt.c | 113 +- source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c | 2 +- source4/heimdal/lib/krb5/get_port.c | 2 +- source4/heimdal/lib/krb5/heim_err.et | 2 +- source4/heimdal/lib/krb5/heim_threads.h | 2 +- source4/heimdal/lib/krb5/init_creds.c | 37 +- source4/heimdal/lib/krb5/init_creds_pw.c | 75 +- source4/heimdal/lib/krb5/k524_err.et | 2 +- source4/heimdal/lib/krb5/kcm.c | 2 +- source4/heimdal/lib/krb5/keyblock.c | 2 +- source4/heimdal/lib/krb5/keytab.c | 11 +- source4/heimdal/lib/krb5/keytab_any.c | 2 +- source4/heimdal/lib/krb5/keytab_file.c | 2 +- source4/heimdal/lib/krb5/keytab_keyfile.c | 6 +- source4/heimdal/lib/krb5/keytab_krb4.c | 2 +- source4/heimdal/lib/krb5/keytab_memory.c | 2 +- source4/heimdal/lib/krb5/krb5-private.h | 11 +- source4/heimdal/lib/krb5/krb5-protos.h | 76 +- source4/heimdal/lib/krb5/krb5-v4compat.h | 2 +- source4/heimdal/lib/krb5/krb5.h | 11 +- source4/heimdal/lib/krb5/krb5_ccapi.h | 2 +- source4/heimdal/lib/krb5/krb5_err.et | 11 +- source4/heimdal/lib/krb5/krb5_locl.h | 10 +- source4/heimdal/lib/krb5/krbhst.c | 2 +- source4/heimdal/lib/krb5/locate_plugin.h | 2 +- source4/heimdal/lib/krb5/log.c | 2 +- source4/heimdal/lib/krb5/mcache.c | 4 +- source4/heimdal/lib/krb5/misc.c | 2 +- source4/heimdal/lib/krb5/mit_glue.c | 29 +- source4/heimdal/lib/krb5/mk_error.c | 2 +- source4/heimdal/lib/krb5/mk_priv.c | 2 +- source4/heimdal/lib/krb5/mk_rep.c | 2 +- source4/heimdal/lib/krb5/mk_req.c | 2 +- source4/heimdal/lib/krb5/mk_req_ext.c | 2 +- source4/heimdal/lib/krb5/n-fold.c | 2 +- source4/heimdal/lib/krb5/pac.c | 47 +- source4/heimdal/lib/krb5/padata.c | 2 +- source4/heimdal/lib/krb5/pkinit.c | 60 +- source4/heimdal/lib/krb5/plugin.c | 2 +- source4/heimdal/lib/krb5/principal.c | 42 +- source4/heimdal/lib/krb5/prompter_posix.c | 2 +- source4/heimdal/lib/krb5/rd_cred.c | 10 +- source4/heimdal/lib/krb5/rd_error.c | 6 +- source4/heimdal/lib/krb5/rd_priv.c | 2 +- source4/heimdal/lib/krb5/rd_rep.c | 2 +- source4/heimdal/lib/krb5/rd_req.c | 6 +- source4/heimdal/lib/krb5/replay.c | 2 +- source4/heimdal/lib/krb5/send_to_kdc.c | 4 +- source4/heimdal/lib/krb5/set_default_realm.c | 2 +- source4/heimdal/lib/krb5/store.c | 6 +- source4/heimdal/lib/krb5/store_emem.c | 2 +- source4/heimdal/lib/krb5/store_fd.c | 2 +- source4/heimdal/lib/krb5/store_mem.c | 4 +- source4/heimdal/lib/krb5/ticket.c | 2 +- source4/heimdal/lib/krb5/time.c | 2 +- source4/heimdal/lib/krb5/transited.c | 2 +- source4/heimdal/lib/krb5/v4_glue.c | 2 +- source4/heimdal/lib/krb5/version.c | 2 +- source4/heimdal/lib/krb5/warn.c | 2 +- source4/heimdal/lib/ntlm/heimntlm-protos.h | 2 +- source4/heimdal/lib/ntlm/heimntlm.h | 2 +- source4/heimdal/lib/ntlm/ntlm.c | 25 +- source4/heimdal/lib/roken/base64.c | 2 +- source4/heimdal/lib/roken/base64.h | 2 +- source4/heimdal/lib/roken/bswap.c | 2 +- source4/heimdal/lib/roken/closefrom.c | 2 +- source4/heimdal/lib/roken/copyhostent.c | 2 +- source4/heimdal/lib/roken/dumpdata.c | 2 +- source4/heimdal/lib/roken/ecalloc.c | 2 +- source4/heimdal/lib/roken/emalloc.c | 2 +- source4/heimdal/lib/roken/erealloc.c | 2 +- source4/heimdal/lib/roken/estrdup.c | 2 +- source4/heimdal/lib/roken/freeaddrinfo.c | 2 +- source4/heimdal/lib/roken/freehostent.c | 2 +- source4/heimdal/lib/roken/gai_strerror.c | 2 +- source4/heimdal/lib/roken/get_window_size.c | 2 +- source4/heimdal/lib/roken/getaddrinfo.c | 2 +- source4/heimdal/lib/roken/getarg.c | 2 +- source4/heimdal/lib/roken/getarg.h | 2 +- source4/heimdal/lib/roken/getipnodebyaddr.c | 2 +- source4/heimdal/lib/roken/getipnodebyname.c | 2 +- source4/heimdal/lib/roken/getnameinfo.c | 4 +- source4/heimdal/lib/roken/getprogname.c | 2 +- source4/heimdal/lib/roken/h_errno.c | 2 +- source4/heimdal/lib/roken/hex.c | 2 +- source4/heimdal/lib/roken/hex.h | 2 +- source4/heimdal/lib/roken/hostent_find_fqdn.c | 2 +- source4/heimdal/lib/roken/inet_aton.c | 2 +- source4/heimdal/lib/roken/inet_ntop.c | 2 +- source4/heimdal/lib/roken/inet_pton.c | 2 +- source4/heimdal/lib/roken/issuid.c | 2 +- source4/heimdal/lib/roken/net_read.c | 2 +- source4/heimdal/lib/roken/net_write.c | 2 +- source4/heimdal/lib/roken/parse_bytes.h | 2 +- source4/heimdal/lib/roken/parse_time.c | 2 +- source4/heimdal/lib/roken/parse_time.h | 2 +- source4/heimdal/lib/roken/parse_units.c | 2 +- source4/heimdal/lib/roken/parse_units.h | 2 +- source4/heimdal/lib/roken/resolve.c | 22 +- source4/heimdal/lib/roken/resolve.h | 2 +- source4/heimdal/lib/roken/roken-common.h | 5 +- source4/heimdal/lib/roken/roken_gethostby.c | 2 +- source4/heimdal/lib/roken/rtbl.c | 489 +++ source4/heimdal/lib/roken/rtbl.h | 118 + source4/heimdal/lib/roken/setprogname.c | 2 +- source4/heimdal/lib/roken/signal.c | 2 +- source4/heimdal/lib/roken/simple_exec.c | 2 +- source4/heimdal/lib/roken/socket.c | 2 +- source4/heimdal/lib/roken/strcollect.c | 2 +- source4/heimdal/lib/roken/strlwr.c | 2 +- source4/heimdal/lib/roken/strpool.c | 2 +- source4/heimdal/lib/roken/strsep.c | 2 +- source4/heimdal/lib/roken/strsep_copy.c | 2 +- source4/heimdal/lib/roken/strupr.c | 2 +- source4/heimdal/lib/roken/vis.c | 2 +- source4/heimdal/lib/vers/print_version.c | 2 +- 503 files changed, 23016 insertions(+), 17324 deletions(-) delete mode 100755 source4/heimdal/lib/des/aes.c delete mode 100755 source4/heimdal/lib/des/aes.h delete mode 100644 source4/heimdal/lib/des/bn.c delete mode 100644 source4/heimdal/lib/des/bn.h delete mode 100644 source4/heimdal/lib/des/des-tables.h delete mode 100644 source4/heimdal/lib/des/des.c delete mode 100644 source4/heimdal/lib/des/des.h delete mode 100644 source4/heimdal/lib/des/dh-imath.c delete mode 100644 source4/heimdal/lib/des/dh.c delete mode 100644 source4/heimdal/lib/des/dh.h delete mode 100644 source4/heimdal/lib/des/dsa.c delete mode 100644 source4/heimdal/lib/des/dsa.h delete mode 100644 source4/heimdal/lib/des/engine.c delete mode 100644 source4/heimdal/lib/des/engine.h delete mode 100644 source4/heimdal/lib/des/evp.c delete mode 100644 source4/heimdal/lib/des/evp.h delete mode 100644 source4/heimdal/lib/des/hash.h delete mode 100644 source4/heimdal/lib/des/hmac.c delete mode 100644 source4/heimdal/lib/des/hmac.h delete mode 100644 source4/heimdal/lib/des/imath/LICENSE delete mode 100755 source4/heimdal/lib/des/imath/imath.c delete mode 100755 source4/heimdal/lib/des/imath/imath.h delete mode 100755 source4/heimdal/lib/des/imath/iprime.c delete mode 100755 source4/heimdal/lib/des/imath/iprime.h delete mode 100644 source4/heimdal/lib/des/md2.c delete mode 100644 source4/heimdal/lib/des/md2.h delete mode 100644 source4/heimdal/lib/des/md4.c delete mode 100644 source4/heimdal/lib/des/md4.h delete mode 100644 source4/heimdal/lib/des/md5.c delete mode 100644 source4/heimdal/lib/des/md5.h delete mode 100644 source4/heimdal/lib/des/pkcs12.c delete mode 100644 source4/heimdal/lib/des/pkcs12.h delete mode 100644 source4/heimdal/lib/des/pkcs5.c delete mode 100644 source4/heimdal/lib/des/rand-unix.c delete mode 100644 source4/heimdal/lib/des/rand.c delete mode 100644 source4/heimdal/lib/des/rand.h delete mode 100755 source4/heimdal/lib/des/rc2.c delete mode 100755 source4/heimdal/lib/des/rc2.h delete mode 100755 source4/heimdal/lib/des/rc4.c delete mode 100644 source4/heimdal/lib/des/rc4.h delete mode 100644 source4/heimdal/lib/des/resource.h delete mode 100755 source4/heimdal/lib/des/rijndael-alg-fst.c delete mode 100755 source4/heimdal/lib/des/rijndael-alg-fst.h delete mode 100644 source4/heimdal/lib/des/rnd_keys.c delete mode 100644 source4/heimdal/lib/des/rsa-imath.c delete mode 100644 source4/heimdal/lib/des/rsa.c delete mode 100644 source4/heimdal/lib/des/rsa.h delete mode 100644 source4/heimdal/lib/des/sha.c delete mode 100644 source4/heimdal/lib/des/sha.h delete mode 100644 source4/heimdal/lib/des/sha256.c delete mode 100644 source4/heimdal/lib/des/ui.c delete mode 100644 source4/heimdal/lib/des/ui.h delete mode 100644 source4/heimdal/lib/gssapi/gssapi.h delete mode 100644 source4/heimdal/lib/gssapi/krb5/add_oid_set_member.c delete mode 100644 source4/heimdal/lib/gssapi/krb5/create_emtpy_oid_set.c create mode 100644 source4/heimdal/lib/gssapi/krb5/prf.c delete mode 100644 source4/heimdal/lib/gssapi/krb5/release_oid_set.c delete mode 100644 source4/heimdal/lib/gssapi/krb5/test_oid_set_member.c create mode 100644 source4/heimdal/lib/gssapi/mech/context.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c create mode 100755 source4/heimdal/lib/hcrypto/aes.c create mode 100755 source4/heimdal/lib/hcrypto/aes.h create mode 100644 source4/heimdal/lib/hcrypto/bn.c create mode 100644 source4/heimdal/lib/hcrypto/bn.h create mode 100644 source4/heimdal/lib/hcrypto/des-tables.h create mode 100644 source4/heimdal/lib/hcrypto/des.c create mode 100644 source4/heimdal/lib/hcrypto/des.h create mode 100644 source4/heimdal/lib/hcrypto/dh-imath.c create mode 100644 source4/heimdal/lib/hcrypto/dh.c create mode 100644 source4/heimdal/lib/hcrypto/dh.h create mode 100644 source4/heimdal/lib/hcrypto/dsa.c create mode 100644 source4/heimdal/lib/hcrypto/dsa.h create mode 100644 source4/heimdal/lib/hcrypto/engine.c create mode 100644 source4/heimdal/lib/hcrypto/engine.h create mode 100644 source4/heimdal/lib/hcrypto/evp.c create mode 100644 source4/heimdal/lib/hcrypto/evp.h create mode 100644 source4/heimdal/lib/hcrypto/hash.h create mode 100644 source4/heimdal/lib/hcrypto/hmac.c create mode 100644 source4/heimdal/lib/hcrypto/hmac.h create mode 100644 source4/heimdal/lib/hcrypto/imath/LICENSE create mode 100755 source4/heimdal/lib/hcrypto/imath/imath.c create mode 100755 source4/heimdal/lib/hcrypto/imath/imath.h create mode 100755 source4/heimdal/lib/hcrypto/imath/iprime.c create mode 100755 source4/heimdal/lib/hcrypto/imath/iprime.h create mode 100644 source4/heimdal/lib/hcrypto/md2.c create mode 100644 source4/heimdal/lib/hcrypto/md2.h create mode 100644 source4/heimdal/lib/hcrypto/md4.c create mode 100644 source4/heimdal/lib/hcrypto/md4.h create mode 100644 source4/heimdal/lib/hcrypto/md5.c create mode 100644 source4/heimdal/lib/hcrypto/md5.h create mode 100644 source4/heimdal/lib/hcrypto/pkcs12.c create mode 100644 source4/heimdal/lib/hcrypto/pkcs12.h create mode 100644 source4/heimdal/lib/hcrypto/pkcs5.c create mode 100644 source4/heimdal/lib/hcrypto/rand-egd.c create mode 100644 source4/heimdal/lib/hcrypto/rand-fortuna.c create mode 100644 source4/heimdal/lib/hcrypto/rand-unix.c create mode 100644 source4/heimdal/lib/hcrypto/rand.c create mode 100644 source4/heimdal/lib/hcrypto/rand.h create mode 100644 source4/heimdal/lib/hcrypto/randi.h create mode 100755 source4/heimdal/lib/hcrypto/rc2.c create mode 100755 source4/heimdal/lib/hcrypto/rc2.h create mode 100755 source4/heimdal/lib/hcrypto/rc4.c create mode 100644 source4/heimdal/lib/hcrypto/rc4.h create mode 100644 source4/heimdal/lib/hcrypto/resource.h create mode 100755 source4/heimdal/lib/hcrypto/rijndael-alg-fst.c create mode 100755 source4/heimdal/lib/hcrypto/rijndael-alg-fst.h create mode 100644 source4/heimdal/lib/hcrypto/rnd_keys.c create mode 100644 source4/heimdal/lib/hcrypto/rsa-imath.c create mode 100644 source4/heimdal/lib/hcrypto/rsa.c create mode 100644 source4/heimdal/lib/hcrypto/rsa.h create mode 100644 source4/heimdal/lib/hcrypto/sha.c create mode 100644 source4/heimdal/lib/hcrypto/sha.h create mode 100644 source4/heimdal/lib/hcrypto/sha256.c create mode 100644 source4/heimdal/lib/hcrypto/ui.c create mode 100644 source4/heimdal/lib/hcrypto/ui.h create mode 100644 source4/heimdal/lib/hx509/env.c create mode 100644 source4/heimdal/lib/hx509/ks_keychain.c create mode 100644 source4/heimdal/lib/roken/rtbl.c create mode 100644 source4/heimdal/lib/roken/rtbl.h (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/524.c b/source4/heimdal/kdc/524.c index 56c12efd60..3e4ad29253 100644 --- a/source4/heimdal/kdc/524.c +++ b/source4/heimdal/kdc/524.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: 524.c,v 1.40 2006/10/06 17:06:30 lha Exp $"); +RCSID("$Id: 524.c 18270 2006-10-06 17:06:30Z lha $"); #include diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c index 2352020d86..c28bd424ea 100644 --- a/source4/heimdal/kdc/default_config.c +++ b/source4/heimdal/kdc/default_config.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * * All rights reserved. @@ -33,110 +33,61 @@ */ #include "kdc_locl.h" +#include +#include -int require_preauth = -1; /* 1 == require preauth for all principals */ +RCSID("$Id: default_config.c 20532 2007-04-23 07:46:57Z lha $"); -const char *trpolicy_str; -int disable_des = -1; -int enable_v4 = -1; -int enable_kaserver = -1; -int enable_524 = -1; -int enable_v4_cross_realm = -1; -int detach_from_console = -1; - -char *v4_realm; - -/* - * Setup some of the defaults for the KDC configuration. - * - * Note: Caller must also fill in: - * - db - * - num_db - * - logf - * -*/ - -void -krb5_kdc_default_config(krb5_kdc_configuration *config) -{ - memset(config, 0, sizeof(*config)); - config->require_preauth = TRUE; - config->kdc_warn_pwexpire = 0; - config->encode_as_rep_as_tgs_rep = FALSE; /* bug compatibility */ - config->check_ticket_addresses = TRUE; - config->allow_null_ticket_addresses = TRUE; - config->allow_anonymous = FALSE; - config->trpolicy = TRPOLICY_ALWAYS_CHECK; - config->enable_v4 = FALSE; - config->enable_kaserver = FALSE; - config->enable_524 = FALSE; /* overriden by enable_v4 in configure()) */ - config->enable_v4_cross_realm = FALSE; - config->enable_pkinit = FALSE; - config->enable_pkinit_princ_in_cert = TRUE; - config->db = NULL; - config->num_db = 0; - config->logf = NULL; -} - - -/* - * Setup some valudes for the KDC configuration, from the config file - * - * Note: Caller must also fill in: - * - db - * - num_db - * - logf - * -*/ - -void krb5_kdc_configure(krb5_context context, krb5_kdc_configuration *config) +int +krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) { - const char *p; - if(require_preauth == -1) { - config->require_preauth = krb5_config_get_bool_default(context, NULL, - config->require_preauth, - "kdc", - "require-preauth", NULL); - } else { - config->require_preauth = require_preauth; - } + krb5_kdc_configuration *c; - if(enable_v4 == -1) { - config->enable_v4 = krb5_config_get_bool_default(context, NULL, - config->enable_v4, - "kdc", - "enable-kerberos4", - NULL); - } else { - config->enable_v4 = enable_v4; + c = calloc(1, sizeof(*c)); + if (c == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; } - if(enable_v4_cross_realm == -1) { - config->enable_v4_cross_realm = - krb5_config_get_bool_default(context, NULL, - config->enable_v4_cross_realm, - "kdc", - "enable-kerberos4-cross-realm", - NULL); - } else { - config->enable_v4_cross_realm = enable_v4_cross_realm; - } - - if(enable_524 == -1) { - config->enable_524 = krb5_config_get_bool_default(context, NULL, - config->enable_v4, - "kdc", "enable-524", - NULL); - } else { - config->enable_524 = enable_524; - } - - config->enable_digest = + c->require_preauth = TRUE; + c->kdc_warn_pwexpire = 0; + c->encode_as_rep_as_tgs_rep = FALSE; + c->check_ticket_addresses = TRUE; + c->allow_null_ticket_addresses = TRUE; + c->allow_anonymous = FALSE; + c->trpolicy = TRPOLICY_ALWAYS_CHECK; + c->enable_v4 = FALSE; + c->enable_kaserver = FALSE; + c->enable_524 = FALSE; + c->enable_v4_cross_realm = FALSE; + c->enable_pkinit = FALSE; + c->enable_pkinit_princ_in_cert = TRUE; + c->db = NULL; + c->num_db = 0; + c->logf = NULL; + + c->require_preauth = krb5_config_get_bool_default(context, NULL, - FALSE, - "kdc", - "enable-digest", NULL); + c->require_preauth, + "kdc", "require-preauth", NULL); + c->enable_v4 = + krb5_config_get_bool_default(context, NULL, + c->enable_v4, + "kdc", "enable-kerberos4", NULL); + c->enable_v4_cross_realm = + krb5_config_get_bool_default(context, NULL, + c->enable_v4_cross_realm, + "kdc", + "enable-kerberos4-cross-realm", NULL); + c->enable_524 = + krb5_config_get_bool_default(context, NULL, + c->enable_v4, + "kdc", "enable-524", NULL); + c->enable_digest = + krb5_config_get_bool_default(context, NULL, + FALSE, + "kdc", "enable-digest", NULL); { const char *digests; @@ -146,46 +97,57 @@ void krb5_kdc_configure(krb5_context context, krb5_kdc_configuration *config) "digests_allowed", NULL); if (digests == NULL) digests = "ntlm-v2"; - config->digests_allowed = parse_flags(digests, - _kdc_digestunits, - 0); - if (config->digests_allowed == -1) { - kdc_log(context, config, 0, + c->digests_allowed = parse_flags(digests,_kdc_digestunits, 0); + if (c->digests_allowed == -1) { + kdc_log(context, c, 0, "unparsable digest units (%s), turning off digest", digests); - config->enable_digest = 0; - } else if (config->digests_allowed == 0) { - kdc_log(context, config, 0, + c->enable_digest = 0; + } else if (c->digests_allowed == 0) { + kdc_log(context, c, 0, "no digest enable, turning digest off", digests); - config->enable_digest = 0; + c->enable_digest = 0; } } - config->enable_kx509 = + c->enable_kx509 = krb5_config_get_bool_default(context, NULL, FALSE, - "kdc", - "enable-kx509", NULL); + "kdc", "enable-kx509", NULL); + + if (c->enable_kx509) { + c->kx509_template = + krb5_config_get_string(context, NULL, + "kdc", "kx509_template", NULL); + c->kx509_ca = + krb5_config_get_string(context, NULL, + "kdc", "kx509_ca", NULL); + if (c->kx509_ca == NULL || c->kx509_template == NULL) { + kdc_log(context, c, 0, + "missing kx509 configuration, turning off"); + c->enable_kx509 = FALSE; + } + } - config->check_ticket_addresses = + c->check_ticket_addresses = krb5_config_get_bool_default(context, NULL, - config->check_ticket_addresses, + c->check_ticket_addresses, "kdc", "check-ticket-addresses", NULL); - config->allow_null_ticket_addresses = + c->allow_null_ticket_addresses = krb5_config_get_bool_default(context, NULL, - config->allow_null_ticket_addresses, + c->allow_null_ticket_addresses, "kdc", "allow-null-ticket-addresses", NULL); - config->allow_anonymous = + c->allow_anonymous = krb5_config_get_bool_default(context, NULL, - config->allow_anonymous, + c->allow_anonymous, "kdc", "allow-anonymous", NULL); - config->max_datagram_reply_length = + c->max_datagram_reply_length = krb5_config_get_int_default(context, NULL, 1400, @@ -193,178 +155,124 @@ void krb5_kdc_configure(krb5_context context, krb5_kdc_configuration *config) "max-kdc-datagram-reply-length", NULL); - trpolicy_str = - krb5_config_get_string_default(context, NULL, "DEFAULT", "kdc", - "transited-policy", NULL); - if(strcasecmp(trpolicy_str, "always-check") == 0) { - config->trpolicy = TRPOLICY_ALWAYS_CHECK; - } else if(strcasecmp(trpolicy_str, "allow-per-principal") == 0) { - config->trpolicy = TRPOLICY_ALLOW_PER_PRINCIPAL; - } else if(strcasecmp(trpolicy_str, "always-honour-request") == 0) { - config->trpolicy = TRPOLICY_ALWAYS_HONOUR_REQUEST; - } else if(strcasecmp(trpolicy_str, "DEFAULT") == 0) { - /* default */ - } else { - kdc_log(context, config, - 0, "unknown transited-policy: %s, reverting to default (always-check)", - trpolicy_str); + { + const char *trpolicy_str; + + trpolicy_str = + krb5_config_get_string_default(context, NULL, "DEFAULT", "kdc", + "transited-policy", NULL); + if(strcasecmp(trpolicy_str, "always-check") == 0) { + c->trpolicy = TRPOLICY_ALWAYS_CHECK; + } else if(strcasecmp(trpolicy_str, "allow-per-principal") == 0) { + c->trpolicy = TRPOLICY_ALLOW_PER_PRINCIPAL; + } else if(strcasecmp(trpolicy_str, "always-honour-request") == 0) { + c->trpolicy = TRPOLICY_ALWAYS_HONOUR_REQUEST; + } else if(strcasecmp(trpolicy_str, "DEFAULT") == 0) { + /* default */ + } else { + kdc_log(context, c, 0, + "unknown transited-policy: %s, " + "reverting to default (always-check)", + trpolicy_str); + } } - - if (krb5_config_get_string(context, NULL, "kdc", - "enforce-transited-policy", NULL)) - krb5_errx(context, 1, "enforce-transited-policy deprecated, " - "use [kdc]transited-policy instead"); - if(v4_realm == NULL){ + { + const char *p; p = krb5_config_get_string (context, NULL, "kdc", "v4-realm", NULL); if(p != NULL) { - config->v4_realm = strdup(p); - if (config->v4_realm == NULL) + c->v4_realm = strdup(p); + if (c->v4_realm == NULL) krb5_errx(context, 1, "out of memory"); } else { - config->v4_realm = NULL; + c->v4_realm = NULL; } - } else { - config->v4_realm = v4_realm; } - if (enable_kaserver == -1) { - config->enable_kaserver = - krb5_config_get_bool_default(context, - NULL, - config->enable_kaserver, - "kdc", - "enable-kaserver", - NULL); - } else { - config->enable_kaserver = enable_kaserver; - } + c->enable_kaserver = + krb5_config_get_bool_default(context, + NULL, + c->enable_kaserver, + "kdc", "enable-kaserver", NULL); - config->encode_as_rep_as_tgs_rep = + + c->encode_as_rep_as_tgs_rep = krb5_config_get_bool_default(context, NULL, - config->encode_as_rep_as_tgs_rep, + c->encode_as_rep_as_tgs_rep, "kdc", - "encode_as_rep_as_tgs_rep", - NULL); - - config->kdc_warn_pwexpire = + "encode_as_rep_as_tgs_rep", NULL); + + c->kdc_warn_pwexpire = krb5_config_get_time_default (context, NULL, - config->kdc_warn_pwexpire, - "kdc", - "kdc_warn_pwexpire", - NULL); + c->kdc_warn_pwexpire, + "kdc", "kdc_warn_pwexpire", NULL); - if(detach_from_console == -1) - detach_from_console = krb5_config_get_bool_default(context, NULL, - DETACH_IS_DEFAULT, - "kdc", - "detach", NULL); #ifdef PKINIT - config->enable_pkinit = + c->enable_pkinit = krb5_config_get_bool_default(context, NULL, - config->enable_pkinit, + c->enable_pkinit, "kdc", "enable-pkinit", NULL); - if (config->enable_pkinit) { + if (c->enable_pkinit) { const char *user_id, *anchors, *ocsp_file; char **pool_list, **revoke_list; - user_id = krb5_config_get_string(context, NULL, - "kdc", - "pkinit_identity", - NULL); + user_id = + krb5_config_get_string(context, NULL, + "kdc", "pkinit_identity", NULL); if (user_id == NULL) krb5_errx(context, 1, "pkinit enabled but no identity"); anchors = krb5_config_get_string(context, NULL, - "kdc", - "pkinit_anchors", - NULL); + "kdc", "pkinit_anchors", NULL); if (anchors == NULL) krb5_errx(context, 1, "pkinit enabled but no X509 anchors"); - pool_list = krb5_config_get_strings(context, NULL, - "kdc", - "pkinit_pool", - NULL); + pool_list = + krb5_config_get_strings(context, NULL, + "kdc", "pkinit_pool", NULL); - revoke_list = krb5_config_get_strings(context, NULL, - "kdc", - "pkinit_revoke", - NULL); + revoke_list = + krb5_config_get_strings(context, NULL, + "kdc", "pkinit_revoke", NULL); ocsp_file = krb5_config_get_string(context, NULL, - "kdc", - "pkinit_kdc_ocsp", - NULL); + "kdc", "pkinit_kdc_ocsp", NULL); if (ocsp_file) { - config->pkinit_kdc_ocsp_file = strdup(ocsp_file); - if (config->pkinit_kdc_ocsp_file == NULL) + c->pkinit_kdc_ocsp_file = strdup(ocsp_file); + if (c->pkinit_kdc_ocsp_file == NULL) krb5_errx(context, 1, "out of memory"); } - _kdc_pk_initialize(context, config, user_id, anchors, + + _kdc_pk_initialize(context, c, user_id, anchors, pool_list, revoke_list); krb5_config_free_strings(pool_list); krb5_config_free_strings(revoke_list); - config->enable_pkinit_princ_in_cert = - krb5_config_get_bool_default(context, - NULL, - config->enable_pkinit_princ_in_cert, + c->enable_pkinit_princ_in_cert = + krb5_config_get_bool_default(context, NULL, + c->enable_pkinit_princ_in_cert, "kdc", "pkinit_principal_in_certificate", NULL); } - config->pkinit_dh_min_bits = - krb5_config_get_int_default(context, - NULL, + c->pkinit_dh_min_bits = + krb5_config_get_int_default(context, NULL, 0, - "kdc", - "pkinit_dh_min_bits", - NULL); + "kdc", "pkinit_dh_min_bits", NULL); #endif - if(config->v4_realm == NULL && (config->enable_kaserver || config->enable_v4)){ -#ifdef KRB4 - config->v4_realm = malloc(40); /* REALM_SZ */ - if (config->v4_realm == NULL) - krb5_errx(context, 1, "out of memory"); - krb_get_lrealm(config->v4_realm, 1); -#else - krb5_errx(context, 1, "No Kerberos 4 realm configured"); -#endif - } - if(disable_des == -1) - disable_des = krb5_config_get_bool_default(context, NULL, - FALSE, - "kdc", - "disable-des", NULL); - if(disable_des) { - krb5_enctype_disable(context, ETYPE_DES_CBC_CRC); - krb5_enctype_disable(context, ETYPE_DES_CBC_MD4); - krb5_enctype_disable(context, ETYPE_DES_CBC_MD5); - krb5_enctype_disable(context, ETYPE_DES_CBC_NONE); - krb5_enctype_disable(context, ETYPE_DES_CFB64_NONE); - krb5_enctype_disable(context, ETYPE_DES_PCBC_NONE); - - kdc_log(context, config, - 0, "DES was disabled, turned off Kerberos V4, 524 " - "and kaserver"); - config->enable_v4 = 0; - config->enable_524 = 0; - config->enable_kaserver = 0; - } + *config = c; - _kdc_windc_init(context); + return 0; } - diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c index 2c012a2ead..811ab639f1 100644 --- a/source4/heimdal/kdc/digest.c +++ b/source4/heimdal/kdc/digest.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,8 +34,9 @@ #include "kdc_locl.h" #include -RCSID("$Id: digest.c,v 1.19 2006/12/28 17:03:51 lha Exp $"); +RCSID("$Id: digest.c 20877 2007-06-04 04:07:26Z lha $"); +#define MS_CHAP_V2 0x20 #define CHAP_MD5 0x10 #define DIGEST_MD5 0x08 #define NTLM_V2 0x04 @@ -43,6 +44,7 @@ RCSID("$Id: digest.c,v 1.19 2006/12/28 17:03:51 lha Exp $"); #define NTLM_V1 0x01 const struct units _kdc_digestunits[] = { + {"ms-chap-v2", 1U << 5}, {"chap-md5", 1U << 4}, {"digest-md5", 1U << 3}, {"ntlm-v2", 1U << 2}, @@ -135,6 +137,25 @@ fill_targetinfo(krb5_context context, } +static const unsigned char ms_chap_v2_magic1[39] = { + 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, + 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, + 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74 +}; +static const unsigned char ms_chap_v2_magic2[41] = { + 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, + 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, + 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, + 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F, + 0x6E +}; +static const unsigned char ms_rfc3079_magic1[27] = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, + 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 +}; + /* * */ @@ -382,11 +403,6 @@ _kdc_do_digest(krb5_context context, goto out; } - ret = krb5_store_stringz(sp, *r.u.initReply.identifier); - if (ret) { - krb5_clear_error_string(context); - goto out; - } } else r.u.initReply.identifier = NULL; @@ -461,13 +477,7 @@ _kdc_do_digest(krb5_context context, } krb5_store_stringz(sp, ireq.u.digestRequest.serverNonce); - if (ireq.u.digestRequest.identifier) { - ret = krb5_store_stringz(sp, *ireq.u.digestRequest.identifier); - if (ret) { - krb5_clear_error_string(context); - goto out; - } - } + if (ireq.u.digestRequest.hostname) { ret = krb5_store_stringz(sp, *ireq.u.digestRequest.hostname); if (ret) { @@ -587,6 +597,7 @@ _kdc_do_digest(krb5_context context, if (strcasecmp(ireq.u.digestRequest.type, "CHAP") == 0) { MD5_CTX ctx; unsigned char md[MD5_DIGEST_LENGTH]; + char *mdx; char id; if ((config->digests_allowed & CHAP_MD5) == 0) { @@ -613,16 +624,30 @@ _kdc_do_digest(krb5_context context, MD5_Update(&ctx, serverNonce.data, serverNonce.length); MD5_Final(md, &ctx); - r.element = choice_DigestRepInner_response; - hex_encode(md, sizeof(md), &r.u.response.responseData); - if (r.u.response.responseData == NULL) { + hex_encode(md, sizeof(md), &mdx); + if (mdx == NULL) { krb5_clear_error_string(context); ret = ENOMEM; goto out; } + + r.element = choice_DigestRepInner_response; + + ret = strcasecmp(mdx, ireq.u.digestRequest.responseData); + free(mdx); + if (ret == 0) { + r.u.response.success = TRUE; + } else { + kdc_log(context, config, 0, + "CHAP reply mismatch for %s", + ireq.u.digestRequest.username); + r.u.response.success = FALSE; + } + } else if (strcasecmp(ireq.u.digestRequest.type, "SASL-DIGEST-MD5") == 0) { MD5_CTX ctx; unsigned char md[MD5_DIGEST_LENGTH]; + char *mdx; char *A1, *A2; if ((config->digests_allowed & DIGEST_MD5) == 0) { @@ -709,21 +734,212 @@ _kdc_do_digest(krb5_context context, MD5_Final(md, &ctx); - r.element = choice_DigestRepInner_response; - hex_encode(md, sizeof(md), &r.u.response.responseData); - free(A1); free(A2); - if (r.u.response.responseData == NULL) { - krb5_set_error_string(context, "out of memory"); + hex_encode(md, sizeof(md), &mdx); + if (mdx == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + r.element = choice_DigestRepInner_response; + ret = strcasecmp(mdx, ireq.u.digestRequest.responseData); + free(mdx); + if (ret == 0) { + r.u.response.success = TRUE; + } else { + kdc_log(context, config, 0, + "DIGEST-MD5 reply mismatch for %s", + ireq.u.digestRequest.username); + r.u.response.success = FALSE; + } + + } else if (strcasecmp(ireq.u.digestRequest.type, "MS-CHAP-V2") == 0) { + unsigned char md[SHA_DIGEST_LENGTH], challange[SHA_DIGEST_LENGTH]; + char *mdx; + const char *username; + struct ntlm_buf answer; + Key *key = NULL; + SHA_CTX ctx; + + if ((config->digests_allowed & MS_CHAP_V2) == 0) { + kdc_log(context, config, 0, "MS-CHAP-V2 not allowed"); + goto out; + } + + if (ireq.u.digestRequest.clientNonce == NULL) { + krb5_set_error_string(context, + "MS-CHAP-V2 clientNonce missing"); + ret = EINVAL; + goto out; + } + if (serverNonce.length != 16) { + krb5_set_error_string(context, + "MS-CHAP-V2 serverNonce wrong length"); + ret = EINVAL; + goto out; + } + + /* strip of the domain component */ + username = strchr(ireq.u.digestRequest.username, '\\'); + if (username == NULL) + username = ireq.u.digestRequest.username; + else + username++; + + /* ChallangeHash */ + SHA1_Init(&ctx); + { + ssize_t ssize; + krb5_data clientNonce; + + clientNonce.length = strlen(*ireq.u.digestRequest.clientNonce); + clientNonce.data = malloc(clientNonce.length); + if (clientNonce.data == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "out of memory"); + goto out; + } + + ssize = hex_decode(*ireq.u.digestRequest.clientNonce, + clientNonce.data, clientNonce.length); + if (ssize != 16) { + krb5_set_error_string(context, + "Failed to decode clientNonce"); + ret = ENOMEM; + goto out; + } + SHA1_Update(&ctx, clientNonce.data, ssize); + free(clientNonce.data); + } + SHA1_Update(&ctx, serverNonce.data, serverNonce.length); + SHA1_Update(&ctx, username, strlen(username)); + SHA1_Final(challange, &ctx); + + /* NtPasswordHash */ + ret = krb5_parse_name(context, username, &clientprincipal); + if (ret) + goto out; + + ret = _kdc_db_fetch(context, config, clientprincipal, + HDB_F_GET_CLIENT, NULL, &user); + krb5_free_principal(context, clientprincipal); + if (ret) { + krb5_set_error_string(context, + "MS-CHAP-V2 user %s not in database", + username); + goto out; + } + + ret = hdb_enctype2key(context, &user->entry, + ETYPE_ARCFOUR_HMAC_MD5, &key); + if (ret) { + krb5_set_error_string(context, + "MS-CHAP-V2 missing arcfour key %s", + username); + goto out; + } + + /* ChallengeResponse */ + ret = heim_ntlm_calculate_ntlm1(key->key.keyvalue.data, + key->key.keyvalue.length, + challange, &answer); + if (ret) { + krb5_set_error_string(context, "NTLM missing arcfour key"); + goto out; + } + + hex_encode(answer.data, answer.length, &mdx); + if (mdx == NULL) { + free(answer.data); + krb5_clear_error_string(context); ret = ENOMEM; goto out; } + r.element = choice_DigestRepInner_response; + ret = strcasecmp(mdx, ireq.u.digestRequest.responseData); + free(mdx); + if (ret == 0) { + r.u.response.success = TRUE; + } else { + kdc_log(context, config, 0, + "MS-CHAP-V2 reply mismatch for %s", + ireq.u.digestRequest.username); + r.u.response.success = FALSE; + } + + if (r.u.response.success) { + unsigned char hashhash[MD4_DIGEST_LENGTH]; + + /* hashhash */ + { + MD4_CTX hctx; + + MD4_Init(&hctx); + MD4_Update(&hctx, key->key.keyvalue.data, + key->key.keyvalue.length); + MD4_Final(hashhash, &hctx); + } + + /* GenerateAuthenticatorResponse */ + SHA1_Init(&ctx); + SHA1_Update(&ctx, hashhash, sizeof(hashhash)); + SHA1_Update(&ctx, answer.data, answer.length); + SHA1_Update(&ctx, ms_chap_v2_magic1,sizeof(ms_chap_v2_magic1)); + SHA1_Final(md, &ctx); + + SHA1_Init(&ctx); + SHA1_Update(&ctx, md, sizeof(md)); + SHA1_Update(&ctx, challange, 8); + SHA1_Update(&ctx, ms_chap_v2_magic2, sizeof(ms_chap_v2_magic2)); + SHA1_Final(md, &ctx); + + r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp)); + if (r.u.response.rsp == NULL) { + free(answer.data); + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + hex_encode(md, sizeof(md), r.u.response.rsp); + if (r.u.response.rsp == NULL) { + free(answer.data); + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + /* get_master, rfc 3079 3.4 */ + SHA1_Init(&ctx); + SHA1_Update(&ctx, hashhash, 16); /* md4(hash) */ + SHA1_Update(&ctx, answer.data, answer.length); + SHA1_Update(&ctx, ms_rfc3079_magic1, sizeof(ms_rfc3079_magic1)); + SHA1_Final(md, &ctx); + + free(answer.data); + + r.u.response.session_key = + calloc(1, sizeof(*r.u.response.session_key)); + if (r.u.response.session_key == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + ret = krb5_data_copy(r.u.response.session_key, md, 16); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + } + } else { r.element = choice_DigestRepInner_error; - asprintf(&r.u.error.reason, "unsupported digest type %s", + asprintf(&r.u.error.reason, "Unsupported digest type %s", ireq.u.digestRequest.type); if (r.u.error.reason == NULL) { krb5_set_error_string(context, "out of memory"); @@ -745,7 +961,6 @@ _kdc_do_digest(krb5_context context, goto out; } - r.element = choice_DigestRepInner_ntlmInitReply; r.u.ntlmInitReply.flags = NTLM_NEG_UNICODE; @@ -766,12 +981,12 @@ _kdc_do_digest(krb5_context context, NTLM_NEG_TARGET_DOMAIN | NTLM_ENC_128; -#define ALL \ - NTLM_NEG_SIGN| \ - NTLM_NEG_SEAL| \ - NTLM_NEG_ALWAYS_SIGN| \ - NTLM_NEG_NTLM2_SESSION| \ - NTLM_NEG_KEYEX +#define ALL \ + NTLM_NEG_SIGN| \ + NTLM_NEG_SEAL| \ + NTLM_NEG_ALWAYS_SIGN| \ + NTLM_NEG_NTLM2_SESSION| \ + NTLM_NEG_KEYEX r.u.ntlmInitReply.flags |= (ireq.u.ntlmInit.flags & (ALL)); @@ -989,6 +1204,7 @@ _kdc_do_digest(krb5_context context, if ((config->digests_allowed & NTLM_V1_SESSION) == 0) { kdc_log(context, config, 0, "NTLM v1-session not allowed"); + ret = EINVAL; goto out; } @@ -1048,6 +1264,7 @@ _kdc_do_digest(krb5_context context, krb5_set_error_string(context, "NTLM client failed to neg key " "exchange but still sent key"); + ret = EINVAL; goto out; } diff --git a/source4/heimdal/kdc/headers.h b/source4/heimdal/kdc/headers.h index 56ddc8090b..64f6b6e438 100644 --- a/source4/heimdal/kdc/headers.h +++ b/source4/heimdal/kdc/headers.h @@ -32,7 +32,7 @@ */ /* - * $Id: headers.h,v 1.22 2007/01/04 00:15:34 lha Exp $ + * $Id: headers.h 19658 2007-01-04 00:15:34Z lha $ */ #ifndef __HEADERS_H__ diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c index ac282717ed..deb32e1019 100644 --- a/source4/heimdal/kdc/kaserver.c +++ b/source4/heimdal/kdc/kaserver.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kaserver.c,v 1.36 2006/08/23 11:43:44 lha Exp $"); +RCSID("$Id: kaserver.c 17904 2006-08-23 11:45:16Z lha $"); #include #include diff --git a/source4/heimdal/kdc/kdc-private.h b/source4/heimdal/kdc/kdc-private.h index d896bd10e9..030be9ae58 100644 --- a/source4/heimdal/kdc/kdc-private.h +++ b/source4/heimdal/kdc/kdc-private.h @@ -149,9 +149,9 @@ _kdc_find_etype ( Key **/*ret_key*/, krb5_enctype */*ret_etype*/); -PA_DATA* +const PA_DATA* _kdc_find_padata ( - KDC_REQ */*req*/, + const KDC_REQ */*req*/, int */*start*/, int /*type*/); @@ -249,8 +249,8 @@ krb5_error_code _kdc_pk_rd_padata ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, - KDC_REQ */*req*/, - PA_DATA */*pa*/, + const KDC_REQ */*req*/, + const PA_DATA */*pa*/, pk_client_params **/*ret_params*/); krb5_error_code @@ -283,7 +283,4 @@ _kdc_windc_client_access ( struct hdb_entry_ex */*client*/, KDC_REQ */*req*/); -krb5_error_code -_kdc_windc_init (krb5_context /*context*/); - #endif /* __kdc_private_h__ */ diff --git a/source4/heimdal/kdc/kdc-protos.h b/source4/heimdal/kdc/kdc-protos.h index 69bc871b01..f7df365eb2 100644 --- a/source4/heimdal/kdc/kdc-protos.h +++ b/source4/heimdal/kdc/kdc-protos.h @@ -37,8 +37,10 @@ kdc_openlog ( krb5_context /*context*/, krb5_kdc_configuration */*config*/); -void -krb5_kdc_default_config (krb5_kdc_configuration */*config*/); +int +krb5_kdc_get_config ( + krb5_context /*context*/, + krb5_kdc_configuration **/*config*/); int krb5_kdc_process_krb5_request ( @@ -63,6 +65,21 @@ krb5_kdc_process_request ( struct sockaddr */*addr*/, int /*datagram_reply*/); +int +krb5_kdc_save_request ( + krb5_context /*context*/, + const char */*fn*/, + const unsigned char */*buf*/, + size_t /*len*/, + const krb5_data */*reply*/, + const struct sockaddr */*sa*/); + +void +krb5_kdc_update_time (struct timeval */*tv*/); + +krb5_error_code +krb5_kdc_windc_init (krb5_context /*context*/); + #ifdef __cplusplus } #endif diff --git a/source4/heimdal/kdc/kdc.h b/source4/heimdal/kdc/kdc.h index ea9eb7125e..eb24b4ee97 100644 --- a/source4/heimdal/kdc/kdc.h +++ b/source4/heimdal/kdc/kdc.h @@ -35,7 +35,7 @@ */ /* - * $Id: kdc.h,v 1.11 2006/12/28 21:06:56 lha Exp $ + * $Id: kdc.h 19907 2007-01-14 23:10:24Z lha $ */ #ifndef __KDC_H__ @@ -86,6 +86,8 @@ typedef struct krb5_kdc_configuration { size_t max_datagram_reply_length; int enable_kx509; + const char *kx509_template; + const char *kx509_ca; } krb5_kdc_configuration; diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h index ae3b6584a5..fdbdf271de 100644 --- a/source4/heimdal/kdc/kdc_locl.h +++ b/source4/heimdal/kdc/kdc_locl.h @@ -32,7 +32,7 @@ */ /* - * $Id: kdc_locl.h,v 1.76 2006/12/26 17:18:14 lha Exp $ + * $Id: kdc_locl.h 20954 2007-06-07 03:30:15Z lha $ */ #ifndef __KDC_LOCL_H__ @@ -46,6 +46,7 @@ typedef struct pk_client_params pk_client_params; extern sig_atomic_t exit_flag; extern size_t max_request; +extern const char *request_log; extern const char *port_str; extern krb5_addresses explicit_addresses; @@ -55,18 +56,6 @@ extern int enable_http; extern int detach_from_console; -extern int require_preauth; /* 1 == require preauth for all principals */ - -extern const char *trpolicy_str; - -extern int disable_des; -extern int enable_v4; -extern int enable_kaserver; -extern int enable_524; -extern int enable_v4_cross_realm; - -extern char *v4_realm; - extern const struct units _kdc_digestunits[]; #define _PATH_KDC_CONF HDB_DB_DIR "/kdc.conf" @@ -81,6 +70,4 @@ loop(krb5_context context, krb5_kdc_configuration *config); krb5_kdc_configuration * configure(krb5_context context, int argc, char **argv); -void krb5_kdc_configure(krb5_context context, krb5_kdc_configuration *config); - #endif /* __KDC_LOCL_H__ */ diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c index 97e98d86ad..3c76bb99b2 100644 --- a/source4/heimdal/kdc/kerberos4.c +++ b/source4/heimdal/kdc/kerberos4.c @@ -35,7 +35,7 @@ #include -RCSID("$Id: kerberos4.c,v 1.63 2006/10/08 13:43:27 lha Exp $"); +RCSID("$Id: kerberos4.c 18349 2006-10-08 13:43:52Z lha $"); #ifndef swap32 static uint32_t diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index bb0fda89e7..e34938447a 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c,v 1.231 2007/01/04 13:27:27 lha Exp $"); +RCSID("$Id: kerberos5.c 21040 2007-06-10 06:20:59Z lha $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -70,9 +70,12 @@ set_salt_padata (METHOD_DATA *md, Salt *salt) } } -PA_DATA* -_kdc_find_padata(KDC_REQ *req, int *start, int type) +const PA_DATA* +_kdc_find_padata(const KDC_REQ *req, int *start, int type) { + if (req->padata == NULL) + return NULL; + while(*start < req->padata->len){ (*start)++; if(req->padata->val[*start - 1].padata_type == type) @@ -431,7 +434,8 @@ get_pa_etype_info(krb5_context context, ret = krb5_unparse_name(context, client->principal, &name); if (ret) name = rk_UNCONST(""); - kdc_log(context, config, 0, "internal error in get_pa_etype_info(%s): %d != %d", + kdc_log(context, config, 0, + "internal error in get_pa_etype_info(%s): %d != %d", name, n, pa.len); if (ret == 0) free(name); @@ -689,11 +693,11 @@ log_as_req(krb5_context context, } { - char _str[128]; + char fixedstr[128]; unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(), - _str, sizeof(_str)); - if(*_str) - kdc_log(context, config, 2, "Requested flags: %s", _str); + fixedstr, sizeof(fixedstr)); + if(*fixedstr) + kdc_log(context, config, 2, "Requested flags: %s", fixedstr); } } @@ -870,7 +874,7 @@ send_pac_p(krb5_context context, KDC_REQ *req) { krb5_error_code ret; PA_PAC_REQUEST pacreq; - PA_DATA *pa; + const PA_DATA *pa; int i = 0; pa = _kdc_find_padata(req, &i, KRB5_PADATA_PA_PAC_REQUEST); @@ -909,32 +913,37 @@ _kdc_as_rep(krb5_context context, KDCOptions f = b->kdc_options; hdb_entry_ex *client = NULL, *server = NULL; krb5_enctype cetype, setype, sessionetype; + krb5_data e_data; EncTicketPart et; EncKDCRepPart ek; krb5_principal client_princ = NULL, server_princ = NULL; char *client_name = NULL, *server_name = NULL; krb5_error_code ret = 0; const char *e_text = NULL; - krb5_data e_data; krb5_crypto crypto; Key *ckey, *skey; EncryptionKey *reply_key; + int flags = 0; #ifdef PKINIT pk_client_params *pkp = NULL; #endif memset(&rep, 0, sizeof(rep)); - memset(&e_data, 0, sizeof(e_data)); + krb5_data_zero(&e_data); + + if (f.canonicalize) + flags |= HDB_F_CANON; if(b->sname == NULL){ ret = KRB5KRB_ERR_GENERIC; e_text = "No server in request"; } else{ - _krb5_principalname2krb5_principal (context, - &server_princ, - *(b->sname), - b->realm); - ret = krb5_unparse_name(context, server_princ, &server_name); + ret = _krb5_principalname2krb5_principal (context, + &server_princ, + *(b->sname), + b->realm); + if (ret == 0) + ret = krb5_unparse_name(context, server_princ, &server_name); } if (ret) { kdc_log(context, config, 0, @@ -946,10 +955,26 @@ _kdc_as_rep(krb5_context context, ret = KRB5KRB_ERR_GENERIC; e_text = "No client in request"; } else { - _krb5_principalname2krb5_principal (context, - &client_princ, - *(b->cname), - b->realm); + + if (b->cname->name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) { + if (b->cname->name_string.len != 1) { + kdc_log(context, config, 0, + "AS-REQ malformed canon request from %s", from); + ret = KRB5_PARSE_MALFORMED; + goto out; + } + ret = krb5_parse_name(context, b->cname->name_string.val[0], + &client_princ); + if (ret) + goto out; + } else { + ret = _krb5_principalname2krb5_principal (context, + &client_princ, + *(b->cname), + b->realm); + if (ret) + goto out; + } ret = krb5_unparse_name(context, client_princ, &client_name); } if (ret) { @@ -962,7 +987,7 @@ _kdc_as_rep(krb5_context context, client_name, from, server_name); ret = _kdc_db_fetch(context, config, client_princ, - HDB_F_GET_CLIENT, NULL, &client); + HDB_F_GET_CLIENT | flags, NULL, &client); if(ret){ kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name, krb5_get_err_text(context, ret)); @@ -996,7 +1021,7 @@ _kdc_as_rep(krb5_context context, if(req->padata){ int i; - PA_DATA *pa; + const PA_DATA *pa; int found_pa = 0; log_patypes(context, config, req->padata); @@ -1041,7 +1066,7 @@ _kdc_as_rep(krb5_context context, kdc_log(context, config, 0, "%s", e_text); pkp = NULL; - goto ts_enc; + goto out; } found_pa = 1; et.flags.pre_authent = 1; @@ -1169,6 +1194,8 @@ _kdc_as_rep(krb5_context context, (unsigned)abs(kdc_time - p.patimestamp), context->max_skew, client_name); +#if 1 + /* This code is from samba, needs testing */ /* * the following is needed to make windows clients * to retry using the timestamp in the error message @@ -1177,6 +1204,9 @@ _kdc_as_rep(krb5_context context, * is present... */ e_text = NULL; +#else + e_text = "Too large time skew"; +#endif goto out; } et.flags.pre_authent = 1; @@ -1227,6 +1257,12 @@ _kdc_as_rep(krb5_context context, pa->padata_type = KRB5_PADATA_PK_AS_REQ; pa->padata_value.length = 0; pa->padata_value.data = NULL; + + ret = realloc_method_data(&method_data); + pa = &method_data.val[method_data.len-1]; + pa->padata_type = KRB5_PADATA_PK_AS_REQ_WIN; + pa->padata_value.length = 0; + pa->padata_value.data = NULL; #endif /* @@ -1253,12 +1289,12 @@ _kdc_as_rep(krb5_context context, e_data.data = buf; e_data.length = len; e_text ="Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ", + ret = KRB5KDC_ERR_PREAUTH_REQUIRED; kdc_log(context, config, 0, "No preauth found, returning PREAUTH-REQUIRED -- %s", client_name); - goto out; } @@ -1283,45 +1319,57 @@ _kdc_as_rep(krb5_context context, if(ret) goto out; + /* + * Select a session enctype from the list of the crypto systems + * supported enctype, is supported by the client and is one of the + * enctype of the enctype of the krbtgt. + * + * The later is used as a hint what enctype all KDC are supporting + * to make sure a newer version of KDC wont generate a session + * enctype that and older version of a KDC in the same realm can't + * decrypt. + * + * But if the KDC admin is paranoid and doesn't want to have "no + * the best" enctypes on the krbtgt, lets save the best pick from + * the client list and hope that that will work for any other + * KDCs. + */ { const krb5_enctype *p; - int i, j, y; + krb5_enctype clientbest = ETYPE_NULL; + int i, j; p = krb5_kerberos_enctypes(context); sessionetype = ETYPE_NULL; for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) { - /* check it's valid */ if (krb5_enctype_valid(context, p[i]) != 0) continue; - /* check if the client supports it */ for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) { - if (p[i] == b->etype.val[j]) { - /* - * if the server (krbtgt) has explicit etypes, - * check if it also supports it - */ - if (server->entry.etypes) { - for (y = 0; y < server->entry.etypes->len; y++) { - if (p[i] == server->entry.etypes->val[y]) { - sessionetype = p[i]; - break; - } - } - } else { - sessionetype = p[i]; - break; - } - } + Key *dummy; + /* check with client */ + if (p[i] != b->etype.val[j]) + continue; + /* save best of union of { client, crypto system } */ + if (clientbest == ETYPE_NULL) + clientbest = p[i]; + /* check with krbtgt */ + ret = hdb_enctype2key(context, &server->entry, p[i], &dummy); + if (ret) + continue; + sessionetype = p[i]; } } - if (sessionetype == ETYPE_NULL) { - kdc_log(context, config, 0, + /* if krbtgt had no shared keys with client, pick clients best */ + if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) { + sessionetype = clientbest; + } else if (sessionetype == ETYPE_NULL) { + kdc_log(context, config, 0, "Client (%s) from %s has no common enctypes with KDC" - "to use for the session key", - client_name, from); + "to use for the session key", + client_name, from); goto out; } } @@ -1534,6 +1582,58 @@ _kdc_as_rep(krb5_context context, set_salt_padata (rep.padata, ckey->salt); + /* Add signing of alias referral */ + if (f.canonicalize) { + PA_ClientCanonicalized canon; + krb5_data data; + PA_DATA pa; + krb5_crypto crypto; + size_t len; + + memset(&canon, 0, sizeof(canon)); + + canon.names.requested_name = *b->cname; + canon.names.real_name = client->entry.principal->name; + + ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length, + &canon.names, &len, ret); + if (ret) + goto out; + if (data.length != len) + krb5_abortx(context, "internal asn.1 error"); + + /* sign using "returned session key" */ + ret = krb5_crypto_init(context, &et.key, 0, &crypto); + if (ret) { + free(data.data); + goto out; + } + + ret = krb5_create_checksum(context, crypto, + KRB5_KU_CANONICALIZED_NAMES, 0, + data.data, data.length, + &canon.canon_checksum); + free(data.data); + krb5_crypto_destroy(context, crypto); + if (ret) + goto out; + + ASN1_MALLOC_ENCODE(PA_ClientCanonicalized, data.data, data.length, + &canon, &len, ret); + free_Checksum(&canon.canon_checksum); + if (ret) + goto out; + if (data.length != len) + krb5_abortx(context, "internal asn.1 error"); + + pa.padata_type = KRB5_PADATA_CLIENT_CANONICALIZED; + pa.padata_value = data; + ret = add_METHOD_DATA(rep.padata, &pa); + free(data.data); + if (ret) + goto out; + } + if (rep.padata->len == 0) { free(rep.padata); rep.padata = NULL; diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index a056839e5f..02cd92de2e 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: krb5tgs.c,v 1.25 2007/01/04 12:49:45 lha Exp $"); +RCSID("$Id: krb5tgs.c 21041 2007-06-10 06:21:12Z lha $"); /* * return the realm of a krbtgt-ticket or NULL @@ -656,7 +656,7 @@ tgs_make_reply(krb5_context context, KDC_REQ_BODY *b, krb5_const_principal tgt_name, const EncTicketPart *tgt, - const EncryptionKey *ekey, + const EncryptionKey *serverkey, const krb5_keyblock *sessionkey, krb5_kvno kvno, AuthorizationData *auth_data, @@ -883,7 +883,7 @@ tgs_make_reply(krb5_context context, ret = _kdc_encode_reply(context, config, &rep, &et, &ek, et.key.keytype, kvno, - ekey, 0, &tgt->key, e_text, reply); + serverkey, 0, &tgt->key, e_text, reply); out: free_TGS_REP(&rep); free_TransitedEncoding(&et.transited); @@ -1010,7 +1010,7 @@ static krb5_error_code tgs_parse_request(krb5_context context, krb5_kdc_configuration *config, KDC_REQ_BODY *b, - PA_DATA *tgs_req, + const PA_DATA *tgs_req, hdb_entry_ex **krbtgt, krb5_enctype *krbtgt_etype, krb5_ticket **ticket, @@ -1258,6 +1258,7 @@ tgs_build_reply(krb5_context context, krb5_keyblock sessionkey; krb5_kvno kvno; krb5_data rspac; + int cross_realm = 0; PrincipalName *s; Realm r; @@ -1421,6 +1422,8 @@ server_lookup: kdc_log(context, config, 1, "Client not found in database: %s: %s", cpn, krb5_get_err_text(context, ret)); + + cross_realm = 1; } /* @@ -1707,21 +1710,25 @@ server_lookup: /* check PAC if there is one */ { Key *tkey; + krb5_keyblock *tgtkey = NULL; - ret = hdb_enctype2key(context, &krbtgt->entry, - krbtgt_etype, &tkey); - if(ret) { - kdc_log(context, config, 0, - "Failed to find key for krbtgt PAC check"); - goto out; + if (!cross_realm) { + ret = hdb_enctype2key(context, &krbtgt->entry, + krbtgt_etype, &tkey); + if(ret) { + kdc_log(context, config, 0, + "Failed to find key for krbtgt PAC check"); + goto out; + } + tgtkey = &tkey->key; } ret = check_PAC(context, config, client_principal, - client, server, ekey, &tkey->key, + client, server, ekey, tgtkey, tgt, &rspac, &require_signedpath); if (ret) { kdc_log(context, config, 0, - "check_PAC check failed for %s (%s) from %s with %s", + "Verify PAC failed for %s (%s) from %s with %s", spn, cpn, from, krb5_get_err_text(context, ret)); goto out; } @@ -1804,7 +1811,7 @@ _kdc_tgs_rep(krb5_context context, AuthorizationData *auth_data = NULL; krb5_error_code ret; int i = 0; - PA_DATA *tgs_req = NULL; + const PA_DATA *tgs_req; hdb_entry_ex *krbtgt = NULL; krb5_ticket *ticket = NULL; diff --git a/source4/heimdal/kdc/kx509.c b/source4/heimdal/kdc/kx509.c index d817338f73..8414ecb4b2 100644 --- a/source4/heimdal/kdc/kx509.c +++ b/source4/heimdal/kdc/kx509.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,8 +33,10 @@ #include "kdc_locl.h" #include +#include +#include -RCSID("$Id: kx509.c,v 1.1 2006/12/28 21:03:53 lha Exp $"); +RCSID("$Id: kx509.c 19992 2007-01-20 09:06:18Z lha $"); /* * @@ -140,72 +142,146 @@ build_certificate(krb5_context context, krb5_principal principal, krb5_data *certificate) { - /* XXX write code here to generate certificates */ - FILE *in, *out; - krb5_error_code ret; - const char *program; - char *str, *strkey; - char tstr[64]; - pid_t pid; + hx509_context hxctx = NULL; + hx509_ca_tbs tbs = NULL; + hx509_env env = NULL; + hx509_cert cert = NULL; + hx509_cert signer = NULL; + int ret; + + if (krb5_principal_get_comp_string(context, principal, 1) != NULL) { + kdc_log(context, config, 0, "Principal is not a user"); + return EINVAL; + } - snprintf(tstr, sizeof(tstr), "%lu", (unsigned long)endtime); + ret = hx509_context_init(&hxctx); + if (ret) + goto out; - ret = base64_encode(key->data, key->length, &strkey); - if (ret < 0) { - krb5_set_error_string(context, "failed to base64 encode key"); - return ENOMEM; - } + ret = hx509_env_init(hxctx, &env); + if (ret) + goto out; - program = krb5_config_get_string(context, - NULL, - "kdc", - "kx509_cert_program", - NULL); - if (program == NULL) { - free(strkey); - krb5_set_error_string(context, "no certificate program configured"); - return ENOENT; - } + ret = hx509_env_add(hxctx, env, "principal-name", + krb5_principal_get_comp_string(context, principal, 0)); + if (ret) + goto out; - ret = krb5_unparse_name(context, principal, &str); - if (ret) { - free(strkey); - return ret; + { + hx509_certs certs; + hx509_query *q; + + ret = hx509_certs_init(hxctx, config->kx509_ca, 0, + NULL, &certs); + if (ret) { + kdc_log(context, config, 0, "Failed to load CA %s", + config->kx509_ca); + goto out; + } + ret = hx509_query_alloc(hxctx, &q); + if (ret) { + hx509_certs_free(&certs); + goto out; + } + + hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); + hx509_query_match_option(q, HX509_QUERY_OPTION_KU_KEYCERTSIGN); + + ret = hx509_certs_find(hxctx, certs, q, &signer); + hx509_query_free(hxctx, q); + hx509_certs_free(&certs); + if (ret) { + kdc_log(context, config, 0, "Failed to find a CA in %s", + config->kx509_ca); + goto out; + } } - pid = pipe_execv(&in, &out, NULL, program, str, tstr, NULL); - free(str); - if (pid <= 0) { - free(strkey); - krb5_set_error_string(context, - "Failed to run the cert program %s", - program); - return ret; + ret = hx509_ca_tbs_init(hxctx, &tbs); + if (ret) + goto out; + + { + SubjectPublicKeyInfo spki; + heim_any any; + + memset(&spki, 0, sizeof(spki)); + + spki.subjectPublicKey.data = key->data; + spki.subjectPublicKey.length = key->length * 8; + + ret = der_copy_oid(oid_id_pkcs1_rsaEncryption(), + &spki.algorithm.algorithm); + + any.data = "\x05\x00"; + any.length = 2; + spki.algorithm.parameters = &any; + + ret = hx509_ca_tbs_set_spki(hxctx, tbs, &spki); + der_free_oid(&spki.algorithm.algorithm); + if (ret) + goto out; } - fprintf(in, "%s\n", strkey); - fclose(in); - free(strkey); { - unsigned buf[1024 * 10]; - size_t len; + hx509_certs certs; + hx509_cert template; - len = fread(buf, 1, sizeof(buf), out); - fclose(out); - if(len == 0) { - krb5_set_error_string(context, - "Certificate program returned no data"); - return KRB5KDC_ERR_PREAUTH_FAILED; + ret = hx509_certs_init(hxctx, config->kx509_template, 0, + NULL, &certs); + if (ret) { + kdc_log(context, config, 0, "Failed to load template %s", + config->kx509_template); + goto out; } - ret = krb5_data_copy(certificate, buf, len); + ret = hx509_get_one_cert(hxctx, certs, &template); + hx509_certs_free(&certs); if (ret) { - krb5_set_error_string(context, "Failed To copy certificate"); - return ret; + kdc_log(context, config, 0, "Failed to find template in %s", + config->kx509_template); + goto out; } + ret = hx509_ca_tbs_set_template(hxctx, tbs, + HX509_CA_TEMPLATE_SUBJECT| + HX509_CA_TEMPLATE_KU| + HX509_CA_TEMPLATE_EKU, + template); + hx509_cert_free(template); + if (ret) + goto out; } - kill(pid, SIGKILL); - waitpid(pid, NULL, 0); + + hx509_ca_tbs_set_notAfter(hxctx, tbs, endtime); + + hx509_ca_tbs_subject_expand(hxctx, tbs, env); + hx509_env_free(&env); + + ret = hx509_ca_sign(hxctx, tbs, signer, &cert); + hx509_cert_free(signer); + if (ret) + goto out; + + hx509_ca_tbs_free(&tbs); + + ret = hx509_cert_binary(hxctx, cert, certificate); + hx509_cert_free(cert); + if (ret) + goto out; + + hx509_context_free(&hxctx); + return 0; +out: + if (env) + hx509_env_free(&env); + if (tbs) + hx509_ca_tbs_free(&tbs); + if (signer) + hx509_cert_free(signer); + if (hxctx) + hx509_context_free(&hxctx); + krb5_set_error_string(context, "cert creation failed"); + return ret; } /* @@ -299,6 +375,20 @@ _kdc_do_kx509(krb5_context context, if (ret) goto out; + /* Verify that the key is encoded RSA key */ + { + RSAPublicKey key; + size_t size; + + ret = decode_RSAPublicKey(req->pk_key.data, req->pk_key.length, + &key, &size); + if (ret) + goto out; + free_RSAPublicKey(&key); + if (size != req->pk_key.length) + ; + } + ALLOC(rep.certificate); if (rep.certificate == NULL) goto out; diff --git a/source4/heimdal/kdc/log.c b/source4/heimdal/kdc/log.c index c316b0c5f8..977b1c9476 100644 --- a/source4/heimdal/kdc/log.c +++ b/source4/heimdal/kdc/log.c @@ -32,7 +32,7 @@ */ #include "kdc_locl.h" -RCSID("$Id: log.c,v 1.16 2005/06/30 01:52:48 lha Exp $"); +RCSID("$Id: log.c 15532 2005-06-30 01:54:49Z lha $"); void kdc_openlog(krb5_context context, diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c index b511e1a7a8..ebf2873599 100644 --- a/source4/heimdal/kdc/misc.c +++ b/source4/heimdal/kdc/misc.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: misc.c,v 1.32 2006/08/28 14:41:49 lha Exp $"); +RCSID("$Id: misc.c 17951 2006-08-28 14:41:49Z lha $"); struct timeval _kdc_now; diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index 418a38d030..bf62f879db 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c,v 1.86 2007/01/04 12:54:09 lha Exp $"); +RCSID("$Id: pkinit.c 21039 2007-06-10 06:20:31Z lha $"); #ifdef PKINIT @@ -97,7 +97,7 @@ static struct { static krb5_error_code pk_check_pkauthenticator_win2k(krb5_context context, PKAuthenticator_Win2k *a, - KDC_REQ *req) + const KDC_REQ *req) { krb5_timestamp now; @@ -114,7 +114,7 @@ pk_check_pkauthenticator_win2k(krb5_context context, static krb5_error_code pk_check_pkauthenticator(krb5_context context, PKAuthenticator *a, - KDC_REQ *req) + const KDC_REQ *req) { u_char *buf = NULL; size_t buf_size; @@ -365,8 +365,8 @@ get_dh_param(krb5_context context, krb5_error_code _kdc_pk_rd_padata(krb5_context context, krb5_kdc_configuration *config, - KDC_REQ *req, - PA_DATA *pa, + const KDC_REQ *req, + const PA_DATA *pa, pk_client_params **ret_params) { pk_client_params *client_params; @@ -375,7 +375,6 @@ _kdc_pk_rd_padata(krb5_context context, krb5_data eContent = { 0, NULL }; krb5_data signed_content = { 0, NULL }; const char *type = "unknown type"; - const heim_oid *pa_contentType; int have_data = 0; *ret_params = NULL; @@ -385,6 +384,8 @@ _kdc_pk_rd_padata(krb5_context context, return 0; } + hx509_verify_set_time(kdc_identity->verify_ctx, _kdc_now.tv_sec); + client_params = calloc(1, sizeof(*client_params)); if (client_params == NULL) { krb5_clear_error_string(context); @@ -396,7 +397,6 @@ _kdc_pk_rd_padata(krb5_context context, PA_PK_AS_REQ_Win2k r; type = "PK-INIT-Win2k"; - pa_contentType = oid_id_pkcs7_data(); ret = decode_PA_PK_AS_REQ_Win2k(pa->padata_value.data, pa->padata_value.length, @@ -422,7 +422,6 @@ _kdc_pk_rd_padata(krb5_context context, PA_PK_AS_REQ r; type = "PK-INIT-IETF"; - pa_contentType = oid_id_pkauthdata(); ret = decode_PA_PK_AS_REQ(pa->padata_value.data, pa->padata_value.length, @@ -467,7 +466,7 @@ _kdc_pk_rd_padata(krb5_context context, edi->val[i].issuerAndSerialNumber->length, &iasn, &size); - if (ret || size != 0) { + if (ret) { hx509_query_free(kdc_identity->hx509ctx, q); continue; } @@ -527,6 +526,7 @@ _kdc_pk_rd_padata(krb5_context context, kdc_identity->verify_ctx, signed_content.data, signed_content.length, + NULL, kdc_identity->certpool, &eContentType, &eContent, @@ -547,7 +547,9 @@ _kdc_pk_rd_padata(krb5_context context, } /* Signature is correct, now verify the signed message */ - if (der_heim_oid_cmp(&eContentType, pa_contentType)) { + if (der_heim_oid_cmp(&eContentType, oid_id_pkcs7_data()) != 0 && + der_heim_oid_cmp(&eContentType, oid_id_pkauthdata()) != 0) + { krb5_set_error_string(context, "got wrong oid for pkauthdata"); ret = KRB5_BADMSGTYPE; goto out; @@ -639,6 +641,8 @@ _kdc_pk_rd_padata(krb5_context context, kdc_log(context, config, 0, "PK-INIT request of type %s", type); out: + if (ret) + krb5_warn(context, ret, "PKINIT"); if (signed_content.data) free(signed_content.data); @@ -678,18 +682,41 @@ pk_mk_pa_reply_enckey(krb5_context context, krb5_keyblock *reply_key, ContentInfo *content_info) { + const heim_oid *envelopedAlg = NULL, *sdAlg = NULL; krb5_error_code ret; krb5_data buf, signed_data; size_t size; + int do_win2k = 0; krb5_data_zero(&buf); krb5_data_zero(&signed_data); + /* + * If the message client is a win2k-type but it send pa data + * 09-binding it expects a IETF (checksum) reply so there can be + * no replay attacks. + */ + switch (client_params->type) { case PKINIT_COMPAT_WIN2K: { + int i = 0; + if (_kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_09_BINDING) == NULL) + do_win2k = 1; + break; + } + case PKINIT_COMPAT_27: + break; + default: + krb5_abortx(context, "internal pkinit error"); + } + + if (do_win2k) { ReplyKeyPack_Win2k kp; memset(&kp, 0, sizeof(kp)); + envelopedAlg = oid_id_rsadsi_des_ede3_cbc(); + sdAlg = oid_id_pkcs7_data(); + ret = copy_EncryptionKey(reply_key, &kp.replyKey); if (ret) { krb5_clear_error_string(context); @@ -701,13 +728,13 @@ pk_mk_pa_reply_enckey(krb5_context context, buf.data, buf.length, &kp, &size,ret); free_ReplyKeyPack_Win2k(&kp); - break; - } - case PKINIT_COMPAT_27: { + } else { krb5_crypto ascrypto; ReplyKeyPack kp; memset(&kp, 0, sizeof(kp)); + sdAlg = oid_id_pkrkeydata(); + ret = copy_EncryptionKey(reply_key, &kp.replyKey); if (ret) { krb5_clear_error_string(context); @@ -735,10 +762,6 @@ pk_mk_pa_reply_enckey(krb5_context context, } ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret); free_ReplyKeyPack(&kp); - break; - } - default: - krb5_abortx(context, "internal pkinit error"); } if (ret) { krb5_set_error_string(context, "ASN.1 encoding of ReplyKeyPack " @@ -768,7 +791,8 @@ pk_mk_pa_reply_enckey(krb5_context context, goto out; ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx, - oid_id_pkrkeydata(), + 0, + sdAlg, buf.data, buf.length, NULL, @@ -784,9 +808,21 @@ pk_mk_pa_reply_enckey(krb5_context context, if (ret) goto out; + if (client_params->type == PKINIT_COMPAT_WIN2K) { + ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), + &signed_data, + &buf); + if (ret) + goto out; + krb5_data_free(&signed_data); + signed_data = buf; + } + ret = hx509_cms_envelope_1(kdc_identity->hx509ctx, + 0, client_params->cert, - signed_data.data, signed_data.length, NULL, + signed_data.data, signed_data.length, + envelopedAlg, oid_id_pkcs7_signedData(), &buf); if (ret) goto out; @@ -881,6 +917,7 @@ pk_mk_pa_reply_dh(krb5_context context, goto out; ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx, + 0, oid_id_pkdhkeydata(), buf.data, buf.length, @@ -1125,6 +1162,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, krb5_data_free(&ocsp.data); ocsp.expire = 0; + ocsp.next_update = kdc_time + 60 * 5; fd = open(config->pkinit_kdc_ocsp_file, O_RDONLY); if (fd < 0) { @@ -1168,11 +1206,13 @@ _kdc_pk_mk_pa_reply(krb5_context context, "PK-INIT failed to verify ocsp data %d", ret); krb5_data_free(&ocsp.data); ocsp.expire = 0; - } else if (ocsp.expire > 180) + } else if (ocsp.expire > 180) { ocsp.expire -= 180; /* refetch the ocsp before it expire */ - + ocsp.next_update = ocsp.expire; + } else { + ocsp.next_update = kdc_time; + } out_ocsp: - ocsp.next_update = kdc_time + 3600; ret = 0; } @@ -1199,10 +1239,10 @@ out: } static int -pk_principal_from_X509(krb5_context context, - krb5_kdc_configuration *config, - hx509_cert client_cert, - krb5_const_principal match) +match_rfc_san(krb5_context context, + krb5_kdc_configuration *config, + hx509_cert client_cert, + krb5_const_principal match) { hx509_octet_string_list list; int ret, i, found = 0; @@ -1254,6 +1294,68 @@ out: return 0; } +static int +match_ms_upn_san(krb5_context context, + krb5_kdc_configuration *config, + hx509_cert client_cert, + krb5_const_principal match) +{ + hx509_octet_string_list list; + krb5_principal principal = NULL; + int ret, found = 0; + MS_UPN_SAN upn; + size_t size; + + memset(&list, 0 , sizeof(list)); + + ret = hx509_cert_find_subjectAltName_otherName(client_cert, + oid_id_pkinit_ms_san(), + &list); + if (ret) + goto out; + + if (list.len != 1) { + kdc_log(context, config, 0, + "More then one PK-INIT MS UPN SAN"); + goto out; + } + + ret = decode_MS_UPN_SAN(list.val[0].data, list.val[0].length, &upn, &size); + if (ret) { + kdc_log(context, config, 0, "Decode of MS-UPN-SAN failed"); + goto out; + } + + kdc_log(context, config, 0, "found MS UPN SAN: %s", upn); + + ret = krb5_parse_name(context, upn, &principal); + free_MS_UPN_SAN(&upn); + if (ret) { + kdc_log(context, config, 0, "Failed to parse principal in MS UPN SAN"); + goto out; + } + + /* + * This is very wrong, but will do for now, should really and a + * plugin to the windc layer to very this ACL. + */ + strupr(principal->realm); + + if (krb5_principal_compare(context, principal, match) == TRUE) + found = 1; + +out: + if (principal) + krb5_free_principal(context, principal); + hx509_free_octet_string_list(&list); + if (ret) + return ret; + + if (!found) + return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; + + return 0; +} krb5_error_code _kdc_pk_check_client(krb5_context context, @@ -1283,14 +1385,22 @@ _kdc_pk_check_client(krb5_context context, *subject_name); if (config->enable_pkinit_princ_in_cert) { - ret = pk_principal_from_X509(context, config, - client_params->cert, - client->entry.principal); + ret = match_rfc_san(context, config, + client_params->cert, + client->entry.principal); if (ret == 0) { kdc_log(context, config, 5, "Found matching PK-INIT SAN in certificate"); return 0; } + ret = match_ms_upn_san(context, config, + client_params->cert, + client->entry.principal); + if (ret == 0) { + kdc_log(context, config, 5, + "Found matching MS UPN SAN in certificate"); + return 0; + } } ret = hdb_entry_get_pkinit_acl(&client->entry, &acl); @@ -1330,10 +1440,17 @@ _kdc_pk_check_client(krb5_context context, return 0; } + krb5_set_error_string(context, + "PKINIT no matching principals for %s", + *subject_name); + + kdc_log(context, config, 5, + "PKINIT no matching principals for %s", + *subject_name); + free(*subject_name); *subject_name = NULL; - krb5_set_error_string(context, "PKINIT no matching principals"); return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; } @@ -1396,7 +1513,56 @@ _kdc_add_inital_verified_cas(krb5_context context, return ret; } +/* + * + */ +static void +load_mappings(krb5_context context, const char *fn) +{ + krb5_error_code ret; + char buf[1024]; + unsigned long lineno = 0; + FILE *f; + + f = fopen(fn, "r"); + if (f == NULL) + return; + + while (fgets(buf, sizeof(buf), f) != NULL) { + char *subject_name, *p; + + buf[strcspn(buf, "\n")] = '\0'; + lineno++; + + p = buf + strspn(buf, " \t"); + + if (*p == '#' || *p == '\0') + continue; + + subject_name = strchr(p, ':'); + if (subject_name == NULL) { + krb5_warnx(context, "pkinit mapping file line %lu " + "missing \":\" :%s", + lineno, buf); + continue; + } + *subject_name++ = '\0'; + + ret = add_principal_mapping(context, p, subject_name); + if (ret) { + krb5_warn(context, ret, "failed to add line %lu \":\" :%s\n", + lineno, buf); + continue; + } + } + + fclose(f); +} + +/* + * + */ krb5_error_code _kdc_pk_initialize(krb5_context context, @@ -1408,9 +1574,6 @@ _kdc_pk_initialize(krb5_context context, { const char *file; krb5_error_code ret; - char buf[1024]; - unsigned long lineno = 0; - FILE *f; file = krb5_config_get_string(context, NULL, "libdefaults", "moduli", NULL); @@ -1481,41 +1644,8 @@ _kdc_pk_initialize(krb5_context context, "kdc", "pkinit_mappings_file", NULL); - f = fopen(file, "r"); - if (f == NULL) { - krb5_warnx(context, "PKINIT: failed to load mappings file %s", file); - return 0; - } - - while (fgets(buf, sizeof(buf), f) != NULL) { - char *subject_name, *p; - - buf[strcspn(buf, "\n")] = '\0'; - lineno++; - - p = buf + strspn(buf, " \t"); - - if (*p == '#' || *p == '\0') - continue; - subject_name = strchr(p, ':'); - if (subject_name == NULL) { - krb5_warnx(context, "pkinit mapping file line %lu " - "missing \":\" :%s", - lineno, buf); - continue; - } - *subject_name++ = '\0'; - - ret = add_principal_mapping(context, p, subject_name); - if (ret) { - krb5_warn(context, ret, "failed to add line %lu \":\" :%s\n", - lineno, buf); - continue; - } - } - - fclose(f); + load_mappings(context, file); return 0; } diff --git a/source4/heimdal/kdc/process.c b/source4/heimdal/kdc/process.c index a64efaa05d..1d0a01a215 100644 --- a/source4/heimdal/kdc/process.c +++ b/source4/heimdal/kdc/process.c @@ -34,7 +34,20 @@ #include "kdc_locl.h" -RCSID("$Id: process.c,v 1.7 2006/12/28 21:09:35 lha Exp $"); +RCSID("$Id: process.c 20959 2007-06-07 04:46:06Z lha $"); + +/* + * + */ + +void +krb5_kdc_update_time(struct timeval *tv) +{ + if (tv == NULL) + gettimeofday(&_kdc_now, NULL); + else + _kdc_now = *tv; +} /* * handle the request in `buf, len', from `addr' (or `from' as a string), @@ -59,7 +72,6 @@ krb5_kdc_process_request(krb5_context context, krb5_error_code ret; size_t i; - gettimeofday(&_kdc_now, NULL); if(decode_AS_REQ(buf, len, &req, &i) == 0){ krb5_data req_buffer; @@ -121,7 +133,6 @@ krb5_kdc_process_krb5_request(krb5_context context, krb5_error_code ret; size_t i; - gettimeofday(&_kdc_now, NULL); if(decode_AS_REQ(buf, len, &req, &i) == 0){ krb5_data req_buffer; @@ -139,3 +150,70 @@ krb5_kdc_process_krb5_request(krb5_context context, } return -1; } + +/* + * + */ + +int +krb5_kdc_save_request(krb5_context context, + const char *fn, + const unsigned char *buf, + size_t len, + const krb5_data *reply, + const struct sockaddr *sa) +{ + krb5_storage *sp; + krb5_address a; + int fd, ret; + uint32_t t; + krb5_data d; + + memset(&a, 0, sizeof(a)); + + d.data = rk_UNCONST(buf); + d.length = len; + t = _kdc_now.tv_sec; + + fd = open(fn, O_WRONLY|O_CREAT|O_APPEND, 0600); + if (fd < 0) { + krb5_set_error_string(context, "Failed to open: %s", fn); + return errno; + } + + sp = krb5_storage_from_fd(fd); + close(fd); + if (sp == NULL) { + krb5_set_error_string(context, "Storage failed to open fd"); + return ENOMEM; + } + + ret = krb5_sockaddr2address(context, sa, &a); + if (ret) + goto out; + + krb5_store_uint32(sp, 1); + krb5_store_uint32(sp, t); + krb5_store_address(sp, a); + krb5_store_data(sp, d); + { + Der_class cl; + Der_type ty; + unsigned int tag; + ret = der_get_tag (reply->data, reply->length, + &cl, &ty, &tag, NULL); + if (ret) { + krb5_store_uint32(sp, 0xffffffff); + krb5_store_uint32(sp, 0xffffffff); + } else { + krb5_store_uint32(sp, MAKE_TAG(cl, ty, 0)); + krb5_store_uint32(sp, tag); + } + } + + krb5_free_address(context, &a); +out: + krb5_storage_free(sp); + + return 0; +} diff --git a/source4/heimdal/kdc/rx.h b/source4/heimdal/kdc/rx.h index 370e33732f..18806d79da 100644 --- a/source4/heimdal/kdc/rx.h +++ b/source4/heimdal/kdc/rx.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: rx.h,v 1.5 2006/05/05 10:51:10 lha Exp $ */ +/* $Id: rx.h 17447 2006-05-05 10:52:01Z lha $ */ #ifndef __RX_H__ #define __RX_H__ diff --git a/source4/heimdal/kdc/windc.c b/source4/heimdal/kdc/windc.c index 41e4ad1bbc..395ab73432 100644 --- a/source4/heimdal/kdc/windc.c +++ b/source4/heimdal/kdc/windc.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: windc.c,v 1.3 2007/01/04 11:10:06 lha Exp $"); +RCSID("$Id: windc.c 20559 2007-04-24 16:00:07Z lha $"); static krb5plugin_windc_ftable *windcft; static void *windcctx; @@ -43,7 +43,7 @@ static void *windcctx; */ krb5_error_code -_kdc_windc_init(krb5_context context) +krb5_kdc_windc_init(krb5_context context) { struct krb5_plugin *list = NULL, *e; krb5_error_code ret; @@ -91,10 +91,11 @@ _kdc_pac_verify(krb5_context context, krb5_pac *pac) { if (windcft == NULL) { - krb5_set_error_string(context, "Can't verify WINDC, no function"); + krb5_set_error_string(context, "Can't verify PAC, no function"); return EINVAL; } - return (windcft->pac_verify)(windcctx, context, client_principal, client, server, pac); + return (windcft->pac_verify)(windcctx, context, + client_principal, client, server, pac); } krb5_error_code diff --git a/source4/heimdal/kdc/windc_plugin.h b/source4/heimdal/kdc/windc_plugin.h index a3b7534480..ec480cf950 100644 --- a/source4/heimdal/kdc/windc_plugin.h +++ b/source4/heimdal/kdc/windc_plugin.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: windc_plugin.h,v 1.2 2007/01/04 11:13:51 lha Exp $ */ +/* $Id: windc_plugin.h 19798 2007-01-10 15:24:51Z lha $ */ #ifndef HEIMDAL_KRB5_PAC_PLUGIN_H #define HEIMDAL_KRB5_PAC_PLUGIN_H 1 @@ -58,7 +58,9 @@ typedef krb5_error_code typedef krb5_error_code (*krb5plugin_windc_pac_verify)(void *, krb5_context, const krb5_principal, - struct hdb_entry_ex *, struct hdb_entry_ex *, krb5_pac *); + struct hdb_entry_ex *, + struct hdb_entry_ex *, + krb5_pac *); typedef krb5_error_code (*krb5plugin_windc_client_access)( diff --git a/source4/heimdal/kuser/kinit.c b/source4/heimdal/kuser/kinit.c index 667e0963b0..29a9bdd5c7 100644 --- a/source4/heimdal/kuser/kinit.c +++ b/source4/heimdal/kuser/kinit.c @@ -32,11 +32,9 @@ */ #include "kuser_locl.h" -RCSID("$Id: kinit.c,v 1.141 2006/12/12 16:35:41 lha Exp $"); +RCSID("$Id: kinit.c 20517 2007-04-22 10:42:26Z lha $"); -#ifndef KRB4 #include "krb5-v4compat.h" -#endif struct krb5_pk_identity; struct krb5_pk_cert; @@ -46,6 +44,7 @@ struct krb5_dh_moduli; struct krb5_plugin; enum plugin_type; #include "krb5-private.h" +#include "heimntlm.h" int forwardable_flag = -1; int proxiable_flag = -1; @@ -74,6 +73,8 @@ char *password_file = NULL; char *pk_user_id = NULL; char *pk_x509_anchors = NULL; int pk_use_enckey = 0; +static int canonicalize_flag = 0; +static char *ntlm_domain; static char *krb4_cc_name; @@ -153,18 +154,21 @@ static struct getargs args[] = { { "password-file", 0, arg_string, &password_file, "read the password from a file" }, + { "canonicalize",0, arg_flag, &canonicalize_flag, + "canonicalize client principal" }, #ifdef PKINIT - { "pk-user", 'C', arg_string, &pk_user_id, - "principal's public/private/certificate identifier", - "id" }, - - { "x509-anchors", 'D', arg_string, &pk_x509_anchors, - "directory with CA certificates", "directory" }, + { "pk-user", 'C', arg_string, &pk_user_id, + "principal's public/private/certificate identifier", "id" }, - { "pk-use-enckey", 0, arg_flag, &pk_use_enckey, - "Use RSA encrypted reply (instead of DH)" }, + { "x509-anchors", 'D', arg_string, &pk_x509_anchors, + "directory with CA certificates", "directory" }, + { "pk-use-enckey", 0, arg_flag, &pk_use_enckey, + "Use RSA encrypted reply (instead of DH)" }, #endif + { "ntlm-domain", 0, arg_string, &ntlm_domain, + "NTLM domain", "domain" }, + { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } }; @@ -179,130 +183,6 @@ usage (int ret) exit (ret); } -#ifdef KRB4 -/* for when the KDC tells us it's a v4 one, we try to talk that */ - -static int -key_to_key(const char *user, - char *instance, - const char *realm, - const void *arg, - des_cblock *key) -{ - memcpy(key, arg, sizeof(des_cblock)); - return 0; -} - -static int -do_v4_fallback (krb5_context context, - const krb5_principal principal, - int lifetime, - int use_srvtab, const char *srvtab_str, - const char *passwd) -{ - int ret; - krb_principal princ; - des_cblock key; - krb5_error_code kret; - - if (lifetime == 0) - lifetime = DEFAULT_TKT_LIFE; - else - lifetime = krb_time_to_life (0, lifetime); - - kret = krb5_524_conv_principal (context, principal, - princ.name, - princ.instance, - princ.realm); - if (kret) { - krb5_warn (context, kret, "krb5_524_conv_principal"); - return 1; - } - - if (use_srvtab || srvtab_str) { - if (srvtab_str == NULL) - srvtab_str = KEYFILE; - - ret = read_service_key (princ.name, princ.instance, princ.realm, - 0, srvtab_str, (char *)&key); - if (ret) { - warnx ("read_service_key %s: %s", srvtab_str, - krb_get_err_text (ret)); - return 1; - } - ret = krb_get_in_tkt (princ.name, princ.instance, princ.realm, - KRB_TICKET_GRANTING_TICKET, princ.realm, - lifetime, key_to_key, NULL, key); - } else { - ret = krb_get_pw_in_tkt(princ.name, princ.instance, princ.realm, - KRB_TICKET_GRANTING_TICKET, princ.realm, - lifetime, passwd); - } - memset (key, 0, sizeof(key)); - if (ret) { - warnx ("%s", krb_get_err_text(ret)); - return 1; - } - if (do_afslog && k_hasafs()) { - if ((ret = krb_afslog(NULL, NULL)) != 0 && ret != KDC_PR_UNKNOWN) { - if(ret > 0) - warnx ("%s", krb_get_err_text(ret)); - else - warnx ("failed to store AFS token"); - } - } - return 0; -} - - -/* - * the special version of get_default_principal that takes v4 into account - */ - -static krb5_error_code -kinit_get_default_principal (krb5_context context, - krb5_principal *princ) -{ - krb5_error_code ret; - krb5_ccache id; - krb_principal v4_princ; - int kret; - - ret = krb5_cc_default (context, &id); - if (ret == 0) { - ret = krb5_cc_get_principal (context, id, princ); - krb5_cc_close (context, id); - if (ret == 0) - return 0; - } - - kret = krb_get_tf_fullname (tkt_string(), - v4_princ.name, - v4_princ.instance, - v4_princ.realm); - if (kret == KSUCCESS) { - ret = krb5_425_conv_principal (context, - v4_princ.name, - v4_princ.instance, - v4_princ.realm, - princ); - if (ret == 0) - return 0; - } - return krb5_get_default_principal (context, princ); -} - -#else /* !KRB4 */ - -static krb5_error_code -kinit_get_default_principal (krb5_context context, - krb5_principal *princ) -{ - return krb5_get_default_principal (context, princ); -} - -#endif /* !KRB4 */ - static krb5_error_code get_server(krb5_context context, krb5_principal client, @@ -456,6 +336,39 @@ out: return ret; } +static krb5_error_code +store_ntlmkey(krb5_context context, krb5_ccache id, + const char *domain, krb5_const_principal client, + struct ntlm_buf *buf) +{ + krb5_error_code ret; + krb5_creds cred; + + memset(&cred, 0, sizeof(cred)); + + ret = krb5_make_principal(context, &cred.server, + krb5_principal_get_realm(context, client), + "@ntlm-key", domain, NULL); + if (ret) + goto out; + ret = krb5_copy_principal(context, client, &cred.client); + if (ret) + goto out; + + cred.times.authtime = time(NULL); + cred.times.endtime = time(NULL) + 3600 * 24 * 30; /* XXX */ + cred.session.keytype = ENCTYPE_ARCFOUR_HMAC_MD5; + ret = krb5_data_copy(&cred.session.keyvalue, buf->data, buf->length); + if (ret) + goto out; + + ret = krb5_cc_store_cred(context, id, &cred); + +out: + krb5_free_cred_contents (context, &cred); + return 0; +} + static krb5_error_code get_new_tickets(krb5_context context, krb5_principal principal, @@ -471,7 +384,9 @@ get_new_tickets(krb5_context context, krb5_deltat renew = 0; char *renewstr = NULL; krb5_enctype *enctype = NULL; + struct ntlm_buf ntlmkey; + memset(&ntlmkey, 0, sizeof(ntlmkey)); passwd[0] = '\0'; if (password_file) { @@ -500,8 +415,8 @@ get_new_tickets(krb5_context context, if (ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc"); - krb5_get_init_creds_opt_set_default_flags(context, "kinit", - /* XXX */principal->realm, opt); + krb5_get_init_creds_opt_set_default_flags(context, "kinit", + krb5_principal_get_realm(context, principal), opt); if(forwardable_flag != -1) krb5_get_init_creds_opt_set_forwardable (opt, forwardable_flag); @@ -512,6 +427,8 @@ get_new_tickets(krb5_context context, if (pac_flag != -1) krb5_get_init_creds_opt_set_pac_request(context, opt, pac_flag ? TRUE : FALSE); + if (canonicalize_flag) + krb5_get_init_creds_opt_set_canonicalize(context, opt, TRUE); if (pk_user_id) { ret = krb5_get_init_creds_opt_set_pkinit(context, opt, principal, @@ -629,19 +546,8 @@ get_new_tickets(krb5_context context, opt); } krb5_get_init_creds_opt_free(context, opt); -#ifdef KRB4 - if (ret == KRB5KRB_AP_ERR_V4_REPLY || ret == KRB5_KDC_UNREACH) { - int exit_val; - - exit_val = do_v4_fallback (context, principal, ticket_life, - use_keytab, keytab_str, passwd); - get_v4_tgt = 0; - do_afslog = 0; - memset(passwd, 0, sizeof(passwd)); - if (exit_val == 0 || ret == KRB5KRB_AP_ERR_V4_REPLY) - return exit_val; - } -#endif + if (ntlm_domain && passwd[0]) + heim_ntlm_nt_key(passwd, &ntlmkey); memset(passwd, 0, sizeof(passwd)); switch(ret){ @@ -651,8 +557,12 @@ get_new_tickets(krb5_context context, exit(1); case KRB5KRB_AP_ERR_BAD_INTEGRITY: case KRB5KRB_AP_ERR_MODIFIED: + case KRB5KDC_ERR_PREAUTH_FAILED: krb5_errx(context, 1, "Password incorrect"); break; + case KRB5KRB_AP_ERR_V4_REPLY: + krb5_errx(context, 1, "Looks like a Kerberos 4 reply"); + break; default: krb5_err(context, 1, ret, "krb5_get_init_creds"); } @@ -685,6 +595,9 @@ get_new_tickets(krb5_context context, krb5_free_cred_contents (context, &cred); + if (ntlm_domain && ntlmkey.data) + store_ntlmkey(context, ccache, ntlm_domain, principal, &ntlmkey); + if (enctype) free(enctype); @@ -774,6 +687,7 @@ main (int argc, char **argv) krb5_principal principal; int optidx = 0; krb5_deltat ticket_life = 0; + int parseflags = 0; setprogname (argv[0]); @@ -797,12 +711,15 @@ main (int argc, char **argv) argc -= optidx; argv += optidx; + if (canonicalize_flag) + parseflags |= KRB5_PRINCIPAL_PARSE_ENTERPRISE; + if (argv[0]) { - ret = krb5_parse_name (context, argv[0], &principal); + ret = krb5_parse_name_flags (context, argv[0], parseflags, &principal); if (ret) krb5_err (context, 1, ret, "krb5_parse_name"); } else { - ret = kinit_get_default_principal (context, &principal); + ret = krb5_get_default_principal (context, &principal); if (ret) krb5_err (context, 1, ret, "krb5_get_default_principal"); } diff --git a/source4/heimdal/kuser/kuser_locl.h b/source4/heimdal/kuser/kuser_locl.h index 06403cbe67..36ea01a9a5 100644 --- a/source4/heimdal/kuser/kuser_locl.h +++ b/source4/heimdal/kuser/kuser_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: kuser_locl.h,v 1.13 2003/01/21 14:13:51 nectar Exp $ */ +/* $Id: kuser_locl.h 20458 2007-04-19 20:41:27Z lha $ */ #ifndef __KUSER_LOCL_H__ #define __KUSER_LOCL_H__ @@ -75,9 +75,6 @@ #include #include -#ifdef KRB4 -#include -#endif #if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 #include #endif diff --git a/source4/heimdal/lib/asn1/CMS.asn1 b/source4/heimdal/lib/asn1/CMS.asn1 index ce43c2cd02..685f0b1898 100644 --- a/source4/heimdal/lib/asn1/CMS.asn1 +++ b/source4/heimdal/lib/asn1/CMS.asn1 @@ -1,5 +1,5 @@ -- From RFC 3369 -- --- $Id: CMS.asn1,v 1.5 2006/09/07 12:20:42 lha Exp $ -- +-- $Id: CMS.asn1 18054 2006-09-07 12:20:42Z lha $ -- CMS DEFINITIONS ::= BEGIN diff --git a/source4/heimdal/lib/asn1/asn1-common.h b/source4/heimdal/lib/asn1/asn1-common.h index 5f09cd6794..15c4a09cd0 100644 --- a/source4/heimdal/lib/asn1/asn1-common.h +++ b/source4/heimdal/lib/asn1/asn1-common.h @@ -1,4 +1,4 @@ -/* $Id: asn1-common.h,v 1.7 2006/12/28 17:14:10 lha Exp $ */ +/* $Id: asn1-common.h 19539 2006-12-28 17:15:05Z lha $ */ #include #include diff --git a/source4/heimdal/lib/asn1/asn1_err.et b/source4/heimdal/lib/asn1/asn1_err.et index 938b8eb988..67af1a44fc 100644 --- a/source4/heimdal/lib/asn1/asn1_err.et +++ b/source4/heimdal/lib/asn1/asn1_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: asn1_err.et,v 1.6 2006/10/24 14:11:20 lha Exp $" +id "$Id: asn1_err.et 20010 2007-01-20 21:52:27Z lha $" error_table asn1 prefix ASN1 @@ -18,4 +18,5 @@ error_code BAD_LENGTH, "ASN.1 length doesn't match expected value" error_code BAD_FORMAT, "ASN.1 badly-formatted encoding" error_code PARSE_ERROR, "ASN.1 parse error" error_code EXTRA_DATA, "ASN.1 extra data past end of end structure" +error_code BAD_CHARACTER, "ASN.1 invalid character in string" end diff --git a/source4/heimdal/lib/asn1/asn1_gen.c b/source4/heimdal/lib/asn1/asn1_gen.c index 5dc0ba2e2d..65b382e6da 100644 --- a/source4/heimdal/lib/asn1/asn1_gen.c +++ b/source4/heimdal/lib/asn1/asn1_gen.c @@ -40,7 +40,7 @@ #include #include -RCSID("$Id: asn1_gen.c,v 1.4 2006/01/30 15:06:03 lha Exp $"); +RCSID("$Id: asn1_gen.c 16666 2006-01-30 15:06:03Z lha $"); static int doit(const char *fn) diff --git a/source4/heimdal/lib/asn1/asn1_queue.h b/source4/heimdal/lib/asn1/asn1_queue.h index 2874b35f6a..3659b3859d 100644 --- a/source4/heimdal/lib/asn1/asn1_queue.h +++ b/source4/heimdal/lib/asn1/asn1_queue.h @@ -1,5 +1,5 @@ /* $NetBSD: queue.h,v 1.38 2004/04/18 14:12:05 lukem Exp $ */ -/* $Id: asn1_queue.h,v 1.2 2005/07/12 06:27:15 lha Exp $ */ +/* $Id: asn1_queue.h 15617 2005-07-12 06:27:42Z lha $ */ /* * Copyright (c) 1991, 1993 diff --git a/source4/heimdal/lib/asn1/canthandle.asn1 b/source4/heimdal/lib/asn1/canthandle.asn1 index 057f571bac..edb8375ee3 100644 --- a/source4/heimdal/lib/asn1/canthandle.asn1 +++ b/source4/heimdal/lib/asn1/canthandle.asn1 @@ -1,4 +1,4 @@ --- $Id: canthandle.asn1,v 1.6 2006/01/18 19:12:33 lha Exp $ -- +-- $Id: canthandle.asn1 16593 2006-01-18 19:12:33Z lha $ -- CANTHANDLE DEFINITIONS ::= BEGIN diff --git a/source4/heimdal/lib/asn1/der.c b/source4/heimdal/lib/asn1/der.c index 687b381121..c7b911b8d6 100644 --- a/source4/heimdal/lib/asn1/der.c +++ b/source4/heimdal/lib/asn1/der.c @@ -38,7 +38,7 @@ #include #include -RCSID("$Id: der.c,v 1.2 2005/07/12 06:27:19 lha Exp $"); +RCSID("$Id: der.c 15617 2005-07-12 06:27:42Z lha $"); static const char *class_names[] = { diff --git a/source4/heimdal/lib/asn1/der.h b/source4/heimdal/lib/asn1/der.h index b0170e35fe..13e39320d4 100644 --- a/source4/heimdal/lib/asn1/der.h +++ b/source4/heimdal/lib/asn1/der.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: der.h,v 1.36 2006/10/14 05:16:08 lha Exp $ */ +/* $Id: der.h 18437 2006-10-14 05:16:08Z lha $ */ #ifndef __DER_H__ #define __DER_H__ diff --git a/source4/heimdal/lib/asn1/der_copy.c b/source4/heimdal/lib/asn1/der_copy.c index 15e7b817a0..04c4531ca5 100644 --- a/source4/heimdal/lib/asn1/der_copy.c +++ b/source4/heimdal/lib/asn1/der_copy.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_copy.c,v 1.17 2006/12/28 17:14:17 lha Exp $"); +RCSID("$Id: der_copy.c 19539 2006-12-28 17:15:05Z lha $"); int der_copy_general_string (const heim_general_string *from, diff --git a/source4/heimdal/lib/asn1/der_format.c b/source4/heimdal/lib/asn1/der_format.c index 32cf23cb39..6908bddcc2 100644 --- a/source4/heimdal/lib/asn1/der_format.c +++ b/source4/heimdal/lib/asn1/der_format.c @@ -34,7 +34,7 @@ #include "der_locl.h" #include -RCSID("$Id: der_format.c,v 1.8 2006/11/27 10:32:21 lha Exp $"); +RCSID("$Id: der_format.c 20861 2007-06-03 20:18:29Z lha $"); int der_parse_hex_heim_integer (const char *p, heim_integer *data) @@ -51,7 +51,7 @@ der_parse_hex_heim_integer (const char *p, heim_integer *data) } len = strlen(p); - if (len < 0) { + if (len <= 0) { data->data = NULL; data->length = 0; return EINVAL; @@ -74,7 +74,7 @@ der_parse_hex_heim_integer (const char *p, heim_integer *data) { unsigned char *q = data->data; - while(*q == 0 && len > 0) { + while(len > 0 && *q == 0) { q++; len--; } diff --git a/source4/heimdal/lib/asn1/der_free.c b/source4/heimdal/lib/asn1/der_free.c index 6827486d9f..851cb1d407 100644 --- a/source4/heimdal/lib/asn1/der_free.c +++ b/source4/heimdal/lib/asn1/der_free.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_free.c,v 1.14 2006/12/28 17:14:21 lha Exp $"); +RCSID("$Id: der_free.c 19539 2006-12-28 17:15:05Z lha $"); void der_free_general_string (heim_general_string *str) diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c index a1ed23f10b..3022435b33 100644 --- a/source4/heimdal/lib/asn1/der_get.c +++ b/source4/heimdal/lib/asn1/der_get.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_get.c,v 1.51 2006/12/28 17:14:25 lha Exp $"); +RCSID("$Id: der_get.c 20570 2007-04-27 14:06:27Z lha $"); #include @@ -135,8 +135,21 @@ int der_get_general_string (const unsigned char *p, size_t len, heim_general_string *str, size_t *size) { + const unsigned char *p1; char *s; + p1 = memchr(p, 0, len); + if (p1 != NULL) { + /* + * Allow trailing NULs. We allow this since MIT Kerberos sends + * an strings in the NEED_PREAUTH case that includes a + * trailing NUL. + */ + while (p1 - p < len && *p1 == '\0') + p1++; + if (p1 - p != len) + return ASN1_BAD_CHARACTER; + } if (len > len + 1) return ASN1_BAD_LENGTH; @@ -180,6 +193,8 @@ der_get_bmp_string (const unsigned char *p, size_t len, if (len & 1) return ASN1_BAD_FORMAT; data->length = len / 2; + if (data->length > UINT_MAX/sizeof(data->data[0])) + return ERANGE; data->data = malloc(data->length * sizeof(data->data[0])); if (data->data == NULL && data->length != 0) return ENOMEM; @@ -202,6 +217,8 @@ der_get_universal_string (const unsigned char *p, size_t len, if (len & 3) return ASN1_BAD_FORMAT; data->length = len / 4; + if (data->length > UINT_MAX/sizeof(data->data[0])) + return ERANGE; data->data = malloc(data->length * sizeof(data->data[0])); if (data->data == NULL && data->length != 0) return ENOMEM; @@ -366,7 +383,7 @@ int der_get_oid (const unsigned char *p, size_t len, heim_oid *data, size_t *size) { - int n; + size_t n; size_t oldlen = len; if (len < 1) @@ -375,7 +392,10 @@ der_get_oid (const unsigned char *p, size_t len, if (len > len + 1) return ASN1_BAD_LENGTH; - data->components = malloc((len + 1) * sizeof(*data->components)); + if (len + 1 > UINT_MAX/sizeof(data->components[0])) + return ERANGE; + + data->components = malloc((len + 1) * sizeof(data->components[0])); if (data->components == NULL) return ENOMEM; data->components[0] = (*p) / 40; diff --git a/source4/heimdal/lib/asn1/der_length.c b/source4/heimdal/lib/asn1/der_length.c index 93cabe466c..a7f8f593a2 100644 --- a/source4/heimdal/lib/asn1/der_length.c +++ b/source4/heimdal/lib/asn1/der_length.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_length.c,v 1.20 2006/12/28 17:14:28 lha Exp $"); +RCSID("$Id: der_length.c 19539 2006-12-28 17:15:05Z lha $"); size_t _heim_len_unsigned (unsigned val) diff --git a/source4/heimdal/lib/asn1/der_locl.h b/source4/heimdal/lib/asn1/der_locl.h index 1a87aaaee9..5b97557d74 100644 --- a/source4/heimdal/lib/asn1/der_locl.h +++ b/source4/heimdal/lib/asn1/der_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: der_locl.h,v 1.8 2006/10/19 16:24:02 lha Exp $ */ +/* $Id: der_locl.h 18608 2006-10-19 16:24:02Z lha $ */ #ifndef __DER_LOCL_H__ #define __DER_LOCL_H__ diff --git a/source4/heimdal/lib/asn1/der_put.c b/source4/heimdal/lib/asn1/der_put.c index 9ed8f21906..1fdbfe1305 100644 --- a/source4/heimdal/lib/asn1/der_put.c +++ b/source4/heimdal/lib/asn1/der_put.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_put.c,v 1.34 2006/12/28 17:14:33 lha Exp $"); +RCSID("$Id: der_put.c 19539 2006-12-28 17:15:05Z lha $"); /* * All encoding functions take a pointer `p' to first position in diff --git a/source4/heimdal/lib/asn1/digest.asn1 b/source4/heimdal/lib/asn1/digest.asn1 index 92bfb23234..17341863c6 100644 --- a/source4/heimdal/lib/asn1/digest.asn1 +++ b/source4/heimdal/lib/asn1/digest.asn1 @@ -1,4 +1,4 @@ --- $Id: digest.asn1,v 1.10 2006/12/15 19:13:39 lha Exp $ +-- $Id: digest.asn1 20138 2007-02-02 21:08:24Z lha $ DIGEST DEFINITIONS ::= BEGIN @@ -25,6 +25,7 @@ DigestRequest ::= SEQUENCE { type UTF8String, -- http, sasl-md5, chap, cram-md5 -- digest UTF8String, -- http:md5/md5-sess sasl:clear/int/conf -- username UTF8String, -- username user used + responseData UTF8String, -- client response authid [0] UTF8String OPTIONAL, authentication-user [1] Principal OPTIONAL, -- principal to get key from realm [2] UTF8String OPTIONAL, @@ -48,14 +49,14 @@ DigestError ::= SEQUENCE { } DigestResponse ::= SEQUENCE { - responseData UTF8String, + success BOOLEAN, rsp [0] UTF8String OPTIONAL, tickets [1] SEQUENCE OF OCTET STRING OPTIONAL, channel [2] SEQUENCE { cb-type UTF8String, cb-binding UTF8String } OPTIONAL, - hash-a1 [3] OCTET STRING OPTIONAL + session-key [3] OCTET STRING OPTIONAL } NTLMInit ::= SEQUENCE { diff --git a/source4/heimdal/lib/asn1/extra.c b/source4/heimdal/lib/asn1/extra.c index 4f70f191df..e29a437878 100644 --- a/source4/heimdal/lib/asn1/extra.c +++ b/source4/heimdal/lib/asn1/extra.c @@ -34,7 +34,7 @@ #include "der_locl.h" #include "heim_asn1.h" -RCSID("$Id: extra.c,v 1.6 2006/01/31 09:44:54 lha Exp $"); +RCSID("$Id: extra.c 16672 2006-01-31 09:44:54Z lha $"); int encode_heim_any(unsigned char *p, size_t len, diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c index 3bb9022be8..cc1a3056de 100644 --- a/source4/heimdal/lib/asn1/gen.c +++ b/source4/heimdal/lib/asn1/gen.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c,v 1.70 2006/12/28 17:14:37 lha Exp $"); +RCSID("$Id: gen.c 20670 2007-05-11 00:39:41Z lha $"); FILE *headerfile, *codefile, *logfile; @@ -167,6 +167,7 @@ init_generate (const char *filename, const char *base) " } \\\n" " } while (0)\n\n", headerfile); + fprintf (headerfile, "struct units;\n\n"); fprintf (headerfile, "#endif\n\n"); asprintf(&fn, "%s_files", base); if (fn == NULL) diff --git a/source4/heimdal/lib/asn1/gen_copy.c b/source4/heimdal/lib/asn1/gen_copy.c index 95646d0a3c..abf11859d5 100644 --- a/source4/heimdal/lib/asn1/gen_copy.c +++ b/source4/heimdal/lib/asn1/gen_copy.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_copy.c,v 1.19 2006/12/28 17:14:42 lha Exp $"); +RCSID("$Id: gen_copy.c 19539 2006-12-28 17:15:05Z lha $"); static int used_fail; diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c index 19ddbb46db..7ebef6cdce 100644 --- a/source4/heimdal/lib/asn1/gen_decode.c +++ b/source4/heimdal/lib/asn1/gen_decode.c @@ -34,7 +34,7 @@ #include "gen_locl.h" #include "lex.h" -RCSID("$Id: gen_decode.c,v 1.32 2006/12/29 17:30:32 lha Exp $"); +RCSID("$Id: gen_decode.c 19572 2006-12-29 17:30:32Z lha $"); static void decode_primitive (const char *typename, const char *name, const char *forwstr) diff --git a/source4/heimdal/lib/asn1/gen_encode.c b/source4/heimdal/lib/asn1/gen_encode.c index bc2aff86e5..b5337b1c43 100644 --- a/source4/heimdal/lib/asn1/gen_encode.c +++ b/source4/heimdal/lib/asn1/gen_encode.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_encode.c,v 1.22 2006/12/29 17:30:03 lha Exp $"); +RCSID("$Id: gen_encode.c 19572 2006-12-29 17:30:32Z lha $"); static void encode_primitive (const char *typename, const char *name) diff --git a/source4/heimdal/lib/asn1/gen_free.c b/source4/heimdal/lib/asn1/gen_free.c index 26e02e39dd..d667c5d31a 100644 --- a/source4/heimdal/lib/asn1/gen_free.c +++ b/source4/heimdal/lib/asn1/gen_free.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_free.c,v 1.17 2006/12/28 17:14:54 lha Exp $"); +RCSID("$Id: gen_free.c 19539 2006-12-28 17:15:05Z lha $"); static void free_primitive (const char *typename, const char *name) diff --git a/source4/heimdal/lib/asn1/gen_glue.c b/source4/heimdal/lib/asn1/gen_glue.c index 2f3e283ad6..8d8bd152a3 100644 --- a/source4/heimdal/lib/asn1/gen_glue.c +++ b/source4/heimdal/lib/asn1/gen_glue.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_glue.c,v 1.9 2005/07/12 06:27:29 lha Exp $"); +RCSID("$Id: gen_glue.c 15617 2005-07-12 06:27:42Z lha $"); static void generate_2int (const Type *t, const char *gen_name) diff --git a/source4/heimdal/lib/asn1/gen_length.c b/source4/heimdal/lib/asn1/gen_length.c index 7f9dc7257b..a1f7cc6644 100644 --- a/source4/heimdal/lib/asn1/gen_length.c +++ b/source4/heimdal/lib/asn1/gen_length.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_length.c,v 1.22 2006/12/28 17:14:57 lha Exp $"); +RCSID("$Id: gen_length.c 19539 2006-12-28 17:15:05Z lha $"); static void length_primitive (const char *typename, diff --git a/source4/heimdal/lib/asn1/gen_locl.h b/source4/heimdal/lib/asn1/gen_locl.h index c9ea714c5f..8cd4dbad5a 100644 --- a/source4/heimdal/lib/asn1/gen_locl.h +++ b/source4/heimdal/lib/asn1/gen_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gen_locl.h,v 1.14 2006/09/05 12:29:18 lha Exp $ */ +/* $Id: gen_locl.h 18008 2006-09-05 12:29:18Z lha $ */ #ifndef __GEN_LOCL_H__ #define __GEN_LOCL_H__ diff --git a/source4/heimdal/lib/asn1/gen_seq.c b/source4/heimdal/lib/asn1/gen_seq.c index fa3813fd61..54776752c2 100644 --- a/source4/heimdal/lib/asn1/gen_seq.c +++ b/source4/heimdal/lib/asn1/gen_seq.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_seq.c,v 1.4 2006/10/04 10:18:10 lha Exp $"); +RCSID("$Id: gen_seq.c 20561 2007-04-24 16:14:30Z lha $"); void generate_type_seq (const Symbol *s) @@ -111,7 +111,7 @@ generate_type_seq (const Symbol *s) "\t\tsizeof(data->val[0]) * data->len);\n" /* resize but don't care about failures since it doesn't matter */ "ptr = realloc(data->val, data->len * sizeof(data->val[0]));\n" - "if (ptr) data->val = ptr;\n" + "if (ptr != NULL || data->len == 0) data->val = ptr;\n" "return 0;\n", subname); diff --git a/source4/heimdal/lib/asn1/hash.c b/source4/heimdal/lib/asn1/hash.c index f03d6b856b..eeb6b6d63d 100644 --- a/source4/heimdal/lib/asn1/hash.c +++ b/source4/heimdal/lib/asn1/hash.c @@ -37,7 +37,7 @@ #include "gen_locl.h" -RCSID("$Id: hash.c,v 1.11 2006/04/07 22:16:00 lha Exp $"); +RCSID("$Id: hash.c 17016 2006-04-07 22:16:00Z lha $"); static Hashentry *_search(Hashtab * htab, /* The hash table */ void *ptr); /* And key */ diff --git a/source4/heimdal/lib/asn1/hash.h b/source4/heimdal/lib/asn1/hash.h index b54e10234a..10d8ce99b0 100644 --- a/source4/heimdal/lib/asn1/hash.h +++ b/source4/heimdal/lib/asn1/hash.h @@ -35,7 +35,7 @@ * hash.h. Header file for hash table functions */ -/* $Id: hash.h,v 1.3 1999/12/02 17:05:02 joda Exp $ */ +/* $Id: hash.h 7464 1999-12-02 17:05:13Z joda $ */ struct hashentry { /* Entry in bucket */ struct hashentry **prev; diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1 index a86df38a99..0c7021f87f 100644 --- a/source4/heimdal/lib/asn1/k5.asn1 +++ b/source4/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1,v 1.51 2006/11/21 05:17:47 lha Exp $ +-- $Id: k5.asn1 21004 2007-06-08 01:53:10Z lha $ KERBEROS5 DEFINITIONS ::= BEGIN @@ -59,6 +59,7 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-PA-PK-OCSP-RESPONSE(18), KRB5-PADATA-ETYPE-INFO2(19), KRB5-PADATA-USE-SPECIFIED-KVNO(20), + KRB5-PADATA-SVR-REFERRAL-INFO(20), --- old ms referral number KRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp) KRB5-PADATA-GET-FROM-TYPED-DATA(22), KRB5-PADATA-SAM-ETYPE-INFO(23), @@ -71,10 +72,11 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER KRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com KRB5-PADATA-S4U2SELF(129), - KRB5-PADATA-PK-AS-09-BINDING(132) -- client send this to + KRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to -- tell KDC that is supports -- the asCheckSum in the -- PK-AS-REP + KRB5-PADATA-CLIENT-CANONICALIZED(133) -- } AUTHDATA-TYPE ::= INTEGER { @@ -229,6 +231,7 @@ KDCOptions ::= BIT STRING { unused11(11), request-anonymous(14), canonicalize(15), + constrained-delegation(16), -- ms extension disable-transited-check(26), renewable-ok(27), enc-tkt-in-skey(28), @@ -409,7 +412,8 @@ EncKDCRepPart ::= SEQUENCE { renew-till[8] KerberosTime OPTIONAL, srealm[9] Realm, sname[10] PrincipalName, - caddr[11] HostAddresses OPTIONAL + caddr[11] HostAddresses OPTIONAL, + encrypted-pa-data[12] METHOD-DATA OPTIONAL } EncASRepPart ::= [APPLICATION 25] EncKDCRepPart @@ -624,6 +628,27 @@ KRB5SignedPath ::= SEQUENCE { delegated[2] KRB5SignedPathPrincipals OPTIONAL } +PA-ClientCanonicalizedNames ::= SEQUENCE{ + requested-name [0] PrincipalName, + real-name [1] PrincipalName +} + +PA-ClientCanonicalized ::= SEQUENCE { + names [0] PA-ClientCanonicalizedNames, + canon-checksum [1] Checksum +} + +AD-LoginAlias ::= SEQUENCE { -- ad-type number TBD -- + login-alias [0] PrincipalName, + checksum [1] Checksum +} + +-- old ms referral +PA-SvrReferralData ::= SEQUENCE { + referred-name [1] PrincipalName OPTIONAL, + referred-realm [0] Realm +} + END -- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1 diff --git a/source4/heimdal/lib/asn1/kx509.asn1 b/source4/heimdal/lib/asn1/kx509.asn1 index 9706b061c3..fc6a696dab 100644 --- a/source4/heimdal/lib/asn1/kx509.asn1 +++ b/source4/heimdal/lib/asn1/kx509.asn1 @@ -1,4 +1,4 @@ --- $Id: kx509.asn1,v 1.1 2006/12/28 21:05:23 lha Exp $ +-- $Id: kx509.asn1 19546 2006-12-28 21:05:23Z lha $ KX509 DEFINITIONS ::= BEGIN diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index 10b4d65a7e..d628e4696f 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -1,31 +1,92 @@ -/* A lexical scanner generated by flex*/ -/* Scanner skeleton version: - * $Header: /home/daffy/u0/vern/flex/RCS/flex.skl,v 2.91 96/09/10 16:58:48 vern Exp $ - */ +#line 3 "lex.c" + +#define YY_INT_ALIGNED short int + +/* A lexical scanner generated by flex */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 +#define YY_FLEX_SUBMINOR_VERSION 33 +#if YY_FLEX_SUBMINOR_VERSION > 0 +#define FLEX_BETA +#endif +/* First, we deal with platform-specific or compiler-specific issues. */ + +/* begin standard C headers. */ #include -#include +#include +#include +#include +/* end standard C headers. */ -/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ -#ifdef c_plusplus -#ifndef __cplusplus -#define __cplusplus -#endif +/* flex integer type definitions */ + +#ifndef FLEXINT_H +#define FLEXINT_H + +/* C99 systems have . Non-C99 systems may or may not. */ + +#if __STDC_VERSION__ >= 199901L + +/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, + * if you want the limit (max/min) macros for int types. + */ +#ifndef __STDC_LIMIT_MACROS +#define __STDC_LIMIT_MACROS 1 #endif +#include +typedef int8_t flex_int8_t; +typedef uint8_t flex_uint8_t; +typedef int16_t flex_int16_t; +typedef uint16_t flex_uint16_t; +typedef int32_t flex_int32_t; +typedef uint32_t flex_uint32_t; +#else +typedef signed char flex_int8_t; +typedef short int flex_int16_t; +typedef int flex_int32_t; +typedef unsigned char flex_uint8_t; +typedef unsigned short int flex_uint16_t; +typedef unsigned int flex_uint32_t; +#endif /* ! C99 */ -#ifdef __cplusplus +/* Limits of integral types. */ +#ifndef INT8_MIN +#define INT8_MIN (-128) +#endif +#ifndef INT16_MIN +#define INT16_MIN (-32767-1) +#endif +#ifndef INT32_MIN +#define INT32_MIN (-2147483647-1) +#endif +#ifndef INT8_MAX +#define INT8_MAX (127) +#endif +#ifndef INT16_MAX +#define INT16_MAX (32767) +#endif +#ifndef INT32_MAX +#define INT32_MAX (2147483647) +#endif +#ifndef UINT8_MAX +#define UINT8_MAX (255U) +#endif +#ifndef UINT16_MAX +#define UINT16_MAX (65535U) +#endif +#ifndef UINT32_MAX +#define UINT32_MAX (4294967295U) +#endif -#include +#endif /* ! FLEXINT_H */ -/* Use prototypes in function declarations. */ -#define YY_USE_PROTOS +#ifdef __cplusplus /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST @@ -34,34 +95,17 @@ #if __STDC__ -#define YY_USE_PROTOS #define YY_USE_CONST #endif /* __STDC__ */ #endif /* ! __cplusplus */ -#ifdef __TURBOC__ - #pragma warn -rch - #pragma warn -use -#include -#include -#define YY_USE_CONST -#define YY_USE_PROTOS -#endif - #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif - -#ifdef YY_USE_PROTOS -#define YY_PROTO(proto) proto -#else -#define YY_PROTO(proto) () -#endif - /* Returned upon end-of-file. */ #define YY_NULL 0 @@ -76,80 +120,75 @@ * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ -#define BEGIN yy_start = 1 + 2 * +#define BEGIN (yy_start) = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ -#define YY_START ((yy_start - 1) / 2) +#define YY_START (((yy_start) - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart( yyin ) +#define YY_NEW_FILE yyrestart(yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ +#ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 +#endif +/* The state buf must be large enough to hold one state per character in the main buffer. + */ +#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) + +#ifndef YY_TYPEDEF_YY_BUFFER_STATE +#define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; +#endif extern int yyleng; + extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 -/* The funky do-while in the following #define is used to turn the definition - * int a single C statement (which needs a semi-colon terminator). This - * avoids problems with code like: - * - * if ( condition_holds ) - * yyless( 5 ); - * else - * do_something_else(); - * - * Prior to using the do-while the compiler would get upset at the - * "else" because it interpreted the "if" statement as being all - * done when it reached the ';' after the yyless() call. - */ - -/* Return all but the first 'n' matched characters back to the input stream. */ - + #define YY_LESS_LINENO(n) + +/* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ - *yy_cp = yy_hold_char; \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + *yy_cp = (yy_hold_char); \ YY_RESTORE_YY_MORE_OFFSET \ - yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ + (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) -#define unput(c) yyunput( c, yytext_ptr ) - -/* Some routines like yy_flex_realloc() are emitted as static but are - not called by all lexers. This generates warnings in some compilers, - notably GCC. Arrange to suppress these. */ -#ifdef __GNUC__ -#define YY_MAY_BE_UNUSED __attribute__((unused)) -#else -#define YY_MAY_BE_UNUSED -#endif +#define unput(c) yyunput( c, (yytext_ptr) ) /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). */ -typedef unsigned int yy_size_t; +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef unsigned int yy_size_t; +#endif +#ifndef YY_STRUCT_YY_BUFFER_STATE +#define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state { FILE *yy_input_file; @@ -186,12 +225,16 @@ struct yy_buffer_state */ int yy_at_bol; + int yy_bs_lineno; /**< The line count. */ + int yy_bs_column; /**< The column count. */ + /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; + #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process @@ -205,28 +248,38 @@ struct yy_buffer_state * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 + }; +#endif /* !YY_STRUCT_YY_BUFFER_STATE */ -static YY_BUFFER_STATE yy_current_buffer = 0; +/* Stack of input buffers. */ +static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ +static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ +static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". + * + * Returns the top of the stack, or NULL. */ -#define YY_CURRENT_BUFFER yy_current_buffer +#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ + ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ + : NULL) +/* Same as previous macro, but useful when we know that the buffer stack is not + * NULL or when we need an lvalue. For internal use only. + */ +#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; - static int yy_n_chars; /* number of characters read into yy_ch_buf */ - - int yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; -static int yy_init = 1; /* whether we need to initialize */ +static int yy_init = 0; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ /* Flag which is used to allow yywrap()'s to do buffer switches @@ -234,66 +287,92 @@ static int yy_start = 0; /* start state number */ */ static int yy_did_buffer_switch_on_eof; -void yyrestart YY_PROTO(( FILE *input_file )); +void yyrestart (FILE *input_file ); +void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); +YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); +void yy_delete_buffer (YY_BUFFER_STATE b ); +void yy_flush_buffer (YY_BUFFER_STATE b ); +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); +void yypop_buffer_state (void ); + +static void yyensure_buffer_stack (void ); +static void yy_load_buffer_state (void ); +static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); -void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); -void yy_load_buffer_state YY_PROTO(( void )); -YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); -void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); -void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); -void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); -#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) +#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) -YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); -YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); -YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); +YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); +YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); +YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); -static void *yy_flex_alloc YY_PROTO(( yy_size_t )); -static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )) YY_MAY_BE_UNUSED; -static void yy_flex_free YY_PROTO(( void * )); +void *yyalloc (yy_size_t ); +void *yyrealloc (void *,yy_size_t ); +void yyfree (void * ); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_is_interactive = is_interactive; \ + if ( ! YY_CURRENT_BUFFER ){ \ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_at_bol = at_bol; \ + if ( ! YY_CURRENT_BUFFER ){\ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ } -#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) +#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) + +/* Begin user sect3 */ typedef unsigned char YY_CHAR; + FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; + typedef int yy_state_type; + +extern int yylineno; + +int yylineno = 1; + extern char *yytext; #define yytext_ptr yytext -static yy_state_type yy_get_previous_state YY_PROTO(( void )); -static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); -static int yy_get_next_buffer YY_PROTO(( void )); -static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); +static yy_state_type yy_get_previous_state (void ); +static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); +static int yy_get_next_buffer (void ); +static void yy_fatal_error (yyconst char msg[] ); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ - yytext_ptr = yy_bp; \ - yyleng = (int) (yy_cp - yy_bp); \ - yy_hold_char = *yy_cp; \ + (yytext_ptr) = yy_bp; \ + yyleng = (size_t) (yy_cp - yy_bp); \ + (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ - yy_c_buf_p = yy_cp; + (yy_c_buf_p) = yy_cp; #define YY_NUM_RULES 95 #define YY_END_OF_BUFFER 96 -static yyconst short int yy_accept[568] = +/* This struct is not used in this scanner, + but its presence is necessary. */ +struct yy_trans_info + { + flex_int32_t yy_verify; + flex_int32_t yy_nxt; + }; +static yyconst flex_int16_t yy_accept[568] = { 0, 0, 0, 96, 94, 90, 91, 87, 81, 81, 94, 94, 88, 88, 94, 89, 89, 89, 89, 89, 89, @@ -359,7 +438,7 @@ static yyconst short int yy_accept[568] = 32, 89, 59, 70, 77, 53, 0 } ; -static yyconst int yy_ec[256] = +static yyconst flex_int32_t yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -391,7 +470,7 @@ static yyconst int yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst int yy_meta[70] = +static yyconst flex_int32_t yy_meta[70] = { 0, 1, 1, 1, 1, 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, 3, 3, 1, 1, 3, 3, @@ -402,7 +481,7 @@ static yyconst int yy_meta[70] = 2, 2, 2, 2, 2, 2, 2, 2, 2 } ; -static yyconst short int yy_base[570] = +static yyconst flex_int16_t yy_base[570] = { 0, 0, 0, 636, 637, 637, 637, 637, 637, 63, 627, 628, 70, 77, 616, 74, 72, 76, 609, 65, 81, @@ -468,7 +547,7 @@ static yyconst short int yy_base[570] = 0, 101, 0, 0, 0, 0, 637, 223, 69 } ; -static yyconst short int yy_def[570] = +static yyconst flex_int16_t yy_def[570] = { 0, 567, 1, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 567, 568, 568, 568, 568, 568, 568, @@ -534,7 +613,7 @@ static yyconst short int yy_def[570] = 568, 568, 568, 568, 568, 568, 0, 567, 567 } ; -static yyconst short int yy_nxt[707] = +static yyconst flex_int16_t yy_nxt[707] = { 0, 4, 5, 6, 7, 8, 4, 9, 10, 11, 12, 13, 13, 13, 13, 13, 13, 14, 4, 15, 16, @@ -616,7 +695,7 @@ static yyconst short int yy_nxt[707] = 567, 567, 567, 567, 567, 567 } ; -static yyconst short int yy_chk[707] = +static yyconst flex_int16_t yy_chk[707] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -701,6 +780,9 @@ static yyconst short int yy_chk[707] = static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; +extern int yy_flex_debug; +int yy_flex_debug = 0; + /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ @@ -710,7 +792,6 @@ static char *yy_last_accepting_cpos; #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "lex.l" -#define INITIAL 0 #line 2 "lex.l" /* * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan @@ -745,7 +826,7 @@ char *yytext; * SUCH DAMAGE. */ -/* $Id: lex.l,v 1.31 2006/10/21 11:57:22 lha Exp $ */ +/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */ #ifdef HAVE_CONFIG_H #include @@ -770,7 +851,23 @@ static unsigned lineno = 1; static void unterminated(const char *, unsigned); /* This is for broken old lexes (solaris 10 and hpux) */ -#line 774 "lex.c" +#line 855 "lex.c" + +#define INITIAL 0 + +#ifndef YY_NO_UNISTD_H +/* Special case for "unistd.h", since it is non-ANSI. We include it way + * down here because we want the user's section 1 to have been scanned first. + * The user has a chance to override it with an option. + */ +#include +#endif + +#ifndef YY_EXTRA_TYPE +#define YY_EXTRA_TYPE void * +#endif + +static int yy_init_globals (void ); /* Macros after this point can all be overridden by user definitions in * section 1. @@ -778,65 +875,30 @@ static void unterminated(const char *, unsigned); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int yywrap YY_PROTO(( void )); +extern "C" int yywrap (void ); #else -extern int yywrap YY_PROTO(( void )); +extern int yywrap (void ); #endif #endif -#ifndef YY_NO_UNPUT -static void yyunput YY_PROTO(( int c, char *buf_ptr )); -#endif - + static void yyunput (int c,char *buf_ptr ); + #ifndef yytext_ptr -static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); +static void yy_flex_strncpy (char *,yyconst char *,int ); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen YY_PROTO(( yyconst char * )); +static int yy_flex_strlen (yyconst char * ); #endif #ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput YY_PROTO(( void )); -#else -static int input YY_PROTO(( void )); -#endif -#endif - -#if YY_STACK_USED -static int yy_start_stack_ptr = 0; -static int yy_start_stack_depth = 0; -static int *yy_start_stack = 0; -#ifndef YY_NO_PUSH_STATE -static void yy_push_state YY_PROTO(( int new_state )); -#endif -#ifndef YY_NO_POP_STATE -static void yy_pop_state YY_PROTO(( void )); -#endif -#ifndef YY_NO_TOP_STATE -static int yy_top_state YY_PROTO(( void )); -#endif +#ifdef __cplusplus +static int yyinput (void ); #else -#define YY_NO_PUSH_STATE 1 -#define YY_NO_POP_STATE 1 -#define YY_NO_TOP_STATE 1 +static int input (void ); #endif -#ifdef YY_MALLOC_DECL -YY_MALLOC_DECL -#else -#if __STDC__ -#ifndef __cplusplus -#include -#endif -#else -/* Just try to get by without declaring the routines. This will fail - * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) - * or sizeof(void*) != sizeof(int). - */ -#endif #endif /* Amount of stuff to slurp up with each read. */ @@ -845,7 +907,6 @@ YY_MALLOC_DECL #endif /* Copy whatever the last rule matched to the standard output. */ - #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). @@ -858,9 +919,10 @@ YY_MALLOC_DECL */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) \ + if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ - int c = '*', n; \ + int c = '*'; \ + size_t n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -870,9 +932,22 @@ YY_MALLOC_DECL YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ - else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ - && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); + else \ + { \ + errno=0; \ + while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ + { \ + if( errno != EINTR) \ + { \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + break; \ + } \ + errno=0; \ + clearerr(yyin); \ + } \ + }\ +\ + #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - @@ -893,12 +968,18 @@ YY_MALLOC_DECL #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif +/* end tables serialization structures and prototypes */ + /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL -#define YY_DECL int yylex YY_PROTO(( void )) -#endif +#define YY_DECL_IS_OURS 1 + +extern int yylex (void); + +#define YY_DECL int yylex (void) +#endif /* !YY_DECL */ /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. @@ -915,26 +996,28 @@ YY_MALLOC_DECL #define YY_RULE_SETUP \ YY_USER_ACTION +/** The main scanner function which does all the work. + */ YY_DECL - { +{ register yy_state_type yy_current_state; - register char *yy_cp = NULL, *yy_bp = NULL; + register char *yy_cp, *yy_bp; register int yy_act; - + #line 68 "lex.l" -#line 927 "lex.c" +#line 1010 "lex.c" - if ( yy_init ) + if ( !(yy_init) ) { - yy_init = 0; + (yy_init) = 1; #ifdef YY_USER_INIT YY_USER_INIT; #endif - if ( ! yy_start ) - yy_start = 1; /* first start state */ + if ( ! (yy_start) ) + (yy_start) = 1; /* first start state */ if ( ! yyin ) yyin = stdin; @@ -942,34 +1025,36 @@ YY_DECL if ( ! yyout ) yyout = stdout; - if ( ! yy_current_buffer ) - yy_current_buffer = - yy_create_buffer( yyin, YY_BUF_SIZE ); + if ( ! YY_CURRENT_BUFFER ) { + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } - yy_load_buffer_state(); + yy_load_buffer_state( ); } while ( 1 ) /* loops until end-of-file is reached */ { - yy_cp = yy_c_buf_p; + yy_cp = (yy_c_buf_p); /* Support of yytext. */ - *yy_cp = yy_hold_char; + *yy_cp = (yy_hold_char); /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; - yy_current_state = yy_start; + yy_current_state = (yy_start); yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -986,24 +1071,22 @@ yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; - do_action: /* This label is used only to access EOF actions. */ - switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = yy_hold_char; - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; + *yy_cp = (yy_hold_char); + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); goto yy_find_action; case 1: @@ -1567,6 +1650,7 @@ YY_RULE_SETUP ; YY_BREAK case 91: +/* rule 91 can match eol */ YY_RULE_SETUP #line 270 "lex.l" { ++lineno; } @@ -1591,33 +1675,33 @@ YY_RULE_SETUP #line 274 "lex.l" ECHO; YY_BREAK -#line 1595 "lex.c" +#line 1679 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; + int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = yy_hold_char; + *yy_cp = (yy_hold_char); YY_RESTORE_YY_MORE_OFFSET - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure - * consistency between yy_current_buffer and our + * consistency between YY_CURRENT_BUFFER and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ - yy_n_chars = yy_current_buffer->yy_n_chars; - yy_current_buffer->yy_input_file = yyin; - yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position @@ -1627,13 +1711,13 @@ case YY_STATE_EOF(INITIAL): * end-of-buffer state). Contrast this with the test * in input(). */ - if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) { /* This was really a NUL. */ yy_state_type yy_next_state; - yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; + (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); /* Okay, we're now positioned to make the NUL * transition. We couldn't have @@ -1646,30 +1730,30 @@ case YY_STATE_EOF(INITIAL): yy_next_state = yy_try_NUL_trans( yy_current_state ); - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_bp = (yytext_ptr) + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ - yy_cp = ++yy_c_buf_p; + yy_cp = ++(yy_c_buf_p); yy_current_state = yy_next_state; goto yy_match; } else { - yy_cp = yy_c_buf_p; + yy_cp = (yy_c_buf_p); goto yy_find_action; } } - else switch ( yy_get_next_buffer() ) + else switch ( yy_get_next_buffer( ) ) { case EOB_ACT_END_OF_FILE: { - yy_did_buffer_switch_on_eof = 0; + (yy_did_buffer_switch_on_eof) = 0; - if ( yywrap() ) + if ( yywrap( ) ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -1680,7 +1764,7 @@ case YY_STATE_EOF(INITIAL): * YY_NULL, it'll still work - another * YY_NULL will get returned. */ - yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; + (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; @@ -1688,30 +1772,30 @@ case YY_STATE_EOF(INITIAL): else { - if ( ! yy_did_buffer_switch_on_eof ) + if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = - yytext_ptr + yy_amount_of_matched_text; + (yy_c_buf_p) = + (yytext_ptr) + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: - yy_c_buf_p = - &yy_current_buffer->yy_ch_buf[yy_n_chars]; + (yy_c_buf_p) = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_find_action; } break; @@ -1722,8 +1806,7 @@ case YY_STATE_EOF(INITIAL): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ - } /* end of yylex */ - +} /* end of yylex */ /* yy_get_next_buffer - try to read in a new buffer * @@ -1732,21 +1815,20 @@ case YY_STATE_EOF(INITIAL): * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ - -static int yy_get_next_buffer() - { - register char *dest = yy_current_buffer->yy_ch_buf; - register char *source = yytext_ptr; +static int yy_get_next_buffer (void) +{ + register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + register char *source = (yytext_ptr); register int number_to_move, i; int ret_val; - if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) + if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); - if ( yy_current_buffer->yy_fill_buffer == 0 ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ - if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) + if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. @@ -1766,34 +1848,30 @@ static int yy_get_next_buffer() /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; + number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ - yy_current_buffer->yy_n_chars = yy_n_chars = 0; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; else { - int num_to_read = - yy_current_buffer->yy_buf_size - number_to_move - 1; + int num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ -#ifdef YY_USES_REJECT - YY_FATAL_ERROR( -"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); -#else /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = yy_current_buffer; + YY_BUFFER_STATE b = YY_CURRENT_BUFFER; int yy_c_buf_p_offset = - (int) (yy_c_buf_p - b->yy_ch_buf); + (int) ((yy_c_buf_p) - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { @@ -1806,8 +1884,7 @@ static int yy_get_next_buffer() b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - yy_flex_realloc( (void *) b->yy_ch_buf, - b->yy_buf_size + 2 ); + yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ @@ -1817,35 +1894,35 @@ static int yy_get_next_buffer() YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); - yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; + (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; - num_to_read = yy_current_buffer->yy_buf_size - + num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; -#endif + } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ - YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), - yy_n_chars, num_to_read ); + YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), + (yy_n_chars), num_to_read ); - yy_current_buffer->yy_n_chars = yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } - if ( yy_n_chars == 0 ) + if ( (yy_n_chars) == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - yyrestart( yyin ); + yyrestart(yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; - yy_current_buffer->yy_buffer_status = + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } @@ -1853,32 +1930,31 @@ static int yy_get_next_buffer() else ret_val = EOB_ACT_CONTINUE_SCAN; - yy_n_chars += number_to_move; - yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; - yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; + (yy_n_chars) += number_to_move; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; - yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; + (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; return ret_val; - } - +} /* yy_get_previous_state - get the state just before the EOB char was reached */ -static yy_state_type yy_get_previous_state() - { + static yy_state_type yy_get_previous_state (void) +{ register yy_state_type yy_current_state; register char *yy_cp; + + yy_current_state = (yy_start); - yy_current_state = yy_start; - - for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) + for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1890,30 +1966,23 @@ static yy_state_type yy_get_previous_state() } return yy_current_state; - } - +} /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ - -#ifdef YY_USE_PROTOS -static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) -#else -static yy_state_type yy_try_NUL_trans( yy_current_state ) -yy_state_type yy_current_state; -#endif - { + static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) +{ register int yy_is_jam; - register char *yy_cp = yy_c_buf_p; + register char *yy_cp = (yy_c_buf_p); register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -1925,81 +1994,73 @@ yy_state_type yy_current_state; yy_is_jam = (yy_current_state == 567); return yy_is_jam ? 0 : yy_current_state; - } - +} -#ifndef YY_NO_UNPUT -#ifdef YY_USE_PROTOS -static void yyunput( int c, register char *yy_bp ) -#else -static void yyunput( c, yy_bp ) -int c; -register char *yy_bp; -#endif - { - register char *yy_cp = yy_c_buf_p; + static void yyunput (int c, register char * yy_bp ) +{ + register char *yy_cp; + + yy_cp = (yy_c_buf_p); /* undo effects of setting up yytext */ - *yy_cp = yy_hold_char; + *yy_cp = (yy_hold_char); - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = yy_n_chars + 2; - register char *dest = &yy_current_buffer->yy_ch_buf[ - yy_current_buffer->yy_buf_size + 2]; + register int number_to_move = (yy_n_chars) + 2; + register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; register char *source = - &yy_current_buffer->yy_ch_buf[number_to_move]; + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; - while ( source > yy_current_buffer->yy_ch_buf ) + while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); - yy_current_buffer->yy_n_chars = - yy_n_chars = yy_current_buffer->yy_buf_size; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; - - yytext_ptr = yy_bp; - yy_hold_char = *yy_cp; - yy_c_buf_p = yy_cp; - } -#endif /* ifndef YY_NO_UNPUT */ - + (yytext_ptr) = yy_bp; + (yy_hold_char) = *yy_cp; + (yy_c_buf_p) = yy_cp; +} #ifndef YY_NO_INPUT #ifdef __cplusplus -static int yyinput() + static int yyinput (void) #else -static int input() + static int input (void) #endif - { - int c; - *yy_c_buf_p = yy_hold_char; +{ + int c; + + *(yy_c_buf_p) = (yy_hold_char); - if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) + if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ - if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) /* This was really a NUL. */ - *yy_c_buf_p = '\0'; + *(yy_c_buf_p) = '\0'; else { /* need more input */ - int offset = yy_c_buf_p - yytext_ptr; - ++yy_c_buf_p; + int offset = (yy_c_buf_p) - (yytext_ptr); + ++(yy_c_buf_p); - switch ( yy_get_next_buffer() ) + switch ( yy_get_next_buffer( ) ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() @@ -2013,16 +2074,16 @@ static int input() */ /* Reset buffer status. */ - yyrestart( yyin ); + yyrestart(yyin ); - /* fall through */ + /*FALLTHROUGH*/ case EOB_ACT_END_OF_FILE: { - if ( yywrap() ) + if ( yywrap( ) ) return EOF; - if ( ! yy_did_buffer_switch_on_eof ) + if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); @@ -2032,90 +2093,92 @@ static int input() } case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = yytext_ptr + offset; + (yy_c_buf_p) = (yytext_ptr) + offset; break; } } } - c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ - *yy_c_buf_p = '\0'; /* preserve yytext */ - yy_hold_char = *++yy_c_buf_p; - + c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ + *(yy_c_buf_p) = '\0'; /* preserve yytext */ + (yy_hold_char) = *++(yy_c_buf_p); return c; - } -#endif /* YY_NO_INPUT */ - -#ifdef YY_USE_PROTOS -void yyrestart( FILE *input_file ) -#else -void yyrestart( input_file ) -FILE *input_file; -#endif - { - if ( ! yy_current_buffer ) - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); +} +#endif /* ifndef YY_NO_INPUT */ - yy_init_buffer( yy_current_buffer, input_file ); - yy_load_buffer_state(); +/** Immediately switch to a different input stream. + * @param input_file A readable stream. + * + * @note This function does not reset the start condition to @c INITIAL . + */ + void yyrestart (FILE * input_file ) +{ + + if ( ! YY_CURRENT_BUFFER ){ + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); } + yy_init_buffer(YY_CURRENT_BUFFER,input_file ); + yy_load_buffer_state( ); +} -#ifdef YY_USE_PROTOS -void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) -#else -void yy_switch_to_buffer( new_buffer ) -YY_BUFFER_STATE new_buffer; -#endif - { - if ( yy_current_buffer == new_buffer ) +/** Switch to a different input buffer. + * @param new_buffer The new input buffer. + * + */ + void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) +{ + + /* TODO. We should be able to replace this entire function body + * with + * yypop_buffer_state(); + * yypush_buffer_state(new_buffer); + */ + yyensure_buffer_stack (); + if ( YY_CURRENT_BUFFER == new_buffer ) return; - if ( yy_current_buffer ) + if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ - *yy_c_buf_p = yy_hold_char; - yy_current_buffer->yy_buf_pos = yy_c_buf_p; - yy_current_buffer->yy_n_chars = yy_n_chars; + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } - yy_current_buffer = new_buffer; - yy_load_buffer_state(); + YY_CURRENT_BUFFER_LVALUE = new_buffer; + yy_load_buffer_state( ); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ - yy_did_buffer_switch_on_eof = 1; - } - - -#ifdef YY_USE_PROTOS -void yy_load_buffer_state( void ) -#else -void yy_load_buffer_state() -#endif - { - yy_n_chars = yy_current_buffer->yy_n_chars; - yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; - yyin = yy_current_buffer->yy_input_file; - yy_hold_char = *yy_c_buf_p; - } + (yy_did_buffer_switch_on_eof) = 1; +} +static void yy_load_buffer_state (void) +{ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; + yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; + (yy_hold_char) = *(yy_c_buf_p); +} -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) -#else -YY_BUFFER_STATE yy_create_buffer( file, size ) -FILE *file; -int size; -#endif - { +/** Allocate and initialize an input buffer state. + * @param file A readable stream. + * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. + * + * @return the allocated buffer state. + */ + YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) +{ YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); @@ -2124,75 +2187,75 @@ int size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); + b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - yy_init_buffer( b, file ); + yy_init_buffer(b,file ); return b; - } - +} -#ifdef YY_USE_PROTOS -void yy_delete_buffer( YY_BUFFER_STATE b ) -#else -void yy_delete_buffer( b ) -YY_BUFFER_STATE b; -#endif - { +/** Destroy the buffer. + * @param b a buffer created with yy_create_buffer() + * + */ + void yy_delete_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) return; - if ( b == yy_current_buffer ) - yy_current_buffer = (YY_BUFFER_STATE) 0; + if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ + YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - yy_flex_free( (void *) b->yy_ch_buf ); + yyfree((void *) b->yy_ch_buf ); - yy_flex_free( (void *) b ); - } - - - -#ifdef YY_USE_PROTOS -void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) -#else -void yy_init_buffer( b, file ) -YY_BUFFER_STATE b; -FILE *file; -#endif + yyfree((void *) b ); +} +#ifndef __cplusplus +extern int isatty (int ); +#endif /* __cplusplus */ + +/* Initializes or reinitializes a buffer. + * This function is sometimes called more than once on the same buffer, + * such as during a yyrestart() or at EOF. + */ + static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) - { - yy_flush_buffer( b ); +{ + int oerrno = errno; + + yy_flush_buffer(b ); b->yy_input_file = file; b->yy_fill_buffer = 1; -#if YY_ALWAYS_INTERACTIVE - b->yy_is_interactive = 1; -#else -#if YY_NEVER_INTERACTIVE - b->yy_is_interactive = 0; -#else - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; -#endif -#endif - } - - -#ifdef YY_USE_PROTOS -void yy_flush_buffer( YY_BUFFER_STATE b ) -#else -void yy_flush_buffer( b ) -YY_BUFFER_STATE b; -#endif + /* If b is the current buffer, then yy_init_buffer was _probably_ + * called from yyrestart() or through yy_get_next_buffer. + * In that case, we don't want to reset the lineno or column. + */ + if (b != YY_CURRENT_BUFFER){ + b->yy_bs_lineno = 1; + b->yy_bs_column = 0; + } + + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; + + errno = oerrno; +} - { - if ( ! b ) +/** Discard all buffered characters. On the next scan, YY_INPUT will be called. + * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. + * + */ + void yy_flush_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) return; b->yy_n_chars = 0; @@ -2209,29 +2272,121 @@ YY_BUFFER_STATE b; b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; - if ( b == yy_current_buffer ) - yy_load_buffer_state(); + if ( b == YY_CURRENT_BUFFER ) + yy_load_buffer_state( ); +} + +/** Pushes the new state onto the stack. The new state becomes + * the current state. This function will allocate the stack + * if necessary. + * @param new_buffer The new state. + * + */ +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) +{ + if (new_buffer == NULL) + return; + + yyensure_buffer_stack(); + + /* This block is copied from yy_switch_to_buffer. */ + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + /* Only push if top exists. Otherwise, replace top. */ + if (YY_CURRENT_BUFFER) + (yy_buffer_stack_top)++; + YY_CURRENT_BUFFER_LVALUE = new_buffer; + + /* copied from yy_switch_to_buffer. */ + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; +} + +/** Removes and deletes the top of the stack, if present. + * The next element becomes the new top. + * + */ +void yypop_buffer_state (void) +{ + if (!YY_CURRENT_BUFFER) + return; + + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + if ((yy_buffer_stack_top) > 0) + --(yy_buffer_stack_top); + + if (YY_CURRENT_BUFFER) { + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; } +} +/* Allocates the stack if it does not exist. + * Guarantees space for at least one push. + */ +static void yyensure_buffer_stack (void) +{ + int num_to_alloc; + + if (!(yy_buffer_stack)) { + + /* First allocation is just for 2 elements, since we don't know if this + * scanner will even need a stack. We use 2 instead of 1 to avoid an + * immediate realloc on the next call. + */ + num_to_alloc = 1; + (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc + (num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); + + (yy_buffer_stack_max) = num_to_alloc; + (yy_buffer_stack_top) = 0; + return; + } -#ifndef YY_NO_SCAN_BUFFER -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) -#else -YY_BUFFER_STATE yy_scan_buffer( base, size ) -char *base; -yy_size_t size; -#endif - { - YY_BUFFER_STATE b; + if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ + /* Increase the buffer to prepare for a possible push. */ + int grow_size = 8 /* arbitrary grow size */; + + num_to_alloc = (yy_buffer_stack_max) + grow_size; + (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc + ((yy_buffer_stack), + num_to_alloc * sizeof(struct yy_buffer_state*) + ); + + /* zero only the new slots.*/ + memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); + (yy_buffer_stack_max) = num_to_alloc; + } +} + +/** Setup the input buffer state to scan directly from a user-specified character buffer. + * @param base the character buffer + * @param size the size in bytes of the character buffer + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) +{ + YY_BUFFER_STATE b; + if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); @@ -2245,56 +2400,51 @@ yy_size_t size; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - yy_switch_to_buffer( b ); + yy_switch_to_buffer(b ); return b; - } -#endif - - -#ifndef YY_NO_SCAN_STRING -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) -#else -YY_BUFFER_STATE yy_scan_string( yy_str ) -yyconst char *yy_str; -#endif - { - int len; - for ( len = 0; yy_str[len]; ++len ) - ; - - return yy_scan_bytes( yy_str, len ); - } -#endif +} +/** Setup the input buffer state to scan a string. The next call to yylex() will + * scan from a @e copy of @a str. + * @param str a NUL-terminated string to scan + * + * @return the newly allocated buffer state object. + * @note If you want to scan bytes that may contain NUL values, then use + * yy_scan_bytes() instead. + */ +YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) +{ + + return yy_scan_bytes(yystr,strlen(yystr) ); +} -#ifndef YY_NO_SCAN_BYTES -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) -#else -YY_BUFFER_STATE yy_scan_bytes( bytes, len ) -yyconst char *bytes; -int len; -#endif - { +/** Setup the input buffer state to scan the given bytes. The next call to yylex() will + * scan from a @e copy of @a bytes. + * @param bytes the byte buffer to scan + * @param len the number of bytes in the buffer pointed to by @a bytes. + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) +{ YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; - + /* Get memory for full buffer, including space for trailing EOB's. */ - n = len + 2; - buf = (char *) yy_flex_alloc( n ); + n = _yybytes_len + 2; + buf = (char *) yyalloc(n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - for ( i = 0; i < len; ++i ) - buf[i] = bytes[i]; + for ( i = 0; i < _yybytes_len; ++i ) + buf[i] = yybytes[i]; - buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; + buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; - b = yy_scan_buffer( buf, n ); + b = yy_scan_buffer(buf,n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); @@ -2304,148 +2454,196 @@ int len; b->yy_is_our_buffer = 1; return b; - } +} + +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 #endif +static void yy_fatal_error (yyconst char* msg ) +{ + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); +} + +/* Redefine yyless() so it works in section 3 code. */ -#ifndef YY_NO_PUSH_STATE -#ifdef YY_USE_PROTOS -static void yy_push_state( int new_state ) -#else -static void yy_push_state( new_state ) -int new_state; -#endif - { - if ( yy_start_stack_ptr >= yy_start_stack_depth ) - { - yy_size_t new_size; +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + yytext[yyleng] = (yy_hold_char); \ + (yy_c_buf_p) = yytext + yyless_macro_arg; \ + (yy_hold_char) = *(yy_c_buf_p); \ + *(yy_c_buf_p) = '\0'; \ + yyleng = yyless_macro_arg; \ + } \ + while ( 0 ) - yy_start_stack_depth += YY_START_STACK_INCR; - new_size = yy_start_stack_depth * sizeof( int ); +/* Accessor methods (get/set functions) to struct members. */ - if ( ! yy_start_stack ) - yy_start_stack = (int *) yy_flex_alloc( new_size ); +/** Get the current line number. + * + */ +int yyget_lineno (void) +{ + + return yylineno; +} - else - yy_start_stack = (int *) yy_flex_realloc( - (void *) yy_start_stack, new_size ); +/** Get the input stream. + * + */ +FILE *yyget_in (void) +{ + return yyin; +} - if ( ! yy_start_stack ) - YY_FATAL_ERROR( - "out of memory expanding start-condition stack" ); - } +/** Get the output stream. + * + */ +FILE *yyget_out (void) +{ + return yyout; +} - yy_start_stack[yy_start_stack_ptr++] = YY_START; +/** Get the length of the current token. + * + */ +int yyget_leng (void) +{ + return yyleng; +} - BEGIN(new_state); - } -#endif +/** Get the current token. + * + */ +char *yyget_text (void) +{ + return yytext; +} -#ifndef YY_NO_POP_STATE -static void yy_pop_state() - { - if ( --yy_start_stack_ptr < 0 ) - YY_FATAL_ERROR( "start-condition stack underflow" ); +/** Set the current line number. + * @param line_number + * + */ +void yyset_lineno (int line_number ) +{ + + yylineno = line_number; +} - BEGIN(yy_start_stack[yy_start_stack_ptr]); - } -#endif +/** Set the input stream. This does not discard the current + * input buffer. + * @param in_str A readable stream. + * + * @see yy_switch_to_buffer + */ +void yyset_in (FILE * in_str ) +{ + yyin = in_str ; +} +void yyset_out (FILE * out_str ) +{ + yyout = out_str ; +} -#ifndef YY_NO_TOP_STATE -static int yy_top_state() - { - return yy_start_stack[yy_start_stack_ptr - 1]; - } -#endif +int yyget_debug (void) +{ + return yy_flex_debug; +} -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif +void yyset_debug (int bdebug ) +{ + yy_flex_debug = bdebug ; +} -#ifdef YY_USE_PROTOS -static void yy_fatal_error( yyconst char msg[] ) +static int yy_init_globals (void) +{ + /* Initialization is the same as for the non-reentrant scanner. + * This function is called from yylex_destroy(), so don't allocate here. + */ + + (yy_buffer_stack) = 0; + (yy_buffer_stack_top) = 0; + (yy_buffer_stack_max) = 0; + (yy_c_buf_p) = (char *) 0; + (yy_init) = 0; + (yy_start) = 0; + +/* Defined in main.c */ +#ifdef YY_STDINIT + yyin = stdin; + yyout = stdout; #else -static void yy_fatal_error( msg ) -char msg[]; + yyin = (FILE *) 0; + yyout = (FILE *) 0; #endif - { - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); - } + /* For future reference: Set errno on error, since we are called by + * yylex_init() + */ + return 0; +} +/* yylex_destroy is for both reentrant and non-reentrant scanners. */ +int yylex_destroy (void) +{ + + /* Pop the buffer stack, destroying each element. */ + while(YY_CURRENT_BUFFER){ + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + yypop_buffer_state(); + } -/* Redefine yyless() so it works in section 3 code. */ + /* Destroy the stack itself. */ + yyfree((yy_buffer_stack) ); + (yy_buffer_stack) = NULL; -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - yytext[yyleng] = yy_hold_char; \ - yy_c_buf_p = yytext + n; \ - yy_hold_char = *yy_c_buf_p; \ - *yy_c_buf_p = '\0'; \ - yyleng = n; \ - } \ - while ( 0 ) + /* Reset the globals. This is important in a non-reentrant scanner so the next time + * yylex() is called, initialization will occur. */ + yy_init_globals( ); + return 0; +} -/* Internal utility routines. */ +/* + * Internal utility routines. + */ #ifndef yytext_ptr -#ifdef YY_USE_PROTOS -static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) -#else -static void yy_flex_strncpy( s1, s2, n ) -char *s1; -yyconst char *s2; -int n; -#endif - { +static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) +{ register int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; - } +} #endif #ifdef YY_NEED_STRLEN -#ifdef YY_USE_PROTOS -static int yy_flex_strlen( yyconst char *s ) -#else -static int yy_flex_strlen( s ) -yyconst char *s; -#endif - { +static int yy_flex_strlen (yyconst char * s ) +{ register int n; for ( n = 0; s[n]; ++n ) ; return n; - } +} #endif - -#ifdef YY_USE_PROTOS -static void *yy_flex_alloc( yy_size_t size ) -#else -static void *yy_flex_alloc( size ) -yy_size_t size; -#endif - { +void *yyalloc (yy_size_t size ) +{ return (void *) malloc( size ); - } +} -#ifdef YY_USE_PROTOS -static void *yy_flex_realloc( void *ptr, yy_size_t size ) -#else -static void *yy_flex_realloc( ptr, size ) -void *ptr; -yy_size_t size; -#endif - { +void *yyrealloc (void * ptr, yy_size_t size ) +{ /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -2454,28 +2652,19 @@ yy_size_t size; * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); - } +} -#ifdef YY_USE_PROTOS -static void yy_flex_free( void *ptr ) -#else -static void yy_flex_free( ptr ) -void *ptr; -#endif - { - free( ptr ); - } +void yyfree (void * ptr ) +{ + free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ +} + +#define YYTABLES_NAME "yytables" -#if YY_MAIN -int main() - { - yylex(); - return 0; - } -#endif #line 274 "lex.l" + #ifndef yywrap /* XXX */ int yywrap () @@ -2501,3 +2690,4 @@ unterminated(const char *type, unsigned start_lineno) { error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); } + diff --git a/source4/heimdal/lib/asn1/lex.h b/source4/heimdal/lib/asn1/lex.h index 2d9e6745c5..7aececf6d7 100644 --- a/source4/heimdal/lib/asn1/lex.h +++ b/source4/heimdal/lib/asn1/lex.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: lex.h,v 1.6 2005/07/12 06:27:33 lha Exp $ */ +/* $Id: lex.h 15617 2005-07-12 06:27:42Z lha $ */ #include diff --git a/source4/heimdal/lib/asn1/libasn1.h b/source4/heimdal/lib/asn1/libasn1.h index 8ccde9a36a..64f554f2c8 100644 --- a/source4/heimdal/lib/asn1/libasn1.h +++ b/source4/heimdal/lib/asn1/libasn1.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: libasn1.h,v 1.11 2005/07/12 06:27:34 lha Exp $ */ +/* $Id: libasn1.h 15617 2005-07-12 06:27:42Z lha $ */ #ifndef __LIBASN1_H__ #define __LIBASN1_H__ diff --git a/source4/heimdal/lib/asn1/main.c b/source4/heimdal/lib/asn1/main.c index bba79b1e4e..3b4a8122ca 100644 --- a/source4/heimdal/lib/asn1/main.c +++ b/source4/heimdal/lib/asn1/main.c @@ -35,7 +35,7 @@ #include #include "lex.h" -RCSID("$Id: main.c,v 1.16 2006/09/05 12:27:29 lha Exp $"); +RCSID("$Id: main.c 20858 2007-06-03 18:56:41Z lha $"); extern FILE *yyin; @@ -127,5 +127,7 @@ main(int argc, char **argv) if(ret != 0 || error_flag != 0) exit(1); close_generate (); + if (argc != optidx) + fclose(yyin); return 0; } diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index affe4f2a9c..31361c7492 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -248,7 +248,7 @@ /* Copy the first part of user declarations. */ -#line 36 "heimdal/lib/asn1/parse.y" +#line 36 "parse.y" #ifdef HAVE_CONFIG_H #include @@ -261,7 +261,7 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y,v 1.29 2006/12/28 17:15:02 lha Exp $"); +RCSID("$Id: parse.y 19539 2006-12-28 17:15:05Z lha $"); static Type *new_type (Typetype t); static struct constraint_spec *new_constraint_spec(enum ctype); @@ -280,7 +280,7 @@ struct string_list { /* Enabling traces. */ #ifndef YYDEBUG -# define YYDEBUG 0 +# define YYDEBUG 1 #endif /* Enabling verbose error messages. */ @@ -298,7 +298,7 @@ struct string_list { #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 65 "heimdal/lib/asn1/parse.y" +#line 65 "parse.y" { int constant; struct value *value; @@ -314,7 +314,7 @@ typedef union YYSTYPE struct constraint_spec *constraint_spec; } /* Line 187 of yacc.c. */ -#line 318 "heimdal/lib/asn1/parse.y" +#line 318 "parse.c" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -327,7 +327,7 @@ typedef union YYSTYPE /* Line 216 of yacc.c. */ -#line 331 "heimdal/lib/asn1/parse.y" +#line 331 "parse.c" #ifdef short # undef short @@ -1750,29 +1750,29 @@ yyreduce: switch (yyn) { case 2: -#line 233 "heimdal/lib/asn1/parse.y" +#line 233 "parse.y" { checkundefined(); } break; case 4: -#line 240 "heimdal/lib/asn1/parse.y" +#line 240 "parse.y" { error_message("implicit tagging is not supported"); } break; case 5: -#line 242 "heimdal/lib/asn1/parse.y" +#line 242 "parse.y" { error_message("automatic tagging is not supported"); } break; case 7: -#line 247 "heimdal/lib/asn1/parse.y" +#line 247 "parse.y" { error_message("no extensibility options supported"); } break; case 17: -#line 268 "heimdal/lib/asn1/parse.y" +#line 268 "parse.y" { struct string_list *sl; for(sl = (yyvsp[(1) - (4)].sl); sl != NULL; sl = sl->next) { @@ -1784,7 +1784,7 @@ yyreduce: break; case 22: -#line 287 "heimdal/lib/asn1/parse.y" +#line 287 "parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[(1) - (3)].name); @@ -1793,7 +1793,7 @@ yyreduce: break; case 23: -#line 293 "heimdal/lib/asn1/parse.y" +#line 293 "parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[(1) - (1)].name); @@ -1802,7 +1802,7 @@ yyreduce: break; case 24: -#line 301 "heimdal/lib/asn1/parse.y" +#line 301 "parse.y" { Symbol *s = addsym ((yyvsp[(1) - (3)].name)); s->stype = Stype; @@ -1813,7 +1813,7 @@ yyreduce: break; case 42: -#line 332 "heimdal/lib/asn1/parse.y" +#line 332 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean, TE_EXPLICIT, new_type(TBoolean)); @@ -1821,7 +1821,7 @@ yyreduce: break; case 43: -#line 339 "heimdal/lib/asn1/parse.y" +#line 339 "parse.y" { if((yyvsp[(2) - (5)].value)->type != integervalue || (yyvsp[(4) - (5)].value)->type != integervalue) @@ -1832,7 +1832,7 @@ yyreduce: break; case 44: -#line 349 "heimdal/lib/asn1/parse.y" +#line 349 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, new_type(TInteger)); @@ -1840,7 +1840,7 @@ yyreduce: break; case 45: -#line 354 "heimdal/lib/asn1/parse.y" +#line 354 "parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->range = emalloc(sizeof(*(yyval.type)->range)); @@ -1850,7 +1850,7 @@ yyreduce: break; case 46: -#line 361 "heimdal/lib/asn1/parse.y" +#line 361 "parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1859,7 +1859,7 @@ yyreduce: break; case 47: -#line 369 "heimdal/lib/asn1/parse.y" +#line 369 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -1868,7 +1868,7 @@ yyreduce: break; case 48: -#line 375 "heimdal/lib/asn1/parse.y" +#line 375 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); @@ -1876,12 +1876,12 @@ yyreduce: break; case 49: -#line 380 "heimdal/lib/asn1/parse.y" +#line 380 "parse.y" { (yyval.members) = (yyvsp[(1) - (3)].members); } break; case 50: -#line 384 "heimdal/lib/asn1/parse.y" +#line 384 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (4)].name); @@ -1895,7 +1895,7 @@ yyreduce: break; case 51: -#line 397 "heimdal/lib/asn1/parse.y" +#line 397 "parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1904,7 +1904,7 @@ yyreduce: break; case 53: -#line 408 "heimdal/lib/asn1/parse.y" +#line 408 "parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = emalloc(sizeof(*(yyval.type)->members)); @@ -1914,7 +1914,7 @@ yyreduce: break; case 54: -#line 415 "heimdal/lib/asn1/parse.y" +#line 415 "parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = (yyvsp[(4) - (5)].members); @@ -1923,7 +1923,7 @@ yyreduce: break; case 55: -#line 423 "heimdal/lib/asn1/parse.y" +#line 423 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_OID, TE_EXPLICIT, new_type(TOID)); @@ -1931,7 +1931,7 @@ yyreduce: break; case 56: -#line 429 "heimdal/lib/asn1/parse.y" +#line 429 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_OctetString, TE_EXPLICIT, new_type(TOctetString)); @@ -1939,7 +1939,7 @@ yyreduce: break; case 57: -#line 436 "heimdal/lib/asn1/parse.y" +#line 436 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Null, TE_EXPLICIT, new_type(TNull)); @@ -1947,7 +1947,7 @@ yyreduce: break; case 58: -#line 443 "heimdal/lib/asn1/parse.y" +#line 443 "parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1956,7 +1956,7 @@ yyreduce: break; case 59: -#line 449 "heimdal/lib/asn1/parse.y" +#line 449 "parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = NULL; @@ -1965,7 +1965,7 @@ yyreduce: break; case 60: -#line 457 "heimdal/lib/asn1/parse.y" +#line 457 "parse.y" { (yyval.type) = new_type(TSequenceOf); (yyval.type)->subtype = (yyvsp[(3) - (3)].type); @@ -1974,7 +1974,7 @@ yyreduce: break; case 61: -#line 465 "heimdal/lib/asn1/parse.y" +#line 465 "parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1983,7 +1983,7 @@ yyreduce: break; case 62: -#line 471 "heimdal/lib/asn1/parse.y" +#line 471 "parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = NULL; @@ -1992,7 +1992,7 @@ yyreduce: break; case 63: -#line 479 "heimdal/lib/asn1/parse.y" +#line 479 "parse.y" { (yyval.type) = new_type(TSetOf); (yyval.type)->subtype = (yyvsp[(3) - (3)].type); @@ -2001,7 +2001,7 @@ yyreduce: break; case 64: -#line 487 "heimdal/lib/asn1/parse.y" +#line 487 "parse.y" { (yyval.type) = new_type(TChoice); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -2009,7 +2009,7 @@ yyreduce: break; case 67: -#line 498 "heimdal/lib/asn1/parse.y" +#line 498 "parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); (yyval.type) = new_type(TType); @@ -2021,7 +2021,7 @@ yyreduce: break; case 68: -#line 509 "heimdal/lib/asn1/parse.y" +#line 509 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, TE_EXPLICIT, new_type(TGeneralizedTime)); @@ -2029,7 +2029,7 @@ yyreduce: break; case 69: -#line 514 "heimdal/lib/asn1/parse.y" +#line 514 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime, TE_EXPLICIT, new_type(TUTCTime)); @@ -2037,7 +2037,7 @@ yyreduce: break; case 70: -#line 521 "heimdal/lib/asn1/parse.y" +#line 521 "parse.y" { /* if (Constraint.type == contentConstrant) { assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too @@ -2053,14 +2053,14 @@ yyreduce: break; case 71: -#line 537 "heimdal/lib/asn1/parse.y" +#line 537 "parse.y" { (yyval.constraint_spec) = (yyvsp[(2) - (3)].constraint_spec); } break; case 75: -#line 550 "heimdal/lib/asn1/parse.y" +#line 550 "parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); (yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (2)].type); @@ -2069,7 +2069,7 @@ yyreduce: break; case 76: -#line 556 "heimdal/lib/asn1/parse.y" +#line 556 "parse.y" { if ((yyvsp[(3) - (3)].value)->type != objectidentifiervalue) error_message("Non-OID used in ENCODED BY constraint"); @@ -2080,7 +2080,7 @@ yyreduce: break; case 77: -#line 564 "heimdal/lib/asn1/parse.y" +#line 564 "parse.y" { if ((yyvsp[(5) - (5)].value)->type != objectidentifiervalue) error_message("Non-OID used in ENCODED BY constraint"); @@ -2091,14 +2091,14 @@ yyreduce: break; case 78: -#line 574 "heimdal/lib/asn1/parse.y" +#line 574 "parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_USER); } break; case 79: -#line 580 "heimdal/lib/asn1/parse.y" +#line 580 "parse.y" { (yyval.type) = new_type(TTag); (yyval.type)->tag = (yyvsp[(1) - (3)].tag); @@ -2112,7 +2112,7 @@ yyreduce: break; case 80: -#line 593 "heimdal/lib/asn1/parse.y" +#line 593 "parse.y" { (yyval.tag).tagclass = (yyvsp[(2) - (4)].constant); (yyval.tag).tagvalue = (yyvsp[(3) - (4)].constant); @@ -2121,56 +2121,56 @@ yyreduce: break; case 81: -#line 601 "heimdal/lib/asn1/parse.y" +#line 601 "parse.y" { (yyval.constant) = ASN1_C_CONTEXT; } break; case 82: -#line 605 "heimdal/lib/asn1/parse.y" +#line 605 "parse.y" { (yyval.constant) = ASN1_C_UNIV; } break; case 83: -#line 609 "heimdal/lib/asn1/parse.y" +#line 609 "parse.y" { (yyval.constant) = ASN1_C_APPL; } break; case 84: -#line 613 "heimdal/lib/asn1/parse.y" +#line 613 "parse.y" { (yyval.constant) = ASN1_C_PRIVATE; } break; case 85: -#line 619 "heimdal/lib/asn1/parse.y" +#line 619 "parse.y" { (yyval.constant) = TE_EXPLICIT; } break; case 86: -#line 623 "heimdal/lib/asn1/parse.y" +#line 623 "parse.y" { (yyval.constant) = TE_EXPLICIT; } break; case 87: -#line 627 "heimdal/lib/asn1/parse.y" +#line 627 "parse.y" { (yyval.constant) = TE_IMPLICIT; } break; case 88: -#line 634 "heimdal/lib/asn1/parse.y" +#line 634 "parse.y" { Symbol *s; s = addsym ((yyvsp[(1) - (4)].name)); @@ -2182,7 +2182,7 @@ yyreduce: break; case 90: -#line 648 "heimdal/lib/asn1/parse.y" +#line 648 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString, TE_EXPLICIT, new_type(TGeneralString)); @@ -2190,7 +2190,7 @@ yyreduce: break; case 91: -#line 653 "heimdal/lib/asn1/parse.y" +#line 653 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String, TE_EXPLICIT, new_type(TUTF8String)); @@ -2198,7 +2198,7 @@ yyreduce: break; case 92: -#line 658 "heimdal/lib/asn1/parse.y" +#line 658 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString, TE_EXPLICIT, new_type(TPrintableString)); @@ -2206,7 +2206,7 @@ yyreduce: break; case 93: -#line 663 "heimdal/lib/asn1/parse.y" +#line 663 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_VisibleString, TE_EXPLICIT, new_type(TVisibleString)); @@ -2214,7 +2214,7 @@ yyreduce: break; case 94: -#line 668 "heimdal/lib/asn1/parse.y" +#line 668 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, TE_EXPLICIT, new_type(TIA5String)); @@ -2222,7 +2222,7 @@ yyreduce: break; case 95: -#line 673 "heimdal/lib/asn1/parse.y" +#line 673 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, TE_EXPLICIT, new_type(TBMPString)); @@ -2230,7 +2230,7 @@ yyreduce: break; case 96: -#line 678 "heimdal/lib/asn1/parse.y" +#line 678 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString, TE_EXPLICIT, new_type(TUniversalString)); @@ -2238,7 +2238,7 @@ yyreduce: break; case 97: -#line 686 "heimdal/lib/asn1/parse.y" +#line 686 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -2247,7 +2247,7 @@ yyreduce: break; case 98: -#line 692 "heimdal/lib/asn1/parse.y" +#line 692 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); @@ -2255,7 +2255,7 @@ yyreduce: break; case 99: -#line 697 "heimdal/lib/asn1/parse.y" +#line 697 "parse.y" { struct member *m = ecalloc(1, sizeof(*m)); m->name = estrdup("..."); @@ -2267,7 +2267,7 @@ yyreduce: break; case 100: -#line 708 "heimdal/lib/asn1/parse.y" +#line 708 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (2)].name); @@ -2279,7 +2279,7 @@ yyreduce: break; case 101: -#line 719 "heimdal/lib/asn1/parse.y" +#line 719 "parse.y" { (yyval.member) = (yyvsp[(1) - (1)].member); (yyval.member)->optional = 0; @@ -2288,7 +2288,7 @@ yyreduce: break; case 102: -#line 725 "heimdal/lib/asn1/parse.y" +#line 725 "parse.y" { (yyval.member) = (yyvsp[(1) - (2)].member); (yyval.member)->optional = 1; @@ -2297,7 +2297,7 @@ yyreduce: break; case 103: -#line 731 "heimdal/lib/asn1/parse.y" +#line 731 "parse.y" { (yyval.member) = (yyvsp[(1) - (3)].member); (yyval.member)->optional = 0; @@ -2306,7 +2306,7 @@ yyreduce: break; case 104: -#line 739 "heimdal/lib/asn1/parse.y" +#line 739 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -2315,7 +2315,7 @@ yyreduce: break; case 105: -#line 745 "heimdal/lib/asn1/parse.y" +#line 745 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); @@ -2323,7 +2323,7 @@ yyreduce: break; case 106: -#line 752 "heimdal/lib/asn1/parse.y" +#line 752 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (4)].name); @@ -2337,26 +2337,26 @@ yyreduce: break; case 108: -#line 765 "heimdal/lib/asn1/parse.y" +#line 765 "parse.y" { (yyval.objid) = NULL; } break; case 109: -#line 769 "heimdal/lib/asn1/parse.y" +#line 769 "parse.y" { (yyval.objid) = (yyvsp[(2) - (3)].objid); } break; case 110: -#line 775 "heimdal/lib/asn1/parse.y" +#line 775 "parse.y" { (yyval.objid) = NULL; } break; case 111: -#line 779 "heimdal/lib/asn1/parse.y" +#line 779 "parse.y" { if ((yyvsp[(2) - (2)].objid)) { (yyval.objid) = (yyvsp[(2) - (2)].objid); @@ -2368,14 +2368,14 @@ yyreduce: break; case 112: -#line 790 "heimdal/lib/asn1/parse.y" +#line 790 "parse.y" { (yyval.objid) = new_objid((yyvsp[(1) - (4)].name), (yyvsp[(3) - (4)].constant)); } break; case 113: -#line 794 "heimdal/lib/asn1/parse.y" +#line 794 "parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); if(s->stype != SValue || @@ -2389,14 +2389,14 @@ yyreduce: break; case 114: -#line 805 "heimdal/lib/asn1/parse.y" +#line 805 "parse.y" { (yyval.objid) = new_objid(NULL, (yyvsp[(1) - (1)].constant)); } break; case 124: -#line 828 "heimdal/lib/asn1/parse.y" +#line 828 "parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); if(s->stype != SValue) @@ -2408,7 +2408,7 @@ yyreduce: break; case 125: -#line 839 "heimdal/lib/asn1/parse.y" +#line 839 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = stringvalue; @@ -2417,7 +2417,7 @@ yyreduce: break; case 126: -#line 847 "heimdal/lib/asn1/parse.y" +#line 847 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2426,7 +2426,7 @@ yyreduce: break; case 127: -#line 853 "heimdal/lib/asn1/parse.y" +#line 853 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2435,7 +2435,7 @@ yyreduce: break; case 128: -#line 861 "heimdal/lib/asn1/parse.y" +#line 861 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = integervalue; @@ -2444,13 +2444,13 @@ yyreduce: break; case 130: -#line 872 "heimdal/lib/asn1/parse.y" +#line 872 "parse.y" { } break; case 131: -#line 877 "heimdal/lib/asn1/parse.y" +#line 877 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = objectidentifiervalue; @@ -2460,7 +2460,7 @@ yyreduce: /* Line 1267 of yacc.c. */ -#line 2464 "heimdal/lib/asn1/parse.y" +#line 2464 "parse.c" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -2674,7 +2674,7 @@ yyreturn: } -#line 884 "heimdal/lib/asn1/parse.y" +#line 884 "parse.y" void diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h index 868bb2543a..a2a9a3a335 100644 --- a/source4/heimdal/lib/asn1/parse.h +++ b/source4/heimdal/lib/asn1/parse.h @@ -222,7 +222,7 @@ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 65 "heimdal/lib/asn1/parse.y" +#line 65 "parse.y" { int constant; struct value *value; @@ -238,7 +238,7 @@ typedef union YYSTYPE struct constraint_spec *constraint_spec; } /* Line 1489 of yacc.c. */ -#line 242 "heimdal/lib/asn1/parse.y" +#line 242 "parse.h" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 diff --git a/source4/heimdal/lib/asn1/pkcs12.asn1 b/source4/heimdal/lib/asn1/pkcs12.asn1 index ff512e8255..37fe03e58e 100644 --- a/source4/heimdal/lib/asn1/pkcs12.asn1 +++ b/source4/heimdal/lib/asn1/pkcs12.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs12.asn1,v 1.3 2005/07/23 11:07:39 lha Exp $ -- +-- $Id: pkcs12.asn1 15715 2005-07-23 11:08:47Z lha $ -- PKCS12 DEFINITIONS ::= diff --git a/source4/heimdal/lib/asn1/pkcs8.asn1 b/source4/heimdal/lib/asn1/pkcs8.asn1 index dc52511bf4..911e727c70 100644 --- a/source4/heimdal/lib/asn1/pkcs8.asn1 +++ b/source4/heimdal/lib/asn1/pkcs8.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs8.asn1,v 1.3 2005/09/13 19:41:29 lha Exp $ -- +-- $Id: pkcs8.asn1 16060 2005-09-13 19:41:29Z lha $ -- PKCS8 DEFINITIONS ::= diff --git a/source4/heimdal/lib/asn1/pkcs9.asn1 b/source4/heimdal/lib/asn1/pkcs9.asn1 index e6df32f65d..d985e91f3c 100644 --- a/source4/heimdal/lib/asn1/pkcs9.asn1 +++ b/source4/heimdal/lib/asn1/pkcs9.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs9.asn1,v 1.5 2006/04/24 08:59:10 lha Exp $ -- +-- $Id: pkcs9.asn1 17202 2006-04-24 08:59:10Z lha $ -- PKCS9 DEFINITIONS ::= diff --git a/source4/heimdal/lib/asn1/pkinit.asn1 b/source4/heimdal/lib/asn1/pkinit.asn1 index 56d6611677..e89a7217af 100644 --- a/source4/heimdal/lib/asn1/pkinit.asn1 +++ b/source4/heimdal/lib/asn1/pkinit.asn1 @@ -21,9 +21,15 @@ id-pkinit-san OBJECT IDENTIFIER ::= { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) x509-sanan(2) } +id-pkinit-ms-eku OBJECT IDENTIFIER ::= + { iso(1) org(3) dod(6) internet(1) private(4) + enterprise(1) microsoft(311) 20 2 2 } + id-pkinit-ms-san OBJECT IDENTIFIER ::= - { iso(1) org(3) dod(6) internet(1) foo1(4) - foo2(1) foo3(311) foo4(20) foo5(2) foo6(3) } + { iso(1) org(3) dod(6) internet(1) private(4) + enterprise(1) microsoft(311) 20 2 3 } + +MS-UPN-SAN ::= UTF8String pa-pk-as-req INTEGER ::= 16 pa-pk-as-rep INTEGER ::= 17 diff --git a/source4/heimdal/lib/asn1/rfc2459.asn1 b/source4/heimdal/lib/asn1/rfc2459.asn1 index 430674a5ee..71f197eba7 100644 --- a/source4/heimdal/lib/asn1/rfc2459.asn1 +++ b/source4/heimdal/lib/asn1/rfc2459.asn1 @@ -87,6 +87,7 @@ id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 } id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 } id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 } id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 } +id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 } id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 } id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 } id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 } @@ -306,6 +307,32 @@ id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 } id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 } id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 } +DistributionPointReasonFlags ::= BIT STRING { + unused (0), + keyCompromise (1), + cACompromise (2), + affiliationChanged (3), + superseded (4), + cessationOfOperation (5), + certificateHold (6), + privilegeWithdrawn (7), + aACompromise (8) +} + +DistributionPointName ::= CHOICE { + fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE -- SIZE (1..MAX) -- OF GeneralName, + nameRelativeToCRLIssuer [1] RelativeDistinguishedName +} + +DistributionPoint ::= SEQUENCE { + distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL, + reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL, + cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL +} + +CRLDistributionPoints ::= SEQUENCE -- SIZE (1..MAX) -- OF DistributionPoint + + -- rfc3279 DSASigValue ::= SEQUENCE { @@ -406,10 +433,13 @@ CRLReason ::= ENUMERATED { aACompromise (10) } +PKIXXmppAddr ::= UTF8String + id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) } id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 } +id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 } id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 } id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 } @@ -441,4 +471,25 @@ ProxyCertInfo ::= SEQUENCE { proxyPolicy ProxyPolicy } +--- U.S. Federal PKI Common Policy Framework +-- Card Authentication key +id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 } +id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 } + +--- Netscape extentions + +id-netscape OBJECT IDENTIFIER ::= + { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) } +id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 } + +--- MS extentions + +id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::= + { 1 3 6 1 4 1 311 20 2 } + +id-ms-client-authentication OBJECT IDENTIFIER ::= + { 1 3 6 1 5 5 7 3 2 } + +-- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72 + END diff --git a/source4/heimdal/lib/asn1/symbol.c b/source4/heimdal/lib/asn1/symbol.c index a4e1ed4884..9407915c19 100644 --- a/source4/heimdal/lib/asn1/symbol.c +++ b/source4/heimdal/lib/asn1/symbol.c @@ -34,7 +34,7 @@ #include "gen_locl.h" #include "lex.h" -RCSID("$Id: symbol.c,v 1.10 2005/07/12 06:27:39 lha Exp $"); +RCSID("$Id: symbol.c 15617 2005-07-12 06:27:42Z lha $"); static Hashtab *htab; diff --git a/source4/heimdal/lib/asn1/symbol.h b/source4/heimdal/lib/asn1/symbol.h index 436bd043a1..d07caf5590 100644 --- a/source4/heimdal/lib/asn1/symbol.h +++ b/source4/heimdal/lib/asn1/symbol.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: symbol.h,v 1.14 2006/12/28 17:15:05 lha Exp $ */ +/* $Id: symbol.h 19539 2006-12-28 17:15:05Z lha $ */ #ifndef _SYMBOL_H #define _SYMBOL_H diff --git a/source4/heimdal/lib/asn1/test.asn1 b/source4/heimdal/lib/asn1/test.asn1 index 1a1179bc30..98b507a4da 100644 --- a/source4/heimdal/lib/asn1/test.asn1 +++ b/source4/heimdal/lib/asn1/test.asn1 @@ -1,4 +1,4 @@ --- $Id: test.asn1,v 1.9 2006/09/05 14:00:44 lha Exp $ -- +-- $Id: test.asn1 18013 2006-09-05 14:00:44Z lha $ -- TEST DEFINITIONS ::= diff --git a/source4/heimdal/lib/asn1/timegm.c b/source4/heimdal/lib/asn1/timegm.c index 86df58d700..a6776458cf 100644 --- a/source4/heimdal/lib/asn1/timegm.c +++ b/source4/heimdal/lib/asn1/timegm.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: timegm.c,v 1.11 2006/10/19 16:19:32 lha Exp $"); +RCSID("$Id: timegm.c 18607 2006-10-19 16:19:32Z lha $"); static int is_leap(unsigned y) diff --git a/source4/heimdal/lib/com_err/com_err.c b/source4/heimdal/lib/com_err/com_err.c index 0462fdcc03..faf4294cdd 100644 --- a/source4/heimdal/lib/com_err/com_err.c +++ b/source4/heimdal/lib/com_err/com_err.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: com_err.c,v 1.19 2005/04/24 19:42:39 lha Exp $"); +RCSID("$Id: com_err.c 14930 2005-04-24 19:43:06Z lha $"); #endif #include #include diff --git a/source4/heimdal/lib/com_err/com_err.h b/source4/heimdal/lib/com_err/com_err.h index fe7441108a..bdd764f7e9 100644 --- a/source4/heimdal/lib/com_err/com_err.h +++ b/source4/heimdal/lib/com_err/com_err.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: com_err.h,v 1.11 2005/07/07 14:58:07 lha Exp $ */ +/* $Id: com_err.h 15566 2005-07-07 14:58:07Z lha $ */ /* MIT compatible com_err library */ diff --git a/source4/heimdal/lib/com_err/com_right.h b/source4/heimdal/lib/com_err/com_right.h index 7e7d342e2c..4d929da866 100644 --- a/source4/heimdal/lib/com_err/com_right.h +++ b/source4/heimdal/lib/com_err/com_right.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: com_right.h,v 1.12 2005/02/03 08:43:01 lha Exp $ */ +/* $Id: com_right.h 14551 2005-02-03 08:45:13Z lha $ */ #ifndef __COM_RIGHT_H__ #define __COM_RIGHT_H__ diff --git a/source4/heimdal/lib/com_err/compile_et.c b/source4/heimdal/lib/com_err/compile_et.c index 1b472d8e0f..1057654822 100644 --- a/source4/heimdal/lib/com_err/compile_et.c +++ b/source4/heimdal/lib/com_err/compile_et.c @@ -35,7 +35,7 @@ #include "compile_et.h" #include -RCSID("$Id: compile_et.c,v 1.19 2005/06/16 19:21:00 lha Exp $"); +RCSID("$Id: compile_et.c 15426 2005-06-16 19:21:42Z lha $"); #include #include diff --git a/source4/heimdal/lib/com_err/compile_et.h b/source4/heimdal/lib/com_err/compile_et.h index 6da8c59322..1c7de5a08b 100644 --- a/source4/heimdal/lib/com_err/compile_et.h +++ b/source4/heimdal/lib/com_err/compile_et.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: compile_et.h,v 1.8 2005/06/16 19:21:26 lha Exp $ */ +/* $Id: compile_et.h 15426 2005-06-16 19:21:42Z lha $ */ #ifndef __COMPILE_ET_H__ #define __COMPILE_ET_H__ diff --git a/source4/heimdal/lib/com_err/error.c b/source4/heimdal/lib/com_err/error.c index b22f25b41a..051078025c 100644 --- a/source4/heimdal/lib/com_err/error.c +++ b/source4/heimdal/lib/com_err/error.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: error.c,v 1.15 2001/02/28 20:00:13 joda Exp $"); +RCSID("$Id: error.c 9724 2001-02-28 20:00:13Z joda $"); #endif #include #include diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index 4697d0a3fd..c5af2ead5c 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -1,6 +1,5 @@ -#include "config.h" -#line 3 "lex.yy.c" +#line 3 "lex.c" #define YY_INT_ALIGNED short int @@ -524,7 +523,7 @@ char *yytext; #include "parse.h" #include "lex.h" -RCSID("$Id: lex.l,v 1.8 2005/05/16 08:52:54 lha Exp $"); +RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $"); static unsigned lineno = 1; static int getstring(void); @@ -533,7 +532,7 @@ static int getstring(void); #undef ECHO -#line 536 "lex.yy.c" +#line 536 "lex.c" #define INITIAL 0 @@ -688,7 +687,7 @@ YY_DECL #line 59 "lex.l" -#line 691 "lex.yy.c" +#line 691 "lex.c" if ( !(yy_init) ) { @@ -852,7 +851,7 @@ YY_RULE_SETUP #line 75 "lex.l" ECHO; YY_BREAK -#line 855 "lex.yy.c" +#line 855 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -1083,7 +1082,7 @@ static int yy_get_next_buffer (void) /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), (size_t) num_to_read ); + (yy_n_chars), num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } @@ -1584,7 +1583,7 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. - * @param yystr a NUL-terminated string to scan + * @param str a NUL-terminated string to scan * * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use diff --git a/source4/heimdal/lib/com_err/lex.h b/source4/heimdal/lib/com_err/lex.h index 9912bf4f09..89f0387655 100644 --- a/source4/heimdal/lib/com_err/lex.h +++ b/source4/heimdal/lib/com_err/lex.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: lex.h,v 1.1 2000/06/22 00:42:52 assar Exp $ */ +/* $Id: lex.h 8451 2000-06-22 00:42:52Z assar $ */ void error_message (const char *, ...) __attribute__ ((format (printf, 1, 2))); diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c index 9fb19b33ce..4bacb721ca 100644 --- a/source4/heimdal/lib/com_err/parse.c +++ b/source4/heimdal/lib/com_err/parse.c @@ -90,7 +90,7 @@ /* Copy the first part of user declarations. */ -#line 1 "./heimdal/lib/com_err/parse.y" +#line 1 "parse.y" /* * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan @@ -128,7 +128,7 @@ #include "compile_et.h" #include "lex.h" -RCSID("$Id: parse.y,v 1.15 2005/06/16 19:21:42 lha Exp $"); +RCSID("$Id: parse.y 15426 2005-06-16 19:21:42Z lha $"); void yyerror (char *s); static long name2number(const char *str); @@ -163,13 +163,13 @@ extern char *yytext; #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 53 "./heimdal/lib/com_err/parse.y" +#line 53 "parse.y" { char *string; int number; } /* Line 187 of yacc.c. */ -#line 173 "./heimdal/lib/com_err/parse.y" +#line 173 "parse.c" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -182,7 +182,7 @@ typedef union YYSTYPE /* Line 216 of yacc.c. */ -#line 186 "./heimdal/lib/com_err/parse.y" +#line 186 "parse.c" #ifdef short # undef short @@ -1381,14 +1381,14 @@ yyreduce: switch (yyn) { case 6: -#line 73 "./heimdal/lib/com_err/parse.y" +#line 73 "parse.y" { id_str = (yyvsp[(2) - (2)].string); } break; case 7: -#line 79 "./heimdal/lib/com_err/parse.y" +#line 79 "parse.y" { base_id = name2number((yyvsp[(2) - (2)].string)); strlcpy(name, (yyvsp[(2) - (2)].string), sizeof(name)); @@ -1397,7 +1397,7 @@ yyreduce: break; case 8: -#line 85 "./heimdal/lib/com_err/parse.y" +#line 85 "parse.y" { base_id = name2number((yyvsp[(2) - (3)].string)); strlcpy(name, (yyvsp[(3) - (3)].string), sizeof(name)); @@ -1407,14 +1407,14 @@ yyreduce: break; case 11: -#line 98 "./heimdal/lib/com_err/parse.y" +#line 98 "parse.y" { number = (yyvsp[(2) - (2)].number); } break; case 12: -#line 102 "./heimdal/lib/com_err/parse.y" +#line 102 "parse.y" { free(prefix); asprintf (&prefix, "%s_", (yyvsp[(2) - (2)].string)); @@ -1425,7 +1425,7 @@ yyreduce: break; case 13: -#line 110 "./heimdal/lib/com_err/parse.y" +#line 110 "parse.y" { prefix = realloc(prefix, 1); if (prefix == NULL) @@ -1435,7 +1435,7 @@ yyreduce: break; case 14: -#line 117 "./heimdal/lib/com_err/parse.y" +#line 117 "parse.y" { struct error_code *ec = malloc(sizeof(*ec)); @@ -1458,7 +1458,7 @@ yyreduce: break; case 15: -#line 137 "./heimdal/lib/com_err/parse.y" +#line 137 "parse.y" { YYACCEPT; } @@ -1466,7 +1466,7 @@ yyreduce: /* Line 1267 of yacc.c. */ -#line 1470 "./heimdal/lib/com_err/parse.y" +#line 1470 "parse.c" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -1680,7 +1680,7 @@ yyreturn: } -#line 142 "./heimdal/lib/com_err/parse.y" +#line 142 "parse.y" static long diff --git a/source4/heimdal/lib/com_err/parse.h b/source4/heimdal/lib/com_err/parse.h index cb1d09276c..4c9681ff34 100644 --- a/source4/heimdal/lib/com_err/parse.h +++ b/source4/heimdal/lib/com_err/parse.h @@ -64,13 +64,13 @@ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 53 "./heimdal/lib/com_err/parse.y" +#line 53 "parse.y" { char *string; int number; } /* Line 1489 of yacc.c. */ -#line 74 "./heimdal/lib/com_err/parse.y" +#line 74 "parse.h" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 diff --git a/source4/heimdal/lib/des/aes.c b/source4/heimdal/lib/des/aes.c deleted file mode 100755 index 5e0069de9d..0000000000 --- a/source4/heimdal/lib/des/aes.c +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include "config.h" - -RCSID("$Id: aes.c,v 1.5 2005/06/18 22:46:35 lha Exp $"); -#endif - -#ifdef KRB5 -#include -#endif - -#include - -#include "rijndael-alg-fst.h" -#include "aes.h" - -int -AES_set_encrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key) -{ - key->rounds = rijndaelKeySetupEnc(key->key, userkey, bits); - if (key->rounds == 0) - return -1; - return 0; -} - -int -AES_set_decrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key) -{ - key->rounds = rijndaelKeySetupDec(key->key, userkey, bits); - if (key->rounds == 0) - return -1; - return 0; -} - -void -AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) -{ - rijndaelEncrypt(key->key, key->rounds, in, out); -} - -void -AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) -{ - rijndaelDecrypt(key->key, key->rounds, in, out); -} - -void -AES_cbc_encrypt(const unsigned char *in, unsigned char *out, - unsigned long size, const AES_KEY *key, - unsigned char *iv, int forward_encrypt) -{ - unsigned char tmp[AES_BLOCK_SIZE]; - int i; - - if (forward_encrypt) { - while (size >= AES_BLOCK_SIZE) { - for (i = 0; i < AES_BLOCK_SIZE; i++) - tmp[i] = in[i] ^ iv[i]; - AES_encrypt(tmp, out, key); - memcpy(iv, out, AES_BLOCK_SIZE); - size -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - if (size) { - for (i = 0; i < size; i++) - tmp[i] = in[i] ^ iv[i]; - for (i = size; i < AES_BLOCK_SIZE; i++) - tmp[i] = iv[i]; - AES_encrypt(tmp, out, key); - memcpy(iv, out, AES_BLOCK_SIZE); - } - } else { - while (size >= AES_BLOCK_SIZE) { - memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(tmp, out, key); - for (i = 0; i < AES_BLOCK_SIZE; i++) - out[i] ^= iv[i]; - memcpy(iv, tmp, AES_BLOCK_SIZE); - size -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - if (size) { - memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(tmp, out, key); - for (i = 0; i < size; i++) - out[i] ^= iv[i]; - memcpy(iv, tmp, AES_BLOCK_SIZE); - } - } -} diff --git a/source4/heimdal/lib/des/aes.h b/source4/heimdal/lib/des/aes.h deleted file mode 100755 index 3ea1c141be..0000000000 --- a/source4/heimdal/lib/des/aes.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 2003-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: aes.h,v 1.6 2006/05/05 11:06:35 lha Exp $ */ - -#ifndef HEIM_AES_H -#define HEIM_AES_H 1 - -/* symbol renaming */ -#define AES_set_encrypt_key hc_AES_set_encrypt_key -#define AES_set_decrypt_key hc_AES_decrypt_key -#define AES_encrypt hc_AES_encrypt -#define AES_decrypt hc_AES_decrypt -#define AES_cbc_encrypt hc_AES_cbc_encrypt - -/* - * - */ - -#define AES_BLOCK_SIZE 16 -#define AES_MAXNR 14 - -#define AES_ENCRYPT 1 -#define AES_DECRYPT 0 - -typedef struct aes_key { - uint32_t key[(AES_MAXNR+1)*4]; - int rounds; -} AES_KEY; - -int AES_set_encrypt_key(const unsigned char *, const int, AES_KEY *); -int AES_set_decrypt_key(const unsigned char *, const int, AES_KEY *); - -void AES_encrypt(const unsigned char *, unsigned char *, const AES_KEY *); -void AES_decrypt(const unsigned char *, unsigned char *, const AES_KEY *); - -void AES_cbc_encrypt(const unsigned char *, unsigned char *, - const unsigned long, const AES_KEY *, - unsigned char *, int); - -#endif /* HEIM_AES_H */ diff --git a/source4/heimdal/lib/des/bn.c b/source4/heimdal/lib/des/bn.c deleted file mode 100644 index c4230b6abc..0000000000 --- a/source4/heimdal/lib/des/bn.c +++ /dev/null @@ -1,445 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -RCSID("$Id: bn.c,v 1.9 2006/10/14 09:21:09 lha Exp $"); - -#include -#include -#include -#include - -#include -#include /* XXX */ -#include - -#include -#include -#include - -BIGNUM * -BN_new(void) -{ - heim_integer *hi; - hi = calloc(1, sizeof(*hi)); - return (BIGNUM *)hi; -} - -void -BN_free(BIGNUM *bn) -{ - BN_clear(bn); - free(bn); -} - -void -BN_clear(BIGNUM *bn) -{ - heim_integer *hi = (heim_integer *)bn; - if (hi->data) { - memset(hi->data, 0, hi->length); - free(hi->data); - } - memset(hi, 0, sizeof(*hi)); -} - -void -BN_clear_free(BIGNUM *bn) -{ - BN_free(bn); -} - -BIGNUM * -BN_dup(const BIGNUM *bn) -{ - BIGNUM *b = BN_new(); - if (der_copy_heim_integer((const heim_integer *)bn, (heim_integer *)b)) { - BN_free(b); - return NULL; - } - return b; -} - -/* - * If the caller really want to know the number of bits used, subtract - * one from the length, multiply by 8, and then lookup in the table - * how many bits the hightest byte uses. - */ -int -BN_num_bits(const BIGNUM *bn) -{ - static unsigned char num2bits[256] = { - 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4, 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5, - 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, - 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, - 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - }; - const heim_integer *i = (const void *)bn; - if (i->length == 0) - return 0; - return (i->length - 1) * 8 + num2bits[((unsigned char *)i->data)[0]]; -} - -int -BN_num_bytes(const BIGNUM *bn) -{ - return ((const heim_integer *)bn)->length; -} - -/* - * Ignore negative flag. - */ - -BIGNUM * -BN_bin2bn(const void *s, int len, BIGNUM *bn) -{ - heim_integer *hi = (void *)bn; - - if (len < 0) - return NULL; - - if (hi == NULL) { - hi = (heim_integer *)BN_new(); - if (hi == NULL) - return NULL; - } - if (hi->data) - BN_clear((BIGNUM *)hi); - hi->negative = 0; - hi->data = malloc(len); - if (hi->data == NULL && len != 0) { - if (bn == NULL) - BN_free((BIGNUM *)hi); - return NULL; - } - hi->length = len; - memcpy(hi->data, s, len); - return (BIGNUM *)hi; -} - -int -BN_bn2bin(const BIGNUM *bn, void *to) -{ - const heim_integer *hi = (const void *)bn; - memcpy(to, hi->data, hi->length); - return hi->length; -} - -int -BN_hex2bn(BIGNUM **bnp, const char *in) -{ - int negative; - ssize_t ret; - size_t len; - void *data; - - len = strlen(in); - data = malloc(len); - if (data == NULL) - return 0; - - if (*in == '-') { - negative = 1; - in++; - } else - negative = 0; - - ret = hex_decode(in, data, len); - if (ret < 0) { - free(data); - return 0; - } - - *bnp = BN_bin2bn(data, ret, NULL); - free(data); - if (*bnp == NULL) - return 0; - BN_set_negative(*bnp, negative); - return 1; -} - -char * -BN_bn2hex(const BIGNUM *bn) -{ - ssize_t ret; - size_t len; - void *data; - char *str; - - len = BN_num_bytes(bn); - data = malloc(len); - if (data == NULL) - return 0; - - len = BN_bn2bin(bn, data); - - ret = hex_encode(data, len, &str); - free(data); - if (ret < 0) - return 0; - - return str; -} - -int -BN_cmp(const BIGNUM *bn1, const BIGNUM *bn2) -{ - return der_heim_integer_cmp((const heim_integer *)bn1, - (const heim_integer *)bn2); -} - -void -BN_set_negative(BIGNUM *bn, int flag) -{ - ((heim_integer *)bn)->negative = (flag ? 1 : 0); -} - -int -BN_is_negative(BIGNUM *bn) -{ - return ((heim_integer *)bn)->negative ? 1 : 0; -} - -static const unsigned char is_set[8] = { 1, 2, 4, 8, 16, 32, 64, 128 }; - -int -BN_is_bit_set(const BIGNUM *bn, int bit) -{ - heim_integer *hi = (heim_integer *)bn; - unsigned char *p = hi->data; - - if ((bit / 8) > hi->length || hi->length == 0) - return 0; - - return p[hi->length - 1 - (bit / 8)] & is_set[bit % 8]; -} - -int -BN_set_bit(BIGNUM *bn, int bit) -{ - heim_integer *hi = (heim_integer *)bn; - unsigned char *p; - - if ((bit / 8) > hi->length || hi->length == 0) { - size_t len = (bit + 7) / 8; - void *d = realloc(hi->data, len); - if (d == NULL) - return 0; - hi->data = d; - p = hi->data; - memset(&p[hi->length], 0, len); - hi->length = len; - } else - p = hi->data; - - p[hi->length - 1 - (bit / 8)] |= is_set[bit % 8]; - return 1; -} - -int -BN_clear_bit(BIGNUM *bn, int bit) -{ - heim_integer *hi = (heim_integer *)bn; - unsigned char *p = hi->data; - - if ((bit / 8) > hi->length || hi->length == 0) - return 0; - - p[hi->length - 1 - (bit / 8)] &= (unsigned char)(~(is_set[bit % 8])); - - return 1; -} - -int -BN_set_word(BIGNUM *bn, unsigned long num) -{ - unsigned char p[sizeof(num)]; - unsigned long num2; - int i, len; - - for (num2 = num, i = 0; num2 > 0; i++) - num2 = num2 >> 8; - - len = i - 1; - for (; i > 0; i--) { - p[i - 1] = (num & 0xff); - num = num >> 8; - } - - bn = BN_bin2bn(p, len + 1, bn); - return bn != NULL; -} - -unsigned long -BN_get_word(const BIGNUM *bn) -{ - heim_integer *hi = (heim_integer *)bn; - unsigned long num = 0; - int i; - - if (hi->negative || hi->length > sizeof(num)) - return ULONG_MAX; - - for (i = 0; i < hi->length; i++) - num = ((unsigned char *)hi->data)[i] | (num << 8); - return num; -} - -int -BN_rand(BIGNUM *bn, int bits, int top, int bottom) -{ - size_t len = (bits + 7) / 8; - heim_integer *i = (heim_integer *)bn; - - BN_clear(bn); - - i->negative = 0; - i->data = malloc(len); - if (i->data == NULL && len != 0) - return 0; - i->length = len; - - if (RAND_bytes(i->data, i->length) != 1) { - free(i->data); - i->data = NULL; - return 0; - } - - { - size_t j = len * 8; - while(j > bits) { - BN_clear_bit(bn, j - 1); - j--; - } - } - - if (top == -1) { - ; - } else if (top == 0 && bits > 0) { - BN_set_bit(bn, bits - 1); - } else if (top == 1 && bits > 1) { - BN_set_bit(bn, bits - 1); - BN_set_bit(bn, bits - 2); - } else { - BN_clear(bn); - return 0; - } - - if (bottom && bits > 0) - BN_set_bit(bn, 0); - - return 1; -} - -/* - * - */ - -int -BN_uadd(BIGNUM *res, const BIGNUM *a, const BIGNUM *b) -{ - const heim_integer *ai = (const heim_integer *)a; - const heim_integer *bi = (const heim_integer *)b; - const unsigned char *ap, *bp; - unsigned char *cp; - heim_integer ci; - int carry = 0; - ssize_t len; - - if (ai->negative && bi->negative) - return 0; - if (ai->length < bi->length) { - const heim_integer *si = bi; - bi = ai; ai = si; - } - - ci.negative = 0; - ci.length = ai->length + 1; - ci.data = malloc(ci.length); - if (ci.data == NULL) - return 0; - - ap = &((const unsigned char *)ai->data)[ai->length - 1]; - bp = &((const unsigned char *)bi->data)[bi->length - 1]; - cp = &((unsigned char *)ci.data)[ci.length - 1]; - - for (len = bi->length; len > 0; len--) { - carry = *ap + *bp + carry; - *cp = carry & 0xff; - carry = (carry & ~0xff) ? 1 : 0; - ap--; bp--; cp--; - } - for (len = ai->length - bi->length; len > 0; len--) { - carry = *ap + carry; - *cp = carry & 0xff; - carry = (carry & ~0xff) ? 1 : 0; - ap--; cp--; - } - if (!carry) - memmove(cp, cp + 1, --ci.length); - else - *cp = carry; - - BN_clear(res); - *((heim_integer *)res) = ci; - - return 1; -} - - -/* - * Callback when doing slow generation of numbers, like primes. - */ - -void -BN_GENCB_set(BN_GENCB *gencb, int (*cb_2)(int, int, BN_GENCB *), void *ctx) -{ - gencb->ver = 2; - gencb->cb.cb_2 = cb_2; - gencb->arg = ctx; -} - -int -BN_GENCB_call(BN_GENCB *cb, int a, int b) -{ - if (cb == NULL || cb->cb.cb_2 == NULL) - return 1; - return cb->cb.cb_2(a, b, cb); -} diff --git a/source4/heimdal/lib/des/bn.h b/source4/heimdal/lib/des/bn.h deleted file mode 100644 index b0c90d36fc..0000000000 --- a/source4/heimdal/lib/des/bn.h +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * $Id: bn.h,v 1.3 2006/01/13 08:27:50 lha Exp $ - */ - -#ifndef _HEIM_BN_H -#define _HEIM_BN_H 1 - -/* symbol renaming */ -#define BN_GENCB_call hc_BN_GENCB_call -#define BN_GENCB_set hc_BN_GENCB_set -#define BN_bin2bn hc_BN_bin2bn -#define BN_bn2bin hc_BN_bn2bin -#define BN_bn2hex hc_BN_bn2hex -#define BN_clear hc_BN_clear -#define BN_clear_bit hc_BN_clear_bit -#define BN_clear_free hc_BN_clear_free -#define BN_cmp hc_BN_cmp -#define BN_dup hc_BN_dup -#define BN_free hc_BN_free -#define BN_is_negative hc_BN_is_negative -#define BN_get_word hc_BN_get_word -#define BN_hex2bn hc_BN_hex2bn -#define BN_is_bit_set hc_BN_is_bit_set -#define BN_new hc_BN_new -#define BN_num_bits hc_BN_num_bits -#define BN_num_bytes hc_BN_num_bytes -#define BN_rand hc_BN_rand -#define BN_set_bit hc_BN_set_bit -#define BN_set_negative hc_BN_set_negative -#define BN_set_word hc_BN_set_word -#define BN_uadd hc_BN_uadd - -/* - * - */ - -typedef void BIGNUM; -typedef struct BN_GENCB BN_GENCB; -typedef void BN_CTX; -typedef void BN_MONT_CTX; -typedef void BN_BLINDING; - -struct BN_GENCB { - unsigned int ver; - void *arg; - union { - int (*cb_2)(int, int, BN_GENCB *); - } cb; -}; - -/* - * - */ - -BIGNUM *BN_new(void); -void BN_free(BIGNUM *); -void BN_clear_free(BIGNUM *); -void BN_clear(BIGNUM *); -BIGNUM *BN_dup(const BIGNUM *); - -int BN_num_bits(const BIGNUM *); -int BN_num_bytes(const BIGNUM *); - -int BN_cmp(const BIGNUM *, const BIGNUM *); - -void BN_set_negative(BIGNUM *, int); -int BN_is_negative(BIGNUM *); - -int BN_is_bit_set(const BIGNUM *, int); -int BN_set_bit(BIGNUM *, int); -int BN_clear_bit(BIGNUM *, int); - -int BN_set_word(BIGNUM *, unsigned long); -unsigned long BN_get_word(const BIGNUM *); - -BIGNUM *BN_bin2bn(const void *,int len,BIGNUM *); -int BN_bn2bin(const BIGNUM *, void *); -int BN_hex2bn(BIGNUM **, const char *); -char * BN_bn2hex(const BIGNUM *); - -int BN_uadd(BIGNUM *, const BIGNUM *, const BIGNUM *); - -int BN_rand(BIGNUM *, int, int, int); - -void BN_GENCB_set(BN_GENCB *, int (*)(int, int, BN_GENCB *), void *); -int BN_GENCB_call(BN_GENCB *, int, int); - -#endif diff --git a/source4/heimdal/lib/des/des-tables.h b/source4/heimdal/lib/des/des-tables.h deleted file mode 100644 index 03854ec174..0000000000 --- a/source4/heimdal/lib/des/des-tables.h +++ /dev/null @@ -1,196 +0,0 @@ -/* GENERATE FILE from gen-des.pl, do not edit */ - -/* pc1_c_3 bit pattern 5 13 21 */ -static int pc1_c_3[8] = { - 0x00000000, 0x00000010, 0x00001000, 0x00001010, - 0x00100000, 0x00100010, 0x00101000, 0x00101010 -}; -/* pc1_c_4 bit pattern 1 9 17 25 */ -static int pc1_c_4[16] = { - 0x00000000, 0x00000001, 0x00000100, 0x00000101, - 0x00010000, 0x00010001, 0x00010100, 0x00010101, - 0x01000000, 0x01000001, 0x01000100, 0x01000101, - 0x01010000, 0x01010001, 0x01010100, 0x01010101 -}; -/* pc1_d_3 bit pattern 49 41 33 */ -static int pc1_d_3[8] = { - 0x00000000, 0x01000000, 0x00010000, 0x01010000, - 0x00000100, 0x01000100, 0x00010100, 0x01010100 -}; -/* pc1_d_4 bit pattern 57 53 45 37 */ -static int pc1_d_4[16] = { - 0x00000000, 0x00100000, 0x00001000, 0x00101000, - 0x00000010, 0x00100010, 0x00001010, 0x00101010, - 0x00000001, 0x00100001, 0x00001001, 0x00101001, - 0x00000011, 0x00100011, 0x00001011, 0x00101011 -}; -/* pc2_c_1 bit pattern 5 24 7 16 6 10 */ -static int pc2_c_1[64] = { - 0x00000000, 0x00004000, 0x00040000, 0x00044000, - 0x00000100, 0x00004100, 0x00040100, 0x00044100, - 0x00020000, 0x00024000, 0x00060000, 0x00064000, - 0x00020100, 0x00024100, 0x00060100, 0x00064100, - 0x00000001, 0x00004001, 0x00040001, 0x00044001, - 0x00000101, 0x00004101, 0x00040101, 0x00044101, - 0x00020001, 0x00024001, 0x00060001, 0x00064001, - 0x00020101, 0x00024101, 0x00060101, 0x00064101, - 0x00080000, 0x00084000, 0x000c0000, 0x000c4000, - 0x00080100, 0x00084100, 0x000c0100, 0x000c4100, - 0x000a0000, 0x000a4000, 0x000e0000, 0x000e4000, - 0x000a0100, 0x000a4100, 0x000e0100, 0x000e4100, - 0x00080001, 0x00084001, 0x000c0001, 0x000c4001, - 0x00080101, 0x00084101, 0x000c0101, 0x000c4101, - 0x000a0001, 0x000a4001, 0x000e0001, 0x000e4001, - 0x000a0101, 0x000a4101, 0x000e0101, 0x000e4101 -}; -/* pc2_c_2 bit pattern 20 18 12 3 15 23 */ -static int pc2_c_2[64] = { - 0x00000000, 0x00000002, 0x00000200, 0x00000202, - 0x00200000, 0x00200002, 0x00200200, 0x00200202, - 0x00001000, 0x00001002, 0x00001200, 0x00001202, - 0x00201000, 0x00201002, 0x00201200, 0x00201202, - 0x00000040, 0x00000042, 0x00000240, 0x00000242, - 0x00200040, 0x00200042, 0x00200240, 0x00200242, - 0x00001040, 0x00001042, 0x00001240, 0x00001242, - 0x00201040, 0x00201042, 0x00201240, 0x00201242, - 0x00000010, 0x00000012, 0x00000210, 0x00000212, - 0x00200010, 0x00200012, 0x00200210, 0x00200212, - 0x00001010, 0x00001012, 0x00001210, 0x00001212, - 0x00201010, 0x00201012, 0x00201210, 0x00201212, - 0x00000050, 0x00000052, 0x00000250, 0x00000252, - 0x00200050, 0x00200052, 0x00200250, 0x00200252, - 0x00001050, 0x00001052, 0x00001250, 0x00001252, - 0x00201050, 0x00201052, 0x00201250, 0x00201252 -}; -/* pc2_c_3 bit pattern 1 9 19 2 14 22 */ -static int pc2_c_3[64] = { - 0x00000000, 0x00000004, 0x00000400, 0x00000404, - 0x00400000, 0x00400004, 0x00400400, 0x00400404, - 0x00000020, 0x00000024, 0x00000420, 0x00000424, - 0x00400020, 0x00400024, 0x00400420, 0x00400424, - 0x00008000, 0x00008004, 0x00008400, 0x00008404, - 0x00408000, 0x00408004, 0x00408400, 0x00408404, - 0x00008020, 0x00008024, 0x00008420, 0x00008424, - 0x00408020, 0x00408024, 0x00408420, 0x00408424, - 0x00800000, 0x00800004, 0x00800400, 0x00800404, - 0x00c00000, 0x00c00004, 0x00c00400, 0x00c00404, - 0x00800020, 0x00800024, 0x00800420, 0x00800424, - 0x00c00020, 0x00c00024, 0x00c00420, 0x00c00424, - 0x00808000, 0x00808004, 0x00808400, 0x00808404, - 0x00c08000, 0x00c08004, 0x00c08400, 0x00c08404, - 0x00808020, 0x00808024, 0x00808420, 0x00808424, - 0x00c08020, 0x00c08024, 0x00c08420, 0x00c08424 -}; -/* pc2_c_4 bit pattern 11 13 4 17 21 8 */ -static int pc2_c_4[64] = { - 0x00000000, 0x00010000, 0x00000008, 0x00010008, - 0x00000080, 0x00010080, 0x00000088, 0x00010088, - 0x00100000, 0x00110000, 0x00100008, 0x00110008, - 0x00100080, 0x00110080, 0x00100088, 0x00110088, - 0x00000800, 0x00010800, 0x00000808, 0x00010808, - 0x00000880, 0x00010880, 0x00000888, 0x00010888, - 0x00100800, 0x00110800, 0x00100808, 0x00110808, - 0x00100880, 0x00110880, 0x00100888, 0x00110888, - 0x00002000, 0x00012000, 0x00002008, 0x00012008, - 0x00002080, 0x00012080, 0x00002088, 0x00012088, - 0x00102000, 0x00112000, 0x00102008, 0x00112008, - 0x00102080, 0x00112080, 0x00102088, 0x00112088, - 0x00002800, 0x00012800, 0x00002808, 0x00012808, - 0x00002880, 0x00012880, 0x00002888, 0x00012888, - 0x00102800, 0x00112800, 0x00102808, 0x00112808, - 0x00102880, 0x00112880, 0x00102888, 0x00112888 -}; -/* pc2_d_1 bit pattern 51 35 31 52 39 45 */ -static int pc2_d_1[64] = { - 0x00000000, 0x00000080, 0x00002000, 0x00002080, - 0x00000001, 0x00000081, 0x00002001, 0x00002081, - 0x00200000, 0x00200080, 0x00202000, 0x00202080, - 0x00200001, 0x00200081, 0x00202001, 0x00202081, - 0x00020000, 0x00020080, 0x00022000, 0x00022080, - 0x00020001, 0x00020081, 0x00022001, 0x00022081, - 0x00220000, 0x00220080, 0x00222000, 0x00222080, - 0x00220001, 0x00220081, 0x00222001, 0x00222081, - 0x00000002, 0x00000082, 0x00002002, 0x00002082, - 0x00000003, 0x00000083, 0x00002003, 0x00002083, - 0x00200002, 0x00200082, 0x00202002, 0x00202082, - 0x00200003, 0x00200083, 0x00202003, 0x00202083, - 0x00020002, 0x00020082, 0x00022002, 0x00022082, - 0x00020003, 0x00020083, 0x00022003, 0x00022083, - 0x00220002, 0x00220082, 0x00222002, 0x00222082, - 0x00220003, 0x00220083, 0x00222003, 0x00222083 -}; -/* pc2_d_2 bit pattern 50 32 43 36 29 48 */ -static int pc2_d_2[64] = { - 0x00000000, 0x00000010, 0x00800000, 0x00800010, - 0x00010000, 0x00010010, 0x00810000, 0x00810010, - 0x00000200, 0x00000210, 0x00800200, 0x00800210, - 0x00010200, 0x00010210, 0x00810200, 0x00810210, - 0x00100000, 0x00100010, 0x00900000, 0x00900010, - 0x00110000, 0x00110010, 0x00910000, 0x00910010, - 0x00100200, 0x00100210, 0x00900200, 0x00900210, - 0x00110200, 0x00110210, 0x00910200, 0x00910210, - 0x00000004, 0x00000014, 0x00800004, 0x00800014, - 0x00010004, 0x00010014, 0x00810004, 0x00810014, - 0x00000204, 0x00000214, 0x00800204, 0x00800214, - 0x00010204, 0x00010214, 0x00810204, 0x00810214, - 0x00100004, 0x00100014, 0x00900004, 0x00900014, - 0x00110004, 0x00110014, 0x00910004, 0x00910014, - 0x00100204, 0x00100214, 0x00900204, 0x00900214, - 0x00110204, 0x00110214, 0x00910204, 0x00910214 -}; -/* pc2_d_3 bit pattern 41 38 47 33 40 42 */ -static int pc2_d_3[64] = { - 0x00000000, 0x00000400, 0x00001000, 0x00001400, - 0x00080000, 0x00080400, 0x00081000, 0x00081400, - 0x00000020, 0x00000420, 0x00001020, 0x00001420, - 0x00080020, 0x00080420, 0x00081020, 0x00081420, - 0x00004000, 0x00004400, 0x00005000, 0x00005400, - 0x00084000, 0x00084400, 0x00085000, 0x00085400, - 0x00004020, 0x00004420, 0x00005020, 0x00005420, - 0x00084020, 0x00084420, 0x00085020, 0x00085420, - 0x00000800, 0x00000c00, 0x00001800, 0x00001c00, - 0x00080800, 0x00080c00, 0x00081800, 0x00081c00, - 0x00000820, 0x00000c20, 0x00001820, 0x00001c20, - 0x00080820, 0x00080c20, 0x00081820, 0x00081c20, - 0x00004800, 0x00004c00, 0x00005800, 0x00005c00, - 0x00084800, 0x00084c00, 0x00085800, 0x00085c00, - 0x00004820, 0x00004c20, 0x00005820, 0x00005c20, - 0x00084820, 0x00084c20, 0x00085820, 0x00085c20 -}; -/* pc2_d_4 bit pattern 49 37 30 46 34 44 */ -static int pc2_d_4[64] = { - 0x00000000, 0x00000100, 0x00040000, 0x00040100, - 0x00000040, 0x00000140, 0x00040040, 0x00040140, - 0x00400000, 0x00400100, 0x00440000, 0x00440100, - 0x00400040, 0x00400140, 0x00440040, 0x00440140, - 0x00008000, 0x00008100, 0x00048000, 0x00048100, - 0x00008040, 0x00008140, 0x00048040, 0x00048140, - 0x00408000, 0x00408100, 0x00448000, 0x00448100, - 0x00408040, 0x00408140, 0x00448040, 0x00448140, - 0x00000008, 0x00000108, 0x00040008, 0x00040108, - 0x00000048, 0x00000148, 0x00040048, 0x00040148, - 0x00400008, 0x00400108, 0x00440008, 0x00440108, - 0x00400048, 0x00400148, 0x00440048, 0x00440148, - 0x00008008, 0x00008108, 0x00048008, 0x00048108, - 0x00008048, 0x00008148, 0x00048048, 0x00048148, - 0x00408008, 0x00408108, 0x00448008, 0x00448108, - 0x00408048, 0x00408148, 0x00448048, 0x00448148 -}; -static unsigned char odd_parity[256] = { - 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, - 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, - 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, - 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, - 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, - 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, - 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110, -112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127, -128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143, -145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158, -161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174, -176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191, -193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206, -208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223, -224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239, -241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254, - }; diff --git a/source4/heimdal/lib/des/des.c b/source4/heimdal/lib/des/des.c deleted file mode 100644 index 5b1f5c29f4..0000000000 --- a/source4/heimdal/lib/des/des.c +++ /dev/null @@ -1,967 +0,0 @@ -/* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * The document that got me started for real was "Efficient - * Implementation of the Data Encryption Standard" by Dag Arne Osvik. - * I never got to the PC1 transformation was working, instead I used - * table-lookup was used for all key schedule setup. The document was - * very useful since it de-mystified other implementations for me. - * - * The core DES function (SBOX + P transformation) is from Richard - * Outerbridge public domain DES implementation. My sanity is saved - * thanks to his work. Thank you Richard. - */ - -#ifdef HAVE_CONFIG_H -#include -RCSID("$Id: des.c,v 1.18 2006/04/24 14:26:19 lha Exp $"); -#endif - -#include -#include -#include -#include -#include - -#include "des.h" -#include "ui.h" - -static void desx(uint32_t [2], DES_key_schedule *, int); -static void IP(uint32_t [2]); -static void FP(uint32_t [2]); - -#include "des-tables.h" - -#define ROTATE_LEFT28(x,one) \ - if (one) { \ - x = ( ((x)<<(1)) & 0xffffffe) | ((x) >> 27); \ - } else { \ - x = ( ((x)<<(2)) & 0xffffffc) | ((x) >> 26); \ - } - -/* - * - */ - -int -DES_set_odd_parity(DES_cblock *key) -{ - int i; - for (i = 0; i < DES_CBLOCK_LEN; i++) - (*key)[i] = odd_parity[(*key)[i]]; - return 0; -} - -/* - * - */ - -/* FIPS 74 */ -static DES_cblock weak_keys[] = { - {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, /* weak keys */ - {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE}, - {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E}, - {0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1}, - {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE}, /* semi-weak keys */ - {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01}, - {0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1}, - {0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E}, - {0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1}, - {0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01}, - {0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE}, - {0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E}, - {0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E}, - {0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01}, - {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE}, - {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1} -}; - -int -DES_is_weak_key(DES_cblock *key) -{ - int i; - - for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) { - if (memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0) - return 1; - } - return 0; -} - - -/* - * - */ - -int -DES_set_key(DES_cblock *key, DES_key_schedule *ks) -{ - uint32_t t1, t2; - uint32_t c, d; - int shifts[16] = { 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1 }; - uint32_t *k = &ks->ks[0]; - int i; - - t1 = (*key)[0] << 24 | (*key)[1] << 16 | (*key)[2] << 8 | (*key)[3]; - t2 = (*key)[4] << 24 | (*key)[5] << 16 | (*key)[6] << 8 | (*key)[7]; - - c = (pc1_c_3[(t1 >> (5 )) & 0x7] << 3) - | (pc1_c_3[(t1 >> (5 + 8 )) & 0x7] << 2) - | (pc1_c_3[(t1 >> (5 + 8 + 8 )) & 0x7] << 1) - | (pc1_c_3[(t1 >> (5 + 8 + 8 + 8)) & 0x7] << 0) - | (pc1_c_4[(t2 >> (4 )) & 0xf] << 3) - | (pc1_c_4[(t2 >> (4 + 8 )) & 0xf] << 2) - | (pc1_c_4[(t2 >> (4 + 8 + 8 )) & 0xf] << 1) - | (pc1_c_4[(t2 >> (4 + 8 + 8 + 8)) & 0xf] << 0); - - - d = (pc1_d_3[(t2 >> (1 )) & 0x7] << 3) - | (pc1_d_3[(t2 >> (1 + 8 )) & 0x7] << 2) - | (pc1_d_3[(t2 >> (1 + 8 + 8 )) & 0x7] << 1) - | (pc1_d_3[(t2 >> (1 + 8 + 8 + 8)) & 0x7] << 0) - | (pc1_d_4[(t1 >> (1 )) & 0xf] << 3) - | (pc1_d_4[(t1 >> (1 + 8 )) & 0xf] << 2) - | (pc1_d_4[(t1 >> (1 + 8 + 8 )) & 0xf] << 1) - | (pc1_d_4[(t1 >> (1 + 8 + 8 + 8)) & 0xf] << 0); - - for (i = 0; i < 16; i++) { - uint32_t kc, kd; - - ROTATE_LEFT28(c, shifts[i]); - ROTATE_LEFT28(d, shifts[i]); - - kc = pc2_c_1[(c >> 22) & 0x3f] | - pc2_c_2[((c >> 16) & 0x30) | ((c >> 15) & 0xf)] | - pc2_c_3[((c >> 9 ) & 0x3c) | ((c >> 8 ) & 0x3)] | - pc2_c_4[((c >> 2 ) & 0x20) | ((c >> 1) & 0x18) | (c & 0x7)]; - kd = pc2_d_1[(d >> 22) & 0x3f] | - pc2_d_2[((d >> 15) & 0x30) | ((d >> 14) & 0xf)] | - pc2_d_3[ (d >> 7 ) & 0x3f] | - pc2_d_4[((d >> 1 ) & 0x3c) | ((d ) & 0x3)]; - - /* Change to byte order used by the S boxes */ - *k = (kc & 0x00fc0000L) << 6; - *k |= (kc & 0x00000fc0L) << 10; - *k |= (kd & 0x00fc0000L) >> 10; - *k++ |= (kd & 0x00000fc0L) >> 6; - *k = (kc & 0x0003f000L) << 12; - *k |= (kc & 0x0000003fL) << 16; - *k |= (kd & 0x0003f000L) >> 4; - *k++ |= (kd & 0x0000003fL); - } - - return 0; -} - -/* - * - */ - -int -DES_set_key_checked(DES_cblock *key, DES_key_schedule *ks) -{ - if (DES_is_weak_key(key)) { - memset(ks, 0, sizeof(*ks)); - return 1; - } - return DES_set_key(key, ks); -} - -/* - * Compatibility function for eay libdes - */ - -int -DES_key_sched(DES_cblock *key, DES_key_schedule *ks) -{ - return DES_set_key(key, ks); -} - -/* - * - */ - -static void -load(const unsigned char *b, uint32_t v[2]) -{ - v[0] = b[0] << 24; - v[0] |= b[1] << 16; - v[0] |= b[2] << 8; - v[0] |= b[3] << 0; - v[1] = b[4] << 24; - v[1] |= b[5] << 16; - v[1] |= b[6] << 8; - v[1] |= b[7] << 0; -} - -static void -store(const uint32_t v[2], unsigned char *b) -{ - b[0] = (v[0] >> 24) & 0xff; - b[1] = (v[0] >> 16) & 0xff; - b[2] = (v[0] >> 8) & 0xff; - b[3] = (v[0] >> 0) & 0xff; - b[4] = (v[1] >> 24) & 0xff; - b[5] = (v[1] >> 16) & 0xff; - b[6] = (v[1] >> 8) & 0xff; - b[7] = (v[1] >> 0) & 0xff; -} - -/* - * - */ - -void -DES_encrypt(uint32_t u[2], DES_key_schedule *ks, int forward_encrypt) -{ - IP(u); - desx(u, ks, forward_encrypt); - FP(u); -} - -/* - * - */ - -void -DES_ecb_encrypt(DES_cblock *input, DES_cblock *output, - DES_key_schedule *ks, int forward_encrypt) -{ - uint32_t u[2]; - load(*input, u); - DES_encrypt(u, ks, forward_encrypt); - store(u, *output); -} - -/* - * - */ - -void -DES_cbc_encrypt(const void *in, void *out, long length, - DES_key_schedule *ks, DES_cblock *iv, int forward_encrypt) -{ - const unsigned char *input = in; - unsigned char *output = out; - uint32_t u[2]; - uint32_t uiv[2]; - - load(*iv, uiv); - - if (forward_encrypt) { - while (length >= DES_CBLOCK_LEN) { - load(input, u); - u[0] ^= uiv[0]; u[1] ^= uiv[1]; - DES_encrypt(u, ks, 1); - uiv[0] = u[0]; uiv[1] = u[1]; - store(u, output); - - length -= DES_CBLOCK_LEN; - input += DES_CBLOCK_LEN; - output += DES_CBLOCK_LEN; - } - if (length) { - unsigned char tmp[DES_CBLOCK_LEN]; - memcpy(tmp, input, length); - memset(tmp + length, 0, DES_CBLOCK_LEN - length); - load(tmp, u); - u[0] ^= uiv[0]; u[1] ^= uiv[1]; - DES_encrypt(u, ks, 1); - store(u, output); - } - } else { - uint32_t t[2]; - while (length >= DES_CBLOCK_LEN) { - load(input, u); - t[0] = u[0]; t[1] = u[1]; - DES_encrypt(u, ks, 0); - u[0] ^= uiv[0]; u[1] ^= uiv[1]; - store(u, output); - uiv[0] = t[0]; uiv[1] = t[1]; - - length -= DES_CBLOCK_LEN; - input += DES_CBLOCK_LEN; - output += DES_CBLOCK_LEN; - } - if (length) { - unsigned char tmp[DES_CBLOCK_LEN]; - memcpy(tmp, input, length); - memset(tmp + length, 0, DES_CBLOCK_LEN - length); - load(tmp, u); - DES_encrypt(u, ks, 0); - u[0] ^= uiv[0]; u[1] ^= uiv[1]; - store(u, output); - } - } - uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0; -} - -/* - * - */ - -void -DES_pcbc_encrypt(const void *in, void *out, long length, - DES_key_schedule *ks, DES_cblock *iv, int forward_encrypt) -{ - const unsigned char *input = in; - unsigned char *output = out; - uint32_t u[2]; - uint32_t uiv[2]; - - load(*iv, uiv); - - if (forward_encrypt) { - uint32_t t[2]; - while (length >= DES_CBLOCK_LEN) { - load(input, u); - t[0] = u[0]; t[1] = u[1]; - u[0] ^= uiv[0]; u[1] ^= uiv[1]; - DES_encrypt(u, ks, 1); - uiv[0] = u[0] ^ t[0]; uiv[1] = u[1] ^ t[1]; - store(u, output); - - length -= DES_CBLOCK_LEN; - input += DES_CBLOCK_LEN; - output += DES_CBLOCK_LEN; - } - if (length) { - unsigned char tmp[DES_CBLOCK_LEN]; - memcpy(tmp, input, length); - memset(tmp + length, 0, DES_CBLOCK_LEN - length); - load(tmp, u); - u[0] ^= uiv[0]; u[1] ^= uiv[1]; - DES_encrypt(u, ks, 1); - store(u, output); - } - } else { - uint32_t t[2]; - while (length >= DES_CBLOCK_LEN) { - load(input, u); - t[0] = u[0]; t[1] = u[1]; - DES_encrypt(u, ks, 0); - u[0] ^= uiv[0]; u[1] ^= uiv[1]; - store(u, output); - uiv[0] = t[0] ^ u[0]; uiv[1] = t[1] ^ u[1]; - - length -= DES_CBLOCK_LEN; - input += DES_CBLOCK_LEN; - output += DES_CBLOCK_LEN; - } - if (length) { - unsigned char tmp[DES_CBLOCK_LEN]; - memcpy(tmp, input, length); - memset(tmp + length, 0, DES_CBLOCK_LEN - length); - load(tmp, u); - DES_encrypt(u, ks, 0); - u[0] ^= uiv[0]; u[1] ^= uiv[1]; - } - } - uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0; -} - -/* - * - */ - -static void -_des3_encrypt(uint32_t u[2], DES_key_schedule *ks1, DES_key_schedule *ks2, - DES_key_schedule *ks3, int forward_encrypt) -{ - IP(u); - if (forward_encrypt) { - desx(u, ks1, 1); /* IP + FP cancel out each other */ - desx(u, ks2, 0); - desx(u, ks3, 1); - } else { - desx(u, ks3, 0); - desx(u, ks2, 1); - desx(u, ks1, 0); - } - FP(u); -} - -/* - * - */ - -void -DES_ecb3_encrypt(DES_cblock *input, - DES_cblock *output, - DES_key_schedule *ks1, - DES_key_schedule *ks2, - DES_key_schedule *ks3, - int forward_encrypt) -{ - uint32_t u[2]; - load(*input, u); - _des3_encrypt(u, ks1, ks2, ks3, forward_encrypt); - store(u, *output); - return; -} - -/* - * - */ - -void -DES_ede3_cbc_encrypt(const void *in, void *out, - long length, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3, - DES_cblock *iv, int forward_encrypt) -{ - const unsigned char *input = in; - unsigned char *output = out; - uint32_t u[2]; - uint32_t uiv[2]; - - load(*iv, uiv); - - if (forward_encrypt) { - while (length >= DES_CBLOCK_LEN) { - load(input, u); - u[0] ^= uiv[0]; u[1] ^= uiv[1]; - _des3_encrypt(u, ks1, ks2, ks3, 1); - uiv[0] = u[0]; uiv[1] = u[1]; - store(u, output); - - length -= DES_CBLOCK_LEN; - input += DES_CBLOCK_LEN; - output += DES_CBLOCK_LEN; - } - if (length) { - unsigned char tmp[DES_CBLOCK_LEN]; - memcpy(tmp, input, length); - memset(tmp + length, 0, DES_CBLOCK_LEN - length); - load(tmp, u); - u[0] ^= uiv[0]; u[1] ^= uiv[1]; - _des3_encrypt(u, ks1, ks2, ks3, 1); - store(u, output); - } - } else { - uint32_t t[2]; - while (length >= DES_CBLOCK_LEN) { - load(input, u); - t[0] = u[0]; t[1] = u[1]; - _des3_encrypt(u, ks1, ks2, ks3, 0); - u[0] ^= uiv[0]; u[1] ^= uiv[1]; - store(u, output); - uiv[0] = t[0]; uiv[1] = t[1]; - - length -= DES_CBLOCK_LEN; - input += DES_CBLOCK_LEN; - output += DES_CBLOCK_LEN; - } - if (length) { - unsigned char tmp[DES_CBLOCK_LEN]; - memcpy(tmp, input, length); - memset(tmp + length, 0, DES_CBLOCK_LEN - length); - load(tmp, u); - _des3_encrypt(u, ks1, ks2, ks3, 0); - u[0] ^= uiv[0]; u[1] ^= uiv[1]; - store(u, output); - } - } - store(uiv, *iv); - uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0; -} - -/* - * - */ - -void -DES_cfb64_encrypt(const void *in, void *out, - long length, DES_key_schedule *ks, DES_cblock *iv, - int *num, int forward_encrypt) -{ - const unsigned char *input = in; - unsigned char *output = out; - unsigned char tmp[DES_CBLOCK_LEN]; - uint32_t uiv[2]; - - load(*iv, uiv); - - assert(*num >= 0 && *num < DES_CBLOCK_LEN); - - if (forward_encrypt) { - int i = *num; - - while (length > 0) { - if (i == 0) - DES_encrypt(uiv, ks, 1); - store(uiv, tmp); - for (; i < DES_CBLOCK_LEN && i < length; i++) { - output[i] = tmp[i] ^ input[i]; - } - if (i == DES_CBLOCK_LEN) - load(output, uiv); - output += i; - input += i; - length -= i; - if (i == DES_CBLOCK_LEN) - i = 0; - } - store(uiv, *iv); - *num = i; - } else { - int i = *num; - unsigned char c; - - while (length > 0) { - if (i == 0) { - DES_encrypt(uiv, ks, 1); - store(uiv, tmp); - } - for (; i < DES_CBLOCK_LEN && i < length; i++) { - c = input[i]; - output[i] = tmp[i] ^ input[i]; - (*iv)[i] = c; - } - output += i; - input += i; - length -= i; - if (i == DES_CBLOCK_LEN) { - i = 0; - load(*iv, uiv); - } - } - store(uiv, *iv); - *num = i; - } -} - -/* - * - */ - -uint32_t -DES_cbc_cksum(const void *in, DES_cblock *output, - long length, DES_key_schedule *ks, DES_cblock *iv) -{ - const unsigned char *input = in; - uint32_t uiv[2]; - uint32_t u[2] = { 0, 0 }; - - load(*iv, uiv); - - while (length >= DES_CBLOCK_LEN) { - load(input, u); - u[0] ^= uiv[0]; u[1] ^= uiv[1]; - DES_encrypt(u, ks, 1); - uiv[0] = u[0]; uiv[1] = u[1]; - - length -= DES_CBLOCK_LEN; - input += DES_CBLOCK_LEN; - } - if (length) { - unsigned char tmp[DES_CBLOCK_LEN]; - memcpy(tmp, input, length); - memset(tmp + length, 0, DES_CBLOCK_LEN - length); - load(tmp, u); - u[0] ^= uiv[0]; u[1] ^= uiv[1]; - DES_encrypt(u, ks, 1); - } - if (output) - store(u, *output); - - uiv[0] = 0; u[0] = 0; uiv[1] = 0; - return u[1]; -} - -/* - * - */ - -static unsigned char -bitswap8(unsigned char b) -{ - unsigned char r = 0; - int i; - for (i = 0; i < 8; i++) { - r = r << 1 | (b & 1); - b = b >> 1; - } - return r; -} - -void -DES_string_to_key(const char *str, DES_cblock *key) -{ - const unsigned char *s; - unsigned char *k; - DES_key_schedule ks; - size_t i, len; - - memset(key, 0, sizeof(*key)); - k = *key; - s = (const unsigned char *)str; - - len = strlen(str); - for (i = 0; i < len; i++) { - if ((i % 16) < 8) - k[i % 8] ^= s[i] << 1; - else - k[7 - (i % 8)] ^= bitswap8(s[i]); - } - DES_set_odd_parity(key); - if (DES_is_weak_key(key)) - k[7] ^= 0xF0; - DES_set_key(key, &ks); - DES_cbc_cksum(s, key, len, &ks, key); - memset(&ks, 0, sizeof(ks)); - DES_set_odd_parity(key); - if (DES_is_weak_key(key)) - k[7] ^= 0xF0; -} - -/* - * - */ - -int -DES_read_password(DES_cblock *key, char *prompt, int verify) -{ - char buf[512]; - int ret; - - ret = UI_UTIL_read_pw_string(buf, sizeof(buf) - 1, prompt, verify); - if (ret == 0) - DES_string_to_key(buf, key); - return ret; -} - -/* - * - */ - - -void -_DES_ipfp_test(void) -{ - DES_cblock k = "\x01\x02\x04\x08\x10\x20\x40\x80", k2; - uint32_t u[2] = { 1, 0 }; - IP(u); - FP(u); - IP(u); - FP(u); - if (u[0] != 1 || u[1] != 0) - abort(); - - load(k, u); - store(u, k2); - if (memcmp(k, k2, 8) != 0) - abort(); -} - -/* D3DES (V5.09) - - * - * A portable, public domain, version of the Data Encryption Standard. - * - * Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge. - * Thanks to: Dan Hoey for his excellent Initial and Inverse permutation - * code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis - * Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau, - * for humouring me on. - * - * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge. - * (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992. - */ - -static uint32_t SP1[64] = { - 0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, - 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, - 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, - 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, - 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, - 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, - 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, - 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L, - 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, - 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, - 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, - 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, - 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, - 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, - 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, - 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L }; - -static uint32_t SP2[64] = { - 0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, - 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, - 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, - 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, - 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, - 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, - 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, - 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L, - 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, - 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, - 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, - 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, - 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, - 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, - 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, - 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L }; - -static uint32_t SP3[64] = { - 0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, - 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, - 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, - 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, - 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, - 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, - 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, - 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L, - 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, - 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, - 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, - 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, - 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, - 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, - 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, - 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L }; - -static uint32_t SP4[64] = { - 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, - 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, - 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, - 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, - 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, - 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, - 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, - 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L, - 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, - 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, - 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, - 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, - 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, - 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, - 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, - 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L }; - -static uint32_t SP5[64] = { - 0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, - 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, - 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, - 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, - 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, - 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, - 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, - 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L, - 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, - 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, - 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, - 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, - 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, - 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, - 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, - 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L }; - -static uint32_t SP6[64] = { - 0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, - 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, - 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, - 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, - 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, - 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, - 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, - 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L, - 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, - 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, - 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, - 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, - 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, - 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, - 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, - 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L }; - -static uint32_t SP7[64] = { - 0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, - 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, - 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, - 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, - 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, - 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, - 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, - 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L, - 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, - 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, - 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, - 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, - 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, - 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, - 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, - 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L }; - -static uint32_t SP8[64] = { - 0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, - 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, - 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, - 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, - 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, - 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, - 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, - 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L, - 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, - 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, - 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, - 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, - 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, - 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, - 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, - 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L }; - -static void -IP(uint32_t v[2]) -{ - uint32_t work; - - work = ((v[0] >> 4) ^ v[1]) & 0x0f0f0f0fL; - v[1] ^= work; - v[0] ^= (work << 4); - work = ((v[0] >> 16) ^ v[1]) & 0x0000ffffL; - v[1] ^= work; - v[0] ^= (work << 16); - work = ((v[1] >> 2) ^ v[0]) & 0x33333333L; - v[0] ^= work; - v[1] ^= (work << 2); - work = ((v[1] >> 8) ^ v[0]) & 0x00ff00ffL; - v[0] ^= work; - v[1] ^= (work << 8); - v[1] = ((v[1] << 1) | ((v[1] >> 31) & 1L)) & 0xffffffffL; - work = (v[0] ^ v[1]) & 0xaaaaaaaaL; - v[0] ^= work; - v[1] ^= work; - v[0] = ((v[0] << 1) | ((v[0] >> 31) & 1L)) & 0xffffffffL; -} - -static void -FP(uint32_t v[2]) -{ - uint32_t work; - - v[0] = (v[0] << 31) | (v[0] >> 1); - work = (v[1] ^ v[0]) & 0xaaaaaaaaL; - v[1] ^= work; - v[0] ^= work; - v[1] = (v[1] << 31) | (v[1] >> 1); - work = ((v[1] >> 8) ^ v[0]) & 0x00ff00ffL; - v[0] ^= work; - v[1] ^= (work << 8); - work = ((v[1] >> 2) ^ v[0]) & 0x33333333L; - v[0] ^= work; - v[1] ^= (work << 2); - work = ((v[0] >> 16) ^ v[1]) & 0x0000ffffL; - v[1] ^= work; - v[0] ^= (work << 16); - work = ((v[0] >> 4) ^ v[1]) & 0x0f0f0f0fL; - v[1] ^= work; - v[0] ^= (work << 4); -} - -static void -desx(uint32_t block[2], DES_key_schedule *ks, int forward_encrypt) -{ - uint32_t *keys; - uint32_t fval, work, right, left; - int round; - - left = block[0]; - right = block[1]; - - if (forward_encrypt) { - keys = &ks->ks[0]; - - for( round = 0; round < 8; round++ ) { - work = (right << 28) | (right >> 4); - work ^= *keys++; - fval = SP7[ work & 0x3fL]; - fval |= SP5[(work >> 8) & 0x3fL]; - fval |= SP3[(work >> 16) & 0x3fL]; - fval |= SP1[(work >> 24) & 0x3fL]; - work = right ^ *keys++; - fval |= SP8[ work & 0x3fL]; - fval |= SP6[(work >> 8) & 0x3fL]; - fval |= SP4[(work >> 16) & 0x3fL]; - fval |= SP2[(work >> 24) & 0x3fL]; - left ^= fval; - work = (left << 28) | (left >> 4); - work ^= *keys++; - fval = SP7[ work & 0x3fL]; - fval |= SP5[(work >> 8) & 0x3fL]; - fval |= SP3[(work >> 16) & 0x3fL]; - fval |= SP1[(work >> 24) & 0x3fL]; - work = left ^ *keys++; - fval |= SP8[ work & 0x3fL]; - fval |= SP6[(work >> 8) & 0x3fL]; - fval |= SP4[(work >> 16) & 0x3fL]; - fval |= SP2[(work >> 24) & 0x3fL]; - right ^= fval; - } - } else { - keys = &ks->ks[30]; - - for( round = 0; round < 8; round++ ) { - work = (right << 28) | (right >> 4); - work ^= *keys++; - fval = SP7[ work & 0x3fL]; - fval |= SP5[(work >> 8) & 0x3fL]; - fval |= SP3[(work >> 16) & 0x3fL]; - fval |= SP1[(work >> 24) & 0x3fL]; - work = right ^ *keys++; - fval |= SP8[ work & 0x3fL]; - fval |= SP6[(work >> 8) & 0x3fL]; - fval |= SP4[(work >> 16) & 0x3fL]; - fval |= SP2[(work >> 24) & 0x3fL]; - left ^= fval; - work = (left << 28) | (left >> 4); - keys -= 4; - work ^= *keys++; - fval = SP7[ work & 0x3fL]; - fval |= SP5[(work >> 8) & 0x3fL]; - fval |= SP3[(work >> 16) & 0x3fL]; - fval |= SP1[(work >> 24) & 0x3fL]; - work = left ^ *keys++; - fval |= SP8[ work & 0x3fL]; - fval |= SP6[(work >> 8) & 0x3fL]; - fval |= SP4[(work >> 16) & 0x3fL]; - fval |= SP2[(work >> 24) & 0x3fL]; - right ^= fval; - keys -= 4; - } - } - block[0] = right; - block[1] = left; -} diff --git a/source4/heimdal/lib/des/des.h b/source4/heimdal/lib/des/des.h deleted file mode 100644 index 890fab462d..0000000000 --- a/source4/heimdal/lib/des/des.h +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: des.h,v 1.25 2006/01/08 21:47:28 lha Exp $ */ - -#ifndef _DESperate_H -#define _DESperate_H 1 - -/* symbol renaming */ -#define DES_set_odd_parity hc_DES_set_odd_parity -#define DES_is_weak_key hc_DES_is_weak_key -#define DES_key_sched hc_DES_key_sched -#define DES_set_key hc_DES_set_key -#define DES_set_key_checked hc_DES_set_key_checked -#define DES_set_key_sched hc_DES_set_key_sched -#define DES_new_random_key hc_DES_new_random_key -#define DES_string_to_key hc_DES_string_to_key -#define DES_read_password hc_DES_read_password -#define DES_rand_data hc_DES_rand_data -#define DES_set_random_generator_seed hc_DES_set_random_generator_seed -#define DES_generate_random_block hc_DES_generate_random_block -#define DES_set_sequence_number hc_DES_set_sequence_number -#define DES_init_random_number_generator hc_DES_init_random_number_generator -#define DES_random_key hc_DES_random_key -#define DES_encrypt hc_DES_encrypt -#define DES_ecb_encrypt hc_DES_ecb_encrypt -#define DES_ecb3_encrypt hc_DES_ecb3_encrypt -#define DES_pcbc_encrypt hc_DES_pcbc_encrypt -#define DES_cbc_encrypt hc_DES_cbc_encrypt -#define DES_cbc_cksum hc_DES_cbc_cksum -#define DES_ede3_cbc_encrypt hc_DES_ede3_cbc_encrypt -#define DES_cfb64_encrypt hc_DES_cfb64_encrypt -#define _DES_ipfp_test _hc_DES_ipfp_test - -/* - * - */ - -#define DES_CBLOCK_LEN 8 -#define DES_KEY_SZ 8 - -#define DES_ENCRYPT 1 -#define DES_DECRYPT 0 - -typedef unsigned char DES_cblock[DES_CBLOCK_LEN]; -typedef struct DES_key_schedule -{ - uint32_t ks[32]; -} DES_key_schedule; - -/* - * - */ - -int DES_set_odd_parity(DES_cblock *); -int DES_is_weak_key(DES_cblock *); -int DES_set_key(DES_cblock *, DES_key_schedule *); -int DES_set_key_checked(DES_cblock *, DES_key_schedule *); -int DES_key_sched(DES_cblock *, DES_key_schedule *); -int DES_new_random_key(DES_cblock *); -void DES_string_to_key(const char *, DES_cblock *); -int DES_read_password(DES_cblock *, char *, int); - -void DES_rand_data(void *, int); -void DES_set_random_generator_seed(DES_cblock *); -void DES_generate_random_block(DES_cblock *); -void DES_set_sequence_number(void *); -void DES_init_random_number_generator(DES_cblock *); -void DES_random_key(DES_cblock *); - - -void DES_encrypt(uint32_t [2], DES_key_schedule *, int); -void DES_ecb_encrypt(DES_cblock *, DES_cblock *, DES_key_schedule *, int); -void DES_ecb3_encrypt(DES_cblock *,DES_cblock *, DES_key_schedule *, - DES_key_schedule *, DES_key_schedule *, int); -void DES_pcbc_encrypt(const void *, void *, long, - DES_key_schedule *, DES_cblock *, int); -void DES_cbc_encrypt(const void *, void *, long, - DES_key_schedule *, DES_cblock *, int); -void DES_ede3_cbc_encrypt(const void *, void *, long, - DES_key_schedule *, DES_key_schedule *, - DES_key_schedule *, DES_cblock *, int); -void DES_cfb64_encrypt(const void *, void *, long, - DES_key_schedule *, DES_cblock *, int *, int); - - -uint32_t DES_cbc_cksum(const void *, DES_cblock *, - long, DES_key_schedule *, DES_cblock *); - - -void _DES_ipfp_test(void); - - -#endif /* _DESperate_H */ diff --git a/source4/heimdal/lib/des/dh-imath.c b/source4/heimdal/lib/des/dh-imath.c deleted file mode 100644 index ebf02c72be..0000000000 --- a/source4/heimdal/lib/des/dh-imath.c +++ /dev/null @@ -1,243 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include -#include - -#include - -#include "imath/imath.h" - -RCSID("$Id: dh-imath.c,v 1.6 2006/10/20 06:56:57 lha Exp $"); - -static void -BN2mpz(mpz_t *s, const BIGNUM *bn) -{ - size_t len; - void *p; - - len = BN_num_bytes(bn); - p = malloc(len); - BN_bn2bin(bn, p); - mp_int_read_unsigned(s, p, len); - free(p); -} - - -static BIGNUM * -mpz2BN(mpz_t *s) -{ - size_t size; - BIGNUM *bn; - void *p; - - size = mp_int_unsigned_len(s); - p = malloc(size); - if (p == NULL && size != 0) - return NULL; - mp_int_to_unsigned(s, p, size); - - bn = BN_bin2bn(p, size, NULL); - free(p); - return bn; -} - -/* - * - */ - -#define DH_NUM_TRIES 10 - -static int -dh_generate_key(DH *dh) -{ - mpz_t pub, priv_key, g, p; - int have_private_key = (dh->priv_key != NULL); - int codes, times = 0; - mp_result res; - - if (dh->p == NULL || dh->g == NULL) - return 0; - - while (times++ < DH_NUM_TRIES) { - if (!have_private_key) { - size_t bits = BN_num_bits(dh->p); - - if (dh->priv_key) - BN_free(dh->priv_key); - - dh->priv_key = BN_new(); - if (dh->priv_key == NULL) - return 0; - if (!BN_rand(dh->priv_key, bits - 1, 0, 0)) { - BN_clear_free(dh->priv_key); - dh->priv_key = NULL; - return 0; - } - } - if (dh->pub_key) - BN_free(dh->pub_key); - - mp_int_init(&pub); - mp_int_init(&priv_key); - mp_int_init(&g); - mp_int_init(&p); - - BN2mpz(&priv_key, dh->priv_key); - BN2mpz(&g, dh->g); - BN2mpz(&p, dh->p); - - res = mp_int_exptmod(&g, &priv_key, &p, &pub); - - mp_int_clear(&priv_key); - mp_int_clear(&g); - mp_int_clear(&p); - if (res != MP_OK) - continue; - - dh->pub_key = mpz2BN(&pub); - mp_int_clear(&pub); - if (dh->pub_key == NULL) - return 0; - - if (DH_check_pubkey(dh, dh->pub_key, &codes) && codes == 0) - break; - if (have_private_key) - return 0; - } - - if (times >= DH_NUM_TRIES) { - if (!have_private_key && dh->priv_key) { - BN_free(dh->priv_key); - dh->priv_key = NULL; - } - if (dh->pub_key) { - BN_free(dh->pub_key); - dh->pub_key = NULL; - } - return 0; - } - - return 1; -} - -static int -dh_compute_key(unsigned char *shared, const BIGNUM * pub, DH *dh) -{ - mpz_t s, priv_key, p, peer_pub; - size_t size = 0; - mp_result res; - - if (dh->pub_key == NULL || dh->g == NULL || dh->priv_key == NULL) - return -1; - - mp_int_init(&p); - BN2mpz(&p, dh->p); - - mp_int_init(&peer_pub); - BN2mpz(&peer_pub, pub); - - /* check if peers pubkey is reasonable */ - if (MP_SIGN(&peer_pub) == MP_NEG - || mp_int_compare(&peer_pub, &p) >= 0 - || mp_int_compare_value(&peer_pub, 1) <= 0) - { - mp_int_clear(&p); - mp_int_clear(&peer_pub); - return -1; - } - - mp_int_init(&priv_key); - BN2mpz(&priv_key, dh->priv_key); - - mp_int_init(&s); - - mp_int_exptmod(&peer_pub, &priv_key, &p, &s); - - mp_int_clear(&p); - mp_int_clear(&peer_pub); - mp_int_clear(&priv_key); - - size = mp_int_unsigned_len(&s); - res = mp_int_to_unsigned(&s, shared, size); - mp_int_clear(&s); - - return (res == MP_OK) ? size : -1; -} - -static int -dh_generate_params(DH *dh, int a, int b, BN_GENCB *callback) -{ - /* groups should already be known, we don't care about this */ - return 0; -} - -static int -dh_init(DH *dh) -{ - return 1; -} - -static int -dh_finish(DH *dh) -{ - return 1; -} - - -/* - * - */ - -const DH_METHOD hc_dh_imath_method = { - "hcrypto imath DH", - dh_generate_key, - dh_compute_key, - NULL, - dh_init, - dh_finish, - 0, - NULL, - dh_generate_params -}; - -const DH_METHOD * -DH_imath_method(void) -{ - return &hc_dh_imath_method; -} diff --git a/source4/heimdal/lib/des/dh.c b/source4/heimdal/lib/des/dh.c deleted file mode 100644 index 66d611f6d4..0000000000 --- a/source4/heimdal/lib/des/dh.c +++ /dev/null @@ -1,294 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -RCSID("$Id: dh.c,v 1.10 2006/10/19 17:31:51 lha Exp $"); - -#include -#include -#include - -#include - -/* - * - */ - -DH * -DH_new(void) -{ - return DH_new_method(NULL); -} - -DH * -DH_new_method(ENGINE *engine) -{ - DH *dh; - - dh = calloc(1, sizeof(*dh)); - if (dh == NULL) - return NULL; - - dh->references = 1; - - if (engine) { - ENGINE_up_ref(engine); - dh->engine = engine; - } else { - dh->engine = ENGINE_get_default_DH(); - } - - if (dh->engine) { - dh->meth = ENGINE_get_DH(dh->engine); - if (dh->meth == NULL) { - ENGINE_finish(engine); - free(dh); - return 0; - } - } - - if (dh->meth == NULL) - dh->meth = DH_get_default_method(); - - (*dh->meth->init)(dh); - - return dh; -} - -void -DH_free(DH *dh) -{ - if (dh->references <= 0) - abort(); - - if (--dh->references > 0) - return; - - (*dh->meth->finish)(dh); - - if (dh->engine) - ENGINE_finish(dh->engine); - -#define free_if(f) if (f) { BN_free(f); } - free_if(dh->p); - free_if(dh->g); - free_if(dh->pub_key); - free_if(dh->priv_key); - free_if(dh->q); - free_if(dh->j); - free_if(dh->counter); -#undef free_if - - memset(dh, 0, sizeof(*dh)); - free(dh); -} - -int -DH_up_ref(DH *dh) -{ - return ++dh->references; -} - -int -DH_size(const DH *dh) -{ - return BN_num_bytes(dh->p); -} - -int -DH_set_ex_data(DH *dh, int idx, void *data) -{ - dh->ex_data.sk = data; - return 1; -} - -void * -DH_get_ex_data(DH *dh, int idx) -{ - return dh->ex_data.sk; -} - -int -DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb) -{ - if (dh->meth->generate_params) - return dh->meth->generate_params(dh, prime_len, generator, cb); - return 0; -} - -/* - * Check that - * - * pub_key > 1 and pub_key < p - 1 - * - * to avoid small subgroups attack. - */ - -int -DH_check_pubkey(const DH *dh, const BIGNUM *pub_key, int *codes) -{ - BIGNUM *bn = NULL, *sum = NULL; - int ret = 0; - - *codes = 0; - - bn = BN_new(); - if (bn == NULL) - goto out; - - if (!BN_set_word(bn, 1)) - goto out; - - if (BN_cmp(bn, pub_key) >= 0) - *codes |= DH_CHECK_PUBKEY_TOO_SMALL; - - sum = BN_new(); - if (sum == NULL) - goto out; - - BN_uadd(sum, pub_key, bn); - - if (BN_cmp(sum, dh->p) >= 0) - *codes |= DH_CHECK_PUBKEY_TOO_LARGE; - - ret = 1; -out: - if (bn) - BN_free(bn); - if (sum) - BN_free(sum); - - return ret; -} - -int -DH_generate_key(DH *dh) -{ - return dh->meth->generate_key(dh); -} - -int -DH_compute_key(unsigned char *shared_key, - const BIGNUM *peer_pub_key, DH *dh) -{ - int codes; - - if (!DH_check_pubkey(dh, peer_pub_key, &codes) || codes != 0) - return -1; - - return dh->meth->compute_key(shared_key, peer_pub_key, dh); -} - -int -DH_set_method(DH *dh, const DH_METHOD *method) -{ - (*dh->meth->finish)(dh); - if (dh->engine) { - ENGINE_finish(dh->engine); - dh->engine = NULL; - } - dh->meth = method; - (*dh->meth->init)(dh); - return 1; -} - -/* - * - */ - -static int -dh_null_generate_key(DH *dh) -{ - return 0; -} - -static int -dh_null_compute_key(unsigned char *shared,const BIGNUM *pub, DH *dh) -{ - return 0; -} - -static int -dh_null_init(DH *dh) -{ - return 1; -} - -static int -dh_null_finish(DH *dh) -{ - return 1; -} - -static int -dh_null_generate_params(DH *dh, int prime_num, int len, BN_GENCB *cb) -{ - return 0; -} - -static const DH_METHOD dh_null_method = { - "hcrypto null DH", - dh_null_generate_key, - dh_null_compute_key, - NULL, - dh_null_init, - dh_null_finish, - 0, - NULL, - dh_null_generate_params -}; - -extern const DH_METHOD hc_dh_imath_method; -static const DH_METHOD *dh_default_method = &hc_dh_imath_method; - -const DH_METHOD * -DH_null_method(void) -{ - return &dh_null_method; -} - -void -DH_set_default_method(const DH_METHOD *meth) -{ - dh_default_method = meth; -} - -const DH_METHOD * -DH_get_default_method(void) -{ - return dh_default_method; -} - diff --git a/source4/heimdal/lib/des/dh.h b/source4/heimdal/lib/des/dh.h deleted file mode 100644 index 105d298bc3..0000000000 --- a/source4/heimdal/lib/des/dh.h +++ /dev/null @@ -1,141 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * $Id: dh.h,v 1.6 2006/05/06 13:11:15 lha Exp $ - */ - -#ifndef _HEIM_DH_H -#define _HEIM_DH_H 1 - -/* symbol renaming */ -#define DH_null_method hc_DH_null_method -#define DH_imath_method hc_DH_imath_method -#define DH_new hc_DH_new -#define DH_new_method hc_DH_new_method -#define DH_free hc_DH_free -#define DH_up_ref hc_DH_up_ref -#define DH_size hc_DH_size -#define DH_set_default_method hc_DH_set_default_method -#define DH_get_default_method hc_DH_get_default_method -#define DH_set_method hc_DH_set_method -#define DH_get_method hc_DH_get_method -#define DH_set_ex_data hc_DH_set_ex_data -#define DH_get_ex_data hc_DH_get_ex_data -#define DH_generate_parameters_ex hc_DH_generate_parameters_ex -#define DH_check_pubkey hc_DH_check_pubkey -#define DH_generate_key hc_DH_generate_key -#define DH_compute_key hc_DH_compute_key - -/* - * - */ - -typedef struct DH DH; -typedef struct DH_METHOD DH_METHOD; - -#include -#include - -struct DH_METHOD { - const char *name; - int (*generate_key)(DH *); - int (*compute_key)(unsigned char *,const BIGNUM *,DH *); - int (*bn_mod_exp)(const DH *, BIGNUM *, const BIGNUM *, - const BIGNUM *, const BIGNUM *, BN_CTX *, - BN_MONT_CTX *); - int (*init)(DH *); - int (*finish)(DH *); - int flags; - void *app_data; - int (*generate_params)(DH *, int, int, BN_GENCB *); -}; - -struct DH { - int pad; - int version; - BIGNUM *p; - BIGNUM *g; - long length; - BIGNUM *pub_key; - BIGNUM *priv_key; - int flags; - void *method_mont_p; - BIGNUM *q; - BIGNUM *j; - void *seed; - int seedlen; - BIGNUM *counter; - int references; - struct CRYPTO_EX_DATA { - void *sk; - int dummy; - } ex_data; - const DH_METHOD *meth; - ENGINE *engine; -}; - -/* DH_check_pubkey return codes in `codes' argument. */ -#define DH_CHECK_PUBKEY_TOO_SMALL 1 -#define DH_CHECK_PUBKEY_TOO_LARGE 2 - -/* - * - */ - -const DH_METHOD *DH_null_method(void); -const DH_METHOD *DH_imath_method(void); - -DH * DH_new(void); -DH * DH_new_method(ENGINE *); -void DH_free(DH *); -int DH_up_ref(DH *); - -int DH_size(const DH *); - - -void DH_set_default_method(const DH_METHOD *); -const DH_METHOD * - DH_get_default_method(void); -int DH_set_method(DH *, const DH_METHOD *); - -int DH_set_ex_data(DH *, int, void *); -void * DH_get_ex_data(DH *, int); - -int DH_generate_parameters_ex(DH *, int, int, BN_GENCB *); -int DH_check_pubkey(const DH *, const BIGNUM *, int *); -int DH_generate_key(DH *); -int DH_compute_key(unsigned char *,const BIGNUM *,DH *); - -#endif /* _HEIM_DH_H */ - diff --git a/source4/heimdal/lib/des/dsa.c b/source4/heimdal/lib/des/dsa.c deleted file mode 100644 index 411597b1c6..0000000000 --- a/source4/heimdal/lib/des/dsa.c +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -RCSID("$Id: dsa.c,v 1.2 2006/05/07 11:31:58 lha Exp $"); - -#include -#include -#include - -#include - -/* - * - */ - -DSA * -DSA_new(void) -{ - DSA *dsa = calloc(1, sizeof(*dsa)); - dsa->meth = rk_UNCONST(DSA_get_default_method()); - dsa->references = 1; - return dsa; -} - -void -DSA_free(DSA *dsa) -{ - if (dsa->references <= 0) - abort(); - - if (--dsa->references > 0) - return; - - (*dsa->meth->finish)(dsa); - -#define free_if(f) if (f) { BN_free(f); } - free_if(dsa->p); - free_if(dsa->q); - free_if(dsa->g); - free_if(dsa->pub_key); - free_if(dsa->priv_key); - free_if(dsa->kinv); - free_if(dsa->r); -#undef free_if - - memset(dsa, 0, sizeof(*dsa)); - free(dsa); - -} - -int -DSA_up_ref(DSA *dsa) -{ - return ++dsa->references; -} - -/* - * - */ - -static const DSA_METHOD dsa_null_method = { - "hcrypto null DSA" -}; - -const DSA_METHOD * -DSA_null_method(void) -{ - return &dsa_null_method; -} - - -const DSA_METHOD *dsa_default_mech = &dsa_null_method; - -void -DSA_set_default_method(const DSA_METHOD *mech) -{ - dsa_default_mech = mech; -} - -const DSA_METHOD * -DSA_get_default_method(void) -{ - return dsa_default_mech; -} - -int -DSA_verify(int type, const unsigned char * digest, int digest_len, - const unsigned char *sig, int sig_len, DSA *dsa) -{ - return -1; -} diff --git a/source4/heimdal/lib/des/dsa.h b/source4/heimdal/lib/des/dsa.h deleted file mode 100644 index 18859effc8..0000000000 --- a/source4/heimdal/lib/des/dsa.h +++ /dev/null @@ -1,140 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * $Id: dsa.h,v 1.2 2006/01/13 15:26:52 lha Exp $ - */ - -#ifndef _HEIM_DSA_H -#define _HEIM_DSA_H 1 - -#include - -/* symbol renaming */ -#define DSA_null_method hc_DSA_null_method -#define DSA_new hc_DSA_new -#define DSA_free hc_DSA_free -#define DSA_up_ref hc_DSA_up_ref -#define DSA_set_default_method hc_DSA_set_default_method -#define DSA_get_default_method hc_DSA_get_default_method -#define DSA_set_method hc_DSA_set_method -#define DSA_get_method hc_DSA_get_method -#define DSA_set_app_data hc_DSA_set_app_data -#define DSA_get_app_data hc_DSA_get_app_data -#define DSA_size hc_DSA_size -#define DSA_verify hc_DSA_verify - -/* - * - */ - - -typedef struct DSA DSA; -typedef struct DSA_METHOD DSA_METHOD; -typedef struct DSA_SIG DSA_SIG; - -struct DSA_SIG { - BIGNUM *r; - BIGNUM *s; -}; - -struct DSA_METHOD { - const char *name; - DSA_SIG * (*dsa_do_sign)(const unsigned char *, int, DSA *); - int (*dsa_sign_setup)(DSA *, BN_CTX *, BIGNUM **, BIGNUM **); - int (*dsa_do_verify)(const unsigned char *, int, DSA_SIG *, DSA *); - int (*dsa_mod_exp)(DSA *, BIGNUM *, BIGNUM *, BIGNUM *, - BIGNUM *, BIGNUM *, BIGNUM *, BN_CTX *, - BN_MONT_CTX *); - int (*bn_mod_exp)(DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *, - BN_MONT_CTX *); - int (*init)(DSA *); - int (*finish)(DSA *); - int flags; - void *app_data; -}; - -struct DSA { - int pad; - long version; - int write_params; - BIGNUM *p; - BIGNUM *q; - BIGNUM *g; - - BIGNUM *pub_key; - BIGNUM *priv_key; - - BIGNUM *kinv; - BIGNUM *r; - int flags; - void *method_mont_p; - int references; - struct dsa_CRYPTO_EX_DATA { - void *sk; - int dummy; - } ex_data; - const DSA_METHOD *meth; - void *engine; -}; - -/* - * - */ - -const DSA_METHOD *DSA_null_method(void); - -/* - * - */ - -DSA * DSA_new(void); -void DSA_free(DSA *); -int DSA_up_ref(DSA *); - -void DSA_set_default_method(const DSA_METHOD *); -const DSA_METHOD * DSA_get_default_method(void); - -const DSA_METHOD * DSA_get_method(const DSA *); -int DSA_set_method(DSA *, const DSA_METHOD *); - -void DSA_set_app_data(DSA *, void *arg); -void * DSA_get_app_data(DSA *); - -int DSA_size(const DSA *); - -int DSA_verify(int, const unsigned char *, int, - const unsigned char *, int, DSA *); - -#endif /* _HEIM_DSA_H */ diff --git a/source4/heimdal/lib/des/engine.c b/source4/heimdal/lib/des/engine.c deleted file mode 100644 index b72339c362..0000000000 --- a/source4/heimdal/lib/des/engine.c +++ /dev/null @@ -1,345 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -RCSID("$Id: engine.c,v 1.11 2006/10/19 14:23:00 lha Exp $"); - -#include -#include -#include - -#include - -#ifdef HAVE_DLFCN_H -#include -#ifndef RTLD_NOW -#define RTLD_NOW 0 -#endif -#endif - -struct hc_engine { - int references; - char *name; - char *id; - void (*destroy)(ENGINE *); - const RSA_METHOD *rsa; - const DH_METHOD *dh; - const RAND_METHOD *rand; -}; - -int -ENGINE_finish(ENGINE *engine) -{ - if (engine->references-- <= 0) - abort(); - if (engine->references > 0) - return 1; - - if (engine->name) - free(engine->name); - if (engine->id) - free(engine->id); - if(engine->destroy) - (*engine->destroy)(engine); - - memset(engine, 0, sizeof(engine)); - engine->references = -1; - - - free(engine); - return 1; -} - -int -ENGINE_up_ref(ENGINE *engine) -{ - if (engine->references < 0) - abort(); - engine->references++; - return 1; -} - -int -ENGINE_set_id(ENGINE *engine, const char *id) -{ - engine->id = strdup(id); - return (engine->id == NULL) ? 0 : 1; -} - -int -ENGINE_set_name(ENGINE *engine, const char *name) -{ - engine->name = strdup(name); - return (engine->name == NULL) ? 0 : 1; -} - -int -ENGINE_set_RSA(ENGINE *engine, const RSA_METHOD *method) -{ - engine->rsa = method; - return 1; -} - -int -ENGINE_set_DH(ENGINE *engine, const DH_METHOD *method) -{ - engine->dh = method; - return 1; -} - -int -ENGINE_set_destroy_function(ENGINE *e, void (*destroy)(ENGINE *)) -{ - e->destroy = destroy; - return 1; -} - -const char * -ENGINE_get_id(const ENGINE *engine) -{ - return engine->id; -} - -const char * -ENGINE_get_name(const ENGINE *engine) -{ - return engine->name; -} - -const RSA_METHOD * -ENGINE_get_RSA(const ENGINE *engine) -{ - return engine->rsa; -} - -const DH_METHOD * -ENGINE_get_DH(const ENGINE *engine) -{ - return engine->dh; -} - -const RAND_METHOD * -ENGINE_get_RAND(const ENGINE *engine) -{ - return engine->rand; -} - -/* - * - */ - -#define SG_default_engine(type) \ -static ENGINE *type##_engine; \ -int \ -ENGINE_set_default_##type(ENGINE *engine) \ -{ \ - if (type##_engine) \ - ENGINE_finish(type##_engine); \ - type##_engine = engine; \ - if (type##_engine) \ - ENGINE_up_ref(type##_engine); \ - return 1; \ -} \ -ENGINE * \ -ENGINE_get_default_##type(void) \ -{ \ - if (type##_engine) \ - ENGINE_up_ref(type##_engine); \ - return type##_engine; \ -} - -SG_default_engine(RSA) -SG_default_engine(DH) - -#undef SG_default_engine - -/* - * - */ - -static ENGINE **engines; -static unsigned int num_engines; - -static int -add_engine(ENGINE *engine) -{ - ENGINE **d, *dup; - - dup = ENGINE_by_id(engine->id); - if (dup) { - ENGINE_finish(dup); - return 0; - } - - d = realloc(engines, (num_engines + 1) * sizeof(*engines)); - if (d == NULL) - return 1; - engines = d; - engines[num_engines++] = engine; - - return 1; -} - -void -ENGINE_load_builtin_engines(void) -{ - ENGINE *engine; - int ret; - - engine = calloc(1, sizeof(*engine)); - if (engine == NULL) - return; - - ENGINE_set_id(engine, "builtin"); - ENGINE_set_name(engine, - "Heimdal crypto builtin engine version " PACKAGE_VERSION); - ENGINE_set_RSA(engine, RSA_imath_method()); - ENGINE_set_DH(engine, DH_imath_method()); - - ret = add_engine(engine); - if (ret != 1) - ENGINE_finish(engine); -} - -ENGINE * -ENGINE_by_dso(const char *path, const char *id) -{ -#ifdef HAVE_DLOPEN - ENGINE *engine; - void *handle; - int ret; - - engine = calloc(1, sizeof(*engine)); - if (engine == NULL) - return NULL; - - handle = dlopen(path, RTLD_NOW); - if (handle == NULL) { - /* printf("error: %s\n", dlerror()); */ - free(engine); - return NULL; - } - - { - unsigned long version; - openssl_v_check v_check; - - v_check = (openssl_v_check)dlsym(handle, "v_check"); - if (v_check == NULL) { - dlclose(handle); - free(engine); - return NULL; - } - - version = (*v_check)(OPENSSL_DYNAMIC_VERSION); - if (version == 0) { - dlclose(handle); - free(engine); - return NULL; - } - } - - { - openssl_bind_engine bind_engine; - - bind_engine = (openssl_bind_engine)dlsym(handle, "bind_engine"); - if (bind_engine == NULL) { - dlclose(handle); - free(engine); - return NULL; - } - - ret = (*bind_engine)(engine, id, NULL); /* XXX fix third arg */ - if (ret != 1) { - dlclose(handle); - free(engine); - return NULL; - } - } - - ENGINE_up_ref(engine); - - ret = add_engine(engine); - if (ret != 1) { - dlclose(handle); - ENGINE_finish(engine); - return NULL; - } - - return engine; -#else - return NULL; -#endif -} - -ENGINE * -ENGINE_by_id(const char *id) -{ - int i; - - for (i = 0; i < num_engines; i++) { - if (strcmp(id, engines[i]->id) == 0) { - ENGINE_up_ref(engines[i]); - return engines[i]; - } - } - return NULL; -} - -void -ENGINE_add_conf_module(void) -{ - ENGINE *engine; - - /* - * XXX Parse configuration file instead - */ - - engine = ENGINE_by_dso("/usr/heimdal/lib/hc-modules/hc-gmp.so", NULL); - if (engine == NULL) - return; - { - const RSA_METHOD *method = ENGINE_get_RSA(engine); - if (method) - RSA_set_default_method(method); - } - { - const DH_METHOD *method = ENGINE_get_DH(engine); - if (method) - DH_set_default_method(method); - } - -} diff --git a/source4/heimdal/lib/des/engine.h b/source4/heimdal/lib/des/engine.h deleted file mode 100644 index 65588f7d78..0000000000 --- a/source4/heimdal/lib/des/engine.h +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * $Id: engine.h,v 1.6 2006/05/06 12:34:36 lha Exp $ - */ - -#ifndef _HEIM_ENGINE_H -#define _HEIM_ENGINE_H 1 - -/* symbol renaming */ -#define ENGINE_add_conf_module hc_ENGINE_add_conf_module -#define ENGINE_by_dso hc_ENGINE_by_dso -#define ENGINE_by_id hc_ENGINE_by_id -#define ENGINE_finish hc_ENGINE_finish -#define ENGINE_get_DH hc_ENGINE_get_DH -#define ENGINE_get_RSA hc_ENGINE_get_RSA -#define ENGINE_get_RAND hc_ENGINE_get_RAND -#define ENGINE_get_id hc_ENGINE_get_id -#define ENGINE_get_name hc_ENGINE_get_name -#define ENGINE_load_builtin_engines hc_ENGINE_load_builtin_engines -#define ENGINE_set_DH hc_ENGINE_set_DH -#define ENGINE_set_RSA hc_ENGINE_set_RSA -#define ENGINE_set_id hc_ENGINE_set_id -#define ENGINE_set_name hc_ENGINE_set_name -#define ENGINE_set_destroy_function hc_ENGINE_set_destroy_function -#define ENGINE_up_ref hc_ENGINE_up_ref -#define ENGINE_get_default_DH hc_ENGINE_get_default_DH -#define ENGINE_get_default_RSA hc_ENGINE_get_default_RSA -#define ENGINE_set_default_DH hc_ENGINE_set_default_DH -#define ENGINE_set_default_RSA hc_ENGINE_set_default_RSA - -/* - * - */ - -typedef struct hc_engine ENGINE; - -#include -#include -#include -#include - -#define OPENSSL_DYNAMIC_VERSION (unsigned long)0x00020000 - -typedef int (*openssl_bind_engine)(ENGINE *, const char *, const void *); -typedef unsigned long (*openssl_v_check)(unsigned long); - -void ENGINE_add_conf_module(void); -void ENGINE_load_builtin_engines(void); -ENGINE *ENGINE_by_id(const char *); -ENGINE *ENGINE_by_dso(const char *, const char *); -int ENGINE_finish(ENGINE *); -int ENGINE_up_ref(ENGINE *); -int ENGINE_set_id(ENGINE *, const char *); -int ENGINE_set_name(ENGINE *, const char *); -int ENGINE_set_RSA(ENGINE *, const RSA_METHOD *); -int ENGINE_set_DH(ENGINE *, const DH_METHOD *); -int ENGINE_set_destroy_function(ENGINE *, void (*)(ENGINE *)); - -const char * ENGINE_get_id(const ENGINE *); -const char * ENGINE_get_name(const ENGINE *); -const RSA_METHOD * ENGINE_get_RSA(const ENGINE *); -const DH_METHOD * ENGINE_get_DH(const ENGINE *); -const RAND_METHOD * ENGINE_get_RAND(const ENGINE *); - -int ENGINE_set_default_RSA(ENGINE *); -ENGINE * ENGINE_get_default_RSA(void); -int ENGINE_set_default_DH(ENGINE *); -ENGINE * ENGINE_get_default_DH(void); - - -#endif /* _HEIM_ENGINE_H */ diff --git a/source4/heimdal/lib/des/evp.c b/source4/heimdal/lib/des/evp.c deleted file mode 100644 index 34480dbe7e..0000000000 --- a/source4/heimdal/lib/des/evp.c +++ /dev/null @@ -1,905 +0,0 @@ -#include -#include -#include -#include -#include - -#include - -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -typedef int (*evp_md_init)(EVP_MD_CTX *); -typedef int (*evp_md_update)(EVP_MD_CTX *,const void *, size_t); -typedef int (*evp_md_final)(void *, EVP_MD_CTX *); -typedef int (*evp_md_cleanup)(EVP_MD_CTX *); - -struct hc_evp_md { - int hash_size; - int block_size; - int ctx_size; - evp_md_init init; - evp_md_update update; - evp_md_final final; - evp_md_cleanup cleanup; -}; - -/* - * - */ - -size_t -EVP_MD_size(const EVP_MD *md) -{ - return md->hash_size; -} - -size_t -EVP_MD_block_size(const EVP_MD *md) -{ - return md->block_size; -} - -EVP_MD_CTX * -EVP_MD_CTX_create(void) -{ - return calloc(1, sizeof(EVP_MD_CTX)); -} - -void -EVP_MD_CTX_init(EVP_MD_CTX *ctx) -{ - memset(ctx, 0, sizeof(*ctx)); -} - -void -EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) -{ - EVP_MD_CTX_cleanup(ctx); - free(ctx); -} - -int -EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) -{ - if (ctx->md && ctx->md->cleanup) - (ctx->md->cleanup)(ctx); - ctx->md = NULL; - ctx->engine = NULL; - free(ctx->ptr); - return 1; -} - - -const EVP_MD * -EVP_MD_CTX_md(EVP_MD_CTX *ctx) -{ - return ctx->md; -} - -size_t -EVP_MD_CTX_size(EVP_MD_CTX *ctx) -{ - return EVP_MD_size(ctx->md); -} - -size_t -EVP_MD_CTX_block_size(EVP_MD_CTX *ctx) -{ - return EVP_MD_block_size(ctx->md); -} - -int -EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine) -{ - if (ctx->md != md || ctx->engine != engine) { - EVP_MD_CTX_cleanup(ctx); - ctx->md = md; - ctx->engine = engine; - - ctx->ptr = calloc(1, md->ctx_size); - if (ctx->ptr == NULL) - return 0; - } - (ctx->md->init)(ctx->ptr); - return 1; -} - -int -EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t size) -{ - (ctx->md->update)(ctx->ptr, data, size); - return 1; -} - -int -EVP_DigestFinal_ex(EVP_MD_CTX *ctx, void *hash, unsigned int *size) -{ - (ctx->md->final)(hash, ctx->ptr); - if (size) - *size = ctx->md->hash_size; - return 1; -} - -int -EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize, - const EVP_MD *md, ENGINE *engine) -{ - EVP_MD_CTX *ctx; - int ret; - - ctx = EVP_MD_CTX_create(); - if (ctx == NULL) - return 0; - ret = EVP_DigestInit_ex(ctx, md, engine); - if (ret != 1) - return ret; - ret = EVP_DigestUpdate(ctx, data, dsize); - if (ret != 1) - return ret; - ret = EVP_DigestFinal_ex(ctx, hash, hsize); - if (ret != 1) - return ret; - EVP_MD_CTX_destroy(ctx); - return 1; -} - -/* - * - */ - -const EVP_MD * -EVP_sha256(void) -{ - static const struct hc_evp_md sha256 = { - 32, - 64, - sizeof(SHA256_CTX), - (evp_md_init)SHA256_Init, - (evp_md_update)SHA256_Update, - (evp_md_final)SHA256_Final, - NULL - }; - return &sha256; -} - -static const struct hc_evp_md sha1 = { - 20, - 64, - sizeof(SHA_CTX), - (evp_md_init)SHA1_Init, - (evp_md_update)SHA1_Update, - (evp_md_final)SHA1_Final, - NULL -}; - -const EVP_MD * -EVP_sha1(void) -{ - return &sha1; -} - -const EVP_MD * -EVP_sha(void) -{ - return &sha1; -} - -const EVP_MD * -EVP_md5(void) -{ - static const struct hc_evp_md md5 = { - 16, - 64, - sizeof(MD5_CTX), - (evp_md_init)MD5_Init, - (evp_md_update)MD5_Update, - (evp_md_final)MD5_Final, - NULL - }; - return &md5; -} - -const EVP_MD * -EVP_md4(void) -{ - static const struct hc_evp_md md4 = { - 16, - 64, - sizeof(MD4_CTX), - (evp_md_init)MD4_Init, - (evp_md_update)MD4_Update, - (evp_md_final)MD4_Final, - NULL - }; - return &md4; -} - -const EVP_MD * -EVP_md2(void) -{ - static const struct hc_evp_md md2 = { - 16, - 16, - sizeof(MD2_CTX), - (evp_md_init)MD2_Init, - (evp_md_update)MD2_Update, - (evp_md_final)MD2_Final, - NULL - }; - return &md2; -} - -/* - * - */ - -static void -null_Init (void *m) -{ -} -static void -null_Update (void *m, const void * data, size_t size) -{ -} -static void -null_Final(void *res, struct md5 *m) -{ -} - -const EVP_MD * -EVP_md_null(void) -{ - static const struct hc_evp_md null = { - 0, - 0, - 0, - (evp_md_init)null_Init, - (evp_md_update)null_Update, - (evp_md_final)null_Final, - NULL - }; - return &null; -} - -#if 0 -void EVP_MD_CTX_init(EVP_MD_CTX *ctx); -int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); -int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); -int EVP_SignFinal(EVP_MD_CTX *, void *, size_t *, EVP_PKEY *); -int EVP_VerifyFinal(EVP_MD_CTX *, const void *, size_t, EVP_PKEY *); -#endif - -/* - * - */ - -size_t -EVP_CIPHER_block_size(const EVP_CIPHER *c) -{ - return c->block_size; -} - -size_t -EVP_CIPHER_key_length(const EVP_CIPHER *c) -{ - return c->key_len; -} - -size_t -EVP_CIPHER_iv_length(const EVP_CIPHER *c) -{ - return c->iv_len; -} - -void -EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *c) -{ - memset(c, 0, sizeof(*c)); -} - -int -EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) -{ - if (c->cipher && c->cipher->cleanup) - c->cipher->cleanup(c); - if (c->cipher_data) { - free(c->cipher_data); - c->cipher_data = NULL; - } - return 1; -} - -#if 0 -int -EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int length) -{ - return 0; -} - -int -EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad) -{ - return 0; -} -#endif - -const EVP_CIPHER * -EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx) -{ - return ctx->cipher; -} - -size_t -EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) -{ - return EVP_CIPHER_block_size(ctx->cipher); -} - -size_t -EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) -{ - return EVP_CIPHER_key_length(ctx->cipher); -} - -size_t -EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) -{ - return EVP_CIPHER_iv_length(ctx->cipher); -} - -unsigned long -EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) -{ - return ctx->cipher->flags; -} - -int -EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx) -{ - return EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_MODE; -} - -void * -EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *ctx) -{ - return ctx->app_data; -} - -void -EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) -{ - ctx->app_data = data; -} - -int -EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, - const void *key, const void *iv, int encp) -{ - if (encp == -1) - encp = ctx->encrypt; - else - ctx->encrypt = (encp ? 1 : 0); - - if (c && (c != ctx->cipher)) { - EVP_CIPHER_CTX_cleanup(ctx); - ctx->cipher = c; - ctx->key_len = c->key_len; - - ctx->cipher_data = malloc(c->ctx_size); - if (ctx->cipher_data == NULL && c->ctx_size != 0) - return 0; - - } else if (ctx->cipher == NULL) { - /* reuse of cipher, but not any cipher ever set! */ - return 0; - } - - switch (EVP_CIPHER_CTX_flags(ctx)) { - case EVP_CIPH_CBC_MODE: - - assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv)); - - if (iv) - memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); - memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); - break; - default: - return 0; - } - - if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) - ctx->cipher->init(ctx, key, iv, encp); - - return 1; -} - -int -EVP_Cipher(EVP_CIPHER_CTX *ctx, void *out, const void *in,size_t size) -{ - return ctx->cipher->do_cipher(ctx, out, in, size); -} - -/* - * - */ - -static int -enc_null_init(EVP_CIPHER_CTX *ctx, - const unsigned char * key, - const unsigned char * iv, - int encp) -{ - return 1; -} - -static int -enc_null_do_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - unsigned int size) -{ - memmove(out, in, size); - return 1; -} - -static int -enc_null_cleanup(EVP_CIPHER_CTX *ctx) -{ - return 1; -} - -const EVP_CIPHER * -EVP_enc_null(void) -{ - static const EVP_CIPHER enc_null = { - 0, - 0, - 0, - 0, - EVP_CIPH_CBC_MODE, - enc_null_init, - enc_null_do_cipher, - enc_null_cleanup, - 0, - NULL, - NULL, - NULL, - NULL - }; - return &enc_null; -} - -/* - * - */ - -struct rc2_cbc { - unsigned int maximum_effective_key; - RC2_KEY key; -}; - -static int -rc2_init(EVP_CIPHER_CTX *ctx, - const unsigned char * key, - const unsigned char * iv, - int encp) -{ - struct rc2_cbc *k = ctx->cipher_data; - k->maximum_effective_key = EVP_CIPHER_CTX_key_length(ctx) * 8; - RC2_set_key(&k->key, - EVP_CIPHER_CTX_key_length(ctx), - key, - k->maximum_effective_key); - return 1; -} - -static int -rc2_do_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - unsigned int size) -{ - struct rc2_cbc *k = ctx->cipher_data; - RC2_cbc_encrypt(in, out, size, &k->key, ctx->iv, ctx->encrypt); - return 1; -} - -static int -rc2_cleanup(EVP_CIPHER_CTX *ctx) -{ - memset(ctx->cipher_data, 0, sizeof(struct rc2_cbc)); - return 1; -} - - -const EVP_CIPHER * -EVP_rc2_cbc(void) -{ - static const EVP_CIPHER rc2_cbc = { - 0, - RC2_BLOCK_SIZE, - RC2_KEY_LENGTH, - RC2_BLOCK_SIZE, - EVP_CIPH_CBC_MODE, - rc2_init, - rc2_do_cipher, - rc2_cleanup, - sizeof(struct rc2_cbc), - NULL, - NULL, - NULL, - NULL - }; - return &rc2_cbc; -} - -const EVP_CIPHER * -EVP_rc2_40_cbc(void) -{ - static const EVP_CIPHER rc2_40_cbc = { - 0, - RC2_BLOCK_SIZE, - 5, - RC2_BLOCK_SIZE, - EVP_CIPH_CBC_MODE, - rc2_init, - rc2_do_cipher, - rc2_cleanup, - sizeof(struct rc2_cbc), - NULL, - NULL, - NULL, - NULL - }; - return &rc2_40_cbc; -} - -const EVP_CIPHER * -EVP_rc2_64_cbc(void) -{ - static const EVP_CIPHER rc2_64_cbc = { - 0, - RC2_BLOCK_SIZE, - 8, - RC2_BLOCK_SIZE, - EVP_CIPH_CBC_MODE, - rc2_init, - rc2_do_cipher, - rc2_cleanup, - sizeof(struct rc2_cbc), - NULL, - NULL, - NULL, - NULL - }; - return &rc2_64_cbc; -} - -/* - * - */ - -const EVP_CIPHER * -EVP_rc4(void) -{ - printf("evp rc4\n"); - abort(); - return NULL; -} - -const EVP_CIPHER * -EVP_rc4_40(void) -{ - printf("evp rc4_40\n"); - abort(); - return NULL; -} - -/* - * - */ - -struct des_ede3_cbc { - DES_key_schedule ks[3]; -}; - -static int -des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, - const unsigned char * key, - const unsigned char * iv, - int encp) -{ - struct des_ede3_cbc *k = ctx->cipher_data; - - DES_key_sched((DES_cblock *)(key), &k->ks[0]); - DES_key_sched((DES_cblock *)(key + 8), &k->ks[1]); - DES_key_sched((DES_cblock *)(key + 16), &k->ks[2]); - - return 1; -} - -static int -des_ede3_cbc_do_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - unsigned int size) -{ - struct des_ede3_cbc *k = ctx->cipher_data; - DES_ede3_cbc_encrypt(in, out, size, - &k->ks[0], &k->ks[1], &k->ks[2], - (DES_cblock *)ctx->iv, ctx->encrypt); - return 1; -} - -static int -des_ede3_cbc_cleanup(EVP_CIPHER_CTX *ctx) -{ - memset(ctx->cipher_data, 0, sizeof(struct des_ede3_cbc)); - return 1; -} - -const EVP_CIPHER * -EVP_des_ede3_cbc(void) -{ - static const EVP_CIPHER des_ede3_cbc = { - 0, - 8, - 24, - 8, - EVP_CIPH_CBC_MODE, - des_ede3_cbc_init, - des_ede3_cbc_do_cipher, - des_ede3_cbc_cleanup, - sizeof(struct des_ede3_cbc), - NULL, - NULL, - NULL, - NULL - }; - return &des_ede3_cbc; -} - -/* - * - */ - -static int -aes_init(EVP_CIPHER_CTX *ctx, - const unsigned char * key, - const unsigned char * iv, - int encp) -{ - AES_KEY *k = ctx->cipher_data; - if (ctx->encrypt) - AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k); - else - AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k); - return 1; -} - -static int -aes_do_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - unsigned int size) -{ - AES_KEY *k = ctx->cipher_data; - AES_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); - return 1; -} - -static int -aes_cleanup(EVP_CIPHER_CTX *ctx) -{ - memset(ctx->cipher_data, 0, sizeof(AES_KEY)); - return 1; -} - -const EVP_CIPHER * -EVP_aes_128_cbc(void) -{ - static const EVP_CIPHER aes_128_cbc = { - 0, - 16, - 16, - 16, - EVP_CIPH_CBC_MODE, - aes_init, - aes_do_cipher, - aes_cleanup, - sizeof(AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - return &aes_128_cbc; -} - -const EVP_CIPHER * -EVP_aes_192_cbc(void) -{ - static const EVP_CIPHER aes_192_cbc = { - 0, - 16, - 24, - 16, - EVP_CIPH_CBC_MODE, - aes_init, - aes_do_cipher, - aes_cleanup, - sizeof(AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - return &aes_192_cbc; -} - - -const EVP_CIPHER * -EVP_aes_256_cbc(void) -{ - static const EVP_CIPHER aes_256_cbc = { - 0, - 16, - 32, - 16, - EVP_CIPH_CBC_MODE, - aes_init, - aes_do_cipher, - aes_cleanup, - sizeof(AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - return &aes_256_cbc; -} - -/* - * - */ - -static const struct cipher_name { - const char *name; - const EVP_CIPHER *(*func)(void); -} cipher_name[] = { - { "des-ede3-cbc", EVP_des_ede3_cbc }, - { "aes-128-cbc", EVP_aes_128_cbc }, - { "aes-192-cbc", EVP_aes_192_cbc }, - { "aes-256-cbc", EVP_aes_256_cbc } -}; - - -const EVP_CIPHER * -EVP_get_cipherbyname(const char *name) -{ - int i; - for (i = 0; i < sizeof(cipher_name)/sizeof(cipher_name[0]); i++) { - if (strcasecmp(cipher_name[i].name, name) == 0) - return (*cipher_name[i].func)(); - } - return NULL; -} - - -/* - * - */ - -#ifndef min -#define min(a,b) (((a)>(b))?(b):(a)) -#endif - -int -EVP_BytesToKey(const EVP_CIPHER *type, - const EVP_MD *md, - const void *salt, - const void *data, size_t datalen, - unsigned int count, - void *keydata, - void *ivdata) -{ - int ivlen, keylen, first = 0; - unsigned int mds = 0, i; - unsigned char *key = keydata; - unsigned char *iv = ivdata; - unsigned char *buf; - EVP_MD_CTX c; - - keylen = EVP_CIPHER_key_length(type); - ivlen = EVP_CIPHER_iv_length(type); - - if (data == NULL) - return keylen; - - buf = malloc(EVP_MD_size(md)); - if (buf == NULL) - return -1; - - EVP_MD_CTX_init(&c); - - first = 1; - while (1) { - EVP_DigestInit_ex(&c, md, NULL); - if (!first) - EVP_DigestUpdate(&c, buf, mds); - first = 0; - EVP_DigestUpdate(&c,data,datalen); - -#define PKCS5_SALT_LEN 8 - - if (salt) - EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN); - - EVP_DigestFinal_ex(&c, buf, &mds); - assert(mds == EVP_MD_size(md)); - - for (i = 1; i < count; i++) { - EVP_DigestInit_ex(&c, md, NULL); - EVP_DigestUpdate(&c, buf, mds); - EVP_DigestFinal_ex(&c, buf, &mds); - assert(mds == EVP_MD_size(md)); - } - - i = 0; - if (keylen) { - size_t sz = min(keylen, mds); - if (key) { - memcpy(key, buf, sz); - key += sz; - } - keylen -= sz; - i += sz; - } - if (ivlen && mds > i) { - size_t sz = min(ivlen, (mds - i)); - if (iv) { - memcpy(iv, &buf[i], sz); - iv += sz; - } - ivlen -= sz; - } - if (keylen == 0 && ivlen == 0) - break; - } - - EVP_MD_CTX_cleanup(&c); - free(buf); - - return EVP_CIPHER_key_length(type); -} - -/* - * - */ - -void -OpenSSL_add_all_algorithms(void) -{ - return; -} - -void -OpenSSL_add_all_algorithms_conf(void) -{ - return; -} - -void -OpenSSL_add_all_algorithms_noconf(void) -{ - return; -} diff --git a/source4/heimdal/lib/des/evp.h b/source4/heimdal/lib/des/evp.h deleted file mode 100644 index 2fdf8d0765..0000000000 --- a/source4/heimdal/lib/des/evp.h +++ /dev/null @@ -1,255 +0,0 @@ -/* - * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: evp.h,v 1.11 2006/10/07 17:21:24 lha Exp $ */ - -#ifndef HEIM_EVP_H -#define HEIM_EVP_H 1 - -#include - -/* symbol renaming */ -#define EVP_CIPHER_CTX_block_size hc_EVP_CIPHER_CTX_block_size -#define EVP_CIPHER_CTX_cipher hc_EVP_CIPHER_CTX_cipher -#define EVP_CIPHER_CTX_cleanup hc_EVP_CIPHER_CTX_cleanup -#define EVP_CIPHER_CTX_flags hc_EVP_CIPHER_CTX_flags -#define EVP_CIPHER_CTX_get_app_data hc_EVP_CIPHER_CTX_get_app_data -#define EVP_CIPHER_CTX_init hc_EVP_CIPHER_CTX_init -#define EVP_CIPHER_CTX_iv_length hc_EVP_CIPHER_CTX_iv_length -#define EVP_CIPHER_CTX_key_length hc_EVP_CIPHER_CTX_key_length -#define EVP_CIPHER_CTX_mode hc_EVP_CIPHER_CTX_mode -#define EVP_CIPHER_CTX_set_app_data hc_EVP_CIPHER_CTX_set_app_data -#define EVP_CIPHER_CTX_set_key_length hc_EVP_CIPHER_CTX_set_key_length -#define EVP_CIPHER_CTX_set_padding hc_EVP_CIPHER_CTX_set_padding -#define EVP_CIPHER_block_size hc_EVP_CIPHER_block_size -#define EVP_CIPHER_iv_length hc_EVP_CIPHER_iv_length -#define EVP_CIPHER_key_length hc_EVP_CIPHER_key_length -#define EVP_Cipher hc_EVP_Cipher -#define EVP_CipherInit_ex hc_EVP_CipherInit_ex -#define EVP_Digest hc_EVP_Digest -#define EVP_DigestFinal_ex hc_EVP_DigestFinal_ex -#define EVP_DigestInit_ex hc_EVP_DigestInit_ex -#define EVP_DigestUpdate hc_EVP_DigestUpdate -#define EVP_MD_CTX_block_size hc_EVP_MD_CTX_block_size -#define EVP_MD_CTX_cleanup hc_EVP_MD_CTX_cleanup -#define EVP_MD_CTX_create hc_EVP_MD_CTX_create -#define EVP_MD_CTX_init hc_EVP_MD_CTX_init -#define EVP_MD_CTX_destroy hc_EVP_MD_CTX_destroy -#define EVP_MD_CTX_md hc_EVP_MD_CTX_md -#define EVP_MD_CTX_size hc_EVP_MD_CTX_size -#define EVP_MD_block_size hc_EVP_MD_block_size -#define EVP_MD_size hc_EVP_MD_size -#define EVP_aes_128_cbc hc_EVP_aes_128_cbc -#define EVP_aes_192_cbc hc_EVP_aes_192_cbc -#define EVP_aes_256_cbc hc_EVP_aes_256_cbc -#define EVP_des_ede3_cbc hc_EVP_des_ede3_cbc -#define EVP_enc_null hc_EVP_enc_null -#define EVP_md2 hc_EVP_md2 -#define EVP_md4 hc_EVP_md4 -#define EVP_md5 hc_EVP_md5 -#define EVP_md_null hc_EVP_md_null -#define EVP_rc2_40_cbc hc_EVP_rc2_40_cbc -#define EVP_rc2_64_cbc hc_EVP_rc2_64_cbc -#define EVP_rc2_cbc hc_EVP_rc2_cbc -#define EVP_rc4 hc_EVP_rc4 -#define EVP_rc4_40 hc_EVP_rc4_40 -#define EVP_sha hc_EVP_sha -#define EVP_sha1 hc_EVP_sha1 -#define EVP_sha256 hc_EVP_sha256 -#define PKCS5_PBKDF2_HMAC_SHA1 hc_PKCS5_PBKDF2_HMAC_SHA1 -#define EVP_BytesToKey hc_EVP_BytesToKey -#define EVP_get_cipherbyname hc_EVP_get_cipherbyname -#define OpenSSL_add_all_algorithms hc_OpenSSL_add_all_algorithms -#define OpenSSL_add_all_algorithms_conf hc_OpenSSL_add_all_algorithms_conf -#define OpenSSL_add_all_algorithms_noconf hc_OpenSSL_add_all_algorithms_noconf - -/* - * - */ - -typedef struct hc_EVP_MD_CTX EVP_MD_CTX; -typedef struct hc_evp_pkey EVP_PKEY; -typedef struct hc_evp_md EVP_MD; -typedef struct hc_CIPHER EVP_CIPHER; -typedef struct hc_CIPHER_CTX EVP_CIPHER_CTX; - -#define EVP_MAX_IV_LENGTH 16 -#define EVP_MAX_BLOCK_LENGTH 32 - -#define EVP_MAX_MD_SIZE 64 - -struct hc_CIPHER { - int nid; - int block_size; - int key_len; - int iv_len; - unsigned long flags; - /* The lowest 3 bits is used as integer field for the mode the - * cipher is used in (use EVP_CIPHER.._mode() to extract the - * mode). The rest of the flag field is a bitfield. - */ -#define EVP_CIPH_CBC_MODE 2 -#define EVP_CIPH_MODE 0x7 - -#define EVP_CIPH_ALWAYS_CALL_INIT 0x20 - - int (*init)(EVP_CIPHER_CTX*,const unsigned char*,const unsigned char*,int); - int (*do_cipher)(EVP_CIPHER_CTX *, unsigned char *, - const unsigned char *, unsigned int); - int (*cleanup)(EVP_CIPHER_CTX *); - int ctx_size; - void *set_asn1_parameters; - void *get_asn1_parameters; - void *ctrl; - void *app_data; -}; - -struct hc_CIPHER_CTX { - const EVP_CIPHER *cipher; - ENGINE *engine; - int encrypt; - int buf_len; - unsigned char oiv[EVP_MAX_IV_LENGTH]; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char buf[EVP_MAX_BLOCK_LENGTH]; - int num; - void *app_data; - int key_len; - unsigned long flags; - void *cipher_data; - int final_used; - int block_mask; - unsigned char final[EVP_MAX_BLOCK_LENGTH]; -}; - -struct hc_EVP_MD_CTX { - const EVP_MD *md; - ENGINE *engine; - void *ptr; -}; - -/* - * Avaible crypto algs - */ - -const EVP_MD *EVP_md_null(void); -const EVP_MD *EVP_md2(void); -const EVP_MD *EVP_md4(void); -const EVP_MD *EVP_md5(void); -const EVP_MD *EVP_sha(void); -const EVP_MD *EVP_sha1(void); -const EVP_MD *EVP_sha256(void); - -const EVP_CIPHER * EVP_aes_128_cbc(void); -const EVP_CIPHER * EVP_aes_192_cbc(void); -const EVP_CIPHER * EVP_aes_256_cbc(void); -const EVP_CIPHER * EVP_des_ede3_cbc(void); -const EVP_CIPHER * EVP_enc_null(void); -const EVP_CIPHER * EVP_rc2_40_cbc(void); -const EVP_CIPHER * EVP_rc2_64_cbc(void); -const EVP_CIPHER * EVP_rc2_cbc(void); -const EVP_CIPHER * EVP_rc4(void); -const EVP_CIPHER * EVP_rc4_40(void); - -/* - * - */ - -size_t EVP_MD_size(const EVP_MD *); -size_t EVP_MD_block_size(const EVP_MD *); - -const EVP_MD * - EVP_MD_CTX_md(EVP_MD_CTX *); -size_t EVP_MD_CTX_size(EVP_MD_CTX *); -size_t EVP_MD_CTX_block_size(EVP_MD_CTX *); - -EVP_MD_CTX * - EVP_MD_CTX_create(void); -void EVP_MD_CTX_init(EVP_MD_CTX *); -void EVP_MD_CTX_destroy(EVP_MD_CTX *); -int EVP_MD_CTX_cleanup(EVP_MD_CTX *); - -int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *); -int EVP_DigestUpdate(EVP_MD_CTX *,const void *, size_t); -int EVP_DigestFinal_ex(EVP_MD_CTX *, void *, unsigned int *); -int EVP_Digest(const void *, size_t, void *, unsigned int *, - const EVP_MD *, ENGINE *); -/* - * - */ - -const EVP_CIPHER * - EVP_get_cipherbyname(const char *); - -size_t EVP_CIPHER_block_size(const EVP_CIPHER *); -size_t EVP_CIPHER_key_length(const EVP_CIPHER *); -size_t EVP_CIPHER_iv_length(const EVP_CIPHER *); - -void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *); -int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); -int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int); -int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *, int); -unsigned long - EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *); -int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *); - -const EVP_CIPHER * - EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *); -size_t EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *); -size_t EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *); -size_t EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *); -void * EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *); -void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *, void *); - -int EVP_CipherInit_ex(EVP_CIPHER_CTX *,const EVP_CIPHER *, ENGINE *, - const void *, const void *, int); - -int EVP_Cipher(EVP_CIPHER_CTX *,void *,const void *,size_t); - -int PKCS5_PBKDF2_HMAC_SHA1(const void *, size_t, const void *, size_t, - unsigned long, size_t, void *); - -int EVP_BytesToKey(const EVP_CIPHER *, const EVP_MD *, - const void *, const void *, size_t, - unsigned int, void *, void *); - - -/* - * - */ - -void OpenSSL_add_all_algorithms(void); -void OpenSSL_add_all_algorithms_conf(void); -void OpenSSL_add_all_algorithms_noconf(void); - -#endif /* HEIM_EVP_H */ diff --git a/source4/heimdal/lib/des/hash.h b/source4/heimdal/lib/des/hash.h deleted file mode 100644 index b6da9bd8e0..0000000000 --- a/source4/heimdal/lib/des/hash.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of KTH nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -/* $Id: hash.h,v 1.4 2006/05/05 11:06:49 lha Exp $ */ - -/* stuff in common between md4, md5, and sha1 */ - -#ifndef __hash_h__ -#define __hash_h__ - -#include -#include -#include -#ifdef KRB5 -#include -#endif - -#ifndef min -#define min(a,b) (((a)>(b))?(b):(a)) -#endif - -/* Vector Crays doesn't have a good 32-bit type, or more precisely, - int32_t as defined by isn't 32 bits, and we don't - want to depend in being able to redefine this type. To cope with - this we have to clamp the result in some places to [0,2^32); no - need to do this on other machines. Did I say this was a mess? - */ - -#ifdef _CRAY -#define CRAYFIX(X) ((X) & 0xffffffff) -#else -#define CRAYFIX(X) (X) -#endif - -static inline uint32_t -cshift (uint32_t x, unsigned int n) -{ - x = CRAYFIX(x); - return CRAYFIX((x << n) | (x >> (32 - n))); -} - -#endif /* __hash_h__ */ diff --git a/source4/heimdal/lib/des/hmac.c b/source4/heimdal/lib/des/hmac.c deleted file mode 100644 index 848b987a90..0000000000 --- a/source4/heimdal/lib/des/hmac.c +++ /dev/null @@ -1,122 +0,0 @@ -#include -#include -#include -#include -#include - -void -HMAC_CTX_init(HMAC_CTX *ctx) -{ - memset(ctx, 0, sizeof(*ctx)); -} - -void -HMAC_CTX_cleanup(HMAC_CTX *ctx) -{ - if (ctx->buf) { - memset(ctx->buf, 0, ctx->key_length); - free(ctx->buf); - ctx->buf = NULL; - } - if (ctx->opad) { - memset(ctx->ipad, 0, ctx->key_length); - free(ctx->opad); - ctx->opad = NULL; - } - if (ctx->ipad) { - memset(ctx->ipad, 0, ctx->key_length); - free(ctx->ipad); - ctx->ipad = NULL; - } - if (ctx->ctx) { - EVP_MD_CTX_destroy(ctx->ctx); - ctx->ctx = NULL; - } -} - -size_t -HMAC_size(const HMAC_CTX *ctx) -{ - return EVP_MD_size(ctx->md); -} - -void -HMAC_Init_ex(HMAC_CTX *ctx, - const void *key, - size_t keylen, - const EVP_MD *md, - ENGINE *engine) -{ - unsigned char *p; - size_t i; - - if (ctx->md != md) { - ctx->md = md; - if (ctx->buf) - free (ctx->buf); - ctx->key_length = EVP_MD_size(ctx->md); - ctx->buf = malloc(ctx->key_length); - } -#if 0 - ctx->engine = engine; -#endif - - if (keylen > EVP_MD_block_size(ctx->md)) { - EVP_Digest(key, keylen, ctx->buf, NULL, ctx->md, engine); - key = ctx->buf; - keylen = EVP_MD_size(ctx->md); - } - - if (ctx->opad) - free(ctx->opad); - if (ctx->ipad) - free(ctx->ipad); - - ctx->opad = malloc(EVP_MD_block_size(ctx->md)); - ctx->ipad = malloc(EVP_MD_block_size(ctx->md)); - memset(ctx->ipad, 0x36, EVP_MD_block_size(ctx->md)); - memset(ctx->opad, 0x5c, EVP_MD_block_size(ctx->md)); - - for (i = 0, p = ctx->ipad; i < keylen; i++) - p[i] ^= ((const unsigned char *)key)[i]; - for (i = 0, p = ctx->opad; i < keylen; i++) - p[i] ^= ((const unsigned char *)key)[i]; - - ctx->ctx = EVP_MD_CTX_create(); - - EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine); - EVP_DigestUpdate(ctx->ctx, ctx->ipad, EVP_MD_block_size(ctx->md)); -} - -void -HMAC_Update(HMAC_CTX *ctx, const void *data, size_t len) -{ - EVP_DigestUpdate(ctx->ctx, data, len); -} - -void -HMAC_Final(HMAC_CTX *ctx, void *md, unsigned int *len) -{ - EVP_DigestFinal_ex(ctx->ctx, ctx->buf, NULL); - - EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine); - EVP_DigestUpdate(ctx->ctx, ctx->opad, EVP_MD_block_size(ctx->md)); - EVP_DigestUpdate(ctx->ctx, ctx->buf, ctx->key_length); - EVP_DigestFinal_ex(ctx->ctx, md, len); -} - -void * -HMAC(const EVP_MD *md, - const void *key, size_t key_size, - const void *data, size_t data_size, - void *hash, unsigned int *hash_len) -{ - HMAC_CTX ctx; - - HMAC_CTX_init(&ctx); - HMAC_Init_ex(&ctx, key, key_size, md, NULL); - HMAC_Update(&ctx, data, data_size); - HMAC_Final(&ctx, hash, hash_len); - HMAC_CTX_cleanup(&ctx); - return hash; -} diff --git a/source4/heimdal/lib/des/hmac.h b/source4/heimdal/lib/des/hmac.h deleted file mode 100644 index a72ab574e7..0000000000 --- a/source4/heimdal/lib/des/hmac.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: hmac.h,v 1.3 2006/01/13 15:26:52 lha Exp $ */ - -#ifndef HEIM_HMAC_H -#define HEIM_HMAC_H 1 - -#include - -/* symbol renaming */ -#define HMAC_CTX_init hc_HMAC_CTX_init -#define HMAC_CTX_cleanup hc_HMAC_CTX_cleanup -#define HMAC_size hc_HMAC_size -#define HMAC_Init_ex hc_HMAC_Init_ex -#define HMAC_Update hc_HMAC_Update -#define HMAC_Final hc_HMAC_Final -#define HMAC hc_HMAC - -/* - * - */ - -#define HMAC_MAX_MD_CBLOCK 64 - -typedef struct hc_HMAC_CTX HMAC_CTX; - -struct hc_HMAC_CTX { - const EVP_MD *md; - ENGINE *engine; - EVP_MD_CTX *ctx; - size_t key_length; - void *opad; - void *ipad; - void *buf; -}; - - -void HMAC_CTX_init(HMAC_CTX *); -void HMAC_CTX_cleanup(HMAC_CTX *ctx); - -size_t HMAC_size(const HMAC_CTX *ctx); - -void HMAC_Init_ex(HMAC_CTX *, const void *, size_t, - const EVP_MD *, ENGINE *); -void HMAC_Update(HMAC_CTX *ctx, const void *data, size_t len); -void HMAC_Final(HMAC_CTX *ctx, void *md, unsigned int *len); - -void * HMAC(const EVP_MD *evp_md, const void *key, size_t key_len, - const void *data, size_t n, void *md, unsigned int *md_len); - -#endif /* HEIM_HMAC_H */ diff --git a/source4/heimdal/lib/des/imath/LICENSE b/source4/heimdal/lib/des/imath/LICENSE deleted file mode 100644 index cecfb11404..0000000000 --- a/source4/heimdal/lib/des/imath/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -IMath is Copyright 2002-2006 Michael J. Fromberger -You may use it subject to the following Licensing Terms: - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/source4/heimdal/lib/des/imath/imath.c b/source4/heimdal/lib/des/imath/imath.c deleted file mode 100755 index 0a124fa13f..0000000000 --- a/source4/heimdal/lib/des/imath/imath.c +++ /dev/null @@ -1,3246 +0,0 @@ -/* - Name: imath.c - Purpose: Arbitrary precision integer arithmetic routines. - Author: M. J. Fromberger - Info: $Id: imath.c,v 1.6 2007/01/08 10:17:31 lha Exp $ - - Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved. - - Permission is hereby granted, free of charge, to any person - obtaining a copy of this software and associated documentation files - (the "Software"), to deal in the Software without restriction, - including without limitation the rights to use, copy, modify, merge, - publish, distribute, sublicense, and/or sell copies of the Software, - and to permit persons to whom the Software is furnished to do so, - subject to the following conditions: - - The above copyright notice and this permission notice shall be - included in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - SOFTWARE. - */ - -#include "imath.h" - -#if DEBUG -#include -#endif - -#include -#include -#include -#include - -#include - -/* {{{ Constants */ - -const mp_result MP_OK = 0; /* no error, all is well */ -const mp_result MP_FALSE = 0; /* boolean false */ -const mp_result MP_TRUE = -1; /* boolean true */ -const mp_result MP_MEMORY = -2; /* out of memory */ -const mp_result MP_RANGE = -3; /* argument out of range */ -const mp_result MP_UNDEF = -4; /* result undefined */ -const mp_result MP_TRUNC = -5; /* output truncated */ -const mp_result MP_BADARG = -6; /* invalid null argument */ - -const mp_sign MP_NEG = 1; /* value is strictly negative */ -const mp_sign MP_ZPOS = 0; /* value is non-negative */ - -static const char *s_unknown_err = "unknown result code"; -static const char *s_error_msg[] = { - "error code 0", - "boolean true", - "out of memory", - "argument out of range", - "result undefined", - "output truncated", - "invalid null argument", - NULL -}; - -/* }}} */ - -/* Argument checking macros - Use CHECK() where a return value is required; NRCHECK() elsewhere */ -#define CHECK(TEST) assert(TEST) -#define NRCHECK(TEST) assert(TEST) - -/* {{{ Logarithm table for computing output sizes */ - -/* The ith entry of this table gives the value of log_i(2). - - An integer value n requires ceil(log_i(n)) digits to be represented - in base i. Since it is easy to compute lg(n), by counting bits, we - can compute log_i(n) = lg(n) * log_i(2). - - The use of this table eliminates a dependency upon linkage against - the standard math libraries. - */ -static const double s_log2[] = { - 0.000000000, 0.000000000, 1.000000000, 0.630929754, /* 0 1 2 3 */ - 0.500000000, 0.430676558, 0.386852807, 0.356207187, /* 4 5 6 7 */ - 0.333333333, 0.315464877, 0.301029996, 0.289064826, /* 8 9 10 11 */ - 0.278942946, 0.270238154, 0.262649535, 0.255958025, /* 12 13 14 15 */ - 0.250000000, 0.244650542, 0.239812467, 0.235408913, /* 16 17 18 19 */ - 0.231378213, 0.227670249, 0.224243824, 0.221064729, /* 20 21 22 23 */ - 0.218104292, 0.215338279, 0.212746054, 0.210309918, /* 24 25 26 27 */ - 0.208014598, 0.205846832, 0.203795047, 0.201849087, /* 28 29 30 31 */ - 0.200000000, 0.198239863, 0.196561632, 0.194959022, /* 32 33 34 35 */ - 0.193426404, 0.191958720, 0.190551412, 0.189200360, /* 36 37 38 39 */ - 0.187901825, 0.186652411, 0.185449023, 0.184288833, /* 40 41 42 43 */ - 0.183169251, 0.182087900, 0.181042597, 0.180031327, /* 44 45 46 47 */ - 0.179052232, 0.178103594, 0.177183820, 0.176291434, /* 48 49 50 51 */ - 0.175425064, 0.174583430, 0.173765343, 0.172969690, /* 52 53 54 55 */ - 0.172195434, 0.171441601, 0.170707280, 0.169991616, /* 56 57 58 59 */ - 0.169293808, 0.168613099, 0.167948779, 0.167300179, /* 60 61 62 63 */ - 0.166666667 -}; - -/* }}} */ -/* {{{ Various macros */ - -/* Return the number of digits needed to represent a static value */ -#define MP_VALUE_DIGITS(V) \ -((sizeof(V)+(sizeof(mp_digit)-1))/sizeof(mp_digit)) - -/* Round precision P to nearest word boundary */ -#define ROUND_PREC(P) ((mp_size)(2*(((P)+1)/2))) - -/* Set array P of S digits to zero */ -#define ZERO(P, S) \ -do{mp_size i__=(S)*sizeof(mp_digit);mp_digit *p__=(P);memset(p__,0,i__);}while(0) - -/* Copy S digits from array P to array Q */ -#define COPY(P, Q, S) \ -do{mp_size i__=(S)*sizeof(mp_digit);mp_digit *p__=(P),*q__=(Q);\ -memcpy(q__,p__,i__);}while(0) - -/* Reverse N elements of type T in array A */ -#define REV(T, A, N) \ -do{T *u_=(A),*v_=u_+(N)-1;while(u_ 1 && (*dz_-- == 0)) --uz_;MP_USED(z_)=uz_;}while(0) -#endif - -#define MIN(A, B) ((B)<(A)?(B):(A)) -#define MAX(A, B) ((B)>(A)?(B):(A)) -#define SWAP(T, A, B) do{T t_=(A);A=(B);B=t_;}while(0) - -#define TEMP(K) (temp + (K)) -#define SETUP(E, C) \ -do{if((res = (E)) != MP_OK) goto CLEANUP; ++(C);}while(0) - -#define CMPZ(Z) \ -(((Z)->used==1&&(Z)->digits[0]==0)?0:((Z)->sign==MP_NEG)?-1:1) - -#define UMUL(X, Y, Z) \ -do{mp_size ua_=MP_USED(X),ub_=MP_USED(Y);mp_size o_=ua_+ub_;\ -ZERO(MP_DIGITS(Z),o_);\ -(void) s_kmul(MP_DIGITS(X),MP_DIGITS(Y),MP_DIGITS(Z),ua_,ub_);\ -MP_USED(Z)=o_;CLAMP(Z);}while(0) - -#define USQR(X, Z) \ -do{mp_size ua_=MP_USED(X),o_=ua_+ua_;ZERO(MP_DIGITS(Z),o_);\ -(void) s_ksqr(MP_DIGITS(X),MP_DIGITS(Z),ua_);MP_USED(Z)=o_;CLAMP(Z);}while(0) - -#define UPPER_HALF(W) ((mp_word)((W) >> MP_DIGIT_BIT)) -#define LOWER_HALF(W) ((mp_digit)(W)) -#define HIGH_BIT_SET(W) ((W) >> (MP_WORD_BIT - 1)) -#define ADD_WILL_OVERFLOW(W, V) ((MP_WORD_MAX - (V)) < (W)) - -/* }}} */ -/* {{{ Default configuration settings */ - -/* Default number of digits allocated to a new mp_int */ -#if IMATH_TEST -mp_size default_precision = MP_DEFAULT_PREC; -#else -static const mp_size default_precision = MP_DEFAULT_PREC; -#endif - -/* Minimum number of digits to invoke recursive multiply */ -#if IMATH_TEST -mp_size multiply_threshold = MP_MULT_THRESH; -#else -static const mp_size multiply_threshold = MP_MULT_THRESH; -#endif - -/* }}} */ - -/* Allocate a buffer of (at least) num digits, or return - NULL if that couldn't be done. */ -static mp_digit *s_alloc(mp_size num); -#if TRACEABLE_FREE -static void s_free(void *ptr); -#else -#define s_free(P) free(P) -#endif - -/* Insure that z has at least min digits allocated, resizing if - necessary. Returns true if successful, false if out of memory. */ -int s_pad(mp_int z, mp_size min); - -/* Normalize by removing leading zeroes (except when z = 0) */ -#if TRACEABLE_CLAMP -static void s_clamp(mp_int z); -#endif - -/* Fill in a "fake" mp_int on the stack with a given value */ -static void s_fake(mp_int z, int value, mp_digit vbuf[]); - -/* Compare two runs of digits of given length, returns <0, 0, >0 */ -static int s_cdig(mp_digit *da, mp_digit *db, mp_size len); - -/* Pack the unsigned digits of v into array t */ -static int s_vpack(int v, mp_digit t[]); - -/* Compare magnitudes of a and b, returns <0, 0, >0 */ -static int s_ucmp(mp_int a, mp_int b); - -/* Compare magnitudes of a and v, returns <0, 0, >0 */ -static int s_vcmp(mp_int a, int v); - -/* Unsigned magnitude addition; assumes dc is big enough. - Carry out is returned (no memory allocated). */ -static mp_digit s_uadd(mp_digit *da, mp_digit *db, mp_digit *dc, - mp_size size_a, mp_size size_b); - -/* Unsigned magnitude subtraction. Assumes dc is big enough. */ -static void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc, - mp_size size_a, mp_size size_b); - -/* Unsigned recursive multiplication. Assumes dc is big enough. */ -static int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc, - mp_size size_a, mp_size size_b); - -/* Unsigned magnitude multiplication. Assumes dc is big enough. */ -static void s_umul(mp_digit *da, mp_digit *db, mp_digit *dc, - mp_size size_a, mp_size size_b); - -/* Unsigned recursive squaring. Assumes dc is big enough. */ -static int s_ksqr(mp_digit *da, mp_digit *dc, mp_size size_a); - -/* Unsigned magnitude squaring. Assumes dc is big enough. */ -static void s_usqr(mp_digit *da, mp_digit *dc, mp_size size_a); - -/* Single digit addition. Assumes a is big enough. */ -static void s_dadd(mp_int a, mp_digit b); - -/* Single digit multiplication. Assumes a is big enough. */ -static void s_dmul(mp_int a, mp_digit b); - -/* Single digit multiplication on buffers; assumes dc is big enough. */ -static void s_dbmul(mp_digit *da, mp_digit b, mp_digit *dc, - mp_size size_a); - -/* Single digit division. Replaces a with the quotient, - returns the remainder. */ -static mp_digit s_ddiv(mp_int a, mp_digit b); - -/* Quick division by a power of 2, replaces z (no allocation) */ -static void s_qdiv(mp_int z, mp_size p2); - -/* Quick remainder by a power of 2, replaces z (no allocation) */ -static void s_qmod(mp_int z, mp_size p2); - -/* Quick multiplication by a power of 2, replaces z. - Allocates if necessary; returns false in case this fails. */ -static int s_qmul(mp_int z, mp_size p2); - -/* Quick subtraction from a power of 2, replaces z. - Allocates if necessary; returns false in case this fails. */ -static int s_qsub(mp_int z, mp_size p2); - -/* Return maximum k such that 2^k divides z. */ -static int s_dp2k(mp_int z); - -/* Return k >= 0 such that z = 2^k, or -1 if there is no such k. */ -static int s_isp2(mp_int z); - -/* Set z to 2^k. May allocate; returns false in case this fails. */ -static int s_2expt(mp_int z, int k); - -/* Normalize a and b for division, returns normalization constant */ -static int s_norm(mp_int a, mp_int b); - -/* Compute constant mu for Barrett reduction, given modulus m, result - replaces z, m is untouched. */ -static mp_result s_brmu(mp_int z, mp_int m); - -/* Reduce a modulo m, using Barrett's algorithm. */ -static int s_reduce(mp_int x, mp_int m, mp_int mu, mp_int q1, mp_int q2); - -/* Modular exponentiation, using Barrett reduction */ -mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c); - -/* Unsigned magnitude division. Assumes |a| > |b|. Allocates - temporaries; overwrites a with quotient, b with remainder. */ -static mp_result s_udiv(mp_int a, mp_int b); - -/* Compute the number of digits in radix r required to represent the - given value. Does not account for sign flags, terminators, etc. */ -static int s_outlen(mp_int z, mp_size r); - -/* Guess how many digits of precision will be needed to represent a - radix r value of the specified number of digits. Returns a value - guaranteed to be no smaller than the actual number required. */ -static mp_size s_inlen(int len, mp_size r); - -/* Convert a character to a digit value in radix r, or - -1 if out of range */ -static int s_ch2val(char c, int r); - -/* Convert a digit value to a character */ -static char s_val2ch(int v, int caps); - -/* Take 2's complement of a buffer in place */ -static void s_2comp(unsigned char *buf, int len); - -/* Convert a value to binary, ignoring sign. On input, *limpos is the - bound on how many bytes should be written to buf; on output, *limpos - is set to the number of bytes actually written. */ -static mp_result s_tobin(mp_int z, unsigned char *buf, int *limpos, int pad); - -#if DEBUG -/* Dump a representation of the mp_int to standard output */ -void s_print(char *tag, mp_int z); -void s_print_buf(char *tag, mp_digit *buf, mp_size num); -#endif - -/* {{{ mp_int_init(z) */ - -mp_result mp_int_init(mp_int z) -{ - if(z == NULL) - return MP_BADARG; - - z->single = 0; - z->digits = &(z->single); - z->alloc = 1; - z->used = 1; - z->sign = MP_ZPOS; - - return MP_OK; -} - -/* }}} */ - -/* {{{ mp_int_alloc() */ - -mp_int mp_int_alloc(void) -{ - mp_int out = malloc(sizeof(mpz_t)); - - if(out != NULL) - mp_int_init(out); - - return out; -} - -/* }}} */ - -/* {{{ mp_int_init_size(z, prec) */ - -mp_result mp_int_init_size(mp_int z, mp_size prec) -{ - CHECK(z != NULL); - - if(prec == 0) - prec = default_precision; - else if(prec == 1) - return mp_int_init(z); - else - prec = (mp_size) ROUND_PREC(prec); - - if((MP_DIGITS(z) = s_alloc(prec)) == NULL) - return MP_MEMORY; - - z->digits[0] = 0; - MP_USED(z) = 1; - MP_ALLOC(z) = prec; - MP_SIGN(z) = MP_ZPOS; - - return MP_OK; -} - -/* }}} */ - -/* {{{ mp_int_init_copy(z, old) */ - -mp_result mp_int_init_copy(mp_int z, mp_int old) -{ - mp_result res; - mp_size uold; - - CHECK(z != NULL && old != NULL); - - uold = MP_USED(old); - if(uold == 1) { - mp_int_init(z); - } - else { - mp_size target = MAX(uold, default_precision); - - if((res = mp_int_init_size(z, target)) != MP_OK) - return res; - } - - MP_USED(z) = uold; - MP_SIGN(z) = MP_SIGN(old); - COPY(MP_DIGITS(old), MP_DIGITS(z), uold); - - return MP_OK; -} - -/* }}} */ - -/* {{{ mp_int_init_value(z, value) */ - -mp_result mp_int_init_value(mp_int z, int value) -{ - mpz_t vtmp; - mp_digit vbuf[MP_VALUE_DIGITS(value)]; - - s_fake(&vtmp, value, vbuf); - return mp_int_init_copy(z, &vtmp); -} - -/* }}} */ - -/* {{{ mp_int_set_value(z, value) */ - -mp_result mp_int_set_value(mp_int z, int value) -{ - mpz_t vtmp; - mp_digit vbuf[MP_VALUE_DIGITS(value)]; - - s_fake(&vtmp, value, vbuf); - return mp_int_copy(&vtmp, z); -} - -/* }}} */ - -/* {{{ mp_int_clear(z) */ - -void mp_int_clear(mp_int z) -{ - if(z == NULL) - return; - - if(MP_DIGITS(z) != NULL) { - if((void *) MP_DIGITS(z) != (void *) z) - s_free(MP_DIGITS(z)); - - MP_DIGITS(z) = NULL; - } -} - -/* }}} */ - -/* {{{ mp_int_free(z) */ - -void mp_int_free(mp_int z) -{ - NRCHECK(z != NULL); - - mp_int_clear(z); - free(z); -} - -/* }}} */ - -/* {{{ mp_int_copy(a, c) */ - -mp_result mp_int_copy(mp_int a, mp_int c) -{ - CHECK(a != NULL && c != NULL); - - if(a != c) { - mp_size ua = MP_USED(a); - mp_digit *da, *dc; - - if(!s_pad(c, ua)) - return MP_MEMORY; - - da = MP_DIGITS(a); dc = MP_DIGITS(c); - COPY(da, dc, ua); - - MP_USED(c) = ua; - MP_SIGN(c) = MP_SIGN(a); - } - - return MP_OK; -} - -/* }}} */ - -/* {{{ mp_int_swap(a, c) */ - -void mp_int_swap(mp_int a, mp_int c) -{ - if(a != c) { - mpz_t tmp = *a; - - *a = *c; - *c = tmp; - } -} - -/* }}} */ - -/* {{{ mp_int_zero(z) */ - -void mp_int_zero(mp_int z) -{ - NRCHECK(z != NULL); - - z->digits[0] = 0; - MP_USED(z) = 1; - MP_SIGN(z) = MP_ZPOS; -} - -/* }}} */ - -/* {{{ mp_int_abs(a, c) */ - -mp_result mp_int_abs(mp_int a, mp_int c) -{ - mp_result res; - - CHECK(a != NULL && c != NULL); - - if((res = mp_int_copy(a, c)) != MP_OK) - return res; - - MP_SIGN(c) = MP_ZPOS; - return MP_OK; -} - -/* }}} */ - -/* {{{ mp_int_neg(a, c) */ - -mp_result mp_int_neg(mp_int a, mp_int c) -{ - mp_result res; - - CHECK(a != NULL && c != NULL); - - if((res = mp_int_copy(a, c)) != MP_OK) - return res; - - if(CMPZ(c) != 0) - MP_SIGN(c) = 1 - MP_SIGN(a); - - return MP_OK; -} - -/* }}} */ - -/* {{{ mp_int_add(a, b, c) */ - -mp_result mp_int_add(mp_int a, mp_int b, mp_int c) -{ - mp_size ua, ub, uc, max; - - CHECK(a != NULL && b != NULL && c != NULL); - - ua = MP_USED(a); ub = MP_USED(b); uc = MP_USED(c); - max = MAX(ua, ub); - - if(MP_SIGN(a) == MP_SIGN(b)) { - /* Same sign -- add magnitudes, preserve sign of addends */ - mp_digit carry; - - if(!s_pad(c, max)) - return MP_MEMORY; - - carry = s_uadd(MP_DIGITS(a), MP_DIGITS(b), MP_DIGITS(c), ua, ub); - uc = max; - - if(carry) { - if(!s_pad(c, max + 1)) - return MP_MEMORY; - - c->digits[max] = carry; - ++uc; - } - - MP_USED(c) = uc; - MP_SIGN(c) = MP_SIGN(a); - - } - else { - /* Different signs -- subtract magnitudes, preserve sign of greater */ - mp_int x, y; - int cmp = s_ucmp(a, b); /* magnitude comparision, sign ignored */ - - /* Set x to max(a, b), y to min(a, b) to simplify later code */ - if(cmp >= 0) { - x = a; y = b; - } - else { - x = b; y = a; - } - - if(!s_pad(c, MP_USED(x))) - return MP_MEMORY; - - /* Subtract smaller from larger */ - s_usub(MP_DIGITS(x), MP_DIGITS(y), MP_DIGITS(c), MP_USED(x), MP_USED(y)); - MP_USED(c) = MP_USED(x); - CLAMP(c); - - /* Give result the sign of the larger */ - MP_SIGN(c) = MP_SIGN(x); - } - - return MP_OK; -} - -/* }}} */ - -/* {{{ mp_int_add_value(a, value, c) */ - -mp_result mp_int_add_value(mp_int a, int value, mp_int c) -{ - mpz_t vtmp; - mp_digit vbuf[MP_VALUE_DIGITS(value)]; - - s_fake(&vtmp, value, vbuf); - - return mp_int_add(a, &vtmp, c); -} - -/* }}} */ - -/* {{{ mp_int_sub(a, b, c) */ - -mp_result mp_int_sub(mp_int a, mp_int b, mp_int c) -{ - mp_size ua, ub, uc, max; - - CHECK(a != NULL && b != NULL && c != NULL); - - ua = MP_USED(a); ub = MP_USED(b); uc = MP_USED(c); - max = MAX(ua, ub); - - if(MP_SIGN(a) != MP_SIGN(b)) { - /* Different signs -- add magnitudes and keep sign of a */ - mp_digit carry; - - if(!s_pad(c, max)) - return MP_MEMORY; - - carry = s_uadd(MP_DIGITS(a), MP_DIGITS(b), MP_DIGITS(c), ua, ub); - uc = max; - - if(carry) { - if(!s_pad(c, max + 1)) - return MP_MEMORY; - - c->digits[max] = carry; - ++uc; - } - - MP_USED(c) = uc; - MP_SIGN(c) = MP_SIGN(a); - - } - else { - /* Same signs -- subtract magnitudes */ - mp_int x, y; - mp_sign osign; - int cmp = s_ucmp(a, b); - - if(!s_pad(c, max)) - return MP_MEMORY; - - if(cmp >= 0) { - x = a; y = b; osign = MP_ZPOS; - } - else { - x = b; y = a; osign = MP_NEG; - } - - if(MP_SIGN(a) == MP_NEG && cmp != 0) - osign = 1 - osign; - - s_usub(MP_DIGITS(x), MP_DIGITS(y), MP_DIGITS(c), MP_USED(x), MP_USED(y)); - MP_USED(c) = MP_USED(x); - CLAMP(c); - - MP_SIGN(c) = osign; - } - - return MP_OK; -} - -/* }}} */ - -/* {{{ mp_int_sub_value(a, value, c) */ - -mp_result mp_int_sub_value(mp_int a, int value, mp_int c) -{ - mpz_t vtmp; - mp_digit vbuf[MP_VALUE_DIGITS(value)]; - - s_fake(&vtmp, value, vbuf); - - return mp_int_sub(a, &vtmp, c); -} - -/* }}} */ - -/* {{{ mp_int_mul(a, b, c) */ - -mp_result mp_int_mul(mp_int a, mp_int b, mp_int c) -{ - mp_digit *out; - mp_size osize, ua, ub, p = 0; - mp_sign osign; - - CHECK(a != NULL && b != NULL && c != NULL); - - /* If either input is zero, we can shortcut multiplication */ - if(mp_int_compare_zero(a) == 0 || mp_int_compare_zero(b) == 0) { - mp_int_zero(c); - return MP_OK; - } - - /* Output is positive if inputs have same sign, otherwise negative */ - osign = (MP_SIGN(a) == MP_SIGN(b)) ? MP_ZPOS : MP_NEG; - - /* If the output is not equal to any of the inputs, we'll write the - results there directly; otherwise, allocate a temporary space. */ - ua = MP_USED(a); ub = MP_USED(b); - osize = ua + ub; - - if(c == a || c == b) { - p = ROUND_PREC(osize); - p = MAX(p, default_precision); - - if((out = s_alloc(p)) == NULL) - return MP_MEMORY; - } - else { - if(!s_pad(c, osize)) - return MP_MEMORY; - - out = MP_DIGITS(c); - } - ZERO(out, osize); - - if(!s_kmul(MP_DIGITS(a), MP_DIGITS(b), out, ua, ub)) - return MP_MEMORY; - - /* If we allocated a new buffer, get rid of whatever memory c was - already using, and fix up its fields to reflect that. - */ - if(out != MP_DIGITS(c)) { - if((void *) MP_DIGITS(c) != (void *) c) - s_free(MP_DIGITS(c)); - MP_DIGITS(c) = out; - MP_ALLOC(c) = p; - } - - MP_USED(c) = osize; /* might not be true, but we'll fix it ... */ - CLAMP(c); /* ... right here */ - MP_SIGN(c) = osign; - - return MP_OK; -} - -/* }}} */ - -/* {{{ mp_int_mul_value(a, value, c) */ - -mp_result mp_int_mul_value(mp_int a, int value, mp_int c) -{ - mpz_t vtmp; - mp_digit vbuf[MP_VALUE_DIGITS(value)]; - - s_fake(&vtmp, value, vbuf); - - return mp_int_mul(a, &vtmp, c); -} - -/* }}} */ - -/* {{{ mp_int_mul_pow2(a, p2, c) */ - -mp_result mp_int_mul_pow2(mp_int a, int p2, mp_int c) -{ - mp_result res; - CHECK(a != NULL && c != NULL && p2 >= 0); - - if((res = mp_int_copy(a, c)) != MP_OK) - return res; - - if(s_qmul(c, (mp_size) p2)) - return MP_OK; - else - return MP_MEMORY; -} - -/* }}} */ - -/* {{{ mp_int_sqr(a, c) */ - -mp_result mp_int_sqr(mp_int a, mp_int c) -{ - mp_digit *out; - mp_size osize, p = 0; - - CHECK(a != NULL && c != NULL); - - /* Get a temporary buffer big enough to hold the result */ - osize = (mp_size) 2 * MP_USED(a); - if(a == c) { - p = ROUND_PREC(osize); - p = MAX(p, default_precision); - - if((out = s_alloc(p)) == NULL) - return MP_MEMORY; - } - else { - if(!s_pad(c, osize)) - return MP_MEMORY; - - out = MP_DIGITS(c); - } - ZERO(out, osize); - - s_ksqr(MP_DIGITS(a), out, MP_USED(a)); - - /* Get rid of whatever memory c was already using, and fix up its - fields to reflect the new digit array it's using - */ - if(out != MP_DIGITS(c)) { - if((void *) MP_DIGITS(c) != (void *) c) - s_free(MP_DIGITS(c)); - MP_DIGITS(c) = out; - MP_ALLOC(c) = p; - } - - MP_USED(c) = osize; /* might not be true, but we'll fix it ... */ - CLAMP(c); /* ... right here */ - MP_SIGN(c) = MP_ZPOS; - - return MP_OK; -} - -/* }}} */ - -/* {{{ mp_int_div(a, b, q, r) */ - -mp_result mp_int_div(mp_int a, mp_int b, mp_int q, mp_int r) -{ - int cmp, last = 0, lg; - mp_result res = MP_OK; - mpz_t temp[2]; - mp_int qout, rout; - mp_sign sa = MP_SIGN(a), sb = MP_SIGN(b); - - CHECK(a != NULL && b != NULL && q != r); - - if(CMPZ(b) == 0) - return MP_UNDEF; - else if((cmp = s_ucmp(a, b)) < 0) { - /* If |a| < |b|, no division is required: - q = 0, r = a - */ - if(r && (res = mp_int_copy(a, r)) != MP_OK) - return res; - - if(q) - mp_int_zero(q); - - return MP_OK; - } - else if(cmp == 0) { - /* If |a| = |b|, no division is required: - q = 1 or -1, r = 0 - */ - if(r) - mp_int_zero(r); - - if(q) { - mp_int_zero(q); - q->digits[0] = 1; - - if(sa != sb) - MP_SIGN(q) = MP_NEG; - } - - return MP_OK; - } - - /* When |a| > |b|, real division is required. We need someplace to - store quotient and remainder, but q and r are allowed to be NULL - or to overlap with the inputs. - */ - if((lg = s_isp2(b)) < 0) { - if(q && b != q && (res = mp_int_copy(a, q)) == MP_OK) { - qout = q; - } - else { - qout = TEMP(last); - SETUP(mp_int_init_copy(TEMP(last), a), last); - } - - if(r && a != r && (res = mp_int_copy(b, r)) == MP_OK) { - rout = r; - } - else { - rout = TEMP(last); - SETUP(mp_int_init_copy(TEMP(last), b), last); - } - - if((res = s_udiv(qout, rout)) != MP_OK) goto CLEANUP; - } - else { - if(q && (res = mp_int_copy(a, q)) != MP_OK) goto CLEANUP; - if(r && (res = mp_int_copy(a, r)) != MP_OK) goto CLEANUP; - - if(q) s_qdiv(q, (mp_size) lg); qout = q; - if(r) s_qmod(r, (mp_size) lg); rout = r; - } - - /* Recompute signs for output */ - if(rout) { - MP_SIGN(rout) = sa; - if(CMPZ(rout) == 0) - MP_SIGN(rout) = MP_ZPOS; - } - if(qout) { - MP_SIGN(qout) = (sa == sb) ? MP_ZPOS : MP_NEG; - if(CMPZ(qout) == 0) - MP_SIGN(qout) = MP_ZPOS; - } - - if(q && (res = mp_int_copy(qout, q)) != MP_OK) goto CLEANUP; - if(r && (res = mp_int_copy(rout, r)) != MP_OK) goto CLEANUP; - - CLEANUP: - while(--last >= 0) - mp_int_clear(TEMP(last)); - - return res; -} - -/* }}} */ - -/* {{{ mp_int_mod(a, m, c) */ - -mp_result mp_int_mod(mp_int a, mp_int m, mp_int c) -{ - mp_result res; - mpz_t tmp; - mp_int out; - - if(m == c) { - mp_int_init(&tmp); - out = &tmp; - } - else { - out = c; - } - - if((res = mp_int_div(a, m, NULL, out)) != MP_OK) - goto CLEANUP; - - if(CMPZ(out) < 0) - res = mp_int_add(out, m, c); - else - res = mp_int_copy(out, c); - - CLEANUP: - if(out != c) - mp_int_clear(&tmp); - - return res; -} - -/* }}} */ - - -/* {{{ mp_int_div_value(a, value, q, r) */ - -mp_result mp_int_div_value(mp_int a, int value, mp_int q, int *r) -{ - mpz_t vtmp, rtmp; - mp_digit vbuf[MP_VALUE_DIGITS(value)]; - mp_result res; - - mp_int_init(&rtmp); - s_fake(&vtmp, value, vbuf); - - if((res = mp_int_div(a, &vtmp, q, &rtmp)) != MP_OK) - goto CLEANUP; - - if(r) - (void) mp_int_to_int(&rtmp, r); /* can't fail */ - - CLEANUP: - mp_int_clear(&rtmp); - return res; -} - -/* }}} */ - -/* {{{ mp_int_div_pow2(a, p2, q, r) */ - -mp_result mp_int_div_pow2(mp_int a, int p2, mp_int q, mp_int r) -{ - mp_result res = MP_OK; - - CHECK(a != NULL && p2 >= 0 && q != r); - - if(q != NULL && (res = mp_int_copy(a, q)) == MP_OK) - s_qdiv(q, (mp_size) p2); - - if(res == MP_OK && r != NULL && (res = mp_int_copy(a, r)) == MP_OK) - s_qmod(r, (mp_size) p2); - - return res; -} - -/* }}} */ - -/* {{{ mp_int_expt(a, b, c) */ - -mp_result mp_int_expt(mp_int a, int b, mp_int c) -{ - mpz_t t; - mp_result res; - unsigned int v = abs(b); - - CHECK(b >= 0 && c != NULL); - - if((res = mp_int_init_copy(&t, a)) != MP_OK) - return res; - - (void) mp_int_set_value(c, 1); - while(v != 0) { - if(v & 1) { - if((res = mp_int_mul(c, &t, c)) != MP_OK) - goto CLEANUP; - } - - v >>= 1; - if(v == 0) break; - - if((res = mp_int_sqr(&t, &t)) != MP_OK) - goto CLEANUP; - } - - CLEANUP: - mp_int_clear(&t); - return res; -} - -/* }}} */ - -/* {{{ mp_int_expt_value(a, b, c) */ - -mp_result mp_int_expt_value(int a, int b, mp_int c) -{ - mpz_t t; - mp_result res; - unsigned int v = abs(b); - - CHECK(b >= 0 && c != NULL); - - if((res = mp_int_init_value(&t, a)) != MP_OK) - return res; - - (void) mp_int_set_value(c, 1); - while(v != 0) { - if(v & 1) { - if((res = mp_int_mul(c, &t, c)) != MP_OK) - goto CLEANUP; - } - - v >>= 1; - if(v == 0) break; - - if((res = mp_int_sqr(&t, &t)) != MP_OK) - goto CLEANUP; - } - - CLEANUP: - mp_int_clear(&t); - return res; -} - -/* }}} */ - -/* {{{ mp_int_compare(a, b) */ - -int mp_int_compare(mp_int a, mp_int b) -{ - mp_sign sa; - - CHECK(a != NULL && b != NULL); - - sa = MP_SIGN(a); - if(sa == MP_SIGN(b)) { - int cmp = s_ucmp(a, b); - - /* If they're both zero or positive, the normal comparison - applies; if both negative, the sense is reversed. */ - if(sa == MP_ZPOS) - return cmp; - else - return -cmp; - - } - else { - if(sa == MP_ZPOS) - return 1; - else - return -1; - } -} - -/* }}} */ - -/* {{{ mp_int_compare_unsigned(a, b) */ - -int mp_int_compare_unsigned(mp_int a, mp_int b) -{ - NRCHECK(a != NULL && b != NULL); - - return s_ucmp(a, b); -} - -/* }}} */ - -/* {{{ mp_int_compare_zero(z) */ - -int mp_int_compare_zero(mp_int z) -{ - NRCHECK(z != NULL); - - if(MP_USED(z) == 1 && z->digits[0] == 0) - return 0; - else if(MP_SIGN(z) == MP_ZPOS) - return 1; - else - return -1; -} - -/* }}} */ - -/* {{{ mp_int_compare_value(z, value) */ - -int mp_int_compare_value(mp_int z, int value) -{ - mp_sign vsign = (value < 0) ? MP_NEG : MP_ZPOS; - int cmp; - - CHECK(z != NULL); - - if(vsign == MP_SIGN(z)) { - cmp = s_vcmp(z, value); - - if(vsign == MP_ZPOS) - return cmp; - else - return -cmp; - } - else { - if(value < 0) - return 1; - else - return -1; - } -} - -/* }}} */ - -/* {{{ mp_int_exptmod(a, b, m, c) */ - -mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m, mp_int c) -{ - mp_result res; - mp_size um; - mpz_t temp[3]; - mp_int s; - int last = 0; - - CHECK(a != NULL && b != NULL && c != NULL && m != NULL); - - /* Zero moduli and negative exponents are not considered. */ - if(CMPZ(m) == 0) - return MP_UNDEF; - if(CMPZ(b) < 0) - return MP_RANGE; - - um = MP_USED(m); - SETUP(mp_int_init_size(TEMP(0), 2 * um), last); - SETUP(mp_int_init_size(TEMP(1), 2 * um), last); - - if(c == b || c == m) { - SETUP(mp_int_init_size(TEMP(2), 2 * um), last); - s = TEMP(2); - } - else { - s = c; - } - - if((res = mp_int_mod(a, m, TEMP(0))) != MP_OK) goto CLEANUP; - - if((res = s_brmu(TEMP(1), m)) != MP_OK) goto CLEANUP; - - if((res = s_embar(TEMP(0), b, m, TEMP(1), s)) != MP_OK) - goto CLEANUP; - - res = mp_int_copy(s, c); - - CLEANUP: - while(--last >= 0) - mp_int_clear(TEMP(last)); - - return res; -} - -/* }}} */ - -/* {{{ mp_int_exptmod_evalue(a, value, m, c) */ - -mp_result mp_int_exptmod_evalue(mp_int a, int value, mp_int m, mp_int c) -{ - mpz_t vtmp; - mp_digit vbuf[MP_VALUE_DIGITS(value)]; - - s_fake(&vtmp, value, vbuf); - - return mp_int_exptmod(a, &vtmp, m, c); -} - -/* }}} */ - -/* {{{ mp_int_exptmod_bvalue(v, b, m, c) */ - -mp_result mp_int_exptmod_bvalue(int value, mp_int b, - mp_int m, mp_int c) -{ - mpz_t vtmp; - mp_digit vbuf[MP_VALUE_DIGITS(value)]; - - s_fake(&vtmp, value, vbuf); - - return mp_int_exptmod(&vtmp, b, m, c); -} - -/* }}} */ - -/* {{{ mp_int_exptmod_known(a, b, m, mu, c) */ - -mp_result mp_int_exptmod_known(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c) -{ - mp_result res; - mp_size um; - mpz_t temp[2]; - mp_int s; - int last = 0; - - CHECK(a && b && m && c); - - /* Zero moduli and negative exponents are not considered. */ - if(CMPZ(m) == 0) - return MP_UNDEF; - if(CMPZ(b) < 0) - return MP_RANGE; - - um = MP_USED(m); - SETUP(mp_int_init_size(TEMP(0), 2 * um), last); - - if(c == b || c == m) { - SETUP(mp_int_init_size(TEMP(1), 2 * um), last); - s = TEMP(1); - } - else { - s = c; - } - - if((res = mp_int_mod(a, m, TEMP(0))) != MP_OK) goto CLEANUP; - - if((res = s_embar(TEMP(0), b, m, mu, s)) != MP_OK) - goto CLEANUP; - - res = mp_int_copy(s, c); - - CLEANUP: - while(--last >= 0) - mp_int_clear(TEMP(last)); - - return res; -} - -/* }}} */ - -/* {{{ mp_int_redux_const(m, c) */ - -mp_result mp_int_redux_const(mp_int m, mp_int c) -{ - CHECK(m != NULL && c != NULL && m != c); - - return s_brmu(c, m); -} - -/* }}} */ - -/* {{{ mp_int_invmod(a, m, c) */ - -mp_result mp_int_invmod(mp_int a, mp_int m, mp_int c) -{ - mp_result res; - mp_sign sa; - int last = 0; - mpz_t temp[2]; - - CHECK(a != NULL && m != NULL && c != NULL); - - if(CMPZ(a) == 0 || CMPZ(m) <= 0) - return MP_RANGE; - - sa = MP_SIGN(a); /* need this for the result later */ - - for(last = 0; last < 2; ++last) - mp_int_init(TEMP(last)); - - if((res = mp_int_egcd(a, m, TEMP(0), TEMP(1), NULL)) != MP_OK) - goto CLEANUP; - - if(mp_int_compare_value(TEMP(0), 1) != 0) { - res = MP_UNDEF; - goto CLEANUP; - } - - /* It is first necessary to constrain the value to the proper range */ - if((res = mp_int_mod(TEMP(1), m, TEMP(1))) != MP_OK) - goto CLEANUP; - - /* Now, if 'a' was originally negative, the value we have is - actually the magnitude of the negative representative; to get the - positive value we have to subtract from the modulus. Otherwise, - the value is okay as it stands. - */ - if(sa == MP_NEG) - res = mp_int_sub(m, TEMP(1), c); - else - res = mp_int_copy(TEMP(1), c); - - CLEANUP: - while(--last >= 0) - mp_int_clear(TEMP(last)); - - return res; -} - -/* }}} */ - -/* {{{ mp_int_gcd(a, b, c) */ - -/* Binary GCD algorithm due to Josef Stein, 1961 */ -mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c) -{ - int ca, cb, k = 0; - mpz_t u, v, t; - mp_result res; - - CHECK(a != NULL && b != NULL && c != NULL); - - ca = CMPZ(a); - cb = CMPZ(b); - if(ca == 0 && cb == 0) - return MP_UNDEF; - else if(ca == 0) - return mp_int_abs(b, c); - else if(cb == 0) - return mp_int_abs(a, c); - - mp_int_init(&t); - if((res = mp_int_init_copy(&u, a)) != MP_OK) - goto U; - if((res = mp_int_init_copy(&v, b)) != MP_OK) - goto V; - - MP_SIGN(&u) = MP_ZPOS; MP_SIGN(&v) = MP_ZPOS; - - { /* Divide out common factors of 2 from u and v */ - int div2_u = s_dp2k(&u), div2_v = s_dp2k(&v); - - k = MIN(div2_u, div2_v); - s_qdiv(&u, (mp_size) k); - s_qdiv(&v, (mp_size) k); - } - - if(mp_int_is_odd(&u)) { - if((res = mp_int_neg(&v, &t)) != MP_OK) - goto CLEANUP; - } - else { - if((res = mp_int_copy(&u, &t)) != MP_OK) - goto CLEANUP; - } - - for(;;) { - s_qdiv(&t, s_dp2k(&t)); - - if(CMPZ(&t) > 0) { - if((res = mp_int_copy(&t, &u)) != MP_OK) - goto CLEANUP; - } - else { - if((res = mp_int_neg(&t, &v)) != MP_OK) - goto CLEANUP; - } - - if((res = mp_int_sub(&u, &v, &t)) != MP_OK) - goto CLEANUP; - - if(CMPZ(&t) == 0) - break; - } - - if((res = mp_int_abs(&u, c)) != MP_OK) - goto CLEANUP; - if(!s_qmul(c, (mp_size) k)) - res = MP_MEMORY; - - CLEANUP: - mp_int_clear(&v); - V: mp_int_clear(&u); - U: mp_int_clear(&t); - - return res; -} - -/* }}} */ - -/* {{{ mp_int_egcd(a, b, c, x, y) */ - -/* This is the binary GCD algorithm again, but this time we keep track - of the elementary matrix operations as we go, so we can get values - x and y satisfying c = ax + by. - */ -mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, - mp_int x, mp_int y) -{ - int k, last = 0, ca, cb; - mpz_t temp[8]; - mp_result res; - - CHECK(a != NULL && b != NULL && c != NULL && - (x != NULL || y != NULL)); - - ca = CMPZ(a); - cb = CMPZ(b); - if(ca == 0 && cb == 0) - return MP_UNDEF; - else if(ca == 0) { - if((res = mp_int_abs(b, c)) != MP_OK) return res; - mp_int_zero(x); (void) mp_int_set_value(y, 1); return MP_OK; - } - else if(cb == 0) { - if((res = mp_int_abs(a, c)) != MP_OK) return res; - (void) mp_int_set_value(x, 1); mp_int_zero(y); return MP_OK; - } - - /* Initialize temporaries: - A:0, B:1, C:2, D:3, u:4, v:5, ou:6, ov:7 */ - for(last = 0; last < 4; ++last) - mp_int_init(TEMP(last)); - TEMP(0)->digits[0] = 1; - TEMP(3)->digits[0] = 1; - - SETUP(mp_int_init_copy(TEMP(4), a), last); - SETUP(mp_int_init_copy(TEMP(5), b), last); - - /* We will work with absolute values here */ - MP_SIGN(TEMP(4)) = MP_ZPOS; - MP_SIGN(TEMP(5)) = MP_ZPOS; - - { /* Divide out common factors of 2 from u and v */ - int div2_u = s_dp2k(TEMP(4)), div2_v = s_dp2k(TEMP(5)); - - k = MIN(div2_u, div2_v); - s_qdiv(TEMP(4), k); - s_qdiv(TEMP(5), k); - } - - SETUP(mp_int_init_copy(TEMP(6), TEMP(4)), last); - SETUP(mp_int_init_copy(TEMP(7), TEMP(5)), last); - - for(;;) { - while(mp_int_is_even(TEMP(4))) { - s_qdiv(TEMP(4), 1); - - if(mp_int_is_odd(TEMP(0)) || mp_int_is_odd(TEMP(1))) { - if((res = mp_int_add(TEMP(0), TEMP(7), TEMP(0))) != MP_OK) - goto CLEANUP; - if((res = mp_int_sub(TEMP(1), TEMP(6), TEMP(1))) != MP_OK) - goto CLEANUP; - } - - s_qdiv(TEMP(0), 1); - s_qdiv(TEMP(1), 1); - } - - while(mp_int_is_even(TEMP(5))) { - s_qdiv(TEMP(5), 1); - - if(mp_int_is_odd(TEMP(2)) || mp_int_is_odd(TEMP(3))) { - if((res = mp_int_add(TEMP(2), TEMP(7), TEMP(2))) != MP_OK) - goto CLEANUP; - if((res = mp_int_sub(TEMP(3), TEMP(6), TEMP(3))) != MP_OK) - goto CLEANUP; - } - - s_qdiv(TEMP(2), 1); - s_qdiv(TEMP(3), 1); - } - - if(mp_int_compare(TEMP(4), TEMP(5)) >= 0) { - if((res = mp_int_sub(TEMP(4), TEMP(5), TEMP(4))) != MP_OK) goto CLEANUP; - if((res = mp_int_sub(TEMP(0), TEMP(2), TEMP(0))) != MP_OK) goto CLEANUP; - if((res = mp_int_sub(TEMP(1), TEMP(3), TEMP(1))) != MP_OK) goto CLEANUP; - } - else { - if((res = mp_int_sub(TEMP(5), TEMP(4), TEMP(5))) != MP_OK) goto CLEANUP; - if((res = mp_int_sub(TEMP(2), TEMP(0), TEMP(2))) != MP_OK) goto CLEANUP; - if((res = mp_int_sub(TEMP(3), TEMP(1), TEMP(3))) != MP_OK) goto CLEANUP; - } - - if(CMPZ(TEMP(4)) == 0) { - if(x && (res = mp_int_copy(TEMP(2), x)) != MP_OK) goto CLEANUP; - if(y && (res = mp_int_copy(TEMP(3), y)) != MP_OK) goto CLEANUP; - if(c) { - if(!s_qmul(TEMP(5), k)) { - res = MP_MEMORY; - goto CLEANUP; - } - - res = mp_int_copy(TEMP(5), c); - } - - break; - } - } - - CLEANUP: - while(--last >= 0) - mp_int_clear(TEMP(last)); - - return res; -} - -/* }}} */ - -/* {{{ mp_int_divisible_value(a, v) */ - -int mp_int_divisible_value(mp_int a, int v) -{ - int rem = 0; - - if(mp_int_div_value(a, v, NULL, &rem) != MP_OK) - return 0; - - return rem == 0; -} - -/* }}} */ - -/* {{{ mp_int_is_pow2(z) */ - -int mp_int_is_pow2(mp_int z) -{ - CHECK(z != NULL); - - return s_isp2(z); -} - -/* }}} */ - -/* {{{ mp_int_sqrt(a, c) */ - -mp_result mp_int_sqrt(mp_int a, mp_int c) -{ - mp_result res = MP_OK; - mpz_t temp[2]; - int last = 0; - - CHECK(a != NULL && c != NULL); - - /* The square root of a negative value does not exist in the integers. */ - if(MP_SIGN(a) == MP_NEG) - return MP_UNDEF; - - SETUP(mp_int_init_copy(TEMP(last), a), last); - SETUP(mp_int_init(TEMP(last)), last); - - for(;;) { - if((res = mp_int_sqr(TEMP(0), TEMP(1))) != MP_OK) - goto CLEANUP; - - if(mp_int_compare_unsigned(a, TEMP(1)) == 0) break; - - if((res = mp_int_copy(a, TEMP(1))) != MP_OK) - goto CLEANUP; - if((res = mp_int_div(TEMP(1), TEMP(0), TEMP(1), NULL)) != MP_OK) - goto CLEANUP; - if((res = mp_int_add(TEMP(0), TEMP(1), TEMP(1))) != MP_OK) - goto CLEANUP; - if((res = mp_int_div_pow2(TEMP(1), 1, TEMP(1), NULL)) != MP_OK) - goto CLEANUP; - - if(mp_int_compare_unsigned(TEMP(0), TEMP(1)) == 0) break; - if((res = mp_int_sub_value(TEMP(0), 1, TEMP(0))) != MP_OK) goto CLEANUP; - if(mp_int_compare_unsigned(TEMP(0), TEMP(1)) == 0) break; - - if((res = mp_int_copy(TEMP(1), TEMP(0))) != MP_OK) goto CLEANUP; - } - - res = mp_int_copy(TEMP(0), c); - - CLEANUP: - while(--last >= 0) - mp_int_clear(TEMP(last)); - - return res; -} - -/* }}} */ - -/* {{{ mp_int_to_int(z, out) */ - -mp_result mp_int_to_int(mp_int z, int *out) -{ - unsigned int uv = 0; - mp_size uz; - mp_digit *dz; - mp_sign sz; - - CHECK(z != NULL); - - /* Make sure the value is representable as an int */ - sz = MP_SIGN(z); - if((sz == MP_ZPOS && mp_int_compare_value(z, INT_MAX) > 0) || - mp_int_compare_value(z, INT_MIN) < 0) - return MP_RANGE; - - uz = MP_USED(z); - dz = MP_DIGITS(z) + uz - 1; - - while(uz > 0) { - uv <<= MP_DIGIT_BIT/2; - uv = (uv << (MP_DIGIT_BIT/2)) | *dz--; - --uz; - } - - if(out) - *out = (sz == MP_NEG) ? -(int)uv : (int)uv; - - return MP_OK; -} - -/* }}} */ - -/* {{{ mp_int_to_string(z, radix, str, limit) */ - -mp_result mp_int_to_string(mp_int z, mp_size radix, - char *str, int limit) -{ - mp_result res; - int cmp = 0; - - CHECK(z != NULL && str != NULL && limit >= 2); - - if(radix < MP_MIN_RADIX || radix > MP_MAX_RADIX) - return MP_RANGE; - - if(CMPZ(z) == 0) { - *str++ = s_val2ch(0, 1); - } - else { - mpz_t tmp; - char *h, *t; - - if((res = mp_int_init_copy(&tmp, z)) != MP_OK) - return res; - - if(MP_SIGN(z) == MP_NEG) { - *str++ = '-'; - --limit; - } - h = str; - - /* Generate digits in reverse order until finished or limit reached */ - for(/* */; limit > 0; --limit) { - mp_digit d; - - if((cmp = CMPZ(&tmp)) == 0) - break; - - d = s_ddiv(&tmp, (mp_digit)radix); - *str++ = s_val2ch(d, 1); - } - t = str - 1; - - /* Put digits back in correct output order */ - while(h < t) { - char tc = *h; - *h++ = *t; - *t-- = tc; - } - - mp_int_clear(&tmp); - } - - *str = '\0'; - if(cmp == 0) - return MP_OK; - else - return MP_TRUNC; -} - -/* }}} */ - -/* {{{ mp_int_string_len(z, radix) */ - -mp_result mp_int_string_len(mp_int z, mp_size radix) -{ - int len; - - CHECK(z != NULL); - - if(radix < MP_MIN_RADIX || radix > MP_MAX_RADIX) - return MP_RANGE; - - len = s_outlen(z, radix) + 1; /* for terminator */ - - /* Allow for sign marker on negatives */ - if(MP_SIGN(z) == MP_NEG) - len += 1; - - return len; -} - -/* }}} */ - -/* {{{ mp_int_read_string(z, radix, *str) */ - -/* Read zero-terminated string into z */ -mp_result mp_int_read_string(mp_int z, mp_size radix, const char *str) -{ - return mp_int_read_cstring(z, radix, str, NULL); - -} - -/* }}} */ - -/* {{{ mp_int_read_cstring(z, radix, *str, **end) */ - -mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str, char **end) -{ - int ch; - - CHECK(z != NULL && str != NULL); - - if(radix < MP_MIN_RADIX || radix > MP_MAX_RADIX) - return MP_RANGE; - - /* Skip leading whitespace */ - while(isspace((int)*str)) - ++str; - - /* Handle leading sign tag (+/-, positive default) */ - switch(*str) { - case '-': - MP_SIGN(z) = MP_NEG; - ++str; - break; - case '+': - ++str; /* fallthrough */ - default: - MP_SIGN(z) = MP_ZPOS; - break; - } - - /* Skip leading zeroes */ - while((ch = s_ch2val(*str, radix)) == 0) - ++str; - - /* Make sure there is enough space for the value */ - if(!s_pad(z, s_inlen(strlen(str), radix))) - return MP_MEMORY; - - MP_USED(z) = 1; z->digits[0] = 0; - - while(*str != '\0' && ((ch = s_ch2val(*str, radix)) >= 0)) { - s_dmul(z, (mp_digit)radix); - s_dadd(z, (mp_digit)ch); - ++str; - } - - CLAMP(z); - - /* Override sign for zero, even if negative specified. */ - if(CMPZ(z) == 0) - MP_SIGN(z) = MP_ZPOS; - - if(end != NULL) - *end = (char *)str; - - /* Return a truncation error if the string has unprocessed - characters remaining, so the caller can tell if the whole string - was done */ - if(*str != '\0') - return MP_TRUNC; - else - return MP_OK; -} - -/* }}} */ - -/* {{{ mp_int_count_bits(z) */ - -mp_result mp_int_count_bits(mp_int z) -{ - mp_size nbits = 0, uz; - mp_digit d; - - CHECK(z != NULL); - - uz = MP_USED(z); - if(uz == 1 && z->digits[0] == 0) - return 1; - - --uz; - nbits = uz * MP_DIGIT_BIT; - d = z->digits[uz]; - - while(d != 0) { - d >>= 1; - ++nbits; - } - - return nbits; -} - -/* }}} */ - -/* {{{ mp_int_to_binary(z, buf, limit) */ - -mp_result mp_int_to_binary(mp_int z, unsigned char *buf, int limit) -{ - static const int PAD_FOR_2C = 1; - - mp_result res; - int limpos = limit; - - CHECK(z != NULL && buf != NULL); - - res = s_tobin(z, buf, &limpos, PAD_FOR_2C); - - if(MP_SIGN(z) == MP_NEG) - s_2comp(buf, limpos); - - return res; -} - -/* }}} */ - -/* {{{ mp_int_read_binary(z, buf, len) */ - -mp_result mp_int_read_binary(mp_int z, unsigned char *buf, int len) -{ - mp_size need, i; - unsigned char *tmp; - mp_digit *dz; - - CHECK(z != NULL && buf != NULL && len > 0); - - /* Figure out how many digits are needed to represent this value */ - need = ((len * CHAR_BIT) + (MP_DIGIT_BIT - 1)) / MP_DIGIT_BIT; - if(!s_pad(z, need)) - return MP_MEMORY; - - mp_int_zero(z); - - /* If the high-order bit is set, take the 2's complement before - reading the value (it will be restored afterward) */ - if(buf[0] >> (CHAR_BIT - 1)) { - MP_SIGN(z) = MP_NEG; - s_2comp(buf, len); - } - - dz = MP_DIGITS(z); - for(tmp = buf, i = len; i > 0; --i, ++tmp) { - s_qmul(z, (mp_size) CHAR_BIT); - *dz |= *tmp; - } - - /* Restore 2's complement if we took it before */ - if(MP_SIGN(z) == MP_NEG) - s_2comp(buf, len); - - return MP_OK; -} - -/* }}} */ - -/* {{{ mp_int_binary_len(z) */ - -mp_result mp_int_binary_len(mp_int z) -{ - mp_result res = mp_int_count_bits(z); - int bytes = mp_int_unsigned_len(z); - - if(res <= 0) - return res; - - bytes = (res + (CHAR_BIT - 1)) / CHAR_BIT; - - /* If the highest-order bit falls exactly on a byte boundary, we - need to pad with an extra byte so that the sign will be read - correctly when reading it back in. */ - if(bytes * CHAR_BIT == res) - ++bytes; - - return bytes; -} - -/* }}} */ - -/* {{{ mp_int_to_unsigned(z, buf, limit) */ - -mp_result mp_int_to_unsigned(mp_int z, unsigned char *buf, int limit) -{ - static const int NO_PADDING = 0; - - CHECK(z != NULL && buf != NULL); - - return s_tobin(z, buf, &limit, NO_PADDING); -} - -/* }}} */ - -/* {{{ mp_int_read_unsigned(z, buf, len) */ - -mp_result mp_int_read_unsigned(mp_int z, unsigned char *buf, int len) -{ - mp_size need, i; - unsigned char *tmp; - mp_digit *dz; - - CHECK(z != NULL && buf != NULL && len > 0); - - /* Figure out how many digits are needed to represent this value */ - need = ((len * CHAR_BIT) + (MP_DIGIT_BIT - 1)) / MP_DIGIT_BIT; - if(!s_pad(z, need)) - return MP_MEMORY; - - mp_int_zero(z); - - dz = MP_DIGITS(z); - for(tmp = buf, i = len; i > 0; --i, ++tmp) { - (void) s_qmul(z, CHAR_BIT); - *dz |= *tmp; - } - - return MP_OK; -} - -/* }}} */ - -/* {{{ mp_int_unsigned_len(z) */ - -mp_result mp_int_unsigned_len(mp_int z) -{ - mp_result res = mp_int_count_bits(z); - int bytes; - - if(res <= 0) - return res; - - bytes = (res + (CHAR_BIT - 1)) / CHAR_BIT; - - return bytes; -} - -/* }}} */ - -/* {{{ mp_error_string(res) */ - -const char *mp_error_string(mp_result res) -{ - int ix; - if(res > 0) - return s_unknown_err; - - res = -res; - for(ix = 0; ix < res && s_error_msg[ix] != NULL; ++ix) - ; - - if(s_error_msg[ix] != NULL) - return s_error_msg[ix]; - else - return s_unknown_err; -} - -/* }}} */ - -/*------------------------------------------------------------------------*/ -/* Private functions for internal use. These make assumptions. */ - -/* {{{ s_alloc(num) */ - -static mp_digit *s_alloc(mp_size num) -{ - mp_digit *out = malloc(num * sizeof(mp_digit)); - - assert(out != NULL); /* for debugging */ - - return out; -} - -/* }}} */ - -/* {{{ s_realloc(old, num) */ - -static mp_digit *s_realloc(mp_digit *old, mp_size num) -{ - mp_digit *new = realloc(old, num * sizeof(mp_digit)); - - assert(new != NULL); /* for debugging */ - - return new; -} - -/* }}} */ - -/* {{{ s_free(ptr) */ - -#if TRACEABLE_FREE -static void s_free(void *ptr) -{ - free(ptr); -} -#endif - -/* }}} */ - -/* {{{ s_pad(z, min) */ - -int s_pad(mp_int z, mp_size min) -{ - if(MP_ALLOC(z) < min) { - mp_size nsize = ROUND_PREC(min); - mp_digit *tmp; - - if((void *)z->digits == (void *)z) { - if((tmp = s_alloc(nsize)) == NULL) - return 0; - - COPY(MP_DIGITS(z), tmp, MP_USED(z)); - } - else if((tmp = s_realloc(MP_DIGITS(z), nsize)) == NULL) - return 0; - - MP_DIGITS(z) = tmp; - MP_ALLOC(z) = nsize; - } - - return 1; -} - -/* }}} */ - -/* {{{ s_clamp(z) */ - -#if TRACEABLE_CLAMP -static void s_clamp(mp_int z) -{ - mp_size uz = MP_USED(z); - mp_digit *zd = MP_DIGITS(z) + uz - 1; - - while(uz > 1 && (*zd-- == 0)) - --uz; - - MP_USED(z) = uz; -} -#endif - -/* }}} */ - -/* {{{ s_fake(z, value, vbuf) */ - -static void s_fake(mp_int z, int value, mp_digit vbuf[]) -{ - mp_size uv = (mp_size) s_vpack(value, vbuf); - - z->used = uv; - z->alloc = MP_VALUE_DIGITS(value); - z->sign = (value < 0) ? MP_NEG : MP_ZPOS; - z->digits = vbuf; -} - -/* }}} */ - -/* {{{ s_cdig(da, db, len) */ - -static int s_cdig(mp_digit *da, mp_digit *db, mp_size len) -{ - mp_digit *dat = da + len - 1, *dbt = db + len - 1; - - for(/* */; len != 0; --len, --dat, --dbt) { - if(*dat > *dbt) - return 1; - else if(*dat < *dbt) - return -1; - } - - return 0; -} - -/* }}} */ - -/* {{{ s_vpack(v, t[]) */ - -static int s_vpack(int v, mp_digit t[]) -{ - unsigned int uv = (unsigned int)((v < 0) ? -v : v); - int ndig = 0; - - if(uv == 0) - t[ndig++] = 0; - else { - while(uv != 0) { - t[ndig++] = (mp_digit) uv; - uv >>= MP_DIGIT_BIT/2; - uv >>= MP_DIGIT_BIT/2; - } - } - - return ndig; -} - -/* }}} */ - -/* {{{ s_ucmp(a, b) */ - -static int s_ucmp(mp_int a, mp_int b) -{ - mp_size ua = MP_USED(a), ub = MP_USED(b); - - if(ua > ub) - return 1; - else if(ub > ua) - return -1; - else - return s_cdig(MP_DIGITS(a), MP_DIGITS(b), ua); -} - -/* }}} */ - -/* {{{ s_vcmp(a, v) */ - -static int s_vcmp(mp_int a, int v) -{ - mp_digit vdig[MP_VALUE_DIGITS(v)]; - int ndig = 0; - mp_size ua = MP_USED(a); - - ndig = s_vpack(v, vdig); - - if(ua > ndig) - return 1; - else if(ua < ndig) - return -1; - else - return s_cdig(MP_DIGITS(a), vdig, ndig); -} - -/* }}} */ - -/* {{{ s_uadd(da, db, dc, size_a, size_b) */ - -static mp_digit s_uadd(mp_digit *da, mp_digit *db, mp_digit *dc, - mp_size size_a, mp_size size_b) -{ - mp_size pos; - mp_word w = 0; - - /* Insure that da is the longer of the two to simplify later code */ - if(size_b > size_a) { - SWAP(mp_digit *, da, db); - SWAP(mp_size, size_a, size_b); - } - - /* Add corresponding digits until the shorter number runs out */ - for(pos = 0; pos < size_b; ++pos, ++da, ++db, ++dc) { - w = w + (mp_word) *da + (mp_word) *db; - *dc = LOWER_HALF(w); - w = UPPER_HALF(w); - } - - /* Propagate carries as far as necessary */ - for(/* */; pos < size_a; ++pos, ++da, ++dc) { - w = w + *da; - - *dc = LOWER_HALF(w); - w = UPPER_HALF(w); - } - - /* Return carry out */ - return (mp_digit)w; -} - -/* }}} */ - -/* {{{ s_usub(da, db, dc, size_a, size_b) */ - -static void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc, - mp_size size_a, mp_size size_b) -{ - mp_size pos; - mp_word w = 0; - - /* We assume that |a| >= |b| so this should definitely hold */ - assert(size_a >= size_b); - - /* Subtract corresponding digits and propagate borrow */ - for(pos = 0; pos < size_b; ++pos, ++da, ++db, ++dc) { - w = ((mp_word)MP_DIGIT_MAX + 1 + /* MP_RADIX */ - (mp_word)*da) - w - (mp_word)*db; - - *dc = LOWER_HALF(w); - w = (UPPER_HALF(w) == 0); - } - - /* Finish the subtraction for remaining upper digits of da */ - for(/* */; pos < size_a; ++pos, ++da, ++dc) { - w = ((mp_word)MP_DIGIT_MAX + 1 + /* MP_RADIX */ - (mp_word)*da) - w; - - *dc = LOWER_HALF(w); - w = (UPPER_HALF(w) == 0); - } - - /* If there is a borrow out at the end, it violates the precondition */ - assert(w == 0); -} - -/* }}} */ - -/* {{{ s_kmul(da, db, dc, size_a, size_b) */ - -static int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc, - mp_size size_a, mp_size size_b) -{ - mp_size bot_size; - - /* Make sure b is the smaller of the two input values */ - if(size_b > size_a) { - SWAP(mp_digit *, da, db); - SWAP(mp_size, size_a, size_b); - } - - /* Insure that the bottom is the larger half in an odd-length split; - the code below relies on this being true. - */ - bot_size = (size_a + 1) / 2; - - /* If the values are big enough to bother with recursion, use the - Karatsuba algorithm to compute the product; otherwise use the - normal multiplication algorithm - */ - if(multiply_threshold && - size_a >= multiply_threshold && - size_b > bot_size) { - - mp_digit *t1, *t2, *t3, carry; - - mp_digit *a_top = da + bot_size; - mp_digit *b_top = db + bot_size; - - mp_size at_size = size_a - bot_size; - mp_size bt_size = size_b - bot_size; - mp_size buf_size = 2 * bot_size; - - /* Do a single allocation for all three temporary buffers needed; - each buffer must be big enough to hold the product of two - bottom halves, and one buffer needs space for the completed - product; twice the space is plenty. - */ - if((t1 = s_alloc(4 * buf_size)) == NULL) return 0; - t2 = t1 + buf_size; - t3 = t2 + buf_size; - ZERO(t1, 4 * buf_size); - - /* t1 and t2 are initially used as temporaries to compute the inner product - (a1 + a0)(b1 + b0) = a1b1 + a1b0 + a0b1 + a0b0 - */ - carry = s_uadd(da, a_top, t1, bot_size, at_size); /* t1 = a1 + a0 */ - t1[bot_size] = carry; - - carry = s_uadd(db, b_top, t2, bot_size, bt_size); /* t2 = b1 + b0 */ - t2[bot_size] = carry; - - (void) s_kmul(t1, t2, t3, bot_size + 1, bot_size + 1); /* t3 = t1 * t2 */ - - /* Now we'll get t1 = a0b0 and t2 = a1b1, and subtract them out so that - we're left with only the pieces we want: t3 = a1b0 + a0b1 - */ - ZERO(t1, bot_size + 1); - ZERO(t2, bot_size + 1); - (void) s_kmul(da, db, t1, bot_size, bot_size); /* t1 = a0 * b0 */ - (void) s_kmul(a_top, b_top, t2, at_size, bt_size); /* t2 = a1 * b1 */ - - /* Subtract out t1 and t2 to get the inner product */ - s_usub(t3, t1, t3, buf_size + 2, buf_size); - s_usub(t3, t2, t3, buf_size + 2, buf_size); - - /* Assemble the output value */ - COPY(t1, dc, buf_size); - (void) s_uadd(t3, dc + bot_size, dc + bot_size, - buf_size + 1, buf_size + 1); - - (void) s_uadd(t2, dc + 2*bot_size, dc + 2*bot_size, - buf_size, buf_size); - - s_free(t1); /* note t2 and t3 are just internal pointers to t1 */ - } - else { - s_umul(da, db, dc, size_a, size_b); - } - - return 1; -} - -/* }}} */ - -/* {{{ s_umul(da, db, dc, size_a, size_b) */ - -static void s_umul(mp_digit *da, mp_digit *db, mp_digit *dc, - mp_size size_a, mp_size size_b) -{ - mp_size a, b; - mp_word w; - - for(a = 0; a < size_a; ++a, ++dc, ++da) { - mp_digit *dct = dc; - mp_digit *dbt = db; - - if(*da == 0) - continue; - - w = 0; - for(b = 0; b < size_b; ++b, ++dbt, ++dct) { - w = (mp_word)*da * (mp_word)*dbt + w + (mp_word)*dct; - - *dct = LOWER_HALF(w); - w = UPPER_HALF(w); - } - - *dct = (mp_digit)w; - } -} - -/* }}} */ - -/* {{{ s_ksqr(da, dc, size_a) */ - -static int s_ksqr(mp_digit *da, mp_digit *dc, mp_size size_a) -{ - if(multiply_threshold && size_a > multiply_threshold) { - mp_size bot_size = (size_a + 1) / 2; - mp_digit *a_top = da + bot_size; - mp_digit *t1, *t2, *t3; - mp_size at_size = size_a - bot_size; - mp_size buf_size = 2 * bot_size; - - if((t1 = s_alloc(4 * buf_size)) == NULL) return 0; - t2 = t1 + buf_size; - t3 = t2 + buf_size; - ZERO(t1, 4 * buf_size); - - (void) s_ksqr(da, t1, bot_size); /* t1 = a0 ^ 2 */ - (void) s_ksqr(a_top, t2, at_size); /* t2 = a1 ^ 2 */ - - (void) s_kmul(da, a_top, t3, bot_size, at_size); /* t3 = a0 * a1 */ - - /* Quick multiply t3 by 2, shifting left (can't overflow) */ - { - int i, top = bot_size + at_size; - mp_word w, save = 0; - - for(i = 0; i < top; ++i) { - w = t3[i]; - w = (w << 1) | save; - t3[i] = LOWER_HALF(w); - save = UPPER_HALF(w); - } - t3[i] = LOWER_HALF(save); - } - - /* Assemble the output value */ - COPY(t1, dc, 2 * bot_size); - (void) s_uadd(t3, dc + bot_size, dc + bot_size, - buf_size + 1, buf_size + 1); - - (void) s_uadd(t2, dc + 2*bot_size, dc + 2*bot_size, - buf_size, buf_size); - - free(t1); /* note that t2 and t2 are internal pointers only */ - - } - else { - s_usqr(da, dc, size_a); - } - - return 1; -} - -/* }}} */ - -/* {{{ s_usqr(da, dc, size_a) */ - -static void s_usqr(mp_digit *da, mp_digit *dc, mp_size size_a) -{ - mp_size i, j; - mp_word w; - - for(i = 0; i < size_a; ++i, dc += 2, ++da) { - mp_digit *dct = dc, *dat = da; - - if(*da == 0) - continue; - - /* Take care of the first digit, no rollover */ - w = (mp_word)*dat * (mp_word)*dat + (mp_word)*dct; - *dct = LOWER_HALF(w); - w = UPPER_HALF(w); - ++dat; ++dct; - - for(j = i + 1; j < size_a; ++j, ++dat, ++dct) { - mp_word t = (mp_word)*da * (mp_word)*dat; - mp_word u = w + (mp_word)*dct, ov = 0; - - /* Check if doubling t will overflow a word */ - if(HIGH_BIT_SET(t)) - ov = 1; - - w = t + t; - - /* Check if adding u to w will overflow a word */ - if(ADD_WILL_OVERFLOW(w, u)) - ov = 1; - - w += u; - - *dct = LOWER_HALF(w); - w = UPPER_HALF(w); - if(ov) { - w += MP_DIGIT_MAX; /* MP_RADIX */ - ++w; - } - } - - w = w + *dct; - *dct = (mp_digit)w; - while((w = UPPER_HALF(w)) != 0) { - ++dct; w = w + *dct; - *dct = LOWER_HALF(w); - } - - assert(w == 0); - } -} - -/* }}} */ - -/* {{{ s_dadd(a, b) */ - -static void s_dadd(mp_int a, mp_digit b) -{ - mp_word w = 0; - mp_digit *da = MP_DIGITS(a); - mp_size ua = MP_USED(a); - - w = (mp_word)*da + b; - *da++ = LOWER_HALF(w); - w = UPPER_HALF(w); - - for(ua -= 1; ua > 0; --ua, ++da) { - w = (mp_word)*da + w; - - *da = LOWER_HALF(w); - w = UPPER_HALF(w); - } - - if(w) { - *da = (mp_digit)w; - MP_USED(a) += 1; - } -} - -/* }}} */ - -/* {{{ s_dmul(a, b) */ - -static void s_dmul(mp_int a, mp_digit b) -{ - mp_word w = 0; - mp_digit *da = MP_DIGITS(a); - mp_size ua = MP_USED(a); - - while(ua > 0) { - w = (mp_word)*da * b + w; - *da++ = LOWER_HALF(w); - w = UPPER_HALF(w); - --ua; - } - - if(w) { - *da = (mp_digit)w; - MP_USED(a) += 1; - } -} - -/* }}} */ - -/* {{{ s_dbmul(da, b, dc, size_a) */ - -static void s_dbmul(mp_digit *da, mp_digit b, mp_digit *dc, mp_size size_a) -{ - mp_word w = 0; - - while(size_a > 0) { - w = (mp_word)*da++ * (mp_word)b + w; - - *dc++ = LOWER_HALF(w); - w = UPPER_HALF(w); - --size_a; - } - - if(w) - *dc = LOWER_HALF(w); -} - -/* }}} */ - -/* {{{ s_ddiv(da, d, dc, size_a) */ - -static mp_digit s_ddiv(mp_int a, mp_digit b) -{ - mp_word w = 0, qdigit; - mp_size ua = MP_USED(a); - mp_digit *da = MP_DIGITS(a) + ua - 1; - - for(/* */; ua > 0; --ua, --da) { - w = (w << MP_DIGIT_BIT) | *da; - - if(w >= b) { - qdigit = w / b; - w = w % b; - } - else { - qdigit = 0; - } - - *da = (mp_digit)qdigit; - } - - CLAMP(a); - return (mp_digit)w; -} - -/* }}} */ - -/* {{{ s_qdiv(z, p2) */ - -static void s_qdiv(mp_int z, mp_size p2) -{ - mp_size ndig = p2 / MP_DIGIT_BIT, nbits = p2 % MP_DIGIT_BIT; - mp_size uz = MP_USED(z); - - if(ndig) { - mp_size mark; - mp_digit *to, *from; - - if(ndig >= uz) { - mp_int_zero(z); - return; - } - - to = MP_DIGITS(z); from = to + ndig; - - for(mark = ndig; mark < uz; ++mark) - *to++ = *from++; - - MP_USED(z) = uz - ndig; - } - - if(nbits) { - mp_digit d = 0, *dz, save; - mp_size up = MP_DIGIT_BIT - nbits; - - uz = MP_USED(z); - dz = MP_DIGITS(z) + uz - 1; - - for(/* */; uz > 0; --uz, --dz) { - save = *dz; - - *dz = (*dz >> nbits) | (d << up); - d = save; - } - - CLAMP(z); - } - - if(MP_USED(z) == 1 && z->digits[0] == 0) - MP_SIGN(z) = MP_ZPOS; -} - -/* }}} */ - -/* {{{ s_qmod(z, p2) */ - -static void s_qmod(mp_int z, mp_size p2) -{ - mp_size start = p2 / MP_DIGIT_BIT + 1, rest = p2 % MP_DIGIT_BIT; - mp_size uz = MP_USED(z); - mp_digit mask = (1 << rest) - 1; - - if(start <= uz) { - MP_USED(z) = start; - z->digits[start - 1] &= mask; - CLAMP(z); - } -} - -/* }}} */ - -/* {{{ s_qmul(z, p2) */ - -static int s_qmul(mp_int z, mp_size p2) -{ - mp_size uz, need, rest, extra, i; - mp_digit *from, *to, d; - - if(p2 == 0) - return 1; - - uz = MP_USED(z); - need = p2 / MP_DIGIT_BIT; rest = p2 % MP_DIGIT_BIT; - - /* Figure out if we need an extra digit at the top end; this occurs - if the topmost `rest' bits of the high-order digit of z are not - zero, meaning they will be shifted off the end if not preserved */ - extra = 0; - if(rest != 0) { - mp_digit *dz = MP_DIGITS(z) + uz - 1; - - if((*dz >> (MP_DIGIT_BIT - rest)) != 0) - extra = 1; - } - - if(!s_pad(z, uz + need + extra)) - return 0; - - /* If we need to shift by whole digits, do that in one pass, then - to back and shift by partial digits. - */ - if(need > 0) { - from = MP_DIGITS(z) + uz - 1; - to = from + need; - - for(i = 0; i < uz; ++i) - *to-- = *from--; - - ZERO(MP_DIGITS(z), need); - uz += need; - } - - if(rest) { - d = 0; - for(i = need, from = MP_DIGITS(z) + need; i < uz; ++i, ++from) { - mp_digit save = *from; - - *from = (*from << rest) | (d >> (MP_DIGIT_BIT - rest)); - d = save; - } - - d >>= (MP_DIGIT_BIT - rest); - if(d != 0) { - *from = d; - uz += extra; - } - } - - MP_USED(z) = uz; - CLAMP(z); - - return 1; -} - -/* }}} */ - -/* {{{ s_qsub(z, p2) */ - -/* Subtract |z| from 2^p2, assuming 2^p2 > |z|, and set z to be positive */ -static int s_qsub(mp_int z, mp_size p2) -{ - mp_digit hi = (1 << (p2 % MP_DIGIT_BIT)), *zp; - mp_size tdig = (p2 / MP_DIGIT_BIT), pos; - mp_word w = 0; - - if(!s_pad(z, tdig + 1)) - return 0; - - for(pos = 0, zp = MP_DIGITS(z); pos < tdig; ++pos, ++zp) { - w = ((mp_word) MP_DIGIT_MAX + 1) - w - (mp_word)*zp; - - *zp = LOWER_HALF(w); - w = UPPER_HALF(w) ? 0 : 1; - } - - w = ((mp_word) MP_DIGIT_MAX + 1 + hi) - w - (mp_word)*zp; - *zp = LOWER_HALF(w); - - assert(UPPER_HALF(w) != 0); /* no borrow out should be possible */ - - MP_SIGN(z) = MP_ZPOS; - CLAMP(z); - - return 1; -} - -/* }}} */ - -/* {{{ s_dp2k(z) */ - -static int s_dp2k(mp_int z) -{ - int k = 0; - mp_digit *dp = MP_DIGITS(z), d; - - if(MP_USED(z) == 1 && *dp == 0) - return 1; - - while(*dp == 0) { - k += MP_DIGIT_BIT; - ++dp; - } - - d = *dp; - while((d & 1) == 0) { - d >>= 1; - ++k; - } - - return k; -} - -/* }}} */ - -/* {{{ s_isp2(z) */ - -static int s_isp2(mp_int z) -{ - mp_size uz = MP_USED(z), k = 0; - mp_digit *dz = MP_DIGITS(z), d; - - while(uz > 1) { - if(*dz++ != 0) - return -1; - k += MP_DIGIT_BIT; - --uz; - } - - d = *dz; - while(d > 1) { - if(d & 1) - return -1; - ++k; d >>= 1; - } - - return (int) k; -} - -/* }}} */ - -/* {{{ s_2expt(z, k) */ - -static int s_2expt(mp_int z, int k) -{ - mp_size ndig, rest; - mp_digit *dz; - - ndig = (k + MP_DIGIT_BIT) / MP_DIGIT_BIT; - rest = k % MP_DIGIT_BIT; - - if(!s_pad(z, ndig)) - return 0; - - dz = MP_DIGITS(z); - ZERO(dz, ndig); - *(dz + ndig - 1) = (1 << rest); - MP_USED(z) = ndig; - - return 1; -} - -/* }}} */ - -/* {{{ s_norm(a, b) */ - -static int s_norm(mp_int a, mp_int b) -{ - mp_digit d = b->digits[MP_USED(b) - 1]; - int k = 0; - - while(d < (mp_digit) (1 << (MP_DIGIT_BIT - 1))) { /* d < (MP_RADIX / 2) */ - d <<= 1; - ++k; - } - - /* These multiplications can't fail */ - if(k != 0) { - (void) s_qmul(a, (mp_size) k); - (void) s_qmul(b, (mp_size) k); - } - - return k; -} - -/* }}} */ - -/* {{{ s_brmu(z, m) */ - -static mp_result s_brmu(mp_int z, mp_int m) -{ - mp_size um = MP_USED(m) * 2; - - if(!s_pad(z, um)) - return MP_MEMORY; - - s_2expt(z, MP_DIGIT_BIT * um); - return mp_int_div(z, m, z, NULL); -} - -/* }}} */ - -/* {{{ s_reduce(x, m, mu, q1, q2) */ - -static int s_reduce(mp_int x, mp_int m, mp_int mu, mp_int q1, mp_int q2) -{ - mp_size um = MP_USED(m), umb_p1, umb_m1; - - umb_p1 = (um + 1) * MP_DIGIT_BIT; - umb_m1 = (um - 1) * MP_DIGIT_BIT; - - if(mp_int_copy(x, q1) != MP_OK) - return 0; - - /* Compute q2 = floor((floor(x / b^(k-1)) * mu) / b^(k+1)) */ - s_qdiv(q1, umb_m1); - UMUL(q1, mu, q2); - s_qdiv(q2, umb_p1); - - /* Set x = x mod b^(k+1) */ - s_qmod(x, umb_p1); - - /* Now, q is a guess for the quotient a / m. - Compute x - q * m mod b^(k+1), replacing x. This may be off - by a factor of 2m, but no more than that. - */ - UMUL(q2, m, q1); - s_qmod(q1, umb_p1); - (void) mp_int_sub(x, q1, x); /* can't fail */ - - /* The result may be < 0; if it is, add b^(k+1) to pin it in the - proper range. */ - if((CMPZ(x) < 0) && !s_qsub(x, umb_p1)) - return 0; - - /* If x > m, we need to back it off until it is in range. - This will be required at most twice. */ - if(mp_int_compare(x, m) >= 0) - (void) mp_int_sub(x, m, x); - if(mp_int_compare(x, m) >= 0) - (void) mp_int_sub(x, m, x); - - /* At this point, x has been properly reduced. */ - return 1; -} - -/* }}} */ - -/* {{{ s_embar(a, b, m, mu, c) */ - -/* Perform modular exponentiation using Barrett's method, where mu is - the reduction constant for m. Assumes a < m, b > 0. */ -mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c) -{ - mp_digit *db, *dbt, umu, d; - mpz_t temp[3]; - mp_result res; - int last = 0; - - umu = MP_USED(mu); db = MP_DIGITS(b); dbt = db + MP_USED(b) - 1; - - while(last < 3) - SETUP(mp_int_init_size(TEMP(last), 4 * umu), last); - - (void) mp_int_set_value(c, 1); - - /* Take care of low-order digits */ - while(db < dbt) { - int i; - - for(d = *db, i = MP_DIGIT_BIT; i > 0; --i, d >>= 1) { - if(d & 1) { - /* The use of a second temporary avoids allocation */ - UMUL(c, a, TEMP(0)); - if(!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) { - res = MP_MEMORY; goto CLEANUP; - } - mp_int_copy(TEMP(0), c); - } - - - USQR(a, TEMP(0)); - assert(MP_SIGN(TEMP(0)) == MP_ZPOS); - if(!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) { - res = MP_MEMORY; goto CLEANUP; - } - assert(MP_SIGN(TEMP(0)) == MP_ZPOS); - mp_int_copy(TEMP(0), a); - - - } - - ++db; - } - - /* Take care of highest-order digit */ - d = *dbt; - for(;;) { - if(d & 1) { - UMUL(c, a, TEMP(0)); - if(!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) { - res = MP_MEMORY; goto CLEANUP; - } - mp_int_copy(TEMP(0), c); - } - - d >>= 1; - if(!d) break; - - USQR(a, TEMP(0)); - if(!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) { - res = MP_MEMORY; goto CLEANUP; - } - (void) mp_int_copy(TEMP(0), a); - } - - CLEANUP: - while(--last >= 0) - mp_int_clear(TEMP(last)); - - return res; -} - -/* }}} */ - -/* {{{ s_udiv(a, b) */ - -/* Precondition: a >= b and b > 0 - Postcondition: a' = a / b, b' = a % b - */ -static mp_result s_udiv(mp_int a, mp_int b) -{ - mpz_t q, r, t; - mp_size ua, ub, qpos = 0; - mp_digit *da, btop; - mp_result res = MP_OK; - int k, skip = 0; - - /* Force signs to positive */ - MP_SIGN(a) = MP_ZPOS; - MP_SIGN(b) = MP_ZPOS; - - /* Normalize, per Knuth */ - k = s_norm(a, b); - - ua = MP_USED(a); ub = MP_USED(b); btop = b->digits[ub - 1]; - if((res = mp_int_init_size(&q, ua)) != MP_OK) return res; - if((res = mp_int_init_size(&t, ua + 1)) != MP_OK) goto CLEANUP; - - da = MP_DIGITS(a); - r.digits = da + ua - 1; /* The contents of r are shared with a */ - r.used = 1; - r.sign = MP_ZPOS; - r.alloc = MP_ALLOC(a); - ZERO(t.digits, t.alloc); - - /* Solve for quotient digits, store in q.digits in reverse order */ - while(r.digits >= da) { - if (qpos > q.alloc) { - char buf[1024]; - printf("qpos = %d q.alloc = %d da = %d ua = %d\n", - (int)qpos, (int)q.alloc, (int)da, (int)ua); - mp_int_to_string(a, 10, buf, sizeof(buf)); - printf("a = %s\n", buf); - mp_int_to_string(b, 10, buf, sizeof(buf)); - printf("b = %s\n", buf); - assert(qpos <= q.alloc); - } - - if(s_ucmp(b, &r) > 0) { - r.digits -= 1; - r.used += 1; - - if(++skip > 1) - q.digits[qpos++] = 0; - - CLAMP(&r); - } - else { - mp_word pfx = r.digits[r.used - 1]; - mp_word qdigit; - - if(r.used > 1 && (pfx < btop || r.digits[r.used - 2] == 0)) { - pfx <<= MP_DIGIT_BIT / 2; - pfx <<= MP_DIGIT_BIT / 2; - pfx |= r.digits[r.used - 2]; - } - - qdigit = pfx / btop; - if(qdigit > MP_DIGIT_MAX) - qdigit = 1; - - s_dbmul(MP_DIGITS(b), (mp_digit) qdigit, t.digits, ub); - t.used = ub + 1; CLAMP(&t); - while(s_ucmp(&t, &r) > 0) { - --qdigit; - (void) mp_int_sub(&t, b, &t); /* cannot fail */ - } - - s_usub(r.digits, t.digits, r.digits, r.used, t.used); - CLAMP(&r); - - q.digits[qpos++] = (mp_digit) qdigit; - ZERO(t.digits, t.used); - skip = 0; - } - } - - /* Put quotient digits in the correct order, and discard extra zeroes */ - q.used = qpos; - REV(mp_digit, q.digits, qpos); - CLAMP(&q); - - /* Denormalize the remainder */ - CLAMP(a); - if(k != 0) - s_qdiv(a, k); - - mp_int_copy(a, b); /* ok: 0 <= r < b */ - mp_int_copy(&q, a); /* ok: q <= a */ - - mp_int_clear(&t); - CLEANUP: - mp_int_clear(&q); - return res; -} - -/* }}} */ - -/* {{{ s_outlen(z, r) */ - -/* Precondition: 2 <= r < 64 */ -static int s_outlen(mp_int z, mp_size r) -{ - mp_result bits; - double raw; - - bits = mp_int_count_bits(z); - raw = (double)bits * s_log2[r]; - - return (int)(raw + 0.999999); -} - -/* }}} */ - -/* {{{ s_inlen(len, r) */ - -static mp_size s_inlen(int len, mp_size r) -{ - double raw = (double)len / s_log2[r]; - mp_size bits = (mp_size)(raw + 0.5); - - return (mp_size)((bits + (MP_DIGIT_BIT - 1)) / MP_DIGIT_BIT); -} - -/* }}} */ - -/* {{{ s_ch2val(c, r) */ - -static int s_ch2val(char c, int r) -{ - int out; - - if(isdigit((unsigned char) c)) - out = c - '0'; - else if(r > 10 && isalpha((unsigned char) c)) - out = toupper(c) - 'A' + 10; - else - return -1; - - return (out >= r) ? -1 : out; -} - -/* }}} */ - -/* {{{ s_val2ch(v, caps) */ - -static char s_val2ch(int v, int caps) -{ - assert(v >= 0); - - if(v < 10) - return v + '0'; - else { - char out = (v - 10) + 'a'; - - if(caps) - return toupper(out); - else - return out; - } -} - -/* }}} */ - -/* {{{ s_2comp(buf, len) */ - -static void s_2comp(unsigned char *buf, int len) -{ - int i; - unsigned short s = 1; - - for(i = len - 1; i >= 0; --i) { - unsigned char c = ~buf[i]; - - s = c + s; - c = s & UCHAR_MAX; - s >>= CHAR_BIT; - - buf[i] = c; - } - - /* last carry out is ignored */ -} - -/* }}} */ - -/* {{{ s_tobin(z, buf, *limpos) */ - -static mp_result s_tobin(mp_int z, unsigned char *buf, int *limpos, int pad) -{ - mp_size uz; - mp_digit *dz; - int pos = 0, limit = *limpos; - - uz = MP_USED(z); dz = MP_DIGITS(z); - while(uz > 0 && pos < limit) { - mp_digit d = *dz++; - int i; - - for(i = sizeof(mp_digit); i > 0 && pos < limit; --i) { - buf[pos++] = (unsigned char)d; - d >>= CHAR_BIT; - - /* Don't write leading zeroes */ - if(d == 0 && uz == 1) - i = 0; /* exit loop without signaling truncation */ - } - - /* Detect truncation (loop exited with pos >= limit) */ - if(i > 0) break; - - --uz; - } - - if(pad != 0 && (buf[pos - 1] >> (CHAR_BIT - 1))) { - if(pos < limit) - buf[pos++] = 0; - else - uz = 1; - } - - /* Digits are in reverse order, fix that */ - REV(unsigned char, buf, pos); - - /* Return the number of bytes actually written */ - *limpos = pos; - - return (uz == 0) ? MP_OK : MP_TRUNC; -} - -/* }}} */ - -/* {{{ s_print(tag, z) */ - -#if DEBUG -void s_print(char *tag, mp_int z) -{ - int i; - - fprintf(stderr, "%s: %c ", tag, - (MP_SIGN(z) == MP_NEG) ? '-' : '+'); - - for(i = MP_USED(z) - 1; i >= 0; --i) - fprintf(stderr, "%0*X", (int)(MP_DIGIT_BIT / 4), z->digits[i]); - - fputc('\n', stderr); - -} - -void s_print_buf(char *tag, mp_digit *buf, mp_size num) -{ - int i; - - fprintf(stderr, "%s: ", tag); - - for(i = num - 1; i >= 0; --i) - fprintf(stderr, "%0*X", (int)(MP_DIGIT_BIT / 4), buf[i]); - - fputc('\n', stderr); -} -#endif - -/* }}} */ - -/* HERE THERE BE DRAGONS */ diff --git a/source4/heimdal/lib/des/imath/imath.h b/source4/heimdal/lib/des/imath/imath.h deleted file mode 100755 index 93cc35654d..0000000000 --- a/source4/heimdal/lib/des/imath/imath.h +++ /dev/null @@ -1,220 +0,0 @@ -/* - Name: imath.h - Purpose: Arbitrary precision integer arithmetic routines. - Author: M. J. Fromberger - Info: $Id: imath.h,v 1.3 2006/10/21 16:32:15 lha Exp $ - - Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved. - - Permission is hereby granted, free of charge, to any person - obtaining a copy of this software and associated documentation files - (the "Software"), to deal in the Software without restriction, - including without limitation the rights to use, copy, modify, merge, - publish, distribute, sublicense, and/or sell copies of the Software, - and to permit persons to whom the Software is furnished to do so, - subject to the following conditions: - - The above copyright notice and this permission notice shall be - included in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - SOFTWARE. - */ - -#ifndef IMATH_H_ -#define IMATH_H_ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef unsigned char mp_sign; -typedef unsigned int mp_size; -typedef int mp_result; -#ifdef USE_LONG_LONG -typedef unsigned int mp_digit; -typedef unsigned long long mp_word; -#else -typedef unsigned short mp_digit; -typedef unsigned int mp_word; -#endif - -typedef struct mpz { - mp_digit single; - mp_digit *digits; - mp_size alloc; - mp_size used; - mp_sign sign; -} mpz_t, *mp_int; - -#define MP_DIGITS(Z) ((Z)->digits) -#define MP_ALLOC(Z) ((Z)->alloc) -#define MP_USED(Z) ((Z)->used) -#define MP_SIGN(Z) ((Z)->sign) - -extern const mp_result MP_OK; -extern const mp_result MP_FALSE; -extern const mp_result MP_TRUE; -extern const mp_result MP_MEMORY; -extern const mp_result MP_RANGE; -extern const mp_result MP_UNDEF; -extern const mp_result MP_TRUNC; -extern const mp_result MP_BADARG; - -#define MP_DIGIT_BIT (sizeof(mp_digit) * CHAR_BIT) -#define MP_WORD_BIT (sizeof(mp_word) * CHAR_BIT) - -#ifdef USE_LONG_LONG -# ifndef ULONG_LONG_MAX -# ifdef ULLONG_MAX -# define ULONG_LONG_MAX ULLONG_MAX -# else -# error "Maximum value of unsigned long long not defined!" -# endif -# endif -# define MP_DIGIT_MAX (ULONG_MAX * 1ULL) -# define MP_WORD_MAX ULONG_LONG_MAX -#else -# define MP_DIGIT_MAX (USHRT_MAX * 1UL) -# define MP_WORD_MAX (UINT_MAX * 1UL) -#endif - -#define MP_MIN_RADIX 2 -#define MP_MAX_RADIX 36 - -/* Values with fewer than this many significant digits use the - standard multiplication algorithm; otherwise, a recursive algorithm - is used. Choose a value to suit your platform. - */ -#define MP_MULT_THRESH 32 - -#define MP_DEFAULT_PREC 8 /* default memory allocation, in digits */ - -extern const mp_sign MP_NEG; -extern const mp_sign MP_ZPOS; - -#define mp_int_is_odd(Z) ((Z)->digits[0] & 1) -#define mp_int_is_even(Z) !((Z)->digits[0] & 1) - -mp_result mp_int_init(mp_int z); -mp_int mp_int_alloc(void); -mp_result mp_int_init_size(mp_int z, mp_size prec); -mp_result mp_int_init_copy(mp_int z, mp_int old); -mp_result mp_int_init_value(mp_int z, int value); -mp_result mp_int_set_value(mp_int z, int value); -void mp_int_clear(mp_int z); -void mp_int_free(mp_int z); - -mp_result mp_int_copy(mp_int a, mp_int c); /* c = a */ -void mp_int_swap(mp_int a, mp_int c); /* swap a, c */ -void mp_int_zero(mp_int z); /* z = 0 */ -mp_result mp_int_abs(mp_int a, mp_int c); /* c = |a| */ -mp_result mp_int_neg(mp_int a, mp_int c); /* c = -a */ -mp_result mp_int_add(mp_int a, mp_int b, mp_int c); /* c = a + b */ -mp_result mp_int_add_value(mp_int a, int value, mp_int c); -mp_result mp_int_sub(mp_int a, mp_int b, mp_int c); /* c = a - b */ -mp_result mp_int_sub_value(mp_int a, int value, mp_int c); -mp_result mp_int_mul(mp_int a, mp_int b, mp_int c); /* c = a * b */ -mp_result mp_int_mul_value(mp_int a, int value, mp_int c); -mp_result mp_int_mul_pow2(mp_int a, int p2, mp_int c); -mp_result mp_int_sqr(mp_int a, mp_int c); /* c = a * a */ -mp_result mp_int_div(mp_int a, mp_int b, /* q = a / b */ - mp_int q, mp_int r); /* r = a % b */ -mp_result mp_int_div_value(mp_int a, int value, /* q = a / value */ - mp_int q, int *r); /* r = a % value */ -mp_result mp_int_div_pow2(mp_int a, int p2, /* q = a / 2^p2 */ - mp_int q, mp_int r); /* r = q % 2^p2 */ -mp_result mp_int_mod(mp_int a, mp_int m, mp_int c); /* c = a % m */ -#define mp_int_mod_value(A, V, R) mp_int_div_value((A), (V), 0, (R)) -mp_result mp_int_expt(mp_int a, int b, mp_int c); /* c = a^b */ -mp_result mp_int_expt_value(int a, int b, mp_int c); /* c = a^b */ - -int mp_int_compare(mp_int a, mp_int b); /* a <=> b */ -int mp_int_compare_unsigned(mp_int a, mp_int b); /* |a| <=> |b| */ -int mp_int_compare_zero(mp_int z); /* a <=> 0 */ -int mp_int_compare_value(mp_int z, int value); /* a <=> v */ - -/* Returns true if v|a, false otherwise (including errors) */ -int mp_int_divisible_value(mp_int a, int v); - -/* Returns k >= 0 such that z = 2^k, if one exists; otherwise < 0 */ -int mp_int_is_pow2(mp_int z); - -mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m, - mp_int c); /* c = a^b (mod m) */ -mp_result mp_int_exptmod_evalue(mp_int a, int value, - mp_int m, mp_int c); /* c = a^v (mod m) */ -mp_result mp_int_exptmod_bvalue(int value, mp_int b, - mp_int m, mp_int c); /* c = v^b (mod m) */ -mp_result mp_int_exptmod_known(mp_int a, mp_int b, - mp_int m, mp_int mu, - mp_int c); /* c = a^b (mod m) */ -mp_result mp_int_redux_const(mp_int m, mp_int c); - -mp_result mp_int_invmod(mp_int a, mp_int m, mp_int c); /* c = 1/a (mod m) */ - -mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c); /* c = gcd(a, b) */ - -mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, /* c = gcd(a, b) */ - mp_int x, mp_int y); /* c = ax + by */ - -mp_result mp_int_sqrt(mp_int a, mp_int c); /* c = floor(sqrt(q)) */ - -/* Convert to an int, if representable (returns MP_RANGE if not). */ -mp_result mp_int_to_int(mp_int z, int *out); - -/* Convert to nul-terminated string with the specified radix, writing at - most limit characters including the nul terminator */ -mp_result mp_int_to_string(mp_int z, mp_size radix, - char *str, int limit); - -/* Return the number of characters required to represent - z in the given radix. May over-estimate. */ -mp_result mp_int_string_len(mp_int z, mp_size radix); - -/* Read zero-terminated string into z */ -mp_result mp_int_read_string(mp_int z, mp_size radix, const char *str); -mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str, - char **end); - -/* Return the number of significant bits in z */ -mp_result mp_int_count_bits(mp_int z); - -/* Convert z to two's complement binary, writing at most limit bytes */ -mp_result mp_int_to_binary(mp_int z, unsigned char *buf, int limit); - -/* Read a two's complement binary value into z from the given buffer */ -mp_result mp_int_read_binary(mp_int z, unsigned char *buf, int len); - -/* Return the number of bytes required to represent z in binary. */ -mp_result mp_int_binary_len(mp_int z); - -/* Convert z to unsigned binary, writing at most limit bytes */ -mp_result mp_int_to_unsigned(mp_int z, unsigned char *buf, int limit); - -/* Read an unsigned binary value into z from the given buffer */ -mp_result mp_int_read_unsigned(mp_int z, unsigned char *buf, int len); - -/* Return the number of bytes required to represent z as unsigned output */ -mp_result mp_int_unsigned_len(mp_int z); - -/* Return a statically allocated string describing error code res */ -const char *mp_error_string(mp_result res); - -#if DEBUG -void s_print(char *tag, mp_int z); -void s_print_buf(char *tag, mp_digit *buf, mp_size num); -#endif - -#ifdef __cplusplus -} -#endif -#endif /* end IMATH_H_ */ diff --git a/source4/heimdal/lib/des/imath/iprime.c b/source4/heimdal/lib/des/imath/iprime.c deleted file mode 100755 index 582ade0f54..0000000000 --- a/source4/heimdal/lib/des/imath/iprime.c +++ /dev/null @@ -1,186 +0,0 @@ -/* - Name: iprime.c - Purpose: Pseudoprimality testing routines - Author: M. J. Fromberger - Info: $Id: iprime.c,v 1.5 2007/01/05 21:01:48 lha Exp $ - - Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved. - - Permission is hereby granted, free of charge, to any person - obtaining a copy of this software and associated documentation files - (the "Software"), to deal in the Software without restriction, - including without limitation the rights to use, copy, modify, merge, - publish, distribute, sublicense, and/or sell copies of the Software, - and to permit persons to whom the Software is furnished to do so, - subject to the following conditions: - - The above copyright notice and this permission notice shall be - included in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - SOFTWARE. - */ - -#include "iprime.h" -#include - -static const int s_ptab[] = { - 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, - 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, - 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, - 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, - 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, - 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, - 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, - 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, - 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, - 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, - 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, - 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, - 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, - 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, - 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, - 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, - 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, - 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, - 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, - 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, - 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277, - 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, - 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399, - 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, - 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, - 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559, - 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609, - 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, - 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733, - 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789, - 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, - 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931, - 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997, - 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, - 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, - 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161, - 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, - 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297, - 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, - 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, - 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473, - 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, - 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, - 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687, - 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729, - 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, - 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851, - 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917, - 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999, - 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, - 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137, - 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209, - 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, - 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331, - 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391, - 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467, - 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, - 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583, - 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643, - 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709, - 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, - 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851, - 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917, - 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, - 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049, - 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111, - 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177, - 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, - 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297, - 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391, - 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457, - 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, - 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597, - 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657, - 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, - 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799, - 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, - 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, - 4957, 4967, 4969, 4973, 4987, 4993, 4999 -}; -static const int s_ptab_size = sizeof(s_ptab)/sizeof(s_ptab[0]); - - -/* {{{ mp_int_is_prime(z) */ - -/* Test whether z is likely to be prime: - MP_TRUE means it is probably prime - MP_FALSE means it is definitely composite - */ -mp_result mp_int_is_prime(mp_int z) -{ - int i, rem; - mp_result res; - - /* First check for divisibility by small primes; this eliminates a - large number of composite candidates quickly - */ - for(i = 0; i < s_ptab_size; ++i) { - if((res = mp_int_div_value(z, s_ptab[i], NULL, &rem)) != MP_OK) - return res; - - if(rem == 0) - return MP_FALSE; - } - - /* Now try Fermat's test for several prime witnesses (since we now - know from the above that z is not a multiple of any of them) - */ - { - mpz_t tmp; - - if((res = mp_int_init(&tmp)) != MP_OK) return res; - - for(i = 0; i < 10 && i < s_ptab_size; ++i) { - if((res = mp_int_exptmod_bvalue(s_ptab[i], z, z, &tmp)) != MP_OK) - return res; - - if(mp_int_compare_value(&tmp, s_ptab[i]) != 0) { - mp_int_clear(&tmp); - return MP_FALSE; - } - } - - mp_int_clear(&tmp); - } - - return MP_TRUE; -} - -/* }}} */ - -/* {{{ mp_int_find_prime(z) */ - -/* Find the first apparent prime in ascending order from z */ -mp_result mp_int_find_prime(mp_int z) -{ - mp_result res; - - if(mp_int_is_even(z) && ((res = mp_int_add_value(z, 1, z)) != MP_OK)) - return res; - - while((res = mp_int_is_prime(z)) == MP_FALSE) { - if((res = mp_int_add_value(z, 2, z)) != MP_OK) - break; - - } - - return res; -} - -/* }}} */ - -/* Here there be dragons */ diff --git a/source4/heimdal/lib/des/imath/iprime.h b/source4/heimdal/lib/des/imath/iprime.h deleted file mode 100755 index cd54a73127..0000000000 --- a/source4/heimdal/lib/des/imath/iprime.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - Name: iprime.h - Purpose: Pseudoprimality testing routines - Author: M. J. Fromberger - Info: $Id: iprime.h,v 1.3 2006/10/21 16:32:30 lha Exp $ - - Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved. - - Permission is hereby granted, free of charge, to any person - obtaining a copy of this software and associated documentation files - (the "Software"), to deal in the Software without restriction, - including without limitation the rights to use, copy, modify, merge, - publish, distribute, sublicense, and/or sell copies of the Software, - and to permit persons to whom the Software is furnished to do so, - subject to the following conditions: - - The above copyright notice and this permission notice shall be - included in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - SOFTWARE. - */ - -#ifndef IPRIME_H_ -#define IPRIME_H_ - -#include "imath.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* Test whether z is likely to be prime - MP_YES means it is probably prime - MP_NO means it is definitely composite - */ -mp_result mp_int_is_prime(mp_int z); - -/* Find the first apparent prime in ascending order from z */ -mp_result mp_int_find_prime(mp_int z); - -#ifdef __cplusplus -} -#endif -#endif /* IPRIME_H_ */ diff --git a/source4/heimdal/lib/des/md2.c b/source4/heimdal/lib/des/md2.c deleted file mode 100644 index 91d7afd125..0000000000 --- a/source4/heimdal/lib/des/md2.c +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include "config.h" - -RCSID("$Id: md2.c,v 1.1 2006/01/08 21:47:28 lha Exp $"); -#endif - -#include "hash.h" -#include "md2.h" - -static const unsigned char subst[256] = { - 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6, - 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188, - 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24, - 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251, - 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63, - 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50, - 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165, - 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210, - 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157, - 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27, - 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15, - 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197, - 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65, - 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123, - 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233, - 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228, - 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237, - 31, 26, 219, 153, 141, 51, 159, 17, 131, 20 -}; - -void -MD2_Init (struct md2 *m) -{ - memset(m, 0, sizeof(*m)); -} - -static void -calc(struct md2 *m, const void *v) -{ - unsigned char x[48], L; - const unsigned char *p = v; - int i, j, t; - - L = m->checksum[15]; - for (i = 0; i < 16; i++) - L = m->checksum[i] ^= subst[p[i] ^ L]; - - for (i = 0; i < 16; i++) { - x[i] = m->state[i]; - x[i + 16] = p[i]; - x[i + 32] = x[i] ^ p[i]; - } - - t = 0; - for (i = 0; i < 18; i++) { - for (j = 0; j < 48; j++) - t = x[j] ^= subst[t]; - t = (t + i) & 0xff; - } - - memcpy(m->state, x, 16); - memset(x, 0, sizeof(x)); -} - -void -MD2_Update (struct md2 *m, const void *v, size_t len) -{ - size_t idx = m->len & 0xf; - const unsigned char *p = v; - - m->len += len; - if (len + idx >= 16) { - if (idx) { - memcpy(m->data + idx, p, 16 - idx); - calc(m, m->data); - p += 16; - len -= 16 - idx; - } - while (len >= 16) { - calc(m, p); - p += 16; - len -= 16; - } - idx = 0; - } - - memcpy(m->data + idx, p, len); -} - -void -MD2_Final (void *res, struct md2 *m) -{ - unsigned char pad[16]; - size_t padlen; - - padlen = 16 - (m->len % 16); - memset(pad, padlen, padlen); - - MD2_Update(m, pad, padlen); - memcpy(pad, m->checksum, 16); - MD2_Update(m, pad, 16); - - memcpy(res, m->state, MD2_DIGEST_LENGTH); - memset(m, 0, sizeof(m)); -} diff --git a/source4/heimdal/lib/des/md2.h b/source4/heimdal/lib/des/md2.h deleted file mode 100644 index f305d943aa..0000000000 --- a/source4/heimdal/lib/des/md2.h +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: md2.h,v 1.1 2006/01/08 21:47:28 lha Exp $ */ - -#ifndef HEIM_MD2_H -#define HEIM_MD2_H 1 - -/* symbol renaming */ -#define MD2_Init hc_MD2_Init -#define MD2_Update hc_MD2_Update -#define MD2_Final hc_MD2_Final - -/* - * - */ - -#define MD2_DIGEST_LENGTH 16 - -struct md2 { - size_t len; - unsigned char data[16]; /* stored unalligned data between Update's */ - unsigned char checksum[16]; - unsigned char state[16]; /* lower 16 bytes of X */ -}; - -typedef struct md2 MD2_CTX; - -void MD2_Init (struct md2 *m); -void MD2_Update (struct md2 *m, const void *p, size_t len); -void MD2_Final (void *res, struct md2 *m); - -#endif /* HEIM_MD2_H */ diff --git a/source4/heimdal/lib/des/md4.c b/source4/heimdal/lib/des/md4.c deleted file mode 100644 index ded4fe12e8..0000000000 --- a/source4/heimdal/lib/des/md4.c +++ /dev/null @@ -1,250 +0,0 @@ -/* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include "config.h" - -RCSID("$Id: md4.c,v 1.18 2006/05/05 10:22:04 lha Exp $"); -#endif - -#include "hash.h" -#include "md4.h" - -#define A m->counter[0] -#define B m->counter[1] -#define C m->counter[2] -#define D m->counter[3] -#define X data - -void -MD4_Init (struct md4 *m) -{ - m->sz[0] = 0; - m->sz[1] = 0; - D = 0x10325476; - C = 0x98badcfe; - B = 0xefcdab89; - A = 0x67452301; -} - -#define F(x,y,z) CRAYFIX((x & y) | (~x & z)) -#define G(x,y,z) ((x & y) | (x & z) | (y & z)) -#define H(x,y,z) (x ^ y ^ z) - -#define DOIT(a,b,c,d,k,s,i,OP) \ -a = cshift(a + OP(b,c,d) + X[k] + i, s) - -#define DO1(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,F) -#define DO2(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,G) -#define DO3(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,H) - -static inline void -calc (struct md4 *m, uint32_t *data) -{ - uint32_t AA, BB, CC, DD; - - AA = A; - BB = B; - CC = C; - DD = D; - - /* Round 1 */ - - DO1(A,B,C,D,0,3,0); - DO1(D,A,B,C,1,7,0); - DO1(C,D,A,B,2,11,0); - DO1(B,C,D,A,3,19,0); - - DO1(A,B,C,D,4,3,0); - DO1(D,A,B,C,5,7,0); - DO1(C,D,A,B,6,11,0); - DO1(B,C,D,A,7,19,0); - - DO1(A,B,C,D,8,3,0); - DO1(D,A,B,C,9,7,0); - DO1(C,D,A,B,10,11,0); - DO1(B,C,D,A,11,19,0); - - DO1(A,B,C,D,12,3,0); - DO1(D,A,B,C,13,7,0); - DO1(C,D,A,B,14,11,0); - DO1(B,C,D,A,15,19,0); - - /* Round 2 */ - - DO2(A,B,C,D,0,3,0x5A827999); - DO2(D,A,B,C,4,5,0x5A827999); - DO2(C,D,A,B,8,9,0x5A827999); - DO2(B,C,D,A,12,13,0x5A827999); - - DO2(A,B,C,D,1,3,0x5A827999); - DO2(D,A,B,C,5,5,0x5A827999); - DO2(C,D,A,B,9,9,0x5A827999); - DO2(B,C,D,A,13,13,0x5A827999); - - DO2(A,B,C,D,2,3,0x5A827999); - DO2(D,A,B,C,6,5,0x5A827999); - DO2(C,D,A,B,10,9,0x5A827999); - DO2(B,C,D,A,14,13,0x5A827999); - - DO2(A,B,C,D,3,3,0x5A827999); - DO2(D,A,B,C,7,5,0x5A827999); - DO2(C,D,A,B,11,9,0x5A827999); - DO2(B,C,D,A,15,13,0x5A827999); - - /* Round 3 */ - - DO3(A,B,C,D,0,3,0x6ED9EBA1); - DO3(D,A,B,C,8,9,0x6ED9EBA1); - DO3(C,D,A,B,4,11,0x6ED9EBA1); - DO3(B,C,D,A,12,15,0x6ED9EBA1); - - DO3(A,B,C,D,2,3,0x6ED9EBA1); - DO3(D,A,B,C,10,9,0x6ED9EBA1); - DO3(C,D,A,B,6,11,0x6ED9EBA1); - DO3(B,C,D,A,14,15,0x6ED9EBA1); - - DO3(A,B,C,D,1,3,0x6ED9EBA1); - DO3(D,A,B,C,9,9,0x6ED9EBA1); - DO3(C,D,A,B,5,11,0x6ED9EBA1); - DO3(B,C,D,A,13,15,0x6ED9EBA1); - - DO3(A,B,C,D,3,3,0x6ED9EBA1); - DO3(D,A,B,C,11,9,0x6ED9EBA1); - DO3(C,D,A,B,7,11,0x6ED9EBA1); - DO3(B,C,D,A,15,15,0x6ED9EBA1); - - A += AA; - B += BB; - C += CC; - D += DD; -} - -/* - * From `Performance analysis of MD5' by Joseph D. Touch - */ - -#if defined(WORDS_BIGENDIAN) -static inline uint32_t -swap_uint32_t (uint32_t t) -{ - uint32_t temp1, temp2; - - temp1 = cshift(t, 16); - temp2 = temp1 >> 8; - temp1 &= 0x00ff00ff; - temp2 &= 0x00ff00ff; - temp1 <<= 8; - return temp1 | temp2; -} -#endif - -struct x32{ - unsigned int a:32; - unsigned int b:32; -}; - -void -MD4_Update (struct md4 *m, const void *v, size_t len) -{ - const unsigned char *p = v; - size_t old_sz = m->sz[0]; - size_t offset; - - m->sz[0] += len * 8; - if (m->sz[0] < old_sz) - ++m->sz[1]; - offset = (old_sz / 8) % 64; - while(len > 0) { - size_t l = min(len, 64 - offset); - memcpy(m->save + offset, p, l); - offset += l; - p += l; - len -= l; - if(offset == 64) { -#if defined(WORDS_BIGENDIAN) - int i; - uint32_t current[16]; - struct x32 *u = (struct x32*)m->save; - for(i = 0; i < 8; i++){ - current[2*i+0] = swap_uint32_t(u[i].a); - current[2*i+1] = swap_uint32_t(u[i].b); - } - calc(m, current); -#else - calc(m, (uint32_t*)m->save); -#endif - offset = 0; - } - } -} - -void -MD4_Final (void *res, struct md4 *m) -{ - unsigned char zeros[72]; - unsigned offset = (m->sz[0] / 8) % 64; - unsigned int dstart = (120 - offset - 1) % 64 + 1; - - *zeros = 0x80; - memset (zeros + 1, 0, sizeof(zeros) - 1); - zeros[dstart+0] = (m->sz[0] >> 0) & 0xff; - zeros[dstart+1] = (m->sz[0] >> 8) & 0xff; - zeros[dstart+2] = (m->sz[0] >> 16) & 0xff; - zeros[dstart+3] = (m->sz[0] >> 24) & 0xff; - zeros[dstart+4] = (m->sz[1] >> 0) & 0xff; - zeros[dstart+5] = (m->sz[1] >> 8) & 0xff; - zeros[dstart+6] = (m->sz[1] >> 16) & 0xff; - zeros[dstart+7] = (m->sz[1] >> 24) & 0xff; - MD4_Update (m, zeros, dstart + 8); - { - int i; - unsigned char *r = (unsigned char *)res; - - for (i = 0; i < 4; ++i) { - r[4*i] = m->counter[i] & 0xFF; - r[4*i+1] = (m->counter[i] >> 8) & 0xFF; - r[4*i+2] = (m->counter[i] >> 16) & 0xFF; - r[4*i+3] = (m->counter[i] >> 24) & 0xFF; - } - } -#if 0 - { - int i; - uint32_t *r = (uint32_t *)res; - - for (i = 0; i < 4; ++i) - r[i] = swap_uint32_t (m->counter[i]); - } -#endif -} diff --git a/source4/heimdal/lib/des/md4.h b/source4/heimdal/lib/des/md4.h deleted file mode 100644 index f8c011b9b7..0000000000 --- a/source4/heimdal/lib/des/md4.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: md4.h,v 1.11 2006/05/05 11:07:01 lha Exp $ */ - -#ifndef HEIM_MD4_H -#define HEIM_MD4_H 1 - -/* symbol renaming */ -#define MD4_Init hc_MD4_Init -#define MD4_Update hc_MD4_Update -#define MD4_Final hc_MD4_Final - -/* - * - */ - -#define MD4_DIGEST_LENGTH 16 - -struct md4 { - unsigned int sz[2]; - uint32_t counter[4]; - unsigned char save[64]; -}; - -typedef struct md4 MD4_CTX; - -void MD4_Init (struct md4 *m); -void MD4_Update (struct md4 *m, const void *p, size_t len); -void MD4_Final (void *res, struct md4 *m); - -#endif /* HEIM_MD4_H */ diff --git a/source4/heimdal/lib/des/md5.c b/source4/heimdal/lib/des/md5.c deleted file mode 100644 index e23d6c8fd7..0000000000 --- a/source4/heimdal/lib/des/md5.c +++ /dev/null @@ -1,274 +0,0 @@ -/* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include "config.h" - -RCSID("$Id: md5.c,v 1.18 2006/05/05 10:22:35 lha Exp $"); -#endif - -#include "hash.h" -#include "md5.h" - -#define A m->counter[0] -#define B m->counter[1] -#define C m->counter[2] -#define D m->counter[3] -#define X data - -void -MD5_Init (struct md5 *m) -{ - m->sz[0] = 0; - m->sz[1] = 0; - D = 0x10325476; - C = 0x98badcfe; - B = 0xefcdab89; - A = 0x67452301; -} - -#define F(x,y,z) CRAYFIX((x & y) | (~x & z)) -#define G(x,y,z) CRAYFIX((x & z) | (y & ~z)) -#define H(x,y,z) (x ^ y ^ z) -#define I(x,y,z) CRAYFIX(y ^ (x | ~z)) - -#define DOIT(a,b,c,d,k,s,i,OP) \ -a = b + cshift(a + OP(b,c,d) + X[k] + (i), s) - -#define DO1(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,F) -#define DO2(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,G) -#define DO3(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,H) -#define DO4(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,I) - -static inline void -calc (struct md5 *m, uint32_t *data) -{ - uint32_t AA, BB, CC, DD; - - AA = A; - BB = B; - CC = C; - DD = D; - - /* Round 1 */ - - DO1(A,B,C,D,0,7,0xd76aa478); - DO1(D,A,B,C,1,12,0xe8c7b756); - DO1(C,D,A,B,2,17,0x242070db); - DO1(B,C,D,A,3,22,0xc1bdceee); - - DO1(A,B,C,D,4,7,0xf57c0faf); - DO1(D,A,B,C,5,12,0x4787c62a); - DO1(C,D,A,B,6,17,0xa8304613); - DO1(B,C,D,A,7,22,0xfd469501); - - DO1(A,B,C,D,8,7,0x698098d8); - DO1(D,A,B,C,9,12,0x8b44f7af); - DO1(C,D,A,B,10,17,0xffff5bb1); - DO1(B,C,D,A,11,22,0x895cd7be); - - DO1(A,B,C,D,12,7,0x6b901122); - DO1(D,A,B,C,13,12,0xfd987193); - DO1(C,D,A,B,14,17,0xa679438e); - DO1(B,C,D,A,15,22,0x49b40821); - - /* Round 2 */ - - DO2(A,B,C,D,1,5,0xf61e2562); - DO2(D,A,B,C,6,9,0xc040b340); - DO2(C,D,A,B,11,14,0x265e5a51); - DO2(B,C,D,A,0,20,0xe9b6c7aa); - - DO2(A,B,C,D,5,5,0xd62f105d); - DO2(D,A,B,C,10,9,0x2441453); - DO2(C,D,A,B,15,14,0xd8a1e681); - DO2(B,C,D,A,4,20,0xe7d3fbc8); - - DO2(A,B,C,D,9,5,0x21e1cde6); - DO2(D,A,B,C,14,9,0xc33707d6); - DO2(C,D,A,B,3,14,0xf4d50d87); - DO2(B,C,D,A,8,20,0x455a14ed); - - DO2(A,B,C,D,13,5,0xa9e3e905); - DO2(D,A,B,C,2,9,0xfcefa3f8); - DO2(C,D,A,B,7,14,0x676f02d9); - DO2(B,C,D,A,12,20,0x8d2a4c8a); - - /* Round 3 */ - - DO3(A,B,C,D,5,4,0xfffa3942); - DO3(D,A,B,C,8,11,0x8771f681); - DO3(C,D,A,B,11,16,0x6d9d6122); - DO3(B,C,D,A,14,23,0xfde5380c); - - DO3(A,B,C,D,1,4,0xa4beea44); - DO3(D,A,B,C,4,11,0x4bdecfa9); - DO3(C,D,A,B,7,16,0xf6bb4b60); - DO3(B,C,D,A,10,23,0xbebfbc70); - - DO3(A,B,C,D,13,4,0x289b7ec6); - DO3(D,A,B,C,0,11,0xeaa127fa); - DO3(C,D,A,B,3,16,0xd4ef3085); - DO3(B,C,D,A,6,23,0x4881d05); - - DO3(A,B,C,D,9,4,0xd9d4d039); - DO3(D,A,B,C,12,11,0xe6db99e5); - DO3(C,D,A,B,15,16,0x1fa27cf8); - DO3(B,C,D,A,2,23,0xc4ac5665); - - /* Round 4 */ - - DO4(A,B,C,D,0,6,0xf4292244); - DO4(D,A,B,C,7,10,0x432aff97); - DO4(C,D,A,B,14,15,0xab9423a7); - DO4(B,C,D,A,5,21,0xfc93a039); - - DO4(A,B,C,D,12,6,0x655b59c3); - DO4(D,A,B,C,3,10,0x8f0ccc92); - DO4(C,D,A,B,10,15,0xffeff47d); - DO4(B,C,D,A,1,21,0x85845dd1); - - DO4(A,B,C,D,8,6,0x6fa87e4f); - DO4(D,A,B,C,15,10,0xfe2ce6e0); - DO4(C,D,A,B,6,15,0xa3014314); - DO4(B,C,D,A,13,21,0x4e0811a1); - - DO4(A,B,C,D,4,6,0xf7537e82); - DO4(D,A,B,C,11,10,0xbd3af235); - DO4(C,D,A,B,2,15,0x2ad7d2bb); - DO4(B,C,D,A,9,21,0xeb86d391); - - A += AA; - B += BB; - C += CC; - D += DD; -} - -/* - * From `Performance analysis of MD5' by Joseph D. Touch - */ - -#if defined(WORDS_BIGENDIAN) -static inline uint32_t -swap_uint32_t (uint32_t t) -{ - uint32_t temp1, temp2; - - temp1 = cshift(t, 16); - temp2 = temp1 >> 8; - temp1 &= 0x00ff00ff; - temp2 &= 0x00ff00ff; - temp1 <<= 8; - return temp1 | temp2; -} -#endif - -struct x32{ - unsigned int a:32; - unsigned int b:32; -}; - -void -MD5_Update (struct md5 *m, const void *v, size_t len) -{ - const unsigned char *p = v; - size_t old_sz = m->sz[0]; - size_t offset; - - m->sz[0] += len * 8; - if (m->sz[0] < old_sz) - ++m->sz[1]; - offset = (old_sz / 8) % 64; - while(len > 0){ - size_t l = min(len, 64 - offset); - memcpy(m->save + offset, p, l); - offset += l; - p += l; - len -= l; - if(offset == 64){ -#if defined(WORDS_BIGENDIAN) - int i; - uint32_t current[16]; - struct x32 *u = (struct x32*)m->save; - for(i = 0; i < 8; i++){ - current[2*i+0] = swap_uint32_t(u[i].a); - current[2*i+1] = swap_uint32_t(u[i].b); - } - calc(m, current); -#else - calc(m, (uint32_t*)m->save); -#endif - offset = 0; - } - } -} - -void -MD5_Final (void *res, struct md5 *m) -{ - unsigned char zeros[72]; - unsigned offset = (m->sz[0] / 8) % 64; - unsigned int dstart = (120 - offset - 1) % 64 + 1; - - *zeros = 0x80; - memset (zeros + 1, 0, sizeof(zeros) - 1); - zeros[dstart+0] = (m->sz[0] >> 0) & 0xff; - zeros[dstart+1] = (m->sz[0] >> 8) & 0xff; - zeros[dstart+2] = (m->sz[0] >> 16) & 0xff; - zeros[dstart+3] = (m->sz[0] >> 24) & 0xff; - zeros[dstart+4] = (m->sz[1] >> 0) & 0xff; - zeros[dstart+5] = (m->sz[1] >> 8) & 0xff; - zeros[dstart+6] = (m->sz[1] >> 16) & 0xff; - zeros[dstart+7] = (m->sz[1] >> 24) & 0xff; - MD5_Update (m, zeros, dstart + 8); - { - int i; - unsigned char *r = (unsigned char *)res; - - for (i = 0; i < 4; ++i) { - r[4*i] = m->counter[i] & 0xFF; - r[4*i+1] = (m->counter[i] >> 8) & 0xFF; - r[4*i+2] = (m->counter[i] >> 16) & 0xFF; - r[4*i+3] = (m->counter[i] >> 24) & 0xFF; - } - } -#if 0 - { - int i; - uint32_t *r = (uint32_t *)res; - - for (i = 0; i < 4; ++i) - r[i] = swap_uint32_t (m->counter[i]); - } -#endif -} diff --git a/source4/heimdal/lib/des/md5.h b/source4/heimdal/lib/des/md5.h deleted file mode 100644 index 54c34fe572..0000000000 --- a/source4/heimdal/lib/des/md5.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: md5.h,v 1.11 2006/05/05 11:07:11 lha Exp $ */ - -#ifndef HEIM_MD5_H -#define HEIM_MD5_H 1 - -/* symbol renaming */ -#define MD5_Init hc_MD5_Init -#define MD5_Update hc_MD5_Update -#define MD5_Final hc_MD5_Final - -/* - * - */ - -#define MD5_DIGEST_LENGTH 16 - -struct md5 { - unsigned int sz[2]; - uint32_t counter[4]; - unsigned char save[64]; -}; - -typedef struct md5 MD5_CTX; - -void MD5_Init (struct md5 *m); -void MD5_Update (struct md5 *m, const void *p, size_t len); -void MD5_Final (void *res, struct md5 *m); /* uint32_t res[4] */ - -#endif /* HEIM_MD5_H */ diff --git a/source4/heimdal/lib/des/pkcs12.c b/source4/heimdal/lib/des/pkcs12.c deleted file mode 100644 index cc92285754..0000000000 --- a/source4/heimdal/lib/des/pkcs12.c +++ /dev/null @@ -1,145 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -RCSID("$Id: pkcs12.c,v 1.1 2006/01/13 08:26:49 lha Exp $"); - -#include -#include -#include - -#include -#include - -#include - -int -PKCS12_key_gen(const void *key, size_t keylen, - const void *salt, size_t saltlen, - int id, int iteration, size_t outkeysize, - void *out, const EVP_MD *md) -{ - unsigned char *v, *I, hash[EVP_MAX_MD_SIZE]; - unsigned int size, size_I = 0; - unsigned char idc = id; - EVP_MD_CTX ctx; - unsigned char *outp = out; - int i, vlen; - - EVP_MD_CTX_init(&ctx); - - vlen = EVP_MD_block_size(md); - v = malloc(vlen + 1); - if (v == NULL) - return 0; - - I = calloc(1, vlen * 2); - if (I == NULL) { - free(v); - return 0; - } - - if (salt && saltlen > 0) { - for (i = 0; i < vlen; i++) - I[i] = ((unsigned char*)salt)[i % saltlen]; - size_I += vlen; - } - if (key && keylen > 0) { - for (i = 0; i < vlen / 2; i++) { - I[(i * 2) + size_I] = 0; - I[(i * 2) + size_I + 1] = ((unsigned char*)key)[i % (keylen + 1)]; - } - size_I += vlen; - } - - while (1) { - BIGNUM *bnB, *bnOne; - - if (!EVP_DigestInit_ex(&ctx, md, NULL)) - return 0; - for (i = 0; i < vlen; i++) - EVP_DigestUpdate(&ctx, &idc, 1); - EVP_DigestUpdate(&ctx, I, size_I); - EVP_DigestFinal_ex(&ctx, hash, &size); - - for (i = 1; i < iteration; i++) - EVP_Digest(hash, size, hash, &size, md, NULL); - - memcpy(outp, hash, min(outkeysize, size)); - if (outkeysize < size) - break; - outkeysize -= size; - outp += size; - - for (i = 0; i < vlen; i++) - v[i] = hash[i % size]; - - bnB = BN_bin2bn(v, vlen, NULL); - bnOne = BN_new(); - BN_set_word(bnOne, 1); - - BN_uadd(bnB, bnB, bnOne); - - for (i = 0; i < vlen * 2; i += vlen) { - BIGNUM *bnI; - int j; - - bnI = BN_bin2bn(I + i, vlen, NULL); - - BN_uadd(bnI, bnI, bnB); - - j = BN_num_bytes(bnI); - if (j > vlen) { - assert(j == vlen + 1); - BN_bn2bin(bnI, v); - memcpy(I + i, v + 1, vlen); - } else { - memset(I + i, 0, vlen - j); - BN_bn2bin(bnI, I + i + vlen - j); - } - BN_free(bnI); - } - BN_free(bnB); - BN_free(bnOne); - size_I = vlen * 2; - } - - EVP_MD_CTX_cleanup(&ctx); - free(I); - free(v); - - return 1; -} diff --git a/source4/heimdal/lib/des/pkcs12.h b/source4/heimdal/lib/des/pkcs12.h deleted file mode 100644 index b55f1fced5..0000000000 --- a/source4/heimdal/lib/des/pkcs12.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * $Id: pkcs12.h,v 1.2 2006/01/13 15:26:52 lha Exp $ - */ - -#ifndef _HEIM_PKCS12_H -#define _HEIM_PKCS12_H 1 - -/* symbol renaming */ -#define PKCS12_key_gen hc_PKCS12_key_gen - -/* - * - */ - -#include - -#define PKCS12_KEY_ID 1 -#define PKCS12_IV_ID 2 - -int PKCS12_key_gen(const void *, size_t, const void *, - size_t, int, int, size_t, void *, const EVP_MD *); - - -#endif /* _HEIM_PKCS12_H */ diff --git a/source4/heimdal/lib/des/pkcs5.c b/source4/heimdal/lib/des/pkcs5.c deleted file mode 100644 index 9ed494ef6f..0000000000 --- a/source4/heimdal/lib/des/pkcs5.c +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -RCSID("$Id: pkcs5.c,v 1.3 2006/05/05 10:23:11 lha Exp $"); - -#ifdef KRB5 -#include -#endif - -#include -#include - -#include -#include - -#include - -int -PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len, - const void * salt, size_t salt_len, - unsigned long iter, - size_t keylen, void *key) -{ - size_t datalen, leftofkey, checksumsize; - char *data, *tmpcksum; - uint32_t keypart; - const EVP_MD *md; - unsigned long i; - int j; - char *p; - unsigned int hmacsize; - - md = EVP_sha1(); - checksumsize = EVP_MD_size(md); - datalen = salt_len + 4; - - tmpcksum = malloc(checksumsize + datalen); - if (tmpcksum == NULL) - return 0; - - data = &tmpcksum[checksumsize]; - - memcpy(data, salt, salt_len); - - keypart = 1; - leftofkey = keylen; - p = key; - - while (leftofkey) { - int len; - - if (leftofkey > checksumsize) - len = checksumsize; - else - len = leftofkey; - - data[datalen - 4] = (keypart >> 24) & 0xff; - data[datalen - 3] = (keypart >> 16) & 0xff; - data[datalen - 2] = (keypart >> 8) & 0xff; - data[datalen - 1] = (keypart) & 0xff; - - HMAC(md, password, password_len, data, datalen, - tmpcksum, &hmacsize); - - memcpy(p, tmpcksum, len); - for (i = 1; i < iter; i++) { - HMAC(md, password, password_len, tmpcksum, checksumsize, - tmpcksum, &hmacsize); - - for (j = 0; j < len; j++) - p[j] ^= tmpcksum[j]; - } - - p += len; - leftofkey -= len; - keypart++; - } - - free(tmpcksum); - - return 1; -} diff --git a/source4/heimdal/lib/des/rand-unix.c b/source4/heimdal/lib/des/rand-unix.c deleted file mode 100644 index a51c6c0c0d..0000000000 --- a/source4/heimdal/lib/des/rand-unix.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -RCSID("$Id: rand-unix.c,v 1.2 2006/10/21 21:09:14 lha Exp $"); - -#include -#include -#include - -#include - -/* - * Unix /dev/random - */ - -static int -get_device_fd(int flags) -{ - static const char *rnd_devices[] = { - "/dev/urandom", - "/dev/random", - "/dev/srandom", - "/dev/arandom", - NULL - }; - const char **p; - - for(p = rnd_devices; *p; p++) { - int fd = open(*p, flags | O_NDELAY); - if(fd >= 0) - return fd; - } - return -1; -} - -static void -unix_seed(const void *indata, int size) -{ - int fd; - - if (size <= 0) - return; - - fd = get_device_fd(O_WRONLY); - if (fd < 0) - return; - - write(fd, indata, size); - close(fd); - -} - -static int -unix_bytes(unsigned char *outdata, int size) -{ - ssize_t count; - int fd; - - if (size <= 0) - return 0; - - fd = get_device_fd(O_RDONLY); - if (fd < 0) - return 0; - - while (size > 0) { - count = read (fd, outdata, size); - if (count < 0 && errno == EINTR) - continue; - else if (count <= 0) { - close(fd); - return 0; - } - outdata += count; - size -= count; - } - close(fd); - - return 1; -} - -static void -unix_cleanup(void) -{ -} - -static void -unix_add(const void *indata, int size, double entropi) -{ - unix_seed(indata, size); -} - -static int -unix_pseudorand(unsigned char *outdata, int size) -{ - return unix_bytes(outdata, size); -} - -static int -unix_status(void) -{ - int fd; - - fd = get_device_fd(O_RDONLY); - if (fd < 0) - return 0; - close(fd); - - return 1; -} - -const RAND_METHOD hc_rand_unix_method = { - unix_seed, - unix_bytes, - unix_cleanup, - unix_add, - unix_pseudorand, - unix_status -}; diff --git a/source4/heimdal/lib/des/rand.c b/source4/heimdal/lib/des/rand.c deleted file mode 100644 index 6eb959b724..0000000000 --- a/source4/heimdal/lib/des/rand.c +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -RCSID("$Id: rand.c,v 1.7 2006/10/16 10:23:01 lha Exp $"); - -#include -#include -#include - -#include - -extern RAND_METHOD hc_rand_unix_method; -static const RAND_METHOD *selected_meth = &hc_rand_unix_method; - -void -RAND_seed(const void *indata, size_t size) -{ - (*selected_meth->seed)(indata, size); -} - -int -RAND_bytes(void *outdata, size_t size) -{ - return (*selected_meth->bytes)(outdata, size); -} - -void -RAND_cleanup(void) -{ - (*selected_meth->cleanup)(); -} - -void -RAND_add(const void *indata, size_t size, double entropi) -{ - (*selected_meth->add)(indata, size, entropi); -} - -int -RAND_pseudo_bytes(void *outdata, size_t size) -{ - return (*selected_meth->pseudorand)(outdata, size); -} - -int -RAND_status(void) -{ - return (*selected_meth->status)(); -} - -int -RAND_set_rand_method(const RAND_METHOD *meth) -{ - selected_meth = meth; - return 1; -} - -const RAND_METHOD * -RAND_get_rand_method(void) -{ - return selected_meth; -} - -int -RAND_set_rand_engine(ENGINE *engine) -{ - return 1; -} - -int -RAND_load_file(const char *filename, size_t size) -{ - return 1; -} - -int -RAND_write_file(const char *filename) -{ - return 1; -} - -int -RAND_egd(const char *filename) -{ - return 1; -} diff --git a/source4/heimdal/lib/des/rand.h b/source4/heimdal/lib/des/rand.h deleted file mode 100644 index a57da53928..0000000000 --- a/source4/heimdal/lib/des/rand.h +++ /dev/null @@ -1,96 +0,0 @@ - -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * $Id: rand.h,v 1.4 2006/04/17 13:23:04 lha Exp $ - */ - -#ifndef _HEIM_RAND_H -#define _HEIM_RAND_H 1 - -typedef struct RAND_METHOD RAND_METHOD; - -#include -#include - -/* symbol renaming */ -#define RAND_bytes hc_RAND_bytes -#define RAND_pseudo_bytes hc_RAND_pseudo_bytes -#define RAND_seed hc_RAND_seed -#define RAND_cleanup hc_RAND_cleanup -#define RAND_add hc_RAND_add -#define RAND_set_rand_method hc_RAND_set_rand_method -#define RAND_get_rand_method hc_RAND_get_rand_method -#define RAND_set_rand_engine hc_RAND_set_rand_engine -#define RAND_load_file hc_RAND_load_file -#define RAND_write_file hc_RAND_write_file -#define RAND_status hc_RAND_status -#define RAND_egd hc_RAND_egd - -/* - * - */ - -struct RAND_METHOD -{ - void (*seed)(const void *, int); - int (*bytes)(unsigned char *, int); - void (*cleanup)(void); - void (*add)(const void *, int, double); - int (*pseudorand)(unsigned char *, int); - int (*status)(void); -}; - -/* - * - */ - -int RAND_bytes(void *, size_t num); -int RAND_pseudo_bytes(void *, size_t); -void RAND_seed(const void *, size_t); -void RAND_cleanup(void); -void RAND_add(const void *, size_t, double); - -int RAND_set_rand_method(const RAND_METHOD *); -const RAND_METHOD * - RAND_get_rand_method(void); -int RAND_set_rand_engine(ENGINE *); - -int RAND_load_file(const char *, size_t); -int RAND_write_file(const char *); -int RAND_status(void); -int RAND_egd(const char *); - - -#endif /* _HEIM_RAND_H */ diff --git a/source4/heimdal/lib/des/rc2.c b/source4/heimdal/lib/des/rc2.c deleted file mode 100755 index ed43c70605..0000000000 --- a/source4/heimdal/lib/des/rc2.c +++ /dev/null @@ -1,245 +0,0 @@ -/* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -RCSID("$Id: rc2.c,v 1.7 2006/04/09 17:03:21 lha Exp $"); -#endif - -#include "rc2.h" -#include -#include -#include - -/* - * Implemented from Peter Gutmann's "Specification for Ron Rivests Cipher No.2" - * rfc2268 and "On the Design and Security of RC2" was also useful. - */ - -static unsigned int Sbox[256] = { - 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, - 0x28, 0xe9, 0xfd, 0x79, 0x4a, 0xa0, 0xd8, 0x9d, - 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, - 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2, - 0x17, 0x9a, 0x59, 0xf5, 0x87, 0xb3, 0x4f, 0x13, - 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32, - 0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, - 0xf0, 0x95, 0x21, 0x22, 0x5c, 0x6b, 0x4e, 0x82, - 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, - 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc, - 0x12, 0x75, 0xca, 0x1f, 0x3b, 0xbe, 0xe4, 0xd1, - 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26, - 0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, - 0x27, 0xf2, 0x1d, 0x9b, 0xbc, 0x94, 0x43, 0x03, - 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, - 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, - 0x08, 0xe8, 0xea, 0xde, 0x80, 0x52, 0xee, 0xf7, - 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a, - 0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, - 0x4b, 0x9f, 0xd0, 0x5e, 0x04, 0x18, 0xa4, 0xec, - 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, - 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, - 0x99, 0x7c, 0x3a, 0x85, 0x23, 0xb8, 0xb4, 0x7a, - 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31, - 0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, - 0x05, 0xdf, 0x29, 0x10, 0x67, 0x6c, 0xba, 0xc9, - 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, - 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9, - 0x0d, 0x38, 0x34, 0x1b, 0xab, 0x33, 0xff, 0xb0, - 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e, - 0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, - 0x0a, 0xa6, 0x20, 0x68, 0xfe, 0x7f, 0xc1, 0xad -}; - -void -RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) -{ - unsigned char k[128]; - int j, T8, TM; - - if (len <= 0) - abort(); - if (len > 128) - len = 128; - if (bits <= 0 || bits > 1024) - bits = 1024; - - for (j = 0; j < len; j++) - k[j] = data[j]; - for (; j < 128; j++) - k[j] = Sbox[(k[j - len] + k[j - 1]) & 0xff]; - - T8 = (bits + 7) / 8; - j = (8*T8 - bits); - TM = 0xff >> j; - - k[128 - T8] = Sbox[k[128 - T8] & TM]; - - for (j = 127 - T8; j >= 0; j--) - k[j] = Sbox[k[j + 1] ^ k[j + T8]]; - - for (j = 0; j < 64; j++) - key->data[j] = k[(j * 2) + 0] | (k[(j * 2) + 1] << 8); - memset(k, 0, sizeof(k)); -} - -#define ROT16L(w,n) ((w<>(16-n))) -#define ROT16R(w,n) ((w>>n)|(w<<(16-n))) - -void -RC2_encryptc(unsigned char *in, unsigned char *out, const RC2_KEY *key) -{ - int i, j; - int w0, w1, w2, w3; - int t0, t1, t2, t3; - - w0 = in[0] | (in[1] << 8); - w1 = in[2] | (in[3] << 8); - w2 = in[4] | (in[5] << 8); - w3 = in[6] | (in[7] << 8); - - for (i = 0; i < 16; i++) { - j = i * 4; - t0 = (w0 + (w1 & ~w3) + (w2 & w3) + key->data[j + 0]) & 0xffff; - w0 = ROT16L(t0, 1); - t1 = (w1 + (w2 & ~w0) + (w3 & w0) + key->data[j + 1]) & 0xffff; - w1 = ROT16L(t1, 2); - t2 = (w2 + (w3 & ~w1) + (w0 & w1) + key->data[j + 2]) & 0xffff; - w2 = ROT16L(t2, 3); - t3 = (w3 + (w0 & ~w2) + (w1 & w2) + key->data[j + 3]) & 0xffff; - w3 = ROT16L(t3, 5); - if(i == 4 || i == 10) { - w0 += key->data[w3 & 63]; - w1 += key->data[w0 & 63]; - w2 += key->data[w1 & 63]; - w3 += key->data[w2 & 63]; - } - } - - out[0] = w0 & 0xff; - out[1] = (w0 >> 8) & 0xff; - out[2] = w1 & 0xff; - out[3] = (w1 >> 8) & 0xff; - out[4] = w2 & 0xff; - out[5] = (w2 >> 8) & 0xff; - out[6] = w3 & 0xff; - out[7] = (w3 >> 8) & 0xff; -} - -void -RC2_decryptc(unsigned char *in, unsigned char *out, const RC2_KEY *key) -{ - int i, j; - int w0, w1, w2, w3; - int t0, t1, t2, t3; - - w0 = in[0] | (in[1] << 8); - w1 = in[2] | (in[3] << 8); - w2 = in[4] | (in[5] << 8); - w3 = in[6] | (in[7] << 8); - - for (i = 15; i >= 0; i--) { - j = i * 4; - - if(i == 4 || i == 10) { - w3 = (w3 - key->data[w2 & 63]) & 0xffff; - w2 = (w2 - key->data[w1 & 63]) & 0xffff; - w1 = (w1 - key->data[w0 & 63]) & 0xffff; - w0 = (w0 - key->data[w3 & 63]) & 0xffff; - } - - t3 = ROT16R(w3, 5); - w3 = (t3 - (w0 & ~w2) - (w1 & w2) - key->data[j + 3]) & 0xffff; - t2 = ROT16R(w2, 3); - w2 = (t2 - (w3 & ~w1) - (w0 & w1) - key->data[j + 2]) & 0xffff; - t1 = ROT16R(w1, 2); - w1 = (t1 - (w2 & ~w0) - (w3 & w0) - key->data[j + 1]) & 0xffff; - t0 = ROT16R(w0, 1); - w0 = (t0 - (w1 & ~w3) - (w2 & w3) - key->data[j + 0]) & 0xffff; - - } - out[0] = w0 & 0xff; - out[1] = (w0 >> 8) & 0xff; - out[2] = w1 & 0xff; - out[3] = (w1 >> 8) & 0xff; - out[4] = w2 & 0xff; - out[5] = (w2 >> 8) & 0xff; - out[6] = w3 & 0xff; - out[7] = (w3 >> 8) & 0xff; -} - -void -RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long size, - RC2_KEY *key, unsigned char *iv, int forward_encrypt) -{ - unsigned char tmp[RC2_BLOCK_SIZE]; - int i; - - if (forward_encrypt) { - while (size >= RC2_BLOCK_SIZE) { - for (i = 0; i < RC2_BLOCK_SIZE; i++) - tmp[i] = in[i] ^ iv[i]; - RC2_encryptc(tmp, out, key); - memcpy(iv, out, RC2_BLOCK_SIZE); - size -= RC2_BLOCK_SIZE; - in += RC2_BLOCK_SIZE; - out += RC2_BLOCK_SIZE; - } - if (size) { - for (i = 0; i < size; i++) - tmp[i] = in[i] ^ iv[i]; - for (i = size; i < RC2_BLOCK_SIZE; i++) - tmp[i] = iv[i]; - RC2_encryptc(tmp, out, key); - memcpy(iv, out, RC2_BLOCK_SIZE); - } - } else { - while (size >= RC2_BLOCK_SIZE) { - memcpy(tmp, in, RC2_BLOCK_SIZE); - RC2_decryptc(tmp, out, key); - for (i = 0; i < RC2_BLOCK_SIZE; i++) - out[i] ^= iv[i]; - memcpy(iv, tmp, RC2_BLOCK_SIZE); - size -= RC2_BLOCK_SIZE; - in += RC2_BLOCK_SIZE; - out += RC2_BLOCK_SIZE; - } - if (size) { - memcpy(tmp, in, RC2_BLOCK_SIZE); - RC2_decryptc(tmp, out, key); - for (i = 0; i < size; i++) - out[i] ^= iv[i]; - memcpy(iv, tmp, RC2_BLOCK_SIZE); - } - } -} diff --git a/source4/heimdal/lib/des/rc2.h b/source4/heimdal/lib/des/rc2.h deleted file mode 100755 index b2cd50b880..0000000000 --- a/source4/heimdal/lib/des/rc2.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: rc2.h,v 1.2 2006/01/08 21:47:29 lha Exp $ */ - -/* symbol renaming */ -#define RC2_set_key hc_RC2_set_key -#define RC2_encryptc hc_RC2_encryptc -#define RC2_decryptc hc_RC2_decryptc -#define RC2_cbc_encrypt hc_RC2_cbc_encrypt - -/* - * - */ - -#define RC2_ENCRYPT 1 -#define RC2_DECRYPT 0 - -#define RC2_BLOCK_SIZE 8 -#define RC2_BLOCK RC2_BLOCK_SIZE -#define RC2_KEY_LENGTH 16 - -typedef struct rc2_key { - unsigned int data[64]; -} RC2_KEY; - -#ifdef __cplusplus -extern "C" { -#endif - -void RC2_set_key(RC2_KEY *, int, const unsigned char *,int); - -void RC2_encryptc(unsigned char *, unsigned char *, const RC2_KEY *); -void RC2_decryptc(unsigned char *, unsigned char *, const RC2_KEY *); - -void RC2_cbc_encrypt(const unsigned char *, unsigned char *, long, - RC2_KEY *, unsigned char *, int); - -#ifdef __cplusplus -} -#endif diff --git a/source4/heimdal/lib/des/rc4.c b/source4/heimdal/lib/des/rc4.c deleted file mode 100755 index 17d4b021ff..0000000000 --- a/source4/heimdal/lib/des/rc4.c +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* implemented from description in draft-kaukonen-cipher-arcfour-03.txt */ - -#ifdef HAVE_CONFIG_H -#include "config.h" - -RCSID("$Id: rc4.c,v 1.1 2004/03/25 16:40:59 lha Exp $"); -#endif - -#include - -#define SWAP(k,x,y) \ -{ unsigned int _t; \ - _t = k->state[x]; \ - k->state[x] = k->state[y]; \ - k->state[y] = _t; \ -} - -void -RC4_set_key(RC4_KEY *key, const int len, unsigned char *data) -{ - int i, j; - - for (i = 0; i < 256; i++) - key->state[i] = i; - for (i = 0, j = 0; i < 256; i++) { - j = (j + key->state[i] + data[i % len]) % 256; - SWAP(key, i, j); - } - key->x = key->y = 0; -} - -void -RC4(RC4_KEY *key, const int len, const unsigned char *in, unsigned char *out) -{ - int i, t; - unsigned x, y; - - x = key->x; - y = key->y; - for (i = 0; i < len; i++) { - x = (x + 1) % 256; - y = (y + key->state[x]) % 256; - SWAP(key, x, y); - t = (key->state[x] + key->state[y]) % 256; - *out++ = key->state[t] ^ *in++; - } - key->x = x; - key->y = y; -} diff --git a/source4/heimdal/lib/des/rc4.h b/source4/heimdal/lib/des/rc4.h deleted file mode 100644 index 3c359dc72a..0000000000 --- a/source4/heimdal/lib/des/rc4.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: rc4.h,v 1.4 2006/01/08 21:47:29 lha Exp $ */ - -/* symbol renaming */ -#define RC4_set_key hc_RC4_set_key -#define RC4 hc_RC4 - -typedef struct rc4_key { - unsigned int x, y; - unsigned int state[256]; -} RC4_KEY; - -void RC4_set_key(RC4_KEY *, const int, unsigned char *); -void RC4(RC4_KEY *, const int, const unsigned char *, unsigned char *); diff --git a/source4/heimdal/lib/des/resource.h b/source4/heimdal/lib/des/resource.h deleted file mode 100644 index 02c6a7c6d9..0000000000 --- a/source4/heimdal/lib/des/resource.h +++ /dev/null @@ -1,18 +0,0 @@ -//{{NO_DEPENDENCIES}} -// Microsoft Developer Studio generated include file. -// Used by passwd_dialog.rc -// -#define IDD_PASSWD_DIALOG 101 -#define IDC_EDIT1 1000 -#define IDC_PASSWD_EDIT 1001 - -// Next default values for new objects -// -#ifdef APSTUDIO_INVOKED -#ifndef APSTUDIO_READONLY_SYMBOLS -#define _APS_NEXT_RESOURCE_VALUE 102 -#define _APS_NEXT_COMMAND_VALUE 40001 -#define _APS_NEXT_CONTROL_VALUE 1002 -#define _APS_NEXT_SYMED_VALUE 101 -#endif -#endif diff --git a/source4/heimdal/lib/des/rijndael-alg-fst.c b/source4/heimdal/lib/des/rijndael-alg-fst.c deleted file mode 100755 index d6e4f45c18..0000000000 --- a/source4/heimdal/lib/des/rijndael-alg-fst.c +++ /dev/null @@ -1,1231 +0,0 @@ -/* $NetBSD: rijndael-alg-fst.c,v 1.5 2001/11/13 01:40:10 lukem Exp $ */ -/* $KAME: rijndael-alg-fst.c,v 1.10 2003/07/15 10:47:16 itojun Exp $ */ -/** - * rijndael-alg-fst.c - * - * @version 3.0 (December 2000) - * - * Optimised ANSI C code for the Rijndael cipher (now AES) - * - * @author Vincent Rijmen - * @author Antoon Bosselaers - * @author Paulo Barreto - * - * This code is hereby placed in the public domain. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* "$NetBSD: rijndael-alg-fst.c,v 1.5 2001/11/13 01:40:10 lukem Exp $" */ - -#ifdef HAVE_CONFIG_H -#include "config.h" - -RCSID("$Id: rijndael-alg-fst.c,v 1.3 2006/05/05 10:23:41 lha Exp $"); -#endif - -#ifdef KRB5 -#include -#endif - -#include - -/* the file should not be used from outside */ -typedef uint8_t u8; -typedef uint16_t u16; -typedef uint32_t u32; - -/* -Te0[x] = S [x].[02, 01, 01, 03]; -Te1[x] = S [x].[03, 02, 01, 01]; -Te2[x] = S [x].[01, 03, 02, 01]; -Te3[x] = S [x].[01, 01, 03, 02]; -Te4[x] = S [x].[01, 01, 01, 01]; - -Td0[x] = Si[x].[0e, 09, 0d, 0b]; -Td1[x] = Si[x].[0b, 0e, 09, 0d]; -Td2[x] = Si[x].[0d, 0b, 0e, 09]; -Td3[x] = Si[x].[09, 0d, 0b, 0e]; -Td4[x] = Si[x].[01, 01, 01, 01]; -*/ - -static const u32 Te0[256] = { - 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, - 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, - 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, - 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, - 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, - 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, - 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, - 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, - 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, - 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, - 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, - 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, - 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, - 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, - 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, - 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, - 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, - 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, - 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, - 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, - 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, - 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, - 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, - 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, - 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, - 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, - 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, - 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, - 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, - 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, - 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, - 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, - 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, - 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, - 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, - 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, - 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, - 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, - 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, - 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, - 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, - 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, - 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, - 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, - 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, - 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, - 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, - 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, - 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, - 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, - 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, - 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, - 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, - 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, - 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, - 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, - 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, - 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, - 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, - 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, - 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, - 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, - 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, - 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, -}; -static const u32 Te1[256] = { - 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, - 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, - 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, - 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, - 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, - 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, - 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, - 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, - 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, - 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, - 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, - 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, - 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, - 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, - 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, - 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, - 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, - 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, - 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, - 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, - 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, - 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, - 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, - 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, - 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, - 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, - 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, - 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, - 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, - 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, - 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, - 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, - 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, - 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, - 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, - 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, - 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, - 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, - 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, - 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, - 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, - 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, - 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, - 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, - 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, - 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, - 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, - 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, - 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, - 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, - 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, - 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, - 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, - 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, - 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, - 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, - 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, - 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, - 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, - 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, - 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, - 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, - 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, - 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, -}; -static const u32 Te2[256] = { - 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, - 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, - 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, - 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, - 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, - 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, - 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, - 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, - 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, - 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, - 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, - 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, - 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, - 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, - 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, - 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, - 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, - 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, - 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, - 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, - 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, - 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, - 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, - 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, - 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, - 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, - 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, - 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, - 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, - 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, - 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, - 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, - 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, - 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, - 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, - 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, - 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, - 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, - 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, - 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, - 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, - 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, - 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, - 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, - 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, - 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, - 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, - 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, - 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, - 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, - 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, - 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, - 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, - 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, - 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, - 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, - 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, - 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, - 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, - 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, - 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, - 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, - 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, - 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, -}; -static const u32 Te3[256] = { - - 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, - 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, - 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, - 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, - 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, - 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, - 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, - 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, - 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, - 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, - 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, - 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, - 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, - 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, - 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, - 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, - 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, - 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, - 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, - 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, - 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, - 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, - 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, - 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, - 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, - 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, - 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, - 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, - 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, - 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, - 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, - 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, - 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, - 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, - 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, - 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, - 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, - 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, - 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, - 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, - 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, - 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, - 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, - 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, - 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, - 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, - 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, - 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, - 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, - 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, - 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, - 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, - 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, - 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, - 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, - 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, - 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, - 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, - 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, - 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, - 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, - 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, - 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, - 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, -}; -static const u32 Te4[256] = { - 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, - 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, - 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, - 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, - 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, - 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, - 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, - 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, - 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, - 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, - 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, - 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, - 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, - 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, - 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, - 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, - 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, - 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, - 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, - 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, - 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, - 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, - 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, - 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, - 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, - 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, - 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, - 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, - 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, - 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, - 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, - 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, - 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, - 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, - 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, - 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, - 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, - 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, - 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, - 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, - 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, - 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, - 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, - 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, - 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, - 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, - 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, - 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, - 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, - 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, - 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, - 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, - 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, - 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, - 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, - 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, - 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, - 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, - 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, - 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, - 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, - 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, - 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, - 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, -}; -static const u32 Td0[256] = { - 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, - 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, - 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, - 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, - 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, - 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, - 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, - 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, - 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, - 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, - 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, - 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, - 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, - 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, - 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, - 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, - 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, - 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, - 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, - 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, - 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, - 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, - 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, - 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, - 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, - 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, - 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, - 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, - 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, - 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, - 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, - 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, - 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, - 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, - 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, - 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, - 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, - 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, - 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, - 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, - 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, - 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, - 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, - 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, - 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, - 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, - 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, - 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, - 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, - 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, - 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, - 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, - 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, - 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, - 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, - 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, - 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, - 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, - 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, - 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, - 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, - 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, - 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, - 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, -}; -static const u32 Td1[256] = { - 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, - 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, - 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, - 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, - 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, - 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, - 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, - 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, - 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, - 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, - 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, - 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, - 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, - 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, - 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, - 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, - 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, - 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, - 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, - 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, - 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, - 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, - 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, - 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, - 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, - 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, - 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, - 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, - 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, - 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, - 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, - 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, - 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, - 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, - 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, - 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, - 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, - 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, - 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, - 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, - 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, - 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, - 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, - 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, - 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, - 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, - 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, - 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, - 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, - 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, - 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, - 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, - 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, - 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, - 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, - 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, - 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, - 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, - 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, - 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, - 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, - 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, - 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, - 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, -}; -static const u32 Td2[256] = { - 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, - 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, - 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, - 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, - 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, - 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, - 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, - 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, - 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, - 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, - 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, - 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, - 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, - 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, - 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, - 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, - 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, - 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, - 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, - 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, - - 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, - 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, - 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, - 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, - 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, - 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, - 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, - 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, - 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, - 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, - 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, - 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, - 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, - 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, - 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, - 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, - 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, - 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, - 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, - 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, - 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, - 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, - 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, - 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, - 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, - 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, - 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, - 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, - 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, - 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, - 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, - 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, - 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, - 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, - 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, - 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, - 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, - 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, - 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, - 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, - 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, - 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, - 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, - 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, -}; -static const u32 Td3[256] = { - 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, - 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, - 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, - 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, - 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, - 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, - 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, - 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, - 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, - 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, - 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, - 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, - 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, - 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, - 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, - 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, - 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, - 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, - 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, - 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, - 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, - 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, - 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, - 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, - 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, - 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, - 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, - 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, - 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, - 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, - 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, - 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, - 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, - 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, - 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, - 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, - 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, - 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, - 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, - 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, - 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, - 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, - 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, - 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, - 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, - 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, - 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, - 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, - 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, - 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, - 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, - 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, - 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, - 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, - 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, - 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, - 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, - 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, - 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, - 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, - 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, - 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, - 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, - 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, -}; -static const u32 Td4[256] = { - 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, - 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, - 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, - 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, - 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, - 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, - 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, - 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, - 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, - 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, - 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, - 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, - 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, - 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, - 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, - 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, - 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, - 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, - 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, - 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, - 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, - 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, - 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, - 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, - 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, - 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, - 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, - 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, - 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, - 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, - 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, - 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, - 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, - 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, - 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, - 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, - 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, - 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, - 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, - 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, - 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, - 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, - 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, - 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, - 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, - 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, - 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, - 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, - 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, - 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, - 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, - 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, - 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, - 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, - 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, - 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, - 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, - 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, - 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, - 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, - 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, - 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, - 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, - 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU, -}; -static const u32 rcon[] = { - 0x01000000, 0x02000000, 0x04000000, 0x08000000, - 0x10000000, 0x20000000, 0x40000000, 0x80000000, - 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ -}; - -#define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) - -#ifdef _MSC_VER -#define GETU32(p) SWAP(*((u32 *)(p))) -#define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } -#else -#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) -#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } -#endif - -/** - * Expand the cipher key into the encryption key schedule. - * - * @return the number of rounds for the given cipher key size. - */ -int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) { - int i = 0; - u32 temp; - - rk[0] = GETU32(cipherKey ); - rk[1] = GETU32(cipherKey + 4); - rk[2] = GETU32(cipherKey + 8); - rk[3] = GETU32(cipherKey + 12); - if (keyBits == 128) { - for (;;) { - temp = rk[3]; - rk[4] = rk[0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[5] = rk[1] ^ rk[4]; - rk[6] = rk[2] ^ rk[5]; - rk[7] = rk[3] ^ rk[6]; - if (++i == 10) { - return 10; - } - rk += 4; - } - } - rk[4] = GETU32(cipherKey + 16); - rk[5] = GETU32(cipherKey + 20); - if (keyBits == 192) { - for (;;) { - temp = rk[ 5]; - rk[ 6] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; - rk[ 9] = rk[ 3] ^ rk[ 8]; - if (++i == 8) { - return 12; - } - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; - rk += 6; - } - } - rk[6] = GETU32(cipherKey + 24); - rk[7] = GETU32(cipherKey + 28); - if (keyBits == 256) { - for (;;) { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; - if (++i == 7) { - return 14; - } - temp = rk[11]; - rk[12] = rk[ 4] ^ - (Te4[(temp >> 24) ] & 0xff000000) ^ - (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(temp ) & 0xff] & 0x000000ff); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; - - rk += 8; - } - } - return 0; -} - -/** - * Expand the cipher key into the decryption key schedule. - * - * @return the number of rounds for the given cipher key size. - */ -int rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) { - int Nr, i, j; - u32 temp; - - /* expand the cipher key: */ - Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits); - /* invert the order of the round keys: */ - for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) { - temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; - temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; - temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; - temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; - } - /* apply the inverse MixColumn transform to all round keys but the first and the last: */ - for (i = 1; i < Nr; i++) { - rk += 4; - rk[0] = - Td0[Te4[(rk[0] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[0] ) & 0xff] & 0xff]; - rk[1] = - Td0[Te4[(rk[1] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[1] ) & 0xff] & 0xff]; - rk[2] = - Td0[Te4[(rk[2] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[2] ) & 0xff] & 0xff]; - rk[3] = - Td0[Te4[(rk[3] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[3] ) & 0xff] & 0xff]; - } - return Nr; -} - -void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]) { - u32 s0, s1, s2, s3, t0, t1, t2, t3; -#ifndef FULL_UNROLL - int r; -#endif /* ?FULL_UNROLL */ - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(pt ) ^ rk[0]; - s1 = GETU32(pt + 4) ^ rk[1]; - s2 = GETU32(pt + 8) ^ rk[2]; - s3 = GETU32(pt + 12) ^ rk[3]; -#ifdef FULL_UNROLL - /* round 1: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; - /* round 2: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; - /* round 3: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; - /* round 4: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; - /* round 5: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; - /* round 6: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; - /* round 7: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; - /* round 8: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; - /* round 9: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; - if (Nr > 10) { - /* round 10: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43]; - /* round 11: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47]; - if (Nr > 12) { - /* round 12: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51]; - /* round 13: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55]; - } - } - rk += Nr << 2; -#else /* !FULL_UNROLL */ - /* - * Nr - 1 full rounds: - */ - r = Nr >> 1; - for (;;) { - t0 = - Te0[(s0 >> 24) ] ^ - Te1[(s1 >> 16) & 0xff] ^ - Te2[(s2 >> 8) & 0xff] ^ - Te3[(s3 ) & 0xff] ^ - rk[4]; - t1 = - Te0[(s1 >> 24) ] ^ - Te1[(s2 >> 16) & 0xff] ^ - Te2[(s3 >> 8) & 0xff] ^ - Te3[(s0 ) & 0xff] ^ - rk[5]; - t2 = - Te0[(s2 >> 24) ] ^ - Te1[(s3 >> 16) & 0xff] ^ - Te2[(s0 >> 8) & 0xff] ^ - Te3[(s1 ) & 0xff] ^ - rk[6]; - t3 = - Te0[(s3 >> 24) ] ^ - Te1[(s0 >> 16) & 0xff] ^ - Te2[(s1 >> 8) & 0xff] ^ - Te3[(s2 ) & 0xff] ^ - rk[7]; - - rk += 8; - if (--r == 0) { - break; - } - - s0 = - Te0[(t0 >> 24) ] ^ - Te1[(t1 >> 16) & 0xff] ^ - Te2[(t2 >> 8) & 0xff] ^ - Te3[(t3 ) & 0xff] ^ - rk[0]; - s1 = - Te0[(t1 >> 24) ] ^ - Te1[(t2 >> 16) & 0xff] ^ - Te2[(t3 >> 8) & 0xff] ^ - Te3[(t0 ) & 0xff] ^ - rk[1]; - s2 = - Te0[(t2 >> 24) ] ^ - Te1[(t3 >> 16) & 0xff] ^ - Te2[(t0 >> 8) & 0xff] ^ - Te3[(t1 ) & 0xff] ^ - rk[2]; - s3 = - Te0[(t3 >> 24) ] ^ - Te1[(t0 >> 16) & 0xff] ^ - Te2[(t1 >> 8) & 0xff] ^ - Te3[(t2 ) & 0xff] ^ - rk[3]; - } -#endif /* ?FULL_UNROLL */ - /* - * apply last round and - * map cipher state to byte array block: - */ - s0 = - (Te4[(t0 >> 24) ] & 0xff000000) ^ - (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t3 ) & 0xff] & 0x000000ff) ^ - rk[0]; - PUTU32(ct , s0); - s1 = - (Te4[(t1 >> 24) ] & 0xff000000) ^ - (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t0 ) & 0xff] & 0x000000ff) ^ - rk[1]; - PUTU32(ct + 4, s1); - s2 = - (Te4[(t2 >> 24) ] & 0xff000000) ^ - (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t1 ) & 0xff] & 0x000000ff) ^ - rk[2]; - PUTU32(ct + 8, s2); - s3 = - (Te4[(t3 >> 24) ] & 0xff000000) ^ - (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t2 ) & 0xff] & 0x000000ff) ^ - rk[3]; - PUTU32(ct + 12, s3); -} - -void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]) { - u32 s0, s1, s2, s3, t0, t1, t2, t3; -#ifndef FULL_UNROLL - int r; -#endif /* ?FULL_UNROLL */ - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(ct ) ^ rk[0]; - s1 = GETU32(ct + 4) ^ rk[1]; - s2 = GETU32(ct + 8) ^ rk[2]; - s3 = GETU32(ct + 12) ^ rk[3]; -#ifdef FULL_UNROLL - /* round 1: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7]; - /* round 2: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11]; - /* round 3: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15]; - /* round 4: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19]; - /* round 5: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23]; - /* round 6: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27]; - /* round 7: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31]; - /* round 8: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35]; - /* round 9: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39]; - if (Nr > 10) { - /* round 10: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43]; - /* round 11: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47]; - if (Nr > 12) { - /* round 12: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51]; - /* round 13: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; - } - } - rk += Nr << 2; -#else /* !FULL_UNROLL */ - /* - * Nr - 1 full rounds: - */ - r = Nr >> 1; - for (;;) { - t0 = - Td0[(s0 >> 24) ] ^ - Td1[(s3 >> 16) & 0xff] ^ - Td2[(s2 >> 8) & 0xff] ^ - Td3[(s1 ) & 0xff] ^ - rk[4]; - t1 = - Td0[(s1 >> 24) ] ^ - Td1[(s0 >> 16) & 0xff] ^ - Td2[(s3 >> 8) & 0xff] ^ - Td3[(s2 ) & 0xff] ^ - rk[5]; - t2 = - Td0[(s2 >> 24) ] ^ - Td1[(s1 >> 16) & 0xff] ^ - Td2[(s0 >> 8) & 0xff] ^ - Td3[(s3 ) & 0xff] ^ - rk[6]; - t3 = - Td0[(s3 >> 24) ] ^ - Td1[(s2 >> 16) & 0xff] ^ - Td2[(s1 >> 8) & 0xff] ^ - Td3[(s0 ) & 0xff] ^ - rk[7]; - - rk += 8; - if (--r == 0) { - break; - } - - s0 = - Td0[(t0 >> 24) ] ^ - Td1[(t3 >> 16) & 0xff] ^ - Td2[(t2 >> 8) & 0xff] ^ - Td3[(t1 ) & 0xff] ^ - rk[0]; - s1 = - Td0[(t1 >> 24) ] ^ - Td1[(t0 >> 16) & 0xff] ^ - Td2[(t3 >> 8) & 0xff] ^ - Td3[(t2 ) & 0xff] ^ - rk[1]; - s2 = - Td0[(t2 >> 24) ] ^ - Td1[(t1 >> 16) & 0xff] ^ - Td2[(t0 >> 8) & 0xff] ^ - Td3[(t3 ) & 0xff] ^ - rk[2]; - s3 = - Td0[(t3 >> 24) ] ^ - Td1[(t2 >> 16) & 0xff] ^ - Td2[(t1 >> 8) & 0xff] ^ - Td3[(t0 ) & 0xff] ^ - rk[3]; - } -#endif /* ?FULL_UNROLL */ - /* - * apply last round and - * map cipher state to byte array block: - */ - s0 = - (Td4[(t0 >> 24) ] & 0xff000000) ^ - (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t1 ) & 0xff] & 0x000000ff) ^ - rk[0]; - PUTU32(pt , s0); - s1 = - (Td4[(t1 >> 24) ] & 0xff000000) ^ - (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t2 ) & 0xff] & 0x000000ff) ^ - rk[1]; - PUTU32(pt + 4, s1); - s2 = - (Td4[(t2 >> 24) ] & 0xff000000) ^ - (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t3 ) & 0xff] & 0x000000ff) ^ - rk[2]; - PUTU32(pt + 8, s2); - s3 = - (Td4[(t3 >> 24) ] & 0xff000000) ^ - (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t0 ) & 0xff] & 0x000000ff) ^ - rk[3]; - PUTU32(pt + 12, s3); -} diff --git a/source4/heimdal/lib/des/rijndael-alg-fst.h b/source4/heimdal/lib/des/rijndael-alg-fst.h deleted file mode 100755 index 7e2e1935fd..0000000000 --- a/source4/heimdal/lib/des/rijndael-alg-fst.h +++ /dev/null @@ -1,46 +0,0 @@ -/* $NetBSD: rijndael-alg-fst.h,v 1.2 2000/10/02 17:19:15 itojun Exp $ */ -/* $KAME: rijndael-alg-fst.h,v 1.5 2003/07/15 10:47:16 itojun Exp $ */ -/** - * rijndael-alg-fst.h - * - * @version 3.0 (December 2000) - * - * Optimised ANSI C code for the Rijndael cipher (now AES) - * - * @author Vincent Rijmen - * @author Antoon Bosselaers - * @author Paulo Barreto - * - * This code is hereby placed in the public domain. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef __RIJNDAEL_ALG_FST_H -#define __RIJNDAEL_ALG_FST_H - -/* symbol renaming */ -#define rijndaelKeySetupEnc _hc_rijndaelKeySetupEnc -#define rijndaelKeySetupDec _hc_rijndaelKeySetupDec -#define rijndaelEncrypt _hc_rijndaelEncrypt -#define rijndaelDecrypt _hc_rijndaelDecrypt - -#define RIJNDAEL_MAXKC (256/32) -#define RIJNDAEL_MAXKB (256/8) -#define RIJNDAEL_MAXNR 14 - -int rijndaelKeySetupEnc(uint32_t rk[/*4*(Nr + 1)*/], const uint8_t cipherKey[], int keyBits); -int rijndaelKeySetupDec(uint32_t rk[/*4*(Nr + 1)*/], const uint8_t cipherKey[], int keyBits); -void rijndaelEncrypt(const uint32_t rk[/*4*(Nr + 1)*/], int Nr, const uint8_t pt[16], uint8_t ct[16]); -void rijndaelDecrypt(const uint32_t rk[/*4*(Nr + 1)*/], int Nr, const uint8_t ct[16], uint8_t pt[16]); - -#endif /* __RIJNDAEL_ALG_FST_H */ diff --git a/source4/heimdal/lib/des/rnd_keys.c b/source4/heimdal/lib/des/rnd_keys.c deleted file mode 100644 index e58faefcb0..0000000000 --- a/source4/heimdal/lib/des/rnd_keys.c +++ /dev/null @@ -1,509 +0,0 @@ -/* - * Copyright (c) 1995, 1996, 1997, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include "config.h" - -RCSID("$Id: rnd_keys.c,v 1.71 2006/05/05 10:24:31 lha Exp $"); -#endif - -#ifdef KRB5 -#include -#endif -#include - -#include -#include - -#ifdef TIME_WITH_SYS_TIME -#include -#include -#elif defined(HAVE_SYS_TIME_H) -#include -#else -#include -#endif - -#ifdef HAVE_SYS_TYPES_H -#include -#endif - -#ifdef HAVE_UNISTD_H -#include -#endif -#ifdef HAVE_IO_H -#include -#endif - -#ifdef HAVE_SIGNAL_H -#include -#endif -#ifdef HAVE_FCNTL_H -#include -#endif - -/* - * Generate "random" data by checksumming a file. - * - * Returns -1 if there were any problems with permissions or I/O - * errors. - */ -static -int -sumFile (const char *name, int len, void *res) -{ - uint32_t sum[2] = { 0, 0 }; - uint32_t buf[1024*2]; - int fd, i; - - fd = open (name, 0); - if (fd < 0) - return -1; - - while (len > 0) - { - int n = read(fd, buf, sizeof(buf)); - if (n < 0) - { - close(fd); - return n; - } - for (i = 0; i < (n/sizeof(buf[0])); i++) - { - sum[0] += buf[i]; - i++; - sum[1] += buf[i]; - } - len -= n; - } - close (fd); - memcpy (res, &sum, sizeof(sum)); - return 0; -} - -#if 0 -static -int -md5sumFile (const char *name, int len, int32_t sum[4]) -{ - int32_t buf[1024*2]; - int fd, cnt; - struct md5 md5; - - fd = open (name, 0); - if (fd < 0) - return -1; - - md5_init(&md5); - while (len > 0) - { - int n = read(fd, buf, sizeof(buf)); - if (n < 0) - { - close(fd); - return n; - } - md5_update(&md5, buf, n); - len -= n; - } - md5_finito(&md5, (unsigned char *)sum); - close (fd); - return 0; -} -#endif - -/* - * Create a sequence of random 64 bit blocks. - * The sequence is indexed with a long long and - * based on an initial des key used as a seed. - */ -static DES_key_schedule sequence_seed; -static uint32_t sequence_index[2]; - -/* - * Random number generator based on ideas from truerand in cryptolib - * as described on page 424 in Applied Cryptography 2 ed. by Bruce - * Schneier. - */ - -static volatile int counter; -static volatile unsigned char *gdata; /* Global data */ -static volatile int igdata; /* Index into global data */ -static int gsize; - -#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__) -/* Visual C++ 4.0 (Windows95/NT) */ - -static -RETSIGTYPE -sigALRM(int sig) -{ - if (igdata < gsize) - gdata[igdata++] ^= counter & 0xff; - -#ifndef HAVE_SIGACTION - signal(SIGALRM, sigALRM); /* Reinstall SysV signal handler */ -#endif - SIGRETURN(0); -} - -#endif - -#if !defined(HAVE_RANDOM) && defined(HAVE_RAND) -#ifndef srandom -#define srandom srand -#endif -#ifndef random -#define random rand -#endif -#endif - -#if !defined(HAVE_SETITIMER) || defined(WIN32) || defined(__EMX__) || defined(__OS2__) || defined(__CYGWIN32__) -static void -des_not_rand_data(unsigned char *data, int size) -{ - int i; - - srandom (time (NULL)); - - for(i = 0; i < size; ++i) - data[i] ^= random() % 0x100; -} -#endif - -#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__) - -#ifndef HAVE_SETITIMER -static void -pacemaker(struct timeval *tv) -{ - fd_set fds; - pid_t pid; - pid = getppid(); - while(1){ - FD_ZERO(&fds); - FD_SET(0, &fds); - select(1, &fds, NULL, NULL, tv); - kill(pid, SIGALRM); - } -} -#endif - -#ifdef HAVE_SIGACTION -/* XXX ugly hack, should perhaps use function from roken */ -static RETSIGTYPE -(*fake_signal(int sig, RETSIGTYPE (*f)(int)))(int) -{ - struct sigaction sa, osa; - sa.sa_handler = f; - sa.sa_flags = 0; - sigemptyset(&sa.sa_mask); - sigaction(sig, &sa, &osa); - return osa.sa_handler; -} -#define signal(S, F) fake_signal((S), (F)) -#endif - -/* - * Generate size bytes of "random" data using timed interrupts. - * It takes about 40ms/byte random data. - * It's not neccessary to be root to run it. - */ -void -DES_rand_data(void *outdata, int size) -{ - unsigned char *data = outdata; - struct itimerval tv, otv; - RETSIGTYPE (*osa)(int); - int i, j; -#ifndef HAVE_SETITIMER - RETSIGTYPE (*ochld)(int); - pid_t pid; -#endif - const char *rnd_devices[] = {"/dev/random", - "/dev/srandom", - "/dev/urandom", - "/dev/arandom", - NULL}; - const char **p; - - for(p = rnd_devices; *p; p++) { - int fd = open(*p, O_RDONLY | O_NDELAY); - - if(fd >= 0 && read(fd, data, size) == size) { - close(fd); - return; - } - close(fd); - } - - /* Paranoia? Initialize data from /dev/mem if we can read it. */ - if (size >= 8) - sumFile("/dev/mem", (1024*1024*2), data); - - gdata = data; - gsize = size; - igdata = 0; - - osa = signal(SIGALRM, sigALRM); - - /* Start timer */ - tv.it_value.tv_sec = 0; - tv.it_value.tv_usec = 10 * 1000; /* 10 ms */ - tv.it_interval = tv.it_value; -#ifdef HAVE_SETITIMER - setitimer(ITIMER_REAL, &tv, &otv); -#else - ochld = signal(SIGCHLD, SIG_IGN); - pid = fork(); - if(pid == -1){ - signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL); - des_not_rand_data(data, size); - return; - } - if(pid == 0) - pacemaker(&tv.it_interval); -#endif - - for(i = 0; i < 4; i++) { - for (igdata = 0; igdata < size;) /* igdata++ in sigALRM */ - counter++; - for (j = 0; j < size; j++) /* Only use 2 bits each lap */ - gdata[j] = (gdata[j]>>2) | (gdata[j]<<6); - } -#ifdef HAVE_SETITIMER - setitimer(ITIMER_REAL, &otv, 0); -#else - kill(pid, SIGKILL); - while(waitpid(pid, NULL, 0) != pid); - signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL); -#endif - signal(SIGALRM, osa != SIG_ERR ? osa : SIG_DFL); -} -#else -void -DES_rand_data(unsigned char *p, int s) -{ - des_not_rand_data (p, s); -} -#endif - -void -DES_generate_random_block(DES_cblock *block) -{ - DES_rand_data((unsigned char *)block, sizeof(*block)); -} - -#define DES_rand_data_key hc_DES_rand_data_key - -void -DES_rand_data_key(DES_cblock *key); - -/* - * Generate a "random" DES key. - */ -void -DES_rand_data_key(DES_cblock *key) -{ - unsigned char data[8]; - DES_key_schedule sched; - do { - DES_rand_data(data, sizeof(data)); - DES_rand_data((unsigned char*)key, sizeof(DES_cblock)); - DES_set_odd_parity(key); - DES_set_key(key, &sched); - DES_ecb_encrypt(&data, key, &sched, DES_ENCRYPT); - memset(&data, 0, sizeof(data)); - memset(&sched, 0, sizeof(sched)); - DES_set_odd_parity(key); - } while(DES_is_weak_key(key)); -} - -/* - * Generate "random" data by checksumming /dev/mem - * - * It's neccessary to be root to run it. Returns -1 if there were any - * problems with permissions. - */ - -#define DES_mem_rand8 hc_DES_mem_rand8 - -int -DES_mem_rand8(unsigned char *data); - -int -DES_mem_rand8(unsigned char *data) -{ - return 1; -} - -/* - * In case the generator does not get initialized use this as fallback. - */ -static int initialized; - -static void -do_initialize(void) -{ - DES_cblock default_seed; - do { - DES_generate_random_block(&default_seed); - DES_set_odd_parity(&default_seed); - } while (DES_is_weak_key(&default_seed)); - DES_init_random_number_generator(&default_seed); -} - -#define zero_long_long(ll) do { ll[0] = ll[1] = 0; } while (0) - -#define incr_long_long(ll) do { if (++ll[0] == 0) ++ll[1]; } while (0) - -#define set_sequence_number(ll) \ -memcpy((char *)sequence_index, (ll), sizeof(sequence_index)); - -/* - * Set the sequnce number to this value (a long long). - */ -void -DES_set_sequence_number(void *ll) -{ - set_sequence_number(ll); -} - -/* - * Set the generator seed and reset the sequence number to 0. - */ -void -DES_set_random_generator_seed(DES_cblock *seed) -{ - DES_set_key(seed, &sequence_seed); - zero_long_long(sequence_index); - initialized = 1; -} - -/* - * Generate a sequence of random des keys - * using the random block sequence, fixup - * parity and skip weak keys. - */ -int -DES_new_random_key(DES_cblock *key) -{ - if (!initialized) - do_initialize(); - - do { - DES_ecb_encrypt((DES_cblock *) sequence_index, - key, - &sequence_seed, - DES_ENCRYPT); - incr_long_long(sequence_index); - /* random key must have odd parity and not be weak */ - DES_set_odd_parity(key); - } while (DES_is_weak_key(key)); - return(0); -} - -/* - * des_init_random_number_generator: - * - * Initialize the sequence of random 64 bit blocks. The input seed - * can be a secret key since it should be well hidden and is also not - * kept. - * - */ -void -DES_init_random_number_generator(DES_cblock *seed) -{ - struct timeval now; - DES_cblock uniq; - DES_cblock new_key; - - gettimeofday(&now, (struct timezone *)0); - DES_generate_random_block(&uniq); - - /* Pick a unique random key from the shared sequence. */ - DES_set_random_generator_seed(seed); - set_sequence_number((unsigned char *)&uniq); - DES_new_random_key(&new_key); - - /* Select a new nonshared sequence, */ - DES_set_random_generator_seed(&new_key); - - /* and use the current time to pick a key for the new sequence. */ - set_sequence_number((unsigned char *)&now); - DES_new_random_key(&new_key); - DES_set_random_generator_seed(&new_key); -} - -/* This is for backwards compatibility. */ -void -DES_random_key(DES_cblock *ret) -{ - DES_new_random_key(ret); -} - -#ifdef TESTRUN -int -main() -{ - unsigned char data[8]; - int i; - - while (1) - { - if (sumFile("/dev/mem", (1024*1024*8), data) != 0) - { perror("sumFile"); exit(1); } - for (i = 0; i < 8; i++) - printf("%02x", data[i]); - printf("\n"); - } -} -#endif - -#ifdef TESTRUN2 -int -main() -{ - DES_cblock data; - int i; - - while (1) - { - do_initialize(); - DES_random_key(data); - for (i = 0; i < 8; i++) - printf("%02x", data[i]); - printf("\n"); - } -} -#endif diff --git a/source4/heimdal/lib/des/rsa-imath.c b/source4/heimdal/lib/des/rsa-imath.c deleted file mode 100644 index 298affadfe..0000000000 --- a/source4/heimdal/lib/des/rsa-imath.c +++ /dev/null @@ -1,661 +0,0 @@ -/* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -RCSID("$Id: rsa-imath.c,v 1.23 2007/01/06 13:45:25 lha Exp $"); - -#include -#include -#include -#include - -#include - -#include - -#include "imath/imath.h" -#include "imath/iprime.h" - -static void -BN2mpz(mpz_t *s, const BIGNUM *bn) -{ - size_t len; - void *p; - - mp_int_init(s); - - len = BN_num_bytes(bn); - p = malloc(len); - BN_bn2bin(bn, p); - mp_int_read_unsigned(s, p, len); - free(p); -} - -static BIGNUM * -mpz2BN(mpz_t *s) -{ - size_t size; - BIGNUM *bn; - void *p; - - size = mp_int_unsigned_len(s); - p = malloc(size); - if (p == NULL && size != 0) - return NULL; - mp_int_to_unsigned(s, p, size); - - bn = BN_bin2bn(p, size, NULL); - free(p); - return bn; -} - -static int random_num(mp_int, size_t); - -static void -setup_blind(mp_int n, mp_int b, mp_int bi) -{ - mp_int_init(b); - mp_int_init(bi); - random_num(b, mp_int_count_bits(n)); - mp_int_mod(b, n, b); - mp_int_invmod(b, n, bi); -} - -static void -blind(mp_int in, mp_int b, mp_int e, mp_int n) -{ - mpz_t t1; - mp_int_init(&t1); - /* in' = (in * b^e) mod n */ - mp_int_exptmod(b, e, n, &t1); - mp_int_mul(&t1, in, in); - mp_int_mod(in, n, in); - mp_int_clear(&t1); -} - -static void -unblind(mp_int out, mp_int bi, mp_int n) -{ - /* out' = (out * 1/b) mod n */ - mp_int_mul(out, bi, out); - mp_int_mod(out, n, out); -} - -static mp_result -rsa_private_calculate(mp_int in, mp_int p, mp_int q, - mp_int dmp1, mp_int dmq1, mp_int iqmp, - mp_int out) -{ - mpz_t vp, vq, u; - mp_int_init(&vp); mp_int_init(&vq); mp_int_init(&u); - - /* vq = c ^ (d mod (q - 1)) mod q */ - /* vp = c ^ (d mod (p - 1)) mod p */ - mp_int_mod(in, p, &u); - mp_int_exptmod(&u, dmp1, p, &vp); - mp_int_mod(in, q, &u); - mp_int_exptmod(&u, dmq1, q, &vq); - - /* C2 = 1/q mod p (iqmp) */ - /* u = (vp - vq)C2 mod p. */ - mp_int_sub(&vp, &vq, &u); - if (mp_int_compare_zero(&u) < 0) - mp_int_add(&u, p, &u); - mp_int_mul(&u, iqmp, &u); - mp_int_mod(&u, p, &u); - - /* c ^ d mod n = vq + u q */ - mp_int_mul(&u, q, &u); - mp_int_add(&u, &vq, out); - - mp_int_clear(&vp); - mp_int_clear(&vq); - mp_int_clear(&u); - - return MP_OK; -} - -/* - * - */ - -static int -imath_rsa_public_encrypt(int flen, const unsigned char* from, - unsigned char* to, RSA* rsa, int padding) -{ - unsigned char *p, *p0; - mp_result res; - size_t size, padlen; - mpz_t enc, dec, n, e; - - if (padding != RSA_PKCS1_PADDING) - return -1; - - size = RSA_size(rsa); - - if (size < RSA_PKCS1_PADDING_SIZE || size - RSA_PKCS1_PADDING_SIZE < flen) - return -2; - - BN2mpz(&n, rsa->n); - BN2mpz(&e, rsa->e); - - p = p0 = malloc(size - 1); - if (p0 == NULL) { - mp_int_clear(&e); - mp_int_clear(&n); - return -3; - } - - padlen = size - flen - 3; - assert(padlen >= 8); - - *p++ = 2; - if (RAND_bytes(p, padlen) != 1) { - mp_int_clear(&e); - mp_int_clear(&n); - free(p0); - return -4; - } - while(padlen) { - if (*p == 0) - *p = 1; - padlen--; - p++; - } - *p++ = 0; - memcpy(p, from, flen); - p += flen; - assert((p - p0) == size - 1); - - mp_int_init(&enc); - mp_int_init(&dec); - mp_int_read_unsigned(&dec, p0, size - 1); - free(p0); - - res = mp_int_exptmod(&dec, &e, &n, &enc); - - mp_int_clear(&dec); - mp_int_clear(&e); - mp_int_clear(&n); - { - size_t ssize; - ssize = mp_int_unsigned_len(&enc); - assert(size >= ssize); - mp_int_to_unsigned(&enc, to, ssize); - size = ssize; - } - mp_int_clear(&enc); - - return size; -} - -static int -imath_rsa_public_decrypt(int flen, const unsigned char* from, - unsigned char* to, RSA* rsa, int padding) -{ - unsigned char *p; - mp_result res; - size_t size; - mpz_t s, us, n, e; - - if (padding != RSA_PKCS1_PADDING) - return -1; - - if (flen > RSA_size(rsa)) - return -2; - - BN2mpz(&n, rsa->n); - BN2mpz(&e, rsa->e); - -#if 0 - /* Check that the exponent is larger then 3 */ - if (mp_int_compare_value(&e, 3) <= 0) { - mp_int_clear(&n); - mp_int_clear(&e); - return -3; - } -#endif - - mp_int_init(&s); - mp_int_init(&us); - mp_int_read_unsigned(&s, rk_UNCONST(from), flen); - - if (mp_int_compare(&s, &n) >= 0) { - mp_int_clear(&n); - mp_int_clear(&e); - return -4; - } - - res = mp_int_exptmod(&s, &e, &n, &us); - - mp_int_clear(&s); - mp_int_clear(&n); - mp_int_clear(&e); - - if (res != MP_OK) - return -5; - p = to; - - - size = mp_int_unsigned_len(&us); - assert(size <= RSA_size(rsa)); - mp_int_to_unsigned(&us, p, size); - - mp_int_clear(&us); - - /* head zero was skipped by mp_int_to_unsigned */ - if (*p == 0) - return -6; - if (*p != 1) - return -7; - size--; p++; - while (size && *p == 0xff) { - size--; p++; - } - if (size == 0 || *p != 0) - return -8; - size--; p++; - - memmove(to, p, size); - - return size; -} - -static int -imath_rsa_private_encrypt(int flen, const unsigned char* from, - unsigned char* to, RSA* rsa, int padding) -{ - unsigned char *p, *p0; - mp_result res; - size_t size; - mpz_t in, out, n, e, b, bi; - int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0; - - if (padding != RSA_PKCS1_PADDING) - return -1; - - size = RSA_size(rsa); - - if (size < RSA_PKCS1_PADDING_SIZE || size - RSA_PKCS1_PADDING_SIZE < flen) - return -2; - - p0 = p = malloc(size); - *p++ = 0; - *p++ = 1; - memset(p, 0xff, size - flen - 3); - p += size - flen - 3; - *p++ = 0; - memcpy(p, from, flen); - p += flen; - assert((p - p0) == size); - - BN2mpz(&n, rsa->n); - BN2mpz(&e, rsa->e); - - mp_int_init(&in); - mp_int_init(&out); - mp_int_read_unsigned(&in, p0, size); - free(p0); - - if(mp_int_compare_zero(&in) < 0 || - mp_int_compare(&in, &n) >= 0) { - size = 0; - goto out; - } - - if (blinding) { - setup_blind(&n, &b, &bi); - blind(&in, &b, &e, &n); - } - - if (rsa->p && rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) { - mpz_t p, q, dmp1, dmq1, iqmp; - - BN2mpz(&p, rsa->p); - BN2mpz(&q, rsa->q); - BN2mpz(&dmp1, rsa->dmp1); - BN2mpz(&dmq1, rsa->dmq1); - BN2mpz(&iqmp, rsa->iqmp); - - res = rsa_private_calculate(&in, &p, &q, &dmp1, &dmq1, &iqmp, &out); - - mp_int_clear(&p); - mp_int_clear(&q); - mp_int_clear(&dmp1); - mp_int_clear(&dmq1); - mp_int_clear(&iqmp); - } else { - mpz_t d; - - BN2mpz(&d, rsa->d); - res = mp_int_exptmod(&in, &d, &n, &out); - mp_int_clear(&d); - if (res != MP_OK) { - size = 0; - goto out; - } - } - - if (blinding) { - unblind(&out, &bi, &n); - mp_int_clear(&b); - mp_int_clear(&bi); - } - - { - size_t ssize; - ssize = mp_int_unsigned_len(&out); - assert(size >= ssize); - mp_int_to_unsigned(&out, to, size); - size = ssize; - } - -out: - mp_int_clear(&e); - mp_int_clear(&n); - mp_int_clear(&in); - mp_int_clear(&out); - - return size; -} - -static int -imath_rsa_private_decrypt(int flen, const unsigned char* from, - unsigned char* to, RSA* rsa, int padding) -{ - unsigned char *ptr; - mp_result res; - size_t size; - mpz_t in, out, n, e, b, bi; - int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0; - - if (padding != RSA_PKCS1_PADDING) - return -1; - - size = RSA_size(rsa); - if (flen > size) - return -2; - - mp_int_init(&in); - mp_int_init(&out); - - BN2mpz(&n, rsa->n); - BN2mpz(&e, rsa->e); - - res = mp_int_read_unsigned(&in, rk_UNCONST(from), flen); - if (res != MP_OK) { - size = -1; - goto out; - } - - if(mp_int_compare_zero(&in) < 0 || - mp_int_compare(&in, &n) >= 0) { - size = 0; - goto out; - } - - if (blinding) { - setup_blind(&n, &b, &bi); - blind(&in, &b, &e, &n); - } - - if (rsa->p && rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) { - mpz_t p, q, dmp1, dmq1, iqmp; - - BN2mpz(&p, rsa->p); - BN2mpz(&q, rsa->q); - BN2mpz(&dmp1, rsa->dmp1); - BN2mpz(&dmq1, rsa->dmq1); - BN2mpz(&iqmp, rsa->iqmp); - - res = rsa_private_calculate(&in, &p, &q, &dmp1, &dmq1, &iqmp, &out); - - mp_int_clear(&p); - mp_int_clear(&q); - mp_int_clear(&dmp1); - mp_int_clear(&dmq1); - mp_int_clear(&iqmp); - } else { - mpz_t d; - - if(mp_int_compare_zero(&in) < 0 || - mp_int_compare(&in, &n) >= 0) - return MP_RANGE; - - BN2mpz(&d, rsa->d); - res = mp_int_exptmod(&in, &d, &n, &out); - mp_int_clear(&d); - if (res != MP_OK) { - size = 0; - goto out; - } - } - - if (blinding) { - unblind(&out, &bi, &n); - mp_int_clear(&b); - mp_int_clear(&bi); - } - - ptr = to; - { - size_t ssize; - ssize = mp_int_unsigned_len(&out); - assert(size >= ssize); - mp_int_to_unsigned(&out, ptr, ssize); - size = ssize; - } - - /* head zero was skipped by mp_int_to_unsigned */ - if (*ptr != 2) - return -3; - size--; ptr++; - while (size && *ptr != 0) { - size--; ptr++; - } - if (size == 0) - return -4; - size--; ptr++; - - memmove(to, ptr, size); - -out: - mp_int_clear(&e); - mp_int_clear(&n); - mp_int_clear(&in); - mp_int_clear(&out); - - return size; -} - -static int -random_num(mp_int num, size_t len) -{ - unsigned char *p; - mp_result res; - - len = (len + 7) / 8; - p = malloc(len); - if (p == NULL) - return 1; - if (RAND_bytes(p, len) != 1) { - free(p); - return 1; - } - res = mp_int_read_unsigned(num, p, len); - free(p); - if (res != MP_OK) - return 1; - return 0; -} - -#define CHECK(f, v) if ((f) != (v)) { goto out; } - -static int -imath_rsa_generate_key(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) -{ - mpz_t el, p, q, n, d, dmp1, dmq1, iqmp, t1, t2, t3; - int counter, ret; - - if (bits < 789) - return -1; - - ret = -1; - - mp_int_init(&el); - mp_int_init(&p); - mp_int_init(&q); - mp_int_init(&n); - mp_int_init(&d); - mp_int_init(&dmp1); - mp_int_init(&dmq1); - mp_int_init(&iqmp); - mp_int_init(&t1); - mp_int_init(&t2); - mp_int_init(&t3); - - BN2mpz(&el, e); - - /* generate p and q so that p != q and bits(pq) ~ bits */ - counter = 0; - do { - BN_GENCB_call(cb, 2, counter++); - CHECK(random_num(&p, bits / 2 + 1), 0); - CHECK(mp_int_find_prime(&p), MP_TRUE); - - CHECK(mp_int_sub_value(&p, 1, &t1), MP_OK); - CHECK(mp_int_gcd(&t1, &el, &t2), MP_OK); - } while(mp_int_compare_value(&t2, 1) != 0); - - BN_GENCB_call(cb, 3, 0); - - counter = 0; - do { - BN_GENCB_call(cb, 2, counter++); - CHECK(random_num(&q, bits / 2 + 1), 0); - CHECK(mp_int_find_prime(&q), MP_TRUE); - - if (mp_int_compare(&p, &q) == 0) /* don't let p and q be the same */ - continue; - - CHECK(mp_int_sub_value(&q, 1, &t1), MP_OK); - CHECK(mp_int_gcd(&t1, &el, &t2), MP_OK); - } while(mp_int_compare_value(&t2, 1) != 0); - - /* make p > q */ - if (mp_int_compare(&p, &q) < 0) - mp_int_swap(&p, &q); - - BN_GENCB_call(cb, 3, 1); - - /* calculate n, n = p * q */ - CHECK(mp_int_mul(&p, &q, &n), MP_OK); - - /* calculate d, d = 1/e mod (p - 1)(q - 1) */ - CHECK(mp_int_sub_value(&p, 1, &t1), MP_OK); - CHECK(mp_int_sub_value(&q, 1, &t2), MP_OK); - CHECK(mp_int_mul(&t1, &t2, &t3), MP_OK); - CHECK(mp_int_invmod(&el, &t3, &d), MP_OK); - - /* calculate dmp1 dmp1 = d mod (p-1) */ - CHECK(mp_int_mod(&d, &t1, &dmp1), MP_OK); - /* calculate dmq1 dmq1 = d mod (q-1) */ - CHECK(mp_int_mod(&d, &t2, &dmq1), MP_OK); - /* calculate iqmp iqmp = 1/q mod p */ - CHECK(mp_int_invmod(&q, &p, &iqmp), MP_OK); - - /* fill in RSA key */ - - rsa->e = mpz2BN(&el); - rsa->p = mpz2BN(&p); - rsa->q = mpz2BN(&q); - rsa->n = mpz2BN(&n); - rsa->d = mpz2BN(&d); - rsa->dmp1 = mpz2BN(&dmp1); - rsa->dmq1 = mpz2BN(&dmq1); - rsa->iqmp = mpz2BN(&iqmp); - - ret = 1; -out: - mp_int_clear(&el); - mp_int_clear(&p); - mp_int_clear(&q); - mp_int_clear(&n); - mp_int_clear(&d); - mp_int_clear(&dmp1); - mp_int_clear(&dmq1); - mp_int_clear(&iqmp); - mp_int_clear(&t1); - mp_int_clear(&t2); - mp_int_clear(&t3); - - return ret; -} - -static int -imath_rsa_init(RSA *rsa) -{ - return 1; -} - -static int -imath_rsa_finish(RSA *rsa) -{ - return 1; -} - -const RSA_METHOD hc_rsa_imath_method = { - "hcrypto imath RSA", - imath_rsa_public_encrypt, - imath_rsa_public_decrypt, - imath_rsa_private_encrypt, - imath_rsa_private_decrypt, - NULL, - NULL, - imath_rsa_init, - imath_rsa_finish, - 0, - NULL, - NULL, - NULL, - imath_rsa_generate_key -}; - -const RSA_METHOD * -RSA_imath_method(void) -{ - return &hc_rsa_imath_method; -} diff --git a/source4/heimdal/lib/des/rsa.c b/source4/heimdal/lib/des/rsa.c deleted file mode 100644 index 241afb2e46..0000000000 --- a/source4/heimdal/lib/des/rsa.c +++ /dev/null @@ -1,471 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -RCSID("$Id: rsa.c,v 1.19 2007/01/09 10:04:20 lha Exp $"); - -#include -#include -#include -#include - -#include - -#include - -RSA * -RSA_new(void) -{ - return RSA_new_method(NULL); -} - -RSA * -RSA_new_method(ENGINE *engine) -{ - RSA *rsa; - - rsa = calloc(1, sizeof(*rsa)); - if (rsa == NULL) - return NULL; - - rsa->references = 1; - - if (engine) { - ENGINE_up_ref(engine); - rsa->engine = engine; - } else { - rsa->engine = ENGINE_get_default_RSA(); - } - - if (rsa->engine) { - rsa->meth = ENGINE_get_RSA(rsa->engine); - if (rsa->meth == NULL) { - ENGINE_finish(engine); - free(rsa); - return 0; - } - } - - if (rsa->meth == NULL) - rsa->meth = rk_UNCONST(RSA_get_default_method()); - - (*rsa->meth->init)(rsa); - - return rsa; -} - - -void -RSA_free(RSA *rsa) -{ - if (rsa->references <= 0) - abort(); - - if (--rsa->references > 0) - return; - - (*rsa->meth->finish)(rsa); - - if (rsa->engine) - ENGINE_finish(rsa->engine); - -#define free_if(f) if (f) { BN_free(f); } - free_if(rsa->n); - free_if(rsa->e); - free_if(rsa->d); - free_if(rsa->p); - free_if(rsa->q); - free_if(rsa->dmp1); - free_if(rsa->dmq1); -#undef free_if - - memset(rsa, 0, sizeof(*rsa)); - free(rsa); -} - -int -RSA_up_ref(RSA *rsa) -{ - return ++rsa->references; -} - -const RSA_METHOD * -RSA_get_method(const RSA *rsa) -{ - return rsa->meth; -} - -int -RSA_set_method(RSA *rsa, const RSA_METHOD *method) -{ - (*rsa->meth->finish)(rsa); - - if (rsa->engine) { - ENGINE_finish(rsa->engine); - rsa->engine = NULL; - } - - rsa->meth = method; - (*rsa->meth->init)(rsa); - return 1; -} - -int -RSA_set_app_data(RSA *rsa, void *arg) -{ - rsa->ex_data.sk = arg; - return 1; -} - -void * -RSA_get_app_data(RSA *rsa) -{ - return rsa->ex_data.sk; -} - -int -RSA_check_key(const RSA *key) -{ - static const unsigned char inbuf[] = "hello, world!"; - RSA *rsa = rk_UNCONST(key); - void *buffer; - int ret; - - /* - * XXX I have no clue how to implement this w/o a bignum library. - * Well, when we have a RSA key pair, we can try to encrypt/sign - * and then decrypt/verify. - */ - - if ((rsa->d == NULL || rsa->n == NULL) && - (rsa->p == NULL || rsa->q || rsa->dmp1 == NULL || rsa->dmq1 == NULL || rsa->iqmp == NULL)) - return 0; - - buffer = malloc(RSA_size(rsa)); - if (buffer == NULL) - return 0; - - ret = RSA_private_encrypt(sizeof(inbuf), inbuf, buffer, - rsa, RSA_PKCS1_PADDING); - if (ret == -1) { - free(buffer); - return 0; - } - - ret = RSA_public_decrypt(ret, buffer, buffer, - rsa, RSA_PKCS1_PADDING); - if (ret == -1) { - free(buffer); - return 0; - } - - if (ret == sizeof(inbuf) && memcmp(buffer, inbuf, sizeof(inbuf)) == 0) { - free(buffer); - return 1; - } - free(buffer); - return 0; -} - -int -RSA_size(const RSA *rsa) -{ - return BN_num_bytes(rsa->n); -} - -#define RSAFUNC(name, body) \ -int \ -name(int flen,const unsigned char* f, unsigned char* t, RSA* r, int p){\ - return body; \ -} - -RSAFUNC(RSA_public_encrypt, (r)->meth->rsa_pub_enc(flen, f, t, r, p)) -RSAFUNC(RSA_public_decrypt, (r)->meth->rsa_pub_dec(flen, f, t, r, p)) -RSAFUNC(RSA_private_encrypt, (r)->meth->rsa_priv_enc(flen, f, t, r, p)) -RSAFUNC(RSA_private_decrypt, (r)->meth->rsa_priv_dec(flen, f, t, r, p)) - -/* XXX */ -int -RSA_sign(int type, const unsigned char *from, unsigned int flen, - unsigned char *to, unsigned int *tlen, RSA *rsa) -{ - return -1; -} - -int -RSA_verify(int type, const unsigned char *from, unsigned int flen, - unsigned char *to, unsigned int tlen, RSA *rsa) -{ - return -1; -} - -/* - * A NULL RSA_METHOD that returns failure for all operations. This is - * used as the default RSA method is we don't have any native - * support. - */ - -static RSAFUNC(null_rsa_public_encrypt, -1) -static RSAFUNC(null_rsa_public_decrypt, -1) -static RSAFUNC(null_rsa_private_encrypt, -1) -static RSAFUNC(null_rsa_private_decrypt, -1) - -/* - * - */ - -int -RSA_generate_key_ex(RSA *r, int bits, BIGNUM *e, BN_GENCB *cb) -{ - if (r->meth->rsa_keygen) - return (*r->meth->rsa_keygen)(r, bits, e, cb); - return 0; -} - - -/* - * - */ - -static int -null_rsa_init(RSA *rsa) -{ - return 1; -} - -static int -null_rsa_finish(RSA *rsa) -{ - return 1; -} - -static const RSA_METHOD rsa_null_method = { - "hcrypto null RSA", - null_rsa_public_encrypt, - null_rsa_public_decrypt, - null_rsa_private_encrypt, - null_rsa_private_decrypt, - NULL, - NULL, - null_rsa_init, - null_rsa_finish, - 0, - NULL, - NULL, - NULL -}; - -const RSA_METHOD * -RSA_null_method(void) -{ - return &rsa_null_method; -} - -extern const RSA_METHOD hc_rsa_imath_method; -static const RSA_METHOD *default_rsa_method = &hc_rsa_imath_method; - -const RSA_METHOD * -RSA_get_default_method(void) -{ - return default_rsa_method; -} - -void -RSA_set_default_method(const RSA_METHOD *meth) -{ - default_rsa_method = meth; -} - -/* - * - */ - -static BIGNUM * -heim_int2BN(const heim_integer *i) -{ - BIGNUM *bn; - - bn = BN_bin2bn(i->data, i->length, NULL); - if (bn) - BN_set_negative(bn, i->negative); - return bn; -} - -static int -bn2heim_int(BIGNUM *bn, heim_integer *integer) -{ - integer->length = BN_num_bytes(bn); - integer->data = malloc(integer->length); - if (integer->data == NULL) { - integer->length = 0; - return ENOMEM; - } - BN_bn2bin(bn, integer->data); - integer->negative = BN_is_negative(bn); - return 0; -} - - -RSA * -d2i_RSAPrivateKey(RSA *rsa, const unsigned char **pp, size_t len) -{ - RSAPrivateKey data; - RSA *k = rsa; - size_t size; - int ret; - - ret = decode_RSAPrivateKey(*pp, len, &data, &size); - if (ret) - return NULL; - - *pp += size; - - if (k == NULL) { - k = RSA_new(); - if (k == NULL) { - free_RSAPrivateKey(&data); - return NULL; - } - } - - k->n = heim_int2BN(&data.modulus); - k->e = heim_int2BN(&data.publicExponent); - k->d = heim_int2BN(&data.privateExponent); - k->p = heim_int2BN(&data.prime1); - k->q = heim_int2BN(&data.prime2); - k->dmp1 = heim_int2BN(&data.exponent1); - k->dmq1 = heim_int2BN(&data.exponent2); - k->iqmp = heim_int2BN(&data.coefficient); - free_RSAPrivateKey(&data); - - if (k->n == NULL || k->e == NULL || k->d == NULL || k->p == NULL || - k->q == NULL || k->dmp1 == NULL || k->dmq1 == NULL || k->iqmp == NULL) - { - RSA_free(k); - return NULL; - } - - return k; -} - -int -i2d_RSAPrivateKey(RSA *rsa, unsigned char **pp) -{ - RSAPrivateKey data; - size_t size; - int ret; - - if (rsa->n == NULL || rsa->e == NULL || rsa->d == NULL || rsa->p == NULL || - rsa->q == NULL || rsa->dmp1 == NULL || rsa->dmq1 == NULL || - rsa->iqmp == NULL) - return -1; - - memset(&data, 0, sizeof(data)); - - ret = bn2heim_int(rsa->n, &data.modulus); - ret |= bn2heim_int(rsa->e, &data.publicExponent); - ret |= bn2heim_int(rsa->d, &data.privateExponent); - ret |= bn2heim_int(rsa->p, &data.prime1); - ret |= bn2heim_int(rsa->q, &data.prime2); - ret |= bn2heim_int(rsa->dmp1, &data.exponent1); - ret |= bn2heim_int(rsa->dmq1, &data.exponent2); - ret |= bn2heim_int(rsa->iqmp, &data.coefficient); - if (ret) { - free_RSAPrivateKey(&data); - return -1; - } - - if (pp == NULL) { - size = length_RSAPrivateKey(&data); - free_RSAPrivateKey(&data); - } else { - void *p; - size_t len; - - ASN1_MALLOC_ENCODE(RSAPrivateKey, p, len, &data, &size, ret); - free_RSAPrivateKey(&data); - if (ret) - return -1; - if (len != size) - abort(); - - memcpy(*pp, p, size); - free(p); - - *pp += size; - - } - return size; -} - -int -i2d_RSAPublicKey(RSA *rsa, unsigned char **pp) -{ - RSAPublicKey data; - size_t size; - int ret; - - memset(&data, 0, sizeof(data)); - - if (bn2heim_int(rsa->n, &data.modulus) || - bn2heim_int(rsa->e, &data.publicExponent)) - { - free_RSAPublicKey(&data); - return -1; - } - - if (pp == NULL) { - size = length_RSAPublicKey(&data); - free_RSAPublicKey(&data); - } else { - void *p; - size_t len; - - ASN1_MALLOC_ENCODE(RSAPublicKey, p, len, &data, &size, ret); - free_RSAPublicKey(&data); - if (ret) - return -1; - if (len != size) - abort(); - - memcpy(*pp, p, size); - free(p); - - *pp += size; - } - - return size; -} diff --git a/source4/heimdal/lib/des/rsa.h b/source4/heimdal/lib/des/rsa.h deleted file mode 100644 index 0aceb9f9da..0000000000 --- a/source4/heimdal/lib/des/rsa.h +++ /dev/null @@ -1,175 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * $Id: rsa.h,v 1.9 2007/01/05 20:26:23 lha Exp $ - */ - -#ifndef _HEIM_RSA_H -#define _HEIM_RSA_H 1 - -/* symbol renaming */ -#define RSA_null_method hc_RSA_null_method -#define RSA_imath_method hc_RSA_imath_method -#define RSA_new hc_RSA_new -#define RSA_new_method hc_RSA_new_method -#define RSA_free hc_RSA_free -#define RSA_up_ref hc_RSA_up_ref -#define RSA_set_default_method hc_RSA_set_default_method -#define RSA_get_default_method hc_RSA_get_default_method -#define RSA_set_method hc_RSA_set_method -#define RSA_get_method hc_RSA_get_method -#define RSA_set_app_data hc_RSA_set_app_data -#define RSA_get_app_data hc_RSA_get_app_data -#define RSA_check_key hc_RSA_check_key -#define RSA_size hc_RSA_size -#define RSA_public_encrypt hc_RSA_public_encrypt -#define RSA_public_decrypt hc_RSA_public_decrypt -#define RSA_private_encrypt hc_RSA_private_encrypt -#define RSA_private_decrypt hc_RSA_private_decrypt -#define RSA_sign hc_RSA_sign -#define RSA_verify hc_RSA_verify -#define RSA_generate_key_ex hc_RSA_generate_key_ex -#define d2i_RSAPrivateKey hc_d2i_RSAPrivateKey -#define i2d_RSAPrivateKey hc_i2d_RSAPrivateKey -#define i2d_RSAPublicKey hc_i2d_RSAPublicKey - -/* - * - */ - -typedef struct RSA RSA; -typedef struct RSA_METHOD RSA_METHOD; - -#include -#include - -struct RSA_METHOD { - const char *name; - int (*rsa_pub_enc)(int,const unsigned char *, unsigned char *, RSA *,int); - int (*rsa_pub_dec)(int,const unsigned char *, unsigned char *, RSA *,int); - int (*rsa_priv_enc)(int,const unsigned char *, unsigned char *, RSA *,int); - int (*rsa_priv_dec)(int,const unsigned char *, unsigned char *, RSA *,int); - void *rsa_mod_exp; - void *bn_mod_exp; - int (*init)(RSA *rsa); - int (*finish)(RSA *rsa); - int flags; - char *app_data; - int (*rsa_sign)(int, const unsigned char *, unsigned int, - unsigned char *, unsigned int *, const RSA *); - int (*rsa_verify)(int, const unsigned char *, unsigned int, - unsigned char *, unsigned int, const RSA *); - int (*rsa_keygen)(RSA *, int, BIGNUM *, BN_GENCB *); -}; - -struct RSA { - int pad; - long version; - const RSA_METHOD *meth; - void *engine; - BIGNUM *n; - BIGNUM *e; - BIGNUM *d; - BIGNUM *p; - BIGNUM *q; - BIGNUM *dmp1; - BIGNUM *dmq1; - BIGNUM *iqmp; - struct rsa_CRYPTO_EX_DATA { - void *sk; - int dummy; - } ex_data; - int references; - int flags; - void *_method_mod_n; - void *_method_mod_p; - void *_method_mod_q; - - char *bignum_data; - void *blinding; - void *mt_blinding; -}; - -#define RSA_FLAG_NO_BLINDING 0x0080 - -#define RSA_PKCS1_PADDING 1 -#define RSA_PKCS1_OAEP_PADDING 4 -#define RSA_PKCS1_PADDING_SIZE 11 - -/* - * - */ - -const RSA_METHOD *RSA_null_method(void); -const RSA_METHOD *RSA_imath_method(void); - -/* - * - */ - -RSA * RSA_new(void); -RSA * RSA_new_method(ENGINE *); -void RSA_free(RSA *); -int RSA_up_ref(RSA *); - -void RSA_set_default_method(const RSA_METHOD *); -const RSA_METHOD * RSA_get_default_method(void); - -const RSA_METHOD * RSA_get_method(const RSA *); -int RSA_set_method(RSA *, const RSA_METHOD *); - -int RSA_set_app_data(RSA *, void *arg); -void * RSA_get_app_data(RSA *); - -int RSA_check_key(const RSA *); -int RSA_size(const RSA *); - -int RSA_public_encrypt(int,const unsigned char*,unsigned char*,RSA *,int); -int RSA_private_encrypt(int,const unsigned char*,unsigned char*,RSA *,int); -int RSA_public_decrypt(int,const unsigned char*,unsigned char*,RSA *,int); -int RSA_private_decrypt(int,const unsigned char*,unsigned char*,RSA *,int); - -int RSA_sign(int, const unsigned char *, unsigned int, - unsigned char *, unsigned int *, RSA *); -int RSA_verify(int, const unsigned char *, unsigned int, - unsigned char *, unsigned int, RSA *); - -int RSA_generate_key_ex(RSA *, int, BIGNUM *, BN_GENCB *); - -RSA * d2i_RSAPrivateKey(RSA *, const unsigned char **, size_t); -int i2d_RSAPrivateKey(RSA *, unsigned char **); - -int i2d_RSAPublicKey(RSA *, unsigned char **); - -#endif /* _HEIM_RSA_H */ diff --git a/source4/heimdal/lib/des/sha.c b/source4/heimdal/lib/des/sha.c deleted file mode 100644 index fae0fe01cb..0000000000 --- a/source4/heimdal/lib/des/sha.c +++ /dev/null @@ -1,300 +0,0 @@ -/* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include "config.h" - -RCSID("$Id: sha.c,v 1.19 2006/05/05 10:25:00 lha Exp $"); -#endif - -#include "hash.h" -#include "sha.h" - -#define A m->counter[0] -#define B m->counter[1] -#define C m->counter[2] -#define D m->counter[3] -#define E m->counter[4] -#define X data - -void -SHA1_Init (struct sha *m) -{ - m->sz[0] = 0; - m->sz[1] = 0; - A = 0x67452301; - B = 0xefcdab89; - C = 0x98badcfe; - D = 0x10325476; - E = 0xc3d2e1f0; -} - - -#define F0(x,y,z) CRAYFIX((x & y) | (~x & z)) -#define F1(x,y,z) (x ^ y ^ z) -#define F2(x,y,z) ((x & y) | (x & z) | (y & z)) -#define F3(x,y,z) F1(x,y,z) - -#define K0 0x5a827999 -#define K1 0x6ed9eba1 -#define K2 0x8f1bbcdc -#define K3 0xca62c1d6 - -#define DO(t,f,k) \ -do { \ - uint32_t temp; \ - \ - temp = cshift(AA, 5) + f(BB,CC,DD) + EE + data[t] + k; \ - EE = DD; \ - DD = CC; \ - CC = cshift(BB, 30); \ - BB = AA; \ - AA = temp; \ -} while(0) - -static inline void -calc (struct sha *m, uint32_t *in) -{ - uint32_t AA, BB, CC, DD, EE; - uint32_t data[80]; - int i; - - AA = A; - BB = B; - CC = C; - DD = D; - EE = E; - - for (i = 0; i < 16; ++i) - data[i] = in[i]; - for (i = 16; i < 80; ++i) - data[i] = cshift(data[i-3] ^ data[i-8] ^ data[i-14] ^ data[i-16], 1); - - /* t=[0,19] */ - - DO(0,F0,K0); - DO(1,F0,K0); - DO(2,F0,K0); - DO(3,F0,K0); - DO(4,F0,K0); - DO(5,F0,K0); - DO(6,F0,K0); - DO(7,F0,K0); - DO(8,F0,K0); - DO(9,F0,K0); - DO(10,F0,K0); - DO(11,F0,K0); - DO(12,F0,K0); - DO(13,F0,K0); - DO(14,F0,K0); - DO(15,F0,K0); - DO(16,F0,K0); - DO(17,F0,K0); - DO(18,F0,K0); - DO(19,F0,K0); - - /* t=[20,39] */ - - DO(20,F1,K1); - DO(21,F1,K1); - DO(22,F1,K1); - DO(23,F1,K1); - DO(24,F1,K1); - DO(25,F1,K1); - DO(26,F1,K1); - DO(27,F1,K1); - DO(28,F1,K1); - DO(29,F1,K1); - DO(30,F1,K1); - DO(31,F1,K1); - DO(32,F1,K1); - DO(33,F1,K1); - DO(34,F1,K1); - DO(35,F1,K1); - DO(36,F1,K1); - DO(37,F1,K1); - DO(38,F1,K1); - DO(39,F1,K1); - - /* t=[40,59] */ - - DO(40,F2,K2); - DO(41,F2,K2); - DO(42,F2,K2); - DO(43,F2,K2); - DO(44,F2,K2); - DO(45,F2,K2); - DO(46,F2,K2); - DO(47,F2,K2); - DO(48,F2,K2); - DO(49,F2,K2); - DO(50,F2,K2); - DO(51,F2,K2); - DO(52,F2,K2); - DO(53,F2,K2); - DO(54,F2,K2); - DO(55,F2,K2); - DO(56,F2,K2); - DO(57,F2,K2); - DO(58,F2,K2); - DO(59,F2,K2); - - /* t=[60,79] */ - - DO(60,F3,K3); - DO(61,F3,K3); - DO(62,F3,K3); - DO(63,F3,K3); - DO(64,F3,K3); - DO(65,F3,K3); - DO(66,F3,K3); - DO(67,F3,K3); - DO(68,F3,K3); - DO(69,F3,K3); - DO(70,F3,K3); - DO(71,F3,K3); - DO(72,F3,K3); - DO(73,F3,K3); - DO(74,F3,K3); - DO(75,F3,K3); - DO(76,F3,K3); - DO(77,F3,K3); - DO(78,F3,K3); - DO(79,F3,K3); - - A += AA; - B += BB; - C += CC; - D += DD; - E += EE; -} - -/* - * From `Performance analysis of MD5' by Joseph D. Touch - */ - -#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) -static inline uint32_t -swap_uint32_t (uint32_t t) -{ -#define ROL(x,n) ((x)<<(n))|((x)>>(32-(n))) - uint32_t temp1, temp2; - - temp1 = cshift(t, 16); - temp2 = temp1 >> 8; - temp1 &= 0x00ff00ff; - temp2 &= 0x00ff00ff; - temp1 <<= 8; - return temp1 | temp2; -} -#endif - -struct x32{ - unsigned int a:32; - unsigned int b:32; -}; - -void -SHA1_Update (struct sha *m, const void *v, size_t len) -{ - const unsigned char *p = v; - size_t old_sz = m->sz[0]; - size_t offset; - - m->sz[0] += len * 8; - if (m->sz[0] < old_sz) - ++m->sz[1]; - offset = (old_sz / 8) % 64; - while(len > 0){ - size_t l = min(len, 64 - offset); - memcpy(m->save + offset, p, l); - offset += l; - p += l; - len -= l; - if(offset == 64){ -#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) - int i; - uint32_t current[16]; - struct x32 *u = (struct x32*)m->save; - for(i = 0; i < 8; i++){ - current[2*i+0] = swap_uint32_t(u[i].a); - current[2*i+1] = swap_uint32_t(u[i].b); - } - calc(m, current); -#else - calc(m, (uint32_t*)m->save); -#endif - offset = 0; - } - } -} - -void -SHA1_Final (void *res, struct sha *m) -{ - unsigned char zeros[72]; - unsigned offset = (m->sz[0] / 8) % 64; - unsigned int dstart = (120 - offset - 1) % 64 + 1; - - *zeros = 0x80; - memset (zeros + 1, 0, sizeof(zeros) - 1); - zeros[dstart+7] = (m->sz[0] >> 0) & 0xff; - zeros[dstart+6] = (m->sz[0] >> 8) & 0xff; - zeros[dstart+5] = (m->sz[0] >> 16) & 0xff; - zeros[dstart+4] = (m->sz[0] >> 24) & 0xff; - zeros[dstart+3] = (m->sz[1] >> 0) & 0xff; - zeros[dstart+2] = (m->sz[1] >> 8) & 0xff; - zeros[dstart+1] = (m->sz[1] >> 16) & 0xff; - zeros[dstart+0] = (m->sz[1] >> 24) & 0xff; - SHA1_Update (m, zeros, dstart + 8); - { - int i; - unsigned char *r = (unsigned char*)res; - - for (i = 0; i < 5; ++i) { - r[4*i+3] = m->counter[i] & 0xFF; - r[4*i+2] = (m->counter[i] >> 8) & 0xFF; - r[4*i+1] = (m->counter[i] >> 16) & 0xFF; - r[4*i] = (m->counter[i] >> 24) & 0xFF; - } - } -#if 0 - { - int i; - uint32_t *r = (uint32_t *)res; - - for (i = 0; i < 5; ++i) - r[i] = swap_uint32_t (m->counter[i]); - } -#endif -} diff --git a/source4/heimdal/lib/des/sha.h b/source4/heimdal/lib/des/sha.h deleted file mode 100644 index 977b9f7bb2..0000000000 --- a/source4/heimdal/lib/des/sha.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: sha.h,v 1.11 2006/05/05 11:06:21 lha Exp $ */ - -#ifndef HEIM_SHA_H -#define HEIM_SHA_H 1 - -/* symbol renaming */ -#define SHA1_Init hc_SHA1_Init -#define SHA1_Update hc_SHA1_Update -#define SHA1_Final hc_SHA1_Final -#define SHA256_Init hc_SHA256_Init -#define SHA256_Update hc_SHA256_Update -#define SHA256_Final hc_SHA256_Final - -/* - * SHA-1 - */ - -#define SHA_DIGEST_LENGTH 20 - -struct sha { - unsigned int sz[2]; - uint32_t counter[5]; - unsigned char save[64]; -}; - -typedef struct sha SHA_CTX; - -void SHA1_Init (struct sha *m); -void SHA1_Update (struct sha *m, const void *v, size_t len); -void SHA1_Final (void *res, struct sha *m); - -/* - * SHA-2 256 - */ - -#define SHA256_DIGEST_LENGTH 32 - -struct hc_sha256state { - unsigned int sz[2]; - uint32_t counter[8]; - unsigned char save[64]; -}; - -typedef struct hc_sha256state SHA256_CTX; - -void SHA256_Init (SHA256_CTX *); -void SHA256_Update (SHA256_CTX *, const void *, size_t); -void SHA256_Final (void *, SHA256_CTX *); - -#endif /* HEIM_SHA_H */ diff --git a/source4/heimdal/lib/des/sha256.c b/source4/heimdal/lib/des/sha256.c deleted file mode 100644 index 58fb92815a..0000000000 --- a/source4/heimdal/lib/des/sha256.c +++ /dev/null @@ -1,233 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include "config.h" - -RCSID("$Id: sha256.c,v 1.2 2006/05/05 10:25:37 lha Exp $"); -#endif - -#include "hash.h" -#include "sha.h" - -#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) - -#define ROTR(x,n) (((x)>>(n)) | ((x) << (32 - (n)))) - -#define Sigma0(x) (ROTR(x,2) ^ ROTR(x,13) ^ ROTR(x,22)) -#define Sigma1(x) (ROTR(x,6) ^ ROTR(x,11) ^ ROTR(x,25)) -#define sigma0(x) (ROTR(x,7) ^ ROTR(x,18) ^ ((x)>>3)) -#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ ((x)>>10)) - -#define A m->counter[0] -#define B m->counter[1] -#define C m->counter[2] -#define D m->counter[3] -#define E m->counter[4] -#define F m->counter[5] -#define G m->counter[6] -#define H m->counter[7] - -static const uint32_t constant_256[64] = { - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, - 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, - 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, - 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, - 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, - 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -}; - -void -SHA256_Init (SHA256_CTX *m) -{ - m->sz[0] = 0; - m->sz[1] = 0; - A = 0x6a09e667; - B = 0xbb67ae85; - C = 0x3c6ef372; - D = 0xa54ff53a; - E = 0x510e527f; - F = 0x9b05688c; - G = 0x1f83d9ab; - H = 0x5be0cd19; -} - -static void -calc (SHA256_CTX *m, uint32_t *in) -{ - uint32_t AA, BB, CC, DD, EE, FF, GG, HH; - uint32_t data[64]; - int i; - - AA = A; - BB = B; - CC = C; - DD = D; - EE = E; - FF = F; - GG = G; - HH = H; - - for (i = 0; i < 16; ++i) - data[i] = in[i]; - for (i = 16; i < 64; ++i) - data[i] = sigma1(data[i-2]) + data[i-7] + - sigma0(data[i-15]) + data[i - 16]; - - for (i = 0; i < 64; i++) { - uint32_t T1, T2; - - T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_256[i] + data[i]; - T2 = Sigma0(AA) + Maj(AA,BB,CC); - - HH = GG; - GG = FF; - FF = EE; - EE = DD + T1; - DD = CC; - CC = BB; - BB = AA; - AA = T1 + T2; - } - - A += AA; - B += BB; - C += CC; - D += DD; - E += EE; - F += FF; - G += GG; - H += HH; -} - -/* - * From `Performance analysis of MD5' by Joseph D. Touch - */ - -#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) -static inline uint32_t -swap_uint32_t (uint32_t t) -{ -#define ROL(x,n) ((x)<<(n))|((x)>>(32-(n))) - uint32_t temp1, temp2; - - temp1 = cshift(t, 16); - temp2 = temp1 >> 8; - temp1 &= 0x00ff00ff; - temp2 &= 0x00ff00ff; - temp1 <<= 8; - return temp1 | temp2; -} -#endif - -struct x32{ - unsigned int a:32; - unsigned int b:32; -}; - -void -SHA256_Update (SHA256_CTX *m, const void *v, size_t len) -{ - const unsigned char *p = v; - size_t old_sz = m->sz[0]; - size_t offset; - - m->sz[0] += len * 8; - if (m->sz[0] < old_sz) - ++m->sz[1]; - offset = (old_sz / 8) % 64; - while(len > 0){ - size_t l = min(len, 64 - offset); - memcpy(m->save + offset, p, l); - offset += l; - p += l; - len -= l; - if(offset == 64){ -#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) - int i; - uint32_t current[16]; - struct x32 *u = (struct x32*)m->save; - for(i = 0; i < 8; i++){ - current[2*i+0] = swap_uint32_t(u[i].a); - current[2*i+1] = swap_uint32_t(u[i].b); - } - calc(m, current); -#else - calc(m, (uint32_t*)m->save); -#endif - offset = 0; - } - } -} - -void -SHA256_Final (void *res, SHA256_CTX *m) -{ - unsigned char zeros[72]; - unsigned offset = (m->sz[0] / 8) % 64; - unsigned int dstart = (120 - offset - 1) % 64 + 1; - - *zeros = 0x80; - memset (zeros + 1, 0, sizeof(zeros) - 1); - zeros[dstart+7] = (m->sz[0] >> 0) & 0xff; - zeros[dstart+6] = (m->sz[0] >> 8) & 0xff; - zeros[dstart+5] = (m->sz[0] >> 16) & 0xff; - zeros[dstart+4] = (m->sz[0] >> 24) & 0xff; - zeros[dstart+3] = (m->sz[1] >> 0) & 0xff; - zeros[dstart+2] = (m->sz[1] >> 8) & 0xff; - zeros[dstart+1] = (m->sz[1] >> 16) & 0xff; - zeros[dstart+0] = (m->sz[1] >> 24) & 0xff; - SHA256_Update (m, zeros, dstart + 8); - { - int i; - unsigned char *r = (unsigned char*)res; - - for (i = 0; i < 8; ++i) { - r[4*i+3] = m->counter[i] & 0xFF; - r[4*i+2] = (m->counter[i] >> 8) & 0xFF; - r[4*i+1] = (m->counter[i] >> 16) & 0xFF; - r[4*i] = (m->counter[i] >> 24) & 0xFF; - } - } -} diff --git a/source4/heimdal/lib/des/ui.c b/source4/heimdal/lib/des/ui.c deleted file mode 100644 index 25b0ad293c..0000000000 --- a/source4/heimdal/lib/des/ui.c +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright (c) 1997 - 2000, 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -RCSID("$Id: ui.c,v 1.6 2006/09/22 15:45:57 lha Exp $"); -#endif - -#include -#include -#include -#include -#include -#include - -#include - -static sig_atomic_t intr_flag; - -static void -intr(int sig) -{ - intr_flag++; -} - -#ifndef NSIG -#define NSIG 47 -#endif - -static int -read_string(const char *preprompt, const char *prompt, - char *buf, size_t len, int echo) -{ - struct sigaction sigs[NSIG]; - int oksigs[NSIG]; - struct sigaction sa; - FILE *tty; - int ret = 0; - int of = 0; - int i; - int c; - char *p; - - struct termios t_new, t_old; - - memset(&oksigs, 0, sizeof(oksigs)); - - memset(&sa, 0, sizeof(sa)); - sa.sa_handler = intr; - sigemptyset(&sa.sa_mask); - sa.sa_flags = 0; - for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++) - if (i != SIGALRM) - if (sigaction(i, &sa, &sigs[i]) == 0) - oksigs[i] = 1; - - if((tty = fopen("/dev/tty", "r")) == NULL) - tty = stdin; - - fprintf(stderr, "%s%s", preprompt, prompt); - fflush(stderr); - - if(echo == 0){ - tcgetattr(fileno(tty), &t_old); - memcpy(&t_new, &t_old, sizeof(t_new)); - t_new.c_lflag &= ~ECHO; - tcsetattr(fileno(tty), TCSANOW, &t_new); - } - intr_flag = 0; - p = buf; - while(intr_flag == 0){ - c = getc(tty); - if(c == EOF){ - if(!ferror(tty)) - ret = 1; - break; - } - if(c == '\n') - break; - if(of == 0) - *p++ = c; - of = (p == buf + len); - } - if(of) - p--; - *p = 0; - - if(echo == 0){ - printf("\n"); - tcsetattr(fileno(tty), TCSANOW, &t_old); - } - - if(tty != stdin) - fclose(tty); - - for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++) - if (oksigs[i]) - sigaction(i, &sigs[i], NULL); - - if(ret) - return -3; - if(intr_flag) - return -2; - if(of) - return -1; - return 0; -} - -int -UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify) -{ - int ret; - - ret = read_string("", prompt, buf, length, 0); - if (ret) - return ret; - - if (verify) { - char *buf2; - buf2 = malloc(length); - if (buf2 == NULL) - return 1; - - ret = read_string("Verify password - ", prompt, buf2, length, 0); - if (ret) { - free(buf2); - return ret; - } - if (strcmp(buf2, buf) != 0) - ret = 1; - free(buf2); - } - return ret; -} diff --git a/source4/heimdal/lib/des/ui.h b/source4/heimdal/lib/des/ui.h deleted file mode 100644 index d6e68e12cc..0000000000 --- a/source4/heimdal/lib/des/ui.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: ui.h,v 1.1 2006/01/08 21:47:29 lha Exp $ */ - -#ifndef _HEIM_UI_H -#define _HEIM_UI_H 1 - -/* symbol renaming */ -#define UI_UTIL_read_pw_string hc_UI_UTIL_read_pw_string - -int UI_UTIL_read_pw_string(char *, int, const char *, int); /* XXX */ - -#endif /* _HEIM_UI_H */ - diff --git a/source4/heimdal/lib/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi.h deleted file mode 100644 index 340b35377d..0000000000 --- a/source4/heimdal/lib/gssapi/gssapi.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: gssapi.h,v 1.50 2006/10/07 20:57:15 lha Exp $ */ - -#ifndef GSSAPI_H_ -#define GSSAPI_H_ - -#include - -#endif diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h index 8077aeb223..fbc638c48f 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi.h,v 1.7 2006/12/15 20:02:54 lha Exp $ */ +/* $Id: gssapi.h 21004 2007-06-08 01:53:10Z lha $ */ #ifndef GSSAPI_GSSAPI_H_ #define GSSAPI_GSSAPI_H_ @@ -714,6 +714,23 @@ gss_inquire_cred_by_oid(OM_uint32 *minor_status, const gss_OID desired_object, gss_buffer_set_t *data_set); +/* + * RFC 4401 + */ + +#define GSS_C_PRF_KEY_FULL 0 +#define GSS_C_PRF_KEY_PARTIAL 1 + +OM_uint32 +gss_pseudo_random + (OM_uint32 *minor_status, + gss_ctx_id_t context, + int prf_key, + const gss_buffer_t prf_in, + ssize_t desired_output_len, + gss_buffer_t prf_out + ); + /* * The following routines are obsolete variants of gss_get_mic, * gss_verify_mic, gss_wrap and gss_unwrap. They should be diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h index ecd90a6656..cca529fe26 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_krb5.h,v 1.17 2006/11/10 01:05:34 lha Exp $ */ +/* $Id: gssapi_krb5.h 20385 2007-04-18 08:51:32Z lha $ */ #ifndef GSSAPI_KRB5_H_ #define GSSAPI_KRB5_H_ @@ -65,6 +65,7 @@ extern gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X; extern gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X; extern gss_OID GSS_KRB5_SEND_TO_KDC_X; extern gss_OID GSS_KRB5_SET_DEFAULT_REALM_X; +extern gss_OID GSS_KRB5_CCACHE_NAME_X; /* Extensions inquire context */ extern gss_OID GSS_KRB5_GET_TKT_FLAGS_X; extern gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X; diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h index 0a856e39aa..fbb7906369 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_spnego.h,v 1.1 2006/10/07 22:26:21 lha Exp $ */ +/* $Id: gssapi_spnego.h 18335 2006-10-07 22:26:21Z lha $ */ #ifndef GSSAPI_SPNEGO_H_ #define GSSAPI_SPNEGO_H_ diff --git a/source4/heimdal/lib/gssapi/gssapi_mech.h b/source4/heimdal/lib/gssapi/gssapi_mech.h index 2bb5ecedf5..403990ad47 100644 --- a/source4/heimdal/lib/gssapi/gssapi_mech.h +++ b/source4/heimdal/lib/gssapi/gssapi_mech.h @@ -298,6 +298,15 @@ typedef OM_uint32 _gss_set_cred_option ( ); +typedef OM_uint32 _gss_pseudo_random( + OM_uint32 *minor_status, + gss_ctx_id_t context, + int prf_key, + const gss_buffer_t prf_in, + ssize_t desired_output_len, + gss_buffer_t prf_out + ); + #define GMI_VERSION 1 typedef struct gssapi_mech_interface_desc { @@ -337,6 +346,7 @@ typedef struct gssapi_mech_interface_desc { _gss_inquire_cred_by_oid *gm_inquire_cred_by_oid; _gss_set_sec_context_option *gm_set_sec_context_option; _gss_set_cred_option *gm_set_cred_option; + _gss_pseudo_random *gm_pseudo_random; } gssapi_mech_interface_desc, *gssapi_mech_interface; gssapi_mech_interface diff --git a/source4/heimdal/lib/gssapi/krb5/8003.c b/source4/heimdal/lib/gssapi/krb5/8003.c index 0123f67e09..619cbf97fc 100644 --- a/source4/heimdal/lib/gssapi/krb5/8003.c +++ b/source4/heimdal/lib/gssapi/krb5/8003.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: 8003.c,v 1.20 2006/10/07 22:13:51 lha Exp $"); +RCSID("$Id: 8003.c 18334 2006-10-07 22:16:04Z lha $"); krb5_error_code _gsskrb5_encode_om_uint32(OM_uint32 n, u_char *p) diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index 434fbee352..73b93ceba4 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: accept_sec_context.c,v 1.66 2006/11/13 18:00:54 lha Exp $"); +RCSID("$Id: accept_sec_context.c 20199 2007-02-07 22:36:39Z lha $"); HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER; krb5_keytab _gsskrb5_keytab; @@ -187,6 +187,7 @@ gsskrb5_accept_delegated_token out: if (ccache) { + /* Don't destroy the default cred cache */ if (delegated_cred_handle == NULL) krb5_cc_close(context, ccache); else diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c index e811a99a8b..42b57cdadd 100644 --- a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: acquire_cred.c,v 1.33 2006/11/20 18:09:30 lha Exp $"); +RCSID("$Id: acquire_cred.c 20688 2007-05-17 18:44:31Z lha $"); OM_uint32 __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, @@ -301,8 +301,8 @@ OM_uint32 _gsskrb5_acquire_cred if (desired_mechs) { int present = 0; - ret = _gsskrb5_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - desired_mechs, &present); + ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + desired_mechs, &present); if (ret) return ret; if (!present) { @@ -352,16 +352,16 @@ OM_uint32 _gsskrb5_acquire_cred return (ret); } } - ret = _gsskrb5_create_empty_oid_set(minor_status, &handle->mechanisms); + ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); if (ret == GSS_S_COMPLETE) - ret = _gsskrb5_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &handle->mechanisms); + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &handle->mechanisms); if (ret == GSS_S_COMPLETE) ret = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)handle, NULL, time_rec, NULL, actual_mechs); if (ret != GSS_S_COMPLETE) { if (handle->mechanisms != NULL) - _gsskrb5_release_oid_set(NULL, &handle->mechanisms); + gss_release_oid_set(NULL, &handle->mechanisms); HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); krb5_free_principal(context, handle->principal); free(handle); diff --git a/source4/heimdal/lib/gssapi/krb5/add_cred.c b/source4/heimdal/lib/gssapi/krb5/add_cred.c index 3b0272af80..9a1045a889 100644 --- a/source4/heimdal/lib/gssapi/krb5/add_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/add_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: add_cred.c,v 1.10 2006/11/13 18:01:01 lha Exp $"); +RCSID("$Id: add_cred.c 20688 2007-05-17 18:44:31Z lha $"); OM_uint32 _gsskrb5_add_cred ( OM_uint32 *minor_status, @@ -204,12 +204,12 @@ OM_uint32 _gsskrb5_add_cred ( } } } - ret = _gsskrb5_create_empty_oid_set(minor_status, &handle->mechanisms); + ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); if (ret) goto failure; - ret = _gsskrb5_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &handle->mechanisms); + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &handle->mechanisms); if (ret) goto failure; } @@ -243,7 +243,7 @@ OM_uint32 _gsskrb5_add_cred ( if (handle->ccache) krb5_cc_destroy(context, handle->ccache); if (handle->mechanisms) - _gsskrb5_release_oid_set(NULL, &handle->mechanisms); + gss_release_oid_set(NULL, &handle->mechanisms); free(handle); } if (output_cred_handle) diff --git a/source4/heimdal/lib/gssapi/krb5/add_oid_set_member.c b/source4/heimdal/lib/gssapi/krb5/add_oid_set_member.c deleted file mode 100644 index b0ec2c60d8..0000000000 --- a/source4/heimdal/lib/gssapi/krb5/add_oid_set_member.c +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: add_oid_set_member.c,v 1.10 2006/10/07 22:14:00 lha Exp $"); - -OM_uint32 _gsskrb5_add_oid_set_member ( - OM_uint32 * minor_status, - const gss_OID member_oid, - gss_OID_set * oid_set - ) -{ - gss_OID tmp; - size_t n; - OM_uint32 res; - int present; - - res = _gsskrb5_test_oid_set_member(minor_status, member_oid, - *oid_set, &present); - if (res != GSS_S_COMPLETE) - return res; - - if (present) { - *minor_status = 0; - return GSS_S_COMPLETE; - } - - n = (*oid_set)->count + 1; - tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc)); - if (tmp == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*oid_set)->elements = tmp; - (*oid_set)->count = n; - (*oid_set)->elements[n-1] = *member_oid; - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/krb5/arcfour.c b/source4/heimdal/lib/gssapi/krb5/arcfour.c index d1bdbb641f..032da36ebc 100644 --- a/source4/heimdal/lib/gssapi/krb5/arcfour.c +++ b/source4/heimdal/lib/gssapi/krb5/arcfour.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: arcfour.c,v 1.31 2006/11/13 18:01:08 lha Exp $"); +RCSID("$Id: arcfour.c 19031 2006-11-13 18:02:57Z lha $"); /* * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt diff --git a/source4/heimdal/lib/gssapi/krb5/canonicalize_name.c b/source4/heimdal/lib/gssapi/krb5/canonicalize_name.c index f69300b590..c1744abd3b 100644 --- a/source4/heimdal/lib/gssapi/krb5/canonicalize_name.c +++ b/source4/heimdal/lib/gssapi/krb5/canonicalize_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: canonicalize_name.c,v 1.4 2006/10/07 22:14:08 lha Exp $"); +RCSID("$Id: canonicalize_name.c 18334 2006-10-07 22:16:04Z lha $"); OM_uint32 _gsskrb5_canonicalize_name ( OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.c b/source4/heimdal/lib/gssapi/krb5/cfx.c index e75fe5da9d..6452f802ab 100755 --- a/source4/heimdal/lib/gssapi/krb5/cfx.c +++ b/source4/heimdal/lib/gssapi/krb5/cfx.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: cfx.c,v 1.25 2006/11/13 18:01:14 lha Exp $"); +RCSID("$Id: cfx.c 19031 2006-11-13 18:02:57Z lha $"); /* * Implementation of draft-ietf-krb-wg-gssapi-cfx-06.txt diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.h b/source4/heimdal/lib/gssapi/krb5/cfx.h index ce021aa099..672704a841 100755 --- a/source4/heimdal/lib/gssapi/krb5/cfx.h +++ b/source4/heimdal/lib/gssapi/krb5/cfx.h @@ -30,7 +30,7 @@ * SUCH DAMAGE. */ -/* $Id: cfx.h,v 1.8 2006/11/13 18:01:17 lha Exp $ */ +/* $Id: cfx.h 19031 2006-11-13 18:02:57Z lha $ */ #ifndef GSSAPI_CFX_H_ #define GSSAPI_CFX_H_ 1 diff --git a/source4/heimdal/lib/gssapi/krb5/compare_name.c b/source4/heimdal/lib/gssapi/krb5/compare_name.c index 6b537468df..3f3b59d116 100644 --- a/source4/heimdal/lib/gssapi/krb5/compare_name.c +++ b/source4/heimdal/lib/gssapi/krb5/compare_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: compare_name.c,v 1.8 2006/11/13 18:01:20 lha Exp $"); +RCSID("$Id: compare_name.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_compare_name (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/compat.c b/source4/heimdal/lib/gssapi/krb5/compat.c index 3e64df03db..a0f075621a 100644 --- a/source4/heimdal/lib/gssapi/krb5/compat.c +++ b/source4/heimdal/lib/gssapi/krb5/compat.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: compat.c,v 1.14 2006/11/13 18:01:23 lha Exp $"); +RCSID("$Id: compat.c 19031 2006-11-13 18:02:57Z lha $"); static krb5_error_code diff --git a/source4/heimdal/lib/gssapi/krb5/context_time.c b/source4/heimdal/lib/gssapi/krb5/context_time.c index 9012dd0b7f..b57ac7854e 100644 --- a/source4/heimdal/lib/gssapi/krb5/context_time.c +++ b/source4/heimdal/lib/gssapi/krb5/context_time.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: context_time.c,v 1.14 2006/11/13 18:01:26 lha Exp $"); +RCSID("$Id: context_time.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_lifetime_left(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c index 4387a4e6ef..66d797c199 100644 --- a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c +++ b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: copy_ccache.c,v 1.17 2006/11/13 18:01:29 lha Exp $"); +RCSID("$Id: copy_ccache.c 20688 2007-05-17 18:44:31Z lha $"); #if 0 OM_uint32 @@ -166,10 +166,10 @@ _gsskrb5_import_cred(OM_uint32 *minor_status, if (id || keytab) { - ret = _gsskrb5_create_empty_oid_set(minor_status, &handle->mechanisms); + ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); if (ret == GSS_S_COMPLETE) - ret = _gsskrb5_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &handle->mechanisms); + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &handle->mechanisms); if (ret != GSS_S_COMPLETE) { kret = *minor_status; goto out; @@ -181,6 +181,11 @@ _gsskrb5_import_cred(OM_uint32 *minor_status, return GSS_S_COMPLETE; out: + gss_release_oid_set(minor_status, &handle->mechanisms); + if (handle->ccache) + krb5_cc_close(context, handle->ccache); + if (handle->keytab) + krb5_kt_close(context, handle->keytab); if (handle->principal) krb5_free_principal(context, handle->principal); HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); diff --git a/source4/heimdal/lib/gssapi/krb5/create_emtpy_oid_set.c b/source4/heimdal/lib/gssapi/krb5/create_emtpy_oid_set.c deleted file mode 100644 index 550995125a..0000000000 --- a/source4/heimdal/lib/gssapi/krb5/create_emtpy_oid_set.c +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: create_emtpy_oid_set.c,v 1.7 2006/10/07 22:14:24 lha Exp $"); - -OM_uint32 _gsskrb5_create_empty_oid_set ( - OM_uint32 * minor_status, - gss_OID_set * oid_set - ) -{ - *oid_set = malloc(sizeof(**oid_set)); - if (*oid_set == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*oid_set)->count = 0; - (*oid_set)->elements = NULL; - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/krb5/decapsulate.c b/source4/heimdal/lib/gssapi/krb5/decapsulate.c index eadec1ef03..39176faff4 100644 --- a/source4/heimdal/lib/gssapi/krb5/decapsulate.c +++ b/source4/heimdal/lib/gssapi/krb5/decapsulate.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: decapsulate.c,v 1.16 2006/10/07 22:14:26 lha Exp $"); +RCSID("$Id: decapsulate.c 18334 2006-10-07 22:16:04Z lha $"); /* * return the length of the mechanism in token or -1 diff --git a/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c b/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c index c7f2ee262d..abad986550 100644 --- a/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: delete_sec_context.c,v 1.20 2006/11/13 18:01:32 lha Exp $"); +RCSID("$Id: delete_sec_context.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_delete_sec_context(OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/display_name.c b/source4/heimdal/lib/gssapi/krb5/display_name.c index 4956c2d77f..93fac8d67b 100644 --- a/source4/heimdal/lib/gssapi/krb5/display_name.c +++ b/source4/heimdal/lib/gssapi/krb5/display_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: display_name.c,v 1.13 2006/11/13 18:01:36 lha Exp $"); +RCSID("$Id: display_name.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_display_name (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/display_status.c b/source4/heimdal/lib/gssapi/krb5/display_status.c index b0155a7fdf..c0192522a7 100644 --- a/source4/heimdal/lib/gssapi/krb5/display_status.c +++ b/source4/heimdal/lib/gssapi/krb5/display_status.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: display_status.c,v 1.17 2006/11/13 18:01:38 lha Exp $"); +RCSID("$Id: display_status.c 19031 2006-11-13 18:02:57Z lha $"); static const char * calling_error(OM_uint32 v) diff --git a/source4/heimdal/lib/gssapi/krb5/duplicate_name.c b/source4/heimdal/lib/gssapi/krb5/duplicate_name.c index 8375257180..7337f1ab72 100644 --- a/source4/heimdal/lib/gssapi/krb5/duplicate_name.c +++ b/source4/heimdal/lib/gssapi/krb5/duplicate_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: duplicate_name.c,v 1.11 2006/11/13 18:01:42 lha Exp $"); +RCSID("$Id: duplicate_name.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_duplicate_name ( OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/encapsulate.c b/source4/heimdal/lib/gssapi/krb5/encapsulate.c index a015a95103..58dcb5c9c4 100644 --- a/source4/heimdal/lib/gssapi/krb5/encapsulate.c +++ b/source4/heimdal/lib/gssapi/krb5/encapsulate.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: encapsulate.c,v 1.12 2006/10/14 10:02:56 lha Exp $"); +RCSID("$Id: encapsulate.c 18459 2006-10-14 10:12:16Z lha $"); void _gssapi_encap_length (size_t data_len, diff --git a/source4/heimdal/lib/gssapi/krb5/export_name.c b/source4/heimdal/lib/gssapi/krb5/export_name.c index 646fdafb7c..efa45a2638 100644 --- a/source4/heimdal/lib/gssapi/krb5/export_name.c +++ b/source4/heimdal/lib/gssapi/krb5/export_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: export_name.c,v 1.9 2006/11/13 18:01:50 lha Exp $"); +RCSID("$Id: export_name.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_export_name (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/export_sec_context.c b/source4/heimdal/lib/gssapi/krb5/export_sec_context.c index ffa671a4a1..00218617a0 100644 --- a/source4/heimdal/lib/gssapi/krb5/export_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/export_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: export_sec_context.c,v 1.12 2006/11/13 18:01:55 lha Exp $"); +RCSID("$Id: export_sec_context.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_export_sec_context ( diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c index bf7f64cf20..d4c1bc4db2 100644 --- a/source4/heimdal/lib/gssapi/krb5/external.c +++ b/source4/heimdal/lib/gssapi/krb5/external.c @@ -34,7 +34,7 @@ #include "krb5/gsskrb5_locl.h" #include -RCSID("$Id: external.c,v 1.23 2006/11/13 18:01:57 lha Exp $"); +RCSID("$Id: external.c 20386 2007-04-18 08:52:08Z lha $"); /* * The implementation must reserve static storage for a @@ -358,6 +358,11 @@ static gss_OID_desc gss_krb5_set_default_realm_x_desc = gss_OID GSS_KRB5_SET_DEFAULT_REALM_X = &gss_krb5_set_default_realm_x_desc; +/* 1.2.752.43.13.16 */ +static gss_OID_desc gss_krb5_ccache_name_x_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")}; + +gss_OID GSS_KRB5_CCACHE_NAME_X = &gss_krb5_ccache_name_x_desc; /* 1.2.752.43.14.1 */ static gss_OID_desc gss_sasl_digest_md5_mechanism_desc = @@ -411,7 +416,8 @@ static gssapi_mech_interface_desc krb5_mech = { _gsskrb5_inquire_sec_context_by_oid, _gsskrb5_inquire_cred_by_oid, _gsskrb5_set_sec_context_option, - _gsskrb5_set_cred_option + _gsskrb5_set_cred_option, + _gsskrb5_pseudo_random }; gssapi_mech_interface diff --git a/source4/heimdal/lib/gssapi/krb5/get_mic.c b/source4/heimdal/lib/gssapi/krb5/get_mic.c index 790c9b6166..133481ffe1 100644 --- a/source4/heimdal/lib/gssapi/krb5/get_mic.c +++ b/source4/heimdal/lib/gssapi/krb5/get_mic.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: get_mic.c,v 1.35 2006/11/13 18:02:00 lha Exp $"); +RCSID("$Id: get_mic.c 19031 2006-11-13 18:02:57Z lha $"); static OM_uint32 mic_des diff --git a/source4/heimdal/lib/gssapi/krb5/gkrb5_err.et b/source4/heimdal/lib/gssapi/krb5/gkrb5_err.et index 97e98c5e1e..dbfdbdf2f1 100644 --- a/source4/heimdal/lib/gssapi/krb5/gkrb5_err.et +++ b/source4/heimdal/lib/gssapi/krb5/gkrb5_err.et @@ -2,7 +2,7 @@ # extended gss krb5 error messages # -id "$Id: gkrb5_err.et,v 1.1 2006/11/09 23:52:17 lha Exp $" +id "$Id: gkrb5_err.et 20049 2007-01-24 00:14:24Z lha $" error_table gk5 @@ -28,3 +28,4 @@ error_code KG_CONTEXT_ESTABLISHED, "Context is already fully established" error_code KG_BAD_SIGN_TYPE, "Unknown signature type in token" error_code KG_BAD_LENGTH, "Invalid field length in token" error_code KG_CTX_INCOMPLETE, "Attempt to use incomplete security context" +error_code KG_INPUT_TOO_LONG, "Input too long" diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h index 15bd5c77da..c2239f1346 100644 --- a/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h +++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h @@ -239,12 +239,6 @@ _gsskrb5_add_cred ( OM_uint32 */*initiator_time_rec*/, OM_uint32 */*acceptor_time_rec*/); -OM_uint32 -_gsskrb5_add_oid_set_member ( - OM_uint32 * /*minor_status*/, - const gss_OID /*member_oid*/, - gss_OID_set * oid_set ); - OM_uint32 _gsskrb5_canonicalize_name ( OM_uint32 * /*minor_status*/, @@ -284,11 +278,6 @@ _gsskrb5_create_ctx ( const gss_channel_bindings_t /*input_chan_bindings*/, enum gss_ctx_id_t_state /*state*/); -OM_uint32 -_gsskrb5_create_empty_oid_set ( - OM_uint32 * /*minor_status*/, - gss_OID_set * oid_set ); - OM_uint32 _gsskrb5_decapsulate ( OM_uint32 */*minor_status*/, @@ -520,6 +509,15 @@ _gsskrb5_process_context_token ( const gss_ctx_id_t /*context_handle*/, const gss_buffer_t token_buffer ); +OM_uint32 +_gsskrb5_pseudo_random ( + OM_uint32 */*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*prf_key*/, + const gss_buffer_t /*prf_in*/, + ssize_t /*desired_output_len*/, + gss_buffer_t /*prf_out*/); + OM_uint32 _gsskrb5_register_acceptor_identity (const char */*identity*/); @@ -538,11 +536,6 @@ _gsskrb5_release_name ( OM_uint32 * /*minor_status*/, gss_name_t * input_name ); -OM_uint32 -_gsskrb5_release_oid_set ( - OM_uint32 * /*minor_status*/, - gss_OID_set * set ); - OM_uint32 _gsskrb5_seal ( OM_uint32 * /*minor_status*/, @@ -580,13 +573,6 @@ _gsskrb5_sign ( gss_buffer_t /*message_buffer*/, gss_buffer_t message_token ); -OM_uint32 -_gsskrb5_test_oid_set_member ( - OM_uint32 * /*minor_status*/, - const gss_OID /*member*/, - const gss_OID_set /*set*/, - int * present ); - OM_uint32 _gsskrb5_unseal ( OM_uint32 * /*minor_status*/, diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h index 1983a9b8e4..6ffb607035 100644 --- a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h +++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gsskrb5_locl.h,v 1.9 2006/11/13 18:02:03 lha Exp $ */ +/* $Id: gsskrb5_locl.h 20324 2007-04-12 16:46:01Z lha $ */ #ifndef GSSKRB5_LOCL_H #define GSSKRB5_LOCL_H @@ -92,6 +92,7 @@ typedef struct { gss_OID_set mechanisms; struct krb5_ccache_data *ccache; HEIMDAL_MUTEX cred_id_mutex; + krb5_enctype *enctypes; } *gsskrb5_cred; typedef struct Principal *gsskrb5_name; diff --git a/source4/heimdal/lib/gssapi/krb5/import_name.c b/source4/heimdal/lib/gssapi/krb5/import_name.c index 15311b4614..bf31db9232 100644 --- a/source4/heimdal/lib/gssapi/krb5/import_name.c +++ b/source4/heimdal/lib/gssapi/krb5/import_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: import_name.c,v 1.18 2006/11/13 18:02:06 lha Exp $"); +RCSID("$Id: import_name.c 19031 2006-11-13 18:02:57Z lha $"); static OM_uint32 parse_krb5_name (OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c index bbdc1d36d0..3300036a81 100644 --- a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: import_sec_context.c,v 1.18 2006/11/13 18:02:09 lha Exp $"); +RCSID("$Id: import_sec_context.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_import_sec_context ( diff --git a/source4/heimdal/lib/gssapi/krb5/indicate_mechs.c b/source4/heimdal/lib/gssapi/krb5/indicate_mechs.c index 3827533219..eb886c24d3 100644 --- a/source4/heimdal/lib/gssapi/krb5/indicate_mechs.c +++ b/source4/heimdal/lib/gssapi/krb5/indicate_mechs.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: indicate_mechs.c,v 1.9 2006/10/07 22:14:56 lha Exp $"); +RCSID("$Id: indicate_mechs.c 20688 2007-05-17 18:44:31Z lha $"); OM_uint32 _gsskrb5_indicate_mechs (OM_uint32 * minor_status, @@ -42,14 +42,13 @@ OM_uint32 _gsskrb5_indicate_mechs { OM_uint32 ret, junk; - ret = _gsskrb5_create_empty_oid_set(minor_status, mech_set); + ret = gss_create_empty_oid_set(minor_status, mech_set); if (ret) return ret; - ret = _gsskrb5_add_oid_set_member(minor_status, - GSS_KRB5_MECHANISM, mech_set); + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, mech_set); if (ret) { - _gsskrb5_release_oid_set(&junk, mech_set); + gss_release_oid_set(&junk, mech_set); return ret; } diff --git a/source4/heimdal/lib/gssapi/krb5/init.c b/source4/heimdal/lib/gssapi/krb5/init.c index 3eece8e086..3bbdcc8ff1 100644 --- a/source4/heimdal/lib/gssapi/krb5/init.c +++ b/source4/heimdal/lib/gssapi/krb5/init.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: init.c,v 1.10 2006/11/13 18:02:12 lha Exp $"); +RCSID("$Id: init.c 19031 2006-11-13 18:02:57Z lha $"); static HEIMDAL_MUTEX context_mutex = HEIMDAL_MUTEX_INITIALIZER; static int created_key; diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c index d5f183b0ba..4d1ae0daa9 100644 --- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: init_sec_context.c,v 1.75 2006/12/13 10:33:20 lha Exp $"); +RCSID("$Id: init_sec_context.c 20326 2007-04-12 16:49:57Z lha $"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -391,6 +391,20 @@ init_auth goto failure; + /* + * This is hideous glue for (NFS) clients that wants to limit the + * available enctypes to what it can support (encryption in + * kernel). If there is no enctypes selected for this credential, + * reset it to the default set of enctypes. + */ + { + krb5_enctype *enctypes = NULL; + + if (initiator_cred_handle && initiator_cred_handle->enctypes) + enctypes = initiator_cred_handle->enctypes; + krb5_set_default_in_tkt_etypes(context, enctypes); + } + ret = gsskrb5_get_creds(minor_status, context, ccache, @@ -476,11 +490,8 @@ init_auth if (req_flags & GSS_C_EXTENDED_ERROR_FLAG) flags |= GSS_C_EXTENDED_ERROR_FLAG; - if (req_flags & GSS_C_CONF_FLAG) - flags |= GSS_C_CONF_FLAG; - if (req_flags & GSS_C_INTEG_FLAG) - flags |= GSS_C_INTEG_FLAG; - + flags |= GSS_C_CONF_FLAG; + flags |= GSS_C_INTEG_FLAG; flags |= GSS_C_TRANS_FLAG; if (ret_flags) diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_context.c b/source4/heimdal/lib/gssapi/krb5/inquire_context.c index bdaa01b108..41430568b0 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_context.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_context.c,v 1.11 2006/11/13 18:02:18 lha Exp $"); +RCSID("$Id: inquire_context.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_inquire_context ( OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_cred.c b/source4/heimdal/lib/gssapi/krb5/inquire_cred.c index 74018559a0..47bf71e686 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_cred.c,v 1.13 2006/11/13 18:02:21 lha Exp $"); +RCSID("$Id: inquire_cred.c 20688 2007-05-17 18:44:31Z lha $"); OM_uint32 _gsskrb5_inquire_cred (OM_uint32 * minor_status, @@ -80,7 +80,7 @@ OM_uint32 _gsskrb5_inquire_cred NULL, NULL); if (ret == GSS_S_COMPLETE) - acred = (gsskrb5_cred)aqcred_init; + icred = (gsskrb5_cred)aqcred_init; if (icred == NULL && acred == NULL) { *minor_status = 0; @@ -98,7 +98,7 @@ OM_uint32 _gsskrb5_inquire_cred if (icred && icred->principal != NULL) { gss_name_t name; - if (acred) + if (acred && acred->principal) name = (gss_name_t)acred->principal; else name = (gss_name_t)icred->principal; @@ -152,17 +152,17 @@ OM_uint32 _gsskrb5_inquire_cred } if (mechanisms != NULL) { - ret = _gsskrb5_create_empty_oid_set(minor_status, mechanisms); + ret = gss_create_empty_oid_set(minor_status, mechanisms); if (ret) goto out; if (acred) - ret = _gsskrb5_add_oid_set_member(minor_status, - &acred->mechanisms->elements[0], - mechanisms); + ret = gss_add_oid_set_member(minor_status, + &acred->mechanisms->elements[0], + mechanisms); if (ret == GSS_S_COMPLETE && icred) - ret = _gsskrb5_add_oid_set_member(minor_status, - &icred->mechanisms->elements[0], - mechanisms); + ret = gss_add_oid_set_member(minor_status, + &icred->mechanisms->elements[0], + mechanisms); if (ret) goto out; } diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c index 954a5e3119..a8af2145be 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan + * Copyright (c) 2003, 2006, 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_cred_by_mech.c,v 1.4 2006/10/07 22:15:08 lha Exp $"); +RCSID("$Id: inquire_cred_by_mech.c 20634 2007-05-09 15:33:01Z lha $"); OM_uint32 _gsskrb5_inquire_cred_by_mech ( OM_uint32 * minor_status, @@ -45,39 +45,32 @@ OM_uint32 _gsskrb5_inquire_cred_by_mech ( gss_cred_usage_t * cred_usage ) { - OM_uint32 ret; + gss_cred_usage_t usage; + OM_uint32 maj_stat; OM_uint32 lifetime; - if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 && - gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) { - *minor_status = EINVAL; - return GSS_S_BAD_MECH; - } + maj_stat = + _gsskrb5_inquire_cred (minor_status, cred_handle, + name, &lifetime, &usage, NULL); + if (maj_stat) + return maj_stat; - ret = _gsskrb5_inquire_cred (minor_status, - cred_handle, - name, - &lifetime, - cred_usage, - NULL); - - if (ret == 0 && cred_handle != GSS_C_NO_CREDENTIAL) { - gsskrb5_cred cred = (gsskrb5_cred)cred_handle; - gss_cred_usage_t usage; - - HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); - usage = cred->usage; - HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); - - if (initiator_lifetime) { - if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH) - *initiator_lifetime = lifetime; - } - if (acceptor_lifetime) { - if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH) - *acceptor_lifetime = lifetime; - } + if (initiator_lifetime) { + if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH) + *initiator_lifetime = lifetime; + else + *initiator_lifetime = 0; } + + if (acceptor_lifetime) { + if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH) + *acceptor_lifetime = lifetime; + else + *acceptor_lifetime = 0; + } + + if (cred_usage) + *cred_usage = usage; - return ret; + return GSS_S_COMPLETE; } diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c index 1a36896019..da50b11d93 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_cred_by_oid.c,v 1.5 2006/11/13 18:02:24 lha Exp $"); +RCSID("$Id: inquire_cred_by_oid.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_inquire_cred_by_oid (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c b/source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c index 5c1f082f45..0ce051f19c 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_mechs_for_name.c,v 1.3 2006/10/07 22:15:13 lha Exp $"); +RCSID("$Id: inquire_mechs_for_name.c 20688 2007-05-17 18:44:31Z lha $"); OM_uint32 _gsskrb5_inquire_mechs_for_name ( OM_uint32 * minor_status, @@ -43,15 +43,15 @@ OM_uint32 _gsskrb5_inquire_mechs_for_name ( { OM_uint32 ret; - ret = _gsskrb5_create_empty_oid_set(minor_status, mech_types); + ret = gss_create_empty_oid_set(minor_status, mech_types); if (ret) return ret; - ret = _gsskrb5_add_oid_set_member(minor_status, - GSS_KRB5_MECHANISM, - mech_types); + ret = gss_add_oid_set_member(minor_status, + GSS_KRB5_MECHANISM, + mech_types); if (ret) - _gsskrb5_release_oid_set(NULL, mech_types); + gss_release_oid_set(NULL, mech_types); return ret; } diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c b/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c index 5d8aefab1c..64abd3c34a 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_names_for_mech.c,v 1.3 2006/10/07 22:15:15 lha Exp $"); +RCSID("$Id: inquire_names_for_mech.c 20688 2007-05-17 18:44:31Z lha $"); static gss_OID *name_list[] = { @@ -61,20 +61,20 @@ OM_uint32 _gsskrb5_inquire_names_for_mech ( return GSS_S_BAD_MECH; } - ret = _gsskrb5_create_empty_oid_set(minor_status, name_types); + ret = gss_create_empty_oid_set(minor_status, name_types); if (ret != GSS_S_COMPLETE) return ret; for (i = 0; name_list[i] != NULL; i++) { - ret = _gsskrb5_add_oid_set_member(minor_status, - *(name_list[i]), - name_types); + ret = gss_add_oid_set_member(minor_status, + *(name_list[i]), + name_types); if (ret != GSS_S_COMPLETE) break; } if (ret != GSS_S_COMPLETE) - _gsskrb5_release_oid_set(NULL, name_types); + gss_release_oid_set(NULL, name_types); return GSS_S_COMPLETE; } diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c index 97e86a95c7..5ca7536e6a 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_sec_context_by_oid.c,v 1.12 2006/11/13 18:02:27 lha Exp $"); +RCSID("$Id: inquire_sec_context_by_oid.c 19031 2006-11-13 18:02:57Z lha $"); static int oid_prefix_equal(gss_OID oid_enc, gss_OID prefix_enc, unsigned *suffix) diff --git a/source4/heimdal/lib/gssapi/krb5/prf.c b/source4/heimdal/lib/gssapi/krb5/prf.c new file mode 100644 index 0000000000..3eb90d279f --- /dev/null +++ b/source4/heimdal/lib/gssapi/krb5/prf.c @@ -0,0 +1,142 @@ +/* + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5/gsskrb5_locl.h" + +RCSID("$Id: prf.c 20679 2007-05-14 03:12:05Z lha $"); + +OM_uint32 +_gsskrb5_pseudo_random(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int prf_key, + const gss_buffer_t prf_in, + ssize_t desired_output_len, + gss_buffer_t prf_out) +{ + gsskrb5_ctx ctx = (gsskrb5_ctx)context_handle; + krb5_context context; + krb5_error_code ret; + krb5_crypto crypto; + krb5_data input, output; + uint32_t num; + unsigned char *p; + krb5_keyblock *key = NULL; + + if (ctx == NULL) { + *minor_status = 0; + return GSS_S_NO_CONTEXT; + } + + if (desired_output_len <= 0) { + *minor_status = 0; + return GSS_S_FAILURE; + } + + GSSAPI_KRB5_INIT (&context); + + switch(prf_key) { + case GSS_C_PRF_KEY_FULL: + _gsskrb5i_get_acceptor_subkey(ctx, context, &key); + case GSS_C_PRF_KEY_PARTIAL: + _gsskrb5i_get_initiator_subkey(ctx, context, &key); + break; + default: + _gsskrb5_set_status("unknown kerberos prf_key"); + *minor_status = 0; + return GSS_S_FAILURE; + } + + if (key == NULL) { + _gsskrb5_set_status("no prf_key found"); + *minor_status = 0; + return GSS_S_FAILURE; + } + + ret = krb5_crypto_init(context, key, 0, &crypto); + krb5_free_keyblock (context, key); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + prf_out->value = malloc(desired_output_len); + if (prf_out->value == NULL) { + _gsskrb5_set_status("Out of memory"); + *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG; + krb5_crypto_destroy(context, crypto); + return GSS_S_FAILURE; + } + prf_out->length = desired_output_len; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + + input.length = prf_in->length + 4; + input.data = malloc(prf_in->length + 4); + if (input.data == NULL) { + OM_uint32 junk; + _gsskrb5_set_status("Out of memory"); + *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG; + gss_release_buffer(&junk, prf_out); + krb5_crypto_destroy(context, crypto); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return GSS_S_FAILURE; + } + memcpy(((unsigned char *)input.data) + 4, prf_in->value, prf_in->length); + + num = 0; + p = prf_out->value; + while(desired_output_len > 0) { + _gsskrb5_encode_om_uint32(num, input.data); + ret = krb5_crypto_prf(context, crypto, &input, &output); + if (ret) { + OM_uint32 junk; + *minor_status = ret; + free(input.data); + gss_release_buffer(&junk, prf_out); + krb5_crypto_destroy(context, crypto); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return GSS_S_FAILURE; + } + memcpy(p, output.data, min(desired_output_len, output.length)); + p += output.length; + desired_output_len -= output.length; + krb5_data_free(&output); + num++; + } + + krb5_crypto_destroy(context, crypto); + + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/krb5/process_context_token.c b/source4/heimdal/lib/gssapi/krb5/process_context_token.c index 411d689635..15638f57fc 100644 --- a/source4/heimdal/lib/gssapi/krb5/process_context_token.c +++ b/source4/heimdal/lib/gssapi/krb5/process_context_token.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: process_context_token.c,v 1.5 2006/11/13 18:02:30 lha Exp $"); +RCSID("$Id: process_context_token.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_process_context_token ( OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/release_buffer.c b/source4/heimdal/lib/gssapi/krb5/release_buffer.c index b62ad02117..5dff62631a 100644 --- a/source4/heimdal/lib/gssapi/krb5/release_buffer.c +++ b/source4/heimdal/lib/gssapi/krb5/release_buffer.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: release_buffer.c,v 1.7 2006/10/07 22:15:22 lha Exp $"); +RCSID("$Id: release_buffer.c 18334 2006-10-07 22:16:04Z lha $"); OM_uint32 _gsskrb5_release_buffer (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/release_cred.c b/source4/heimdal/lib/gssapi/krb5/release_cred.c index f6d98b29c6..ab5695b097 100644 --- a/source4/heimdal/lib/gssapi/krb5/release_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/release_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: release_cred.c,v 1.14 2006/11/13 18:02:34 lha Exp $"); +RCSID("$Id: release_cred.c 20753 2007-05-31 22:50:06Z lha $"); OM_uint32 _gsskrb5_release_cred (OM_uint32 * minor_status, @@ -42,6 +42,7 @@ OM_uint32 _gsskrb5_release_cred { krb5_context context; gsskrb5_cred cred; + OM_uint32 junk; *minor_status = 0; @@ -67,7 +68,9 @@ OM_uint32 _gsskrb5_release_cred else krb5_cc_close(context, cred->ccache); } - _gsskrb5_release_oid_set(NULL, &cred->mechanisms); + gss_release_oid_set(&junk, &cred->mechanisms); + if (cred->enctypes) + free(cred->enctypes); HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); HEIMDAL_MUTEX_destroy(&cred->cred_id_mutex); memset(cred, 0, sizeof(*cred)); diff --git a/source4/heimdal/lib/gssapi/krb5/release_name.c b/source4/heimdal/lib/gssapi/krb5/release_name.c index cc9c0934f7..a01a9a2a62 100644 --- a/source4/heimdal/lib/gssapi/krb5/release_name.c +++ b/source4/heimdal/lib/gssapi/krb5/release_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: release_name.c,v 1.11 2006/11/13 18:02:37 lha Exp $"); +RCSID("$Id: release_name.c 19031 2006-11-13 18:02:57Z lha $"); OM_uint32 _gsskrb5_release_name (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/release_oid_set.c b/source4/heimdal/lib/gssapi/krb5/release_oid_set.c deleted file mode 100644 index a9f79a3082..0000000000 --- a/source4/heimdal/lib/gssapi/krb5/release_oid_set.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: release_oid_set.c,v 1.7 2006/10/07 22:15:30 lha Exp $"); - -OM_uint32 _gsskrb5_release_oid_set - (OM_uint32 * minor_status, - gss_OID_set * set - ) -{ - if (minor_status) - *minor_status = 0; - free ((*set)->elements); - free (*set); - *set = GSS_C_NO_OID_SET; - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/krb5/sequence.c b/source4/heimdal/lib/gssapi/krb5/sequence.c index 3014edd04d..677a3c8d07 100755 --- a/source4/heimdal/lib/gssapi/krb5/sequence.c +++ b/source4/heimdal/lib/gssapi/krb5/sequence.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: sequence.c,v 1.8 2006/10/07 22:15:32 lha Exp $"); +RCSID("$Id: sequence.c 18334 2006-10-07 22:16:04Z lha $"); #define DEFAULT_JITTER_WINDOW 20 diff --git a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c index 849760ee4a..d0ca1c4d95 100644 --- a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c +++ b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: set_cred_option.c,v 1.5 2006/11/13 18:02:39 lha Exp $"); +RCSID("$Id: set_cred_option.c 20325 2007-04-12 16:49:17Z lha $"); static gss_OID_desc gss_krb5_import_cred_x_oid_desc = {9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x04"}; /* XXX */ @@ -130,6 +130,78 @@ out: } +static OM_uint32 +allowed_enctypes(OM_uint32 *minor_status, + krb5_context context, + gss_cred_id_t *cred_handle, + const gss_buffer_t value) +{ + OM_uint32 major_stat; + krb5_error_code ret; + size_t len, i; + krb5_enctype *enctypes = NULL; + krb5_storage *sp = NULL; + gsskrb5_cred cred; + + if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) { + *minor_status = 0; + return GSS_S_FAILURE; + } + + cred = (gsskrb5_cred)*cred_handle; + + if ((value->length % 4) != 0) { + *minor_status = 0; + major_stat = GSS_S_FAILURE; + goto out; + } + + len = value->length / 4; + enctypes = malloc((len + 1) * 4); + if (enctypes == NULL) { + *minor_status = ENOMEM; + major_stat = GSS_S_FAILURE; + goto out; + } + + sp = krb5_storage_from_mem(value->value, value->length); + if (sp == NULL) { + *minor_status = ENOMEM; + major_stat = GSS_S_FAILURE; + goto out; + } + + for (i = 0; i < len; i++) { + uint32_t e; + + ret = krb5_ret_uint32(sp, &e); + if (ret) { + *minor_status = ret; + major_stat = GSS_S_FAILURE; + goto out; + } + enctypes[i] = e; + } + enctypes[i] = 0; + + if (cred->enctypes) + free(cred->enctypes); + cred->enctypes = enctypes; + + krb5_storage_free(sp); + + return GSS_S_COMPLETE; + +out: + if (sp) + krb5_storage_free(sp); + if (enctypes) + free(enctypes); + + return major_stat; +} + + OM_uint32 _gsskrb5_set_cred_option (OM_uint32 *minor_status, @@ -146,9 +218,11 @@ _gsskrb5_set_cred_option return GSS_S_FAILURE; } - if (gss_oid_equal(desired_object, GSS_KRB5_IMPORT_CRED_X)) { + if (gss_oid_equal(desired_object, GSS_KRB5_IMPORT_CRED_X)) return import_cred(minor_status, context, cred_handle, value); - } + + if (gss_oid_equal(desired_object, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X)) + return allowed_enctypes(minor_status, context, cred_handle, value); *minor_status = EINVAL; return GSS_S_FAILURE; diff --git a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c index 4a5f60ce94..50441a11ad 100644 --- a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c +++ b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c @@ -36,7 +36,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: set_sec_context_option.c,v 1.10 2006/12/14 11:02:16 lha Exp $"); +RCSID("$Id: set_sec_context_option.c 20384 2007-04-18 08:51:06Z lha $"); static OM_uint32 get_bool(OM_uint32 *minor_status, @@ -51,6 +51,25 @@ get_bool(OM_uint32 *minor_status, return GSS_S_COMPLETE; } +static OM_uint32 +get_string(OM_uint32 *minor_status, + const gss_buffer_t value, + char **str) +{ + if (value == NULL || value->length == 0) { + *str = NULL; + } else { + *str = malloc(value->length + 1); + if (*str == NULL) { + *minor_status = 0; + return GSS_S_UNAVAILABLE; + } + memcpy(*str, value->value, value->length); + (*str)[value->length] = '\0'; + } + return GSS_S_COMPLETE; +} + OM_uint32 _gsskrb5_set_sec_context_option (OM_uint32 *minor_status, @@ -103,17 +122,9 @@ _gsskrb5_set_sec_context_option } else if (gss_oid_equal(desired_object, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X)) { char *str; - if (value == NULL || value->length == 0) { - str = NULL; - } else { - str = malloc(value->length + 1); - if (str) { - *minor_status = 0; - return GSS_S_UNAVAILABLE; - } - memcpy(str, value->value, value->length); - str[value->length] = '\0'; - } + maj_stat = get_string(minor_status, value, &str); + if (maj_stat != GSS_S_COMPLETE) + return maj_stat; _gsskrb5_register_acceptor_identity(str); free(str); @@ -124,17 +135,13 @@ _gsskrb5_set_sec_context_option } else if (gss_oid_equal(desired_object, GSS_KRB5_SET_DEFAULT_REALM_X)) { char *str; - if (value == NULL || value->length == 0) { - *minor_status = 0; - return GSS_S_CALL_INACCESSIBLE_READ; - } - str = malloc(value->length + 1); + maj_stat = get_string(minor_status, value, &str); + if (maj_stat != GSS_S_COMPLETE) + return maj_stat; if (str == NULL) { *minor_status = 0; - return GSS_S_UNAVAILABLE; + return GSS_S_CALL_INACCESSIBLE_READ; } - memcpy(str, value->value, value->length); - str[value->length] = '\0'; krb5_set_default_realm(context, str); free(str); @@ -161,8 +168,24 @@ _gsskrb5_set_sec_context_option *minor_status = 0; return GSS_S_COMPLETE; - } + } else if (gss_oid_equal(desired_object, GSS_KRB5_CCACHE_NAME_X)) { + char *str; + + maj_stat = get_string(minor_status, value, &str); + if (maj_stat != GSS_S_COMPLETE) + return maj_stat; + if (str == NULL) { + *minor_status = 0; + return GSS_S_CALL_INACCESSIBLE_READ; + } + *minor_status = krb5_cc_set_default_name(context, str); + free(str); + if (*minor_status) + return GSS_S_FAILURE; + + return GSS_S_COMPLETE; + } *minor_status = EINVAL; return GSS_S_FAILURE; diff --git a/source4/heimdal/lib/gssapi/krb5/test_oid_set_member.c b/source4/heimdal/lib/gssapi/krb5/test_oid_set_member.c deleted file mode 100644 index 5a0ac4418f..0000000000 --- a/source4/heimdal/lib/gssapi/krb5/test_oid_set_member.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: test_oid_set_member.c,v 1.7 2006/10/07 22:15:50 lha Exp $"); - -OM_uint32 _gsskrb5_test_oid_set_member - (OM_uint32 * minor_status, - const gss_OID member, - const gss_OID_set set, - int * present - ) -{ - size_t i; - - *minor_status = 0; - *present = 0; - for (i = 0; i < set->count; ++i) - if (gss_oid_equal(member, &set->elements[i]) != 0) { - *present = 1; - break; - } - return GSS_S_COMPLETE; -} diff --git a/source4/heimdal/lib/gssapi/krb5/unwrap.c b/source4/heimdal/lib/gssapi/krb5/unwrap.c index 3dd7618561..d0a33d86fb 100644 --- a/source4/heimdal/lib/gssapi/krb5/unwrap.c +++ b/source4/heimdal/lib/gssapi/krb5/unwrap.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: unwrap.c,v 1.39 2006/11/13 18:02:51 lha Exp $"); +RCSID("$Id: unwrap.c 19031 2006-11-13 18:02:57Z lha $"); static OM_uint32 unwrap_des diff --git a/source4/heimdal/lib/gssapi/krb5/verify_mic.c b/source4/heimdal/lib/gssapi/krb5/verify_mic.c index 29b3a7f4bb..52381afcc2 100644 --- a/source4/heimdal/lib/gssapi/krb5/verify_mic.c +++ b/source4/heimdal/lib/gssapi/krb5/verify_mic.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: verify_mic.c,v 1.37 2006/11/13 18:02:54 lha Exp $"); +RCSID("$Id: verify_mic.c 19031 2006-11-13 18:02:57Z lha $"); static OM_uint32 verify_mic_des diff --git a/source4/heimdal/lib/gssapi/krb5/wrap.c b/source4/heimdal/lib/gssapi/krb5/wrap.c index 79cfb48ed2..d41379870a 100644 --- a/source4/heimdal/lib/gssapi/krb5/wrap.c +++ b/source4/heimdal/lib/gssapi/krb5/wrap.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: wrap.c,v 1.39 2006/11/14 09:49:56 lha Exp $"); +RCSID("$Id: wrap.c 19035 2006-11-14 09:49:56Z lha $"); /* * Return initiator subkey, or if that doesn't exists, the subkey. diff --git a/source4/heimdal/lib/gssapi/mech/context.c b/source4/heimdal/lib/gssapi/mech/context.c new file mode 100644 index 0000000000..1691fd9401 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/context.c @@ -0,0 +1,141 @@ +#include "mech/mech_locl.h" +#include "heim_threads.h" + +RCSID("$Id: context.c 19924 2007-01-16 10:17:01Z lha $"); + +struct mg_thread_ctx { + gss_OID mech; + OM_uint32 maj_stat; + OM_uint32 min_stat; + gss_buffer_desc maj_error; + gss_buffer_desc min_error; +}; + +static HEIMDAL_MUTEX context_mutex = HEIMDAL_MUTEX_INITIALIZER; +static int created_key; +static HEIMDAL_thread_key context_key; + + +static void +destroy_context(void *ptr) +{ + struct mg_thread_ctx *mg = ptr; + OM_uint32 junk; + + if (mg == NULL) + return; + + gss_release_buffer(&junk, &mg->maj_error); + gss_release_buffer(&junk, &mg->min_error); + free(mg); +} + + +static struct mg_thread_ctx * +_gss_mechglue_thread(void) +{ + struct mg_thread_ctx *ctx; + int ret = 0; + + HEIMDAL_MUTEX_lock(&context_mutex); + + if (!created_key) { + HEIMDAL_key_create(&context_key, destroy_context, ret); + if (ret) { + HEIMDAL_MUTEX_unlock(&context_mutex); + return NULL; + } + created_key = 1; + } + HEIMDAL_MUTEX_unlock(&context_mutex); + + ctx = HEIMDAL_getspecific(context_key); + if (ctx == NULL) { + + ctx = calloc(1, sizeof(*ctx)); + if (ctx == NULL) + return NULL; + HEIMDAL_setspecific(context_key, ctx, ret); + if (ret) { + free(ctx); + return NULL; + } + } + return ctx; +} + +OM_uint32 +_gss_mg_get_error(const gss_OID mech, OM_uint32 type, + OM_uint32 value, gss_buffer_t string) +{ + struct mg_thread_ctx *mg; + + mg = _gss_mechglue_thread(); + if (mg == NULL) + return GSS_S_BAD_STATUS; + + if (mech != NULL && gss_oid_equal(mg->mech, mech) == 0) + return GSS_S_BAD_STATUS; + + switch (type) { + case GSS_C_GSS_CODE: { + if (value != mg->maj_stat) + break; + string->value = malloc(mg->maj_error.length); + string->length = mg->maj_error.length; + memcpy(string->value, mg->maj_error.value, mg->maj_error.length); + return GSS_S_COMPLETE; + } + case GSS_C_MECH_CODE: { + if (value != mg->min_stat) + break; + string->value = malloc(mg->min_error.length); + string->length = mg->min_error.length; + memcpy(string->value, mg->min_error.value, mg->min_error.length); + return GSS_S_COMPLETE; + } + } + string->value = NULL; + string->length = 0; + return GSS_S_BAD_STATUS; +} + +void +_gss_mg_error(gssapi_mech_interface m, OM_uint32 maj, OM_uint32 min) +{ + OM_uint32 major_status, minor_status; + OM_uint32 message_content; + struct mg_thread_ctx *mg; + + mg = _gss_mechglue_thread(); + if (mg == NULL) + return; + + gss_release_buffer(&minor_status, &mg->maj_error); + gss_release_buffer(&minor_status, &mg->min_error); + + mg->mech = &m->gm_mech_oid; + mg->maj_stat = maj; + mg->min_stat = min; + + major_status = m->gm_display_status(&minor_status, + maj, + GSS_C_GSS_CODE, + &m->gm_mech_oid, + &message_content, + &mg->maj_error); + if (GSS_ERROR(major_status)) { + mg->maj_error.value = NULL; + mg->maj_error.length = 0; + } + major_status = m->gm_display_status(&minor_status, + min, + GSS_C_MECH_CODE, + &m->gm_mech_oid, + &message_content, + &mg->min_error); + if (GSS_ERROR(major_status)) { + mg->min_error.value = NULL; + mg->min_error.length = 0; + } +} diff --git a/source4/heimdal/lib/gssapi/mech/context.h b/source4/heimdal/lib/gssapi/mech/context.h index 7a215dd7d8..24e529864d 100644 --- a/source4/heimdal/lib/gssapi/mech/context.h +++ b/source4/heimdal/lib/gssapi/mech/context.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/context.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: context.h,v 1.2 2006/06/28 09:00:25 lha Exp $ + * $Id: context.h 19925 2007-01-16 10:19:27Z lha $ */ #include @@ -33,3 +33,9 @@ struct _gss_context { gssapi_mech_interface gc_mech; gss_ctx_id_t gc_ctx; }; + +void +_gss_mg_error(gssapi_mech_interface, OM_uint32, OM_uint32); + +OM_uint32 +_gss_mg_get_error(const gss_OID, OM_uint32, OM_uint32, gss_buffer_t); diff --git a/source4/heimdal/lib/gssapi/mech/cred.h b/source4/heimdal/lib/gssapi/mech/cred.h index df89e79727..7f77b8a68e 100644 --- a/source4/heimdal/lib/gssapi/mech/cred.h +++ b/source4/heimdal/lib/gssapi/mech/cred.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/cred.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: cred.h,v 1.3 2006/10/05 18:26:54 lha Exp $ + * $Id: cred.h 20626 2007-05-08 13:56:49Z lha $ */ struct _gss_mechanism_cred { @@ -36,7 +36,6 @@ struct _gss_mechanism_cred { SLIST_HEAD(_gss_mechanism_cred_list, _gss_mechanism_cred); struct _gss_cred { - gss_cred_usage_t gc_usage; struct _gss_mechanism_cred_list gc_mc; }; diff --git a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c index 7df8a3483e..8c5f4d0b08 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_accept_sec_context.c,v 1.9 2006/12/15 20:12:20 lha Exp $"); +RCSID("$Id: gss_accept_sec_context.c 20626 2007-05-08 13:56:49Z lha $"); static OM_uint32 parse_header(const gss_buffer_t input_token, gss_OID mech_oid) @@ -127,10 +127,10 @@ choose_mech(const gss_buffer_t input, gss_OID mech_oid) return GSS_S_COMPLETE; } else if (input->length == 0) { /* - * There is the a wiered mode of SPNEGO (in CIFS and + * There is the a wierd mode of SPNEGO (in CIFS and * SASL GSS-SPENGO where the first token is zero * length and the acceptor returns a mech_list, lets - * home that is what is happening now. + * hope that is what is happening now. */ *mech_oid = spnego_mechanism; return GSS_S_COMPLETE; @@ -161,13 +161,18 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, int allocated_ctx; *minor_status = 0; - if (src_name) *src_name = 0; - if (mech_type) *mech_type = 0; - if (ret_flags) *ret_flags = 0; - if (time_rec) *time_rec = 0; - if (delegated_cred_handle) *delegated_cred_handle = 0; - output_token->length = 0; - output_token->value = 0; + if (src_name) + *src_name = GSS_C_NO_NAME; + if (mech_type) + *mech_type = GSS_C_NO_OID; + if (ret_flags) + *ret_flags = 0; + if (time_rec) + *time_rec = 0; + if (delegated_cred_handle) + *delegated_cred_handle = GSS_C_NO_CREDENTIAL; + _mg_buffer_zero(output_token); + /* * If this is the first call (*context_handle is NULL), we must @@ -227,7 +232,10 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, &delegated_mc); if (major_status != GSS_S_COMPLETE && major_status != GSS_S_CONTINUE_NEEDED) + { + _gss_mg_error(m, major_status, *minor_status); return (major_status); + } if (!src_name) { m->gm_release_name(minor_status, &src_mn); @@ -264,8 +272,6 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, *minor_status = ENOMEM; return (GSS_S_FAILURE); } - m->gm_inquire_cred(minor_status, delegated_mc, - 0, 0, &dcred->gc_usage, 0); dmc->gmc_mech = m; dmc->gmc_mech_oid = &m->gm_mech_oid; dmc->gmc_cred = delegated_mc; diff --git a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c index 0b3554c0fa..d6e448a223 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c +++ b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_acquire_cred.c,v 1.4 2006/10/25 00:44:55 lha Exp $"); +RCSID("$Id: gss_acquire_cred.c 20626 2007-05-08 13:56:49Z lha $"); OM_uint32 gss_acquire_cred(OM_uint32 *minor_status, @@ -49,6 +49,14 @@ gss_acquire_cred(OM_uint32 *minor_status, OM_uint32 min_time, cred_time; int i; + *minor_status = 0; + if (actual_mechs) + *output_cred_handle = GSS_C_NO_CREDENTIAL; + if (actual_mechs) + *actual_mechs = GSS_C_NO_OID_SET; + if (time_rec) + *time_rec = 0; + _gss_load_mech(); /* @@ -64,7 +72,6 @@ gss_acquire_cred(OM_uint32 *minor_status, break; } if (i == mechs->count) { - *output_cred_handle = 0; *minor_status = 0; return (GSS_S_BAD_MECH); } @@ -84,7 +91,6 @@ gss_acquire_cred(OM_uint32 *minor_status, *minor_status = ENOMEM; return (GSS_S_FAILURE); } - cred->gc_usage = cred_usage; SLIST_INIT(&cred->gc_mc); if (mechs == GSS_C_NO_OID_SET) @@ -109,7 +115,6 @@ gss_acquire_cred(OM_uint32 *minor_status, if (!mc) { continue; } - SLIST_INIT(&cred->gc_mc); mc->gmc_mech = m; mc->gmc_mech_oid = &m->gm_mech_oid; @@ -151,7 +156,6 @@ gss_acquire_cred(OM_uint32 *minor_status, free(cred); if (actual_mechs) gss_release_oid_set(minor_status, actual_mechs); - *output_cred_handle = 0; *minor_status = 0; return (GSS_S_NO_CRED); } diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c index beffd54e29..4947c5c30e 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c +++ b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_add_cred.c,v 1.3 2006/06/29 08:23:53 lha Exp $"); +RCSID("$Id: gss_add_cred.c 20626 2007-05-08 13:56:49Z lha $"); static struct _gss_mechanism_cred * _gss_copy_cred(struct _gss_mechanism_cred *mc) @@ -43,8 +43,10 @@ _gss_copy_cred(struct _gss_mechanism_cred *mc) major_status = m->gm_inquire_cred_by_mech(&minor_status, mc->gmc_cred, mc->gmc_mech_oid, &name, &initiator_lifetime, &acceptor_lifetime, &cred_usage); - if (major_status) + if (major_status) { + _gss_mg_error(m, major_status, minor_status); return (0); + } major_status = m->gm_add_cred(&minor_status, GSS_C_NO_CREDENTIAL, name, mc->gmc_mech_oid, @@ -52,8 +54,10 @@ _gss_copy_cred(struct _gss_mechanism_cred *mc) &cred, 0, 0, 0); m->gm_release_name(&minor_status, &name); - if (major_status) + if (major_status) { + _gss_mg_error(m, major_status, minor_status); return (0); + } new_mc = malloc(sizeof(struct _gss_mechanism_cred)); if (!new_mc) { @@ -89,15 +93,20 @@ gss_add_cred(OM_uint32 *minor_status, struct _gss_mechanism_name *mn; OM_uint32 junk; - *output_cred_handle = 0; *minor_status = 0; + *output_cred_handle = GSS_C_NO_CREDENTIAL; + if (initiator_time_rec) + *initiator_time_rec = 0; + if (acceptor_time_rec) + *acceptor_time_rec = 0; + if (actual_mechs) + *actual_mechs = GSS_C_NO_OID_SET; new_cred = malloc(sizeof(struct _gss_cred)); if (!new_cred) { *minor_status = ENOMEM; return (GSS_S_FAILURE); } - new_cred->gc_usage = cred_usage; SLIST_INIT(&new_cred->gc_mc); /* @@ -162,6 +171,7 @@ gss_add_cred(OM_uint32 *minor_status, acceptor_time_rec); if (major_status) { + _gss_mg_error(m, major_status, *minor_status); release_cred = (gss_cred_id_t)new_cred; gss_release_cred(&junk, &release_cred); free(mc); diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c b/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c index 5806cec009..87d1ab3725 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c +++ b/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_add_oid_set_member.c,v 1.3 2006/10/22 09:36:13 lha Exp $"); +RCSID("$Id: gss_add_oid_set_member.c 18817 2006-10-22 09:36:13Z lha $"); OM_uint32 gss_add_oid_set_member (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c b/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c index 9e9bd5e790..56e0039379 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c +++ b/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_buffer_set.c,v 1.2 2006/10/24 21:53:02 lha Exp $"); +RCSID("$Id: gss_buffer_set.c 18885 2006-10-24 21:53:02Z lha $"); OM_uint32 gss_create_empty_buffer_set diff --git a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c index 38a464be46..1437a9bc7b 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_canonicalize_name.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_canonicalize_name.c 19928 2007-01-16 10:37:54Z lha $"); OM_uint32 gss_canonicalize_name(OM_uint32 *minor_status, @@ -52,8 +52,10 @@ gss_canonicalize_name(OM_uint32 *minor_status, m = mn->gmn_mech; major_status = m->gm_canonicalize_name(minor_status, mn->gmn_name, mech_type, &new_canonical_name); - if (major_status) + if (major_status) { + _gss_mg_error(m, major_status, *minor_status); return (major_status); + } /* * Now we make a new name and mark it as an MN. diff --git a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c index 1068bfabf6..147ad60c94 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_compare_name.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_compare_name.c 17700 2006-06-28 09:00:26Z lha $"); OM_uint32 gss_compare_name(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_context_time.c b/source4/heimdal/lib/gssapi/mech/gss_context_time.c index 4b17381776..47999f35cf 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_context_time.c +++ b/source4/heimdal/lib/gssapi/mech/gss_context_time.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_context_time.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_context_time.c 17700 2006-06-28 09:00:26Z lha $"); OM_uint32 gss_context_time(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c b/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c index 7298ec9e83..841271b1fd 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c +++ b/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_create_empty_oid_set.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_create_empty_oid_set.c 19951 2007-01-17 10:14:58Z lha $"); OM_uint32 gss_create_empty_oid_set(OM_uint32 *minor_status, @@ -36,7 +36,7 @@ gss_create_empty_oid_set(OM_uint32 *minor_status, gss_OID_set set; *minor_status = 0; - *oid_set = 0; + *oid_set = GSS_C_NO_OID_SET; set = malloc(sizeof(gss_OID_set_desc)); if (!set) { diff --git a/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c b/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c index 8ebb848188..e8b86e4d22 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c +++ b/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_decapsulate_token.c,v 1.2 2006/10/14 10:04:45 lha Exp $"); +RCSID("$Id: gss_decapsulate_token.c 19951 2007-01-17 10:14:58Z lha $"); OM_uint32 gss_decapsulate_token(gss_buffer_t input_token, @@ -45,8 +45,7 @@ gss_decapsulate_token(gss_buffer_t input_token, int ret; size_t size; - output_token->length = 0; - output_token->value = NULL; + _mg_buffer_zero(output_token); ret = der_get_oid (oid->elements, oid->length, &o, &size); if (ret) diff --git a/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c index 06ef8e6d09..8c40994739 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_delete_sec_context.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_delete_sec_context.c 19951 2007-01-17 10:14:58Z lha $"); OM_uint32 gss_delete_sec_context(OM_uint32 *minor_status, @@ -37,6 +37,9 @@ gss_delete_sec_context(OM_uint32 *minor_status, OM_uint32 major_status; struct _gss_context *ctx = (struct _gss_context *) *context_handle; + if (output_token) + _mg_buffer_zero(output_token); + *minor_status = 0; if (ctx) { /* @@ -46,12 +49,9 @@ gss_delete_sec_context(OM_uint32 *minor_status, if (ctx->gc_ctx) { major_status = ctx->gc_mech->gm_delete_sec_context( minor_status, &ctx->gc_ctx, output_token); - } else if (output_token != GSS_C_NO_BUFFER) { - output_token->length = 0; - output_token->value = 0; } free(ctx); - *context_handle = 0; + *context_handle = GSS_C_NO_CONTEXT; } return (GSS_S_COMPLETE); diff --git a/source4/heimdal/lib/gssapi/mech/gss_display_name.c b/source4/heimdal/lib/gssapi/mech/gss_display_name.c index 79f62a7a4f..e57e5dd795 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_display_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_display_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_display_name.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_display_name.c 19952 2007-01-17 10:16:15Z lha $"); OM_uint32 gss_display_name(OM_uint32 *minor_status, @@ -39,6 +39,10 @@ gss_display_name(OM_uint32 *minor_status, struct _gss_name *name = (struct _gss_name *) input_name; struct _gss_mechanism_name *mn; + _mg_buffer_zero(output_name_buffer); + if (output_name_type) + *output_name_type = GSS_C_NO_OID; + /* * If we know it, copy the buffer used to import the name in * the first place. Otherwise, ask all the MNs in turn if diff --git a/source4/heimdal/lib/gssapi/mech/gss_display_status.c b/source4/heimdal/lib/gssapi/mech/gss_display_status.c index 7871f5338b..c316c26fd7 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_display_status.c +++ b/source4/heimdal/lib/gssapi/mech/gss_display_status.c @@ -59,7 +59,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_display_status.c,v 1.4 2006/07/19 11:02:33 lha Exp $"); +RCSID("$Id: gss_display_status.c 20084 2007-01-31 12:12:08Z lha $"); static const char * calling_error(OM_uint32 v) @@ -148,6 +148,18 @@ gss_display_status(OM_uint32 *minor_status, { OM_uint32 major_status; + _mg_buffer_zero(status_string); + *message_content = 0; + + major_status = _gss_mg_get_error(mech_type, status_type, + status_value, status_string); + if (major_status == GSS_S_COMPLETE) { + + *message_content = 0; + *minor_status = 0; + return GSS_S_COMPLETE; + } + *minor_status = 0; switch (status_type) { case GSS_C_GSS_CODE: { @@ -161,24 +173,40 @@ gss_display_status(OM_uint32 *minor_status, calling_error(GSS_CALLING_ERROR(status_value)), routine_error(GSS_ROUTINE_ERROR(status_value))); + if (buf == NULL) + break; + status_string->length = strlen(buf); status_string->value = buf; return GSS_S_COMPLETE; } case GSS_C_MECH_CODE: { - gssapi_mech_interface m; - m = __gss_get_mechanism(mech_type); - if (m) { - major_status = m->gm_display_status(minor_status, - status_value, status_type, mech_type, - message_content, status_string); - if (major_status == GSS_S_COMPLETE) - return (GSS_S_COMPLETE); + OM_uint32 maj_junk, min_junk; + gss_buffer_desc oid; + char *buf; + + maj_junk = gss_oid_to_str(&min_junk, mech_type, &oid); + if (maj_junk != GSS_S_COMPLETE) { + oid.value = rk_UNCONST("unknown"); + oid.length = 7; } + + asprintf (&buf, "unknown mech-code %lu for mech %.*s", + (unsigned long)status_value, + (int)oid.length, (char *)oid.value); + if (maj_junk == GSS_S_COMPLETE) + gss_release_buffer(&min_junk, &oid); + + if (buf == NULL) + break; + + status_string->length = strlen(buf); + status_string->value = buf; + + return GSS_S_COMPLETE; } } - status_string->value = NULL; - status_string->length = 0; + _mg_buffer_zero(status_string); return (GSS_S_BAD_STATUS); } diff --git a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c index 5ef828f472..3aab0b9bbc 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_duplicate_name.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_duplicate_name.c 19953 2007-01-17 11:16:35Z lha $"); OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, const gss_name_t src_name, @@ -39,6 +39,7 @@ OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, struct _gss_mechanism_name *mn; *minor_status = 0; + *dest_name = GSS_C_NO_NAME; /* * If this name has a value (i.e. it didn't come from diff --git a/source4/heimdal/lib/gssapi/mech/gss_duplicate_oid.c b/source4/heimdal/lib/gssapi/mech/gss_duplicate_oid.c index bfb0e75315..d111a0ed61 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_duplicate_oid.c +++ b/source4/heimdal/lib/gssapi/mech/gss_duplicate_oid.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_duplicate_oid.c,v 1.1 2006/06/28 09:07:07 lha Exp $"); +RCSID("$Id: gss_duplicate_oid.c 19954 2007-01-17 11:50:23Z lha $"); OM_uint32 gss_duplicate_oid ( OM_uint32 *minor_status, @@ -56,6 +56,7 @@ OM_uint32 gss_duplicate_oid ( (*dest_oid)->elements = malloc(src_oid->length); if ((*dest_oid)->elements == NULL) { free(*dest_oid); + *dest_oid = GSS_C_NO_OID; *minor_status = ENOMEM; return GSS_S_FAILURE; } diff --git a/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c b/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c index d1285815ee..476d451375 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c +++ b/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_encapsulate_token.c,v 1.2 2006/10/14 10:05:12 lha Exp $"); +RCSID("$Id: gss_encapsulate_token.c 19954 2007-01-17 11:50:23Z lha $"); OM_uint32 gss_encapsulate_token(gss_buffer_t input_token, @@ -45,8 +45,7 @@ gss_encapsulate_token(gss_buffer_t input_token, ret = der_get_oid (oid->elements, oid->length, &ct.thisMech, &size); if (ret) { - output_token->value = NULL; - output_token->length = 0; + _mg_buffer_zero(output_token); return GSS_S_FAILURE; } @@ -58,8 +57,7 @@ gss_encapsulate_token(gss_buffer_t input_token, &ct, &size, ret); der_free_oid(&ct.thisMech); if (ret) { - output_token->length = 0; - output_token->value = NULL; + _mg_buffer_zero(output_token); return GSS_S_FAILURE; } if (output_token->length != size) diff --git a/source4/heimdal/lib/gssapi/mech/gss_export_name.c b/source4/heimdal/lib/gssapi/mech/gss_export_name.c index bc1c39c8ee..11c9dd2db5 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_export_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_export_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_export_name.c,v 1.3 2006/07/05 22:41:57 lha Exp $"); +RCSID("$Id: gss_export_name.c 19954 2007-01-17 11:50:23Z lha $"); OM_uint32 gss_export_name(OM_uint32 *minor_status, @@ -37,8 +37,7 @@ gss_export_name(OM_uint32 *minor_status, struct _gss_name *name = (struct _gss_name *) input_name; struct _gss_mechanism_name *mn; - exported_name->value = NULL; - exported_name->length = 0; + _mg_buffer_zero(exported_name); /* * If this name already has any attached MNs, export the first diff --git a/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c index 1acc72b33d..cf13bc0cd3 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_export_sec_context.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_export_sec_context.c 19954 2007-01-17 11:50:23Z lha $"); OM_uint32 gss_export_sec_context(OM_uint32 *minor_status, @@ -39,6 +39,8 @@ gss_export_sec_context(OM_uint32 *minor_status, gssapi_mech_interface m = ctx->gc_mech; gss_buffer_desc buf; + _mg_buffer_zero(interprocess_token); + major_status = m->gm_export_sec_context(minor_status, &ctx->gc_ctx, &buf); @@ -58,6 +60,7 @@ gss_export_sec_context(OM_uint32 *minor_status, * GSS_C_NO_CONTEXT, which we did above. * Return GSS_S_FAILURE. */ + _mg_buffer_zero(interprocess_token); *minor_status = ENOMEM; return (GSS_S_FAILURE); } @@ -67,6 +70,8 @@ gss_export_sec_context(OM_uint32 *minor_status, memcpy(p + 2, m->gm_mech_oid.elements, m->gm_mech_oid.length); memcpy(p + 2 + m->gm_mech_oid.length, buf.value, buf.length); gss_release_buffer(minor_status, &buf); + } else { + _gss_mg_error(m, major_status, *minor_status); } return (major_status); diff --git a/source4/heimdal/lib/gssapi/mech/gss_get_mic.c b/source4/heimdal/lib/gssapi/mech/gss_get_mic.c index e9a8f294a4..496dd2065c 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_get_mic.c +++ b/source4/heimdal/lib/gssapi/mech/gss_get_mic.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_get_mic.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_get_mic.c 19954 2007-01-17 11:50:23Z lha $"); OM_uint32 gss_get_mic(OM_uint32 *minor_status, @@ -39,6 +39,12 @@ gss_get_mic(OM_uint32 *minor_status, struct _gss_context *ctx = (struct _gss_context *) context_handle; gssapi_mech_interface m = ctx->gc_mech; + _mg_buffer_zero(message_token); + if (ctx == NULL) { + *minor_status = 0; + return GSS_S_NO_CONTEXT; + } + return (m->gm_get_mic(minor_status, ctx->gc_ctx, qop_req, message_buffer, message_token)); } diff --git a/source4/heimdal/lib/gssapi/mech/gss_import_name.c b/source4/heimdal/lib/gssapi/mech/gss_import_name.c index 9684301ba4..6f55a1d61c 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_import_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_import_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_import_name.c,v 1.3 2006/06/29 21:23:13 lha Exp $"); +RCSID("$Id: gss_import_name.c 19954 2007-01-17 11:50:23Z lha $"); static OM_uint32 _gss_import_export_name(OM_uint32 *minor_status, @@ -119,6 +119,10 @@ _gss_import_export_name(OM_uint32 *minor_status, */ major_status = m->gm_import_name(minor_status, input_name_buffer, GSS_C_NT_EXPORT_NAME, &new_canonical_name); + if (major_status != GSS_S_COMPLETE) { + _gss_mg_error(m, major_status, *minor_status); + return major_status; + } /* * Now we make a new name and mark it as an MN. @@ -145,9 +149,10 @@ gss_import_name(OM_uint32 *minor_status, OM_uint32 major_status; struct _gss_name *name; + *output_name = GSS_C_NO_NAME; + if (input_name_buffer->length == 0) { *minor_status = 0; - *output_name = 0; return (GSS_S_BAD_NAME); } @@ -180,7 +185,6 @@ gss_import_name(OM_uint32 *minor_status, && !gss_oid_equal(name_type, GSS_C_NT_ANONYMOUS) && !gss_oid_equal(name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) { *minor_status = 0; - *output_name = 0; return (GSS_S_BAD_NAMETYPE); } diff --git a/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c index 5466f97cf4..44ca1b2677 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_import_sec_context.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_import_sec_context.c 19956 2007-01-17 12:04:16Z lha $"); OM_uint32 gss_import_sec_context(OM_uint32 *minor_status, @@ -43,7 +43,7 @@ gss_import_sec_context(OM_uint32 *minor_status, size_t len; *minor_status = 0; - *context_handle = 0; + *context_handle = GSS_C_NO_CONTEXT; /* * We added an oid to the front of the token in @@ -73,6 +73,7 @@ gss_import_sec_context(OM_uint32 *minor_status, major_status = m->gm_import_sec_context(minor_status, &buf, &ctx->gc_ctx); if (major_status != GSS_S_COMPLETE) { + _gss_mg_error(m, major_status, *minor_status); free(ctx); } else { *context_handle = (gss_ctx_id_t) ctx; diff --git a/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c b/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c index 0da6c48834..00c6ed28ee 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c +++ b/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_indicate_mechs.c,v 1.3 2006/07/05 22:36:49 lha Exp $"); +RCSID("$Id: gss_indicate_mechs.c 17803 2006-07-05 22:36:49Z lha $"); OM_uint32 gss_indicate_mechs(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c index 0d50bbd92b..c1c058d146 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_init_sec_context.c,v 1.4 2006/11/14 12:33:11 lha Exp $"); +RCSID("$Id: gss_init_sec_context.c 19957 2007-01-17 13:48:11Z lha $"); static gss_cred_id_t _gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type) @@ -71,6 +71,14 @@ gss_init_sec_context(OM_uint32 * minor_status, *minor_status = 0; + _mg_buffer_zero(output_token); + if (actual_mech_type) + *actual_mech_type = GSS_C_NO_OID; + if (ret_flags) + *ret_flags = 0; + if (time_rec) + *time_rec = 0; + /* * If we haven't allocated a context yet, do so now and lookup * the mechanism switch table. If we have one already, make @@ -131,6 +139,8 @@ gss_init_sec_context(OM_uint32 * minor_status, && major_status != GSS_S_CONTINUE_NEEDED) { if (allocated_ctx) free(ctx); + _mg_buffer_zero(output_token); + _gss_mg_error(m, major_status, *minor_status); } else { *context_handle = (gss_ctx_id_t) ctx; } diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c index 88bbb3941f..5cce30c6bd 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_context.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_inquire_context.c 19958 2007-01-17 13:56:18Z lha $"); OM_uint32 gss_inquire_context(OM_uint32 *minor_status, @@ -46,27 +46,42 @@ gss_inquire_context(OM_uint32 *minor_status, struct _gss_name *name; gss_name_t src_mn, targ_mn; + if (locally_initiated) + *locally_initiated = 0; + if (open) + *open = 0; + if (lifetime_rec) + *lifetime_rec = 0; + + if (src_name) + *src_name = GSS_C_NO_NAME; + if (targ_name) + *targ_name = GSS_C_NO_NAME; + if (mech_type) + *mech_type = GSS_C_NO_OID; + src_mn = targ_mn = GSS_C_NO_NAME; + major_status = m->gm_inquire_context(minor_status, ctx->gc_ctx, - src_name ? &src_mn : 0, - targ_name ? &targ_mn : 0, + src_name ? &src_mn : NULL, + targ_name ? &targ_mn : NULL, lifetime_rec, mech_type, ctx_flags, locally_initiated, open); - if (src_name) *src_name = 0; - if (targ_name) *targ_name = 0; - if (major_status != GSS_S_COMPLETE) { + _gss_mg_error(m, major_status, *minor_status); return (major_status); } if (src_name) { name = _gss_make_name(m, src_mn); if (!name) { - minor_status = 0; + *mech_type = GSS_C_NO_OID; + m->gm_release_name(minor_status, &src_mn); + *minor_status = 0; return (GSS_S_FAILURE); } *src_name = (gss_name_t) name; @@ -75,7 +90,10 @@ gss_inquire_context(OM_uint32 *minor_status, if (targ_name) { name = _gss_make_name(m, targ_mn); if (!name) { - minor_status = 0; + *mech_type = GSS_C_NO_OID; + gss_release_name(minor_status, src_name); + m->gm_release_name(minor_status, &targ_mn); + *minor_status = 0; return (GSS_S_FAILURE); } *targ_name = (gss_name_t) name; diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c index 223140205d..97c3628225 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c @@ -27,7 +27,21 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_cred.c,v 1.5 2006/07/20 02:03:18 lha Exp $"); +RCSID("$Id: gss_inquire_cred.c 20626 2007-05-08 13:56:49Z lha $"); + +#define AUSAGE 1 +#define IUSAGE 2 + +static void +updateusage(gss_cred_usage_t usage, int *usagemask) +{ + if (usage == GSS_C_BOTH) + *usagemask |= AUSAGE | IUSAGE; + else if (usage == GSS_C_ACCEPT) + *usagemask |= AUSAGE; + else if (usage == GSS_C_INITIATE) + *usagemask |= IUSAGE; +} OM_uint32 gss_inquire_cred(OM_uint32 *minor_status, @@ -44,27 +58,30 @@ gss_inquire_cred(OM_uint32 *minor_status, struct _gss_mechanism_name *mn; OM_uint32 min_lifetime; int found = 0; + int usagemask = 0; + gss_cred_usage_t usage; _gss_load_mech(); *minor_status = 0; if (name_ret) - *name_ret = 0; + *name_ret = GSS_C_NO_NAME; if (lifetime) *lifetime = 0; if (cred_usage) *cred_usage = 0; + if (mechanisms) + *mechanisms = GSS_C_NO_OID_SET; if (name_ret) { - name = malloc(sizeof(struct _gss_name)); - if (!name) { + name = calloc(1, sizeof(*name)); + if (name == NULL) { *minor_status = ENOMEM; return (GSS_S_FAILURE); } - memset(name, 0, sizeof(struct _gss_name)); SLIST_INIT(&name->gn_mn); } else { - name = 0; + name = NULL; } if (mechanisms) { @@ -85,10 +102,11 @@ gss_inquire_cred(OM_uint32 *minor_status, OM_uint32 mc_lifetime; major_status = mc->gmc_mech->gm_inquire_cred(minor_status, - mc->gmc_cred, &mc_name, &mc_lifetime, NULL, NULL); + mc->gmc_cred, &mc_name, &mc_lifetime, &usage, NULL); if (major_status) continue; + updateusage(usage, &usagemask); if (name) { mn = malloc(sizeof(struct _gss_mechanism_name)); if (!mn) { @@ -120,10 +138,11 @@ gss_inquire_cred(OM_uint32 *minor_status, major_status = m->gm_mech.gm_inquire_cred(minor_status, GSS_C_NO_CREDENTIAL, &mc_name, &mc_lifetime, - cred_usage, NULL); + &usage, NULL); if (major_status) continue; + updateusage(usage, &usagemask); if (name && mc_name) { mn = malloc( sizeof(struct _gss_mechanism_name)); @@ -152,6 +171,9 @@ gss_inquire_cred(OM_uint32 *minor_status, } if (found == 0) { + gss_name_t n = (gss_name_t)name; + if (n) + gss_release_name(minor_status, &n); gss_release_oid_set(minor_status, mechanisms); *minor_status = 0; return (GSS_S_NO_CRED); @@ -162,7 +184,13 @@ gss_inquire_cred(OM_uint32 *minor_status, *name_ret = (gss_name_t) name; if (lifetime) *lifetime = min_lifetime; - if (cred && cred_usage) - *cred_usage = cred->gc_usage; + if (cred_usage) { + if ((usagemask & (AUSAGE|IUSAGE)) == (AUSAGE|IUSAGE)) + *cred_usage = GSS_C_BOTH; + else if (usagemask & IUSAGE) + *cred_usage = GSS_C_INITIATE; + else if (usagemask & AUSAGE) + *cred_usage = GSS_C_ACCEPT; + } return (GSS_S_COMPLETE); } diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c index 771a6956a5..a4ace9e9e9 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_cred_by_mech.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_inquire_cred_by_mech.c 19960 2007-01-17 15:09:24Z lha $"); OM_uint32 gss_inquire_cred_by_mech(OM_uint32 *minor_status, @@ -46,6 +46,14 @@ gss_inquire_cred_by_mech(OM_uint32 *minor_status, struct _gss_name *name; *minor_status = 0; + if (cred_name) + *cred_name = GSS_C_NO_NAME; + if (initiator_lifetime) + *initiator_lifetime = 0; + if (acceptor_lifetime) + *acceptor_lifetime = 0; + if (cred_usage) + *cred_usage = 0; m = __gss_get_mechanism(mech_type); if (!m) @@ -65,8 +73,10 @@ gss_inquire_cred_by_mech(OM_uint32 *minor_status, major_status = m->gm_inquire_cred_by_mech(minor_status, mc, mech_type, &mn, initiator_lifetime, acceptor_lifetime, cred_usage); - if (major_status != GSS_S_COMPLETE) + if (major_status != GSS_S_COMPLETE) { + _gss_mg_error(m, major_status, *minor_status); return (major_status); + } name = _gss_make_name(m, mn); if (!name) { diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c index 3cfe89af21..7b53a2ff4a 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_cred_by_oid.c,v 1.2 2006/06/28 16:20:41 lha Exp $"); +RCSID("$Id: gss_inquire_cred_by_oid.c 19960 2007-01-17 15:09:24Z lha $"); OM_uint32 gss_inquire_cred_by_oid (OM_uint32 *minor_status, @@ -46,6 +46,7 @@ gss_inquire_cred_by_oid (OM_uint32 *minor_status, gss_buffer_set_t set = GSS_C_NO_BUFFER_SET; *minor_status = 0; + *data_set = GSS_C_NO_BUFFER_SET; if (cred == NULL) return GSS_S_NO_CRED; @@ -55,8 +56,11 @@ gss_inquire_cred_by_oid (OM_uint32 *minor_status, int i; m = mc->gmc_mech; - if (m == NULL) + if (m == NULL) { + gss_release_buffer_set(minor_status, &set); + *minor_status = 0; return GSS_S_BAD_MECH; + } if (m->gm_inquire_cred_by_oid == NULL) continue; @@ -77,6 +81,7 @@ gss_inquire_cred_by_oid (OM_uint32 *minor_status, if (set == GSS_C_NO_BUFFER_SET) status = GSS_S_FAILURE; *data_set = set; + *minor_status = 0; return status; } diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c index 7052bf8b72..5330a747a6 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_mechs_for_name.c,v 1.3 2006/07/20 02:04:00 lha Exp $"); +RCSID("$Id: gss_inquire_mechs_for_name.c 17844 2006-07-20 02:04:00Z lha $"); OM_uint32 gss_inquire_mechs_for_name(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c index 2293163b03..65b52cbbc3 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_names_for_mech.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_inquire_names_for_mech.c 19960 2007-01-17 15:09:24Z lha $"); OM_uint32 gss_inquire_names_for_mech(OM_uint32 *minor_status, @@ -38,6 +38,7 @@ gss_inquire_names_for_mech(OM_uint32 *minor_status, gssapi_mech_interface m = __gss_get_mechanism(mechanism); *minor_status = 0; + *name_types = GSS_C_NO_OID_SET; if (!m) return (GSS_S_BAD_MECH); @@ -56,15 +57,15 @@ gss_inquire_names_for_mech(OM_uint32 *minor_status, major_status = gss_add_oid_set_member(minor_status, GSS_C_NT_HOSTBASED_SERVICE, name_types); if (major_status) { - OM_uint32 ms; - gss_release_oid_set(&ms, name_types); + OM_uint32 junk; + gss_release_oid_set(&junk, name_types); return (major_status); } major_status = gss_add_oid_set_member(minor_status, GSS_C_NT_USER_NAME, name_types); if (major_status) { - OM_uint32 ms; - gss_release_oid_set(&ms, name_types); + OM_uint32 junk; + gss_release_oid_set(&junk, name_types); return (major_status); } } diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c index 7f5632ac55..fd8219ce02 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_sec_context_by_oid.c,v 1.1 2006/06/28 09:07:08 lha Exp $"); +RCSID("$Id: gss_inquire_sec_context_by_oid.c 19961 2007-01-17 15:57:51Z lha $"); OM_uint32 gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, @@ -44,7 +44,7 @@ gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, gssapi_mech_interface m; *minor_status = 0; - + *data_set = GSS_C_NO_BUFFER_SET; if (ctx == NULL) return GSS_S_NO_CONTEXT; @@ -58,10 +58,12 @@ gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, if (m == NULL) return GSS_S_BAD_MECH; - if (m->gm_inquire_sec_context_by_oid != NULL) + if (m->gm_inquire_sec_context_by_oid != NULL) { major_status = m->gm_inquire_sec_context_by_oid(minor_status, ctx->gc_ctx, desired_object, data_set); - else + if (major_status != GSS_S_COMPLETE) + _gss_mg_error(m, major_status, *minor_status); + } else major_status = GSS_S_BAD_MECH; return major_status; diff --git a/source4/heimdal/lib/gssapi/mech/gss_krb5.c b/source4/heimdal/lib/gssapi/mech/gss_krb5.c index 76a2c2b637..2500928baf 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_krb5.c +++ b/source4/heimdal/lib/gssapi/mech/gss_krb5.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_krb5.c,v 1.21 2006/11/10 00:57:27 lha Exp $"); +RCSID("$Id: gss_krb5.c 20383 2007-04-18 08:49:53Z lha $"); #include #include @@ -164,7 +164,12 @@ gss_krb5_import_cred(OM_uint32 *minor_status, goto out; } - krb5_storage_to_data(sp, &data); + ret = krb5_storage_to_data(sp, &data); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto out; + } buffer.value = data.data; buffer.length = data.length; @@ -421,37 +426,49 @@ gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c) */ OM_uint32 -gss_krb5_set_allowable_enctypes(OM_uint32 *min_status, +gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, gss_cred_id_t cred, OM_uint32 num_enctypes, int32_t *enctypes) { + krb5_error_code ret; OM_uint32 maj_status; gss_buffer_desc buffer; krb5_storage *sp; krb5_data data; + int i; sp = krb5_storage_emem(); if (sp == NULL) { - *min_status = ENOMEM; + *minor_status = ENOMEM; maj_status = GSS_S_FAILURE; goto out; } - while(*enctypes) { - krb5_store_int32(sp, *enctypes); - enctypes++; + for (i = 0; i < num_enctypes; i++) { + ret = krb5_store_int32(sp, enctypes[i]); + if (ret) { + *minor_status = ret; + maj_status = GSS_S_FAILURE; + goto out; + } } - krb5_storage_to_data(sp, &data); + ret = krb5_storage_to_data(sp, &data); + if (ret) { + *minor_status = ret; + maj_status = GSS_S_FAILURE; + goto out; + } buffer.value = data.data; buffer.length = data.length; - maj_status = gss_set_cred_option(min_status, + maj_status = gss_set_cred_option(minor_status, &cred, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X, &buffer); + krb5_data_free(&data); out: if (sp) krb5_storage_free(sp); @@ -489,6 +506,38 @@ gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c) return (GSS_S_COMPLETE); } +/* + * + */ + +OM_uint32 +gss_krb5_ccache_name(OM_uint32 *minor_status, + const char *name, + const char **out_name) +{ + struct _gss_mech_switch *m; + gss_buffer_desc buffer; + OM_uint32 junk; + + _gss_load_mech(); + + if (out_name) + *out_name = NULL; + + buffer.value = rk_UNCONST(name); + buffer.length = strlen(name); + + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (m->gm_mech.gm_set_sec_context_option == NULL) + continue; + m->gm_mech.gm_set_sec_context_option(&junk, NULL, + GSS_KRB5_CCACHE_NAME_X, &buffer); + } + + return (GSS_S_COMPLETE); +} + + /* * */ diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c index b8fdefdca1..604027490e 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c +++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -28,7 +28,7 @@ #include "mech_locl.h" #include -RCSID("$Id: gss_mech_switch.c,v 1.8 2006/12/15 20:05:43 lha Exp $"); +RCSID("$Id: gss_mech_switch.c 20625 2007-05-08 13:55:03Z lha $"); #ifndef _PATH_GSS_MECH #define _PATH_GSS_MECH "/etc/gss/mech" @@ -50,6 +50,9 @@ _gss_string_to_oid(const char* s, gss_OID oid) const char *p, *q; char *res; + oid->length = 0; + oid->elements = NULL; + /* * First figure out how many numbers in the oid, then * calculate the compiled oid size. @@ -169,8 +172,10 @@ add_builtin(gssapi_mech_interface mech) { struct _gss_mech_switch *m; OM_uint32 minor_status; - if (!mech) - return 0; + + /* not registering any mech is ok */ + if (mech == NULL) + return 0; m = malloc(sizeof(*m)); if (m == NULL) @@ -299,6 +304,7 @@ _gss_load_mech(void) OPTSYM(inquire_sec_context_by_oid); OPTSYM(set_sec_context_option); OPTSYM(set_cred_option); + OPTSYM(pseudo_random); SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link); continue; diff --git a/source4/heimdal/lib/gssapi/mech/gss_names.c b/source4/heimdal/lib/gssapi/mech/gss_names.c index 833c582006..3ab609c192 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_names.c +++ b/source4/heimdal/lib/gssapi/mech/gss_names.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_names.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_names.c 19928 2007-01-16 10:37:54Z lha $"); struct _gss_mechanism_name * _gss_find_mn(struct _gss_name *name, gss_OID mech) @@ -62,7 +62,8 @@ _gss_find_mn(struct _gss_name *name, gss_OID mech) (name->gn_type.elements ? &name->gn_type : GSS_C_NO_OID), &mn->gmn_name); - if (major_status) { + if (major_status != GSS_S_COMPLETE) { + _gss_mg_error(m, major_status, minor_status); free(mn); return (0); } diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c index 1a8b811f37..8c75410cc1 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c +++ b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_oid_equal.c,v 1.1 2006/06/28 09:07:08 lha Exp $"); +RCSID("$Id: gss_oid_equal.c 17702 2006-06-28 09:07:08Z lha $"); int gss_oid_equal(const gss_OID a, const gss_OID b) diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c new file mode 100644 index 0000000000..3195370b77 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" +RCSID("$Id: gss_oid_to_str.c 19963 2007-01-17 16:01:22Z lha $"); + +OM_uint32 +gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str) +{ + int ret; + size_t size; + heim_oid o; + char *p; + + _mg_buffer_zero(oid_str); + + ret = der_get_oid (oid->elements, oid->length, &o, &size); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = der_print_heim_oid(&o, ' ', &p); + der_free_oid(&o); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + oid_str->value = p; + oid_str->length = strlen(p); + + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c b/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c index 1e6f39979f..dff6b04f14 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c +++ b/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_process_context_token.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_process_context_token.c 17700 2006-06-28 09:00:26Z lha $"); OM_uint32 gss_process_context_token(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c b/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c index 66705bb40e..fc55cae030 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c +++ b/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_buffer.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_release_buffer.c 19962 2007-01-17 15:59:04Z lha $"); OM_uint32 gss_release_buffer(OM_uint32 *minor_status, @@ -37,8 +37,7 @@ gss_release_buffer(OM_uint32 *minor_status, *minor_status = 0; if (buffer->value) free(buffer->value); - buffer->length = 0; - buffer->value = 0; + _mg_buffer_zero(buffer); return (GSS_S_COMPLETE); } diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_cred.c b/source4/heimdal/lib/gssapi/mech/gss_release_cred.c index 760621c861..b26dbd7865 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_release_cred.c +++ b/source4/heimdal/lib/gssapi/mech/gss_release_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_cred.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_release_cred.c 19963 2007-01-17 16:01:22Z lha $"); OM_uint32 gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) @@ -47,6 +47,6 @@ gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) free(cred); *minor_status = 0; - *cred_handle = 0; + *cred_handle = GSS_C_NO_CREDENTIAL; return (GSS_S_COMPLETE); } diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_name.c b/source4/heimdal/lib/gssapi/mech/gss_release_name.c index 1286cd3b79..313eab8245 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_release_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_release_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_name.c,v 1.3 2006/10/22 07:59:06 lha Exp $"); +RCSID("$Id: gss_release_name.c 18812 2006-10-22 07:59:06Z lha $"); OM_uint32 gss_release_name(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_oid.c b/source4/heimdal/lib/gssapi/mech/gss_release_oid.c index fc84fabd29..7754787fa8 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_release_oid.c +++ b/source4/heimdal/lib/gssapi/mech/gss_release_oid.c @@ -33,7 +33,7 @@ #include "mech_locl.h" -RCSID("$Id: gss_release_oid.c,v 1.1 2006/06/30 09:34:54 lha Exp $"); +RCSID("$Id: gss_release_oid.c 17747 2006-06-30 09:34:54Z lha $"); OM_uint32 gss_release_oid(OM_uint32 *minor_status, gss_OID *oid) diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c b/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c index 101657e4fb..4372e62294 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c +++ b/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_oid_set.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_release_oid_set.c 19963 2007-01-17 16:01:22Z lha $"); OM_uint32 gss_release_oid_set(OM_uint32 *minor_status, @@ -39,7 +39,7 @@ gss_release_oid_set(OM_uint32 *minor_status, if ((*set)->elements) free((*set)->elements); free(*set); - *set = 0; + *set = GSS_C_NO_OID_SET; } return (GSS_S_COMPLETE); } diff --git a/source4/heimdal/lib/gssapi/mech/gss_seal.c b/source4/heimdal/lib/gssapi/mech/gss_seal.c index 2f66f90d4f..71c5e70dc7 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_seal.c +++ b/source4/heimdal/lib/gssapi/mech/gss_seal.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_seal.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_seal.c 17700 2006-06-28 09:00:26Z lha $"); OM_uint32 gss_seal(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c index f813d72ac8..78c8cc79c1 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c +++ b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_set_cred_option.c,v 1.8 2006/11/13 08:59:43 lha Exp $"); +RCSID("$Id: gss_set_cred_option.c 20626 2007-05-08 13:56:49Z lha $"); OM_uint32 gss_set_cred_option (OM_uint32 *minor_status, @@ -55,7 +55,6 @@ gss_set_cred_option (OM_uint32 *minor_status, if (cred == NULL) return GSS_S_FAILURE; - cred->gc_usage = GSS_C_BOTH; /* XXX */ SLIST_INIT(&cred->gc_mc); SLIST_FOREACH(m, &_gss_mechs, gm_link) { @@ -104,6 +103,9 @@ gss_set_cred_option (OM_uint32 *minor_status, &mc->gmc_cred, object, value); if (major_status == GSS_S_COMPLETE) one_ok = 1; + else + _gss_mg_error(m, major_status, *minor_status); + } } if (one_ok) { diff --git a/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c b/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c index aa562a23b6..d312251f53 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c +++ b/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_set_sec_context_option.c,v 1.2 2006/06/28 14:39:00 lha Exp $"); +RCSID("$Id: gss_set_sec_context_option.c 19928 2007-01-16 10:37:54Z lha $"); OM_uint32 gss_set_sec_context_option (OM_uint32 *minor_status, @@ -58,10 +58,12 @@ gss_set_sec_context_option (OM_uint32 *minor_status, if (m == NULL) return GSS_S_BAD_MECH; - if (m->gm_set_sec_context_option != NULL) + if (m->gm_set_sec_context_option != NULL) { major_status = m->gm_set_sec_context_option(minor_status, &ctx->gc_ctx, object, value); - else + if (major_status != GSS_S_COMPLETE) + _gss_mg_error(m, major_status, *minor_status); + } else major_status = GSS_S_BAD_MECH; return major_status; diff --git a/source4/heimdal/lib/gssapi/mech/gss_sign.c b/source4/heimdal/lib/gssapi/mech/gss_sign.c index 8c854e5e43..5268197c61 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_sign.c +++ b/source4/heimdal/lib/gssapi/mech/gss_sign.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_sign.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_sign.c 17700 2006-06-28 09:00:26Z lha $"); OM_uint32 gss_sign(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c b/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c index a71a8b7c92..fc3c5ddeef 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c +++ b/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_test_oid_set_member.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_test_oid_set_member.c 17700 2006-06-28 09:00:26Z lha $"); OM_uint32 gss_test_oid_set_member(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_unseal.c b/source4/heimdal/lib/gssapi/mech/gss_unseal.c index 128dc7883c..205cc6e326 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_unseal.c +++ b/source4/heimdal/lib/gssapi/mech/gss_unseal.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_unseal.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_unseal.c 17700 2006-06-28 09:00:26Z lha $"); OM_uint32 gss_unseal(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_unwrap.c b/source4/heimdal/lib/gssapi/mech/gss_unwrap.c index 1c9484b18d..69c125356b 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_unwrap.c +++ b/source4/heimdal/lib/gssapi/mech/gss_unwrap.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_unwrap.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_unwrap.c 17700 2006-06-28 09:00:26Z lha $"); OM_uint32 gss_unwrap(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_utils.c b/source4/heimdal/lib/gssapi/mech/gss_utils.c index d674fb163b..22217a9d62 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_utils.c +++ b/source4/heimdal/lib/gssapi/mech/gss_utils.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_utils.c,v 1.3 2006/12/18 13:01:25 lha Exp $"); +RCSID("$Id: gss_utils.c 19965 2007-01-17 16:23:47Z lha $"); OM_uint32 _gss_copy_oid(OM_uint32 *minor_status, @@ -38,6 +38,7 @@ _gss_copy_oid(OM_uint32 *minor_status, *minor_status = 0; to_oid->elements = malloc(len); if (!to_oid->elements) { + to_oid->length = 0; *minor_status = ENOMEM; return GSS_S_FAILURE; } @@ -68,6 +69,7 @@ _gss_copy_buffer(OM_uint32 *minor_status, to_buf->value = malloc(len); if (!to_buf->value) { *minor_status = ENOMEM; + to_buf->length = 0; return GSS_S_FAILURE; } to_buf->length = len; diff --git a/source4/heimdal/lib/gssapi/mech/gss_verify.c b/source4/heimdal/lib/gssapi/mech/gss_verify.c index a99d17e2d7..f11cac7d2e 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_verify.c +++ b/source4/heimdal/lib/gssapi/mech/gss_verify.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_verify.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_verify.c 17700 2006-06-28 09:00:26Z lha $"); OM_uint32 gss_verify(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c b/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c index b51ed7a8c4..118f50735f 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c +++ b/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_verify_mic.c,v 1.2 2006/06/28 09:00:25 lha Exp $"); +RCSID("$Id: gss_verify_mic.c 19965 2007-01-17 16:23:47Z lha $"); OM_uint32 gss_verify_mic(OM_uint32 *minor_status, @@ -39,6 +39,13 @@ gss_verify_mic(OM_uint32 *minor_status, struct _gss_context *ctx = (struct _gss_context *) context_handle; gssapi_mech_interface m = ctx->gc_mech; + if (qop_state) + *qop_state = 0; + if (ctx == NULL) { + *minor_status = 0; + return GSS_S_NO_CONTEXT; + } + return (m->gm_verify_mic(minor_status, ctx->gc_ctx, message_buffer, token_buffer, qop_state)); } diff --git a/source4/heimdal/lib/gssapi/mech/gss_wrap.c b/source4/heimdal/lib/gssapi/mech/gss_wrap.c index a97ec1308f..0eb9dfbc6d 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_wrap.c +++ b/source4/heimdal/lib/gssapi/mech/gss_wrap.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_wrap.c,v 1.2 2006/06/28 09:00:26 lha Exp $"); +RCSID("$Id: gss_wrap.c 19965 2007-01-17 16:23:47Z lha $"); OM_uint32 gss_wrap(OM_uint32 *minor_status, @@ -41,6 +41,14 @@ gss_wrap(OM_uint32 *minor_status, struct _gss_context *ctx = (struct _gss_context *) context_handle; gssapi_mech_interface m = ctx->gc_mech; + if (conf_state) + *conf_state = 0; + _mg_buffer_zero(output_message_buffer); + if (ctx == NULL) { + *minor_status = 0; + return GSS_S_NO_CONTEXT; + } + return (m->gm_wrap(minor_status, ctx->gc_ctx, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer)); diff --git a/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c b/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c index 27493aa90d..35b3ad723d 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c +++ b/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_wrap_size_limit.c,v 1.2 2006/06/28 09:00:26 lha Exp $"); +RCSID("$Id: gss_wrap_size_limit.c 19965 2007-01-17 16:23:47Z lha $"); OM_uint32 gss_wrap_size_limit(OM_uint32 *minor_status, @@ -39,6 +39,12 @@ gss_wrap_size_limit(OM_uint32 *minor_status, { struct _gss_context *ctx = (struct _gss_context *) context_handle; gssapi_mech_interface m = ctx->gc_mech; + + *max_input_size = 0; + if (ctx == NULL) { + *minor_status = 0; + return GSS_S_NO_CONTEXT; + } return (m->gm_wrap_size_limit(minor_status, ctx->gc_ctx, conf_req_flag, qop_req, req_output_size, max_input_size)); diff --git a/source4/heimdal/lib/gssapi/mech/gssapi.asn1 b/source4/heimdal/lib/gssapi/mech/gssapi.asn1 index 544618b7d4..44b30bfa7e 100644 --- a/source4/heimdal/lib/gssapi/mech/gssapi.asn1 +++ b/source4/heimdal/lib/gssapi/mech/gssapi.asn1 @@ -1,4 +1,4 @@ --- $Id: gssapi.asn1,v 1.3 2006/10/18 21:08:19 lha Exp $ +-- $Id: gssapi.asn1 18565 2006-10-18 21:08:19Z lha $ GSS-API DEFINITIONS ::= BEGIN diff --git a/source4/heimdal/lib/gssapi/mech/mech_locl.h b/source4/heimdal/lib/gssapi/mech/mech_locl.h index f5db15c5fa..4399fa78a6 100644 --- a/source4/heimdal/lib/gssapi/mech/mech_locl.h +++ b/source4/heimdal/lib/gssapi/mech/mech_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: mech_locl.h,v 1.4 2006/10/07 18:25:27 lha Exp $ */ +/* $Id: mech_locl.h 19948 2007-01-17 10:03:07Z lha $ */ #include @@ -61,3 +61,6 @@ #include "mech_switch.h" #include "name.h" #include "utils.h" + +#define _mg_buffer_zero(buffer) \ + do { (buffer)->value = NULL; (buffer)->length = 0; } while(0) diff --git a/source4/heimdal/lib/gssapi/mech/mech_switch.h b/source4/heimdal/lib/gssapi/mech/mech_switch.h index 0984d36ef3..14e6d7978c 100644 --- a/source4/heimdal/lib/gssapi/mech/mech_switch.h +++ b/source4/heimdal/lib/gssapi/mech/mech_switch.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/mech_switch.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: mech_switch.h,v 1.3 2006/10/05 18:31:53 lha Exp $ + * $Id: mech_switch.h 18246 2006-10-05 18:36:07Z lha $ */ #include diff --git a/source4/heimdal/lib/gssapi/mech/name.h b/source4/heimdal/lib/gssapi/mech/name.h index 3e7443ba20..2252150a06 100644 --- a/source4/heimdal/lib/gssapi/mech/name.h +++ b/source4/heimdal/lib/gssapi/mech/name.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/name.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: name.h,v 1.4 2006/10/05 18:36:07 lha Exp $ + * $Id: name.h 18246 2006-10-05 18:36:07Z lha $ */ struct _gss_mechanism_name { diff --git a/source4/heimdal/lib/gssapi/mech/utils.h b/source4/heimdal/lib/gssapi/mech/utils.h index 42e92c3f42..908203557e 100644 --- a/source4/heimdal/lib/gssapi/mech/utils.h +++ b/source4/heimdal/lib/gssapi/mech/utils.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/utils.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: utils.h,v 1.4 2006/12/18 13:01:40 lha Exp $ + * $Id: utils.h 19398 2006-12-18 13:01:40Z lha $ */ OM_uint32 _gss_free_oid(OM_uint32 *, gss_OID); diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c index 2c86b3f794..106897b9b0 100644 --- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: accept_sec_context.c,v 1.16 2006/12/19 12:10:35 lha Exp $"); +RCSID("$Id: accept_sec_context.c 20929 2007-06-05 21:19:22Z lha $"); static OM_uint32 send_reject (OM_uint32 *minor_status, @@ -92,7 +92,7 @@ send_supported_mechs (OM_uint32 *minor_status, gss_buffer_t output_token) { NegotiationTokenWin nt; - char hostname[MAXHOSTNAMELEN], *p; + char hostname[MAXHOSTNAMELEN + 1], *p; gss_buffer_desc name_buf; gss_OID name_type; gss_name_t target_princ; @@ -117,11 +117,12 @@ send_supported_mechs (OM_uint32 *minor_status, } memset(&target_princ, 0, sizeof(target_princ)); - if (gethostname(hostname, sizeof(hostname) - 1) != 0) { + if (gethostname(hostname, sizeof(hostname) - 2) != 0) { *minor_status = errno; free_NegotiationTokenWin(&nt); return GSS_S_FAILURE; } + hostname[sizeof(hostname) - 1] = '\0'; /* Send the constructed SAM name for this host */ for (p = hostname; *p != '\0' && *p != '.'; p++) { @@ -662,6 +663,11 @@ acceptor_start &ctx->mech_time_rec, &mech_delegated_cred); if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) { + ctx->preferred_mech_type = preferred_mech_type; + ctx->negotiated_mech_type = preferred_mech_type; + if (ret == GSS_S_COMPLETE) + ctx->open = 1; + if (delegated_cred_handle) ret = _gss_spnego_alloc_cred(minor_status, mech_delegated_cred, @@ -669,11 +675,6 @@ acceptor_start else gss_release_cred(&ret2, &mech_delegated_cred); - ctx->preferred_mech_type = preferred_mech_type; - ctx->negotiated_mech_type = preferred_mech_type; - if (ret == GSS_S_COMPLETE) - ctx->open = 1; - ret = acceptor_complete(minor_status, ctx, &get_mic, diff --git a/source4/heimdal/lib/gssapi/spnego/compat.c b/source4/heimdal/lib/gssapi/spnego/compat.c index 786eac1340..bc7da9410e 100644 --- a/source4/heimdal/lib/gssapi/spnego/compat.c +++ b/source4/heimdal/lib/gssapi/spnego/compat.c @@ -32,7 +32,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: compat.c,v 1.9 2006/12/18 17:52:26 lha Exp $"); +RCSID("$Id: compat.c 19415 2006-12-18 17:52:26Z lha $"); /* * Apparently Microsoft got the OID wrong, and used diff --git a/source4/heimdal/lib/gssapi/spnego/context_stubs.c b/source4/heimdal/lib/gssapi/spnego/context_stubs.c index 57bc45a492..3535c7bb35 100644 --- a/source4/heimdal/lib/gssapi/spnego/context_stubs.c +++ b/source4/heimdal/lib/gssapi/spnego/context_stubs.c @@ -32,7 +32,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: context_stubs.c,v 1.9 2006/12/18 12:59:44 lha Exp $"); +RCSID("$Id: context_stubs.c 21035 2007-06-09 15:32:47Z lha $"); static OM_uint32 spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs) @@ -310,7 +310,7 @@ OM_uint32 _gss_spnego_display_name *minor_status = 0; - if (name->mech == GSS_C_NO_NAME) + if (name == NULL || name->mech == GSS_C_NO_NAME) return GSS_S_FAILURE; return gss_display_name(minor_status, name->mech, diff --git a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c index 8f8edab15e..2362e99019 100644 --- a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c +++ b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c @@ -32,7 +32,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: cred_stubs.c,v 1.5 2006/10/07 22:27:04 lha Exp $"); +RCSID("$Id: cred_stubs.c 20619 2007-05-08 13:43:45Z lha $"); OM_uint32 _gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) @@ -97,6 +97,8 @@ OM_uint32 _gss_spnego_acquire_cred OM_uint32 * time_rec ) { + const spnego_name dname = (const spnego_name)desired_name; + gss_name_t name = GSS_C_NO_NAME; OM_uint32 ret, tmp; gss_OID_set_desc actual_desired_mechs; gss_OID_set mechs; @@ -106,9 +108,18 @@ OM_uint32 _gss_spnego_acquire_cred *output_cred_handle = GSS_C_NO_CREDENTIAL; + if (dname) { + ret = gss_import_name(minor_status, &dname->value, &dname->type, &name); + if (ret) { + return ret; + } + } + ret = gss_indicate_mechs(minor_status, &mechs); - if (ret != GSS_S_COMPLETE) + if (ret != GSS_S_COMPLETE) { + gss_release_name(minor_status, &name); return ret; + } /* Remove ourselves from this list */ actual_desired_mechs.count = mechs->count; @@ -135,7 +146,7 @@ OM_uint32 _gss_spnego_acquire_cred goto out; cred = (gssspnego_cred)cred_handle; - ret = gss_acquire_cred(minor_status, desired_name, + ret = gss_acquire_cred(minor_status, name, time_req, &actual_desired_mechs, cred_usage, &cred->negotiated_cred_id, @@ -146,6 +157,7 @@ OM_uint32 _gss_spnego_acquire_cred *output_cred_handle = cred_handle; out: + gss_release_name(minor_status, &name); gss_release_oid_set(&tmp, &mechs); if (actual_desired_mechs.elements != NULL) { free(actual_desired_mechs.elements); @@ -167,6 +179,7 @@ OM_uint32 _gss_spnego_inquire_cred ) { gssspnego_cred cred; + spnego_name sname = NULL; OM_uint32 ret; if (cred_handle == GSS_C_NO_CREDENTIAL) { @@ -174,14 +187,29 @@ OM_uint32 _gss_spnego_inquire_cred return GSS_S_NO_CRED; } + if (name) { + sname = calloc(1, sizeof(*sname)); + if (sname == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + } + cred = (gssspnego_cred)cred_handle; ret = gss_inquire_cred(minor_status, cred->negotiated_cred_id, - name, + sname ? &sname->mech : NULL, lifetime, cred_usage, mechanisms); + if (ret) { + if (sname) + free(sname); + return ret; + } + if (name) + *name = (gss_name_t)sname; return ret; } @@ -246,6 +274,7 @@ OM_uint32 _gss_spnego_inquire_cred_by_mech ( ) { gssspnego_cred cred; + spnego_name sname = NULL; OM_uint32 ret; if (cred_handle == GSS_C_NO_CREDENTIAL) { @@ -253,17 +282,33 @@ OM_uint32 _gss_spnego_inquire_cred_by_mech ( return GSS_S_NO_CRED; } + if (name) { + sname = calloc(1, sizeof(*sname)); + if (sname == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + } + cred = (gssspnego_cred)cred_handle; ret = gss_inquire_cred_by_mech(minor_status, cred->negotiated_cred_id, mech_type, - name, + sname ? &sname->mech : NULL, initiator_lifetime, acceptor_lifetime, cred_usage); - return ret; + if (ret) { + if (sname) + free(sname); + return ret; + } + if (name) + *name = (gss_name_t)sname; + + return GSS_S_COMPLETE; } OM_uint32 _gss_spnego_inquire_cred_by_oid diff --git a/source4/heimdal/lib/gssapi/spnego/external.c b/source4/heimdal/lib/gssapi/spnego/external.c index b7e02a55e1..fbc231f3ae 100644 --- a/source4/heimdal/lib/gssapi/spnego/external.c +++ b/source4/heimdal/lib/gssapi/spnego/external.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" #include -RCSID("$Id: external.c,v 1.7 2006/10/07 22:27:06 lha Exp $"); +RCSID("$Id: external.c 18336 2006-10-07 22:27:13Z lha $"); /* * RFC2478, SPNEGO: diff --git a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c index a221281a70..7c74981e66 100644 --- a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: init_sec_context.c,v 1.11 2006/12/18 15:42:03 lha Exp $"); +RCSID("$Id: init_sec_context.c 19411 2006-12-18 15:42:03Z lha $"); /* * Is target_name an sane target for `mech´. diff --git a/source4/heimdal/lib/gssapi/spnego/spnego.asn1 b/source4/heimdal/lib/gssapi/spnego/spnego.asn1 index 76fafa356c..aed67dc4ae 100644 --- a/source4/heimdal/lib/gssapi/spnego/spnego.asn1 +++ b/source4/heimdal/lib/gssapi/spnego/spnego.asn1 @@ -1,4 +1,4 @@ --- $Id: spnego.asn1,v 1.3 2006/12/18 18:28:49 lha Exp $ +-- $Id: spnego.asn1 19420 2006-12-18 18:28:49Z lha $ SPNEGO DEFINITIONS ::= BEGIN diff --git a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h index 45dff04313..44b24688e1 100644 --- a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h +++ b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h @@ -30,7 +30,7 @@ * SUCH DAMAGE. */ -/* $Id: spnego_locl.h,v 1.15 2006/12/18 15:42:03 lha Exp $ */ +/* $Id: spnego_locl.h 19411 2006-12-18 15:42:03Z lha $ */ #ifndef SPNEGO_LOCL_H #define SPNEGO_LOCL_H diff --git a/source4/heimdal/lib/hcrypto/aes.c b/source4/heimdal/lib/hcrypto/aes.c new file mode 100755 index 0000000000..a36459a457 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/aes.c @@ -0,0 +1,124 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: aes.c 15495 2005-06-18 22:47:33Z lha $"); +#endif + +#ifdef KRB5 +#include +#endif + +#include + +#include "rijndael-alg-fst.h" +#include "aes.h" + +int +AES_set_encrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key) +{ + key->rounds = rijndaelKeySetupEnc(key->key, userkey, bits); + if (key->rounds == 0) + return -1; + return 0; +} + +int +AES_set_decrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key) +{ + key->rounds = rijndaelKeySetupDec(key->key, userkey, bits); + if (key->rounds == 0) + return -1; + return 0; +} + +void +AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) +{ + rijndaelEncrypt(key->key, key->rounds, in, out); +} + +void +AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) +{ + rijndaelDecrypt(key->key, key->rounds, in, out); +} + +void +AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + unsigned long size, const AES_KEY *key, + unsigned char *iv, int forward_encrypt) +{ + unsigned char tmp[AES_BLOCK_SIZE]; + int i; + + if (forward_encrypt) { + while (size >= AES_BLOCK_SIZE) { + for (i = 0; i < AES_BLOCK_SIZE; i++) + tmp[i] = in[i] ^ iv[i]; + AES_encrypt(tmp, out, key); + memcpy(iv, out, AES_BLOCK_SIZE); + size -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + if (size) { + for (i = 0; i < size; i++) + tmp[i] = in[i] ^ iv[i]; + for (i = size; i < AES_BLOCK_SIZE; i++) + tmp[i] = iv[i]; + AES_encrypt(tmp, out, key); + memcpy(iv, out, AES_BLOCK_SIZE); + } + } else { + while (size >= AES_BLOCK_SIZE) { + memcpy(tmp, in, AES_BLOCK_SIZE); + AES_decrypt(tmp, out, key); + for (i = 0; i < AES_BLOCK_SIZE; i++) + out[i] ^= iv[i]; + memcpy(iv, tmp, AES_BLOCK_SIZE); + size -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + if (size) { + memcpy(tmp, in, AES_BLOCK_SIZE); + AES_decrypt(tmp, out, key); + for (i = 0; i < size; i++) + out[i] ^= iv[i]; + memcpy(iv, tmp, AES_BLOCK_SIZE); + } + } +} diff --git a/source4/heimdal/lib/hcrypto/aes.h b/source4/heimdal/lib/hcrypto/aes.h new file mode 100755 index 0000000000..e91d8e73e1 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/aes.h @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2003-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: aes.h 17450 2006-05-05 11:11:43Z lha $ */ + +#ifndef HEIM_AES_H +#define HEIM_AES_H 1 + +/* symbol renaming */ +#define AES_set_encrypt_key hc_AES_set_encrypt_key +#define AES_set_decrypt_key hc_AES_decrypt_key +#define AES_encrypt hc_AES_encrypt +#define AES_decrypt hc_AES_decrypt +#define AES_cbc_encrypt hc_AES_cbc_encrypt + +/* + * + */ + +#define AES_BLOCK_SIZE 16 +#define AES_MAXNR 14 + +#define AES_ENCRYPT 1 +#define AES_DECRYPT 0 + +typedef struct aes_key { + uint32_t key[(AES_MAXNR+1)*4]; + int rounds; +} AES_KEY; + +int AES_set_encrypt_key(const unsigned char *, const int, AES_KEY *); +int AES_set_decrypt_key(const unsigned char *, const int, AES_KEY *); + +void AES_encrypt(const unsigned char *, unsigned char *, const AES_KEY *); +void AES_decrypt(const unsigned char *, unsigned char *, const AES_KEY *); + +void AES_cbc_encrypt(const unsigned char *, unsigned char *, + const unsigned long, const AES_KEY *, + unsigned char *, int); + +#endif /* HEIM_AES_H */ diff --git a/source4/heimdal/lib/hcrypto/bn.c b/source4/heimdal/lib/hcrypto/bn.c new file mode 100644 index 0000000000..698da2fe0b --- /dev/null +++ b/source4/heimdal/lib/hcrypto/bn.c @@ -0,0 +1,445 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: bn.c 18449 2006-10-14 09:21:09Z lha $"); + +#include +#include +#include +#include + +#include +#include /* XXX */ +#include + +#include +#include +#include + +BIGNUM * +BN_new(void) +{ + heim_integer *hi; + hi = calloc(1, sizeof(*hi)); + return (BIGNUM *)hi; +} + +void +BN_free(BIGNUM *bn) +{ + BN_clear(bn); + free(bn); +} + +void +BN_clear(BIGNUM *bn) +{ + heim_integer *hi = (heim_integer *)bn; + if (hi->data) { + memset(hi->data, 0, hi->length); + free(hi->data); + } + memset(hi, 0, sizeof(*hi)); +} + +void +BN_clear_free(BIGNUM *bn) +{ + BN_free(bn); +} + +BIGNUM * +BN_dup(const BIGNUM *bn) +{ + BIGNUM *b = BN_new(); + if (der_copy_heim_integer((const heim_integer *)bn, (heim_integer *)b)) { + BN_free(b); + return NULL; + } + return b; +} + +/* + * If the caller really want to know the number of bits used, subtract + * one from the length, multiply by 8, and then lookup in the table + * how many bits the hightest byte uses. + */ +int +BN_num_bits(const BIGNUM *bn) +{ + static unsigned char num2bits[256] = { + 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4, 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5, + 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, + 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, + 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + }; + const heim_integer *i = (const void *)bn; + if (i->length == 0) + return 0; + return (i->length - 1) * 8 + num2bits[((unsigned char *)i->data)[0]]; +} + +int +BN_num_bytes(const BIGNUM *bn) +{ + return ((const heim_integer *)bn)->length; +} + +/* + * Ignore negative flag. + */ + +BIGNUM * +BN_bin2bn(const void *s, int len, BIGNUM *bn) +{ + heim_integer *hi = (void *)bn; + + if (len < 0) + return NULL; + + if (hi == NULL) { + hi = (heim_integer *)BN_new(); + if (hi == NULL) + return NULL; + } + if (hi->data) + BN_clear((BIGNUM *)hi); + hi->negative = 0; + hi->data = malloc(len); + if (hi->data == NULL && len != 0) { + if (bn == NULL) + BN_free((BIGNUM *)hi); + return NULL; + } + hi->length = len; + memcpy(hi->data, s, len); + return (BIGNUM *)hi; +} + +int +BN_bn2bin(const BIGNUM *bn, void *to) +{ + const heim_integer *hi = (const void *)bn; + memcpy(to, hi->data, hi->length); + return hi->length; +} + +int +BN_hex2bn(BIGNUM **bnp, const char *in) +{ + int negative; + ssize_t ret; + size_t len; + void *data; + + len = strlen(in); + data = malloc(len); + if (data == NULL) + return 0; + + if (*in == '-') { + negative = 1; + in++; + } else + negative = 0; + + ret = hex_decode(in, data, len); + if (ret < 0) { + free(data); + return 0; + } + + *bnp = BN_bin2bn(data, ret, NULL); + free(data); + if (*bnp == NULL) + return 0; + BN_set_negative(*bnp, negative); + return 1; +} + +char * +BN_bn2hex(const BIGNUM *bn) +{ + ssize_t ret; + size_t len; + void *data; + char *str; + + len = BN_num_bytes(bn); + data = malloc(len); + if (data == NULL) + return 0; + + len = BN_bn2bin(bn, data); + + ret = hex_encode(data, len, &str); + free(data); + if (ret < 0) + return 0; + + return str; +} + +int +BN_cmp(const BIGNUM *bn1, const BIGNUM *bn2) +{ + return der_heim_integer_cmp((const heim_integer *)bn1, + (const heim_integer *)bn2); +} + +void +BN_set_negative(BIGNUM *bn, int flag) +{ + ((heim_integer *)bn)->negative = (flag ? 1 : 0); +} + +int +BN_is_negative(BIGNUM *bn) +{ + return ((heim_integer *)bn)->negative ? 1 : 0; +} + +static const unsigned char is_set[8] = { 1, 2, 4, 8, 16, 32, 64, 128 }; + +int +BN_is_bit_set(const BIGNUM *bn, int bit) +{ + heim_integer *hi = (heim_integer *)bn; + unsigned char *p = hi->data; + + if ((bit / 8) > hi->length || hi->length == 0) + return 0; + + return p[hi->length - 1 - (bit / 8)] & is_set[bit % 8]; +} + +int +BN_set_bit(BIGNUM *bn, int bit) +{ + heim_integer *hi = (heim_integer *)bn; + unsigned char *p; + + if ((bit / 8) > hi->length || hi->length == 0) { + size_t len = (bit + 7) / 8; + void *d = realloc(hi->data, len); + if (d == NULL) + return 0; + hi->data = d; + p = hi->data; + memset(&p[hi->length], 0, len); + hi->length = len; + } else + p = hi->data; + + p[hi->length - 1 - (bit / 8)] |= is_set[bit % 8]; + return 1; +} + +int +BN_clear_bit(BIGNUM *bn, int bit) +{ + heim_integer *hi = (heim_integer *)bn; + unsigned char *p = hi->data; + + if ((bit / 8) > hi->length || hi->length == 0) + return 0; + + p[hi->length - 1 - (bit / 8)] &= (unsigned char)(~(is_set[bit % 8])); + + return 1; +} + +int +BN_set_word(BIGNUM *bn, unsigned long num) +{ + unsigned char p[sizeof(num)]; + unsigned long num2; + int i, len; + + for (num2 = num, i = 0; num2 > 0; i++) + num2 = num2 >> 8; + + len = i - 1; + for (; i > 0; i--) { + p[i - 1] = (num & 0xff); + num = num >> 8; + } + + bn = BN_bin2bn(p, len + 1, bn); + return bn != NULL; +} + +unsigned long +BN_get_word(const BIGNUM *bn) +{ + heim_integer *hi = (heim_integer *)bn; + unsigned long num = 0; + int i; + + if (hi->negative || hi->length > sizeof(num)) + return ULONG_MAX; + + for (i = 0; i < hi->length; i++) + num = ((unsigned char *)hi->data)[i] | (num << 8); + return num; +} + +int +BN_rand(BIGNUM *bn, int bits, int top, int bottom) +{ + size_t len = (bits + 7) / 8; + heim_integer *i = (heim_integer *)bn; + + BN_clear(bn); + + i->negative = 0; + i->data = malloc(len); + if (i->data == NULL && len != 0) + return 0; + i->length = len; + + if (RAND_bytes(i->data, i->length) != 1) { + free(i->data); + i->data = NULL; + return 0; + } + + { + size_t j = len * 8; + while(j > bits) { + BN_clear_bit(bn, j - 1); + j--; + } + } + + if (top == -1) { + ; + } else if (top == 0 && bits > 0) { + BN_set_bit(bn, bits - 1); + } else if (top == 1 && bits > 1) { + BN_set_bit(bn, bits - 1); + BN_set_bit(bn, bits - 2); + } else { + BN_clear(bn); + return 0; + } + + if (bottom && bits > 0) + BN_set_bit(bn, 0); + + return 1; +} + +/* + * + */ + +int +BN_uadd(BIGNUM *res, const BIGNUM *a, const BIGNUM *b) +{ + const heim_integer *ai = (const heim_integer *)a; + const heim_integer *bi = (const heim_integer *)b; + const unsigned char *ap, *bp; + unsigned char *cp; + heim_integer ci; + int carry = 0; + ssize_t len; + + if (ai->negative && bi->negative) + return 0; + if (ai->length < bi->length) { + const heim_integer *si = bi; + bi = ai; ai = si; + } + + ci.negative = 0; + ci.length = ai->length + 1; + ci.data = malloc(ci.length); + if (ci.data == NULL) + return 0; + + ap = &((const unsigned char *)ai->data)[ai->length - 1]; + bp = &((const unsigned char *)bi->data)[bi->length - 1]; + cp = &((unsigned char *)ci.data)[ci.length - 1]; + + for (len = bi->length; len > 0; len--) { + carry = *ap + *bp + carry; + *cp = carry & 0xff; + carry = (carry & ~0xff) ? 1 : 0; + ap--; bp--; cp--; + } + for (len = ai->length - bi->length; len > 0; len--) { + carry = *ap + carry; + *cp = carry & 0xff; + carry = (carry & ~0xff) ? 1 : 0; + ap--; cp--; + } + if (!carry) + memmove(cp, cp + 1, --ci.length); + else + *cp = carry; + + BN_clear(res); + *((heim_integer *)res) = ci; + + return 1; +} + + +/* + * Callback when doing slow generation of numbers, like primes. + */ + +void +BN_GENCB_set(BN_GENCB *gencb, int (*cb_2)(int, int, BN_GENCB *), void *ctx) +{ + gencb->ver = 2; + gencb->cb.cb_2 = cb_2; + gencb->arg = ctx; +} + +int +BN_GENCB_call(BN_GENCB *cb, int a, int b) +{ + if (cb == NULL || cb->cb.cb_2 == NULL) + return 1; + return cb->cb.cb_2(a, b, cb); +} diff --git a/source4/heimdal/lib/hcrypto/bn.h b/source4/heimdal/lib/hcrypto/bn.h new file mode 100644 index 0000000000..82c9991c2c --- /dev/null +++ b/source4/heimdal/lib/hcrypto/bn.h @@ -0,0 +1,121 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: bn.h 16536 2006-01-13 08:27:50Z lha $ + */ + +#ifndef _HEIM_BN_H +#define _HEIM_BN_H 1 + +/* symbol renaming */ +#define BN_GENCB_call hc_BN_GENCB_call +#define BN_GENCB_set hc_BN_GENCB_set +#define BN_bin2bn hc_BN_bin2bn +#define BN_bn2bin hc_BN_bn2bin +#define BN_bn2hex hc_BN_bn2hex +#define BN_clear hc_BN_clear +#define BN_clear_bit hc_BN_clear_bit +#define BN_clear_free hc_BN_clear_free +#define BN_cmp hc_BN_cmp +#define BN_dup hc_BN_dup +#define BN_free hc_BN_free +#define BN_is_negative hc_BN_is_negative +#define BN_get_word hc_BN_get_word +#define BN_hex2bn hc_BN_hex2bn +#define BN_is_bit_set hc_BN_is_bit_set +#define BN_new hc_BN_new +#define BN_num_bits hc_BN_num_bits +#define BN_num_bytes hc_BN_num_bytes +#define BN_rand hc_BN_rand +#define BN_set_bit hc_BN_set_bit +#define BN_set_negative hc_BN_set_negative +#define BN_set_word hc_BN_set_word +#define BN_uadd hc_BN_uadd + +/* + * + */ + +typedef void BIGNUM; +typedef struct BN_GENCB BN_GENCB; +typedef void BN_CTX; +typedef void BN_MONT_CTX; +typedef void BN_BLINDING; + +struct BN_GENCB { + unsigned int ver; + void *arg; + union { + int (*cb_2)(int, int, BN_GENCB *); + } cb; +}; + +/* + * + */ + +BIGNUM *BN_new(void); +void BN_free(BIGNUM *); +void BN_clear_free(BIGNUM *); +void BN_clear(BIGNUM *); +BIGNUM *BN_dup(const BIGNUM *); + +int BN_num_bits(const BIGNUM *); +int BN_num_bytes(const BIGNUM *); + +int BN_cmp(const BIGNUM *, const BIGNUM *); + +void BN_set_negative(BIGNUM *, int); +int BN_is_negative(BIGNUM *); + +int BN_is_bit_set(const BIGNUM *, int); +int BN_set_bit(BIGNUM *, int); +int BN_clear_bit(BIGNUM *, int); + +int BN_set_word(BIGNUM *, unsigned long); +unsigned long BN_get_word(const BIGNUM *); + +BIGNUM *BN_bin2bn(const void *,int len,BIGNUM *); +int BN_bn2bin(const BIGNUM *, void *); +int BN_hex2bn(BIGNUM **, const char *); +char * BN_bn2hex(const BIGNUM *); + +int BN_uadd(BIGNUM *, const BIGNUM *, const BIGNUM *); + +int BN_rand(BIGNUM *, int, int, int); + +void BN_GENCB_set(BN_GENCB *, int (*)(int, int, BN_GENCB *), void *); +int BN_GENCB_call(BN_GENCB *, int, int); + +#endif diff --git a/source4/heimdal/lib/hcrypto/des-tables.h b/source4/heimdal/lib/hcrypto/des-tables.h new file mode 100644 index 0000000000..03854ec174 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/des-tables.h @@ -0,0 +1,196 @@ +/* GENERATE FILE from gen-des.pl, do not edit */ + +/* pc1_c_3 bit pattern 5 13 21 */ +static int pc1_c_3[8] = { + 0x00000000, 0x00000010, 0x00001000, 0x00001010, + 0x00100000, 0x00100010, 0x00101000, 0x00101010 +}; +/* pc1_c_4 bit pattern 1 9 17 25 */ +static int pc1_c_4[16] = { + 0x00000000, 0x00000001, 0x00000100, 0x00000101, + 0x00010000, 0x00010001, 0x00010100, 0x00010101, + 0x01000000, 0x01000001, 0x01000100, 0x01000101, + 0x01010000, 0x01010001, 0x01010100, 0x01010101 +}; +/* pc1_d_3 bit pattern 49 41 33 */ +static int pc1_d_3[8] = { + 0x00000000, 0x01000000, 0x00010000, 0x01010000, + 0x00000100, 0x01000100, 0x00010100, 0x01010100 +}; +/* pc1_d_4 bit pattern 57 53 45 37 */ +static int pc1_d_4[16] = { + 0x00000000, 0x00100000, 0x00001000, 0x00101000, + 0x00000010, 0x00100010, 0x00001010, 0x00101010, + 0x00000001, 0x00100001, 0x00001001, 0x00101001, + 0x00000011, 0x00100011, 0x00001011, 0x00101011 +}; +/* pc2_c_1 bit pattern 5 24 7 16 6 10 */ +static int pc2_c_1[64] = { + 0x00000000, 0x00004000, 0x00040000, 0x00044000, + 0x00000100, 0x00004100, 0x00040100, 0x00044100, + 0x00020000, 0x00024000, 0x00060000, 0x00064000, + 0x00020100, 0x00024100, 0x00060100, 0x00064100, + 0x00000001, 0x00004001, 0x00040001, 0x00044001, + 0x00000101, 0x00004101, 0x00040101, 0x00044101, + 0x00020001, 0x00024001, 0x00060001, 0x00064001, + 0x00020101, 0x00024101, 0x00060101, 0x00064101, + 0x00080000, 0x00084000, 0x000c0000, 0x000c4000, + 0x00080100, 0x00084100, 0x000c0100, 0x000c4100, + 0x000a0000, 0x000a4000, 0x000e0000, 0x000e4000, + 0x000a0100, 0x000a4100, 0x000e0100, 0x000e4100, + 0x00080001, 0x00084001, 0x000c0001, 0x000c4001, + 0x00080101, 0x00084101, 0x000c0101, 0x000c4101, + 0x000a0001, 0x000a4001, 0x000e0001, 0x000e4001, + 0x000a0101, 0x000a4101, 0x000e0101, 0x000e4101 +}; +/* pc2_c_2 bit pattern 20 18 12 3 15 23 */ +static int pc2_c_2[64] = { + 0x00000000, 0x00000002, 0x00000200, 0x00000202, + 0x00200000, 0x00200002, 0x00200200, 0x00200202, + 0x00001000, 0x00001002, 0x00001200, 0x00001202, + 0x00201000, 0x00201002, 0x00201200, 0x00201202, + 0x00000040, 0x00000042, 0x00000240, 0x00000242, + 0x00200040, 0x00200042, 0x00200240, 0x00200242, + 0x00001040, 0x00001042, 0x00001240, 0x00001242, + 0x00201040, 0x00201042, 0x00201240, 0x00201242, + 0x00000010, 0x00000012, 0x00000210, 0x00000212, + 0x00200010, 0x00200012, 0x00200210, 0x00200212, + 0x00001010, 0x00001012, 0x00001210, 0x00001212, + 0x00201010, 0x00201012, 0x00201210, 0x00201212, + 0x00000050, 0x00000052, 0x00000250, 0x00000252, + 0x00200050, 0x00200052, 0x00200250, 0x00200252, + 0x00001050, 0x00001052, 0x00001250, 0x00001252, + 0x00201050, 0x00201052, 0x00201250, 0x00201252 +}; +/* pc2_c_3 bit pattern 1 9 19 2 14 22 */ +static int pc2_c_3[64] = { + 0x00000000, 0x00000004, 0x00000400, 0x00000404, + 0x00400000, 0x00400004, 0x00400400, 0x00400404, + 0x00000020, 0x00000024, 0x00000420, 0x00000424, + 0x00400020, 0x00400024, 0x00400420, 0x00400424, + 0x00008000, 0x00008004, 0x00008400, 0x00008404, + 0x00408000, 0x00408004, 0x00408400, 0x00408404, + 0x00008020, 0x00008024, 0x00008420, 0x00008424, + 0x00408020, 0x00408024, 0x00408420, 0x00408424, + 0x00800000, 0x00800004, 0x00800400, 0x00800404, + 0x00c00000, 0x00c00004, 0x00c00400, 0x00c00404, + 0x00800020, 0x00800024, 0x00800420, 0x00800424, + 0x00c00020, 0x00c00024, 0x00c00420, 0x00c00424, + 0x00808000, 0x00808004, 0x00808400, 0x00808404, + 0x00c08000, 0x00c08004, 0x00c08400, 0x00c08404, + 0x00808020, 0x00808024, 0x00808420, 0x00808424, + 0x00c08020, 0x00c08024, 0x00c08420, 0x00c08424 +}; +/* pc2_c_4 bit pattern 11 13 4 17 21 8 */ +static int pc2_c_4[64] = { + 0x00000000, 0x00010000, 0x00000008, 0x00010008, + 0x00000080, 0x00010080, 0x00000088, 0x00010088, + 0x00100000, 0x00110000, 0x00100008, 0x00110008, + 0x00100080, 0x00110080, 0x00100088, 0x00110088, + 0x00000800, 0x00010800, 0x00000808, 0x00010808, + 0x00000880, 0x00010880, 0x00000888, 0x00010888, + 0x00100800, 0x00110800, 0x00100808, 0x00110808, + 0x00100880, 0x00110880, 0x00100888, 0x00110888, + 0x00002000, 0x00012000, 0x00002008, 0x00012008, + 0x00002080, 0x00012080, 0x00002088, 0x00012088, + 0x00102000, 0x00112000, 0x00102008, 0x00112008, + 0x00102080, 0x00112080, 0x00102088, 0x00112088, + 0x00002800, 0x00012800, 0x00002808, 0x00012808, + 0x00002880, 0x00012880, 0x00002888, 0x00012888, + 0x00102800, 0x00112800, 0x00102808, 0x00112808, + 0x00102880, 0x00112880, 0x00102888, 0x00112888 +}; +/* pc2_d_1 bit pattern 51 35 31 52 39 45 */ +static int pc2_d_1[64] = { + 0x00000000, 0x00000080, 0x00002000, 0x00002080, + 0x00000001, 0x00000081, 0x00002001, 0x00002081, + 0x00200000, 0x00200080, 0x00202000, 0x00202080, + 0x00200001, 0x00200081, 0x00202001, 0x00202081, + 0x00020000, 0x00020080, 0x00022000, 0x00022080, + 0x00020001, 0x00020081, 0x00022001, 0x00022081, + 0x00220000, 0x00220080, 0x00222000, 0x00222080, + 0x00220001, 0x00220081, 0x00222001, 0x00222081, + 0x00000002, 0x00000082, 0x00002002, 0x00002082, + 0x00000003, 0x00000083, 0x00002003, 0x00002083, + 0x00200002, 0x00200082, 0x00202002, 0x00202082, + 0x00200003, 0x00200083, 0x00202003, 0x00202083, + 0x00020002, 0x00020082, 0x00022002, 0x00022082, + 0x00020003, 0x00020083, 0x00022003, 0x00022083, + 0x00220002, 0x00220082, 0x00222002, 0x00222082, + 0x00220003, 0x00220083, 0x00222003, 0x00222083 +}; +/* pc2_d_2 bit pattern 50 32 43 36 29 48 */ +static int pc2_d_2[64] = { + 0x00000000, 0x00000010, 0x00800000, 0x00800010, + 0x00010000, 0x00010010, 0x00810000, 0x00810010, + 0x00000200, 0x00000210, 0x00800200, 0x00800210, + 0x00010200, 0x00010210, 0x00810200, 0x00810210, + 0x00100000, 0x00100010, 0x00900000, 0x00900010, + 0x00110000, 0x00110010, 0x00910000, 0x00910010, + 0x00100200, 0x00100210, 0x00900200, 0x00900210, + 0x00110200, 0x00110210, 0x00910200, 0x00910210, + 0x00000004, 0x00000014, 0x00800004, 0x00800014, + 0x00010004, 0x00010014, 0x00810004, 0x00810014, + 0x00000204, 0x00000214, 0x00800204, 0x00800214, + 0x00010204, 0x00010214, 0x00810204, 0x00810214, + 0x00100004, 0x00100014, 0x00900004, 0x00900014, + 0x00110004, 0x00110014, 0x00910004, 0x00910014, + 0x00100204, 0x00100214, 0x00900204, 0x00900214, + 0x00110204, 0x00110214, 0x00910204, 0x00910214 +}; +/* pc2_d_3 bit pattern 41 38 47 33 40 42 */ +static int pc2_d_3[64] = { + 0x00000000, 0x00000400, 0x00001000, 0x00001400, + 0x00080000, 0x00080400, 0x00081000, 0x00081400, + 0x00000020, 0x00000420, 0x00001020, 0x00001420, + 0x00080020, 0x00080420, 0x00081020, 0x00081420, + 0x00004000, 0x00004400, 0x00005000, 0x00005400, + 0x00084000, 0x00084400, 0x00085000, 0x00085400, + 0x00004020, 0x00004420, 0x00005020, 0x00005420, + 0x00084020, 0x00084420, 0x00085020, 0x00085420, + 0x00000800, 0x00000c00, 0x00001800, 0x00001c00, + 0x00080800, 0x00080c00, 0x00081800, 0x00081c00, + 0x00000820, 0x00000c20, 0x00001820, 0x00001c20, + 0x00080820, 0x00080c20, 0x00081820, 0x00081c20, + 0x00004800, 0x00004c00, 0x00005800, 0x00005c00, + 0x00084800, 0x00084c00, 0x00085800, 0x00085c00, + 0x00004820, 0x00004c20, 0x00005820, 0x00005c20, + 0x00084820, 0x00084c20, 0x00085820, 0x00085c20 +}; +/* pc2_d_4 bit pattern 49 37 30 46 34 44 */ +static int pc2_d_4[64] = { + 0x00000000, 0x00000100, 0x00040000, 0x00040100, + 0x00000040, 0x00000140, 0x00040040, 0x00040140, + 0x00400000, 0x00400100, 0x00440000, 0x00440100, + 0x00400040, 0x00400140, 0x00440040, 0x00440140, + 0x00008000, 0x00008100, 0x00048000, 0x00048100, + 0x00008040, 0x00008140, 0x00048040, 0x00048140, + 0x00408000, 0x00408100, 0x00448000, 0x00448100, + 0x00408040, 0x00408140, 0x00448040, 0x00448140, + 0x00000008, 0x00000108, 0x00040008, 0x00040108, + 0x00000048, 0x00000148, 0x00040048, 0x00040148, + 0x00400008, 0x00400108, 0x00440008, 0x00440108, + 0x00400048, 0x00400148, 0x00440048, 0x00440148, + 0x00008008, 0x00008108, 0x00048008, 0x00048108, + 0x00008048, 0x00008148, 0x00048048, 0x00048148, + 0x00408008, 0x00408108, 0x00448008, 0x00448108, + 0x00408048, 0x00408148, 0x00448048, 0x00448148 +}; +static unsigned char odd_parity[256] = { + 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, + 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, + 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, + 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, + 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, + 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, + 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110, +112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127, +128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143, +145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158, +161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174, +176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191, +193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206, +208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223, +224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239, +241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254, + }; diff --git a/source4/heimdal/lib/hcrypto/des.c b/source4/heimdal/lib/hcrypto/des.c new file mode 100644 index 0000000000..a4444a8a7c --- /dev/null +++ b/source4/heimdal/lib/hcrypto/des.c @@ -0,0 +1,967 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * The document that got me started for real was "Efficient + * Implementation of the Data Encryption Standard" by Dag Arne Osvik. + * I never got to the PC1 transformation was working, instead I used + * table-lookup was used for all key schedule setup. The document was + * very useful since it de-mystified other implementations for me. + * + * The core DES function (SBOX + P transformation) is from Richard + * Outerbridge public domain DES implementation. My sanity is saved + * thanks to his work. Thank you Richard. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: des.c 17211 2006-04-24 14:26:19Z lha $"); +#endif + +#include +#include +#include +#include +#include + +#include "des.h" +#include "ui.h" + +static void desx(uint32_t [2], DES_key_schedule *, int); +static void IP(uint32_t [2]); +static void FP(uint32_t [2]); + +#include "des-tables.h" + +#define ROTATE_LEFT28(x,one) \ + if (one) { \ + x = ( ((x)<<(1)) & 0xffffffe) | ((x) >> 27); \ + } else { \ + x = ( ((x)<<(2)) & 0xffffffc) | ((x) >> 26); \ + } + +/* + * + */ + +int +DES_set_odd_parity(DES_cblock *key) +{ + int i; + for (i = 0; i < DES_CBLOCK_LEN; i++) + (*key)[i] = odd_parity[(*key)[i]]; + return 0; +} + +/* + * + */ + +/* FIPS 74 */ +static DES_cblock weak_keys[] = { + {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, /* weak keys */ + {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE}, + {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E}, + {0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1}, + {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE}, /* semi-weak keys */ + {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01}, + {0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1}, + {0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E}, + {0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1}, + {0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01}, + {0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE}, + {0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E}, + {0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E}, + {0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01}, + {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE}, + {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1} +}; + +int +DES_is_weak_key(DES_cblock *key) +{ + int i; + + for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) { + if (memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0) + return 1; + } + return 0; +} + + +/* + * + */ + +int +DES_set_key(DES_cblock *key, DES_key_schedule *ks) +{ + uint32_t t1, t2; + uint32_t c, d; + int shifts[16] = { 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1 }; + uint32_t *k = &ks->ks[0]; + int i; + + t1 = (*key)[0] << 24 | (*key)[1] << 16 | (*key)[2] << 8 | (*key)[3]; + t2 = (*key)[4] << 24 | (*key)[5] << 16 | (*key)[6] << 8 | (*key)[7]; + + c = (pc1_c_3[(t1 >> (5 )) & 0x7] << 3) + | (pc1_c_3[(t1 >> (5 + 8 )) & 0x7] << 2) + | (pc1_c_3[(t1 >> (5 + 8 + 8 )) & 0x7] << 1) + | (pc1_c_3[(t1 >> (5 + 8 + 8 + 8)) & 0x7] << 0) + | (pc1_c_4[(t2 >> (4 )) & 0xf] << 3) + | (pc1_c_4[(t2 >> (4 + 8 )) & 0xf] << 2) + | (pc1_c_4[(t2 >> (4 + 8 + 8 )) & 0xf] << 1) + | (pc1_c_4[(t2 >> (4 + 8 + 8 + 8)) & 0xf] << 0); + + + d = (pc1_d_3[(t2 >> (1 )) & 0x7] << 3) + | (pc1_d_3[(t2 >> (1 + 8 )) & 0x7] << 2) + | (pc1_d_3[(t2 >> (1 + 8 + 8 )) & 0x7] << 1) + | (pc1_d_3[(t2 >> (1 + 8 + 8 + 8)) & 0x7] << 0) + | (pc1_d_4[(t1 >> (1 )) & 0xf] << 3) + | (pc1_d_4[(t1 >> (1 + 8 )) & 0xf] << 2) + | (pc1_d_4[(t1 >> (1 + 8 + 8 )) & 0xf] << 1) + | (pc1_d_4[(t1 >> (1 + 8 + 8 + 8)) & 0xf] << 0); + + for (i = 0; i < 16; i++) { + uint32_t kc, kd; + + ROTATE_LEFT28(c, shifts[i]); + ROTATE_LEFT28(d, shifts[i]); + + kc = pc2_c_1[(c >> 22) & 0x3f] | + pc2_c_2[((c >> 16) & 0x30) | ((c >> 15) & 0xf)] | + pc2_c_3[((c >> 9 ) & 0x3c) | ((c >> 8 ) & 0x3)] | + pc2_c_4[((c >> 2 ) & 0x20) | ((c >> 1) & 0x18) | (c & 0x7)]; + kd = pc2_d_1[(d >> 22) & 0x3f] | + pc2_d_2[((d >> 15) & 0x30) | ((d >> 14) & 0xf)] | + pc2_d_3[ (d >> 7 ) & 0x3f] | + pc2_d_4[((d >> 1 ) & 0x3c) | ((d ) & 0x3)]; + + /* Change to byte order used by the S boxes */ + *k = (kc & 0x00fc0000L) << 6; + *k |= (kc & 0x00000fc0L) << 10; + *k |= (kd & 0x00fc0000L) >> 10; + *k++ |= (kd & 0x00000fc0L) >> 6; + *k = (kc & 0x0003f000L) << 12; + *k |= (kc & 0x0000003fL) << 16; + *k |= (kd & 0x0003f000L) >> 4; + *k++ |= (kd & 0x0000003fL); + } + + return 0; +} + +/* + * + */ + +int +DES_set_key_checked(DES_cblock *key, DES_key_schedule *ks) +{ + if (DES_is_weak_key(key)) { + memset(ks, 0, sizeof(*ks)); + return 1; + } + return DES_set_key(key, ks); +} + +/* + * Compatibility function for eay libdes + */ + +int +DES_key_sched(DES_cblock *key, DES_key_schedule *ks) +{ + return DES_set_key(key, ks); +} + +/* + * + */ + +static void +load(const unsigned char *b, uint32_t v[2]) +{ + v[0] = b[0] << 24; + v[0] |= b[1] << 16; + v[0] |= b[2] << 8; + v[0] |= b[3] << 0; + v[1] = b[4] << 24; + v[1] |= b[5] << 16; + v[1] |= b[6] << 8; + v[1] |= b[7] << 0; +} + +static void +store(const uint32_t v[2], unsigned char *b) +{ + b[0] = (v[0] >> 24) & 0xff; + b[1] = (v[0] >> 16) & 0xff; + b[2] = (v[0] >> 8) & 0xff; + b[3] = (v[0] >> 0) & 0xff; + b[4] = (v[1] >> 24) & 0xff; + b[5] = (v[1] >> 16) & 0xff; + b[6] = (v[1] >> 8) & 0xff; + b[7] = (v[1] >> 0) & 0xff; +} + +/* + * + */ + +void +DES_encrypt(uint32_t u[2], DES_key_schedule *ks, int forward_encrypt) +{ + IP(u); + desx(u, ks, forward_encrypt); + FP(u); +} + +/* + * + */ + +void +DES_ecb_encrypt(DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks, int forward_encrypt) +{ + uint32_t u[2]; + load(*input, u); + DES_encrypt(u, ks, forward_encrypt); + store(u, *output); +} + +/* + * + */ + +void +DES_cbc_encrypt(const void *in, void *out, long length, + DES_key_schedule *ks, DES_cblock *iv, int forward_encrypt) +{ + const unsigned char *input = in; + unsigned char *output = out; + uint32_t u[2]; + uint32_t uiv[2]; + + load(*iv, uiv); + + if (forward_encrypt) { + while (length >= DES_CBLOCK_LEN) { + load(input, u); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + DES_encrypt(u, ks, 1); + uiv[0] = u[0]; uiv[1] = u[1]; + store(u, output); + + length -= DES_CBLOCK_LEN; + input += DES_CBLOCK_LEN; + output += DES_CBLOCK_LEN; + } + if (length) { + unsigned char tmp[DES_CBLOCK_LEN]; + memcpy(tmp, input, length); + memset(tmp + length, 0, DES_CBLOCK_LEN - length); + load(tmp, u); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + DES_encrypt(u, ks, 1); + store(u, output); + } + } else { + uint32_t t[2]; + while (length >= DES_CBLOCK_LEN) { + load(input, u); + t[0] = u[0]; t[1] = u[1]; + DES_encrypt(u, ks, 0); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + store(u, output); + uiv[0] = t[0]; uiv[1] = t[1]; + + length -= DES_CBLOCK_LEN; + input += DES_CBLOCK_LEN; + output += DES_CBLOCK_LEN; + } + if (length) { + unsigned char tmp[DES_CBLOCK_LEN]; + memcpy(tmp, input, length); + memset(tmp + length, 0, DES_CBLOCK_LEN - length); + load(tmp, u); + DES_encrypt(u, ks, 0); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + store(u, output); + } + } + uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0; +} + +/* + * + */ + +void +DES_pcbc_encrypt(const void *in, void *out, long length, + DES_key_schedule *ks, DES_cblock *iv, int forward_encrypt) +{ + const unsigned char *input = in; + unsigned char *output = out; + uint32_t u[2]; + uint32_t uiv[2]; + + load(*iv, uiv); + + if (forward_encrypt) { + uint32_t t[2]; + while (length >= DES_CBLOCK_LEN) { + load(input, u); + t[0] = u[0]; t[1] = u[1]; + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + DES_encrypt(u, ks, 1); + uiv[0] = u[0] ^ t[0]; uiv[1] = u[1] ^ t[1]; + store(u, output); + + length -= DES_CBLOCK_LEN; + input += DES_CBLOCK_LEN; + output += DES_CBLOCK_LEN; + } + if (length) { + unsigned char tmp[DES_CBLOCK_LEN]; + memcpy(tmp, input, length); + memset(tmp + length, 0, DES_CBLOCK_LEN - length); + load(tmp, u); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + DES_encrypt(u, ks, 1); + store(u, output); + } + } else { + uint32_t t[2]; + while (length >= DES_CBLOCK_LEN) { + load(input, u); + t[0] = u[0]; t[1] = u[1]; + DES_encrypt(u, ks, 0); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + store(u, output); + uiv[0] = t[0] ^ u[0]; uiv[1] = t[1] ^ u[1]; + + length -= DES_CBLOCK_LEN; + input += DES_CBLOCK_LEN; + output += DES_CBLOCK_LEN; + } + if (length) { + unsigned char tmp[DES_CBLOCK_LEN]; + memcpy(tmp, input, length); + memset(tmp + length, 0, DES_CBLOCK_LEN - length); + load(tmp, u); + DES_encrypt(u, ks, 0); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + } + } + uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0; +} + +/* + * + */ + +static void +_des3_encrypt(uint32_t u[2], DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, int forward_encrypt) +{ + IP(u); + if (forward_encrypt) { + desx(u, ks1, 1); /* IP + FP cancel out each other */ + desx(u, ks2, 0); + desx(u, ks3, 1); + } else { + desx(u, ks3, 0); + desx(u, ks2, 1); + desx(u, ks1, 0); + } + FP(u); +} + +/* + * + */ + +void +DES_ecb3_encrypt(DES_cblock *input, + DES_cblock *output, + DES_key_schedule *ks1, + DES_key_schedule *ks2, + DES_key_schedule *ks3, + int forward_encrypt) +{ + uint32_t u[2]; + load(*input, u); + _des3_encrypt(u, ks1, ks2, ks3, forward_encrypt); + store(u, *output); + return; +} + +/* + * + */ + +void +DES_ede3_cbc_encrypt(const void *in, void *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *iv, int forward_encrypt) +{ + const unsigned char *input = in; + unsigned char *output = out; + uint32_t u[2]; + uint32_t uiv[2]; + + load(*iv, uiv); + + if (forward_encrypt) { + while (length >= DES_CBLOCK_LEN) { + load(input, u); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + _des3_encrypt(u, ks1, ks2, ks3, 1); + uiv[0] = u[0]; uiv[1] = u[1]; + store(u, output); + + length -= DES_CBLOCK_LEN; + input += DES_CBLOCK_LEN; + output += DES_CBLOCK_LEN; + } + if (length) { + unsigned char tmp[DES_CBLOCK_LEN]; + memcpy(tmp, input, length); + memset(tmp + length, 0, DES_CBLOCK_LEN - length); + load(tmp, u); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + _des3_encrypt(u, ks1, ks2, ks3, 1); + store(u, output); + } + } else { + uint32_t t[2]; + while (length >= DES_CBLOCK_LEN) { + load(input, u); + t[0] = u[0]; t[1] = u[1]; + _des3_encrypt(u, ks1, ks2, ks3, 0); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + store(u, output); + uiv[0] = t[0]; uiv[1] = t[1]; + + length -= DES_CBLOCK_LEN; + input += DES_CBLOCK_LEN; + output += DES_CBLOCK_LEN; + } + if (length) { + unsigned char tmp[DES_CBLOCK_LEN]; + memcpy(tmp, input, length); + memset(tmp + length, 0, DES_CBLOCK_LEN - length); + load(tmp, u); + _des3_encrypt(u, ks1, ks2, ks3, 0); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + store(u, output); + } + } + store(uiv, *iv); + uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0; +} + +/* + * + */ + +void +DES_cfb64_encrypt(const void *in, void *out, + long length, DES_key_schedule *ks, DES_cblock *iv, + int *num, int forward_encrypt) +{ + const unsigned char *input = in; + unsigned char *output = out; + unsigned char tmp[DES_CBLOCK_LEN]; + uint32_t uiv[2]; + + load(*iv, uiv); + + assert(*num >= 0 && *num < DES_CBLOCK_LEN); + + if (forward_encrypt) { + int i = *num; + + while (length > 0) { + if (i == 0) + DES_encrypt(uiv, ks, 1); + store(uiv, tmp); + for (; i < DES_CBLOCK_LEN && i < length; i++) { + output[i] = tmp[i] ^ input[i]; + } + if (i == DES_CBLOCK_LEN) + load(output, uiv); + output += i; + input += i; + length -= i; + if (i == DES_CBLOCK_LEN) + i = 0; + } + store(uiv, *iv); + *num = i; + } else { + int i = *num; + unsigned char c; + + while (length > 0) { + if (i == 0) { + DES_encrypt(uiv, ks, 1); + store(uiv, tmp); + } + for (; i < DES_CBLOCK_LEN && i < length; i++) { + c = input[i]; + output[i] = tmp[i] ^ input[i]; + (*iv)[i] = c; + } + output += i; + input += i; + length -= i; + if (i == DES_CBLOCK_LEN) { + i = 0; + load(*iv, uiv); + } + } + store(uiv, *iv); + *num = i; + } +} + +/* + * + */ + +uint32_t +DES_cbc_cksum(const void *in, DES_cblock *output, + long length, DES_key_schedule *ks, DES_cblock *iv) +{ + const unsigned char *input = in; + uint32_t uiv[2]; + uint32_t u[2] = { 0, 0 }; + + load(*iv, uiv); + + while (length >= DES_CBLOCK_LEN) { + load(input, u); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + DES_encrypt(u, ks, 1); + uiv[0] = u[0]; uiv[1] = u[1]; + + length -= DES_CBLOCK_LEN; + input += DES_CBLOCK_LEN; + } + if (length) { + unsigned char tmp[DES_CBLOCK_LEN]; + memcpy(tmp, input, length); + memset(tmp + length, 0, DES_CBLOCK_LEN - length); + load(tmp, u); + u[0] ^= uiv[0]; u[1] ^= uiv[1]; + DES_encrypt(u, ks, 1); + } + if (output) + store(u, *output); + + uiv[0] = 0; u[0] = 0; uiv[1] = 0; + return u[1]; +} + +/* + * + */ + +static unsigned char +bitswap8(unsigned char b) +{ + unsigned char r = 0; + int i; + for (i = 0; i < 8; i++) { + r = r << 1 | (b & 1); + b = b >> 1; + } + return r; +} + +void +DES_string_to_key(const char *str, DES_cblock *key) +{ + const unsigned char *s; + unsigned char *k; + DES_key_schedule ks; + size_t i, len; + + memset(key, 0, sizeof(*key)); + k = *key; + s = (const unsigned char *)str; + + len = strlen(str); + for (i = 0; i < len; i++) { + if ((i % 16) < 8) + k[i % 8] ^= s[i] << 1; + else + k[7 - (i % 8)] ^= bitswap8(s[i]); + } + DES_set_odd_parity(key); + if (DES_is_weak_key(key)) + k[7] ^= 0xF0; + DES_set_key(key, &ks); + DES_cbc_cksum(s, key, len, &ks, key); + memset(&ks, 0, sizeof(ks)); + DES_set_odd_parity(key); + if (DES_is_weak_key(key)) + k[7] ^= 0xF0; +} + +/* + * + */ + +int +DES_read_password(DES_cblock *key, char *prompt, int verify) +{ + char buf[512]; + int ret; + + ret = UI_UTIL_read_pw_string(buf, sizeof(buf) - 1, prompt, verify); + if (ret == 0) + DES_string_to_key(buf, key); + return ret; +} + +/* + * + */ + + +void +_DES_ipfp_test(void) +{ + DES_cblock k = "\x01\x02\x04\x08\x10\x20\x40\x80", k2; + uint32_t u[2] = { 1, 0 }; + IP(u); + FP(u); + IP(u); + FP(u); + if (u[0] != 1 || u[1] != 0) + abort(); + + load(k, u); + store(u, k2); + if (memcmp(k, k2, 8) != 0) + abort(); +} + +/* D3DES (V5.09) - + * + * A portable, public domain, version of the Data Encryption Standard. + * + * Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge. + * Thanks to: Dan Hoey for his excellent Initial and Inverse permutation + * code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis + * Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau, + * for humouring me on. + * + * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge. + * (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992. + */ + +static uint32_t SP1[64] = { + 0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, + 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, + 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, + 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, + 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, + 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, + 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, + 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L, + 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, + 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, + 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, + 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, + 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, + 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, + 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, + 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L }; + +static uint32_t SP2[64] = { + 0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, + 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, + 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, + 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, + 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, + 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, + 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, + 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L, + 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, + 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, + 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, + 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, + 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, + 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, + 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, + 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L }; + +static uint32_t SP3[64] = { + 0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, + 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, + 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, + 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, + 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, + 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, + 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, + 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L, + 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, + 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, + 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, + 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, + 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, + 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, + 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, + 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L }; + +static uint32_t SP4[64] = { + 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, + 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, + 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, + 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, + 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, + 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, + 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, + 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L, + 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, + 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, + 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, + 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, + 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, + 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, + 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, + 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L }; + +static uint32_t SP5[64] = { + 0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, + 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, + 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, + 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, + 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, + 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, + 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, + 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L, + 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, + 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, + 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, + 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, + 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, + 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, + 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, + 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L }; + +static uint32_t SP6[64] = { + 0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, + 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, + 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, + 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, + 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, + 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, + 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, + 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L, + 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, + 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, + 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, + 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, + 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, + 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, + 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, + 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L }; + +static uint32_t SP7[64] = { + 0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, + 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, + 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, + 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, + 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, + 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, + 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, + 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L, + 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, + 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, + 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, + 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, + 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, + 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, + 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, + 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L }; + +static uint32_t SP8[64] = { + 0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, + 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, + 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, + 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, + 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, + 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, + 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, + 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L, + 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, + 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, + 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, + 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, + 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, + 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, + 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, + 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L }; + +static void +IP(uint32_t v[2]) +{ + uint32_t work; + + work = ((v[0] >> 4) ^ v[1]) & 0x0f0f0f0fL; + v[1] ^= work; + v[0] ^= (work << 4); + work = ((v[0] >> 16) ^ v[1]) & 0x0000ffffL; + v[1] ^= work; + v[0] ^= (work << 16); + work = ((v[1] >> 2) ^ v[0]) & 0x33333333L; + v[0] ^= work; + v[1] ^= (work << 2); + work = ((v[1] >> 8) ^ v[0]) & 0x00ff00ffL; + v[0] ^= work; + v[1] ^= (work << 8); + v[1] = ((v[1] << 1) | ((v[1] >> 31) & 1L)) & 0xffffffffL; + work = (v[0] ^ v[1]) & 0xaaaaaaaaL; + v[0] ^= work; + v[1] ^= work; + v[0] = ((v[0] << 1) | ((v[0] >> 31) & 1L)) & 0xffffffffL; +} + +static void +FP(uint32_t v[2]) +{ + uint32_t work; + + v[0] = (v[0] << 31) | (v[0] >> 1); + work = (v[1] ^ v[0]) & 0xaaaaaaaaL; + v[1] ^= work; + v[0] ^= work; + v[1] = (v[1] << 31) | (v[1] >> 1); + work = ((v[1] >> 8) ^ v[0]) & 0x00ff00ffL; + v[0] ^= work; + v[1] ^= (work << 8); + work = ((v[1] >> 2) ^ v[0]) & 0x33333333L; + v[0] ^= work; + v[1] ^= (work << 2); + work = ((v[0] >> 16) ^ v[1]) & 0x0000ffffL; + v[1] ^= work; + v[0] ^= (work << 16); + work = ((v[0] >> 4) ^ v[1]) & 0x0f0f0f0fL; + v[1] ^= work; + v[0] ^= (work << 4); +} + +static void +desx(uint32_t block[2], DES_key_schedule *ks, int forward_encrypt) +{ + uint32_t *keys; + uint32_t fval, work, right, left; + int round; + + left = block[0]; + right = block[1]; + + if (forward_encrypt) { + keys = &ks->ks[0]; + + for( round = 0; round < 8; round++ ) { + work = (right << 28) | (right >> 4); + work ^= *keys++; + fval = SP7[ work & 0x3fL]; + fval |= SP5[(work >> 8) & 0x3fL]; + fval |= SP3[(work >> 16) & 0x3fL]; + fval |= SP1[(work >> 24) & 0x3fL]; + work = right ^ *keys++; + fval |= SP8[ work & 0x3fL]; + fval |= SP6[(work >> 8) & 0x3fL]; + fval |= SP4[(work >> 16) & 0x3fL]; + fval |= SP2[(work >> 24) & 0x3fL]; + left ^= fval; + work = (left << 28) | (left >> 4); + work ^= *keys++; + fval = SP7[ work & 0x3fL]; + fval |= SP5[(work >> 8) & 0x3fL]; + fval |= SP3[(work >> 16) & 0x3fL]; + fval |= SP1[(work >> 24) & 0x3fL]; + work = left ^ *keys++; + fval |= SP8[ work & 0x3fL]; + fval |= SP6[(work >> 8) & 0x3fL]; + fval |= SP4[(work >> 16) & 0x3fL]; + fval |= SP2[(work >> 24) & 0x3fL]; + right ^= fval; + } + } else { + keys = &ks->ks[30]; + + for( round = 0; round < 8; round++ ) { + work = (right << 28) | (right >> 4); + work ^= *keys++; + fval = SP7[ work & 0x3fL]; + fval |= SP5[(work >> 8) & 0x3fL]; + fval |= SP3[(work >> 16) & 0x3fL]; + fval |= SP1[(work >> 24) & 0x3fL]; + work = right ^ *keys++; + fval |= SP8[ work & 0x3fL]; + fval |= SP6[(work >> 8) & 0x3fL]; + fval |= SP4[(work >> 16) & 0x3fL]; + fval |= SP2[(work >> 24) & 0x3fL]; + left ^= fval; + work = (left << 28) | (left >> 4); + keys -= 4; + work ^= *keys++; + fval = SP7[ work & 0x3fL]; + fval |= SP5[(work >> 8) & 0x3fL]; + fval |= SP3[(work >> 16) & 0x3fL]; + fval |= SP1[(work >> 24) & 0x3fL]; + work = left ^ *keys++; + fval |= SP8[ work & 0x3fL]; + fval |= SP6[(work >> 8) & 0x3fL]; + fval |= SP4[(work >> 16) & 0x3fL]; + fval |= SP2[(work >> 24) & 0x3fL]; + right ^= fval; + keys -= 4; + } + } + block[0] = right; + block[1] = left; +} diff --git a/source4/heimdal/lib/hcrypto/des.h b/source4/heimdal/lib/hcrypto/des.h new file mode 100644 index 0000000000..ac8deb8ab8 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/des.h @@ -0,0 +1,124 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: des.h 16480 2006-01-08 21:47:29Z lha $ */ + +#ifndef _DESperate_H +#define _DESperate_H 1 + +/* symbol renaming */ +#define DES_set_odd_parity hc_DES_set_odd_parity +#define DES_is_weak_key hc_DES_is_weak_key +#define DES_key_sched hc_DES_key_sched +#define DES_set_key hc_DES_set_key +#define DES_set_key_checked hc_DES_set_key_checked +#define DES_set_key_sched hc_DES_set_key_sched +#define DES_new_random_key hc_DES_new_random_key +#define DES_string_to_key hc_DES_string_to_key +#define DES_read_password hc_DES_read_password +#define DES_rand_data hc_DES_rand_data +#define DES_set_random_generator_seed hc_DES_set_random_generator_seed +#define DES_generate_random_block hc_DES_generate_random_block +#define DES_set_sequence_number hc_DES_set_sequence_number +#define DES_init_random_number_generator hc_DES_init_random_number_generator +#define DES_random_key hc_DES_random_key +#define DES_encrypt hc_DES_encrypt +#define DES_ecb_encrypt hc_DES_ecb_encrypt +#define DES_ecb3_encrypt hc_DES_ecb3_encrypt +#define DES_pcbc_encrypt hc_DES_pcbc_encrypt +#define DES_cbc_encrypt hc_DES_cbc_encrypt +#define DES_cbc_cksum hc_DES_cbc_cksum +#define DES_ede3_cbc_encrypt hc_DES_ede3_cbc_encrypt +#define DES_cfb64_encrypt hc_DES_cfb64_encrypt +#define _DES_ipfp_test _hc_DES_ipfp_test + +/* + * + */ + +#define DES_CBLOCK_LEN 8 +#define DES_KEY_SZ 8 + +#define DES_ENCRYPT 1 +#define DES_DECRYPT 0 + +typedef unsigned char DES_cblock[DES_CBLOCK_LEN]; +typedef struct DES_key_schedule +{ + uint32_t ks[32]; +} DES_key_schedule; + +/* + * + */ + +int DES_set_odd_parity(DES_cblock *); +int DES_is_weak_key(DES_cblock *); +int DES_set_key(DES_cblock *, DES_key_schedule *); +int DES_set_key_checked(DES_cblock *, DES_key_schedule *); +int DES_key_sched(DES_cblock *, DES_key_schedule *); +int DES_new_random_key(DES_cblock *); +void DES_string_to_key(const char *, DES_cblock *); +int DES_read_password(DES_cblock *, char *, int); + +void DES_rand_data(void *, int); +void DES_set_random_generator_seed(DES_cblock *); +void DES_generate_random_block(DES_cblock *); +void DES_set_sequence_number(void *); +void DES_init_random_number_generator(DES_cblock *); +void DES_random_key(DES_cblock *); + + +void DES_encrypt(uint32_t [2], DES_key_schedule *, int); +void DES_ecb_encrypt(DES_cblock *, DES_cblock *, DES_key_schedule *, int); +void DES_ecb3_encrypt(DES_cblock *,DES_cblock *, DES_key_schedule *, + DES_key_schedule *, DES_key_schedule *, int); +void DES_pcbc_encrypt(const void *, void *, long, + DES_key_schedule *, DES_cblock *, int); +void DES_cbc_encrypt(const void *, void *, long, + DES_key_schedule *, DES_cblock *, int); +void DES_ede3_cbc_encrypt(const void *, void *, long, + DES_key_schedule *, DES_key_schedule *, + DES_key_schedule *, DES_cblock *, int); +void DES_cfb64_encrypt(const void *, void *, long, + DES_key_schedule *, DES_cblock *, int *, int); + + +uint32_t DES_cbc_cksum(const void *, DES_cblock *, + long, DES_key_schedule *, DES_cblock *); + + +void _DES_ipfp_test(void); + + +#endif /* _DESperate_H */ diff --git a/source4/heimdal/lib/hcrypto/dh-imath.c b/source4/heimdal/lib/hcrypto/dh-imath.c new file mode 100644 index 0000000000..17592bbdf6 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/dh-imath.c @@ -0,0 +1,243 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include + +#include "imath/imath.h" + +RCSID("$Id: dh-imath.c 18645 2006-10-20 06:56:57Z lha $"); + +static void +BN2mpz(mpz_t *s, const BIGNUM *bn) +{ + size_t len; + void *p; + + len = BN_num_bytes(bn); + p = malloc(len); + BN_bn2bin(bn, p); + mp_int_read_unsigned(s, p, len); + free(p); +} + + +static BIGNUM * +mpz2BN(mpz_t *s) +{ + size_t size; + BIGNUM *bn; + void *p; + + size = mp_int_unsigned_len(s); + p = malloc(size); + if (p == NULL && size != 0) + return NULL; + mp_int_to_unsigned(s, p, size); + + bn = BN_bin2bn(p, size, NULL); + free(p); + return bn; +} + +/* + * + */ + +#define DH_NUM_TRIES 10 + +static int +dh_generate_key(DH *dh) +{ + mpz_t pub, priv_key, g, p; + int have_private_key = (dh->priv_key != NULL); + int codes, times = 0; + mp_result res; + + if (dh->p == NULL || dh->g == NULL) + return 0; + + while (times++ < DH_NUM_TRIES) { + if (!have_private_key) { + size_t bits = BN_num_bits(dh->p); + + if (dh->priv_key) + BN_free(dh->priv_key); + + dh->priv_key = BN_new(); + if (dh->priv_key == NULL) + return 0; + if (!BN_rand(dh->priv_key, bits - 1, 0, 0)) { + BN_clear_free(dh->priv_key); + dh->priv_key = NULL; + return 0; + } + } + if (dh->pub_key) + BN_free(dh->pub_key); + + mp_int_init(&pub); + mp_int_init(&priv_key); + mp_int_init(&g); + mp_int_init(&p); + + BN2mpz(&priv_key, dh->priv_key); + BN2mpz(&g, dh->g); + BN2mpz(&p, dh->p); + + res = mp_int_exptmod(&g, &priv_key, &p, &pub); + + mp_int_clear(&priv_key); + mp_int_clear(&g); + mp_int_clear(&p); + if (res != MP_OK) + continue; + + dh->pub_key = mpz2BN(&pub); + mp_int_clear(&pub); + if (dh->pub_key == NULL) + return 0; + + if (DH_check_pubkey(dh, dh->pub_key, &codes) && codes == 0) + break; + if (have_private_key) + return 0; + } + + if (times >= DH_NUM_TRIES) { + if (!have_private_key && dh->priv_key) { + BN_free(dh->priv_key); + dh->priv_key = NULL; + } + if (dh->pub_key) { + BN_free(dh->pub_key); + dh->pub_key = NULL; + } + return 0; + } + + return 1; +} + +static int +dh_compute_key(unsigned char *shared, const BIGNUM * pub, DH *dh) +{ + mpz_t s, priv_key, p, peer_pub; + size_t size = 0; + mp_result res; + + if (dh->pub_key == NULL || dh->g == NULL || dh->priv_key == NULL) + return -1; + + mp_int_init(&p); + BN2mpz(&p, dh->p); + + mp_int_init(&peer_pub); + BN2mpz(&peer_pub, pub); + + /* check if peers pubkey is reasonable */ + if (MP_SIGN(&peer_pub) == MP_NEG + || mp_int_compare(&peer_pub, &p) >= 0 + || mp_int_compare_value(&peer_pub, 1) <= 0) + { + mp_int_clear(&p); + mp_int_clear(&peer_pub); + return -1; + } + + mp_int_init(&priv_key); + BN2mpz(&priv_key, dh->priv_key); + + mp_int_init(&s); + + mp_int_exptmod(&peer_pub, &priv_key, &p, &s); + + mp_int_clear(&p); + mp_int_clear(&peer_pub); + mp_int_clear(&priv_key); + + size = mp_int_unsigned_len(&s); + res = mp_int_to_unsigned(&s, shared, size); + mp_int_clear(&s); + + return (res == MP_OK) ? size : -1; +} + +static int +dh_generate_params(DH *dh, int a, int b, BN_GENCB *callback) +{ + /* groups should already be known, we don't care about this */ + return 0; +} + +static int +dh_init(DH *dh) +{ + return 1; +} + +static int +dh_finish(DH *dh) +{ + return 1; +} + + +/* + * + */ + +const DH_METHOD hc_dh_imath_method = { + "hcrypto imath DH", + dh_generate_key, + dh_compute_key, + NULL, + dh_init, + dh_finish, + 0, + NULL, + dh_generate_params +}; + +const DH_METHOD * +DH_imath_method(void) +{ + return &hc_dh_imath_method; +} diff --git a/source4/heimdal/lib/hcrypto/dh.c b/source4/heimdal/lib/hcrypto/dh.c new file mode 100644 index 0000000000..b558eb901c --- /dev/null +++ b/source4/heimdal/lib/hcrypto/dh.c @@ -0,0 +1,294 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: dh.c 18618 2006-10-19 17:31:51Z lha $"); + +#include +#include +#include + +#include + +/* + * + */ + +DH * +DH_new(void) +{ + return DH_new_method(NULL); +} + +DH * +DH_new_method(ENGINE *engine) +{ + DH *dh; + + dh = calloc(1, sizeof(*dh)); + if (dh == NULL) + return NULL; + + dh->references = 1; + + if (engine) { + ENGINE_up_ref(engine); + dh->engine = engine; + } else { + dh->engine = ENGINE_get_default_DH(); + } + + if (dh->engine) { + dh->meth = ENGINE_get_DH(dh->engine); + if (dh->meth == NULL) { + ENGINE_finish(engine); + free(dh); + return 0; + } + } + + if (dh->meth == NULL) + dh->meth = DH_get_default_method(); + + (*dh->meth->init)(dh); + + return dh; +} + +void +DH_free(DH *dh) +{ + if (dh->references <= 0) + abort(); + + if (--dh->references > 0) + return; + + (*dh->meth->finish)(dh); + + if (dh->engine) + ENGINE_finish(dh->engine); + +#define free_if(f) if (f) { BN_free(f); } + free_if(dh->p); + free_if(dh->g); + free_if(dh->pub_key); + free_if(dh->priv_key); + free_if(dh->q); + free_if(dh->j); + free_if(dh->counter); +#undef free_if + + memset(dh, 0, sizeof(*dh)); + free(dh); +} + +int +DH_up_ref(DH *dh) +{ + return ++dh->references; +} + +int +DH_size(const DH *dh) +{ + return BN_num_bytes(dh->p); +} + +int +DH_set_ex_data(DH *dh, int idx, void *data) +{ + dh->ex_data.sk = data; + return 1; +} + +void * +DH_get_ex_data(DH *dh, int idx) +{ + return dh->ex_data.sk; +} + +int +DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb) +{ + if (dh->meth->generate_params) + return dh->meth->generate_params(dh, prime_len, generator, cb); + return 0; +} + +/* + * Check that + * + * pub_key > 1 and pub_key < p - 1 + * + * to avoid small subgroups attack. + */ + +int +DH_check_pubkey(const DH *dh, const BIGNUM *pub_key, int *codes) +{ + BIGNUM *bn = NULL, *sum = NULL; + int ret = 0; + + *codes = 0; + + bn = BN_new(); + if (bn == NULL) + goto out; + + if (!BN_set_word(bn, 1)) + goto out; + + if (BN_cmp(bn, pub_key) >= 0) + *codes |= DH_CHECK_PUBKEY_TOO_SMALL; + + sum = BN_new(); + if (sum == NULL) + goto out; + + BN_uadd(sum, pub_key, bn); + + if (BN_cmp(sum, dh->p) >= 0) + *codes |= DH_CHECK_PUBKEY_TOO_LARGE; + + ret = 1; +out: + if (bn) + BN_free(bn); + if (sum) + BN_free(sum); + + return ret; +} + +int +DH_generate_key(DH *dh) +{ + return dh->meth->generate_key(dh); +} + +int +DH_compute_key(unsigned char *shared_key, + const BIGNUM *peer_pub_key, DH *dh) +{ + int codes; + + if (!DH_check_pubkey(dh, peer_pub_key, &codes) || codes != 0) + return -1; + + return dh->meth->compute_key(shared_key, peer_pub_key, dh); +} + +int +DH_set_method(DH *dh, const DH_METHOD *method) +{ + (*dh->meth->finish)(dh); + if (dh->engine) { + ENGINE_finish(dh->engine); + dh->engine = NULL; + } + dh->meth = method; + (*dh->meth->init)(dh); + return 1; +} + +/* + * + */ + +static int +dh_null_generate_key(DH *dh) +{ + return 0; +} + +static int +dh_null_compute_key(unsigned char *shared,const BIGNUM *pub, DH *dh) +{ + return 0; +} + +static int +dh_null_init(DH *dh) +{ + return 1; +} + +static int +dh_null_finish(DH *dh) +{ + return 1; +} + +static int +dh_null_generate_params(DH *dh, int prime_num, int len, BN_GENCB *cb) +{ + return 0; +} + +static const DH_METHOD dh_null_method = { + "hcrypto null DH", + dh_null_generate_key, + dh_null_compute_key, + NULL, + dh_null_init, + dh_null_finish, + 0, + NULL, + dh_null_generate_params +}; + +extern const DH_METHOD hc_dh_imath_method; +static const DH_METHOD *dh_default_method = &hc_dh_imath_method; + +const DH_METHOD * +DH_null_method(void) +{ + return &dh_null_method; +} + +void +DH_set_default_method(const DH_METHOD *meth) +{ + dh_default_method = meth; +} + +const DH_METHOD * +DH_get_default_method(void) +{ + return dh_default_method; +} + diff --git a/source4/heimdal/lib/hcrypto/dh.h b/source4/heimdal/lib/hcrypto/dh.h new file mode 100644 index 0000000000..e34390dc99 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/dh.h @@ -0,0 +1,141 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: dh.h 17483 2006-05-06 13:11:15Z lha $ + */ + +#ifndef _HEIM_DH_H +#define _HEIM_DH_H 1 + +/* symbol renaming */ +#define DH_null_method hc_DH_null_method +#define DH_imath_method hc_DH_imath_method +#define DH_new hc_DH_new +#define DH_new_method hc_DH_new_method +#define DH_free hc_DH_free +#define DH_up_ref hc_DH_up_ref +#define DH_size hc_DH_size +#define DH_set_default_method hc_DH_set_default_method +#define DH_get_default_method hc_DH_get_default_method +#define DH_set_method hc_DH_set_method +#define DH_get_method hc_DH_get_method +#define DH_set_ex_data hc_DH_set_ex_data +#define DH_get_ex_data hc_DH_get_ex_data +#define DH_generate_parameters_ex hc_DH_generate_parameters_ex +#define DH_check_pubkey hc_DH_check_pubkey +#define DH_generate_key hc_DH_generate_key +#define DH_compute_key hc_DH_compute_key + +/* + * + */ + +typedef struct DH DH; +typedef struct DH_METHOD DH_METHOD; + +#include +#include + +struct DH_METHOD { + const char *name; + int (*generate_key)(DH *); + int (*compute_key)(unsigned char *,const BIGNUM *,DH *); + int (*bn_mod_exp)(const DH *, BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *); + int (*init)(DH *); + int (*finish)(DH *); + int flags; + void *app_data; + int (*generate_params)(DH *, int, int, BN_GENCB *); +}; + +struct DH { + int pad; + int version; + BIGNUM *p; + BIGNUM *g; + long length; + BIGNUM *pub_key; + BIGNUM *priv_key; + int flags; + void *method_mont_p; + BIGNUM *q; + BIGNUM *j; + void *seed; + int seedlen; + BIGNUM *counter; + int references; + struct CRYPTO_EX_DATA { + void *sk; + int dummy; + } ex_data; + const DH_METHOD *meth; + ENGINE *engine; +}; + +/* DH_check_pubkey return codes in `codes' argument. */ +#define DH_CHECK_PUBKEY_TOO_SMALL 1 +#define DH_CHECK_PUBKEY_TOO_LARGE 2 + +/* + * + */ + +const DH_METHOD *DH_null_method(void); +const DH_METHOD *DH_imath_method(void); + +DH * DH_new(void); +DH * DH_new_method(ENGINE *); +void DH_free(DH *); +int DH_up_ref(DH *); + +int DH_size(const DH *); + + +void DH_set_default_method(const DH_METHOD *); +const DH_METHOD * + DH_get_default_method(void); +int DH_set_method(DH *, const DH_METHOD *); + +int DH_set_ex_data(DH *, int, void *); +void * DH_get_ex_data(DH *, int); + +int DH_generate_parameters_ex(DH *, int, int, BN_GENCB *); +int DH_check_pubkey(const DH *, const BIGNUM *, int *); +int DH_generate_key(DH *); +int DH_compute_key(unsigned char *,const BIGNUM *,DH *); + +#endif /* _HEIM_DH_H */ + diff --git a/source4/heimdal/lib/hcrypto/dsa.c b/source4/heimdal/lib/hcrypto/dsa.c new file mode 100644 index 0000000000..0dc59dac61 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/dsa.c @@ -0,0 +1,125 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: dsa.c 17496 2006-05-07 11:31:58Z lha $"); + +#include +#include +#include + +#include + +/* + * + */ + +DSA * +DSA_new(void) +{ + DSA *dsa = calloc(1, sizeof(*dsa)); + dsa->meth = rk_UNCONST(DSA_get_default_method()); + dsa->references = 1; + return dsa; +} + +void +DSA_free(DSA *dsa) +{ + if (dsa->references <= 0) + abort(); + + if (--dsa->references > 0) + return; + + (*dsa->meth->finish)(dsa); + +#define free_if(f) if (f) { BN_free(f); } + free_if(dsa->p); + free_if(dsa->q); + free_if(dsa->g); + free_if(dsa->pub_key); + free_if(dsa->priv_key); + free_if(dsa->kinv); + free_if(dsa->r); +#undef free_if + + memset(dsa, 0, sizeof(*dsa)); + free(dsa); + +} + +int +DSA_up_ref(DSA *dsa) +{ + return ++dsa->references; +} + +/* + * + */ + +static const DSA_METHOD dsa_null_method = { + "hcrypto null DSA" +}; + +const DSA_METHOD * +DSA_null_method(void) +{ + return &dsa_null_method; +} + + +const DSA_METHOD *dsa_default_mech = &dsa_null_method; + +void +DSA_set_default_method(const DSA_METHOD *mech) +{ + dsa_default_mech = mech; +} + +const DSA_METHOD * +DSA_get_default_method(void) +{ + return dsa_default_mech; +} + +int +DSA_verify(int type, const unsigned char * digest, int digest_len, + const unsigned char *sig, int sig_len, DSA *dsa) +{ + return -1; +} diff --git a/source4/heimdal/lib/hcrypto/dsa.h b/source4/heimdal/lib/hcrypto/dsa.h new file mode 100644 index 0000000000..0544b80118 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/dsa.h @@ -0,0 +1,140 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: dsa.h 16564 2006-01-13 15:26:52Z lha $ + */ + +#ifndef _HEIM_DSA_H +#define _HEIM_DSA_H 1 + +#include + +/* symbol renaming */ +#define DSA_null_method hc_DSA_null_method +#define DSA_new hc_DSA_new +#define DSA_free hc_DSA_free +#define DSA_up_ref hc_DSA_up_ref +#define DSA_set_default_method hc_DSA_set_default_method +#define DSA_get_default_method hc_DSA_get_default_method +#define DSA_set_method hc_DSA_set_method +#define DSA_get_method hc_DSA_get_method +#define DSA_set_app_data hc_DSA_set_app_data +#define DSA_get_app_data hc_DSA_get_app_data +#define DSA_size hc_DSA_size +#define DSA_verify hc_DSA_verify + +/* + * + */ + + +typedef struct DSA DSA; +typedef struct DSA_METHOD DSA_METHOD; +typedef struct DSA_SIG DSA_SIG; + +struct DSA_SIG { + BIGNUM *r; + BIGNUM *s; +}; + +struct DSA_METHOD { + const char *name; + DSA_SIG * (*dsa_do_sign)(const unsigned char *, int, DSA *); + int (*dsa_sign_setup)(DSA *, BN_CTX *, BIGNUM **, BIGNUM **); + int (*dsa_do_verify)(const unsigned char *, int, DSA_SIG *, DSA *); + int (*dsa_mod_exp)(DSA *, BIGNUM *, BIGNUM *, BIGNUM *, + BIGNUM *, BIGNUM *, BIGNUM *, BN_CTX *, + BN_MONT_CTX *); + int (*bn_mod_exp)(DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, + BN_MONT_CTX *); + int (*init)(DSA *); + int (*finish)(DSA *); + int flags; + void *app_data; +}; + +struct DSA { + int pad; + long version; + int write_params; + BIGNUM *p; + BIGNUM *q; + BIGNUM *g; + + BIGNUM *pub_key; + BIGNUM *priv_key; + + BIGNUM *kinv; + BIGNUM *r; + int flags; + void *method_mont_p; + int references; + struct dsa_CRYPTO_EX_DATA { + void *sk; + int dummy; + } ex_data; + const DSA_METHOD *meth; + void *engine; +}; + +/* + * + */ + +const DSA_METHOD *DSA_null_method(void); + +/* + * + */ + +DSA * DSA_new(void); +void DSA_free(DSA *); +int DSA_up_ref(DSA *); + +void DSA_set_default_method(const DSA_METHOD *); +const DSA_METHOD * DSA_get_default_method(void); + +const DSA_METHOD * DSA_get_method(const DSA *); +int DSA_set_method(DSA *, const DSA_METHOD *); + +void DSA_set_app_data(DSA *, void *arg); +void * DSA_get_app_data(DSA *); + +int DSA_size(const DSA *); + +int DSA_verify(int, const unsigned char *, int, + const unsigned char *, int, DSA *); + +#endif /* _HEIM_DSA_H */ diff --git a/source4/heimdal/lib/hcrypto/engine.c b/source4/heimdal/lib/hcrypto/engine.c new file mode 100644 index 0000000000..1a754909c5 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/engine.c @@ -0,0 +1,325 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: engine.c 20828 2007-06-03 05:10:20Z lha $"); + +#include +#include +#include + +#include + +#ifdef HAVE_DLFCN_H +#include +#ifndef RTLD_NOW +#define RTLD_NOW 0 +#endif +#endif + +struct hc_engine { + int references; + char *name; + char *id; + void (*destroy)(ENGINE *); + const RSA_METHOD *rsa; + const DH_METHOD *dh; + const RAND_METHOD *rand; +}; + +int +ENGINE_finish(ENGINE *engine) +{ + if (engine->references-- <= 0) + abort(); + if (engine->references > 0) + return 1; + + if (engine->name) + free(engine->name); + if (engine->id) + free(engine->id); + if(engine->destroy) + (*engine->destroy)(engine); + + memset(engine, 0, sizeof(engine)); + engine->references = -1; + + + free(engine); + return 1; +} + +int +ENGINE_up_ref(ENGINE *engine) +{ + if (engine->references < 0) + abort(); + engine->references++; + return 1; +} + +int +ENGINE_set_id(ENGINE *engine, const char *id) +{ + engine->id = strdup(id); + return (engine->id == NULL) ? 0 : 1; +} + +int +ENGINE_set_name(ENGINE *engine, const char *name) +{ + engine->name = strdup(name); + return (engine->name == NULL) ? 0 : 1; +} + +int +ENGINE_set_RSA(ENGINE *engine, const RSA_METHOD *method) +{ + engine->rsa = method; + return 1; +} + +int +ENGINE_set_DH(ENGINE *engine, const DH_METHOD *method) +{ + engine->dh = method; + return 1; +} + +int +ENGINE_set_destroy_function(ENGINE *e, void (*destroy)(ENGINE *)) +{ + e->destroy = destroy; + return 1; +} + +const char * +ENGINE_get_id(const ENGINE *engine) +{ + return engine->id; +} + +const char * +ENGINE_get_name(const ENGINE *engine) +{ + return engine->name; +} + +const RSA_METHOD * +ENGINE_get_RSA(const ENGINE *engine) +{ + return engine->rsa; +} + +const DH_METHOD * +ENGINE_get_DH(const ENGINE *engine) +{ + return engine->dh; +} + +const RAND_METHOD * +ENGINE_get_RAND(const ENGINE *engine) +{ + return engine->rand; +} + +/* + * + */ + +#define SG_default_engine(type) \ +static ENGINE *type##_engine; \ +int \ +ENGINE_set_default_##type(ENGINE *engine) \ +{ \ + if (type##_engine) \ + ENGINE_finish(type##_engine); \ + type##_engine = engine; \ + if (type##_engine) \ + ENGINE_up_ref(type##_engine); \ + return 1; \ +} \ +ENGINE * \ +ENGINE_get_default_##type(void) \ +{ \ + if (type##_engine) \ + ENGINE_up_ref(type##_engine); \ + return type##_engine; \ +} + +SG_default_engine(RSA) +SG_default_engine(DH) + +#undef SG_default_engine + +/* + * + */ + +static ENGINE **engines; +static unsigned int num_engines; + +static int +add_engine(ENGINE *engine) +{ + ENGINE **d, *dup; + + dup = ENGINE_by_id(engine->id); + if (dup) { + ENGINE_finish(dup); + return 0; + } + + d = realloc(engines, (num_engines + 1) * sizeof(*engines)); + if (d == NULL) + return 1; + engines = d; + engines[num_engines++] = engine; + + return 1; +} + +void +ENGINE_load_builtin_engines(void) +{ + ENGINE *engine; + int ret; + + engine = calloc(1, sizeof(*engine)); + if (engine == NULL) + return; + + ENGINE_set_id(engine, "builtin"); + ENGINE_set_name(engine, + "Heimdal crypto builtin engine version " PACKAGE_VERSION); + ENGINE_set_RSA(engine, RSA_imath_method()); + ENGINE_set_DH(engine, DH_imath_method()); + + ret = add_engine(engine); + if (ret != 1) + ENGINE_finish(engine); +} + +ENGINE * +ENGINE_by_dso(const char *path, const char *id) +{ +#ifdef HAVE_DLOPEN + ENGINE *engine; + void *handle; + int ret; + + engine = calloc(1, sizeof(*engine)); + if (engine == NULL) + return NULL; + + handle = dlopen(path, RTLD_NOW); + if (handle == NULL) { + /* printf("error: %s\n", dlerror()); */ + free(engine); + return NULL; + } + + { + unsigned long version; + openssl_v_check v_check; + + v_check = (openssl_v_check)dlsym(handle, "v_check"); + if (v_check == NULL) { + dlclose(handle); + free(engine); + return NULL; + } + + version = (*v_check)(OPENSSL_DYNAMIC_VERSION); + if (version == 0) { + dlclose(handle); + free(engine); + return NULL; + } + } + + { + openssl_bind_engine bind_engine; + + bind_engine = (openssl_bind_engine)dlsym(handle, "bind_engine"); + if (bind_engine == NULL) { + dlclose(handle); + free(engine); + return NULL; + } + + ret = (*bind_engine)(engine, id, NULL); /* XXX fix third arg */ + if (ret != 1) { + dlclose(handle); + free(engine); + return NULL; + } + } + + ENGINE_up_ref(engine); + + ret = add_engine(engine); + if (ret != 1) { + dlclose(handle); + ENGINE_finish(engine); + return NULL; + } + + return engine; +#else + return NULL; +#endif +} + +ENGINE * +ENGINE_by_id(const char *id) +{ + int i; + + for (i = 0; i < num_engines; i++) { + if (strcmp(id, engines[i]->id) == 0) { + ENGINE_up_ref(engines[i]); + return engines[i]; + } + } + return NULL; +} + +void +ENGINE_add_conf_module(void) +{ +} diff --git a/source4/heimdal/lib/hcrypto/engine.h b/source4/heimdal/lib/hcrypto/engine.h new file mode 100644 index 0000000000..547a2d1324 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/engine.h @@ -0,0 +1,103 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: engine.h 17475 2006-05-06 12:34:36Z lha $ + */ + +#ifndef _HEIM_ENGINE_H +#define _HEIM_ENGINE_H 1 + +/* symbol renaming */ +#define ENGINE_add_conf_module hc_ENGINE_add_conf_module +#define ENGINE_by_dso hc_ENGINE_by_dso +#define ENGINE_by_id hc_ENGINE_by_id +#define ENGINE_finish hc_ENGINE_finish +#define ENGINE_get_DH hc_ENGINE_get_DH +#define ENGINE_get_RSA hc_ENGINE_get_RSA +#define ENGINE_get_RAND hc_ENGINE_get_RAND +#define ENGINE_get_id hc_ENGINE_get_id +#define ENGINE_get_name hc_ENGINE_get_name +#define ENGINE_load_builtin_engines hc_ENGINE_load_builtin_engines +#define ENGINE_set_DH hc_ENGINE_set_DH +#define ENGINE_set_RSA hc_ENGINE_set_RSA +#define ENGINE_set_id hc_ENGINE_set_id +#define ENGINE_set_name hc_ENGINE_set_name +#define ENGINE_set_destroy_function hc_ENGINE_set_destroy_function +#define ENGINE_up_ref hc_ENGINE_up_ref +#define ENGINE_get_default_DH hc_ENGINE_get_default_DH +#define ENGINE_get_default_RSA hc_ENGINE_get_default_RSA +#define ENGINE_set_default_DH hc_ENGINE_set_default_DH +#define ENGINE_set_default_RSA hc_ENGINE_set_default_RSA + +/* + * + */ + +typedef struct hc_engine ENGINE; + +#include +#include +#include +#include + +#define OPENSSL_DYNAMIC_VERSION (unsigned long)0x00020000 + +typedef int (*openssl_bind_engine)(ENGINE *, const char *, const void *); +typedef unsigned long (*openssl_v_check)(unsigned long); + +void ENGINE_add_conf_module(void); +void ENGINE_load_builtin_engines(void); +ENGINE *ENGINE_by_id(const char *); +ENGINE *ENGINE_by_dso(const char *, const char *); +int ENGINE_finish(ENGINE *); +int ENGINE_up_ref(ENGINE *); +int ENGINE_set_id(ENGINE *, const char *); +int ENGINE_set_name(ENGINE *, const char *); +int ENGINE_set_RSA(ENGINE *, const RSA_METHOD *); +int ENGINE_set_DH(ENGINE *, const DH_METHOD *); +int ENGINE_set_destroy_function(ENGINE *, void (*)(ENGINE *)); + +const char * ENGINE_get_id(const ENGINE *); +const char * ENGINE_get_name(const ENGINE *); +const RSA_METHOD * ENGINE_get_RSA(const ENGINE *); +const DH_METHOD * ENGINE_get_DH(const ENGINE *); +const RAND_METHOD * ENGINE_get_RAND(const ENGINE *); + +int ENGINE_set_default_RSA(ENGINE *); +ENGINE * ENGINE_get_default_RSA(void); +int ENGINE_set_default_DH(ENGINE *); +ENGINE * ENGINE_get_default_DH(void); + + +#endif /* _HEIM_ENGINE_H */ diff --git a/source4/heimdal/lib/hcrypto/evp.c b/source4/heimdal/lib/hcrypto/evp.c new file mode 100644 index 0000000000..34480dbe7e --- /dev/null +++ b/source4/heimdal/lib/hcrypto/evp.c @@ -0,0 +1,905 @@ +#include +#include +#include +#include +#include + +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +typedef int (*evp_md_init)(EVP_MD_CTX *); +typedef int (*evp_md_update)(EVP_MD_CTX *,const void *, size_t); +typedef int (*evp_md_final)(void *, EVP_MD_CTX *); +typedef int (*evp_md_cleanup)(EVP_MD_CTX *); + +struct hc_evp_md { + int hash_size; + int block_size; + int ctx_size; + evp_md_init init; + evp_md_update update; + evp_md_final final; + evp_md_cleanup cleanup; +}; + +/* + * + */ + +size_t +EVP_MD_size(const EVP_MD *md) +{ + return md->hash_size; +} + +size_t +EVP_MD_block_size(const EVP_MD *md) +{ + return md->block_size; +} + +EVP_MD_CTX * +EVP_MD_CTX_create(void) +{ + return calloc(1, sizeof(EVP_MD_CTX)); +} + +void +EVP_MD_CTX_init(EVP_MD_CTX *ctx) +{ + memset(ctx, 0, sizeof(*ctx)); +} + +void +EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) +{ + EVP_MD_CTX_cleanup(ctx); + free(ctx); +} + +int +EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) +{ + if (ctx->md && ctx->md->cleanup) + (ctx->md->cleanup)(ctx); + ctx->md = NULL; + ctx->engine = NULL; + free(ctx->ptr); + return 1; +} + + +const EVP_MD * +EVP_MD_CTX_md(EVP_MD_CTX *ctx) +{ + return ctx->md; +} + +size_t +EVP_MD_CTX_size(EVP_MD_CTX *ctx) +{ + return EVP_MD_size(ctx->md); +} + +size_t +EVP_MD_CTX_block_size(EVP_MD_CTX *ctx) +{ + return EVP_MD_block_size(ctx->md); +} + +int +EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine) +{ + if (ctx->md != md || ctx->engine != engine) { + EVP_MD_CTX_cleanup(ctx); + ctx->md = md; + ctx->engine = engine; + + ctx->ptr = calloc(1, md->ctx_size); + if (ctx->ptr == NULL) + return 0; + } + (ctx->md->init)(ctx->ptr); + return 1; +} + +int +EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t size) +{ + (ctx->md->update)(ctx->ptr, data, size); + return 1; +} + +int +EVP_DigestFinal_ex(EVP_MD_CTX *ctx, void *hash, unsigned int *size) +{ + (ctx->md->final)(hash, ctx->ptr); + if (size) + *size = ctx->md->hash_size; + return 1; +} + +int +EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize, + const EVP_MD *md, ENGINE *engine) +{ + EVP_MD_CTX *ctx; + int ret; + + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) + return 0; + ret = EVP_DigestInit_ex(ctx, md, engine); + if (ret != 1) + return ret; + ret = EVP_DigestUpdate(ctx, data, dsize); + if (ret != 1) + return ret; + ret = EVP_DigestFinal_ex(ctx, hash, hsize); + if (ret != 1) + return ret; + EVP_MD_CTX_destroy(ctx); + return 1; +} + +/* + * + */ + +const EVP_MD * +EVP_sha256(void) +{ + static const struct hc_evp_md sha256 = { + 32, + 64, + sizeof(SHA256_CTX), + (evp_md_init)SHA256_Init, + (evp_md_update)SHA256_Update, + (evp_md_final)SHA256_Final, + NULL + }; + return &sha256; +} + +static const struct hc_evp_md sha1 = { + 20, + 64, + sizeof(SHA_CTX), + (evp_md_init)SHA1_Init, + (evp_md_update)SHA1_Update, + (evp_md_final)SHA1_Final, + NULL +}; + +const EVP_MD * +EVP_sha1(void) +{ + return &sha1; +} + +const EVP_MD * +EVP_sha(void) +{ + return &sha1; +} + +const EVP_MD * +EVP_md5(void) +{ + static const struct hc_evp_md md5 = { + 16, + 64, + sizeof(MD5_CTX), + (evp_md_init)MD5_Init, + (evp_md_update)MD5_Update, + (evp_md_final)MD5_Final, + NULL + }; + return &md5; +} + +const EVP_MD * +EVP_md4(void) +{ + static const struct hc_evp_md md4 = { + 16, + 64, + sizeof(MD4_CTX), + (evp_md_init)MD4_Init, + (evp_md_update)MD4_Update, + (evp_md_final)MD4_Final, + NULL + }; + return &md4; +} + +const EVP_MD * +EVP_md2(void) +{ + static const struct hc_evp_md md2 = { + 16, + 16, + sizeof(MD2_CTX), + (evp_md_init)MD2_Init, + (evp_md_update)MD2_Update, + (evp_md_final)MD2_Final, + NULL + }; + return &md2; +} + +/* + * + */ + +static void +null_Init (void *m) +{ +} +static void +null_Update (void *m, const void * data, size_t size) +{ +} +static void +null_Final(void *res, struct md5 *m) +{ +} + +const EVP_MD * +EVP_md_null(void) +{ + static const struct hc_evp_md null = { + 0, + 0, + 0, + (evp_md_init)null_Init, + (evp_md_update)null_Update, + (evp_md_final)null_Final, + NULL + }; + return &null; +} + +#if 0 +void EVP_MD_CTX_init(EVP_MD_CTX *ctx); +int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); +int EVP_SignFinal(EVP_MD_CTX *, void *, size_t *, EVP_PKEY *); +int EVP_VerifyFinal(EVP_MD_CTX *, const void *, size_t, EVP_PKEY *); +#endif + +/* + * + */ + +size_t +EVP_CIPHER_block_size(const EVP_CIPHER *c) +{ + return c->block_size; +} + +size_t +EVP_CIPHER_key_length(const EVP_CIPHER *c) +{ + return c->key_len; +} + +size_t +EVP_CIPHER_iv_length(const EVP_CIPHER *c) +{ + return c->iv_len; +} + +void +EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *c) +{ + memset(c, 0, sizeof(*c)); +} + +int +EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) +{ + if (c->cipher && c->cipher->cleanup) + c->cipher->cleanup(c); + if (c->cipher_data) { + free(c->cipher_data); + c->cipher_data = NULL; + } + return 1; +} + +#if 0 +int +EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int length) +{ + return 0; +} + +int +EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad) +{ + return 0; +} +#endif + +const EVP_CIPHER * +EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher; +} + +size_t +EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) +{ + return EVP_CIPHER_block_size(ctx->cipher); +} + +size_t +EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) +{ + return EVP_CIPHER_key_length(ctx->cipher); +} + +size_t +EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) +{ + return EVP_CIPHER_iv_length(ctx->cipher); +} + +unsigned long +EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher->flags; +} + +int +EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx) +{ + return EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_MODE; +} + +void * +EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *ctx) +{ + return ctx->app_data; +} + +void +EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) +{ + ctx->app_data = data; +} + +int +EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, + const void *key, const void *iv, int encp) +{ + if (encp == -1) + encp = ctx->encrypt; + else + ctx->encrypt = (encp ? 1 : 0); + + if (c && (c != ctx->cipher)) { + EVP_CIPHER_CTX_cleanup(ctx); + ctx->cipher = c; + ctx->key_len = c->key_len; + + ctx->cipher_data = malloc(c->ctx_size); + if (ctx->cipher_data == NULL && c->ctx_size != 0) + return 0; + + } else if (ctx->cipher == NULL) { + /* reuse of cipher, but not any cipher ever set! */ + return 0; + } + + switch (EVP_CIPHER_CTX_flags(ctx)) { + case EVP_CIPH_CBC_MODE: + + assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv)); + + if (iv) + memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); + break; + default: + return 0; + } + + if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) + ctx->cipher->init(ctx, key, iv, encp); + + return 1; +} + +int +EVP_Cipher(EVP_CIPHER_CTX *ctx, void *out, const void *in,size_t size) +{ + return ctx->cipher->do_cipher(ctx, out, in, size); +} + +/* + * + */ + +static int +enc_null_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + return 1; +} + +static int +enc_null_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + memmove(out, in, size); + return 1; +} + +static int +enc_null_cleanup(EVP_CIPHER_CTX *ctx) +{ + return 1; +} + +const EVP_CIPHER * +EVP_enc_null(void) +{ + static const EVP_CIPHER enc_null = { + 0, + 0, + 0, + 0, + EVP_CIPH_CBC_MODE, + enc_null_init, + enc_null_do_cipher, + enc_null_cleanup, + 0, + NULL, + NULL, + NULL, + NULL + }; + return &enc_null; +} + +/* + * + */ + +struct rc2_cbc { + unsigned int maximum_effective_key; + RC2_KEY key; +}; + +static int +rc2_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + struct rc2_cbc *k = ctx->cipher_data; + k->maximum_effective_key = EVP_CIPHER_CTX_key_length(ctx) * 8; + RC2_set_key(&k->key, + EVP_CIPHER_CTX_key_length(ctx), + key, + k->maximum_effective_key); + return 1; +} + +static int +rc2_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + struct rc2_cbc *k = ctx->cipher_data; + RC2_cbc_encrypt(in, out, size, &k->key, ctx->iv, ctx->encrypt); + return 1; +} + +static int +rc2_cleanup(EVP_CIPHER_CTX *ctx) +{ + memset(ctx->cipher_data, 0, sizeof(struct rc2_cbc)); + return 1; +} + + +const EVP_CIPHER * +EVP_rc2_cbc(void) +{ + static const EVP_CIPHER rc2_cbc = { + 0, + RC2_BLOCK_SIZE, + RC2_KEY_LENGTH, + RC2_BLOCK_SIZE, + EVP_CIPH_CBC_MODE, + rc2_init, + rc2_do_cipher, + rc2_cleanup, + sizeof(struct rc2_cbc), + NULL, + NULL, + NULL, + NULL + }; + return &rc2_cbc; +} + +const EVP_CIPHER * +EVP_rc2_40_cbc(void) +{ + static const EVP_CIPHER rc2_40_cbc = { + 0, + RC2_BLOCK_SIZE, + 5, + RC2_BLOCK_SIZE, + EVP_CIPH_CBC_MODE, + rc2_init, + rc2_do_cipher, + rc2_cleanup, + sizeof(struct rc2_cbc), + NULL, + NULL, + NULL, + NULL + }; + return &rc2_40_cbc; +} + +const EVP_CIPHER * +EVP_rc2_64_cbc(void) +{ + static const EVP_CIPHER rc2_64_cbc = { + 0, + RC2_BLOCK_SIZE, + 8, + RC2_BLOCK_SIZE, + EVP_CIPH_CBC_MODE, + rc2_init, + rc2_do_cipher, + rc2_cleanup, + sizeof(struct rc2_cbc), + NULL, + NULL, + NULL, + NULL + }; + return &rc2_64_cbc; +} + +/* + * + */ + +const EVP_CIPHER * +EVP_rc4(void) +{ + printf("evp rc4\n"); + abort(); + return NULL; +} + +const EVP_CIPHER * +EVP_rc4_40(void) +{ + printf("evp rc4_40\n"); + abort(); + return NULL; +} + +/* + * + */ + +struct des_ede3_cbc { + DES_key_schedule ks[3]; +}; + +static int +des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + struct des_ede3_cbc *k = ctx->cipher_data; + + DES_key_sched((DES_cblock *)(key), &k->ks[0]); + DES_key_sched((DES_cblock *)(key + 8), &k->ks[1]); + DES_key_sched((DES_cblock *)(key + 16), &k->ks[2]); + + return 1; +} + +static int +des_ede3_cbc_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + struct des_ede3_cbc *k = ctx->cipher_data; + DES_ede3_cbc_encrypt(in, out, size, + &k->ks[0], &k->ks[1], &k->ks[2], + (DES_cblock *)ctx->iv, ctx->encrypt); + return 1; +} + +static int +des_ede3_cbc_cleanup(EVP_CIPHER_CTX *ctx) +{ + memset(ctx->cipher_data, 0, sizeof(struct des_ede3_cbc)); + return 1; +} + +const EVP_CIPHER * +EVP_des_ede3_cbc(void) +{ + static const EVP_CIPHER des_ede3_cbc = { + 0, + 8, + 24, + 8, + EVP_CIPH_CBC_MODE, + des_ede3_cbc_init, + des_ede3_cbc_do_cipher, + des_ede3_cbc_cleanup, + sizeof(struct des_ede3_cbc), + NULL, + NULL, + NULL, + NULL + }; + return &des_ede3_cbc; +} + +/* + * + */ + +static int +aes_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + AES_KEY *k = ctx->cipher_data; + if (ctx->encrypt) + AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k); + else + AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k); + return 1; +} + +static int +aes_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + AES_KEY *k = ctx->cipher_data; + AES_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); + return 1; +} + +static int +aes_cleanup(EVP_CIPHER_CTX *ctx) +{ + memset(ctx->cipher_data, 0, sizeof(AES_KEY)); + return 1; +} + +const EVP_CIPHER * +EVP_aes_128_cbc(void) +{ + static const EVP_CIPHER aes_128_cbc = { + 0, + 16, + 16, + 16, + EVP_CIPH_CBC_MODE, + aes_init, + aes_do_cipher, + aes_cleanup, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &aes_128_cbc; +} + +const EVP_CIPHER * +EVP_aes_192_cbc(void) +{ + static const EVP_CIPHER aes_192_cbc = { + 0, + 16, + 24, + 16, + EVP_CIPH_CBC_MODE, + aes_init, + aes_do_cipher, + aes_cleanup, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &aes_192_cbc; +} + + +const EVP_CIPHER * +EVP_aes_256_cbc(void) +{ + static const EVP_CIPHER aes_256_cbc = { + 0, + 16, + 32, + 16, + EVP_CIPH_CBC_MODE, + aes_init, + aes_do_cipher, + aes_cleanup, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &aes_256_cbc; +} + +/* + * + */ + +static const struct cipher_name { + const char *name; + const EVP_CIPHER *(*func)(void); +} cipher_name[] = { + { "des-ede3-cbc", EVP_des_ede3_cbc }, + { "aes-128-cbc", EVP_aes_128_cbc }, + { "aes-192-cbc", EVP_aes_192_cbc }, + { "aes-256-cbc", EVP_aes_256_cbc } +}; + + +const EVP_CIPHER * +EVP_get_cipherbyname(const char *name) +{ + int i; + for (i = 0; i < sizeof(cipher_name)/sizeof(cipher_name[0]); i++) { + if (strcasecmp(cipher_name[i].name, name) == 0) + return (*cipher_name[i].func)(); + } + return NULL; +} + + +/* + * + */ + +#ifndef min +#define min(a,b) (((a)>(b))?(b):(a)) +#endif + +int +EVP_BytesToKey(const EVP_CIPHER *type, + const EVP_MD *md, + const void *salt, + const void *data, size_t datalen, + unsigned int count, + void *keydata, + void *ivdata) +{ + int ivlen, keylen, first = 0; + unsigned int mds = 0, i; + unsigned char *key = keydata; + unsigned char *iv = ivdata; + unsigned char *buf; + EVP_MD_CTX c; + + keylen = EVP_CIPHER_key_length(type); + ivlen = EVP_CIPHER_iv_length(type); + + if (data == NULL) + return keylen; + + buf = malloc(EVP_MD_size(md)); + if (buf == NULL) + return -1; + + EVP_MD_CTX_init(&c); + + first = 1; + while (1) { + EVP_DigestInit_ex(&c, md, NULL); + if (!first) + EVP_DigestUpdate(&c, buf, mds); + first = 0; + EVP_DigestUpdate(&c,data,datalen); + +#define PKCS5_SALT_LEN 8 + + if (salt) + EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN); + + EVP_DigestFinal_ex(&c, buf, &mds); + assert(mds == EVP_MD_size(md)); + + for (i = 1; i < count; i++) { + EVP_DigestInit_ex(&c, md, NULL); + EVP_DigestUpdate(&c, buf, mds); + EVP_DigestFinal_ex(&c, buf, &mds); + assert(mds == EVP_MD_size(md)); + } + + i = 0; + if (keylen) { + size_t sz = min(keylen, mds); + if (key) { + memcpy(key, buf, sz); + key += sz; + } + keylen -= sz; + i += sz; + } + if (ivlen && mds > i) { + size_t sz = min(ivlen, (mds - i)); + if (iv) { + memcpy(iv, &buf[i], sz); + iv += sz; + } + ivlen -= sz; + } + if (keylen == 0 && ivlen == 0) + break; + } + + EVP_MD_CTX_cleanup(&c); + free(buf); + + return EVP_CIPHER_key_length(type); +} + +/* + * + */ + +void +OpenSSL_add_all_algorithms(void) +{ + return; +} + +void +OpenSSL_add_all_algorithms_conf(void) +{ + return; +} + +void +OpenSSL_add_all_algorithms_noconf(void) +{ + return; +} diff --git a/source4/heimdal/lib/hcrypto/evp.h b/source4/heimdal/lib/hcrypto/evp.h new file mode 100644 index 0000000000..a3fbc4c9ca --- /dev/null +++ b/source4/heimdal/lib/hcrypto/evp.h @@ -0,0 +1,255 @@ +/* + * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: evp.h 18312 2006-10-07 17:21:48Z lha $ */ + +#ifndef HEIM_EVP_H +#define HEIM_EVP_H 1 + +#include + +/* symbol renaming */ +#define EVP_CIPHER_CTX_block_size hc_EVP_CIPHER_CTX_block_size +#define EVP_CIPHER_CTX_cipher hc_EVP_CIPHER_CTX_cipher +#define EVP_CIPHER_CTX_cleanup hc_EVP_CIPHER_CTX_cleanup +#define EVP_CIPHER_CTX_flags hc_EVP_CIPHER_CTX_flags +#define EVP_CIPHER_CTX_get_app_data hc_EVP_CIPHER_CTX_get_app_data +#define EVP_CIPHER_CTX_init hc_EVP_CIPHER_CTX_init +#define EVP_CIPHER_CTX_iv_length hc_EVP_CIPHER_CTX_iv_length +#define EVP_CIPHER_CTX_key_length hc_EVP_CIPHER_CTX_key_length +#define EVP_CIPHER_CTX_mode hc_EVP_CIPHER_CTX_mode +#define EVP_CIPHER_CTX_set_app_data hc_EVP_CIPHER_CTX_set_app_data +#define EVP_CIPHER_CTX_set_key_length hc_EVP_CIPHER_CTX_set_key_length +#define EVP_CIPHER_CTX_set_padding hc_EVP_CIPHER_CTX_set_padding +#define EVP_CIPHER_block_size hc_EVP_CIPHER_block_size +#define EVP_CIPHER_iv_length hc_EVP_CIPHER_iv_length +#define EVP_CIPHER_key_length hc_EVP_CIPHER_key_length +#define EVP_Cipher hc_EVP_Cipher +#define EVP_CipherInit_ex hc_EVP_CipherInit_ex +#define EVP_Digest hc_EVP_Digest +#define EVP_DigestFinal_ex hc_EVP_DigestFinal_ex +#define EVP_DigestInit_ex hc_EVP_DigestInit_ex +#define EVP_DigestUpdate hc_EVP_DigestUpdate +#define EVP_MD_CTX_block_size hc_EVP_MD_CTX_block_size +#define EVP_MD_CTX_cleanup hc_EVP_MD_CTX_cleanup +#define EVP_MD_CTX_create hc_EVP_MD_CTX_create +#define EVP_MD_CTX_init hc_EVP_MD_CTX_init +#define EVP_MD_CTX_destroy hc_EVP_MD_CTX_destroy +#define EVP_MD_CTX_md hc_EVP_MD_CTX_md +#define EVP_MD_CTX_size hc_EVP_MD_CTX_size +#define EVP_MD_block_size hc_EVP_MD_block_size +#define EVP_MD_size hc_EVP_MD_size +#define EVP_aes_128_cbc hc_EVP_aes_128_cbc +#define EVP_aes_192_cbc hc_EVP_aes_192_cbc +#define EVP_aes_256_cbc hc_EVP_aes_256_cbc +#define EVP_des_ede3_cbc hc_EVP_des_ede3_cbc +#define EVP_enc_null hc_EVP_enc_null +#define EVP_md2 hc_EVP_md2 +#define EVP_md4 hc_EVP_md4 +#define EVP_md5 hc_EVP_md5 +#define EVP_md_null hc_EVP_md_null +#define EVP_rc2_40_cbc hc_EVP_rc2_40_cbc +#define EVP_rc2_64_cbc hc_EVP_rc2_64_cbc +#define EVP_rc2_cbc hc_EVP_rc2_cbc +#define EVP_rc4 hc_EVP_rc4 +#define EVP_rc4_40 hc_EVP_rc4_40 +#define EVP_sha hc_EVP_sha +#define EVP_sha1 hc_EVP_sha1 +#define EVP_sha256 hc_EVP_sha256 +#define PKCS5_PBKDF2_HMAC_SHA1 hc_PKCS5_PBKDF2_HMAC_SHA1 +#define EVP_BytesToKey hc_EVP_BytesToKey +#define EVP_get_cipherbyname hc_EVP_get_cipherbyname +#define OpenSSL_add_all_algorithms hc_OpenSSL_add_all_algorithms +#define OpenSSL_add_all_algorithms_conf hc_OpenSSL_add_all_algorithms_conf +#define OpenSSL_add_all_algorithms_noconf hc_OpenSSL_add_all_algorithms_noconf + +/* + * + */ + +typedef struct hc_EVP_MD_CTX EVP_MD_CTX; +typedef struct hc_evp_pkey EVP_PKEY; +typedef struct hc_evp_md EVP_MD; +typedef struct hc_CIPHER EVP_CIPHER; +typedef struct hc_CIPHER_CTX EVP_CIPHER_CTX; + +#define EVP_MAX_IV_LENGTH 16 +#define EVP_MAX_BLOCK_LENGTH 32 + +#define EVP_MAX_MD_SIZE 64 + +struct hc_CIPHER { + int nid; + int block_size; + int key_len; + int iv_len; + unsigned long flags; + /* The lowest 3 bits is used as integer field for the mode the + * cipher is used in (use EVP_CIPHER.._mode() to extract the + * mode). The rest of the flag field is a bitfield. + */ +#define EVP_CIPH_CBC_MODE 2 +#define EVP_CIPH_MODE 0x7 + +#define EVP_CIPH_ALWAYS_CALL_INIT 0x20 + + int (*init)(EVP_CIPHER_CTX*,const unsigned char*,const unsigned char*,int); + int (*do_cipher)(EVP_CIPHER_CTX *, unsigned char *, + const unsigned char *, unsigned int); + int (*cleanup)(EVP_CIPHER_CTX *); + int ctx_size; + void *set_asn1_parameters; + void *get_asn1_parameters; + void *ctrl; + void *app_data; +}; + +struct hc_CIPHER_CTX { + const EVP_CIPHER *cipher; + ENGINE *engine; + int encrypt; + int buf_len; + unsigned char oiv[EVP_MAX_IV_LENGTH]; + unsigned char iv[EVP_MAX_IV_LENGTH]; + unsigned char buf[EVP_MAX_BLOCK_LENGTH]; + int num; + void *app_data; + int key_len; + unsigned long flags; + void *cipher_data; + int final_used; + int block_mask; + unsigned char final[EVP_MAX_BLOCK_LENGTH]; +}; + +struct hc_EVP_MD_CTX { + const EVP_MD *md; + ENGINE *engine; + void *ptr; +}; + +/* + * Avaible crypto algs + */ + +const EVP_MD *EVP_md_null(void); +const EVP_MD *EVP_md2(void); +const EVP_MD *EVP_md4(void); +const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_sha(void); +const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_sha256(void); + +const EVP_CIPHER * EVP_aes_128_cbc(void); +const EVP_CIPHER * EVP_aes_192_cbc(void); +const EVP_CIPHER * EVP_aes_256_cbc(void); +const EVP_CIPHER * EVP_des_ede3_cbc(void); +const EVP_CIPHER * EVP_enc_null(void); +const EVP_CIPHER * EVP_rc2_40_cbc(void); +const EVP_CIPHER * EVP_rc2_64_cbc(void); +const EVP_CIPHER * EVP_rc2_cbc(void); +const EVP_CIPHER * EVP_rc4(void); +const EVP_CIPHER * EVP_rc4_40(void); + +/* + * + */ + +size_t EVP_MD_size(const EVP_MD *); +size_t EVP_MD_block_size(const EVP_MD *); + +const EVP_MD * + EVP_MD_CTX_md(EVP_MD_CTX *); +size_t EVP_MD_CTX_size(EVP_MD_CTX *); +size_t EVP_MD_CTX_block_size(EVP_MD_CTX *); + +EVP_MD_CTX * + EVP_MD_CTX_create(void); +void EVP_MD_CTX_init(EVP_MD_CTX *); +void EVP_MD_CTX_destroy(EVP_MD_CTX *); +int EVP_MD_CTX_cleanup(EVP_MD_CTX *); + +int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *); +int EVP_DigestUpdate(EVP_MD_CTX *,const void *, size_t); +int EVP_DigestFinal_ex(EVP_MD_CTX *, void *, unsigned int *); +int EVP_Digest(const void *, size_t, void *, unsigned int *, + const EVP_MD *, ENGINE *); +/* + * + */ + +const EVP_CIPHER * + EVP_get_cipherbyname(const char *); + +size_t EVP_CIPHER_block_size(const EVP_CIPHER *); +size_t EVP_CIPHER_key_length(const EVP_CIPHER *); +size_t EVP_CIPHER_iv_length(const EVP_CIPHER *); + +void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *); +int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *, int); +unsigned long + EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *); +int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *); + +const EVP_CIPHER * + EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *); +size_t EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *); +size_t EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *); +size_t EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *); +void * EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *, void *); + +int EVP_CipherInit_ex(EVP_CIPHER_CTX *,const EVP_CIPHER *, ENGINE *, + const void *, const void *, int); + +int EVP_Cipher(EVP_CIPHER_CTX *,void *,const void *,size_t); + +int PKCS5_PBKDF2_HMAC_SHA1(const void *, size_t, const void *, size_t, + unsigned long, size_t, void *); + +int EVP_BytesToKey(const EVP_CIPHER *, const EVP_MD *, + const void *, const void *, size_t, + unsigned int, void *, void *); + + +/* + * + */ + +void OpenSSL_add_all_algorithms(void); +void OpenSSL_add_all_algorithms_conf(void); +void OpenSSL_add_all_algorithms_noconf(void); + +#endif /* HEIM_EVP_H */ diff --git a/source4/heimdal/lib/hcrypto/hash.h b/source4/heimdal/lib/hcrypto/hash.h new file mode 100644 index 0000000000..d19f0c0ae1 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/hash.h @@ -0,0 +1,71 @@ +/* + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +/* $Id: hash.h 17450 2006-05-05 11:11:43Z lha $ */ + +/* stuff in common between md4, md5, and sha1 */ + +#ifndef __hash_h__ +#define __hash_h__ + +#include +#include +#include +#ifdef KRB5 +#include +#endif + +#ifndef min +#define min(a,b) (((a)>(b))?(b):(a)) +#endif + +/* Vector Crays doesn't have a good 32-bit type, or more precisely, + int32_t as defined by isn't 32 bits, and we don't + want to depend in being able to redefine this type. To cope with + this we have to clamp the result in some places to [0,2^32); no + need to do this on other machines. Did I say this was a mess? + */ + +#ifdef _CRAY +#define CRAYFIX(X) ((X) & 0xffffffff) +#else +#define CRAYFIX(X) (X) +#endif + +static inline uint32_t +cshift (uint32_t x, unsigned int n) +{ + x = CRAYFIX(x); + return CRAYFIX((x << n) | (x >> (32 - n))); +} + +#endif /* __hash_h__ */ diff --git a/source4/heimdal/lib/hcrypto/hmac.c b/source4/heimdal/lib/hcrypto/hmac.c new file mode 100644 index 0000000000..848b987a90 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/hmac.c @@ -0,0 +1,122 @@ +#include +#include +#include +#include +#include + +void +HMAC_CTX_init(HMAC_CTX *ctx) +{ + memset(ctx, 0, sizeof(*ctx)); +} + +void +HMAC_CTX_cleanup(HMAC_CTX *ctx) +{ + if (ctx->buf) { + memset(ctx->buf, 0, ctx->key_length); + free(ctx->buf); + ctx->buf = NULL; + } + if (ctx->opad) { + memset(ctx->ipad, 0, ctx->key_length); + free(ctx->opad); + ctx->opad = NULL; + } + if (ctx->ipad) { + memset(ctx->ipad, 0, ctx->key_length); + free(ctx->ipad); + ctx->ipad = NULL; + } + if (ctx->ctx) { + EVP_MD_CTX_destroy(ctx->ctx); + ctx->ctx = NULL; + } +} + +size_t +HMAC_size(const HMAC_CTX *ctx) +{ + return EVP_MD_size(ctx->md); +} + +void +HMAC_Init_ex(HMAC_CTX *ctx, + const void *key, + size_t keylen, + const EVP_MD *md, + ENGINE *engine) +{ + unsigned char *p; + size_t i; + + if (ctx->md != md) { + ctx->md = md; + if (ctx->buf) + free (ctx->buf); + ctx->key_length = EVP_MD_size(ctx->md); + ctx->buf = malloc(ctx->key_length); + } +#if 0 + ctx->engine = engine; +#endif + + if (keylen > EVP_MD_block_size(ctx->md)) { + EVP_Digest(key, keylen, ctx->buf, NULL, ctx->md, engine); + key = ctx->buf; + keylen = EVP_MD_size(ctx->md); + } + + if (ctx->opad) + free(ctx->opad); + if (ctx->ipad) + free(ctx->ipad); + + ctx->opad = malloc(EVP_MD_block_size(ctx->md)); + ctx->ipad = malloc(EVP_MD_block_size(ctx->md)); + memset(ctx->ipad, 0x36, EVP_MD_block_size(ctx->md)); + memset(ctx->opad, 0x5c, EVP_MD_block_size(ctx->md)); + + for (i = 0, p = ctx->ipad; i < keylen; i++) + p[i] ^= ((const unsigned char *)key)[i]; + for (i = 0, p = ctx->opad; i < keylen; i++) + p[i] ^= ((const unsigned char *)key)[i]; + + ctx->ctx = EVP_MD_CTX_create(); + + EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine); + EVP_DigestUpdate(ctx->ctx, ctx->ipad, EVP_MD_block_size(ctx->md)); +} + +void +HMAC_Update(HMAC_CTX *ctx, const void *data, size_t len) +{ + EVP_DigestUpdate(ctx->ctx, data, len); +} + +void +HMAC_Final(HMAC_CTX *ctx, void *md, unsigned int *len) +{ + EVP_DigestFinal_ex(ctx->ctx, ctx->buf, NULL); + + EVP_DigestInit_ex(ctx->ctx, ctx->md, ctx->engine); + EVP_DigestUpdate(ctx->ctx, ctx->opad, EVP_MD_block_size(ctx->md)); + EVP_DigestUpdate(ctx->ctx, ctx->buf, ctx->key_length); + EVP_DigestFinal_ex(ctx->ctx, md, len); +} + +void * +HMAC(const EVP_MD *md, + const void *key, size_t key_size, + const void *data, size_t data_size, + void *hash, unsigned int *hash_len) +{ + HMAC_CTX ctx; + + HMAC_CTX_init(&ctx); + HMAC_Init_ex(&ctx, key, key_size, md, NULL); + HMAC_Update(&ctx, data, data_size); + HMAC_Final(&ctx, hash, hash_len); + HMAC_CTX_cleanup(&ctx); + return hash; +} diff --git a/source4/heimdal/lib/hcrypto/hmac.h b/source4/heimdal/lib/hcrypto/hmac.h new file mode 100644 index 0000000000..5bdae0a369 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/hmac.h @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: hmac.h 16564 2006-01-13 15:26:52Z lha $ */ + +#ifndef HEIM_HMAC_H +#define HEIM_HMAC_H 1 + +#include + +/* symbol renaming */ +#define HMAC_CTX_init hc_HMAC_CTX_init +#define HMAC_CTX_cleanup hc_HMAC_CTX_cleanup +#define HMAC_size hc_HMAC_size +#define HMAC_Init_ex hc_HMAC_Init_ex +#define HMAC_Update hc_HMAC_Update +#define HMAC_Final hc_HMAC_Final +#define HMAC hc_HMAC + +/* + * + */ + +#define HMAC_MAX_MD_CBLOCK 64 + +typedef struct hc_HMAC_CTX HMAC_CTX; + +struct hc_HMAC_CTX { + const EVP_MD *md; + ENGINE *engine; + EVP_MD_CTX *ctx; + size_t key_length; + void *opad; + void *ipad; + void *buf; +}; + + +void HMAC_CTX_init(HMAC_CTX *); +void HMAC_CTX_cleanup(HMAC_CTX *ctx); + +size_t HMAC_size(const HMAC_CTX *ctx); + +void HMAC_Init_ex(HMAC_CTX *, const void *, size_t, + const EVP_MD *, ENGINE *); +void HMAC_Update(HMAC_CTX *ctx, const void *data, size_t len); +void HMAC_Final(HMAC_CTX *ctx, void *md, unsigned int *len); + +void * HMAC(const EVP_MD *evp_md, const void *key, size_t key_len, + const void *data, size_t n, void *md, unsigned int *md_len); + +#endif /* HEIM_HMAC_H */ diff --git a/source4/heimdal/lib/hcrypto/imath/LICENSE b/source4/heimdal/lib/hcrypto/imath/LICENSE new file mode 100644 index 0000000000..cecfb11404 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/imath/LICENSE @@ -0,0 +1,21 @@ +IMath is Copyright 2002-2006 Michael J. Fromberger +You may use it subject to the following Licensing Terms: + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/source4/heimdal/lib/hcrypto/imath/imath.c b/source4/heimdal/lib/hcrypto/imath/imath.c new file mode 100755 index 0000000000..376425788b --- /dev/null +++ b/source4/heimdal/lib/hcrypto/imath/imath.c @@ -0,0 +1,3267 @@ +/* + Name: imath.c + Purpose: Arbitrary precision integer arithmetic routines. + Author: M. J. Fromberger + Info: $Id: imath.c 20854 2007-06-03 18:04:10Z lha $ + + Copyright (C) 2002-2007 Michael J. Fromberger, All Rights Reserved. + + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation files + (the "Software"), to deal in the Software without restriction, + including without limitation the rights to use, copy, modify, merge, + publish, distribute, sublicense, and/or sell copies of the Software, + and to permit persons to whom the Software is furnished to do so, + subject to the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + */ + +#include "imath.h" + +#if DEBUG +#include +#endif + +#include +#include +#include + +#include + +#if DEBUG +#define static +#endif + +/* {{{ Constants */ + +const mp_result MP_OK = 0; /* no error, all is well */ +const mp_result MP_FALSE = 0; /* boolean false */ +const mp_result MP_TRUE = -1; /* boolean true */ +const mp_result MP_MEMORY = -2; /* out of memory */ +const mp_result MP_RANGE = -3; /* argument out of range */ +const mp_result MP_UNDEF = -4; /* result undefined */ +const mp_result MP_TRUNC = -5; /* output truncated */ +const mp_result MP_BADARG = -6; /* invalid null argument */ + +const mp_sign MP_NEG = 1; /* value is strictly negative */ +const mp_sign MP_ZPOS = 0; /* value is non-negative */ + +static const char *s_unknown_err = "unknown result code"; +static const char *s_error_msg[] = { + "error code 0", + "boolean true", + "out of memory", + "argument out of range", + "result undefined", + "output truncated", + "invalid null argument", + NULL +}; + +/* }}} */ + +/* Argument checking macros + Use CHECK() where a return value is required; NRCHECK() elsewhere */ +#define CHECK(TEST) assert(TEST) +#define NRCHECK(TEST) assert(TEST) + +/* {{{ Logarithm table for computing output sizes */ + +/* The ith entry of this table gives the value of log_i(2). + + An integer value n requires ceil(log_i(n)) digits to be represented + in base i. Since it is easy to compute lg(n), by counting bits, we + can compute log_i(n) = lg(n) * log_i(2). + + The use of this table eliminates a dependency upon linkage against + the standard math libraries. + */ +static const double s_log2[] = { + 0.000000000, 0.000000000, 1.000000000, 0.630929754, /* 0 1 2 3 */ + 0.500000000, 0.430676558, 0.386852807, 0.356207187, /* 4 5 6 7 */ + 0.333333333, 0.315464877, 0.301029996, 0.289064826, /* 8 9 10 11 */ + 0.278942946, 0.270238154, 0.262649535, 0.255958025, /* 12 13 14 15 */ + 0.250000000, 0.244650542, 0.239812467, 0.235408913, /* 16 17 18 19 */ + 0.231378213, 0.227670249, 0.224243824, 0.221064729, /* 20 21 22 23 */ + 0.218104292, 0.215338279, 0.212746054, 0.210309918, /* 24 25 26 27 */ + 0.208014598, 0.205846832, 0.203795047, 0.201849087, /* 28 29 30 31 */ + 0.200000000, 0.198239863, 0.196561632, 0.194959022, /* 32 33 34 35 */ + 0.193426404, 0.191958720, 0.190551412, 0.189200360, /* 36 37 38 39 */ + 0.187901825, 0.186652411, 0.185449023, 0.184288833, /* 40 41 42 43 */ + 0.183169251, 0.182087900, 0.181042597, 0.180031327, /* 44 45 46 47 */ + 0.179052232, 0.178103594, 0.177183820, 0.176291434, /* 48 49 50 51 */ + 0.175425064, 0.174583430, 0.173765343, 0.172969690, /* 52 53 54 55 */ + 0.172195434, 0.171441601, 0.170707280, 0.169991616, /* 56 57 58 59 */ + 0.169293808, 0.168613099, 0.167948779, 0.167300179, /* 60 61 62 63 */ + 0.166666667 +}; + +/* }}} */ +/* {{{ Various macros */ + +/* Return the number of digits needed to represent a static value */ +#define MP_VALUE_DIGITS(V) \ +((sizeof(V)+(sizeof(mp_digit)-1))/sizeof(mp_digit)) + +/* Round precision P to nearest word boundary */ +#define ROUND_PREC(P) ((mp_size)(2*(((P)+1)/2))) + +/* Set array P of S digits to zero */ +#define ZERO(P, S) \ +do{mp_size i__=(S)*sizeof(mp_digit);mp_digit *p__=(P);memset(p__,0,i__);}while(0) + +/* Copy S digits from array P to array Q */ +#define COPY(P, Q, S) \ +do{mp_size i__=(S)*sizeof(mp_digit);mp_digit *p__=(P),*q__=(Q);\ +memcpy(q__,p__,i__);}while(0) + +/* Reverse N elements of type T in array A */ +#define REV(T, A, N) \ +do{T *u_=(A),*v_=u_+(N)-1;while(u_ 1 && (*dz_-- == 0)) --uz_;MP_USED(z_)=uz_;}while(0) +#endif + +#define MIN(A, B) ((B)<(A)?(B):(A)) +#define MAX(A, B) ((B)>(A)?(B):(A)) +#define SWAP(T, A, B) do{T t_=(A);A=(B);B=t_;}while(0) + +#define TEMP(K) (temp + (K)) +#define SETUP(E, C) \ +do{if((res = (E)) != MP_OK) goto CLEANUP; ++(C);}while(0) + +#define CMPZ(Z) \ +(((Z)->used==1&&(Z)->digits[0]==0)?0:((Z)->sign==MP_NEG)?-1:1) + +#define UMUL(X, Y, Z) \ +do{mp_size ua_=MP_USED(X),ub_=MP_USED(Y);mp_size o_=ua_+ub_;\ +ZERO(MP_DIGITS(Z),o_);\ +(void) s_kmul(MP_DIGITS(X),MP_DIGITS(Y),MP_DIGITS(Z),ua_,ub_);\ +MP_USED(Z)=o_;CLAMP(Z);}while(0) + +#define USQR(X, Z) \ +do{mp_size ua_=MP_USED(X),o_=ua_+ua_;ZERO(MP_DIGITS(Z),o_);\ +(void) s_ksqr(MP_DIGITS(X),MP_DIGITS(Z),ua_);MP_USED(Z)=o_;CLAMP(Z);}while(0) + +#define UPPER_HALF(W) ((mp_word)((W) >> MP_DIGIT_BIT)) +#define LOWER_HALF(W) ((mp_digit)(W)) +#define HIGH_BIT_SET(W) ((W) >> (MP_WORD_BIT - 1)) +#define ADD_WILL_OVERFLOW(W, V) ((MP_WORD_MAX - (V)) < (W)) + +/* }}} */ +/* {{{ Default configuration settings */ + +/* Default number of digits allocated to a new mp_int */ +#if IMATH_TEST +mp_size default_precision = MP_DEFAULT_PREC; +#else +static const mp_size default_precision = MP_DEFAULT_PREC; +#endif + +/* Minimum number of digits to invoke recursive multiply */ +#if IMATH_TEST +mp_size multiply_threshold = MP_MULT_THRESH; +#else +static const mp_size multiply_threshold = MP_MULT_THRESH; +#endif + +/* }}} */ + +/* Allocate a buffer of (at least) num digits, or return + NULL if that couldn't be done. */ +static mp_digit *s_alloc(mp_size num); + +/* Release a buffer of digits allocated by s_alloc(). */ +static void s_free(void *ptr); + +/* Insure that z has at least min digits allocated, resizing if + necessary. Returns true if successful, false if out of memory. */ +static int s_pad(mp_int z, mp_size min); + +/* Normalize by removing leading zeroes (except when z = 0) */ +#if TRACEABLE_CLAMP +static void s_clamp(mp_int z); +#endif + +/* Fill in a "fake" mp_int on the stack with a given value */ +static void s_fake(mp_int z, int value, mp_digit vbuf[]); + +/* Compare two runs of digits of given length, returns <0, 0, >0 */ +static int s_cdig(mp_digit *da, mp_digit *db, mp_size len); + +/* Pack the unsigned digits of v into array t */ +static int s_vpack(int v, mp_digit t[]); + +/* Compare magnitudes of a and b, returns <0, 0, >0 */ +static int s_ucmp(mp_int a, mp_int b); + +/* Compare magnitudes of a and v, returns <0, 0, >0 */ +static int s_vcmp(mp_int a, int v); + +/* Unsigned magnitude addition; assumes dc is big enough. + Carry out is returned (no memory allocated). */ +static mp_digit s_uadd(mp_digit *da, mp_digit *db, mp_digit *dc, + mp_size size_a, mp_size size_b); + +/* Unsigned magnitude subtraction. Assumes dc is big enough. */ +static void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc, + mp_size size_a, mp_size size_b); + +/* Unsigned recursive multiplication. Assumes dc is big enough. */ +static int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc, + mp_size size_a, mp_size size_b); + +/* Unsigned magnitude multiplication. Assumes dc is big enough. */ +static void s_umul(mp_digit *da, mp_digit *db, mp_digit *dc, + mp_size size_a, mp_size size_b); + +/* Unsigned recursive squaring. Assumes dc is big enough. */ +static int s_ksqr(mp_digit *da, mp_digit *dc, mp_size size_a); + +/* Unsigned magnitude squaring. Assumes dc is big enough. */ +static void s_usqr(mp_digit *da, mp_digit *dc, mp_size size_a); + +/* Single digit addition. Assumes a is big enough. */ +static void s_dadd(mp_int a, mp_digit b); + +/* Single digit multiplication. Assumes a is big enough. */ +static void s_dmul(mp_int a, mp_digit b); + +/* Single digit multiplication on buffers; assumes dc is big enough. */ +static void s_dbmul(mp_digit *da, mp_digit b, mp_digit *dc, + mp_size size_a); + +/* Single digit division. Replaces a with the quotient, + returns the remainder. */ +static mp_digit s_ddiv(mp_int a, mp_digit b); + +/* Quick division by a power of 2, replaces z (no allocation) */ +static void s_qdiv(mp_int z, mp_size p2); + +/* Quick remainder by a power of 2, replaces z (no allocation) */ +static void s_qmod(mp_int z, mp_size p2); + +/* Quick multiplication by a power of 2, replaces z. + Allocates if necessary; returns false in case this fails. */ +static int s_qmul(mp_int z, mp_size p2); + +/* Quick subtraction from a power of 2, replaces z. + Allocates if necessary; returns false in case this fails. */ +static int s_qsub(mp_int z, mp_size p2); + +/* Return maximum k such that 2^k divides z. */ +static int s_dp2k(mp_int z); + +/* Return k >= 0 such that z = 2^k, or -1 if there is no such k. */ +static int s_isp2(mp_int z); + +/* Set z to 2^k. May allocate; returns false in case this fails. */ +static int s_2expt(mp_int z, int k); + +/* Normalize a and b for division, returns normalization constant */ +static int s_norm(mp_int a, mp_int b); + +/* Compute constant mu for Barrett reduction, given modulus m, result + replaces z, m is untouched. */ +static mp_result s_brmu(mp_int z, mp_int m); + +/* Reduce a modulo m, using Barrett's algorithm. */ +static int s_reduce(mp_int x, mp_int m, mp_int mu, mp_int q1, mp_int q2); + +/* Modular exponentiation, using Barrett reduction */ +static mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c); + +/* Unsigned magnitude division. Assumes |a| > |b|. Allocates + temporaries; overwrites a with quotient, b with remainder. */ +static mp_result s_udiv(mp_int a, mp_int b); + +/* Compute the number of digits in radix r required to represent the + given value. Does not account for sign flags, terminators, etc. */ +static int s_outlen(mp_int z, mp_size r); + +/* Guess how many digits of precision will be needed to represent a + radix r value of the specified number of digits. Returns a value + guaranteed to be no smaller than the actual number required. */ +static mp_size s_inlen(int len, mp_size r); + +/* Convert a character to a digit value in radix r, or + -1 if out of range */ +static int s_ch2val(char c, int r); + +/* Convert a digit value to a character */ +static char s_val2ch(int v, int caps); + +/* Take 2's complement of a buffer in place */ +static void s_2comp(unsigned char *buf, int len); + +/* Convert a value to binary, ignoring sign. On input, *limpos is the + bound on how many bytes should be written to buf; on output, *limpos + is set to the number of bytes actually written. */ +static mp_result s_tobin(mp_int z, unsigned char *buf, int *limpos, int pad); + +#if DEBUG +/* Dump a representation of the mp_int to standard output */ +void s_print(char *tag, mp_int z); +void s_print_buf(char *tag, mp_digit *buf, mp_size num); +#endif + +/* {{{ mp_int_init(z) */ + +mp_result mp_int_init(mp_int z) +{ + if(z == NULL) + return MP_BADARG; + + z->single = 0; + z->digits = &(z->single); + z->alloc = 1; + z->used = 1; + z->sign = MP_ZPOS; + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_alloc() */ + +mp_int mp_int_alloc(void) +{ + mp_int out = malloc(sizeof(mpz_t)); + + if(out != NULL) + mp_int_init(out); + + return out; +} + +/* }}} */ + +/* {{{ mp_int_init_size(z, prec) */ + +mp_result mp_int_init_size(mp_int z, mp_size prec) +{ + CHECK(z != NULL); + + if(prec == 0) + prec = default_precision; + else if(prec == 1) + return mp_int_init(z); + else + prec = (mp_size) ROUND_PREC(prec); + + if((MP_DIGITS(z) = s_alloc(prec)) == NULL) + return MP_MEMORY; + + z->digits[0] = 0; + MP_USED(z) = 1; + MP_ALLOC(z) = prec; + MP_SIGN(z) = MP_ZPOS; + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_init_copy(z, old) */ + +mp_result mp_int_init_copy(mp_int z, mp_int old) +{ + mp_result res; + mp_size uold; + + CHECK(z != NULL && old != NULL); + + uold = MP_USED(old); + if(uold == 1) { + mp_int_init(z); + } + else { + mp_size target = MAX(uold, default_precision); + + if((res = mp_int_init_size(z, target)) != MP_OK) + return res; + } + + MP_USED(z) = uold; + MP_SIGN(z) = MP_SIGN(old); + COPY(MP_DIGITS(old), MP_DIGITS(z), uold); + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_init_value(z, value) */ + +mp_result mp_int_init_value(mp_int z, int value) +{ + mpz_t vtmp; + mp_digit vbuf[MP_VALUE_DIGITS(value)]; + + s_fake(&vtmp, value, vbuf); + return mp_int_init_copy(z, &vtmp); +} + +/* }}} */ + +/* {{{ mp_int_set_value(z, value) */ + +mp_result mp_int_set_value(mp_int z, int value) +{ + mpz_t vtmp; + mp_digit vbuf[MP_VALUE_DIGITS(value)]; + + s_fake(&vtmp, value, vbuf); + return mp_int_copy(&vtmp, z); +} + +/* }}} */ + +/* {{{ mp_int_clear(z) */ + +void mp_int_clear(mp_int z) +{ + if(z == NULL) + return; + + if(MP_DIGITS(z) != NULL) { + if((void *) MP_DIGITS(z) != (void *) z) + s_free(MP_DIGITS(z)); + + MP_DIGITS(z) = NULL; + } +} + +/* }}} */ + +/* {{{ mp_int_free(z) */ + +void mp_int_free(mp_int z) +{ + NRCHECK(z != NULL); + + mp_int_clear(z); + free(z); /* note: NOT s_free() */ +} + +/* }}} */ + +/* {{{ mp_int_copy(a, c) */ + +mp_result mp_int_copy(mp_int a, mp_int c) +{ + CHECK(a != NULL && c != NULL); + + if(a != c) { + mp_size ua = MP_USED(a); + mp_digit *da, *dc; + + if(!s_pad(c, ua)) + return MP_MEMORY; + + da = MP_DIGITS(a); dc = MP_DIGITS(c); + COPY(da, dc, ua); + + MP_USED(c) = ua; + MP_SIGN(c) = MP_SIGN(a); + } + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_swap(a, c) */ + +void mp_int_swap(mp_int a, mp_int c) +{ + if(a != c) { + mpz_t tmp = *a; + + *a = *c; + *c = tmp; + } +} + +/* }}} */ + +/* {{{ mp_int_zero(z) */ + +void mp_int_zero(mp_int z) +{ + NRCHECK(z != NULL); + + z->digits[0] = 0; + MP_USED(z) = 1; + MP_SIGN(z) = MP_ZPOS; +} + +/* }}} */ + +/* {{{ mp_int_abs(a, c) */ + +mp_result mp_int_abs(mp_int a, mp_int c) +{ + mp_result res; + + CHECK(a != NULL && c != NULL); + + if((res = mp_int_copy(a, c)) != MP_OK) + return res; + + MP_SIGN(c) = MP_ZPOS; + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_neg(a, c) */ + +mp_result mp_int_neg(mp_int a, mp_int c) +{ + mp_result res; + + CHECK(a != NULL && c != NULL); + + if((res = mp_int_copy(a, c)) != MP_OK) + return res; + + if(CMPZ(c) != 0) + MP_SIGN(c) = 1 - MP_SIGN(a); + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_add(a, b, c) */ + +mp_result mp_int_add(mp_int a, mp_int b, mp_int c) +{ + mp_size ua, ub, uc, max; + + CHECK(a != NULL && b != NULL && c != NULL); + + ua = MP_USED(a); ub = MP_USED(b); uc = MP_USED(c); + max = MAX(ua, ub); + + if(MP_SIGN(a) == MP_SIGN(b)) { + /* Same sign -- add magnitudes, preserve sign of addends */ + mp_digit carry; + + if(!s_pad(c, max)) + return MP_MEMORY; + + carry = s_uadd(MP_DIGITS(a), MP_DIGITS(b), MP_DIGITS(c), ua, ub); + uc = max; + + if(carry) { + if(!s_pad(c, max + 1)) + return MP_MEMORY; + + c->digits[max] = carry; + ++uc; + } + + MP_USED(c) = uc; + MP_SIGN(c) = MP_SIGN(a); + + } + else { + /* Different signs -- subtract magnitudes, preserve sign of greater */ + mp_int x, y; + int cmp = s_ucmp(a, b); /* magnitude comparision, sign ignored */ + + /* Set x to max(a, b), y to min(a, b) to simplify later code */ + if(cmp >= 0) { + x = a; y = b; + } + else { + x = b; y = a; + } + + if(!s_pad(c, MP_USED(x))) + return MP_MEMORY; + + /* Subtract smaller from larger */ + s_usub(MP_DIGITS(x), MP_DIGITS(y), MP_DIGITS(c), MP_USED(x), MP_USED(y)); + MP_USED(c) = MP_USED(x); + CLAMP(c); + + /* Give result the sign of the larger */ + MP_SIGN(c) = MP_SIGN(x); + } + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_add_value(a, value, c) */ + +mp_result mp_int_add_value(mp_int a, int value, mp_int c) +{ + mpz_t vtmp; + mp_digit vbuf[MP_VALUE_DIGITS(value)]; + + s_fake(&vtmp, value, vbuf); + + return mp_int_add(a, &vtmp, c); +} + +/* }}} */ + +/* {{{ mp_int_sub(a, b, c) */ + +mp_result mp_int_sub(mp_int a, mp_int b, mp_int c) +{ + mp_size ua, ub, uc, max; + + CHECK(a != NULL && b != NULL && c != NULL); + + ua = MP_USED(a); ub = MP_USED(b); uc = MP_USED(c); + max = MAX(ua, ub); + + if(MP_SIGN(a) != MP_SIGN(b)) { + /* Different signs -- add magnitudes and keep sign of a */ + mp_digit carry; + + if(!s_pad(c, max)) + return MP_MEMORY; + + carry = s_uadd(MP_DIGITS(a), MP_DIGITS(b), MP_DIGITS(c), ua, ub); + uc = max; + + if(carry) { + if(!s_pad(c, max + 1)) + return MP_MEMORY; + + c->digits[max] = carry; + ++uc; + } + + MP_USED(c) = uc; + MP_SIGN(c) = MP_SIGN(a); + + } + else { + /* Same signs -- subtract magnitudes */ + mp_int x, y; + mp_sign osign; + int cmp = s_ucmp(a, b); + + if(!s_pad(c, max)) + return MP_MEMORY; + + if(cmp >= 0) { + x = a; y = b; osign = MP_ZPOS; + } + else { + x = b; y = a; osign = MP_NEG; + } + + if(MP_SIGN(a) == MP_NEG && cmp != 0) + osign = 1 - osign; + + s_usub(MP_DIGITS(x), MP_DIGITS(y), MP_DIGITS(c), MP_USED(x), MP_USED(y)); + MP_USED(c) = MP_USED(x); + CLAMP(c); + + MP_SIGN(c) = osign; + } + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_sub_value(a, value, c) */ + +mp_result mp_int_sub_value(mp_int a, int value, mp_int c) +{ + mpz_t vtmp; + mp_digit vbuf[MP_VALUE_DIGITS(value)]; + + s_fake(&vtmp, value, vbuf); + + return mp_int_sub(a, &vtmp, c); +} + +/* }}} */ + +/* {{{ mp_int_mul(a, b, c) */ + +mp_result mp_int_mul(mp_int a, mp_int b, mp_int c) +{ + mp_digit *out; + mp_size osize, ua, ub, p = 0; + mp_sign osign; + + CHECK(a != NULL && b != NULL && c != NULL); + + /* If either input is zero, we can shortcut multiplication */ + if(mp_int_compare_zero(a) == 0 || mp_int_compare_zero(b) == 0) { + mp_int_zero(c); + return MP_OK; + } + + /* Output is positive if inputs have same sign, otherwise negative */ + osign = (MP_SIGN(a) == MP_SIGN(b)) ? MP_ZPOS : MP_NEG; + + /* If the output is not identical to any of the inputs, we'll write + the results directly; otherwise, allocate a temporary space. */ + ua = MP_USED(a); ub = MP_USED(b); + osize = MAX(ua, ub); + osize = 4 * ((osize + 1) / 2); + + if(c == a || c == b) { + p = ROUND_PREC(osize); + p = MAX(p, default_precision); + + if((out = s_alloc(p)) == NULL) + return MP_MEMORY; + } + else { + if(!s_pad(c, osize)) + return MP_MEMORY; + + out = MP_DIGITS(c); + } + ZERO(out, osize); + + if(!s_kmul(MP_DIGITS(a), MP_DIGITS(b), out, ua, ub)) + return MP_MEMORY; + + /* If we allocated a new buffer, get rid of whatever memory c was + already using, and fix up its fields to reflect that. + */ + if(out != MP_DIGITS(c)) { + if((void *) MP_DIGITS(c) != (void *) c) + s_free(MP_DIGITS(c)); + MP_DIGITS(c) = out; + MP_ALLOC(c) = p; + } + + MP_USED(c) = osize; /* might not be true, but we'll fix it ... */ + CLAMP(c); /* ... right here */ + MP_SIGN(c) = osign; + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_mul_value(a, value, c) */ + +mp_result mp_int_mul_value(mp_int a, int value, mp_int c) +{ + mpz_t vtmp; + mp_digit vbuf[MP_VALUE_DIGITS(value)]; + + s_fake(&vtmp, value, vbuf); + + return mp_int_mul(a, &vtmp, c); +} + +/* }}} */ + +/* {{{ mp_int_mul_pow2(a, p2, c) */ + +mp_result mp_int_mul_pow2(mp_int a, int p2, mp_int c) +{ + mp_result res; + CHECK(a != NULL && c != NULL && p2 >= 0); + + if((res = mp_int_copy(a, c)) != MP_OK) + return res; + + if(s_qmul(c, (mp_size) p2)) + return MP_OK; + else + return MP_MEMORY; +} + +/* }}} */ + +/* {{{ mp_int_sqr(a, c) */ + +mp_result mp_int_sqr(mp_int a, mp_int c) +{ + mp_digit *out; + mp_size osize, p = 0; + + CHECK(a != NULL && c != NULL); + + /* Get a temporary buffer big enough to hold the result */ + osize = (mp_size) 4 * ((MP_USED(a) + 1) / 2); + if(a == c) { + p = ROUND_PREC(osize); + p = MAX(p, default_precision); + + if((out = s_alloc(p)) == NULL) + return MP_MEMORY; + } + else { + if(!s_pad(c, osize)) + return MP_MEMORY; + + out = MP_DIGITS(c); + } + ZERO(out, osize); + + s_ksqr(MP_DIGITS(a), out, MP_USED(a)); + + /* Get rid of whatever memory c was already using, and fix up its + fields to reflect the new digit array it's using + */ + if(out != MP_DIGITS(c)) { + if((void *) MP_DIGITS(c) != (void *) c) + s_free(MP_DIGITS(c)); + MP_DIGITS(c) = out; + MP_ALLOC(c) = p; + } + + MP_USED(c) = osize; /* might not be true, but we'll fix it ... */ + CLAMP(c); /* ... right here */ + MP_SIGN(c) = MP_ZPOS; + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_div(a, b, q, r) */ + +mp_result mp_int_div(mp_int a, mp_int b, mp_int q, mp_int r) +{ + int cmp, last = 0, lg; + mp_result res = MP_OK; + mpz_t temp[2]; + mp_int qout, rout; + mp_sign sa = MP_SIGN(a), sb = MP_SIGN(b); + + CHECK(a != NULL && b != NULL && q != r); + + if(CMPZ(b) == 0) + return MP_UNDEF; + else if((cmp = s_ucmp(a, b)) < 0) { + /* If |a| < |b|, no division is required: + q = 0, r = a + */ + if(r && (res = mp_int_copy(a, r)) != MP_OK) + return res; + + if(q) + mp_int_zero(q); + + return MP_OK; + } + else if(cmp == 0) { + /* If |a| = |b|, no division is required: + q = 1 or -1, r = 0 + */ + if(r) + mp_int_zero(r); + + if(q) { + mp_int_zero(q); + q->digits[0] = 1; + + if(sa != sb) + MP_SIGN(q) = MP_NEG; + } + + return MP_OK; + } + + /* When |a| > |b|, real division is required. We need someplace to + store quotient and remainder, but q and r are allowed to be NULL + or to overlap with the inputs. + */ + if((lg = s_isp2(b)) < 0) { + if(q && b != q && (res = mp_int_copy(a, q)) == MP_OK) { + qout = q; + } + else { + qout = TEMP(last); + SETUP(mp_int_init_copy(TEMP(last), a), last); + } + + if(r && a != r && (res = mp_int_copy(b, r)) == MP_OK) { + rout = r; + } + else { + rout = TEMP(last); + SETUP(mp_int_init_copy(TEMP(last), b), last); + } + + if((res = s_udiv(qout, rout)) != MP_OK) goto CLEANUP; + } + else { + if(q && (res = mp_int_copy(a, q)) != MP_OK) goto CLEANUP; + if(r && (res = mp_int_copy(a, r)) != MP_OK) goto CLEANUP; + + if(q) s_qdiv(q, (mp_size) lg); qout = q; + if(r) s_qmod(r, (mp_size) lg); rout = r; + } + + /* Recompute signs for output */ + if(rout) { + MP_SIGN(rout) = sa; + if(CMPZ(rout) == 0) + MP_SIGN(rout) = MP_ZPOS; + } + if(qout) { + MP_SIGN(qout) = (sa == sb) ? MP_ZPOS : MP_NEG; + if(CMPZ(qout) == 0) + MP_SIGN(qout) = MP_ZPOS; + } + + if(q && (res = mp_int_copy(qout, q)) != MP_OK) goto CLEANUP; + if(r && (res = mp_int_copy(rout, r)) != MP_OK) goto CLEANUP; + + CLEANUP: + while(--last >= 0) + mp_int_clear(TEMP(last)); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_mod(a, m, c) */ + +mp_result mp_int_mod(mp_int a, mp_int m, mp_int c) +{ + mp_result res; + mpz_t tmp; + mp_int out; + + if(m == c) { + mp_int_init(&tmp); + out = &tmp; + } + else { + out = c; + } + + if((res = mp_int_div(a, m, NULL, out)) != MP_OK) + goto CLEANUP; + + if(CMPZ(out) < 0) + res = mp_int_add(out, m, c); + else + res = mp_int_copy(out, c); + + CLEANUP: + if(out != c) + mp_int_clear(&tmp); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_div_value(a, value, q, r) */ + +mp_result mp_int_div_value(mp_int a, int value, mp_int q, int *r) +{ + mpz_t vtmp, rtmp; + mp_digit vbuf[MP_VALUE_DIGITS(value)]; + mp_result res; + + mp_int_init(&rtmp); + s_fake(&vtmp, value, vbuf); + + if((res = mp_int_div(a, &vtmp, q, &rtmp)) != MP_OK) + goto CLEANUP; + + if(r) + (void) mp_int_to_int(&rtmp, r); /* can't fail */ + + CLEANUP: + mp_int_clear(&rtmp); + return res; +} + +/* }}} */ + +/* {{{ mp_int_div_pow2(a, p2, q, r) */ + +mp_result mp_int_div_pow2(mp_int a, int p2, mp_int q, mp_int r) +{ + mp_result res = MP_OK; + + CHECK(a != NULL && p2 >= 0 && q != r); + + if(q != NULL && (res = mp_int_copy(a, q)) == MP_OK) + s_qdiv(q, (mp_size) p2); + + if(res == MP_OK && r != NULL && (res = mp_int_copy(a, r)) == MP_OK) + s_qmod(r, (mp_size) p2); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_expt(a, b, c) */ + +mp_result mp_int_expt(mp_int a, int b, mp_int c) +{ + mpz_t t; + mp_result res; + unsigned int v = abs(b); + + CHECK(b >= 0 && c != NULL); + + if((res = mp_int_init_copy(&t, a)) != MP_OK) + return res; + + (void) mp_int_set_value(c, 1); + while(v != 0) { + if(v & 1) { + if((res = mp_int_mul(c, &t, c)) != MP_OK) + goto CLEANUP; + } + + v >>= 1; + if(v == 0) break; + + if((res = mp_int_sqr(&t, &t)) != MP_OK) + goto CLEANUP; + } + + CLEANUP: + mp_int_clear(&t); + return res; +} + +/* }}} */ + +/* {{{ mp_int_expt_value(a, b, c) */ + +mp_result mp_int_expt_value(int a, int b, mp_int c) +{ + mpz_t t; + mp_result res; + unsigned int v = abs(b); + + CHECK(b >= 0 && c != NULL); + + if((res = mp_int_init_value(&t, a)) != MP_OK) + return res; + + (void) mp_int_set_value(c, 1); + while(v != 0) { + if(v & 1) { + if((res = mp_int_mul(c, &t, c)) != MP_OK) + goto CLEANUP; + } + + v >>= 1; + if(v == 0) break; + + if((res = mp_int_sqr(&t, &t)) != MP_OK) + goto CLEANUP; + } + + CLEANUP: + mp_int_clear(&t); + return res; +} + +/* }}} */ + +/* {{{ mp_int_compare(a, b) */ + +int mp_int_compare(mp_int a, mp_int b) +{ + mp_sign sa; + + CHECK(a != NULL && b != NULL); + + sa = MP_SIGN(a); + if(sa == MP_SIGN(b)) { + int cmp = s_ucmp(a, b); + + /* If they're both zero or positive, the normal comparison + applies; if both negative, the sense is reversed. */ + if(sa == MP_ZPOS) + return cmp; + else + return -cmp; + + } + else { + if(sa == MP_ZPOS) + return 1; + else + return -1; + } +} + +/* }}} */ + +/* {{{ mp_int_compare_unsigned(a, b) */ + +int mp_int_compare_unsigned(mp_int a, mp_int b) +{ + NRCHECK(a != NULL && b != NULL); + + return s_ucmp(a, b); +} + +/* }}} */ + +/* {{{ mp_int_compare_zero(z) */ + +int mp_int_compare_zero(mp_int z) +{ + NRCHECK(z != NULL); + + if(MP_USED(z) == 1 && z->digits[0] == 0) + return 0; + else if(MP_SIGN(z) == MP_ZPOS) + return 1; + else + return -1; +} + +/* }}} */ + +/* {{{ mp_int_compare_value(z, value) */ + +int mp_int_compare_value(mp_int z, int value) +{ + mp_sign vsign = (value < 0) ? MP_NEG : MP_ZPOS; + int cmp; + + CHECK(z != NULL); + + if(vsign == MP_SIGN(z)) { + cmp = s_vcmp(z, value); + + if(vsign == MP_ZPOS) + return cmp; + else + return -cmp; + } + else { + if(value < 0) + return 1; + else + return -1; + } +} + +/* }}} */ + +/* {{{ mp_int_exptmod(a, b, m, c) */ + +mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m, mp_int c) +{ + mp_result res; + mp_size um; + mpz_t temp[3]; + mp_int s; + int last = 0; + + CHECK(a != NULL && b != NULL && c != NULL && m != NULL); + + /* Zero moduli and negative exponents are not considered. */ + if(CMPZ(m) == 0) + return MP_UNDEF; + if(CMPZ(b) < 0) + return MP_RANGE; + + um = MP_USED(m); + SETUP(mp_int_init_size(TEMP(0), 2 * um), last); + SETUP(mp_int_init_size(TEMP(1), 2 * um), last); + + if(c == b || c == m) { + SETUP(mp_int_init_size(TEMP(2), 2 * um), last); + s = TEMP(2); + } + else { + s = c; + } + + if((res = mp_int_mod(a, m, TEMP(0))) != MP_OK) goto CLEANUP; + + if((res = s_brmu(TEMP(1), m)) != MP_OK) goto CLEANUP; + + if((res = s_embar(TEMP(0), b, m, TEMP(1), s)) != MP_OK) + goto CLEANUP; + + res = mp_int_copy(s, c); + + CLEANUP: + while(--last >= 0) + mp_int_clear(TEMP(last)); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_exptmod_evalue(a, value, m, c) */ + +mp_result mp_int_exptmod_evalue(mp_int a, int value, mp_int m, mp_int c) +{ + mpz_t vtmp; + mp_digit vbuf[MP_VALUE_DIGITS(value)]; + + s_fake(&vtmp, value, vbuf); + + return mp_int_exptmod(a, &vtmp, m, c); +} + +/* }}} */ + +/* {{{ mp_int_exptmod_bvalue(v, b, m, c) */ + +mp_result mp_int_exptmod_bvalue(int value, mp_int b, + mp_int m, mp_int c) +{ + mpz_t vtmp; + mp_digit vbuf[MP_VALUE_DIGITS(value)]; + + s_fake(&vtmp, value, vbuf); + + return mp_int_exptmod(&vtmp, b, m, c); +} + +/* }}} */ + +/* {{{ mp_int_exptmod_known(a, b, m, mu, c) */ + +mp_result mp_int_exptmod_known(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c) +{ + mp_result res; + mp_size um; + mpz_t temp[2]; + mp_int s; + int last = 0; + + CHECK(a && b && m && c); + + /* Zero moduli and negative exponents are not considered. */ + if(CMPZ(m) == 0) + return MP_UNDEF; + if(CMPZ(b) < 0) + return MP_RANGE; + + um = MP_USED(m); + SETUP(mp_int_init_size(TEMP(0), 2 * um), last); + + if(c == b || c == m) { + SETUP(mp_int_init_size(TEMP(1), 2 * um), last); + s = TEMP(1); + } + else { + s = c; + } + + if((res = mp_int_mod(a, m, TEMP(0))) != MP_OK) goto CLEANUP; + + if((res = s_embar(TEMP(0), b, m, mu, s)) != MP_OK) + goto CLEANUP; + + res = mp_int_copy(s, c); + + CLEANUP: + while(--last >= 0) + mp_int_clear(TEMP(last)); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_redux_const(m, c) */ + +mp_result mp_int_redux_const(mp_int m, mp_int c) +{ + CHECK(m != NULL && c != NULL && m != c); + + return s_brmu(c, m); +} + +/* }}} */ + +/* {{{ mp_int_invmod(a, m, c) */ + +mp_result mp_int_invmod(mp_int a, mp_int m, mp_int c) +{ + mp_result res; + mp_sign sa; + int last = 0; + mpz_t temp[2]; + + CHECK(a != NULL && m != NULL && c != NULL); + + if(CMPZ(a) == 0 || CMPZ(m) <= 0) + return MP_RANGE; + + sa = MP_SIGN(a); /* need this for the result later */ + + for(last = 0; last < 2; ++last) + mp_int_init(TEMP(last)); + + if((res = mp_int_egcd(a, m, TEMP(0), TEMP(1), NULL)) != MP_OK) + goto CLEANUP; + + if(mp_int_compare_value(TEMP(0), 1) != 0) { + res = MP_UNDEF; + goto CLEANUP; + } + + /* It is first necessary to constrain the value to the proper range */ + if((res = mp_int_mod(TEMP(1), m, TEMP(1))) != MP_OK) + goto CLEANUP; + + /* Now, if 'a' was originally negative, the value we have is + actually the magnitude of the negative representative; to get the + positive value we have to subtract from the modulus. Otherwise, + the value is okay as it stands. + */ + if(sa == MP_NEG) + res = mp_int_sub(m, TEMP(1), c); + else + res = mp_int_copy(TEMP(1), c); + + CLEANUP: + while(--last >= 0) + mp_int_clear(TEMP(last)); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_gcd(a, b, c) */ + +/* Binary GCD algorithm due to Josef Stein, 1961 */ +mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c) +{ + int ca, cb, k = 0; + mpz_t u, v, t; + mp_result res; + + CHECK(a != NULL && b != NULL && c != NULL); + + ca = CMPZ(a); + cb = CMPZ(b); + if(ca == 0 && cb == 0) + return MP_UNDEF; + else if(ca == 0) + return mp_int_abs(b, c); + else if(cb == 0) + return mp_int_abs(a, c); + + mp_int_init(&t); + if((res = mp_int_init_copy(&u, a)) != MP_OK) + goto U; + if((res = mp_int_init_copy(&v, b)) != MP_OK) + goto V; + + MP_SIGN(&u) = MP_ZPOS; MP_SIGN(&v) = MP_ZPOS; + + { /* Divide out common factors of 2 from u and v */ + int div2_u = s_dp2k(&u), div2_v = s_dp2k(&v); + + k = MIN(div2_u, div2_v); + s_qdiv(&u, (mp_size) k); + s_qdiv(&v, (mp_size) k); + } + + if(mp_int_is_odd(&u)) { + if((res = mp_int_neg(&v, &t)) != MP_OK) + goto CLEANUP; + } + else { + if((res = mp_int_copy(&u, &t)) != MP_OK) + goto CLEANUP; + } + + for(;;) { + s_qdiv(&t, s_dp2k(&t)); + + if(CMPZ(&t) > 0) { + if((res = mp_int_copy(&t, &u)) != MP_OK) + goto CLEANUP; + } + else { + if((res = mp_int_neg(&t, &v)) != MP_OK) + goto CLEANUP; + } + + if((res = mp_int_sub(&u, &v, &t)) != MP_OK) + goto CLEANUP; + + if(CMPZ(&t) == 0) + break; + } + + if((res = mp_int_abs(&u, c)) != MP_OK) + goto CLEANUP; + if(!s_qmul(c, (mp_size) k)) + res = MP_MEMORY; + + CLEANUP: + mp_int_clear(&v); + V: mp_int_clear(&u); + U: mp_int_clear(&t); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_egcd(a, b, c, x, y) */ + +/* This is the binary GCD algorithm again, but this time we keep track + of the elementary matrix operations as we go, so we can get values + x and y satisfying c = ax + by. + */ +mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, + mp_int x, mp_int y) +{ + int k, last = 0, ca, cb; + mpz_t temp[8]; + mp_result res; + + CHECK(a != NULL && b != NULL && c != NULL && + (x != NULL || y != NULL)); + + ca = CMPZ(a); + cb = CMPZ(b); + if(ca == 0 && cb == 0) + return MP_UNDEF; + else if(ca == 0) { + if((res = mp_int_abs(b, c)) != MP_OK) return res; + mp_int_zero(x); (void) mp_int_set_value(y, 1); return MP_OK; + } + else if(cb == 0) { + if((res = mp_int_abs(a, c)) != MP_OK) return res; + (void) mp_int_set_value(x, 1); mp_int_zero(y); return MP_OK; + } + + /* Initialize temporaries: + A:0, B:1, C:2, D:3, u:4, v:5, ou:6, ov:7 */ + for(last = 0; last < 4; ++last) + mp_int_init(TEMP(last)); + TEMP(0)->digits[0] = 1; + TEMP(3)->digits[0] = 1; + + SETUP(mp_int_init_copy(TEMP(4), a), last); + SETUP(mp_int_init_copy(TEMP(5), b), last); + + /* We will work with absolute values here */ + MP_SIGN(TEMP(4)) = MP_ZPOS; + MP_SIGN(TEMP(5)) = MP_ZPOS; + + { /* Divide out common factors of 2 from u and v */ + int div2_u = s_dp2k(TEMP(4)), div2_v = s_dp2k(TEMP(5)); + + k = MIN(div2_u, div2_v); + s_qdiv(TEMP(4), k); + s_qdiv(TEMP(5), k); + } + + SETUP(mp_int_init_copy(TEMP(6), TEMP(4)), last); + SETUP(mp_int_init_copy(TEMP(7), TEMP(5)), last); + + for(;;) { + while(mp_int_is_even(TEMP(4))) { + s_qdiv(TEMP(4), 1); + + if(mp_int_is_odd(TEMP(0)) || mp_int_is_odd(TEMP(1))) { + if((res = mp_int_add(TEMP(0), TEMP(7), TEMP(0))) != MP_OK) + goto CLEANUP; + if((res = mp_int_sub(TEMP(1), TEMP(6), TEMP(1))) != MP_OK) + goto CLEANUP; + } + + s_qdiv(TEMP(0), 1); + s_qdiv(TEMP(1), 1); + } + + while(mp_int_is_even(TEMP(5))) { + s_qdiv(TEMP(5), 1); + + if(mp_int_is_odd(TEMP(2)) || mp_int_is_odd(TEMP(3))) { + if((res = mp_int_add(TEMP(2), TEMP(7), TEMP(2))) != MP_OK) + goto CLEANUP; + if((res = mp_int_sub(TEMP(3), TEMP(6), TEMP(3))) != MP_OK) + goto CLEANUP; + } + + s_qdiv(TEMP(2), 1); + s_qdiv(TEMP(3), 1); + } + + if(mp_int_compare(TEMP(4), TEMP(5)) >= 0) { + if((res = mp_int_sub(TEMP(4), TEMP(5), TEMP(4))) != MP_OK) goto CLEANUP; + if((res = mp_int_sub(TEMP(0), TEMP(2), TEMP(0))) != MP_OK) goto CLEANUP; + if((res = mp_int_sub(TEMP(1), TEMP(3), TEMP(1))) != MP_OK) goto CLEANUP; + } + else { + if((res = mp_int_sub(TEMP(5), TEMP(4), TEMP(5))) != MP_OK) goto CLEANUP; + if((res = mp_int_sub(TEMP(2), TEMP(0), TEMP(2))) != MP_OK) goto CLEANUP; + if((res = mp_int_sub(TEMP(3), TEMP(1), TEMP(3))) != MP_OK) goto CLEANUP; + } + + if(CMPZ(TEMP(4)) == 0) { + if(x && (res = mp_int_copy(TEMP(2), x)) != MP_OK) goto CLEANUP; + if(y && (res = mp_int_copy(TEMP(3), y)) != MP_OK) goto CLEANUP; + if(c) { + if(!s_qmul(TEMP(5), k)) { + res = MP_MEMORY; + goto CLEANUP; + } + + res = mp_int_copy(TEMP(5), c); + } + + break; + } + } + + CLEANUP: + while(--last >= 0) + mp_int_clear(TEMP(last)); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_divisible_value(a, v) */ + +int mp_int_divisible_value(mp_int a, int v) +{ + int rem = 0; + + if(mp_int_div_value(a, v, NULL, &rem) != MP_OK) + return 0; + + return rem == 0; +} + +/* }}} */ + +/* {{{ mp_int_is_pow2(z) */ + +int mp_int_is_pow2(mp_int z) +{ + CHECK(z != NULL); + + return s_isp2(z); +} + +/* }}} */ + +/* {{{ mp_int_sqrt(a, c) */ + +mp_result mp_int_sqrt(mp_int a, mp_int c) +{ + mp_result res = MP_OK; + mpz_t temp[2]; + int last = 0; + + CHECK(a != NULL && c != NULL); + + /* The square root of a negative value does not exist in the integers. */ + if(MP_SIGN(a) == MP_NEG) + return MP_UNDEF; + + SETUP(mp_int_init_copy(TEMP(last), a), last); + SETUP(mp_int_init(TEMP(last)), last); + + for(;;) { + if((res = mp_int_sqr(TEMP(0), TEMP(1))) != MP_OK) + goto CLEANUP; + + if(mp_int_compare_unsigned(a, TEMP(1)) == 0) break; + + if((res = mp_int_copy(a, TEMP(1))) != MP_OK) + goto CLEANUP; + if((res = mp_int_div(TEMP(1), TEMP(0), TEMP(1), NULL)) != MP_OK) + goto CLEANUP; + if((res = mp_int_add(TEMP(0), TEMP(1), TEMP(1))) != MP_OK) + goto CLEANUP; + if((res = mp_int_div_pow2(TEMP(1), 1, TEMP(1), NULL)) != MP_OK) + goto CLEANUP; + + if(mp_int_compare_unsigned(TEMP(0), TEMP(1)) == 0) break; + if((res = mp_int_sub_value(TEMP(0), 1, TEMP(0))) != MP_OK) goto CLEANUP; + if(mp_int_compare_unsigned(TEMP(0), TEMP(1)) == 0) break; + + if((res = mp_int_copy(TEMP(1), TEMP(0))) != MP_OK) goto CLEANUP; + } + + res = mp_int_copy(TEMP(0), c); + + CLEANUP: + while(--last >= 0) + mp_int_clear(TEMP(last)); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_to_int(z, out) */ + +mp_result mp_int_to_int(mp_int z, int *out) +{ + unsigned int uv = 0; + mp_size uz; + mp_digit *dz; + mp_sign sz; + + CHECK(z != NULL); + + /* Make sure the value is representable as an int */ + sz = MP_SIGN(z); + if((sz == MP_ZPOS && mp_int_compare_value(z, INT_MAX) > 0) || + mp_int_compare_value(z, INT_MIN) < 0) + return MP_RANGE; + + uz = MP_USED(z); + dz = MP_DIGITS(z) + uz - 1; + + while(uz > 0) { + uv <<= MP_DIGIT_BIT/2; + uv = (uv << (MP_DIGIT_BIT/2)) | *dz--; + --uz; + } + + if(out) + *out = (sz == MP_NEG) ? -(int)uv : (int)uv; + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_to_string(z, radix, str, limit) */ + +mp_result mp_int_to_string(mp_int z, mp_size radix, + char *str, int limit) +{ + mp_result res; + int cmp = 0; + + CHECK(z != NULL && str != NULL && limit >= 2); + + if(radix < MP_MIN_RADIX || radix > MP_MAX_RADIX) + return MP_RANGE; + + if(CMPZ(z) == 0) { + *str++ = s_val2ch(0, 1); + } + else { + mpz_t tmp; + char *h, *t; + + if((res = mp_int_init_copy(&tmp, z)) != MP_OK) + return res; + + if(MP_SIGN(z) == MP_NEG) { + *str++ = '-'; + --limit; + } + h = str; + + /* Generate digits in reverse order until finished or limit reached */ + for(/* */; limit > 0; --limit) { + mp_digit d; + + if((cmp = CMPZ(&tmp)) == 0) + break; + + d = s_ddiv(&tmp, (mp_digit)radix); + *str++ = s_val2ch(d, 1); + } + t = str - 1; + + /* Put digits back in correct output order */ + while(h < t) { + char tc = *h; + *h++ = *t; + *t-- = tc; + } + + mp_int_clear(&tmp); + } + + *str = '\0'; + if(cmp == 0) + return MP_OK; + else + return MP_TRUNC; +} + +/* }}} */ + +/* {{{ mp_int_string_len(z, radix) */ + +mp_result mp_int_string_len(mp_int z, mp_size radix) +{ + int len; + + CHECK(z != NULL); + + if(radix < MP_MIN_RADIX || radix > MP_MAX_RADIX) + return MP_RANGE; + + len = s_outlen(z, radix) + 1; /* for terminator */ + + /* Allow for sign marker on negatives */ + if(MP_SIGN(z) == MP_NEG) + len += 1; + + return len; +} + +/* }}} */ + +/* {{{ mp_int_read_string(z, radix, *str) */ + +/* Read zero-terminated string into z */ +mp_result mp_int_read_string(mp_int z, mp_size radix, const char *str) +{ + return mp_int_read_cstring(z, radix, str, NULL); + +} + +/* }}} */ + +/* {{{ mp_int_read_cstring(z, radix, *str, **end) */ + +mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str, char **end) +{ + int ch; + + CHECK(z != NULL && str != NULL); + + if(radix < MP_MIN_RADIX || radix > MP_MAX_RADIX) + return MP_RANGE; + + /* Skip leading whitespace */ + while(isspace((int)*str)) + ++str; + + /* Handle leading sign tag (+/-, positive default) */ + switch(*str) { + case '-': + MP_SIGN(z) = MP_NEG; + ++str; + break; + case '+': + ++str; /* fallthrough */ + default: + MP_SIGN(z) = MP_ZPOS; + break; + } + + /* Skip leading zeroes */ + while((ch = s_ch2val(*str, radix)) == 0) + ++str; + + /* Make sure there is enough space for the value */ + if(!s_pad(z, s_inlen(strlen(str), radix))) + return MP_MEMORY; + + MP_USED(z) = 1; z->digits[0] = 0; + + while(*str != '\0' && ((ch = s_ch2val(*str, radix)) >= 0)) { + s_dmul(z, (mp_digit)radix); + s_dadd(z, (mp_digit)ch); + ++str; + } + + CLAMP(z); + + /* Override sign for zero, even if negative specified. */ + if(CMPZ(z) == 0) + MP_SIGN(z) = MP_ZPOS; + + if(end != NULL) + *end = (char *)str; + + /* Return a truncation error if the string has unprocessed + characters remaining, so the caller can tell if the whole string + was done */ + if(*str != '\0') + return MP_TRUNC; + else + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_count_bits(z) */ + +mp_result mp_int_count_bits(mp_int z) +{ + mp_size nbits = 0, uz; + mp_digit d; + + CHECK(z != NULL); + + uz = MP_USED(z); + if(uz == 1 && z->digits[0] == 0) + return 1; + + --uz; + nbits = uz * MP_DIGIT_BIT; + d = z->digits[uz]; + + while(d != 0) { + d >>= 1; + ++nbits; + } + + return nbits; +} + +/* }}} */ + +/* {{{ mp_int_to_binary(z, buf, limit) */ + +mp_result mp_int_to_binary(mp_int z, unsigned char *buf, int limit) +{ + static const int PAD_FOR_2C = 1; + + mp_result res; + int limpos = limit; + + CHECK(z != NULL && buf != NULL); + + res = s_tobin(z, buf, &limpos, PAD_FOR_2C); + + if(MP_SIGN(z) == MP_NEG) + s_2comp(buf, limpos); + + return res; +} + +/* }}} */ + +/* {{{ mp_int_read_binary(z, buf, len) */ + +mp_result mp_int_read_binary(mp_int z, unsigned char *buf, int len) +{ + mp_size need, i; + unsigned char *tmp; + mp_digit *dz; + + CHECK(z != NULL && buf != NULL && len > 0); + + /* Figure out how many digits are needed to represent this value */ + need = ((len * CHAR_BIT) + (MP_DIGIT_BIT - 1)) / MP_DIGIT_BIT; + if(!s_pad(z, need)) + return MP_MEMORY; + + mp_int_zero(z); + + /* If the high-order bit is set, take the 2's complement before + reading the value (it will be restored afterward) */ + if(buf[0] >> (CHAR_BIT - 1)) { + MP_SIGN(z) = MP_NEG; + s_2comp(buf, len); + } + + dz = MP_DIGITS(z); + for(tmp = buf, i = len; i > 0; --i, ++tmp) { + s_qmul(z, (mp_size) CHAR_BIT); + *dz |= *tmp; + } + + /* Restore 2's complement if we took it before */ + if(MP_SIGN(z) == MP_NEG) + s_2comp(buf, len); + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_binary_len(z) */ + +mp_result mp_int_binary_len(mp_int z) +{ + mp_result res = mp_int_count_bits(z); + int bytes = mp_int_unsigned_len(z); + + if(res <= 0) + return res; + + bytes = (res + (CHAR_BIT - 1)) / CHAR_BIT; + + /* If the highest-order bit falls exactly on a byte boundary, we + need to pad with an extra byte so that the sign will be read + correctly when reading it back in. */ + if(bytes * CHAR_BIT == res) + ++bytes; + + return bytes; +} + +/* }}} */ + +/* {{{ mp_int_to_unsigned(z, buf, limit) */ + +mp_result mp_int_to_unsigned(mp_int z, unsigned char *buf, int limit) +{ + static const int NO_PADDING = 0; + + CHECK(z != NULL && buf != NULL); + + return s_tobin(z, buf, &limit, NO_PADDING); +} + +/* }}} */ + +/* {{{ mp_int_read_unsigned(z, buf, len) */ + +mp_result mp_int_read_unsigned(mp_int z, unsigned char *buf, int len) +{ + mp_size need, i; + unsigned char *tmp; + mp_digit *dz; + + CHECK(z != NULL && buf != NULL && len > 0); + + /* Figure out how many digits are needed to represent this value */ + need = ((len * CHAR_BIT) + (MP_DIGIT_BIT - 1)) / MP_DIGIT_BIT; + if(!s_pad(z, need)) + return MP_MEMORY; + + mp_int_zero(z); + + dz = MP_DIGITS(z); + for(tmp = buf, i = len; i > 0; --i, ++tmp) { + (void) s_qmul(z, CHAR_BIT); + *dz |= *tmp; + } + + return MP_OK; +} + +/* }}} */ + +/* {{{ mp_int_unsigned_len(z) */ + +mp_result mp_int_unsigned_len(mp_int z) +{ + mp_result res = mp_int_count_bits(z); + int bytes; + + if(res <= 0) + return res; + + bytes = (res + (CHAR_BIT - 1)) / CHAR_BIT; + + return bytes; +} + +/* }}} */ + +/* {{{ mp_error_string(res) */ + +const char *mp_error_string(mp_result res) +{ + int ix; + if(res > 0) + return s_unknown_err; + + res = -res; + for(ix = 0; ix < res && s_error_msg[ix] != NULL; ++ix) + ; + + if(s_error_msg[ix] != NULL) + return s_error_msg[ix]; + else + return s_unknown_err; +} + +/* }}} */ + +/*------------------------------------------------------------------------*/ +/* Private functions for internal use. These make assumptions. */ + +/* {{{ s_alloc(num) */ + +static mp_digit *s_alloc(mp_size num) +{ + mp_digit *out = malloc(num * sizeof(mp_digit)); + + assert(out != NULL); /* for debugging */ +#if DEBUG > 1 + { + mp_digit v = (mp_digit) 0xdeadbeef; + int ix; + + for(ix = 0; ix < num; ++ix) + out[ix] = v; + } +#endif + + return out; +} + +/* }}} */ + +/* {{{ s_realloc(old, osize, nsize) */ + +static mp_digit *s_realloc(mp_digit *old, mp_size osize, mp_size nsize) +{ +#if DEBUG > 1 + mp_digit *new = s_alloc(nsize); + int ix; + + for(ix = 0; ix < nsize; ++ix) + new[ix] = (mp_digit) 0xdeadbeef; + + memcpy(new, old, osize * sizeof(mp_digit)); +#else + mp_digit *new = realloc(old, nsize * sizeof(mp_digit)); + + assert(new != NULL); /* for debugging */ +#endif + return new; +} + +/* }}} */ + +/* {{{ s_free(ptr) */ + +static void s_free(void *ptr) +{ + free(ptr); +} + +/* }}} */ + +/* {{{ s_pad(z, min) */ + +static int s_pad(mp_int z, mp_size min) +{ + if(MP_ALLOC(z) < min) { + mp_size nsize = ROUND_PREC(min); + mp_digit *tmp; + + if((void *)z->digits == (void *)z) { + if((tmp = s_alloc(nsize)) == NULL) + return 0; + + COPY(MP_DIGITS(z), tmp, MP_USED(z)); + } + else if((tmp = s_realloc(MP_DIGITS(z), MP_ALLOC(z), nsize)) == NULL) + return 0; + + MP_DIGITS(z) = tmp; + MP_ALLOC(z) = nsize; + } + + return 1; +} + +/* }}} */ + +/* {{{ s_clamp(z) */ + +#if TRACEABLE_CLAMP +static void s_clamp(mp_int z) +{ + mp_size uz = MP_USED(z); + mp_digit *zd = MP_DIGITS(z) + uz - 1; + + while(uz > 1 && (*zd-- == 0)) + --uz; + + MP_USED(z) = uz; +} +#endif + +/* }}} */ + +/* {{{ s_fake(z, value, vbuf) */ + +static void s_fake(mp_int z, int value, mp_digit vbuf[]) +{ + mp_size uv = (mp_size) s_vpack(value, vbuf); + + z->used = uv; + z->alloc = MP_VALUE_DIGITS(value); + z->sign = (value < 0) ? MP_NEG : MP_ZPOS; + z->digits = vbuf; +} + +/* }}} */ + +/* {{{ s_cdig(da, db, len) */ + +static int s_cdig(mp_digit *da, mp_digit *db, mp_size len) +{ + mp_digit *dat = da + len - 1, *dbt = db + len - 1; + + for(/* */; len != 0; --len, --dat, --dbt) { + if(*dat > *dbt) + return 1; + else if(*dat < *dbt) + return -1; + } + + return 0; +} + +/* }}} */ + +/* {{{ s_vpack(v, t[]) */ + +static int s_vpack(int v, mp_digit t[]) +{ + unsigned int uv = (unsigned int)((v < 0) ? -v : v); + int ndig = 0; + + if(uv == 0) + t[ndig++] = 0; + else { + while(uv != 0) { + t[ndig++] = (mp_digit) uv; + uv >>= MP_DIGIT_BIT/2; + uv >>= MP_DIGIT_BIT/2; + } + } + + return ndig; +} + +/* }}} */ + +/* {{{ s_ucmp(a, b) */ + +static int s_ucmp(mp_int a, mp_int b) +{ + mp_size ua = MP_USED(a), ub = MP_USED(b); + + if(ua > ub) + return 1; + else if(ub > ua) + return -1; + else + return s_cdig(MP_DIGITS(a), MP_DIGITS(b), ua); +} + +/* }}} */ + +/* {{{ s_vcmp(a, v) */ + +static int s_vcmp(mp_int a, int v) +{ + mp_digit vdig[MP_VALUE_DIGITS(v)]; + int ndig = 0; + mp_size ua = MP_USED(a); + + ndig = s_vpack(v, vdig); + + if(ua > ndig) + return 1; + else if(ua < ndig) + return -1; + else + return s_cdig(MP_DIGITS(a), vdig, ndig); +} + +/* }}} */ + +/* {{{ s_uadd(da, db, dc, size_a, size_b) */ + +static mp_digit s_uadd(mp_digit *da, mp_digit *db, mp_digit *dc, + mp_size size_a, mp_size size_b) +{ + mp_size pos; + mp_word w = 0; + + /* Insure that da is the longer of the two to simplify later code */ + if(size_b > size_a) { + SWAP(mp_digit *, da, db); + SWAP(mp_size, size_a, size_b); + } + + /* Add corresponding digits until the shorter number runs out */ + for(pos = 0; pos < size_b; ++pos, ++da, ++db, ++dc) { + w = w + (mp_word) *da + (mp_word) *db; + *dc = LOWER_HALF(w); + w = UPPER_HALF(w); + } + + /* Propagate carries as far as necessary */ + for(/* */; pos < size_a; ++pos, ++da, ++dc) { + w = w + *da; + + *dc = LOWER_HALF(w); + w = UPPER_HALF(w); + } + + /* Return carry out */ + return (mp_digit)w; +} + +/* }}} */ + +/* {{{ s_usub(da, db, dc, size_a, size_b) */ + +static void s_usub(mp_digit *da, mp_digit *db, mp_digit *dc, + mp_size size_a, mp_size size_b) +{ + mp_size pos; + mp_word w = 0; + + /* We assume that |a| >= |b| so this should definitely hold */ + assert(size_a >= size_b); + + /* Subtract corresponding digits and propagate borrow */ + for(pos = 0; pos < size_b; ++pos, ++da, ++db, ++dc) { + w = ((mp_word)MP_DIGIT_MAX + 1 + /* MP_RADIX */ + (mp_word)*da) - w - (mp_word)*db; + + *dc = LOWER_HALF(w); + w = (UPPER_HALF(w) == 0); + } + + /* Finish the subtraction for remaining upper digits of da */ + for(/* */; pos < size_a; ++pos, ++da, ++dc) { + w = ((mp_word)MP_DIGIT_MAX + 1 + /* MP_RADIX */ + (mp_word)*da) - w; + + *dc = LOWER_HALF(w); + w = (UPPER_HALF(w) == 0); + } + + /* If there is a borrow out at the end, it violates the precondition */ + assert(w == 0); +} + +/* }}} */ + +/* {{{ s_kmul(da, db, dc, size_a, size_b) */ + +static int s_kmul(mp_digit *da, mp_digit *db, mp_digit *dc, + mp_size size_a, mp_size size_b) +{ + mp_size bot_size; + + /* Make sure b is the smaller of the two input values */ + if(size_b > size_a) { + SWAP(mp_digit *, da, db); + SWAP(mp_size, size_a, size_b); + } + + /* Insure that the bottom is the larger half in an odd-length split; + the code below relies on this being true. + */ + bot_size = (size_a + 1) / 2; + + /* If the values are big enough to bother with recursion, use the + Karatsuba algorithm to compute the product; otherwise use the + normal multiplication algorithm + */ + if(multiply_threshold && + size_a >= multiply_threshold && + size_b > bot_size) { + + mp_digit *t1, *t2, *t3, carry; + + mp_digit *a_top = da + bot_size; + mp_digit *b_top = db + bot_size; + + mp_size at_size = size_a - bot_size; + mp_size bt_size = size_b - bot_size; + mp_size buf_size = 2 * bot_size; + + /* Do a single allocation for all three temporary buffers needed; + each buffer must be big enough to hold the product of two + bottom halves, and one buffer needs space for the completed + product; twice the space is plenty. + */ + if((t1 = s_alloc(4 * buf_size)) == NULL) return 0; + t2 = t1 + buf_size; + t3 = t2 + buf_size; + ZERO(t1, 4 * buf_size); + + /* t1 and t2 are initially used as temporaries to compute the inner product + (a1 + a0)(b1 + b0) = a1b1 + a1b0 + a0b1 + a0b0 + */ + carry = s_uadd(da, a_top, t1, bot_size, at_size); /* t1 = a1 + a0 */ + t1[bot_size] = carry; + + carry = s_uadd(db, b_top, t2, bot_size, bt_size); /* t2 = b1 + b0 */ + t2[bot_size] = carry; + + (void) s_kmul(t1, t2, t3, bot_size + 1, bot_size + 1); /* t3 = t1 * t2 */ + + /* Now we'll get t1 = a0b0 and t2 = a1b1, and subtract them out so that + we're left with only the pieces we want: t3 = a1b0 + a0b1 + */ + ZERO(t1, buf_size); + ZERO(t2, buf_size); + (void) s_kmul(da, db, t1, bot_size, bot_size); /* t1 = a0 * b0 */ + (void) s_kmul(a_top, b_top, t2, at_size, bt_size); /* t2 = a1 * b1 */ + + /* Subtract out t1 and t2 to get the inner product */ + s_usub(t3, t1, t3, buf_size + 2, buf_size); + s_usub(t3, t2, t3, buf_size + 2, buf_size); + + /* Assemble the output value */ + COPY(t1, dc, buf_size); + carry = s_uadd(t3, dc + bot_size, dc + bot_size, + buf_size + 1, buf_size); + assert(carry == 0); + + carry = s_uadd(t2, dc + 2*bot_size, dc + 2*bot_size, + buf_size, buf_size); + assert(carry == 0); + + s_free(t1); /* note t2 and t3 are just internal pointers to t1 */ + } + else { + s_umul(da, db, dc, size_a, size_b); + } + + return 1; +} + +/* }}} */ + +/* {{{ s_umul(da, db, dc, size_a, size_b) */ + +static void s_umul(mp_digit *da, mp_digit *db, mp_digit *dc, + mp_size size_a, mp_size size_b) +{ + mp_size a, b; + mp_word w; + + for(a = 0; a < size_a; ++a, ++dc, ++da) { + mp_digit *dct = dc; + mp_digit *dbt = db; + + if(*da == 0) + continue; + + w = 0; + for(b = 0; b < size_b; ++b, ++dbt, ++dct) { + w = (mp_word)*da * (mp_word)*dbt + w + (mp_word)*dct; + + *dct = LOWER_HALF(w); + w = UPPER_HALF(w); + } + + *dct = (mp_digit)w; + } +} + +/* }}} */ + +/* {{{ s_ksqr(da, dc, size_a) */ + +static int s_ksqr(mp_digit *da, mp_digit *dc, mp_size size_a) +{ + if(multiply_threshold && size_a > multiply_threshold) { + mp_size bot_size = (size_a + 1) / 2; + mp_digit *a_top = da + bot_size; + mp_digit *t1, *t2, *t3, carry; + mp_size at_size = size_a - bot_size; + mp_size buf_size = 2 * bot_size; + + if((t1 = s_alloc(4 * buf_size)) == NULL) return 0; + t2 = t1 + buf_size; + t3 = t2 + buf_size; + ZERO(t1, 4 * buf_size); + + (void) s_ksqr(da, t1, bot_size); /* t1 = a0 ^ 2 */ + (void) s_ksqr(a_top, t2, at_size); /* t2 = a1 ^ 2 */ + + (void) s_kmul(da, a_top, t3, bot_size, at_size); /* t3 = a0 * a1 */ + + /* Quick multiply t3 by 2, shifting left (can't overflow) */ + { + int i, top = bot_size + at_size; + mp_word w, save = 0; + + for(i = 0; i < top; ++i) { + w = t3[i]; + w = (w << 1) | save; + t3[i] = LOWER_HALF(w); + save = UPPER_HALF(w); + } + t3[i] = LOWER_HALF(save); + } + + /* Assemble the output value */ + COPY(t1, dc, 2 * bot_size); + carry = s_uadd(t3, dc + bot_size, dc + bot_size, + buf_size + 1, buf_size); + assert(carry == 0); + + carry = s_uadd(t2, dc + 2*bot_size, dc + 2*bot_size, + buf_size, buf_size); + assert(carry == 0); + + s_free(t1); /* note that t2 and t2 are internal pointers only */ + + } + else { + s_usqr(da, dc, size_a); + } + + return 1; +} + +/* }}} */ + +/* {{{ s_usqr(da, dc, size_a) */ + +static void s_usqr(mp_digit *da, mp_digit *dc, mp_size size_a) +{ + mp_size i, j; + mp_word w; + + for(i = 0; i < size_a; ++i, dc += 2, ++da) { + mp_digit *dct = dc, *dat = da; + + if(*da == 0) + continue; + + /* Take care of the first digit, no rollover */ + w = (mp_word)*dat * (mp_word)*dat + (mp_word)*dct; + *dct = LOWER_HALF(w); + w = UPPER_HALF(w); + ++dat; ++dct; + + for(j = i + 1; j < size_a; ++j, ++dat, ++dct) { + mp_word t = (mp_word)*da * (mp_word)*dat; + mp_word u = w + (mp_word)*dct, ov = 0; + + /* Check if doubling t will overflow a word */ + if(HIGH_BIT_SET(t)) + ov = 1; + + w = t + t; + + /* Check if adding u to w will overflow a word */ + if(ADD_WILL_OVERFLOW(w, u)) + ov = 1; + + w += u; + + *dct = LOWER_HALF(w); + w = UPPER_HALF(w); + if(ov) { + w += MP_DIGIT_MAX; /* MP_RADIX */ + ++w; + } + } + + w = w + *dct; + *dct = (mp_digit)w; + while((w = UPPER_HALF(w)) != 0) { + ++dct; w = w + *dct; + *dct = LOWER_HALF(w); + } + + assert(w == 0); + } +} + +/* }}} */ + +/* {{{ s_dadd(a, b) */ + +static void s_dadd(mp_int a, mp_digit b) +{ + mp_word w = 0; + mp_digit *da = MP_DIGITS(a); + mp_size ua = MP_USED(a); + + w = (mp_word)*da + b; + *da++ = LOWER_HALF(w); + w = UPPER_HALF(w); + + for(ua -= 1; ua > 0; --ua, ++da) { + w = (mp_word)*da + w; + + *da = LOWER_HALF(w); + w = UPPER_HALF(w); + } + + if(w) { + *da = (mp_digit)w; + MP_USED(a) += 1; + } +} + +/* }}} */ + +/* {{{ s_dmul(a, b) */ + +static void s_dmul(mp_int a, mp_digit b) +{ + mp_word w = 0; + mp_digit *da = MP_DIGITS(a); + mp_size ua = MP_USED(a); + + while(ua > 0) { + w = (mp_word)*da * b + w; + *da++ = LOWER_HALF(w); + w = UPPER_HALF(w); + --ua; + } + + if(w) { + *da = (mp_digit)w; + MP_USED(a) += 1; + } +} + +/* }}} */ + +/* {{{ s_dbmul(da, b, dc, size_a) */ + +static void s_dbmul(mp_digit *da, mp_digit b, mp_digit *dc, mp_size size_a) +{ + mp_word w = 0; + + while(size_a > 0) { + w = (mp_word)*da++ * (mp_word)b + w; + + *dc++ = LOWER_HALF(w); + w = UPPER_HALF(w); + --size_a; + } + + if(w) + *dc = LOWER_HALF(w); +} + +/* }}} */ + +/* {{{ s_ddiv(da, d, dc, size_a) */ + +static mp_digit s_ddiv(mp_int a, mp_digit b) +{ + mp_word w = 0, qdigit; + mp_size ua = MP_USED(a); + mp_digit *da = MP_DIGITS(a) + ua - 1; + + for(/* */; ua > 0; --ua, --da) { + w = (w << MP_DIGIT_BIT) | *da; + + if(w >= b) { + qdigit = w / b; + w = w % b; + } + else { + qdigit = 0; + } + + *da = (mp_digit)qdigit; + } + + CLAMP(a); + return (mp_digit)w; +} + +/* }}} */ + +/* {{{ s_qdiv(z, p2) */ + +static void s_qdiv(mp_int z, mp_size p2) +{ + mp_size ndig = p2 / MP_DIGIT_BIT, nbits = p2 % MP_DIGIT_BIT; + mp_size uz = MP_USED(z); + + if(ndig) { + mp_size mark; + mp_digit *to, *from; + + if(ndig >= uz) { + mp_int_zero(z); + return; + } + + to = MP_DIGITS(z); from = to + ndig; + + for(mark = ndig; mark < uz; ++mark) + *to++ = *from++; + + MP_USED(z) = uz - ndig; + } + + if(nbits) { + mp_digit d = 0, *dz, save; + mp_size up = MP_DIGIT_BIT - nbits; + + uz = MP_USED(z); + dz = MP_DIGITS(z) + uz - 1; + + for(/* */; uz > 0; --uz, --dz) { + save = *dz; + + *dz = (*dz >> nbits) | (d << up); + d = save; + } + + CLAMP(z); + } + + if(MP_USED(z) == 1 && z->digits[0] == 0) + MP_SIGN(z) = MP_ZPOS; +} + +/* }}} */ + +/* {{{ s_qmod(z, p2) */ + +static void s_qmod(mp_int z, mp_size p2) +{ + mp_size start = p2 / MP_DIGIT_BIT + 1, rest = p2 % MP_DIGIT_BIT; + mp_size uz = MP_USED(z); + mp_digit mask = (1 << rest) - 1; + + if(start <= uz) { + MP_USED(z) = start; + z->digits[start - 1] &= mask; + CLAMP(z); + } +} + +/* }}} */ + +/* {{{ s_qmul(z, p2) */ + +static int s_qmul(mp_int z, mp_size p2) +{ + mp_size uz, need, rest, extra, i; + mp_digit *from, *to, d; + + if(p2 == 0) + return 1; + + uz = MP_USED(z); + need = p2 / MP_DIGIT_BIT; rest = p2 % MP_DIGIT_BIT; + + /* Figure out if we need an extra digit at the top end; this occurs + if the topmost `rest' bits of the high-order digit of z are not + zero, meaning they will be shifted off the end if not preserved */ + extra = 0; + if(rest != 0) { + mp_digit *dz = MP_DIGITS(z) + uz - 1; + + if((*dz >> (MP_DIGIT_BIT - rest)) != 0) + extra = 1; + } + + if(!s_pad(z, uz + need + extra)) + return 0; + + /* If we need to shift by whole digits, do that in one pass, then + to back and shift by partial digits. + */ + if(need > 0) { + from = MP_DIGITS(z) + uz - 1; + to = from + need; + + for(i = 0; i < uz; ++i) + *to-- = *from--; + + ZERO(MP_DIGITS(z), need); + uz += need; + } + + if(rest) { + d = 0; + for(i = need, from = MP_DIGITS(z) + need; i < uz; ++i, ++from) { + mp_digit save = *from; + + *from = (*from << rest) | (d >> (MP_DIGIT_BIT - rest)); + d = save; + } + + d >>= (MP_DIGIT_BIT - rest); + if(d != 0) { + *from = d; + uz += extra; + } + } + + MP_USED(z) = uz; + CLAMP(z); + + return 1; +} + +/* }}} */ + +/* {{{ s_qsub(z, p2) */ + +/* Compute z = 2^p2 - |z|; requires that 2^p2 >= |z| + The sign of the result is always zero/positive. + */ +static int s_qsub(mp_int z, mp_size p2) +{ + mp_digit hi = (1 << (p2 % MP_DIGIT_BIT)), *zp; + mp_size tdig = (p2 / MP_DIGIT_BIT), pos; + mp_word w = 0; + + if(!s_pad(z, tdig + 1)) + return 0; + + for(pos = 0, zp = MP_DIGITS(z); pos < tdig; ++pos, ++zp) { + w = ((mp_word) MP_DIGIT_MAX + 1) - w - (mp_word)*zp; + + *zp = LOWER_HALF(w); + w = UPPER_HALF(w) ? 0 : 1; + } + + w = ((mp_word) MP_DIGIT_MAX + 1 + hi) - w - (mp_word)*zp; + *zp = LOWER_HALF(w); + + assert(UPPER_HALF(w) != 0); /* no borrow out should be possible */ + + MP_SIGN(z) = MP_ZPOS; + CLAMP(z); + + return 1; +} + +/* }}} */ + +/* {{{ s_dp2k(z) */ + +static int s_dp2k(mp_int z) +{ + int k = 0; + mp_digit *dp = MP_DIGITS(z), d; + + if(MP_USED(z) == 1 && *dp == 0) + return 1; + + while(*dp == 0) { + k += MP_DIGIT_BIT; + ++dp; + } + + d = *dp; + while((d & 1) == 0) { + d >>= 1; + ++k; + } + + return k; +} + +/* }}} */ + +/* {{{ s_isp2(z) */ + +static int s_isp2(mp_int z) +{ + mp_size uz = MP_USED(z), k = 0; + mp_digit *dz = MP_DIGITS(z), d; + + while(uz > 1) { + if(*dz++ != 0) + return -1; + k += MP_DIGIT_BIT; + --uz; + } + + d = *dz; + while(d > 1) { + if(d & 1) + return -1; + ++k; d >>= 1; + } + + return (int) k; +} + +/* }}} */ + +/* {{{ s_2expt(z, k) */ + +static int s_2expt(mp_int z, int k) +{ + mp_size ndig, rest; + mp_digit *dz; + + ndig = (k + MP_DIGIT_BIT) / MP_DIGIT_BIT; + rest = k % MP_DIGIT_BIT; + + if(!s_pad(z, ndig)) + return 0; + + dz = MP_DIGITS(z); + ZERO(dz, ndig); + *(dz + ndig - 1) = (1 << rest); + MP_USED(z) = ndig; + + return 1; +} + +/* }}} */ + +/* {{{ s_norm(a, b) */ + +static int s_norm(mp_int a, mp_int b) +{ + mp_digit d = b->digits[MP_USED(b) - 1]; + int k = 0; + + while(d < (mp_digit) (1 << (MP_DIGIT_BIT - 1))) { /* d < (MP_RADIX / 2) */ + d <<= 1; + ++k; + } + + /* These multiplications can't fail */ + if(k != 0) { + (void) s_qmul(a, (mp_size) k); + (void) s_qmul(b, (mp_size) k); + } + + return k; +} + +/* }}} */ + +/* {{{ s_brmu(z, m) */ + +static mp_result s_brmu(mp_int z, mp_int m) +{ + mp_size um = MP_USED(m) * 2; + + if(!s_pad(z, um)) + return MP_MEMORY; + + s_2expt(z, MP_DIGIT_BIT * um); + return mp_int_div(z, m, z, NULL); +} + +/* }}} */ + +/* {{{ s_reduce(x, m, mu, q1, q2) */ + +static int s_reduce(mp_int x, mp_int m, mp_int mu, mp_int q1, mp_int q2) +{ + mp_size um = MP_USED(m), umb_p1, umb_m1; + + umb_p1 = (um + 1) * MP_DIGIT_BIT; + umb_m1 = (um - 1) * MP_DIGIT_BIT; + + if(mp_int_copy(x, q1) != MP_OK) + return 0; + + /* Compute q2 = floor((floor(x / b^(k-1)) * mu) / b^(k+1)) */ + s_qdiv(q1, umb_m1); + UMUL(q1, mu, q2); + s_qdiv(q2, umb_p1); + + /* Set x = x mod b^(k+1) */ + s_qmod(x, umb_p1); + + /* Now, q is a guess for the quotient a / m. + Compute x - q * m mod b^(k+1), replacing x. This may be off + by a factor of 2m, but no more than that. + */ + UMUL(q2, m, q1); + s_qmod(q1, umb_p1); + (void) mp_int_sub(x, q1, x); /* can't fail */ + + /* The result may be < 0; if it is, add b^(k+1) to pin it in the + proper range. */ + if((CMPZ(x) < 0) && !s_qsub(x, umb_p1)) + return 0; + + /* If x > m, we need to back it off until it is in range. + This will be required at most twice. */ + if(mp_int_compare(x, m) >= 0) { + (void) mp_int_sub(x, m, x); + if(mp_int_compare(x, m) >= 0) + (void) mp_int_sub(x, m, x); + } + + /* At this point, x has been properly reduced. */ + return 1; +} + +/* }}} */ + +/* {{{ s_embar(a, b, m, mu, c) */ + +/* Perform modular exponentiation using Barrett's method, where mu is + the reduction constant for m. Assumes a < m, b > 0. */ +static mp_result s_embar(mp_int a, mp_int b, mp_int m, mp_int mu, mp_int c) +{ + mp_digit *db, *dbt, umu, d; + mpz_t temp[3]; + mp_result res; + int last = 0; + + umu = MP_USED(mu); db = MP_DIGITS(b); dbt = db + MP_USED(b) - 1; + + while(last < 3) { + SETUP(mp_int_init_size(TEMP(last), 4 * umu), last); + ZERO(MP_DIGITS(TEMP(last - 1)), MP_ALLOC(TEMP(last - 1))); + } + + (void) mp_int_set_value(c, 1); + + /* Take care of low-order digits */ + while(db < dbt) { + int i; + + for(d = *db, i = MP_DIGIT_BIT; i > 0; --i, d >>= 1) { + if(d & 1) { + /* The use of a second temporary avoids allocation */ + UMUL(c, a, TEMP(0)); + if(!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) { + res = MP_MEMORY; goto CLEANUP; + } + mp_int_copy(TEMP(0), c); + } + + + USQR(a, TEMP(0)); + assert(MP_SIGN(TEMP(0)) == MP_ZPOS); + if(!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) { + res = MP_MEMORY; goto CLEANUP; + } + assert(MP_SIGN(TEMP(0)) == MP_ZPOS); + mp_int_copy(TEMP(0), a); + + + } + + ++db; + } + + /* Take care of highest-order digit */ + d = *dbt; + for(;;) { + if(d & 1) { + UMUL(c, a, TEMP(0)); + if(!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) { + res = MP_MEMORY; goto CLEANUP; + } + mp_int_copy(TEMP(0), c); + } + + d >>= 1; + if(!d) break; + + USQR(a, TEMP(0)); + if(!s_reduce(TEMP(0), m, mu, TEMP(1), TEMP(2))) { + res = MP_MEMORY; goto CLEANUP; + } + (void) mp_int_copy(TEMP(0), a); + } + + CLEANUP: + while(--last >= 0) + mp_int_clear(TEMP(last)); + + return res; +} + +/* }}} */ + +/* {{{ s_udiv(a, b) */ + +/* Precondition: a >= b and b > 0 + Postcondition: a' = a / b, b' = a % b + */ +static mp_result s_udiv(mp_int a, mp_int b) +{ + mpz_t q, r, t; + mp_size ua, ub, qpos = 0; + mp_digit *da, btop; + mp_result res = MP_OK; + int k, skip = 0; + + /* Force signs to positive */ + MP_SIGN(a) = MP_ZPOS; + MP_SIGN(b) = MP_ZPOS; + + /* Normalize, per Knuth */ + k = s_norm(a, b); + + ua = MP_USED(a); ub = MP_USED(b); btop = b->digits[ub - 1]; + if((res = mp_int_init_size(&q, ua)) != MP_OK) return res; + if((res = mp_int_init_size(&t, ua + 1)) != MP_OK) goto CLEANUP; + + da = MP_DIGITS(a); + r.digits = da + ua - 1; /* The contents of r are shared with a */ + r.used = 1; + r.sign = MP_ZPOS; + r.alloc = MP_ALLOC(a); + ZERO(t.digits, t.alloc); + + /* Solve for quotient digits, store in q.digits in reverse order */ + while(r.digits >= da) { + assert(qpos <= q.alloc); + + if(s_ucmp(b, &r) > 0) { + r.digits -= 1; + r.used += 1; + + if(++skip > 1 && qpos > 0) + q.digits[qpos++] = 0; + + CLAMP(&r); + } + else { + mp_word pfx = r.digits[r.used - 1]; + mp_word qdigit; + + if(r.used > 1 && pfx <= btop) { + pfx <<= MP_DIGIT_BIT / 2; + pfx <<= MP_DIGIT_BIT / 2; + pfx |= r.digits[r.used - 2]; + } + + qdigit = pfx / btop; + if(qdigit > MP_DIGIT_MAX) { + if(qdigit & MP_DIGIT_MAX) + qdigit = MP_DIGIT_MAX; + else + qdigit = 1; + } + + s_dbmul(MP_DIGITS(b), (mp_digit) qdigit, t.digits, ub); + t.used = ub + 1; CLAMP(&t); + while(s_ucmp(&t, &r) > 0) { + --qdigit; + (void) mp_int_sub(&t, b, &t); /* cannot fail */ + } + + s_usub(r.digits, t.digits, r.digits, r.used, t.used); + CLAMP(&r); + + q.digits[qpos++] = (mp_digit) qdigit; + ZERO(t.digits, t.used); + skip = 0; + } + } + + /* Put quotient digits in the correct order, and discard extra zeroes */ + q.used = qpos; + REV(mp_digit, q.digits, qpos); + CLAMP(&q); + + /* Denormalize the remainder */ + CLAMP(a); + if(k != 0) + s_qdiv(a, k); + + mp_int_copy(a, b); /* ok: 0 <= r < b */ + mp_int_copy(&q, a); /* ok: q <= a */ + + mp_int_clear(&t); + CLEANUP: + mp_int_clear(&q); + return res; +} + +/* }}} */ + +/* {{{ s_outlen(z, r) */ + +/* Precondition: 2 <= r < 64 */ +static int s_outlen(mp_int z, mp_size r) +{ + mp_result bits; + double raw; + + bits = mp_int_count_bits(z); + raw = (double)bits * s_log2[r]; + + return (int)(raw + 0.999999); +} + +/* }}} */ + +/* {{{ s_inlen(len, r) */ + +static mp_size s_inlen(int len, mp_size r) +{ + double raw = (double)len / s_log2[r]; + mp_size bits = (mp_size)(raw + 0.5); + + return (mp_size)((bits + (MP_DIGIT_BIT - 1)) / MP_DIGIT_BIT); +} + +/* }}} */ + +/* {{{ s_ch2val(c, r) */ + +static int s_ch2val(char c, int r) +{ + int out; + + if(isdigit((unsigned char) c)) + out = c - '0'; + else if(r > 10 && isalpha((unsigned char) c)) + out = toupper(c) - 'A' + 10; + else + return -1; + + return (out >= r) ? -1 : out; +} + +/* }}} */ + +/* {{{ s_val2ch(v, caps) */ + +static char s_val2ch(int v, int caps) +{ + assert(v >= 0); + + if(v < 10) + return v + '0'; + else { + char out = (v - 10) + 'a'; + + if(caps) + return toupper(out); + else + return out; + } +} + +/* }}} */ + +/* {{{ s_2comp(buf, len) */ + +static void s_2comp(unsigned char *buf, int len) +{ + int i; + unsigned short s = 1; + + for(i = len - 1; i >= 0; --i) { + unsigned char c = ~buf[i]; + + s = c + s; + c = s & UCHAR_MAX; + s >>= CHAR_BIT; + + buf[i] = c; + } + + /* last carry out is ignored */ +} + +/* }}} */ + +/* {{{ s_tobin(z, buf, *limpos) */ + +static mp_result s_tobin(mp_int z, unsigned char *buf, int *limpos, int pad) +{ + mp_size uz; + mp_digit *dz; + int pos = 0, limit = *limpos; + + uz = MP_USED(z); dz = MP_DIGITS(z); + while(uz > 0 && pos < limit) { + mp_digit d = *dz++; + int i; + + for(i = sizeof(mp_digit); i > 0 && pos < limit; --i) { + buf[pos++] = (unsigned char)d; + d >>= CHAR_BIT; + + /* Don't write leading zeroes */ + if(d == 0 && uz == 1) + i = 0; /* exit loop without signaling truncation */ + } + + /* Detect truncation (loop exited with pos >= limit) */ + if(i > 0) break; + + --uz; + } + + if(pad != 0 && (buf[pos - 1] >> (CHAR_BIT - 1))) { + if(pos < limit) + buf[pos++] = 0; + else + uz = 1; + } + + /* Digits are in reverse order, fix that */ + REV(unsigned char, buf, pos); + + /* Return the number of bytes actually written */ + *limpos = pos; + + return (uz == 0) ? MP_OK : MP_TRUNC; +} + +/* }}} */ + +/* {{{ s_print(tag, z) */ + +#if DEBUG +void s_print(char *tag, mp_int z) +{ + int i; + + fprintf(stderr, "%s: %c ", tag, + (MP_SIGN(z) == MP_NEG) ? '-' : '+'); + + for(i = MP_USED(z) - 1; i >= 0; --i) + fprintf(stderr, "%0*X", (int)(MP_DIGIT_BIT / 4), z->digits[i]); + + fputc('\n', stderr); + +} + +void s_print_buf(char *tag, mp_digit *buf, mp_size num) +{ + int i; + + fprintf(stderr, "%s: ", tag); + + for(i = num - 1; i >= 0; --i) + fprintf(stderr, "%0*X", (int)(MP_DIGIT_BIT / 4), buf[i]); + + fputc('\n', stderr); +} +#endif + +/* }}} */ + +/* HERE THERE BE DRAGONS */ diff --git a/source4/heimdal/lib/hcrypto/imath/imath.h b/source4/heimdal/lib/hcrypto/imath/imath.h new file mode 100755 index 0000000000..f13c09d1a2 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/imath/imath.h @@ -0,0 +1,220 @@ +/* + Name: imath.h + Purpose: Arbitrary precision integer arithmetic routines. + Author: M. J. Fromberger + Info: $Id: imath.h 20764 2007-06-01 03:55:14Z lha $ + + Copyright (C) 2002-2007 Michael J. Fromberger, All Rights Reserved. + + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation files + (the "Software"), to deal in the Software without restriction, + including without limitation the rights to use, copy, modify, merge, + publish, distribute, sublicense, and/or sell copies of the Software, + and to permit persons to whom the Software is furnished to do so, + subject to the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + */ + +#ifndef IMATH_H_ +#define IMATH_H_ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef unsigned char mp_sign; +typedef unsigned int mp_size; +typedef int mp_result; +#ifdef USE_LONG_LONG +typedef unsigned int mp_digit; +typedef unsigned long long mp_word; +#else +typedef unsigned short mp_digit; +typedef unsigned int mp_word; +#endif + +typedef struct mpz { + mp_digit single; + mp_digit *digits; + mp_size alloc; + mp_size used; + mp_sign sign; +} mpz_t, *mp_int; + +#define MP_DIGITS(Z) ((Z)->digits) +#define MP_ALLOC(Z) ((Z)->alloc) +#define MP_USED(Z) ((Z)->used) +#define MP_SIGN(Z) ((Z)->sign) + +extern const mp_result MP_OK; +extern const mp_result MP_FALSE; +extern const mp_result MP_TRUE; +extern const mp_result MP_MEMORY; +extern const mp_result MP_RANGE; +extern const mp_result MP_UNDEF; +extern const mp_result MP_TRUNC; +extern const mp_result MP_BADARG; + +#define MP_DIGIT_BIT (sizeof(mp_digit) * CHAR_BIT) +#define MP_WORD_BIT (sizeof(mp_word) * CHAR_BIT) + +#ifdef USE_LONG_LONG +# ifndef ULONG_LONG_MAX +# ifdef ULLONG_MAX +# define ULONG_LONG_MAX ULLONG_MAX +# else +# error "Maximum value of unsigned long long not defined!" +# endif +# endif +# define MP_DIGIT_MAX (ULONG_MAX * 1ULL) +# define MP_WORD_MAX ULONG_LONG_MAX +#else +# define MP_DIGIT_MAX (USHRT_MAX * 1UL) +# define MP_WORD_MAX (UINT_MAX * 1UL) +#endif + +#define MP_MIN_RADIX 2 +#define MP_MAX_RADIX 36 + +/* Values with fewer than this many significant digits use the + standard multiplication algorithm; otherwise, a recursive algorithm + is used. Choose a value to suit your platform. + */ +#define MP_MULT_THRESH 22 + +#define MP_DEFAULT_PREC 8 /* default memory allocation, in digits */ + +extern const mp_sign MP_NEG; +extern const mp_sign MP_ZPOS; + +#define mp_int_is_odd(Z) ((Z)->digits[0] & 1) +#define mp_int_is_even(Z) !((Z)->digits[0] & 1) + +mp_result mp_int_init(mp_int z); +mp_int mp_int_alloc(void); +mp_result mp_int_init_size(mp_int z, mp_size prec); +mp_result mp_int_init_copy(mp_int z, mp_int old); +mp_result mp_int_init_value(mp_int z, int value); +mp_result mp_int_set_value(mp_int z, int value); +void mp_int_clear(mp_int z); +void mp_int_free(mp_int z); + +mp_result mp_int_copy(mp_int a, mp_int c); /* c = a */ +void mp_int_swap(mp_int a, mp_int c); /* swap a, c */ +void mp_int_zero(mp_int z); /* z = 0 */ +mp_result mp_int_abs(mp_int a, mp_int c); /* c = |a| */ +mp_result mp_int_neg(mp_int a, mp_int c); /* c = -a */ +mp_result mp_int_add(mp_int a, mp_int b, mp_int c); /* c = a + b */ +mp_result mp_int_add_value(mp_int a, int value, mp_int c); +mp_result mp_int_sub(mp_int a, mp_int b, mp_int c); /* c = a - b */ +mp_result mp_int_sub_value(mp_int a, int value, mp_int c); +mp_result mp_int_mul(mp_int a, mp_int b, mp_int c); /* c = a * b */ +mp_result mp_int_mul_value(mp_int a, int value, mp_int c); +mp_result mp_int_mul_pow2(mp_int a, int p2, mp_int c); +mp_result mp_int_sqr(mp_int a, mp_int c); /* c = a * a */ +mp_result mp_int_div(mp_int a, mp_int b, /* q = a / b */ + mp_int q, mp_int r); /* r = a % b */ +mp_result mp_int_div_value(mp_int a, int value, /* q = a / value */ + mp_int q, int *r); /* r = a % value */ +mp_result mp_int_div_pow2(mp_int a, int p2, /* q = a / 2^p2 */ + mp_int q, mp_int r); /* r = q % 2^p2 */ +mp_result mp_int_mod(mp_int a, mp_int m, mp_int c); /* c = a % m */ +#define mp_int_mod_value(A, V, R) mp_int_div_value((A), (V), 0, (R)) +mp_result mp_int_expt(mp_int a, int b, mp_int c); /* c = a^b */ +mp_result mp_int_expt_value(int a, int b, mp_int c); /* c = a^b */ + +int mp_int_compare(mp_int a, mp_int b); /* a <=> b */ +int mp_int_compare_unsigned(mp_int a, mp_int b); /* |a| <=> |b| */ +int mp_int_compare_zero(mp_int z); /* a <=> 0 */ +int mp_int_compare_value(mp_int z, int value); /* a <=> v */ + +/* Returns true if v|a, false otherwise (including errors) */ +int mp_int_divisible_value(mp_int a, int v); + +/* Returns k >= 0 such that z = 2^k, if one exists; otherwise < 0 */ +int mp_int_is_pow2(mp_int z); + +mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m, + mp_int c); /* c = a^b (mod m) */ +mp_result mp_int_exptmod_evalue(mp_int a, int value, + mp_int m, mp_int c); /* c = a^v (mod m) */ +mp_result mp_int_exptmod_bvalue(int value, mp_int b, + mp_int m, mp_int c); /* c = v^b (mod m) */ +mp_result mp_int_exptmod_known(mp_int a, mp_int b, + mp_int m, mp_int mu, + mp_int c); /* c = a^b (mod m) */ +mp_result mp_int_redux_const(mp_int m, mp_int c); + +mp_result mp_int_invmod(mp_int a, mp_int m, mp_int c); /* c = 1/a (mod m) */ + +mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c); /* c = gcd(a, b) */ + +mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, /* c = gcd(a, b) */ + mp_int x, mp_int y); /* c = ax + by */ + +mp_result mp_int_sqrt(mp_int a, mp_int c); /* c = floor(sqrt(q)) */ + +/* Convert to an int, if representable (returns MP_RANGE if not). */ +mp_result mp_int_to_int(mp_int z, int *out); + +/* Convert to nul-terminated string with the specified radix, writing at + most limit characters including the nul terminator */ +mp_result mp_int_to_string(mp_int z, mp_size radix, + char *str, int limit); + +/* Return the number of characters required to represent + z in the given radix. May over-estimate. */ +mp_result mp_int_string_len(mp_int z, mp_size radix); + +/* Read zero-terminated string into z */ +mp_result mp_int_read_string(mp_int z, mp_size radix, const char *str); +mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str, + char **end); + +/* Return the number of significant bits in z */ +mp_result mp_int_count_bits(mp_int z); + +/* Convert z to two's complement binary, writing at most limit bytes */ +mp_result mp_int_to_binary(mp_int z, unsigned char *buf, int limit); + +/* Read a two's complement binary value into z from the given buffer */ +mp_result mp_int_read_binary(mp_int z, unsigned char *buf, int len); + +/* Return the number of bytes required to represent z in binary. */ +mp_result mp_int_binary_len(mp_int z); + +/* Convert z to unsigned binary, writing at most limit bytes */ +mp_result mp_int_to_unsigned(mp_int z, unsigned char *buf, int limit); + +/* Read an unsigned binary value into z from the given buffer */ +mp_result mp_int_read_unsigned(mp_int z, unsigned char *buf, int len); + +/* Return the number of bytes required to represent z as unsigned output */ +mp_result mp_int_unsigned_len(mp_int z); + +/* Return a statically allocated string describing error code res */ +const char *mp_error_string(mp_result res); + +#if DEBUG +void s_print(char *tag, mp_int z); +void s_print_buf(char *tag, mp_digit *buf, mp_size num); +#endif + +#ifdef __cplusplus +} +#endif +#endif /* end IMATH_H_ */ diff --git a/source4/heimdal/lib/hcrypto/imath/iprime.c b/source4/heimdal/lib/hcrypto/imath/iprime.c new file mode 100755 index 0000000000..6313bab1b7 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/imath/iprime.c @@ -0,0 +1,186 @@ +/* + Name: iprime.c + Purpose: Pseudoprimality testing routines + Author: M. J. Fromberger + Info: $Id: iprime.c 19737 2007-01-05 21:01:48Z lha $ + + Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved. + + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation files + (the "Software"), to deal in the Software without restriction, + including without limitation the rights to use, copy, modify, merge, + publish, distribute, sublicense, and/or sell copies of the Software, + and to permit persons to whom the Software is furnished to do so, + subject to the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + */ + +#include "iprime.h" +#include + +static const int s_ptab[] = { + 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, + 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, + 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, + 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, + 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, + 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, + 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, + 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, + 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, + 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, + 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, + 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, + 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, + 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, + 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, + 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, + 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, + 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, + 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, + 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277, + 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, + 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399, + 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, + 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, + 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559, + 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609, + 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, + 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733, + 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789, + 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, + 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931, + 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997, + 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, + 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, + 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161, + 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, + 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297, + 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, + 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, + 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473, + 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, + 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, + 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687, + 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729, + 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, + 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851, + 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917, + 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999, + 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, + 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137, + 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209, + 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, + 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331, + 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391, + 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467, + 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, + 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583, + 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643, + 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709, + 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, + 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851, + 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917, + 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, + 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049, + 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111, + 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177, + 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, + 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297, + 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391, + 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457, + 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, + 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597, + 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657, + 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, + 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799, + 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, + 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, + 4957, 4967, 4969, 4973, 4987, 4993, 4999 +}; +static const int s_ptab_size = sizeof(s_ptab)/sizeof(s_ptab[0]); + + +/* {{{ mp_int_is_prime(z) */ + +/* Test whether z is likely to be prime: + MP_TRUE means it is probably prime + MP_FALSE means it is definitely composite + */ +mp_result mp_int_is_prime(mp_int z) +{ + int i, rem; + mp_result res; + + /* First check for divisibility by small primes; this eliminates a + large number of composite candidates quickly + */ + for(i = 0; i < s_ptab_size; ++i) { + if((res = mp_int_div_value(z, s_ptab[i], NULL, &rem)) != MP_OK) + return res; + + if(rem == 0) + return MP_FALSE; + } + + /* Now try Fermat's test for several prime witnesses (since we now + know from the above that z is not a multiple of any of them) + */ + { + mpz_t tmp; + + if((res = mp_int_init(&tmp)) != MP_OK) return res; + + for(i = 0; i < 10 && i < s_ptab_size; ++i) { + if((res = mp_int_exptmod_bvalue(s_ptab[i], z, z, &tmp)) != MP_OK) + return res; + + if(mp_int_compare_value(&tmp, s_ptab[i]) != 0) { + mp_int_clear(&tmp); + return MP_FALSE; + } + } + + mp_int_clear(&tmp); + } + + return MP_TRUE; +} + +/* }}} */ + +/* {{{ mp_int_find_prime(z) */ + +/* Find the first apparent prime in ascending order from z */ +mp_result mp_int_find_prime(mp_int z) +{ + mp_result res; + + if(mp_int_is_even(z) && ((res = mp_int_add_value(z, 1, z)) != MP_OK)) + return res; + + while((res = mp_int_is_prime(z)) == MP_FALSE) { + if((res = mp_int_add_value(z, 2, z)) != MP_OK) + break; + + } + + return res; +} + +/* }}} */ + +/* Here there be dragons */ diff --git a/source4/heimdal/lib/hcrypto/imath/iprime.h b/source4/heimdal/lib/hcrypto/imath/iprime.h new file mode 100755 index 0000000000..c935cdc111 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/imath/iprime.h @@ -0,0 +1,51 @@ +/* + Name: iprime.h + Purpose: Pseudoprimality testing routines + Author: M. J. Fromberger + Info: $Id: iprime.h 18759 2006-10-21 16:32:36Z lha $ + + Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved. + + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation files + (the "Software"), to deal in the Software without restriction, + including without limitation the rights to use, copy, modify, merge, + publish, distribute, sublicense, and/or sell copies of the Software, + and to permit persons to whom the Software is furnished to do so, + subject to the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + */ + +#ifndef IPRIME_H_ +#define IPRIME_H_ + +#include "imath.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* Test whether z is likely to be prime + MP_YES means it is probably prime + MP_NO means it is definitely composite + */ +mp_result mp_int_is_prime(mp_int z); + +/* Find the first apparent prime in ascending order from z */ +mp_result mp_int_find_prime(mp_int z); + +#ifdef __cplusplus +} +#endif +#endif /* IPRIME_H_ */ diff --git a/source4/heimdal/lib/hcrypto/md2.c b/source4/heimdal/lib/hcrypto/md2.c new file mode 100644 index 0000000000..84b66c225f --- /dev/null +++ b/source4/heimdal/lib/hcrypto/md2.c @@ -0,0 +1,138 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: md2.c 16480 2006-01-08 21:47:29Z lha $"); +#endif + +#include "hash.h" +#include "md2.h" + +static const unsigned char subst[256] = { + 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6, + 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188, + 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24, + 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251, + 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63, + 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50, + 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165, + 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210, + 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157, + 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27, + 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15, + 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197, + 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65, + 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123, + 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233, + 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228, + 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237, + 31, 26, 219, 153, 141, 51, 159, 17, 131, 20 +}; + +void +MD2_Init (struct md2 *m) +{ + memset(m, 0, sizeof(*m)); +} + +static void +calc(struct md2 *m, const void *v) +{ + unsigned char x[48], L; + const unsigned char *p = v; + int i, j, t; + + L = m->checksum[15]; + for (i = 0; i < 16; i++) + L = m->checksum[i] ^= subst[p[i] ^ L]; + + for (i = 0; i < 16; i++) { + x[i] = m->state[i]; + x[i + 16] = p[i]; + x[i + 32] = x[i] ^ p[i]; + } + + t = 0; + for (i = 0; i < 18; i++) { + for (j = 0; j < 48; j++) + t = x[j] ^= subst[t]; + t = (t + i) & 0xff; + } + + memcpy(m->state, x, 16); + memset(x, 0, sizeof(x)); +} + +void +MD2_Update (struct md2 *m, const void *v, size_t len) +{ + size_t idx = m->len & 0xf; + const unsigned char *p = v; + + m->len += len; + if (len + idx >= 16) { + if (idx) { + memcpy(m->data + idx, p, 16 - idx); + calc(m, m->data); + p += 16; + len -= 16 - idx; + } + while (len >= 16) { + calc(m, p); + p += 16; + len -= 16; + } + idx = 0; + } + + memcpy(m->data + idx, p, len); +} + +void +MD2_Final (void *res, struct md2 *m) +{ + unsigned char pad[16]; + size_t padlen; + + padlen = 16 - (m->len % 16); + memset(pad, padlen, padlen); + + MD2_Update(m, pad, padlen); + memcpy(pad, m->checksum, 16); + MD2_Update(m, pad, 16); + + memcpy(res, m->state, MD2_DIGEST_LENGTH); + memset(m, 0, sizeof(m)); +} diff --git a/source4/heimdal/lib/hcrypto/md2.h b/source4/heimdal/lib/hcrypto/md2.h new file mode 100644 index 0000000000..cf3960b935 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/md2.h @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: md2.h 16480 2006-01-08 21:47:29Z lha $ */ + +#ifndef HEIM_MD2_H +#define HEIM_MD2_H 1 + +/* symbol renaming */ +#define MD2_Init hc_MD2_Init +#define MD2_Update hc_MD2_Update +#define MD2_Final hc_MD2_Final + +/* + * + */ + +#define MD2_DIGEST_LENGTH 16 + +struct md2 { + size_t len; + unsigned char data[16]; /* stored unalligned data between Update's */ + unsigned char checksum[16]; + unsigned char state[16]; /* lower 16 bytes of X */ +}; + +typedef struct md2 MD2_CTX; + +void MD2_Init (struct md2 *m); +void MD2_Update (struct md2 *m, const void *p, size_t len); +void MD2_Final (void *res, struct md2 *m); + +#endif /* HEIM_MD2_H */ diff --git a/source4/heimdal/lib/hcrypto/md4.c b/source4/heimdal/lib/hcrypto/md4.c new file mode 100644 index 0000000000..95ab340b48 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/md4.c @@ -0,0 +1,250 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: md4.c 17445 2006-05-05 10:37:46Z lha $"); +#endif + +#include "hash.h" +#include "md4.h" + +#define A m->counter[0] +#define B m->counter[1] +#define C m->counter[2] +#define D m->counter[3] +#define X data + +void +MD4_Init (struct md4 *m) +{ + m->sz[0] = 0; + m->sz[1] = 0; + D = 0x10325476; + C = 0x98badcfe; + B = 0xefcdab89; + A = 0x67452301; +} + +#define F(x,y,z) CRAYFIX((x & y) | (~x & z)) +#define G(x,y,z) ((x & y) | (x & z) | (y & z)) +#define H(x,y,z) (x ^ y ^ z) + +#define DOIT(a,b,c,d,k,s,i,OP) \ +a = cshift(a + OP(b,c,d) + X[k] + i, s) + +#define DO1(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,F) +#define DO2(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,G) +#define DO3(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,H) + +static inline void +calc (struct md4 *m, uint32_t *data) +{ + uint32_t AA, BB, CC, DD; + + AA = A; + BB = B; + CC = C; + DD = D; + + /* Round 1 */ + + DO1(A,B,C,D,0,3,0); + DO1(D,A,B,C,1,7,0); + DO1(C,D,A,B,2,11,0); + DO1(B,C,D,A,3,19,0); + + DO1(A,B,C,D,4,3,0); + DO1(D,A,B,C,5,7,0); + DO1(C,D,A,B,6,11,0); + DO1(B,C,D,A,7,19,0); + + DO1(A,B,C,D,8,3,0); + DO1(D,A,B,C,9,7,0); + DO1(C,D,A,B,10,11,0); + DO1(B,C,D,A,11,19,0); + + DO1(A,B,C,D,12,3,0); + DO1(D,A,B,C,13,7,0); + DO1(C,D,A,B,14,11,0); + DO1(B,C,D,A,15,19,0); + + /* Round 2 */ + + DO2(A,B,C,D,0,3,0x5A827999); + DO2(D,A,B,C,4,5,0x5A827999); + DO2(C,D,A,B,8,9,0x5A827999); + DO2(B,C,D,A,12,13,0x5A827999); + + DO2(A,B,C,D,1,3,0x5A827999); + DO2(D,A,B,C,5,5,0x5A827999); + DO2(C,D,A,B,9,9,0x5A827999); + DO2(B,C,D,A,13,13,0x5A827999); + + DO2(A,B,C,D,2,3,0x5A827999); + DO2(D,A,B,C,6,5,0x5A827999); + DO2(C,D,A,B,10,9,0x5A827999); + DO2(B,C,D,A,14,13,0x5A827999); + + DO2(A,B,C,D,3,3,0x5A827999); + DO2(D,A,B,C,7,5,0x5A827999); + DO2(C,D,A,B,11,9,0x5A827999); + DO2(B,C,D,A,15,13,0x5A827999); + + /* Round 3 */ + + DO3(A,B,C,D,0,3,0x6ED9EBA1); + DO3(D,A,B,C,8,9,0x6ED9EBA1); + DO3(C,D,A,B,4,11,0x6ED9EBA1); + DO3(B,C,D,A,12,15,0x6ED9EBA1); + + DO3(A,B,C,D,2,3,0x6ED9EBA1); + DO3(D,A,B,C,10,9,0x6ED9EBA1); + DO3(C,D,A,B,6,11,0x6ED9EBA1); + DO3(B,C,D,A,14,15,0x6ED9EBA1); + + DO3(A,B,C,D,1,3,0x6ED9EBA1); + DO3(D,A,B,C,9,9,0x6ED9EBA1); + DO3(C,D,A,B,5,11,0x6ED9EBA1); + DO3(B,C,D,A,13,15,0x6ED9EBA1); + + DO3(A,B,C,D,3,3,0x6ED9EBA1); + DO3(D,A,B,C,11,9,0x6ED9EBA1); + DO3(C,D,A,B,7,11,0x6ED9EBA1); + DO3(B,C,D,A,15,15,0x6ED9EBA1); + + A += AA; + B += BB; + C += CC; + D += DD; +} + +/* + * From `Performance analysis of MD5' by Joseph D. Touch + */ + +#if defined(WORDS_BIGENDIAN) +static inline uint32_t +swap_uint32_t (uint32_t t) +{ + uint32_t temp1, temp2; + + temp1 = cshift(t, 16); + temp2 = temp1 >> 8; + temp1 &= 0x00ff00ff; + temp2 &= 0x00ff00ff; + temp1 <<= 8; + return temp1 | temp2; +} +#endif + +struct x32{ + unsigned int a:32; + unsigned int b:32; +}; + +void +MD4_Update (struct md4 *m, const void *v, size_t len) +{ + const unsigned char *p = v; + size_t old_sz = m->sz[0]; + size_t offset; + + m->sz[0] += len * 8; + if (m->sz[0] < old_sz) + ++m->sz[1]; + offset = (old_sz / 8) % 64; + while(len > 0) { + size_t l = min(len, 64 - offset); + memcpy(m->save + offset, p, l); + offset += l; + p += l; + len -= l; + if(offset == 64) { +#if defined(WORDS_BIGENDIAN) + int i; + uint32_t current[16]; + struct x32 *u = (struct x32*)m->save; + for(i = 0; i < 8; i++){ + current[2*i+0] = swap_uint32_t(u[i].a); + current[2*i+1] = swap_uint32_t(u[i].b); + } + calc(m, current); +#else + calc(m, (uint32_t*)m->save); +#endif + offset = 0; + } + } +} + +void +MD4_Final (void *res, struct md4 *m) +{ + unsigned char zeros[72]; + unsigned offset = (m->sz[0] / 8) % 64; + unsigned int dstart = (120 - offset - 1) % 64 + 1; + + *zeros = 0x80; + memset (zeros + 1, 0, sizeof(zeros) - 1); + zeros[dstart+0] = (m->sz[0] >> 0) & 0xff; + zeros[dstart+1] = (m->sz[0] >> 8) & 0xff; + zeros[dstart+2] = (m->sz[0] >> 16) & 0xff; + zeros[dstart+3] = (m->sz[0] >> 24) & 0xff; + zeros[dstart+4] = (m->sz[1] >> 0) & 0xff; + zeros[dstart+5] = (m->sz[1] >> 8) & 0xff; + zeros[dstart+6] = (m->sz[1] >> 16) & 0xff; + zeros[dstart+7] = (m->sz[1] >> 24) & 0xff; + MD4_Update (m, zeros, dstart + 8); + { + int i; + unsigned char *r = (unsigned char *)res; + + for (i = 0; i < 4; ++i) { + r[4*i] = m->counter[i] & 0xFF; + r[4*i+1] = (m->counter[i] >> 8) & 0xFF; + r[4*i+2] = (m->counter[i] >> 16) & 0xFF; + r[4*i+3] = (m->counter[i] >> 24) & 0xFF; + } + } +#if 0 + { + int i; + uint32_t *r = (uint32_t *)res; + + for (i = 0; i < 4; ++i) + r[i] = swap_uint32_t (m->counter[i]); + } +#endif +} diff --git a/source4/heimdal/lib/hcrypto/md4.h b/source4/heimdal/lib/hcrypto/md4.h new file mode 100644 index 0000000000..8725209d02 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/md4.h @@ -0,0 +1,62 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: md4.h 17450 2006-05-05 11:11:43Z lha $ */ + +#ifndef HEIM_MD4_H +#define HEIM_MD4_H 1 + +/* symbol renaming */ +#define MD4_Init hc_MD4_Init +#define MD4_Update hc_MD4_Update +#define MD4_Final hc_MD4_Final + +/* + * + */ + +#define MD4_DIGEST_LENGTH 16 + +struct md4 { + unsigned int sz[2]; + uint32_t counter[4]; + unsigned char save[64]; +}; + +typedef struct md4 MD4_CTX; + +void MD4_Init (struct md4 *m); +void MD4_Update (struct md4 *m, const void *p, size_t len); +void MD4_Final (void *res, struct md4 *m); + +#endif /* HEIM_MD4_H */ diff --git a/source4/heimdal/lib/hcrypto/md5.c b/source4/heimdal/lib/hcrypto/md5.c new file mode 100644 index 0000000000..b145fd2ac7 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/md5.c @@ -0,0 +1,274 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: md5.c 17445 2006-05-05 10:37:46Z lha $"); +#endif + +#include "hash.h" +#include "md5.h" + +#define A m->counter[0] +#define B m->counter[1] +#define C m->counter[2] +#define D m->counter[3] +#define X data + +void +MD5_Init (struct md5 *m) +{ + m->sz[0] = 0; + m->sz[1] = 0; + D = 0x10325476; + C = 0x98badcfe; + B = 0xefcdab89; + A = 0x67452301; +} + +#define F(x,y,z) CRAYFIX((x & y) | (~x & z)) +#define G(x,y,z) CRAYFIX((x & z) | (y & ~z)) +#define H(x,y,z) (x ^ y ^ z) +#define I(x,y,z) CRAYFIX(y ^ (x | ~z)) + +#define DOIT(a,b,c,d,k,s,i,OP) \ +a = b + cshift(a + OP(b,c,d) + X[k] + (i), s) + +#define DO1(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,F) +#define DO2(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,G) +#define DO3(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,H) +#define DO4(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,I) + +static inline void +calc (struct md5 *m, uint32_t *data) +{ + uint32_t AA, BB, CC, DD; + + AA = A; + BB = B; + CC = C; + DD = D; + + /* Round 1 */ + + DO1(A,B,C,D,0,7,0xd76aa478); + DO1(D,A,B,C,1,12,0xe8c7b756); + DO1(C,D,A,B,2,17,0x242070db); + DO1(B,C,D,A,3,22,0xc1bdceee); + + DO1(A,B,C,D,4,7,0xf57c0faf); + DO1(D,A,B,C,5,12,0x4787c62a); + DO1(C,D,A,B,6,17,0xa8304613); + DO1(B,C,D,A,7,22,0xfd469501); + + DO1(A,B,C,D,8,7,0x698098d8); + DO1(D,A,B,C,9,12,0x8b44f7af); + DO1(C,D,A,B,10,17,0xffff5bb1); + DO1(B,C,D,A,11,22,0x895cd7be); + + DO1(A,B,C,D,12,7,0x6b901122); + DO1(D,A,B,C,13,12,0xfd987193); + DO1(C,D,A,B,14,17,0xa679438e); + DO1(B,C,D,A,15,22,0x49b40821); + + /* Round 2 */ + + DO2(A,B,C,D,1,5,0xf61e2562); + DO2(D,A,B,C,6,9,0xc040b340); + DO2(C,D,A,B,11,14,0x265e5a51); + DO2(B,C,D,A,0,20,0xe9b6c7aa); + + DO2(A,B,C,D,5,5,0xd62f105d); + DO2(D,A,B,C,10,9,0x2441453); + DO2(C,D,A,B,15,14,0xd8a1e681); + DO2(B,C,D,A,4,20,0xe7d3fbc8); + + DO2(A,B,C,D,9,5,0x21e1cde6); + DO2(D,A,B,C,14,9,0xc33707d6); + DO2(C,D,A,B,3,14,0xf4d50d87); + DO2(B,C,D,A,8,20,0x455a14ed); + + DO2(A,B,C,D,13,5,0xa9e3e905); + DO2(D,A,B,C,2,9,0xfcefa3f8); + DO2(C,D,A,B,7,14,0x676f02d9); + DO2(B,C,D,A,12,20,0x8d2a4c8a); + + /* Round 3 */ + + DO3(A,B,C,D,5,4,0xfffa3942); + DO3(D,A,B,C,8,11,0x8771f681); + DO3(C,D,A,B,11,16,0x6d9d6122); + DO3(B,C,D,A,14,23,0xfde5380c); + + DO3(A,B,C,D,1,4,0xa4beea44); + DO3(D,A,B,C,4,11,0x4bdecfa9); + DO3(C,D,A,B,7,16,0xf6bb4b60); + DO3(B,C,D,A,10,23,0xbebfbc70); + + DO3(A,B,C,D,13,4,0x289b7ec6); + DO3(D,A,B,C,0,11,0xeaa127fa); + DO3(C,D,A,B,3,16,0xd4ef3085); + DO3(B,C,D,A,6,23,0x4881d05); + + DO3(A,B,C,D,9,4,0xd9d4d039); + DO3(D,A,B,C,12,11,0xe6db99e5); + DO3(C,D,A,B,15,16,0x1fa27cf8); + DO3(B,C,D,A,2,23,0xc4ac5665); + + /* Round 4 */ + + DO4(A,B,C,D,0,6,0xf4292244); + DO4(D,A,B,C,7,10,0x432aff97); + DO4(C,D,A,B,14,15,0xab9423a7); + DO4(B,C,D,A,5,21,0xfc93a039); + + DO4(A,B,C,D,12,6,0x655b59c3); + DO4(D,A,B,C,3,10,0x8f0ccc92); + DO4(C,D,A,B,10,15,0xffeff47d); + DO4(B,C,D,A,1,21,0x85845dd1); + + DO4(A,B,C,D,8,6,0x6fa87e4f); + DO4(D,A,B,C,15,10,0xfe2ce6e0); + DO4(C,D,A,B,6,15,0xa3014314); + DO4(B,C,D,A,13,21,0x4e0811a1); + + DO4(A,B,C,D,4,6,0xf7537e82); + DO4(D,A,B,C,11,10,0xbd3af235); + DO4(C,D,A,B,2,15,0x2ad7d2bb); + DO4(B,C,D,A,9,21,0xeb86d391); + + A += AA; + B += BB; + C += CC; + D += DD; +} + +/* + * From `Performance analysis of MD5' by Joseph D. Touch + */ + +#if defined(WORDS_BIGENDIAN) +static inline uint32_t +swap_uint32_t (uint32_t t) +{ + uint32_t temp1, temp2; + + temp1 = cshift(t, 16); + temp2 = temp1 >> 8; + temp1 &= 0x00ff00ff; + temp2 &= 0x00ff00ff; + temp1 <<= 8; + return temp1 | temp2; +} +#endif + +struct x32{ + unsigned int a:32; + unsigned int b:32; +}; + +void +MD5_Update (struct md5 *m, const void *v, size_t len) +{ + const unsigned char *p = v; + size_t old_sz = m->sz[0]; + size_t offset; + + m->sz[0] += len * 8; + if (m->sz[0] < old_sz) + ++m->sz[1]; + offset = (old_sz / 8) % 64; + while(len > 0){ + size_t l = min(len, 64 - offset); + memcpy(m->save + offset, p, l); + offset += l; + p += l; + len -= l; + if(offset == 64){ +#if defined(WORDS_BIGENDIAN) + int i; + uint32_t current[16]; + struct x32 *u = (struct x32*)m->save; + for(i = 0; i < 8; i++){ + current[2*i+0] = swap_uint32_t(u[i].a); + current[2*i+1] = swap_uint32_t(u[i].b); + } + calc(m, current); +#else + calc(m, (uint32_t*)m->save); +#endif + offset = 0; + } + } +} + +void +MD5_Final (void *res, struct md5 *m) +{ + unsigned char zeros[72]; + unsigned offset = (m->sz[0] / 8) % 64; + unsigned int dstart = (120 - offset - 1) % 64 + 1; + + *zeros = 0x80; + memset (zeros + 1, 0, sizeof(zeros) - 1); + zeros[dstart+0] = (m->sz[0] >> 0) & 0xff; + zeros[dstart+1] = (m->sz[0] >> 8) & 0xff; + zeros[dstart+2] = (m->sz[0] >> 16) & 0xff; + zeros[dstart+3] = (m->sz[0] >> 24) & 0xff; + zeros[dstart+4] = (m->sz[1] >> 0) & 0xff; + zeros[dstart+5] = (m->sz[1] >> 8) & 0xff; + zeros[dstart+6] = (m->sz[1] >> 16) & 0xff; + zeros[dstart+7] = (m->sz[1] >> 24) & 0xff; + MD5_Update (m, zeros, dstart + 8); + { + int i; + unsigned char *r = (unsigned char *)res; + + for (i = 0; i < 4; ++i) { + r[4*i] = m->counter[i] & 0xFF; + r[4*i+1] = (m->counter[i] >> 8) & 0xFF; + r[4*i+2] = (m->counter[i] >> 16) & 0xFF; + r[4*i+3] = (m->counter[i] >> 24) & 0xFF; + } + } +#if 0 + { + int i; + uint32_t *r = (uint32_t *)res; + + for (i = 0; i < 4; ++i) + r[i] = swap_uint32_t (m->counter[i]); + } +#endif +} diff --git a/source4/heimdal/lib/hcrypto/md5.h b/source4/heimdal/lib/hcrypto/md5.h new file mode 100644 index 0000000000..de6bd3a0a6 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/md5.h @@ -0,0 +1,62 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: md5.h 17450 2006-05-05 11:11:43Z lha $ */ + +#ifndef HEIM_MD5_H +#define HEIM_MD5_H 1 + +/* symbol renaming */ +#define MD5_Init hc_MD5_Init +#define MD5_Update hc_MD5_Update +#define MD5_Final hc_MD5_Final + +/* + * + */ + +#define MD5_DIGEST_LENGTH 16 + +struct md5 { + unsigned int sz[2]; + uint32_t counter[4]; + unsigned char save[64]; +}; + +typedef struct md5 MD5_CTX; + +void MD5_Init (struct md5 *m); +void MD5_Update (struct md5 *m, const void *p, size_t len); +void MD5_Final (void *res, struct md5 *m); /* uint32_t res[4] */ + +#endif /* HEIM_MD5_H */ diff --git a/source4/heimdal/lib/hcrypto/pkcs12.c b/source4/heimdal/lib/hcrypto/pkcs12.c new file mode 100644 index 0000000000..dcfbdfad42 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/pkcs12.c @@ -0,0 +1,150 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: pkcs12.c 20661 2007-05-10 21:57:58Z lha $"); + +#include +#include +#include + +#include +#include + +#include + +int +PKCS12_key_gen(const void *key, size_t keylen, + const void *salt, size_t saltlen, + int id, int iteration, size_t outkeysize, + void *out, const EVP_MD *md) +{ + unsigned char *v, *I, hash[EVP_MAX_MD_SIZE]; + unsigned int size, size_I = 0; + unsigned char idc = id; + EVP_MD_CTX ctx; + unsigned char *outp = out; + int i, vlen; + + EVP_MD_CTX_init(&ctx); + + vlen = EVP_MD_block_size(md); + v = malloc(vlen + 1); + if (v == NULL) + return 0; + + I = calloc(1, vlen * 2); + if (I == NULL) { + free(v); + return 0; + } + + if (salt && saltlen > 0) { + for (i = 0; i < vlen; i++) + I[i] = ((unsigned char*)salt)[i % saltlen]; + size_I += vlen; + } + /* + * There is a diffrence between the no password string and the + * empty string, in the empty string the UTF16 NUL terminator is + * included into the string. + */ + if (key && keylen >= 0) { + for (i = 0; i < vlen / 2; i++) { + I[(i * 2) + size_I] = 0; + I[(i * 2) + size_I + 1] = ((unsigned char*)key)[i % (keylen + 1)]; + } + size_I += vlen; + } + + while (1) { + BIGNUM *bnB, *bnOne; + + if (!EVP_DigestInit_ex(&ctx, md, NULL)) + return 0; + for (i = 0; i < vlen; i++) + EVP_DigestUpdate(&ctx, &idc, 1); + EVP_DigestUpdate(&ctx, I, size_I); + EVP_DigestFinal_ex(&ctx, hash, &size); + + for (i = 1; i < iteration; i++) + EVP_Digest(hash, size, hash, &size, md, NULL); + + memcpy(outp, hash, min(outkeysize, size)); + if (outkeysize < size) + break; + outkeysize -= size; + outp += size; + + for (i = 0; i < vlen; i++) + v[i] = hash[i % size]; + + bnB = BN_bin2bn(v, vlen, NULL); + bnOne = BN_new(); + BN_set_word(bnOne, 1); + + BN_uadd(bnB, bnB, bnOne); + + for (i = 0; i < vlen * 2; i += vlen) { + BIGNUM *bnI; + int j; + + bnI = BN_bin2bn(I + i, vlen, NULL); + + BN_uadd(bnI, bnI, bnB); + + j = BN_num_bytes(bnI); + if (j > vlen) { + assert(j == vlen + 1); + BN_bn2bin(bnI, v); + memcpy(I + i, v + 1, vlen); + } else { + memset(I + i, 0, vlen - j); + BN_bn2bin(bnI, I + i + vlen - j); + } + BN_free(bnI); + } + BN_free(bnB); + BN_free(bnOne); + size_I = vlen * 2; + } + + EVP_MD_CTX_cleanup(&ctx); + free(I); + free(v); + + return 1; +} diff --git a/source4/heimdal/lib/hcrypto/pkcs12.h b/source4/heimdal/lib/hcrypto/pkcs12.h new file mode 100644 index 0000000000..eb28b05467 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/pkcs12.h @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: pkcs12.h 16564 2006-01-13 15:26:52Z lha $ + */ + +#ifndef _HEIM_PKCS12_H +#define _HEIM_PKCS12_H 1 + +/* symbol renaming */ +#define PKCS12_key_gen hc_PKCS12_key_gen + +/* + * + */ + +#include + +#define PKCS12_KEY_ID 1 +#define PKCS12_IV_ID 2 + +int PKCS12_key_gen(const void *, size_t, const void *, + size_t, int, int, size_t, void *, const EVP_MD *); + + +#endif /* _HEIM_PKCS12_H */ diff --git a/source4/heimdal/lib/hcrypto/pkcs5.c b/source4/heimdal/lib/hcrypto/pkcs5.c new file mode 100644 index 0000000000..85b8713cba --- /dev/null +++ b/source4/heimdal/lib/hcrypto/pkcs5.c @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: pkcs5.c 17445 2006-05-05 10:37:46Z lha $"); + +#ifdef KRB5 +#include +#endif + +#include +#include + +#include +#include + +#include + +int +PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len, + const void * salt, size_t salt_len, + unsigned long iter, + size_t keylen, void *key) +{ + size_t datalen, leftofkey, checksumsize; + char *data, *tmpcksum; + uint32_t keypart; + const EVP_MD *md; + unsigned long i; + int j; + char *p; + unsigned int hmacsize; + + md = EVP_sha1(); + checksumsize = EVP_MD_size(md); + datalen = salt_len + 4; + + tmpcksum = malloc(checksumsize + datalen); + if (tmpcksum == NULL) + return 0; + + data = &tmpcksum[checksumsize]; + + memcpy(data, salt, salt_len); + + keypart = 1; + leftofkey = keylen; + p = key; + + while (leftofkey) { + int len; + + if (leftofkey > checksumsize) + len = checksumsize; + else + len = leftofkey; + + data[datalen - 4] = (keypart >> 24) & 0xff; + data[datalen - 3] = (keypart >> 16) & 0xff; + data[datalen - 2] = (keypart >> 8) & 0xff; + data[datalen - 1] = (keypart) & 0xff; + + HMAC(md, password, password_len, data, datalen, + tmpcksum, &hmacsize); + + memcpy(p, tmpcksum, len); + for (i = 1; i < iter; i++) { + HMAC(md, password, password_len, tmpcksum, checksumsize, + tmpcksum, &hmacsize); + + for (j = 0; j < len; j++) + p[j] ^= tmpcksum[j]; + } + + p += len; + leftofkey -= len; + keypart++; + } + + free(tmpcksum); + + return 1; +} diff --git a/source4/heimdal/lib/hcrypto/rand-egd.c b/source4/heimdal/lib/hcrypto/rand-egd.c new file mode 100644 index 0000000000..d1b024b535 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/rand-egd.c @@ -0,0 +1,262 @@ +/* + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: rand-egd.c 20093 2007-01-31 12:44:28Z lha $"); + +#include +#ifdef HAVE_SYS_UN_H +#include +#endif + +#include +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#include + +#include +#include + +#include + +static const char *egd_path = "/var/run/egd-pool"; + +#define MAX_EGD_DATA 255 + +static int +connect_egd(const char *path) +{ + struct sockaddr_un addr; + int fd; + + memset(&addr, 0, sizeof(addr)); + + if (strlen(path) > sizeof(addr.sun_path)) + return -1; + + addr.sun_family = AF_UNIX; + strlcpy(addr.sun_path, path, sizeof(addr.sun_path)); + + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) + return -1; + + if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) != 0) { + close(fd); + return -1; + } + + return fd; +} + +static int +get_entropy(int fd, void *data, size_t len) +{ + unsigned char msg[2]; + + assert(len <= MAX_EGD_DATA); + + msg[0] = 0x02; /* read blocking data */ + msg[1] = len; /* wanted length */ + + if (net_write(fd, msg, sizeof(msg)) != sizeof(msg)) + return 0; + + if (net_read(fd, data, len) != len) + return 0; + + return 1; +} + +static int +put_entropy(int fd, const void *data, size_t len) +{ + unsigned char msg[4]; + + assert (len <= MAX_EGD_DATA); + + msg[0] = 0x03; /* write data */ + msg[1] = 0; /* dummy */ + msg[2] = 0; /* entropy */ + msg[3] = len; /* length */ + + if (net_write(fd, msg, sizeof(msg)) != sizeof(msg)) + return 0; + if (net_write(fd, data, len) != len) + return 0; + + return 1; +} + +/* + * + */ + +static void +egd_seed(const void *indata, int size) +{ + size_t len; + int fd, ret = 1; + + fd = connect_egd(egd_path); + if (fd < 0) + return; + + while(size) { + len = size; + if (len > MAX_EGD_DATA) + len = MAX_EGD_DATA; + ret = put_entropy(fd, indata, len); + if (ret != 1) + break; + indata = ((unsigned char *)indata) + len; + size -= len; + } + close(fd); +} + +static int +get_bytes(const char *path, unsigned char *outdata, int size) +{ + size_t len; + int fd, ret = 1; + + if (path == NULL) + path = egd_path; + + fd = connect_egd(path); + if (fd < 0) + return 0; + + while(size) { + len = size; + if (len > MAX_EGD_DATA) + len = MAX_EGD_DATA; + ret = get_entropy(fd, outdata, len); + if (ret != 1) + break; + outdata += len; + size -= len; + } + close(fd); + + return ret; +} + +static int +egd_bytes(unsigned char *outdata, int size) +{ + return get_bytes(NULL, outdata, size); +} + +static void +egd_cleanup(void) +{ +} + +static void +egd_add(const void *indata, int size, double entropi) +{ + egd_seed(indata, size); +} + +static int +egd_pseudorand(unsigned char *outdata, int size) +{ + return get_bytes(NULL, outdata, size); +} + +static int +egd_status(void) +{ + int fd; + fd = connect_egd(egd_path); + if (fd < 0) + return 0; + close(fd); + return 1; +} + +const RAND_METHOD hc_rand_egd_method = { + egd_seed, + egd_bytes, + egd_cleanup, + egd_add, + egd_pseudorand, + egd_status +}; + +const RAND_METHOD * +RAND_egd_method(void) +{ + return &hc_rand_egd_method; +} + + +int +RAND_egd(const char *filename) +{ + return RAND_egd_bytes(filename, 128); +} + +int +RAND_egd_bytes(const char *filename, int size) +{ + void *data; + int ret; + + if (size <= 0) + return 0; + + data = malloc(size); + if (data == NULL) + return 0; + + ret = get_bytes(filename, data, size); + if (ret != 1) { + free(data); + return ret; + } + + RAND_seed(data, size); + + memset(data, 0, sizeof(data)); + free(data); + + return 1; +} diff --git a/source4/heimdal/lib/hcrypto/rand-fortuna.c b/source4/heimdal/lib/hcrypto/rand-fortuna.c new file mode 100644 index 0000000000..6cc4267c13 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/rand-fortuna.c @@ -0,0 +1,563 @@ +/* + * fortuna.c + * Fortuna-like PRNG. + * + * Copyright (c) 2005 Marko Kreen + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $PostgreSQL: pgsql/contrib/pgcrypto/fortuna.c,v 1.8 2006/10/04 00:29:46 momjian Exp $ + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: rand-fortuna.c 20029 2007-01-21 09:55:42Z lha $"); + +#include +#include +#include + +#include + +#include "randi.h" +#include "aes.h" +#include "sha.h" + +/* + * Why Fortuna-like: There does not seem to be any definitive reference + * on Fortuna in the net. Instead this implementation is based on + * following references: + * + * http://en.wikipedia.org/wiki/Fortuna_(PRNG) + * - Wikipedia article + * http://jlcooke.ca/random/ + * - Jean-Luc Cooke Fortuna-based /dev/random driver for Linux. + */ + +/* + * There is some confusion about whether and how to carry forward + * the state of the pools. Seems like original Fortuna does not + * do it, resetting hash after each request. I guess expecting + * feeding to happen more often that requesting. This is absolutely + * unsuitable for pgcrypto, as nothing asynchronous happens here. + * + * J.L. Cooke fixed this by feeding previous hash to new re-initialized + * hash context. + * + * Fortuna predecessor Yarrow requires ability to query intermediate + * 'final result' from hash, without affecting it. + * + * This implementation uses the Yarrow method - asking intermediate + * results, but continuing with old state. + */ + + +/* + * Algorithm parameters + */ + +#define NUM_POOLS 32 + +/* in microseconds */ +#define RESEED_INTERVAL 100000 /* 0.1 sec */ + +/* for one big request, reseed after this many bytes */ +#define RESEED_BYTES (1024*1024) + +/* + * Skip reseed if pool 0 has less than this many + * bytes added since last reseed. + */ +#define POOL0_FILL (256/8) + +/* + * Algorithm constants + */ + +/* Both cipher key size and hash result size */ +#define BLOCK 32 + +/* cipher block size */ +#define CIPH_BLOCK 16 + +/* for internal wrappers */ +#define MD_CTX SHA256_CTX +#define CIPH_CTX AES_KEY + +struct fortuna_state +{ + unsigned char counter[CIPH_BLOCK]; + unsigned char result[CIPH_BLOCK]; + unsigned char key[BLOCK]; + MD_CTX pool[NUM_POOLS]; + CIPH_CTX ciph; + unsigned reseed_count; + struct timeval last_reseed_time; + unsigned pool0_bytes; + unsigned rnd_pos; + int tricks_done; +}; +typedef struct fortuna_state FState; + + +/* + * Use our own wrappers here. + * - Need to get intermediate result from digest, without affecting it. + * - Need re-set key on a cipher context. + * - Algorithms are guaranteed to exist. + * - No memory allocations. + */ + +static void +ciph_init(CIPH_CTX * ctx, const unsigned char *key, int klen) +{ + AES_set_encrypt_key(key, klen * 8, ctx); +} + +static void +ciph_encrypt(CIPH_CTX * ctx, const unsigned char *in, unsigned char *out) +{ + AES_encrypt(in, out, ctx); +} + +static void +md_init(MD_CTX * ctx) +{ + SHA256_Init(ctx); +} + +static void +md_update(MD_CTX * ctx, const unsigned char *data, int len) +{ + SHA256_Update(ctx, data, len); +} + +static void +md_result(MD_CTX * ctx, unsigned char *dst) +{ + SHA256_CTX tmp; + + memcpy(&tmp, ctx, sizeof(*ctx)); + SHA256_Final(dst, &tmp); + memset(&tmp, 0, sizeof(tmp)); +} + +/* + * initialize state + */ +static void +init_state(FState * st) +{ + int i; + + memset(st, 0, sizeof(*st)); + for (i = 0; i < NUM_POOLS; i++) + md_init(&st->pool[i]); +} + +/* + * Endianess does not matter. + * It just needs to change without repeating. + */ +static void +inc_counter(FState * st) +{ + uint32_t *val = (uint32_t *) st->counter; + + if (++val[0]) + return; + if (++val[1]) + return; + if (++val[2]) + return; + ++val[3]; +} + +/* + * This is called 'cipher in counter mode'. + */ +static void +encrypt_counter(FState * st, unsigned char *dst) +{ + ciph_encrypt(&st->ciph, st->counter, dst); + inc_counter(st); +} + + +/* + * The time between reseed must be at least RESEED_INTERVAL + * microseconds. + */ +static int +enough_time_passed(FState * st) +{ + int ok; + struct timeval tv; + struct timeval *last = &st->last_reseed_time; + + gettimeofday(&tv, NULL); + + /* check how much time has passed */ + ok = 0; + if (tv.tv_sec > last->tv_sec + 1) + ok = 1; + else if (tv.tv_sec == last->tv_sec + 1) + { + if (1000000 + tv.tv_usec - last->tv_usec >= RESEED_INTERVAL) + ok = 1; + } + else if (tv.tv_usec - last->tv_usec >= RESEED_INTERVAL) + ok = 1; + + /* reseed will happen, update last_reseed_time */ + if (ok) + memcpy(last, &tv, sizeof(tv)); + + memset(&tv, 0, sizeof(tv)); + + return ok; +} + +/* + * generate new key from all the pools + */ +static void +reseed(FState * st) +{ + unsigned k; + unsigned n; + MD_CTX key_md; + unsigned char buf[BLOCK]; + + /* set pool as empty */ + st->pool0_bytes = 0; + + /* + * Both #0 and #1 reseed would use only pool 0. Just skip #0 then. + */ + n = ++st->reseed_count; + + /* + * The goal: use k-th pool only 1/(2^k) of the time. + */ + md_init(&key_md); + for (k = 0; k < NUM_POOLS; k++) + { + md_result(&st->pool[k], buf); + md_update(&key_md, buf, BLOCK); + + if (n & 1 || !n) + break; + n >>= 1; + } + + /* add old key into mix too */ + md_update(&key_md, st->key, BLOCK); + + /* now we have new key */ + md_result(&key_md, st->key); + + /* use new key */ + ciph_init(&st->ciph, st->key, BLOCK); + + memset(&key_md, 0, sizeof(key_md)); + memset(buf, 0, BLOCK); +} + +/* + * Pick a random pool. This uses key bytes as random source. + */ +static unsigned +get_rand_pool(FState * st) +{ + unsigned rnd; + + /* + * This slightly prefers lower pools - thats OK. + */ + rnd = st->key[st->rnd_pos] % NUM_POOLS; + + st->rnd_pos++; + if (st->rnd_pos >= BLOCK) + st->rnd_pos = 0; + + return rnd; +} + +/* + * update pools + */ +static void +add_entropy(FState * st, const unsigned char *data, unsigned len) +{ + unsigned pos; + unsigned char hash[BLOCK]; + MD_CTX md; + + /* hash given data */ + md_init(&md); + md_update(&md, data, len); + md_result(&md, hash); + + /* + * Make sure the pool 0 is initialized, then update randomly. + */ + if (st->reseed_count == 0) + pos = 0; + else + pos = get_rand_pool(st); + md_update(&st->pool[pos], hash, BLOCK); + + if (pos == 0) + st->pool0_bytes += len; + + memset(hash, 0, BLOCK); + memset(&md, 0, sizeof(md)); +} + +/* + * Just take 2 next blocks as new key + */ +static void +rekey(FState * st) +{ + encrypt_counter(st, st->key); + encrypt_counter(st, st->key + CIPH_BLOCK); + ciph_init(&st->ciph, st->key, BLOCK); +} + +/* + * Hide public constants. (counter, pools > 0) + * + * This can also be viewed as spreading the startup + * entropy over all of the components. + */ +static void +startup_tricks(FState * st) +{ + int i; + unsigned char buf[BLOCK]; + + /* Use next block as counter. */ + encrypt_counter(st, st->counter); + + /* Now shuffle pools, excluding #0 */ + for (i = 1; i < NUM_POOLS; i++) + { + encrypt_counter(st, buf); + encrypt_counter(st, buf + CIPH_BLOCK); + md_update(&st->pool[i], buf, BLOCK); + } + memset(buf, 0, BLOCK); + + /* Hide the key. */ + rekey(st); + + /* This can be done only once. */ + st->tricks_done = 1; +} + +static void +extract_data(FState * st, unsigned count, unsigned char *dst) +{ + unsigned n; + unsigned block_nr = 0; + + /* Should we reseed? */ + if (st->pool0_bytes >= POOL0_FILL || st->reseed_count == 0) + if (enough_time_passed(st)) + reseed(st); + + /* Do some randomization on first call */ + if (!st->tricks_done) + startup_tricks(st); + + while (count > 0) + { + /* produce bytes */ + encrypt_counter(st, st->result); + + /* copy result */ + if (count > CIPH_BLOCK) + n = CIPH_BLOCK; + else + n = count; + memcpy(dst, st->result, n); + dst += n; + count -= n; + + /* must not give out too many bytes with one key */ + block_nr++; + if (block_nr > (RESEED_BYTES / CIPH_BLOCK)) + { + rekey(st); + block_nr = 0; + } + } + /* Set new key for next request. */ + rekey(st); +} + +/* + * public interface + */ + +static FState main_state; +static int init_done; +static int have_entropy; + +/* + * Try our best to do an inital seed + */ +#define INIT_BYTES 128 + +static int +fortuna_reseed(void) +{ + int entropy_p = 0; + + if (!init_done) + abort(); + + { + unsigned char buf[INIT_BYTES]; + if ((*hc_rand_unix_method.bytes)(buf, sizeof(buf)) == 1) { + add_entropy(&main_state, buf, sizeof(buf)); + entropy_p = 1; + memset(buf, 0, sizeof(buf)); + } + } +#ifdef HAVE_ARC4RANDOM + { + uint32_t buf[INIT_BYTES / sizeof(uint32_t)]; + int i; + + for (i = 0; i < sizeof(buf)/sizeof(buf[0]); i++) + buf[i] = arc4random(); + add_entropy(&main_state, (void *)buf, sizeof(buf)); + entropy_p = 1; + } +#endif + /* + * Only to get egd entropy if /dev/random or arc4rand failed since + * it can be horribly slow to generate new bits. + */ + if (!entropy_p) { + unsigned char buf[INIT_BYTES]; + if ((*hc_rand_egd_method.bytes)(buf, sizeof(buf)) == 1) { + add_entropy(&main_state, buf, sizeof(buf)); + entropy_p = 1; + memset(buf, 0, sizeof(buf)); + } + } + { + pid_t pid = getpid(); + add_entropy(&main_state, (void *)&pid, sizeof(pid)); + } + { + struct timeval tv; + gettimeofday(&tv, NULL); + add_entropy(&main_state, (void *)&tv, sizeof(tv)); + } + { + uid_t u = getuid(); + add_entropy(&main_state, (void *)&u, sizeof(u)); + } + return entropy_p; +} + +static int +fortuna_init(void) +{ + if (!init_done) + { + init_state(&main_state); + init_done = 1; + } + if (!have_entropy) + have_entropy = fortuna_reseed(); + return (init_done && have_entropy); +} + + + +static void +fortuna_seed(const void *indata, int size) +{ + fortuna_init(); + add_entropy(&main_state, indata, size); + if (size >= INIT_BYTES) + have_entropy = 1; +} + +static int +fortuna_bytes(unsigned char *outdata, int size) +{ + if (!fortuna_init()) + return 0; + extract_data(&main_state, size, outdata); + return 1; +} + +static void +fortuna_cleanup(void) +{ + init_done = 0; + have_entropy = 0; + memset(&main_state, 0, sizeof(main_state)); +} + +static void +fortuna_add(const void *indata, int size, double entropi) +{ + fortuna_seed(indata, size); +} + +static int +fortuna_pseudorand(unsigned char *outdata, int size) +{ + return fortuna_bytes(outdata, size); +} + +static int +fortuna_status(void) +{ + return fortuna_init() ? 1 : 0; +} + +const RAND_METHOD hc_rand_fortuna_method = { + fortuna_seed, + fortuna_bytes, + fortuna_cleanup, + fortuna_add, + fortuna_pseudorand, + fortuna_status +}; + +const RAND_METHOD * +RAND_fortuna_method(void) +{ + return &hc_rand_fortuna_method; +} diff --git a/source4/heimdal/lib/hcrypto/rand-unix.c b/source4/heimdal/lib/hcrypto/rand-unix.c new file mode 100644 index 0000000000..354492fb3d --- /dev/null +++ b/source4/heimdal/lib/hcrypto/rand-unix.c @@ -0,0 +1,161 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: rand-unix.c 20028 2007-01-21 09:54:56Z lha $"); + +#include +#include +#include + +#include + +#include "randi.h" + +/* + * Unix /dev/random + */ + +static int +get_device_fd(int flags) +{ + static const char *rnd_devices[] = { + "/dev/urandom", + "/dev/random", + "/dev/srandom", + "/dev/arandom", + NULL + }; + const char **p; + + for(p = rnd_devices; *p; p++) { + int fd = open(*p, flags | O_NDELAY); + if(fd >= 0) + return fd; + } + return -1; +} + +static void +unix_seed(const void *indata, int size) +{ + int fd; + + if (size <= 0) + return; + + fd = get_device_fd(O_WRONLY); + if (fd < 0) + return; + + write(fd, indata, size); + close(fd); + +} + +static int +unix_bytes(unsigned char *outdata, int size) +{ + ssize_t count; + int fd; + + if (size <= 0) + return 0; + + fd = get_device_fd(O_RDONLY); + if (fd < 0) + return 0; + + while (size > 0) { + count = read (fd, outdata, size); + if (count < 0 && errno == EINTR) + continue; + else if (count <= 0) { + close(fd); + return 0; + } + outdata += count; + size -= count; + } + close(fd); + + return 1; +} + +static void +unix_cleanup(void) +{ +} + +static void +unix_add(const void *indata, int size, double entropi) +{ + unix_seed(indata, size); +} + +static int +unix_pseudorand(unsigned char *outdata, int size) +{ + return unix_bytes(outdata, size); +} + +static int +unix_status(void) +{ + int fd; + + fd = get_device_fd(O_RDONLY); + if (fd < 0) + return 0; + close(fd); + + return 1; +} + +const RAND_METHOD hc_rand_unix_method = { + unix_seed, + unix_bytes, + unix_cleanup, + unix_add, + unix_pseudorand, + unix_status +}; + +const RAND_METHOD * +RAND_unix_method(void) +{ + return &hc_rand_unix_method; +} diff --git a/source4/heimdal/lib/hcrypto/rand.c b/source4/heimdal/lib/hcrypto/rand.c new file mode 100644 index 0000000000..29f2d46dba --- /dev/null +++ b/source4/heimdal/lib/hcrypto/rand.c @@ -0,0 +1,215 @@ +/* + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: rand.c 20126 2007-02-01 22:08:41Z lha $"); + +#include +#include +#include +#include + +#include + +#ifndef O_BINARY +#define O_BINARY 0 +#endif + + +const static RAND_METHOD *selected_meth = NULL; + +static void +init_method(void) +{ + if (selected_meth != NULL) + return; + + if ((*hc_rand_unix_method.status)() == 1) + selected_meth = &hc_rand_unix_method; + else + selected_meth = &hc_rand_fortuna_method; +} + +void +RAND_seed(const void *indata, size_t size) +{ + init_method(); + (*selected_meth->seed)(indata, size); +} + +int +RAND_bytes(void *outdata, size_t size) +{ + init_method(); + return (*selected_meth->bytes)(outdata, size); +} + +void +RAND_cleanup(void) +{ + init_method(); + (*selected_meth->cleanup)(); +} + +void +RAND_add(const void *indata, size_t size, double entropi) +{ + init_method(); + (*selected_meth->add)(indata, size, entropi); +} + +int +RAND_pseudo_bytes(void *outdata, size_t size) +{ + init_method(); + return (*selected_meth->pseudorand)(outdata, size); +} + +int +RAND_status(void) +{ + init_method(); + return (*selected_meth->status)(); +} + +int +RAND_set_rand_method(const RAND_METHOD *meth) +{ + selected_meth = meth; + return 1; +} + +const RAND_METHOD * +RAND_get_rand_method(void) +{ + return selected_meth; +} + +int +RAND_set_rand_engine(ENGINE *engine) +{ + return 1; +} + +#define RAND_FILE_SIZE 1024 + +int +RAND_load_file(const char *filename, size_t size) +{ + unsigned char buf[128]; + size_t len; + ssize_t slen; + int fd; + + fd = open(filename, O_RDONLY | O_BINARY, 0600); + if (fd < 0) + return 0; + + len = 0; + while(len < size) { + slen = read(fd, buf, sizeof(buf)); + if (slen <= 0) + break; + RAND_seed(buf, slen); + len += slen; + } + close(fd); + + return len ? 1 : 0; +} + +int +RAND_write_file(const char *filename) +{ + unsigned char buf[128]; + size_t len; + int res = 0, fd; + + fd = open(filename, O_WRONLY | O_CREAT | O_BINARY, 0600); + if (fd < 0) + return 0; + + len = 0; + while(len < RAND_FILE_SIZE) { + res = RAND_bytes(buf, sizeof(buf)); + if (res != 1) + break; + if (write(fd, buf, sizeof(buf)) != sizeof(buf)) { + res = 0; + break; + } + len += sizeof(buf); + } + + close(fd); + + return res; +} + +const char * +RAND_file_name(char *filename, size_t size) +{ + const char *e = NULL; + int pathp = 0, ret; + + if (!issuid()) { + e = getenv("RANDFILE"); + if (e == NULL) { + e = getenv("HOME"); + if (e) + pathp = 1; + } + } + if (e == NULL) { + struct passwd *pw = getpwuid(getuid()); + if (pw) { + e = pw->pw_dir; + pathp = 1; + } + } + if (e == NULL) + return NULL; + + if (pathp) + ret = snprintf(filename, size, "%s/.rnd", e); + else + ret = snprintf(filename, size, "%s", e); + + if (ret <= 0 || ret >= size) + return NULL; + + return filename; +} diff --git a/source4/heimdal/lib/hcrypto/rand.h b/source4/heimdal/lib/hcrypto/rand.h new file mode 100644 index 0000000000..c8ba2d9a7b --- /dev/null +++ b/source4/heimdal/lib/hcrypto/rand.h @@ -0,0 +1,108 @@ + +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: rand.h 20063 2007-01-30 18:30:36Z lha $ + */ + +#ifndef _HEIM_RAND_H +#define _HEIM_RAND_H 1 + +typedef struct RAND_METHOD RAND_METHOD; + +#include +#include + +/* symbol renaming */ +#define RAND_bytes hc_RAND_bytes +#define RAND_pseudo_bytes hc_RAND_pseudo_bytes +#define RAND_seed hc_RAND_seed +#define RAND_cleanup hc_RAND_cleanup +#define RAND_add hc_RAND_add +#define RAND_set_rand_method hc_RAND_set_rand_method +#define RAND_get_rand_method hc_RAND_get_rand_method +#define RAND_set_rand_engine hc_RAND_set_rand_engine +#define RAND_file_name hc_RAND_file_name +#define RAND_load_file hc_RAND_load_file +#define RAND_write_file hc_RAND_write_file +#define RAND_status hc_RAND_status +#define RAND_egd hc_RAND_egd +#define RAND_egd_bytes hc_RAND_egd_bytes +#define RAND_fortuna_method hc_RAND_fortuna_method +#define RAND_egd_method hc_RAND_egd_method +#define RAND_unix_method hc_RAND_unix_method + +/* + * + */ + +struct RAND_METHOD +{ + void (*seed)(const void *, int); + int (*bytes)(unsigned char *, int); + void (*cleanup)(void); + void (*add)(const void *, int, double); + int (*pseudorand)(unsigned char *, int); + int (*status)(void); +}; + +/* + * + */ + +int RAND_bytes(void *, size_t num); +int RAND_pseudo_bytes(void *, size_t); +void RAND_seed(const void *, size_t); +void RAND_cleanup(void); +void RAND_add(const void *, size_t, double); + +int RAND_set_rand_method(const RAND_METHOD *); +const RAND_METHOD * + RAND_get_rand_method(void); +int RAND_set_rand_engine(ENGINE *); + +const char * + RAND_file_name(char *, size_t); +int RAND_load_file(const char *, size_t); +int RAND_write_file(const char *); +int RAND_status(void); +int RAND_egd(const char *); +int RAND_egd_bytes(const char *, int); + + +const RAND_METHOD * RAND_fortuna_method(void); +const RAND_METHOD * RAND_unix_method(void); +const RAND_METHOD * RAND_egd_method(void); + +#endif /* _HEIM_RAND_H */ diff --git a/source4/heimdal/lib/hcrypto/randi.h b/source4/heimdal/lib/hcrypto/randi.h new file mode 100644 index 0000000000..b9b9b5309c --- /dev/null +++ b/source4/heimdal/lib/hcrypto/randi.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: randi.h 20027 2007-01-21 09:54:00Z lha $ + */ + +#ifndef _HEIM_RANDI_H +#define _HEIM_RANDI_H 1 + +extern const RAND_METHOD hc_rand_fortuna_method; +extern const RAND_METHOD hc_rand_unix_method; +extern const RAND_METHOD hc_rand_egd_method; + +#endif /* _HEIM_RANDI_H */ diff --git a/source4/heimdal/lib/hcrypto/rc2.c b/source4/heimdal/lib/hcrypto/rc2.c new file mode 100755 index 0000000000..63992be9a9 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/rc2.c @@ -0,0 +1,245 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: rc2.c 17022 2006-04-09 17:03:21Z lha $"); +#endif + +#include "rc2.h" +#include +#include +#include + +/* + * Implemented from Peter Gutmann's "Specification for Ron Rivests Cipher No.2" + * rfc2268 and "On the Design and Security of RC2" was also useful. + */ + +static unsigned int Sbox[256] = { + 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, + 0x28, 0xe9, 0xfd, 0x79, 0x4a, 0xa0, 0xd8, 0x9d, + 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, + 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2, + 0x17, 0x9a, 0x59, 0xf5, 0x87, 0xb3, 0x4f, 0x13, + 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32, + 0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, + 0xf0, 0x95, 0x21, 0x22, 0x5c, 0x6b, 0x4e, 0x82, + 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, + 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc, + 0x12, 0x75, 0xca, 0x1f, 0x3b, 0xbe, 0xe4, 0xd1, + 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26, + 0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, + 0x27, 0xf2, 0x1d, 0x9b, 0xbc, 0x94, 0x43, 0x03, + 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, + 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, + 0x08, 0xe8, 0xea, 0xde, 0x80, 0x52, 0xee, 0xf7, + 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a, + 0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, + 0x4b, 0x9f, 0xd0, 0x5e, 0x04, 0x18, 0xa4, 0xec, + 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, + 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, + 0x99, 0x7c, 0x3a, 0x85, 0x23, 0xb8, 0xb4, 0x7a, + 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31, + 0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, + 0x05, 0xdf, 0x29, 0x10, 0x67, 0x6c, 0xba, 0xc9, + 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, + 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9, + 0x0d, 0x38, 0x34, 0x1b, 0xab, 0x33, 0xff, 0xb0, + 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e, + 0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, + 0x0a, 0xa6, 0x20, 0x68, 0xfe, 0x7f, 0xc1, 0xad +}; + +void +RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) +{ + unsigned char k[128]; + int j, T8, TM; + + if (len <= 0) + abort(); + if (len > 128) + len = 128; + if (bits <= 0 || bits > 1024) + bits = 1024; + + for (j = 0; j < len; j++) + k[j] = data[j]; + for (; j < 128; j++) + k[j] = Sbox[(k[j - len] + k[j - 1]) & 0xff]; + + T8 = (bits + 7) / 8; + j = (8*T8 - bits); + TM = 0xff >> j; + + k[128 - T8] = Sbox[k[128 - T8] & TM]; + + for (j = 127 - T8; j >= 0; j--) + k[j] = Sbox[k[j + 1] ^ k[j + T8]]; + + for (j = 0; j < 64; j++) + key->data[j] = k[(j * 2) + 0] | (k[(j * 2) + 1] << 8); + memset(k, 0, sizeof(k)); +} + +#define ROT16L(w,n) ((w<>(16-n))) +#define ROT16R(w,n) ((w>>n)|(w<<(16-n))) + +void +RC2_encryptc(unsigned char *in, unsigned char *out, const RC2_KEY *key) +{ + int i, j; + int w0, w1, w2, w3; + int t0, t1, t2, t3; + + w0 = in[0] | (in[1] << 8); + w1 = in[2] | (in[3] << 8); + w2 = in[4] | (in[5] << 8); + w3 = in[6] | (in[7] << 8); + + for (i = 0; i < 16; i++) { + j = i * 4; + t0 = (w0 + (w1 & ~w3) + (w2 & w3) + key->data[j + 0]) & 0xffff; + w0 = ROT16L(t0, 1); + t1 = (w1 + (w2 & ~w0) + (w3 & w0) + key->data[j + 1]) & 0xffff; + w1 = ROT16L(t1, 2); + t2 = (w2 + (w3 & ~w1) + (w0 & w1) + key->data[j + 2]) & 0xffff; + w2 = ROT16L(t2, 3); + t3 = (w3 + (w0 & ~w2) + (w1 & w2) + key->data[j + 3]) & 0xffff; + w3 = ROT16L(t3, 5); + if(i == 4 || i == 10) { + w0 += key->data[w3 & 63]; + w1 += key->data[w0 & 63]; + w2 += key->data[w1 & 63]; + w3 += key->data[w2 & 63]; + } + } + + out[0] = w0 & 0xff; + out[1] = (w0 >> 8) & 0xff; + out[2] = w1 & 0xff; + out[3] = (w1 >> 8) & 0xff; + out[4] = w2 & 0xff; + out[5] = (w2 >> 8) & 0xff; + out[6] = w3 & 0xff; + out[7] = (w3 >> 8) & 0xff; +} + +void +RC2_decryptc(unsigned char *in, unsigned char *out, const RC2_KEY *key) +{ + int i, j; + int w0, w1, w2, w3; + int t0, t1, t2, t3; + + w0 = in[0] | (in[1] << 8); + w1 = in[2] | (in[3] << 8); + w2 = in[4] | (in[5] << 8); + w3 = in[6] | (in[7] << 8); + + for (i = 15; i >= 0; i--) { + j = i * 4; + + if(i == 4 || i == 10) { + w3 = (w3 - key->data[w2 & 63]) & 0xffff; + w2 = (w2 - key->data[w1 & 63]) & 0xffff; + w1 = (w1 - key->data[w0 & 63]) & 0xffff; + w0 = (w0 - key->data[w3 & 63]) & 0xffff; + } + + t3 = ROT16R(w3, 5); + w3 = (t3 - (w0 & ~w2) - (w1 & w2) - key->data[j + 3]) & 0xffff; + t2 = ROT16R(w2, 3); + w2 = (t2 - (w3 & ~w1) - (w0 & w1) - key->data[j + 2]) & 0xffff; + t1 = ROT16R(w1, 2); + w1 = (t1 - (w2 & ~w0) - (w3 & w0) - key->data[j + 1]) & 0xffff; + t0 = ROT16R(w0, 1); + w0 = (t0 - (w1 & ~w3) - (w2 & w3) - key->data[j + 0]) & 0xffff; + + } + out[0] = w0 & 0xff; + out[1] = (w0 >> 8) & 0xff; + out[2] = w1 & 0xff; + out[3] = (w1 >> 8) & 0xff; + out[4] = w2 & 0xff; + out[5] = (w2 >> 8) & 0xff; + out[6] = w3 & 0xff; + out[7] = (w3 >> 8) & 0xff; +} + +void +RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long size, + RC2_KEY *key, unsigned char *iv, int forward_encrypt) +{ + unsigned char tmp[RC2_BLOCK_SIZE]; + int i; + + if (forward_encrypt) { + while (size >= RC2_BLOCK_SIZE) { + for (i = 0; i < RC2_BLOCK_SIZE; i++) + tmp[i] = in[i] ^ iv[i]; + RC2_encryptc(tmp, out, key); + memcpy(iv, out, RC2_BLOCK_SIZE); + size -= RC2_BLOCK_SIZE; + in += RC2_BLOCK_SIZE; + out += RC2_BLOCK_SIZE; + } + if (size) { + for (i = 0; i < size; i++) + tmp[i] = in[i] ^ iv[i]; + for (i = size; i < RC2_BLOCK_SIZE; i++) + tmp[i] = iv[i]; + RC2_encryptc(tmp, out, key); + memcpy(iv, out, RC2_BLOCK_SIZE); + } + } else { + while (size >= RC2_BLOCK_SIZE) { + memcpy(tmp, in, RC2_BLOCK_SIZE); + RC2_decryptc(tmp, out, key); + for (i = 0; i < RC2_BLOCK_SIZE; i++) + out[i] ^= iv[i]; + memcpy(iv, tmp, RC2_BLOCK_SIZE); + size -= RC2_BLOCK_SIZE; + in += RC2_BLOCK_SIZE; + out += RC2_BLOCK_SIZE; + } + if (size) { + memcpy(tmp, in, RC2_BLOCK_SIZE); + RC2_decryptc(tmp, out, key); + for (i = 0; i < size; i++) + out[i] ^= iv[i]; + memcpy(iv, tmp, RC2_BLOCK_SIZE); + } + } +} diff --git a/source4/heimdal/lib/hcrypto/rc2.h b/source4/heimdal/lib/hcrypto/rc2.h new file mode 100755 index 0000000000..5a2dd2d705 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/rc2.h @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: rc2.h 16480 2006-01-08 21:47:29Z lha $ */ + +/* symbol renaming */ +#define RC2_set_key hc_RC2_set_key +#define RC2_encryptc hc_RC2_encryptc +#define RC2_decryptc hc_RC2_decryptc +#define RC2_cbc_encrypt hc_RC2_cbc_encrypt + +/* + * + */ + +#define RC2_ENCRYPT 1 +#define RC2_DECRYPT 0 + +#define RC2_BLOCK_SIZE 8 +#define RC2_BLOCK RC2_BLOCK_SIZE +#define RC2_KEY_LENGTH 16 + +typedef struct rc2_key { + unsigned int data[64]; +} RC2_KEY; + +#ifdef __cplusplus +extern "C" { +#endif + +void RC2_set_key(RC2_KEY *, int, const unsigned char *,int); + +void RC2_encryptc(unsigned char *, unsigned char *, const RC2_KEY *); +void RC2_decryptc(unsigned char *, unsigned char *, const RC2_KEY *); + +void RC2_cbc_encrypt(const unsigned char *, unsigned char *, long, + RC2_KEY *, unsigned char *, int); + +#ifdef __cplusplus +} +#endif diff --git a/source4/heimdal/lib/hcrypto/rc4.c b/source4/heimdal/lib/hcrypto/rc4.c new file mode 100755 index 0000000000..edaf37ddc4 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/rc4.c @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* implemented from description in draft-kaukonen-cipher-arcfour-03.txt */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: rc4.c 13640 2004-03-25 16:40:59Z lha $"); +#endif + +#include + +#define SWAP(k,x,y) \ +{ unsigned int _t; \ + _t = k->state[x]; \ + k->state[x] = k->state[y]; \ + k->state[y] = _t; \ +} + +void +RC4_set_key(RC4_KEY *key, const int len, unsigned char *data) +{ + int i, j; + + for (i = 0; i < 256; i++) + key->state[i] = i; + for (i = 0, j = 0; i < 256; i++) { + j = (j + key->state[i] + data[i % len]) % 256; + SWAP(key, i, j); + } + key->x = key->y = 0; +} + +void +RC4(RC4_KEY *key, const int len, const unsigned char *in, unsigned char *out) +{ + int i, t; + unsigned x, y; + + x = key->x; + y = key->y; + for (i = 0; i < len; i++) { + x = (x + 1) % 256; + y = (y + key->state[x]) % 256; + SWAP(key, x, y); + t = (key->state[x] + key->state[y]) % 256; + *out++ = key->state[t] ^ *in++; + } + key->x = x; + key->y = y; +} diff --git a/source4/heimdal/lib/hcrypto/rc4.h b/source4/heimdal/lib/hcrypto/rc4.h new file mode 100644 index 0000000000..1ab25f59e6 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/rc4.h @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: rc4.h 16480 2006-01-08 21:47:29Z lha $ */ + +/* symbol renaming */ +#define RC4_set_key hc_RC4_set_key +#define RC4 hc_RC4 + +typedef struct rc4_key { + unsigned int x, y; + unsigned int state[256]; +} RC4_KEY; + +void RC4_set_key(RC4_KEY *, const int, unsigned char *); +void RC4(RC4_KEY *, const int, const unsigned char *, unsigned char *); diff --git a/source4/heimdal/lib/hcrypto/resource.h b/source4/heimdal/lib/hcrypto/resource.h new file mode 100644 index 0000000000..02c6a7c6d9 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/resource.h @@ -0,0 +1,18 @@ +//{{NO_DEPENDENCIES}} +// Microsoft Developer Studio generated include file. +// Used by passwd_dialog.rc +// +#define IDD_PASSWD_DIALOG 101 +#define IDC_EDIT1 1000 +#define IDC_PASSWD_EDIT 1001 + +// Next default values for new objects +// +#ifdef APSTUDIO_INVOKED +#ifndef APSTUDIO_READONLY_SYMBOLS +#define _APS_NEXT_RESOURCE_VALUE 102 +#define _APS_NEXT_COMMAND_VALUE 40001 +#define _APS_NEXT_CONTROL_VALUE 1002 +#define _APS_NEXT_SYMED_VALUE 101 +#endif +#endif diff --git a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c new file mode 100755 index 0000000000..c6330d27e4 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c @@ -0,0 +1,1231 @@ +/* $NetBSD: rijndael-alg-fst.c,v 1.5 2001/11/13 01:40:10 lukem Exp $ */ +/* $KAME: rijndael-alg-fst.c,v 1.10 2003/07/15 10:47:16 itojun Exp $ */ +/** + * rijndael-alg-fst.c + * + * @version 3.0 (December 2000) + * + * Optimised ANSI C code for the Rijndael cipher (now AES) + * + * @author Vincent Rijmen + * @author Antoon Bosselaers + * @author Paulo Barreto + * + * This code is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* "$NetBSD: rijndael-alg-fst.c,v 1.5 2001/11/13 01:40:10 lukem Exp $" */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: rijndael-alg-fst.c 17445 2006-05-05 10:37:46Z lha $"); +#endif + +#ifdef KRB5 +#include +#endif + +#include + +/* the file should not be used from outside */ +typedef uint8_t u8; +typedef uint16_t u16; +typedef uint32_t u32; + +/* +Te0[x] = S [x].[02, 01, 01, 03]; +Te1[x] = S [x].[03, 02, 01, 01]; +Te2[x] = S [x].[01, 03, 02, 01]; +Te3[x] = S [x].[01, 01, 03, 02]; +Te4[x] = S [x].[01, 01, 01, 01]; + +Td0[x] = Si[x].[0e, 09, 0d, 0b]; +Td1[x] = Si[x].[0b, 0e, 09, 0d]; +Td2[x] = Si[x].[0d, 0b, 0e, 09]; +Td3[x] = Si[x].[09, 0d, 0b, 0e]; +Td4[x] = Si[x].[01, 01, 01, 01]; +*/ + +static const u32 Te0[256] = { + 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, + 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, + 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, + 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, + 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, + 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, + 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, + 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, + 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, + 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, + 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, + 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, + 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, + 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, + 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, + 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, + 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, + 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, + 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, + 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, + 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, + 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, + 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, + 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, + 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, + 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, + 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, + 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, + 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, + 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, + 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, + 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, + 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, + 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, + 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, + 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, + 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, + 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, + 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, + 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, + 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, + 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, + 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, + 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, + 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, + 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, + 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, + 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, + 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, + 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, + 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, + 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, + 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, + 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, + 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, + 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, + 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, + 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, + 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, + 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, + 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, + 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, + 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, + 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, +}; +static const u32 Te1[256] = { + 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, + 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, + 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, + 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, + 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, + 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, + 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, + 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, + 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, + 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, + 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, + 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, + 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, + 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, + 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, + 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, + 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, + 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, + 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, + 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, + 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, + 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, + 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, + 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, + 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, + 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, + 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, + 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, + 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, + 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, + 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, + 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, + 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, + 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, + 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, + 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, + 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, + 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, + 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, + 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, + 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, + 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, + 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, + 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, + 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, + 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, + 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, + 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, + 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, + 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, + 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, + 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, + 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, + 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, + 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, + 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, + 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, + 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, + 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, + 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, + 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, + 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, + 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, + 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, +}; +static const u32 Te2[256] = { + 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, + 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, + 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, + 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, + 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, + 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, + 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, + 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, + 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, + 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, + 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, + 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, + 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, + 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, + 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, + 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, + 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, + 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, + 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, + 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, + 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, + 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, + 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, + 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, + 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, + 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, + 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, + 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, + 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, + 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, + 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, + 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, + 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, + 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, + 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, + 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, + 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, + 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, + 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, + 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, + 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, + 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, + 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, + 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, + 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, + 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, + 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, + 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, + 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, + 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, + 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, + 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, + 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, + 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, + 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, + 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, + 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, + 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, + 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, + 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, + 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, + 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, + 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, + 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, +}; +static const u32 Te3[256] = { + + 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, + 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, + 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, + 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, + 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, + 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, + 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, + 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, + 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, + 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, + 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, + 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, + 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, + 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, + 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, + 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, + 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, + 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, + 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, + 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, + 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, + 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, + 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, + 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, + 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, + 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, + 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, + 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, + 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, + 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, + 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, + 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, + 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, + 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, + 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, + 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, + 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, + 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, + 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, + 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, + 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, + 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, + 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, + 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, + 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, + 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, + 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, + 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, + 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, + 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, + 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, + 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, + 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, + 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, + 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, + 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, + 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, + 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, + 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, + 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, + 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, + 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, + 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, + 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, +}; +static const u32 Te4[256] = { + 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, + 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, + 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, + 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, + 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, + 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, + 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, + 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, + 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, + 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, + 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, + 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, + 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, + 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, + 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, + 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, + 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, + 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, + 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, + 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, + 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, + 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, + 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, + 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, + 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, + 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, + 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, + 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, + 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, + 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, + 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, + 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, + 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, + 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, + 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, + 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, + 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, + 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, + 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, + 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, + 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, + 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, + 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, + 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, + 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, + 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, + 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, + 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, + 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, + 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, + 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, + 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, + 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, + 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, + 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, + 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, + 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, + 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, + 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, + 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, + 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, + 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, + 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, + 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, +}; +static const u32 Td0[256] = { + 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, + 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, + 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, + 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, + 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, + 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, + 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, + 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, + 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, + 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, + 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, + 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, + 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, + 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, + 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, + 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, + 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, + 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, + 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, + 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, + 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, + 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, + 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, + 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, + 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, + 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, + 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, + 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, + 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, + 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, + 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, + 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, + 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, + 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, + 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, + 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, + 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, + 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, + 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, + 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, + 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, + 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, + 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, + 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, + 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, + 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, + 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, + 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, + 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, + 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, + 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, + 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, + 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, + 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, + 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, + 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, + 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, + 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, + 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, + 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, + 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, + 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, + 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, + 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, +}; +static const u32 Td1[256] = { + 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, + 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, + 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, + 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, + 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, + 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, + 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, + 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, + 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, + 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, + 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, + 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, + 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, + 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, + 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, + 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, + 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, + 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, + 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, + 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, + 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, + 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, + 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, + 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, + 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, + 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, + 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, + 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, + 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, + 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, + 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, + 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, + 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, + 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, + 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, + 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, + 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, + 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, + 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, + 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, + 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, + 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, + 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, + 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, + 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, + 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, + 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, + 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, + 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, + 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, + 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, + 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, + 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, + 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, + 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, + 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, + 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, + 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, + 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, + 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, + 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, + 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, + 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, + 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, +}; +static const u32 Td2[256] = { + 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, + 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, + 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, + 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, + 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, + 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, + 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, + 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, + 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, + 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, + 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, + 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, + 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, + 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, + 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, + 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, + 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, + 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, + 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, + 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, + + 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, + 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, + 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, + 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, + 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, + 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, + 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, + 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, + 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, + 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, + 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, + 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, + 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, + 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, + 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, + 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, + 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, + 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, + 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, + 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, + 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, + 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, + 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, + 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, + 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, + 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, + 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, + 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, + 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, + 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, + 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, + 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, + 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, + 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, + 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, + 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, + 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, + 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, + 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, + 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, + 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, + 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, + 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, + 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, +}; +static const u32 Td3[256] = { + 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, + 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, + 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, + 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, + 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, + 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, + 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, + 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, + 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, + 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, + 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, + 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, + 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, + 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, + 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, + 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, + 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, + 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, + 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, + 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, + 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, + 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, + 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, + 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, + 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, + 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, + 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, + 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, + 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, + 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, + 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, + 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, + 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, + 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, + 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, + 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, + 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, + 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, + 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, + 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, + 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, + 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, + 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, + 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, + 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, + 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, + 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, + 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, + 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, + 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, + 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, + 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, + 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, + 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, + 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, + 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, + 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, + 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, + 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, + 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, + 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, + 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, + 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, + 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, +}; +static const u32 Td4[256] = { + 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, + 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, + 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, + 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, + 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, + 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, + 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, + 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, + 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, + 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, + 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, + 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, + 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, + 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, + 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, + 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, + 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, + 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, + 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, + 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, + 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, + 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, + 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, + 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, + 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, + 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, + 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, + 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, + 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, + 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, + 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, + 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, + 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, + 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, + 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, + 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, + 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, + 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, + 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, + 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, + 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, + 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, + 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, + 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, + 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, + 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, + 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, + 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, + 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, + 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, + 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, + 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, + 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, + 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, + 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, + 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, + 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, + 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, + 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, + 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, + 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, + 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, + 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, + 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU, +}; +static const u32 rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000, + 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ +}; + +#define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) + +#ifdef _MSC_VER +#define GETU32(p) SWAP(*((u32 *)(p))) +#define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } +#else +#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) +#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } +#endif + +/** + * Expand the cipher key into the encryption key schedule. + * + * @return the number of rounds for the given cipher key size. + */ +int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) { + int i = 0; + u32 temp; + + rk[0] = GETU32(cipherKey ); + rk[1] = GETU32(cipherKey + 4); + rk[2] = GETU32(cipherKey + 8); + rk[3] = GETU32(cipherKey + 12); + if (keyBits == 128) { + for (;;) { + temp = rk[3]; + rk[4] = rk[0] ^ + (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te4[(temp ) & 0xff] & 0x0000ff00) ^ + (Te4[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + if (++i == 10) { + return 10; + } + rk += 4; + } + } + rk[4] = GETU32(cipherKey + 16); + rk[5] = GETU32(cipherKey + 20); + if (keyBits == 192) { + for (;;) { + temp = rk[ 5]; + rk[ 6] = rk[ 0] ^ + (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te4[(temp ) & 0xff] & 0x0000ff00) ^ + (Te4[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[ 7] = rk[ 1] ^ rk[ 6]; + rk[ 8] = rk[ 2] ^ rk[ 7]; + rk[ 9] = rk[ 3] ^ rk[ 8]; + if (++i == 8) { + return 12; + } + rk[10] = rk[ 4] ^ rk[ 9]; + rk[11] = rk[ 5] ^ rk[10]; + rk += 6; + } + } + rk[6] = GETU32(cipherKey + 24); + rk[7] = GETU32(cipherKey + 28); + if (keyBits == 256) { + for (;;) { + temp = rk[ 7]; + rk[ 8] = rk[ 0] ^ + (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te4[(temp ) & 0xff] & 0x0000ff00) ^ + (Te4[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[ 9] = rk[ 1] ^ rk[ 8]; + rk[10] = rk[ 2] ^ rk[ 9]; + rk[11] = rk[ 3] ^ rk[10]; + if (++i == 7) { + return 14; + } + temp = rk[11]; + rk[12] = rk[ 4] ^ + (Te4[(temp >> 24) ] & 0xff000000) ^ + (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(temp ) & 0xff] & 0x000000ff); + rk[13] = rk[ 5] ^ rk[12]; + rk[14] = rk[ 6] ^ rk[13]; + rk[15] = rk[ 7] ^ rk[14]; + + rk += 8; + } + } + return 0; +} + +/** + * Expand the cipher key into the decryption key schedule. + * + * @return the number of rounds for the given cipher key size. + */ +int rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) { + int Nr, i, j; + u32 temp; + + /* expand the cipher key: */ + Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits); + /* invert the order of the round keys: */ + for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) { + temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; + temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; + temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; + temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; + } + /* apply the inverse MixColumn transform to all round keys but the first and the last: */ + for (i = 1; i < Nr; i++) { + rk += 4; + rk[0] = + Td0[Te4[(rk[0] >> 24) ] & 0xff] ^ + Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[0] ) & 0xff] & 0xff]; + rk[1] = + Td0[Te4[(rk[1] >> 24) ] & 0xff] ^ + Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[1] ) & 0xff] & 0xff]; + rk[2] = + Td0[Te4[(rk[2] >> 24) ] & 0xff] ^ + Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[2] ) & 0xff] & 0xff]; + rk[3] = + Td0[Te4[(rk[3] >> 24) ] & 0xff] ^ + Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[3] ) & 0xff] & 0xff]; + } + return Nr; +} + +void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]) { + u32 s0, s1, s2, s3, t0, t1, t2, t3; +#ifndef FULL_UNROLL + int r; +#endif /* ?FULL_UNROLL */ + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(pt ) ^ rk[0]; + s1 = GETU32(pt + 4) ^ rk[1]; + s2 = GETU32(pt + 8) ^ rk[2]; + s3 = GETU32(pt + 12) ^ rk[3]; +#ifdef FULL_UNROLL + /* round 1: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; + /* round 2: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; + /* round 3: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; + /* round 4: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; + /* round 5: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; + /* round 6: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; + /* round 7: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; + /* round 8: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; + /* round 9: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; + if (Nr > 10) { + /* round 10: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43]; + /* round 11: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47]; + if (Nr > 12) { + /* round 12: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51]; + /* round 13: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55]; + } + } + rk += Nr << 2; +#else /* !FULL_UNROLL */ + /* + * Nr - 1 full rounds: + */ + r = Nr >> 1; + for (;;) { + t0 = + Te0[(s0 >> 24) ] ^ + Te1[(s1 >> 16) & 0xff] ^ + Te2[(s2 >> 8) & 0xff] ^ + Te3[(s3 ) & 0xff] ^ + rk[4]; + t1 = + Te0[(s1 >> 24) ] ^ + Te1[(s2 >> 16) & 0xff] ^ + Te2[(s3 >> 8) & 0xff] ^ + Te3[(s0 ) & 0xff] ^ + rk[5]; + t2 = + Te0[(s2 >> 24) ] ^ + Te1[(s3 >> 16) & 0xff] ^ + Te2[(s0 >> 8) & 0xff] ^ + Te3[(s1 ) & 0xff] ^ + rk[6]; + t3 = + Te0[(s3 >> 24) ] ^ + Te1[(s0 >> 16) & 0xff] ^ + Te2[(s1 >> 8) & 0xff] ^ + Te3[(s2 ) & 0xff] ^ + rk[7]; + + rk += 8; + if (--r == 0) { + break; + } + + s0 = + Te0[(t0 >> 24) ] ^ + Te1[(t1 >> 16) & 0xff] ^ + Te2[(t2 >> 8) & 0xff] ^ + Te3[(t3 ) & 0xff] ^ + rk[0]; + s1 = + Te0[(t1 >> 24) ] ^ + Te1[(t2 >> 16) & 0xff] ^ + Te2[(t3 >> 8) & 0xff] ^ + Te3[(t0 ) & 0xff] ^ + rk[1]; + s2 = + Te0[(t2 >> 24) ] ^ + Te1[(t3 >> 16) & 0xff] ^ + Te2[(t0 >> 8) & 0xff] ^ + Te3[(t1 ) & 0xff] ^ + rk[2]; + s3 = + Te0[(t3 >> 24) ] ^ + Te1[(t0 >> 16) & 0xff] ^ + Te2[(t1 >> 8) & 0xff] ^ + Te3[(t2 ) & 0xff] ^ + rk[3]; + } +#endif /* ?FULL_UNROLL */ + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = + (Te4[(t0 >> 24) ] & 0xff000000) ^ + (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t3 ) & 0xff] & 0x000000ff) ^ + rk[0]; + PUTU32(ct , s0); + s1 = + (Te4[(t1 >> 24) ] & 0xff000000) ^ + (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t0 ) & 0xff] & 0x000000ff) ^ + rk[1]; + PUTU32(ct + 4, s1); + s2 = + (Te4[(t2 >> 24) ] & 0xff000000) ^ + (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t1 ) & 0xff] & 0x000000ff) ^ + rk[2]; + PUTU32(ct + 8, s2); + s3 = + (Te4[(t3 >> 24) ] & 0xff000000) ^ + (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t2 ) & 0xff] & 0x000000ff) ^ + rk[3]; + PUTU32(ct + 12, s3); +} + +void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]) { + u32 s0, s1, s2, s3, t0, t1, t2, t3; +#ifndef FULL_UNROLL + int r; +#endif /* ?FULL_UNROLL */ + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(ct ) ^ rk[0]; + s1 = GETU32(ct + 4) ^ rk[1]; + s2 = GETU32(ct + 8) ^ rk[2]; + s3 = GETU32(ct + 12) ^ rk[3]; +#ifdef FULL_UNROLL + /* round 1: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7]; + /* round 2: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11]; + /* round 3: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15]; + /* round 4: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19]; + /* round 5: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23]; + /* round 6: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27]; + /* round 7: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31]; + /* round 8: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35]; + /* round 9: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39]; + if (Nr > 10) { + /* round 10: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43]; + /* round 11: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47]; + if (Nr > 12) { + /* round 12: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51]; + /* round 13: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; + } + } + rk += Nr << 2; +#else /* !FULL_UNROLL */ + /* + * Nr - 1 full rounds: + */ + r = Nr >> 1; + for (;;) { + t0 = + Td0[(s0 >> 24) ] ^ + Td1[(s3 >> 16) & 0xff] ^ + Td2[(s2 >> 8) & 0xff] ^ + Td3[(s1 ) & 0xff] ^ + rk[4]; + t1 = + Td0[(s1 >> 24) ] ^ + Td1[(s0 >> 16) & 0xff] ^ + Td2[(s3 >> 8) & 0xff] ^ + Td3[(s2 ) & 0xff] ^ + rk[5]; + t2 = + Td0[(s2 >> 24) ] ^ + Td1[(s1 >> 16) & 0xff] ^ + Td2[(s0 >> 8) & 0xff] ^ + Td3[(s3 ) & 0xff] ^ + rk[6]; + t3 = + Td0[(s3 >> 24) ] ^ + Td1[(s2 >> 16) & 0xff] ^ + Td2[(s1 >> 8) & 0xff] ^ + Td3[(s0 ) & 0xff] ^ + rk[7]; + + rk += 8; + if (--r == 0) { + break; + } + + s0 = + Td0[(t0 >> 24) ] ^ + Td1[(t3 >> 16) & 0xff] ^ + Td2[(t2 >> 8) & 0xff] ^ + Td3[(t1 ) & 0xff] ^ + rk[0]; + s1 = + Td0[(t1 >> 24) ] ^ + Td1[(t0 >> 16) & 0xff] ^ + Td2[(t3 >> 8) & 0xff] ^ + Td3[(t2 ) & 0xff] ^ + rk[1]; + s2 = + Td0[(t2 >> 24) ] ^ + Td1[(t1 >> 16) & 0xff] ^ + Td2[(t0 >> 8) & 0xff] ^ + Td3[(t3 ) & 0xff] ^ + rk[2]; + s3 = + Td0[(t3 >> 24) ] ^ + Td1[(t2 >> 16) & 0xff] ^ + Td2[(t1 >> 8) & 0xff] ^ + Td3[(t0 ) & 0xff] ^ + rk[3]; + } +#endif /* ?FULL_UNROLL */ + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = + (Td4[(t0 >> 24) ] & 0xff000000) ^ + (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t1 ) & 0xff] & 0x000000ff) ^ + rk[0]; + PUTU32(pt , s0); + s1 = + (Td4[(t1 >> 24) ] & 0xff000000) ^ + (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t2 ) & 0xff] & 0x000000ff) ^ + rk[1]; + PUTU32(pt + 4, s1); + s2 = + (Td4[(t2 >> 24) ] & 0xff000000) ^ + (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t3 ) & 0xff] & 0x000000ff) ^ + rk[2]; + PUTU32(pt + 8, s2); + s3 = + (Td4[(t3 >> 24) ] & 0xff000000) ^ + (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t0 ) & 0xff] & 0x000000ff) ^ + rk[3]; + PUTU32(pt + 12, s3); +} diff --git a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.h b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.h new file mode 100755 index 0000000000..7e2e1935fd --- /dev/null +++ b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.h @@ -0,0 +1,46 @@ +/* $NetBSD: rijndael-alg-fst.h,v 1.2 2000/10/02 17:19:15 itojun Exp $ */ +/* $KAME: rijndael-alg-fst.h,v 1.5 2003/07/15 10:47:16 itojun Exp $ */ +/** + * rijndael-alg-fst.h + * + * @version 3.0 (December 2000) + * + * Optimised ANSI C code for the Rijndael cipher (now AES) + * + * @author Vincent Rijmen + * @author Antoon Bosselaers + * @author Paulo Barreto + * + * This code is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef __RIJNDAEL_ALG_FST_H +#define __RIJNDAEL_ALG_FST_H + +/* symbol renaming */ +#define rijndaelKeySetupEnc _hc_rijndaelKeySetupEnc +#define rijndaelKeySetupDec _hc_rijndaelKeySetupDec +#define rijndaelEncrypt _hc_rijndaelEncrypt +#define rijndaelDecrypt _hc_rijndaelDecrypt + +#define RIJNDAEL_MAXKC (256/32) +#define RIJNDAEL_MAXKB (256/8) +#define RIJNDAEL_MAXNR 14 + +int rijndaelKeySetupEnc(uint32_t rk[/*4*(Nr + 1)*/], const uint8_t cipherKey[], int keyBits); +int rijndaelKeySetupDec(uint32_t rk[/*4*(Nr + 1)*/], const uint8_t cipherKey[], int keyBits); +void rijndaelEncrypt(const uint32_t rk[/*4*(Nr + 1)*/], int Nr, const uint8_t pt[16], uint8_t ct[16]); +void rijndaelDecrypt(const uint32_t rk[/*4*(Nr + 1)*/], int Nr, const uint8_t ct[16], uint8_t pt[16]); + +#endif /* __RIJNDAEL_ALG_FST_H */ diff --git a/source4/heimdal/lib/hcrypto/rnd_keys.c b/source4/heimdal/lib/hcrypto/rnd_keys.c new file mode 100644 index 0000000000..a035b890b8 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/rnd_keys.c @@ -0,0 +1,509 @@ +/* + * Copyright (c) 1995, 1996, 1997, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: rnd_keys.c 17445 2006-05-05 10:37:46Z lha $"); +#endif + +#ifdef KRB5 +#include +#endif +#include + +#include +#include + +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif + +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_IO_H +#include +#endif + +#ifdef HAVE_SIGNAL_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif + +/* + * Generate "random" data by checksumming a file. + * + * Returns -1 if there were any problems with permissions or I/O + * errors. + */ +static +int +sumFile (const char *name, int len, void *res) +{ + uint32_t sum[2] = { 0, 0 }; + uint32_t buf[1024*2]; + int fd, i; + + fd = open (name, 0); + if (fd < 0) + return -1; + + while (len > 0) + { + int n = read(fd, buf, sizeof(buf)); + if (n < 0) + { + close(fd); + return n; + } + for (i = 0; i < (n/sizeof(buf[0])); i++) + { + sum[0] += buf[i]; + i++; + sum[1] += buf[i]; + } + len -= n; + } + close (fd); + memcpy (res, &sum, sizeof(sum)); + return 0; +} + +#if 0 +static +int +md5sumFile (const char *name, int len, int32_t sum[4]) +{ + int32_t buf[1024*2]; + int fd, cnt; + struct md5 md5; + + fd = open (name, 0); + if (fd < 0) + return -1; + + md5_init(&md5); + while (len > 0) + { + int n = read(fd, buf, sizeof(buf)); + if (n < 0) + { + close(fd); + return n; + } + md5_update(&md5, buf, n); + len -= n; + } + md5_finito(&md5, (unsigned char *)sum); + close (fd); + return 0; +} +#endif + +/* + * Create a sequence of random 64 bit blocks. + * The sequence is indexed with a long long and + * based on an initial des key used as a seed. + */ +static DES_key_schedule sequence_seed; +static uint32_t sequence_index[2]; + +/* + * Random number generator based on ideas from truerand in cryptolib + * as described on page 424 in Applied Cryptography 2 ed. by Bruce + * Schneier. + */ + +static volatile int counter; +static volatile unsigned char *gdata; /* Global data */ +static volatile int igdata; /* Index into global data */ +static int gsize; + +#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__) +/* Visual C++ 4.0 (Windows95/NT) */ + +static +RETSIGTYPE +sigALRM(int sig) +{ + if (igdata < gsize) + gdata[igdata++] ^= counter & 0xff; + +#ifndef HAVE_SIGACTION + signal(SIGALRM, sigALRM); /* Reinstall SysV signal handler */ +#endif + SIGRETURN(0); +} + +#endif + +#if !defined(HAVE_RANDOM) && defined(HAVE_RAND) +#ifndef srandom +#define srandom srand +#endif +#ifndef random +#define random rand +#endif +#endif + +#if !defined(HAVE_SETITIMER) || defined(WIN32) || defined(__EMX__) || defined(__OS2__) || defined(__CYGWIN32__) +static void +des_not_rand_data(unsigned char *data, int size) +{ + int i; + + srandom (time (NULL)); + + for(i = 0; i < size; ++i) + data[i] ^= random() % 0x100; +} +#endif + +#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__) + +#ifndef HAVE_SETITIMER +static void +pacemaker(struct timeval *tv) +{ + fd_set fds; + pid_t pid; + pid = getppid(); + while(1){ + FD_ZERO(&fds); + FD_SET(0, &fds); + select(1, &fds, NULL, NULL, tv); + kill(pid, SIGALRM); + } +} +#endif + +#ifdef HAVE_SIGACTION +/* XXX ugly hack, should perhaps use function from roken */ +static RETSIGTYPE +(*fake_signal(int sig, RETSIGTYPE (*f)(int)))(int) +{ + struct sigaction sa, osa; + sa.sa_handler = f; + sa.sa_flags = 0; + sigemptyset(&sa.sa_mask); + sigaction(sig, &sa, &osa); + return osa.sa_handler; +} +#define signal(S, F) fake_signal((S), (F)) +#endif + +/* + * Generate size bytes of "random" data using timed interrupts. + * It takes about 40ms/byte random data. + * It's not neccessary to be root to run it. + */ +void +DES_rand_data(void *outdata, int size) +{ + unsigned char *data = outdata; + struct itimerval tv, otv; + RETSIGTYPE (*osa)(int); + int i, j; +#ifndef HAVE_SETITIMER + RETSIGTYPE (*ochld)(int); + pid_t pid; +#endif + const char *rnd_devices[] = {"/dev/random", + "/dev/srandom", + "/dev/urandom", + "/dev/arandom", + NULL}; + const char **p; + + for(p = rnd_devices; *p; p++) { + int fd = open(*p, O_RDONLY | O_NDELAY); + + if(fd >= 0 && read(fd, data, size) == size) { + close(fd); + return; + } + close(fd); + } + + /* Paranoia? Initialize data from /dev/mem if we can read it. */ + if (size >= 8) + sumFile("/dev/mem", (1024*1024*2), data); + + gdata = data; + gsize = size; + igdata = 0; + + osa = signal(SIGALRM, sigALRM); + + /* Start timer */ + tv.it_value.tv_sec = 0; + tv.it_value.tv_usec = 10 * 1000; /* 10 ms */ + tv.it_interval = tv.it_value; +#ifdef HAVE_SETITIMER + setitimer(ITIMER_REAL, &tv, &otv); +#else + ochld = signal(SIGCHLD, SIG_IGN); + pid = fork(); + if(pid == -1){ + signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL); + des_not_rand_data(data, size); + return; + } + if(pid == 0) + pacemaker(&tv.it_interval); +#endif + + for(i = 0; i < 4; i++) { + for (igdata = 0; igdata < size;) /* igdata++ in sigALRM */ + counter++; + for (j = 0; j < size; j++) /* Only use 2 bits each lap */ + gdata[j] = (gdata[j]>>2) | (gdata[j]<<6); + } +#ifdef HAVE_SETITIMER + setitimer(ITIMER_REAL, &otv, 0); +#else + kill(pid, SIGKILL); + while(waitpid(pid, NULL, 0) != pid); + signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL); +#endif + signal(SIGALRM, osa != SIG_ERR ? osa : SIG_DFL); +} +#else +void +DES_rand_data(unsigned char *p, int s) +{ + des_not_rand_data (p, s); +} +#endif + +void +DES_generate_random_block(DES_cblock *block) +{ + DES_rand_data((unsigned char *)block, sizeof(*block)); +} + +#define DES_rand_data_key hc_DES_rand_data_key + +void +DES_rand_data_key(DES_cblock *key); + +/* + * Generate a "random" DES key. + */ +void +DES_rand_data_key(DES_cblock *key) +{ + unsigned char data[8]; + DES_key_schedule sched; + do { + DES_rand_data(data, sizeof(data)); + DES_rand_data((unsigned char*)key, sizeof(DES_cblock)); + DES_set_odd_parity(key); + DES_set_key(key, &sched); + DES_ecb_encrypt(&data, key, &sched, DES_ENCRYPT); + memset(&data, 0, sizeof(data)); + memset(&sched, 0, sizeof(sched)); + DES_set_odd_parity(key); + } while(DES_is_weak_key(key)); +} + +/* + * Generate "random" data by checksumming /dev/mem + * + * It's neccessary to be root to run it. Returns -1 if there were any + * problems with permissions. + */ + +#define DES_mem_rand8 hc_DES_mem_rand8 + +int +DES_mem_rand8(unsigned char *data); + +int +DES_mem_rand8(unsigned char *data) +{ + return 1; +} + +/* + * In case the generator does not get initialized use this as fallback. + */ +static int initialized; + +static void +do_initialize(void) +{ + DES_cblock default_seed; + do { + DES_generate_random_block(&default_seed); + DES_set_odd_parity(&default_seed); + } while (DES_is_weak_key(&default_seed)); + DES_init_random_number_generator(&default_seed); +} + +#define zero_long_long(ll) do { ll[0] = ll[1] = 0; } while (0) + +#define incr_long_long(ll) do { if (++ll[0] == 0) ++ll[1]; } while (0) + +#define set_sequence_number(ll) \ +memcpy((char *)sequence_index, (ll), sizeof(sequence_index)); + +/* + * Set the sequnce number to this value (a long long). + */ +void +DES_set_sequence_number(void *ll) +{ + set_sequence_number(ll); +} + +/* + * Set the generator seed and reset the sequence number to 0. + */ +void +DES_set_random_generator_seed(DES_cblock *seed) +{ + DES_set_key(seed, &sequence_seed); + zero_long_long(sequence_index); + initialized = 1; +} + +/* + * Generate a sequence of random des keys + * using the random block sequence, fixup + * parity and skip weak keys. + */ +int +DES_new_random_key(DES_cblock *key) +{ + if (!initialized) + do_initialize(); + + do { + DES_ecb_encrypt((DES_cblock *) sequence_index, + key, + &sequence_seed, + DES_ENCRYPT); + incr_long_long(sequence_index); + /* random key must have odd parity and not be weak */ + DES_set_odd_parity(key); + } while (DES_is_weak_key(key)); + return(0); +} + +/* + * des_init_random_number_generator: + * + * Initialize the sequence of random 64 bit blocks. The input seed + * can be a secret key since it should be well hidden and is also not + * kept. + * + */ +void +DES_init_random_number_generator(DES_cblock *seed) +{ + struct timeval now; + DES_cblock uniq; + DES_cblock new_key; + + gettimeofday(&now, (struct timezone *)0); + DES_generate_random_block(&uniq); + + /* Pick a unique random key from the shared sequence. */ + DES_set_random_generator_seed(seed); + set_sequence_number((unsigned char *)&uniq); + DES_new_random_key(&new_key); + + /* Select a new nonshared sequence, */ + DES_set_random_generator_seed(&new_key); + + /* and use the current time to pick a key for the new sequence. */ + set_sequence_number((unsigned char *)&now); + DES_new_random_key(&new_key); + DES_set_random_generator_seed(&new_key); +} + +/* This is for backwards compatibility. */ +void +DES_random_key(DES_cblock *ret) +{ + DES_new_random_key(ret); +} + +#ifdef TESTRUN +int +main() +{ + unsigned char data[8]; + int i; + + while (1) + { + if (sumFile("/dev/mem", (1024*1024*8), data) != 0) + { perror("sumFile"); exit(1); } + for (i = 0; i < 8; i++) + printf("%02x", data[i]); + printf("\n"); + } +} +#endif + +#ifdef TESTRUN2 +int +main() +{ + DES_cblock data; + int i; + + while (1) + { + do_initialize(); + DES_random_key(data); + for (i = 0; i < 8; i++) + printf("%02x", data[i]); + printf("\n"); + } +} +#endif diff --git a/source4/heimdal/lib/hcrypto/rsa-imath.c b/source4/heimdal/lib/hcrypto/rsa-imath.c new file mode 100644 index 0000000000..e05ead1e66 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/rsa-imath.c @@ -0,0 +1,661 @@ +/* + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: rsa-imath.c 19750 2007-01-06 13:45:25Z lha $"); + +#include +#include +#include +#include + +#include + +#include + +#include "imath/imath.h" +#include "imath/iprime.h" + +static void +BN2mpz(mpz_t *s, const BIGNUM *bn) +{ + size_t len; + void *p; + + mp_int_init(s); + + len = BN_num_bytes(bn); + p = malloc(len); + BN_bn2bin(bn, p); + mp_int_read_unsigned(s, p, len); + free(p); +} + +static BIGNUM * +mpz2BN(mpz_t *s) +{ + size_t size; + BIGNUM *bn; + void *p; + + size = mp_int_unsigned_len(s); + p = malloc(size); + if (p == NULL && size != 0) + return NULL; + mp_int_to_unsigned(s, p, size); + + bn = BN_bin2bn(p, size, NULL); + free(p); + return bn; +} + +static int random_num(mp_int, size_t); + +static void +setup_blind(mp_int n, mp_int b, mp_int bi) +{ + mp_int_init(b); + mp_int_init(bi); + random_num(b, mp_int_count_bits(n)); + mp_int_mod(b, n, b); + mp_int_invmod(b, n, bi); +} + +static void +blind(mp_int in, mp_int b, mp_int e, mp_int n) +{ + mpz_t t1; + mp_int_init(&t1); + /* in' = (in * b^e) mod n */ + mp_int_exptmod(b, e, n, &t1); + mp_int_mul(&t1, in, in); + mp_int_mod(in, n, in); + mp_int_clear(&t1); +} + +static void +unblind(mp_int out, mp_int bi, mp_int n) +{ + /* out' = (out * 1/b) mod n */ + mp_int_mul(out, bi, out); + mp_int_mod(out, n, out); +} + +static mp_result +rsa_private_calculate(mp_int in, mp_int p, mp_int q, + mp_int dmp1, mp_int dmq1, mp_int iqmp, + mp_int out) +{ + mpz_t vp, vq, u; + mp_int_init(&vp); mp_int_init(&vq); mp_int_init(&u); + + /* vq = c ^ (d mod (q - 1)) mod q */ + /* vp = c ^ (d mod (p - 1)) mod p */ + mp_int_mod(in, p, &u); + mp_int_exptmod(&u, dmp1, p, &vp); + mp_int_mod(in, q, &u); + mp_int_exptmod(&u, dmq1, q, &vq); + + /* C2 = 1/q mod p (iqmp) */ + /* u = (vp - vq)C2 mod p. */ + mp_int_sub(&vp, &vq, &u); + if (mp_int_compare_zero(&u) < 0) + mp_int_add(&u, p, &u); + mp_int_mul(&u, iqmp, &u); + mp_int_mod(&u, p, &u); + + /* c ^ d mod n = vq + u q */ + mp_int_mul(&u, q, &u); + mp_int_add(&u, &vq, out); + + mp_int_clear(&vp); + mp_int_clear(&vq); + mp_int_clear(&u); + + return MP_OK; +} + +/* + * + */ + +static int +imath_rsa_public_encrypt(int flen, const unsigned char* from, + unsigned char* to, RSA* rsa, int padding) +{ + unsigned char *p, *p0; + mp_result res; + size_t size, padlen; + mpz_t enc, dec, n, e; + + if (padding != RSA_PKCS1_PADDING) + return -1; + + size = RSA_size(rsa); + + if (size < RSA_PKCS1_PADDING_SIZE || size - RSA_PKCS1_PADDING_SIZE < flen) + return -2; + + BN2mpz(&n, rsa->n); + BN2mpz(&e, rsa->e); + + p = p0 = malloc(size - 1); + if (p0 == NULL) { + mp_int_clear(&e); + mp_int_clear(&n); + return -3; + } + + padlen = size - flen - 3; + assert(padlen >= 8); + + *p++ = 2; + if (RAND_bytes(p, padlen) != 1) { + mp_int_clear(&e); + mp_int_clear(&n); + free(p0); + return -4; + } + while(padlen) { + if (*p == 0) + *p = 1; + padlen--; + p++; + } + *p++ = 0; + memcpy(p, from, flen); + p += flen; + assert((p - p0) == size - 1); + + mp_int_init(&enc); + mp_int_init(&dec); + mp_int_read_unsigned(&dec, p0, size - 1); + free(p0); + + res = mp_int_exptmod(&dec, &e, &n, &enc); + + mp_int_clear(&dec); + mp_int_clear(&e); + mp_int_clear(&n); + { + size_t ssize; + ssize = mp_int_unsigned_len(&enc); + assert(size >= ssize); + mp_int_to_unsigned(&enc, to, ssize); + size = ssize; + } + mp_int_clear(&enc); + + return size; +} + +static int +imath_rsa_public_decrypt(int flen, const unsigned char* from, + unsigned char* to, RSA* rsa, int padding) +{ + unsigned char *p; + mp_result res; + size_t size; + mpz_t s, us, n, e; + + if (padding != RSA_PKCS1_PADDING) + return -1; + + if (flen > RSA_size(rsa)) + return -2; + + BN2mpz(&n, rsa->n); + BN2mpz(&e, rsa->e); + +#if 0 + /* Check that the exponent is larger then 3 */ + if (mp_int_compare_value(&e, 3) <= 0) { + mp_int_clear(&n); + mp_int_clear(&e); + return -3; + } +#endif + + mp_int_init(&s); + mp_int_init(&us); + mp_int_read_unsigned(&s, rk_UNCONST(from), flen); + + if (mp_int_compare(&s, &n) >= 0) { + mp_int_clear(&n); + mp_int_clear(&e); + return -4; + } + + res = mp_int_exptmod(&s, &e, &n, &us); + + mp_int_clear(&s); + mp_int_clear(&n); + mp_int_clear(&e); + + if (res != MP_OK) + return -5; + p = to; + + + size = mp_int_unsigned_len(&us); + assert(size <= RSA_size(rsa)); + mp_int_to_unsigned(&us, p, size); + + mp_int_clear(&us); + + /* head zero was skipped by mp_int_to_unsigned */ + if (*p == 0) + return -6; + if (*p != 1) + return -7; + size--; p++; + while (size && *p == 0xff) { + size--; p++; + } + if (size == 0 || *p != 0) + return -8; + size--; p++; + + memmove(to, p, size); + + return size; +} + +static int +imath_rsa_private_encrypt(int flen, const unsigned char* from, + unsigned char* to, RSA* rsa, int padding) +{ + unsigned char *p, *p0; + mp_result res; + size_t size; + mpz_t in, out, n, e, b, bi; + int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0; + + if (padding != RSA_PKCS1_PADDING) + return -1; + + size = RSA_size(rsa); + + if (size < RSA_PKCS1_PADDING_SIZE || size - RSA_PKCS1_PADDING_SIZE < flen) + return -2; + + p0 = p = malloc(size); + *p++ = 0; + *p++ = 1; + memset(p, 0xff, size - flen - 3); + p += size - flen - 3; + *p++ = 0; + memcpy(p, from, flen); + p += flen; + assert((p - p0) == size); + + BN2mpz(&n, rsa->n); + BN2mpz(&e, rsa->e); + + mp_int_init(&in); + mp_int_init(&out); + mp_int_read_unsigned(&in, p0, size); + free(p0); + + if(mp_int_compare_zero(&in) < 0 || + mp_int_compare(&in, &n) >= 0) { + size = 0; + goto out; + } + + if (blinding) { + setup_blind(&n, &b, &bi); + blind(&in, &b, &e, &n); + } + + if (rsa->p && rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) { + mpz_t p, q, dmp1, dmq1, iqmp; + + BN2mpz(&p, rsa->p); + BN2mpz(&q, rsa->q); + BN2mpz(&dmp1, rsa->dmp1); + BN2mpz(&dmq1, rsa->dmq1); + BN2mpz(&iqmp, rsa->iqmp); + + res = rsa_private_calculate(&in, &p, &q, &dmp1, &dmq1, &iqmp, &out); + + mp_int_clear(&p); + mp_int_clear(&q); + mp_int_clear(&dmp1); + mp_int_clear(&dmq1); + mp_int_clear(&iqmp); + } else { + mpz_t d; + + BN2mpz(&d, rsa->d); + res = mp_int_exptmod(&in, &d, &n, &out); + mp_int_clear(&d); + if (res != MP_OK) { + size = 0; + goto out; + } + } + + if (blinding) { + unblind(&out, &bi, &n); + mp_int_clear(&b); + mp_int_clear(&bi); + } + + { + size_t ssize; + ssize = mp_int_unsigned_len(&out); + assert(size >= ssize); + mp_int_to_unsigned(&out, to, size); + size = ssize; + } + +out: + mp_int_clear(&e); + mp_int_clear(&n); + mp_int_clear(&in); + mp_int_clear(&out); + + return size; +} + +static int +imath_rsa_private_decrypt(int flen, const unsigned char* from, + unsigned char* to, RSA* rsa, int padding) +{ + unsigned char *ptr; + mp_result res; + size_t size; + mpz_t in, out, n, e, b, bi; + int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0; + + if (padding != RSA_PKCS1_PADDING) + return -1; + + size = RSA_size(rsa); + if (flen > size) + return -2; + + mp_int_init(&in); + mp_int_init(&out); + + BN2mpz(&n, rsa->n); + BN2mpz(&e, rsa->e); + + res = mp_int_read_unsigned(&in, rk_UNCONST(from), flen); + if (res != MP_OK) { + size = -1; + goto out; + } + + if(mp_int_compare_zero(&in) < 0 || + mp_int_compare(&in, &n) >= 0) { + size = 0; + goto out; + } + + if (blinding) { + setup_blind(&n, &b, &bi); + blind(&in, &b, &e, &n); + } + + if (rsa->p && rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) { + mpz_t p, q, dmp1, dmq1, iqmp; + + BN2mpz(&p, rsa->p); + BN2mpz(&q, rsa->q); + BN2mpz(&dmp1, rsa->dmp1); + BN2mpz(&dmq1, rsa->dmq1); + BN2mpz(&iqmp, rsa->iqmp); + + res = rsa_private_calculate(&in, &p, &q, &dmp1, &dmq1, &iqmp, &out); + + mp_int_clear(&p); + mp_int_clear(&q); + mp_int_clear(&dmp1); + mp_int_clear(&dmq1); + mp_int_clear(&iqmp); + } else { + mpz_t d; + + if(mp_int_compare_zero(&in) < 0 || + mp_int_compare(&in, &n) >= 0) + return MP_RANGE; + + BN2mpz(&d, rsa->d); + res = mp_int_exptmod(&in, &d, &n, &out); + mp_int_clear(&d); + if (res != MP_OK) { + size = 0; + goto out; + } + } + + if (blinding) { + unblind(&out, &bi, &n); + mp_int_clear(&b); + mp_int_clear(&bi); + } + + ptr = to; + { + size_t ssize; + ssize = mp_int_unsigned_len(&out); + assert(size >= ssize); + mp_int_to_unsigned(&out, ptr, ssize); + size = ssize; + } + + /* head zero was skipped by mp_int_to_unsigned */ + if (*ptr != 2) + return -3; + size--; ptr++; + while (size && *ptr != 0) { + size--; ptr++; + } + if (size == 0) + return -4; + size--; ptr++; + + memmove(to, ptr, size); + +out: + mp_int_clear(&e); + mp_int_clear(&n); + mp_int_clear(&in); + mp_int_clear(&out); + + return size; +} + +static int +random_num(mp_int num, size_t len) +{ + unsigned char *p; + mp_result res; + + len = (len + 7) / 8; + p = malloc(len); + if (p == NULL) + return 1; + if (RAND_bytes(p, len) != 1) { + free(p); + return 1; + } + res = mp_int_read_unsigned(num, p, len); + free(p); + if (res != MP_OK) + return 1; + return 0; +} + +#define CHECK(f, v) if ((f) != (v)) { goto out; } + +static int +imath_rsa_generate_key(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) +{ + mpz_t el, p, q, n, d, dmp1, dmq1, iqmp, t1, t2, t3; + int counter, ret; + + if (bits < 789) + return -1; + + ret = -1; + + mp_int_init(&el); + mp_int_init(&p); + mp_int_init(&q); + mp_int_init(&n); + mp_int_init(&d); + mp_int_init(&dmp1); + mp_int_init(&dmq1); + mp_int_init(&iqmp); + mp_int_init(&t1); + mp_int_init(&t2); + mp_int_init(&t3); + + BN2mpz(&el, e); + + /* generate p and q so that p != q and bits(pq) ~ bits */ + counter = 0; + do { + BN_GENCB_call(cb, 2, counter++); + CHECK(random_num(&p, bits / 2 + 1), 0); + CHECK(mp_int_find_prime(&p), MP_TRUE); + + CHECK(mp_int_sub_value(&p, 1, &t1), MP_OK); + CHECK(mp_int_gcd(&t1, &el, &t2), MP_OK); + } while(mp_int_compare_value(&t2, 1) != 0); + + BN_GENCB_call(cb, 3, 0); + + counter = 0; + do { + BN_GENCB_call(cb, 2, counter++); + CHECK(random_num(&q, bits / 2 + 1), 0); + CHECK(mp_int_find_prime(&q), MP_TRUE); + + if (mp_int_compare(&p, &q) == 0) /* don't let p and q be the same */ + continue; + + CHECK(mp_int_sub_value(&q, 1, &t1), MP_OK); + CHECK(mp_int_gcd(&t1, &el, &t2), MP_OK); + } while(mp_int_compare_value(&t2, 1) != 0); + + /* make p > q */ + if (mp_int_compare(&p, &q) < 0) + mp_int_swap(&p, &q); + + BN_GENCB_call(cb, 3, 1); + + /* calculate n, n = p * q */ + CHECK(mp_int_mul(&p, &q, &n), MP_OK); + + /* calculate d, d = 1/e mod (p - 1)(q - 1) */ + CHECK(mp_int_sub_value(&p, 1, &t1), MP_OK); + CHECK(mp_int_sub_value(&q, 1, &t2), MP_OK); + CHECK(mp_int_mul(&t1, &t2, &t3), MP_OK); + CHECK(mp_int_invmod(&el, &t3, &d), MP_OK); + + /* calculate dmp1 dmp1 = d mod (p-1) */ + CHECK(mp_int_mod(&d, &t1, &dmp1), MP_OK); + /* calculate dmq1 dmq1 = d mod (q-1) */ + CHECK(mp_int_mod(&d, &t2, &dmq1), MP_OK); + /* calculate iqmp iqmp = 1/q mod p */ + CHECK(mp_int_invmod(&q, &p, &iqmp), MP_OK); + + /* fill in RSA key */ + + rsa->e = mpz2BN(&el); + rsa->p = mpz2BN(&p); + rsa->q = mpz2BN(&q); + rsa->n = mpz2BN(&n); + rsa->d = mpz2BN(&d); + rsa->dmp1 = mpz2BN(&dmp1); + rsa->dmq1 = mpz2BN(&dmq1); + rsa->iqmp = mpz2BN(&iqmp); + + ret = 1; +out: + mp_int_clear(&el); + mp_int_clear(&p); + mp_int_clear(&q); + mp_int_clear(&n); + mp_int_clear(&d); + mp_int_clear(&dmp1); + mp_int_clear(&dmq1); + mp_int_clear(&iqmp); + mp_int_clear(&t1); + mp_int_clear(&t2); + mp_int_clear(&t3); + + return ret; +} + +static int +imath_rsa_init(RSA *rsa) +{ + return 1; +} + +static int +imath_rsa_finish(RSA *rsa) +{ + return 1; +} + +const RSA_METHOD hc_rsa_imath_method = { + "hcrypto imath RSA", + imath_rsa_public_encrypt, + imath_rsa_public_decrypt, + imath_rsa_private_encrypt, + imath_rsa_private_decrypt, + NULL, + NULL, + imath_rsa_init, + imath_rsa_finish, + 0, + NULL, + NULL, + NULL, + imath_rsa_generate_key +}; + +const RSA_METHOD * +RSA_imath_method(void) +{ + return &hc_rsa_imath_method; +} diff --git a/source4/heimdal/lib/hcrypto/rsa.c b/source4/heimdal/lib/hcrypto/rsa.c new file mode 100644 index 0000000000..a7b4371e4d --- /dev/null +++ b/source4/heimdal/lib/hcrypto/rsa.c @@ -0,0 +1,472 @@ +/* + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: rsa.c 20466 2007-04-20 08:29:05Z lha $"); + +#include +#include +#include +#include + +#include + +#include + +RSA * +RSA_new(void) +{ + return RSA_new_method(NULL); +} + +RSA * +RSA_new_method(ENGINE *engine) +{ + RSA *rsa; + + rsa = calloc(1, sizeof(*rsa)); + if (rsa == NULL) + return NULL; + + rsa->references = 1; + + if (engine) { + ENGINE_up_ref(engine); + rsa->engine = engine; + } else { + rsa->engine = ENGINE_get_default_RSA(); + } + + if (rsa->engine) { + rsa->meth = ENGINE_get_RSA(rsa->engine); + if (rsa->meth == NULL) { + ENGINE_finish(engine); + free(rsa); + return 0; + } + } + + if (rsa->meth == NULL) + rsa->meth = rk_UNCONST(RSA_get_default_method()); + + (*rsa->meth->init)(rsa); + + return rsa; +} + + +void +RSA_free(RSA *rsa) +{ + if (rsa->references <= 0) + abort(); + + if (--rsa->references > 0) + return; + + (*rsa->meth->finish)(rsa); + + if (rsa->engine) + ENGINE_finish(rsa->engine); + +#define free_if(f) if (f) { BN_free(f); } + free_if(rsa->n); + free_if(rsa->e); + free_if(rsa->d); + free_if(rsa->p); + free_if(rsa->q); + free_if(rsa->dmp1); + free_if(rsa->dmq1); + free_if(rsa->iqmp); +#undef free_if + + memset(rsa, 0, sizeof(*rsa)); + free(rsa); +} + +int +RSA_up_ref(RSA *rsa) +{ + return ++rsa->references; +} + +const RSA_METHOD * +RSA_get_method(const RSA *rsa) +{ + return rsa->meth; +} + +int +RSA_set_method(RSA *rsa, const RSA_METHOD *method) +{ + (*rsa->meth->finish)(rsa); + + if (rsa->engine) { + ENGINE_finish(rsa->engine); + rsa->engine = NULL; + } + + rsa->meth = method; + (*rsa->meth->init)(rsa); + return 1; +} + +int +RSA_set_app_data(RSA *rsa, void *arg) +{ + rsa->ex_data.sk = arg; + return 1; +} + +void * +RSA_get_app_data(RSA *rsa) +{ + return rsa->ex_data.sk; +} + +int +RSA_check_key(const RSA *key) +{ + static const unsigned char inbuf[] = "hello, world!"; + RSA *rsa = rk_UNCONST(key); + void *buffer; + int ret; + + /* + * XXX I have no clue how to implement this w/o a bignum library. + * Well, when we have a RSA key pair, we can try to encrypt/sign + * and then decrypt/verify. + */ + + if ((rsa->d == NULL || rsa->n == NULL) && + (rsa->p == NULL || rsa->q || rsa->dmp1 == NULL || rsa->dmq1 == NULL || rsa->iqmp == NULL)) + return 0; + + buffer = malloc(RSA_size(rsa)); + if (buffer == NULL) + return 0; + + ret = RSA_private_encrypt(sizeof(inbuf), inbuf, buffer, + rsa, RSA_PKCS1_PADDING); + if (ret == -1) { + free(buffer); + return 0; + } + + ret = RSA_public_decrypt(ret, buffer, buffer, + rsa, RSA_PKCS1_PADDING); + if (ret == -1) { + free(buffer); + return 0; + } + + if (ret == sizeof(inbuf) && memcmp(buffer, inbuf, sizeof(inbuf)) == 0) { + free(buffer); + return 1; + } + free(buffer); + return 0; +} + +int +RSA_size(const RSA *rsa) +{ + return BN_num_bytes(rsa->n); +} + +#define RSAFUNC(name, body) \ +int \ +name(int flen,const unsigned char* f, unsigned char* t, RSA* r, int p){\ + return body; \ +} + +RSAFUNC(RSA_public_encrypt, (r)->meth->rsa_pub_enc(flen, f, t, r, p)) +RSAFUNC(RSA_public_decrypt, (r)->meth->rsa_pub_dec(flen, f, t, r, p)) +RSAFUNC(RSA_private_encrypt, (r)->meth->rsa_priv_enc(flen, f, t, r, p)) +RSAFUNC(RSA_private_decrypt, (r)->meth->rsa_priv_dec(flen, f, t, r, p)) + +/* XXX */ +int +RSA_sign(int type, const unsigned char *from, unsigned int flen, + unsigned char *to, unsigned int *tlen, RSA *rsa) +{ + return -1; +} + +int +RSA_verify(int type, const unsigned char *from, unsigned int flen, + unsigned char *to, unsigned int tlen, RSA *rsa) +{ + return -1; +} + +/* + * A NULL RSA_METHOD that returns failure for all operations. This is + * used as the default RSA method if we don't have any native + * support. + */ + +static RSAFUNC(null_rsa_public_encrypt, -1) +static RSAFUNC(null_rsa_public_decrypt, -1) +static RSAFUNC(null_rsa_private_encrypt, -1) +static RSAFUNC(null_rsa_private_decrypt, -1) + +/* + * + */ + +int +RSA_generate_key_ex(RSA *r, int bits, BIGNUM *e, BN_GENCB *cb) +{ + if (r->meth->rsa_keygen) + return (*r->meth->rsa_keygen)(r, bits, e, cb); + return 0; +} + + +/* + * + */ + +static int +null_rsa_init(RSA *rsa) +{ + return 1; +} + +static int +null_rsa_finish(RSA *rsa) +{ + return 1; +} + +static const RSA_METHOD rsa_null_method = { + "hcrypto null RSA", + null_rsa_public_encrypt, + null_rsa_public_decrypt, + null_rsa_private_encrypt, + null_rsa_private_decrypt, + NULL, + NULL, + null_rsa_init, + null_rsa_finish, + 0, + NULL, + NULL, + NULL +}; + +const RSA_METHOD * +RSA_null_method(void) +{ + return &rsa_null_method; +} + +extern const RSA_METHOD hc_rsa_imath_method; +static const RSA_METHOD *default_rsa_method = &hc_rsa_imath_method; + +const RSA_METHOD * +RSA_get_default_method(void) +{ + return default_rsa_method; +} + +void +RSA_set_default_method(const RSA_METHOD *meth) +{ + default_rsa_method = meth; +} + +/* + * + */ + +static BIGNUM * +heim_int2BN(const heim_integer *i) +{ + BIGNUM *bn; + + bn = BN_bin2bn(i->data, i->length, NULL); + if (bn) + BN_set_negative(bn, i->negative); + return bn; +} + +static int +bn2heim_int(BIGNUM *bn, heim_integer *integer) +{ + integer->length = BN_num_bytes(bn); + integer->data = malloc(integer->length); + if (integer->data == NULL) { + integer->length = 0; + return ENOMEM; + } + BN_bn2bin(bn, integer->data); + integer->negative = BN_is_negative(bn); + return 0; +} + + +RSA * +d2i_RSAPrivateKey(RSA *rsa, const unsigned char **pp, size_t len) +{ + RSAPrivateKey data; + RSA *k = rsa; + size_t size; + int ret; + + ret = decode_RSAPrivateKey(*pp, len, &data, &size); + if (ret) + return NULL; + + *pp += size; + + if (k == NULL) { + k = RSA_new(); + if (k == NULL) { + free_RSAPrivateKey(&data); + return NULL; + } + } + + k->n = heim_int2BN(&data.modulus); + k->e = heim_int2BN(&data.publicExponent); + k->d = heim_int2BN(&data.privateExponent); + k->p = heim_int2BN(&data.prime1); + k->q = heim_int2BN(&data.prime2); + k->dmp1 = heim_int2BN(&data.exponent1); + k->dmq1 = heim_int2BN(&data.exponent2); + k->iqmp = heim_int2BN(&data.coefficient); + free_RSAPrivateKey(&data); + + if (k->n == NULL || k->e == NULL || k->d == NULL || k->p == NULL || + k->q == NULL || k->dmp1 == NULL || k->dmq1 == NULL || k->iqmp == NULL) + { + RSA_free(k); + return NULL; + } + + return k; +} + +int +i2d_RSAPrivateKey(RSA *rsa, unsigned char **pp) +{ + RSAPrivateKey data; + size_t size; + int ret; + + if (rsa->n == NULL || rsa->e == NULL || rsa->d == NULL || rsa->p == NULL || + rsa->q == NULL || rsa->dmp1 == NULL || rsa->dmq1 == NULL || + rsa->iqmp == NULL) + return -1; + + memset(&data, 0, sizeof(data)); + + ret = bn2heim_int(rsa->n, &data.modulus); + ret |= bn2heim_int(rsa->e, &data.publicExponent); + ret |= bn2heim_int(rsa->d, &data.privateExponent); + ret |= bn2heim_int(rsa->p, &data.prime1); + ret |= bn2heim_int(rsa->q, &data.prime2); + ret |= bn2heim_int(rsa->dmp1, &data.exponent1); + ret |= bn2heim_int(rsa->dmq1, &data.exponent2); + ret |= bn2heim_int(rsa->iqmp, &data.coefficient); + if (ret) { + free_RSAPrivateKey(&data); + return -1; + } + + if (pp == NULL) { + size = length_RSAPrivateKey(&data); + free_RSAPrivateKey(&data); + } else { + void *p; + size_t len; + + ASN1_MALLOC_ENCODE(RSAPrivateKey, p, len, &data, &size, ret); + free_RSAPrivateKey(&data); + if (ret) + return -1; + if (len != size) + abort(); + + memcpy(*pp, p, size); + free(p); + + *pp += size; + + } + return size; +} + +int +i2d_RSAPublicKey(RSA *rsa, unsigned char **pp) +{ + RSAPublicKey data; + size_t size; + int ret; + + memset(&data, 0, sizeof(data)); + + if (bn2heim_int(rsa->n, &data.modulus) || + bn2heim_int(rsa->e, &data.publicExponent)) + { + free_RSAPublicKey(&data); + return -1; + } + + if (pp == NULL) { + size = length_RSAPublicKey(&data); + free_RSAPublicKey(&data); + } else { + void *p; + size_t len; + + ASN1_MALLOC_ENCODE(RSAPublicKey, p, len, &data, &size, ret); + free_RSAPublicKey(&data); + if (ret) + return -1; + if (len != size) + abort(); + + memcpy(*pp, p, size); + free(p); + + *pp += size; + } + + return size; +} diff --git a/source4/heimdal/lib/hcrypto/rsa.h b/source4/heimdal/lib/hcrypto/rsa.h new file mode 100644 index 0000000000..575774dbde --- /dev/null +++ b/source4/heimdal/lib/hcrypto/rsa.h @@ -0,0 +1,175 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: rsa.h 19734 2007-01-05 20:26:23Z lha $ + */ + +#ifndef _HEIM_RSA_H +#define _HEIM_RSA_H 1 + +/* symbol renaming */ +#define RSA_null_method hc_RSA_null_method +#define RSA_imath_method hc_RSA_imath_method +#define RSA_new hc_RSA_new +#define RSA_new_method hc_RSA_new_method +#define RSA_free hc_RSA_free +#define RSA_up_ref hc_RSA_up_ref +#define RSA_set_default_method hc_RSA_set_default_method +#define RSA_get_default_method hc_RSA_get_default_method +#define RSA_set_method hc_RSA_set_method +#define RSA_get_method hc_RSA_get_method +#define RSA_set_app_data hc_RSA_set_app_data +#define RSA_get_app_data hc_RSA_get_app_data +#define RSA_check_key hc_RSA_check_key +#define RSA_size hc_RSA_size +#define RSA_public_encrypt hc_RSA_public_encrypt +#define RSA_public_decrypt hc_RSA_public_decrypt +#define RSA_private_encrypt hc_RSA_private_encrypt +#define RSA_private_decrypt hc_RSA_private_decrypt +#define RSA_sign hc_RSA_sign +#define RSA_verify hc_RSA_verify +#define RSA_generate_key_ex hc_RSA_generate_key_ex +#define d2i_RSAPrivateKey hc_d2i_RSAPrivateKey +#define i2d_RSAPrivateKey hc_i2d_RSAPrivateKey +#define i2d_RSAPublicKey hc_i2d_RSAPublicKey + +/* + * + */ + +typedef struct RSA RSA; +typedef struct RSA_METHOD RSA_METHOD; + +#include +#include + +struct RSA_METHOD { + const char *name; + int (*rsa_pub_enc)(int,const unsigned char *, unsigned char *, RSA *,int); + int (*rsa_pub_dec)(int,const unsigned char *, unsigned char *, RSA *,int); + int (*rsa_priv_enc)(int,const unsigned char *, unsigned char *, RSA *,int); + int (*rsa_priv_dec)(int,const unsigned char *, unsigned char *, RSA *,int); + void *rsa_mod_exp; + void *bn_mod_exp; + int (*init)(RSA *rsa); + int (*finish)(RSA *rsa); + int flags; + char *app_data; + int (*rsa_sign)(int, const unsigned char *, unsigned int, + unsigned char *, unsigned int *, const RSA *); + int (*rsa_verify)(int, const unsigned char *, unsigned int, + unsigned char *, unsigned int, const RSA *); + int (*rsa_keygen)(RSA *, int, BIGNUM *, BN_GENCB *); +}; + +struct RSA { + int pad; + long version; + const RSA_METHOD *meth; + void *engine; + BIGNUM *n; + BIGNUM *e; + BIGNUM *d; + BIGNUM *p; + BIGNUM *q; + BIGNUM *dmp1; + BIGNUM *dmq1; + BIGNUM *iqmp; + struct rsa_CRYPTO_EX_DATA { + void *sk; + int dummy; + } ex_data; + int references; + int flags; + void *_method_mod_n; + void *_method_mod_p; + void *_method_mod_q; + + char *bignum_data; + void *blinding; + void *mt_blinding; +}; + +#define RSA_FLAG_NO_BLINDING 0x0080 + +#define RSA_PKCS1_PADDING 1 +#define RSA_PKCS1_OAEP_PADDING 4 +#define RSA_PKCS1_PADDING_SIZE 11 + +/* + * + */ + +const RSA_METHOD *RSA_null_method(void); +const RSA_METHOD *RSA_imath_method(void); + +/* + * + */ + +RSA * RSA_new(void); +RSA * RSA_new_method(ENGINE *); +void RSA_free(RSA *); +int RSA_up_ref(RSA *); + +void RSA_set_default_method(const RSA_METHOD *); +const RSA_METHOD * RSA_get_default_method(void); + +const RSA_METHOD * RSA_get_method(const RSA *); +int RSA_set_method(RSA *, const RSA_METHOD *); + +int RSA_set_app_data(RSA *, void *arg); +void * RSA_get_app_data(RSA *); + +int RSA_check_key(const RSA *); +int RSA_size(const RSA *); + +int RSA_public_encrypt(int,const unsigned char*,unsigned char*,RSA *,int); +int RSA_private_encrypt(int,const unsigned char*,unsigned char*,RSA *,int); +int RSA_public_decrypt(int,const unsigned char*,unsigned char*,RSA *,int); +int RSA_private_decrypt(int,const unsigned char*,unsigned char*,RSA *,int); + +int RSA_sign(int, const unsigned char *, unsigned int, + unsigned char *, unsigned int *, RSA *); +int RSA_verify(int, const unsigned char *, unsigned int, + unsigned char *, unsigned int, RSA *); + +int RSA_generate_key_ex(RSA *, int, BIGNUM *, BN_GENCB *); + +RSA * d2i_RSAPrivateKey(RSA *, const unsigned char **, size_t); +int i2d_RSAPrivateKey(RSA *, unsigned char **); + +int i2d_RSAPublicKey(RSA *, unsigned char **); + +#endif /* _HEIM_RSA_H */ diff --git a/source4/heimdal/lib/hcrypto/sha.c b/source4/heimdal/lib/hcrypto/sha.c new file mode 100644 index 0000000000..a264f53f33 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/sha.c @@ -0,0 +1,300 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: sha.c 17445 2006-05-05 10:37:46Z lha $"); +#endif + +#include "hash.h" +#include "sha.h" + +#define A m->counter[0] +#define B m->counter[1] +#define C m->counter[2] +#define D m->counter[3] +#define E m->counter[4] +#define X data + +void +SHA1_Init (struct sha *m) +{ + m->sz[0] = 0; + m->sz[1] = 0; + A = 0x67452301; + B = 0xefcdab89; + C = 0x98badcfe; + D = 0x10325476; + E = 0xc3d2e1f0; +} + + +#define F0(x,y,z) CRAYFIX((x & y) | (~x & z)) +#define F1(x,y,z) (x ^ y ^ z) +#define F2(x,y,z) ((x & y) | (x & z) | (y & z)) +#define F3(x,y,z) F1(x,y,z) + +#define K0 0x5a827999 +#define K1 0x6ed9eba1 +#define K2 0x8f1bbcdc +#define K3 0xca62c1d6 + +#define DO(t,f,k) \ +do { \ + uint32_t temp; \ + \ + temp = cshift(AA, 5) + f(BB,CC,DD) + EE + data[t] + k; \ + EE = DD; \ + DD = CC; \ + CC = cshift(BB, 30); \ + BB = AA; \ + AA = temp; \ +} while(0) + +static inline void +calc (struct sha *m, uint32_t *in) +{ + uint32_t AA, BB, CC, DD, EE; + uint32_t data[80]; + int i; + + AA = A; + BB = B; + CC = C; + DD = D; + EE = E; + + for (i = 0; i < 16; ++i) + data[i] = in[i]; + for (i = 16; i < 80; ++i) + data[i] = cshift(data[i-3] ^ data[i-8] ^ data[i-14] ^ data[i-16], 1); + + /* t=[0,19] */ + + DO(0,F0,K0); + DO(1,F0,K0); + DO(2,F0,K0); + DO(3,F0,K0); + DO(4,F0,K0); + DO(5,F0,K0); + DO(6,F0,K0); + DO(7,F0,K0); + DO(8,F0,K0); + DO(9,F0,K0); + DO(10,F0,K0); + DO(11,F0,K0); + DO(12,F0,K0); + DO(13,F0,K0); + DO(14,F0,K0); + DO(15,F0,K0); + DO(16,F0,K0); + DO(17,F0,K0); + DO(18,F0,K0); + DO(19,F0,K0); + + /* t=[20,39] */ + + DO(20,F1,K1); + DO(21,F1,K1); + DO(22,F1,K1); + DO(23,F1,K1); + DO(24,F1,K1); + DO(25,F1,K1); + DO(26,F1,K1); + DO(27,F1,K1); + DO(28,F1,K1); + DO(29,F1,K1); + DO(30,F1,K1); + DO(31,F1,K1); + DO(32,F1,K1); + DO(33,F1,K1); + DO(34,F1,K1); + DO(35,F1,K1); + DO(36,F1,K1); + DO(37,F1,K1); + DO(38,F1,K1); + DO(39,F1,K1); + + /* t=[40,59] */ + + DO(40,F2,K2); + DO(41,F2,K2); + DO(42,F2,K2); + DO(43,F2,K2); + DO(44,F2,K2); + DO(45,F2,K2); + DO(46,F2,K2); + DO(47,F2,K2); + DO(48,F2,K2); + DO(49,F2,K2); + DO(50,F2,K2); + DO(51,F2,K2); + DO(52,F2,K2); + DO(53,F2,K2); + DO(54,F2,K2); + DO(55,F2,K2); + DO(56,F2,K2); + DO(57,F2,K2); + DO(58,F2,K2); + DO(59,F2,K2); + + /* t=[60,79] */ + + DO(60,F3,K3); + DO(61,F3,K3); + DO(62,F3,K3); + DO(63,F3,K3); + DO(64,F3,K3); + DO(65,F3,K3); + DO(66,F3,K3); + DO(67,F3,K3); + DO(68,F3,K3); + DO(69,F3,K3); + DO(70,F3,K3); + DO(71,F3,K3); + DO(72,F3,K3); + DO(73,F3,K3); + DO(74,F3,K3); + DO(75,F3,K3); + DO(76,F3,K3); + DO(77,F3,K3); + DO(78,F3,K3); + DO(79,F3,K3); + + A += AA; + B += BB; + C += CC; + D += DD; + E += EE; +} + +/* + * From `Performance analysis of MD5' by Joseph D. Touch + */ + +#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) +static inline uint32_t +swap_uint32_t (uint32_t t) +{ +#define ROL(x,n) ((x)<<(n))|((x)>>(32-(n))) + uint32_t temp1, temp2; + + temp1 = cshift(t, 16); + temp2 = temp1 >> 8; + temp1 &= 0x00ff00ff; + temp2 &= 0x00ff00ff; + temp1 <<= 8; + return temp1 | temp2; +} +#endif + +struct x32{ + unsigned int a:32; + unsigned int b:32; +}; + +void +SHA1_Update (struct sha *m, const void *v, size_t len) +{ + const unsigned char *p = v; + size_t old_sz = m->sz[0]; + size_t offset; + + m->sz[0] += len * 8; + if (m->sz[0] < old_sz) + ++m->sz[1]; + offset = (old_sz / 8) % 64; + while(len > 0){ + size_t l = min(len, 64 - offset); + memcpy(m->save + offset, p, l); + offset += l; + p += l; + len -= l; + if(offset == 64){ +#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) + int i; + uint32_t current[16]; + struct x32 *u = (struct x32*)m->save; + for(i = 0; i < 8; i++){ + current[2*i+0] = swap_uint32_t(u[i].a); + current[2*i+1] = swap_uint32_t(u[i].b); + } + calc(m, current); +#else + calc(m, (uint32_t*)m->save); +#endif + offset = 0; + } + } +} + +void +SHA1_Final (void *res, struct sha *m) +{ + unsigned char zeros[72]; + unsigned offset = (m->sz[0] / 8) % 64; + unsigned int dstart = (120 - offset - 1) % 64 + 1; + + *zeros = 0x80; + memset (zeros + 1, 0, sizeof(zeros) - 1); + zeros[dstart+7] = (m->sz[0] >> 0) & 0xff; + zeros[dstart+6] = (m->sz[0] >> 8) & 0xff; + zeros[dstart+5] = (m->sz[0] >> 16) & 0xff; + zeros[dstart+4] = (m->sz[0] >> 24) & 0xff; + zeros[dstart+3] = (m->sz[1] >> 0) & 0xff; + zeros[dstart+2] = (m->sz[1] >> 8) & 0xff; + zeros[dstart+1] = (m->sz[1] >> 16) & 0xff; + zeros[dstart+0] = (m->sz[1] >> 24) & 0xff; + SHA1_Update (m, zeros, dstart + 8); + { + int i; + unsigned char *r = (unsigned char*)res; + + for (i = 0; i < 5; ++i) { + r[4*i+3] = m->counter[i] & 0xFF; + r[4*i+2] = (m->counter[i] >> 8) & 0xFF; + r[4*i+1] = (m->counter[i] >> 16) & 0xFF; + r[4*i] = (m->counter[i] >> 24) & 0xFF; + } + } +#if 0 + { + int i; + uint32_t *r = (uint32_t *)res; + + for (i = 0; i < 5; ++i) + r[i] = swap_uint32_t (m->counter[i]); + } +#endif +} diff --git a/source4/heimdal/lib/hcrypto/sha.h b/source4/heimdal/lib/hcrypto/sha.h new file mode 100644 index 0000000000..70fc20e222 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/sha.h @@ -0,0 +1,83 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: sha.h 17450 2006-05-05 11:11:43Z lha $ */ + +#ifndef HEIM_SHA_H +#define HEIM_SHA_H 1 + +/* symbol renaming */ +#define SHA1_Init hc_SHA1_Init +#define SHA1_Update hc_SHA1_Update +#define SHA1_Final hc_SHA1_Final +#define SHA256_Init hc_SHA256_Init +#define SHA256_Update hc_SHA256_Update +#define SHA256_Final hc_SHA256_Final + +/* + * SHA-1 + */ + +#define SHA_DIGEST_LENGTH 20 + +struct sha { + unsigned int sz[2]; + uint32_t counter[5]; + unsigned char save[64]; +}; + +typedef struct sha SHA_CTX; + +void SHA1_Init (struct sha *m); +void SHA1_Update (struct sha *m, const void *v, size_t len); +void SHA1_Final (void *res, struct sha *m); + +/* + * SHA-2 256 + */ + +#define SHA256_DIGEST_LENGTH 32 + +struct hc_sha256state { + unsigned int sz[2]; + uint32_t counter[8]; + unsigned char save[64]; +}; + +typedef struct hc_sha256state SHA256_CTX; + +void SHA256_Init (SHA256_CTX *); +void SHA256_Update (SHA256_CTX *, const void *, size_t); +void SHA256_Final (void *, SHA256_CTX *); + +#endif /* HEIM_SHA_H */ diff --git a/source4/heimdal/lib/hcrypto/sha256.c b/source4/heimdal/lib/hcrypto/sha256.c new file mode 100644 index 0000000000..b95442eff6 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/sha256.c @@ -0,0 +1,233 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: sha256.c 17445 2006-05-05 10:37:46Z lha $"); +#endif + +#include "hash.h" +#include "sha.h" + +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +#define ROTR(x,n) (((x)>>(n)) | ((x) << (32 - (n)))) + +#define Sigma0(x) (ROTR(x,2) ^ ROTR(x,13) ^ ROTR(x,22)) +#define Sigma1(x) (ROTR(x,6) ^ ROTR(x,11) ^ ROTR(x,25)) +#define sigma0(x) (ROTR(x,7) ^ ROTR(x,18) ^ ((x)>>3)) +#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ ((x)>>10)) + +#define A m->counter[0] +#define B m->counter[1] +#define C m->counter[2] +#define D m->counter[3] +#define E m->counter[4] +#define F m->counter[5] +#define G m->counter[6] +#define H m->counter[7] + +static const uint32_t constant_256[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +}; + +void +SHA256_Init (SHA256_CTX *m) +{ + m->sz[0] = 0; + m->sz[1] = 0; + A = 0x6a09e667; + B = 0xbb67ae85; + C = 0x3c6ef372; + D = 0xa54ff53a; + E = 0x510e527f; + F = 0x9b05688c; + G = 0x1f83d9ab; + H = 0x5be0cd19; +} + +static void +calc (SHA256_CTX *m, uint32_t *in) +{ + uint32_t AA, BB, CC, DD, EE, FF, GG, HH; + uint32_t data[64]; + int i; + + AA = A; + BB = B; + CC = C; + DD = D; + EE = E; + FF = F; + GG = G; + HH = H; + + for (i = 0; i < 16; ++i) + data[i] = in[i]; + for (i = 16; i < 64; ++i) + data[i] = sigma1(data[i-2]) + data[i-7] + + sigma0(data[i-15]) + data[i - 16]; + + for (i = 0; i < 64; i++) { + uint32_t T1, T2; + + T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_256[i] + data[i]; + T2 = Sigma0(AA) + Maj(AA,BB,CC); + + HH = GG; + GG = FF; + FF = EE; + EE = DD + T1; + DD = CC; + CC = BB; + BB = AA; + AA = T1 + T2; + } + + A += AA; + B += BB; + C += CC; + D += DD; + E += EE; + F += FF; + G += GG; + H += HH; +} + +/* + * From `Performance analysis of MD5' by Joseph D. Touch + */ + +#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) +static inline uint32_t +swap_uint32_t (uint32_t t) +{ +#define ROL(x,n) ((x)<<(n))|((x)>>(32-(n))) + uint32_t temp1, temp2; + + temp1 = cshift(t, 16); + temp2 = temp1 >> 8; + temp1 &= 0x00ff00ff; + temp2 &= 0x00ff00ff; + temp1 <<= 8; + return temp1 | temp2; +} +#endif + +struct x32{ + unsigned int a:32; + unsigned int b:32; +}; + +void +SHA256_Update (SHA256_CTX *m, const void *v, size_t len) +{ + const unsigned char *p = v; + size_t old_sz = m->sz[0]; + size_t offset; + + m->sz[0] += len * 8; + if (m->sz[0] < old_sz) + ++m->sz[1]; + offset = (old_sz / 8) % 64; + while(len > 0){ + size_t l = min(len, 64 - offset); + memcpy(m->save + offset, p, l); + offset += l; + p += l; + len -= l; + if(offset == 64){ +#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) + int i; + uint32_t current[16]; + struct x32 *u = (struct x32*)m->save; + for(i = 0; i < 8; i++){ + current[2*i+0] = swap_uint32_t(u[i].a); + current[2*i+1] = swap_uint32_t(u[i].b); + } + calc(m, current); +#else + calc(m, (uint32_t*)m->save); +#endif + offset = 0; + } + } +} + +void +SHA256_Final (void *res, SHA256_CTX *m) +{ + unsigned char zeros[72]; + unsigned offset = (m->sz[0] / 8) % 64; + unsigned int dstart = (120 - offset - 1) % 64 + 1; + + *zeros = 0x80; + memset (zeros + 1, 0, sizeof(zeros) - 1); + zeros[dstart+7] = (m->sz[0] >> 0) & 0xff; + zeros[dstart+6] = (m->sz[0] >> 8) & 0xff; + zeros[dstart+5] = (m->sz[0] >> 16) & 0xff; + zeros[dstart+4] = (m->sz[0] >> 24) & 0xff; + zeros[dstart+3] = (m->sz[1] >> 0) & 0xff; + zeros[dstart+2] = (m->sz[1] >> 8) & 0xff; + zeros[dstart+1] = (m->sz[1] >> 16) & 0xff; + zeros[dstart+0] = (m->sz[1] >> 24) & 0xff; + SHA256_Update (m, zeros, dstart + 8); + { + int i; + unsigned char *r = (unsigned char*)res; + + for (i = 0; i < 8; ++i) { + r[4*i+3] = m->counter[i] & 0xFF; + r[4*i+2] = (m->counter[i] >> 8) & 0xFF; + r[4*i+1] = (m->counter[i] >> 16) & 0xFF; + r[4*i] = (m->counter[i] >> 24) & 0xFF; + } + } +} diff --git a/source4/heimdal/lib/hcrypto/ui.c b/source4/heimdal/lib/hcrypto/ui.c new file mode 100644 index 0000000000..3e651998b5 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/ui.c @@ -0,0 +1,164 @@ +/* + * Copyright (c) 1997 - 2000, 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: ui.c 18158 2006-09-22 15:45:57Z lha $"); +#endif + +#include +#include +#include +#include +#include +#include + +#include + +static sig_atomic_t intr_flag; + +static void +intr(int sig) +{ + intr_flag++; +} + +#ifndef NSIG +#define NSIG 47 +#endif + +static int +read_string(const char *preprompt, const char *prompt, + char *buf, size_t len, int echo) +{ + struct sigaction sigs[NSIG]; + int oksigs[NSIG]; + struct sigaction sa; + FILE *tty; + int ret = 0; + int of = 0; + int i; + int c; + char *p; + + struct termios t_new, t_old; + + memset(&oksigs, 0, sizeof(oksigs)); + + memset(&sa, 0, sizeof(sa)); + sa.sa_handler = intr; + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; + for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++) + if (i != SIGALRM) + if (sigaction(i, &sa, &sigs[i]) == 0) + oksigs[i] = 1; + + if((tty = fopen("/dev/tty", "r")) == NULL) + tty = stdin; + + fprintf(stderr, "%s%s", preprompt, prompt); + fflush(stderr); + + if(echo == 0){ + tcgetattr(fileno(tty), &t_old); + memcpy(&t_new, &t_old, sizeof(t_new)); + t_new.c_lflag &= ~ECHO; + tcsetattr(fileno(tty), TCSANOW, &t_new); + } + intr_flag = 0; + p = buf; + while(intr_flag == 0){ + c = getc(tty); + if(c == EOF){ + if(!ferror(tty)) + ret = 1; + break; + } + if(c == '\n') + break; + if(of == 0) + *p++ = c; + of = (p == buf + len); + } + if(of) + p--; + *p = 0; + + if(echo == 0){ + printf("\n"); + tcsetattr(fileno(tty), TCSANOW, &t_old); + } + + if(tty != stdin) + fclose(tty); + + for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++) + if (oksigs[i]) + sigaction(i, &sigs[i], NULL); + + if(ret) + return -3; + if(intr_flag) + return -2; + if(of) + return -1; + return 0; +} + +int +UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify) +{ + int ret; + + ret = read_string("", prompt, buf, length, 0); + if (ret) + return ret; + + if (verify) { + char *buf2; + buf2 = malloc(length); + if (buf2 == NULL) + return 1; + + ret = read_string("Verify password - ", prompt, buf2, length, 0); + if (ret) { + free(buf2); + return ret; + } + if (strcmp(buf2, buf) != 0) + ret = 1; + free(buf2); + } + return ret; +} diff --git a/source4/heimdal/lib/hcrypto/ui.h b/source4/heimdal/lib/hcrypto/ui.h new file mode 100644 index 0000000000..53926cc1f7 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/ui.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: ui.h 16480 2006-01-08 21:47:29Z lha $ */ + +#ifndef _HEIM_UI_H +#define _HEIM_UI_H 1 + +/* symbol renaming */ +#define UI_UTIL_read_pw_string hc_UI_UTIL_read_pw_string + +int UI_UTIL_read_pw_string(char *, int, const char *, int); /* XXX */ + +#endif /* _HEIM_UI_H */ + diff --git a/source4/heimdal/lib/hdb/db.c b/source4/heimdal/lib/hdb/db.c index 0bbf6f2210..870f0431cf 100644 --- a/source4/heimdal/lib/hdb/db.c +++ b/source4/heimdal/lib/hdb/db.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: db.c,v 1.36 2006/09/12 18:12:37 lha Exp $"); +RCSID("$Id: db.c 20215 2007-02-09 21:59:53Z lha $"); #if HAVE_DB1 @@ -67,8 +67,11 @@ DB_lock(krb5_context context, HDB *db, int operation) { DB *d = (DB*)db->hdb_db; int fd = (*d->fd)(d); - if(fd < 0) + if(fd < 0) { + krb5_set_error_string(context, + "Can't lock database: %s", db->hdb_name); return HDB_ERR_CANT_LOCK_DB; + } return hdb_lock(fd, operation); } @@ -77,8 +80,11 @@ DB_unlock(krb5_context context, HDB *db) { DB *d = (DB*)db->hdb_db; int fd = (*d->fd)(d); - if(fd < 0) + if(fd < 0) { + krb5_set_error_string(context, + "Can't unlock database: %s", db->hdb_name); return HDB_ERR_CANT_LOCK_DB; + } return hdb_unlock(fd); } @@ -93,14 +99,22 @@ DB_seq(krb5_context context, HDB *db, int code; code = db->hdb_lock(context, db, HDB_RLOCK); - if(code == -1) + if(code == -1) { + krb5_set_error_string(context, "Database %s in use", db->hdb_name); return HDB_ERR_DB_INUSE; + } code = (*d->seq)(d, &key, &value, flag); db->hdb_unlock(context, db); /* XXX check value */ - if(code == -1) - return errno; - if(code == 1) + if(code == -1) { + code = errno; + krb5_set_error_string(context, "Database %s seq error: %s", + db->hdb_name, strerror(code)); + return code; + } + if(code == 1) { + krb5_clear_error_string(context); return HDB_ERR_NOENTRY; + } key_data.data = key.data; key_data.length = key.size; @@ -174,10 +188,16 @@ DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply) return code; code = (*d->get)(d, &k, &v, 0); db->hdb_unlock(context, db); - if(code < 0) - return errno; - if(code == 1) + if(code < 0) { + code = errno; + krb5_set_error_string(context, "Database %s get error: %s", + db->hdb_name, strerror(code)); + return code; + } + if(code == 1) { + krb5_clear_error_string(context); return HDB_ERR_NOENTRY; + } krb5_data_copy(reply, v.data, v.size); return 0; @@ -200,10 +220,16 @@ DB__put(krb5_context context, HDB *db, int replace, return code; code = (*d->put)(d, &k, &v, replace ? 0 : R_NOOVERWRITE); db->hdb_unlock(context, db); - if(code < 0) - return errno; - if(code == 1) + if(code < 0) { + code = errno; + krb5_set_error_string(context, "Database %s put error: %s", + db->hdb_name, strerror(code)); + return code; + } + if(code == 1) { + krb5_clear_error_string(context); return HDB_ERR_EXISTS; + } return 0; } @@ -220,8 +246,12 @@ DB__del(krb5_context context, HDB *db, krb5_data key) return code; code = (*d->del)(d, &k, 0); db->hdb_unlock(context, db); - if(code == 1) - return HDB_ERR_NOENTRY; + if(code == 1) { + code = errno; + krb5_set_error_string(context, "Database %s put error: %s", + db->hdb_name, strerror(code)); + return code; + } if(code < 0) return errno; return 0; diff --git a/source4/heimdal/lib/hdb/ext.c b/source4/heimdal/lib/hdb/ext.c index 141c63a8ac..aac0ff5367 100644 --- a/source4/heimdal/lib/hdb/ext.c +++ b/source4/heimdal/lib/hdb/ext.c @@ -34,7 +34,7 @@ #include "hdb_locl.h" #include -RCSID("$Id: ext.c,v 1.6 2006/10/14 10:13:03 lha Exp $"); +RCSID("$Id: ext.c 20236 2007-02-16 23:52:29Z lha $"); krb5_error_code hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) @@ -394,3 +394,17 @@ hdb_entry_get_ConstrainedDelegACL(const hdb_entry *entry, return 0; } + +krb5_error_code +hdb_entry_get_aliases(const hdb_entry *entry, const HDB_Ext_Aliases **a) +{ + const HDB_extension *ext; + + ext = hdb_find_extension(entry, choice_HDB_extension_data_aliases); + if (ext) + *a = &ext->data.u.aliases; + else + *a = NULL; + + return 0; +} diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h index de0545a037..6d679fd48f 100644 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -42,6 +42,41 @@ hdb_db_create ( HDB **/*db*/, const char */*filename*/); +const char * +hdb_dbinfo_get_acl_file ( + krb5_context /*context*/, + struct hdb_dbinfo */*dbp*/); + +const krb5_config_binding * +hdb_dbinfo_get_binding ( + krb5_context /*context*/, + struct hdb_dbinfo */*dbp*/); + +const char * +hdb_dbinfo_get_dbname ( + krb5_context /*context*/, + struct hdb_dbinfo */*dbp*/); + +const char * +hdb_dbinfo_get_label ( + krb5_context /*context*/, + struct hdb_dbinfo */*dbp*/); + +const char * +hdb_dbinfo_get_mkey_file ( + krb5_context /*context*/, + struct hdb_dbinfo */*dbp*/); + +struct hdb_dbinfo * +hdb_dbinfo_get_next ( + struct hdb_dbinfo */*dbp*/, + struct hdb_dbinfo */*dbprevp*/); + +const char * +hdb_dbinfo_get_realm ( + krb5_context /*context*/, + struct hdb_dbinfo */*dbp*/); + krb5_error_code hdb_enctype2key ( krb5_context /*context*/, @@ -58,7 +93,13 @@ hdb_entry2string ( int hdb_entry2value ( krb5_context /*context*/, - hdb_entry */*ent*/, + const hdb_entry */*ent*/, + krb5_data */*value*/); + +int +hdb_entry_alias2value ( + krb5_context /*context*/, + const hdb_entry_alias */*alias*/, krb5_data */*value*/); krb5_error_code @@ -76,6 +117,11 @@ hdb_entry_get_ConstrainedDelegACL ( const hdb_entry */*entry*/, const HDB_Ext_Constrained_delegation_acl **/*a*/); +krb5_error_code +hdb_entry_get_aliases ( + const hdb_entry */*entry*/, + const HDB_Ext_Aliases **/*a*/); + int hdb_entry_get_password ( krb5_context /*context*/, @@ -124,6 +170,11 @@ hdb_foreach ( hdb_foreach_func_t /*func*/, void */*data*/); +void +hdb_free_dbinfo ( + krb5_context /*context*/, + struct hdb_dbinfo **/*dbp*/); + void hdb_free_entry ( krb5_context /*context*/, @@ -159,6 +210,11 @@ hdb_generate_key_set_password ( Key **/*keys*/, size_t */*num_keys*/); +int +hdb_get_dbinfo ( + krb5_context /*context*/, + struct hdb_dbinfo **/*dbp*/); + krb5_error_code hdb_init_db ( krb5_context /*context*/, @@ -314,6 +370,12 @@ hdb_value2entry ( krb5_data */*value*/, hdb_entry */*ent*/); +int +hdb_value2entry_alias ( + krb5_context /*context*/, + krb5_data */*value*/, + hdb_entry_alias */*ent*/); + krb5_error_code hdb_write_master_key ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/hdb/hdb.asn1 b/source4/heimdal/lib/hdb/hdb.asn1 index c8c276ff6e..acd8f61d7e 100644 --- a/source4/heimdal/lib/hdb/hdb.asn1 +++ b/source4/heimdal/lib/hdb/hdb.asn1 @@ -1,4 +1,4 @@ --- $Id: hdb.asn1,v 1.17 2006/08/24 10:45:19 lha Exp $ +-- $Id: hdb.asn1 20236 2007-02-16 23:52:29Z lha $ HDB DEFINITIONS ::= BEGIN @@ -120,4 +120,8 @@ hdb_entry ::= SEQUENCE { extensions[13] HDB-extensions OPTIONAL } +hdb_entry_alias ::= [APPLICATION 0] SEQUENCE { + principal[0] Principal OPTIONAL +} + END diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index cd4f24a732..f0731ed98e 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: hdb.c,v 1.64 2006/11/28 14:24:27 lha Exp $"); +RCSID("$Id: hdb.c 20214 2007-02-09 21:51:10Z lha $"); #ifdef HAVE_DLFCN_H #include @@ -56,7 +56,7 @@ static struct hdb_method methods[] = { {"ldapi:", hdb_ldapi_create}, #endif #ifdef _SAMBA_BUILD_ - {"ldb:", hdb_ldb_create}, + {"ldb:", hdb_ldb_create}, #endif #ifdef HAVE_LDB /* Used for integrated samba build */ {"ldb:", hdb_ldb_create}, @@ -81,11 +81,15 @@ hdb_next_enctype2key(krb5_context context, for (k = *key ? (*key) + 1 : e->keys.val; k < e->keys.val + e->keys.len; - k++) + k++) + { if(k->key.keytype == enctype){ *key = k; return 0; } + } + krb5_set_error_string(context, "No next enctype %d for hdb-entry", + (int)enctype); return KRB5_PROG_ETYPE_NOSUPP; /* XXX */ } @@ -164,6 +168,8 @@ hdb_foreach(krb5_context context, krb5_error_code ret; hdb_entry_ex entry; ret = db->hdb_firstkey(context, db, flags, &entry); + if (ret == 0) + krb5_clear_error_string(context); while(ret == 0){ ret = (*func)(context, db, &entry, data); hdb_free_entry(context, &entry); @@ -228,8 +234,11 @@ hdb_init_db(krb5_context context, HDB *db) version.length = strlen(version.data) + 1; /* zero terminated */ ret = (*db->hdb__put)(context, db, 0, tag, version); ret2 = db->hdb_unlock(context, db); - if (ret) + if (ret) { + if (ret2) + krb5_clear_error_string(context); return ret; + } return ret2; } diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index dcfceb58f0..830589388f 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hdb.h,v 1.38 2006/04/28 07:37:11 lha Exp $ */ +/* $Id: hdb.h 20535 2007-04-23 07:49:16Z lha $ */ #ifndef __HDB_H__ #define __HDB_H__ @@ -41,6 +41,8 @@ #include #include +struct hdb_dbinfo; + enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK }; /* flags for various functions */ @@ -50,6 +52,7 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK }; #define HDB_F_GET_SERVER 8 /* fetch server */ #define HDB_F_GET_KRBTGT 16 /* fetch krbtgt */ #define HDB_F_GET_ANY 28 /* fetch any of client,server,krbtgt */ +#define HDB_F_CANON 32 /* want canonicalition */ /* key usage for master key */ #define HDB_KU_MKEY 0x484442 @@ -69,7 +72,7 @@ typedef struct HDB{ char *hdb_name; int hdb_master_key_set; hdb_master_key hdb_master_key; - void *hdb_openp; + int hdb_openp; krb5_error_code (*hdb_open)(krb5_context, struct HDB*, diff --git a/source4/heimdal/lib/hdb/hdb_err.et b/source4/heimdal/lib/hdb/hdb_err.et index f2636b2fea..5c5b80bb36 100644 --- a/source4/heimdal/lib/hdb/hdb_err.et +++ b/source4/heimdal/lib/hdb/hdb_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: hdb_err.et,v 1.6 2005/08/11 13:17:22 lha Exp $" +id "$Id: hdb_err.et 15878 2005-08-11 13:17:22Z lha $" error_table hdb diff --git a/source4/heimdal/lib/hdb/hdb_locl.h b/source4/heimdal/lib/hdb/hdb_locl.h index 0bf4e8191c..ad16075b24 100644 --- a/source4/heimdal/lib/hdb/hdb_locl.h +++ b/source4/heimdal/lib/hdb/hdb_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hdb_locl.h,v 1.19 2003/09/10 21:54:58 lha Exp $ */ +/* $Id: hdb_locl.h 12820 2003-09-10 21:54:58Z lha $ */ #ifndef __HDB_LOCL_H__ #define __HDB_LOCL_H__ diff --git a/source4/heimdal/lib/hdb/keys.c b/source4/heimdal/lib/hdb/keys.c index 8d4810f5c9..9b87050120 100644 --- a/source4/heimdal/lib/hdb/keys.c +++ b/source4/heimdal/lib/hdb/keys.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: keys.c,v 1.6 2006/10/22 09:40:12 lha Exp $"); +RCSID("$Id: keys.c 18819 2006-10-22 09:40:12Z lha $"); /* * free all the memory used by (len, keys) diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index 7ae3ec3150..5c867daf20 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -35,7 +35,7 @@ /* keytab backend for HDB databases */ -RCSID("$Id: keytab.c,v 1.16 2006/10/09 12:36:40 lha Exp $"); +RCSID("$Id: keytab.c 18380 2006-10-09 12:36:40Z lha $"); struct hdb_data { char *dbname; diff --git a/source4/heimdal/lib/hdb/mkey.c b/source4/heimdal/lib/hdb/mkey.c index 40569b29ad..02d87b6cf3 100644 --- a/source4/heimdal/lib/hdb/mkey.c +++ b/source4/heimdal/lib/hdb/mkey.c @@ -36,7 +36,7 @@ #define O_BINARY 0 #endif -RCSID("$Id: mkey.c,v 1.22 2006/05/05 10:27:59 lha Exp $"); +RCSID("$Id: mkey.c 17445 2006-05-05 10:37:46Z lha $"); struct hdb_master_key_data { krb5_keytab_entry keytab; diff --git a/source4/heimdal/lib/hdb/ndbm.c b/source4/heimdal/lib/hdb/ndbm.c index 6c72ea78c5..6575b8a417 100644 --- a/source4/heimdal/lib/hdb/ndbm.c +++ b/source4/heimdal/lib/hdb/ndbm.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: ndbm.c,v 1.38 2005/12/13 11:54:10 lha Exp $"); +RCSID("$Id: ndbm.c 16395 2005-12-13 11:54:10Z lha $"); #if HAVE_NDBM diff --git a/source4/heimdal/lib/hx509/ca.c b/source4/heimdal/lib/hx509/ca.c index 1a5b4947be..0e48269aa4 100644 --- a/source4/heimdal/lib/hx509/ca.c +++ b/source4/heimdal/lib/hx509/ca.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "hx_locl.h" #include -RCSID("$Id: ca.c,v 1.12 2007/01/05 18:40:46 lha Exp $"); +RCSID("$Id: ca.c 20904 2007-06-05 01:58:45Z lha $"); struct hx509_ca_tbs { hx509_name subject; @@ -47,10 +47,12 @@ struct hx509_ca_tbs { unsigned int ca:1; unsigned int key:1; unsigned int serial:1; + unsigned int domaincontroller:1; } flags; time_t notBefore; time_t notAfter; int pathLenConstraint; /* both for CA and Proxy */ + CRLDistributionPoints crldp; }; int @@ -66,6 +68,8 @@ hx509_ca_tbs_init(hx509_context context, hx509_ca_tbs *tbs) (*tbs)->eku.len = 0; (*tbs)->eku.val = NULL; (*tbs)->pathLenConstraint = 0; + (*tbs)->crldp.len = 0; + (*tbs)->crldp.val = NULL; return 0; } @@ -80,6 +84,7 @@ hx509_ca_tbs_free(hx509_ca_tbs *tbs) free_GeneralNames(&(*tbs)->san); free_ExtKeyUsage(&(*tbs)->eku); der_free_heim_integer(&(*tbs)->serial); + free_CRLDistributionPoints(&(*tbs)->crldp); hx509_name_free(&(*tbs)->subject); @@ -114,6 +119,89 @@ hx509_ca_tbs_set_notAfter_lifetime(hx509_context context, return hx509_ca_tbs_set_notAfter(context, tbs, time(NULL) + delta); } +static const struct units templatebits[] = { + { "ExtendedKeyUsage", HX509_CA_TEMPLATE_EKU }, + { "KeyUsage", HX509_CA_TEMPLATE_KU }, + { "SPKI", HX509_CA_TEMPLATE_SPKI }, + { "notAfter", HX509_CA_TEMPLATE_NOTAFTER }, + { "notBefore", HX509_CA_TEMPLATE_NOTBEFORE }, + { "serial", HX509_CA_TEMPLATE_SERIAL }, + { "subject", HX509_CA_TEMPLATE_SUBJECT }, + { NULL, 0 } +}; + +const struct units * +hx509_ca_tbs_template_units(void) +{ + return templatebits; +} + +int +hx509_ca_tbs_set_template(hx509_context context, + hx509_ca_tbs tbs, + int flags, + hx509_cert cert) +{ + int ret; + + if (flags & HX509_CA_TEMPLATE_SUBJECT) { + if (tbs->subject) + hx509_name_free(&tbs->subject); + ret = hx509_cert_get_subject(cert, &tbs->subject); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to get subject from template"); + return ret; + } + } + if (flags & HX509_CA_TEMPLATE_SERIAL) { + der_free_heim_integer(&tbs->serial); + ret = hx509_cert_get_serialnumber(cert, &tbs->serial); + tbs->flags.serial = !ret; + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to copy serial number"); + return ret; + } + } + if (flags & HX509_CA_TEMPLATE_NOTBEFORE) + tbs->notBefore = hx509_cert_get_notBefore(cert); + if (flags & HX509_CA_TEMPLATE_NOTAFTER) + tbs->notAfter = hx509_cert_get_notAfter(cert); + if (flags & HX509_CA_TEMPLATE_SPKI) { + free_SubjectPublicKeyInfo(&tbs->spki); + ret = hx509_cert_get_SPKI(cert, &tbs->spki); + tbs->flags.key = !ret; + if (ret) { + hx509_set_error_string(context, 0, ret, "Failed to copy SPKI"); + return ret; + } + } + if (flags & HX509_CA_TEMPLATE_KU) { + KeyUsage ku; + ret = _hx509_cert_get_keyusage(context, cert, &ku); + if (ret) + return ret; + tbs->key_usage = KeyUsage2int(ku); + } + if (flags & HX509_CA_TEMPLATE_EKU) { + ExtKeyUsage eku; + int i; + ret = _hx509_cert_get_eku(context, cert, &eku); + if (ret) + return ret; + for (i = 0; i < eku.len; i++) { + ret = hx509_ca_tbs_add_eku(context, tbs, &eku.val[i]); + if (ret) { + free_ExtKeyUsage(&eku); + return ret; + } + } + free_ExtKeyUsage(&eku); + } + return 0; +} + int hx509_ca_tbs_set_ca(hx509_context context, hx509_ca_tbs tbs, @@ -135,6 +223,14 @@ hx509_ca_tbs_set_proxy(hx509_context context, } +int +hx509_ca_tbs_set_domaincontroller(hx509_context context, + hx509_ca_tbs tbs) +{ + tbs->flags.domaincontroller = 1; + return 0; +} + int hx509_ca_tbs_set_spki(hx509_context context, hx509_ca_tbs tbs, @@ -160,24 +256,122 @@ hx509_ca_tbs_set_serialnumber(hx509_context context, } int -hx509_ca_tbs_add_eku(hx509_context contex, +hx509_ca_tbs_add_eku(hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid) { void *ptr; int ret; + unsigned i; + + /* search for duplicates */ + for (i = 0; i < tbs->eku.len; i++) { + if (der_heim_oid_cmp(oid, &tbs->eku.val[i]) == 0) + return 0; + } ptr = realloc(tbs->eku.val, sizeof(tbs->eku.val[0]) * (tbs->eku.len + 1)); - if (ptr == NULL) + if (ptr == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); return ENOMEM; + } tbs->eku.val = ptr; ret = der_copy_oid(oid, &tbs->eku.val[tbs->eku.len]); - if (ret) + if (ret) { + hx509_set_error_string(context, 0, ret, "out of memory"); return ret; + } tbs->eku.len += 1; return 0; } +int +hx509_ca_tbs_add_crl_dp_uri(hx509_context context, + hx509_ca_tbs tbs, + const char *uri, + hx509_name issuername) +{ + DistributionPoint dp; + int ret; + + memset(&dp, 0, sizeof(dp)); + + dp.distributionPoint = ecalloc(1, sizeof(*dp.distributionPoint)); + + { + DistributionPointName name; + GeneralName gn; + size_t size; + + name.element = choice_DistributionPointName_fullName; + name.u.fullName.len = 1; + name.u.fullName.val = &gn; + + gn.element = choice_GeneralName_uniformResourceIdentifier; + gn.u.uniformResourceIdentifier = rk_UNCONST(uri); + + ASN1_MALLOC_ENCODE(DistributionPointName, + dp.distributionPoint->data, + dp.distributionPoint->length, + &name, &size, ret); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to encoded DistributionPointName"); + goto out; + } + if (dp.distributionPoint->length != size) + _hx509_abort("internal ASN.1 encoder error"); + } + + if (issuername) { +#if 1 + hx509_set_error_string(context, 0, EINVAL, + "CRLDistributionPoints.name.issuername not yet supported"); + return EINVAL; +#else + GeneralNames *crlissuer; + GeneralName gn; + Name n; + + crlissuer = calloc(1, sizeof(*crlissuer)); + if (crlissuer == NULL) { + return ENOMEM; + } + memset(&gn, 0, sizeof(gn)); + + gn.element = choice_GeneralName_directoryName; + ret = hx509_name_to_Name(issuername, &n); + if (ret) { + hx509_set_error_string(context, 0, ret, "out of memory"); + goto out; + } + + gn.u.directoryName.element = n.element; + gn.u.directoryName.u.rdnSequence = n.u.rdnSequence; + + ret = add_GeneralNames(&crlissuer, &gn); + free_Name(&n); + if (ret) { + hx509_set_error_string(context, 0, ret, "out of memory"); + goto out; + } + + dp.cRLIssuer = &crlissuer; +#endif + } + + ret = add_CRLDistributionPoints(&tbs->crldp, &dp); + if (ret) { + hx509_set_error_string(context, 0, ret, "out of memory"); + goto out; + } + +out: + free_DistributionPoint(&dp); + + return ret; +} + int hx509_ca_tbs_add_san_otherName(hx509_context context, hx509_ca_tbs tbs, @@ -282,6 +476,58 @@ out: return ret; } +/* + * + */ + +static int +add_utf8_san(hx509_context context, + hx509_ca_tbs tbs, + const heim_oid *oid, + const char *string) +{ + const PKIXXmppAddr ustring = (const PKIXXmppAddr)string; + heim_octet_string os; + size_t size; + int ret; + + os.length = 0; + os.data = NULL; + + ASN1_MALLOC_ENCODE(PKIXXmppAddr, os.data, os.length, &ustring, &size, ret); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + if (size != os.length) + _hx509_abort("internal ASN.1 encoder error"); + + ret = hx509_ca_tbs_add_san_otherName(context, + tbs, + oid, + &os); + free(os.data); +out: + return ret; +} + +int +hx509_ca_tbs_add_san_ms_upn(hx509_context context, + hx509_ca_tbs tbs, + const char *principal) +{ + return add_utf8_san(context, tbs, oid_id_pkinit_ms_san(), principal); +} + +int +hx509_ca_tbs_add_san_jid(hx509_context context, + hx509_ca_tbs tbs, + const char *jid) +{ + return add_utf8_san(context, tbs, oid_id_pkix_on_xmppAddr(), jid); +} + + int hx509_ca_tbs_add_san_hostname(hx509_context context, hx509_ca_tbs tbs, @@ -321,6 +567,14 @@ hx509_ca_tbs_set_subject(hx509_context context, return hx509_name_copy(context, subject, &tbs->subject); } +int +hx509_ca_tbs_subject_expand(hx509_context context, + hx509_ca_tbs tbs, + hx509_env env) +{ + return hx509_name_expand(context, tbs->subject, env); +} + static int add_extension(hx509_context context, TBSCertificate *tbsc, @@ -410,7 +664,7 @@ ca_sign(hx509_context context, time_t notAfter; unsigned key_usage; - sigalg = hx509_signature_rsa_with_sha1(); + sigalg = _hx509_crypto_default_sig_alg; memset(&c, 0, sizeof(c)); @@ -439,6 +693,7 @@ ca_sign(hx509_context context, KeyUsage ku; memset(&ku, 0, sizeof(ku)); ku.keyCertSign = 1; + ku.cRLSign = 1; key_usage |= KeyUsage2int(ku); } @@ -453,16 +708,25 @@ ca_sign(hx509_context context, hx509_set_error_string(context, 0, ret, "No public key set"); return ret; } - if (tbs->subject == NULL && !tbs->flags.proxy) { - ret = EINVAL; - hx509_set_error_string(context, 0, ret, "No subject name set"); - return ret; + /* + * Don't put restrictions on proxy certificate's subject name, it + * will be generated below. + */ + if (!tbs->flags.proxy) { + if (tbs->subject == NULL) { + hx509_set_error_string(context, 0, EINVAL, "No subject name set"); + return EINVAL; + } + if (hx509_name_is_null_p(tbs->subject) && tbs->san.len == 0) { + hx509_set_error_string(context, 0, EINVAL, + "NULL subject and no SubjectAltNames"); + return EINVAL; + } } if (tbs->flags.ca && tbs->flags.proxy) { - ret = EINVAL; - hx509_set_error_string(context, 0, ret, "Can't be proxy and CA " + hx509_set_error_string(context, 0, EINVAL, "Can't be proxy and CA " "at the same time"); - return ret; + return EINVAL; } if (tbs->flags.proxy) { if (tbs->san.len > 0) { @@ -549,6 +813,22 @@ ca_sign(hx509_context context, goto out; } + /* Add the text BMP string Domaincontroller to the cert */ + if (tbs->flags.domaincontroller) { + data.data = rk_UNCONST("\x1e\x20\x00\x44\x00\x6f\x00\x6d" + "\x00\x61\x00\x69\x00\x6e\x00\x43" + "\x00\x6f\x00\x6e\x00\x74\x00\x72" + "\x00\x6f\x00\x6c\x00\x6c\x00\x65" + "\x00\x72"); + data.length = 34; + + ret = add_extension(context, tbsc, 0, + oid_id_ms_cert_enroll_domaincontroller(), + &data); + if (ret) + goto out; + } + /* add KeyUsage */ { KeyUsage ku; @@ -561,7 +841,7 @@ ca_sign(hx509_context context, } if (size != data.length) _hx509_abort("internal ASN.1 encoder error"); - ret = add_extension(context, tbsc, 1, + ret = add_extension(context, tbsc, 1, oid_id_x509_ce_keyUsage(), &data); free(data.data); if (ret) @@ -678,7 +958,8 @@ ca_sign(hx509_context context, } if (size != data.length) _hx509_abort("internal ASN.1 encoder error"); - ret = add_extension(context, tbsc, 0, + /* Critical if this is a CA */ + ret = add_extension(context, tbsc, tbs->flags.ca, oid_id_x509_ce_basicConstraints(), &data); free(data.data); @@ -728,6 +1009,23 @@ ca_sign(hx509_context context, goto out; } + if (tbs->crldp.len) { + + ASN1_MALLOC_ENCODE(CRLDistributionPoints, data.data, data.length, + &tbs->crldp, &size, ret); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + if (size != data.length) + _hx509_abort("internal ASN.1 encoder error"); + ret = add_extension(context, tbsc, FALSE, + oid_id_x509_ce_cRLDistributionPoints(), + &data); + free(data.data); + if (ret) + goto out; + } ASN1_MALLOC_ENCODE(TBSCertificate, data.data, data.length,tbsc, &size, ret); if (ret) { @@ -772,11 +1070,13 @@ get_AuthorityKeyIdentifier(hx509_context context, if (ret == 0) { ai->keyIdentifier = calloc(1, sizeof(*ai->keyIdentifier)); if (ai->keyIdentifier == NULL) { + free_SubjectKeyIdentifier(&si); ret = ENOMEM; hx509_set_error_string(context, 0, ret, "Out of memory"); goto out; } ret = der_copy_octet_string(&si, ai->keyIdentifier); + free_SubjectKeyIdentifier(&si); if (ret) { hx509_set_error_string(context, 0, ret, "Out of memory"); goto out; @@ -818,6 +1118,7 @@ get_AuthorityKeyIdentifier(hx509_context context, goto out; } + memset(&gn, 0, sizeof(gn)); gn.element = choice_GeneralName_directoryName; gn.u.directoryName.element = choice_GeneralName_directoryName_rdnSequence; diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c index f84c61a798..27b17a0204 100644 --- a/source4/heimdal/lib/hx509/cert.c +++ b/source4/heimdal/lib/hx509/cert.c @@ -32,8 +32,9 @@ */ #include "hx_locl.h" -RCSID("$Id: cert.c,v 1.82 2007/01/09 10:52:03 lha Exp $"); +RCSID("$Id: cert.c 20915 2007-06-05 03:58:56Z lha $"); #include "crypto-headers.h" +#include struct hx509_verify_ctx_data { hx509_certs trust_anchors; @@ -102,11 +103,13 @@ hx509_context_init(hx509_context *context) if (*context == NULL) return ENOMEM; + _hx509_ks_null_register(*context); _hx509_ks_mem_register(*context); _hx509_ks_file_register(*context); _hx509_ks_pkcs12_register(*context); _hx509_ks_pkcs11_register(*context); _hx509_ks_dir_register(*context); + _hx509_ks_keychain_register(*context); ENGINE_add_conf_module(); OpenSSL_add_all_algorithms(); @@ -116,6 +119,11 @@ hx509_context_init(hx509_context *context) initialize_hx_error_table_r(&(*context)->et_list); initialize_asn1_error_table_r(&(*context)->et_list); +#ifdef HX509_DEFAULT_ANCHORS + (void)hx509_certs_init(*context, HX509_DEFAULT_ANCHORS, 0, + NULL, &(*context)->default_trust_anchors); +#endif + return 0; } @@ -138,6 +146,9 @@ hx509_context_free(hx509_context *context) } (*context)->ks_num_ops = 0; free_error_table ((*context)->et_list); + if ((*context)->querystat) + free((*context)->querystat); + memset(*context, 0, sizeof(**context)); free(*context); *context = NULL; } @@ -836,7 +847,7 @@ find_parent(hx509_context context, hx509_set_error_string(context, 0, HX509_ISSUER_NOT_FOUND, "Failed to find issuer for " - "certificate with subject: %s", str); + "certificate with subject: '%s'", str); free(str); } return HX509_ISSUER_NOT_FOUND; @@ -847,7 +858,9 @@ find_parent(hx509_context context, */ static int -is_proxy_cert(hx509_context context, const Certificate *cert, ProxyCertInfo *rinfo) +is_proxy_cert(hx509_context context, + const Certificate *cert, + ProxyCertInfo *rinfo) { ProxyCertInfo info; const Extension *e; @@ -876,7 +889,9 @@ is_proxy_cert(hx509_context context, const Certificate *cert, ProxyCertInfo *rin hx509_clear_error_string(context); return HX509_EXTRA_DATA_AFTER_STRUCTURE; } - if (rinfo) + if (rinfo == NULL) + free_ProxyCertInfo(&info); + else *rinfo = info; return 0; @@ -969,8 +984,10 @@ _hx509_calculate_path(hx509_context context, current = parent; if (path->len > max_depth) { + hx509_cert_free(current); hx509_set_error_string(context, 0, HX509_PATH_TOO_LONG, - "Path too long while bulding certificate chain"); + "Path too long while bulding " + "certificate chain"); return HX509_PATH_TOO_LONG; } } @@ -1065,6 +1082,25 @@ hx509_cert_get_serialnumber(hx509_cert p, heim_integer *i) return der_copy_heim_integer(&p->data->tbsCertificate.serialNumber, i); } +time_t +hx509_cert_get_notBefore(hx509_cert p) +{ + return _hx509_Time2time_t(&p->data->tbsCertificate.validity.notBefore); +} + +time_t +hx509_cert_get_notAfter(hx509_cert p) +{ + return _hx509_Time2time_t(&p->data->tbsCertificate.validity.notAfter); +} + +int +hx509_cert_get_SPKI(hx509_cert p, SubjectPublicKeyInfo *spki) +{ + return copy_SubjectPublicKeyInfo(&p->data->tbsCertificate.subjectPublicKeyInfo, + spki); +} + hx509_private_key _hx509_cert_private_key(hx509_cert p) { @@ -1349,7 +1385,7 @@ match_tree(const GeneralSubtrees *t, const Certificate *c, int *match) { GeneralName certname; - + memset(&certname, 0, sizeof(certname)); certname.element = choice_GeneralName_directoryName; certname.u.directoryName.element = c->tbsCertificate.subject.element; @@ -1435,6 +1471,7 @@ hx509_verify_path(hx509_context context, int ret, i, proxy_cert_depth; enum certtype type; Name proxy_issuer; + hx509_certs anchors = NULL; memset(&proxy_issuer, 0, sizeof(proxy_issuer)); @@ -1448,12 +1485,25 @@ hx509_verify_path(hx509_context context, if ((ctx->flags & HX509_VERIFY_CTX_F_TIME_SET) == 0) ctx->time_now = time(NULL); + /* + * + */ + ret = hx509_certs_init(context, "MEMORY:trust-anchors", 0, NULL, &anchors); + if (ret) + goto out; + ret = hx509_certs_merge(context, anchors, ctx->trust_anchors); + if (ret) + goto out; + ret = hx509_certs_merge(context, anchors, context->default_trust_anchors); + if (ret) + goto out; + /* * Calculate the path from the certificate user presented to the * to an anchor. */ ret = _hx509_calculate_path(context, 0, ctx->time_now, - ctx->trust_anchors, ctx->max_depth, + anchors, ctx->max_depth, cert, pool, &path); if (ret) goto out; @@ -1775,6 +1825,7 @@ hx509_verify_path(hx509_context context, } out: + hx509_certs_free(&anchors); free_Name(&proxy_issuer); free_name_constraints(&nc); _hx509_path_free(&path); @@ -2030,6 +2081,8 @@ _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert { Certificate *c = _hx509_get_cert(cert); + _hx509_query_statistic(context, 1, q); + if ((q->match & HX509_QUERY_FIND_ISSUER_CERT) && _hx509_cert_is_parent_cmp(q->subject, c, 0) != 0) return 0; @@ -2154,6 +2207,139 @@ _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert return 1; } +void +hx509_query_statistic_file(hx509_context context, const char *fn) +{ + if (context->querystat) + free(context->querystat); + context->querystat = strdup(fn); +} + +void +_hx509_query_statistic(hx509_context context, int type, const hx509_query *q) +{ + FILE *f; + if (context->querystat == NULL) + return; + f = fopen(context->querystat, "a"); + if (f == NULL) + return; + fprintf(f, "%d %d\n", type, q->match); + fclose(f); +} + +static const char *statname[] = { + "find issuer cert", + "match serialnumber", + "match issuer name", + "match subject name", + "match subject key id", + "match issuer id", + "private key", + "ku encipherment", + "ku digitalsignature", + "ku keycertsign", + "ku crlsign", + "ku nonrepudiation", + "ku keyagreement", + "ku dataencipherment", + "anchor", + "match certificate", + "match local key id", + "no match path", + "match friendly name", + "match function", + "match key hash sha1", + "match time" +}; + +struct stat_el { + unsigned long stats; + unsigned int index; +}; + + +static int +stat_sort(const void *a, const void *b) +{ + const struct stat_el *ae = a; + const struct stat_el *be = b; + return be->stats - ae->stats; +} + +void +hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out) +{ + rtbl_t t; + FILE *f; + int type, mask, i, num; + unsigned long multiqueries = 0, totalqueries = 0; + struct stat_el stats[32]; + + if (context->querystat == NULL) + return; + f = fopen(context->querystat, "r"); + if (f == NULL) { + fprintf(out, "No statistic file %s: %s.\n", + context->querystat, strerror(errno)); + return; + } + + for (i = 0; i < sizeof(stats)/sizeof(stats[0]); i++) { + stats[i].index = i; + stats[i].stats = 0; + } + + while (fscanf(f, "%d %d\n", &type, &mask) == 2) { + if (type != printtype) + continue; + num = i = 0; + while (mask && i < sizeof(stats)/sizeof(stats[0])) { + if (mask & 1) { + stats[i].stats++; + num++; + } + mask = mask >>1 ; + i++; + } + if (num > 1) + multiqueries++; + totalqueries++; + } + fclose(f); + + qsort(stats, sizeof(stats)/sizeof(stats[0]), sizeof(stats[0]), stat_sort); + + t = rtbl_create(); + if (t == NULL) + errx(1, "out of memory"); + + rtbl_set_separator (t, " "); + + rtbl_add_column_by_id (t, 0, "Name", 0); + rtbl_add_column_by_id (t, 1, "Counter", 0); + + + for (i = 0; i < sizeof(stats)/sizeof(stats[0]); i++) { + char str[10]; + + if (stats[i].index < sizeof(statname)/sizeof(statname[0])) + rtbl_add_column_entry_by_id (t, 0, statname[stats[i].index]); + else { + snprintf(str, sizeof(str), "%d", stats[i].index); + rtbl_add_column_entry_by_id (t, 0, str); + } + snprintf(str, sizeof(str), "%lu", stats[i].stats); + rtbl_add_column_entry_by_id (t, 1, str); + } + + rtbl_format(t, out); + rtbl_destroy(t); + + fprintf(out, "\nQueries: multi %lu total %lu\n", + multiqueries, totalqueries); +} + int hx509_cert_check_eku(hx509_context context, hx509_cert cert, const heim_oid *eku, int allow_any_eku) @@ -2212,3 +2398,39 @@ _hx509_cert_get_keyusage(hx509_context context, return ret; return 0; } + +int +_hx509_cert_get_eku(hx509_context context, + hx509_cert cert, + ExtKeyUsage *e) +{ + int ret; + + memset(e, 0, sizeof(*e)); + + ret = find_extension_eku(_hx509_get_cert(cert), e); + if (ret && ret != HX509_EXTENSION_NOT_FOUND) { + hx509_clear_error_string(context); + return ret; + } + return 0; +} + +int +hx509_cert_binary(hx509_context context, hx509_cert c, heim_octet_string *os) +{ + size_t size; + int ret; + + os->data = NULL; + os->length = 0; + + ASN1_MALLOC_ENCODE(Certificate, os->data, os->length, + _hx509_get_cert(c), &size, ret); + if (ret) + return ret; + if (os->length != size) + _hx509_abort("internal ASN.1 encoder error"); + + return ret; +} diff --git a/source4/heimdal/lib/hx509/cms.c b/source4/heimdal/lib/hx509/cms.c index 4ed70b8f84..29ca80e194 100644 --- a/source4/heimdal/lib/hx509/cms.c +++ b/source4/heimdal/lib/hx509/cms.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: cms.c,v 1.48 2007/01/08 18:45:03 lha Exp $"); +RCSID("$Id: cms.c 20937 2007-06-06 20:50:55Z lha $"); #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0) @@ -302,6 +302,11 @@ hx509_cms_unenvelope(hx509_context context, goto out; } enccontent = encryptedContent; + } else if (encryptedContent != NULL) { + ret = HX509_CMS_NO_DATA_AVAILABLE; + hx509_set_error_string(context, 0, ret, + "Both internal and external encrypted data"); + goto out; } cert = NULL; @@ -423,6 +428,7 @@ out: int hx509_cms_envelope_1(hx509_context context, + int flags, hx509_cert cert, const void *data, size_t length, @@ -621,6 +627,7 @@ hx509_cms_verify_signed(hx509_context context, hx509_verify_ctx ctx, const void *data, size_t length, + const heim_octet_string *signedContent, hx509_certs store, heim_oid *contentType, heim_octet_string *content, @@ -648,12 +655,20 @@ hx509_cms_verify_signed(hx509_context context, goto out; } - if (sd.encapContentInfo.eContent == NULL) { + if (sd.encapContentInfo.eContent == NULL && signedContent == NULL) { ret = HX509_CMS_NO_DATA_AVAILABLE; hx509_set_error_string(context, 0, ret, "No content data in SignedData"); goto out; } + if (sd.encapContentInfo.eContent && signedContent) { + ret = HX509_CMS_NO_DATA_AVAILABLE; + hx509_set_error_string(context, 0, ret, + "Both external and internal SignedData"); + goto out; + } + if (sd.encapContentInfo.eContent) + signedContent = sd.encapContentInfo.eContent; ret = hx509_certs_init(context, "MEMORY:cms-cert-buffer", 0, NULL, &certs); @@ -739,7 +754,7 @@ hx509_cms_verify_signed(hx509_context context, ret = _hx509_verify_signature(context, NULL, &signer_info->digestAlgorithm, - sd.encapContentInfo.eContent, + signedContent, &os); der_free_octet_string(&os); if (ret) { @@ -801,7 +816,7 @@ hx509_cms_verify_signed(hx509_context context, _hx509_abort("internal ASN.1 encoder error"); } else { - signed_data = sd.encapContentInfo.eContent; + signed_data = rk_UNCONST(signedContent); match_oid = oid_id_pkcs7_data(); } @@ -824,7 +839,7 @@ hx509_cms_verify_signed(hx509_context context, "Failed to verify sigature in " "CMS SignedData"); } - if (signed_data != sd.encapContentInfo.eContent) { + if (signed_data != signedContent) { der_free_octet_string(signed_data); free(signed_data); } @@ -861,14 +876,14 @@ hx509_cms_verify_signed(hx509_context context, goto out; } - content->data = malloc(sd.encapContentInfo.eContent->length); + content->data = malloc(signedContent->length); if (content->data == NULL) { hx509_clear_error_string(context); ret = ENOMEM; goto out; } - content->length = sd.encapContentInfo.eContent->length; - memcpy(content->data,sd.encapContentInfo.eContent->data,content->length); + content->length = signedContent->length; + memcpy(content->data, signedContent->data, content->length); out: free_SignedData(&sd); @@ -884,38 +899,6 @@ out: return ret; } -int -_hx509_set_digest_alg(DigestAlgorithmIdentifier *id, - const heim_oid *oid, - void *param, size_t length) -{ - int ret; - if (param) { - id->parameters = malloc(sizeof(*id->parameters)); - if (id->parameters == NULL) - return ENOMEM; - id->parameters->data = malloc(length); - if (id->parameters->data == NULL) { - free(id->parameters); - id->parameters = NULL; - return ENOMEM; - } - memcpy(id->parameters->data, param, length); - id->parameters->length = length; - } else - id->parameters = NULL; - ret = der_copy_oid(oid, &id->algorithm); - if (ret) { - if (id->parameters) { - free(id->parameters->data); - free(id->parameters); - id->parameters = NULL; - } - return ret; - } - return 0; -} - static int add_one_attribute(Attribute **attr, unsigned int *len, @@ -950,6 +933,7 @@ add_one_attribute(Attribute **attr, int hx509_cms_create_signed_1(hx509_context context, + int flags, const heim_oid *eContentType, const void *data, size_t length, const AlgorithmIdentifier *digest_alg, @@ -962,7 +946,7 @@ hx509_cms_create_signed_1(hx509_context context, AlgorithmIdentifier digest; hx509_name name; SignerInfo *signer_info; - heim_octet_string buf; + heim_octet_string buf, content, sigdata = { 0, NULL }; SignedData sd; int ret; size_t size; @@ -973,6 +957,9 @@ hx509_cms_create_signed_1(hx509_context context, memset(&path, 0, sizeof(path)); memset(&digest, 0, sizeof(digest)); + content.data = rk_UNCONST(data); + content.length = length; + if (_hx509_cert_private_key(cert) == NULL) { hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING, "Private key missing for signing"); @@ -992,22 +979,29 @@ hx509_cms_create_signed_1(hx509_context context, sd.version = CMSVersion_v3; + if (eContentType == NULL) + eContentType = oid_id_pkcs7_data(); + der_copy_oid(eContentType, &sd.encapContentInfo.eContentType); - ALLOC(sd.encapContentInfo.eContent, 1); - if (sd.encapContentInfo.eContent == NULL) { - hx509_clear_error_string(context); - ret = ENOMEM; - goto out; - } - sd.encapContentInfo.eContent->data = malloc(length); - if (sd.encapContentInfo.eContent->data == NULL) { - hx509_clear_error_string(context); - ret = ENOMEM; - goto out; + /* */ + if ((flags & HX509_CMS_SIGATURE_DETACHED) == 0) { + ALLOC(sd.encapContentInfo.eContent, 1); + if (sd.encapContentInfo.eContent == NULL) { + hx509_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + sd.encapContentInfo.eContent->data = malloc(length); + if (sd.encapContentInfo.eContent->data == NULL) { + hx509_clear_error_string(context); + ret = ENOMEM; + goto out; + } + memcpy(sd.encapContentInfo.eContent->data, data, length); + sd.encapContentInfo.eContent->length = length; } - memcpy(sd.encapContentInfo.eContent->data, data, length); - sd.encapContentInfo.eContent->length = length; ALLOC_SEQ(&sd.signerInfos, 1); if (sd.signerInfos.val == NULL) { @@ -1029,39 +1023,43 @@ hx509_cms_create_signed_1(hx509_context context, signer_info->signedAttrs = NULL; signer_info->unsignedAttrs = NULL; - ALLOC(signer_info->signedAttrs, 1); - if (signer_info->signedAttrs == NULL) { - ret = ENOMEM; + + ret = copy_AlgorithmIdentifier(&digest, &signer_info->digestAlgorithm); + if (ret) { + hx509_clear_error_string(context); goto out; } - { - heim_octet_string data; + /* + * If its not pkcs7-data send signedAttributes + */ - ret = copy_AlgorithmIdentifier(&digest, &signer_info->digestAlgorithm); - if (ret) { - hx509_clear_error_string(context); + if (der_heim_oid_cmp(eContentType, oid_id_pkcs7_data()) != 0) { + CMSAttributes sa; + heim_octet_string sig; + + ALLOC(signer_info->signedAttrs, 1); + if (signer_info->signedAttrs == NULL) { + ret = ENOMEM; goto out; } ret = _hx509_create_signature(context, NULL, &digest, - sd.encapContentInfo.eContent, + &content, NULL, - &data); - if (ret) { - hx509_clear_error_string(context); + &sig); + if (ret) goto out; - } ASN1_MALLOC_ENCODE(MessageDigest, buf.data, buf.length, - &data, + &sig, &size, ret); - der_free_octet_string(&data); + der_free_octet_string(&sig); if (ret) { hx509_clear_error_string(context); goto out; @@ -1078,9 +1076,6 @@ hx509_cms_create_signed_1(hx509_context context, goto out; } - } - - if (der_heim_oid_cmp(eContentType, oid_id_pkcs7_data()) != 0) { ASN1_MALLOC_ENCODE(ContentType, buf.data, @@ -1101,19 +1096,13 @@ hx509_cms_create_signed_1(hx509_context context, hx509_clear_error_string(context); goto out; } - } - - { - CMSAttributes sa; - heim_octet_string os; - sa.val = signer_info->signedAttrs->val; sa.len = signer_info->signedAttrs->len; ASN1_MALLOC_ENCODE(CMSAttributes, - os.data, - os.length, + sigdata.data, + sigdata.length, &sa, &size, ret); @@ -1121,21 +1110,32 @@ hx509_cms_create_signed_1(hx509_context context, hx509_clear_error_string(context); goto out; } - if (size != os.length) + if (size != sigdata.length) _hx509_abort("internal ASN.1 encoder error"); - + } else { + sigdata.data = content.data; + sigdata.length = content.length; + } + + + { + AlgorithmIdentifier sigalg; + + ret = hx509_crypto_select(context, HX509_SELECT_PUBLIC_SIG, + _hx509_cert_private_key(cert), peer, + &sigalg); + if (ret) + goto out; + ret = _hx509_create_signature(context, _hx509_cert_private_key(cert), - hx509_signature_rsa_with_sha1(), - &os, + &sigalg, + &sigdata, &signer_info->signatureAlgorithm, &signer_info->signature); - - der_free_octet_string(&os); - if (ret) { - hx509_clear_error_string(context); + free_AlgorithmIdentifier(&sigalg); + if (ret) goto out; - } } ALLOC_SEQ(&sd.digestAlgorithms, 1); @@ -1184,17 +1184,12 @@ hx509_cms_create_signed_1(hx509_context context, } for (i = 0; i < path.len; i++) { - ASN1_MALLOC_ENCODE(Certificate, - sd.certificates->val[i].data, - sd.certificates->val[i].length, - _hx509_get_cert(path.val[i]), - &size, ret); + ret = hx509_cert_binary(context, path.val[i], + &sd.certificates->val[i]); if (ret) { hx509_clear_error_string(context); goto out; } - if (sd.certificates->val[i].length != size) - _hx509_abort("internal ASN.1 encoder error"); } } @@ -1209,6 +1204,8 @@ hx509_cms_create_signed_1(hx509_context context, _hx509_abort("internal ASN.1 encoder error"); out: + if (sigdata.data != content.data) + der_free_octet_string(&sigdata); free_AlgorithmIdentifier(&digest); _hx509_path_free(&path); free_SignedData(&sd); diff --git a/source4/heimdal/lib/hx509/collector.c b/source4/heimdal/lib/hx509/collector.c index ec172f46f4..8b6ffcb945 100644 --- a/source4/heimdal/lib/hx509/collector.c +++ b/source4/heimdal/lib/hx509/collector.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: collector.c,v 1.16 2007/01/09 10:52:04 lha Exp $"); +RCSID("$Id: collector.c 20778 2007-06-01 22:04:13Z lha $"); struct private_key { AlgorithmIdentifier alg; @@ -51,22 +51,26 @@ struct hx509_collector { }; -struct hx509_collector * -_hx509_collector_alloc(hx509_context context, hx509_lock lock) +int +_hx509_collector_alloc(hx509_context context, hx509_lock lock, struct hx509_collector **collector) { struct hx509_collector *c; int ret; + *collector = NULL; + c = calloc(1, sizeof(*c)); - if (c == NULL) - return NULL; + if (c == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } c->lock = lock; ret = hx509_certs_init(context, "MEMORY:collector-unenvelop-cert", 0,NULL, &c->unenvelop_certs); if (ret) { free(c); - return NULL; + return ret; } c->val.data = NULL; c->val.len = 0; @@ -75,10 +79,11 @@ _hx509_collector_alloc(hx509_context context, hx509_lock lock) if (ret) { hx509_certs_free(&c->unenvelop_certs); free(c); - return NULL; + return ret; } - return c; + *collector = c; + return 0; } hx509_lock diff --git a/source4/heimdal/lib/hx509/crmf.asn1 b/source4/heimdal/lib/hx509/crmf.asn1 index 4f02b26872..97ade264ae 100644 --- a/source4/heimdal/lib/hx509/crmf.asn1 +++ b/source4/heimdal/lib/hx509/crmf.asn1 @@ -1,4 +1,4 @@ --- $Id: crmf.asn1,v 1.1 2006/04/18 13:05:21 lha Exp $ +-- $Id: crmf.asn1 17102 2006-04-18 13:05:21Z lha $ PKCS10 DEFINITIONS ::= BEGIN diff --git a/source4/heimdal/lib/hx509/crypto.c b/source4/heimdal/lib/hx509/crypto.c index dac0a8160b..96d9693cc2 100644 --- a/source4/heimdal/lib/hx509/crypto.c +++ b/source4/heimdal/lib/hx509/crypto.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: crypto.c,v 1.63 2007/01/09 10:52:05 lha Exp $"); +RCSID("$Id: crypto.c 20939 2007-06-06 20:53:02Z lha $"); struct hx509_crypto; @@ -42,6 +42,11 @@ enum crypto_op_type { COT_SIGN }; +struct hx509_generate_private_context { + const heim_oid *key_oid; + int isCA; + unsigned long num_bits; +}; struct hx509_private_key_ops { const char *pemtype; @@ -56,8 +61,9 @@ struct hx509_private_key_ops { const void *data, size_t len, hx509_private_key private_key); - int (*generate_private_key)(hx509_context context, - hx509_private_key private_key); + int (*generate_private_key)(hx509_context, + struct hx509_generate_private_context *, + hx509_private_key); int (*handle_alg)(const hx509_private_key, const AlgorithmIdentifier *, enum crypto_op_type); @@ -96,7 +102,7 @@ struct hx509_private_key { */ struct signature_alg { - char *name; + const char *name; const heim_oid *(*sig_oid)(void); const AlgorithmIdentifier *(*sig_alg)(void); const heim_oid *(*key_oid)(void); @@ -107,8 +113,7 @@ struct signature_alg { #define SIG_DIGEST 0x100 #define SIG_PUBLIC_SIG 0x200 -#define SIG_PUBLIC_ENC 0x400 -#define SIG_SECRET 0x800 +#define SIG_SECRET 0x400 int (*verify_signature)(hx509_context context, const struct signature_alg *, @@ -123,9 +128,6 @@ struct signature_alg { const heim_octet_string *, AlgorithmIdentifier *, heim_octet_string *); - int (*private_key2SPKI)(hx509_context, - hx509_private_key, - SubjectPublicKeyInfo *); }; /* @@ -142,6 +144,46 @@ heim_int2BN(const heim_integer *i) return bn; } +/* + * + */ + +static int +set_digest_alg(DigestAlgorithmIdentifier *id, + const heim_oid *oid, + const void *param, size_t length) +{ + int ret; + if (param) { + id->parameters = malloc(sizeof(*id->parameters)); + if (id->parameters == NULL) + return ENOMEM; + id->parameters->data = malloc(length); + if (id->parameters->data == NULL) { + free(id->parameters); + id->parameters = NULL; + return ENOMEM; + } + memcpy(id->parameters->data, param, length); + id->parameters->length = length; + } else + id->parameters = NULL; + ret = der_copy_oid(oid, &id->algorithm); + if (ret) { + if (id->parameters) { + free(id->parameters->data); + free(id->parameters); + id->parameters = NULL; + } + return ret; + } + return 0; +} + +/* + * + */ + static int rsa_verify_signature(hx509_context context, const struct signature_alg *sig_alg, @@ -280,12 +322,13 @@ rsa_create_signature(hx509_context context, digest_alg = hx509_signature_md5(); } else if (der_heim_oid_cmp(sig_oid, oid_id_dsa_with_sha1()) == 0) { digest_alg = hx509_signature_sha1(); + } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_rsaEncryption()) == 0) { + digest_alg = hx509_signature_sha1(); } else return HX509_ALG_NOT_SUPP; if (signatureAlgorithm) { - ret = _hx509_set_digest_alg(signatureAlgorithm, - sig_oid, "\x05\x00", 2); + ret = set_digest_alg(signatureAlgorithm, sig_oid, "\x05\x00", 2); if (ret) { hx509_clear_error_string(context); return ret; @@ -380,9 +423,8 @@ rsa_private_key2SPKI(hx509_context context, } spki->subjectPublicKey.length = len * 8; - ret = _hx509_set_digest_alg(&spki->algorithm, - oid_id_pkcs1_rsaEncryption(), - "\x05\x00", 2); + ret = set_digest_alg(&spki->algorithm,oid_id_pkcs1_rsaEncryption(), + "\x05\x00", 2); if (ret) { hx509_set_error_string(context, 0, ret, "malloc - out of memory"); free(spki->subjectPublicKey.data); @@ -400,17 +442,13 @@ rsa_private_key2SPKI(hx509_context context, } static int -cb_func(int a, int b, BN_GENCB *c) +rsa_generate_private_key(hx509_context context, + struct hx509_generate_private_context *ctx, + hx509_private_key private_key) { - return 1; -} - -static int -rsa_generate_private_key(hx509_context context, hx509_private_key private_key) -{ - BN_GENCB cb; BIGNUM *e; int ret; + unsigned long bits; static const int default_rsa_e = 65537; static const int default_rsa_bits = 1024; @@ -425,9 +463,14 @@ rsa_generate_private_key(hx509_context context, hx509_private_key private_key) e = BN_new(); BN_set_word(e, default_rsa_e); - BN_GENCB_set(&cb, cb_func, NULL); - ret = RSA_generate_key_ex(private_key->private_key.rsa, - default_rsa_bits, e, &cb); + bits = default_rsa_bits; + + if (ctx->num_bits) + bits = ctx->num_bits; + else if (ctx->isCA) + bits *= 2; + + ret = RSA_generate_key_ex(private_key->private_key.rsa, bits, e, NULL); BN_free(e); if (ret != 1) { hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, @@ -642,8 +685,8 @@ sha256_create_signature(hx509_context context, if (signatureAlgorithm) { int ret; - ret = _hx509_set_digest_alg(signatureAlgorithm, - (*sig_alg->sig_oid)(), "\x05\x00", 2); + ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(), + "\x05\x00", 2); if (ret) return ret; } @@ -708,8 +751,8 @@ sha1_create_signature(hx509_context context, if (signatureAlgorithm) { int ret; - ret = _hx509_set_digest_alg(signatureAlgorithm, - (*sig_alg->sig_oid)(), "\x05\x00", 2); + ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(), + "\x05\x00", 2); if (ret) return ret; } @@ -789,7 +832,7 @@ md2_verify_signature(hx509_context context, return 0; } -static struct signature_alg pkcs1_rsa_sha1_alg = { +static const struct signature_alg pkcs1_rsa_sha1_alg = { "rsa", oid_id_pkcs1_rsaEncryption, hx509_signature_rsa_with_sha1, @@ -797,11 +840,10 @@ static struct signature_alg pkcs1_rsa_sha1_alg = { NULL, PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, rsa_verify_signature, - rsa_create_signature, - rsa_private_key2SPKI + rsa_create_signature }; -static struct signature_alg rsa_with_sha256_alg = { +static const struct signature_alg rsa_with_sha256_alg = { "rsa-with-sha256", oid_id_pkcs1_sha256WithRSAEncryption, hx509_signature_rsa_with_sha256, @@ -809,11 +851,10 @@ static struct signature_alg rsa_with_sha256_alg = { oid_id_sha256, PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, rsa_verify_signature, - rsa_create_signature, - rsa_private_key2SPKI + rsa_create_signature }; -static struct signature_alg rsa_with_sha1_alg = { +static const struct signature_alg rsa_with_sha1_alg = { "rsa-with-sha1", oid_id_pkcs1_sha1WithRSAEncryption, hx509_signature_rsa_with_sha1, @@ -821,11 +862,10 @@ static struct signature_alg rsa_with_sha1_alg = { oid_id_secsig_sha_1, PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, rsa_verify_signature, - rsa_create_signature, - rsa_private_key2SPKI + rsa_create_signature }; -static struct signature_alg rsa_with_md5_alg = { +static const struct signature_alg rsa_with_md5_alg = { "rsa-with-md5", oid_id_pkcs1_md5WithRSAEncryption, hx509_signature_rsa_with_md5, @@ -833,11 +873,10 @@ static struct signature_alg rsa_with_md5_alg = { oid_id_rsa_digest_md5, PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, rsa_verify_signature, - rsa_create_signature, - rsa_private_key2SPKI + rsa_create_signature }; -static struct signature_alg rsa_with_md2_alg = { +static const struct signature_alg rsa_with_md2_alg = { "rsa-with-md2", oid_id_pkcs1_md2WithRSAEncryption, hx509_signature_rsa_with_md2, @@ -845,11 +884,10 @@ static struct signature_alg rsa_with_md2_alg = { oid_id_rsa_digest_md2, PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, rsa_verify_signature, - rsa_create_signature, - rsa_private_key2SPKI + rsa_create_signature }; -static struct signature_alg dsa_sha1_alg = { +static const struct signature_alg dsa_sha1_alg = { "dsa-with-sha1", oid_id_dsa_with_sha1, NULL, @@ -860,7 +898,7 @@ static struct signature_alg dsa_sha1_alg = { /* create_signature */ NULL, }; -static struct signature_alg sha256_alg = { +static const struct signature_alg sha256_alg = { "sha-256", oid_id_sha256, hx509_signature_sha256, @@ -871,7 +909,7 @@ static struct signature_alg sha256_alg = { sha256_create_signature }; -static struct signature_alg sha1_alg = { +static const struct signature_alg sha1_alg = { "sha1", oid_id_secsig_sha_1, hx509_signature_sha1, @@ -882,7 +920,7 @@ static struct signature_alg sha1_alg = { sha1_create_signature }; -static struct signature_alg md5_alg = { +static const struct signature_alg md5_alg = { "rsa-md5", oid_id_rsa_digest_md5, hx509_signature_md5, @@ -892,7 +930,7 @@ static struct signature_alg md5_alg = { md5_verify_signature }; -static struct signature_alg md2_alg = { +static const struct signature_alg md2_alg = { "rsa-md2", oid_id_rsa_digest_md2, hx509_signature_md2, @@ -907,12 +945,13 @@ static struct signature_alg md2_alg = { * compatible" type (type is RSA, DSA, none, etc) */ -static struct signature_alg *sig_algs[] = { +static const struct signature_alg *sig_algs[] = { &rsa_with_sha256_alg, &rsa_with_sha1_alg, &pkcs1_rsa_sha1_alg, &rsa_with_md5_alg, &rsa_with_md2_alg, + &pkcs1_rsa_sha1_alg, &dsa_sha1_alg, &sha256_alg, &sha1_alg, @@ -1234,9 +1273,57 @@ _hx509_private_key2SPKI(hx509_context context, return (*ops->get_spki)(context, private_key, spki); } +int +_hx509_generate_private_key_init(hx509_context context, + const heim_oid *oid, + struct hx509_generate_private_context **ctx) +{ + *ctx = NULL; + + if (der_heim_oid_cmp(oid, oid_id_pkcs1_rsaEncryption()) != 0) { + hx509_set_error_string(context, 0, EINVAL, + "private key not an RSA key"); + return EINVAL; + } + + *ctx = calloc(1, sizeof(**ctx)); + if (*ctx == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + (*ctx)->key_oid = oid; + + return 0; +} + +int +_hx509_generate_private_key_is_ca(hx509_context context, + struct hx509_generate_private_context *ctx) +{ + ctx->isCA = 1; + return 0; +} + +int +_hx509_generate_private_key_bits(hx509_context context, + struct hx509_generate_private_context *ctx, + unsigned long bits) +{ + ctx->num_bits = bits; + return 0; +} + + +void +_hx509_generate_private_key_free(struct hx509_generate_private_context **ctx) +{ + free(*ctx); + *ctx = NULL; +} + int _hx509_generate_private_key(hx509_context context, - const heim_oid *key_oid, + struct hx509_generate_private_context *ctx, hx509_private_key *private_key) { struct hx509_private_key_ops *ops; @@ -1244,7 +1331,7 @@ _hx509_generate_private_key(hx509_context context, *private_key = NULL; - ops = find_private_alg(key_oid); + ops = find_private_alg(ctx->key_oid); if (ops == NULL) { hx509_clear_error_string(context); return HX509_SIG_ALG_NO_SUPPORTED; @@ -1256,7 +1343,7 @@ _hx509_generate_private_key(hx509_context context, return ret; } - ret = (*ops->generate_private_key)(context, *private_key); + ret = (*ops->generate_private_key)(context, ctx, *private_key); if (ret) _hx509_private_key_free(private_key); @@ -1268,21 +1355,21 @@ _hx509_generate_private_key(hx509_context context, * */ -static const heim_octet_string null_entry_oid = { 2, "\x05\x00" }; +static const heim_octet_string null_entry_oid = { 2, rk_UNCONST("\x05\x00") }; -static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 3 }; +static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 }; const AlgorithmIdentifier _hx509_signature_sha512_data = { - { 8, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid) + { 9, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid) }; -static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2 }; +static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 }; const AlgorithmIdentifier _hx509_signature_sha384_data = { - { 8, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid) + { 9, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid) }; static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 }; const AlgorithmIdentifier _hx509_signature_sha256_data = { - { 8, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid) + { 9, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid) }; static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 }; @@ -1335,6 +1422,20 @@ const AlgorithmIdentifier _hx509_signature_rsa_data = { { 7, rk_UNCONST(rsa_oid) }, NULL }; +static const unsigned des_rsdi_ede3_cbc_oid[] ={ 1, 2, 840, 113549, 3, 7 }; +const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid = { + { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid) }, NULL +}; + +static const unsigned aes128_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 }; +const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data = { + { 9, rk_UNCONST(aes128_cbc_oid) }, NULL +}; + +static const unsigned aes256_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 }; +const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data = { + { 9, rk_UNCONST(aes256_cbc_oid) }, NULL +}; const AlgorithmIdentifier * hx509_signature_sha512(void) @@ -1388,6 +1489,33 @@ const AlgorithmIdentifier * hx509_signature_rsa(void) { return &_hx509_signature_rsa_data; } +const AlgorithmIdentifier * +hx509_crypto_des_rsdi_ede3_cbc(void) +{ return &_hx509_des_rsdi_ede3_cbc_oid; } + +const AlgorithmIdentifier * +hx509_crypto_aes128_cbc(void) +{ return &_hx509_crypto_aes128_cbc_data; } + +const AlgorithmIdentifier * +hx509_crypto_aes256_cbc(void) +{ return &_hx509_crypto_aes256_cbc_data; } + +/* + * + */ + +const AlgorithmIdentifier * _hx509_crypto_default_sig_alg = + &_hx509_signature_rsa_with_sha1_data; +const AlgorithmIdentifier * _hx509_crypto_default_digest_alg = + &_hx509_signature_sha1_data; +const AlgorithmIdentifier * _hx509_crypto_default_secret_alg = + &_hx509_crypto_aes128_cbc_data; + +/* + * + */ + int _hx509_private_key_init(hx509_private_key *key, hx509_private_key_ops *ops, @@ -1487,6 +1615,7 @@ _hx509_private_key_export(hx509_context context, struct hx509cipher { const char *name; const heim_oid *(*oid_func)(void); + const AlgorithmIdentifier *(*ai_func)(void); const EVP_CIPHER *(*evp_func)(void); int (*get_params)(hx509_context, const hx509_crypto, const heim_octet_string *, heim_octet_string *); @@ -1654,6 +1783,7 @@ static const struct hx509cipher ciphers[] = { { "rc2-cbc", oid_id_pkcs3_rc2_cbc, + NULL, EVP_rc2_cbc, CMSRC2CBCParam_get, CMSRC2CBCParam_set @@ -1661,6 +1791,7 @@ static const struct hx509cipher ciphers[] = { { "rc2-cbc", oid_id_rsadsi_rc2_cbc, + NULL, EVP_rc2_cbc, CMSRC2CBCParam_get, CMSRC2CBCParam_set @@ -1668,6 +1799,7 @@ static const struct hx509cipher ciphers[] = { { "rc2-40-cbc", oid_private_rc2_40, + NULL, EVP_rc2_40_cbc, CMSRC2CBCParam_get, CMSRC2CBCParam_set @@ -1675,6 +1807,7 @@ static const struct hx509cipher ciphers[] = { { "des-ede3-cbc", oid_id_pkcs3_des_ede3_cbc, + NULL, EVP_des_ede3_cbc, CMSCBCParam_get, CMSCBCParam_set @@ -1682,6 +1815,7 @@ static const struct hx509cipher ciphers[] = { { "des-ede3-cbc", oid_id_rsadsi_des_ede3_cbc, + hx509_crypto_des_rsdi_ede3_cbc, EVP_des_ede3_cbc, CMSCBCParam_get, CMSCBCParam_set @@ -1689,6 +1823,7 @@ static const struct hx509cipher ciphers[] = { { "aes-128-cbc", oid_id_aes_128_cbc, + hx509_crypto_aes128_cbc, EVP_aes_128_cbc, CMSCBCParam_get, CMSCBCParam_set @@ -1696,6 +1831,7 @@ static const struct hx509cipher ciphers[] = { { "aes-192-cbc", oid_id_aes_192_cbc, + NULL, EVP_aes_192_cbc, CMSCBCParam_get, CMSCBCParam_set @@ -1703,6 +1839,7 @@ static const struct hx509cipher ciphers[] = { { "aes-256-cbc", oid_id_aes_256_cbc, + hx509_crypto_aes256_cbc, EVP_aes_256_cbc, CMSCBCParam_get, CMSCBCParam_set @@ -2060,11 +2197,13 @@ PBE_string2key(hx509_context context, const EVP_MD *md) { PKCS12_PBEParams p12params; - int passwordlen = strlen(password); + int passwordlen; hx509_crypto c; int iter, saltlen, ret; unsigned char *salt; + passwordlen = password ? strlen(password) : 0; + if (parameters == NULL) return HX509_ALG_NOT_SUPP; @@ -2081,10 +2220,6 @@ PBE_string2key(hx509_context context, salt = p12params.salt.data; saltlen = p12params.salt.length; - /* XXX It needs to be here, but why ? */ - if (passwordlen == 0) - password = NULL; - if (!PKCS12_key_gen (password, passwordlen, salt, saltlen, PKCS12_KEY_ID, iter, key->length, key->data, md)) { ret = HX509_CRYPTO_INTERNAL_ERROR; @@ -2205,8 +2340,10 @@ _hx509_pbe_decrypt(hx509_context context, if (i < pw->len) password = pw->val[i]; - else + else if (i < pw->len + 1) password = ""; + else + password = NULL; ret = (*s2k)(context, password, ai->parameters, &crypto, &key, &iv, enc_oid, md); @@ -2314,7 +2451,6 @@ hx509_crypto_select(const hx509_context context, hx509_peer_info peer, AlgorithmIdentifier *selected) { - const heim_oid *keytype = NULL; const AlgorithmIdentifier *def; size_t i, j; int ret, bits; @@ -2323,20 +2459,25 @@ hx509_crypto_select(const hx509_context context, if (type == HX509_SELECT_DIGEST) { bits = SIG_DIGEST; - def = hx509_signature_sha1(); + def = _hx509_crypto_default_digest_alg; } else if (type == HX509_SELECT_PUBLIC_SIG) { bits = SIG_PUBLIC_SIG; /* XXX depend on `source´ and `peer´ */ - def = hx509_signature_rsa_with_sha1(); + def = _hx509_crypto_default_sig_alg; + } else if (type == HX509_SELECT_SECRET_ENC) { + bits = SIG_SECRET; + def = _hx509_crypto_default_secret_alg; } else { hx509_set_error_string(context, 0, EINVAL, "Unknown type %d of selection", type); return EINVAL; } - keytype = find_keytype(source); - if (peer) { + const heim_oid *keytype = NULL; + + keytype = find_keytype(source); + for (i = 0; i < peer->len; i++) { for (j = 0; sig_algs[j]; j++) { if ((sig_algs[j]->flags & bits) != bits) @@ -2354,6 +2495,19 @@ hx509_crypto_select(const hx509_context context, hx509_clear_error_string(context); return ret; } + if (bits & SIG_SECRET) { + const struct hx509cipher *cipher; + + cipher = find_cipher_by_oid(&peer->val[i].algorithm); + if (cipher == NULL) + continue; + if (cipher->ai_func == NULL) + continue; + ret = copy_AlgorithmIdentifier(cipher->ai_func(), selected); + if (ret) + hx509_clear_error_string(context); + return ret; + } } } @@ -2379,7 +2533,7 @@ hx509_crypto_available(hx509_context context, *val = NULL; if (type == HX509_SELECT_ALL) { - bits = SIG_DIGEST | SIG_PUBLIC_SIG; + bits = SIG_DIGEST | SIG_PUBLIC_SIG | SIG_SECRET; } else if (type == HX509_SELECT_DIGEST) { bits = SIG_DIGEST; } else if (type == HX509_SELECT_PUBLIC_SIG) { @@ -2415,6 +2569,26 @@ hx509_crypto_available(hx509_context context, len++; } + /* Add AES */ + if (bits & SIG_SECRET) { + + for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) { + + if (ciphers[i].ai_func == NULL) + continue; + + ptr = realloc(*val, sizeof(**val) * (len + 1)); + if (ptr == NULL) + goto out; + *val = ptr; + + ret = copy_AlgorithmIdentifier((ciphers[i].ai_func)(), &(*val)[len]); + if (ret) + goto out; + len++; + } + } + *plen = len; return 0; diff --git a/source4/heimdal/lib/hx509/env.c b/source4/heimdal/lib/hx509/env.c new file mode 100644 index 0000000000..4cb2f9f4b1 --- /dev/null +++ b/source4/heimdal/lib/hx509/env.c @@ -0,0 +1,111 @@ +/* + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: env.c 19878 2007-01-13 00:58:39Z lha $"); + +struct hx509_env { + struct { + char *key; + char *value; + } *val; + size_t len; +}; + +int +hx509_env_init(hx509_context context, hx509_env *env) +{ + *env = calloc(1, sizeof(**env)); + if (*env == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + return 0; +} + +int +hx509_env_add(hx509_context context, hx509_env env, + const char *key, const char *value) +{ + void *ptr; + + ptr = realloc(env->val, sizeof(env->val[0]) * (env->len + 1)); + if (ptr == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + env->val = ptr; + env->val[env->len].key = strdup(key); + if (env->val[env->len].key == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + env->val[env->len].value = strdup(value); + if (env->val[env->len].value == NULL) { + free(env->val[env->len].key); + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + env->len++; + return 0; +} + +const char * +hx509_env_lfind(hx509_context context, hx509_env env, + const char *key, size_t len) +{ + size_t i; + + for (i = 0; i < env->len; i++) { + char *s = env->val[i].key; + if (strncmp(key, s, len) == 0 && s[len] == '\0') + return env->val[i].value; + } + return NULL; +} + + +void +hx509_env_free(hx509_env *env) +{ + size_t i; + + for (i = 0; i < (*env)->len; i++) { + free((*env)->val[i].key); + free((*env)->val[i].value); + } + free((*env)->val); + free(*env); + *env = NULL; +} + diff --git a/source4/heimdal/lib/hx509/error.c b/source4/heimdal/lib/hx509/error.c index 770b71981a..9f3a014873 100644 --- a/source4/heimdal/lib/hx509/error.c +++ b/source4/heimdal/lib/hx509/error.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: error.c,v 1.4 2006/11/16 15:08:09 lha Exp $"); +RCSID("$Id: error.c 20912 2007-06-05 03:53:52Z lha $"); struct hx509_error_data { hx509_error next; @@ -87,7 +87,8 @@ hx509_set_error_stringv(hx509_context context, int flags, int code, } void -hx509_set_error_string(hx509_context context, int flags, int code, const char *fmt, ...) +hx509_set_error_string(hx509_context context, int flags, int code, + const char *fmt, ...) { va_list ap; @@ -100,9 +101,9 @@ char * hx509_get_error_string(hx509_context context, int error_code) { struct rk_strpool *p = NULL; - hx509_error msg; + hx509_error msg = context->error; - if (context->error == NULL) { + if (msg == NULL || msg->code != error_code) { const char *cstr; char *str; @@ -125,10 +126,12 @@ hx509_get_error_string(hx509_context context, int error_code) } void -hx509_err(hx509_context context, int exit_code, int error_code, char *fmt, ...) +hx509_err(hx509_context context, int exit_code, + int error_code, const char *fmt, ...) { va_list ap; - char *msg, *str; + const char *msg; + char *str; va_start(ap, fmt); vasprintf(&str, fmt, ap); diff --git a/source4/heimdal/lib/hx509/file.c b/source4/heimdal/lib/hx509/file.c index 39497fc3a9..1152af2423 100644 --- a/source4/heimdal/lib/hx509/file.c +++ b/source4/heimdal/lib/hx509/file.c @@ -34,6 +34,27 @@ #include "hx_locl.h" RCSID("$ID$"); +int +_hx509_map_file_os(const char *fn, heim_octet_string *os, struct stat *rsb) +{ + size_t length; + void *data; + int ret; + + ret = _hx509_map_file(fn, &data, &length, rsb); + + os->data = data; + os->length = length; + + return ret; +} + +void +_hx509_unmap_file_os(heim_octet_string *os) +{ + _hx509_unmap_file(os->data, os->length); +} + int _hx509_map_file(const char *fn, void **data, size_t *length, struct stat *rsb) { diff --git a/source4/heimdal/lib/hx509/hx509-private.h b/source4/heimdal/lib/hx509/hx509-private.h index 2db3f4f932..2763df957f 100644 --- a/source4/heimdal/lib/hx509/hx509-private.h +++ b/source4/heimdal/lib/hx509/hx509-private.h @@ -38,6 +38,12 @@ _hx509_cert_assign_key ( hx509_cert /*cert*/, hx509_private_key /*private_key*/); +int +_hx509_cert_get_eku ( + hx509_context /*context*/, + hx509_cert /*cert*/, + ExtKeyUsage */*e*/); + int _hx509_cert_get_keyusage ( hx509_context /*context*/, @@ -105,10 +111,11 @@ _hx509_check_key_usage ( unsigned /*flags*/, int /*req_present*/); -struct hx509_collector * +int _hx509_collector_alloc ( hx509_context /*context*/, - hx509_lock /*lock*/); + hx509_lock /*lock*/, + struct hx509_collector **/*collector*/); int _hx509_collector_certs_add ( @@ -169,9 +176,29 @@ _hx509_find_extension_subject_key_id ( int _hx509_generate_private_key ( hx509_context /*context*/, - const heim_oid */*key_oid*/, + struct hx509_generate_private_context */*ctx*/, hx509_private_key */*private_key*/); +int +_hx509_generate_private_key_bits ( + hx509_context /*context*/, + struct hx509_generate_private_context */*ctx*/, + unsigned long /*bits*/); + +void +_hx509_generate_private_key_free (struct hx509_generate_private_context **/*ctx*/); + +int +_hx509_generate_private_key_init ( + hx509_context /*context*/, + const heim_oid */*oid*/, + struct hx509_generate_private_context **/*ctx*/); + +int +_hx509_generate_private_key_is_ca ( + hx509_context /*context*/, + struct hx509_generate_private_context */*ctx*/); + Certificate * _hx509_get_cert (hx509_cert /*cert*/); @@ -181,9 +208,15 @@ _hx509_ks_dir_register (hx509_context /*context*/); void _hx509_ks_file_register (hx509_context /*context*/); +void +_hx509_ks_keychain_register (hx509_context /*context*/); + void _hx509_ks_mem_register (hx509_context /*context*/); +void +_hx509_ks_null_register (hx509_context /*context*/); + void _hx509_ks_pkcs11_register (hx509_context /*context*/); @@ -214,6 +247,12 @@ _hx509_map_file ( size_t */*length*/, struct stat */*rsb*/); +int +_hx509_map_file_os ( + const char */*fn*/, + heim_octet_string */*os*/, + struct stat */*rsb*/); + int _hx509_match_keys ( hx509_cert /*c*/, @@ -269,9 +308,9 @@ _hx509_pbe_decrypt ( void _hx509_pi_printf ( - int (*/*func*/)(void *, char *), + int (*/*func*/)(void *, const char *), void */*ctx*/, - char */*fmt*/, + const char */*fmt*/, ...); int @@ -340,6 +379,12 @@ _hx509_query_match_cert ( const hx509_query */*q*/, hx509_cert /*cert*/); +void +_hx509_query_statistic ( + hx509_context /*context*/, + int /*type*/, + const hx509_query */*q*/); + int _hx509_request_add_dns_name ( hx509_context /*context*/, @@ -392,18 +437,14 @@ _hx509_set_cert_attribute ( const heim_oid */*oid*/, const heim_octet_string */*attr*/); -int -_hx509_set_digest_alg ( - DigestAlgorithmIdentifier */*id*/, - const heim_oid */*oid*/, - void */*param*/, - size_t /*length*/); - void _hx509_unmap_file ( void */*data*/, size_t /*len*/); +void +_hx509_unmap_file_os (heim_octet_string */*os*/); + int _hx509_unparse_Name ( const Name */*aname*/, diff --git a/source4/heimdal/lib/hx509/hx509-protos.h b/source4/heimdal/lib/hx509/hx509-protos.h index 4fcab70ff8..ab312cdbdf 100644 --- a/source4/heimdal/lib/hx509/hx509-protos.h +++ b/source4/heimdal/lib/hx509/hx509-protos.h @@ -8,6 +8,14 @@ extern "C" { #endif +#ifndef HX509_LIB_FUNCTION +#if defined(_WIN32) +#define HX509_LIB_FUNCTION _stdcall +#else +#define HX509_LIB_FUNCTION +#endif +#endif + void hx509_bitstring_print ( const heim_bit_string */*b*/, @@ -28,9 +36,16 @@ hx509_ca_sign_self ( hx509_private_key /*signer*/, hx509_cert */*certificate*/); +int +hx509_ca_tbs_add_crl_dp_uri ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const char */*uri*/, + hx509_name /*issuername*/); + int hx509_ca_tbs_add_eku ( - hx509_context /*contex*/, + hx509_context /*context*/, hx509_ca_tbs /*tbs*/, const heim_oid */*oid*/); @@ -40,6 +55,18 @@ hx509_ca_tbs_add_san_hostname ( hx509_ca_tbs /*tbs*/, const char */*dnsname*/); +int +hx509_ca_tbs_add_san_jid ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const char */*jid*/); + +int +hx509_ca_tbs_add_san_ms_upn ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const char */*principal*/); + int hx509_ca_tbs_add_san_otherName ( hx509_context /*context*/, @@ -73,6 +100,11 @@ hx509_ca_tbs_set_ca ( hx509_ca_tbs /*tbs*/, int /*pathLenConstraint*/); +int +hx509_ca_tbs_set_domaincontroller ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/); + int hx509_ca_tbs_set_notAfter ( hx509_context /*context*/, @@ -115,6 +147,28 @@ hx509_ca_tbs_set_subject ( hx509_ca_tbs /*tbs*/, hx509_name /*subject*/); +int +hx509_ca_tbs_set_template ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + int /*flags*/, + hx509_cert /*cert*/); + +int +hx509_ca_tbs_subject_expand ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + hx509_env /*env*/); + +const struct units * +hx509_ca_tbs_template_units (void); + +int +hx509_cert_binary ( + hx509_context /*context*/, + hx509_cert /*c*/, + heim_octet_string */*os*/); + int hx509_cert_check_eku ( hx509_context /*context*/, @@ -136,6 +190,11 @@ hx509_cert_find_subjectAltName_otherName ( void hx509_cert_free (hx509_cert /*cert*/); +int +hx509_cert_get_SPKI ( + hx509_cert /*p*/, + SubjectPublicKeyInfo */*spki*/); + hx509_cert_attribute hx509_cert_get_attribute ( hx509_cert /*cert*/, @@ -155,6 +214,12 @@ hx509_cert_get_issuer ( hx509_cert /*p*/, hx509_name */*name*/); +time_t +hx509_cert_get_notAfter (hx509_cert /*p*/); + +time_t +hx509_cert_get_notBefore (hx509_cert /*p*/); + int hx509_cert_get_serialnumber ( hx509_cert /*p*/, @@ -218,7 +283,7 @@ int hx509_certs_info ( hx509_context /*context*/, hx509_certs /*certs*/, - int (*/*func*/)(void *, char *), + int (*/*func*/)(void *, const char *), void */*ctx*/); int @@ -274,6 +339,7 @@ hx509_clear_error_string (hx509_context /*context*/); int hx509_cms_create_signed_1 ( hx509_context /*context*/, + int /*flags*/, const heim_oid */*eContentType*/, const void */*data*/, size_t /*length*/, @@ -296,6 +362,7 @@ hx509_cms_decrypt_encrypted ( int hx509_cms_envelope_1 ( hx509_context /*context*/, + int /*flags*/, hx509_cert /*cert*/, const void */*data*/, size_t /*length*/, @@ -327,6 +394,7 @@ hx509_cms_verify_signed ( hx509_verify_ctx /*ctx*/, const void */*data*/, size_t /*length*/, + const heim_octet_string */*signedContent*/, hx509_certs /*store*/, heim_oid */*contentType*/, heim_octet_string */*content*/, @@ -349,6 +417,41 @@ hx509_context_set_missing_revoke ( hx509_context /*context*/, int /*flag*/); +int +hx509_crl_add_revoked_certs ( + hx509_context /*context*/, + hx509_crl /*crl*/, + hx509_certs /*certs*/); + +int +hx509_crl_alloc ( + hx509_context /*context*/, + hx509_crl */*crl*/); + +void +hx509_crl_free ( + hx509_context /*context*/, + hx509_crl */*crl*/); + +int +hx509_crl_lifetime ( + hx509_context /*context*/, + hx509_crl /*crl*/, + int /*delta*/); + +int +hx509_crl_sign ( + hx509_context /*context*/, + hx509_cert /*signer*/, + hx509_crl /*crl*/, + heim_octet_string */*os*/); + +const AlgorithmIdentifier * +hx509_crypto_aes128_cbc (void); + +const AlgorithmIdentifier * +hx509_crypto_aes256_cbc (void); + int hx509_crypto_available ( hx509_context /*context*/, @@ -365,6 +468,9 @@ hx509_crypto_decrypt ( heim_octet_string */*ivec*/, heim_octet_string */*clear*/); +const AlgorithmIdentifier * +hx509_crypto_des_rsdi_ede3_cbc (void); + void hx509_crypto_destroy (hx509_crypto /*crypto*/); @@ -432,17 +538,44 @@ hx509_crypto_set_random_key ( hx509_crypto /*crypto*/, heim_octet_string */*key*/); +int +hx509_env_add ( + hx509_context /*context*/, + hx509_env /*env*/, + const char */*key*/, + const char */*value*/); + +void +hx509_env_free (hx509_env */*env*/); + +int +hx509_env_init ( + hx509_context /*context*/, + hx509_env */*env*/); + +const char * +hx509_env_lfind ( + hx509_context /*context*/, + hx509_env /*env*/, + const char */*key*/, + size_t /*len*/); + void hx509_err ( hx509_context /*context*/, int /*exit_code*/, int /*error_code*/, - char */*fmt*/, + const char */*fmt*/, ...); void hx509_free_octet_string_list (hx509_octet_string_list */*list*/); +int +hx509_general_name_unparse ( + GeneralName */*name*/, + char **/*str*/); + char * hx509_get_error_string ( hx509_context /*context*/, @@ -506,18 +639,34 @@ hx509_lock_set_prompter ( hx509_prompter_fct /*prompt*/, void */*data*/); +int +hx509_name_cmp ( + hx509_name /*n1*/, + hx509_name /*n2*/); + int hx509_name_copy ( hx509_context /*context*/, const hx509_name /*from*/, hx509_name */*to*/); +int +hx509_name_expand ( + hx509_context /*context*/, + hx509_name /*name*/, + hx509_env /*env*/); + void hx509_name_free (hx509_name */*name*/); int hx509_name_is_null_p (const hx509_name /*name*/); +int +hx509_name_normalize ( + hx509_context /*context*/, + hx509_name /*name*/); + int hx509_name_to_Name ( const hx509_name /*from*/, @@ -576,7 +725,7 @@ hx509_peer_info_alloc ( hx509_context /*context*/, hx509_peer_info */*peer*/); -int +void hx509_peer_info_free (hx509_peer_info /*peer*/); int @@ -639,6 +788,17 @@ hx509_query_match_option ( hx509_query */*q*/, hx509_query_option /*option*/); +void +hx509_query_statistic_file ( + hx509_context /*context*/, + const char */*fn*/); + +void +hx509_query_unparse_stats ( + hx509_context /*context*/, + int /*printtype*/, + FILE */*out*/); + int hx509_revoke_add_crl ( hx509_context /*context*/, diff --git a/source4/heimdal/lib/hx509/hx509.h b/source4/heimdal/lib/hx509/hx509.h index 70f29ea92d..664c12e045 100644 --- a/source4/heimdal/lib/hx509/hx509.h +++ b/source4/heimdal/lib/hx509/hx509.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hx509.h,v 1.16 2007/01/09 10:52:05 lha Exp $ */ +/* $Id: hx509.h 20798 2007-06-02 03:28:55Z lha $ */ typedef struct hx509_cert_attribute_data *hx509_cert_attribute; typedef struct hx509_cert_data *hx509_cert; @@ -50,6 +50,8 @@ typedef struct hx509_request_data *hx509_request; typedef struct hx509_error_data *hx509_error; typedef struct hx509_peer_info *hx509_peer_info; typedef struct hx509_ca_tbs *hx509_ca_tbs; +typedef struct hx509_env *hx509_env; +typedef struct hx509_crl *hx509_crl; typedef void (*hx509_vprint_func)(void *, const char *, va_list); @@ -107,5 +109,18 @@ typedef enum { #define HX509_SELECT_DIGEST 1 #define HX509_SELECT_PUBLIC_SIG 2 #define HX509_SELECT_PUBLIC_ENC 3 +#define HX509_SELECT_SECRET_ENC 4 + +/* flags to hx509_ca_tbs_set_template */ +#define HX509_CA_TEMPLATE_SUBJECT 1 +#define HX509_CA_TEMPLATE_SERIAL 2 +#define HX509_CA_TEMPLATE_NOTBEFORE 4 +#define HX509_CA_TEMPLATE_NOTAFTER 8 +#define HX509_CA_TEMPLATE_SPKI 16 +#define HX509_CA_TEMPLATE_KU 32 +#define HX509_CA_TEMPLATE_EKU 64 + +/* flags hx509_cms_create_signed* */ +#define HX509_CMS_SIGATURE_DETACHED 1 #include diff --git a/source4/heimdal/lib/hx509/hx509_err.et b/source4/heimdal/lib/hx509/hx509_err.et index 54ec177e47..90f3b3d907 100644 --- a/source4/heimdal/lib/hx509/hx509_err.et +++ b/source4/heimdal/lib/hx509/hx509_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: hx509_err.et,v 1.19 2006/12/30 23:05:39 lha Exp $" +id "$Id: hx509_err.et 20807 2007-06-03 03:11:20Z lha $" error_table hx prefix HX509 @@ -76,7 +76,8 @@ error_code CRL_CERT_REVOKED, "Certificate is included in CRL" error_code REVOKE_STATUS_MISSING, "No revoke status found for certificates" error_code CRL_UNKNOWN_EXTENSION, "Unknown extension" error_code REVOKE_WRONG_DATA, "Got wrong CRL/OCSP data from server" -error_code REVOKE_NOT_SAME_PARENT, "Doesn't have same parent as other certificaes" +error_code REVOKE_NOT_SAME_PARENT, "Doesn't have same parent as other certificates" +error_code CERT_NOT_IN_OCSP, "Certificates not in OCSP reply" # misc error index 108 diff --git a/source4/heimdal/lib/hx509/hx_locl.h b/source4/heimdal/lib/hx509/hx_locl.h index 78d158f8b1..bfbee0943e 100644 --- a/source4/heimdal/lib/hx509/hx_locl.h +++ b/source4/heimdal/lib/hx509/hx_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hx_locl.h,v 1.30 2007/01/09 10:52:06 lha Exp $ */ +/* $Id: hx_locl.h 20930 2007-06-06 00:23:42Z lha $ */ #ifdef HAVE_CONFIG_H #include @@ -71,6 +71,7 @@ struct hx509_keyset_ops; struct hx509_collector; +struct hx509_generate_private_context; typedef struct hx509_path hx509_path; #include @@ -144,7 +145,7 @@ struct hx509_query_data { }; struct hx509_keyset_ops { - char *name; + const char *name; int flags; int (*init)(hx509_context, hx509_certs, void **, int, const char *, hx509_lock); @@ -157,7 +158,7 @@ struct hx509_keyset_ops { int (*iter)(hx509_context, hx509_certs, void *, void *, hx509_cert *); int (*iter_end)(hx509_context, hx509_certs, void *, void *); int (*printinfo)(hx509_context, hx509_certs, - void *, int (*)(void *, char *), void *); + void *, int (*)(void *, const char *), void *); int (*getkeys)(hx509_context, hx509_certs, void *, hx509_private_key **); int (*addkey)(hx509_context, hx509_certs, void *, hx509_private_key); }; @@ -178,7 +179,21 @@ struct hx509_context_data { #define HX509_DEFAULT_OCSP_TIME_DIFF (5*60) hx509_error error; struct et_list *et_list; + char *querystat; + hx509_certs default_trust_anchors; }; /* _hx509_calculate_path flag field */ #define HX509_CALCULATE_PATH_NO_ANCHOR 1 + +extern const AlgorithmIdentifier * _hx509_crypto_default_sig_alg; +extern const AlgorithmIdentifier * _hx509_crypto_default_digest_alg; +extern const AlgorithmIdentifier * _hx509_crypto_default_secret_alg; + +/* + * Configurable options + */ + +#if 0 /* fdef __APPLE__*/ +#define HX509_DEFAULT_ANCHORS "KEYCHAIN:system" +#endif diff --git a/source4/heimdal/lib/hx509/keyset.c b/source4/heimdal/lib/hx509/keyset.c index c3d5ee210c..475835b9b0 100644 --- a/source4/heimdal/lib/hx509/keyset.c +++ b/source4/heimdal/lib/hx509/keyset.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: keyset.c,v 1.18 2007/01/09 10:52:07 lha Exp $"); +RCSID("$Id: keyset.c 20911 2007-06-05 03:41:17Z lha $"); struct hx509_certs_data { struct hx509_keyset_ops *ops; @@ -276,6 +276,8 @@ hx509_certs_find(hx509_context context, *r = NULL; + _hx509_query_statistic(context, 0, q); + if (certs->ops->query) return (*certs->ops->query)(context, certs, certs->ops_data, q, r); @@ -317,6 +319,8 @@ certs_merge_func(hx509_context context, void *ctx, hx509_cert c) int hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from) { + if (from == NULL) + return 0; return hx509_certs_iter(context, from, certs_merge_func, to); } @@ -358,7 +362,7 @@ hx509_get_one_cert(hx509_context context, hx509_certs certs, hx509_cert *c) } static int -certs_info_stdio(void *ctx, char *str) +certs_info_stdio(void *ctx, const char *str) { FILE *f = ctx; fprintf(f, "%s\n", str); @@ -368,7 +372,7 @@ certs_info_stdio(void *ctx, char *str) int hx509_certs_info(hx509_context context, hx509_certs certs, - int (*func)(void *, char *), + int (*func)(void *, const char *), void *ctx) { if (func == NULL) { @@ -385,8 +389,8 @@ hx509_certs_info(hx509_context context, } void -_hx509_pi_printf(int (*func)(void *, char *), void *ctx, - char *fmt, ...) +_hx509_pi_printf(int (*func)(void *, const char *), void *ctx, + const char *fmt, ...) { va_list ap; char *str; diff --git a/source4/heimdal/lib/hx509/ks_dir.c b/source4/heimdal/lib/hx509/ks_dir.c index 01dcf5795b..a0bc875e5b 100644 --- a/source4/heimdal/lib/hx509/ks_dir.c +++ b/source4/heimdal/lib/hx509/ks_dir.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_dir.c,v 1.7 2007/01/09 10:52:08 lha Exp $"); +RCSID("$Id: ks_dir.c 19778 2007-01-09 10:52:13Z lha $"); #include /* diff --git a/source4/heimdal/lib/hx509/ks_file.c b/source4/heimdal/lib/hx509/ks_file.c index db0f475129..f9a3580880 100644 --- a/source4/heimdal/lib/hx509/ks_file.c +++ b/source4/heimdal/lib/hx509/ks_file.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_file.c,v 1.31 2007/01/09 10:52:08 lha Exp $"); +RCSID("$Id: ks_file.c 20776 2007-06-01 22:02:01Z lha $"); struct ks_file { hx509_certs certs; @@ -542,12 +542,9 @@ file_init(hx509_context context, return 0; } - c = _hx509_collector_alloc(context, lock); - if (c == NULL) { - ret = ENOMEM; - hx509_set_error_string(context, 0, ret, "out of memory"); + ret = _hx509_collector_alloc(context, lock, &c); + if (ret) goto out; - } for (p = f->fn; p != NULL; p = pnext) { int found_data; @@ -678,16 +675,12 @@ static int store_func(hx509_context context, void *ctx, hx509_cert c) { FILE *f = (FILE *)ctx; - size_t size; heim_octet_string data; int ret; - ASN1_MALLOC_ENCODE(Certificate, data.data, data.length, - _hx509_get_cert(c), &size, ret); + ret = hx509_cert_binary(context, c, &data); if (ret) return ret; - if (data.length != size) - _hx509_abort("internal ASN.1 encoder error"); dump_pem_file(context, "CERTIFICATE", f, data.data, data.length); free(data.data); diff --git a/source4/heimdal/lib/hx509/ks_keychain.c b/source4/heimdal/lib/hx509/ks_keychain.c new file mode 100644 index 0000000000..2f0f72cd14 --- /dev/null +++ b/source4/heimdal/lib/hx509/ks_keychain.c @@ -0,0 +1,487 @@ +/* + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" +RCSID("$Id: ks_keychain.c 20945 2007-06-06 22:17:17Z lha $"); + +#ifdef HAVE_FRAMEWORK_SECURITY + +#include + +/* Missing function decls */ +OSStatus SecKeyGetCSPHandle(SecKeyRef, CSSM_CSP_HANDLE *); +OSStatus SecKeyGetCredentials(SecKeyRef, CSSM_ACL_AUTHORIZATION_TAG, + int, const CSSM_ACCESS_CREDENTIALS **); +#define kSecCredentialTypeDefault 0 + + +static int +getAttribute(SecKeychainItemRef itemRef, SecItemAttr item, + SecKeychainAttributeList **attrs) +{ + SecKeychainAttributeInfo attrInfo; + uint32 attrFormat = 0; + OSStatus ret; + + *attrs = NULL; + + attrInfo.count = 1; + attrInfo.tag = &item; + attrInfo.format = &attrFormat; + + ret = SecKeychainItemCopyAttributesAndData(itemRef, &attrInfo, NULL, + attrs, NULL, NULL); + if (ret) + return EINVAL; + return 0; +} + + +/* + * + */ + +struct kc_rsa { + SecKeychainItemRef item; + size_t keysize; +}; + + +static int +kc_rsa_public_encrypt(int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, + int padding) +{ + return -1; +} + +static int +kc_rsa_public_decrypt(int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, + int padding) +{ + return -1; +} + + +static int +kc_rsa_private_encrypt(int flen, + const unsigned char *from, + unsigned char *to, + RSA *rsa, + int padding) +{ + struct kc_rsa *kc = RSA_get_app_data(rsa); + + CSSM_RETURN cret; + OSStatus ret; + const CSSM_ACCESS_CREDENTIALS *creds; + SecKeyRef privKeyRef = (SecKeyRef)kc->item; + CSSM_CSP_HANDLE cspHandle; + const CSSM_KEY *cssmKey; + CSSM_CC_HANDLE sigHandle = 0; + CSSM_DATA sig, in; + int fret = 0; + + + cret = SecKeyGetCSSMKey(privKeyRef, &cssmKey); + if(cret) abort(); + + cret = SecKeyGetCSPHandle(privKeyRef, &cspHandle); + if(cret) abort(); + + ret = SecKeyGetCredentials(privKeyRef, CSSM_ACL_AUTHORIZATION_SIGN, + kSecCredentialTypeDefault, &creds); + if(ret) abort(); + + ret = CSSM_CSP_CreateSignatureContext(cspHandle, CSSM_ALGID_RSA, + creds, cssmKey, &sigHandle); + if(ret) abort(); + + in.Data = (uint8 *)from; + in.Length = flen; + + sig.Data = (uint8 *)to; + sig.Length = kc->keysize; + + cret = CSSM_SignData(sigHandle, &in, 1, CSSM_ALGID_NONE, &sig); + if(cret) { + /* cssmErrorString(cret); */ + fret = -1; + } else + fret = sig.Length; + + if(sigHandle) + CSSM_DeleteContext(sigHandle); + + return fret; +} + +static int +kc_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to, + RSA * rsa, int padding) +{ + return -1; +} + +static int +kc_rsa_init(RSA *rsa) +{ + return 1; +} + +static int +kc_rsa_finish(RSA *rsa) +{ + struct kc_rsa *kc_rsa = RSA_get_app_data(rsa); + CFRelease(kc_rsa->item); + memset(kc_rsa, 0, sizeof(*kc_rsa)); + free(kc_rsa); + return 1; +} + +static const RSA_METHOD kc_rsa_pkcs1_method = { + "hx509 Keychain PKCS#1 RSA", + kc_rsa_public_encrypt, + kc_rsa_public_decrypt, + kc_rsa_private_encrypt, + kc_rsa_private_decrypt, + NULL, + NULL, + kc_rsa_init, + kc_rsa_finish, + 0, + NULL, + NULL, + NULL +}; + +static int +set_private_key(hx509_context context, + SecKeychainItemRef itemRef, + hx509_cert cert) +{ + struct kc_rsa *kc; + hx509_private_key key; + RSA *rsa; + int ret; + + ret = _hx509_private_key_init(&key, NULL, NULL); + if (ret) + return ret; + + kc = calloc(1, sizeof(*kc)); + if (kc == NULL) + _hx509_abort("out of memory"); + + kc->item = itemRef; + + rsa = RSA_new(); + if (rsa == NULL) + _hx509_abort("out of memory"); + + /* Argh, fake modulus since OpenSSL API is on crack */ + { + SecKeychainAttributeList *attrs = NULL; + uint32_t size; + void *data; + + rsa->n = BN_new(); + if (rsa->n == NULL) abort(); + + ret = getAttribute(itemRef, kSecKeyKeySizeInBits, &attrs); + if (ret) abort(); + + size = *(uint32_t *)attrs->attr[0].data; + SecKeychainItemFreeAttributesAndData(attrs, NULL); + + kc->keysize = (size + 7) / 8; + + data = malloc(kc->keysize); + memset(data, 0xe0, kc->keysize); + BN_bin2bn(data, kc->keysize, rsa->n); + free(data); + } + rsa->e = NULL; + + RSA_set_method(rsa, &kc_rsa_pkcs1_method); + ret = RSA_set_app_data(rsa, kc); + if (ret != 1) + _hx509_abort("RSA_set_app_data"); + + _hx509_private_key_assign_rsa(key, rsa); + _hx509_cert_assign_key(cert, key); + + return 0; +} + +/* + * + */ + +struct ks_keychain { + SecKeychainRef keychain; +}; + +static int +keychain_init(hx509_context context, + hx509_certs certs, void **data, int flags, + const char *residue, hx509_lock lock) +{ + struct ks_keychain *ctx; + OSStatus ret; + + ctx = calloc(1, sizeof(*ctx)); + if (ctx == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + + if (residue) { + if (strcasecmp(residue, "system") == 0) + residue = "/System/Library/Keychains/X509Anchors"; + + ret = SecKeychainOpen(residue, &ctx->keychain); + if (ret != noErr) { + hx509_set_error_string(context, 0, ENOENT, + "Failed to open %s", residue); + return ENOENT; + } + } + + *data = ctx; + return 0; +} + +/* + * + */ + +static int +keychain_free(hx509_certs certs, void *data) +{ + struct ks_keychain *ctx = data; + if (ctx->keychain) + CFRelease(ctx->keychain); + memset(ctx, 0, sizeof(*ctx)); + free(ctx); + return 0; +} + +/* + * + */ + +struct iter { + SecKeychainSearchRef searchRef; +}; + +static int +keychain_iter_start(hx509_context context, + hx509_certs certs, void *data, void **cursor) +{ + struct ks_keychain *ctx = data; + struct iter *iter; + OSStatus ret; + + iter = calloc(1, sizeof(*iter)); + if (iter == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + + ret = SecKeychainSearchCreateFromAttributes(ctx->keychain, + kSecCertificateItemClass, + NULL, + &iter->searchRef); + if (ret) { + free(iter); + hx509_set_error_string(context, 0, ret, + "Failed to start search for attributes"); + return ENOMEM; + } + + *cursor = iter; + return 0; +} + +/* + * + */ + +static int +keychain_iter(hx509_context context, + hx509_certs certs, void *data, void *cursor, hx509_cert *cert) +{ + SecKeychainAttributeList *attrs = NULL; + SecKeychainAttributeInfo attrInfo; + uint32 attrFormat = 0; + SecKeychainItemRef itemRef; + SecItemAttr item; + struct iter *iter = cursor; + Certificate t; + OSStatus ret; + UInt32 len; + void *ptr = NULL; + size_t size; + + *cert = NULL; + + ret = SecKeychainSearchCopyNext(iter->searchRef, &itemRef); + if (ret == errSecItemNotFound) + return 0; + else if (ret != 0) + return EINVAL; + + /* + * Pick out certificate and matching "keyid" + */ + + item = kSecPublicKeyHashItemAttr; + + attrInfo.count = 1; + attrInfo.tag = &item; + attrInfo.format = &attrFormat; + + ret = SecKeychainItemCopyAttributesAndData(itemRef, &attrInfo, NULL, + &attrs, &len, &ptr); + if (ret) + return EINVAL; + + ret = decode_Certificate(ptr, len, &t, &size); + CFRelease(itemRef); + if (ret) { + hx509_set_error_string(context, 0, ret, "Failed to parse certificate"); + goto out; + } + + ret = hx509_cert_init(context, &t, cert); + free_Certificate(&t); + if (ret) + goto out; + + /* + * Find related private key if there is one by looking at + * kSecPublicKeyHashItemAttr == kSecKeyLabel + */ + { + SecKeychainSearchRef search; + SecKeychainAttribute attrKeyid; + SecKeychainAttributeList attrList; + + attrKeyid.tag = kSecKeyLabel; + attrKeyid.length = attrs->attr[0].length; + attrKeyid.data = attrs->attr[0].data; + + attrList.count = 1; + attrList.attr = &attrKeyid; + + ret = SecKeychainSearchCreateFromAttributes(NULL, + CSSM_DL_DB_RECORD_PRIVATE_KEY, + &attrList, + &search); + if (ret) { + ret = 0; + goto out; + } + + ret = SecKeychainSearchCopyNext(search, &itemRef); + CFRelease(search); + if (ret == errSecItemNotFound) { + ret = 0; + goto out; + } else if (ret) { + ret = EINVAL; + goto out; + } + set_private_key(context, itemRef, *cert); + } + +out: + SecKeychainItemFreeAttributesAndData(attrs, ptr); + + return ret; +} + +/* + * + */ + +static int +keychain_iter_end(hx509_context context, + hx509_certs certs, + void *data, + void *cursor) +{ + struct iter *iter = cursor; + + CFRelease(iter->searchRef); + memset(iter, 0, sizeof(*iter)); + free(iter); + return 0; +} + +/* + * + */ + +struct hx509_keyset_ops keyset_keychain = { + "KEYCHAIN", + 0, + keychain_init, + NULL, + keychain_free, + NULL, + NULL, + keychain_iter_start, + keychain_iter, + keychain_iter_end +}; + +#endif /* HAVE_FRAMEWORK_SECURITY */ + +/* + * + */ + +void +_hx509_ks_keychain_register(hx509_context context) +{ +#ifdef HAVE_FRAMEWORK_SECURITY + _hx509_ks_register(context, &keyset_keychain); +#endif +} diff --git a/source4/heimdal/lib/hx509/ks_mem.c b/source4/heimdal/lib/hx509/ks_mem.c index dd7b7166bc..efa19eb19c 100644 --- a/source4/heimdal/lib/hx509/ks_mem.c +++ b/source4/heimdal/lib/hx509/ks_mem.c @@ -80,6 +80,7 @@ mem_free(hx509_certs certs, void *data) free(mem->certs.val); for (i = 0; mem->keys && mem->keys[i]; i++) _hx509_private_key_free(&mem->keys[i]); + free(mem->keys); free(mem->name); free(mem); @@ -162,7 +163,7 @@ mem_getkeys(hx509_context context, for (i = 0; mem->keys && mem->keys[i]; i++) ; - *keys = calloc(i, sizeof(**keys)); + *keys = calloc(i + 1, sizeof(**keys)); for (i = 0; mem->keys && mem->keys[i]; i++) { (*keys)[i] = _hx509_private_key_ref(mem->keys[i]); if ((*keys)[i] == NULL) { diff --git a/source4/heimdal/lib/hx509/ks_null.c b/source4/heimdal/lib/hx509/ks_null.c index 1e6c2ea3fb..3be259fc60 100644 --- a/source4/heimdal/lib/hx509/ks_null.c +++ b/source4/heimdal/lib/hx509/ks_null.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_null.c,v 1.5 2007/01/09 10:52:10 lha Exp $"); +RCSID("$Id: ks_null.c 20901 2007-06-04 23:14:08Z lha $"); static int @@ -90,3 +90,9 @@ struct hx509_keyset_ops keyset_null = { null_iter, null_iter_end }; + +void +_hx509_ks_null_register(hx509_context context) +{ + _hx509_ks_register(context, &keyset_null); +} diff --git a/source4/heimdal/lib/hx509/ks_p11.c b/source4/heimdal/lib/hx509/ks_p11.c index b103264b7a..90c716213f 100644 --- a/source4/heimdal/lib/hx509/ks_p11.c +++ b/source4/heimdal/lib/hx509/ks_p11.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_p11.c,v 1.45 2007/01/09 19:43:35 lha Exp $"); +RCSID("$Id: ks_p11.c 20920 2007-06-05 05:47:06Z lha $"); #ifdef HAVE_DLFCN_H #include #endif @@ -214,7 +214,7 @@ p11_rsa_finish(RSA *rsa) return 1; } -static const RSA_METHOD rsa_pkcs1_method = { +static const RSA_METHOD p11_rsa_pkcs1_method = { "hx509 PKCS11 PKCS#1 RSA", p11_rsa_public_encrypt, p11_rsa_public_decrypt, @@ -644,7 +644,7 @@ collect_private_key(hx509_context context, if (p->refcount == 0) _hx509_abort("pkcs11 refcount to high"); - RSA_set_method(rsa, &rsa_pkcs1_method); + RSA_set_method(rsa, &p11_rsa_pkcs1_method); ret = RSA_set_app_data(rsa, p11rsa); if (ret != 1) _hx509_abort("RSA_set_app_data"); @@ -766,11 +766,9 @@ p11_list_keys(hx509_context context, if (lock == NULL) lock = _hx509_empty_lock; - collector = _hx509_collector_alloc(context, lock); - if (collector == NULL) { - hx509_set_error_string(context, 0, ENOMEM, "out of memory"); - return ENOMEM; - } + ret = _hx509_collector_alloc(context, lock, &collector); + if (ret) + return ret; key_class = CKO_PRIVATE_KEY; ret = iterate_entries(context, p, slot, session, @@ -1113,7 +1111,7 @@ static int p11_printinfo(hx509_context context, hx509_certs certs, void *data, - int (*func)(void *, char *), + int (*func)(void *, const char *), void *ctx) { struct p11_module *p = data; @@ -1140,6 +1138,17 @@ p11_printinfo(hx509_context context, MECHNAME(CKM_RSA_X_509, "rsa-x-509"); MECHNAME(CKM_MD5_RSA_PKCS, "md5-rsa-pkcs"); MECHNAME(CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs"); + MECHNAME(CKM_RIPEMD160_RSA_PKCS, "ripemd160-rsa-pkcs"); + MECHNAME(CKM_RSA_PKCS_OAEP, "rsa-pkcs-oaep"); + MECHNAME(CKM_SHA_1, "sha1"); + MECHNAME(CKM_MD5, "md5"); + MECHNAME(CKM_MD2, "md2"); + MECHNAME(CKM_RIPEMD160, "ripemd-160"); + MECHNAME(CKM_DES_ECB, "des-ecb"); + MECHNAME(CKM_DES_CBC, "des-cbc"); + MECHNAME(CKM_AES_ECB, "aes-ecb"); + MECHNAME(CKM_AES_CBC, "aes-cbc"); + MECHNAME(CKM_DH_PKCS_PARAMETER_GEN, "dh-pkcs-parameter-gen"); default: snprintf(unknownname, sizeof(unknownname), "unknown-mech-%lu", diff --git a/source4/heimdal/lib/hx509/ks_p12.c b/source4/heimdal/lib/hx509/ks_p12.c index 69dba802e5..5fddbd07de 100644 --- a/source4/heimdal/lib/hx509/ks_p12.c +++ b/source4/heimdal/lib/hx509/ks_p12.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_p12.c,v 1.18 2007/01/09 10:52:11 lha Exp $"); +RCSID("$Id: ks_p12.c 20909 2007-06-05 03:09:13Z lha $"); struct ks_pkcs12 { hx509_certs certs; @@ -341,39 +341,45 @@ p12_init(hx509_context context, if (lock == NULL) lock = _hx509_empty_lock; - c = _hx509_collector_alloc(context, lock); - if (c == NULL) - return ENOMEM; + ret = _hx509_collector_alloc(context, lock, &c); + if (ret) + return ret; p12 = calloc(1, sizeof(*p12)); if (p12 == NULL) { ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "out of memory"); goto out; } p12->fn = strdup(residue); if (p12->fn == NULL) { ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "out of memory"); goto out; } if (flags & HX509_CERTS_CREATE) { - ret = hx509_certs_init(context, "MEMORY:ks-file-create", + ret = hx509_certs_init(context, "MEMORY:ks-file-create", 0, lock, &p12->certs); - if (ret) - goto out; - *data = p12; - return 0; + if (ret == 0) + *data = p12; + goto out; } ret = _hx509_map_file(residue, &buf, &len, NULL); - if (ret) + if (ret) { + hx509_clear_error_string(context); goto out; + } ret = decode_PKCS12_PFX(buf, len, &pfx, NULL); _hx509_unmap_file(buf, len); - if (ret) + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to decode the PFX in %s", residue); goto out; + } if (der_heim_oid_cmp(&pfx.authSafe.contentType, oid_id_pkcs7_data()) != 0) { free_PKCS12_PFX(&pfx); @@ -452,15 +458,20 @@ addBag(hx509_context context, ptr = realloc(as->val, sizeof(as->val[0]) * (as->len + 1)); if (ptr == NULL) { - hx509_set_error_string(context, 0, ENOMEM, "malloc out of memory"); + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); return ENOMEM; } as->val = ptr; ret = der_copy_oid(oid, &as->val[as->len].contentType); + if (ret) { + hx509_set_error_string(context, 0, ret, "out of memory"); + return ret; + } as->val[as->len].content = calloc(1, sizeof(*as->val[0].content)); if (as->val[as->len].content == NULL) { + der_free_oid(&as->val[as->len].contentType); hx509_set_error_string(context, 0, ENOMEM, "malloc out of memory"); return ENOMEM; } @@ -488,11 +499,11 @@ store_func(hx509_context context, void *ctx, hx509_cert c) os.data = NULL; os.length = 0; - ASN1_MALLOC_ENCODE(Certificate, os.data, os.length, - _hx509_get_cert(c), &size, ret); + ret = hx509_cert_binary(context, c, &os); if (ret) - goto out; - ASN1_MALLOC_ENCODE(PKCS12_OctetString, + return ret; + + ASN1_MALLOC_ENCODE(PKCS12_OctetString, cb.certValue.data,cb.certValue.length, &os, &size, ret); free(os.data); @@ -505,7 +516,7 @@ store_func(hx509_context context, void *ctx, hx509_cert c) } ASN1_MALLOC_ENCODE(PKCS12_CertBag, os.data, os.length, &cb, &size, ret); - free(cb.certValue.data); + free_PKCS12_CertBag(&cb); if (ret) goto out; diff --git a/source4/heimdal/lib/hx509/lock.c b/source4/heimdal/lib/hx509/lock.c index 95fc0aa26d..de326f2e2d 100644 --- a/source4/heimdal/lib/hx509/lock.c +++ b/source4/heimdal/lib/hx509/lock.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: lock.c,v 1.13 2006/10/14 09:41:05 lha Exp $"); +RCSID("$Id: lock.c 18452 2006-10-14 09:41:05Z lha $"); struct hx509_lock_data { struct _hx509_password password; diff --git a/source4/heimdal/lib/hx509/name.c b/source4/heimdal/lib/hx509/name.c index 92e9e6f974..5198633b1e 100644 --- a/source4/heimdal/lib/hx509/name.c +++ b/source4/heimdal/lib/hx509/name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: name.c,v 1.33 2006/12/30 23:04:11 lha Exp $"); +RCSID("$Id: name.c 20891 2007-06-04 22:51:41Z lha $"); /* * name parsing from rfc2253 @@ -41,7 +41,7 @@ RCSID("$Id: name.c,v 1.33 2006/12/30 23:04:11 lha Exp $"); */ static const struct { - char *n; + const char *n; const heim_oid *(*o)(void); } no[] = { { "C", oid_id_at_countryName }, @@ -51,6 +51,7 @@ static const struct { { "O", oid_id_at_organizationName }, { "OU", oid_id_at_organizationalUnitName }, { "S", oid_id_at_stateOrProvinceName }, + { "STREET", oid_id_at_streetAddress }, { "UID", oid_id_Userid }, { "emailAddress", oid_id_pkcs9_emailAddress }, { "serialNumber", oid_id_at_serialNumber } @@ -81,25 +82,27 @@ quote_string(const char *f, size_t len, size_t *rlen) to[j++] = from[i]; } else { int l = snprintf(&to[j], tolen - j - 1, - "#%02x", (unsigned int)from[i]); + "#%02x", (unsigned char)from[i]); j += l; } } to[j] = '\0'; + assert(j < tolen); *rlen = j; return to; } static int -append_string(char **str, size_t *total_len, char *ss, size_t len, int quote) +append_string(char **str, size_t *total_len, const char *ss, + size_t len, int quote) { char *s, *qs; if (quote) qs = quote_string(ss, len, &len); else - qs = ss; + qs = rk_UNCONST(ss); s = realloc(*str, len + *total_len + 1); if (s == NULL) @@ -181,10 +184,10 @@ _hx509_Name_to_string(const Name *n, char **str) ss = ds->u.ia5String; break; case choice_DirectoryString_printableString: - ss = ds->u.ia5String; + ss = ds->u.printableString; break; case choice_DirectoryString_utf8String: - ss = ds->u.ia5String; + ss = ds->u.utf8String; break; case choice_DirectoryString_bmpString: { uint16_t *bmp = ds->u.bmpString.data; @@ -200,11 +203,25 @@ _hx509_Name_to_string(const Name *n, char **str) break; } case choice_DirectoryString_teletexString: - ss = "teletex-string"; /* XXX */ + ss = malloc(ds->u.teletexString.length + 1); + if (ss == NULL) + _hx509_abort("allocation failure"); /* XXX */ + memcpy(ss, ds->u.teletexString.data, ds->u.teletexString.length); + ss[ds->u.teletexString.length] = '\0'; break; - case choice_DirectoryString_universalString: - ss = "universalString"; /* XXX */ + case choice_DirectoryString_universalString: { + uint32_t *uni = ds->u.universalString.data; + size_t unilen = ds->u.universalString.length; + size_t k; + + ss = malloc(unilen + 1); + if (ss == NULL) + _hx509_abort("allocation failure"); /* XXX */ + for (k = 0; k < unilen; k++) + ss[k] = uni[k] & 0xff; /* XXX */ + ss[k] = '\0'; break; + } default: _hx509_abort("unknown directory type: %d", ds->element); exit(1); @@ -214,8 +231,12 @@ _hx509_Name_to_string(const Name *n, char **str) append_string(str, &total_len, "=", 1, 0); len = strlen(ss); append_string(str, &total_len, ss, len, 1); - if (ds->element == choice_DirectoryString_bmpString) + if (ds->element == choice_DirectoryString_universalString || + ds->element == choice_DirectoryString_bmpString || + ds->element == choice_DirectoryString_teletexString) + { free(ss); + } if (j + 1 < n->u.rdnSequence.val[i].len) append_string(str, &total_len, "+", 1, 0); } @@ -298,6 +319,13 @@ _hx509_name_cmp(const Name *n1, const Name *n2) return 0; } +int +hx509_name_cmp(hx509_name n1, hx509_name n2) +{ + return _hx509_name_cmp(&n1->der_name, &n2->der_name); +} + + int _hx509_name_from_Name(const Name *n, hx509_name *name) { @@ -487,6 +515,106 @@ hx509_name_to_Name(const hx509_name from, Name *to) return copy_Name(&from->der_name, to); } +int +hx509_name_normalize(hx509_context context, hx509_name name) +{ + return 0; +} + +int +hx509_name_expand(hx509_context context, + hx509_name name, + hx509_env env) +{ + Name *n = &name->der_name; + int i, j; + + if (env == NULL) + return 0; + + if (n->element != choice_Name_rdnSequence) { + hx509_set_error_string(context, 0, EINVAL, "RDN not of supported type"); + return EINVAL; + } + + for (i = 0 ; i < n->u.rdnSequence.len; i++) { + for (j = 0; j < n->u.rdnSequence.val[i].len; j++) { + /* + THIS SHOULD REALLY BE: + COMP = n->u.rdnSequence.val[i].val[j]; + normalize COMP to utf8 + check if there are variables + expand variables + convert back to orignal format, store in COMP + free normalized utf8 string + */ + DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value; + char *p, *p2; + struct rk_strpool *strpool = NULL; + + if (ds->element != choice_DirectoryString_utf8String) { + hx509_set_error_string(context, 0, EINVAL, "unsupported type"); + return EINVAL; + } + p = strstr(ds->u.utf8String, "${"); + if (p) { + strpool = rk_strpoolprintf(strpool, "%.*s", + (int)(p - ds->u.utf8String), + ds->u.utf8String); + if (strpool == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + } + while (p != NULL) { + /* expand variables */ + const char *value; + p2 = strchr(p, '}'); + if (p2 == NULL) { + hx509_set_error_string(context, 0, EINVAL, "missing }"); + rk_strpoolfree(strpool); + return EINVAL; + } + p += 2; + value = hx509_env_lfind(context, env, p, p2 - p); + if (value == NULL) { + hx509_set_error_string(context, 0, EINVAL, + "variable %.*s missing", + (int)(p2 - p), p); + rk_strpoolfree(strpool); + return EINVAL; + } + strpool = rk_strpoolprintf(strpool, "%s", value); + if (strpool == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + p2++; + + p = strstr(p2, "${"); + if (p) + strpool = rk_strpoolprintf(strpool, "%.*s", + (int)(p - p2), p2); + else + strpool = rk_strpoolprintf(strpool, "%s", p2); + if (strpool == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + } + if (strpool) { + free(ds->u.utf8String); + ds->u.utf8String = rk_strpoolcollect(strpool); + if (ds->u.utf8String == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + } + } + } + return 0; +} + void hx509_name_free(hx509_name *name) @@ -548,3 +676,91 @@ hx509_name_is_null_p(const hx509_name name) { return name->der_name.u.rdnSequence.len == 0; } + +int +hx509_general_name_unparse(GeneralName *name, char **str) +{ + struct rk_strpool *strpool = NULL; + + *str = NULL; + + switch (name->element) { + case choice_GeneralName_otherName: { + char *str; + hx509_oid_sprint(&name->u.otherName.type_id, &str); + if (str == NULL) + return ENOMEM; + strpool = rk_strpoolprintf(strpool, "otherName: %s", str); + free(str); + break; + } + case choice_GeneralName_rfc822Name: + strpool = rk_strpoolprintf(strpool, "rfc822Name: %s\n", + name->u.rfc822Name); + break; + case choice_GeneralName_dNSName: + strpool = rk_strpoolprintf(strpool, "dNSName: %s\n", + name->u.dNSName); + break; + case choice_GeneralName_directoryName: { + Name dir; + char *s; + int ret; + memset(&dir, 0, sizeof(dir)); + dir.element = name->u.directoryName.element; + dir.u.rdnSequence = name->u.directoryName.u.rdnSequence; + ret = _hx509_unparse_Name(&dir, &s); + if (ret) + return ret; + strpool = rk_strpoolprintf(strpool, "directoryName: %s", s); + free(s); + break; + } + case choice_GeneralName_uniformResourceIdentifier: + strpool = rk_strpoolprintf(strpool, "URI: %s", + name->u.uniformResourceIdentifier); + break; + case choice_GeneralName_iPAddress: { + unsigned char *a = name->u.iPAddress.data; + + strpool = rk_strpoolprintf(strpool, "IPAddress: "); + if (strpool == NULL) + break; + if (name->u.iPAddress.length == 4) + strpool = rk_strpoolprintf(strpool, "%d.%d.%d.%d", + a[0], a[1], a[2], a[3]); + else if (name->u.iPAddress.length == 16) + strpool = rk_strpoolprintf(strpool, + "%02X:%02X:%02X:%02X:" + "%02X:%02X:%02X:%02X:" + "%02X:%02X:%02X:%02X:" + "%02X:%02X:%02X:%02X", + a[0], a[1], a[2], a[3], + a[4], a[5], a[6], a[7], + a[8], a[9], a[10], a[11], + a[12], a[13], a[14], a[15]); + else + strpool = rk_strpoolprintf(strpool, + "unknown IP address of length %lu", + (unsigned long)name->u.iPAddress.length); + break; + } + case choice_GeneralName_registeredID: { + char *str; + hx509_oid_sprint(&name->u.registeredID, &str); + if (str == NULL) + return ENOMEM; + strpool = rk_strpoolprintf(strpool, "registeredID: %s", str); + free(str); + break; + } + default: + return EINVAL; + } + if (strpool == NULL) + return ENOMEM; + + *str = rk_strpoolcollect(strpool); + + return 0; +} diff --git a/source4/heimdal/lib/hx509/ocsp.asn1 b/source4/heimdal/lib/hx509/ocsp.asn1 index 62a2750b96..d8ecd66ccf 100644 --- a/source4/heimdal/lib/hx509/ocsp.asn1 +++ b/source4/heimdal/lib/hx509/ocsp.asn1 @@ -1,5 +1,5 @@ -- From rfc2560 --- $Id: ocsp.asn1,v 1.4 2006/12/30 12:38:44 lha Exp $ +-- $Id: ocsp.asn1 19576 2006-12-30 12:40:43Z lha $ OCSP DEFINITIONS EXPLICIT TAGS::= BEGIN diff --git a/source4/heimdal/lib/hx509/peer.c b/source4/heimdal/lib/hx509/peer.c index f82f2877f6..eccedf1043 100644 --- a/source4/heimdal/lib/hx509/peer.c +++ b/source4/heimdal/lib/hx509/peer.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: peer.c,v 1.1 2006/11/26 15:49:01 lha Exp $"); +RCSID("$Id: peer.c 20938 2007-06-06 20:51:34Z lha $"); int hx509_peer_info_alloc(hx509_context context, hx509_peer_info *peer) @@ -59,14 +59,16 @@ free_cms_alg(hx509_peer_info peer) } } -int +void hx509_peer_info_free(hx509_peer_info peer) { + if (peer == NULL) + return; if (peer->cert) hx509_cert_free(peer->cert); free_cms_alg(peer); memset(peer, 0, sizeof(*peer)); - return 0; + free(peer); } int diff --git a/source4/heimdal/lib/hx509/pkcs10.asn1 b/source4/heimdal/lib/hx509/pkcs10.asn1 index c33fd36cb2..518fe3bfa3 100644 --- a/source4/heimdal/lib/hx509/pkcs10.asn1 +++ b/source4/heimdal/lib/hx509/pkcs10.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs10.asn1,v 1.1 2006/04/01 09:46:57 lha Exp $ +-- $Id: pkcs10.asn1 16918 2006-04-01 09:46:57Z lha $ PKCS10 DEFINITIONS ::= BEGIN diff --git a/source4/heimdal/lib/hx509/print.c b/source4/heimdal/lib/hx509/print.c index 802ac12b4e..dc9d4cfa58 100644 --- a/source4/heimdal/lib/hx509/print.c +++ b/source4/heimdal/lib/hx509/print.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: print.c,v 1.15 2006/12/07 20:37:57 lha Exp $"); +RCSID("$Id: print.c 20908 2007-06-05 02:59:33Z lha $"); struct hx509_validate_ctx_data { @@ -41,6 +41,18 @@ struct hx509_validate_ctx_data { void *ctx; }; +struct cert_status { + unsigned int selfsigned:1; + unsigned int isca:1; + unsigned int isproxy:1; + unsigned int haveSAN:1; + unsigned int haveIAN:1; + unsigned int haveSKI:1; + unsigned int haveAKI:1; + unsigned int haveCRLDP:1; +}; + + /* * */ @@ -155,10 +167,16 @@ validate_print(hx509_validate_ctx ctx, int flags, const char *fmt, ...) va_end(va); } +/* + * Dont Care, SHOULD critical, SHOULD NOT critical, MUST critical, + * MUST NOT critical + */ enum critical_flag { D_C = 0, S_C, S_N_C, M_C, M_N_C }; static int -check_Null(hx509_validate_ctx ctx, enum critical_flag cf, const Extension *e) +check_Null(hx509_validate_ctx ctx, + struct cert_status *status, + enum critical_flag cf, const Extension *e) { switch(cf) { case D_C: @@ -191,13 +209,96 @@ check_Null(hx509_validate_ctx ctx, enum critical_flag cf, const Extension *e) static int check_subjectKeyIdentifier(hx509_validate_ctx ctx, + struct cert_status *status, enum critical_flag cf, const Extension *e) { - check_Null(ctx, cf, e); + SubjectKeyIdentifier si; + size_t size; + int ret; + + status->haveSKI = 1; + check_Null(ctx, status, cf, e); + + ret = decode_SubjectKeyIdentifier(e->extnValue.data, + e->extnValue.length, + &si, &size); + if (ret) { + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Decoding SubjectKeyIdentifier failed: %d", ret); + return 1; + } + if (size != e->extnValue.length) { + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Decoding SKI ahve extra bits on the end"); + return 1; + } + if (si.length == 0) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "SKI is too short (0 bytes)"); + if (si.length > 20) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "SKI is too long"); + + { + char *id; + hex_encode(si.data, si.length, &id); + if (id) { + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "\tsubject key id: %s\n", id); + free(id); + } + } + + free_SubjectKeyIdentifier(&si); + + return 0; +} + +static int +check_authorityKeyIdentifier(hx509_validate_ctx ctx, + struct cert_status *status, + enum critical_flag cf, + const Extension *e) +{ + AuthorityKeyIdentifier ai; + size_t size; + int ret; + + status->haveAKI = 1; + check_Null(ctx, status, cf, e); + + status->haveSKI = 1; + check_Null(ctx, status, cf, e); + + ret = decode_AuthorityKeyIdentifier(e->extnValue.data, + e->extnValue.length, + &ai, &size); + if (ret) { + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Decoding AuthorityKeyIdentifier failed: %d", ret); + return 1; + } + if (size != e->extnValue.length) { + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Decoding SKI ahve extra bits on the end"); + return 1; + } + + if (ai.keyIdentifier) { + char *id; + hex_encode(ai.keyIdentifier->data, ai.keyIdentifier->length, &id); + if (id) { + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "\tauthority key id: %s\n", id); + free(id); + } + } + return 0; } + static int check_pkinit_san(hx509_validate_ctx ctx, heim_any *a) { @@ -206,15 +307,16 @@ check_pkinit_san(hx509_validate_ctx ctx, heim_any *a) size_t size; int ret; - ret = decode_KRB5PrincipalName(a->data, a->length, - &kn, &size); + ret = decode_KRB5PrincipalName(a->data, a->length, &kn, &size); if (ret) { - printf("Decoding kerberos name in SAN failed: %d", ret); + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Decoding kerberos name in SAN failed: %d", ret); return 1; } if (size != a->length) { - printf("Decoding kerberos name have extra bits on the end"); + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Decoding kerberos name have extra bits on the end"); return 1; } @@ -233,22 +335,117 @@ check_pkinit_san(hx509_validate_ctx ctx, heim_any *a) } static int -check_dnssrv_san(hx509_validate_ctx ctx, heim_any *a) +check_utf8_string_san(hx509_validate_ctx ctx, heim_any *a) { + PKIXXmppAddr jid; + size_t size; + int ret; + + ret = decode_PKIXXmppAddr(a->data, a->length, &jid, &size); + if (ret) { + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Decoding JID in SAN failed: %d", ret); + return 1; + } + + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s", jid); + free_PKIXXmppAddr(&jid); + return 0; } +static int +check_altnull(hx509_validate_ctx ctx, heim_any *a) +{ + return 0; +} + +static int +check_CRLDistributionPoints(hx509_validate_ctx ctx, + struct cert_status *status, + enum critical_flag cf, + const Extension *e) +{ + CRLDistributionPoints dp; + size_t size; + int ret, i; + + check_Null(ctx, status, cf, e); + + ret = decode_CRLDistributionPoints(e->extnValue.data, + e->extnValue.length, + &dp, &size); + if (ret) { + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Decoding CRL Distribution Points failed: %d\n", ret); + return 1; + } + + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "CRL Distribution Points:\n"); + for (i = 0 ; i < dp.len; i++) { + if (dp.val[i].distributionPoint) { + DistributionPointName dpname; + heim_any *data = dp.val[i].distributionPoint; + int j; + + ret = decode_DistributionPointName(data->data, data->length, + &dpname, NULL); + if (ret) { + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Failed to parse CRL Distribution Point Name: %d\n", ret); + continue; + } + + switch (dpname.element) { + case choice_DistributionPointName_fullName: + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "Fullname:\n"); + + for (j = 0 ; j < dpname.u.fullName.len; j++) { + char *s; + GeneralName *name = &dpname.u.fullName.val[j]; + + ret = hx509_general_name_unparse(name, &s); + if (ret == 0 && s != NULL) { + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, " %s\n", s); + free(s); + } + } + break; + case choice_DistributionPointName_nameRelativeToCRLIssuer: + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "Unknown nameRelativeToCRLIssuer"); + break; + default: + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Unknown DistributionPointName"); + break; + } + free_DistributionPointName(&dpname); + } + } + free_CRLDistributionPoints(&dp); + + status->haveCRLDP = 1; + + return 0; +} + + struct { const char *name; const heim_oid *(*oid)(void); int (*func)(hx509_validate_ctx, heim_any *); } check_altname[] = { { "pk-init", oid_id_pkinit_san, check_pkinit_san }, - { "dns-srv", oid_id_pkix_on_dnsSRV, check_dnssrv_san } + { "jabber", oid_id_pkix_on_xmppAddr, check_utf8_string_san }, + { "dns-srv", oid_id_pkix_on_dnsSRV, check_altnull }, + { "card-id", oid_id_uspkicommon_card_id, check_altnull }, + { "Microsoft NT-PRINCIPAL-NAME", oid_id_pkinit_ms_san, check_utf8_string_san } }; static int check_altName(hx509_validate_ctx ctx, + struct cert_status *status, const char *name, enum critical_flag cf, const Extension *e) @@ -257,20 +454,24 @@ check_altName(hx509_validate_ctx ctx, size_t size; int ret, i; - check_Null(ctx, cf, e); + check_Null(ctx, status, cf, e); if (e->extnValue.length == 0) { - printf("%sAltName empty, not allowed", name); + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "%sAltName empty, not allowed", name); return 1; } ret = decode_GeneralNames(e->extnValue.data, e->extnValue.length, &gn, &size); if (ret) { - printf("\tret = %d while decoding %s GeneralNames\n", ret, name); + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "\tret = %d while decoding %s GeneralNames\n", + ret, name); return 1; } if (gn.len == 0) { - printf("%sAltName generalName empty, not allowed", name); + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "%sAltName generalName empty, not allowed\n", name); return 1; } @@ -278,7 +479,9 @@ check_altName(hx509_validate_ctx ctx, switch (gn.val[i].element) { case choice_GeneralName_otherName: { unsigned j; - validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%sAltName otherName ", name); + + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "%sAltName otherName ", name); for (j = 0; j < sizeof(check_altname)/sizeof(check_altname[0]); j++) { if (der_heim_oid_cmp((*check_altname[j].oid)(), @@ -298,41 +501,18 @@ check_altName(hx509_validate_ctx ctx, validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "\n"); break; } - case choice_GeneralName_rfc822Name: - validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "rfc822Name: %s\n", - gn.val[i].u.rfc822Name); - break; - case choice_GeneralName_dNSName: - validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "dNSName: %s\n", - gn.val[i].u.dNSName); - break; - case choice_GeneralName_directoryName: { - Name dir; + default: { char *s; - dir.element = gn.val[i].u.directoryName.element; - dir.u.rdnSequence = gn.val[i].u.directoryName.u.rdnSequence; - ret = _hx509_unparse_Name(&dir, &s); + ret = hx509_general_name_unparse(&gn.val[i], &s); if (ret) { - printf("unable to parse %sAltName directoryName\n", name); + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "ret = %d unparsing GeneralName\n", ret); return 1; } - validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "directoryName: %s\n", s); + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s\n", s); free(s); break; } - case choice_GeneralName_uniformResourceIdentifier: - validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "uri: %s\n", - gn.val[i].u.uniformResourceIdentifier); - break; - case choice_GeneralName_iPAddress: - validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "ip address\n"); - break; - case choice_GeneralName_registeredID: - validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "registered id: "); - hx509_oid_print(&gn.val[i].u.registeredID, - validate_vprint, ctx); - validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "\n"); - break; } } @@ -343,23 +523,28 @@ check_altName(hx509_validate_ctx ctx, static int check_subjectAltName(hx509_validate_ctx ctx, + struct cert_status *status, enum critical_flag cf, const Extension *e) { - return check_altName(ctx, "subject", cf, e); + status->haveSAN = 1; + return check_altName(ctx, status, "subject", cf, e); } static int check_issuerAltName(hx509_validate_ctx ctx, + struct cert_status *status, enum critical_flag cf, const Extension *e) { - return check_altName(ctx, "issuer", cf, e); + status->haveIAN = 1; + return check_altName(ctx, status, "issuer", cf, e); } static int check_basicConstraints(hx509_validate_ctx ctx, + struct cert_status *status, enum critical_flag cf, const Extension *e) { @@ -367,7 +552,7 @@ check_basicConstraints(hx509_validate_ctx ctx, size_t size; int ret; - check_Null(ctx, cf, e); + check_Null(ctx, status, cf, e); ret = decode_BasicConstraints(e->extnValue.data, e->extnValue.length, &b, &size); @@ -384,6 +569,30 @@ check_basicConstraints(hx509_validate_ctx ctx, validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "\tpathLenConstraint: %d\n", *b.pathLenConstraint); + if (b.cA) { + if (*b.cA) { + if (!e->critical) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Is a CA and not BasicConstraints CRITICAL\n"); + status->isca = 1; + } + else + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "cA is FALSE, not allowed to be\n"); + } + free_BasicConstraints(&b); + + return 0; +} + +static int +check_proxyCertInfo(hx509_validate_ctx ctx, + struct cert_status *status, + enum critical_flag cf, + const Extension *e) +{ + status->isproxy = 1; + return 0; } @@ -391,6 +600,7 @@ struct { const char *name; const heim_oid *(*oid)(void); int (*func)(hx509_validate_ctx ctx, + struct cert_status *status, enum critical_flag cf, const Extension *); enum critical_flag cf; @@ -401,7 +611,7 @@ struct { { ext(keyUsage, Null), S_C }, { ext(subjectAltName, subjectAltName), M_N_C }, { ext(issuerAltName, issuerAltName), S_N_C }, - { ext(basicConstraints, basicConstraints), M_C }, + { ext(basicConstraints, basicConstraints), D_C }, { ext(cRLNumber, Null), M_N_C }, { ext(cRLReason, Null), M_N_C }, { ext(holdInstructionCode, Null), M_N_C }, @@ -410,14 +620,20 @@ struct { { ext(issuingDistributionPoint, Null), M_C }, { ext(certificateIssuer, Null), M_C }, { ext(nameConstraints, Null), M_C }, - { ext(cRLDistributionPoints, Null), S_N_C }, + { ext(cRLDistributionPoints, CRLDistributionPoints), S_N_C }, { ext(certificatePolicies, Null) }, { ext(policyMappings, Null), M_N_C }, - { ext(authorityKeyIdentifier, Null), M_N_C }, + { ext(authorityKeyIdentifier, authorityKeyIdentifier), M_N_C }, { ext(policyConstraints, Null), D_C }, { ext(extKeyUsage, Null), D_C }, { ext(freshestCRL, Null), M_N_C }, { ext(inhibitAnyPolicy, Null), M_C }, + { "proxyCertInfo", oid_id_pe_proxyCertInfo, + check_proxyCertInfo, M_C }, + { "US Fed PKI - PIV Interim", oid_id_uspkicommon_piv_interim, + check_Null, D_C }, + { "Netscape cert comment", oid_id_netscape_cert_comment, + check_Null, D_C }, { NULL } }; @@ -459,31 +675,45 @@ hx509_validate_cert(hx509_context context, { Certificate *c = _hx509_get_cert(cert); TBSCertificate *t = &c->tbsCertificate; - hx509_name name; + hx509_name issuer, subject; char *str; + struct cert_status status; + int ret; + + memset(&status, 0, sizeof(status)); if (_hx509_cert_get_version(c) != 3) validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "Not version 3 certificate\n"); - if (t->version && *t->version < 2 && t->extensions) + if ((t->version == NULL || *t->version < 2) && t->extensions) validate_print(ctx, HX509_VALIDATE_F_VALIDATE, "Not version 3 certificate with extensions\n"); - _hx509_name_from_Name(&t->subject, &name); - hx509_name_to_string(name, &str); - hx509_name_free(&name); + if (_hx509_cert_get_version(c) >= 3 && t->extensions == NULL) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Version 3 certificate without extensions\n"); + + ret = hx509_cert_get_subject(cert, &subject); + if (ret) abort(); + hx509_name_to_string(subject, &str); validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "subject name: %s\n", str); free(str); - _hx509_name_from_Name(&t->issuer, &name); - hx509_name_to_string(name, &str); - hx509_name_free(&name); + ret = hx509_cert_get_issuer(cert, &issuer); + if (ret) abort(); + hx509_name_to_string(issuer, &str); validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "issuer name: %s\n", str); free(str); + if (hx509_name_cmp(subject, issuer) == 0) { + status.selfsigned = 1; + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "\tis a self-signed certificate\n"); + } + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "Validity:\n"); @@ -528,11 +758,68 @@ hx509_validate_cert(hx509_context context, "checking extention: %s\n", check_extension[j].name); (*check_extension[j].func)(ctx, + &status, check_extension[j].cf, &t->extensions->val[i]); } } else validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "no extentions\n"); + if (status.isca) { + if (!status.haveSKI) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "CA certificate have no SubjectKeyIdentifier\n"); + + } else { + if (!status.haveAKI) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Is not CA and doesn't have " + "AuthorityKeyIdentifier\n"); + } + + + if (!status.haveSKI) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Doesn't have SubjectKeyIdentifier\n"); + + if (status.isproxy && status.isca) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Proxy and CA at the same time!\n"); + + if (status.isproxy) { + if (status.haveSAN) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Proxy and have SAN\n"); + if (status.haveIAN) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Proxy and have IAN\n"); + } + + if (hx509_name_is_null_p(subject) && !status.haveSAN) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "NULL subject DN and doesn't have a SAN\n"); + + if (!status.selfsigned && !status.haveCRLDP) + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Not a CA nor PROXY and doesn't have" + "CRL Dist Point\n"); + + if (status.selfsigned) { + ret = _hx509_verify_signature_bitstring(context, + c, + &c->signatureAlgorithm, + &c->tbsCertificate._save, + &c->signatureValue); + if (ret == 0) + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "Self-signed certificate was self-signed\n"); + else + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Self-signed certificate NOT really self-signed!\n"); + } + + hx509_name_free(&subject); + hx509_name_free(&issuer); + return 0; } diff --git a/source4/heimdal/lib/hx509/req.c b/source4/heimdal/lib/hx509/req.c index ca7baa514b..34e3a4ea27 100644 --- a/source4/heimdal/lib/hx509/req.c +++ b/source4/heimdal/lib/hx509/req.c @@ -33,7 +33,7 @@ #include "hx_locl.h" #include -RCSID("$Id: req.c,v 1.7 2007/01/04 20:20:11 lha Exp $"); +RCSID("$Id: req.c 20934 2007-06-06 15:30:02Z lha $"); struct hx509_request_data { hx509_name name; @@ -191,7 +191,7 @@ _hx509_request_to_pkcs10(hx509_context context, ret = _hx509_create_signature(context, signer, - hx509_signature_rsa_with_sha1(), + _hx509_crypto_default_sig_alg, &data, &r.signatureAlgorithm, &os); diff --git a/source4/heimdal/lib/hx509/revoke.c b/source4/heimdal/lib/hx509/revoke.c index 8067b29c10..0d477945c8 100644 --- a/source4/heimdal/lib/hx509/revoke.c +++ b/source4/heimdal/lib/hx509/revoke.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: revoke.c,v 1.32 2006/12/30 17:09:06 lha Exp $"); +RCSID("$Id: revoke.c 20871 2007-06-03 21:22:51Z lha $"); struct revoke_crl { char *path; @@ -281,8 +281,11 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp) ret = parse_ocsp_basic(data, length, &basic); _hx509_unmap_file(data, length); - if (ret) + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to parse OCSP response"); return ret; + } if (basic.certs) { int i; @@ -442,7 +445,8 @@ verify_crl(hx509_context context, &crl->tbsCertList._save, &crl->signatureValue); if (ret) { - hx509_set_error_string(context, HX509_ERROR_APPEND, ret, "CRL signature invalid"); + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + "CRL signature invalid"); goto out; } @@ -800,7 +804,7 @@ hx509_ocsp_request(hx509_context context, memset(&req, 0, sizeof(req)); if (digest == NULL) - digest = hx509_signature_sha1(); + digest = _hx509_crypto_default_digest_alg; ctx.req = &req.tbsRequest; ctx.certs = pool; @@ -922,7 +926,7 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out) fprintf(out, "replies: %d\n", ocsp.ocsp.tbsResponseData.responses.len); for (i = 0; i < ocsp.ocsp.tbsResponseData.responses.len; i++) { - char *status; + const char *status; switch (ocsp.ocsp.tbsResponseData.responses.val[i].certStatus.element) { case choice_OCSPCertStatus_good: status = "good"; @@ -955,6 +959,12 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out) return ret; } +/* + * Verify that the `cert' is part of the OCSP reply and its not + * expired. Doesn't verify signature the OCSP reply or its done by a + * authorized sender, that is assumed to be already done. + */ + int hx509_ocsp_verify(hx509_context context, time_t now, @@ -967,12 +977,17 @@ hx509_ocsp_verify(hx509_context context, OCSPBasicOCSPResponse basic; int ret, i; + if (now == 0) + now = time(NULL); + *expiration = 0; ret = parse_ocsp_basic(data, length, &basic); - if (ret) + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to parse OCSP response"); return ret; - + } for (i = 0; i < basic.tbsResponseData.responses.len; i++) { @@ -1003,18 +1018,244 @@ hx509_ocsp_verify(hx509_context context, now + context->ocsp_time_diff) continue; - /* don't allow the next updte to be in the past */ + /* don't allow the next update to be in the past */ if (basic.tbsResponseData.responses.val[i].nextUpdate) { if (*basic.tbsResponseData.responses.val[i].nextUpdate < now) continue; + *expiration = *basic.tbsResponseData.responses.val[i].nextUpdate; } else - continue; - - *expiration = *basic.tbsResponseData.responses.val[i].nextUpdate; + *expiration = now; + free_OCSPBasicOCSPResponse(&basic); return 0; } + free_OCSPBasicOCSPResponse(&basic); + { + hx509_name name; + char *subject; + + ret = hx509_cert_get_subject(cert, &name); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + ret = hx509_name_to_string(name, &subject); + hx509_name_free(&name); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + hx509_set_error_string(context, 0, HX509_CERT_NOT_IN_OCSP, + "Certificate %s not in OCSP response " + "or not good", + subject); + free(subject); + } +out: + return HX509_CERT_NOT_IN_OCSP; +} + +struct hx509_crl { + hx509_certs revoked; + time_t expire; +}; + +int +hx509_crl_alloc(hx509_context context, hx509_crl *crl) +{ + int ret; + + *crl = calloc(1, sizeof(**crl)); + if (*crl == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + + ret = hx509_certs_init(context, "MEMORY:crl", 0, NULL, &(*crl)->revoked); + if (ret) { + free(*crl); + *crl = NULL; + } + (*crl)->expire = 0; + return ret; +} + +int +hx509_crl_add_revoked_certs(hx509_context context, + hx509_crl crl, + hx509_certs certs) +{ + return hx509_certs_merge(context, crl->revoked, certs); +} + +int +hx509_crl_lifetime(hx509_context context, hx509_crl crl, int delta) +{ + crl->expire = time(NULL) + delta; + return 0; +} + + +void +hx509_crl_free(hx509_context context, hx509_crl *crl) +{ + if (*crl == NULL) + return; + hx509_certs_free(&(*crl)->revoked); + memset(*crl, 0, sizeof(**crl)); + free(*crl); + *crl = NULL; +} + +static int +add_revoked(hx509_context context, void *ctx, hx509_cert cert) +{ + TBSCRLCertList *c = ctx; + unsigned int num; + void *ptr; + int ret; + + num = c->revokedCertificates->len; + ptr = realloc(c->revokedCertificates->val, + (num + 1) * sizeof(c->revokedCertificates->val[0])); + if (ptr == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + c->revokedCertificates->val = ptr; + + ret = hx509_cert_get_serialnumber(cert, + &c->revokedCertificates->val[num].userCertificate); + if (ret) { + hx509_clear_error_string(context); + return ret; + } + c->revokedCertificates->val[num].revocationDate.element = + choice_Time_generalTime; + c->revokedCertificates->val[num].revocationDate.u.generalTime = + time(NULL) - 3600 * 24; + c->revokedCertificates->val[num].crlEntryExtensions = NULL; + + c->revokedCertificates->len++; + + return 0; +} + + +int +hx509_crl_sign(hx509_context context, + hx509_cert signer, + hx509_crl crl, + heim_octet_string *os) +{ + const AlgorithmIdentifier *sigalg = _hx509_crypto_default_sig_alg; + CRLCertificateList c; + size_t size; + int ret; + hx509_private_key signerkey; + + memset(&c, 0, sizeof(c)); + + signerkey = _hx509_cert_private_key(signer); + if (signerkey == NULL) { + ret = HX509_PRIVATE_KEY_MISSING; + hx509_set_error_string(context, 0, ret, + "Private key missing for CRL signing"); + return ret; + } + + c.tbsCertList.version = malloc(sizeof(*c.tbsCertList.version)); + if (c.tbsCertList.version == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + + *c.tbsCertList.version = 1; + + ret = copy_AlgorithmIdentifier(sigalg, &c.tbsCertList.signature); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + + ret = copy_Name(&_hx509_get_cert(signer)->tbsCertificate.issuer, + &c.tbsCertList.issuer); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + + c.tbsCertList.thisUpdate.element = choice_Time_generalTime; + c.tbsCertList.thisUpdate.u.generalTime = time(NULL) - 24 * 3600; + + c.tbsCertList.nextUpdate = malloc(sizeof(*c.tbsCertList.nextUpdate)); + if (c.tbsCertList.nextUpdate == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + ret = ENOMEM; + goto out; + } + + { + time_t next = crl->expire; + if (next == 0) + next = time(NULL) + 24 * 3600 * 365; + + c.tbsCertList.nextUpdate->element = choice_Time_generalTime; + c.tbsCertList.nextUpdate->u.generalTime = next; + } + + c.tbsCertList.revokedCertificates = + calloc(1, sizeof(*c.tbsCertList.revokedCertificates)); + if (c.tbsCertList.revokedCertificates == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + ret = ENOMEM; + goto out; + } + c.tbsCertList.crlExtensions = NULL; + + ret = hx509_certs_iter(context, crl->revoked, add_revoked, &c.tbsCertList); + if (ret) + goto out; + + /* if not revoked certs, remove OPTIONAL entry */ + if (c.tbsCertList.revokedCertificates->len == 0) { + free(c.tbsCertList.revokedCertificates); + c.tbsCertList.revokedCertificates = NULL; + } + + ASN1_MALLOC_ENCODE(TBSCRLCertList, os->data, os->length, + &c.tbsCertList, &size, ret); + if (ret) { + hx509_set_error_string(context, 0, ret, "failed to encode tbsCRL"); + goto out; + } + if (size != os->length) + _hx509_abort("internal ASN.1 encoder error"); + + + ret = _hx509_create_signature_bitstring(context, + signerkey, + sigalg, + os, + &c.signatureAlgorithm, + &c.signatureValue); + free(os->data); + + ASN1_MALLOC_ENCODE(CRLCertificateList, os->data, os->length, + &c, &size, ret); + free_CRLCertificateList(&c); + if (ret) { + hx509_set_error_string(context, 0, ret, "failed to encode CRL"); + goto out; + } + if (size != os->length) + _hx509_abort("internal ASN.1 encoder error"); + return 0; + +out: + free_CRLCertificateList(&c); + return ret; } diff --git a/source4/heimdal/lib/hx509/test_name.c b/source4/heimdal/lib/hx509/test_name.c index 9017e54ab1..2c6dd516cb 100644 --- a/source4/heimdal/lib/hx509/test_name.c +++ b/source4/heimdal/lib/hx509/test_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: test_name.c,v 1.6 2006/12/30 23:04:54 lha Exp $"); +RCSID("$Id: test_name.c 19882 2007-01-13 01:02:57Z lha $"); static int test_name(hx509_context context, const char *name) @@ -69,6 +69,39 @@ test_name_fail(hx509_context context, const char *name) return 1; } +static int +test_expand(hx509_context context, const char *name, const char *expected) +{ + hx509_env env; + hx509_name n; + char *s; + int ret; + + hx509_env_init(context, &env); + hx509_env_add(context, env, "uid", "lha"); + + ret = hx509_parse_name(context, name, &n); + if (ret) + return 1; + + ret = hx509_name_expand(context, n, env); + hx509_env_free(&env); + if (ret) + return 1; + + ret = hx509_name_to_string(n, &s); + hx509_name_free(&n); + if (ret) + return 1; + + ret = strcmp(s, expected) != 0; + free(s); + if (ret) + return 1; + + return 0; +} + int main(int argc, char **argv) { @@ -86,6 +119,13 @@ main(int argc, char **argv) ret += test_name_fail(context, "CN=foo,=foo"); ret += test_name_fail(context, "CN=foo,really-unknown-type=foo"); + ret += test_expand(context, "UID=${uid},C=SE", "UID=lha,C=SE"); + ret += test_expand(context, "UID=foo${uid},C=SE", "UID=foolha,C=SE"); + ret += test_expand(context, "UID=${uid}bar,C=SE", "UID=lhabar,C=SE"); + ret += test_expand(context, "UID=f${uid}b,C=SE", "UID=flhab,C=SE"); + ret += test_expand(context, "UID=${uid}${uid},C=SE", "UID=lhalha,C=SE"); + ret += test_expand(context, "UID=${uid}{uid},C=SE", "UID=lha{uid},C=SE"); + hx509_context_free(&context); return ret; diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c index d20c24699b..999ce7f120 100644 --- a/source4/heimdal/lib/krb5/acache.c +++ b/source4/heimdal/lib/krb5/acache.c @@ -37,7 +37,7 @@ #include #endif -RCSID("$Id: acache.c,v 1.17 2007/01/08 15:31:01 lha Exp $"); +RCSID("$Id: acache.c 19764 2007-01-08 15:31:01Z lha $"); /* XXX should we fetch these for each open ? */ static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; diff --git a/source4/heimdal/lib/krb5/add_et_list.c b/source4/heimdal/lib/krb5/add_et_list.c index 3b9773bebb..a6005c6859 100644 --- a/source4/heimdal/lib/krb5/add_et_list.c +++ b/source4/heimdal/lib/krb5/add_et_list.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: add_et_list.c,v 1.3 2004/04/13 14:33:45 lha Exp $"); +RCSID("$Id: add_et_list.c 13713 2004-04-13 14:33:45Z lha $"); /* * Add a specified list of error messages to the et list in context. diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c index f68be423b0..8c31843058 100644 --- a/source4/heimdal/lib/krb5/addr_families.c +++ b/source4/heimdal/lib/krb5/addr_families.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c,v 1.53 2006/10/22 06:54:00 lha Exp $"); +RCSID("$Id: addr_families.c 18805 2006-10-22 06:54:00Z lha $"); struct addr_operations { int af; diff --git a/source4/heimdal/lib/krb5/appdefault.c b/source4/heimdal/lib/krb5/appdefault.c index 03fa933b6f..b0bb171f4a 100644 --- a/source4/heimdal/lib/krb5/appdefault.c +++ b/source4/heimdal/lib/krb5/appdefault.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: appdefault.c,v 1.10 2005/01/05 05:40:59 lukeh Exp $"); +RCSID("$Id: appdefault.c 14465 2005-01-05 05:40:59Z lukeh $"); void KRB5_LIB_FUNCTION krb5_appdefault_boolean(krb5_context context, const char *appname, diff --git a/source4/heimdal/lib/krb5/asn1_glue.c b/source4/heimdal/lib/krb5/asn1_glue.c index b07e058550..6b7d40d453 100644 --- a/source4/heimdal/lib/krb5/asn1_glue.c +++ b/source4/heimdal/lib/krb5/asn1_glue.c @@ -37,7 +37,7 @@ #include "krb5_locl.h" -RCSID("$Id: asn1_glue.c,v 1.10 2006/10/06 17:02:48 lha Exp $"); +RCSID("$Id: asn1_glue.c 18269 2006-10-06 17:02:48Z lha $"); krb5_error_code KRB5_LIB_FUNCTION _krb5_principal2principalname (PrincipalName *p, @@ -47,23 +47,14 @@ _krb5_principal2principalname (PrincipalName *p, } krb5_error_code KRB5_LIB_FUNCTION -_krb5_principalname2krb5_principal (krb5_context context, +_krb5_principalname2krb5_principal (krb5_context context, krb5_principal *principal, const PrincipalName from, const Realm realm) { - if (from.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) { - if (from.name_string.len != 1) { - return KRB5_PARSE_MALFORMED; - } - return krb5_parse_name(context, - from.name_string.val[0], - principal); - } else { - krb5_principal p = malloc(sizeof(*p)); - copy_PrincipalName(&from, &p->name); - p->realm = strdup(realm); - *principal = p; - } + krb5_principal p = malloc(sizeof(*p)); + copy_PrincipalName(&from, &p->name); + p->realm = strdup(realm); + *principal = p; return 0; } diff --git a/source4/heimdal/lib/krb5/auth_context.c b/source4/heimdal/lib/krb5/auth_context.c index b8ce65d9a5..5e08f15ad4 100644 --- a/source4/heimdal/lib/krb5/auth_context.c +++ b/source4/heimdal/lib/krb5/auth_context.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: auth_context.c,v 1.62 2005/01/05 02:34:08 lukeh Exp $"); +RCSID("$Id: auth_context.c 14452 2005-01-05 02:34:08Z lukeh $"); krb5_error_code KRB5_LIB_FUNCTION krb5_auth_con_init(krb5_context context, diff --git a/source4/heimdal/lib/krb5/build_ap_req.c b/source4/heimdal/lib/krb5/build_ap_req.c index e11744cc3a..b1968fe817 100644 --- a/source4/heimdal/lib/krb5/build_ap_req.c +++ b/source4/heimdal/lib/krb5/build_ap_req.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: build_ap_req.c,v 1.20 2004/05/25 21:18:17 lha Exp $"); +RCSID("$Id: build_ap_req.c 13863 2004-05-25 21:46:46Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_build_ap_req (krb5_context context, diff --git a/source4/heimdal/lib/krb5/build_auth.c b/source4/heimdal/lib/krb5/build_auth.c index 9eff09bb0a..f8739c044d 100644 --- a/source4/heimdal/lib/krb5/build_auth.c +++ b/source4/heimdal/lib/krb5/build_auth.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: build_auth.c,v 1.43 2006/04/10 08:53:21 lha Exp $"); +RCSID("$Id: build_auth.c 17033 2006-04-10 08:53:21Z lha $"); static krb5_error_code make_etypelist(krb5_context context, diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index a96870a7de..5be3935f2b 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c,v 1.82 2006/09/12 17:35:33 lha Exp $"); +RCSID("$Id: cache.c 20503 2007-04-21 22:03:56Z lha $"); /* * Add a new ccache type with operations `ops', overwriting any @@ -473,7 +473,8 @@ krb5_cc_store_cred(krb5_context context, /* * Retrieve the credential identified by `mcreds' (and `whichfields') - * from `id' in `creds'. + * from `id' in `creds'. 'creds' must be free by the caller using + * krb5_free_cred_contents. * Return 0 or an error code. */ diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c index ba584a04a4..3ceb6df89c 100644 --- a/source4/heimdal/lib/krb5/changepw.c +++ b/source4/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: changepw.c,v 1.56 2006/05/05 09:26:47 lha Exp $"); +RCSID("$Id: changepw.c 17442 2006-05-05 09:31:15Z lha $"); static void str2data (krb5_data *d, diff --git a/source4/heimdal/lib/krb5/codec.c b/source4/heimdal/lib/krb5/codec.c index 080e8a6511..0d36b4b442 100644 --- a/source4/heimdal/lib/krb5/codec.c +++ b/source4/heimdal/lib/krb5/codec.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: codec.c,v 1.9 2004/05/25 21:19:37 lha Exp $"); +RCSID("$Id: codec.c 13863 2004-05-25 21:46:46Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_decode_EncTicketPart (krb5_context context, diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c index bbd9cf4c78..ac5eba39dc 100644 --- a/source4/heimdal/lib/krb5/config_file.c +++ b/source4/heimdal/lib/krb5/config_file.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file.c,v 1.55 2006/12/04 23:35:54 lha Exp $"); +RCSID("$Id: config_file.c 19213 2006-12-04 23:36:36Z lha $"); #ifndef HAVE_NETINFO diff --git a/source4/heimdal/lib/krb5/config_file_netinfo.c b/source4/heimdal/lib/krb5/config_file_netinfo.c index 6e72509ab6..1e01e7c5ff 100644 --- a/source4/heimdal/lib/krb5/config_file_netinfo.c +++ b/source4/heimdal/lib/krb5/config_file_netinfo.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file_netinfo.c,v 1.4 2004/05/25 21:20:18 lha Exp $"); +RCSID("$Id: config_file_netinfo.c 13863 2004-05-25 21:46:46Z lha $"); /* * Netinfo implementation from Luke Howard diff --git a/source4/heimdal/lib/krb5/constants.c b/source4/heimdal/lib/krb5/constants.c index 89ebc34a1a..5188a1d3a8 100644 --- a/source4/heimdal/lib/krb5/constants.c +++ b/source4/heimdal/lib/krb5/constants.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: constants.c,v 1.8 2004/09/23 07:57:37 joda Exp $"); +RCSID("$Id: constants.c 14253 2004-09-23 07:57:37Z joda $"); const char *krb5_config_file = #ifdef __APPLE__ diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index d0317da375..b54e293a60 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: context.c,v 1.112 2006/11/24 14:24:33 lha Exp $"); +RCSID("$Id: context.c 19107 2006-11-24 14:24:33Z lha $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ diff --git a/source4/heimdal/lib/krb5/convert_creds.c b/source4/heimdal/lib/krb5/convert_creds.c index bff56a2602..1d1b4d7070 100644 --- a/source4/heimdal/lib/krb5/convert_creds.c +++ b/source4/heimdal/lib/krb5/convert_creds.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: convert_creds.c,v 1.32 2005/04/23 19:40:57 lha Exp $"); +RCSID("$Id: convert_creds.c 14897 2005-04-23 19:40:57Z lha $"); #include "krb5-v4compat.h" diff --git a/source4/heimdal/lib/krb5/copy_host_realm.c b/source4/heimdal/lib/krb5/copy_host_realm.c index eb77fba024..4e668c2a14 100644 --- a/source4/heimdal/lib/krb5/copy_host_realm.c +++ b/source4/heimdal/lib/krb5/copy_host_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: copy_host_realm.c,v 1.5 2004/05/25 21:21:17 lha Exp $"); +RCSID("$Id: copy_host_realm.c 13863 2004-05-25 21:46:46Z lha $"); /* * Copy the list of realms from `from' to `to'. diff --git a/source4/heimdal/lib/krb5/crc.c b/source4/heimdal/lib/krb5/crc.c index 4cfed75154..072c29d689 100644 --- a/source4/heimdal/lib/krb5/crc.c +++ b/source4/heimdal/lib/krb5/crc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: crc.c,v 1.10 2006/05/05 09:27:09 lha Exp $"); +RCSID("$Id: crc.c 17442 2006-05-05 09:31:15Z lha $"); static u_long table[256]; diff --git a/source4/heimdal/lib/krb5/creds.c b/source4/heimdal/lib/krb5/creds.c index 2afd0725f1..d4d83162f1 100644 --- a/source4/heimdal/lib/krb5/creds.c +++ b/source4/heimdal/lib/krb5/creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: creds.c,v 1.20 2005/05/18 04:21:04 lha Exp $"); +RCSID("$Id: creds.c 15167 2005-05-18 04:21:57Z lha $"); /* keep this for compatibility with older code */ krb5_error_code KRB5_LIB_FUNCTION diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 6d4a81baa8..93f3e44ba1 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.146 2006/11/17 21:58:47 lha Exp $"); +RCSID("$Id: crypto.c 20981 2007-06-07 20:05:50Z lha $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -57,8 +57,6 @@ struct krb5_crypto_data { struct key_usage *key_usage; }; -#define kcrypto_oid_enc(n) { sizeof(n)/sizeof(n[0]), n } - #define CRYPTO_ETYPE(C) ((C)->et->type) /* bits for `flags' below */ @@ -82,7 +80,6 @@ struct key_type { const char *name; size_t bits; size_t size; - size_t minsize; size_t schedule_size; #if 0 krb5_enctype best_etype; @@ -128,6 +125,9 @@ struct encryption_type { krb5_boolean encryptp, int usage, void *ivec); + size_t prf_length; + krb5_error_code (*prf)(krb5_context, + krb5_crypto, const krb5_data *, krb5_data *); }; #define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA) @@ -724,7 +724,6 @@ static struct key_type keytype_null = { 0, 0, 0, - 0, NULL, NULL, NULL @@ -735,7 +734,6 @@ static struct key_type keytype_des = { "des", 56, sizeof(DES_cblock), - sizeof(DES_cblock), sizeof(DES_key_schedule), krb5_DES_random_key, krb5_DES_schedule, @@ -748,7 +746,6 @@ static struct key_type keytype_des3 = { "des3", 168, 3 * sizeof(DES_cblock), - 3 * sizeof(DES_cblock), 3 * sizeof(DES_key_schedule), DES3_random_key, DES3_schedule, @@ -761,7 +758,6 @@ static struct key_type keytype_des3_derived = { "des3", 168, 3 * sizeof(DES_cblock), - 3 * sizeof(DES_cblock), 3 * sizeof(DES_key_schedule), DES3_random_key, DES3_schedule, @@ -774,7 +770,6 @@ static struct key_type keytype_aes128 = { "aes-128", 128, 16, - 16, sizeof(struct krb5_aes_schedule), NULL, AES_schedule, @@ -786,7 +781,6 @@ static struct key_type keytype_aes256 = { "aes-256", 256, 32, - 32, sizeof(struct krb5_aes_schedule), NULL, AES_schedule, @@ -798,7 +792,6 @@ static struct key_type keytype_arcfour = { "arcfour", 128, 16, - 16, sizeof(RC4_KEY), NULL, ARCFOUR_schedule, @@ -2450,6 +2443,58 @@ ARCFOUR_encrypt(krb5_context context, } +/* + * + */ + +static krb5_error_code +AES_PRF(krb5_context context, + krb5_crypto crypto, + const krb5_data *in, + krb5_data *out) +{ + struct checksum_type *ct = crypto->et->checksum; + krb5_error_code ret; + Checksum result; + krb5_keyblock *derived; + + result.cksumtype = ct->type; + ret = krb5_data_alloc(&result.checksum, ct->checksumsize); + if (ret) { + krb5_set_error_string(context, "out memory"); + return ret; + } + + (*ct->checksum)(context, NULL, in->data, in->length, 0, &result); + + if (result.checksum.length < crypto->et->blocksize) + krb5_abortx(context, "internal prf error"); + + derived = NULL; + ret = krb5_derive_key(context, crypto->key.key, + crypto->et->type, "prf", 3, &derived); + if (ret) + krb5_abortx(context, "krb5_derive_key"); + + ret = krb5_data_alloc(out, crypto->et->blocksize); + if (ret) + krb5_abortx(context, "malloc failed"); + + { + AES_KEY key; + + AES_set_encrypt_key(derived->keyvalue.data, + crypto->et->keytype->bits, &key); + AES_encrypt(result.checksum.data, out->data, &key); + memset(&key, 0, sizeof(key)); + } + + krb5_data_free(&result.checksum); + krb5_free_keyblock(context, derived); + + return ret; +} + /* * these should currently be in reverse preference order. * (only relevant for !F_PSEUDO) */ @@ -2466,6 +2511,8 @@ static struct encryption_type enctype_null = { NULL, F_DISABLED, NULL_encrypt, + 0, + NULL }; static struct encryption_type enctype_des_cbc_crc = { ETYPE_DES_CBC_CRC, @@ -2479,6 +2526,8 @@ static struct encryption_type enctype_des_cbc_crc = { NULL, 0, DES_CBC_encrypt_key_ivec, + 0, + NULL }; static struct encryption_type enctype_des_cbc_md4 = { ETYPE_DES_CBC_MD4, @@ -2492,6 +2541,8 @@ static struct encryption_type enctype_des_cbc_md4 = { &checksum_rsa_md4_des, 0, DES_CBC_encrypt_null_ivec, + 0, + NULL }; static struct encryption_type enctype_des_cbc_md5 = { ETYPE_DES_CBC_MD5, @@ -2505,6 +2556,8 @@ static struct encryption_type enctype_des_cbc_md5 = { &checksum_rsa_md5_des, 0, DES_CBC_encrypt_null_ivec, + 0, + NULL }; static struct encryption_type enctype_arcfour_hmac_md5 = { ETYPE_ARCFOUR_HMAC_MD5, @@ -2517,7 +2570,9 @@ static struct encryption_type enctype_arcfour_hmac_md5 = { &checksum_hmac_md5, NULL, F_SPECIAL, - ARCFOUR_encrypt + ARCFOUR_encrypt, + 0, + NULL }; static struct encryption_type enctype_des3_cbc_md5 = { ETYPE_DES3_CBC_MD5, @@ -2531,6 +2586,8 @@ static struct encryption_type enctype_des3_cbc_md5 = { &checksum_rsa_md5_des3, 0, DES3_CBC_encrypt, + 0, + NULL }; static struct encryption_type enctype_des3_cbc_sha1 = { ETYPE_DES3_CBC_SHA1, @@ -2544,6 +2601,8 @@ static struct encryption_type enctype_des3_cbc_sha1 = { &checksum_hmac_sha1_des3, F_DERIVED, DES3_CBC_encrypt, + 0, + NULL }; static struct encryption_type enctype_old_des3_cbc_sha1 = { ETYPE_OLD_DES3_CBC_SHA1, @@ -2557,6 +2616,8 @@ static struct encryption_type enctype_old_des3_cbc_sha1 = { &checksum_hmac_sha1_des3, 0, DES3_CBC_encrypt, + 0, + NULL }; static struct encryption_type enctype_aes128_cts_hmac_sha1 = { ETYPE_AES128_CTS_HMAC_SHA1_96, @@ -2570,6 +2631,8 @@ static struct encryption_type enctype_aes128_cts_hmac_sha1 = { &checksum_hmac_sha1_aes128, F_DERIVED, AES_CTS_encrypt, + 16, + AES_PRF }; static struct encryption_type enctype_aes256_cts_hmac_sha1 = { ETYPE_AES256_CTS_HMAC_SHA1_96, @@ -2583,6 +2646,8 @@ static struct encryption_type enctype_aes256_cts_hmac_sha1 = { &checksum_hmac_sha1_aes256, F_DERIVED, AES_CTS_encrypt, + 16, + AES_PRF }; static struct encryption_type enctype_des_cbc_none = { ETYPE_DES_CBC_NONE, @@ -2596,6 +2661,8 @@ static struct encryption_type enctype_des_cbc_none = { NULL, F_PSEUDO, DES_CBC_encrypt_null_ivec, + 0, + NULL }; static struct encryption_type enctype_des_cfb64_none = { ETYPE_DES_CFB64_NONE, @@ -2609,6 +2676,8 @@ static struct encryption_type enctype_des_cfb64_none = { NULL, F_PSEUDO, DES_CFB64_encrypt_null_ivec, + 0, + NULL }; static struct encryption_type enctype_des_pcbc_none = { ETYPE_DES_PCBC_NONE, @@ -2622,6 +2691,8 @@ static struct encryption_type enctype_des_pcbc_none = { NULL, F_PSEUDO, DES_PCBC_encrypt_key_ivec, + 0, + NULL }; static struct encryption_type enctype_des3_cbc_none = { ETYPE_DES3_CBC_NONE, @@ -2635,6 +2706,8 @@ static struct encryption_type enctype_des3_cbc_none = { NULL, F_PSEUDO, DES3_CBC_encrypt, + 0, + NULL }; static struct encryption_type *etypes[] = { @@ -3090,8 +3163,8 @@ decrypt_internal_derived(krb5_context context, checksum_sz = CHECKSUMSIZE(et->keyed_checksum); if (len < checksum_sz) { - krb5_clear_error_string (context); - return EINVAL; /* XXX - better error code? */ + krb5_set_error_string(context, "Encrypted data shorter then checksum"); + return KRB5_BAD_MSIZE; } if (((len - checksum_sz) % et->padsize) != 0) { @@ -3357,11 +3430,8 @@ krb5_decrypt_EncryptedData(krb5_context context, * * ************************************************************/ -#ifdef HAVE_OPENSSL -#include +#define ENTROPY_NEEDED 128 -/* From openssl/crypto/rand/rand_lcl.h */ -#define ENTROPY_NEEDED 20 static int seed_something(void) { @@ -3417,7 +3487,8 @@ krb5_generate_random_block(void *buf, size_t len) HEIMDAL_MUTEX_lock(&crypto_mutex); if (!rng_initialized) { if (seed_something()) - krb5_abortx(NULL, "Fatal: could not seed the random number generator"); + krb5_abortx(NULL, "Fatal: could not seed the " + "random number generator"); rng_initialized = 1; } @@ -3426,38 +3497,6 @@ krb5_generate_random_block(void *buf, size_t len) krb5_abortx(NULL, "Failed to generate random block"); } -#else - -void KRB5_LIB_FUNCTION -krb5_generate_random_block(void *buf, size_t len) -{ - DES_cblock key, out; - static DES_cblock counter; - static DES_key_schedule schedule; - int i; - static int initialized = 0; - - HEIMDAL_MUTEX_lock(&crypto_mutex); - if(!initialized) { - DES_new_random_key(&key); - DES_set_key(&key, &schedule); - memset(&key, 0, sizeof(key)); - DES_new_random_key(&counter); - initialized = 1; - } - HEIMDAL_MUTEX_unlock(&crypto_mutex); - while(len > 0) { - DES_ecb_encrypt(&counter, &out, &schedule, DES_ENCRYPT); - for(i = 7; i >=0; i--) - if(counter[i]++) - break; - memcpy(buf, out, min(len, sizeof(out))); - len -= min(len, sizeof(out)); - buf = (char*)buf + sizeof(out); - } -} -#endif - static void DES3_postproc(krb5_context context, unsigned char *k, size_t len, struct key_data *key) @@ -3645,7 +3684,7 @@ krb5_crypto_init(krb5_context context, etype); return KRB5_PROG_ETYPE_NOSUPP; } - if((*crypto)->et->keytype->minsize > key->keyvalue.length) { + if((*crypto)->et->keytype->size != key->keyvalue.length) { free(*crypto); *crypto = NULL; krb5_set_error_string (context, "encryption key has bad length"); @@ -3844,6 +3883,50 @@ krb5_get_wrapped_length (krb5_context context, return wrapped_length (context, crypto, data_len); } +/* + * Return the size of an encrypted packet of length `data_len' + */ + +static size_t +crypto_overhead (krb5_context context, + krb5_crypto crypto) +{ + struct encryption_type *et = crypto->et; + size_t res; + + res = CHECKSUMSIZE(et->checksum); + res += et->confoundersize; + if (et->padsize > 1) + res += et->padsize; + return res; +} + +static size_t +crypto_overhead_dervied (krb5_context context, + krb5_crypto crypto) +{ + struct encryption_type *et = crypto->et; + size_t res; + + if (et->keyed_checksum) + res = CHECKSUMSIZE(et->keyed_checksum); + else + res = CHECKSUMSIZE(et->checksum); + res += et->confoundersize; + if (et->padsize > 1) + res += et->padsize; + return res; +} + +size_t +krb5_crypto_overhead (krb5_context context, krb5_crypto crypto) +{ + if (derived_crypto (context, crypto)) + return crypto_overhead_dervied (context, crypto); + else + return crypto_overhead (context, crypto); +} + krb5_error_code KRB5_LIB_FUNCTION krb5_random_to_key(krb5_context context, krb5_enctype type, @@ -3934,6 +4017,44 @@ _krb5_pk_octetstring2key(krb5_context context, return ret; } +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_prf_length(krb5_context context, + krb5_enctype type, + size_t *length) +{ + struct encryption_type *et = _find_enctype(type); + + if(et == NULL || et->prf_length == 0) { + krb5_set_error_string(context, "encryption type %d not supported", + type); + return KRB5_PROG_ETYPE_NOSUPP; + } + + *length = et->prf_length; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_prf(krb5_context context, + const krb5_crypto crypto, + const krb5_data *input, + krb5_data *output) +{ + struct encryption_type *et = crypto->et; + + krb5_data_zero(output); + + if(et->prf == NULL) { + krb5_set_error_string(context, "kerberos prf for %s not supported", + et->name); + return KRB5_PROG_ETYPE_NOSUPP; + } + + return (*et->prf)(context, crypto, input, output); +} + + + #ifdef CRYPTO_DEBUG diff --git a/source4/heimdal/lib/krb5/data.c b/source4/heimdal/lib/krb5/data.c index f0c6d00abe..2ece85bdb3 100644 --- a/source4/heimdal/lib/krb5/data.c +++ b/source4/heimdal/lib/krb5/data.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: data.c,v 1.21 2006/10/14 09:45:41 lha Exp $"); +RCSID("$Id: data.c 20039 2007-01-23 20:34:01Z lha $"); void KRB5_LIB_FUNCTION krb5_data_zero(krb5_data *p) @@ -118,3 +118,11 @@ krb5_copy_data(krb5_context context, } return ret; } + +int KRB5_LIB_FUNCTION +krb5_data_cmp(const krb5_data *data1, const krb5_data *data2) +{ + if (data1->length != data2->length) + return data1->length - data2->length; + return memcmp(data1->data, data2->data, data1->length); +} diff --git a/source4/heimdal/lib/krb5/eai_to_heim_errno.c b/source4/heimdal/lib/krb5/eai_to_heim_errno.c index f0d1f51033..c6b5cfb18b 100644 --- a/source4/heimdal/lib/krb5/eai_to_heim_errno.c +++ b/source4/heimdal/lib/krb5/eai_to_heim_errno.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: eai_to_heim_errno.c,v 1.5 2004/05/25 21:23:35 lha Exp $"); +RCSID("$Id: eai_to_heim_errno.c 13863 2004-05-25 21:46:46Z lha $"); /* * convert the getaddrinfo error code in `eai_errno' into a diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c index b672fe74f9..1ba6494487 100644 --- a/source4/heimdal/lib/krb5/error_string.c +++ b/source4/heimdal/lib/krb5/error_string.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: error_string.c,v 1.7 2006/02/16 07:49:23 lha Exp $"); +RCSID("$Id: error_string.c 16746 2006-02-16 07:49:23Z lha $"); #undef __attribute__ #define __attribute__(X) diff --git a/source4/heimdal/lib/krb5/expand_hostname.c b/source4/heimdal/lib/krb5/expand_hostname.c index 46e784f561..b2b410269e 100644 --- a/source4/heimdal/lib/krb5/expand_hostname.c +++ b/source4/heimdal/lib/krb5/expand_hostname.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: expand_hostname.c,v 1.14 2006/11/04 03:34:57 lha Exp $"); +RCSID("$Id: expand_hostname.c 18906 2006-11-04 03:34:57Z lha $"); static krb5_error_code copy_hostname(krb5_context context, diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c index 7441509e38..864efa8d7d 100644 --- a/source4/heimdal/lib/krb5/fcache.c +++ b/source4/heimdal/lib/krb5/fcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: fcache.c,v 1.54 2006/12/15 21:35:52 lha Exp $"); +RCSID("$Id: fcache.c 19379 2006-12-15 21:35:52Z lha $"); typedef struct krb5_fcache{ char *filename; diff --git a/source4/heimdal/lib/krb5/free.c b/source4/heimdal/lib/krb5/free.c index 84aa6f8c2c..1b0bd05412 100644 --- a/source4/heimdal/lib/krb5/free.c +++ b/source4/heimdal/lib/krb5/free.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: free.c,v 1.8 2005/05/18 10:06:16 lha Exp $"); +RCSID("$Id: free.c 15175 2005-05-18 10:06:16Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep) diff --git a/source4/heimdal/lib/krb5/free_host_realm.c b/source4/heimdal/lib/krb5/free_host_realm.c index 27afcdbb23..6b13ce7d0e 100644 --- a/source4/heimdal/lib/krb5/free_host_realm.c +++ b/source4/heimdal/lib/krb5/free_host_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: free_host_realm.c,v 1.5 2004/05/25 21:25:02 lha Exp $"); +RCSID("$Id: free_host_realm.c 13863 2004-05-25 21:46:46Z lha $"); /* * Free all memory allocated by `realmlist' diff --git a/source4/heimdal/lib/krb5/generate_seq_number.c b/source4/heimdal/lib/krb5/generate_seq_number.c index 7f79e29858..8a04f048c8 100644 --- a/source4/heimdal/lib/krb5/generate_seq_number.c +++ b/source4/heimdal/lib/krb5/generate_seq_number.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: generate_seq_number.c,v 1.10 2006/05/05 09:28:06 lha Exp $"); +RCSID("$Id: generate_seq_number.c 17442 2006-05-05 09:31:15Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_generate_seq_number(krb5_context context, diff --git a/source4/heimdal/lib/krb5/generate_subkey.c b/source4/heimdal/lib/krb5/generate_subkey.c index df4828d097..fb99cbbf3f 100644 --- a/source4/heimdal/lib/krb5/generate_subkey.c +++ b/source4/heimdal/lib/krb5/generate_subkey.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: generate_subkey.c,v 1.11 2005/01/05 02:39:21 lukeh Exp $"); +RCSID("$Id: generate_subkey.c 14455 2005-01-05 02:39:21Z lukeh $"); krb5_error_code KRB5_LIB_FUNCTION krb5_generate_subkey(krb5_context context, diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index 663b5e7f1b..761224b82c 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_cred.c,v 1.113 2006/11/21 05:14:01 lha Exp $"); +RCSID("$Id: get_cred.c 21004 2007-06-08 01:53:10Z lha $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -542,8 +542,8 @@ again: KRB5_KU_TGS_REP_ENC_PART_SESSION, &krbtgt->addresses, nonce, - TRUE, - TRUE /* flags.b.request_anonymous */, + EXTRACT_TICKET_ALLOW_CNAME_MISMATCH| + EXTRACT_TICKET_ALLOW_SERVER_MISMATCH, decrypt_tkt_with_subkey, subkey); krb5_free_kdc_rep(context, &rep); @@ -659,6 +659,20 @@ krb5_get_kdc_cred(krb5_context context, return ret; } +static void +not_found(krb5_context context, krb5_const_principal p) +{ + krb5_error_code ret; + char *str; + + ret = krb5_unparse_name(context, p, &str); + if(ret) { + krb5_clear_error_string(context); + return; + } + krb5_set_error_string(context, "Matching credential (%s) not found", str); + free(str); +} static krb5_error_code find_cred(krb5_context context, @@ -684,17 +698,7 @@ find_cred(krb5_context context, } tgts++; } - { - char *str; - ret = krb5_unparse_name(context, server, &str); - if(ret == 0) { - krb5_set_error_string(context, "Matching credential " - "(%s) not found", str); - free(str); - } else { - krb5_clear_error_string(context); - } - } + not_found(context, server); return KRB5_CC_NOTFOUND; } @@ -818,7 +822,7 @@ get_cred_from_kdc_flags(krb5_context context, } } if(krb5_realm_compare(context, in_creds->client, in_creds->server)) { - krb5_clear_error_string (context); + not_found(context, in_creds->server); return KRB5_CC_NOTFOUND; } /* XXX this can loop forever */ @@ -972,7 +976,7 @@ krb5_get_credentials_with_flags(krb5_context context, } free(res_creds); if(options & KRB5_GC_CACHED) { - krb5_clear_error_string (context); + not_found(context, in_creds->server); return KRB5_CC_NOTFOUND; } if(options & KRB5_GC_USER_USER) @@ -1175,7 +1179,7 @@ krb5_get_creds(krb5_context context, } free(res_creds); if(options & KRB5_GC_CACHED) { - krb5_clear_error_string (context); + not_found(context, in_creds.server); krb5_free_principal(context, in_creds.client); return KRB5_CC_NOTFOUND; } diff --git a/source4/heimdal/lib/krb5/get_default_principal.c b/source4/heimdal/lib/krb5/get_default_principal.c index 03e8f0a823..83fb2b0fa9 100644 --- a/source4/heimdal/lib/krb5/get_default_principal.c +++ b/source4/heimdal/lib/krb5/get_default_principal.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_default_principal.c,v 1.10 2005/04/20 20:53:29 lha Exp $"); +RCSID("$Id: get_default_principal.c 14870 2005-04-20 20:53:29Z lha $"); /* * Try to find out what's a reasonable default principal. diff --git a/source4/heimdal/lib/krb5/get_default_realm.c b/source4/heimdal/lib/krb5/get_default_realm.c index bb72daf373..09c8577b26 100644 --- a/source4/heimdal/lib/krb5/get_default_realm.c +++ b/source4/heimdal/lib/krb5/get_default_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_default_realm.c,v 1.13 2004/05/25 21:27:17 lha Exp $"); +RCSID("$Id: get_default_realm.c 13863 2004-05-25 21:46:46Z lha $"); /* * Return a NULL-terminated list of default realms in `realms'. diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index 6eebf1fa80..1bb98737d1 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_for_creds.c,v 1.49 2006/04/10 09:28:15 lha Exp $"); +RCSID("$Id: get_for_creds.c 17036 2006-04-10 09:28:15Z lha $"); static krb5_error_code add_addrs(krb5_context context, diff --git a/source4/heimdal/lib/krb5/get_host_realm.c b/source4/heimdal/lib/krb5/get_host_realm.c index ffc646d98b..d709e4b38d 100644 --- a/source4/heimdal/lib/krb5/get_host_realm.c +++ b/source4/heimdal/lib/krb5/get_host_realm.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: get_host_realm.c,v 1.37 2006/10/17 19:28:36 lha Exp $"); +RCSID("$Id: get_host_realm.c 18541 2006-10-17 19:28:36Z lha $"); /* To automagically find the correct realm of a host (without * [domain_realm] in krb5.conf) add a text record for your domain with diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c index e140011413..ec106bb7ec 100644 --- a/source4/heimdal/lib/krb5/get_in_tkt.c +++ b/source4/heimdal/lib/krb5/get_in_tkt.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt.c,v 1.119 2006/10/06 17:05:08 lha Exp $"); +RCSID("$Id: get_in_tkt.c 20226 2007-02-16 03:31:50Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_init_etype (krb5_context context, @@ -125,13 +125,12 @@ _krb5_extract_ticket(krb5_context context, krb5_key_usage key_usage, krb5_addresses *addrs, unsigned nonce, - krb5_boolean allow_server_mismatch, - krb5_boolean ignore_cname, + unsigned flags, krb5_decrypt_proc decrypt_proc, krb5_const_pointer decryptarg) { krb5_error_code ret; - krb5_principal tmp_principal, srv_principal = NULL; + krb5_principal tmp_principal; int tmp; size_t len; time_t tmp_time; @@ -143,8 +142,8 @@ _krb5_extract_ticket(krb5_context context, * as realm against windows KDC's, they always return the full realm * based on the DNS Name. */ -allow_server_mismatch = 1; -ignore_cname = 1; +flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; +flags |=EXTRACT_TICKET_ALLOW_CNAME_MISMATCH ; ret = _krb5_principalname2krb5_principal (context, &tmp_principal, @@ -155,7 +154,7 @@ ignore_cname = 1; /* compare client */ - if (!ignore_cname) { + if((flags & EXTRACT_TICKET_ALLOW_CNAME_MISMATCH) == 0){ tmp = krb5_principal_compare (context, tmp_principal, creds->client); if (!tmp) { krb5_free_principal (context, tmp_principal); @@ -177,60 +176,49 @@ ignore_cname = 1; krb5_abortx(context, "internal error in ASN.1 encoder"); creds->second_ticket.length = 0; creds->second_ticket.data = NULL; - - /* decrypt */ - - if (decrypt_proc == NULL) - decrypt_proc = decrypt_tkt; - - ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep); - if (ret) - goto out; - -#if 0 - /* XXX should this decode be here, or in the decrypt_proc? */ - ret = krb5_decode_keyblock(context, &rep->enc_part.key, 1); - if(ret) - goto out; -#endif /* compare server */ ret = _krb5_principalname2krb5_principal (context, - &srv_principal, + &tmp_principal, rep->kdc_rep.ticket.sname, rep->kdc_rep.ticket.realm); if (ret) goto out; + if(flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH){ + krb5_free_principal(context, creds->server); + creds->server = tmp_principal; + tmp_principal = NULL; + } else { + tmp = krb5_principal_compare (context, tmp_principal, + creds->server); + krb5_free_principal (context, tmp_principal); + if (!tmp) { + ret = KRB5KRB_AP_ERR_MODIFIED; + krb5_clear_error_string (context); + goto out; + } + } + + /* decrypt */ - ret = _krb5_principalname2krb5_principal (context, - &tmp_principal, - rep->enc_part.sname, - rep->enc_part.srealm); + if (decrypt_proc == NULL) + decrypt_proc = decrypt_tkt; + + ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep); if (ret) goto out; - /* - * see if the service principal matches in the ticket - * and in the enc_part - */ - tmp = krb5_principal_compare (context, tmp_principal, srv_principal); - krb5_free_principal (context, tmp_principal); - if (!tmp) { - ret = KRB5KRB_AP_ERR_MODIFIED; - krb5_clear_error_string (context); - goto out; - } + /* verify names */ + if(flags & EXTRACT_TICKET_MATCH_REALM){ + const char *srealm = krb5_principal_get_realm(context, creds->server); + const char *crealm = krb5_principal_get_realm(context, creds->client); - if(allow_server_mismatch){ - krb5_free_principal(context, creds->server); - creds->server = srv_principal; - srv_principal = NULL; - }else{ - tmp = krb5_principal_compare (context, srv_principal, creds->server); - if (!tmp) { + if (strcmp(rep->enc_part.srealm, srealm) != 0 || + strcmp(rep->enc_part.srealm, crealm) != 0) + { ret = KRB5KRB_AP_ERR_MODIFIED; - krb5_clear_error_string (context); + krb5_clear_error_string(context); goto out; } } @@ -329,8 +317,6 @@ ignore_cname = 1; out: memset (rep->enc_part.key.keyvalue.data, 0, rep->enc_part.key.keyvalue.length); - if (srv_principal) - krb5_free_principal (context, srv_principal); return ret; } @@ -792,18 +778,23 @@ krb5_get_in_cred(krb5_context context, if (ret) goto out; - ret = _krb5_extract_ticket(context, - &rep, - creds, - key, - keyseed, - KRB5_KU_AS_REP_ENC_PART, - NULL, - nonce, - FALSE, - opts.request_anonymous, - decrypt_proc, - decryptarg); + { + unsigned flags = 0; + if (opts.request_anonymous) + flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; + + ret = _krb5_extract_ticket(context, + &rep, + creds, + key, + keyseed, + KRB5_KU_AS_REP_ENC_PART, + NULL, + nonce, + flags, + decrypt_proc, + decryptarg); + } memset (key->keyvalue.data, 0, key->keyvalue.length); krb5_free_keyblock_contents (context, key); free (key); diff --git a/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c b/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c index 69da6c5ea7..52f95c4bc4 100644 --- a/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c +++ b/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt_with_keytab.c,v 1.9 2005/06/17 04:56:44 lha Exp $"); +RCSID("$Id: get_in_tkt_with_keytab.c 15477 2005-06-17 04:56:44Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_keytab_key_proc (krb5_context context, diff --git a/source4/heimdal/lib/krb5/get_port.c b/source4/heimdal/lib/krb5/get_port.c index ba76466e06..85587ea766 100644 --- a/source4/heimdal/lib/krb5/get_port.c +++ b/source4/heimdal/lib/krb5/get_port.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_port.c,v 1.9 2004/05/25 21:29:59 lha Exp $"); +RCSID("$Id: get_port.c 13863 2004-05-25 21:46:46Z lha $"); int KRB5_LIB_FUNCTION krb5_getportbyname (krb5_context context, diff --git a/source4/heimdal/lib/krb5/heim_err.et b/source4/heimdal/lib/krb5/heim_err.et index 3c4f06edb1..1b8ab49bc1 100644 --- a/source4/heimdal/lib/krb5/heim_err.et +++ b/source4/heimdal/lib/krb5/heim_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: heim_err.et,v 1.13 2004/02/13 16:23:40 lha Exp $" +id "$Id: heim_err.et 13352 2004-02-13 16:23:40Z lha $" error_table heim diff --git a/source4/heimdal/lib/krb5/heim_threads.h b/source4/heimdal/lib/krb5/heim_threads.h index 3ebe66beee..3c27d13d81 100755 --- a/source4/heimdal/lib/krb5/heim_threads.h +++ b/source4/heimdal/lib/krb5/heim_threads.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: heim_threads.h,v 1.11 2004/12/18 16:03:38 lha Exp $ */ +/* $Id: heim_threads.h 14409 2004-12-18 16:03:38Z lha $ */ /* * Provide wrapper macros for thread synchronization primitives so we diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c index a331524a7e..5bdf23d97f 100644 --- a/source4/heimdal/lib/krb5/init_creds.c +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds.c,v 1.30 2006/11/23 16:27:36 lha Exp $"); +RCSID("$Id: init_creds.c 20541 2007-04-23 12:19:14Z lha $"); void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) @@ -386,7 +386,7 @@ krb5_get_init_creds_opt_get_error(krb5_context context, return ENOMEM; } - ret = copy_KRB_ERROR(*error, opt->opt_private->error); + ret = copy_KRB_ERROR(opt->opt_private->error, *error); if (ret) krb5_clear_error_string(context); @@ -408,3 +408,36 @@ krb5_get_init_creds_opt_set_addressless(krb5_context context, opt->opt_private->addressless = KRB5_INIT_CREDS_TRISTATE_FALSE; return 0; } + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_canonicalize(krb5_context context, + krb5_get_init_creds_opt *opt, + krb5_boolean req) +{ + krb5_error_code ret; + ret = require_ext_opt(context, opt, "init_creds_opt_set_canonicalize"); + if (ret) + return ret; + if (req) + opt->opt_private->flags |= KRB5_INIT_CREDS_CANONICALIZE; + else + opt->opt_private->flags &= ~KRB5_INIT_CREDS_CANONICALIZE; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_win2k(krb5_context context, + krb5_get_init_creds_opt *opt, + krb5_boolean req) +{ + krb5_error_code ret; + ret = require_ext_opt(context, opt, "init_creds_opt_set_win2k"); + if (ret) + return ret; + if (req) + opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_CANON_CHECK; + else + opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_CANON_CHECK; + return 0; +} + diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index f6f6eac7d5..a58435a9ea 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c,v 1.105 2007/01/09 10:44:59 lha Exp $"); +RCSID("$Id: init_creds_pw.c 20262 2007-02-18 00:33:01Z lha $"); typedef struct krb5_get_init_creds_ctx { KDCOptions flags; @@ -55,6 +55,7 @@ typedef struct krb5_get_init_creds_ctx { krb5_get_init_creds_tristate req_pac; krb5_pk_init_ctx pk_init_ctx; + int ic_flags; } krb5_get_init_creds_ctx; static krb5_error_code @@ -285,12 +286,16 @@ get_init_creds_common(krb5_context context, ctx->key_proc = options->opt_private->key_proc; ctx->req_pac = options->opt_private->req_pac; ctx->pk_init_ctx = options->opt_private->pk_init_ctx; + ctx->ic_flags = options->opt_private->flags; } else ctx->req_pac = KRB5_INIT_CREDS_TRISTATE_UNSET; if (ctx->key_proc == NULL) ctx->key_proc = default_s2k_func; + if (ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) + ctx->flags.canonicalize = 1; + ctx->pre_auth_types = NULL; ctx->addrs = NULL; ctx->etypes = NULL; @@ -834,6 +839,8 @@ static PA_DATA * find_pa_data(const METHOD_DATA *md, int type) { int i; + if (md == NULL) + return NULL; for (i = 0; i < md->len; i++) if (md->val[i].padata_type == type) return &md->val[i]; @@ -1347,6 +1354,15 @@ init_cred_loop(krb5_context context, { krb5_keyblock *key = NULL; + unsigned flags = 0; + + if (ctx->flags.request_anonymous) + flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; + if (ctx->flags.canonicalize) { + flags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH; + flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; + flags |= EXTRACT_TICKET_MATCH_REALM; + } ret = process_pa_data_to_key(context, ctx, creds, &ctx->as_req, &rep, hi, &key); @@ -1361,12 +1377,65 @@ init_cred_loop(krb5_context context, KRB5_KU_AS_REP_ENC_PART, NULL, ctx->nonce, - FALSE, - ctx->flags.request_anonymous, + flags, NULL, NULL); krb5_free_keyblock(context, key); } + /* + * Verify referral data + */ + if ((ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) && + (ctx->ic_flags & KRB5_INIT_CREDS_NO_C_CANON_CHECK) == 0) + { + PA_ClientCanonicalized canon; + krb5_crypto crypto; + krb5_data data; + PA_DATA *pa; + size_t len; + + pa = find_pa_data(rep.kdc_rep.padata, KRB5_PADATA_CLIENT_CANONICALIZED); + if (pa == NULL) { + ret = EINVAL; + krb5_set_error_string(context, "Client canonicalizion not signed"); + goto out; + } + + ret = decode_PA_ClientCanonicalized(pa->padata_value.data, + pa->padata_value.length, + &canon, &len); + if (ret) { + krb5_set_error_string(context, "Failed to decode " + "PA_ClientCanonicalized"); + goto out; + } + + ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length, + &canon.names, &len, ret); + if (ret) + goto out; + if (data.length != len) + krb5_abortx(context, "internal asn.1 error"); + + ret = krb5_crypto_init(context, &creds->session, 0, &crypto); + if (ret) { + free(data.data); + free_PA_ClientCanonicalized(&canon); + goto out; + } + + ret = krb5_verify_checksum(context, crypto, KRB5_KU_CANONICALIZED_NAMES, + data.data, data.length, + &canon.canon_checksum); + krb5_crypto_destroy(context, crypto); + free(data.data); + free_PA_ClientCanonicalized(&canon); + if (ret) { + krb5_set_error_string(context, "Failed to verify " + "client canonicalized data"); + goto out; + } + } out: krb5_data_free(&ctx->req_buffer); free_METHOD_DATA(&md); diff --git a/source4/heimdal/lib/krb5/k524_err.et b/source4/heimdal/lib/krb5/k524_err.et index 2dc60f46ae..0ca25f74d4 100644 --- a/source4/heimdal/lib/krb5/k524_err.et +++ b/source4/heimdal/lib/krb5/k524_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: k524_err.et,v 1.1 2001/06/20 02:44:11 joda Exp $" +id "$Id: k524_err.et 10141 2001-06-20 02:45:58Z joda $" error_table k524 diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c index 8f2d9f7f86..c945a9ce13 100644 --- a/source4/heimdal/lib/krb5/kcm.c +++ b/source4/heimdal/lib/krb5/kcm.c @@ -43,7 +43,7 @@ #include "kcm.h" -RCSID("$Id: kcm.c,v 1.9 2006/05/05 09:28:48 lha Exp $"); +RCSID("$Id: kcm.c 17442 2006-05-05 09:31:15Z lha $"); typedef struct krb5_kcmcache { char *name; diff --git a/source4/heimdal/lib/krb5/keyblock.c b/source4/heimdal/lib/krb5/keyblock.c index 314d97978b..ff4f972e57 100644 --- a/source4/heimdal/lib/krb5/keyblock.c +++ b/source4/heimdal/lib/krb5/keyblock.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keyblock.c,v 1.17 2005/05/18 04:21:31 lha Exp $"); +RCSID("$Id: keyblock.c 15167 2005-05-18 04:21:57Z lha $"); void KRB5_LIB_FUNCTION krb5_keyblock_zero(krb5_keyblock *keyblock) diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c index 43fc21c1d1..f6c7858c12 100644 --- a/source4/heimdal/lib/krb5/keytab.c +++ b/source4/heimdal/lib/krb5/keytab.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab.c,v 1.63 2005/11/25 21:46:40 lha Exp $"); +RCSID("$Id: keytab.c 20211 2007-02-09 07:11:03Z lha $"); /* * Register a new keytab in `ops' @@ -364,11 +364,11 @@ krb5_kt_get_entry(krb5_context context, if (entry->vno) { return 0; } else { - char princ[256], kt_name[256], kvno_str[25]; + char princ[256], kvno_str[25], *kt_name; char *enctype_str = NULL; krb5_unparse_name_fixed (context, principal, princ, sizeof(princ)); - krb5_kt_get_name (context, id, kt_name, sizeof(kt_name)); + krb5_kt_get_full_name (context, id, &kt_name); krb5_enctype_to_string(context, enctype, &enctype_str); if (kvno) @@ -377,11 +377,12 @@ krb5_kt_get_entry(krb5_context context, kvno_str[0] = '\0'; krb5_set_error_string (context, - "failed to find %s%s in keytab %s (%s)", + "Failed to find %s%s in keytab %s (%s)", princ, kvno_str, - kt_name, + kt_name ? kt_name : "unknown keytab", enctype_str ? enctype_str : "unknown enctype"); + free(kt_name); free(enctype_str); return KRB5_KT_NOTFOUND; } diff --git a/source4/heimdal/lib/krb5/keytab_any.c b/source4/heimdal/lib/krb5/keytab_any.c index d5130aaad8..54272d4845 100644 --- a/source4/heimdal/lib/krb5/keytab_any.c +++ b/source4/heimdal/lib/krb5/keytab_any.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_any.c,v 1.8 2006/04/10 09:20:13 lha Exp $"); +RCSID("$Id: keytab_any.c 17035 2006-04-10 09:20:13Z lha $"); struct any_data { krb5_keytab kt; diff --git a/source4/heimdal/lib/krb5/keytab_file.c b/source4/heimdal/lib/krb5/keytab_file.c index 1b06387339..4ada3a463e 100644 --- a/source4/heimdal/lib/krb5/keytab_file.c +++ b/source4/heimdal/lib/krb5/keytab_file.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_file.c,v 1.23 2006/05/05 12:36:57 lha Exp $"); +RCSID("$Id: keytab_file.c 17457 2006-05-05 12:36:57Z lha $"); #define KRB5_KT_VNO_1 1 #define KRB5_KT_VNO_2 2 diff --git a/source4/heimdal/lib/krb5/keytab_keyfile.c b/source4/heimdal/lib/krb5/keytab_keyfile.c index d7f8a720e1..77455ba5f7 100644 --- a/source4/heimdal/lib/krb5/keytab_keyfile.c +++ b/source4/heimdal/lib/krb5/keytab_keyfile.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002, 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c,v 1.19 2006/04/24 15:06:57 lha Exp $"); +RCSID("$Id: keytab_keyfile.c 20695 2007-05-30 14:09:09Z lha $"); /* afs keyfile operations --------------------------------------- */ @@ -350,7 +350,7 @@ akf_add_entry(krb5_context context, for (i = 0; i < len; i++) { ret = krb5_ret_int32(sp, &kvno); if (ret) { - krb5_set_error_string (context, "Failed got get kvno "); + krb5_set_error_string (context, "Failed to get kvno "); goto out; } if(krb5_storage_seek(sp, 8, SEEK_CUR) < 0) { diff --git a/source4/heimdal/lib/krb5/keytab_krb4.c b/source4/heimdal/lib/krb5/keytab_krb4.c index 19e7f106bf..907836c144 100644 --- a/source4/heimdal/lib/krb5/keytab_krb4.c +++ b/source4/heimdal/lib/krb5/keytab_krb4.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_krb4.c,v 1.15 2006/04/10 17:10:53 lha Exp $"); +RCSID("$Id: keytab_krb4.c 17046 2006-04-10 17:10:53Z lha $"); struct krb4_kt_data { char *filename; diff --git a/source4/heimdal/lib/krb5/keytab_memory.c b/source4/heimdal/lib/krb5/keytab_memory.c index fa54ff43ce..0ad8720c3f 100644 --- a/source4/heimdal/lib/krb5/keytab_memory.c +++ b/source4/heimdal/lib/krb5/keytab_memory.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_memory.c,v 1.8 2005/12/05 18:39:46 lha Exp $"); +RCSID("$Id: keytab_memory.c 16352 2005-12-05 18:39:46Z lha $"); /* memory operations -------------------------------------------- */ diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index c3e5732753..be718f6714 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -4,14 +4,6 @@ #include -#ifndef KRB5_LIB_FUNCTION -#if defined(_WIN32) -#define KRB5_LIB_FUNCTION _stdcall -#else -#define KRB5_LIB_FUNCTION -#endif -#endif - void KRB5_LIB_FUNCTION _krb5_aes_cts_encrypt ( const unsigned char */*in*/, @@ -68,8 +60,7 @@ _krb5_extract_ticket ( krb5_key_usage /*key_usage*/, krb5_addresses */*addrs*/, unsigned /*nonce*/, - krb5_boolean /*allow_server_mismatch*/, - krb5_boolean /*ignore_cname*/, + unsigned /*flags*/, krb5_decrypt_proc /*decrypt_proc*/, krb5_const_pointer /*decryptarg*/); diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 9dfe487b0a..e852bffeb1 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -520,6 +520,19 @@ krb5_c_make_random_key ( krb5_enctype /*enctype*/, krb5_keyblock */*random_key*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_prf ( + krb5_context /*context*/, + const krb5_keyblock */*key*/, + const krb5_data */*input*/, + krb5_data */*output*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_prf_length ( + krb5_context /*context*/, + krb5_enctype /*type*/, + size_t */*length*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_c_set_checksum ( krb5_context /*context*/, @@ -1103,11 +1116,34 @@ krb5_crypto_init ( krb5_enctype /*etype*/, krb5_crypto */*crypto*/); +size_t +krb5_crypto_overhead ( + krb5_context /*context*/, + krb5_crypto /*crypto*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_prf ( + krb5_context /*context*/, + const krb5_crypto /*crypto*/, + const krb5_data */*input*/, + krb5_data */*output*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_prf_length ( + krb5_context /*context*/, + krb5_enctype /*type*/, + size_t */*length*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_data_alloc ( krb5_data */*p*/, int /*len*/); +int KRB5_LIB_FUNCTION +krb5_data_cmp ( + const krb5_data */*data1*/, + const krb5_data */*data2*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_data_copy ( krb5_data */*p*/, @@ -1247,12 +1283,6 @@ krb5_digest_alloc ( void krb5_digest_free (krb5_digest /*digest*/); -krb5_error_code -krb5_digest_get_a1_hash ( - krb5_context /*context*/, - krb5_digest /*digest*/, - krb5_data */*data*/); - krb5_error_code krb5_digest_get_client_binding ( krb5_context /*context*/, @@ -1270,11 +1300,6 @@ krb5_digest_get_opaque ( krb5_context /*context*/, krb5_digest /*digest*/); -const char * -krb5_digest_get_responseData ( - krb5_context /*context*/, - krb5_digest /*digest*/); - const char * krb5_digest_get_rsp ( krb5_context /*context*/, @@ -1285,6 +1310,12 @@ krb5_digest_get_server_nonce ( krb5_context /*context*/, krb5_digest /*digest*/); +krb5_error_code +krb5_digest_get_session_key ( + krb5_context /*context*/, + krb5_digest /*digest*/, + krb5_data */*data*/); + krb5_error_code krb5_digest_get_tickets ( krb5_context /*context*/, @@ -1298,6 +1329,11 @@ krb5_digest_init_request ( krb5_realm /*realm*/, krb5_ccache /*ccache*/); +krb5_boolean +krb5_digest_rep_get_status ( + krb5_context /*context*/, + krb5_digest /*digest*/); + krb5_error_code krb5_digest_request ( krb5_context /*context*/, @@ -1371,6 +1407,12 @@ krb5_digest_set_realm ( krb5_digest /*digest*/, const char */*realm*/); +int +krb5_digest_set_responseData ( + krb5_context /*context*/, + krb5_digest /*digest*/, + const char */*response*/); + krb5_error_code krb5_digest_set_server_cb ( krb5_context /*context*/, @@ -2057,6 +2099,12 @@ krb5_get_init_creds_opt_set_anonymous ( krb5_get_init_creds_opt */*opt*/, int /*anonymous*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_canonicalize ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + krb5_boolean /*req*/); + void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_set_default_flags ( krb5_context /*context*/, @@ -2128,6 +2176,12 @@ krb5_get_init_creds_opt_set_tkt_life ( krb5_get_init_creds_opt */*opt*/, krb5_deltat /*tkt_life*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_win2k ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + krb5_boolean /*req*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_get_init_creds_password ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/krb5-v4compat.h b/source4/heimdal/lib/krb5/krb5-v4compat.h index 3e14c5a38f..2ea534cfe3 100644 --- a/source4/heimdal/lib/krb5/krb5-v4compat.h +++ b/source4/heimdal/lib/krb5/krb5-v4compat.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5-v4compat.h,v 1.7 2006/05/05 09:29:07 lha Exp $ */ +/* $Id: krb5-v4compat.h 17442 2006-05-05 09:31:15Z lha $ */ #ifndef __KRB5_V4COMPAT_H__ #define __KRB5_V4COMPAT_H__ diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index 55a83fb533..eefda81ca9 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.259 2007/01/03 18:51:52 lha Exp $ */ +/* $Id: krb5.h 20245 2007-02-17 00:09:57Z lha $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -222,8 +222,10 @@ typedef enum krb5_key_usage { /* Encryption key usage used in the digest encryption field */ KRB5_KU_DIGEST_OPAQUE = -19, /* Checksum key usage used in the digest opaque field */ - KRB5_KU_KRB5SIGNEDPATH = -21 + KRB5_KU_KRB5SIGNEDPATH = -21, /* Checksum key usage on KRB5SignedPath */ + KRB5_KU_CANONICALIZED_NAMES = -23 + /* Checksum key usage on PA-CANONICALIZED */ } krb5_key_usage; typedef krb5_key_usage krb5_keyusage; @@ -744,7 +746,8 @@ typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, /* flags for krb5_parse_name_flags */ enum { KRB5_PRINCIPAL_PARSE_NO_REALM = 1, - KRB5_PRINCIPAL_PARSE_MUST_REALM = 2 + KRB5_PRINCIPAL_PARSE_MUST_REALM = 2, + KRB5_PRINCIPAL_PARSE_ENTERPRISE = 4 }; /* flags for krb5_unparse_name_flags */ diff --git a/source4/heimdal/lib/krb5/krb5_ccapi.h b/source4/heimdal/lib/krb5/krb5_ccapi.h index d59b589304..b53d77ef18 100644 --- a/source4/heimdal/lib/krb5/krb5_ccapi.h +++ b/source4/heimdal/lib/krb5/krb5_ccapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_ccapi.h,v 1.3 2006/05/05 09:29:59 lha Exp $ */ +/* $Id: krb5_ccapi.h 17442 2006-05-05 09:31:15Z lha $ */ #ifndef KRB5_CCAPI_H #define KRB5_CCAPI_H 1 diff --git a/source4/heimdal/lib/krb5/krb5_err.et b/source4/heimdal/lib/krb5/krb5_err.et index e7bada1808..785c258ee0 100644 --- a/source4/heimdal/lib/krb5/krb5_err.et +++ b/source4/heimdal/lib/krb5/krb5_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: krb5_err.et,v 1.14 2006/02/13 11:28:22 lha Exp $" +id "$Id: krb5_err.et 20760 2007-06-01 03:24:49Z lha $" error_table krb5 @@ -76,6 +76,10 @@ error_code KDC_NOT_TRUSTED, "KDC not trusted" error_code INVALID_SIG, "Invalid signature" error_code DH_KEY_PARAMETERS_NOT_ACCEPTED, "DH parameters not accepted" +index 68 +prefix KRB5_KDC_ERR +error_code WRONG_REALM, "Wrong realm" + index 69 prefix KRB5_AP_ERR error_code USER_TO_USER_REQUIRED, "User to user required" @@ -86,7 +90,8 @@ error_code CANT_VERIFY_CERTIFICATE, "Cannot verify certificate" error_code INVALID_CERTIFICATE, "Certificate invalid" error_code REVOKED_CERTIFICATE, "Certificate revoked" error_code REVOCATION_STATUS_UNKNOWN, "Revocation status unknown" -error_code CLIENT_NAME_MISMATCH, "Revocation status unknown" +error_code REVOCATION_STATUS_UNAVAILABLE, "Revocation status unavaible" +error_code CLIENT_NAME_MISMATCH, "Client name mismatch in certificate" error_code INCONSISTENT_KEY_PURPOSE, "Inconsistent key purpose" error_code DIGEST_IN_CERT_NOT_ACCEPTED, "Digest in certificate not accepted" error_code PA_CHECKSUM_MUST_BE_INCLUDED, "paChecksum must be included" @@ -103,7 +108,7 @@ error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not suppo index 128 prefix -error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.14 2006/02/13 11:28:22 lha Exp $" +error_code KRB5_ERR_RCSID, "$Id: krb5_err.et 20760 2007-06-01 03:24:49Z lha $" error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode" error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password" diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index 35d046c8d9..87169fc430 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h,v 1.97 2006/12/15 16:46:51 lha Exp $ */ +/* $Id: krb5_locl.h 20261 2007-02-18 00:32:22Z lha $ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ @@ -196,9 +196,11 @@ struct _krb5_get_init_creds_opt_private { krb5_get_init_creds_tristate req_pac; /* PKINIT */ krb5_pk_init_ctx pk_init_ctx; - int canonicalize; KRB_ERROR *error; krb5_get_init_creds_tristate addressless; + int flags; +#define KRB5_INIT_CREDS_CANONICALIZE 1 +#define KRB5_INIT_CREDS_NO_C_CANON_CHECK 2 }; typedef struct krb5_context_data { @@ -244,6 +246,10 @@ typedef struct krb5_context_data { #define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}" #define KRB5_DEFAULT_CCNAME_API "API:" +#define EXTRACT_TICKET_ALLOW_CNAME_MISMATCH 1 +#define EXTRACT_TICKET_ALLOW_SERVER_MISMATCH 2 +#define EXTRACT_TICKET_MATCH_REALM 4 + /* * Configurable options */ diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c index 3e281e5c63..51bf934bfd 100644 --- a/source4/heimdal/lib/krb5/krbhst.c +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -35,7 +35,7 @@ #include #include "locate_plugin.h" -RCSID("$Id: krbhst.c,v 1.61 2006/11/30 17:23:08 lha Exp $"); +RCSID("$Id: krbhst.c 19198 2006-11-30 17:23:08Z lha $"); static int string_to_proto(const char *string) diff --git a/source4/heimdal/lib/krb5/locate_plugin.h b/source4/heimdal/lib/krb5/locate_plugin.h index ec06d362cf..251712c894 100644 --- a/source4/heimdal/lib/krb5/locate_plugin.h +++ b/source4/heimdal/lib/krb5/locate_plugin.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: locate_plugin.h,v 1.1 2006/11/12 19:00:03 lha Exp $ */ +/* $Id: locate_plugin.h 18998 2006-11-12 19:00:03Z lha $ */ #ifndef HEIMDAL_KRB5_LOCATE_PLUGIN_H #define HEIMDAL_KRB5_LOCATE_PLUGIN_H 1 diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c index 9523ca848c..c04f50fd9a 100644 --- a/source4/heimdal/lib/krb5/log.c +++ b/source4/heimdal/lib/krb5/log.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: log.c,v 1.40 2006/11/21 08:08:46 lha Exp $"); +RCSID("$Id: log.c 19088 2006-11-21 08:08:46Z lha $"); struct facility { int min; diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c index 9588d936d5..ff9261a7db 100644 --- a/source4/heimdal/lib/krb5/mcache.c +++ b/source4/heimdal/lib/krb5/mcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mcache.c,v 1.20 2005/09/30 11:16:04 lha Exp $"); +RCSID("$Id: mcache.c 19834 2007-01-11 09:26:21Z lha $"); typedef struct krb5_mcache { char *name; @@ -54,8 +54,6 @@ static struct krb5_mcache *mcc_head; #define MISDEAD(X) ((X)->dead) -#define MCC_CURSOR(C) ((struct link*)(C)) - static const char* mcc_get_name(krb5_context context, krb5_ccache id) diff --git a/source4/heimdal/lib/krb5/misc.c b/source4/heimdal/lib/krb5/misc.c index f04f8d9996..0d410b57d2 100644 --- a/source4/heimdal/lib/krb5/misc.c +++ b/source4/heimdal/lib/krb5/misc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: misc.c,v 1.6 2006/06/06 14:57:47 lha Exp $"); +RCSID("$Id: misc.c 17616 2006-06-06 14:57:47Z lha $"); krb5_error_code KRB5_LIB_FUNCTION _krb5_s4u2self_to_checksumdata(krb5_context context, diff --git a/source4/heimdal/lib/krb5/mit_glue.c b/source4/heimdal/lib/krb5/mit_glue.c index c4d3ff5390..7440d54762 100755 --- a/source4/heimdal/lib/krb5/mit_glue.c +++ b/source4/heimdal/lib/krb5/mit_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: mit_glue.c,v 1.12 2006/11/17 22:17:46 lha Exp $"); +RCSID("$Id: mit_glue.c 20042 2007-01-23 20:37:43Z lha $"); /* * Glue for MIT API @@ -340,3 +340,30 @@ krb5_c_keylengths(krb5_context context, *ilen = (*ilen + 7) / 8; return krb5_enctype_keysize(context, enctype, keylen); } + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_prf_length(krb5_context context, + krb5_enctype type, + size_t *length) +{ + return krb5_crypto_prf_length(context, type, length); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_c_prf(krb5_context context, + const krb5_keyblock *key, + const krb5_data *input, + krb5_data *output) +{ + krb5_crypto crypto; + krb5_error_code ret; + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; + + ret = krb5_crypto_prf(context, crypto, input, output); + krb5_crypto_destroy(context, crypto); + + return ret; +} diff --git a/source4/heimdal/lib/krb5/mk_error.c b/source4/heimdal/lib/krb5/mk_error.c index 7a8b1ba06b..7046649934 100644 --- a/source4/heimdal/lib/krb5/mk_error.c +++ b/source4/heimdal/lib/krb5/mk_error.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mk_error.c,v 1.22 2005/06/16 21:16:40 lha Exp $"); +RCSID("$Id: mk_error.c 15457 2005-06-16 21:16:40Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_mk_error(krb5_context context, diff --git a/source4/heimdal/lib/krb5/mk_priv.c b/source4/heimdal/lib/krb5/mk_priv.c index b5a1aadfea..87e429af8c 100644 --- a/source4/heimdal/lib/krb5/mk_priv.c +++ b/source4/heimdal/lib/krb5/mk_priv.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_priv.c,v 1.35 2006/02/01 12:39:26 lha Exp $"); +RCSID("$Id: mk_priv.c 16680 2006-02-01 12:39:26Z lha $"); krb5_error_code KRB5_LIB_FUNCTION diff --git a/source4/heimdal/lib/krb5/mk_rep.c b/source4/heimdal/lib/krb5/mk_rep.c index 90823f9478..570a837201 100644 --- a/source4/heimdal/lib/krb5/mk_rep.c +++ b/source4/heimdal/lib/krb5/mk_rep.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_rep.c,v 1.26 2004/05/25 21:33:51 lha Exp $"); +RCSID("$Id: mk_rep.c 13863 2004-05-25 21:46:46Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_mk_rep(krb5_context context, diff --git a/source4/heimdal/lib/krb5/mk_req.c b/source4/heimdal/lib/krb5/mk_req.c index adc077e13f..5f64f01e95 100644 --- a/source4/heimdal/lib/krb5/mk_req.c +++ b/source4/heimdal/lib/krb5/mk_req.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_req.c,v 1.26 2004/05/25 21:34:11 lha Exp $"); +RCSID("$Id: mk_req.c 13863 2004-05-25 21:46:46Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_mk_req_exact(krb5_context context, diff --git a/source4/heimdal/lib/krb5/mk_req_ext.c b/source4/heimdal/lib/krb5/mk_req_ext.c index 8646c4ebea..b6d55c8815 100644 --- a/source4/heimdal/lib/krb5/mk_req_ext.c +++ b/source4/heimdal/lib/krb5/mk_req_ext.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_req_ext.c,v 1.33 2006/12/27 12:07:22 lha Exp $"); +RCSID("$Id: mk_req_ext.c 19511 2006-12-27 12:07:22Z lha $"); krb5_error_code _krb5_mk_req_internal(krb5_context context, diff --git a/source4/heimdal/lib/krb5/n-fold.c b/source4/heimdal/lib/krb5/n-fold.c index 691e95eb86..1474a76b77 100644 --- a/source4/heimdal/lib/krb5/n-fold.c +++ b/source4/heimdal/lib/krb5/n-fold.c @@ -32,7 +32,7 @@ #include "krb5_locl.h" -RCSID("$Id: n-fold.c,v 1.7 2004/05/25 21:35:31 lha Exp $"); +RCSID("$Id: n-fold.c 13863 2004-05-25 21:46:46Z lha $"); static void rr13(unsigned char *buf, size_t len) diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c index 283759c98b..55d4f5ff56 100644 --- a/source4/heimdal/lib/krb5/pac.c +++ b/source4/heimdal/lib/krb5/pac.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pac.c,v 1.13 2007/01/09 11:22:56 lha Exp $"); +RCSID("$Id: pac.c 20845 2007-06-03 14:31:16Z lha $"); struct PAC_INFO_BUFFER { uint32_t type; @@ -56,14 +56,15 @@ struct krb5_pac { struct PAC_INFO_BUFFER *logon_name; }; -#define PAC_ALIGNMENT 8 +#define PAC_ALIGNMENT 8 -#define PACTYPE_SIZE 8 -#define PAC_INFO_BUFFER_SIZE 16 +#define PACTYPE_SIZE 8 +#define PAC_INFO_BUFFER_SIZE 16 -#define PAC_SERVER_CHECKSUM 6 -#define PAC_PRIVSVR_CHECKSUM 7 -#define PAC_LOGON_NAME 10 +#define PAC_SERVER_CHECKSUM 6 +#define PAC_PRIVSVR_CHECKSUM 7 +#define PAC_LOGON_NAME 10 +#define PAC_CONSTRAINED_DELEGATION 11 #define CHECK(r,f,l) \ do { \ @@ -252,12 +253,10 @@ krb5_pac_add_buffer(krb5_context context, struct krb5_pac *p, { krb5_error_code ret; void *ptr; - size_t len, offset, header_end; + size_t len, offset, header_end, old_end; uint32_t i; - len = p->pac->numbuffers + 1; - if (len < p->pac->numbuffers) - return EINVAL; + len = p->pac->numbuffers; ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len)); @@ -272,11 +271,12 @@ krb5_pac_add_buffer(krb5_context context, struct krb5_pac *p, offset = p->data.length + PAC_INFO_BUFFER_SIZE; - p->pac->buffers[len - 1].type = type; - p->pac->buffers[len - 1].buffersize = data->length; - p->pac->buffers[len - 1].offset_lo = offset; - p->pac->buffers[len - 1].offset_hi = 0; + p->pac->buffers[len].type = type; + p->pac->buffers[len].buffersize = data->length; + p->pac->buffers[len].offset_lo = offset; + p->pac->buffers[len].offset_hi = 0; + old_end = p->data.length; len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE; if (len < p->data.length) { krb5_set_error_string(context, "integer overrun"); @@ -292,14 +292,17 @@ krb5_pac_add_buffer(krb5_context context, struct krb5_pac *p, return ret; } - /* make place for PAC INFO BUFFER header */ + /* + * make place for new PAC INFO BUFFER header + */ header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers); - memmove((unsigned char *)p->data.data + header_end, - (unsigned char *)p->data.data + header_end + PAC_INFO_BUFFER_SIZE, - PAC_INFO_BUFFER_SIZE); + memmove((unsigned char *)p->data.data + header_end + PAC_INFO_BUFFER_SIZE, + (unsigned char *)p->data.data + header_end , + old_end - header_end); + memset((unsigned char *)p->data.data + header_end, 0, PAC_INFO_BUFFER_SIZE); /* - * + * copy in new data part */ memcpy((unsigned char *)p->data.data + offset, @@ -444,12 +447,15 @@ verify_checksum(krb5_context context, ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, ptr, len, &cksum); + free(cksum.checksum.data); krb5_crypto_destroy(context, crypto); krb5_storage_free(sp); return ret; out: + if (cksum.checksum.data) + free(cksum.checksum.data); if (sp) krb5_storage_free(sp); if (crypto) @@ -890,7 +896,6 @@ _krb5_pac_sign(krb5_context context, goto out; /* Set lengths for checksum */ - ret = pac_checksum(context, server_key, &server_cksumtype, &server_size); if (ret) goto out; diff --git a/source4/heimdal/lib/krb5/padata.c b/source4/heimdal/lib/krb5/padata.c index d5c3f422a7..b2b70f52e7 100644 --- a/source4/heimdal/lib/krb5/padata.c +++ b/source4/heimdal/lib/krb5/padata.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: padata.c,v 1.5 2005/06/17 04:28:35 lha Exp $"); +RCSID("$Id: padata.c 15469 2005-06-17 04:28:35Z lha $"); PA_DATA * krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx) diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 4f8ed8fe07..dd82842084 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c,v 1.120 2006/12/08 02:48:09 lha Exp $"); +RCSID("$Id: pkinit.c 21004 2007-06-08 01:53:10Z lha $"); struct krb5_dh_moduli { char *name; @@ -83,10 +83,11 @@ struct krb5_pk_init_ctx_data { struct krb5_dh_moduli **m; hx509_peer_info peer; int type; - int require_binding; - int require_eku; - int require_krbtgt_otherName; - int require_hostname_match; + unsigned int require_binding:1; + unsigned int require_eku:1; + unsigned int require_krbtgt_otherName:1; + unsigned int require_hostname_match:1; + unsigned int trustedCertifiers:1; }; static void @@ -170,6 +171,7 @@ _krb5_pk_create_sign(krb5_context context, } ret = hx509_cms_create_signed_1(id->hx509ctx, + 0, eContentType, eContent->data, eContent->length, @@ -438,7 +440,6 @@ build_auth_pack(krb5_context context, return ret; } - return ret; } @@ -587,18 +588,21 @@ pk_mk_padata(krb5_context context, memset(&req, 0, sizeof(req)); req.signedAuthPack = buf; - req.trustedCertifiers = calloc(1, sizeof(*req.trustedCertifiers)); - if (req.trustedCertifiers == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - free_PA_PK_AS_REQ(&req); - goto out; - } - ret = build_edi(context, ctx->id->hx509ctx, - ctx->id->anchors, req.trustedCertifiers); - if (ret) { - krb5_set_error_string(context, "pk-init: failed to build trustedCertifiers"); - free_PA_PK_AS_REQ(&req); - goto out; + if (ctx->trustedCertifiers) { + + req.trustedCertifiers = calloc(1, sizeof(*req.trustedCertifiers)); + if (req.trustedCertifiers == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + free_PA_PK_AS_REQ(&req); + goto out; + } + ret = build_edi(context, ctx->id->hx509ctx, + ctx->id->anchors, req.trustedCertifiers); + if (ret) { + krb5_set_error_string(context, "pk-init: failed to build trustedCertifiers"); + free_PA_PK_AS_REQ(&req); + goto out; + } } req.kdcPkId = NULL; @@ -684,6 +688,14 @@ _krb5_pk_mk_padata(krb5_context context, "pkinit_require_hostname_match", NULL); + ctx->trustedCertifiers = + krb5_config_get_bool_default(context, NULL, + TRUE, + "realms", + req_body->realm, + "pkinit_trustedCertifiers", + NULL); + return pk_mk_padata(context, ctx, req_body, nonce, md); } @@ -705,6 +717,7 @@ _krb5_pk_verify_sign(krb5_context context, id->verify_ctx, data, length, + NULL, id->certpool, contentType, content, @@ -1120,8 +1133,11 @@ pk_rd_pa_reply_dh(krb5_context context, &kdc_dh_info, &size); - if (ret) + if (ret) { + krb5_set_error_string(context, "pkinit - " + "failed to decode KDC DH Key Info"); goto out; + } if (kdc_dh_info.nonce != nonce) { krb5_set_error_string(context, "PKINIT: DH nonce is wrong"); @@ -1226,6 +1242,7 @@ pk_rd_pa_reply_dh(krb5_context context, _krb5_pk_cert_free(host); if (content.data) krb5_data_free(&content); + der_free_oid(&contentType); free_KDCDHKeyInfo(&kdc_dh_info); return ret; @@ -1262,8 +1279,10 @@ _krb5_pk_rd_pa_reply(krb5_context context, pa->padata_value.length, &rep, &size); - if (ret) + if (ret) { + krb5_set_error_string(context, "Failed to decode pkinit AS rep"); return ret; + } switch (rep.element) { case choice_PA_PK_AS_REP_dhInfo: @@ -1861,6 +1880,7 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) free(ctx->id); ctx->id = NULL; } + free(opt->opt_private->pk_init_ctx); opt->opt_private->pk_init_ctx = NULL; #endif } diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c index ce7171dbf0..f19464bf3c 100644 --- a/source4/heimdal/lib/krb5/plugin.c +++ b/source4/heimdal/lib/krb5/plugin.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: plugin.c,v 1.4 2007/01/09 17:46:01 lha Exp $"); +RCSID("$Id: plugin.c 19789 2007-01-09 17:46:01Z lha $"); #ifdef HAVE_DLFCN_H #include #endif diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index 57fcf63dcf..ef3f5412db 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -41,7 +41,7 @@ #include #include "resolve.h" -RCSID("$Id: principal.c,v 1.100 2006/12/17 22:53:39 lha Exp $"); +RCSID("$Id: principal.c 20223 2007-02-15 04:17:04Z lha $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) @@ -110,6 +110,8 @@ krb5_parse_name_flags(krb5_context context, int n; char c; int got_realm = 0; + int first_at = 1; + int enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE); *principal = NULL; @@ -122,18 +124,24 @@ krb5_parse_name_flags(krb5_context context, } #undef RFLAGS - /* count number of component */ + /* count number of component, + * enterprise names only have one component + */ ncomp = 1; - for(p = name; *p; p++){ - if(*p=='\\'){ - if(!p[1]) { - krb5_set_error_string (context, - "trailing \\ in principal name"); - return KRB5_PARSE_MALFORMED; - } - p++; - } else if(*p == '/') - ncomp++; + if (!enterprise) { + for(p = name; *p; p++){ + if(*p=='\\'){ + if(!p[1]) { + krb5_set_error_string (context, + "trailing \\ in principal name"); + return KRB5_PARSE_MALFORMED; + } + p++; + } else if(*p == '/') + ncomp++; + else if(*p == '@') + break; + } } comp = calloc(ncomp, sizeof(*comp)); if (comp == NULL) { @@ -166,7 +174,10 @@ krb5_parse_name_flags(krb5_context context, ret = KRB5_PARSE_MALFORMED; goto exit; } - }else if(c == '/' || c == '@'){ + }else if(enterprise && first_at) { + if (c == '@') + first_at = 0; + }else if((c == '/' && !enterprise) || c == '@'){ if(got_realm){ krb5_set_error_string (context, "part after realm in principal name"); @@ -241,7 +252,10 @@ krb5_parse_name_flags(krb5_context context, ret = ENOMEM; goto exit; } - (*principal)->name.name_type = KRB5_NT_PRINCIPAL; + if (enterprise) + (*principal)->name.name_type = KRB5_NT_ENTERPRISE_PRINCIPAL; + else + (*principal)->name.name_type = KRB5_NT_PRINCIPAL; (*principal)->name.name_string.val = comp; princ_num_comp(*principal) = n; (*principal)->realm = realm; diff --git a/source4/heimdal/lib/krb5/prompter_posix.c b/source4/heimdal/lib/krb5/prompter_posix.c index 3ea512c9a7..e0f407fb24 100644 --- a/source4/heimdal/lib/krb5/prompter_posix.c +++ b/source4/heimdal/lib/krb5/prompter_posix.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: prompter_posix.c,v 1.10 2004/05/25 21:38:14 lha Exp $"); +RCSID("$Id: prompter_posix.c 13863 2004-05-25 21:46:46Z lha $"); int KRB5_LIB_FUNCTION krb5_prompter_posix (krb5_context context, diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c index 46a36c9aac..c3f732201f 100644 --- a/source4/heimdal/lib/krb5/rd_cred.c +++ b/source4/heimdal/lib/krb5/rd_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_cred.c,v 1.29 2006/10/06 17:04:47 lha Exp $"); +RCSID("$Id: rd_cred.c 20304 2007-04-11 11:15:05Z lha $"); static krb5_error_code compare_addrs(krb5_context context, @@ -79,8 +79,10 @@ krb5_rd_cred(krb5_context context, ret = decode_KRB_CRED(in_data->data, in_data->length, &cred, &len); - if(ret) + if(ret) { + krb5_clear_error_string(context); return ret; + } if (cred.pvno != 5) { ret = KRB5KRB_AP_ERR_BADVERSION; @@ -151,6 +153,8 @@ krb5_rd_cred(krb5_context context, enc_krb_cred_part_data.length, &enc_krb_cred_part, &len); + if (enc_krb_cred_part_data.data != cred.enc_part.cipher.data) + krb5_data_free(&enc_krb_cred_part_data); if (ret) goto out; diff --git a/source4/heimdal/lib/krb5/rd_error.c b/source4/heimdal/lib/krb5/rd_error.c index 93e70c48bd..89615ee8ac 100644 --- a/source4/heimdal/lib/krb5/rd_error.c +++ b/source4/heimdal/lib/krb5/rd_error.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: rd_error.c,v 1.8 2005/05/18 04:21:57 lha Exp $"); +RCSID("$Id: rd_error.c 20304 2007-04-11 11:15:05Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_error(krb5_context context, @@ -45,8 +45,10 @@ krb5_rd_error(krb5_context context, krb5_error_code ret; ret = decode_KRB_ERROR(msg->data, msg->length, result, &len); - if(ret) + if(ret) { + krb5_clear_error_string(context); return ret; + } result->error_code += KRB5KDC_ERR_NONE; return 0; } diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c index c52ac175fd..d3920dd941 100644 --- a/source4/heimdal/lib/krb5/rd_priv.c +++ b/source4/heimdal/lib/krb5/rd_priv.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_priv.c,v 1.33 2006/04/12 16:18:10 lha Exp $"); +RCSID("$Id: rd_priv.c 17056 2006-04-12 16:18:10Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_priv(krb5_context context, diff --git a/source4/heimdal/lib/krb5/rd_rep.c b/source4/heimdal/lib/krb5/rd_rep.c index 6b7f27c3cf..8c9b7bb441 100644 --- a/source4/heimdal/lib/krb5/rd_rep.c +++ b/source4/heimdal/lib/krb5/rd_rep.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_rep.c,v 1.26 2006/08/21 09:19:22 lha Exp $"); +RCSID("$Id: rd_rep.c 17890 2006-08-21 09:19:22Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_rep(krb5_context context, diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index b7dea2a327..001b47f094 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001, 2003 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_req.c,v 1.70 2007/01/04 11:27:20 lha Exp $"); +RCSID("$Id: rd_req.c 21004 2007-06-08 01:53:10Z lha $"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -208,6 +208,8 @@ find_etypelist(krb5_context context, adIfRelevant.val[0].ad_data.length, etypes, NULL); + if (ret) + krb5_clear_error_string(context); free_AD_IF_RELEVANT(&adIfRelevant); diff --git a/source4/heimdal/lib/krb5/replay.c b/source4/heimdal/lib/krb5/replay.c index b89f150159..12894d96a9 100644 --- a/source4/heimdal/lib/krb5/replay.c +++ b/source4/heimdal/lib/krb5/replay.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: replay.c,v 1.12 2006/04/10 17:13:49 lha Exp $"); +RCSID("$Id: replay.c 17047 2006-04-10 17:13:49Z lha $"); struct krb5_rcache_data { char *name; diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c index 11c07c9e8f..6c70244327 100644 --- a/source4/heimdal/lib/krb5/send_to_kdc.c +++ b/source4/heimdal/lib/krb5/send_to_kdc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: send_to_kdc.c,v 1.60 2006/10/20 18:42:01 lha Exp $"); +RCSID("$Id: send_to_kdc.c 19973 2007-01-17 17:19:52Z lha $"); struct send_to_kdc { krb5_send_to_kdc_func func; @@ -331,6 +331,8 @@ krb5_sendto (krb5_context context, int fd; int i; + krb5_data_zero(receive); + for (i = 0; i < context->max_retries; ++i) { krb5_krbhst_info *hi; diff --git a/source4/heimdal/lib/krb5/set_default_realm.c b/source4/heimdal/lib/krb5/set_default_realm.c index 965883309c..98040bc2e9 100644 --- a/source4/heimdal/lib/krb5/set_default_realm.c +++ b/source4/heimdal/lib/krb5/set_default_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: set_default_realm.c,v 1.14 2004/05/25 21:42:26 lha Exp $"); +RCSID("$Id: set_default_realm.c 13863 2004-05-25 21:46:46Z lha $"); /* * Convert the simple string `s' into a NULL-terminated and freshly allocated diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c index 5422c540b9..4abcf44a43 100644 --- a/source4/heimdal/lib/krb5/store.c +++ b/source4/heimdal/lib/krb5/store.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store.c,v 1.60 2006/12/17 22:49:37 lha Exp $"); +RCSID("$Id: store.c 20529 2007-04-22 14:28:19Z lha $"); #define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V)) #define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE) @@ -891,7 +891,7 @@ krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds) header |= SC_CLIENT_PRINCIPAL; if (creds->server) header |= SC_SERVER_PRINCIPAL; - if (creds->session.keyvalue.data) + if (creds->session.keytype != ETYPE_NULL) header |= SC_SESSION_KEY; if (creds->ticket.data) header |= SC_TICKET; @@ -916,7 +916,7 @@ krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds) return ret; } - if (creds->session.keyvalue.data) { + if (creds->session.keytype != ETYPE_NULL) { ret = krb5_store_keyblock(sp, creds->session); if(ret) return ret; diff --git a/source4/heimdal/lib/krb5/store_emem.c b/source4/heimdal/lib/krb5/store_emem.c index b9f93728de..07acdd1a00 100644 --- a/source4/heimdal/lib/krb5/store_emem.c +++ b/source4/heimdal/lib/krb5/store_emem.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_emem.c,v 1.14 2004/05/25 21:43:29 lha Exp $"); +RCSID("$Id: store_emem.c 13863 2004-05-25 21:46:46Z lha $"); typedef struct emem_storage{ unsigned char *base; diff --git a/source4/heimdal/lib/krb5/store_fd.c b/source4/heimdal/lib/krb5/store_fd.c index 835d3478e2..15f86fcac3 100644 --- a/source4/heimdal/lib/krb5/store_fd.c +++ b/source4/heimdal/lib/krb5/store_fd.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_fd.c,v 1.13 2006/06/30 21:23:19 lha Exp $"); +RCSID("$Id: store_fd.c 17779 2006-06-30 21:23:19Z lha $"); typedef struct fd_storage { int fd; diff --git a/source4/heimdal/lib/krb5/store_mem.c b/source4/heimdal/lib/krb5/store_mem.c index d2b6d18252..e6e62b5a62 100644 --- a/source4/heimdal/lib/krb5/store_mem.c +++ b/source4/heimdal/lib/krb5/store_mem.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_mem.c,v 1.13 2006/11/07 23:02:53 lha Exp $"); +RCSID("$Id: store_mem.c 20307 2007-04-11 11:16:28Z lha $"); typedef struct mem_storage{ unsigned char *base; @@ -121,7 +121,7 @@ krb5_storage_from_mem(void *buf, size_t len) krb5_storage * KRB5_LIB_FUNCTION krb5_storage_from_data(krb5_data *data) { - return krb5_storage_from_mem(data->data, data->length); + return krb5_storage_from_mem(data->data, data->length); } krb5_storage * KRB5_LIB_FUNCTION diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c index 81372c158e..7eb4d32fad 100644 --- a/source4/heimdal/lib/krb5/ticket.c +++ b/source4/heimdal/lib/krb5/ticket.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: ticket.c,v 1.18 2006/12/28 20:49:18 lha Exp $"); +RCSID("$Id: ticket.c 19544 2006-12-28 20:49:18Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_free_ticket(krb5_context context, diff --git a/source4/heimdal/lib/krb5/time.c b/source4/heimdal/lib/krb5/time.c index 4a120ab771..4cd992d48f 100644 --- a/source4/heimdal/lib/krb5/time.c +++ b/source4/heimdal/lib/krb5/time.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: time.c,v 1.13 2004/10/13 17:57:11 lha Exp $"); +RCSID("$Id: time.c 14308 2004-10-13 17:57:11Z lha $"); /* * Set the absolute time that the caller knows the kdc has so the diff --git a/source4/heimdal/lib/krb5/transited.c b/source4/heimdal/lib/krb5/transited.c index 7f18b30c88..7f5498f592 100644 --- a/source4/heimdal/lib/krb5/transited.c +++ b/source4/heimdal/lib/krb5/transited.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c,v 1.18 2006/04/10 10:26:35 lha Exp $"); +RCSID("$Id: transited.c 17043 2006-04-10 10:26:35Z lha $"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c index b1e12674dc..d42fbec3a5 100644 --- a/source4/heimdal/lib/krb5/v4_glue.c +++ b/source4/heimdal/lib/krb5/v4_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: v4_glue.c,v 1.5 2006/05/05 09:31:00 lha Exp $"); +RCSID("$Id: v4_glue.c 17442 2006-05-05 09:31:15Z lha $"); #include "krb5-v4compat.h" diff --git a/source4/heimdal/lib/krb5/version.c b/source4/heimdal/lib/krb5/version.c index 5f0fd6680b..f7ccff5bc8 100644 --- a/source4/heimdal/lib/krb5/version.c +++ b/source4/heimdal/lib/krb5/version.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: version.c,v 1.3 1999/12/02 17:05:13 joda Exp $"); +RCSID("$Id: version.c 7464 1999-12-02 17:05:13Z joda $"); /* this is just to get a version stamp in the library file */ diff --git a/source4/heimdal/lib/krb5/warn.c b/source4/heimdal/lib/krb5/warn.c index 4252865301..85f143b8b4 100644 --- a/source4/heimdal/lib/krb5/warn.c +++ b/source4/heimdal/lib/krb5/warn.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: warn.c,v 1.16 2006/11/21 08:06:40 lha Exp $"); +RCSID("$Id: warn.c 19086 2006-11-21 08:06:40Z lha $"); static krb5_error_code _warnerr(krb5_context context, int do_errtext, krb5_error_code code, int level, const char *fmt, va_list ap) diff --git a/source4/heimdal/lib/ntlm/heimntlm-protos.h b/source4/heimdal/lib/ntlm/heimntlm-protos.h index e9e0837003..2df32dfa50 100644 --- a/source4/heimdal/lib/ntlm/heimntlm-protos.h +++ b/source4/heimdal/lib/ntlm/heimntlm-protos.h @@ -83,7 +83,7 @@ void heim_ntlm_free_type1 (struct ntlm_type1 */*data*/); void -heim_ntlm_free_type2 (struct ntlm_type2 */*type2*/); +heim_ntlm_free_type2 (struct ntlm_type2 */*data*/); void heim_ntlm_free_type3 (struct ntlm_type3 */*data*/); diff --git a/source4/heimdal/lib/ntlm/heimntlm.h b/source4/heimdal/lib/ntlm/heimntlm.h index 1e38b2e400..1c1afe1eb1 100644 --- a/source4/heimdal/lib/ntlm/heimntlm.h +++ b/source4/heimdal/lib/ntlm/heimntlm.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: heimntlm.h,v 1.4 2006/12/20 07:28:37 lha Exp $ */ +/* $Id: heimntlm.h 19469 2006-12-20 07:28:37Z lha $ */ #ifndef HEIM_NTLM_H #define HEIM_NTLM_H diff --git a/source4/heimdal/lib/ntlm/ntlm.c b/source4/heimdal/lib/ntlm/ntlm.c index 430e80505e..af950cc3b5 100644 --- a/source4/heimdal/lib/ntlm/ntlm.c +++ b/source4/heimdal/lib/ntlm/ntlm.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: ntlm.c,v 1.8 2006/12/26 00:25:17 lha Exp $"); +RCSID("$Id: ntlm.c 20816 2007-06-03 04:36:31Z lha $"); #include #include @@ -308,8 +308,10 @@ heim_ntlm_decode_targetinfo(struct ntlm_buf *data, int ucs2, void heim_ntlm_free_type1(struct ntlm_type1 *data) { - free(data->domain); - free(data->hostname); + if (data->domain) + free(data->domain); + if (data->hostname) + free(data->hostname); memset(data, 0, sizeof(*data)); } @@ -432,9 +434,12 @@ out: */ void -heim_ntlm_free_type2(struct ntlm_type2 *type2) +heim_ntlm_free_type2(struct ntlm_type2 *data) { - memset(type2, 0, sizeof(*type2)); + if (data->targetname) + free(data->targetname); + _ntlm_free_buf(&data->targetinfo); + memset(data, 0, sizeof(*data)); } int @@ -558,10 +563,18 @@ out: void heim_ntlm_free_type3(struct ntlm_type3 *data) { + _ntlm_free_buf(&data->lm); + _ntlm_free_buf(&data->ntlm); + if (data->targetname) + free(data->targetname); + if (data->username) + free(data->username); + if (data->ws) + free(data->ws); + _ntlm_free_buf(&data->sessionkey); memset(data, 0, sizeof(*data)); } - /* * */ diff --git a/source4/heimdal/lib/roken/base64.c b/source4/heimdal/lib/roken/base64.c index 0d9d6119db..daf7fc5671 100644 --- a/source4/heimdal/lib/roken/base64.c +++ b/source4/heimdal/lib/roken/base64.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: base64.c,v 1.7 2005/06/23 10:47:57 lha Exp $"); +RCSID("$Id: base64.c 15506 2005-06-23 10:47:57Z lha $"); #endif #include #include diff --git a/source4/heimdal/lib/roken/base64.h b/source4/heimdal/lib/roken/base64.h index 95992f9c21..09aadffe7c 100644 --- a/source4/heimdal/lib/roken/base64.h +++ b/source4/heimdal/lib/roken/base64.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: base64.h,v 1.4 2005/06/30 07:13:33 lha Exp $ */ +/* $Id: base64.h 15535 2005-06-30 07:13:33Z lha $ */ #ifndef _BASE64_H_ #define _BASE64_H_ diff --git a/source4/heimdal/lib/roken/bswap.c b/source4/heimdal/lib/roken/bswap.c index dd7ea832af..1e7a7abc11 100644 --- a/source4/heimdal/lib/roken/bswap.c +++ b/source4/heimdal/lib/roken/bswap.c @@ -36,7 +36,7 @@ #endif #include -RCSID("$Id: bswap.c,v 1.4 2005/04/12 11:28:35 lha Exp $"); +RCSID("$Id: bswap.c 14773 2005-04-12 11:29:18Z lha $"); #ifndef HAVE_BSWAP32 diff --git a/source4/heimdal/lib/roken/closefrom.c b/source4/heimdal/lib/roken/closefrom.c index 6b02f1ebca..697566561c 100644 --- a/source4/heimdal/lib/roken/closefrom.c +++ b/source4/heimdal/lib/roken/closefrom.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: closefrom.c,v 1.2 2005/04/13 08:01:38 lha Exp $"); +RCSID("$Id: closefrom.c 21005 2007-06-08 01:54:35Z lha $"); #endif #ifdef HAVE_SYS_TYPES_H diff --git a/source4/heimdal/lib/roken/copyhostent.c b/source4/heimdal/lib/roken/copyhostent.c index 7d458dc1b9..73e20ed039 100644 --- a/source4/heimdal/lib/roken/copyhostent.c +++ b/source4/heimdal/lib/roken/copyhostent.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: copyhostent.c,v 1.3 2005/04/12 11:28:36 lha Exp $"); +RCSID("$Id: copyhostent.c 14773 2005-04-12 11:29:18Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/dumpdata.c b/source4/heimdal/lib/roken/dumpdata.c index 402b4b1cb9..c445bfa361 100644 --- a/source4/heimdal/lib/roken/dumpdata.c +++ b/source4/heimdal/lib/roken/dumpdata.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: dumpdata.c,v 1.1 2005/09/22 23:51:35 lha Exp $"); +RCSID("$Id: dumpdata.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/ecalloc.c b/source4/heimdal/lib/roken/ecalloc.c index ad22a4557e..c9e6b9c6af 100644 --- a/source4/heimdal/lib/roken/ecalloc.c +++ b/source4/heimdal/lib/roken/ecalloc.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: ecalloc.c,v 1.2 2005/04/12 11:28:36 lha Exp $"); +RCSID("$Id: ecalloc.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/emalloc.c b/source4/heimdal/lib/roken/emalloc.c index 91af6b5184..0807da6105 100644 --- a/source4/heimdal/lib/roken/emalloc.c +++ b/source4/heimdal/lib/roken/emalloc.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: emalloc.c,v 1.6 2005/04/12 11:28:37 lha Exp $"); +RCSID("$Id: emalloc.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/erealloc.c b/source4/heimdal/lib/roken/erealloc.c index 497b1e7ec2..cbcfb1b469 100644 --- a/source4/heimdal/lib/roken/erealloc.c +++ b/source4/heimdal/lib/roken/erealloc.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: erealloc.c,v 1.6 2005/04/12 11:28:37 lha Exp $"); +RCSID("$Id: erealloc.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/estrdup.c b/source4/heimdal/lib/roken/estrdup.c index 1a20cdd410..a53c1f7b9d 100644 --- a/source4/heimdal/lib/roken/estrdup.c +++ b/source4/heimdal/lib/roken/estrdup.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: estrdup.c,v 1.4 2005/04/12 11:28:39 lha Exp $"); +RCSID("$Id: estrdup.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/freeaddrinfo.c b/source4/heimdal/lib/roken/freeaddrinfo.c index cd2898036b..71b5abb38f 100644 --- a/source4/heimdal/lib/roken/freeaddrinfo.c +++ b/source4/heimdal/lib/roken/freeaddrinfo.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: freeaddrinfo.c,v 1.5 2005/04/12 11:28:41 lha Exp $"); +RCSID("$Id: freeaddrinfo.c 14773 2005-04-12 11:29:18Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/freehostent.c b/source4/heimdal/lib/roken/freehostent.c index 1ebb01361c..e773f07a22 100644 --- a/source4/heimdal/lib/roken/freehostent.c +++ b/source4/heimdal/lib/roken/freehostent.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: freehostent.c,v 1.3 2005/04/12 11:28:41 lha Exp $"); +RCSID("$Id: freehostent.c 14773 2005-04-12 11:29:18Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/gai_strerror.c b/source4/heimdal/lib/roken/gai_strerror.c index 102aa75ea1..1e563ae288 100644 --- a/source4/heimdal/lib/roken/gai_strerror.c +++ b/source4/heimdal/lib/roken/gai_strerror.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: gai_strerror.c,v 1.7 2005/08/05 09:31:35 lha Exp $"); +RCSID("$Id: gai_strerror.c 15837 2005-08-05 09:31:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/get_window_size.c b/source4/heimdal/lib/roken/get_window_size.c index 6743e15af9..fd4e81fd74 100644 --- a/source4/heimdal/lib/roken/get_window_size.c +++ b/source4/heimdal/lib/roken/get_window_size.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: get_window_size.c,v 1.10 2005/04/12 11:28:42 lha Exp $"); +RCSID("$Id: get_window_size.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/getaddrinfo.c b/source4/heimdal/lib/roken/getaddrinfo.c index 86af8b72cc..2c232e3a59 100644 --- a/source4/heimdal/lib/roken/getaddrinfo.c +++ b/source4/heimdal/lib/roken/getaddrinfo.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getaddrinfo.c,v 1.14 2005/06/16 17:49:29 lha Exp $"); +RCSID("$Id: getaddrinfo.c 15417 2005-06-16 17:49:29Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/getarg.c b/source4/heimdal/lib/roken/getarg.c index e4e0556adf..840febbf21 100644 --- a/source4/heimdal/lib/roken/getarg.c +++ b/source4/heimdal/lib/roken/getarg.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getarg.c,v 1.48 2005/04/12 11:28:43 lha Exp $"); +RCSID("$Id: getarg.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/getarg.h b/source4/heimdal/lib/roken/getarg.h index bffa04486f..62d1b6687c 100644 --- a/source4/heimdal/lib/roken/getarg.h +++ b/source4/heimdal/lib/roken/getarg.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: getarg.h,v 1.14 2005/04/13 05:52:27 lha Exp $ */ +/* $Id: getarg.h 14776 2005-04-13 05:52:27Z lha $ */ #ifndef __GETARG_H__ #define __GETARG_H__ diff --git a/source4/heimdal/lib/roken/getipnodebyaddr.c b/source4/heimdal/lib/roken/getipnodebyaddr.c index 3f447d6d06..7e370d5f58 100644 --- a/source4/heimdal/lib/roken/getipnodebyaddr.c +++ b/source4/heimdal/lib/roken/getipnodebyaddr.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getipnodebyaddr.c,v 1.3 2005/04/12 11:28:47 lha Exp $"); +RCSID("$Id: getipnodebyaddr.c 14773 2005-04-12 11:29:18Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/getipnodebyname.c b/source4/heimdal/lib/roken/getipnodebyname.c index b928efcc53..04f12509ab 100644 --- a/source4/heimdal/lib/roken/getipnodebyname.c +++ b/source4/heimdal/lib/roken/getipnodebyname.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getipnodebyname.c,v 1.4 2005/04/12 11:28:47 lha Exp $"); +RCSID("$Id: getipnodebyname.c 14773 2005-04-12 11:29:18Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/getnameinfo.c b/source4/heimdal/lib/roken/getnameinfo.c index 2cf81897f8..04c5e1cdc9 100644 --- a/source4/heimdal/lib/roken/getnameinfo.c +++ b/source4/heimdal/lib/roken/getnameinfo.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getnameinfo.c,v 1.6 2005/06/16 16:53:09 lha Exp $"); +RCSID("$Id: getnameinfo.c 15412 2005-06-16 16:53:09Z lha $"); #endif -#include "roken.h" +#include static int doit (int af, diff --git a/source4/heimdal/lib/roken/getprogname.c b/source4/heimdal/lib/roken/getprogname.c index 7eabe40093..19f161831c 100644 --- a/source4/heimdal/lib/roken/getprogname.c +++ b/source4/heimdal/lib/roken/getprogname.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getprogname.c,v 1.3 2005/04/12 11:28:48 lha Exp $"); +RCSID("$Id: getprogname.c 14773 2005-04-12 11:29:18Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/h_errno.c b/source4/heimdal/lib/roken/h_errno.c index c2d4452c32..11dcb08ac2 100644 --- a/source4/heimdal/lib/roken/h_errno.c +++ b/source4/heimdal/lib/roken/h_errno.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: h_errno.c,v 1.1 2001/08/08 03:47:23 assar Exp $"); +RCSID("$Id: h_errno.c 10442 2001-08-08 03:47:23Z assar $"); #endif #ifndef HAVE_H_ERRNO diff --git a/source4/heimdal/lib/roken/hex.c b/source4/heimdal/lib/roken/hex.c index e41b508fcb..994d89484e 100644 --- a/source4/heimdal/lib/roken/hex.c +++ b/source4/heimdal/lib/roken/hex.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: hex.c,v 1.8 2006/01/09 17:09:29 lha Exp $"); +RCSID("$Id: hex.c 16504 2006-01-09 17:09:29Z lha $"); #endif #include #include diff --git a/source4/heimdal/lib/roken/hex.h b/source4/heimdal/lib/roken/hex.h index cd47b21f9f..4c4b8508ed 100644 --- a/source4/heimdal/lib/roken/hex.h +++ b/source4/heimdal/lib/roken/hex.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hex.h,v 1.3 2005/04/12 11:28:50 lha Exp $ */ +/* $Id: hex.h 14773 2005-04-12 11:29:18Z lha $ */ #ifndef _rk_HEX_H_ #define _rk_HEX_H_ 1 diff --git a/source4/heimdal/lib/roken/hostent_find_fqdn.c b/source4/heimdal/lib/roken/hostent_find_fqdn.c index 1762b11226..4e583a1d20 100644 --- a/source4/heimdal/lib/roken/hostent_find_fqdn.c +++ b/source4/heimdal/lib/roken/hostent_find_fqdn.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: hostent_find_fqdn.c,v 1.3 2005/04/12 11:28:51 lha Exp $"); +RCSID("$Id: hostent_find_fqdn.c 14773 2005-04-12 11:29:18Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/inet_aton.c b/source4/heimdal/lib/roken/inet_aton.c index 0483a05256..176aed1f2b 100644 --- a/source4/heimdal/lib/roken/inet_aton.c +++ b/source4/heimdal/lib/roken/inet_aton.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: inet_aton.c,v 1.14 2005/04/12 11:28:52 lha Exp $"); +RCSID("$Id: inet_aton.c 14773 2005-04-12 11:29:18Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/inet_ntop.c b/source4/heimdal/lib/roken/inet_ntop.c index 35e96eb49b..430c0044c3 100644 --- a/source4/heimdal/lib/roken/inet_ntop.c +++ b/source4/heimdal/lib/roken/inet_ntop.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: inet_ntop.c,v 1.6 2005/04/12 11:28:52 lha Exp $"); +RCSID("$Id: inet_ntop.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/inet_pton.c b/source4/heimdal/lib/roken/inet_pton.c index 21606accb1..e0e5ca74b2 100644 --- a/source4/heimdal/lib/roken/inet_pton.c +++ b/source4/heimdal/lib/roken/inet_pton.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: inet_pton.c,v 1.4 2005/04/12 11:28:52 lha Exp $"); +RCSID("$Id: inet_pton.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/issuid.c b/source4/heimdal/lib/roken/issuid.c index e6b5248164..ea09d3a9ad 100644 --- a/source4/heimdal/lib/roken/issuid.c +++ b/source4/heimdal/lib/roken/issuid.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: issuid.c,v 1.6 2005/05/13 07:42:03 lha Exp $"); +RCSID("$Id: issuid.c 15131 2005-05-13 07:42:03Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/net_read.c b/source4/heimdal/lib/roken/net_read.c index f8d4dd1424..ef01f018d8 100644 --- a/source4/heimdal/lib/roken/net_read.c +++ b/source4/heimdal/lib/roken/net_read.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: net_read.c,v 1.4 2005/04/12 11:28:57 lha Exp $"); +RCSID("$Id: net_read.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/net_write.c b/source4/heimdal/lib/roken/net_write.c index 83d14f4af9..e379caa750 100644 --- a/source4/heimdal/lib/roken/net_write.c +++ b/source4/heimdal/lib/roken/net_write.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: net_write.c,v 1.5 2005/04/12 11:28:58 lha Exp $"); +RCSID("$Id: net_write.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/parse_bytes.h b/source4/heimdal/lib/roken/parse_bytes.h index 1537d16c33..1998f70736 100644 --- a/source4/heimdal/lib/roken/parse_bytes.h +++ b/source4/heimdal/lib/roken/parse_bytes.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse_bytes.h,v 1.4 2005/04/13 13:19:07 lha Exp $ */ +/* $Id: parse_bytes.h 14787 2005-04-13 13:19:07Z lha $ */ #ifndef __PARSE_BYTES_H__ #define __PARSE_BYTES_H__ diff --git a/source4/heimdal/lib/roken/parse_time.c b/source4/heimdal/lib/roken/parse_time.c index 551bee313f..1c39bde4e8 100644 --- a/source4/heimdal/lib/roken/parse_time.c +++ b/source4/heimdal/lib/roken/parse_time.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: parse_time.c,v 1.7 2005/04/12 11:28:58 lha Exp $"); +RCSID("$Id: parse_time.c 14773 2005-04-12 11:29:18Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/parse_time.h b/source4/heimdal/lib/roken/parse_time.h index 5c9de87675..4dc2da08bc 100644 --- a/source4/heimdal/lib/roken/parse_time.h +++ b/source4/heimdal/lib/roken/parse_time.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse_time.h,v 1.5 2005/04/12 11:28:59 lha Exp $ */ +/* $Id: parse_time.h 14773 2005-04-12 11:29:18Z lha $ */ #ifndef __PARSE_TIME_H__ #define __PARSE_TIME_H__ diff --git a/source4/heimdal/lib/roken/parse_units.c b/source4/heimdal/lib/roken/parse_units.c index 5b01937aee..8cc6850c1f 100644 --- a/source4/heimdal/lib/roken/parse_units.c +++ b/source4/heimdal/lib/roken/parse_units.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: parse_units.c,v 1.18 2005/04/12 11:28:59 lha Exp $"); +RCSID("$Id: parse_units.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/parse_units.h b/source4/heimdal/lib/roken/parse_units.h index 9d019266ac..a42154d486 100644 --- a/source4/heimdal/lib/roken/parse_units.h +++ b/source4/heimdal/lib/roken/parse_units.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse_units.h,v 1.9 2005/04/12 11:28:59 lha Exp $ */ +/* $Id: parse_units.h 14773 2005-04-12 11:29:18Z lha $ */ #ifndef __PARSE_UNITS_H__ #define __PARSE_UNITS_H__ diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c index 9b54fc50f0..a8778fda57 100644 --- a/source4/heimdal/lib/roken/resolve.c +++ b/source4/heimdal/lib/roken/resolve.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -45,7 +45,7 @@ #include -RCSID("$Id: resolve.c,v 1.55 2006/04/14 13:56:00 lha Exp $"); +RCSID("$Id: resolve.c 19869 2007-01-12 16:03:14Z lha $"); #ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */ #undef HAVE_RES_NSEARCH @@ -492,6 +492,14 @@ parse_reply(const unsigned char *data, size_t len) return r; } +#ifdef HAVE_RES_NSEARCH +#ifdef HAVE_RES_NDESTROY +#define rk_res_free(x) res_ndestroy(x) +#else +#define rk_res_free(x) res_nclose(x) +#endif +#endif + static struct dns_reply * dns_lookup_int(const char *domain, int rr_class, int rr_type) { @@ -530,7 +538,7 @@ dns_lookup_int(const char *domain, int rr_class, int rr_type) reply = malloc(size); if (reply == NULL) { #ifdef HAVE_RES_NSEARCH - res_nclose(&state); + rk_res_free(&state); #endif return NULL; } @@ -548,18 +556,14 @@ dns_lookup_int(const char *domain, int rr_class, int rr_type) } if (len < 0) { #ifdef HAVE_RES_NSEARCH -#ifdef HAVE_RES_NDESTROY - res_ndestroy(&state); -#else - res_nclose(&state); -#endif + rk_res_free(&state); #endif free(reply); return NULL; } } while (size < len && len < rk_DNS_MAX_PACKET_SIZE); #ifdef HAVE_RES_NSEARCH - res_nclose(&state); + rk_res_free(&state); #endif len = min(len, size); diff --git a/source4/heimdal/lib/roken/resolve.h b/source4/heimdal/lib/roken/resolve.h index 2106c11ebd..fe83115b1e 100644 --- a/source4/heimdal/lib/roken/resolve.h +++ b/source4/heimdal/lib/roken/resolve.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: resolve.h,v 1.24 2005/04/12 11:29:02 lha Exp $ */ +/* $Id: resolve.h 14773 2005-04-12 11:29:18Z lha $ */ #ifndef __RESOLVE_H__ #define __RESOLVE_H__ diff --git a/source4/heimdal/lib/roken/roken-common.h b/source4/heimdal/lib/roken/roken-common.h index 8368530ff7..b835e880a2 100644 --- a/source4/heimdal/lib/roken/roken-common.h +++ b/source4/heimdal/lib/roken/roken-common.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: roken-common.h,v 1.64 2005/09/28 03:05:58 lha Exp $ */ +/* $Id: roken-common.h 20867 2007-06-03 21:00:45Z lha $ */ #ifndef __ROKEN_COMMON_H__ #define __ROKEN_COMMON_H__ @@ -375,6 +375,9 @@ pid_file_delete (char **); int ROKEN_LIB_FUNCTION read_environment(const char *file, char ***env); +void ROKEN_LIB_FUNCTION +free_environment(char **); + void ROKEN_LIB_FUNCTION warnerr(int doerrno, const char *fmt, va_list ap) __attribute__ ((format (printf, 2, 0))); diff --git a/source4/heimdal/lib/roken/roken_gethostby.c b/source4/heimdal/lib/roken/roken_gethostby.c index 8f200dfe10..08eed5f8ed 100644 --- a/source4/heimdal/lib/roken/roken_gethostby.c +++ b/source4/heimdal/lib/roken/roken_gethostby.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: roken_gethostby.c,v 1.8 2006/04/02 00:09:28 lha Exp $"); +RCSID("$Id: roken_gethostby.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/rtbl.c b/source4/heimdal/lib/roken/rtbl.c new file mode 100644 index 0000000000..50ab50903f --- /dev/null +++ b/source4/heimdal/lib/roken/rtbl.c @@ -0,0 +1,489 @@ +/* + * Copyright (c) 2000, 2002, 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID ("$Id: rtbl.c 17758 2006-06-30 13:41:40Z lha $"); +#endif +#include +#include "rtbl.h" + +struct column_entry { + char *data; +}; + +struct column_data { + char *header; + char *prefix; + int width; + unsigned flags; + size_t num_rows; + struct column_entry *rows; + unsigned int column_id; + char *suffix; +}; + +struct rtbl_data { + char *column_prefix; + size_t num_columns; + struct column_data **columns; + unsigned int flags; + char *column_separator; +}; + +rtbl_t ROKEN_LIB_FUNCTION +rtbl_create (void) +{ + return calloc (1, sizeof (struct rtbl_data)); +} + +void ROKEN_LIB_FUNCTION +rtbl_set_flags (rtbl_t table, unsigned int flags) +{ + table->flags = flags; +} + +unsigned int ROKEN_LIB_FUNCTION +rtbl_get_flags (rtbl_t table) +{ + return table->flags; +} + +static struct column_data * +rtbl_get_column_by_id (rtbl_t table, unsigned int id) +{ + int i; + for(i = 0; i < table->num_columns; i++) + if(table->columns[i]->column_id == id) + return table->columns[i]; + return NULL; +} + +static struct column_data * +rtbl_get_column (rtbl_t table, const char *column) +{ + int i; + for(i = 0; i < table->num_columns; i++) + if(strcmp(table->columns[i]->header, column) == 0) + return table->columns[i]; + return NULL; +} + +void ROKEN_LIB_FUNCTION +rtbl_destroy (rtbl_t table) +{ + int i, j; + + for (i = 0; i < table->num_columns; i++) { + struct column_data *c = table->columns[i]; + + for (j = 0; j < c->num_rows; j++) + free (c->rows[j].data); + free (c->rows); + free (c->header); + free (c->prefix); + free (c->suffix); + free (c); + } + free (table->column_prefix); + free (table->column_separator); + free (table->columns); + free (table); +} + +int ROKEN_LIB_FUNCTION +rtbl_add_column_by_id (rtbl_t table, unsigned int id, + const char *header, unsigned int flags) +{ + struct column_data *col, **tmp; + + tmp = realloc (table->columns, (table->num_columns + 1) * sizeof (*tmp)); + if (tmp == NULL) + return ENOMEM; + table->columns = tmp; + col = malloc (sizeof (*col)); + if (col == NULL) + return ENOMEM; + col->header = strdup (header); + if (col->header == NULL) { + free (col); + return ENOMEM; + } + col->prefix = NULL; + col->width = 0; + col->flags = flags; + col->num_rows = 0; + col->rows = NULL; + col->column_id = id; + col->suffix = NULL; + table->columns[table->num_columns++] = col; + return 0; +} + +int ROKEN_LIB_FUNCTION +rtbl_add_column (rtbl_t table, const char *header, unsigned int flags) +{ + return rtbl_add_column_by_id(table, 0, header, flags); +} + +int ROKEN_LIB_FUNCTION +rtbl_new_row(rtbl_t table) +{ + size_t max_rows = 0; + size_t c; + for (c = 0; c < table->num_columns; c++) + if(table->columns[c]->num_rows > max_rows) + max_rows = table->columns[c]->num_rows; + for (c = 0; c < table->num_columns; c++) { + struct column_entry *tmp; + + if(table->columns[c]->num_rows == max_rows) + continue; + tmp = realloc(table->columns[c]->rows, + max_rows * sizeof(table->columns[c]->rows)); + if(tmp == NULL) + return ENOMEM; + table->columns[c]->rows = tmp; + while(table->columns[c]->num_rows < max_rows) { + if((tmp[table->columns[c]->num_rows++].data = strdup("")) == NULL) + return ENOMEM; + } + } + return 0; +} + +static void +column_compute_width (rtbl_t table, struct column_data *column) +{ + int i; + + if(table->flags & RTBL_HEADER_STYLE_NONE) + column->width = 0; + else + column->width = strlen (column->header); + for (i = 0; i < column->num_rows; i++) + column->width = max (column->width, strlen (column->rows[i].data)); +} + +/* DEPRECATED */ +int ROKEN_LIB_FUNCTION +rtbl_set_prefix (rtbl_t table, const char *prefix) +{ + if (table->column_prefix) + free (table->column_prefix); + table->column_prefix = strdup (prefix); + if (table->column_prefix == NULL) + return ENOMEM; + return 0; +} + +int ROKEN_LIB_FUNCTION +rtbl_set_separator (rtbl_t table, const char *separator) +{ + if (table->column_separator) + free (table->column_separator); + table->column_separator = strdup (separator); + if (table->column_separator == NULL) + return ENOMEM; + return 0; +} + +int ROKEN_LIB_FUNCTION +rtbl_set_column_prefix (rtbl_t table, const char *column, + const char *prefix) +{ + struct column_data *c = rtbl_get_column (table, column); + + if (c == NULL) + return -1; + if (c->prefix) + free (c->prefix); + c->prefix = strdup (prefix); + if (c->prefix == NULL) + return ENOMEM; + return 0; +} + +int ROKEN_LIB_FUNCTION +rtbl_set_column_affix_by_id(rtbl_t table, unsigned int id, + const char *prefix, const char *suffix) +{ + struct column_data *c = rtbl_get_column_by_id (table, id); + + if (c == NULL) + return -1; + if (c->prefix) + free (c->prefix); + if(prefix == NULL) + c->prefix = NULL; + else { + c->prefix = strdup (prefix); + if (c->prefix == NULL) + return ENOMEM; + } + + if (c->suffix) + free (c->suffix); + if(suffix == NULL) + c->suffix = NULL; + else { + c->suffix = strdup (suffix); + if (c->suffix == NULL) + return ENOMEM; + } + return 0; +} + + +static const char * +get_column_prefix (rtbl_t table, struct column_data *c) +{ + if (c == NULL) + return ""; + if (c->prefix) + return c->prefix; + if (table->column_prefix) + return table->column_prefix; + return ""; +} + +static const char * +get_column_suffix (rtbl_t table, struct column_data *c) +{ + if (c && c->suffix) + return c->suffix; + return ""; +} + +static int +add_column_entry (struct column_data *c, const char *data) +{ + struct column_entry row, *tmp; + + row.data = strdup (data); + if (row.data == NULL) + return ENOMEM; + tmp = realloc (c->rows, (c->num_rows + 1) * sizeof (*tmp)); + if (tmp == NULL) { + free (row.data); + return ENOMEM; + } + c->rows = tmp; + c->rows[c->num_rows++] = row; + return 0; +} + +int ROKEN_LIB_FUNCTION +rtbl_add_column_entry_by_id (rtbl_t table, unsigned int id, const char *data) +{ + struct column_data *c = rtbl_get_column_by_id (table, id); + + if (c == NULL) + return -1; + + return add_column_entry(c, data); +} + +int ROKEN_LIB_FUNCTION +rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id, + const char *fmt, ...) +{ + va_list ap; + char *str; + int ret; + + va_start(ap, fmt); + ret = vasprintf(&str, fmt, ap); + va_end(ap); + if (ret == -1) + return -1; + ret = rtbl_add_column_entry_by_id(table, id, str); + free(str); + return ret; +} + +int ROKEN_LIB_FUNCTION +rtbl_add_column_entry (rtbl_t table, const char *column, const char *data) +{ + struct column_data *c = rtbl_get_column (table, column); + + if (c == NULL) + return -1; + + return add_column_entry(c, data); +} + +int ROKEN_LIB_FUNCTION +rtbl_add_column_entryv (rtbl_t table, const char *column, const char *fmt, ...) +{ + va_list ap; + char *str; + int ret; + + va_start(ap, fmt); + ret = vasprintf(&str, fmt, ap); + va_end(ap); + if (ret == -1) + return -1; + ret = rtbl_add_column_entry(table, column, str); + free(str); + return ret; +} + + +int ROKEN_LIB_FUNCTION +rtbl_format (rtbl_t table, FILE * f) +{ + int i, j; + + for (i = 0; i < table->num_columns; i++) + column_compute_width (table, table->columns[i]); + if((table->flags & RTBL_HEADER_STYLE_NONE) == 0) { + for (i = 0; i < table->num_columns; i++) { + struct column_data *c = table->columns[i]; + + if(table->column_separator != NULL && i > 0) + fprintf (f, "%s", table->column_separator); + fprintf (f, "%s", get_column_prefix (table, c)); + if(i == table->num_columns - 1 && c->suffix == NULL) + /* last column, so no need to pad with spaces */ + fprintf (f, "%-*s", 0, c->header); + else + fprintf (f, "%-*s", (int)c->width, c->header); + fprintf (f, "%s", get_column_suffix (table, c)); + } + fprintf (f, "\n"); + } + + for (j = 0;; j++) { + int flag = 0; + + /* are there any more rows left? */ + for (i = 0; flag == 0 && i < table->num_columns; ++i) { + struct column_data *c = table->columns[i]; + + if (c->num_rows > j) { + ++flag; + break; + } + } + if (flag == 0) + break; + + for (i = 0; i < table->num_columns; i++) { + int w; + struct column_data *c = table->columns[i]; + + if(table->column_separator != NULL && i > 0) + fprintf (f, "%s", table->column_separator); + + w = c->width; + + if ((c->flags & RTBL_ALIGN_RIGHT) == 0) { + if(i == table->num_columns - 1 && c->suffix == NULL) + /* last column, so no need to pad with spaces */ + w = 0; + else + w = -w; + } + fprintf (f, "%s", get_column_prefix (table, c)); + if (c->num_rows <= j) + fprintf (f, "%*s", w, ""); + else + fprintf (f, "%*s", w, c->rows[j].data); + fprintf (f, "%s", get_column_suffix (table, c)); + } + fprintf (f, "\n"); + } + return 0; +} + +#ifdef TEST +int +main (int argc, char **argv) +{ + rtbl_t table; + + table = rtbl_create (); + rtbl_add_column_by_id (table, 0, "Issued", 0); + rtbl_add_column_by_id (table, 1, "Expires", 0); + rtbl_add_column_by_id (table, 2, "Foo", RTBL_ALIGN_RIGHT); + rtbl_add_column_by_id (table, 3, "Principal", 0); + + rtbl_add_column_entry_by_id (table, 0, "Jul 7 21:19:29"); + rtbl_add_column_entry_by_id (table, 1, "Jul 8 07:19:29"); + rtbl_add_column_entry_by_id (table, 2, "73"); + rtbl_add_column_entry_by_id (table, 2, "0"); + rtbl_add_column_entry_by_id (table, 2, "-2000"); + rtbl_add_column_entry_by_id (table, 3, "krbtgt/NADA.KTH.SE@NADA.KTH.SE"); + + rtbl_add_column_entry_by_id (table, 0, "Jul 7 21:19:29"); + rtbl_add_column_entry_by_id (table, 1, "Jul 8 07:19:29"); + rtbl_add_column_entry_by_id (table, 3, "afs/pdc.kth.se@NADA.KTH.SE"); + + rtbl_add_column_entry_by_id (table, 0, "Jul 7 21:19:29"); + rtbl_add_column_entry_by_id (table, 1, "Jul 8 07:19:29"); + rtbl_add_column_entry_by_id (table, 3, "afs@NADA.KTH.SE"); + + rtbl_set_separator (table, " "); + + rtbl_format (table, stdout); + + rtbl_destroy (table); + + printf("\n"); + + table = rtbl_create (); + rtbl_add_column_by_id (table, 0, "Column A", 0); + rtbl_set_column_affix_by_id (table, 0, "<", ">"); + rtbl_add_column_by_id (table, 1, "Column B", 0); + rtbl_set_column_affix_by_id (table, 1, "[", "]"); + rtbl_add_column_by_id (table, 2, "Column C", 0); + rtbl_set_column_affix_by_id (table, 2, "(", ")"); + + rtbl_add_column_entry_by_id (table, 0, "1"); + rtbl_new_row(table); + rtbl_add_column_entry_by_id (table, 1, "2"); + rtbl_new_row(table); + rtbl_add_column_entry_by_id (table, 2, "3"); + rtbl_new_row(table); + + rtbl_set_separator (table, " "); + rtbl_format (table, stdout); + + rtbl_destroy (table); + + return 0; +} + +#endif diff --git a/source4/heimdal/lib/roken/rtbl.h b/source4/heimdal/lib/roken/rtbl.h new file mode 100644 index 0000000000..9b168c7e73 --- /dev/null +++ b/source4/heimdal/lib/roken/rtbl.h @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2000,2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +/* $Id: rtbl.h 17760 2006-06-30 13:42:39Z lha $ */ + +#ifndef __rtbl_h__ +#define __rtbl_h__ + +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION _stdcall +#else +#define ROKEN_LIB_FUNCTION +#endif +#endif + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +struct rtbl_data; +typedef struct rtbl_data *rtbl_t; + +#define RTBL_ALIGN_LEFT 0 +#define RTBL_ALIGN_RIGHT 1 + +/* flags */ +#define RTBL_HEADER_STYLE_NONE 1 + +int ROKEN_LIB_FUNCTION +rtbl_add_column (rtbl_t, const char*, unsigned int); + +int ROKEN_LIB_FUNCTION +rtbl_add_column_by_id (rtbl_t, unsigned int, const char*, unsigned int); + +int ROKEN_LIB_FUNCTION +rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id, + const char *fmt, ...) + __attribute__ ((format (printf, 3, 0))); + +int ROKEN_LIB_FUNCTION +rtbl_add_column_entry (rtbl_t, const char*, const char*); + +int ROKEN_LIB_FUNCTION +rtbl_add_column_entryv (rtbl_t, const char*, const char*, ...) + __attribute__ ((format (printf, 3, 0))); + +int ROKEN_LIB_FUNCTION +rtbl_add_column_entry_by_id (rtbl_t, unsigned int, const char*); + +rtbl_t ROKEN_LIB_FUNCTION +rtbl_create (void); + +void ROKEN_LIB_FUNCTION +rtbl_destroy (rtbl_t); + +int ROKEN_LIB_FUNCTION +rtbl_format (rtbl_t, FILE*); + +unsigned int ROKEN_LIB_FUNCTION +rtbl_get_flags (rtbl_t); + +int ROKEN_LIB_FUNCTION +rtbl_new_row (rtbl_t); + +int ROKEN_LIB_FUNCTION +rtbl_set_column_affix_by_id (rtbl_t, unsigned int, const char*, const char*); + +int ROKEN_LIB_FUNCTION +rtbl_set_column_prefix (rtbl_t, const char*, const char*); + +void ROKEN_LIB_FUNCTION +rtbl_set_flags (rtbl_t, unsigned int); + +int ROKEN_LIB_FUNCTION +rtbl_set_prefix (rtbl_t, const char*); + +int ROKEN_LIB_FUNCTION +rtbl_set_separator (rtbl_t, const char*); + +#ifdef __cplusplus +} +#endif + +#endif /* __rtbl_h__ */ diff --git a/source4/heimdal/lib/roken/setprogname.c b/source4/heimdal/lib/roken/setprogname.c index c13e8d4ee1..3213c1c7a5 100644 --- a/source4/heimdal/lib/roken/setprogname.c +++ b/source4/heimdal/lib/roken/setprogname.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: setprogname.c,v 1.4 2005/08/23 10:19:20 lha Exp $"); +RCSID("$Id: setprogname.c 15955 2005-08-23 10:19:20Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/signal.c b/source4/heimdal/lib/roken/signal.c index 7076847fb3..d5ea6fb86a 100644 --- a/source4/heimdal/lib/roken/signal.c +++ b/source4/heimdal/lib/roken/signal.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: signal.c,v 1.13 2005/04/12 11:29:05 lha Exp $"); +RCSID("$Id: signal.c 14773 2005-04-12 11:29:18Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/simple_exec.c b/source4/heimdal/lib/roken/simple_exec.c index 048f2846dd..c4359f421e 100644 --- a/source4/heimdal/lib/roken/simple_exec.c +++ b/source4/heimdal/lib/roken/simple_exec.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: simple_exec.c,v 1.14 2005/04/13 11:39:00 lha Exp $"); +RCSID("$Id: simple_exec.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/socket.c b/source4/heimdal/lib/roken/socket.c index 5f77aacf43..91316dfbd8 100644 --- a/source4/heimdal/lib/roken/socket.c +++ b/source4/heimdal/lib/roken/socket.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: socket.c,v 1.11 2005/09/01 18:48:17 lha Exp $"); +RCSID("$Id: socket.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/strcollect.c b/source4/heimdal/lib/roken/strcollect.c index d6f3077348..c431e18f3d 100644 --- a/source4/heimdal/lib/roken/strcollect.c +++ b/source4/heimdal/lib/roken/strcollect.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strcollect.c,v 1.2 2005/04/12 11:29:07 lha Exp $"); +RCSID("$Id: strcollect.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/strlwr.c b/source4/heimdal/lib/roken/strlwr.c index c0ef46dc35..356c8d2e9a 100644 --- a/source4/heimdal/lib/roken/strlwr.c +++ b/source4/heimdal/lib/roken/strlwr.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strlwr.c,v 1.6 2005/04/12 11:29:09 lha Exp $"); +RCSID("$Id: strlwr.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include #include diff --git a/source4/heimdal/lib/roken/strpool.c b/source4/heimdal/lib/roken/strpool.c index cf9997af9d..d47580ff8d 100644 --- a/source4/heimdal/lib/roken/strpool.c +++ b/source4/heimdal/lib/roken/strpool.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strpool.c,v 1.2 2005/08/25 14:59:06 lha Exp $"); +RCSID("$Id: strpool.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/strsep.c b/source4/heimdal/lib/roken/strsep.c index f08c33b7a5..b1ad87de27 100644 --- a/source4/heimdal/lib/roken/strsep.c +++ b/source4/heimdal/lib/roken/strsep.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strsep.c,v 1.4 2005/04/12 11:29:10 lha Exp $"); +RCSID("$Id: strsep.c 14773 2005-04-12 11:29:18Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/strsep_copy.c b/source4/heimdal/lib/roken/strsep_copy.c index 34759fe15c..aeade2957f 100644 --- a/source4/heimdal/lib/roken/strsep_copy.c +++ b/source4/heimdal/lib/roken/strsep_copy.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strsep_copy.c,v 1.5 2005/04/12 11:29:11 lha Exp $"); +RCSID("$Id: strsep_copy.c 14773 2005-04-12 11:29:18Z lha $"); #endif #include diff --git a/source4/heimdal/lib/roken/strupr.c b/source4/heimdal/lib/roken/strupr.c index 4763a1a111..fadfacbb37 100644 --- a/source4/heimdal/lib/roken/strupr.c +++ b/source4/heimdal/lib/roken/strupr.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strupr.c,v 1.6 2005/04/12 11:29:11 lha Exp $"); +RCSID("$Id: strupr.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include #include diff --git a/source4/heimdal/lib/roken/vis.c b/source4/heimdal/lib/roken/vis.c index 3e54f6d58a..5dedb793cc 100644 --- a/source4/heimdal/lib/roken/vis.c +++ b/source4/heimdal/lib/roken/vis.c @@ -65,7 +65,7 @@ #if 1 #ifdef HAVE_CONFIG_H #include -RCSID("$Id: vis.c,v 1.13 2006/12/15 11:49:22 lha Exp $"); +RCSID("$Id: vis.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include #ifndef _DIAGASSERT diff --git a/source4/heimdal/lib/vers/print_version.c b/source4/heimdal/lib/vers/print_version.c index 5f5a2c4a4a..4337d591c4 100644 --- a/source4/heimdal/lib/vers/print_version.c +++ b/source4/heimdal/lib/vers/print_version.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: print_version.c,v 1.10 2006/12/29 16:00:16 lha Exp $"); +RCSID("$Id: print_version.c 19566 2006-12-29 16:00:16Z lha $"); #endif #include "roken.h" -- cgit From f5c2f26e8424ca31d39948ee9cac6808c31a3293 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 14 Jun 2007 13:02:55 +0000 Subject: r23493: regenerate lex.c files with flex 2.5.33 this makes sure we include config.h as first header hopefully fixes the build on SerNet-aix metze (This used to be commit 0149226ece306af4a65c27ce3fff2988232f4523) --- source4/heimdal/lib/asn1/lex.c | 33 ++++++--------------------------- source4/heimdal/lib/com_err/lex.c | 33 ++++++--------------------------- 2 files changed, 12 insertions(+), 54 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index d628e4696f..fe488eb904 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -1,5 +1,6 @@ +#include "config.h" -#line 3 "lex.c" +#line 3 "lex.yy.c" #define YY_INT_ALIGNED short int @@ -342,9 +343,6 @@ FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; typedef int yy_state_type; extern int yylineno; - -int yylineno = 1; - extern char *yytext; #define yytext_ptr yytext @@ -826,7 +824,7 @@ char *yytext; * SUCH DAMAGE. */ -/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */ +/* $Id: lex.l,v 1.31 2006/10/21 11:57:22 lha Exp $ */ #ifdef HAVE_CONFIG_H #include @@ -851,7 +849,7 @@ static unsigned lineno = 1; static void unterminated(const char *, unsigned); /* This is for broken old lexes (solaris 10 and hpux) */ -#line 855 "lex.c" +#line 852 "lex.yy.c" #define INITIAL 0 @@ -1006,7 +1004,7 @@ YY_DECL #line 68 "lex.l" -#line 1010 "lex.c" +#line 1007 "lex.yy.c" if ( !(yy_init) ) { @@ -1675,7 +1673,7 @@ YY_RULE_SETUP #line 274 "lex.l" ECHO; YY_BREAK -#line 1679 "lex.c" +#line 1676 "lex.yy.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -2485,15 +2483,6 @@ static void yy_fatal_error (yyconst char* msg ) /* Accessor methods (get/set functions) to struct members. */ -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} - /** Get the input stream. * */ @@ -2527,16 +2516,6 @@ char *yyget_text (void) return yytext; } -/** Set the current line number. - * @param line_number - * - */ -void yyset_lineno (int line_number ) -{ - - yylineno = line_number; -} - /** Set the input stream. This does not discard the current * input buffer. * @param in_str A readable stream. diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index c5af2ead5c..83f1f309a4 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -1,5 +1,6 @@ +#include "config.h" -#line 3 "lex.c" +#line 3 "lex.yy.c" #define YY_INT_ALIGNED short int @@ -342,9 +343,6 @@ FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; typedef int yy_state_type; extern int yylineno; - -int yylineno = 1; - extern char *yytext; #define yytext_ptr yytext @@ -523,7 +521,7 @@ char *yytext; #include "parse.h" #include "lex.h" -RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $"); +RCSID("$Id: lex.l,v 1.8 2005/05/16 08:52:54 lha Exp $"); static unsigned lineno = 1; static int getstring(void); @@ -532,7 +530,7 @@ static int getstring(void); #undef ECHO -#line 536 "lex.c" +#line 533 "lex.yy.c" #define INITIAL 0 @@ -687,7 +685,7 @@ YY_DECL #line 59 "lex.l" -#line 691 "lex.c" +#line 688 "lex.yy.c" if ( !(yy_init) ) { @@ -851,7 +849,7 @@ YY_RULE_SETUP #line 75 "lex.l" ECHO; YY_BREAK -#line 855 "lex.c" +#line 852 "lex.yy.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -1661,15 +1659,6 @@ static void yy_fatal_error (yyconst char* msg ) /* Accessor methods (get/set functions) to struct members. */ -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} - /** Get the input stream. * */ @@ -1703,16 +1692,6 @@ char *yyget_text (void) return yytext; } -/** Set the current line number. - * @param line_number - * - */ -void yyset_lineno (int line_number ) -{ - - yylineno = line_number; -} - /** Set the input stream. This does not discard the current * input buffer. * @param in_str A readable stream. -- cgit From ec0035c9b8e0690f3bc21f3de089c39eae660916 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 3 Jul 2007 08:00:08 +0000 Subject: r23678: Update to current lorikeet-heimdal (-r 767), which should fix the panics on hosts without /dev/random. Andrew Bartlett (This used to be commit 14a4ddb131993fec72316f7e8e371638749e6f1f) --- source4/heimdal/kdc/default_config.c | 19 +- source4/heimdal/kdc/digest.c | 140 ++++--- source4/heimdal/kdc/kdc-protos.h | 7 +- source4/heimdal/kdc/kdc.h | 8 +- source4/heimdal/kdc/krb5tgs.c | 32 +- source4/heimdal/kdc/misc.c | 11 +- source4/heimdal/kdc/pkinit.c | 16 +- source4/heimdal/lib/asn1/k5.asn1 | 3 +- source4/heimdal/lib/asn1/lex.c | 33 +- source4/heimdal/lib/asn1/pkinit.asn1 | 4 +- source4/heimdal/lib/com_err/lex.c | 33 +- source4/heimdal/lib/gssapi/krb5/acquire_cred.c | 4 +- source4/heimdal/lib/gssapi/krb5/display_name.c | 5 +- source4/heimdal/lib/gssapi/krb5/prf.c | 3 +- source4/heimdal/lib/gssapi/krb5/release_name.c | 5 +- source4/heimdal/lib/gssapi/mech/context.c | 6 +- .../lib/gssapi/mech/gss_accept_sec_context.c | 10 +- source4/heimdal/lib/gssapi/mech/gss_display_name.c | 7 +- .../heimdal/lib/gssapi/mech/gss_display_status.c | 8 +- .../heimdal/lib/gssapi/mech/gss_duplicate_name.c | 39 +- .../heimdal/lib/gssapi/mech/gss_inquire_context.c | 11 +- .../lib/gssapi/mech/gss_inquire_cred_by_mech.c | 14 +- source4/heimdal/lib/gssapi/mech/gss_krb5.c | 4 +- .../heimdal/lib/gssapi/mech/gss_set_cred_option.c | 6 +- .../heimdal/lib/gssapi/spnego/accept_sec_context.c | 135 +++---- source4/heimdal/lib/hcrypto/pkcs12.c | 7 +- source4/heimdal/lib/hcrypto/rand-egd.c | 4 +- source4/heimdal/lib/hcrypto/rand-fortuna.c | 38 +- source4/heimdal/lib/hcrypto/rand-timer.c | 206 ++++++++++ source4/heimdal/lib/hcrypto/rand.c | 8 +- source4/heimdal/lib/hcrypto/randi.h | 5 +- source4/heimdal/lib/hcrypto/rsa-imath.c | 3 +- source4/heimdal/lib/hdb/ext.c | 12 +- source4/heimdal/lib/hx509/cert.c | 186 +++++++-- source4/heimdal/lib/hx509/cms.c | 79 ++-- source4/heimdal/lib/hx509/crypto.c | 66 +++- source4/heimdal/lib/hx509/file.c | 240 ++++++++++++ source4/heimdal/lib/hx509/hx509-private.h | 42 ++- source4/heimdal/lib/hx509/hx509-protos.h | 57 ++- source4/heimdal/lib/hx509/hx509.h | 19 +- source4/heimdal/lib/hx509/hx_locl.h | 6 +- source4/heimdal/lib/hx509/keyset.c | 23 +- source4/heimdal/lib/hx509/ks_file.c | 418 +++++++-------------- source4/heimdal/lib/hx509/ks_keychain.c | 129 +++++-- source4/heimdal/lib/hx509/ks_p11.c | 15 +- source4/heimdal/lib/hx509/ks_p12.c | 16 +- source4/heimdal/lib/hx509/req.c | 110 +++++- source4/heimdal/lib/hx509/revoke.c | 19 +- source4/heimdal/lib/krb5/crypto.c | 7 +- source4/heimdal/lib/krb5/get_cred.c | 89 ++++- source4/heimdal/lib/krb5/init_creds_pw.c | 28 +- source4/heimdal/lib/krb5/krb5-private.h | 8 + source4/heimdal/lib/krb5/krb5-protos.h | 53 ++- source4/heimdal/lib/krb5/krb5.h | 14 +- source4/heimdal/lib/krb5/krb5_err.et | 8 +- source4/heimdal/lib/krb5/krbhst.c | 6 +- source4/heimdal/lib/krb5/misc.c | 3 +- source4/heimdal/lib/krb5/pac.c | 4 +- source4/heimdal/lib/krb5/pkinit.c | 203 +++++----- source4/heimdal/lib/krb5/plugin.c | 3 +- source4/heimdal/lib/krb5/principal.c | 49 ++- source4/heimdal/lib/krb5/rd_error.c | 4 +- source4/heimdal/lib/krb5/send_to_kdc.c | 177 ++++++++- source4/heimdal/lib/ntlm/heimntlm-protos.h | 8 + source4/heimdal/lib/ntlm/ntlm.c | 111 +++++- source4/heimdal/lib/roken/roken_gethostby.c | 4 +- 66 files changed, 2166 insertions(+), 884 deletions(-) create mode 100644 source4/heimdal/lib/hcrypto/rand-timer.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c index c28bd424ea..e06366f214 100644 --- a/source4/heimdal/kdc/default_config.c +++ b/source4/heimdal/kdc/default_config.c @@ -36,10 +36,9 @@ #include #include -RCSID("$Id: default_config.c 20532 2007-04-23 07:46:57Z lha $"); +RCSID("$Id: default_config.c 21296 2007-06-25 14:49:11Z lha $"); - -int +krb5_error_code krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) { krb5_kdc_configuration *c; @@ -62,7 +61,8 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) c->enable_524 = FALSE; c->enable_v4_cross_realm = FALSE; c->enable_pkinit = FALSE; - c->enable_pkinit_princ_in_cert = TRUE; + c->pkinit_princ_in_cert = TRUE; + c->pkinit_require_binding = TRUE; c->db = NULL; c->num_db = 0; c->logf = NULL; @@ -257,12 +257,19 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) krb5_config_free_strings(pool_list); krb5_config_free_strings(revoke_list); - c->enable_pkinit_princ_in_cert = + c->pkinit_princ_in_cert = krb5_config_get_bool_default(context, NULL, - c->enable_pkinit_princ_in_cert, + c->pkinit_princ_in_cert, "kdc", "pkinit_principal_in_certificate", NULL); + + c->pkinit_require_binding = + krb5_config_get_bool_default(context, NULL, + c->pkinit_require_binding, + "kdc", + "pkinit_win2k_require_binding", + NULL); } c->pkinit_dh_min_bits = diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c index 811ab639f1..801449fe5e 100644 --- a/source4/heimdal/kdc/digest.c +++ b/source4/heimdal/kdc/digest.c @@ -34,7 +34,7 @@ #include "kdc_locl.h" #include -RCSID("$Id: digest.c 20877 2007-06-04 04:07:26Z lha $"); +RCSID("$Id: digest.c 21241 2007-06-20 11:30:19Z lha $"); #define MS_CHAP_V2 0x20 #define CHAP_MD5 0x10 @@ -156,6 +156,44 @@ static const unsigned char ms_rfc3079_magic1[27] = { 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 }; +/* + * + */ + +static krb5_error_code +get_password_entry(krb5_context context, + krb5_kdc_configuration *config, + const char *username, + char **password) +{ + krb5_principal clientprincipal; + krb5_error_code ret; + hdb_entry_ex *user; + HDB *db; + + /* get username */ + ret = krb5_parse_name(context, username, &clientprincipal); + if (ret) + return ret; + + ret = _kdc_db_fetch(context, config, clientprincipal, + HDB_F_GET_CLIENT, &db, &user); + krb5_free_principal(context, clientprincipal); + if (ret) + return ret; + + ret = hdb_entry_get_password(context, db, &user->entry, password); + if (ret || password == NULL) { + if (ret == 0) { + ret = EINVAL; + krb5_set_error_string(context, "password missing"); + } + memset(user, 0, sizeof(*user)); + } + _kdc_free_ent (context, user); + return ret; +} + /* * */ @@ -461,9 +499,6 @@ _kdc_do_digest(krb5_context context, break; } case choice_DigestReqInner_digestRequest: { - krb5_principal clientprincipal; - HDB *db; - sp = krb5_storage_emem(); if (sp == NULL) { ret = ENOMEM; @@ -571,29 +606,6 @@ _kdc_do_digest(krb5_context context, } } - /* get username */ - ret = krb5_parse_name(context, - ireq.u.digestRequest.username, - &clientprincipal); - if (ret) - goto out; - - ret = _kdc_db_fetch(context, config, clientprincipal, - HDB_F_GET_CLIENT, &db, &user); - - krb5_free_principal(context, clientprincipal); - if (ret) - goto out; - - ret = hdb_entry_get_password(context, db, &user->entry, &password); - if (ret || password == NULL) { - if (ret == 0) { - ret = EINVAL; - krb5_set_error_string(context, "password missing"); - } - goto out; - } - if (strcasecmp(ireq.u.digestRequest.type, "CHAP") == 0) { MD5_CTX ctx; unsigned char md[MD5_DIGEST_LENGTH]; @@ -618,6 +630,12 @@ _kdc_do_digest(krb5_context context, goto out; } + ret = get_password_entry(context, config, + ireq.u.digestRequest.username, + &password); + if (ret) + goto out; + MD5_Init(&ctx); MD5_Update(&ctx, &id, 1); MD5_Update(&ctx, password, strlen(password)); @@ -664,6 +682,12 @@ _kdc_do_digest(krb5_context context, if (ireq.u.digestRequest.realm == NULL) goto out; + ret = get_password_entry(context, config, + ireq.u.digestRequest.username, + &password); + if (ret) + goto failed; + MD5_Init(&ctx); MD5_Update(&ctx, ireq.u.digestRequest.username, strlen(ireq.u.digestRequest.username)); @@ -692,7 +716,7 @@ _kdc_do_digest(krb5_context context, if (A1 == NULL) { krb5_set_error_string(context, "out of memory"); ret = ENOMEM; - goto out; + goto failed; } MD5_Init(&ctx); @@ -712,7 +736,7 @@ _kdc_do_digest(krb5_context context, krb5_set_error_string(context, "out of memory"); ret = ENOMEM; free(A1); - goto out; + goto failed; } MD5_Init(&ctx); @@ -758,6 +782,7 @@ _kdc_do_digest(krb5_context context, } else if (strcasecmp(ireq.u.digestRequest.type, "MS-CHAP-V2") == 0) { unsigned char md[SHA_DIGEST_LENGTH], challange[SHA_DIGEST_LENGTH]; + krb5_principal clientprincipal = NULL; char *mdx; const char *username; struct ntlm_buf answer; @@ -766,20 +791,20 @@ _kdc_do_digest(krb5_context context, if ((config->digests_allowed & MS_CHAP_V2) == 0) { kdc_log(context, config, 0, "MS-CHAP-V2 not allowed"); - goto out; + goto failed; } if (ireq.u.digestRequest.clientNonce == NULL) { krb5_set_error_string(context, "MS-CHAP-V2 clientNonce missing"); ret = EINVAL; - goto out; + goto failed; } if (serverNonce.length != 16) { krb5_set_error_string(context, "MS-CHAP-V2 serverNonce wrong length"); ret = EINVAL; - goto out; + goto failed; } /* strip of the domain component */ @@ -821,7 +846,7 @@ _kdc_do_digest(krb5_context context, /* NtPasswordHash */ ret = krb5_parse_name(context, username, &clientprincipal); if (ret) - goto out; + goto failed; ret = _kdc_db_fetch(context, config, clientprincipal, HDB_F_GET_CLIENT, NULL, &user); @@ -830,7 +855,7 @@ _kdc_do_digest(krb5_context context, krb5_set_error_string(context, "MS-CHAP-V2 user %s not in database", username); - goto out; + goto failed; } ret = hdb_enctype2key(context, &user->entry, @@ -839,7 +864,7 @@ _kdc_do_digest(krb5_context context, krb5_set_error_string(context, "MS-CHAP-V2 missing arcfour key %s", username); - goto out; + goto failed; } /* ChallengeResponse */ @@ -848,7 +873,7 @@ _kdc_do_digest(krb5_context context, challange, &answer); if (ret) { krb5_set_error_string(context, "NTLM missing arcfour key"); - goto out; + goto failed; } hex_encode(answer.data, answer.length, &mdx); @@ -861,15 +886,15 @@ _kdc_do_digest(krb5_context context, r.element = choice_DigestRepInner_response; ret = strcasecmp(mdx, ireq.u.digestRequest.responseData); - free(mdx); if (ret == 0) { r.u.response.success = TRUE; } else { kdc_log(context, config, 0, - "MS-CHAP-V2 reply mismatch for %s", + "MS-CHAP-V2 hash mismatch for %s", ireq.u.digestRequest.username); r.u.response.success = FALSE; } + free(mdx); if (r.u.response.success) { unsigned char hashhash[MD4_DIGEST_LENGTH]; @@ -958,7 +983,7 @@ _kdc_do_digest(krb5_context context, if ((config->digests_allowed & (NTLM_V1|NTLM_V1_SESSION|NTLM_V2)) == 0) { kdc_log(context, config, 0, "NTLM not allowed"); - goto out; + goto failed; } r.element = choice_DigestRepInner_ntlmInitReply; @@ -967,14 +992,14 @@ _kdc_do_digest(krb5_context context, if ((ireq.u.ntlmInit.flags & NTLM_NEG_UNICODE) == 0) { kdc_log(context, config, 0, "NTLM client have no unicode"); - goto out; + goto failed; } if (ireq.u.ntlmInit.flags & NTLM_NEG_NTLM) r.u.ntlmInitReply.flags |= NTLM_NEG_NTLM; else { kdc_log(context, config, 0, "NTLM client doesn't support NTLM"); - goto out; + goto failed; } r.u.ntlmInitReply.flags |= @@ -1095,7 +1120,7 @@ _kdc_do_digest(krb5_context context, ireq.u.ntlmRequest.username, &clientprincipal); if (ret) - goto out; + goto failed; ret = _kdc_db_fetch(context, config, clientprincipal, HDB_F_GET_CLIENT, NULL, &user); @@ -1103,20 +1128,23 @@ _kdc_do_digest(krb5_context context, if (ret) { krb5_set_error_string(context, "NTLM user %s not in database", ireq.u.ntlmRequest.username); - goto out; + goto failed; } ret = get_digest_key(context, config, server, &crypto); if (ret) - goto out; + goto failed; ret = krb5_decrypt(context, crypto, KRB5_KU_DIGEST_OPAQUE, ireq.u.ntlmRequest.opaque.data, ireq.u.ntlmRequest.opaque.length, &buf); krb5_crypto_destroy(context, crypto); crypto = NULL; - if (ret) - goto out; + if (ret) { + kdc_log(context, config, 0, + "Failed to decrypt nonce from %s", from); + goto failed; + } sp = krb5_storage_from_data(&buf); if (sp == NULL) { @@ -1185,7 +1213,7 @@ _kdc_do_digest(krb5_context context, free(targetname); if (ret) { krb5_set_error_string(context, "NTLM v2 verify failed"); - goto out; + goto failed; } /* XXX verify infotarget matches client (checksum ?) */ @@ -1205,14 +1233,14 @@ _kdc_do_digest(krb5_context context, if ((config->digests_allowed & NTLM_V1_SESSION) == 0) { kdc_log(context, config, 0, "NTLM v1-session not allowed"); ret = EINVAL; - goto out; + goto failed; } if (ireq.u.ntlmRequest.lm.length != 24) { krb5_set_error_string(context, "LM hash have wrong length " "for NTLM session key"); ret = EINVAL; - goto out; + goto failed; } MD5_Init(&md5ctx); @@ -1223,7 +1251,7 @@ _kdc_do_digest(krb5_context context, } else { if ((config->digests_allowed & NTLM_V1) == 0) { kdc_log(context, config, 0, "NTLM v1 not allowed"); - goto out; + goto failed; } } @@ -1232,7 +1260,7 @@ _kdc_do_digest(krb5_context context, challange, &answer); if (ret) { krb5_set_error_string(context, "NTLM missing arcfour key"); - goto out; + goto failed; } if (ireq.u.ntlmRequest.ntlm.length != answer.length || @@ -1241,7 +1269,7 @@ _kdc_do_digest(krb5_context context, free(answer.data); ret = EINVAL; krb5_set_error_string(context, "NTLM hash mismatch"); - goto out; + goto failed; } free(answer.data); @@ -1265,7 +1293,7 @@ _kdc_do_digest(krb5_context context, "NTLM client failed to neg key " "exchange but still sent key"); ret = EINVAL; - goto out; + goto failed; } len = ireq.u.ntlmRequest.sessionkey->length; @@ -1273,7 +1301,7 @@ _kdc_do_digest(krb5_context context, krb5_set_error_string(context, "NTLM master key wrong length: %lu", (unsigned long)len); - goto out; + goto failed; } RC4_set_key(&rc4, sizeof(sessionkey), sessionkey); @@ -1301,12 +1329,12 @@ _kdc_do_digest(krb5_context context, r.u.ntlmResponse.success = 1; kdc_log(context, config, 0, "NTLM version %d successful for %s", version, ireq.u.ntlmRequest.username); - break; } default: + failed: r.element = choice_DigestRepInner_error; - r.u.error.reason = strdup("unknown operation"); + r.u.error.reason = strdup("unknown/failed operation"); if (r.u.error.reason == NULL) { krb5_set_error_string(context, "out of memory"); ret = ENOMEM; diff --git a/source4/heimdal/kdc/kdc-protos.h b/source4/heimdal/kdc/kdc-protos.h index f7df365eb2..15e8c29f4c 100644 --- a/source4/heimdal/kdc/kdc-protos.h +++ b/source4/heimdal/kdc/kdc-protos.h @@ -37,7 +37,7 @@ kdc_openlog ( krb5_context /*context*/, krb5_kdc_configuration */*config*/); -int +krb5_error_code krb5_kdc_get_config ( krb5_context /*context*/, krb5_kdc_configuration **/*config*/); @@ -74,6 +74,11 @@ krb5_kdc_save_request ( const krb5_data */*reply*/, const struct sockaddr */*sa*/); +krb5_error_code +krb5_kdc_set_dbinfo ( + krb5_context /*context*/, + struct krb5_kdc_configuration */*c*/); + void krb5_kdc_update_time (struct timeval */*tv*/); diff --git a/source4/heimdal/kdc/kdc.h b/source4/heimdal/kdc/kdc.h index eb24b4ee97..6c129f38f5 100644 --- a/source4/heimdal/kdc/kdc.h +++ b/source4/heimdal/kdc/kdc.h @@ -35,7 +35,7 @@ */ /* - * $Id: kdc.h 19907 2007-01-14 23:10:24Z lha $ + * $Id: kdc.h 21287 2007-06-25 14:09:03Z lha $ */ #ifndef __KDC_H__ @@ -73,13 +73,13 @@ typedef struct krb5_kdc_configuration { krb5_boolean enable_524; krb5_boolean enable_pkinit; - krb5_boolean enable_pkinit_princ_in_cert; + krb5_boolean pkinit_princ_in_cert; char *pkinit_kdc_ocsp_file; + int pkinit_dh_min_bits; + int pkinit_require_binding; krb5_log_facility *logf; - int pkinit_dh_min_bits; - int enable_digest; int digests_allowed; diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 02cd92de2e..4d6be60f68 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: krb5tgs.c 21041 2007-06-10 06:21:12Z lha $"); +RCSID("$Id: krb5tgs.c 21262 2007-06-21 15:18:37Z lha $"); /* * return the realm of a krbtgt-ticket or NULL @@ -475,12 +475,14 @@ check_tgs_flags(krb5_context context, et->endtime = min(*et->renew_till, et->endtime); } +#if 0 /* checks for excess flags */ if(f.request_anonymous && !config->allow_anonymous){ kdc_log(context, config, 0, "Request for anonymous ticket"); return KRB5KDC_ERR_BADOPTION; } +#endif return 0; } @@ -731,10 +733,12 @@ tgs_make_reply(krb5_context context, &rep.ticket.realm); _krb5_principal2principalname(&rep.ticket.sname, server->entry.principal); copy_Realm(&tgt_name->realm, &rep.crealm); +/* if (f.request_anonymous) _kdc_make_anonymous_principalname (&rep.cname); - else - copy_PrincipalName(&tgt_name->name, &rep.cname); + else */ + + copy_PrincipalName(&tgt_name->name, &rep.cname); rep.ticket.tkt_vno = 5; ek.caddr = et.caddr; @@ -1707,24 +1711,20 @@ server_lookup: goto out; } - /* check PAC if there is one */ - { + /* check PAC if not cross realm and if there is one */ + if (!cross_realm) { Key *tkey; - krb5_keyblock *tgtkey = NULL; - if (!cross_realm) { - ret = hdb_enctype2key(context, &krbtgt->entry, - krbtgt_etype, &tkey); - if(ret) { - kdc_log(context, config, 0, - "Failed to find key for krbtgt PAC check"); - goto out; - } - tgtkey = &tkey->key; + ret = hdb_enctype2key(context, &krbtgt->entry, + krbtgt_etype, &tkey); + if(ret) { + kdc_log(context, config, 0, + "Failed to find key for krbtgt PAC check"); + goto out; } ret = check_PAC(context, config, client_principal, - client, server, ekey, tgtkey, + client, server, ekey, &tkey->key, tgt, &rspac, &require_signedpath); if (ret) { kdc_log(context, config, 0, diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c index ebf2873599..072df44042 100644 --- a/source4/heimdal/kdc/misc.c +++ b/source4/heimdal/kdc/misc.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: misc.c 17951 2006-08-28 14:41:49Z lha $"); +RCSID("$Id: misc.c 21106 2007-06-18 10:18:11Z lha $"); struct timeval _kdc_now; @@ -46,12 +46,14 @@ _kdc_db_fetch(krb5_context context, hdb_entry_ex **h) { hdb_entry_ex *ent; - krb5_error_code ret = HDB_ERR_NOENTRY; + krb5_error_code ret; int i; ent = calloc (1, sizeof (*ent)); - if (ent == NULL) + if (ent == NULL) { + krb5_set_error_string(context, "out of memory"); return ENOMEM; + } for(i = 0; i < config->num_db; i++) { ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0); @@ -74,7 +76,8 @@ _kdc_db_fetch(krb5_context context, } } free(ent); - return ret; + krb5_set_error_string(context, "no such entry found in hdb"); + return HDB_ERR_NOENTRY; } void diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index bf62f879db..ead961022d 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c 21039 2007-06-10 06:20:31Z lha $"); +RCSID("$Id: pkinit.c 21290 2007-06-25 14:13:23Z lha $"); #ifdef PKINIT @@ -380,6 +380,7 @@ _kdc_pk_rd_padata(krb5_context context, *ret_params = NULL; if (!config->enable_pkinit) { + kdc_log(context, config, 0, "PK-INIT request but PK-INIT not enabled"); krb5_clear_error_string(context); return 0; } @@ -676,6 +677,7 @@ BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) static krb5_error_code pk_mk_pa_reply_enckey(krb5_context context, + krb5_kdc_configuration *config, pk_client_params *client_params, const KDC_REQ *req, const krb5_data *req_buffer, @@ -700,8 +702,11 @@ pk_mk_pa_reply_enckey(krb5_context context, switch (client_params->type) { case PKINIT_COMPAT_WIN2K: { int i = 0; - if (_kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_09_BINDING) == NULL) + if (_kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_09_BINDING) == NULL + && config->pkinit_require_binding == 0) + { do_win2k = 1; + } break; } case PKINIT_COMPAT_27: @@ -1015,6 +1020,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, goto out; } ret = pk_mk_pa_reply_enckey(context, + config, client_params, req, req_buffer, @@ -1110,6 +1116,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, goto out; } ret = pk_mk_pa_reply_enckey(context, + config, client_params, req, req_buffer, @@ -1384,7 +1391,7 @@ _kdc_pk_check_client(krb5_context context, "Trying to authorize PK-INIT subject DN %s", *subject_name); - if (config->enable_pkinit_princ_in_cert) { + if (config->pkinit_princ_in_cert) { ret = match_rfc_san(context, config, client_params->cert, client->entry.principal); @@ -1508,7 +1515,8 @@ _kdc_add_inital_verified_cas(krb5_context context, krb5_abortx(context, "internal asn.1 encoder error"); ret = _kdc_tkt_add_if_relevant_ad(context, tkt, - ad_initial_verified_cas, &data); + KRB5_AUTHDATA_INITIAL_VERIFIED_CAS, + &data); krb5_data_free(&data); return ret; } diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1 index 0c7021f87f..14e9793fdc 100644 --- a/source4/heimdal/lib/asn1/k5.asn1 +++ b/source4/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1 21004 2007-06-08 01:53:10Z lha $ +-- $Id: k5.asn1 21092 2007-06-15 19:47:46Z lha $ KERBEROS5 DEFINITIONS ::= BEGIN @@ -88,6 +88,7 @@ AUTHDATA-TYPE ::= INTEGER { KRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS(6), KRB5-AUTHDATA-IN-TICKET-EXTENSIONS(7), KRB5-AUTHDATA-MANDATORY-FOR-KDC(8), + KRB5-AUTHDATA-INITIAL-VERIFIED-CAS(9), KRB5-AUTHDATA-OSF-DCE(64), KRB5-AUTHDATA-SESAME(65), KRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66), diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index fe488eb904..d628e4696f 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -1,6 +1,5 @@ -#include "config.h" -#line 3 "lex.yy.c" +#line 3 "lex.c" #define YY_INT_ALIGNED short int @@ -343,6 +342,9 @@ FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; typedef int yy_state_type; extern int yylineno; + +int yylineno = 1; + extern char *yytext; #define yytext_ptr yytext @@ -824,7 +826,7 @@ char *yytext; * SUCH DAMAGE. */ -/* $Id: lex.l,v 1.31 2006/10/21 11:57:22 lha Exp $ */ +/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */ #ifdef HAVE_CONFIG_H #include @@ -849,7 +851,7 @@ static unsigned lineno = 1; static void unterminated(const char *, unsigned); /* This is for broken old lexes (solaris 10 and hpux) */ -#line 852 "lex.yy.c" +#line 855 "lex.c" #define INITIAL 0 @@ -1004,7 +1006,7 @@ YY_DECL #line 68 "lex.l" -#line 1007 "lex.yy.c" +#line 1010 "lex.c" if ( !(yy_init) ) { @@ -1673,7 +1675,7 @@ YY_RULE_SETUP #line 274 "lex.l" ECHO; YY_BREAK -#line 1676 "lex.yy.c" +#line 1679 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -2483,6 +2485,15 @@ static void yy_fatal_error (yyconst char* msg ) /* Accessor methods (get/set functions) to struct members. */ +/** Get the current line number. + * + */ +int yyget_lineno (void) +{ + + return yylineno; +} + /** Get the input stream. * */ @@ -2516,6 +2527,16 @@ char *yyget_text (void) return yytext; } +/** Set the current line number. + * @param line_number + * + */ +void yyset_lineno (int line_number ) +{ + + yylineno = line_number; +} + /** Set the input stream. This does not discard the current * input buffer. * @param in_str A readable stream. diff --git a/source4/heimdal/lib/asn1/pkinit.asn1 b/source4/heimdal/lib/asn1/pkinit.asn1 index e89a7217af..1bfc11ad74 100644 --- a/source4/heimdal/lib/asn1/pkinit.asn1 +++ b/source4/heimdal/lib/asn1/pkinit.asn1 @@ -34,8 +34,6 @@ MS-UPN-SAN ::= UTF8String pa-pk-as-req INTEGER ::= 16 pa-pk-as-rep INTEGER ::= 17 -ad-initial-verified-cas INTEGER ::= 9 - td-trusted-certifiers INTEGER ::= 104 td-invalid-certificates INTEGER ::= 105 td-dh-parameters INTEGER ::= 109 @@ -160,7 +158,7 @@ KDCDHKeyInfo-Win2k ::= SEQUENCE { ReplyKeyPack-Win2k ::= SEQUENCE { replyKey [0] EncryptionKey, - nonce [1] INTEGER (0..4294967295), + nonce [1] INTEGER (-2147483648..2147483647), ... } diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index 83f1f309a4..c5af2ead5c 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -1,6 +1,5 @@ -#include "config.h" -#line 3 "lex.yy.c" +#line 3 "lex.c" #define YY_INT_ALIGNED short int @@ -343,6 +342,9 @@ FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; typedef int yy_state_type; extern int yylineno; + +int yylineno = 1; + extern char *yytext; #define yytext_ptr yytext @@ -521,7 +523,7 @@ char *yytext; #include "parse.h" #include "lex.h" -RCSID("$Id: lex.l,v 1.8 2005/05/16 08:52:54 lha Exp $"); +RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $"); static unsigned lineno = 1; static int getstring(void); @@ -530,7 +532,7 @@ static int getstring(void); #undef ECHO -#line 533 "lex.yy.c" +#line 536 "lex.c" #define INITIAL 0 @@ -685,7 +687,7 @@ YY_DECL #line 59 "lex.l" -#line 688 "lex.yy.c" +#line 691 "lex.c" if ( !(yy_init) ) { @@ -849,7 +851,7 @@ YY_RULE_SETUP #line 75 "lex.l" ECHO; YY_BREAK -#line 852 "lex.yy.c" +#line 855 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -1659,6 +1661,15 @@ static void yy_fatal_error (yyconst char* msg ) /* Accessor methods (get/set functions) to struct members. */ +/** Get the current line number. + * + */ +int yyget_lineno (void) +{ + + return yylineno; +} + /** Get the input stream. * */ @@ -1692,6 +1703,16 @@ char *yyget_text (void) return yytext; } +/** Set the current line number. + * @param line_number + * + */ +void yyset_lineno (int line_number ) +{ + + yylineno = line_number; +} + /** Set the input stream. This does not discard the current * input buffer. * @param in_str A readable stream. diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c index 42b57cdadd..d5c70636bc 100644 --- a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: acquire_cred.c 20688 2007-05-17 18:44:31Z lha $"); +RCSID("$Id: acquire_cred.c 21221 2007-06-20 08:42:10Z lha $"); OM_uint32 __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, @@ -256,8 +256,8 @@ static OM_uint32 acquire_acceptor_cred if (kret) goto end; krb5_kt_free_entry(context, &entry); + ret = GSS_S_COMPLETE; } - ret = GSS_S_COMPLETE; end: if (ret != GSS_S_COMPLETE) { diff --git a/source4/heimdal/lib/gssapi/krb5/display_name.c b/source4/heimdal/lib/gssapi/krb5/display_name.c index 93fac8d67b..727c447d2a 100644 --- a/source4/heimdal/lib/gssapi/krb5/display_name.c +++ b/source4/heimdal/lib/gssapi/krb5/display_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: display_name.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id: display_name.c 21077 2007-06-12 22:42:56Z lha $"); OM_uint32 _gsskrb5_display_name (OM_uint32 * minor_status, @@ -50,7 +50,8 @@ OM_uint32 _gsskrb5_display_name GSSAPI_KRB5_INIT (&context); - kret = krb5_unparse_name (context, name, &buf); + kret = krb5_unparse_name_flags (context, name, + KRB5_PRINCIPAL_UNPARSE_DISPLAY, &buf); if (kret) { *minor_status = kret; return GSS_S_FAILURE; diff --git a/source4/heimdal/lib/gssapi/krb5/prf.c b/source4/heimdal/lib/gssapi/krb5/prf.c index 3eb90d279f..f79c9374a9 100644 --- a/source4/heimdal/lib/gssapi/krb5/prf.c +++ b/source4/heimdal/lib/gssapi/krb5/prf.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: prf.c 20679 2007-05-14 03:12:05Z lha $"); +RCSID("$Id: prf.c 21129 2007-06-18 20:28:44Z lha $"); OM_uint32 _gsskrb5_pseudo_random(OM_uint32 *minor_status, @@ -67,6 +67,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, switch(prf_key) { case GSS_C_PRF_KEY_FULL: _gsskrb5i_get_acceptor_subkey(ctx, context, &key); + break; case GSS_C_PRF_KEY_PARTIAL: _gsskrb5i_get_initiator_subkey(ctx, context, &key); break; diff --git a/source4/heimdal/lib/gssapi/krb5/release_name.c b/source4/heimdal/lib/gssapi/krb5/release_name.c index a01a9a2a62..80b91930fd 100644 --- a/source4/heimdal/lib/gssapi/krb5/release_name.c +++ b/source4/heimdal/lib/gssapi/krb5/release_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: release_name.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id: release_name.c 21128 2007-06-18 20:26:50Z lha $"); OM_uint32 _gsskrb5_release_name (OM_uint32 * minor_status, @@ -43,8 +43,7 @@ OM_uint32 _gsskrb5_release_name krb5_context context; krb5_principal name = (krb5_principal)*input_name; - if (minor_status) - *minor_status = 0; + *minor_status = 0; GSSAPI_KRB5_INIT (&context); diff --git a/source4/heimdal/lib/gssapi/mech/context.c b/source4/heimdal/lib/gssapi/mech/context.c index 1691fd9401..e4517bee44 100644 --- a/source4/heimdal/lib/gssapi/mech/context.c +++ b/source4/heimdal/lib/gssapi/mech/context.c @@ -1,7 +1,7 @@ #include "mech/mech_locl.h" #include "heim_threads.h" -RCSID("$Id: context.c 19924 2007-01-16 10:17:01Z lha $"); +RCSID("$Id: context.c 21248 2007-06-21 00:45:13Z lha $"); struct mg_thread_ctx { gss_OID mech; @@ -79,7 +79,7 @@ _gss_mg_get_error(const gss_OID mech, OM_uint32 type, switch (type) { case GSS_C_GSS_CODE: { - if (value != mg->maj_stat) + if (value != mg->maj_stat || mg->maj_error.length == 0) break; string->value = malloc(mg->maj_error.length); string->length = mg->maj_error.length; @@ -87,7 +87,7 @@ _gss_mg_get_error(const gss_OID mech, OM_uint32 type, return GSS_S_COMPLETE; } case GSS_C_MECH_CODE: { - if (value != mg->min_stat) + if (value != mg->min_stat || mg->min_error.length == 0) break; string->value = malloc(mg->min_error.length); string->length = mg->min_error.length; diff --git a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c index 8c5f4d0b08..d1e243d8b8 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_accept_sec_context.c 20626 2007-05-08 13:56:49Z lha $"); +RCSID("$Id: gss_accept_sec_context.c 21237 2007-06-20 11:21:09Z lha $"); static OM_uint32 parse_header(const gss_buffer_t input_token, gss_OID mech_oid) @@ -237,9 +237,7 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, return (major_status); } - if (!src_name) { - m->gm_release_name(minor_status, &src_mn); - } else { + if (src_name && src_mn) { /* * Make a new name and mark it as an MN. */ @@ -250,13 +248,15 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, return (GSS_S_FAILURE); } *src_name = (gss_name_t) name; + } else if (src_mn) { + m->gm_release_name(minor_status, &src_mn); } if (mech_ret_flags & GSS_C_DELEG_FLAG) { if (!delegated_cred_handle) { m->gm_release_cred(minor_status, &delegated_mc); *ret_flags &= ~GSS_C_DELEG_FLAG; - } else { + } else if (delegated_mc) { struct _gss_cred *dcred; struct _gss_mechanism_cred *dmc; diff --git a/source4/heimdal/lib/gssapi/mech/gss_display_name.c b/source4/heimdal/lib/gssapi/mech/gss_display_name.c index e57e5dd795..fc10933692 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_display_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_display_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_display_name.c 19952 2007-01-17 10:16:15Z lha $"); +RCSID("$Id: gss_display_name.c 21246 2007-06-20 15:25:19Z lha $"); OM_uint32 gss_display_name(OM_uint32 *minor_status, @@ -43,6 +43,11 @@ gss_display_name(OM_uint32 *minor_status, if (output_name_type) *output_name_type = GSS_C_NO_OID; + if (name == NULL) { + *minor_status = 0; + return (GSS_S_BAD_NAME); + } + /* * If we know it, copy the buffer used to import the name in * the first place. Otherwise, ask all the MNs in turn if diff --git a/source4/heimdal/lib/gssapi/mech/gss_display_status.c b/source4/heimdal/lib/gssapi/mech/gss_display_status.c index c316c26fd7..37ded26db6 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_display_status.c +++ b/source4/heimdal/lib/gssapi/mech/gss_display_status.c @@ -59,7 +59,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_display_status.c 20084 2007-01-31 12:12:08Z lha $"); +RCSID("$Id: gss_display_status.c 21247 2007-06-21 00:37:27Z lha $"); static const char * calling_error(OM_uint32 v) @@ -85,7 +85,7 @@ static const char * routine_error(OM_uint32 v) { static const char *msgs[] = { - NULL, /* 0 */ + "Function completed successfully", /* 0 */ "An unsupported mechanism was requested", "An invalid name was supplied", "A supplied name was of an unsupported type", @@ -109,9 +109,7 @@ routine_error(OM_uint32 v) v >>= GSS_C_ROUTINE_ERROR_OFFSET; - if (v == 0) - return ""; - else if (v >= sizeof(msgs)/sizeof(*msgs)) + if (v >= sizeof(msgs)/sizeof(*msgs)) return "unknown routine error"; else return msgs[v]; diff --git a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c index 3aab0b9bbc..4ff81fdf2d 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_duplicate_name.c 19953 2007-01-17 11:16:35Z lha $"); +RCSID("$Id: gss_duplicate_name.c 21219 2007-06-20 08:27:11Z lha $"); OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, const gss_name_t src_name, @@ -44,7 +44,7 @@ OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, /* * If this name has a value (i.e. it didn't come from * gss_canonicalize_name(), we re-import the thing. Otherwise, - * we make an empty name to hold the MN copy. + * we make copy of each mech names. */ if (name->gn_value.value) { major_status = gss_import_name(minor_status, @@ -52,6 +52,10 @@ OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, if (major_status != GSS_S_COMPLETE) return (major_status); new_name = (struct _gss_name *) *dest_name; + + SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + _gss_find_mn(new_name, mn->gmn_mech_oid); + } } else { new_name = malloc(sizeof(struct _gss_name)); if (!new_name) { @@ -59,17 +63,30 @@ OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, return (GSS_S_FAILURE); } memset(new_name, 0, sizeof(struct _gss_name)); - SLIST_INIT(&name->gn_mn); + SLIST_INIT(&new_name->gn_mn); *dest_name = (gss_name_t) new_name; - } + + SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + struct _gss_mechanism_name *new_mn; + + new_mn = malloc(sizeof(*new_mn)); + if (!new_mn) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + new_mn->gmn_mech = mn->gmn_mech; + new_mn->gmn_mech_oid = mn->gmn_mech_oid; + + major_status = + mn->gmn_mech->gm_duplicate_name(minor_status, + mn->gmn_name, &new_mn->gmn_name); + if (major_status != GSS_S_COMPLETE) { + free(new_mn); + continue; + } + SLIST_INSERT_HEAD(&new_name->gn_mn, new_mn, gmn_link); + } - /* - * Import the new name into any mechanisms listed in the - * original name. We could probably get away with only doing - * this if the original was canonical. - */ - SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { - _gss_find_mn(new_name, mn->gmn_mech_oid); } return (GSS_S_COMPLETE); diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c index 5cce30c6bd..d45baac602 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_context.c 19958 2007-01-17 13:56:18Z lha $"); +RCSID("$Id: gss_inquire_context.c 21125 2007-06-18 20:11:07Z lha $"); OM_uint32 gss_inquire_context(OM_uint32 *minor_status, @@ -79,7 +79,8 @@ gss_inquire_context(OM_uint32 *minor_status, if (src_name) { name = _gss_make_name(m, src_mn); if (!name) { - *mech_type = GSS_C_NO_OID; + if (mech_type) + *mech_type = GSS_C_NO_OID; m->gm_release_name(minor_status, &src_mn); *minor_status = 0; return (GSS_S_FAILURE); @@ -90,8 +91,10 @@ gss_inquire_context(OM_uint32 *minor_status, if (targ_name) { name = _gss_make_name(m, targ_mn); if (!name) { - *mech_type = GSS_C_NO_OID; - gss_release_name(minor_status, src_name); + if (mech_type) + *mech_type = GSS_C_NO_OID; + if (src_name) + gss_release_name(minor_status, src_name); m->gm_release_name(minor_status, &targ_mn); *minor_status = 0; return (GSS_S_FAILURE); diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c index a4ace9e9e9..aa83efb0c2 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_cred_by_mech.c 19960 2007-01-17 15:09:24Z lha $"); +RCSID("$Id: gss_inquire_cred_by_mech.c 21124 2007-06-18 20:08:24Z lha $"); OM_uint32 gss_inquire_cred_by_mech(OM_uint32 *minor_status, @@ -78,12 +78,16 @@ gss_inquire_cred_by_mech(OM_uint32 *minor_status, return (major_status); } - name = _gss_make_name(m, mn); - if (!name) { + if (cred_name) { + name = _gss_make_name(m, mn); + if (!name) { m->gm_release_name(minor_status, &mn); return (GSS_S_NO_CRED); - } + } + *cred_name = (gss_name_t) name; + } else + m->gm_release_name(minor_status, &mn); + - *cred_name = (gss_name_t) name; return (GSS_S_COMPLETE); } diff --git a/source4/heimdal/lib/gssapi/mech/gss_krb5.c b/source4/heimdal/lib/gssapi/mech/gss_krb5.c index 2500928baf..9e77f42982 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_krb5.c +++ b/source4/heimdal/lib/gssapi/mech/gss_krb5.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_krb5.c 20383 2007-04-18 08:49:53Z lha $"); +RCSID("$Id: gss_krb5.c 21123 2007-06-18 20:05:26Z lha $"); #include #include @@ -650,7 +650,7 @@ gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, if (der_put_oid((unsigned char *)oid_flat.elements + oid_flat.length - 1, oid_flat.length, &oid, &size) != 0) { free(oid.components); - + free(oid_flat.elements); *minor_status = EINVAL; return GSS_S_FAILURE; } diff --git a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c index 78c8cc79c1..c32291396f 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c +++ b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_set_cred_option.c 20626 2007-05-08 13:56:49Z lha $"); +RCSID("$Id: gss_set_cred_option.c 21126 2007-06-18 20:19:59Z lha $"); OM_uint32 gss_set_cred_option (OM_uint32 *minor_status, @@ -64,7 +64,9 @@ gss_set_cred_option (OM_uint32 *minor_status, mc = malloc(sizeof(*mc)); if (mc == NULL) { - /* XXX free the other mc's */ + *cred_handle = (gss_cred_id_t)cred; + gss_release_cred(minor_status, cred_handle); + *minor_status = ENOMEM; return GSS_S_FAILURE; } diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c index 106897b9b0..d20c913bf0 100644 --- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: accept_sec_context.c 20929 2007-06-05 21:19:22Z lha $"); +RCSID("$Id: accept_sec_context.c 21243 2007-06-20 15:16:22Z lha $"); static OM_uint32 send_reject (OM_uint32 *minor_status, @@ -540,12 +540,12 @@ acceptor_start gss_cred_id_t *delegated_cred_handle ) { - OM_uint32 ret, ret2, minor; - NegTokenInit ni; - size_t ni_len; + OM_uint32 ret, junk, minor; + NegotiationToken nt; + size_t nt_len; + NegTokenInit *ni; int i; gss_buffer_desc data; - size_t len, taglen; gss_buffer_t mech_input_token = GSS_C_NO_BUFFER; gss_buffer_desc mech_output_token; gss_buffer_desc mech_buf; @@ -555,6 +555,9 @@ acceptor_start int get_mic = 0; int first_ok = 0; + if (src_name) + *src_name = GSS_C_NO_NAME; + mech_output_token.value = NULL; mech_output_token.length = 0; mech_buf.value = NULL; @@ -582,39 +585,30 @@ acceptor_start if (ret) return ret; - ret = der_match_tag_and_length(data.value, data.length, - ASN1_C_CONTEXT, CONS, - 0, - &len, &taglen); + ret = decode_NegotiationToken(data.value, data.length, &nt, &nt_len); + gss_release_buffer(minor_status, &data); if (ret) { *minor_status = ret; - return GSS_S_FAILURE; - } - - if (len > data.length - taglen) { - *minor_status = ASN1_OVERRUN; - return GSS_S_FAILURE; + return GSS_S_DEFECTIVE_TOKEN; } - - ret = decode_NegTokenInit((const unsigned char *)data.value + taglen, - len, &ni, &ni_len); - if (ret) { - *minor_status = ret; + if (nt.element != choice_NegotiationToken_negTokenInit) { + *minor_status = 0; return GSS_S_DEFECTIVE_TOKEN; } + ni = &nt.u.negTokenInit; - if (ni.mechTypes.len < 1) { - free_NegTokenInit(&ni); + if (ni->mechTypes.len < 1) { + free_NegotiationToken(&nt); *minor_status = 0; return GSS_S_DEFECTIVE_TOKEN; } HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); - ret = copy_MechTypeList(&ni.mechTypes, &ctx->initiator_mech_types); + ret = copy_MechTypeList(&ni->mechTypes, &ctx->initiator_mech_types); if (ret) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - free_NegTokenInit(&ni); + free_NegotiationToken(&nt); *minor_status = ret; return GSS_S_FAILURE; } @@ -627,17 +621,17 @@ acceptor_start */ ret = select_mech(minor_status, - &ni.mechTypes.val[0], + &ni->mechTypes.val[0], 0, &preferred_mech_type); - if (ret == 0 && ni.mechToken != NULL) { + if (ret == 0 && ni->mechToken != NULL) { gss_cred_id_t mech_delegated_cred = GSS_C_NO_CREDENTIAL; gss_cred_id_t mech_cred; gss_buffer_desc ibuf; - ibuf.length = ni.mechToken->length; - ibuf.value = ni.mechToken->data; + ibuf.length = ni->mechToken->length; + ibuf.value = ni->mechToken->data; mech_input_token = &ibuf; if (acceptor_cred != NULL) @@ -668,12 +662,12 @@ acceptor_start if (ret == GSS_S_COMPLETE) ctx->open = 1; - if (delegated_cred_handle) + if (mech_delegated_cred && delegated_cred_handle) ret = _gss_spnego_alloc_cred(minor_status, mech_delegated_cred, delegated_cred_handle); else - gss_release_cred(&ret2, &mech_delegated_cred); + gss_release_cred(&junk, &mech_delegated_cred); ret = acceptor_complete(minor_status, ctx, @@ -681,7 +675,7 @@ acceptor_start &mech_buf, mech_input_token, &mech_output_token, - ni.mechListMIC, + ni->mechListMIC, output_token); if (ret != GSS_S_COMPLETE) goto out; @@ -697,9 +691,9 @@ acceptor_start if (!first_ok) { /* Call glue layer to find first mech we support */ - for (i = 1; i < ni.mechTypes.len; ++i) { + for (i = 1; i < ni->mechTypes.len; ++i) { ret = select_mech(minor_status, - &ni.mechTypes.val[i], + &ni->mechTypes.val[i], 1, &preferred_mech_type); if (ret == 0) @@ -707,7 +701,7 @@ acceptor_start } if (preferred_mech_type == GSS_C_NO_OID) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - free_NegTokenInit(&ni); + free_NegotiationToken(&nt); return GSS_S_BAD_MECH; } @@ -735,7 +729,8 @@ out: free(mech_buf.value); mech_buf.value = NULL; } - free_NegTokenInit(&ni); + free_NegotiationToken(&nt); + if (ret == GSS_S_COMPLETE) { if (src_name != NULL && ctx->mech_src_name != NULL) { @@ -746,8 +741,7 @@ out: name->mech = ctx->mech_src_name; ctx->mech_src_name = NULL; *src_name = (gss_name_t)name; - } else - *src_name = GSS_C_NO_NAME; + } } if (delegated_cred_handle != NULL) { *delegated_cred_handle = ctx->delegated_cred_id; @@ -790,10 +784,9 @@ acceptor_continue ) { OM_uint32 ret, ret2, minor; - NegTokenResp na; - size_t na_len; - gss_buffer_desc data; - size_t len, taglen; + NegotiationToken nt; + size_t nt_len; + NegTokenResp *na; unsigned int negResult = accept_incomplete; gss_buffer_t mech_input_token = GSS_C_NO_BUFFER; gss_buffer_t mech_output_token = GSS_C_NO_BUFFER; @@ -810,45 +803,34 @@ acceptor_continue * context token (negTokenInit). */ - data.value = input_token_buffer->value; - data.length = input_token_buffer->length; - - ret = der_match_tag_and_length(data.value, data.length, - ASN1_C_CONTEXT, CONS, - 1, - &len, &taglen); + ret = decode_NegotiationToken(input_token_buffer->value, + input_token_buffer->length, + &nt, &nt_len); if (ret) { *minor_status = ret; - return GSS_S_FAILURE; - } - - if (len > data.length - taglen) { - *minor_status = ASN1_OVERRUN; - return GSS_S_FAILURE; + return GSS_S_DEFECTIVE_TOKEN; } - - ret = decode_NegTokenResp((const unsigned char *)data.value + taglen, - len, &na, &na_len); - if (ret) { - *minor_status = ret; + if (nt.element != choice_NegotiationToken_negTokenResp) { + *minor_status = 0; return GSS_S_DEFECTIVE_TOKEN; } + na = &nt.u.negTokenResp; - if (na.negResult != NULL) { - negResult = *(na.negResult); + if (na->negResult != NULL) { + negResult = *(na->negResult); } HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); { gss_buffer_desc ibuf, obuf; - int require_mic, get_mic; + int require_mic, get_mic = 0; int require_response; heim_octet_string *mic; - if (na.responseToken != NULL) { - ibuf.length = na.responseToken->length; - ibuf.value = na.responseToken->data; + if (na->responseToken != NULL) { + ibuf.length = na->responseToken->length; + ibuf.value = na->responseToken->data; mech_input_token = &ibuf; } else { ibuf.value = NULL; @@ -901,7 +883,7 @@ acceptor_continue mech_output_token = &obuf; } if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) { - free_NegTokenResp(&na); + free_NegotiationToken(&nt); send_reject (minor_status, output_token); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); return ret; @@ -919,7 +901,7 @@ acceptor_continue ctx->require_mic = require_mic; - mic = na.mechListMIC; + mic = na->mechListMIC; if (mic != NULL) require_mic = 1; @@ -930,7 +912,7 @@ acceptor_continue &mech_buf, mech_input_token, mech_output_token, - na.mechListMIC, + na->mechListMIC, output_token); if (ctx->mech_flags & GSS_C_DCE_STYLE) @@ -964,16 +946,19 @@ acceptor_continue gss_release_buffer(&minor, mech_output_token); if (mech_buf.value != NULL) free(mech_buf.value); - free_NegTokenResp(&na); + free_NegotiationToken(&nt); } if (ret == GSS_S_COMPLETE) { - if (src_name != NULL) { - ret2 = gss_duplicate_name(minor_status, - ctx->mech_src_name, - src_name); - if (ret2 != GSS_S_COMPLETE) - ret = ret2; + if (src_name != NULL && ctx->mech_src_name != NULL) { + spnego_name name; + + name = calloc(1, sizeof(*name)); + if (name) { + name->mech = ctx->mech_src_name; + ctx->mech_src_name = NULL; + *src_name = (gss_name_t)name; + } } if (delegated_cred_handle != NULL) { *delegated_cred_handle = ctx->delegated_cred_id; diff --git a/source4/heimdal/lib/hcrypto/pkcs12.c b/source4/heimdal/lib/hcrypto/pkcs12.c index dcfbdfad42..b43fe571d6 100644 --- a/source4/heimdal/lib/hcrypto/pkcs12.c +++ b/source4/heimdal/lib/hcrypto/pkcs12.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: pkcs12.c 20661 2007-05-10 21:57:58Z lha $"); +RCSID("$Id: pkcs12.c 21155 2007-06-18 21:59:44Z lha $"); #include #include @@ -93,8 +93,11 @@ PKCS12_key_gen(const void *key, size_t keylen, while (1) { BIGNUM *bnB, *bnOne; - if (!EVP_DigestInit_ex(&ctx, md, NULL)) + if (!EVP_DigestInit_ex(&ctx, md, NULL)) { + free(I); + free(v); return 0; + } for (i = 0; i < vlen; i++) EVP_DigestUpdate(&ctx, &idc, 1); EVP_DigestUpdate(&ctx, I, size_I); diff --git a/source4/heimdal/lib/hcrypto/rand-egd.c b/source4/heimdal/lib/hcrypto/rand-egd.c index d1b024b535..497a3ab5f8 100644 --- a/source4/heimdal/lib/hcrypto/rand-egd.c +++ b/source4/heimdal/lib/hcrypto/rand-egd.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rand-egd.c 20093 2007-01-31 12:44:28Z lha $"); +RCSID("$Id: rand-egd.c 21156 2007-06-18 22:00:59Z lha $"); #include #ifdef HAVE_SYS_UN_H @@ -255,7 +255,7 @@ RAND_egd_bytes(const char *filename, int size) RAND_seed(data, size); - memset(data, 0, sizeof(data)); + memset(data, 0, size); free(data); return 1; diff --git a/source4/heimdal/lib/hcrypto/rand-fortuna.c b/source4/heimdal/lib/hcrypto/rand-fortuna.c index 6cc4267c13..1d47ed49cc 100644 --- a/source4/heimdal/lib/hcrypto/rand-fortuna.c +++ b/source4/heimdal/lib/hcrypto/rand-fortuna.c @@ -33,7 +33,7 @@ #include #endif -RCSID("$Id: rand-fortuna.c 20029 2007-01-21 09:55:42Z lha $"); +RCSID("$Id: rand-fortuna.c 21196 2007-06-20 05:08:58Z lha $"); #include #include @@ -427,6 +427,8 @@ extract_data(FState * st, unsigned count, unsigned char *dst) static FState main_state; static int init_done; static int have_entropy; +#define FORTUNA_RESEED_BYTE 10000 +static unsigned resend_bytes; /* * Try our best to do an inital seed @@ -472,6 +474,35 @@ fortuna_reseed(void) memset(buf, 0, sizeof(buf)); } } + /* + * Fall back to gattering data from timer and secret files, this + * is really the last resort. + */ + if (!entropy_p) { + /* to save stackspace */ + union { + unsigned char buf[INIT_BYTES]; + unsigned char shad[1001]; + } u; + int fd; + + /* add timer info */ + if ((*hc_rand_timer_method.bytes)(u.buf, sizeof(u.buf)) == 1) + add_entropy(&main_state, u.buf, sizeof(u.buf)); + /* add /etc/shadow */ + fd = open("/etc/shadow", O_RDONLY, 0); + if (fd >= 0) { + ssize_t n; + /* add_entropy will hash the buf */ + while ((n = read(fd, (char *)u.shad, sizeof(u.shad))) > 0) + add_entropy(&main_state, u.shad, sizeof(u.shad)); + close(fd); + } + + memset(&u, 0, sizeof(u)); + + entropy_p = 1; /* sure about this ? */ + } { pid_t pid = getpid(); add_entropy(&main_state, (void *)&pid, sizeof(pid)); @@ -517,6 +548,11 @@ fortuna_bytes(unsigned char *outdata, int size) { if (!fortuna_init()) return 0; + resend_bytes += size; + if (resend_bytes > FORTUNA_RESEED_BYTE || resend_bytes < size) { + resend_bytes = 0; + fortuna_reseed(); + } extract_data(&main_state, size, outdata); return 1; } diff --git a/source4/heimdal/lib/hcrypto/rand-timer.c b/source4/heimdal/lib/hcrypto/rand-timer.c new file mode 100644 index 0000000000..67a77b01fc --- /dev/null +++ b/source4/heimdal/lib/hcrypto/rand-timer.c @@ -0,0 +1,206 @@ +/* + * Copyright (c) 1995, 1996, 1997, 1999, 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id$"); + +#include +#include +#include + +#include + +#include "randi.h" + +#ifndef WIN32 /* don't bother with this on windows */ + +static volatile int counter; +static volatile unsigned char *gdata; /* Global data */ +static volatile int igdata; /* Index into global data */ +static int gsize; + +static +RETSIGTYPE +sigALRM(int sig) +{ + if (igdata < gsize) + gdata[igdata++] ^= counter & 0xff; + +#ifndef HAVE_SIGACTION + signal(SIGALRM, sigALRM); /* Reinstall SysV signal handler */ +#endif + SIGRETURN(0); +} + +#ifndef HAVE_SETITIMER +static void +pacemaker(struct timeval *tv) +{ + fd_set fds; + pid_t pid; + pid = getppid(); + while(1){ + FD_ZERO(&fds); + FD_SET(0, &fds); + select(1, &fds, NULL, NULL, tv); + kill(pid, SIGALRM); + } +} +#endif + +#ifdef HAVE_SIGACTION +/* XXX ugly hack, should perhaps use function from roken */ +static RETSIGTYPE +(*fake_signal(int sig, RETSIGTYPE (*f)(int)))(int) +{ + struct sigaction sa, osa; + sa.sa_handler = f; + sa.sa_flags = 0; + sigemptyset(&sa.sa_mask); + sigaction(sig, &sa, &osa); + return osa.sa_handler; +} +#define signal(S, F) fake_signal((S), (F)) +#endif + +#endif /* WIN32*/ + +/* + * + */ + +static void +timer_seed(const void *indata, int size) +{ +} + +static int +timer_bytes(unsigned char *outdata, int size) +{ +#ifdef WIN32 + return 0; +#else /* WIN32 */ + struct itimerval tv, otv; + RETSIGTYPE (*osa)(int); + int i, j; +#ifndef HAVE_SETITIMER + RETSIGTYPE (*ochld)(int); + pid_t pid; +#endif + + gdata = outdata; + gsize = size; + igdata = 0; + + osa = signal(SIGALRM, sigALRM); + + /* Start timer */ + tv.it_value.tv_sec = 0; + tv.it_value.tv_usec = 10 * 1000; /* 10 ms */ + tv.it_interval = tv.it_value; +#ifdef HAVE_SETITIMER + setitimer(ITIMER_REAL, &tv, &otv); +#else + ochld = signal(SIGCHLD, SIG_IGN); + pid = fork(); + if(pid == -1){ + signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL); + des_not_rand_data(data, size); + return; + } + if(pid == 0) + pacemaker(&tv.it_interval); +#endif + + for(i = 0; i < 4; i++) { + for (igdata = 0; igdata < size;) /* igdata++ in sigALRM */ + counter++; + for (j = 0; j < size; j++) /* Only use 2 bits each lap */ + gdata[j] = (gdata[j]>>2) | (gdata[j]<<6); + } +#ifdef HAVE_SETITIMER + setitimer(ITIMER_REAL, &otv, 0); +#else + kill(pid, SIGKILL); + while(waitpid(pid, NULL, 0) != pid); + signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL); +#endif + signal(SIGALRM, osa != SIG_ERR ? osa : SIG_DFL); + + return 1; +#endif +} + +static void +timer_cleanup(void) +{ +} + +static void +timer_add(const void *indata, int size, double entropi) +{ +} + +static int +timer_pseudorand(unsigned char *outdata, int size) +{ + return timer_bytes(outdata, size); +} + +static int +timer_status(void) +{ +#ifdef WIN32 + return 0; +#else + return 1; +#endif +} + +const RAND_METHOD hc_rand_timer_method = { + timer_seed, + timer_bytes, + timer_cleanup, + timer_add, + timer_pseudorand, + timer_status +}; + +const RAND_METHOD * +RAND_timer_method(void) +{ + return &hc_rand_timer_method; +} diff --git a/source4/heimdal/lib/hcrypto/rand.c b/source4/heimdal/lib/hcrypto/rand.c index 29f2d46dba..248fdde620 100644 --- a/source4/heimdal/lib/hcrypto/rand.c +++ b/source4/heimdal/lib/hcrypto/rand.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rand.c 20126 2007-02-01 22:08:41Z lha $"); +RCSID("$Id: rand.c 21198 2007-06-20 05:10:41Z lha $"); #include #include @@ -56,11 +56,7 @@ init_method(void) { if (selected_meth != NULL) return; - - if ((*hc_rand_unix_method.status)() == 1) - selected_meth = &hc_rand_unix_method; - else - selected_meth = &hc_rand_fortuna_method; + selected_meth = &hc_rand_fortuna_method; } void diff --git a/source4/heimdal/lib/hcrypto/randi.h b/source4/heimdal/lib/hcrypto/randi.h index b9b9b5309c..6ae75f262b 100644 --- a/source4/heimdal/lib/hcrypto/randi.h +++ b/source4/heimdal/lib/hcrypto/randi.h @@ -32,7 +32,7 @@ */ /* - * $Id: randi.h 20027 2007-01-21 09:54:00Z lha $ + * $Id: randi.h 21101 2007-06-18 03:53:46Z lha $ */ #ifndef _HEIM_RANDI_H @@ -41,5 +41,8 @@ extern const RAND_METHOD hc_rand_fortuna_method; extern const RAND_METHOD hc_rand_unix_method; extern const RAND_METHOD hc_rand_egd_method; +extern const RAND_METHOD hc_rand_timer_method; + +const RAND_METHOD * RAND_timer_method(void); #endif /* _HEIM_RANDI_H */ diff --git a/source4/heimdal/lib/hcrypto/rsa-imath.c b/source4/heimdal/lib/hcrypto/rsa-imath.c index e05ead1e66..74093ff7ba 100644 --- a/source4/heimdal/lib/hcrypto/rsa-imath.c +++ b/source4/heimdal/lib/hcrypto/rsa-imath.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rsa-imath.c 19750 2007-01-06 13:45:25Z lha $"); +RCSID("$Id: rsa-imath.c 21154 2007-06-18 21:58:12Z lha $"); #include #include @@ -180,7 +180,6 @@ imath_rsa_public_encrypt(int flen, const unsigned char* from, } padlen = size - flen - 3; - assert(padlen >= 8); *p++ = 2; if (RAND_bytes(p, padlen) != 1) { diff --git a/source4/heimdal/lib/hdb/ext.c b/source4/heimdal/lib/hdb/ext.c index aac0ff5367..5f60999946 100644 --- a/source4/heimdal/lib/hdb/ext.c +++ b/source4/heimdal/lib/hdb/ext.c @@ -34,7 +34,7 @@ #include "hdb_locl.h" #include -RCSID("$Id: ext.c 20236 2007-02-16 23:52:29Z lha $"); +RCSID("$Id: ext.c 21113 2007-06-18 12:59:32Z lha $"); krb5_error_code hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) @@ -268,6 +268,7 @@ hdb_entry_get_password(krb5_context context, HDB *db, const hdb_entry *entry, char **p) { HDB_extension *ext; + char *str; int ret; ext = hdb_find_extension(entry, choice_HDB_extension_data_password); @@ -314,7 +315,14 @@ hdb_entry_get_password(krb5_context context, HDB *db, } return 0; } - krb5_set_error_string(context, "password attribute not found"); + + ret = krb5_unparse_name(context, entry->principal, &str); + if (ret == 0) { + krb5_set_error_string(context, "no password attributefor %s", str); + free(str); + } else + krb5_clear_error_string(context); + return ENOENT; } diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c index 27b17a0204..caf163f8e4 100644 --- a/source4/heimdal/lib/hx509/cert.c +++ b/source4/heimdal/lib/hx509/cert.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: cert.c 20915 2007-06-05 03:58:56Z lha $"); +RCSID("$Id: cert.c 21294 2007-06-25 14:37:15Z lha $"); #include "crypto-headers.h" #include @@ -43,6 +43,7 @@ struct hx509_verify_ctx_data { #define HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE 2 #define HX509_VERIFY_CTX_F_REQUIRE_RFC3280 4 #define HX509_VERIFY_CTX_F_CHECK_TRUST_ANCHORS 8 +#define HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS 16 time_t time_now; unsigned int max_depth; #define HX509_VERIFY_MAX_DEPTH 30 @@ -51,6 +52,7 @@ struct hx509_verify_ctx_data { #define REQUIRE_RFC3280(ctx) ((ctx)->flags & HX509_VERIFY_CTX_F_REQUIRE_RFC3280) #define CHECK_TA(ctx) ((ctx)->flags & HX509_VERIFY_CTX_F_CHECK_TRUST_ANCHORS) +#define ALLOW_DEF_TA(ctx) (((ctx)->flags & HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS) == 0) struct _hx509_cert_attrs { size_t len; @@ -76,22 +78,6 @@ typedef struct hx509_name_constraints { #define GeneralSubtrees_SET(g,var) \ (g)->len = (var)->len, (g)->val = (var)->val; -/* - * - */ - -void -_hx509_abort(const char *fmt, ...) -{ - va_list ap; - va_start(ap, fmt); - vprintf(fmt, ap); - va_end(ap); - printf("\n"); - fflush(stdout); - abort(); -} - /* * */ @@ -227,7 +213,34 @@ hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert) if (ret) { free((*cert)->data); free(*cert); + *cert = NULL; + } + return ret; +} + +int +hx509_cert_init_data(hx509_context context, + const void *ptr, + size_t len, + hx509_cert *cert) +{ + Certificate t; + size_t size; + int ret; + + ret = decode_Certificate(ptr, len, &t, &size); + if (ret) { + hx509_set_error_string(context, 0, ret, "Failed to decode certificate"); + return ret; + } + if (size != len) { + hx509_set_error_string(context, 0, HX509_EXTRA_DATA_AFTER_STRUCTURE, + "Extra data after certificate"); + return HX509_EXTRA_DATA_AFTER_STRUCTURE; } + + ret = hx509_cert_init(context, &t, cert); + free_Certificate(&t); return ret; } @@ -291,10 +304,10 @@ hx509_cert hx509_cert_ref(hx509_cert cert) { if (cert->ref <= 0) - _hx509_abort("refcount <= 0"); + _hx509_abort("cert refcount <= 0"); cert->ref++; if (cert->ref == 0) - _hx509_abort("refcount == 0"); + _hx509_abort("cert refcount == 0"); return cert; } @@ -341,6 +354,12 @@ hx509_verify_set_time(hx509_verify_ctx ctx, time_t t) ctx->time_now = t; } +void +hx509_verify_set_max_depth(hx509_verify_ctx ctx, unsigned int max_depth) +{ + ctx->max_depth = max_depth; +} + void hx509_verify_set_proxy_certificate(hx509_verify_ctx ctx, int boolean) { @@ -359,6 +378,15 @@ hx509_verify_set_strict_rfc3280_verification(hx509_verify_ctx ctx, int boolean) ctx->flags &= ~HX509_VERIFY_CTX_F_REQUIRE_RFC3280; } +void +hx509_verify_ctx_f_allow_default_trustanchors(hx509_verify_ctx ctx, int boolean) +{ + if (boolean) + ctx->flags &= ~HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS; + else + ctx->flags |= HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS; +} + static const Extension * find_extension(const Certificate *cert, const heim_oid *oid, int *idx) { @@ -1295,13 +1323,15 @@ match_general_name(const GeneralName *c, const GeneralName *n, int *match) return 0; } case choice_GeneralName_dNSName: { - size_t len1, len2; + size_t lenc, lenn; - len1 = strlen(c->u.dNSName); - len2 = strlen(n->u.dNSName); - if (len1 > len2) + lenc = strlen(c->u.dNSName); + lenn = strlen(n->u.dNSName); + if (lenc > lenn) return HX509_NAME_CONSTRAINT_ERROR; - if (strcasecmp(&n->u.dNSName[len2 - len1], c->u.dNSName) != 0) + if (strcasecmp(&n->u.dNSName[lenn - lenc], c->u.dNSName) != 0) + return HX509_NAME_CONSTRAINT_ERROR; + if (lenc != lenn && n->u.dNSName[lenn - lenc - 1] != '.') return HX509_NAME_CONSTRAINT_ERROR; *match = 1; return 0; @@ -1488,15 +1518,15 @@ hx509_verify_path(hx509_context context, /* * */ - ret = hx509_certs_init(context, "MEMORY:trust-anchors", 0, NULL, &anchors); - if (ret) - goto out; - ret = hx509_certs_merge(context, anchors, ctx->trust_anchors); - if (ret) - goto out; - ret = hx509_certs_merge(context, anchors, context->default_trust_anchors); - if (ret) - goto out; + if (ctx->trust_anchors) + anchors = _hx509_certs_ref(ctx->trust_anchors); + else if (context->default_trust_anchors && ALLOW_DEF_TA(ctx)) + anchors = _hx509_certs_ref(context->default_trust_anchors); + else { + ret = hx509_certs_init(context, "MEMORY:no-TA", 0, NULL, &anchors); + if (ret) + goto out; + } /* * Calculate the path from the certificate user presented to the @@ -1843,17 +1873,82 @@ hx509_verify_signature(hx509_context context, return _hx509_verify_signature(context, signer->data, alg, data, sig); } +#define HX509_VHN_F_ALLOW_NO_MATCH 1 + int hx509_verify_hostname(hx509_context context, const hx509_cert cert, - int require_match, + int flags, + hx509_hostname_type type, const char *hostname, const struct sockaddr *sa, /* XXX krb5_socklen_t */ int sa_size) { + GeneralNames san; + int ret, i, j; + if (sa && sa_size <= 0) return EINVAL; - return 0; + + memset(&san, 0, sizeof(san)); + + i = 0; + do { + ret = find_extension_subject_alt_name(cert->data, &i, &san); + if (ret == HX509_EXTENSION_NOT_FOUND) { + ret = 0; + break; + } else if (ret != 0) + break; + + for (j = 0; j < san.len; j++) { + switch (san.val[j].element) { + case choice_GeneralName_dNSName: + if (strcasecmp(san.val[j].u.dNSName, hostname) == 0) { + free_GeneralNames(&san); + return 0; + } + break; + default: + break; + } + } + free_GeneralNames(&san); + } while (1); + + { + Name *name = &cert->data->tbsCertificate.subject; + + /* match if first component is a CN= */ + if (name->u.rdnSequence.len > 0 + && name->u.rdnSequence.val[0].len == 1 + && der_heim_oid_cmp(&name->u.rdnSequence.val[0].val[0].type, + oid_id_at_commonName()) == 0) + { + DirectoryString *ds = &name->u.rdnSequence.val[0].val[0].value; + + switch (ds->element) { + case choice_DirectoryString_printableString: + if (strcasecmp(ds->u.printableString, hostname) == 0) + return 0; + break; + case choice_DirectoryString_ia5String: + if (strcasecmp(ds->u.ia5String, hostname) == 0) + return 0; + break; + case choice_DirectoryString_utf8String: + if (strcasecmp(ds->u.utf8String, hostname) == 0) + return 0; + default: + break; + } + } + } + + if ((flags & HX509_VHN_F_ALLOW_NO_MATCH) == 0) + ret = HX509_NAME_CONSTRAINT_ERROR; + + return ret; } int @@ -2434,3 +2529,24 @@ hx509_cert_binary(hx509_context context, hx509_cert c, heim_octet_string *os) return ret; } + +/* + * Last to avoid lost __attribute__s due to #undef. + */ + +#undef __attribute__ +#define __attribute__(X) + +void +_hx509_abort(const char *fmt, ...) + __attribute__ ((noreturn, format (printf, 1, 2))) +{ + va_list ap; + va_start(ap, fmt); + vprintf(fmt, ap); + va_end(ap); + printf("\n"); + fflush(stdout); + abort(); +} + diff --git a/source4/heimdal/lib/hx509/cms.c b/source4/heimdal/lib/hx509/cms.c index 29ca80e194..30f364060d 100644 --- a/source4/heimdal/lib/hx509/cms.c +++ b/source4/heimdal/lib/hx509/cms.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: cms.c 20937 2007-06-06 20:50:55Z lha $"); +RCSID("$Id: cms.c 21319 2007-06-25 19:46:52Z lha $"); #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0) @@ -115,24 +115,42 @@ hx509_cms_unwrap_ContentInfo(const heim_octet_string *in, return 0; } +#define CMS_ID_SKI 0 +#define CMS_ID_NAME 1 + static int -fill_CMSIdentifier(const hx509_cert cert, CMSIdentifier *id) +fill_CMSIdentifier(const hx509_cert cert, + int type, + CMSIdentifier *id) { - hx509_name name; int ret; - id->element = choice_CMSIdentifier_issuerAndSerialNumber; - ret = hx509_cert_get_issuer(cert, &name); - if (ret) - return ret; - ret = copy_Name(&name->der_name, - &id->u.issuerAndSerialNumber.issuer); - hx509_name_free(&name); - if (ret) - return ret; + switch (type) { + case CMS_ID_SKI: + id->element = choice_CMSIdentifier_subjectKeyIdentifier; + ret = _hx509_find_extension_subject_key_id(_hx509_get_cert(cert), + &id->u.subjectKeyIdentifier); + if (ret == 0) + break; + /* FALL THOUGH */ + case CMS_ID_NAME: { + hx509_name name; - ret = hx509_cert_get_serialnumber(cert, - &id->u.issuerAndSerialNumber.serialNumber); + id->element = choice_CMSIdentifier_issuerAndSerialNumber; + ret = hx509_cert_get_issuer(cert, &name); + if (ret) + return ret; + ret = hx509_name_to_Name(name, &id->u.issuerAndSerialNumber.issuer); + hx509_name_free(&name); + if (ret) + return ret; + + ret = hx509_cert_get_serialnumber(cert, &id->u.issuerAndSerialNumber.serialNumber); + break; + } + default: + _hx509_abort("CMS fill identifier with unknown type"); + } return ret; } @@ -467,6 +485,13 @@ hx509_cms_envelope_1(hx509_context context, goto out; } + ret = hx509_crypto_random_iv(crypto, &ivec); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to create a random iv"); + goto out; + } + ret = hx509_crypto_encrypt(crypto, data, length, @@ -518,7 +543,7 @@ hx509_cms_envelope_1(hx509_context context, ri = &ed.recipientInfos.val[0]; ri->version = 0; - ret = fill_CMSIdentifier(cert, &ri->rid); + ret = fill_CMSIdentifier(cert, CMS_ID_SKI, &ri->rid); if (ret) { hx509_set_error_string(context, 0, ret, "Failed to set CMS identifier info " @@ -585,22 +610,12 @@ any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs) return 0; for (i = 0; i < sd->certificates->len; i++) { - Certificate cert; hx509_cert c; - const void *p = sd->certificates->val[i].data; - size_t size, length = sd->certificates->val[i].length; - - ret = decode_Certificate(p, length, &cert, &size); - if (ret) { - hx509_set_error_string(context, 0, ret, - "Failed to decode certificate %d " - "in SignedData.certificates", i); - return ret; - } - - ret = hx509_cert_init(context, &cert, &c); - free_Certificate(&cert); + ret = hx509_cert_init_data(context, + sd->certificates->val[i].data, + sd->certificates->val[i].length, + &c); if (ret) return ret; ret = hx509_certs_add(context, certs, c); @@ -951,6 +966,7 @@ hx509_cms_create_signed_1(hx509_context context, int ret; size_t size; hx509_path path; + int cmsidflag = CMS_ID_SKI; memset(&sd, 0, sizeof(sd)); memset(&name, 0, sizeof(name)); @@ -960,6 +976,9 @@ hx509_cms_create_signed_1(hx509_context context, content.data = rk_UNCONST(data); content.length = length; + if (flags & HX509_CMS_SIGATURE_ID_NAME) + cmsidflag = CMS_ID_NAME; + if (_hx509_cert_private_key(cert) == NULL) { hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING, "Private key missing for signing"); @@ -1014,7 +1033,7 @@ hx509_cms_create_signed_1(hx509_context context, signer_info->version = 1; - ret = fill_CMSIdentifier(cert, &signer_info->sid); + ret = fill_CMSIdentifier(cert, cmsidflag, &signer_info->sid); if (ret) { hx509_clear_error_string(context); goto out; diff --git a/source4/heimdal/lib/hx509/crypto.c b/source4/heimdal/lib/hx509/crypto.c index 96d9693cc2..d86300bd58 100644 --- a/source4/heimdal/lib/hx509/crypto.c +++ b/source4/heimdal/lib/hx509/crypto.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: crypto.c 20939 2007-06-06 20:53:02Z lha $"); +RCSID("$Id: crypto.c 21318 2007-06-25 19:46:32Z lha $"); struct hx509_crypto; @@ -362,6 +362,7 @@ rsa_create_signature(hx509_context context, sig->length = RSA_size(signer->private_key.rsa); sig->data = malloc(sig->length); if (sig->data == NULL) { + der_free_octet_string(&indata); hx509_set_error_string(context, 0, ENOMEM, "out of memory"); return ENOMEM; } @@ -1761,15 +1762,17 @@ CMSRC2CBCParam_set(hx509_context context, const heim_octet_string *param, p->maximum_effective_key = 128; break; default: + free(p); free_CMSRC2CBCParameter(&rc2param); return HX509_CRYPTO_SIG_INVALID_FORMAT; } if (ivec) ret = der_copy_octet_string(&rc2param.iv, ivec); free_CMSRC2CBCParameter(&rc2param); - if (ret) + if (ret) { + free(p); hx509_clear_error_string(context); - else + } else crypto->param = p; return ret; @@ -2008,11 +2011,30 @@ hx509_crypto_get_params(hx509_context context, return (*crypto->cipher->get_params)(context, crypto, ivec, param); } +int +hx509_crypto_random_iv(hx509_crypto crypto, heim_octet_string *ivec) +{ + ivec->length = EVP_CIPHER_iv_length(crypto->c); + ivec->data = malloc(ivec->length); + if (ivec->data == NULL) { + ivec->length = 0; + return ENOMEM; + } + + if (RAND_bytes(ivec->data, ivec->length) <= 0) { + free(ivec->data); + ivec->data = NULL; + ivec->length = 0; + return HX509_CRYPTO_INTERNAL_ERROR; + } + return 0; +} + int hx509_crypto_encrypt(hx509_crypto crypto, const void *data, const size_t length, - heim_octet_string *ivec, + const heim_octet_string *ivec, heim_octet_string **ciphertext) { EVP_CIPHER_CTX evp; @@ -2021,19 +2043,9 @@ hx509_crypto_encrypt(hx509_crypto crypto, *ciphertext = NULL; - EVP_CIPHER_CTX_init(&evp); - - ivec->length = EVP_CIPHER_iv_length(crypto->c); - ivec->data = malloc(ivec->length); - if (ivec->data == NULL) { - ret = ENOMEM; - goto out; - } + assert(EVP_CIPHER_iv_length(crypto->c) == ivec->length); - if (RAND_bytes(ivec->data, ivec->length) <= 0) { - ret = HX509_CRYPTO_INTERNAL_ERROR; - goto out; - } + EVP_CIPHER_CTX_init(&evp); ret = EVP_CipherInit_ex(&evp, crypto->c, NULL, crypto->key.data, ivec->data, 1); @@ -2082,10 +2094,6 @@ hx509_crypto_encrypt(hx509_crypto crypto, out: if (ret) { - if (ivec->data) { - free(ivec->data); - memset(ivec, 0, sizeof(*ivec)); - } if (*ciphertext) { if ((*ciphertext)->data) { free((*ciphertext)->data); @@ -2286,6 +2294,24 @@ find_string2key(const heim_oid *oid, return NULL; } +/* + * + */ + +int +_hx509_pbe_encrypt(hx509_context context, + hx509_lock lock, + const AlgorithmIdentifier *ai, + const heim_octet_string *content, + heim_octet_string *econtent) +{ + hx509_clear_error_string(context); + return EINVAL; +} + +/* + * + */ int _hx509_pbe_decrypt(hx509_context context, diff --git a/source4/heimdal/lib/hx509/file.c b/source4/heimdal/lib/hx509/file.c index 1152af2423..b076b74f44 100644 --- a/source4/heimdal/lib/hx509/file.c +++ b/source4/heimdal/lib/hx509/file.c @@ -134,3 +134,243 @@ _hx509_write_file(const char *fn, const void *data, size_t length) return 0; } + +/* + * + */ + +static void +header(FILE *f, const char *type, const char *str) +{ + fprintf(f, "-----%s %s-----\n", type, str); +} + +int +hx509_pem_write(hx509_context context, const char *type, + hx509_pem_header *headers, FILE *f, + const void *data, size_t size) +{ + const char *p = data; + size_t length; + char *line; + +#define ENCODE_LINE_LENGTH 54 + + header(f, "BEGIN", type); + + while (headers) { + fprintf(f, "%s: %s\n%s", + headers->header, headers->value, + headers->next ? "" : "\n"); + headers = headers->next; + } + + while (size > 0) { + ssize_t l; + + length = size; + if (length > ENCODE_LINE_LENGTH) + length = ENCODE_LINE_LENGTH; + + l = base64_encode(p, length, &line); + if (l < 0) { + hx509_set_error_string(context, 0, ENOMEM, + "malloc - out of memory"); + return ENOMEM; + } + size -= length; + fprintf(f, "%s\n", line); + p += length; + free(line); + } + + header(f, "END", type); + + return 0; +} + +/* + * + */ + +int +hx509_pem_add_header(hx509_pem_header **headers, + const char *header, const char *value) +{ + hx509_pem_header *h; + + h = calloc(1, sizeof(*h)); + if (h == NULL) + return ENOMEM; + h->header = strdup(header); + if (h->header == NULL) { + free(h); + return ENOMEM; + } + h->value = strdup(value); + if (h->value == NULL) { + free(h->header); + free(h); + return ENOMEM; + } + + h->next = *headers; + *headers = h; + + return 0; +} + +void +hx509_pem_free_header(hx509_pem_header *headers) +{ + hx509_pem_header *h; + while (headers) { + h = headers; + headers = headers->next; + free(h->header); + free(h->value); + free(h); + } +} + +/* + * + */ + +const char * +hx509_pem_find_header(const hx509_pem_header *h, const char *header) +{ + while(h) { + if (strcmp(header, h->header) == 0) + return h->value; + h = h->next; + } + return NULL; +} + + +/* + * + */ + +int +hx509_pem_read(hx509_context context, + FILE *f, + hx509_pem_read_func func, + void *ctx) +{ + hx509_pem_header *headers = NULL; + char *type = NULL; + void *data = NULL; + size_t len = 0; + char buf[1024]; + int ret = HX509_PARSING_KEY_FAILED; + + enum { BEFORE, SEARCHHEADER, INHEADER, INDATA, DONE } where; + + where = BEFORE; + + while (fgets(buf, sizeof(buf), f) != NULL) { + char *p; + int i; + + i = strcspn(buf, "\n"); + if (buf[i] == '\n') { + buf[i] = '\0'; + if (i > 0) + i--; + } + if (buf[i] == '\r') { + buf[i] = '\0'; + if (i > 0) + i--; + } + + switch (where) { + case BEFORE: + if (strncmp("-----BEGIN ", buf, 11) == 0) { + type = strdup(buf + 11); + if (type == NULL) + break; + p = strchr(type, '-'); + if (p) + *p = '\0'; + where = SEARCHHEADER; + } + break; + case SEARCHHEADER: + p = strchr(buf, ':'); + if (p == NULL) { + where = INDATA; + goto indata; + } + /* FALLTHOUGH */ + case INHEADER: + if (buf[0] == '\0') { + where = INDATA; + break; + } + p = strchr(buf, ':'); + if (p) { + *p++ = '\0'; + while (isspace((int)*p)) + p++; + ret = hx509_pem_add_header(&headers, buf, p); + if (ret) + abort(); + } + break; + case INDATA: + indata: + + if (strncmp("-----END ", buf, 9) == 0) { + where = DONE; + break; + } + + p = emalloc(i); + i = base64_decode(buf, p); + if (i < 0) { + free(p); + goto out; + } + + data = erealloc(data, len + i); + memcpy(((char *)data) + len, p, i); + free(p); + len += i; + break; + case DONE: + abort(); + } + + if (where == DONE) { + ret = (*func)(context, type, headers, data, len, ctx); + out: + free(data); + data = NULL; + len = 0; + free(type); + type = NULL; + where = BEFORE; + hx509_pem_free_header(headers); + headers = NULL; + if (ret) + break; + } + } + + if (where != BEFORE) { + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "File ends before end of PEM end tag"); + ret = HX509_PARSING_KEY_FAILED; + } + if (data) + free(data); + if (type) + free(type); + if (headers) + hx509_pem_free_header(headers); + + return ret; +} diff --git a/source4/heimdal/lib/hx509/hx509-private.h b/source4/heimdal/lib/hx509/hx509-private.h index 2763df957f..451c3c89f2 100644 --- a/source4/heimdal/lib/hx509/hx509-private.h +++ b/source4/heimdal/lib/hx509/hx509-private.h @@ -4,6 +4,10 @@ #include +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + int _hx509_Certificate_cmp ( const Certificate */*p*/, @@ -20,7 +24,8 @@ _hx509_Time2time_t (const Time */*t*/); void _hx509_abort ( const char */*fmt*/, - ...); + ...) + __attribute__ ((noreturn, format (printf, 1, 2))); int _hx509_calculate_path ( @@ -104,6 +109,9 @@ _hx509_certs_keys_get ( hx509_certs /*certs*/, hx509_private_key **/*keys*/); +hx509_certs +_hx509_certs_ref (hx509_certs /*certs*/); + int _hx509_check_key_usage ( hx509_context /*context*/, @@ -306,6 +314,14 @@ _hx509_pbe_decrypt ( const heim_octet_string */*econtent*/, heim_octet_string */*content*/); +int +_hx509_pbe_encrypt ( + hx509_context /*context*/, + hx509_lock /*lock*/, + const AlgorithmIdentifier */*ai*/, + const heim_octet_string */*content*/, + heim_octet_string */*econtent*/); + void _hx509_pi_printf ( int (*/*func*/)(void *, const char *), @@ -406,11 +422,35 @@ _hx509_request_add_email ( void _hx509_request_free (hx509_request */*req*/); +int +_hx509_request_get_SubjectPublicKeyInfo ( + hx509_context /*context*/, + hx509_request /*req*/, + SubjectPublicKeyInfo */*key*/); + +int +_hx509_request_get_name ( + hx509_context /*context*/, + hx509_request /*req*/, + hx509_name */*name*/); + int _hx509_request_init ( hx509_context /*context*/, hx509_request */*req*/); +int +_hx509_request_parse ( + hx509_context /*context*/, + const char */*path*/, + hx509_request */*req*/); + +int +_hx509_request_print ( + hx509_context /*context*/, + hx509_request /*req*/, + FILE */*f*/); + int _hx509_request_set_SubjectPublicKeyInfo ( hx509_context /*context*/, diff --git a/source4/heimdal/lib/hx509/hx509-protos.h b/source4/heimdal/lib/hx509/hx509-protos.h index ab312cdbdf..71fb29d59d 100644 --- a/source4/heimdal/lib/hx509/hx509-protos.h +++ b/source4/heimdal/lib/hx509/hx509-protos.h @@ -236,6 +236,13 @@ hx509_cert_init ( const Certificate */*c*/, hx509_cert */*cert*/); +int +hx509_cert_init_data ( + hx509_context /*context*/, + const void */*ptr*/, + size_t /*len*/, + hx509_cert */*cert*/); + int hx509_cert_keyusage_print ( hx509_context /*context*/, @@ -479,7 +486,7 @@ hx509_crypto_encrypt ( hx509_crypto /*crypto*/, const void */*data*/, const size_t /*length*/, - heim_octet_string */*ivec*/, + const heim_octet_string */*ivec*/, heim_octet_string **/*ciphertext*/); const heim_oid * @@ -507,6 +514,11 @@ hx509_crypto_init ( const char * hx509_crypto_provider (hx509_crypto /*crypto*/); +int +hx509_crypto_random_iv ( + hx509_crypto /*crypto*/, + heim_octet_string */*ivec*/); + int hx509_crypto_select ( const hx509_context /*context*/, @@ -740,6 +752,36 @@ hx509_peer_info_set_cms_algs ( const AlgorithmIdentifier */*val*/, size_t /*len*/); +int +hx509_pem_add_header ( + hx509_pem_header **/*headers*/, + const char */*header*/, + const char */*value*/); + +const char * +hx509_pem_find_header ( + const hx509_pem_header */*h*/, + const char */*header*/); + +void +hx509_pem_free_header (hx509_pem_header */*headers*/); + +int +hx509_pem_read ( + hx509_context /*context*/, + FILE */*f*/, + hx509_pem_read_func /*func*/, + void */*ctx*/); + +int +hx509_pem_write ( + hx509_context /*context*/, + const char */*type*/, + hx509_pem_header */*headers*/, + FILE */*f*/, + const void */*data*/, + size_t /*size*/); + void hx509_print_func ( hx509_vprint_func /*func*/, @@ -930,6 +972,11 @@ hx509_verify_attach_revoke ( hx509_verify_ctx /*ctx*/, hx509_revoke_ctx /*revoke_ctx*/); +void +hx509_verify_ctx_f_allow_default_trustanchors ( + hx509_verify_ctx /*ctx*/, + int /*boolean*/); + void hx509_verify_destroy_ctx (hx509_verify_ctx /*ctx*/); @@ -937,7 +984,8 @@ int hx509_verify_hostname ( hx509_context /*context*/, const hx509_cert /*cert*/, - int /*require_match*/, + int /*flags*/, + hx509_hostname_type /*type*/, const char */*hostname*/, const struct sockaddr */*sa*/, int /*sa_size*/); @@ -954,6 +1002,11 @@ hx509_verify_path ( hx509_cert /*cert*/, hx509_certs /*pool*/); +void +hx509_verify_set_max_depth ( + hx509_verify_ctx /*ctx*/, + unsigned int /*max_depth*/); + void hx509_verify_set_proxy_certificate ( hx509_verify_ctx /*ctx*/, diff --git a/source4/heimdal/lib/hx509/hx509.h b/source4/heimdal/lib/hx509/hx509.h index 664c12e045..2f22cedfbc 100644 --- a/source4/heimdal/lib/hx509/hx509.h +++ b/source4/heimdal/lib/hx509/hx509.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hx509.h 20798 2007-06-02 03:28:55Z lha $ */ +/* $Id: hx509.h 21310 2007-06-25 18:26:06Z lha $ */ typedef struct hx509_cert_attribute_data *hx509_cert_attribute; typedef struct hx509_cert_data *hx509_cert; @@ -84,6 +84,16 @@ typedef struct hx509_octet_string_list { heim_octet_string *val; } hx509_octet_string_list; +typedef struct hx509_pem_header { + struct hx509_pem_header *next; + char *header; + char *value; +} hx509_pem_header; + +typedef int +(*hx509_pem_read_func)(hx509_context, const char *, const hx509_pem_header *, + const void *, size_t, void *ctx); + /* * Options passed to hx509_query_match_option. */ @@ -122,5 +132,12 @@ typedef enum { /* flags hx509_cms_create_signed* */ #define HX509_CMS_SIGATURE_DETACHED 1 +#define HX509_CMS_SIGATURE_ID_NAME 2 + +/* hx509_verify_hostname nametype */ +typedef enum { + HX509_HN_HOSTNAME = 0, + HX509_HN_DNSSRV +} hx509_hostname_type; #include diff --git a/source4/heimdal/lib/hx509/hx_locl.h b/source4/heimdal/lib/hx509/hx_locl.h index bfbee0943e..145bfcc006 100644 --- a/source4/heimdal/lib/hx509/hx_locl.h +++ b/source4/heimdal/lib/hx509/hx_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hx_locl.h 20930 2007-06-06 00:23:42Z lha $ */ +/* $Id: hx_locl.h 21083 2007-06-13 02:11:19Z lha $ */ #ifdef HAVE_CONFIG_H #include @@ -194,6 +194,6 @@ extern const AlgorithmIdentifier * _hx509_crypto_default_secret_alg; * Configurable options */ -#if 0 /* fdef __APPLE__*/ -#define HX509_DEFAULT_ANCHORS "KEYCHAIN:system" +#ifdef __APPLE__ +#define HX509_DEFAULT_ANCHORS "KEYCHAIN:system-anchors" #endif diff --git a/source4/heimdal/lib/hx509/keyset.c b/source4/heimdal/lib/hx509/keyset.c index 475835b9b0..7da5705a80 100644 --- a/source4/heimdal/lib/hx509/keyset.c +++ b/source4/heimdal/lib/hx509/keyset.c @@ -32,9 +32,10 @@ */ #include "hx_locl.h" -RCSID("$Id: keyset.c 20911 2007-06-05 03:41:17Z lha $"); +RCSID("$Id: keyset.c 21140 2007-06-18 21:24:19Z lha $"); struct hx509_certs_data { + int ref; struct hx509_keyset_ops *ops; void *ops_data; }; @@ -99,18 +100,20 @@ hx509_certs_init(hx509_context context, } ops = _hx509_ks_type(context, type); - free(type); if (ops == NULL) { hx509_set_error_string(context, 0, ENOENT, "Keyset type %s is not supported", type); + free(type); return ENOENT; } + free(type); c = calloc(1, sizeof(*c)); if (c == NULL) { hx509_clear_error_string(context); return ENOMEM; } c->ops = ops; + c->ref = 1; ret = (*ops->init)(context, c, &c->ops_data, flags, residue, lock); if (ret) { @@ -140,10 +143,26 @@ hx509_certs_store(hx509_context context, } +hx509_certs +_hx509_certs_ref(hx509_certs certs) +{ + if (certs->ref <= 0) + _hx509_abort("certs refcount <= 0"); + certs->ref++; + if (certs->ref == 0) + _hx509_abort("certs refcount == 0"); + return certs; +} + void hx509_certs_free(hx509_certs *certs) { if (*certs) { + if ((*certs)->ref <= 0) + _hx509_abort("refcount <= 0"); + if (--(*certs)->ref > 0) + return; + (*(*certs)->ops->free)(*certs, (*certs)->ops_data); free(*certs); *certs = NULL; diff --git a/source4/heimdal/lib/hx509/ks_file.c b/source4/heimdal/lib/hx509/ks_file.c index f9a3580880..269afd03b1 100644 --- a/source4/heimdal/lib/hx509/ks_file.c +++ b/source4/heimdal/lib/hx509/ks_file.c @@ -32,68 +32,16 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_file.c 20776 2007-06-01 22:02:01Z lha $"); +RCSID("$Id: ks_file.c 21314 2007-06-25 18:45:07Z lha $"); + +typedef enum { USE_PEM, USE_DER } outformat; struct ks_file { hx509_certs certs; char *fn; + outformat format; }; -struct header { - char *header; - char *value; - struct header *next; -}; - -static int -add_headers(struct header **headers, const char *header, const char *value) -{ - struct header *h; - h = calloc(1, sizeof(*h)); - if (h == NULL) - return ENOMEM; - h->header = strdup(header); - if (h->header == NULL) { - free(h); - return ENOMEM; - } - h->value = strdup(value); - if (h->value == NULL) { - free(h->header); - free(h); - return ENOMEM; - } - - h->next = *headers; - *headers = h; - - return 0; -} - -static void -free_headers(struct header *headers) -{ - struct header *h; - while (headers) { - h = headers; - headers = headers->next; - free(h->header); - free(h->value); - free(h); - } -} - -static const char * -find_header(const struct header *headers, const char *header) -{ - while(headers) { - if (strcmp(header, headers->header) == 0) - return headers->value; - headers = headers->next; - } - return NULL; -} - /* * */ @@ -101,24 +49,13 @@ find_header(const struct header *headers, const char *header) static int parse_certificate(hx509_context context, const char *fn, struct hx509_collector *c, - const struct header *headers, + const hx509_pem_header *headers, const void *data, size_t len) { hx509_cert cert; - Certificate t; - size_t size; int ret; - ret = decode_Certificate(data, len, &t, &size); - if (ret) { - hx509_set_error_string(context, 0, ret, - "Failed to parse certificate in %s", - fn); - return ret; - } - - ret = hx509_cert_init(context, &t, &cert); - free_Certificate(&t); + ret = hx509_cert_init_data(context, data, len, &cert); if (ret) return ret; @@ -195,13 +132,13 @@ out: static int parse_rsa_private_key(hx509_context context, const char *fn, struct hx509_collector *c, - const struct header *headers, + const hx509_pem_header *headers, const void *data, size_t len) { int ret = 0; const char *enc; - enc = find_header(headers, "Proc-Type"); + enc = hx509_pem_find_header(headers, "Proc-Type"); if (enc) { const char *dek; char *type, *iv; @@ -229,7 +166,7 @@ parse_rsa_private_key(hx509_context context, const char *fn, return HX509_PARSING_KEY_FAILED; } - dek = find_header(headers, "DEK-Info"); + dek = hx509_pem_find_header(headers, "DEK-Info"); if (dek == NULL) { hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, "Encrypted RSA missing DEK-Info"); @@ -243,8 +180,14 @@ parse_rsa_private_key(hx509_context context, const char *fn, } iv = strchr(type, ','); - if (iv) - *iv++ = '\0'; + if (iv == NULL) { + free(type); + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "IV missing"); + return HX509_PARSING_KEY_FAILED; + } + + *iv++ = '\0'; size = strlen(iv); ivdata = malloc(size); @@ -339,7 +282,7 @@ parse_rsa_private_key(hx509_context context, const char *fn, struct pem_formats { const char *name; int (*func)(hx509_context, const char *, struct hx509_collector *, - const struct header *, const void *, size_t); + const hx509_pem_header *, const void *, size_t); } formats[] = { { "CERTIFICATE", parse_certificate }, { "RSA PRIVATE KEY", parse_rsa_private_key } @@ -347,152 +290,27 @@ struct pem_formats { static int -parse_pem_file(hx509_context context, - const char *fn, - struct hx509_collector *c, - int *found_data) +pem_func(hx509_context context, const char *type, + const hx509_pem_header *header, + const void *data, size_t len, void *ctx) { - struct header *headers = NULL; - char *type = NULL; - void *data = NULL; - size_t len = 0; - char buf[1024]; - int ret; - FILE *f; - - - enum { BEFORE, SEARCHHEADER, INHEADER, INDATA, DONE } where; - - where = BEFORE; - *found_data = 0; + struct hx509_collector *c = ctx; + int ret, j; - if ((f = fopen(fn, "r")) == NULL) { - hx509_set_error_string(context, 0, ENOENT, - "Failed to open PEM file \"%s\": %s", - fn, strerror(errno)); - return ENOENT; - } - ret = 0; - - while (fgets(buf, sizeof(buf), f) != NULL) { - char *p; - int i; - - i = strcspn(buf, "\n"); - if (buf[i] == '\n') { - buf[i] = '\0'; - if (i > 0) - i--; - } - if (buf[i] == '\r') { - buf[i] = '\0'; - if (i > 0) - i--; - } - - switch (where) { - case BEFORE: - if (strncmp("-----BEGIN ", buf, 11) == 0) { - type = strdup(buf + 11); - if (type == NULL) - break; - p = strchr(type, '-'); - if (p) - *p = '\0'; - *found_data = 1; - where = SEARCHHEADER; - } + for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) { + const char *q = formats[j].name; + if (strcasecmp(type, q) == 0) { + ret = (*formats[j].func)(context, NULL, c, header, data, len); break; - case SEARCHHEADER: - p = strchr(buf, ':'); - if (p == NULL) { - where = INDATA; - goto indata; - } - /* FALLTHOUGH */ - case INHEADER: - if (buf[0] == '\0') { - where = INDATA; - break; - } - p = strchr(buf, ':'); - if (p) { - *p++ = '\0'; - while (isspace((int)*p)) - p++; - add_headers(&headers, buf, p); - } - break; - case INDATA: - indata: - - if (strncmp("-----END ", buf, 9) == 0) { - where = DONE; - break; - } - - p = emalloc(i); - i = base64_decode(buf, p); - if (i < 0) { - free(p); - goto out; - } - - data = erealloc(data, len + i); - memcpy(((char *)data) + len, p, i); - free(p); - len += i; - break; - case DONE: - abort(); - } - - if (where == DONE) { - int j; - - for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) { - const char *q = formats[j].name; - if (strcasecmp(type, q) == 0) { - ret = (*formats[j].func)(context, fn, c, - headers, data, len); - break; - } - } - if (j == sizeof(formats)/sizeof(formats[0])) { - ret = HX509_UNSUPPORTED_OPERATION; - hx509_set_error_string(context, 0, ret, - "Found no matching PEM format for %s", - type); - } - out: - free(data); - data = NULL; - len = 0; - free(type); - type = NULL; - where = BEFORE; - free_headers(headers); - headers = NULL; - if (ret) - break; } } - - fclose(f); - - if (where != BEFORE) { - hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, - "File ends before end of PEM end tag"); - ret = HX509_PARSING_KEY_FAILED; + if (j == sizeof(formats)/sizeof(formats[0])) { + ret = HX509_UNSUPPORTED_OPERATION; + hx509_set_error_string(context, 0, ret, + "Found no matching PEM format for %s", type); + return ret; } - if (data) - free(data); - if (type) - free(type); - if (headers) - free_headers(headers); - - return ret; + return 0; } /* @@ -500,9 +318,9 @@ parse_pem_file(hx509_context context, */ static int -file_init(hx509_context context, - hx509_certs certs, void **data, int flags, - const char *residue, hx509_lock lock) +file_init_common(hx509_context context, + hx509_certs certs, void **data, int flags, + const char *residue, hx509_lock lock, outformat format) { char *p, *pnext; struct ks_file *f = NULL; @@ -520,6 +338,7 @@ file_init(hx509_context context, hx509_clear_error_string(context); return ENOMEM; } + f->format = format; f->fn = strdup(residue); if (f->fn == NULL) { @@ -547,17 +366,26 @@ file_init(hx509_context context, goto out; for (p = f->fn; p != NULL; p = pnext) { - int found_data; + FILE *f; pnext = strchr(p, ','); if (pnext) *pnext++ = '\0'; - ret = parse_pem_file(context, p, c, &found_data); - if (ret) + + if ((f = fopen(p, "r")) == NULL) { + ret = ENOENT; + hx509_set_error_string(context, 0, ret, + "Failed to open PEM file \"%s\": %s", + p, strerror(errno)); goto out; + } - if (!found_data) { + ret = hx509_pem_read(context, f, pem_func, c); + fclose(f); + if (ret != 0 && ret != HX509_PARSING_KEY_FAILED) + goto out; + else if (ret == HX509_PARSING_KEY_FAILED) { size_t length; void *ptr; int i; @@ -606,75 +434,40 @@ out: } static int -file_free(hx509_certs certs, void *data) +file_init_pem(hx509_context context, + hx509_certs certs, void **data, int flags, + const char *residue, hx509_lock lock) { - struct ks_file *f = data; - hx509_certs_free(&f->certs); - free(f->fn); - free(f); - return 0; + return file_init_common(context, certs, data, flags, residue, lock, USE_PEM); } -static void -pem_header(FILE *f, const char *type, const char *str) +static int +file_init_der(hx509_context context, + hx509_certs certs, void **data, int flags, + const char *residue, hx509_lock lock) { - fprintf(f, "-----%s %s-----\n", type, str); + return file_init_common(context, certs, data, flags, residue, lock, USE_DER); } static int -dump_pem_file(hx509_context context, const char *header, - FILE *f, const void *data, size_t size) +file_free(hx509_certs certs, void *data) { - const char *p = data; - size_t length; - char *line; - -#define ENCODE_LINE_LENGTH 54 - - pem_header(f, "BEGIN", header); - - while (size > 0) { - ssize_t l; - - length = size; - if (length > ENCODE_LINE_LENGTH) - length = ENCODE_LINE_LENGTH; - - l = base64_encode(p, length, &line); - if (l < 0) { - hx509_set_error_string(context, 0, ENOMEM, - "malloc - out of memory"); - return ENOMEM; - } - size -= length; - fprintf(f, "%s\n", line); - p += length; - free(line); - } - - pem_header(f, "END", header); - + struct ks_file *f = data; + hx509_certs_free(&f->certs); + free(f->fn); + free(f); return 0; } -static int -store_private_key(hx509_context context, FILE *f, hx509_private_key key) -{ - heim_octet_string data; - int ret; - - ret = _hx509_private_key_export(context, key, &data); - if (ret == 0) - dump_pem_file(context, _hx509_private_pem_name(key), f, - data.data, data.length); - free(data.data); - return ret; -} +struct store_ctx { + FILE *f; + outformat format; +}; static int store_func(hx509_context context, void *ctx, hx509_cert c) { - FILE *f = (FILE *)ctx; + struct store_ctx *sc = ctx; heim_octet_string data; int ret; @@ -682,11 +475,26 @@ store_func(hx509_context context, void *ctx, hx509_cert c) if (ret) return ret; - dump_pem_file(context, "CERTIFICATE", f, data.data, data.length); - free(data.data); - - if (_hx509_cert_private_key_exportable(c)) - store_private_key(context, f, _hx509_cert_private_key(c)); + switch (sc->format) { + case USE_DER: + fwrite(data.data, data.length, 1, sc->f); + free(data.data); + break; + case USE_PEM: + hx509_pem_write(context, "CERTIFICATE", NULL, sc->f, + data.data, data.length); + free(data.data); + if (_hx509_cert_private_key_exportable(c)) { + hx509_private_key key = _hx509_cert_private_key(c); + ret = _hx509_private_key_export(context, key, &data); + if (ret) + break; + hx509_pem_write(context, _hx509_private_pem_name(key), NULL, sc->f, + data.data, data.length); + free(data.data); + } + break; + } return 0; } @@ -696,18 +504,19 @@ file_store(hx509_context context, hx509_certs certs, void *data, int flags, hx509_lock lock) { struct ks_file *f = data; - FILE *fh; + struct store_ctx sc; int ret; - fh = fopen(f->fn, "w"); - if (fh == NULL) { + sc.f = fopen(f->fn, "w"); + if (sc.f == NULL) { hx509_set_error_string(context, 0, ENOENT, "Failed to open file %s for writing"); return ENOENT; } + sc.format = f->format; - ret = hx509_certs_iter(context, f->certs, store_func, fh); - fclose(fh); + ret = hx509_certs_iter(context, f->certs, store_func, &sc); + fclose(sc.f); return ret; } @@ -767,7 +576,7 @@ file_addkey(hx509_context context, static struct hx509_keyset_ops keyset_file = { "FILE", 0, - file_init, + file_init_pem, file_store, file_free, file_add, @@ -780,8 +589,43 @@ static struct hx509_keyset_ops keyset_file = { file_addkey }; +static struct hx509_keyset_ops keyset_pemfile = { + "PEM-FILE", + 0, + file_init_pem, + file_store, + file_free, + file_add, + NULL, + file_iter_start, + file_iter, + file_iter_end, + NULL, + file_getkeys, + file_addkey +}; + +static struct hx509_keyset_ops keyset_derfile = { + "DER-FILE", + 0, + file_init_der, + file_store, + file_free, + file_add, + NULL, + file_iter_start, + file_iter, + file_iter_end, + NULL, + file_getkeys, + file_addkey +}; + + void _hx509_ks_file_register(hx509_context context) { _hx509_ks_register(context, &keyset_file); + _hx509_ks_register(context, &keyset_pemfile); + _hx509_ks_register(context, &keyset_derfile); } diff --git a/source4/heimdal/lib/hx509/ks_keychain.c b/source4/heimdal/lib/hx509/ks_keychain.c index 2f0f72cd14..33c4d6774b 100644 --- a/source4/heimdal/lib/hx509/ks_keychain.c +++ b/source4/heimdal/lib/hx509/ks_keychain.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_keychain.c 20945 2007-06-06 22:17:17Z lha $"); +RCSID("$Id: ks_keychain.c 21097 2007-06-16 07:00:49Z lha $"); #ifdef HAVE_FRAMEWORK_SECURITY @@ -254,6 +254,7 @@ set_private_key(hx509_context context, */ struct ks_keychain { + int anchors; SecKeychainRef keychain; }; @@ -263,7 +264,6 @@ keychain_init(hx509_context context, const char *residue, hx509_lock lock) { struct ks_keychain *ctx; - OSStatus ret; ctx = calloc(1, sizeof(*ctx)); if (ctx == NULL) { @@ -272,13 +272,20 @@ keychain_init(hx509_context context, } if (residue) { - if (strcasecmp(residue, "system") == 0) - residue = "/System/Library/Keychains/X509Anchors"; - - ret = SecKeychainOpen(residue, &ctx->keychain); - if (ret != noErr) { + if (strcasecmp(residue, "system-anchors") == 0) { + ctx->anchors = 1; + } else if (strncasecmp(residue, "FILE:", 5) == 0) { + OSStatus ret; + + ret = SecKeychainOpen(residue + 5, &ctx->keychain); + if (ret != noErr) { + hx509_set_error_string(context, 0, ENOENT, + "Failed to open %s", residue); + return ENOENT; + } + } else { hx509_set_error_string(context, 0, ENOENT, - "Failed to open %s", residue); + "Unknown subtype %s", residue); return ENOENT; } } @@ -307,6 +314,8 @@ keychain_free(hx509_certs certs, void *data) */ struct iter { + hx509_certs certs; + void *cursor; SecKeychainSearchRef searchRef; }; @@ -316,7 +325,6 @@ keychain_iter_start(hx509_context context, { struct ks_keychain *ctx = data; struct iter *iter; - OSStatus ret; iter = calloc(1, sizeof(*iter)); if (iter == NULL) { @@ -324,15 +332,66 @@ keychain_iter_start(hx509_context context, return ENOMEM; } - ret = SecKeychainSearchCreateFromAttributes(ctx->keychain, - kSecCertificateItemClass, - NULL, - &iter->searchRef); - if (ret) { - free(iter); - hx509_set_error_string(context, 0, ret, - "Failed to start search for attributes"); - return ENOMEM; + if (ctx->anchors) { + CFArrayRef anchors; + int ret; + int i; + + ret = hx509_certs_init(context, "MEMORY:ks-file-create", + 0, NULL, &iter->certs); + if (ret) { + free(iter); + return ret; + } + + ret = SecTrustCopyAnchorCertificates(&anchors); + if (ret != 0) { + hx509_certs_free(&iter->certs); + free(iter); + hx509_set_error_string(context, 0, ENOMEM, + "Can't get trust anchors from Keychain"); + return ENOMEM; + } + for (i = 0; i < CFArrayGetCount(anchors); i++) { + SecCertificateRef cr; + hx509_cert cert; + CSSM_DATA cssm; + + cr = (SecCertificateRef)CFArrayGetValueAtIndex(anchors, i); + + SecCertificateGetData(cr, &cssm); + + ret = hx509_cert_init_data(context, cssm.Data, cssm.Length, &cert); + if (ret) + continue; + + ret = hx509_certs_add(context, iter->certs, cert); + hx509_cert_free(cert); + } + CFRelease(anchors); + } + + if (iter->certs) { + int ret; + ret = hx509_certs_start_seq(context, iter->certs, &iter->cursor); + if (ret) { + hx509_certs_free(&iter->certs); + free(iter); + return ret; + } + } else { + OSStatus ret; + + ret = SecKeychainSearchCreateFromAttributes(ctx->keychain, + kSecCertificateItemClass, + NULL, + &iter->searchRef); + if (ret) { + free(iter); + hx509_set_error_string(context, 0, ret, + "Failed to start search for attributes"); + return ENOMEM; + } } *cursor = iter; @@ -349,15 +408,16 @@ keychain_iter(hx509_context context, { SecKeychainAttributeList *attrs = NULL; SecKeychainAttributeInfo attrInfo; - uint32 attrFormat = 0; + uint32 attrFormat[1] = { 0 }; SecKeychainItemRef itemRef; - SecItemAttr item; + SecItemAttr item[1]; struct iter *iter = cursor; - Certificate t; OSStatus ret; UInt32 len; void *ptr = NULL; - size_t size; + + if (iter->certs) + return hx509_certs_next_cert(context, iter->certs, iter->cursor, cert); *cert = NULL; @@ -371,26 +431,18 @@ keychain_iter(hx509_context context, * Pick out certificate and matching "keyid" */ - item = kSecPublicKeyHashItemAttr; + item[0] = kSecPublicKeyHashItemAttr; attrInfo.count = 1; - attrInfo.tag = &item; - attrInfo.format = &attrFormat; + attrInfo.tag = item; + attrInfo.format = attrFormat; ret = SecKeychainItemCopyAttributesAndData(itemRef, &attrInfo, NULL, &attrs, &len, &ptr); if (ret) return EINVAL; - - ret = decode_Certificate(ptr, len, &t, &size); - CFRelease(itemRef); - if (ret) { - hx509_set_error_string(context, 0, ret, "Failed to parse certificate"); - goto out; - } - ret = hx509_cert_init(context, &t, cert); - free_Certificate(&t); + ret = hx509_cert_init_data(context, ptr, len, cert); if (ret) goto out; @@ -449,7 +501,14 @@ keychain_iter_end(hx509_context context, { struct iter *iter = cursor; - CFRelease(iter->searchRef); + if (iter->certs) { + int ret; + ret = hx509_certs_end_seq(context, iter->certs, iter->cursor); + hx509_certs_free(&iter->certs); + } else { + CFRelease(iter->searchRef); + } + memset(iter, 0, sizeof(*iter)); free(iter); return 0; diff --git a/source4/heimdal/lib/hx509/ks_p11.c b/source4/heimdal/lib/hx509/ks_p11.c index 90c716213f..b899005b33 100644 --- a/source4/heimdal/lib/hx509/ks_p11.c +++ b/source4/heimdal/lib/hx509/ks_p11.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_p11.c 20920 2007-06-05 05:47:06Z lha $"); +RCSID("$Id: ks_p11.c 21085 2007-06-13 06:39:53Z lha $"); #ifdef HAVE_DLFCN_H #include #endif @@ -682,7 +682,6 @@ collect_cert(hx509_context context, { struct hx509_collector *collector = ptr; hx509_cert cert; - Certificate t; int ret; if ((CK_LONG)query[0].ulValueLen == -1 || @@ -691,16 +690,8 @@ collect_cert(hx509_context context, return 0; } - - ret = decode_Certificate(query[1].pValue, query[1].ulValueLen, - &t, NULL); - if (ret) { - hx509_clear_error_string(context); - return 0; - } - - ret = hx509_cert_init(context, &t, &cert); - free_Certificate(&t); + ret = hx509_cert_init_data(context, query[1].pValue, + query[1].ulValueLen, &cert); if (ret) return ret; diff --git a/source4/heimdal/lib/hx509/ks_p12.c b/source4/heimdal/lib/hx509/ks_p12.c index 5fddbd07de..12756e6c07 100644 --- a/source4/heimdal/lib/hx509/ks_p12.c +++ b/source4/heimdal/lib/hx509/ks_p12.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_p12.c 20909 2007-06-05 03:09:13Z lha $"); +RCSID("$Id: ks_p12.c 21146 2007-06-18 21:37:25Z lha $"); struct ks_pkcs12 { hx509_certs certs; @@ -90,7 +90,7 @@ keyBag_parser(hx509_context context, &ki.privateKeyAlgorithm, NULL, &ki.privateKey, - &attr->attrValues); + os); free_PKCS8PrivateKeyInfo(&ki); return 0; } @@ -132,7 +132,6 @@ certBag_parser(hx509_context context, const PKCS12_Attributes *attrs) { heim_octet_string os; - Certificate t; hx509_cert cert; PKCS12_CertBag cb; int ret; @@ -154,16 +153,11 @@ certBag_parser(hx509_context context, if (ret) return ret; - ret = decode_Certificate(os.data, os.length, &t, NULL); + ret = hx509_cert_init_data(context, os.data, os.length, &cert); der_free_octet_string(&os); if (ret) return ret; - ret = hx509_cert_init(context, &t, &cert); - free_Certificate(&t); - if (ret) - return ret; - ret = _hx509_collector_certs_add(context, c, cert); if (ret) { hx509_cert_free(cert); @@ -437,7 +431,9 @@ p12_init(hx509_context context, out: _hx509_collector_free(c); - if (ret) { + if (ret && p12) { + if (p12->fn) + free(p12->fn); if (p12->certs) hx509_certs_free(&p12->certs); free(p12); diff --git a/source4/heimdal/lib/hx509/req.c b/source4/heimdal/lib/hx509/req.c index 34e3a4ea27..d7a85e1cec 100644 --- a/source4/heimdal/lib/hx509/req.c +++ b/source4/heimdal/lib/hx509/req.c @@ -33,7 +33,7 @@ #include "hx_locl.h" #include -RCSID("$Id: req.c 20934 2007-06-06 15:30:02Z lha $"); +RCSID("$Id: req.c 21344 2007-06-26 14:22:34Z lha $"); struct hx509_request_data { hx509_name name; @@ -84,6 +84,18 @@ _hx509_request_set_name(hx509_context context, return 0; } +int +_hx509_request_get_name(hx509_context context, + hx509_request req, + hx509_name *name) +{ + if (req->name == NULL) { + hx509_set_error_string(context, 0, EINVAL, "Request have no name"); + return EINVAL; + } + return hx509_name_copy(context, req->name, name); +} + int _hx509_request_set_SubjectPublicKeyInfo(hx509_context context, hx509_request req, @@ -93,6 +105,14 @@ _hx509_request_set_SubjectPublicKeyInfo(hx509_context context, return copy_SubjectPublicKeyInfo(key, &req->key); } +int +_hx509_request_get_SubjectPublicKeyInfo(hx509_context context, + hx509_request req, + SubjectPublicKeyInfo *key) +{ + return copy_SubjectPublicKeyInfo(&req->key, key); +} + int _hx509_request_add_eku(hx509_context context, hx509_request req, @@ -215,3 +235,91 @@ out: return ret; } + +int +_hx509_request_parse(hx509_context context, + const char *path, + hx509_request *req) +{ + CertificationRequest r; + CertificationRequestInfo *rinfo; + hx509_name subject; + size_t len, size; + void *p; + int ret; + + if (strncmp(path, "PKCS10:", 7) != 0) { + hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION, + "unsupport type in %s", path); + return HX509_UNSUPPORTED_OPERATION; + } + path += 7; + + /* XXX PEM request */ + + ret = _hx509_map_file(path, &p, &len, NULL); + if (ret) { + hx509_set_error_string(context, 0, ret, "Failed to map file %s", path); + return ret; + } + + ret = decode_CertificationRequest(p, len, &r, &size); + _hx509_unmap_file(p, len); + if (ret) { + hx509_set_error_string(context, 0, ret, "Failed to decode %s", path); + return ret; + } + + ret = _hx509_request_init(context, req); + if (ret) { + free_CertificationRequest(&r); + return ret; + } + + rinfo = &r.certificationRequestInfo; + + ret = _hx509_request_set_SubjectPublicKeyInfo(context, *req, + &rinfo->subjectPKInfo); + if (ret) { + free_CertificationRequest(&r); + _hx509_request_free(req); + return ret; + } + + ret = _hx509_name_from_Name(&rinfo->subject, &subject); + if (ret) { + free_CertificationRequest(&r); + _hx509_request_free(req); + return ret; + } + ret = _hx509_request_set_name(context, *req, subject); + hx509_name_free(&subject); + free_CertificationRequest(&r); + if (ret) { + _hx509_request_free(req); + return ret; + } + + return 0; +} + + +int +_hx509_request_print(hx509_context context, hx509_request req, FILE *f) +{ + int ret; + + if (req->name) { + char *subject; + ret = hx509_name_to_string(req->name, &subject); + if (ret) { + hx509_set_error_string(context, 0, ret, "Failed to print name"); + return ret; + } + fprintf(f, "name: %s\n", subject); + free(subject); + } + + return 0; +} + diff --git a/source4/heimdal/lib/hx509/revoke.c b/source4/heimdal/lib/hx509/revoke.c index 0d477945c8..ddcb17ee38 100644 --- a/source4/heimdal/lib/hx509/revoke.c +++ b/source4/heimdal/lib/hx509/revoke.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: revoke.c 20871 2007-06-03 21:22:51Z lha $"); +RCSID("$Id: revoke.c 21153 2007-06-18 21:55:46Z lha $"); struct revoke_crl { char *path; @@ -572,10 +572,10 @@ hx509_revoke_verify(hx509_context context, continue; } - for (i = 0; i < ocsp->ocsp.tbsResponseData.responses.len; i++) { + for (j = 0; j < ocsp->ocsp.tbsResponseData.responses.len; j++) { heim_octet_string os; - ret = der_heim_integer_cmp(&ocsp->ocsp.tbsResponseData.responses.val[i].certID.serialNumber, + ret = der_heim_integer_cmp(&ocsp->ocsp.tbsResponseData.responses.val[j].certID.serialNumber, &c->tbsCertificate.serialNumber); if (ret != 0) continue; @@ -594,13 +594,13 @@ hx509_revoke_verify(hx509_context context, ret = _hx509_verify_signature(context, NULL, - &ocsp->ocsp.tbsResponseData.responses.val[i].certID.hashAlgorithm, + &ocsp->ocsp.tbsResponseData.responses.val[j].certID.hashAlgorithm, &os, - &ocsp->ocsp.tbsResponseData.responses.val[i].certID.issuerKeyHash); + &ocsp->ocsp.tbsResponseData.responses.val[j].certID.issuerKeyHash); if (ret != 0) continue; - switch (ocsp->ocsp.tbsResponseData.responses.val[i].certStatus.element) { + switch (ocsp->ocsp.tbsResponseData.responses.val[j].certStatus.element) { case choice_OCSPCertStatus_good: break; case choice_OCSPCertStatus_revoked: @@ -609,13 +609,13 @@ hx509_revoke_verify(hx509_context context, } /* don't allow the update to be in the future */ - if (ocsp->ocsp.tbsResponseData.responses.val[i].thisUpdate > + if (ocsp->ocsp.tbsResponseData.responses.val[j].thisUpdate > now + context->ocsp_time_diff) continue; /* don't allow the next updte to be in the past */ - if (ocsp->ocsp.tbsResponseData.responses.val[i].nextUpdate) { - if (*ocsp->ocsp.tbsResponseData.responses.val[i].nextUpdate < now) + if (ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate) { + if (*ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate < now) continue; } else /* Should force a refetch, but can we ? */; @@ -1077,6 +1077,7 @@ hx509_crl_alloc(hx509_context context, hx509_crl *crl) if (ret) { free(*crl); *crl = NULL; + return ret; } (*crl)->expire = 0; return ret; diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 93f3e44ba1..12f75d0bcd 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c 20981 2007-06-07 20:05:50Z lha $"); +RCSID("$Id: crypto.c 21130 2007-06-18 20:45:21Z lha $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -3162,8 +3162,9 @@ decrypt_internal_derived(krb5_context context, unsigned long l; checksum_sz = CHECKSUMSIZE(et->keyed_checksum); - if (len < checksum_sz) { - krb5_set_error_string(context, "Encrypted data shorter then checksum"); + if (len < checksum_sz + et->confoundersize) { + krb5_set_error_string(context, "Encrypted data shorter then " + "checksum + confunder"); return KRB5_BAD_MSIZE; } diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index 761224b82c..8a0af23e40 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_cred.c 21004 2007-06-08 01:53:10Z lha $"); +RCSID("$Id: get_cred.c 21327 2007-06-26 10:54:15Z lha $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -411,7 +411,6 @@ get_cred_kdc_usage(krb5_context context, krb5_keyblock *subkey = NULL; size_t len; Ticket second_ticket_data; - int send_to_kdc_flags = 0; METHOD_DATA padata; krb5_data_zero(&resp); @@ -511,11 +510,18 @@ get_cred_kdc_usage(krb5_context context, /* * Send and receive */ -again: - ret = krb5_sendto_kdc_flags (context, &enc, - &krbtgt->server->name.name_string.val[1], - &resp, - send_to_kdc_flags); + { + krb5_sendto_ctx stctx; + ret = krb5_sendto_ctx_alloc(context, &stctx); + if (ret) + return ret; + krb5_sendto_ctx_set_func(stctx, _krb5_kdc_retry, NULL); + + ret = krb5_sendto_context (context, stctx, &enc, + krbtgt->server->name.name_string.val[1], + &resp); + krb5_sendto_ctx_free(context, stctx); + } if(ret) goto out; @@ -550,12 +556,6 @@ again: } else if(krb5_rd_error(context, &resp, &error) == 0) { ret = krb5_error_from_rd_error(context, &error, in_creds); krb5_free_error_contents(context, &error); - - if (ret == KRB5KRB_ERR_RESPONSE_TOO_BIG && !(send_to_kdc_flags & KRB5_KRBHST_FLAGS_LARGE_MSG)) { - send_to_kdc_flags |= KRB5_KRBHST_FLAGS_LARGE_MSG; - krb5_data_free(&resp); - goto again; - } } else if(resp.data && ((char*)resp.data)[0] == 4) { ret = KRB5KRB_AP_ERR_V4_REPLY; krb5_clear_error_string(context); @@ -1191,6 +1191,10 @@ krb5_get_creds(krb5_context context, flags.b.forwardable = 1; if (options & KRB5_GC_NO_TRANSIT_CHECK) flags.b.disable_transited_check = 1; + if (options & KRB5_GC_CONSTRAINED_DELEGATION) { + flags.b.request_anonymous = 1; /* XXX ARGH confusion */ + flags.b.constrained_delegation = 1; + } tgts = NULL; ret = get_cred_from_kdc_flags(context, flags, ccache, @@ -1206,3 +1210,62 @@ krb5_get_creds(krb5_context context, krb5_cc_store_cred(context, ccache, *out_creds); return ret; } + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_renewed_creds(krb5_context context, + krb5_creds *creds, + krb5_const_principal client, + krb5_ccache ccache, + const char *in_tkt_service) +{ + krb5_error_code ret; + krb5_kdc_flags flags; + krb5_creds in, *template; + + memset(&in, 0, sizeof(in)); + + ret = krb5_copy_principal(context, client, &in.client); + if (ret) + return ret; + + if (in_tkt_service) { + ret = krb5_parse_name(context, in_tkt_service, &in.server); + if (ret) { + krb5_free_principal(context, in.client); + return ret; + } + } else { + const char *realm = krb5_principal_get_realm(context, client); + + ret = krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME, + realm, NULL); + if (ret) { + krb5_free_principal(context, in.client); + return ret; + } + } + + flags.i = 0; + flags.b.renewable = flags.b.renew = 1; + + /* + * Get template from old credential cache for the same entry, if + * this failes, no worries. + */ + ret = krb5_get_credentials(context, KRB5_GC_CACHED, ccache, &in, &template); + if (ret == 0) { + flags.b.forwardable = template->flags.b.forwardable; + flags.b.proxiable = template->flags.b.proxiable; + krb5_free_creds (context, template); + } + + ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &in, &creds); + krb5_free_principal(context, in.client); + krb5_free_principal(context, in.server); + + return ret; +} diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index a58435a9ea..1676da3bd6 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c 20262 2007-02-18 00:33:01Z lha $"); +RCSID("$Id: init_creds_pw.c 21061 2007-06-12 17:56:30Z lha $"); typedef struct krb5_get_init_creds_ctx { KDCOptions flags; @@ -1221,8 +1221,8 @@ init_cred_loop(krb5_context context, krb5_data resp; size_t len; size_t size; - int send_to_kdc_flags = 0; krb5_krbhst_info *hi = NULL; + krb5_sendto_ctx stctx = NULL; memset(&md, 0, sizeof(md)); @@ -1238,6 +1238,11 @@ init_cred_loop(krb5_context context, if (ret) return ret; + ret = krb5_sendto_ctx_alloc(context, &stctx); + if (ret) + goto out; + krb5_sendto_ctx_set_func(stctx, _krb5_kdc_retry, NULL); + /* Set a new nonce. */ krb5_generate_random_block (&ctx->nonce, sizeof(ctx->nonce)); ctx->nonce &= 0xffffffff; @@ -1281,10 +1286,9 @@ init_cred_loop(krb5_context context, if(len != ctx->req_buffer.length) krb5_abortx(context, "internal error in ASN.1 encoder"); - ret = krb5_sendto_kdc_flags (context, &ctx->req_buffer, - &creds->client->realm, &resp, - send_to_kdc_flags); - if (ret) + ret = krb5_sendto_context (context, stctx, &ctx->req_buffer, + creds->client->realm, &resp); + if (ret) goto out; memset (&rep, 0, sizeof(rep)); @@ -1329,16 +1333,6 @@ init_cred_loop(krb5_context context, krb5_free_error_contents(context, &error); if (ret) goto out; - } else if (ret == KRB5KRB_ERR_RESPONSE_TOO_BIG) { - if (send_to_kdc_flags & KRB5_KRBHST_FLAGS_LARGE_MSG) { - if (ret_as_reply) - rep.error = error; - else - krb5_free_error_contents(context, &error); - goto out; - } - krb5_free_error_contents(context, &error); - send_to_kdc_flags |= KRB5_KRBHST_FLAGS_LARGE_MSG; } else { _krb5_get_init_creds_opt_set_krb5_error(context, init_cred_opts, @@ -1437,6 +1431,8 @@ init_cred_loop(krb5_context context, } } out: + if (stctx) + krb5_sendto_ctx_free(context, stctx); krb5_data_free(&ctx->req_buffer); free_METHOD_DATA(&md); memset(&md, 0, sizeof(md)); diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index be718f6714..a551c42ecd 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -149,6 +149,14 @@ _krb5_kcm_noop ( krb5_context /*context*/, krb5_ccache /*id*/); +krb5_error_code +_krb5_kdc_retry ( + krb5_context /*context*/, + krb5_sendto_ctx /*ctx*/, + void */*data*/, + const krb5_data */*reply*/, + int */*action*/); + krb5_error_code KRB5_LIB_FUNCTION _krb5_krb_cr_err_reply ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index e852bffeb1..058496434e 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -2243,6 +2243,14 @@ krb5_get_pw_salt ( krb5_const_principal /*principal*/, krb5_salt */*salt*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_renewed_creds ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_const_principal /*client*/, + krb5_ccache /*ccache*/, + const char */*in_tkt_service*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_get_server_rcache ( krb5_context /*context*/, @@ -2868,6 +2876,12 @@ krb5_parse_name_flags ( int /*flags*/, krb5_principal */*principal*/); +krb5_error_code +krb5_parse_nametype ( + krb5_context /*context*/, + const char */*str*/, + int32_t */*nametype*/); + const char* KRB5_LIB_FUNCTION krb5_passwd_result_to_string ( krb5_context /*context*/, @@ -3071,7 +3085,7 @@ krb5_rd_cred2 ( krb5_error_code KRB5_LIB_FUNCTION krb5_rd_error ( krb5_context /*context*/, - krb5_data */*msg*/, + const krb5_data */*msg*/, KRB_ERROR */*result*/); krb5_error_code KRB5_LIB_FUNCTION @@ -3346,6 +3360,43 @@ krb5_sendto ( krb5_krbhst_handle /*handle*/, krb5_data */*receive*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_sendto_context ( + krb5_context /*context*/, + krb5_sendto_ctx /*ctx*/, + const krb5_data */*send_data*/, + const krb5_realm /*realm*/, + krb5_data */*receive*/); + +void KRB5_LIB_FUNCTION +krb5_sendto_ctx_add_flags ( + krb5_sendto_ctx /*ctx*/, + int /*flags*/); + +krb5_error_code KRB5_LIB_FUNCTION +krb5_sendto_ctx_alloc ( + krb5_context /*context*/, + krb5_sendto_ctx */*ctx*/); + +void KRB5_LIB_FUNCTION +krb5_sendto_ctx_free ( + krb5_context /*context*/, + krb5_sendto_ctx /*ctx*/); + +int KRB5_LIB_FUNCTION +krb5_sendto_ctx_get_flags (krb5_sendto_ctx /*ctx*/); + +void KRB5_LIB_FUNCTION +krb5_sendto_ctx_set_func ( + krb5_sendto_ctx /*ctx*/, + krb5_sendto_ctx_func /*func*/, + void */*data*/); + +void KRB5_LIB_FUNCTION +krb5_sendto_ctx_set_type ( + krb5_sendto_ctx /*ctx*/, + int /*type*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_sendto_kdc ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index eefda81ca9..345fe70764 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h 20245 2007-02-17 00:09:57Z lha $ */ +/* $Id: krb5.h 21252 2007-06-21 04:18:28Z lha $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -361,6 +361,7 @@ typedef union { #define KRB5_GC_NO_STORE (1U << 3) #define KRB5_GC_FORWARDABLE (1U << 4) #define KRB5_GC_NO_TRANSIT_CHECK (1U << 5) +#define KRB5_GC_CONSTRAINED_DELEGATION (1U << 6) /* constants for compare_creds (and cc_retrieve_cred) */ #define KRB5_TC_DONT_MATCH_REALM (1U << 31) @@ -753,9 +754,18 @@ enum { /* flags for krb5_unparse_name_flags */ enum { KRB5_PRINCIPAL_UNPARSE_SHORT = 1, - KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2 + KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2, + KRB5_PRINCIPAL_UNPARSE_DISPLAY = 4 }; +typedef struct krb5_sendto_ctx *krb5_sendto_ctx; + +#define KRB5_SENDTO_DONE 0 +#define KRB5_SENDTO_RESTART 1 +#define KRB5_SENDTO_CONTINUE 2 + +typedef krb5_error_code (*krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, const krb5_data *, int *); + struct credentials; /* this is to keep the compiler happy */ struct getargs; struct sockaddr; diff --git a/source4/heimdal/lib/krb5/krb5_err.et b/source4/heimdal/lib/krb5/krb5_err.et index 785c258ee0..6714401e45 100644 --- a/source4/heimdal/lib/krb5/krb5_err.et +++ b/source4/heimdal/lib/krb5/krb5_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: krb5_err.et 20760 2007-06-01 03:24:49Z lha $" +id "$Id: krb5_err.et 21050 2007-06-12 02:00:40Z lha $" error_table krb5 @@ -35,8 +35,10 @@ error_code KEY_EXPIRED, "Password has expired" error_code PREAUTH_FAILED, "Preauthentication failed" error_code PREAUTH_REQUIRED, "Additional pre-authentication required" error_code SERVER_NOMATCH, "Requested server and ticket don't match" +error_code KDC_ERR_MUST_USE_USER2USER, "Server principal valid for user2user only" +error_code PATH_NOT_ACCEPTED, "KDC Policy rejects transited path" +error_code SVC_UNAVAILABLE, "A service is not available" -# 27-30 are reserved index 31 prefix KRB5KRB_AP error_code ERR_BAD_INTEGRITY, "Decrypt integrity check failed" @@ -108,7 +110,7 @@ error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not suppo index 128 prefix -error_code KRB5_ERR_RCSID, "$Id: krb5_err.et 20760 2007-06-01 03:24:49Z lha $" +error_code KRB5_ERR_RCSID, "$Id: krb5_err.et 21050 2007-06-12 02:00:40Z lha $" error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode" error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password" diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c index 51bf934bfd..69b52dd808 100644 --- a/source4/heimdal/lib/krb5/krbhst.c +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -35,7 +35,7 @@ #include #include "locate_plugin.h" -RCSID("$Id: krbhst.c 19198 2006-11-30 17:23:08Z lha $"); +RCSID("$Id: krbhst.c 21131 2007-06-18 20:48:09Z lha $"); static int string_to_proto(const char *string) @@ -501,10 +501,8 @@ add_locate(void *ctx, int type, struct sockaddr *addr) hostlen = strlen(host); hi = calloc(1, sizeof(*hi) + hostlen); - if(hi == NULL) { - free(host); + if(hi == NULL) return ENOMEM; - } hi->proto = krbhst_get_default_proto(kd); hi->port = hi->def_port = socket_get_port(addr); diff --git a/source4/heimdal/lib/krb5/misc.c b/source4/heimdal/lib/krb5/misc.c index 0d410b57d2..8050bdb9b4 100644 --- a/source4/heimdal/lib/krb5/misc.c +++ b/source4/heimdal/lib/krb5/misc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: misc.c 17616 2006-06-06 14:57:47Z lha $"); +RCSID("$Id: misc.c 21174 2007-06-19 10:10:58Z lha $"); krb5_error_code KRB5_LIB_FUNCTION _krb5_s4u2self_to_checksumdata(krb5_context context, @@ -51,6 +51,7 @@ _krb5_s4u2self_to_checksumdata(krb5_context context, krb5_clear_error_string(context); return ENOMEM; } + krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); ret = krb5_store_int32(sp, self->name.name_type); if (ret) goto out; diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c index 55d4f5ff56..f7a5e83ea3 100644 --- a/source4/heimdal/lib/krb5/pac.c +++ b/source4/heimdal/lib/krb5/pac.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pac.c 20845 2007-06-03 14:31:16Z lha $"); +RCSID("$Id: pac.c 21149 2007-06-18 21:50:22Z lha $"); struct PAC_INFO_BUFFER { uint32_t type; @@ -409,6 +409,8 @@ verify_checksum(krb5_context context, krb5_error_code ret; Checksum cksum; + memset(&cksum, 0, sizeof(cksum)); + sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo, sig->buffersize); if (sp == NULL) { diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index dd82842084..105cab554d 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c 21004 2007-06-08 01:53:10Z lha $"); +RCSID("$Id: pkinit.c 21321 2007-06-26 05:21:56Z lha $"); struct krb5_dh_moduli { char *name; @@ -554,18 +554,13 @@ pk_mk_padata(krb5_context context, if (ret) goto out; - ret = _krb5_pk_mk_ContentInfo(context, &sd_buf, oid_id_pkcs7_signedData(), - &content_info); + ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &sd_buf, &buf); krb5_data_free(&sd_buf); - if (ret) - goto out; - - ASN1_MALLOC_ENCODE(ContentInfo, buf.data, buf.length, - &content_info, &size, ret); - if (ret) + if (ret) { + krb5_set_error_string(context, + "ContentInfo wrapping of signedData failed"); goto out; - if (buf.length != size) - krb5_abortx(context, "Internal ASN1 encoder error"); + } if (ctx->type == COMPAT_WIN2K) { PA_PK_AS_REQ_Win2k winreq; @@ -794,6 +789,7 @@ get_reply_key_win(krb5_context context, if (ret) { krb5_set_error_string(context, "PKINIT failed copying reply key"); free(*key); + *key = NULL; } return ret; @@ -856,6 +852,7 @@ get_reply_key(krb5_context context, if (ret) { krb5_set_error_string(context, "PKINIT failed copying reply key"); free(*key); + *key = NULL; } return ret; @@ -929,6 +926,7 @@ pk_verify_host(krb5_context context, if (hi) { ret = hx509_verify_hostname(ctx->id->hx509ctx, host->cert, ctx->require_hostname_match, + HX509_HN_HOSTNAME, hi->hostname, hi->ai->ai_addr, hi->ai->ai_addrlen); @@ -942,7 +940,8 @@ pk_verify_host(krb5_context context, static krb5_error_code pk_rd_pa_reply_enckey(krb5_context context, int type, - const ContentInfo *rep, + const heim_octet_string *indata, + const heim_oid *dataType, const char *realm, krb5_pk_init_ctx ctx, krb5_enctype etype, @@ -954,27 +953,19 @@ pk_rd_pa_reply_enckey(krb5_context context, { krb5_error_code ret; struct krb5_pk_cert *host = NULL; - size_t size; - int length; - void *p; krb5_data content; heim_oid contentType = { 0, NULL }; - if (der_heim_oid_cmp(oid_id_pkcs7_envelopedData(), &rep->contentType)) { + if (der_heim_oid_cmp(oid_id_pkcs7_envelopedData(), dataType)) { krb5_set_error_string(context, "PKINIT: Invalid content type"); return EINVAL; } - if (rep->content == NULL) { - krb5_set_error_string(context, "PKINIT: No content in reply"); - return EINVAL; - } - ret = hx509_cms_unenvelope(ctx->id->hx509ctx, ctx->id->certs, HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT, - rep->content->data, - rep->content->length, + indata->data, + indata->length, NULL, &contentType, &content); @@ -983,41 +974,52 @@ pk_rd_pa_reply_enckey(krb5_context context, "Failed to unenvelope CMS data in PK-INIT reply"); return ret; } + der_free_oid(&contentType); + +#if 0 /* windows LH with interesting CMS packets, leaks memory */ + { + size_t ph = 1 + der_length_len (length); + unsigned char *ptr = malloc(length + ph); + size_t l; - p = content.data; - length = content.length; + memcpy(ptr + ph, p, length); + + ret = der_put_length_and_tag (ptr + ph - 1, ph, length, + ASN1_C_UNIV, CONS, UT_Sequence, &l); + if (ret) + return ret; + ptr += ph - l; + length += l; + p = ptr; + } +#endif /* win2k uses ContentInfo */ if (type == COMPAT_WIN2K) { - ContentInfo ci; + heim_oid type; + heim_octet_string out; - ret = decode_ContentInfo(p, length, &ci, &size); - if (ret) { - krb5_set_error_string(context, - "PKINIT: failed decoding ContentInfo: %d", - ret); - goto out; - } - - if (der_heim_oid_cmp(&ci.contentType, oid_id_pkcs7_signedData())) { + ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL); + if (der_heim_oid_cmp(&type, oid_id_pkcs7_signedData())) { ret = EINVAL; /* XXX */ krb5_set_error_string(context, "PKINIT: Invalid content type"); + der_free_oid(&type); + der_free_octet_string(&out); goto out; } - if (ci.content == NULL) { - ret = EINVAL; /* XXX */ - krb5_set_error_string(context, "PKINIT: Invalid content type"); + der_free_oid(&type); + krb5_data_free(&content); + ret = krb5_data_copy(&content, out.data, out.length); + der_free_octet_string(&out); + if (ret) { + krb5_set_error_string(context, "PKINIT: out of memory"); goto out; } - krb5_data_free(&content); - content = *ci.content; - p = ci.content->data; - length = ci.content->length; } ret = _krb5_pk_verify_sign(context, - p, - length, + content.data, + content.length, ctx->id, &contentType, &content, @@ -1073,7 +1075,8 @@ pk_rd_pa_reply_enckey(krb5_context context, static krb5_error_code pk_rd_pa_reply_dh(krb5_context context, - const ContentInfo *rep, + const heim_octet_string *indata, + const heim_oid *dataType, const char *realm, krb5_pk_init_ctx ctx, krb5_enctype etype, @@ -1097,19 +1100,14 @@ pk_rd_pa_reply_dh(krb5_context context, krb5_data_zero(&content); memset(&kdc_dh_info, 0, sizeof(kdc_dh_info)); - if (der_heim_oid_cmp(oid_id_pkcs7_signedData(), &rep->contentType)) { + if (der_heim_oid_cmp(oid_id_pkcs7_signedData(), dataType)) { krb5_set_error_string(context, "PKINIT: Invalid content type"); return EINVAL; } - if (rep->content == NULL) { - krb5_set_error_string(context, "PKINIT: No content in reply"); - return EINVAL; - } - ret = _krb5_pk_verify_sign(context, - rep->content->data, - rep->content->length, + indata->data, + indata->length, ctx->id, &contentType, &content, @@ -1261,20 +1259,19 @@ _krb5_pk_rd_pa_reply(krb5_context context, { krb5_pk_init_ctx ctx = c; krb5_error_code ret; - ContentInfo ci; size_t size; /* Check for IETF PK-INIT first */ if (ctx->type == COMPAT_IETF) { PA_PK_AS_REP rep; + heim_octet_string os, data; + heim_oid oid; if (pa->padata_type != KRB5_PADATA_PK_AS_REP) { krb5_set_error_string(context, "PKINIT: wrong padata recv"); return EINVAL; } - memset(&rep, 0, sizeof(rep)); - ret = decode_PA_PK_AS_REP(pa->padata_value.data, pa->padata_value.length, &rep, @@ -1286,49 +1283,42 @@ _krb5_pk_rd_pa_reply(krb5_context context, switch (rep.element) { case choice_PA_PK_AS_REP_dhInfo: - ret = decode_ContentInfo(rep.u.dhInfo.dhSignedData.data, - rep.u.dhInfo.dhSignedData.length, - &ci, - &size); - if (ret) { - krb5_set_error_string(context, - "PKINIT: decoding failed DH " - "ContentInfo: %d", ret); - - free_PA_PK_AS_REP(&rep); - break; - } - ret = pk_rd_pa_reply_dh(context, &ci, realm, ctx, etype, hi, - ctx->clientDHNonce, - rep.u.dhInfo.serverDHNonce, - nonce, pa, key); - free_ContentInfo(&ci); - free_PA_PK_AS_REP(&rep); - + os = rep.u.dhInfo.dhSignedData; break; case choice_PA_PK_AS_REP_encKeyPack: - ret = decode_ContentInfo(rep.u.encKeyPack.data, - rep.u.encKeyPack.length, - &ci, - &size); - free_PA_PK_AS_REP(&rep); - if (ret) { - krb5_set_error_string(context, - "PKINIT: -25 decoding failed " - "ContentInfo: %d", ret); - break; - } - ret = pk_rd_pa_reply_enckey(context, COMPAT_IETF, &ci, realm, ctx, - etype, hi, nonce, req_buffer, pa, key); - free_ContentInfo(&ci); - return ret; + os = rep.u.encKeyPack; + break; default: free_PA_PK_AS_REP(&rep); krb5_set_error_string(context, "PKINIT: -27 reply " "invalid content type"); - ret = EINVAL; + return EINVAL; + } + + ret = hx509_cms_unwrap_ContentInfo(&os, &oid, &data, NULL); + if (ret) { + free_PA_PK_AS_REP(&rep); + krb5_set_error_string(context, "PKINIT: failed to unwrap CI"); + return ret; + } + + switch (rep.element) { + case choice_PA_PK_AS_REP_dhInfo: + ret = pk_rd_pa_reply_dh(context, &data, &oid, realm, ctx, etype, hi, + ctx->clientDHNonce, + rep.u.dhInfo.serverDHNonce, + nonce, pa, key); break; + case choice_PA_PK_AS_REP_encKeyPack: + ret = pk_rd_pa_reply_enckey(context, COMPAT_IETF, &data, &oid, realm, + ctx, etype, hi, nonce, req_buffer, pa, key); + break; + default: + krb5_abortx(context, "pk-init as-rep case not possible to happen"); } + der_free_octet_string(&data); + der_free_oid(&oid); + free_PA_PK_AS_REP(&rep); } else if (ctx->type == COMPAT_WIN2K) { PA_PK_AS_REP_Win2k w2krep; @@ -1357,23 +1347,25 @@ _krb5_pk_rd_pa_reply(krb5_context context, krb5_clear_error_string(context); switch (w2krep.element) { - case choice_PA_PK_AS_REP_Win2k_encKeyPack: - ret = decode_ContentInfo(w2krep.u.encKeyPack.data, - w2krep.u.encKeyPack.length, - &ci, - &size); + case choice_PA_PK_AS_REP_Win2k_encKeyPack: { + heim_octet_string data; + heim_oid oid; + + ret = hx509_cms_unwrap_ContentInfo(&w2krep.u.encKeyPack, + &oid, &data, NULL); free_PA_PK_AS_REP_Win2k(&w2krep); if (ret) { - krb5_set_error_string(context, - "PKINIT: decoding failed " - "ContentInfo: %d", - ret); + krb5_set_error_string(context, "PKINIT: failed to unwrap CI"); return ret; } - ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &ci, realm, ctx, - etype, hi, nonce, req_buffer, pa, key); - free_ContentInfo(&ci); + + ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &data, &oid, realm, + ctx, etype, hi, nonce, req_buffer, pa, key); + der_free_octet_string(&data); + der_free_oid(&oid); + break; + } default: free_PA_PK_AS_REP_Win2k(&w2krep); krb5_set_error_string(context, "PKINIT: win2k reply invalid " @@ -1473,8 +1465,7 @@ _krb5_pk_load_id(krb5_context context, id = calloc(1, sizeof(*id)); if (id == NULL) { krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; + return ENOMEM; } ret = hx509_context_init(&id->hx509ctx); diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c index f19464bf3c..68317a12c0 100644 --- a/source4/heimdal/lib/krb5/plugin.c +++ b/source4/heimdal/lib/krb5/plugin.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: plugin.c 19789 2007-01-09 17:46:01Z lha $"); +RCSID("$Id: plugin.c 21134 2007-06-18 21:02:23Z lha $"); #ifdef HAVE_DLFCN_H #include #endif @@ -96,6 +96,7 @@ loadlib(krb5_context context, (*e)->dsohandle = dlopen(lib, RTLD_LAZY); if ((*e)->dsohandle == NULL) { free(*e); + *e = NULL; krb5_set_error_string(context, "Failed to load %s: %s", lib, dlerror()); return ENOMEM; diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index ef3f5412db..c1a29d266b 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -41,7 +41,7 @@ #include #include "resolve.h" -RCSID("$Id: principal.c 20223 2007-02-15 04:17:04Z lha $"); +RCSID("$Id: principal.c 21285 2007-06-25 12:30:55Z lha $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) @@ -281,15 +281,19 @@ krb5_parse_name(krb5_context context, static const char quotable_chars[] = " \n\t\b\\/@"; static const char replace_chars[] = " ntb\\/@"; +static const char nq_chars[] = " \\/@"; #define add_char(BASE, INDEX, LEN, C) do { if((INDEX) < (LEN)) (BASE)[(INDEX)++] = (C); }while(0); static size_t -quote_string(const char *s, char *out, size_t idx, size_t len) +quote_string(const char *s, char *out, size_t idx, size_t len, int display) { const char *p, *q; for(p = s; *p && idx < len; p++){ - if((q = strchr(quotable_chars, *p))){ + q = strchr(quotable_chars, *p); + if (q && display) { + add_char(out, idx, len, replace_chars[q - quotable_chars]); + } else if (q) { add_char(out, idx, len, '\\'); add_char(out, idx, len, replace_chars[q - quotable_chars]); }else @@ -312,6 +316,7 @@ unparse_name_fixed(krb5_context context, int i; int short_form = (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) != 0; int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0; + int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0; if (!no_realm && princ_realm(principal) == NULL) { krb5_set_error_string(context, "Realm missing from principal, " @@ -322,7 +327,7 @@ unparse_name_fixed(krb5_context context, for(i = 0; i < princ_num_comp(principal); i++){ if(i) add_char(name, idx, len, '/'); - idx = quote_string(princ_ncomp(principal, i), name, idx, len); + idx = quote_string(princ_ncomp(principal, i), name, idx, len, display); if(idx == len) { krb5_set_error_string(context, "Out of space printing principal"); return ERANGE; @@ -341,7 +346,7 @@ unparse_name_fixed(krb5_context context, } if(!short_form && !no_realm) { add_char(name, idx, len, '@'); - idx = quote_string(princ_realm(principal), name, idx, len); + idx = quote_string(princ_realm(principal), name, idx, len, display); if(idx == len) { krb5_set_error_string(context, "Out of space printing realm of principal"); @@ -1213,3 +1218,37 @@ krb5_sname_to_principal (krb5_context context, krb5_free_host_realm(context, realms); return ret; } + +static const struct { + const char *type; + int32_t value; +} nametypes[] = { + { "UNKNOWN", KRB5_NT_UNKNOWN }, + { "PRINCIPAL", KRB5_NT_PRINCIPAL }, + { "SRV_INST", KRB5_NT_SRV_INST }, + { "SRV_HST", KRB5_NT_SRV_HST }, + { "SRV_XHST", KRB5_NT_SRV_XHST }, + { "UID", KRB5_NT_UID }, + { "X500_PRINCIPAL", KRB5_NT_X500_PRINCIPAL }, + { "SMTP_NAME", KRB5_NT_SMTP_NAME }, + { "ENTERPRISE_PRINCIPAL", KRB5_NT_ENTERPRISE_PRINCIPAL }, + { "ENT_PRINCIPAL_AND_ID", KRB5_NT_ENT_PRINCIPAL_AND_ID }, + { "MS_PRINCIPAL", KRB5_NT_MS_PRINCIPAL }, + { "MS_PRINCIPAL_AND_ID", KRB5_NT_MS_PRINCIPAL_AND_ID }, + { NULL } +}; + +krb5_error_code +krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype) +{ + size_t i; + + for(i = 0; nametypes[i].type; i++) { + if (strcasecmp(nametypes[i].type, str) == 0) { + *nametype = nametypes[i].value; + return 0; + } + } + krb5_set_error_string(context, "Failed to find name type %s", str); + return KRB5_PARSE_MALFORMED; +} diff --git a/source4/heimdal/lib/krb5/rd_error.c b/source4/heimdal/lib/krb5/rd_error.c index 89615ee8ac..e7646467af 100644 --- a/source4/heimdal/lib/krb5/rd_error.c +++ b/source4/heimdal/lib/krb5/rd_error.c @@ -33,11 +33,11 @@ #include "krb5_locl.h" -RCSID("$Id: rd_error.c 20304 2007-04-11 11:15:05Z lha $"); +RCSID("$Id: rd_error.c 21057 2007-06-12 17:22:31Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_error(krb5_context context, - krb5_data *msg, + const krb5_data *msg, KRB_ERROR *result) { diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c index 6c70244327..c1a4df2b01 100644 --- a/source4/heimdal/lib/krb5/send_to_kdc.c +++ b/source4/heimdal/lib/krb5/send_to_kdc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: send_to_kdc.c 19973 2007-01-17 17:19:52Z lha $"); +RCSID("$Id: send_to_kdc.c 21062 2007-06-12 17:58:57Z lha $"); struct send_to_kdc { krb5_send_to_kdc_func func; @@ -413,26 +413,16 @@ krb5_sendto_kdc_flags(krb5_context context, int flags) { krb5_error_code ret; - krb5_krbhst_handle handle; - int type; - - if ((flags & KRB5_KRBHST_FLAGS_MASTER) || context->use_admin_kdc) - type = KRB5_KRBHST_ADMIN; - else - type = KRB5_KRBHST_KDC; + krb5_sendto_ctx ctx; - if (send_data->length > context->large_msg_size) - flags |= KRB5_KRBHST_FLAGS_LARGE_MSG; - - ret = krb5_krbhst_init_flags(context, *realm, type, flags, &handle); + ret = krb5_sendto_ctx_alloc(context, &ctx); if (ret) return ret; + krb5_sendto_ctx_add_flags(ctx, flags); + krb5_sendto_ctx_set_func(ctx, _krb5_kdc_retry, NULL); - ret = krb5_sendto(context, send_data, handle, receive); - krb5_krbhst_free(context, handle); - if (ret == KRB5_KDC_UNREACH) - krb5_set_error_string(context, - "unable to reach any KDC in realm %s", *realm); + ret = krb5_sendto_context(context, ctx, send_data, *realm, receive); + krb5_sendto_ctx_free(context, ctx); return ret; } @@ -458,4 +448,157 @@ krb5_set_send_to_kdc_func(krb5_context context, return 0; } +struct krb5_sendto_ctx { + int flags; + int type; + krb5_sendto_ctx_func func; + void *data; +}; +krb5_error_code KRB5_LIB_FUNCTION +krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx) +{ + *ctx = calloc(1, sizeof(**ctx)); + if (*ctx == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + return 0; +} + +void KRB5_LIB_FUNCTION +krb5_sendto_ctx_add_flags(krb5_sendto_ctx ctx, int flags) +{ + ctx->flags |= flags; +} + +int KRB5_LIB_FUNCTION +krb5_sendto_ctx_get_flags(krb5_sendto_ctx ctx) +{ + return ctx->flags; +} + +void KRB5_LIB_FUNCTION +krb5_sendto_ctx_set_type(krb5_sendto_ctx ctx, int type) +{ + ctx->type = type; +} + + +void KRB5_LIB_FUNCTION +krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx, + krb5_sendto_ctx_func func, + void *data) +{ + ctx->func = func; + ctx->data = data; +} + +void KRB5_LIB_FUNCTION +krb5_sendto_ctx_free(krb5_context context, krb5_sendto_ctx ctx) +{ + memset(ctx, 0, sizeof(*ctx)); + free(ctx); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_sendto_context(krb5_context context, + krb5_sendto_ctx ctx, + const krb5_data *send_data, + const krb5_realm realm, + krb5_data *receive) +{ + krb5_error_code ret; + krb5_krbhst_handle handle = NULL; + int type, freectx = 0; + int action; + + krb5_data_zero(receive); + + if (ctx == NULL) { + freectx = 1; + ret = krb5_sendto_ctx_alloc(context, &ctx); + if (ret) + return ret; + } + + type = ctx->type; + if (type == 0) { + if ((ctx->flags & KRB5_KRBHST_FLAGS_MASTER) || context->use_admin_kdc) + type = KRB5_KRBHST_ADMIN; + else + type = KRB5_KRBHST_KDC; + } + + if (send_data->length > context->large_msg_size) + ctx->flags |= KRB5_KRBHST_FLAGS_LARGE_MSG; + + /* loop until we get back a appropriate response */ + + do { + action = KRB5_SENDTO_DONE; + + krb5_data_free(receive); + + if (handle == NULL) { + ret = krb5_krbhst_init_flags(context, realm, type, + ctx->flags, &handle); + if (ret) { + if (freectx) + krb5_sendto_ctx_free(context, ctx); + return ret; + } + } + + ret = krb5_sendto(context, send_data, handle, receive); + if (ret) + break; + if (ctx->func) { + ret = (*ctx->func)(context, ctx, ctx->data, receive, &action); + if (ret) + break; + } + if (action != KRB5_SENDTO_CONTINUE) { + krb5_krbhst_free(context, handle); + handle = NULL; + } + } while (action != KRB5_SENDTO_DONE); + if (handle) + krb5_krbhst_free(context, handle); + if (ret == KRB5_KDC_UNREACH) + krb5_set_error_string(context, + "unable to reach any KDC in realm %s", realm); + if (ret) + krb5_data_free(receive); + if (freectx) + krb5_sendto_ctx_free(context, ctx); + return ret; +} + +krb5_error_code +_krb5_kdc_retry(krb5_context context, krb5_sendto_ctx ctx, void *data, + const krb5_data *reply, int *action) +{ + krb5_error_code ret; + KRB_ERROR error; + + if(krb5_rd_error(context, reply, &error)) + return 0; + + ret = krb5_error_from_rd_error(context, &error, NULL); + krb5_free_error_contents(context, &error); + + switch(ret) { + case KRB5KRB_ERR_RESPONSE_TOO_BIG: { + if (krb5_sendto_ctx_get_flags(ctx) & KRB5_KRBHST_FLAGS_LARGE_MSG) + break; + krb5_sendto_ctx_add_flags(ctx, KRB5_KRBHST_FLAGS_LARGE_MSG); + *action = KRB5_SENDTO_RESTART; + break; + } + case KRB5KDC_ERR_SVC_UNAVAILABLE: + *action = KRB5_SENDTO_CONTINUE; + break; + } + return 0; +} diff --git a/source4/heimdal/lib/ntlm/heimntlm-protos.h b/source4/heimdal/lib/ntlm/heimntlm-protos.h index 2df32dfa50..438ba2b94d 100644 --- a/source4/heimdal/lib/ntlm/heimntlm-protos.h +++ b/source4/heimdal/lib/ntlm/heimntlm-protos.h @@ -33,6 +33,14 @@ heim_ntlm_calculate_ntlm2 ( unsigned char ntlmv2[16], struct ntlm_buf */*answer*/); +int +heim_ntlm_calculate_ntlm2_sess ( + const unsigned char clnt_nonce[8], + const unsigned char svr_chal[8], + const unsigned char ntlm_hash[16], + struct ntlm_buf */*lm*/, + struct ntlm_buf */*ntlm*/); + int heim_ntlm_decode_targetinfo ( struct ntlm_buf */*data*/, diff --git a/source4/heimdal/lib/ntlm/ntlm.c b/source4/heimdal/lib/ntlm/ntlm.c index af950cc3b5..1961c7fa22 100644 --- a/source4/heimdal/lib/ntlm/ntlm.c +++ b/source4/heimdal/lib/ntlm/ntlm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include -RCSID("$Id: ntlm.c 20816 2007-06-03 04:36:31Z lha $"); +RCSID("$Id: ntlm.c 21317 2007-06-25 19:22:02Z lha $"); #include #include @@ -52,6 +52,12 @@ RCSID("$Id: ntlm.c 20816 2007-06-03 04:36:31Z lha $"); #include +/* + * Source of NTLM information: + * http://davenport.sourceforge.net/ntlm.html + */ + + struct sec_buffer { uint16_t length; uint16_t allocated; @@ -760,6 +766,10 @@ splitandenc(unsigned char *hash, memset(key, 0, sizeof(key)); } +/* + * String-to-key function for NTLM + */ + int heim_ntlm_nt_key(const char *password, struct ntlm_buf *key) { @@ -784,6 +794,10 @@ heim_ntlm_nt_key(const char *password, struct ntlm_buf *key) return 0; } +/* + * Calculate NTLMv1 response hash + */ + int heim_ntlm_calculate_ntlm1(void *key, size_t len, unsigned char challange[8], @@ -809,6 +823,10 @@ heim_ntlm_calculate_ntlm1(void *key, size_t len, return 0; } +/* + * Calculate NTLMv1 master key + */ + int heim_ntlm_build_ntlm1_master(void *key, size_t len, struct ntlm_buf *session, @@ -880,8 +898,8 @@ heim_ntlm_ntlmv2_key(const void *key, size_t len, ascii2ucs2le(username, 1, &buf); HMAC_Update(&c, buf.data, buf.length); free(buf.data); - /* turn target into ucs2-le */ - ascii2ucs2le(target, 0, &buf); + /* uppercase target and turn into ucs2-le */ + ascii2ucs2le(target, 1, &buf); HMAC_Update(&c, buf.data, buf.length); free(buf.data); } @@ -914,6 +932,10 @@ nt2unixtime(uint64_t t) } +/* + * Calculate NTLMv2 response + */ + int heim_ntlm_calculate_ntlm2(const void *key, size_t len, const char *username, @@ -948,25 +970,27 @@ heim_ntlm_calculate_ntlm2(const void *key, size_t len, return ENOMEM; krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); - CHECK(krb5_store_uint32(sp, 0x01010000), 0); + CHECK(krb5_store_uint32(sp, 0x00000101), 0); CHECK(krb5_store_uint32(sp, 0), 0); /* timestamp le 64 bit ts */ CHECK(krb5_store_uint32(sp, t & 0xffffffff), 0); CHECK(krb5_store_uint32(sp, t >> 32), 0); + CHECK(krb5_storage_write(sp, clientchallange, 8), 8); + + CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */ CHECK(krb5_storage_write(sp, infotarget->data, infotarget->length), infotarget->length); - /* unknown */ - /* CHECK(krb5_store_uint32(sp, 0), 0); */ + CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */ CHECK(krb5_storage_to_data(sp, &data), 0); krb5_storage_free(sp); sp = NULL; HMAC_CTX_init(&c); - HMAC_Init_ex(&c, ntlmv2, sizeof(ntlmv2), EVP_md5(), NULL); - HMAC_Update(&c, data.data, data.length); + HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL); HMAC_Update(&c, serverchallange, 8); + HMAC_Update(&c, data.data, data.length); HMAC_Final(&c, ntlmv2answer, &hmaclen); HMAC_CTX_cleanup(&c); @@ -996,6 +1020,10 @@ out: static const int authtimediff = 3600 * 2; /* 2 hours */ +/* + * Verify NTLMv2 response. + */ + int heim_ntlm_verify_ntlm2(const void *key, size_t len, const char *username, @@ -1009,6 +1037,7 @@ heim_ntlm_verify_ntlm2(const void *key, size_t len, krb5_error_code ret; unsigned int hmaclen; unsigned char clientanswer[16]; + unsigned char clientnonce[8]; unsigned char serveranswer[16]; krb5_storage *sp; HMAC_CTX c; @@ -1039,7 +1068,7 @@ heim_ntlm_verify_ntlm2(const void *key, size_t len, CHECK(krb5_storage_read(sp, clientanswer, 16), 16); CHECK(krb5_ret_uint32(sp, &temp), 0); - CHECK(temp, 0x01010000); + CHECK(temp, 0x00000101); CHECK(krb5_ret_uint32(sp, &temp), 0); CHECK(temp, 0); /* timestamp le 64 bit ts */ @@ -1056,9 +1085,12 @@ heim_ntlm_verify_ntlm2(const void *key, size_t len, } /* client challange */ - CHECK(krb5_storage_read(sp, serveranswer, 8), 8); + CHECK(krb5_storage_read(sp, clientnonce, 8), 8); - infotarget->length = answer->length - 40; + CHECK(krb5_ret_uint32(sp, &temp), 0); /* unknown */ + + /* should really unparse the infotarget, but lets pick up everything */ + infotarget->length = answer->length - krb5_storage_seek(sp, 0, SEEK_CUR); infotarget->data = malloc(infotarget->length); if (infotarget->data == NULL) { ret = ENOMEM; @@ -1066,14 +1098,14 @@ heim_ntlm_verify_ntlm2(const void *key, size_t len, } CHECK(krb5_storage_read(sp, infotarget->data, infotarget->length), infotarget->length); - /* XXX remove the unknown uint32_t */ + /* XXX remove the unknown ?? */ krb5_storage_free(sp); sp = NULL; HMAC_CTX_init(&c); - HMAC_Init_ex(&c, ntlmv2, sizeof(ntlmv2), EVP_md5(), NULL); - HMAC_Update(&c, ((char *)answer->data) + 16, answer->length - 16); + HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL); HMAC_Update(&c, serverchallange, 8); + HMAC_Update(&c, ((char *)answer->data) + 16, answer->length - 16); HMAC_Final(&c, serveranswer, &hmaclen); HMAC_CTX_cleanup(&c); @@ -1089,3 +1121,52 @@ out: krb5_storage_free(sp); return ret; } + + +/* + * Calculate the NTLM2 Session Response + */ + +int +heim_ntlm_calculate_ntlm2_sess(const unsigned char clnt_nonce[8], + const unsigned char svr_chal[8], + const unsigned char ntlm_hash[16], + struct ntlm_buf *lm, + struct ntlm_buf *ntlm) +{ + unsigned char ntlm2_sess_hash[MD5_DIGEST_LENGTH]; + unsigned char res[21], *resp; + MD5_CTX md5; + + lm->data = malloc(24); + if (lm->data == NULL) + return ENOMEM; + lm->length = 24; + + ntlm->data = malloc(24); + if (ntlm->data == NULL) { + free(lm->data); + lm->data = NULL; + return ENOMEM; + } + ntlm->length = 24; + + /* first setup the lm resp */ + memset(lm->data, 0, 24); + memcpy(lm->data, clnt_nonce, 8); + + MD5_Init(&md5); + MD5_Update(&md5, svr_chal, 8); /* session nonce part 1 */ + MD5_Update(&md5, clnt_nonce, 8); /* session nonce part 2 */ + MD5_Final(ntlm2_sess_hash, &md5); /* will only use first 8 bytes */ + + memset(res, 0, sizeof(res)); + memcpy(res, ntlm_hash, 16); + + resp = ntlm->data; + splitandenc(&res[0], ntlm2_sess_hash, resp + 0); + splitandenc(&res[7], ntlm2_sess_hash, resp + 8); + splitandenc(&res[14], ntlm2_sess_hash, resp + 16); + + return 0; +} diff --git a/source4/heimdal/lib/roken/roken_gethostby.c b/source4/heimdal/lib/roken/roken_gethostby.c index 08eed5f8ed..0b25fbdb3d 100644 --- a/source4/heimdal/lib/roken/roken_gethostby.c +++ b/source4/heimdal/lib/roken/roken_gethostby.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: roken_gethostby.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id: roken_gethostby.c 21157 2007-06-18 22:03:13Z lha $"); #endif #include @@ -111,7 +111,7 @@ int ROKEN_LIB_FUNCTION roken_gethostby_setup(const char *proxy_spec, const char *dns_spec) { char *proxy_host = NULL; - int proxy_port; + int proxy_port = 0; char *dns_host, *dns_path; int dns_port; -- cgit From e1c15c74af7366901eac9fb9a8e1e674928855ec Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 03:52:17 +0000 Subject: r23799: updated old Franklin Street FSF addresses to new URL (This used to be commit db92b76a0034899f5f0dc2d012ee7709ff9a6132) --- source4/heimdal/lib/asn1/parse.c | 4 +--- source4/heimdal/lib/asn1/parse.h | 4 +--- source4/heimdal/lib/com_err/parse.c | 4 +--- source4/heimdal/lib/com_err/parse.h | 4 +--- 4 files changed, 4 insertions(+), 12 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index 31361c7492..d9cd23b662 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -16,9 +16,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. */ + along with this program; if not, see . */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h index a2a9a3a335..a0c26d50f1 100644 --- a/source4/heimdal/lib/asn1/parse.h +++ b/source4/heimdal/lib/asn1/parse.h @@ -16,9 +16,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. */ + along with this program; if not, see . */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c index 4bacb721ca..b3c0c0a979 100644 --- a/source4/heimdal/lib/com_err/parse.c +++ b/source4/heimdal/lib/com_err/parse.c @@ -16,9 +16,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. */ + along with this program; if not, see . */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work diff --git a/source4/heimdal/lib/com_err/parse.h b/source4/heimdal/lib/com_err/parse.h index 4c9681ff34..d73bf6f163 100644 --- a/source4/heimdal/lib/com_err/parse.h +++ b/source4/heimdal/lib/com_err/parse.h @@ -16,9 +16,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. */ + along with this program; if not, see . */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work -- cgit From c1010f666c7c91f6a0dd3a0709b3376e2a5066d1 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 16 Jul 2007 15:03:03 +0000 Subject: r23895: reapply rev 23493: regenerate lex.c files with flex 2.5.33 this makes sure we include config.h as first header hopefully fixes the build on SerNet-aix abartlet: please don't revert that again with your next heimdal merge...:-) metze (This used to be commit 8da4e9a9ac0fb09a7b84de87e1671a8689e20fcb) --- source4/heimdal/lib/asn1/lex.c | 33 ++++++--------------------------- 1 file changed, 6 insertions(+), 27 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index d628e4696f..fe488eb904 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -1,5 +1,6 @@ +#include "config.h" -#line 3 "lex.c" +#line 3 "lex.yy.c" #define YY_INT_ALIGNED short int @@ -342,9 +343,6 @@ FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; typedef int yy_state_type; extern int yylineno; - -int yylineno = 1; - extern char *yytext; #define yytext_ptr yytext @@ -826,7 +824,7 @@ char *yytext; * SUCH DAMAGE. */ -/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */ +/* $Id: lex.l,v 1.31 2006/10/21 11:57:22 lha Exp $ */ #ifdef HAVE_CONFIG_H #include @@ -851,7 +849,7 @@ static unsigned lineno = 1; static void unterminated(const char *, unsigned); /* This is for broken old lexes (solaris 10 and hpux) */ -#line 855 "lex.c" +#line 852 "lex.yy.c" #define INITIAL 0 @@ -1006,7 +1004,7 @@ YY_DECL #line 68 "lex.l" -#line 1010 "lex.c" +#line 1007 "lex.yy.c" if ( !(yy_init) ) { @@ -1675,7 +1673,7 @@ YY_RULE_SETUP #line 274 "lex.l" ECHO; YY_BREAK -#line 1679 "lex.c" +#line 1676 "lex.yy.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -2485,15 +2483,6 @@ static void yy_fatal_error (yyconst char* msg ) /* Accessor methods (get/set functions) to struct members. */ -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} - /** Get the input stream. * */ @@ -2527,16 +2516,6 @@ char *yyget_text (void) return yytext; } -/** Set the current line number. - * @param line_number - * - */ -void yyset_lineno (int line_number ) -{ - - yylineno = line_number; -} - /** Set the input stream. This does not discard the current * input buffer. * @param in_str A readable stream. -- cgit From b39330c4873d4c3923a577e89690fc0e43b0c61a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 22 Aug 2007 06:46:34 +0000 Subject: r24614: Merge with current lorikeet-heimdal. This brings us one step closer to an alpha release. Andrew Bartlett (This used to be commit 30e02747d511630659c59eafec8d28f58605943b) --- source4/heimdal/kdc/default_config.c | 2 +- source4/heimdal/kdc/digest.c | 25 +- source4/heimdal/kdc/kaserver.c | 17 +- source4/heimdal/kdc/kerberos4.c | 53 +- source4/heimdal/kdc/kerberos5.c | 140 ++-- source4/heimdal/kdc/kx509.c | 6 +- source4/heimdal/kuser/kinit.c | 10 +- source4/heimdal/lib/asn1/asn1_err.et | 5 +- source4/heimdal/lib/asn1/der_get.c | 25 +- source4/heimdal/lib/asn1/gen.c | 3 +- source4/heimdal/lib/asn1/gen_decode.c | 72 +- source4/heimdal/lib/asn1/gen_encode.c | 19 +- source4/heimdal/lib/asn1/gen_length.c | 13 +- source4/heimdal/lib/asn1/k5.asn1 | 6 +- source4/heimdal/lib/asn1/lex.c | 33 +- source4/heimdal/lib/asn1/parse.c | 795 +++++++++++---------- source4/heimdal/lib/asn1/parse.h | 6 +- source4/heimdal/lib/asn1/rfc2459.asn1 | 23 +- source4/heimdal/lib/asn1/test.asn1 | 9 +- source4/heimdal/lib/asn1/timegm.c | 6 +- source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c | 9 +- source4/heimdal/lib/gssapi/mech/gss_add_cred.c | 12 +- .../lib/gssapi/mech/gss_canonicalize_name.c | 9 +- source4/heimdal/lib/gssapi/mech/gss_compare_name.c | 9 +- .../heimdal/lib/gssapi/mech/gss_duplicate_name.c | 6 +- .../heimdal/lib/gssapi/mech/gss_init_sec_context.c | 8 +- source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 5 +- source4/heimdal/lib/gssapi/mech/gss_names.c | 27 +- source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c | 5 +- source4/heimdal/lib/gssapi/mech/name.h | 7 +- .../heimdal/lib/gssapi/spnego/accept_sec_context.c | 21 +- source4/heimdal/lib/gssapi/spnego/spnego.asn1 | 45 +- source4/heimdal/lib/hcrypto/hmac.c | 12 +- source4/heimdal/lib/hx509/ca.c | 4 +- source4/heimdal/lib/hx509/cert.c | 4 +- source4/heimdal/lib/hx509/hx509-private.h | 32 - source4/heimdal/lib/hx509/ks_p11.c | 11 +- source4/heimdal/lib/hx509/peer.c | 6 +- source4/heimdal/lib/hx509/print.c | 48 +- source4/heimdal/lib/krb5/cache.c | 39 +- source4/heimdal/lib/krb5/changepw.c | 6 +- source4/heimdal/lib/krb5/get_cred.c | 12 +- source4/heimdal/lib/krb5/init_creds.c | 7 +- source4/heimdal/lib/krb5/init_creds_pw.c | 4 +- source4/heimdal/lib/krb5/krb5-private.h | 4 +- source4/heimdal/lib/krb5/krb5-protos.h | 8 - source4/heimdal/lib/krb5/krb5-v4compat.h | 50 +- source4/heimdal/lib/krb5/krb5.h | 13 +- source4/heimdal/lib/krb5/krb5_locl.h | 10 +- source4/heimdal/lib/krb5/krb_err.et | 63 ++ source4/heimdal/lib/krb5/krbhst.c | 6 +- source4/heimdal/lib/krb5/pkinit.c | 52 +- source4/heimdal/lib/krb5/plugin.c | 16 +- source4/heimdal/lib/krb5/rd_priv.c | 16 +- source4/heimdal/lib/krb5/v4_glue.c | 64 +- source4/heimdal/lib/ntlm/ntlm.c | 4 +- 56 files changed, 1137 insertions(+), 785 deletions(-) create mode 100644 source4/heimdal/lib/krb5/krb_err.et (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c index e06366f214..5f336e3275 100644 --- a/source4/heimdal/kdc/default_config.c +++ b/source4/heimdal/kdc/default_config.c @@ -36,7 +36,7 @@ #include #include -RCSID("$Id: default_config.c 21296 2007-06-25 14:49:11Z lha $"); +RCSID("$Id: default_config.c 21405 2007-07-04 10:35:45Z lha $"); krb5_error_code krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c index 801449fe5e..358ca5ad56 100644 --- a/source4/heimdal/kdc/digest.c +++ b/source4/heimdal/kdc/digest.c @@ -34,7 +34,7 @@ #include "kdc_locl.h" #include -RCSID("$Id: digest.c 21241 2007-06-20 11:30:19Z lha $"); +RCSID("$Id: digest.c 21606 2007-07-17 07:03:25Z lha $"); #define MS_CHAP_V2 0x20 #define CHAP_MD5 0x10 @@ -975,7 +975,7 @@ _kdc_do_digest(krb5_context context, } kdc_log(context, config, 0, "Digest %s request successful %s", - ireq.u.digestRequest.type, from); + ireq.u.digestRequest.type, ireq.u.digestRequest.username); break; } @@ -1227,7 +1227,7 @@ _kdc_do_digest(krb5_context context, version = 1; if (flags & NTLM_NEG_NTLM2_SESSION) { - char sessionhash[MD5_DIGEST_LENGTH]; + unsigned char sessionhash[MD5_DIGEST_LENGTH]; MD5_CTX md5ctx; if ((config->digests_allowed & NTLM_V1_SESSION) == 0) { @@ -1331,10 +1331,24 @@ _kdc_do_digest(krb5_context context, version, ireq.u.ntlmRequest.username); break; } - default: + default: { + char *s; + krb5_set_error_string(context, "unknown operation to digest"); + ret = EINVAL; + failed: + + s = krb5_get_error_message(context, ret); + if (s == NULL) { + krb5_clear_error_string(context); + goto out; + } + + kdc_log(context, config, 0, "Digest failed with: %s", s); + r.element = choice_DigestRepInner_error; - r.u.error.reason = strdup("unknown/failed operation"); + r.u.error.reason = strdup("unknown error"); + krb5_free_error_string(context, s); if (r.u.error.reason == NULL) { krb5_set_error_string(context, "out of memory"); ret = ENOMEM; @@ -1343,6 +1357,7 @@ _kdc_do_digest(krb5_context context, r.u.error.code = EINVAL; break; } + } ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret); if (ret) { diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c index deb32e1019..15624e8e76 100644 --- a/source4/heimdal/kdc/kaserver.c +++ b/source4/heimdal/kdc/kaserver.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kaserver.c 17904 2006-08-23 11:45:16Z lha $"); +RCSID("$Id: kaserver.c 21661 2007-07-22 01:57:17Z lha $"); #include #include @@ -191,19 +191,28 @@ init_reply_header (struct rx_header *hdr, reply_hdr->serviceid = hdr->serviceid; } +/* + * Create an error `reply´ using for the packet `hdr' with the error + * `error´ code. + */ static void make_error_reply (struct rx_header *hdr, - uint32_t ret, + uint32_t error, krb5_data *reply) { - krb5_storage *sp; struct rx_header reply_hdr; + krb5_error_code ret; + krb5_storage *sp; init_reply_header (hdr, &reply_hdr, HT_ABORT, HF_LAST); sp = krb5_storage_emem(); + if (sp == NULL) + return; ret = encode_rx_header (&reply_hdr, sp); - krb5_store_int32(sp, ret); + if (ret) + return; + krb5_store_int32(sp, error); krb5_storage_to_data (sp, reply); krb5_storage_free (sp); } diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c index 3c76bb99b2..cbba64945b 100644 --- a/source4/heimdal/kdc/kerberos4.c +++ b/source4/heimdal/kdc/kerberos4.c @@ -35,7 +35,7 @@ #include -RCSID("$Id: kerberos4.c 18349 2006-10-08 13:43:52Z lha $"); +RCSID("$Id: kerberos4.c 21577 2007-07-16 08:14:06Z lha $"); #ifndef swap32 static uint32_t @@ -151,7 +151,8 @@ _kdc_do_version4(krb5_context context, if(!config->enable_v4) { kdc_log(context, config, 0, "Rejected version 4 request from %s", from); - make_err_reply(context, reply, KDC_GEN_ERR, "function not enabled"); + make_err_reply(context, reply, KRB4ET_KDC_GEN_ERR, + "Function not enabled"); return 0; } @@ -160,7 +161,7 @@ _kdc_do_version4(krb5_context context, if(pvno != 4){ kdc_log(context, config, 0, "Protocol version mismatch (krb4) (%d)", pvno); - make_err_reply(context, reply, KDC_PKT_VER, "protocol mismatch"); + make_err_reply(context, reply, KRB4ET_KDC_PKT_VER, "protocol mismatch"); goto out; } RCHECK(krb5_ret_int8(sp, &msg_type), out); @@ -196,7 +197,7 @@ _kdc_do_version4(krb5_context context, if(ret) { kdc_log(context, config, 0, "Client not found in database: %s: %s", client_name, krb5_get_err_text(context, ret)); - make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, + make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, "principal unknown"); goto out1; } @@ -205,7 +206,7 @@ _kdc_do_version4(krb5_context context, if(ret){ kdc_log(context, config, 0, "Server not found in database: %s: %s", server_name, krb5_get_err_text(context, ret)); - make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, + make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, "principal unknown"); goto out1; } @@ -216,7 +217,7 @@ _kdc_do_version4(krb5_context context, TRUE); if (ret) { /* good error code? */ - make_err_reply(context, reply, KERB_ERR_NAME_EXP, + make_err_reply(context, reply, KRB4ET_KDC_NAME_EXP, "operation not allowed"); goto out1; } @@ -227,7 +228,7 @@ _kdc_do_version4(krb5_context context, kdc_log(context, config, 0, "Per principal Kerberos 4 flag not turned on for %s", client_name); - make_err_reply(context, reply, KERB_ERR_NULL_KEY, + make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, "allow kerberos4 flag required"); goto out1; } @@ -244,7 +245,7 @@ _kdc_do_version4(krb5_context context, "Pre-authentication required for v4-request: " "%s for %s", client_name, server_name); - make_err_reply(context, reply, KERB_ERR_NULL_KEY, + make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, "preauth required"); goto out1; } @@ -252,7 +253,7 @@ _kdc_do_version4(krb5_context context, ret = _kdc_get_des_key(context, client, FALSE, FALSE, &ckey); if(ret){ kdc_log(context, config, 0, "no suitable DES key for client"); - make_err_reply(context, reply, KDC_NULL_KEY, + make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, "no suitable DES key for client"); goto out1; } @@ -265,7 +266,7 @@ _kdc_do_version4(krb5_context context, if(ret){ kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s", name, inst, realm); - make_err_reply(context, reply, KDC_NULL_KEY, + make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, "No version-4 salted key in database"); goto out1; } @@ -274,8 +275,7 @@ _kdc_do_version4(krb5_context context, ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey); if(ret){ kdc_log(context, config, 0, "no suitable DES key for server"); - /* XXX */ - make_err_reply(context, reply, KDC_NULL_KEY, + make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, "no suitable DES key for server"); goto out1; } @@ -400,7 +400,7 @@ _kdc_do_version4(krb5_context context, "tgs-req (krb4) with old kvno %d (current %d) for " "krbtgt.%s@%s", kvno, tgt->entry.kvno % 256, realm, config->v4_realm); - make_err_reply(context, reply, KDC_AUTH_EXP, + make_err_reply(context, reply, KRB4ET_KDC_AUTH_EXP, "old krbtgt kvno used"); goto out2; } @@ -409,8 +409,7 @@ _kdc_do_version4(krb5_context context, if(ret){ kdc_log(context, config, 0, "no suitable DES key for krbtgt (krb4)"); - /* XXX */ - make_err_reply(context, reply, KDC_NULL_KEY, + make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, "no suitable DES key for krbtgt"); goto out2; } @@ -456,7 +455,7 @@ _kdc_do_version4(krb5_context context, if(strcmp(ad.prealm, realm)){ kdc_log(context, config, 0, "Can't hop realms (krb4) %s -> %s", realm, ad.prealm); - make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, + make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, "Can't hop realms"); goto out2; } @@ -465,7 +464,7 @@ _kdc_do_version4(krb5_context context, kdc_log(context, config, 0, "krb4 Cross-realm %s -> %s disabled", realm, config->v4_realm); - make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, + make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, "Can't hop realms"); goto out2; } @@ -473,7 +472,7 @@ _kdc_do_version4(krb5_context context, if(strcmp(sname, "changepw") == 0){ kdc_log(context, config, 0, "Bad request for changepw ticket (krb4)"); - make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, + make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, "Can't authorize password change based on TGT"); goto out2; } @@ -485,7 +484,7 @@ _kdc_do_version4(krb5_context context, s = kdc_log_msg(context, config, 0, "Client not found in database: (krb4) %s: %s", client_name, krb5_get_err_text(context, ret)); - make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, s); + make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s); free(s); goto out2; } @@ -494,7 +493,7 @@ _kdc_do_version4(krb5_context context, s = kdc_log_msg(context, config, 0, "Local client not found in database: (krb4) " "%s", client_name); - make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, s); + make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s); free(s); goto out2; } @@ -506,7 +505,7 @@ _kdc_do_version4(krb5_context context, s = kdc_log_msg(context, config, 0, "Server not found in database (krb4): %s: %s", server_name, krb5_get_err_text(context, ret)); - make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, s); + make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s); free(s); goto out2; } @@ -516,8 +515,7 @@ _kdc_do_version4(krb5_context context, server, server_name, FALSE); if (ret) { - /* good error code? */ - make_err_reply(context, reply, KERB_ERR_NAME_EXP, + make_err_reply(context, reply, KRB4ET_KDC_NAME_EXP, "operation not allowed"); goto out2; } @@ -526,8 +524,7 @@ _kdc_do_version4(krb5_context context, if(ret){ kdc_log(context, config, 0, "no suitable DES key for server (krb4)"); - /* XXX */ - make_err_reply(context, reply, KDC_NULL_KEY, + make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, "no suitable DES key for server"); goto out2; } @@ -787,7 +784,7 @@ _kdc_get_des_key(krb5_context context, else if(is_server && server_key) *ret_key = server_key; else - return KERB_ERR_NULL_KEY; + return KRB4ET_KDC_NULL_KEY; } else { if(v4_key) *ret_key = v4_key; @@ -798,11 +795,11 @@ _kdc_get_des_key(krb5_context context, else if(is_server && server_key) *ret_key = server_key; else - return KERB_ERR_NULL_KEY; + return KRB4ET_KDC_NULL_KEY; } if((*ret_key)->key.keyvalue.length == 0) - return KERB_ERR_NULL_KEY; + return KRB4ET_KDC_NULL_KEY; return 0; } diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index e34938447a..40a9c9c972 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c 21040 2007-06-10 06:20:59Z lha $"); +RCSID("$Id: kerberos5.c 21529 2007-07-13 12:37:14Z lha $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -84,6 +84,22 @@ _kdc_find_padata(const KDC_REQ *req, int *start, int type) return NULL; } +/* + * Detect if `key' is the using the the precomputed `default_salt'. + */ + +static krb5_boolean +is_default_salt_p(const krb5_salt *default_salt, const Key *key) +{ + if (key->salt == NULL) + return TRUE; + if (default_salt->salttype != key->salt->type) + return FALSE; + if (krb5_data_cmp(&default_salt->saltvalue, &key->salt->salt)) + return FALSE; + return TRUE; +} + /* * return the first appropriate key of `princ' in `ret_key'. Look for * all the etypes in (`etypes', `len'), stopping as soon as we find @@ -97,6 +113,9 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ, { int i; krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP; + krb5_salt def_salt; + + krb5_get_pw_salt (context, princ->entry.principal, &def_salt); for(i = 0; ret != 0 && i < len ; i++) { Key *key = NULL; @@ -112,10 +131,13 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ, *ret_key = key; *ret_etype = etypes[i]; ret = 0; - if (key->salt == NULL) + if (is_default_salt_p(&def_salt, key)) { + krb5_free_salt (context, def_salt); return ret; + } } } + krb5_free_salt (context, def_salt); return ret; } @@ -325,6 +347,43 @@ _kdc_encode_reply(krb5_context context, return 0; } +/* + * Return 1 if the client have only older enctypes, this is for + * determining if the server should send ETYPE_INFO2 or not. + */ + +static int +older_enctype(krb5_enctype enctype) +{ + switch (enctype) { + case ETYPE_DES_CBC_CRC: + case ETYPE_DES_CBC_MD4: + case ETYPE_DES_CBC_MD5: + case ETYPE_DES3_CBC_SHA1: + case ETYPE_ARCFOUR_HMAC_MD5: + case ETYPE_ARCFOUR_HMAC_MD5_56: + return 1; + default: + return 0; + } +} + +static int +only_older_enctype_p(const KDC_REQ *req) +{ + int i; + + for(i = 0; i < req->req_body.etype.len; i++) { + if (!older_enctype(req->req_body.etype.val[i])) + return 0; + } + return 1; +} + +/* + * + */ + static krb5_error_code make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key) { @@ -395,14 +454,18 @@ get_pa_etype_info(krb5_context context, return ENOMEM; memset(pa.val, 0, pa.len * sizeof(*pa.val)); - for(j = 0; j < etypes_len; j++) { - for (i = 0; i < n; i++) - if (pa.val[i].etype == etypes[j]) + for(i = 0; i < client->keys.len; i++) { + for (j = 0; j < n; j++) + if (pa.val[j].etype == client->keys.val[i].key.keytype) goto skip1; - for(i = 0; i < client->keys.len; i++) { + for(j = 0; j < etypes_len; j++) { if(client->keys.val[i].key.keytype == etypes[j]) { if (krb5_enctype_valid(context, etypes[j]) != 0) continue; + if (!older_enctype(etypes[j])) + continue; + if (n >= pa.len) + krb5_abortx(context, "internal error: n >= p.len"); if((ret = make_etype_info_entry(context, &pa.val[n++], &client->keys.val[i])) != 0) { @@ -420,6 +483,10 @@ get_pa_etype_info(krb5_context context, } if (krb5_enctype_valid(context, client->keys.val[i].key.keytype) != 0) continue; + if (!older_enctype(etypes[j])) + continue; + if (n >= pa.len) + krb5_abortx(context, "internal error: n >= p.len"); if((ret = make_etype_info_entry(context, &pa.val[n++], &client->keys.val[i])) != 0) { @@ -429,16 +496,8 @@ get_pa_etype_info(krb5_context context, skip2:; } - if(n != pa.len) { - char *name; - ret = krb5_unparse_name(context, client->principal, &name); - if (ret) - name = rk_UNCONST(""); - kdc_log(context, config, 0, - "internal error in get_pa_etype_info(%s): %d != %d", - name, n, pa.len); - if (ret == 0) - free(name); + if(n < pa.len) { + /* stripped out newer enctypes */ pa.len = n; } @@ -528,33 +587,9 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key) } /* - * Return 1 if the client have only older enctypes, this is for - * determining if the server should send ETYPE_INFO2 or not. - */ - -static int -only_older_enctype_p(const KDC_REQ *req) -{ - int i; - - for(i = 0; i < req->req_body.etype.len; i++) { - switch (req->req_body.etype.val[i]) { - case ETYPE_DES_CBC_CRC: - case ETYPE_DES_CBC_MD4: - case ETYPE_DES_CBC_MD5: - case ETYPE_DES3_CBC_SHA1: - case ETYPE_ARCFOUR_HMAC_MD5: - case ETYPE_ARCFOUR_HMAC_MD5_56: - break; - default: - return 0; - } - } - return 1; -} - -/* - * + * Return an ETYPE-INFO2. Enctypes are storted the same way as in the + * database (client supported enctypes first, then the unsupported + * enctypes). */ static krb5_error_code @@ -578,11 +613,11 @@ get_pa_etype_info2(krb5_context context, return ENOMEM; memset(pa.val, 0, pa.len * sizeof(*pa.val)); - for(j = 0; j < etypes_len; j++) { - for (i = 0; i < n; i++) - if (pa.val[i].etype == etypes[j]) + for(i = 0; i < client->keys.len; i++) { + for (j = 0; j < n; j++) + if (pa.val[j].etype == client->keys.val[i].key.keytype) goto skip1; - for(i = 0; i < client->keys.len; i++) { + for(j = 0; j < etypes_len; j++) { if(client->keys.val[i].key.keytype == etypes[j]) { if (krb5_enctype_valid(context, etypes[j]) != 0) continue; @@ -595,6 +630,7 @@ get_pa_etype_info2(krb5_context context, } skip1:; } + /* send enctypes that the cliene doesn't know about too */ for(i = 0; i < client->keys.len; i++) { for(j = 0; j < etypes_len; j++) { if(client->keys.val[i].key.keytype == etypes[j]) @@ -959,7 +995,9 @@ _kdc_as_rep(krb5_context context, if (b->cname->name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) { if (b->cname->name_string.len != 1) { kdc_log(context, config, 0, - "AS-REQ malformed canon request from %s", from); + "AS-REQ malformed canon request from %s, " + "enterprise name with %d name components", + from, b->cname->name_string.len); ret = KRB5_PARSE_MALFORMED; goto out; } @@ -1395,6 +1433,12 @@ _kdc_as_rep(krb5_context context, copy_Realm(&server->entry.principal->realm, &rep.ticket.realm); _krb5_principal2principalname(&rep.ticket.sname, server->entry.principal); + /* java 1.6 expects the name to be the same type, lets allow that + * uncomplicated name-types. */ +#define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t) + if (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST)) + rep.ticket.sname.name_type = b->sname->name_type; +#undef CNT et.flags.initial = 1; if(client->entry.flags.forwardable && server->entry.flags.forwardable) diff --git a/source4/heimdal/kdc/kx509.c b/source4/heimdal/kdc/kx509.c index 8414ecb4b2..b1b861efef 100644 --- a/source4/heimdal/kdc/kx509.c +++ b/source4/heimdal/kdc/kx509.c @@ -36,7 +36,7 @@ #include #include -RCSID("$Id: kx509.c 19992 2007-01-20 09:06:18Z lha $"); +RCSID("$Id: kx509.c 21607 2007-07-17 07:04:52Z lha $"); /* * @@ -56,7 +56,7 @@ _kdc_try_kx509_request(void *ptr, size_t len, Kx509Request *req, size_t *size) * */ -static const char version_2_0[4] = {0 , 0, 2, 0}; +static const unsigned char version_2_0[4] = {0 , 0, 2, 0}; static krb5_error_code verify_req_hash(krb5_context context, @@ -122,7 +122,7 @@ calculate_reply_hash(krb5_context context, if (rep->certificate) HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length); if (rep->e_text) - HMAC_Update(&ctx, *rep->e_text, strlen(*rep->e_text)); + HMAC_Update(&ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text)); HMAC_Final(&ctx, rep->hash->data, 0); HMAC_CTX_cleanup(&ctx); diff --git a/source4/heimdal/kuser/kinit.c b/source4/heimdal/kuser/kinit.c index 29a9bdd5c7..23fa7a5baf 100644 --- a/source4/heimdal/kuser/kinit.c +++ b/source4/heimdal/kuser/kinit.c @@ -32,18 +32,10 @@ */ #include "kuser_locl.h" -RCSID("$Id: kinit.c 20517 2007-04-22 10:42:26Z lha $"); +RCSID("$Id: kinit.c 21483 2007-07-10 16:40:46Z lha $"); #include "krb5-v4compat.h" -struct krb5_pk_identity; -struct krb5_pk_cert; -struct ContentInfo; -struct _krb5_krb_auth_data; -struct krb5_dh_moduli; -struct krb5_plugin; -enum plugin_type; -#include "krb5-private.h" #include "heimntlm.h" int forwardable_flag = -1; diff --git a/source4/heimdal/lib/asn1/asn1_err.et b/source4/heimdal/lib/asn1/asn1_err.et index 67af1a44fc..c624e218e7 100644 --- a/source4/heimdal/lib/asn1/asn1_err.et +++ b/source4/heimdal/lib/asn1/asn1_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: asn1_err.et 20010 2007-01-20 21:52:27Z lha $" +id "$Id: asn1_err.et 21394 2007-07-02 10:14:43Z lha $" error_table asn1 prefix ASN1 @@ -19,4 +19,7 @@ error_code BAD_FORMAT, "ASN.1 badly-formatted encoding" error_code PARSE_ERROR, "ASN.1 parse error" error_code EXTRA_DATA, "ASN.1 extra data past end of end structure" error_code BAD_CHARACTER, "ASN.1 invalid character in string" +error_code MIN_CONSTRAINT, "ASN.1 too few elements" +error_code MAX_CONSTRAINT, "ASN.1 too many elements" +error_code EXACT_CONSTRAINT, "ASN.1 wrong number of elements" end diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c index 3022435b33..f232ce9a29 100644 --- a/source4/heimdal/lib/asn1/der_get.c +++ b/source4/heimdal/lib/asn1/der_get.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_get.c 20570 2007-04-27 14:06:27Z lha $"); +RCSID("$Id: der_get.c 21369 2007-06-27 10:14:39Z lha $"); #include @@ -336,32 +336,25 @@ generalizedtime2time (const char *s, time_t *t) *t = _der_timegm (&tm); return 0; } -#undef timegm static int der_get_time (const unsigned char *p, size_t len, time_t *data, size_t *size) { - heim_octet_string k; char *times; - size_t ret = 0; - size_t l; int e; - e = der_get_octet_string (p, len, &k, &l); - if (e) return e; - p += l; - len -= l; - ret += l; - times = realloc(k.data, k.length + 1); - if (times == NULL){ - free(k.data); + if (len > len + 1 || len == 0) + return ASN1_BAD_LENGTH; + + times = malloc(len + 1); + if (times == NULL) return ENOMEM; - } - times[k.length] = 0; + memcpy(times, p, len); + times[len] = '\0'; e = generalizedtime2time(times, data); free (times); - if(size) *size = ret; + if(size) *size = len; return e; } diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c index cc1a3056de..26890212ae 100644 --- a/source4/heimdal/lib/asn1/gen.c +++ b/source4/heimdal/lib/asn1/gen.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c 20670 2007-05-11 00:39:41Z lha $"); +RCSID("$Id: gen.c 21364 2007-06-27 08:51:06Z lha $"); FILE *headerfile, *codefile, *logfile; @@ -253,6 +253,7 @@ generate_header_of_codefile(const char *name) "#include \n" "#include \n" "#include \n" + "#include \n" "#include \n", orig_filename); diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c index 7ebef6cdce..face9ba47a 100644 --- a/source4/heimdal/lib/asn1/gen_decode.c +++ b/source4/heimdal/lib/asn1/gen_decode.c @@ -34,7 +34,7 @@ #include "gen_locl.h" #include "lex.h" -RCSID("$Id: gen_decode.c 19572 2006-12-29 17:30:32Z lha $"); +RCSID("$Id: gen_decode.c 21503 2007-07-12 11:57:19Z lha $"); static void decode_primitive (const char *typename, const char *name, const char *forwstr) @@ -202,6 +202,32 @@ find_tag (const Type *t, } } +static void +range_check(const char *name, + const char *length, + const char *forwstr, + struct range *r) +{ + if (r->min == r->max + 2 || r->min < r->max) + fprintf (codefile, + "if ((%s)->%s > %d) {\n" + "e = ASN1_MAX_CONSTRAINT; %s;\n" + "}\n", + name, length, r->max, forwstr); + if (r->min - 1 == r->max || r->min < r->max) + fprintf (codefile, + "if ((%s)->%s < %d) {\n" + "e = ASN1_MIN_CONSTRAINT; %s;\n" + "}\n", + name, length, r->min, forwstr); + if (r->max == r->min) + fprintf (codefile, + "if ((%s)->%s != %d) {\n" + "e = ASN1_EXACT_CONSTRAINT; %s;\n" + "}\n", + name, length, r->min, forwstr); +} + static int decode_type (const char *name, const Type *t, int optional, const char *forwstr, const char *tmpstr) @@ -236,12 +262,14 @@ decode_type (const char *name, const Type *t, int optional, } case TInteger: if(t->members) { - char *s; - asprintf(&s, "(int*)%s", name); - if (s == NULL) - errx (1, "out of memory"); - decode_primitive ("integer", s, forwstr); - free(s); + fprintf(codefile, + "{\n" + "int enumint;\n"); + decode_primitive ("integer", "&enumint", forwstr); + fprintf(codefile, + "*%s = enumint;\n" + "}\n", + name); } else if (t->range == NULL) { decode_primitive ("heim_integer", name, forwstr); } else if (t->range->min == INT_MIN && t->range->max == INT_MAX) { @@ -262,6 +290,8 @@ decode_type (const char *name, const Type *t, int optional, break; case TOctetString: decode_primitive ("octet_string", name, forwstr); + if (t->range) + range_check(name, "length", forwstr, t->range); break; case TBitString: { Member *m; @@ -394,19 +424,31 @@ decode_type (const char *name, const Type *t, int optional, "{\n" "size_t %s_origlen = len;\n" "size_t %s_oldret = ret;\n" + "size_t %s_olen = 0;\n" "void *%s_tmp;\n" "ret = 0;\n" "(%s)->len = 0;\n" - "(%s)->val = NULL;\n" + "(%s)->val = NULL;\n", + tmpstr, + tmpstr, + tmpstr, + tmpstr, + name, + name); + + fprintf (codefile, "while(ret < %s_origlen) {\n" - "%s_tmp = realloc((%s)->val, " - " sizeof(*((%s)->val)) * ((%s)->len + 1));\n" - "if (%s_tmp == NULL) { %s; }\n" + "size_t %s_nlen = %s_olen + sizeof(*((%s)->val));\n" + "if (%s_olen > %s_nlen) { e = ASN1_OVERFLOW; %s; }\n" + "%s_olen = %s_nlen;\n" + "%s_tmp = realloc((%s)->val, %s_olen);\n" + "if (%s_tmp == NULL) { e = ENOMEM; %s; }\n" "(%s)->val = %s_tmp;\n", - tmpstr, tmpstr, tmpstr, - name, name, + tmpstr, + tmpstr, tmpstr, name, + tmpstr, tmpstr, forwstr, tmpstr, tmpstr, - name, name, name, + tmpstr, name, tmpstr, tmpstr, forwstr, name, tmpstr); @@ -425,6 +467,8 @@ decode_type (const char *name, const Type *t, int optional, "}\n", name, tmpstr, tmpstr); + if (t->range) + range_check(name, "len", forwstr, t->range); free (n); free (sname); break; diff --git a/source4/heimdal/lib/asn1/gen_encode.c b/source4/heimdal/lib/asn1/gen_encode.c index b5337b1c43..9544514212 100644 --- a/source4/heimdal/lib/asn1/gen_encode.c +++ b/source4/heimdal/lib/asn1/gen_encode.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_encode.c 19572 2006-12-29 17:30:32Z lha $"); +RCSID("$Id: gen_encode.c 21503 2007-07-12 11:57:19Z lha $"); static void encode_primitive (const char *typename, const char *name) @@ -121,12 +121,12 @@ encode_type (const char *name, const Type *t, const char *tmpstr) break; case TInteger: if(t->members) { - char *s; - asprintf(&s, "(const int*)%s", name); - if(s == NULL) - errx(1, "out of memory"); - encode_primitive ("integer", s); - free(s); + fprintf(codefile, + "{\n" + "int enumint = (int)*%s;\n", + name); + encode_primitive ("integer", "&enumint"); + fprintf(codefile, "}\n;"); } else if (t->range == NULL) { encode_primitive ("heim_integer", name); } else if (t->range->min == INT_MIN && t->range->max == INT_MAX) { @@ -292,6 +292,11 @@ encode_type (const char *name, const Type *t, const char *tmpstr) "size_t elen, totallen = 0;\n" "int eret;\n"); + fprintf(codefile, + "if ((%s)->len > UINT_MAX/sizeof(val[0]))\n" + "return ERANGE;\n", + name); + fprintf(codefile, "val = malloc(sizeof(val[0]) * (%s)->len);\n" "if (val == NULL && (%s)->len != 0) return ENOMEM;\n", diff --git a/source4/heimdal/lib/asn1/gen_length.c b/source4/heimdal/lib/asn1/gen_length.c index a1f7cc6644..4cb5d45089 100644 --- a/source4/heimdal/lib/asn1/gen_length.c +++ b/source4/heimdal/lib/asn1/gen_length.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_length.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id: gen_length.c 21503 2007-07-12 11:57:19Z lha $"); static void length_primitive (const char *typename, @@ -72,12 +72,11 @@ length_type (const char *name, const Type *t, break; case TInteger: if(t->members) { - char *s; - asprintf(&s, "(const int*)%s", name); - if(s == NULL) - errx (1, "out of memory"); - length_primitive ("integer", s, variable); - free(s); + fprintf(codefile, + "{\n" + "int enumint = *%s;\n", name); + length_primitive ("integer", "&enumint", variable); + fprintf(codefile, "}\n"); } else if (t->range == NULL) { length_primitive ("heim_integer", name, variable); } else if (t->range->min == INT_MIN && t->range->max == INT_MAX) { diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1 index 14e9793fdc..e3fe2b11e9 100644 --- a/source4/heimdal/lib/asn1/k5.asn1 +++ b/source4/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1 21092 2007-06-15 19:47:46Z lha $ +-- $Id: k5.asn1 21400 2007-07-02 19:57:31Z lha $ KERBEROS5 DEFINITIONS ::= BEGIN @@ -332,7 +332,7 @@ ETYPE-INFO2-ENTRY ::= SEQUENCE { s2kparams[2] OCTET STRING OPTIONAL } -ETYPE-INFO2 ::= SEQUENCE OF ETYPE-INFO2-ENTRY +ETYPE-INFO2 ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY METHOD-DATA ::= SEQUENCE OF PA-DATA @@ -341,7 +341,7 @@ TypedData ::= SEQUENCE { data-value[1] OCTET STRING OPTIONAL } -TYPED-DATA ::= SEQUENCE OF TypedData +TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF TypedData KDC-REQ-BODY ::= SEQUENCE { kdc-options[0] KDCOptions, diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index fe488eb904..d628e4696f 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -1,6 +1,5 @@ -#include "config.h" -#line 3 "lex.yy.c" +#line 3 "lex.c" #define YY_INT_ALIGNED short int @@ -343,6 +342,9 @@ FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; typedef int yy_state_type; extern int yylineno; + +int yylineno = 1; + extern char *yytext; #define yytext_ptr yytext @@ -824,7 +826,7 @@ char *yytext; * SUCH DAMAGE. */ -/* $Id: lex.l,v 1.31 2006/10/21 11:57:22 lha Exp $ */ +/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */ #ifdef HAVE_CONFIG_H #include @@ -849,7 +851,7 @@ static unsigned lineno = 1; static void unterminated(const char *, unsigned); /* This is for broken old lexes (solaris 10 and hpux) */ -#line 852 "lex.yy.c" +#line 855 "lex.c" #define INITIAL 0 @@ -1004,7 +1006,7 @@ YY_DECL #line 68 "lex.l" -#line 1007 "lex.yy.c" +#line 1010 "lex.c" if ( !(yy_init) ) { @@ -1673,7 +1675,7 @@ YY_RULE_SETUP #line 274 "lex.l" ECHO; YY_BREAK -#line 1676 "lex.yy.c" +#line 1679 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -2483,6 +2485,15 @@ static void yy_fatal_error (yyconst char* msg ) /* Accessor methods (get/set functions) to struct members. */ +/** Get the current line number. + * + */ +int yyget_lineno (void) +{ + + return yylineno; +} + /** Get the input stream. * */ @@ -2516,6 +2527,16 @@ char *yyget_text (void) return yytext; } +/** Set the current line number. + * @param line_number + * + */ +void yyset_lineno (int line_number ) +{ + + yylineno = line_number; +} + /** Set the input stream. This does not discard the current * input buffer. * @param in_str A readable stream. diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index d9cd23b662..6a3e524e93 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -16,7 +16,9 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, see . */ + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work @@ -259,7 +261,7 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id: parse.y 21597 2007-07-16 18:48:58Z lha $"); static Type *new_type (Typetype t); static struct constraint_spec *new_constraint_spec(enum ctype); @@ -300,7 +302,7 @@ typedef union YYSTYPE { int constant; struct value *value; - struct range range; + struct range *range; char *name; Type *type; Member *member; @@ -538,18 +540,18 @@ union yyalloc #endif /* YYFINAL -- State number of the termination state. */ -#define YYFINAL 4 +#define YYFINAL 6 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 169 +#define YYLAST 195 /* YYNTOKENS -- Number of terminals. */ #define YYNTOKENS 98 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 67 +#define YYNNTS 68 /* YYNRULES -- Number of rules. */ -#define YYNRULES 131 +#define YYNRULES 136 /* YYNRULES -- Number of states. */ -#define YYNSTATES 202 +#define YYNSTATES 214 /* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ #define YYUNDEFTOK 2 @@ -603,80 +605,83 @@ static const yytype_uint8 yytranslate[] = YYRHS. */ static const yytype_uint16 yyprhs[] = { - 0, 0, 3, 12, 15, 18, 21, 22, 25, 26, - 29, 30, 34, 35, 37, 38, 40, 43, 48, 50, - 53, 55, 57, 61, 63, 67, 69, 71, 73, 75, - 77, 79, 81, 83, 85, 87, 89, 91, 93, 95, - 97, 99, 101, 103, 109, 111, 114, 119, 121, 125, - 129, 134, 139, 141, 144, 150, 153, 156, 158, 163, - 167, 171, 176, 180, 184, 189, 191, 193, 195, 197, - 199, 202, 206, 208, 210, 212, 215, 219, 225, 230, - 234, 239, 240, 242, 244, 246, 247, 249, 251, 256, - 258, 260, 262, 264, 266, 268, 270, 272, 274, 278, - 282, 285, 287, 290, 294, 296, 300, 305, 307, 308, - 312, 313, 316, 321, 323, 325, 327, 329, 331, 333, - 335, 337, 339, 341, 343, 345, 347, 349, 351, 353, - 355, 357 + 0, 0, 3, 13, 16, 19, 22, 23, 26, 27, + 30, 31, 35, 36, 38, 39, 41, 44, 49, 51, + 54, 56, 58, 62, 64, 68, 70, 72, 74, 76, + 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, + 98, 100, 102, 104, 110, 116, 122, 126, 128, 131, + 136, 138, 142, 146, 151, 156, 158, 161, 167, 170, + 174, 176, 177, 180, 185, 189, 194, 199, 203, 207, + 212, 214, 216, 218, 220, 222, 225, 229, 231, 233, + 235, 238, 242, 248, 253, 257, 262, 263, 265, 267, + 269, 270, 272, 274, 279, 281, 283, 285, 287, 289, + 291, 293, 295, 297, 301, 305, 308, 310, 313, 317, + 319, 323, 328, 330, 331, 335, 336, 339, 344, 346, + 348, 350, 352, 354, 356, 358, 360, 362, 364, 366, + 368, 370, 372, 374, 376, 378, 380 }; /* YYRHS -- A `-1'-separated list of the rules' RHS. */ static const yytype_int16 yyrhs[] = { - 99, 0, -1, 86, 21, 100, 101, 84, 8, 102, - 24, -1, 27, 70, -1, 38, 70, -1, 7, 70, - -1, -1, 29, 39, -1, -1, 103, 107, -1, -1, - 40, 104, 90, -1, -1, 105, -1, -1, 106, -1, - 105, 106, -1, 109, 32, 86, 150, -1, 108, -1, - 108, 107, -1, 110, -1, 142, -1, 86, 91, 109, - -1, 86, -1, 86, 84, 111, -1, 112, -1, 129, - -1, 132, -1, 120, -1, 113, -1, 143, -1, 128, - -1, 118, -1, 115, -1, 123, -1, 121, -1, 122, - -1, 124, -1, 125, -1, 126, -1, 127, -1, 138, - -1, 11, -1, 92, 154, 83, 154, 93, -1, 43, - -1, 43, 114, -1, 43, 94, 116, 95, -1, 117, - -1, 116, 91, 117, -1, 116, 91, 85, -1, 86, - 92, 162, 93, -1, 25, 94, 119, 95, -1, 116, - -1, 9, 67, -1, 9, 67, 94, 148, 95, -1, - 51, 37, -1, 52, 67, -1, 49, -1, 64, 94, - 145, 95, -1, 64, 94, 95, -1, 64, 53, 111, - -1, 65, 94, 145, 95, -1, 65, 94, 95, -1, - 65, 53, 111, -1, 14, 94, 145, 95, -1, 130, - -1, 131, -1, 86, -1, 34, -1, 77, -1, 111, - 133, -1, 92, 134, 93, -1, 135, -1, 136, -1, - 137, -1, 19, 111, -1, 23, 12, 154, -1, 19, - 111, 23, 12, 154, -1, 18, 12, 94, 95, -1, - 139, 141, 111, -1, 96, 140, 89, 97, -1, -1, - 76, -1, 6, -1, 60, -1, -1, 27, -1, 38, - -1, 86, 111, 84, 154, -1, 144, -1, 33, -1, - 78, -1, 61, -1, 81, -1, 36, -1, 10, -1, - 79, -1, 147, -1, 145, 91, 147, -1, 145, 91, - 85, -1, 86, 111, -1, 146, -1, 146, 54, -1, - 146, 20, 154, -1, 149, -1, 148, 91, 149, -1, - 86, 92, 89, 93, -1, 151, -1, -1, 94, 152, - 95, -1, -1, 153, 152, -1, 86, 92, 89, 93, - -1, 86, -1, 89, -1, 155, -1, 156, -1, 160, - -1, 159, -1, 161, -1, 164, -1, 163, -1, 157, - -1, 158, -1, 86, -1, 88, -1, 71, -1, 31, - -1, 162, -1, 89, -1, 49, -1, 151, -1 + 99, 0, -1, 86, 151, 21, 100, 101, 84, 8, + 102, 24, -1, 27, 70, -1, 38, 70, -1, 7, + 70, -1, -1, 29, 39, -1, -1, 103, 107, -1, + -1, 40, 104, 90, -1, -1, 105, -1, -1, 106, + -1, 105, 106, -1, 109, 32, 86, 151, -1, 108, + -1, 108, 107, -1, 110, -1, 143, -1, 86, 91, + 109, -1, 86, -1, 86, 84, 111, -1, 112, -1, + 130, -1, 133, -1, 120, -1, 113, -1, 144, -1, + 129, -1, 118, -1, 115, -1, 123, -1, 121, -1, + 122, -1, 125, -1, 126, -1, 127, -1, 128, -1, + 139, -1, 11, -1, 92, 155, 83, 155, 93, -1, + 92, 155, 83, 46, 93, -1, 92, 47, 83, 155, + 93, -1, 92, 155, 93, -1, 43, -1, 43, 114, + -1, 43, 94, 116, 95, -1, 117, -1, 116, 91, + 117, -1, 116, 91, 85, -1, 86, 92, 163, 93, + -1, 25, 94, 119, 95, -1, 116, -1, 9, 67, + -1, 9, 67, 94, 149, 95, -1, 51, 37, -1, + 52, 67, 124, -1, 49, -1, -1, 66, 114, -1, + 64, 94, 146, 95, -1, 64, 94, 95, -1, 64, + 124, 53, 111, -1, 65, 94, 146, 95, -1, 65, + 94, 95, -1, 65, 53, 111, -1, 14, 94, 146, + 95, -1, 131, -1, 132, -1, 86, -1, 34, -1, + 77, -1, 111, 134, -1, 92, 135, 93, -1, 136, + -1, 137, -1, 138, -1, 19, 111, -1, 23, 12, + 155, -1, 19, 111, 23, 12, 155, -1, 18, 12, + 94, 95, -1, 140, 142, 111, -1, 96, 141, 89, + 97, -1, -1, 76, -1, 6, -1, 60, -1, -1, + 27, -1, 38, -1, 86, 111, 84, 155, -1, 145, + -1, 33, -1, 78, -1, 61, -1, 81, -1, 36, + -1, 10, -1, 79, -1, 148, -1, 146, 91, 148, + -1, 146, 91, 85, -1, 86, 111, -1, 147, -1, + 147, 54, -1, 147, 20, 155, -1, 150, -1, 149, + 91, 150, -1, 86, 92, 89, 93, -1, 152, -1, + -1, 94, 153, 95, -1, -1, 154, 153, -1, 86, + 92, 89, 93, -1, 86, -1, 89, -1, 156, -1, + 157, -1, 161, -1, 160, -1, 162, -1, 165, -1, + 164, -1, 158, -1, 159, -1, 86, -1, 88, -1, + 71, -1, 31, -1, 163, -1, 89, -1, 49, -1, + 152, -1 }; /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ static const yytype_uint16 yyrline[] = { - 0, 231, 231, 238, 239, 241, 243, 246, 248, 251, - 252, 255, 256, 259, 260, 263, 264, 267, 278, 279, - 282, 283, 286, 292, 300, 310, 311, 312, 315, 316, - 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, - 327, 328, 331, 338, 348, 353, 360, 368, 374, 379, - 383, 396, 404, 407, 414, 422, 428, 435, 442, 448, - 456, 464, 470, 478, 486, 493, 494, 497, 508, 513, - 520, 536, 542, 545, 546, 549, 555, 563, 573, 579, - 592, 601, 604, 608, 612, 619, 622, 626, 633, 644, - 647, 652, 657, 662, 667, 672, 677, 685, 691, 696, - 707, 718, 724, 730, 738, 744, 751, 764, 765, 768, - 775, 778, 789, 793, 804, 810, 811, 814, 815, 816, - 817, 818, 821, 824, 827, 838, 846, 852, 860, 868, - 871, 876 + 0, 233, 233, 240, 241, 243, 245, 248, 250, 253, + 254, 257, 258, 261, 262, 265, 266, 269, 280, 281, + 284, 285, 288, 294, 302, 312, 313, 314, 317, 318, + 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 333, 340, 350, 358, 366, 377, 382, 388, + 396, 402, 407, 411, 424, 432, 435, 442, 450, 456, + 465, 473, 474, 479, 485, 493, 502, 508, 516, 524, + 531, 532, 535, 546, 551, 558, 574, 580, 583, 584, + 587, 593, 601, 611, 617, 630, 639, 642, 646, 650, + 657, 660, 664, 671, 682, 685, 690, 695, 700, 705, + 710, 715, 723, 729, 734, 745, 756, 762, 768, 776, + 782, 789, 802, 803, 806, 813, 816, 827, 831, 842, + 848, 849, 852, 853, 854, 855, 856, 859, 862, 865, + 876, 884, 890, 898, 906, 909, 914 }; #endif @@ -712,7 +717,7 @@ static const char *const yytname[] = "TypeAssignment", "Type", "BuiltinType", "BooleanType", "range", "IntegerType", "NamedNumberList", "NamedNumber", "EnumeratedType", "Enumerations", "BitStringType", "ObjectIdentifierType", - "OctetStringType", "NullType", "SequenceType", "SequenceOfType", + "OctetStringType", "NullType", "size", "SequenceType", "SequenceOfType", "SetType", "SetOfType", "ChoiceType", "ReferencedType", "DefinedType", "UsefulType", "ConstrainedType", "Constraint", "ConstraintSpec", "GeneralConstraint", "ContentsConstraint", "UserDefinedConstraint", @@ -751,35 +756,35 @@ static const yytype_uint8 yyr1[] = 102, 103, 103, 104, 104, 105, 105, 106, 107, 107, 108, 108, 109, 109, 110, 111, 111, 111, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, - 112, 112, 113, 114, 115, 115, 115, 116, 116, 116, - 117, 118, 119, 120, 120, 121, 122, 123, 124, 124, - 125, 126, 126, 127, 128, 129, 129, 130, 131, 131, - 132, 133, 134, 135, 135, 136, 136, 136, 137, 138, - 139, 140, 140, 140, 140, 141, 141, 141, 142, 143, - 144, 144, 144, 144, 144, 144, 144, 145, 145, 145, - 146, 147, 147, 147, 148, 148, 149, 150, 150, 151, - 152, 152, 153, 153, 153, 154, 154, 155, 155, 155, - 155, 155, 156, 157, 158, 159, 160, 160, 161, 162, - 163, 164 + 112, 112, 113, 114, 114, 114, 114, 115, 115, 115, + 116, 116, 116, 117, 118, 119, 120, 120, 121, 122, + 123, 124, 124, 125, 125, 126, 127, 127, 128, 129, + 130, 130, 131, 132, 132, 133, 134, 135, 136, 136, + 137, 137, 137, 138, 139, 140, 141, 141, 141, 141, + 142, 142, 142, 143, 144, 145, 145, 145, 145, 145, + 145, 145, 146, 146, 146, 147, 148, 148, 148, 149, + 149, 150, 151, 151, 152, 153, 153, 154, 154, 154, + 155, 155, 156, 156, 156, 156, 156, 157, 158, 159, + 160, 161, 161, 162, 163, 164, 165 }; /* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ static const yytype_uint8 yyr2[] = { - 0, 2, 8, 2, 2, 2, 0, 2, 0, 2, + 0, 2, 9, 2, 2, 2, 0, 2, 0, 2, 0, 3, 0, 1, 0, 1, 2, 4, 1, 2, 1, 1, 3, 1, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 5, 1, 2, 4, 1, 3, 3, - 4, 4, 1, 2, 5, 2, 2, 1, 4, 3, - 3, 4, 3, 3, 4, 1, 1, 1, 1, 1, - 2, 3, 1, 1, 1, 2, 3, 5, 4, 3, - 4, 0, 1, 1, 1, 0, 1, 1, 4, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 3, 3, - 2, 1, 2, 3, 1, 3, 4, 1, 0, 3, - 0, 2, 4, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 5, 5, 5, 3, 1, 2, 4, + 1, 3, 3, 4, 4, 1, 2, 5, 2, 3, + 1, 0, 2, 4, 3, 4, 4, 3, 3, 4, + 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, + 2, 3, 5, 4, 3, 4, 0, 1, 1, 1, + 0, 1, 1, 4, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 3, 3, 2, 1, 2, 3, 1, + 3, 4, 1, 0, 3, 0, 2, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1 + 1, 1, 1, 1, 1, 1, 1 }; /* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state @@ -787,79 +792,81 @@ static const yytype_uint8 yyr2[] = means the default is an error. */ static const yytype_uint8 yydefact[] = { - 0, 0, 0, 6, 1, 0, 0, 0, 8, 5, - 3, 4, 0, 0, 7, 0, 10, 14, 0, 0, - 23, 0, 13, 15, 0, 2, 0, 9, 18, 20, - 21, 0, 11, 16, 0, 0, 95, 42, 0, 0, - 90, 68, 94, 44, 57, 0, 0, 92, 0, 0, - 69, 91, 96, 93, 0, 67, 81, 0, 25, 29, - 33, 32, 28, 35, 36, 34, 37, 38, 39, 40, - 31, 26, 65, 66, 27, 41, 85, 30, 89, 19, - 22, 108, 53, 0, 0, 0, 0, 45, 55, 56, - 0, 0, 0, 0, 24, 83, 84, 82, 0, 0, - 0, 70, 86, 87, 0, 110, 17, 107, 0, 0, - 0, 101, 97, 0, 52, 47, 0, 127, 130, 126, - 124, 125, 129, 131, 0, 115, 116, 122, 123, 118, - 117, 119, 128, 121, 120, 0, 60, 59, 0, 63, - 62, 0, 0, 88, 0, 0, 0, 0, 72, 73, - 74, 79, 113, 114, 0, 110, 0, 0, 104, 100, - 0, 64, 0, 102, 0, 0, 51, 0, 46, 58, - 61, 80, 0, 75, 0, 71, 0, 109, 111, 0, - 0, 54, 99, 98, 103, 0, 49, 48, 0, 0, - 0, 76, 0, 0, 105, 50, 43, 78, 0, 112, - 106, 77 + 0, 113, 0, 115, 0, 112, 1, 118, 119, 0, + 115, 6, 0, 114, 116, 0, 0, 0, 8, 0, + 5, 3, 4, 0, 0, 117, 7, 0, 10, 14, + 0, 0, 23, 0, 13, 15, 0, 2, 0, 9, + 18, 20, 21, 0, 11, 16, 0, 0, 100, 42, + 0, 0, 95, 73, 99, 47, 60, 0, 0, 97, + 61, 0, 74, 96, 101, 98, 0, 72, 86, 0, + 25, 29, 33, 32, 28, 35, 36, 34, 37, 38, + 39, 40, 31, 26, 70, 71, 27, 41, 90, 30, + 94, 19, 22, 113, 56, 0, 0, 0, 0, 48, + 58, 61, 0, 0, 0, 0, 0, 24, 88, 89, + 87, 0, 0, 0, 75, 91, 92, 0, 17, 0, + 0, 0, 106, 102, 0, 55, 50, 0, 132, 0, + 135, 131, 129, 130, 134, 136, 0, 120, 121, 127, + 128, 123, 122, 124, 133, 126, 125, 0, 59, 62, + 64, 0, 0, 68, 67, 0, 0, 93, 0, 0, + 0, 0, 77, 78, 79, 84, 0, 0, 109, 105, + 0, 69, 0, 107, 0, 0, 54, 0, 0, 46, + 49, 63, 65, 66, 85, 0, 80, 0, 76, 0, + 0, 57, 104, 103, 108, 0, 52, 51, 0, 0, + 0, 0, 0, 81, 0, 110, 53, 45, 44, 43, + 83, 0, 111, 82 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int16 yydefgoto[] = { - -1, 2, 8, 13, 18, 19, 21, 22, 23, 27, - 28, 24, 29, 57, 58, 59, 87, 60, 114, 115, - 61, 116, 62, 63, 64, 65, 66, 67, 68, 69, - 70, 71, 72, 73, 74, 101, 147, 148, 149, 150, - 75, 76, 98, 104, 30, 77, 78, 110, 111, 112, - 157, 158, 106, 123, 154, 155, 124, 125, 126, 127, - 128, 129, 130, 131, 132, 133, 134 + -1, 2, 18, 24, 30, 31, 33, 34, 35, 39, + 40, 36, 41, 69, 70, 71, 99, 72, 125, 126, + 73, 127, 74, 75, 76, 77, 104, 78, 79, 80, + 81, 82, 83, 84, 85, 86, 114, 161, 162, 163, + 164, 87, 88, 111, 117, 42, 89, 90, 121, 122, + 123, 167, 168, 4, 135, 9, 10, 136, 137, 138, + 139, 140, 141, 142, 143, 144, 145, 146 }; /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing STATE-NUM. */ -#define YYPACT_NINF -100 +#define YYPACT_NINF -113 static const yytype_int16 yypact[] = { - -65, 19, 33, 5, -100, -29, -17, 11, 53, -100, - -100, -100, 47, 13, -100, 90, -34, 18, 81, 20, - 16, 21, 18, -100, 76, -100, -7, -100, 20, -100, - -100, 18, -100, -100, 23, 43, -100, -100, 24, 25, - -100, -100, -100, -4, -100, 77, 46, -100, -48, -45, - -100, -100, -100, -100, 51, -100, 4, -64, -100, -100, - -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, - -100, -100, -100, -100, -100, -100, -16, -100, -100, -100, - -100, 26, 27, 31, 36, 52, 36, -100, -100, -100, - 51, -71, 51, -70, 32, -100, -100, -100, 37, 52, - 12, -100, -100, -100, 51, -39, -100, -100, 39, 51, - -78, -6, -100, 35, 40, -100, 38, -100, -100, -100, - -100, -100, -100, -100, 56, -100, -100, -100, -100, -100, - -100, -100, -100, -100, -100, -72, 32, -100, -57, 32, - -100, -36, 45, -100, 122, 51, 123, 50, -100, -100, - -100, 32, 44, -100, 49, -39, 57, -22, -100, 32, - -19, -100, 52, -100, 59, 10, -100, 52, -100, -100, - -100, -100, 58, -14, 52, -100, 61, -100, -100, 62, - 39, -100, -100, -100, -100, 60, -100, -100, 63, 64, - 133, -100, 65, 67, -100, -100, -100, -100, 52, -100, - -100, -100 + -74, -67, 38, -69, 23, -113, -113, -44, -113, -41, + -69, 4, -26, -113, -113, -3, 1, 10, 52, -10, + -113, -113, -113, 45, 13, -113, -113, 77, -35, 15, + 64, 19, 17, 20, 15, -113, 85, -113, 25, -113, + 19, -113, -113, 15, -113, -113, 27, 47, -113, -113, + 26, 29, -113, -113, -113, -30, -113, 89, 61, -113, + -57, -47, -113, -113, -113, -113, 82, -113, -4, -68, + -113, -113, -113, -113, -113, -113, -113, -113, -113, -113, + -113, -113, -113, -113, -113, -113, -113, -113, -17, -113, + -113, -113, -113, -67, 35, 33, 46, 51, 46, -113, + -113, 69, 44, -73, 88, 82, -72, 56, -113, -113, + -113, 49, 93, 7, -113, -113, -113, 82, -113, 58, + 82, -76, -13, -113, 57, 59, -113, 60, -113, 68, + -113, -113, -113, -113, -113, -113, -75, -113, -113, -113, + -113, -113, -113, -113, -113, -113, -113, -63, -113, -113, + -113, -62, 82, 56, -113, -46, 65, -113, 141, 82, + 142, 63, -113, -113, -113, 56, 66, -38, -113, 56, + -16, -113, 93, -113, 76, -7, -113, 93, 81, -113, + -113, -113, 56, -113, -113, 72, -19, 93, -113, 83, + 58, -113, -113, -113, -113, 78, -113, -113, 80, 84, + 87, 62, 162, -113, 90, -113, -113, -113, -113, -113, + -113, 93, -113, -113 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int16 yypgoto[] = { - -100, -100, -100, -100, -100, -100, -100, -100, 132, 127, - -100, 126, -100, -53, -100, -100, -100, -100, 75, -3, - -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, - -100, -100, -100, -100, -100, -100, -100, -100, -100, -100, - -100, -100, -100, -100, -100, -100, -100, 0, -100, 3, - -100, -15, -100, 83, 14, -100, -99, -100, -100, -100, - -100, -100, -100, -100, 2, -100, -100 + -113, -113, -113, -113, -113, -113, -113, -113, 150, 136, + -113, 143, -113, -65, -113, -113, 86, -113, 91, 16, + -113, -113, -113, -113, -113, -113, 92, -113, -113, -113, + -113, -113, -113, -113, -113, -113, -113, -113, -113, -113, + -113, -113, -113, -113, -113, -113, -113, -113, -60, -113, + 22, -113, -5, 97, 2, 184, -113, -112, -113, -113, + -113, -113, -113, -113, -113, 21, -113, -113 }; /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If @@ -869,71 +876,78 @@ static const yytype_int16 yypgoto[] = #define YYTABLE_NINF -13 static const yytype_int16 yytable[] = { - 143, 94, 35, 36, 37, 90, 17, 38, 92, 190, - 95, 102, 5, 160, 162, 109, 109, 161, 39, 165, - 99, 1, 103, 168, 137, 140, 40, 41, 100, 42, - 144, 145, 6, 4, 160, 146, 43, 136, 169, 139, - 3, 9, 44, 7, 45, 46, 91, 152, 163, 93, - 153, 151, -12, 10, 47, 160, 159, 48, 49, 170, - 35, 36, 37, 184, 96, 38, 182, 109, 188, 180, - 50, 51, 52, 181, 53, 191, 39, 54, 100, 55, - 97, 11, 12, 117, 40, 41, 14, 42, 85, 56, - 86, 138, 173, 141, 43, 186, 113, 15, 16, 201, - 44, 118, 45, 46, 20, 25, 26, 31, 34, 81, - 82, 32, 47, 89, 88, 48, 49, 109, 83, 84, - 105, 108, 113, 119, 100, 156, 142, 164, 50, 51, - 52, 165, 53, 166, 172, 174, 176, 55, 120, 167, - 121, 122, 171, 175, 177, 198, 105, 56, 122, 179, - 192, 193, 189, 195, 33, 79, 196, 80, 199, 197, - 200, 135, 187, 183, 107, 194, 185, 0, 0, 178 + 157, 107, 108, 5, 202, 29, 105, 172, 178, 102, + 115, 15, 1, 120, 120, 170, 112, 7, 179, 171, + 8, 116, 150, 154, 113, 158, 159, 3, 175, 170, + 160, 16, 180, 181, 47, 48, 49, 103, 6, 50, + 153, 173, 17, 151, 11, 170, 155, 106, 12, 183, + 51, -12, 165, 190, 13, 169, 109, 191, 52, 53, + 194, 54, 97, 19, 98, 198, 200, 20, 55, 192, + 120, 21, 110, 113, 56, 203, 57, 58, 196, 124, + 22, 23, 128, 25, 26, 28, 59, 182, 37, 60, + 61, 47, 48, 49, 186, 5, 50, 27, 129, 213, + 130, 32, 62, 63, 64, 38, 65, 51, 43, 66, + 44, 67, 128, 93, 94, 52, 53, 46, 54, 120, + 95, 68, 131, 96, 128, 55, 100, 199, 101, 119, + 130, 56, 124, 57, 58, 102, 97, 132, 156, 133, + 134, 152, 130, 59, 166, 3, 60, 61, 113, 174, + 175, 177, 131, 185, 187, 176, 188, 210, 189, 62, + 63, 64, 184, 65, 131, 134, 201, 132, 67, 133, + 134, 206, 204, 207, 211, 3, 91, 208, 68, 132, + 209, 133, 134, 212, 45, 205, 92, 3, 149, 147, + 118, 197, 193, 148, 14, 195 }; -static const yytype_int16 yycheck[] = +static const yytype_uint8 yycheck[] = { - 99, 54, 9, 10, 11, 53, 40, 14, 53, 23, - 6, 27, 7, 91, 20, 86, 86, 95, 25, 91, - 84, 86, 38, 95, 95, 95, 33, 34, 92, 36, - 18, 19, 27, 0, 91, 23, 43, 90, 95, 92, - 21, 70, 49, 38, 51, 52, 94, 86, 54, 94, - 89, 104, 86, 70, 61, 91, 109, 64, 65, 95, - 9, 10, 11, 162, 60, 14, 85, 86, 167, 91, - 77, 78, 79, 95, 81, 174, 25, 84, 92, 86, - 76, 70, 29, 31, 33, 34, 39, 36, 92, 96, - 94, 91, 145, 93, 43, 85, 86, 84, 8, 198, - 49, 49, 51, 52, 86, 24, 86, 91, 32, 86, - 67, 90, 61, 67, 37, 64, 65, 86, 94, 94, - 94, 94, 86, 71, 92, 86, 89, 92, 77, 78, - 79, 91, 81, 95, 12, 12, 92, 86, 86, 83, - 88, 89, 97, 93, 95, 12, 94, 96, 89, 92, - 89, 89, 94, 93, 22, 28, 93, 31, 93, 95, - 93, 86, 165, 160, 81, 180, 164, -1, -1, 155 + 112, 66, 6, 1, 23, 40, 53, 20, 83, 66, + 27, 7, 86, 86, 86, 91, 84, 86, 93, 95, + 89, 38, 95, 95, 92, 18, 19, 94, 91, 91, + 23, 27, 95, 95, 9, 10, 11, 94, 0, 14, + 105, 54, 38, 103, 21, 91, 106, 94, 92, 95, + 25, 86, 117, 91, 95, 120, 60, 95, 33, 34, + 172, 36, 92, 89, 94, 177, 178, 70, 43, 85, + 86, 70, 76, 92, 49, 187, 51, 52, 85, 86, + 70, 29, 31, 93, 39, 8, 61, 152, 24, 64, + 65, 9, 10, 11, 159, 93, 14, 84, 47, 211, + 49, 86, 77, 78, 79, 86, 81, 25, 91, 84, + 90, 86, 31, 86, 67, 33, 34, 32, 36, 86, + 94, 96, 71, 94, 31, 43, 37, 46, 67, 94, + 49, 49, 86, 51, 52, 66, 92, 86, 89, 88, + 89, 53, 49, 61, 86, 94, 64, 65, 92, 92, + 91, 83, 71, 12, 12, 95, 93, 95, 92, 77, + 78, 79, 97, 81, 71, 89, 94, 86, 86, 88, + 89, 93, 89, 93, 12, 94, 40, 93, 96, 86, + 93, 88, 89, 93, 34, 190, 43, 94, 102, 98, + 93, 175, 170, 101, 10, 174 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_uint8 yystos[] = { - 0, 86, 99, 21, 0, 7, 27, 38, 100, 70, - 70, 70, 29, 101, 39, 84, 8, 40, 102, 103, - 86, 104, 105, 106, 109, 24, 86, 107, 108, 110, - 142, 91, 90, 106, 32, 9, 10, 11, 14, 25, - 33, 34, 36, 43, 49, 51, 52, 61, 64, 65, - 77, 78, 79, 81, 84, 86, 96, 111, 112, 113, - 115, 118, 120, 121, 122, 123, 124, 125, 126, 127, - 128, 129, 130, 131, 132, 138, 139, 143, 144, 107, - 109, 86, 67, 94, 94, 92, 94, 114, 37, 67, - 53, 94, 53, 94, 111, 6, 60, 76, 140, 84, - 92, 133, 27, 38, 141, 94, 150, 151, 94, 86, - 145, 146, 147, 86, 116, 117, 119, 31, 49, 71, - 86, 88, 89, 151, 154, 155, 156, 157, 158, 159, - 160, 161, 162, 163, 164, 116, 111, 95, 145, 111, - 95, 145, 89, 154, 18, 19, 23, 134, 135, 136, - 137, 111, 86, 89, 152, 153, 86, 148, 149, 111, - 91, 95, 20, 54, 92, 91, 95, 83, 95, 95, - 95, 97, 12, 111, 12, 93, 92, 95, 152, 92, - 91, 95, 85, 147, 154, 162, 85, 117, 154, 94, - 23, 154, 89, 89, 149, 93, 93, 95, 12, 93, - 93, 154 + 0, 86, 99, 94, 151, 152, 0, 86, 89, 153, + 154, 21, 92, 95, 153, 7, 27, 38, 100, 89, + 70, 70, 70, 29, 101, 93, 39, 84, 8, 40, + 102, 103, 86, 104, 105, 106, 109, 24, 86, 107, + 108, 110, 143, 91, 90, 106, 32, 9, 10, 11, + 14, 25, 33, 34, 36, 43, 49, 51, 52, 61, + 64, 65, 77, 78, 79, 81, 84, 86, 96, 111, + 112, 113, 115, 118, 120, 121, 122, 123, 125, 126, + 127, 128, 129, 130, 131, 132, 133, 139, 140, 144, + 145, 107, 109, 86, 67, 94, 94, 92, 94, 114, + 37, 67, 66, 94, 124, 53, 94, 111, 6, 60, + 76, 141, 84, 92, 134, 27, 38, 142, 151, 94, + 86, 146, 147, 148, 86, 116, 117, 119, 31, 47, + 49, 71, 86, 88, 89, 152, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 116, 124, 114, + 95, 146, 53, 111, 95, 146, 89, 155, 18, 19, + 23, 135, 136, 137, 138, 111, 86, 149, 150, 111, + 91, 95, 20, 54, 92, 91, 95, 83, 83, 93, + 95, 95, 111, 95, 97, 12, 111, 12, 93, 92, + 91, 95, 85, 148, 155, 163, 85, 117, 155, 46, + 155, 94, 23, 155, 89, 150, 93, 93, 93, 93, + 95, 12, 93, 155 }; #define yyerrok (yyerrstatus = 0) @@ -1748,29 +1762,29 @@ yyreduce: switch (yyn) { case 2: -#line 233 "parse.y" +#line 235 "parse.y" { checkundefined(); } break; case 4: -#line 240 "parse.y" +#line 242 "parse.y" { error_message("implicit tagging is not supported"); } break; case 5: -#line 242 "parse.y" +#line 244 "parse.y" { error_message("automatic tagging is not supported"); } break; case 7: -#line 247 "parse.y" +#line 249 "parse.y" { error_message("no extensibility options supported"); } break; case 17: -#line 268 "parse.y" +#line 270 "parse.y" { struct string_list *sl; for(sl = (yyvsp[(1) - (4)].sl); sl != NULL; sl = sl->next) { @@ -1782,7 +1796,7 @@ yyreduce: break; case 22: -#line 287 "parse.y" +#line 289 "parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[(1) - (3)].name); @@ -1791,7 +1805,7 @@ yyreduce: break; case 23: -#line 293 "parse.y" +#line 295 "parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[(1) - (1)].name); @@ -1800,7 +1814,7 @@ yyreduce: break; case 24: -#line 301 "parse.y" +#line 303 "parse.y" { Symbol *s = addsym ((yyvsp[(1) - (3)].name)); s->stype = Stype; @@ -1811,7 +1825,7 @@ yyreduce: break; case 42: -#line 332 "parse.y" +#line 334 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean, TE_EXPLICIT, new_type(TBoolean)); @@ -1819,36 +1833,70 @@ yyreduce: break; case 43: -#line 339 "parse.y" +#line 341 "parse.y" { - if((yyvsp[(2) - (5)].value)->type != integervalue || - (yyvsp[(4) - (5)].value)->type != integervalue) - error_message("Non-integer value used in range"); - (yyval.range).min = (yyvsp[(2) - (5)].value)->u.integervalue; - (yyval.range).max = (yyvsp[(4) - (5)].value)->u.integervalue; + if((yyvsp[(2) - (5)].value)->type != integervalue) + error_message("Non-integer used in first part of range"); + if((yyvsp[(2) - (5)].value)->type != integervalue) + error_message("Non-integer in second part of range"); + (yyval.range) = ecalloc(1, sizeof(*(yyval.range))); + (yyval.range)->min = (yyvsp[(2) - (5)].value)->u.integervalue; + (yyval.range)->max = (yyvsp[(4) - (5)].value)->u.integervalue; } break; case 44: -#line 349 "parse.y" +#line 351 "parse.y" + { + if((yyvsp[(2) - (5)].value)->type != integervalue) + error_message("Non-integer in first part of range"); + (yyval.range) = ecalloc(1, sizeof(*(yyval.range))); + (yyval.range)->min = (yyvsp[(2) - (5)].value)->u.integervalue; + (yyval.range)->max = (yyvsp[(2) - (5)].value)->u.integervalue - 1; + } + break; + + case 45: +#line 359 "parse.y" + { + if((yyvsp[(4) - (5)].value)->type != integervalue) + error_message("Non-integer in second part of range"); + (yyval.range) = ecalloc(1, sizeof(*(yyval.range))); + (yyval.range)->min = (yyvsp[(4) - (5)].value)->u.integervalue + 2; + (yyval.range)->max = (yyvsp[(4) - (5)].value)->u.integervalue; + } + break; + + case 46: +#line 367 "parse.y" + { + if((yyvsp[(2) - (3)].value)->type != integervalue) + error_message("Non-integer used in limit"); + (yyval.range) = ecalloc(1, sizeof(*(yyval.range))); + (yyval.range)->min = (yyvsp[(2) - (3)].value)->u.integervalue; + (yyval.range)->max = (yyvsp[(2) - (3)].value)->u.integervalue; + } + break; + + case 47: +#line 378 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, new_type(TInteger)); } break; - case 45: -#line 354 "parse.y" + case 48: +#line 383 "parse.y" { (yyval.type) = new_type(TInteger); - (yyval.type)->range = emalloc(sizeof(*(yyval.type)->range)); - *((yyval.type)->range) = (yyvsp[(2) - (2)].range); + (yyval.type)->range = (yyvsp[(2) - (2)].range); (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, (yyval.type)); } break; - case 46: -#line 361 "parse.y" + case 49: +#line 389 "parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1856,8 +1904,8 @@ yyreduce: } break; - case 47: -#line 369 "parse.y" + case 50: +#line 397 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -1865,21 +1913,21 @@ yyreduce: } break; - case 48: -#line 375 "parse.y" + case 51: +#line 403 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); } break; - case 49: -#line 380 "parse.y" + case 52: +#line 408 "parse.y" { (yyval.members) = (yyvsp[(1) - (3)].members); } break; - case 50: -#line 384 "parse.y" + case 53: +#line 412 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (4)].name); @@ -1892,8 +1940,8 @@ yyreduce: } break; - case 51: -#line 397 "parse.y" + case 54: +#line 425 "parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1901,8 +1949,8 @@ yyreduce: } break; - case 53: -#line 408 "parse.y" + case 56: +#line 436 "parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = emalloc(sizeof(*(yyval.type)->members)); @@ -1911,8 +1959,8 @@ yyreduce: } break; - case 54: -#line 415 "parse.y" + case 57: +#line 443 "parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = (yyvsp[(4) - (5)].members); @@ -1920,32 +1968,44 @@ yyreduce: } break; - case 55: -#line 423 "parse.y" + case 58: +#line 451 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_OID, TE_EXPLICIT, new_type(TOID)); } break; - case 56: -#line 429 "parse.y" + case 59: +#line 457 "parse.y" { - (yyval.type) = new_tag(ASN1_C_UNIV, UT_OctetString, - TE_EXPLICIT, new_type(TOctetString)); + Type *t = new_type(TOctetString); + t->range = (yyvsp[(3) - (3)].range); + (yyval.type) = new_tag(ASN1_C_UNIV, UT_OctetString, + TE_EXPLICIT, t); } break; - case 57: -#line 436 "parse.y" + case 60: +#line 466 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Null, TE_EXPLICIT, new_type(TNull)); } break; - case 58: -#line 443 "parse.y" + case 61: +#line 473 "parse.y" + { (yyval.range) = NULL; } + break; + + case 62: +#line 475 "parse.y" + { (yyval.range) = (yyvsp[(2) - (2)].range); } + break; + + case 63: +#line 480 "parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1953,8 +2013,8 @@ yyreduce: } break; - case 59: -#line 449 "parse.y" + case 64: +#line 486 "parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = NULL; @@ -1962,17 +2022,18 @@ yyreduce: } break; - case 60: -#line 457 "parse.y" + case 65: +#line 494 "parse.y" { (yyval.type) = new_type(TSequenceOf); - (yyval.type)->subtype = (yyvsp[(3) - (3)].type); + (yyval.type)->range = (yyvsp[(2) - (4)].range); + (yyval.type)->subtype = (yyvsp[(4) - (4)].type); (yyval.type) = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, (yyval.type)); } break; - case 61: -#line 465 "parse.y" + case 66: +#line 503 "parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1980,8 +2041,8 @@ yyreduce: } break; - case 62: -#line 471 "parse.y" + case 67: +#line 509 "parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = NULL; @@ -1989,8 +2050,8 @@ yyreduce: } break; - case 63: -#line 479 "parse.y" + case 68: +#line 517 "parse.y" { (yyval.type) = new_type(TSetOf); (yyval.type)->subtype = (yyvsp[(3) - (3)].type); @@ -1998,16 +2059,16 @@ yyreduce: } break; - case 64: -#line 487 "parse.y" + case 69: +#line 525 "parse.y" { (yyval.type) = new_type(TChoice); (yyval.type)->members = (yyvsp[(3) - (4)].members); } break; - case 67: -#line 498 "parse.y" + case 72: +#line 536 "parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); (yyval.type) = new_type(TType); @@ -2018,24 +2079,24 @@ yyreduce: } break; - case 68: -#line 509 "parse.y" + case 73: +#line 547 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, TE_EXPLICIT, new_type(TGeneralizedTime)); } break; - case 69: -#line 514 "parse.y" + case 74: +#line 552 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime, TE_EXPLICIT, new_type(TUTCTime)); } break; - case 70: -#line 521 "parse.y" + case 75: +#line 559 "parse.y" { /* if (Constraint.type == contentConstrant) { assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too @@ -2050,15 +2111,15 @@ yyreduce: } break; - case 71: -#line 537 "parse.y" + case 76: +#line 575 "parse.y" { (yyval.constraint_spec) = (yyvsp[(2) - (3)].constraint_spec); } break; - case 75: -#line 550 "parse.y" + case 80: +#line 588 "parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); (yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (2)].type); @@ -2066,8 +2127,8 @@ yyreduce: } break; - case 76: -#line 556 "parse.y" + case 81: +#line 594 "parse.y" { if ((yyvsp[(3) - (3)].value)->type != objectidentifiervalue) error_message("Non-OID used in ENCODED BY constraint"); @@ -2077,8 +2138,8 @@ yyreduce: } break; - case 77: -#line 564 "parse.y" + case 82: +#line 602 "parse.y" { if ((yyvsp[(5) - (5)].value)->type != objectidentifiervalue) error_message("Non-OID used in ENCODED BY constraint"); @@ -2088,15 +2149,15 @@ yyreduce: } break; - case 78: -#line 574 "parse.y" + case 83: +#line 612 "parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_USER); } break; - case 79: -#line 580 "parse.y" + case 84: +#line 618 "parse.y" { (yyval.type) = new_type(TTag); (yyval.type)->tag = (yyvsp[(1) - (3)].tag); @@ -2109,8 +2170,8 @@ yyreduce: } break; - case 80: -#line 593 "parse.y" + case 85: +#line 631 "parse.y" { (yyval.tag).tagclass = (yyvsp[(2) - (4)].constant); (yyval.tag).tagvalue = (yyvsp[(3) - (4)].constant); @@ -2118,57 +2179,57 @@ yyreduce: } break; - case 81: -#line 601 "parse.y" + case 86: +#line 639 "parse.y" { (yyval.constant) = ASN1_C_CONTEXT; } break; - case 82: -#line 605 "parse.y" + case 87: +#line 643 "parse.y" { (yyval.constant) = ASN1_C_UNIV; } break; - case 83: -#line 609 "parse.y" + case 88: +#line 647 "parse.y" { (yyval.constant) = ASN1_C_APPL; } break; - case 84: -#line 613 "parse.y" + case 89: +#line 651 "parse.y" { (yyval.constant) = ASN1_C_PRIVATE; } break; - case 85: -#line 619 "parse.y" + case 90: +#line 657 "parse.y" { (yyval.constant) = TE_EXPLICIT; } break; - case 86: -#line 623 "parse.y" + case 91: +#line 661 "parse.y" { (yyval.constant) = TE_EXPLICIT; } break; - case 87: -#line 627 "parse.y" + case 92: +#line 665 "parse.y" { (yyval.constant) = TE_IMPLICIT; } break; - case 88: -#line 634 "parse.y" + case 93: +#line 672 "parse.y" { Symbol *s; s = addsym ((yyvsp[(1) - (4)].name)); @@ -2179,64 +2240,64 @@ yyreduce: } break; - case 90: -#line 648 "parse.y" + case 95: +#line 686 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString, TE_EXPLICIT, new_type(TGeneralString)); } break; - case 91: -#line 653 "parse.y" + case 96: +#line 691 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String, TE_EXPLICIT, new_type(TUTF8String)); } break; - case 92: -#line 658 "parse.y" + case 97: +#line 696 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString, TE_EXPLICIT, new_type(TPrintableString)); } break; - case 93: -#line 663 "parse.y" + case 98: +#line 701 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_VisibleString, TE_EXPLICIT, new_type(TVisibleString)); } break; - case 94: -#line 668 "parse.y" + case 99: +#line 706 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, TE_EXPLICIT, new_type(TIA5String)); } break; - case 95: -#line 673 "parse.y" + case 100: +#line 711 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, TE_EXPLICIT, new_type(TBMPString)); } break; - case 96: -#line 678 "parse.y" + case 101: +#line 716 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString, TE_EXPLICIT, new_type(TUniversalString)); } break; - case 97: -#line 686 "parse.y" + case 102: +#line 724 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -2244,16 +2305,16 @@ yyreduce: } break; - case 98: -#line 692 "parse.y" + case 103: +#line 730 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); } break; - case 99: -#line 697 "parse.y" + case 104: +#line 735 "parse.y" { struct member *m = ecalloc(1, sizeof(*m)); m->name = estrdup("..."); @@ -2264,8 +2325,8 @@ yyreduce: } break; - case 100: -#line 708 "parse.y" + case 105: +#line 746 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (2)].name); @@ -2276,8 +2337,8 @@ yyreduce: } break; - case 101: -#line 719 "parse.y" + case 106: +#line 757 "parse.y" { (yyval.member) = (yyvsp[(1) - (1)].member); (yyval.member)->optional = 0; @@ -2285,8 +2346,8 @@ yyreduce: } break; - case 102: -#line 725 "parse.y" + case 107: +#line 763 "parse.y" { (yyval.member) = (yyvsp[(1) - (2)].member); (yyval.member)->optional = 1; @@ -2294,8 +2355,8 @@ yyreduce: } break; - case 103: -#line 731 "parse.y" + case 108: +#line 769 "parse.y" { (yyval.member) = (yyvsp[(1) - (3)].member); (yyval.member)->optional = 0; @@ -2303,8 +2364,8 @@ yyreduce: } break; - case 104: -#line 739 "parse.y" + case 109: +#line 777 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -2312,16 +2373,16 @@ yyreduce: } break; - case 105: -#line 745 "parse.y" + case 110: +#line 783 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); } break; - case 106: -#line 752 "parse.y" + case 111: +#line 790 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (4)].name); @@ -2334,27 +2395,27 @@ yyreduce: } break; - case 108: -#line 765 "parse.y" + case 113: +#line 803 "parse.y" { (yyval.objid) = NULL; } break; - case 109: -#line 769 "parse.y" + case 114: +#line 807 "parse.y" { (yyval.objid) = (yyvsp[(2) - (3)].objid); } break; - case 110: -#line 775 "parse.y" + case 115: +#line 813 "parse.y" { (yyval.objid) = NULL; } break; - case 111: -#line 779 "parse.y" + case 116: +#line 817 "parse.y" { if ((yyvsp[(2) - (2)].objid)) { (yyval.objid) = (yyvsp[(2) - (2)].objid); @@ -2365,15 +2426,15 @@ yyreduce: } break; - case 112: -#line 790 "parse.y" + case 117: +#line 828 "parse.y" { (yyval.objid) = new_objid((yyvsp[(1) - (4)].name), (yyvsp[(3) - (4)].constant)); } break; - case 113: -#line 794 "parse.y" + case 118: +#line 832 "parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); if(s->stype != SValue || @@ -2386,15 +2447,15 @@ yyreduce: } break; - case 114: -#line 805 "parse.y" + case 119: +#line 843 "parse.y" { (yyval.objid) = new_objid(NULL, (yyvsp[(1) - (1)].constant)); } break; - case 124: -#line 828 "parse.y" + case 129: +#line 866 "parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); if(s->stype != SValue) @@ -2405,8 +2466,8 @@ yyreduce: } break; - case 125: -#line 839 "parse.y" + case 130: +#line 877 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = stringvalue; @@ -2414,8 +2475,8 @@ yyreduce: } break; - case 126: -#line 847 "parse.y" + case 131: +#line 885 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2423,8 +2484,8 @@ yyreduce: } break; - case 127: -#line 853 "parse.y" + case 132: +#line 891 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2432,8 +2493,8 @@ yyreduce: } break; - case 128: -#line 861 "parse.y" + case 133: +#line 899 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = integervalue; @@ -2441,14 +2502,14 @@ yyreduce: } break; - case 130: -#line 872 "parse.y" + case 135: +#line 910 "parse.y" { } break; - case 131: -#line 877 "parse.y" + case 136: +#line 915 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = objectidentifiervalue; @@ -2458,7 +2519,7 @@ yyreduce: /* Line 1267 of yacc.c. */ -#line 2464 "parse.c" +#line 2523 "parse.c" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -2672,7 +2733,7 @@ yyreturn: } -#line 884 "parse.y" +#line 922 "parse.y" void diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h index a0c26d50f1..5e73094f9e 100644 --- a/source4/heimdal/lib/asn1/parse.h +++ b/source4/heimdal/lib/asn1/parse.h @@ -16,7 +16,9 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, see . */ + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work @@ -224,7 +226,7 @@ typedef union YYSTYPE { int constant; struct value *value; - struct range range; + struct range *range; char *name; Type *type; Member *member; diff --git a/source4/heimdal/lib/asn1/rfc2459.asn1 b/source4/heimdal/lib/asn1/rfc2459.asn1 index 71f197eba7..0ec3b695eb 100644 --- a/source4/heimdal/lib/asn1/rfc2459.asn1 +++ b/source4/heimdal/lib/asn1/rfc2459.asn1 @@ -169,7 +169,7 @@ Extension ::= SEQUENCE { extnValue OCTET STRING } -Extensions ::= SEQUENCE OF Extension -- SIZE (1..MAX) +Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension TBSCertificate ::= SEQUENCE { version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1, @@ -232,7 +232,7 @@ GeneralName ::= CHOICE { registeredID [8] IMPLICIT OBJECT IDENTIFIER } -GeneralNames ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralName +GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 } @@ -320,7 +320,7 @@ DistributionPointReasonFlags ::= BIT STRING { } DistributionPointName ::= CHOICE { - fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE -- SIZE (1..MAX) -- OF GeneralName, + fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName, nameRelativeToCRLIssuer [1] RelativeDistinguishedName } @@ -330,7 +330,7 @@ DistributionPoint ::= SEQUENCE { cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL } -CRLDistributionPoints ::= SEQUENCE -- SIZE (1..MAX) -- OF DistributionPoint +CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint -- rfc3279 @@ -449,11 +449,20 @@ id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 } id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 } id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 } --- RFC 3820 Proxy Certificate Profile - id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 } -id-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 } +id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 } + +AccessDescription ::= SEQUENCE { + accessMethod OBJECT IDENTIFIER, + accessLocation GeneralName +} + +AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription + +-- RFC 3820 Proxy Certificate Profile + +id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 } id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 } diff --git a/source4/heimdal/lib/asn1/test.asn1 b/source4/heimdal/lib/asn1/test.asn1 index 98b507a4da..b2f58a20c2 100644 --- a/source4/heimdal/lib/asn1/test.asn1 +++ b/source4/heimdal/lib/asn1/test.asn1 @@ -1,4 +1,4 @@ --- $Id: test.asn1 18013 2006-09-05 14:00:44Z lha $ -- +-- $Id: test.asn1 21455 2007-07-10 12:51:19Z lha $ -- TEST DEFINITIONS ::= @@ -85,4 +85,11 @@ TESTUSERCONSTRAINED ::= OCTET STRING (CONSTRAINED BY { -- meh -- }) TESTSeqOf ::= SEQUENCE OF TESTInteger +TESTSeqSizeOf1 ::= SEQUENCE SIZE (2) OF TESTInteger +TESTSeqSizeOf2 ::= SEQUENCE SIZE (1..2) OF TESTInteger +TESTSeqSizeOf3 ::= SEQUENCE SIZE (1..MAX) OF TESTInteger +TESTSeqSizeOf4 ::= SEQUENCE SIZE (MIN..2) OF TESTInteger + +TESTOSSize1 ::= OCTET STRING SIZE (1..2) + END diff --git a/source4/heimdal/lib/asn1/timegm.c b/source4/heimdal/lib/asn1/timegm.c index a6776458cf..33b9684a5d 100644 --- a/source4/heimdal/lib/asn1/timegm.c +++ b/source4/heimdal/lib/asn1/timegm.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: timegm.c 18607 2006-10-19 16:19:32Z lha $"); +RCSID("$Id: timegm.c 21366 2007-06-27 10:06:22Z lha $"); static int is_leap(unsigned y) @@ -43,8 +43,8 @@ is_leap(unsigned y) } /* - * This is a simplifed version of _der_timegm that doesn't accept out - * of bound values that timegm(3) normally accepts but those are not + * This is a simplifed version of timegm(3) that doesn't accept out of + * bound values that timegm(3) normally accepts but those are not * valid in asn1 encodings. */ diff --git a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c index d6e448a223..cb1b62308c 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c +++ b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_acquire_cred.c 20626 2007-05-08 13:56:49Z lha $"); +RCSID("$Id: gss_acquire_cred.c 21478 2007-07-10 16:32:01Z lha $"); OM_uint32 gss_acquire_cred(OM_uint32 *minor_status, @@ -50,7 +50,7 @@ gss_acquire_cred(OM_uint32 *minor_status, int i; *minor_status = 0; - if (actual_mechs) + if (output_cred_handle) *output_cred_handle = GSS_C_NO_CREDENTIAL; if (actual_mechs) *actual_mechs = GSS_C_NO_OID_SET; @@ -106,8 +106,9 @@ gss_acquire_cred(OM_uint32 *minor_status, continue; if (desired_name != GSS_C_NO_NAME) { - mn = _gss_find_mn(name, &mechs->elements[i]); - if (!mn) + major_status = _gss_find_mn(minor_status, name, + &mechs->elements[i], &mn); + if (major_status != GSS_S_COMPLETE) continue; } diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c index 4947c5c30e..09b592b5da 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c +++ b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_add_cred.c 20626 2007-05-08 13:56:49Z lha $"); +RCSID("$Id: gss_add_cred.c 21474 2007-07-10 16:30:23Z lha $"); static struct _gss_mechanism_cred * _gss_copy_cred(struct _gss_mechanism_cred *mc) @@ -136,11 +136,13 @@ gss_add_cred(OM_uint32 *minor_status, * Figure out a suitable mn, if any. */ if (desired_name) { - mn = _gss_find_mn((struct _gss_name *) desired_name, - desired_mech); - if (!mn) { + major_status = _gss_find_mn(minor_status, + (struct _gss_name *) desired_name, + desired_mech, + &mn); + if (major_status != GSS_S_COMPLETE) { free(new_cred); - return (GSS_S_BAD_NAME); + return major_status; } } else { mn = 0; diff --git a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c index 1437a9bc7b..c950c03166 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_canonicalize_name.c 19928 2007-01-16 10:37:54Z lha $"); +RCSID("$Id: gss_canonicalize_name.c 21476 2007-07-10 16:31:27Z lha $"); OM_uint32 gss_canonicalize_name(OM_uint32 *minor_status, @@ -44,10 +44,9 @@ gss_canonicalize_name(OM_uint32 *minor_status, *minor_status = 0; *output_name = 0; - mn = _gss_find_mn(name, mech_type); - if (!mn) { - return (GSS_S_BAD_MECH); - } + major_status = _gss_find_mn(minor_status, name, mech_type, &mn); + if (major_status) + return major_status; m = mn->gmn_mech; major_status = m->gm_canonicalize_name(minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c index 147ad60c94..617ff13d98 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_compare_name.c 17700 2006-06-28 09:00:26Z lha $"); +RCSID("$Id: gss_compare_name.c 21475 2007-07-10 16:31:03Z lha $"); OM_uint32 gss_compare_name(OM_uint32 *minor_status, @@ -57,8 +57,11 @@ gss_compare_name(OM_uint32 *minor_status, struct _gss_mechanism_name *mn2; SLIST_FOREACH(mn1, &name1->gn_mn, gmn_link) { - mn2 = _gss_find_mn(name2, mn1->gmn_mech_oid); - if (mn2) { + OM_uint32 major_status; + + major_status = _gss_find_mn(minor_status, name2, + mn1->gmn_mech_oid, &mn2); + if (major_status == GSS_S_COMPLETE) { return (mn1->gmn_mech->gm_compare_name( minor_status, mn1->gmn_name, diff --git a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c index 4ff81fdf2d..f38c840b31 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_duplicate_name.c 21219 2007-06-20 08:27:11Z lha $"); +RCSID("$Id: gss_duplicate_name.c 21480 2007-07-10 16:32:32Z lha $"); OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, const gss_name_t src_name, @@ -54,7 +54,9 @@ OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, new_name = (struct _gss_name *) *dest_name; SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { - _gss_find_mn(new_name, mn->gmn_mech_oid); + struct _gss_mechanism_name *mn2; + _gss_find_mn(minor_status, new_name, + mn->gmn_mech_oid, &mn2); } } else { new_name = malloc(sizeof(struct _gss_name)); diff --git a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c index c1c058d146..b9a1680dcb 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_init_sec_context.c 19957 2007-01-17 13:48:11Z lha $"); +RCSID("$Id: gss_init_sec_context.c 21479 2007-07-10 16:32:19Z lha $"); static gss_cred_id_t _gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type) @@ -109,11 +109,11 @@ gss_init_sec_context(OM_uint32 * minor_status, /* * Find the MN for this mechanism. */ - mn = _gss_find_mn(name, mech_type); - if (mn == NULL) { + major_status = _gss_find_mn(minor_status, name, mech_type, &mn); + if (major_status != GSS_S_COMPLETE) { if (allocated_ctx) free(ctx); - return GSS_S_BAD_NAME; + return major_status; } /* diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c index 604027490e..f1a18afb13 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c +++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -28,7 +28,7 @@ #include "mech_locl.h" #include -RCSID("$Id: gss_mech_switch.c 20625 2007-05-08 13:55:03Z lha $"); +RCSID("$Id: gss_mech_switch.c 21700 2007-07-26 19:08:34Z lha $"); #ifndef _PATH_GSS_MECH #define _PATH_GSS_MECH "/etc/gss/mech" @@ -223,9 +223,9 @@ _gss_load_mech(void) add_builtin(__gss_spnego_initialize()); add_builtin(__gss_ntlm_initialize()); +#ifdef HAVE_DLOPEN fp = fopen(_PATH_GSS_MECH, "r"); if (!fp) { -/* perror(_PATH_GSS_MECH); */ HEIMDAL_MUTEX_unlock(&_gss_mech_mutex); return; } @@ -316,6 +316,7 @@ _gss_load_mech(void) continue; } fclose(fp); +#endif HEIMDAL_MUTEX_unlock(&_gss_mech_mutex); } diff --git a/source4/heimdal/lib/gssapi/mech/gss_names.c b/source4/heimdal/lib/gssapi/mech/gss_names.c index 3ab609c192..f78672d837 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_names.c +++ b/source4/heimdal/lib/gssapi/mech/gss_names.c @@ -27,15 +27,18 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_names.c 19928 2007-01-16 10:37:54Z lha $"); +RCSID("$Id: gss_names.c 21473 2007-07-10 16:29:53Z lha $"); -struct _gss_mechanism_name * -_gss_find_mn(struct _gss_name *name, gss_OID mech) +OM_uint32 +_gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech, + struct _gss_mechanism_name **output_mn) { - OM_uint32 major_status, minor_status; + OM_uint32 major_status; gssapi_mech_interface m; struct _gss_mechanism_name *mn; + *output_mn = NULL; + SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { if (gss_oid_equal(mech, mn->gmn_mech_oid)) break; @@ -47,34 +50,36 @@ _gss_find_mn(struct _gss_name *name, gss_OID mech) * MN but it is from a different mech), give up now. */ if (!name->gn_value.value) - return (0); + return GSS_S_BAD_NAME; m = __gss_get_mechanism(mech); if (!m) - return (0); + return (GSS_S_BAD_MECH); mn = malloc(sizeof(struct _gss_mechanism_name)); if (!mn) - return (0); + return GSS_S_FAILURE; - major_status = m->gm_import_name(&minor_status, + major_status = m->gm_import_name(minor_status, &name->gn_value, (name->gn_type.elements ? &name->gn_type : GSS_C_NO_OID), &mn->gmn_name); if (major_status != GSS_S_COMPLETE) { - _gss_mg_error(m, major_status, minor_status); + _gss_mg_error(m, major_status, *minor_status); free(mn); - return (0); + return major_status; } mn->gmn_mech = m; mn->gmn_mech_oid = &m->gm_mech_oid; SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); } - return (mn); + *output_mn = mn; + return 0; } + /* * Make a name from an MN. */ diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c index 3195370b77..e2cecaf6b4 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c +++ b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_oid_to_str.c 19963 2007-01-17 16:01:22Z lha $"); +RCSID("$Id: gss_oid_to_str.c 21409 2007-07-04 14:19:11Z lha $"); OM_uint32 gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str) @@ -44,6 +44,9 @@ gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str) _mg_buffer_zero(oid_str); + if (oid == GSS_C_NULL_OID) + return GSS_S_FAILURE; + ret = der_get_oid (oid->elements, oid->length, &o, &size); if (ret) { *minor_status = ret; diff --git a/source4/heimdal/lib/gssapi/mech/name.h b/source4/heimdal/lib/gssapi/mech/name.h index 2252150a06..7c9ba33d85 100644 --- a/source4/heimdal/lib/gssapi/mech/name.h +++ b/source4/heimdal/lib/gssapi/mech/name.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/name.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: name.h 18246 2006-10-05 18:36:07Z lha $ + * $Id: name.h 21477 2007-07-10 16:31:44Z lha $ */ struct _gss_mechanism_name { @@ -41,7 +41,8 @@ struct _gss_name { struct _gss_mechanism_name_list gn_mn; /* list of MNs */ }; -struct _gss_mechanism_name * - _gss_find_mn(struct _gss_name *name, gss_OID mech); +OM_uint32 + _gss_find_mn(OM_uint32 *, struct _gss_name *, gss_OID, + struct _gss_mechanism_name **); struct _gss_name * _gss_make_name(gssapi_mech_interface m, gss_name_t new_mn); diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c index d20c913bf0..1afe26f1e3 100644 --- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: accept_sec_context.c 21243 2007-06-20 15:16:22Z lha $"); +RCSID("$Id: accept_sec_context.c 21461 2007-07-10 14:01:13Z lha $"); static OM_uint32 send_reject (OM_uint32 *minor_status, @@ -555,23 +555,16 @@ acceptor_start int get_mic = 0; int first_ok = 0; - if (src_name) - *src_name = GSS_C_NO_NAME; - mech_output_token.value = NULL; mech_output_token.length = 0; mech_buf.value = NULL; - if (*context_handle == GSS_C_NO_CONTEXT) { - ret = _gss_spnego_alloc_sec_context(minor_status, - context_handle); - if (ret != GSS_S_COMPLETE) - return ret; - - if (input_token_buffer->length == 0) { - return send_supported_mechs (minor_status, output_token); - } - } + if (input_token_buffer->length == 0) + return send_supported_mechs (minor_status, output_token); + + ret = _gss_spnego_alloc_sec_context(minor_status, context_handle); + if (ret != GSS_S_COMPLETE) + return ret; ctx = (gssspnego_ctx)*context_handle; diff --git a/source4/heimdal/lib/gssapi/spnego/spnego.asn1 b/source4/heimdal/lib/gssapi/spnego/spnego.asn1 index aed67dc4ae..058f10ba3a 100644 --- a/source4/heimdal/lib/gssapi/spnego/spnego.asn1 +++ b/source4/heimdal/lib/gssapi/spnego/spnego.asn1 @@ -1,4 +1,4 @@ --- $Id: spnego.asn1 19420 2006-12-18 18:28:49Z lha $ +-- $Id: spnego.asn1 21403 2007-07-04 08:13:12Z lha $ SPNEGO DEFINITIONS ::= BEGIN @@ -8,34 +8,34 @@ MechType::= OBJECT IDENTIFIER MechTypeList ::= SEQUENCE OF MechType ContextFlags ::= BIT STRING { - delegFlag (0), - mutualFlag (1), - replayFlag (2), - sequenceFlag (3), - anonFlag (4), - confFlag (5), - integFlag (6) + delegFlag (0), + mutualFlag (1), + replayFlag (2), + sequenceFlag (3), + anonFlag (4), + confFlag (5), + integFlag (6) } NegHints ::= SEQUENCE { - hintName [0] GeneralString OPTIONAL, - hintAddress [1] OCTET STRING OPTIONAL + hintName [0] GeneralString OPTIONAL, + hintAddress [1] OCTET STRING OPTIONAL } NegTokenInitWin ::= SEQUENCE { - mechTypes [0] MechTypeList, - reqFlags [1] ContextFlags OPTIONAL, - mechToken [2] OCTET STRING OPTIONAL, - negHints [3] NegHints OPTIONAL - } + mechTypes [0] MechTypeList, + reqFlags [1] ContextFlags OPTIONAL, + mechToken [2] OCTET STRING OPTIONAL, + negHints [3] NegHints OPTIONAL +} NegTokenInit ::= SEQUENCE { - mechTypes [0] MechTypeList, - reqFlags [1] ContextFlags OPTIONAL, - mechToken [2] OCTET STRING OPTIONAL, - mechListMIC [3] OCTET STRING OPTIONAL - } - + mechTypes [0] MechTypeList, + reqFlags [1] ContextFlags OPTIONAL, + mechToken [2] OCTET STRING OPTIONAL, + mechListMIC [3] OCTET STRING OPTIONAL, + ... +} -- NB: negResult is not OPTIONAL in the new SPNEGO spec but -- Windows clients do not always send it @@ -47,7 +47,8 @@ NegTokenResp ::= SEQUENCE { request-mic (3) } OPTIONAL, supportedMech [1] MechType OPTIONAL, responseToken [2] OCTET STRING OPTIONAL, - mechListMIC [3] OCTET STRING OPTIONAL + mechListMIC [3] OCTET STRING OPTIONAL, + ... } NegotiationToken ::= CHOICE { diff --git a/source4/heimdal/lib/hcrypto/hmac.c b/source4/heimdal/lib/hcrypto/hmac.c index 848b987a90..b8156e38d4 100644 --- a/source4/heimdal/lib/hcrypto/hmac.c +++ b/source4/heimdal/lib/hcrypto/hmac.c @@ -52,8 +52,10 @@ HMAC_Init_ex(HMAC_CTX *ctx, if (ctx->md != md) { ctx->md = md; - if (ctx->buf) + if (ctx->buf) { + memset(ctx->buf, 0, ctx->key_length); free (ctx->buf); + } ctx->key_length = EVP_MD_size(ctx->md); ctx->buf = malloc(ctx->key_length); } @@ -67,10 +69,14 @@ HMAC_Init_ex(HMAC_CTX *ctx, keylen = EVP_MD_size(ctx->md); } - if (ctx->opad) + if (ctx->opad) { + memset(ctx->opad, 0, ctx->key_length); free(ctx->opad); - if (ctx->ipad) + } + if (ctx->ipad) { + memset(ctx->ipad, 0, ctx->key_length); free(ctx->ipad); + } ctx->opad = malloc(EVP_MD_block_size(ctx->md)); ctx->ipad = malloc(EVP_MD_block_size(ctx->md)); diff --git a/source4/heimdal/lib/hx509/ca.c b/source4/heimdal/lib/hx509/ca.c index 0e48269aa4..bf8fe1be1a 100644 --- a/source4/heimdal/lib/hx509/ca.c +++ b/source4/heimdal/lib/hx509/ca.c @@ -33,7 +33,7 @@ #include "hx_locl.h" #include -RCSID("$Id: ca.c 20904 2007-06-05 01:58:45Z lha $"); +RCSID("$Id: ca.c 21379 2007-06-28 07:38:17Z lha $"); struct hx509_ca_tbs { hx509_name subject; @@ -1002,7 +1002,7 @@ ca_sign(hx509_context context, if (size != data.length) _hx509_abort("internal ASN.1 encoder error"); ret = add_extension(context, tbsc, 0, - oid_id_pe_proxyCertInfo(), + oid_id_pkix_pe_proxyCertInfo(), &data); free(data.data); if (ret) diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c index caf163f8e4..b7f19d152a 100644 --- a/source4/heimdal/lib/hx509/cert.c +++ b/source4/heimdal/lib/hx509/cert.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: cert.c 21294 2007-06-25 14:37:15Z lha $"); +RCSID("$Id: cert.c 21380 2007-06-28 07:38:38Z lha $"); #include "crypto-headers.h" #include @@ -898,7 +898,7 @@ is_proxy_cert(hx509_context context, if (rinfo) memset(rinfo, 0, sizeof(*rinfo)); - e = find_extension(cert, oid_id_pe_proxyCertInfo(), &i); + e = find_extension(cert, oid_id_pkix_pe_proxyCertInfo(), &i); if (e == NULL) { hx509_clear_error_string(context); return HX509_EXTENSION_NOT_FOUND; diff --git a/source4/heimdal/lib/hx509/hx509-private.h b/source4/heimdal/lib/hx509/hx509-private.h index 451c3c89f2..acbc3218c6 100644 --- a/source4/heimdal/lib/hx509/hx509-private.h +++ b/source4/heimdal/lib/hx509/hx509-private.h @@ -314,14 +314,6 @@ _hx509_pbe_decrypt ( const heim_octet_string */*econtent*/, heim_octet_string */*content*/); -int -_hx509_pbe_encrypt ( - hx509_context /*context*/, - hx509_lock /*lock*/, - const AlgorithmIdentifier */*ai*/, - const heim_octet_string */*content*/, - heim_octet_string */*econtent*/); - void _hx509_pi_printf ( int (*/*func*/)(void *, const char *), @@ -422,35 +414,11 @@ _hx509_request_add_email ( void _hx509_request_free (hx509_request */*req*/); -int -_hx509_request_get_SubjectPublicKeyInfo ( - hx509_context /*context*/, - hx509_request /*req*/, - SubjectPublicKeyInfo */*key*/); - -int -_hx509_request_get_name ( - hx509_context /*context*/, - hx509_request /*req*/, - hx509_name */*name*/); - int _hx509_request_init ( hx509_context /*context*/, hx509_request */*req*/); -int -_hx509_request_parse ( - hx509_context /*context*/, - const char */*path*/, - hx509_request */*req*/); - -int -_hx509_request_print ( - hx509_context /*context*/, - hx509_request /*req*/, - FILE */*f*/); - int _hx509_request_set_SubjectPublicKeyInfo ( hx509_context /*context*/, diff --git a/source4/heimdal/lib/hx509/ks_p11.c b/source4/heimdal/lib/hx509/ks_p11.c index b899005b33..e3066bbcfa 100644 --- a/source4/heimdal/lib/hx509/ks_p11.c +++ b/source4/heimdal/lib/hx509/ks_p11.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_p11.c 21085 2007-06-13 06:39:53Z lha $"); +RCSID("$Id: ks_p11.c 21387 2007-06-28 08:53:45Z lha $"); #ifdef HAVE_DLFCN_H #include #endif @@ -1129,8 +1129,17 @@ p11_printinfo(hx509_context context, MECHNAME(CKM_RSA_X_509, "rsa-x-509"); MECHNAME(CKM_MD5_RSA_PKCS, "md5-rsa-pkcs"); MECHNAME(CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs"); + MECHNAME(CKM_SHA256_RSA_PKCS, "sha256-rsa-pkcs"); + MECHNAME(CKM_SHA384_RSA_PKCS, "sha384-rsa-pkcs"); + MECHNAME(CKM_SHA512_RSA_PKCS, "sha512-rsa-pkcs"); MECHNAME(CKM_RIPEMD160_RSA_PKCS, "ripemd160-rsa-pkcs"); MECHNAME(CKM_RSA_PKCS_OAEP, "rsa-pkcs-oaep"); + MECHNAME(CKM_SHA512_HMAC, "sha512-hmac"); + MECHNAME(CKM_SHA512, "sha512"); + MECHNAME(CKM_SHA384_HMAC, "sha384-hmac"); + MECHNAME(CKM_SHA384, "sha384"); + MECHNAME(CKM_SHA256_HMAC, "sha256-hmac"); + MECHNAME(CKM_SHA256, "sha256"); MECHNAME(CKM_SHA_1, "sha1"); MECHNAME(CKM_MD5, "md5"); MECHNAME(CKM_MD2, "md2"); diff --git a/source4/heimdal/lib/hx509/peer.c b/source4/heimdal/lib/hx509/peer.c index eccedf1043..e90f8f34b0 100644 --- a/source4/heimdal/lib/hx509/peer.c +++ b/source4/heimdal/lib/hx509/peer.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: peer.c 20938 2007-06-06 20:51:34Z lha $"); +RCSID("$Id: peer.c 21481 2007-07-10 16:33:23Z lha $"); int hx509_peer_info_alloc(hx509_context context, hx509_peer_info *peer) @@ -143,7 +143,7 @@ hx509_peer_info_parse(hx509_peer_info peer, int hx509_peer_info_unparse(hx509_peer_info peer, - heim_octet_string *data) + heim_octet_string *data) { return 0; } diff --git a/source4/heimdal/lib/hx509/print.c b/source4/heimdal/lib/hx509/print.c index dc9d4cfa58..e6f71ea2ce 100644 --- a/source4/heimdal/lib/hx509/print.c +++ b/source4/heimdal/lib/hx509/print.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: print.c 20908 2007-06-05 02:59:33Z lha $"); +RCSID("$Id: print.c 21381 2007-06-28 08:29:22Z lha $"); struct hx509_validate_ctx_data { @@ -591,11 +591,50 @@ check_proxyCertInfo(hx509_validate_ctx ctx, enum critical_flag cf, const Extension *e) { + check_Null(ctx, status, cf, e); status->isproxy = 1; + return 0; +} + +static int +check_authorityInfoAccess(hx509_validate_ctx ctx, + struct cert_status *status, + enum critical_flag cf, + const Extension *e) +{ + AuthorityInfoAccessSyntax aia; + size_t size; + int ret, i; + + check_Null(ctx, status, cf, e); + + ret = decode_AuthorityInfoAccessSyntax(e->extnValue.data, + e->extnValue.length, + &aia, &size); + if (ret) { + printf("\tret = %d while decoding AuthorityInfoAccessSyntax\n", ret); + return 0; + } + + for (i = 0; i < aia.len; i++) { + char *str; + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "\ttype: "); + hx509_oid_print(&aia.val[i].accessMethod, validate_vprint, ctx); + hx509_general_name_unparse(&aia.val[i].accessLocation, &str); + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "\n\tdirname: %s\n", str); + free(str); + } + free_AuthorityInfoAccessSyntax(&aia); return 0; } +/* + * + */ + struct { const char *name; const heim_oid *(*oid)(void); @@ -628,8 +667,11 @@ struct { { ext(extKeyUsage, Null), D_C }, { ext(freshestCRL, Null), M_N_C }, { ext(inhibitAnyPolicy, Null), M_C }, - { "proxyCertInfo", oid_id_pe_proxyCertInfo, - check_proxyCertInfo, M_C }, +#undef ext +#define ext(name, checkname) #name, &oid_id_pkix_pe_##name, check_##checkname + { ext(proxyCertInfo, proxyCertInfo), M_C }, + { ext(authorityInfoAccess, authorityInfoAccess), M_C }, +#undef ext { "US Fed PKI - PIV Interim", oid_id_uspkicommon_piv_interim, check_Null, D_C }, { "Netscape cert comment", oid_id_netscape_cert_comment, diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index 5be3935f2b..59aae40d28 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c 20503 2007-04-21 22:03:56Z lha $"); +RCSID("$Id: cache.c 21498 2007-07-11 09:41:43Z lha $"); /* * Add a new ccache type with operations `ops', overwriting any @@ -338,6 +338,35 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) return 0; } +/* + * Return non-zero if envirnoment that will determine default krb5cc + * name has changed. + */ + +static int +environment_changed(krb5_context context) +{ + const char *e; + + if(issuid()) + return 0; + + e = getenv("KRB5CCNAME"); + if (e == NULL) { + if (context->default_cc_name_env) { + free(context->default_cc_name_env); + context->default_cc_name_env = NULL; + return 1; + } + } else { + if (context->default_cc_name_env == NULL) + return 1; + if (strcmp(e, context->default_cc_name_env) != 0) + return 1; + } + return 0; +} + /* * Set the default cc name for `context' to `name'. */ @@ -353,8 +382,12 @@ krb5_cc_set_default_name(krb5_context context, const char *name) if(!issuid()) { e = getenv("KRB5CCNAME"); - if (e) + if (e) { p = strdup(e); + if (context->default_cc_name_env) + free(context->default_cc_name_env); + context->default_cc_name_env = strdup(e); + } } if (e == NULL) { e = krb5_config_get_string(context, NULL, "libdefaults", @@ -389,7 +422,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name) const char* KRB5_LIB_FUNCTION krb5_cc_default_name(krb5_context context) { - if (context->default_cc_name == NULL) + if (context->default_cc_name == NULL || environment_changed(context)) krb5_cc_set_default_name(context, NULL); return context->default_cc_name; diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c index 3ceb6df89c..703cf43eb6 100644 --- a/source4/heimdal/lib/krb5/changepw.c +++ b/source4/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: changepw.c 17442 2006-05-05 09:31:15Z lha $"); +RCSID("$Id: changepw.c 21505 2007-07-12 12:28:38Z lha $"); static void str2data (krb5_data *d, @@ -46,10 +46,12 @@ str2data (krb5_data *d, ...) { va_list args; + char *str; va_start(args, fmt); - d->length = vasprintf ((char **)&d->data, fmt, args); + d->length = vasprintf (&str, fmt, args); va_end(args); + d->data = str; } /* diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index 8a0af23e40..7c3f128ae5 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_cred.c 21327 2007-06-26 10:54:15Z lha $"); +RCSID("$Id: get_cred.c 21669 2007-07-22 11:29:13Z lha $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -1224,9 +1224,10 @@ krb5_get_renewed_creds(krb5_context context, { krb5_error_code ret; krb5_kdc_flags flags; - krb5_creds in, *template; + krb5_creds in, *template, *out = NULL; memset(&in, 0, sizeof(in)); + memset(creds, 0, sizeof(*creds)); ret = krb5_copy_principal(context, client, &in.client); if (ret) @@ -1263,9 +1264,14 @@ krb5_get_renewed_creds(krb5_context context, krb5_free_creds (context, template); } - ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &in, &creds); + ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &in, &out); krb5_free_principal(context, in.client); krb5_free_principal(context, in.server); + if (ret) + return ret; + + ret = krb5_copy_creds_contents(context, out, creds); + krb5_free_creds(context, out); return ret; } diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c index 5bdf23d97f..bd250cef2b 100644 --- a/source4/heimdal/lib/krb5/init_creds.c +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds.c 20541 2007-04-23 12:19:14Z lha $"); +RCSID("$Id: init_creds.c 21712 2007-07-27 14:23:41Z lha $"); void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) @@ -225,9 +225,8 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context, krb5_get_init_creds_opt_set_renew_life(opt, t); krb5_appdefault_boolean(context, appname, realm, "no-addresses", - FALSE, &b); - if (b) - krb5_get_init_creds_opt_set_addressless (context, opt, TRUE); + KRB5_ADDRESSLESS_DEFAULT, &b); + krb5_get_init_creds_opt_set_addressless (context, opt, b); #if 0 krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b); diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index 1676da3bd6..0043b5ef3c 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c 21061 2007-06-12 17:56:30Z lha $"); +RCSID("$Id: init_creds_pw.c 21428 2007-07-10 12:31:58Z lha $"); typedef struct krb5_get_init_creds_ctx { KDCOptions flags; diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index a551c42ecd..9a84dde61a 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -383,7 +383,7 @@ _krb5_pk_verify_sign ( krb5_error_code _krb5_plugin_find ( krb5_context /*context*/, - enum plugin_type /*type*/, + enum krb5_plugin_type /*type*/, const char */*name*/, struct krb5_plugin **/*list*/); @@ -399,7 +399,7 @@ _krb5_plugin_get_symbol (struct krb5_plugin */*p*/); krb5_error_code _krb5_plugin_register ( krb5_context /*context*/, - enum plugin_type /*type*/, + enum krb5_plugin_type /*type*/, const char */*name*/, void */*symbol*/); diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 058496434e..740b394be8 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -2243,14 +2243,6 @@ krb5_get_pw_salt ( krb5_const_principal /*principal*/, krb5_salt */*salt*/); -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_renewed_creds ( - krb5_context /*context*/, - krb5_creds */*creds*/, - krb5_const_principal /*client*/, - krb5_ccache /*ccache*/, - const char */*in_tkt_service*/); - krb5_error_code KRB5_LIB_FUNCTION krb5_get_server_rcache ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/krb5-v4compat.h b/source4/heimdal/lib/krb5/krb5-v4compat.h index 2ea534cfe3..dfd7e94460 100644 --- a/source4/heimdal/lib/krb5/krb5-v4compat.h +++ b/source4/heimdal/lib/krb5/krb5-v4compat.h @@ -31,11 +31,13 @@ * SUCH DAMAGE. */ -/* $Id: krb5-v4compat.h 17442 2006-05-05 09:31:15Z lha $ */ +/* $Id: krb5-v4compat.h 21575 2007-07-16 07:44:54Z lha $ */ #ifndef __KRB5_V4COMPAT_H__ #define __KRB5_V4COMPAT_H__ +#include "krb_err.h" + /* * This file must only be included with v4 compat glue stuff in * heimdal sources. @@ -57,56 +59,10 @@ #define AUTH_MSG_KDC_RENEW (10<<1) #define AUTH_MSG_DIE (63<<1) -/* values for kerb error codes */ - -#define KERB_ERR_OK 0 -#define KERB_ERR_NAME_EXP 1 -#define KERB_ERR_SERVICE_EXP 2 -#define KERB_ERR_AUTH_EXP 3 -#define KERB_ERR_PKT_VER 4 -#define KERB_ERR_NAME_MAST_KEY_VER 5 -#define KERB_ERR_SERV_MAST_KEY_VER 6 -#define KERB_ERR_BYTE_ORDER 7 -#define KERB_ERR_PRINCIPAL_UNKNOWN 8 -#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9 -#define KERB_ERR_NULL_KEY 10 -#define KERB_ERR_TIMEOUT 11 - - -/* Error codes returned from the KDC */ -#define KDC_OK 0 /* Request OK */ -#define KDC_NAME_EXP 1 /* Principal expired */ -#define KDC_SERVICE_EXP 2 /* Service expired */ -#define KDC_AUTH_EXP 3 /* Auth expired */ -#define KDC_PKT_VER 4 /* Protocol version unknown */ -#define KDC_P_MKEY_VER 5 /* Wrong master key version */ -#define KDC_S_MKEY_VER 6 /* Wrong master key version */ -#define KDC_BYTE_ORDER 7 /* Byte order unknown */ -#define KDC_PR_UNKNOWN 8 /* Principal unknown */ -#define KDC_PR_N_UNIQUE 9 /* Principal not unique */ -#define KDC_NULL_KEY 10 /* Principal has null key */ -#define KDC_GEN_ERR 20 /* Generic error from KDC */ - /* General definitions */ #define KSUCCESS 0 #define KFAILURE 255 -/* Values returned by rd_ap_req */ -#define RD_AP_OK 0 /* Request authentic */ -#define RD_AP_UNDEC 31 /* Can't decode authenticator */ -#define RD_AP_EXP 32 /* Ticket expired */ -#define RD_AP_NYV 33 /* Ticket not yet valid */ -#define RD_AP_REPEAT 34 /* Repeated request */ -#define RD_AP_NOT_US 35 /* The ticket isn't for us */ -#define RD_AP_INCON 36 /* Request is inconsistent */ -#define RD_AP_TIME 37 /* delta_t too big */ -#define RD_AP_BADD 38 /* Incorrect net address */ -#define RD_AP_VERSION 39 /* protocol version mismatch */ -#define RD_AP_MSG_TYPE 40 /* invalid msg type */ -#define RD_AP_MODIFIED 41 /* message stream modified */ -#define RD_AP_ORDER 42 /* message out of order */ -#define RD_AP_UNAUTHOR 43 /* unauthorized request */ - /* */ #define MAX_KTXT_LEN 1250 diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index 345fe70764..4f9a63bf05 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h 21252 2007-06-21 04:18:28Z lha $ */ +/* $Id: krb5.h 21551 2007-07-15 09:03:39Z lha $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -436,11 +436,6 @@ typedef struct krb5_config_binding krb5_config_binding; typedef krb5_config_binding krb5_config_section; -enum { - KRB5_PKINIT_WIN2K = 1, /* wire compatible with Windows 2k */ - KRB5_PKINIT_PACKET_CABLE = 2 /* use packet cable standard */ -}; - typedef struct krb5_ticket { EncTicketPart ticket; krb5_principal client; @@ -766,6 +761,12 @@ typedef struct krb5_sendto_ctx *krb5_sendto_ctx; typedef krb5_error_code (*krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, const krb5_data *, int *); +struct krb5_plugin; +enum krb5_plugin_type { + PLUGIN_TYPE_DATA = 1, + PLUGIN_TYPE_FUNC +}; + struct credentials; /* this is to keep the compiler happy */ struct getargs; struct sockaddr; diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index 87169fc430..b41e6e1182 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h 20261 2007-02-18 00:32:22Z lha $ */ +/* $Id: krb5_locl.h 21552 2007-07-15 09:04:00Z lha $ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ @@ -148,12 +148,6 @@ struct krb5_dh_moduli; /* v4 glue */ struct _krb5_krb_auth_data; -struct krb5_plugin; -enum plugin_type { - PLUGIN_TYPE_DATA = 1, - PLUGIN_TYPE_FUNC -}; - #include #include @@ -236,7 +230,7 @@ typedef struct krb5_context_data { char error_buf[256]; krb5_addresses *ignore_addresses; char *default_cc_name; - int pkinit_flags; + char *default_cc_name_env; void *mutex; /* protects error_string/error_buf */ int large_msg_size; int dns_canonicalize_hostname; diff --git a/source4/heimdal/lib/krb5/krb_err.et b/source4/heimdal/lib/krb5/krb_err.et new file mode 100644 index 0000000000..f7dbb6ce7a --- /dev/null +++ b/source4/heimdal/lib/krb5/krb_err.et @@ -0,0 +1,63 @@ +# +# Error messages for the krb4 library +# +# This might look like a com_err file, but is not +# +id "$Id: krb_err.et,v 1.7 1998/03/29 14:19:52 bg Exp $" + +error_table krb + +prefix KRB4ET +ec KSUCCESS, "Kerberos 4 successful" +ec KDC_NAME_EXP, "Kerberos 4 principal expired" +ec KDC_SERVICE_EXP, "Kerberos 4 service expired" +ec KDC_AUTH_EXP, "Kerberos 4 auth expired" +ec KDC_PKT_VER, "Incorrect Kerberos 4 master key version" +ec KDC_P_MKEY_VER, "Incorrect Kerberos 4 master key version" +ec KDC_S_MKEY_VER, "Incorrect Kerberos 4 master key version" +ec KDC_BYTE_ORDER, "Kerberos 4 byte order unknown" +ec KDC_PR_UNKNOWN, "Kerberos 4 principal unknown" +ec KDC_PR_N_UNIQUE, "Kerberos 4 principal not unique" +ec KDC_NULL_KEY, "Kerberos 4 principal has null key" +index 20 +ec KDC_GEN_ERR, "Generic error from KDC (Kerberos 4)" +ec GC_TKFIL, "Can't read Kerberos 4 ticket file" +ec GC_NOTKT, "Can't find Kerberos 4 ticket or TGT" +index 26 +ec MK_AP_TGTEXP, "Kerberos 4 TGT Expired" +index 31 +ec RD_AP_UNDEC, "Kerberos 4: Can't decode authenticator" +ec RD_AP_EXP, "Kerberos 4 ticket expired" +ec RD_AP_NYV, "Kerberos 4 ticket not yet valid" +ec RD_AP_REPEAT, "Kerberos 4: Repeated request" +ec RD_AP_NOT_US, "The Kerberos 4 ticket isn't for us" +ec RD_AP_INCON, "Kerberos 4 request inconsistent" +ec RD_AP_TIME, "Kerberos 4: delta_t too big" +ec RD_AP_BADD, "Kerberos 4: incorrect net address" +ec RD_AP_VERSION, "Kerberos protocol not version 4" +ec RD_AP_MSG_TYPE, "Kerberos 4: invalid msg type" +ec RD_AP_MODIFIED, "Kerberos 4: message stream modified" +ec RD_AP_ORDER, "Kerberos 4: message out of order" +ec RD_AP_UNAUTHOR, "Kerberos 4: unauthorized request" +index 51 +ec GT_PW_NULL, "Kerberos 4: current PW is null" +ec GT_PW_BADPW, "Kerberos 4: Incorrect current password" +ec GT_PW_PROT, "Kerberos 4 protocol error" +ec GT_PW_KDCERR, "Error returned by KDC (Kerberos 4)" +ec GT_PW_NULLTKT, "Null Kerberos 4 ticket returned by KDC" +ec SKDC_RETRY, "Kerberos 4: Retry count exceeded" +ec SKDC_CANT, "Kerberos 4: Can't send request" +index 61 +ec INTK_W_NOTALL, "Kerberos 4: not all tickets returned" +ec INTK_BADPW, "Kerberos 4: incorrect password" +ec INTK_PROT, "Kerberos 4: Protocol Error" +index 70 +ec INTK_ERR, "Other error in Kerberos 4" +ec AD_NOTGT, "Don't have Kerberos 4 ticket-granting ticket" +index 76 +ec NO_TKT_FIL, "No Kerberos 4 ticket file found" +ec TKT_FIL_ACC, "Couldn't access Kerberos 4 ticket file" +ec TKT_FIL_LCK, "Couldn't lock Kerberos 4 ticket file" +ec TKT_FIL_FMT, "Bad Kerberos 4 ticket file format" +ec TKT_FIL_INI, "Kerberos 4: tf_init not called first" +ec KNAME_FMT, "Bad Kerberos 4 name format" diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c index 69b52dd808..094fd4f9c6 100644 --- a/source4/heimdal/lib/krb5/krbhst.c +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -35,7 +35,7 @@ #include #include "locate_plugin.h" -RCSID("$Id: krbhst.c 21131 2007-06-18 20:48:09Z lha $"); +RCSID("$Id: krbhst.c 21457 2007-07-10 12:53:25Z lha $"); static int string_to_proto(const char *string) @@ -919,8 +919,10 @@ gethostlist(krb5_context context, const char *realm, while(krb5_krbhst_next(context, handle, &hostinfo) == 0) nhost++; - if(nhost == 0) + if(nhost == 0) { + krb5_set_error_string(context, "No KDC found for realm %s", realm); return KRB5_KDC_UNREACH; + } *hostlist = calloc(nhost + 1, sizeof(**hostlist)); if(*hostlist == NULL) { krb5_krbhst_free(context, handle); diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 105cab554d..c8587770f4 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c 21321 2007-06-26 05:21:56Z lha $"); +RCSID("$Id: pkinit.c 21684 2007-07-23 23:09:10Z lha $"); struct krb5_dh_moduli { char *name; @@ -645,8 +645,6 @@ _krb5_pk_mk_padata(krb5_context context, req_body->realm, "pkinit_win2k", NULL); - if (context->pkinit_flags & KRB5_PKINIT_WIN2K) - win2k_compat = 1; if (win2k_compat) { ctx->require_binding = @@ -1721,7 +1719,7 @@ _krb5_free_moduli(struct krb5_dh_moduli **moduli) free(moduli); } -static const char *default_moduli = +static const char *default_moduli_RFC2412_MODP_group2 = /* name */ "RFC2412-MODP-group2 " /* bits */ @@ -1743,6 +1741,37 @@ static const char *default_moduli = "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F67329C0" "FFFFFFFF" "FFFFFFFF"; +static const char *default_moduli_rfc3526_MODP_group14 = + /* name */ + "rfc3526-MODP-group14 " + /* bits */ + "1760 " + /* p */ + "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" + "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" + "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" + "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" + "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D" + "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F" + "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D" + "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B" + "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9" + "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510" + "15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF " + /* g */ + "02 " + /* q */ + "7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68" + "94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E" + "F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122" + "F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6" + "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F6722D9E" + "E1003E5C" "50B1DF82" "CC6D241B" "0E2AE9CD" "348B1FD4" "7E9267AF" + "C1B2AE91" "EE51D6CB" "0E3179AB" "1042A95D" "CF6A9483" "B84B4B36" + "B3861AA7" "255E4C02" "78BA3604" "650C10BE" "19482F23" "171B671D" + "F1CF3B96" "0C074301" "CD93C1D1" "7603D147" "DAE2AEF8" "37A62964" + "EF15E5FB" "4AAC0B8C" "1CCAA4BE" "754AB572" "8AE9130C" "4C7D0288" + "0AB9472D" "45565534" "7FFFFFFF" "FFFFFFFF"; krb5_error_code _krb5_parse_moduli(krb5_context context, const char *file, @@ -1757,19 +1786,28 @@ _krb5_parse_moduli(krb5_context context, const char *file, *moduli = NULL; - m = calloc(1, sizeof(m[0]) * 2); + m = calloc(1, sizeof(m[0]) * 3); if (m == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } - strlcpy(buf, default_moduli, sizeof(buf)); + strlcpy(buf, default_moduli_rfc3526_MODP_group14, sizeof(buf)); ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[0]); if (ret) { _krb5_free_moduli(m); return ret; } - n = 1; + n++; + + strlcpy(buf, default_moduli_RFC2412_MODP_group2, sizeof(buf)); + ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[1]); + if (ret) { + _krb5_free_moduli(m); + return ret; + } + n++; + if (file == NULL) file = MODULI_FILE; diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c index 68317a12c0..43fa3f5b45 100644 --- a/source4/heimdal/lib/krb5/plugin.c +++ b/source4/heimdal/lib/krb5/plugin.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: plugin.c 21134 2007-06-18 21:02:23Z lha $"); +RCSID("$Id: plugin.c 21702 2007-07-26 19:13:53Z lha $"); #ifdef HAVE_DLFCN_H #include #endif @@ -45,7 +45,7 @@ struct krb5_plugin { }; struct plugin { - enum plugin_type type; + enum krb5_plugin_type type; void *name; void *symbol; struct plugin *next; @@ -76,9 +76,11 @@ _krb5_plugin_get_next(struct krb5_plugin *p) * */ +#ifdef HAVE_DLOPEN + static krb5_error_code loadlib(krb5_context context, - enum plugin_type type, + enum krb5_plugin_type type, const char *name, const char *lib, struct krb5_plugin **e) @@ -113,10 +115,11 @@ loadlib(krb5_context context, return 0; } +#endif /* HAVE_DLOPEN */ krb5_error_code _krb5_plugin_register(krb5_context context, - enum plugin_type type, + enum krb5_plugin_type type, const char *name, void *symbol) { @@ -146,7 +149,7 @@ _krb5_plugin_register(krb5_context context, krb5_error_code _krb5_plugin_find(krb5_context context, - enum plugin_type type, + enum krb5_plugin_type type, const char *name, struct krb5_plugin **list) { @@ -181,6 +184,8 @@ _krb5_plugin_find(krb5_context context, } HEIMDAL_MUTEX_unlock(&plugin_mutex); +#ifdef HAVE_DLOPEN + dirs = krb5_config_get_strings(context, NULL, "libdefaults", "plugin_dir", NULL); if (dirs == NULL) { @@ -213,6 +218,7 @@ _krb5_plugin_find(krb5_context context, } if (dirs != sysdirs) krb5_config_free_strings(dirs); +#endif /* HAVE_DLOPEN */ if (*list == NULL) { krb5_set_error_string(context, "Did not find a plugin for %s", name); diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c index d3920dd941..47b5df85b2 100644 --- a/source4/heimdal/lib/krb5/rd_priv.c +++ b/source4/heimdal/lib/krb5/rd_priv.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_priv.c 17056 2006-04-12 16:18:10Z lha $"); +RCSID("$Id: rd_priv.c 21770 2007-08-01 04:04:33Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_priv(krb5_context context, @@ -55,13 +55,17 @@ krb5_rd_priv(krb5_context context, if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && - outdata == NULL) + outdata == NULL) { + krb5_clear_error_string (context); return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ + } memset(&priv, 0, sizeof(priv)); ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len); - if (ret) + if (ret) { + krb5_clear_error_string (context); goto failure; + } if (priv.pvno != 5) { krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BADVERSION; @@ -94,8 +98,10 @@ krb5_rd_priv(krb5_context context, ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len); krb5_data_free (&plain); - if (ret) + if (ret) { + krb5_clear_error_string (context); goto failure; + } /* check sender address */ diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c index d42fbec3a5..3f99df6391 100644 --- a/source4/heimdal/lib/krb5/v4_glue.c +++ b/source4/heimdal/lib/krb5/v4_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: v4_glue.c 17442 2006-05-05 09:31:15Z lha $"); +RCSID("$Id: v4_glue.c 21572 2007-07-16 05:13:08Z lha $"); #include "krb5-v4compat.h" @@ -351,12 +351,12 @@ storage_to_etext(krb5_context context, size = krb5_storage_seek(sp, 0, SEEK_END); if (size < 0) - return EINVAL; + return KRB4ET_RD_AP_UNDEC; size = 8 - (size & 7); ret = krb5_storage_write(sp, eightzeros, size); if (ret != size) - return EINVAL; + return KRB4ET_RD_AP_UNDEC; ret = krb5_storage_to_data(sp, &data); if (ret) @@ -435,7 +435,7 @@ _krb5_krb_create_ticket(krb5_context context, session->keyvalue.data, session->keyvalue.length); if (ret != session->keyvalue.length) { - ret = EINVAL; + ret = KRB4ET_INTK_PROT; goto error; } @@ -487,7 +487,7 @@ _krb5_krb_create_ciph(krb5_context context, session->keyvalue.data, session->keyvalue.length); if (ret != session->keyvalue.length) { - ret = EINVAL; + ret = KRB4ET_INTK_PROT; goto error; } @@ -497,7 +497,7 @@ _krb5_krb_create_ciph(krb5_context context, RCHECK(ret, krb5_store_int8(sp, ticket->length), error); ret = krb5_storage_write(sp, ticket->data, ticket->length); if (ret != ticket->length) { - ret = EINVAL; + ret = KRB4ET_INTK_PROT; goto error; } RCHECK(ret, krb5_store_int32(sp, kdc_time), error); @@ -550,7 +550,7 @@ _krb5_krb_create_auth_reply(krb5_context context, RCHECK(ret, krb5_store_int16(sp, cipher->length), error); ret = krb5_storage_write(sp, cipher->data, cipher->length); if (ret != cipher->length) { - ret = EINVAL; + ret = KRB4ET_INTK_PROT; goto error; } @@ -599,6 +599,9 @@ _krb5_krb_cr_err_reply(krb5_context context, RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error); RCHECK(ret, put_nir(sp, name, inst, realm), error); RCHECK(ret, krb5_store_int32(sp, time_ws), error); + /* If its a Kerberos 4 error-code, remove the et BASE */ + if (e >= ERROR_TABLE_BASE_krb && e <= ERROR_TABLE_BASE_krb + 255) + e -= ERROR_TABLE_BASE_krb; RCHECK(ret, krb5_store_int32(sp, e), error); RCHECK(ret, krb5_store_stringz(sp, e_string), error); @@ -623,7 +626,7 @@ get_v4_stringz(krb5_storage *sp, char **str, size_t max_len) if (strlen(*str) > max_len) { free(*str); *str = NULL; - return EINVAL; + return KRB4ET_INTK_PROT; } return 0; } @@ -662,7 +665,7 @@ _krb5_krb_decomp_ticket(krb5_context context, return ENOMEM; } - krb5_storage_set_eof_code(sp, EINVAL); /* XXX */ + krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT); RCHECK(ret, krb5_ret_int8(sp, &ad->k_flags), error); RCHECK(ret, get_v4_stringz(sp, &ad->pname, ANAME_SZ), error); @@ -672,7 +675,7 @@ _krb5_krb_decomp_ticket(krb5_context context, size = krb5_storage_read(sp, des_key, sizeof(des_key)); if (size != sizeof(des_key)) { - ret = EINVAL; /* XXX */ + ret = KRB4ET_INTK_PROT; goto error; } @@ -770,26 +773,32 @@ _krb5_krb_rd_req(krb5_context context, return ENOMEM; } - krb5_storage_set_eof_code(sp, EINVAL); /* XXX */ + krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT); ret = krb5_ret_int8(sp, &pvno); - if (ret) + if (ret) { + krb5_set_error_string(context, "Failed reading v4 pvno"); goto error; + } if (pvno != KRB_PROT_VERSION) { - ret = EINVAL; /* XXX */ + ret = KRB4ET_RD_AP_VERSION; + krb5_set_error_string(context, "Failed v4 pvno not 4"); goto error; } ret = krb5_ret_int8(sp, &type); - if (ret) + if (ret) { + krb5_set_error_string(context, "Failed readin v4 type"); goto error; + } little_endian = type & 1; type &= ~1; if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) { - ret = EINVAL; /* RD_AP_MSG_TYPE */ + ret = KRB4ET_RD_AP_MSG_TYPE; + krb5_set_error_string(context, "Not a valid v4 request type"); goto error; } @@ -801,7 +810,8 @@ _krb5_krb_rd_req(krb5_context context, size = krb5_storage_read(sp, ticket.data, ticket.length); if (size != ticket.length) { - ret = EINVAL; + ret = KRB4ET_INTK_PROT; + krb5_set_error_string(context, "Failed reading v4 ticket"); goto error; } @@ -815,7 +825,8 @@ _krb5_krb_rd_req(krb5_context context, size = krb5_storage_read(sp, eaut.data, eaut.length); if (size != eaut.length) { - ret = EINVAL; + ret = KRB4ET_INTK_PROT; + krb5_set_error_string(context, "Failed reading v4 authenticator"); goto error; } @@ -828,8 +839,8 @@ _krb5_krb_rd_req(krb5_context context, sp = krb5_storage_from_data(&aut); if (sp == NULL) { - krb5_set_error_string(context, "alloc: out of memory"); ret = ENOMEM; + krb5_set_error_string(context, "alloc: out of memory"); goto error; } @@ -849,19 +860,22 @@ _krb5_krb_rd_req(krb5_context context, if (strcmp(ad->pname, r_name) != 0 || strcmp(ad->pinst, r_instance) != 0 || strcmp(ad->prealm, r_realm) != 0) { - ret = EINVAL; /* RD_AP_INCON */ + krb5_set_error_string(context, "v4 principal mismatch"); + ret = KRB4ET_RD_AP_INCON; goto error; } - if (from_addr && from_addr != ad->address) { - ret = EINVAL; /* RD_AP_BADD */ + if (from_addr && ad->address && from_addr != ad->address) { + krb5_set_error_string(context, "v4 bad address in ticket"); + ret = KRB4ET_RD_AP_BADD; goto error; } gettimeofday(&tv, NULL); delta_t = abs((int)(tv.tv_sec - r_time_sec)); if (delta_t > CLOCK_SKEW) { - ret = EINVAL; /* RD_AP_TIME */ + ret = KRB4ET_RD_AP_TIME; + krb5_set_error_string(context, "v4 clock skew"); goto error; } @@ -870,12 +884,14 @@ _krb5_krb_rd_req(krb5_context context, tkt_age = tv.tv_sec - ad->time_sec; if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) { - ret = EINVAL; /* RD_AP_NYV */ + ret = KRB4ET_RD_AP_NYV; + krb5_set_error_string(context, "v4 clock skew for expiration"); goto error; } if (tv.tv_sec > _krb5_krb_life_to_time(ad->time_sec, ad->life)) { - ret = EINVAL; /* RD_AP_EXP */ + ret = KRB4ET_RD_AP_EXP; + krb5_set_error_string(context, "v4 ticket expired"); goto error; } diff --git a/source4/heimdal/lib/ntlm/ntlm.c b/source4/heimdal/lib/ntlm/ntlm.c index 1961c7fa22..671bf329e8 100644 --- a/source4/heimdal/lib/ntlm/ntlm.c +++ b/source4/heimdal/lib/ntlm/ntlm.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: ntlm.c 21317 2007-06-25 19:22:02Z lha $"); +RCSID("$Id: ntlm.c 21604 2007-07-17 06:48:55Z lha $"); #include #include @@ -1105,7 +1105,7 @@ heim_ntlm_verify_ntlm2(const void *key, size_t len, HMAC_CTX_init(&c); HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL); HMAC_Update(&c, serverchallange, 8); - HMAC_Update(&c, ((char *)answer->data) + 16, answer->length - 16); + HMAC_Update(&c, ((unsigned char *)answer->data) + 16, answer->length - 16); HMAC_Final(&c, serveranswer, &hmaclen); HMAC_CTX_cleanup(&c); -- cgit From 733591c079eb646344333bcad091839cd15992e7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 22 Sep 2007 09:44:29 +0000 Subject: r25298: regenerate lex.c files with config.h as first include this should help on aix 5.3. metze (This used to be commit bfd8c275bb90b2709753ef3177c8ab24f91c75c0) --- source4/heimdal/lib/asn1/lex.c | 33 ++++++--------------------------- source4/heimdal/lib/com_err/lex.c | 33 ++++++--------------------------- 2 files changed, 12 insertions(+), 54 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index d628e4696f..638b182d13 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -1,5 +1,6 @@ +#include "config.h" -#line 3 "lex.c" +#line 3 "heimdal/lib/asn1/lex.c" #define YY_INT_ALIGNED short int @@ -342,9 +343,6 @@ FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; typedef int yy_state_type; extern int yylineno; - -int yylineno = 1; - extern char *yytext; #define yytext_ptr yytext @@ -826,7 +824,7 @@ char *yytext; * SUCH DAMAGE. */ -/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */ +/* $Id: lex.l,v 1.31 2006/10/21 11:57:22 lha Exp $ */ #ifdef HAVE_CONFIG_H #include @@ -851,7 +849,7 @@ static unsigned lineno = 1; static void unterminated(const char *, unsigned); /* This is for broken old lexes (solaris 10 and hpux) */ -#line 855 "lex.c" +#line 852 "heimdal/lib/asn1/lex.c" #define INITIAL 0 @@ -1006,7 +1004,7 @@ YY_DECL #line 68 "lex.l" -#line 1010 "lex.c" +#line 1007 "heimdal/lib/asn1/lex.c" if ( !(yy_init) ) { @@ -1675,7 +1673,7 @@ YY_RULE_SETUP #line 274 "lex.l" ECHO; YY_BREAK -#line 1679 "lex.c" +#line 1676 "heimdal/lib/asn1/lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -2485,15 +2483,6 @@ static void yy_fatal_error (yyconst char* msg ) /* Accessor methods (get/set functions) to struct members. */ -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} - /** Get the input stream. * */ @@ -2527,16 +2516,6 @@ char *yyget_text (void) return yytext; } -/** Set the current line number. - * @param line_number - * - */ -void yyset_lineno (int line_number ) -{ - - yylineno = line_number; -} - /** Set the input stream. This does not discard the current * input buffer. * @param in_str A readable stream. diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index c5af2ead5c..77e79d4eae 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -1,5 +1,6 @@ +#include "config.h" -#line 3 "lex.c" +#line 3 "heimdal/lib/com_err/lex.c" #define YY_INT_ALIGNED short int @@ -342,9 +343,6 @@ FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; typedef int yy_state_type; extern int yylineno; - -int yylineno = 1; - extern char *yytext; #define yytext_ptr yytext @@ -523,7 +521,7 @@ char *yytext; #include "parse.h" #include "lex.h" -RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $"); +RCSID("$Id: lex.l,v 1.8 2005/05/16 08:52:54 lha Exp $"); static unsigned lineno = 1; static int getstring(void); @@ -532,7 +530,7 @@ static int getstring(void); #undef ECHO -#line 536 "lex.c" +#line 533 "heimdal/lib/com_err/lex.c" #define INITIAL 0 @@ -687,7 +685,7 @@ YY_DECL #line 59 "lex.l" -#line 691 "lex.c" +#line 688 "heimdal/lib/com_err/lex.c" if ( !(yy_init) ) { @@ -851,7 +849,7 @@ YY_RULE_SETUP #line 75 "lex.l" ECHO; YY_BREAK -#line 855 "lex.c" +#line 852 "heimdal/lib/com_err/lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -1661,15 +1659,6 @@ static void yy_fatal_error (yyconst char* msg ) /* Accessor methods (get/set functions) to struct members. */ -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} - /** Get the input stream. * */ @@ -1703,16 +1692,6 @@ char *yyget_text (void) return yytext; } -/** Set the current line number. - * @param line_number - * - */ -void yyset_lineno (int line_number ) -{ - - yylineno = line_number; -} - /** Set the input stream. This does not discard the current * input buffer. * @param in_str A readable stream. -- cgit From 12215fadf8c0122ff9da58ebaab49fde5247d378 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 25 Oct 2007 19:50:34 +0200 Subject: r25732: import updated parse.y files from lorikeet-heimdal I wonder why they're not updated as the parse.[ch] are generated from the new versions already... metze (This used to be commit 9735715a0f2c8ea0c6ff5ba5adde6b6a6fb43aed) --- source4/heimdal/lib/asn1/parse.y | 74 ++++++++++++++++++++++++++++--------- source4/heimdal/lib/com_err/parse.y | 2 +- 2 files changed, 57 insertions(+), 19 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/parse.y b/source4/heimdal/lib/asn1/parse.y index 029cef9f0f..772f2b1bc1 100644 --- a/source4/heimdal/lib/asn1/parse.y +++ b/source4/heimdal/lib/asn1/parse.y @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse.y,v 1.29 2006/12/28 17:15:02 lha Exp $ */ +/* $Id: parse.y 21597 2007-07-16 18:48:58Z lha $ */ %{ #ifdef HAVE_CONFIG_H @@ -45,7 +45,7 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y,v 1.29 2006/12/28 17:15:02 lha Exp $"); +RCSID("$Id: parse.y 21597 2007-07-16 18:48:58Z lha $"); static Type *new_type (Typetype t); static struct constraint_spec *new_constraint_spec(enum ctype); @@ -65,7 +65,7 @@ struct string_list { %union { int constant; struct value *value; - struct range range; + struct range *range; char *name; Type *type; Member *member; @@ -214,7 +214,7 @@ struct string_list { %type NamedNumberList %type objid objid_list objid_element objid_opt -%type range +%type range size %type referencenames @@ -224,11 +224,13 @@ struct string_list { %type ContentsConstraint %type UserDefinedConstraint + + %start ModuleDefinition %% -ModuleDefinition: IDENTIFIER kw_DEFINITIONS TagDefault ExtensionDefault +ModuleDefinition: IDENTIFIER objid_opt kw_DEFINITIONS TagDefault ExtensionDefault EEQUAL kw_BEGIN ModuleBody kw_END { checkundefined(); @@ -337,14 +339,41 @@ BooleanType : kw_BOOLEAN range : '(' Value RANGE Value ')' { - if($2->type != integervalue || - $4->type != integervalue) - error_message("Non-integer value used in range"); - $$.min = $2->u.integervalue; - $$.max = $4->u.integervalue; + if($2->type != integervalue) + error_message("Non-integer used in first part of range"); + if($2->type != integervalue) + error_message("Non-integer in second part of range"); + $$ = ecalloc(1, sizeof(*$$)); + $$->min = $2->u.integervalue; + $$->max = $4->u.integervalue; + } + | '(' Value RANGE kw_MAX ')' + { + if($2->type != integervalue) + error_message("Non-integer in first part of range"); + $$ = ecalloc(1, sizeof(*$$)); + $$->min = $2->u.integervalue; + $$->max = $2->u.integervalue - 1; + } + | '(' kw_MIN RANGE Value ')' + { + if($4->type != integervalue) + error_message("Non-integer in second part of range"); + $$ = ecalloc(1, sizeof(*$$)); + $$->min = $4->u.integervalue + 2; + $$->max = $4->u.integervalue; + } + | '(' Value ')' + { + if($2->type != integervalue) + error_message("Non-integer used in limit"); + $$ = ecalloc(1, sizeof(*$$)); + $$->min = $2->u.integervalue; + $$->max = $2->u.integervalue; } ; + IntegerType : kw_INTEGER { $$ = new_tag(ASN1_C_UNIV, UT_Integer, @@ -353,8 +382,7 @@ IntegerType : kw_INTEGER | kw_INTEGER range { $$ = new_type(TInteger); - $$->range = emalloc(sizeof(*$$->range)); - *($$->range) = $2; + $$->range = $2; $$ = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, $$); } | kw_INTEGER '{' NamedNumberList '}' @@ -425,10 +453,12 @@ ObjectIdentifierType: kw_OBJECT kw_IDENTIFIER TE_EXPLICIT, new_type(TOID)); } ; -OctetStringType : kw_OCTET kw_STRING +OctetStringType : kw_OCTET kw_STRING size { - $$ = new_tag(ASN1_C_UNIV, UT_OctetString, - TE_EXPLICIT, new_type(TOctetString)); + Type *t = new_type(TOctetString); + t->range = $3; + $$ = new_tag(ASN1_C_UNIV, UT_OctetString, + TE_EXPLICIT, t); } ; @@ -439,6 +469,13 @@ NullType : kw_NULL } ; +size : + { $$ = NULL; } + | kw_SIZE range + { $$ = $2; } + ; + + SequenceType : kw_SEQUENCE '{' /* ComponentTypeLists */ ComponentTypeList '}' { $$ = new_type(TSequence); @@ -453,10 +490,11 @@ SequenceType : kw_SEQUENCE '{' /* ComponentTypeLists */ ComponentTypeList '}' } ; -SequenceOfType : kw_SEQUENCE kw_OF Type +SequenceOfType : kw_SEQUENCE size kw_OF Type { $$ = new_type(TSequenceOf); - $$->subtype = $3; + $$->range = $2; + $$->subtype = $4; $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$); } ; diff --git a/source4/heimdal/lib/com_err/parse.y b/source4/heimdal/lib/com_err/parse.y index 6174d6ae7f..315931389f 100644 --- a/source4/heimdal/lib/com_err/parse.y +++ b/source4/heimdal/lib/com_err/parse.y @@ -35,7 +35,7 @@ #include "compile_et.h" #include "lex.h" -RCSID("$Id: parse.y,v 1.15 2005/06/16 19:21:42 lha Exp $"); +RCSID("$Id: parse.y 15426 2005-06-16 19:21:42Z lha $"); void yyerror (char *s); static long name2number(const char *str); -- cgit From 5d482b634d601fe15cc64cd2945deb882789c528 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 25 Oct 2007 19:52:37 +0200 Subject: r25734: regenerate yacc output (parse.[ch] files) metze (This used to be commit cb3aec0d22e87086d8f922b7d8f0a2530842053f) --- source4/heimdal/lib/asn1/parse.c | 184 ++++++++++++++++++------------------ source4/heimdal/lib/asn1/parse.h | 4 +- source4/heimdal/lib/com_err/parse.c | 32 ++++--- source4/heimdal/lib/com_err/parse.h | 8 +- 4 files changed, 116 insertions(+), 112 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index 6a3e524e93..edcb313bd0 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -248,7 +248,7 @@ /* Copy the first part of user declarations. */ -#line 36 "parse.y" +#line 36 "heimdal/lib/asn1/parse.y" #ifdef HAVE_CONFIG_H #include @@ -280,7 +280,7 @@ struct string_list { /* Enabling traces. */ #ifndef YYDEBUG -# define YYDEBUG 1 +# define YYDEBUG 0 #endif /* Enabling verbose error messages. */ @@ -298,7 +298,7 @@ struct string_list { #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 65 "parse.y" +#line 65 "heimdal/lib/asn1/parse.y" { int constant; struct value *value; @@ -314,7 +314,7 @@ typedef union YYSTYPE struct constraint_spec *constraint_spec; } /* Line 187 of yacc.c. */ -#line 318 "parse.c" +#line 318 "heimdal/lib/asn1/parse.y" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -327,7 +327,7 @@ typedef union YYSTYPE /* Line 216 of yacc.c. */ -#line 331 "parse.c" +#line 331 "heimdal/lib/asn1/parse.y" #ifdef short # undef short @@ -1762,29 +1762,29 @@ yyreduce: switch (yyn) { case 2: -#line 235 "parse.y" +#line 235 "heimdal/lib/asn1/parse.y" { checkundefined(); } break; case 4: -#line 242 "parse.y" +#line 242 "heimdal/lib/asn1/parse.y" { error_message("implicit tagging is not supported"); } break; case 5: -#line 244 "parse.y" +#line 244 "heimdal/lib/asn1/parse.y" { error_message("automatic tagging is not supported"); } break; case 7: -#line 249 "parse.y" +#line 249 "heimdal/lib/asn1/parse.y" { error_message("no extensibility options supported"); } break; case 17: -#line 270 "parse.y" +#line 270 "heimdal/lib/asn1/parse.y" { struct string_list *sl; for(sl = (yyvsp[(1) - (4)].sl); sl != NULL; sl = sl->next) { @@ -1796,7 +1796,7 @@ yyreduce: break; case 22: -#line 289 "parse.y" +#line 289 "heimdal/lib/asn1/parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[(1) - (3)].name); @@ -1805,7 +1805,7 @@ yyreduce: break; case 23: -#line 295 "parse.y" +#line 295 "heimdal/lib/asn1/parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[(1) - (1)].name); @@ -1814,7 +1814,7 @@ yyreduce: break; case 24: -#line 303 "parse.y" +#line 303 "heimdal/lib/asn1/parse.y" { Symbol *s = addsym ((yyvsp[(1) - (3)].name)); s->stype = Stype; @@ -1825,7 +1825,7 @@ yyreduce: break; case 42: -#line 334 "parse.y" +#line 334 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean, TE_EXPLICIT, new_type(TBoolean)); @@ -1833,7 +1833,7 @@ yyreduce: break; case 43: -#line 341 "parse.y" +#line 341 "heimdal/lib/asn1/parse.y" { if((yyvsp[(2) - (5)].value)->type != integervalue) error_message("Non-integer used in first part of range"); @@ -1846,7 +1846,7 @@ yyreduce: break; case 44: -#line 351 "parse.y" +#line 351 "heimdal/lib/asn1/parse.y" { if((yyvsp[(2) - (5)].value)->type != integervalue) error_message("Non-integer in first part of range"); @@ -1857,7 +1857,7 @@ yyreduce: break; case 45: -#line 359 "parse.y" +#line 359 "heimdal/lib/asn1/parse.y" { if((yyvsp[(4) - (5)].value)->type != integervalue) error_message("Non-integer in second part of range"); @@ -1868,7 +1868,7 @@ yyreduce: break; case 46: -#line 367 "parse.y" +#line 367 "heimdal/lib/asn1/parse.y" { if((yyvsp[(2) - (3)].value)->type != integervalue) error_message("Non-integer used in limit"); @@ -1879,7 +1879,7 @@ yyreduce: break; case 47: -#line 378 "parse.y" +#line 378 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, new_type(TInteger)); @@ -1887,7 +1887,7 @@ yyreduce: break; case 48: -#line 383 "parse.y" +#line 383 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->range = (yyvsp[(2) - (2)].range); @@ -1896,7 +1896,7 @@ yyreduce: break; case 49: -#line 389 "parse.y" +#line 389 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1905,7 +1905,7 @@ yyreduce: break; case 50: -#line 397 "parse.y" +#line 397 "heimdal/lib/asn1/parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -1914,7 +1914,7 @@ yyreduce: break; case 51: -#line 403 "parse.y" +#line 403 "heimdal/lib/asn1/parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); @@ -1922,12 +1922,12 @@ yyreduce: break; case 52: -#line 408 "parse.y" +#line 408 "heimdal/lib/asn1/parse.y" { (yyval.members) = (yyvsp[(1) - (3)].members); } break; case 53: -#line 412 "parse.y" +#line 412 "heimdal/lib/asn1/parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (4)].name); @@ -1941,7 +1941,7 @@ yyreduce: break; case 54: -#line 425 "parse.y" +#line 425 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1950,7 +1950,7 @@ yyreduce: break; case 56: -#line 436 "parse.y" +#line 436 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = emalloc(sizeof(*(yyval.type)->members)); @@ -1960,7 +1960,7 @@ yyreduce: break; case 57: -#line 443 "parse.y" +#line 443 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = (yyvsp[(4) - (5)].members); @@ -1969,7 +1969,7 @@ yyreduce: break; case 58: -#line 451 "parse.y" +#line 451 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_OID, TE_EXPLICIT, new_type(TOID)); @@ -1977,7 +1977,7 @@ yyreduce: break; case 59: -#line 457 "parse.y" +#line 457 "heimdal/lib/asn1/parse.y" { Type *t = new_type(TOctetString); t->range = (yyvsp[(3) - (3)].range); @@ -1987,7 +1987,7 @@ yyreduce: break; case 60: -#line 466 "parse.y" +#line 466 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Null, TE_EXPLICIT, new_type(TNull)); @@ -1995,17 +1995,17 @@ yyreduce: break; case 61: -#line 473 "parse.y" +#line 473 "heimdal/lib/asn1/parse.y" { (yyval.range) = NULL; } break; case 62: -#line 475 "parse.y" +#line 475 "heimdal/lib/asn1/parse.y" { (yyval.range) = (yyvsp[(2) - (2)].range); } break; case 63: -#line 480 "parse.y" +#line 480 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -2014,7 +2014,7 @@ yyreduce: break; case 64: -#line 486 "parse.y" +#line 486 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = NULL; @@ -2023,7 +2023,7 @@ yyreduce: break; case 65: -#line 494 "parse.y" +#line 494 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSequenceOf); (yyval.type)->range = (yyvsp[(2) - (4)].range); @@ -2033,7 +2033,7 @@ yyreduce: break; case 66: -#line 503 "parse.y" +#line 503 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -2042,7 +2042,7 @@ yyreduce: break; case 67: -#line 509 "parse.y" +#line 509 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = NULL; @@ -2051,7 +2051,7 @@ yyreduce: break; case 68: -#line 517 "parse.y" +#line 517 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSetOf); (yyval.type)->subtype = (yyvsp[(3) - (3)].type); @@ -2060,7 +2060,7 @@ yyreduce: break; case 69: -#line 525 "parse.y" +#line 525 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TChoice); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -2068,7 +2068,7 @@ yyreduce: break; case 72: -#line 536 "parse.y" +#line 536 "heimdal/lib/asn1/parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); (yyval.type) = new_type(TType); @@ -2080,7 +2080,7 @@ yyreduce: break; case 73: -#line 547 "parse.y" +#line 547 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, TE_EXPLICIT, new_type(TGeneralizedTime)); @@ -2088,7 +2088,7 @@ yyreduce: break; case 74: -#line 552 "parse.y" +#line 552 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime, TE_EXPLICIT, new_type(TUTCTime)); @@ -2096,7 +2096,7 @@ yyreduce: break; case 75: -#line 559 "parse.y" +#line 559 "heimdal/lib/asn1/parse.y" { /* if (Constraint.type == contentConstrant) { assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too @@ -2112,14 +2112,14 @@ yyreduce: break; case 76: -#line 575 "parse.y" +#line 575 "heimdal/lib/asn1/parse.y" { (yyval.constraint_spec) = (yyvsp[(2) - (3)].constraint_spec); } break; case 80: -#line 588 "parse.y" +#line 588 "heimdal/lib/asn1/parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); (yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (2)].type); @@ -2128,7 +2128,7 @@ yyreduce: break; case 81: -#line 594 "parse.y" +#line 594 "heimdal/lib/asn1/parse.y" { if ((yyvsp[(3) - (3)].value)->type != objectidentifiervalue) error_message("Non-OID used in ENCODED BY constraint"); @@ -2139,7 +2139,7 @@ yyreduce: break; case 82: -#line 602 "parse.y" +#line 602 "heimdal/lib/asn1/parse.y" { if ((yyvsp[(5) - (5)].value)->type != objectidentifiervalue) error_message("Non-OID used in ENCODED BY constraint"); @@ -2150,14 +2150,14 @@ yyreduce: break; case 83: -#line 612 "parse.y" +#line 612 "heimdal/lib/asn1/parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_USER); } break; case 84: -#line 618 "parse.y" +#line 618 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TTag); (yyval.type)->tag = (yyvsp[(1) - (3)].tag); @@ -2171,7 +2171,7 @@ yyreduce: break; case 85: -#line 631 "parse.y" +#line 631 "heimdal/lib/asn1/parse.y" { (yyval.tag).tagclass = (yyvsp[(2) - (4)].constant); (yyval.tag).tagvalue = (yyvsp[(3) - (4)].constant); @@ -2180,56 +2180,56 @@ yyreduce: break; case 86: -#line 639 "parse.y" +#line 639 "heimdal/lib/asn1/parse.y" { (yyval.constant) = ASN1_C_CONTEXT; } break; case 87: -#line 643 "parse.y" +#line 643 "heimdal/lib/asn1/parse.y" { (yyval.constant) = ASN1_C_UNIV; } break; case 88: -#line 647 "parse.y" +#line 647 "heimdal/lib/asn1/parse.y" { (yyval.constant) = ASN1_C_APPL; } break; case 89: -#line 651 "parse.y" +#line 651 "heimdal/lib/asn1/parse.y" { (yyval.constant) = ASN1_C_PRIVATE; } break; case 90: -#line 657 "parse.y" +#line 657 "heimdal/lib/asn1/parse.y" { (yyval.constant) = TE_EXPLICIT; } break; case 91: -#line 661 "parse.y" +#line 661 "heimdal/lib/asn1/parse.y" { (yyval.constant) = TE_EXPLICIT; } break; case 92: -#line 665 "parse.y" +#line 665 "heimdal/lib/asn1/parse.y" { (yyval.constant) = TE_IMPLICIT; } break; case 93: -#line 672 "parse.y" +#line 672 "heimdal/lib/asn1/parse.y" { Symbol *s; s = addsym ((yyvsp[(1) - (4)].name)); @@ -2241,7 +2241,7 @@ yyreduce: break; case 95: -#line 686 "parse.y" +#line 686 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString, TE_EXPLICIT, new_type(TGeneralString)); @@ -2249,7 +2249,7 @@ yyreduce: break; case 96: -#line 691 "parse.y" +#line 691 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String, TE_EXPLICIT, new_type(TUTF8String)); @@ -2257,7 +2257,7 @@ yyreduce: break; case 97: -#line 696 "parse.y" +#line 696 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString, TE_EXPLICIT, new_type(TPrintableString)); @@ -2265,7 +2265,7 @@ yyreduce: break; case 98: -#line 701 "parse.y" +#line 701 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_VisibleString, TE_EXPLICIT, new_type(TVisibleString)); @@ -2273,7 +2273,7 @@ yyreduce: break; case 99: -#line 706 "parse.y" +#line 706 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, TE_EXPLICIT, new_type(TIA5String)); @@ -2281,7 +2281,7 @@ yyreduce: break; case 100: -#line 711 "parse.y" +#line 711 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, TE_EXPLICIT, new_type(TBMPString)); @@ -2289,7 +2289,7 @@ yyreduce: break; case 101: -#line 716 "parse.y" +#line 716 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString, TE_EXPLICIT, new_type(TUniversalString)); @@ -2297,7 +2297,7 @@ yyreduce: break; case 102: -#line 724 "parse.y" +#line 724 "heimdal/lib/asn1/parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -2306,7 +2306,7 @@ yyreduce: break; case 103: -#line 730 "parse.y" +#line 730 "heimdal/lib/asn1/parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); @@ -2314,7 +2314,7 @@ yyreduce: break; case 104: -#line 735 "parse.y" +#line 735 "heimdal/lib/asn1/parse.y" { struct member *m = ecalloc(1, sizeof(*m)); m->name = estrdup("..."); @@ -2326,7 +2326,7 @@ yyreduce: break; case 105: -#line 746 "parse.y" +#line 746 "heimdal/lib/asn1/parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (2)].name); @@ -2338,7 +2338,7 @@ yyreduce: break; case 106: -#line 757 "parse.y" +#line 757 "heimdal/lib/asn1/parse.y" { (yyval.member) = (yyvsp[(1) - (1)].member); (yyval.member)->optional = 0; @@ -2347,7 +2347,7 @@ yyreduce: break; case 107: -#line 763 "parse.y" +#line 763 "heimdal/lib/asn1/parse.y" { (yyval.member) = (yyvsp[(1) - (2)].member); (yyval.member)->optional = 1; @@ -2356,7 +2356,7 @@ yyreduce: break; case 108: -#line 769 "parse.y" +#line 769 "heimdal/lib/asn1/parse.y" { (yyval.member) = (yyvsp[(1) - (3)].member); (yyval.member)->optional = 0; @@ -2365,7 +2365,7 @@ yyreduce: break; case 109: -#line 777 "parse.y" +#line 777 "heimdal/lib/asn1/parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -2374,7 +2374,7 @@ yyreduce: break; case 110: -#line 783 "parse.y" +#line 783 "heimdal/lib/asn1/parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); @@ -2382,7 +2382,7 @@ yyreduce: break; case 111: -#line 790 "parse.y" +#line 790 "heimdal/lib/asn1/parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (4)].name); @@ -2396,26 +2396,26 @@ yyreduce: break; case 113: -#line 803 "parse.y" +#line 803 "heimdal/lib/asn1/parse.y" { (yyval.objid) = NULL; } break; case 114: -#line 807 "parse.y" +#line 807 "heimdal/lib/asn1/parse.y" { (yyval.objid) = (yyvsp[(2) - (3)].objid); } break; case 115: -#line 813 "parse.y" +#line 813 "heimdal/lib/asn1/parse.y" { (yyval.objid) = NULL; } break; case 116: -#line 817 "parse.y" +#line 817 "heimdal/lib/asn1/parse.y" { if ((yyvsp[(2) - (2)].objid)) { (yyval.objid) = (yyvsp[(2) - (2)].objid); @@ -2427,14 +2427,14 @@ yyreduce: break; case 117: -#line 828 "parse.y" +#line 828 "heimdal/lib/asn1/parse.y" { (yyval.objid) = new_objid((yyvsp[(1) - (4)].name), (yyvsp[(3) - (4)].constant)); } break; case 118: -#line 832 "parse.y" +#line 832 "heimdal/lib/asn1/parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); if(s->stype != SValue || @@ -2448,14 +2448,14 @@ yyreduce: break; case 119: -#line 843 "parse.y" +#line 843 "heimdal/lib/asn1/parse.y" { (yyval.objid) = new_objid(NULL, (yyvsp[(1) - (1)].constant)); } break; case 129: -#line 866 "parse.y" +#line 866 "heimdal/lib/asn1/parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); if(s->stype != SValue) @@ -2467,7 +2467,7 @@ yyreduce: break; case 130: -#line 877 "parse.y" +#line 877 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = stringvalue; @@ -2476,7 +2476,7 @@ yyreduce: break; case 131: -#line 885 "parse.y" +#line 885 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2485,7 +2485,7 @@ yyreduce: break; case 132: -#line 891 "parse.y" +#line 891 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2494,7 +2494,7 @@ yyreduce: break; case 133: -#line 899 "parse.y" +#line 899 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = integervalue; @@ -2503,13 +2503,13 @@ yyreduce: break; case 135: -#line 910 "parse.y" +#line 910 "heimdal/lib/asn1/parse.y" { } break; case 136: -#line 915 "parse.y" +#line 915 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = objectidentifiervalue; @@ -2519,7 +2519,7 @@ yyreduce: /* Line 1267 of yacc.c. */ -#line 2523 "parse.c" +#line 2523 "heimdal/lib/asn1/parse.y" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -2733,7 +2733,7 @@ yyreturn: } -#line 922 "parse.y" +#line 922 "heimdal/lib/asn1/parse.y" void diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h index 5e73094f9e..bea506ca7b 100644 --- a/source4/heimdal/lib/asn1/parse.h +++ b/source4/heimdal/lib/asn1/parse.h @@ -222,7 +222,7 @@ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 65 "parse.y" +#line 65 "heimdal/lib/asn1/parse.y" { int constant; struct value *value; @@ -238,7 +238,7 @@ typedef union YYSTYPE struct constraint_spec *constraint_spec; } /* Line 1489 of yacc.c. */ -#line 242 "parse.h" +#line 242 "heimdal/lib/asn1/parse.y" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c index b3c0c0a979..95fe18f16e 100644 --- a/source4/heimdal/lib/com_err/parse.c +++ b/source4/heimdal/lib/com_err/parse.c @@ -16,7 +16,9 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, see . */ + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work @@ -88,7 +90,7 @@ /* Copy the first part of user declarations. */ -#line 1 "parse.y" +#line 1 "heimdal/lib/com_err/parse.y" /* * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan @@ -161,13 +163,13 @@ extern char *yytext; #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 53 "parse.y" +#line 53 "heimdal/lib/com_err/parse.y" { char *string; int number; } /* Line 187 of yacc.c. */ -#line 173 "parse.c" +#line 173 "heimdal/lib/com_err/parse.y" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -180,7 +182,7 @@ typedef union YYSTYPE /* Line 216 of yacc.c. */ -#line 186 "parse.c" +#line 186 "heimdal/lib/com_err/parse.y" #ifdef short # undef short @@ -1379,14 +1381,14 @@ yyreduce: switch (yyn) { case 6: -#line 73 "parse.y" +#line 73 "heimdal/lib/com_err/parse.y" { id_str = (yyvsp[(2) - (2)].string); } break; case 7: -#line 79 "parse.y" +#line 79 "heimdal/lib/com_err/parse.y" { base_id = name2number((yyvsp[(2) - (2)].string)); strlcpy(name, (yyvsp[(2) - (2)].string), sizeof(name)); @@ -1395,7 +1397,7 @@ yyreduce: break; case 8: -#line 85 "parse.y" +#line 85 "heimdal/lib/com_err/parse.y" { base_id = name2number((yyvsp[(2) - (3)].string)); strlcpy(name, (yyvsp[(3) - (3)].string), sizeof(name)); @@ -1405,14 +1407,14 @@ yyreduce: break; case 11: -#line 98 "parse.y" +#line 98 "heimdal/lib/com_err/parse.y" { number = (yyvsp[(2) - (2)].number); } break; case 12: -#line 102 "parse.y" +#line 102 "heimdal/lib/com_err/parse.y" { free(prefix); asprintf (&prefix, "%s_", (yyvsp[(2) - (2)].string)); @@ -1423,7 +1425,7 @@ yyreduce: break; case 13: -#line 110 "parse.y" +#line 110 "heimdal/lib/com_err/parse.y" { prefix = realloc(prefix, 1); if (prefix == NULL) @@ -1433,7 +1435,7 @@ yyreduce: break; case 14: -#line 117 "parse.y" +#line 117 "heimdal/lib/com_err/parse.y" { struct error_code *ec = malloc(sizeof(*ec)); @@ -1456,7 +1458,7 @@ yyreduce: break; case 15: -#line 137 "parse.y" +#line 137 "heimdal/lib/com_err/parse.y" { YYACCEPT; } @@ -1464,7 +1466,7 @@ yyreduce: /* Line 1267 of yacc.c. */ -#line 1470 "parse.c" +#line 1470 "heimdal/lib/com_err/parse.y" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -1678,7 +1680,7 @@ yyreturn: } -#line 142 "parse.y" +#line 142 "heimdal/lib/com_err/parse.y" static long diff --git a/source4/heimdal/lib/com_err/parse.h b/source4/heimdal/lib/com_err/parse.h index d73bf6f163..9aabca9023 100644 --- a/source4/heimdal/lib/com_err/parse.h +++ b/source4/heimdal/lib/com_err/parse.h @@ -16,7 +16,9 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, see . */ + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work @@ -62,13 +64,13 @@ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 53 "parse.y" +#line 53 "heimdal/lib/com_err/parse.y" { char *string; int number; } /* Line 1489 of yacc.c. */ -#line 74 "parse.h" +#line 74 "heimdal/lib/com_err/parse.y" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 -- cgit From 9fe133ffc69e34e843045abbc41e7b3faad2724a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 26 Oct 2007 06:32:24 +0200 Subject: r25738: always include config.h first. this needs merging to heimdal and lorikeet-heimdal metze (This used to be commit c2c2c991c7f568af833f10d8cf0946d90b097fab) --- source4/heimdal/lib/hcrypto/evp.c | 4 ++++ source4/heimdal/lib/hcrypto/hmac.c | 4 ++++ 2 files changed, 8 insertions(+) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/hcrypto/evp.c b/source4/heimdal/lib/hcrypto/evp.c index 34480dbe7e..19b0ac85e7 100644 --- a/source4/heimdal/lib/hcrypto/evp.c +++ b/source4/heimdal/lib/hcrypto/evp.c @@ -1,3 +1,7 @@ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include #include #include diff --git a/source4/heimdal/lib/hcrypto/hmac.c b/source4/heimdal/lib/hcrypto/hmac.c index b8156e38d4..6c59758b11 100644 --- a/source4/heimdal/lib/hcrypto/hmac.c +++ b/source4/heimdal/lib/hcrypto/hmac.c @@ -1,3 +1,7 @@ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include #include #include -- cgit From d378cf4c15e09b980f874bb103b28e89d9dd3a26 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 6 Dec 2007 16:36:54 +0100 Subject: r26310: Remove more uses of global_loadparm. (This used to be commit 9d806da113b5f0688b6193dfdee9b8765e18b38f) --- source4/heimdal/lib/asn1/lex.c | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index 638b182d13..86c4359f1a 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -343,6 +343,9 @@ FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; typedef int yy_state_type; extern int yylineno; + +int yylineno = 1; + extern char *yytext; #define yytext_ptr yytext @@ -849,7 +852,7 @@ static unsigned lineno = 1; static void unterminated(const char *, unsigned); /* This is for broken old lexes (solaris 10 and hpux) */ -#line 852 "heimdal/lib/asn1/lex.c" +#line 855 "heimdal/lib/asn1/lex.c" #define INITIAL 0 @@ -1004,7 +1007,7 @@ YY_DECL #line 68 "lex.l" -#line 1007 "heimdal/lib/asn1/lex.c" +#line 1010 "heimdal/lib/asn1/lex.c" if ( !(yy_init) ) { @@ -1673,7 +1676,7 @@ YY_RULE_SETUP #line 274 "lex.l" ECHO; YY_BREAK -#line 1676 "heimdal/lib/asn1/lex.c" +#line 1679 "heimdal/lib/asn1/lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -1904,7 +1907,7 @@ static int yy_get_next_buffer (void) /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), num_to_read ); + (yy_n_chars), (size_t) num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } @@ -2405,7 +2408,7 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. - * @param str a NUL-terminated string to scan + * @param yystr a NUL-terminated string to scan * * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use @@ -2483,6 +2486,15 @@ static void yy_fatal_error (yyconst char* msg ) /* Accessor methods (get/set functions) to struct members. */ +/** Get the current line number. + * + */ +int yyget_lineno (void) +{ + + return yylineno; +} + /** Get the input stream. * */ @@ -2516,6 +2528,16 @@ char *yyget_text (void) return yytext; } +/** Set the current line number. + * @param line_number + * + */ +void yyset_lineno (int line_number ) +{ + + yylineno = line_number; +} + /** Set the input stream. This does not discard the current * input buffer. * @param in_str A readable stream. -- cgit From 3e75f222bcdf114238cc4f2bcc61332dc059135f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 19 Dec 2007 23:27:42 +0100 Subject: r26539: Remove unnecessary statics. (This used to be commit e53e79eebef3ece6978f0a2b4a1ee0a0814bb5d2) --- source4/heimdal/kdc/digest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c index 358ca5ad56..a87371de25 100644 --- a/source4/heimdal/kdc/digest.c +++ b/source4/heimdal/kdc/digest.c @@ -726,7 +726,7 @@ _kdc_do_digest(krb5_context context, /* conf|int */ if (strcmp(ireq.u.digestRequest.digest, "clear") != 0) { - static char conf_zeros[] = ":00000000000000000000000000000000"; + const char conf_zeros[] = ":00000000000000000000000000000000"; MD5_Update(&ctx, conf_zeros, sizeof(conf_zeros) - 1); } -- cgit From 0500b87092540d300b4e021a0fb95ce16a44fbd2 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 20 Dec 2007 00:02:15 +0100 Subject: r26540: Revert my previous commit after concerns raised by Andrew. (This used to be commit 6ac86f8be7d9a8c5ab396a93e6d1e6819e11f173) --- source4/heimdal/kdc/digest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c index a87371de25..358ca5ad56 100644 --- a/source4/heimdal/kdc/digest.c +++ b/source4/heimdal/kdc/digest.c @@ -726,7 +726,7 @@ _kdc_do_digest(krb5_context context, /* conf|int */ if (strcmp(ireq.u.digestRequest.digest, "clear") != 0) { - const char conf_zeros[] = ":00000000000000000000000000000000"; + static char conf_zeros[] = ":00000000000000000000000000000000"; MD5_Update(&ctx, conf_zeros, sizeof(conf_zeros) - 1); } -- cgit From 236a780baa959236ff7879d109fa8ba5b067dc88 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 12 Jan 2008 01:18:53 +0100 Subject: idl: Use typedef rather than declare. (This used to be commit 3fd750bd54f150ff62fd8165406bd26d03d624cf) --- source4/heimdal/lib/com_err/lex.c | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index 77e79d4eae..7a85b302a1 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -343,6 +343,9 @@ FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; typedef int yy_state_type; extern int yylineno; + +int yylineno = 1; + extern char *yytext; #define yytext_ptr yytext @@ -530,7 +533,7 @@ static int getstring(void); #undef ECHO -#line 533 "heimdal/lib/com_err/lex.c" +#line 536 "heimdal/lib/com_err/lex.c" #define INITIAL 0 @@ -685,7 +688,7 @@ YY_DECL #line 59 "lex.l" -#line 688 "heimdal/lib/com_err/lex.c" +#line 691 "heimdal/lib/com_err/lex.c" if ( !(yy_init) ) { @@ -849,7 +852,7 @@ YY_RULE_SETUP #line 75 "lex.l" ECHO; YY_BREAK -#line 852 "heimdal/lib/com_err/lex.c" +#line 855 "heimdal/lib/com_err/lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -1080,7 +1083,7 @@ static int yy_get_next_buffer (void) /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), num_to_read ); + (yy_n_chars), (size_t) num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } @@ -1581,7 +1584,7 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. - * @param str a NUL-terminated string to scan + * @param yystr a NUL-terminated string to scan * * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use @@ -1659,6 +1662,15 @@ static void yy_fatal_error (yyconst char* msg ) /* Accessor methods (get/set functions) to struct members. */ +/** Get the current line number. + * + */ +int yyget_lineno (void) +{ + + return yylineno; +} + /** Get the input stream. * */ @@ -1692,6 +1704,16 @@ char *yyget_text (void) return yytext; } +/** Set the current line number. + * @param line_number + * + */ +void yyset_lineno (int line_number ) +{ + + yylineno = line_number; +} + /** Set the input stream. This does not discard the current * input buffer. * @param in_str A readable stream. -- cgit From a550317253966c6feded683a859f8c50f298be74 Mon Sep 17 00:00:00 2001 From: Andrew Kroeger Date: Wed, 12 Mar 2008 23:11:48 -0500 Subject: heimdal: Add parameter to windc_plugin to allow extended return codes. These changes add a krb5_data parameter named e_data to the windc_plugin to allow the samba KDC to return extended error information in addition to the standard KRB5KDC_ERR_* codes. Windows uses the extended information to provide detailed information in user dialogs (e.g. account disabled, logon hours restriction, must change password, etc.). This particular commit modifies only heimdal code. Hopefully this can be submitted and accepted into the upstream heimdal codebase. (This used to be commit f542362be25e7182a0836de7a0163f6b9fce9408) --- source4/heimdal/kdc/kdc-private.h | 3 ++- source4/heimdal/kdc/kerberos5.c | 2 +- source4/heimdal/kdc/windc.c | 5 +++-- source4/heimdal/kdc/windc_plugin.h | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/kdc-private.h b/source4/heimdal/kdc/kdc-private.h index 030be9ae58..4052e9b509 100644 --- a/source4/heimdal/kdc/kdc-private.h +++ b/source4/heimdal/kdc/kdc-private.h @@ -281,6 +281,7 @@ krb5_error_code _kdc_windc_client_access ( krb5_context /*context*/, struct hdb_entry_ex */*client*/, - KDC_REQ */*req*/); + KDC_REQ */*req*/, + krb5_data */*e_data*/); #endif /* __kdc_private_h__ */ diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 40a9c9c972..23ca5a035e 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -1043,7 +1043,7 @@ _kdc_as_rep(krb5_context context, goto out; } - ret = _kdc_windc_client_access(context, client, req); + ret = _kdc_windc_client_access(context, client, req, &e_data); if(ret) goto out; diff --git a/source4/heimdal/kdc/windc.c b/source4/heimdal/kdc/windc.c index 395ab73432..85e4d7f725 100644 --- a/source4/heimdal/kdc/windc.c +++ b/source4/heimdal/kdc/windc.c @@ -101,9 +101,10 @@ _kdc_pac_verify(krb5_context context, krb5_error_code _kdc_windc_client_access(krb5_context context, struct hdb_entry_ex *client, - KDC_REQ *req) + KDC_REQ *req, + krb5_data *e_data) { if (windcft == NULL) return 0; - return (windcft->client_access)(windcctx, context, client, req); + return (windcft->client_access)(windcctx, context, client, req, e_data); } diff --git a/source4/heimdal/kdc/windc_plugin.h b/source4/heimdal/kdc/windc_plugin.h index ec480cf950..3ae0c94681 100644 --- a/source4/heimdal/kdc/windc_plugin.h +++ b/source4/heimdal/kdc/windc_plugin.h @@ -64,7 +64,7 @@ typedef krb5_error_code typedef krb5_error_code (*krb5plugin_windc_client_access)( - void *, krb5_context, struct hdb_entry_ex *, KDC_REQ *); + void *, krb5_context, struct hdb_entry_ex *, KDC_REQ *, krb5_data *); #define KRB5_WINDC_PLUGING_MINOR 2 -- cgit From 9e6b0c28712ee77ce878809c8576826a3ba08d95 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 19 Mar 2008 10:17:42 +1100 Subject: Merge lorikeet-heimdal -r 787 into Samba4 tree. Andrew Bartlett (This used to be commit d88b530522d3cef67c24422bd5182fb875d87ee2) --- source4/heimdal/kdc/digest.c | 26 +- source4/heimdal/kdc/kaserver.c | 2 +- source4/heimdal/kdc/kdc_locl.h | 5 +- source4/heimdal/kdc/kerberos5.c | 41 +- source4/heimdal/kdc/krb5tgs.c | 24 +- source4/heimdal/kdc/log.c | 10 +- source4/heimdal/kdc/pkinit.c | 34 +- source4/heimdal/kuser/kinit.c | 27 +- source4/heimdal/lib/asn1/asn1-common.h | 2 +- source4/heimdal/lib/asn1/canthandle.asn1 | 4 +- source4/heimdal/lib/asn1/der.c | 2 +- source4/heimdal/lib/asn1/digest.asn1 | 18 +- source4/heimdal/lib/asn1/gen.c | 2 +- source4/heimdal/lib/asn1/gen_encode.c | 2 +- source4/heimdal/lib/asn1/k5.asn1 | 6 +- source4/heimdal/lib/asn1/lex.c | 44 +- source4/heimdal/lib/asn1/parse.c | 184 +- source4/heimdal/lib/asn1/parse.h | 4 +- source4/heimdal/lib/asn1/pkinit.asn1 | 23 +- source4/heimdal/lib/asn1/rfc2459.asn1 | 2 + source4/heimdal/lib/com_err/lex.c | 44 +- source4/heimdal/lib/com_err/parse.c | 28 +- source4/heimdal/lib/com_err/parse.h | 4 +- source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h | 3 +- source4/heimdal/lib/gssapi/gssapi_mech.h | 2 + source4/heimdal/lib/gssapi/krb5/acquire_cred.c | 74 +- source4/heimdal/lib/gssapi/krb5/external.c | 4 +- source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h | 2 +- source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h | 3 +- source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 54 +- source4/heimdal/lib/gssapi/krb5/set_cred_option.c | 39 +- source4/heimdal/lib/gssapi/mech/context.c | 18 +- .../lib/gssapi/mech/gss_accept_sec_context.c | 6 +- source4/heimdal/lib/gssapi/mech/gss_krb5.c | 43 +- source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 2 +- .../heimdal/lib/gssapi/mech/gss_release_oid_set.c | 4 +- .../heimdal/lib/gssapi/spnego/accept_sec_context.c | 27 +- source4/heimdal/lib/gssapi/spnego/compat.c | 3 +- source4/heimdal/lib/gssapi/spnego/context_stubs.c | 70 +- source4/heimdal/lib/gssapi/spnego/external.c | 4 +- .../heimdal/lib/gssapi/spnego/init_sec_context.c | 11 +- source4/heimdal/lib/gssapi/spnego/spnego-private.h | 9 - source4/heimdal/lib/hcrypto/bn.c | 6 +- source4/heimdal/lib/hcrypto/bn.h | 4 +- source4/heimdal/lib/hcrypto/camellia-ntt.c | 1461 ++ source4/heimdal/lib/hcrypto/camellia-ntt.h | 54 + source4/heimdal/lib/hcrypto/camellia.c | 118 + source4/heimdal/lib/hcrypto/camellia.h | 74 + source4/heimdal/lib/hcrypto/dh-imath.c | 14 +- source4/heimdal/lib/hcrypto/dh.c | 215 +- source4/heimdal/lib/hcrypto/evp.c | 648 +- source4/heimdal/lib/hcrypto/evp.h | 8 +- source4/heimdal/lib/hcrypto/hmac.c | 35 +- source4/heimdal/lib/hcrypto/imath/imath.c | 6 +- source4/heimdal/lib/hcrypto/rand.c | 15 +- source4/heimdal/lib/hcrypto/rsa.c | 97 +- source4/heimdal/lib/hcrypto/rsa.h | 4 +- source4/heimdal/lib/hdb/dbinfo.c | 266 + source4/heimdal/lib/hdb/hdb-protos.h | 11 + source4/heimdal/lib/hdb/hdb.h | 6 +- source4/heimdal/lib/hdb/hdb_locl.h | 5 +- source4/heimdal/lib/hdb/keys.c | 15 +- source4/heimdal/lib/hdb/mkey.c | 7 +- source4/heimdal/lib/hx509/ca.c | 334 +- source4/heimdal/lib/hx509/cert.c | 878 +- source4/heimdal/lib/hx509/cms.c | 173 +- source4/heimdal/lib/hx509/crypto.c | 194 +- source4/heimdal/lib/hx509/env.c | 52 +- source4/heimdal/lib/hx509/error.c | 81 +- source4/heimdal/lib/hx509/hx509-private.h | 52 +- source4/heimdal/lib/hx509/hx509-protos.h | 47 +- source4/heimdal/lib/hx509/hx509.h | 7 +- source4/heimdal/lib/hx509/hx509_err.et | 4 +- source4/heimdal/lib/hx509/hx_locl.h | 6 +- source4/heimdal/lib/hx509/keyset.c | 237 +- source4/heimdal/lib/hx509/ks_file.c | 38 +- source4/heimdal/lib/hx509/ks_keychain.c | 10 +- source4/heimdal/lib/hx509/ks_p11.c | 4 +- source4/heimdal/lib/hx509/lock.c | 8 +- source4/heimdal/lib/hx509/name.c | 367 +- source4/heimdal/lib/hx509/peer.c | 54 +- source4/heimdal/lib/hx509/print.c | 200 +- source4/heimdal/lib/hx509/revoke.c | 398 +- source4/heimdal/lib/krb5/acache.c | 270 +- source4/heimdal/lib/krb5/add_et_list.c | 12 +- source4/heimdal/lib/krb5/addr_families.c | 282 +- source4/heimdal/lib/krb5/asn1_glue.c | 6 +- source4/heimdal/lib/krb5/auth_context.c | 8 +- source4/heimdal/lib/krb5/cache.c | 330 +- source4/heimdal/lib/krb5/context.c | 334 +- source4/heimdal/lib/krb5/convert_creds.c | 31 +- source4/heimdal/lib/krb5/copy_host_realm.c | 13 +- source4/heimdal/lib/krb5/creds.c | 84 +- source4/heimdal/lib/krb5/crypto.c | 63 +- source4/heimdal/lib/krb5/data.c | 100 +- source4/heimdal/lib/krb5/eai_to_heim_errno.c | 26 +- source4/heimdal/lib/krb5/error_string.c | 33 +- source4/heimdal/lib/krb5/expand_hostname.c | 6 +- source4/heimdal/lib/krb5/fcache.c | 131 +- source4/heimdal/lib/krb5/get_cred.c | 10 +- source4/heimdal/lib/krb5/get_for_creds.c | 94 +- source4/heimdal/lib/krb5/get_in_tkt.c | 2 +- source4/heimdal/lib/krb5/init_creds.c | 2 +- source4/heimdal/lib/krb5/init_creds_pw.c | 12 +- source4/heimdal/lib/krb5/kcm.c | 30 +- source4/heimdal/lib/krb5/keytab.c | 7 +- source4/heimdal/lib/krb5/keytab_file.c | 6 +- source4/heimdal/lib/krb5/keytab_keyfile.c | 6 +- source4/heimdal/lib/krb5/keytab_krb4.c | 28 +- source4/heimdal/lib/krb5/krb5-private.h | 11 +- source4/heimdal/lib/krb5/krb5-protos.h | 50 +- source4/heimdal/lib/krb5/krb5.h | 21 +- source4/heimdal/lib/krb5/krb5_ccapi.h | 8 +- source4/heimdal/lib/krb5/krb5_locl.h | 14 +- source4/heimdal/lib/krb5/mcache.c | 57 +- source4/heimdal/lib/krb5/n-fold.c | 23 +- source4/heimdal/lib/krb5/pac.c | 92 +- source4/heimdal/lib/krb5/pkinit.c | 90 +- source4/heimdal/lib/krb5/plugin.c | 23 +- source4/heimdal/lib/krb5/principal.c | 37 +- source4/heimdal/lib/krb5/rd_priv.c | 2 +- source4/heimdal/lib/krb5/rd_req.c | 44 +- source4/heimdal/lib/krb5/send_to_kdc.c | 4 +- source4/heimdal/lib/krb5/store.c | 10 +- source4/heimdal/lib/krb5/store_emem.c | 21 +- source4/heimdal/lib/krb5/transited.c | 19 +- source4/heimdal/lib/krb5/v4_glue.c | 4 +- source4/heimdal/lib/ntlm/heimntlm-protos.h | 11 +- source4/heimdal/lib/ntlm/heimntlm.h | 81 +- source4/heimdal/lib/ntlm/ntlm.c | 278 +- source4/heimdal/lib/vers/print_version.c | 4 +- source4/heimdal/lib/wind/bidi.c | 92 + source4/heimdal/lib/wind/bidi_table.c | 410 + source4/heimdal/lib/wind/bidi_table.h | 21 + source4/heimdal/lib/wind/combining.c | 62 + source4/heimdal/lib/wind/combining_table.c | 362 + source4/heimdal/lib/wind/combining_table.h | 18 + source4/heimdal/lib/wind/errorlist.c | 77 + source4/heimdal/lib/wind/errorlist_table.c | 88 + source4/heimdal/lib/wind/errorlist_table.h | 19 + source4/heimdal/lib/wind/ldap.c | 91 + source4/heimdal/lib/wind/map.c | 87 + source4/heimdal/lib/wind/map_table.c | 2613 +++ source4/heimdal/lib/wind/map_table.h | 22 + source4/heimdal/lib/wind/normalize.c | 301 + source4/heimdal/lib/wind/normalize_table.c | 22976 +++++++++++++++++++ source4/heimdal/lib/wind/normalize_table.h | 34 + source4/heimdal/lib/wind/stringprep.c | 141 + source4/heimdal/lib/wind/utf8.c | 443 + source4/heimdal/lib/wind/wind.h | 82 + source4/heimdal/lib/wind/wind_err.et | 22 + source4/heimdal/lib/wind/windlocl.h | 64 + 152 files changed, 36640 insertions(+), 1344 deletions(-) create mode 100644 source4/heimdal/lib/hcrypto/camellia-ntt.c create mode 100644 source4/heimdal/lib/hcrypto/camellia-ntt.h create mode 100644 source4/heimdal/lib/hcrypto/camellia.c create mode 100644 source4/heimdal/lib/hcrypto/camellia.h create mode 100644 source4/heimdal/lib/hdb/dbinfo.c create mode 100644 source4/heimdal/lib/wind/bidi.c create mode 100644 source4/heimdal/lib/wind/bidi_table.c create mode 100644 source4/heimdal/lib/wind/bidi_table.h create mode 100644 source4/heimdal/lib/wind/combining.c create mode 100644 source4/heimdal/lib/wind/combining_table.c create mode 100644 source4/heimdal/lib/wind/combining_table.h create mode 100644 source4/heimdal/lib/wind/errorlist.c create mode 100644 source4/heimdal/lib/wind/errorlist_table.c create mode 100644 source4/heimdal/lib/wind/errorlist_table.h create mode 100644 source4/heimdal/lib/wind/ldap.c create mode 100644 source4/heimdal/lib/wind/map.c create mode 100644 source4/heimdal/lib/wind/map_table.c create mode 100644 source4/heimdal/lib/wind/map_table.h create mode 100644 source4/heimdal/lib/wind/normalize.c create mode 100644 source4/heimdal/lib/wind/normalize_table.c create mode 100644 source4/heimdal/lib/wind/normalize_table.h create mode 100644 source4/heimdal/lib/wind/stringprep.c create mode 100644 source4/heimdal/lib/wind/utf8.c create mode 100644 source4/heimdal/lib/wind/wind.h create mode 100644 source4/heimdal/lib/wind/wind_err.et create mode 100644 source4/heimdal/lib/wind/windlocl.h (limited to 'source4/heimdal') diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c index 358ca5ad56..b845b0f9a8 100644 --- a/source4/heimdal/kdc/digest.c +++ b/source4/heimdal/kdc/digest.c @@ -34,7 +34,7 @@ #include "kdc_locl.h" #include -RCSID("$Id: digest.c 21606 2007-07-17 07:03:25Z lha $"); +RCSID("$Id: digest.c 22374 2007-12-28 18:36:52Z lha $"); #define MS_CHAP_V2 0x20 #define CHAP_MD5 0x10 @@ -1003,7 +1003,8 @@ _kdc_do_digest(krb5_context context, } r.u.ntlmInitReply.flags |= - NTLM_NEG_TARGET_DOMAIN | + NTLM_NEG_TARGET | + NTLM_TARGET_DOMAIN | NTLM_ENC_128; #define ALL \ @@ -1331,6 +1332,27 @@ _kdc_do_digest(krb5_context context, version, ireq.u.ntlmRequest.username); break; } + case choice_DigestReqInner_supportedMechs: + + kdc_log(context, config, 0, "digest supportedMechs from %s", from); + + r.element = choice_DigestRepInner_supportedMechs; + memset(&r.u.supportedMechs, 0, sizeof(r.u.supportedMechs)); + + if (config->digests_allowed & NTLM_V1) + r.u.supportedMechs.ntlm_v1 = 1; + if (config->digests_allowed & NTLM_V1_SESSION) + r.u.supportedMechs.ntlm_v1_session = 1; + if (config->digests_allowed & NTLM_V2) + r.u.supportedMechs.ntlm_v2 = 1; + if (config->digests_allowed & DIGEST_MD5) + r.u.supportedMechs.digest_md5 = 1; + if (config->digests_allowed & CHAP_MD5) + r.u.supportedMechs.chap_md5 = 1; + if (config->digests_allowed & MS_CHAP_V2) + r.u.supportedMechs.ms_chap_v2 = 1; + break; + default: { char *s; krb5_set_error_string(context, "unknown operation to digest"); diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c index 15624e8e76..27f497ea66 100644 --- a/source4/heimdal/kdc/kaserver.c +++ b/source4/heimdal/kdc/kaserver.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kaserver.c 21661 2007-07-22 01:57:17Z lha $"); +RCSID("$Id: kaserver.c 21654 2007-07-21 17:30:18Z lha $"); #include #include diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h index fdbdf271de..fe0523665a 100644 --- a/source4/heimdal/kdc/kdc_locl.h +++ b/source4/heimdal/kdc/kdc_locl.h @@ -32,7 +32,7 @@ */ /* - * $Id: kdc_locl.h 20954 2007-06-07 03:30:15Z lha $ + * $Id: kdc_locl.h 22247 2007-12-08 23:49:41Z lha $ */ #ifndef __KDC_LOCL_H__ @@ -58,8 +58,7 @@ extern int detach_from_console; extern const struct units _kdc_digestunits[]; -#define _PATH_KDC_CONF HDB_DB_DIR "/kdc.conf" -#define DEFAULT_LOG_DEST "0-1/FILE:" HDB_DB_DIR "/kdc.log" +#define KDC_LOG_FILE "kdc.log" extern struct timeval _kdc_now; #define kdc_time (_kdc_now.tv_sec) diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 40a9c9c972..bc600a5319 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c 21529 2007-07-13 12:37:14Z lha $"); +RCSID("$Id: kerberos5.c 22071 2007-11-14 20:04:50Z lha $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -362,6 +362,13 @@ older_enctype(krb5_enctype enctype) case ETYPE_DES3_CBC_SHA1: case ETYPE_ARCFOUR_HMAC_MD5: case ETYPE_ARCFOUR_HMAC_MD5_56: + /* + * The following three is "old" windows enctypes and is needed for + * windows 2000 hosts. + */ + case ETYPE_ARCFOUR_MD4: + case ETYPE_ARCFOUR_HMAC_OLD: + case ETYPE_ARCFOUR_HMAC_OLD_EXP: return 1; default: return 0; @@ -411,8 +418,8 @@ make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key) *ent->salttype = key->salt->type; #else /* - * We shouldn't sent salttype since its incompatible with the - * specification and its break windows clients. The afs + * We shouldn't sent salttype since it is incompatible with the + * specification and it breaks windows clients. The afs * salting problem is solved by using KRB5-PADATA-AFS3-SALT * implemented in Heimdal 0.7 and later. */ @@ -472,11 +479,13 @@ get_pa_etype_info(krb5_context context, free_ETYPE_INFO(&pa); return ret; } + break; } } skip1:; } for(i = 0; i < client->keys.len; i++) { + /* already added? */ for(j = 0; j < etypes_len; j++) { if(client->keys.val[i].key.keytype == etypes[j]) goto skip2; @@ -497,7 +506,7 @@ get_pa_etype_info(krb5_context context, } if(n < pa.len) { - /* stripped out newer enctypes */ + /* stripped out dups, newer enctypes, and not valid enctypes */ pa.len = n; } @@ -621,23 +630,29 @@ get_pa_etype_info2(krb5_context context, if(client->keys.val[i].key.keytype == etypes[j]) { if (krb5_enctype_valid(context, etypes[j]) != 0) continue; + if (n >= pa.len) + krb5_abortx(context, "internal error: n >= p.len"); if((ret = make_etype_info2_entry(&pa.val[n++], &client->keys.val[i])) != 0) { free_ETYPE_INFO2(&pa); return ret; } + break; } } skip1:; } - /* send enctypes that the cliene doesn't know about too */ + /* send enctypes that the client doesn't know about too */ for(i = 0; i < client->keys.len; i++) { + /* already added? */ for(j = 0; j < etypes_len; j++) { if(client->keys.val[i].key.keytype == etypes[j]) goto skip2; } if (krb5_enctype_valid(context, client->keys.val[i].key.keytype) != 0) continue; + if (n >= pa.len) + krb5_abortx(context, "internal error: n >= p.len"); if((ret = make_etype_info2_entry(&pa.val[n++], &client->keys.val[i])) != 0) { free_ETYPE_INFO2(&pa); @@ -646,16 +661,8 @@ get_pa_etype_info2(krb5_context context, skip2:; } - if(n != pa.len) { - char *name; - ret = krb5_unparse_name(context, client->principal, &name); - if (ret) - name = rk_UNCONST(""); - kdc_log(context, config, 0, - "internal error in get_pa_etype_info2(%s): %d != %d", - name, n, pa.len); - if (ret == 0) - free(name); + if(n < pa.len) { + /* stripped out dups, and not valid enctypes */ pa.len = n; } @@ -1554,6 +1561,10 @@ _kdc_as_rep(krb5_context context, * otherwise just a dummy lr. */ ek.last_req.val = malloc(2 * sizeof(*ek.last_req.val)); + if (ek.last_req.val == NULL) { + ret = ENOMEM; + goto out; + } ek.last_req.len = 0; if (client->entry.pw_end && (config->kdc_warn_pwexpire == 0 diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 4d6be60f68..32bdee9799 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: krb5tgs.c 21262 2007-06-21 15:18:37Z lha $"); +RCSID("$Id: krb5tgs.c 22071 2007-11-14 20:04:50Z lha $"); /* * return the realm of a krbtgt-ticket or NULL @@ -822,7 +822,7 @@ tgs_make_reply(krb5_context context, if(rspac->length) { /* * No not need to filter out the any PAC from the - * auth_data since its signed by the KDC. + * auth_data since it's signed by the KDC. */ ret = _kdc_tkt_add_if_relevant_ad(context, &et, KRB5_AUTHDATA_WIN2K_PAC, @@ -1099,11 +1099,14 @@ tgs_parse_request(krb5_context context, ret = hdb_enctype2key(context, &(*krbtgt)->entry, ap_req.ticket.enc_part.etype, &tkey); if(ret){ - char *str, *p; + char *str = NULL, *p = NULL; + krb5_enctype_to_string(context, ap_req.ticket.enc_part.etype, &str); krb5_unparse_name(context, princ, &p); - kdc_log(context, config, 0, - "No server key with enctype %s found for %s", str, p); + kdc_log(context, config, 0, + "No server key with enctype %s found for %s", + str ? str : "", + p ? p : ""); free(str); free(p); ret = KRB5KRB_AP_ERR_BADKEYVER; @@ -1163,8 +1166,10 @@ tgs_parse_request(krb5_context context, } if (b->enc_authorization_data) { + unsigned usage = KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY; krb5_keyblock *subkey; krb5_data ad; + ret = krb5_auth_con_getremotesubkey(context, ac, &subkey); @@ -1175,6 +1180,7 @@ tgs_parse_request(krb5_context context, goto out; } if(subkey == NULL){ + usage = KRB5_KU_TGS_REQ_AUTH_DAT_SESSION; ret = krb5_auth_con_getkey(context, ac, &subkey); if(ret) { krb5_auth_con_free(context, ac); @@ -1199,7 +1205,7 @@ tgs_parse_request(krb5_context context, } ret = krb5_decrypt_EncryptedData (context, crypto, - KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY, + usage, b->enc_authorization_data, &ad); krb5_crypto_destroy(context, crypto); @@ -1373,6 +1379,7 @@ server_lookup: ret = krb5_unparse_name(context, sp, &spn); if (ret) goto out; + auth_data = NULL; /* ms don't handle AD in referals */ goto server_lookup; } } @@ -1390,6 +1397,7 @@ server_lookup: if (ret) goto out; krb5_free_host_realm(context, realms); + auth_data = NULL; /* ms don't handle AD in referals */ goto server_lookup; } krb5_free_host_realm(context, realms); @@ -1431,8 +1439,8 @@ server_lookup: } /* - * Check that service is in the same realm as the krbtgt. If its - * not the same, its someone that is using a uni-directional trust + * Check that service is in the same realm as the krbtgt. If it's + * not the same, it's someone that is using a uni-directional trust * backward. */ diff --git a/source4/heimdal/kdc/log.c b/source4/heimdal/kdc/log.c index 977b1c9476..8cf967fbfb 100644 --- a/source4/heimdal/kdc/log.c +++ b/source4/heimdal/kdc/log.c @@ -32,7 +32,7 @@ */ #include "kdc_locl.h" -RCSID("$Id: log.c 15532 2005-06-30 01:54:49Z lha $"); +RCSID("$Id: log.c 22254 2007-12-09 06:01:05Z lha $"); void kdc_openlog(krb5_context context, @@ -47,8 +47,12 @@ kdc_openlog(krb5_context context, for(p = s; *p; p++) krb5_addlog_dest(context, config->logf, *p); krb5_config_free_strings(s); - }else - krb5_addlog_dest(context, config->logf, DEFAULT_LOG_DEST); + }else { + char *s; + asprintf(&s, "0-1/FILE:%s/%s", hdb_db_dir(context), KDC_LOG_FILE); + krb5_addlog_dest(context, config->logf, s); + free(s); + } krb5_set_warn_dest(context, config->logf); } diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index ead961022d..bf248af588 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c 21290 2007-06-25 14:13:23Z lha $"); +RCSID("$Id: pkinit.c 22243 2007-12-08 23:39:30Z lha $"); #ifdef PKINIT @@ -1248,6 +1248,7 @@ out: static int match_rfc_san(krb5_context context, krb5_kdc_configuration *config, + hx509_context hx509ctx, hx509_cert client_cert, krb5_const_principal match) { @@ -1256,7 +1257,8 @@ match_rfc_san(krb5_context context, memset(&list, 0 , sizeof(list)); - ret = hx509_cert_find_subjectAltName_otherName(client_cert, + ret = hx509_cert_find_subjectAltName_otherName(hx509ctx, + client_cert, oid_id_pkinit_san(), &list); if (ret) @@ -1304,6 +1306,7 @@ out: static int match_ms_upn_san(krb5_context context, krb5_kdc_configuration *config, + hx509_context hx509ctx, hx509_cert client_cert, krb5_const_principal match) { @@ -1315,7 +1318,8 @@ match_ms_upn_san(krb5_context context, memset(&list, 0 , sizeof(list)); - ret = hx509_cert_find_subjectAltName_otherName(client_cert, + ret = hx509_cert_find_subjectAltName_otherName(hx509ctx, + client_cert, oid_id_pkinit_ms_san(), &list); if (ret) @@ -1376,7 +1380,7 @@ _kdc_pk_check_client(krb5_context context, hx509_name name; int i; - ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx, + ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx, client_params->cert, &name); if (ret) @@ -1393,6 +1397,7 @@ _kdc_pk_check_client(krb5_context context, if (config->pkinit_princ_in_cert) { ret = match_rfc_san(context, config, + kdc_identity->hx509ctx, client_params->cert, client->entry.principal); if (ret == 0) { @@ -1401,6 +1406,7 @@ _kdc_pk_check_client(krb5_context context, return 0; } ret = match_ms_upn_san(context, config, + kdc_identity->hx509ctx, client_params->cert, client->entry.principal); if (ret == 0) { @@ -1580,7 +1586,8 @@ _kdc_pk_initialize(krb5_context context, char **pool, char **revoke_list) { - const char *file; + const char *file; + char *fn = NULL; krb5_error_code ret; file = krb5_config_get_string(context, NULL, @@ -1646,14 +1653,19 @@ _kdc_pk_initialize(krb5_context context, NULL); _krb5_pk_allow_proxy_certificate(kdc_identity, ret); - file = krb5_config_get_string_default(context, - NULL, - HDB_DB_DIR "/pki-mapping", - "kdc", - "pkinit_mappings_file", - NULL); + file = krb5_config_get_string(context, + NULL, + "kdc", + "pkinit_mappings_file", + NULL); + if (file == NULL) { + asprintf(&fn, "%s/pki-mapping", hdb_db_dir(context)); + file = fn; + } load_mappings(context, file); + if (fn) + free(fn); return 0; } diff --git a/source4/heimdal/kuser/kinit.c b/source4/heimdal/kuser/kinit.c index 23fa7a5baf..2676309859 100644 --- a/source4/heimdal/kuser/kinit.c +++ b/source4/heimdal/kuser/kinit.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "kuser_locl.h" -RCSID("$Id: kinit.c 21483 2007-07-10 16:40:46Z lha $"); +RCSID("$Id: kinit.c 22116 2007-12-03 21:22:58Z lha $"); #include "krb5-v4compat.h" @@ -260,7 +260,7 @@ renew_validate(krb5_context context, if (renew) { /* - * no need to check the error here, its only to be + * no need to check the error here, it's only to be * friendly to the user */ krb5_get_credentials(context, KRB5_GC_CACHED, cache, &in, &out); @@ -377,6 +377,7 @@ get_new_tickets(krb5_context context, char *renewstr = NULL; krb5_enctype *enctype = NULL; struct ntlm_buf ntlmkey; + krb5_ccache tempccache; memset(&ntlmkey, 0, sizeof(ntlmkey)); passwd[0] = '\0'; @@ -577,16 +578,25 @@ get_new_tickets(krb5_context context, } } - ret = krb5_cc_initialize (context, ccache, cred.client); + ret = krb5_cc_new_unique(context, krb5_cc_get_type(context, ccache), + NULL, &tempccache); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_new_unique"); + + ret = krb5_cc_initialize (context, tempccache, cred.client); if (ret) krb5_err (context, 1, ret, "krb5_cc_initialize"); - ret = krb5_cc_store_cred (context, ccache, &cred); + ret = krb5_cc_store_cred (context, tempccache, &cred); if (ret) krb5_err (context, 1, ret, "krb5_cc_store_cred"); krb5_free_cred_contents (context, &cred); + ret = krb5_cc_move(context, tempccache, ccache); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_move"); + if (ntlm_domain && ntlmkey.data) store_ntlmkey(context, ccache, ntlm_domain, principal, &ntlmkey); @@ -757,8 +767,11 @@ main (int argc, char **argv) krb4_cc_name = NULL; } } - } else - ret = krb5_cc_default (context, &ccache); + } else { + ret = krb5_cc_cache_match(context, principal, NULL, &ccache); + if (ret) + ret = krb5_cc_default (context, &ccache); + } } if (ret) krb5_err (context, 1, ret, "resolving credentials cache"); diff --git a/source4/heimdal/lib/asn1/asn1-common.h b/source4/heimdal/lib/asn1/asn1-common.h index 15c4a09cd0..5789e0f22d 100644 --- a/source4/heimdal/lib/asn1/asn1-common.h +++ b/source4/heimdal/lib/asn1/asn1-common.h @@ -1,4 +1,4 @@ -/* $Id: asn1-common.h 19539 2006-12-28 17:15:05Z lha $ */ +/* $Id: asn1-common.h 22429 2008-01-13 10:25:50Z lha $ */ #include #include diff --git a/source4/heimdal/lib/asn1/canthandle.asn1 b/source4/heimdal/lib/asn1/canthandle.asn1 index edb8375ee3..5ba3e3880c 100644 --- a/source4/heimdal/lib/asn1/canthandle.asn1 +++ b/source4/heimdal/lib/asn1/canthandle.asn1 @@ -1,4 +1,4 @@ --- $Id: canthandle.asn1 16593 2006-01-18 19:12:33Z lha $ -- +-- $Id: canthandle.asn1 22071 2007-11-14 20:04:50Z lha $ -- CANTHANDLE DEFINITIONS ::= BEGIN @@ -19,7 +19,7 @@ Foo ::= SEQUENCE { kaka3 [2] IMPLICIT Kaka3 OPTIONAL } --- Don't code kaka if its 1 +-- Don't code kaka if it's 1 -- Workaround is to use OPTIONAL and check for in the encoder stubs Bar ::= SEQUENCE { diff --git a/source4/heimdal/lib/asn1/der.c b/source4/heimdal/lib/asn1/der.c index c7b911b8d6..120dc086af 100644 --- a/source4/heimdal/lib/asn1/der.c +++ b/source4/heimdal/lib/asn1/der.c @@ -38,7 +38,7 @@ #include #include -RCSID("$Id: der.c 15617 2005-07-12 06:27:42Z lha $"); +RCSID("$Id: der.c 22429 2008-01-13 10:25:50Z lha $"); static const char *class_names[] = { diff --git a/source4/heimdal/lib/asn1/digest.asn1 b/source4/heimdal/lib/asn1/digest.asn1 index 17341863c6..eafe48ea5a 100644 --- a/source4/heimdal/lib/asn1/digest.asn1 +++ b/source4/heimdal/lib/asn1/digest.asn1 @@ -1,10 +1,19 @@ --- $Id: digest.asn1 20138 2007-02-02 21:08:24Z lha $ +-- $Id: digest.asn1 22152 2007-12-04 19:59:18Z lha $ DIGEST DEFINITIONS ::= BEGIN IMPORTS EncryptedData, Principal FROM krb5; +DigestTypes ::= BIT STRING { + ntlm-v1(0), + ntlm-v1-session(1), + ntlm-v2(2), + digest-md5(3), + chap-md5(4), + ms-chap-v2(5) +} + DigestInit ::= SEQUENCE { type UTF8String, -- http, sasl, chap, cram-md5 -- channel [0] SEQUENCE { @@ -95,7 +104,8 @@ DigestReqInner ::= CHOICE { init [0] DigestInit, digestRequest [1] DigestRequest, ntlmInit [2] NTLMInit, - ntlmRequest [3] NTLMRequest + ntlmRequest [3] NTLMRequest, + supportedMechs [4] NULL } DigestREQ ::= [APPLICATION 128] SEQUENCE { @@ -108,7 +118,9 @@ DigestRepInner ::= CHOICE { initReply [1] DigestInitReply, response [2] DigestResponse, ntlmInitReply [3] NTLMInitReply, - ntlmResponse [4] NTLMResponse + ntlmResponse [4] NTLMResponse, + supportedMechs [5] DigestTypes, + ... } DigestREP ::= [APPLICATION 129] SEQUENCE { diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c index 26890212ae..499f8eab36 100644 --- a/source4/heimdal/lib/asn1/gen.c +++ b/source4/heimdal/lib/asn1/gen.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c 21364 2007-06-27 08:51:06Z lha $"); +RCSID("$Id: gen.c 22429 2008-01-13 10:25:50Z lha $"); FILE *headerfile, *codefile, *logfile; diff --git a/source4/heimdal/lib/asn1/gen_encode.c b/source4/heimdal/lib/asn1/gen_encode.c index 9544514212..08f1a9449f 100644 --- a/source4/heimdal/lib/asn1/gen_encode.c +++ b/source4/heimdal/lib/asn1/gen_encode.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_encode.c 21503 2007-07-12 11:57:19Z lha $"); +RCSID("$Id: gen_encode.c 22429 2008-01-13 10:25:50Z lha $"); static void encode_primitive (const char *typename, const char *name) diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1 index e3fe2b11e9..18f1e1541b 100644 --- a/source4/heimdal/lib/asn1/k5.asn1 +++ b/source4/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1 21400 2007-07-02 19:57:31Z lha $ +-- $Id: k5.asn1 21965 2007-10-18 18:24:36Z lha $ KERBEROS5 DEFINITIONS ::= BEGIN @@ -137,6 +137,10 @@ ENCTYPE ::= INTEGER { ETYPE_ARCFOUR_HMAC_MD5(23), ETYPE_ARCFOUR_HMAC_MD5_56(24), ETYPE_ENCTYPE_PK_CROSS(48), +-- some "old" windows types + ETYPE_ARCFOUR_MD4(-128), + ETYPE_ARCFOUR_HMAC_OLD(-133), + ETYPE_ARCFOUR_HMAC_OLD_EXP(-135), -- these are for Heimdal internal use ETYPE_DES_CBC_NONE(-0x1000), ETYPE_DES3_CBC_NONE(-0x1001), diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index 86c4359f1a..da4f729c3d 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -1,6 +1,5 @@ -#include "config.h" -#line 3 "heimdal/lib/asn1/lex.c" +#line 3 "lex.c" #define YY_INT_ALIGNED short int @@ -827,7 +826,7 @@ char *yytext; * SUCH DAMAGE. */ -/* $Id: lex.l,v 1.31 2006/10/21 11:57:22 lha Exp $ */ +/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */ #ifdef HAVE_CONFIG_H #include @@ -852,7 +851,7 @@ static unsigned lineno = 1; static void unterminated(const char *, unsigned); /* This is for broken old lexes (solaris 10 and hpux) */ -#line 855 "heimdal/lib/asn1/lex.c" +#line 855 "lex.c" #define INITIAL 0 @@ -870,6 +869,35 @@ static void unterminated(const char *, unsigned); static int yy_init_globals (void ); +/* Accessor methods to globals. + These are made visible to non-reentrant scanners for convenience. */ + +int yylex_destroy (void ); + +int yyget_debug (void ); + +void yyset_debug (int debug_flag ); + +YY_EXTRA_TYPE yyget_extra (void ); + +void yyset_extra (YY_EXTRA_TYPE user_defined ); + +FILE *yyget_in (void ); + +void yyset_in (FILE * in_str ); + +FILE *yyget_out (void ); + +void yyset_out (FILE * out_str ); + +int yyget_leng (void ); + +char *yyget_text (void ); + +int yyget_lineno (void ); + +void yyset_lineno (int line_number ); + /* Macros after this point can all be overridden by user definitions in * section 1. */ @@ -1007,7 +1035,7 @@ YY_DECL #line 68 "lex.l" -#line 1010 "heimdal/lib/asn1/lex.c" +#line 1039 "lex.c" if ( !(yy_init) ) { @@ -1676,7 +1704,7 @@ YY_RULE_SETUP #line 274 "lex.l" ECHO; YY_BREAK -#line 1679 "heimdal/lib/asn1/lex.c" +#line 1708 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -1907,7 +1935,7 @@ static int yy_get_next_buffer (void) /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), (size_t) num_to_read ); + (yy_n_chars), num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } @@ -2408,7 +2436,7 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. - * @param yystr a NUL-terminated string to scan + * @param str a NUL-terminated string to scan * * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index edcb313bd0..6a3e524e93 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -248,7 +248,7 @@ /* Copy the first part of user declarations. */ -#line 36 "heimdal/lib/asn1/parse.y" +#line 36 "parse.y" #ifdef HAVE_CONFIG_H #include @@ -280,7 +280,7 @@ struct string_list { /* Enabling traces. */ #ifndef YYDEBUG -# define YYDEBUG 0 +# define YYDEBUG 1 #endif /* Enabling verbose error messages. */ @@ -298,7 +298,7 @@ struct string_list { #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 65 "heimdal/lib/asn1/parse.y" +#line 65 "parse.y" { int constant; struct value *value; @@ -314,7 +314,7 @@ typedef union YYSTYPE struct constraint_spec *constraint_spec; } /* Line 187 of yacc.c. */ -#line 318 "heimdal/lib/asn1/parse.y" +#line 318 "parse.c" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -327,7 +327,7 @@ typedef union YYSTYPE /* Line 216 of yacc.c. */ -#line 331 "heimdal/lib/asn1/parse.y" +#line 331 "parse.c" #ifdef short # undef short @@ -1762,29 +1762,29 @@ yyreduce: switch (yyn) { case 2: -#line 235 "heimdal/lib/asn1/parse.y" +#line 235 "parse.y" { checkundefined(); } break; case 4: -#line 242 "heimdal/lib/asn1/parse.y" +#line 242 "parse.y" { error_message("implicit tagging is not supported"); } break; case 5: -#line 244 "heimdal/lib/asn1/parse.y" +#line 244 "parse.y" { error_message("automatic tagging is not supported"); } break; case 7: -#line 249 "heimdal/lib/asn1/parse.y" +#line 249 "parse.y" { error_message("no extensibility options supported"); } break; case 17: -#line 270 "heimdal/lib/asn1/parse.y" +#line 270 "parse.y" { struct string_list *sl; for(sl = (yyvsp[(1) - (4)].sl); sl != NULL; sl = sl->next) { @@ -1796,7 +1796,7 @@ yyreduce: break; case 22: -#line 289 "heimdal/lib/asn1/parse.y" +#line 289 "parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[(1) - (3)].name); @@ -1805,7 +1805,7 @@ yyreduce: break; case 23: -#line 295 "heimdal/lib/asn1/parse.y" +#line 295 "parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[(1) - (1)].name); @@ -1814,7 +1814,7 @@ yyreduce: break; case 24: -#line 303 "heimdal/lib/asn1/parse.y" +#line 303 "parse.y" { Symbol *s = addsym ((yyvsp[(1) - (3)].name)); s->stype = Stype; @@ -1825,7 +1825,7 @@ yyreduce: break; case 42: -#line 334 "heimdal/lib/asn1/parse.y" +#line 334 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean, TE_EXPLICIT, new_type(TBoolean)); @@ -1833,7 +1833,7 @@ yyreduce: break; case 43: -#line 341 "heimdal/lib/asn1/parse.y" +#line 341 "parse.y" { if((yyvsp[(2) - (5)].value)->type != integervalue) error_message("Non-integer used in first part of range"); @@ -1846,7 +1846,7 @@ yyreduce: break; case 44: -#line 351 "heimdal/lib/asn1/parse.y" +#line 351 "parse.y" { if((yyvsp[(2) - (5)].value)->type != integervalue) error_message("Non-integer in first part of range"); @@ -1857,7 +1857,7 @@ yyreduce: break; case 45: -#line 359 "heimdal/lib/asn1/parse.y" +#line 359 "parse.y" { if((yyvsp[(4) - (5)].value)->type != integervalue) error_message("Non-integer in second part of range"); @@ -1868,7 +1868,7 @@ yyreduce: break; case 46: -#line 367 "heimdal/lib/asn1/parse.y" +#line 367 "parse.y" { if((yyvsp[(2) - (3)].value)->type != integervalue) error_message("Non-integer used in limit"); @@ -1879,7 +1879,7 @@ yyreduce: break; case 47: -#line 378 "heimdal/lib/asn1/parse.y" +#line 378 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, new_type(TInteger)); @@ -1887,7 +1887,7 @@ yyreduce: break; case 48: -#line 383 "heimdal/lib/asn1/parse.y" +#line 383 "parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->range = (yyvsp[(2) - (2)].range); @@ -1896,7 +1896,7 @@ yyreduce: break; case 49: -#line 389 "heimdal/lib/asn1/parse.y" +#line 389 "parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1905,7 +1905,7 @@ yyreduce: break; case 50: -#line 397 "heimdal/lib/asn1/parse.y" +#line 397 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -1914,7 +1914,7 @@ yyreduce: break; case 51: -#line 403 "heimdal/lib/asn1/parse.y" +#line 403 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); @@ -1922,12 +1922,12 @@ yyreduce: break; case 52: -#line 408 "heimdal/lib/asn1/parse.y" +#line 408 "parse.y" { (yyval.members) = (yyvsp[(1) - (3)].members); } break; case 53: -#line 412 "heimdal/lib/asn1/parse.y" +#line 412 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (4)].name); @@ -1941,7 +1941,7 @@ yyreduce: break; case 54: -#line 425 "heimdal/lib/asn1/parse.y" +#line 425 "parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1950,7 +1950,7 @@ yyreduce: break; case 56: -#line 436 "heimdal/lib/asn1/parse.y" +#line 436 "parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = emalloc(sizeof(*(yyval.type)->members)); @@ -1960,7 +1960,7 @@ yyreduce: break; case 57: -#line 443 "heimdal/lib/asn1/parse.y" +#line 443 "parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = (yyvsp[(4) - (5)].members); @@ -1969,7 +1969,7 @@ yyreduce: break; case 58: -#line 451 "heimdal/lib/asn1/parse.y" +#line 451 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_OID, TE_EXPLICIT, new_type(TOID)); @@ -1977,7 +1977,7 @@ yyreduce: break; case 59: -#line 457 "heimdal/lib/asn1/parse.y" +#line 457 "parse.y" { Type *t = new_type(TOctetString); t->range = (yyvsp[(3) - (3)].range); @@ -1987,7 +1987,7 @@ yyreduce: break; case 60: -#line 466 "heimdal/lib/asn1/parse.y" +#line 466 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Null, TE_EXPLICIT, new_type(TNull)); @@ -1995,17 +1995,17 @@ yyreduce: break; case 61: -#line 473 "heimdal/lib/asn1/parse.y" +#line 473 "parse.y" { (yyval.range) = NULL; } break; case 62: -#line 475 "heimdal/lib/asn1/parse.y" +#line 475 "parse.y" { (yyval.range) = (yyvsp[(2) - (2)].range); } break; case 63: -#line 480 "heimdal/lib/asn1/parse.y" +#line 480 "parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -2014,7 +2014,7 @@ yyreduce: break; case 64: -#line 486 "heimdal/lib/asn1/parse.y" +#line 486 "parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = NULL; @@ -2023,7 +2023,7 @@ yyreduce: break; case 65: -#line 494 "heimdal/lib/asn1/parse.y" +#line 494 "parse.y" { (yyval.type) = new_type(TSequenceOf); (yyval.type)->range = (yyvsp[(2) - (4)].range); @@ -2033,7 +2033,7 @@ yyreduce: break; case 66: -#line 503 "heimdal/lib/asn1/parse.y" +#line 503 "parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -2042,7 +2042,7 @@ yyreduce: break; case 67: -#line 509 "heimdal/lib/asn1/parse.y" +#line 509 "parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = NULL; @@ -2051,7 +2051,7 @@ yyreduce: break; case 68: -#line 517 "heimdal/lib/asn1/parse.y" +#line 517 "parse.y" { (yyval.type) = new_type(TSetOf); (yyval.type)->subtype = (yyvsp[(3) - (3)].type); @@ -2060,7 +2060,7 @@ yyreduce: break; case 69: -#line 525 "heimdal/lib/asn1/parse.y" +#line 525 "parse.y" { (yyval.type) = new_type(TChoice); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -2068,7 +2068,7 @@ yyreduce: break; case 72: -#line 536 "heimdal/lib/asn1/parse.y" +#line 536 "parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); (yyval.type) = new_type(TType); @@ -2080,7 +2080,7 @@ yyreduce: break; case 73: -#line 547 "heimdal/lib/asn1/parse.y" +#line 547 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, TE_EXPLICIT, new_type(TGeneralizedTime)); @@ -2088,7 +2088,7 @@ yyreduce: break; case 74: -#line 552 "heimdal/lib/asn1/parse.y" +#line 552 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime, TE_EXPLICIT, new_type(TUTCTime)); @@ -2096,7 +2096,7 @@ yyreduce: break; case 75: -#line 559 "heimdal/lib/asn1/parse.y" +#line 559 "parse.y" { /* if (Constraint.type == contentConstrant) { assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too @@ -2112,14 +2112,14 @@ yyreduce: break; case 76: -#line 575 "heimdal/lib/asn1/parse.y" +#line 575 "parse.y" { (yyval.constraint_spec) = (yyvsp[(2) - (3)].constraint_spec); } break; case 80: -#line 588 "heimdal/lib/asn1/parse.y" +#line 588 "parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); (yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (2)].type); @@ -2128,7 +2128,7 @@ yyreduce: break; case 81: -#line 594 "heimdal/lib/asn1/parse.y" +#line 594 "parse.y" { if ((yyvsp[(3) - (3)].value)->type != objectidentifiervalue) error_message("Non-OID used in ENCODED BY constraint"); @@ -2139,7 +2139,7 @@ yyreduce: break; case 82: -#line 602 "heimdal/lib/asn1/parse.y" +#line 602 "parse.y" { if ((yyvsp[(5) - (5)].value)->type != objectidentifiervalue) error_message("Non-OID used in ENCODED BY constraint"); @@ -2150,14 +2150,14 @@ yyreduce: break; case 83: -#line 612 "heimdal/lib/asn1/parse.y" +#line 612 "parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_USER); } break; case 84: -#line 618 "heimdal/lib/asn1/parse.y" +#line 618 "parse.y" { (yyval.type) = new_type(TTag); (yyval.type)->tag = (yyvsp[(1) - (3)].tag); @@ -2171,7 +2171,7 @@ yyreduce: break; case 85: -#line 631 "heimdal/lib/asn1/parse.y" +#line 631 "parse.y" { (yyval.tag).tagclass = (yyvsp[(2) - (4)].constant); (yyval.tag).tagvalue = (yyvsp[(3) - (4)].constant); @@ -2180,56 +2180,56 @@ yyreduce: break; case 86: -#line 639 "heimdal/lib/asn1/parse.y" +#line 639 "parse.y" { (yyval.constant) = ASN1_C_CONTEXT; } break; case 87: -#line 643 "heimdal/lib/asn1/parse.y" +#line 643 "parse.y" { (yyval.constant) = ASN1_C_UNIV; } break; case 88: -#line 647 "heimdal/lib/asn1/parse.y" +#line 647 "parse.y" { (yyval.constant) = ASN1_C_APPL; } break; case 89: -#line 651 "heimdal/lib/asn1/parse.y" +#line 651 "parse.y" { (yyval.constant) = ASN1_C_PRIVATE; } break; case 90: -#line 657 "heimdal/lib/asn1/parse.y" +#line 657 "parse.y" { (yyval.constant) = TE_EXPLICIT; } break; case 91: -#line 661 "heimdal/lib/asn1/parse.y" +#line 661 "parse.y" { (yyval.constant) = TE_EXPLICIT; } break; case 92: -#line 665 "heimdal/lib/asn1/parse.y" +#line 665 "parse.y" { (yyval.constant) = TE_IMPLICIT; } break; case 93: -#line 672 "heimdal/lib/asn1/parse.y" +#line 672 "parse.y" { Symbol *s; s = addsym ((yyvsp[(1) - (4)].name)); @@ -2241,7 +2241,7 @@ yyreduce: break; case 95: -#line 686 "heimdal/lib/asn1/parse.y" +#line 686 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString, TE_EXPLICIT, new_type(TGeneralString)); @@ -2249,7 +2249,7 @@ yyreduce: break; case 96: -#line 691 "heimdal/lib/asn1/parse.y" +#line 691 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String, TE_EXPLICIT, new_type(TUTF8String)); @@ -2257,7 +2257,7 @@ yyreduce: break; case 97: -#line 696 "heimdal/lib/asn1/parse.y" +#line 696 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString, TE_EXPLICIT, new_type(TPrintableString)); @@ -2265,7 +2265,7 @@ yyreduce: break; case 98: -#line 701 "heimdal/lib/asn1/parse.y" +#line 701 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_VisibleString, TE_EXPLICIT, new_type(TVisibleString)); @@ -2273,7 +2273,7 @@ yyreduce: break; case 99: -#line 706 "heimdal/lib/asn1/parse.y" +#line 706 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, TE_EXPLICIT, new_type(TIA5String)); @@ -2281,7 +2281,7 @@ yyreduce: break; case 100: -#line 711 "heimdal/lib/asn1/parse.y" +#line 711 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, TE_EXPLICIT, new_type(TBMPString)); @@ -2289,7 +2289,7 @@ yyreduce: break; case 101: -#line 716 "heimdal/lib/asn1/parse.y" +#line 716 "parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString, TE_EXPLICIT, new_type(TUniversalString)); @@ -2297,7 +2297,7 @@ yyreduce: break; case 102: -#line 724 "heimdal/lib/asn1/parse.y" +#line 724 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -2306,7 +2306,7 @@ yyreduce: break; case 103: -#line 730 "heimdal/lib/asn1/parse.y" +#line 730 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); @@ -2314,7 +2314,7 @@ yyreduce: break; case 104: -#line 735 "heimdal/lib/asn1/parse.y" +#line 735 "parse.y" { struct member *m = ecalloc(1, sizeof(*m)); m->name = estrdup("..."); @@ -2326,7 +2326,7 @@ yyreduce: break; case 105: -#line 746 "heimdal/lib/asn1/parse.y" +#line 746 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (2)].name); @@ -2338,7 +2338,7 @@ yyreduce: break; case 106: -#line 757 "heimdal/lib/asn1/parse.y" +#line 757 "parse.y" { (yyval.member) = (yyvsp[(1) - (1)].member); (yyval.member)->optional = 0; @@ -2347,7 +2347,7 @@ yyreduce: break; case 107: -#line 763 "heimdal/lib/asn1/parse.y" +#line 763 "parse.y" { (yyval.member) = (yyvsp[(1) - (2)].member); (yyval.member)->optional = 1; @@ -2356,7 +2356,7 @@ yyreduce: break; case 108: -#line 769 "heimdal/lib/asn1/parse.y" +#line 769 "parse.y" { (yyval.member) = (yyvsp[(1) - (3)].member); (yyval.member)->optional = 0; @@ -2365,7 +2365,7 @@ yyreduce: break; case 109: -#line 777 "heimdal/lib/asn1/parse.y" +#line 777 "parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -2374,7 +2374,7 @@ yyreduce: break; case 110: -#line 783 "heimdal/lib/asn1/parse.y" +#line 783 "parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); @@ -2382,7 +2382,7 @@ yyreduce: break; case 111: -#line 790 "heimdal/lib/asn1/parse.y" +#line 790 "parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (4)].name); @@ -2396,26 +2396,26 @@ yyreduce: break; case 113: -#line 803 "heimdal/lib/asn1/parse.y" +#line 803 "parse.y" { (yyval.objid) = NULL; } break; case 114: -#line 807 "heimdal/lib/asn1/parse.y" +#line 807 "parse.y" { (yyval.objid) = (yyvsp[(2) - (3)].objid); } break; case 115: -#line 813 "heimdal/lib/asn1/parse.y" +#line 813 "parse.y" { (yyval.objid) = NULL; } break; case 116: -#line 817 "heimdal/lib/asn1/parse.y" +#line 817 "parse.y" { if ((yyvsp[(2) - (2)].objid)) { (yyval.objid) = (yyvsp[(2) - (2)].objid); @@ -2427,14 +2427,14 @@ yyreduce: break; case 117: -#line 828 "heimdal/lib/asn1/parse.y" +#line 828 "parse.y" { (yyval.objid) = new_objid((yyvsp[(1) - (4)].name), (yyvsp[(3) - (4)].constant)); } break; case 118: -#line 832 "heimdal/lib/asn1/parse.y" +#line 832 "parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); if(s->stype != SValue || @@ -2448,14 +2448,14 @@ yyreduce: break; case 119: -#line 843 "heimdal/lib/asn1/parse.y" +#line 843 "parse.y" { (yyval.objid) = new_objid(NULL, (yyvsp[(1) - (1)].constant)); } break; case 129: -#line 866 "heimdal/lib/asn1/parse.y" +#line 866 "parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); if(s->stype != SValue) @@ -2467,7 +2467,7 @@ yyreduce: break; case 130: -#line 877 "heimdal/lib/asn1/parse.y" +#line 877 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = stringvalue; @@ -2476,7 +2476,7 @@ yyreduce: break; case 131: -#line 885 "heimdal/lib/asn1/parse.y" +#line 885 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2485,7 +2485,7 @@ yyreduce: break; case 132: -#line 891 "heimdal/lib/asn1/parse.y" +#line 891 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2494,7 +2494,7 @@ yyreduce: break; case 133: -#line 899 "heimdal/lib/asn1/parse.y" +#line 899 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = integervalue; @@ -2503,13 +2503,13 @@ yyreduce: break; case 135: -#line 910 "heimdal/lib/asn1/parse.y" +#line 910 "parse.y" { } break; case 136: -#line 915 "heimdal/lib/asn1/parse.y" +#line 915 "parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = objectidentifiervalue; @@ -2519,7 +2519,7 @@ yyreduce: /* Line 1267 of yacc.c. */ -#line 2523 "heimdal/lib/asn1/parse.y" +#line 2523 "parse.c" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -2733,7 +2733,7 @@ yyreturn: } -#line 922 "heimdal/lib/asn1/parse.y" +#line 922 "parse.y" void diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h index bea506ca7b..5e73094f9e 100644 --- a/source4/heimdal/lib/asn1/parse.h +++ b/source4/heimdal/lib/asn1/parse.h @@ -222,7 +222,7 @@ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 65 "heimdal/lib/asn1/parse.y" +#line 65 "parse.y" { int constant; struct value *value; @@ -238,7 +238,7 @@ typedef union YYSTYPE struct constraint_spec *constraint_spec; } /* Line 1489 of yacc.c. */ -#line 242 "heimdal/lib/asn1/parse.y" +#line 242 "parse.h" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 diff --git a/source4/heimdal/lib/asn1/pkinit.asn1 b/source4/heimdal/lib/asn1/pkinit.asn1 index 1bfc11ad74..989b26581b 100644 --- a/source4/heimdal/lib/asn1/pkinit.asn1 +++ b/source4/heimdal/lib/asn1/pkinit.asn1 @@ -2,7 +2,7 @@ PKINIT DEFINITIONS ::= BEGIN -IMPORTS EncryptionKey, PrincipalName, Realm, KerberosTime, Checksum FROM krb5 +IMPORTS EncryptionKey, PrincipalName, Realm, KerberosTime, Checksum, Ticket FROM krb5 IssuerAndSerialNumber, ContentInfo FROM cms SubjectPublicKeyInfo, AlgorithmIdentifier FROM rfc2459 heim_any FROM heim; @@ -40,6 +40,11 @@ td-dh-parameters INTEGER ::= 109 DHNonce ::= OCTET STRING +KDFAlgorithmId ::= SEQUENCE { + kdf-id [0] OBJECT IDENTIFIER, + ... +} + TrustedCA ::= SEQUENCE { caName [0] IMPLICIT OCTET STRING, certificateSerialNumber [1] INTEGER OPTIONAL, @@ -76,6 +81,8 @@ AuthPack ::= SEQUENCE { clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL, supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL, clientDHNonce [3] DHNonce OPTIONAL, + ..., + supportedKDFs [4] SEQUENCE OF KDFAlgorithmId OPTIONAL, ... } @@ -89,10 +96,12 @@ KRB5PrincipalName ::= SEQUENCE { AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier - DHRepInfo ::= SEQUENCE { dhSignedData [0] IMPLICIT OCTET STRING, - serverDHNonce [1] DHNonce OPTIONAL + serverDHNonce [1] DHNonce OPTIONAL, + ..., + kdf [2] KDFAlgorithmId OPTIONAL, + ... } PA-PK-AS-REP ::= CHOICE { @@ -162,4 +171,12 @@ ReplyKeyPack-Win2k ::= SEQUENCE { ... } +PkinitSuppPubInfo ::= SEQUENCE { + enctype [0] INTEGER (-2147483648..2147483647), + as-REQ [1] OCTET STRING, + pk-as-rep [2] OCTET STRING, + ticket [3] Ticket, + ... +} + END diff --git a/source4/heimdal/lib/asn1/rfc2459.asn1 b/source4/heimdal/lib/asn1/rfc2459.asn1 index 0ec3b695eb..8e24f0740b 100644 --- a/source4/heimdal/lib/asn1/rfc2459.asn1 +++ b/source4/heimdal/lib/asn1/rfc2459.asn1 @@ -21,6 +21,8 @@ id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 } id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 } id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 } +id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1 2 752 43 16 1 } + id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 2 } id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 } diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index 7a85b302a1..3c6ea3beb7 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -1,6 +1,5 @@ -#include "config.h" -#line 3 "heimdal/lib/com_err/lex.c" +#line 3 "lex.c" #define YY_INT_ALIGNED short int @@ -524,7 +523,7 @@ char *yytext; #include "parse.h" #include "lex.h" -RCSID("$Id: lex.l,v 1.8 2005/05/16 08:52:54 lha Exp $"); +RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $"); static unsigned lineno = 1; static int getstring(void); @@ -533,7 +532,7 @@ static int getstring(void); #undef ECHO -#line 536 "heimdal/lib/com_err/lex.c" +#line 536 "lex.c" #define INITIAL 0 @@ -551,6 +550,35 @@ static int getstring(void); static int yy_init_globals (void ); +/* Accessor methods to globals. + These are made visible to non-reentrant scanners for convenience. */ + +int yylex_destroy (void ); + +int yyget_debug (void ); + +void yyset_debug (int debug_flag ); + +YY_EXTRA_TYPE yyget_extra (void ); + +void yyset_extra (YY_EXTRA_TYPE user_defined ); + +FILE *yyget_in (void ); + +void yyset_in (FILE * in_str ); + +FILE *yyget_out (void ); + +void yyset_out (FILE * out_str ); + +int yyget_leng (void ); + +char *yyget_text (void ); + +int yyget_lineno (void ); + +void yyset_lineno (int line_number ); + /* Macros after this point can all be overridden by user definitions in * section 1. */ @@ -688,7 +716,7 @@ YY_DECL #line 59 "lex.l" -#line 691 "heimdal/lib/com_err/lex.c" +#line 720 "lex.c" if ( !(yy_init) ) { @@ -852,7 +880,7 @@ YY_RULE_SETUP #line 75 "lex.l" ECHO; YY_BREAK -#line 855 "heimdal/lib/com_err/lex.c" +#line 884 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -1083,7 +1111,7 @@ static int yy_get_next_buffer (void) /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), (size_t) num_to_read ); + (yy_n_chars), num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } @@ -1584,7 +1612,7 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. - * @param yystr a NUL-terminated string to scan + * @param str a NUL-terminated string to scan * * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c index 95fe18f16e..4bacb721ca 100644 --- a/source4/heimdal/lib/com_err/parse.c +++ b/source4/heimdal/lib/com_err/parse.c @@ -90,7 +90,7 @@ /* Copy the first part of user declarations. */ -#line 1 "heimdal/lib/com_err/parse.y" +#line 1 "parse.y" /* * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan @@ -163,13 +163,13 @@ extern char *yytext; #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 53 "heimdal/lib/com_err/parse.y" +#line 53 "parse.y" { char *string; int number; } /* Line 187 of yacc.c. */ -#line 173 "heimdal/lib/com_err/parse.y" +#line 173 "parse.c" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -182,7 +182,7 @@ typedef union YYSTYPE /* Line 216 of yacc.c. */ -#line 186 "heimdal/lib/com_err/parse.y" +#line 186 "parse.c" #ifdef short # undef short @@ -1381,14 +1381,14 @@ yyreduce: switch (yyn) { case 6: -#line 73 "heimdal/lib/com_err/parse.y" +#line 73 "parse.y" { id_str = (yyvsp[(2) - (2)].string); } break; case 7: -#line 79 "heimdal/lib/com_err/parse.y" +#line 79 "parse.y" { base_id = name2number((yyvsp[(2) - (2)].string)); strlcpy(name, (yyvsp[(2) - (2)].string), sizeof(name)); @@ -1397,7 +1397,7 @@ yyreduce: break; case 8: -#line 85 "heimdal/lib/com_err/parse.y" +#line 85 "parse.y" { base_id = name2number((yyvsp[(2) - (3)].string)); strlcpy(name, (yyvsp[(3) - (3)].string), sizeof(name)); @@ -1407,14 +1407,14 @@ yyreduce: break; case 11: -#line 98 "heimdal/lib/com_err/parse.y" +#line 98 "parse.y" { number = (yyvsp[(2) - (2)].number); } break; case 12: -#line 102 "heimdal/lib/com_err/parse.y" +#line 102 "parse.y" { free(prefix); asprintf (&prefix, "%s_", (yyvsp[(2) - (2)].string)); @@ -1425,7 +1425,7 @@ yyreduce: break; case 13: -#line 110 "heimdal/lib/com_err/parse.y" +#line 110 "parse.y" { prefix = realloc(prefix, 1); if (prefix == NULL) @@ -1435,7 +1435,7 @@ yyreduce: break; case 14: -#line 117 "heimdal/lib/com_err/parse.y" +#line 117 "parse.y" { struct error_code *ec = malloc(sizeof(*ec)); @@ -1458,7 +1458,7 @@ yyreduce: break; case 15: -#line 137 "heimdal/lib/com_err/parse.y" +#line 137 "parse.y" { YYACCEPT; } @@ -1466,7 +1466,7 @@ yyreduce: /* Line 1267 of yacc.c. */ -#line 1470 "heimdal/lib/com_err/parse.y" +#line 1470 "parse.c" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -1680,7 +1680,7 @@ yyreturn: } -#line 142 "heimdal/lib/com_err/parse.y" +#line 142 "parse.y" static long diff --git a/source4/heimdal/lib/com_err/parse.h b/source4/heimdal/lib/com_err/parse.h index 9aabca9023..4c9681ff34 100644 --- a/source4/heimdal/lib/com_err/parse.h +++ b/source4/heimdal/lib/com_err/parse.h @@ -64,13 +64,13 @@ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 53 "heimdal/lib/com_err/parse.y" +#line 53 "parse.y" { char *string; int number; } /* Line 1489 of yacc.c. */ -#line 74 "heimdal/lib/com_err/parse.y" +#line 74 "parse.h" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h index cca529fe26..2223f4f22f 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_krb5.h 20385 2007-04-18 08:51:32Z lha $ */ +/* $Id: gssapi_krb5.h 22655 2008-02-26 12:40:35Z lha $ */ #ifndef GSSAPI_KRB5_H_ #define GSSAPI_KRB5_H_ @@ -80,6 +80,7 @@ extern gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X; /* Extensions creds */ extern gss_OID GSS_KRB5_IMPORT_CRED_X; extern gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X; +extern gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X; /* * kerberos mechanism specific functions diff --git a/source4/heimdal/lib/gssapi/gssapi_mech.h b/source4/heimdal/lib/gssapi/gssapi_mech.h index 403990ad47..b360de13fc 100644 --- a/source4/heimdal/lib/gssapi/gssapi_mech.h +++ b/source4/heimdal/lib/gssapi/gssapi_mech.h @@ -356,4 +356,6 @@ gssapi_mech_interface __gss_spnego_initialize(void); gssapi_mech_interface __gss_krb5_initialize(void); gssapi_mech_interface __gss_ntlm_initialize(void); +void gss_mg_collect_error(gss_OID, OM_uint32, OM_uint32); + #endif /* GSSAPI_MECH_H */ diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c index d5c70636bc..051446c19b 100644 --- a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: acquire_cred.c 21221 2007-06-20 08:42:10Z lha $"); +RCSID("$Id: acquire_cred.c 22596 2008-02-18 18:05:55Z lha $"); OM_uint32 __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, @@ -128,9 +128,12 @@ static OM_uint32 acquire_initiator_cred ret = GSS_S_FAILURE; memset(&cred, 0, sizeof(cred)); - /* If we have a preferred principal, lets try to find it in all - * caches, otherwise, fall back to default cache. Ignore - * errors. */ + /* + * If we have a preferred principal, lets try to find it in all + * caches, otherwise, fall back to default cache, ignore all + * errors while searching. + */ + if (handle->principal) kret = krb5_cc_cache_match (context, handle->principal, @@ -142,32 +145,30 @@ static OM_uint32 acquire_initiator_cred if (kret) goto end; } - kret = krb5_cc_get_principal(context, ccache, - &def_princ); + kret = krb5_cc_get_principal(context, ccache, &def_princ); if (kret != 0) { /* we'll try to use a keytab below */ - krb5_cc_destroy(context, ccache); - ccache = NULL; + krb5_cc_close(context, ccache); + def_princ = NULL; kret = 0; } else if (handle->principal == NULL) { - kret = krb5_copy_principal(context, def_princ, - &handle->principal); + kret = krb5_copy_principal(context, def_princ, &handle->principal); if (kret) goto end; } else if (handle->principal != NULL && - krb5_principal_compare(context, handle->principal, - def_princ) == FALSE) { - /* Before failing, lets check the keytab */ + krb5_principal_compare(context, handle->principal, + def_princ) == FALSE) { krb5_free_principal(context, def_princ); def_princ = NULL; + krb5_cc_close(context, ccache); + ccache = NULL; } if (def_princ == NULL) { /* We have no existing credentials cache, * so attempt to get a TGT using a keytab. */ if (handle->principal == NULL) { - kret = krb5_get_default_principal(context, - &handle->principal); + kret = krb5_get_default_principal(context, &handle->principal); if (kret) goto end; } @@ -182,16 +183,19 @@ static OM_uint32 acquire_initiator_cred krb5_get_init_creds_opt_free(context, opt); if (kret) goto end; - kret = krb5_cc_gen_new(context, &krb5_mcc_ops, - &ccache); + kret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache); if (kret) goto end; kret = krb5_cc_initialize(context, ccache, cred.client); - if (kret) + if (kret) { + krb5_cc_destroy(context, ccache); goto end; + } kret = krb5_cc_store_cred(context, ccache, &cred); - if (kret) + if (kret) { + krb5_cc_destroy(context, ccache); goto end; + } handle->lifetime = cred.times.endtime; handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE; } else { @@ -201,8 +205,10 @@ static OM_uint32 acquire_initiator_cred ccache, handle->principal, &handle->lifetime); - if (ret != GSS_S_COMPLETE) + if (ret != GSS_S_COMPLETE) { + krb5_cc_close(context, ccache); goto end; + } kret = 0; } @@ -216,13 +222,8 @@ end: krb5_free_principal(context, def_princ); if (keytab != NULL) krb5_kt_close(context, keytab); - if (ret != GSS_S_COMPLETE) { - if (ccache != NULL) - krb5_cc_close(context, ccache); - if (kret != 0) { - *minor_status = kret; - } - } + if (ret != GSS_S_COMPLETE && kret != 0) + *minor_status = kret; return (ret); } @@ -257,8 +258,23 @@ static OM_uint32 acquire_acceptor_cred goto end; krb5_kt_free_entry(context, &entry); ret = GSS_S_COMPLETE; - } - + } else { + /* + * Check if there is at least one entry in the keytab before + * declaring it as an useful keytab. + */ + krb5_keytab_entry tmp; + krb5_kt_cursor c; + + kret = krb5_kt_start_seq_get (context, handle->keytab, &c); + if (kret) + goto end; + if (krb5_kt_next_entry(context, handle->keytab, &tmp, &c) == 0) { + krb5_kt_free_entry(context, &tmp); + ret = GSS_S_COMPLETE; /* ok found one entry */ + } + krb5_kt_end_seq_get (context, handle->keytab, &c); + } end: if (ret != GSS_S_COMPLETE) { if (handle->keytab != NULL) diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c index d4c1bc4db2..03fe61dc57 100644 --- a/source4/heimdal/lib/gssapi/krb5/external.c +++ b/source4/heimdal/lib/gssapi/krb5/external.c @@ -34,7 +34,7 @@ #include "krb5/gsskrb5_locl.h" #include -RCSID("$Id: external.c 20386 2007-04-18 08:52:08Z lha $"); +RCSID("$Id: external.c 22128 2007-12-04 00:56:55Z lha $"); /* * The implementation must reserve static storage for a @@ -374,8 +374,6 @@ gss_OID GSS_SASL_DIGEST_MD5_MECHANISM = &gss_sasl_digest_md5_mechanism_desc; * Context for krb5 calls. */ -krb5_context context; - /* * */ diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h index c2239f1346..64a0dd36b1 100644 --- a/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h +++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h @@ -413,7 +413,7 @@ _gsskrb5_init (krb5_context */*context*/); OM_uint32 _gsskrb5_init_sec_context ( OM_uint32 * /*minor_status*/, - const gss_cred_id_t /*initiator_cred_handle*/, + const gss_cred_id_t /*cred_handle*/, gss_ctx_id_t * /*context_handle*/, const gss_name_t /*target_name*/, const gss_OID /*mech_type*/, diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h index 6ffb607035..3e8c1b8fa6 100644 --- a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h +++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gsskrb5_locl.h 20324 2007-04-12 16:46:01Z lha $ */ +/* $Id: gsskrb5_locl.h 22655 2008-02-26 12:40:35Z lha $ */ #ifndef GSSKRB5_LOCL_H #define GSSKRB5_LOCL_H @@ -86,6 +86,7 @@ typedef struct { krb5_principal principal; int cred_flags; #define GSS_CF_DESTROY_CRED_ON_RELEASE 1 +#define GSS_CF_NO_CI_FLAGS 2 struct krb5_keytab_data *keytab; OM_uint32 lifetime; gss_cred_usage_t usage; diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c index 4d1ae0daa9..d4482a54b2 100644 --- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: init_sec_context.c 20326 2007-04-12 16:49:57Z lha $"); +RCSID("$Id: init_sec_context.c 22671 2008-03-09 23:57:54Z lha $"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -326,7 +326,7 @@ do_delegation (krb5_context context, static OM_uint32 init_auth (OM_uint32 * minor_status, - gsskrb5_cred initiator_cred_handle, + gsskrb5_cred cred, gsskrb5_ctx ctx, krb5_context context, krb5_const_principal name, @@ -344,7 +344,7 @@ init_auth OM_uint32 ret = GSS_S_FAILURE; krb5_error_code kret; krb5_flags ap_options; - krb5_creds *cred = NULL; + krb5_creds *kcred = NULL; krb5_data outbuf; krb5_ccache ccache = NULL; uint32_t flags; @@ -362,7 +362,7 @@ init_auth if (actual_mech_type) *actual_mech_type = GSS_KRB5_MECHANISM; - if (initiator_cred_handle == NULL) { + if (cred == NULL) { kret = krb5_cc_default (context, &ccache); if (kret) { *minor_status = kret; @@ -370,7 +370,7 @@ init_auth goto failure; } } else - ccache = initiator_cred_handle->ccache; + ccache = cred->ccache; kret = krb5_cc_get_principal (context, ccache, &ctx->source); if (kret) { @@ -400,8 +400,8 @@ init_auth { krb5_enctype *enctypes = NULL; - if (initiator_cred_handle && initiator_cred_handle->enctypes) - enctypes = initiator_cred_handle->enctypes; + if (cred && cred->enctypes) + enctypes = cred->enctypes; krb5_set_default_in_tkt_etypes(context, enctypes); } @@ -412,11 +412,11 @@ init_auth ctx->target, time_req, time_rec, - &cred); + &kcred); if (ret) goto failure; - ctx->lifetime = cred->times.endtime; + ctx->lifetime = kcred->times.endtime; ret = _gsskrb5_lifetime_left(minor_status, context, @@ -434,11 +434,11 @@ init_auth krb5_auth_con_setkey(context, ctx->auth_context, - &cred->session); + &kcred->session); kret = krb5_auth_con_generatelocalsubkey(context, ctx->auth_context, - &cred->session); + &kcred->session); if(kret) { *minor_status = kret; ret = GSS_S_FAILURE; @@ -449,10 +449,10 @@ init_auth * If the credential doesn't have ok-as-delegate, check what local * policy say about ok-as-delegate, default is FALSE that makes * code ignore the KDC setting and follow what the application - * requested. If its TRUE, strip of the GSS_C_DELEG_FLAG if the + * requested. If it is TRUE, strip of the GSS_C_DELEG_FLAG if the * KDC doesn't set ok-as-delegate. */ - if (!cred->flags.b.ok_as_delegate) { + if (!kcred->flags.b.ok_as_delegate) { krb5_boolean delegate; krb5_appdefault_boolean(context, @@ -467,7 +467,7 @@ init_auth if (req_flags & GSS_C_DELEG_FLAG) do_delegation (context, ctx->auth_context, - ccache, cred, name, &fwd_data, &flags); + ccache, kcred, name, &fwd_data, &flags); if (req_flags & GSS_C_MUTUAL_FLAG) { flags |= GSS_C_MUTUAL_FLAG; @@ -490,8 +490,10 @@ init_auth if (req_flags & GSS_C_EXTENDED_ERROR_FLAG) flags |= GSS_C_EXTENDED_ERROR_FLAG; - flags |= GSS_C_CONF_FLAG; - flags |= GSS_C_INTEG_FLAG; + if (cred == NULL || !(cred->cred_flags & GSS_CF_NO_CI_FLAGS)) { + flags |= GSS_C_CONF_FLAG; + flags |= GSS_C_INTEG_FLAG; + } flags |= GSS_C_TRANS_FLAG; if (ret_flags) @@ -513,7 +515,7 @@ init_auth kret = krb5_build_authenticator (context, ctx->auth_context, enctype, - cred, + kcred, &cksum, NULL, &authenticator, @@ -527,7 +529,7 @@ init_auth kret = krb5_build_ap_req (context, enctype, - cred, + kcred, ap_options, authenticator, &outbuf); @@ -544,9 +546,9 @@ init_auth goto failure; krb5_data_free (&outbuf); - krb5_free_creds(context, cred); + krb5_free_creds(context, kcred); free_Checksum(&cksum); - if (initiator_cred_handle == NULL) + if (cred == NULL) krb5_cc_close(context, ccache); if (flags & GSS_C_MUTUAL_FLAG) { @@ -556,9 +558,9 @@ init_auth return gsskrb5_initiator_ready(minor_status, ctx, context); failure: - if(cred) - krb5_free_creds(context, cred); - if (ccache && initiator_cred_handle == NULL) + if(kcred) + krb5_free_creds(context, kcred); + if (ccache && cred == NULL) krb5_cc_close(context, ccache); return ret; @@ -682,7 +684,7 @@ repl_mutual OM_uint32 _gsskrb5_init_sec_context (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, + const gss_cred_id_t cred_handle, gss_ctx_id_t * context_handle, const gss_name_t target_name, const gss_OID mech_type, @@ -697,7 +699,7 @@ OM_uint32 _gsskrb5_init_sec_context ) { krb5_context context; - gsskrb5_cred cred = (gsskrb5_cred)initiator_cred_handle; + gsskrb5_cred cred = (gsskrb5_cred)cred_handle; krb5_const_principal name = (krb5_const_principal)target_name; gsskrb5_ctx ctx; OM_uint32 ret; diff --git a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c index d0ca1c4d95..242dfa87b4 100644 --- a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c +++ b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c @@ -32,13 +32,22 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: set_cred_option.c 20325 2007-04-12 16:49:17Z lha $"); +RCSID("$Id: set_cred_option.c 22655 2008-02-26 12:40:35Z lha $"); +/* 1.2.752.43.13.17 */ +static gss_OID_desc gss_krb5_ccache_name_x_oid_desc = +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")}; + +gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X = &gss_krb5_ccache_name_x_oid_desc; + +/* 1.2.752.43.13.18 */ static gss_OID_desc gss_krb5_import_cred_x_oid_desc = -{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x04"}; /* XXX */ +{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")}; gss_OID GSS_KRB5_IMPORT_CRED_X = &gss_krb5_import_cred_x_oid_desc; + + static OM_uint32 import_cred(OM_uint32 *minor_status, krb5_context context, @@ -201,6 +210,27 @@ out: return major_stat; } +static OM_uint32 +no_ci_flags(OM_uint32 *minor_status, + krb5_context context, + gss_cred_id_t *cred_handle, + const gss_buffer_t value) +{ + gsskrb5_cred cred; + + if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) { + *minor_status = 0; + return GSS_S_FAILURE; + } + + cred = (gsskrb5_cred)*cred_handle; + cred->cred_flags |= GSS_CF_NO_CI_FLAGS; + + *minor_status = 0; + return GSS_S_COMPLETE; + +} + OM_uint32 _gsskrb5_set_cred_option @@ -224,6 +254,11 @@ _gsskrb5_set_cred_option if (gss_oid_equal(desired_object, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X)) return allowed_enctypes(minor_status, context, cred_handle, value); + if (gss_oid_equal(desired_object, GSS_KRB5_CRED_NO_CI_FLAGS_X)) { + return no_ci_flags(minor_status, context, cred_handle, value); + } + + *minor_status = EINVAL; return GSS_S_FAILURE; } diff --git a/source4/heimdal/lib/gssapi/mech/context.c b/source4/heimdal/lib/gssapi/mech/context.c index e4517bee44..926630c42d 100644 --- a/source4/heimdal/lib/gssapi/mech/context.c +++ b/source4/heimdal/lib/gssapi/mech/context.c @@ -1,7 +1,7 @@ #include "mech/mech_locl.h" #include "heim_threads.h" -RCSID("$Id: context.c 21248 2007-06-21 00:45:13Z lha $"); +RCSID("$Id: context.c 22600 2008-02-21 12:46:24Z lha $"); struct mg_thread_ctx { gss_OID mech; @@ -107,6 +107,13 @@ _gss_mg_error(gssapi_mech_interface m, OM_uint32 maj, OM_uint32 min) OM_uint32 message_content; struct mg_thread_ctx *mg; + /* + * Mechs without gss_display_status() does + * gss_mg_collect_error() by themself. + */ + if (m->gm_display_status == NULL) + return ; + mg = _gss_mechglue_thread(); if (mg == NULL) return; @@ -139,3 +146,12 @@ _gss_mg_error(gssapi_mech_interface m, OM_uint32 maj, OM_uint32 min) mg->min_error.length = 0; } } + +void +gss_mg_collect_error(gss_OID mech, OM_uint32 maj, OM_uint32 min) +{ + gssapi_mech_interface m = __gss_get_mechanism(mech); + if (m == NULL) + return; + _gss_mg_error(m, maj, min); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c index d1e243d8b8..a6b1ded5ca 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_accept_sec_context.c 21237 2007-06-20 11:21:09Z lha $"); +RCSID("$Id: gss_accept_sec_context.c 22071 2007-11-14 20:04:50Z lha $"); static OM_uint32 parse_header(const gss_buffer_t input_token, gss_OID mech_oid) @@ -38,7 +38,7 @@ parse_header(const gss_buffer_t input_token, gss_OID mech_oid) /* * Token must start with [APPLICATION 0] SEQUENCE. - * But if it doesn't assume its DCE-STYLE Kerberos! + * But if it doesn't assume it is DCE-STYLE Kerberos! */ if (len == 0) return (GSS_S_DEFECTIVE_TOKEN); @@ -102,7 +102,7 @@ choose_mech(const gss_buffer_t input, gss_OID mech_oid) OM_uint32 status; /* - * First try to parse the gssapi token header and see if its a + * First try to parse the gssapi token header and see if it's a * correct header, use that in the first hand. */ diff --git a/source4/heimdal/lib/gssapi/mech/gss_krb5.c b/source4/heimdal/lib/gssapi/mech/gss_krb5.c index 9e77f42982..03081cb70f 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_krb5.c +++ b/source4/heimdal/lib/gssapi/mech/gss_krb5.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_krb5.c 21123 2007-06-18 20:05:26Z lha $"); +RCSID("$Id: gss_krb5.c 21889 2007-08-09 07:43:24Z lha $"); #include #include @@ -253,7 +253,6 @@ free_key(gss_krb5_lucid_key_t *key) memset(key, 0, sizeof(*key)); } - OM_uint32 gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, @@ -824,3 +823,43 @@ gsskrb5_set_default_realm(const char *realm) return (GSS_S_COMPLETE); } + +OM_uint32 +gss_krb5_get_tkt_flags(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + OM_uint32 *tkt_flags) +{ + + OM_uint32 major_status; + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + + if (context_handle == GSS_C_NO_CONTEXT) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + major_status = + gss_inquire_sec_context_by_oid (minor_status, + context_handle, + GSS_KRB5_GET_TKT_FLAGS_X, + &data_set); + if (major_status) + return major_status; + + if (data_set == GSS_C_NO_BUFFER_SET || + data_set->count != 1 || + data_set->elements[0].length < 4) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + { + const u_char *p = data_set->elements[0].value; + *tkt_flags = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); + } + + gss_release_buffer_set(minor_status, &data_set); + return GSS_S_COMPLETE; +} + diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c index f1a18afb13..fe65ad1ae1 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c +++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -28,7 +28,7 @@ #include "mech_locl.h" #include -RCSID("$Id: gss_mech_switch.c 21700 2007-07-26 19:08:34Z lha $"); +RCSID("$Id: gss_mech_switch.c 21698 2007-07-26 19:07:11Z lha $"); #ifndef _PATH_GSS_MECH #define _PATH_GSS_MECH "/etc/gss/mech" diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c b/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c index 4372e62294..388cfdbf4c 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c +++ b/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_oid_set.c 19963 2007-01-17 16:01:22Z lha $"); +RCSID("$Id: gss_release_oid_set.c 22144 2007-12-04 17:31:55Z lha $"); OM_uint32 gss_release_oid_set(OM_uint32 *minor_status, @@ -35,7 +35,7 @@ gss_release_oid_set(OM_uint32 *minor_status, { *minor_status = 0; - if (*set) { + if (set && *set) { if ((*set)->elements) free((*set)->elements); free(*set); diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c index 1afe26f1e3..df25b0f4bf 100644 --- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: accept_sec_context.c 21461 2007-07-10 14:01:13Z lha $"); +RCSID("$Id: accept_sec_context.c 22600 2008-02-21 12:46:24Z lha $"); static OM_uint32 send_reject (OM_uint32 *minor_status, @@ -540,7 +540,7 @@ acceptor_start gss_cred_id_t *delegated_cred_handle ) { - OM_uint32 ret, junk, minor; + OM_uint32 ret, junk; NegotiationToken nt; size_t nt_len; NegTokenInit *ni; @@ -609,7 +609,7 @@ acceptor_start /* * First we try the opportunistic token if we have support for it, * don't try to verify we have credential for the token, - * gss_accept_sec_context will (hopefully) tell us that. + * gss_accept_sec_context() will (hopefully) tell us that. * If that failes, */ @@ -633,12 +633,12 @@ acceptor_start mech_cred = GSS_C_NO_CREDENTIAL; if (ctx->mech_src_name != GSS_C_NO_NAME) - gss_release_name(&minor, &ctx->mech_src_name); + gss_release_name(&junk, &ctx->mech_src_name); if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL) - _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id); + _gss_spnego_release_cred(&junk, &ctx->delegated_cred_id); - ret = gss_accept_sec_context(&minor, + ret = gss_accept_sec_context(minor_status, &ctx->negotiated_ctx_id, mech_cred, mech_input_token, @@ -656,7 +656,7 @@ acceptor_start ctx->open = 1; if (mech_delegated_cred && delegated_cred_handle) - ret = _gss_spnego_alloc_cred(minor_status, + ret = _gss_spnego_alloc_cred(&junk, mech_delegated_cred, delegated_cred_handle); else @@ -674,6 +674,8 @@ acceptor_start goto out; first_ok = 1; + } else { + gss_mg_collect_error(preferred_mech_type, ret, *minor_status); } } @@ -681,7 +683,9 @@ acceptor_start * If opportunistic token failed, lets try the other mechs. */ - if (!first_ok) { + if (!first_ok && ni->mechToken != NULL) { + + preferred_mech_type = GSS_C_NO_OID; /* Call glue layer to find first mech we support */ for (i = 1; i < ni->mechTypes.len; ++i) { @@ -695,7 +699,7 @@ acceptor_start if (preferred_mech_type == GSS_C_NO_OID) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); free_NegotiationToken(&nt); - return GSS_S_BAD_MECH; + return ret; } ctx->preferred_mech_type = preferred_mech_type; @@ -717,7 +721,7 @@ acceptor_start out: if (mech_output_token.value != NULL) - gss_release_buffer(&minor, &mech_output_token); + gss_release_buffer(&junk, &mech_output_token); if (mech_buf.value != NULL) { free(mech_buf.value); mech_buf.value = NULL; @@ -754,7 +758,7 @@ out: return ret; } - _gss_spnego_internal_delete_sec_context(&minor, context_handle, + _gss_spnego_internal_delete_sec_context(&junk, context_handle, GSS_C_NO_BUFFER); return ret; @@ -877,6 +881,7 @@ acceptor_continue } if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) { free_NegotiationToken(&nt); + gss_mg_collect_error(ctx->negotiated_mech_type, ret, minor); send_reject (minor_status, output_token); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); return ret; diff --git a/source4/heimdal/lib/gssapi/spnego/compat.c b/source4/heimdal/lib/gssapi/spnego/compat.c index bc7da9410e..287f4f760e 100644 --- a/source4/heimdal/lib/gssapi/spnego/compat.c +++ b/source4/heimdal/lib/gssapi/spnego/compat.c @@ -32,7 +32,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: compat.c 19415 2006-12-18 17:52:26Z lha $"); +RCSID("$Id: compat.c 21866 2007-08-08 11:31:29Z lha $"); /* * Apparently Microsoft got the OID wrong, and used @@ -129,6 +129,7 @@ OM_uint32 _gss_spnego_internal_delete_sec_context gss_release_oid(&minor, &ctx->preferred_mech_type); ctx->negotiated_mech_type = GSS_C_NO_OID; + gss_release_name(&minor, &ctx->target_name); gss_release_name(&minor, &ctx->mech_src_name); if (ctx->negotiated_ctx_id != GSS_C_NO_CONTEXT) { diff --git a/source4/heimdal/lib/gssapi/spnego/context_stubs.c b/source4/heimdal/lib/gssapi/spnego/context_stubs.c index 3535c7bb35..0169017ee5 100644 --- a/source4/heimdal/lib/gssapi/spnego/context_stubs.c +++ b/source4/heimdal/lib/gssapi/spnego/context_stubs.c @@ -32,7 +32,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: context_stubs.c 21035 2007-06-09 15:32:47Z lha $"); +RCSID("$Id: context_stubs.c 22604 2008-02-21 21:12:48Z lha $"); static OM_uint32 spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs) @@ -263,18 +263,6 @@ OM_uint32 _gss_spnego_unwrap qop_state); } -OM_uint32 _gss_spnego_display_status - (OM_uint32 * minor_status, - OM_uint32 status_value, - int status_type, - const gss_OID mech_type, - OM_uint32 * message_context, - gss_buffer_t status_string - ) -{ - return GSS_S_FAILURE; -} - OM_uint32 _gss_spnego_compare_name (OM_uint32 *minor_status, const gss_name_t name1, @@ -406,28 +394,58 @@ OM_uint32 _gss_spnego_inquire_context ( ) { gssspnego_ctx ctx; + OM_uint32 maj_stat, junk; + gss_name_t src_mn, targ_mn; *minor_status = 0; - if (context_handle == GSS_C_NO_CONTEXT) { + if (context_handle == GSS_C_NO_CONTEXT) return GSS_S_NO_CONTEXT; - } ctx = (gssspnego_ctx)context_handle; - if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) return GSS_S_NO_CONTEXT; - } - return gss_inquire_context(minor_status, - ctx->negotiated_ctx_id, - src_name, - targ_name, - lifetime_rec, - mech_type, - ctx_flags, - locally_initiated, - open_context); + maj_stat = gss_inquire_context(minor_status, + ctx->negotiated_ctx_id, + &src_mn, + &targ_mn, + lifetime_rec, + mech_type, + ctx_flags, + locally_initiated, + open_context); + if (maj_stat != GSS_S_COMPLETE) + return maj_stat; + + if (src_name) { + spnego_name name = calloc(1, sizeof(*name)); + if (name == NULL) + goto enomem; + name->mech = src_mn; + *src_name = (gss_name_t)name; + } else + gss_release_name(&junk, &src_mn); + + if (targ_name) { + spnego_name name = calloc(1, sizeof(*name)); + if (name == NULL) { + gss_release_name(minor_status, src_name); + goto enomem; + } + name->mech = targ_mn; + *targ_name = (gss_name_t)name; + } else + gss_release_name(&junk, &targ_mn); + + return GSS_S_COMPLETE; + +enomem: + gss_release_name(&junk, &targ_mn); + gss_release_name(&junk, &src_mn); + *minor_status = ENOMEM; + return GSS_S_FAILURE; } OM_uint32 _gss_spnego_wrap_size_limit ( diff --git a/source4/heimdal/lib/gssapi/spnego/external.c b/source4/heimdal/lib/gssapi/spnego/external.c index fbc231f3ae..6c9a03a3b0 100644 --- a/source4/heimdal/lib/gssapi/spnego/external.c +++ b/source4/heimdal/lib/gssapi/spnego/external.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" #include -RCSID("$Id: external.c 18336 2006-10-07 22:27:13Z lha $"); +RCSID("$Id: external.c 22600 2008-02-21 12:46:24Z lha $"); /* * RFC2478, SPNEGO: @@ -57,7 +57,7 @@ static gssapi_mech_interface_desc spnego_mech = { _gss_spnego_verify_mic, _gss_spnego_wrap, _gss_spnego_unwrap, - _gss_spnego_display_status, + NULL, NULL, _gss_spnego_compare_name, _gss_spnego_display_name, diff --git a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c index 7c74981e66..bee4895898 100644 --- a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: init_sec_context.c 19411 2006-12-18 15:42:03Z lha $"); +RCSID("$Id: init_sec_context.c 22600 2008-02-21 12:46:24Z lha $"); /* * Is target_name an sane target for `mech´. @@ -59,8 +59,10 @@ initiator_approved(gss_name_t target_name, gss_OID mech) &out, NULL, NULL); - if (GSS_ERROR(maj_stat)) + if (GSS_ERROR(maj_stat)) { + gss_mg_collect_error(mech, maj_stat, min_stat); return GSS_S_BAD_MECH; + } gss_release_buffer(&min_stat, &out); gss_delete_sec_context(&min_stat, &ctx, NULL); @@ -268,6 +270,7 @@ spnego_initial if (GSS_ERROR(sub)) { free_NegTokenInit(&ni); *minor_status = minor; + gss_mg_collect_error(ctx->preferred_mech_type, sub, minor); _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); return sub; } @@ -480,7 +483,8 @@ spnego_reply return GSS_S_BAD_MECH; } - if (resp.responseToken != NULL || + /* if a token (of non zero length), or no context, pass to underlaying mech */ + if ((resp.responseToken != NULL && resp.responseToken->length) || ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { gss_buffer_desc mech_input_token; @@ -515,6 +519,7 @@ spnego_reply if (GSS_ERROR(ret)) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); free_NegTokenResp(&resp); + gss_mg_collect_error(&mech, ret, minor); *minor_status = minor; return ret; } diff --git a/source4/heimdal/lib/gssapi/spnego/spnego-private.h b/source4/heimdal/lib/gssapi/spnego/spnego-private.h index d80db0018a..69f4d8423d 100644 --- a/source4/heimdal/lib/gssapi/spnego/spnego-private.h +++ b/source4/heimdal/lib/gssapi/spnego/spnego-private.h @@ -90,15 +90,6 @@ _gss_spnego_display_name ( gss_buffer_t /*output_name_buffer*/, gss_OID * output_name_type ); -OM_uint32 -_gss_spnego_display_status ( - OM_uint32 * /*minor_status*/, - OM_uint32 /*status_value*/, - int /*status_type*/, - const gss_OID /*mech_type*/, - OM_uint32 * /*message_context*/, - gss_buffer_t status_string ); - OM_uint32 _gss_spnego_duplicate_name ( OM_uint32 * /*minor_status*/, diff --git a/source4/heimdal/lib/hcrypto/bn.c b/source4/heimdal/lib/hcrypto/bn.c index 698da2fe0b..6076478bbb 100644 --- a/source4/heimdal/lib/hcrypto/bn.c +++ b/source4/heimdal/lib/hcrypto/bn.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: bn.c 18449 2006-10-14 09:21:09Z lha $"); +RCSID("$Id: bn.c 22261 2007-12-09 06:24:18Z lha $"); #include #include @@ -232,9 +232,9 @@ BN_set_negative(BIGNUM *bn, int flag) } int -BN_is_negative(BIGNUM *bn) +BN_is_negative(const BIGNUM *bn) { - return ((heim_integer *)bn)->negative ? 1 : 0; + return ((const heim_integer *)bn)->negative ? 1 : 0; } static const unsigned char is_set[8] = { 1, 2, 4, 8, 16, 32, 64, 128 }; diff --git a/source4/heimdal/lib/hcrypto/bn.h b/source4/heimdal/lib/hcrypto/bn.h index 82c9991c2c..92cacec2a6 100644 --- a/source4/heimdal/lib/hcrypto/bn.h +++ b/source4/heimdal/lib/hcrypto/bn.h @@ -32,7 +32,7 @@ */ /* - * $Id: bn.h 16536 2006-01-13 08:27:50Z lha $ + * $Id: bn.h 22260 2007-12-09 06:23:47Z lha $ */ #ifndef _HEIM_BN_H @@ -97,7 +97,7 @@ int BN_num_bytes(const BIGNUM *); int BN_cmp(const BIGNUM *, const BIGNUM *); void BN_set_negative(BIGNUM *, int); -int BN_is_negative(BIGNUM *); +int BN_is_negative(const BIGNUM *); int BN_is_bit_set(const BIGNUM *, int); int BN_set_bit(BIGNUM *, int); diff --git a/source4/heimdal/lib/hcrypto/camellia-ntt.c b/source4/heimdal/lib/hcrypto/camellia-ntt.c new file mode 100644 index 0000000000..c32c406baa --- /dev/null +++ b/source4/heimdal/lib/hcrypto/camellia-ntt.c @@ -0,0 +1,1461 @@ +/* camellia.h ver 1.2.0 + * + * Copyright (C) 2006,2007 + * NTT (Nippon Telegraph and Telephone Corporation). + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +/* + * Algorithm Specification + * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html + */ + +#include +#include + +#include "camellia.h" + +/* u32 must be 32bit word */ +typedef unsigned int u32; +typedef unsigned char u8; + +/* key constants */ + +#define CAMELLIA_SIGMA1L (0xA09E667FL) +#define CAMELLIA_SIGMA1R (0x3BCC908BL) +#define CAMELLIA_SIGMA2L (0xB67AE858L) +#define CAMELLIA_SIGMA2R (0x4CAA73B2L) +#define CAMELLIA_SIGMA3L (0xC6EF372FL) +#define CAMELLIA_SIGMA3R (0xE94F82BEL) +#define CAMELLIA_SIGMA4L (0x54FF53A5L) +#define CAMELLIA_SIGMA4R (0xF1D36F1CL) +#define CAMELLIA_SIGMA5L (0x10E527FAL) +#define CAMELLIA_SIGMA5R (0xDE682D1DL) +#define CAMELLIA_SIGMA6L (0xB05688C2L) +#define CAMELLIA_SIGMA6R (0xB3E6C1FDL) + +/* + * macros + */ + + +#if defined(_MSC_VER) + +# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) +# define GETU32(p) SWAP(*((u32 *)(p))) +# define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));} + +#else /* not MS-VC */ + +# define GETU32(pt) \ + (((u32)(pt)[0] << 24) \ + ^ ((u32)(pt)[1] << 16) \ + ^ ((u32)(pt)[2] << 8) \ + ^ ((u32)(pt)[3])) + +# define PUTU32(ct, st) { \ + (ct)[0] = (u8)((st) >> 24); \ + (ct)[1] = (u8)((st) >> 16); \ + (ct)[2] = (u8)((st) >> 8); \ + (ct)[3] = (u8)(st); } + +#endif + +#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2]) +#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1]) + +/* rotation right shift 1byte */ +#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) +/* rotation left shift 1bit */ +#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) +/* rotation left shift 1byte */ +#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) + +#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ + do { \ + w0 = ll; \ + ll = (ll << bits) + (lr >> (32 - bits)); \ + lr = (lr << bits) + (rl >> (32 - bits)); \ + rl = (rl << bits) + (rr >> (32 - bits)); \ + rr = (rr << bits) + (w0 >> (32 - bits)); \ + } while(0) + +#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ + do { \ + w0 = ll; \ + w1 = lr; \ + ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ + lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ + rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ + rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ + } while(0) + +#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)]) +#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)]) +#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)]) +#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)]) + +#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ + do { \ + il = xl ^ kl; \ + ir = xr ^ kr; \ + t0 = il >> 16; \ + t1 = ir >> 16; \ + yl = CAMELLIA_SP1110(ir & 0xff) \ + ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ + ^ CAMELLIA_SP3033(t1 & 0xff) \ + ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ + yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ + ^ CAMELLIA_SP0222(t0 & 0xff) \ + ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ + ^ CAMELLIA_SP4404(il & 0xff); \ + yl ^= yr; \ + yr = CAMELLIA_RR8(yr); \ + yr ^= yl; \ + } while(0) + + +/* + * for speed up + * + */ +#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ + do { \ + t0 = kll; \ + t0 &= ll; \ + lr ^= CAMELLIA_RL1(t0); \ + t1 = klr; \ + t1 |= lr; \ + ll ^= t1; \ + \ + t2 = krr; \ + t2 |= rr; \ + rl ^= t2; \ + t3 = krl; \ + t3 &= rl; \ + rr ^= CAMELLIA_RL1(t3); \ + } while(0) + +#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ + do { \ + ir = CAMELLIA_SP1110(xr & 0xff) \ + ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \ + ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \ + ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \ + il = CAMELLIA_SP1110((xl >> 24) & 0xff) \ + ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \ + ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \ + ^ CAMELLIA_SP4404(xl & 0xff); \ + il ^= kl; \ + ir ^= kr; \ + ir ^= il; \ + il = CAMELLIA_RR8(il); \ + il ^= ir; \ + yl ^= ir; \ + yr ^= il; \ + } while(0) + + +static const u32 camellia_sp1110[256] = { + 0x70707000,0x82828200,0x2c2c2c00,0xececec00, + 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, + 0xe4e4e400,0x85858500,0x57575700,0x35353500, + 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100, + 0x23232300,0xefefef00,0x6b6b6b00,0x93939300, + 0x45454500,0x19191900,0xa5a5a500,0x21212100, + 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00, + 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00, + 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00, + 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00, + 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00, + 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00, + 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00, + 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00, + 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600, + 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00, + 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600, + 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00, + 0x74747400,0x12121200,0x2b2b2b00,0x20202000, + 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900, + 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200, + 0x34343400,0x7e7e7e00,0x76767600,0x05050500, + 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100, + 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700, + 0x14141400,0x58585800,0x3a3a3a00,0x61616100, + 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00, + 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600, + 0x53535300,0x18181800,0xf2f2f200,0x22222200, + 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200, + 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100, + 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800, + 0x60606000,0xfcfcfc00,0x69696900,0x50505000, + 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00, + 0xa1a1a100,0x89898900,0x62626200,0x97979700, + 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500, + 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200, + 0x10101000,0xc4c4c400,0x00000000,0x48484800, + 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00, + 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00, + 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400, + 0x87878700,0x5c5c5c00,0x83838300,0x02020200, + 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300, + 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300, + 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200, + 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600, + 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00, + 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00, + 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00, + 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00, + 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00, + 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600, + 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900, + 0x78787800,0x98989800,0x06060600,0x6a6a6a00, + 0xe7e7e700,0x46464600,0x71717100,0xbababa00, + 0xd4d4d400,0x25252500,0xababab00,0x42424200, + 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00, + 0x72727200,0x07070700,0xb9b9b900,0x55555500, + 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00, + 0x36363600,0x49494900,0x2a2a2a00,0x68686800, + 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400, + 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00, + 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100, + 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400, + 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00, +}; + +static const u32 camellia_sp0222[256] = { + 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9, + 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb, + 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a, + 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282, + 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727, + 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242, + 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c, + 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b, + 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f, + 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d, + 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe, + 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434, + 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595, + 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a, + 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad, + 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a, + 0x00171717,0x001a1a1a,0x00353535,0x00cccccc, + 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a, + 0x00e8e8e8,0x00242424,0x00565656,0x00404040, + 0x00e1e1e1,0x00636363,0x00090909,0x00333333, + 0x00bfbfbf,0x00989898,0x00979797,0x00858585, + 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a, + 0x00dadada,0x006f6f6f,0x00535353,0x00626262, + 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf, + 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2, + 0x00bdbdbd,0x00363636,0x00222222,0x00383838, + 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c, + 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444, + 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565, + 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323, + 0x00484848,0x00101010,0x00d1d1d1,0x00515151, + 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0, + 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa, + 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f, + 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b, + 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5, + 0x00202020,0x00898989,0x00000000,0x00909090, + 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7, + 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5, + 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929, + 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404, + 0x009b9b9b,0x00949494,0x00212121,0x00666666, + 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7, + 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5, + 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c, + 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676, + 0x00030303,0x002d2d2d,0x00dedede,0x00969696, + 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c, + 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919, + 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d, + 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d, + 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2, + 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4, + 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575, + 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484, + 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5, + 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa, + 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414, + 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0, + 0x00787878,0x00707070,0x00e3e3e3,0x00494949, + 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6, + 0x00777777,0x00939393,0x00868686,0x00838383, + 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9, + 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d, +}; + +static const u32 camellia_sp3033[256] = { + 0x38003838,0x41004141,0x16001616,0x76007676, + 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2, + 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a, + 0x75007575,0x06000606,0x57005757,0xa000a0a0, + 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9, + 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090, + 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727, + 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede, + 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7, + 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767, + 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf, + 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d, + 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565, + 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e, + 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b, + 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6, + 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333, + 0xfd00fdfd,0x66006666,0x58005858,0x96009696, + 0x3a003a3a,0x09000909,0x95009595,0x10001010, + 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc, + 0xef00efef,0x26002626,0xe500e5e5,0x61006161, + 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282, + 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898, + 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb, + 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0, + 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e, + 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b, + 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111, + 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959, + 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8, + 0x12001212,0x04000404,0x74007474,0x54005454, + 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828, + 0x55005555,0x68006868,0x50005050,0xbe00bebe, + 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb, + 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca, + 0x70007070,0xff00ffff,0x32003232,0x69006969, + 0x08000808,0x62006262,0x00000000,0x24002424, + 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded, + 0x45004545,0x81008181,0x73007373,0x6d006d6d, + 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a, + 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101, + 0xe600e6e6,0x25002525,0x48004848,0x99009999, + 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9, + 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171, + 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313, + 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d, + 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5, + 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717, + 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646, + 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747, + 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b, + 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac, + 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535, + 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d, + 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121, + 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d, + 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa, + 0x7c007c7c,0x77007777,0x56005656,0x05000505, + 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434, + 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252, + 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd, + 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0, + 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a, + 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f, +}; + +static const u32 camellia_sp4404[256] = { + 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0, + 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae, + 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5, + 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092, + 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f, + 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b, + 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d, + 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c, + 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0, + 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084, + 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076, + 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004, + 0x14140014,0x3a3a003a,0xdede00de,0x11110011, + 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2, + 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a, + 0x24240024,0xe8e800e8,0x60600060,0x69690069, + 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062, + 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064, + 0x10100010,0x00000000,0xa3a300a3,0x75750075, + 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd, + 0x87870087,0x83830083,0xcdcd00cd,0x90900090, + 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf, + 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6, + 0x81810081,0x6f6f006f,0x13130013,0x63630063, + 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc, + 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4, + 0x78780078,0x06060006,0xe7e700e7,0x71710071, + 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d, + 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac, + 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1, + 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043, + 0x15150015,0xadad00ad,0x77770077,0x80800080, + 0x82820082,0xecec00ec,0x27270027,0xe5e500e5, + 0x85850085,0x35350035,0x0c0c000c,0x41410041, + 0xefef00ef,0x93930093,0x19190019,0x21210021, + 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd, + 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce, + 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a, + 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d, + 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d, + 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d, + 0x12120012,0x20200020,0xb1b100b1,0x99990099, + 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005, + 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7, + 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c, + 0x0f0f000f,0x16160016,0x18180018,0x22220022, + 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091, + 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050, + 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097, + 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2, + 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db, + 0x03030003,0xdada00da,0x3f3f003f,0x94940094, + 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033, + 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2, + 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b, + 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e, + 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e, + 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059, + 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba, + 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa, + 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a, + 0x49490049,0x68680068,0x38380038,0xa4a400a4, + 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1, + 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e, +}; + + +/** + * Stuff related to the Camellia key schedule + */ +#define subl(x) subL[(x)] +#define subr(x) subR[(x)] + +void camellia_setup128(const unsigned char *key, u32 *subkey) +{ + u32 kll, klr, krl, krr; + u32 il, ir, t0, t1, w0, w1; + u32 kw4l, kw4r, dw, tl, tr; + u32 subL[26]; + u32 subR[26]; + + /** + * k == kll || klr || krl || krr (|| is concatination) + */ + kll = GETU32(key ); + klr = GETU32(key + 4); + krl = GETU32(key + 8); + krr = GETU32(key + 12); + /** + * generate KL dependent subkeys + */ + subl(0) = kll; subr(0) = klr; + subl(1) = krl; subr(1) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + subl(4) = kll; subr(4) = klr; + subl(5) = krl; subr(5) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); + subl(10) = kll; subr(10) = klr; + subl(11) = krl; subr(11) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + subl(13) = krl; subr(13) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); + subl(16) = kll; subr(16) = klr; + subl(17) = krl; subr(17) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); + subl(18) = kll; subr(18) = klr; + subl(19) = krl; subr(19) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); + subl(22) = kll; subr(22) = klr; + subl(23) = krl; subr(23) = krr; + + /* generate KA */ + kll = subl(0); klr = subr(0); + krl = subl(1); krr = subr(1); + CAMELLIA_F(kll, klr, + CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, + w0, w1, il, ir, t0, t1); + krl ^= w0; krr ^= w1; + CAMELLIA_F(krl, krr, + CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, + kll, klr, il, ir, t0, t1); + CAMELLIA_F(kll, klr, + CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, + krl, krr, il, ir, t0, t1); + krl ^= w0; krr ^= w1; + CAMELLIA_F(krl, krr, + CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, + w0, w1, il, ir, t0, t1); + kll ^= w0; klr ^= w1; + + /* generate KA dependent subkeys */ + subl(2) = kll; subr(2) = klr; + subl(3) = krl; subr(3) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + subl(6) = kll; subr(6) = klr; + subl(7) = krl; subr(7) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + subl(8) = kll; subr(8) = klr; + subl(9) = krl; subr(9) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + subl(12) = kll; subr(12) = klr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + subl(14) = kll; subr(14) = klr; + subl(15) = krl; subr(15) = krr; + CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); + subl(20) = kll; subr(20) = klr; + subl(21) = krl; subr(21) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); + subl(24) = kll; subr(24) = klr; + subl(25) = krl; subr(25) = krr; + + + /* absorb kw2 to other subkeys */ + subl(3) ^= subl(1); subr(3) ^= subr(1); + subl(5) ^= subl(1); subr(5) ^= subr(1); + subl(7) ^= subl(1); subr(7) ^= subr(1); + subl(1) ^= subr(1) & ~subr(9); + dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); + subl(11) ^= subl(1); subr(11) ^= subr(1); + subl(13) ^= subl(1); subr(13) ^= subr(1); + subl(15) ^= subl(1); subr(15) ^= subr(1); + subl(1) ^= subr(1) & ~subr(17); + dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); + subl(19) ^= subl(1); subr(19) ^= subr(1); + subl(21) ^= subl(1); subr(21) ^= subr(1); + subl(23) ^= subl(1); subr(23) ^= subr(1); + subl(24) ^= subl(1); subr(24) ^= subr(1); + + /* absorb kw4 to other subkeys */ + kw4l = subl(25); kw4r = subr(25); + subl(22) ^= kw4l; subr(22) ^= kw4r; + subl(20) ^= kw4l; subr(20) ^= kw4r; + subl(18) ^= kw4l; subr(18) ^= kw4r; + kw4l ^= kw4r & ~subr(16); + dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); + subl(14) ^= kw4l; subr(14) ^= kw4r; + subl(12) ^= kw4l; subr(12) ^= kw4r; + subl(10) ^= kw4l; subr(10) ^= kw4r; + kw4l ^= kw4r & ~subr(8); + dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); + subl(6) ^= kw4l; subr(6) ^= kw4r; + subl(4) ^= kw4l; subr(4) ^= kw4r; + subl(2) ^= kw4l; subr(2) ^= kw4r; + subl(0) ^= kw4l; subr(0) ^= kw4r; + + /* key XOR is end of F-function */ + CamelliaSubkeyL(0) = subl(0) ^ subl(2); + CamelliaSubkeyR(0) = subr(0) ^ subr(2); + CamelliaSubkeyL(2) = subl(3); + CamelliaSubkeyR(2) = subr(3); + CamelliaSubkeyL(3) = subl(2) ^ subl(4); + CamelliaSubkeyR(3) = subr(2) ^ subr(4); + CamelliaSubkeyL(4) = subl(3) ^ subl(5); + CamelliaSubkeyR(4) = subr(3) ^ subr(5); + CamelliaSubkeyL(5) = subl(4) ^ subl(6); + CamelliaSubkeyR(5) = subr(4) ^ subr(6); + CamelliaSubkeyL(6) = subl(5) ^ subl(7); + CamelliaSubkeyR(6) = subr(5) ^ subr(7); + tl = subl(10) ^ (subr(10) & ~subr(8)); + dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(7) = subl(6) ^ tl; + CamelliaSubkeyR(7) = subr(6) ^ tr; + CamelliaSubkeyL(8) = subl(8); + CamelliaSubkeyR(8) = subr(8); + CamelliaSubkeyL(9) = subl(9); + CamelliaSubkeyR(9) = subr(9); + tl = subl(7) ^ (subr(7) & ~subr(9)); + dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(10) = tl ^ subl(11); + CamelliaSubkeyR(10) = tr ^ subr(11); + CamelliaSubkeyL(11) = subl(10) ^ subl(12); + CamelliaSubkeyR(11) = subr(10) ^ subr(12); + CamelliaSubkeyL(12) = subl(11) ^ subl(13); + CamelliaSubkeyR(12) = subr(11) ^ subr(13); + CamelliaSubkeyL(13) = subl(12) ^ subl(14); + CamelliaSubkeyR(13) = subr(12) ^ subr(14); + CamelliaSubkeyL(14) = subl(13) ^ subl(15); + CamelliaSubkeyR(14) = subr(13) ^ subr(15); + tl = subl(18) ^ (subr(18) & ~subr(16)); + dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(15) = subl(14) ^ tl; + CamelliaSubkeyR(15) = subr(14) ^ tr; + CamelliaSubkeyL(16) = subl(16); + CamelliaSubkeyR(16) = subr(16); + CamelliaSubkeyL(17) = subl(17); + CamelliaSubkeyR(17) = subr(17); + tl = subl(15) ^ (subr(15) & ~subr(17)); + dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(18) = tl ^ subl(19); + CamelliaSubkeyR(18) = tr ^ subr(19); + CamelliaSubkeyL(19) = subl(18) ^ subl(20); + CamelliaSubkeyR(19) = subr(18) ^ subr(20); + CamelliaSubkeyL(20) = subl(19) ^ subl(21); + CamelliaSubkeyR(20) = subr(19) ^ subr(21); + CamelliaSubkeyL(21) = subl(20) ^ subl(22); + CamelliaSubkeyR(21) = subr(20) ^ subr(22); + CamelliaSubkeyL(22) = subl(21) ^ subl(23); + CamelliaSubkeyR(22) = subr(21) ^ subr(23); + CamelliaSubkeyL(23) = subl(22); + CamelliaSubkeyR(23) = subr(22); + CamelliaSubkeyL(24) = subl(24) ^ subl(23); + CamelliaSubkeyR(24) = subr(24) ^ subr(23); + + /* apply the inverse of the last half of P-function */ + dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw; + dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw; + dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw; + dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw; + dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw; + dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw; + dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw; + dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw; + dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw; + dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw; + dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw; + dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw; + dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw; + dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw; + dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw; + dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw; + dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw; + dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw; + + return; +} + +void camellia_setup256(const unsigned char *key, u32 *subkey) +{ + u32 kll,klr,krl,krr; /* left half of key */ + u32 krll,krlr,krrl,krrr; /* right half of key */ + u32 il, ir, t0, t1, w0, w1; /* temporary variables */ + u32 kw4l, kw4r, dw, tl, tr; + u32 subL[34]; + u32 subR[34]; + + /** + * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) + * (|| is concatination) + */ + + kll = GETU32(key ); + klr = GETU32(key + 4); + krl = GETU32(key + 8); + krr = GETU32(key + 12); + krll = GETU32(key + 16); + krlr = GETU32(key + 20); + krrl = GETU32(key + 24); + krrr = GETU32(key + 28); + + /* generate KL dependent subkeys */ + subl(0) = kll; subr(0) = klr; + subl(1) = krl; subr(1) = krr; + CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); + subl(12) = kll; subr(12) = klr; + subl(13) = krl; subr(13) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + subl(16) = kll; subr(16) = klr; + subl(17) = krl; subr(17) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); + subl(22) = kll; subr(22) = klr; + subl(23) = krl; subr(23) = krr; + CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); + subl(30) = kll; subr(30) = klr; + subl(31) = krl; subr(31) = krr; + + /* generate KR dependent subkeys */ + CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); + subl(4) = krll; subr(4) = krlr; + subl(5) = krrl; subr(5) = krrr; + CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); + subl(8) = krll; subr(8) = krlr; + subl(9) = krrl; subr(9) = krrr; + CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); + subl(18) = krll; subr(18) = krlr; + subl(19) = krrl; subr(19) = krrr; + CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); + subl(26) = krll; subr(26) = krlr; + subl(27) = krrl; subr(27) = krrr; + CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); + + /* generate KA */ + kll = subl(0) ^ krll; klr = subr(0) ^ krlr; + krl = subl(1) ^ krrl; krr = subr(1) ^ krrr; + CAMELLIA_F(kll, klr, + CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, + w0, w1, il, ir, t0, t1); + krl ^= w0; krr ^= w1; + CAMELLIA_F(krl, krr, + CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, + kll, klr, il, ir, t0, t1); + kll ^= krll; klr ^= krlr; + CAMELLIA_F(kll, klr, + CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, + krl, krr, il, ir, t0, t1); + krl ^= w0 ^ krrl; krr ^= w1 ^ krrr; + CAMELLIA_F(krl, krr, + CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, + w0, w1, il, ir, t0, t1); + kll ^= w0; klr ^= w1; + + /* generate KB */ + krll ^= kll; krlr ^= klr; + krrl ^= krl; krrr ^= krr; + CAMELLIA_F(krll, krlr, + CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, + w0, w1, il, ir, t0, t1); + krrl ^= w0; krrr ^= w1; + CAMELLIA_F(krrl, krrr, + CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, + w0, w1, il, ir, t0, t1); + krll ^= w0; krlr ^= w1; + + /* generate KA dependent subkeys */ + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + subl(6) = kll; subr(6) = klr; + subl(7) = krl; subr(7) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); + subl(14) = kll; subr(14) = klr; + subl(15) = krl; subr(15) = krr; + subl(24) = klr; subr(24) = krl; + subl(25) = krr; subr(25) = kll; + CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); + subl(28) = kll; subr(28) = klr; + subl(29) = krl; subr(29) = krr; + + /* generate KB dependent subkeys */ + subl(2) = krll; subr(2) = krlr; + subl(3) = krrl; subr(3) = krrr; + CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); + subl(10) = krll; subr(10) = krlr; + subl(11) = krrl; subr(11) = krrr; + CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); + subl(20) = krll; subr(20) = krlr; + subl(21) = krrl; subr(21) = krrr; + CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); + subl(32) = krll; subr(32) = krlr; + subl(33) = krrl; subr(33) = krrr; + + /* absorb kw2 to other subkeys */ + subl(3) ^= subl(1); subr(3) ^= subr(1); + subl(5) ^= subl(1); subr(5) ^= subr(1); + subl(7) ^= subl(1); subr(7) ^= subr(1); + subl(1) ^= subr(1) & ~subr(9); + dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); + subl(11) ^= subl(1); subr(11) ^= subr(1); + subl(13) ^= subl(1); subr(13) ^= subr(1); + subl(15) ^= subl(1); subr(15) ^= subr(1); + subl(1) ^= subr(1) & ~subr(17); + dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); + subl(19) ^= subl(1); subr(19) ^= subr(1); + subl(21) ^= subl(1); subr(21) ^= subr(1); + subl(23) ^= subl(1); subr(23) ^= subr(1); + subl(1) ^= subr(1) & ~subr(25); + dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw); + subl(27) ^= subl(1); subr(27) ^= subr(1); + subl(29) ^= subl(1); subr(29) ^= subr(1); + subl(31) ^= subl(1); subr(31) ^= subr(1); + subl(32) ^= subl(1); subr(32) ^= subr(1); + + /* absorb kw4 to other subkeys */ + kw4l = subl(33); kw4r = subr(33); + subl(30) ^= kw4l; subr(30) ^= kw4r; + subl(28) ^= kw4l; subr(28) ^= kw4r; + subl(26) ^= kw4l; subr(26) ^= kw4r; + kw4l ^= kw4r & ~subr(24); + dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw); + subl(22) ^= kw4l; subr(22) ^= kw4r; + subl(20) ^= kw4l; subr(20) ^= kw4r; + subl(18) ^= kw4l; subr(18) ^= kw4r; + kw4l ^= kw4r & ~subr(16); + dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); + subl(14) ^= kw4l; subr(14) ^= kw4r; + subl(12) ^= kw4l; subr(12) ^= kw4r; + subl(10) ^= kw4l; subr(10) ^= kw4r; + kw4l ^= kw4r & ~subr(8); + dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); + subl(6) ^= kw4l; subr(6) ^= kw4r; + subl(4) ^= kw4l; subr(4) ^= kw4r; + subl(2) ^= kw4l; subr(2) ^= kw4r; + subl(0) ^= kw4l; subr(0) ^= kw4r; + + /* key XOR is end of F-function */ + CamelliaSubkeyL(0) = subl(0) ^ subl(2); + CamelliaSubkeyR(0) = subr(0) ^ subr(2); + CamelliaSubkeyL(2) = subl(3); + CamelliaSubkeyR(2) = subr(3); + CamelliaSubkeyL(3) = subl(2) ^ subl(4); + CamelliaSubkeyR(3) = subr(2) ^ subr(4); + CamelliaSubkeyL(4) = subl(3) ^ subl(5); + CamelliaSubkeyR(4) = subr(3) ^ subr(5); + CamelliaSubkeyL(5) = subl(4) ^ subl(6); + CamelliaSubkeyR(5) = subr(4) ^ subr(6); + CamelliaSubkeyL(6) = subl(5) ^ subl(7); + CamelliaSubkeyR(6) = subr(5) ^ subr(7); + tl = subl(10) ^ (subr(10) & ~subr(8)); + dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(7) = subl(6) ^ tl; + CamelliaSubkeyR(7) = subr(6) ^ tr; + CamelliaSubkeyL(8) = subl(8); + CamelliaSubkeyR(8) = subr(8); + CamelliaSubkeyL(9) = subl(9); + CamelliaSubkeyR(9) = subr(9); + tl = subl(7) ^ (subr(7) & ~subr(9)); + dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(10) = tl ^ subl(11); + CamelliaSubkeyR(10) = tr ^ subr(11); + CamelliaSubkeyL(11) = subl(10) ^ subl(12); + CamelliaSubkeyR(11) = subr(10) ^ subr(12); + CamelliaSubkeyL(12) = subl(11) ^ subl(13); + CamelliaSubkeyR(12) = subr(11) ^ subr(13); + CamelliaSubkeyL(13) = subl(12) ^ subl(14); + CamelliaSubkeyR(13) = subr(12) ^ subr(14); + CamelliaSubkeyL(14) = subl(13) ^ subl(15); + CamelliaSubkeyR(14) = subr(13) ^ subr(15); + tl = subl(18) ^ (subr(18) & ~subr(16)); + dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(15) = subl(14) ^ tl; + CamelliaSubkeyR(15) = subr(14) ^ tr; + CamelliaSubkeyL(16) = subl(16); + CamelliaSubkeyR(16) = subr(16); + CamelliaSubkeyL(17) = subl(17); + CamelliaSubkeyR(17) = subr(17); + tl = subl(15) ^ (subr(15) & ~subr(17)); + dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(18) = tl ^ subl(19); + CamelliaSubkeyR(18) = tr ^ subr(19); + CamelliaSubkeyL(19) = subl(18) ^ subl(20); + CamelliaSubkeyR(19) = subr(18) ^ subr(20); + CamelliaSubkeyL(20) = subl(19) ^ subl(21); + CamelliaSubkeyR(20) = subr(19) ^ subr(21); + CamelliaSubkeyL(21) = subl(20) ^ subl(22); + CamelliaSubkeyR(21) = subr(20) ^ subr(22); + CamelliaSubkeyL(22) = subl(21) ^ subl(23); + CamelliaSubkeyR(22) = subr(21) ^ subr(23); + tl = subl(26) ^ (subr(26) & ~subr(24)); + dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(23) = subl(22) ^ tl; + CamelliaSubkeyR(23) = subr(22) ^ tr; + CamelliaSubkeyL(24) = subl(24); + CamelliaSubkeyR(24) = subr(24); + CamelliaSubkeyL(25) = subl(25); + CamelliaSubkeyR(25) = subr(25); + tl = subl(23) ^ (subr(23) & ~subr(25)); + dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(26) = tl ^ subl(27); + CamelliaSubkeyR(26) = tr ^ subr(27); + CamelliaSubkeyL(27) = subl(26) ^ subl(28); + CamelliaSubkeyR(27) = subr(26) ^ subr(28); + CamelliaSubkeyL(28) = subl(27) ^ subl(29); + CamelliaSubkeyR(28) = subr(27) ^ subr(29); + CamelliaSubkeyL(29) = subl(28) ^ subl(30); + CamelliaSubkeyR(29) = subr(28) ^ subr(30); + CamelliaSubkeyL(30) = subl(29) ^ subl(31); + CamelliaSubkeyR(30) = subr(29) ^ subr(31); + CamelliaSubkeyL(31) = subl(30); + CamelliaSubkeyR(31) = subr(30); + CamelliaSubkeyL(32) = subl(32) ^ subl(31); + CamelliaSubkeyR(32) = subr(32) ^ subr(31); + + /* apply the inverse of the last half of P-function */ + dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw; + dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw; + dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw; + dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw; + dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw; + dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw; + dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw; + dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw; + dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw; + dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw; + dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw; + dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw; + dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw; + dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw; + dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw; + dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw; + dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw; + dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw; + dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw; + dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw; + dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw; + dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw; + dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw; + dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw; + + return; +} + +void camellia_setup192(const unsigned char *key, u32 *subkey) +{ + unsigned char kk[32]; + u32 krll, krlr, krrl,krrr; + + memcpy(kk, key, 24); + memcpy((unsigned char *)&krll, key+16,4); + memcpy((unsigned char *)&krlr, key+20,4); + krrl = ~krll; + krrr = ~krlr; + memcpy(kk+24, (unsigned char *)&krrl, 4); + memcpy(kk+28, (unsigned char *)&krrr, 4); + camellia_setup256(kk, subkey); + return; +} + + +/** + * Stuff related to camellia encryption/decryption + * + * "io" must be 4byte aligned and big-endian data. + */ +void camellia_encrypt128(const u32 *subkey, u32 *io) +{ + u32 il, ir, t0, t1; + + /* pre whitening but absorb kw2*/ + io[0] ^= CamelliaSubkeyL(0); + io[1] ^= CamelliaSubkeyR(0); + /* main iteration */ + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(2),CamelliaSubkeyR(2), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(3),CamelliaSubkeyR(3), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(4),CamelliaSubkeyR(4), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(5),CamelliaSubkeyR(5), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(6),CamelliaSubkeyR(6), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(7),CamelliaSubkeyR(7), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(8),CamelliaSubkeyR(8), + CamelliaSubkeyL(9),CamelliaSubkeyR(9), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(10),CamelliaSubkeyR(10), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(11),CamelliaSubkeyR(11), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(12),CamelliaSubkeyR(12), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(13),CamelliaSubkeyR(13), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(14),CamelliaSubkeyR(14), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(15),CamelliaSubkeyR(15), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(16),CamelliaSubkeyR(16), + CamelliaSubkeyL(17),CamelliaSubkeyR(17), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(18),CamelliaSubkeyR(18), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(19),CamelliaSubkeyR(19), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(20),CamelliaSubkeyR(20), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(21),CamelliaSubkeyR(21), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(22),CamelliaSubkeyR(22), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(23),CamelliaSubkeyR(23), + io[0],io[1],il,ir,t0,t1); + + /* post whitening but kw4 */ + io[2] ^= CamelliaSubkeyL(24); + io[3] ^= CamelliaSubkeyR(24); + + t0 = io[0]; + t1 = io[1]; + io[0] = io[2]; + io[1] = io[3]; + io[2] = t0; + io[3] = t1; + + return; +} + +void camellia_decrypt128(const u32 *subkey, u32 *io) +{ + u32 il,ir,t0,t1; /* temporary valiables */ + + /* pre whitening but absorb kw2*/ + io[0] ^= CamelliaSubkeyL(24); + io[1] ^= CamelliaSubkeyR(24); + + /* main iteration */ + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(23),CamelliaSubkeyR(23), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(22),CamelliaSubkeyR(22), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(21),CamelliaSubkeyR(21), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(20),CamelliaSubkeyR(20), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(19),CamelliaSubkeyR(19), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(18),CamelliaSubkeyR(18), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(17),CamelliaSubkeyR(17), + CamelliaSubkeyL(16),CamelliaSubkeyR(16), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(15),CamelliaSubkeyR(15), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(14),CamelliaSubkeyR(14), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(13),CamelliaSubkeyR(13), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(12),CamelliaSubkeyR(12), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(11),CamelliaSubkeyR(11), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(10),CamelliaSubkeyR(10), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(9),CamelliaSubkeyR(9), + CamelliaSubkeyL(8),CamelliaSubkeyR(8), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(7),CamelliaSubkeyR(7), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(6),CamelliaSubkeyR(6), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(5),CamelliaSubkeyR(5), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(4),CamelliaSubkeyR(4), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(3),CamelliaSubkeyR(3), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(2),CamelliaSubkeyR(2), + io[0],io[1],il,ir,t0,t1); + + /* post whitening but kw4 */ + io[2] ^= CamelliaSubkeyL(0); + io[3] ^= CamelliaSubkeyR(0); + + t0 = io[0]; + t1 = io[1]; + io[0] = io[2]; + io[1] = io[3]; + io[2] = t0; + io[3] = t1; + + return; +} + +/** + * stuff for 192 and 256bit encryption/decryption + */ +void camellia_encrypt256(const u32 *subkey, u32 *io) +{ + u32 il,ir,t0,t1; /* temporary valiables */ + + /* pre whitening but absorb kw2*/ + io[0] ^= CamelliaSubkeyL(0); + io[1] ^= CamelliaSubkeyR(0); + + /* main iteration */ + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(2),CamelliaSubkeyR(2), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(3),CamelliaSubkeyR(3), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(4),CamelliaSubkeyR(4), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(5),CamelliaSubkeyR(5), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(6),CamelliaSubkeyR(6), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(7),CamelliaSubkeyR(7), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(8),CamelliaSubkeyR(8), + CamelliaSubkeyL(9),CamelliaSubkeyR(9), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(10),CamelliaSubkeyR(10), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(11),CamelliaSubkeyR(11), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(12),CamelliaSubkeyR(12), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(13),CamelliaSubkeyR(13), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(14),CamelliaSubkeyR(14), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(15),CamelliaSubkeyR(15), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(16),CamelliaSubkeyR(16), + CamelliaSubkeyL(17),CamelliaSubkeyR(17), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(18),CamelliaSubkeyR(18), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(19),CamelliaSubkeyR(19), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(20),CamelliaSubkeyR(20), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(21),CamelliaSubkeyR(21), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(22),CamelliaSubkeyR(22), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(23),CamelliaSubkeyR(23), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(24),CamelliaSubkeyR(24), + CamelliaSubkeyL(25),CamelliaSubkeyR(25), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(26),CamelliaSubkeyR(26), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(27),CamelliaSubkeyR(27), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(28),CamelliaSubkeyR(28), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(29),CamelliaSubkeyR(29), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(30),CamelliaSubkeyR(30), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(31),CamelliaSubkeyR(31), + io[0],io[1],il,ir,t0,t1); + + /* post whitening but kw4 */ + io[2] ^= CamelliaSubkeyL(32); + io[3] ^= CamelliaSubkeyR(32); + + t0 = io[0]; + t1 = io[1]; + io[0] = io[2]; + io[1] = io[3]; + io[2] = t0; + io[3] = t1; + + return; +} + +void camellia_decrypt256(const u32 *subkey, u32 *io) +{ + u32 il,ir,t0,t1; /* temporary valiables */ + + /* pre whitening but absorb kw2*/ + io[0] ^= CamelliaSubkeyL(32); + io[1] ^= CamelliaSubkeyR(32); + + /* main iteration */ + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(31),CamelliaSubkeyR(31), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(30),CamelliaSubkeyR(30), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(29),CamelliaSubkeyR(29), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(28),CamelliaSubkeyR(28), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(27),CamelliaSubkeyR(27), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(26),CamelliaSubkeyR(26), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(25),CamelliaSubkeyR(25), + CamelliaSubkeyL(24),CamelliaSubkeyR(24), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(23),CamelliaSubkeyR(23), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(22),CamelliaSubkeyR(22), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(21),CamelliaSubkeyR(21), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(20),CamelliaSubkeyR(20), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(19),CamelliaSubkeyR(19), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(18),CamelliaSubkeyR(18), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(17),CamelliaSubkeyR(17), + CamelliaSubkeyL(16),CamelliaSubkeyR(16), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(15),CamelliaSubkeyR(15), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(14),CamelliaSubkeyR(14), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(13),CamelliaSubkeyR(13), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(12),CamelliaSubkeyR(12), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(11),CamelliaSubkeyR(11), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(10),CamelliaSubkeyR(10), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(9),CamelliaSubkeyR(9), + CamelliaSubkeyL(8),CamelliaSubkeyR(8), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(7),CamelliaSubkeyR(7), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(6),CamelliaSubkeyR(6), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(5),CamelliaSubkeyR(5), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(4),CamelliaSubkeyR(4), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(3),CamelliaSubkeyR(3), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(2),CamelliaSubkeyR(2), + io[0],io[1],il,ir,t0,t1); + + /* post whitening but kw4 */ + io[2] ^= CamelliaSubkeyL(0); + io[3] ^= CamelliaSubkeyR(0); + + t0 = io[0]; + t1 = io[1]; + io[0] = io[2]; + io[1] = io[3]; + io[2] = t0; + io[3] = t1; + + return; +} + +/*** + * + * API for compatibility + */ + +void Camellia_Ekeygen(const int keyBitLength, + const unsigned char *rawKey, + KEY_TABLE_TYPE keyTable) +{ + switch(keyBitLength) { + case 128: + camellia_setup128(rawKey, keyTable); + break; + case 192: + camellia_setup192(rawKey, keyTable); + break; + case 256: + camellia_setup256(rawKey, keyTable); + break; + default: + break; + } +} + + +void Camellia_EncryptBlock(const int keyBitLength, + const unsigned char *plaintext, + const KEY_TABLE_TYPE keyTable, + unsigned char *ciphertext) +{ + u32 tmp[4]; + + tmp[0] = GETU32(plaintext); + tmp[1] = GETU32(plaintext + 4); + tmp[2] = GETU32(plaintext + 8); + tmp[3] = GETU32(plaintext + 12); + + switch (keyBitLength) { + case 128: + camellia_encrypt128(keyTable, tmp); + break; + case 192: + /* fall through */ + case 256: + camellia_encrypt256(keyTable, tmp); + break; + default: + break; + } + + PUTU32(ciphertext, tmp[0]); + PUTU32(ciphertext + 4, tmp[1]); + PUTU32(ciphertext + 8, tmp[2]); + PUTU32(ciphertext + 12, tmp[3]); +} + +void Camellia_DecryptBlock(const int keyBitLength, + const unsigned char *ciphertext, + const KEY_TABLE_TYPE keyTable, + unsigned char *plaintext) +{ + u32 tmp[4]; + + tmp[0] = GETU32(ciphertext); + tmp[1] = GETU32(ciphertext + 4); + tmp[2] = GETU32(ciphertext + 8); + tmp[3] = GETU32(ciphertext + 12); + + switch (keyBitLength) { + case 128: + camellia_decrypt128(keyTable, tmp); + break; + case 192: + /* fall through */ + case 256: + camellia_decrypt256(keyTable, tmp); + break; + default: + break; + } + PUTU32(plaintext, tmp[0]); + PUTU32(plaintext + 4, tmp[1]); + PUTU32(plaintext + 8, tmp[2]); + PUTU32(plaintext + 12, tmp[3]); +} diff --git a/source4/heimdal/lib/hcrypto/camellia-ntt.h b/source4/heimdal/lib/hcrypto/camellia-ntt.h new file mode 100644 index 0000000000..740ed8bfd9 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/camellia-ntt.h @@ -0,0 +1,54 @@ +/* camellia.h ver 1.2.0 + * + * Copyright (C) 2006,2007 + * NTT (Nippon Telegraph and Telephone Corporation). + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifndef HEADER_CAMELLIA_H +#define HEADER_CAMELLIA_H + +#ifdef __cplusplus +extern "C" { +#endif + +#define CAMELLIA_BLOCK_SIZE 16 +#define CAMELLIA_TABLE_BYTE_LEN 272 +#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) + +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; + + +void Camellia_Ekeygen(const int keyBitLength, + const unsigned char *rawKey, + KEY_TABLE_TYPE keyTable); + +void Camellia_EncryptBlock(const int keyBitLength, + const unsigned char *plaintext, + const KEY_TABLE_TYPE keyTable, + unsigned char *cipherText); + +void Camellia_DecryptBlock(const int keyBitLength, + const unsigned char *cipherText, + const KEY_TABLE_TYPE keyTable, + unsigned char *plaintext); + + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_CAMELLIA_H */ diff --git a/source4/heimdal/lib/hcrypto/camellia.c b/source4/heimdal/lib/hcrypto/camellia.c new file mode 100644 index 0000000000..2047b75ead --- /dev/null +++ b/source4/heimdal/lib/hcrypto/camellia.c @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" + +RCSID("$Id: aes.c 20466 2007-04-20 08:29:05Z lha $"); +#endif + +#ifdef KRB5 +#include +#endif + +#include + +#include "camellia-ntt.h" +#include "camellia.h" + +int +CAMELLIA_set_key(const unsigned char *userkey, + const int bits, CAMELLIA_KEY *key) +{ + key->bits = bits; + Camellia_Ekeygen(bits, userkey, key->key); + return 1; +} + +void +CAMELLIA_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key) +{ + Camellia_EncryptBlock(key->bits, in, key->key, out); + +} + +void +CAMELLIA_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key) +{ + Camellia_DecryptBlock(key->bits, in, key->key, out); +} + +void +CAMELLIA_cbc_encrypt(const unsigned char *in, unsigned char *out, + unsigned long size, const CAMELLIA_KEY *key, + unsigned char *iv, int mode_encrypt) +{ + unsigned char tmp[CAMELLIA_BLOCK_SIZE]; + int i; + + if (mode_encrypt) { + while (size >= CAMELLIA_BLOCK_SIZE) { + for (i = 0; i < CAMELLIA_BLOCK_SIZE; i++) + tmp[i] = in[i] ^ iv[i]; + CAMELLIA_encrypt(tmp, out, key); + memcpy(iv, out, CAMELLIA_BLOCK_SIZE); + size -= CAMELLIA_BLOCK_SIZE; + in += CAMELLIA_BLOCK_SIZE; + out += CAMELLIA_BLOCK_SIZE; + } + if (size) { + for (i = 0; i < size; i++) + tmp[i] = in[i] ^ iv[i]; + for (i = size; i < CAMELLIA_BLOCK_SIZE; i++) + tmp[i] = iv[i]; + CAMELLIA_encrypt(tmp, out, key); + memcpy(iv, out, CAMELLIA_BLOCK_SIZE); + } + } else { + while (size >= CAMELLIA_BLOCK_SIZE) { + memcpy(tmp, in, CAMELLIA_BLOCK_SIZE); + CAMELLIA_decrypt(tmp, out, key); + for (i = 0; i < CAMELLIA_BLOCK_SIZE; i++) + out[i] ^= iv[i]; + memcpy(iv, tmp, CAMELLIA_BLOCK_SIZE); + size -= CAMELLIA_BLOCK_SIZE; + in += CAMELLIA_BLOCK_SIZE; + out += CAMELLIA_BLOCK_SIZE; + } + if (size) { + memcpy(tmp, in, CAMELLIA_BLOCK_SIZE); + CAMELLIA_decrypt(tmp, out, key); + for (i = 0; i < size; i++) + out[i] ^= iv[i]; + memcpy(iv, tmp, CAMELLIA_BLOCK_SIZE); + } + } +} diff --git a/source4/heimdal/lib/hcrypto/camellia.h b/source4/heimdal/lib/hcrypto/camellia.h new file mode 100644 index 0000000000..3b21934b66 --- /dev/null +++ b/source4/heimdal/lib/hcrypto/camellia.h @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef HEIM_CAMELLIA_H +#define HEIM_CAMELLIA_H 1 + +#include +#include "camellia-ntt.h" + +/* symbol renaming */ +#define CAMELLIA_set_key hc_CAMELLIA_set_encrypt_key +#define CAMELLIA_encrypt hc_CAMELLIA_encrypt +#define CAMELLIA_decrypt hc_CAMELLIA_decrypt +#define CAMELLIA_cbc_encrypt hc_CAMELLIA_cbc_encrypt + +/* + * + */ + +#define CAMELLIA_BLOCK_SIZE 16 +#define CAMELLIA_MAXNR 14 + +#define CAMELLIA_ENCRYPT 1 +#define CAMELLIA_DECRYPT 0 + +typedef struct camellia_key { + unsigned int bits; + KEY_TABLE_TYPE key; +} CAMELLIA_KEY; + +int CAMELLIA_set_key(const unsigned char *, const int, CAMELLIA_KEY *); + +void CAMELLIA_encrypt(const unsigned char *, unsigned char *, + const CAMELLIA_KEY *); +void CAMELLIA_decrypt(const unsigned char *, unsigned char *, + const CAMELLIA_KEY *); + +void CAMELLIA_cbc_encrypt(const unsigned char *, unsigned char *, + const unsigned long, const CAMELLIA_KEY *, + unsigned char *, int); + +#endif /* HEIM_CAMELLIA_H */ diff --git a/source4/heimdal/lib/hcrypto/dh-imath.c b/source4/heimdal/lib/hcrypto/dh-imath.c index 17592bbdf6..494d436d13 100644 --- a/source4/heimdal/lib/hcrypto/dh-imath.c +++ b/source4/heimdal/lib/hcrypto/dh-imath.c @@ -43,7 +43,7 @@ #include "imath/imath.h" -RCSID("$Id: dh-imath.c 18645 2006-10-20 06:56:57Z lha $"); +RCSID("$Id: dh-imath.c 22368 2007-12-28 15:27:52Z lha $"); static void BN2mpz(mpz_t *s, const BIGNUM *bn) @@ -224,7 +224,7 @@ dh_finish(DH *dh) * */ -const DH_METHOD hc_dh_imath_method = { +const DH_METHOD _hc_dh_imath_method = { "hcrypto imath DH", dh_generate_key, dh_compute_key, @@ -236,8 +236,16 @@ const DH_METHOD hc_dh_imath_method = { dh_generate_params }; +/** + * DH implementation using libimath. + * + * @return the DH_METHOD for the DH implementation using libimath. + * + * @ingroup hcrypto_dh + */ + const DH_METHOD * DH_imath_method(void) { - return &hc_dh_imath_method; + return &_hc_dh_imath_method; } diff --git a/source4/heimdal/lib/hcrypto/dh.c b/source4/heimdal/lib/hcrypto/dh.c index b558eb901c..9f1af0b3b1 100644 --- a/source4/heimdal/lib/hcrypto/dh.c +++ b/source4/heimdal/lib/hcrypto/dh.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: dh.c 18618 2006-10-19 17:31:51Z lha $"); +RCSID("$Id: dh.c 22397 2008-01-01 20:20:31Z lha $"); #include #include @@ -43,8 +43,23 @@ RCSID("$Id: dh.c 18618 2006-10-19 17:31:51Z lha $"); #include -/* +/** + * @page page_dh DH - Diffie-Hellman key exchange + * + * Diffie-Hellman key exchange is a protocol that allows two parties + * to establish a shared secret key. + * + * Include and example how to use DH_new() and friends here. * + * See the library functions here: @ref hcrypto_dh + */ + +/** + * Create a new DH object using DH_new_method(NULL), see DH_new_method(). + * + * @return a newly allocated DH object. + * + * @ingroup hcrypto_dh */ DH * @@ -53,6 +68,17 @@ DH_new(void) return DH_new_method(NULL); } +/** + * Create a new DH object from the given engine, if the NULL is used, + * the default engine is used. Free the DH object with DH_free(). + * + * @param engine The engine to use to allocate the DH object. + * + * @return a newly allocated DH object. + * + * @ingroup hcrypto_dh + */ + DH * DH_new_method(ENGINE *engine) { @@ -88,6 +114,15 @@ DH_new_method(ENGINE *engine) return dh; } +/** + * Free a DH object and release related resources, like ENGINE, that + * the object was using. + * + * @param dh object to be freed. + * + * @ingroup hcrypto_dh + */ + void DH_free(DH *dh) { @@ -116,18 +151,52 @@ DH_free(DH *dh) free(dh); } +/** + * Add a reference to the DH object. The object should be free with + * DH_free() to drop the reference. + * + * @param dh the object to increase the reference count too. + * + * @return the updated reference count, can't safely be used except + * for debug printing. + * + * @ingroup hcrypto_dh + */ + int DH_up_ref(DH *dh) { return ++dh->references; } +/** + * The maximum output size of the DH_compute_key() function. + * + * @param dh The DH object to get the size from. + * + * @return the maximum size in bytes of the out data. + * + * @ingroup hcrypto_dh + */ + int DH_size(const DH *dh) { return BN_num_bytes(dh->p); } +/** + * Set the data index idx in the DH object to data. + * + * @param dh DH object. + * @param idx index to set the data for. + * @param data data to store for the index idx. + * + * @return 1 on success. + * + * @ingroup hcrypto_dh + */ + int DH_set_ex_data(DH *dh, int idx, void *data) { @@ -135,12 +204,36 @@ DH_set_ex_data(DH *dh, int idx, void *data) return 1; } +/** + * Get the data for index idx in the DH object. + * + * @param dh DH object. + * @param idx index to get the data for. + * + * @return the object store in index idx + * + * @ingroup hcrypto_dh + */ + void * DH_get_ex_data(DH *dh, int idx) { return dh->ex_data.sk; } +/** + * Generate DH parameters for the DH object give parameters. + * + * @param dh The DH object to generate parameters for. + * @param prime_len length of the prime + * @param generator generator, g + * @param cb Callback parameters to show progress, can be NULL. + * + * @return the maximum size in bytes of the out data. + * + * @ingroup hcrypto_dh + */ + int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb) { @@ -149,12 +242,17 @@ DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb) return 0; } -/* - * Check that +/** + * Check that the public key is sane. * - * pub_key > 1 and pub_key < p - 1 + * @param dh the local peer DH parameters. + * @param pub_key the remote peer public key parameters. + * @param codes return that the failures of the pub_key are. * - * to avoid small subgroups attack. + * @return 1 on success, 0 on failure and *codes is set the the + * combined fail check for the public key + * + * @ingroup hcrypto_dh */ int @@ -165,6 +263,19 @@ DH_check_pubkey(const DH *dh, const BIGNUM *pub_key, int *codes) *codes = 0; + /** + * Checks that the function performs are: + * - pub_key is not negative + */ + + if (BN_is_negative(pub_key)) + goto out; + + /** + * - pub_key > 1 and pub_key < p - 1, + * to avoid small subgroups attack. + */ + bn = BN_new(); if (bn == NULL) goto out; @@ -184,6 +295,28 @@ DH_check_pubkey(const DH *dh, const BIGNUM *pub_key, int *codes) if (BN_cmp(sum, dh->p) >= 0) *codes |= DH_CHECK_PUBKEY_TOO_LARGE; + /** + * - if g == 2, pub_key have more then one bit set, + * if bits set is 1, log_2(pub_key) is trival + */ + + if (!BN_set_word(bn, 2)) + goto out; + + if (BN_cmp(bn, pub_key) == 0) { + unsigned i, n = BN_num_bits(pub_key); + unsigned bits = 0; + + for (i = 0; i <= n; i++) + if (BN_is_bit_set(pub_key, i)) + bits++; + + if (bits > 1) { + *codes |= DH_CHECK_PUBKEY_TOO_SMALL; + goto out; + } + } + ret = 1; out: if (bn) @@ -194,24 +327,64 @@ out: return ret; } +/** + * Generate a new DH private-public key pair. The dh parameter must be + * allocted first with DH_new(). dh->p and dp->g must be set. + * + * @param dh dh parameter. + * + * @return 1 on success. + * + * @ingroup hcrypto_dh + */ + int DH_generate_key(DH *dh) { return dh->meth->generate_key(dh); } +/** + * Complute the shared secret key. + * + * @param shared_key the resulting shared key, need to be at least + * DH_size() large. + * @param peer_pub_key the peer's public key. + * @param dh the dh key pair. + * + * @return 1 on success. + * + * @ingroup hcrypto_dh + */ + int DH_compute_key(unsigned char *shared_key, const BIGNUM *peer_pub_key, DH *dh) { int codes; + /** + * Checks that the pubkey passed in is valid using + * DH_check_pubkey(). + */ + if (!DH_check_pubkey(dh, peer_pub_key, &codes) || codes != 0) return -1; return dh->meth->compute_key(shared_key, peer_pub_key, dh); } +/** + * Set a new method for the DH keypair. + * + * @param dh dh parameter. + * @param method the new method for the DH parameter. + * + * @return 1 on success. + * + * @ingroup hcrypto_dh + */ + int DH_set_method(DH *dh, const DH_METHOD *method) { @@ -271,8 +444,16 @@ static const DH_METHOD dh_null_method = { dh_null_generate_params }; -extern const DH_METHOD hc_dh_imath_method; -static const DH_METHOD *dh_default_method = &hc_dh_imath_method; +extern const DH_METHOD _hc_dh_imath_method; +static const DH_METHOD *dh_default_method = &_hc_dh_imath_method; + +/** + * Return the dummy DH implementation. + * + * @return pointer to a DH_METHOD. + * + * @ingroup hcrypto_dh + */ const DH_METHOD * DH_null_method(void) @@ -280,12 +461,28 @@ DH_null_method(void) return &dh_null_method; } +/** + * Set the default DH implementation. + * + * @param meth pointer to a DH_METHOD. + * + * @ingroup hcrypto_dh + */ + void DH_set_default_method(const DH_METHOD *meth) { dh_default_method = meth; } +/** + * Return the default DH implementation. + * + * @return pointer to a DH_METHOD. + * + * @ingroup hcrypto_dh + */ + const DH_METHOD * DH_get_default_method(void) { diff --git a/source4/heimdal/lib/hcrypto/evp.c b/source4/heimdal/lib/hcrypto/evp.c index 19b0ac85e7..788000b054 100644 --- a/source4/heimdal/lib/hcrypto/evp.c +++ b/source4/heimdal/lib/hcrypto/evp.c @@ -1,7 +1,42 @@ +/* + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + #ifdef HAVE_CONFIG_H -#include "config.h" +#include #endif +RCSID("$Id: evp.c 22379 2007-12-29 11:13:26Z lha $"); + #include #include #include @@ -13,6 +48,7 @@ #include #include +#include "camellia.h" #include #include #include @@ -21,6 +57,13 @@ #include #include +/** + * @page page_evp EVP - generic crypto interface + * + * See the library functions here: @ref hcrypto_evp + */ + + typedef int (*evp_md_init)(EVP_MD_CTX *); typedef int (*evp_md_update)(EVP_MD_CTX *,const void *, size_t); typedef int (*evp_md_final)(void *, EVP_MD_CTX *); @@ -36,8 +79,14 @@ struct hc_evp_md { evp_md_cleanup cleanup; }; -/* +/** + * Return the output size of the message digest function. + * + * @param md the evp message * + * @return size output size of the message digest function. + * + * @ingroup hcrypto_evp */ size_t @@ -46,24 +95,60 @@ EVP_MD_size(const EVP_MD *md) return md->hash_size; } +/** + * Return the blocksize of the message digest function. + * + * @param md the evp message + * + * @return size size of the message digest block size + * + * @ingroup hcrypto_evp + */ + size_t EVP_MD_block_size(const EVP_MD *md) { return md->block_size; } +/** + * Allocate a messsage digest context object. Free with + * EVP_MD_CTX_destroy(). + * + * @return a newly allocated message digest context object. + * + * @ingroup hcrypto_evp + */ + EVP_MD_CTX * EVP_MD_CTX_create(void) { return calloc(1, sizeof(EVP_MD_CTX)); } +/** + * Initiate a messsage digest context object. Deallocate with + * EVP_MD_CTX_cleanup(). Please use EVP_MD_CTX_create() instead. + * + * @param ctx variable to initiate. + * + * @ingroup hcrypto_evp + */ + void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { memset(ctx, 0, sizeof(*ctx)); } +/** + * Free a messsage digest context object. + * + * @param ctx context to free. + * + * @ingroup hcrypto_evp + */ + void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) { @@ -71,6 +156,16 @@ EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) free(ctx); } +/** + * Free the resources used by the EVP_MD context. + * + * @param ctx the context to free the resources from. + * + * @return 1 on success. + * + * @ingroup hcrypto_evp + */ + int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) { @@ -79,9 +174,19 @@ EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) ctx->md = NULL; ctx->engine = NULL; free(ctx->ptr); + memset(ctx, 0, sizeof(*ctx)); return 1; } +/** + * Get the EVP_MD use for a specified context. + * + * @param ctx the EVP_MD context to get the EVP_MD for. + * + * @return the EVP_MD used for the context. + * + * @ingroup hcrypto_evp + */ const EVP_MD * EVP_MD_CTX_md(EVP_MD_CTX *ctx) @@ -89,18 +194,50 @@ EVP_MD_CTX_md(EVP_MD_CTX *ctx) return ctx->md; } +/** + * Return the output size of the message digest function. + * + * @param ctx the evp message digest context + * + * @return size output size of the message digest function. + * + * @ingroup hcrypto_evp + */ + size_t EVP_MD_CTX_size(EVP_MD_CTX *ctx) { return EVP_MD_size(ctx->md); } +/** + * Return the blocksize of the message digest function. + * + * @param ctx the evp message digest context + * + * @return size size of the message digest block size + * + * @ingroup hcrypto_evp + */ + size_t EVP_MD_CTX_block_size(EVP_MD_CTX *ctx) { return EVP_MD_block_size(ctx->md); } +/** + * Init a EVP_MD_CTX for use a specific message digest and engine. + * + * @param ctx the message digest context to init. + * @param md the message digest to use. + * @param engine the engine to use, NULL to use the default engine. + * + * @return 1 on success. + * + * @ingroup hcrypto_evp + */ + int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine) { @@ -117,6 +254,18 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine) return 1; } +/** + * Update the digest with some data. + * + * @param ctx the context to update + * @param data the data to update the context with + * @param size length of data + * + * @return 1 on success. + * + * @ingroup hcrypto_evp + */ + int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t size) { @@ -124,6 +273,19 @@ EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t size) return 1; } +/** + * Complete the message digest. + * + * @param ctx the context to complete. + * @param hash the output of the message digest function. At least + * EVP_MD_size(). + * @param size the output size of hash. + * + * @return 1 on success. + * + * @ingroup hcrypto_evp + */ + int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, void *hash, unsigned int *size) { @@ -133,6 +295,23 @@ EVP_DigestFinal_ex(EVP_MD_CTX *ctx, void *hash, unsigned int *size) return 1; } +/** + * Do the whole EVP_MD_CTX_create(), EVP_DigestInit_ex(), + * EVP_DigestUpdate(), EVP_DigestFinal_ex(), EVP_MD_CTX_destroy() + * dance in one call. + * + * @param data the data to update the context with + * @param dsize length of data + * @param hash output data of at least EVP_MD_size() length. + * @param hsize output length of hash. + * @param md message digest to use + * @param engine engine to use, NULL for default engine. + * + * @return 1 on success. + * + * @ingroup hcrypto_evp + */ + int EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize, const EVP_MD *md, ENGINE *engine) @@ -144,20 +323,26 @@ EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize, if (ctx == NULL) return 0; ret = EVP_DigestInit_ex(ctx, md, engine); - if (ret != 1) + if (ret != 1) { + EVP_MD_CTX_destroy(ctx); return ret; + } ret = EVP_DigestUpdate(ctx, data, dsize); - if (ret != 1) + if (ret != 1) { + EVP_MD_CTX_destroy(ctx); return ret; + } ret = EVP_DigestFinal_ex(ctx, hash, hsize); - if (ret != 1) - return ret; EVP_MD_CTX_destroy(ctx); - return 1; + return ret; } -/* +/** + * The message digest SHA256 + * + * @return the message digest type. * + * @ingroup hcrypto_evp */ const EVP_MD * @@ -185,18 +370,42 @@ static const struct hc_evp_md sha1 = { NULL }; +/** + * The message digest SHA1 + * + * @return the message digest type. + * + * @ingroup hcrypto_evp + */ + const EVP_MD * EVP_sha1(void) { return &sha1; } +/** + * The message digest SHA1 + * + * @return the message digest type. + * + * @ingroup hcrypto_evp + */ + const EVP_MD * EVP_sha(void) { return &sha1; } +/** + * The message digest MD5 + * + * @return the message digest type. + * + * @ingroup hcrypto_evp + */ + const EVP_MD * EVP_md5(void) { @@ -212,6 +421,14 @@ EVP_md5(void) return &md5; } +/** + * The message digest MD4 + * + * @return the message digest type. + * + * @ingroup hcrypto_evp + */ + const EVP_MD * EVP_md4(void) { @@ -227,6 +444,14 @@ EVP_md4(void) return &md4; } +/** + * The message digest MD2 + * + * @return the message digest type. + * + * @ingroup hcrypto_evp + */ + const EVP_MD * EVP_md2(void) { @@ -255,10 +480,18 @@ null_Update (void *m, const void * data, size_t size) { } static void -null_Final(void *res, struct md5 *m) +null_Final(void *res, void *m) { } +/** + * The null message digest + * + * @return the message digest type. + * + * @ingroup hcrypto_evp + */ + const EVP_MD * EVP_md_null(void) { @@ -282,8 +515,14 @@ int EVP_SignFinal(EVP_MD_CTX *, void *, size_t *, EVP_PKEY *); int EVP_VerifyFinal(EVP_MD_CTX *, const void *, size_t, EVP_PKEY *); #endif -/* +/** + * Return the block size of the cipher. + * + * @param c cipher to get the block size from. * + * @return the block size of the cipher. + * + * @ingroup hcrypto_evp */ size_t @@ -292,24 +531,63 @@ EVP_CIPHER_block_size(const EVP_CIPHER *c) return c->block_size; } +/** + * Return the key size of the cipher. + * + * @param c cipher to get the key size from. + * + * @return the key size of the cipher. + * + * @ingroup hcrypto_evp + */ + size_t EVP_CIPHER_key_length(const EVP_CIPHER *c) { return c->key_len; } +/** + * Return the IV size of the cipher. + * + * @param c cipher to get the IV size from. + * + * @return the IV size of the cipher. + * + * @ingroup hcrypto_evp + */ + size_t EVP_CIPHER_iv_length(const EVP_CIPHER *c) { return c->iv_len; } +/** + * Initiate a EVP_CIPHER_CTX context. Clean up with + * EVP_CIPHER_CTX_cleanup(). + * + * @param c the cipher initiate. + * + * @ingroup hcrypto_evp + */ + void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *c) { memset(c, 0, sizeof(*c)); } +/** + * Clean up the EVP_CIPHER_CTX context. + * + * @param c the cipher to clean up. + * + * @return 1 on success. + * + * @ingroup hcrypto_evp + */ + int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { @@ -336,54 +614,149 @@ EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad) } #endif +/** + * Return the EVP_CIPHER for a EVP_CIPHER_CTX context. + * + * @param ctx the context to get the cipher type from. + * + * @return the EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + const EVP_CIPHER * EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx) { return ctx->cipher; } +/** + * Return the block size of the cipher context. + * + * @param ctx cipher context to get the block size from. + * + * @return the block size of the cipher context. + * + * @ingroup hcrypto_evp + */ + size_t EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) { return EVP_CIPHER_block_size(ctx->cipher); } +/** + * Return the key size of the cipher context. + * + * @param ctx cipher context to get the key size from. + * + * @return the key size of the cipher context. + * + * @ingroup hcrypto_evp + */ + size_t EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) { return EVP_CIPHER_key_length(ctx->cipher); } +/** + * Return the IV size of the cipher context. + * + * @param ctx cipher context to get the IV size from. + * + * @return the IV size of the cipher context. + * + * @ingroup hcrypto_evp + */ + size_t EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) { return EVP_CIPHER_iv_length(ctx->cipher); } +/** + * Get the flags for an EVP_CIPHER_CTX context. + * + * @param ctx the EVP_CIPHER_CTX to get the flags from + * + * @return the flags for an EVP_CIPHER_CTX. + * + * @ingroup hcrypto_evp + */ + unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) { return ctx->cipher->flags; } +/** + * Get the mode for an EVP_CIPHER_CTX context. + * + * @param ctx the EVP_CIPHER_CTX to get the mode from + * + * @return the mode for an EVP_CIPHER_CTX. + * + * @ingroup hcrypto_evp + */ + int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx) { return EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_MODE; } +/** + * Get the app data for an EVP_CIPHER_CTX context. + * + * @param ctx the EVP_CIPHER_CTX to get the app data from + * + * @return the app data for an EVP_CIPHER_CTX. + * + * @ingroup hcrypto_evp + */ + void * EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *ctx) { return ctx->app_data; } +/** + * Set the app data for an EVP_CIPHER_CTX context. + * + * @param ctx the EVP_CIPHER_CTX to set the app data for + * @param data the app data to set for an EVP_CIPHER_CTX. + * + * @ingroup hcrypto_evp + */ + void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) { ctx->app_data = data; } +/** + * Initiate the EVP_CIPHER_CTX context to encrypt or decrypt data. + * Clean up with EVP_CIPHER_CTX_cleanup(). + * + * @param ctx context to initiate + * @param c cipher to use. + * @param engine crypto engine to use, NULL to select default. + * @param key the crypto key to use, NULL will use the previous value. + * @param iv the IV to use, NULL will use the previous value. + * @param encp non zero will encrypt, -1 use the previous value. + * + * @return 1 on success. + * + * @ingroup hcrypto_evp + */ + int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, const void *key, const void *iv, int encp) @@ -426,6 +799,17 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, return 1; } +/** + * Encypher/decypher data + * + * @param ctx the cipher context. + * @param out out data from the operation. + * @param in in data to the operation. + * @param size length of data. + * + * @return 1 on success. + */ + int EVP_Cipher(EVP_CIPHER_CTX *ctx, void *out, const void *in,size_t size) { @@ -461,6 +845,14 @@ enc_null_cleanup(EVP_CIPHER_CTX *ctx) return 1; } +/** + * The NULL cipher type, does no encryption/decryption. + * + * @return the null EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + const EVP_CIPHER * EVP_enc_null(void) { @@ -524,6 +916,13 @@ rc2_cleanup(EVP_CIPHER_CTX *ctx) return 1; } +/** + * The RC2 cipher type + * + * @return the RC2 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ const EVP_CIPHER * EVP_rc2_cbc(void) @@ -546,6 +945,14 @@ EVP_rc2_cbc(void) return &rc2_cbc; } +/** + * The RC2-40 cipher type + * + * @return the RC2-40 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + const EVP_CIPHER * EVP_rc2_40_cbc(void) { @@ -567,6 +974,14 @@ EVP_rc2_40_cbc(void) return &rc2_40_cbc; } +/** + * The RC2-64 cipher type + * + * @return the RC2-64 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + const EVP_CIPHER * EVP_rc2_64_cbc(void) { @@ -588,8 +1003,12 @@ EVP_rc2_64_cbc(void) return &rc2_64_cbc; } -/* +/** + * The RC4 cipher type * + * @return the RC4 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp */ const EVP_CIPHER * @@ -600,6 +1019,14 @@ EVP_rc4(void) return NULL; } +/** + * The RC4-40 cipher type + * + * @return the RC4-40 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + const EVP_CIPHER * EVP_rc4_40(void) { @@ -651,6 +1078,14 @@ des_ede3_cbc_cleanup(EVP_CIPHER_CTX *ctx) return 1; } +/** + * The tripple DES cipher type + * + * @return the DES-EDE3-CBC EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + const EVP_CIPHER * EVP_des_ede3_cbc(void) { @@ -708,6 +1143,14 @@ aes_cleanup(EVP_CIPHER_CTX *ctx) return 1; } +/** + * The AES-128 cipher type + * + * @return the AES-128 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + const EVP_CIPHER * EVP_aes_128_cbc(void) { @@ -729,6 +1172,14 @@ EVP_aes_128_cbc(void) return &aes_128_cbc; } +/** + * The AES-192 cipher type + * + * @return the AES-192 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + const EVP_CIPHER * EVP_aes_192_cbc(void) { @@ -750,6 +1201,13 @@ EVP_aes_192_cbc(void) return &aes_192_cbc; } +/** + * The AES-256 cipher type + * + * @return the AES-256 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ const EVP_CIPHER * EVP_aes_256_cbc(void) @@ -772,6 +1230,123 @@ EVP_aes_256_cbc(void) return &aes_256_cbc; } +static int +camellia_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + CAMELLIA_KEY *k = ctx->cipher_data; + k->bits = ctx->cipher->key_len * 8; + CAMELLIA_set_key(key, ctx->cipher->key_len * 8, k); + return 1; +} + +static int +camellia_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + CAMELLIA_KEY *k = ctx->cipher_data; + CAMELLIA_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); + return 1; +} + +static int +camellia_cleanup(EVP_CIPHER_CTX *ctx) +{ + memset(ctx->cipher_data, 0, sizeof(CAMELLIA_KEY)); + return 1; +} + +/** + * The Camellia-128 cipher type + * + * @return the Camellia-128 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_camellia_128_cbc(void) +{ + static const EVP_CIPHER cipher = { + 0, + 16, + 16, + 16, + EVP_CIPH_CBC_MODE, + camellia_init, + camellia_do_cipher, + camellia_cleanup, + sizeof(CAMELLIA_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &cipher; +} + +/** + * The Camellia-198 cipher type + * + * @return the Camellia-198 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_camellia_192_cbc(void) +{ + static const EVP_CIPHER cipher = { + 0, + 16, + 24, + 16, + EVP_CIPH_CBC_MODE, + camellia_init, + camellia_do_cipher, + camellia_cleanup, + sizeof(CAMELLIA_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &cipher; +} + +/** + * The Camellia-256 cipher type + * + * @return the Camellia-256 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_camellia_256_cbc(void) +{ + static const EVP_CIPHER cipher = { + 0, + 16, + 32, + 16, + EVP_CIPH_CBC_MODE, + camellia_init, + camellia_do_cipher, + camellia_cleanup, + sizeof(CAMELLIA_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &cipher; +} + /* * */ @@ -783,9 +1358,21 @@ static const struct cipher_name { { "des-ede3-cbc", EVP_des_ede3_cbc }, { "aes-128-cbc", EVP_aes_128_cbc }, { "aes-192-cbc", EVP_aes_192_cbc }, - { "aes-256-cbc", EVP_aes_256_cbc } + { "aes-256-cbc", EVP_aes_256_cbc }, + { "camellia-128-cbc", EVP_camellia_128_cbc }, + { "camellia-192-cbc", EVP_camellia_192_cbc }, + { "camellia-256-cbc", EVP_camellia_256_cbc } }; +/** + * Get the cipher type using their name. + * + * @param name the name of the cipher. + * + * @return the selected EVP_CIPHER pointer or NULL if not found. + * + * @ingroup hcrypto_evp + */ const EVP_CIPHER * EVP_get_cipherbyname(const char *name) @@ -807,6 +1394,26 @@ EVP_get_cipherbyname(const char *name) #define min(a,b) (((a)>(b))?(b):(a)) #endif +/** + * Provides a legancy string to key function, used in PEM files. + * + * New protocols should use new string to key functions like NIST + * SP56-800A or PKCS#5 v2.0 (see PKCS5_PBKDF2_HMAC_SHA1()). + * + * @param type type of cipher to use + * @param md message digest to use + * @param salt salt salt string, should be an binary 8 byte buffer. + * @param data the password/input key string. + * @param datalen length of data parameter. + * @param count iteration counter. + * @param keydata output keydata, needs to of the size EVP_CIPHER_key_length(). + * @param ivdata output ivdata, needs to of the size EVP_CIPHER_block_size(). + * + * @return the size of derived key. + * + * @ingroup hcrypto_evp + */ + int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, @@ -886,8 +1493,10 @@ EVP_BytesToKey(const EVP_CIPHER *type, return EVP_CIPHER_key_length(type); } -/* +/** + * Add all algorithms to the crypto core. * + * @ingroup hcrypto_core */ void @@ -896,12 +1505,25 @@ OpenSSL_add_all_algorithms(void) return; } +/** + * Add all algorithms to the crypto core using configuration file. + * + * @ingroup hcrypto_core + */ + void OpenSSL_add_all_algorithms_conf(void) { return; } +/** + * Add all algorithms to the crypto core, but don't use the + * configuration file. + * + * @ingroup hcrypto_core + */ + void OpenSSL_add_all_algorithms_noconf(void) { diff --git a/source4/heimdal/lib/hcrypto/evp.h b/source4/heimdal/lib/hcrypto/evp.h index a3fbc4c9ca..4910ca01b8 100644 --- a/source4/heimdal/lib/hcrypto/evp.h +++ b/source4/heimdal/lib/hcrypto/evp.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: evp.h 18312 2006-10-07 17:21:48Z lha $ */ +/* $Id: evp.h 21687 2007-07-24 16:29:05Z lha $ */ #ifndef HEIM_EVP_H #define HEIM_EVP_H 1 @@ -83,6 +83,9 @@ #define EVP_rc2_cbc hc_EVP_rc2_cbc #define EVP_rc4 hc_EVP_rc4 #define EVP_rc4_40 hc_EVP_rc4_40 +#define EVP_camellia_128_cbc hc_EVP_camellia_128_cbc +#define EVP_camellia_192_cbc hc_EVP_camellia_192_cbc +#define EVP_camellia_256_cbc hc_EVP_camellia_256_cbc #define EVP_sha hc_EVP_sha #define EVP_sha1 hc_EVP_sha1 #define EVP_sha256 hc_EVP_sha256 @@ -180,6 +183,9 @@ const EVP_CIPHER * EVP_rc2_64_cbc(void); const EVP_CIPHER * EVP_rc2_cbc(void); const EVP_CIPHER * EVP_rc4(void); const EVP_CIPHER * EVP_rc4_40(void); +const EVP_CIPHER * EVP_camellia_128_cbc(void); +const EVP_CIPHER * EVP_camellia_192_cbc(void); +const EVP_CIPHER * EVP_camellia_256_cbc(void); /* * diff --git a/source4/heimdal/lib/hcrypto/hmac.c b/source4/heimdal/lib/hcrypto/hmac.c index 6c59758b11..d0433edef6 100644 --- a/source4/heimdal/lib/hcrypto/hmac.c +++ b/source4/heimdal/lib/hcrypto/hmac.c @@ -1,6 +1,35 @@ -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif +/* + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ #include #include diff --git a/source4/heimdal/lib/hcrypto/imath/imath.c b/source4/heimdal/lib/hcrypto/imath/imath.c index 376425788b..4487029f78 100755 --- a/source4/heimdal/lib/hcrypto/imath/imath.c +++ b/source4/heimdal/lib/hcrypto/imath/imath.c @@ -2,7 +2,7 @@ Name: imath.c Purpose: Arbitrary precision integer arithmetic routines. Author: M. J. Fromberger - Info: $Id: imath.c 20854 2007-06-03 18:04:10Z lha $ + Info: $Id: imath.c 22648 2008-02-25 07:37:57Z lha $ Copyright (C) 2002-2007 Michael J. Fromberger, All Rights Reserved. @@ -1769,7 +1769,7 @@ mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str, char **e return MP_RANGE; /* Skip leading whitespace */ - while(isspace((int)*str)) + while(isspace((unsigned char)*str)) ++str; /* Handle leading sign tag (+/-, positive default) */ @@ -3135,7 +3135,7 @@ static int s_ch2val(char c, int r) if(isdigit((unsigned char) c)) out = c - '0'; else if(r > 10 && isalpha((unsigned char) c)) - out = toupper(c) - 'A' + 10; + out = toupper((unsigned char)c) - 'A' + 10; else return -1; diff --git a/source4/heimdal/lib/hcrypto/rand.c b/source4/heimdal/lib/hcrypto/rand.c index 248fdde620..79dd39eb76 100644 --- a/source4/heimdal/lib/hcrypto/rand.c +++ b/source4/heimdal/lib/hcrypto/rand.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rand.c 21198 2007-06-20 05:10:41Z lha $"); +RCSID("$Id: rand.c 22199 2007-12-07 13:43:25Z lha $"); #include #include @@ -189,13 +189,12 @@ RAND_file_name(char *filename, size_t size) pathp = 1; } } - if (e == NULL) { - struct passwd *pw = getpwuid(getuid()); - if (pw) { - e = pw->pw_dir; - pathp = 1; - } - } + /* + * Here we really want to call getpwuid(getuid()) but this will + * cause recursive lookups if the nss library uses + * gssapi/krb5/hcrypto to authenticate to the ldap servers. + */ + if (e == NULL) return NULL; diff --git a/source4/heimdal/lib/hcrypto/rsa.c b/source4/heimdal/lib/hcrypto/rsa.c index a7b4371e4d..270857d175 100644 --- a/source4/heimdal/lib/hcrypto/rsa.c +++ b/source4/heimdal/lib/hcrypto/rsa.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rsa.c 20466 2007-04-20 08:29:05Z lha $"); +RCSID("$Id: rsa.c 22422 2008-01-13 09:43:59Z lha $"); #include #include @@ -46,12 +46,41 @@ RCSID("$Id: rsa.c 20466 2007-04-20 08:29:05Z lha $"); #include +/** + * @page page_rsa RSA - public-key cryptography + * + * RSA is named by its inventors (Ron Rivest, Adi Shamir, and Leonard + * Adleman) (published in 1977), patented expired in 21 September 2000. + * + * See the library functions here: @ref hcrypto_rsa + */ + +/** + * Same as RSA_new_method() using NULL as engine. + * + * @return a newly allocated RSA object. Free with RSA_free(). + * + * @ingroup hcrypto_rsa + */ + RSA * RSA_new(void) { return RSA_new_method(NULL); } +/** + * Allocate a new RSA object using the engine, if NULL is specified as + * the engine, use the default RSA engine as returned by + * ENGINE_get_default_RSA(). + * + * @param engine Specific what ENGINE RSA provider should be used. + * + * @return a newly allocated RSA object. Free with RSA_free(). + * + * @ingroup hcrypto_rsa + */ + RSA * RSA_new_method(ENGINE *engine) { @@ -87,6 +116,12 @@ RSA_new_method(ENGINE *engine) return rsa; } +/** + * Free an allocation RSA object. + * + * @param rsa the RSA object to free. + * @ingroup hcrypto_rsa + */ void RSA_free(RSA *rsa) @@ -117,18 +152,51 @@ RSA_free(RSA *rsa) free(rsa); } +/** + * Add an extra reference to the RSA object. The object should be free + * with RSA_free() to drop the reference. + * + * @param rsa the object to add reference counting too. + * + * @return the current reference count, can't safely be used except + * for debug printing. + * + * @ingroup hcrypto_rsa + */ + int RSA_up_ref(RSA *rsa) { return ++rsa->references; } +/** + * Return the RSA_METHOD used for this RSA object. + * + * @param rsa the object to get the method from. + * + * @return the method used for this RSA object. + * + * @ingroup hcrypto_rsa + */ + const RSA_METHOD * RSA_get_method(const RSA *rsa) { return rsa->meth; } +/** + * Set a new method for the RSA keypair. + * + * @param rsa rsa parameter. + * @param method the new method for the RSA parameter. + * + * @return 1 on success. + * + * @ingroup hcrypto_rsa + */ + int RSA_set_method(RSA *rsa, const RSA_METHOD *method) { @@ -144,6 +212,17 @@ RSA_set_method(RSA *rsa, const RSA_METHOD *method) return 1; } +/** + * Set the application data for the RSA object. + * + * @param rsa the rsa object to set the parameter for + * @param arg the data object to store + * + * @return 1 on success. + * + * @ingroup hcrypto_rsa + */ + int RSA_set_app_data(RSA *rsa, void *arg) { @@ -151,6 +230,16 @@ RSA_set_app_data(RSA *rsa, void *arg) return 1; } +/** + * Get the application data for the RSA object. + * + * @param rsa the rsa object to get the parameter for + * + * @return the data object + * + * @ingroup hcrypto_rsa + */ + void * RSA_get_app_data(RSA *rsa) { @@ -296,7 +385,11 @@ RSA_null_method(void) } extern const RSA_METHOD hc_rsa_imath_method; +#ifdef HAVE_GMP +static const RSA_METHOD *default_rsa_method = &hc_rsa_gmp_method; +#else static const RSA_METHOD *default_rsa_method = &hc_rsa_imath_method; +#endif const RSA_METHOD * RSA_get_default_method(void) diff --git a/source4/heimdal/lib/hcrypto/rsa.h b/source4/heimdal/lib/hcrypto/rsa.h index 575774dbde..0f54ca0a4d 100644 --- a/source4/heimdal/lib/hcrypto/rsa.h +++ b/source4/heimdal/lib/hcrypto/rsa.h @@ -32,7 +32,7 @@ */ /* - * $Id: rsa.h 19734 2007-01-05 20:26:23Z lha $ + * $Id: rsa.h 22269 2007-12-11 10:59:22Z lha $ */ #ifndef _HEIM_RSA_H @@ -41,6 +41,7 @@ /* symbol renaming */ #define RSA_null_method hc_RSA_null_method #define RSA_imath_method hc_RSA_imath_method +#define RSA_gmp_method hc_RSA_gmp_method #define RSA_new hc_RSA_new #define RSA_new_method hc_RSA_new_method #define RSA_free hc_RSA_free @@ -133,6 +134,7 @@ struct RSA { const RSA_METHOD *RSA_null_method(void); const RSA_METHOD *RSA_imath_method(void); +const RSA_METHOD *RSA_gmp_method(void); /* * diff --git a/source4/heimdal/lib/hdb/dbinfo.c b/source4/heimdal/lib/hdb/dbinfo.c new file mode 100644 index 0000000000..d43e31b39a --- /dev/null +++ b/source4/heimdal/lib/hdb/dbinfo.c @@ -0,0 +1,266 @@ +/* + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hdb_locl.h" + +RCSID("$Id: dbinfo.c 22306 2007-12-14 12:22:38Z lha $"); + +struct hdb_dbinfo { + char *label; + char *realm; + char *dbname; + char *mkey_file; + char *acl_file; + char *log_file; + const krb5_config_binding *binding; + struct hdb_dbinfo *next; +}; + +static int +get_dbinfo(krb5_context context, + const krb5_config_binding *db_binding, + const char *label, + struct hdb_dbinfo **db) +{ + struct hdb_dbinfo *di; + const char *p; + + *db = NULL; + + p = krb5_config_get_string(context, db_binding, "dbname", NULL); + if(p == NULL) + return 0; + + di = calloc(1, sizeof(*di)); + if (di == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + di->label = strdup(label); + di->dbname = strdup(p); + + p = krb5_config_get_string(context, db_binding, "realm", NULL); + if(p) + di->realm = strdup(p); + p = krb5_config_get_string(context, db_binding, "mkey_file", NULL); + if(p) + di->mkey_file = strdup(p); + p = krb5_config_get_string(context, db_binding, "acl_file", NULL); + if(p) + di->acl_file = strdup(p); + p = krb5_config_get_string(context, db_binding, "log_file", NULL); + if(p) + di->log_file = strdup(p); + + di->binding = db_binding; + + *db = di; + return 0; +} + + +int +hdb_get_dbinfo(krb5_context context, struct hdb_dbinfo **dbp) +{ + const krb5_config_binding *db_binding; + struct hdb_dbinfo *di, **dt, *databases; + const char *default_dbname = HDB_DEFAULT_DB; + const char *default_mkey = HDB_DB_DIR "/m-key"; + const char *default_acl = HDB_DB_DIR "/kadmind.acl"; + const char *p; + int ret; + + *dbp = NULL; + dt = NULL; + databases = NULL; + + db_binding = krb5_config_get(context, NULL, krb5_config_list, + "kdc", + "database", + NULL); + if (db_binding) { + + ret = get_dbinfo(context, db_binding, "default", &di); + if (ret == 0 && di) { + databases = di; + dt = &di->next; + } + + for ( ; db_binding != NULL; db_binding = db_binding->next) { + + if (db_binding->type != krb5_config_list) + continue; + + ret = get_dbinfo(context, db_binding->u.list, + db_binding->name, &di); + if (ret) + krb5_err(context, 1, ret, "failed getting realm"); + + if (di == NULL) + continue; + + if (dt) + *dt = di; + else + databases = di; + dt = &di->next; + + } + } + + if(databases == NULL) { + /* if there are none specified, create one and use defaults */ + di = calloc(1, sizeof(*di)); + databases = di; + di->label = strdup("default"); + } + + for(di = databases; di; di = di->next) { + if(di->dbname == NULL) { + di->dbname = strdup(default_dbname); + if (di->mkey_file == NULL) + di->mkey_file = strdup(default_mkey); + } + if(di->mkey_file == NULL) { + p = strrchr(di->dbname, '.'); + if(p == NULL || strchr(p, '/') != NULL) + /* final pathname component does not contain a . */ + asprintf(&di->mkey_file, "%s.mkey", di->dbname); + else + /* the filename is something.else, replace .else with + .mkey */ + asprintf(&di->mkey_file, "%.*s.mkey", + (int)(p - di->dbname), di->dbname); + } + if(di->acl_file == NULL) + di->acl_file = strdup(default_acl); + } + *dbp = databases; + return 0; +} + + +struct hdb_dbinfo * +hdb_dbinfo_get_next(struct hdb_dbinfo *dbp, struct hdb_dbinfo *dbprevp) +{ + if (dbprevp == NULL) + return dbp; + else + return dbprevp->next; +} + +const char * +hdb_dbinfo_get_label(krb5_context context, struct hdb_dbinfo *dbp) +{ + return dbp->label; +} + +const char * +hdb_dbinfo_get_realm(krb5_context context, struct hdb_dbinfo *dbp) +{ + return dbp->realm; +} + +const char * +hdb_dbinfo_get_dbname(krb5_context context, struct hdb_dbinfo *dbp) +{ + return dbp->dbname; +} + +const char * +hdb_dbinfo_get_mkey_file(krb5_context context, struct hdb_dbinfo *dbp) +{ + return dbp->mkey_file; +} + +const char * +hdb_dbinfo_get_acl_file(krb5_context context, struct hdb_dbinfo *dbp) +{ + return dbp->acl_file; +} + +const char * +hdb_dbinfo_get_log_file(krb5_context context, struct hdb_dbinfo *dbp) +{ + return dbp->log_file; +} + +const krb5_config_binding * +hdb_dbinfo_get_binding(krb5_context context, struct hdb_dbinfo *dbp) +{ + return dbp->binding; +} + +void +hdb_free_dbinfo(krb5_context context, struct hdb_dbinfo **dbp) +{ + struct hdb_dbinfo *di, *ndi; + + for(di = *dbp; di != NULL; di = ndi) { + ndi = di->next; + free (di->realm); + free (di->dbname); + if (di->mkey_file) + free (di->mkey_file); + free(di); + } + *dbp = NULL; +} + +/** + * Return the directory where the hdb database resides. + * + * @param context Kerberos 5 context. + * + * @return string pointing to directory. + */ + +const char * +hdb_db_dir(krb5_context context) +{ + return HDB_DB_DIR; +} + +/** + * Return the default hdb database resides. + * + * @param context Kerberos 5 context. + * + * @return string pointing to directory. + */ + +const char * +hdb_default_db(krb5_context context) +{ + return HDB_DEFAULT_DB; +} diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h index 6d679fd48f..4c3d3eb1ab 100644 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -42,6 +42,9 @@ hdb_db_create ( HDB **/*db*/, const char */*filename*/); +const char * +hdb_db_dir (krb5_context /*context*/); + const char * hdb_dbinfo_get_acl_file ( krb5_context /*context*/, @@ -62,6 +65,11 @@ hdb_dbinfo_get_label ( krb5_context /*context*/, struct hdb_dbinfo */*dbp*/); +const char * +hdb_dbinfo_get_log_file ( + krb5_context /*context*/, + struct hdb_dbinfo */*dbp*/); + const char * hdb_dbinfo_get_mkey_file ( krb5_context /*context*/, @@ -77,6 +85,9 @@ hdb_dbinfo_get_realm ( krb5_context /*context*/, struct hdb_dbinfo */*dbp*/); +const char * +hdb_default_db (krb5_context /*context*/); + krb5_error_code hdb_enctype2key ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index 830589388f..742b92405d 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hdb.h 20535 2007-04-23 07:49:16Z lha $ */ +/* $Id: hdb.h 22198 2007-12-07 13:09:25Z lha $ */ #ifndef __HDB_H__ #define __HDB_H__ @@ -135,10 +135,6 @@ struct hdb_so_method { krb5_error_code (*create)(krb5_context, HDB **, const char *filename); }; -#define HDB_DB_DIR "/var/heimdal" -#define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal" -#define HDB_DB_FORMAT_ENTRY "hdb/db-format" - typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*, hdb_entry_ex*, void*); extern krb5_kt_ops hdb_kt_ops; diff --git a/source4/heimdal/lib/hdb/hdb_locl.h b/source4/heimdal/lib/hdb/hdb_locl.h index ad16075b24..8f9d6fc4c2 100644 --- a/source4/heimdal/lib/hdb/hdb_locl.h +++ b/source4/heimdal/lib/hdb/hdb_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hdb_locl.h 12820 2003-09-10 21:54:58Z lha $ */ +/* $Id: hdb_locl.h 22209 2007-12-07 19:03:41Z lha $ */ #ifndef __HDB_LOCL_H__ #define __HDB_LOCL_H__ @@ -64,6 +64,9 @@ #include #include +#define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal" +#define HDB_DB_FORMAT_ENTRY "hdb/db-format" + krb5_error_code hdb_ldb_create ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/hdb/keys.c b/source4/heimdal/lib/hdb/keys.c index 9b87050120..60a58677fe 100644 --- a/source4/heimdal/lib/hdb/keys.c +++ b/source4/heimdal/lib/hdb/keys.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: keys.c 18819 2006-10-22 09:40:12Z lha $"); +RCSID("$Id: keys.c 22071 2007-11-14 20:04:50Z lha $"); /* * free all the memory used by (len, keys) @@ -105,7 +105,7 @@ parse_key_set(krb5_context context, const char *key, salt->saltvalue.length = 0; for(i = 0; i < num_buf; i++) { - if(enctypes == NULL) { + if(enctypes == NULL && num_buf > 1) { /* this might be a etype specifier */ /* XXX there should be a string_to_etypes handling special cases like `des' and `all' */ @@ -124,7 +124,9 @@ parse_key_set(krb5_context context, const char *key, } else return ret; } - } else if(salt->salttype == 0) { + continue; + } + if(salt->salttype == 0) { /* interpret string as a salt specifier, if no etype is set, this sets default values */ /* XXX should perhaps use string_to_salttype, but that @@ -142,7 +144,10 @@ parse_key_set(krb5_context context, const char *key, } salt->salttype = KRB5_AFS3_SALT; } - } else { + continue; + } + + { /* if there is a final string, use it as the string to salt with, this is mostly useful with null salt for v4 compat, and a cell name for afs compat */ @@ -239,7 +244,7 @@ add_enctype_to_key_set(Key **key_set, size_t *nkeyset, /* * Generate the `key_set' from the [kadmin]default_keys statement. If * `no_salt' is set, salt is not important (and will not be set) since - * its random keys that is going to be created. + * it's random keys that is going to be created. */ krb5_error_code diff --git a/source4/heimdal/lib/hdb/mkey.c b/source4/heimdal/lib/hdb/mkey.c index 02d87b6cf3..05cf71c593 100644 --- a/source4/heimdal/lib/hdb/mkey.c +++ b/source4/heimdal/lib/hdb/mkey.c @@ -36,7 +36,7 @@ #define O_BINARY 0 #endif -RCSID("$Id: mkey.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id: mkey.c 21745 2007-07-31 16:11:25Z lha $"); struct hdb_master_key_data { krb5_keytab_entry keytab; @@ -129,6 +129,11 @@ read_master_keytab(krb5_context context, const char *filename, *mkey = NULL; while(krb5_kt_next_entry(context, id, &entry, &cursor) == 0) { p = calloc(1, sizeof(*p)); + if(p == NULL) { + krb5_kt_end_seq_get(context, id, &cursor); + ret = ENOMEM; + goto out; + } p->keytab = entry; ret = krb5_crypto_init(context, &p->keytab.keyblock, 0, &p->crypto); p->next = *mkey; diff --git a/source4/heimdal/lib/hx509/ca.c b/source4/heimdal/lib/hx509/ca.c index bf8fe1be1a..40260700b3 100644 --- a/source4/heimdal/lib/hx509/ca.c +++ b/source4/heimdal/lib/hx509/ca.c @@ -33,7 +33,13 @@ #include "hx_locl.h" #include -RCSID("$Id: ca.c 21379 2007-06-28 07:38:17Z lha $"); +RCSID("$Id: ca.c 22456 2008-01-15 20:22:53Z lha $"); + +/** + * @page page_ca Hx509 CA functions + * + * See the library functions here: @ref hx509_ca + */ struct hx509_ca_tbs { hx509_name subject; @@ -55,6 +61,19 @@ struct hx509_ca_tbs { CRLDistributionPoints crldp; }; +/** + * Allocate an to-be-signed certificate object that will be converted + * into an certificate. + * + * @param context A hx509 context. + * @param tbs returned to-be-signed certicate object, free with + * hx509_ca_tbs_free(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_init(hx509_context context, hx509_ca_tbs *tbs) { @@ -74,6 +93,14 @@ hx509_ca_tbs_init(hx509_context context, hx509_ca_tbs *tbs) return 0; } +/** + * Free an To Be Signed object. + * + * @param tbs object to free. + * + * @ingroup hx509_ca + */ + void hx509_ca_tbs_free(hx509_ca_tbs *tbs) { @@ -93,6 +120,19 @@ hx509_ca_tbs_free(hx509_ca_tbs *tbs) *tbs = NULL; } +/** + * Set the absolute time when the certificate is valid from. If not + * set the current time will be used. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param t time the certificated will start to be valid + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_set_notBefore(hx509_context context, hx509_ca_tbs tbs, @@ -102,6 +142,18 @@ hx509_ca_tbs_set_notBefore(hx509_context context, return 0; } +/** + * Set the absolute time when the certificate is valid to. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param t time when the certificate will expire + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_set_notAfter(hx509_context context, hx509_ca_tbs tbs, @@ -111,6 +163,18 @@ hx509_ca_tbs_set_notAfter(hx509_context context, return 0; } +/** + * Set the relative time when the certificiate is going to expire. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param delta seconds to the certificate is going to expire. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_set_notAfter_lifetime(hx509_context context, hx509_ca_tbs tbs, @@ -130,12 +194,35 @@ static const struct units templatebits[] = { { NULL, 0 } }; +/** + * Make of template units, use to build flags argument to + * hx509_ca_tbs_set_template() with parse_units(). + * + * @return an units structure. + * + * @ingroup hx509_ca + */ + const struct units * hx509_ca_tbs_template_units(void) { return templatebits; } +/** + * Initialize the to-be-signed certificate object from a template certifiate. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param flags bit field selecting what to copy from the template + * certifiate. + * @param cert template certificate. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_set_template(hx509_context context, hx509_ca_tbs tbs, @@ -170,12 +257,10 @@ hx509_ca_tbs_set_template(hx509_context context, tbs->notAfter = hx509_cert_get_notAfter(cert); if (flags & HX509_CA_TEMPLATE_SPKI) { free_SubjectPublicKeyInfo(&tbs->spki); - ret = hx509_cert_get_SPKI(cert, &tbs->spki); + ret = hx509_cert_get_SPKI(context, cert, &tbs->spki); tbs->flags.key = !ret; - if (ret) { - hx509_set_error_string(context, 0, ret, "Failed to copy SPKI"); + if (ret) return ret; - } } if (flags & HX509_CA_TEMPLATE_KU) { KeyUsage ku; @@ -202,6 +287,20 @@ hx509_ca_tbs_set_template(hx509_context context, return 0; } +/** + * Make the to-be-signed certificate object a CA certificate. If the + * pathLenConstraint is negative path length constraint is used. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param pathLenConstraint path length constraint, negative, no + * constraint. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_set_ca(hx509_context context, hx509_ca_tbs tbs, @@ -212,6 +311,20 @@ hx509_ca_tbs_set_ca(hx509_context context, return 0; } +/** + * Make the to-be-signed certificate object a proxy certificate. If the + * pathLenConstraint is negative path length constraint is used. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param pathLenConstraint path length constraint, negative, no + * constraint. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_set_proxy(hx509_context context, hx509_ca_tbs tbs, @@ -223,6 +336,17 @@ hx509_ca_tbs_set_proxy(hx509_context context, } +/** + * Make the to-be-signed certificate object a windows domain controller certificate. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_set_domaincontroller(hx509_context context, hx509_ca_tbs tbs) @@ -231,6 +355,20 @@ hx509_ca_tbs_set_domaincontroller(hx509_context context, return 0; } +/** + * Set the subject public key info (SPKI) in the to-be-signed certificate + * object. SPKI is the public key and key related parameters in the + * certificate. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param spki subject public key info to use for the to-be-signed certificate object. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_set_spki(hx509_context context, hx509_ca_tbs tbs, @@ -243,6 +381,19 @@ hx509_ca_tbs_set_spki(hx509_context context, return ret; } +/** + * Set the serial number to use for to-be-signed certificate object. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param serialNumber serial number to use for the to-be-signed + * certificate object. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_set_serialnumber(hx509_context context, hx509_ca_tbs tbs, @@ -255,6 +406,19 @@ hx509_ca_tbs_set_serialnumber(hx509_context context, return ret; } +/** + * An an extended key usage to the to-be-signed certificate object. + * Duplicates will detected and not added. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param oid extended key usage to add. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_add_eku(hx509_context context, hx509_ca_tbs tbs, @@ -285,6 +449,20 @@ hx509_ca_tbs_add_eku(hx509_context context, return 0; } +/** + * Add CRL distribution point URI to the to-be-signed certificate + * object. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param uri uri to the CRL. + * @param issuername name of the issuer. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_add_crl_dp_uri(hx509_context context, hx509_ca_tbs tbs, @@ -325,6 +503,9 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context, if (issuername) { #if 1 + /** + * issuername not supported + */ hx509_set_error_string(context, 0, EINVAL, "CRLDistributionPoints.name.issuername not yet supported"); return EINVAL; @@ -372,6 +553,20 @@ out: return ret; } +/** + * Add Subject Alternative Name otherName to the to-be-signed + * certificate object. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param oid the oid of the OtherName. + * @param os data in the other name. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_add_san_otherName(hx509_context context, hx509_ca_tbs tbs, @@ -388,6 +583,18 @@ hx509_ca_tbs_add_san_otherName(hx509_context context, return add_GeneralNames(&tbs->san, &gn); } +/** + * Add Kerberos Subject Alternative Name to the to-be-signed + * certificate object. The principal string is a UTF8 string. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param principal Kerberos principal to add to the certificate. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ int hx509_ca_tbs_add_san_pkinit(hx509_context context, @@ -511,6 +718,19 @@ out: return ret; } +/** + * Add Microsoft UPN Subject Alternative Name to the to-be-signed + * certificate object. The principal string is a UTF8 string. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param principal Microsoft UPN string. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_add_san_ms_upn(hx509_context context, hx509_ca_tbs tbs, @@ -519,6 +739,19 @@ hx509_ca_tbs_add_san_ms_upn(hx509_context context, return add_utf8_san(context, tbs, oid_id_pkinit_ms_san(), principal); } +/** + * Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed + * certificate object. The jid is an UTF8 string. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param jid string of an a jabber id in UTF8. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_add_san_jid(hx509_context context, hx509_ca_tbs tbs, @@ -528,6 +761,22 @@ hx509_ca_tbs_add_san_jid(hx509_context context, } +/** + * Add a Subject Alternative Name hostname to to-be-signed certificate + * object. A domain match starts with ., an exact match does not. + * + * Example of a an domain match: .domain.se matches the hostname + * host.domain.se. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param dnsname a hostame. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_add_san_hostname(hx509_context context, hx509_ca_tbs tbs, @@ -542,6 +791,19 @@ hx509_ca_tbs_add_san_hostname(hx509_context context, return add_GeneralNames(&tbs->san, &gn); } +/** + * Add a Subject Alternative Name rfc822 (email address) to + * to-be-signed certificate object. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param rfc822Name a string to a email address. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_add_san_rfc822name(hx509_context context, hx509_ca_tbs tbs, @@ -556,6 +818,17 @@ hx509_ca_tbs_add_san_rfc822name(hx509_context context, return add_GeneralNames(&tbs->san, &gn); } +/** + * Set the subject name of a to-be-signed certificate object. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param subject the name to set a subject. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ int hx509_ca_tbs_set_subject(hx509_context context, @@ -567,6 +840,20 @@ hx509_ca_tbs_set_subject(hx509_context context, return hx509_name_copy(context, subject, &tbs->subject); } +/** + * Expand the the subject name in the to-be-signed certificate object + * using hx509_name_expand(). + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param env enviroment variable to expand variables in the subject + * name, see hx509_env_init(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_tbs_subject_expand(hx509_context context, hx509_ca_tbs tbs, @@ -1148,6 +1435,30 @@ out: } +/** + * Sign a to-be-signed certificate object with a issuer certificate. + * + * The caller needs to at least have called the following functions on the + * to-be-signed certificate object: + * - hx509_ca_tbs_init() + * - hx509_ca_tbs_set_subject() + * - hx509_ca_tbs_set_spki() + * + * When done the to-be-signed certificate object should be freed with + * hx509_ca_tbs_free(). + * + * When creating self-signed certificate use hx509_ca_sign_self() instead. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param signer the CA certificate object to sign with (need private key). + * @param certificate return cerificate, free with hx509_cert_free(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_sign(hx509_context context, hx509_ca_tbs tbs, @@ -1179,6 +1490,19 @@ out: return ret; } +/** + * Work just like hx509_ca_sign() but signs it-self. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param signer private key to sign with. + * @param certificate return cerificate, free with hx509_cert_free(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + int hx509_ca_sign_self(hx509_context context, hx509_ca_tbs tbs, diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c index b7f19d152a..09c85bc084 100644 --- a/source4/heimdal/lib/hx509/cert.c +++ b/source4/heimdal/lib/hx509/cert.c @@ -32,10 +32,25 @@ */ #include "hx_locl.h" -RCSID("$Id: cert.c 21380 2007-06-28 07:38:38Z lha $"); +RCSID("$Id: cert.c 22583 2008-02-11 20:46:21Z lha $"); #include "crypto-headers.h" #include +/** + * @page page_cert The basic certificate + * + * The basic hx509 cerificate object in hx509 is hx509_cert. The + * hx509_cert object is representing one X509/PKIX certificate and + * associated attributes; like private key, friendly name, etc. + * + * A hx509_cert object is usully found via the keyset interfaces (@ref + * page_keyset), but its also possible to create a certificate + * directly from a parsed object with hx509_cert_init() and + * hx509_cert_init_data(). + * + * See the library functions here: @ref hx509_cert + */ + struct hx509_verify_ctx_data { hx509_certs trust_anchors; int flags; @@ -78,8 +93,16 @@ typedef struct hx509_name_constraints { #define GeneralSubtrees_SET(g,var) \ (g)->len = (var)->len, (g)->val = (var)->val; -/* +/** + * Creates a hx509 context that most functions in the library + * uses. The context is only allowed to be used by one thread at each + * moment. Free the context with hx509_context_free(). * + * @param context Returns a pointer to new hx509 context. + * + * @return Returns an hx509 error code. + * + * @ingroup hx509 */ int @@ -113,6 +136,19 @@ hx509_context_init(hx509_context *context) return 0; } +/** + * Selects if the hx509_revoke_verify() function is going to require + * the existans of a revokation method (OSCP, CRL) or not. Note that + * hx509_verify_path(), hx509_cms_verify_signed(), and other function + * call hx509_revoke_verify(). + * + * @param context hx509 context to change the flag for. + * @param flag zero, revokation method required, non zero missing + * revokation method ok + * + * @ingroup hx509_verify + */ + void hx509_context_set_missing_revoke(hx509_context context, int flag) { @@ -122,6 +158,14 @@ hx509_context_set_missing_revoke(hx509_context context, int flag) context->flags &= ~HX509_CTX_VERIFY_MISSING_OK; } +/** + * Free the context allocated by hx509_context_init(). + * + * @param context context to be freed. + * + * @ingroup hx509 + */ + void hx509_context_free(hx509_context *context) { @@ -139,7 +183,6 @@ hx509_context_free(hx509_context *context) *context = NULL; } - /* * */ @@ -150,33 +193,6 @@ _hx509_get_cert(hx509_cert cert) return cert->data; } -/* - * - */ - -#if 0 -void -_hx509_print_cert_subject(hx509_cert cert) -{ - char *subject_name; - hx509_name name; - int ret; - - ret = hx509_cert_get_subject(cert, &name); - if (ret) - abort(); - - ret = hx509_name_to_string(name, &subject_name); - hx509_name_free(&name); - if (ret) - abort(); - - printf("name: %s\n", subject_name); - - free(subject_name); -} -#endif - /* * */ @@ -187,6 +203,19 @@ _hx509_cert_get_version(const Certificate *t) return t->tbsCertificate.version ? *t->tbsCertificate.version + 1 : 1; } +/** + * Allocate and init an hx509 certificate object from the decoded + * certificate `c´. + * + * @param context A hx509 context. + * @param c + * @param cert + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_cert + */ + int hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert) { @@ -218,9 +247,29 @@ hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert) return ret; } +/** + * Just like hx509_cert_init(), but instead of a decode certificate + * takes an pointer and length to a memory region that contains a + * DER/BER encoded certificate. + * + * If the memory region doesn't contain just the certificate and + * nothing more the function will fail with + * HX509_EXTRA_DATA_AFTER_STRUCTURE. + * + * @param context A hx509 context. + * @param ptr pointer to memory region containing encoded certificate. + * @param len length of memory region. + * @param cert a return pointer to a hx509 certificate object, will + * contain NULL on error. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + int hx509_cert_init_data(hx509_context context, - const void *ptr, + const void *ptr, size_t len, hx509_cert *cert) { @@ -265,6 +314,15 @@ _hx509_cert_assign_key(hx509_cert cert, hx509_private_key private_key) return 0; } +/** + * Free reference to the hx509 certificate object, if the refcounter + * reaches 0, the object if freed. Its allowed to pass in NULL. + * + * @param cert the cert to free. + * + * @ingroup hx509_cert + */ + void hx509_cert_free(hx509_cert cert) { @@ -274,7 +332,7 @@ hx509_cert_free(hx509_cert cert) return; if (cert->ref <= 0) - _hx509_abort("refcount <= 0"); + _hx509_abort("cert refcount <= 0 on free"); if (--cert->ref > 0) return; @@ -300,9 +358,21 @@ hx509_cert_free(hx509_cert cert) free(cert); } +/** + * Add a reference to a hx509 certificate object. + * + * @param cert a pointer to an hx509 certificate object. + * + * @return the same object as is passed in. + * + * @ingroup hx509_cert + */ + hx509_cert hx509_cert_ref(hx509_cert cert) { + if (cert == NULL) + return NULL; if (cert->ref <= 0) _hx509_abort("cert refcount <= 0"); cert->ref++; @@ -311,6 +381,18 @@ hx509_cert_ref(hx509_cert cert) return cert; } +/** + * Allocate an verification context that is used fo control the + * verification process. + * + * @param context A hx509 context. + * @param ctx returns a pointer to a hx509_verify_ctx object. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_verify + */ + int hx509_verify_init_ctx(hx509_context context, hx509_verify_ctx *ctx) { @@ -327,26 +409,75 @@ hx509_verify_init_ctx(hx509_context context, hx509_verify_ctx *ctx) return 0; } +/** + * Free an hx509 verification context. + * + * @param ctx the context to be freed. + * + * @ingroup hx509_verify + */ + void hx509_verify_destroy_ctx(hx509_verify_ctx ctx) { - if (ctx) + if (ctx) { + hx509_certs_free(&ctx->trust_anchors); + hx509_revoke_free(&ctx->revoke_ctx); memset(ctx, 0, sizeof(*ctx)); + } free(ctx); } +/** + * Set the trust anchors in the verification context, makes an + * reference to the keyset, so the consumer can free the keyset + * independent of the destruction of the verification context (ctx). + * + * @param ctx a verification context + * @param set a keyset containing the trust anchors. + * + * @ingroup hx509_verify + */ + void hx509_verify_attach_anchors(hx509_verify_ctx ctx, hx509_certs set) { - ctx->trust_anchors = set; + ctx->trust_anchors = _hx509_certs_ref(set); } +/** + * Attach an revocation context to the verfication context, , makes an + * reference to the revoke context, so the consumer can free the + * revoke context independent of the destruction of the verification + * context. If there is no revoke context, the verification process is + * NOT going to check any verification status. + * + * @param ctx a verification context. + * @param revoke_ctx a revoke context. + * + * @ingroup hx509_verify + */ + void hx509_verify_attach_revoke(hx509_verify_ctx ctx, hx509_revoke_ctx revoke_ctx) { - ctx->revoke_ctx = revoke_ctx; + if (ctx->revoke_ctx) + hx509_revoke_free(&ctx->revoke_ctx); + ctx->revoke_ctx = _hx509_revoke_ref(revoke_ctx); } +/** + * Set the clock time the the verification process is going to + * use. Used to check certificate in the past and future time. If not + * set the current time will be used. + * + * @param ctx a verification context. + * @param t the time the verifiation is using. + * + * + * @ingroup hx509_verify + */ + void hx509_verify_set_time(hx509_verify_ctx ctx, time_t t) { @@ -354,12 +485,32 @@ hx509_verify_set_time(hx509_verify_ctx ctx, time_t t) ctx->time_now = t; } +/** + * Set the maximum depth of the certificate chain that the path + * builder is going to try. + * + * @param ctx a verification context + * @param max_depth maxium depth of the certificate chain, include + * trust anchor. + * + * @ingroup hx509_verify + */ + void hx509_verify_set_max_depth(hx509_verify_ctx ctx, unsigned int max_depth) { ctx->max_depth = max_depth; } +/** + * Allow or deny the use of proxy certificates + * + * @param ctx a verification context + * @param boolean if non zero, allow proxy certificates. + * + * @ingroup hx509_verify + */ + void hx509_verify_set_proxy_certificate(hx509_verify_ctx ctx, int boolean) { @@ -369,6 +520,17 @@ hx509_verify_set_proxy_certificate(hx509_verify_ctx ctx, int boolean) ctx->flags &= ~HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE; } +/** + * Select strict RFC3280 verification of certificiates. This means + * checking key usage on CA certificates, this will make version 1 + * certificiates unuseable. + * + * @param ctx a verification context + * @param boolean if non zero, use strict verification. + * + * @ingroup hx509_verify + */ + void hx509_verify_set_strict_rfc3280_verification(hx509_verify_ctx ctx, int boolean) { @@ -378,6 +540,20 @@ hx509_verify_set_strict_rfc3280_verification(hx509_verify_ctx ctx, int boolean) ctx->flags &= ~HX509_VERIFY_CTX_F_REQUIRE_RFC3280; } +/** + * Allow using the operating system builtin trust anchors if no other + * trust anchors are configured. + * + * @param ctx a verification context + * @param boolean if non zero, useing the operating systems builtin + * trust anchors. + * + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + void hx509_verify_ctx_f_allow_default_trustanchors(hx509_verify_ctx ctx, int boolean) { @@ -512,6 +688,15 @@ add_to_list(hx509_octet_string_list *list, const heim_octet_string *entry) return 0; } +/** + * Free a list of octet strings returned by another hx509 library + * function. + * + * @param list list to be freed. + * + * @ingroup hx509_misc + */ + void hx509_free_octet_string_list(hx509_octet_string_list *list) { @@ -523,8 +708,26 @@ hx509_free_octet_string_list(hx509_octet_string_list *list) list->len = 0; } +/** + * Return a list of subjectAltNames specified by oid in the + * certificate. On error the + * + * The returned list of octet string should be freed with + * hx509_free_octet_string_list(). + * + * @param context A hx509 context. + * @param cert a hx509 certificate object. + * @param oid an oid to for SubjectAltName. + * @param list list of matching SubjectAltName. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + int -hx509_cert_find_subjectAltName_otherName(hx509_cert cert, +hx509_cert_find_subjectAltName_otherName(hx509_context context, + hx509_cert cert, const heim_oid *oid, hx509_octet_string_list *list) { @@ -541,9 +744,11 @@ hx509_cert_find_subjectAltName_otherName(hx509_cert cert, if (ret == HX509_EXTENSION_NOT_FOUND) { ret = 0; break; - } else if (ret != 0) - break; - + } else if (ret != 0) { + hx509_set_error_string(context, 0, ret, "Error searching for SAN"); + hx509_free_octet_string_list(list); + return ret; + } for (j = 0; j < sa.len; j++) { if (sa.val[j].element == choice_GeneralName_otherName && @@ -551,6 +756,10 @@ hx509_cert_find_subjectAltName_otherName(hx509_cert cert, { ret = add_to_list(list, &sa.val[j].u.otherName.value); if (ret) { + hx509_set_error_string(context, 0, ret, + "Error adding an exra SAN to " + "return list"); + hx509_free_octet_string_list(list); free_GeneralNames(&sa); return ret; } @@ -558,7 +767,7 @@ hx509_cert_find_subjectAltName_otherName(hx509_cert cert, } free_GeneralNames(&sa); } - return ret; + return 0; } @@ -605,6 +814,12 @@ check_key_usage(hx509_context context, const Certificate *cert, return 0; } +/* + * Return 0 on matching key usage 'flags' for 'cert', otherwise return + * an error code. If 'req_present' the existance is required of the + * KeyUsage extension. + */ + int _hx509_check_key_usage(hx509_context context, hx509_cert cert, unsigned flags, int req_present) @@ -678,10 +893,13 @@ _hx509_cert_is_parent_cmp(const Certificate *subject, int diff; AuthorityKeyIdentifier ai; SubjectKeyIdentifier si; - int ret_ai, ret_si; + int ret_ai, ret_si, ret; - diff = _hx509_name_cmp(&issuer->tbsCertificate.subject, - &subject->tbsCertificate.issuer); + ret = _hx509_name_cmp(&issuer->tbsCertificate.subject, + &subject->tbsCertificate.issuer, + &diff); + if (ret) + return ret; if (diff) return diff; @@ -689,7 +907,7 @@ _hx509_cert_is_parent_cmp(const Certificate *subject, memset(&si, 0, sizeof(si)); /* - * Try to find AuthorityKeyIdentifier, if its not present in the + * Try to find AuthorityKeyIdentifier, if it's not present in the * subject certificate nor the parent. */ @@ -736,8 +954,11 @@ _hx509_cert_is_parent_cmp(const Certificate *subject, name.u.rdnSequence = ai.authorityCertIssuer->val[0].u.directoryName.u.rdnSequence; - diff = _hx509_name_cmp(&issuer->tbsCertificate.subject, - &name); + ret = _hx509_name_cmp(&issuer->tbsCertificate.subject, + &name, + &diff); + if (ret) + return ret; if (diff) return diff; diff = 0; @@ -776,13 +997,22 @@ certificate_is_anchor(hx509_context context, } static int -certificate_is_self_signed(const Certificate *cert) -{ - return _hx509_cert_is_parent_cmp(cert, cert, 1) == 0; +certificate_is_self_signed(hx509_context context, + const Certificate *cert, + int *self_signed) +{ + int ret, diff; + ret = _hx509_name_cmp(&cert->tbsCertificate.subject, + &cert->tbsCertificate.issuer, &diff); + *self_signed = (diff == 0); + if (ret) + hx509_set_error_string(context, 0, ret, + "Failed to check if self signed"); + return ret; } /* - * The subjectName is "null" when its empty set of relative DBs. + * The subjectName is "null" when it's empty set of relative DBs. */ static int @@ -1032,9 +1262,9 @@ _hx509_calculate_path(hx509_context context, return 0; } -static int -AlgorithmIdentifier_cmp(const AlgorithmIdentifier *p, - const AlgorithmIdentifier *q) +int +_hx509_AlgorithmIdentifier_cmp(const AlgorithmIdentifier *p, + const AlgorithmIdentifier *q) { int diff; diff = der_heim_oid_cmp(&p->algorithm, &q->algorithm); @@ -1061,8 +1291,8 @@ _hx509_Certificate_cmp(const Certificate *p, const Certificate *q) diff = der_heim_bit_string_cmp(&p->signatureValue, &q->signatureValue); if (diff) return diff; - diff = AlgorithmIdentifier_cmp(&p->signatureAlgorithm, - &q->signatureAlgorithm); + diff = _hx509_AlgorithmIdentifier_cmp(&p->signatureAlgorithm, + &q->signatureAlgorithm); if (diff) return diff; diff = der_heim_octet_string_cmp(&p->tbsCertificate._save, @@ -1070,24 +1300,77 @@ _hx509_Certificate_cmp(const Certificate *p, const Certificate *q) return diff; } +/** + * Compare to hx509 certificate object, useful for sorting. + * + * @param p a hx509 certificate object. + * @param q a hx509 certificate object. + * + * @return 0 the objects are the same, returns > 0 is p is "larger" + * then q, < 0 if p is "smaller" then q. + * + * @ingroup hx509_cert + */ + int hx509_cert_cmp(hx509_cert p, hx509_cert q) { return _hx509_Certificate_cmp(p->data, q->data); } +/** + * Return the name of the issuer of the hx509 certificate. + * + * @param p a hx509 certificate object. + * @param name a pointer to a hx509 name, should be freed by + * hx509_name_free(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + int hx509_cert_get_issuer(hx509_cert p, hx509_name *name) { return _hx509_name_from_Name(&p->data->tbsCertificate.issuer, name); } +/** + * Return the name of the subject of the hx509 certificate. + * + * @param p a hx509 certificate object. + * @param name a pointer to a hx509 name, should be freed by + * hx509_name_free(). See also hx509_cert_get_base_subject(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + int hx509_cert_get_subject(hx509_cert p, hx509_name *name) { return _hx509_name_from_Name(&p->data->tbsCertificate.subject, name); } +/** + * Return the name of the base subject of the hx509 certificate. If + * the certiicate is a verified proxy certificate, the this function + * return the base certificate (root of the proxy chain). If the proxy + * certificate is not verified with the base certificate + * HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED is returned. + * + * @param context a hx509 context. + * @param c a hx509 certificate object. + * @param name a pointer to a hx509 name, should be freed by + * hx509_name_free(). See also hx509_cert_get_subject(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + int hx509_cert_get_base_subject(hx509_context context, hx509_cert c, hx509_name *name) @@ -1104,37 +1387,120 @@ hx509_cert_get_base_subject(hx509_context context, hx509_cert c, return _hx509_name_from_Name(&c->data->tbsCertificate.subject, name); } +/** + * Get serial number of the certificate. + * + * @param p a hx509 certificate object. + * @param i serial number, should be freed ith der_free_heim_integer(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + int hx509_cert_get_serialnumber(hx509_cert p, heim_integer *i) { return der_copy_heim_integer(&p->data->tbsCertificate.serialNumber, i); } +/** + * Get notBefore time of the certificate. + * + * @param p a hx509 certificate object. + * + * @return return not before time + * + * @ingroup hx509_cert + */ + time_t hx509_cert_get_notBefore(hx509_cert p) { return _hx509_Time2time_t(&p->data->tbsCertificate.validity.notBefore); } +/** + * Get notAfter time of the certificate. + * + * @param p a hx509 certificate object. + * + * @return return not after time. + * + * @ingroup hx509_cert + */ + time_t hx509_cert_get_notAfter(hx509_cert p) { return _hx509_Time2time_t(&p->data->tbsCertificate.validity.notAfter); } +/** + * Get the SubjectPublicKeyInfo structure from the hx509 certificate. + * + * @param context a hx509 context. + * @param p a hx509 certificate object. + * @param spki SubjectPublicKeyInfo, should be freed with + * free_SubjectPublicKeyInfo(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_cert_get_SPKI(hx509_context context, hx509_cert p, SubjectPublicKeyInfo *spki) +{ + int ret; + + ret = copy_SubjectPublicKeyInfo(&p->data->tbsCertificate.subjectPublicKeyInfo, spki); + if (ret) + hx509_set_error_string(context, 0, ret, "Failed to copy SPKI"); + return ret; +} + +/** + * Get the AlgorithmIdentifier from the hx509 certificate. + * + * @param context a hx509 context. + * @param p a hx509 certificate object. + * @param alg AlgorithmIdentifier, should be freed with + * free_AlgorithmIdentifier(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + int -hx509_cert_get_SPKI(hx509_cert p, SubjectPublicKeyInfo *spki) +hx509_cert_get_SPKI_AlgorithmIdentifier(hx509_context context, + hx509_cert p, + AlgorithmIdentifier *alg) { - return copy_SubjectPublicKeyInfo(&p->data->tbsCertificate.subjectPublicKeyInfo, - spki); + int ret; + + ret = copy_AlgorithmIdentifier(&p->data->tbsCertificate.subjectPublicKeyInfo.algorithm, alg); + if (ret) + hx509_set_error_string(context, 0, ret, + "Failed to copy SPKI AlgorithmIdentifier"); + return ret; } + hx509_private_key _hx509_cert_private_key(hx509_cert p) { return p->private_key; } +int +hx509_cert_have_private_key(hx509_cert p) +{ + return p->private_key ? 1 : 0; +} + + int _hx509_cert_private_key_exportable(hx509_cert p) { @@ -1253,9 +1619,14 @@ match_RDN(const RelativeDistinguishedName *c, return HX509_NAME_CONSTRAINT_ERROR; for (i = 0; i < n->len; i++) { + int diff, ret; + if (der_heim_oid_cmp(&c->val[i].type, &n->val[i].type) != 0) return HX509_NAME_CONSTRAINT_ERROR; - if (_hx509_name_ds_cmp(&c->val[i].value, &n->val[i].value) != 0) + ret = _hx509_name_ds_cmp(&c->val[i].value, &n->val[i].value, &diff); + if (ret) + return ret; + if (diff != 0) return HX509_NAME_CONSTRAINT_ERROR; } return 0; @@ -1316,7 +1687,7 @@ match_general_name(const GeneralName *c, const GeneralName *n, int *match) return HX509_NAME_CONSTRAINT_ERROR; if (strcasecmp(s + 1 + len2 - len1, c->u.rfc822Name) != 0) return HX509_NAME_CONSTRAINT_ERROR; - if (len1 < len2 && s[len2 - len1] != '.') + if (len1 < len2 && s[len2 - len1 + 1] != '.') return HX509_NAME_CONSTRAINT_ERROR; } *match = 1; @@ -1387,7 +1758,6 @@ match_alt_name(const GeneralName *n, const Certificate *c, } free_GeneralNames(&sa); } while (1); - return ret; } @@ -1457,7 +1827,10 @@ check_name_constraints(hx509_context context, } /* allow null subjectNames, they wont matches anything */ if (match == 0 && !subject_null_p(c)) { - hx509_clear_error_string(context); + hx509_set_error_string(context, 0, HX509_VERIFY_CONSTRAINTS, + "Error verify constraints, " + "certificate didn't match any " + "permitted subtree"); return HX509_VERIFY_CONSTRAINTS; } } @@ -1469,7 +1842,10 @@ check_name_constraints(hx509_context context, return ret; } if (match) { - hx509_clear_error_string(context); + hx509_set_error_string(context, 0, HX509_VERIFY_CONSTRAINTS, + "Error verify constraints, " + "certificate included in excluded " + "subtree"); return HX509_VERIFY_CONSTRAINTS; } } @@ -1487,6 +1863,21 @@ free_name_constraints(hx509_name_constraints *nc) free(nc->val); } +/** + * Build and verify the path for the certificate to the trust anchor + * specified in the verify context. The path is constructed from the + * certificate, the pool and the trust anchors. + * + * @param context A hx509 context. + * @param ctx A hx509 verification context. + * @param cert the certificate to build the path from. + * @param pool A keyset of certificates to build the chain from. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_verify + */ + int hx509_verify_path(hx509_context context, hx509_verify_ctx ctx, @@ -1495,10 +1886,7 @@ hx509_verify_path(hx509_context context, { hx509_name_constraints nc; hx509_path path; -#if 0 - const AlgorithmIdentifier *alg_id; -#endif - int ret, i, proxy_cert_depth; + int ret, i, proxy_cert_depth, selfsigned_depth, diff; enum certtype type; Name proxy_issuer; hx509_certs anchors = NULL; @@ -1538,10 +1926,6 @@ hx509_verify_path(hx509_context context, if (ret) goto out; -#if 0 - alg_id = path.val[path->len - 1]->data->tbsCertificate.signature; -#endif - /* * Check CA and proxy certificate chain from the top of the * certificate chain. Also check certificate is valid with respect @@ -1550,6 +1934,7 @@ hx509_verify_path(hx509_context context, */ proxy_cert_depth = 0; + selfsigned_depth = 0; if (ctx->flags & HX509_VERIFY_CTX_F_ALLOW_PROXY_CERTIFICATE) type = PROXY_CERT; @@ -1570,6 +1955,7 @@ hx509_verify_path(hx509_context context, switch (type) { case CA_CERT: + /* XXX make constants for keyusage */ ret = check_key_usage(context, c, 1 << 5, REQUIRE_RFC3280(ctx) ? TRUE : FALSE); @@ -1578,6 +1964,18 @@ hx509_verify_path(hx509_context context, "Key usage missing from CA certificate"); goto out; } + + /* self signed cert doesn't add to path length */ + if (i + 1 != path.len) { + int selfsigned; + + ret = certificate_is_self_signed(context, c, &selfsigned); + if (ret) + goto out; + if (selfsigned) + selfsigned_depth++; + } + break; case PROXY_CERT: { ProxyCertInfo info; @@ -1624,8 +2022,12 @@ hx509_verify_path(hx509_context context, */ if (proxy_cert_depth) { - ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.subject); + ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.subject, &diff); if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + if (diff) { ret = HX509_PROXY_CERT_NAME_WRONG; hx509_set_error_string(context, 0, ret, "Base proxy name not right"); @@ -1658,8 +2060,12 @@ hx509_verify_path(hx509_context context, free_RelativeDistinguishedName(&proxy_issuer.u.rdnSequence.val[j - 1]); proxy_issuer.u.rdnSequence.len -= 1; - ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.issuer); - if (ret != 0) { + ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.issuer, &diff); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + if (diff != 0) { ret = HX509_PROXY_CERT_NAME_WRONG; hx509_set_error_string(context, 0, ret, "Proxy issuer name not as expected"); @@ -1685,9 +2091,13 @@ hx509_verify_path(hx509_context context, */ if (proxy_cert_depth) { - ret = _hx509_name_cmp(&proxy_issuer, - &c->tbsCertificate.subject); + ret = _hx509_name_cmp(&proxy_issuer, + &c->tbsCertificate.subject, &diff); if (ret) { + hx509_set_error_string(context, 0, ret, "out of memory"); + goto out; + } + if (diff) { ret = HX509_PROXY_CERT_NAME_WRONG; hx509_clear_error_string(context); goto out; @@ -1705,7 +2115,8 @@ hx509_verify_path(hx509_context context, break; } - ret = check_basic_constraints(context, c, type, i - proxy_cert_depth); + ret = check_basic_constraints(context, c, type, + i - proxy_cert_depth - selfsigned_depth); if (ret) goto out; @@ -1742,22 +2153,16 @@ hx509_verify_path(hx509_context context, for (ret = 0, i = path.len - 1; i >= 0; i--) { Certificate *c; + int selfsigned; c = _hx509_get_cert(path.val[i]); -#if 0 - /* check that algorithm and parameters is the same */ - /* XXX this is wrong */ - ret = alg_cmp(&c->tbsCertificate.signature, alg_id); - if (ret) { - hx509_clear_error_string(context); - ret = HX509_PATH_ALGORITHM_CHANGED; + ret = certificate_is_self_signed(context, c, &selfsigned); + if (ret) goto out; - } -#endif /* verify name constraints, not for selfsigned and anchor */ - if (!certificate_is_self_signed(c) || i == path.len - 1) { + if (!selfsigned || i + 1 != path.len) { ret = check_name_constraints(context, &nc, c); if (ret) { goto out; @@ -1813,12 +2218,6 @@ hx509_verify_path(hx509_context context, hx509_certs_free(&certs); } -#if 0 - for (i = path.len - 1; i >= 0; i--) { - _hx509_print_cert_subject(path.val[i]); - } -#endif - /* * Verify signatures, do this backward so public key working * parameter is passed up from the anchor up though the chain. @@ -1830,11 +2229,17 @@ hx509_verify_path(hx509_context context, c = _hx509_get_cert(path.val[i]); /* is last in chain (trust anchor) */ - if (i == path.len - 1) { + if (i + 1 == path.len) { + int selfsigned; + signer = path.val[i]->data; + ret = certificate_is_self_signed(context, signer, &selfsigned); + if (ret) + goto out; + /* if trust anchor is not self signed, don't check sig */ - if (!certificate_is_self_signed(signer)) + if (!selfsigned) continue; } else { /* take next certificate in chain */ @@ -1863,6 +2268,20 @@ out: return ret; } +/** + * Verify a signature made using the private key of an certificate. + * + * @param context A hx509 context. + * @param signer the certificate that made the signature. + * @param alg algorthm that was used to sign the data. + * @param data the data that was signed. + * @param sig the sigature to verify. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_crypto + */ + int hx509_verify_signature(hx509_context context, const hx509_cert signer, @@ -1873,7 +2292,26 @@ hx509_verify_signature(hx509_context context, return _hx509_verify_signature(context, signer->data, alg, data, sig); } -#define HX509_VHN_F_ALLOW_NO_MATCH 1 + +/** + * Verify that the certificate is allowed to be used for the hostname + * and address. + * + * @param context A hx509 context. + * @param cert the certificate to match with + * @param flags Flags to modify the behavior: + * - HX509_VHN_F_ALLOW_NO_MATCH no match is ok + * @param type type of hostname: + * - HX509_HN_HOSTNAME for plain hostname. + * - HX509_HN_DNSSRV for DNS SRV names. + * @param hostname the hostname to check + * @param sa address of the host + * @param sa_size length of address + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ int hx509_verify_hostname(hx509_context context, @@ -1984,6 +2422,19 @@ _hx509_set_cert_attribute(hx509_context context, return 0; } +/** + * Get an external attribute for the certificate, examples are + * friendly name and id. + * + * @param cert hx509 certificate object to search + * @param oid an oid to search for. + * + * @return an hx509_cert_attribute, only valid as long as the + * certificate is referenced. + * + * @ingroup hx509_cert + */ + hx509_cert_attribute hx509_cert_get_attribute(hx509_cert cert, const heim_oid *oid) { @@ -1994,6 +2445,17 @@ hx509_cert_get_attribute(hx509_cert cert, const heim_oid *oid) return NULL; } +/** + * Set the friendly name on the certificate. + * + * @param cert The certificate to set the friendly name on + * @param name Friendly name. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + int hx509_cert_set_friendly_name(hx509_cert cert, const char *name) { @@ -2005,6 +2467,16 @@ hx509_cert_set_friendly_name(hx509_cert cert, const char *name) return 0; } +/** + * Get friendly name of the certificate. + * + * @param cert cert to get the friendly name from. + * + * @return an friendly name or NULL if there is. The friendly name is + * only valid as long as the certificate is referenced. + * + * @ingroup hx509_cert + */ const char * hx509_cert_get_friendly_name(hx509_cert cert) @@ -2056,6 +2528,17 @@ _hx509_query_clear(hx509_query *q) memset(q, 0, sizeof(*q)); } +/** + * Allocate an query controller. Free using hx509_query_free(). + * + * @param context A hx509 context. + * @param q return pointer to a hx509_query. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + int hx509_query_alloc(hx509_context context, hx509_query **q) { @@ -2065,6 +2548,17 @@ hx509_query_alloc(hx509_context context, hx509_query **q) return 0; } +/** + * Set match options for the hx509 query controller. + * + * @param q query controller. + * @param option options to control the query controller. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + void hx509_query_match_option(hx509_query *q, hx509_query_option option) { @@ -2087,6 +2581,19 @@ hx509_query_match_option(hx509_query *q, hx509_query_option option) } } +/** + * Set the issuer and serial number of match in the query + * controller. The function make copies of the isser and serial number. + * + * @param q a hx509 query controller + * @param issuer issuer to search for + * @param serialNumber the serialNumber of the issuer. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + int hx509_query_match_issuer_serial(hx509_query *q, const Name *issuer, @@ -2123,6 +2630,16 @@ hx509_query_match_issuer_serial(hx509_query *q, return 0; } +/** + * Set the query controller to match on a friendly name + * + * @param q a hx509 query controller. + * @param name a friendly name to match on + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ int hx509_query_match_friendly_name(hx509_query *q, const char *name) @@ -2136,6 +2653,63 @@ hx509_query_match_friendly_name(hx509_query *q, const char *name) return 0; } +/** + * Set the query controller to require an one specific EKU (extended + * key usage). Any previous EKU matching is overwitten. If NULL is + * passed in as the eku, the EKU requirement is reset. + * + * @param q a hx509 query controller. + * @param eku an EKU to match on. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_query_match_eku(hx509_query *q, const heim_oid *eku) +{ + int ret; + + if (eku == NULL) { + if (q->eku) { + der_free_oid(q->eku); + free(q->eku); + q->eku = NULL; + } + q->match &= ~HX509_QUERY_MATCH_EKU; + } else { + if (q->eku) { + der_free_oid(q->eku); + } else { + q->eku = calloc(1, sizeof(*q->eku)); + if (q->eku == NULL) + return ENOMEM; + } + ret = der_copy_oid(eku, q->eku); + if (ret) { + free(q->eku); + q->eku = NULL; + return ret; + } + q->match |= HX509_QUERY_MATCH_EKU; + } + return 0; +} + +/** + * Set the query controller to match using a specific match function. + * + * @param q a hx509 query controller. + * @param func function to use for matching, if the argument is NULL, + * the match function is removed. + * @param ctx context passed to the function. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + int hx509_query_match_cmp_func(hx509_query *q, int (*func)(void *, hx509_cert), @@ -2150,24 +2724,36 @@ hx509_query_match_cmp_func(hx509_query *q, return 0; } +/** + * Free the query controller. + * + * @param context A hx509 context. + * @param q a pointer to the query controller. + * + * @ingroup hx509_cert + */ void hx509_query_free(hx509_context context, hx509_query *q) { + if (q == NULL) + return; + if (q->serial) { der_free_heim_integer(q->serial); free(q->serial); - q->serial = NULL; } if (q->issuer_name) { free_Name(q->issuer_name); free(q->issuer_name); - q->issuer_name = NULL; } - if (q) { - free(q->friendlyname); - memset(q, 0, sizeof(*q)); + if (q->eku) { + der_free_oid(q->eku); + free(q->eku); } + if (q->friendlyname) + free(q->friendlyname); + memset(q, 0, sizeof(*q)); free(q); } @@ -2175,6 +2761,7 @@ int _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert cert) { Certificate *c = _hx509_get_cert(cert); + int ret, diff; _hx509_query_statistic(context, 1, q); @@ -2190,17 +2777,20 @@ _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert && der_heim_integer_cmp(&c->tbsCertificate.serialNumber, q->serial) != 0) return 0; - if ((q->match & HX509_QUERY_MATCH_ISSUER_NAME) - && _hx509_name_cmp(&c->tbsCertificate.issuer, q->issuer_name) != 0) - return 0; + if (q->match & HX509_QUERY_MATCH_ISSUER_NAME) { + ret = _hx509_name_cmp(&c->tbsCertificate.issuer, q->issuer_name, &diff); + if (ret || diff) + return 0; + } - if ((q->match & HX509_QUERY_MATCH_SUBJECT_NAME) - && _hx509_name_cmp(&c->tbsCertificate.subject, q->subject_name) != 0) - return 0; + if (q->match & HX509_QUERY_MATCH_SUBJECT_NAME) { + ret = _hx509_name_cmp(&c->tbsCertificate.subject, q->subject_name, &diff); + if (ret || diff) + return 0; + } if (q->match & HX509_QUERY_MATCH_SUBJECT_KEY_ID) { SubjectKeyIdentifier si; - int ret; ret = _hx509_find_extension_subject_key_id(c, &si); if (ret == 0) { @@ -2264,14 +2854,13 @@ _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert return 0; } if (q->match & HX509_QUERY_MATCH_FUNCTION) { - int ret = (*q->cmp_func)(q->cmp_func_ctx, cert); + ret = (*q->cmp_func)(q->cmp_func_ctx, cert); if (ret != 0) return 0; } if (q->match & HX509_QUERY_MATCH_KEY_HASH_SHA1) { heim_octet_string os; - int ret; os.data = c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data; os.length = @@ -2296,12 +2885,26 @@ _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert return 0; } + /* If an EKU is required, check the cert for it. */ + if ((q->match & HX509_QUERY_MATCH_EKU) && + hx509_cert_check_eku(context, cert, q->eku, 0)) + return 0; + if (q->match & ~HX509_QUERY_MASK) return 0; return 1; } +/** + * Set a statistic file for the query statistics. + * + * @param context A hx509 context. + * @param fn statistics file name + * + * @ingroup hx509_cert + */ + void hx509_query_statistic_file(hx509_context context, const char *fn) { @@ -2362,6 +2965,16 @@ stat_sort(const void *a, const void *b) return be->stats - ae->stats; } +/** + * Unparse the statistics file and print the result on a FILE descriptor. + * + * @param context A hx509 context. + * @param printtype tyep to print + * @param out the FILE to write the data on. + * + * @ingroup hx509_cert + */ + void hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out) { @@ -2435,6 +3048,20 @@ hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out) multiqueries, totalqueries); } +/** + * Check the extended key usage on the hx509 certificate. + * + * @param context A hx509 context. + * @param cert A hx509 context. + * @param eku the EKU to check for + * @param allow_any_eku if the any EKU is set, allow that to be a + * substitute. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + int hx509_cert_check_eku(hx509_context context, hx509_cert cert, const heim_oid *eku, int allow_any_eku) @@ -2511,6 +3138,19 @@ _hx509_cert_get_eku(hx509_context context, return 0; } +/** + * Encodes the hx509 certificate as a DER encode binary. + * + * @param context A hx509 context. + * @param c the certificate to encode. + * @param os the encode certificate, set to NULL, 0 on case of + * error. Free the returned structure with hx509_xfree(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + int hx509_cert_binary(hx509_context context, hx509_cert c, heim_octet_string *os) { @@ -2522,8 +3162,11 @@ hx509_cert_binary(hx509_context context, hx509_cert c, heim_octet_string *os) ASN1_MALLOC_ENCODE(Certificate, os->data, os->length, _hx509_get_cert(c), &size, ret); - if (ret) + if (ret) { + os->data = NULL; + os->length = 0; return ret; + } if (os->length != size) _hx509_abort("internal ASN.1 encoder error"); @@ -2550,3 +3193,16 @@ _hx509_abort(const char *fmt, ...) abort(); } +/** + * Free a data element allocated in the library. + * + * @param ptr data to be freed. + * + * @ingroup hx509_misc + */ + +void +hx509_xfree(void *ptr) +{ + free(ptr); +} diff --git a/source4/heimdal/lib/hx509/cms.c b/source4/heimdal/lib/hx509/cms.c index 30f364060d..80bcaac6c9 100644 --- a/source4/heimdal/lib/hx509/cms.c +++ b/source4/heimdal/lib/hx509/cms.c @@ -32,11 +32,46 @@ */ #include "hx_locl.h" -RCSID("$Id: cms.c 21319 2007-06-25 19:46:52Z lha $"); +RCSID("$Id: cms.c 22327 2007-12-15 04:49:37Z lha $"); + +/** + * @page page_cms CMS/PKCS7 message functions. + * + * CMS is defined in RFC 3369 and is an continuation of the RSA Labs + * standard PKCS7. The basic messages in CMS is + * + * - SignedData + * Data signed with private key (RSA, DSA, ECDSA) or secret + * (symmetric) key + * - EnvelopedData + * Data encrypted with private key (RSA) + * - EncryptedData + * Data encrypted with secret (symmetric) key. + * - ContentInfo + * Wrapper structure including type and data. + * + * + * See the library functions here: @ref hx509_cms + */ #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0) +/** + * Wrap data and oid in a ContentInfo and encode it. + * + * @param oid type of the content. + * @param buf data to be wrapped. If a NULL pointer is passed in, the + * optional content field in the ContentInfo is not going be filled + * in. + * @param res the encoded buffer, the result should be freed with + * der_free_octet_string(). + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_cms + */ + int hx509_cms_wrap_ContentInfo(const heim_oid *oid, const heim_octet_string *buf, @@ -52,18 +87,20 @@ hx509_cms_wrap_ContentInfo(const heim_oid *oid, ret = der_copy_oid(oid, &ci.contentType); if (ret) return ret; - ALLOC(ci.content, 1); - if (ci.content == NULL) { - free_ContentInfo(&ci); - return ENOMEM; - } - ci.content->data = malloc(buf->length); - if (ci.content->data == NULL) { - free_ContentInfo(&ci); - return ENOMEM; + if (buf) { + ALLOC(ci.content, 1); + if (ci.content == NULL) { + free_ContentInfo(&ci); + return ENOMEM; + } + ci.content->data = malloc(buf->length); + if (ci.content->data == NULL) { + free_ContentInfo(&ci); + return ENOMEM; + } + memcpy(ci.content->data, buf->data, buf->length); + ci.content->length = buf->length; } - memcpy(ci.content->data, buf->data, buf->length); - ci.content->length = buf->length; ASN1_MALLOC_ENCODE(ContentInfo, res->data, res->length, &ci, &size, ret); free_ContentInfo(&ci); @@ -75,6 +112,20 @@ hx509_cms_wrap_ContentInfo(const heim_oid *oid, return 0; } +/** + * Decode an ContentInfo and unwrap data and oid it. + * + * @param in the encoded buffer. + * @param oid type of the content. + * @param out data to be wrapped. + * @param have_data since the data is optional, this flags show dthe + * diffrence between no data and the zero length data. + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_cms + */ + int hx509_cms_unwrap_ContentInfo(const heim_octet_string *in, heim_oid *oid, @@ -267,6 +318,27 @@ find_CMSIdentifier(hx509_context context, return 0; } +/** + * Decode and unencrypt EnvelopedData. + * + * Extract data and parameteres from from the EnvelopedData. Also + * supports using detached EnvelopedData. + * + * @param context A hx509 context. + * @param certs Certificate that can decrypt the EnvelopedData + * encryption key. + * @param flags HX509_CMS_UE flags to control the behavior. + * @param data pointer the structure the contains the DER/BER encoded + * EnvelopedData stucture. + * @param length length of the data that data point to. + * @param encryptedContent in case of detached signature, this + * contains the actual encrypted data, othersize its should be NULL. + * @param contentType output type oid, should be freed with der_free_oid(). + * @param content the data, free with der_free_octet_string(). + * + * @ingroup hx509_cms + */ + int hx509_cms_unenvelope(hx509_context context, hx509_certs certs, @@ -335,11 +407,6 @@ hx509_cms_unenvelope(hx509_context context, ri = &ed.recipientInfos.val[i]; - /* ret = search_keyset(ri, - * PRIVATE_KEY, - * ki->keyEncryptionAlgorithm.algorithm); - */ - ret = find_CMSIdentifier(context, &ri->rid, certs, &cert, HX509_QUERY_PRIVATE_KEY|findflags); if (ret) @@ -444,6 +511,29 @@ out: return ret; } +/** + * Encrypt end encode EnvelopedData. + * + * Encrypt and encode EnvelopedData. The data is encrypted with a + * random key and the the random key is encrypted with the + * certificates private key. This limits what private key type can be + * used to RSA. + * + * @param context A hx509 context. + * @param flags flags to control the behavior, no flags today + * @param cert Certificate to encrypt the EnvelopedData encryption key + * with. + * @param data pointer the data to encrypt. + * @param length length of the data that data point to. + * @param encryption_type Encryption cipher to use for the bulk data, + * use NULL to get default. + * @param contentType type of the data that is encrypted + * @param content the output of the function, + * free with der_free_octet_string(). + * + * @ingroup hx509_cms + */ + int hx509_cms_envelope_1(hx509_context context, int flags, @@ -637,13 +727,31 @@ find_attribute(const CMSAttributes *attr, const heim_oid *oid) return NULL; } +/** + * Decode SignedData and verify that the signature is correct. + * + * @param context A hx509 context. + * @param ctx a hx509 version context + * @param data + * @param length length of the data that data point to. + * @param signedContent + * @param pool certificate pool to build certificates paths. + * @param contentType free with der_free_oid() + * @param content the output of the function, free with + * der_free_octet_string(). + * @param signer_certs list of the cerficates used to sign this + * request, free with hx509_certs_free(). + * + * @ingroup hx509_cms + */ + int hx509_cms_verify_signed(hx509_context context, hx509_verify_ctx ctx, const void *data, size_t length, const heim_octet_string *signedContent, - hx509_certs store, + hx509_certs pool, heim_oid *contentType, heim_octet_string *content, hx509_certs *signer_certs) @@ -701,8 +809,8 @@ hx509_cms_verify_signed(hx509_context context, if (ret) goto out; - if (store) { - ret = hx509_certs_merge(context, certs, store); + if (pool) { + ret = hx509_certs_merge(context, certs, pool); if (ret) goto out; } @@ -946,6 +1054,29 @@ add_one_attribute(Attribute **attr, return 0; } +/** + * Decode SignedData and verify that the signature is correct. + * + * @param context A hx509 context. + * @param flags + * @param eContentType the type of the data. + * @param data data to sign + * @param length length of the data that data point to. + * @param digest_alg digest algorithm to use, use NULL to get the + * default or the peer determined algorithm. + * @param cert certificate to use for sign the data. + * @param peer info about the peer the message to send the message to, + * like what digest algorithm to use. + * @param anchors trust anchors that the client will use, used to + * polulate the certificates included in the message + * @param pool certificates to use in try to build the path to the + * trust anchors. + * @param signed_data the output of the function, free with + * der_free_octet_string(). + * + * @ingroup hx509_cms + */ + int hx509_cms_create_signed_1(hx509_context context, int flags, @@ -1050,7 +1181,7 @@ hx509_cms_create_signed_1(hx509_context context, } /* - * If its not pkcs7-data send signedAttributes + * If it isn't pkcs7-data send signedAttributes */ if (der_heim_oid_cmp(eContentType, oid_id_pkcs7_data()) != 0) { diff --git a/source4/heimdal/lib/hx509/crypto.c b/source4/heimdal/lib/hx509/crypto.c index d86300bd58..e0f00ad7b4 100644 --- a/source4/heimdal/lib/hx509/crypto.c +++ b/source4/heimdal/lib/hx509/crypto.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: crypto.c 21318 2007-06-25 19:46:32Z lha $"); +RCSID("$Id: crypto.c 22435 2008-01-14 20:53:56Z lha $"); struct hx509_crypto; @@ -64,6 +64,7 @@ struct hx509_private_key_ops { int (*generate_private_key)(hx509_context, struct hx509_generate_private_context *, hx509_private_key); + BIGNUM *(*get_internal)(hx509_context, hx509_private_key, const char *); int (*handle_alg)(const hx509_private_key, const AlgorithmIdentifier *, enum crypto_op_type); @@ -115,6 +116,9 @@ struct signature_alg { #define SIG_PUBLIC_SIG 0x200 #define SIG_SECRET 0x400 +#define RA_RSA_USES_DIGEST_INFO 0x1000000 + + int (*verify_signature)(hx509_context context, const struct signature_alg *, const Certificate *, @@ -248,43 +252,57 @@ rsa_verify_signature(hx509_context context, } if (retsize > tosize) _hx509_abort("internal rsa decryption failure: ret > tosize"); - ret = decode_DigestInfo(to, retsize, &di, &size); - free(to); - if (ret) { - goto out; - } - /* Check for extra data inside the sigature */ - if (size != retsize) { - ret = HX509_CRYPTO_SIG_INVALID_FORMAT; - hx509_set_error_string(context, 0, ret, "size from decryption mismatch"); - goto out; - } + if (sig_alg->flags & RA_RSA_USES_DIGEST_INFO) { - if (sig_alg->digest_oid && - der_heim_oid_cmp(&di.digestAlgorithm.algorithm, - (*sig_alg->digest_oid)()) != 0) - { - ret = HX509_CRYPTO_OID_MISMATCH; - hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch"); - goto out; - } + ret = decode_DigestInfo(to, retsize, &di, &size); + free(to); + if (ret) { + goto out; + } + + /* Check for extra data inside the sigature */ + if (size != retsize) { + ret = HX509_CRYPTO_SIG_INVALID_FORMAT; + hx509_set_error_string(context, 0, ret, "size from decryption mismatch"); + goto out; + } + + if (sig_alg->digest_oid && + der_heim_oid_cmp(&di.digestAlgorithm.algorithm, + (*sig_alg->digest_oid)()) != 0) + { + ret = HX509_CRYPTO_OID_MISMATCH; + hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch"); + goto out; + } + + /* verify that the parameters are NULL or the NULL-type */ + if (di.digestAlgorithm.parameters != NULL && + (di.digestAlgorithm.parameters->length != 2 || + memcmp(di.digestAlgorithm.parameters->data, "\x05\x00", 2) != 0)) + { + ret = HX509_CRYPTO_SIG_INVALID_FORMAT; + hx509_set_error_string(context, 0, ret, "Extra parameters inside RSA signature"); + goto out; + } - /* verify that the parameters are NULL or the NULL-type */ - if (di.digestAlgorithm.parameters != NULL && - (di.digestAlgorithm.parameters->length != 2 || - memcmp(di.digestAlgorithm.parameters->data, "\x05\x00", 2) != 0)) - { - ret = HX509_CRYPTO_SIG_INVALID_FORMAT; - hx509_set_error_string(context, 0, ret, "Extra parameters inside RSA signature"); - goto out; + ret = _hx509_verify_signature(context, + NULL, + &di.digestAlgorithm, + data, + &di.digest); + } else { + if (retsize != data->length || + memcmp(to, data->data, retsize) != 0) + { + ret = HX509_CRYPTO_SIG_INVALID_FORMAT; + hx509_set_error_string(context, 0, ret, "RSA Signature incorrect"); + goto out; + } + free(to); } - ret = _hx509_verify_signature(context, - NULL, - &di.digestAlgorithm, - data, - &di.digest); out: free_DigestInfo(&di); RSA_free(rsa); @@ -303,7 +321,6 @@ rsa_create_signature(hx509_context context, const AlgorithmIdentifier *digest_alg; heim_octet_string indata; const heim_oid *sig_oid; - DigestInfo di; size_t size; int ret; @@ -324,6 +341,8 @@ rsa_create_signature(hx509_context context, digest_alg = hx509_signature_sha1(); } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_rsaEncryption()) == 0) { digest_alg = hx509_signature_sha1(); + } else if (der_heim_oid_cmp(sig_oid, oid_id_heim_rsa_pkcs1_x509()) == 0) { + digest_alg = NULL; } else return HX509_ALG_NOT_SUPP; @@ -335,29 +354,34 @@ rsa_create_signature(hx509_context context, } } - memset(&di, 0, sizeof(di)); + if (digest_alg) { + DigestInfo di; + memset(&di, 0, sizeof(di)); - ret = _hx509_create_signature(context, - NULL, - digest_alg, - data, - &di.digestAlgorithm, - &di.digest); - if (ret) - return ret; - ASN1_MALLOC_ENCODE(DigestInfo, - indata.data, - indata.length, - &di, - &size, - ret); - free_DigestInfo(&di); - if (ret) { - hx509_set_error_string(context, 0, ret, "out of memory"); - return ret; + ret = _hx509_create_signature(context, + NULL, + digest_alg, + data, + &di.digestAlgorithm, + &di.digest); + if (ret) + return ret; + ASN1_MALLOC_ENCODE(DigestInfo, + indata.data, + indata.length, + &di, + &size, + ret); + free_DigestInfo(&di); + if (ret) { + hx509_set_error_string(context, 0, ret, "out of memory"); + return ret; + } + if (indata.length != size) + _hx509_abort("internal ASN.1 encoder error"); + } else { + indata = *data; } - if (indata.length != size) - _hx509_abort("internal ASN.1 encoder error"); sig->length = RSA_size(signer->private_key.rsa); sig->data = malloc(sig->length); @@ -371,7 +395,8 @@ rsa_create_signature(hx509_context context, sig->data, signer->private_key.rsa, RSA_PKCS1_PADDING); - der_free_octet_string(&indata); + if (indata.data != data->data) + der_free_octet_string(&indata); if (ret <= 0) { ret = HX509_CMS_FAILED_CREATE_SIGATURE; hx509_set_error_string(context, 0, ret, @@ -517,6 +542,18 @@ rsa_private_key_export(hx509_context context, return 0; } +static BIGNUM * +rsa_get_internal(hx509_context context, hx509_private_key key, const char *type) +{ + if (strcasecmp(type, "rsa-modulus") == 0) { + return BN_dup(key->private_key.rsa->n); + } else if (strcasecmp(type, "rsa-exponent") == 0) { + return BN_dup(key->private_key.rsa->e); + } else + return NULL; +} + + static hx509_private_key_ops rsa_private_key_ops = { "RSA PRIVATE KEY", @@ -524,7 +561,8 @@ static hx509_private_key_ops rsa_private_key_ops = { rsa_private_key2SPKI, rsa_private_key_export, rsa_private_key_import, - rsa_generate_private_key + rsa_generate_private_key, + rsa_get_internal }; @@ -833,13 +871,24 @@ md2_verify_signature(hx509_context context, return 0; } +static const struct signature_alg heim_rsa_pkcs1_x509 = { + "rsa-pkcs1-x509", + oid_id_heim_rsa_pkcs1_x509, + hx509_signature_rsa_pkcs1_x509, + oid_id_pkcs1_rsaEncryption, + NULL, + PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, + rsa_verify_signature, + rsa_create_signature +}; + static const struct signature_alg pkcs1_rsa_sha1_alg = { "rsa", oid_id_pkcs1_rsaEncryption, hx509_signature_rsa_with_sha1, oid_id_pkcs1_rsaEncryption, NULL, - PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, rsa_verify_signature, rsa_create_signature }; @@ -850,7 +899,7 @@ static const struct signature_alg rsa_with_sha256_alg = { hx509_signature_rsa_with_sha256, oid_id_pkcs1_rsaEncryption, oid_id_sha256, - PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, rsa_verify_signature, rsa_create_signature }; @@ -861,7 +910,7 @@ static const struct signature_alg rsa_with_sha1_alg = { hx509_signature_rsa_with_sha1, oid_id_pkcs1_rsaEncryption, oid_id_secsig_sha_1, - PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, rsa_verify_signature, rsa_create_signature }; @@ -872,7 +921,7 @@ static const struct signature_alg rsa_with_md5_alg = { hx509_signature_rsa_with_md5, oid_id_pkcs1_rsaEncryption, oid_id_rsa_digest_md5, - PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, rsa_verify_signature, rsa_create_signature }; @@ -883,7 +932,7 @@ static const struct signature_alg rsa_with_md2_alg = { hx509_signature_rsa_with_md2, oid_id_pkcs1_rsaEncryption, oid_id_rsa_digest_md2, - PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, rsa_verify_signature, rsa_create_signature }; @@ -952,7 +1001,7 @@ static const struct signature_alg *sig_algs[] = { &pkcs1_rsa_sha1_alg, &rsa_with_md5_alg, &rsa_with_md2_alg, - &pkcs1_rsa_sha1_alg, + &heim_rsa_pkcs1_x509, &dsa_sha1_alg, &sha256_alg, &sha1_alg, @@ -1423,6 +1472,11 @@ const AlgorithmIdentifier _hx509_signature_rsa_data = { { 7, rk_UNCONST(rsa_oid) }, NULL }; +static const unsigned rsa_pkcs1_x509_oid[] ={ 1, 2, 752, 43, 16, 1 }; +const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data = { + { 6, rk_UNCONST(rsa_pkcs1_x509_oid) }, NULL +}; + static const unsigned des_rsdi_ede3_cbc_oid[] ={ 1, 2, 840, 113549, 3, 7 }; const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid = { { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid) }, NULL @@ -1490,6 +1544,10 @@ const AlgorithmIdentifier * hx509_signature_rsa(void) { return &_hx509_signature_rsa_data; } +const AlgorithmIdentifier * +hx509_signature_rsa_pkcs1_x509(void) +{ return &_hx509_signature_rsa_pkcs1_x509_data; } + const AlgorithmIdentifier * hx509_crypto_des_rsdi_ede3_cbc(void) { return &_hx509_des_rsdi_ede3_cbc_oid; } @@ -1597,6 +1655,16 @@ _hx509_private_key_exportable(hx509_private_key key) return 1; } +BIGNUM * +_hx509_private_key_get_internal(hx509_context context, + hx509_private_key key, + const char *type) +{ + if (key->ops->get_internal == NULL) + return NULL; + return (*key->ops->get_internal)(context, key, type); +} + int _hx509_private_key_export(hx509_context context, const hx509_private_key key, diff --git a/source4/heimdal/lib/hx509/env.c b/source4/heimdal/lib/hx509/env.c index 4cb2f9f4b1..f868c22488 100644 --- a/source4/heimdal/lib/hx509/env.c +++ b/source4/heimdal/lib/hx509/env.c @@ -32,7 +32,13 @@ */ #include "hx_locl.h" -RCSID("$Id: env.c 19878 2007-01-13 00:58:39Z lha $"); +RCSID("$Id: env.c 22349 2007-12-26 19:32:49Z lha $"); + +/** + * @page page_env Hx509 enviroment functions + * + * See the library functions here: @ref hx509_env + */ struct hx509_env { struct { @@ -42,6 +48,17 @@ struct hx509_env { size_t len; }; +/** + * Allocate a new hx509_env container object. + * + * @param context A hx509 context. + * @param env return a hx509_env structure, free with hx509_env_free(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_env + */ + int hx509_env_init(hx509_context context, hx509_env *env) { @@ -53,6 +70,19 @@ hx509_env_init(hx509_context context, hx509_env *env) return 0; } +/** + * Add a new key/value pair to the hx509_env. + * + * @param context A hx509 context. + * @param env enviroment to add the enviroment variable too. + * @param key key to add + * @param value value to add + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_env + */ + int hx509_env_add(hx509_context context, hx509_env env, const char *key, const char *value) @@ -80,6 +110,19 @@ hx509_env_add(hx509_context context, hx509_env env, return 0; } +/** + * Search the hx509_env for a key. + * + * @param context A hx509 context. + * @param env enviroment to add the enviroment variable too. + * @param key key to search for. + * @param len length of key. + * + * @return the value if the key is found, NULL otherwise. + * + * @ingroup hx509_env + */ + const char * hx509_env_lfind(hx509_context context, hx509_env env, const char *key, size_t len) @@ -94,6 +137,13 @@ hx509_env_lfind(hx509_context context, hx509_env env, return NULL; } +/** + * Free an hx509_env enviroment context. + * + * @param env the enviroment to free. + * + * @ingroup hx509_env + */ void hx509_env_free(hx509_env *env) diff --git a/source4/heimdal/lib/hx509/error.c b/source4/heimdal/lib/hx509/error.c index 9f3a014873..25119ed288 100644 --- a/source4/heimdal/lib/hx509/error.c +++ b/source4/heimdal/lib/hx509/error.c @@ -32,7 +32,13 @@ */ #include "hx_locl.h" -RCSID("$Id: error.c 20912 2007-06-05 03:53:52Z lha $"); +RCSID("$Id: error.c 22332 2007-12-17 01:03:22Z lha $"); + +/** + * @page page_error Hx509 error reporting functions + * + * See the library functions here: @ref hx509_error + */ struct hx509_error_data { hx509_error next; @@ -51,6 +57,14 @@ free_error_string(hx509_error msg) } } +/** + * Resets the error strings the hx509 context. + * + * @param context A hx509 context. + * + * @ingroup hx509_error + */ + void hx509_clear_error_string(hx509_context context) { @@ -58,6 +72,20 @@ hx509_clear_error_string(hx509_context context) context->error = NULL; } +/** + * Add an error message to the hx509 context. + * + * @param context A hx509 context. + * @param flags + * - HX509_ERROR_APPEND appends the error string to the old messages + (code is updated). + * @param code error code related to error message + * @param fmt error message format + * @param ap arguments to error message format + * + * @ingroup hx509_error + */ + void hx509_set_error_stringv(hx509_context context, int flags, int code, const char *fmt, va_list ap) @@ -86,6 +114,20 @@ hx509_set_error_stringv(hx509_context context, int flags, int code, } } +/** + * See hx509_set_error_stringv(). + * + * @param context A hx509 context. + * @param flags + * - HX509_ERROR_APPEND appends the error string to the old messages + (code is updated). + * @param code error code related to error message + * @param fmt error message format + * @param ... arguments to error message format + * + * @ingroup hx509_error + */ + void hx509_set_error_string(hx509_context context, int flags, int code, const char *fmt, ...) @@ -97,6 +139,17 @@ hx509_set_error_string(hx509_context context, int flags, int code, va_end(ap); } +/** + * Get an error string from context associated with error_code. + * + * @param context A hx509 context. + * @param error_code Get error message for this error code. + * + * @return error string, free with hx509_free_error_string(). + * + * @ingroup hx509_error + */ + char * hx509_get_error_string(hx509_context context, int error_code) { @@ -125,6 +178,32 @@ hx509_get_error_string(hx509_context context, int error_code) return rk_strpoolcollect(p); } +/** + * Free error string returned by hx509_get_error_string(). + * + * @param str error string to free. + * + * @ingroup hx509_error + */ + +void +hx509_free_error_string(char *str) +{ + free(str); +} + +/** + * Print error message and fatally exit from error code + * + * @param context A hx509 context. + * @param exit_code exit() code from process. + * @param error_code Error code for the reason to exit. + * @param fmt format string with the exit message. + * @param ... argument to format string. + * + * @ingroup hx509_error + */ + void hx509_err(hx509_context context, int exit_code, int error_code, const char *fmt, ...) diff --git a/source4/heimdal/lib/hx509/hx509-private.h b/source4/heimdal/lib/hx509/hx509-private.h index acbc3218c6..be36c07421 100644 --- a/source4/heimdal/lib/hx509/hx509-private.h +++ b/source4/heimdal/lib/hx509/hx509-private.h @@ -8,6 +8,11 @@ #define __attribute__(x) #endif +int +_hx509_AlgorithmIdentifier_cmp ( + const AlgorithmIdentifier */*p*/, + const AlgorithmIdentifier */*q*/); + int _hx509_Certificate_cmp ( const Certificate */*p*/, @@ -269,12 +274,14 @@ _hx509_match_keys ( int _hx509_name_cmp ( const Name */*n1*/, - const Name */*n2*/); + const Name */*n2*/, + int */*c*/); int _hx509_name_ds_cmp ( const DirectoryString */*ds1*/, - const DirectoryString */*ds2*/); + const DirectoryString */*ds2*/, + int */*diff*/); int _hx509_name_from_Name ( @@ -314,6 +321,14 @@ _hx509_pbe_decrypt ( const heim_octet_string */*econtent*/, heim_octet_string */*content*/); +int +_hx509_pbe_encrypt ( + hx509_context /*context*/, + hx509_lock /*lock*/, + const AlgorithmIdentifier */*ai*/, + const heim_octet_string */*content*/, + heim_octet_string */*econtent*/); + void _hx509_pi_printf ( int (*/*func*/)(void *, const char *), @@ -344,6 +359,12 @@ _hx509_private_key_exportable (hx509_private_key /*key*/); int _hx509_private_key_free (hx509_private_key */*key*/); +BIGNUM * +_hx509_private_key_get_internal ( + hx509_context /*context*/, + hx509_private_key /*key*/, + const char */*type*/); + int _hx509_private_key_init ( hx509_private_key */*key*/, @@ -414,11 +435,35 @@ _hx509_request_add_email ( void _hx509_request_free (hx509_request */*req*/); +int +_hx509_request_get_SubjectPublicKeyInfo ( + hx509_context /*context*/, + hx509_request /*req*/, + SubjectPublicKeyInfo */*key*/); + +int +_hx509_request_get_name ( + hx509_context /*context*/, + hx509_request /*req*/, + hx509_name */*name*/); + int _hx509_request_init ( hx509_context /*context*/, hx509_request */*req*/); +int +_hx509_request_parse ( + hx509_context /*context*/, + const char */*path*/, + hx509_request */*req*/); + +int +_hx509_request_print ( + hx509_context /*context*/, + hx509_request /*req*/, + FILE */*f*/); + int _hx509_request_set_SubjectPublicKeyInfo ( hx509_context /*context*/, @@ -438,6 +483,9 @@ _hx509_request_to_pkcs10 ( const hx509_private_key /*signer*/, heim_octet_string */*request*/); +hx509_revoke_ctx +_hx509_revoke_ref (hx509_revoke_ctx /*ctx*/); + int _hx509_set_cert_attribute ( hx509_context /*context*/, diff --git a/source4/heimdal/lib/hx509/hx509-protos.h b/source4/heimdal/lib/hx509/hx509-protos.h index 71fb29d59d..3e297424cc 100644 --- a/source4/heimdal/lib/hx509/hx509-protos.h +++ b/source4/heimdal/lib/hx509/hx509-protos.h @@ -183,6 +183,7 @@ hx509_cert_cmp ( int hx509_cert_find_subjectAltName_otherName ( + hx509_context /*context*/, hx509_cert /*cert*/, const heim_oid */*oid*/, hx509_octet_string_list */*list*/); @@ -192,9 +193,16 @@ hx509_cert_free (hx509_cert /*cert*/); int hx509_cert_get_SPKI ( + hx509_context /*context*/, hx509_cert /*p*/, SubjectPublicKeyInfo */*spki*/); +int +hx509_cert_get_SPKI_AlgorithmIdentifier ( + hx509_context /*context*/, + hx509_cert /*p*/, + AlgorithmIdentifier */*alg*/); + hx509_cert_attribute hx509_cert_get_attribute ( hx509_cert /*cert*/, @@ -230,6 +238,9 @@ hx509_cert_get_subject ( hx509_cert /*p*/, hx509_name */*name*/); +int +hx509_cert_have_private_key (hx509_cert /*p*/); + int hx509_cert_init ( hx509_context /*context*/, @@ -305,7 +316,7 @@ int hx509_certs_iter ( hx509_context /*context*/, hx509_certs /*certs*/, - int (*/*fn*/)(hx509_context, void *, hx509_cert), + int (*/*func*/)(hx509_context, void *, hx509_cert), void */*ctx*/); int @@ -402,7 +413,7 @@ hx509_cms_verify_signed ( const void */*data*/, size_t /*length*/, const heim_octet_string */*signedContent*/, - hx509_certs /*store*/, + hx509_certs /*pool*/, heim_oid */*contentType*/, heim_octet_string */*content*/, hx509_certs */*signer_certs*/); @@ -580,6 +591,9 @@ hx509_err ( const char */*fmt*/, ...); +void +hx509_free_error_string (char */*str*/); + void hx509_free_octet_string_list (hx509_octet_string_list */*list*/); @@ -651,6 +665,11 @@ hx509_lock_set_prompter ( hx509_prompter_fct /*prompt*/, void */*data*/); +int +hx509_name_binary ( + const hx509_name /*name*/, + heim_octet_string */*os*/); + int hx509_name_cmp ( hx509_name /*n1*/, @@ -684,12 +703,6 @@ hx509_name_to_Name ( const hx509_name /*from*/, Name */*to*/); -int -hx509_name_to_der_name ( - const hx509_name /*name*/, - void **/*data*/, - size_t */*length*/); - int hx509_name_to_string ( const hx509_name /*name*/, @@ -782,13 +795,6 @@ hx509_pem_write ( const void */*data*/, size_t /*size*/); -void -hx509_print_func ( - hx509_vprint_func /*func*/, - void */*ctx*/, - const char */*fmt*/, - ...); - void hx509_print_stdout ( void */*ctx*/, @@ -814,6 +820,11 @@ hx509_query_match_cmp_func ( int (*/*func*/)(void *, hx509_cert), void */*ctx*/); +int +hx509_query_match_eku ( + hx509_query */*q*/, + const heim_oid */*eku*/); + int hx509_query_match_friendly_name ( hx509_query */*q*/, @@ -901,6 +912,9 @@ hx509_signature_md5 (void); const AlgorithmIdentifier * hx509_signature_rsa (void); +const AlgorithmIdentifier * +hx509_signature_rsa_pkcs1_x509 (void); + const AlgorithmIdentifier * hx509_signature_rsa_with_md2 (void); @@ -1030,6 +1044,9 @@ hx509_verify_signature ( const heim_octet_string */*data*/, const heim_octet_string */*sig*/); +void +hx509_xfree (void */*ptr*/); + #ifdef __cplusplus } #endif diff --git a/source4/heimdal/lib/hx509/hx509.h b/source4/heimdal/lib/hx509/hx509.h index 2f22cedfbc..be02f63474 100644 --- a/source4/heimdal/lib/hx509/hx509.h +++ b/source4/heimdal/lib/hx509/hx509.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hx509.h 21310 2007-06-25 18:26:06Z lha $ */ +/* $Id: hx509.h 22464 2008-01-16 14:24:50Z lha $ */ typedef struct hx509_cert_attribute_data *hx509_cert_attribute; typedef struct hx509_cert_data *hx509_cert; @@ -55,6 +55,10 @@ typedef struct hx509_crl *hx509_crl; typedef void (*hx509_vprint_func)(void *, const char *, va_list); +enum { + HX509_VHN_F_ALLOW_NO_MATCH = 1 +}; + enum { HX509_VALIDATE_F_VALIDATE = 1, HX509_VALIDATE_F_VERBOSE = 2 @@ -107,6 +111,7 @@ typedef enum { /* flags to hx509_certs_init */ #define HX509_CERTS_CREATE 0x01 +#define HX509_CERTS_UNPROTECT_ALL 0x02 /* flags to hx509_set_error_string */ #define HX509_ERROR_APPEND 0x01 diff --git a/source4/heimdal/lib/hx509/hx509_err.et b/source4/heimdal/lib/hx509/hx509_err.et index 90f3b3d907..8fc5cb8f2f 100644 --- a/source4/heimdal/lib/hx509/hx509_err.et +++ b/source4/heimdal/lib/hx509/hx509_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: hx509_err.et 20807 2007-06-03 03:11:20Z lha $" +id "$Id: hx509_err.et 22329 2007-12-15 05:13:14Z lha $" error_table hx prefix HX509 @@ -72,7 +72,7 @@ prefix HX509 error_code CRL_USED_BEFORE_TIME, "CRL used before it became valid" error_code CRL_USED_AFTER_TIME, "CRL used after it became invalid" error_code CRL_INVALID_FORMAT, "CRL have invalid format" -error_code CRL_CERT_REVOKED, "Certificate is included in CRL" +error_code CERT_REVOKED, "Certificate is revoked" error_code REVOKE_STATUS_MISSING, "No revoke status found for certificates" error_code CRL_UNKNOWN_EXTENSION, "Unknown extension" error_code REVOKE_WRONG_DATA, "Got wrong CRL/OCSP data from server" diff --git a/source4/heimdal/lib/hx509/hx_locl.h b/source4/heimdal/lib/hx509/hx_locl.h index 145bfcc006..6d89167bfc 100644 --- a/source4/heimdal/lib/hx509/hx_locl.h +++ b/source4/heimdal/lib/hx509/hx_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hx_locl.h 21083 2007-06-13 02:11:19Z lha $ */ +/* $Id: hx_locl.h 22538 2008-01-27 13:05:47Z lha $ */ #ifdef HAVE_CONFIG_H #include @@ -128,7 +128,8 @@ struct hx509_query_data { #define HX509_QUERY_MATCH_FUNCTION 0x080000 #define HX509_QUERY_MATCH_KEY_HASH_SHA1 0x100000 #define HX509_QUERY_MATCH_TIME 0x200000 -#define HX509_QUERY_MASK 0x3fffff +#define HX509_QUERY_MATCH_EKU 0x400000 +#define HX509_QUERY_MASK 0x7fffff Certificate *subject; Certificate *certificate; heim_integer *serial; @@ -142,6 +143,7 @@ struct hx509_query_data { void *cmp_func_ctx; heim_octet_string *keyhash_sha1; time_t timenow; + heim_oid *eku; }; struct hx509_keyset_ops { diff --git a/source4/heimdal/lib/hx509/keyset.c b/source4/heimdal/lib/hx509/keyset.c index 7da5705a80..2fcff7b03b 100644 --- a/source4/heimdal/lib/hx509/keyset.c +++ b/source4/heimdal/lib/hx509/keyset.c @@ -32,7 +32,31 @@ */ #include "hx_locl.h" -RCSID("$Id: keyset.c 21140 2007-06-18 21:24:19Z lha $"); +RCSID("$Id: keyset.c 22466 2008-01-16 14:26:35Z lha $"); + +/** + * @page page_keyset Certificate store operations + * + * Type of certificates store: + * - MEMORY + * In memory based format. Doesnt support storing. + * - FILE + * FILE supports raw DER certicates and PEM certicates. When PEM is + * used the file can contain may certificates and match private + * keys. Support storing the certificates. DER format only supports + * on certificate and no private key. + * - PEM-FILE + * Same as FILE, defaulting to PEM encoded certificates. + * - PEM-FILE + * Same as FILE, defaulting to DER encoded certificates. + * - PKCS11 + * - PKCS12 + * - DIR + * - KEYCHAIN + * Apple Mac OS X KeyChain backed keychain object. + * + * See the library functions here: @ref hx509_keyset + */ struct hx509_certs_data { int ref; @@ -69,6 +93,22 @@ _hx509_ks_register(hx509_context context, struct hx509_keyset_ops *ops) context->ks_num_ops++; } +/** + * Open or creates a new hx509 certificate store. + * + * @param context A hx509 context + * @param name name of the store, format is TYPE:type-specific-string, + * if NULL is used the MEMORY store is used. + * @param flags list of flags: + * - HX509_CERTS_CREATE create a new keystore of the specific TYPE. + * - HX509_CERTS_UNPROTECT_ALL fails if any private key failed to be extracted. + * @param lock a lock that unlocks the certificates store, use NULL to + * select no password/certifictes/prompt lock (see @ref page_lock). + * @param certs return pointer, free with hx509_certs_free(). + * + * @ingroup hx509_keyset + */ + int hx509_certs_init(hx509_context context, const char *name, int flags, @@ -125,6 +165,21 @@ hx509_certs_init(hx509_context context, return 0; } +/** + * Write the certificate store to stable storage. + * + * @param context A hx509 context. + * @param certs a certificate store to store. + * @param flags currently unused, use 0. + * @param lock a lock that unlocks the certificates store, use NULL to + * select no password/certifictes/prompt lock (see @ref page_lock). + * + * @return Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION if + * the certificate store doesn't support the store operation. + * + * @ingroup hx509_keyset + */ + int hx509_certs_store(hx509_context context, hx509_certs certs, @@ -132,11 +187,11 @@ hx509_certs_store(hx509_context context, hx509_lock lock) { if (certs->ops->store == NULL) { - hx509_set_error_string(context, 0, EINVAL, + hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION, "keystore if type %s doesn't support " "store operation", certs->ops->name); - return EINVAL; + return HX509_UNSUPPORTED_OPERATION; } return (*certs->ops->store)(context, certs, certs->ops_data, flags, lock); @@ -146,6 +201,8 @@ hx509_certs_store(hx509_context context, hx509_certs _hx509_certs_ref(hx509_certs certs) { + if (certs == NULL) + return NULL; if (certs->ref <= 0) _hx509_abort("certs refcount <= 0"); certs->ref++; @@ -154,6 +211,14 @@ _hx509_certs_ref(hx509_certs certs) return certs; } +/** + * Free a certificate store. + * + * @param certs certificate store to free. + * + * @ingroup hx509_keyset + */ + void hx509_certs_free(hx509_certs *certs) { @@ -169,6 +234,21 @@ hx509_certs_free(hx509_certs *certs) } } +/** + * Start the integration + * + * @param context a hx509 context. + * @param certs certificate store to iterate over + * @param cursor cursor that will keep track of progress, free with + * hx509_certs_end_seq(). + * + * @return Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION is + * returned if the certificate store doesn't support the iteration + * operation. + * + * @ingroup hx509_keyset + */ + int hx509_certs_start_seq(hx509_context context, hx509_certs certs, @@ -177,10 +257,10 @@ hx509_certs_start_seq(hx509_context context, int ret; if (certs->ops->iter_start == NULL) { - hx509_set_error_string(context, 0, ENOENT, + hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION, "Keyset type %s doesn't support iteration", certs->ops->name); - return ENOENT; + return HX509_UNSUPPORTED_OPERATION; } ret = (*certs->ops->iter_start)(context, certs, certs->ops_data, cursor); @@ -190,6 +270,21 @@ hx509_certs_start_seq(hx509_context context, return 0; } +/** + * Get next ceritificate from the certificate keystore pointed out by + * cursor. + * + * @param context a hx509 context. + * @param certs certificate store to iterate over. + * @param cursor cursor that keeps track of progress. + * @param cert return certificate next in store, NULL if the store + * contains no more certificates. Free with hx509_cert_free(). + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + int hx509_certs_next_cert(hx509_context context, hx509_certs certs, @@ -200,6 +295,18 @@ hx509_certs_next_cert(hx509_context context, return (*certs->ops->iter)(context, certs, certs->ops_data, cursor, cert); } +/** + * End the iteration over certificates. + * + * @param context a hx509 context. + * @param certs certificate store to iterate over. + * @param cursor cursor that will keep track of progress, freed. + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + int hx509_certs_end_seq(hx509_context context, hx509_certs certs, @@ -209,11 +316,26 @@ hx509_certs_end_seq(hx509_context context, return 0; } +/** + * Iterate over all certificates in a keystore and call an function + * for each fo them. + * + * @param context a hx509 context. + * @param certs certificate store to iterate over. + * @param func function to call for each certificate. The function + * should return non-zero to abort the iteration, that value is passed + * back to te caller of hx509_certs_iter(). + * @param ctx context variable that will passed to the function. + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ int hx509_certs_iter(hx509_context context, hx509_certs certs, - int (*fn)(hx509_context, void *, hx509_cert), + int (*func)(hx509_context, void *, hx509_cert), void *ctx) { hx509_cursor cursor; @@ -232,7 +354,7 @@ hx509_certs_iter(hx509_context context, ret = 0; break; } - ret = (*fn)(context, ctx, c); + ret = (*func)(context, ctx, c); hx509_cert_free(c); if (ret) break; @@ -243,6 +365,20 @@ hx509_certs_iter(hx509_context context, return ret; } + +/** + * Function to use to hx509_certs_iter() as a function argument, the + * ctx variable to hx509_certs_iter() should be a FILE file descriptor. + * + * @param context a hx509 context. + * @param ctx used by hx509_certs_iter(). + * @param c a certificate + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + int hx509_ci_print_names(hx509_context context, void *ctx, hx509_cert c) { @@ -264,10 +400,20 @@ hx509_ci_print_names(hx509_context context, void *ctx, hx509_cert c) return 0; } -/* - * The receiving keyset `certs´ will either increase reference counter - * of the `cert´ or make a deep copy, either way, the caller needs to - * free the `cert´ itself. +/** + * Add a certificate to the certificiate store. + * + * The receiving keyset certs will either increase reference counter + * of the cert or make a deep copy, either way, the caller needs to + * free the cert itself. + * + * @param context a hx509 context. + * @param certs certificate store to add the certificate to. + * @param cert certificate to add. + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset */ int @@ -283,6 +429,20 @@ hx509_certs_add(hx509_context context, hx509_certs certs, hx509_cert cert) return (*certs->ops->add)(context, certs, certs->ops_data, cert); } +/** + * Find a certificate matching the query. + * + * @param context a hx509 context. + * @param certs certificate store to search. + * @param q query allocated with @ref hx509_query functions. + * @param r return certificate (or NULL on error), should be freed + * with hx509_cert_free(). + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + int hx509_certs_find(hx509_context context, hx509_certs certs, @@ -335,6 +495,19 @@ certs_merge_func(hx509_context context, void *ctx, hx509_cert c) return hx509_certs_add(context, (hx509_certs)ctx, c); } +/** + * Merge a certificate store into another. The from store is keep + * intact. + * + * @param context a hx509 context. + * @param to the store to merge into. + * @param from the store to copy the object from. + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + int hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from) { @@ -343,6 +516,21 @@ hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from) return hx509_certs_iter(context, from, certs_merge_func, to); } +/** + * Same a hx509_certs_merge() but use a lock and name to describe the + * from source. + * + * @param context a hx509 context. + * @param to the store to merge into. + * @param lock a lock that unlocks the certificates store, use NULL to + * select no password/certifictes/prompt lock (see @ref page_lock). + * @param name name of the source store + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + int hx509_certs_append(hx509_context context, hx509_certs to, @@ -360,6 +548,18 @@ hx509_certs_append(hx509_context context, return ret; } +/** + * Get one random certificate from the certificate store. + * + * @param context a hx509 context. + * @param certs a certificate store to get the certificate from. + * @param c return certificate, should be freed with hx509_cert_free(). + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + int hx509_get_one_cert(hx509_context context, hx509_certs certs, hx509_cert *c) { @@ -388,6 +588,21 @@ certs_info_stdio(void *ctx, const char *str) return 0; } +/** + * Print some info about the certificate store. + * + * @param context a hx509 context. + * @param certs certificate store to print information about. + * @param func function that will get each line of the information, if + * NULL is used the data is printed on a FILE descriptor that should + * be passed in ctx, if ctx also is NULL, stdout is used. + * @param ctx parameter to func. + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + int hx509_certs_info(hx509_context context, hx509_certs certs, diff --git a/source4/heimdal/lib/hx509/ks_file.c b/source4/heimdal/lib/hx509/ks_file.c index 269afd03b1..87b97af401 100644 --- a/source4/heimdal/lib/hx509/ks_file.c +++ b/source4/heimdal/lib/hx509/ks_file.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_file.c 21314 2007-06-25 18:45:07Z lha $"); +RCSID("$Id: ks_file.c 22465 2008-01-16 14:25:24Z lha $"); typedef enum { USE_PEM, USE_DER } outformat; @@ -289,19 +289,25 @@ struct pem_formats { }; +struct pem_ctx { + int flags; + struct hx509_collector *c; +}; + static int pem_func(hx509_context context, const char *type, const hx509_pem_header *header, const void *data, size_t len, void *ctx) { - struct hx509_collector *c = ctx; - int ret, j; + struct pem_ctx *pem_ctx = (struct pem_ctx*)ctx; + int ret = 0, j; for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) { const char *q = formats[j].name; if (strcasecmp(type, q) == 0) { - ret = (*formats[j].func)(context, NULL, c, header, data, len); - break; + ret = (*formats[j].func)(context, NULL, pem_ctx->c, header, data, len); + if (ret == 0) + break; } } if (j == sizeof(formats)/sizeof(formats[0])) { @@ -310,6 +316,8 @@ pem_func(hx509_context context, const char *type, "Found no matching PEM format for %s", type); return ret; } + if (ret && (pem_ctx->flags & HX509_CERTS_UNPROTECT_ALL)) + return ret; return 0; } @@ -324,9 +332,12 @@ file_init_common(hx509_context context, { char *p, *pnext; struct ks_file *f = NULL; - struct hx509_collector *c = NULL; hx509_private_key *keys = NULL; int ret; + struct pem_ctx pem_ctx; + + pem_ctx.flags = flags; + pem_ctx.c = NULL; *data = NULL; @@ -361,7 +372,7 @@ file_init_common(hx509_context context, return 0; } - ret = _hx509_collector_alloc(context, lock, &c); + ret = _hx509_collector_alloc(context, lock, &pem_ctx.c); if (ret) goto out; @@ -381,7 +392,7 @@ file_init_common(hx509_context context, goto out; } - ret = hx509_pem_read(context, f, pem_func, c); + ret = hx509_pem_read(context, f, pem_func, &pem_ctx); fclose(f); if (ret != 0 && ret != HX509_PARSING_KEY_FAILED) goto out; @@ -397,7 +408,7 @@ file_init_common(hx509_context context, } for (i = 0; i < sizeof(formats)/sizeof(formats[0]); i++) { - ret = (*formats[i].func)(context, p, c, NULL, ptr, length); + ret = (*formats[i].func)(context, p, pem_ctx.c, NULL, ptr, length); if (ret == 0) break; } @@ -407,11 +418,11 @@ file_init_common(hx509_context context, } } - ret = _hx509_collector_collect_certs(context, c, &f->certs); + ret = _hx509_collector_collect_certs(context, pem_ctx.c, &f->certs); if (ret) goto out; - ret = _hx509_collector_collect_private_keys(context, c, &keys); + ret = _hx509_collector_collect_private_keys(context, pem_ctx.c, &keys); if (ret == 0) { int i; @@ -428,8 +439,9 @@ out: free(f->fn); free(f); } - if (c) - _hx509_collector_free(c); + if (pem_ctx.c) + _hx509_collector_free(pem_ctx.c); + return ret; } diff --git a/source4/heimdal/lib/hx509/ks_keychain.c b/source4/heimdal/lib/hx509/ks_keychain.c index 33c4d6774b..f8181975d9 100644 --- a/source4/heimdal/lib/hx509/ks_keychain.c +++ b/source4/heimdal/lib/hx509/ks_keychain.c @@ -32,17 +32,19 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_keychain.c 21097 2007-06-16 07:00:49Z lha $"); +RCSID("$Id: ks_keychain.c 22084 2007-11-16 20:12:30Z lha $"); #ifdef HAVE_FRAMEWORK_SECURITY #include -/* Missing function decls */ +/* Missing function decls in pre Leopard */ +#ifdef NEED_SECKEYGETCSPHANDLE_PROTO OSStatus SecKeyGetCSPHandle(SecKeyRef, CSSM_CSP_HANDLE *); OSStatus SecKeyGetCredentials(SecKeyRef, CSSM_ACL_AUTHORIZATION_TAG, int, const CSSM_ACCESS_CREDENTIALS **); #define kSecCredentialTypeDefault 0 +#endif static int @@ -50,7 +52,7 @@ getAttribute(SecKeychainItemRef itemRef, SecItemAttr item, SecKeychainAttributeList **attrs) { SecKeychainAttributeInfo attrInfo; - uint32 attrFormat = 0; + UInt32 attrFormat = 0; OSStatus ret; *attrs = NULL; @@ -408,7 +410,7 @@ keychain_iter(hx509_context context, { SecKeychainAttributeList *attrs = NULL; SecKeychainAttributeInfo attrInfo; - uint32 attrFormat[1] = { 0 }; + UInt32 attrFormat[1] = { 0 }; SecKeychainItemRef itemRef; SecItemAttr item[1]; struct iter *iter = cursor; diff --git a/source4/heimdal/lib/hx509/ks_p11.c b/source4/heimdal/lib/hx509/ks_p11.c index e3066bbcfa..0d7c312c72 100644 --- a/source4/heimdal/lib/hx509/ks_p11.c +++ b/source4/heimdal/lib/hx509/ks_p11.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_p11.c 21387 2007-06-28 08:53:45Z lha $"); +RCSID("$Id: ks_p11.c 22071 2007-11-14 20:04:50Z lha $"); #ifdef HAVE_DLFCN_H #include #endif @@ -403,7 +403,7 @@ p11_get_session(hx509_context context, * prompter or known to work pin code. * * This code is very conversative and only uses the prompter in - * the hx509_lock, the reason is that its bad to try many + * the hx509_lock, the reason is that it's bad to try many * passwords on a pkcs11 token, it might lock up and have to be * unlocked by a administrator. * diff --git a/source4/heimdal/lib/hx509/lock.c b/source4/heimdal/lib/hx509/lock.c index de326f2e2d..e835aee35a 100644 --- a/source4/heimdal/lib/hx509/lock.c +++ b/source4/heimdal/lib/hx509/lock.c @@ -32,7 +32,13 @@ */ #include "hx_locl.h" -RCSID("$Id: lock.c 18452 2006-10-14 09:41:05Z lha $"); +RCSID("$Id: lock.c 22327 2007-12-15 04:49:37Z lha $"); + +/** + * @page page_lock Locking and unlocking certificates and encrypted data. + * + * See the library functions here: @ref hx509_lock + */ struct hx509_lock_data { struct _hx509_password password; diff --git a/source4/heimdal/lib/hx509/name.c b/source4/heimdal/lib/hx509/name.c index 5198633b1e..3f0806ddc0 100644 --- a/source4/heimdal/lib/hx509/name.c +++ b/source4/heimdal/lib/hx509/name.c @@ -32,17 +32,39 @@ */ #include "hx_locl.h" -RCSID("$Id: name.c 20891 2007-06-04 22:51:41Z lha $"); +#include +RCSID("$Id: name.c 22583 2008-02-11 20:46:21Z lha $"); -/* - * name parsing from rfc2253 - * fix so parsing rfc1779 works too - * rfc3280 +/** + * @page page_name PKIX/X.509 Names + * + * There are several names in PKIX/X.509, GeneralName and Name. + * + * A Name consists of an ordered list of Relative Distinguished Names + * (RDN). Each RDN consists of an unordered list of typed strings. The + * types are defined by OID and have long and short description. For + * example id-at-commonName (2.5.4.3) have the long name CommonName + * and short name CN. The string itself can be of serveral encoding, + * UTF8, UTF16, Teltex string, etc. The type limit what encoding + * should be used. + * + * GeneralName is a broader nametype that can contains al kind of + * stuff like Name, IP addresses, partial Name, etc. + * + * Name is mapped into a hx509_name object. + * + * Parse and string name into a hx509_name object with hx509_parse_name(), + * make it back into string representation with hx509_name_to_string(). + * + * Name string are defined rfc2253, rfc1779 and X.501. + * + * See the library functions here: @ref hx509_name */ static const struct { const char *n; const heim_oid *(*o)(void); + wind_profile_flags flags; } no[] = { { "C", oid_id_at_countryName }, { "CN", oid_id_at_commonName }, @@ -153,6 +175,18 @@ stringtooid(const char *name, size_t len, heim_oid *oid) return ret; } +/** + * Convert the hx509 name object into a printable string. + * The resulting string should be freed with free(). + * + * @param name name to print + * @param str the string to return + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_name + */ + int hx509_name_to_string(const hx509_name name, char **str) { @@ -247,82 +281,185 @@ _hx509_Name_to_string(const Name *n, char **str) return 0; } -/* - * XXX this function is broken, it needs to compare code points, not - * bytes. - */ +#define COPYCHARARRAY(_ds,_el,_l,_n) \ + (_l) = strlen(_ds->u._el); \ + (_n) = malloc((_l) * sizeof((_n)[0])); \ + if ((_n) == NULL) \ + return ENOMEM; \ + for (i = 0; i < (_l); i++) \ + (_n)[i] = _ds->u._el[i] -int -_hx509_name_ds_cmp(const DirectoryString *ds1, const DirectoryString *ds2) + +#define COPYVALARRAY(_ds,_el,_l,_n) \ + (_l) = _ds->u._el.length; \ + (_n) = malloc((_l) * sizeof((_n)[0])); \ + if ((_n) == NULL) \ + return ENOMEM; \ + for (i = 0; i < (_l); i++) \ + (_n)[i] = _ds->u._el.data[i] + +#define COPYVOIDARRAY(_ds,_el,_l,_n) \ + (_l) = _ds->u._el.length; \ + (_n) = malloc((_l) * sizeof((_n)[0])); \ + if ((_n) == NULL) \ + return ENOMEM; \ + for (i = 0; i < (_l); i++) \ + (_n)[i] = ((unsigned char *)_ds->u._el.data)[i] + + + +static int +dsstringprep(const DirectoryString *ds, uint32_t **rname, size_t *rlen) { - int c; + wind_profile_flags flags = 0; + size_t i, len; + int ret; + uint32_t *name; - c = ds1->element - ds2->element; - if (c) - return c; + *rname = NULL; + *rlen = 0; - switch(ds1->element) { + switch(ds->element) { case choice_DirectoryString_ia5String: - c = strcmp(ds1->u.ia5String, ds2->u.ia5String); - break; - case choice_DirectoryString_teletexString: - c = der_heim_octet_string_cmp(&ds1->u.teletexString, - &ds2->u.teletexString); + COPYCHARARRAY(ds, ia5String, len, name); break; case choice_DirectoryString_printableString: - c = strcasecmp(ds1->u.printableString, ds2->u.printableString); + flags = WIND_PROFILE_LDAP_CASE_EXACT_ATTRIBUTE; + COPYCHARARRAY(ds, printableString, len, name); break; - case choice_DirectoryString_utf8String: - c = strcmp(ds1->u.utf8String, ds2->u.utf8String); + case choice_DirectoryString_teletexString: + COPYVOIDARRAY(ds, teletexString, len, name); + break; + case choice_DirectoryString_bmpString: + COPYVALARRAY(ds, bmpString, len, name); break; case choice_DirectoryString_universalString: - c = der_heim_universal_string_cmp(&ds1->u.universalString, - &ds2->u.universalString); + COPYVALARRAY(ds, universalString, len, name); break; - case choice_DirectoryString_bmpString: - c = der_heim_bmp_string_cmp(&ds1->u.bmpString, - &ds2->u.bmpString); + case choice_DirectoryString_utf8String: + ret = wind_utf8ucs4_length(ds->u.utf8String, &len); + if (ret) + return ret; + name = malloc(len * sizeof(name[0])); + if (name == NULL) + return ENOMEM; + ret = wind_utf8ucs4(ds->u.utf8String, name, &len); + if (ret) + return ret; break; default: - c = 1; - break; + _hx509_abort("unknown directory type: %d", ds->element); + } + + *rlen = len; + /* try a couple of times to get the length right, XXX gross */ + for (i = 0; i < 4; i++) { + *rlen = *rlen * 2; + *rname = malloc(*rlen * sizeof((*rname)[0])); + + ret = wind_stringprep(name, len, *rname, rlen, + WIND_PROFILE_LDAP|flags); + if (ret == WIND_ERR_OVERRUN) { + free(*rname); + *rname = NULL; + continue; + } else + break; + } + free(name); + if (ret) { + if (*rname) + free(*rname); + *rname = NULL; + *rlen = 0; + return ret; + } + + return 0; +} + +int +_hx509_name_ds_cmp(const DirectoryString *ds1, + const DirectoryString *ds2, + int *diff) +{ + uint32_t *ds1lp, *ds2lp; + size_t ds1len, ds2len; + int ret; + + ret = dsstringprep(ds1, &ds1lp, &ds1len); + if (ret) + return ret; + ret = dsstringprep(ds2, &ds2lp, &ds2len); + if (ret) { + free(ds1lp); + return ret; } - return c; + + if (ds1len != ds2len) + *diff = ds1len - ds2len; + else + *diff = memcmp(ds1lp, ds2lp, ds1len * sizeof(ds1lp[0])); + + free(ds1lp); + free(ds2lp); + + return 0; } int -_hx509_name_cmp(const Name *n1, const Name *n2) +_hx509_name_cmp(const Name *n1, const Name *n2, int *c) { - int i, j, c; + int ret, i, j; - c = n1->u.rdnSequence.len - n2->u.rdnSequence.len; - if (c) - return c; + *c = n1->u.rdnSequence.len - n2->u.rdnSequence.len; + if (*c) + return 0; for (i = 0 ; i < n1->u.rdnSequence.len; i++) { - c = n1->u.rdnSequence.val[i].len - n2->u.rdnSequence.val[i].len; - if (c) - return c; + *c = n1->u.rdnSequence.val[i].len - n2->u.rdnSequence.val[i].len; + if (*c) + return 0; for (j = 0; j < n1->u.rdnSequence.val[i].len; j++) { - c = der_heim_oid_cmp(&n1->u.rdnSequence.val[i].val[j].type, - &n1->u.rdnSequence.val[i].val[j].type); - if (c) - return c; + *c = der_heim_oid_cmp(&n1->u.rdnSequence.val[i].val[j].type, + &n1->u.rdnSequence.val[i].val[j].type); + if (*c) + return 0; - c = _hx509_name_ds_cmp(&n1->u.rdnSequence.val[i].val[j].value, - &n2->u.rdnSequence.val[i].val[j].value); - if (c) - return c; + ret = _hx509_name_ds_cmp(&n1->u.rdnSequence.val[i].val[j].value, + &n2->u.rdnSequence.val[i].val[j].value, + c); + if (ret) + return ret; + if (*c) + return 0; } } + *c = 0; return 0; } +/** + * Compare to hx509 name object, useful for sorting. + * + * @param n1 a hx509 name object. + * @param n2 a hx509 name object. + * + * @return 0 the objects are the same, returns > 0 is n2 is "larger" + * then n2, < 0 if n1 is "smaller" then n2. + * + * @ingroup hx509_name + */ + int hx509_name_cmp(hx509_name n1, hx509_name n2) { - return _hx509_name_cmp(&n1->der_name, &n2->der_name); + int ret, diff; + ret = _hx509_name_cmp(&n1->der_name, &n2->der_name, &diff); + if (ret) + return ret; + return diff; } @@ -341,19 +478,6 @@ _hx509_name_from_Name(const Name *n, hx509_name *name) return ret; } -static int -hx509_der_parse_name(const void *data, size_t length, hx509_name *name) -{ - int ret; - Name n; - - *name = NULL; - ret = decode_Name(data, length, &n, NULL); - if (ret) - return ret; - return _hx509_name_from_Name(&n, name); -} - int _hx509_name_modify(hx509_context context, Name *name, @@ -400,6 +524,18 @@ _hx509_name_modify(hx509_context context, return 0; } +/** + * Parse a string into a hx509 name object. + * + * @param context A hx509 context. + * @param str a string to parse. + * @param name the resulting object, NULL in case of error. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_name + */ + int hx509_parse_name(hx509_context context, const char *str, hx509_name *name) { @@ -492,6 +628,18 @@ out: return HX509_NAME_MALFORMED; } +/** + * Copy a hx509 name object. + * + * @param context A hx509 cotext. + * @param from the name to copy from + * @param to the name to copy to + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_name + */ + int hx509_name_copy(hx509_context context, const hx509_name from, hx509_name *to) { @@ -509,6 +657,17 @@ hx509_name_copy(hx509_context context, const hx509_name from, hx509_name *to) return 0; } +/** + * Convert a hx509_name into a Name. + * + * @param from the name to copy from + * @param to the name to copy to + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_name + */ + int hx509_name_to_Name(const hx509_name from, Name *to) { @@ -521,6 +680,19 @@ hx509_name_normalize(hx509_context context, hx509_name name) return 0; } +/** + * Expands variables in the name using env. Variables are on the form + * ${name}. Useful when dealing with certificate templates. + * + * @param context A hx509 cotext. + * @param name the name to expand. + * @param env environment variable to expand. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_name + */ + int hx509_name_expand(hx509_context context, hx509_name name, @@ -539,6 +711,7 @@ hx509_name_expand(hx509_context context, for (i = 0 ; i < n->u.rdnSequence.len; i++) { for (j = 0; j < n->u.rdnSequence.val[i].len; j++) { + /** Only UTF8String rdnSequence names are allowed */ /* THIS SHOULD REALLY BE: COMP = n->u.rdnSequence.val[i].val[j]; @@ -615,6 +788,13 @@ hx509_name_expand(hx509_context context, return 0; } +/** + * Free a hx509 name object, upond return *name will be NULL. + * + * @param name a hx509 name object to be freed. + * + * @ingroup hx509_name + */ void hx509_name_free(hx509_name *name) @@ -625,37 +805,61 @@ hx509_name_free(hx509_name *name) *name = NULL; } +/** + * Convert a DER encoded name info a string. + * + * @param data data to a DER/BER encoded name + * @param length length of data + * @param str the resulting string, is NULL on failure. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_name + */ + int hx509_unparse_der_name(const void *data, size_t length, char **str) { - hx509_name name; + Name name; int ret; - ret = hx509_der_parse_name(data, length, &name); + *str = NULL; + + ret = decode_Name(data, length, &name, NULL); if (ret) return ret; - - ret = hx509_name_to_string(name, str); - hx509_name_free(&name); + ret = _hx509_Name_to_string(&name, str); + free_Name(&name); return ret; } +/** + * Convert a hx509_name object to DER encoded name. + * + * @param name name to concert + * @param os data to a DER encoded name, free the resulting octet + * string with hx509_xfree(os->data). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_name + */ + int -hx509_name_to_der_name(const hx509_name name, void **data, size_t *length) +hx509_name_binary(const hx509_name name, heim_octet_string *os) { size_t size; int ret; - ASN1_MALLOC_ENCODE(Name, *data, *length, &name->der_name, &size, ret); + ASN1_MALLOC_ENCODE(Name, os->data, os->length, &name->der_name, &size, ret); if (ret) return ret; - if (*length != size) + if (os->length != size) _hx509_abort("internal ASN.1 encoder error"); return 0; } - int _hx509_unparse_Name(const Name *aname, char **str) { @@ -671,12 +875,33 @@ _hx509_unparse_Name(const Name *aname, char **str) return ret; } +/** + * Unparse the hx509 name in name into a string. + * + * @param name the name to check if its empty/null. + * + * @return non zero if the name is empty/null. + * + * @ingroup hx509_name + */ + int hx509_name_is_null_p(const hx509_name name) { return name->der_name.u.rdnSequence.len == 0; } +/** + * Unparse the hx509 name in name into a string. + * + * @param name the name to print + * @param str an allocated string returns the name in string form + * + * @return An hx509 error code, see krb5_get_error_string(). + * + * @ingroup hx509_name + */ + int hx509_general_name_unparse(GeneralName *name, char **str) { diff --git a/source4/heimdal/lib/hx509/peer.c b/source4/heimdal/lib/hx509/peer.c index e90f8f34b0..eb0ecd2bde 100644 --- a/source4/heimdal/lib/hx509/peer.c +++ b/source4/heimdal/lib/hx509/peer.c @@ -32,7 +32,27 @@ */ #include "hx_locl.h" -RCSID("$Id: peer.c 21481 2007-07-10 16:33:23Z lha $"); +RCSID("$Id: peer.c 22345 2007-12-26 19:03:51Z lha $"); + +/** + * @page page_peer Hx509 crypto selecting functions + * + * Peer info structures are used togeter with hx509_crypto_select() to + * select the best avaible crypto algorithm to use. + * + * See the library functions here: @ref hx509_peer + */ + +/** + * Allocate a new peer info structure an init it to default values. + * + * @param context A hx509 context. + * @param peer return an allocated peer, free with hx509_peer_info_free(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_peer + */ int hx509_peer_info_alloc(hx509_context context, hx509_peer_info *peer) @@ -59,6 +79,14 @@ free_cms_alg(hx509_peer_info peer) } } +/** + * Free a peer info structure. + * + * @param peer peer info to be freed. + * + * @ingroup hx509_peer + */ + void hx509_peer_info_free(hx509_peer_info peer) { @@ -71,6 +99,17 @@ hx509_peer_info_free(hx509_peer_info peer) free(peer); } +/** + * Set the certificate that remote peer is using. + * + * @param peer peer info to update + * @param cert cerificate of the remote peer. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_peer + */ + int hx509_peer_info_set_cert(hx509_peer_info peer, hx509_cert cert) @@ -81,6 +120,19 @@ hx509_peer_info_set_cert(hx509_peer_info peer, return 0; } +/** + * Set the algorithms that the peer supports. + * + * @param context A hx509 context. + * @param peer the peer to set the new algorithms for + * @param val array of supported AlgorithmsIdentiers + * @param len length of array val. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_peer + */ + int hx509_peer_info_set_cms_algs(hx509_context context, hx509_peer_info peer, diff --git a/source4/heimdal/lib/hx509/print.c b/source4/heimdal/lib/hx509/print.c index e6f71ea2ce..c1594ff047 100644 --- a/source4/heimdal/lib/hx509/print.c +++ b/source4/heimdal/lib/hx509/print.c @@ -32,8 +32,13 @@ */ #include "hx_locl.h" -RCSID("$Id: print.c 21381 2007-06-28 08:29:22Z lha $"); +RCSID("$Id: print.c 22538 2008-01-27 13:05:47Z lha $"); +/** + * @page page_print Hx509 printing functions + * + * See the library functions here: @ref hx509_print + */ struct hx509_validate_ctx_data { int flags; @@ -75,15 +80,31 @@ Time2string(const Time *T, char **str) return 0; } +/** + * Helper function to print on stdout for: + * - hx509_oid_print(), + * - hx509_bitstring_print(), + * - hx509_validate_ctx_set_print(). + * + * @param ctx the context to the print function. If the ctx is NULL, + * stdout is used. + * @param fmt the printing format. + * @param va the argumet list. + * + * @ingroup hx509_print + */ + void hx509_print_stdout(void *ctx, const char *fmt, va_list va) { FILE *f = ctx; + if (f == NULL) + f = stdout; vfprintf(f, fmt, va); } -void -hx509_print_func(hx509_vprint_func func, void *ctx, const char *fmt, ...) +static void +print_func(hx509_vprint_func func, void *ctx, const char *fmt, ...) { va_list va; va_start(va, fmt); @@ -91,36 +112,82 @@ hx509_print_func(hx509_vprint_func func, void *ctx, const char *fmt, ...) va_end(va); } +/** + * Print a oid to a string. + * + * @param oid oid to print + * @param str allocated string, free with hx509_xfree(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_print + */ + int hx509_oid_sprint(const heim_oid *oid, char **str) { return der_print_heim_oid(oid, '.', str); } +/** + * Print a oid using a hx509_vprint_func function. To print to stdout + * use hx509_print_stdout(). + * + * @param oid oid to print + * @param func hx509_vprint_func to print with. + * @param ctx context variable to hx509_vprint_func function. + * + * @ingroup hx509_print + */ + void hx509_oid_print(const heim_oid *oid, hx509_vprint_func func, void *ctx) { char *str; hx509_oid_sprint(oid, &str); - hx509_print_func(func, ctx, "%s", str); + print_func(func, ctx, "%s", str); free(str); } +/** + * Print a bitstring using a hx509_vprint_func function. To print to + * stdout use hx509_print_stdout(). + * + * @param b bit string to print. + * @param func hx509_vprint_func to print with. + * @param ctx context variable to hx509_vprint_func function. + * + * @ingroup hx509_print + */ + void hx509_bitstring_print(const heim_bit_string *b, hx509_vprint_func func, void *ctx) { int i; - hx509_print_func(func, ctx, "\tlength: %d\n\t", b->length); + print_func(func, ctx, "\tlength: %d\n\t", b->length); for (i = 0; i < (b->length + 7) / 8; i++) - hx509_print_func(func, ctx, "%02x%s%s", - ((unsigned char *)b->data)[i], - i < (b->length - 7) / 8 - && (i == 0 || (i % 16) != 15) ? ":" : "", - i != 0 && (i % 16) == 15 ? - (i <= ((b->length + 7) / 8 - 2) ? "\n\t" : "\n"):""); + print_func(func, ctx, "%02x%s%s", + ((unsigned char *)b->data)[i], + i < (b->length - 7) / 8 + && (i == 0 || (i % 16) != 15) ? ":" : "", + i != 0 && (i % 16) == 15 ? + (i <= ((b->length + 7) / 8 - 2) ? "\n\t" : "\n"):""); } +/** + * Print certificate usage for a certificate to a string. + * + * @param context A hx509 context. + * @param c a certificate print the keyusage for. + * @param s the return string with the keysage printed in to, free + * with hx509_xfree(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_print + */ + int hx509_cert_keyusage_print(hx509_context context, hx509_cert c, char **s) { @@ -268,9 +335,6 @@ check_authorityKeyIdentifier(hx509_validate_ctx ctx, status->haveAKI = 1; check_Null(ctx, status, cf, e); - status->haveSKI = 1; - check_Null(ctx, status, cf, e); - ret = decode_AuthorityKeyIdentifier(e->extnValue.data, e->extnValue.length, &ai, &size); @@ -298,6 +362,56 @@ check_authorityKeyIdentifier(hx509_validate_ctx ctx, return 0; } +static int +check_extKeyUsage(hx509_validate_ctx ctx, + struct cert_status *status, + enum critical_flag cf, + const Extension *e) +{ + ExtKeyUsage eku; + size_t size, i; + int ret; + + check_Null(ctx, status, cf, e); + + ret = decode_ExtKeyUsage(e->extnValue.data, + e->extnValue.length, + &eku, &size); + if (ret) { + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Decoding ExtKeyUsage failed: %d", ret); + return 1; + } + if (size != e->extnValue.length) { + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Padding data in EKU"); + free_ExtKeyUsage(&eku); + return 1; + } + if (eku.len == 0) { + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "ExtKeyUsage length is 0"); + return 1; + } + + for (i = 0; i < eku.len; i++) { + char *str; + ret = der_print_heim_oid (&eku.val[i], '.', &str); + if (ret) { + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "\tEKU: failed to print oid %d", i); + free_ExtKeyUsage(&eku); + return 1; + } + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "\teku-%d: %s\n", i, str);; + free(str); + } + + free_ExtKeyUsage(&eku); + + return 0; +} static int check_pkinit_san(hx509_validate_ctx ctx, heim_any *a) @@ -664,7 +778,7 @@ struct { { ext(policyMappings, Null), M_N_C }, { ext(authorityKeyIdentifier, authorityKeyIdentifier), M_N_C }, { ext(policyConstraints, Null), D_C }, - { ext(extKeyUsage, Null), D_C }, + { ext(extKeyUsage, extKeyUsage), D_C }, { ext(freshestCRL, Null), M_N_C }, { ext(inhibitAnyPolicy, Null), M_C }, #undef ext @@ -679,6 +793,18 @@ struct { { NULL } }; +/** + * Allocate a hx509 validation/printing context. + * + * @param context A hx509 context. + * @param ctx a new allocated hx509 validation context, free with + * hx509_validate_ctx_free(). + + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_print + */ + int hx509_validate_ctx_init(hx509_context context, hx509_validate_ctx *ctx) { @@ -689,6 +815,18 @@ hx509_validate_ctx_init(hx509_context context, hx509_validate_ctx *ctx) return 0; } +/** + * Set the printing functions for the validation context. + * + * @param ctx a hx509 valication context. + * @param func the printing function to usea. + * @param c the context variable to the printing function. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_print + */ + void hx509_validate_ctx_set_print(hx509_validate_ctx ctx, hx509_vprint_func func, @@ -698,18 +836,50 @@ hx509_validate_ctx_set_print(hx509_validate_ctx ctx, ctx->ctx = c; } +/** + * Add flags to control the behaivor of the hx509_validate_cert() + * function. + * + * @param ctx A hx509 validation context. + * @param flags flags to add to the validation context. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_print + */ + void hx509_validate_ctx_add_flags(hx509_validate_ctx ctx, int flags) { ctx->flags |= flags; } +/** + * Free an hx509 validate context. + * + * @param ctx the hx509 validate context to free. + * + * @ingroup hx509_print + */ + void hx509_validate_ctx_free(hx509_validate_ctx ctx) { free(ctx); } +/** + * Validate/Print the status of the certificate. + * + * @param context A hx509 context. + * @param ctx A hx509 validation context. + * @param cert the cerificate to validate/print. + + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_print + */ + int hx509_validate_cert(hx509_context context, hx509_validate_ctx ctx, diff --git a/source4/heimdal/lib/hx509/revoke.c b/source4/heimdal/lib/hx509/revoke.c index ddcb17ee38..2010f945f0 100644 --- a/source4/heimdal/lib/hx509/revoke.c +++ b/source4/heimdal/lib/hx509/revoke.c @@ -31,14 +31,33 @@ * SUCH DAMAGE. */ +/** + * @page page_revoke Revocation methods + * + * There are two revocation method for PKIX/X.509: CRL and OCSP. + * Revocation is needed if the private key is lost and + * stolen. Depending on how picky you are, you might want to make + * revocation for destroyed private keys too (smartcard broken), but + * that should not be a problem. + * + * CRL is a list of certifiates that have expired. + * + * OCSP is an online checking method where the requestor sends a list + * of certificates to the OCSP server to return a signed reply if they + * are valid or not. Some services sends a OCSP reply as part of the + * hand-shake to make the revoktion decision simpler/faster for the + * client. + */ + #include "hx_locl.h" -RCSID("$Id: revoke.c 21153 2007-06-18 21:55:46Z lha $"); +RCSID("$Id: revoke.c 22583 2008-02-11 20:46:21Z lha $"); struct revoke_crl { char *path; time_t last_modfied; CRLCertificateList crl; int verified; + int failed_verify; }; struct revoke_ocsp { @@ -51,6 +70,7 @@ struct revoke_ocsp { struct hx509_revoke_ctx_data { + unsigned ref; struct { struct revoke_crl *val; size_t len; @@ -61,6 +81,17 @@ struct hx509_revoke_ctx_data { } ocsps; }; +/** + * Allocate a revokation context. Free with hx509_revoke_free(). + * + * @param context A hx509 context. + * @param ctx returns a newly allocated revokation context. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_revoke + */ + int hx509_revoke_init(hx509_context context, hx509_revoke_ctx *ctx) { @@ -68,6 +99,7 @@ hx509_revoke_init(hx509_context context, hx509_revoke_ctx *ctx) if (*ctx == NULL) return ENOMEM; + (*ctx)->ref = 1; (*ctx)->crls.len = 0; (*ctx)->crls.val = NULL; (*ctx)->ocsps.len = 0; @@ -76,6 +108,19 @@ hx509_revoke_init(hx509_context context, hx509_revoke_ctx *ctx) return 0; } +hx509_revoke_ctx +_hx509_revoke_ref(hx509_revoke_ctx ctx) +{ + if (ctx == NULL) + return NULL; + if (ctx->ref <= 0) + _hx509_abort("revoke ctx refcount <= 0"); + ctx->ref++; + if (ctx->ref == 0) + _hx509_abort("revoke ctx refcount == 0"); + return ctx; +} + static void free_ocsp(struct revoke_ocsp *ocsp) { @@ -85,6 +130,14 @@ free_ocsp(struct revoke_ocsp *ocsp) hx509_cert_free(ocsp->signer); } +/** + * Free a hx509 revokation context. + * + * @param ctx context to be freed + * + * @ingroup hx509_revoke + */ + void hx509_revoke_free(hx509_revoke_ctx *ctx) { @@ -93,6 +146,11 @@ hx509_revoke_free(hx509_revoke_ctx *ctx) if (ctx == NULL || *ctx == NULL) return; + if ((*ctx)->ref <= 0) + _hx509_abort("revoke ctx refcount <= 0 on free"); + if (--(*ctx)->ref > 0) + return; + for (i = 0; i < (*ctx)->crls.len; i++) { free((*ctx)->crls.val[i].path); free_CRLCertificateList(&(*ctx)->crls.val[i].crl); @@ -150,7 +208,7 @@ verify_ocsp(hx509_context context, /* * If signer certificate isn't the CA certificate, lets check the - * its the CA that signed the signer certificate and the OCSP EKU + * it is the CA that signed the signer certificate and the OCSP EKU * is set. */ if (hx509_cert_cmp(signer, parent) != 0) { @@ -324,6 +382,18 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp) return 0; } +/** + * Add a OCSP file to the revokation context. + * + * @param context hx509 context + * @param ctx hx509 revokation context + * @param path path to file that is going to be added to the context. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_revoke + */ + int hx509_revoke_add_ocsp(hx509_context context, hx509_revoke_ctx ctx, @@ -380,6 +450,7 @@ hx509_revoke_add_ocsp(hx509_context context, static int verify_crl(hx509_context context, + hx509_revoke_ctx ctx, CRLCertificateList *crl, time_t time_now, hx509_certs certs, @@ -391,52 +462,44 @@ verify_crl(hx509_context context, int ret; t = _hx509_Time2time_t(&crl->tbsCertList.thisUpdate); - if (t > time_now) + if (t > time_now) { + hx509_set_error_string(context, 0, HX509_CRL_USED_BEFORE_TIME, + "CRL used before time"); return HX509_CRL_USED_BEFORE_TIME; + } - if (crl->tbsCertList.nextUpdate == NULL) + if (crl->tbsCertList.nextUpdate == NULL) { + hx509_set_error_string(context, 0, HX509_CRL_INVALID_FORMAT, + "CRL missing nextUpdate"); return HX509_CRL_INVALID_FORMAT; + } t = _hx509_Time2time_t(crl->tbsCertList.nextUpdate); - if (t < time_now) + if (t < time_now) { + hx509_set_error_string(context, 0, HX509_CRL_USED_AFTER_TIME, + "CRL used after time"); return HX509_CRL_USED_AFTER_TIME; + } _hx509_query_clear(&q); - q.match = HX509_QUERY_MATCH_SUBJECT_NAME; - q.subject_name = &crl->tbsCertList.issuer; + /* + * If it's the signer have CRLSIGN bit set, use that as the signer + * cert for the certificate, otherwise, search for a certificate. + */ + if (_hx509_check_key_usage(context, parent, 1 << 6, FALSE) == 0) { + signer = hx509_cert_ref(parent); + } else { + q.match = HX509_QUERY_MATCH_SUBJECT_NAME; + q.match |= HX509_QUERY_KU_CRLSIGN; + q.subject_name = &crl->tbsCertList.issuer; - ret = hx509_certs_find(context, certs, &q, &signer); - if (ret) - return ret; - - /* verify is parent or CRLsigner */ - if (hx509_cert_cmp(signer, parent) != 0) { - Certificate *p = _hx509_get_cert(parent); - Certificate *s = _hx509_get_cert(signer); - - ret = _hx509_cert_is_parent_cmp(s, p, 0); - if (ret != 0) { - ret = HX509_PARENT_NOT_CA; - hx509_set_error_string(context, 0, ret, "Revoke CRL signer is " - "doesn't have CA as signer certificate"); - goto out; - } - - ret = _hx509_verify_signature_bitstring(context, - p, - &s->signatureAlgorithm, - &s->tbsCertificate._save, - &s->signatureValue); + ret = hx509_certs_find(context, certs, &q, &signer); if (ret) { hx509_set_error_string(context, HX509_ERROR_APPEND, ret, - "CRL signer signature invalid"); - goto out; + "Failed to find certificate for CRL"); + return ret; } - - ret = _hx509_check_key_usage(context, signer, 1 << 6, TRUE); /* crl */ - if (ret != 0) - goto out; } ret = _hx509_verify_signature_bitstring(context, @@ -450,6 +513,44 @@ verify_crl(hx509_context context, goto out; } + /* + * If signer is not CA cert, need to check revoke status of this + * CRL signing cert too, this include all parent CRL signer cert + * up to the root *sigh*, assume root at least hve CERTSIGN flag + * set. + */ + while (_hx509_check_key_usage(context, signer, 1 << 5, TRUE)) { + hx509_cert crl_parent; + + _hx509_query_clear(&q); + + q.match = HX509_QUERY_MATCH_SUBJECT_NAME; + q.match |= HX509_QUERY_KU_CRLSIGN; + q.subject_name = &_hx509_get_cert(signer)->tbsCertificate.issuer; + + ret = hx509_certs_find(context, certs, &q, &crl_parent); + if (ret) { + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + "Failed to find parent of CRL signer"); + goto out; + } + + ret = hx509_revoke_verify(context, + ctx, + certs, + time_now, + signer, + crl_parent); + hx509_cert_free(signer); + signer = crl_parent; + if (ret) { + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + "Failed to verify revoke " + "status of CRL signer"); + goto out; + } + } + out: hx509_cert_free(signer); @@ -485,6 +586,18 @@ load_crl(const char *path, time_t *t, CRLCertificateList *crl) return 0; } +/** + * Add a CRL file to the revokation context. + * + * @param context hx509 context + * @param ctx hx509 revokation context + * @param path path to file that is going to be added to the context. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_revoke + */ + int hx509_revoke_add_crl(hx509_context context, hx509_revoke_ctx ctx, @@ -537,6 +650,23 @@ hx509_revoke_add_crl(hx509_context context, return ret; } +/** + * Check that a certificate is not expired according to a revokation + * context. Also need the parent certificte to the check OCSP + * parent identifier. + * + * @param context hx509 context + * @param ctx hx509 revokation context + * @param certs + * @param now + * @param cert + * @param parent_cert + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_revoke + */ + int hx509_revoke_verify(hx509_context context, @@ -551,6 +681,8 @@ hx509_revoke_verify(hx509_context context, unsigned long i, j, k; int ret; + hx509_clear_error_string(context); + for (i = 0; i < ctx->ocsps.len; i++) { struct revoke_ocsp *ocsp = &ctx->ocsps.val[i]; struct stat sb; @@ -604,6 +736,10 @@ hx509_revoke_verify(hx509_context context, case choice_OCSPCertStatus_good: break; case choice_OCSPCertStatus_revoked: + hx509_set_error_string(context, 0, + HX509_CERT_REVOKED, + "Certificate revoked by issuer in OCSP"); + return HX509_CERT_REVOKED; case choice_OCSPCertStatus_unknown: continue; } @@ -613,7 +749,7 @@ hx509_revoke_verify(hx509_context context, now + context->ocsp_time_diff) continue; - /* don't allow the next updte to be in the past */ + /* don't allow the next update to be in the past */ if (ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate) { if (*ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate < now) continue; @@ -627,11 +763,12 @@ hx509_revoke_verify(hx509_context context, for (i = 0; i < ctx->crls.len; i++) { struct revoke_crl *crl = &ctx->crls.val[i]; struct stat sb; + int diff; /* check if cert.issuer == crls.val[i].crl.issuer */ ret = _hx509_name_cmp(&c->tbsCertificate.issuer, - &crl->crl.tbsCertList.issuer); - if (ret) + &crl->crl.tbsCertList.issuer, &diff); + if (ret || diff) continue; ret = stat(crl->path, &sb); @@ -643,21 +780,32 @@ hx509_revoke_verify(hx509_context context, free_CRLCertificateList(&crl->crl); crl->crl = cl; crl->verified = 0; + crl->failed_verify = 0; } } + if (crl->failed_verify) + continue; /* verify signature in crl if not already done */ if (crl->verified == 0) { - ret = verify_crl(context, &crl->crl, now, certs, parent_cert); - if (ret) - return ret; + ret = verify_crl(context, ctx, &crl->crl, now, certs, parent_cert); + if (ret) { + crl->failed_verify = 1; + continue; + } crl->verified = 1; } - - if (crl->crl.tbsCertList.crlExtensions) - for (j = 0; j < crl->crl.tbsCertList.crlExtensions->len; j++) - if (crl->crl.tbsCertList.crlExtensions->val[j].critical) + + if (crl->crl.tbsCertList.crlExtensions) { + for (j = 0; j < crl->crl.tbsCertList.crlExtensions->len; j++) { + if (crl->crl.tbsCertList.crlExtensions->val[j].critical) { + hx509_set_error_string(context, 0, + HX509_CRL_UNKNOWN_EXTENSION, + "Unknown CRL extension"); return HX509_CRL_UNKNOWN_EXTENSION; + } + } + } if (crl->crl.tbsCertList.revokedCertificates == NULL) return 0; @@ -667,7 +815,7 @@ hx509_revoke_verify(hx509_context context, time_t t; ret = der_heim_integer_cmp(&crl->crl.tbsCertList.revokedCertificates->val[j].userCertificate, - &c->tbsCertificate.serialNumber); + &c->tbsCertificate.serialNumber); if (ret != 0) continue; @@ -680,7 +828,10 @@ hx509_revoke_verify(hx509_context context, if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->val[k].critical) return HX509_CRL_UNKNOWN_EXTENSION; - return HX509_CRL_CERT_REVOKED; + hx509_set_error_string(context, 0, + HX509_CERT_REVOKED, + "Certificate revoked by issuer in CRL"); + return HX509_CERT_REVOKED; } return 0; @@ -689,6 +840,10 @@ hx509_revoke_verify(hx509_context context, if (context->flags & HX509_CTX_VERIFY_MISSING_OK) return 0; + hx509_set_error_string(context, HX509_ERROR_APPEND, + HX509_REVOKE_STATUS_MISSING, + "No revoke status found for " + "certificates"); return HX509_REVOKE_STATUS_MISSING; } @@ -785,6 +940,22 @@ out: return ret; } +/** + * Create an OCSP request for a set of certificates. + * + * @param context a hx509 context + * @param reqcerts list of certificates to request ocsp data for + * @param pool certificate pool to use when signing + * @param signer certificate to use to sign the request + * @param digest the signing algorithm in the request, if NULL use the + * default signature algorithm, + * @param request the encoded request, free with free_heim_octet_string(). + * @param nonce nonce in the request, free with free_heim_octet_string(). + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_revoke + */ int hx509_ocsp_request(hx509_context context, @@ -813,41 +984,49 @@ hx509_ocsp_request(hx509_context context, ret = hx509_certs_iter(context, reqcerts, add_to_req, &ctx); hx509_cert_free(ctx.parent); - if (ret) { - free_OCSPRequest(&req); - return ret; - } + if (ret) + goto out; if (nonce) { - req.tbsRequest.requestExtensions = calloc(1, sizeof(*req.tbsRequest.requestExtensions)); if (req.tbsRequest.requestExtensions == NULL) { - free_OCSPRequest(&req); - return ENOMEM; + ret = ENOMEM; + goto out; } es = req.tbsRequest.requestExtensions; - es->len = 1; es->val = calloc(es->len, sizeof(es->val[0])); + if (es->val == NULL) { + ret = ENOMEM; + goto out; + } + es->len = 1; ret = der_copy_oid(oid_id_pkix_ocsp_nonce(), &es->val[0].extnID); - if (ret) - abort(); - + if (ret) { + free_OCSPRequest(&req); + return ret; + } + es->val[0].extnValue.data = malloc(10); if (es->val[0].extnValue.data == NULL) { - free_OCSPRequest(&req); - return ENOMEM; + ret = ENOMEM; + goto out; } es->val[0].extnValue.length = 10; ret = RAND_bytes(es->val[0].extnValue.data, es->val[0].extnValue.length); if (ret != 1) { - free_OCSPRequest(&req); - return HX509_CRYPTO_INTERNAL_ERROR; + ret = HX509_CRYPTO_INTERNAL_ERROR; + goto out; + } + ret = der_copy_octet_string(nonce, &es->val[0].extnValue); + if (ret) { + ret = ENOMEM; + goto out; } } @@ -855,12 +1034,15 @@ hx509_ocsp_request(hx509_context context, &req, &size, ret); free_OCSPRequest(&req); if (ret) - return ret; + goto out; if (size != request->length) _hx509_abort("internal ASN.1 encoder error"); - return 0; + +out: + free_OCSPRequest(&req); + return ret; } static char * @@ -872,6 +1054,18 @@ printable_time(time_t t) return s; } +/** + * Print the OCSP reply stored in a file. + * + * @param context a hx509 context + * @param path path to a file with a OCSP reply + * @param out the out FILE descriptor to print the reply on + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_revoke + */ + int hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out) { @@ -959,10 +1153,23 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out) return ret; } -/* - * Verify that the `cert' is part of the OCSP reply and its not - * expired. Doesn't verify signature the OCSP reply or its done by a +/** + * Verify that the certificate is part of the OCSP reply and it's not + * expired. Doesn't verify signature the OCSP reply or it's done by a * authorized sender, that is assumed to be already done. + * + * @param context a hx509 context + * @param now the time right now, if 0, use the current time. + * @param cert the certificate to verify + * @param flags flags control the behavior + * @param data pointer to the encode ocsp reply + * @param length the length of the encode ocsp reply + * @param expiration return the time the OCSP will expire and need to + * be rechecked. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_verify */ int @@ -1062,6 +1269,17 @@ struct hx509_crl { time_t expire; }; +/** + * Create a CRL context. Use hx509_crl_free() to free the CRL context. + * + * @param context a hx509 context. + * @param crl return pointer to a newly allocated CRL context. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_verify + */ + int hx509_crl_alloc(hx509_context context, hx509_crl *crl) { @@ -1083,6 +1301,18 @@ hx509_crl_alloc(hx509_context context, hx509_crl *crl) return ret; } +/** + * Add revoked certificate to an CRL context. + * + * @param context a hx509 context. + * @param crl the CRL to add the revoked certificate to. + * @param certs keyset of certificate to revoke. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_verify + */ + int hx509_crl_add_revoked_certs(hx509_context context, hx509_crl crl, @@ -1091,6 +1321,19 @@ hx509_crl_add_revoked_certs(hx509_context context, return hx509_certs_merge(context, crl->revoked, certs); } +/** + * Set the lifetime of a CRL context. + * + * @param context a hx509 context. + * @param crl a CRL context + * @param delta delta time the certificate is valid, library adds the + * current time to this. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_verify + */ + int hx509_crl_lifetime(hx509_context context, hx509_crl crl, int delta) { @@ -1098,6 +1341,14 @@ hx509_crl_lifetime(hx509_context context, hx509_crl crl, int delta) return 0; } +/** + * Free a CRL context. + * + * @param context a hx509 context. + * @param crl a CRL context to free. + * + * @ingroup hx509_verify + */ void hx509_crl_free(hx509_context context, hx509_crl *crl) @@ -1144,6 +1395,19 @@ add_revoked(hx509_context context, void *ctx, hx509_cert cert) return 0; } +/** + * Sign a CRL and return an encode certificate. + * + * @param context a hx509 context. + * @param signer certificate to sign the CRL with + * @param crl the CRL to sign + * @param os return the signed and encoded CRL, free with + * free_heim_octet_string() + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_verify + */ int hx509_crl_sign(hx509_context context, diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c index 999ce7f120..775239cf6d 100644 --- a/source4/heimdal/lib/krb5/acache.c +++ b/source4/heimdal/lib/krb5/acache.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -37,7 +37,7 @@ #include #endif -RCSID("$Id: acache.c 19764 2007-01-08 15:31:01Z lha $"); +RCSID("$Id: acache.c 22669 2008-03-09 23:39:25Z lha $"); /* XXX should we fetch these for each open ? */ static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; @@ -188,11 +188,10 @@ make_cred_from_ccred(krb5_context context, ; if (i) { - cred->authdata.val = malloc(sizeof(cred->authdata.val[0]) * i); + cred->authdata.val = calloc(i, sizeof(cred->authdata.val[0])); if (cred->authdata.val == NULL) goto nomem; cred->authdata.len = i; - memset(cred->authdata.val, 0, sizeof(cred->authdata.val[0]) * i); for (i = 0; i < cred->authdata.len; i++) { cred->authdata.val[i].ad_type = incred->authdata[i]->type; ret = krb5_data_copy(&cred->authdata.val[i].ad_data, @@ -207,11 +206,10 @@ make_cred_from_ccred(krb5_context context, ; if (i) { - cred->addresses.val = malloc(sizeof(cred->addresses.val[0]) * i); + cred->addresses.val = calloc(i, sizeof(cred->addresses.val[0])); if (cred->addresses.val == NULL) goto nomem; cred->addresses.len = i; - memset(cred->addresses.val, 0, sizeof(cred->addresses.val[0]) * i); for (i = 0; i < cred->addresses.len; i++) { cred->addresses.val[i].addr_type = incred->addresses[i]->type; @@ -260,7 +258,7 @@ nomem: krb5_set_error_string(context, "malloc - out of memory"); fail: - krb5_free_creds_contents(context, cred); + krb5_free_cred_contents(context, cred); return ret; } @@ -331,6 +329,10 @@ make_ccred_from_cred(krb5_context context, for (i = 0; i < incred->addresses.len; i++) { cc_data *addr; addr = malloc(sizeof(*addr)); + if (addr == NULL) { + ret = ENOMEM; + goto fail; + } addr->type = incred->addresses.val[i].addr_type; addr->length = incred->addresses.val[i].address.length; addr->data = malloc(addr->length); @@ -383,20 +385,21 @@ fail: return ret; } -static char * -get_cc_name(cc_ccache_t cache) +static cc_int32 +get_cc_name(krb5_acc *a) { cc_string_t name; cc_int32 error; - char *str; - error = (*cache->func->get_name)(cache, &name); + error = (*a->ccache->func->get_name)(a->ccache, &name); if (error) - return NULL; + return error; - str = strdup(name->data); + a->cache_name = strdup(name->data); (*name->func->release)(name); - return str; + if (a->cache_name == NULL) + return ccErrNoMem; + return ccNoError; } @@ -405,17 +408,36 @@ acc_get_name(krb5_context context, krb5_ccache id) { krb5_acc *a = ACACHE(id); - static char n[255]; - char *name; + int32_t error; - name = get_cc_name(a->ccache); - if (name == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return NULL; - } - strlcpy(n, name, sizeof(n)); - free(name); - return n; + if (a->cache_name == NULL) { + krb5_error_code ret; + krb5_principal principal; + char *name; + + ret = _krb5_get_default_principal_local(context, &principal); + if (ret) + return NULL; + + ret = krb5_unparse_name(context, principal, &name); + krb5_free_principal(context, principal); + if (ret) + return NULL; + + error = (*a->context->func->create_new_ccache)(a->context, + cc_credentials_v5, + name, + &a->ccache); + krb5_xfree(name); + if (error) + return NULL; + + error = get_cc_name(a); + if (error) + return NULL; + } + + return a->cache_name; } static krb5_error_code @@ -448,23 +470,6 @@ acc_alloc(krb5_context context, krb5_ccache *id) return 0; } -static krb5_error_code -get_default_principal(krb5_context context, char **p) -{ - krb5_error_code ret; - krb5_principal principal; - - *p = NULL; - - ret = _krb5_get_default_principal_local(context, &principal); - if (ret) - return ret; - - ret = krb5_unparse_name(context, principal, p); - krb5_free_principal(context, principal); - return ret; -} - static krb5_error_code acc_resolve(krb5_context context, krb5_ccache *id, const char *res) { @@ -478,38 +483,22 @@ acc_resolve(krb5_context context, krb5_ccache *id, const char *res) a = ACACHE(*id); - if (res == NULL || res[0] == '\0') { - error = (*a->context->func->open_default_ccache)(a->context, - &a->ccache); - if (error == ccErrCCacheNotFound) { - char *p; - - ret = get_default_principal(context, &p); - if (ret == 0) { - error = (*a->context->func->create_default_ccache)(a->context, - cc_credentials_v5, - p, - &a->ccache); - free(p); - } + error = (*a->context->func->open_ccache)(a->context, res, &a->ccache); + if (error == ccNoError) { + error = get_cc_name(a); + if (error != ccNoError) { + acc_close(context, *id); + *id = NULL; + return translate_cc_error(context, error); } - if (error == 0) - a->cache_name = get_cc_name(a->ccache); + } else if (error == ccErrCCacheNotFound) { + a->ccache = NULL; + a->cache_name = NULL; + error = 0; } else { - error = (*a->context->func->open_ccache)(a->context, res, &a->ccache); - if (error == 0) - a->cache_name = strdup(res); - } - if (error != 0) { *id = NULL; return translate_cc_error(context, error); } - if (a->cache_name == NULL) { - acc_close(context, *id); - *id = NULL; - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } return 0; } @@ -518,35 +507,17 @@ static krb5_error_code acc_gen_new(krb5_context context, krb5_ccache *id) { krb5_error_code ret; - cc_int32 error; krb5_acc *a; - char *p; - - ret = get_default_principal(context, &p); ret = acc_alloc(context, id); - if (ret) { - free(p); + if (ret) return ret; - } a = ACACHE(*id); - error = (*a->context->func->create_new_ccache)(a->context, - cc_credentials_v5, - p, &a->ccache); - free(p); - if (error) { - *id = NULL; - return translate_cc_error(context, error); - } - a->cache_name = get_cc_name(a->ccache); - if (a->cache_name == NULL) { - acc_close(context, *id); - *id = NULL; - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } + a->ccache = NULL; + a->cache_name = NULL; + return 0; } @@ -555,9 +526,7 @@ acc_initialize(krb5_context context, krb5_ccache id, krb5_principal primary_principal) { - cc_credentials_iterator_t iter; krb5_acc *a = ACACHE(id); - cc_credentials_t ccred; krb5_error_code ret; int32_t error; char *name; @@ -566,12 +535,17 @@ acc_initialize(krb5_context context, if (ret) return ret; - if (a->ccache == NULL) { + if (a->cache_name == NULL) { error = (*a->context->func->create_new_ccache)(a->context, cc_credentials_v5, name, &a->ccache); - } else { + free(name); + if (error == ccNoError) + error = get_cc_name(a); + } else { + cc_credentials_iterator_t iter; + cc_credentials_t ccred; error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter); if (error) { @@ -593,8 +567,6 @@ acc_initialize(krb5_context context, name); } - free(name); - return translate_cc_error(context, error); } @@ -629,6 +601,10 @@ acc_destroy(krb5_context context, error = (*a->ccache->func->destroy)(a->ccache); a->ccache = NULL; } + if (a->context) { + error = (a->context->func->release)(a->context); + a->context = NULL; + } return translate_cc_error(context, error); } @@ -643,6 +619,11 @@ acc_store_cred(krb5_context context, krb5_error_code ret; cc_int32 error; + if (a->ccache == NULL) { + krb5_set_error_string(context, "No API credential found"); + return KRB5_CC_NOTFOUND; + } + cred.version = cc_credentials_v5; cred.credentials.credentials_v5 = &v5cred; @@ -671,8 +652,10 @@ acc_get_principal(krb5_context context, int32_t error; cc_string_t name; - if (a->ccache == NULL) - return ENOENT; + if (a->ccache == NULL) { + krb5_set_error_string(context, "No API credential found"); + return KRB5_CC_NOTFOUND; + } error = (*a->ccache->func->get_principal)(a->ccache, cc_credentials_v5, @@ -695,6 +678,11 @@ acc_get_first (krb5_context context, krb5_acc *a = ACACHE(id); int32_t error; + if (a->ccache == NULL) { + krb5_set_error_string(context, "No API credential found"); + return KRB5_CC_NOTFOUND; + } + error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter); if (error) { krb5_clear_error_string(context); @@ -755,6 +743,11 @@ acc_remove_cred(krb5_context context, cc_int32 error; char *client, *server; + if (a->ccache == NULL) { + krb5_set_error_string(context, "No API credential found"); + return KRB5_CC_NOTFOUND; + } + if (cred->client) { ret = krb5_unparse_name(context, cred->client, &client); if (ret) @@ -894,12 +887,11 @@ acc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) a = ACACHE(*id); a->ccache = cache; - a->cache_name = get_cc_name(a->ccache); - if (a->cache_name == NULL) { + error = get_cc_name(a); + if (error) { acc_close(context, *id); *id = NULL; - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; + return translate_cc_error(context, error); } return 0; } @@ -917,6 +909,76 @@ acc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) return 0; } +static krb5_error_code +acc_move(krb5_context context, krb5_ccache from, krb5_ccache to) +{ + krb5_acc *afrom = ACACHE(from); + krb5_acc *ato = ACACHE(to); + int32_t error; + + if (ato->ccache == NULL) { + cc_string_t name; + + error = (*afrom->ccache->func->get_principal)(afrom->ccache, + cc_credentials_v5, + &name); + if (error) + return translate_cc_error(context, error); + + error = (*ato->context->func->create_new_ccache)(ato->context, + cc_credentials_v5, + name->data, + &ato->ccache); + (*name->func->release)(name); + if (error) + return translate_cc_error(context, error); + } + + + error = (*ato->ccache->func->move)(afrom->ccache, ato->ccache); + return translate_cc_error(context, error); +} + +static krb5_error_code +acc_default_name(krb5_context context, char **str) +{ + krb5_error_code ret; + cc_context_t cc; + cc_string_t name; + int32_t error; + + ret = init_ccapi(context); + if (ret) + return ret; + + error = (*init_func)(&cc, ccapi_version_3, NULL, NULL); + if (error) + return translate_cc_error(context, error); + + error = (*cc->func->get_default_ccache_name)(cc, &name); + if (error) { + (*cc->func->release)(cc); + return translate_cc_error(context, error); + } + + asprintf(str, "API:%s", name->data); + (*name->func->release)(name); + (*cc->func->release)(cc); + + if (*str == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + return 0; +} + + +/** + * Variable containing the API based credential cache implemention. + * + * @ingroup krb5_ccache + */ + const krb5_cc_ops krb5_acc_ops = { "API", acc_get_name, @@ -936,5 +998,7 @@ const krb5_cc_ops krb5_acc_ops = { acc_get_version, acc_get_cache_first, acc_get_cache_next, - acc_end_cache_get + acc_end_cache_get, + acc_move, + acc_default_name }; diff --git a/source4/heimdal/lib/krb5/add_et_list.c b/source4/heimdal/lib/krb5/add_et_list.c index a6005c6859..5455d8ac99 100644 --- a/source4/heimdal/lib/krb5/add_et_list.c +++ b/source4/heimdal/lib/krb5/add_et_list.c @@ -33,12 +33,20 @@ #include "krb5_locl.h" -RCSID("$Id: add_et_list.c 13713 2004-04-13 14:33:45Z lha $"); +RCSID("$Id: add_et_list.c 22603 2008-02-21 18:44:57Z lha $"); -/* +/** * Add a specified list of error messages to the et list in context. * Call func (probably a comerr-generated function) with a pointer to * the current et_list. + * + * @param context A kerberos context. + * @param func The generated com_err et function. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 */ krb5_error_code KRB5_LIB_FUNCTION diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c index 8c31843058..f364f5974d 100644 --- a/source4/heimdal/lib/krb5/addr_families.c +++ b/source4/heimdal/lib/krb5/addr_families.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c 18805 2006-10-22 06:54:00Z lha $"); +RCSID("$Id: addr_families.c 22039 2007-11-10 11:47:35Z lha $"); struct addr_operations { int af; @@ -767,6 +767,19 @@ find_atype(int atype) return NULL; } +/** + * krb5_sockaddr2address stores a address a "struct sockaddr" sa in + * the krb5_address addr. + * + * @param context a Keberos context + * @param sa a struct sockaddr to extract the address from + * @param addr an Kerberos 5 address to store the address in. + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_sockaddr2address (krb5_context context, const struct sockaddr *sa, krb5_address *addr) @@ -780,6 +793,20 @@ krb5_sockaddr2address (krb5_context context, return (*a->sockaddr2addr)(sa, addr); } +/** + * krb5_sockaddr2port extracts a port (if possible) from a "struct + * sockaddr. + * + * @param context a Keberos context + * @param sa a struct sockaddr to extract the port from + * @param port a pointer to an int16_t store the port in. + * + * @return Return an error code or 0. Will return + * KRB5_PROG_ATYPE_NOSUPP in case address type is not supported. + * + * @ingroup krb5_address + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_sockaddr2port (krb5_context context, const struct sockaddr *sa, int16_t *port) @@ -793,6 +820,27 @@ krb5_sockaddr2port (krb5_context context, return (*a->sockaddr2port)(sa, port); } +/** + * krb5_addr2sockaddr sets the "struct sockaddr sockaddr" from addr + * and port. The argument sa_size should initially contain the size of + * the sa and after the call, it will contain the actual length of the + * address. In case of the sa is too small to fit the whole address, + * the up to *sa_size will be stored, and then *sa_size will be set to + * the required length. + * + * @param context a Keberos context + * @param addr the address to copy the from + * @param sa the struct sockaddr that will be filled in + * @param sa_size pointer to length of sa, and after the call, it will + * contain the actual length of the address. + * @param port set port in sa. + * + * @return Return an error code or 0. Will return + * KRB5_PROG_ATYPE_NOSUPP in case address type is not supported. + * + * @ingroup krb5_address + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_addr2sockaddr (krb5_context context, const krb5_address *addr, @@ -808,7 +856,8 @@ krb5_addr2sockaddr (krb5_context context, return KRB5_PROG_ATYPE_NOSUPP; } if (a->addr2sockaddr == NULL) { - krb5_set_error_string (context, "Can't convert address type %d to sockaddr", + krb5_set_error_string (context, + "Can't convert address type %d to sockaddr", addr->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } @@ -816,6 +865,15 @@ krb5_addr2sockaddr (krb5_context context, return 0; } +/** + * krb5_max_sockaddr_size returns the max size of the .Li struct + * sockaddr that the Kerberos library will return. + * + * @return Return an size_t of the maximum struct sockaddr. + * + * @ingroup krb5_address + */ + size_t KRB5_LIB_FUNCTION krb5_max_sockaddr_size (void) { @@ -828,6 +886,18 @@ krb5_max_sockaddr_size (void) return max_sockaddr_size; } +/** + * krb5_sockaddr_uninteresting returns TRUE for all .Fa sa that the + * kerberos library thinks are uninteresting. One example are link + * local addresses. + * + * @param sa pointer to struct sockaddr that might be interesting. + * + * @return Return a non zero for uninteresting addresses. + * + * @ingroup krb5_address + */ + krb5_boolean KRB5_LIB_FUNCTION krb5_sockaddr_uninteresting(const struct sockaddr *sa) { @@ -837,6 +907,25 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa) return (*a->uninteresting)(sa); } +/** + * krb5_h_addr2sockaddr initializes a "struct sockaddr sa" from af and + * the "struct hostent" (see gethostbyname(3) ) h_addr_list + * component. The argument sa_size should initially contain the size + * of the sa, and after the call, it will contain the actual length of + * the address. + * + * @param context a Keberos context + * @param af addresses + * @param addr address + * @param sa returned struct sockaddr + * @param sa_size size of sa + * @param port port to set in sa. + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_h_addr2sockaddr (krb5_context context, int af, @@ -853,6 +942,20 @@ krb5_h_addr2sockaddr (krb5_context context, return 0; } +/** + * krb5_h_addr2addr works like krb5_h_addr2sockaddr with the exception + * that it operates on a krb5_address instead of a struct sockaddr. + * + * @param context a Keberos context + * @param af address family + * @param haddr host address from struct hostent. + * @param addr returned krb5_address. + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_h_addr2addr (krb5_context context, int af, @@ -866,6 +969,23 @@ krb5_h_addr2addr (krb5_context context, return (*a->h_addr2addr)(haddr, addr); } +/** + * krb5_anyaddr fills in a "struct sockaddr sa" that can be used to + * bind(2) to. The argument sa_size should initially contain the size + * of the sa, and after the call, it will contain the actual length + * of the address. + * + * @param context a Keberos context + * @param af address family + * @param sa sockaddr + * @param sa_size lenght of sa. + * @param port for to fill into sa. + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_anyaddr (krb5_context context, int af, @@ -884,6 +1004,22 @@ krb5_anyaddr (krb5_context context, return 0; } +/** + * krb5_print_address prints the address in addr to the string string + * that have the length len. If ret_len is not NULL, it will be filled + * with the length of the string if size were unlimited (not including + * the final NUL) . + * + * @param addr address to be printed + * @param str pointer string to print the address into + * @param len length that will fit into area pointed to by "str". + * @param ret_len return length the str. + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_print_address (const krb5_address *addr, char *str, size_t len, size_t *ret_len) @@ -921,6 +1057,19 @@ krb5_print_address (const krb5_address *addr, return 0; } +/** + * krb5_parse_address returns the resolved hostname in string to the + * krb5_addresses addresses . + * + * @param context a Keberos context + * @param string + * @param addresses + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_parse_address(krb5_context context, const char *string, @@ -980,6 +1129,21 @@ krb5_parse_address(krb5_context context, return 0; } +/** + * krb5_address_order compares the addresses addr1 and addr2 so that + * it can be used for sorting addresses. If the addresses are the same + * address krb5_address_order will return 0. Behavies like memcmp(2). + * + * @param context a Keberos context + * @param addr1 krb5_address to compare + * @param addr2 krb5_address to compare + * + * @return < 0 if address addr1 in "less" then addr2. 0 if addr1 and + * addr2 is the same address, > 0 if addr2 is "less" then addr1. + * + * @ingroup krb5_address + */ + int KRB5_LIB_FUNCTION krb5_address_order(krb5_context context, const krb5_address *addr1, @@ -1014,6 +1178,19 @@ krb5_address_order(krb5_context context, addr1->address.length); } +/** + * krb5_address_compare compares the addresses addr1 and addr2. + * Returns TRUE if the two addresses are the same. + * + * @param context a Keberos context + * @param addr1 address to compare + * @param addr2 address to compare + * + * @return Return an TRUE is the address are the same FALSE if not + * + * @ingroup krb5_address + */ + krb5_boolean KRB5_LIB_FUNCTION krb5_address_compare(krb5_context context, const krb5_address *addr1, @@ -1022,6 +1199,19 @@ krb5_address_compare(krb5_context context, return krb5_address_order (context, addr1, addr2) == 0; } +/** + * krb5_address_search checks if the address addr is a member of the + * address set list addrlist . + * + * @param context a Keberos context. + * @param addr address to search for. + * @param addrlist list of addresses to look in for addr. + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + krb5_boolean KRB5_LIB_FUNCTION krb5_address_search(krb5_context context, const krb5_address *addr, @@ -1035,6 +1225,18 @@ krb5_address_search(krb5_context context, return FALSE; } +/** + * krb5_free_address frees the data stored in the address that is + * alloced with any of the krb5_address functions. + * + * @param context a Keberos context + * @param address addresss to be freed. + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_free_address(krb5_context context, krb5_address *address) @@ -1047,6 +1249,18 @@ krb5_free_address(krb5_context context, return 0; } +/** + * krb5_free_addresses frees the data stored in the address that is + * alloced with any of the krb5_address functions. + * + * @param context a Keberos context + * @param addresses addressses to be freed. + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_free_addresses(krb5_context context, krb5_addresses *addresses) @@ -1060,6 +1274,19 @@ krb5_free_addresses(krb5_context context, return 0; } +/** + * krb5_copy_address copies the content of address + * inaddr to outaddr. + * + * @param context a Keberos context + * @param inaddr pointer to source address + * @param outaddr pointer to destination address + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_copy_address(krb5_context context, const krb5_address *inaddr, @@ -1071,6 +1298,19 @@ krb5_copy_address(krb5_context context, return copy_HostAddress(inaddr, outaddr); } +/** + * krb5_copy_addresses copies the content of addresses + * inaddr to outaddr. + * + * @param context a Keberos context + * @param inaddr pointer to source addresses + * @param outaddr pointer to destination addresses + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_copy_addresses(krb5_context context, const krb5_addresses *inaddr, @@ -1085,6 +1325,19 @@ krb5_copy_addresses(krb5_context context, return 0; } +/** + * krb5_append_addresses adds the set of addresses in source to + * dest. While copying the addresses, duplicates are also sorted out. + * + * @param context a Keberos context + * @param dest destination of copy operation + * @param source adresses that are going to be added to dest + * + * @return Return an error code or 0. + * + * @ingroup krb5_address + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_append_addresses(krb5_context context, krb5_addresses *dest, @@ -1115,8 +1368,17 @@ krb5_append_addresses(krb5_context context, return 0; } -/* +/** * Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port) + * + * @param context a Keberos context + * @param res built address from addr/port + * @param addr address to use + * @param port port to use + * + * @return Return an error code or 0. + * + * @ingroup krb5_address */ krb5_error_code KRB5_LIB_FUNCTION @@ -1170,9 +1432,19 @@ krb5_make_addrport (krb5_context context, return 0; } -/* +/** * Calculate the boundary addresses of `inaddr'/`prefixlen' and store * them in `low' and `high'. + * + * @param context a Keberos context + * @param inaddr address in prefixlen that the bondery searched + * @param prefixlen width of boundery + * @param low lowest address + * @param high highest address + * + * @return Return an error code or 0. + * + * @ingroup krb5_address */ krb5_error_code KRB5_LIB_FUNCTION diff --git a/source4/heimdal/lib/krb5/asn1_glue.c b/source4/heimdal/lib/krb5/asn1_glue.c index 6b7d40d453..b3f775b4be 100644 --- a/source4/heimdal/lib/krb5/asn1_glue.c +++ b/source4/heimdal/lib/krb5/asn1_glue.c @@ -37,7 +37,7 @@ #include "krb5_locl.h" -RCSID("$Id: asn1_glue.c 18269 2006-10-06 17:02:48Z lha $"); +RCSID("$Id: asn1_glue.c 21745 2007-07-31 16:11:25Z lha $"); krb5_error_code KRB5_LIB_FUNCTION _krb5_principal2principalname (PrincipalName *p, @@ -53,8 +53,12 @@ _krb5_principalname2krb5_principal (krb5_context context, const Realm realm) { krb5_principal p = malloc(sizeof(*p)); + if (p == NULL) + return ENOMEM; copy_PrincipalName(&from, &p->name); p->realm = strdup(realm); + if (p->realm == NULL) + return ENOMEM; *principal = p; return 0; } diff --git a/source4/heimdal/lib/krb5/auth_context.c b/source4/heimdal/lib/krb5/auth_context.c index 5e08f15ad4..323f17a245 100644 --- a/source4/heimdal/lib/krb5/auth_context.c +++ b/source4/heimdal/lib/krb5/auth_context.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: auth_context.c 14452 2005-01-05 02:34:08Z lukeh $"); +RCSID("$Id: auth_context.c 21745 2007-07-31 16:11:25Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_auth_con_init(krb5_context context, @@ -141,14 +141,16 @@ krb5_auth_con_setaddrs(krb5_context context, if (auth_context->local_address) krb5_free_address (context, auth_context->local_address); else - auth_context->local_address = malloc(sizeof(krb5_address)); + if ((auth_context->local_address = malloc(sizeof(krb5_address))) == NULL) + return ENOMEM; krb5_copy_address(context, local_addr, auth_context->local_address); } if (remote_addr) { if (auth_context->remote_address) krb5_free_address (context, auth_context->remote_address); else - auth_context->remote_address = malloc(sizeof(krb5_address)); + if ((auth_context->remote_address = malloc(sizeof(krb5_address))) == NULL) + return ENOMEM; krb5_copy_address(context, remote_addr, auth_context->remote_address); } return 0; diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index 59aae40d28..5db6d2b2cf 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,12 +33,20 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c 21498 2007-07-11 09:41:43Z lha $"); +RCSID("$Id: cache.c 22127 2007-12-04 00:54:37Z lha $"); -/* +/** * Add a new ccache type with operations `ops', overwriting any * existing one if `override'. - * Return an error code or 0. + * + * @param context a Keberos context + * @param ops type of plugin symbol + * @param override flag to select if the registration is to overide + * an existing ops with the same name. + * + * @return Return an error code or 0. + * + * @ingroup krb5_ccache */ krb5_error_code KRB5_LIB_FUNCTION @@ -101,8 +109,7 @@ _krb5_cc_allocate(krb5_context context, /* * Allocate memory for a new ccache in `id' with operations `ops' - * and name `residual'. - * Return 0 or an error code. + * and name `residual'. Return 0 or an error code. */ static krb5_error_code @@ -122,12 +129,21 @@ allocate_ccache (krb5_context context, return ret; } -/* +/** * Find and allocate a ccache in `id' from the specification in `residual'. * If the ccache name doesn't contain any colon, interpret it as a file name. - * Return 0 or an error code. + * + * @param context a Keberos context. + * @param name string name of a credential cache. + * @param id return pointer to a found credential cache. + * + * @return Return 0 or an error code. In case of an error, id is set + * to NULL. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_resolve(krb5_context context, const char *name, @@ -135,6 +151,8 @@ krb5_cc_resolve(krb5_context context, { int i; + *id = NULL; + for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) { size_t prefix_len = strlen(context->cc_ops[i].prefix); @@ -153,57 +171,64 @@ krb5_cc_resolve(krb5_context context, } } -/* +/** * Generate a new ccache of type `ops' in `id'. - * Return 0 or an error code. + * + * @return Return 0 or an error code. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_gen_new(krb5_context context, const krb5_cc_ops *ops, krb5_ccache *id) { - krb5_error_code ret; - - ret = _krb5_cc_allocate(context, ops, id); - if (ret) - return ret; - return (*id)->ops->gen_new(context, id); + return krb5_cc_new_unique(context, ops->prefix, NULL, id); } -/* +/** * Generates a new unique ccache of `type` in `id'. If `type' is NULL, * the library chooses the default credential cache type. The supplied * `hint' (that can be NULL) is a string that the credential cache * type can use to base the name of the credential on, this is to make - * its easier for the user to differentiate the credentials. + * it easier for the user to differentiate the credentials. + * + * @return Returns 0 or an error code. * - * Returns 0 or an error code. + * @ingroup krb5_ccache */ krb5_error_code KRB5_LIB_FUNCTION krb5_cc_new_unique(krb5_context context, const char *type, const char *hint, krb5_ccache *id) { - const krb5_cc_ops *ops; - - if (type == NULL) - type = KRB5_DEFAULT_CCNAME; + const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE; + krb5_error_code ret; - ops = krb5_cc_get_prefix_ops(context, type); - if (ops == NULL) { - krb5_set_error_string(context, "Credential cache type %s is unknown", - type); - return KRB5_CC_UNKNOWN_TYPE; + if (type) { + ops = krb5_cc_get_prefix_ops(context, type); + if (ops == NULL) { + krb5_set_error_string(context, + "Credential cache type %s is unknown", type); + return KRB5_CC_UNKNOWN_TYPE; + } } - return krb5_cc_gen_new(context, ops, id); + ret = _krb5_cc_allocate(context, ops, id); + if (ret) + return ret; + return (*id)->ops->gen_new(context, id); } -/* +/** * Return the name of the ccache `id' + * + * @ingroup krb5_ccache */ + const char* KRB5_LIB_FUNCTION krb5_cc_get_name(krb5_context context, krb5_ccache id) @@ -211,10 +236,13 @@ krb5_cc_get_name(krb5_context context, return id->ops->get_name(context, id); } -/* +/** * Return the type of the ccache `id'. + * + * @ingroup krb5_ccache */ + const char* KRB5_LIB_FUNCTION krb5_cc_get_type(krb5_context context, krb5_ccache id) @@ -222,12 +250,15 @@ krb5_cc_get_type(krb5_context context, return id->ops->prefix; } -/* +/** * Return the complete resolvable name the ccache `id' in `str´. * `str` should be freed with free(3). * Returns 0 or an error (and then *str is set to NULL). + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_get_full_name(krb5_context context, krb5_ccache id, @@ -257,10 +288,13 @@ krb5_cc_get_full_name(krb5_context context, return 0; } -/* +/** * Return krb5_cc_ops of a the ccache `id'. + * + * @ingroup krb5_ccache */ + const krb5_cc_ops * krb5_cc_get_ops(krb5_context context, krb5_ccache id) { @@ -348,6 +382,10 @@ environment_changed(krb5_context context) { const char *e; + /* if the cc name was set, don't change it */ + if (context->default_cc_name_set) + return 0; + if(issuid()) return 0; @@ -367,10 +405,13 @@ environment_changed(krb5_context context) return 0; } -/* +/** * Set the default cc name for `context' to `name'. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_set_default_name(krb5_context context, const char *name) { @@ -392,14 +433,23 @@ krb5_cc_set_default_name(krb5_context context, const char *name) if (e == NULL) { e = krb5_config_get_string(context, NULL, "libdefaults", "default_cc_name", NULL); - if (e == NULL) - e = KRB5_DEFAULT_CCNAME; - ret = _krb5_expand_default_cc_name(context, e, &p); - if (ret) - return ret; + if (e) { + ret = _krb5_expand_default_cc_name(context, e, &p); + if (ret) + return ret; + } + if (e == NULL) { + const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE; + ret = (*ops->default_name)(context, &p); + if (ret) + return ret; + } } - } else + context->default_cc_name_set = 0; + } else { p = strdup(name); + context->default_cc_name_set = 1; + } if (p == NULL) { krb5_set_error_string(context, "malloc - out of memory"); @@ -414,11 +464,16 @@ krb5_cc_set_default_name(krb5_context context, const char *name) return ret; } -/* +/** * Return a pointer to a context static string containing the default * ccache name. + * + * @return String to the default credential cache name. + * + * @ingroup krb5_ccache */ + const char* KRB5_LIB_FUNCTION krb5_cc_default_name(krb5_context context) { @@ -428,11 +483,15 @@ krb5_cc_default_name(krb5_context context) return context->default_cc_name; } -/* +/** * Open the default ccache in `id'. - * Return 0 or an error code. + * + * @return Return 0 or an error code. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_default(krb5_context context, krb5_ccache *id) @@ -446,11 +505,15 @@ krb5_cc_default(krb5_context context, return krb5_cc_resolve(context, p, id); } -/* +/** * Create a new ccache in `id' for `primary_principal'. - * Return 0 or an error code. + * + * @return Return 0 or an error code. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_initialize(krb5_context context, krb5_ccache id, @@ -460,11 +523,15 @@ krb5_cc_initialize(krb5_context context, } -/* +/** * Remove the ccache `id'. - * Return 0 or an error code. + * + * @return Return 0 or an error code. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_destroy(krb5_context context, krb5_ccache id) @@ -476,11 +543,15 @@ krb5_cc_destroy(krb5_context context, return ret; } -/* +/** * Stop using the ccache `id' and free the related resources. - * Return 0 or an error code. + * + * @return Return 0 or an error code. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_close(krb5_context context, krb5_ccache id) @@ -491,11 +562,15 @@ krb5_cc_close(krb5_context context, return ret; } -/* +/** * Store `creds' in the ccache `id'. - * Return 0 or an error code. + * + * @return Return 0 or an error code. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_store_cred(krb5_context context, krb5_ccache id, @@ -504,13 +579,17 @@ krb5_cc_store_cred(krb5_context context, return (*id->ops->store)(context, id, creds); } -/* +/** * Retrieve the credential identified by `mcreds' (and `whichfields') * from `id' in `creds'. 'creds' must be free by the caller using * krb5_free_cred_contents. - * Return 0 or an error code. + * + * @return Return 0 or an error code. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_retrieve_cred(krb5_context context, krb5_ccache id, @@ -526,7 +605,9 @@ krb5_cc_retrieve_cred(krb5_context context, mcreds, creds); } - krb5_cc_start_seq_get(context, id, &cursor); + ret = krb5_cc_start_seq_get(context, id, &cursor); + if (ret) + return ret; while((ret = krb5_cc_next_cred(context, id, &cursor, creds)) == 0){ if(krb5_compare_creds(context, whichfields, mcreds, creds)){ ret = 0; @@ -538,11 +619,15 @@ krb5_cc_retrieve_cred(krb5_context context, return ret; } -/* +/** * Return the principal of `id' in `principal'. - * Return 0 or an error code. + * + * @return Return 0 or an error code. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_get_principal(krb5_context context, krb5_ccache id, @@ -551,12 +636,16 @@ krb5_cc_get_principal(krb5_context context, return (*id->ops->get_princ)(context, id, principal); } -/* +/** * Start iterating over `id', `cursor' is initialized to the * beginning. - * Return 0 or an error code. + * + * @return Return 0 or an error code. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_start_seq_get (krb5_context context, const krb5_ccache id, @@ -565,12 +654,16 @@ krb5_cc_start_seq_get (krb5_context context, return (*id->ops->get_first)(context, id, cursor); } -/* +/** * Retrieve the next cred pointed to by (`id', `cursor') in `creds' * and advance `cursor'. - * Return 0 or an error code. + * + * @return Return 0 or an error code. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_next_cred (krb5_context context, const krb5_ccache id, @@ -580,7 +673,12 @@ krb5_cc_next_cred (krb5_context context, return (*id->ops->get_next)(context, id, cursor, creds); } -/* like krb5_cc_next_cred, but allow for selective retrieval */ +/** + * Like krb5_cc_next_cred, but allow for selective retrieval + * + * @ingroup krb5_ccache + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_next_cred_match(krb5_context context, @@ -601,10 +699,13 @@ krb5_cc_next_cred_match(krb5_context context, } } -/* +/** * Destroy the cursor `cursor'. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_end_seq_get (krb5_context context, const krb5_ccache id, @@ -613,10 +714,13 @@ krb5_cc_end_seq_get (krb5_context context, return (*id->ops->end_get)(context, id, cursor); } -/* +/** * Remove the credential identified by `cred', `which' from `id'. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_remove_cred(krb5_context context, krb5_ccache id, @@ -632,10 +736,13 @@ krb5_cc_remove_cred(krb5_context context, return (*id->ops->remove_cred)(context, id, which, cred); } -/* +/** * Set the flags of `id' to `flags'. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_set_flags(krb5_context context, krb5_ccache id, @@ -644,10 +751,13 @@ krb5_cc_set_flags(krb5_context context, return (*id->ops->set_flags)(context, id, flags); } -/* +/** * Copy the contents of `from' to `to'. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_copy_cache_match(krb5_context context, const krb5_ccache from, @@ -689,6 +799,13 @@ krb5_cc_copy_cache_match(krb5_context context, return ret; } +/** + * Just like krb5_cc_copy_cache_match, but copy everything. + * + * @ingroup krb5_ccache + */ + + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_copy_cache(krb5_context context, const krb5_ccache from, @@ -697,10 +814,13 @@ krb5_cc_copy_cache(krb5_context context, return krb5_cc_copy_cache_match(context, from, to, 0, NULL, NULL); } -/* +/** * Return the version of `id'. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_get_version(krb5_context context, const krb5_ccache id) @@ -711,23 +831,30 @@ krb5_cc_get_version(krb5_context context, return 0; } -/* +/** * Clear `mcreds' so it can be used with krb5_cc_retrieve_cred + * + * @ingroup krb5_ccache */ + void KRB5_LIB_FUNCTION krb5_cc_clear_mcred(krb5_creds *mcred) { memset(mcred, 0, sizeof(*mcred)); } -/* +/** * Get the cc ops that is registered in `context' to handle the * `prefix'. `prefix' can be a complete credential cache name or a * prefix, the function will only use part up to the first colon (:) - * if there is one. Returns NULL if ops not found. + * if there is one. + * Returns NULL if ops not found. + * + * @ingroup krb5_ccache */ + const krb5_cc_ops * krb5_cc_get_prefix_ops(krb5_context context, const char *prefix) { @@ -761,12 +888,16 @@ struct krb5_cc_cache_cursor_data { krb5_cc_cursor cursor; }; -/* +/** * Start iterating over all caches of `type'. If `type' is NULL, the * default type is * used. `cursor' is initialized to the beginning. - * Return 0 or an error code. + * + * @return Return 0 or an error code. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_cache_get_first (krb5_context context, const char *type, @@ -807,12 +938,16 @@ krb5_cc_cache_get_first (krb5_context context, return ret; } -/* +/** * Retrieve the next cache pointed to by (`cursor') in `id' * and advance `cursor'. - * Return 0 or an error code. + * + * @return Return 0 or an error code. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_cache_next (krb5_context context, krb5_cc_cache_cursor cursor, @@ -821,10 +956,15 @@ krb5_cc_cache_next (krb5_context context, return cursor->ops->get_cache_next(context, cursor->cursor, id); } -/* +/** * Destroy the cursor `cursor'. + * + * @return Return 0 or an error code. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_cache_end_seq_get (krb5_context context, krb5_cc_cache_cursor cursor) @@ -836,14 +976,18 @@ krb5_cc_cache_end_seq_get (krb5_context context, return ret; } -/* +/** * Search for a matching credential cache of type `type' that have the * `principal' as the default principal. If NULL is used for `type', * the default type is used. On success, `id' needs to be freed with - * krb5_cc_close or krb5_cc_destroy. On failure, error code is - * returned and `id' is set to NULL. + * krb5_cc_close or krb5_cc_destroy. + * + * @return On failure, error code is returned and `id' is set to NULL. + * + * @ingroup krb5_ccache */ + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_cache_match (krb5_context context, krb5_principal client, @@ -895,3 +1039,35 @@ krb5_cc_cache_match (krb5_context context, return 0; } +/** + * Move the content from one credential cache to another. The + * operation is an atomic switch. + * + * @param context a Keberos context + * @param from the credential cache to move the content from + * @param to the credential cache to move the content to + + * @return On sucess, from is freed. On failure, error code is + * returned and from and to are both still allocated. + * + * @ingroup krb5_ccache + */ + +krb5_error_code +krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to) +{ + krb5_error_code ret; + + if (strcmp(from->ops->prefix, to->ops->prefix) != 0) { + krb5_set_error_string(context, "Moving credentials between diffrent " + "types not yet supported"); + return KRB5_CC_NOSUPP; + } + + ret = (*to->ops->move)(context, from, to); + if (ret == 0) { + memset(from, 0, sizeof(*from)); + free(from); + } + return ret; +} diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index b54e293a60..256783310e 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -34,12 +34,19 @@ #include "krb5_locl.h" #include -RCSID("$Id: context.c 19107 2006-11-24 14:24:33Z lha $"); +RCSID("$Id: context.c 22293 2007-12-14 05:25:59Z lha $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ "libdefaults", F, NULL) +#define INIT_FLAG(C, O, V, D, F) \ + do { \ + if (krb5_config_get_bool_default((C), NULL, (D),"libdefaults", F, NULL)) { \ + (C)->O |= V; \ + } \ + } while(0) + /* * Set the list of etypes `ret_etypes' from the configuration variable * `name' @@ -181,11 +188,28 @@ init_context_from_config_file(krb5_context context) INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc"); INIT_FIELD(context, int, large_msg_size, 1400, "large_message_size"); - INIT_FIELD(context, bool, dns_canonicalize_hostname, TRUE, "dns_canonicalize_hostname"); + INIT_FLAG(context, flags, KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME, TRUE, "dns_canonicalize_hostname"); + INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac"); context->default_cc_name = NULL; + context->default_cc_name_set = 0; return 0; } +/** + * Initializes the context structure and reads the configuration file + * /etc/krb5.conf. The structure should be freed by calling + * krb5_free_context() when it is no longer being used. + * + * @param context pointer to returned context + * + * @return Returns 0 to indicate success. Otherwise an errno code is + * returned. Failure means either that something bad happened during + * initialization (typically ENOMEM) or that Kerberos should not be + * used ENXIO. + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_init_context(krb5_context *context) { @@ -246,11 +270,21 @@ out: return ret; } +/** + * Frees the krb5_context allocated by krb5_init_context(). + * + * @param context context to be freed. + * + * @ingroup krb5 +*/ + void KRB5_LIB_FUNCTION krb5_free_context(krb5_context context) { if (context->default_cc_name) free(context->default_cc_name); + if (context->default_cc_name_env) + free(context->default_cc_name_env); free(context->etypes); free(context->etypes_des); krb5_free_host_realm (context, context->default_realms); @@ -272,6 +306,18 @@ krb5_free_context(krb5_context context) free(context); } +/** + * Reinit the context from a new set of filenames. + * + * @param context context to add configuration too. + * @param filenames array of filenames, end of list is indicated with a NULL filename. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_set_config_files(krb5_context context, char **filenames) { @@ -324,7 +370,7 @@ add_file(char ***pfilenames, int *len, char *file) } /* - * `pq' isn't free, its up the the caller + * `pq' isn't free, it's up the the caller */ krb5_error_code KRB5_LIB_FUNCTION @@ -380,6 +426,18 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp) return 0; } +/** + * Prepend the filename to the global configuration list. + * + * @param filelist a filename to add to the default list of filename + * @param pfilenames return array of filenames, should be freed with krb5_free_config_files(). + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_prepend_config_files_default(const char *filelist, char ***pfilenames) { @@ -399,6 +457,17 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames) return 0; } +/** + * Get the global configuration list. + * + * @param pfilenames return array of filenames, should be freed with krb5_free_config_files(). + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_get_default_config_files(char ***pfilenames) { @@ -414,6 +483,17 @@ krb5_get_default_config_files(char ***pfilenames) return krb5_prepend_config_files(files, NULL, pfilenames); } +/** + * Free a list of configuration files. + * + * @param filenames list to be freed. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + void KRB5_LIB_FUNCTION krb5_free_config_files(char **filenames) { @@ -423,12 +503,17 @@ krb5_free_config_files(char **filenames) free(filenames); } -/* +/** * Returns the list of Kerberos encryption types sorted in order of - * most preferred to least preferred encryption type. The array ends - * with ETYPE_NULL. Note that some encryption types might be - * disabled, so you need to check with krb5_enctype_valid() before - * using the encryption type. + * most preferred to least preferred encryption type. Note that some + * encryption types might be disabled, so you need to check with + * krb5_enctype_valid() before using the encryption type. + * + * @return list of enctypes, terminated with ETYPE_NULL. Its a static + * array completed into the Kerberos library so the content doesn't + * need to be freed. + * + * @ingroup krb5 */ const krb5_enctype * KRB5_LIB_FUNCTION @@ -479,6 +564,19 @@ default_etypes(krb5_context context, krb5_enctype **etype) return 0; } +/** + * Set the default encryption types that will be use in communcation + * with the KDC, clients and servers. + * + * @param context Kerberos 5 context. + * @param etypes Encryption types, array terminated with ETYPE_NULL (0). + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_set_default_in_tkt_etypes(krb5_context context, const krb5_enctype *etypes) @@ -507,6 +605,19 @@ krb5_set_default_in_tkt_etypes(krb5_context context, return 0; } +/** + * Get the default encryption types that will be use in communcation + * with the KDC, clients and servers. + * + * @param context Kerberos 5 context. + * @param etypes Encryption types, array terminated with + * ETYPE_NULL(0), caller should free array with krb5_xfree(): + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ krb5_error_code KRB5_LIB_FUNCTION krb5_get_default_in_tkt_etypes(krb5_context context, @@ -534,6 +645,18 @@ krb5_get_default_in_tkt_etypes(krb5_context context, return 0; } +/** + * Return the error string for the error code. The caller must not + * free the string. + * + * @param context Kerberos 5 context. + * @param code Kerberos error code. + * + * @return the error message matching code + * + * @ingroup krb5 + */ + const char* KRB5_LIB_FUNCTION krb5_get_err_text(krb5_context context, krb5_error_code code) { @@ -547,6 +670,14 @@ krb5_get_err_text(krb5_context context, krb5_error_code code) return p; } +/** + * Init the built-in ets in the Kerberos library. + * + * @param context kerberos context to add the ets too + * + * @ingroup krb5 + */ + void KRB5_LIB_FUNCTION krb5_init_ets(krb5_context context) { @@ -561,18 +692,50 @@ krb5_init_ets(krb5_context context) } } +/** + * Make the kerberos library default to the admin KDC. + * + * @param context Kerberos 5 context. + * @param flag boolean flag to select if the use the admin KDC or not. + * + * @ingroup krb5 + */ + void KRB5_LIB_FUNCTION krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag) { context->use_admin_kdc = flag; } +/** + * Make the kerberos library default to the admin KDC. + * + * @param context Kerberos 5 context. + * + * @return boolean flag to telling the context will use admin KDC as the default KDC. + * + * @ingroup krb5 + */ + krb5_boolean KRB5_LIB_FUNCTION krb5_get_use_admin_kdc (krb5_context context) { return context->use_admin_kdc; } +/** + * Add extra address to the address list that the library will add to + * the client's address list when communicating with the KDC. + * + * @param context Kerberos 5 context. + * @param addresses addreses to add + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses) { @@ -584,6 +747,19 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses) return krb5_set_extra_addresses(context, addresses); } +/** + * Set extra address to the address list that the library will add to + * the client's address list when communicating with the KDC. + * + * @param context Kerberos 5 context. + * @param addresses addreses to set + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) { @@ -607,6 +783,19 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) return krb5_copy_addresses(context, addresses, context->extra_addresses); } +/** + * Get extra address to the address list that the library will add to + * the client's address list when communicating with the KDC. + * + * @param context Kerberos 5 context. + * @param addresses addreses to set + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses) { @@ -617,6 +806,19 @@ krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses) return krb5_copy_addresses(context,context->extra_addresses, addresses); } +/** + * Add extra addresses to ignore when fetching addresses from the + * underlaying operating system. + * + * @param context Kerberos 5 context. + * @param addresses addreses to ignore + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses) { @@ -628,6 +830,19 @@ krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses) return krb5_set_ignore_addresses(context, addresses); } +/** + * Set extra addresses to ignore when fetching addresses from the + * underlaying operating system. + * + * @param context Kerberos 5 context. + * @param addresses addreses to ignore + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) { @@ -650,6 +865,19 @@ krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) return krb5_copy_addresses(context, addresses, context->ignore_addresses); } +/** + * Get extra addresses to ignore when fetching addresses from the + * underlaying operating system. + * + * @param context Kerberos 5 context. + * @param addresses list addreses ignored + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses) { @@ -660,6 +888,18 @@ krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses) return krb5_copy_addresses(context, context->ignore_addresses, addresses); } +/** + * Set version of fcache that the library should use. + * + * @param context Kerberos 5 context. + * @param version version number. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_set_fcache_version(krb5_context context, int version) { @@ -667,6 +907,18 @@ krb5_set_fcache_version(krb5_context context, int version) return 0; } +/** + * Get version of fcache that the library should use. + * + * @param context Kerberos 5 context. + * @param version version number. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_get_fcache_version(krb5_context context, int *version) { @@ -674,6 +926,15 @@ krb5_get_fcache_version(krb5_context context, int *version) return 0; } +/** + * Runtime check if the Kerberos library was complied with thread support. + * + * @return TRUE if the library was compiled with thread support, FALSE if not. + * + * @ingroup krb5 + */ + + krb5_boolean KRB5_LIB_FUNCTION krb5_is_thread_safe(void) { @@ -684,18 +945,52 @@ krb5_is_thread_safe(void) #endif } +/** + * Set if the library should use DNS to canonicalize hostnames. + * + * @param context Kerberos 5 context. + * @param flag if its dns canonicalizion is used or not. + * + * @ingroup krb5 + */ + void KRB5_LIB_FUNCTION krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag) { - context->dns_canonicalize_hostname = flag; + if (flag) + context->flags |= KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME; + else + context->flags &= ~KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME; } +/** + * Get if the library uses DNS to canonicalize hostnames. + * + * @param context Kerberos 5 context. + * + * @return return non zero if the library uses DNS to canonicalize hostnames. + * + * @ingroup krb5 + */ + krb5_boolean KRB5_LIB_FUNCTION krb5_get_dns_canonicalize_hostname (krb5_context context) { - return context->dns_canonicalize_hostname; + return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0; } +/** + * Get current offset in time to the KDC. + * + * @param context Kerberos 5 context. + * @param sec seconds part of offset. + * @param usec micro seconds part of offset. + * + * @return return non zero if the library uses DNS to canonicalize hostnames. + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec) { @@ -706,12 +1001,31 @@ krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec) return 0; } +/** + * Get max time skew allowed. + * + * @param context Kerberos 5 context. + * + * @return timeskew in seconds. + * + * @ingroup krb5 + */ + time_t KRB5_LIB_FUNCTION krb5_get_max_time_skew (krb5_context context) { return context->max_skew; } +/** + * Set max time skew allowed. + * + * @param context Kerberos 5 context. + * @param t timeskew in seconds. + * + * @ingroup krb5 + */ + void KRB5_LIB_FUNCTION krb5_set_max_time_skew (krb5_context context, time_t t) { diff --git a/source4/heimdal/lib/krb5/convert_creds.c b/source4/heimdal/lib/krb5/convert_creds.c index 1d1b4d7070..b2af0187ea 100644 --- a/source4/heimdal/lib/krb5/convert_creds.c +++ b/source4/heimdal/lib/krb5/convert_creds.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: convert_creds.c 14897 2005-04-23 19:40:57Z lha $"); +RCSID("$Id: convert_creds.c 22050 2007-11-11 11:20:46Z lha $"); #include "krb5-v4compat.h" @@ -42,10 +42,20 @@ check_ticket_flags(TicketFlags f) return 0; /* maybe add some more tests here? */ } -/* Convert the v5 credentials in `in_cred' to v4-dito in `v4creds'. - * This is done by sending them to the 524 function in the KDC. If +/** + * Convert the v5 credentials in in_cred to v4-dito in v4creds. This + * is done by sending them to the 524 function in the KDC. If * `in_cred' doesn't contain a DES session key, then a new one is * gotten from the KDC and stored in the cred cache `ccache'. + * + * @param context Kerberos 5 context. + * @param in_cred the credential to convert + * @param v4creds the converted credential + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5_v4compat */ krb5_error_code KRB5_LIB_FUNCTION @@ -134,6 +144,21 @@ out2: return ret; } +/** + * Convert the v5 credentials in in_cred to v4-dito in v4creds, + * check the credential cache ccache before checking with the KDC. + * + * @param context Kerberos 5 context. + * @param ccache credential cache used to check for des-ticket. + * @param in_cred the credential to convert + * @param v4creds the converted credential + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5_v4compat + */ + krb5_error_code KRB5_LIB_FUNCTION krb524_convert_creds_kdc_ccache(krb5_context context, krb5_ccache ccache, diff --git a/source4/heimdal/lib/krb5/copy_host_realm.c b/source4/heimdal/lib/krb5/copy_host_realm.c index 4e668c2a14..8c4f39b4ac 100644 --- a/source4/heimdal/lib/krb5/copy_host_realm.c +++ b/source4/heimdal/lib/krb5/copy_host_realm.c @@ -33,10 +33,19 @@ #include "krb5_locl.h" -RCSID("$Id: copy_host_realm.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id: copy_host_realm.c 22057 2007-11-11 15:13:13Z lha $"); -/* +/** * Copy the list of realms from `from' to `to'. + * + * @param context Kerberos 5 context. + * @param from list of realms to copy from. + * @param to list of realms to copy to, free list of krb5_free_host_realm(). + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 */ krb5_error_code KRB5_LIB_FUNCTION diff --git a/source4/heimdal/lib/krb5/creds.c b/source4/heimdal/lib/krb5/creds.c index d4d83162f1..17ef46dfa3 100644 --- a/source4/heimdal/lib/krb5/creds.c +++ b/source4/heimdal/lib/krb5/creds.c @@ -33,15 +33,30 @@ #include "krb5_locl.h" -RCSID("$Id: creds.c 15167 2005-05-18 04:21:57Z lha $"); +RCSID("$Id: creds.c 22062 2007-11-11 15:41:50Z lha $"); + +#undef __attribute__ +#define __attribute__(X) /* keep this for compatibility with older code */ -krb5_error_code KRB5_LIB_FUNCTION +krb5_error_code KRB5_LIB_FUNCTION __attribute__((deprecated)) krb5_free_creds_contents (krb5_context context, krb5_creds *c) { return krb5_free_cred_contents (context, c); } +/** + * Free content of krb5_creds. + * + * @param context Kerberos 5 context. + * @param c krb5_creds to free. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_free_cred_contents (krb5_context context, krb5_creds *c) { @@ -58,6 +73,19 @@ krb5_free_cred_contents (krb5_context context, krb5_creds *c) return 0; } +/** + * Copy content of krb5_creds. + * + * @param context Kerberos 5 context. + * @param incred source credential + * @param c destination credential, free with krb5_free_cred_contents(). + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_copy_creds_contents (krb5_context context, const krb5_creds *incred, @@ -102,6 +130,19 @@ fail: return ret; } +/** + * Copy krb5_creds. + * + * @param context Kerberos 5 context. + * @param incred source credential + * @param outcred destination credential, free with krb5_free_creds(). + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_copy_creds (krb5_context context, const krb5_creds *incred, @@ -119,6 +160,18 @@ krb5_copy_creds (krb5_context context, return krb5_copy_creds_contents (context, incred, c); } +/** + * Free krb5_creds. + * + * @param context Kerberos 5 context. + * @param c krb5_creds to free. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_free_creds (krb5_context context, krb5_creds *c) { @@ -127,15 +180,7 @@ krb5_free_creds (krb5_context context, krb5_creds *c) return 0; } -/* XXX these do not belong here */ -static krb5_boolean -krb5_data_equal(const krb5_data *a, const krb5_data *b) -{ - if(a->length != b->length) - return FALSE; - return memcmp(a->data, b->data, a->length) == 0; -} - +/* XXX this do not belong here */ static krb5_boolean krb5_times_equal(const krb5_times *a, const krb5_times *b) { @@ -145,9 +190,18 @@ krb5_times_equal(const krb5_times *a, const krb5_times *b) a->renew_till == b->renew_till; } -/* +/** * Return TRUE if `mcreds' and `creds' are equal (`whichfields' * determines what equal means). + * + * @param context Kerberos 5 context. + * @param whichfields which fields to compare. + * @param mcreds cred to compare with. + * @param creds cred to compare with. + * + * @return return TRUE if mcred and creds are equal, FALSE if not. + * + * @ingroup krb5 */ krb5_boolean KRB5_LIB_FUNCTION @@ -201,11 +255,11 @@ krb5_compare_creds(krb5_context context, krb5_flags whichfields, for(i = 0; match && i < mcreds->authdata.len; i++) match = (mcreds->authdata.val[i].ad_type == creds->authdata.val[i].ad_type) && - krb5_data_equal(&mcreds->authdata.val[i].ad_data, - &creds->authdata.val[i].ad_data); + (krb5_data_cmp(&mcreds->authdata.val[i].ad_data, + &creds->authdata.val[i].ad_data) == 0); } if (match && (whichfields & KRB5_TC_MATCH_2ND_TKT)) - match = krb5_data_equal(&mcreds->second_ticket, &creds->second_ticket); + match = (krb5_data_cmp(&mcreds->second_ticket, &creds->second_ticket) == 0); if (match && (whichfields & KRB5_TC_MATCH_IS_SKEY)) match = ((mcreds->second_ticket.length == 0) == diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 12f75d0bcd..2e63490946 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c 21130 2007-06-18 20:45:21Z lha $"); +RCSID("$Id: crypto.c 22200 2007-12-07 13:48:01Z lha $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -184,7 +184,7 @@ krb5_DES_schedule(krb5_context context, #ifdef ENABLE_AFS_STRING_TO_KEY /* This defines the Andrew string_to_key function. It accepts a password - * string as input and converts its via a one-way encryption algorithm to a DES + * string as input and converts it via a one-way encryption algorithm to a DES * encryption key. It is compatible with the original Andrew authentication * service password database. */ @@ -425,6 +425,7 @@ DES3_string_to_key(krb5_context context, size_t len; unsigned char tmp[24]; DES_cblock keys[3]; + krb5_error_code ret; len = password.length + salt.saltvalue.length; str = malloc(len); @@ -439,7 +440,13 @@ DES3_string_to_key(krb5_context context, DES_key_schedule s[3]; int i; - _krb5_n_fold(str, len, tmp, 24); + ret = _krb5_n_fold(str, len, tmp, 24); + if (ret) { + memset(str, 0, len); + free(str); + krb5_set_error_string(context, "out of memory"); + return ret; + } for(i = 0; i < 3; i++){ memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); @@ -557,12 +564,14 @@ ARCFOUR_string_to_key(krb5_context context, size_t len; int i; MD4_CTX m; + krb5_error_code ret; len = 2 * password.length; s = malloc (len); if (len != 0 && s == NULL) { krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; + ret = ENOMEM; + goto out; } for (p = s, i = 0; i < password.length; ++i) { *p++ = ((char *)password.data)[i]; @@ -571,11 +580,17 @@ ARCFOUR_string_to_key(krb5_context context, MD4_Init (&m); MD4_Update (&m, s, len); key->keytype = enctype; - krb5_data_alloc (&key->keyvalue, 16); + ret = krb5_data_alloc (&key->keyvalue, 16); + if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); + goto out; + } MD4_Final (key->keyvalue.data, &m); memset (s, 0, len); + ret = 0; +out: free (s); - return 0; + return ret; } /* @@ -1829,7 +1844,9 @@ create_checksum (krb5_context context, } else dkey = NULL; result->cksumtype = ct->type; - krb5_data_alloc(&result->checksum, ct->checksumsize); + ret = krb5_data_alloc(&result->checksum, ct->checksumsize); + if (ret) + return (ret); (*ct->checksum)(context, dkey, data, len, usage, result); return 0; } @@ -2751,6 +2768,7 @@ krb5_enctype_to_string(krb5_context context, if(e == NULL) { krb5_set_error_string (context, "encryption type %d not supported", etype); + *string = NULL; return KRB5_PROG_ETYPE_NOSUPP; } *string = strdup(e->name); @@ -3525,15 +3543,19 @@ derive_key(krb5_context context, ret = _key_schedule(context, key); if(ret) return ret; - if(et->blocksize * 8 < kt->bits || - len != et->blocksize) { + if(et->blocksize * 8 < kt->bits || len != et->blocksize) { nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8); k = malloc(nblocks * et->blocksize); if(k == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } - _krb5_n_fold(constant, len, k, et->blocksize); + ret = _krb5_n_fold(constant, len, k, et->blocksize); + if (ret) { + free(k); + krb5_set_error_string(context, "out of memory"); + return ret; + } for(i = 0; i < nblocks; i++) { if(i > 0) memcpy(k + i * et->blocksize, @@ -3559,7 +3581,12 @@ derive_key(krb5_context context, krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } - _krb5_n_fold(c, len, k, res_len); + ret = _krb5_n_fold(c, len, k, res_len); + if (ret) { + free(k); + krb5_set_error_string(context, "out of memory"); + return ret; + } free(c); } @@ -3821,7 +3848,12 @@ krb5_string_to_key_derived(krb5_context context, krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } - _krb5_n_fold(str, len, tmp, keylen); + ret = _krb5_n_fold(str, len, tmp, keylen); + if (ret) { + free(tmp); + krb5_set_error_string(context, "out of memory"); + return ret; + } kd.schedule = NULL; DES3_postproc (context, tmp, keylen, &kd); /* XXX */ memset(tmp, 0, keylen); @@ -4122,7 +4154,7 @@ main() d = _new_derived_key(crypto, usage); if(d == NULL) - return ENOMEM; + krb5_errx(context, 1, "_new_derived_key failed"); krb5_copy_keyblock(context, crypto->key.key, &d->key); _krb5_put_int(constant, usage, 4); derive_key(context, crypto->et, d, constant, sizeof(constant)); @@ -4148,11 +4180,10 @@ main() "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */ key.keyvalue.length = 4; - d = calloc(1, sizeof(*d)); - + d = ecalloc(1, sizeof(*d)); d->key = &key; res.checksum.length = 20; - res.checksum.data = malloc(res.checksum.length); + res.checksum.data = emalloc(res.checksum.length); SP_HMAC_SHA1_checksum(context, d, data, 28, &res); return 0; diff --git a/source4/heimdal/lib/krb5/data.c b/source4/heimdal/lib/krb5/data.c index 2ece85bdb3..eda1a8b259 100644 --- a/source4/heimdal/lib/krb5/data.c +++ b/source4/heimdal/lib/krb5/data.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,15 @@ #include "krb5_locl.h" -RCSID("$Id: data.c 20039 2007-01-23 20:34:01Z lha $"); +RCSID("$Id: data.c 22064 2007-11-11 16:28:14Z lha $"); + +/** + * Reset the (potentially uninitalized) krb5_data structure. + * + * @param p krb5_data to reset. + * + * @ingroup krb5 + */ void KRB5_LIB_FUNCTION krb5_data_zero(krb5_data *p) @@ -42,6 +50,15 @@ krb5_data_zero(krb5_data *p) p->data = NULL; } +/** + * Free the content of krb5_data structure, its ok to free a zeroed + * structure. When done, the structure will be zeroed. + * + * @param p krb5_data to free. + * + * @ingroup krb5 + */ + void KRB5_LIB_FUNCTION krb5_data_free(krb5_data *p) { @@ -50,12 +67,30 @@ krb5_data_free(krb5_data *p) krb5_data_zero(p); } +/** + * Same as krb5_data_free(). + * + * @param context Kerberos 5 context. + * @param data krb5_data to free. + * + * @ingroup krb5 + */ + void KRB5_LIB_FUNCTION krb5_free_data_contents(krb5_context context, krb5_data *data) { krb5_data_free(data); } +/** + * Free krb5_data (and its content). + * + * @param context Kerberos 5 context. + * @param p krb5_data to free. + * + * @ingroup krb5 + */ + void KRB5_LIB_FUNCTION krb5_free_data(krb5_context context, krb5_data *p) @@ -64,6 +99,18 @@ krb5_free_data(krb5_context context, free(p); } +/** + * Allocate data of and krb5_data. + * + * @param p krb5_data to free. + * @param len size to allocate. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned. + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_data_alloc(krb5_data *p, int len) { @@ -74,6 +121,18 @@ krb5_data_alloc(krb5_data *p, int len) return 0; } +/** + * Grow (or shrink) the content of krb5_data to a new size. + * + * @param p krb5_data to free. + * @param len new size. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned. + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_data_realloc(krb5_data *p, int len) { @@ -86,6 +145,19 @@ krb5_data_realloc(krb5_data *p, int len) return 0; } +/** + * Copy the data of len into the krb5_data. + * + * @param p krb5_data to copy into. + * @param data data to copy.. + * @param len new size. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned. + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_data_copy(krb5_data *p, const void *data, size_t len) { @@ -99,6 +171,19 @@ krb5_data_copy(krb5_data *p, const void *data, size_t len) return 0; } +/** + * Copy the data into a newly allocated krb5_data. + * + * @param context Kerberos 5 context. + * @param indata the krb5_data data to copy + * @param outdata new krb5_date to copy too. Free with krb5_free_data(). + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned. + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_copy_data(krb5_context context, const krb5_data *indata, @@ -119,6 +204,17 @@ krb5_copy_data(krb5_context context, return ret; } +/** + * Compare to data. + * + * @param data1 krb5_data to compare + * @param data2 krb5_data to compare + * + * @return return the same way as memcmp(), useful when sorting. + * + * @ingroup krb5 + */ + int KRB5_LIB_FUNCTION krb5_data_cmp(const krb5_data *data1, const krb5_data *data2) { diff --git a/source4/heimdal/lib/krb5/eai_to_heim_errno.c b/source4/heimdal/lib/krb5/eai_to_heim_errno.c index c6b5cfb18b..19315cea86 100644 --- a/source4/heimdal/lib/krb5/eai_to_heim_errno.c +++ b/source4/heimdal/lib/krb5/eai_to_heim_errno.c @@ -33,12 +33,17 @@ #include -RCSID("$Id: eai_to_heim_errno.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id: eai_to_heim_errno.c 22065 2007-11-11 16:41:06Z lha $"); -/* - * convert the getaddrinfo error code in `eai_errno' into a - * krb5_error_code. `system_error' should have the value of the errno - * after the failed call. +/** + * Convert the getaddrinfo() error code to a Kerberos et error code. + * + * @param eai_errno contains the error code from getaddrinfo(). + * @param system_error should have the value of errno after the failed getaddrinfo(). + * + * @return Kerberos error code representing the EAI errors. + * + * @ingroup krb5_error */ krb5_error_code KRB5_LIB_FUNCTION @@ -78,6 +83,17 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error) } } +/** + * Convert the gethostname() error code (h_error) to a Kerberos et + * error code. + * + * @param eai_errno contains the error code from gethostname(). + * + * @return Kerberos error code representing the gethostname errors. + * + * @ingroup krb5_error + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_h_errno_to_heim_errno(int eai_errno) { diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c index 1ba6494487..ff6e98a3dc 100644 --- a/source4/heimdal/lib/krb5/error_string.c +++ b/source4/heimdal/lib/krb5/error_string.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: error_string.c 16746 2006-02-16 07:49:23Z lha $"); +RCSID("$Id: error_string.c 22142 2007-12-04 16:56:02Z lha $"); #undef __attribute__ #define __attribute__(X) @@ -86,14 +86,26 @@ krb5_vset_error_string(krb5_context context, const char *fmt, va_list args) return 0; } +/** + * Return the error message in context. On error or no error string, + * the function returns NULL. + * + * @param context Kerberos 5 context + * + * @return an error string, needs to be freed with + * krb5_free_error_string(). The functions return NULL on error. + * + * @ingroup krb5_error + */ + char * KRB5_LIB_FUNCTION krb5_get_error_string(krb5_context context) { - char *ret; + char *ret = NULL; HEIMDAL_MUTEX_lock(context->mutex); - ret = context->error_string; - context->error_string = NULL; + if (context->error_string) + ret = strdup(context->error_string); HEIMDAL_MUTEX_unlock(context->mutex); return ret; } @@ -108,6 +120,19 @@ krb5_have_error_string(krb5_context context) return str != NULL; } +/** + * Return the error message for `code' in context. On error the + * function returns NULL. + * + * @param context Kerberos 5 context + * @param code Error code related to the error + * + * @return an error string, needs to be freed with + * krb5_free_error_string(). The functions return NULL on error. + * + * @ingroup krb5_error + */ + char * KRB5_LIB_FUNCTION krb5_get_error_message(krb5_context context, krb5_error_code code) { diff --git a/source4/heimdal/lib/krb5/expand_hostname.c b/source4/heimdal/lib/krb5/expand_hostname.c index b2b410269e..28e39afb42 100644 --- a/source4/heimdal/lib/krb5/expand_hostname.c +++ b/source4/heimdal/lib/krb5/expand_hostname.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: expand_hostname.c 18906 2006-11-04 03:34:57Z lha $"); +RCSID("$Id: expand_hostname.c 22229 2007-12-08 21:40:59Z lha $"); static krb5_error_code copy_hostname(krb5_context context, @@ -62,7 +62,7 @@ krb5_expand_hostname (krb5_context context, struct addrinfo *ai, *a, hints; int error; - if (!context->dns_canonicalize_hostname) + if ((context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) == 0) return copy_hostname (context, orig_hostname, new_hostname); memset (&hints, 0, sizeof(hints)); @@ -127,7 +127,7 @@ krb5_expand_hostname_realms (krb5_context context, int error; krb5_error_code ret = 0; - if (!context->dns_canonicalize_hostname) + if ((context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) == 0) return vanilla_hostname (context, orig_hostname, new_hostname, realms); diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c index 864efa8d7d..484df059ab 100644 --- a/source4/heimdal/lib/krb5/fcache.c +++ b/source4/heimdal/lib/krb5/fcache.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: fcache.c 19379 2006-12-15 21:35:52Z lha $"); +RCSID("$Id: fcache.c 22517 2008-01-24 11:45:51Z lha $"); typedef struct krb5_fcache{ char *filename; @@ -108,7 +108,7 @@ int _krb5_xunlock(krb5_context context, int fd) { int ret; -#ifdef HAVE_FCNTL_LOCK +#ifdef HAVE_FCNTL struct flock l; l.l_start = 0; l.l_len = 0; @@ -463,9 +463,13 @@ init_fcc (krb5_context context, krb5_storage_set_eof_code(sp, KRB5_CC_END); ret = krb5_ret_int8(sp, &pvno); if(ret != 0) { - if(ret == KRB5_CC_END) - ret = ENOENT; /* empty file */ - krb5_clear_error_string(context); + if(ret == KRB5_CC_END) { + krb5_set_error_string(context, "Empty credential cache file: %s", + FILENAME(id)); + ret = ENOENT; + } else + krb5_set_error_string(context, "Error reading pvno in " + "cache file: %s", FILENAME(id)); goto out; } if(pvno != 5) { @@ -476,7 +480,8 @@ init_fcc (krb5_context context, } ret = krb5_ret_int8(sp, &tag); /* should not be host byte order */ if(ret != 0) { - krb5_clear_error_string(context); + krb5_set_error_string(context, "Error reading tag in " + "cache file: %s", FILENAME(id)); ret = KRB5_CC_FORMAT; goto out; } @@ -489,7 +494,8 @@ init_fcc (krb5_context context, ret = krb5_ret_int16 (sp, &length); if(ret) { ret = KRB5_CC_FORMAT; - krb5_clear_error_string(context); + krb5_set_error_string(context, "Error reading tag length in " + "cache file: %s", FILENAME(id)); goto out; } while(length > 0) { @@ -499,13 +505,15 @@ init_fcc (krb5_context context, ret = krb5_ret_int16 (sp, &dtag); if(ret) { - krb5_clear_error_string(context); + krb5_set_error_string(context, "Error reading dtag in " + "cache file: %s", FILENAME(id)); ret = KRB5_CC_FORMAT; goto out; } ret = krb5_ret_int16 (sp, &data_len); if(ret) { - krb5_clear_error_string(context); + krb5_set_error_string(context, "Error reading dlength in " + "cache file: %s", FILENAME(id)); ret = KRB5_CC_FORMAT; goto out; } @@ -513,13 +521,15 @@ init_fcc (krb5_context context, case FCC_TAG_DELTATIME : ret = krb5_ret_int32 (sp, &context->kdc_sec_offset); if(ret) { - krb5_clear_error_string(context); + krb5_set_error_string(context, "Error reading kdc_sec in " + "cache file: %s", FILENAME(id)); ret = KRB5_CC_FORMAT; goto out; } ret = krb5_ret_int32 (sp, &context->kdc_usec_offset); if(ret) { - krb5_clear_error_string(context); + krb5_set_error_string(context, "Error reading kdc_usec in " + "cache file: %s", FILENAME(id)); ret = KRB5_CC_FORMAT; goto out; } @@ -528,7 +538,9 @@ init_fcc (krb5_context context, for (i = 0; i < data_len; ++i) { ret = krb5_ret_int8 (sp, &dummy); if(ret) { - krb5_clear_error_string(context); + krb5_set_error_string(context, "Error reading unknown " + "tag in cache file: %s", + FILENAME(id)); ret = KRB5_CC_FORMAT; goto out; } @@ -755,6 +767,95 @@ fcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) return 0; } +static krb5_error_code +fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) +{ + krb5_error_code ret = 0; + + ret = rename(FILENAME(from), FILENAME(to)); + if (ret && errno != EXDEV) { + ret = errno; + krb5_set_error_string(context, + "Rename of file from %s to %s failed: %s", + FILENAME(from), FILENAME(to), + strerror(ret)); + return ret; + } else if (ret && errno == EXDEV) { + /* make a copy and delete the orignal */ + krb5_ssize_t sz1, sz2; + int fd1, fd2; + char buf[BUFSIZ]; + + ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY, 0); + if(ret) + return ret; + + unlink(FILENAME(to)); + + ret = fcc_open(context, to, &fd2, + O_WRONLY | O_CREAT | O_EXCL | O_BINARY, 0600); + if(ret) + goto out1; + + while((sz1 = read(fd1, buf, sizeof(buf))) > 0) { + sz2 = write(fd2, buf, sz1); + if (sz1 != sz2) { + ret = EIO; + krb5_set_error_string(context, + "Failed to write data from one file " + "credential cache to the other"); + goto out2; + } + } + if (sz1 < 0) { + ret = EIO; + krb5_set_error_string(context, + "Failed to read data from one file " + "credential cache to the other"); + goto out2; + } + erase_file(FILENAME(from)); + + out2: + fcc_unlock(context, fd2); + close(fd2); + + out1: + fcc_unlock(context, fd1); + close(fd1); + + if (ret) { + erase_file(FILENAME(to)); + return ret; + } + } + + /* make sure ->version is uptodate */ + { + krb5_storage *sp; + int fd; + ret = init_fcc (context, to, &sp, &fd); + krb5_storage_free(sp); + fcc_unlock(context, fd); + close(fd); + } + return ret; +} + +static krb5_error_code +fcc_default_name(krb5_context context, char **str) +{ + return _krb5_expand_default_cc_name(context, + KRB5_DEFAULT_CCNAME_FILE, + str); +} + +/** + * Variable containing the FILE based credential cache implemention. + * + * @ingroup krb5_ccache + */ + const krb5_cc_ops krb5_fcc_ops = { "FILE", fcc_get_name, @@ -774,5 +875,7 @@ const krb5_cc_ops krb5_fcc_ops = { fcc_get_version, fcc_get_cache_first, fcc_get_cache_next, - fcc_end_cache_get + fcc_end_cache_get, + fcc_move, + fcc_default_name }; diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index 7c3f128ae5..fc78945c63 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_cred.c 21669 2007-07-22 11:29:13Z lha $"); +RCSID("$Id: get_cred.c 22530 2008-01-27 11:48:16Z lha $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -761,14 +761,6 @@ get_cred_from_kdc_flags(krb5_context context, try_realm = krb5_config_get_string(context, NULL, "capaths", client_realm, server_realm, NULL); - -#if 1 - /* XXX remove in future release */ - if(try_realm == NULL) - try_realm = krb5_config_get_string(context, NULL, "libdefaults", - "capath", server_realm, NULL); -#endif - if (try_realm == NULL) try_realm = client_realm; diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index 1bb98737d1..cb8b7c8641 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_for_creds.c 17036 2006-04-10 09:28:15Z lha $"); +RCSID("$Id: get_for_creds.c 22504 2008-01-21 15:49:58Z lha $"); static krb5_error_code add_addrs(krb5_context context, @@ -83,11 +83,23 @@ fail: return ret; } -/* - * Forward credentials for `client' to host `hostname`, - * making them forwardable if `forwardable', and returning the - * blob of data to sent in `out_data'. - * If hostname == NULL, pick it from `server' +/** + * Forward credentials for client to host hostname , making them + * forwardable if forwardable, and returning the blob of data to sent + * in out_data. If hostname == NULL, pick it from server. + * + * @param context A kerberos 5 context. + * @param auth_context the auth context with the key to encrypt the out_data. + * @param hostname the host to forward the tickets too. + * @param client the client to delegate from. + * @param server the server to delegate the credential too. + * @param ccache credential cache to use. + * @param forwardable make the forwarded ticket forwabledable. + * @param out_data the resulting credential. + * + * @return Return an error code or 0. + * + * @ingroup krb5_credential */ krb5_error_code KRB5_LIB_FUNCTION @@ -147,8 +159,31 @@ krb5_fwd_tgt_creds (krb5_context context, return ret; } -/* +/** + * Gets tickets forwarded to hostname. If the tickets that are + * forwarded are address-less, the forwarded tickets will also be + * address-less. + * + * If the ticket have any address, hostname will be used for figure + * out the address to forward the ticket too. This since this might + * use DNS, its insecure and also doesn't represent configured all + * addresses of the host. For example, the host might have two + * adresses, one IPv4 and one IPv6 address where the later is not + * published in DNS. This IPv6 address might be used communications + * and thus the resulting ticket useless. * + * @param context A kerberos 5 context. + * @param auth_context the auth context with the key to encrypt the out_data. + * @param ccache credential cache to use + * @param flags the flags to control the resulting ticket flags + * @param hostname the host to forward the tickets too. + * @param in_creds the in client and server ticket names. The client + * and server components forwarded to the remote host. + * @param out_data the resulting credential. + * + * @return Return an error code or 0. + * + * @ingroup krb5_credential */ krb5_error_code KRB5_LIB_FUNCTION @@ -174,39 +209,31 @@ krb5_get_forwarded_creds (krb5_context context, struct addrinfo *ai; int save_errno; krb5_creds *ticket; - char *realm; - - realm = in_creds->client->realm; + paddrs = NULL; addrs.len = 0; addrs.val = NULL; - paddrs = &addrs; - { + ret = krb5_get_credentials(context, 0, ccache, in_creds, &ticket); + if(ret == 0) { + if (ticket->addresses.len) + paddrs = &addrs; + krb5_free_creds (context, ticket); + } else { krb5_boolean noaddr; - krb5_appdefault_boolean(context, NULL, realm, + krb5_appdefault_boolean(context, NULL, + krb5_principal_get_realm(context, + in_creds->client), "no-addresses", KRB5_ADDRESSLESS_DEFAULT, &noaddr); - if (noaddr) - paddrs = NULL; + if (!noaddr) + paddrs = &addrs; } /* - * If tickets are address-less, forward address-less tickets. + * If tickets have addresses, get the address of the remote host. */ - if (paddrs) { - ret = _krb5_get_krbtgt (context, - ccache, - realm, - &ticket); - if(ret == 0) { - if (ticket->addresses.len == 0) - paddrs = NULL; - krb5_free_creds (context, ticket); - } - } - if (paddrs != NULL) { ret = getaddrinfo (hostname, NULL, NULL, &ai); @@ -233,9 +260,8 @@ krb5_get_forwarded_creds (krb5_context context, in_creds, &out_creds); krb5_free_addresses (context, &addrs); - if (ret) { + if (ret) return ret; - } memset (&cred, 0, sizeof(cred)); cred.pvno = 5; @@ -373,6 +399,14 @@ krb5_get_forwarded_creds (krb5_context context, if(buf_size != len) krb5_abortx(context, "internal error in ASN.1 encoder"); + /** + * Some older of the MIT gssapi library used clear-text tickets + * (warped inside AP-REQ encryption), use the krb5_auth_context + * flag KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED to support those + * tickets. The session key is used otherwise to encrypt the + * forwarded ticket. + */ + if (auth_context->flags & KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED) { cred.enc_part.etype = ENCTYPE_NULL; cred.enc_part.kvno = NULL; diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c index ec106bb7ec..a9ed3857d0 100644 --- a/source4/heimdal/lib/krb5/get_in_tkt.c +++ b/source4/heimdal/lib/krb5/get_in_tkt.c @@ -145,7 +145,7 @@ _krb5_extract_ticket(krb5_context context, flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; flags |=EXTRACT_TICKET_ALLOW_CNAME_MISMATCH ; - ret = _krb5_principalname2krb5_principal (context, + ret = _krb5_principalname2krb5_principal (context, &tmp_principal, rep->kdc_rep.cname, rep->kdc_rep.crealm); diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c index bd250cef2b..a59c903bd9 100644 --- a/source4/heimdal/lib/krb5/init_creds.c +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds.c 21712 2007-07-27 14:23:41Z lha $"); +RCSID("$Id: init_creds.c 21711 2007-07-27 14:22:02Z lha $"); void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index 0043b5ef3c..441adff8fd 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c 21428 2007-07-10 12:31:58Z lha $"); +RCSID("$Id: init_creds_pw.c 21931 2007-08-27 14:11:55Z lha $"); typedef struct krb5_get_init_creds_ctx { KDCOptions flags; @@ -1547,9 +1547,15 @@ krb5_get_init_creds_password(krb5_context context, char buf[BUFSIZ]; krb5_error_code ret; - if (in_options == NULL) + if (in_options == NULL) { + const char *realm = krb5_principal_get_realm(context, client); ret = krb5_get_init_creds_opt_alloc(context, &options); - else + if (ret == 0) + krb5_get_init_creds_opt_set_default_flags(context, + NULL, + realm, + options); + } else ret = _krb5_get_init_creds_opt_copy(context, in_options, &options); if (ret) return ret; diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c index c945a9ce13..8afaa6ea80 100644 --- a/source4/heimdal/lib/krb5/kcm.c +++ b/source4/heimdal/lib/krb5/kcm.c @@ -43,7 +43,7 @@ #include "kcm.h" -RCSID("$Id: kcm.c 17442 2006-05-05 09:31:15Z lha $"); +RCSID("$Id: kcm.c 22108 2007-12-03 17:23:53Z lha $"); typedef struct krb5_kcmcache { char *name; @@ -829,6 +829,27 @@ kcm_get_version(krb5_context context, return 0; } +static krb5_error_code +kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to) +{ + krb5_set_error_string(context, "kcm_move not implemented"); + return EINVAL; +} + +static krb5_error_code +kcm_default_name(krb5_context context, char **str) +{ + return _krb5_expand_default_cc_name(context, + KRB5_DEFAULT_CCNAME_KCM, + str); +} + +/** + * Variable containing the KCM based credential cache implemention. + * + * @ingroup krb5_ccache + */ + const krb5_cc_ops krb5_kcm_ops = { "KCM", kcm_get_name, @@ -845,7 +866,12 @@ const krb5_cc_ops krb5_kcm_ops = { kcm_end_get, kcm_remove_cred, kcm_set_flags, - kcm_get_version + kcm_get_version, + NULL, + NULL, + NULL, + kcm_move, + kcm_default_name }; krb5_boolean diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c index f6c7858c12..79a3f20e79 100644 --- a/source4/heimdal/lib/krb5/keytab.c +++ b/source4/heimdal/lib/krb5/keytab.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab.c 20211 2007-02-09 07:11:03Z lha $"); +RCSID("$Id: keytab.c 22532 2008-01-27 11:59:18Z lha $"); /* * Register a new keytab in `ops' @@ -337,8 +337,9 @@ krb5_kt_get_entry(krb5_context context, ret = krb5_kt_start_seq_get (context, id, &cursor); if (ret) { - krb5_clear_error_string(context); - return KRB5_KT_NOTFOUND; /* XXX i.e. file not found */ + /* This is needed for krb5_verify_init_creds, but keep error + * string from previous error for the human. */ + return KRB5_KT_NOTFOUND; } entry->vno = 0; diff --git a/source4/heimdal/lib/krb5/keytab_file.c b/source4/heimdal/lib/krb5/keytab_file.c index 4ada3a463e..be195d96c2 100644 --- a/source4/heimdal/lib/krb5/keytab_file.c +++ b/source4/heimdal/lib/krb5/keytab_file.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_file.c 17457 2006-05-05 12:36:57Z lha $"); +RCSID("$Id: keytab_file.c 22532 2008-01-27 11:59:18Z lha $"); #define KRB5_KT_VNO_1 1 #define KRB5_KT_VNO_2 2 @@ -334,8 +334,8 @@ fkt_start_seq_get_int(krb5_context context, c->fd = open (d->filename, flags); if (c->fd < 0) { ret = errno; - krb5_set_error_string(context, "%s: %s", d->filename, - strerror(ret)); + krb5_set_error_string(context, "keytab %s open failed: %s", + d->filename, strerror(ret)); return ret; } ret = _krb5_xlock(context, c->fd, exclusive, d->filename); diff --git a/source4/heimdal/lib/krb5/keytab_keyfile.c b/source4/heimdal/lib/krb5/keytab_keyfile.c index 77455ba5f7..aa612add09 100644 --- a/source4/heimdal/lib/krb5/keytab_keyfile.c +++ b/source4/heimdal/lib/krb5/keytab_keyfile.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c 20695 2007-05-30 14:09:09Z lha $"); +RCSID("$Id: keytab_keyfile.c 22532 2008-01-27 11:59:18Z lha $"); /* afs keyfile operations --------------------------------------- */ @@ -197,8 +197,8 @@ akf_start_seq_get(krb5_context context, c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600); if (c->fd < 0) { ret = errno; - krb5_set_error_string(context, "open(%s): %s", d->filename, - strerror(ret)); + krb5_set_error_string(context, "keytab afs keyfil open %s failed: %s", + d->filename, strerror(ret)); return ret; } diff --git a/source4/heimdal/lib/krb5/keytab_krb4.c b/source4/heimdal/lib/krb5/keytab_krb4.c index 907836c144..32bb00141a 100644 --- a/source4/heimdal/lib/krb5/keytab_krb4.c +++ b/source4/heimdal/lib/krb5/keytab_krb4.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_krb4.c 17046 2006-04-10 17:10:53Z lha $"); +RCSID("$Id: keytab_krb4.c 22532 2008-01-27 11:59:18Z lha $"); struct krb4_kt_data { char *filename; @@ -134,14 +134,15 @@ krb4_kt_start_seq_get_int (krb5_context context, if (c->fd < 0) { ret = errno; free (ed); - krb5_set_error_string(context, "open(%s): %s", d->filename, - strerror(ret)); + krb5_set_error_string(context, "keytab krb5 open %s failed: %s", + d->filename, strerror(ret)); return ret; } c->sp = krb5_storage_from_fd(c->fd); if(c->sp == NULL) { close(c->fd); free(ed); + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } krb5_storage_set_eof_code(c->sp, KRB5_KT_END); @@ -369,8 +370,11 @@ krb4_kt_remove_entry(krb5_context context, if(fd < 0) { memset(data.data, 0, data.length); krb5_data_free(&data); - if(errno == EACCES || errno == EROFS) + if(errno == EACCES || errno == EROFS) { + krb5_set_error_string(context, "failed to open %s for writing", + d->filename); return KRB5_KT_NOWRITE; + } return errno; } @@ -378,14 +382,16 @@ krb4_kt_remove_entry(krb5_context context, memset(data.data, 0, data.length); krb5_data_free(&data); close(fd); - krb5_set_error_string(context, "failed writing to \"%s\"", d->filename); + krb5_set_error_string(context, "failed writing to file %s", + d->filename); return errno; } memset(data.data, 0, data.length); if(fstat(fd, &st) < 0) { krb5_data_free(&data); close(fd); - krb5_set_error_string(context, "failed getting size of \"%s\"", d->filename); + krb5_set_error_string(context, "failed getting size of file %s", + d->filename); return errno; } st.st_size -= data.length; @@ -396,7 +402,8 @@ krb4_kt_remove_entry(krb5_context context, if(n <= 0) { krb5_data_free(&data); close(fd); - krb5_set_error_string(context, "failed writing to \"%s\"", d->filename); + krb5_set_error_string(context, "failed writing to file %s", + d->filename); return errno; } @@ -405,17 +412,20 @@ krb4_kt_remove_entry(krb5_context context, if(ftruncate(fd, data.length) < 0) { krb5_data_free(&data); close(fd); - krb5_set_error_string(context, "failed truncating \"%s\"", d->filename); + krb5_set_error_string(context, "failed truncating file %s", + d->filename); return errno; } krb5_data_free(&data); if(close(fd) < 0) { - krb5_set_error_string(context, "error closing \"%s\"", d->filename); + krb5_set_error_string(context, "error closing %s", + d->filename); return errno; } return 0; } else { krb5_storage_free(sp); + krb5_set_error_string(context, "Keytab entry not found"); return KRB5_KT_NOTFOUND; } } diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 9a84dde61a..7e04446fe0 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -276,7 +276,7 @@ _krb5_mk_req_internal ( krb5_key_usage /*checksum_usage*/, krb5_key_usage /*encrypt_usage*/); -void KRB5_LIB_FUNCTION +krb5_error_code KRB5_LIB_FUNCTION _krb5_n_fold ( const void */*str*/, size_t /*len*/, @@ -292,7 +292,7 @@ _krb5_oid_to_enctype ( krb5_error_code _krb5_pac_sign ( krb5_context /*context*/, - struct krb5_pac */*p*/, + krb5_pac /*p*/, time_t /*authtime*/, krb5_principal /*principal*/, const krb5_keyblock */*server_key*/, @@ -396,13 +396,6 @@ _krb5_plugin_get_next (struct krb5_plugin */*p*/); void * _krb5_plugin_get_symbol (struct krb5_plugin */*p*/); -krb5_error_code -_krb5_plugin_register ( - krb5_context /*context*/, - enum krb5_plugin_type /*type*/, - const char */*name*/, - void */*symbol*/); - krb5_error_code KRB5_LIB_FUNCTION _krb5_principal2principalname ( PrincipalName */*p*/, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 740b394be8..647d8886b7 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -670,6 +670,12 @@ krb5_cc_initialize ( krb5_ccache /*id*/, krb5_principal /*primary_principal*/); +krb5_error_code +krb5_cc_move ( + krb5_context /*context*/, + krb5_ccache /*from*/, + krb5_ccache /*to*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_new_unique ( krb5_context /*context*/, @@ -1329,6 +1335,13 @@ krb5_digest_init_request ( krb5_realm /*realm*/, krb5_ccache /*ccache*/); +krb5_error_code +krb5_digest_probe ( + krb5_context /*context*/, + krb5_realm /*realm*/, + krb5_ccache /*ccache*/, + unsigned */*flags*/); + krb5_boolean krb5_digest_rep_get_status ( krb5_context /*context*/, @@ -1606,6 +1619,9 @@ krb5_err ( ...) __attribute__ ((noreturn, format (printf, 4, 5))); +krb5_error_code KRB5_LIB_FUNCTION + __attribute__((deprecated)) krb5_free_creds_contents (krb5_context context, krb5_creds *c); + krb5_error_code KRB5_LIB_FUNCTION krb5_error_from_rd_error ( krb5_context /*context*/, @@ -1694,11 +1710,6 @@ krb5_free_creds ( krb5_context /*context*/, krb5_creds */*c*/); -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_creds_contents ( - krb5_context /*context*/, - krb5_creds */*c*/); - void KRB5_LIB_FUNCTION krb5_free_data ( krb5_context /*context*/, @@ -2243,6 +2254,14 @@ krb5_get_pw_salt ( krb5_const_principal /*principal*/, krb5_salt */*salt*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_renewed_creds ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_const_principal /*client*/, + krb5_ccache /*ccache*/, + const char */*in_tkt_service*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_get_server_rcache ( krb5_context /*context*/, @@ -2797,45 +2816,45 @@ krb5_openlog ( krb5_error_code krb5_pac_add_buffer ( krb5_context /*context*/, - struct krb5_pac */*p*/, + krb5_pac /*p*/, uint32_t /*type*/, const krb5_data */*data*/); void krb5_pac_free ( krb5_context /*context*/, - struct krb5_pac */*pac*/); + krb5_pac /*pac*/); krb5_error_code krb5_pac_get_buffer ( krb5_context /*context*/, - struct krb5_pac */*p*/, + krb5_pac /*p*/, uint32_t /*type*/, krb5_data */*data*/); krb5_error_code krb5_pac_get_types ( krb5_context /*context*/, - struct krb5_pac */*p*/, + krb5_pac /*p*/, size_t */*len*/, uint32_t **/*types*/); krb5_error_code krb5_pac_init ( krb5_context /*context*/, - struct krb5_pac **/*pac*/); + krb5_pac */*pac*/); krb5_error_code krb5_pac_parse ( krb5_context /*context*/, const void */*ptr*/, size_t /*len*/, - struct krb5_pac **/*pac*/); + krb5_pac */*pac*/); krb5_error_code krb5_pac_verify ( krb5_context /*context*/, - const struct krb5_pac */*pac*/, + const krb5_pac /*pac*/, time_t /*authtime*/, krb5_const_principal /*principal*/, const krb5_keyblock */*server*/, @@ -2887,6 +2906,13 @@ krb5_password_key_proc ( krb5_const_pointer /*keyseed*/, krb5_keyblock **/*key*/); +krb5_error_code +krb5_plugin_register ( + krb5_context /*context*/, + enum krb5_plugin_type /*type*/, + const char */*name*/, + void */*symbol*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_prepend_config_files ( const char */*filelist*/, diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index 4f9a63bf05..571eb6192a 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h 21551 2007-07-15 09:03:39Z lha $ */ +/* $Id: krb5.h 22100 2007-12-03 17:15:00Z lha $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -75,15 +75,16 @@ typedef struct krb5_crypto_data *krb5_crypto; struct krb5_get_creds_opt_data; typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt; -struct krb5_digest; -typedef struct krb5_digest *krb5_digest; -struct krb5_ntlm; -typedef struct krb5_ntlm *krb5_ntlm; +struct krb5_digest_data; +typedef struct krb5_digest_data *krb5_digest; +struct krb5_ntlm_data; +typedef struct krb5_ntlm_data *krb5_ntlm; -typedef struct krb5_pac *krb5_pac; +struct krb5_pac_data; +typedef struct krb5_pac_data *krb5_pac; -typedef struct krb5_rd_req_in_ctx *krb5_rd_req_in_ctx; -typedef struct krb5_rd_req_out_ctx *krb5_rd_req_out_ctx; +typedef struct krb5_rd_req_in_ctx_data *krb5_rd_req_in_ctx; +typedef struct krb5_rd_req_out_ctx_data *krb5_rd_req_out_ctx; typedef CKSUMTYPE krb5_cksumtype; @@ -417,6 +418,8 @@ typedef struct krb5_cc_ops { krb5_error_code (*get_cache_first)(krb5_context, krb5_cc_cursor *); krb5_error_code (*get_cache_next)(krb5_context, krb5_cc_cursor, krb5_ccache *); krb5_error_code (*end_cache_get)(krb5_context, krb5_cc_cursor); + krb5_error_code (*move)(krb5_context, krb5_ccache, krb5_ccache); + krb5_error_code (*default_name)(krb5_context, char **); } krb5_cc_ops; struct krb5_log_facility; @@ -753,7 +756,7 @@ enum { KRB5_PRINCIPAL_UNPARSE_DISPLAY = 4 }; -typedef struct krb5_sendto_ctx *krb5_sendto_ctx; +typedef struct krb5_sendto_ctx_data *krb5_sendto_ctx; #define KRB5_SENDTO_DONE 0 #define KRB5_SENDTO_RESTART 1 diff --git a/source4/heimdal/lib/krb5/krb5_ccapi.h b/source4/heimdal/lib/krb5/krb5_ccapi.h index b53d77ef18..59a38425c2 100644 --- a/source4/heimdal/lib/krb5/krb5_ccapi.h +++ b/source4/heimdal/lib/krb5/krb5_ccapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_ccapi.h 17442 2006-05-05 09:31:15Z lha $ */ +/* $Id: krb5_ccapi.h 22090 2007-12-02 23:23:43Z lha $ */ #ifndef KRB5_CCAPI_H #define KRB5_CCAPI_H 1 @@ -180,18 +180,18 @@ typedef struct cc_ccache_functions { cc_int32 (*destroy)(cc_ccache_t); cc_int32 (*set_default)(cc_ccache_t); cc_int32 (*get_credentials_version)(cc_ccache_t, cc_uint32*); - cc_int32 (*get_name)(cc_ccache_t ccache,cc_string_t*); + cc_int32 (*get_name)(cc_ccache_t, cc_string_t*); cc_int32 (*get_principal)(cc_ccache_t, cc_uint32, cc_string_t*); cc_int32 (*set_principal)(cc_ccache_t, cc_uint32, const char*); cc_int32 (*store_credentials)(cc_ccache_t, const cc_credentials_union*); cc_int32 (*remove_credentials)(cc_ccache_t, cc_credentials_t); cc_int32 (*new_credentials_iterator)(cc_ccache_t, cc_credentials_iterator_t*); - cc_int32 (*move)(cc_ccache_t source, cc_ccache_t); + cc_int32 (*move)(cc_ccache_t, cc_ccache_t); cc_int32 (*lock)(cc_ccache_t, cc_uint32, cc_uint32); cc_int32 (*unlock)(cc_ccache_t); cc_int32 (*get_last_default_time)(cc_ccache_t, cc_time_t*); - cc_int32 (*get_change_time)(cc_ccache_t ccache, cc_time_t*); + cc_int32 (*get_change_time)(cc_ccache_t, cc_time_t*); cc_int32 (*compare)(cc_ccache_t, cc_ccache_t, cc_uint32*); cc_int32 (*get_kdc_time_offset)(cc_ccache_t, cc_int32, cc_time_t *); cc_int32 (*set_kdc_time_offset)(cc_ccache_t, cc_int32, cc_time_t); diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index b41e6e1182..8b7c41cc80 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h 21552 2007-07-15 09:04:00Z lha $ */ +/* $Id: krb5_locl.h 22226 2007-12-08 21:31:53Z lha $ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ @@ -231,14 +231,18 @@ typedef struct krb5_context_data { krb5_addresses *ignore_addresses; char *default_cc_name; char *default_cc_name_env; + int default_cc_name_set; void *mutex; /* protects error_string/error_buf */ int large_msg_size; - int dns_canonicalize_hostname; + int flags; +#define KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME 1 +#define KRB5_CTX_F_CHECK_PAC 2 struct send_to_kdc *send_to_kdc; } krb5_context_data; #define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}" #define KRB5_DEFAULT_CCNAME_API "API:" +#define KRB5_DEFAULT_CCNAME_KCM "KCM:%{uid}" #define EXTRACT_TICKET_ALLOW_CNAME_MISMATCH 1 #define EXTRACT_TICKET_ALLOW_SERVER_MISMATCH 2 @@ -248,11 +252,11 @@ typedef struct krb5_context_data { * Configurable options */ -#ifndef KRB5_DEFAULT_CCNAME +#ifndef KRB5_DEFAULT_CCTYPE #ifdef __APPLE__ -#define KRB5_DEFAULT_CCNAME KRB5_DEFAULT_CCNAME_API +#define KRB5_DEFAULT_CCTYPE (&krb5_acc_ops) #else -#define KRB5_DEFAULT_CCNAME KRB5_DEFAULT_CCNAME_FILE +#define KRB5_DEFAULT_CCTYPE (&krb5_fcc_ops) #endif #endif diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c index ff9261a7db..01bcb09d3b 100644 --- a/source4/heimdal/lib/krb5/mcache.c +++ b/source4/heimdal/lib/krb5/mcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mcache.c 19834 2007-01-11 09:26:21Z lha $"); +RCSID("$Id: mcache.c 22107 2007-12-03 17:22:51Z lha $"); typedef struct krb5_mcache { char *name; @@ -401,6 +401,57 @@ mcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) return 0; } +static krb5_error_code +mcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) +{ + krb5_mcache *mfrom = MCACHE(from), *mto = MCACHE(to); + struct link *creds; + krb5_principal principal; + krb5_mcache **n; + + HEIMDAL_MUTEX_lock(&mcc_mutex); + + /* drop the from cache from the linked list to avoid lookups */ + for(n = &mcc_head; n && *n; n = &(*n)->next) { + if(mfrom == *n) { + *n = mfrom->next; + break; + } + } + + /* swap creds */ + creds = mto->creds; + mto->creds = mfrom->creds; + mfrom->creds = creds; + /* swap principal */ + principal = mto->primary_principal; + mto->primary_principal = mfrom->primary_principal; + mfrom->primary_principal = principal; + + HEIMDAL_MUTEX_unlock(&mcc_mutex); + mcc_destroy(context, from); + + return 0; +} + +static krb5_error_code +mcc_default_name(krb5_context context, char **str) +{ + *str = strdup("MEMORY:"); + if (*str == NULL) { + krb5_set_error_string(context, "out of memory"); + return ENOMEM; + } + return 0; +} + + +/** + * Variable containing the MEMORY based credential cache implemention. + * + * @ingroup krb5_ccache + */ + const krb5_cc_ops krb5_mcc_ops = { "MEMORY", mcc_get_name, @@ -420,5 +471,7 @@ const krb5_cc_ops krb5_mcc_ops = { NULL, mcc_get_cache_first, mcc_get_cache_next, - mcc_end_cache_get + mcc_end_cache_get, + mcc_move, + mcc_default_name }; diff --git a/source4/heimdal/lib/krb5/n-fold.c b/source4/heimdal/lib/krb5/n-fold.c index 1474a76b77..53528cfd1f 100644 --- a/source4/heimdal/lib/krb5/n-fold.c +++ b/source4/heimdal/lib/krb5/n-fold.c @@ -32,21 +32,23 @@ #include "krb5_locl.h" -RCSID("$Id: n-fold.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id: n-fold.c 22190 2007-12-06 16:24:22Z lha $"); -static void +static krb5_error_code rr13(unsigned char *buf, size_t len) { unsigned char *tmp; int bytes = (len + 7) / 8; int i; if(len == 0) - return; + return 0; { const int bits = 13 % len; const int lbit = len % 8; tmp = malloc(bytes); + if (tmp == NULL) + return ENOMEM; memcpy(tmp, buf, bytes); if(lbit) { /* pad final byte with inital bits */ @@ -75,9 +77,10 @@ rr13(unsigned char *buf, size_t len) } free(tmp); } + return 0; } -/* Add `b' to `a', both beeing one's complement numbers. */ +/* Add `b' to `a', both being one's complement numbers. */ static void add1(unsigned char *a, unsigned char *b, size_t len) { @@ -95,22 +98,28 @@ add1(unsigned char *a, unsigned char *b, size_t len) } } -void KRB5_LIB_FUNCTION +krb5_error_code KRB5_LIB_FUNCTION _krb5_n_fold(const void *str, size_t len, void *key, size_t size) { /* if len < size we need at most N * len bytes, ie < 2 * size; if len > size we need at most 2 * len */ + krb5_error_code ret = 0; size_t maxlen = 2 * max(size, len); size_t l = 0; unsigned char *tmp = malloc(maxlen); unsigned char *buf = malloc(len); + if (tmp == NULL || buf == NULL) + return ENOMEM; + memcpy(buf, str, len); memset(key, 0, size); do { memcpy(tmp + l, buf, len); l += len; - rr13(buf, len * 8); + ret = rr13(buf, len * 8); + if (ret) + goto out; while(l >= size) { add1(key, tmp, size); l -= size; @@ -119,8 +128,10 @@ _krb5_n_fold(const void *str, size_t len, void *key, size_t size) memmove(tmp, tmp + size, l); } } while(l != 0); +out: memset(buf, 0, len); free(buf); memset(tmp, 0, maxlen); free(tmp); + return ret; } diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c index f7a5e83ea3..0b44ca1da3 100644 --- a/source4/heimdal/lib/krb5/pac.c +++ b/source4/heimdal/lib/krb5/pac.c @@ -32,8 +32,9 @@ */ #include "krb5_locl.h" +#include -RCSID("$Id: pac.c 21149 2007-06-18 21:50:22Z lha $"); +RCSID("$Id: pac.c 22562 2008-02-03 17:38:35Z lha $"); struct PAC_INFO_BUFFER { uint32_t type; @@ -48,7 +49,7 @@ struct PACTYPE { struct PAC_INFO_BUFFER buffers[1]; }; -struct krb5_pac { +struct krb5_pac_data { struct PACTYPE *pac; krb5_data data; struct PAC_INFO_BUFFER *server_checksum; @@ -82,10 +83,10 @@ static const char zeros[PAC_ALIGNMENT] = { 0 }; krb5_error_code krb5_pac_parse(krb5_context context, const void *ptr, size_t len, - struct krb5_pac **pac) + krb5_pac *pac) { krb5_error_code ret; - struct krb5_pac *p; + krb5_pac p; krb5_storage *sp = NULL; uint32_t i, tmp, tmp2, header_end; @@ -216,10 +217,10 @@ out: } krb5_error_code -krb5_pac_init(krb5_context context, struct krb5_pac **pac) +krb5_pac_init(krb5_context context, krb5_pac *pac) { krb5_error_code ret; - struct krb5_pac *p; + krb5_pac p; p = calloc(1, sizeof(*p)); if (p == NULL) { @@ -248,7 +249,7 @@ krb5_pac_init(krb5_context context, struct krb5_pac **pac) } krb5_error_code -krb5_pac_add_buffer(krb5_context context, struct krb5_pac *p, +krb5_pac_add_buffer(krb5_context context, krb5_pac p, uint32_t type, const krb5_data *data) { krb5_error_code ret; @@ -316,7 +317,7 @@ krb5_pac_add_buffer(krb5_context context, struct krb5_pac *p, } krb5_error_code -krb5_pac_get_buffer(krb5_context context, struct krb5_pac *p, +krb5_pac_get_buffer(krb5_context context, krb5_pac p, uint32_t type, krb5_data *data) { krb5_error_code ret; @@ -361,7 +362,7 @@ krb5_pac_get_buffer(krb5_context context, struct krb5_pac *p, krb5_error_code krb5_pac_get_types(krb5_context context, - struct krb5_pac *p, + krb5_pac p, size_t *len, uint32_t **types) { @@ -385,7 +386,7 @@ krb5_pac_get_types(krb5_context context, */ void -krb5_pac_free(krb5_context context, struct krb5_pac *pac) +krb5_pac_free(krb5_context context, krb5_pac pac) { krb5_data_free(&pac->data); free(pac->pac); @@ -564,51 +565,48 @@ verify_logonname(krb5_context context, ret = krb5_storage_read(sp, s, len); if (ret != len) { krb5_storage_free(sp); - krb5_set_error_string(context, "Failed to read pac logon name"); + krb5_set_error_string(context, "Failed to read PAC logon name"); return EINVAL; } krb5_storage_free(sp); -#if 1 /* cheat for now */ - { - size_t i; - - if (len & 1) { - krb5_set_error_string(context, "PAC logon name malformed"); - return EINVAL; - } - - for (i = 0; i < len / 2; i++) { - if (s[(i * 2) + 1]) { - krb5_set_error_string(context, "PAC logon name not ASCII"); - return EINVAL; - } - s[i] = s[i * 2]; - } - s[i] = '\0'; - } -#else { + size_t ucs2len = len / 2; uint16_t *ucs2; - ssize_t ucs2len; size_t u8len; + unsigned int flags = WIND_RW_LE; - ucs2 = malloc(sizeof(ucs2[0]) * len / 2); - if (ucs2) - abort(); - ucs2len = wind_ucs2read(s, len / 2, ucs2); + ucs2 = malloc(sizeof(ucs2[0]) * ucs2len); + if (ucs2 == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + ret = wind_ucs2read(s, len, &flags, ucs2, &ucs2len); free(s); - if (len < 0) - return -1; - ret = wind_ucs2toutf8(ucs2, ucs2len, NULL, &u8len); - if (ret < 0) - abort(); - s = malloc(u8len + 1); - if (s == NULL) - abort(); - wind_ucs2toutf8(ucs2, ucs2len, s, &u8len); + if (ret) { + free(ucs2); + krb5_set_error_string(context, "Failed to convert string to UCS-2"); + return ret; + } + ret = wind_ucs2utf8_length(ucs2, ucs2len, &u8len); + if (ret) { + free(ucs2); + krb5_set_error_string(context, "Failed to count length of UCS-2 string"); + return ret; + } + u8len += 1; /* Add space for NUL */ + s = malloc(u8len); + if (s == NULL) { + free(ucs2); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len); free(ucs2); + if (ret) { + krb5_set_error_string(context, "Failed to convert to UTF-8"); + return ret; + } } -#endif ret = krb5_parse_name_flags(context, s, KRB5_PRINCIPAL_PARSE_NO_REALM, &p2); free(s); if (ret) @@ -703,7 +701,7 @@ out: krb5_error_code krb5_pac_verify(krb5_context context, - const struct krb5_pac *pac, + const krb5_pac pac, time_t authtime, krb5_const_principal principal, const krb5_keyblock *server, @@ -840,7 +838,7 @@ pac_checksum(krb5_context context, krb5_error_code _krb5_pac_sign(krb5_context context, - struct krb5_pac *p, + krb5_pac p, time_t authtime, krb5_principal principal, const krb5_keyblock *server_key, diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index c8587770f4..4a585bff07 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c 21684 2007-07-23 23:09:10Z lha $"); +RCSID("$Id: pkinit.c 22673 2008-03-10 15:00:05Z lha $"); struct krb5_dh_moduli { char *name; @@ -139,17 +139,59 @@ integer_to_BN(krb5_context context, const char *field, const heim_integer *f) return bn; } +struct certfind { + const char *type; + const heim_oid *oid; +}; + +/* + * Try searchin the key by to use by first looking for for PK-INIT + * EKU, then the Microsoft smart card EKU and last, no special EKU at all. + */ static krb5_error_code -_krb5_pk_create_sign(krb5_context context, - const heim_oid *eContentType, - krb5_data *eContent, - struct krb5_pk_identity *id, - hx509_peer_info peer, - krb5_data *sd_data) +find_cert(krb5_context context, struct krb5_pk_identity *id, + hx509_query *q, hx509_cert *cert) { - hx509_cert cert; - hx509_query *q; + struct certfind cf[3] = { + { "PKINIT EKU" }, + { "MS EKU" }, + { "no" } + }; + int i, ret; + + cf[0].oid = oid_id_pkekuoid(); + cf[1].oid = oid_id_pkinit_ms_eku(); + cf[2].oid = NULL; + + for (i = 0; i < sizeof(cf)/sizeof(cf[0]); i++) { + ret = hx509_query_match_eku(q, cf[i].oid); + if (ret) { + _krb5_pk_copy_error(context, id->hx509ctx, ret, + "Failed setting %s OID", cf[i].type); + return ret; + } + + ret = hx509_certs_find(id->hx509ctx, id->certs, q, cert); + if (ret == 0) + break; + _krb5_pk_copy_error(context, id->hx509ctx, ret, + "Failed cert for finding %s OID", cf[i].type); + } + return ret; +} + + +static krb5_error_code +create_signature(krb5_context context, + const heim_oid *eContentType, + krb5_data *eContent, + struct krb5_pk_identity *id, + hx509_peer_info peer, + krb5_data *sd_data) +{ + hx509_cert cert = NULL; + hx509_query *q = NULL; int ret; ret = hx509_query_alloc(id->hx509ctx, &q); @@ -162,13 +204,10 @@ _krb5_pk_create_sign(krb5_context context, hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); - ret = hx509_certs_find(id->hx509ctx, id->certs, q, &cert); + ret = find_cert(context, id, q, &cert); hx509_query_free(id->hx509ctx, q); - if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Find certificate to signed CMS data"); + if (ret) return ret; - } ret = hx509_cms_create_signed_1(id->hx509ctx, 0, @@ -181,11 +220,14 @@ _krb5_pk_create_sign(krb5_context context, NULL, id->certs, sd_data); - if (ret) - _krb5_pk_copy_error(context, id->hx509ctx, ret, "create CMS signedData"); hx509_cert_free(cert); + if (ret) { + _krb5_pk_copy_error(context, id->hx509ctx, ret, + "Create CMS signedData"); + return ret; + } - return ret; + return 0; } static int @@ -212,8 +254,7 @@ cert2epi(hx509_context context, void *ctx, hx509_cert c) return ENOMEM; } - ret = hx509_name_to_der_name(subject, &id.subjectName->data, - &id.subjectName->length); + ret = hx509_name_binary(subject, id.subjectName); if (ret) { hx509_name_free(&subject); free_ExternalPrincipalIdentifier(&id); @@ -544,12 +585,8 @@ pk_mk_padata(krb5_context context, } else krb5_abortx(context, "internal pkinit error"); - ret = _krb5_pk_create_sign(context, - oid, - &buf, - ctx->id, - ctx->peer, - &sd_buf); + ret = create_signature(context, oid, &buf, ctx->id, + ctx->peer, &sd_buf); krb5_data_free(&buf); if (ret) goto out; @@ -878,7 +915,8 @@ pk_verify_host(krb5_context context, hx509_octet_string_list list; int i; - ret = hx509_cert_find_subjectAltName_otherName(host->cert, + ret = hx509_cert_find_subjectAltName_otherName(ctx->id->hx509ctx, + host->cert, oid_id_pkinit_san(), &list); if (ret) { diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c index 43fa3f5b45..bae28496aa 100644 --- a/source4/heimdal/lib/krb5/plugin.c +++ b/source4/heimdal/lib/krb5/plugin.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: plugin.c 21702 2007-07-26 19:13:53Z lha $"); +RCSID("$Id: plugin.c 22033 2007-11-10 10:39:47Z lha $"); #ifdef HAVE_DLFCN_H #include #endif @@ -117,11 +117,23 @@ loadlib(krb5_context context, } #endif /* HAVE_DLOPEN */ +/** + * Register a plugin symbol name of specific type. + * @param context a Keberos context + * @param type type of plugin symbol + * @param name name of plugin symbol + * @param symbol a pointer to the named symbol + * @return In case of error a non zero error com_err error is returned + * and the Kerberos error string is set. + * + * @ingroup krb5_support + */ + krb5_error_code -_krb5_plugin_register(krb5_context context, - enum krb5_plugin_type type, - const char *name, - void *symbol) +krb5_plugin_register(krb5_context context, + enum krb5_plugin_type type, + const char *name, + void *symbol) { struct plugin *e; @@ -250,4 +262,3 @@ _krb5_plugin_free(struct krb5_plugin *list) list = next; } } - diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index c1a29d266b..cdad477115 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,6 +31,22 @@ * SUCH DAMAGE. */ +/** + * @page page_principal The principal handing functions. + * + * A Kerberos principal is a email address looking string that + * contains to parts separeted by a @. The later part is the kerbero + * realm the principal belongs to and the former is a list of 0 or + * more components. For example + * @verbatim +lha@SU.SE +host/hummel.it.su.se@SU.SE +host/admin@H5L.ORG +@endverbatim + * + * See the library functions here: @ref krb5_principal + */ + #include "krb5_locl.h" #ifdef HAVE_RES_SEARCH #define USE_RESOLVER @@ -41,7 +57,7 @@ #include #include "resolve.h" -RCSID("$Id: principal.c 21285 2007-06-25 12:30:55Z lha $"); +RCSID("$Id: principal.c 22549 2008-01-29 09:37:25Z lha $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) @@ -49,6 +65,21 @@ RCSID("$Id: principal.c 21285 2007-06-25 12:30:55Z lha $"); #define princ_ncomp(P, N) ((P)->name.name_string.val[(N)]) #define princ_realm(P) ((P)->realm) +/** + * Frees a Kerberos principal allocated by the library with + * krb5_parse_name(), krb5_make_principal() or any other related + * principal functions. + * + * @param context A Kerberos context. + * @param p a principal to free. + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + + + void KRB5_LIB_FUNCTION krb5_free_principal(krb5_context context, krb5_principal p) @@ -804,7 +835,7 @@ krb5_425_conv_principal_ext2(krb5_context context, char local_hostname[MAXHOSTNAMELEN]; /* do the following: if the name is found in the - `v4_name_convert:host' part, is is assumed to be a `host' type + `v4_name_convert:host' part, is assumed to be a `host' type principal, and the instance is looked up in the `v4_instance_convert' part. if not found there the name is (optionally) looked up as a hostname, and if that doesn't yield diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c index 47b5df85b2..ed7a2ccc52 100644 --- a/source4/heimdal/lib/krb5/rd_priv.c +++ b/source4/heimdal/lib/krb5/rd_priv.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_priv.c 21770 2007-08-01 04:04:33Z lha $"); +RCSID("$Id: rd_priv.c 21751 2007-07-31 20:42:20Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_priv(krb5_context context, diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index 001b47f094..0f33b97164 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_req.c 21004 2007-06-08 01:53:10Z lha $"); +RCSID("$Id: rd_req.c 22235 2007-12-08 21:52:07Z lha $"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -137,7 +137,7 @@ check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc) krb5_error_code ret; /* - * Windows 2000 and 2003 uses this inside their TGT so its normaly + * Windows 2000 and 2003 uses this inside their TGT so it's normaly * not seen by others, however, samba4 joined with a Windows AD as * a Domain Controller gets exposed to this. */ @@ -512,13 +512,13 @@ krb5_verify_ap_req2(krb5_context context, * */ -struct krb5_rd_req_in_ctx { +struct krb5_rd_req_in_ctx_data { krb5_keytab keytab; krb5_keyblock *keyblock; - krb5_boolean no_pac_check; + krb5_boolean check_pac; }; -struct krb5_rd_req_out_ctx { +struct krb5_rd_req_out_ctx_data { krb5_keyblock *keyblock; krb5_flags ap_req_options; krb5_ticket *ticket; @@ -536,6 +536,7 @@ krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx) krb5_set_error_string(context, "out of memory"); return ENOMEM; } + (*ctx)->check_pac = (context->flags & KRB5_CTX_F_CHECK_PAC) ? 1 : 0; return 0; } @@ -548,12 +549,24 @@ krb5_rd_req_in_set_keytab(krb5_context context, return 0; } +/** + * Set if krb5_rq_red() is going to check the Windows PAC or not + * + * @param context Keberos 5 context. + * @param in krb5_rd_req_in_ctx to check the option on. + * @param flag flag to select if to check the pac (TRUE) or not (FALSE). + * + * @return Kerberos 5 error code, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_rd_req_in_set_pac_check(krb5_context context, krb5_rd_req_in_ctx in, krb5_boolean flag) { - in->no_pac_check = !flag; + in->check_pac = flag; return 0; } @@ -826,20 +839,21 @@ krb5_rd_req_ctx(krb5_context context, goto out; } - ret = krb5_verify_ap_req(context, - auth_context, - &ap_req, - server, - o->keyblock, - 0, - &o->ap_req_options, - &o->ticket); + ret = krb5_verify_ap_req2(context, + auth_context, + &ap_req, + server, + o->keyblock, + 0, + &o->ap_req_options, + &o->ticket, + KRB5_KU_AP_REQ_AUTH); if (ret) goto out; /* If there is a PAC, verify its server signature */ - if (inctx->no_pac_check == FALSE) { + if (inctx->check_pac) { krb5_pac pac; krb5_data data; diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c index c1a4df2b01..2582a615c0 100644 --- a/source4/heimdal/lib/krb5/send_to_kdc.c +++ b/source4/heimdal/lib/krb5/send_to_kdc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: send_to_kdc.c 21062 2007-06-12 17:58:57Z lha $"); +RCSID("$Id: send_to_kdc.c 21934 2007-08-27 14:21:04Z lha $"); struct send_to_kdc { krb5_send_to_kdc_func func; @@ -448,7 +448,7 @@ krb5_set_send_to_kdc_func(krb5_context context, return 0; } -struct krb5_sendto_ctx { +struct krb5_sendto_ctx_data { int flags; int type; krb5_sendto_ctx_func func; diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c index 4abcf44a43..c9cbbb5cef 100644 --- a/source4/heimdal/lib/krb5/store.c +++ b/source4/heimdal/lib/krb5/store.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store.c 20529 2007-04-22 14:28:19Z lha $"); +RCSID("$Id: store.c 22071 2007-11-14 20:04:50Z lha $"); #define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V)) #define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE) @@ -838,8 +838,8 @@ krb5_ret_creds(krb5_storage *sp, krb5_creds *creds) if(ret) goto cleanup; /* * Runtime detect the what is the higher bits of the bitfield. If - * any of the higher bits are set in the input data, its either a - * new ticket flag (and this code need to be removed), or its a + * any of the higher bits are set in the input data, it's either a + * new ticket flag (and this code need to be removed), or it's a * MIT cache (or new Heimdal cache), lets change it to our current * format. */ @@ -993,8 +993,8 @@ krb5_ret_creds_tag(krb5_storage *sp, if(ret) goto cleanup; /* * Runtime detect the what is the higher bits of the bitfield. If - * any of the higher bits are set in the input data, its either a - * new ticket flag (and this code need to be removed), or its a + * any of the higher bits are set in the input data, it's either a + * new ticket flag (and this code need to be removed), or it's a * MIT cache (or new Heimdal cache), lets change it to our current * format. */ diff --git a/source4/heimdal/lib/krb5/store_emem.c b/source4/heimdal/lib/krb5/store_emem.c index 07acdd1a00..c38c1b53c3 100644 --- a/source4/heimdal/lib/krb5/store_emem.c +++ b/source4/heimdal/lib/krb5/store_emem.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_emem.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id: store_emem.c 22574 2008-02-05 20:31:55Z lha $"); typedef struct emem_storage{ unsigned char *base; @@ -115,13 +115,28 @@ emem_free(krb5_storage *sp) krb5_storage * KRB5_LIB_FUNCTION krb5_storage_emem(void) { - krb5_storage *sp = malloc(sizeof(krb5_storage)); - emem_storage *s = malloc(sizeof(*s)); + krb5_storage *sp; + emem_storage *s; + + sp = malloc(sizeof(krb5_storage)); + if (sp == NULL) + return NULL; + + s = malloc(sizeof(*s)); + if (s == NULL) { + free(sp); + return NULL; + } sp->data = s; sp->flags = 0; sp->eof_code = HEIM_ERR_EOF; s->size = 1024; s->base = malloc(s->size); + if (s->base == NULL) { + free(sp); + free(s); + return NULL; + } s->len = 0; s->ptr = s->base; sp->fetch = emem_fetch; diff --git a/source4/heimdal/lib/krb5/transited.c b/source4/heimdal/lib/krb5/transited.c index 7f5498f592..9b67ecc04f 100644 --- a/source4/heimdal/lib/krb5/transited.c +++ b/source4/heimdal/lib/krb5/transited.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c 17043 2006-04-10 10:26:35Z lha $"); +RCSID("$Id: transited.c 21745 2007-07-31 16:11:25Z lha $"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead @@ -87,6 +87,10 @@ make_path(krb5_context context, struct tr_realm *r, if(strcmp(p, to) == 0) break; tmp = calloc(1, sizeof(*tmp)); + if(tmp == NULL){ + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } tmp->next = path; path = tmp; path->realm = strdup(p); @@ -107,6 +111,10 @@ make_path(krb5_context context, struct tr_realm *r, if(strncmp(to, from, p - from) == 0) break; tmp = calloc(1, sizeof(*tmp)); + if(tmp == NULL){ + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } tmp->next = path; path = tmp; path->realm = malloc(p - from + 1); @@ -277,6 +285,10 @@ decode_realms(krb5_context context, } if(tr[i] == ','){ tmp = malloc(tr + i - start + 1); + if(tmp == NULL){ + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } memcpy(tmp, start, tr + i - start); tmp[tr + i - start] = '\0'; r = make_realm(tmp); @@ -290,6 +302,11 @@ decode_realms(krb5_context context, } } tmp = malloc(tr + i - start + 1); + if(tmp == NULL){ + free(*realms); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } memcpy(tmp, start, tr + i - start); tmp[tr + i - start] = '\0'; r = make_realm(tmp); diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c index 3f99df6391..37b1e35dd1 100644 --- a/source4/heimdal/lib/krb5/v4_glue.c +++ b/source4/heimdal/lib/krb5/v4_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: v4_glue.c 21572 2007-07-16 05:13:08Z lha $"); +RCSID("$Id: v4_glue.c 22071 2007-11-14 20:04:50Z lha $"); #include "krb5-v4compat.h" @@ -599,7 +599,7 @@ _krb5_krb_cr_err_reply(krb5_context context, RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error); RCHECK(ret, put_nir(sp, name, inst, realm), error); RCHECK(ret, krb5_store_int32(sp, time_ws), error); - /* If its a Kerberos 4 error-code, remove the et BASE */ + /* If it is a Kerberos 4 error-code, remove the et BASE */ if (e >= ERROR_TABLE_BASE_krb && e <= ERROR_TABLE_BASE_krb + 255) e -= ERROR_TABLE_BASE_krb; RCHECK(ret, krb5_store_int32(sp, e), error); diff --git a/source4/heimdal/lib/ntlm/heimntlm-protos.h b/source4/heimdal/lib/ntlm/heimntlm-protos.h index 438ba2b94d..bc64791b43 100644 --- a/source4/heimdal/lib/ntlm/heimntlm-protos.h +++ b/source4/heimdal/lib/ntlm/heimntlm-protos.h @@ -43,7 +43,7 @@ heim_ntlm_calculate_ntlm2_sess ( int heim_ntlm_decode_targetinfo ( - struct ntlm_buf */*data*/, + const struct ntlm_buf */*data*/, int /*ucs2*/, struct ntlm_targetinfo */*ti*/); @@ -65,7 +65,7 @@ heim_ntlm_decode_type3 ( int heim_ntlm_encode_targetinfo ( - struct ntlm_targetinfo */*ti*/, + const struct ntlm_targetinfo */*ti*/, int /*ucs2*/, struct ntlm_buf */*data*/); @@ -76,14 +76,17 @@ heim_ntlm_encode_type1 ( int heim_ntlm_encode_type2 ( - struct ntlm_type2 */*type2*/, + const struct ntlm_type2 */*type2*/, struct ntlm_buf */*data*/); int heim_ntlm_encode_type3 ( - struct ntlm_type3 */*type3*/, + const struct ntlm_type3 */*type3*/, struct ntlm_buf */*data*/); +void +heim_ntlm_free_buf (struct ntlm_buf */*p*/); + void heim_ntlm_free_targetinfo (struct ntlm_targetinfo */*ti*/); diff --git a/source4/heimdal/lib/ntlm/heimntlm.h b/source4/heimdal/lib/ntlm/heimntlm.h index 1c1afe1eb1..09d2205fd2 100644 --- a/source4/heimdal/lib/ntlm/heimntlm.h +++ b/source4/heimdal/lib/ntlm/heimntlm.h @@ -31,17 +31,22 @@ * SUCH DAMAGE. */ -/* $Id: heimntlm.h 19469 2006-12-20 07:28:37Z lha $ */ +/* $Id: heimntlm.h 22376 2007-12-28 18:38:23Z lha $ */ #ifndef HEIM_NTLM_H #define HEIM_NTLM_H +/** + * Buffer for storing data in the NTLM library. When filled in by the + * library it should be freed with heim_ntlm_free_buf(). + */ struct ntlm_buf { - size_t length; - void *data; + size_t length; /**< length buffer data */ + void *data; /**< pointer to the data itself */ }; #define NTLM_NEG_UNICODE 0x00000001 +#define NTLM_NEG_TARGET 0x00000004 #define NTLM_NEG_SIGN 0x00000010 #define NTLM_NEG_SEAL 0x00000020 #define NTLM_NEG_NTLM 0x00000200 @@ -52,42 +57,66 @@ struct ntlm_buf { #define NTLM_NEG_ALWAYS_SIGN 0x00008000 #define NTLM_NEG_NTLM2_SESSION 0x00080000 -#define NTLM_NEG_TARGET_DOMAIN 0x00010000 +#define NTLM_TARGET_DOMAIN 0x00010000 +#define NTLM_TARGET_SERVER 0x00020000 #define NTLM_ENC_128 0x20000000 #define NTLM_NEG_KEYEX 0x40000000 +/** + * Struct for the NTLM target info, the strings is assumed to be in + * UTF8. When filled in by the library it should be freed with + * heim_ntlm_free_targetinfo(). + */ struct ntlm_targetinfo { - char *servername; - char *domainname; - char *dnsdomainname; - char *dnsservername; + char *servername; /**< */ + char *domainname; /**< */ + char *dnsdomainname; /**< */ + char *dnsservername; /**< */ }; +/** + * Struct for the NTLM type1 message info, the strings is assumed to + * be in UTF8. When filled in by the library it should be freed with + * heim_ntlm_free_type1(). + */ + struct ntlm_type1 { - uint32_t flags; - char *domain; - char *hostname; - uint32_t os[2]; + uint32_t flags; /**< */ + char *domain; /**< */ + char *hostname; /**< */ + uint32_t os[2]; /**< */ }; +/** + * Struct for the NTLM type2 message info, the strings is assumed to + * be in UTF8. When filled in by the library it should be freed with + * heim_ntlm_free_type2(). + */ + struct ntlm_type2 { - uint32_t flags; - char *targetname; - struct ntlm_buf targetinfo; - unsigned char challange[8]; - uint32_t context[2]; - uint32_t os[2]; + uint32_t flags; /**< */ + char *targetname; /**< */ + struct ntlm_buf targetinfo; /**< */ + unsigned char challange[8]; /**< */ + uint32_t context[2]; /**< */ + uint32_t os[2]; /**< */ }; +/** + * Struct for the NTLM type3 message info, the strings is assumed to + * be in UTF8. When filled in by the library it should be freed with + * heim_ntlm_free_type3(). + */ + struct ntlm_type3 { - uint32_t flags; - char *username; - char *targetname; - struct ntlm_buf lm; - struct ntlm_buf ntlm; - struct ntlm_buf sessionkey; - char *ws; - uint32_t os[2]; + uint32_t flags; /**< */ + char *username; /**< */ + char *targetname; /**< */ + struct ntlm_buf lm; /**< */ + struct ntlm_buf ntlm; /**< */ + struct ntlm_buf sessionkey; /**< */ + char *ws; /**< */ + uint32_t os[2]; /**< */ }; #include diff --git a/source4/heimdal/lib/ntlm/ntlm.c b/source4/heimdal/lib/ntlm/ntlm.c index 671bf329e8..f3dccfaca1 100644 --- a/source4/heimdal/lib/ntlm/ntlm.c +++ b/source4/heimdal/lib/ntlm/ntlm.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: ntlm.c 21604 2007-07-17 06:48:55Z lha $"); +RCSID("$Id: ntlm.c 22370 2007-12-28 16:12:01Z lha $"); #include #include @@ -51,12 +51,37 @@ RCSID("$Id: ntlm.c 21604 2007-07-17 06:48:55Z lha $"); #include - -/* - * Source of NTLM information: - * http://davenport.sourceforge.net/ntlm.html +/*! \mainpage Heimdal NTLM library + * + * \section intro Introduction + * + * Heimdal libheimntlm library is a implementation of the NTLM + * protocol, both version 1 and 2. The GSS-API mech that uses this + * library adds support for transport encryption and integrity + * checking. + * + * NTLM is a protocol for mutual authentication, its still used in + * many protocol where Kerberos is not support, one example is + * EAP/X802.1x mechanism LEAP from Microsoft and Cisco. + * + * This is a support library for the core protocol, its used in + * Heimdal to implement and GSS-API mechanism. There is also support + * in the KDC to do remote digest authenticiation, this to allow + * services to authenticate users w/o direct access to the users ntlm + * hashes (same as Kerberos arcfour enctype hashes). + * + * More information about the NTLM protocol can found here + * http://davenport.sourceforge.net/ntlm.html . + * + * The Heimdal projects web page: http://www.h5l.org/ */ +/** @defgroup ntlm_core Heimdal NTLM library + * + * The NTLM core functions implement the string2key generation + * function, message encode and decode function, and the hash function + * functions. + */ struct sec_buffer { uint16_t length; @@ -73,8 +98,16 @@ static const unsigned char ntlmsigature[8] = "NTLMSSP\x00"; #define CHECK(f, e) \ do { ret = f ; if (ret != (e)) { ret = EINVAL; goto out; } } while(0) -static void -_ntlm_free_buf(struct ntlm_buf *p) +/** + * heim_ntlm_free_buf frees the ntlm buffer + * + * @param p buffer to be freed + * + * @ingroup ntlm_core + */ + +void +heim_ntlm_free_buf(struct ntlm_buf *p) { if (p->data) free(p->data); @@ -96,7 +129,7 @@ ascii2ucs2le(const char *string, int up, struct ntlm_buf *buf) buf->length = len * 2; buf->data = malloc(buf->length); if (buf->data == NULL && len != 0) { - _ntlm_free_buf(buf); + heim_ntlm_free_buf(buf); return ENOMEM; } @@ -104,7 +137,7 @@ ascii2ucs2le(const char *string, int up, struct ntlm_buf *buf) for (i = 0; i < len; i++) { unsigned char t = (unsigned char)string[i]; if (t & 0x80) { - _ntlm_free_buf(buf); + heim_ntlm_free_buf(buf); return EINVAL; } if (up) @@ -201,7 +234,7 @@ put_string(krb5_storage *sp, int ucs2, const char *s) CHECK(krb5_storage_write(sp, buf.data, buf.length), buf.length); if (ucs2) - _ntlm_free_buf(&buf); + heim_ntlm_free_buf(&buf); ret = 0; out: return ret; @@ -226,7 +259,7 @@ out: } static krb5_error_code -put_buf(krb5_storage *sp, struct ntlm_buf *buf) +put_buf(krb5_storage *sp, const struct ntlm_buf *buf) { krb5_error_code ret; CHECK(krb5_storage_write(sp, buf->data, buf->length), buf->length); @@ -235,8 +268,12 @@ out: return ret; } -/* +/** + * Frees the ntlm_targetinfo message + * + * @param ti targetinfo to be freed * + * @ingroup ntlm_core */ void @@ -260,8 +297,22 @@ out: return ret; } +/** + * Encodes a ntlm_targetinfo message. + * + * @param ti the ntlm_targetinfo message to encode. + * @param ucs2 if the strings should be encoded with ucs2 (selected by flag in message). + * @param data is the return buffer with the encoded message, should be + * freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + int -heim_ntlm_encode_targetinfo(struct ntlm_targetinfo *ti, +heim_ntlm_encode_targetinfo(const struct ntlm_targetinfo *ti, int ucs2, struct ntlm_buf *data) { @@ -299,16 +350,34 @@ out: return ret; } +/** + * Decodes an NTLM targetinfo message + * + * @param data input data buffer with the encode NTLM targetinfo message + * @param ucs2 if the strings should be encoded with ucs2 (selected by flag in message). + * @param ti the decoded target info, should be freed with heim_ntlm_free_targetinfo(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + int -heim_ntlm_decode_targetinfo(struct ntlm_buf *data, int ucs2, +heim_ntlm_decode_targetinfo(const struct ntlm_buf *data, + int ucs2, struct ntlm_targetinfo *ti) { memset(ti, 0, sizeof(*ti)); return 0; } -/* - * encoder/decoder type1 messages +/** + * Frees the ntlm_type1 message + * + * @param data message to be freed + * + * @ingroup ntlm_core */ void @@ -367,6 +436,19 @@ out: return ret; } +/** + * Encodes an ntlm_type1 message. + * + * @param type1 the ntlm_type1 message to encode. + * @param data is the return buffer with the encoded message, should be + * freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + int heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data) { @@ -435,8 +517,12 @@ out: return ret; } -/* - * encoder/decoder type 2 messages +/** + * Frees the ntlm_type2 message + * + * @param data message to be freed + * + * @ingroup ntlm_core */ void @@ -444,7 +530,7 @@ heim_ntlm_free_type2(struct ntlm_type2 *data) { if (data->targetname) free(data->targetname); - _ntlm_free_buf(&data->targetinfo); + heim_ntlm_free_buf(&data->targetinfo); memset(data, 0, sizeof(*data)); } @@ -499,8 +585,21 @@ out: return ret; } +/** + * Encodes an ntlm_type2 message. + * + * @param type2 the ntlm_type2 message to encode. + * @param data is the return buffer with the encoded message, should be + * freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + int -heim_ntlm_encode_type2(struct ntlm_type2 *type2, struct ntlm_buf *data) +heim_ntlm_encode_type2(const struct ntlm_type2 *type2, struct ntlm_buf *data) { struct sec_buffer targetname, targetinfo; krb5_error_code ret; @@ -562,22 +661,26 @@ out: return ret; } -/* - * encoder/decoder type 2 messages +/** + * Frees the ntlm_type3 message + * + * @param data message to be freed + * + * @ingroup ntlm_core */ void heim_ntlm_free_type3(struct ntlm_type3 *data) { - _ntlm_free_buf(&data->lm); - _ntlm_free_buf(&data->ntlm); + heim_ntlm_free_buf(&data->lm); + heim_ntlm_free_buf(&data->ntlm); if (data->targetname) free(data->targetname); if (data->username) free(data->username); if (data->ws) free(data->ws); - _ntlm_free_buf(&data->sessionkey); + heim_ntlm_free_buf(&data->sessionkey); memset(data, 0, sizeof(*data)); } @@ -629,7 +732,7 @@ heim_ntlm_decode_type3(const struct ntlm_buf *buf, CHECK(ret_buf(in, &ntlm, &type3->ntlm), 0); CHECK(ret_string(in, ucs2, &target, &type3->targetname), 0); CHECK(ret_string(in, ucs2, &username, &type3->username), 0); - CHECK(ret_string(in, ucs2, &username, &type3->ws), 0); + CHECK(ret_string(in, ucs2, &ws, &type3->ws), 0); if (sessionkey.offset) CHECK(ret_buf(in, &sessionkey, &type3->sessionkey), 0); @@ -641,8 +744,21 @@ out: return ret; } +/** + * Encodes an ntlm_type3 message. + * + * @param type3 the ntlm_type3 message to encode. + * @param data is the return buffer with the encoded message, should be + * freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + int -heim_ntlm_encode_type3(struct ntlm_type3 *type3, struct ntlm_buf *data) +heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data) { struct sec_buffer lm, ntlm, target, username, sessionkey, ws; krb5_error_code ret; @@ -766,8 +882,16 @@ splitandenc(unsigned char *hash, memset(key, 0, sizeof(key)); } -/* - * String-to-key function for NTLM +/** + * Calculate the NTLM key, the password is assumed to be in UTF8. + * + * @param password password to calcute the key for. + * @param key calcuted key, should be freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core */ int @@ -784,18 +908,28 @@ heim_ntlm_nt_key(const char *password, struct ntlm_buf *key) ret = ascii2ucs2le(password, 0, &buf); if (ret) { - _ntlm_free_buf(key); + heim_ntlm_free_buf(key); return ret; } MD4_Init(&ctx); MD4_Update(&ctx, buf.data, buf.length); MD4_Final(key->data, &ctx); - _ntlm_free_buf(&buf); + heim_ntlm_free_buf(&buf); return 0; } -/* +/** * Calculate NTLMv1 response hash + * + * @param key the ntlm v1 key + * @param len length of key + * @param challange sent by the server + * @param answer calculated answer, should be freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core */ int @@ -823,8 +957,18 @@ heim_ntlm_calculate_ntlm1(void *key, size_t len, return 0; } -/* - * Calculate NTLMv1 master key +/** + * Generates an NTLMv1 session random with assosited session master key. + * + * @param key the ntlm v1 key + * @param len length of key + * @param session generated session nonce, should be freed with heim_ntlm_free_buf(). + * @param master calculated session master key, should be freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core */ int @@ -849,8 +993,8 @@ heim_ntlm_build_ntlm1_master(void *key, size_t len, master->length = MD4_DIGEST_LENGTH; master->data = malloc(master->length); if (master->data == NULL) { - _ntlm_free_buf(master); - _ntlm_free_buf(session); + heim_ntlm_free_buf(master); + heim_ntlm_free_buf(session); return EINVAL; } @@ -866,8 +1010,8 @@ heim_ntlm_build_ntlm1_master(void *key, size_t len, } if (RAND_bytes(session->data, session->length) != 1) { - _ntlm_free_buf(master); - _ntlm_free_buf(session); + heim_ntlm_free_buf(master); + heim_ntlm_free_buf(session); return EINVAL; } @@ -877,8 +1021,16 @@ heim_ntlm_build_ntlm1_master(void *key, size_t len, return 0; } -/* +/** + * Generates an NTLMv2 session key. + * + * @param key the ntlm key + * @param len length of key + * @param username name of the user, as sent in the message, assumed to be in UTF8. + * @param target the name of the target, assumed to be in UTF8. + * @param ntlmv2 the ntlmv2 session key * + * @ingroup ntlm_core */ void @@ -932,8 +1084,22 @@ nt2unixtime(uint64_t t) } -/* +/** * Calculate NTLMv2 response + * + * @param key the ntlm key + * @param len length of key + * @param username name of the user, as sent in the message, assumed to be in UTF8. + * @param target the name of the target, assumed to be in UTF8. + * @param serverchallange challange as sent by the server in the type2 message. + * @param infotarget infotarget as sent by the server in the type2 message. + * @param ntlmv2 calculated session key + * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core */ int @@ -1020,8 +1186,23 @@ out: static const int authtimediff = 3600 * 2; /* 2 hours */ -/* +/** * Verify NTLMv2 response. + * + * @param key the ntlm key + * @param len length of key + * @param username name of the user, as sent in the message, assumed to be in UTF8. + * @param target the name of the target, assumed to be in UTF8. + * @param now the time now (0 if the library should pick it up itself) + * @param serverchallange challange as sent by the server in the type2 message. + * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf(). + * @param infotarget infotarget as sent by the server in the type2 message. + * @param ntlmv2 calculated session key + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core */ int @@ -1110,13 +1291,13 @@ heim_ntlm_verify_ntlm2(const void *key, size_t len, HMAC_CTX_cleanup(&c); if (memcmp(serveranswer, clientanswer, 16) != 0) { - _ntlm_free_buf(infotarget); + heim_ntlm_free_buf(infotarget); return EINVAL; } return 0; out: - _ntlm_free_buf(infotarget); + heim_ntlm_free_buf(infotarget); if (sp) krb5_storage_free(sp); return ret; @@ -1125,6 +1306,17 @@ out: /* * Calculate the NTLM2 Session Response + * + * @param clnt_nonce client nonce + * @param svr_chal server challage + * @param ntlm2_hash ntlm hash + * @param lm The LM response, should be freed with heim_ntlm_free_buf(). + * @param ntlm The NTLM response, should be freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core */ int diff --git a/source4/heimdal/lib/vers/print_version.c b/source4/heimdal/lib/vers/print_version.c index 4337d591c4..325f3fa046 100644 --- a/source4/heimdal/lib/vers/print_version.c +++ b/source4/heimdal/lib/vers/print_version.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: print_version.c 19566 2006-12-29 16:00:16Z lha $"); +RCSID("$Id: print_version.c 22428 2008-01-13 09:58:05Z lha $"); #endif #include "roken.h" @@ -50,6 +50,6 @@ print_version(const char *progname) if(*package_list == '\0') package_list = "no version information"; fprintf(stderr, "%s (%s)\n", progname, package_list); - fprintf(stderr, "Copyright 1995-2007 Kungliga Tekniska Högskolan\n"); + fprintf(stderr, "Copyright 1995-2008 Kungliga Tekniska Högskolan\n"); fprintf(stderr, "Send bug-reports to %s\n", PACKAGE_BUGREPORT); } diff --git a/source4/heimdal/lib/wind/bidi.c b/source4/heimdal/lib/wind/bidi.c new file mode 100644 index 0000000000..fa62989eac --- /dev/null +++ b/source4/heimdal/lib/wind/bidi.c @@ -0,0 +1,92 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "windlocl.h" + +#include + +#include "bidi_table.h" + +static int +range_entry_cmp(const void *a, const void *b) +{ + const struct range_entry *ea = (const struct range_entry*)a; + const struct range_entry *eb = (const struct range_entry*)b; + + if (ea->start >= eb->start && ea->start < eb->start + eb->len) + return 0; + return ea->start - eb->start; +} + +static int +is_ral(uint32_t cp) +{ + struct range_entry ee = {cp}; + void *s = bsearch(&ee, _wind_ral_table, _wind_ral_table_size, + sizeof(_wind_ral_table[0]), + range_entry_cmp); + return s != NULL; +} + +static int +is_l(uint32_t cp) +{ + struct range_entry ee = {cp}; + void *s = bsearch(&ee, _wind_l_table, _wind_l_table_size, + sizeof(_wind_l_table[0]), + range_entry_cmp); + return s != NULL; +} + +int +_wind_stringprep_testbidi(const uint32_t *in, size_t in_len, wind_profile_flags flags) +{ + size_t i; + unsigned ral = 0; + unsigned l = 0; + + if ((flags & (WIND_PROFILE_NAME|WIND_PROFILE_SASL)) == 0) + return 0; + + for (i = 0; i < in_len; ++i) { + ral |= is_ral(in[i]); + l |= is_l(in[i]); + } + if (ral) { + if (l) + return 1; + if (!is_ral(in[0]) || !is_ral(in[in_len - 1])) + return 1; + } + return 0; +} diff --git a/source4/heimdal/lib/wind/bidi_table.c b/source4/heimdal/lib/wind/bidi_table.c new file mode 100644 index 0000000000..34530b933d --- /dev/null +++ b/source4/heimdal/lib/wind/bidi_table.c @@ -0,0 +1,410 @@ +/* bidi_table.c */ +/* Automatically generated at 2008-03-18T11:38:07.839291 */ + + +#include "bidi_table.h" + +const struct range_entry _wind_ral_table[] = { + {0x5be, 1}, + {0x5c0, 1}, + {0x5c3, 1}, + {0x5d0, 0x1b}, + {0x5f0, 0x5}, + {0x61b, 1}, + {0x61f, 1}, + {0x621, 0x1a}, + {0x640, 0xb}, + {0x66d, 0x3}, + {0x671, 0x65}, + {0x6dd, 1}, + {0x6e5, 0x2}, + {0x6fa, 0x5}, + {0x700, 0xe}, + {0x710, 1}, + {0x712, 0x1b}, + {0x780, 0x26}, + {0x7b1, 1}, + {0x200f, 1}, + {0xfb1d, 1}, + {0xfb1f, 0xa}, + {0xfb2a, 0xd}, + {0xfb38, 0x5}, + {0xfb3e, 1}, + {0xfb40, 0x2}, + {0xfb43, 0x2}, + {0xfb46, 0x6c}, + {0xfbd3, 0x16b}, + {0xfd50, 0x40}, + {0xfd92, 0x36}, + {0xfdf0, 0xd}, + {0xfe70, 0x5}, + {0xfe76, 0x87}, +}; + +const size_t _wind_ral_table_size = 34; + +const struct range_entry _wind_l_table[] = { + {0x41, 0x1a}, + {0x61, 0x1a}, + {0xaa, 1}, + {0xb5, 1}, + {0xba, 1}, + {0xc0, 0x17}, + {0xd8, 0x1f}, + {0xf8, 0x129}, + {0x222, 0x12}, + {0x250, 0x5e}, + {0x2b0, 0x9}, + {0x2bb, 0x7}, + {0x2d0, 0x2}, + {0x2e0, 0x5}, + {0x2ee, 1}, + {0x37a, 1}, + {0x386, 1}, + {0x388, 0x3}, + {0x38c, 1}, + {0x38e, 0x14}, + {0x3a3, 0x2c}, + {0x3d0, 0x26}, + {0x400, 0x83}, + {0x48a, 0x45}, + {0x4d0, 0x26}, + {0x4f8, 0x2}, + {0x500, 0x10}, + {0x531, 0x26}, + {0x559, 0x7}, + {0x561, 0x27}, + {0x589, 1}, + {0x903, 1}, + {0x905, 0x35}, + {0x93d, 0x4}, + {0x949, 0x4}, + {0x950, 1}, + {0x958, 0xa}, + {0x964, 0xd}, + {0x982, 0x2}, + {0x985, 0x8}, + {0x98f, 0x2}, + {0x993, 0x16}, + {0x9aa, 0x7}, + {0x9b2, 1}, + {0x9b6, 0x4}, + {0x9be, 0x3}, + {0x9c7, 0x2}, + {0x9cb, 0x2}, + {0x9d7, 1}, + {0x9dc, 0x2}, + {0x9df, 0x3}, + {0x9e6, 0xc}, + {0x9f4, 0x7}, + {0xa05, 0x6}, + {0xa0f, 0x2}, + {0xa13, 0x16}, + {0xa2a, 0x7}, + {0xa32, 0x2}, + {0xa35, 0x2}, + {0xa38, 0x2}, + {0xa3e, 0x3}, + {0xa59, 0x4}, + {0xa5e, 1}, + {0xa66, 0xa}, + {0xa72, 0x3}, + {0xa83, 1}, + {0xa85, 0x7}, + {0xa8d, 1}, + {0xa8f, 0x3}, + {0xa93, 0x16}, + {0xaaa, 0x7}, + {0xab2, 0x2}, + {0xab5, 0x5}, + {0xabd, 0x4}, + {0xac9, 1}, + {0xacb, 0x2}, + {0xad0, 1}, + {0xae0, 1}, + {0xae6, 0xa}, + {0xb02, 0x2}, + {0xb05, 0x8}, + {0xb0f, 0x2}, + {0xb13, 0x16}, + {0xb2a, 0x7}, + {0xb32, 0x2}, + {0xb36, 0x4}, + {0xb3d, 0x2}, + {0xb40, 1}, + {0xb47, 0x2}, + {0xb4b, 0x2}, + {0xb57, 1}, + {0xb5c, 0x2}, + {0xb5f, 0x3}, + {0xb66, 0xb}, + {0xb83, 1}, + {0xb85, 0x6}, + {0xb8e, 0x3}, + {0xb92, 0x4}, + {0xb99, 0x2}, + {0xb9c, 1}, + {0xb9e, 0x2}, + {0xba3, 0x2}, + {0xba8, 0x3}, + {0xbae, 0x8}, + {0xbb7, 0x3}, + {0xbbe, 0x2}, + {0xbc1, 0x2}, + {0xbc6, 0x3}, + {0xbca, 0x3}, + {0xbd7, 1}, + {0xbe7, 0xc}, + {0xc01, 0x3}, + {0xc05, 0x8}, + {0xc0e, 0x3}, + {0xc12, 0x17}, + {0xc2a, 0xa}, + {0xc35, 0x5}, + {0xc41, 0x4}, + {0xc60, 0x2}, + {0xc66, 0xa}, + {0xc82, 0x2}, + {0xc85, 0x8}, + {0xc8e, 0x3}, + {0xc92, 0x17}, + {0xcaa, 0xa}, + {0xcb5, 0x5}, + {0xcbe, 1}, + {0xcc0, 0x5}, + {0xcc7, 0x2}, + {0xcca, 0x2}, + {0xcd5, 0x2}, + {0xcde, 1}, + {0xce0, 0x2}, + {0xce6, 0xa}, + {0xd02, 0x2}, + {0xd05, 0x8}, + {0xd0e, 0x3}, + {0xd12, 0x17}, + {0xd2a, 0x10}, + {0xd3e, 0x3}, + {0xd46, 0x3}, + {0xd4a, 0x3}, + {0xd57, 1}, + {0xd60, 0x2}, + {0xd66, 0xa}, + {0xd82, 0x2}, + {0xd85, 0x12}, + {0xd9a, 0x18}, + {0xdb3, 0x9}, + {0xdbd, 1}, + {0xdc0, 0x7}, + {0xdcf, 0x3}, + {0xdd8, 0x8}, + {0xdf2, 0x3}, + {0xe01, 0x30}, + {0xe32, 0x2}, + {0xe40, 0x7}, + {0xe4f, 0xd}, + {0xe81, 0x2}, + {0xe84, 1}, + {0xe87, 0x2}, + {0xe8a, 1}, + {0xe8d, 1}, + {0xe94, 0x4}, + {0xe99, 0x7}, + {0xea1, 0x3}, + {0xea5, 1}, + {0xea7, 1}, + {0xeaa, 0x2}, + {0xead, 0x4}, + {0xeb2, 0x2}, + {0xebd, 1}, + {0xec0, 0x5}, + {0xec6, 1}, + {0xed0, 0xa}, + {0xedc, 0x2}, + {0xf00, 0x18}, + {0xf1a, 0x1b}, + {0xf36, 1}, + {0xf38, 1}, + {0xf3e, 0xa}, + {0xf49, 0x22}, + {0xf7f, 1}, + {0xf85, 1}, + {0xf88, 0x4}, + {0xfbe, 0x8}, + {0xfc7, 0x6}, + {0xfcf, 1}, + {0x1000, 0x22}, + {0x1023, 0x5}, + {0x1029, 0x2}, + {0x102c, 1}, + {0x1031, 1}, + {0x1038, 1}, + {0x1040, 0x18}, + {0x10a0, 0x26}, + {0x10d0, 0x29}, + {0x10fb, 1}, + {0x1100, 0x5a}, + {0x115f, 0x44}, + {0x11a8, 0x52}, + {0x1200, 0x7}, + {0x1208, 0x3f}, + {0x1248, 1}, + {0x124a, 0x4}, + {0x1250, 0x7}, + {0x1258, 1}, + {0x125a, 0x4}, + {0x1260, 0x27}, + {0x1288, 1}, + {0x128a, 0x4}, + {0x1290, 0x1f}, + {0x12b0, 1}, + {0x12b2, 0x4}, + {0x12b8, 0x7}, + {0x12c0, 1}, + {0x12c2, 0x4}, + {0x12c8, 0x7}, + {0x12d0, 0x7}, + {0x12d8, 0x17}, + {0x12f0, 0x1f}, + {0x1310, 1}, + {0x1312, 0x4}, + {0x1318, 0x7}, + {0x1320, 0x27}, + {0x1348, 0x13}, + {0x1361, 0x1c}, + {0x13a0, 0x55}, + {0x1401, 0x276}, + {0x1681, 0x1a}, + {0x16a0, 0x51}, + {0x1700, 0xd}, + {0x170e, 0x4}, + {0x1720, 0x12}, + {0x1735, 0x2}, + {0x1740, 0x12}, + {0x1760, 0xd}, + {0x176e, 0x3}, + {0x1780, 0x37}, + {0x17be, 0x8}, + {0x17c7, 0x2}, + {0x17d4, 0x7}, + {0x17dc, 1}, + {0x17e0, 0xa}, + {0x1810, 0xa}, + {0x1820, 0x58}, + {0x1880, 0x29}, + {0x1e00, 0x9c}, + {0x1ea0, 0x5a}, + {0x1f00, 0x16}, + {0x1f18, 0x6}, + {0x1f20, 0x26}, + {0x1f48, 0x6}, + {0x1f50, 0x8}, + {0x1f59, 1}, + {0x1f5b, 1}, + {0x1f5d, 1}, + {0x1f5f, 0x1f}, + {0x1f80, 0x35}, + {0x1fb6, 0x7}, + {0x1fbe, 1}, + {0x1fc2, 0x3}, + {0x1fc6, 0x7}, + {0x1fd0, 0x4}, + {0x1fd6, 0x6}, + {0x1fe0, 0xd}, + {0x1ff2, 0x3}, + {0x1ff6, 0x7}, + {0x200e, 1}, + {0x2071, 1}, + {0x207f, 1}, + {0x2102, 1}, + {0x2107, 1}, + {0x210a, 0xa}, + {0x2115, 1}, + {0x2119, 0x5}, + {0x2124, 1}, + {0x2126, 1}, + {0x2128, 1}, + {0x212a, 0x4}, + {0x212f, 0x3}, + {0x2133, 0x7}, + {0x213d, 0x3}, + {0x2145, 0x5}, + {0x2160, 0x24}, + {0x2336, 0x45}, + {0x2395, 1}, + {0x249c, 0x4e}, + {0x3005, 0x3}, + {0x3021, 0x9}, + {0x3031, 0x5}, + {0x3038, 0x5}, + {0x3041, 0x56}, + {0x309d, 0x3}, + {0x30a1, 0x5a}, + {0x30fc, 0x4}, + {0x3105, 0x28}, + {0x3131, 0x5e}, + {0x3190, 0x28}, + {0x31f0, 0x2d}, + {0x3220, 0x24}, + {0x3260, 0x1c}, + {0x327f, 0x32}, + {0x32c0, 0xc}, + {0x32d0, 0x2f}, + {0x3300, 0x77}, + {0x337b, 0x63}, + {0x33e0, 0x1f}, + {0x3400, 0x19b6}, + {0x4e00, 0x51a6}, + {0xa000, 0x48d}, + {0xac00, 0x2ba4}, + {0xd800, 0x222e}, + {0xfa30, 0x3b}, + {0xfb00, 0x7}, + {0xfb13, 0x5}, + {0xff21, 0x1a}, + {0xff41, 0x1a}, + {0xff66, 0x59}, + {0xffc2, 0x6}, + {0xffca, 0x6}, + {0xffd2, 0x6}, + {0xffda, 0x3}, + {0x10300, 0x1f}, + {0x10320, 0x4}, + {0x10330, 0x1b}, + {0x10400, 0x26}, + {0x10428, 0x26}, + {0x1d000, 0xf6}, + {0x1d100, 0x27}, + {0x1d12a, 0x3d}, + {0x1d16a, 0x9}, + {0x1d183, 0x2}, + {0x1d18c, 0x1e}, + {0x1d1ae, 0x30}, + {0x1d400, 0x55}, + {0x1d456, 0x47}, + {0x1d49e, 0x2}, + {0x1d4a2, 1}, + {0x1d4a5, 0x2}, + {0x1d4a9, 0x4}, + {0x1d4ae, 0xc}, + {0x1d4bb, 1}, + {0x1d4bd, 0x4}, + {0x1d4c2, 0x2}, + {0x1d4c5, 0x41}, + {0x1d507, 0x4}, + {0x1d50d, 0x8}, + {0x1d516, 0x7}, + {0x1d51e, 0x1c}, + {0x1d53b, 0x4}, + {0x1d540, 0x5}, + {0x1d546, 1}, + {0x1d54a, 0x7}, + {0x1d552, 0x152}, + {0x1d6a8, 0x122}, + {0x20000, 0xa6d7}, + {0x2f800, 0x21e}, + {0xf0000, 0xfffe}, + {0x100000, 0xfffe}, +}; + +const size_t _wind_l_table_size = 360; + diff --git a/source4/heimdal/lib/wind/bidi_table.h b/source4/heimdal/lib/wind/bidi_table.h new file mode 100644 index 0000000000..2e369f2d9a --- /dev/null +++ b/source4/heimdal/lib/wind/bidi_table.h @@ -0,0 +1,21 @@ +/* bidi_table.h */ +/* Automatically generated at 2008-03-18T11:38:07.839121 */ + +#ifndef BIDI_TABLE_H +#define BIDI_TABLE_H 1 + +#include +#include + +struct range_entry { + uint32_t start; + unsigned len; +}; + +extern const struct range_entry _wind_ral_table[]; +extern const struct range_entry _wind_l_table[]; + +extern const size_t _wind_ral_table_size; +extern const size_t _wind_l_table_size; + +#endif /* BIDI_TABLE_H */ diff --git a/source4/heimdal/lib/wind/combining.c b/source4/heimdal/lib/wind/combining.c new file mode 100644 index 0000000000..8481cab859 --- /dev/null +++ b/source4/heimdal/lib/wind/combining.c @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "windlocl.h" + +#include + +#include "combining_table.h" + +static int +translation_cmp(const void *key, const void *data) +{ + const struct translation *t1 = (const struct translation *)key; + const struct translation *t2 = (const struct translation *)data; + + return t1->key - t2->key; +} + +int +_wind_combining_class(uint32_t code_point) +{ + struct translation ts = {code_point}; + void *s = bsearch(&ts, _wind_combining_table, _wind_combining_table_size, + sizeof(_wind_combining_table[0]), + translation_cmp); + if (s != NULL) { + const struct translation *t = (const struct translation *)s; + return t->combining_class; + } else { + return 0; + } +} diff --git a/source4/heimdal/lib/wind/combining_table.c b/source4/heimdal/lib/wind/combining_table.c new file mode 100644 index 0000000000..7abd1cf76d --- /dev/null +++ b/source4/heimdal/lib/wind/combining_table.c @@ -0,0 +1,362 @@ +/* combining_table.c */ +/* Automatically generated at 2008-03-18T11:38:08.166082 */ + + +#include "combining_table.h" + +const struct translation _wind_combining_table[] = { +{0x300, 230}, /* Mn */ +{0x301, 230}, /* Mn */ +{0x302, 230}, /* Mn */ +{0x303, 230}, /* Mn */ +{0x304, 230}, /* Mn */ +{0x305, 230}, /* Mn */ +{0x306, 230}, /* Mn */ +{0x307, 230}, /* Mn */ +{0x308, 230}, /* Mn */ +{0x309, 230}, /* Mn */ +{0x30a, 230}, /* Mn */ +{0x30b, 230}, /* Mn */ +{0x30c, 230}, /* Mn */ +{0x30d, 230}, /* Mn */ +{0x30e, 230}, /* Mn */ +{0x30f, 230}, /* Mn */ +{0x310, 230}, /* Mn */ +{0x311, 230}, /* Mn */ +{0x312, 230}, /* Mn */ +{0x313, 230}, /* Mn */ +{0x314, 230}, /* Mn */ +{0x315, 232}, /* Mn */ +{0x316, 220}, /* Mn */ +{0x317, 220}, /* Mn */ +{0x318, 220}, /* Mn */ +{0x319, 220}, /* Mn */ +{0x31a, 232}, /* Mn */ +{0x31b, 216}, /* Mn */ +{0x31c, 220}, /* Mn */ +{0x31d, 220}, /* Mn */ +{0x31e, 220}, /* Mn */ +{0x31f, 220}, /* Mn */ +{0x320, 220}, /* Mn */ +{0x321, 202}, /* Mn */ +{0x322, 202}, /* Mn */ +{0x323, 220}, /* Mn */ +{0x324, 220}, /* Mn */ +{0x325, 220}, /* Mn */ +{0x326, 220}, /* Mn */ +{0x327, 202}, /* Mn */ +{0x328, 202}, /* Mn */ +{0x329, 220}, /* Mn */ +{0x32a, 220}, /* Mn */ +{0x32b, 220}, /* Mn */ +{0x32c, 220}, /* Mn */ +{0x32d, 220}, /* Mn */ +{0x32e, 220}, /* Mn */ +{0x32f, 220}, /* Mn */ +{0x330, 220}, /* Mn */ +{0x331, 220}, /* Mn */ +{0x332, 220}, /* Mn */ +{0x333, 220}, /* Mn */ +{0x334, 1}, /* Mn */ +{0x335, 1}, /* Mn */ +{0x336, 1}, /* Mn */ +{0x337, 1}, /* Mn */ +{0x338, 1}, /* Mn */ +{0x339, 220}, /* Mn */ +{0x33a, 220}, /* Mn */ +{0x33b, 220}, /* Mn */ +{0x33c, 220}, /* Mn */ +{0x33d, 230}, /* Mn */ +{0x33e, 230}, /* Mn */ +{0x33f, 230}, /* Mn */ +{0x340, 230}, /* Mn */ +{0x341, 230}, /* Mn */ +{0x342, 230}, /* Mn */ +{0x343, 230}, /* Mn */ +{0x344, 230}, /* Mn */ +{0x345, 240}, /* Mn */ +{0x346, 230}, /* Mn */ +{0x347, 220}, /* Mn */ +{0x348, 220}, /* Mn */ +{0x349, 220}, /* Mn */ +{0x34a, 230}, /* Mn */ +{0x34b, 230}, /* Mn */ +{0x34c, 230}, /* Mn */ +{0x34d, 220}, /* Mn */ +{0x34e, 220}, /* Mn */ +{0x350, 230}, /* Mn */ +{0x351, 230}, /* Mn */ +{0x352, 230}, /* Mn */ +{0x353, 220}, /* Mn */ +{0x354, 220}, /* Mn */ +{0x355, 220}, /* Mn */ +{0x356, 220}, /* Mn */ +{0x357, 230}, /* Mn */ +{0x35d, 234}, /* Mn */ +{0x35e, 234}, /* Mn */ +{0x35f, 233}, /* Mn */ +{0x360, 234}, /* Mn */ +{0x361, 234}, /* Mn */ +{0x362, 233}, /* Mn */ +{0x363, 230}, /* Mn */ +{0x364, 230}, /* Mn */ +{0x365, 230}, /* Mn */ +{0x366, 230}, /* Mn */ +{0x367, 230}, /* Mn */ +{0x368, 230}, /* Mn */ +{0x369, 230}, /* Mn */ +{0x36a, 230}, /* Mn */ +{0x36b, 230}, /* Mn */ +{0x36c, 230}, /* Mn */ +{0x36d, 230}, /* Mn */ +{0x36e, 230}, /* Mn */ +{0x36f, 230}, /* Mn */ +{0x483, 230}, /* Mn */ +{0x484, 230}, /* Mn */ +{0x485, 230}, /* Mn */ +{0x486, 230}, /* Mn */ +{0x591, 220}, /* Mn */ +{0x592, 230}, /* Mn */ +{0x593, 230}, /* Mn */ +{0x594, 230}, /* Mn */ +{0x595, 230}, /* Mn */ +{0x596, 220}, /* Mn */ +{0x597, 230}, /* Mn */ +{0x598, 230}, /* Mn */ +{0x599, 230}, /* Mn */ +{0x59a, 222}, /* Mn */ +{0x59b, 220}, /* Mn */ +{0x59c, 230}, /* Mn */ +{0x59d, 230}, /* Mn */ +{0x59e, 230}, /* Mn */ +{0x59f, 230}, /* Mn */ +{0x5a0, 230}, /* Mn */ +{0x5a1, 230}, /* Mn */ +{0x5a3, 220}, /* Mn */ +{0x5a4, 220}, /* Mn */ +{0x5a5, 220}, /* Mn */ +{0x5a6, 220}, /* Mn */ +{0x5a7, 220}, /* Mn */ +{0x5a8, 230}, /* Mn */ +{0x5a9, 230}, /* Mn */ +{0x5aa, 220}, /* Mn */ +{0x5ab, 230}, /* Mn */ +{0x5ac, 230}, /* Mn */ +{0x5ad, 222}, /* Mn */ +{0x5ae, 228}, /* Mn */ +{0x5af, 230}, /* Mn */ +{0x5b0, 10}, /* Mn */ +{0x5b1, 11}, /* Mn */ +{0x5b2, 12}, /* Mn */ +{0x5b3, 13}, /* Mn */ +{0x5b4, 14}, /* Mn */ +{0x5b5, 15}, /* Mn */ +{0x5b6, 16}, /* Mn */ +{0x5b7, 17}, /* Mn */ +{0x5b8, 18}, /* Mn */ +{0x5b9, 19}, /* Mn */ +{0x5bb, 20}, /* Mn */ +{0x5bc, 21}, /* Mn */ +{0x5bd, 22}, /* Mn */ +{0x5bf, 23}, /* Mn */ +{0x5c1, 24}, /* Mn */ +{0x5c2, 25}, /* Mn */ +{0x5c4, 230}, /* Mn */ +{0x610, 230}, /* Mn */ +{0x611, 230}, /* Mn */ +{0x612, 230}, /* Mn */ +{0x613, 230}, /* Mn */ +{0x614, 230}, /* Mn */ +{0x615, 230}, /* Mn */ +{0x64b, 27}, /* Mn */ +{0x64c, 28}, /* Mn */ +{0x64d, 29}, /* Mn */ +{0x64e, 30}, /* Mn */ +{0x64f, 31}, /* Mn */ +{0x650, 32}, /* Mn */ +{0x651, 33}, /* Mn */ +{0x652, 34}, /* Mn */ +{0x653, 230}, /* Mn */ +{0x654, 230}, /* Mn */ +{0x655, 220}, /* Mn */ +{0x656, 220}, /* Mn */ +{0x657, 230}, /* Mn */ +{0x658, 230}, /* Mn */ +{0x670, 35}, /* Mn */ +{0x6d6, 230}, /* Mn */ +{0x6d7, 230}, /* Mn */ +{0x6d8, 230}, /* Mn */ +{0x6d9, 230}, /* Mn */ +{0x6da, 230}, /* Mn */ +{0x6db, 230}, /* Mn */ +{0x6dc, 230}, /* Mn */ +{0x6df, 230}, /* Mn */ +{0x6e0, 230}, /* Mn */ +{0x6e1, 230}, /* Mn */ +{0x6e2, 230}, /* Mn */ +{0x6e3, 220}, /* Mn */ +{0x6e4, 230}, /* Mn */ +{0x6e7, 230}, /* Mn */ +{0x6e8, 230}, /* Mn */ +{0x6ea, 220}, /* Mn */ +{0x6eb, 230}, /* Mn */ +{0x6ec, 230}, /* Mn */ +{0x6ed, 220}, /* Mn */ +{0x711, 36}, /* Mn */ +{0x730, 230}, /* Mn */ +{0x731, 220}, /* Mn */ +{0x732, 230}, /* Mn */ +{0x733, 230}, /* Mn */ +{0x734, 220}, /* Mn */ +{0x735, 230}, /* Mn */ +{0x736, 230}, /* Mn */ +{0x737, 220}, /* Mn */ +{0x738, 220}, /* Mn */ +{0x739, 220}, /* Mn */ +{0x73a, 230}, /* Mn */ +{0x73b, 220}, /* Mn */ +{0x73c, 220}, /* Mn */ +{0x73d, 230}, /* Mn */ +{0x73e, 220}, /* Mn */ +{0x73f, 230}, /* Mn */ +{0x740, 230}, /* Mn */ +{0x741, 230}, /* Mn */ +{0x742, 220}, /* Mn */ +{0x743, 230}, /* Mn */ +{0x744, 220}, /* Mn */ +{0x745, 230}, /* Mn */ +{0x746, 220}, /* Mn */ +{0x747, 230}, /* Mn */ +{0x748, 220}, /* Mn */ +{0x749, 230}, /* Mn */ +{0x74a, 230}, /* Mn */ +{0x93c, 7}, /* Mn */ +{0x94d, 9}, /* Mn */ +{0x951, 230}, /* Mn */ +{0x952, 220}, /* Mn */ +{0x953, 230}, /* Mn */ +{0x954, 230}, /* Mn */ +{0x9bc, 7}, /* Mn */ +{0x9cd, 9}, /* Mn */ +{0xa3c, 7}, /* Mn */ +{0xa4d, 9}, /* Mn */ +{0xabc, 7}, /* Mn */ +{0xacd, 9}, /* Mn */ +{0xb3c, 7}, /* Mn */ +{0xb4d, 9}, /* Mn */ +{0xbcd, 9}, /* Mn */ +{0xc4d, 9}, /* Mn */ +{0xc55, 84}, /* Mn */ +{0xc56, 91}, /* Mn */ +{0xcbc, 7}, /* Mn */ +{0xccd, 9}, /* Mn */ +{0xd4d, 9}, /* Mn */ +{0xdca, 9}, /* Mn */ +{0xe38, 103}, /* Mn */ +{0xe39, 103}, /* Mn */ +{0xe3a, 9}, /* Mn */ +{0xe48, 107}, /* Mn */ +{0xe49, 107}, /* Mn */ +{0xe4a, 107}, /* Mn */ +{0xe4b, 107}, /* Mn */ +{0xeb8, 118}, /* Mn */ +{0xeb9, 118}, /* Mn */ +{0xec8, 122}, /* Mn */ +{0xec9, 122}, /* Mn */ +{0xeca, 122}, /* Mn */ +{0xecb, 122}, /* Mn */ +{0xf18, 220}, /* Mn */ +{0xf19, 220}, /* Mn */ +{0xf35, 220}, /* Mn */ +{0xf37, 220}, /* Mn */ +{0xf39, 216}, /* Mn */ +{0xf71, 129}, /* Mn */ +{0xf72, 130}, /* Mn */ +{0xf74, 132}, /* Mn */ +{0xf7a, 130}, /* Mn */ +{0xf7b, 130}, /* Mn */ +{0xf7c, 130}, /* Mn */ +{0xf7d, 130}, /* Mn */ +{0xf80, 130}, /* Mn */ +{0xf82, 230}, /* Mn */ +{0xf83, 230}, /* Mn */ +{0xf84, 9}, /* Mn */ +{0xf86, 230}, /* Mn */ +{0xf87, 230}, /* Mn */ +{0xfc6, 220}, /* Mn */ +{0x1037, 7}, /* Mn */ +{0x1039, 9}, /* Mn */ +{0x1714, 9}, /* Mn */ +{0x1734, 9}, /* Mn */ +{0x17d2, 9}, /* Mn */ +{0x17dd, 230}, /* Mn */ +{0x18a9, 228}, /* Mn */ +{0x1939, 222}, /* Mn */ +{0x193a, 230}, /* Mn */ +{0x193b, 220}, /* Mn */ +{0x20d0, 230}, /* Mn */ +{0x20d1, 230}, /* Mn */ +{0x20d2, 1}, /* Mn */ +{0x20d3, 1}, /* Mn */ +{0x20d4, 230}, /* Mn */ +{0x20d5, 230}, /* Mn */ +{0x20d6, 230}, /* Mn */ +{0x20d7, 230}, /* Mn */ +{0x20d8, 1}, /* Mn */ +{0x20d9, 1}, /* Mn */ +{0x20da, 1}, /* Mn */ +{0x20db, 230}, /* Mn */ +{0x20dc, 230}, /* Mn */ +{0x20e1, 230}, /* Mn */ +{0x20e5, 1}, /* Mn */ +{0x20e6, 1}, /* Mn */ +{0x20e7, 230}, /* Mn */ +{0x20e8, 220}, /* Mn */ +{0x20e9, 230}, /* Mn */ +{0x20ea, 1}, /* Mn */ +{0x302a, 218}, /* Mn */ +{0x302b, 228}, /* Mn */ +{0x302c, 232}, /* Mn */ +{0x302d, 222}, /* Mn */ +{0x302e, 224}, /* Mn */ +{0x302f, 224}, /* Mn */ +{0x3099, 8}, /* Mn */ +{0x309a, 8}, /* Mn */ +{0xfb1e, 26}, /* Mn */ +{0xfe20, 230}, /* Mn */ +{0xfe21, 230}, /* Mn */ +{0xfe22, 230}, /* Mn */ +{0xfe23, 230}, /* Mn */ +{0x1d165, 216}, /* Mc */ +{0x1d166, 216}, /* Mc */ +{0x1d167, 1}, /* Mn */ +{0x1d168, 1}, /* Mn */ +{0x1d169, 1}, /* Mn */ +{0x1d16d, 226}, /* Mc */ +{0x1d16e, 216}, /* Mc */ +{0x1d16f, 216}, /* Mc */ +{0x1d170, 216}, /* Mc */ +{0x1d171, 216}, /* Mc */ +{0x1d172, 216}, /* Mc */ +{0x1d17b, 220}, /* Mn */ +{0x1d17c, 220}, /* Mn */ +{0x1d17d, 220}, /* Mn */ +{0x1d17e, 220}, /* Mn */ +{0x1d17f, 220}, /* Mn */ +{0x1d180, 220}, /* Mn */ +{0x1d181, 220}, /* Mn */ +{0x1d182, 220}, /* Mn */ +{0x1d185, 230}, /* Mn */ +{0x1d186, 230}, /* Mn */ +{0x1d187, 230}, /* Mn */ +{0x1d188, 230}, /* Mn */ +{0x1d189, 230}, /* Mn */ +{0x1d18a, 220}, /* Mn */ +{0x1d18b, 220}, /* Mn */ +{0x1d1aa, 230}, /* Mn */ +{0x1d1ab, 230}, /* Mn */ +{0x1d1ac, 230}, /* Mn */ +{0x1d1ad, 230}, /* Mn */ + +}; +const size_t _wind_combining_table_size = 352; diff --git a/source4/heimdal/lib/wind/combining_table.h b/source4/heimdal/lib/wind/combining_table.h new file mode 100644 index 0000000000..000af13ea8 --- /dev/null +++ b/source4/heimdal/lib/wind/combining_table.h @@ -0,0 +1,18 @@ +/* combining_table.h */ +/* Automatically generated at 2008-03-18T11:38:08.165877 */ + +#ifndef COMBINING_TABLE_H +#define COMBINING_TABLE_H 1 + +#include +#include + +struct translation { + uint32_t key; + unsigned combining_class; +}; + +extern const struct translation _wind_combining_table[]; + +extern const size_t _wind_combining_table_size; +#endif /* COMBINING_TABLE_H */ diff --git a/source4/heimdal/lib/wind/errorlist.c b/source4/heimdal/lib/wind/errorlist.c new file mode 100644 index 0000000000..9a65338cd2 --- /dev/null +++ b/source4/heimdal/lib/wind/errorlist.c @@ -0,0 +1,77 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "windlocl.h" + +#include + +#include "errorlist_table.h" + +static int +error_entry_cmp(const void *a, const void *b) +{ + const struct error_entry *ea = (const struct error_entry*)a; + const struct error_entry *eb = (const struct error_entry*)b; + + if (ea->start >= eb->start && ea->start < eb->start + eb->len) + return 0; + return ea->start - eb->start; +} + +int +_wind_stringprep_error(uint32_t cp, wind_profile_flags flags) +{ + struct error_entry ee = {cp}; + const struct error_entry *s; + + s = (const struct error_entry *) + bsearch(&ee, _wind_errorlist_table, + _wind_errorlist_table_size, + sizeof(_wind_errorlist_table[0]), + error_entry_cmp); + if (s == NULL) + return 0; + return (s->flags & flags); +} + +int +_wind_stringprep_prohibited(const uint32_t *in, size_t in_len, + wind_profile_flags flags) +{ + unsigned i; + + for (i = 0; i < in_len; ++i) + if (_wind_stringprep_error(in[i], flags)) + return 1; + return 0; +} diff --git a/source4/heimdal/lib/wind/errorlist_table.c b/source4/heimdal/lib/wind/errorlist_table.c new file mode 100644 index 0000000000..5d5d8caaf2 --- /dev/null +++ b/source4/heimdal/lib/wind/errorlist_table.c @@ -0,0 +1,88 @@ +/* errorlist_table.c */ +/* Automatically generated at 2008-03-18T11:38:08.266475 */ + + +#include "errorlist_table.h" + +const struct error_entry _wind_errorlist_table[] = { + {0x0, 0x20, WIND_PROFILE_SASL}, /* C.2.1: [CONTROL CHARACTERS] */ + {0x7f, 0x1, WIND_PROFILE_SASL}, /* C.2.1: DELETE */ + {0x80, 0x20, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: [CONTROL CHARACTERS] */ + {0xa0, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: NO-BREAK SPACE */ + {0x340, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: COMBINING GRAVE TONE MARK */ + {0x341, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: COMBINING ACUTE TONE MARK */ + {0x6dd, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: ARABIC END OF AYAH */ + {0x70f, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: SYRIAC ABBREVIATION MARK */ + {0x1680, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: OGHAM SPACE MARK */ + {0x180e, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: MONGOLIAN VOWEL SEPARATOR */ + {0x2000, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: EN QUAD */ + {0x2001, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: EM QUAD */ + {0x2002, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: EN SPACE */ + {0x2003, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: EM SPACE */ + {0x2004, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: THREE-PER-EM SPACE */ + {0x2005, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: FOUR-PER-EM SPACE */ + {0x2006, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: SIX-PER-EM SPACE */ + {0x2007, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: FIGURE SPACE */ + {0x2008, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: PUNCTUATION SPACE */ + {0x2009, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: THIN SPACE */ + {0x200a, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: HAIR SPACE */ + {0x200b, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: ZERO WIDTH SPACE */ + {0x200c, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: ZERO WIDTH NON-JOINER */ + {0x200d, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: ZERO WIDTH JOINER */ + {0x200e, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: LEFT-TO-RIGHT MARK */ + {0x200f, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: RIGHT-TO-LEFT MARK */ + {0x2028, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: LINE SEPARATOR */ + {0x2029, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: PARAGRAPH SEPARATOR */ + {0x202a, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: LEFT-TO-RIGHT EMBEDDING */ + {0x202b, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: RIGHT-TO-LEFT EMBEDDING */ + {0x202c, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: POP DIRECTIONAL FORMATTING */ + {0x202d, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: LEFT-TO-RIGHT OVERRIDE */ + {0x202e, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: RIGHT-TO-LEFT OVERRIDE */ + {0x202f, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: NARROW NO-BREAK SPACE */ + {0x205f, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: MEDIUM MATHEMATICAL SPACE */ + {0x2060, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: WORD JOINER */ + {0x2061, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: FUNCTION APPLICATION */ + {0x2062, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: INVISIBLE TIMES */ + {0x2063, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: INVISIBLE SEPARATOR */ + {0x206a, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL|WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.8,C.2.2: INHIBIT SYMMETRIC SWAPPING */ + {0x206b, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: ACTIVATE SYMMETRIC SWAPPING */ + {0x206c, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: INHIBIT ARABIC FORM SHAPING */ + {0x206d, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: ACTIVATE ARABIC FORM SHAPING */ + {0x206e, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: NATIONAL DIGIT SHAPES */ + {0x206f, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: NOMINAL DIGIT SHAPES */ + {0x2ff0, 0xc, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.7: [IDEOGRAPHIC DESCRIPTION CHARACTERS] */ + {0x3000, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: IDEOGRAPHIC SPACE */ + {0xd800, 0x800, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.5: [SURROGATE CODES] */ + {0xe000, 0x1900, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.3: [PRIVATE USE, PLANE 0] */ + {0xfdd0, 0x20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0xfeff, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: ZERO WIDTH NO-BREAK SPACE */ + {0xfff9, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.6,C.2.2: INTERLINEAR ANNOTATION ANCHOR */ + {0xfffa, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.6: INTERLINEAR ANNOTATION SEPARATOR */ + {0xfffb, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.6: INTERLINEAR ANNOTATION TERMINATOR */ + {0xfffc, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.6: OBJECT REPLACEMENT CHARACTER */ + {0xfffd, 0x1, WIND_PROFILE_LDAP|WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* rfc4518-error,C.6: */ + {0xfffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0x1d173, 0x8, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: [MUSICAL CONTROL CHARACTERS] */ + {0x1fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0x2fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0x3fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0x4fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0x5fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0x6fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0x7fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0x8fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0x9fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0xafffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0xbfffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0xcfffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0xdfffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0xe0001, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.9: LANGUAGE TAG */ + {0xe0020, 0x60, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.9: [TAGGING CHARACTERS] */ + {0xefffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0xf0000, 0xfffe, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.3: [PRIVATE USE, PLANE 15] */ + {0xffffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ + {0x100000, 0xfffe, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.3: [PRIVATE USE, PLANE 16] */ + {0x10fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ +}; + +const size_t _wind_errorlist_table_size = 78; diff --git a/source4/heimdal/lib/wind/errorlist_table.h b/source4/heimdal/lib/wind/errorlist_table.h new file mode 100644 index 0000000000..5fc9ddbf04 --- /dev/null +++ b/source4/heimdal/lib/wind/errorlist_table.h @@ -0,0 +1,19 @@ +/* errorlist_table.h */ +/* Automatically generated at 2008-03-18T11:38:08.266305 */ + +#ifndef ERRORLIST_TABLE_H +#define ERRORLIST_TABLE_H 1 + +#include "windlocl.h" + +struct error_entry { + uint32_t start; + unsigned len; + wind_profile_flags flags; +}; + +extern const struct error_entry _wind_errorlist_table[]; + +extern const size_t _wind_errorlist_table_size; + +#endif /* ERRORLIST_TABLE_H */ diff --git a/source4/heimdal/lib/wind/ldap.c b/source4/heimdal/lib/wind/ldap.c new file mode 100644 index 0000000000..1ff681fc31 --- /dev/null +++ b/source4/heimdal/lib/wind/ldap.c @@ -0,0 +1,91 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "windlocl.h" +#include + +static int +put_char(uint32_t *out, size_t *o, uint32_t c, size_t out_len) +{ + if (*o >= out_len) + return 1; + out[*o] = c; + (*o)++; + return 0; +} + +int +_wind_ldap_case_exact_attribute(const uint32_t *tmp, + size_t olen, + uint32_t *out, + size_t *out_len) +{ + size_t o = 0, i = 0; + + if (olen == 0) { + *out_len = 0; + return 0; + } + + if (put_char(out, &o, 0x20, *out_len)) + return WIND_ERR_OVERRUN; + while(i < olen && tmp[i] == 0x20) /* skip initial spaces */ + i++; + + while (i < olen) { + if (tmp[i] == 0x20) { + if (put_char(out, &o, 0x20, *out_len) || + put_char(out, &o, 0x20, *out_len)) + return WIND_ERR_OVERRUN; + while(i < olen && tmp[i] == 0x20) /* skip middle spaces */ + i++; + } else { + if (put_char(out, &o, tmp[i++], *out_len)) + return WIND_ERR_OVERRUN; + } + } + assert(o > 0); + + /* only one spaces at the end */ + if (o == 1 && out[0] == 0x20) + o = 0; + else if (out[o - 1] == 0x20) { + if (out[o - 2] == 0x20) + o--; + } else + put_char(out, &o, 0x20, *out_len); + + *out_len = o; + + return 0; +} diff --git a/source4/heimdal/lib/wind/map.c b/source4/heimdal/lib/wind/map.c new file mode 100644 index 0000000000..ae6d10e512 --- /dev/null +++ b/source4/heimdal/lib/wind/map.c @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include "windlocl.h" + +#include + +#include "map_table.h" + +RCSID("$Id: map.c 22556 2008-02-01 16:38:46Z lha $"); + +static int +translation_cmp(const void *key, const void *data) +{ + const struct translation *t1 = (const struct translation *)key; + const struct translation *t2 = (const struct translation *)data; + + return t1->key - t2->key; +} + +int +_wind_stringprep_map(const uint32_t *in, size_t in_len, + uint32_t *out, size_t *out_len, + wind_profile_flags flags) +{ + unsigned i; + unsigned o = 0; + + for (i = 0; i < in_len; ++i) { + struct translation ts = {in[i]}; + const struct translation *s; + + s = (const struct translation *) + bsearch(&ts, _wind_map_table, _wind_map_table_size, + sizeof(_wind_map_table[0]), + translation_cmp); + if (s != NULL && (s->flags & flags)) { + unsigned j; + + for (j = 0; j < s->val_len; ++j) { + if (o >= *out_len) + return WIND_ERR_OVERRUN; + out[o++] = _wind_map_table_val[s->val_offset + j]; + } + } else { + if (o >= *out_len) + return WIND_ERR_OVERRUN; + out[o++] = in[i]; + + } + } + *out_len = o; + return 0; +} diff --git a/source4/heimdal/lib/wind/map_table.c b/source4/heimdal/lib/wind/map_table.c new file mode 100644 index 0000000000..e4dba94ea6 --- /dev/null +++ b/source4/heimdal/lib/wind/map_table.c @@ -0,0 +1,2613 @@ +/* map_table.c */ +/* Automatically generated at 2008-03-18T11:38:08.353797 */ + + +#include "map_table.h" + +const struct translation _wind_map_table[] = { + {0x0, 0, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x1, 0, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x2, 0, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x3, 0, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x4, 0, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x5, 0, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x6, 0, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x7, 0, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x9, 1, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0xa, 1, 1, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0xb, 1, 2, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0xc, 1, 3, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0xd, 1, 4, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0xe, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xf, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x10, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x11, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x12, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x13, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x14, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x15, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x16, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x17, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x18, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x19, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x1a, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x1b, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x1c, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x1d, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x1e, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x20, 1, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x41, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x42, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x43, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x44, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x45, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x46, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x47, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x48, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x49, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4a, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4b, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4c, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4d, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4e, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4f, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x50, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x51, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x52, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x53, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x54, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x55, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x56, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x57, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x58, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x59, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x5a, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x7f, 0, 32, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x80, 0, 32, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x81, 0, 32, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x82, 0, 32, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x83, 0, 32, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x85, 1, 32, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x86, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x87, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x88, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x89, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x8a, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x8b, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x8c, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x8d, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x8e, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x8f, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x90, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x91, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x92, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x93, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x94, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x95, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x96, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x97, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x98, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x99, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x9a, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x9b, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x9c, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x9d, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x9e, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xa0, 1, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0xad, 0, 34, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xb5, 1, 34, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xc0, 1, 35, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xc1, 1, 36, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xc2, 1, 37, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xc3, 1, 38, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xc4, 1, 39, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xc5, 1, 40, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xc6, 1, 41, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xc7, 1, 42, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xc8, 1, 43, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xc9, 1, 44, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xca, 1, 45, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xcb, 1, 46, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xcc, 1, 47, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xcd, 1, 48, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xce, 1, 49, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xcf, 1, 50, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xd0, 1, 51, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xd1, 1, 52, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xd2, 1, 53, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xd3, 1, 54, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xd4, 1, 55, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xd5, 1, 56, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xd6, 1, 57, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xd8, 1, 58, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xd9, 1, 59, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xda, 1, 60, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xdb, 1, 61, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xdc, 1, 62, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xdd, 1, 63, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xde, 1, 64, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xdf, 2, 65, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x100, 1, 67, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x102, 1, 68, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x104, 1, 69, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x106, 1, 70, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x108, 1, 71, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10a, 1, 72, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10c, 1, 73, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10e, 1, 74, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x110, 1, 75, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x112, 1, 76, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x114, 1, 77, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x116, 1, 78, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x118, 1, 79, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x11a, 1, 80, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x11c, 1, 81, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x11e, 1, 82, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x120, 1, 83, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x122, 1, 84, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x124, 1, 85, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x126, 1, 86, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x128, 1, 87, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x12a, 1, 88, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x12c, 1, 89, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x12e, 1, 90, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x130, 2, 91, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x132, 1, 93, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x134, 1, 94, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x136, 1, 95, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x139, 1, 96, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x13b, 1, 97, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x13d, 1, 98, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x13f, 1, 99, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x141, 1, 100, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x143, 1, 101, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x145, 1, 102, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x147, 1, 103, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x149, 2, 104, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x14a, 1, 106, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x14c, 1, 107, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x14e, 1, 108, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x150, 1, 109, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x152, 1, 110, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x154, 1, 111, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x156, 1, 112, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x158, 1, 113, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x15a, 1, 114, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x15c, 1, 115, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x15e, 1, 116, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x160, 1, 117, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x162, 1, 118, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x164, 1, 119, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x166, 1, 120, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x168, 1, 121, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x16a, 1, 122, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x16c, 1, 123, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x16e, 1, 124, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x170, 1, 125, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x172, 1, 126, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x174, 1, 127, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x176, 1, 128, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x178, 1, 129, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x179, 1, 130, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x17b, 1, 131, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x17d, 1, 132, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x17f, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x181, 1, 133, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x182, 1, 134, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x184, 1, 135, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x186, 1, 136, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x187, 1, 137, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x189, 1, 138, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x18a, 1, 139, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x18b, 1, 140, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x18e, 1, 141, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x18f, 1, 142, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x190, 1, 143, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x191, 1, 144, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x193, 1, 145, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x194, 1, 146, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x196, 1, 147, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x197, 1, 148, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x198, 1, 149, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x19c, 1, 150, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x19d, 1, 151, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x19f, 1, 152, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1a0, 1, 153, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1a2, 1, 154, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1a4, 1, 155, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1a6, 1, 156, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1a7, 1, 157, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1a9, 1, 158, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ac, 1, 159, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ae, 1, 160, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1af, 1, 161, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1b1, 1, 162, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1b2, 1, 163, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1b3, 1, 164, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1b5, 1, 165, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1b7, 1, 166, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1b8, 1, 167, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1bc, 1, 168, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1c4, 1, 169, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1c5, 1, 169, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1c7, 1, 170, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1c8, 1, 170, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ca, 1, 171, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1cb, 1, 171, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1cd, 1, 172, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1cf, 1, 173, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1d1, 1, 174, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1d3, 1, 175, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1d5, 1, 176, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1d7, 1, 177, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1d9, 1, 178, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1db, 1, 179, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1de, 1, 180, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e0, 1, 181, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e2, 1, 182, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e4, 1, 183, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e6, 1, 184, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e8, 1, 185, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ea, 1, 186, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ec, 1, 187, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ee, 1, 188, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f0, 2, 189, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f1, 1, 191, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f2, 1, 191, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f4, 1, 192, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f6, 1, 193, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f7, 1, 194, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f8, 1, 195, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fa, 1, 196, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fc, 1, 197, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fe, 1, 198, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x200, 1, 199, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x202, 1, 200, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x204, 1, 201, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x206, 1, 202, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x208, 1, 203, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x20a, 1, 204, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x20c, 1, 205, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x20e, 1, 206, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x210, 1, 207, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x212, 1, 208, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x214, 1, 209, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x216, 1, 210, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x218, 1, 211, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x21a, 1, 212, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x21c, 1, 213, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x21e, 1, 214, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x220, 1, 215, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x222, 1, 216, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x224, 1, 217, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x226, 1, 218, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x228, 1, 219, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x22a, 1, 220, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x22c, 1, 221, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x22e, 1, 222, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x230, 1, 223, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x232, 1, 224, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x345, 1, 225, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x34f, 0, 226, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0x37a, 2, 226, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x386, 1, 228, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x388, 1, 229, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x389, 1, 230, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x38a, 1, 231, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x38c, 1, 232, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x38e, 1, 233, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x38f, 1, 234, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x390, 3, 235, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x391, 1, 238, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x392, 1, 239, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x393, 1, 240, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x394, 1, 241, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x395, 1, 242, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x396, 1, 243, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x397, 1, 244, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x398, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x399, 1, 225, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x39a, 1, 246, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x39b, 1, 247, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x39c, 1, 34, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x39d, 1, 248, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x39e, 1, 249, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x39f, 1, 250, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3a0, 1, 251, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3a1, 1, 252, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3a3, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3a4, 1, 254, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3a5, 1, 255, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3a6, 1, 256, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3a7, 1, 257, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3a8, 1, 258, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3a9, 1, 259, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3aa, 1, 260, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3ab, 1, 261, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3b0, 3, 262, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3c2, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3d0, 1, 239, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3d1, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3d2, 1, 255, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3d3, 1, 233, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3d4, 1, 261, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3d5, 1, 256, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3d6, 1, 251, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3d8, 1, 265, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3da, 1, 266, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3dc, 1, 267, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3de, 1, 268, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3e0, 1, 269, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3e2, 1, 270, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3e4, 1, 271, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3e6, 1, 272, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3e8, 1, 273, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3ea, 1, 274, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3ec, 1, 275, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3ee, 1, 276, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3f0, 1, 246, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3f1, 1, 252, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3f2, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3f4, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3f5, 1, 242, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x400, 1, 277, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x401, 1, 278, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x402, 1, 279, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x403, 1, 280, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x404, 1, 281, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x405, 1, 282, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x406, 1, 283, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x407, 1, 284, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x408, 1, 285, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x409, 1, 286, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x40a, 1, 287, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x40b, 1, 288, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x40c, 1, 289, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x40d, 1, 290, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x40e, 1, 291, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x40f, 1, 292, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x410, 1, 293, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x411, 1, 294, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x412, 1, 295, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x413, 1, 296, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x414, 1, 297, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x415, 1, 298, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x416, 1, 299, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x417, 1, 300, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x418, 1, 301, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x419, 1, 302, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x41a, 1, 303, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x41b, 1, 304, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x41c, 1, 305, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x41d, 1, 306, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x41e, 1, 307, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x41f, 1, 308, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x420, 1, 309, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x421, 1, 310, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x422, 1, 311, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x423, 1, 312, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x424, 1, 313, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x425, 1, 314, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x426, 1, 315, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x427, 1, 316, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x428, 1, 317, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x429, 1, 318, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x42a, 1, 319, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x42b, 1, 320, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x42c, 1, 321, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x42d, 1, 322, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x42e, 1, 323, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x42f, 1, 324, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x460, 1, 325, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x462, 1, 326, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x464, 1, 327, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x466, 1, 328, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x468, 1, 329, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x46a, 1, 330, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x46c, 1, 331, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x46e, 1, 332, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x470, 1, 333, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x472, 1, 334, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x474, 1, 335, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x476, 1, 336, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x478, 1, 337, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x47a, 1, 338, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x47c, 1, 339, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x47e, 1, 340, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x480, 1, 341, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x48a, 1, 342, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x48c, 1, 343, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x48e, 1, 344, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x490, 1, 345, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x492, 1, 346, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x494, 1, 347, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x496, 1, 348, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x498, 1, 349, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x49a, 1, 350, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x49c, 1, 351, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x49e, 1, 352, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4a0, 1, 353, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4a2, 1, 354, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4a4, 1, 355, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4a6, 1, 356, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4a8, 1, 357, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4aa, 1, 358, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4ac, 1, 359, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4ae, 1, 360, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4b0, 1, 361, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4b2, 1, 362, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4b4, 1, 363, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4b6, 1, 364, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4b8, 1, 365, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4ba, 1, 366, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4bc, 1, 367, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4be, 1, 368, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4c1, 1, 369, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4c3, 1, 370, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4c5, 1, 371, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4c7, 1, 372, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4c9, 1, 373, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4cb, 1, 374, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4cd, 1, 375, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4d0, 1, 376, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4d2, 1, 377, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4d4, 1, 378, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4d6, 1, 379, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4d8, 1, 380, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4da, 1, 381, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4dc, 1, 382, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4de, 1, 383, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4e0, 1, 384, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4e2, 1, 385, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4e4, 1, 386, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4e6, 1, 387, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4e8, 1, 388, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4ea, 1, 389, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4ec, 1, 390, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4ee, 1, 391, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4f0, 1, 392, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4f2, 1, 393, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4f4, 1, 394, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x4f8, 1, 395, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x500, 1, 396, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x502, 1, 397, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x504, 1, 398, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x506, 1, 399, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x508, 1, 400, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x50a, 1, 401, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x50c, 1, 402, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x50e, 1, 403, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x531, 1, 404, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x532, 1, 405, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x533, 1, 406, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x534, 1, 407, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x535, 1, 408, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x536, 1, 409, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x537, 1, 410, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x538, 1, 411, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x539, 1, 412, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x53a, 1, 413, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x53b, 1, 414, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x53c, 1, 415, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x53d, 1, 416, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x53e, 1, 417, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x53f, 1, 418, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x540, 1, 419, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x541, 1, 420, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x542, 1, 421, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x543, 1, 422, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x544, 1, 423, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x545, 1, 424, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x546, 1, 425, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x547, 1, 426, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x548, 1, 427, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x549, 1, 428, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x54a, 1, 429, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x54b, 1, 430, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x54c, 1, 431, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x54d, 1, 432, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x54e, 1, 433, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x54f, 1, 434, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x550, 1, 435, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x551, 1, 436, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x552, 1, 437, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x553, 1, 438, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x554, 1, 439, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x555, 1, 440, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x556, 1, 441, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x587, 2, 442, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x6dd, 0, 444, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x70f, 0, 444, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x1680, 1, 444, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x1806, 0, 445, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0x180b, 0, 445, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0x180c, 0, 445, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0x180d, 0, 445, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0x180e, 0, 445, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x1e00, 1, 445, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e02, 1, 446, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e04, 1, 447, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e06, 1, 448, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e08, 1, 449, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e0a, 1, 450, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e0c, 1, 451, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e0e, 1, 452, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e10, 1, 453, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e12, 1, 454, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e14, 1, 455, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e16, 1, 456, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e18, 1, 457, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e1a, 1, 458, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e1c, 1, 459, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e1e, 1, 460, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e20, 1, 461, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e22, 1, 462, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e24, 1, 463, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e26, 1, 464, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e28, 1, 465, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e2a, 1, 466, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e2c, 1, 467, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e2e, 1, 468, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e30, 1, 469, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e32, 1, 470, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e34, 1, 471, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e36, 1, 472, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e38, 1, 473, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e3a, 1, 474, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e3c, 1, 475, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e3e, 1, 476, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e40, 1, 477, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e42, 1, 478, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e44, 1, 479, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e46, 1, 480, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e48, 1, 481, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e4a, 1, 482, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e4c, 1, 483, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e4e, 1, 484, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e50, 1, 485, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e52, 1, 486, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e54, 1, 487, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e56, 1, 488, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e58, 1, 489, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e5a, 1, 490, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e5c, 1, 491, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e5e, 1, 492, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e60, 1, 493, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e62, 1, 494, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e64, 1, 495, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e66, 1, 496, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e68, 1, 497, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e6a, 1, 498, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e6c, 1, 499, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e6e, 1, 500, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e70, 1, 501, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e72, 1, 502, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e74, 1, 503, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e76, 1, 504, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e78, 1, 505, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e7a, 1, 506, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e7c, 1, 507, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e7e, 1, 508, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e80, 1, 509, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e82, 1, 510, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e84, 1, 511, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e86, 1, 512, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e88, 1, 513, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e8a, 1, 514, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e8c, 1, 515, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e8e, 1, 516, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e90, 1, 517, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e92, 1, 518, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e94, 1, 519, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e96, 2, 520, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e97, 2, 522, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e98, 2, 524, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e99, 2, 526, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e9a, 2, 528, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1e9b, 1, 493, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ea0, 1, 530, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ea2, 1, 531, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ea4, 1, 532, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ea6, 1, 533, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ea8, 1, 534, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1eaa, 1, 535, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1eac, 1, 536, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1eae, 1, 537, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1eb0, 1, 538, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1eb2, 1, 539, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1eb4, 1, 540, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1eb6, 1, 541, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1eb8, 1, 542, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1eba, 1, 543, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ebc, 1, 544, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ebe, 1, 545, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ec0, 1, 546, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ec2, 1, 547, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ec4, 1, 548, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ec6, 1, 549, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ec8, 1, 550, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1eca, 1, 551, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ecc, 1, 552, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ece, 1, 553, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ed0, 1, 554, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ed2, 1, 555, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ed4, 1, 556, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ed6, 1, 557, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ed8, 1, 558, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1eda, 1, 559, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1edc, 1, 560, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ede, 1, 561, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ee0, 1, 562, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ee2, 1, 563, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ee4, 1, 564, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ee6, 1, 565, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ee8, 1, 566, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1eea, 1, 567, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1eec, 1, 568, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1eee, 1, 569, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ef0, 1, 570, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ef2, 1, 571, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ef4, 1, 572, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ef6, 1, 573, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ef8, 1, 574, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f08, 1, 575, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f09, 1, 576, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f0a, 1, 577, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f0b, 1, 578, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f0c, 1, 579, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f0d, 1, 580, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f0e, 1, 581, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f0f, 1, 582, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f18, 1, 583, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f19, 1, 584, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f1a, 1, 585, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f1b, 1, 586, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f1c, 1, 587, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f1d, 1, 588, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f28, 1, 589, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f29, 1, 590, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f2a, 1, 591, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f2b, 1, 592, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f2c, 1, 593, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f2d, 1, 594, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f2e, 1, 595, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f2f, 1, 596, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f38, 1, 597, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f39, 1, 598, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f3a, 1, 599, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f3b, 1, 600, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f3c, 1, 601, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f3d, 1, 602, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f3e, 1, 603, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f3f, 1, 604, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f48, 1, 605, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f49, 1, 606, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f4a, 1, 607, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f4b, 1, 608, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f4c, 1, 609, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f4d, 1, 610, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f50, 2, 611, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f52, 3, 613, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f54, 3, 616, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f56, 3, 619, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f59, 1, 622, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f5b, 1, 623, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f5d, 1, 624, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f5f, 1, 625, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f68, 1, 626, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f69, 1, 627, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f6a, 1, 628, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f6b, 1, 629, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f6c, 1, 630, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f6d, 1, 631, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f6e, 1, 632, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f6f, 1, 633, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f80, 2, 634, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f81, 2, 636, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f82, 2, 638, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f83, 2, 640, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f84, 2, 642, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f85, 2, 644, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f86, 2, 646, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f87, 2, 648, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f88, 2, 634, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f89, 2, 636, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f8a, 2, 638, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f8b, 2, 640, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f8c, 2, 642, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f8d, 2, 644, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f8e, 2, 646, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f8f, 2, 648, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f90, 2, 650, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f91, 2, 652, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f92, 2, 654, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f93, 2, 656, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f94, 2, 658, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f95, 2, 660, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f96, 2, 662, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f97, 2, 664, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f98, 2, 650, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f99, 2, 652, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f9a, 2, 654, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f9b, 2, 656, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f9c, 2, 658, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f9d, 2, 660, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f9e, 2, 662, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1f9f, 2, 664, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fa0, 2, 666, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fa1, 2, 668, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fa2, 2, 670, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fa3, 2, 672, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fa4, 2, 674, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fa5, 2, 676, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fa6, 2, 678, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fa7, 2, 680, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fa8, 2, 666, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fa9, 2, 668, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1faa, 2, 670, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fab, 2, 672, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fac, 2, 674, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fad, 2, 676, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fae, 2, 678, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1faf, 2, 680, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fb2, 2, 682, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fb3, 2, 684, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fb4, 2, 686, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fb6, 2, 688, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fb7, 3, 690, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fb8, 1, 693, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fb9, 1, 694, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fba, 1, 682, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fbb, 1, 695, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fbc, 2, 684, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fbe, 1, 225, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fc2, 2, 696, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fc3, 2, 698, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fc4, 2, 700, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fc6, 2, 702, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fc7, 3, 704, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fc8, 1, 707, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fc9, 1, 708, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fca, 1, 696, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fcb, 1, 709, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fcc, 2, 698, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fd2, 3, 710, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fd3, 3, 235, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fd6, 2, 713, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fd7, 3, 715, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fd8, 1, 718, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fd9, 1, 719, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fda, 1, 720, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fdb, 1, 721, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fe2, 3, 722, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fe3, 3, 262, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fe4, 2, 725, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fe6, 2, 727, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fe7, 3, 729, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fe8, 1, 732, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fe9, 1, 733, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fea, 1, 734, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1feb, 1, 735, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1fec, 1, 736, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ff2, 2, 737, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ff3, 2, 739, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ff4, 2, 234, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ff6, 2, 741, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ff7, 3, 743, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ff8, 1, 746, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ff9, 1, 747, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ffa, 1, 737, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ffb, 1, 748, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1ffc, 2, 739, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x2000, 1, 749, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x2001, 1, 750, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x2002, 1, 751, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x2003, 1, 752, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x2004, 1, 753, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x2005, 1, 754, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x2006, 1, 755, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x2007, 1, 756, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x2008, 1, 757, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x2009, 1, 758, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x200b, 0, 759, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0x200c, 0, 759, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0x200d, 0, 759, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0x200e, 0, 759, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x2028, 1, 759, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x202a, 0, 760, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x202b, 0, 760, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x202c, 0, 760, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x202d, 0, 760, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x202f, 1, 760, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x205f, 1, 761, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x2060, 0, 762, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0x2061, 0, 762, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x2062, 0, 762, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x206a, 0, 762, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x206b, 0, 762, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x206c, 0, 762, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x206d, 0, 762, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x206e, 0, 762, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x20a8, 2, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2102, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2103, 2, 762, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2107, 1, 143, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2109, 2, 764, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x210b, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x210c, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x210d, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2110, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2111, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2112, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2115, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2116, 2, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2119, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x211a, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x211b, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x211c, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x211d, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2120, 2, 766, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2121, 3, 768, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2122, 2, 771, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2124, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2126, 1, 259, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x2128, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x212a, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x212b, 1, 40, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x212c, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x212d, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2130, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2131, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2133, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x213e, 1, 240, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x213f, 1, 251, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2145, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x2160, 1, 773, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x2161, 1, 774, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x2162, 1, 775, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x2163, 1, 776, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x2164, 1, 777, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x2165, 1, 778, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x2166, 1, 779, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x2167, 1, 780, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x2168, 1, 781, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x2169, 1, 782, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x216a, 1, 783, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x216b, 1, 784, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x216c, 1, 785, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x216d, 1, 786, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x216e, 1, 787, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x216f, 1, 788, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24b6, 1, 789, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24b7, 1, 790, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24b8, 1, 791, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24b9, 1, 792, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24ba, 1, 793, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24bb, 1, 794, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24bc, 1, 795, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24bd, 1, 796, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24be, 1, 797, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24bf, 1, 798, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24c0, 1, 799, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24c1, 1, 800, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24c2, 1, 801, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24c3, 1, 802, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24c4, 1, 803, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24c5, 1, 804, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24c6, 1, 805, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24c7, 1, 806, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24c8, 1, 807, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24c9, 1, 808, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24ca, 1, 809, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24cb, 1, 810, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24cc, 1, 811, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24cd, 1, 812, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24ce, 1, 813, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x24cf, 1, 814, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x3000, 1, 815, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ + {0x3371, 3, 816, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3373, 2, 819, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3375, 2, 821, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3380, 2, 817, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3381, 2, 823, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3382, 2, 825, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3383, 2, 827, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3384, 2, 829, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3385, 2, 831, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3386, 2, 833, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3387, 2, 835, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x338a, 2, 837, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x338b, 2, 839, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x338c, 2, 841, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3390, 2, 843, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3391, 3, 845, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3392, 3, 848, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3393, 3, 851, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x3394, 3, 854, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33a9, 2, 817, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33aa, 3, 857, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33ab, 3, 860, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33ac, 3, 863, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33b4, 2, 866, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33b5, 2, 868, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33b6, 2, 870, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33b7, 2, 872, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33b8, 2, 874, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33b9, 2, 872, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33ba, 2, 876, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33bb, 2, 878, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33bc, 2, 880, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33bd, 2, 882, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33be, 2, 884, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33bf, 2, 882, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33c0, 2, 886, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33c1, 2, 888, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33c3, 2, 890, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33c6, 4, 892, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33c7, 3, 896, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33c8, 2, 899, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33c9, 2, 901, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33cb, 2, 816, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33cd, 2, 903, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33ce, 2, 905, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33d7, 2, 907, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33d9, 3, 909, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33da, 2, 912, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33dc, 2, 914, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x33dd, 2, 916, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0xfb00, 2, 918, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xfb01, 2, 920, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xfb02, 2, 922, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xfb03, 3, 919, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xfb04, 3, 924, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xfb05, 2, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xfb06, 2, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xfb13, 2, 927, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xfb14, 2, 929, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xfb15, 2, 931, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xfb16, 2, 933, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xfb17, 2, 935, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xfe00, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xfe01, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xfe02, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xfe03, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xfe04, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xfe05, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xfe06, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xfe07, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xfe08, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xfe09, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xfe0a, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xfe0b, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xfe0c, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xfe0d, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xfe0e, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xfe0f, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xfeff, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ + {0xff21, 1, 937, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff22, 1, 938, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff23, 1, 939, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff24, 1, 940, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff25, 1, 941, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff26, 1, 942, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff27, 1, 943, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff28, 1, 944, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff29, 1, 945, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff2a, 1, 946, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff2b, 1, 947, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff2c, 1, 948, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff2d, 1, 949, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff2e, 1, 950, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff2f, 1, 951, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff30, 1, 952, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff31, 1, 953, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff32, 1, 954, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff33, 1, 955, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff34, 1, 956, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff35, 1, 957, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff36, 1, 958, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff37, 1, 959, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff38, 1, 960, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff39, 1, 961, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xff3a, 1, 962, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0xfff9, 0, 963, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xfffa, 0, 963, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xfffc, 0, 963, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x10400, 1, 963, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10401, 1, 964, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10402, 1, 965, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10403, 1, 966, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10404, 1, 967, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10405, 1, 968, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10406, 1, 969, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10407, 1, 970, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10408, 1, 971, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10409, 1, 972, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1040a, 1, 973, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1040b, 1, 974, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1040c, 1, 975, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1040d, 1, 976, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1040e, 1, 977, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1040f, 1, 978, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10410, 1, 979, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10411, 1, 980, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10412, 1, 981, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10413, 1, 982, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10414, 1, 983, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10415, 1, 984, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10416, 1, 985, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10417, 1, 986, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10418, 1, 987, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10419, 1, 988, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1041a, 1, 989, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1041b, 1, 990, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1041c, 1, 991, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1041d, 1, 992, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1041e, 1, 993, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1041f, 1, 994, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10420, 1, 995, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10421, 1, 996, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10422, 1, 997, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10423, 1, 998, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10424, 1, 999, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x10425, 1, 1000, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ + {0x1d173, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x1d174, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x1d175, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x1d176, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x1d177, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x1d178, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x1d179, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0x1d400, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d401, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d402, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d403, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d404, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d405, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d406, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d407, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d408, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d409, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d40a, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d40b, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d40c, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d40d, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d40e, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d40f, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d410, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d411, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d412, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d413, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d414, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d415, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d416, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d417, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d418, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d419, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d434, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d435, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d436, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d437, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d438, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d439, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d43a, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d43b, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d43c, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d43d, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d43e, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d43f, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d440, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d441, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d442, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d443, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d444, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d445, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d446, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d447, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d448, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d449, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d44a, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d44b, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d44c, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d44d, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d468, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d469, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d46a, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d46b, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d46c, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d46d, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d46e, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d46f, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d470, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d471, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d472, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d473, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d474, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d475, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d476, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d477, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d478, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d479, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d47a, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d47b, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d47c, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d47d, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d47e, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d47f, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d480, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d481, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d49c, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d49e, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d49f, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4a2, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4a5, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4a6, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4a9, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4aa, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4ab, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4ac, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4ae, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4af, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4b0, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4b1, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4b2, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4b3, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4b4, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4b5, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4d0, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4d1, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4d2, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4d3, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4d4, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4d5, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4d6, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4d7, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4d8, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4d9, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4da, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4db, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4dc, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4dd, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4de, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4df, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4e0, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4e1, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4e2, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4e3, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4e4, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4e5, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4e6, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4e7, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4e8, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d4e9, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d504, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d505, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d507, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d508, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d509, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d50a, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d50d, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d50e, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d50f, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d510, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d511, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d512, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d513, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d514, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d516, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d517, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d518, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d519, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d51a, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d51b, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d51c, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d538, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d539, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d53b, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d53c, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d53d, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d53e, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d540, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d541, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d542, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d543, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d544, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d546, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d54a, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d54b, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d54c, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d54d, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d54e, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d54f, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d550, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d56c, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d56d, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d56e, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d56f, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d570, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d571, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d572, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d573, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d574, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d575, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d576, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d577, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d578, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d579, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d57a, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d57b, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d57c, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d57d, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d57e, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d57f, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d580, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d581, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d582, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d583, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d584, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d585, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5a0, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5a1, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5a2, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5a3, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5a4, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5a5, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5a6, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5a7, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5a8, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5a9, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5aa, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5ab, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5ac, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5ad, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5ae, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5af, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5b0, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5b1, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5b2, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5b3, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5b4, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5b5, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5b6, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5b7, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5b8, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5b9, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5d4, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5d5, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5d6, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5d7, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5d8, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5d9, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5da, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5db, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5dc, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5dd, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5de, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5df, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5e0, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5e1, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5e2, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5e3, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5e4, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5e5, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5e6, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5e7, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5e8, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5e9, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5ea, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5eb, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5ec, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d5ed, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d608, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d609, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d60a, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d60b, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d60c, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d60d, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d60e, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d60f, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d610, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d611, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d612, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d613, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d614, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d615, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d616, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d617, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d618, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d619, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d61a, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d61b, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d61c, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d61d, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d61e, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d61f, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d620, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d621, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d63c, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d63d, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d63e, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d63f, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d640, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d641, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d642, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d643, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d644, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d645, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d646, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d647, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d648, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d649, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d64a, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d64b, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d64c, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d64d, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d64e, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d64f, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d650, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d651, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d652, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d653, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d654, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d655, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d670, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d671, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d672, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d673, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d674, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d675, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d676, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d677, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d678, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d679, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d67a, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d67b, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d67c, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d67d, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d67e, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d67f, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d680, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d681, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d682, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d683, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d684, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d685, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d686, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d687, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d688, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d689, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6a8, 1, 238, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6a9, 1, 239, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6aa, 1, 240, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6ab, 1, 241, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6ac, 1, 242, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6ad, 1, 243, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6ae, 1, 244, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6af, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6b0, 1, 225, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6b1, 1, 246, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6b2, 1, 247, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6b3, 1, 34, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6b4, 1, 248, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6b5, 1, 249, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6b6, 1, 250, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6b7, 1, 251, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6b8, 1, 252, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6b9, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6ba, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6bb, 1, 254, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6bc, 1, 255, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6bd, 1, 256, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6be, 1, 257, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6bf, 1, 258, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6c0, 1, 259, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6d3, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6e2, 1, 238, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6e3, 1, 239, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6e4, 1, 240, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6e5, 1, 241, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6e6, 1, 242, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6e7, 1, 243, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6e8, 1, 244, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6e9, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6ea, 1, 225, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6eb, 1, 246, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6ec, 1, 247, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6ed, 1, 34, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6ee, 1, 248, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6ef, 1, 249, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6f0, 1, 250, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6f1, 1, 251, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6f2, 1, 252, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6f3, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6f4, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6f5, 1, 254, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6f6, 1, 255, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6f7, 1, 256, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6f8, 1, 257, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6f9, 1, 258, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d6fa, 1, 259, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d70d, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d71c, 1, 238, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d71d, 1, 239, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d71e, 1, 240, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d71f, 1, 241, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d720, 1, 242, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d721, 1, 243, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d722, 1, 244, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d723, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d724, 1, 225, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d725, 1, 246, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d726, 1, 247, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d727, 1, 34, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d728, 1, 248, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d729, 1, 249, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d72a, 1, 250, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d72b, 1, 251, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d72c, 1, 252, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d72d, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d72e, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d72f, 1, 254, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d730, 1, 255, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d731, 1, 256, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d732, 1, 257, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d733, 1, 258, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d734, 1, 259, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d747, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d756, 1, 238, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d757, 1, 239, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d758, 1, 240, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d759, 1, 241, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d75a, 1, 242, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d75b, 1, 243, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d75c, 1, 244, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d75d, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d75e, 1, 225, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d75f, 1, 246, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d760, 1, 247, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d761, 1, 34, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d762, 1, 248, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d763, 1, 249, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d764, 1, 250, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d765, 1, 251, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d766, 1, 252, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d767, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d768, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d769, 1, 254, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d76a, 1, 255, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d76b, 1, 256, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d76c, 1, 257, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d76d, 1, 258, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d76e, 1, 259, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d781, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d790, 1, 238, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d791, 1, 239, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d792, 1, 240, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d793, 1, 241, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d794, 1, 242, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d795, 1, 243, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d796, 1, 244, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d797, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d798, 1, 225, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d799, 1, 246, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d79a, 1, 247, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d79b, 1, 34, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d79c, 1, 248, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d79d, 1, 249, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d79e, 1, 250, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d79f, 1, 251, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d7a0, 1, 252, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d7a1, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d7a2, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d7a3, 1, 254, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d7a4, 1, 255, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d7a5, 1, 256, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d7a6, 1, 257, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d7a7, 1, 258, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d7a8, 1, 259, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0x1d7bb, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ + {0xe0001, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0020, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0021, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0022, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0023, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0024, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0025, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0026, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0027, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0028, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0029, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe002a, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe002b, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe002c, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe002d, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe002e, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe002f, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0030, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0031, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0032, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0033, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0034, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0035, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0036, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0037, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0038, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0039, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe003a, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe003b, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe003c, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe003d, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe003e, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe003f, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0040, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0041, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0042, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0043, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0044, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0045, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0046, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0047, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0048, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0049, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe004a, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe004b, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe004c, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe004d, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe004e, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe004f, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0050, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0051, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0052, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0053, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0054, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0055, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0056, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0057, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0058, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0059, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe005a, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe005b, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe005c, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe005d, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe005e, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe005f, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0060, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0061, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0062, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0063, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0064, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0065, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0066, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0067, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0068, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0069, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe006a, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe006b, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe006c, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe006d, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe006e, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe006f, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0070, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0071, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0072, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0073, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0074, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0075, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0076, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0077, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0078, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe0079, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe007a, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe007b, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe007c, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe007d, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + {0xe007e, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ + +}; + +const size_t _wind_map_table_size = 1597; + +const uint32_t _wind_map_table_val[] = { + 0x0020, + 0x0020, + 0x0020, + 0x0020, + 0x0020, + 0x0020, + 0x0061, + 0x0062, + 0x0063, + 0x0064, + 0x0065, + 0x0066, + 0x0067, + 0x0068, + 0x0069, + 0x006A, + 0x006B, + 0x006C, + 0x006D, + 0x006E, + 0x006F, + 0x0070, + 0x0071, + 0x0072, + 0x0073, + 0x0074, + 0x0075, + 0x0076, + 0x0077, + 0x0078, + 0x0079, + 0x007A, + 0x0020, + 0x0020, + 0x03BC, + 0x00E0, + 0x00E1, + 0x00E2, + 0x00E3, + 0x00E4, + 0x00E5, + 0x00E6, + 0x00E7, + 0x00E8, + 0x00E9, + 0x00EA, + 0x00EB, + 0x00EC, + 0x00ED, + 0x00EE, + 0x00EF, + 0x00F0, + 0x00F1, + 0x00F2, + 0x00F3, + 0x00F4, + 0x00F5, + 0x00F6, + 0x00F8, + 0x00F9, + 0x00FA, + 0x00FB, + 0x00FC, + 0x00FD, + 0x00FE, + 0x0073, + 0x0073, + 0x0101, + 0x0103, + 0x0105, + 0x0107, + 0x0109, + 0x010B, + 0x010D, + 0x010F, + 0x0111, + 0x0113, + 0x0115, + 0x0117, + 0x0119, + 0x011B, + 0x011D, + 0x011F, + 0x0121, + 0x0123, + 0x0125, + 0x0127, + 0x0129, + 0x012B, + 0x012D, + 0x012F, + 0x0069, + 0x0307, + 0x0133, + 0x0135, + 0x0137, + 0x013A, + 0x013C, + 0x013E, + 0x0140, + 0x0142, + 0x0144, + 0x0146, + 0x0148, + 0x02BC, + 0x006E, + 0x014B, + 0x014D, + 0x014F, + 0x0151, + 0x0153, + 0x0155, + 0x0157, + 0x0159, + 0x015B, + 0x015D, + 0x015F, + 0x0161, + 0x0163, + 0x0165, + 0x0167, + 0x0169, + 0x016B, + 0x016D, + 0x016F, + 0x0171, + 0x0173, + 0x0175, + 0x0177, + 0x00FF, + 0x017A, + 0x017C, + 0x017E, + 0x0253, + 0x0183, + 0x0185, + 0x0254, + 0x0188, + 0x0256, + 0x0257, + 0x018C, + 0x01DD, + 0x0259, + 0x025B, + 0x0192, + 0x0260, + 0x0263, + 0x0269, + 0x0268, + 0x0199, + 0x026F, + 0x0272, + 0x0275, + 0x01A1, + 0x01A3, + 0x01A5, + 0x0280, + 0x01A8, + 0x0283, + 0x01AD, + 0x0288, + 0x01B0, + 0x028A, + 0x028B, + 0x01B4, + 0x01B6, + 0x0292, + 0x01B9, + 0x01BD, + 0x01C6, + 0x01C9, + 0x01CC, + 0x01CE, + 0x01D0, + 0x01D2, + 0x01D4, + 0x01D6, + 0x01D8, + 0x01DA, + 0x01DC, + 0x01DF, + 0x01E1, + 0x01E3, + 0x01E5, + 0x01E7, + 0x01E9, + 0x01EB, + 0x01ED, + 0x01EF, + 0x006A, + 0x030C, + 0x01F3, + 0x01F5, + 0x0195, + 0x01BF, + 0x01F9, + 0x01FB, + 0x01FD, + 0x01FF, + 0x0201, + 0x0203, + 0x0205, + 0x0207, + 0x0209, + 0x020B, + 0x020D, + 0x020F, + 0x0211, + 0x0213, + 0x0215, + 0x0217, + 0x0219, + 0x021B, + 0x021D, + 0x021F, + 0x019E, + 0x0223, + 0x0225, + 0x0227, + 0x0229, + 0x022B, + 0x022D, + 0x022F, + 0x0231, + 0x0233, + 0x03B9, + 0x0020, + 0x03B9, + 0x03AC, + 0x03AD, + 0x03AE, + 0x03AF, + 0x03CC, + 0x03CD, + 0x03CE, + 0x03B9, + 0x0308, + 0x0301, + 0x03B1, + 0x03B2, + 0x03B3, + 0x03B4, + 0x03B5, + 0x03B6, + 0x03B7, + 0x03B8, + 0x03BA, + 0x03BB, + 0x03BD, + 0x03BE, + 0x03BF, + 0x03C0, + 0x03C1, + 0x03C3, + 0x03C4, + 0x03C5, + 0x03C6, + 0x03C7, + 0x03C8, + 0x03C9, + 0x03CA, + 0x03CB, + 0x03C5, + 0x0308, + 0x0301, + 0x03D9, + 0x03DB, + 0x03DD, + 0x03DF, + 0x03E1, + 0x03E3, + 0x03E5, + 0x03E7, + 0x03E9, + 0x03EB, + 0x03ED, + 0x03EF, + 0x0450, + 0x0451, + 0x0452, + 0x0453, + 0x0454, + 0x0455, + 0x0456, + 0x0457, + 0x0458, + 0x0459, + 0x045A, + 0x045B, + 0x045C, + 0x045D, + 0x045E, + 0x045F, + 0x0430, + 0x0431, + 0x0432, + 0x0433, + 0x0434, + 0x0435, + 0x0436, + 0x0437, + 0x0438, + 0x0439, + 0x043A, + 0x043B, + 0x043C, + 0x043D, + 0x043E, + 0x043F, + 0x0440, + 0x0441, + 0x0442, + 0x0443, + 0x0444, + 0x0445, + 0x0446, + 0x0447, + 0x0448, + 0x0449, + 0x044A, + 0x044B, + 0x044C, + 0x044D, + 0x044E, + 0x044F, + 0x0461, + 0x0463, + 0x0465, + 0x0467, + 0x0469, + 0x046B, + 0x046D, + 0x046F, + 0x0471, + 0x0473, + 0x0475, + 0x0477, + 0x0479, + 0x047B, + 0x047D, + 0x047F, + 0x0481, + 0x048B, + 0x048D, + 0x048F, + 0x0491, + 0x0493, + 0x0495, + 0x0497, + 0x0499, + 0x049B, + 0x049D, + 0x049F, + 0x04A1, + 0x04A3, + 0x04A5, + 0x04A7, + 0x04A9, + 0x04AB, + 0x04AD, + 0x04AF, + 0x04B1, + 0x04B3, + 0x04B5, + 0x04B7, + 0x04B9, + 0x04BB, + 0x04BD, + 0x04BF, + 0x04C2, + 0x04C4, + 0x04C6, + 0x04C8, + 0x04CA, + 0x04CC, + 0x04CE, + 0x04D1, + 0x04D3, + 0x04D5, + 0x04D7, + 0x04D9, + 0x04DB, + 0x04DD, + 0x04DF, + 0x04E1, + 0x04E3, + 0x04E5, + 0x04E7, + 0x04E9, + 0x04EB, + 0x04ED, + 0x04EF, + 0x04F1, + 0x04F3, + 0x04F5, + 0x04F9, + 0x0501, + 0x0503, + 0x0505, + 0x0507, + 0x0509, + 0x050B, + 0x050D, + 0x050F, + 0x0561, + 0x0562, + 0x0563, + 0x0564, + 0x0565, + 0x0566, + 0x0567, + 0x0568, + 0x0569, + 0x056A, + 0x056B, + 0x056C, + 0x056D, + 0x056E, + 0x056F, + 0x0570, + 0x0571, + 0x0572, + 0x0573, + 0x0574, + 0x0575, + 0x0576, + 0x0577, + 0x0578, + 0x0579, + 0x057A, + 0x057B, + 0x057C, + 0x057D, + 0x057E, + 0x057F, + 0x0580, + 0x0581, + 0x0582, + 0x0583, + 0x0584, + 0x0585, + 0x0586, + 0x0565, + 0x0582, + 0x0020, + 0x1E01, + 0x1E03, + 0x1E05, + 0x1E07, + 0x1E09, + 0x1E0B, + 0x1E0D, + 0x1E0F, + 0x1E11, + 0x1E13, + 0x1E15, + 0x1E17, + 0x1E19, + 0x1E1B, + 0x1E1D, + 0x1E1F, + 0x1E21, + 0x1E23, + 0x1E25, + 0x1E27, + 0x1E29, + 0x1E2B, + 0x1E2D, + 0x1E2F, + 0x1E31, + 0x1E33, + 0x1E35, + 0x1E37, + 0x1E39, + 0x1E3B, + 0x1E3D, + 0x1E3F, + 0x1E41, + 0x1E43, + 0x1E45, + 0x1E47, + 0x1E49, + 0x1E4B, + 0x1E4D, + 0x1E4F, + 0x1E51, + 0x1E53, + 0x1E55, + 0x1E57, + 0x1E59, + 0x1E5B, + 0x1E5D, + 0x1E5F, + 0x1E61, + 0x1E63, + 0x1E65, + 0x1E67, + 0x1E69, + 0x1E6B, + 0x1E6D, + 0x1E6F, + 0x1E71, + 0x1E73, + 0x1E75, + 0x1E77, + 0x1E79, + 0x1E7B, + 0x1E7D, + 0x1E7F, + 0x1E81, + 0x1E83, + 0x1E85, + 0x1E87, + 0x1E89, + 0x1E8B, + 0x1E8D, + 0x1E8F, + 0x1E91, + 0x1E93, + 0x1E95, + 0x0068, + 0x0331, + 0x0074, + 0x0308, + 0x0077, + 0x030A, + 0x0079, + 0x030A, + 0x0061, + 0x02BE, + 0x1EA1, + 0x1EA3, + 0x1EA5, + 0x1EA7, + 0x1EA9, + 0x1EAB, + 0x1EAD, + 0x1EAF, + 0x1EB1, + 0x1EB3, + 0x1EB5, + 0x1EB7, + 0x1EB9, + 0x1EBB, + 0x1EBD, + 0x1EBF, + 0x1EC1, + 0x1EC3, + 0x1EC5, + 0x1EC7, + 0x1EC9, + 0x1ECB, + 0x1ECD, + 0x1ECF, + 0x1ED1, + 0x1ED3, + 0x1ED5, + 0x1ED7, + 0x1ED9, + 0x1EDB, + 0x1EDD, + 0x1EDF, + 0x1EE1, + 0x1EE3, + 0x1EE5, + 0x1EE7, + 0x1EE9, + 0x1EEB, + 0x1EED, + 0x1EEF, + 0x1EF1, + 0x1EF3, + 0x1EF5, + 0x1EF7, + 0x1EF9, + 0x1F00, + 0x1F01, + 0x1F02, + 0x1F03, + 0x1F04, + 0x1F05, + 0x1F06, + 0x1F07, + 0x1F10, + 0x1F11, + 0x1F12, + 0x1F13, + 0x1F14, + 0x1F15, + 0x1F20, + 0x1F21, + 0x1F22, + 0x1F23, + 0x1F24, + 0x1F25, + 0x1F26, + 0x1F27, + 0x1F30, + 0x1F31, + 0x1F32, + 0x1F33, + 0x1F34, + 0x1F35, + 0x1F36, + 0x1F37, + 0x1F40, + 0x1F41, + 0x1F42, + 0x1F43, + 0x1F44, + 0x1F45, + 0x03C5, + 0x0313, + 0x03C5, + 0x0313, + 0x0300, + 0x03C5, + 0x0313, + 0x0301, + 0x03C5, + 0x0313, + 0x0342, + 0x1F51, + 0x1F53, + 0x1F55, + 0x1F57, + 0x1F60, + 0x1F61, + 0x1F62, + 0x1F63, + 0x1F64, + 0x1F65, + 0x1F66, + 0x1F67, + 0x1F00, + 0x03B9, + 0x1F01, + 0x03B9, + 0x1F02, + 0x03B9, + 0x1F03, + 0x03B9, + 0x1F04, + 0x03B9, + 0x1F05, + 0x03B9, + 0x1F06, + 0x03B9, + 0x1F07, + 0x03B9, + 0x1F20, + 0x03B9, + 0x1F21, + 0x03B9, + 0x1F22, + 0x03B9, + 0x1F23, + 0x03B9, + 0x1F24, + 0x03B9, + 0x1F25, + 0x03B9, + 0x1F26, + 0x03B9, + 0x1F27, + 0x03B9, + 0x1F60, + 0x03B9, + 0x1F61, + 0x03B9, + 0x1F62, + 0x03B9, + 0x1F63, + 0x03B9, + 0x1F64, + 0x03B9, + 0x1F65, + 0x03B9, + 0x1F66, + 0x03B9, + 0x1F67, + 0x03B9, + 0x1F70, + 0x03B9, + 0x03B1, + 0x03B9, + 0x03AC, + 0x03B9, + 0x03B1, + 0x0342, + 0x03B1, + 0x0342, + 0x03B9, + 0x1FB0, + 0x1FB1, + 0x1F71, + 0x1F74, + 0x03B9, + 0x03B7, + 0x03B9, + 0x03AE, + 0x03B9, + 0x03B7, + 0x0342, + 0x03B7, + 0x0342, + 0x03B9, + 0x1F72, + 0x1F73, + 0x1F75, + 0x03B9, + 0x0308, + 0x0300, + 0x03B9, + 0x0342, + 0x03B9, + 0x0308, + 0x0342, + 0x1FD0, + 0x1FD1, + 0x1F76, + 0x1F77, + 0x03C5, + 0x0308, + 0x0300, + 0x03C1, + 0x0313, + 0x03C5, + 0x0342, + 0x03C5, + 0x0308, + 0x0342, + 0x1FE0, + 0x1FE1, + 0x1F7A, + 0x1F7B, + 0x1FE5, + 0x1F7C, + 0x03B9, + 0x03C9, + 0x03B9, + 0x03C9, + 0x0342, + 0x03C9, + 0x0342, + 0x03B9, + 0x1F78, + 0x1F79, + 0x1F7D, + 0x0020, + 0x0020, + 0x0020, + 0x0020, + 0x0020, + 0x0020, + 0x0020, + 0x0020, + 0x0020, + 0x0020, + 0x0020, + 0x0020, + 0x0020, + 0x00B0, + 0x0063, + 0x00B0, + 0x0066, + 0x0073, + 0x006D, + 0x0074, + 0x0065, + 0x006C, + 0x0074, + 0x006D, + 0x2170, + 0x2171, + 0x2172, + 0x2173, + 0x2174, + 0x2175, + 0x2176, + 0x2177, + 0x2178, + 0x2179, + 0x217A, + 0x217B, + 0x217C, + 0x217D, + 0x217E, + 0x217F, + 0x24D0, + 0x24D1, + 0x24D2, + 0x24D3, + 0x24D4, + 0x24D5, + 0x24D6, + 0x24D7, + 0x24D8, + 0x24D9, + 0x24DA, + 0x24DB, + 0x24DC, + 0x24DD, + 0x24DE, + 0x24DF, + 0x24E0, + 0x24E1, + 0x24E2, + 0x24E3, + 0x24E4, + 0x24E5, + 0x24E6, + 0x24E7, + 0x24E8, + 0x24E9, + 0x0020, + 0x0068, + 0x0070, + 0x0061, + 0x0061, + 0x0075, + 0x006F, + 0x0076, + 0x006E, + 0x0061, + 0x03BC, + 0x0061, + 0x006D, + 0x0061, + 0x006B, + 0x0061, + 0x006B, + 0x0062, + 0x006D, + 0x0062, + 0x0067, + 0x0062, + 0x0070, + 0x0066, + 0x006E, + 0x0066, + 0x03BC, + 0x0066, + 0x0068, + 0x007A, + 0x006B, + 0x0068, + 0x007A, + 0x006D, + 0x0068, + 0x007A, + 0x0067, + 0x0068, + 0x007A, + 0x0074, + 0x0068, + 0x007A, + 0x006B, + 0x0070, + 0x0061, + 0x006D, + 0x0070, + 0x0061, + 0x0067, + 0x0070, + 0x0061, + 0x0070, + 0x0076, + 0x006E, + 0x0076, + 0x03BC, + 0x0076, + 0x006D, + 0x0076, + 0x006B, + 0x0076, + 0x0070, + 0x0077, + 0x006E, + 0x0077, + 0x03BC, + 0x0077, + 0x006D, + 0x0077, + 0x006B, + 0x0077, + 0x006B, + 0x03C9, + 0x006D, + 0x03C9, + 0x0062, + 0x0071, + 0x0063, + 0x2215, + 0x006B, + 0x0067, + 0x0063, + 0x006F, + 0x002E, + 0x0064, + 0x0062, + 0x0067, + 0x0079, + 0x006B, + 0x006B, + 0x006B, + 0x006D, + 0x0070, + 0x0068, + 0x0070, + 0x0070, + 0x006D, + 0x0070, + 0x0072, + 0x0073, + 0x0076, + 0x0077, + 0x0062, + 0x0066, + 0x0066, + 0x0066, + 0x0069, + 0x0066, + 0x006C, + 0x0066, + 0x0066, + 0x006C, + 0x0574, + 0x0576, + 0x0574, + 0x0565, + 0x0574, + 0x056B, + 0x057E, + 0x0576, + 0x0574, + 0x056D, + 0xFF41, + 0xFF42, + 0xFF43, + 0xFF44, + 0xFF45, + 0xFF46, + 0xFF47, + 0xFF48, + 0xFF49, + 0xFF4A, + 0xFF4B, + 0xFF4C, + 0xFF4D, + 0xFF4E, + 0xFF4F, + 0xFF50, + 0xFF51, + 0xFF52, + 0xFF53, + 0xFF54, + 0xFF55, + 0xFF56, + 0xFF57, + 0xFF58, + 0xFF59, + 0xFF5A, + 0x10428, + 0x10429, + 0x1042A, + 0x1042B, + 0x1042C, + 0x1042D, + 0x1042E, + 0x1042F, + 0x10430, + 0x10431, + 0x10432, + 0x10433, + 0x10434, + 0x10435, + 0x10436, + 0x10437, + 0x10438, + 0x10439, + 0x1043A, + 0x1043B, + 0x1043C, + 0x1043D, + 0x1043E, + 0x1043F, + 0x10440, + 0x10441, + 0x10442, + 0x10443, + 0x10444, + 0x10445, + 0x10446, + 0x10447, + 0x10448, + 0x10449, + 0x1044A, + 0x1044B, + 0x1044C, + 0x1044D, +}; + diff --git a/source4/heimdal/lib/wind/map_table.h b/source4/heimdal/lib/wind/map_table.h new file mode 100644 index 0000000000..4b4565472d --- /dev/null +++ b/source4/heimdal/lib/wind/map_table.h @@ -0,0 +1,22 @@ +/* map_table.h */ +/* Automatically generated at 2008-03-18T11:38:08.353625 */ + +#ifndef MAP_TABLE_H +#define MAP_TABLE_H 1 + +#include "windlocl.h" + +struct translation { + uint32_t key; + unsigned short val_len; + unsigned short val_offset; + wind_profile_flags flags; +}; + +extern const struct translation _wind_map_table[]; + +extern const size_t _wind_map_table_size; + +extern const uint32_t _wind_map_table_val[]; + +#endif /* MAP_TABLE_H */ diff --git a/source4/heimdal/lib/wind/normalize.c b/source4/heimdal/lib/wind/normalize.c new file mode 100644 index 0000000000..d1b440513a --- /dev/null +++ b/source4/heimdal/lib/wind/normalize.c @@ -0,0 +1,301 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include "windlocl.h" + +#include +#include +#include + +#include "normalize_table.h" + +RCSID("$Id: normalize.c 22581 2008-02-11 20:42:25Z lha $"); + +static int +translation_cmp(const void *key, const void *data) +{ + const struct translation *t1 = (const struct translation *)key; + const struct translation *t2 = (const struct translation *)data; + + return t1->key - t2->key; +} + +enum { s_base = 0xAC00}; +enum { s_count = 11172}; +enum { l_base = 0x1100}; +enum { l_count = 19}; +enum { v_base = 0x1161}; +enum { v_count = 21}; +enum { t_base = 0x11A7}; +enum { t_count = 28}; +enum { n_count = v_count * t_count}; + +static int +hangul_decomp(const uint32_t *in, size_t in_len, + uint32_t *out, size_t *out_len) +{ + uint32_t u = *in; + unsigned s_index; + unsigned l, v, t; + unsigned o; + + if (u < s_base || u >= s_base + s_count) + return 0; + s_index = u - s_base; + l = l_base + s_index / n_count; + v = v_base + (s_index % n_count) / t_count; + t = t_base + s_index % t_count; + o = 2; + if (t != t_base) + ++o; + if (*out_len < o) + return WIND_ERR_OVERRUN; + out[0] = l; + out[1] = v; + if (t != t_base) + out[2] = t; + *out_len = o; + return 1; +} + +static uint32_t +hangul_composition(const uint32_t *in, size_t in_len) +{ + if (in_len < 2) + return 0; + if (in[0] >= l_base && in[0] < l_base + l_count) { + unsigned l_index = in[0] - l_base; + unsigned v_index; + + if (in[1] < v_base || in[1] >= v_base + v_count) + return 0; + v_index = in[1] - v_base; + return (l_index * v_count + v_index) * t_count + s_base; + } else if (in[0] >= s_base && in[0] < s_base + s_count) { + unsigned s_index = in[0] - s_base; + unsigned t_index; + + if (s_index % t_count != 0) + return 0; + if (in[1] < t_base || in[1] >= t_base + t_count) + return 0; + t_index = in[1] - t_base; + return in[0] + t_index; + } + return 0; +} + +static int +compat_decomp(const uint32_t *in, size_t in_len, + uint32_t *out, size_t *out_len) +{ + unsigned i; + unsigned o = 0; + + for (i = 0; i < in_len; ++i) { + struct translation ts = {in[i]}; + size_t sub_len = *out_len - o; + int ret; + + ret = hangul_decomp(in + i, in_len - i, + out + o, &sub_len); + if (ret) { + if (ret == WIND_ERR_OVERRUN) + return ret; + o += sub_len; + } else { + void *s = bsearch(&ts, + _wind_normalize_table, + _wind_normalize_table_size, + sizeof(_wind_normalize_table[0]), + translation_cmp); + if (s != NULL) { + const struct translation *t = (const struct translation *)s; + + ret = compat_decomp(_wind_normalize_val_table + t->val_offset, + t->val_len, + out + o, &sub_len); + if (ret) + return ret; + o += sub_len; + } else { + if (o >= *out_len) + return WIND_ERR_OVERRUN; + out[o++] = in[i]; + + } + } + } + *out_len = o; + return 0; +} + +static int +cc_cmp(const void *a, const void *b) +{ + const uint32_t *ua = (const uint32_t *)a; + const uint32_t *ub = (const uint32_t *)b; + + return _wind_combining_class(*ua) - _wind_combining_class(*ub); +} + +static void +canonical_reorder(uint32_t *tmp, size_t tmp_len) +{ + unsigned i; + + for (i = 0; i < tmp_len; ++i) { + int cc = _wind_combining_class(tmp[i]); + if (cc) { + size_t j; + for (j = i + 1; + j < tmp_len && _wind_combining_class(tmp[j]); + ++j) + ; + qsort(&tmp[i], j - i, sizeof(unsigned), + cc_cmp); + i = j; + } + } +} + +static uint32_t +find_composition(const uint32_t *in, unsigned in_len) +{ + unsigned short canon_index = 0; + uint32_t cur; + unsigned n = 0; + + cur = hangul_composition(in, in_len); + if (cur) + return cur; + + do { + const struct canon_node *c = &_wind_canon_table[canon_index]; + unsigned i; + + if (n % 5 == 0) { + cur = *in++; + if (in_len-- == 0) + return c->val; + } + + i = cur >> 16; + if (i < c->next_start || i >= c->next_end) + canon_index = 0; + else + canon_index = + _wind_canon_next_table[c->next_offset + i - c->next_start]; + if (canon_index != 0) { + cur = (cur << 4) & 0xFFFFF; + ++n; + } + } while (canon_index != 0); + return 0; +} + +static int +combine(const uint32_t *in, size_t in_len, + uint32_t *out, size_t *out_len) +{ + unsigned i; + int ostarter; + unsigned o = 0; + int old_cc; + int cc; + + for (i = 0; i < in_len;) { + while (i < in_len && (cc = _wind_combining_class(in[i])) != 0) { + out[o++] = in[i++]; + } + if (i < in_len) { + if (o >= *out_len) + return WIND_ERR_OVERRUN; + ostarter = o; + out[o++] = in[i++]; + old_cc = -1; + + while (i < in_len) { + uint32_t comb; + uint32_t v[2]; + + v[0] = out[ostarter]; + v[1] = in[i]; + + cc = _wind_combining_class(in[i]); + if (old_cc != cc && (comb = find_composition(v, 2))) { + out[ostarter] = comb; + } else if (cc == 0) { + break; + } else { + if (o >= *out_len) + return WIND_ERR_OVERRUN; + out[o++] = in[i]; + old_cc = cc; + } + ++i; + } + } + } + *out_len = o; + return 0; +} + +int +_wind_stringprep_normalize(const uint32_t *in, size_t in_len, + uint32_t *out, size_t *out_len) +{ + size_t tmp_len; + uint32_t *tmp; + int ret; + + tmp_len = in_len * 4; + if (tmp_len < MAX_LENGTH_CANON) + tmp_len = MAX_LENGTH_CANON; + tmp = malloc(tmp_len * sizeof(uint32_t)); + if (tmp == NULL) + return ENOMEM; + + ret = compat_decomp(in, in_len, tmp, &tmp_len); + if (ret) { + free(tmp); + return ret; + } + canonical_reorder(tmp, tmp_len); + ret = combine(tmp, tmp_len, out, out_len); + free(tmp); + return ret; +} diff --git a/source4/heimdal/lib/wind/normalize_table.c b/source4/heimdal/lib/wind/normalize_table.c new file mode 100644 index 0000000000..c8893193a7 --- /dev/null +++ b/source4/heimdal/lib/wind/normalize_table.c @@ -0,0 +1,22976 @@ +/* normalize_table.c */ +/* Automatically generated at 2008-03-18T11:38:08.923861 */ + + +#include "normalize_table.h" + +const struct translation _wind_normalize_table[] = { + {0xa0, 1, 0}, /* NO-BREAK SPACE */ + {0xa8, 2, 1}, /* DIAERESIS */ + {0xaa, 1, 3}, /* FEMININE ORDINAL INDICATOR */ + {0xaf, 2, 4}, /* MACRON */ + {0xb2, 1, 6}, /* SUPERSCRIPT TWO */ + {0xb3, 1, 7}, /* SUPERSCRIPT THREE */ + {0xb4, 2, 8}, /* ACUTE ACCENT */ + {0xb5, 1, 10}, /* MICRO SIGN */ + {0xb8, 2, 11}, /* CEDILLA */ + {0xb9, 1, 13}, /* SUPERSCRIPT ONE */ + {0xba, 1, 14}, /* MASCULINE ORDINAL INDICATOR */ + {0xbc, 3, 15}, /* VULGAR FRACTION ONE QUARTER */ + {0xbd, 3, 18}, /* VULGAR FRACTION ONE HALF */ + {0xbe, 3, 21}, /* VULGAR FRACTION THREE QUARTERS */ + {0xc0, 2, 24}, /* LATIN CAPITAL LETTER A WITH GRAVE */ + {0xc1, 2, 26}, /* LATIN CAPITAL LETTER A WITH ACUTE */ + {0xc2, 2, 28}, /* LATIN CAPITAL LETTER A WITH CIRCUMFLEX */ + {0xc3, 2, 30}, /* LATIN CAPITAL LETTER A WITH TILDE */ + {0xc4, 2, 32}, /* LATIN CAPITAL LETTER A WITH DIAERESIS */ + {0xc5, 2, 34}, /* LATIN CAPITAL LETTER A WITH RING ABOVE */ + {0xc7, 2, 36}, /* LATIN CAPITAL LETTER C WITH CEDILLA */ + {0xc8, 2, 38}, /* LATIN CAPITAL LETTER E WITH GRAVE */ + {0xc9, 2, 40}, /* LATIN CAPITAL LETTER E WITH ACUTE */ + {0xca, 2, 42}, /* LATIN CAPITAL LETTER E WITH CIRCUMFLEX */ + {0xcb, 2, 44}, /* LATIN CAPITAL LETTER E WITH DIAERESIS */ + {0xcc, 2, 46}, /* LATIN CAPITAL LETTER I WITH GRAVE */ + {0xcd, 2, 48}, /* LATIN CAPITAL LETTER I WITH ACUTE */ + {0xce, 2, 50}, /* LATIN CAPITAL LETTER I WITH CIRCUMFLEX */ + {0xcf, 2, 52}, /* LATIN CAPITAL LETTER I WITH DIAERESIS */ + {0xd1, 2, 54}, /* LATIN CAPITAL LETTER N WITH TILDE */ + {0xd2, 2, 56}, /* LATIN CAPITAL LETTER O WITH GRAVE */ + {0xd3, 2, 58}, /* LATIN CAPITAL LETTER O WITH ACUTE */ + {0xd4, 2, 60}, /* LATIN CAPITAL LETTER O WITH CIRCUMFLEX */ + {0xd5, 2, 62}, /* LATIN CAPITAL LETTER O WITH TILDE */ + {0xd6, 2, 64}, /* LATIN CAPITAL LETTER O WITH DIAERESIS */ + {0xd9, 2, 66}, /* LATIN CAPITAL LETTER U WITH GRAVE */ + {0xda, 2, 68}, /* LATIN CAPITAL LETTER U WITH ACUTE */ + {0xdb, 2, 70}, /* LATIN CAPITAL LETTER U WITH CIRCUMFLEX */ + {0xdc, 2, 72}, /* LATIN CAPITAL LETTER U WITH DIAERESIS */ + {0xdd, 2, 74}, /* LATIN CAPITAL LETTER Y WITH ACUTE */ + {0xe0, 2, 76}, /* LATIN SMALL LETTER A WITH GRAVE */ + {0xe1, 2, 78}, /* LATIN SMALL LETTER A WITH ACUTE */ + {0xe2, 2, 80}, /* LATIN SMALL LETTER A WITH CIRCUMFLEX */ + {0xe3, 2, 82}, /* LATIN SMALL LETTER A WITH TILDE */ + {0xe4, 2, 84}, /* LATIN SMALL LETTER A WITH DIAERESIS */ + {0xe5, 2, 86}, /* LATIN SMALL LETTER A WITH RING ABOVE */ + {0xe7, 2, 88}, /* LATIN SMALL LETTER C WITH CEDILLA */ + {0xe8, 2, 90}, /* LATIN SMALL LETTER E WITH GRAVE */ + {0xe9, 2, 92}, /* LATIN SMALL LETTER E WITH ACUTE */ + {0xea, 2, 94}, /* LATIN SMALL LETTER E WITH CIRCUMFLEX */ + {0xeb, 2, 96}, /* LATIN SMALL LETTER E WITH DIAERESIS */ + {0xec, 2, 98}, /* LATIN SMALL LETTER I WITH GRAVE */ + {0xed, 2, 100}, /* LATIN SMALL LETTER I WITH ACUTE */ + {0xee, 2, 102}, /* LATIN SMALL LETTER I WITH CIRCUMFLEX */ + {0xef, 2, 104}, /* LATIN SMALL LETTER I WITH DIAERESIS */ + {0xf1, 2, 106}, /* LATIN SMALL LETTER N WITH TILDE */ + {0xf2, 2, 108}, /* LATIN SMALL LETTER O WITH GRAVE */ + {0xf3, 2, 110}, /* LATIN SMALL LETTER O WITH ACUTE */ + {0xf4, 2, 112}, /* LATIN SMALL LETTER O WITH CIRCUMFLEX */ + {0xf5, 2, 114}, /* LATIN SMALL LETTER O WITH TILDE */ + {0xf6, 2, 116}, /* LATIN SMALL LETTER O WITH DIAERESIS */ + {0xf9, 2, 118}, /* LATIN SMALL LETTER U WITH GRAVE */ + {0xfa, 2, 120}, /* LATIN SMALL LETTER U WITH ACUTE */ + {0xfb, 2, 122}, /* LATIN SMALL LETTER U WITH CIRCUMFLEX */ + {0xfc, 2, 124}, /* LATIN SMALL LETTER U WITH DIAERESIS */ + {0xfd, 2, 126}, /* LATIN SMALL LETTER Y WITH ACUTE */ + {0xff, 2, 128}, /* LATIN SMALL LETTER Y WITH DIAERESIS */ + {0x100, 2, 130}, /* LATIN CAPITAL LETTER A WITH MACRON */ + {0x101, 2, 132}, /* LATIN SMALL LETTER A WITH MACRON */ + {0x102, 2, 134}, /* LATIN CAPITAL LETTER A WITH BREVE */ + {0x103, 2, 136}, /* LATIN SMALL LETTER A WITH BREVE */ + {0x104, 2, 138}, /* LATIN CAPITAL LETTER A WITH OGONEK */ + {0x105, 2, 140}, /* LATIN SMALL LETTER A WITH OGONEK */ + {0x106, 2, 142}, /* LATIN CAPITAL LETTER C WITH ACUTE */ + {0x107, 2, 144}, /* LATIN SMALL LETTER C WITH ACUTE */ + {0x108, 2, 146}, /* LATIN CAPITAL LETTER C WITH CIRCUMFLEX */ + {0x109, 2, 148}, /* LATIN SMALL LETTER C WITH CIRCUMFLEX */ + {0x10a, 2, 150}, /* LATIN CAPITAL LETTER C WITH DOT ABOVE */ + {0x10b, 2, 152}, /* LATIN SMALL LETTER C WITH DOT ABOVE */ + {0x10c, 2, 154}, /* LATIN CAPITAL LETTER C WITH CARON */ + {0x10d, 2, 156}, /* LATIN SMALL LETTER C WITH CARON */ + {0x10e, 2, 158}, /* LATIN CAPITAL LETTER D WITH CARON */ + {0x10f, 2, 160}, /* LATIN SMALL LETTER D WITH CARON */ + {0x112, 2, 162}, /* LATIN CAPITAL LETTER E WITH MACRON */ + {0x113, 2, 164}, /* LATIN SMALL LETTER E WITH MACRON */ + {0x114, 2, 166}, /* LATIN CAPITAL LETTER E WITH BREVE */ + {0x115, 2, 168}, /* LATIN SMALL LETTER E WITH BREVE */ + {0x116, 2, 170}, /* LATIN CAPITAL LETTER E WITH DOT ABOVE */ + {0x117, 2, 172}, /* LATIN SMALL LETTER E WITH DOT ABOVE */ + {0x118, 2, 174}, /* LATIN CAPITAL LETTER E WITH OGONEK */ + {0x119, 2, 176}, /* LATIN SMALL LETTER E WITH OGONEK */ + {0x11a, 2, 178}, /* LATIN CAPITAL LETTER E WITH CARON */ + {0x11b, 2, 180}, /* LATIN SMALL LETTER E WITH CARON */ + {0x11c, 2, 182}, /* LATIN CAPITAL LETTER G WITH CIRCUMFLEX */ + {0x11d, 2, 184}, /* LATIN SMALL LETTER G WITH CIRCUMFLEX */ + {0x11e, 2, 186}, /* LATIN CAPITAL LETTER G WITH BREVE */ + {0x11f, 2, 188}, /* LATIN SMALL LETTER G WITH BREVE */ + {0x120, 2, 190}, /* LATIN CAPITAL LETTER G WITH DOT ABOVE */ + {0x121, 2, 192}, /* LATIN SMALL LETTER G WITH DOT ABOVE */ + {0x122, 2, 194}, /* LATIN CAPITAL LETTER G WITH CEDILLA */ + {0x123, 2, 196}, /* LATIN SMALL LETTER G WITH CEDILLA */ + {0x124, 2, 198}, /* LATIN CAPITAL LETTER H WITH CIRCUMFLEX */ + {0x125, 2, 200}, /* LATIN SMALL LETTER H WITH CIRCUMFLEX */ + {0x128, 2, 202}, /* LATIN CAPITAL LETTER I WITH TILDE */ + {0x129, 2, 204}, /* LATIN SMALL LETTER I WITH TILDE */ + {0x12a, 2, 206}, /* LATIN CAPITAL LETTER I WITH MACRON */ + {0x12b, 2, 208}, /* LATIN SMALL LETTER I WITH MACRON */ + {0x12c, 2, 210}, /* LATIN CAPITAL LETTER I WITH BREVE */ + {0x12d, 2, 212}, /* LATIN SMALL LETTER I WITH BREVE */ + {0x12e, 2, 214}, /* LATIN CAPITAL LETTER I WITH OGONEK */ + {0x12f, 2, 216}, /* LATIN SMALL LETTER I WITH OGONEK */ + {0x130, 2, 218}, /* LATIN CAPITAL LETTER I WITH DOT ABOVE */ + {0x132, 2, 220}, /* LATIN CAPITAL LIGATURE IJ */ + {0x133, 2, 222}, /* LATIN SMALL LIGATURE IJ */ + {0x134, 2, 224}, /* LATIN CAPITAL LETTER J WITH CIRCUMFLEX */ + {0x135, 2, 226}, /* LATIN SMALL LETTER J WITH CIRCUMFLEX */ + {0x136, 2, 228}, /* LATIN CAPITAL LETTER K WITH CEDILLA */ + {0x137, 2, 230}, /* LATIN SMALL LETTER K WITH CEDILLA */ + {0x139, 2, 232}, /* LATIN CAPITAL LETTER L WITH ACUTE */ + {0x13a, 2, 234}, /* LATIN SMALL LETTER L WITH ACUTE */ + {0x13b, 2, 236}, /* LATIN CAPITAL LETTER L WITH CEDILLA */ + {0x13c, 2, 238}, /* LATIN SMALL LETTER L WITH CEDILLA */ + {0x13d, 2, 240}, /* LATIN CAPITAL LETTER L WITH CARON */ + {0x13e, 2, 242}, /* LATIN SMALL LETTER L WITH CARON */ + {0x13f, 2, 244}, /* LATIN CAPITAL LETTER L WITH MIDDLE DOT */ + {0x140, 2, 246}, /* LATIN SMALL LETTER L WITH MIDDLE DOT */ + {0x143, 2, 248}, /* LATIN CAPITAL LETTER N WITH ACUTE */ + {0x144, 2, 250}, /* LATIN SMALL LETTER N WITH ACUTE */ + {0x145, 2, 252}, /* LATIN CAPITAL LETTER N WITH CEDILLA */ + {0x146, 2, 254}, /* LATIN SMALL LETTER N WITH CEDILLA */ + {0x147, 2, 256}, /* LATIN CAPITAL LETTER N WITH CARON */ + {0x148, 2, 258}, /* LATIN SMALL LETTER N WITH CARON */ + {0x149, 2, 260}, /* LATIN SMALL LETTER N PRECEDED BY APOSTROPHE */ + {0x14c, 2, 262}, /* LATIN CAPITAL LETTER O WITH MACRON */ + {0x14d, 2, 264}, /* LATIN SMALL LETTER O WITH MACRON */ + {0x14e, 2, 266}, /* LATIN CAPITAL LETTER O WITH BREVE */ + {0x14f, 2, 268}, /* LATIN SMALL LETTER O WITH BREVE */ + {0x150, 2, 270}, /* LATIN CAPITAL LETTER O WITH DOUBLE ACUTE */ + {0x151, 2, 272}, /* LATIN SMALL LETTER O WITH DOUBLE ACUTE */ + {0x154, 2, 274}, /* LATIN CAPITAL LETTER R WITH ACUTE */ + {0x155, 2, 276}, /* LATIN SMALL LETTER R WITH ACUTE */ + {0x156, 2, 278}, /* LATIN CAPITAL LETTER R WITH CEDILLA */ + {0x157, 2, 280}, /* LATIN SMALL LETTER R WITH CEDILLA */ + {0x158, 2, 282}, /* LATIN CAPITAL LETTER R WITH CARON */ + {0x159, 2, 284}, /* LATIN SMALL LETTER R WITH CARON */ + {0x15a, 2, 286}, /* LATIN CAPITAL LETTER S WITH ACUTE */ + {0x15b, 2, 288}, /* LATIN SMALL LETTER S WITH ACUTE */ + {0x15c, 2, 290}, /* LATIN CAPITAL LETTER S WITH CIRCUMFLEX */ + {0x15d, 2, 292}, /* LATIN SMALL LETTER S WITH CIRCUMFLEX */ + {0x15e, 2, 294}, /* LATIN CAPITAL LETTER S WITH CEDILLA */ + {0x15f, 2, 296}, /* LATIN SMALL LETTER S WITH CEDILLA */ + {0x160, 2, 298}, /* LATIN CAPITAL LETTER S WITH CARON */ + {0x161, 2, 300}, /* LATIN SMALL LETTER S WITH CARON */ + {0x162, 2, 302}, /* LATIN CAPITAL LETTER T WITH CEDILLA */ + {0x163, 2, 304}, /* LATIN SMALL LETTER T WITH CEDILLA */ + {0x164, 2, 306}, /* LATIN CAPITAL LETTER T WITH CARON */ + {0x165, 2, 308}, /* LATIN SMALL LETTER T WITH CARON */ + {0x168, 2, 310}, /* LATIN CAPITAL LETTER U WITH TILDE */ + {0x169, 2, 312}, /* LATIN SMALL LETTER U WITH TILDE */ + {0x16a, 2, 314}, /* LATIN CAPITAL LETTER U WITH MACRON */ + {0x16b, 2, 316}, /* LATIN SMALL LETTER U WITH MACRON */ + {0x16c, 2, 318}, /* LATIN CAPITAL LETTER U WITH BREVE */ + {0x16d, 2, 320}, /* LATIN SMALL LETTER U WITH BREVE */ + {0x16e, 2, 322}, /* LATIN CAPITAL LETTER U WITH RING ABOVE */ + {0x16f, 2, 324}, /* LATIN SMALL LETTER U WITH RING ABOVE */ + {0x170, 2, 326}, /* LATIN CAPITAL LETTER U WITH DOUBLE ACUTE */ + {0x171, 2, 328}, /* LATIN SMALL LETTER U WITH DOUBLE ACUTE */ + {0x172, 2, 330}, /* LATIN CAPITAL LETTER U WITH OGONEK */ + {0x173, 2, 332}, /* LATIN SMALL LETTER U WITH OGONEK */ + {0x174, 2, 334}, /* LATIN CAPITAL LETTER W WITH CIRCUMFLEX */ + {0x175, 2, 336}, /* LATIN SMALL LETTER W WITH CIRCUMFLEX */ + {0x176, 2, 338}, /* LATIN CAPITAL LETTER Y WITH CIRCUMFLEX */ + {0x177, 2, 340}, /* LATIN SMALL LETTER Y WITH CIRCUMFLEX */ + {0x178, 2, 342}, /* LATIN CAPITAL LETTER Y WITH DIAERESIS */ + {0x179, 2, 344}, /* LATIN CAPITAL LETTER Z WITH ACUTE */ + {0x17a, 2, 346}, /* LATIN SMALL LETTER Z WITH ACUTE */ + {0x17b, 2, 348}, /* LATIN CAPITAL LETTER Z WITH DOT ABOVE */ + {0x17c, 2, 350}, /* LATIN SMALL LETTER Z WITH DOT ABOVE */ + {0x17d, 2, 352}, /* LATIN CAPITAL LETTER Z WITH CARON */ + {0x17e, 2, 354}, /* LATIN SMALL LETTER Z WITH CARON */ + {0x17f, 1, 288}, /* LATIN SMALL LETTER LONG S */ + {0x1a0, 2, 356}, /* LATIN CAPITAL LETTER O WITH HORN */ + {0x1a1, 2, 358}, /* LATIN SMALL LETTER O WITH HORN */ + {0x1af, 2, 360}, /* LATIN CAPITAL LETTER U WITH HORN */ + {0x1b0, 2, 362}, /* LATIN SMALL LETTER U WITH HORN */ + {0x1c4, 2, 364}, /* LATIN CAPITAL LETTER DZ WITH CARON */ + {0x1c5, 2, 366}, /* LATIN CAPITAL LETTER D WITH SMALL LETTER Z WITH CARON */ + {0x1c6, 2, 368}, /* LATIN SMALL LETTER DZ WITH CARON */ + {0x1c7, 2, 370}, /* LATIN CAPITAL LETTER LJ */ + {0x1c8, 2, 372}, /* LATIN CAPITAL LETTER L WITH SMALL LETTER J */ + {0x1c9, 2, 374}, /* LATIN SMALL LETTER LJ */ + {0x1ca, 2, 376}, /* LATIN CAPITAL LETTER NJ */ + {0x1cb, 2, 378}, /* LATIN CAPITAL LETTER N WITH SMALL LETTER J */ + {0x1cc, 2, 380}, /* LATIN SMALL LETTER NJ */ + {0x1cd, 2, 382}, /* LATIN CAPITAL LETTER A WITH CARON */ + {0x1ce, 2, 384}, /* LATIN SMALL LETTER A WITH CARON */ + {0x1cf, 2, 386}, /* LATIN CAPITAL LETTER I WITH CARON */ + {0x1d0, 2, 388}, /* LATIN SMALL LETTER I WITH CARON */ + {0x1d1, 2, 390}, /* LATIN CAPITAL LETTER O WITH CARON */ + {0x1d2, 2, 392}, /* LATIN SMALL LETTER O WITH CARON */ + {0x1d3, 2, 394}, /* LATIN CAPITAL LETTER U WITH CARON */ + {0x1d4, 2, 396}, /* LATIN SMALL LETTER U WITH CARON */ + {0x1d5, 2, 398}, /* LATIN CAPITAL LETTER U WITH DIAERESIS AND MACRON */ + {0x1d6, 2, 400}, /* LATIN SMALL LETTER U WITH DIAERESIS AND MACRON */ + {0x1d7, 2, 402}, /* LATIN CAPITAL LETTER U WITH DIAERESIS AND ACUTE */ + {0x1d8, 2, 404}, /* LATIN SMALL LETTER U WITH DIAERESIS AND ACUTE */ + {0x1d9, 2, 406}, /* LATIN CAPITAL LETTER U WITH DIAERESIS AND CARON */ + {0x1da, 2, 408}, /* LATIN SMALL LETTER U WITH DIAERESIS AND CARON */ + {0x1db, 2, 410}, /* LATIN CAPITAL LETTER U WITH DIAERESIS AND GRAVE */ + {0x1dc, 2, 412}, /* LATIN SMALL LETTER U WITH DIAERESIS AND GRAVE */ + {0x1de, 2, 414}, /* LATIN CAPITAL LETTER A WITH DIAERESIS AND MACRON */ + {0x1df, 2, 416}, /* LATIN SMALL LETTER A WITH DIAERESIS AND MACRON */ + {0x1e0, 2, 418}, /* LATIN CAPITAL LETTER A WITH DOT ABOVE AND MACRON */ + {0x1e1, 2, 420}, /* LATIN SMALL LETTER A WITH DOT ABOVE AND MACRON */ + {0x1e2, 2, 422}, /* LATIN CAPITAL LETTER AE WITH MACRON */ + {0x1e3, 2, 424}, /* LATIN SMALL LETTER AE WITH MACRON */ + {0x1e6, 2, 426}, /* LATIN CAPITAL LETTER G WITH CARON */ + {0x1e7, 2, 428}, /* LATIN SMALL LETTER G WITH CARON */ + {0x1e8, 2, 430}, /* LATIN CAPITAL LETTER K WITH CARON */ + {0x1e9, 2, 432}, /* LATIN SMALL LETTER K WITH CARON */ + {0x1ea, 2, 434}, /* LATIN CAPITAL LETTER O WITH OGONEK */ + {0x1eb, 2, 436}, /* LATIN SMALL LETTER O WITH OGONEK */ + {0x1ec, 2, 438}, /* LATIN CAPITAL LETTER O WITH OGONEK AND MACRON */ + {0x1ed, 2, 440}, /* LATIN SMALL LETTER O WITH OGONEK AND MACRON */ + {0x1ee, 2, 442}, /* LATIN CAPITAL LETTER EZH WITH CARON */ + {0x1ef, 2, 444}, /* LATIN SMALL LETTER EZH WITH CARON */ + {0x1f0, 2, 446}, /* LATIN SMALL LETTER J WITH CARON */ + {0x1f1, 2, 448}, /* LATIN CAPITAL LETTER DZ */ + {0x1f2, 2, 450}, /* LATIN CAPITAL LETTER D WITH SMALL LETTER Z */ + {0x1f3, 2, 452}, /* LATIN SMALL LETTER DZ */ + {0x1f4, 2, 454}, /* LATIN CAPITAL LETTER G WITH ACUTE */ + {0x1f5, 2, 456}, /* LATIN SMALL LETTER G WITH ACUTE */ + {0x1f8, 2, 458}, /* LATIN CAPITAL LETTER N WITH GRAVE */ + {0x1f9, 2, 460}, /* LATIN SMALL LETTER N WITH GRAVE */ + {0x1fa, 2, 462}, /* LATIN CAPITAL LETTER A WITH RING ABOVE AND ACUTE */ + {0x1fb, 2, 464}, /* LATIN SMALL LETTER A WITH RING ABOVE AND ACUTE */ + {0x1fc, 2, 466}, /* LATIN CAPITAL LETTER AE WITH ACUTE */ + {0x1fd, 2, 468}, /* LATIN SMALL LETTER AE WITH ACUTE */ + {0x1fe, 2, 470}, /* LATIN CAPITAL LETTER O WITH STROKE AND ACUTE */ + {0x1ff, 2, 472}, /* LATIN SMALL LETTER O WITH STROKE AND ACUTE */ + {0x200, 2, 474}, /* LATIN CAPITAL LETTER A WITH DOUBLE GRAVE */ + {0x201, 2, 476}, /* LATIN SMALL LETTER A WITH DOUBLE GRAVE */ + {0x202, 2, 478}, /* LATIN CAPITAL LETTER A WITH INVERTED BREVE */ + {0x203, 2, 480}, /* LATIN SMALL LETTER A WITH INVERTED BREVE */ + {0x204, 2, 482}, /* LATIN CAPITAL LETTER E WITH DOUBLE GRAVE */ + {0x205, 2, 484}, /* LATIN SMALL LETTER E WITH DOUBLE GRAVE */ + {0x206, 2, 486}, /* LATIN CAPITAL LETTER E WITH INVERTED BREVE */ + {0x207, 2, 488}, /* LATIN SMALL LETTER E WITH INVERTED BREVE */ + {0x208, 2, 490}, /* LATIN CAPITAL LETTER I WITH DOUBLE GRAVE */ + {0x209, 2, 492}, /* LATIN SMALL LETTER I WITH DOUBLE GRAVE */ + {0x20a, 2, 494}, /* LATIN CAPITAL LETTER I WITH INVERTED BREVE */ + {0x20b, 2, 496}, /* LATIN SMALL LETTER I WITH INVERTED BREVE */ + {0x20c, 2, 498}, /* LATIN CAPITAL LETTER O WITH DOUBLE GRAVE */ + {0x20d, 2, 500}, /* LATIN SMALL LETTER O WITH DOUBLE GRAVE */ + {0x20e, 2, 502}, /* LATIN CAPITAL LETTER O WITH INVERTED BREVE */ + {0x20f, 2, 504}, /* LATIN SMALL LETTER O WITH INVERTED BREVE */ + {0x210, 2, 506}, /* LATIN CAPITAL LETTER R WITH DOUBLE GRAVE */ + {0x211, 2, 508}, /* LATIN SMALL LETTER R WITH DOUBLE GRAVE */ + {0x212, 2, 510}, /* LATIN CAPITAL LETTER R WITH INVERTED BREVE */ + {0x213, 2, 512}, /* LATIN SMALL LETTER R WITH INVERTED BREVE */ + {0x214, 2, 514}, /* LATIN CAPITAL LETTER U WITH DOUBLE GRAVE */ + {0x215, 2, 516}, /* LATIN SMALL LETTER U WITH DOUBLE GRAVE */ + {0x216, 2, 518}, /* LATIN CAPITAL LETTER U WITH INVERTED BREVE */ + {0x217, 2, 520}, /* LATIN SMALL LETTER U WITH INVERTED BREVE */ + {0x218, 2, 522}, /* LATIN CAPITAL LETTER S WITH COMMA BELOW */ + {0x219, 2, 524}, /* LATIN SMALL LETTER S WITH COMMA BELOW */ + {0x21a, 2, 526}, /* LATIN CAPITAL LETTER T WITH COMMA BELOW */ + {0x21b, 2, 528}, /* LATIN SMALL LETTER T WITH COMMA BELOW */ + {0x21e, 2, 530}, /* LATIN CAPITAL LETTER H WITH CARON */ + {0x21f, 2, 532}, /* LATIN SMALL LETTER H WITH CARON */ + {0x226, 2, 534}, /* LATIN CAPITAL LETTER A WITH DOT ABOVE */ + {0x227, 2, 536}, /* LATIN SMALL LETTER A WITH DOT ABOVE */ + {0x228, 2, 538}, /* LATIN CAPITAL LETTER E WITH CEDILLA */ + {0x229, 2, 540}, /* LATIN SMALL LETTER E WITH CEDILLA */ + {0x22a, 2, 542}, /* LATIN CAPITAL LETTER O WITH DIAERESIS AND MACRON */ + {0x22b, 2, 544}, /* LATIN SMALL LETTER O WITH DIAERESIS AND MACRON */ + {0x22c, 2, 546}, /* LATIN CAPITAL LETTER O WITH TILDE AND MACRON */ + {0x22d, 2, 548}, /* LATIN SMALL LETTER O WITH TILDE AND MACRON */ + {0x22e, 2, 550}, /* LATIN CAPITAL LETTER O WITH DOT ABOVE */ + {0x22f, 2, 552}, /* LATIN SMALL LETTER O WITH DOT ABOVE */ + {0x230, 2, 554}, /* LATIN CAPITAL LETTER O WITH DOT ABOVE AND MACRON */ + {0x231, 2, 556}, /* LATIN SMALL LETTER O WITH DOT ABOVE AND MACRON */ + {0x232, 2, 558}, /* LATIN CAPITAL LETTER Y WITH MACRON */ + {0x233, 2, 560}, /* LATIN SMALL LETTER Y WITH MACRON */ + {0x2b0, 1, 200}, /* MODIFIER LETTER SMALL H */ + {0x2b1, 1, 562}, /* MODIFIER LETTER SMALL H WITH HOOK */ + {0x2b2, 1, 223}, /* MODIFIER LETTER SMALL J */ + {0x2b3, 1, 276}, /* MODIFIER LETTER SMALL R */ + {0x2b4, 1, 563}, /* MODIFIER LETTER SMALL TURNED R */ + {0x2b5, 1, 564}, /* MODIFIER LETTER SMALL TURNED R WITH HOOK */ + {0x2b6, 1, 565}, /* MODIFIER LETTER SMALL CAPITAL INVERTED R */ + {0x2b7, 1, 336}, /* MODIFIER LETTER SMALL W */ + {0x2b8, 1, 126}, /* MODIFIER LETTER SMALL Y */ + {0x2d8, 2, 566}, /* BREVE */ + {0x2d9, 2, 568}, /* DOT ABOVE */ + {0x2da, 2, 570}, /* RING ABOVE */ + {0x2db, 2, 572}, /* OGONEK */ + {0x2dc, 2, 574}, /* SMALL TILDE */ + {0x2dd, 2, 576}, /* DOUBLE ACUTE ACCENT */ + {0x2e0, 1, 578}, /* MODIFIER LETTER SMALL GAMMA */ + {0x2e1, 1, 234}, /* MODIFIER LETTER SMALL L */ + {0x2e2, 1, 288}, /* MODIFIER LETTER SMALL S */ + {0x2e3, 1, 579}, /* MODIFIER LETTER SMALL X */ + {0x2e4, 1, 580}, /* MODIFIER LETTER SMALL REVERSED GLOTTAL STOP */ + {0x340, 1, 25}, /* COMBINING GRAVE TONE MARK */ + {0x341, 1, 9}, /* COMBINING ACUTE TONE MARK */ + {0x343, 1, 581}, /* COMBINING GREEK KORONIS */ + {0x344, 2, 582}, /* COMBINING GREEK DIALYTIKA TONOS */ + {0x374, 1, 584}, /* GREEK NUMERAL SIGN */ + {0x37a, 2, 585}, /* GREEK YPOGEGRAMMENI */ + {0x37e, 1, 587}, /* GREEK QUESTION MARK */ + {0x384, 2, 8}, /* GREEK TONOS */ + {0x385, 2, 588}, /* GREEK DIALYTIKA TONOS */ + {0x386, 2, 590}, /* GREEK CAPITAL LETTER ALPHA WITH TONOS */ + {0x387, 1, 245}, /* GREEK ANO TELEIA */ + {0x388, 2, 592}, /* GREEK CAPITAL LETTER EPSILON WITH TONOS */ + {0x389, 2, 594}, /* GREEK CAPITAL LETTER ETA WITH TONOS */ + {0x38a, 2, 596}, /* GREEK CAPITAL LETTER IOTA WITH TONOS */ + {0x38c, 2, 598}, /* GREEK CAPITAL LETTER OMICRON WITH TONOS */ + {0x38e, 2, 600}, /* GREEK CAPITAL LETTER UPSILON WITH TONOS */ + {0x38f, 2, 602}, /* GREEK CAPITAL LETTER OMEGA WITH TONOS */ + {0x390, 2, 604}, /* GREEK SMALL LETTER IOTA WITH DIALYTIKA AND TONOS */ + {0x3aa, 2, 606}, /* GREEK CAPITAL LETTER IOTA WITH DIALYTIKA */ + {0x3ab, 2, 608}, /* GREEK CAPITAL LETTER UPSILON WITH DIALYTIKA */ + {0x3ac, 2, 610}, /* GREEK SMALL LETTER ALPHA WITH TONOS */ + {0x3ad, 2, 612}, /* GREEK SMALL LETTER EPSILON WITH TONOS */ + {0x3ae, 2, 614}, /* GREEK SMALL LETTER ETA WITH TONOS */ + {0x3af, 2, 616}, /* GREEK SMALL LETTER IOTA WITH TONOS */ + {0x3b0, 2, 618}, /* GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND TONOS */ + {0x3ca, 2, 620}, /* GREEK SMALL LETTER IOTA WITH DIALYTIKA */ + {0x3cb, 2, 622}, /* GREEK SMALL LETTER UPSILON WITH DIALYTIKA */ + {0x3cc, 2, 624}, /* GREEK SMALL LETTER OMICRON WITH TONOS */ + {0x3cd, 2, 626}, /* GREEK SMALL LETTER UPSILON WITH TONOS */ + {0x3ce, 2, 628}, /* GREEK SMALL LETTER OMEGA WITH TONOS */ + {0x3d0, 1, 630}, /* GREEK BETA SYMBOL */ + {0x3d1, 1, 631}, /* GREEK THETA SYMBOL */ + {0x3d2, 1, 600}, /* GREEK UPSILON WITH HOOK SYMBOL */ + {0x3d3, 2, 632}, /* GREEK UPSILON WITH ACUTE AND HOOK SYMBOL */ + {0x3d4, 2, 634}, /* GREEK UPSILON WITH DIAERESIS AND HOOK SYMBOL */ + {0x3d5, 1, 636}, /* GREEK PHI SYMBOL */ + {0x3d6, 1, 637}, /* GREEK PI SYMBOL */ + {0x3f0, 1, 638}, /* GREEK KAPPA SYMBOL */ + {0x3f1, 1, 639}, /* GREEK RHO SYMBOL */ + {0x3f2, 1, 640}, /* GREEK LUNATE SIGMA SYMBOL */ + {0x3f4, 1, 641}, /* GREEK CAPITAL THETA SYMBOL */ + {0x3f5, 1, 612}, /* GREEK LUNATE EPSILON SYMBOL */ + {0x3f9, 1, 642}, /* GREEK CAPITAL LUNATE SIGMA SYMBOL */ + {0x400, 2, 643}, /* CYRILLIC CAPITAL LETTER IE WITH GRAVE */ + {0x401, 2, 645}, /* CYRILLIC CAPITAL LETTER IO */ + {0x403, 2, 647}, /* CYRILLIC CAPITAL LETTER GJE */ + {0x407, 2, 649}, /* CYRILLIC CAPITAL LETTER YI */ + {0x40c, 2, 651}, /* CYRILLIC CAPITAL LETTER KJE */ + {0x40d, 2, 653}, /* CYRILLIC CAPITAL LETTER I WITH GRAVE */ + {0x40e, 2, 655}, /* CYRILLIC CAPITAL LETTER SHORT U */ + {0x419, 2, 657}, /* CYRILLIC CAPITAL LETTER SHORT I */ + {0x439, 2, 659}, /* CYRILLIC SMALL LETTER SHORT I */ + {0x450, 2, 661}, /* CYRILLIC SMALL LETTER IE WITH GRAVE */ + {0x451, 2, 663}, /* CYRILLIC SMALL LETTER IO */ + {0x453, 2, 665}, /* CYRILLIC SMALL LETTER GJE */ + {0x457, 2, 667}, /* CYRILLIC SMALL LETTER YI */ + {0x45c, 2, 669}, /* CYRILLIC SMALL LETTER KJE */ + {0x45d, 2, 671}, /* CYRILLIC SMALL LETTER I WITH GRAVE */ + {0x45e, 2, 673}, /* CYRILLIC SMALL LETTER SHORT U */ + {0x476, 2, 675}, /* CYRILLIC CAPITAL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT */ + {0x477, 2, 677}, /* CYRILLIC SMALL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT */ + {0x4c1, 2, 679}, /* CYRILLIC CAPITAL LETTER ZHE WITH BREVE */ + {0x4c2, 2, 681}, /* CYRILLIC SMALL LETTER ZHE WITH BREVE */ + {0x4d0, 2, 683}, /* CYRILLIC CAPITAL LETTER A WITH BREVE */ + {0x4d1, 2, 685}, /* CYRILLIC SMALL LETTER A WITH BREVE */ + {0x4d2, 2, 687}, /* CYRILLIC CAPITAL LETTER A WITH DIAERESIS */ + {0x4d3, 2, 689}, /* CYRILLIC SMALL LETTER A WITH DIAERESIS */ + {0x4d6, 2, 691}, /* CYRILLIC CAPITAL LETTER IE WITH BREVE */ + {0x4d7, 2, 693}, /* CYRILLIC SMALL LETTER IE WITH BREVE */ + {0x4da, 2, 695}, /* CYRILLIC CAPITAL LETTER SCHWA WITH DIAERESIS */ + {0x4db, 2, 697}, /* CYRILLIC SMALL LETTER SCHWA WITH DIAERESIS */ + {0x4dc, 2, 699}, /* CYRILLIC CAPITAL LETTER ZHE WITH DIAERESIS */ + {0x4dd, 2, 701}, /* CYRILLIC SMALL LETTER ZHE WITH DIAERESIS */ + {0x4de, 2, 703}, /* CYRILLIC CAPITAL LETTER ZE WITH DIAERESIS */ + {0x4df, 2, 705}, /* CYRILLIC SMALL LETTER ZE WITH DIAERESIS */ + {0x4e2, 2, 707}, /* CYRILLIC CAPITAL LETTER I WITH MACRON */ + {0x4e3, 2, 709}, /* CYRILLIC SMALL LETTER I WITH MACRON */ + {0x4e4, 2, 711}, /* CYRILLIC CAPITAL LETTER I WITH DIAERESIS */ + {0x4e5, 2, 713}, /* CYRILLIC SMALL LETTER I WITH DIAERESIS */ + {0x4e6, 2, 715}, /* CYRILLIC CAPITAL LETTER O WITH DIAERESIS */ + {0x4e7, 2, 717}, /* CYRILLIC SMALL LETTER O WITH DIAERESIS */ + {0x4ea, 2, 719}, /* CYRILLIC CAPITAL LETTER BARRED O WITH DIAERESIS */ + {0x4eb, 2, 721}, /* CYRILLIC SMALL LETTER BARRED O WITH DIAERESIS */ + {0x4ec, 2, 723}, /* CYRILLIC CAPITAL LETTER E WITH DIAERESIS */ + {0x4ed, 2, 725}, /* CYRILLIC SMALL LETTER E WITH DIAERESIS */ + {0x4ee, 2, 727}, /* CYRILLIC CAPITAL LETTER U WITH MACRON */ + {0x4ef, 2, 729}, /* CYRILLIC SMALL LETTER U WITH MACRON */ + {0x4f0, 2, 731}, /* CYRILLIC CAPITAL LETTER U WITH DIAERESIS */ + {0x4f1, 2, 733}, /* CYRILLIC SMALL LETTER U WITH DIAERESIS */ + {0x4f2, 2, 735}, /* CYRILLIC CAPITAL LETTER U WITH DOUBLE ACUTE */ + {0x4f3, 2, 737}, /* CYRILLIC SMALL LETTER U WITH DOUBLE ACUTE */ + {0x4f4, 2, 739}, /* CYRILLIC CAPITAL LETTER CHE WITH DIAERESIS */ + {0x4f5, 2, 741}, /* CYRILLIC SMALL LETTER CHE WITH DIAERESIS */ + {0x4f8, 2, 743}, /* CYRILLIC CAPITAL LETTER YERU WITH DIAERESIS */ + {0x4f9, 2, 745}, /* CYRILLIC SMALL LETTER YERU WITH DIAERESIS */ + {0x587, 2, 747}, /* ARMENIAN SMALL LIGATURE ECH YIWN */ + {0x622, 2, 749}, /* ARABIC LETTER ALEF WITH MADDA ABOVE */ + {0x623, 2, 751}, /* ARABIC LETTER ALEF WITH HAMZA ABOVE */ + {0x624, 2, 753}, /* ARABIC LETTER WAW WITH HAMZA ABOVE */ + {0x625, 2, 755}, /* ARABIC LETTER ALEF WITH HAMZA BELOW */ + {0x626, 2, 757}, /* ARABIC LETTER YEH WITH HAMZA ABOVE */ + {0x675, 2, 759}, /* ARABIC LETTER HIGH HAMZA ALEF */ + {0x676, 2, 761}, /* ARABIC LETTER HIGH HAMZA WAW */ + {0x677, 2, 763}, /* ARABIC LETTER U WITH HAMZA ABOVE */ + {0x678, 2, 765}, /* ARABIC LETTER HIGH HAMZA YEH */ + {0x6c0, 2, 767}, /* ARABIC LETTER HEH WITH YEH ABOVE */ + {0x6c2, 2, 769}, /* ARABIC LETTER HEH GOAL WITH HAMZA ABOVE */ + {0x6d3, 2, 771}, /* ARABIC LETTER YEH BARREE WITH HAMZA ABOVE */ + {0x929, 2, 773}, /* DEVANAGARI LETTER NNNA */ + {0x931, 2, 775}, /* DEVANAGARI LETTER RRA */ + {0x934, 2, 777}, /* DEVANAGARI LETTER LLLA */ + {0x958, 2, 779}, /* DEVANAGARI LETTER QA */ + {0x959, 2, 781}, /* DEVANAGARI LETTER KHHA */ + {0x95a, 2, 783}, /* DEVANAGARI LETTER GHHA */ + {0x95b, 2, 785}, /* DEVANAGARI LETTER ZA */ + {0x95c, 2, 787}, /* DEVANAGARI LETTER DDDHA */ + {0x95d, 2, 789}, /* DEVANAGARI LETTER RHA */ + {0x95e, 2, 791}, /* DEVANAGARI LETTER FA */ + {0x95f, 2, 793}, /* DEVANAGARI LETTER YYA */ + {0x9cb, 2, 795}, /* BENGALI VOWEL SIGN O */ + {0x9cc, 2, 797}, /* BENGALI VOWEL SIGN AU */ + {0x9dc, 2, 799}, /* BENGALI LETTER RRA */ + {0x9dd, 2, 801}, /* BENGALI LETTER RHA */ + {0x9df, 2, 803}, /* BENGALI LETTER YYA */ + {0xa33, 2, 805}, /* GURMUKHI LETTER LLA */ + {0xa36, 2, 807}, /* GURMUKHI LETTER SHA */ + {0xa59, 2, 809}, /* GURMUKHI LETTER KHHA */ + {0xa5a, 2, 811}, /* GURMUKHI LETTER GHHA */ + {0xa5b, 2, 813}, /* GURMUKHI LETTER ZA */ + {0xa5e, 2, 815}, /* GURMUKHI LETTER FA */ + {0xb48, 2, 817}, /* ORIYA VOWEL SIGN AI */ + {0xb4b, 2, 819}, /* ORIYA VOWEL SIGN O */ + {0xb4c, 2, 821}, /* ORIYA VOWEL SIGN AU */ + {0xb5c, 2, 823}, /* ORIYA LETTER RRA */ + {0xb5d, 2, 825}, /* ORIYA LETTER RHA */ + {0xb94, 2, 827}, /* TAMIL LETTER AU */ + {0xbca, 2, 829}, /* TAMIL VOWEL SIGN O */ + {0xbcb, 2, 831}, /* TAMIL VOWEL SIGN OO */ + {0xbcc, 2, 833}, /* TAMIL VOWEL SIGN AU */ + {0xc48, 2, 835}, /* TELUGU VOWEL SIGN AI */ + {0xcc0, 2, 837}, /* KANNADA VOWEL SIGN II */ + {0xcc7, 2, 839}, /* KANNADA VOWEL SIGN EE */ + {0xcc8, 2, 841}, /* KANNADA VOWEL SIGN AI */ + {0xcca, 2, 843}, /* KANNADA VOWEL SIGN O */ + {0xccb, 2, 845}, /* KANNADA VOWEL SIGN OO */ + {0xd4a, 2, 847}, /* MALAYALAM VOWEL SIGN O */ + {0xd4b, 2, 849}, /* MALAYALAM VOWEL SIGN OO */ + {0xd4c, 2, 851}, /* MALAYALAM VOWEL SIGN AU */ + {0xdda, 2, 853}, /* SINHALA VOWEL SIGN DIGA KOMBUVA */ + {0xddc, 2, 855}, /* SINHALA VOWEL SIGN KOMBUVA HAA AELA-PILLA */ + {0xddd, 2, 857}, /* SINHALA VOWEL SIGN KOMBUVA HAA DIGA AELA-PILLA */ + {0xdde, 2, 859}, /* SINHALA VOWEL SIGN KOMBUVA HAA GAYANUKITTA */ + {0xe33, 2, 861}, /* THAI CHARACTER SARA AM */ + {0xeb3, 2, 863}, /* LAO VOWEL SIGN AM */ + {0xedc, 2, 865}, /* LAO HO NO */ + {0xedd, 2, 867}, /* LAO HO MO */ + {0xf0c, 1, 869}, /* TIBETAN MARK DELIMITER TSHEG BSTAR */ + {0xf43, 2, 870}, /* TIBETAN LETTER GHA */ + {0xf4d, 2, 872}, /* TIBETAN LETTER DDHA */ + {0xf52, 2, 874}, /* TIBETAN LETTER DHA */ + {0xf57, 2, 876}, /* TIBETAN LETTER BHA */ + {0xf5c, 2, 878}, /* TIBETAN LETTER DZHA */ + {0xf69, 2, 880}, /* TIBETAN LETTER KSSA */ + {0xf73, 2, 882}, /* TIBETAN VOWEL SIGN II */ + {0xf75, 2, 884}, /* TIBETAN VOWEL SIGN UU */ + {0xf76, 2, 886}, /* TIBETAN VOWEL SIGN VOCALIC R */ + {0xf77, 2, 888}, /* TIBETAN VOWEL SIGN VOCALIC RR */ + {0xf78, 2, 890}, /* TIBETAN VOWEL SIGN VOCALIC L */ + {0xf79, 2, 892}, /* TIBETAN VOWEL SIGN VOCALIC LL */ + {0xf81, 2, 894}, /* TIBETAN VOWEL SIGN REVERSED II */ + {0xf93, 2, 896}, /* TIBETAN SUBJOINED LETTER GHA */ + {0xf9d, 2, 898}, /* TIBETAN SUBJOINED LETTER DDHA */ + {0xfa2, 2, 900}, /* TIBETAN SUBJOINED LETTER DHA */ + {0xfa7, 2, 902}, /* TIBETAN SUBJOINED LETTER BHA */ + {0xfac, 2, 904}, /* TIBETAN SUBJOINED LETTER DZHA */ + {0xfb9, 2, 906}, /* TIBETAN SUBJOINED LETTER KSSA */ + {0x1026, 2, 908}, /* MYANMAR LETTER UU */ + {0x1d2c, 1, 24}, /* MODIFIER LETTER CAPITAL A */ + {0x1d2d, 1, 422}, /* MODIFIER LETTER CAPITAL AE */ + {0x1d2e, 1, 910}, /* MODIFIER LETTER CAPITAL B */ + {0x1d30, 1, 158}, /* MODIFIER LETTER CAPITAL D */ + {0x1d31, 1, 38}, /* MODIFIER LETTER CAPITAL E */ + {0x1d32, 1, 911}, /* MODIFIER LETTER CAPITAL REVERSED E */ + {0x1d33, 1, 182}, /* MODIFIER LETTER CAPITAL G */ + {0x1d34, 1, 198}, /* MODIFIER LETTER CAPITAL H */ + {0x1d35, 1, 46}, /* MODIFIER LETTER CAPITAL I */ + {0x1d36, 1, 221}, /* MODIFIER LETTER CAPITAL J */ + {0x1d37, 1, 228}, /* MODIFIER LETTER CAPITAL K */ + {0x1d38, 1, 232}, /* MODIFIER LETTER CAPITAL L */ + {0x1d39, 1, 912}, /* MODIFIER LETTER CAPITAL M */ + {0x1d3a, 1, 54}, /* MODIFIER LETTER CAPITAL N */ + {0x1d3c, 1, 56}, /* MODIFIER LETTER CAPITAL O */ + {0x1d3d, 1, 913}, /* MODIFIER LETTER CAPITAL OU */ + {0x1d3e, 1, 914}, /* MODIFIER LETTER CAPITAL P */ + {0x1d3f, 1, 274}, /* MODIFIER LETTER CAPITAL R */ + {0x1d40, 1, 302}, /* MODIFIER LETTER CAPITAL T */ + {0x1d41, 1, 66}, /* MODIFIER LETTER CAPITAL U */ + {0x1d42, 1, 334}, /* MODIFIER LETTER CAPITAL W */ + {0x1d43, 1, 3}, /* MODIFIER LETTER SMALL A */ + {0x1d44, 1, 915}, /* MODIFIER LETTER SMALL TURNED A */ + {0x1d45, 1, 916}, /* MODIFIER LETTER SMALL ALPHA */ + {0x1d46, 1, 917}, /* MODIFIER LETTER SMALL TURNED AE */ + {0x1d47, 1, 918}, /* MODIFIER LETTER SMALL B */ + {0x1d48, 1, 160}, /* MODIFIER LETTER SMALL D */ + {0x1d49, 1, 90}, /* MODIFIER LETTER SMALL E */ + {0x1d4a, 1, 919}, /* MODIFIER LETTER SMALL SCHWA */ + {0x1d4b, 1, 920}, /* MODIFIER LETTER SMALL OPEN E */ + {0x1d4c, 1, 921}, /* MODIFIER LETTER SMALL TURNED OPEN E */ + {0x1d4d, 1, 184}, /* MODIFIER LETTER SMALL G */ + {0x1d4f, 1, 230}, /* MODIFIER LETTER SMALL K */ + {0x1d50, 1, 922}, /* MODIFIER LETTER SMALL M */ + {0x1d51, 1, 923}, /* MODIFIER LETTER SMALL ENG */ + {0x1d52, 1, 14}, /* MODIFIER LETTER SMALL O */ + {0x1d53, 1, 924}, /* MODIFIER LETTER SMALL OPEN O */ + {0x1d54, 1, 925}, /* MODIFIER LETTER SMALL TOP HALF O */ + {0x1d55, 1, 926}, /* MODIFIER LETTER SMALL BOTTOM HALF O */ + {0x1d56, 1, 927}, /* MODIFIER LETTER SMALL P */ + {0x1d57, 1, 304}, /* MODIFIER LETTER SMALL T */ + {0x1d58, 1, 118}, /* MODIFIER LETTER SMALL U */ + {0x1d59, 1, 928}, /* MODIFIER LETTER SMALL SIDEWAYS U */ + {0x1d5a, 1, 929}, /* MODIFIER LETTER SMALL TURNED M */ + {0x1d5b, 1, 930}, /* MODIFIER LETTER SMALL V */ + {0x1d5c, 1, 931}, /* MODIFIER LETTER SMALL AIN */ + {0x1d5d, 1, 630}, /* MODIFIER LETTER SMALL BETA */ + {0x1d5e, 1, 932}, /* MODIFIER LETTER SMALL GREEK GAMMA */ + {0x1d5f, 1, 933}, /* MODIFIER LETTER SMALL DELTA */ + {0x1d60, 1, 636}, /* MODIFIER LETTER SMALL GREEK PHI */ + {0x1d61, 1, 934}, /* MODIFIER LETTER SMALL CHI */ + {0x1d62, 1, 98}, /* LATIN SUBSCRIPT SMALL LETTER I */ + {0x1d63, 1, 276}, /* LATIN SUBSCRIPT SMALL LETTER R */ + {0x1d64, 1, 118}, /* LATIN SUBSCRIPT SMALL LETTER U */ + {0x1d65, 1, 930}, /* LATIN SUBSCRIPT SMALL LETTER V */ + {0x1d66, 1, 630}, /* GREEK SUBSCRIPT SMALL LETTER BETA */ + {0x1d67, 1, 932}, /* GREEK SUBSCRIPT SMALL LETTER GAMMA */ + {0x1d68, 1, 639}, /* GREEK SUBSCRIPT SMALL LETTER RHO */ + {0x1d69, 1, 636}, /* GREEK SUBSCRIPT SMALL LETTER PHI */ + {0x1d6a, 1, 934}, /* GREEK SUBSCRIPT SMALL LETTER CHI */ + {0x1e00, 2, 935}, /* LATIN CAPITAL LETTER A WITH RING BELOW */ + {0x1e01, 2, 937}, /* LATIN SMALL LETTER A WITH RING BELOW */ + {0x1e02, 2, 939}, /* LATIN CAPITAL LETTER B WITH DOT ABOVE */ + {0x1e03, 2, 941}, /* LATIN SMALL LETTER B WITH DOT ABOVE */ + {0x1e04, 2, 943}, /* LATIN CAPITAL LETTER B WITH DOT BELOW */ + {0x1e05, 2, 945}, /* LATIN SMALL LETTER B WITH DOT BELOW */ + {0x1e06, 2, 947}, /* LATIN CAPITAL LETTER B WITH LINE BELOW */ + {0x1e07, 2, 949}, /* LATIN SMALL LETTER B WITH LINE BELOW */ + {0x1e08, 2, 951}, /* LATIN CAPITAL LETTER C WITH CEDILLA AND ACUTE */ + {0x1e09, 2, 953}, /* LATIN SMALL LETTER C WITH CEDILLA AND ACUTE */ + {0x1e0a, 2, 955}, /* LATIN CAPITAL LETTER D WITH DOT ABOVE */ + {0x1e0b, 2, 957}, /* LATIN SMALL LETTER D WITH DOT ABOVE */ + {0x1e0c, 2, 959}, /* LATIN CAPITAL LETTER D WITH DOT BELOW */ + {0x1e0d, 2, 961}, /* LATIN SMALL LETTER D WITH DOT BELOW */ + {0x1e0e, 2, 963}, /* LATIN CAPITAL LETTER D WITH LINE BELOW */ + {0x1e0f, 2, 965}, /* LATIN SMALL LETTER D WITH LINE BELOW */ + {0x1e10, 2, 967}, /* LATIN CAPITAL LETTER D WITH CEDILLA */ + {0x1e11, 2, 969}, /* LATIN SMALL LETTER D WITH CEDILLA */ + {0x1e12, 2, 971}, /* LATIN CAPITAL LETTER D WITH CIRCUMFLEX BELOW */ + {0x1e13, 2, 973}, /* LATIN SMALL LETTER D WITH CIRCUMFLEX BELOW */ + {0x1e14, 2, 975}, /* LATIN CAPITAL LETTER E WITH MACRON AND GRAVE */ + {0x1e15, 2, 977}, /* LATIN SMALL LETTER E WITH MACRON AND GRAVE */ + {0x1e16, 2, 979}, /* LATIN CAPITAL LETTER E WITH MACRON AND ACUTE */ + {0x1e17, 2, 981}, /* LATIN SMALL LETTER E WITH MACRON AND ACUTE */ + {0x1e18, 2, 983}, /* LATIN CAPITAL LETTER E WITH CIRCUMFLEX BELOW */ + {0x1e19, 2, 985}, /* LATIN SMALL LETTER E WITH CIRCUMFLEX BELOW */ + {0x1e1a, 2, 987}, /* LATIN CAPITAL LETTER E WITH TILDE BELOW */ + {0x1e1b, 2, 989}, /* LATIN SMALL LETTER E WITH TILDE BELOW */ + {0x1e1c, 2, 991}, /* LATIN CAPITAL LETTER E WITH CEDILLA AND BREVE */ + {0x1e1d, 2, 993}, /* LATIN SMALL LETTER E WITH CEDILLA AND BREVE */ + {0x1e1e, 2, 995}, /* LATIN CAPITAL LETTER F WITH DOT ABOVE */ + {0x1e1f, 2, 997}, /* LATIN SMALL LETTER F WITH DOT ABOVE */ + {0x1e20, 2, 999}, /* LATIN CAPITAL LETTER G WITH MACRON */ + {0x1e21, 2, 1001}, /* LATIN SMALL LETTER G WITH MACRON */ + {0x1e22, 2, 1003}, /* LATIN CAPITAL LETTER H WITH DOT ABOVE */ + {0x1e23, 2, 1005}, /* LATIN SMALL LETTER H WITH DOT ABOVE */ + {0x1e24, 2, 1007}, /* LATIN CAPITAL LETTER H WITH DOT BELOW */ + {0x1e25, 2, 1009}, /* LATIN SMALL LETTER H WITH DOT BELOW */ + {0x1e26, 2, 1011}, /* LATIN CAPITAL LETTER H WITH DIAERESIS */ + {0x1e27, 2, 1013}, /* LATIN SMALL LETTER H WITH DIAERESIS */ + {0x1e28, 2, 1015}, /* LATIN CAPITAL LETTER H WITH CEDILLA */ + {0x1e29, 2, 1017}, /* LATIN SMALL LETTER H WITH CEDILLA */ + {0x1e2a, 2, 1019}, /* LATIN CAPITAL LETTER H WITH BREVE BELOW */ + {0x1e2b, 2, 1021}, /* LATIN SMALL LETTER H WITH BREVE BELOW */ + {0x1e2c, 2, 1023}, /* LATIN CAPITAL LETTER I WITH TILDE BELOW */ + {0x1e2d, 2, 1025}, /* LATIN SMALL LETTER I WITH TILDE BELOW */ + {0x1e2e, 2, 1027}, /* LATIN CAPITAL LETTER I WITH DIAERESIS AND ACUTE */ + {0x1e2f, 2, 1029}, /* LATIN SMALL LETTER I WITH DIAERESIS AND ACUTE */ + {0x1e30, 2, 1031}, /* LATIN CAPITAL LETTER K WITH ACUTE */ + {0x1e31, 2, 1033}, /* LATIN SMALL LETTER K WITH ACUTE */ + {0x1e32, 2, 1035}, /* LATIN CAPITAL LETTER K WITH DOT BELOW */ + {0x1e33, 2, 1037}, /* LATIN SMALL LETTER K WITH DOT BELOW */ + {0x1e34, 2, 1039}, /* LATIN CAPITAL LETTER K WITH LINE BELOW */ + {0x1e35, 2, 1041}, /* LATIN SMALL LETTER K WITH LINE BELOW */ + {0x1e36, 2, 1043}, /* LATIN CAPITAL LETTER L WITH DOT BELOW */ + {0x1e37, 2, 1045}, /* LATIN SMALL LETTER L WITH DOT BELOW */ + {0x1e38, 2, 1047}, /* LATIN CAPITAL LETTER L WITH DOT BELOW AND MACRON */ + {0x1e39, 2, 1049}, /* LATIN SMALL LETTER L WITH DOT BELOW AND MACRON */ + {0x1e3a, 2, 1051}, /* LATIN CAPITAL LETTER L WITH LINE BELOW */ + {0x1e3b, 2, 1053}, /* LATIN SMALL LETTER L WITH LINE BELOW */ + {0x1e3c, 2, 1055}, /* LATIN CAPITAL LETTER L WITH CIRCUMFLEX BELOW */ + {0x1e3d, 2, 1057}, /* LATIN SMALL LETTER L WITH CIRCUMFLEX BELOW */ + {0x1e3e, 2, 1059}, /* LATIN CAPITAL LETTER M WITH ACUTE */ + {0x1e3f, 2, 1061}, /* LATIN SMALL LETTER M WITH ACUTE */ + {0x1e40, 2, 1063}, /* LATIN CAPITAL LETTER M WITH DOT ABOVE */ + {0x1e41, 2, 1065}, /* LATIN SMALL LETTER M WITH DOT ABOVE */ + {0x1e42, 2, 1067}, /* LATIN CAPITAL LETTER M WITH DOT BELOW */ + {0x1e43, 2, 1069}, /* LATIN SMALL LETTER M WITH DOT BELOW */ + {0x1e44, 2, 1071}, /* LATIN CAPITAL LETTER N WITH DOT ABOVE */ + {0x1e45, 2, 1073}, /* LATIN SMALL LETTER N WITH DOT ABOVE */ + {0x1e46, 2, 1075}, /* LATIN CAPITAL LETTER N WITH DOT BELOW */ + {0x1e47, 2, 1077}, /* LATIN SMALL LETTER N WITH DOT BELOW */ + {0x1e48, 2, 1079}, /* LATIN CAPITAL LETTER N WITH LINE BELOW */ + {0x1e49, 2, 1081}, /* LATIN SMALL LETTER N WITH LINE BELOW */ + {0x1e4a, 2, 1083}, /* LATIN CAPITAL LETTER N WITH CIRCUMFLEX BELOW */ + {0x1e4b, 2, 1085}, /* LATIN SMALL LETTER N WITH CIRCUMFLEX BELOW */ + {0x1e4c, 2, 1087}, /* LATIN CAPITAL LETTER O WITH TILDE AND ACUTE */ + {0x1e4d, 2, 1089}, /* LATIN SMALL LETTER O WITH TILDE AND ACUTE */ + {0x1e4e, 2, 1091}, /* LATIN CAPITAL LETTER O WITH TILDE AND DIAERESIS */ + {0x1e4f, 2, 1093}, /* LATIN SMALL LETTER O WITH TILDE AND DIAERESIS */ + {0x1e50, 2, 1095}, /* LATIN CAPITAL LETTER O WITH MACRON AND GRAVE */ + {0x1e51, 2, 1097}, /* LATIN SMALL LETTER O WITH MACRON AND GRAVE */ + {0x1e52, 2, 1099}, /* LATIN CAPITAL LETTER O WITH MACRON AND ACUTE */ + {0x1e53, 2, 1101}, /* LATIN SMALL LETTER O WITH MACRON AND ACUTE */ + {0x1e54, 2, 1103}, /* LATIN CAPITAL LETTER P WITH ACUTE */ + {0x1e55, 2, 1105}, /* LATIN SMALL LETTER P WITH ACUTE */ + {0x1e56, 2, 1107}, /* LATIN CAPITAL LETTER P WITH DOT ABOVE */ + {0x1e57, 2, 1109}, /* LATIN SMALL LETTER P WITH DOT ABOVE */ + {0x1e58, 2, 1111}, /* LATIN CAPITAL LETTER R WITH DOT ABOVE */ + {0x1e59, 2, 1113}, /* LATIN SMALL LETTER R WITH DOT ABOVE */ + {0x1e5a, 2, 1115}, /* LATIN CAPITAL LETTER R WITH DOT BELOW */ + {0x1e5b, 2, 1117}, /* LATIN SMALL LETTER R WITH DOT BELOW */ + {0x1e5c, 2, 1119}, /* LATIN CAPITAL LETTER R WITH DOT BELOW AND MACRON */ + {0x1e5d, 2, 1121}, /* LATIN SMALL LETTER R WITH DOT BELOW AND MACRON */ + {0x1e5e, 2, 1123}, /* LATIN CAPITAL LETTER R WITH LINE BELOW */ + {0x1e5f, 2, 1125}, /* LATIN SMALL LETTER R WITH LINE BELOW */ + {0x1e60, 2, 1127}, /* LATIN CAPITAL LETTER S WITH DOT ABOVE */ + {0x1e61, 2, 1129}, /* LATIN SMALL LETTER S WITH DOT ABOVE */ + {0x1e62, 2, 1131}, /* LATIN CAPITAL LETTER S WITH DOT BELOW */ + {0x1e63, 2, 1133}, /* LATIN SMALL LETTER S WITH DOT BELOW */ + {0x1e64, 2, 1135}, /* LATIN CAPITAL LETTER S WITH ACUTE AND DOT ABOVE */ + {0x1e65, 2, 1137}, /* LATIN SMALL LETTER S WITH ACUTE AND DOT ABOVE */ + {0x1e66, 2, 1139}, /* LATIN CAPITAL LETTER S WITH CARON AND DOT ABOVE */ + {0x1e67, 2, 1141}, /* LATIN SMALL LETTER S WITH CARON AND DOT ABOVE */ + {0x1e68, 2, 1143}, /* LATIN CAPITAL LETTER S WITH DOT BELOW AND DOT ABOVE */ + {0x1e69, 2, 1145}, /* LATIN SMALL LETTER S WITH DOT BELOW AND DOT ABOVE */ + {0x1e6a, 2, 1147}, /* LATIN CAPITAL LETTER T WITH DOT ABOVE */ + {0x1e6b, 2, 1149}, /* LATIN SMALL LETTER T WITH DOT ABOVE */ + {0x1e6c, 2, 1151}, /* LATIN CAPITAL LETTER T WITH DOT BELOW */ + {0x1e6d, 2, 1153}, /* LATIN SMALL LETTER T WITH DOT BELOW */ + {0x1e6e, 2, 1155}, /* LATIN CAPITAL LETTER T WITH LINE BELOW */ + {0x1e6f, 2, 1157}, /* LATIN SMALL LETTER T WITH LINE BELOW */ + {0x1e70, 2, 1159}, /* LATIN CAPITAL LETTER T WITH CIRCUMFLEX BELOW */ + {0x1e71, 2, 1161}, /* LATIN SMALL LETTER T WITH CIRCUMFLEX BELOW */ + {0x1e72, 2, 1163}, /* LATIN CAPITAL LETTER U WITH DIAERESIS BELOW */ + {0x1e73, 2, 1165}, /* LATIN SMALL LETTER U WITH DIAERESIS BELOW */ + {0x1e74, 2, 1167}, /* LATIN CAPITAL LETTER U WITH TILDE BELOW */ + {0x1e75, 2, 1169}, /* LATIN SMALL LETTER U WITH TILDE BELOW */ + {0x1e76, 2, 1171}, /* LATIN CAPITAL LETTER U WITH CIRCUMFLEX BELOW */ + {0x1e77, 2, 1173}, /* LATIN SMALL LETTER U WITH CIRCUMFLEX BELOW */ + {0x1e78, 2, 1175}, /* LATIN CAPITAL LETTER U WITH TILDE AND ACUTE */ + {0x1e79, 2, 1177}, /* LATIN SMALL LETTER U WITH TILDE AND ACUTE */ + {0x1e7a, 2, 1179}, /* LATIN CAPITAL LETTER U WITH MACRON AND DIAERESIS */ + {0x1e7b, 2, 1181}, /* LATIN SMALL LETTER U WITH MACRON AND DIAERESIS */ + {0x1e7c, 2, 1183}, /* LATIN CAPITAL LETTER V WITH TILDE */ + {0x1e7d, 2, 1185}, /* LATIN SMALL LETTER V WITH TILDE */ + {0x1e7e, 2, 1187}, /* LATIN CAPITAL LETTER V WITH DOT BELOW */ + {0x1e7f, 2, 1189}, /* LATIN SMALL LETTER V WITH DOT BELOW */ + {0x1e80, 2, 1191}, /* LATIN CAPITAL LETTER W WITH GRAVE */ + {0x1e81, 2, 1193}, /* LATIN SMALL LETTER W WITH GRAVE */ + {0x1e82, 2, 1195}, /* LATIN CAPITAL LETTER W WITH ACUTE */ + {0x1e83, 2, 1197}, /* LATIN SMALL LETTER W WITH ACUTE */ + {0x1e84, 2, 1199}, /* LATIN CAPITAL LETTER W WITH DIAERESIS */ + {0x1e85, 2, 1201}, /* LATIN SMALL LETTER W WITH DIAERESIS */ + {0x1e86, 2, 1203}, /* LATIN CAPITAL LETTER W WITH DOT ABOVE */ + {0x1e87, 2, 1205}, /* LATIN SMALL LETTER W WITH DOT ABOVE */ + {0x1e88, 2, 1207}, /* LATIN CAPITAL LETTER W WITH DOT BELOW */ + {0x1e89, 2, 1209}, /* LATIN SMALL LETTER W WITH DOT BELOW */ + {0x1e8a, 2, 1211}, /* LATIN CAPITAL LETTER X WITH DOT ABOVE */ + {0x1e8b, 2, 1213}, /* LATIN SMALL LETTER X WITH DOT ABOVE */ + {0x1e8c, 2, 1215}, /* LATIN CAPITAL LETTER X WITH DIAERESIS */ + {0x1e8d, 2, 1217}, /* LATIN SMALL LETTER X WITH DIAERESIS */ + {0x1e8e, 2, 1219}, /* LATIN CAPITAL LETTER Y WITH DOT ABOVE */ + {0x1e8f, 2, 1221}, /* LATIN SMALL LETTER Y WITH DOT ABOVE */ + {0x1e90, 2, 1223}, /* LATIN CAPITAL LETTER Z WITH CIRCUMFLEX */ + {0x1e91, 2, 1225}, /* LATIN SMALL LETTER Z WITH CIRCUMFLEX */ + {0x1e92, 2, 1227}, /* LATIN CAPITAL LETTER Z WITH DOT BELOW */ + {0x1e93, 2, 1229}, /* LATIN SMALL LETTER Z WITH DOT BELOW */ + {0x1e94, 2, 1231}, /* LATIN CAPITAL LETTER Z WITH LINE BELOW */ + {0x1e95, 2, 1233}, /* LATIN SMALL LETTER Z WITH LINE BELOW */ + {0x1e96, 2, 1235}, /* LATIN SMALL LETTER H WITH LINE BELOW */ + {0x1e97, 2, 1237}, /* LATIN SMALL LETTER T WITH DIAERESIS */ + {0x1e98, 2, 1239}, /* LATIN SMALL LETTER W WITH RING ABOVE */ + {0x1e99, 2, 1241}, /* LATIN SMALL LETTER Y WITH RING ABOVE */ + {0x1e9a, 2, 1243}, /* LATIN SMALL LETTER A WITH RIGHT HALF RING */ + {0x1e9b, 2, 1245}, /* LATIN SMALL LETTER LONG S WITH DOT ABOVE */ + {0x1ea0, 2, 1247}, /* LATIN CAPITAL LETTER A WITH DOT BELOW */ + {0x1ea1, 2, 1249}, /* LATIN SMALL LETTER A WITH DOT BELOW */ + {0x1ea2, 2, 1251}, /* LATIN CAPITAL LETTER A WITH HOOK ABOVE */ + {0x1ea3, 2, 1253}, /* LATIN SMALL LETTER A WITH HOOK ABOVE */ + {0x1ea4, 2, 1255}, /* LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND ACUTE */ + {0x1ea5, 2, 1257}, /* LATIN SMALL LETTER A WITH CIRCUMFLEX AND ACUTE */ + {0x1ea6, 2, 1259}, /* LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND GRAVE */ + {0x1ea7, 2, 1261}, /* LATIN SMALL LETTER A WITH CIRCUMFLEX AND GRAVE */ + {0x1ea8, 2, 1263}, /* LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND HOOK ABOVE */ + {0x1ea9, 2, 1265}, /* LATIN SMALL LETTER A WITH CIRCUMFLEX AND HOOK ABOVE */ + {0x1eaa, 2, 1267}, /* LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND TILDE */ + {0x1eab, 2, 1269}, /* LATIN SMALL LETTER A WITH CIRCUMFLEX AND TILDE */ + {0x1eac, 2, 1271}, /* LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND DOT BELOW */ + {0x1ead, 2, 1273}, /* LATIN SMALL LETTER A WITH CIRCUMFLEX AND DOT BELOW */ + {0x1eae, 2, 1275}, /* LATIN CAPITAL LETTER A WITH BREVE AND ACUTE */ + {0x1eaf, 2, 1277}, /* LATIN SMALL LETTER A WITH BREVE AND ACUTE */ + {0x1eb0, 2, 1279}, /* LATIN CAPITAL LETTER A WITH BREVE AND GRAVE */ + {0x1eb1, 2, 1281}, /* LATIN SMALL LETTER A WITH BREVE AND GRAVE */ + {0x1eb2, 2, 1283}, /* LATIN CAPITAL LETTER A WITH BREVE AND HOOK ABOVE */ + {0x1eb3, 2, 1285}, /* LATIN SMALL LETTER A WITH BREVE AND HOOK ABOVE */ + {0x1eb4, 2, 1287}, /* LATIN CAPITAL LETTER A WITH BREVE AND TILDE */ + {0x1eb5, 2, 1289}, /* LATIN SMALL LETTER A WITH BREVE AND TILDE */ + {0x1eb6, 2, 1291}, /* LATIN CAPITAL LETTER A WITH BREVE AND DOT BELOW */ + {0x1eb7, 2, 1293}, /* LATIN SMALL LETTER A WITH BREVE AND DOT BELOW */ + {0x1eb8, 2, 1295}, /* LATIN CAPITAL LETTER E WITH DOT BELOW */ + {0x1eb9, 2, 1297}, /* LATIN SMALL LETTER E WITH DOT BELOW */ + {0x1eba, 2, 1299}, /* LATIN CAPITAL LETTER E WITH HOOK ABOVE */ + {0x1ebb, 2, 1301}, /* LATIN SMALL LETTER E WITH HOOK ABOVE */ + {0x1ebc, 2, 1303}, /* LATIN CAPITAL LETTER E WITH TILDE */ + {0x1ebd, 2, 1305}, /* LATIN SMALL LETTER E WITH TILDE */ + {0x1ebe, 2, 1307}, /* LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND ACUTE */ + {0x1ebf, 2, 1309}, /* LATIN SMALL LETTER E WITH CIRCUMFLEX AND ACUTE */ + {0x1ec0, 2, 1311}, /* LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND GRAVE */ + {0x1ec1, 2, 1313}, /* LATIN SMALL LETTER E WITH CIRCUMFLEX AND GRAVE */ + {0x1ec2, 2, 1315}, /* LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND HOOK ABOVE */ + {0x1ec3, 2, 1317}, /* LATIN SMALL LETTER E WITH CIRCUMFLEX AND HOOK ABOVE */ + {0x1ec4, 2, 1319}, /* LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND TILDE */ + {0x1ec5, 2, 1321}, /* LATIN SMALL LETTER E WITH CIRCUMFLEX AND TILDE */ + {0x1ec6, 2, 1323}, /* LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND DOT BELOW */ + {0x1ec7, 2, 1325}, /* LATIN SMALL LETTER E WITH CIRCUMFLEX AND DOT BELOW */ + {0x1ec8, 2, 1327}, /* LATIN CAPITAL LETTER I WITH HOOK ABOVE */ + {0x1ec9, 2, 1329}, /* LATIN SMALL LETTER I WITH HOOK ABOVE */ + {0x1eca, 2, 1331}, /* LATIN CAPITAL LETTER I WITH DOT BELOW */ + {0x1ecb, 2, 1333}, /* LATIN SMALL LETTER I WITH DOT BELOW */ + {0x1ecc, 2, 1335}, /* LATIN CAPITAL LETTER O WITH DOT BELOW */ + {0x1ecd, 2, 1337}, /* LATIN SMALL LETTER O WITH DOT BELOW */ + {0x1ece, 2, 1339}, /* LATIN CAPITAL LETTER O WITH HOOK ABOVE */ + {0x1ecf, 2, 1341}, /* LATIN SMALL LETTER O WITH HOOK ABOVE */ + {0x1ed0, 2, 1343}, /* LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND ACUTE */ + {0x1ed1, 2, 1345}, /* LATIN SMALL LETTER O WITH CIRCUMFLEX AND ACUTE */ + {0x1ed2, 2, 1347}, /* LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND GRAVE */ + {0x1ed3, 2, 1349}, /* LATIN SMALL LETTER O WITH CIRCUMFLEX AND GRAVE */ + {0x1ed4, 2, 1351}, /* LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND HOOK ABOVE */ + {0x1ed5, 2, 1353}, /* LATIN SMALL LETTER O WITH CIRCUMFLEX AND HOOK ABOVE */ + {0x1ed6, 2, 1355}, /* LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND TILDE */ + {0x1ed7, 2, 1357}, /* LATIN SMALL LETTER O WITH CIRCUMFLEX AND TILDE */ + {0x1ed8, 2, 1359}, /* LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND DOT BELOW */ + {0x1ed9, 2, 1361}, /* LATIN SMALL LETTER O WITH CIRCUMFLEX AND DOT BELOW */ + {0x1eda, 2, 1363}, /* LATIN CAPITAL LETTER O WITH HORN AND ACUTE */ + {0x1edb, 2, 1365}, /* LATIN SMALL LETTER O WITH HORN AND ACUTE */ + {0x1edc, 2, 1367}, /* LATIN CAPITAL LETTER O WITH HORN AND GRAVE */ + {0x1edd, 2, 1369}, /* LATIN SMALL LETTER O WITH HORN AND GRAVE */ + {0x1ede, 2, 1371}, /* LATIN CAPITAL LETTER O WITH HORN AND HOOK ABOVE */ + {0x1edf, 2, 1373}, /* LATIN SMALL LETTER O WITH HORN AND HOOK ABOVE */ + {0x1ee0, 2, 1375}, /* LATIN CAPITAL LETTER O WITH HORN AND TILDE */ + {0x1ee1, 2, 1377}, /* LATIN SMALL LETTER O WITH HORN AND TILDE */ + {0x1ee2, 2, 1379}, /* LATIN CAPITAL LETTER O WITH HORN AND DOT BELOW */ + {0x1ee3, 2, 1381}, /* LATIN SMALL LETTER O WITH HORN AND DOT BELOW */ + {0x1ee4, 2, 1383}, /* LATIN CAPITAL LETTER U WITH DOT BELOW */ + {0x1ee5, 2, 1385}, /* LATIN SMALL LETTER U WITH DOT BELOW */ + {0x1ee6, 2, 1387}, /* LATIN CAPITAL LETTER U WITH HOOK ABOVE */ + {0x1ee7, 2, 1389}, /* LATIN SMALL LETTER U WITH HOOK ABOVE */ + {0x1ee8, 2, 1391}, /* LATIN CAPITAL LETTER U WITH HORN AND ACUTE */ + {0x1ee9, 2, 1393}, /* LATIN SMALL LETTER U WITH HORN AND ACUTE */ + {0x1eea, 2, 1395}, /* LATIN CAPITAL LETTER U WITH HORN AND GRAVE */ + {0x1eeb, 2, 1397}, /* LATIN SMALL LETTER U WITH HORN AND GRAVE */ + {0x1eec, 2, 1399}, /* LATIN CAPITAL LETTER U WITH HORN AND HOOK ABOVE */ + {0x1eed, 2, 1401}, /* LATIN SMALL LETTER U WITH HORN AND HOOK ABOVE */ + {0x1eee, 2, 1403}, /* LATIN CAPITAL LETTER U WITH HORN AND TILDE */ + {0x1eef, 2, 1405}, /* LATIN SMALL LETTER U WITH HORN AND TILDE */ + {0x1ef0, 2, 1407}, /* LATIN CAPITAL LETTER U WITH HORN AND DOT BELOW */ + {0x1ef1, 2, 1409}, /* LATIN SMALL LETTER U WITH HORN AND DOT BELOW */ + {0x1ef2, 2, 1411}, /* LATIN CAPITAL LETTER Y WITH GRAVE */ + {0x1ef3, 2, 1413}, /* LATIN SMALL LETTER Y WITH GRAVE */ + {0x1ef4, 2, 1415}, /* LATIN CAPITAL LETTER Y WITH DOT BELOW */ + {0x1ef5, 2, 1417}, /* LATIN SMALL LETTER Y WITH DOT BELOW */ + {0x1ef6, 2, 1419}, /* LATIN CAPITAL LETTER Y WITH HOOK ABOVE */ + {0x1ef7, 2, 1421}, /* LATIN SMALL LETTER Y WITH HOOK ABOVE */ + {0x1ef8, 2, 1423}, /* LATIN CAPITAL LETTER Y WITH TILDE */ + {0x1ef9, 2, 1425}, /* LATIN SMALL LETTER Y WITH TILDE */ + {0x1f00, 2, 1427}, /* GREEK SMALL LETTER ALPHA WITH PSILI */ + {0x1f01, 2, 1429}, /* GREEK SMALL LETTER ALPHA WITH DASIA */ + {0x1f02, 2, 1431}, /* GREEK SMALL LETTER ALPHA WITH PSILI AND VARIA */ + {0x1f03, 2, 1433}, /* GREEK SMALL LETTER ALPHA WITH DASIA AND VARIA */ + {0x1f04, 2, 1435}, /* GREEK SMALL LETTER ALPHA WITH PSILI AND OXIA */ + {0x1f05, 2, 1437}, /* GREEK SMALL LETTER ALPHA WITH DASIA AND OXIA */ + {0x1f06, 2, 1439}, /* GREEK SMALL LETTER ALPHA WITH PSILI AND PERISPOMENI */ + {0x1f07, 2, 1441}, /* GREEK SMALL LETTER ALPHA WITH DASIA AND PERISPOMENI */ + {0x1f08, 2, 1443}, /* GREEK CAPITAL LETTER ALPHA WITH PSILI */ + {0x1f09, 2, 1445}, /* GREEK CAPITAL LETTER ALPHA WITH DASIA */ + {0x1f0a, 2, 1447}, /* GREEK CAPITAL LETTER ALPHA WITH PSILI AND VARIA */ + {0x1f0b, 2, 1449}, /* GREEK CAPITAL LETTER ALPHA WITH DASIA AND VARIA */ + {0x1f0c, 2, 1451}, /* GREEK CAPITAL LETTER ALPHA WITH PSILI AND OXIA */ + {0x1f0d, 2, 1453}, /* GREEK CAPITAL LETTER ALPHA WITH DASIA AND OXIA */ + {0x1f0e, 2, 1455}, /* GREEK CAPITAL LETTER ALPHA WITH PSILI AND PERISPOMENI */ + {0x1f0f, 2, 1457}, /* GREEK CAPITAL LETTER ALPHA WITH DASIA AND PERISPOMENI */ + {0x1f10, 2, 1459}, /* GREEK SMALL LETTER EPSILON WITH PSILI */ + {0x1f11, 2, 1461}, /* GREEK SMALL LETTER EPSILON WITH DASIA */ + {0x1f12, 2, 1463}, /* GREEK SMALL LETTER EPSILON WITH PSILI AND VARIA */ + {0x1f13, 2, 1465}, /* GREEK SMALL LETTER EPSILON WITH DASIA AND VARIA */ + {0x1f14, 2, 1467}, /* GREEK SMALL LETTER EPSILON WITH PSILI AND OXIA */ + {0x1f15, 2, 1469}, /* GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA */ + {0x1f18, 2, 1471}, /* GREEK CAPITAL LETTER EPSILON WITH PSILI */ + {0x1f19, 2, 1473}, /* GREEK CAPITAL LETTER EPSILON WITH DASIA */ + {0x1f1a, 2, 1475}, /* GREEK CAPITAL LETTER EPSILON WITH PSILI AND VARIA */ + {0x1f1b, 2, 1477}, /* GREEK CAPITAL LETTER EPSILON WITH DASIA AND VARIA */ + {0x1f1c, 2, 1479}, /* GREEK CAPITAL LETTER EPSILON WITH PSILI AND OXIA */ + {0x1f1d, 2, 1481}, /* GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA */ + {0x1f20, 2, 1483}, /* GREEK SMALL LETTER ETA WITH PSILI */ + {0x1f21, 2, 1485}, /* GREEK SMALL LETTER ETA WITH DASIA */ + {0x1f22, 2, 1487}, /* GREEK SMALL LETTER ETA WITH PSILI AND VARIA */ + {0x1f23, 2, 1489}, /* GREEK SMALL LETTER ETA WITH DASIA AND VARIA */ + {0x1f24, 2, 1491}, /* GREEK SMALL LETTER ETA WITH PSILI AND OXIA */ + {0x1f25, 2, 1493}, /* GREEK SMALL LETTER ETA WITH DASIA AND OXIA */ + {0x1f26, 2, 1495}, /* GREEK SMALL LETTER ETA WITH PSILI AND PERISPOMENI */ + {0x1f27, 2, 1497}, /* GREEK SMALL LETTER ETA WITH DASIA AND PERISPOMENI */ + {0x1f28, 2, 1499}, /* GREEK CAPITAL LETTER ETA WITH PSILI */ + {0x1f29, 2, 1501}, /* GREEK CAPITAL LETTER ETA WITH DASIA */ + {0x1f2a, 2, 1503}, /* GREEK CAPITAL LETTER ETA WITH PSILI AND VARIA */ + {0x1f2b, 2, 1505}, /* GREEK CAPITAL LETTER ETA WITH DASIA AND VARIA */ + {0x1f2c, 2, 1507}, /* GREEK CAPITAL LETTER ETA WITH PSILI AND OXIA */ + {0x1f2d, 2, 1509}, /* GREEK CAPITAL LETTER ETA WITH DASIA AND OXIA */ + {0x1f2e, 2, 1511}, /* GREEK CAPITAL LETTER ETA WITH PSILI AND PERISPOMENI */ + {0x1f2f, 2, 1513}, /* GREEK CAPITAL LETTER ETA WITH DASIA AND PERISPOMENI */ + {0x1f30, 2, 1515}, /* GREEK SMALL LETTER IOTA WITH PSILI */ + {0x1f31, 2, 1517}, /* GREEK SMALL LETTER IOTA WITH DASIA */ + {0x1f32, 2, 1519}, /* GREEK SMALL LETTER IOTA WITH PSILI AND VARIA */ + {0x1f33, 2, 1521}, /* GREEK SMALL LETTER IOTA WITH DASIA AND VARIA */ + {0x1f34, 2, 1523}, /* GREEK SMALL LETTER IOTA WITH PSILI AND OXIA */ + {0x1f35, 2, 1525}, /* GREEK SMALL LETTER IOTA WITH DASIA AND OXIA */ + {0x1f36, 2, 1527}, /* GREEK SMALL LETTER IOTA WITH PSILI AND PERISPOMENI */ + {0x1f37, 2, 1529}, /* GREEK SMALL LETTER IOTA WITH DASIA AND PERISPOMENI */ + {0x1f38, 2, 1531}, /* GREEK CAPITAL LETTER IOTA WITH PSILI */ + {0x1f39, 2, 1533}, /* GREEK CAPITAL LETTER IOTA WITH DASIA */ + {0x1f3a, 2, 1535}, /* GREEK CAPITAL LETTER IOTA WITH PSILI AND VARIA */ + {0x1f3b, 2, 1537}, /* GREEK CAPITAL LETTER IOTA WITH DASIA AND VARIA */ + {0x1f3c, 2, 1539}, /* GREEK CAPITAL LETTER IOTA WITH PSILI AND OXIA */ + {0x1f3d, 2, 1541}, /* GREEK CAPITAL LETTER IOTA WITH DASIA AND OXIA */ + {0x1f3e, 2, 1543}, /* GREEK CAPITAL LETTER IOTA WITH PSILI AND PERISPOMENI */ + {0x1f3f, 2, 1545}, /* GREEK CAPITAL LETTER IOTA WITH DASIA AND PERISPOMENI */ + {0x1f40, 2, 1547}, /* GREEK SMALL LETTER OMICRON WITH PSILI */ + {0x1f41, 2, 1549}, /* GREEK SMALL LETTER OMICRON WITH DASIA */ + {0x1f42, 2, 1551}, /* GREEK SMALL LETTER OMICRON WITH PSILI AND VARIA */ + {0x1f43, 2, 1553}, /* GREEK SMALL LETTER OMICRON WITH DASIA AND VARIA */ + {0x1f44, 2, 1555}, /* GREEK SMALL LETTER OMICRON WITH PSILI AND OXIA */ + {0x1f45, 2, 1557}, /* GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA */ + {0x1f48, 2, 1559}, /* GREEK CAPITAL LETTER OMICRON WITH PSILI */ + {0x1f49, 2, 1561}, /* GREEK CAPITAL LETTER OMICRON WITH DASIA */ + {0x1f4a, 2, 1563}, /* GREEK CAPITAL LETTER OMICRON WITH PSILI AND VARIA */ + {0x1f4b, 2, 1565}, /* GREEK CAPITAL LETTER OMICRON WITH DASIA AND VARIA */ + {0x1f4c, 2, 1567}, /* GREEK CAPITAL LETTER OMICRON WITH PSILI AND OXIA */ + {0x1f4d, 2, 1569}, /* GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA */ + {0x1f50, 2, 1571}, /* GREEK SMALL LETTER UPSILON WITH PSILI */ + {0x1f51, 2, 1573}, /* GREEK SMALL LETTER UPSILON WITH DASIA */ + {0x1f52, 2, 1575}, /* GREEK SMALL LETTER UPSILON WITH PSILI AND VARIA */ + {0x1f53, 2, 1577}, /* GREEK SMALL LETTER UPSILON WITH DASIA AND VARIA */ + {0x1f54, 2, 1579}, /* GREEK SMALL LETTER UPSILON WITH PSILI AND OXIA */ + {0x1f55, 2, 1581}, /* GREEK SMALL LETTER UPSILON WITH DASIA AND OXIA */ + {0x1f56, 2, 1583}, /* GREEK SMALL LETTER UPSILON WITH PSILI AND PERISPOMENI */ + {0x1f57, 2, 1585}, /* GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI */ + {0x1f59, 2, 1587}, /* GREEK CAPITAL LETTER UPSILON WITH DASIA */ + {0x1f5b, 2, 1589}, /* GREEK CAPITAL LETTER UPSILON WITH DASIA AND VARIA */ + {0x1f5d, 2, 1591}, /* GREEK CAPITAL LETTER UPSILON WITH DASIA AND OXIA */ + {0x1f5f, 2, 1593}, /* GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI */ + {0x1f60, 2, 1595}, /* GREEK SMALL LETTER OMEGA WITH PSILI */ + {0x1f61, 2, 1597}, /* GREEK SMALL LETTER OMEGA WITH DASIA */ + {0x1f62, 2, 1599}, /* GREEK SMALL LETTER OMEGA WITH PSILI AND VARIA */ + {0x1f63, 2, 1601}, /* GREEK SMALL LETTER OMEGA WITH DASIA AND VARIA */ + {0x1f64, 2, 1603}, /* GREEK SMALL LETTER OMEGA WITH PSILI AND OXIA */ + {0x1f65, 2, 1605}, /* GREEK SMALL LETTER OMEGA WITH DASIA AND OXIA */ + {0x1f66, 2, 1607}, /* GREEK SMALL LETTER OMEGA WITH PSILI AND PERISPOMENI */ + {0x1f67, 2, 1609}, /* GREEK SMALL LETTER OMEGA WITH DASIA AND PERISPOMENI */ + {0x1f68, 2, 1611}, /* GREEK CAPITAL LETTER OMEGA WITH PSILI */ + {0x1f69, 2, 1613}, /* GREEK CAPITAL LETTER OMEGA WITH DASIA */ + {0x1f6a, 2, 1615}, /* GREEK CAPITAL LETTER OMEGA WITH PSILI AND VARIA */ + {0x1f6b, 2, 1617}, /* GREEK CAPITAL LETTER OMEGA WITH DASIA AND VARIA */ + {0x1f6c, 2, 1619}, /* GREEK CAPITAL LETTER OMEGA WITH PSILI AND OXIA */ + {0x1f6d, 2, 1621}, /* GREEK CAPITAL LETTER OMEGA WITH DASIA AND OXIA */ + {0x1f6e, 2, 1623}, /* GREEK CAPITAL LETTER OMEGA WITH PSILI AND PERISPOMENI */ + {0x1f6f, 2, 1625}, /* GREEK CAPITAL LETTER OMEGA WITH DASIA AND PERISPOMENI */ + {0x1f70, 2, 1627}, /* GREEK SMALL LETTER ALPHA WITH VARIA */ + {0x1f71, 1, 1629}, /* GREEK SMALL LETTER ALPHA WITH OXIA */ + {0x1f72, 2, 1630}, /* GREEK SMALL LETTER EPSILON WITH VARIA */ + {0x1f73, 1, 1632}, /* GREEK SMALL LETTER EPSILON WITH OXIA */ + {0x1f74, 2, 1633}, /* GREEK SMALL LETTER ETA WITH VARIA */ + {0x1f75, 1, 1635}, /* GREEK SMALL LETTER ETA WITH OXIA */ + {0x1f76, 2, 1636}, /* GREEK SMALL LETTER IOTA WITH VARIA */ + {0x1f77, 1, 1638}, /* GREEK SMALL LETTER IOTA WITH OXIA */ + {0x1f78, 2, 1639}, /* GREEK SMALL LETTER OMICRON WITH VARIA */ + {0x1f79, 1, 1641}, /* GREEK SMALL LETTER OMICRON WITH OXIA */ + {0x1f7a, 2, 1642}, /* GREEK SMALL LETTER UPSILON WITH VARIA */ + {0x1f7b, 1, 1644}, /* GREEK SMALL LETTER UPSILON WITH OXIA */ + {0x1f7c, 2, 1645}, /* GREEK SMALL LETTER OMEGA WITH VARIA */ + {0x1f7d, 1, 1647}, /* GREEK SMALL LETTER OMEGA WITH OXIA */ + {0x1f80, 2, 1648}, /* GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI */ + {0x1f81, 2, 1650}, /* GREEK SMALL LETTER ALPHA WITH DASIA AND YPOGEGRAMMENI */ + {0x1f82, 2, 1652}, /* GREEK SMALL LETTER ALPHA WITH PSILI AND VARIA AND YPOGEGRAMMENI */ + {0x1f83, 2, 1654}, /* GREEK SMALL LETTER ALPHA WITH DASIA AND VARIA AND YPOGEGRAMMENI */ + {0x1f84, 2, 1656}, /* GREEK SMALL LETTER ALPHA WITH PSILI AND OXIA AND YPOGEGRAMMENI */ + {0x1f85, 2, 1658}, /* GREEK SMALL LETTER ALPHA WITH DASIA AND OXIA AND YPOGEGRAMMENI */ + {0x1f86, 2, 1660}, /* GREEK SMALL LETTER ALPHA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI */ + {0x1f87, 2, 1662}, /* GREEK SMALL LETTER ALPHA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI */ + {0x1f88, 2, 1664}, /* GREEK CAPITAL LETTER ALPHA WITH PSILI AND PROSGEGRAMMENI */ + {0x1f89, 2, 1666}, /* GREEK CAPITAL LETTER ALPHA WITH DASIA AND PROSGEGRAMMENI */ + {0x1f8a, 2, 1668}, /* GREEK CAPITAL LETTER ALPHA WITH PSILI AND VARIA AND PROSGEGRAMMENI */ + {0x1f8b, 2, 1670}, /* GREEK CAPITAL LETTER ALPHA WITH DASIA AND VARIA AND PROSGEGRAMMENI */ + {0x1f8c, 2, 1672}, /* GREEK CAPITAL LETTER ALPHA WITH PSILI AND OXIA AND PROSGEGRAMMENI */ + {0x1f8d, 2, 1674}, /* GREEK CAPITAL LETTER ALPHA WITH DASIA AND OXIA AND PROSGEGRAMMENI */ + {0x1f8e, 2, 1676}, /* GREEK CAPITAL LETTER ALPHA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI */ + {0x1f8f, 2, 1678}, /* GREEK CAPITAL LETTER ALPHA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI */ + {0x1f90, 2, 1680}, /* GREEK SMALL LETTER ETA WITH PSILI AND YPOGEGRAMMENI */ + {0x1f91, 2, 1682}, /* GREEK SMALL LETTER ETA WITH DASIA AND YPOGEGRAMMENI */ + {0x1f92, 2, 1684}, /* GREEK SMALL LETTER ETA WITH PSILI AND VARIA AND YPOGEGRAMMENI */ + {0x1f93, 2, 1686}, /* GREEK SMALL LETTER ETA WITH DASIA AND VARIA AND YPOGEGRAMMENI */ + {0x1f94, 2, 1688}, /* GREEK SMALL LETTER ETA WITH PSILI AND OXIA AND YPOGEGRAMMENI */ + {0x1f95, 2, 1690}, /* GREEK SMALL LETTER ETA WITH DASIA AND OXIA AND YPOGEGRAMMENI */ + {0x1f96, 2, 1692}, /* GREEK SMALL LETTER ETA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI */ + {0x1f97, 2, 1694}, /* GREEK SMALL LETTER ETA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI */ + {0x1f98, 2, 1696}, /* GREEK CAPITAL LETTER ETA WITH PSILI AND PROSGEGRAMMENI */ + {0x1f99, 2, 1698}, /* GREEK CAPITAL LETTER ETA WITH DASIA AND PROSGEGRAMMENI */ + {0x1f9a, 2, 1700}, /* GREEK CAPITAL LETTER ETA WITH PSILI AND VARIA AND PROSGEGRAMMENI */ + {0x1f9b, 2, 1702}, /* GREEK CAPITAL LETTER ETA WITH DASIA AND VARIA AND PROSGEGRAMMENI */ + {0x1f9c, 2, 1704}, /* GREEK CAPITAL LETTER ETA WITH PSILI AND OXIA AND PROSGEGRAMMENI */ + {0x1f9d, 2, 1706}, /* GREEK CAPITAL LETTER ETA WITH DASIA AND OXIA AND PROSGEGRAMMENI */ + {0x1f9e, 2, 1708}, /* GREEK CAPITAL LETTER ETA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI */ + {0x1f9f, 2, 1710}, /* GREEK CAPITAL LETTER ETA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI */ + {0x1fa0, 2, 1712}, /* GREEK SMALL LETTER OMEGA WITH PSILI AND YPOGEGRAMMENI */ + {0x1fa1, 2, 1714}, /* GREEK SMALL LETTER OMEGA WITH DASIA AND YPOGEGRAMMENI */ + {0x1fa2, 2, 1716}, /* GREEK SMALL LETTER OMEGA WITH PSILI AND VARIA AND YPOGEGRAMMENI */ + {0x1fa3, 2, 1718}, /* GREEK SMALL LETTER OMEGA WITH DASIA AND VARIA AND YPOGEGRAMMENI */ + {0x1fa4, 2, 1720}, /* GREEK SMALL LETTER OMEGA WITH PSILI AND OXIA AND YPOGEGRAMMENI */ + {0x1fa5, 2, 1722}, /* GREEK SMALL LETTER OMEGA WITH DASIA AND OXIA AND YPOGEGRAMMENI */ + {0x1fa6, 2, 1724}, /* GREEK SMALL LETTER OMEGA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI */ + {0x1fa7, 2, 1726}, /* GREEK SMALL LETTER OMEGA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI */ + {0x1fa8, 2, 1728}, /* GREEK CAPITAL LETTER OMEGA WITH PSILI AND PROSGEGRAMMENI */ + {0x1fa9, 2, 1730}, /* GREEK CAPITAL LETTER OMEGA WITH DASIA AND PROSGEGRAMMENI */ + {0x1faa, 2, 1732}, /* GREEK CAPITAL LETTER OMEGA WITH PSILI AND VARIA AND PROSGEGRAMMENI */ + {0x1fab, 2, 1734}, /* GREEK CAPITAL LETTER OMEGA WITH DASIA AND VARIA AND PROSGEGRAMMENI */ + {0x1fac, 2, 1736}, /* GREEK CAPITAL LETTER OMEGA WITH PSILI AND OXIA AND PROSGEGRAMMENI */ + {0x1fad, 2, 1738}, /* GREEK CAPITAL LETTER OMEGA WITH DASIA AND OXIA AND PROSGEGRAMMENI */ + {0x1fae, 2, 1740}, /* GREEK CAPITAL LETTER OMEGA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI */ + {0x1faf, 2, 1742}, /* GREEK CAPITAL LETTER OMEGA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI */ + {0x1fb0, 2, 1744}, /* GREEK SMALL LETTER ALPHA WITH VRACHY */ + {0x1fb1, 2, 1746}, /* GREEK SMALL LETTER ALPHA WITH MACRON */ + {0x1fb2, 2, 1748}, /* GREEK SMALL LETTER ALPHA WITH VARIA AND YPOGEGRAMMENI */ + {0x1fb3, 2, 1750}, /* GREEK SMALL LETTER ALPHA WITH YPOGEGRAMMENI */ + {0x1fb4, 2, 1752}, /* GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI */ + {0x1fb6, 2, 1754}, /* GREEK SMALL LETTER ALPHA WITH PERISPOMENI */ + {0x1fb7, 2, 1756}, /* GREEK SMALL LETTER ALPHA WITH PERISPOMENI AND YPOGEGRAMMENI */ + {0x1fb8, 2, 1758}, /* GREEK CAPITAL LETTER ALPHA WITH VRACHY */ + {0x1fb9, 2, 1760}, /* GREEK CAPITAL LETTER ALPHA WITH MACRON */ + {0x1fba, 2, 1762}, /* GREEK CAPITAL LETTER ALPHA WITH VARIA */ + {0x1fbb, 1, 1764}, /* GREEK CAPITAL LETTER ALPHA WITH OXIA */ + {0x1fbc, 2, 1765}, /* GREEK CAPITAL LETTER ALPHA WITH PROSGEGRAMMENI */ + {0x1fbd, 2, 1767}, /* GREEK KORONIS */ + {0x1fbe, 1, 616}, /* GREEK PROSGEGRAMMENI */ + {0x1fbf, 2, 1767}, /* GREEK PSILI */ + {0x1fc0, 2, 1769}, /* GREEK PERISPOMENI */ + {0x1fc1, 2, 1771}, /* GREEK DIALYTIKA AND PERISPOMENI */ + {0x1fc2, 2, 1773}, /* GREEK SMALL LETTER ETA WITH VARIA AND YPOGEGRAMMENI */ + {0x1fc3, 2, 1775}, /* GREEK SMALL LETTER ETA WITH YPOGEGRAMMENI */ + {0x1fc4, 2, 1777}, /* GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI */ + {0x1fc6, 2, 1779}, /* GREEK SMALL LETTER ETA WITH PERISPOMENI */ + {0x1fc7, 2, 1781}, /* GREEK SMALL LETTER ETA WITH PERISPOMENI AND YPOGEGRAMMENI */ + {0x1fc8, 2, 1783}, /* GREEK CAPITAL LETTER EPSILON WITH VARIA */ + {0x1fc9, 1, 1785}, /* GREEK CAPITAL LETTER EPSILON WITH OXIA */ + {0x1fca, 2, 1786}, /* GREEK CAPITAL LETTER ETA WITH VARIA */ + {0x1fcb, 1, 1788}, /* GREEK CAPITAL LETTER ETA WITH OXIA */ + {0x1fcc, 2, 1789}, /* GREEK CAPITAL LETTER ETA WITH PROSGEGRAMMENI */ + {0x1fcd, 2, 1791}, /* GREEK PSILI AND VARIA */ + {0x1fce, 2, 1793}, /* GREEK PSILI AND OXIA */ + {0x1fcf, 2, 1795}, /* GREEK PSILI AND PERISPOMENI */ + {0x1fd0, 2, 1797}, /* GREEK SMALL LETTER IOTA WITH VRACHY */ + {0x1fd1, 2, 1799}, /* GREEK SMALL LETTER IOTA WITH MACRON */ + {0x1fd2, 2, 1801}, /* GREEK SMALL LETTER IOTA WITH DIALYTIKA AND VARIA */ + {0x1fd3, 1, 1803}, /* GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA */ + {0x1fd6, 2, 1804}, /* GREEK SMALL LETTER IOTA WITH PERISPOMENI */ + {0x1fd7, 2, 1806}, /* GREEK SMALL LETTER IOTA WITH DIALYTIKA AND PERISPOMENI */ + {0x1fd8, 2, 1808}, /* GREEK CAPITAL LETTER IOTA WITH VRACHY */ + {0x1fd9, 2, 1810}, /* GREEK CAPITAL LETTER IOTA WITH MACRON */ + {0x1fda, 2, 1812}, /* GREEK CAPITAL LETTER IOTA WITH VARIA */ + {0x1fdb, 1, 1814}, /* GREEK CAPITAL LETTER IOTA WITH OXIA */ + {0x1fdd, 2, 1815}, /* GREEK DASIA AND VARIA */ + {0x1fde, 2, 1817}, /* GREEK DASIA AND OXIA */ + {0x1fdf, 2, 1819}, /* GREEK DASIA AND PERISPOMENI */ + {0x1fe0, 2, 1821}, /* GREEK SMALL LETTER UPSILON WITH VRACHY */ + {0x1fe1, 2, 1823}, /* GREEK SMALL LETTER UPSILON WITH MACRON */ + {0x1fe2, 2, 1825}, /* GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND VARIA */ + {0x1fe3, 1, 1827}, /* GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND OXIA */ + {0x1fe4, 2, 1828}, /* GREEK SMALL LETTER RHO WITH PSILI */ + {0x1fe5, 2, 1830}, /* GREEK SMALL LETTER RHO WITH DASIA */ + {0x1fe6, 2, 1832}, /* GREEK SMALL LETTER UPSILON WITH PERISPOMENI */ + {0x1fe7, 2, 1834}, /* GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND PERISPOMENI */ + {0x1fe8, 2, 1836}, /* GREEK CAPITAL LETTER UPSILON WITH VRACHY */ + {0x1fe9, 2, 1838}, /* GREEK CAPITAL LETTER UPSILON WITH MACRON */ + {0x1fea, 2, 1840}, /* GREEK CAPITAL LETTER UPSILON WITH VARIA */ + {0x1feb, 1, 1842}, /* GREEK CAPITAL LETTER UPSILON WITH OXIA */ + {0x1fec, 2, 1843}, /* GREEK CAPITAL LETTER RHO WITH DASIA */ + {0x1fed, 2, 1845}, /* GREEK DIALYTIKA AND VARIA */ + {0x1fee, 1, 1847}, /* GREEK DIALYTIKA AND OXIA */ + {0x1fef, 1, 1848}, /* GREEK VARIA */ + {0x1ff2, 2, 1849}, /* GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI */ + {0x1ff3, 2, 1851}, /* GREEK SMALL LETTER OMEGA WITH YPOGEGRAMMENI */ + {0x1ff4, 2, 1853}, /* GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI */ + {0x1ff6, 2, 1855}, /* GREEK SMALL LETTER OMEGA WITH PERISPOMENI */ + {0x1ff7, 2, 1857}, /* GREEK SMALL LETTER OMEGA WITH PERISPOMENI AND YPOGEGRAMMENI */ + {0x1ff8, 2, 1859}, /* GREEK CAPITAL LETTER OMICRON WITH VARIA */ + {0x1ff9, 1, 1861}, /* GREEK CAPITAL LETTER OMICRON WITH OXIA */ + {0x1ffa, 2, 1862}, /* GREEK CAPITAL LETTER OMEGA WITH VARIA */ + {0x1ffb, 1, 1864}, /* GREEK CAPITAL LETTER OMEGA WITH OXIA */ + {0x1ffc, 2, 1865}, /* GREEK CAPITAL LETTER OMEGA WITH PROSGEGRAMMENI */ + {0x1ffd, 1, 1867}, /* GREEK OXIA */ + {0x1ffe, 2, 1868}, /* GREEK DASIA */ + {0x2000, 1, 1870}, /* EN QUAD */ + {0x2001, 1, 1871}, /* EM QUAD */ + {0x2002, 1, 1872}, /* EN SPACE */ + {0x2003, 1, 1873}, /* EM SPACE */ + {0x2004, 1, 1874}, /* THREE-PER-EM SPACE */ + {0x2005, 1, 1875}, /* FOUR-PER-EM SPACE */ + {0x2006, 1, 1876}, /* SIX-PER-EM SPACE */ + {0x2007, 1, 1877}, /* FIGURE SPACE */ + {0x2008, 1, 1878}, /* PUNCTUATION SPACE */ + {0x2009, 1, 1879}, /* THIN SPACE */ + {0x200a, 1, 1880}, /* HAIR SPACE */ + {0x2011, 1, 1881}, /* NON-BREAKING HYPHEN */ + {0x2017, 2, 1882}, /* DOUBLE LOW LINE */ + {0x2024, 1, 1884}, /* ONE DOT LEADER */ + {0x2025, 2, 1885}, /* TWO DOT LEADER */ + {0x2026, 3, 1884}, /* HORIZONTAL ELLIPSIS */ + {0x202f, 1, 1887}, /* NARROW NO-BREAK SPACE */ + {0x2033, 2, 1888}, /* DOUBLE PRIME */ + {0x2034, 3, 1890}, /* TRIPLE PRIME */ + {0x2036, 2, 1893}, /* REVERSED DOUBLE PRIME */ + {0x2037, 3, 1895}, /* REVERSED TRIPLE PRIME */ + {0x203c, 2, 1898}, /* DOUBLE EXCLAMATION MARK */ + {0x203e, 2, 1900}, /* OVERLINE */ + {0x2047, 2, 1902}, /* DOUBLE QUESTION MARK */ + {0x2048, 2, 1904}, /* QUESTION EXCLAMATION MARK */ + {0x2049, 2, 1906}, /* EXCLAMATION QUESTION MARK */ + {0x2057, 4, 1888}, /* QUADRUPLE PRIME */ + {0x205f, 1, 1908}, /* MEDIUM MATHEMATICAL SPACE */ + {0x2070, 1, 1909}, /* SUPERSCRIPT ZERO */ + {0x2071, 1, 98}, /* SUPERSCRIPT LATIN SMALL LETTER I */ + {0x2074, 1, 17}, /* SUPERSCRIPT FOUR */ + {0x2075, 1, 1910}, /* SUPERSCRIPT FIVE */ + {0x2076, 1, 1911}, /* SUPERSCRIPT SIX */ + {0x2077, 1, 1912}, /* SUPERSCRIPT SEVEN */ + {0x2078, 1, 1913}, /* SUPERSCRIPT EIGHT */ + {0x2079, 1, 1914}, /* SUPERSCRIPT NINE */ + {0x207a, 1, 1915}, /* SUPERSCRIPT PLUS SIGN */ + {0x207b, 1, 1916}, /* SUPERSCRIPT MINUS */ + {0x207c, 1, 1917}, /* SUPERSCRIPT EQUALS SIGN */ + {0x207d, 1, 1918}, /* SUPERSCRIPT LEFT PARENTHESIS */ + {0x207e, 1, 1919}, /* SUPERSCRIPT RIGHT PARENTHESIS */ + {0x207f, 1, 106}, /* SUPERSCRIPT LATIN SMALL LETTER N */ + {0x2080, 1, 1909}, /* SUBSCRIPT ZERO */ + {0x2081, 1, 13}, /* SUBSCRIPT ONE */ + {0x2082, 1, 6}, /* SUBSCRIPT TWO */ + {0x2083, 1, 7}, /* SUBSCRIPT THREE */ + {0x2084, 1, 17}, /* SUBSCRIPT FOUR */ + {0x2085, 1, 1910}, /* SUBSCRIPT FIVE */ + {0x2086, 1, 1911}, /* SUBSCRIPT SIX */ + {0x2087, 1, 1912}, /* SUBSCRIPT SEVEN */ + {0x2088, 1, 1913}, /* SUBSCRIPT EIGHT */ + {0x2089, 1, 1914}, /* SUBSCRIPT NINE */ + {0x208a, 1, 1915}, /* SUBSCRIPT PLUS SIGN */ + {0x208b, 1, 1916}, /* SUBSCRIPT MINUS */ + {0x208c, 1, 1917}, /* SUBSCRIPT EQUALS SIGN */ + {0x208d, 1, 1918}, /* SUBSCRIPT LEFT PARENTHESIS */ + {0x208e, 1, 1919}, /* SUBSCRIPT RIGHT PARENTHESIS */ + {0x20a8, 2, 1920}, /* RUPEE SIGN */ + {0x2100, 3, 1922}, /* ACCOUNT OF */ + {0x2101, 3, 1925}, /* ADDRESSED TO THE SUBJECT */ + {0x2102, 1, 36}, /* DOUBLE-STRUCK CAPITAL C */ + {0x2103, 2, 1928}, /* DEGREE CELSIUS */ + {0x2105, 3, 1930}, /* CARE OF */ + {0x2106, 3, 1933}, /* CADA UNA */ + {0x2107, 1, 1936}, /* EULER CONSTANT */ + {0x2109, 2, 1937}, /* DEGREE FAHRENHEIT */ + {0x210a, 1, 184}, /* SCRIPT SMALL G */ + {0x210b, 1, 198}, /* SCRIPT CAPITAL H */ + {0x210c, 1, 198}, /* BLACK-LETTER CAPITAL H */ + {0x210d, 1, 198}, /* DOUBLE-STRUCK CAPITAL H */ + {0x210e, 1, 200}, /* PLANCK CONSTANT */ + {0x210f, 1, 1939}, /* PLANCK CONSTANT OVER TWO PI */ + {0x2110, 1, 46}, /* SCRIPT CAPITAL I */ + {0x2111, 1, 46}, /* BLACK-LETTER CAPITAL I */ + {0x2112, 1, 232}, /* SCRIPT CAPITAL L */ + {0x2113, 1, 234}, /* SCRIPT SMALL L */ + {0x2115, 1, 54}, /* DOUBLE-STRUCK CAPITAL N */ + {0x2116, 2, 1940}, /* NUMERO SIGN */ + {0x2119, 1, 914}, /* DOUBLE-STRUCK CAPITAL P */ + {0x211a, 1, 1942}, /* DOUBLE-STRUCK CAPITAL Q */ + {0x211b, 1, 274}, /* SCRIPT CAPITAL R */ + {0x211c, 1, 274}, /* BLACK-LETTER CAPITAL R */ + {0x211d, 1, 274}, /* DOUBLE-STRUCK CAPITAL R */ + {0x2120, 2, 1943}, /* SERVICE MARK */ + {0x2121, 3, 1945}, /* TELEPHONE SIGN */ + {0x2122, 2, 1948}, /* TRADE MARK SIGN */ + {0x2124, 1, 344}, /* DOUBLE-STRUCK CAPITAL Z */ + {0x2126, 1, 602}, /* OHM SIGN */ + {0x2128, 1, 344}, /* BLACK-LETTER CAPITAL Z */ + {0x212a, 1, 228}, /* KELVIN SIGN */ + {0x212b, 1, 462}, /* ANGSTROM SIGN */ + {0x212c, 1, 910}, /* SCRIPT CAPITAL B */ + {0x212d, 1, 36}, /* BLACK-LETTER CAPITAL C */ + {0x212f, 1, 90}, /* SCRIPT SMALL E */ + {0x2130, 1, 38}, /* SCRIPT CAPITAL E */ + {0x2131, 1, 995}, /* SCRIPT CAPITAL F */ + {0x2133, 1, 912}, /* SCRIPT CAPITAL M */ + {0x2134, 1, 14}, /* SCRIPT SMALL O */ + {0x2135, 1, 1950}, /* ALEF SYMBOL */ + {0x2136, 1, 1951}, /* BET SYMBOL */ + {0x2137, 1, 1952}, /* GIMEL SYMBOL */ + {0x2138, 1, 1953}, /* DALET SYMBOL */ + {0x2139, 1, 98}, /* INFORMATION SOURCE */ + {0x213b, 3, 1954}, /* FACSIMILE SIGN */ + {0x213d, 1, 932}, /* DOUBLE-STRUCK SMALL GAMMA */ + {0x213e, 1, 1957}, /* DOUBLE-STRUCK CAPITAL GAMMA */ + {0x213f, 1, 1958}, /* DOUBLE-STRUCK CAPITAL PI */ + {0x2140, 1, 1959}, /* DOUBLE-STRUCK N-ARY SUMMATION */ + {0x2145, 1, 158}, /* DOUBLE-STRUCK ITALIC CAPITAL D */ + {0x2146, 1, 160}, /* DOUBLE-STRUCK ITALIC SMALL D */ + {0x2147, 1, 90}, /* DOUBLE-STRUCK ITALIC SMALL E */ + {0x2148, 1, 98}, /* DOUBLE-STRUCK ITALIC SMALL I */ + {0x2149, 1, 223}, /* DOUBLE-STRUCK ITALIC SMALL J */ + {0x2153, 3, 1960}, /* VULGAR FRACTION ONE THIRD */ + {0x2154, 3, 1963}, /* VULGAR FRACTION TWO THIRDS */ + {0x2155, 3, 1966}, /* VULGAR FRACTION ONE FIFTH */ + {0x2156, 3, 1969}, /* VULGAR FRACTION TWO FIFTHS */ + {0x2157, 3, 1972}, /* VULGAR FRACTION THREE FIFTHS */ + {0x2158, 3, 1975}, /* VULGAR FRACTION FOUR FIFTHS */ + {0x2159, 3, 1978}, /* VULGAR FRACTION ONE SIXTH */ + {0x215a, 3, 1981}, /* VULGAR FRACTION FIVE SIXTHS */ + {0x215b, 3, 1984}, /* VULGAR FRACTION ONE EIGHTH */ + {0x215c, 3, 1987}, /* VULGAR FRACTION THREE EIGHTHS */ + {0x215d, 3, 1990}, /* VULGAR FRACTION FIVE EIGHTHS */ + {0x215e, 3, 1993}, /* VULGAR FRACTION SEVEN EIGHTHS */ + {0x215f, 2, 15}, /* FRACTION NUMERATOR ONE */ + {0x2160, 1, 46}, /* ROMAN NUMERAL ONE */ + {0x2161, 2, 1996}, /* ROMAN NUMERAL TWO */ + {0x2162, 3, 1998}, /* ROMAN NUMERAL THREE */ + {0x2163, 2, 2001}, /* ROMAN NUMERAL FOUR */ + {0x2164, 1, 1183}, /* ROMAN NUMERAL FIVE */ + {0x2165, 2, 2003}, /* ROMAN NUMERAL SIX */ + {0x2166, 3, 2005}, /* ROMAN NUMERAL SEVEN */ + {0x2167, 4, 2008}, /* ROMAN NUMERAL EIGHT */ + {0x2168, 2, 2012}, /* ROMAN NUMERAL NINE */ + {0x2169, 1, 1211}, /* ROMAN NUMERAL TEN */ + {0x216a, 2, 2014}, /* ROMAN NUMERAL ELEVEN */ + {0x216b, 3, 2016}, /* ROMAN NUMERAL TWELVE */ + {0x216c, 1, 232}, /* ROMAN NUMERAL FIFTY */ + {0x216d, 1, 36}, /* ROMAN NUMERAL ONE HUNDRED */ + {0x216e, 1, 158}, /* ROMAN NUMERAL FIVE HUNDRED */ + {0x216f, 1, 912}, /* ROMAN NUMERAL ONE THOUSAND */ + {0x2170, 1, 98}, /* SMALL ROMAN NUMERAL ONE */ + {0x2171, 2, 2019}, /* SMALL ROMAN NUMERAL TWO */ + {0x2172, 3, 2021}, /* SMALL ROMAN NUMERAL THREE */ + {0x2173, 2, 2024}, /* SMALL ROMAN NUMERAL FOUR */ + {0x2174, 1, 930}, /* SMALL ROMAN NUMERAL FIVE */ + {0x2175, 2, 2026}, /* SMALL ROMAN NUMERAL SIX */ + {0x2176, 3, 2028}, /* SMALL ROMAN NUMERAL SEVEN */ + {0x2177, 4, 2031}, /* SMALL ROMAN NUMERAL EIGHT */ + {0x2178, 2, 2035}, /* SMALL ROMAN NUMERAL NINE */ + {0x2179, 1, 579}, /* SMALL ROMAN NUMERAL TEN */ + {0x217a, 2, 2037}, /* SMALL ROMAN NUMERAL ELEVEN */ + {0x217b, 3, 2039}, /* SMALL ROMAN NUMERAL TWELVE */ + {0x217c, 1, 234}, /* SMALL ROMAN NUMERAL FIFTY */ + {0x217d, 1, 88}, /* SMALL ROMAN NUMERAL ONE HUNDRED */ + {0x217e, 1, 160}, /* SMALL ROMAN NUMERAL FIVE HUNDRED */ + {0x217f, 1, 922}, /* SMALL ROMAN NUMERAL ONE THOUSAND */ + {0x219a, 2, 2042}, /* LEFTWARDS ARROW WITH STROKE */ + {0x219b, 2, 2044}, /* RIGHTWARDS ARROW WITH STROKE */ + {0x21ae, 2, 2046}, /* LEFT RIGHT ARROW WITH STROKE */ + {0x21cd, 2, 2048}, /* LEFTWARDS DOUBLE ARROW WITH STROKE */ + {0x21ce, 2, 2050}, /* LEFT RIGHT DOUBLE ARROW WITH STROKE */ + {0x21cf, 2, 2052}, /* RIGHTWARDS DOUBLE ARROW WITH STROKE */ + {0x2204, 2, 2054}, /* THERE DOES NOT EXIST */ + {0x2209, 2, 2056}, /* NOT AN ELEMENT OF */ + {0x220c, 2, 2058}, /* DOES NOT CONTAIN AS MEMBER */ + {0x2224, 2, 2060}, /* DOES NOT DIVIDE */ + {0x2226, 2, 2062}, /* NOT PARALLEL TO */ + {0x222c, 2, 2064}, /* DOUBLE INTEGRAL */ + {0x222d, 3, 2066}, /* TRIPLE INTEGRAL */ + {0x222f, 2, 2069}, /* SURFACE INTEGRAL */ + {0x2230, 3, 2071}, /* VOLUME INTEGRAL */ + {0x2241, 2, 2074}, /* NOT TILDE */ + {0x2244, 2, 2076}, /* NOT ASYMPTOTICALLY EQUAL TO */ + {0x2247, 2, 2078}, /* NEITHER APPROXIMATELY NOR ACTUALLY EQUAL TO */ + {0x2249, 2, 2080}, /* NOT ALMOST EQUAL TO */ + {0x2260, 2, 2082}, /* NOT EQUAL TO */ + {0x2262, 2, 2084}, /* NOT IDENTICAL TO */ + {0x226d, 2, 2086}, /* NOT EQUIVALENT TO */ + {0x226e, 2, 2088}, /* NOT LESS-THAN */ + {0x226f, 2, 2090}, /* NOT GREATER-THAN */ + {0x2270, 2, 2092}, /* NEITHER LESS-THAN NOR EQUAL TO */ + {0x2271, 2, 2094}, /* NEITHER GREATER-THAN NOR EQUAL TO */ + {0x2274, 2, 2096}, /* NEITHER LESS-THAN NOR EQUIVALENT TO */ + {0x2275, 2, 2098}, /* NEITHER GREATER-THAN NOR EQUIVALENT TO */ + {0x2278, 2, 2100}, /* NEITHER LESS-THAN NOR GREATER-THAN */ + {0x2279, 2, 2102}, /* NEITHER GREATER-THAN NOR LESS-THAN */ + {0x2280, 2, 2104}, /* DOES NOT PRECEDE */ + {0x2281, 2, 2106}, /* DOES NOT SUCCEED */ + {0x2284, 2, 2108}, /* NOT A SUBSET OF */ + {0x2285, 2, 2110}, /* NOT A SUPERSET OF */ + {0x2288, 2, 2112}, /* NEITHER A SUBSET OF NOR EQUAL TO */ + {0x2289, 2, 2114}, /* NEITHER A SUPERSET OF NOR EQUAL TO */ + {0x22ac, 2, 2116}, /* DOES NOT PROVE */ + {0x22ad, 2, 2118}, /* NOT TRUE */ + {0x22ae, 2, 2120}, /* DOES NOT FORCE */ + {0x22af, 2, 2122}, /* NEGATED DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE */ + {0x22e0, 2, 2124}, /* DOES NOT PRECEDE OR EQUAL */ + {0x22e1, 2, 2126}, /* DOES NOT SUCCEED OR EQUAL */ + {0x22e2, 2, 2128}, /* NOT SQUARE IMAGE OF OR EQUAL TO */ + {0x22e3, 2, 2130}, /* NOT SQUARE ORIGINAL OF OR EQUAL TO */ + {0x22ea, 2, 2132}, /* NOT NORMAL SUBGROUP OF */ + {0x22eb, 2, 2134}, /* DOES NOT CONTAIN AS NORMAL SUBGROUP */ + {0x22ec, 2, 2136}, /* NOT NORMAL SUBGROUP OF OR EQUAL TO */ + {0x22ed, 2, 2138}, /* DOES NOT CONTAIN AS NORMAL SUBGROUP OR EQUAL */ + {0x2329, 1, 2140}, /* LEFT-POINTING ANGLE BRACKET */ + {0x232a, 1, 2141}, /* RIGHT-POINTING ANGLE BRACKET */ + {0x2460, 1, 13}, /* CIRCLED DIGIT ONE */ + {0x2461, 1, 6}, /* CIRCLED DIGIT TWO */ + {0x2462, 1, 7}, /* CIRCLED DIGIT THREE */ + {0x2463, 1, 17}, /* CIRCLED DIGIT FOUR */ + {0x2464, 1, 1910}, /* CIRCLED DIGIT FIVE */ + {0x2465, 1, 1911}, /* CIRCLED DIGIT SIX */ + {0x2466, 1, 1912}, /* CIRCLED DIGIT SEVEN */ + {0x2467, 1, 1913}, /* CIRCLED DIGIT EIGHT */ + {0x2468, 1, 1914}, /* CIRCLED DIGIT NINE */ + {0x2469, 2, 2142}, /* CIRCLED NUMBER TEN */ + {0x246a, 2, 2144}, /* CIRCLED NUMBER ELEVEN */ + {0x246b, 2, 2146}, /* CIRCLED NUMBER TWELVE */ + {0x246c, 2, 2148}, /* CIRCLED NUMBER THIRTEEN */ + {0x246d, 2, 2150}, /* CIRCLED NUMBER FOURTEEN */ + {0x246e, 2, 2152}, /* CIRCLED NUMBER FIFTEEN */ + {0x246f, 2, 2154}, /* CIRCLED NUMBER SIXTEEN */ + {0x2470, 2, 2156}, /* CIRCLED NUMBER SEVENTEEN */ + {0x2471, 2, 2158}, /* CIRCLED NUMBER EIGHTEEN */ + {0x2472, 2, 2160}, /* CIRCLED NUMBER NINETEEN */ + {0x2473, 2, 2162}, /* CIRCLED NUMBER TWENTY */ + {0x2474, 3, 2164}, /* PARENTHESIZED DIGIT ONE */ + {0x2475, 3, 2167}, /* PARENTHESIZED DIGIT TWO */ + {0x2476, 3, 2170}, /* PARENTHESIZED DIGIT THREE */ + {0x2477, 3, 2173}, /* PARENTHESIZED DIGIT FOUR */ + {0x2478, 3, 2176}, /* PARENTHESIZED DIGIT FIVE */ + {0x2479, 3, 2179}, /* PARENTHESIZED DIGIT SIX */ + {0x247a, 3, 2182}, /* PARENTHESIZED DIGIT SEVEN */ + {0x247b, 3, 2185}, /* PARENTHESIZED DIGIT EIGHT */ + {0x247c, 3, 2188}, /* PARENTHESIZED DIGIT NINE */ + {0x247d, 4, 2191}, /* PARENTHESIZED NUMBER TEN */ + {0x247e, 4, 2195}, /* PARENTHESIZED NUMBER ELEVEN */ + {0x247f, 4, 2199}, /* PARENTHESIZED NUMBER TWELVE */ + {0x2480, 4, 2203}, /* PARENTHESIZED NUMBER THIRTEEN */ + {0x2481, 4, 2207}, /* PARENTHESIZED NUMBER FOURTEEN */ + {0x2482, 4, 2211}, /* PARENTHESIZED NUMBER FIFTEEN */ + {0x2483, 4, 2215}, /* PARENTHESIZED NUMBER SIXTEEN */ + {0x2484, 4, 2219}, /* PARENTHESIZED NUMBER SEVENTEEN */ + {0x2485, 4, 2223}, /* PARENTHESIZED NUMBER EIGHTEEN */ + {0x2486, 4, 2227}, /* PARENTHESIZED NUMBER NINETEEN */ + {0x2487, 4, 2231}, /* PARENTHESIZED NUMBER TWENTY */ + {0x2488, 2, 2235}, /* DIGIT ONE FULL STOP */ + {0x2489, 2, 2237}, /* DIGIT TWO FULL STOP */ + {0x248a, 2, 2239}, /* DIGIT THREE FULL STOP */ + {0x248b, 2, 2241}, /* DIGIT FOUR FULL STOP */ + {0x248c, 2, 2243}, /* DIGIT FIVE FULL STOP */ + {0x248d, 2, 2245}, /* DIGIT SIX FULL STOP */ + {0x248e, 2, 2247}, /* DIGIT SEVEN FULL STOP */ + {0x248f, 2, 2249}, /* DIGIT EIGHT FULL STOP */ + {0x2490, 2, 2251}, /* DIGIT NINE FULL STOP */ + {0x2491, 3, 2253}, /* NUMBER TEN FULL STOP */ + {0x2492, 3, 2256}, /* NUMBER ELEVEN FULL STOP */ + {0x2493, 3, 2259}, /* NUMBER TWELVE FULL STOP */ + {0x2494, 3, 2262}, /* NUMBER THIRTEEN FULL STOP */ + {0x2495, 3, 2265}, /* NUMBER FOURTEEN FULL STOP */ + {0x2496, 3, 2268}, /* NUMBER FIFTEEN FULL STOP */ + {0x2497, 3, 2271}, /* NUMBER SIXTEEN FULL STOP */ + {0x2498, 3, 2274}, /* NUMBER SEVENTEEN FULL STOP */ + {0x2499, 3, 2277}, /* NUMBER EIGHTEEN FULL STOP */ + {0x249a, 3, 2280}, /* NUMBER NINETEEN FULL STOP */ + {0x249b, 3, 2283}, /* NUMBER TWENTY FULL STOP */ + {0x249c, 3, 2286}, /* PARENTHESIZED LATIN SMALL LETTER A */ + {0x249d, 3, 2289}, /* PARENTHESIZED LATIN SMALL LETTER B */ + {0x249e, 3, 2292}, /* PARENTHESIZED LATIN SMALL LETTER C */ + {0x249f, 3, 2295}, /* PARENTHESIZED LATIN SMALL LETTER D */ + {0x24a0, 3, 2298}, /* PARENTHESIZED LATIN SMALL LETTER E */ + {0x24a1, 3, 2301}, /* PARENTHESIZED LATIN SMALL LETTER F */ + {0x24a2, 3, 2304}, /* PARENTHESIZED LATIN SMALL LETTER G */ + {0x24a3, 3, 2307}, /* PARENTHESIZED LATIN SMALL LETTER H */ + {0x24a4, 3, 2310}, /* PARENTHESIZED LATIN SMALL LETTER I */ + {0x24a5, 3, 2313}, /* PARENTHESIZED LATIN SMALL LETTER J */ + {0x24a6, 3, 2316}, /* PARENTHESIZED LATIN SMALL LETTER K */ + {0x24a7, 3, 2319}, /* PARENTHESIZED LATIN SMALL LETTER L */ + {0x24a8, 3, 2322}, /* PARENTHESIZED LATIN SMALL LETTER M */ + {0x24a9, 3, 2325}, /* PARENTHESIZED LATIN SMALL LETTER N */ + {0x24aa, 3, 2328}, /* PARENTHESIZED LATIN SMALL LETTER O */ + {0x24ab, 3, 2331}, /* PARENTHESIZED LATIN SMALL LETTER P */ + {0x24ac, 3, 2334}, /* PARENTHESIZED LATIN SMALL LETTER Q */ + {0x24ad, 3, 2337}, /* PARENTHESIZED LATIN SMALL LETTER R */ + {0x24ae, 3, 2340}, /* PARENTHESIZED LATIN SMALL LETTER S */ + {0x24af, 3, 2343}, /* PARENTHESIZED LATIN SMALL LETTER T */ + {0x24b0, 3, 2346}, /* PARENTHESIZED LATIN SMALL LETTER U */ + {0x24b1, 3, 2349}, /* PARENTHESIZED LATIN SMALL LETTER V */ + {0x24b2, 3, 2352}, /* PARENTHESIZED LATIN SMALL LETTER W */ + {0x24b3, 3, 2355}, /* PARENTHESIZED LATIN SMALL LETTER X */ + {0x24b4, 3, 2358}, /* PARENTHESIZED LATIN SMALL LETTER Y */ + {0x24b5, 3, 2361}, /* PARENTHESIZED LATIN SMALL LETTER Z */ + {0x24b6, 1, 24}, /* CIRCLED LATIN CAPITAL LETTER A */ + {0x24b7, 1, 910}, /* CIRCLED LATIN CAPITAL LETTER B */ + {0x24b8, 1, 36}, /* CIRCLED LATIN CAPITAL LETTER C */ + {0x24b9, 1, 158}, /* CIRCLED LATIN CAPITAL LETTER D */ + {0x24ba, 1, 38}, /* CIRCLED LATIN CAPITAL LETTER E */ + {0x24bb, 1, 995}, /* CIRCLED LATIN CAPITAL LETTER F */ + {0x24bc, 1, 182}, /* CIRCLED LATIN CAPITAL LETTER G */ + {0x24bd, 1, 198}, /* CIRCLED LATIN CAPITAL LETTER H */ + {0x24be, 1, 46}, /* CIRCLED LATIN CAPITAL LETTER I */ + {0x24bf, 1, 221}, /* CIRCLED LATIN CAPITAL LETTER J */ + {0x24c0, 1, 228}, /* CIRCLED LATIN CAPITAL LETTER K */ + {0x24c1, 1, 232}, /* CIRCLED LATIN CAPITAL LETTER L */ + {0x24c2, 1, 912}, /* CIRCLED LATIN CAPITAL LETTER M */ + {0x24c3, 1, 54}, /* CIRCLED LATIN CAPITAL LETTER N */ + {0x24c4, 1, 56}, /* CIRCLED LATIN CAPITAL LETTER O */ + {0x24c5, 1, 914}, /* CIRCLED LATIN CAPITAL LETTER P */ + {0x24c6, 1, 1942}, /* CIRCLED LATIN CAPITAL LETTER Q */ + {0x24c7, 1, 274}, /* CIRCLED LATIN CAPITAL LETTER R */ + {0x24c8, 1, 286}, /* CIRCLED LATIN CAPITAL LETTER S */ + {0x24c9, 1, 302}, /* CIRCLED LATIN CAPITAL LETTER T */ + {0x24ca, 1, 66}, /* CIRCLED LATIN CAPITAL LETTER U */ + {0x24cb, 1, 1183}, /* CIRCLED LATIN CAPITAL LETTER V */ + {0x24cc, 1, 334}, /* CIRCLED LATIN CAPITAL LETTER W */ + {0x24cd, 1, 1211}, /* CIRCLED LATIN CAPITAL LETTER X */ + {0x24ce, 1, 74}, /* CIRCLED LATIN CAPITAL LETTER Y */ + {0x24cf, 1, 344}, /* CIRCLED LATIN CAPITAL LETTER Z */ + {0x24d0, 1, 3}, /* CIRCLED LATIN SMALL LETTER A */ + {0x24d1, 1, 918}, /* CIRCLED LATIN SMALL LETTER B */ + {0x24d2, 1, 88}, /* CIRCLED LATIN SMALL LETTER C */ + {0x24d3, 1, 160}, /* CIRCLED LATIN SMALL LETTER D */ + {0x24d4, 1, 90}, /* CIRCLED LATIN SMALL LETTER E */ + {0x24d5, 1, 997}, /* CIRCLED LATIN SMALL LETTER F */ + {0x24d6, 1, 184}, /* CIRCLED LATIN SMALL LETTER G */ + {0x24d7, 1, 200}, /* CIRCLED LATIN SMALL LETTER H */ + {0x24d8, 1, 98}, /* CIRCLED LATIN SMALL LETTER I */ + {0x24d9, 1, 223}, /* CIRCLED LATIN SMALL LETTER J */ + {0x24da, 1, 230}, /* CIRCLED LATIN SMALL LETTER K */ + {0x24db, 1, 234}, /* CIRCLED LATIN SMALL LETTER L */ + {0x24dc, 1, 922}, /* CIRCLED LATIN SMALL LETTER M */ + {0x24dd, 1, 106}, /* CIRCLED LATIN SMALL LETTER N */ + {0x24de, 1, 14}, /* CIRCLED LATIN SMALL LETTER O */ + {0x24df, 1, 927}, /* CIRCLED LATIN SMALL LETTER P */ + {0x24e0, 1, 2335}, /* CIRCLED LATIN SMALL LETTER Q */ + {0x24e1, 1, 276}, /* CIRCLED LATIN SMALL LETTER R */ + {0x24e2, 1, 288}, /* CIRCLED LATIN SMALL LETTER S */ + {0x24e3, 1, 304}, /* CIRCLED LATIN SMALL LETTER T */ + {0x24e4, 1, 118}, /* CIRCLED LATIN SMALL LETTER U */ + {0x24e5, 1, 930}, /* CIRCLED LATIN SMALL LETTER V */ + {0x24e6, 1, 336}, /* CIRCLED LATIN SMALL LETTER W */ + {0x24e7, 1, 579}, /* CIRCLED LATIN SMALL LETTER X */ + {0x24e8, 1, 126}, /* CIRCLED LATIN SMALL LETTER Y */ + {0x24e9, 1, 346}, /* CIRCLED LATIN SMALL LETTER Z */ + {0x24ea, 1, 1909}, /* CIRCLED DIGIT ZERO */ + {0x2a0c, 4, 2064}, /* QUADRUPLE INTEGRAL OPERATOR */ + {0x2a74, 3, 2364}, /* DOUBLE COLON EQUAL */ + {0x2a75, 2, 2367}, /* TWO CONSECUTIVE EQUALS SIGNS */ + {0x2a76, 3, 2366}, /* THREE CONSECUTIVE EQUALS SIGNS */ + {0x2adc, 2, 2369}, /* FORKING */ + {0x2e9f, 1, 2371}, /* CJK RADICAL MOTHER */ + {0x2ef3, 1, 2372}, /* CJK RADICAL C-SIMPLIFIED TURTLE */ + {0x2f00, 1, 2373}, /* KANGXI RADICAL ONE */ + {0x2f01, 1, 2374}, /* KANGXI RADICAL LINE */ + {0x2f02, 1, 2375}, /* KANGXI RADICAL DOT */ + {0x2f03, 1, 2376}, /* KANGXI RADICAL SLASH */ + {0x2f04, 1, 2377}, /* KANGXI RADICAL SECOND */ + {0x2f05, 1, 2378}, /* KANGXI RADICAL HOOK */ + {0x2f06, 1, 2379}, /* KANGXI RADICAL TWO */ + {0x2f07, 1, 2380}, /* KANGXI RADICAL LID */ + {0x2f08, 1, 2381}, /* KANGXI RADICAL MAN */ + {0x2f09, 1, 2382}, /* KANGXI RADICAL LEGS */ + {0x2f0a, 1, 2383}, /* KANGXI RADICAL ENTER */ + {0x2f0b, 1, 2384}, /* KANGXI RADICAL EIGHT */ + {0x2f0c, 1, 2385}, /* KANGXI RADICAL DOWN BOX */ + {0x2f0d, 1, 2386}, /* KANGXI RADICAL COVER */ + {0x2f0e, 1, 2387}, /* KANGXI RADICAL ICE */ + {0x2f0f, 1, 2388}, /* KANGXI RADICAL TABLE */ + {0x2f10, 1, 2389}, /* KANGXI RADICAL OPEN BOX */ + {0x2f11, 1, 2390}, /* KANGXI RADICAL KNIFE */ + {0x2f12, 1, 2391}, /* KANGXI RADICAL POWER */ + {0x2f13, 1, 2392}, /* KANGXI RADICAL WRAP */ + {0x2f14, 1, 2393}, /* KANGXI RADICAL SPOON */ + {0x2f15, 1, 2394}, /* KANGXI RADICAL RIGHT OPEN BOX */ + {0x2f16, 1, 2395}, /* KANGXI RADICAL HIDING ENCLOSURE */ + {0x2f17, 1, 2396}, /* KANGXI RADICAL TEN */ + {0x2f18, 1, 2397}, /* KANGXI RADICAL DIVINATION */ + {0x2f19, 1, 2398}, /* KANGXI RADICAL SEAL */ + {0x2f1a, 1, 2399}, /* KANGXI RADICAL CLIFF */ + {0x2f1b, 1, 2400}, /* KANGXI RADICAL PRIVATE */ + {0x2f1c, 1, 2401}, /* KANGXI RADICAL AGAIN */ + {0x2f1d, 1, 2402}, /* KANGXI RADICAL MOUTH */ + {0x2f1e, 1, 2403}, /* KANGXI RADICAL ENCLOSURE */ + {0x2f1f, 1, 2404}, /* KANGXI RADICAL EARTH */ + {0x2f20, 1, 2405}, /* KANGXI RADICAL SCHOLAR */ + {0x2f21, 1, 2406}, /* KANGXI RADICAL GO */ + {0x2f22, 1, 2407}, /* KANGXI RADICAL GO SLOWLY */ + {0x2f23, 1, 2408}, /* KANGXI RADICAL EVENING */ + {0x2f24, 1, 2409}, /* KANGXI RADICAL BIG */ + {0x2f25, 1, 2410}, /* KANGXI RADICAL WOMAN */ + {0x2f26, 1, 2411}, /* KANGXI RADICAL CHILD */ + {0x2f27, 1, 2412}, /* KANGXI RADICAL ROOF */ + {0x2f28, 1, 2413}, /* KANGXI RADICAL INCH */ + {0x2f29, 1, 2414}, /* KANGXI RADICAL SMALL */ + {0x2f2a, 1, 2415}, /* KANGXI RADICAL LAME */ + {0x2f2b, 1, 2416}, /* KANGXI RADICAL CORPSE */ + {0x2f2c, 1, 2417}, /* KANGXI RADICAL SPROUT */ + {0x2f2d, 1, 2418}, /* KANGXI RADICAL MOUNTAIN */ + {0x2f2e, 1, 2419}, /* KANGXI RADICAL RIVER */ + {0x2f2f, 1, 2420}, /* KANGXI RADICAL WORK */ + {0x2f30, 1, 2421}, /* KANGXI RADICAL ONESELF */ + {0x2f31, 1, 2422}, /* KANGXI RADICAL TURBAN */ + {0x2f32, 1, 2423}, /* KANGXI RADICAL DRY */ + {0x2f33, 1, 2424}, /* KANGXI RADICAL SHORT THREAD */ + {0x2f34, 1, 2425}, /* KANGXI RADICAL DOTTED CLIFF */ + {0x2f35, 1, 2426}, /* KANGXI RADICAL LONG STRIDE */ + {0x2f36, 1, 2427}, /* KANGXI RADICAL TWO HANDS */ + {0x2f37, 1, 2428}, /* KANGXI RADICAL SHOOT */ + {0x2f38, 1, 2429}, /* KANGXI RADICAL BOW */ + {0x2f39, 1, 2430}, /* KANGXI RADICAL SNOUT */ + {0x2f3a, 1, 2431}, /* KANGXI RADICAL BRISTLE */ + {0x2f3b, 1, 2432}, /* KANGXI RADICAL STEP */ + {0x2f3c, 1, 2433}, /* KANGXI RADICAL HEART */ + {0x2f3d, 1, 2434}, /* KANGXI RADICAL HALBERD */ + {0x2f3e, 1, 2435}, /* KANGXI RADICAL DOOR */ + {0x2f3f, 1, 2436}, /* KANGXI RADICAL HAND */ + {0x2f40, 1, 2437}, /* KANGXI RADICAL BRANCH */ + {0x2f41, 1, 2438}, /* KANGXI RADICAL RAP */ + {0x2f42, 1, 2439}, /* KANGXI RADICAL SCRIPT */ + {0x2f43, 1, 2440}, /* KANGXI RADICAL DIPPER */ + {0x2f44, 1, 2441}, /* KANGXI RADICAL AXE */ + {0x2f45, 1, 2442}, /* KANGXI RADICAL SQUARE */ + {0x2f46, 1, 2443}, /* KANGXI RADICAL NOT */ + {0x2f47, 1, 2444}, /* KANGXI RADICAL SUN */ + {0x2f48, 1, 2445}, /* KANGXI RADICAL SAY */ + {0x2f49, 1, 2446}, /* KANGXI RADICAL MOON */ + {0x2f4a, 1, 2447}, /* KANGXI RADICAL TREE */ + {0x2f4b, 1, 2448}, /* KANGXI RADICAL LACK */ + {0x2f4c, 1, 2449}, /* KANGXI RADICAL STOP */ + {0x2f4d, 1, 2450}, /* KANGXI RADICAL DEATH */ + {0x2f4e, 1, 2451}, /* KANGXI RADICAL WEAPON */ + {0x2f4f, 1, 2452}, /* KANGXI RADICAL DO NOT */ + {0x2f50, 1, 2453}, /* KANGXI RADICAL COMPARE */ + {0x2f51, 1, 2454}, /* KANGXI RADICAL FUR */ + {0x2f52, 1, 2455}, /* KANGXI RADICAL CLAN */ + {0x2f53, 1, 2456}, /* KANGXI RADICAL STEAM */ + {0x2f54, 1, 2457}, /* KANGXI RADICAL WATER */ + {0x2f55, 1, 2458}, /* KANGXI RADICAL FIRE */ + {0x2f56, 1, 2459}, /* KANGXI RADICAL CLAW */ + {0x2f57, 1, 2460}, /* KANGXI RADICAL FATHER */ + {0x2f58, 1, 2461}, /* KANGXI RADICAL DOUBLE X */ + {0x2f59, 1, 2462}, /* KANGXI RADICAL HALF TREE TRUNK */ + {0x2f5a, 1, 2463}, /* KANGXI RADICAL SLICE */ + {0x2f5b, 1, 2464}, /* KANGXI RADICAL FANG */ + {0x2f5c, 1, 2465}, /* KANGXI RADICAL COW */ + {0x2f5d, 1, 2466}, /* KANGXI RADICAL DOG */ + {0x2f5e, 1, 2467}, /* KANGXI RADICAL PROFOUND */ + {0x2f5f, 1, 2468}, /* KANGXI RADICAL JADE */ + {0x2f60, 1, 2469}, /* KANGXI RADICAL MELON */ + {0x2f61, 1, 2470}, /* KANGXI RADICAL TILE */ + {0x2f62, 1, 2471}, /* KANGXI RADICAL SWEET */ + {0x2f63, 1, 2472}, /* KANGXI RADICAL LIFE */ + {0x2f64, 1, 2473}, /* KANGXI RADICAL USE */ + {0x2f65, 1, 2474}, /* KANGXI RADICAL FIELD */ + {0x2f66, 1, 2475}, /* KANGXI RADICAL BOLT OF CLOTH */ + {0x2f67, 1, 2476}, /* KANGXI RADICAL SICKNESS */ + {0x2f68, 1, 2477}, /* KANGXI RADICAL DOTTED TENT */ + {0x2f69, 1, 2478}, /* KANGXI RADICAL WHITE */ + {0x2f6a, 1, 2479}, /* KANGXI RADICAL SKIN */ + {0x2f6b, 1, 2480}, /* KANGXI RADICAL DISH */ + {0x2f6c, 1, 2481}, /* KANGXI RADICAL EYE */ + {0x2f6d, 1, 2482}, /* KANGXI RADICAL SPEAR */ + {0x2f6e, 1, 2483}, /* KANGXI RADICAL ARROW */ + {0x2f6f, 1, 2484}, /* KANGXI RADICAL STONE */ + {0x2f70, 1, 2485}, /* KANGXI RADICAL SPIRIT */ + {0x2f71, 1, 2486}, /* KANGXI RADICAL TRACK */ + {0x2f72, 1, 2487}, /* KANGXI RADICAL GRAIN */ + {0x2f73, 1, 2488}, /* KANGXI RADICAL CAVE */ + {0x2f74, 1, 2489}, /* KANGXI RADICAL STAND */ + {0x2f75, 1, 2490}, /* KANGXI RADICAL BAMBOO */ + {0x2f76, 1, 2491}, /* KANGXI RADICAL RICE */ + {0x2f77, 1, 2492}, /* KANGXI RADICAL SILK */ + {0x2f78, 1, 2493}, /* KANGXI RADICAL JAR */ + {0x2f79, 1, 2494}, /* KANGXI RADICAL NET */ + {0x2f7a, 1, 2495}, /* KANGXI RADICAL SHEEP */ + {0x2f7b, 1, 2496}, /* KANGXI RADICAL FEATHER */ + {0x2f7c, 1, 2497}, /* KANGXI RADICAL OLD */ + {0x2f7d, 1, 2498}, /* KANGXI RADICAL AND */ + {0x2f7e, 1, 2499}, /* KANGXI RADICAL PLOW */ + {0x2f7f, 1, 2500}, /* KANGXI RADICAL EAR */ + {0x2f80, 1, 2501}, /* KANGXI RADICAL BRUSH */ + {0x2f81, 1, 2502}, /* KANGXI RADICAL MEAT */ + {0x2f82, 1, 2503}, /* KANGXI RADICAL MINISTER */ + {0x2f83, 1, 2504}, /* KANGXI RADICAL SELF */ + {0x2f84, 1, 2505}, /* KANGXI RADICAL ARRIVE */ + {0x2f85, 1, 2506}, /* KANGXI RADICAL MORTAR */ + {0x2f86, 1, 2507}, /* KANGXI RADICAL TONGUE */ + {0x2f87, 1, 2508}, /* KANGXI RADICAL OPPOSE */ + {0x2f88, 1, 2509}, /* KANGXI RADICAL BOAT */ + {0x2f89, 1, 2510}, /* KANGXI RADICAL STOPPING */ + {0x2f8a, 1, 2511}, /* KANGXI RADICAL COLOR */ + {0x2f8b, 1, 2512}, /* KANGXI RADICAL GRASS */ + {0x2f8c, 1, 2513}, /* KANGXI RADICAL TIGER */ + {0x2f8d, 1, 2514}, /* KANGXI RADICAL INSECT */ + {0x2f8e, 1, 2515}, /* KANGXI RADICAL BLOOD */ + {0x2f8f, 1, 2516}, /* KANGXI RADICAL WALK ENCLOSURE */ + {0x2f90, 1, 2517}, /* KANGXI RADICAL CLOTHES */ + {0x2f91, 1, 2518}, /* KANGXI RADICAL WEST */ + {0x2f92, 1, 2519}, /* KANGXI RADICAL SEE */ + {0x2f93, 1, 2520}, /* KANGXI RADICAL HORN */ + {0x2f94, 1, 2521}, /* KANGXI RADICAL SPEECH */ + {0x2f95, 1, 2522}, /* KANGXI RADICAL VALLEY */ + {0x2f96, 1, 2523}, /* KANGXI RADICAL BEAN */ + {0x2f97, 1, 2524}, /* KANGXI RADICAL PIG */ + {0x2f98, 1, 2525}, /* KANGXI RADICAL BADGER */ + {0x2f99, 1, 2526}, /* KANGXI RADICAL SHELL */ + {0x2f9a, 1, 2527}, /* KANGXI RADICAL RED */ + {0x2f9b, 1, 2528}, /* KANGXI RADICAL RUN */ + {0x2f9c, 1, 2529}, /* KANGXI RADICAL FOOT */ + {0x2f9d, 1, 2530}, /* KANGXI RADICAL BODY */ + {0x2f9e, 1, 2531}, /* KANGXI RADICAL CART */ + {0x2f9f, 1, 2532}, /* KANGXI RADICAL BITTER */ + {0x2fa0, 1, 2533}, /* KANGXI RADICAL MORNING */ + {0x2fa1, 1, 2534}, /* KANGXI RADICAL WALK */ + {0x2fa2, 1, 2535}, /* KANGXI RADICAL CITY */ + {0x2fa3, 1, 2536}, /* KANGXI RADICAL WINE */ + {0x2fa4, 1, 2537}, /* KANGXI RADICAL DISTINGUISH */ + {0x2fa5, 1, 2538}, /* KANGXI RADICAL VILLAGE */ + {0x2fa6, 1, 2539}, /* KANGXI RADICAL GOLD */ + {0x2fa7, 1, 2540}, /* KANGXI RADICAL LONG */ + {0x2fa8, 1, 2541}, /* KANGXI RADICAL GATE */ + {0x2fa9, 1, 2542}, /* KANGXI RADICAL MOUND */ + {0x2faa, 1, 2543}, /* KANGXI RADICAL SLAVE */ + {0x2fab, 1, 2544}, /* KANGXI RADICAL SHORT TAILED BIRD */ + {0x2fac, 1, 2545}, /* KANGXI RADICAL RAIN */ + {0x2fad, 1, 2546}, /* KANGXI RADICAL BLUE */ + {0x2fae, 1, 2547}, /* KANGXI RADICAL WRONG */ + {0x2faf, 1, 2548}, /* KANGXI RADICAL FACE */ + {0x2fb0, 1, 2549}, /* KANGXI RADICAL LEATHER */ + {0x2fb1, 1, 2550}, /* KANGXI RADICAL TANNED LEATHER */ + {0x2fb2, 1, 2551}, /* KANGXI RADICAL LEEK */ + {0x2fb3, 1, 2552}, /* KANGXI RADICAL SOUND */ + {0x2fb4, 1, 2553}, /* KANGXI RADICAL LEAF */ + {0x2fb5, 1, 2554}, /* KANGXI RADICAL WIND */ + {0x2fb6, 1, 2555}, /* KANGXI RADICAL FLY */ + {0x2fb7, 1, 2556}, /* KANGXI RADICAL EAT */ + {0x2fb8, 1, 2557}, /* KANGXI RADICAL HEAD */ + {0x2fb9, 1, 2558}, /* KANGXI RADICAL FRAGRANT */ + {0x2fba, 1, 2559}, /* KANGXI RADICAL HORSE */ + {0x2fbb, 1, 2560}, /* KANGXI RADICAL BONE */ + {0x2fbc, 1, 2561}, /* KANGXI RADICAL TALL */ + {0x2fbd, 1, 2562}, /* KANGXI RADICAL HAIR */ + {0x2fbe, 1, 2563}, /* KANGXI RADICAL FIGHT */ + {0x2fbf, 1, 2564}, /* KANGXI RADICAL SACRIFICIAL WINE */ + {0x2fc0, 1, 2565}, /* KANGXI RADICAL CAULDRON */ + {0x2fc1, 1, 2566}, /* KANGXI RADICAL GHOST */ + {0x2fc2, 1, 2567}, /* KANGXI RADICAL FISH */ + {0x2fc3, 1, 2568}, /* KANGXI RADICAL BIRD */ + {0x2fc4, 1, 2569}, /* KANGXI RADICAL SALT */ + {0x2fc5, 1, 2570}, /* KANGXI RADICAL DEER */ + {0x2fc6, 1, 2571}, /* KANGXI RADICAL WHEAT */ + {0x2fc7, 1, 2572}, /* KANGXI RADICAL HEMP */ + {0x2fc8, 1, 2573}, /* KANGXI RADICAL YELLOW */ + {0x2fc9, 1, 2574}, /* KANGXI RADICAL MILLET */ + {0x2fca, 1, 2575}, /* KANGXI RADICAL BLACK */ + {0x2fcb, 1, 2576}, /* KANGXI RADICAL EMBROIDERY */ + {0x2fcc, 1, 2577}, /* KANGXI RADICAL FROG */ + {0x2fcd, 1, 2578}, /* KANGXI RADICAL TRIPOD */ + {0x2fce, 1, 2579}, /* KANGXI RADICAL DRUM */ + {0x2fcf, 1, 2580}, /* KANGXI RADICAL RAT */ + {0x2fd0, 1, 2581}, /* KANGXI RADICAL NOSE */ + {0x2fd1, 1, 2582}, /* KANGXI RADICAL EVEN */ + {0x2fd2, 1, 2583}, /* KANGXI RADICAL TOOTH */ + {0x2fd3, 1, 2584}, /* KANGXI RADICAL DRAGON */ + {0x2fd4, 1, 2585}, /* KANGXI RADICAL TURTLE */ + {0x2fd5, 1, 2586}, /* KANGXI RADICAL FLUTE */ + {0x3000, 1, 2587}, /* IDEOGRAPHIC SPACE */ + {0x3036, 1, 2588}, /* CIRCLED POSTAL MARK */ + {0x3038, 1, 2396}, /* HANGZHOU NUMERAL TEN */ + {0x3039, 1, 2589}, /* HANGZHOU NUMERAL TWENTY */ + {0x303a, 1, 2590}, /* HANGZHOU NUMERAL THIRTY */ + {0x304c, 2, 2591}, /* HIRAGANA LETTER GA */ + {0x304e, 2, 2593}, /* HIRAGANA LETTER GI */ + {0x3050, 2, 2595}, /* HIRAGANA LETTER GU */ + {0x3052, 2, 2597}, /* HIRAGANA LETTER GE */ + {0x3054, 2, 2599}, /* HIRAGANA LETTER GO */ + {0x3056, 2, 2601}, /* HIRAGANA LETTER ZA */ + {0x3058, 2, 2603}, /* HIRAGANA LETTER ZI */ + {0x305a, 2, 2605}, /* HIRAGANA LETTER ZU */ + {0x305c, 2, 2607}, /* HIRAGANA LETTER ZE */ + {0x305e, 2, 2609}, /* HIRAGANA LETTER ZO */ + {0x3060, 2, 2611}, /* HIRAGANA LETTER DA */ + {0x3062, 2, 2613}, /* HIRAGANA LETTER DI */ + {0x3065, 2, 2615}, /* HIRAGANA LETTER DU */ + {0x3067, 2, 2617}, /* HIRAGANA LETTER DE */ + {0x3069, 2, 2619}, /* HIRAGANA LETTER DO */ + {0x3070, 2, 2621}, /* HIRAGANA LETTER BA */ + {0x3071, 2, 2623}, /* HIRAGANA LETTER PA */ + {0x3073, 2, 2625}, /* HIRAGANA LETTER BI */ + {0x3074, 2, 2627}, /* HIRAGANA LETTER PI */ + {0x3076, 2, 2629}, /* HIRAGANA LETTER BU */ + {0x3077, 2, 2631}, /* HIRAGANA LETTER PU */ + {0x3079, 2, 2633}, /* HIRAGANA LETTER BE */ + {0x307a, 2, 2635}, /* HIRAGANA LETTER PE */ + {0x307c, 2, 2637}, /* HIRAGANA LETTER BO */ + {0x307d, 2, 2639}, /* HIRAGANA LETTER PO */ + {0x3094, 2, 2641}, /* HIRAGANA LETTER VU */ + {0x309b, 2, 2643}, /* KATAKANA-HIRAGANA VOICED SOUND MARK */ + {0x309c, 2, 2645}, /* KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK */ + {0x309e, 2, 2647}, /* HIRAGANA VOICED ITERATION MARK */ + {0x309f, 2, 2649}, /* HIRAGANA DIGRAPH YORI */ + {0x30ac, 2, 2651}, /* KATAKANA LETTER GA */ + {0x30ae, 2, 2653}, /* KATAKANA LETTER GI */ + {0x30b0, 2, 2655}, /* KATAKANA LETTER GU */ + {0x30b2, 2, 2657}, /* KATAKANA LETTER GE */ + {0x30b4, 2, 2659}, /* KATAKANA LETTER GO */ + {0x30b6, 2, 2661}, /* KATAKANA LETTER ZA */ + {0x30b8, 2, 2663}, /* KATAKANA LETTER ZI */ + {0x30ba, 2, 2665}, /* KATAKANA LETTER ZU */ + {0x30bc, 2, 2667}, /* KATAKANA LETTER ZE */ + {0x30be, 2, 2669}, /* KATAKANA LETTER ZO */ + {0x30c0, 2, 2671}, /* KATAKANA LETTER DA */ + {0x30c2, 2, 2673}, /* KATAKANA LETTER DI */ + {0x30c5, 2, 2675}, /* KATAKANA LETTER DU */ + {0x30c7, 2, 2677}, /* KATAKANA LETTER DE */ + {0x30c9, 2, 2679}, /* KATAKANA LETTER DO */ + {0x30d0, 2, 2681}, /* KATAKANA LETTER BA */ + {0x30d1, 2, 2683}, /* KATAKANA LETTER PA */ + {0x30d3, 2, 2685}, /* KATAKANA LETTER BI */ + {0x30d4, 2, 2687}, /* KATAKANA LETTER PI */ + {0x30d6, 2, 2689}, /* KATAKANA LETTER BU */ + {0x30d7, 2, 2691}, /* KATAKANA LETTER PU */ + {0x30d9, 2, 2693}, /* KATAKANA LETTER BE */ + {0x30da, 2, 2695}, /* KATAKANA LETTER PE */ + {0x30dc, 2, 2697}, /* KATAKANA LETTER BO */ + {0x30dd, 2, 2699}, /* KATAKANA LETTER PO */ + {0x30f4, 2, 2701}, /* KATAKANA LETTER VU */ + {0x30f7, 2, 2703}, /* KATAKANA LETTER VA */ + {0x30f8, 2, 2705}, /* KATAKANA LETTER VI */ + {0x30f9, 2, 2707}, /* KATAKANA LETTER VE */ + {0x30fa, 2, 2709}, /* KATAKANA LETTER VO */ + {0x30fe, 2, 2711}, /* KATAKANA VOICED ITERATION MARK */ + {0x30ff, 2, 2713}, /* KATAKANA DIGRAPH KOTO */ + {0x3131, 1, 2715}, /* HANGUL LETTER KIYEOK */ + {0x3132, 1, 2716}, /* HANGUL LETTER SSANGKIYEOK */ + {0x3133, 1, 2717}, /* HANGUL LETTER KIYEOK-SIOS */ + {0x3134, 1, 2718}, /* HANGUL LETTER NIEUN */ + {0x3135, 1, 2719}, /* HANGUL LETTER NIEUN-CIEUC */ + {0x3136, 1, 2720}, /* HANGUL LETTER NIEUN-HIEUH */ + {0x3137, 1, 2721}, /* HANGUL LETTER TIKEUT */ + {0x3138, 1, 2722}, /* HANGUL LETTER SSANGTIKEUT */ + {0x3139, 1, 2723}, /* HANGUL LETTER RIEUL */ + {0x313a, 1, 2724}, /* HANGUL LETTER RIEUL-KIYEOK */ + {0x313b, 1, 2725}, /* HANGUL LETTER RIEUL-MIEUM */ + {0x313c, 1, 2726}, /* HANGUL LETTER RIEUL-PIEUP */ + {0x313d, 1, 2727}, /* HANGUL LETTER RIEUL-SIOS */ + {0x313e, 1, 2728}, /* HANGUL LETTER RIEUL-THIEUTH */ + {0x313f, 1, 2729}, /* HANGUL LETTER RIEUL-PHIEUPH */ + {0x3140, 1, 2730}, /* HANGUL LETTER RIEUL-HIEUH */ + {0x3141, 1, 2731}, /* HANGUL LETTER MIEUM */ + {0x3142, 1, 2732}, /* HANGUL LETTER PIEUP */ + {0x3143, 1, 2733}, /* HANGUL LETTER SSANGPIEUP */ + {0x3144, 1, 2734}, /* HANGUL LETTER PIEUP-SIOS */ + {0x3145, 1, 2735}, /* HANGUL LETTER SIOS */ + {0x3146, 1, 2736}, /* HANGUL LETTER SSANGSIOS */ + {0x3147, 1, 2737}, /* HANGUL LETTER IEUNG */ + {0x3148, 1, 2738}, /* HANGUL LETTER CIEUC */ + {0x3149, 1, 2739}, /* HANGUL LETTER SSANGCIEUC */ + {0x314a, 1, 2740}, /* HANGUL LETTER CHIEUCH */ + {0x314b, 1, 2741}, /* HANGUL LETTER KHIEUKH */ + {0x314c, 1, 2742}, /* HANGUL LETTER THIEUTH */ + {0x314d, 1, 2743}, /* HANGUL LETTER PHIEUPH */ + {0x314e, 1, 2744}, /* HANGUL LETTER HIEUH */ + {0x314f, 1, 2745}, /* HANGUL LETTER A */ + {0x3150, 1, 2746}, /* HANGUL LETTER AE */ + {0x3151, 1, 2747}, /* HANGUL LETTER YA */ + {0x3152, 1, 2748}, /* HANGUL LETTER YAE */ + {0x3153, 1, 2749}, /* HANGUL LETTER EO */ + {0x3154, 1, 2750}, /* HANGUL LETTER E */ + {0x3155, 1, 2751}, /* HANGUL LETTER YEO */ + {0x3156, 1, 2752}, /* HANGUL LETTER YE */ + {0x3157, 1, 2753}, /* HANGUL LETTER O */ + {0x3158, 1, 2754}, /* HANGUL LETTER WA */ + {0x3159, 1, 2755}, /* HANGUL LETTER WAE */ + {0x315a, 1, 2756}, /* HANGUL LETTER OE */ + {0x315b, 1, 2757}, /* HANGUL LETTER YO */ + {0x315c, 1, 2758}, /* HANGUL LETTER U */ + {0x315d, 1, 2759}, /* HANGUL LETTER WEO */ + {0x315e, 1, 2760}, /* HANGUL LETTER WE */ + {0x315f, 1, 2761}, /* HANGUL LETTER WI */ + {0x3160, 1, 2762}, /* HANGUL LETTER YU */ + {0x3161, 1, 2763}, /* HANGUL LETTER EU */ + {0x3162, 1, 2764}, /* HANGUL LETTER YI */ + {0x3163, 1, 2765}, /* HANGUL LETTER I */ + {0x3164, 1, 2766}, /* HANGUL FILLER */ + {0x3165, 1, 2767}, /* HANGUL LETTER SSANGNIEUN */ + {0x3166, 1, 2768}, /* HANGUL LETTER NIEUN-TIKEUT */ + {0x3167, 1, 2769}, /* HANGUL LETTER NIEUN-SIOS */ + {0x3168, 1, 2770}, /* HANGUL LETTER NIEUN-PANSIOS */ + {0x3169, 1, 2771}, /* HANGUL LETTER RIEUL-KIYEOK-SIOS */ + {0x316a, 1, 2772}, /* HANGUL LETTER RIEUL-TIKEUT */ + {0x316b, 1, 2773}, /* HANGUL LETTER RIEUL-PIEUP-SIOS */ + {0x316c, 1, 2774}, /* HANGUL LETTER RIEUL-PANSIOS */ + {0x316d, 1, 2775}, /* HANGUL LETTER RIEUL-YEORINHIEUH */ + {0x316e, 1, 2776}, /* HANGUL LETTER MIEUM-PIEUP */ + {0x316f, 1, 2777}, /* HANGUL LETTER MIEUM-SIOS */ + {0x3170, 1, 2778}, /* HANGUL LETTER MIEUM-PANSIOS */ + {0x3171, 1, 2779}, /* HANGUL LETTER KAPYEOUNMIEUM */ + {0x3172, 1, 2780}, /* HANGUL LETTER PIEUP-KIYEOK */ + {0x3173, 1, 2781}, /* HANGUL LETTER PIEUP-TIKEUT */ + {0x3174, 1, 2782}, /* HANGUL LETTER PIEUP-SIOS-KIYEOK */ + {0x3175, 1, 2783}, /* HANGUL LETTER PIEUP-SIOS-TIKEUT */ + {0x3176, 1, 2784}, /* HANGUL LETTER PIEUP-CIEUC */ + {0x3177, 1, 2785}, /* HANGUL LETTER PIEUP-THIEUTH */ + {0x3178, 1, 2786}, /* HANGUL LETTER KAPYEOUNPIEUP */ + {0x3179, 1, 2787}, /* HANGUL LETTER KAPYEOUNSSANGPIEUP */ + {0x317a, 1, 2788}, /* HANGUL LETTER SIOS-KIYEOK */ + {0x317b, 1, 2789}, /* HANGUL LETTER SIOS-NIEUN */ + {0x317c, 1, 2790}, /* HANGUL LETTER SIOS-TIKEUT */ + {0x317d, 1, 2791}, /* HANGUL LETTER SIOS-PIEUP */ + {0x317e, 1, 2792}, /* HANGUL LETTER SIOS-CIEUC */ + {0x317f, 1, 2793}, /* HANGUL LETTER PANSIOS */ + {0x3180, 1, 2794}, /* HANGUL LETTER SSANGIEUNG */ + {0x3181, 1, 2795}, /* HANGUL LETTER YESIEUNG */ + {0x3182, 1, 2796}, /* HANGUL LETTER YESIEUNG-SIOS */ + {0x3183, 1, 2797}, /* HANGUL LETTER YESIEUNG-PANSIOS */ + {0x3184, 1, 2798}, /* HANGUL LETTER KAPYEOUNPHIEUPH */ + {0x3185, 1, 2799}, /* HANGUL LETTER SSANGHIEUH */ + {0x3186, 1, 2800}, /* HANGUL LETTER YEORINHIEUH */ + {0x3187, 1, 2801}, /* HANGUL LETTER YO-YA */ + {0x3188, 1, 2802}, /* HANGUL LETTER YO-YAE */ + {0x3189, 1, 2803}, /* HANGUL LETTER YO-I */ + {0x318a, 1, 2804}, /* HANGUL LETTER YU-YEO */ + {0x318b, 1, 2805}, /* HANGUL LETTER YU-YE */ + {0x318c, 1, 2806}, /* HANGUL LETTER YU-I */ + {0x318d, 1, 2807}, /* HANGUL LETTER ARAEA */ + {0x318e, 1, 2808}, /* HANGUL LETTER ARAEAE */ + {0x3192, 1, 2373}, /* IDEOGRAPHIC ANNOTATION ONE MARK */ + {0x3193, 1, 2379}, /* IDEOGRAPHIC ANNOTATION TWO MARK */ + {0x3194, 1, 2809}, /* IDEOGRAPHIC ANNOTATION THREE MARK */ + {0x3195, 1, 2810}, /* IDEOGRAPHIC ANNOTATION FOUR MARK */ + {0x3196, 1, 2811}, /* IDEOGRAPHIC ANNOTATION TOP MARK */ + {0x3197, 1, 2812}, /* IDEOGRAPHIC ANNOTATION MIDDLE MARK */ + {0x3198, 1, 2813}, /* IDEOGRAPHIC ANNOTATION BOTTOM MARK */ + {0x3199, 1, 2814}, /* IDEOGRAPHIC ANNOTATION FIRST MARK */ + {0x319a, 1, 2377}, /* IDEOGRAPHIC ANNOTATION SECOND MARK */ + {0x319b, 1, 2815}, /* IDEOGRAPHIC ANNOTATION THIRD MARK */ + {0x319c, 1, 2816}, /* IDEOGRAPHIC ANNOTATION FOURTH MARK */ + {0x319d, 1, 2817}, /* IDEOGRAPHIC ANNOTATION HEAVEN MARK */ + {0x319e, 1, 2818}, /* IDEOGRAPHIC ANNOTATION EARTH MARK */ + {0x319f, 1, 2381}, /* IDEOGRAPHIC ANNOTATION MAN MARK */ + {0x3200, 3, 2819}, /* PARENTHESIZED HANGUL KIYEOK */ + {0x3201, 3, 2822}, /* PARENTHESIZED HANGUL NIEUN */ + {0x3202, 3, 2825}, /* PARENTHESIZED HANGUL TIKEUT */ + {0x3203, 3, 2828}, /* PARENTHESIZED HANGUL RIEUL */ + {0x3204, 3, 2831}, /* PARENTHESIZED HANGUL MIEUM */ + {0x3205, 3, 2834}, /* PARENTHESIZED HANGUL PIEUP */ + {0x3206, 3, 2837}, /* PARENTHESIZED HANGUL SIOS */ + {0x3207, 3, 2840}, /* PARENTHESIZED HANGUL IEUNG */ + {0x3208, 3, 2843}, /* PARENTHESIZED HANGUL CIEUC */ + {0x3209, 3, 2846}, /* PARENTHESIZED HANGUL CHIEUCH */ + {0x320a, 3, 2849}, /* PARENTHESIZED HANGUL KHIEUKH */ + {0x320b, 3, 2852}, /* PARENTHESIZED HANGUL THIEUTH */ + {0x320c, 3, 2855}, /* PARENTHESIZED HANGUL PHIEUPH */ + {0x320d, 3, 2858}, /* PARENTHESIZED HANGUL HIEUH */ + {0x320e, 4, 2861}, /* PARENTHESIZED HANGUL KIYEOK A */ + {0x320f, 4, 2865}, /* PARENTHESIZED HANGUL NIEUN A */ + {0x3210, 4, 2869}, /* PARENTHESIZED HANGUL TIKEUT A */ + {0x3211, 4, 2873}, /* PARENTHESIZED HANGUL RIEUL A */ + {0x3212, 4, 2877}, /* PARENTHESIZED HANGUL MIEUM A */ + {0x3213, 4, 2881}, /* PARENTHESIZED HANGUL PIEUP A */ + {0x3214, 4, 2885}, /* PARENTHESIZED HANGUL SIOS A */ + {0x3215, 4, 2889}, /* PARENTHESIZED HANGUL IEUNG A */ + {0x3216, 4, 2893}, /* PARENTHESIZED HANGUL CIEUC A */ + {0x3217, 4, 2897}, /* PARENTHESIZED HANGUL CHIEUCH A */ + {0x3218, 4, 2901}, /* PARENTHESIZED HANGUL KHIEUKH A */ + {0x3219, 4, 2905}, /* PARENTHESIZED HANGUL THIEUTH A */ + {0x321a, 4, 2909}, /* PARENTHESIZED HANGUL PHIEUPH A */ + {0x321b, 4, 2913}, /* PARENTHESIZED HANGUL HIEUH A */ + {0x321c, 4, 2917}, /* PARENTHESIZED HANGUL CIEUC U */ + {0x321d, 7, 2921}, /* PARENTHESIZED KOREAN CHARACTER OJEON */ + {0x321e, 6, 2928}, /* PARENTHESIZED KOREAN CHARACTER O HU */ + {0x3220, 3, 2934}, /* PARENTHESIZED IDEOGRAPH ONE */ + {0x3221, 3, 2937}, /* PARENTHESIZED IDEOGRAPH TWO */ + {0x3222, 3, 2940}, /* PARENTHESIZED IDEOGRAPH THREE */ + {0x3223, 3, 2943}, /* PARENTHESIZED IDEOGRAPH FOUR */ + {0x3224, 3, 2946}, /* PARENTHESIZED IDEOGRAPH FIVE */ + {0x3225, 3, 2949}, /* PARENTHESIZED IDEOGRAPH SIX */ + {0x3226, 3, 2952}, /* PARENTHESIZED IDEOGRAPH SEVEN */ + {0x3227, 3, 2955}, /* PARENTHESIZED IDEOGRAPH EIGHT */ + {0x3228, 3, 2958}, /* PARENTHESIZED IDEOGRAPH NINE */ + {0x3229, 3, 2961}, /* PARENTHESIZED IDEOGRAPH TEN */ + {0x322a, 3, 2964}, /* PARENTHESIZED IDEOGRAPH MOON */ + {0x322b, 3, 2967}, /* PARENTHESIZED IDEOGRAPH FIRE */ + {0x322c, 3, 2970}, /* PARENTHESIZED IDEOGRAPH WATER */ + {0x322d, 3, 2973}, /* PARENTHESIZED IDEOGRAPH WOOD */ + {0x322e, 3, 2976}, /* PARENTHESIZED IDEOGRAPH METAL */ + {0x322f, 3, 2979}, /* PARENTHESIZED IDEOGRAPH EARTH */ + {0x3230, 3, 2982}, /* PARENTHESIZED IDEOGRAPH SUN */ + {0x3231, 3, 2985}, /* PARENTHESIZED IDEOGRAPH STOCK */ + {0x3232, 3, 2988}, /* PARENTHESIZED IDEOGRAPH HAVE */ + {0x3233, 3, 2991}, /* PARENTHESIZED IDEOGRAPH SOCIETY */ + {0x3234, 3, 2994}, /* PARENTHESIZED IDEOGRAPH NAME */ + {0x3235, 3, 2997}, /* PARENTHESIZED IDEOGRAPH SPECIAL */ + {0x3236, 3, 3000}, /* PARENTHESIZED IDEOGRAPH FINANCIAL */ + {0x3237, 3, 3003}, /* PARENTHESIZED IDEOGRAPH CONGRATULATION */ + {0x3238, 3, 3006}, /* PARENTHESIZED IDEOGRAPH LABOR */ + {0x3239, 3, 3009}, /* PARENTHESIZED IDEOGRAPH REPRESENT */ + {0x323a, 3, 3012}, /* PARENTHESIZED IDEOGRAPH CALL */ + {0x323b, 3, 3015}, /* PARENTHESIZED IDEOGRAPH STUDY */ + {0x323c, 3, 3018}, /* PARENTHESIZED IDEOGRAPH SUPERVISE */ + {0x323d, 3, 3021}, /* PARENTHESIZED IDEOGRAPH ENTERPRISE */ + {0x323e, 3, 3024}, /* PARENTHESIZED IDEOGRAPH RESOURCE */ + {0x323f, 3, 3027}, /* PARENTHESIZED IDEOGRAPH ALLIANCE */ + {0x3240, 3, 3030}, /* PARENTHESIZED IDEOGRAPH FESTIVAL */ + {0x3241, 3, 3033}, /* PARENTHESIZED IDEOGRAPH REST */ + {0x3242, 3, 3036}, /* PARENTHESIZED IDEOGRAPH SELF */ + {0x3243, 3, 3039}, /* PARENTHESIZED IDEOGRAPH REACH */ + {0x3250, 3, 3042}, /* PARTNERSHIP SIGN */ + {0x3251, 2, 2147}, /* CIRCLED NUMBER TWENTY ONE */ + {0x3252, 2, 3045}, /* CIRCLED NUMBER TWENTY TWO */ + {0x3253, 2, 6}, /* CIRCLED NUMBER TWENTY THREE */ + {0x3254, 2, 3047}, /* CIRCLED NUMBER TWENTY FOUR */ + {0x3255, 2, 3049}, /* CIRCLED NUMBER TWENTY FIVE */ + {0x3256, 2, 3051}, /* CIRCLED NUMBER TWENTY SIX */ + {0x3257, 2, 3053}, /* CIRCLED NUMBER TWENTY SEVEN */ + {0x3258, 2, 3055}, /* CIRCLED NUMBER TWENTY EIGHT */ + {0x3259, 2, 3057}, /* CIRCLED NUMBER TWENTY NINE */ + {0x325a, 2, 3059}, /* CIRCLED NUMBER THIRTY */ + {0x325b, 2, 1965}, /* CIRCLED NUMBER THIRTY ONE */ + {0x325c, 2, 1962}, /* CIRCLED NUMBER THIRTY TWO */ + {0x325d, 2, 3061}, /* CIRCLED NUMBER THIRTY THREE */ + {0x325e, 2, 3063}, /* CIRCLED NUMBER THIRTY FOUR */ + {0x325f, 2, 3065}, /* CIRCLED NUMBER THIRTY FIVE */ + {0x3260, 1, 2715}, /* CIRCLED HANGUL KIYEOK */ + {0x3261, 1, 2718}, /* CIRCLED HANGUL NIEUN */ + {0x3262, 1, 2721}, /* CIRCLED HANGUL TIKEUT */ + {0x3263, 1, 2723}, /* CIRCLED HANGUL RIEUL */ + {0x3264, 1, 2731}, /* CIRCLED HANGUL MIEUM */ + {0x3265, 1, 2732}, /* CIRCLED HANGUL PIEUP */ + {0x3266, 1, 2735}, /* CIRCLED HANGUL SIOS */ + {0x3267, 1, 2737}, /* CIRCLED HANGUL IEUNG */ + {0x3268, 1, 2738}, /* CIRCLED HANGUL CIEUC */ + {0x3269, 1, 2740}, /* CIRCLED HANGUL CHIEUCH */ + {0x326a, 1, 2741}, /* CIRCLED HANGUL KHIEUKH */ + {0x326b, 1, 2742}, /* CIRCLED HANGUL THIEUTH */ + {0x326c, 1, 2743}, /* CIRCLED HANGUL PHIEUPH */ + {0x326d, 1, 2744}, /* CIRCLED HANGUL HIEUH */ + {0x326e, 2, 2862}, /* CIRCLED HANGUL KIYEOK A */ + {0x326f, 2, 2866}, /* CIRCLED HANGUL NIEUN A */ + {0x3270, 2, 2870}, /* CIRCLED HANGUL TIKEUT A */ + {0x3271, 2, 2874}, /* CIRCLED HANGUL RIEUL A */ + {0x3272, 2, 2878}, /* CIRCLED HANGUL MIEUM A */ + {0x3273, 2, 2882}, /* CIRCLED HANGUL PIEUP A */ + {0x3274, 2, 2886}, /* CIRCLED HANGUL SIOS A */ + {0x3275, 2, 2890}, /* CIRCLED HANGUL IEUNG A */ + {0x3276, 2, 2894}, /* CIRCLED HANGUL CIEUC A */ + {0x3277, 2, 2898}, /* CIRCLED HANGUL CHIEUCH A */ + {0x3278, 2, 2902}, /* CIRCLED HANGUL KHIEUKH A */ + {0x3279, 2, 2906}, /* CIRCLED HANGUL THIEUTH A */ + {0x327a, 2, 2910}, /* CIRCLED HANGUL PHIEUPH A */ + {0x327b, 2, 2744}, /* CIRCLED HANGUL HIEUH A */ + {0x327c, 5, 3067}, /* CIRCLED KOREAN CHARACTER CHAMKO */ + {0x327d, 4, 3072}, /* CIRCLED KOREAN CHARACTER JUEUI */ + {0x3280, 1, 2373}, /* CIRCLED IDEOGRAPH ONE */ + {0x3281, 1, 2379}, /* CIRCLED IDEOGRAPH TWO */ + {0x3282, 1, 2809}, /* CIRCLED IDEOGRAPH THREE */ + {0x3283, 1, 2810}, /* CIRCLED IDEOGRAPH FOUR */ + {0x3284, 1, 2947}, /* CIRCLED IDEOGRAPH FIVE */ + {0x3285, 1, 2950}, /* CIRCLED IDEOGRAPH SIX */ + {0x3286, 1, 2953}, /* CIRCLED IDEOGRAPH SEVEN */ + {0x3287, 1, 2384}, /* CIRCLED IDEOGRAPH EIGHT */ + {0x3288, 1, 2959}, /* CIRCLED IDEOGRAPH NINE */ + {0x3289, 1, 2396}, /* CIRCLED IDEOGRAPH TEN */ + {0x328a, 1, 2446}, /* CIRCLED IDEOGRAPH MOON */ + {0x328b, 1, 2458}, /* CIRCLED IDEOGRAPH FIRE */ + {0x328c, 1, 2457}, /* CIRCLED IDEOGRAPH WATER */ + {0x328d, 1, 2447}, /* CIRCLED IDEOGRAPH WOOD */ + {0x328e, 1, 2539}, /* CIRCLED IDEOGRAPH METAL */ + {0x328f, 1, 2404}, /* CIRCLED IDEOGRAPH EARTH */ + {0x3290, 1, 2444}, /* CIRCLED IDEOGRAPH SUN */ + {0x3291, 1, 2986}, /* CIRCLED IDEOGRAPH STOCK */ + {0x3292, 1, 2989}, /* CIRCLED IDEOGRAPH HAVE */ + {0x3293, 1, 2992}, /* CIRCLED IDEOGRAPH SOCIETY */ + {0x3294, 1, 2995}, /* CIRCLED IDEOGRAPH NAME */ + {0x3295, 1, 2998}, /* CIRCLED IDEOGRAPH SPECIAL */ + {0x3296, 1, 3001}, /* CIRCLED IDEOGRAPH FINANCIAL */ + {0x3297, 1, 3004}, /* CIRCLED IDEOGRAPH CONGRATULATION */ + {0x3298, 1, 3007}, /* CIRCLED IDEOGRAPH LABOR */ + {0x3299, 1, 3076}, /* CIRCLED IDEOGRAPH SECRET */ + {0x329a, 1, 3077}, /* CIRCLED IDEOGRAPH MALE */ + {0x329b, 1, 2410}, /* CIRCLED IDEOGRAPH FEMALE */ + {0x329c, 1, 3078}, /* CIRCLED IDEOGRAPH SUITABLE */ + {0x329d, 1, 3079}, /* CIRCLED IDEOGRAPH EXCELLENT */ + {0x329e, 1, 3080}, /* CIRCLED IDEOGRAPH PRINT */ + {0x329f, 1, 3081}, /* CIRCLED IDEOGRAPH ATTENTION */ + {0x32a0, 1, 3082}, /* CIRCLED IDEOGRAPH ITEM */ + {0x32a1, 1, 3034}, /* CIRCLED IDEOGRAPH REST */ + {0x32a2, 1, 3083}, /* CIRCLED IDEOGRAPH COPY */ + {0x32a3, 1, 3084}, /* CIRCLED IDEOGRAPH CORRECT */ + {0x32a4, 1, 2811}, /* CIRCLED IDEOGRAPH HIGH */ + {0x32a5, 1, 2812}, /* CIRCLED IDEOGRAPH CENTRE */ + {0x32a6, 1, 2813}, /* CIRCLED IDEOGRAPH LOW */ + {0x32a7, 1, 3085}, /* CIRCLED IDEOGRAPH LEFT */ + {0x32a8, 1, 3086}, /* CIRCLED IDEOGRAPH RIGHT */ + {0x32a9, 1, 3087}, /* CIRCLED IDEOGRAPH MEDICINE */ + {0x32aa, 1, 3088}, /* CIRCLED IDEOGRAPH RELIGION */ + {0x32ab, 1, 3016}, /* CIRCLED IDEOGRAPH STUDY */ + {0x32ac, 1, 3019}, /* CIRCLED IDEOGRAPH SUPERVISE */ + {0x32ad, 1, 3022}, /* CIRCLED IDEOGRAPH ENTERPRISE */ + {0x32ae, 1, 3025}, /* CIRCLED IDEOGRAPH RESOURCE */ + {0x32af, 1, 3028}, /* CIRCLED IDEOGRAPH ALLIANCE */ + {0x32b0, 1, 3089}, /* CIRCLED IDEOGRAPH NIGHT */ + {0x32b1, 2, 3090}, /* CIRCLED NUMBER THIRTY SIX */ + {0x32b2, 2, 3092}, /* CIRCLED NUMBER THIRTY SEVEN */ + {0x32b3, 2, 3094}, /* CIRCLED NUMBER THIRTY EIGHT */ + {0x32b4, 2, 3096}, /* CIRCLED NUMBER THIRTY NINE */ + {0x32b5, 2, 3098}, /* CIRCLED NUMBER FORTY */ + {0x32b6, 2, 17}, /* CIRCLED NUMBER FORTY ONE */ + {0x32b7, 2, 3048}, /* CIRCLED NUMBER FORTY TWO */ + {0x32b8, 2, 3064}, /* CIRCLED NUMBER FORTY THREE */ + {0x32b9, 2, 3100}, /* CIRCLED NUMBER FORTY FOUR */ + {0x32ba, 2, 3102}, /* CIRCLED NUMBER FORTY FIVE */ + {0x32bb, 2, 3104}, /* CIRCLED NUMBER FORTY SIX */ + {0x32bc, 2, 3106}, /* CIRCLED NUMBER FORTY SEVEN */ + {0x32bd, 2, 3108}, /* CIRCLED NUMBER FORTY EIGHT */ + {0x32be, 2, 3110}, /* CIRCLED NUMBER FORTY NINE */ + {0x32bf, 2, 3112}, /* CIRCLED NUMBER FIFTY */ + {0x32c0, 2, 3114}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR JANUARY */ + {0x32c1, 2, 3116}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR FEBRUARY */ + {0x32c2, 2, 3118}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR MARCH */ + {0x32c3, 2, 3120}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR APRIL */ + {0x32c4, 2, 3122}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR MAY */ + {0x32c5, 2, 3124}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR JUNE */ + {0x32c6, 2, 3126}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR JULY */ + {0x32c7, 2, 3128}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR AUGUST */ + {0x32c8, 2, 3130}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR SEPTEMBER */ + {0x32c9, 3, 3132}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR OCTOBER */ + {0x32ca, 3, 3135}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR NOVEMBER */ + {0x32cb, 3, 3138}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DECEMBER */ + {0x32cc, 2, 3141}, /* SQUARE HG */ + {0x32cd, 3, 3143}, /* SQUARE ERG */ + {0x32ce, 2, 3146}, /* SQUARE EV */ + {0x32cf, 3, 3148}, /* LIMITED LIABILITY SIGN */ + {0x32d0, 1, 3151}, /* CIRCLED KATAKANA A */ + {0x32d1, 1, 3152}, /* CIRCLED KATAKANA I */ + {0x32d2, 1, 2701}, /* CIRCLED KATAKANA U */ + {0x32d3, 1, 3153}, /* CIRCLED KATAKANA E */ + {0x32d4, 1, 3154}, /* CIRCLED KATAKANA O */ + {0x32d5, 1, 2651}, /* CIRCLED KATAKANA KA */ + {0x32d6, 1, 2653}, /* CIRCLED KATAKANA KI */ + {0x32d7, 1, 2655}, /* CIRCLED KATAKANA KU */ + {0x32d8, 1, 2657}, /* CIRCLED KATAKANA KE */ + {0x32d9, 1, 2659}, /* CIRCLED KATAKANA KO */ + {0x32da, 1, 2661}, /* CIRCLED KATAKANA SA */ + {0x32db, 1, 2663}, /* CIRCLED KATAKANA SI */ + {0x32dc, 1, 2665}, /* CIRCLED KATAKANA SU */ + {0x32dd, 1, 2667}, /* CIRCLED KATAKANA SE */ + {0x32de, 1, 2669}, /* CIRCLED KATAKANA SO */ + {0x32df, 1, 2671}, /* CIRCLED KATAKANA TA */ + {0x32e0, 1, 2673}, /* CIRCLED KATAKANA TI */ + {0x32e1, 1, 2675}, /* CIRCLED KATAKANA TU */ + {0x32e2, 1, 2677}, /* CIRCLED KATAKANA TE */ + {0x32e3, 1, 2679}, /* CIRCLED KATAKANA TO */ + {0x32e4, 1, 3155}, /* CIRCLED KATAKANA NA */ + {0x32e5, 1, 3156}, /* CIRCLED KATAKANA NI */ + {0x32e6, 1, 3157}, /* CIRCLED KATAKANA NU */ + {0x32e7, 1, 3158}, /* CIRCLED KATAKANA NE */ + {0x32e8, 1, 3159}, /* CIRCLED KATAKANA NO */ + {0x32e9, 1, 2681}, /* CIRCLED KATAKANA HA */ + {0x32ea, 1, 2685}, /* CIRCLED KATAKANA HI */ + {0x32eb, 1, 2689}, /* CIRCLED KATAKANA HU */ + {0x32ec, 1, 2693}, /* CIRCLED KATAKANA HE */ + {0x32ed, 1, 2697}, /* CIRCLED KATAKANA HO */ + {0x32ee, 1, 3160}, /* CIRCLED KATAKANA MA */ + {0x32ef, 1, 3161}, /* CIRCLED KATAKANA MI */ + {0x32f0, 1, 3162}, /* CIRCLED KATAKANA MU */ + {0x32f1, 1, 3163}, /* CIRCLED KATAKANA ME */ + {0x32f2, 1, 3164}, /* CIRCLED KATAKANA MO */ + {0x32f3, 1, 3165}, /* CIRCLED KATAKANA YA */ + {0x32f4, 1, 3166}, /* CIRCLED KATAKANA YU */ + {0x32f5, 1, 3167}, /* CIRCLED KATAKANA YO */ + {0x32f6, 1, 3168}, /* CIRCLED KATAKANA RA */ + {0x32f7, 1, 3169}, /* CIRCLED KATAKANA RI */ + {0x32f8, 1, 3170}, /* CIRCLED KATAKANA RU */ + {0x32f9, 1, 3171}, /* CIRCLED KATAKANA RE */ + {0x32fa, 1, 3172}, /* CIRCLED KATAKANA RO */ + {0x32fb, 1, 2703}, /* CIRCLED KATAKANA WA */ + {0x32fc, 1, 2705}, /* CIRCLED KATAKANA WI */ + {0x32fd, 1, 2707}, /* CIRCLED KATAKANA WE */ + {0x32fe, 1, 2709}, /* CIRCLED KATAKANA WO */ + {0x3300, 4, 3173}, /* SQUARE APAATO */ + {0x3301, 4, 3177}, /* SQUARE ARUHUA */ + {0x3302, 4, 3181}, /* SQUARE ANPEA */ + {0x3303, 3, 3185}, /* SQUARE AARU */ + {0x3304, 4, 3188}, /* SQUARE ININGU */ + {0x3305, 3, 3192}, /* SQUARE INTI */ + {0x3306, 3, 3195}, /* SQUARE UON */ + {0x3307, 5, 3198}, /* SQUARE ESUKUUDO */ + {0x3308, 4, 3203}, /* SQUARE EEKAA */ + {0x3309, 3, 3207}, /* SQUARE ONSU */ + {0x330a, 3, 3210}, /* SQUARE OOMU */ + {0x330b, 3, 3213}, /* SQUARE KAIRI */ + {0x330c, 4, 3216}, /* SQUARE KARATTO */ + {0x330d, 4, 3220}, /* SQUARE KARORII */ + {0x330e, 3, 3224}, /* SQUARE GARON */ + {0x330f, 3, 3227}, /* SQUARE GANMA */ + {0x3310, 2, 3230}, /* SQUARE GIGA */ + {0x3311, 3, 3232}, /* SQUARE GINII */ + {0x3312, 4, 3235}, /* SQUARE KYURII */ + {0x3313, 4, 3239}, /* SQUARE GIRUDAA */ + {0x3314, 2, 3243}, /* SQUARE KIRO */ + {0x3315, 5, 3245}, /* SQUARE KIROGURAMU */ + {0x3316, 6, 3250}, /* SQUARE KIROMEETORU */ + {0x3317, 5, 3256}, /* SQUARE KIROWATTO */ + {0x3318, 3, 3247}, /* SQUARE GURAMU */ + {0x3319, 5, 3261}, /* SQUARE GURAMUTON */ + {0x331a, 5, 3266}, /* SQUARE KURUZEIRO */ + {0x331b, 4, 3271}, /* SQUARE KUROONE */ + {0x331c, 3, 3275}, /* SQUARE KEESU */ + {0x331d, 3, 3278}, /* SQUARE KORUNA */ + {0x331e, 3, 3281}, /* SQUARE KOOPO */ + {0x331f, 4, 3284}, /* SQUARE SAIKURU */ + {0x3320, 5, 3288}, /* SQUARE SANTIIMU */ + {0x3321, 4, 3293}, /* SQUARE SIRINGU */ + {0x3322, 3, 3297}, /* SQUARE SENTI */ + {0x3323, 3, 3300}, /* SQUARE SENTO */ + {0x3324, 3, 3303}, /* SQUARE DAASU */ + {0x3325, 2, 3306}, /* SQUARE DESI */ + {0x3326, 2, 3308}, /* SQUARE DORU */ + {0x3327, 2, 3264}, /* SQUARE TON */ + {0x3328, 2, 3310}, /* SQUARE NANO */ + {0x3329, 3, 3312}, /* SQUARE NOTTO */ + {0x332a, 3, 3315}, /* SQUARE HAITU */ + {0x332b, 5, 3318}, /* SQUARE PAASENTO */ + {0x332c, 3, 3323}, /* SQUARE PAATU */ + {0x332d, 4, 3326}, /* SQUARE BAARERU */ + {0x332e, 5, 3330}, /* SQUARE PIASUTORU */ + {0x332f, 3, 3335}, /* SQUARE PIKURU */ + {0x3330, 2, 3338}, /* SQUARE PIKO */ + {0x3331, 2, 3340}, /* SQUARE BIRU */ + {0x3332, 5, 3342}, /* SQUARE HUARADDO */ + {0x3333, 4, 3347}, /* SQUARE HUIITO */ + {0x3334, 5, 3351}, /* SQUARE BUSSYERU */ + {0x3335, 3, 3356}, /* SQUARE HURAN */ + {0x3336, 5, 3359}, /* SQUARE HEKUTAARU */ + {0x3337, 2, 3364}, /* SQUARE PESO */ + {0x3338, 3, 3366}, /* SQUARE PENIHI */ + {0x3339, 3, 3369}, /* SQUARE HERUTU */ + {0x333a, 3, 3372}, /* SQUARE PENSU */ + {0x333b, 3, 3375}, /* SQUARE PEEZI */ + {0x333c, 3, 3378}, /* SQUARE BEETA */ + {0x333d, 4, 3381}, /* SQUARE POINTO */ + {0x333e, 3, 3385}, /* SQUARE BORUTO */ + {0x333f, 2, 3388}, /* SQUARE HON */ + {0x3340, 3, 3390}, /* SQUARE PONDO */ + {0x3341, 3, 3393}, /* SQUARE HOORU */ + {0x3342, 3, 3396}, /* SQUARE HOON */ + {0x3343, 4, 3399}, /* SQUARE MAIKURO */ + {0x3344, 3, 3403}, /* SQUARE MAIRU */ + {0x3345, 3, 3406}, /* SQUARE MAHHA */ + {0x3346, 3, 3409}, /* SQUARE MARUKU */ + {0x3347, 5, 3412}, /* SQUARE MANSYON */ + {0x3348, 4, 3417}, /* SQUARE MIKURON */ + {0x3349, 2, 3421}, /* SQUARE MIRI */ + {0x334a, 5, 3423}, /* SQUARE MIRIBAARU */ + {0x334b, 2, 3428}, /* SQUARE MEGA */ + {0x334c, 4, 3430}, /* SQUARE MEGATON */ + {0x334d, 4, 3252}, /* SQUARE MEETORU */ + {0x334e, 3, 3434}, /* SQUARE YAADO */ + {0x334f, 3, 3437}, /* SQUARE YAARU */ + {0x3350, 3, 3440}, /* SQUARE YUAN */ + {0x3351, 4, 3443}, /* SQUARE RITTORU */ + {0x3352, 2, 3447}, /* SQUARE RIRA */ + {0x3353, 3, 3449}, /* SQUARE RUPII */ + {0x3354, 4, 3452}, /* SQUARE RUUBURU */ + {0x3355, 2, 3456}, /* SQUARE REMU */ + {0x3356, 5, 3458}, /* SQUARE RENTOGEN */ + {0x3357, 3, 3258}, /* SQUARE WATTO */ + {0x3358, 2, 3463}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ZERO */ + {0x3359, 2, 3465}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ONE */ + {0x335a, 2, 3467}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWO */ + {0x335b, 2, 3469}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR THREE */ + {0x335c, 2, 3471}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FOUR */ + {0x335d, 2, 3473}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FIVE */ + {0x335e, 2, 3475}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SIX */ + {0x335f, 2, 3477}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SEVEN */ + {0x3360, 2, 3479}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR EIGHT */ + {0x3361, 2, 3481}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR NINE */ + {0x3362, 3, 3483}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TEN */ + {0x3363, 3, 3486}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ELEVEN */ + {0x3364, 3, 3489}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWELVE */ + {0x3365, 3, 3492}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR THIRTEEN */ + {0x3366, 3, 3495}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FOURTEEN */ + {0x3367, 3, 3498}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FIFTEEN */ + {0x3368, 3, 3501}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SIXTEEN */ + {0x3369, 3, 3504}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SEVENTEEN */ + {0x336a, 3, 3507}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR EIGHTEEN */ + {0x336b, 3, 3510}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR NINETEEN */ + {0x336c, 3, 3513}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY */ + {0x336d, 3, 3516}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-ONE */ + {0x336e, 3, 3519}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-TWO */ + {0x336f, 3, 3522}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-THREE */ + {0x3370, 3, 3525}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-FOUR */ + {0x3371, 3, 3528}, /* SQUARE HPA */ + {0x3372, 2, 3531}, /* SQUARE DA */ + {0x3373, 2, 3533}, /* SQUARE AU */ + {0x3374, 3, 3535}, /* SQUARE BAR */ + {0x3375, 2, 3538}, /* SQUARE OV */ + {0x3376, 2, 3540}, /* SQUARE PC */ + {0x3377, 2, 3542}, /* SQUARE DM */ + {0x3378, 3, 3544}, /* SQUARE DM SQUARED */ + {0x3379, 3, 3547}, /* SQUARE DM CUBED */ + {0x337a, 2, 3550}, /* SQUARE IU */ + {0x337b, 2, 3552}, /* SQUARE ERA NAME HEISEI */ + {0x337c, 2, 3554}, /* SQUARE ERA NAME SYOUWA */ + {0x337d, 2, 3556}, /* SQUARE ERA NAME TAISYOU */ + {0x337e, 2, 3558}, /* SQUARE ERA NAME MEIZI */ + {0x337f, 4, 3560}, /* SQUARE CORPORATION */ + {0x3380, 2, 3564}, /* SQUARE PA AMPS */ + {0x3381, 2, 3566}, /* SQUARE NA */ + {0x3382, 2, 3568}, /* SQUARE MU A */ + {0x3383, 2, 3570}, /* SQUARE MA */ + {0x3384, 2, 3572}, /* SQUARE KA */ + {0x3385, 2, 3574}, /* SQUARE KB */ + {0x3386, 2, 3576}, /* SQUARE MB */ + {0x3387, 2, 3578}, /* SQUARE GB */ + {0x3388, 3, 3580}, /* SQUARE CAL */ + {0x3389, 4, 3583}, /* SQUARE KCAL */ + {0x338a, 2, 3587}, /* SQUARE PF */ + {0x338b, 2, 3589}, /* SQUARE NF */ + {0x338c, 2, 3591}, /* SQUARE MU F */ + {0x338d, 2, 3593}, /* SQUARE MU G */ + {0x338e, 2, 3595}, /* SQUARE MG */ + {0x338f, 2, 3597}, /* SQUARE KG */ + {0x3390, 2, 3599}, /* SQUARE HZ */ + {0x3391, 3, 3601}, /* SQUARE KHZ */ + {0x3392, 3, 3604}, /* SQUARE MHZ */ + {0x3393, 3, 3607}, /* SQUARE GHZ */ + {0x3394, 3, 3610}, /* SQUARE THZ */ + {0x3395, 2, 3613}, /* SQUARE MU L */ + {0x3396, 2, 3615}, /* SQUARE ML */ + {0x3397, 2, 3617}, /* SQUARE DL */ + {0x3398, 2, 3619}, /* SQUARE KL */ + {0x3399, 2, 3621}, /* SQUARE FM */ + {0x339a, 2, 3623}, /* SQUARE NM */ + {0x339b, 2, 3625}, /* SQUARE MU M */ + {0x339c, 2, 3627}, /* SQUARE MM */ + {0x339d, 2, 3629}, /* SQUARE CM */ + {0x339e, 2, 3631}, /* SQUARE KM */ + {0x339f, 3, 3633}, /* SQUARE MM SQUARED */ + {0x33a0, 3, 3636}, /* SQUARE CM SQUARED */ + {0x33a1, 2, 3545}, /* SQUARE M SQUARED */ + {0x33a2, 3, 3639}, /* SQUARE KM SQUARED */ + {0x33a3, 3, 3642}, /* SQUARE MM CUBED */ + {0x33a4, 3, 3645}, /* SQUARE CM CUBED */ + {0x33a5, 2, 3548}, /* SQUARE M CUBED */ + {0x33a6, 3, 3648}, /* SQUARE KM CUBED */ + {0x33a7, 3, 3651}, /* SQUARE M OVER S */ + {0x33a8, 4, 3654}, /* SQUARE M OVER S SQUARED */ + {0x33a9, 2, 3529}, /* SQUARE PA */ + {0x33aa, 3, 3658}, /* SQUARE KPA */ + {0x33ab, 3, 3661}, /* SQUARE MPA */ + {0x33ac, 3, 3664}, /* SQUARE GPA */ + {0x33ad, 3, 3667}, /* SQUARE RAD */ + {0x33ae, 5, 3670}, /* SQUARE RAD OVER S */ + {0x33af, 6, 3675}, /* SQUARE RAD OVER S SQUARED */ + {0x33b0, 2, 3681}, /* SQUARE PS */ + {0x33b1, 2, 3683}, /* SQUARE NS */ + {0x33b2, 2, 3685}, /* SQUARE MU S */ + {0x33b3, 2, 3687}, /* SQUARE MS */ + {0x33b4, 2, 3689}, /* SQUARE PV */ + {0x33b5, 2, 3691}, /* SQUARE NV */ + {0x33b6, 2, 3693}, /* SQUARE MU V */ + {0x33b7, 2, 3695}, /* SQUARE MV */ + {0x33b8, 2, 3697}, /* SQUARE KV */ + {0x33b9, 2, 3699}, /* SQUARE MV MEGA */ + {0x33ba, 2, 3701}, /* SQUARE PW */ + {0x33bb, 2, 3703}, /* SQUARE NW */ + {0x33bc, 2, 3705}, /* SQUARE MU W */ + {0x33bd, 2, 3707}, /* SQUARE MW */ + {0x33be, 2, 3709}, /* SQUARE KW */ + {0x33bf, 2, 3711}, /* SQUARE MW MEGA */ + {0x33c0, 2, 3713}, /* SQUARE K OHM */ + {0x33c1, 2, 3715}, /* SQUARE M OHM */ + {0x33c2, 4, 3717}, /* SQUARE AM */ + {0x33c3, 2, 3721}, /* SQUARE BQ */ + {0x33c4, 2, 3723}, /* SQUARE CC */ + {0x33c5, 2, 3541}, /* SQUARE CD */ + {0x33c6, 4, 3725}, /* SQUARE C OVER KG */ + {0x33c7, 3, 3729}, /* SQUARE CO */ + {0x33c8, 2, 3732}, /* SQUARE DB */ + {0x33c9, 2, 3734}, /* SQUARE GY */ + {0x33ca, 2, 3736}, /* SQUARE HA */ + {0x33cb, 2, 3738}, /* SQUARE HP */ + {0x33cc, 2, 3740}, /* SQUARE IN */ + {0x33cd, 2, 3742}, /* SQUARE KK */ + {0x33ce, 2, 3744}, /* SQUARE KM CAPITAL */ + {0x33cf, 2, 3746}, /* SQUARE KT */ + {0x33d0, 2, 3748}, /* SQUARE LM */ + {0x33d1, 2, 3750}, /* SQUARE LN */ + {0x33d2, 3, 3752}, /* SQUARE LOG */ + {0x33d3, 2, 3755}, /* SQUARE LX */ + {0x33d4, 2, 3757}, /* SQUARE MB SMALL */ + {0x33d5, 3, 3759}, /* SQUARE MIL */ + {0x33d6, 3, 3762}, /* SQUARE MOL */ + {0x33d7, 2, 3765}, /* SQUARE PH */ + {0x33d8, 4, 3767}, /* SQUARE PM */ + {0x33d9, 3, 3771}, /* SQUARE PPM */ + {0x33da, 2, 3774}, /* SQUARE PR */ + {0x33db, 2, 3674}, /* SQUARE SR */ + {0x33dc, 2, 3776}, /* SQUARE SV */ + {0x33dd, 2, 3778}, /* SQUARE WB */ + {0x33de, 3, 3780}, /* SQUARE V OVER M */ + {0x33df, 3, 3783}, /* SQUARE A OVER M */ + {0x33e0, 2, 3786}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY ONE */ + {0x33e1, 2, 3788}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWO */ + {0x33e2, 2, 3790}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THREE */ + {0x33e3, 2, 3792}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FOUR */ + {0x33e4, 2, 3794}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FIVE */ + {0x33e5, 2, 3796}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SIX */ + {0x33e6, 2, 3798}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SEVEN */ + {0x33e7, 2, 3800}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY EIGHT */ + {0x33e8, 2, 3802}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY NINE */ + {0x33e9, 3, 3804}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TEN */ + {0x33ea, 3, 3807}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY ELEVEN */ + {0x33eb, 3, 3810}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWELVE */ + {0x33ec, 3, 3813}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTEEN */ + {0x33ed, 3, 3816}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FOURTEEN */ + {0x33ee, 3, 3819}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FIFTEEN */ + {0x33ef, 3, 3822}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SIXTEEN */ + {0x33f0, 3, 3825}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SEVENTEEN */ + {0x33f1, 3, 3828}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY EIGHTEEN */ + {0x33f2, 3, 3831}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY NINETEEN */ + {0x33f3, 3, 3834}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY */ + {0x33f4, 3, 3837}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-ONE */ + {0x33f5, 3, 3840}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-TWO */ + {0x33f6, 3, 3843}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-THREE */ + {0x33f7, 3, 3846}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-FOUR */ + {0x33f8, 3, 3849}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-FIVE */ + {0x33f9, 3, 3852}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-SIX */ + {0x33fa, 3, 3855}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-SEVEN */ + {0x33fb, 3, 3858}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-EIGHT */ + {0x33fc, 3, 3861}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-NINE */ + {0x33fd, 3, 3864}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTY */ + {0x33fe, 3, 3867}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTY-ONE */ + {0x33ff, 3, 3870}, /* SQUARE GAL */ + {0xf900, 1, 3873}, /* CJK COMPATIBILITY IDEOGRAPH-F900 */ + {0xf901, 1, 3874}, /* CJK COMPATIBILITY IDEOGRAPH-F901 */ + {0xf902, 1, 2531}, /* CJK COMPATIBILITY IDEOGRAPH-F902 */ + {0xf903, 1, 3875}, /* CJK COMPATIBILITY IDEOGRAPH-F903 */ + {0xf904, 1, 3876}, /* CJK COMPATIBILITY IDEOGRAPH-F904 */ + {0xf905, 1, 3877}, /* CJK COMPATIBILITY IDEOGRAPH-F905 */ + {0xf906, 1, 3878}, /* CJK COMPATIBILITY IDEOGRAPH-F906 */ + {0xf907, 1, 2585}, /* CJK COMPATIBILITY IDEOGRAPH-F907 */ + {0xf908, 1, 2585}, /* CJK COMPATIBILITY IDEOGRAPH-F908 */ + {0xf909, 1, 3879}, /* CJK COMPATIBILITY IDEOGRAPH-F909 */ + {0xf90a, 1, 2539}, /* CJK COMPATIBILITY IDEOGRAPH-F90A */ + {0xf90b, 1, 3880}, /* CJK COMPATIBILITY IDEOGRAPH-F90B */ + {0xf90c, 1, 3881}, /* CJK COMPATIBILITY IDEOGRAPH-F90C */ + {0xf90d, 1, 3882}, /* CJK COMPATIBILITY IDEOGRAPH-F90D */ + {0xf90e, 1, 3883}, /* CJK COMPATIBILITY IDEOGRAPH-F90E */ + {0xf90f, 1, 3884}, /* CJK COMPATIBILITY IDEOGRAPH-F90F */ + {0xf910, 1, 3885}, /* CJK COMPATIBILITY IDEOGRAPH-F910 */ + {0xf911, 1, 3886}, /* CJK COMPATIBILITY IDEOGRAPH-F911 */ + {0xf912, 1, 3887}, /* CJK COMPATIBILITY IDEOGRAPH-F912 */ + {0xf913, 1, 3888}, /* CJK COMPATIBILITY IDEOGRAPH-F913 */ + {0xf914, 1, 3889}, /* CJK COMPATIBILITY IDEOGRAPH-F914 */ + {0xf915, 1, 3890}, /* CJK COMPATIBILITY IDEOGRAPH-F915 */ + {0xf916, 1, 3891}, /* CJK COMPATIBILITY IDEOGRAPH-F916 */ + {0xf917, 1, 3892}, /* CJK COMPATIBILITY IDEOGRAPH-F917 */ + {0xf918, 1, 3893}, /* CJK COMPATIBILITY IDEOGRAPH-F918 */ + {0xf919, 1, 3894}, /* CJK COMPATIBILITY IDEOGRAPH-F919 */ + {0xf91a, 1, 3895}, /* CJK COMPATIBILITY IDEOGRAPH-F91A */ + {0xf91b, 1, 3896}, /* CJK COMPATIBILITY IDEOGRAPH-F91B */ + {0xf91c, 1, 3897}, /* CJK COMPATIBILITY IDEOGRAPH-F91C */ + {0xf91d, 1, 3898}, /* CJK COMPATIBILITY IDEOGRAPH-F91D */ + {0xf91e, 1, 3899}, /* CJK COMPATIBILITY IDEOGRAPH-F91E */ + {0xf91f, 1, 3900}, /* CJK COMPATIBILITY IDEOGRAPH-F91F */ + {0xf920, 1, 3901}, /* CJK COMPATIBILITY IDEOGRAPH-F920 */ + {0xf921, 1, 3902}, /* CJK COMPATIBILITY IDEOGRAPH-F921 */ + {0xf922, 1, 3903}, /* CJK COMPATIBILITY IDEOGRAPH-F922 */ + {0xf923, 1, 3904}, /* CJK COMPATIBILITY IDEOGRAPH-F923 */ + {0xf924, 1, 3905}, /* CJK COMPATIBILITY IDEOGRAPH-F924 */ + {0xf925, 1, 3906}, /* CJK COMPATIBILITY IDEOGRAPH-F925 */ + {0xf926, 1, 3907}, /* CJK COMPATIBILITY IDEOGRAPH-F926 */ + {0xf927, 1, 3908}, /* CJK COMPATIBILITY IDEOGRAPH-F927 */ + {0xf928, 1, 3909}, /* CJK COMPATIBILITY IDEOGRAPH-F928 */ + {0xf929, 1, 3910}, /* CJK COMPATIBILITY IDEOGRAPH-F929 */ + {0xf92a, 1, 3911}, /* CJK COMPATIBILITY IDEOGRAPH-F92A */ + {0xf92b, 1, 3912}, /* CJK COMPATIBILITY IDEOGRAPH-F92B */ + {0xf92c, 1, 3913}, /* CJK COMPATIBILITY IDEOGRAPH-F92C */ + {0xf92d, 1, 3914}, /* CJK COMPATIBILITY IDEOGRAPH-F92D */ + {0xf92e, 1, 3915}, /* CJK COMPATIBILITY IDEOGRAPH-F92E */ + {0xf92f, 1, 3916}, /* CJK COMPATIBILITY IDEOGRAPH-F92F */ + {0xf930, 1, 3917}, /* CJK COMPATIBILITY IDEOGRAPH-F930 */ + {0xf931, 1, 3918}, /* CJK COMPATIBILITY IDEOGRAPH-F931 */ + {0xf932, 1, 3919}, /* CJK COMPATIBILITY IDEOGRAPH-F932 */ + {0xf933, 1, 3920}, /* CJK COMPATIBILITY IDEOGRAPH-F933 */ + {0xf934, 1, 2497}, /* CJK COMPATIBILITY IDEOGRAPH-F934 */ + {0xf935, 1, 3921}, /* CJK COMPATIBILITY IDEOGRAPH-F935 */ + {0xf936, 1, 3922}, /* CJK COMPATIBILITY IDEOGRAPH-F936 */ + {0xf937, 1, 3923}, /* CJK COMPATIBILITY IDEOGRAPH-F937 */ + {0xf938, 1, 3924}, /* CJK COMPATIBILITY IDEOGRAPH-F938 */ + {0xf939, 1, 3925}, /* CJK COMPATIBILITY IDEOGRAPH-F939 */ + {0xf93a, 1, 3926}, /* CJK COMPATIBILITY IDEOGRAPH-F93A */ + {0xf93b, 1, 3927}, /* CJK COMPATIBILITY IDEOGRAPH-F93B */ + {0xf93c, 1, 3928}, /* CJK COMPATIBILITY IDEOGRAPH-F93C */ + {0xf93d, 1, 3929}, /* CJK COMPATIBILITY IDEOGRAPH-F93D */ + {0xf93e, 1, 3930}, /* CJK COMPATIBILITY IDEOGRAPH-F93E */ + {0xf93f, 1, 3931}, /* CJK COMPATIBILITY IDEOGRAPH-F93F */ + {0xf940, 1, 2570}, /* CJK COMPATIBILITY IDEOGRAPH-F940 */ + {0xf941, 1, 3932}, /* CJK COMPATIBILITY IDEOGRAPH-F941 */ + {0xf942, 1, 3933}, /* CJK COMPATIBILITY IDEOGRAPH-F942 */ + {0xf943, 1, 3934}, /* CJK COMPATIBILITY IDEOGRAPH-F943 */ + {0xf944, 1, 3935}, /* CJK COMPATIBILITY IDEOGRAPH-F944 */ + {0xf945, 1, 3936}, /* CJK COMPATIBILITY IDEOGRAPH-F945 */ + {0xf946, 1, 3937}, /* CJK COMPATIBILITY IDEOGRAPH-F946 */ + {0xf947, 1, 3938}, /* CJK COMPATIBILITY IDEOGRAPH-F947 */ + {0xf948, 1, 3939}, /* CJK COMPATIBILITY IDEOGRAPH-F948 */ + {0xf949, 1, 3940}, /* CJK COMPATIBILITY IDEOGRAPH-F949 */ + {0xf94a, 1, 3941}, /* CJK COMPATIBILITY IDEOGRAPH-F94A */ + {0xf94b, 1, 3942}, /* CJK COMPATIBILITY IDEOGRAPH-F94B */ + {0xf94c, 1, 3943}, /* CJK COMPATIBILITY IDEOGRAPH-F94C */ + {0xf94d, 1, 3944}, /* CJK COMPATIBILITY IDEOGRAPH-F94D */ + {0xf94e, 1, 3945}, /* CJK COMPATIBILITY IDEOGRAPH-F94E */ + {0xf94f, 1, 3946}, /* CJK COMPATIBILITY IDEOGRAPH-F94F */ + {0xf950, 1, 3947}, /* CJK COMPATIBILITY IDEOGRAPH-F950 */ + {0xf951, 1, 3948}, /* CJK COMPATIBILITY IDEOGRAPH-F951 */ + {0xf952, 1, 3949}, /* CJK COMPATIBILITY IDEOGRAPH-F952 */ + {0xf953, 1, 3950}, /* CJK COMPATIBILITY IDEOGRAPH-F953 */ + {0xf954, 1, 3951}, /* CJK COMPATIBILITY IDEOGRAPH-F954 */ + {0xf955, 1, 3952}, /* CJK COMPATIBILITY IDEOGRAPH-F955 */ + {0xf956, 1, 3953}, /* CJK COMPATIBILITY IDEOGRAPH-F956 */ + {0xf957, 1, 3954}, /* CJK COMPATIBILITY IDEOGRAPH-F957 */ + {0xf958, 1, 3955}, /* CJK COMPATIBILITY IDEOGRAPH-F958 */ + {0xf959, 1, 3956}, /* CJK COMPATIBILITY IDEOGRAPH-F959 */ + {0xf95a, 1, 3957}, /* CJK COMPATIBILITY IDEOGRAPH-F95A */ + {0xf95b, 1, 3958}, /* CJK COMPATIBILITY IDEOGRAPH-F95B */ + {0xf95c, 1, 3889}, /* CJK COMPATIBILITY IDEOGRAPH-F95C */ + {0xf95d, 1, 3959}, /* CJK COMPATIBILITY IDEOGRAPH-F95D */ + {0xf95e, 1, 3960}, /* CJK COMPATIBILITY IDEOGRAPH-F95E */ + {0xf95f, 1, 3961}, /* CJK COMPATIBILITY IDEOGRAPH-F95F */ + {0xf960, 1, 3962}, /* CJK COMPATIBILITY IDEOGRAPH-F960 */ + {0xf961, 1, 3963}, /* CJK COMPATIBILITY IDEOGRAPH-F961 */ + {0xf962, 1, 3964}, /* CJK COMPATIBILITY IDEOGRAPH-F962 */ + {0xf963, 1, 3965}, /* CJK COMPATIBILITY IDEOGRAPH-F963 */ + {0xf964, 1, 3966}, /* CJK COMPATIBILITY IDEOGRAPH-F964 */ + {0xf965, 1, 3967}, /* CJK COMPATIBILITY IDEOGRAPH-F965 */ + {0xf966, 1, 3968}, /* CJK COMPATIBILITY IDEOGRAPH-F966 */ + {0xf967, 1, 3969}, /* CJK COMPATIBILITY IDEOGRAPH-F967 */ + {0xf968, 1, 3970}, /* CJK COMPATIBILITY IDEOGRAPH-F968 */ + {0xf969, 1, 3971}, /* CJK COMPATIBILITY IDEOGRAPH-F969 */ + {0xf96a, 1, 3972}, /* CJK COMPATIBILITY IDEOGRAPH-F96A */ + {0xf96b, 1, 3973}, /* CJK COMPATIBILITY IDEOGRAPH-F96B */ + {0xf96c, 1, 3974}, /* CJK COMPATIBILITY IDEOGRAPH-F96C */ + {0xf96d, 1, 3975}, /* CJK COMPATIBILITY IDEOGRAPH-F96D */ + {0xf96e, 1, 3976}, /* CJK COMPATIBILITY IDEOGRAPH-F96E */ + {0xf96f, 1, 3977}, /* CJK COMPATIBILITY IDEOGRAPH-F96F */ + {0xf970, 1, 3978}, /* CJK COMPATIBILITY IDEOGRAPH-F970 */ + {0xf971, 1, 2533}, /* CJK COMPATIBILITY IDEOGRAPH-F971 */ + {0xf972, 1, 3979}, /* CJK COMPATIBILITY IDEOGRAPH-F972 */ + {0xf973, 1, 3980}, /* CJK COMPATIBILITY IDEOGRAPH-F973 */ + {0xf974, 1, 3981}, /* CJK COMPATIBILITY IDEOGRAPH-F974 */ + {0xf975, 1, 3982}, /* CJK COMPATIBILITY IDEOGRAPH-F975 */ + {0xf976, 1, 3983}, /* CJK COMPATIBILITY IDEOGRAPH-F976 */ + {0xf977, 1, 3984}, /* CJK COMPATIBILITY IDEOGRAPH-F977 */ + {0xf978, 1, 3985}, /* CJK COMPATIBILITY IDEOGRAPH-F978 */ + {0xf979, 1, 3986}, /* CJK COMPATIBILITY IDEOGRAPH-F979 */ + {0xf97a, 1, 3987}, /* CJK COMPATIBILITY IDEOGRAPH-F97A */ + {0xf97b, 1, 3988}, /* CJK COMPATIBILITY IDEOGRAPH-F97B */ + {0xf97c, 1, 3989}, /* CJK COMPATIBILITY IDEOGRAPH-F97C */ + {0xf97d, 1, 3990}, /* CJK COMPATIBILITY IDEOGRAPH-F97D */ + {0xf97e, 1, 3991}, /* CJK COMPATIBILITY IDEOGRAPH-F97E */ + {0xf97f, 1, 3992}, /* CJK COMPATIBILITY IDEOGRAPH-F97F */ + {0xf980, 1, 3993}, /* CJK COMPATIBILITY IDEOGRAPH-F980 */ + {0xf981, 1, 2410}, /* CJK COMPATIBILITY IDEOGRAPH-F981 */ + {0xf982, 1, 3994}, /* CJK COMPATIBILITY IDEOGRAPH-F982 */ + {0xf983, 1, 3995}, /* CJK COMPATIBILITY IDEOGRAPH-F983 */ + {0xf984, 1, 3996}, /* CJK COMPATIBILITY IDEOGRAPH-F984 */ + {0xf985, 1, 3997}, /* CJK COMPATIBILITY IDEOGRAPH-F985 */ + {0xf986, 1, 3998}, /* CJK COMPATIBILITY IDEOGRAPH-F986 */ + {0xf987, 1, 3999}, /* CJK COMPATIBILITY IDEOGRAPH-F987 */ + {0xf988, 1, 4000}, /* CJK COMPATIBILITY IDEOGRAPH-F988 */ + {0xf989, 1, 4001}, /* CJK COMPATIBILITY IDEOGRAPH-F989 */ + {0xf98a, 1, 2391}, /* CJK COMPATIBILITY IDEOGRAPH-F98A */ + {0xf98b, 1, 4002}, /* CJK COMPATIBILITY IDEOGRAPH-F98B */ + {0xf98c, 1, 4003}, /* CJK COMPATIBILITY IDEOGRAPH-F98C */ + {0xf98d, 1, 4004}, /* CJK COMPATIBILITY IDEOGRAPH-F98D */ + {0xf98e, 1, 4005}, /* CJK COMPATIBILITY IDEOGRAPH-F98E */ + {0xf98f, 1, 4006}, /* CJK COMPATIBILITY IDEOGRAPH-F98F */ + {0xf990, 1, 4007}, /* CJK COMPATIBILITY IDEOGRAPH-F990 */ + {0xf991, 1, 4008}, /* CJK COMPATIBILITY IDEOGRAPH-F991 */ + {0xf992, 1, 4009}, /* CJK COMPATIBILITY IDEOGRAPH-F992 */ + {0xf993, 1, 4010}, /* CJK COMPATIBILITY IDEOGRAPH-F993 */ + {0xf994, 1, 4011}, /* CJK COMPATIBILITY IDEOGRAPH-F994 */ + {0xf995, 1, 4012}, /* CJK COMPATIBILITY IDEOGRAPH-F995 */ + {0xf996, 1, 4013}, /* CJK COMPATIBILITY IDEOGRAPH-F996 */ + {0xf997, 1, 4014}, /* CJK COMPATIBILITY IDEOGRAPH-F997 */ + {0xf998, 1, 4015}, /* CJK COMPATIBILITY IDEOGRAPH-F998 */ + {0xf999, 1, 4016}, /* CJK COMPATIBILITY IDEOGRAPH-F999 */ + {0xf99a, 1, 4017}, /* CJK COMPATIBILITY IDEOGRAPH-F99A */ + {0xf99b, 1, 4018}, /* CJK COMPATIBILITY IDEOGRAPH-F99B */ + {0xf99c, 1, 4019}, /* CJK COMPATIBILITY IDEOGRAPH-F99C */ + {0xf99d, 1, 4020}, /* CJK COMPATIBILITY IDEOGRAPH-F99D */ + {0xf99e, 1, 4021}, /* CJK COMPATIBILITY IDEOGRAPH-F99E */ + {0xf99f, 1, 4022}, /* CJK COMPATIBILITY IDEOGRAPH-F99F */ + {0xf9a0, 1, 4023}, /* CJK COMPATIBILITY IDEOGRAPH-F9A0 */ + {0xf9a1, 1, 3977}, /* CJK COMPATIBILITY IDEOGRAPH-F9A1 */ + {0xf9a2, 1, 4024}, /* CJK COMPATIBILITY IDEOGRAPH-F9A2 */ + {0xf9a3, 1, 4025}, /* CJK COMPATIBILITY IDEOGRAPH-F9A3 */ + {0xf9a4, 1, 4026}, /* CJK COMPATIBILITY IDEOGRAPH-F9A4 */ + {0xf9a5, 1, 4027}, /* CJK COMPATIBILITY IDEOGRAPH-F9A5 */ + {0xf9a6, 1, 4028}, /* CJK COMPATIBILITY IDEOGRAPH-F9A6 */ + {0xf9a7, 1, 4029}, /* CJK COMPATIBILITY IDEOGRAPH-F9A7 */ + {0xf9a8, 1, 4030}, /* CJK COMPATIBILITY IDEOGRAPH-F9A8 */ + {0xf9a9, 1, 4031}, /* CJK COMPATIBILITY IDEOGRAPH-F9A9 */ + {0xf9aa, 1, 3961}, /* CJK COMPATIBILITY IDEOGRAPH-F9AA */ + {0xf9ab, 1, 4032}, /* CJK COMPATIBILITY IDEOGRAPH-F9AB */ + {0xf9ac, 1, 4033}, /* CJK COMPATIBILITY IDEOGRAPH-F9AC */ + {0xf9ad, 1, 4034}, /* CJK COMPATIBILITY IDEOGRAPH-F9AD */ + {0xf9ae, 1, 4035}, /* CJK COMPATIBILITY IDEOGRAPH-F9AE */ + {0xf9af, 1, 4036}, /* CJK COMPATIBILITY IDEOGRAPH-F9AF */ + {0xf9b0, 1, 4037}, /* CJK COMPATIBILITY IDEOGRAPH-F9B0 */ + {0xf9b1, 1, 4038}, /* CJK COMPATIBILITY IDEOGRAPH-F9B1 */ + {0xf9b2, 1, 4039}, /* CJK COMPATIBILITY IDEOGRAPH-F9B2 */ + {0xf9b3, 1, 4040}, /* CJK COMPATIBILITY IDEOGRAPH-F9B3 */ + {0xf9b4, 1, 4041}, /* CJK COMPATIBILITY IDEOGRAPH-F9B4 */ + {0xf9b5, 1, 4042}, /* CJK COMPATIBILITY IDEOGRAPH-F9B5 */ + {0xf9b6, 1, 4043}, /* CJK COMPATIBILITY IDEOGRAPH-F9B6 */ + {0xf9b7, 1, 4044}, /* CJK COMPATIBILITY IDEOGRAPH-F9B7 */ + {0xf9b8, 1, 4045}, /* CJK COMPATIBILITY IDEOGRAPH-F9B8 */ + {0xf9b9, 1, 4046}, /* CJK COMPATIBILITY IDEOGRAPH-F9B9 */ + {0xf9ba, 1, 4047}, /* CJK COMPATIBILITY IDEOGRAPH-F9BA */ + {0xf9bb, 1, 4048}, /* CJK COMPATIBILITY IDEOGRAPH-F9BB */ + {0xf9bc, 1, 4049}, /* CJK COMPATIBILITY IDEOGRAPH-F9BC */ + {0xf9bd, 1, 4050}, /* CJK COMPATIBILITY IDEOGRAPH-F9BD */ + {0xf9be, 1, 4051}, /* CJK COMPATIBILITY IDEOGRAPH-F9BE */ + {0xf9bf, 1, 3889}, /* CJK COMPATIBILITY IDEOGRAPH-F9BF */ + {0xf9c0, 1, 4052}, /* CJK COMPATIBILITY IDEOGRAPH-F9C0 */ + {0xf9c1, 1, 4053}, /* CJK COMPATIBILITY IDEOGRAPH-F9C1 */ + {0xf9c2, 1, 4054}, /* CJK COMPATIBILITY IDEOGRAPH-F9C2 */ + {0xf9c3, 1, 4055}, /* CJK COMPATIBILITY IDEOGRAPH-F9C3 */ + {0xf9c4, 1, 2584}, /* CJK COMPATIBILITY IDEOGRAPH-F9C4 */ + {0xf9c5, 1, 4056}, /* CJK COMPATIBILITY IDEOGRAPH-F9C5 */ + {0xf9c6, 1, 4057}, /* CJK COMPATIBILITY IDEOGRAPH-F9C6 */ + {0xf9c7, 1, 4058}, /* CJK COMPATIBILITY IDEOGRAPH-F9C7 */ + {0xf9c8, 1, 4059}, /* CJK COMPATIBILITY IDEOGRAPH-F9C8 */ + {0xf9c9, 1, 4060}, /* CJK COMPATIBILITY IDEOGRAPH-F9C9 */ + {0xf9ca, 1, 4061}, /* CJK COMPATIBILITY IDEOGRAPH-F9CA */ + {0xf9cb, 1, 4062}, /* CJK COMPATIBILITY IDEOGRAPH-F9CB */ + {0xf9cc, 1, 4063}, /* CJK COMPATIBILITY IDEOGRAPH-F9CC */ + {0xf9cd, 1, 4064}, /* CJK COMPATIBILITY IDEOGRAPH-F9CD */ + {0xf9ce, 1, 4065}, /* CJK COMPATIBILITY IDEOGRAPH-F9CE */ + {0xf9cf, 1, 4066}, /* CJK COMPATIBILITY IDEOGRAPH-F9CF */ + {0xf9d0, 1, 4067}, /* CJK COMPATIBILITY IDEOGRAPH-F9D0 */ + {0xf9d1, 1, 2950}, /* CJK COMPATIBILITY IDEOGRAPH-F9D1 */ + {0xf9d2, 1, 4068}, /* CJK COMPATIBILITY IDEOGRAPH-F9D2 */ + {0xf9d3, 1, 4069}, /* CJK COMPATIBILITY IDEOGRAPH-F9D3 */ + {0xf9d4, 1, 4070}, /* CJK COMPATIBILITY IDEOGRAPH-F9D4 */ + {0xf9d5, 1, 4071}, /* CJK COMPATIBILITY IDEOGRAPH-F9D5 */ + {0xf9d6, 1, 4072}, /* CJK COMPATIBILITY IDEOGRAPH-F9D6 */ + {0xf9d7, 1, 4073}, /* CJK COMPATIBILITY IDEOGRAPH-F9D7 */ + {0xf9d8, 1, 4074}, /* CJK COMPATIBILITY IDEOGRAPH-F9D8 */ + {0xf9d9, 1, 4075}, /* CJK COMPATIBILITY IDEOGRAPH-F9D9 */ + {0xf9da, 1, 4076}, /* CJK COMPATIBILITY IDEOGRAPH-F9DA */ + {0xf9db, 1, 3963}, /* CJK COMPATIBILITY IDEOGRAPH-F9DB */ + {0xf9dc, 1, 4077}, /* CJK COMPATIBILITY IDEOGRAPH-F9DC */ + {0xf9dd, 1, 4078}, /* CJK COMPATIBILITY IDEOGRAPH-F9DD */ + {0xf9de, 1, 4079}, /* CJK COMPATIBILITY IDEOGRAPH-F9DE */ + {0xf9df, 1, 4080}, /* CJK COMPATIBILITY IDEOGRAPH-F9DF */ + {0xf9e0, 1, 4081}, /* CJK COMPATIBILITY IDEOGRAPH-F9E0 */ + {0xf9e1, 1, 4082}, /* CJK COMPATIBILITY IDEOGRAPH-F9E1 */ + {0xf9e2, 1, 4083}, /* CJK COMPATIBILITY IDEOGRAPH-F9E2 */ + {0xf9e3, 1, 4084}, /* CJK COMPATIBILITY IDEOGRAPH-F9E3 */ + {0xf9e4, 1, 4085}, /* CJK COMPATIBILITY IDEOGRAPH-F9E4 */ + {0xf9e5, 1, 4086}, /* CJK COMPATIBILITY IDEOGRAPH-F9E5 */ + {0xf9e6, 1, 4087}, /* CJK COMPATIBILITY IDEOGRAPH-F9E6 */ + {0xf9e7, 1, 4088}, /* CJK COMPATIBILITY IDEOGRAPH-F9E7 */ + {0xf9e8, 1, 4089}, /* CJK COMPATIBILITY IDEOGRAPH-F9E8 */ + {0xf9e9, 1, 2538}, /* CJK COMPATIBILITY IDEOGRAPH-F9E9 */ + {0xf9ea, 1, 4090}, /* CJK COMPATIBILITY IDEOGRAPH-F9EA */ + {0xf9eb, 1, 4091}, /* CJK COMPATIBILITY IDEOGRAPH-F9EB */ + {0xf9ec, 1, 4092}, /* CJK COMPATIBILITY IDEOGRAPH-F9EC */ + {0xf9ed, 1, 4093}, /* CJK COMPATIBILITY IDEOGRAPH-F9ED */ + {0xf9ee, 1, 4094}, /* CJK COMPATIBILITY IDEOGRAPH-F9EE */ + {0xf9ef, 1, 4095}, /* CJK COMPATIBILITY IDEOGRAPH-F9EF */ + {0xf9f0, 1, 4096}, /* CJK COMPATIBILITY IDEOGRAPH-F9F0 */ + {0xf9f1, 1, 4097}, /* CJK COMPATIBILITY IDEOGRAPH-F9F1 */ + {0xf9f2, 1, 4098}, /* CJK COMPATIBILITY IDEOGRAPH-F9F2 */ + {0xf9f3, 1, 4099}, /* CJK COMPATIBILITY IDEOGRAPH-F9F3 */ + {0xf9f4, 1, 4100}, /* CJK COMPATIBILITY IDEOGRAPH-F9F4 */ + {0xf9f5, 1, 4101}, /* CJK COMPATIBILITY IDEOGRAPH-F9F5 */ + {0xf9f6, 1, 4102}, /* CJK COMPATIBILITY IDEOGRAPH-F9F6 */ + {0xf9f7, 1, 2489}, /* CJK COMPATIBILITY IDEOGRAPH-F9F7 */ + {0xf9f8, 1, 4103}, /* CJK COMPATIBILITY IDEOGRAPH-F9F8 */ + {0xf9f9, 1, 4104}, /* CJK COMPATIBILITY IDEOGRAPH-F9F9 */ + {0xf9fa, 1, 4105}, /* CJK COMPATIBILITY IDEOGRAPH-F9FA */ + {0xf9fb, 1, 4106}, /* CJK COMPATIBILITY IDEOGRAPH-F9FB */ + {0xf9fc, 1, 4107}, /* CJK COMPATIBILITY IDEOGRAPH-F9FC */ + {0xf9fd, 1, 4108}, /* CJK COMPATIBILITY IDEOGRAPH-F9FD */ + {0xf9fe, 1, 4109}, /* CJK COMPATIBILITY IDEOGRAPH-F9FE */ + {0xf9ff, 1, 4110}, /* CJK COMPATIBILITY IDEOGRAPH-F9FF */ + {0xfa00, 1, 4111}, /* CJK COMPATIBILITY IDEOGRAPH-FA00 */ + {0xfa01, 1, 4112}, /* CJK COMPATIBILITY IDEOGRAPH-FA01 */ + {0xfa02, 1, 4113}, /* CJK COMPATIBILITY IDEOGRAPH-FA02 */ + {0xfa03, 1, 4114}, /* CJK COMPATIBILITY IDEOGRAPH-FA03 */ + {0xfa04, 1, 4115}, /* CJK COMPATIBILITY IDEOGRAPH-FA04 */ + {0xfa05, 1, 4116}, /* CJK COMPATIBILITY IDEOGRAPH-FA05 */ + {0xfa06, 1, 4117}, /* CJK COMPATIBILITY IDEOGRAPH-FA06 */ + {0xfa07, 1, 4118}, /* CJK COMPATIBILITY IDEOGRAPH-FA07 */ + {0xfa08, 1, 2516}, /* CJK COMPATIBILITY IDEOGRAPH-FA08 */ + {0xfa09, 1, 4119}, /* CJK COMPATIBILITY IDEOGRAPH-FA09 */ + {0xfa0a, 1, 2519}, /* CJK COMPATIBILITY IDEOGRAPH-FA0A */ + {0xfa0b, 1, 4120}, /* CJK COMPATIBILITY IDEOGRAPH-FA0B */ + {0xfa0c, 1, 4121}, /* CJK COMPATIBILITY IDEOGRAPH-FA0C */ + {0xfa0d, 1, 4122}, /* CJK COMPATIBILITY IDEOGRAPH-FA0D */ + {0xfa10, 1, 4123}, /* CJK COMPATIBILITY IDEOGRAPH-FA10 */ + {0xfa12, 1, 4124}, /* CJK COMPATIBILITY IDEOGRAPH-FA12 */ + {0xfa15, 1, 4125}, /* CJK COMPATIBILITY IDEOGRAPH-FA15 */ + {0xfa16, 1, 4126}, /* CJK COMPATIBILITY IDEOGRAPH-FA16 */ + {0xfa17, 1, 4127}, /* CJK COMPATIBILITY IDEOGRAPH-FA17 */ + {0xfa18, 1, 4128}, /* CJK COMPATIBILITY IDEOGRAPH-FA18 */ + {0xfa19, 1, 4129}, /* CJK COMPATIBILITY IDEOGRAPH-FA19 */ + {0xfa1a, 1, 4130}, /* CJK COMPATIBILITY IDEOGRAPH-FA1A */ + {0xfa1b, 1, 4131}, /* CJK COMPATIBILITY IDEOGRAPH-FA1B */ + {0xfa1c, 1, 4132}, /* CJK COMPATIBILITY IDEOGRAPH-FA1C */ + {0xfa1d, 1, 4133}, /* CJK COMPATIBILITY IDEOGRAPH-FA1D */ + {0xfa1e, 1, 2496}, /* CJK COMPATIBILITY IDEOGRAPH-FA1E */ + {0xfa20, 1, 4134}, /* CJK COMPATIBILITY IDEOGRAPH-FA20 */ + {0xfa22, 1, 4135}, /* CJK COMPATIBILITY IDEOGRAPH-FA22 */ + {0xfa25, 1, 4136}, /* CJK COMPATIBILITY IDEOGRAPH-FA25 */ + {0xfa26, 1, 4137}, /* CJK COMPATIBILITY IDEOGRAPH-FA26 */ + {0xfa2a, 1, 4138}, /* CJK COMPATIBILITY IDEOGRAPH-FA2A */ + {0xfa2b, 1, 4139}, /* CJK COMPATIBILITY IDEOGRAPH-FA2B */ + {0xfa2c, 1, 4140}, /* CJK COMPATIBILITY IDEOGRAPH-FA2C */ + {0xfa2d, 1, 4141}, /* CJK COMPATIBILITY IDEOGRAPH-FA2D */ + {0xfa30, 1, 4142}, /* CJK COMPATIBILITY IDEOGRAPH-FA30 */ + {0xfa31, 1, 4143}, /* CJK COMPATIBILITY IDEOGRAPH-FA31 */ + {0xfa32, 1, 4144}, /* CJK COMPATIBILITY IDEOGRAPH-FA32 */ + {0xfa33, 1, 4145}, /* CJK COMPATIBILITY IDEOGRAPH-FA33 */ + {0xfa34, 1, 4146}, /* CJK COMPATIBILITY IDEOGRAPH-FA34 */ + {0xfa35, 1, 4147}, /* CJK COMPATIBILITY IDEOGRAPH-FA35 */ + {0xfa36, 1, 4148}, /* CJK COMPATIBILITY IDEOGRAPH-FA36 */ + {0xfa37, 1, 4149}, /* CJK COMPATIBILITY IDEOGRAPH-FA37 */ + {0xfa38, 1, 4150}, /* CJK COMPATIBILITY IDEOGRAPH-FA38 */ + {0xfa39, 1, 4151}, /* CJK COMPATIBILITY IDEOGRAPH-FA39 */ + {0xfa3a, 1, 4152}, /* CJK COMPATIBILITY IDEOGRAPH-FA3A */ + {0xfa3b, 1, 4153}, /* CJK COMPATIBILITY IDEOGRAPH-FA3B */ + {0xfa3c, 1, 2417}, /* CJK COMPATIBILITY IDEOGRAPH-FA3C */ + {0xfa3d, 1, 4154}, /* CJK COMPATIBILITY IDEOGRAPH-FA3D */ + {0xfa3e, 1, 4155}, /* CJK COMPATIBILITY IDEOGRAPH-FA3E */ + {0xfa3f, 1, 4156}, /* CJK COMPATIBILITY IDEOGRAPH-FA3F */ + {0xfa40, 1, 4157}, /* CJK COMPATIBILITY IDEOGRAPH-FA40 */ + {0xfa41, 1, 4158}, /* CJK COMPATIBILITY IDEOGRAPH-FA41 */ + {0xfa42, 1, 4159}, /* CJK COMPATIBILITY IDEOGRAPH-FA42 */ + {0xfa43, 1, 4160}, /* CJK COMPATIBILITY IDEOGRAPH-FA43 */ + {0xfa44, 1, 4161}, /* CJK COMPATIBILITY IDEOGRAPH-FA44 */ + {0xfa45, 1, 4162}, /* CJK COMPATIBILITY IDEOGRAPH-FA45 */ + {0xfa46, 1, 4163}, /* CJK COMPATIBILITY IDEOGRAPH-FA46 */ + {0xfa47, 1, 4164}, /* CJK COMPATIBILITY IDEOGRAPH-FA47 */ + {0xfa48, 1, 4165}, /* CJK COMPATIBILITY IDEOGRAPH-FA48 */ + {0xfa49, 1, 4166}, /* CJK COMPATIBILITY IDEOGRAPH-FA49 */ + {0xfa4a, 1, 4167}, /* CJK COMPATIBILITY IDEOGRAPH-FA4A */ + {0xfa4b, 1, 4168}, /* CJK COMPATIBILITY IDEOGRAPH-FA4B */ + {0xfa4c, 1, 2992}, /* CJK COMPATIBILITY IDEOGRAPH-FA4C */ + {0xfa4d, 1, 4169}, /* CJK COMPATIBILITY IDEOGRAPH-FA4D */ + {0xfa4e, 1, 4170}, /* CJK COMPATIBILITY IDEOGRAPH-FA4E */ + {0xfa4f, 1, 4171}, /* CJK COMPATIBILITY IDEOGRAPH-FA4F */ + {0xfa50, 1, 4172}, /* CJK COMPATIBILITY IDEOGRAPH-FA50 */ + {0xfa51, 1, 3004}, /* CJK COMPATIBILITY IDEOGRAPH-FA51 */ + {0xfa52, 1, 4173}, /* CJK COMPATIBILITY IDEOGRAPH-FA52 */ + {0xfa53, 1, 4174}, /* CJK COMPATIBILITY IDEOGRAPH-FA53 */ + {0xfa54, 1, 4175}, /* CJK COMPATIBILITY IDEOGRAPH-FA54 */ + {0xfa55, 1, 4176}, /* CJK COMPATIBILITY IDEOGRAPH-FA55 */ + {0xfa56, 1, 4177}, /* CJK COMPATIBILITY IDEOGRAPH-FA56 */ + {0xfa57, 1, 4013}, /* CJK COMPATIBILITY IDEOGRAPH-FA57 */ + {0xfa58, 1, 4178}, /* CJK COMPATIBILITY IDEOGRAPH-FA58 */ + {0xfa59, 1, 4179}, /* CJK COMPATIBILITY IDEOGRAPH-FA59 */ + {0xfa5a, 1, 4180}, /* CJK COMPATIBILITY IDEOGRAPH-FA5A */ + {0xfa5b, 1, 4181}, /* CJK COMPATIBILITY IDEOGRAPH-FA5B */ + {0xfa5c, 1, 4182}, /* CJK COMPATIBILITY IDEOGRAPH-FA5C */ + {0xfa5d, 1, 4183}, /* CJK COMPATIBILITY IDEOGRAPH-FA5D */ + {0xfa5e, 1, 4183}, /* CJK COMPATIBILITY IDEOGRAPH-FA5E */ + {0xfa5f, 1, 4184}, /* CJK COMPATIBILITY IDEOGRAPH-FA5F */ + {0xfa60, 1, 4185}, /* CJK COMPATIBILITY IDEOGRAPH-FA60 */ + {0xfa61, 1, 4186}, /* CJK COMPATIBILITY IDEOGRAPH-FA61 */ + {0xfa62, 1, 4187}, /* CJK COMPATIBILITY IDEOGRAPH-FA62 */ + {0xfa63, 1, 4188}, /* CJK COMPATIBILITY IDEOGRAPH-FA63 */ + {0xfa64, 1, 4189}, /* CJK COMPATIBILITY IDEOGRAPH-FA64 */ + {0xfa65, 1, 4190}, /* CJK COMPATIBILITY IDEOGRAPH-FA65 */ + {0xfa66, 1, 4191}, /* CJK COMPATIBILITY IDEOGRAPH-FA66 */ + {0xfa67, 1, 4136}, /* CJK COMPATIBILITY IDEOGRAPH-FA67 */ + {0xfa68, 1, 4192}, /* CJK COMPATIBILITY IDEOGRAPH-FA68 */ + {0xfa69, 1, 4193}, /* CJK COMPATIBILITY IDEOGRAPH-FA69 */ + {0xfa6a, 1, 4194}, /* CJK COMPATIBILITY IDEOGRAPH-FA6A */ + {0xfb00, 2, 4195}, /* LATIN SMALL LIGATURE FF */ + {0xfb01, 2, 4197}, /* LATIN SMALL LIGATURE FI */ + {0xfb02, 2, 4199}, /* LATIN SMALL LIGATURE FL */ + {0xfb03, 3, 4196}, /* LATIN SMALL LIGATURE FFI */ + {0xfb04, 3, 4201}, /* LATIN SMALL LIGATURE FFL */ + {0xfb05, 2, 4204}, /* LATIN SMALL LIGATURE LONG S T */ + {0xfb06, 2, 4206}, /* LATIN SMALL LIGATURE ST */ + {0xfb13, 2, 4208}, /* ARMENIAN SMALL LIGATURE MEN NOW */ + {0xfb14, 2, 4210}, /* ARMENIAN SMALL LIGATURE MEN ECH */ + {0xfb15, 2, 4212}, /* ARMENIAN SMALL LIGATURE MEN INI */ + {0xfb16, 2, 4214}, /* ARMENIAN SMALL LIGATURE VEW NOW */ + {0xfb17, 2, 4216}, /* ARMENIAN SMALL LIGATURE MEN XEH */ + {0xfb1d, 2, 4218}, /* HEBREW LETTER YOD WITH HIRIQ */ + {0xfb1f, 2, 4220}, /* HEBREW LIGATURE YIDDISH YOD YOD PATAH */ + {0xfb20, 1, 4222}, /* HEBREW LETTER ALTERNATIVE AYIN */ + {0xfb21, 1, 1950}, /* HEBREW LETTER WIDE ALEF */ + {0xfb22, 1, 1953}, /* HEBREW LETTER WIDE DALET */ + {0xfb23, 1, 4223}, /* HEBREW LETTER WIDE HE */ + {0xfb24, 1, 4224}, /* HEBREW LETTER WIDE KAF */ + {0xfb25, 1, 4225}, /* HEBREW LETTER WIDE LAMED */ + {0xfb26, 1, 4226}, /* HEBREW LETTER WIDE FINAL MEM */ + {0xfb27, 1, 4227}, /* HEBREW LETTER WIDE RESH */ + {0xfb28, 1, 4228}, /* HEBREW LETTER WIDE TAV */ + {0xfb29, 1, 1915}, /* HEBREW LETTER ALTERNATIVE PLUS SIGN */ + {0xfb2a, 2, 4229}, /* HEBREW LETTER SHIN WITH SHIN DOT */ + {0xfb2b, 2, 4231}, /* HEBREW LETTER SHIN WITH SIN DOT */ + {0xfb2c, 2, 4233}, /* HEBREW LETTER SHIN WITH DAGESH AND SHIN DOT */ + {0xfb2d, 2, 4235}, /* HEBREW LETTER SHIN WITH DAGESH AND SIN DOT */ + {0xfb2e, 2, 4237}, /* HEBREW LETTER ALEF WITH PATAH */ + {0xfb2f, 2, 4239}, /* HEBREW LETTER ALEF WITH QAMATS */ + {0xfb30, 2, 4241}, /* HEBREW LETTER ALEF WITH MAPIQ */ + {0xfb31, 2, 4243}, /* HEBREW LETTER BET WITH DAGESH */ + {0xfb32, 2, 4245}, /* HEBREW LETTER GIMEL WITH DAGESH */ + {0xfb33, 2, 4247}, /* HEBREW LETTER DALET WITH DAGESH */ + {0xfb34, 2, 4249}, /* HEBREW LETTER HE WITH MAPIQ */ + {0xfb35, 2, 4251}, /* HEBREW LETTER VAV WITH DAGESH */ + {0xfb36, 2, 4253}, /* HEBREW LETTER ZAYIN WITH DAGESH */ + {0xfb38, 2, 4255}, /* HEBREW LETTER TET WITH DAGESH */ + {0xfb39, 2, 4257}, /* HEBREW LETTER YOD WITH DAGESH */ + {0xfb3a, 2, 4259}, /* HEBREW LETTER FINAL KAF WITH DAGESH */ + {0xfb3b, 2, 4261}, /* HEBREW LETTER KAF WITH DAGESH */ + {0xfb3c, 2, 4263}, /* HEBREW LETTER LAMED WITH DAGESH */ + {0xfb3e, 2, 4265}, /* HEBREW LETTER MEM WITH DAGESH */ + {0xfb40, 2, 4267}, /* HEBREW LETTER NUN WITH DAGESH */ + {0xfb41, 2, 4269}, /* HEBREW LETTER SAMEKH WITH DAGESH */ + {0xfb43, 2, 4271}, /* HEBREW LETTER FINAL PE WITH DAGESH */ + {0xfb44, 2, 4273}, /* HEBREW LETTER PE WITH DAGESH */ + {0xfb46, 2, 4275}, /* HEBREW LETTER TSADI WITH DAGESH */ + {0xfb47, 2, 4277}, /* HEBREW LETTER QOF WITH DAGESH */ + {0xfb48, 2, 4279}, /* HEBREW LETTER RESH WITH DAGESH */ + {0xfb49, 2, 4281}, /* HEBREW LETTER SHIN WITH DAGESH */ + {0xfb4a, 2, 4283}, /* HEBREW LETTER TAV WITH DAGESH */ + {0xfb4b, 2, 4285}, /* HEBREW LETTER VAV WITH HOLAM */ + {0xfb4c, 2, 4287}, /* HEBREW LETTER BET WITH RAFE */ + {0xfb4d, 2, 4289}, /* HEBREW LETTER KAF WITH RAFE */ + {0xfb4e, 2, 4291}, /* HEBREW LETTER PE WITH RAFE */ + {0xfb4f, 2, 4293}, /* HEBREW LIGATURE ALEF LAMED */ + {0xfb50, 1, 4295}, /* ARABIC LETTER ALEF WASLA ISOLATED FORM */ + {0xfb51, 1, 4295}, /* ARABIC LETTER ALEF WASLA FINAL FORM */ + {0xfb52, 1, 4296}, /* ARABIC LETTER BEEH ISOLATED FORM */ + {0xfb53, 1, 4296}, /* ARABIC LETTER BEEH FINAL FORM */ + {0xfb54, 1, 4296}, /* ARABIC LETTER BEEH INITIAL FORM */ + {0xfb55, 1, 4296}, /* ARABIC LETTER BEEH MEDIAL FORM */ + {0xfb56, 1, 4297}, /* ARABIC LETTER PEH ISOLATED FORM */ + {0xfb57, 1, 4297}, /* ARABIC LETTER PEH FINAL FORM */ + {0xfb58, 1, 4297}, /* ARABIC LETTER PEH INITIAL FORM */ + {0xfb59, 1, 4297}, /* ARABIC LETTER PEH MEDIAL FORM */ + {0xfb5a, 1, 4298}, /* ARABIC LETTER BEHEH ISOLATED FORM */ + {0xfb5b, 1, 4298}, /* ARABIC LETTER BEHEH FINAL FORM */ + {0xfb5c, 1, 4298}, /* ARABIC LETTER BEHEH INITIAL FORM */ + {0xfb5d, 1, 4298}, /* ARABIC LETTER BEHEH MEDIAL FORM */ + {0xfb5e, 1, 4299}, /* ARABIC LETTER TTEHEH ISOLATED FORM */ + {0xfb5f, 1, 4299}, /* ARABIC LETTER TTEHEH FINAL FORM */ + {0xfb60, 1, 4299}, /* ARABIC LETTER TTEHEH INITIAL FORM */ + {0xfb61, 1, 4299}, /* ARABIC LETTER TTEHEH MEDIAL FORM */ + {0xfb62, 1, 4300}, /* ARABIC LETTER TEHEH ISOLATED FORM */ + {0xfb63, 1, 4300}, /* ARABIC LETTER TEHEH FINAL FORM */ + {0xfb64, 1, 4300}, /* ARABIC LETTER TEHEH INITIAL FORM */ + {0xfb65, 1, 4300}, /* ARABIC LETTER TEHEH MEDIAL FORM */ + {0xfb66, 1, 4301}, /* ARABIC LETTER TTEH ISOLATED FORM */ + {0xfb67, 1, 4301}, /* ARABIC LETTER TTEH FINAL FORM */ + {0xfb68, 1, 4301}, /* ARABIC LETTER TTEH INITIAL FORM */ + {0xfb69, 1, 4301}, /* ARABIC LETTER TTEH MEDIAL FORM */ + {0xfb6a, 1, 4302}, /* ARABIC LETTER VEH ISOLATED FORM */ + {0xfb6b, 1, 4302}, /* ARABIC LETTER VEH FINAL FORM */ + {0xfb6c, 1, 4302}, /* ARABIC LETTER VEH INITIAL FORM */ + {0xfb6d, 1, 4302}, /* ARABIC LETTER VEH MEDIAL FORM */ + {0xfb6e, 1, 4303}, /* ARABIC LETTER PEHEH ISOLATED FORM */ + {0xfb6f, 1, 4303}, /* ARABIC LETTER PEHEH FINAL FORM */ + {0xfb70, 1, 4303}, /* ARABIC LETTER PEHEH INITIAL FORM */ + {0xfb71, 1, 4303}, /* ARABIC LETTER PEHEH MEDIAL FORM */ + {0xfb72, 1, 4304}, /* ARABIC LETTER DYEH ISOLATED FORM */ + {0xfb73, 1, 4304}, /* ARABIC LETTER DYEH FINAL FORM */ + {0xfb74, 1, 4304}, /* ARABIC LETTER DYEH INITIAL FORM */ + {0xfb75, 1, 4304}, /* ARABIC LETTER DYEH MEDIAL FORM */ + {0xfb76, 1, 4305}, /* ARABIC LETTER NYEH ISOLATED FORM */ + {0xfb77, 1, 4305}, /* ARABIC LETTER NYEH FINAL FORM */ + {0xfb78, 1, 4305}, /* ARABIC LETTER NYEH INITIAL FORM */ + {0xfb79, 1, 4305}, /* ARABIC LETTER NYEH MEDIAL FORM */ + {0xfb7a, 1, 4306}, /* ARABIC LETTER TCHEH ISOLATED FORM */ + {0xfb7b, 1, 4306}, /* ARABIC LETTER TCHEH FINAL FORM */ + {0xfb7c, 1, 4306}, /* ARABIC LETTER TCHEH INITIAL FORM */ + {0xfb7d, 1, 4306}, /* ARABIC LETTER TCHEH MEDIAL FORM */ + {0xfb7e, 1, 4307}, /* ARABIC LETTER TCHEHEH ISOLATED FORM */ + {0xfb7f, 1, 4307}, /* ARABIC LETTER TCHEHEH FINAL FORM */ + {0xfb80, 1, 4307}, /* ARABIC LETTER TCHEHEH INITIAL FORM */ + {0xfb81, 1, 4307}, /* ARABIC LETTER TCHEHEH MEDIAL FORM */ + {0xfb82, 1, 4308}, /* ARABIC LETTER DDAHAL ISOLATED FORM */ + {0xfb83, 1, 4308}, /* ARABIC LETTER DDAHAL FINAL FORM */ + {0xfb84, 1, 4309}, /* ARABIC LETTER DAHAL ISOLATED FORM */ + {0xfb85, 1, 4309}, /* ARABIC LETTER DAHAL FINAL FORM */ + {0xfb86, 1, 4310}, /* ARABIC LETTER DUL ISOLATED FORM */ + {0xfb87, 1, 4310}, /* ARABIC LETTER DUL FINAL FORM */ + {0xfb88, 1, 4311}, /* ARABIC LETTER DDAL ISOLATED FORM */ + {0xfb89, 1, 4311}, /* ARABIC LETTER DDAL FINAL FORM */ + {0xfb8a, 1, 4312}, /* ARABIC LETTER JEH ISOLATED FORM */ + {0xfb8b, 1, 4312}, /* ARABIC LETTER JEH FINAL FORM */ + {0xfb8c, 1, 4313}, /* ARABIC LETTER RREH ISOLATED FORM */ + {0xfb8d, 1, 4313}, /* ARABIC LETTER RREH FINAL FORM */ + {0xfb8e, 1, 4314}, /* ARABIC LETTER KEHEH ISOLATED FORM */ + {0xfb8f, 1, 4314}, /* ARABIC LETTER KEHEH FINAL FORM */ + {0xfb90, 1, 4314}, /* ARABIC LETTER KEHEH INITIAL FORM */ + {0xfb91, 1, 4314}, /* ARABIC LETTER KEHEH MEDIAL FORM */ + {0xfb92, 1, 4315}, /* ARABIC LETTER GAF ISOLATED FORM */ + {0xfb93, 1, 4315}, /* ARABIC LETTER GAF FINAL FORM */ + {0xfb94, 1, 4315}, /* ARABIC LETTER GAF INITIAL FORM */ + {0xfb95, 1, 4315}, /* ARABIC LETTER GAF MEDIAL FORM */ + {0xfb96, 1, 4316}, /* ARABIC LETTER GUEH ISOLATED FORM */ + {0xfb97, 1, 4316}, /* ARABIC LETTER GUEH FINAL FORM */ + {0xfb98, 1, 4316}, /* ARABIC LETTER GUEH INITIAL FORM */ + {0xfb99, 1, 4316}, /* ARABIC LETTER GUEH MEDIAL FORM */ + {0xfb9a, 1, 4317}, /* ARABIC LETTER NGOEH ISOLATED FORM */ + {0xfb9b, 1, 4317}, /* ARABIC LETTER NGOEH FINAL FORM */ + {0xfb9c, 1, 4317}, /* ARABIC LETTER NGOEH INITIAL FORM */ + {0xfb9d, 1, 4317}, /* ARABIC LETTER NGOEH MEDIAL FORM */ + {0xfb9e, 1, 4318}, /* ARABIC LETTER NOON GHUNNA ISOLATED FORM */ + {0xfb9f, 1, 4318}, /* ARABIC LETTER NOON GHUNNA FINAL FORM */ + {0xfba0, 1, 4319}, /* ARABIC LETTER RNOON ISOLATED FORM */ + {0xfba1, 1, 4319}, /* ARABIC LETTER RNOON FINAL FORM */ + {0xfba2, 1, 4319}, /* ARABIC LETTER RNOON INITIAL FORM */ + {0xfba3, 1, 4319}, /* ARABIC LETTER RNOON MEDIAL FORM */ + {0xfba4, 1, 4320}, /* ARABIC LETTER HEH WITH YEH ABOVE ISOLATED FORM */ + {0xfba5, 1, 4320}, /* ARABIC LETTER HEH WITH YEH ABOVE FINAL FORM */ + {0xfba6, 1, 769}, /* ARABIC LETTER HEH GOAL ISOLATED FORM */ + {0xfba7, 1, 769}, /* ARABIC LETTER HEH GOAL FINAL FORM */ + {0xfba8, 1, 769}, /* ARABIC LETTER HEH GOAL INITIAL FORM */ + {0xfba9, 1, 769}, /* ARABIC LETTER HEH GOAL MEDIAL FORM */ + {0xfbaa, 1, 4321}, /* ARABIC LETTER HEH DOACHASHMEE ISOLATED FORM */ + {0xfbab, 1, 4321}, /* ARABIC LETTER HEH DOACHASHMEE FINAL FORM */ + {0xfbac, 1, 4321}, /* ARABIC LETTER HEH DOACHASHMEE INITIAL FORM */ + {0xfbad, 1, 4321}, /* ARABIC LETTER HEH DOACHASHMEE MEDIAL FORM */ + {0xfbae, 1, 771}, /* ARABIC LETTER YEH BARREE ISOLATED FORM */ + {0xfbaf, 1, 771}, /* ARABIC LETTER YEH BARREE FINAL FORM */ + {0xfbb0, 1, 4322}, /* ARABIC LETTER YEH BARREE WITH HAMZA ABOVE ISOLATED FORM */ + {0xfbb1, 1, 4322}, /* ARABIC LETTER YEH BARREE WITH HAMZA ABOVE FINAL FORM */ + {0xfbd3, 1, 4323}, /* ARABIC LETTER NG ISOLATED FORM */ + {0xfbd4, 1, 4323}, /* ARABIC LETTER NG FINAL FORM */ + {0xfbd5, 1, 4323}, /* ARABIC LETTER NG INITIAL FORM */ + {0xfbd6, 1, 4323}, /* ARABIC LETTER NG MEDIAL FORM */ + {0xfbd7, 1, 763}, /* ARABIC LETTER U ISOLATED FORM */ + {0xfbd8, 1, 763}, /* ARABIC LETTER U FINAL FORM */ + {0xfbd9, 1, 4324}, /* ARABIC LETTER OE ISOLATED FORM */ + {0xfbda, 1, 4324}, /* ARABIC LETTER OE FINAL FORM */ + {0xfbdb, 1, 4325}, /* ARABIC LETTER YU ISOLATED FORM */ + {0xfbdc, 1, 4325}, /* ARABIC LETTER YU FINAL FORM */ + {0xfbdd, 1, 4326}, /* ARABIC LETTER U WITH HAMZA ABOVE ISOLATED FORM */ + {0xfbde, 1, 4327}, /* ARABIC LETTER VE ISOLATED FORM */ + {0xfbdf, 1, 4327}, /* ARABIC LETTER VE FINAL FORM */ + {0xfbe0, 1, 4328}, /* ARABIC LETTER KIRGHIZ OE ISOLATED FORM */ + {0xfbe1, 1, 4328}, /* ARABIC LETTER KIRGHIZ OE FINAL FORM */ + {0xfbe2, 1, 4329}, /* ARABIC LETTER KIRGHIZ YU ISOLATED FORM */ + {0xfbe3, 1, 4329}, /* ARABIC LETTER KIRGHIZ YU FINAL FORM */ + {0xfbe4, 1, 4330}, /* ARABIC LETTER E ISOLATED FORM */ + {0xfbe5, 1, 4330}, /* ARABIC LETTER E FINAL FORM */ + {0xfbe6, 1, 4330}, /* ARABIC LETTER E INITIAL FORM */ + {0xfbe7, 1, 4330}, /* ARABIC LETTER E MEDIAL FORM */ + {0xfbe8, 1, 4331}, /* ARABIC LETTER UIGHUR KAZAKH KIRGHIZ ALEF MAKSURA INITIAL FORM */ + {0xfbe9, 1, 4331}, /* ARABIC LETTER UIGHUR KAZAKH KIRGHIZ ALEF MAKSURA MEDIAL FORM */ + {0xfbea, 2, 4332}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF ISOLATED FORM */ + {0xfbeb, 2, 4332}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF FINAL FORM */ + {0xfbec, 2, 4334}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH AE ISOLATED FORM */ + {0xfbed, 2, 4334}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH AE FINAL FORM */ + {0xfbee, 2, 4336}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH WAW ISOLATED FORM */ + {0xfbef, 2, 4336}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH WAW FINAL FORM */ + {0xfbf0, 2, 4338}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH U ISOLATED FORM */ + {0xfbf1, 2, 4338}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH U FINAL FORM */ + {0xfbf2, 2, 4340}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH OE ISOLATED FORM */ + {0xfbf3, 2, 4340}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH OE FINAL FORM */ + {0xfbf4, 2, 4342}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YU ISOLATED FORM */ + {0xfbf5, 2, 4342}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YU FINAL FORM */ + {0xfbf6, 2, 4344}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E ISOLATED FORM */ + {0xfbf7, 2, 4344}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E FINAL FORM */ + {0xfbf8, 2, 4344}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E INITIAL FORM */ + {0xfbf9, 2, 4346}, /* ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA ISOLATED FORM */ + {0xfbfa, 2, 4346}, /* ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA FINAL FORM */ + {0xfbfb, 2, 4346}, /* ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA INITIAL FORM */ + {0xfbfc, 1, 4348}, /* ARABIC LETTER FARSI YEH ISOLATED FORM */ + {0xfbfd, 1, 4348}, /* ARABIC LETTER FARSI YEH FINAL FORM */ + {0xfbfe, 1, 4348}, /* ARABIC LETTER FARSI YEH INITIAL FORM */ + {0xfbff, 1, 4348}, /* ARABIC LETTER FARSI YEH MEDIAL FORM */ + {0xfc00, 2, 4349}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH JEEM ISOLATED FORM */ + {0xfc01, 2, 4351}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HAH ISOLATED FORM */ + {0xfc02, 2, 4353}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM ISOLATED FORM */ + {0xfc03, 2, 4346}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF MAKSURA ISOLATED FORM */ + {0xfc04, 2, 4355}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YEH ISOLATED FORM */ + {0xfc05, 2, 4357}, /* ARABIC LIGATURE BEH WITH JEEM ISOLATED FORM */ + {0xfc06, 2, 4359}, /* ARABIC LIGATURE BEH WITH HAH ISOLATED FORM */ + {0xfc07, 2, 4361}, /* ARABIC LIGATURE BEH WITH KHAH ISOLATED FORM */ + {0xfc08, 2, 4363}, /* ARABIC LIGATURE BEH WITH MEEM ISOLATED FORM */ + {0xfc09, 2, 4365}, /* ARABIC LIGATURE BEH WITH ALEF MAKSURA ISOLATED FORM */ + {0xfc0a, 2, 4367}, /* ARABIC LIGATURE BEH WITH YEH ISOLATED FORM */ + {0xfc0b, 2, 4369}, /* ARABIC LIGATURE TEH WITH JEEM ISOLATED FORM */ + {0xfc0c, 2, 4371}, /* ARABIC LIGATURE TEH WITH HAH ISOLATED FORM */ + {0xfc0d, 2, 4373}, /* ARABIC LIGATURE TEH WITH KHAH ISOLATED FORM */ + {0xfc0e, 2, 4375}, /* ARABIC LIGATURE TEH WITH MEEM ISOLATED FORM */ + {0xfc0f, 2, 4377}, /* ARABIC LIGATURE TEH WITH ALEF MAKSURA ISOLATED FORM */ + {0xfc10, 2, 4379}, /* ARABIC LIGATURE TEH WITH YEH ISOLATED FORM */ + {0xfc11, 2, 4381}, /* ARABIC LIGATURE THEH WITH JEEM ISOLATED FORM */ + {0xfc12, 2, 4383}, /* ARABIC LIGATURE THEH WITH MEEM ISOLATED FORM */ + {0xfc13, 2, 4385}, /* ARABIC LIGATURE THEH WITH ALEF MAKSURA ISOLATED FORM */ + {0xfc14, 2, 4387}, /* ARABIC LIGATURE THEH WITH YEH ISOLATED FORM */ + {0xfc15, 2, 4389}, /* ARABIC LIGATURE JEEM WITH HAH ISOLATED FORM */ + {0xfc16, 2, 4391}, /* ARABIC LIGATURE JEEM WITH MEEM ISOLATED FORM */ + {0xfc17, 2, 4390}, /* ARABIC LIGATURE HAH WITH JEEM ISOLATED FORM */ + {0xfc18, 2, 4393}, /* ARABIC LIGATURE HAH WITH MEEM ISOLATED FORM */ + {0xfc19, 2, 4395}, /* ARABIC LIGATURE KHAH WITH JEEM ISOLATED FORM */ + {0xfc1a, 2, 4397}, /* ARABIC LIGATURE KHAH WITH HAH ISOLATED FORM */ + {0xfc1b, 2, 4399}, /* ARABIC LIGATURE KHAH WITH MEEM ISOLATED FORM */ + {0xfc1c, 2, 4401}, /* ARABIC LIGATURE SEEN WITH JEEM ISOLATED FORM */ + {0xfc1d, 2, 4403}, /* ARABIC LIGATURE SEEN WITH HAH ISOLATED FORM */ + {0xfc1e, 2, 4405}, /* ARABIC LIGATURE SEEN WITH KHAH ISOLATED FORM */ + {0xfc1f, 2, 4407}, /* ARABIC LIGATURE SEEN WITH MEEM ISOLATED FORM */ + {0xfc20, 2, 4409}, /* ARABIC LIGATURE SAD WITH HAH ISOLATED FORM */ + {0xfc21, 2, 4411}, /* ARABIC LIGATURE SAD WITH MEEM ISOLATED FORM */ + {0xfc22, 2, 4413}, /* ARABIC LIGATURE DAD WITH JEEM ISOLATED FORM */ + {0xfc23, 2, 4415}, /* ARABIC LIGATURE DAD WITH HAH ISOLATED FORM */ + {0xfc24, 2, 4417}, /* ARABIC LIGATURE DAD WITH KHAH ISOLATED FORM */ + {0xfc25, 2, 4419}, /* ARABIC LIGATURE DAD WITH MEEM ISOLATED FORM */ + {0xfc26, 2, 4421}, /* ARABIC LIGATURE TAH WITH HAH ISOLATED FORM */ + {0xfc27, 2, 4423}, /* ARABIC LIGATURE TAH WITH MEEM ISOLATED FORM */ + {0xfc28, 2, 4425}, /* ARABIC LIGATURE ZAH WITH MEEM ISOLATED FORM */ + {0xfc29, 2, 4427}, /* ARABIC LIGATURE AIN WITH JEEM ISOLATED FORM */ + {0xfc2a, 2, 4429}, /* ARABIC LIGATURE AIN WITH MEEM ISOLATED FORM */ + {0xfc2b, 2, 4431}, /* ARABIC LIGATURE GHAIN WITH JEEM ISOLATED FORM */ + {0xfc2c, 2, 4433}, /* ARABIC LIGATURE GHAIN WITH MEEM ISOLATED FORM */ + {0xfc2d, 2, 4435}, /* ARABIC LIGATURE FEH WITH JEEM ISOLATED FORM */ + {0xfc2e, 2, 4437}, /* ARABIC LIGATURE FEH WITH HAH ISOLATED FORM */ + {0xfc2f, 2, 4439}, /* ARABIC LIGATURE FEH WITH KHAH ISOLATED FORM */ + {0xfc30, 2, 4441}, /* ARABIC LIGATURE FEH WITH MEEM ISOLATED FORM */ + {0xfc31, 2, 4443}, /* ARABIC LIGATURE FEH WITH ALEF MAKSURA ISOLATED FORM */ + {0xfc32, 2, 4445}, /* ARABIC LIGATURE FEH WITH YEH ISOLATED FORM */ + {0xfc33, 2, 4447}, /* ARABIC LIGATURE QAF WITH HAH ISOLATED FORM */ + {0xfc34, 2, 4449}, /* ARABIC LIGATURE QAF WITH MEEM ISOLATED FORM */ + {0xfc35, 2, 4451}, /* ARABIC LIGATURE QAF WITH ALEF MAKSURA ISOLATED FORM */ + {0xfc36, 2, 4453}, /* ARABIC LIGATURE QAF WITH YEH ISOLATED FORM */ + {0xfc37, 2, 4455}, /* ARABIC LIGATURE KAF WITH ALEF ISOLATED FORM */ + {0xfc38, 2, 4457}, /* ARABIC LIGATURE KAF WITH JEEM ISOLATED FORM */ + {0xfc39, 2, 4459}, /* ARABIC LIGATURE KAF WITH HAH ISOLATED FORM */ + {0xfc3a, 2, 4461}, /* ARABIC LIGATURE KAF WITH KHAH ISOLATED FORM */ + {0xfc3b, 2, 4463}, /* ARABIC LIGATURE KAF WITH LAM ISOLATED FORM */ + {0xfc3c, 2, 4465}, /* ARABIC LIGATURE KAF WITH MEEM ISOLATED FORM */ + {0xfc3d, 2, 4467}, /* ARABIC LIGATURE KAF WITH ALEF MAKSURA ISOLATED FORM */ + {0xfc3e, 2, 4469}, /* ARABIC LIGATURE KAF WITH YEH ISOLATED FORM */ + {0xfc3f, 2, 4471}, /* ARABIC LIGATURE LAM WITH JEEM ISOLATED FORM */ + {0xfc40, 2, 4473}, /* ARABIC LIGATURE LAM WITH HAH ISOLATED FORM */ + {0xfc41, 2, 4475}, /* ARABIC LIGATURE LAM WITH KHAH ISOLATED FORM */ + {0xfc42, 2, 4477}, /* ARABIC LIGATURE LAM WITH MEEM ISOLATED FORM */ + {0xfc43, 2, 4479}, /* ARABIC LIGATURE LAM WITH ALEF MAKSURA ISOLATED FORM */ + {0xfc44, 2, 4481}, /* ARABIC LIGATURE LAM WITH YEH ISOLATED FORM */ + {0xfc45, 2, 4483}, /* ARABIC LIGATURE MEEM WITH JEEM ISOLATED FORM */ + {0xfc46, 2, 4392}, /* ARABIC LIGATURE MEEM WITH HAH ISOLATED FORM */ + {0xfc47, 2, 4394}, /* ARABIC LIGATURE MEEM WITH KHAH ISOLATED FORM */ + {0xfc48, 2, 4485}, /* ARABIC LIGATURE MEEM WITH MEEM ISOLATED FORM */ + {0xfc49, 2, 4487}, /* ARABIC LIGATURE MEEM WITH ALEF MAKSURA ISOLATED FORM */ + {0xfc4a, 2, 4489}, /* ARABIC LIGATURE MEEM WITH YEH ISOLATED FORM */ + {0xfc4b, 2, 4491}, /* ARABIC LIGATURE NOON WITH JEEM ISOLATED FORM */ + {0xfc4c, 2, 4493}, /* ARABIC LIGATURE NOON WITH HAH ISOLATED FORM */ + {0xfc4d, 2, 4495}, /* ARABIC LIGATURE NOON WITH KHAH ISOLATED FORM */ + {0xfc4e, 2, 4497}, /* ARABIC LIGATURE NOON WITH MEEM ISOLATED FORM */ + {0xfc4f, 2, 4499}, /* ARABIC LIGATURE NOON WITH ALEF MAKSURA ISOLATED FORM */ + {0xfc50, 2, 4501}, /* ARABIC LIGATURE NOON WITH YEH ISOLATED FORM */ + {0xfc51, 2, 4503}, /* ARABIC LIGATURE HEH WITH JEEM ISOLATED FORM */ + {0xfc52, 2, 4505}, /* ARABIC LIGATURE HEH WITH MEEM ISOLATED FORM */ + {0xfc53, 2, 4507}, /* ARABIC LIGATURE HEH WITH ALEF MAKSURA ISOLATED FORM */ + {0xfc54, 2, 4509}, /* ARABIC LIGATURE HEH WITH YEH ISOLATED FORM */ + {0xfc55, 2, 4388}, /* ARABIC LIGATURE YEH WITH JEEM ISOLATED FORM */ + {0xfc56, 2, 4511}, /* ARABIC LIGATURE YEH WITH HAH ISOLATED FORM */ + {0xfc57, 2, 4513}, /* ARABIC LIGATURE YEH WITH KHAH ISOLATED FORM */ + {0xfc58, 2, 4482}, /* ARABIC LIGATURE YEH WITH MEEM ISOLATED FORM */ + {0xfc59, 2, 4515}, /* ARABIC LIGATURE YEH WITH ALEF MAKSURA ISOLATED FORM */ + {0xfc5a, 2, 4510}, /* ARABIC LIGATURE YEH WITH YEH ISOLATED FORM */ + {0xfc5b, 2, 4517}, /* ARABIC LIGATURE THAL WITH SUPERSCRIPT ALEF ISOLATED FORM */ + {0xfc5c, 2, 4519}, /* ARABIC LIGATURE REH WITH SUPERSCRIPT ALEF ISOLATED FORM */ + {0xfc5d, 2, 4521}, /* ARABIC LIGATURE ALEF MAKSURA WITH SUPERSCRIPT ALEF ISOLATED FORM */ + {0xfc5e, 3, 4523}, /* ARABIC LIGATURE SHADDA WITH DAMMATAN ISOLATED FORM */ + {0xfc5f, 3, 4526}, /* ARABIC LIGATURE SHADDA WITH KASRATAN ISOLATED FORM */ + {0xfc60, 3, 4529}, /* ARABIC LIGATURE SHADDA WITH FATHA ISOLATED FORM */ + {0xfc61, 3, 4532}, /* ARABIC LIGATURE SHADDA WITH DAMMA ISOLATED FORM */ + {0xfc62, 3, 4535}, /* ARABIC LIGATURE SHADDA WITH KASRA ISOLATED FORM */ + {0xfc63, 3, 4538}, /* ARABIC LIGATURE SHADDA WITH SUPERSCRIPT ALEF ISOLATED FORM */ + {0xfc64, 2, 4541}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH REH FINAL FORM */ + {0xfc65, 2, 4543}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ZAIN FINAL FORM */ + {0xfc66, 2, 4353}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM FINAL FORM */ + {0xfc67, 2, 4545}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH NOON FINAL FORM */ + {0xfc68, 2, 4346}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF MAKSURA FINAL FORM */ + {0xfc69, 2, 4355}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YEH FINAL FORM */ + {0xfc6a, 2, 4547}, /* ARABIC LIGATURE BEH WITH REH FINAL FORM */ + {0xfc6b, 2, 4549}, /* ARABIC LIGATURE BEH WITH ZAIN FINAL FORM */ + {0xfc6c, 2, 4363}, /* ARABIC LIGATURE BEH WITH MEEM FINAL FORM */ + {0xfc6d, 2, 4551}, /* ARABIC LIGATURE BEH WITH NOON FINAL FORM */ + {0xfc6e, 2, 4365}, /* ARABIC LIGATURE BEH WITH ALEF MAKSURA FINAL FORM */ + {0xfc6f, 2, 4367}, /* ARABIC LIGATURE BEH WITH YEH FINAL FORM */ + {0xfc70, 2, 4553}, /* ARABIC LIGATURE TEH WITH REH FINAL FORM */ + {0xfc71, 2, 4555}, /* ARABIC LIGATURE TEH WITH ZAIN FINAL FORM */ + {0xfc72, 2, 4375}, /* ARABIC LIGATURE TEH WITH MEEM FINAL FORM */ + {0xfc73, 2, 4557}, /* ARABIC LIGATURE TEH WITH NOON FINAL FORM */ + {0xfc74, 2, 4377}, /* ARABIC LIGATURE TEH WITH ALEF MAKSURA FINAL FORM */ + {0xfc75, 2, 4379}, /* ARABIC LIGATURE TEH WITH YEH FINAL FORM */ + {0xfc76, 2, 4559}, /* ARABIC LIGATURE THEH WITH REH FINAL FORM */ + {0xfc77, 2, 4561}, /* ARABIC LIGATURE THEH WITH ZAIN FINAL FORM */ + {0xfc78, 2, 4383}, /* ARABIC LIGATURE THEH WITH MEEM FINAL FORM */ + {0xfc79, 2, 4563}, /* ARABIC LIGATURE THEH WITH NOON FINAL FORM */ + {0xfc7a, 2, 4385}, /* ARABIC LIGATURE THEH WITH ALEF MAKSURA FINAL FORM */ + {0xfc7b, 2, 4387}, /* ARABIC LIGATURE THEH WITH YEH FINAL FORM */ + {0xfc7c, 2, 4443}, /* ARABIC LIGATURE FEH WITH ALEF MAKSURA FINAL FORM */ + {0xfc7d, 2, 4445}, /* ARABIC LIGATURE FEH WITH YEH FINAL FORM */ + {0xfc7e, 2, 4451}, /* ARABIC LIGATURE QAF WITH ALEF MAKSURA FINAL FORM */ + {0xfc7f, 2, 4453}, /* ARABIC LIGATURE QAF WITH YEH FINAL FORM */ + {0xfc80, 2, 4455}, /* ARABIC LIGATURE KAF WITH ALEF FINAL FORM */ + {0xfc81, 2, 4463}, /* ARABIC LIGATURE KAF WITH LAM FINAL FORM */ + {0xfc82, 2, 4465}, /* ARABIC LIGATURE KAF WITH MEEM FINAL FORM */ + {0xfc83, 2, 4467}, /* ARABIC LIGATURE KAF WITH ALEF MAKSURA FINAL FORM */ + {0xfc84, 2, 4469}, /* ARABIC LIGATURE KAF WITH YEH FINAL FORM */ + {0xfc85, 2, 4477}, /* ARABIC LIGATURE LAM WITH MEEM FINAL FORM */ + {0xfc86, 2, 4479}, /* ARABIC LIGATURE LAM WITH ALEF MAKSURA FINAL FORM */ + {0xfc87, 2, 4481}, /* ARABIC LIGATURE LAM WITH YEH FINAL FORM */ + {0xfc88, 2, 4565}, /* ARABIC LIGATURE MEEM WITH ALEF FINAL FORM */ + {0xfc89, 2, 4485}, /* ARABIC LIGATURE MEEM WITH MEEM FINAL FORM */ + {0xfc8a, 2, 4567}, /* ARABIC LIGATURE NOON WITH REH FINAL FORM */ + {0xfc8b, 2, 4569}, /* ARABIC LIGATURE NOON WITH ZAIN FINAL FORM */ + {0xfc8c, 2, 4497}, /* ARABIC LIGATURE NOON WITH MEEM FINAL FORM */ + {0xfc8d, 2, 4571}, /* ARABIC LIGATURE NOON WITH NOON FINAL FORM */ + {0xfc8e, 2, 4499}, /* ARABIC LIGATURE NOON WITH ALEF MAKSURA FINAL FORM */ + {0xfc8f, 2, 4501}, /* ARABIC LIGATURE NOON WITH YEH FINAL FORM */ + {0xfc90, 2, 4521}, /* ARABIC LIGATURE ALEF MAKSURA WITH SUPERSCRIPT ALEF FINAL FORM */ + {0xfc91, 2, 4573}, /* ARABIC LIGATURE YEH WITH REH FINAL FORM */ + {0xfc92, 2, 4575}, /* ARABIC LIGATURE YEH WITH ZAIN FINAL FORM */ + {0xfc93, 2, 4482}, /* ARABIC LIGATURE YEH WITH MEEM FINAL FORM */ + {0xfc94, 2, 4490}, /* ARABIC LIGATURE YEH WITH NOON FINAL FORM */ + {0xfc95, 2, 4515}, /* ARABIC LIGATURE YEH WITH ALEF MAKSURA FINAL FORM */ + {0xfc96, 2, 4510}, /* ARABIC LIGATURE YEH WITH YEH FINAL FORM */ + {0xfc97, 2, 4349}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH JEEM INITIAL FORM */ + {0xfc98, 2, 4351}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HAH INITIAL FORM */ + {0xfc99, 2, 4577}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH KHAH INITIAL FORM */ + {0xfc9a, 2, 4353}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM INITIAL FORM */ + {0xfc9b, 2, 4579}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HEH INITIAL FORM */ + {0xfc9c, 2, 4357}, /* ARABIC LIGATURE BEH WITH JEEM INITIAL FORM */ + {0xfc9d, 2, 4359}, /* ARABIC LIGATURE BEH WITH HAH INITIAL FORM */ + {0xfc9e, 2, 4361}, /* ARABIC LIGATURE BEH WITH KHAH INITIAL FORM */ + {0xfc9f, 2, 4363}, /* ARABIC LIGATURE BEH WITH MEEM INITIAL FORM */ + {0xfca0, 2, 4581}, /* ARABIC LIGATURE BEH WITH HEH INITIAL FORM */ + {0xfca1, 2, 4369}, /* ARABIC LIGATURE TEH WITH JEEM INITIAL FORM */ + {0xfca2, 2, 4371}, /* ARABIC LIGATURE TEH WITH HAH INITIAL FORM */ + {0xfca3, 2, 4373}, /* ARABIC LIGATURE TEH WITH KHAH INITIAL FORM */ + {0xfca4, 2, 4375}, /* ARABIC LIGATURE TEH WITH MEEM INITIAL FORM */ + {0xfca5, 2, 4583}, /* ARABIC LIGATURE TEH WITH HEH INITIAL FORM */ + {0xfca6, 2, 4383}, /* ARABIC LIGATURE THEH WITH MEEM INITIAL FORM */ + {0xfca7, 2, 4389}, /* ARABIC LIGATURE JEEM WITH HAH INITIAL FORM */ + {0xfca8, 2, 4391}, /* ARABIC LIGATURE JEEM WITH MEEM INITIAL FORM */ + {0xfca9, 2, 4390}, /* ARABIC LIGATURE HAH WITH JEEM INITIAL FORM */ + {0xfcaa, 2, 4393}, /* ARABIC LIGATURE HAH WITH MEEM INITIAL FORM */ + {0xfcab, 2, 4395}, /* ARABIC LIGATURE KHAH WITH JEEM INITIAL FORM */ + {0xfcac, 2, 4399}, /* ARABIC LIGATURE KHAH WITH MEEM INITIAL FORM */ + {0xfcad, 2, 4401}, /* ARABIC LIGATURE SEEN WITH JEEM INITIAL FORM */ + {0xfcae, 2, 4403}, /* ARABIC LIGATURE SEEN WITH HAH INITIAL FORM */ + {0xfcaf, 2, 4405}, /* ARABIC LIGATURE SEEN WITH KHAH INITIAL FORM */ + {0xfcb0, 2, 4407}, /* ARABIC LIGATURE SEEN WITH MEEM INITIAL FORM */ + {0xfcb1, 2, 4409}, /* ARABIC LIGATURE SAD WITH HAH INITIAL FORM */ + {0xfcb2, 2, 4585}, /* ARABIC LIGATURE SAD WITH KHAH INITIAL FORM */ + {0xfcb3, 2, 4411}, /* ARABIC LIGATURE SAD WITH MEEM INITIAL FORM */ + {0xfcb4, 2, 4413}, /* ARABIC LIGATURE DAD WITH JEEM INITIAL FORM */ + {0xfcb5, 2, 4415}, /* ARABIC LIGATURE DAD WITH HAH INITIAL FORM */ + {0xfcb6, 2, 4417}, /* ARABIC LIGATURE DAD WITH KHAH INITIAL FORM */ + {0xfcb7, 2, 4419}, /* ARABIC LIGATURE DAD WITH MEEM INITIAL FORM */ + {0xfcb8, 2, 4421}, /* ARABIC LIGATURE TAH WITH HAH INITIAL FORM */ + {0xfcb9, 2, 4425}, /* ARABIC LIGATURE ZAH WITH MEEM INITIAL FORM */ + {0xfcba, 2, 4427}, /* ARABIC LIGATURE AIN WITH JEEM INITIAL FORM */ + {0xfcbb, 2, 4429}, /* ARABIC LIGATURE AIN WITH MEEM INITIAL FORM */ + {0xfcbc, 2, 4431}, /* ARABIC LIGATURE GHAIN WITH JEEM INITIAL FORM */ + {0xfcbd, 2, 4433}, /* ARABIC LIGATURE GHAIN WITH MEEM INITIAL FORM */ + {0xfcbe, 2, 4435}, /* ARABIC LIGATURE FEH WITH JEEM INITIAL FORM */ + {0xfcbf, 2, 4437}, /* ARABIC LIGATURE FEH WITH HAH INITIAL FORM */ + {0xfcc0, 2, 4439}, /* ARABIC LIGATURE FEH WITH KHAH INITIAL FORM */ + {0xfcc1, 2, 4441}, /* ARABIC LIGATURE FEH WITH MEEM INITIAL FORM */ + {0xfcc2, 2, 4447}, /* ARABIC LIGATURE QAF WITH HAH INITIAL FORM */ + {0xfcc3, 2, 4449}, /* ARABIC LIGATURE QAF WITH MEEM INITIAL FORM */ + {0xfcc4, 2, 4457}, /* ARABIC LIGATURE KAF WITH JEEM INITIAL FORM */ + {0xfcc5, 2, 4459}, /* ARABIC LIGATURE KAF WITH HAH INITIAL FORM */ + {0xfcc6, 2, 4461}, /* ARABIC LIGATURE KAF WITH KHAH INITIAL FORM */ + {0xfcc7, 2, 4463}, /* ARABIC LIGATURE KAF WITH LAM INITIAL FORM */ + {0xfcc8, 2, 4465}, /* ARABIC LIGATURE KAF WITH MEEM INITIAL FORM */ + {0xfcc9, 2, 4471}, /* ARABIC LIGATURE LAM WITH JEEM INITIAL FORM */ + {0xfcca, 2, 4473}, /* ARABIC LIGATURE LAM WITH HAH INITIAL FORM */ + {0xfccb, 2, 4475}, /* ARABIC LIGATURE LAM WITH KHAH INITIAL FORM */ + {0xfccc, 2, 4477}, /* ARABIC LIGATURE LAM WITH MEEM INITIAL FORM */ + {0xfccd, 2, 4587}, /* ARABIC LIGATURE LAM WITH HEH INITIAL FORM */ + {0xfcce, 2, 4483}, /* ARABIC LIGATURE MEEM WITH JEEM INITIAL FORM */ + {0xfccf, 2, 4392}, /* ARABIC LIGATURE MEEM WITH HAH INITIAL FORM */ + {0xfcd0, 2, 4394}, /* ARABIC LIGATURE MEEM WITH KHAH INITIAL FORM */ + {0xfcd1, 2, 4485}, /* ARABIC LIGATURE MEEM WITH MEEM INITIAL FORM */ + {0xfcd2, 2, 4491}, /* ARABIC LIGATURE NOON WITH JEEM INITIAL FORM */ + {0xfcd3, 2, 4493}, /* ARABIC LIGATURE NOON WITH HAH INITIAL FORM */ + {0xfcd4, 2, 4495}, /* ARABIC LIGATURE NOON WITH KHAH INITIAL FORM */ + {0xfcd5, 2, 4497}, /* ARABIC LIGATURE NOON WITH MEEM INITIAL FORM */ + {0xfcd6, 2, 4589}, /* ARABIC LIGATURE NOON WITH HEH INITIAL FORM */ + {0xfcd7, 2, 4503}, /* ARABIC LIGATURE HEH WITH JEEM INITIAL FORM */ + {0xfcd8, 2, 4505}, /* ARABIC LIGATURE HEH WITH MEEM INITIAL FORM */ + {0xfcd9, 2, 4591}, /* ARABIC LIGATURE HEH WITH SUPERSCRIPT ALEF INITIAL FORM */ + {0xfcda, 2, 4388}, /* ARABIC LIGATURE YEH WITH JEEM INITIAL FORM */ + {0xfcdb, 2, 4511}, /* ARABIC LIGATURE YEH WITH HAH INITIAL FORM */ + {0xfcdc, 2, 4513}, /* ARABIC LIGATURE YEH WITH KHAH INITIAL FORM */ + {0xfcdd, 2, 4482}, /* ARABIC LIGATURE YEH WITH MEEM INITIAL FORM */ + {0xfcde, 2, 4502}, /* ARABIC LIGATURE YEH WITH HEH INITIAL FORM */ + {0xfcdf, 2, 4353}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM MEDIAL FORM */ + {0xfce0, 2, 4579}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HEH MEDIAL FORM */ + {0xfce1, 2, 4363}, /* ARABIC LIGATURE BEH WITH MEEM MEDIAL FORM */ + {0xfce2, 2, 4581}, /* ARABIC LIGATURE BEH WITH HEH MEDIAL FORM */ + {0xfce3, 2, 4375}, /* ARABIC LIGATURE TEH WITH MEEM MEDIAL FORM */ + {0xfce4, 2, 4583}, /* ARABIC LIGATURE TEH WITH HEH MEDIAL FORM */ + {0xfce5, 2, 4383}, /* ARABIC LIGATURE THEH WITH MEEM MEDIAL FORM */ + {0xfce6, 2, 4593}, /* ARABIC LIGATURE THEH WITH HEH MEDIAL FORM */ + {0xfce7, 2, 4407}, /* ARABIC LIGATURE SEEN WITH MEEM MEDIAL FORM */ + {0xfce8, 2, 4595}, /* ARABIC LIGATURE SEEN WITH HEH MEDIAL FORM */ + {0xfce9, 2, 4597}, /* ARABIC LIGATURE SHEEN WITH MEEM MEDIAL FORM */ + {0xfcea, 2, 4599}, /* ARABIC LIGATURE SHEEN WITH HEH MEDIAL FORM */ + {0xfceb, 2, 4463}, /* ARABIC LIGATURE KAF WITH LAM MEDIAL FORM */ + {0xfcec, 2, 4465}, /* ARABIC LIGATURE KAF WITH MEEM MEDIAL FORM */ + {0xfced, 2, 4477}, /* ARABIC LIGATURE LAM WITH MEEM MEDIAL FORM */ + {0xfcee, 2, 4497}, /* ARABIC LIGATURE NOON WITH MEEM MEDIAL FORM */ + {0xfcef, 2, 4589}, /* ARABIC LIGATURE NOON WITH HEH MEDIAL FORM */ + {0xfcf0, 2, 4482}, /* ARABIC LIGATURE YEH WITH MEEM MEDIAL FORM */ + {0xfcf1, 2, 4502}, /* ARABIC LIGATURE YEH WITH HEH MEDIAL FORM */ + {0xfcf2, 3, 4601}, /* ARABIC LIGATURE SHADDA WITH FATHA MEDIAL FORM */ + {0xfcf3, 3, 4604}, /* ARABIC LIGATURE SHADDA WITH DAMMA MEDIAL FORM */ + {0xfcf4, 3, 4607}, /* ARABIC LIGATURE SHADDA WITH KASRA MEDIAL FORM */ + {0xfcf5, 2, 4610}, /* ARABIC LIGATURE TAH WITH ALEF MAKSURA ISOLATED FORM */ + {0xfcf6, 2, 4612}, /* ARABIC LIGATURE TAH WITH YEH ISOLATED FORM */ + {0xfcf7, 2, 4614}, /* ARABIC LIGATURE AIN WITH ALEF MAKSURA ISOLATED FORM */ + {0xfcf8, 2, 4616}, /* ARABIC LIGATURE AIN WITH YEH ISOLATED FORM */ + {0xfcf9, 2, 4618}, /* ARABIC LIGATURE GHAIN WITH ALEF MAKSURA ISOLATED FORM */ + {0xfcfa, 2, 4620}, /* ARABIC LIGATURE GHAIN WITH YEH ISOLATED FORM */ + {0xfcfb, 2, 4622}, /* ARABIC LIGATURE SEEN WITH ALEF MAKSURA ISOLATED FORM */ + {0xfcfc, 2, 4624}, /* ARABIC LIGATURE SEEN WITH YEH ISOLATED FORM */ + {0xfcfd, 2, 4626}, /* ARABIC LIGATURE SHEEN WITH ALEF MAKSURA ISOLATED FORM */ + {0xfcfe, 2, 4628}, /* ARABIC LIGATURE SHEEN WITH YEH ISOLATED FORM */ + {0xfcff, 2, 4630}, /* ARABIC LIGATURE HAH WITH ALEF MAKSURA ISOLATED FORM */ + {0xfd00, 2, 4512}, /* ARABIC LIGATURE HAH WITH YEH ISOLATED FORM */ + {0xfd01, 2, 4632}, /* ARABIC LIGATURE JEEM WITH ALEF MAKSURA ISOLATED FORM */ + {0xfd02, 2, 4634}, /* ARABIC LIGATURE JEEM WITH YEH ISOLATED FORM */ + {0xfd03, 2, 4636}, /* ARABIC LIGATURE KHAH WITH ALEF MAKSURA ISOLATED FORM */ + {0xfd04, 2, 4514}, /* ARABIC LIGATURE KHAH WITH YEH ISOLATED FORM */ + {0xfd05, 2, 4638}, /* ARABIC LIGATURE SAD WITH ALEF MAKSURA ISOLATED FORM */ + {0xfd06, 2, 4640}, /* ARABIC LIGATURE SAD WITH YEH ISOLATED FORM */ + {0xfd07, 2, 4642}, /* ARABIC LIGATURE DAD WITH ALEF MAKSURA ISOLATED FORM */ + {0xfd08, 2, 4644}, /* ARABIC LIGATURE DAD WITH YEH ISOLATED FORM */ + {0xfd09, 2, 4646}, /* ARABIC LIGATURE SHEEN WITH JEEM ISOLATED FORM */ + {0xfd0a, 2, 4648}, /* ARABIC LIGATURE SHEEN WITH HAH ISOLATED FORM */ + {0xfd0b, 2, 4650}, /* ARABIC LIGATURE SHEEN WITH KHAH ISOLATED FORM */ + {0xfd0c, 2, 4597}, /* ARABIC LIGATURE SHEEN WITH MEEM ISOLATED FORM */ + {0xfd0d, 2, 4652}, /* ARABIC LIGATURE SHEEN WITH REH ISOLATED FORM */ + {0xfd0e, 2, 4654}, /* ARABIC LIGATURE SEEN WITH REH ISOLATED FORM */ + {0xfd0f, 2, 4656}, /* ARABIC LIGATURE SAD WITH REH ISOLATED FORM */ + {0xfd10, 2, 4658}, /* ARABIC LIGATURE DAD WITH REH ISOLATED FORM */ + {0xfd11, 2, 4610}, /* ARABIC LIGATURE TAH WITH ALEF MAKSURA FINAL FORM */ + {0xfd12, 2, 4612}, /* ARABIC LIGATURE TAH WITH YEH FINAL FORM */ + {0xfd13, 2, 4614}, /* ARABIC LIGATURE AIN WITH ALEF MAKSURA FINAL FORM */ + {0xfd14, 2, 4616}, /* ARABIC LIGATURE AIN WITH YEH FINAL FORM */ + {0xfd15, 2, 4618}, /* ARABIC LIGATURE GHAIN WITH ALEF MAKSURA FINAL FORM */ + {0xfd16, 2, 4620}, /* ARABIC LIGATURE GHAIN WITH YEH FINAL FORM */ + {0xfd17, 2, 4622}, /* ARABIC LIGATURE SEEN WITH ALEF MAKSURA FINAL FORM */ + {0xfd18, 2, 4624}, /* ARABIC LIGATURE SEEN WITH YEH FINAL FORM */ + {0xfd19, 2, 4626}, /* ARABIC LIGATURE SHEEN WITH ALEF MAKSURA FINAL FORM */ + {0xfd1a, 2, 4628}, /* ARABIC LIGATURE SHEEN WITH YEH FINAL FORM */ + {0xfd1b, 2, 4630}, /* ARABIC LIGATURE HAH WITH ALEF MAKSURA FINAL FORM */ + {0xfd1c, 2, 4512}, /* ARABIC LIGATURE HAH WITH YEH FINAL FORM */ + {0xfd1d, 2, 4632}, /* ARABIC LIGATURE JEEM WITH ALEF MAKSURA FINAL FORM */ + {0xfd1e, 2, 4634}, /* ARABIC LIGATURE JEEM WITH YEH FINAL FORM */ + {0xfd1f, 2, 4636}, /* ARABIC LIGATURE KHAH WITH ALEF MAKSURA FINAL FORM */ + {0xfd20, 2, 4514}, /* ARABIC LIGATURE KHAH WITH YEH FINAL FORM */ + {0xfd21, 2, 4638}, /* ARABIC LIGATURE SAD WITH ALEF MAKSURA FINAL FORM */ + {0xfd22, 2, 4640}, /* ARABIC LIGATURE SAD WITH YEH FINAL FORM */ + {0xfd23, 2, 4642}, /* ARABIC LIGATURE DAD WITH ALEF MAKSURA FINAL FORM */ + {0xfd24, 2, 4644}, /* ARABIC LIGATURE DAD WITH YEH FINAL FORM */ + {0xfd25, 2, 4646}, /* ARABIC LIGATURE SHEEN WITH JEEM FINAL FORM */ + {0xfd26, 2, 4648}, /* ARABIC LIGATURE SHEEN WITH HAH FINAL FORM */ + {0xfd27, 2, 4650}, /* ARABIC LIGATURE SHEEN WITH KHAH FINAL FORM */ + {0xfd28, 2, 4597}, /* ARABIC LIGATURE SHEEN WITH MEEM FINAL FORM */ + {0xfd29, 2, 4652}, /* ARABIC LIGATURE SHEEN WITH REH FINAL FORM */ + {0xfd2a, 2, 4654}, /* ARABIC LIGATURE SEEN WITH REH FINAL FORM */ + {0xfd2b, 2, 4656}, /* ARABIC LIGATURE SAD WITH REH FINAL FORM */ + {0xfd2c, 2, 4658}, /* ARABIC LIGATURE DAD WITH REH FINAL FORM */ + {0xfd2d, 2, 4646}, /* ARABIC LIGATURE SHEEN WITH JEEM INITIAL FORM */ + {0xfd2e, 2, 4648}, /* ARABIC LIGATURE SHEEN WITH HAH INITIAL FORM */ + {0xfd2f, 2, 4650}, /* ARABIC LIGATURE SHEEN WITH KHAH INITIAL FORM */ + {0xfd30, 2, 4597}, /* ARABIC LIGATURE SHEEN WITH MEEM INITIAL FORM */ + {0xfd31, 2, 4595}, /* ARABIC LIGATURE SEEN WITH HEH INITIAL FORM */ + {0xfd32, 2, 4599}, /* ARABIC LIGATURE SHEEN WITH HEH INITIAL FORM */ + {0xfd33, 2, 4423}, /* ARABIC LIGATURE TAH WITH MEEM INITIAL FORM */ + {0xfd34, 2, 4401}, /* ARABIC LIGATURE SEEN WITH JEEM MEDIAL FORM */ + {0xfd35, 2, 4403}, /* ARABIC LIGATURE SEEN WITH HAH MEDIAL FORM */ + {0xfd36, 2, 4405}, /* ARABIC LIGATURE SEEN WITH KHAH MEDIAL FORM */ + {0xfd37, 2, 4646}, /* ARABIC LIGATURE SHEEN WITH JEEM MEDIAL FORM */ + {0xfd38, 2, 4648}, /* ARABIC LIGATURE SHEEN WITH HAH MEDIAL FORM */ + {0xfd39, 2, 4650}, /* ARABIC LIGATURE SHEEN WITH KHAH MEDIAL FORM */ + {0xfd3a, 2, 4423}, /* ARABIC LIGATURE TAH WITH MEEM MEDIAL FORM */ + {0xfd3b, 2, 4425}, /* ARABIC LIGATURE ZAH WITH MEEM MEDIAL FORM */ + {0xfd3c, 2, 4660}, /* ARABIC LIGATURE ALEF WITH FATHATAN FINAL FORM */ + {0xfd3d, 2, 4660}, /* ARABIC LIGATURE ALEF WITH FATHATAN ISOLATED FORM */ + {0xfd50, 3, 4662}, /* ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM */ + {0xfd51, 3, 4665}, /* ARABIC LIGATURE TEH WITH HAH WITH JEEM FINAL FORM */ + {0xfd52, 3, 4665}, /* ARABIC LIGATURE TEH WITH HAH WITH JEEM INITIAL FORM */ + {0xfd53, 3, 4668}, /* ARABIC LIGATURE TEH WITH HAH WITH MEEM INITIAL FORM */ + {0xfd54, 3, 4671}, /* ARABIC LIGATURE TEH WITH KHAH WITH MEEM INITIAL FORM */ + {0xfd55, 3, 4674}, /* ARABIC LIGATURE TEH WITH MEEM WITH JEEM INITIAL FORM */ + {0xfd56, 3, 4677}, /* ARABIC LIGATURE TEH WITH MEEM WITH HAH INITIAL FORM */ + {0xfd57, 3, 4680}, /* ARABIC LIGATURE TEH WITH MEEM WITH KHAH INITIAL FORM */ + {0xfd58, 3, 4391}, /* ARABIC LIGATURE JEEM WITH MEEM WITH HAH FINAL FORM */ + {0xfd59, 3, 4391}, /* ARABIC LIGATURE JEEM WITH MEEM WITH HAH INITIAL FORM */ + {0xfd5a, 3, 4683}, /* ARABIC LIGATURE HAH WITH MEEM WITH YEH FINAL FORM */ + {0xfd5b, 3, 4686}, /* ARABIC LIGATURE HAH WITH MEEM WITH ALEF MAKSURA FINAL FORM */ + {0xfd5c, 3, 4689}, /* ARABIC LIGATURE SEEN WITH HAH WITH JEEM INITIAL FORM */ + {0xfd5d, 3, 4692}, /* ARABIC LIGATURE SEEN WITH JEEM WITH HAH INITIAL FORM */ + {0xfd5e, 3, 4695}, /* ARABIC LIGATURE SEEN WITH JEEM WITH ALEF MAKSURA FINAL FORM */ + {0xfd5f, 3, 4698}, /* ARABIC LIGATURE SEEN WITH MEEM WITH HAH FINAL FORM */ + {0xfd60, 3, 4698}, /* ARABIC LIGATURE SEEN WITH MEEM WITH HAH INITIAL FORM */ + {0xfd61, 3, 4701}, /* ARABIC LIGATURE SEEN WITH MEEM WITH JEEM INITIAL FORM */ + {0xfd62, 3, 4704}, /* ARABIC LIGATURE SEEN WITH MEEM WITH MEEM FINAL FORM */ + {0xfd63, 3, 4704}, /* ARABIC LIGATURE SEEN WITH MEEM WITH MEEM INITIAL FORM */ + {0xfd64, 3, 4707}, /* ARABIC LIGATURE SAD WITH HAH WITH HAH FINAL FORM */ + {0xfd65, 3, 4707}, /* ARABIC LIGATURE SAD WITH HAH WITH HAH INITIAL FORM */ + {0xfd66, 3, 4710}, /* ARABIC LIGATURE SAD WITH MEEM WITH MEEM FINAL FORM */ + {0xfd67, 3, 4713}, /* ARABIC LIGATURE SHEEN WITH HAH WITH MEEM FINAL FORM */ + {0xfd68, 3, 4713}, /* ARABIC LIGATURE SHEEN WITH HAH WITH MEEM INITIAL FORM */ + {0xfd69, 3, 4716}, /* ARABIC LIGATURE SHEEN WITH JEEM WITH YEH FINAL FORM */ + {0xfd6a, 3, 4719}, /* ARABIC LIGATURE SHEEN WITH MEEM WITH KHAH FINAL FORM */ + {0xfd6b, 3, 4719}, /* ARABIC LIGATURE SHEEN WITH MEEM WITH KHAH INITIAL FORM */ + {0xfd6c, 3, 4722}, /* ARABIC LIGATURE SHEEN WITH MEEM WITH MEEM FINAL FORM */ + {0xfd6d, 3, 4722}, /* ARABIC LIGATURE SHEEN WITH MEEM WITH MEEM INITIAL FORM */ + {0xfd6e, 3, 4725}, /* ARABIC LIGATURE DAD WITH HAH WITH ALEF MAKSURA FINAL FORM */ + {0xfd6f, 3, 4728}, /* ARABIC LIGATURE DAD WITH KHAH WITH MEEM FINAL FORM */ + {0xfd70, 3, 4728}, /* ARABIC LIGATURE DAD WITH KHAH WITH MEEM INITIAL FORM */ + {0xfd71, 3, 4731}, /* ARABIC LIGATURE TAH WITH MEEM WITH HAH FINAL FORM */ + {0xfd72, 3, 4731}, /* ARABIC LIGATURE TAH WITH MEEM WITH HAH INITIAL FORM */ + {0xfd73, 3, 4734}, /* ARABIC LIGATURE TAH WITH MEEM WITH MEEM INITIAL FORM */ + {0xfd74, 3, 4737}, /* ARABIC LIGATURE TAH WITH MEEM WITH YEH FINAL FORM */ + {0xfd75, 3, 4740}, /* ARABIC LIGATURE AIN WITH JEEM WITH MEEM FINAL FORM */ + {0xfd76, 3, 4743}, /* ARABIC LIGATURE AIN WITH MEEM WITH MEEM FINAL FORM */ + {0xfd77, 3, 4743}, /* ARABIC LIGATURE AIN WITH MEEM WITH MEEM INITIAL FORM */ + {0xfd78, 3, 4746}, /* ARABIC LIGATURE AIN WITH MEEM WITH ALEF MAKSURA FINAL FORM */ + {0xfd79, 3, 4749}, /* ARABIC LIGATURE GHAIN WITH MEEM WITH MEEM FINAL FORM */ + {0xfd7a, 3, 4752}, /* ARABIC LIGATURE GHAIN WITH MEEM WITH YEH FINAL FORM */ + {0xfd7b, 3, 4755}, /* ARABIC LIGATURE GHAIN WITH MEEM WITH ALEF MAKSURA FINAL FORM */ + {0xfd7c, 3, 4758}, /* ARABIC LIGATURE FEH WITH KHAH WITH MEEM FINAL FORM */ + {0xfd7d, 3, 4758}, /* ARABIC LIGATURE FEH WITH KHAH WITH MEEM INITIAL FORM */ + {0xfd7e, 3, 4761}, /* ARABIC LIGATURE QAF WITH MEEM WITH HAH FINAL FORM */ + {0xfd7f, 3, 4764}, /* ARABIC LIGATURE QAF WITH MEEM WITH MEEM FINAL FORM */ + {0xfd80, 3, 4767}, /* ARABIC LIGATURE LAM WITH HAH WITH MEEM FINAL FORM */ + {0xfd81, 3, 4770}, /* ARABIC LIGATURE LAM WITH HAH WITH YEH FINAL FORM */ + {0xfd82, 3, 4773}, /* ARABIC LIGATURE LAM WITH HAH WITH ALEF MAKSURA FINAL FORM */ + {0xfd83, 3, 4776}, /* ARABIC LIGATURE LAM WITH JEEM WITH JEEM INITIAL FORM */ + {0xfd84, 3, 4776}, /* ARABIC LIGATURE LAM WITH JEEM WITH JEEM FINAL FORM */ + {0xfd85, 3, 4779}, /* ARABIC LIGATURE LAM WITH KHAH WITH MEEM FINAL FORM */ + {0xfd86, 3, 4779}, /* ARABIC LIGATURE LAM WITH KHAH WITH MEEM INITIAL FORM */ + {0xfd87, 3, 4782}, /* ARABIC LIGATURE LAM WITH MEEM WITH HAH FINAL FORM */ + {0xfd88, 3, 4782}, /* ARABIC LIGATURE LAM WITH MEEM WITH HAH INITIAL FORM */ + {0xfd89, 3, 4785}, /* ARABIC LIGATURE MEEM WITH HAH WITH JEEM INITIAL FORM */ + {0xfd8a, 3, 4392}, /* ARABIC LIGATURE MEEM WITH HAH WITH MEEM INITIAL FORM */ + {0xfd8b, 3, 4788}, /* ARABIC LIGATURE MEEM WITH HAH WITH YEH FINAL FORM */ + {0xfd8c, 3, 4791}, /* ARABIC LIGATURE MEEM WITH JEEM WITH HAH INITIAL FORM */ + {0xfd8d, 3, 4483}, /* ARABIC LIGATURE MEEM WITH JEEM WITH MEEM INITIAL FORM */ + {0xfd8e, 3, 4394}, /* ARABIC LIGATURE MEEM WITH KHAH WITH JEEM INITIAL FORM */ + {0xfd8f, 3, 4794}, /* ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM */ + {0xfd92, 3, 4797}, /* ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM */ + {0xfd93, 3, 4800}, /* ARABIC LIGATURE HEH WITH MEEM WITH JEEM INITIAL FORM */ + {0xfd94, 3, 4803}, /* ARABIC LIGATURE HEH WITH MEEM WITH MEEM INITIAL FORM */ + {0xfd95, 3, 4806}, /* ARABIC LIGATURE NOON WITH HAH WITH MEEM INITIAL FORM */ + {0xfd96, 3, 4809}, /* ARABIC LIGATURE NOON WITH HAH WITH ALEF MAKSURA FINAL FORM */ + {0xfd97, 3, 4812}, /* ARABIC LIGATURE NOON WITH JEEM WITH MEEM FINAL FORM */ + {0xfd98, 3, 4812}, /* ARABIC LIGATURE NOON WITH JEEM WITH MEEM INITIAL FORM */ + {0xfd99, 3, 4815}, /* ARABIC LIGATURE NOON WITH JEEM WITH ALEF MAKSURA FINAL FORM */ + {0xfd9a, 3, 4818}, /* ARABIC LIGATURE NOON WITH MEEM WITH YEH FINAL FORM */ + {0xfd9b, 3, 4821}, /* ARABIC LIGATURE NOON WITH MEEM WITH ALEF MAKSURA FINAL FORM */ + {0xfd9c, 3, 4824}, /* ARABIC LIGATURE YEH WITH MEEM WITH MEEM FINAL FORM */ + {0xfd9d, 3, 4824}, /* ARABIC LIGATURE YEH WITH MEEM WITH MEEM INITIAL FORM */ + {0xfd9e, 3, 4827}, /* ARABIC LIGATURE BEH WITH KHAH WITH YEH FINAL FORM */ + {0xfd9f, 3, 4830}, /* ARABIC LIGATURE TEH WITH JEEM WITH YEH FINAL FORM */ + {0xfda0, 3, 4833}, /* ARABIC LIGATURE TEH WITH JEEM WITH ALEF MAKSURA FINAL FORM */ + {0xfda1, 3, 4836}, /* ARABIC LIGATURE TEH WITH KHAH WITH YEH FINAL FORM */ + {0xfda2, 3, 4839}, /* ARABIC LIGATURE TEH WITH KHAH WITH ALEF MAKSURA FINAL FORM */ + {0xfda3, 3, 4842}, /* ARABIC LIGATURE TEH WITH MEEM WITH YEH FINAL FORM */ + {0xfda4, 3, 4845}, /* ARABIC LIGATURE TEH WITH MEEM WITH ALEF MAKSURA FINAL FORM */ + {0xfda5, 3, 4848}, /* ARABIC LIGATURE JEEM WITH MEEM WITH YEH FINAL FORM */ + {0xfda6, 3, 4851}, /* ARABIC LIGATURE JEEM WITH HAH WITH ALEF MAKSURA FINAL FORM */ + {0xfda7, 3, 4854}, /* ARABIC LIGATURE JEEM WITH MEEM WITH ALEF MAKSURA FINAL FORM */ + {0xfda8, 3, 4857}, /* ARABIC LIGATURE SEEN WITH KHAH WITH ALEF MAKSURA FINAL FORM */ + {0xfda9, 3, 4860}, /* ARABIC LIGATURE SAD WITH HAH WITH YEH FINAL FORM */ + {0xfdaa, 3, 4863}, /* ARABIC LIGATURE SHEEN WITH HAH WITH YEH FINAL FORM */ + {0xfdab, 3, 4866}, /* ARABIC LIGATURE DAD WITH HAH WITH YEH FINAL FORM */ + {0xfdac, 3, 4869}, /* ARABIC LIGATURE LAM WITH JEEM WITH YEH FINAL FORM */ + {0xfdad, 3, 4872}, /* ARABIC LIGATURE LAM WITH MEEM WITH YEH FINAL FORM */ + {0xfdae, 3, 4511}, /* ARABIC LIGATURE YEH WITH HAH WITH YEH FINAL FORM */ + {0xfdaf, 3, 4875}, /* ARABIC LIGATURE YEH WITH JEEM WITH YEH FINAL FORM */ + {0xfdb0, 3, 4878}, /* ARABIC LIGATURE YEH WITH MEEM WITH YEH FINAL FORM */ + {0xfdb1, 3, 4881}, /* ARABIC LIGATURE MEEM WITH MEEM WITH YEH FINAL FORM */ + {0xfdb2, 3, 4884}, /* ARABIC LIGATURE QAF WITH MEEM WITH YEH FINAL FORM */ + {0xfdb3, 3, 4887}, /* ARABIC LIGATURE NOON WITH HAH WITH YEH FINAL FORM */ + {0xfdb4, 3, 4761}, /* ARABIC LIGATURE QAF WITH MEEM WITH HAH INITIAL FORM */ + {0xfdb5, 3, 4767}, /* ARABIC LIGATURE LAM WITH HAH WITH MEEM INITIAL FORM */ + {0xfdb6, 3, 4890}, /* ARABIC LIGATURE AIN WITH MEEM WITH YEH FINAL FORM */ + {0xfdb7, 3, 4893}, /* ARABIC LIGATURE KAF WITH MEEM WITH YEH FINAL FORM */ + {0xfdb8, 3, 4896}, /* ARABIC LIGATURE NOON WITH JEEM WITH HAH INITIAL FORM */ + {0xfdb9, 3, 4899}, /* ARABIC LIGATURE MEEM WITH KHAH WITH YEH FINAL FORM */ + {0xfdba, 3, 4902}, /* ARABIC LIGATURE LAM WITH JEEM WITH MEEM INITIAL FORM */ + {0xfdbb, 3, 4905}, /* ARABIC LIGATURE KAF WITH MEEM WITH MEEM FINAL FORM */ + {0xfdbc, 3, 4902}, /* ARABIC LIGATURE LAM WITH JEEM WITH MEEM FINAL FORM */ + {0xfdbd, 3, 4896}, /* ARABIC LIGATURE NOON WITH JEEM WITH HAH FINAL FORM */ + {0xfdbe, 3, 4908}, /* ARABIC LIGATURE JEEM WITH HAH WITH YEH FINAL FORM */ + {0xfdbf, 3, 4911}, /* ARABIC LIGATURE HAH WITH JEEM WITH YEH FINAL FORM */ + {0xfdc0, 3, 4914}, /* ARABIC LIGATURE MEEM WITH JEEM WITH YEH FINAL FORM */ + {0xfdc1, 3, 4917}, /* ARABIC LIGATURE FEH WITH MEEM WITH YEH FINAL FORM */ + {0xfdc2, 3, 4920}, /* ARABIC LIGATURE BEH WITH HAH WITH YEH FINAL FORM */ + {0xfdc3, 3, 4905}, /* ARABIC LIGATURE KAF WITH MEEM WITH MEEM INITIAL FORM */ + {0xfdc4, 3, 4740}, /* ARABIC LIGATURE AIN WITH JEEM WITH MEEM INITIAL FORM */ + {0xfdc5, 3, 4710}, /* ARABIC LIGATURE SAD WITH MEEM WITH MEEM INITIAL FORM */ + {0xfdc6, 3, 4923}, /* ARABIC LIGATURE SEEN WITH KHAH WITH YEH FINAL FORM */ + {0xfdc7, 3, 4926}, /* ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM */ + {0xfdf0, 3, 4929}, /* ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM */ + {0xfdf1, 3, 4932}, /* ARABIC LIGATURE QALA USED AS KORANIC STOP SIGN ISOLATED FORM */ + {0xfdf2, 4, 4935}, /* ARABIC LIGATURE ALLAH ISOLATED FORM */ + {0xfdf3, 4, 4939}, /* ARABIC LIGATURE AKBAR ISOLATED FORM */ + {0xfdf4, 4, 4943}, /* ARABIC LIGATURE MOHAMMAD ISOLATED FORM */ + {0xfdf5, 4, 4947}, /* ARABIC LIGATURE SALAM ISOLATED FORM */ + {0xfdf6, 4, 4951}, /* ARABIC LIGATURE RASOUL ISOLATED FORM */ + {0xfdf7, 4, 4955}, /* ARABIC LIGATURE ALAYHE ISOLATED FORM */ + {0xfdf8, 4, 4959}, /* ARABIC LIGATURE WASALLAM ISOLATED FORM */ + {0xfdf9, 3, 4963}, /* ARABIC LIGATURE SALLA ISOLATED FORM */ + {0xfdfa, 18, 4966}, /* ARABIC LIGATURE SALLALLAHOU ALAYHE WASALLAM */ + {0xfdfb, 8, 4984}, /* ARABIC LIGATURE JALLAJALALOUHOU */ + {0xfdfc, 4, 4992}, /* RIAL SIGN */ + {0xfe30, 1, 4996}, /* PRESENTATION FORM FOR VERTICAL TWO DOT LEADER */ + {0xfe31, 1, 4997}, /* PRESENTATION FORM FOR VERTICAL EM DASH */ + {0xfe32, 1, 4998}, /* PRESENTATION FORM FOR VERTICAL EN DASH */ + {0xfe33, 1, 4999}, /* PRESENTATION FORM FOR VERTICAL LOW LINE */ + {0xfe34, 1, 4999}, /* PRESENTATION FORM FOR VERTICAL WAVY LOW LINE */ + {0xfe35, 1, 1918}, /* PRESENTATION FORM FOR VERTICAL LEFT PARENTHESIS */ + {0xfe36, 1, 1919}, /* PRESENTATION FORM FOR VERTICAL RIGHT PARENTHESIS */ + {0xfe37, 1, 5000}, /* PRESENTATION FORM FOR VERTICAL LEFT CURLY BRACKET */ + {0xfe38, 1, 5001}, /* PRESENTATION FORM FOR VERTICAL RIGHT CURLY BRACKET */ + {0xfe39, 1, 5002}, /* PRESENTATION FORM FOR VERTICAL LEFT TORTOISE SHELL BRACKET */ + {0xfe3a, 1, 5003}, /* PRESENTATION FORM FOR VERTICAL RIGHT TORTOISE SHELL BRACKET */ + {0xfe3b, 1, 5004}, /* PRESENTATION FORM FOR VERTICAL LEFT BLACK LENTICULAR BRACKET */ + {0xfe3c, 1, 5005}, /* PRESENTATION FORM FOR VERTICAL RIGHT BLACK LENTICULAR BRACKET */ + {0xfe3d, 1, 5006}, /* PRESENTATION FORM FOR VERTICAL LEFT DOUBLE ANGLE BRACKET */ + {0xfe3e, 1, 5007}, /* PRESENTATION FORM FOR VERTICAL RIGHT DOUBLE ANGLE BRACKET */ + {0xfe3f, 1, 2140}, /* PRESENTATION FORM FOR VERTICAL LEFT ANGLE BRACKET */ + {0xfe40, 1, 2141}, /* PRESENTATION FORM FOR VERTICAL RIGHT ANGLE BRACKET */ + {0xfe41, 1, 5008}, /* PRESENTATION FORM FOR VERTICAL LEFT CORNER BRACKET */ + {0xfe42, 1, 5009}, /* PRESENTATION FORM FOR VERTICAL RIGHT CORNER BRACKET */ + {0xfe43, 1, 5010}, /* PRESENTATION FORM FOR VERTICAL LEFT WHITE CORNER BRACKET */ + {0xfe44, 1, 5011}, /* PRESENTATION FORM FOR VERTICAL RIGHT WHITE CORNER BRACKET */ + {0xfe47, 1, 5012}, /* PRESENTATION FORM FOR VERTICAL LEFT SQUARE BRACKET */ + {0xfe48, 1, 5013}, /* PRESENTATION FORM FOR VERTICAL RIGHT SQUARE BRACKET */ + {0xfe49, 1, 5014}, /* DASHED OVERLINE */ + {0xfe4a, 1, 5014}, /* CENTRELINE OVERLINE */ + {0xfe4b, 1, 5014}, /* WAVY OVERLINE */ + {0xfe4c, 1, 5014}, /* DOUBLE WAVY OVERLINE */ + {0xfe4d, 1, 4999}, /* DASHED LOW LINE */ + {0xfe4e, 1, 4999}, /* CENTRELINE LOW LINE */ + {0xfe4f, 1, 4999}, /* WAVY LOW LINE */ + {0xfe50, 1, 5015}, /* SMALL COMMA */ + {0xfe51, 1, 5016}, /* SMALL IDEOGRAPHIC COMMA */ + {0xfe52, 1, 1884}, /* SMALL FULL STOP */ + {0xfe54, 1, 587}, /* SMALL SEMICOLON */ + {0xfe55, 1, 2364}, /* SMALL COLON */ + {0xfe56, 1, 1902}, /* SMALL QUESTION MARK */ + {0xfe57, 1, 1898}, /* SMALL EXCLAMATION MARK */ + {0xfe58, 1, 4997}, /* SMALL EM DASH */ + {0xfe59, 1, 1918}, /* SMALL LEFT PARENTHESIS */ + {0xfe5a, 1, 1919}, /* SMALL RIGHT PARENTHESIS */ + {0xfe5b, 1, 5000}, /* SMALL LEFT CURLY BRACKET */ + {0xfe5c, 1, 5001}, /* SMALL RIGHT CURLY BRACKET */ + {0xfe5d, 1, 5002}, /* SMALL LEFT TORTOISE SHELL BRACKET */ + {0xfe5e, 1, 5003}, /* SMALL RIGHT TORTOISE SHELL BRACKET */ + {0xfe5f, 1, 5017}, /* SMALL NUMBER SIGN */ + {0xfe60, 1, 5018}, /* SMALL AMPERSAND */ + {0xfe61, 1, 5019}, /* SMALL ASTERISK */ + {0xfe62, 1, 1915}, /* SMALL PLUS SIGN */ + {0xfe63, 1, 5020}, /* SMALL HYPHEN-MINUS */ + {0xfe64, 1, 2088}, /* SMALL LESS-THAN SIGN */ + {0xfe65, 1, 2090}, /* SMALL GREATER-THAN SIGN */ + {0xfe66, 1, 1917}, /* SMALL EQUALS SIGN */ + {0xfe68, 1, 5021}, /* SMALL REVERSE SOLIDUS */ + {0xfe69, 1, 5022}, /* SMALL DOLLAR SIGN */ + {0xfe6a, 1, 5023}, /* SMALL PERCENT SIGN */ + {0xfe6b, 1, 5024}, /* SMALL COMMERCIAL AT */ + {0xfe70, 2, 5025}, /* ARABIC FATHATAN ISOLATED FORM */ + {0xfe71, 2, 5027}, /* ARABIC TATWEEL WITH FATHATAN ABOVE */ + {0xfe72, 2, 4523}, /* ARABIC DAMMATAN ISOLATED FORM */ + {0xfe74, 2, 4526}, /* ARABIC KASRATAN ISOLATED FORM */ + {0xfe76, 2, 4529}, /* ARABIC FATHA ISOLATED FORM */ + {0xfe77, 2, 4601}, /* ARABIC FATHA MEDIAL FORM */ + {0xfe78, 2, 4532}, /* ARABIC DAMMA ISOLATED FORM */ + {0xfe79, 2, 4604}, /* ARABIC DAMMA MEDIAL FORM */ + {0xfe7a, 2, 4535}, /* ARABIC KASRA ISOLATED FORM */ + {0xfe7b, 2, 4607}, /* ARABIC KASRA MEDIAL FORM */ + {0xfe7c, 2, 4538}, /* ARABIC SHADDA ISOLATED FORM */ + {0xfe7d, 2, 5029}, /* ARABIC SHADDA MEDIAL FORM */ + {0xfe7e, 2, 5031}, /* ARABIC SUKUN ISOLATED FORM */ + {0xfe7f, 2, 5033}, /* ARABIC SUKUN MEDIAL FORM */ + {0xfe80, 1, 5035}, /* ARABIC LETTER HAMZA ISOLATED FORM */ + {0xfe81, 1, 5036}, /* ARABIC LETTER ALEF WITH MADDA ABOVE ISOLATED FORM */ + {0xfe82, 1, 5036}, /* ARABIC LETTER ALEF WITH MADDA ABOVE FINAL FORM */ + {0xfe83, 1, 5037}, /* ARABIC LETTER ALEF WITH HAMZA ABOVE ISOLATED FORM */ + {0xfe84, 1, 5037}, /* ARABIC LETTER ALEF WITH HAMZA ABOVE FINAL FORM */ + {0xfe85, 1, 5038}, /* ARABIC LETTER WAW WITH HAMZA ABOVE ISOLATED FORM */ + {0xfe86, 1, 5038}, /* ARABIC LETTER WAW WITH HAMZA ABOVE FINAL FORM */ + {0xfe87, 1, 5039}, /* ARABIC LETTER ALEF WITH HAMZA BELOW ISOLATED FORM */ + {0xfe88, 1, 5039}, /* ARABIC LETTER ALEF WITH HAMZA BELOW FINAL FORM */ + {0xfe89, 1, 4332}, /* ARABIC LETTER YEH WITH HAMZA ABOVE ISOLATED FORM */ + {0xfe8a, 1, 4332}, /* ARABIC LETTER YEH WITH HAMZA ABOVE FINAL FORM */ + {0xfe8b, 1, 4332}, /* ARABIC LETTER YEH WITH HAMZA ABOVE INITIAL FORM */ + {0xfe8c, 1, 4332}, /* ARABIC LETTER YEH WITH HAMZA ABOVE MEDIAL FORM */ + {0xfe8d, 1, 749}, /* ARABIC LETTER ALEF ISOLATED FORM */ + {0xfe8e, 1, 749}, /* ARABIC LETTER ALEF FINAL FORM */ + {0xfe8f, 1, 4357}, /* ARABIC LETTER BEH ISOLATED FORM */ + {0xfe90, 1, 4357}, /* ARABIC LETTER BEH FINAL FORM */ + {0xfe91, 1, 4357}, /* ARABIC LETTER BEH INITIAL FORM */ + {0xfe92, 1, 4357}, /* ARABIC LETTER BEH MEDIAL FORM */ + {0xfe93, 1, 5040}, /* ARABIC LETTER TEH MARBUTA ISOLATED FORM */ + {0xfe94, 1, 5040}, /* ARABIC LETTER TEH MARBUTA FINAL FORM */ + {0xfe95, 1, 4369}, /* ARABIC LETTER TEH ISOLATED FORM */ + {0xfe96, 1, 4369}, /* ARABIC LETTER TEH FINAL FORM */ + {0xfe97, 1, 4369}, /* ARABIC LETTER TEH INITIAL FORM */ + {0xfe98, 1, 4369}, /* ARABIC LETTER TEH MEDIAL FORM */ + {0xfe99, 1, 4381}, /* ARABIC LETTER THEH ISOLATED FORM */ + {0xfe9a, 1, 4381}, /* ARABIC LETTER THEH FINAL FORM */ + {0xfe9b, 1, 4381}, /* ARABIC LETTER THEH INITIAL FORM */ + {0xfe9c, 1, 4381}, /* ARABIC LETTER THEH MEDIAL FORM */ + {0xfe9d, 1, 4350}, /* ARABIC LETTER JEEM ISOLATED FORM */ + {0xfe9e, 1, 4350}, /* ARABIC LETTER JEEM FINAL FORM */ + {0xfe9f, 1, 4350}, /* ARABIC LETTER JEEM INITIAL FORM */ + {0xfea0, 1, 4350}, /* ARABIC LETTER JEEM MEDIAL FORM */ + {0xfea1, 1, 4352}, /* ARABIC LETTER HAH ISOLATED FORM */ + {0xfea2, 1, 4352}, /* ARABIC LETTER HAH FINAL FORM */ + {0xfea3, 1, 4352}, /* ARABIC LETTER HAH INITIAL FORM */ + {0xfea4, 1, 4352}, /* ARABIC LETTER HAH MEDIAL FORM */ + {0xfea5, 1, 4362}, /* ARABIC LETTER KHAH ISOLATED FORM */ + {0xfea6, 1, 4362}, /* ARABIC LETTER KHAH FINAL FORM */ + {0xfea7, 1, 4362}, /* ARABIC LETTER KHAH INITIAL FORM */ + {0xfea8, 1, 4362}, /* ARABIC LETTER KHAH MEDIAL FORM */ + {0xfea9, 1, 4946}, /* ARABIC LETTER DAL ISOLATED FORM */ + {0xfeaa, 1, 4946}, /* ARABIC LETTER DAL FINAL FORM */ + {0xfeab, 1, 4517}, /* ARABIC LETTER THAL ISOLATED FORM */ + {0xfeac, 1, 4517}, /* ARABIC LETTER THAL FINAL FORM */ + {0xfead, 1, 4519}, /* ARABIC LETTER REH ISOLATED FORM */ + {0xfeae, 1, 4519}, /* ARABIC LETTER REH FINAL FORM */ + {0xfeaf, 1, 4544}, /* ARABIC LETTER ZAIN ISOLATED FORM */ + {0xfeb0, 1, 4544}, /* ARABIC LETTER ZAIN FINAL FORM */ + {0xfeb1, 1, 4401}, /* ARABIC LETTER SEEN ISOLATED FORM */ + {0xfeb2, 1, 4401}, /* ARABIC LETTER SEEN FINAL FORM */ + {0xfeb3, 1, 4401}, /* ARABIC LETTER SEEN INITIAL FORM */ + {0xfeb4, 1, 4401}, /* ARABIC LETTER SEEN MEDIAL FORM */ + {0xfeb5, 1, 4597}, /* ARABIC LETTER SHEEN ISOLATED FORM */ + {0xfeb6, 1, 4597}, /* ARABIC LETTER SHEEN FINAL FORM */ + {0xfeb7, 1, 4597}, /* ARABIC LETTER SHEEN INITIAL FORM */ + {0xfeb8, 1, 4597}, /* ARABIC LETTER SHEEN MEDIAL FORM */ + {0xfeb9, 1, 4409}, /* ARABIC LETTER SAD ISOLATED FORM */ + {0xfeba, 1, 4409}, /* ARABIC LETTER SAD FINAL FORM */ + {0xfebb, 1, 4409}, /* ARABIC LETTER SAD INITIAL FORM */ + {0xfebc, 1, 4409}, /* ARABIC LETTER SAD MEDIAL FORM */ + {0xfebd, 1, 4413}, /* ARABIC LETTER DAD ISOLATED FORM */ + {0xfebe, 1, 4413}, /* ARABIC LETTER DAD FINAL FORM */ + {0xfebf, 1, 4413}, /* ARABIC LETTER DAD INITIAL FORM */ + {0xfec0, 1, 4413}, /* ARABIC LETTER DAD MEDIAL FORM */ + {0xfec1, 1, 4421}, /* ARABIC LETTER TAH ISOLATED FORM */ + {0xfec2, 1, 4421}, /* ARABIC LETTER TAH FINAL FORM */ + {0xfec3, 1, 4421}, /* ARABIC LETTER TAH INITIAL FORM */ + {0xfec4, 1, 4421}, /* ARABIC LETTER TAH MEDIAL FORM */ + {0xfec5, 1, 4425}, /* ARABIC LETTER ZAH ISOLATED FORM */ + {0xfec6, 1, 4425}, /* ARABIC LETTER ZAH FINAL FORM */ + {0xfec7, 1, 4425}, /* ARABIC LETTER ZAH INITIAL FORM */ + {0xfec8, 1, 4425}, /* ARABIC LETTER ZAH MEDIAL FORM */ + {0xfec9, 1, 4427}, /* ARABIC LETTER AIN ISOLATED FORM */ + {0xfeca, 1, 4427}, /* ARABIC LETTER AIN FINAL FORM */ + {0xfecb, 1, 4427}, /* ARABIC LETTER AIN INITIAL FORM */ + {0xfecc, 1, 4427}, /* ARABIC LETTER AIN MEDIAL FORM */ + {0xfecd, 1, 4431}, /* ARABIC LETTER GHAIN ISOLATED FORM */ + {0xfece, 1, 4431}, /* ARABIC LETTER GHAIN FINAL FORM */ + {0xfecf, 1, 4431}, /* ARABIC LETTER GHAIN INITIAL FORM */ + {0xfed0, 1, 4431}, /* ARABIC LETTER GHAIN MEDIAL FORM */ + {0xfed1, 1, 4435}, /* ARABIC LETTER FEH ISOLATED FORM */ + {0xfed2, 1, 4435}, /* ARABIC LETTER FEH FINAL FORM */ + {0xfed3, 1, 4435}, /* ARABIC LETTER FEH INITIAL FORM */ + {0xfed4, 1, 4435}, /* ARABIC LETTER FEH MEDIAL FORM */ + {0xfed5, 1, 4447}, /* ARABIC LETTER QAF ISOLATED FORM */ + {0xfed6, 1, 4447}, /* ARABIC LETTER QAF FINAL FORM */ + {0xfed7, 1, 4447}, /* ARABIC LETTER QAF INITIAL FORM */ + {0xfed8, 1, 4447}, /* ARABIC LETTER QAF MEDIAL FORM */ + {0xfed9, 1, 4455}, /* ARABIC LETTER KAF ISOLATED FORM */ + {0xfeda, 1, 4455}, /* ARABIC LETTER KAF FINAL FORM */ + {0xfedb, 1, 4455}, /* ARABIC LETTER KAF INITIAL FORM */ + {0xfedc, 1, 4455}, /* ARABIC LETTER KAF MEDIAL FORM */ + {0xfedd, 1, 4464}, /* ARABIC LETTER LAM ISOLATED FORM */ + {0xfede, 1, 4464}, /* ARABIC LETTER LAM FINAL FORM */ + {0xfedf, 1, 4464}, /* ARABIC LETTER LAM INITIAL FORM */ + {0xfee0, 1, 4464}, /* ARABIC LETTER LAM MEDIAL FORM */ + {0xfee1, 1, 4354}, /* ARABIC LETTER MEEM ISOLATED FORM */ + {0xfee2, 1, 4354}, /* ARABIC LETTER MEEM FINAL FORM */ + {0xfee3, 1, 4354}, /* ARABIC LETTER MEEM INITIAL FORM */ + {0xfee4, 1, 4354}, /* ARABIC LETTER MEEM MEDIAL FORM */ + {0xfee5, 1, 4491}, /* ARABIC LETTER NOON ISOLATED FORM */ + {0xfee6, 1, 4491}, /* ARABIC LETTER NOON FINAL FORM */ + {0xfee7, 1, 4491}, /* ARABIC LETTER NOON INITIAL FORM */ + {0xfee8, 1, 4491}, /* ARABIC LETTER NOON MEDIAL FORM */ + {0xfee9, 1, 4503}, /* ARABIC LETTER HEH ISOLATED FORM */ + {0xfeea, 1, 4503}, /* ARABIC LETTER HEH FINAL FORM */ + {0xfeeb, 1, 4503}, /* ARABIC LETTER HEH INITIAL FORM */ + {0xfeec, 1, 4503}, /* ARABIC LETTER HEH MEDIAL FORM */ + {0xfeed, 1, 753}, /* ARABIC LETTER WAW ISOLATED FORM */ + {0xfeee, 1, 753}, /* ARABIC LETTER WAW FINAL FORM */ + {0xfeef, 1, 4331}, /* ARABIC LETTER ALEF MAKSURA ISOLATED FORM */ + {0xfef0, 1, 4331}, /* ARABIC LETTER ALEF MAKSURA FINAL FORM */ + {0xfef1, 1, 757}, /* ARABIC LETTER YEH ISOLATED FORM */ + {0xfef2, 1, 757}, /* ARABIC LETTER YEH FINAL FORM */ + {0xfef3, 1, 757}, /* ARABIC LETTER YEH INITIAL FORM */ + {0xfef4, 1, 757}, /* ARABIC LETTER YEH MEDIAL FORM */ + {0xfef5, 2, 5041}, /* ARABIC LIGATURE LAM WITH ALEF WITH MADDA ABOVE ISOLATED FORM */ + {0xfef6, 2, 5041}, /* ARABIC LIGATURE LAM WITH ALEF WITH MADDA ABOVE FINAL FORM */ + {0xfef7, 2, 5043}, /* ARABIC LIGATURE LAM WITH ALEF WITH HAMZA ABOVE ISOLATED FORM */ + {0xfef8, 2, 5043}, /* ARABIC LIGATURE LAM WITH ALEF WITH HAMZA ABOVE FINAL FORM */ + {0xfef9, 2, 5045}, /* ARABIC LIGATURE LAM WITH ALEF WITH HAMZA BELOW ISOLATED FORM */ + {0xfefa, 2, 5045}, /* ARABIC LIGATURE LAM WITH ALEF WITH HAMZA BELOW FINAL FORM */ + {0xfefb, 2, 4988}, /* ARABIC LIGATURE LAM WITH ALEF ISOLATED FORM */ + {0xfefc, 2, 4988}, /* ARABIC LIGATURE LAM WITH ALEF FINAL FORM */ + {0xff01, 1, 1898}, /* FULLWIDTH EXCLAMATION MARK */ + {0xff02, 1, 5047}, /* FULLWIDTH QUOTATION MARK */ + {0xff03, 1, 5017}, /* FULLWIDTH NUMBER SIGN */ + {0xff04, 1, 5022}, /* FULLWIDTH DOLLAR SIGN */ + {0xff05, 1, 5023}, /* FULLWIDTH PERCENT SIGN */ + {0xff06, 1, 5018}, /* FULLWIDTH AMPERSAND */ + {0xff07, 1, 5048}, /* FULLWIDTH APOSTROPHE */ + {0xff08, 1, 1918}, /* FULLWIDTH LEFT PARENTHESIS */ + {0xff09, 1, 1919}, /* FULLWIDTH RIGHT PARENTHESIS */ + {0xff0a, 1, 5019}, /* FULLWIDTH ASTERISK */ + {0xff0b, 1, 1915}, /* FULLWIDTH PLUS SIGN */ + {0xff0c, 1, 5015}, /* FULLWIDTH COMMA */ + {0xff0d, 1, 5020}, /* FULLWIDTH HYPHEN-MINUS */ + {0xff0e, 1, 1884}, /* FULLWIDTH FULL STOP */ + {0xff0f, 1, 1923}, /* FULLWIDTH SOLIDUS */ + {0xff10, 1, 1909}, /* FULLWIDTH DIGIT ZERO */ + {0xff11, 1, 13}, /* FULLWIDTH DIGIT ONE */ + {0xff12, 1, 6}, /* FULLWIDTH DIGIT TWO */ + {0xff13, 1, 7}, /* FULLWIDTH DIGIT THREE */ + {0xff14, 1, 17}, /* FULLWIDTH DIGIT FOUR */ + {0xff15, 1, 1910}, /* FULLWIDTH DIGIT FIVE */ + {0xff16, 1, 1911}, /* FULLWIDTH DIGIT SIX */ + {0xff17, 1, 1912}, /* FULLWIDTH DIGIT SEVEN */ + {0xff18, 1, 1913}, /* FULLWIDTH DIGIT EIGHT */ + {0xff19, 1, 1914}, /* FULLWIDTH DIGIT NINE */ + {0xff1a, 1, 2364}, /* FULLWIDTH COLON */ + {0xff1b, 1, 587}, /* FULLWIDTH SEMICOLON */ + {0xff1c, 1, 2088}, /* FULLWIDTH LESS-THAN SIGN */ + {0xff1d, 1, 1917}, /* FULLWIDTH EQUALS SIGN */ + {0xff1e, 1, 2090}, /* FULLWIDTH GREATER-THAN SIGN */ + {0xff1f, 1, 1902}, /* FULLWIDTH QUESTION MARK */ + {0xff20, 1, 5024}, /* FULLWIDTH COMMERCIAL AT */ + {0xff21, 1, 24}, /* FULLWIDTH LATIN CAPITAL LETTER A */ + {0xff22, 1, 910}, /* FULLWIDTH LATIN CAPITAL LETTER B */ + {0xff23, 1, 36}, /* FULLWIDTH LATIN CAPITAL LETTER C */ + {0xff24, 1, 158}, /* FULLWIDTH LATIN CAPITAL LETTER D */ + {0xff25, 1, 38}, /* FULLWIDTH LATIN CAPITAL LETTER E */ + {0xff26, 1, 995}, /* FULLWIDTH LATIN CAPITAL LETTER F */ + {0xff27, 1, 182}, /* FULLWIDTH LATIN CAPITAL LETTER G */ + {0xff28, 1, 198}, /* FULLWIDTH LATIN CAPITAL LETTER H */ + {0xff29, 1, 46}, /* FULLWIDTH LATIN CAPITAL LETTER I */ + {0xff2a, 1, 221}, /* FULLWIDTH LATIN CAPITAL LETTER J */ + {0xff2b, 1, 228}, /* FULLWIDTH LATIN CAPITAL LETTER K */ + {0xff2c, 1, 232}, /* FULLWIDTH LATIN CAPITAL LETTER L */ + {0xff2d, 1, 912}, /* FULLWIDTH LATIN CAPITAL LETTER M */ + {0xff2e, 1, 54}, /* FULLWIDTH LATIN CAPITAL LETTER N */ + {0xff2f, 1, 56}, /* FULLWIDTH LATIN CAPITAL LETTER O */ + {0xff30, 1, 914}, /* FULLWIDTH LATIN CAPITAL LETTER P */ + {0xff31, 1, 1942}, /* FULLWIDTH LATIN CAPITAL LETTER Q */ + {0xff32, 1, 274}, /* FULLWIDTH LATIN CAPITAL LETTER R */ + {0xff33, 1, 286}, /* FULLWIDTH LATIN CAPITAL LETTER S */ + {0xff34, 1, 302}, /* FULLWIDTH LATIN CAPITAL LETTER T */ + {0xff35, 1, 66}, /* FULLWIDTH LATIN CAPITAL LETTER U */ + {0xff36, 1, 1183}, /* FULLWIDTH LATIN CAPITAL LETTER V */ + {0xff37, 1, 334}, /* FULLWIDTH LATIN CAPITAL LETTER W */ + {0xff38, 1, 1211}, /* FULLWIDTH LATIN CAPITAL LETTER X */ + {0xff39, 1, 74}, /* FULLWIDTH LATIN CAPITAL LETTER Y */ + {0xff3a, 1, 344}, /* FULLWIDTH LATIN CAPITAL LETTER Z */ + {0xff3b, 1, 5012}, /* FULLWIDTH LEFT SQUARE BRACKET */ + {0xff3c, 1, 5021}, /* FULLWIDTH REVERSE SOLIDUS */ + {0xff3d, 1, 5013}, /* FULLWIDTH RIGHT SQUARE BRACKET */ + {0xff3e, 1, 5049}, /* FULLWIDTH CIRCUMFLEX ACCENT */ + {0xff3f, 1, 4999}, /* FULLWIDTH LOW LINE */ + {0xff40, 1, 1848}, /* FULLWIDTH GRAVE ACCENT */ + {0xff41, 1, 3}, /* FULLWIDTH LATIN SMALL LETTER A */ + {0xff42, 1, 918}, /* FULLWIDTH LATIN SMALL LETTER B */ + {0xff43, 1, 88}, /* FULLWIDTH LATIN SMALL LETTER C */ + {0xff44, 1, 160}, /* FULLWIDTH LATIN SMALL LETTER D */ + {0xff45, 1, 90}, /* FULLWIDTH LATIN SMALL LETTER E */ + {0xff46, 1, 997}, /* FULLWIDTH LATIN SMALL LETTER F */ + {0xff47, 1, 184}, /* FULLWIDTH LATIN SMALL LETTER G */ + {0xff48, 1, 200}, /* FULLWIDTH LATIN SMALL LETTER H */ + {0xff49, 1, 98}, /* FULLWIDTH LATIN SMALL LETTER I */ + {0xff4a, 1, 223}, /* FULLWIDTH LATIN SMALL LETTER J */ + {0xff4b, 1, 230}, /* FULLWIDTH LATIN SMALL LETTER K */ + {0xff4c, 1, 234}, /* FULLWIDTH LATIN SMALL LETTER L */ + {0xff4d, 1, 922}, /* FULLWIDTH LATIN SMALL LETTER M */ + {0xff4e, 1, 106}, /* FULLWIDTH LATIN SMALL LETTER N */ + {0xff4f, 1, 14}, /* FULLWIDTH LATIN SMALL LETTER O */ + {0xff50, 1, 927}, /* FULLWIDTH LATIN SMALL LETTER P */ + {0xff51, 1, 2335}, /* FULLWIDTH LATIN SMALL LETTER Q */ + {0xff52, 1, 276}, /* FULLWIDTH LATIN SMALL LETTER R */ + {0xff53, 1, 288}, /* FULLWIDTH LATIN SMALL LETTER S */ + {0xff54, 1, 304}, /* FULLWIDTH LATIN SMALL LETTER T */ + {0xff55, 1, 118}, /* FULLWIDTH LATIN SMALL LETTER U */ + {0xff56, 1, 930}, /* FULLWIDTH LATIN SMALL LETTER V */ + {0xff57, 1, 336}, /* FULLWIDTH LATIN SMALL LETTER W */ + {0xff58, 1, 579}, /* FULLWIDTH LATIN SMALL LETTER X */ + {0xff59, 1, 126}, /* FULLWIDTH LATIN SMALL LETTER Y */ + {0xff5a, 1, 346}, /* FULLWIDTH LATIN SMALL LETTER Z */ + {0xff5b, 1, 5000}, /* FULLWIDTH LEFT CURLY BRACKET */ + {0xff5c, 1, 5050}, /* FULLWIDTH VERTICAL LINE */ + {0xff5d, 1, 5001}, /* FULLWIDTH RIGHT CURLY BRACKET */ + {0xff5e, 1, 5051}, /* FULLWIDTH TILDE */ + {0xff5f, 1, 5052}, /* FULLWIDTH LEFT WHITE PARENTHESIS */ + {0xff60, 1, 5053}, /* FULLWIDTH RIGHT WHITE PARENTHESIS */ + {0xff61, 1, 5054}, /* HALFWIDTH IDEOGRAPHIC FULL STOP */ + {0xff62, 1, 5008}, /* HALFWIDTH LEFT CORNER BRACKET */ + {0xff63, 1, 5009}, /* HALFWIDTH RIGHT CORNER BRACKET */ + {0xff64, 1, 5016}, /* HALFWIDTH IDEOGRAPHIC COMMA */ + {0xff65, 1, 5055}, /* HALFWIDTH KATAKANA MIDDLE DOT */ + {0xff66, 1, 2709}, /* HALFWIDTH KATAKANA LETTER WO */ + {0xff67, 1, 3180}, /* HALFWIDTH KATAKANA LETTER SMALL A */ + {0xff68, 1, 3348}, /* HALFWIDTH KATAKANA LETTER SMALL I */ + {0xff69, 1, 5056}, /* HALFWIDTH KATAKANA LETTER SMALL U */ + {0xff6a, 1, 3354}, /* HALFWIDTH KATAKANA LETTER SMALL E */ + {0xff6b, 1, 3196}, /* HALFWIDTH KATAKANA LETTER SMALL O */ + {0xff6c, 1, 5057}, /* HALFWIDTH KATAKANA LETTER SMALL YA */ + {0xff6d, 1, 3236}, /* HALFWIDTH KATAKANA LETTER SMALL YU */ + {0xff6e, 1, 3415}, /* HALFWIDTH KATAKANA LETTER SMALL YO */ + {0xff6f, 1, 3218}, /* HALFWIDTH KATAKANA LETTER SMALL TU */ + {0xff70, 1, 3175}, /* HALFWIDTH KATAKANA-HIRAGANA PROLONGED SOUND MARK */ + {0xff71, 1, 3151}, /* HALFWIDTH KATAKANA LETTER A */ + {0xff72, 1, 3152}, /* HALFWIDTH KATAKANA LETTER I */ + {0xff73, 1, 2701}, /* HALFWIDTH KATAKANA LETTER U */ + {0xff74, 1, 3153}, /* HALFWIDTH KATAKANA LETTER E */ + {0xff75, 1, 3154}, /* HALFWIDTH KATAKANA LETTER O */ + {0xff76, 1, 2651}, /* HALFWIDTH KATAKANA LETTER KA */ + {0xff77, 1, 2653}, /* HALFWIDTH KATAKANA LETTER KI */ + {0xff78, 1, 2655}, /* HALFWIDTH KATAKANA LETTER KU */ + {0xff79, 1, 2657}, /* HALFWIDTH KATAKANA LETTER KE */ + {0xff7a, 1, 2659}, /* HALFWIDTH KATAKANA LETTER KO */ + {0xff7b, 1, 2661}, /* HALFWIDTH KATAKANA LETTER SA */ + {0xff7c, 1, 2663}, /* HALFWIDTH KATAKANA LETTER SI */ + {0xff7d, 1, 2665}, /* HALFWIDTH KATAKANA LETTER SU */ + {0xff7e, 1, 2667}, /* HALFWIDTH KATAKANA LETTER SE */ + {0xff7f, 1, 2669}, /* HALFWIDTH KATAKANA LETTER SO */ + {0xff80, 1, 2671}, /* HALFWIDTH KATAKANA LETTER TA */ + {0xff81, 1, 2673}, /* HALFWIDTH KATAKANA LETTER TI */ + {0xff82, 1, 2675}, /* HALFWIDTH KATAKANA LETTER TU */ + {0xff83, 1, 2677}, /* HALFWIDTH KATAKANA LETTER TE */ + {0xff84, 1, 2679}, /* HALFWIDTH KATAKANA LETTER TO */ + {0xff85, 1, 3155}, /* HALFWIDTH KATAKANA LETTER NA */ + {0xff86, 1, 3156}, /* HALFWIDTH KATAKANA LETTER NI */ + {0xff87, 1, 3157}, /* HALFWIDTH KATAKANA LETTER NU */ + {0xff88, 1, 3158}, /* HALFWIDTH KATAKANA LETTER NE */ + {0xff89, 1, 3159}, /* HALFWIDTH KATAKANA LETTER NO */ + {0xff8a, 1, 2681}, /* HALFWIDTH KATAKANA LETTER HA */ + {0xff8b, 1, 2685}, /* HALFWIDTH KATAKANA LETTER HI */ + {0xff8c, 1, 2689}, /* HALFWIDTH KATAKANA LETTER HU */ + {0xff8d, 1, 2693}, /* HALFWIDTH KATAKANA LETTER HE */ + {0xff8e, 1, 2697}, /* HALFWIDTH KATAKANA LETTER HO */ + {0xff8f, 1, 3160}, /* HALFWIDTH KATAKANA LETTER MA */ + {0xff90, 1, 3161}, /* HALFWIDTH KATAKANA LETTER MI */ + {0xff91, 1, 3162}, /* HALFWIDTH KATAKANA LETTER MU */ + {0xff92, 1, 3163}, /* HALFWIDTH KATAKANA LETTER ME */ + {0xff93, 1, 3164}, /* HALFWIDTH KATAKANA LETTER MO */ + {0xff94, 1, 3165}, /* HALFWIDTH KATAKANA LETTER YA */ + {0xff95, 1, 3166}, /* HALFWIDTH KATAKANA LETTER YU */ + {0xff96, 1, 3167}, /* HALFWIDTH KATAKANA LETTER YO */ + {0xff97, 1, 3168}, /* HALFWIDTH KATAKANA LETTER RA */ + {0xff98, 1, 3169}, /* HALFWIDTH KATAKANA LETTER RI */ + {0xff99, 1, 3170}, /* HALFWIDTH KATAKANA LETTER RU */ + {0xff9a, 1, 3171}, /* HALFWIDTH KATAKANA LETTER RE */ + {0xff9b, 1, 3172}, /* HALFWIDTH KATAKANA LETTER RO */ + {0xff9c, 1, 2703}, /* HALFWIDTH KATAKANA LETTER WA */ + {0xff9d, 1, 3182}, /* HALFWIDTH KATAKANA LETTER N */ + {0xff9e, 1, 2592}, /* HALFWIDTH KATAKANA VOICED SOUND MARK */ + {0xff9f, 1, 2624}, /* HALFWIDTH KATAKANA SEMI-VOICED SOUND MARK */ + {0xffa0, 1, 5058}, /* HALFWIDTH HANGUL FILLER */ + {0xffa1, 1, 5059}, /* HALFWIDTH HANGUL LETTER KIYEOK */ + {0xffa2, 1, 5060}, /* HALFWIDTH HANGUL LETTER SSANGKIYEOK */ + {0xffa3, 1, 5061}, /* HALFWIDTH HANGUL LETTER KIYEOK-SIOS */ + {0xffa4, 1, 5062}, /* HALFWIDTH HANGUL LETTER NIEUN */ + {0xffa5, 1, 5063}, /* HALFWIDTH HANGUL LETTER NIEUN-CIEUC */ + {0xffa6, 1, 5064}, /* HALFWIDTH HANGUL LETTER NIEUN-HIEUH */ + {0xffa7, 1, 5065}, /* HALFWIDTH HANGUL LETTER TIKEUT */ + {0xffa8, 1, 5066}, /* HALFWIDTH HANGUL LETTER SSANGTIKEUT */ + {0xffa9, 1, 5067}, /* HALFWIDTH HANGUL LETTER RIEUL */ + {0xffaa, 1, 5068}, /* HALFWIDTH HANGUL LETTER RIEUL-KIYEOK */ + {0xffab, 1, 5069}, /* HALFWIDTH HANGUL LETTER RIEUL-MIEUM */ + {0xffac, 1, 5070}, /* HALFWIDTH HANGUL LETTER RIEUL-PIEUP */ + {0xffad, 1, 5071}, /* HALFWIDTH HANGUL LETTER RIEUL-SIOS */ + {0xffae, 1, 5072}, /* HALFWIDTH HANGUL LETTER RIEUL-THIEUTH */ + {0xffaf, 1, 5073}, /* HALFWIDTH HANGUL LETTER RIEUL-PHIEUPH */ + {0xffb0, 1, 5074}, /* HALFWIDTH HANGUL LETTER RIEUL-HIEUH */ + {0xffb1, 1, 5075}, /* HALFWIDTH HANGUL LETTER MIEUM */ + {0xffb2, 1, 5076}, /* HALFWIDTH HANGUL LETTER PIEUP */ + {0xffb3, 1, 5077}, /* HALFWIDTH HANGUL LETTER SSANGPIEUP */ + {0xffb4, 1, 5078}, /* HALFWIDTH HANGUL LETTER PIEUP-SIOS */ + {0xffb5, 1, 5079}, /* HALFWIDTH HANGUL LETTER SIOS */ + {0xffb6, 1, 5080}, /* HALFWIDTH HANGUL LETTER SSANGSIOS */ + {0xffb7, 1, 5081}, /* HALFWIDTH HANGUL LETTER IEUNG */ + {0xffb8, 1, 5082}, /* HALFWIDTH HANGUL LETTER CIEUC */ + {0xffb9, 1, 5083}, /* HALFWIDTH HANGUL LETTER SSANGCIEUC */ + {0xffba, 1, 5084}, /* HALFWIDTH HANGUL LETTER CHIEUCH */ + {0xffbb, 1, 5085}, /* HALFWIDTH HANGUL LETTER KHIEUKH */ + {0xffbc, 1, 5086}, /* HALFWIDTH HANGUL LETTER THIEUTH */ + {0xffbd, 1, 5087}, /* HALFWIDTH HANGUL LETTER PHIEUPH */ + {0xffbe, 1, 5088}, /* HALFWIDTH HANGUL LETTER HIEUH */ + {0xffc2, 1, 5089}, /* HALFWIDTH HANGUL LETTER A */ + {0xffc3, 1, 5090}, /* HALFWIDTH HANGUL LETTER AE */ + {0xffc4, 1, 5091}, /* HALFWIDTH HANGUL LETTER YA */ + {0xffc5, 1, 5092}, /* HALFWIDTH HANGUL LETTER YAE */ + {0xffc6, 1, 5093}, /* HALFWIDTH HANGUL LETTER EO */ + {0xffc7, 1, 5094}, /* HALFWIDTH HANGUL LETTER E */ + {0xffca, 1, 5095}, /* HALFWIDTH HANGUL LETTER YEO */ + {0xffcb, 1, 5096}, /* HALFWIDTH HANGUL LETTER YE */ + {0xffcc, 1, 5097}, /* HALFWIDTH HANGUL LETTER O */ + {0xffcd, 1, 5098}, /* HALFWIDTH HANGUL LETTER WA */ + {0xffce, 1, 5099}, /* HALFWIDTH HANGUL LETTER WAE */ + {0xffcf, 1, 5100}, /* HALFWIDTH HANGUL LETTER OE */ + {0xffd2, 1, 5101}, /* HALFWIDTH HANGUL LETTER YO */ + {0xffd3, 1, 5102}, /* HALFWIDTH HANGUL LETTER U */ + {0xffd4, 1, 5103}, /* HALFWIDTH HANGUL LETTER WEO */ + {0xffd5, 1, 5104}, /* HALFWIDTH HANGUL LETTER WE */ + {0xffd6, 1, 5105}, /* HALFWIDTH HANGUL LETTER WI */ + {0xffd7, 1, 5106}, /* HALFWIDTH HANGUL LETTER YU */ + {0xffda, 1, 5107}, /* HALFWIDTH HANGUL LETTER EU */ + {0xffdb, 1, 5108}, /* HALFWIDTH HANGUL LETTER YI */ + {0xffdc, 1, 5109}, /* HALFWIDTH HANGUL LETTER I */ + {0xffe0, 1, 5110}, /* FULLWIDTH CENT SIGN */ + {0xffe1, 1, 5111}, /* FULLWIDTH POUND SIGN */ + {0xffe2, 1, 5112}, /* FULLWIDTH NOT SIGN */ + {0xffe3, 1, 5113}, /* FULLWIDTH MACRON */ + {0xffe4, 1, 5114}, /* FULLWIDTH BROKEN BAR */ + {0xffe5, 1, 5115}, /* FULLWIDTH YEN SIGN */ + {0xffe6, 1, 5116}, /* FULLWIDTH WON SIGN */ + {0xffe8, 1, 5117}, /* HALFWIDTH FORMS LIGHT VERTICAL */ + {0xffe9, 1, 2042}, /* HALFWIDTH LEFTWARDS ARROW */ + {0xffea, 1, 5118}, /* HALFWIDTH UPWARDS ARROW */ + {0xffeb, 1, 2044}, /* HALFWIDTH RIGHTWARDS ARROW */ + {0xffec, 1, 5119}, /* HALFWIDTH DOWNWARDS ARROW */ + {0xffed, 1, 5120}, /* HALFWIDTH BLACK SQUARE */ + {0xffee, 1, 5121}, /* HALFWIDTH WHITE CIRCLE */ + {0x1d15e, 2, 5122}, /* MUSICAL SYMBOL HALF NOTE */ + {0x1d15f, 2, 5124}, /* MUSICAL SYMBOL QUARTER NOTE */ + {0x1d160, 2, 5126}, /* MUSICAL SYMBOL EIGHTH NOTE */ + {0x1d161, 2, 5128}, /* MUSICAL SYMBOL SIXTEENTH NOTE */ + {0x1d162, 2, 5130}, /* MUSICAL SYMBOL THIRTY-SECOND NOTE */ + {0x1d163, 2, 5132}, /* MUSICAL SYMBOL SIXTY-FOURTH NOTE */ + {0x1d164, 2, 5134}, /* MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE */ + {0x1d1bb, 2, 5136}, /* MUSICAL SYMBOL MINIMA */ + {0x1d1bc, 2, 5138}, /* MUSICAL SYMBOL MINIMA BLACK */ + {0x1d1bd, 2, 5140}, /* MUSICAL SYMBOL SEMIMINIMA WHITE */ + {0x1d1be, 2, 5142}, /* MUSICAL SYMBOL SEMIMINIMA BLACK */ + {0x1d1bf, 2, 5144}, /* MUSICAL SYMBOL FUSA WHITE */ + {0x1d1c0, 2, 5146}, /* MUSICAL SYMBOL FUSA BLACK */ + {0x1d400, 1, 24}, /* MATHEMATICAL BOLD CAPITAL A */ + {0x1d401, 1, 910}, /* MATHEMATICAL BOLD CAPITAL B */ + {0x1d402, 1, 36}, /* MATHEMATICAL BOLD CAPITAL C */ + {0x1d403, 1, 158}, /* MATHEMATICAL BOLD CAPITAL D */ + {0x1d404, 1, 38}, /* MATHEMATICAL BOLD CAPITAL E */ + {0x1d405, 1, 995}, /* MATHEMATICAL BOLD CAPITAL F */ + {0x1d406, 1, 182}, /* MATHEMATICAL BOLD CAPITAL G */ + {0x1d407, 1, 198}, /* MATHEMATICAL BOLD CAPITAL H */ + {0x1d408, 1, 46}, /* MATHEMATICAL BOLD CAPITAL I */ + {0x1d409, 1, 221}, /* MATHEMATICAL BOLD CAPITAL J */ + {0x1d40a, 1, 228}, /* MATHEMATICAL BOLD CAPITAL K */ + {0x1d40b, 1, 232}, /* MATHEMATICAL BOLD CAPITAL L */ + {0x1d40c, 1, 912}, /* MATHEMATICAL BOLD CAPITAL M */ + {0x1d40d, 1, 54}, /* MATHEMATICAL BOLD CAPITAL N */ + {0x1d40e, 1, 56}, /* MATHEMATICAL BOLD CAPITAL O */ + {0x1d40f, 1, 914}, /* MATHEMATICAL BOLD CAPITAL P */ + {0x1d410, 1, 1942}, /* MATHEMATICAL BOLD CAPITAL Q */ + {0x1d411, 1, 274}, /* MATHEMATICAL BOLD CAPITAL R */ + {0x1d412, 1, 286}, /* MATHEMATICAL BOLD CAPITAL S */ + {0x1d413, 1, 302}, /* MATHEMATICAL BOLD CAPITAL T */ + {0x1d414, 1, 66}, /* MATHEMATICAL BOLD CAPITAL U */ + {0x1d415, 1, 1183}, /* MATHEMATICAL BOLD CAPITAL V */ + {0x1d416, 1, 334}, /* MATHEMATICAL BOLD CAPITAL W */ + {0x1d417, 1, 1211}, /* MATHEMATICAL BOLD CAPITAL X */ + {0x1d418, 1, 74}, /* MATHEMATICAL BOLD CAPITAL Y */ + {0x1d419, 1, 344}, /* MATHEMATICAL BOLD CAPITAL Z */ + {0x1d41a, 1, 3}, /* MATHEMATICAL BOLD SMALL A */ + {0x1d41b, 1, 918}, /* MATHEMATICAL BOLD SMALL B */ + {0x1d41c, 1, 88}, /* MATHEMATICAL BOLD SMALL C */ + {0x1d41d, 1, 160}, /* MATHEMATICAL BOLD SMALL D */ + {0x1d41e, 1, 90}, /* MATHEMATICAL BOLD SMALL E */ + {0x1d41f, 1, 997}, /* MATHEMATICAL BOLD SMALL F */ + {0x1d420, 1, 184}, /* MATHEMATICAL BOLD SMALL G */ + {0x1d421, 1, 200}, /* MATHEMATICAL BOLD SMALL H */ + {0x1d422, 1, 98}, /* MATHEMATICAL BOLD SMALL I */ + {0x1d423, 1, 223}, /* MATHEMATICAL BOLD SMALL J */ + {0x1d424, 1, 230}, /* MATHEMATICAL BOLD SMALL K */ + {0x1d425, 1, 234}, /* MATHEMATICAL BOLD SMALL L */ + {0x1d426, 1, 922}, /* MATHEMATICAL BOLD SMALL M */ + {0x1d427, 1, 106}, /* MATHEMATICAL BOLD SMALL N */ + {0x1d428, 1, 14}, /* MATHEMATICAL BOLD SMALL O */ + {0x1d429, 1, 927}, /* MATHEMATICAL BOLD SMALL P */ + {0x1d42a, 1, 2335}, /* MATHEMATICAL BOLD SMALL Q */ + {0x1d42b, 1, 276}, /* MATHEMATICAL BOLD SMALL R */ + {0x1d42c, 1, 288}, /* MATHEMATICAL BOLD SMALL S */ + {0x1d42d, 1, 304}, /* MATHEMATICAL BOLD SMALL T */ + {0x1d42e, 1, 118}, /* MATHEMATICAL BOLD SMALL U */ + {0x1d42f, 1, 930}, /* MATHEMATICAL BOLD SMALL V */ + {0x1d430, 1, 336}, /* MATHEMATICAL BOLD SMALL W */ + {0x1d431, 1, 579}, /* MATHEMATICAL BOLD SMALL X */ + {0x1d432, 1, 126}, /* MATHEMATICAL BOLD SMALL Y */ + {0x1d433, 1, 346}, /* MATHEMATICAL BOLD SMALL Z */ + {0x1d434, 1, 24}, /* MATHEMATICAL ITALIC CAPITAL A */ + {0x1d435, 1, 910}, /* MATHEMATICAL ITALIC CAPITAL B */ + {0x1d436, 1, 36}, /* MATHEMATICAL ITALIC CAPITAL C */ + {0x1d437, 1, 158}, /* MATHEMATICAL ITALIC CAPITAL D */ + {0x1d438, 1, 38}, /* MATHEMATICAL ITALIC CAPITAL E */ + {0x1d439, 1, 995}, /* MATHEMATICAL ITALIC CAPITAL F */ + {0x1d43a, 1, 182}, /* MATHEMATICAL ITALIC CAPITAL G */ + {0x1d43b, 1, 198}, /* MATHEMATICAL ITALIC CAPITAL H */ + {0x1d43c, 1, 46}, /* MATHEMATICAL ITALIC CAPITAL I */ + {0x1d43d, 1, 221}, /* MATHEMATICAL ITALIC CAPITAL J */ + {0x1d43e, 1, 228}, /* MATHEMATICAL ITALIC CAPITAL K */ + {0x1d43f, 1, 232}, /* MATHEMATICAL ITALIC CAPITAL L */ + {0x1d440, 1, 912}, /* MATHEMATICAL ITALIC CAPITAL M */ + {0x1d441, 1, 54}, /* MATHEMATICAL ITALIC CAPITAL N */ + {0x1d442, 1, 56}, /* MATHEMATICAL ITALIC CAPITAL O */ + {0x1d443, 1, 914}, /* MATHEMATICAL ITALIC CAPITAL P */ + {0x1d444, 1, 1942}, /* MATHEMATICAL ITALIC CAPITAL Q */ + {0x1d445, 1, 274}, /* MATHEMATICAL ITALIC CAPITAL R */ + {0x1d446, 1, 286}, /* MATHEMATICAL ITALIC CAPITAL S */ + {0x1d447, 1, 302}, /* MATHEMATICAL ITALIC CAPITAL T */ + {0x1d448, 1, 66}, /* MATHEMATICAL ITALIC CAPITAL U */ + {0x1d449, 1, 1183}, /* MATHEMATICAL ITALIC CAPITAL V */ + {0x1d44a, 1, 334}, /* MATHEMATICAL ITALIC CAPITAL W */ + {0x1d44b, 1, 1211}, /* MATHEMATICAL ITALIC CAPITAL X */ + {0x1d44c, 1, 74}, /* MATHEMATICAL ITALIC CAPITAL Y */ + {0x1d44d, 1, 344}, /* MATHEMATICAL ITALIC CAPITAL Z */ + {0x1d44e, 1, 3}, /* MATHEMATICAL ITALIC SMALL A */ + {0x1d44f, 1, 918}, /* MATHEMATICAL ITALIC SMALL B */ + {0x1d450, 1, 88}, /* MATHEMATICAL ITALIC SMALL C */ + {0x1d451, 1, 160}, /* MATHEMATICAL ITALIC SMALL D */ + {0x1d452, 1, 90}, /* MATHEMATICAL ITALIC SMALL E */ + {0x1d453, 1, 997}, /* MATHEMATICAL ITALIC SMALL F */ + {0x1d454, 1, 184}, /* MATHEMATICAL ITALIC SMALL G */ + {0x1d456, 1, 98}, /* MATHEMATICAL ITALIC SMALL I */ + {0x1d457, 1, 223}, /* MATHEMATICAL ITALIC SMALL J */ + {0x1d458, 1, 230}, /* MATHEMATICAL ITALIC SMALL K */ + {0x1d459, 1, 234}, /* MATHEMATICAL ITALIC SMALL L */ + {0x1d45a, 1, 922}, /* MATHEMATICAL ITALIC SMALL M */ + {0x1d45b, 1, 106}, /* MATHEMATICAL ITALIC SMALL N */ + {0x1d45c, 1, 14}, /* MATHEMATICAL ITALIC SMALL O */ + {0x1d45d, 1, 927}, /* MATHEMATICAL ITALIC SMALL P */ + {0x1d45e, 1, 2335}, /* MATHEMATICAL ITALIC SMALL Q */ + {0x1d45f, 1, 276}, /* MATHEMATICAL ITALIC SMALL R */ + {0x1d460, 1, 288}, /* MATHEMATICAL ITALIC SMALL S */ + {0x1d461, 1, 304}, /* MATHEMATICAL ITALIC SMALL T */ + {0x1d462, 1, 118}, /* MATHEMATICAL ITALIC SMALL U */ + {0x1d463, 1, 930}, /* MATHEMATICAL ITALIC SMALL V */ + {0x1d464, 1, 336}, /* MATHEMATICAL ITALIC SMALL W */ + {0x1d465, 1, 579}, /* MATHEMATICAL ITALIC SMALL X */ + {0x1d466, 1, 126}, /* MATHEMATICAL ITALIC SMALL Y */ + {0x1d467, 1, 346}, /* MATHEMATICAL ITALIC SMALL Z */ + {0x1d468, 1, 24}, /* MATHEMATICAL BOLD ITALIC CAPITAL A */ + {0x1d469, 1, 910}, /* MATHEMATICAL BOLD ITALIC CAPITAL B */ + {0x1d46a, 1, 36}, /* MATHEMATICAL BOLD ITALIC CAPITAL C */ + {0x1d46b, 1, 158}, /* MATHEMATICAL BOLD ITALIC CAPITAL D */ + {0x1d46c, 1, 38}, /* MATHEMATICAL BOLD ITALIC CAPITAL E */ + {0x1d46d, 1, 995}, /* MATHEMATICAL BOLD ITALIC CAPITAL F */ + {0x1d46e, 1, 182}, /* MATHEMATICAL BOLD ITALIC CAPITAL G */ + {0x1d46f, 1, 198}, /* MATHEMATICAL BOLD ITALIC CAPITAL H */ + {0x1d470, 1, 46}, /* MATHEMATICAL BOLD ITALIC CAPITAL I */ + {0x1d471, 1, 221}, /* MATHEMATICAL BOLD ITALIC CAPITAL J */ + {0x1d472, 1, 228}, /* MATHEMATICAL BOLD ITALIC CAPITAL K */ + {0x1d473, 1, 232}, /* MATHEMATICAL BOLD ITALIC CAPITAL L */ + {0x1d474, 1, 912}, /* MATHEMATICAL BOLD ITALIC CAPITAL M */ + {0x1d475, 1, 54}, /* MATHEMATICAL BOLD ITALIC CAPITAL N */ + {0x1d476, 1, 56}, /* MATHEMATICAL BOLD ITALIC CAPITAL O */ + {0x1d477, 1, 914}, /* MATHEMATICAL BOLD ITALIC CAPITAL P */ + {0x1d478, 1, 1942}, /* MATHEMATICAL BOLD ITALIC CAPITAL Q */ + {0x1d479, 1, 274}, /* MATHEMATICAL BOLD ITALIC CAPITAL R */ + {0x1d47a, 1, 286}, /* MATHEMATICAL BOLD ITALIC CAPITAL S */ + {0x1d47b, 1, 302}, /* MATHEMATICAL BOLD ITALIC CAPITAL T */ + {0x1d47c, 1, 66}, /* MATHEMATICAL BOLD ITALIC CAPITAL U */ + {0x1d47d, 1, 1183}, /* MATHEMATICAL BOLD ITALIC CAPITAL V */ + {0x1d47e, 1, 334}, /* MATHEMATICAL BOLD ITALIC CAPITAL W */ + {0x1d47f, 1, 1211}, /* MATHEMATICAL BOLD ITALIC CAPITAL X */ + {0x1d480, 1, 74}, /* MATHEMATICAL BOLD ITALIC CAPITAL Y */ + {0x1d481, 1, 344}, /* MATHEMATICAL BOLD ITALIC CAPITAL Z */ + {0x1d482, 1, 3}, /* MATHEMATICAL BOLD ITALIC SMALL A */ + {0x1d483, 1, 918}, /* MATHEMATICAL BOLD ITALIC SMALL B */ + {0x1d484, 1, 88}, /* MATHEMATICAL BOLD ITALIC SMALL C */ + {0x1d485, 1, 160}, /* MATHEMATICAL BOLD ITALIC SMALL D */ + {0x1d486, 1, 90}, /* MATHEMATICAL BOLD ITALIC SMALL E */ + {0x1d487, 1, 997}, /* MATHEMATICAL BOLD ITALIC SMALL F */ + {0x1d488, 1, 184}, /* MATHEMATICAL BOLD ITALIC SMALL G */ + {0x1d489, 1, 200}, /* MATHEMATICAL BOLD ITALIC SMALL H */ + {0x1d48a, 1, 98}, /* MATHEMATICAL BOLD ITALIC SMALL I */ + {0x1d48b, 1, 223}, /* MATHEMATICAL BOLD ITALIC SMALL J */ + {0x1d48c, 1, 230}, /* MATHEMATICAL BOLD ITALIC SMALL K */ + {0x1d48d, 1, 234}, /* MATHEMATICAL BOLD ITALIC SMALL L */ + {0x1d48e, 1, 922}, /* MATHEMATICAL BOLD ITALIC SMALL M */ + {0x1d48f, 1, 106}, /* MATHEMATICAL BOLD ITALIC SMALL N */ + {0x1d490, 1, 14}, /* MATHEMATICAL BOLD ITALIC SMALL O */ + {0x1d491, 1, 927}, /* MATHEMATICAL BOLD ITALIC SMALL P */ + {0x1d492, 1, 2335}, /* MATHEMATICAL BOLD ITALIC SMALL Q */ + {0x1d493, 1, 276}, /* MATHEMATICAL BOLD ITALIC SMALL R */ + {0x1d494, 1, 288}, /* MATHEMATICAL BOLD ITALIC SMALL S */ + {0x1d495, 1, 304}, /* MATHEMATICAL BOLD ITALIC SMALL T */ + {0x1d496, 1, 118}, /* MATHEMATICAL BOLD ITALIC SMALL U */ + {0x1d497, 1, 930}, /* MATHEMATICAL BOLD ITALIC SMALL V */ + {0x1d498, 1, 336}, /* MATHEMATICAL BOLD ITALIC SMALL W */ + {0x1d499, 1, 579}, /* MATHEMATICAL BOLD ITALIC SMALL X */ + {0x1d49a, 1, 126}, /* MATHEMATICAL BOLD ITALIC SMALL Y */ + {0x1d49b, 1, 346}, /* MATHEMATICAL BOLD ITALIC SMALL Z */ + {0x1d49c, 1, 24}, /* MATHEMATICAL SCRIPT CAPITAL A */ + {0x1d49e, 1, 36}, /* MATHEMATICAL SCRIPT CAPITAL C */ + {0x1d49f, 1, 158}, /* MATHEMATICAL SCRIPT CAPITAL D */ + {0x1d4a2, 1, 182}, /* MATHEMATICAL SCRIPT CAPITAL G */ + {0x1d4a5, 1, 221}, /* MATHEMATICAL SCRIPT CAPITAL J */ + {0x1d4a6, 1, 228}, /* MATHEMATICAL SCRIPT CAPITAL K */ + {0x1d4a9, 1, 54}, /* MATHEMATICAL SCRIPT CAPITAL N */ + {0x1d4aa, 1, 56}, /* MATHEMATICAL SCRIPT CAPITAL O */ + {0x1d4ab, 1, 914}, /* MATHEMATICAL SCRIPT CAPITAL P */ + {0x1d4ac, 1, 1942}, /* MATHEMATICAL SCRIPT CAPITAL Q */ + {0x1d4ae, 1, 286}, /* MATHEMATICAL SCRIPT CAPITAL S */ + {0x1d4af, 1, 302}, /* MATHEMATICAL SCRIPT CAPITAL T */ + {0x1d4b0, 1, 66}, /* MATHEMATICAL SCRIPT CAPITAL U */ + {0x1d4b1, 1, 1183}, /* MATHEMATICAL SCRIPT CAPITAL V */ + {0x1d4b2, 1, 334}, /* MATHEMATICAL SCRIPT CAPITAL W */ + {0x1d4b3, 1, 1211}, /* MATHEMATICAL SCRIPT CAPITAL X */ + {0x1d4b4, 1, 74}, /* MATHEMATICAL SCRIPT CAPITAL Y */ + {0x1d4b5, 1, 344}, /* MATHEMATICAL SCRIPT CAPITAL Z */ + {0x1d4b6, 1, 3}, /* MATHEMATICAL SCRIPT SMALL A */ + {0x1d4b7, 1, 918}, /* MATHEMATICAL SCRIPT SMALL B */ + {0x1d4b8, 1, 88}, /* MATHEMATICAL SCRIPT SMALL C */ + {0x1d4b9, 1, 160}, /* MATHEMATICAL SCRIPT SMALL D */ + {0x1d4bb, 1, 997}, /* MATHEMATICAL SCRIPT SMALL F */ + {0x1d4bd, 1, 200}, /* MATHEMATICAL SCRIPT SMALL H */ + {0x1d4be, 1, 98}, /* MATHEMATICAL SCRIPT SMALL I */ + {0x1d4bf, 1, 223}, /* MATHEMATICAL SCRIPT SMALL J */ + {0x1d4c0, 1, 230}, /* MATHEMATICAL SCRIPT SMALL K */ + {0x1d4c1, 1, 234}, /* MATHEMATICAL SCRIPT SMALL L */ + {0x1d4c2, 1, 922}, /* MATHEMATICAL SCRIPT SMALL M */ + {0x1d4c3, 1, 106}, /* MATHEMATICAL SCRIPT SMALL N */ + {0x1d4c5, 1, 927}, /* MATHEMATICAL SCRIPT SMALL P */ + {0x1d4c6, 1, 2335}, /* MATHEMATICAL SCRIPT SMALL Q */ + {0x1d4c7, 1, 276}, /* MATHEMATICAL SCRIPT SMALL R */ + {0x1d4c8, 1, 288}, /* MATHEMATICAL SCRIPT SMALL S */ + {0x1d4c9, 1, 304}, /* MATHEMATICAL SCRIPT SMALL T */ + {0x1d4ca, 1, 118}, /* MATHEMATICAL SCRIPT SMALL U */ + {0x1d4cb, 1, 930}, /* MATHEMATICAL SCRIPT SMALL V */ + {0x1d4cc, 1, 336}, /* MATHEMATICAL SCRIPT SMALL W */ + {0x1d4cd, 1, 579}, /* MATHEMATICAL SCRIPT SMALL X */ + {0x1d4ce, 1, 126}, /* MATHEMATICAL SCRIPT SMALL Y */ + {0x1d4cf, 1, 346}, /* MATHEMATICAL SCRIPT SMALL Z */ + {0x1d4d0, 1, 24}, /* MATHEMATICAL BOLD SCRIPT CAPITAL A */ + {0x1d4d1, 1, 910}, /* MATHEMATICAL BOLD SCRIPT CAPITAL B */ + {0x1d4d2, 1, 36}, /* MATHEMATICAL BOLD SCRIPT CAPITAL C */ + {0x1d4d3, 1, 158}, /* MATHEMATICAL BOLD SCRIPT CAPITAL D */ + {0x1d4d4, 1, 38}, /* MATHEMATICAL BOLD SCRIPT CAPITAL E */ + {0x1d4d5, 1, 995}, /* MATHEMATICAL BOLD SCRIPT CAPITAL F */ + {0x1d4d6, 1, 182}, /* MATHEMATICAL BOLD SCRIPT CAPITAL G */ + {0x1d4d7, 1, 198}, /* MATHEMATICAL BOLD SCRIPT CAPITAL H */ + {0x1d4d8, 1, 46}, /* MATHEMATICAL BOLD SCRIPT CAPITAL I */ + {0x1d4d9, 1, 221}, /* MATHEMATICAL BOLD SCRIPT CAPITAL J */ + {0x1d4da, 1, 228}, /* MATHEMATICAL BOLD SCRIPT CAPITAL K */ + {0x1d4db, 1, 232}, /* MATHEMATICAL BOLD SCRIPT CAPITAL L */ + {0x1d4dc, 1, 912}, /* MATHEMATICAL BOLD SCRIPT CAPITAL M */ + {0x1d4dd, 1, 54}, /* MATHEMATICAL BOLD SCRIPT CAPITAL N */ + {0x1d4de, 1, 56}, /* MATHEMATICAL BOLD SCRIPT CAPITAL O */ + {0x1d4df, 1, 914}, /* MATHEMATICAL BOLD SCRIPT CAPITAL P */ + {0x1d4e0, 1, 1942}, /* MATHEMATICAL BOLD SCRIPT CAPITAL Q */ + {0x1d4e1, 1, 274}, /* MATHEMATICAL BOLD SCRIPT CAPITAL R */ + {0x1d4e2, 1, 286}, /* MATHEMATICAL BOLD SCRIPT CAPITAL S */ + {0x1d4e3, 1, 302}, /* MATHEMATICAL BOLD SCRIPT CAPITAL T */ + {0x1d4e4, 1, 66}, /* MATHEMATICAL BOLD SCRIPT CAPITAL U */ + {0x1d4e5, 1, 1183}, /* MATHEMATICAL BOLD SCRIPT CAPITAL V */ + {0x1d4e6, 1, 334}, /* MATHEMATICAL BOLD SCRIPT CAPITAL W */ + {0x1d4e7, 1, 1211}, /* MATHEMATICAL BOLD SCRIPT CAPITAL X */ + {0x1d4e8, 1, 74}, /* MATHEMATICAL BOLD SCRIPT CAPITAL Y */ + {0x1d4e9, 1, 344}, /* MATHEMATICAL BOLD SCRIPT CAPITAL Z */ + {0x1d4ea, 1, 3}, /* MATHEMATICAL BOLD SCRIPT SMALL A */ + {0x1d4eb, 1, 918}, /* MATHEMATICAL BOLD SCRIPT SMALL B */ + {0x1d4ec, 1, 88}, /* MATHEMATICAL BOLD SCRIPT SMALL C */ + {0x1d4ed, 1, 160}, /* MATHEMATICAL BOLD SCRIPT SMALL D */ + {0x1d4ee, 1, 90}, /* MATHEMATICAL BOLD SCRIPT SMALL E */ + {0x1d4ef, 1, 997}, /* MATHEMATICAL BOLD SCRIPT SMALL F */ + {0x1d4f0, 1, 184}, /* MATHEMATICAL BOLD SCRIPT SMALL G */ + {0x1d4f1, 1, 200}, /* MATHEMATICAL BOLD SCRIPT SMALL H */ + {0x1d4f2, 1, 98}, /* MATHEMATICAL BOLD SCRIPT SMALL I */ + {0x1d4f3, 1, 223}, /* MATHEMATICAL BOLD SCRIPT SMALL J */ + {0x1d4f4, 1, 230}, /* MATHEMATICAL BOLD SCRIPT SMALL K */ + {0x1d4f5, 1, 234}, /* MATHEMATICAL BOLD SCRIPT SMALL L */ + {0x1d4f6, 1, 922}, /* MATHEMATICAL BOLD SCRIPT SMALL M */ + {0x1d4f7, 1, 106}, /* MATHEMATICAL BOLD SCRIPT SMALL N */ + {0x1d4f8, 1, 14}, /* MATHEMATICAL BOLD SCRIPT SMALL O */ + {0x1d4f9, 1, 927}, /* MATHEMATICAL BOLD SCRIPT SMALL P */ + {0x1d4fa, 1, 2335}, /* MATHEMATICAL BOLD SCRIPT SMALL Q */ + {0x1d4fb, 1, 276}, /* MATHEMATICAL BOLD SCRIPT SMALL R */ + {0x1d4fc, 1, 288}, /* MATHEMATICAL BOLD SCRIPT SMALL S */ + {0x1d4fd, 1, 304}, /* MATHEMATICAL BOLD SCRIPT SMALL T */ + {0x1d4fe, 1, 118}, /* MATHEMATICAL BOLD SCRIPT SMALL U */ + {0x1d4ff, 1, 930}, /* MATHEMATICAL BOLD SCRIPT SMALL V */ + {0x1d500, 1, 336}, /* MATHEMATICAL BOLD SCRIPT SMALL W */ + {0x1d501, 1, 579}, /* MATHEMATICAL BOLD SCRIPT SMALL X */ + {0x1d502, 1, 126}, /* MATHEMATICAL BOLD SCRIPT SMALL Y */ + {0x1d503, 1, 346}, /* MATHEMATICAL BOLD SCRIPT SMALL Z */ + {0x1d504, 1, 24}, /* MATHEMATICAL FRAKTUR CAPITAL A */ + {0x1d505, 1, 910}, /* MATHEMATICAL FRAKTUR CAPITAL B */ + {0x1d507, 1, 158}, /* MATHEMATICAL FRAKTUR CAPITAL D */ + {0x1d508, 1, 38}, /* MATHEMATICAL FRAKTUR CAPITAL E */ + {0x1d509, 1, 995}, /* MATHEMATICAL FRAKTUR CAPITAL F */ + {0x1d50a, 1, 182}, /* MATHEMATICAL FRAKTUR CAPITAL G */ + {0x1d50d, 1, 221}, /* MATHEMATICAL FRAKTUR CAPITAL J */ + {0x1d50e, 1, 228}, /* MATHEMATICAL FRAKTUR CAPITAL K */ + {0x1d50f, 1, 232}, /* MATHEMATICAL FRAKTUR CAPITAL L */ + {0x1d510, 1, 912}, /* MATHEMATICAL FRAKTUR CAPITAL M */ + {0x1d511, 1, 54}, /* MATHEMATICAL FRAKTUR CAPITAL N */ + {0x1d512, 1, 56}, /* MATHEMATICAL FRAKTUR CAPITAL O */ + {0x1d513, 1, 914}, /* MATHEMATICAL FRAKTUR CAPITAL P */ + {0x1d514, 1, 1942}, /* MATHEMATICAL FRAKTUR CAPITAL Q */ + {0x1d516, 1, 286}, /* MATHEMATICAL FRAKTUR CAPITAL S */ + {0x1d517, 1, 302}, /* MATHEMATICAL FRAKTUR CAPITAL T */ + {0x1d518, 1, 66}, /* MATHEMATICAL FRAKTUR CAPITAL U */ + {0x1d519, 1, 1183}, /* MATHEMATICAL FRAKTUR CAPITAL V */ + {0x1d51a, 1, 334}, /* MATHEMATICAL FRAKTUR CAPITAL W */ + {0x1d51b, 1, 1211}, /* MATHEMATICAL FRAKTUR CAPITAL X */ + {0x1d51c, 1, 74}, /* MATHEMATICAL FRAKTUR CAPITAL Y */ + {0x1d51e, 1, 3}, /* MATHEMATICAL FRAKTUR SMALL A */ + {0x1d51f, 1, 918}, /* MATHEMATICAL FRAKTUR SMALL B */ + {0x1d520, 1, 88}, /* MATHEMATICAL FRAKTUR SMALL C */ + {0x1d521, 1, 160}, /* MATHEMATICAL FRAKTUR SMALL D */ + {0x1d522, 1, 90}, /* MATHEMATICAL FRAKTUR SMALL E */ + {0x1d523, 1, 997}, /* MATHEMATICAL FRAKTUR SMALL F */ + {0x1d524, 1, 184}, /* MATHEMATICAL FRAKTUR SMALL G */ + {0x1d525, 1, 200}, /* MATHEMATICAL FRAKTUR SMALL H */ + {0x1d526, 1, 98}, /* MATHEMATICAL FRAKTUR SMALL I */ + {0x1d527, 1, 223}, /* MATHEMATICAL FRAKTUR SMALL J */ + {0x1d528, 1, 230}, /* MATHEMATICAL FRAKTUR SMALL K */ + {0x1d529, 1, 234}, /* MATHEMATICAL FRAKTUR SMALL L */ + {0x1d52a, 1, 922}, /* MATHEMATICAL FRAKTUR SMALL M */ + {0x1d52b, 1, 106}, /* MATHEMATICAL FRAKTUR SMALL N */ + {0x1d52c, 1, 14}, /* MATHEMATICAL FRAKTUR SMALL O */ + {0x1d52d, 1, 927}, /* MATHEMATICAL FRAKTUR SMALL P */ + {0x1d52e, 1, 2335}, /* MATHEMATICAL FRAKTUR SMALL Q */ + {0x1d52f, 1, 276}, /* MATHEMATICAL FRAKTUR SMALL R */ + {0x1d530, 1, 288}, /* MATHEMATICAL FRAKTUR SMALL S */ + {0x1d531, 1, 304}, /* MATHEMATICAL FRAKTUR SMALL T */ + {0x1d532, 1, 118}, /* MATHEMATICAL FRAKTUR SMALL U */ + {0x1d533, 1, 930}, /* MATHEMATICAL FRAKTUR SMALL V */ + {0x1d534, 1, 336}, /* MATHEMATICAL FRAKTUR SMALL W */ + {0x1d535, 1, 579}, /* MATHEMATICAL FRAKTUR SMALL X */ + {0x1d536, 1, 126}, /* MATHEMATICAL FRAKTUR SMALL Y */ + {0x1d537, 1, 346}, /* MATHEMATICAL FRAKTUR SMALL Z */ + {0x1d538, 1, 24}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL A */ + {0x1d539, 1, 910}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL B */ + {0x1d53b, 1, 158}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL D */ + {0x1d53c, 1, 38}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL E */ + {0x1d53d, 1, 995}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL F */ + {0x1d53e, 1, 182}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL G */ + {0x1d540, 1, 46}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL I */ + {0x1d541, 1, 221}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL J */ + {0x1d542, 1, 228}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL K */ + {0x1d543, 1, 232}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL L */ + {0x1d544, 1, 912}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL M */ + {0x1d546, 1, 56}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL O */ + {0x1d54a, 1, 286}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL S */ + {0x1d54b, 1, 302}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL T */ + {0x1d54c, 1, 66}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL U */ + {0x1d54d, 1, 1183}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL V */ + {0x1d54e, 1, 334}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL W */ + {0x1d54f, 1, 1211}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL X */ + {0x1d550, 1, 74}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL Y */ + {0x1d552, 1, 3}, /* MATHEMATICAL DOUBLE-STRUCK SMALL A */ + {0x1d553, 1, 918}, /* MATHEMATICAL DOUBLE-STRUCK SMALL B */ + {0x1d554, 1, 88}, /* MATHEMATICAL DOUBLE-STRUCK SMALL C */ + {0x1d555, 1, 160}, /* MATHEMATICAL DOUBLE-STRUCK SMALL D */ + {0x1d556, 1, 90}, /* MATHEMATICAL DOUBLE-STRUCK SMALL E */ + {0x1d557, 1, 997}, /* MATHEMATICAL DOUBLE-STRUCK SMALL F */ + {0x1d558, 1, 184}, /* MATHEMATICAL DOUBLE-STRUCK SMALL G */ + {0x1d559, 1, 200}, /* MATHEMATICAL DOUBLE-STRUCK SMALL H */ + {0x1d55a, 1, 98}, /* MATHEMATICAL DOUBLE-STRUCK SMALL I */ + {0x1d55b, 1, 223}, /* MATHEMATICAL DOUBLE-STRUCK SMALL J */ + {0x1d55c, 1, 230}, /* MATHEMATICAL DOUBLE-STRUCK SMALL K */ + {0x1d55d, 1, 234}, /* MATHEMATICAL DOUBLE-STRUCK SMALL L */ + {0x1d55e, 1, 922}, /* MATHEMATICAL DOUBLE-STRUCK SMALL M */ + {0x1d55f, 1, 106}, /* MATHEMATICAL DOUBLE-STRUCK SMALL N */ + {0x1d560, 1, 14}, /* MATHEMATICAL DOUBLE-STRUCK SMALL O */ + {0x1d561, 1, 927}, /* MATHEMATICAL DOUBLE-STRUCK SMALL P */ + {0x1d562, 1, 2335}, /* MATHEMATICAL DOUBLE-STRUCK SMALL Q */ + {0x1d563, 1, 276}, /* MATHEMATICAL DOUBLE-STRUCK SMALL R */ + {0x1d564, 1, 288}, /* MATHEMATICAL DOUBLE-STRUCK SMALL S */ + {0x1d565, 1, 304}, /* MATHEMATICAL DOUBLE-STRUCK SMALL T */ + {0x1d566, 1, 118}, /* MATHEMATICAL DOUBLE-STRUCK SMALL U */ + {0x1d567, 1, 930}, /* MATHEMATICAL DOUBLE-STRUCK SMALL V */ + {0x1d568, 1, 336}, /* MATHEMATICAL DOUBLE-STRUCK SMALL W */ + {0x1d569, 1, 579}, /* MATHEMATICAL DOUBLE-STRUCK SMALL X */ + {0x1d56a, 1, 126}, /* MATHEMATICAL DOUBLE-STRUCK SMALL Y */ + {0x1d56b, 1, 346}, /* MATHEMATICAL DOUBLE-STRUCK SMALL Z */ + {0x1d56c, 1, 24}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL A */ + {0x1d56d, 1, 910}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL B */ + {0x1d56e, 1, 36}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL C */ + {0x1d56f, 1, 158}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL D */ + {0x1d570, 1, 38}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL E */ + {0x1d571, 1, 995}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL F */ + {0x1d572, 1, 182}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL G */ + {0x1d573, 1, 198}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL H */ + {0x1d574, 1, 46}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL I */ + {0x1d575, 1, 221}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL J */ + {0x1d576, 1, 228}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL K */ + {0x1d577, 1, 232}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL L */ + {0x1d578, 1, 912}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL M */ + {0x1d579, 1, 54}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL N */ + {0x1d57a, 1, 56}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL O */ + {0x1d57b, 1, 914}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL P */ + {0x1d57c, 1, 1942}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL Q */ + {0x1d57d, 1, 274}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL R */ + {0x1d57e, 1, 286}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL S */ + {0x1d57f, 1, 302}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL T */ + {0x1d580, 1, 66}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL U */ + {0x1d581, 1, 1183}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL V */ + {0x1d582, 1, 334}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL W */ + {0x1d583, 1, 1211}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL X */ + {0x1d584, 1, 74}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL Y */ + {0x1d585, 1, 344}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL Z */ + {0x1d586, 1, 3}, /* MATHEMATICAL BOLD FRAKTUR SMALL A */ + {0x1d587, 1, 918}, /* MATHEMATICAL BOLD FRAKTUR SMALL B */ + {0x1d588, 1, 88}, /* MATHEMATICAL BOLD FRAKTUR SMALL C */ + {0x1d589, 1, 160}, /* MATHEMATICAL BOLD FRAKTUR SMALL D */ + {0x1d58a, 1, 90}, /* MATHEMATICAL BOLD FRAKTUR SMALL E */ + {0x1d58b, 1, 997}, /* MATHEMATICAL BOLD FRAKTUR SMALL F */ + {0x1d58c, 1, 184}, /* MATHEMATICAL BOLD FRAKTUR SMALL G */ + {0x1d58d, 1, 200}, /* MATHEMATICAL BOLD FRAKTUR SMALL H */ + {0x1d58e, 1, 98}, /* MATHEMATICAL BOLD FRAKTUR SMALL I */ + {0x1d58f, 1, 223}, /* MATHEMATICAL BOLD FRAKTUR SMALL J */ + {0x1d590, 1, 230}, /* MATHEMATICAL BOLD FRAKTUR SMALL K */ + {0x1d591, 1, 234}, /* MATHEMATICAL BOLD FRAKTUR SMALL L */ + {0x1d592, 1, 922}, /* MATHEMATICAL BOLD FRAKTUR SMALL M */ + {0x1d593, 1, 106}, /* MATHEMATICAL BOLD FRAKTUR SMALL N */ + {0x1d594, 1, 14}, /* MATHEMATICAL BOLD FRAKTUR SMALL O */ + {0x1d595, 1, 927}, /* MATHEMATICAL BOLD FRAKTUR SMALL P */ + {0x1d596, 1, 2335}, /* MATHEMATICAL BOLD FRAKTUR SMALL Q */ + {0x1d597, 1, 276}, /* MATHEMATICAL BOLD FRAKTUR SMALL R */ + {0x1d598, 1, 288}, /* MATHEMATICAL BOLD FRAKTUR SMALL S */ + {0x1d599, 1, 304}, /* MATHEMATICAL BOLD FRAKTUR SMALL T */ + {0x1d59a, 1, 118}, /* MATHEMATICAL BOLD FRAKTUR SMALL U */ + {0x1d59b, 1, 930}, /* MATHEMATICAL BOLD FRAKTUR SMALL V */ + {0x1d59c, 1, 336}, /* MATHEMATICAL BOLD FRAKTUR SMALL W */ + {0x1d59d, 1, 579}, /* MATHEMATICAL BOLD FRAKTUR SMALL X */ + {0x1d59e, 1, 126}, /* MATHEMATICAL BOLD FRAKTUR SMALL Y */ + {0x1d59f, 1, 346}, /* MATHEMATICAL BOLD FRAKTUR SMALL Z */ + {0x1d5a0, 1, 24}, /* MATHEMATICAL SANS-SERIF CAPITAL A */ + {0x1d5a1, 1, 910}, /* MATHEMATICAL SANS-SERIF CAPITAL B */ + {0x1d5a2, 1, 36}, /* MATHEMATICAL SANS-SERIF CAPITAL C */ + {0x1d5a3, 1, 158}, /* MATHEMATICAL SANS-SERIF CAPITAL D */ + {0x1d5a4, 1, 38}, /* MATHEMATICAL SANS-SERIF CAPITAL E */ + {0x1d5a5, 1, 995}, /* MATHEMATICAL SANS-SERIF CAPITAL F */ + {0x1d5a6, 1, 182}, /* MATHEMATICAL SANS-SERIF CAPITAL G */ + {0x1d5a7, 1, 198}, /* MATHEMATICAL SANS-SERIF CAPITAL H */ + {0x1d5a8, 1, 46}, /* MATHEMATICAL SANS-SERIF CAPITAL I */ + {0x1d5a9, 1, 221}, /* MATHEMATICAL SANS-SERIF CAPITAL J */ + {0x1d5aa, 1, 228}, /* MATHEMATICAL SANS-SERIF CAPITAL K */ + {0x1d5ab, 1, 232}, /* MATHEMATICAL SANS-SERIF CAPITAL L */ + {0x1d5ac, 1, 912}, /* MATHEMATICAL SANS-SERIF CAPITAL M */ + {0x1d5ad, 1, 54}, /* MATHEMATICAL SANS-SERIF CAPITAL N */ + {0x1d5ae, 1, 56}, /* MATHEMATICAL SANS-SERIF CAPITAL O */ + {0x1d5af, 1, 914}, /* MATHEMATICAL SANS-SERIF CAPITAL P */ + {0x1d5b0, 1, 1942}, /* MATHEMATICAL SANS-SERIF CAPITAL Q */ + {0x1d5b1, 1, 274}, /* MATHEMATICAL SANS-SERIF CAPITAL R */ + {0x1d5b2, 1, 286}, /* MATHEMATICAL SANS-SERIF CAPITAL S */ + {0x1d5b3, 1, 302}, /* MATHEMATICAL SANS-SERIF CAPITAL T */ + {0x1d5b4, 1, 66}, /* MATHEMATICAL SANS-SERIF CAPITAL U */ + {0x1d5b5, 1, 1183}, /* MATHEMATICAL SANS-SERIF CAPITAL V */ + {0x1d5b6, 1, 334}, /* MATHEMATICAL SANS-SERIF CAPITAL W */ + {0x1d5b7, 1, 1211}, /* MATHEMATICAL SANS-SERIF CAPITAL X */ + {0x1d5b8, 1, 74}, /* MATHEMATICAL SANS-SERIF CAPITAL Y */ + {0x1d5b9, 1, 344}, /* MATHEMATICAL SANS-SERIF CAPITAL Z */ + {0x1d5ba, 1, 3}, /* MATHEMATICAL SANS-SERIF SMALL A */ + {0x1d5bb, 1, 918}, /* MATHEMATICAL SANS-SERIF SMALL B */ + {0x1d5bc, 1, 88}, /* MATHEMATICAL SANS-SERIF SMALL C */ + {0x1d5bd, 1, 160}, /* MATHEMATICAL SANS-SERIF SMALL D */ + {0x1d5be, 1, 90}, /* MATHEMATICAL SANS-SERIF SMALL E */ + {0x1d5bf, 1, 997}, /* MATHEMATICAL SANS-SERIF SMALL F */ + {0x1d5c0, 1, 184}, /* MATHEMATICAL SANS-SERIF SMALL G */ + {0x1d5c1, 1, 200}, /* MATHEMATICAL SANS-SERIF SMALL H */ + {0x1d5c2, 1, 98}, /* MATHEMATICAL SANS-SERIF SMALL I */ + {0x1d5c3, 1, 223}, /* MATHEMATICAL SANS-SERIF SMALL J */ + {0x1d5c4, 1, 230}, /* MATHEMATICAL SANS-SERIF SMALL K */ + {0x1d5c5, 1, 234}, /* MATHEMATICAL SANS-SERIF SMALL L */ + {0x1d5c6, 1, 922}, /* MATHEMATICAL SANS-SERIF SMALL M */ + {0x1d5c7, 1, 106}, /* MATHEMATICAL SANS-SERIF SMALL N */ + {0x1d5c8, 1, 14}, /* MATHEMATICAL SANS-SERIF SMALL O */ + {0x1d5c9, 1, 927}, /* MATHEMATICAL SANS-SERIF SMALL P */ + {0x1d5ca, 1, 2335}, /* MATHEMATICAL SANS-SERIF SMALL Q */ + {0x1d5cb, 1, 276}, /* MATHEMATICAL SANS-SERIF SMALL R */ + {0x1d5cc, 1, 288}, /* MATHEMATICAL SANS-SERIF SMALL S */ + {0x1d5cd, 1, 304}, /* MATHEMATICAL SANS-SERIF SMALL T */ + {0x1d5ce, 1, 118}, /* MATHEMATICAL SANS-SERIF SMALL U */ + {0x1d5cf, 1, 930}, /* MATHEMATICAL SANS-SERIF SMALL V */ + {0x1d5d0, 1, 336}, /* MATHEMATICAL SANS-SERIF SMALL W */ + {0x1d5d1, 1, 579}, /* MATHEMATICAL SANS-SERIF SMALL X */ + {0x1d5d2, 1, 126}, /* MATHEMATICAL SANS-SERIF SMALL Y */ + {0x1d5d3, 1, 346}, /* MATHEMATICAL SANS-SERIF SMALL Z */ + {0x1d5d4, 1, 24}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL A */ + {0x1d5d5, 1, 910}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL B */ + {0x1d5d6, 1, 36}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL C */ + {0x1d5d7, 1, 158}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL D */ + {0x1d5d8, 1, 38}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL E */ + {0x1d5d9, 1, 995}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL F */ + {0x1d5da, 1, 182}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL G */ + {0x1d5db, 1, 198}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL H */ + {0x1d5dc, 1, 46}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL I */ + {0x1d5dd, 1, 221}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL J */ + {0x1d5de, 1, 228}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL K */ + {0x1d5df, 1, 232}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL L */ + {0x1d5e0, 1, 912}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL M */ + {0x1d5e1, 1, 54}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL N */ + {0x1d5e2, 1, 56}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL O */ + {0x1d5e3, 1, 914}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL P */ + {0x1d5e4, 1, 1942}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL Q */ + {0x1d5e5, 1, 274}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL R */ + {0x1d5e6, 1, 286}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL S */ + {0x1d5e7, 1, 302}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL T */ + {0x1d5e8, 1, 66}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL U */ + {0x1d5e9, 1, 1183}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL V */ + {0x1d5ea, 1, 334}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL W */ + {0x1d5eb, 1, 1211}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL X */ + {0x1d5ec, 1, 74}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL Y */ + {0x1d5ed, 1, 344}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL Z */ + {0x1d5ee, 1, 3}, /* MATHEMATICAL SANS-SERIF BOLD SMALL A */ + {0x1d5ef, 1, 918}, /* MATHEMATICAL SANS-SERIF BOLD SMALL B */ + {0x1d5f0, 1, 88}, /* MATHEMATICAL SANS-SERIF BOLD SMALL C */ + {0x1d5f1, 1, 160}, /* MATHEMATICAL SANS-SERIF BOLD SMALL D */ + {0x1d5f2, 1, 90}, /* MATHEMATICAL SANS-SERIF BOLD SMALL E */ + {0x1d5f3, 1, 997}, /* MATHEMATICAL SANS-SERIF BOLD SMALL F */ + {0x1d5f4, 1, 184}, /* MATHEMATICAL SANS-SERIF BOLD SMALL G */ + {0x1d5f5, 1, 200}, /* MATHEMATICAL SANS-SERIF BOLD SMALL H */ + {0x1d5f6, 1, 98}, /* MATHEMATICAL SANS-SERIF BOLD SMALL I */ + {0x1d5f7, 1, 223}, /* MATHEMATICAL SANS-SERIF BOLD SMALL J */ + {0x1d5f8, 1, 230}, /* MATHEMATICAL SANS-SERIF BOLD SMALL K */ + {0x1d5f9, 1, 234}, /* MATHEMATICAL SANS-SERIF BOLD SMALL L */ + {0x1d5fa, 1, 922}, /* MATHEMATICAL SANS-SERIF BOLD SMALL M */ + {0x1d5fb, 1, 106}, /* MATHEMATICAL SANS-SERIF BOLD SMALL N */ + {0x1d5fc, 1, 14}, /* MATHEMATICAL SANS-SERIF BOLD SMALL O */ + {0x1d5fd, 1, 927}, /* MATHEMATICAL SANS-SERIF BOLD SMALL P */ + {0x1d5fe, 1, 2335}, /* MATHEMATICAL SANS-SERIF BOLD SMALL Q */ + {0x1d5ff, 1, 276}, /* MATHEMATICAL SANS-SERIF BOLD SMALL R */ + {0x1d600, 1, 288}, /* MATHEMATICAL SANS-SERIF BOLD SMALL S */ + {0x1d601, 1, 304}, /* MATHEMATICAL SANS-SERIF BOLD SMALL T */ + {0x1d602, 1, 118}, /* MATHEMATICAL SANS-SERIF BOLD SMALL U */ + {0x1d603, 1, 930}, /* MATHEMATICAL SANS-SERIF BOLD SMALL V */ + {0x1d604, 1, 336}, /* MATHEMATICAL SANS-SERIF BOLD SMALL W */ + {0x1d605, 1, 579}, /* MATHEMATICAL SANS-SERIF BOLD SMALL X */ + {0x1d606, 1, 126}, /* MATHEMATICAL SANS-SERIF BOLD SMALL Y */ + {0x1d607, 1, 346}, /* MATHEMATICAL SANS-SERIF BOLD SMALL Z */ + {0x1d608, 1, 24}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL A */ + {0x1d609, 1, 910}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL B */ + {0x1d60a, 1, 36}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL C */ + {0x1d60b, 1, 158}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL D */ + {0x1d60c, 1, 38}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL E */ + {0x1d60d, 1, 995}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL F */ + {0x1d60e, 1, 182}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL G */ + {0x1d60f, 1, 198}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL H */ + {0x1d610, 1, 46}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL I */ + {0x1d611, 1, 221}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL J */ + {0x1d612, 1, 228}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL K */ + {0x1d613, 1, 232}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL L */ + {0x1d614, 1, 912}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL M */ + {0x1d615, 1, 54}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL N */ + {0x1d616, 1, 56}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL O */ + {0x1d617, 1, 914}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL P */ + {0x1d618, 1, 1942}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL Q */ + {0x1d619, 1, 274}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL R */ + {0x1d61a, 1, 286}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL S */ + {0x1d61b, 1, 302}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL T */ + {0x1d61c, 1, 66}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL U */ + {0x1d61d, 1, 1183}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL V */ + {0x1d61e, 1, 334}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL W */ + {0x1d61f, 1, 1211}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL X */ + {0x1d620, 1, 74}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL Y */ + {0x1d621, 1, 344}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL Z */ + {0x1d622, 1, 3}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL A */ + {0x1d623, 1, 918}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL B */ + {0x1d624, 1, 88}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL C */ + {0x1d625, 1, 160}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL D */ + {0x1d626, 1, 90}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL E */ + {0x1d627, 1, 997}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL F */ + {0x1d628, 1, 184}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL G */ + {0x1d629, 1, 200}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL H */ + {0x1d62a, 1, 98}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL I */ + {0x1d62b, 1, 223}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL J */ + {0x1d62c, 1, 230}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL K */ + {0x1d62d, 1, 234}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL L */ + {0x1d62e, 1, 922}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL M */ + {0x1d62f, 1, 106}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL N */ + {0x1d630, 1, 14}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL O */ + {0x1d631, 1, 927}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL P */ + {0x1d632, 1, 2335}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL Q */ + {0x1d633, 1, 276}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL R */ + {0x1d634, 1, 288}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL S */ + {0x1d635, 1, 304}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL T */ + {0x1d636, 1, 118}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL U */ + {0x1d637, 1, 930}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL V */ + {0x1d638, 1, 336}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL W */ + {0x1d639, 1, 579}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL X */ + {0x1d63a, 1, 126}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL Y */ + {0x1d63b, 1, 346}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL Z */ + {0x1d63c, 1, 24}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL A */ + {0x1d63d, 1, 910}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL B */ + {0x1d63e, 1, 36}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL C */ + {0x1d63f, 1, 158}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL D */ + {0x1d640, 1, 38}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL E */ + {0x1d641, 1, 995}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL F */ + {0x1d642, 1, 182}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL G */ + {0x1d643, 1, 198}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL H */ + {0x1d644, 1, 46}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL I */ + {0x1d645, 1, 221}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL J */ + {0x1d646, 1, 228}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL K */ + {0x1d647, 1, 232}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL L */ + {0x1d648, 1, 912}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL M */ + {0x1d649, 1, 54}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL N */ + {0x1d64a, 1, 56}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL O */ + {0x1d64b, 1, 914}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL P */ + {0x1d64c, 1, 1942}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Q */ + {0x1d64d, 1, 274}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL R */ + {0x1d64e, 1, 286}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL S */ + {0x1d64f, 1, 302}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL T */ + {0x1d650, 1, 66}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL U */ + {0x1d651, 1, 1183}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL V */ + {0x1d652, 1, 334}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL W */ + {0x1d653, 1, 1211}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL X */ + {0x1d654, 1, 74}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Y */ + {0x1d655, 1, 344}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Z */ + {0x1d656, 1, 3}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL A */ + {0x1d657, 1, 918}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL B */ + {0x1d658, 1, 88}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL C */ + {0x1d659, 1, 160}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL D */ + {0x1d65a, 1, 90}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL E */ + {0x1d65b, 1, 997}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL F */ + {0x1d65c, 1, 184}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL G */ + {0x1d65d, 1, 200}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL H */ + {0x1d65e, 1, 98}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL I */ + {0x1d65f, 1, 223}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL J */ + {0x1d660, 1, 230}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL K */ + {0x1d661, 1, 234}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL L */ + {0x1d662, 1, 922}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL M */ + {0x1d663, 1, 106}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL N */ + {0x1d664, 1, 14}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL O */ + {0x1d665, 1, 927}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL P */ + {0x1d666, 1, 2335}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Q */ + {0x1d667, 1, 276}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL R */ + {0x1d668, 1, 288}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL S */ + {0x1d669, 1, 304}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL T */ + {0x1d66a, 1, 118}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL U */ + {0x1d66b, 1, 930}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL V */ + {0x1d66c, 1, 336}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL W */ + {0x1d66d, 1, 579}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL X */ + {0x1d66e, 1, 126}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Y */ + {0x1d66f, 1, 346}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Z */ + {0x1d670, 1, 24}, /* MATHEMATICAL MONOSPACE CAPITAL A */ + {0x1d671, 1, 910}, /* MATHEMATICAL MONOSPACE CAPITAL B */ + {0x1d672, 1, 36}, /* MATHEMATICAL MONOSPACE CAPITAL C */ + {0x1d673, 1, 158}, /* MATHEMATICAL MONOSPACE CAPITAL D */ + {0x1d674, 1, 38}, /* MATHEMATICAL MONOSPACE CAPITAL E */ + {0x1d675, 1, 995}, /* MATHEMATICAL MONOSPACE CAPITAL F */ + {0x1d676, 1, 182}, /* MATHEMATICAL MONOSPACE CAPITAL G */ + {0x1d677, 1, 198}, /* MATHEMATICAL MONOSPACE CAPITAL H */ + {0x1d678, 1, 46}, /* MATHEMATICAL MONOSPACE CAPITAL I */ + {0x1d679, 1, 221}, /* MATHEMATICAL MONOSPACE CAPITAL J */ + {0x1d67a, 1, 228}, /* MATHEMATICAL MONOSPACE CAPITAL K */ + {0x1d67b, 1, 232}, /* MATHEMATICAL MONOSPACE CAPITAL L */ + {0x1d67c, 1, 912}, /* MATHEMATICAL MONOSPACE CAPITAL M */ + {0x1d67d, 1, 54}, /* MATHEMATICAL MONOSPACE CAPITAL N */ + {0x1d67e, 1, 56}, /* MATHEMATICAL MONOSPACE CAPITAL O */ + {0x1d67f, 1, 914}, /* MATHEMATICAL MONOSPACE CAPITAL P */ + {0x1d680, 1, 1942}, /* MATHEMATICAL MONOSPACE CAPITAL Q */ + {0x1d681, 1, 274}, /* MATHEMATICAL MONOSPACE CAPITAL R */ + {0x1d682, 1, 286}, /* MATHEMATICAL MONOSPACE CAPITAL S */ + {0x1d683, 1, 302}, /* MATHEMATICAL MONOSPACE CAPITAL T */ + {0x1d684, 1, 66}, /* MATHEMATICAL MONOSPACE CAPITAL U */ + {0x1d685, 1, 1183}, /* MATHEMATICAL MONOSPACE CAPITAL V */ + {0x1d686, 1, 334}, /* MATHEMATICAL MONOSPACE CAPITAL W */ + {0x1d687, 1, 1211}, /* MATHEMATICAL MONOSPACE CAPITAL X */ + {0x1d688, 1, 74}, /* MATHEMATICAL MONOSPACE CAPITAL Y */ + {0x1d689, 1, 344}, /* MATHEMATICAL MONOSPACE CAPITAL Z */ + {0x1d68a, 1, 3}, /* MATHEMATICAL MONOSPACE SMALL A */ + {0x1d68b, 1, 918}, /* MATHEMATICAL MONOSPACE SMALL B */ + {0x1d68c, 1, 88}, /* MATHEMATICAL MONOSPACE SMALL C */ + {0x1d68d, 1, 160}, /* MATHEMATICAL MONOSPACE SMALL D */ + {0x1d68e, 1, 90}, /* MATHEMATICAL MONOSPACE SMALL E */ + {0x1d68f, 1, 997}, /* MATHEMATICAL MONOSPACE SMALL F */ + {0x1d690, 1, 184}, /* MATHEMATICAL MONOSPACE SMALL G */ + {0x1d691, 1, 200}, /* MATHEMATICAL MONOSPACE SMALL H */ + {0x1d692, 1, 98}, /* MATHEMATICAL MONOSPACE SMALL I */ + {0x1d693, 1, 223}, /* MATHEMATICAL MONOSPACE SMALL J */ + {0x1d694, 1, 230}, /* MATHEMATICAL MONOSPACE SMALL K */ + {0x1d695, 1, 234}, /* MATHEMATICAL MONOSPACE SMALL L */ + {0x1d696, 1, 922}, /* MATHEMATICAL MONOSPACE SMALL M */ + {0x1d697, 1, 106}, /* MATHEMATICAL MONOSPACE SMALL N */ + {0x1d698, 1, 14}, /* MATHEMATICAL MONOSPACE SMALL O */ + {0x1d699, 1, 927}, /* MATHEMATICAL MONOSPACE SMALL P */ + {0x1d69a, 1, 2335}, /* MATHEMATICAL MONOSPACE SMALL Q */ + {0x1d69b, 1, 276}, /* MATHEMATICAL MONOSPACE SMALL R */ + {0x1d69c, 1, 288}, /* MATHEMATICAL MONOSPACE SMALL S */ + {0x1d69d, 1, 304}, /* MATHEMATICAL MONOSPACE SMALL T */ + {0x1d69e, 1, 118}, /* MATHEMATICAL MONOSPACE SMALL U */ + {0x1d69f, 1, 930}, /* MATHEMATICAL MONOSPACE SMALL V */ + {0x1d6a0, 1, 336}, /* MATHEMATICAL MONOSPACE SMALL W */ + {0x1d6a1, 1, 579}, /* MATHEMATICAL MONOSPACE SMALL X */ + {0x1d6a2, 1, 126}, /* MATHEMATICAL MONOSPACE SMALL Y */ + {0x1d6a3, 1, 346}, /* MATHEMATICAL MONOSPACE SMALL Z */ + {0x1d6a8, 1, 590}, /* MATHEMATICAL BOLD CAPITAL ALPHA */ + {0x1d6a9, 1, 5148}, /* MATHEMATICAL BOLD CAPITAL BETA */ + {0x1d6aa, 1, 1957}, /* MATHEMATICAL BOLD CAPITAL GAMMA */ + {0x1d6ab, 1, 5149}, /* MATHEMATICAL BOLD CAPITAL DELTA */ + {0x1d6ac, 1, 592}, /* MATHEMATICAL BOLD CAPITAL EPSILON */ + {0x1d6ad, 1, 5150}, /* MATHEMATICAL BOLD CAPITAL ZETA */ + {0x1d6ae, 1, 594}, /* MATHEMATICAL BOLD CAPITAL ETA */ + {0x1d6af, 1, 641}, /* MATHEMATICAL BOLD CAPITAL THETA */ + {0x1d6b0, 1, 596}, /* MATHEMATICAL BOLD CAPITAL IOTA */ + {0x1d6b1, 1, 5151}, /* MATHEMATICAL BOLD CAPITAL KAPPA */ + {0x1d6b2, 1, 5152}, /* MATHEMATICAL BOLD CAPITAL LAMDA */ + {0x1d6b3, 1, 5153}, /* MATHEMATICAL BOLD CAPITAL MU */ + {0x1d6b4, 1, 5154}, /* MATHEMATICAL BOLD CAPITAL NU */ + {0x1d6b5, 1, 5155}, /* MATHEMATICAL BOLD CAPITAL XI */ + {0x1d6b6, 1, 598}, /* MATHEMATICAL BOLD CAPITAL OMICRON */ + {0x1d6b7, 1, 1958}, /* MATHEMATICAL BOLD CAPITAL PI */ + {0x1d6b8, 1, 1843}, /* MATHEMATICAL BOLD CAPITAL RHO */ + {0x1d6b9, 1, 5156}, /* MATHEMATICAL BOLD CAPITAL THETA SYMBOL */ + {0x1d6ba, 1, 642}, /* MATHEMATICAL BOLD CAPITAL SIGMA */ + {0x1d6bb, 1, 5157}, /* MATHEMATICAL BOLD CAPITAL TAU */ + {0x1d6bc, 1, 600}, /* MATHEMATICAL BOLD CAPITAL UPSILON */ + {0x1d6bd, 1, 5158}, /* MATHEMATICAL BOLD CAPITAL PHI */ + {0x1d6be, 1, 5159}, /* MATHEMATICAL BOLD CAPITAL CHI */ + {0x1d6bf, 1, 5160}, /* MATHEMATICAL BOLD CAPITAL PSI */ + {0x1d6c0, 1, 602}, /* MATHEMATICAL BOLD CAPITAL OMEGA */ + {0x1d6c1, 1, 5161}, /* MATHEMATICAL BOLD NABLA */ + {0x1d6c2, 1, 610}, /* MATHEMATICAL BOLD SMALL ALPHA */ + {0x1d6c3, 1, 630}, /* MATHEMATICAL BOLD SMALL BETA */ + {0x1d6c4, 1, 932}, /* MATHEMATICAL BOLD SMALL GAMMA */ + {0x1d6c5, 1, 933}, /* MATHEMATICAL BOLD SMALL DELTA */ + {0x1d6c6, 1, 612}, /* MATHEMATICAL BOLD SMALL EPSILON */ + {0x1d6c7, 1, 5162}, /* MATHEMATICAL BOLD SMALL ZETA */ + {0x1d6c8, 1, 614}, /* MATHEMATICAL BOLD SMALL ETA */ + {0x1d6c9, 1, 631}, /* MATHEMATICAL BOLD SMALL THETA */ + {0x1d6ca, 1, 616}, /* MATHEMATICAL BOLD SMALL IOTA */ + {0x1d6cb, 1, 638}, /* MATHEMATICAL BOLD SMALL KAPPA */ + {0x1d6cc, 1, 5163}, /* MATHEMATICAL BOLD SMALL LAMDA */ + {0x1d6cd, 1, 10}, /* MATHEMATICAL BOLD SMALL MU */ + {0x1d6ce, 1, 5164}, /* MATHEMATICAL BOLD SMALL NU */ + {0x1d6cf, 1, 5165}, /* MATHEMATICAL BOLD SMALL XI */ + {0x1d6d0, 1, 624}, /* MATHEMATICAL BOLD SMALL OMICRON */ + {0x1d6d1, 1, 637}, /* MATHEMATICAL BOLD SMALL PI */ + {0x1d6d2, 1, 639}, /* MATHEMATICAL BOLD SMALL RHO */ + {0x1d6d3, 1, 640}, /* MATHEMATICAL BOLD SMALL FINAL SIGMA */ + {0x1d6d4, 1, 5166}, /* MATHEMATICAL BOLD SMALL SIGMA */ + {0x1d6d5, 1, 5167}, /* MATHEMATICAL BOLD SMALL TAU */ + {0x1d6d6, 1, 622}, /* MATHEMATICAL BOLD SMALL UPSILON */ + {0x1d6d7, 1, 636}, /* MATHEMATICAL BOLD SMALL PHI */ + {0x1d6d8, 1, 934}, /* MATHEMATICAL BOLD SMALL CHI */ + {0x1d6d9, 1, 5168}, /* MATHEMATICAL BOLD SMALL PSI */ + {0x1d6da, 1, 628}, /* MATHEMATICAL BOLD SMALL OMEGA */ + {0x1d6db, 1, 5169}, /* MATHEMATICAL BOLD PARTIAL DIFFERENTIAL */ + {0x1d6dc, 1, 5170}, /* MATHEMATICAL BOLD EPSILON SYMBOL */ + {0x1d6dd, 1, 5171}, /* MATHEMATICAL BOLD THETA SYMBOL */ + {0x1d6de, 1, 5172}, /* MATHEMATICAL BOLD KAPPA SYMBOL */ + {0x1d6df, 1, 5173}, /* MATHEMATICAL BOLD PHI SYMBOL */ + {0x1d6e0, 1, 5174}, /* MATHEMATICAL BOLD RHO SYMBOL */ + {0x1d6e1, 1, 5175}, /* MATHEMATICAL BOLD PI SYMBOL */ + {0x1d6e2, 1, 590}, /* MATHEMATICAL ITALIC CAPITAL ALPHA */ + {0x1d6e3, 1, 5148}, /* MATHEMATICAL ITALIC CAPITAL BETA */ + {0x1d6e4, 1, 1957}, /* MATHEMATICAL ITALIC CAPITAL GAMMA */ + {0x1d6e5, 1, 5149}, /* MATHEMATICAL ITALIC CAPITAL DELTA */ + {0x1d6e6, 1, 592}, /* MATHEMATICAL ITALIC CAPITAL EPSILON */ + {0x1d6e7, 1, 5150}, /* MATHEMATICAL ITALIC CAPITAL ZETA */ + {0x1d6e8, 1, 594}, /* MATHEMATICAL ITALIC CAPITAL ETA */ + {0x1d6e9, 1, 641}, /* MATHEMATICAL ITALIC CAPITAL THETA */ + {0x1d6ea, 1, 596}, /* MATHEMATICAL ITALIC CAPITAL IOTA */ + {0x1d6eb, 1, 5151}, /* MATHEMATICAL ITALIC CAPITAL KAPPA */ + {0x1d6ec, 1, 5152}, /* MATHEMATICAL ITALIC CAPITAL LAMDA */ + {0x1d6ed, 1, 5153}, /* MATHEMATICAL ITALIC CAPITAL MU */ + {0x1d6ee, 1, 5154}, /* MATHEMATICAL ITALIC CAPITAL NU */ + {0x1d6ef, 1, 5155}, /* MATHEMATICAL ITALIC CAPITAL XI */ + {0x1d6f0, 1, 598}, /* MATHEMATICAL ITALIC CAPITAL OMICRON */ + {0x1d6f1, 1, 1958}, /* MATHEMATICAL ITALIC CAPITAL PI */ + {0x1d6f2, 1, 1843}, /* MATHEMATICAL ITALIC CAPITAL RHO */ + {0x1d6f3, 1, 5156}, /* MATHEMATICAL ITALIC CAPITAL THETA SYMBOL */ + {0x1d6f4, 1, 642}, /* MATHEMATICAL ITALIC CAPITAL SIGMA */ + {0x1d6f5, 1, 5157}, /* MATHEMATICAL ITALIC CAPITAL TAU */ + {0x1d6f6, 1, 600}, /* MATHEMATICAL ITALIC CAPITAL UPSILON */ + {0x1d6f7, 1, 5158}, /* MATHEMATICAL ITALIC CAPITAL PHI */ + {0x1d6f8, 1, 5159}, /* MATHEMATICAL ITALIC CAPITAL CHI */ + {0x1d6f9, 1, 5160}, /* MATHEMATICAL ITALIC CAPITAL PSI */ + {0x1d6fa, 1, 602}, /* MATHEMATICAL ITALIC CAPITAL OMEGA */ + {0x1d6fb, 1, 5161}, /* MATHEMATICAL ITALIC NABLA */ + {0x1d6fc, 1, 610}, /* MATHEMATICAL ITALIC SMALL ALPHA */ + {0x1d6fd, 1, 630}, /* MATHEMATICAL ITALIC SMALL BETA */ + {0x1d6fe, 1, 932}, /* MATHEMATICAL ITALIC SMALL GAMMA */ + {0x1d6ff, 1, 933}, /* MATHEMATICAL ITALIC SMALL DELTA */ + {0x1d700, 1, 612}, /* MATHEMATICAL ITALIC SMALL EPSILON */ + {0x1d701, 1, 5162}, /* MATHEMATICAL ITALIC SMALL ZETA */ + {0x1d702, 1, 614}, /* MATHEMATICAL ITALIC SMALL ETA */ + {0x1d703, 1, 631}, /* MATHEMATICAL ITALIC SMALL THETA */ + {0x1d704, 1, 616}, /* MATHEMATICAL ITALIC SMALL IOTA */ + {0x1d705, 1, 638}, /* MATHEMATICAL ITALIC SMALL KAPPA */ + {0x1d706, 1, 5163}, /* MATHEMATICAL ITALIC SMALL LAMDA */ + {0x1d707, 1, 10}, /* MATHEMATICAL ITALIC SMALL MU */ + {0x1d708, 1, 5164}, /* MATHEMATICAL ITALIC SMALL NU */ + {0x1d709, 1, 5165}, /* MATHEMATICAL ITALIC SMALL XI */ + {0x1d70a, 1, 624}, /* MATHEMATICAL ITALIC SMALL OMICRON */ + {0x1d70b, 1, 637}, /* MATHEMATICAL ITALIC SMALL PI */ + {0x1d70c, 1, 639}, /* MATHEMATICAL ITALIC SMALL RHO */ + {0x1d70d, 1, 640}, /* MATHEMATICAL ITALIC SMALL FINAL SIGMA */ + {0x1d70e, 1, 5166}, /* MATHEMATICAL ITALIC SMALL SIGMA */ + {0x1d70f, 1, 5167}, /* MATHEMATICAL ITALIC SMALL TAU */ + {0x1d710, 1, 622}, /* MATHEMATICAL ITALIC SMALL UPSILON */ + {0x1d711, 1, 636}, /* MATHEMATICAL ITALIC SMALL PHI */ + {0x1d712, 1, 934}, /* MATHEMATICAL ITALIC SMALL CHI */ + {0x1d713, 1, 5168}, /* MATHEMATICAL ITALIC SMALL PSI */ + {0x1d714, 1, 628}, /* MATHEMATICAL ITALIC SMALL OMEGA */ + {0x1d715, 1, 5169}, /* MATHEMATICAL ITALIC PARTIAL DIFFERENTIAL */ + {0x1d716, 1, 5170}, /* MATHEMATICAL ITALIC EPSILON SYMBOL */ + {0x1d717, 1, 5171}, /* MATHEMATICAL ITALIC THETA SYMBOL */ + {0x1d718, 1, 5172}, /* MATHEMATICAL ITALIC KAPPA SYMBOL */ + {0x1d719, 1, 5173}, /* MATHEMATICAL ITALIC PHI SYMBOL */ + {0x1d71a, 1, 5174}, /* MATHEMATICAL ITALIC RHO SYMBOL */ + {0x1d71b, 1, 5175}, /* MATHEMATICAL ITALIC PI SYMBOL */ + {0x1d71c, 1, 590}, /* MATHEMATICAL BOLD ITALIC CAPITAL ALPHA */ + {0x1d71d, 1, 5148}, /* MATHEMATICAL BOLD ITALIC CAPITAL BETA */ + {0x1d71e, 1, 1957}, /* MATHEMATICAL BOLD ITALIC CAPITAL GAMMA */ + {0x1d71f, 1, 5149}, /* MATHEMATICAL BOLD ITALIC CAPITAL DELTA */ + {0x1d720, 1, 592}, /* MATHEMATICAL BOLD ITALIC CAPITAL EPSILON */ + {0x1d721, 1, 5150}, /* MATHEMATICAL BOLD ITALIC CAPITAL ZETA */ + {0x1d722, 1, 594}, /* MATHEMATICAL BOLD ITALIC CAPITAL ETA */ + {0x1d723, 1, 641}, /* MATHEMATICAL BOLD ITALIC CAPITAL THETA */ + {0x1d724, 1, 596}, /* MATHEMATICAL BOLD ITALIC CAPITAL IOTA */ + {0x1d725, 1, 5151}, /* MATHEMATICAL BOLD ITALIC CAPITAL KAPPA */ + {0x1d726, 1, 5152}, /* MATHEMATICAL BOLD ITALIC CAPITAL LAMDA */ + {0x1d727, 1, 5153}, /* MATHEMATICAL BOLD ITALIC CAPITAL MU */ + {0x1d728, 1, 5154}, /* MATHEMATICAL BOLD ITALIC CAPITAL NU */ + {0x1d729, 1, 5155}, /* MATHEMATICAL BOLD ITALIC CAPITAL XI */ + {0x1d72a, 1, 598}, /* MATHEMATICAL BOLD ITALIC CAPITAL OMICRON */ + {0x1d72b, 1, 1958}, /* MATHEMATICAL BOLD ITALIC CAPITAL PI */ + {0x1d72c, 1, 1843}, /* MATHEMATICAL BOLD ITALIC CAPITAL RHO */ + {0x1d72d, 1, 5156}, /* MATHEMATICAL BOLD ITALIC CAPITAL THETA SYMBOL */ + {0x1d72e, 1, 642}, /* MATHEMATICAL BOLD ITALIC CAPITAL SIGMA */ + {0x1d72f, 1, 5157}, /* MATHEMATICAL BOLD ITALIC CAPITAL TAU */ + {0x1d730, 1, 600}, /* MATHEMATICAL BOLD ITALIC CAPITAL UPSILON */ + {0x1d731, 1, 5158}, /* MATHEMATICAL BOLD ITALIC CAPITAL PHI */ + {0x1d732, 1, 5159}, /* MATHEMATICAL BOLD ITALIC CAPITAL CHI */ + {0x1d733, 1, 5160}, /* MATHEMATICAL BOLD ITALIC CAPITAL PSI */ + {0x1d734, 1, 602}, /* MATHEMATICAL BOLD ITALIC CAPITAL OMEGA */ + {0x1d735, 1, 5161}, /* MATHEMATICAL BOLD ITALIC NABLA */ + {0x1d736, 1, 610}, /* MATHEMATICAL BOLD ITALIC SMALL ALPHA */ + {0x1d737, 1, 630}, /* MATHEMATICAL BOLD ITALIC SMALL BETA */ + {0x1d738, 1, 932}, /* MATHEMATICAL BOLD ITALIC SMALL GAMMA */ + {0x1d739, 1, 933}, /* MATHEMATICAL BOLD ITALIC SMALL DELTA */ + {0x1d73a, 1, 612}, /* MATHEMATICAL BOLD ITALIC SMALL EPSILON */ + {0x1d73b, 1, 5162}, /* MATHEMATICAL BOLD ITALIC SMALL ZETA */ + {0x1d73c, 1, 614}, /* MATHEMATICAL BOLD ITALIC SMALL ETA */ + {0x1d73d, 1, 631}, /* MATHEMATICAL BOLD ITALIC SMALL THETA */ + {0x1d73e, 1, 616}, /* MATHEMATICAL BOLD ITALIC SMALL IOTA */ + {0x1d73f, 1, 638}, /* MATHEMATICAL BOLD ITALIC SMALL KAPPA */ + {0x1d740, 1, 5163}, /* MATHEMATICAL BOLD ITALIC SMALL LAMDA */ + {0x1d741, 1, 10}, /* MATHEMATICAL BOLD ITALIC SMALL MU */ + {0x1d742, 1, 5164}, /* MATHEMATICAL BOLD ITALIC SMALL NU */ + {0x1d743, 1, 5165}, /* MATHEMATICAL BOLD ITALIC SMALL XI */ + {0x1d744, 1, 624}, /* MATHEMATICAL BOLD ITALIC SMALL OMICRON */ + {0x1d745, 1, 637}, /* MATHEMATICAL BOLD ITALIC SMALL PI */ + {0x1d746, 1, 639}, /* MATHEMATICAL BOLD ITALIC SMALL RHO */ + {0x1d747, 1, 640}, /* MATHEMATICAL BOLD ITALIC SMALL FINAL SIGMA */ + {0x1d748, 1, 5166}, /* MATHEMATICAL BOLD ITALIC SMALL SIGMA */ + {0x1d749, 1, 5167}, /* MATHEMATICAL BOLD ITALIC SMALL TAU */ + {0x1d74a, 1, 622}, /* MATHEMATICAL BOLD ITALIC SMALL UPSILON */ + {0x1d74b, 1, 636}, /* MATHEMATICAL BOLD ITALIC SMALL PHI */ + {0x1d74c, 1, 934}, /* MATHEMATICAL BOLD ITALIC SMALL CHI */ + {0x1d74d, 1, 5168}, /* MATHEMATICAL BOLD ITALIC SMALL PSI */ + {0x1d74e, 1, 628}, /* MATHEMATICAL BOLD ITALIC SMALL OMEGA */ + {0x1d74f, 1, 5169}, /* MATHEMATICAL BOLD ITALIC PARTIAL DIFFERENTIAL */ + {0x1d750, 1, 5170}, /* MATHEMATICAL BOLD ITALIC EPSILON SYMBOL */ + {0x1d751, 1, 5171}, /* MATHEMATICAL BOLD ITALIC THETA SYMBOL */ + {0x1d752, 1, 5172}, /* MATHEMATICAL BOLD ITALIC KAPPA SYMBOL */ + {0x1d753, 1, 5173}, /* MATHEMATICAL BOLD ITALIC PHI SYMBOL */ + {0x1d754, 1, 5174}, /* MATHEMATICAL BOLD ITALIC RHO SYMBOL */ + {0x1d755, 1, 5175}, /* MATHEMATICAL BOLD ITALIC PI SYMBOL */ + {0x1d756, 1, 590}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL ALPHA */ + {0x1d757, 1, 5148}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL BETA */ + {0x1d758, 1, 1957}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL GAMMA */ + {0x1d759, 1, 5149}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL DELTA */ + {0x1d75a, 1, 592}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL EPSILON */ + {0x1d75b, 1, 5150}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL ZETA */ + {0x1d75c, 1, 594}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL ETA */ + {0x1d75d, 1, 641}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL THETA */ + {0x1d75e, 1, 596}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL IOTA */ + {0x1d75f, 1, 5151}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL KAPPA */ + {0x1d760, 1, 5152}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL LAMDA */ + {0x1d761, 1, 5153}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL MU */ + {0x1d762, 1, 5154}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL NU */ + {0x1d763, 1, 5155}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL XI */ + {0x1d764, 1, 598}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL OMICRON */ + {0x1d765, 1, 1958}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL PI */ + {0x1d766, 1, 1843}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL RHO */ + {0x1d767, 1, 5156}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL THETA SYMBOL */ + {0x1d768, 1, 642}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL SIGMA */ + {0x1d769, 1, 5157}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL TAU */ + {0x1d76a, 1, 600}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL UPSILON */ + {0x1d76b, 1, 5158}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL PHI */ + {0x1d76c, 1, 5159}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL CHI */ + {0x1d76d, 1, 5160}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL PSI */ + {0x1d76e, 1, 602}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL OMEGA */ + {0x1d76f, 1, 5161}, /* MATHEMATICAL SANS-SERIF BOLD NABLA */ + {0x1d770, 1, 610}, /* MATHEMATICAL SANS-SERIF BOLD SMALL ALPHA */ + {0x1d771, 1, 630}, /* MATHEMATICAL SANS-SERIF BOLD SMALL BETA */ + {0x1d772, 1, 932}, /* MATHEMATICAL SANS-SERIF BOLD SMALL GAMMA */ + {0x1d773, 1, 933}, /* MATHEMATICAL SANS-SERIF BOLD SMALL DELTA */ + {0x1d774, 1, 612}, /* MATHEMATICAL SANS-SERIF BOLD SMALL EPSILON */ + {0x1d775, 1, 5162}, /* MATHEMATICAL SANS-SERIF BOLD SMALL ZETA */ + {0x1d776, 1, 614}, /* MATHEMATICAL SANS-SERIF BOLD SMALL ETA */ + {0x1d777, 1, 631}, /* MATHEMATICAL SANS-SERIF BOLD SMALL THETA */ + {0x1d778, 1, 616}, /* MATHEMATICAL SANS-SERIF BOLD SMALL IOTA */ + {0x1d779, 1, 638}, /* MATHEMATICAL SANS-SERIF BOLD SMALL KAPPA */ + {0x1d77a, 1, 5163}, /* MATHEMATICAL SANS-SERIF BOLD SMALL LAMDA */ + {0x1d77b, 1, 10}, /* MATHEMATICAL SANS-SERIF BOLD SMALL MU */ + {0x1d77c, 1, 5164}, /* MATHEMATICAL SANS-SERIF BOLD SMALL NU */ + {0x1d77d, 1, 5165}, /* MATHEMATICAL SANS-SERIF BOLD SMALL XI */ + {0x1d77e, 1, 624}, /* MATHEMATICAL SANS-SERIF BOLD SMALL OMICRON */ + {0x1d77f, 1, 637}, /* MATHEMATICAL SANS-SERIF BOLD SMALL PI */ + {0x1d780, 1, 639}, /* MATHEMATICAL SANS-SERIF BOLD SMALL RHO */ + {0x1d781, 1, 640}, /* MATHEMATICAL SANS-SERIF BOLD SMALL FINAL SIGMA */ + {0x1d782, 1, 5166}, /* MATHEMATICAL SANS-SERIF BOLD SMALL SIGMA */ + {0x1d783, 1, 5167}, /* MATHEMATICAL SANS-SERIF BOLD SMALL TAU */ + {0x1d784, 1, 622}, /* MATHEMATICAL SANS-SERIF BOLD SMALL UPSILON */ + {0x1d785, 1, 636}, /* MATHEMATICAL SANS-SERIF BOLD SMALL PHI */ + {0x1d786, 1, 934}, /* MATHEMATICAL SANS-SERIF BOLD SMALL CHI */ + {0x1d787, 1, 5168}, /* MATHEMATICAL SANS-SERIF BOLD SMALL PSI */ + {0x1d788, 1, 628}, /* MATHEMATICAL SANS-SERIF BOLD SMALL OMEGA */ + {0x1d789, 1, 5169}, /* MATHEMATICAL SANS-SERIF BOLD PARTIAL DIFFERENTIAL */ + {0x1d78a, 1, 5170}, /* MATHEMATICAL SANS-SERIF BOLD EPSILON SYMBOL */ + {0x1d78b, 1, 5171}, /* MATHEMATICAL SANS-SERIF BOLD THETA SYMBOL */ + {0x1d78c, 1, 5172}, /* MATHEMATICAL SANS-SERIF BOLD KAPPA SYMBOL */ + {0x1d78d, 1, 5173}, /* MATHEMATICAL SANS-SERIF BOLD PHI SYMBOL */ + {0x1d78e, 1, 5174}, /* MATHEMATICAL SANS-SERIF BOLD RHO SYMBOL */ + {0x1d78f, 1, 5175}, /* MATHEMATICAL SANS-SERIF BOLD PI SYMBOL */ + {0x1d790, 1, 590}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ALPHA */ + {0x1d791, 1, 5148}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL BETA */ + {0x1d792, 1, 1957}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL GAMMA */ + {0x1d793, 1, 5149}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL DELTA */ + {0x1d794, 1, 592}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL EPSILON */ + {0x1d795, 1, 5150}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ZETA */ + {0x1d796, 1, 594}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ETA */ + {0x1d797, 1, 641}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL THETA */ + {0x1d798, 1, 596}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL IOTA */ + {0x1d799, 1, 5151}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL KAPPA */ + {0x1d79a, 1, 5152}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL LAMDA */ + {0x1d79b, 1, 5153}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL MU */ + {0x1d79c, 1, 5154}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL NU */ + {0x1d79d, 1, 5155}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL XI */ + {0x1d79e, 1, 598}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMICRON */ + {0x1d79f, 1, 1958}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PI */ + {0x1d7a0, 1, 1843}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL RHO */ + {0x1d7a1, 1, 5156}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL THETA SYMBOL */ + {0x1d7a2, 1, 642}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL SIGMA */ + {0x1d7a3, 1, 5157}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL TAU */ + {0x1d7a4, 1, 600}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL UPSILON */ + {0x1d7a5, 1, 5158}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PHI */ + {0x1d7a6, 1, 5159}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL CHI */ + {0x1d7a7, 1, 5160}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PSI */ + {0x1d7a8, 1, 602}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMEGA */ + {0x1d7a9, 1, 5161}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC NABLA */ + {0x1d7aa, 1, 610}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ALPHA */ + {0x1d7ab, 1, 630}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL BETA */ + {0x1d7ac, 1, 932}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL GAMMA */ + {0x1d7ad, 1, 933}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL DELTA */ + {0x1d7ae, 1, 612}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL EPSILON */ + {0x1d7af, 1, 5162}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ZETA */ + {0x1d7b0, 1, 614}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ETA */ + {0x1d7b1, 1, 631}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL THETA */ + {0x1d7b2, 1, 616}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL IOTA */ + {0x1d7b3, 1, 638}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL KAPPA */ + {0x1d7b4, 1, 5163}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL LAMDA */ + {0x1d7b5, 1, 10}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL MU */ + {0x1d7b6, 1, 5164}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL NU */ + {0x1d7b7, 1, 5165}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL XI */ + {0x1d7b8, 1, 624}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMICRON */ + {0x1d7b9, 1, 637}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PI */ + {0x1d7ba, 1, 639}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL RHO */ + {0x1d7bb, 1, 640}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL FINAL SIGMA */ + {0x1d7bc, 1, 5166}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL SIGMA */ + {0x1d7bd, 1, 5167}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL TAU */ + {0x1d7be, 1, 622}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL UPSILON */ + {0x1d7bf, 1, 636}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PHI */ + {0x1d7c0, 1, 934}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL CHI */ + {0x1d7c1, 1, 5168}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PSI */ + {0x1d7c2, 1, 628}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMEGA */ + {0x1d7c3, 1, 5169}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC PARTIAL DIFFERENTIAL */ + {0x1d7c4, 1, 5170}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC EPSILON SYMBOL */ + {0x1d7c5, 1, 5171}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC THETA SYMBOL */ + {0x1d7c6, 1, 5172}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC KAPPA SYMBOL */ + {0x1d7c7, 1, 5173}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC PHI SYMBOL */ + {0x1d7c8, 1, 5174}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC RHO SYMBOL */ + {0x1d7c9, 1, 5175}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC PI SYMBOL */ + {0x1d7ce, 1, 1909}, /* MATHEMATICAL BOLD DIGIT ZERO */ + {0x1d7cf, 1, 13}, /* MATHEMATICAL BOLD DIGIT ONE */ + {0x1d7d0, 1, 6}, /* MATHEMATICAL BOLD DIGIT TWO */ + {0x1d7d1, 1, 7}, /* MATHEMATICAL BOLD DIGIT THREE */ + {0x1d7d2, 1, 17}, /* MATHEMATICAL BOLD DIGIT FOUR */ + {0x1d7d3, 1, 1910}, /* MATHEMATICAL BOLD DIGIT FIVE */ + {0x1d7d4, 1, 1911}, /* MATHEMATICAL BOLD DIGIT SIX */ + {0x1d7d5, 1, 1912}, /* MATHEMATICAL BOLD DIGIT SEVEN */ + {0x1d7d6, 1, 1913}, /* MATHEMATICAL BOLD DIGIT EIGHT */ + {0x1d7d7, 1, 1914}, /* MATHEMATICAL BOLD DIGIT NINE */ + {0x1d7d8, 1, 1909}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT ZERO */ + {0x1d7d9, 1, 13}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT ONE */ + {0x1d7da, 1, 6}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT TWO */ + {0x1d7db, 1, 7}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT THREE */ + {0x1d7dc, 1, 17}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT FOUR */ + {0x1d7dd, 1, 1910}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT FIVE */ + {0x1d7de, 1, 1911}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT SIX */ + {0x1d7df, 1, 1912}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT SEVEN */ + {0x1d7e0, 1, 1913}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT EIGHT */ + {0x1d7e1, 1, 1914}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT NINE */ + {0x1d7e2, 1, 1909}, /* MATHEMATICAL SANS-SERIF DIGIT ZERO */ + {0x1d7e3, 1, 13}, /* MATHEMATICAL SANS-SERIF DIGIT ONE */ + {0x1d7e4, 1, 6}, /* MATHEMATICAL SANS-SERIF DIGIT TWO */ + {0x1d7e5, 1, 7}, /* MATHEMATICAL SANS-SERIF DIGIT THREE */ + {0x1d7e6, 1, 17}, /* MATHEMATICAL SANS-SERIF DIGIT FOUR */ + {0x1d7e7, 1, 1910}, /* MATHEMATICAL SANS-SERIF DIGIT FIVE */ + {0x1d7e8, 1, 1911}, /* MATHEMATICAL SANS-SERIF DIGIT SIX */ + {0x1d7e9, 1, 1912}, /* MATHEMATICAL SANS-SERIF DIGIT SEVEN */ + {0x1d7ea, 1, 1913}, /* MATHEMATICAL SANS-SERIF DIGIT EIGHT */ + {0x1d7eb, 1, 1914}, /* MATHEMATICAL SANS-SERIF DIGIT NINE */ + {0x1d7ec, 1, 1909}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT ZERO */ + {0x1d7ed, 1, 13}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT ONE */ + {0x1d7ee, 1, 6}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT TWO */ + {0x1d7ef, 1, 7}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT THREE */ + {0x1d7f0, 1, 17}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT FOUR */ + {0x1d7f1, 1, 1910}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT FIVE */ + {0x1d7f2, 1, 1911}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT SIX */ + {0x1d7f3, 1, 1912}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT SEVEN */ + {0x1d7f4, 1, 1913}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT EIGHT */ + {0x1d7f5, 1, 1914}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT NINE */ + {0x1d7f6, 1, 1909}, /* MATHEMATICAL MONOSPACE DIGIT ZERO */ + {0x1d7f7, 1, 13}, /* MATHEMATICAL MONOSPACE DIGIT ONE */ + {0x1d7f8, 1, 6}, /* MATHEMATICAL MONOSPACE DIGIT TWO */ + {0x1d7f9, 1, 7}, /* MATHEMATICAL MONOSPACE DIGIT THREE */ + {0x1d7fa, 1, 17}, /* MATHEMATICAL MONOSPACE DIGIT FOUR */ + {0x1d7fb, 1, 1910}, /* MATHEMATICAL MONOSPACE DIGIT FIVE */ + {0x1d7fc, 1, 1911}, /* MATHEMATICAL MONOSPACE DIGIT SIX */ + {0x1d7fd, 1, 1912}, /* MATHEMATICAL MONOSPACE DIGIT SEVEN */ + {0x1d7fe, 1, 1913}, /* MATHEMATICAL MONOSPACE DIGIT EIGHT */ + {0x1d7ff, 1, 1914}, /* MATHEMATICAL MONOSPACE DIGIT NINE */ + {0x2f800, 1, 5176}, /* CJK COMPATIBILITY IDEOGRAPH-2F800 */ + {0x2f801, 1, 5177}, /* CJK COMPATIBILITY IDEOGRAPH-2F801 */ + {0x2f802, 1, 5178}, /* CJK COMPATIBILITY IDEOGRAPH-2F802 */ + {0x2f803, 1, 5179}, /* CJK COMPATIBILITY IDEOGRAPH-2F803 */ + {0x2f804, 1, 5180}, /* CJK COMPATIBILITY IDEOGRAPH-2F804 */ + {0x2f805, 1, 4142}, /* CJK COMPATIBILITY IDEOGRAPH-2F805 */ + {0x2f806, 1, 5181}, /* CJK COMPATIBILITY IDEOGRAPH-2F806 */ + {0x2f807, 1, 5182}, /* CJK COMPATIBILITY IDEOGRAPH-2F807 */ + {0x2f808, 1, 5183}, /* CJK COMPATIBILITY IDEOGRAPH-2F808 */ + {0x2f809, 1, 5184}, /* CJK COMPATIBILITY IDEOGRAPH-2F809 */ + {0x2f80a, 1, 4143}, /* CJK COMPATIBILITY IDEOGRAPH-2F80A */ + {0x2f80b, 1, 5185}, /* CJK COMPATIBILITY IDEOGRAPH-2F80B */ + {0x2f80c, 1, 5186}, /* CJK COMPATIBILITY IDEOGRAPH-2F80C */ + {0x2f80d, 1, 5187}, /* CJK COMPATIBILITY IDEOGRAPH-2F80D */ + {0x2f80e, 1, 4144}, /* CJK COMPATIBILITY IDEOGRAPH-2F80E */ + {0x2f80f, 1, 5188}, /* CJK COMPATIBILITY IDEOGRAPH-2F80F */ + {0x2f810, 1, 5189}, /* CJK COMPATIBILITY IDEOGRAPH-2F810 */ + {0x2f811, 1, 5190}, /* CJK COMPATIBILITY IDEOGRAPH-2F811 */ + {0x2f812, 1, 5191}, /* CJK COMPATIBILITY IDEOGRAPH-2F812 */ + {0x2f813, 1, 5192}, /* CJK COMPATIBILITY IDEOGRAPH-2F813 */ + {0x2f814, 1, 5193}, /* CJK COMPATIBILITY IDEOGRAPH-2F814 */ + {0x2f815, 1, 5194}, /* CJK COMPATIBILITY IDEOGRAPH-2F815 */ + {0x2f816, 1, 5195}, /* CJK COMPATIBILITY IDEOGRAPH-2F816 */ + {0x2f817, 1, 5196}, /* CJK COMPATIBILITY IDEOGRAPH-2F817 */ + {0x2f818, 1, 5197}, /* CJK COMPATIBILITY IDEOGRAPH-2F818 */ + {0x2f819, 1, 5198}, /* CJK COMPATIBILITY IDEOGRAPH-2F819 */ + {0x2f81a, 1, 5199}, /* CJK COMPATIBILITY IDEOGRAPH-2F81A */ + {0x2f81b, 1, 5200}, /* CJK COMPATIBILITY IDEOGRAPH-2F81B */ + {0x2f81c, 1, 5201}, /* CJK COMPATIBILITY IDEOGRAPH-2F81C */ + {0x2f81d, 1, 2389}, /* CJK COMPATIBILITY IDEOGRAPH-2F81D */ + {0x2f81e, 1, 5202}, /* CJK COMPATIBILITY IDEOGRAPH-2F81E */ + {0x2f81f, 1, 5203}, /* CJK COMPATIBILITY IDEOGRAPH-2F81F */ + {0x2f820, 1, 5204}, /* CJK COMPATIBILITY IDEOGRAPH-2F820 */ + {0x2f821, 1, 5205}, /* CJK COMPATIBILITY IDEOGRAPH-2F821 */ + {0x2f822, 1, 5206}, /* CJK COMPATIBILITY IDEOGRAPH-2F822 */ + {0x2f823, 1, 5207}, /* CJK COMPATIBILITY IDEOGRAPH-2F823 */ + {0x2f824, 1, 5208}, /* CJK COMPATIBILITY IDEOGRAPH-2F824 */ + {0x2f825, 1, 5209}, /* CJK COMPATIBILITY IDEOGRAPH-2F825 */ + {0x2f826, 1, 4145}, /* CJK COMPATIBILITY IDEOGRAPH-2F826 */ + {0x2f827, 1, 4146}, /* CJK COMPATIBILITY IDEOGRAPH-2F827 */ + {0x2f828, 1, 5210}, /* CJK COMPATIBILITY IDEOGRAPH-2F828 */ + {0x2f829, 1, 5211}, /* CJK COMPATIBILITY IDEOGRAPH-2F829 */ + {0x2f82a, 1, 5212}, /* CJK COMPATIBILITY IDEOGRAPH-2F82A */ + {0x2f82b, 1, 3965}, /* CJK COMPATIBILITY IDEOGRAPH-2F82B */ + {0x2f82c, 1, 5213}, /* CJK COMPATIBILITY IDEOGRAPH-2F82C */ + {0x2f82d, 1, 4147}, /* CJK COMPATIBILITY IDEOGRAPH-2F82D */ + {0x2f82e, 1, 5214}, /* CJK COMPATIBILITY IDEOGRAPH-2F82E */ + {0x2f82f, 1, 5215}, /* CJK COMPATIBILITY IDEOGRAPH-2F82F */ + {0x2f830, 1, 5216}, /* CJK COMPATIBILITY IDEOGRAPH-2F830 */ + {0x2f831, 1, 5217}, /* CJK COMPATIBILITY IDEOGRAPH-2F831 */ + {0x2f832, 1, 5217}, /* CJK COMPATIBILITY IDEOGRAPH-2F832 */ + {0x2f833, 1, 5217}, /* CJK COMPATIBILITY IDEOGRAPH-2F833 */ + {0x2f834, 1, 5218}, /* CJK COMPATIBILITY IDEOGRAPH-2F834 */ + {0x2f835, 1, 5219}, /* CJK COMPATIBILITY IDEOGRAPH-2F835 */ + {0x2f836, 1, 5220}, /* CJK COMPATIBILITY IDEOGRAPH-2F836 */ + {0x2f837, 1, 5221}, /* CJK COMPATIBILITY IDEOGRAPH-2F837 */ + {0x2f838, 1, 5222}, /* CJK COMPATIBILITY IDEOGRAPH-2F838 */ + {0x2f839, 1, 5223}, /* CJK COMPATIBILITY IDEOGRAPH-2F839 */ + {0x2f83a, 1, 5224}, /* CJK COMPATIBILITY IDEOGRAPH-2F83A */ + {0x2f83b, 1, 5225}, /* CJK COMPATIBILITY IDEOGRAPH-2F83B */ + {0x2f83c, 1, 5226}, /* CJK COMPATIBILITY IDEOGRAPH-2F83C */ + {0x2f83d, 1, 5227}, /* CJK COMPATIBILITY IDEOGRAPH-2F83D */ + {0x2f83e, 1, 5228}, /* CJK COMPATIBILITY IDEOGRAPH-2F83E */ + {0x2f83f, 1, 5229}, /* CJK COMPATIBILITY IDEOGRAPH-2F83F */ + {0x2f840, 1, 5230}, /* CJK COMPATIBILITY IDEOGRAPH-2F840 */ + {0x2f841, 1, 5231}, /* CJK COMPATIBILITY IDEOGRAPH-2F841 */ + {0x2f842, 1, 5232}, /* CJK COMPATIBILITY IDEOGRAPH-2F842 */ + {0x2f843, 1, 5233}, /* CJK COMPATIBILITY IDEOGRAPH-2F843 */ + {0x2f844, 1, 5234}, /* CJK COMPATIBILITY IDEOGRAPH-2F844 */ + {0x2f845, 1, 5235}, /* CJK COMPATIBILITY IDEOGRAPH-2F845 */ + {0x2f846, 1, 5235}, /* CJK COMPATIBILITY IDEOGRAPH-2F846 */ + {0x2f847, 1, 5236}, /* CJK COMPATIBILITY IDEOGRAPH-2F847 */ + {0x2f848, 1, 5237}, /* CJK COMPATIBILITY IDEOGRAPH-2F848 */ + {0x2f849, 1, 5238}, /* CJK COMPATIBILITY IDEOGRAPH-2F849 */ + {0x2f84a, 1, 5239}, /* CJK COMPATIBILITY IDEOGRAPH-2F84A */ + {0x2f84b, 1, 5240}, /* CJK COMPATIBILITY IDEOGRAPH-2F84B */ + {0x2f84c, 1, 4149}, /* CJK COMPATIBILITY IDEOGRAPH-2F84C */ + {0x2f84d, 1, 5241}, /* CJK COMPATIBILITY IDEOGRAPH-2F84D */ + {0x2f84e, 1, 5242}, /* CJK COMPATIBILITY IDEOGRAPH-2F84E */ + {0x2f84f, 1, 5243}, /* CJK COMPATIBILITY IDEOGRAPH-2F84F */ + {0x2f850, 1, 4111}, /* CJK COMPATIBILITY IDEOGRAPH-2F850 */ + {0x2f851, 1, 5244}, /* CJK COMPATIBILITY IDEOGRAPH-2F851 */ + {0x2f852, 1, 5245}, /* CJK COMPATIBILITY IDEOGRAPH-2F852 */ + {0x2f853, 1, 5246}, /* CJK COMPATIBILITY IDEOGRAPH-2F853 */ + {0x2f854, 1, 5247}, /* CJK COMPATIBILITY IDEOGRAPH-2F854 */ + {0x2f855, 1, 5248}, /* CJK COMPATIBILITY IDEOGRAPH-2F855 */ + {0x2f856, 1, 5249}, /* CJK COMPATIBILITY IDEOGRAPH-2F856 */ + {0x2f857, 1, 5250}, /* CJK COMPATIBILITY IDEOGRAPH-2F857 */ + {0x2f858, 1, 5251}, /* CJK COMPATIBILITY IDEOGRAPH-2F858 */ + {0x2f859, 1, 5252}, /* CJK COMPATIBILITY IDEOGRAPH-2F859 */ + {0x2f85a, 1, 5253}, /* CJK COMPATIBILITY IDEOGRAPH-2F85A */ + {0x2f85b, 1, 5254}, /* CJK COMPATIBILITY IDEOGRAPH-2F85B */ + {0x2f85c, 1, 5255}, /* CJK COMPATIBILITY IDEOGRAPH-2F85C */ + {0x2f85d, 1, 5256}, /* CJK COMPATIBILITY IDEOGRAPH-2F85D */ + {0x2f85e, 1, 5257}, /* CJK COMPATIBILITY IDEOGRAPH-2F85E */ + {0x2f85f, 1, 5258}, /* CJK COMPATIBILITY IDEOGRAPH-2F85F */ + {0x2f860, 1, 5259}, /* CJK COMPATIBILITY IDEOGRAPH-2F860 */ + {0x2f861, 1, 5260}, /* CJK COMPATIBILITY IDEOGRAPH-2F861 */ + {0x2f862, 1, 5261}, /* CJK COMPATIBILITY IDEOGRAPH-2F862 */ + {0x2f863, 1, 5262}, /* CJK COMPATIBILITY IDEOGRAPH-2F863 */ + {0x2f864, 1, 5263}, /* CJK COMPATIBILITY IDEOGRAPH-2F864 */ + {0x2f865, 1, 5264}, /* CJK COMPATIBILITY IDEOGRAPH-2F865 */ + {0x2f866, 1, 5265}, /* CJK COMPATIBILITY IDEOGRAPH-2F866 */ + {0x2f867, 1, 5266}, /* CJK COMPATIBILITY IDEOGRAPH-2F867 */ + {0x2f868, 1, 5267}, /* CJK COMPATIBILITY IDEOGRAPH-2F868 */ + {0x2f869, 1, 5268}, /* CJK COMPATIBILITY IDEOGRAPH-2F869 */ + {0x2f86a, 1, 5269}, /* CJK COMPATIBILITY IDEOGRAPH-2F86A */ + {0x2f86b, 1, 5269}, /* CJK COMPATIBILITY IDEOGRAPH-2F86B */ + {0x2f86c, 1, 5270}, /* CJK COMPATIBILITY IDEOGRAPH-2F86C */ + {0x2f86d, 1, 5271}, /* CJK COMPATIBILITY IDEOGRAPH-2F86D */ + {0x2f86e, 1, 5272}, /* CJK COMPATIBILITY IDEOGRAPH-2F86E */ + {0x2f86f, 1, 3961}, /* CJK COMPATIBILITY IDEOGRAPH-2F86F */ + {0x2f870, 1, 5273}, /* CJK COMPATIBILITY IDEOGRAPH-2F870 */ + {0x2f871, 1, 5274}, /* CJK COMPATIBILITY IDEOGRAPH-2F871 */ + {0x2f872, 1, 5275}, /* CJK COMPATIBILITY IDEOGRAPH-2F872 */ + {0x2f873, 1, 5276}, /* CJK COMPATIBILITY IDEOGRAPH-2F873 */ + {0x2f874, 1, 5277}, /* CJK COMPATIBILITY IDEOGRAPH-2F874 */ + {0x2f875, 1, 2415}, /* CJK COMPATIBILITY IDEOGRAPH-2F875 */ + {0x2f876, 1, 5278}, /* CJK COMPATIBILITY IDEOGRAPH-2F876 */ + {0x2f877, 1, 5279}, /* CJK COMPATIBILITY IDEOGRAPH-2F877 */ + {0x2f878, 1, 2417}, /* CJK COMPATIBILITY IDEOGRAPH-2F878 */ + {0x2f879, 1, 5280}, /* CJK COMPATIBILITY IDEOGRAPH-2F879 */ + {0x2f87a, 1, 5281}, /* CJK COMPATIBILITY IDEOGRAPH-2F87A */ + {0x2f87b, 1, 5282}, /* CJK COMPATIBILITY IDEOGRAPH-2F87B */ + {0x2f87c, 1, 5283}, /* CJK COMPATIBILITY IDEOGRAPH-2F87C */ + {0x2f87d, 1, 5284}, /* CJK COMPATIBILITY IDEOGRAPH-2F87D */ + {0x2f87e, 1, 5285}, /* CJK COMPATIBILITY IDEOGRAPH-2F87E */ + {0x2f87f, 1, 5286}, /* CJK COMPATIBILITY IDEOGRAPH-2F87F */ + {0x2f880, 1, 5287}, /* CJK COMPATIBILITY IDEOGRAPH-2F880 */ + {0x2f881, 1, 5288}, /* CJK COMPATIBILITY IDEOGRAPH-2F881 */ + {0x2f882, 1, 5289}, /* CJK COMPATIBILITY IDEOGRAPH-2F882 */ + {0x2f883, 1, 5290}, /* CJK COMPATIBILITY IDEOGRAPH-2F883 */ + {0x2f884, 1, 5291}, /* CJK COMPATIBILITY IDEOGRAPH-2F884 */ + {0x2f885, 1, 5292}, /* CJK COMPATIBILITY IDEOGRAPH-2F885 */ + {0x2f886, 1, 5293}, /* CJK COMPATIBILITY IDEOGRAPH-2F886 */ + {0x2f887, 1, 5294}, /* CJK COMPATIBILITY IDEOGRAPH-2F887 */ + {0x2f888, 1, 5295}, /* CJK COMPATIBILITY IDEOGRAPH-2F888 */ + {0x2f889, 1, 5296}, /* CJK COMPATIBILITY IDEOGRAPH-2F889 */ + {0x2f88a, 1, 5297}, /* CJK COMPATIBILITY IDEOGRAPH-2F88A */ + {0x2f88b, 1, 5298}, /* CJK COMPATIBILITY IDEOGRAPH-2F88B */ + {0x2f88c, 1, 5299}, /* CJK COMPATIBILITY IDEOGRAPH-2F88C */ + {0x2f88d, 1, 5300}, /* CJK COMPATIBILITY IDEOGRAPH-2F88D */ + {0x2f88e, 1, 3909}, /* CJK COMPATIBILITY IDEOGRAPH-2F88E */ + {0x2f88f, 1, 5301}, /* CJK COMPATIBILITY IDEOGRAPH-2F88F */ + {0x2f890, 1, 2427}, /* CJK COMPATIBILITY IDEOGRAPH-2F890 */ + {0x2f891, 1, 5302}, /* CJK COMPATIBILITY IDEOGRAPH-2F891 */ + {0x2f892, 1, 5302}, /* CJK COMPATIBILITY IDEOGRAPH-2F892 */ + {0x2f893, 1, 5303}, /* CJK COMPATIBILITY IDEOGRAPH-2F893 */ + {0x2f894, 1, 5304}, /* CJK COMPATIBILITY IDEOGRAPH-2F894 */ + {0x2f895, 1, 5304}, /* CJK COMPATIBILITY IDEOGRAPH-2F895 */ + {0x2f896, 1, 5305}, /* CJK COMPATIBILITY IDEOGRAPH-2F896 */ + {0x2f897, 1, 5306}, /* CJK COMPATIBILITY IDEOGRAPH-2F897 */ + {0x2f898, 1, 5307}, /* CJK COMPATIBILITY IDEOGRAPH-2F898 */ + {0x2f899, 1, 5308}, /* CJK COMPATIBILITY IDEOGRAPH-2F899 */ + {0x2f89a, 1, 5309}, /* CJK COMPATIBILITY IDEOGRAPH-2F89A */ + {0x2f89b, 1, 5310}, /* CJK COMPATIBILITY IDEOGRAPH-2F89B */ + {0x2f89c, 1, 5311}, /* CJK COMPATIBILITY IDEOGRAPH-2F89C */ + {0x2f89d, 1, 5312}, /* CJK COMPATIBILITY IDEOGRAPH-2F89D */ + {0x2f89e, 1, 5313}, /* CJK COMPATIBILITY IDEOGRAPH-2F89E */ + {0x2f89f, 1, 5314}, /* CJK COMPATIBILITY IDEOGRAPH-2F89F */ + {0x2f8a0, 1, 5315}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A0 */ + {0x2f8a1, 1, 5316}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A1 */ + {0x2f8a2, 1, 5317}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A2 */ + {0x2f8a3, 1, 4154}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A3 */ + {0x2f8a4, 1, 5318}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A4 */ + {0x2f8a5, 1, 5319}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A5 */ + {0x2f8a6, 1, 5320}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A6 */ + {0x2f8a7, 1, 5321}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A7 */ + {0x2f8a8, 1, 5322}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A8 */ + {0x2f8a9, 1, 5321}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A9 */ + {0x2f8aa, 1, 5323}, /* CJK COMPATIBILITY IDEOGRAPH-2F8AA */ + {0x2f8ab, 1, 4156}, /* CJK COMPATIBILITY IDEOGRAPH-2F8AB */ + {0x2f8ac, 1, 5324}, /* CJK COMPATIBILITY IDEOGRAPH-2F8AC */ + {0x2f8ad, 1, 5325}, /* CJK COMPATIBILITY IDEOGRAPH-2F8AD */ + {0x2f8ae, 1, 5326}, /* CJK COMPATIBILITY IDEOGRAPH-2F8AE */ + {0x2f8af, 1, 5327}, /* CJK COMPATIBILITY IDEOGRAPH-2F8AF */ + {0x2f8b0, 1, 4157}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B0 */ + {0x2f8b1, 1, 3882}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B1 */ + {0x2f8b2, 1, 3553}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B2 */ + {0x2f8b3, 1, 5328}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B3 */ + {0x2f8b4, 1, 5329}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B4 */ + {0x2f8b5, 1, 5330}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B5 */ + {0x2f8b6, 1, 5331}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B6 */ + {0x2f8b7, 1, 5332}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B7 */ + {0x2f8b8, 1, 5333}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B8 */ + {0x2f8b9, 1, 5334}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B9 */ + {0x2f8ba, 1, 5335}, /* CJK COMPATIBILITY IDEOGRAPH-2F8BA */ + {0x2f8bb, 1, 5336}, /* CJK COMPATIBILITY IDEOGRAPH-2F8BB */ + {0x2f8bc, 1, 5337}, /* CJK COMPATIBILITY IDEOGRAPH-2F8BC */ + {0x2f8bd, 1, 5338}, /* CJK COMPATIBILITY IDEOGRAPH-2F8BD */ + {0x2f8be, 1, 5339}, /* CJK COMPATIBILITY IDEOGRAPH-2F8BE */ + {0x2f8bf, 1, 5340}, /* CJK COMPATIBILITY IDEOGRAPH-2F8BF */ + {0x2f8c0, 1, 5341}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C0 */ + {0x2f8c1, 1, 5342}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C1 */ + {0x2f8c2, 1, 5343}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C2 */ + {0x2f8c3, 1, 5344}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C3 */ + {0x2f8c4, 1, 5345}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C4 */ + {0x2f8c5, 1, 5346}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C5 */ + {0x2f8c6, 1, 5347}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C6 */ + {0x2f8c7, 1, 5348}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C7 */ + {0x2f8c8, 1, 4158}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C8 */ + {0x2f8c9, 1, 5349}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C9 */ + {0x2f8ca, 1, 5350}, /* CJK COMPATIBILITY IDEOGRAPH-2F8CA */ + {0x2f8cb, 1, 5351}, /* CJK COMPATIBILITY IDEOGRAPH-2F8CB */ + {0x2f8cc, 1, 5352}, /* CJK COMPATIBILITY IDEOGRAPH-2F8CC */ + {0x2f8cd, 1, 5353}, /* CJK COMPATIBILITY IDEOGRAPH-2F8CD */ + {0x2f8ce, 1, 5354}, /* CJK COMPATIBILITY IDEOGRAPH-2F8CE */ + {0x2f8cf, 1, 4160}, /* CJK COMPATIBILITY IDEOGRAPH-2F8CF */ + {0x2f8d0, 1, 5355}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D0 */ + {0x2f8d1, 1, 5356}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D1 */ + {0x2f8d2, 1, 5357}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D2 */ + {0x2f8d3, 1, 5358}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D3 */ + {0x2f8d4, 1, 5359}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D4 */ + {0x2f8d5, 1, 5360}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D5 */ + {0x2f8d6, 1, 5361}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D6 */ + {0x2f8d7, 1, 5362}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D7 */ + {0x2f8d8, 1, 3910}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D8 */ + {0x2f8d9, 1, 5363}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D9 */ + {0x2f8da, 1, 5364}, /* CJK COMPATIBILITY IDEOGRAPH-2F8DA */ + {0x2f8db, 1, 5365}, /* CJK COMPATIBILITY IDEOGRAPH-2F8DB */ + {0x2f8dc, 1, 5366}, /* CJK COMPATIBILITY IDEOGRAPH-2F8DC */ + {0x2f8dd, 1, 5367}, /* CJK COMPATIBILITY IDEOGRAPH-2F8DD */ + {0x2f8de, 1, 5368}, /* CJK COMPATIBILITY IDEOGRAPH-2F8DE */ + {0x2f8df, 1, 5369}, /* CJK COMPATIBILITY IDEOGRAPH-2F8DF */ + {0x2f8e0, 1, 5370}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E0 */ + {0x2f8e1, 1, 5371}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E1 */ + {0x2f8e2, 1, 4161}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E2 */ + {0x2f8e3, 1, 5372}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E3 */ + {0x2f8e4, 1, 5373}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E4 */ + {0x2f8e5, 1, 5374}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E5 */ + {0x2f8e6, 1, 5375}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E6 */ + {0x2f8e7, 1, 5376}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E7 */ + {0x2f8e8, 1, 5377}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E8 */ + {0x2f8e9, 1, 5378}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E9 */ + {0x2f8ea, 1, 5379}, /* CJK COMPATIBILITY IDEOGRAPH-2F8EA */ + {0x2f8eb, 1, 5380}, /* CJK COMPATIBILITY IDEOGRAPH-2F8EB */ + {0x2f8ec, 1, 5381}, /* CJK COMPATIBILITY IDEOGRAPH-2F8EC */ + {0x2f8ed, 1, 5382}, /* CJK COMPATIBILITY IDEOGRAPH-2F8ED */ + {0x2f8ee, 1, 5383}, /* CJK COMPATIBILITY IDEOGRAPH-2F8EE */ + {0x2f8ef, 1, 5384}, /* CJK COMPATIBILITY IDEOGRAPH-2F8EF */ + {0x2f8f0, 1, 5385}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F0 */ + {0x2f8f1, 1, 5386}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F1 */ + {0x2f8f2, 1, 5387}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F2 */ + {0x2f8f3, 1, 5388}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F3 */ + {0x2f8f4, 1, 5389}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F4 */ + {0x2f8f5, 1, 3978}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F5 */ + {0x2f8f6, 1, 5390}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F6 */ + {0x2f8f7, 1, 5391}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F7 */ + {0x2f8f8, 1, 5392}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F8 */ + {0x2f8f9, 1, 5393}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F9 */ + {0x2f8fa, 1, 5394}, /* CJK COMPATIBILITY IDEOGRAPH-2F8FA */ + {0x2f8fb, 1, 5395}, /* CJK COMPATIBILITY IDEOGRAPH-2F8FB */ + {0x2f8fc, 1, 5396}, /* CJK COMPATIBILITY IDEOGRAPH-2F8FC */ + {0x2f8fd, 1, 5397}, /* CJK COMPATIBILITY IDEOGRAPH-2F8FD */ + {0x2f8fe, 1, 5398}, /* CJK COMPATIBILITY IDEOGRAPH-2F8FE */ + {0x2f8ff, 1, 5399}, /* CJK COMPATIBILITY IDEOGRAPH-2F8FF */ + {0x2f900, 1, 5400}, /* CJK COMPATIBILITY IDEOGRAPH-2F900 */ + {0x2f901, 1, 4162}, /* CJK COMPATIBILITY IDEOGRAPH-2F901 */ + {0x2f902, 1, 4061}, /* CJK COMPATIBILITY IDEOGRAPH-2F902 */ + {0x2f903, 1, 5401}, /* CJK COMPATIBILITY IDEOGRAPH-2F903 */ + {0x2f904, 1, 5402}, /* CJK COMPATIBILITY IDEOGRAPH-2F904 */ + {0x2f905, 1, 5403}, /* CJK COMPATIBILITY IDEOGRAPH-2F905 */ + {0x2f906, 1, 5404}, /* CJK COMPATIBILITY IDEOGRAPH-2F906 */ + {0x2f907, 1, 5405}, /* CJK COMPATIBILITY IDEOGRAPH-2F907 */ + {0x2f908, 1, 5406}, /* CJK COMPATIBILITY IDEOGRAPH-2F908 */ + {0x2f909, 1, 5407}, /* CJK COMPATIBILITY IDEOGRAPH-2F909 */ + {0x2f90a, 1, 5408}, /* CJK COMPATIBILITY IDEOGRAPH-2F90A */ + {0x2f90b, 1, 5409}, /* CJK COMPATIBILITY IDEOGRAPH-2F90B */ + {0x2f90c, 1, 5410}, /* CJK COMPATIBILITY IDEOGRAPH-2F90C */ + {0x2f90d, 1, 5411}, /* CJK COMPATIBILITY IDEOGRAPH-2F90D */ + {0x2f90e, 1, 5412}, /* CJK COMPATIBILITY IDEOGRAPH-2F90E */ + {0x2f90f, 1, 5413}, /* CJK COMPATIBILITY IDEOGRAPH-2F90F */ + {0x2f910, 1, 5414}, /* CJK COMPATIBILITY IDEOGRAPH-2F910 */ + {0x2f911, 1, 5415}, /* CJK COMPATIBILITY IDEOGRAPH-2F911 */ + {0x2f912, 1, 5416}, /* CJK COMPATIBILITY IDEOGRAPH-2F912 */ + {0x2f913, 1, 5417}, /* CJK COMPATIBILITY IDEOGRAPH-2F913 */ + {0x2f914, 1, 5418}, /* CJK COMPATIBILITY IDEOGRAPH-2F914 */ + {0x2f915, 1, 5419}, /* CJK COMPATIBILITY IDEOGRAPH-2F915 */ + {0x2f916, 1, 5420}, /* CJK COMPATIBILITY IDEOGRAPH-2F916 */ + {0x2f917, 1, 5421}, /* CJK COMPATIBILITY IDEOGRAPH-2F917 */ + {0x2f918, 1, 5422}, /* CJK COMPATIBILITY IDEOGRAPH-2F918 */ + {0x2f919, 1, 5423}, /* CJK COMPATIBILITY IDEOGRAPH-2F919 */ + {0x2f91a, 1, 5424}, /* CJK COMPATIBILITY IDEOGRAPH-2F91A */ + {0x2f91b, 1, 5425}, /* CJK COMPATIBILITY IDEOGRAPH-2F91B */ + {0x2f91c, 1, 5426}, /* CJK COMPATIBILITY IDEOGRAPH-2F91C */ + {0x2f91d, 1, 5427}, /* CJK COMPATIBILITY IDEOGRAPH-2F91D */ + {0x2f91e, 1, 5428}, /* CJK COMPATIBILITY IDEOGRAPH-2F91E */ + {0x2f91f, 1, 5429}, /* CJK COMPATIBILITY IDEOGRAPH-2F91F */ + {0x2f920, 1, 5430}, /* CJK COMPATIBILITY IDEOGRAPH-2F920 */ + {0x2f921, 1, 5431}, /* CJK COMPATIBILITY IDEOGRAPH-2F921 */ + {0x2f922, 1, 5432}, /* CJK COMPATIBILITY IDEOGRAPH-2F922 */ + {0x2f923, 1, 5433}, /* CJK COMPATIBILITY IDEOGRAPH-2F923 */ + {0x2f924, 1, 5434}, /* CJK COMPATIBILITY IDEOGRAPH-2F924 */ + {0x2f925, 1, 5435}, /* CJK COMPATIBILITY IDEOGRAPH-2F925 */ + {0x2f926, 1, 5436}, /* CJK COMPATIBILITY IDEOGRAPH-2F926 */ + {0x2f927, 1, 5437}, /* CJK COMPATIBILITY IDEOGRAPH-2F927 */ + {0x2f928, 1, 5438}, /* CJK COMPATIBILITY IDEOGRAPH-2F928 */ + {0x2f929, 1, 5439}, /* CJK COMPATIBILITY IDEOGRAPH-2F929 */ + {0x2f92a, 1, 5440}, /* CJK COMPATIBILITY IDEOGRAPH-2F92A */ + {0x2f92b, 1, 5441}, /* CJK COMPATIBILITY IDEOGRAPH-2F92B */ + {0x2f92c, 1, 5442}, /* CJK COMPATIBILITY IDEOGRAPH-2F92C */ + {0x2f92d, 1, 5442}, /* CJK COMPATIBILITY IDEOGRAPH-2F92D */ + {0x2f92e, 1, 5443}, /* CJK COMPATIBILITY IDEOGRAPH-2F92E */ + {0x2f92f, 1, 5444}, /* CJK COMPATIBILITY IDEOGRAPH-2F92F */ + {0x2f930, 1, 5445}, /* CJK COMPATIBILITY IDEOGRAPH-2F930 */ + {0x2f931, 1, 5446}, /* CJK COMPATIBILITY IDEOGRAPH-2F931 */ + {0x2f932, 1, 5447}, /* CJK COMPATIBILITY IDEOGRAPH-2F932 */ + {0x2f933, 1, 5448}, /* CJK COMPATIBILITY IDEOGRAPH-2F933 */ + {0x2f934, 1, 5449}, /* CJK COMPATIBILITY IDEOGRAPH-2F934 */ + {0x2f935, 1, 5450}, /* CJK COMPATIBILITY IDEOGRAPH-2F935 */ + {0x2f936, 1, 5451}, /* CJK COMPATIBILITY IDEOGRAPH-2F936 */ + {0x2f937, 1, 5452}, /* CJK COMPATIBILITY IDEOGRAPH-2F937 */ + {0x2f938, 1, 3964}, /* CJK COMPATIBILITY IDEOGRAPH-2F938 */ + {0x2f939, 1, 5453}, /* CJK COMPATIBILITY IDEOGRAPH-2F939 */ + {0x2f93a, 1, 5454}, /* CJK COMPATIBILITY IDEOGRAPH-2F93A */ + {0x2f93b, 1, 5455}, /* CJK COMPATIBILITY IDEOGRAPH-2F93B */ + {0x2f93c, 1, 5456}, /* CJK COMPATIBILITY IDEOGRAPH-2F93C */ + {0x2f93d, 1, 5457}, /* CJK COMPATIBILITY IDEOGRAPH-2F93D */ + {0x2f93e, 1, 5458}, /* CJK COMPATIBILITY IDEOGRAPH-2F93E */ + {0x2f93f, 1, 5459}, /* CJK COMPATIBILITY IDEOGRAPH-2F93F */ + {0x2f940, 1, 5460}, /* CJK COMPATIBILITY IDEOGRAPH-2F940 */ + {0x2f941, 1, 5461}, /* CJK COMPATIBILITY IDEOGRAPH-2F941 */ + {0x2f942, 1, 5462}, /* CJK COMPATIBILITY IDEOGRAPH-2F942 */ + {0x2f943, 1, 5463}, /* CJK COMPATIBILITY IDEOGRAPH-2F943 */ + {0x2f944, 1, 5464}, /* CJK COMPATIBILITY IDEOGRAPH-2F944 */ + {0x2f945, 1, 5465}, /* CJK COMPATIBILITY IDEOGRAPH-2F945 */ + {0x2f946, 1, 5466}, /* CJK COMPATIBILITY IDEOGRAPH-2F946 */ + {0x2f947, 1, 5466}, /* CJK COMPATIBILITY IDEOGRAPH-2F947 */ + {0x2f948, 1, 5467}, /* CJK COMPATIBILITY IDEOGRAPH-2F948 */ + {0x2f949, 1, 5468}, /* CJK COMPATIBILITY IDEOGRAPH-2F949 */ + {0x2f94a, 1, 5469}, /* CJK COMPATIBILITY IDEOGRAPH-2F94A */ + {0x2f94b, 1, 5470}, /* CJK COMPATIBILITY IDEOGRAPH-2F94B */ + {0x2f94c, 1, 5471}, /* CJK COMPATIBILITY IDEOGRAPH-2F94C */ + {0x2f94d, 1, 5472}, /* CJK COMPATIBILITY IDEOGRAPH-2F94D */ + {0x2f94e, 1, 5473}, /* CJK COMPATIBILITY IDEOGRAPH-2F94E */ + {0x2f94f, 1, 3927}, /* CJK COMPATIBILITY IDEOGRAPH-2F94F */ + {0x2f950, 1, 5474}, /* CJK COMPATIBILITY IDEOGRAPH-2F950 */ + {0x2f951, 1, 5475}, /* CJK COMPATIBILITY IDEOGRAPH-2F951 */ + {0x2f952, 1, 5476}, /* CJK COMPATIBILITY IDEOGRAPH-2F952 */ + {0x2f953, 1, 4172}, /* CJK COMPATIBILITY IDEOGRAPH-2F953 */ + {0x2f954, 1, 5477}, /* CJK COMPATIBILITY IDEOGRAPH-2F954 */ + {0x2f955, 1, 5478}, /* CJK COMPATIBILITY IDEOGRAPH-2F955 */ + {0x2f956, 1, 4131}, /* CJK COMPATIBILITY IDEOGRAPH-2F956 */ + {0x2f957, 1, 5479}, /* CJK COMPATIBILITY IDEOGRAPH-2F957 */ + {0x2f958, 1, 5480}, /* CJK COMPATIBILITY IDEOGRAPH-2F958 */ + {0x2f959, 1, 4175}, /* CJK COMPATIBILITY IDEOGRAPH-2F959 */ + {0x2f95a, 1, 5481}, /* CJK COMPATIBILITY IDEOGRAPH-2F95A */ + {0x2f95b, 1, 5482}, /* CJK COMPATIBILITY IDEOGRAPH-2F95B */ + {0x2f95c, 1, 5483}, /* CJK COMPATIBILITY IDEOGRAPH-2F95C */ + {0x2f95d, 1, 5484}, /* CJK COMPATIBILITY IDEOGRAPH-2F95D */ + {0x2f95e, 1, 5484}, /* CJK COMPATIBILITY IDEOGRAPH-2F95E */ + {0x2f95f, 1, 5485}, /* CJK COMPATIBILITY IDEOGRAPH-2F95F */ + {0x2f960, 1, 5486}, /* CJK COMPATIBILITY IDEOGRAPH-2F960 */ + {0x2f961, 1, 5487}, /* CJK COMPATIBILITY IDEOGRAPH-2F961 */ + {0x2f962, 1, 5488}, /* CJK COMPATIBILITY IDEOGRAPH-2F962 */ + {0x2f963, 1, 5489}, /* CJK COMPATIBILITY IDEOGRAPH-2F963 */ + {0x2f964, 1, 5490}, /* CJK COMPATIBILITY IDEOGRAPH-2F964 */ + {0x2f965, 1, 5491}, /* CJK COMPATIBILITY IDEOGRAPH-2F965 */ + {0x2f966, 1, 5492}, /* CJK COMPATIBILITY IDEOGRAPH-2F966 */ + {0x2f967, 1, 5493}, /* CJK COMPATIBILITY IDEOGRAPH-2F967 */ + {0x2f968, 1, 5494}, /* CJK COMPATIBILITY IDEOGRAPH-2F968 */ + {0x2f969, 1, 5495}, /* CJK COMPATIBILITY IDEOGRAPH-2F969 */ + {0x2f96a, 1, 5496}, /* CJK COMPATIBILITY IDEOGRAPH-2F96A */ + {0x2f96b, 1, 5497}, /* CJK COMPATIBILITY IDEOGRAPH-2F96B */ + {0x2f96c, 1, 5498}, /* CJK COMPATIBILITY IDEOGRAPH-2F96C */ + {0x2f96d, 1, 5499}, /* CJK COMPATIBILITY IDEOGRAPH-2F96D */ + {0x2f96e, 1, 5500}, /* CJK COMPATIBILITY IDEOGRAPH-2F96E */ + {0x2f96f, 1, 5501}, /* CJK COMPATIBILITY IDEOGRAPH-2F96F */ + {0x2f970, 1, 5502}, /* CJK COMPATIBILITY IDEOGRAPH-2F970 */ + {0x2f971, 1, 5503}, /* CJK COMPATIBILITY IDEOGRAPH-2F971 */ + {0x2f972, 1, 5504}, /* CJK COMPATIBILITY IDEOGRAPH-2F972 */ + {0x2f973, 1, 5505}, /* CJK COMPATIBILITY IDEOGRAPH-2F973 */ + {0x2f974, 1, 5506}, /* CJK COMPATIBILITY IDEOGRAPH-2F974 */ + {0x2f975, 1, 5507}, /* CJK COMPATIBILITY IDEOGRAPH-2F975 */ + {0x2f976, 1, 5508}, /* CJK COMPATIBILITY IDEOGRAPH-2F976 */ + {0x2f977, 1, 5509}, /* CJK COMPATIBILITY IDEOGRAPH-2F977 */ + {0x2f978, 1, 5510}, /* CJK COMPATIBILITY IDEOGRAPH-2F978 */ + {0x2f979, 1, 5511}, /* CJK COMPATIBILITY IDEOGRAPH-2F979 */ + {0x2f97a, 1, 4181}, /* CJK COMPATIBILITY IDEOGRAPH-2F97A */ + {0x2f97b, 1, 5512}, /* CJK COMPATIBILITY IDEOGRAPH-2F97B */ + {0x2f97c, 1, 5513}, /* CJK COMPATIBILITY IDEOGRAPH-2F97C */ + {0x2f97d, 1, 5514}, /* CJK COMPATIBILITY IDEOGRAPH-2F97D */ + {0x2f97e, 1, 5515}, /* CJK COMPATIBILITY IDEOGRAPH-2F97E */ + {0x2f97f, 1, 5516}, /* CJK COMPATIBILITY IDEOGRAPH-2F97F */ + {0x2f980, 1, 5517}, /* CJK COMPATIBILITY IDEOGRAPH-2F980 */ + {0x2f981, 1, 5518}, /* CJK COMPATIBILITY IDEOGRAPH-2F981 */ + {0x2f982, 1, 5519}, /* CJK COMPATIBILITY IDEOGRAPH-2F982 */ + {0x2f983, 1, 5520}, /* CJK COMPATIBILITY IDEOGRAPH-2F983 */ + {0x2f984, 1, 5521}, /* CJK COMPATIBILITY IDEOGRAPH-2F984 */ + {0x2f985, 1, 5522}, /* CJK COMPATIBILITY IDEOGRAPH-2F985 */ + {0x2f986, 1, 5523}, /* CJK COMPATIBILITY IDEOGRAPH-2F986 */ + {0x2f987, 1, 5524}, /* CJK COMPATIBILITY IDEOGRAPH-2F987 */ + {0x2f988, 1, 5525}, /* CJK COMPATIBILITY IDEOGRAPH-2F988 */ + {0x2f989, 1, 5526}, /* CJK COMPATIBILITY IDEOGRAPH-2F989 */ + {0x2f98a, 1, 5527}, /* CJK COMPATIBILITY IDEOGRAPH-2F98A */ + {0x2f98b, 1, 5303}, /* CJK COMPATIBILITY IDEOGRAPH-2F98B */ + {0x2f98c, 1, 5528}, /* CJK COMPATIBILITY IDEOGRAPH-2F98C */ + {0x2f98d, 1, 5529}, /* CJK COMPATIBILITY IDEOGRAPH-2F98D */ + {0x2f98e, 1, 5530}, /* CJK COMPATIBILITY IDEOGRAPH-2F98E */ + {0x2f98f, 1, 5531}, /* CJK COMPATIBILITY IDEOGRAPH-2F98F */ + {0x2f990, 1, 5532}, /* CJK COMPATIBILITY IDEOGRAPH-2F990 */ + {0x2f991, 1, 5533}, /* CJK COMPATIBILITY IDEOGRAPH-2F991 */ + {0x2f992, 1, 5534}, /* CJK COMPATIBILITY IDEOGRAPH-2F992 */ + {0x2f993, 1, 5535}, /* CJK COMPATIBILITY IDEOGRAPH-2F993 */ + {0x2f994, 1, 5536}, /* CJK COMPATIBILITY IDEOGRAPH-2F994 */ + {0x2f995, 1, 5537}, /* CJK COMPATIBILITY IDEOGRAPH-2F995 */ + {0x2f996, 1, 5538}, /* CJK COMPATIBILITY IDEOGRAPH-2F996 */ + {0x2f997, 1, 5539}, /* CJK COMPATIBILITY IDEOGRAPH-2F997 */ + {0x2f998, 1, 3981}, /* CJK COMPATIBILITY IDEOGRAPH-2F998 */ + {0x2f999, 1, 5540}, /* CJK COMPATIBILITY IDEOGRAPH-2F999 */ + {0x2f99a, 1, 5541}, /* CJK COMPATIBILITY IDEOGRAPH-2F99A */ + {0x2f99b, 1, 5542}, /* CJK COMPATIBILITY IDEOGRAPH-2F99B */ + {0x2f99c, 1, 5543}, /* CJK COMPATIBILITY IDEOGRAPH-2F99C */ + {0x2f99d, 1, 5544}, /* CJK COMPATIBILITY IDEOGRAPH-2F99D */ + {0x2f99e, 1, 5545}, /* CJK COMPATIBILITY IDEOGRAPH-2F99E */ + {0x2f99f, 1, 4184}, /* CJK COMPATIBILITY IDEOGRAPH-2F99F */ + {0x2f9a0, 1, 5546}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A0 */ + {0x2f9a1, 1, 5547}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A1 */ + {0x2f9a2, 1, 5548}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A2 */ + {0x2f9a3, 1, 5549}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A3 */ + {0x2f9a4, 1, 5550}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A4 */ + {0x2f9a5, 1, 5551}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A5 */ + {0x2f9a6, 1, 5552}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A6 */ + {0x2f9a7, 1, 5553}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A7 */ + {0x2f9a8, 1, 5554}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A8 */ + {0x2f9a9, 1, 5555}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A9 */ + {0x2f9aa, 1, 5556}, /* CJK COMPATIBILITY IDEOGRAPH-2F9AA */ + {0x2f9ab, 1, 5557}, /* CJK COMPATIBILITY IDEOGRAPH-2F9AB */ + {0x2f9ac, 1, 5558}, /* CJK COMPATIBILITY IDEOGRAPH-2F9AC */ + {0x2f9ad, 1, 5559}, /* CJK COMPATIBILITY IDEOGRAPH-2F9AD */ + {0x2f9ae, 1, 5560}, /* CJK COMPATIBILITY IDEOGRAPH-2F9AE */ + {0x2f9af, 1, 5561}, /* CJK COMPATIBILITY IDEOGRAPH-2F9AF */ + {0x2f9b0, 1, 5562}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B0 */ + {0x2f9b1, 1, 5563}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B1 */ + {0x2f9b2, 1, 5564}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B2 */ + {0x2f9b3, 1, 5565}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B3 */ + {0x2f9b4, 1, 3922}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B4 */ + {0x2f9b5, 1, 5566}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B5 */ + {0x2f9b6, 1, 5567}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B6 */ + {0x2f9b7, 1, 5568}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B7 */ + {0x2f9b8, 1, 5569}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B8 */ + {0x2f9b9, 1, 5570}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B9 */ + {0x2f9ba, 1, 5571}, /* CJK COMPATIBILITY IDEOGRAPH-2F9BA */ + {0x2f9bb, 1, 5572}, /* CJK COMPATIBILITY IDEOGRAPH-2F9BB */ + {0x2f9bc, 1, 5573}, /* CJK COMPATIBILITY IDEOGRAPH-2F9BC */ + {0x2f9bd, 1, 5574}, /* CJK COMPATIBILITY IDEOGRAPH-2F9BD */ + {0x2f9be, 1, 5575}, /* CJK COMPATIBILITY IDEOGRAPH-2F9BE */ + {0x2f9bf, 1, 5576}, /* CJK COMPATIBILITY IDEOGRAPH-2F9BF */ + {0x2f9c0, 1, 5577}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C0 */ + {0x2f9c1, 1, 5578}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C1 */ + {0x2f9c2, 1, 5579}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C2 */ + {0x2f9c3, 1, 5580}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C3 */ + {0x2f9c4, 1, 2517}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C4 */ + {0x2f9c5, 1, 5581}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C5 */ + {0x2f9c6, 1, 5582}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C6 */ + {0x2f9c7, 1, 5583}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C7 */ + {0x2f9c8, 1, 5584}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C8 */ + {0x2f9c9, 1, 5585}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C9 */ + {0x2f9ca, 1, 5586}, /* CJK COMPATIBILITY IDEOGRAPH-2F9CA */ + {0x2f9cb, 1, 5587}, /* CJK COMPATIBILITY IDEOGRAPH-2F9CB */ + {0x2f9cc, 1, 5588}, /* CJK COMPATIBILITY IDEOGRAPH-2F9CC */ + {0x2f9cd, 1, 5589}, /* CJK COMPATIBILITY IDEOGRAPH-2F9CD */ + {0x2f9ce, 1, 5590}, /* CJK COMPATIBILITY IDEOGRAPH-2F9CE */ + {0x2f9cf, 1, 5591}, /* CJK COMPATIBILITY IDEOGRAPH-2F9CF */ + {0x2f9d0, 1, 5592}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D0 */ + {0x2f9d1, 1, 5593}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D1 */ + {0x2f9d2, 1, 2524}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D2 */ + {0x2f9d3, 1, 5594}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D3 */ + {0x2f9d4, 1, 5595}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D4 */ + {0x2f9d5, 1, 5596}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D5 */ + {0x2f9d6, 1, 5597}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D6 */ + {0x2f9d7, 1, 5598}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D7 */ + {0x2f9d8, 1, 5599}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D8 */ + {0x2f9d9, 1, 5600}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D9 */ + {0x2f9da, 1, 5601}, /* CJK COMPATIBILITY IDEOGRAPH-2F9DA */ + {0x2f9db, 1, 5602}, /* CJK COMPATIBILITY IDEOGRAPH-2F9DB */ + {0x2f9dc, 1, 5603}, /* CJK COMPATIBILITY IDEOGRAPH-2F9DC */ + {0x2f9dd, 1, 5604}, /* CJK COMPATIBILITY IDEOGRAPH-2F9DD */ + {0x2f9de, 1, 5605}, /* CJK COMPATIBILITY IDEOGRAPH-2F9DE */ + {0x2f9df, 1, 5606}, /* CJK COMPATIBILITY IDEOGRAPH-2F9DF */ + {0x2f9e0, 1, 5607}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E0 */ + {0x2f9e1, 1, 5608}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E1 */ + {0x2f9e2, 1, 5609}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E2 */ + {0x2f9e3, 1, 5610}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E3 */ + {0x2f9e4, 1, 5611}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E4 */ + {0x2f9e5, 1, 5612}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E5 */ + {0x2f9e6, 1, 5613}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E6 */ + {0x2f9e7, 1, 5614}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E7 */ + {0x2f9e8, 1, 5615}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E8 */ + {0x2f9e9, 1, 5616}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E9 */ + {0x2f9ea, 1, 5617}, /* CJK COMPATIBILITY IDEOGRAPH-2F9EA */ + {0x2f9eb, 1, 5618}, /* CJK COMPATIBILITY IDEOGRAPH-2F9EB */ + {0x2f9ec, 1, 5619}, /* CJK COMPATIBILITY IDEOGRAPH-2F9EC */ + {0x2f9ed, 1, 5620}, /* CJK COMPATIBILITY IDEOGRAPH-2F9ED */ + {0x2f9ee, 1, 5621}, /* CJK COMPATIBILITY IDEOGRAPH-2F9EE */ + {0x2f9ef, 1, 5622}, /* CJK COMPATIBILITY IDEOGRAPH-2F9EF */ + {0x2f9f0, 1, 5623}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F0 */ + {0x2f9f1, 1, 5624}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F1 */ + {0x2f9f2, 1, 5625}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F2 */ + {0x2f9f3, 1, 5626}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F3 */ + {0x2f9f4, 1, 5627}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F4 */ + {0x2f9f5, 1, 5628}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F5 */ + {0x2f9f6, 1, 5629}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F6 */ + {0x2f9f7, 1, 5630}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F7 */ + {0x2f9f8, 1, 5631}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F8 */ + {0x2f9f9, 1, 5632}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F9 */ + {0x2f9fa, 1, 5633}, /* CJK COMPATIBILITY IDEOGRAPH-2F9FA */ + {0x2f9fb, 1, 5634}, /* CJK COMPATIBILITY IDEOGRAPH-2F9FB */ + {0x2f9fc, 1, 5635}, /* CJK COMPATIBILITY IDEOGRAPH-2F9FC */ + {0x2f9fd, 1, 5636}, /* CJK COMPATIBILITY IDEOGRAPH-2F9FD */ + {0x2f9fe, 1, 5637}, /* CJK COMPATIBILITY IDEOGRAPH-2F9FE */ + {0x2f9ff, 1, 5637}, /* CJK COMPATIBILITY IDEOGRAPH-2F9FF */ + {0x2fa00, 1, 5638}, /* CJK COMPATIBILITY IDEOGRAPH-2FA00 */ + {0x2fa01, 1, 5639}, /* CJK COMPATIBILITY IDEOGRAPH-2FA01 */ + {0x2fa02, 1, 5640}, /* CJK COMPATIBILITY IDEOGRAPH-2FA02 */ + {0x2fa03, 1, 5641}, /* CJK COMPATIBILITY IDEOGRAPH-2FA03 */ + {0x2fa04, 1, 5642}, /* CJK COMPATIBILITY IDEOGRAPH-2FA04 */ + {0x2fa05, 1, 5643}, /* CJK COMPATIBILITY IDEOGRAPH-2FA05 */ + {0x2fa06, 1, 5644}, /* CJK COMPATIBILITY IDEOGRAPH-2FA06 */ + {0x2fa07, 1, 5645}, /* CJK COMPATIBILITY IDEOGRAPH-2FA07 */ + {0x2fa08, 1, 5646}, /* CJK COMPATIBILITY IDEOGRAPH-2FA08 */ + {0x2fa09, 1, 5647}, /* CJK COMPATIBILITY IDEOGRAPH-2FA09 */ + {0x2fa0a, 1, 5648}, /* CJK COMPATIBILITY IDEOGRAPH-2FA0A */ + {0x2fa0b, 1, 5649}, /* CJK COMPATIBILITY IDEOGRAPH-2FA0B */ + {0x2fa0c, 1, 5650}, /* CJK COMPATIBILITY IDEOGRAPH-2FA0C */ + {0x2fa0d, 1, 5651}, /* CJK COMPATIBILITY IDEOGRAPH-2FA0D */ + {0x2fa0e, 1, 5652}, /* CJK COMPATIBILITY IDEOGRAPH-2FA0E */ + {0x2fa0f, 1, 5653}, /* CJK COMPATIBILITY IDEOGRAPH-2FA0F */ + {0x2fa10, 1, 5654}, /* CJK COMPATIBILITY IDEOGRAPH-2FA10 */ + {0x2fa11, 1, 5655}, /* CJK COMPATIBILITY IDEOGRAPH-2FA11 */ + {0x2fa12, 1, 5656}, /* CJK COMPATIBILITY IDEOGRAPH-2FA12 */ + {0x2fa13, 1, 5657}, /* CJK COMPATIBILITY IDEOGRAPH-2FA13 */ + {0x2fa14, 1, 5658}, /* CJK COMPATIBILITY IDEOGRAPH-2FA14 */ + {0x2fa15, 1, 2572}, /* CJK COMPATIBILITY IDEOGRAPH-2FA15 */ + {0x2fa16, 1, 5659}, /* CJK COMPATIBILITY IDEOGRAPH-2FA16 */ + {0x2fa17, 1, 2576}, /* CJK COMPATIBILITY IDEOGRAPH-2FA17 */ + {0x2fa18, 1, 5660}, /* CJK COMPATIBILITY IDEOGRAPH-2FA18 */ + {0x2fa19, 1, 5661}, /* CJK COMPATIBILITY IDEOGRAPH-2FA19 */ + {0x2fa1a, 1, 5662}, /* CJK COMPATIBILITY IDEOGRAPH-2FA1A */ + {0x2fa1b, 1, 5663}, /* CJK COMPATIBILITY IDEOGRAPH-2FA1B */ + {0x2fa1c, 1, 2581}, /* CJK COMPATIBILITY IDEOGRAPH-2FA1C */ + {0x2fa1d, 1, 5664}, /* CJK COMPATIBILITY IDEOGRAPH-2FA1D */ +}; + +const size_t _wind_normalize_table_size = 5224; + +const uint32_t _wind_normalize_val_table[] = { + 0x20, + 0x20, + 0x308, + 0x61, + 0x20, + 0x304, + 0x32, + 0x33, + 0x20, + 0x301, + 0x3bc, + 0x20, + 0x327, + 0x31, + 0x6f, + 0x31, + 0x2044, + 0x34, + 0x31, + 0x2044, + 0x32, + 0x33, + 0x2044, + 0x34, + 0x41, + 0x300, + 0x41, + 0x301, + 0x41, + 0x302, + 0x41, + 0x303, + 0x41, + 0x308, + 0x41, + 0x30a, + 0x43, + 0x327, + 0x45, + 0x300, + 0x45, + 0x301, + 0x45, + 0x302, + 0x45, + 0x308, + 0x49, + 0x300, + 0x49, + 0x301, + 0x49, + 0x302, + 0x49, + 0x308, + 0x4e, + 0x303, + 0x4f, + 0x300, + 0x4f, + 0x301, + 0x4f, + 0x302, + 0x4f, + 0x303, + 0x4f, + 0x308, + 0x55, + 0x300, + 0x55, + 0x301, + 0x55, + 0x302, + 0x55, + 0x308, + 0x59, + 0x301, + 0x61, + 0x300, + 0x61, + 0x301, + 0x61, + 0x302, + 0x61, + 0x303, + 0x61, + 0x308, + 0x61, + 0x30a, + 0x63, + 0x327, + 0x65, + 0x300, + 0x65, + 0x301, + 0x65, + 0x302, + 0x65, + 0x308, + 0x69, + 0x300, + 0x69, + 0x301, + 0x69, + 0x302, + 0x69, + 0x308, + 0x6e, + 0x303, + 0x6f, + 0x300, + 0x6f, + 0x301, + 0x6f, + 0x302, + 0x6f, + 0x303, + 0x6f, + 0x308, + 0x75, + 0x300, + 0x75, + 0x301, + 0x75, + 0x302, + 0x75, + 0x308, + 0x79, + 0x301, + 0x79, + 0x308, + 0x41, + 0x304, + 0x61, + 0x304, + 0x41, + 0x306, + 0x61, + 0x306, + 0x41, + 0x328, + 0x61, + 0x328, + 0x43, + 0x301, + 0x63, + 0x301, + 0x43, + 0x302, + 0x63, + 0x302, + 0x43, + 0x307, + 0x63, + 0x307, + 0x43, + 0x30c, + 0x63, + 0x30c, + 0x44, + 0x30c, + 0x64, + 0x30c, + 0x45, + 0x304, + 0x65, + 0x304, + 0x45, + 0x306, + 0x65, + 0x306, + 0x45, + 0x307, + 0x65, + 0x307, + 0x45, + 0x328, + 0x65, + 0x328, + 0x45, + 0x30c, + 0x65, + 0x30c, + 0x47, + 0x302, + 0x67, + 0x302, + 0x47, + 0x306, + 0x67, + 0x306, + 0x47, + 0x307, + 0x67, + 0x307, + 0x47, + 0x327, + 0x67, + 0x327, + 0x48, + 0x302, + 0x68, + 0x302, + 0x49, + 0x303, + 0x69, + 0x303, + 0x49, + 0x304, + 0x69, + 0x304, + 0x49, + 0x306, + 0x69, + 0x306, + 0x49, + 0x328, + 0x69, + 0x328, + 0x49, + 0x307, + 0x49, + 0x4a, + 0x69, + 0x6a, + 0x4a, + 0x302, + 0x6a, + 0x302, + 0x4b, + 0x327, + 0x6b, + 0x327, + 0x4c, + 0x301, + 0x6c, + 0x301, + 0x4c, + 0x327, + 0x6c, + 0x327, + 0x4c, + 0x30c, + 0x6c, + 0x30c, + 0x4c, + 0xb7, + 0x6c, + 0xb7, + 0x4e, + 0x301, + 0x6e, + 0x301, + 0x4e, + 0x327, + 0x6e, + 0x327, + 0x4e, + 0x30c, + 0x6e, + 0x30c, + 0x2bc, + 0x6e, + 0x4f, + 0x304, + 0x6f, + 0x304, + 0x4f, + 0x306, + 0x6f, + 0x306, + 0x4f, + 0x30b, + 0x6f, + 0x30b, + 0x52, + 0x301, + 0x72, + 0x301, + 0x52, + 0x327, + 0x72, + 0x327, + 0x52, + 0x30c, + 0x72, + 0x30c, + 0x53, + 0x301, + 0x73, + 0x301, + 0x53, + 0x302, + 0x73, + 0x302, + 0x53, + 0x327, + 0x73, + 0x327, + 0x53, + 0x30c, + 0x73, + 0x30c, + 0x54, + 0x327, + 0x74, + 0x327, + 0x54, + 0x30c, + 0x74, + 0x30c, + 0x55, + 0x303, + 0x75, + 0x303, + 0x55, + 0x304, + 0x75, + 0x304, + 0x55, + 0x306, + 0x75, + 0x306, + 0x55, + 0x30a, + 0x75, + 0x30a, + 0x55, + 0x30b, + 0x75, + 0x30b, + 0x55, + 0x328, + 0x75, + 0x328, + 0x57, + 0x302, + 0x77, + 0x302, + 0x59, + 0x302, + 0x79, + 0x302, + 0x59, + 0x308, + 0x5a, + 0x301, + 0x7a, + 0x301, + 0x5a, + 0x307, + 0x7a, + 0x307, + 0x5a, + 0x30c, + 0x7a, + 0x30c, + 0x4f, + 0x31b, + 0x6f, + 0x31b, + 0x55, + 0x31b, + 0x75, + 0x31b, + 0x44, + 0x17d, + 0x44, + 0x17e, + 0x64, + 0x17e, + 0x4c, + 0x4a, + 0x4c, + 0x6a, + 0x6c, + 0x6a, + 0x4e, + 0x4a, + 0x4e, + 0x6a, + 0x6e, + 0x6a, + 0x41, + 0x30c, + 0x61, + 0x30c, + 0x49, + 0x30c, + 0x69, + 0x30c, + 0x4f, + 0x30c, + 0x6f, + 0x30c, + 0x55, + 0x30c, + 0x75, + 0x30c, + 0xdc, + 0x304, + 0xfc, + 0x304, + 0xdc, + 0x301, + 0xfc, + 0x301, + 0xdc, + 0x30c, + 0xfc, + 0x30c, + 0xdc, + 0x300, + 0xfc, + 0x300, + 0xc4, + 0x304, + 0xe4, + 0x304, + 0x226, + 0x304, + 0x227, + 0x304, + 0xc6, + 0x304, + 0xe6, + 0x304, + 0x47, + 0x30c, + 0x67, + 0x30c, + 0x4b, + 0x30c, + 0x6b, + 0x30c, + 0x4f, + 0x328, + 0x6f, + 0x328, + 0x1ea, + 0x304, + 0x1eb, + 0x304, + 0x1b7, + 0x30c, + 0x292, + 0x30c, + 0x6a, + 0x30c, + 0x44, + 0x5a, + 0x44, + 0x7a, + 0x64, + 0x7a, + 0x47, + 0x301, + 0x67, + 0x301, + 0x4e, + 0x300, + 0x6e, + 0x300, + 0xc5, + 0x301, + 0xe5, + 0x301, + 0xc6, + 0x301, + 0xe6, + 0x301, + 0xd8, + 0x301, + 0xf8, + 0x301, + 0x41, + 0x30f, + 0x61, + 0x30f, + 0x41, + 0x311, + 0x61, + 0x311, + 0x45, + 0x30f, + 0x65, + 0x30f, + 0x45, + 0x311, + 0x65, + 0x311, + 0x49, + 0x30f, + 0x69, + 0x30f, + 0x49, + 0x311, + 0x69, + 0x311, + 0x4f, + 0x30f, + 0x6f, + 0x30f, + 0x4f, + 0x311, + 0x6f, + 0x311, + 0x52, + 0x30f, + 0x72, + 0x30f, + 0x52, + 0x311, + 0x72, + 0x311, + 0x55, + 0x30f, + 0x75, + 0x30f, + 0x55, + 0x311, + 0x75, + 0x311, + 0x53, + 0x326, + 0x73, + 0x326, + 0x54, + 0x326, + 0x74, + 0x326, + 0x48, + 0x30c, + 0x68, + 0x30c, + 0x41, + 0x307, + 0x61, + 0x307, + 0x45, + 0x327, + 0x65, + 0x327, + 0xd6, + 0x304, + 0xf6, + 0x304, + 0xd5, + 0x304, + 0xf5, + 0x304, + 0x4f, + 0x307, + 0x6f, + 0x307, + 0x22e, + 0x304, + 0x22f, + 0x304, + 0x59, + 0x304, + 0x79, + 0x304, + 0x266, + 0x279, + 0x27b, + 0x281, + 0x20, + 0x306, + 0x20, + 0x307, + 0x20, + 0x30a, + 0x20, + 0x328, + 0x20, + 0x303, + 0x20, + 0x30b, + 0x263, + 0x78, + 0x295, + 0x313, + 0x308, + 0x301, + 0x2b9, + 0x20, + 0x345, + 0x3b, + 0xa8, + 0x301, + 0x391, + 0x301, + 0x395, + 0x301, + 0x397, + 0x301, + 0x399, + 0x301, + 0x39f, + 0x301, + 0x3a5, + 0x301, + 0x3a9, + 0x301, + 0x3ca, + 0x301, + 0x399, + 0x308, + 0x3a5, + 0x308, + 0x3b1, + 0x301, + 0x3b5, + 0x301, + 0x3b7, + 0x301, + 0x3b9, + 0x301, + 0x3cb, + 0x301, + 0x3b9, + 0x308, + 0x3c5, + 0x308, + 0x3bf, + 0x301, + 0x3c5, + 0x301, + 0x3c9, + 0x301, + 0x3b2, + 0x3b8, + 0x3d2, + 0x301, + 0x3d2, + 0x308, + 0x3c6, + 0x3c0, + 0x3ba, + 0x3c1, + 0x3c2, + 0x398, + 0x3a3, + 0x415, + 0x300, + 0x415, + 0x308, + 0x413, + 0x301, + 0x406, + 0x308, + 0x41a, + 0x301, + 0x418, + 0x300, + 0x423, + 0x306, + 0x418, + 0x306, + 0x438, + 0x306, + 0x435, + 0x300, + 0x435, + 0x308, + 0x433, + 0x301, + 0x456, + 0x308, + 0x43a, + 0x301, + 0x438, + 0x300, + 0x443, + 0x306, + 0x474, + 0x30f, + 0x475, + 0x30f, + 0x416, + 0x306, + 0x436, + 0x306, + 0x410, + 0x306, + 0x430, + 0x306, + 0x410, + 0x308, + 0x430, + 0x308, + 0x415, + 0x306, + 0x435, + 0x306, + 0x4d8, + 0x308, + 0x4d9, + 0x308, + 0x416, + 0x308, + 0x436, + 0x308, + 0x417, + 0x308, + 0x437, + 0x308, + 0x418, + 0x304, + 0x438, + 0x304, + 0x418, + 0x308, + 0x438, + 0x308, + 0x41e, + 0x308, + 0x43e, + 0x308, + 0x4e8, + 0x308, + 0x4e9, + 0x308, + 0x42d, + 0x308, + 0x44d, + 0x308, + 0x423, + 0x304, + 0x443, + 0x304, + 0x423, + 0x308, + 0x443, + 0x308, + 0x423, + 0x30b, + 0x443, + 0x30b, + 0x427, + 0x308, + 0x447, + 0x308, + 0x42b, + 0x308, + 0x44b, + 0x308, + 0x565, + 0x582, + 0x627, + 0x653, + 0x627, + 0x654, + 0x648, + 0x654, + 0x627, + 0x655, + 0x64a, + 0x654, + 0x627, + 0x674, + 0x648, + 0x674, + 0x6c7, + 0x674, + 0x64a, + 0x674, + 0x6d5, + 0x654, + 0x6c1, + 0x654, + 0x6d2, + 0x654, + 0x928, + 0x93c, + 0x930, + 0x93c, + 0x933, + 0x93c, + 0x915, + 0x93c, + 0x916, + 0x93c, + 0x917, + 0x93c, + 0x91c, + 0x93c, + 0x921, + 0x93c, + 0x922, + 0x93c, + 0x92b, + 0x93c, + 0x92f, + 0x93c, + 0x9c7, + 0x9be, + 0x9c7, + 0x9d7, + 0x9a1, + 0x9bc, + 0x9a2, + 0x9bc, + 0x9af, + 0x9bc, + 0xa32, + 0xa3c, + 0xa38, + 0xa3c, + 0xa16, + 0xa3c, + 0xa17, + 0xa3c, + 0xa1c, + 0xa3c, + 0xa2b, + 0xa3c, + 0xb47, + 0xb56, + 0xb47, + 0xb3e, + 0xb47, + 0xb57, + 0xb21, + 0xb3c, + 0xb22, + 0xb3c, + 0xb92, + 0xbd7, + 0xbc6, + 0xbbe, + 0xbc7, + 0xbbe, + 0xbc6, + 0xbd7, + 0xc46, + 0xc56, + 0xcbf, + 0xcd5, + 0xcc6, + 0xcd5, + 0xcc6, + 0xcd6, + 0xcc6, + 0xcc2, + 0xcca, + 0xcd5, + 0xd46, + 0xd3e, + 0xd47, + 0xd3e, + 0xd46, + 0xd57, + 0xdd9, + 0xdca, + 0xdd9, + 0xdcf, + 0xddc, + 0xdca, + 0xdd9, + 0xddf, + 0xe4d, + 0xe32, + 0xecd, + 0xeb2, + 0xeab, + 0xe99, + 0xeab, + 0xea1, + 0xf0b, + 0xf42, + 0xfb7, + 0xf4c, + 0xfb7, + 0xf51, + 0xfb7, + 0xf56, + 0xfb7, + 0xf5b, + 0xfb7, + 0xf40, + 0xfb5, + 0xf71, + 0xf72, + 0xf71, + 0xf74, + 0xfb2, + 0xf80, + 0xfb2, + 0xf81, + 0xfb3, + 0xf80, + 0xfb3, + 0xf81, + 0xf71, + 0xf80, + 0xf92, + 0xfb7, + 0xf9c, + 0xfb7, + 0xfa1, + 0xfb7, + 0xfa6, + 0xfb7, + 0xfab, + 0xfb7, + 0xf90, + 0xfb5, + 0x1025, + 0x102e, + 0x42, + 0x18e, + 0x4d, + 0x222, + 0x50, + 0x250, + 0x251, + 0x1d02, + 0x62, + 0x259, + 0x25b, + 0x25c, + 0x6d, + 0x14b, + 0x254, + 0x1d16, + 0x1d17, + 0x70, + 0x1d1d, + 0x26f, + 0x76, + 0x1d25, + 0x3b3, + 0x3b4, + 0x3c7, + 0x41, + 0x325, + 0x61, + 0x325, + 0x42, + 0x307, + 0x62, + 0x307, + 0x42, + 0x323, + 0x62, + 0x323, + 0x42, + 0x331, + 0x62, + 0x331, + 0xc7, + 0x301, + 0xe7, + 0x301, + 0x44, + 0x307, + 0x64, + 0x307, + 0x44, + 0x323, + 0x64, + 0x323, + 0x44, + 0x331, + 0x64, + 0x331, + 0x44, + 0x327, + 0x64, + 0x327, + 0x44, + 0x32d, + 0x64, + 0x32d, + 0x112, + 0x300, + 0x113, + 0x300, + 0x112, + 0x301, + 0x113, + 0x301, + 0x45, + 0x32d, + 0x65, + 0x32d, + 0x45, + 0x330, + 0x65, + 0x330, + 0x228, + 0x306, + 0x229, + 0x306, + 0x46, + 0x307, + 0x66, + 0x307, + 0x47, + 0x304, + 0x67, + 0x304, + 0x48, + 0x307, + 0x68, + 0x307, + 0x48, + 0x323, + 0x68, + 0x323, + 0x48, + 0x308, + 0x68, + 0x308, + 0x48, + 0x327, + 0x68, + 0x327, + 0x48, + 0x32e, + 0x68, + 0x32e, + 0x49, + 0x330, + 0x69, + 0x330, + 0xcf, + 0x301, + 0xef, + 0x301, + 0x4b, + 0x301, + 0x6b, + 0x301, + 0x4b, + 0x323, + 0x6b, + 0x323, + 0x4b, + 0x331, + 0x6b, + 0x331, + 0x4c, + 0x323, + 0x6c, + 0x323, + 0x1e36, + 0x304, + 0x1e37, + 0x304, + 0x4c, + 0x331, + 0x6c, + 0x331, + 0x4c, + 0x32d, + 0x6c, + 0x32d, + 0x4d, + 0x301, + 0x6d, + 0x301, + 0x4d, + 0x307, + 0x6d, + 0x307, + 0x4d, + 0x323, + 0x6d, + 0x323, + 0x4e, + 0x307, + 0x6e, + 0x307, + 0x4e, + 0x323, + 0x6e, + 0x323, + 0x4e, + 0x331, + 0x6e, + 0x331, + 0x4e, + 0x32d, + 0x6e, + 0x32d, + 0xd5, + 0x301, + 0xf5, + 0x301, + 0xd5, + 0x308, + 0xf5, + 0x308, + 0x14c, + 0x300, + 0x14d, + 0x300, + 0x14c, + 0x301, + 0x14d, + 0x301, + 0x50, + 0x301, + 0x70, + 0x301, + 0x50, + 0x307, + 0x70, + 0x307, + 0x52, + 0x307, + 0x72, + 0x307, + 0x52, + 0x323, + 0x72, + 0x323, + 0x1e5a, + 0x304, + 0x1e5b, + 0x304, + 0x52, + 0x331, + 0x72, + 0x331, + 0x53, + 0x307, + 0x73, + 0x307, + 0x53, + 0x323, + 0x73, + 0x323, + 0x15a, + 0x307, + 0x15b, + 0x307, + 0x160, + 0x307, + 0x161, + 0x307, + 0x1e62, + 0x307, + 0x1e63, + 0x307, + 0x54, + 0x307, + 0x74, + 0x307, + 0x54, + 0x323, + 0x74, + 0x323, + 0x54, + 0x331, + 0x74, + 0x331, + 0x54, + 0x32d, + 0x74, + 0x32d, + 0x55, + 0x324, + 0x75, + 0x324, + 0x55, + 0x330, + 0x75, + 0x330, + 0x55, + 0x32d, + 0x75, + 0x32d, + 0x168, + 0x301, + 0x169, + 0x301, + 0x16a, + 0x308, + 0x16b, + 0x308, + 0x56, + 0x303, + 0x76, + 0x303, + 0x56, + 0x323, + 0x76, + 0x323, + 0x57, + 0x300, + 0x77, + 0x300, + 0x57, + 0x301, + 0x77, + 0x301, + 0x57, + 0x308, + 0x77, + 0x308, + 0x57, + 0x307, + 0x77, + 0x307, + 0x57, + 0x323, + 0x77, + 0x323, + 0x58, + 0x307, + 0x78, + 0x307, + 0x58, + 0x308, + 0x78, + 0x308, + 0x59, + 0x307, + 0x79, + 0x307, + 0x5a, + 0x302, + 0x7a, + 0x302, + 0x5a, + 0x323, + 0x7a, + 0x323, + 0x5a, + 0x331, + 0x7a, + 0x331, + 0x68, + 0x331, + 0x74, + 0x308, + 0x77, + 0x30a, + 0x79, + 0x30a, + 0x61, + 0x2be, + 0x17f, + 0x307, + 0x41, + 0x323, + 0x61, + 0x323, + 0x41, + 0x309, + 0x61, + 0x309, + 0xc2, + 0x301, + 0xe2, + 0x301, + 0xc2, + 0x300, + 0xe2, + 0x300, + 0xc2, + 0x309, + 0xe2, + 0x309, + 0xc2, + 0x303, + 0xe2, + 0x303, + 0x1ea0, + 0x302, + 0x1ea1, + 0x302, + 0x102, + 0x301, + 0x103, + 0x301, + 0x102, + 0x300, + 0x103, + 0x300, + 0x102, + 0x309, + 0x103, + 0x309, + 0x102, + 0x303, + 0x103, + 0x303, + 0x1ea0, + 0x306, + 0x1ea1, + 0x306, + 0x45, + 0x323, + 0x65, + 0x323, + 0x45, + 0x309, + 0x65, + 0x309, + 0x45, + 0x303, + 0x65, + 0x303, + 0xca, + 0x301, + 0xea, + 0x301, + 0xca, + 0x300, + 0xea, + 0x300, + 0xca, + 0x309, + 0xea, + 0x309, + 0xca, + 0x303, + 0xea, + 0x303, + 0x1eb8, + 0x302, + 0x1eb9, + 0x302, + 0x49, + 0x309, + 0x69, + 0x309, + 0x49, + 0x323, + 0x69, + 0x323, + 0x4f, + 0x323, + 0x6f, + 0x323, + 0x4f, + 0x309, + 0x6f, + 0x309, + 0xd4, + 0x301, + 0xf4, + 0x301, + 0xd4, + 0x300, + 0xf4, + 0x300, + 0xd4, + 0x309, + 0xf4, + 0x309, + 0xd4, + 0x303, + 0xf4, + 0x303, + 0x1ecc, + 0x302, + 0x1ecd, + 0x302, + 0x1a0, + 0x301, + 0x1a1, + 0x301, + 0x1a0, + 0x300, + 0x1a1, + 0x300, + 0x1a0, + 0x309, + 0x1a1, + 0x309, + 0x1a0, + 0x303, + 0x1a1, + 0x303, + 0x1a0, + 0x323, + 0x1a1, + 0x323, + 0x55, + 0x323, + 0x75, + 0x323, + 0x55, + 0x309, + 0x75, + 0x309, + 0x1af, + 0x301, + 0x1b0, + 0x301, + 0x1af, + 0x300, + 0x1b0, + 0x300, + 0x1af, + 0x309, + 0x1b0, + 0x309, + 0x1af, + 0x303, + 0x1b0, + 0x303, + 0x1af, + 0x323, + 0x1b0, + 0x323, + 0x59, + 0x300, + 0x79, + 0x300, + 0x59, + 0x323, + 0x79, + 0x323, + 0x59, + 0x309, + 0x79, + 0x309, + 0x59, + 0x303, + 0x79, + 0x303, + 0x3b1, + 0x313, + 0x3b1, + 0x314, + 0x1f00, + 0x300, + 0x1f01, + 0x300, + 0x1f00, + 0x301, + 0x1f01, + 0x301, + 0x1f00, + 0x342, + 0x1f01, + 0x342, + 0x391, + 0x313, + 0x391, + 0x314, + 0x1f08, + 0x300, + 0x1f09, + 0x300, + 0x1f08, + 0x301, + 0x1f09, + 0x301, + 0x1f08, + 0x342, + 0x1f09, + 0x342, + 0x3b5, + 0x313, + 0x3b5, + 0x314, + 0x1f10, + 0x300, + 0x1f11, + 0x300, + 0x1f10, + 0x301, + 0x1f11, + 0x301, + 0x395, + 0x313, + 0x395, + 0x314, + 0x1f18, + 0x300, + 0x1f19, + 0x300, + 0x1f18, + 0x301, + 0x1f19, + 0x301, + 0x3b7, + 0x313, + 0x3b7, + 0x314, + 0x1f20, + 0x300, + 0x1f21, + 0x300, + 0x1f20, + 0x301, + 0x1f21, + 0x301, + 0x1f20, + 0x342, + 0x1f21, + 0x342, + 0x397, + 0x313, + 0x397, + 0x314, + 0x1f28, + 0x300, + 0x1f29, + 0x300, + 0x1f28, + 0x301, + 0x1f29, + 0x301, + 0x1f28, + 0x342, + 0x1f29, + 0x342, + 0x3b9, + 0x313, + 0x3b9, + 0x314, + 0x1f30, + 0x300, + 0x1f31, + 0x300, + 0x1f30, + 0x301, + 0x1f31, + 0x301, + 0x1f30, + 0x342, + 0x1f31, + 0x342, + 0x399, + 0x313, + 0x399, + 0x314, + 0x1f38, + 0x300, + 0x1f39, + 0x300, + 0x1f38, + 0x301, + 0x1f39, + 0x301, + 0x1f38, + 0x342, + 0x1f39, + 0x342, + 0x3bf, + 0x313, + 0x3bf, + 0x314, + 0x1f40, + 0x300, + 0x1f41, + 0x300, + 0x1f40, + 0x301, + 0x1f41, + 0x301, + 0x39f, + 0x313, + 0x39f, + 0x314, + 0x1f48, + 0x300, + 0x1f49, + 0x300, + 0x1f48, + 0x301, + 0x1f49, + 0x301, + 0x3c5, + 0x313, + 0x3c5, + 0x314, + 0x1f50, + 0x300, + 0x1f51, + 0x300, + 0x1f50, + 0x301, + 0x1f51, + 0x301, + 0x1f50, + 0x342, + 0x1f51, + 0x342, + 0x3a5, + 0x314, + 0x1f59, + 0x300, + 0x1f59, + 0x301, + 0x1f59, + 0x342, + 0x3c9, + 0x313, + 0x3c9, + 0x314, + 0x1f60, + 0x300, + 0x1f61, + 0x300, + 0x1f60, + 0x301, + 0x1f61, + 0x301, + 0x1f60, + 0x342, + 0x1f61, + 0x342, + 0x3a9, + 0x313, + 0x3a9, + 0x314, + 0x1f68, + 0x300, + 0x1f69, + 0x300, + 0x1f68, + 0x301, + 0x1f69, + 0x301, + 0x1f68, + 0x342, + 0x1f69, + 0x342, + 0x3b1, + 0x300, + 0x3ac, + 0x3b5, + 0x300, + 0x3ad, + 0x3b7, + 0x300, + 0x3ae, + 0x3b9, + 0x300, + 0x3af, + 0x3bf, + 0x300, + 0x3cc, + 0x3c5, + 0x300, + 0x3cd, + 0x3c9, + 0x300, + 0x3ce, + 0x1f00, + 0x345, + 0x1f01, + 0x345, + 0x1f02, + 0x345, + 0x1f03, + 0x345, + 0x1f04, + 0x345, + 0x1f05, + 0x345, + 0x1f06, + 0x345, + 0x1f07, + 0x345, + 0x1f08, + 0x345, + 0x1f09, + 0x345, + 0x1f0a, + 0x345, + 0x1f0b, + 0x345, + 0x1f0c, + 0x345, + 0x1f0d, + 0x345, + 0x1f0e, + 0x345, + 0x1f0f, + 0x345, + 0x1f20, + 0x345, + 0x1f21, + 0x345, + 0x1f22, + 0x345, + 0x1f23, + 0x345, + 0x1f24, + 0x345, + 0x1f25, + 0x345, + 0x1f26, + 0x345, + 0x1f27, + 0x345, + 0x1f28, + 0x345, + 0x1f29, + 0x345, + 0x1f2a, + 0x345, + 0x1f2b, + 0x345, + 0x1f2c, + 0x345, + 0x1f2d, + 0x345, + 0x1f2e, + 0x345, + 0x1f2f, + 0x345, + 0x1f60, + 0x345, + 0x1f61, + 0x345, + 0x1f62, + 0x345, + 0x1f63, + 0x345, + 0x1f64, + 0x345, + 0x1f65, + 0x345, + 0x1f66, + 0x345, + 0x1f67, + 0x345, + 0x1f68, + 0x345, + 0x1f69, + 0x345, + 0x1f6a, + 0x345, + 0x1f6b, + 0x345, + 0x1f6c, + 0x345, + 0x1f6d, + 0x345, + 0x1f6e, + 0x345, + 0x1f6f, + 0x345, + 0x3b1, + 0x306, + 0x3b1, + 0x304, + 0x1f70, + 0x345, + 0x3b1, + 0x345, + 0x3ac, + 0x345, + 0x3b1, + 0x342, + 0x1fb6, + 0x345, + 0x391, + 0x306, + 0x391, + 0x304, + 0x391, + 0x300, + 0x386, + 0x391, + 0x345, + 0x20, + 0x313, + 0x20, + 0x342, + 0xa8, + 0x342, + 0x1f74, + 0x345, + 0x3b7, + 0x345, + 0x3ae, + 0x345, + 0x3b7, + 0x342, + 0x1fc6, + 0x345, + 0x395, + 0x300, + 0x388, + 0x397, + 0x300, + 0x389, + 0x397, + 0x345, + 0x1fbf, + 0x300, + 0x1fbf, + 0x301, + 0x1fbf, + 0x342, + 0x3b9, + 0x306, + 0x3b9, + 0x304, + 0x3ca, + 0x300, + 0x390, + 0x3b9, + 0x342, + 0x3ca, + 0x342, + 0x399, + 0x306, + 0x399, + 0x304, + 0x399, + 0x300, + 0x38a, + 0x1ffe, + 0x300, + 0x1ffe, + 0x301, + 0x1ffe, + 0x342, + 0x3c5, + 0x306, + 0x3c5, + 0x304, + 0x3cb, + 0x300, + 0x3b0, + 0x3c1, + 0x313, + 0x3c1, + 0x314, + 0x3c5, + 0x342, + 0x3cb, + 0x342, + 0x3a5, + 0x306, + 0x3a5, + 0x304, + 0x3a5, + 0x300, + 0x38e, + 0x3a1, + 0x314, + 0xa8, + 0x300, + 0x385, + 0x60, + 0x1f7c, + 0x345, + 0x3c9, + 0x345, + 0x3ce, + 0x345, + 0x3c9, + 0x342, + 0x1ff6, + 0x345, + 0x39f, + 0x300, + 0x38c, + 0x3a9, + 0x300, + 0x38f, + 0x3a9, + 0x345, + 0xb4, + 0x20, + 0x314, + 0x2002, + 0x2003, + 0x20, + 0x20, + 0x20, + 0x20, + 0x20, + 0x20, + 0x20, + 0x20, + 0x20, + 0x2010, + 0x20, + 0x333, + 0x2e, + 0x2e, + 0x2e, + 0x20, + 0x2032, + 0x2032, + 0x2032, + 0x2032, + 0x2032, + 0x2035, + 0x2035, + 0x2035, + 0x2035, + 0x2035, + 0x21, + 0x21, + 0x20, + 0x305, + 0x3f, + 0x3f, + 0x3f, + 0x21, + 0x21, + 0x3f, + 0x20, + 0x30, + 0x35, + 0x36, + 0x37, + 0x38, + 0x39, + 0x2b, + 0x2212, + 0x3d, + 0x28, + 0x29, + 0x52, + 0x73, + 0x61, + 0x2f, + 0x63, + 0x61, + 0x2f, + 0x73, + 0xb0, + 0x43, + 0x63, + 0x2f, + 0x6f, + 0x63, + 0x2f, + 0x75, + 0x190, + 0xb0, + 0x46, + 0x127, + 0x4e, + 0x6f, + 0x51, + 0x53, + 0x4d, + 0x54, + 0x45, + 0x4c, + 0x54, + 0x4d, + 0x5d0, + 0x5d1, + 0x5d2, + 0x5d3, + 0x46, + 0x41, + 0x58, + 0x393, + 0x3a0, + 0x2211, + 0x31, + 0x2044, + 0x33, + 0x32, + 0x2044, + 0x33, + 0x31, + 0x2044, + 0x35, + 0x32, + 0x2044, + 0x35, + 0x33, + 0x2044, + 0x35, + 0x34, + 0x2044, + 0x35, + 0x31, + 0x2044, + 0x36, + 0x35, + 0x2044, + 0x36, + 0x31, + 0x2044, + 0x38, + 0x33, + 0x2044, + 0x38, + 0x35, + 0x2044, + 0x38, + 0x37, + 0x2044, + 0x38, + 0x49, + 0x49, + 0x49, + 0x49, + 0x49, + 0x49, + 0x56, + 0x56, + 0x49, + 0x56, + 0x49, + 0x49, + 0x56, + 0x49, + 0x49, + 0x49, + 0x49, + 0x58, + 0x58, + 0x49, + 0x58, + 0x49, + 0x49, + 0x69, + 0x69, + 0x69, + 0x69, + 0x69, + 0x69, + 0x76, + 0x76, + 0x69, + 0x76, + 0x69, + 0x69, + 0x76, + 0x69, + 0x69, + 0x69, + 0x69, + 0x78, + 0x78, + 0x69, + 0x78, + 0x69, + 0x69, + 0x2190, + 0x338, + 0x2192, + 0x338, + 0x2194, + 0x338, + 0x21d0, + 0x338, + 0x21d4, + 0x338, + 0x21d2, + 0x338, + 0x2203, + 0x338, + 0x2208, + 0x338, + 0x220b, + 0x338, + 0x2223, + 0x338, + 0x2225, + 0x338, + 0x222b, + 0x222b, + 0x222b, + 0x222b, + 0x222b, + 0x222e, + 0x222e, + 0x222e, + 0x222e, + 0x222e, + 0x223c, + 0x338, + 0x2243, + 0x338, + 0x2245, + 0x338, + 0x2248, + 0x338, + 0x3d, + 0x338, + 0x2261, + 0x338, + 0x224d, + 0x338, + 0x3c, + 0x338, + 0x3e, + 0x338, + 0x2264, + 0x338, + 0x2265, + 0x338, + 0x2272, + 0x338, + 0x2273, + 0x338, + 0x2276, + 0x338, + 0x2277, + 0x338, + 0x227a, + 0x338, + 0x227b, + 0x338, + 0x2282, + 0x338, + 0x2283, + 0x338, + 0x2286, + 0x338, + 0x2287, + 0x338, + 0x22a2, + 0x338, + 0x22a8, + 0x338, + 0x22a9, + 0x338, + 0x22ab, + 0x338, + 0x227c, + 0x338, + 0x227d, + 0x338, + 0x2291, + 0x338, + 0x2292, + 0x338, + 0x22b2, + 0x338, + 0x22b3, + 0x338, + 0x22b4, + 0x338, + 0x22b5, + 0x338, + 0x3008, + 0x3009, + 0x31, + 0x30, + 0x31, + 0x31, + 0x31, + 0x32, + 0x31, + 0x33, + 0x31, + 0x34, + 0x31, + 0x35, + 0x31, + 0x36, + 0x31, + 0x37, + 0x31, + 0x38, + 0x31, + 0x39, + 0x32, + 0x30, + 0x28, + 0x31, + 0x29, + 0x28, + 0x32, + 0x29, + 0x28, + 0x33, + 0x29, + 0x28, + 0x34, + 0x29, + 0x28, + 0x35, + 0x29, + 0x28, + 0x36, + 0x29, + 0x28, + 0x37, + 0x29, + 0x28, + 0x38, + 0x29, + 0x28, + 0x39, + 0x29, + 0x28, + 0x31, + 0x30, + 0x29, + 0x28, + 0x31, + 0x31, + 0x29, + 0x28, + 0x31, + 0x32, + 0x29, + 0x28, + 0x31, + 0x33, + 0x29, + 0x28, + 0x31, + 0x34, + 0x29, + 0x28, + 0x31, + 0x35, + 0x29, + 0x28, + 0x31, + 0x36, + 0x29, + 0x28, + 0x31, + 0x37, + 0x29, + 0x28, + 0x31, + 0x38, + 0x29, + 0x28, + 0x31, + 0x39, + 0x29, + 0x28, + 0x32, + 0x30, + 0x29, + 0x31, + 0x2e, + 0x32, + 0x2e, + 0x33, + 0x2e, + 0x34, + 0x2e, + 0x35, + 0x2e, + 0x36, + 0x2e, + 0x37, + 0x2e, + 0x38, + 0x2e, + 0x39, + 0x2e, + 0x31, + 0x30, + 0x2e, + 0x31, + 0x31, + 0x2e, + 0x31, + 0x32, + 0x2e, + 0x31, + 0x33, + 0x2e, + 0x31, + 0x34, + 0x2e, + 0x31, + 0x35, + 0x2e, + 0x31, + 0x36, + 0x2e, + 0x31, + 0x37, + 0x2e, + 0x31, + 0x38, + 0x2e, + 0x31, + 0x39, + 0x2e, + 0x32, + 0x30, + 0x2e, + 0x28, + 0x61, + 0x29, + 0x28, + 0x62, + 0x29, + 0x28, + 0x63, + 0x29, + 0x28, + 0x64, + 0x29, + 0x28, + 0x65, + 0x29, + 0x28, + 0x66, + 0x29, + 0x28, + 0x67, + 0x29, + 0x28, + 0x68, + 0x29, + 0x28, + 0x69, + 0x29, + 0x28, + 0x6a, + 0x29, + 0x28, + 0x6b, + 0x29, + 0x28, + 0x6c, + 0x29, + 0x28, + 0x6d, + 0x29, + 0x28, + 0x6e, + 0x29, + 0x28, + 0x6f, + 0x29, + 0x28, + 0x70, + 0x29, + 0x28, + 0x71, + 0x29, + 0x28, + 0x72, + 0x29, + 0x28, + 0x73, + 0x29, + 0x28, + 0x74, + 0x29, + 0x28, + 0x75, + 0x29, + 0x28, + 0x76, + 0x29, + 0x28, + 0x77, + 0x29, + 0x28, + 0x78, + 0x29, + 0x28, + 0x79, + 0x29, + 0x28, + 0x7a, + 0x29, + 0x3a, + 0x3a, + 0x3d, + 0x3d, + 0x3d, + 0x2add, + 0x338, + 0x6bcd, + 0x9f9f, + 0x4e00, + 0x4e28, + 0x4e36, + 0x4e3f, + 0x4e59, + 0x4e85, + 0x4e8c, + 0x4ea0, + 0x4eba, + 0x513f, + 0x5165, + 0x516b, + 0x5182, + 0x5196, + 0x51ab, + 0x51e0, + 0x51f5, + 0x5200, + 0x529b, + 0x52f9, + 0x5315, + 0x531a, + 0x5338, + 0x5341, + 0x535c, + 0x5369, + 0x5382, + 0x53b6, + 0x53c8, + 0x53e3, + 0x56d7, + 0x571f, + 0x58eb, + 0x5902, + 0x590a, + 0x5915, + 0x5927, + 0x5973, + 0x5b50, + 0x5b80, + 0x5bf8, + 0x5c0f, + 0x5c22, + 0x5c38, + 0x5c6e, + 0x5c71, + 0x5ddb, + 0x5de5, + 0x5df1, + 0x5dfe, + 0x5e72, + 0x5e7a, + 0x5e7f, + 0x5ef4, + 0x5efe, + 0x5f0b, + 0x5f13, + 0x5f50, + 0x5f61, + 0x5f73, + 0x5fc3, + 0x6208, + 0x6236, + 0x624b, + 0x652f, + 0x6534, + 0x6587, + 0x6597, + 0x65a4, + 0x65b9, + 0x65e0, + 0x65e5, + 0x66f0, + 0x6708, + 0x6728, + 0x6b20, + 0x6b62, + 0x6b79, + 0x6bb3, + 0x6bcb, + 0x6bd4, + 0x6bdb, + 0x6c0f, + 0x6c14, + 0x6c34, + 0x706b, + 0x722a, + 0x7236, + 0x723b, + 0x723f, + 0x7247, + 0x7259, + 0x725b, + 0x72ac, + 0x7384, + 0x7389, + 0x74dc, + 0x74e6, + 0x7518, + 0x751f, + 0x7528, + 0x7530, + 0x758b, + 0x7592, + 0x7676, + 0x767d, + 0x76ae, + 0x76bf, + 0x76ee, + 0x77db, + 0x77e2, + 0x77f3, + 0x793a, + 0x79b8, + 0x79be, + 0x7a74, + 0x7acb, + 0x7af9, + 0x7c73, + 0x7cf8, + 0x7f36, + 0x7f51, + 0x7f8a, + 0x7fbd, + 0x8001, + 0x800c, + 0x8012, + 0x8033, + 0x807f, + 0x8089, + 0x81e3, + 0x81ea, + 0x81f3, + 0x81fc, + 0x820c, + 0x821b, + 0x821f, + 0x826e, + 0x8272, + 0x8278, + 0x864d, + 0x866b, + 0x8840, + 0x884c, + 0x8863, + 0x897e, + 0x898b, + 0x89d2, + 0x8a00, + 0x8c37, + 0x8c46, + 0x8c55, + 0x8c78, + 0x8c9d, + 0x8d64, + 0x8d70, + 0x8db3, + 0x8eab, + 0x8eca, + 0x8f9b, + 0x8fb0, + 0x8fb5, + 0x9091, + 0x9149, + 0x91c6, + 0x91cc, + 0x91d1, + 0x9577, + 0x9580, + 0x961c, + 0x96b6, + 0x96b9, + 0x96e8, + 0x9751, + 0x975e, + 0x9762, + 0x9769, + 0x97cb, + 0x97ed, + 0x97f3, + 0x9801, + 0x98a8, + 0x98db, + 0x98df, + 0x9996, + 0x9999, + 0x99ac, + 0x9aa8, + 0x9ad8, + 0x9adf, + 0x9b25, + 0x9b2f, + 0x9b32, + 0x9b3c, + 0x9b5a, + 0x9ce5, + 0x9e75, + 0x9e7f, + 0x9ea5, + 0x9ebb, + 0x9ec3, + 0x9ecd, + 0x9ed1, + 0x9ef9, + 0x9efd, + 0x9f0e, + 0x9f13, + 0x9f20, + 0x9f3b, + 0x9f4a, + 0x9f52, + 0x9f8d, + 0x9f9c, + 0x9fa0, + 0x20, + 0x3012, + 0x5344, + 0x5345, + 0x304b, + 0x3099, + 0x304d, + 0x3099, + 0x304f, + 0x3099, + 0x3051, + 0x3099, + 0x3053, + 0x3099, + 0x3055, + 0x3099, + 0x3057, + 0x3099, + 0x3059, + 0x3099, + 0x305b, + 0x3099, + 0x305d, + 0x3099, + 0x305f, + 0x3099, + 0x3061, + 0x3099, + 0x3064, + 0x3099, + 0x3066, + 0x3099, + 0x3068, + 0x3099, + 0x306f, + 0x3099, + 0x306f, + 0x309a, + 0x3072, + 0x3099, + 0x3072, + 0x309a, + 0x3075, + 0x3099, + 0x3075, + 0x309a, + 0x3078, + 0x3099, + 0x3078, + 0x309a, + 0x307b, + 0x3099, + 0x307b, + 0x309a, + 0x3046, + 0x3099, + 0x20, + 0x3099, + 0x20, + 0x309a, + 0x309d, + 0x3099, + 0x3088, + 0x308a, + 0x30ab, + 0x3099, + 0x30ad, + 0x3099, + 0x30af, + 0x3099, + 0x30b1, + 0x3099, + 0x30b3, + 0x3099, + 0x30b5, + 0x3099, + 0x30b7, + 0x3099, + 0x30b9, + 0x3099, + 0x30bb, + 0x3099, + 0x30bd, + 0x3099, + 0x30bf, + 0x3099, + 0x30c1, + 0x3099, + 0x30c4, + 0x3099, + 0x30c6, + 0x3099, + 0x30c8, + 0x3099, + 0x30cf, + 0x3099, + 0x30cf, + 0x309a, + 0x30d2, + 0x3099, + 0x30d2, + 0x309a, + 0x30d5, + 0x3099, + 0x30d5, + 0x309a, + 0x30d8, + 0x3099, + 0x30d8, + 0x309a, + 0x30db, + 0x3099, + 0x30db, + 0x309a, + 0x30a6, + 0x3099, + 0x30ef, + 0x3099, + 0x30f0, + 0x3099, + 0x30f1, + 0x3099, + 0x30f2, + 0x3099, + 0x30fd, + 0x3099, + 0x30b3, + 0x30c8, + 0x1100, + 0x1101, + 0x11aa, + 0x1102, + 0x11ac, + 0x11ad, + 0x1103, + 0x1104, + 0x1105, + 0x11b0, + 0x11b1, + 0x11b2, + 0x11b3, + 0x11b4, + 0x11b5, + 0x111a, + 0x1106, + 0x1107, + 0x1108, + 0x1121, + 0x1109, + 0x110a, + 0x110b, + 0x110c, + 0x110d, + 0x110e, + 0x110f, + 0x1110, + 0x1111, + 0x1112, + 0x1161, + 0x1162, + 0x1163, + 0x1164, + 0x1165, + 0x1166, + 0x1167, + 0x1168, + 0x1169, + 0x116a, + 0x116b, + 0x116c, + 0x116d, + 0x116e, + 0x116f, + 0x1170, + 0x1171, + 0x1172, + 0x1173, + 0x1174, + 0x1175, + 0x1160, + 0x1114, + 0x1115, + 0x11c7, + 0x11c8, + 0x11cc, + 0x11ce, + 0x11d3, + 0x11d7, + 0x11d9, + 0x111c, + 0x11dd, + 0x11df, + 0x111d, + 0x111e, + 0x1120, + 0x1122, + 0x1123, + 0x1127, + 0x1129, + 0x112b, + 0x112c, + 0x112d, + 0x112e, + 0x112f, + 0x1132, + 0x1136, + 0x1140, + 0x1147, + 0x114c, + 0x11f1, + 0x11f2, + 0x1157, + 0x1158, + 0x1159, + 0x1184, + 0x1185, + 0x1188, + 0x1191, + 0x1192, + 0x1194, + 0x119e, + 0x11a1, + 0x4e09, + 0x56db, + 0x4e0a, + 0x4e2d, + 0x4e0b, + 0x7532, + 0x4e19, + 0x4e01, + 0x5929, + 0x5730, + 0x28, + 0x1100, + 0x29, + 0x28, + 0x1102, + 0x29, + 0x28, + 0x1103, + 0x29, + 0x28, + 0x1105, + 0x29, + 0x28, + 0x1106, + 0x29, + 0x28, + 0x1107, + 0x29, + 0x28, + 0x1109, + 0x29, + 0x28, + 0x110b, + 0x29, + 0x28, + 0x110c, + 0x29, + 0x28, + 0x110e, + 0x29, + 0x28, + 0x110f, + 0x29, + 0x28, + 0x1110, + 0x29, + 0x28, + 0x1111, + 0x29, + 0x28, + 0x1112, + 0x29, + 0x28, + 0x1100, + 0x1161, + 0x29, + 0x28, + 0x1102, + 0x1161, + 0x29, + 0x28, + 0x1103, + 0x1161, + 0x29, + 0x28, + 0x1105, + 0x1161, + 0x29, + 0x28, + 0x1106, + 0x1161, + 0x29, + 0x28, + 0x1107, + 0x1161, + 0x29, + 0x28, + 0x1109, + 0x1161, + 0x29, + 0x28, + 0x110b, + 0x1161, + 0x29, + 0x28, + 0x110c, + 0x1161, + 0x29, + 0x28, + 0x110e, + 0x1161, + 0x29, + 0x28, + 0x110f, + 0x1161, + 0x29, + 0x28, + 0x1110, + 0x1161, + 0x29, + 0x28, + 0x1111, + 0x1161, + 0x29, + 0x28, + 0x1112, + 0x1161, + 0x29, + 0x28, + 0x110c, + 0x116e, + 0x29, + 0x28, + 0x110b, + 0x1169, + 0x110c, + 0x1165, + 0x11ab, + 0x29, + 0x28, + 0x110b, + 0x1169, + 0x1112, + 0x116e, + 0x29, + 0x28, + 0x4e00, + 0x29, + 0x28, + 0x4e8c, + 0x29, + 0x28, + 0x4e09, + 0x29, + 0x28, + 0x56db, + 0x29, + 0x28, + 0x4e94, + 0x29, + 0x28, + 0x516d, + 0x29, + 0x28, + 0x4e03, + 0x29, + 0x28, + 0x516b, + 0x29, + 0x28, + 0x4e5d, + 0x29, + 0x28, + 0x5341, + 0x29, + 0x28, + 0x6708, + 0x29, + 0x28, + 0x706b, + 0x29, + 0x28, + 0x6c34, + 0x29, + 0x28, + 0x6728, + 0x29, + 0x28, + 0x91d1, + 0x29, + 0x28, + 0x571f, + 0x29, + 0x28, + 0x65e5, + 0x29, + 0x28, + 0x682a, + 0x29, + 0x28, + 0x6709, + 0x29, + 0x28, + 0x793e, + 0x29, + 0x28, + 0x540d, + 0x29, + 0x28, + 0x7279, + 0x29, + 0x28, + 0x8ca1, + 0x29, + 0x28, + 0x795d, + 0x29, + 0x28, + 0x52b4, + 0x29, + 0x28, + 0x4ee3, + 0x29, + 0x28, + 0x547c, + 0x29, + 0x28, + 0x5b66, + 0x29, + 0x28, + 0x76e3, + 0x29, + 0x28, + 0x4f01, + 0x29, + 0x28, + 0x8cc7, + 0x29, + 0x28, + 0x5354, + 0x29, + 0x28, + 0x796d, + 0x29, + 0x28, + 0x4f11, + 0x29, + 0x28, + 0x81ea, + 0x29, + 0x28, + 0x81f3, + 0x29, + 0x50, + 0x54, + 0x45, + 0x32, + 0x32, + 0x32, + 0x34, + 0x32, + 0x35, + 0x32, + 0x36, + 0x32, + 0x37, + 0x32, + 0x38, + 0x32, + 0x39, + 0x33, + 0x30, + 0x33, + 0x33, + 0x33, + 0x34, + 0x33, + 0x35, + 0x110e, + 0x1161, + 0x11b7, + 0x1100, + 0x1169, + 0x110c, + 0x116e, + 0x110b, + 0x1174, + 0x79d8, + 0x7537, + 0x9069, + 0x512a, + 0x5370, + 0x6ce8, + 0x9805, + 0x5199, + 0x6b63, + 0x5de6, + 0x53f3, + 0x533b, + 0x5b97, + 0x591c, + 0x33, + 0x36, + 0x33, + 0x37, + 0x33, + 0x38, + 0x33, + 0x39, + 0x34, + 0x30, + 0x34, + 0x34, + 0x34, + 0x35, + 0x34, + 0x36, + 0x34, + 0x37, + 0x34, + 0x38, + 0x34, + 0x39, + 0x35, + 0x30, + 0x31, + 0x6708, + 0x32, + 0x6708, + 0x33, + 0x6708, + 0x34, + 0x6708, + 0x35, + 0x6708, + 0x36, + 0x6708, + 0x37, + 0x6708, + 0x38, + 0x6708, + 0x39, + 0x6708, + 0x31, + 0x30, + 0x6708, + 0x31, + 0x31, + 0x6708, + 0x31, + 0x32, + 0x6708, + 0x48, + 0x67, + 0x65, + 0x72, + 0x67, + 0x65, + 0x56, + 0x4c, + 0x54, + 0x44, + 0x30a2, + 0x30a4, + 0x30a8, + 0x30aa, + 0x30ca, + 0x30cb, + 0x30cc, + 0x30cd, + 0x30ce, + 0x30de, + 0x30df, + 0x30e0, + 0x30e1, + 0x30e2, + 0x30e4, + 0x30e6, + 0x30e8, + 0x30e9, + 0x30ea, + 0x30eb, + 0x30ec, + 0x30ed, + 0x30a2, + 0x30d1, + 0x30fc, + 0x30c8, + 0x30a2, + 0x30eb, + 0x30d5, + 0x30a1, + 0x30a2, + 0x30f3, + 0x30da, + 0x30a2, + 0x30a2, + 0x30fc, + 0x30eb, + 0x30a4, + 0x30cb, + 0x30f3, + 0x30b0, + 0x30a4, + 0x30f3, + 0x30c1, + 0x30a6, + 0x30a9, + 0x30f3, + 0x30a8, + 0x30b9, + 0x30af, + 0x30fc, + 0x30c9, + 0x30a8, + 0x30fc, + 0x30ab, + 0x30fc, + 0x30aa, + 0x30f3, + 0x30b9, + 0x30aa, + 0x30fc, + 0x30e0, + 0x30ab, + 0x30a4, + 0x30ea, + 0x30ab, + 0x30e9, + 0x30c3, + 0x30c8, + 0x30ab, + 0x30ed, + 0x30ea, + 0x30fc, + 0x30ac, + 0x30ed, + 0x30f3, + 0x30ac, + 0x30f3, + 0x30de, + 0x30ae, + 0x30ac, + 0x30ae, + 0x30cb, + 0x30fc, + 0x30ad, + 0x30e5, + 0x30ea, + 0x30fc, + 0x30ae, + 0x30eb, + 0x30c0, + 0x30fc, + 0x30ad, + 0x30ed, + 0x30ad, + 0x30ed, + 0x30b0, + 0x30e9, + 0x30e0, + 0x30ad, + 0x30ed, + 0x30e1, + 0x30fc, + 0x30c8, + 0x30eb, + 0x30ad, + 0x30ed, + 0x30ef, + 0x30c3, + 0x30c8, + 0x30b0, + 0x30e9, + 0x30e0, + 0x30c8, + 0x30f3, + 0x30af, + 0x30eb, + 0x30bc, + 0x30a4, + 0x30ed, + 0x30af, + 0x30ed, + 0x30fc, + 0x30cd, + 0x30b1, + 0x30fc, + 0x30b9, + 0x30b3, + 0x30eb, + 0x30ca, + 0x30b3, + 0x30fc, + 0x30dd, + 0x30b5, + 0x30a4, + 0x30af, + 0x30eb, + 0x30b5, + 0x30f3, + 0x30c1, + 0x30fc, + 0x30e0, + 0x30b7, + 0x30ea, + 0x30f3, + 0x30b0, + 0x30bb, + 0x30f3, + 0x30c1, + 0x30bb, + 0x30f3, + 0x30c8, + 0x30c0, + 0x30fc, + 0x30b9, + 0x30c7, + 0x30b7, + 0x30c9, + 0x30eb, + 0x30ca, + 0x30ce, + 0x30ce, + 0x30c3, + 0x30c8, + 0x30cf, + 0x30a4, + 0x30c4, + 0x30d1, + 0x30fc, + 0x30bb, + 0x30f3, + 0x30c8, + 0x30d1, + 0x30fc, + 0x30c4, + 0x30d0, + 0x30fc, + 0x30ec, + 0x30eb, + 0x30d4, + 0x30a2, + 0x30b9, + 0x30c8, + 0x30eb, + 0x30d4, + 0x30af, + 0x30eb, + 0x30d4, + 0x30b3, + 0x30d3, + 0x30eb, + 0x30d5, + 0x30a1, + 0x30e9, + 0x30c3, + 0x30c9, + 0x30d5, + 0x30a3, + 0x30fc, + 0x30c8, + 0x30d6, + 0x30c3, + 0x30b7, + 0x30a7, + 0x30eb, + 0x30d5, + 0x30e9, + 0x30f3, + 0x30d8, + 0x30af, + 0x30bf, + 0x30fc, + 0x30eb, + 0x30da, + 0x30bd, + 0x30da, + 0x30cb, + 0x30d2, + 0x30d8, + 0x30eb, + 0x30c4, + 0x30da, + 0x30f3, + 0x30b9, + 0x30da, + 0x30fc, + 0x30b8, + 0x30d9, + 0x30fc, + 0x30bf, + 0x30dd, + 0x30a4, + 0x30f3, + 0x30c8, + 0x30dc, + 0x30eb, + 0x30c8, + 0x30db, + 0x30f3, + 0x30dd, + 0x30f3, + 0x30c9, + 0x30db, + 0x30fc, + 0x30eb, + 0x30db, + 0x30fc, + 0x30f3, + 0x30de, + 0x30a4, + 0x30af, + 0x30ed, + 0x30de, + 0x30a4, + 0x30eb, + 0x30de, + 0x30c3, + 0x30cf, + 0x30de, + 0x30eb, + 0x30af, + 0x30de, + 0x30f3, + 0x30b7, + 0x30e7, + 0x30f3, + 0x30df, + 0x30af, + 0x30ed, + 0x30f3, + 0x30df, + 0x30ea, + 0x30df, + 0x30ea, + 0x30d0, + 0x30fc, + 0x30eb, + 0x30e1, + 0x30ac, + 0x30e1, + 0x30ac, + 0x30c8, + 0x30f3, + 0x30e4, + 0x30fc, + 0x30c9, + 0x30e4, + 0x30fc, + 0x30eb, + 0x30e6, + 0x30a2, + 0x30f3, + 0x30ea, + 0x30c3, + 0x30c8, + 0x30eb, + 0x30ea, + 0x30e9, + 0x30eb, + 0x30d4, + 0x30fc, + 0x30eb, + 0x30fc, + 0x30d6, + 0x30eb, + 0x30ec, + 0x30e0, + 0x30ec, + 0x30f3, + 0x30c8, + 0x30b2, + 0x30f3, + 0x30, + 0x70b9, + 0x31, + 0x70b9, + 0x32, + 0x70b9, + 0x33, + 0x70b9, + 0x34, + 0x70b9, + 0x35, + 0x70b9, + 0x36, + 0x70b9, + 0x37, + 0x70b9, + 0x38, + 0x70b9, + 0x39, + 0x70b9, + 0x31, + 0x30, + 0x70b9, + 0x31, + 0x31, + 0x70b9, + 0x31, + 0x32, + 0x70b9, + 0x31, + 0x33, + 0x70b9, + 0x31, + 0x34, + 0x70b9, + 0x31, + 0x35, + 0x70b9, + 0x31, + 0x36, + 0x70b9, + 0x31, + 0x37, + 0x70b9, + 0x31, + 0x38, + 0x70b9, + 0x31, + 0x39, + 0x70b9, + 0x32, + 0x30, + 0x70b9, + 0x32, + 0x31, + 0x70b9, + 0x32, + 0x32, + 0x70b9, + 0x32, + 0x33, + 0x70b9, + 0x32, + 0x34, + 0x70b9, + 0x68, + 0x50, + 0x61, + 0x64, + 0x61, + 0x41, + 0x55, + 0x62, + 0x61, + 0x72, + 0x6f, + 0x56, + 0x70, + 0x63, + 0x64, + 0x6d, + 0x64, + 0x6d, + 0xb2, + 0x64, + 0x6d, + 0xb3, + 0x49, + 0x55, + 0x5e73, + 0x6210, + 0x662d, + 0x548c, + 0x5927, + 0x6b63, + 0x660e, + 0x6cbb, + 0x682a, + 0x5f0f, + 0x4f1a, + 0x793e, + 0x70, + 0x41, + 0x6e, + 0x41, + 0x3bc, + 0x41, + 0x6d, + 0x41, + 0x6b, + 0x41, + 0x4b, + 0x42, + 0x4d, + 0x42, + 0x47, + 0x42, + 0x63, + 0x61, + 0x6c, + 0x6b, + 0x63, + 0x61, + 0x6c, + 0x70, + 0x46, + 0x6e, + 0x46, + 0x3bc, + 0x46, + 0x3bc, + 0x67, + 0x6d, + 0x67, + 0x6b, + 0x67, + 0x48, + 0x7a, + 0x6b, + 0x48, + 0x7a, + 0x4d, + 0x48, + 0x7a, + 0x47, + 0x48, + 0x7a, + 0x54, + 0x48, + 0x7a, + 0x3bc, + 0x2113, + 0x6d, + 0x2113, + 0x64, + 0x2113, + 0x6b, + 0x2113, + 0x66, + 0x6d, + 0x6e, + 0x6d, + 0x3bc, + 0x6d, + 0x6d, + 0x6d, + 0x63, + 0x6d, + 0x6b, + 0x6d, + 0x6d, + 0x6d, + 0xb2, + 0x63, + 0x6d, + 0xb2, + 0x6b, + 0x6d, + 0xb2, + 0x6d, + 0x6d, + 0xb3, + 0x63, + 0x6d, + 0xb3, + 0x6b, + 0x6d, + 0xb3, + 0x6d, + 0x2215, + 0x73, + 0x6d, + 0x2215, + 0x73, + 0xb2, + 0x6b, + 0x50, + 0x61, + 0x4d, + 0x50, + 0x61, + 0x47, + 0x50, + 0x61, + 0x72, + 0x61, + 0x64, + 0x72, + 0x61, + 0x64, + 0x2215, + 0x73, + 0x72, + 0x61, + 0x64, + 0x2215, + 0x73, + 0xb2, + 0x70, + 0x73, + 0x6e, + 0x73, + 0x3bc, + 0x73, + 0x6d, + 0x73, + 0x70, + 0x56, + 0x6e, + 0x56, + 0x3bc, + 0x56, + 0x6d, + 0x56, + 0x6b, + 0x56, + 0x4d, + 0x56, + 0x70, + 0x57, + 0x6e, + 0x57, + 0x3bc, + 0x57, + 0x6d, + 0x57, + 0x6b, + 0x57, + 0x4d, + 0x57, + 0x6b, + 0x3a9, + 0x4d, + 0x3a9, + 0x61, + 0x2e, + 0x6d, + 0x2e, + 0x42, + 0x71, + 0x63, + 0x63, + 0x43, + 0x2215, + 0x6b, + 0x67, + 0x43, + 0x6f, + 0x2e, + 0x64, + 0x42, + 0x47, + 0x79, + 0x68, + 0x61, + 0x48, + 0x50, + 0x69, + 0x6e, + 0x4b, + 0x4b, + 0x4b, + 0x4d, + 0x6b, + 0x74, + 0x6c, + 0x6d, + 0x6c, + 0x6e, + 0x6c, + 0x6f, + 0x67, + 0x6c, + 0x78, + 0x6d, + 0x62, + 0x6d, + 0x69, + 0x6c, + 0x6d, + 0x6f, + 0x6c, + 0x50, + 0x48, + 0x70, + 0x2e, + 0x6d, + 0x2e, + 0x50, + 0x50, + 0x4d, + 0x50, + 0x52, + 0x53, + 0x76, + 0x57, + 0x62, + 0x56, + 0x2215, + 0x6d, + 0x41, + 0x2215, + 0x6d, + 0x31, + 0x65e5, + 0x32, + 0x65e5, + 0x33, + 0x65e5, + 0x34, + 0x65e5, + 0x35, + 0x65e5, + 0x36, + 0x65e5, + 0x37, + 0x65e5, + 0x38, + 0x65e5, + 0x39, + 0x65e5, + 0x31, + 0x30, + 0x65e5, + 0x31, + 0x31, + 0x65e5, + 0x31, + 0x32, + 0x65e5, + 0x31, + 0x33, + 0x65e5, + 0x31, + 0x34, + 0x65e5, + 0x31, + 0x35, + 0x65e5, + 0x31, + 0x36, + 0x65e5, + 0x31, + 0x37, + 0x65e5, + 0x31, + 0x38, + 0x65e5, + 0x31, + 0x39, + 0x65e5, + 0x32, + 0x30, + 0x65e5, + 0x32, + 0x31, + 0x65e5, + 0x32, + 0x32, + 0x65e5, + 0x32, + 0x33, + 0x65e5, + 0x32, + 0x34, + 0x65e5, + 0x32, + 0x35, + 0x65e5, + 0x32, + 0x36, + 0x65e5, + 0x32, + 0x37, + 0x65e5, + 0x32, + 0x38, + 0x65e5, + 0x32, + 0x39, + 0x65e5, + 0x33, + 0x30, + 0x65e5, + 0x33, + 0x31, + 0x65e5, + 0x67, + 0x61, + 0x6c, + 0x8c48, + 0x66f4, + 0x8cc8, + 0x6ed1, + 0x4e32, + 0x53e5, + 0x5951, + 0x5587, + 0x5948, + 0x61f6, + 0x7669, + 0x7f85, + 0x863f, + 0x87ba, + 0x88f8, + 0x908f, + 0x6a02, + 0x6d1b, + 0x70d9, + 0x73de, + 0x843d, + 0x916a, + 0x99f1, + 0x4e82, + 0x5375, + 0x6b04, + 0x721b, + 0x862d, + 0x9e1e, + 0x5d50, + 0x6feb, + 0x85cd, + 0x8964, + 0x62c9, + 0x81d8, + 0x881f, + 0x5eca, + 0x6717, + 0x6d6a, + 0x72fc, + 0x90ce, + 0x4f86, + 0x51b7, + 0x52de, + 0x64c4, + 0x6ad3, + 0x7210, + 0x76e7, + 0x8606, + 0x865c, + 0x8def, + 0x9732, + 0x9b6f, + 0x9dfa, + 0x788c, + 0x797f, + 0x7da0, + 0x83c9, + 0x9304, + 0x8ad6, + 0x58df, + 0x5f04, + 0x7c60, + 0x807e, + 0x7262, + 0x78ca, + 0x8cc2, + 0x96f7, + 0x58d8, + 0x5c62, + 0x6a13, + 0x6dda, + 0x6f0f, + 0x7d2f, + 0x7e37, + 0x964b, + 0x52d2, + 0x808b, + 0x51dc, + 0x51cc, + 0x7a1c, + 0x7dbe, + 0x83f1, + 0x9675, + 0x8b80, + 0x62cf, + 0x8afe, + 0x4e39, + 0x5be7, + 0x6012, + 0x7387, + 0x7570, + 0x5317, + 0x78fb, + 0x4fbf, + 0x5fa9, + 0x4e0d, + 0x6ccc, + 0x6578, + 0x7d22, + 0x53c3, + 0x585e, + 0x7701, + 0x8449, + 0x8aaa, + 0x6bba, + 0x6c88, + 0x62fe, + 0x82e5, + 0x63a0, + 0x7565, + 0x4eae, + 0x5169, + 0x51c9, + 0x6881, + 0x7ce7, + 0x826f, + 0x8ad2, + 0x91cf, + 0x52f5, + 0x5442, + 0x5eec, + 0x65c5, + 0x6ffe, + 0x792a, + 0x95ad, + 0x9a6a, + 0x9e97, + 0x9ece, + 0x66c6, + 0x6b77, + 0x8f62, + 0x5e74, + 0x6190, + 0x6200, + 0x649a, + 0x6f23, + 0x7149, + 0x7489, + 0x79ca, + 0x7df4, + 0x806f, + 0x8f26, + 0x84ee, + 0x9023, + 0x934a, + 0x5217, + 0x52a3, + 0x54bd, + 0x70c8, + 0x88c2, + 0x5ec9, + 0x5ff5, + 0x637b, + 0x6bae, + 0x7c3e, + 0x7375, + 0x4ee4, + 0x56f9, + 0x5dba, + 0x601c, + 0x73b2, + 0x7469, + 0x7f9a, + 0x8046, + 0x9234, + 0x96f6, + 0x9748, + 0x9818, + 0x4f8b, + 0x79ae, + 0x91b4, + 0x96b8, + 0x60e1, + 0x4e86, + 0x50da, + 0x5bee, + 0x5c3f, + 0x6599, + 0x71ce, + 0x7642, + 0x84fc, + 0x907c, + 0x6688, + 0x962e, + 0x5289, + 0x677b, + 0x67f3, + 0x6d41, + 0x6e9c, + 0x7409, + 0x7559, + 0x786b, + 0x7d10, + 0x985e, + 0x622e, + 0x9678, + 0x502b, + 0x5d19, + 0x6dea, + 0x8f2a, + 0x5f8b, + 0x6144, + 0x6817, + 0x9686, + 0x5229, + 0x540f, + 0x5c65, + 0x6613, + 0x674e, + 0x68a8, + 0x6ce5, + 0x7406, + 0x75e2, + 0x7f79, + 0x88cf, + 0x88e1, + 0x96e2, + 0x533f, + 0x6eba, + 0x541d, + 0x71d0, + 0x7498, + 0x85fa, + 0x96a3, + 0x9c57, + 0x9e9f, + 0x6797, + 0x6dcb, + 0x81e8, + 0x7b20, + 0x7c92, + 0x72c0, + 0x7099, + 0x8b58, + 0x4ec0, + 0x8336, + 0x523a, + 0x5207, + 0x5ea6, + 0x62d3, + 0x7cd6, + 0x5b85, + 0x6d1e, + 0x66b4, + 0x8f3b, + 0x964d, + 0x5ed3, + 0x5140, + 0x55c0, + 0x585a, + 0x6674, + 0x51de, + 0x732a, + 0x76ca, + 0x793c, + 0x795e, + 0x7965, + 0x798f, + 0x9756, + 0x7cbe, + 0x8612, + 0x8af8, + 0x9038, + 0x90fd, + 0x98ef, + 0x98fc, + 0x9928, + 0x9db4, + 0x4fae, + 0x50e7, + 0x514d, + 0x52c9, + 0x52e4, + 0x5351, + 0x559d, + 0x5606, + 0x5668, + 0x5840, + 0x58a8, + 0x5c64, + 0x6094, + 0x6168, + 0x618e, + 0x61f2, + 0x654f, + 0x65e2, + 0x6691, + 0x6885, + 0x6d77, + 0x6e1a, + 0x6f22, + 0x716e, + 0x722b, + 0x7422, + 0x7891, + 0x7949, + 0x7948, + 0x7950, + 0x7956, + 0x798d, + 0x798e, + 0x7a40, + 0x7a81, + 0x7bc0, + 0x7e09, + 0x7e41, + 0x7f72, + 0x8005, + 0x81ed, + 0x8279, + 0x8457, + 0x8910, + 0x8996, + 0x8b01, + 0x8b39, + 0x8cd3, + 0x8d08, + 0x8fb6, + 0x96e3, + 0x97ff, + 0x983b, + 0x66, + 0x66, + 0x66, + 0x69, + 0x66, + 0x6c, + 0x66, + 0x66, + 0x6c, + 0x17f, + 0x74, + 0x73, + 0x74, + 0x574, + 0x576, + 0x574, + 0x565, + 0x574, + 0x56b, + 0x57e, + 0x576, + 0x574, + 0x56d, + 0x5d9, + 0x5b4, + 0x5f2, + 0x5b7, + 0x5e2, + 0x5d4, + 0x5db, + 0x5dc, + 0x5dd, + 0x5e8, + 0x5ea, + 0x5e9, + 0x5c1, + 0x5e9, + 0x5c2, + 0xfb49, + 0x5c1, + 0xfb49, + 0x5c2, + 0x5d0, + 0x5b7, + 0x5d0, + 0x5b8, + 0x5d0, + 0x5bc, + 0x5d1, + 0x5bc, + 0x5d2, + 0x5bc, + 0x5d3, + 0x5bc, + 0x5d4, + 0x5bc, + 0x5d5, + 0x5bc, + 0x5d6, + 0x5bc, + 0x5d8, + 0x5bc, + 0x5d9, + 0x5bc, + 0x5da, + 0x5bc, + 0x5db, + 0x5bc, + 0x5dc, + 0x5bc, + 0x5de, + 0x5bc, + 0x5e0, + 0x5bc, + 0x5e1, + 0x5bc, + 0x5e3, + 0x5bc, + 0x5e4, + 0x5bc, + 0x5e6, + 0x5bc, + 0x5e7, + 0x5bc, + 0x5e8, + 0x5bc, + 0x5e9, + 0x5bc, + 0x5ea, + 0x5bc, + 0x5d5, + 0x5b9, + 0x5d1, + 0x5bf, + 0x5db, + 0x5bf, + 0x5e4, + 0x5bf, + 0x5d0, + 0x5dc, + 0x671, + 0x67b, + 0x67e, + 0x680, + 0x67a, + 0x67f, + 0x679, + 0x6a4, + 0x6a6, + 0x684, + 0x683, + 0x686, + 0x687, + 0x68d, + 0x68c, + 0x68e, + 0x688, + 0x698, + 0x691, + 0x6a9, + 0x6af, + 0x6b3, + 0x6b1, + 0x6ba, + 0x6bb, + 0x6c0, + 0x6be, + 0x6d3, + 0x6ad, + 0x6c6, + 0x6c8, + 0x677, + 0x6cb, + 0x6c5, + 0x6c9, + 0x6d0, + 0x649, + 0x626, + 0x627, + 0x626, + 0x6d5, + 0x626, + 0x648, + 0x626, + 0x6c7, + 0x626, + 0x6c6, + 0x626, + 0x6c8, + 0x626, + 0x6d0, + 0x626, + 0x649, + 0x6cc, + 0x626, + 0x62c, + 0x626, + 0x62d, + 0x626, + 0x645, + 0x626, + 0x64a, + 0x628, + 0x62c, + 0x628, + 0x62d, + 0x628, + 0x62e, + 0x628, + 0x645, + 0x628, + 0x649, + 0x628, + 0x64a, + 0x62a, + 0x62c, + 0x62a, + 0x62d, + 0x62a, + 0x62e, + 0x62a, + 0x645, + 0x62a, + 0x649, + 0x62a, + 0x64a, + 0x62b, + 0x62c, + 0x62b, + 0x645, + 0x62b, + 0x649, + 0x62b, + 0x64a, + 0x62c, + 0x62d, + 0x62c, + 0x645, + 0x62d, + 0x645, + 0x62e, + 0x62c, + 0x62e, + 0x62d, + 0x62e, + 0x645, + 0x633, + 0x62c, + 0x633, + 0x62d, + 0x633, + 0x62e, + 0x633, + 0x645, + 0x635, + 0x62d, + 0x635, + 0x645, + 0x636, + 0x62c, + 0x636, + 0x62d, + 0x636, + 0x62e, + 0x636, + 0x645, + 0x637, + 0x62d, + 0x637, + 0x645, + 0x638, + 0x645, + 0x639, + 0x62c, + 0x639, + 0x645, + 0x63a, + 0x62c, + 0x63a, + 0x645, + 0x641, + 0x62c, + 0x641, + 0x62d, + 0x641, + 0x62e, + 0x641, + 0x645, + 0x641, + 0x649, + 0x641, + 0x64a, + 0x642, + 0x62d, + 0x642, + 0x645, + 0x642, + 0x649, + 0x642, + 0x64a, + 0x643, + 0x627, + 0x643, + 0x62c, + 0x643, + 0x62d, + 0x643, + 0x62e, + 0x643, + 0x644, + 0x643, + 0x645, + 0x643, + 0x649, + 0x643, + 0x64a, + 0x644, + 0x62c, + 0x644, + 0x62d, + 0x644, + 0x62e, + 0x644, + 0x645, + 0x644, + 0x649, + 0x644, + 0x64a, + 0x645, + 0x62c, + 0x645, + 0x645, + 0x645, + 0x649, + 0x645, + 0x64a, + 0x646, + 0x62c, + 0x646, + 0x62d, + 0x646, + 0x62e, + 0x646, + 0x645, + 0x646, + 0x649, + 0x646, + 0x64a, + 0x647, + 0x62c, + 0x647, + 0x645, + 0x647, + 0x649, + 0x647, + 0x64a, + 0x64a, + 0x62d, + 0x64a, + 0x62e, + 0x64a, + 0x649, + 0x630, + 0x670, + 0x631, + 0x670, + 0x649, + 0x670, + 0x20, + 0x64c, + 0x651, + 0x20, + 0x64d, + 0x651, + 0x20, + 0x64e, + 0x651, + 0x20, + 0x64f, + 0x651, + 0x20, + 0x650, + 0x651, + 0x20, + 0x651, + 0x670, + 0x626, + 0x631, + 0x626, + 0x632, + 0x626, + 0x646, + 0x628, + 0x631, + 0x628, + 0x632, + 0x628, + 0x646, + 0x62a, + 0x631, + 0x62a, + 0x632, + 0x62a, + 0x646, + 0x62b, + 0x631, + 0x62b, + 0x632, + 0x62b, + 0x646, + 0x645, + 0x627, + 0x646, + 0x631, + 0x646, + 0x632, + 0x646, + 0x646, + 0x64a, + 0x631, + 0x64a, + 0x632, + 0x626, + 0x62e, + 0x626, + 0x647, + 0x628, + 0x647, + 0x62a, + 0x647, + 0x635, + 0x62e, + 0x644, + 0x647, + 0x646, + 0x647, + 0x647, + 0x670, + 0x62b, + 0x647, + 0x633, + 0x647, + 0x634, + 0x645, + 0x634, + 0x647, + 0x640, + 0x64e, + 0x651, + 0x640, + 0x64f, + 0x651, + 0x640, + 0x650, + 0x651, + 0x637, + 0x649, + 0x637, + 0x64a, + 0x639, + 0x649, + 0x639, + 0x64a, + 0x63a, + 0x649, + 0x63a, + 0x64a, + 0x633, + 0x649, + 0x633, + 0x64a, + 0x634, + 0x649, + 0x634, + 0x64a, + 0x62d, + 0x649, + 0x62c, + 0x649, + 0x62c, + 0x64a, + 0x62e, + 0x649, + 0x635, + 0x649, + 0x635, + 0x64a, + 0x636, + 0x649, + 0x636, + 0x64a, + 0x634, + 0x62c, + 0x634, + 0x62d, + 0x634, + 0x62e, + 0x634, + 0x631, + 0x633, + 0x631, + 0x635, + 0x631, + 0x636, + 0x631, + 0x627, + 0x64b, + 0x62a, + 0x62c, + 0x645, + 0x62a, + 0x62d, + 0x62c, + 0x62a, + 0x62d, + 0x645, + 0x62a, + 0x62e, + 0x645, + 0x62a, + 0x645, + 0x62c, + 0x62a, + 0x645, + 0x62d, + 0x62a, + 0x645, + 0x62e, + 0x62d, + 0x645, + 0x64a, + 0x62d, + 0x645, + 0x649, + 0x633, + 0x62d, + 0x62c, + 0x633, + 0x62c, + 0x62d, + 0x633, + 0x62c, + 0x649, + 0x633, + 0x645, + 0x62d, + 0x633, + 0x645, + 0x62c, + 0x633, + 0x645, + 0x645, + 0x635, + 0x62d, + 0x62d, + 0x635, + 0x645, + 0x645, + 0x634, + 0x62d, + 0x645, + 0x634, + 0x62c, + 0x64a, + 0x634, + 0x645, + 0x62e, + 0x634, + 0x645, + 0x645, + 0x636, + 0x62d, + 0x649, + 0x636, + 0x62e, + 0x645, + 0x637, + 0x645, + 0x62d, + 0x637, + 0x645, + 0x645, + 0x637, + 0x645, + 0x64a, + 0x639, + 0x62c, + 0x645, + 0x639, + 0x645, + 0x645, + 0x639, + 0x645, + 0x649, + 0x63a, + 0x645, + 0x645, + 0x63a, + 0x645, + 0x64a, + 0x63a, + 0x645, + 0x649, + 0x641, + 0x62e, + 0x645, + 0x642, + 0x645, + 0x62d, + 0x642, + 0x645, + 0x645, + 0x644, + 0x62d, + 0x645, + 0x644, + 0x62d, + 0x64a, + 0x644, + 0x62d, + 0x649, + 0x644, + 0x62c, + 0x62c, + 0x644, + 0x62e, + 0x645, + 0x644, + 0x645, + 0x62d, + 0x645, + 0x62d, + 0x62c, + 0x645, + 0x62d, + 0x64a, + 0x645, + 0x62c, + 0x62d, + 0x645, + 0x62e, + 0x645, + 0x645, + 0x62c, + 0x62e, + 0x647, + 0x645, + 0x62c, + 0x647, + 0x645, + 0x645, + 0x646, + 0x62d, + 0x645, + 0x646, + 0x62d, + 0x649, + 0x646, + 0x62c, + 0x645, + 0x646, + 0x62c, + 0x649, + 0x646, + 0x645, + 0x64a, + 0x646, + 0x645, + 0x649, + 0x64a, + 0x645, + 0x645, + 0x628, + 0x62e, + 0x64a, + 0x62a, + 0x62c, + 0x64a, + 0x62a, + 0x62c, + 0x649, + 0x62a, + 0x62e, + 0x64a, + 0x62a, + 0x62e, + 0x649, + 0x62a, + 0x645, + 0x64a, + 0x62a, + 0x645, + 0x649, + 0x62c, + 0x645, + 0x64a, + 0x62c, + 0x62d, + 0x649, + 0x62c, + 0x645, + 0x649, + 0x633, + 0x62e, + 0x649, + 0x635, + 0x62d, + 0x64a, + 0x634, + 0x62d, + 0x64a, + 0x636, + 0x62d, + 0x64a, + 0x644, + 0x62c, + 0x64a, + 0x644, + 0x645, + 0x64a, + 0x64a, + 0x62c, + 0x64a, + 0x64a, + 0x645, + 0x64a, + 0x645, + 0x645, + 0x64a, + 0x642, + 0x645, + 0x64a, + 0x646, + 0x62d, + 0x64a, + 0x639, + 0x645, + 0x64a, + 0x643, + 0x645, + 0x64a, + 0x646, + 0x62c, + 0x62d, + 0x645, + 0x62e, + 0x64a, + 0x644, + 0x62c, + 0x645, + 0x643, + 0x645, + 0x645, + 0x62c, + 0x62d, + 0x64a, + 0x62d, + 0x62c, + 0x64a, + 0x645, + 0x62c, + 0x64a, + 0x641, + 0x645, + 0x64a, + 0x628, + 0x62d, + 0x64a, + 0x633, + 0x62e, + 0x64a, + 0x646, + 0x62c, + 0x64a, + 0x635, + 0x644, + 0x6d2, + 0x642, + 0x644, + 0x6d2, + 0x627, + 0x644, + 0x644, + 0x647, + 0x627, + 0x643, + 0x628, + 0x631, + 0x645, + 0x62d, + 0x645, + 0x62f, + 0x635, + 0x644, + 0x639, + 0x645, + 0x631, + 0x633, + 0x648, + 0x644, + 0x639, + 0x644, + 0x64a, + 0x647, + 0x648, + 0x633, + 0x644, + 0x645, + 0x635, + 0x644, + 0x649, + 0x635, + 0x644, + 0x649, + 0x20, + 0x627, + 0x644, + 0x644, + 0x647, + 0x20, + 0x639, + 0x644, + 0x64a, + 0x647, + 0x20, + 0x648, + 0x633, + 0x644, + 0x645, + 0x62c, + 0x644, + 0x20, + 0x62c, + 0x644, + 0x627, + 0x644, + 0x647, + 0x631, + 0x6cc, + 0x627, + 0x644, + 0x2025, + 0x2014, + 0x2013, + 0x5f, + 0x7b, + 0x7d, + 0x3014, + 0x3015, + 0x3010, + 0x3011, + 0x300a, + 0x300b, + 0x300c, + 0x300d, + 0x300e, + 0x300f, + 0x5b, + 0x5d, + 0x203e, + 0x2c, + 0x3001, + 0x23, + 0x26, + 0x2a, + 0x2d, + 0x5c, + 0x24, + 0x25, + 0x40, + 0x20, + 0x64b, + 0x640, + 0x64b, + 0x640, + 0x651, + 0x20, + 0x652, + 0x640, + 0x652, + 0x621, + 0x622, + 0x623, + 0x624, + 0x625, + 0x629, + 0x644, + 0x622, + 0x644, + 0x623, + 0x644, + 0x625, + 0x22, + 0x27, + 0x5e, + 0x7c, + 0x7e, + 0x2985, + 0x2986, + 0x3002, + 0x30fb, + 0x30a5, + 0x30e3, + 0x3164, + 0x3131, + 0x3132, + 0x3133, + 0x3134, + 0x3135, + 0x3136, + 0x3137, + 0x3138, + 0x3139, + 0x313a, + 0x313b, + 0x313c, + 0x313d, + 0x313e, + 0x313f, + 0x3140, + 0x3141, + 0x3142, + 0x3143, + 0x3144, + 0x3145, + 0x3146, + 0x3147, + 0x3148, + 0x3149, + 0x314a, + 0x314b, + 0x314c, + 0x314d, + 0x314e, + 0x314f, + 0x3150, + 0x3151, + 0x3152, + 0x3153, + 0x3154, + 0x3155, + 0x3156, + 0x3157, + 0x3158, + 0x3159, + 0x315a, + 0x315b, + 0x315c, + 0x315d, + 0x315e, + 0x315f, + 0x3160, + 0x3161, + 0x3162, + 0x3163, + 0xa2, + 0xa3, + 0xac, + 0xaf, + 0xa6, + 0xa5, + 0x20a9, + 0x2502, + 0x2191, + 0x2193, + 0x25a0, + 0x25cb, + 0x1d157, + 0x1d165, + 0x1d158, + 0x1d165, + 0x1d15f, + 0x1d16e, + 0x1d15f, + 0x1d16f, + 0x1d15f, + 0x1d170, + 0x1d15f, + 0x1d171, + 0x1d15f, + 0x1d172, + 0x1d1b9, + 0x1d165, + 0x1d1ba, + 0x1d165, + 0x1d1bb, + 0x1d16e, + 0x1d1bc, + 0x1d16e, + 0x1d1bb, + 0x1d16f, + 0x1d1bc, + 0x1d16f, + 0x392, + 0x394, + 0x396, + 0x39a, + 0x39b, + 0x39c, + 0x39d, + 0x39e, + 0x3f4, + 0x3a4, + 0x3a6, + 0x3a7, + 0x3a8, + 0x2207, + 0x3b6, + 0x3bb, + 0x3bd, + 0x3be, + 0x3c3, + 0x3c4, + 0x3c8, + 0x2202, + 0x3f5, + 0x3d1, + 0x3f0, + 0x3d5, + 0x3f1, + 0x3d6, + 0x4e3d, + 0x4e38, + 0x4e41, + 0x20122, + 0x4f60, + 0x4fbb, + 0x5002, + 0x507a, + 0x5099, + 0x50cf, + 0x349e, + 0x2063a, + 0x5154, + 0x5164, + 0x5177, + 0x2051c, + 0x34b9, + 0x5167, + 0x518d, + 0x2054b, + 0x5197, + 0x51a4, + 0x4ecc, + 0x51ac, + 0x51b5, + 0x291df, + 0x5203, + 0x34df, + 0x523b, + 0x5246, + 0x5272, + 0x5277, + 0x3515, + 0x52c7, + 0x52fa, + 0x5305, + 0x5306, + 0x5349, + 0x535a, + 0x5373, + 0x537d, + 0x537f, + 0x20a2c, + 0x7070, + 0x53ca, + 0x53df, + 0x20b63, + 0x53eb, + 0x53f1, + 0x5406, + 0x549e, + 0x5438, + 0x5448, + 0x5468, + 0x54a2, + 0x54f6, + 0x5510, + 0x5553, + 0x5563, + 0x5584, + 0x5599, + 0x55ab, + 0x55b3, + 0x55c2, + 0x5716, + 0x5717, + 0x5651, + 0x5674, + 0x58ee, + 0x57ce, + 0x57f4, + 0x580d, + 0x578b, + 0x5832, + 0x5831, + 0x58ac, + 0x214e4, + 0x58f2, + 0x58f7, + 0x5906, + 0x591a, + 0x5922, + 0x5962, + 0x216a8, + 0x216ea, + 0x59ec, + 0x5a1b, + 0x5a27, + 0x59d8, + 0x5a66, + 0x36ee, + 0x36fc, + 0x5b08, + 0x5b3e, + 0x219c8, + 0x5bc3, + 0x5bd8, + 0x5bf3, + 0x21b18, + 0x5bff, + 0x5c06, + 0x5f53, + 0x3781, + 0x5c60, + 0x5cc0, + 0x5c8d, + 0x21de4, + 0x5d43, + 0x21de6, + 0x5d6e, + 0x5d6b, + 0x5d7c, + 0x5de1, + 0x5de2, + 0x382f, + 0x5dfd, + 0x5e28, + 0x5e3d, + 0x5e69, + 0x3862, + 0x22183, + 0x387c, + 0x5eb0, + 0x5eb3, + 0x5eb6, + 0x2a392, + 0x22331, + 0x8201, + 0x5f22, + 0x38c7, + 0x232b8, + 0x261da, + 0x5f62, + 0x5f6b, + 0x38e3, + 0x5f9a, + 0x5fcd, + 0x5fd7, + 0x5ff9, + 0x6081, + 0x393a, + 0x391c, + 0x226d4, + 0x60c7, + 0x6148, + 0x614c, + 0x614e, + 0x617a, + 0x61b2, + 0x61a4, + 0x61af, + 0x61de, + 0x621b, + 0x625d, + 0x62b1, + 0x62d4, + 0x6350, + 0x22b0c, + 0x633d, + 0x62fc, + 0x6368, + 0x6383, + 0x63e4, + 0x22bf1, + 0x6422, + 0x63c5, + 0x63a9, + 0x3a2e, + 0x6469, + 0x647e, + 0x649d, + 0x6477, + 0x3a6c, + 0x656c, + 0x2300a, + 0x65e3, + 0x66f8, + 0x6649, + 0x3b19, + 0x3b08, + 0x3ae4, + 0x5192, + 0x5195, + 0x6700, + 0x669c, + 0x80ad, + 0x43d9, + 0x671b, + 0x6721, + 0x675e, + 0x6753, + 0x233c3, + 0x3b49, + 0x67fa, + 0x6785, + 0x6852, + 0x2346d, + 0x688e, + 0x681f, + 0x6914, + 0x3b9d, + 0x6942, + 0x69a3, + 0x69ea, + 0x6aa8, + 0x236a3, + 0x6adb, + 0x3c18, + 0x6b21, + 0x238a7, + 0x6b54, + 0x3c4e, + 0x6b72, + 0x6b9f, + 0x6bbb, + 0x23a8d, + 0x21d0b, + 0x23afa, + 0x6c4e, + 0x23cbc, + 0x6cbf, + 0x6ccd, + 0x6c67, + 0x6d16, + 0x6d3e, + 0x6d69, + 0x6d78, + 0x6d85, + 0x23d1e, + 0x6d34, + 0x6e2f, + 0x6e6e, + 0x3d33, + 0x6ecb, + 0x6ec7, + 0x23ed1, + 0x6df9, + 0x6f6e, + 0x23f5e, + 0x23f8e, + 0x6fc6, + 0x7039, + 0x701e, + 0x701b, + 0x3d96, + 0x704a, + 0x707d, + 0x7077, + 0x70ad, + 0x20525, + 0x7145, + 0x24263, + 0x719c, + 0x243ab, + 0x7228, + 0x7235, + 0x7250, + 0x24608, + 0x7280, + 0x7295, + 0x24735, + 0x24814, + 0x737a, + 0x738b, + 0x3eac, + 0x73a5, + 0x3eb8, + 0x7447, + 0x745c, + 0x7471, + 0x7485, + 0x74ca, + 0x3f1b, + 0x7524, + 0x24c36, + 0x753e, + 0x24c92, + 0x2219f, + 0x7610, + 0x24fa1, + 0x24fb8, + 0x25044, + 0x3ffc, + 0x4008, + 0x76f4, + 0x250f3, + 0x250f2, + 0x25119, + 0x25133, + 0x771e, + 0x771f, + 0x774a, + 0x4039, + 0x778b, + 0x4046, + 0x4096, + 0x2541d, + 0x784e, + 0x78cc, + 0x40e3, + 0x25626, + 0x2569a, + 0x256c5, + 0x79eb, + 0x412f, + 0x7a4a, + 0x7a4f, + 0x2597c, + 0x25aa7, + 0x7aee, + 0x4202, + 0x25bab, + 0x7bc6, + 0x7bc9, + 0x4227, + 0x25c80, + 0x7cd2, + 0x42a0, + 0x7ce8, + 0x7ce3, + 0x7d00, + 0x25f86, + 0x7d63, + 0x4301, + 0x7dc7, + 0x7e02, + 0x7e45, + 0x4334, + 0x26228, + 0x26247, + 0x4359, + 0x262d9, + 0x7f7a, + 0x2633e, + 0x7f95, + 0x7ffa, + 0x264da, + 0x26523, + 0x8060, + 0x265a8, + 0x8070, + 0x2335f, + 0x43d5, + 0x80b2, + 0x8103, + 0x440b, + 0x813e, + 0x5ab5, + 0x267a7, + 0x267b5, + 0x23393, + 0x2339c, + 0x8204, + 0x8f9e, + 0x446b, + 0x8291, + 0x828b, + 0x829d, + 0x52b3, + 0x82b1, + 0x82b3, + 0x82bd, + 0x82e6, + 0x26b3c, + 0x831d, + 0x8363, + 0x83ad, + 0x8323, + 0x83bd, + 0x83e7, + 0x8353, + 0x83ca, + 0x83cc, + 0x83dc, + 0x26c36, + 0x26d6b, + 0x26cd5, + 0x452b, + 0x84f1, + 0x84f3, + 0x8516, + 0x273ca, + 0x8564, + 0x26f2c, + 0x455d, + 0x4561, + 0x26fb1, + 0x270d2, + 0x456b, + 0x8650, + 0x8667, + 0x8669, + 0x86a9, + 0x8688, + 0x870e, + 0x86e2, + 0x8779, + 0x8728, + 0x876b, + 0x8786, + 0x45d7, + 0x87e1, + 0x8801, + 0x45f9, + 0x8860, + 0x27667, + 0x88d7, + 0x88de, + 0x4635, + 0x88fa, + 0x34bb, + 0x278ae, + 0x27966, + 0x46be, + 0x46c7, + 0x8aa0, + 0x8aed, + 0x8b8a, + 0x27ca8, + 0x8cab, + 0x8cc1, + 0x8d1b, + 0x8d77, + 0x27f2f, + 0x20804, + 0x8dcb, + 0x8dbc, + 0x8df0, + 0x208de, + 0x8ed4, + 0x8f38, + 0x285d2, + 0x285ed, + 0x9094, + 0x90f1, + 0x9111, + 0x2872e, + 0x911b, + 0x9238, + 0x92d7, + 0x92d8, + 0x927c, + 0x93f9, + 0x9415, + 0x28bfa, + 0x958b, + 0x4995, + 0x95b7, + 0x28d77, + 0x49e6, + 0x96c3, + 0x5db2, + 0x9723, + 0x29145, + 0x2921a, + 0x4a6e, + 0x4a76, + 0x97e0, + 0x2940a, + 0x4ab2, + 0x29496, + 0x980b, + 0x9829, + 0x295b6, + 0x98e2, + 0x4b33, + 0x9929, + 0x99a7, + 0x99c2, + 0x99fe, + 0x4bce, + 0x29b30, + 0x9b12, + 0x9c40, + 0x9cfd, + 0x4cce, + 0x4ced, + 0x9d67, + 0x2a0ce, + 0x4cf8, + 0x2a105, + 0x2a20e, + 0x2a291, + 0x4d56, + 0x9efe, + 0x9f05, + 0x9f0f, + 0x9f16, + 0x2a600, +}; + +const struct canon_node _wind_canon_table[] = { + {0x0, 0, 3, 0}, + {0x0, 0, 10, 3}, + {0x0, 0, 16, 13}, + {0x0, 0, 15, 29}, + {0x0, 1, 14, 44}, + {0x2f993, 16, 16, 57}, + {0x0, 0, 16, 57}, + {0x0, 0, 16, 73}, + {0x0, 8, 16, 89}, + {0xf942, 16, 16, 97}, + {0x2f994, 16, 16, 97}, + {0x0, 0, 16, 97}, + {0x0, 9, 15, 113}, + {0x0, 5, 6, 119}, + {0x2f9ef, 16, 16, 120}, + {0x0, 0, 16, 120}, + {0x0, 0, 16, 136}, + {0x0, 0, 16, 152}, + {0x0, 0, 1, 168}, + {0x0, 0, 1, 169}, + {0x0, 3, 4, 170}, + {0x0, 4, 5, 171}, + {0x0, 5, 6, 172}, + {0x1f94, 16, 16, 173}, + {0x0, 0, 16, 173}, + {0x0, 0, 12, 189}, + {0x0, 10, 12, 201}, + {0x2f8f6, 16, 16, 203}, + {0xf970, 16, 16, 203}, + {0x0, 0, 16, 203}, + {0x0, 2, 14, 219}, + {0x0, 2, 6, 231}, + {0x0, 0, 1, 235}, + {0x0, 0, 1, 236}, + {0x0, 6, 7, 237}, + {0x0, 5, 6, 238}, + {0x0, 4, 5, 239}, + {0x6c0, 16, 16, 240}, + {0x0, 0, 16, 240}, + {0x0, 0, 13, 256}, + {0x0, 9, 10, 269}, + {0xf9ae, 16, 16, 270}, + {0x0, 0, 16, 270}, + {0x0, 2, 16, 286}, + {0x0, 15, 16, 300}, + {0xfa69, 16, 16, 301}, + {0x0, 0, 11, 301}, + {0x0, 1, 16, 312}, + {0x0, 3, 14, 327}, + {0x0, 6, 7, 338}, + {0x2f9a4, 16, 16, 339}, + {0x0, 4, 15, 339}, + {0x0, 9, 10, 350}, + {0xf9be, 16, 16, 351}, + {0x0, 1, 12, 351}, + {0x0, 7, 8, 362}, + {0x2f864, 16, 16, 363}, + {0x0, 0, 13, 363}, + {0x0, 0, 1, 376}, + {0x0, 0, 1, 377}, + {0x0, 3, 4, 378}, + {0x0, 4, 5, 379}, + {0x0, 5, 6, 380}, + {0x1fc2, 16, 16, 381}, + {0x0, 0, 16, 381}, + {0x0, 0, 16, 397}, + {0x0, 1, 16, 413}, + {0x0, 0, 1, 428}, + {0x0, 3, 4, 429}, + {0x0, 0, 1, 430}, + {0x0, 9, 10, 431}, + {0x0, 9, 10, 432}, + {0x3065, 16, 16, 433}, + {0x0, 0, 3, 433}, + {0x0, 0, 12, 436}, + {0x0, 3, 14, 448}, + {0x0, 0, 1, 459}, + {0x0, 0, 1, 460}, + {0x0, 3, 4, 461}, + {0x0, 3, 4, 462}, + {0x0, 8, 9, 463}, + {0x2244, 16, 16, 464}, + {0x0, 0, 15, 464}, + {0x0, 0, 12, 479}, + {0x0, 0, 1, 491}, + {0x0, 0, 1, 492}, + {0x0, 3, 4, 493}, + {0x0, 0, 1, 494}, + {0x0, 8, 9, 495}, + {0x1e7b, 16, 16, 496}, + {0x0, 1, 16, 496}, + {0x0, 0, 1, 511}, + {0x0, 3, 4, 512}, + {0x0, 0, 1, 513}, + {0x0, 9, 10, 514}, + {0x0, 9, 10, 515}, + {0x30ba, 16, 16, 516}, + {0x2f995, 16, 16, 516}, + {0x0, 0, 15, 516}, + {0x0, 0, 15, 531}, + {0x0, 0, 1, 546}, + {0x0, 0, 1, 547}, + {0x0, 3, 4, 548}, + {0x0, 0, 1, 549}, + {0x0, 8, 9, 550}, + {0x4df, 16, 16, 551}, + {0x0, 0, 16, 551}, + {0x0, 7, 8, 567}, + {0x2f9d7, 16, 16, 568}, + {0x0, 0, 16, 568}, + {0x0, 14, 15, 584}, + {0x2f86b, 16, 16, 585}, + {0xf94a, 16, 16, 585}, + {0x0, 4, 14, 585}, + {0x0, 9, 13, 595}, + {0x0, 0, 1, 599}, + {0x0, 0, 1, 600}, + {0x0, 13, 14, 601}, + {0x0, 12, 13, 602}, + {0x0, 10, 11, 603}, + {0xddd, 16, 16, 604}, + {0x0, 2, 16, 604}, + {0x0, 1, 15, 618}, + {0xf91a, 16, 16, 632}, + {0x0, 0, 16, 632}, + {0x0, 1, 4, 648}, + {0x0, 9, 10, 651}, + {0x2f943, 16, 16, 652}, + {0x0, 0, 16, 652}, + {0x0, 10, 11, 668}, + {0x0, 8, 9, 669}, + {0x2f9d3, 16, 16, 670}, + {0x0, 3, 16, 670}, + {0x0, 1, 16, 683}, + {0x0, 0, 1, 698}, + {0x0, 0, 1, 699}, + {0x0, 3, 4, 700}, + {0x0, 0, 3, 701}, + {0x0, 1, 13, 704}, + {0x10c, 16, 16, 716}, + {0x0, 1, 16, 716}, + {0x0, 1, 2, 731}, + {0xf958, 16, 16, 732}, + {0x0, 0, 1, 732}, + {0x0, 0, 1, 733}, + {0x0, 3, 4, 734}, + {0x0, 0, 1, 735}, + {0x0, 0, 9, 736}, + {0x4e5, 16, 16, 745}, + {0x439, 16, 16, 745}, + {0x4e3, 16, 16, 745}, + {0x0, 2, 15, 745}, + {0x0, 12, 13, 758}, + {0x2f8c7, 16, 16, 759}, + {0x0, 0, 1, 759}, + {0x0, 3, 4, 760}, + {0x0, 0, 1, 761}, + {0x0, 9, 10, 762}, + {0x0, 9, 10, 763}, + {0x30b4, 16, 16, 764}, + {0x45d, 16, 16, 764}, + {0x0, 0, 16, 764}, + {0x0, 0, 1, 780}, + {0x0, 0, 1, 781}, + {0x0, 3, 4, 782}, + {0x0, 0, 3, 783}, + {0x0, 0, 10, 786}, + {0x1ee8, 16, 16, 796}, + {0x0, 0, 16, 796}, + {0x0, 0, 1, 812}, + {0x0, 0, 1, 813}, + {0x0, 3, 4, 814}, + {0x0, 0, 4, 815}, + {0x0, 3, 14, 819}, + {0x1eb9, 16, 16, 830}, + {0x1eee, 16, 16, 830}, + {0x229, 16, 16, 830}, + {0x1eec, 16, 16, 830}, + {0x119, 16, 16, 830}, + {0x2fa07, 16, 16, 830}, + {0x10a, 16, 16, 830}, + {0x106, 16, 16, 830}, + {0x108, 16, 16, 830}, + {0x0, 1, 16, 830}, + {0x0, 9, 10, 845}, + {0x2f90e, 16, 16, 846}, + {0x0, 0, 14, 846}, + {0x0, 1, 16, 860}, + {0x0, 0, 1, 875}, + {0x0, 0, 1, 876}, + {0x0, 3, 4, 877}, + {0x0, 0, 2, 878}, + {0x0, 4, 5, 880}, + {0x1f59, 16, 16, 881}, + {0x0, 6, 12, 881}, + {0x0, 14, 15, 887}, + {0x2f9f8, 16, 16, 888}, + {0x0, 0, 11, 888}, + {0x0, 0, 1, 899}, + {0x0, 0, 1, 900}, + {0x0, 3, 4, 901}, + {0x0, 0, 4, 902}, + {0x0, 1, 2, 906}, + {0x212, 16, 16, 907}, + {0x0, 0, 1, 907}, + {0x0, 0, 1, 908}, + {0x0, 3, 4, 909}, + {0x0, 0, 3, 910}, + {0x0, 1, 12, 913}, + {0x20f, 16, 16, 924}, + {0x0, 2, 14, 924}, + {0x0, 0, 1, 936}, + {0x0, 0, 1, 937}, + {0x0, 3, 4, 938}, + {0x0, 3, 4, 939}, + {0x0, 8, 9, 940}, + {0x22e1, 16, 16, 941}, + {0x0, 0, 15, 941}, + {0x0, 13, 14, 956}, + {0xf967, 16, 16, 957}, + {0x1e19, 16, 16, 957}, + {0x0, 1, 16, 957}, + {0x0, 10, 11, 972}, + {0xf9f0, 16, 16, 973}, + {0x0, 0, 15, 973}, + {0x0, 2, 3, 988}, + {0x2f807, 16, 16, 989}, + {0x0, 3, 15, 989}, + {0x0, 13, 14, 1001}, + {0x2f8b9, 16, 16, 1002}, + {0x0, 0, 1, 1002}, + {0x0, 0, 1, 1003}, + {0x0, 3, 4, 1004}, + {0x0, 0, 4, 1005}, + {0x0, 0, 16, 1009}, + {0x1d0, 16, 16, 1025}, + {0x0, 0, 14, 1025}, + {0x0, 9, 10, 1039}, + {0x2f974, 16, 16, 1040}, + {0x0, 1, 12, 1040}, + {0x0, 1, 5, 1051}, + {0x0, 5, 6, 1055}, + {0x2f91b, 16, 16, 1056}, + {0x0, 0, 1, 1056}, + {0x0, 0, 1, 1057}, + {0x0, 3, 4, 1058}, + {0x0, 3, 4, 1059}, + {0x0, 8, 9, 1060}, + {0x22e0, 16, 16, 1061}, + {0x0, 0, 16, 1061}, + {0x0, 1, 11, 1077}, + {0x2f82e, 16, 16, 1087}, + {0x0, 0, 16, 1087}, + {0x0, 0, 1, 1103}, + {0x0, 0, 1, 1104}, + {0x0, 3, 4, 1105}, + {0x0, 0, 2, 1106}, + {0x0, 3, 5, 1108}, + {0x1f19, 16, 16, 1110}, + {0x0, 0, 10, 1110}, + {0x0, 9, 10, 1120}, + {0x2f8ce, 16, 16, 1121}, + {0x1f18, 16, 16, 1121}, + {0x0, 1, 15, 1121}, + {0x1f7d, 0, 1, 1135}, + {0x0, 0, 1, 1136}, + {0x0, 3, 4, 1137}, + {0x0, 4, 5, 1138}, + {0x0, 5, 6, 1139}, + {0x1ff4, 16, 16, 1140}, + {0x0, 0, 16, 1140}, + {0x0, 9, 10, 1156}, + {0xf9dd, 16, 16, 1157}, + {0x0, 1, 14, 1157}, + {0x2f991, 16, 16, 1170}, + {0x0, 2, 16, 1170}, + {0x0, 3, 4, 1184}, + {0xfa0b, 16, 16, 1185}, + {0x0, 6, 16, 1185}, + {0x0, 0, 1, 1195}, + {0x0, 0, 1, 1196}, + {0x0, 3, 4, 1197}, + {0x0, 0, 5, 1198}, + {0x0, 2, 3, 1203}, + {0x1fcf, 16, 16, 1204}, + {0x0, 0, 15, 1204}, + {0x0, 8, 9, 1219}, + {0x2f9bc, 16, 16, 1220}, + {0x0, 6, 7, 1220}, + {0x0, 3, 4, 1221}, + {0x2f838, 16, 16, 1222}, + {0x0, 0, 7, 1222}, + {0x0, 9, 10, 1229}, + {0x0, 2, 3, 1230}, + {0x2f88f, 16, 16, 1231}, + {0x0, 2, 6, 1231}, + {0x0, 0, 1, 1235}, + {0x0, 0, 1, 1236}, + {0x0, 3, 4, 1237}, + {0x0, 3, 4, 1238}, + {0x0, 8, 9, 1239}, + {0x22ec, 16, 16, 1240}, + {0x0, 0, 7, 1240}, + {0x2f88d, 16, 16, 1247}, + {0x0, 4, 16, 1247}, + {0x0, 14, 15, 1259}, + {0xfa3f, 16, 16, 1260}, + {0x2f98f, 16, 16, 1260}, + {0x0, 8, 12, 1260}, + {0x0, 11, 12, 1264}, + {0x2f9ee, 16, 16, 1265}, + {0xfa35, 16, 16, 1265}, + {0x0, 0, 1, 1265}, + {0x0, 0, 1, 1266}, + {0x0, 3, 4, 1267}, + {0x0, 0, 3, 1268}, + {0x0, 1, 2, 1271}, + {0x203, 16, 16, 1272}, + {0x0, 6, 8, 1272}, + {0x0, 0, 1, 1274}, + {0x0, 0, 1, 1275}, + {0x0, 13, 14, 1276}, + {0x0, 3, 6, 1277}, + {0x0, 7, 8, 1280}, + {0xd4c, 16, 16, 1281}, + {0x0, 0, 15, 1281}, + {0x0, 2, 3, 1296}, + {0xfa20, 16, 16, 1297}, + {0x0, 3, 13, 1297}, + {0x0, 0, 2, 1307}, + {0x0, 0, 1, 1309}, + {0x0, 0, 1, 1310}, + {0x0, 3, 4, 1311}, + {0x0, 0, 1, 1312}, + {0x0, 2, 7, 1313}, + {0x1eac, 16, 16, 1318}, + {0x0, 0, 16, 1318}, + {0x0, 3, 4, 1334}, + {0x2f874, 16, 16, 1335}, + {0x1eb6, 16, 16, 1335}, + {0x0, 0, 1, 1335}, + {0x0, 0, 1, 1336}, + {0x0, 3, 4, 1337}, + {0x0, 4, 5, 1338}, + {0x0, 5, 6, 1339}, + {0x1f9c, 16, 16, 1340}, + {0x0, 2, 12, 1340}, + {0x0, 6, 16, 1350}, + {0x0, 0, 1, 1360}, + {0x0, 0, 1, 1361}, + {0x0, 3, 4, 1362}, + {0x0, 0, 1, 1363}, + {0x0, 6, 7, 1364}, + {0x1e1d, 16, 16, 1365}, + {0x0, 1, 14, 1365}, + {0x0, 0, 14, 1378}, + {0x2f918, 16, 16, 1392}, + {0x0, 2, 14, 1392}, + {0x0, 9, 10, 1404}, + {0x2f975, 16, 16, 1405}, + {0x0, 1, 10, 1405}, + {0x0, 11, 12, 1414}, + {0xfa0a, 16, 16, 1415}, + {0x0, 0, 16, 1415}, + {0x0, 2, 4, 1431}, + {0xf992, 16, 16, 1433}, + {0xfa47, 16, 16, 1433}, + {0x0, 2, 15, 1433}, + {0x0, 13, 16, 1446}, + {0xfa53, 16, 16, 1449}, + {0xfa52, 16, 16, 1449}, + {0xfa1b, 16, 16, 1449}, + {0x0, 0, 1, 1449}, + {0x0, 3, 4, 1450}, + {0x0, 0, 1, 1451}, + {0x0, 9, 10, 1452}, + {0x0, 9, 10, 1453}, + {0x30b2, 16, 16, 1454}, + {0x0, 0, 1, 1454}, + {0x0, 0, 1, 1455}, + {0x0, 3, 4, 1456}, + {0x0, 0, 5, 1457}, + {0x0, 0, 2, 1462}, + {0x1fca, 16, 16, 1464}, + {0x389, 16, 16, 1464}, + {0x0, 1, 16, 1464}, + {0x0, 12, 13, 1479}, + {0x2f93e, 16, 16, 1480}, + {0x0, 3, 15, 1480}, + {0x0, 3, 9, 1492}, + {0x2f968, 16, 16, 1498}, + {0x0, 0, 1, 1498}, + {0x0, 0, 1, 1499}, + {0x0, 3, 4, 1500}, + {0x0, 0, 5, 1501}, + {0x0, 2, 6, 1506}, + {0x1f2e, 16, 16, 1510}, + {0x1f98, 16, 16, 1510}, + {0x0, 6, 12, 1510}, + {0x0, 0, 1, 1516}, + {0x2f804, 16, 16, 1517}, + {0x2f919, 16, 16, 1517}, + {0x2f835, 16, 16, 1517}, + {0x0, 1, 2, 1517}, + {0x0, 5, 6, 1518}, + {0x2f824, 16, 16, 1519}, + {0x0, 0, 16, 1519}, + {0x1fe3, 16, 16, 1535}, + {0x0, 2, 4, 1535}, + {0x0, 0, 1, 1537}, + {0x0, 0, 1, 1538}, + {0x0, 3, 4, 1539}, + {0x0, 0, 1, 1540}, + {0x0, 7, 8, 1541}, + {0x1e69, 16, 16, 1542}, + {0x1fbe, 0, 1, 1542}, + {0x0, 0, 16, 1543}, + {0x0, 3, 4, 1559}, + {0x2f96c, 16, 16, 1560}, + {0x0, 0, 15, 1560}, + {0x0, 10, 11, 1575}, + {0x2f85d, 16, 16, 1576}, + {0x0, 3, 11, 1576}, + {0x2f836, 16, 16, 1584}, + {0x0, 12, 13, 1584}, + {0x2f92f, 16, 16, 1585}, + {0x0, 0, 10, 1585}, + {0x0, 0, 1, 1595}, + {0x0, 0, 1, 1596}, + {0x0, 3, 4, 1597}, + {0x0, 0, 5, 1598}, + {0x0, 2, 3, 1603}, + {0x1f5f, 16, 16, 1604}, + {0x0, 2, 3, 1604}, + {0x0, 15, 16, 1605}, + {0x2f9d8, 16, 16, 1606}, + {0x0, 1, 16, 1606}, + {0x0, 0, 12, 1621}, + {0xf932, 16, 16, 1633}, + {0x0, 0, 16, 1633}, + {0x0, 11, 12, 1649}, + {0xfa6a, 16, 16, 1650}, + {0x0, 2, 16, 1650}, + {0x0, 2, 4, 1664}, + {0xfa68, 16, 16, 1666}, + {0x0, 2, 16, 1666}, + {0x212b, 0, 1, 1680}, + {0x0, 0, 1, 1681}, + {0x0, 3, 4, 1682}, + {0x0, 0, 1, 1683}, + {0x0, 1, 2, 1684}, + {0x1fa, 16, 16, 1685}, + {0x0, 1, 16, 1685}, + {0x0, 0, 1, 1700}, + {0x0, 3, 4, 1701}, + {0x0, 0, 1, 1702}, + {0x0, 9, 10, 1703}, + {0x0, 9, 10, 1704}, + {0x30c9, 16, 16, 1705}, + {0xf9ea, 16, 16, 1705}, + {0x0, 2, 16, 1705}, + {0x0, 0, 1, 1719}, + {0x0, 0, 1, 1720}, + {0x0, 3, 4, 1721}, + {0x0, 0, 1, 1722}, + {0x0, 1, 2, 1723}, + {0x1e09, 16, 16, 1724}, + {0x0, 1, 11, 1724}, + {0x0, 2, 3, 1734}, + {0x2f8e1, 16, 16, 1735}, + {0x0, 0, 14, 1735}, + {0x0, 0, 1, 1749}, + {0x0, 3, 4, 1750}, + {0x0, 0, 1, 1751}, + {0x0, 9, 10, 1752}, + {0x0, 9, 10, 1753}, + {0x30f9, 16, 16, 1754}, + {0x0, 13, 14, 1754}, + {0xf986, 16, 16, 1755}, + {0x0, 0, 1, 1755}, + {0x0, 0, 1, 1756}, + {0x0, 3, 4, 1757}, + {0x0, 0, 4, 1758}, + {0x0, 7, 8, 1762}, + {0x1e03, 16, 16, 1763}, + {0x0, 0, 1, 1763}, + {0x0, 0, 1, 1764}, + {0x0, 3, 4, 1765}, + {0x0, 0, 1, 1766}, + {0x0, 1, 5, 1767}, + {0x1fd, 16, 16, 1771}, + {0x0, 0, 1, 1771}, + {0x0, 0, 1, 1772}, + {0x0, 3, 4, 1773}, + {0x0, 3, 4, 1774}, + {0x0, 8, 9, 1775}, + {0x2281, 16, 16, 1776}, + {0x1e3, 16, 16, 1776}, + {0x0, 2, 12, 1776}, + {0x0, 0, 1, 1786}, + {0x0, 0, 1, 1787}, + {0x0, 3, 4, 1788}, + {0x0, 3, 4, 1789}, + {0x0, 8, 9, 1790}, + {0x22af, 16, 16, 1791}, + {0xf96b, 16, 16, 1791}, + {0x0, 2, 16, 1791}, + {0x0, 3, 10, 1805}, + {0x0, 2, 3, 1812}, + {0x2f937, 16, 16, 1813}, + {0x0, 2, 12, 1813}, + {0x0, 2, 3, 1823}, + {0xf98d, 16, 16, 1824}, + {0x0, 6, 16, 1824}, + {0x0, 0, 1, 1834}, + {0x0, 3, 4, 1835}, + {0x0, 0, 1, 1836}, + {0x0, 9, 10, 1837}, + {0x0, 9, 10, 1838}, + {0x30b0, 16, 16, 1839}, + {0x0, 0, 1, 1839}, + {0x0, 0, 1, 1840}, + {0x0, 3, 4, 1841}, + {0x0, 0, 3, 1842}, + {0x0, 1, 8, 1845}, + {0x1e3e, 16, 16, 1852}, + {0x1e40, 16, 16, 1852}, + {0x0, 8, 9, 1852}, + {0xfa65, 16, 16, 1853}, + {0x0, 6, 16, 1853}, + {0x0, 10, 11, 1863}, + {0xf93a, 16, 16, 1864}, + {0x0, 0, 16, 1864}, + {0x0, 0, 1, 1880}, + {0x0, 0, 1, 1881}, + {0x0, 3, 4, 1882}, + {0x0, 4, 5, 1883}, + {0x0, 5, 6, 1884}, + {0x1faa, 16, 16, 1885}, + {0x0, 0, 1, 1885}, + {0x0, 2, 4, 1886}, + {0x2001, 16, 16, 1888}, + {0x2000, 16, 16, 1888}, + {0x0, 0, 16, 1888}, + {0x0, 11, 12, 1904}, + {0x0, 8, 9, 1905}, + {0x2f897, 16, 16, 1906}, + {0x0, 2, 15, 1906}, + {0x0, 4, 5, 1919}, + {0x2f934, 16, 16, 1920}, + {0x0, 1, 13, 1920}, + {0x0, 11, 12, 1932}, + {0x2f848, 16, 16, 1933}, + {0x0, 0, 16, 1933}, + {0x0, 0, 1, 1949}, + {0x0, 0, 1, 1950}, + {0x0, 3, 4, 1951}, + {0x0, 0, 5, 1952}, + {0x0, 2, 6, 1957}, + {0x1f07, 16, 16, 1961}, + {0x1f81, 16, 16, 1961}, + {0x0, 0, 1, 1961}, + {0x0, 0, 1, 1962}, + {0x0, 3, 4, 1963}, + {0x0, 0, 4, 1964}, + {0x0, 7, 13, 1968}, + {0x1e0b, 16, 16, 1974}, + {0x0, 0, 1, 1974}, + {0x0, 0, 1, 1975}, + {0x0, 3, 4, 1976}, + {0x0, 4, 5, 1977}, + {0x0, 5, 6, 1978}, + {0x1f9b, 16, 16, 1979}, + {0x0, 0, 1, 1979}, + {0x0, 0, 1, 1980}, + {0x0, 3, 4, 1981}, + {0x0, 0, 3, 1982}, + {0x0, 3, 4, 1985}, + {0x1e43, 16, 16, 1986}, + {0x0, 8, 9, 1986}, + {0x0, 0, 1, 1987}, + {0x0, 0, 1, 1988}, + {0x0, 3, 4, 1989}, + {0x0, 0, 5, 1990}, + {0x0, 0, 2, 1995}, + {0x1fed, 16, 16, 1997}, + {0x385, 16, 16, 1997}, + {0x0, 2, 4, 1997}, + {0x0, 0, 1, 1999}, + {0x0, 0, 1, 2000}, + {0x0, 3, 4, 2001}, + {0x0, 0, 1, 2002}, + {0x0, 0, 2, 2003}, + {0x1e17, 16, 16, 2005}, + {0x0, 1, 15, 2005}, + {0x0, 14, 15, 2019}, + {0x2f95f, 16, 16, 2020}, + {0x0, 0, 1, 2020}, + {0x0, 0, 1, 2021}, + {0x0, 3, 4, 2022}, + {0x0, 0, 5, 2023}, + {0x0, 0, 2, 2028}, + {0x1f53, 16, 16, 2030}, + {0x1f55, 16, 16, 2030}, + {0x0, 0, 1, 2030}, + {0x0, 0, 1, 2031}, + {0x0, 3, 4, 2032}, + {0x0, 3, 4, 2033}, + {0x0, 8, 9, 2034}, + {0x22ad, 16, 16, 2035}, + {0x0, 2, 12, 2035}, + {0x0, 0, 1, 2045}, + {0x0, 3, 4, 2046}, + {0x0, 0, 1, 2047}, + {0x0, 9, 10, 2048}, + {0x0, 9, 11, 2049}, + {0x3079, 16, 16, 2051}, + {0x0, 0, 1, 2051}, + {0x0, 3, 4, 2052}, + {0x0, 0, 1, 2053}, + {0x0, 9, 10, 2054}, + {0x0, 9, 11, 2055}, + {0x307d, 16, 16, 2057}, + {0x0, 3, 8, 2057}, + {0x1e5a, 16, 16, 2062}, + {0x156, 16, 16, 2062}, + {0x0, 12, 13, 2062}, + {0xf982, 16, 16, 2063}, + {0x0, 10, 12, 2063}, + {0x0, 0, 1, 2065}, + {0x0, 0, 1, 2066}, + {0x0, 3, 4, 2067}, + {0x0, 0, 1, 2068}, + {0x0, 4, 5, 2069}, + {0x1ec, 16, 16, 2070}, + {0x0, 4, 14, 2070}, + {0x0, 3, 4, 2080}, + {0xfa64, 16, 16, 2081}, + {0x0, 0, 1, 2081}, + {0x0, 0, 1, 2082}, + {0x0, 3, 4, 2083}, + {0x0, 4, 5, 2084}, + {0x0, 5, 6, 2085}, + {0x1f8e, 16, 16, 2086}, + {0x0, 7, 8, 2086}, + {0xf99c, 16, 16, 2087}, + {0x0, 0, 10, 2087}, + {0x0, 0, 1, 2097}, + {0x0, 0, 1, 2098}, + {0x0, 3, 4, 2099}, + {0x0, 0, 5, 2100}, + {0x0, 0, 2, 2105}, + {0x1f3d, 16, 16, 2107}, + {0x0, 0, 1, 2107}, + {0x0, 3, 4, 2108}, + {0x0, 0, 5, 2109}, + {0x0, 2, 3, 2114}, + {0x1fd6, 16, 16, 2115}, + {0x0, 6, 15, 2115}, + {0x0, 0, 1, 2124}, + {0x0, 0, 1, 2125}, + {0x0, 3, 4, 2126}, + {0x0, 0, 5, 2127}, + {0x0, 0, 2, 2132}, + {0x1fde, 16, 16, 2134}, + {0x1fdd, 16, 16, 2134}, + {0x0, 0, 1, 2134}, + {0x0, 0, 1, 2135}, + {0x0, 3, 4, 2136}, + {0x0, 4, 5, 2137}, + {0x0, 5, 6, 2138}, + {0x1f95, 16, 16, 2139}, + {0x0, 4, 8, 2139}, + {0xf90b, 16, 16, 2143}, + {0x2f846, 16, 16, 2143}, + {0x0, 3, 6, 2143}, + {0x0, 0, 1, 2146}, + {0x0, 0, 1, 2147}, + {0x0, 3, 4, 2148}, + {0x0, 3, 4, 2149}, + {0x0, 8, 9, 2150}, + {0x2224, 16, 16, 2151}, + {0x0, 0, 16, 2151}, + {0x0, 12, 13, 2167}, + {0xfa08, 16, 16, 2168}, + {0x0, 5, 6, 2168}, + {0x2f905, 16, 16, 2169}, + {0x0, 10, 11, 2169}, + {0xf995, 16, 16, 2170}, + {0x0, 0, 1, 2170}, + {0x0, 3, 4, 2171}, + {0x0, 0, 1, 2172}, + {0x0, 9, 10, 2173}, + {0x0, 9, 10, 2174}, + {0x30c7, 16, 16, 2175}, + {0x0, 0, 1, 2175}, + {0x0, 0, 1, 2176}, + {0x0, 3, 4, 2177}, + {0x0, 0, 5, 2178}, + {0x0, 0, 2, 2183}, + {0x1f22, 16, 16, 2185}, + {0x0, 5, 11, 2185}, + {0xf97f, 16, 16, 2191}, + {0x0, 9, 10, 2191}, + {0x2fa00, 16, 16, 2192}, + {0x0, 7, 16, 2192}, + {0x0, 2, 11, 2201}, + {0xf9e6, 16, 16, 2210}, + {0x0, 1, 16, 2210}, + {0x0, 10, 11, 2225}, + {0xfa17, 16, 16, 2226}, + {0xfa5a, 16, 16, 2226}, + {0x0, 10, 12, 2226}, + {0x0, 0, 1, 2228}, + {0x0, 0, 1, 2229}, + {0x0, 3, 4, 2230}, + {0x0, 0, 1, 2231}, + {0x0, 4, 5, 2232}, + {0x1e5d, 16, 16, 2233}, + {0x0, 7, 10, 2233}, + {0x2f9b5, 16, 16, 2236}, + {0x2f9b6, 16, 16, 2236}, + {0x0, 0, 12, 2236}, + {0x0, 0, 16, 2248}, + {0xf997, 16, 16, 2264}, + {0x0, 1, 12, 2264}, + {0x0, 11, 12, 2275}, + {0x0, 6, 7, 2276}, + {0x2fa01, 16, 16, 2277}, + {0x0, 10, 16, 2277}, + {0x0, 8, 15, 2283}, + {0xfa22, 16, 16, 2290}, + {0x0, 0, 10, 2290}, + {0x0, 0, 1, 2300}, + {0x0, 0, 1, 2301}, + {0x0, 3, 4, 2302}, + {0x0, 0, 1, 2303}, + {0x0, 0, 2, 2304}, + {0x1f4a, 16, 16, 2306}, + {0x0, 4, 13, 2306}, + {0x0, 6, 7, 2315}, + {0x0, 0, 1, 2316}, + {0x0, 0, 1, 2317}, + {0x0, 12, 13, 2318}, + {0x0, 5, 6, 2319}, + {0x0, 6, 7, 2320}, + {0xc48, 16, 16, 2321}, + {0x2f976, 16, 16, 2321}, + {0x0, 15, 16, 2321}, + {0xf97c, 16, 16, 2322}, + {0x0, 2, 13, 2322}, + {0x0, 4, 5, 2333}, + {0xf930, 16, 16, 2334}, + {0x212a, 0, 1, 2334}, + {0x0, 0, 1, 2335}, + {0x0, 3, 4, 2336}, + {0x0, 0, 4, 2337}, + {0x0, 1, 2, 2341}, + {0x1e34, 16, 16, 2342}, + {0x0, 2, 11, 2342}, + {0x0, 3, 4, 2351}, + {0x2f97c, 16, 16, 2352}, + {0x0, 2, 3, 2352}, + {0x2f85f, 16, 16, 2353}, + {0x0, 0, 1, 2353}, + {0x0, 0, 1, 2354}, + {0x0, 3, 4, 2355}, + {0x0, 0, 1, 2356}, + {0x0, 6, 9, 2357}, + {0x4d1, 16, 16, 2360}, + {0x0, 1, 2, 2360}, + {0xfa55, 16, 16, 2361}, + {0x0, 5, 14, 2361}, + {0x0, 15, 16, 2370}, + {0x0, 10, 11, 2371}, + {0x2f9ed, 16, 16, 2372}, + {0x2f97d, 16, 16, 2372}, + {0x0, 9, 10, 2372}, + {0xf90e, 16, 16, 2373}, + {0x0, 0, 1, 2373}, + {0x0, 0, 1, 2374}, + {0x0, 3, 4, 2375}, + {0x0, 0, 5, 2376}, + {0x0, 0, 2, 2381}, + {0x1f0a, 16, 16, 2383}, + {0x1f0c, 16, 16, 2383}, + {0x0, 0, 1, 2383}, + {0x0, 0, 1, 2384}, + {0x0, 3, 4, 2385}, + {0x0, 0, 5, 2386}, + {0x0, 2, 6, 2391}, + {0x1f67, 16, 16, 2395}, + {0x0, 0, 1, 2395}, + {0x0, 0, 1, 2396}, + {0x0, 3, 4, 2397}, + {0x0, 0, 3, 2398}, + {0x0, 7, 8, 2401}, + {0xe7, 16, 16, 2402}, + {0x1fa1, 16, 16, 2402}, + {0x1eea, 16, 16, 2402}, + {0x0, 5, 11, 2402}, + {0x2f978, 16, 16, 2408}, + {0x0, 2, 3, 2408}, + {0x0, 0, 1, 2409}, + {0x0, 0, 1, 2410}, + {0x0, 3, 4, 2411}, + {0x0, 0, 1, 2412}, + {0x0, 1, 9, 2413}, + {0x3d4, 16, 16, 2421}, + {0x0, 4, 14, 2421}, + {0x0, 12, 13, 2431}, + {0x2f91e, 16, 16, 2432}, + {0x3d3, 16, 16, 2432}, + {0x0, 3, 14, 2432}, + {0x0, 7, 9, 2443}, + {0x2f9e9, 16, 16, 2445}, + {0x0, 0, 1, 2445}, + {0x0, 0, 1, 2446}, + {0x0, 3, 4, 2447}, + {0x0, 0, 3, 2448}, + {0x0, 0, 10, 2451}, + {0x176, 16, 16, 2461}, + {0xdd, 16, 16, 2461}, + {0x1ef2, 16, 16, 2461}, + {0x1e8e, 16, 16, 2461}, + {0x232, 16, 16, 2461}, + {0x0, 6, 16, 2461}, + {0x0, 0, 1, 2471}, + {0x0, 3, 4, 2472}, + {0x0, 0, 1, 2473}, + {0x0, 9, 10, 2474}, + {0x0, 9, 10, 2475}, + {0x3094, 16, 16, 2476}, + {0x1ef6, 16, 16, 2476}, + {0x178, 16, 16, 2476}, + {0x0, 0, 1, 2476}, + {0x0, 0, 1, 2477}, + {0x0, 3, 4, 2478}, + {0x0, 0, 1, 2479}, + {0x0, 7, 8, 2480}, + {0x1e68, 16, 16, 2481}, + {0x2f9e8, 16, 16, 2481}, + {0x0, 13, 14, 2481}, + {0x2f999, 16, 16, 2482}, + {0x0, 0, 1, 2482}, + {0x0, 0, 1, 2483}, + {0x0, 3, 4, 2484}, + {0x0, 0, 3, 2485}, + {0x0, 0, 9, 2488}, + {0x1e82, 16, 16, 2497}, + {0x0, 4, 16, 2497}, + {0x0, 14, 15, 2509}, + {0x2f94e, 16, 16, 2510}, + {0x174, 16, 16, 2510}, + {0x1e86, 16, 16, 2510}, + {0x0, 0, 1, 2510}, + {0x0, 0, 1, 2511}, + {0x0, 3, 4, 2512}, + {0x0, 0, 1, 2513}, + {0x0, 4, 5, 2514}, + {0x1de, 16, 16, 2515}, + {0xf9af, 16, 16, 2515}, + {0x0, 2, 15, 2515}, + {0x0, 3, 4, 2528}, + {0x2f89b, 16, 16, 2529}, + {0x0, 3, 5, 2529}, + {0x1f28, 16, 16, 2531}, + {0x1f29, 16, 16, 2531}, + {0x0, 8, 16, 2531}, + {0x0, 10, 11, 2539}, + {0x2f8f9, 16, 16, 2540}, + {0x0, 10, 11, 2540}, + {0x2f89c, 16, 16, 2541}, + {0x0, 1, 2, 2541}, + {0x1e07, 16, 16, 2542}, + {0x0, 0, 1, 2542}, + {0x0, 3, 4, 2543}, + {0x0, 0, 1, 2544}, + {0x0, 9, 10, 2545}, + {0x0, 9, 11, 2546}, + {0x30d0, 16, 16, 2548}, + {0x0, 11, 12, 2548}, + {0x2f9d6, 16, 16, 2549}, + {0x0, 0, 13, 2549}, + {0x0, 0, 15, 2562}, + {0xfa3c, 16, 16, 2577}, + {0x0, 7, 8, 2577}, + {0x2f92e, 16, 16, 2578}, + {0x0, 0, 1, 2578}, + {0x0, 3, 4, 2579}, + {0x0, 0, 1, 2580}, + {0x0, 9, 10, 2581}, + {0x0, 9, 10, 2582}, + {0x30ae, 16, 16, 2583}, + {0x0, 1, 16, 2583}, + {0x0, 0, 1, 2598}, + {0x0, 3, 4, 2599}, + {0x0, 0, 1, 2600}, + {0x0, 9, 10, 2601}, + {0x0, 9, 10, 2602}, + {0x3058, 16, 16, 2603}, + {0x0, 0, 1, 2603}, + {0x0, 0, 1, 2604}, + {0x0, 3, 4, 2605}, + {0x0, 0, 4, 2606}, + {0x0, 0, 16, 2610}, + {0xcb, 16, 16, 2626}, + {0x1eba, 16, 16, 2626}, + {0xca, 16, 16, 2626}, + {0x1ebc, 16, 16, 2626}, + {0xc8, 16, 16, 2626}, + {0xc9, 16, 16, 2626}, + {0x114, 16, 16, 2626}, + {0x116, 16, 16, 2626}, + {0x112, 16, 16, 2626}, + {0xf94b, 16, 16, 2626}, + {0x2f877, 16, 16, 2626}, + {0xf9df, 16, 16, 2626}, + {0xfa3b, 16, 16, 2626}, + {0x0, 0, 1, 2626}, + {0x0, 0, 1, 2627}, + {0x0, 3, 4, 2628}, + {0x0, 0, 1, 2629}, + {0x0, 6, 7, 2630}, + {0x1e1c, 16, 16, 2631}, + {0x0, 4, 16, 2631}, + {0x0, 4, 5, 2643}, + {0x2f93d, 16, 16, 2644}, + {0x0, 0, 1, 2644}, + {0x0, 0, 1, 2645}, + {0x0, 3, 4, 2646}, + {0x0, 0, 1, 2647}, + {0x0, 1, 2, 2648}, + {0x1fb, 16, 16, 2649}, + {0x0, 6, 7, 2649}, + {0x0, 13, 14, 2650}, + {0x2f8e3, 16, 16, 2651}, + {0x0, 2, 8, 2651}, + {0x2f85b, 16, 16, 2657}, + {0x2f85a, 16, 16, 2657}, + {0x307c, 16, 16, 2657}, + {0x0, 0, 1, 2657}, + {0x0, 0, 1, 2658}, + {0x0, 3, 4, 2659}, + {0x0, 0, 5, 2660}, + {0x0, 2, 6, 2665}, + {0x1f06, 16, 16, 2669}, + {0x11a, 16, 16, 2669}, + {0x204, 16, 16, 2669}, + {0x1f80, 16, 16, 2669}, + {0x307a, 16, 16, 2669}, + {0x0, 0, 1, 2669}, + {0x0, 8, 9, 2670}, + {0x2f923, 16, 16, 2671}, + {0x0, 3, 4, 2671}, + {0x2f944, 16, 16, 2672}, + {0x0, 10, 11, 2672}, + {0xf94d, 16, 16, 2673}, + {0x0, 3, 4, 2673}, + {0x1ef0, 16, 16, 2674}, + {0x0, 11, 12, 2674}, + {0xf9d4, 16, 16, 2675}, + {0x0, 0, 16, 2675}, + {0x113, 16, 16, 2691}, + {0x115, 16, 16, 2691}, + {0x117, 16, 16, 2691}, + {0xe8, 16, 16, 2691}, + {0xe9, 16, 16, 2691}, + {0xea, 16, 16, 2691}, + {0x1ebd, 16, 16, 2691}, + {0x0, 0, 1, 2691}, + {0x0, 0, 1, 2692}, + {0x0, 3, 4, 2693}, + {0x0, 0, 1, 2694}, + {0x0, 1, 2, 2695}, + {0x1e08, 16, 16, 2696}, + {0xeb, 16, 16, 2696}, + {0x1ebb, 16, 16, 2696}, + {0x0, 12, 14, 2696}, + {0x0, 0, 1, 2698}, + {0x0, 0, 1, 2699}, + {0x0, 3, 4, 2700}, + {0x0, 0, 1, 2701}, + {0x0, 0, 2, 2702}, + {0x1e52, 16, 16, 2704}, + {0x0, 9, 14, 2704}, + {0x0, 0, 5, 2709}, + {0x0, 0, 1, 2714}, + {0x0, 0, 1, 2715}, + {0x0, 3, 4, 2716}, + {0x0, 3, 4, 2717}, + {0x0, 8, 9, 2718}, + {0x21cf, 16, 16, 2719}, + {0x0, 0, 1, 2719}, + {0x0, 0, 1, 2720}, + {0x0, 3, 4, 2721}, + {0x0, 0, 1, 2722}, + {0x0, 2, 3, 2723}, + {0x134, 16, 16, 2724}, + {0x0, 0, 1, 2724}, + {0x0, 0, 1, 2725}, + {0x0, 3, 4, 2726}, + {0x0, 0, 5, 2727}, + {0x0, 0, 2, 2732}, + {0x1f54, 16, 16, 2734}, + {0x1f52, 16, 16, 2734}, + {0x0, 1, 2, 2734}, + {0x1e5e, 16, 16, 2735}, + {0x0, 8, 9, 2735}, + {0xf99f, 16, 16, 2736}, + {0x0, 1, 5, 2736}, + {0x0, 14, 15, 2740}, + {0x2f8f2, 16, 16, 2741}, + {0x205, 16, 16, 2741}, + {0x11b, 16, 16, 2741}, + {0x2f88b, 16, 16, 2741}, + {0x2f88c, 16, 16, 2741}, + {0x0, 3, 8, 2741}, + {0x2f81e, 16, 16, 2746}, + {0x0, 0, 1, 2746}, + {0x0, 0, 1, 2747}, + {0x0, 3, 4, 2748}, + {0x0, 0, 5, 2749}, + {0x0, 3, 5, 2754}, + {0x1f01, 16, 16, 2756}, + {0xfa00, 16, 16, 2756}, + {0x0, 3, 16, 2756}, + {0x2f830, 16, 16, 2769}, + {0x0, 2, 13, 2769}, + {0x0, 0, 4, 2780}, + {0x0, 0, 1, 2784}, + {0x0, 0, 1, 2785}, + {0x0, 9, 10, 2786}, + {0x0, 3, 4, 2787}, + {0x0, 12, 13, 2788}, + {0x931, 16, 16, 2789}, + {0x2f833, 16, 16, 2789}, + {0x0, 0, 1, 2789}, + {0x0, 0, 1, 2790}, + {0x0, 3, 4, 2791}, + {0x0, 0, 1, 2792}, + {0x0, 8, 9, 2793}, + {0x1e7a, 16, 16, 2794}, + {0x0, 14, 15, 2794}, + {0xf9d0, 16, 16, 2795}, + {0x0, 9, 14, 2795}, + {0x2f847, 16, 16, 2800}, + {0x0, 13, 14, 2800}, + {0x0, 2, 3, 2801}, + {0x2f9b1, 16, 16, 2802}, + {0x0, 4, 13, 2802}, + {0x0, 7, 8, 2811}, + {0x0, 0, 1, 2812}, + {0x0, 0, 1, 2813}, + {0x0, 11, 12, 2814}, + {0x0, 3, 6, 2815}, + {0x0, 14, 15, 2818}, + {0xb4b, 16, 16, 2819}, + {0x0, 6, 8, 2819}, + {0x0, 0, 1, 2821}, + {0x0, 0, 1, 2822}, + {0x0, 3, 4, 2823}, + {0x0, 0, 1, 2824}, + {0x0, 4, 5, 2825}, + {0x1e39, 16, 16, 2826}, + {0x0, 0, 1, 2826}, + {0x0, 0, 1, 2827}, + {0x0, 3, 4, 2828}, + {0x0, 0, 1, 2829}, + {0x0, 2, 13, 2830}, + {0x135, 16, 16, 2841}, + {0x0, 13, 14, 2841}, + {0x2f9d0, 16, 16, 2842}, + {0x0, 4, 14, 2842}, + {0x0, 0, 15, 2852}, + {0x0, 4, 7, 2867}, + {0x2f87d, 16, 16, 2870}, + {0x2f87b, 16, 16, 2870}, + {0x0, 7, 8, 2870}, + {0x0, 0, 1, 2871}, + {0x0, 0, 1, 2872}, + {0x0, 9, 10, 2873}, + {0x0, 11, 14, 2874}, + {0x0, 14, 15, 2877}, + {0x9cb, 16, 16, 2878}, + {0x0, 1, 6, 2878}, + {0x0, 0, 1, 2883}, + {0x0, 0, 1, 2884}, + {0x0, 3, 4, 2885}, + {0x0, 3, 4, 2886}, + {0x0, 8, 9, 2887}, + {0x2270, 16, 16, 2888}, + {0x0, 5, 9, 2888}, + {0xf959, 16, 16, 2892}, + {0xfa36, 16, 16, 2892}, + {0x0, 0, 1, 2892}, + {0x0, 0, 1, 2893}, + {0x0, 3, 4, 2894}, + {0x0, 3, 4, 2895}, + {0x0, 8, 9, 2896}, + {0x2271, 16, 16, 2897}, + {0x0, 9, 10, 2897}, + {0xfa5e, 16, 16, 2898}, + {0x0, 0, 1, 2898}, + {0x0, 0, 1, 2899}, + {0x0, 3, 4, 2900}, + {0x0, 0, 1, 2901}, + {0x0, 1, 2, 2902}, + {0x453, 16, 16, 2903}, + {0xf9d3, 16, 16, 2903}, + {0x0, 12, 14, 2903}, + {0x0, 0, 1, 2905}, + {0x0, 0, 1, 2906}, + {0x0, 3, 4, 2907}, + {0x0, 0, 1, 2908}, + {0x0, 2, 3, 2909}, + {0x1ed8, 16, 16, 2910}, + {0x0, 2, 16, 2910}, + {0xf9e7, 16, 16, 2924}, + {0xf91c, 16, 16, 2924}, + {0x0, 1, 16, 2924}, + {0x0, 4, 9, 2939}, + {0xf901, 16, 16, 2944}, + {0x2f82f, 16, 16, 2944}, + {0x0, 15, 16, 2944}, + {0x2f883, 16, 16, 2945}, + {0x0, 0, 5, 2945}, + {0x0, 0, 1, 2950}, + {0x0, 0, 1, 2951}, + {0x0, 3, 4, 2952}, + {0x0, 3, 4, 2953}, + {0x0, 8, 9, 2954}, + {0x21ae, 16, 16, 2955}, + {0x0, 11, 12, 2955}, + {0x0, 12, 13, 2956}, + {0x2f8fb, 16, 16, 2957}, + {0x0, 0, 1, 2957}, + {0x0, 0, 1, 2958}, + {0x0, 3, 4, 2959}, + {0x0, 0, 5, 2960}, + {0x0, 3, 5, 2965}, + {0x1f21, 16, 16, 2967}, + {0x1f0, 16, 16, 2967}, + {0x1f20, 16, 16, 2967}, + {0x0, 0, 11, 2967}, + {0x0, 0, 1, 2978}, + {0x2f967, 16, 16, 2979}, + {0x0, 3, 9, 2979}, + {0x12f, 16, 16, 2985}, + {0x0, 7, 15, 2985}, + {0x2f9c7, 16, 16, 2993}, + {0x1ecb, 16, 16, 2993}, + {0x0, 2, 12, 2993}, + {0x0, 0, 1, 3003}, + {0x0, 3, 4, 3004}, + {0x0, 0, 1, 3005}, + {0x0, 9, 10, 3006}, + {0x0, 9, 11, 3007}, + {0x30dc, 16, 16, 3009}, + {0x0, 6, 11, 3009}, + {0x0, 0, 1, 3014}, + {0x0, 0, 1, 3015}, + {0x0, 12, 13, 3016}, + {0x0, 13, 14, 3017}, + {0x0, 5, 6, 3018}, + {0xccb, 16, 16, 3019}, + {0x0, 4, 9, 3019}, + {0x2f9e7, 16, 16, 3024}, + {0x0, 3, 8, 3024}, + {0x1e32, 16, 16, 3029}, + {0x0, 0, 1, 3029}, + {0x0, 0, 1, 3030}, + {0x0, 3, 4, 3031}, + {0x0, 0, 5, 3032}, + {0x0, 2, 3, 3037}, + {0x1f36, 16, 16, 3038}, + {0x0, 3, 14, 3038}, + {0x0, 0, 1, 3049}, + {0x0, 0, 1, 3050}, + {0x0, 3, 4, 3051}, + {0x0, 0, 1, 3052}, + {0x0, 4, 12, 3053}, + {0x45e, 16, 16, 3061}, + {0x136, 16, 16, 3061}, + {0x0, 6, 8, 3061}, + {0x0, 0, 1, 3063}, + {0x0, 0, 1, 3064}, + {0x0, 11, 12, 3065}, + {0x0, 11, 14, 3066}, + {0x0, 7, 8, 3069}, + {0xbcc, 16, 16, 3070}, + {0x0, 3, 4, 3070}, + {0xf981, 16, 16, 3071}, + {0x0, 0, 1, 3071}, + {0x0, 0, 1, 3072}, + {0x0, 3, 4, 3073}, + {0x0, 0, 4, 3074}, + {0x0, 0, 16, 3078}, + {0x1ec8, 16, 16, 3094}, + {0x0, 3, 4, 3094}, + {0x343, 16, 16, 3095}, + {0x12c, 16, 16, 3095}, + {0x0, 3, 16, 3095}, + {0x2f870, 16, 16, 3108}, + {0xf9b1, 16, 16, 3108}, + {0x0, 0, 15, 3108}, + {0x2f97f, 16, 16, 3123}, + {0x2f8cc, 16, 16, 3123}, + {0x0, 0, 1, 3123}, + {0x0, 0, 1, 3124}, + {0x0, 3, 4, 3125}, + {0x0, 0, 1, 3126}, + {0x0, 4, 5, 3127}, + {0x1ed, 16, 16, 3128}, + {0x30dd, 16, 16, 3128}, + {0x0, 0, 7, 3128}, + {0x0, 11, 12, 3135}, + {0x2f984, 16, 16, 3136}, + {0x0, 1, 12, 3136}, + {0x0, 13, 14, 3147}, + {0x0, 4, 5, 3148}, + {0x2f8a4, 16, 16, 3149}, + {0x2f9c6, 16, 16, 3149}, + {0x2f872, 16, 16, 3149}, + {0x0, 2, 16, 3149}, + {0x0, 12, 13, 3163}, + {0xf9c3, 16, 16, 3164}, + {0xf945, 16, 16, 3164}, + {0x0, 5, 6, 3164}, + {0xf90f, 16, 16, 3165}, + {0x0, 1, 16, 3165}, + {0x0, 13, 14, 3180}, + {0x2f884, 16, 16, 3181}, + {0x0, 0, 1, 3181}, + {0x0, 0, 1, 3182}, + {0x0, 3, 4, 3183}, + {0x0, 0, 1, 3184}, + {0x0, 8, 9, 3185}, + {0x4f9, 16, 16, 3186}, + {0x0, 5, 6, 3186}, + {0x2f921, 16, 16, 3187}, + {0x0, 8, 10, 3187}, + {0xfa4d, 16, 16, 3189}, + {0xfa4e, 16, 16, 3189}, + {0x0, 1, 16, 3189}, + {0x0, 11, 12, 3204}, + {0x2fa15, 16, 16, 3205}, + {0x0, 7, 16, 3205}, + {0xf988, 16, 16, 3214}, + {0x0, 11, 12, 3214}, + {0x2f863, 16, 16, 3215}, + {0x0, 0, 5, 3215}, + {0x0, 7, 8, 3220}, + {0xf950, 16, 16, 3221}, + {0x0, 0, 16, 3221}, + {0x0, 9, 16, 3237}, + {0xf95b, 16, 16, 3244}, + {0x0, 0, 1, 3244}, + {0x0, 0, 1, 3245}, + {0x0, 3, 4, 3246}, + {0x0, 0, 1, 3247}, + {0x0, 7, 9, 3248}, + {0x1e8a, 16, 16, 3250}, + {0x0, 0, 1, 3250}, + {0x0, 0, 1, 3251}, + {0x0, 3, 4, 3252}, + {0x0, 0, 5, 3253}, + {0x0, 0, 2, 3258}, + {0x3b0, 16, 16, 3260}, + {0x1fe2, 16, 16, 3260}, + {0x0, 1, 15, 3260}, + {0x0, 2, 3, 3274}, + {0x2f8e8, 16, 16, 3275}, + {0xf9f3, 16, 16, 3275}, + {0x1e8c, 16, 16, 3275}, + {0x0, 0, 1, 3275}, + {0x0, 3, 4, 3276}, + {0x0, 0, 1, 3277}, + {0x0, 9, 10, 3278}, + {0x0, 9, 10, 3279}, + {0x30bc, 16, 16, 3280}, + {0x0, 0, 1, 3280}, + {0x0, 0, 1, 3281}, + {0x0, 3, 4, 3282}, + {0x0, 0, 1, 3283}, + {0x0, 4, 5, 3284}, + {0x1e38, 16, 16, 3285}, + {0x0, 9, 10, 3285}, + {0xf966, 16, 16, 3286}, + {0x0, 2, 3, 3286}, + {0x0, 14, 15, 3287}, + {0x2f9e5, 16, 16, 3288}, + {0x0, 1, 2, 3288}, + {0x206, 16, 16, 3289}, + {0x0, 5, 16, 3289}, + {0x1fcb, 16, 16, 3300}, + {0x0, 3, 4, 3300}, + {0x1e42, 16, 16, 3301}, + {0x0, 4, 16, 3301}, + {0x0, 0, 1, 3313}, + {0x2fa0b, 16, 16, 3314}, + {0x0, 13, 14, 3314}, + {0x2f89d, 16, 16, 3315}, + {0x0, 1, 15, 3315}, + {0xfa44, 16, 16, 3329}, + {0x0, 8, 13, 3329}, + {0xfa3a, 16, 16, 3334}, + {0x0, 1, 15, 3334}, + {0x0, 2, 13, 3348}, + {0xf960, 16, 16, 3359}, + {0x0, 1, 2, 3359}, + {0x0, 13, 14, 3360}, + {0x2f94d, 16, 16, 3361}, + {0x0, 13, 14, 3361}, + {0xf923, 16, 16, 3362}, + {0x0, 4, 5, 3362}, + {0xf91d, 16, 16, 3363}, + {0x0, 12, 13, 3363}, + {0x0, 14, 15, 3364}, + {0x2fa10, 16, 16, 3365}, + {0x0, 0, 1, 3365}, + {0x0, 0, 1, 3366}, + {0x0, 3, 4, 3367}, + {0x0, 0, 5, 3368}, + {0x0, 0, 2, 3373}, + {0x1f33, 16, 16, 3375}, + {0x0, 0, 1, 3375}, + {0x0, 0, 1, 3376}, + {0x0, 3, 4, 3377}, + {0x0, 0, 1, 3378}, + {0x0, 7, 8, 3379}, + {0x1e1e, 16, 16, 3380}, + {0x1f35, 16, 16, 3380}, + {0x0, 15, 16, 3380}, + {0xfa41, 16, 16, 3381}, + {0xf9ac, 16, 16, 3381}, + {0x2f858, 16, 16, 3381}, + {0x0, 0, 1, 3381}, + {0x0, 0, 1, 3382}, + {0x0, 3, 4, 3383}, + {0x0, 4, 5, 3384}, + {0x0, 5, 6, 3385}, + {0x1f82, 16, 16, 3386}, + {0x0, 11, 12, 3386}, + {0xf9d8, 16, 16, 3387}, + {0x0, 0, 15, 3387}, + {0x0, 0, 1, 3402}, + {0x0, 0, 1, 3403}, + {0x0, 3, 4, 3404}, + {0x0, 0, 1, 3405}, + {0x0, 0, 9, 3406}, + {0x4d6, 16, 16, 3415}, + {0x0, 5, 6, 3415}, + {0xf983, 16, 16, 3416}, + {0x400, 16, 16, 3416}, + {0x0, 0, 1, 3416}, + {0x0, 0, 1, 3417}, + {0x0, 3, 4, 3418}, + {0x0, 0, 5, 3419}, + {0x0, 0, 2, 3424}, + {0x1f0d, 16, 16, 3426}, + {0x1f0b, 16, 16, 3426}, + {0x401, 16, 16, 3426}, + {0x0, 10, 14, 3426}, + {0x2f8c5, 16, 16, 3430}, + {0xf991, 16, 16, 3430}, + {0x0, 1, 2, 3430}, + {0x207, 16, 16, 3431}, + {0x0, 10, 12, 3431}, + {0x0, 0, 1, 3433}, + {0x0, 0, 1, 3434}, + {0x0, 3, 4, 3435}, + {0x0, 0, 1, 3436}, + {0x0, 7, 8, 3437}, + {0x1e64, 16, 16, 3438}, + {0x0, 5, 6, 3438}, + {0x2f9a6, 16, 16, 3439}, + {0x0, 4, 8, 3439}, + {0x387, 16, 16, 3443}, + {0x1ffd, 16, 16, 3443}, + {0x0, 9, 11, 3443}, + {0xf928, 16, 16, 3445}, + {0x0, 0, 1, 3445}, + {0x0, 0, 1, 3446}, + {0x0, 3, 4, 3447}, + {0x0, 0, 3, 3448}, + {0x0, 3, 4, 3451}, + {0x1ee2, 16, 16, 3452}, + {0x0, 4, 16, 3452}, + {0x0, 4, 14, 3464}, + {0xf9d1, 16, 16, 3474}, + {0x0, 1, 14, 3474}, + {0x0, 1, 12, 3487}, + {0x2f9e6, 16, 16, 3498}, + {0x0, 13, 14, 3498}, + {0x2fa0c, 16, 16, 3499}, + {0x0, 0, 1, 3499}, + {0x0, 0, 1, 3500}, + {0x0, 3, 4, 3501}, + {0x0, 0, 1, 3502}, + {0x0, 4, 5, 3503}, + {0x230, 16, 16, 3504}, + {0x0, 0, 1, 3504}, + {0x0, 0, 1, 3505}, + {0x0, 3, 4, 3506}, + {0x0, 4, 5, 3507}, + {0x0, 5, 6, 3508}, + {0x1faf, 16, 16, 3509}, + {0x0, 14, 15, 3509}, + {0xf9a6, 16, 16, 3510}, + {0x0, 13, 14, 3510}, + {0x2f87a, 16, 16, 3511}, + {0x0, 0, 7, 3511}, + {0x3ac, 16, 16, 3518}, + {0x1f70, 16, 16, 3518}, + {0x0, 7, 8, 3518}, + {0x0, 0, 1, 3519}, + {0x0, 0, 1, 3520}, + {0x0, 6, 7, 3521}, + {0x0, 5, 6, 3522}, + {0x0, 3, 6, 3523}, + {0x623, 16, 16, 3526}, + {0x625, 16, 16, 3526}, + {0x1fb1, 16, 16, 3526}, + {0x1fb0, 16, 16, 3526}, + {0xf9a2, 16, 16, 3526}, + {0x0, 10, 11, 3526}, + {0xf9d6, 16, 16, 3527}, + {0x0, 3, 4, 3527}, + {0x2f844, 16, 16, 3528}, + {0x0, 1, 2, 3528}, + {0x1e0f, 16, 16, 3529}, + {0x0, 14, 15, 3529}, + {0xf9c0, 16, 16, 3530}, + {0x0, 6, 7, 3530}, + {0xf9dc, 16, 16, 3531}, + {0x2f810, 16, 16, 3531}, + {0x2f814, 16, 16, 3531}, + {0xf978, 16, 16, 3531}, + {0x2f9e4, 16, 16, 3531}, + {0x0, 0, 16, 3531}, + {0x0, 13, 14, 3547}, + {0xf9ed, 16, 16, 3548}, + {0x0, 0, 1, 3548}, + {0x0, 3, 4, 3549}, + {0x0, 0, 1, 3550}, + {0x0, 9, 10, 3551}, + {0x0, 9, 11, 3552}, + {0x3071, 16, 16, 3554}, + {0x0, 2, 16, 3554}, + {0x0, 1, 12, 3568}, + {0x2f9af, 16, 16, 3579}, + {0x0, 0, 1, 3579}, + {0x0, 0, 1, 3580}, + {0x0, 3, 4, 3581}, + {0x0, 0, 4, 3582}, + {0x0, 3, 14, 3586}, + {0x1e4b, 16, 16, 3597}, + {0x0, 0, 1, 3597}, + {0x0, 0, 1, 3598}, + {0x0, 3, 4, 3599}, + {0x0, 4, 5, 3600}, + {0x0, 5, 6, 3601}, + {0x1f9a, 16, 16, 3602}, + {0x0, 5, 7, 3602}, + {0x2f829, 16, 16, 3604}, + {0x2f82a, 16, 16, 3604}, + {0x0, 3, 16, 3604}, + {0x0, 14, 15, 3617}, + {0xf999, 16, 16, 3618}, + {0x0, 7, 15, 3618}, + {0xf9bc, 16, 16, 3626}, + {0x0, 0, 1, 3626}, + {0x0, 0, 1, 3627}, + {0x0, 3, 4, 3628}, + {0x0, 3, 4, 3629}, + {0x0, 8, 9, 3630}, + {0x21cd, 16, 16, 3631}, + {0x0, 0, 1, 3631}, + {0x0, 0, 1, 3632}, + {0x0, 3, 4, 3633}, + {0x0, 3, 4, 3634}, + {0x0, 8, 9, 3635}, + {0x2262, 16, 16, 3636}, + {0x0, 0, 2, 3636}, + {0x3ae, 16, 16, 3638}, + {0x1f74, 16, 16, 3638}, + {0x0, 0, 1, 3638}, + {0x0, 0, 1, 3639}, + {0x0, 3, 4, 3640}, + {0x0, 0, 4, 3641}, + {0x0, 1, 2, 3645}, + {0x1e96, 16, 16, 3646}, + {0x0, 0, 1, 3646}, + {0x0, 3, 4, 3647}, + {0x0, 0, 1, 3648}, + {0x0, 9, 10, 3649}, + {0x0, 9, 10, 3650}, + {0x30b8, 16, 16, 3651}, + {0x0, 2, 7, 3651}, + {0xf97d, 16, 16, 3656}, + {0xf941, 16, 16, 3656}, + {0x1e47, 16, 16, 3656}, + {0x146, 16, 16, 3656}, + {0x0, 0, 1, 3656}, + {0x1e2d, 16, 16, 3657}, + {0x2f9b2, 16, 16, 3657}, + {0x0, 0, 1, 3657}, + {0xf9fa, 16, 16, 3658}, + {0x3070, 16, 16, 3658}, + {0x0, 8, 9, 3658}, + {0xf90c, 16, 16, 3659}, + {0x0, 0, 1, 3659}, + {0x0, 0, 1, 3660}, + {0x0, 3, 4, 3661}, + {0x0, 0, 1, 3662}, + {0x0, 0, 10, 3663}, + {0x1ea6, 16, 16, 3673}, + {0x1ea4, 16, 16, 3673}, + {0x1eaa, 16, 16, 3673}, + {0x0, 14, 15, 3673}, + {0xf92c, 16, 16, 3674}, + {0x1ea8, 16, 16, 3674}, + {0x0, 0, 1, 3674}, + {0x0, 3, 4, 3675}, + {0x0, 0, 1, 3676}, + {0x0, 9, 10, 3677}, + {0x0, 9, 10, 3678}, + {0x30c2, 16, 16, 3679}, + {0x0, 0, 9, 3679}, + {0x340, 16, 16, 3688}, + {0x341, 16, 16, 3688}, + {0x0, 0, 15, 3688}, + {0x0, 6, 7, 3703}, + {0x2f94c, 16, 16, 3704}, + {0x0, 3, 4, 3704}, + {0x2f8e9, 16, 16, 3705}, + {0x0, 6, 7, 3705}, + {0xf9fe, 16, 16, 3706}, + {0x0, 8, 9, 3706}, + {0x0, 0, 1, 3707}, + {0x2f965, 16, 16, 3708}, + {0x0, 12, 13, 3708}, + {0x0, 0, 1, 3709}, + {0x0, 0, 1, 3710}, + {0x0, 3, 4, 3711}, + {0x0, 3, 4, 3712}, + {0x0, 8, 9, 3713}, + {0x2241, 16, 16, 3714}, + {0x1f75, 0, 1, 3714}, + {0x0, 0, 1, 3715}, + {0x0, 3, 4, 3716}, + {0x0, 4, 5, 3717}, + {0x0, 5, 6, 3718}, + {0x1fc4, 16, 16, 3719}, + {0x0, 8, 9, 3719}, + {0x0, 1, 2, 3720}, + {0x2f876, 16, 16, 3721}, + {0x0, 0, 15, 3721}, + {0xfa19, 16, 16, 3736}, + {0x0, 15, 16, 3736}, + {0x0, 0, 1, 3737}, + {0x0, 3, 4, 3738}, + {0x0, 0, 1, 3739}, + {0x0, 9, 10, 3740}, + {0x0, 9, 10, 3741}, + {0x30f7, 16, 16, 3742}, + {0x0, 1, 2, 3742}, + {0xf9e8, 16, 16, 3743}, + {0x0, 1, 16, 3743}, + {0x154, 16, 16, 3758}, + {0x0, 7, 8, 3758}, + {0x0, 12, 13, 3759}, + {0x2f95c, 16, 16, 3760}, + {0x0, 7, 8, 3760}, + {0xf933, 16, 16, 3761}, + {0x0, 0, 16, 3761}, + {0x0, 3, 11, 3777}, + {0x2f8df, 16, 16, 3785}, + {0xfa50, 16, 16, 3785}, + {0xfa4f, 16, 16, 3785}, + {0x0, 8, 12, 3785}, + {0x2f920, 16, 16, 3789}, + {0x0, 3, 4, 3789}, + {0x1e88, 16, 16, 3790}, + {0x0, 0, 1, 3790}, + {0x0, 3, 4, 3791}, + {0x0, 0, 1, 3792}, + {0x0, 9, 10, 3793}, + {0x0, 9, 11, 3794}, + {0x3077, 16, 16, 3796}, + {0x0, 10, 11, 3796}, + {0x2f917, 16, 16, 3797}, + {0x0, 14, 16, 3797}, + {0x0, 12, 13, 3799}, + {0x2f868, 16, 16, 3800}, + {0x0, 1, 7, 3800}, + {0x0, 2, 3, 3806}, + {0x2fa0a, 16, 16, 3807}, + {0x0, 0, 1, 3807}, + {0x0, 0, 1, 3808}, + {0x0, 3, 4, 3809}, + {0x0, 4, 5, 3810}, + {0x0, 5, 6, 3811}, + {0x1f86, 16, 16, 3812}, + {0x0, 1, 6, 3812}, + {0xfa59, 16, 16, 3817}, + {0x2f970, 16, 16, 3817}, + {0x0, 9, 10, 3817}, + {0x2f887, 16, 16, 3818}, + {0x0, 0, 9, 3818}, + {0x0, 8, 9, 3827}, + {0xf9fc, 16, 16, 3828}, + {0x0, 7, 8, 3828}, + {0xf9f4, 16, 16, 3829}, + {0x0, 8, 10, 3829}, + {0x0, 0, 1, 3831}, + {0x0, 0, 1, 3832}, + {0x0, 3, 4, 3833}, + {0x0, 0, 1, 3834}, + {0x0, 8, 9, 3835}, + {0x4da, 16, 16, 3836}, + {0x0, 1, 2, 3836}, + {0xf9b9, 16, 16, 3837}, + {0x0, 3, 13, 3837}, + {0x0, 14, 15, 3847}, + {0x2f9cd, 16, 16, 3848}, + {0x0, 6, 7, 3848}, + {0x2f866, 16, 16, 3849}, + {0x0, 8, 10, 3849}, + {0x0, 0, 1, 3851}, + {0x0, 0, 1, 3852}, + {0x0, 3, 4, 3853}, + {0x0, 0, 1, 3854}, + {0x0, 2, 3, 3855}, + {0x1ec7, 16, 16, 3856}, + {0x0, 14, 15, 3856}, + {0x2f867, 16, 16, 3857}, + {0x0, 3, 14, 3857}, + {0x118, 16, 16, 3868}, + {0x0, 0, 1, 3868}, + {0x0, 0, 1, 3869}, + {0x0, 3, 4, 3870}, + {0x0, 0, 5, 3871}, + {0x0, 0, 2, 3876}, + {0x1f2d, 16, 16, 3878}, + {0x228, 16, 16, 3878}, + {0x0, 4, 15, 3878}, + {0x0, 7, 8, 3889}, + {0x2f8fe, 16, 16, 3890}, + {0x1eb8, 16, 16, 3890}, + {0x0, 2, 13, 3890}, + {0x0, 0, 1, 3901}, + {0xf9f8, 16, 16, 3902}, + {0x0, 14, 15, 3902}, + {0xf989, 16, 16, 3903}, + {0x0, 2, 8, 3903}, + {0x2f8f3, 16, 16, 3909}, + {0x0, 6, 7, 3909}, + {0x2f873, 16, 16, 3910}, + {0x0, 0, 16, 3910}, + {0x0, 1, 2, 3926}, + {0x2f8be, 16, 16, 3927}, + {0x0, 12, 15, 3927}, + {0xfa18, 16, 16, 3930}, + {0x0, 8, 9, 3930}, + {0xf969, 16, 16, 3931}, + {0x0, 5, 13, 3931}, + {0x0, 3, 13, 3939}, + {0x2f98a, 16, 16, 3949}, + {0x0, 9, 10, 3949}, + {0xf9cd, 16, 16, 3950}, + {0x1e18, 16, 16, 3950}, + {0x0, 0, 1, 3950}, + {0x0, 0, 1, 3951}, + {0x0, 3, 4, 3952}, + {0x0, 0, 1, 3953}, + {0x0, 4, 5, 3954}, + {0x1e5c, 16, 16, 3955}, + {0xf98c, 16, 16, 3955}, + {0x0, 12, 16, 3955}, + {0x0, 13, 14, 3959}, + {0x2fa0e, 16, 16, 3960}, + {0x0, 9, 14, 3960}, + {0x0, 15, 16, 3965}, + {0x2f81f, 16, 16, 3966}, + {0x0, 2, 13, 3966}, + {0x0, 6, 7, 3977}, + {0x2f952, 16, 16, 3978}, + {0x0, 0, 1, 3978}, + {0x0, 0, 1, 3979}, + {0x0, 3, 4, 3980}, + {0x0, 0, 3, 3981}, + {0x0, 1, 13, 3984}, + {0x160, 16, 16, 3996}, + {0x0, 0, 1, 3996}, + {0x0, 3, 4, 3997}, + {0x0, 0, 1, 3998}, + {0x0, 9, 10, 3999}, + {0x0, 9, 10, 4000}, + {0x30ac, 16, 16, 4001}, + {0x0, 9, 10, 4001}, + {0xf9d5, 16, 16, 4002}, + {0x0, 0, 1, 4002}, + {0x0, 0, 1, 4003}, + {0x0, 3, 4, 4004}, + {0x0, 0, 5, 4005}, + {0x0, 0, 2, 4010}, + {0x3ce, 16, 16, 4012}, + {0x0, 11, 12, 4012}, + {0x2f8f8, 16, 16, 4013}, + {0x0, 0, 1, 4013}, + {0x0, 0, 1, 4014}, + {0x0, 3, 4, 4015}, + {0x0, 0, 1, 4016}, + {0x0, 0, 9, 4017}, + {0x451, 16, 16, 4026}, + {0x450, 16, 16, 4026}, + {0x0, 3, 13, 4026}, + {0x0, 3, 4, 4036}, + {0x2fa03, 16, 16, 4037}, + {0x4d7, 16, 16, 4037}, + {0xf9c9, 16, 16, 4037}, + {0x1e60, 16, 16, 4037}, + {0x15a, 16, 16, 4037}, + {0x15c, 16, 16, 4037}, + {0xf91e, 16, 16, 4037}, + {0x0, 0, 1, 4037}, + {0x0, 0, 1, 4038}, + {0x0, 3, 4, 4039}, + {0x0, 0, 1, 4040}, + {0x0, 0, 10, 4041}, + {0x1eab, 16, 16, 4051}, + {0x1ea7, 16, 16, 4051}, + {0x1ea5, 16, 16, 4051}, + {0x1ea9, 16, 16, 4051}, + {0x0, 2, 14, 4051}, + {0x0, 10, 11, 4063}, + {0xfa16, 16, 16, 4064}, + {0x0, 11, 12, 4064}, + {0xf9a4, 16, 16, 4065}, + {0x0, 0, 1, 4065}, + {0x0, 0, 1, 4066}, + {0x0, 3, 4, 4067}, + {0x0, 3, 4, 4068}, + {0x0, 8, 9, 4069}, + {0x226d, 16, 16, 4070}, + {0x0, 0, 1, 4070}, + {0x0, 0, 1, 4071}, + {0x0, 3, 4, 4072}, + {0x0, 4, 5, 4073}, + {0x0, 5, 6, 4074}, + {0x1f9f, 16, 16, 4075}, + {0x0, 0, 1, 4075}, + {0x0, 0, 1, 4076}, + {0x0, 3, 4, 4077}, + {0x0, 4, 5, 4078}, + {0x0, 5, 6, 4079}, + {0x1fad, 16, 16, 4080}, + {0x0, 0, 1, 4080}, + {0x0, 0, 1, 4081}, + {0x0, 3, 4, 4082}, + {0x0, 0, 3, 4083}, + {0x0, 3, 4, 4086}, + {0x1ee3, 16, 16, 4087}, + {0x0, 13, 14, 4087}, + {0x2f9ae, 16, 16, 4088}, + {0x0, 3, 15, 4088}, + {0x1e2b, 16, 16, 4100}, + {0x0, 12, 13, 4100}, + {0x2f9ea, 16, 16, 4101}, + {0x0, 12, 13, 4101}, + {0x0, 10, 11, 4102}, + {0x2f9ab, 16, 16, 4103}, + {0x0, 0, 1, 4103}, + {0x0, 0, 1, 4104}, + {0x0, 3, 4, 4105}, + {0x0, 0, 5, 4106}, + {0x0, 0, 7, 4111}, + {0x1fba, 16, 16, 4118}, + {0x386, 16, 16, 4118}, + {0x1fb8, 16, 16, 4118}, + {0x0, 7, 8, 4118}, + {0x2f811, 16, 16, 4119}, + {0x1fb9, 16, 16, 4119}, + {0x0, 1, 14, 4119}, + {0x0, 14, 15, 4132}, + {0x2f909, 16, 16, 4133}, + {0x0, 0, 13, 4133}, + {0xf936, 16, 16, 4146}, + {0x0, 6, 7, 4146}, + {0x0, 0, 1, 4147}, + {0x0, 0, 1, 4148}, + {0x0, 3, 4, 4149}, + {0x0, 4, 5, 4150}, + {0x0, 5, 6, 4151}, + {0x1fc7, 16, 16, 4152}, + {0x0, 0, 11, 4152}, + {0x0, 0, 1, 4163}, + {0x0, 0, 1, 4164}, + {0x0, 3, 4, 4165}, + {0x0, 0, 1, 4166}, + {0x0, 7, 9, 4167}, + {0x1e8b, 16, 16, 4169}, + {0x0, 1, 8, 4169}, + {0x1e3f, 16, 16, 4176}, + {0x1e41, 16, 16, 4176}, + {0x0, 0, 16, 4176}, + {0x0, 4, 5, 4192}, + {0xf93f, 16, 16, 4193}, + {0x0, 7, 8, 4193}, + {0x2f964, 16, 16, 4194}, + {0x0, 6, 7, 4194}, + {0x2f9be, 16, 16, 4195}, + {0x1e8d, 16, 16, 4195}, + {0x0, 0, 1, 4195}, + {0x0, 0, 1, 4196}, + {0x0, 3, 4, 4197}, + {0x0, 0, 1, 4198}, + {0x0, 0, 2, 4199}, + {0x1e14, 16, 16, 4201}, + {0x0, 7, 8, 4201}, + {0xfa31, 16, 16, 4202}, + {0x0, 0, 1, 4202}, + {0x0, 0, 1, 4203}, + {0x0, 3, 4, 4204}, + {0x0, 0, 1, 4205}, + {0x0, 1, 2, 4206}, + {0x1e2f, 16, 16, 4207}, + {0x0, 7, 8, 4207}, + {0xf963, 16, 16, 4208}, + {0x2f9b3, 16, 16, 4208}, + {0x0, 0, 1, 4208}, + {0x0, 0, 1, 4209}, + {0x0, 3, 4, 4210}, + {0x0, 0, 5, 4211}, + {0x0, 2, 3, 4216}, + {0x1f3e, 16, 16, 4217}, + {0x0, 0, 1, 4217}, + {0x0, 0, 1, 4218}, + {0x0, 3, 4, 4219}, + {0x0, 0, 1, 4220}, + {0x0, 1, 2, 4221}, + {0x1e2e, 16, 16, 4222}, + {0x1e29, 16, 16, 4222}, + {0x0, 0, 1, 4222}, + {0x0, 0, 1, 4223}, + {0x0, 3, 4, 4224}, + {0x0, 0, 4, 4225}, + {0x0, 1, 2, 4229}, + {0x1e06, 16, 16, 4230}, + {0x1e25, 16, 16, 4230}, + {0xec, 16, 16, 4230}, + {0xed, 16, 16, 4230}, + {0xee, 16, 16, 4230}, + {0x129, 16, 16, 4230}, + {0x12b, 16, 16, 4230}, + {0x12d, 16, 16, 4230}, + {0xef, 16, 16, 4230}, + {0x1ec9, 16, 16, 4230}, + {0x0, 6, 16, 4230}, + {0x2f83b, 16, 16, 4240}, + {0x0, 1, 2, 4240}, + {0xf909, 16, 16, 4241}, + {0x2f969, 16, 16, 4241}, + {0x0, 8, 11, 4241}, + {0x2f9c9, 16, 16, 4244}, + {0x0, 1, 13, 4244}, + {0x1e30, 16, 16, 4256}, + {0x1a1, 16, 16, 4256}, + {0x0, 3, 12, 4256}, + {0x0, 0, 1, 4265}, + {0x0, 0, 1, 4266}, + {0x0, 3, 4, 4267}, + {0x0, 3, 4, 4268}, + {0x0, 8, 9, 4269}, + {0x2209, 16, 16, 4270}, + {0x0, 13, 14, 4270}, + {0xf918, 16, 16, 4271}, + {0xf97b, 16, 16, 4271}, + {0x0, 1, 13, 4271}, + {0x2f9a9, 16, 16, 4283}, + {0x2f9a8, 16, 16, 4283}, + {0x0, 8, 9, 4283}, + {0x2f86e, 16, 16, 4284}, + {0x0, 4, 5, 4284}, + {0x2f9e2, 16, 16, 4285}, + {0xf9de, 16, 16, 4285}, + {0x1e8, 16, 16, 4285}, + {0x0, 3, 4, 4285}, + {0x2f99c, 16, 16, 4286}, + {0x0, 6, 7, 4286}, + {0x2f94b, 16, 16, 4287}, + {0x209, 16, 16, 4287}, + {0x0, 2, 3, 4287}, + {0xfa4a, 16, 16, 4288}, + {0xf9c2, 16, 16, 4288}, + {0x0, 0, 1, 4288}, + {0x0, 0, 1, 4289}, + {0x0, 3, 4, 4290}, + {0x0, 0, 1, 4291}, + {0x0, 8, 9, 4292}, + {0x4db, 16, 16, 4293}, + {0x0, 5, 6, 4293}, + {0xfa1a, 16, 16, 4294}, + {0x0, 4, 15, 4294}, + {0x2f8a9, 16, 16, 4305}, + {0x0, 3, 14, 4305}, + {0x0, 0, 1, 4316}, + {0x0, 0, 1, 4317}, + {0x0, 3, 4, 4318}, + {0x0, 0, 1, 4319}, + {0x0, 4, 12, 4320}, + {0x4f0, 16, 16, 4328}, + {0x0, 5, 10, 4328}, + {0xf993, 16, 16, 4333}, + {0x2f8a8, 16, 16, 4333}, + {0x2f91c, 16, 16, 4333}, + {0x40e, 16, 16, 4333}, + {0x4ee, 16, 16, 4333}, + {0x0, 5, 6, 4333}, + {0x2f986, 16, 16, 4334}, + {0x0, 11, 12, 4334}, + {0xf922, 16, 16, 4335}, + {0x0, 5, 6, 4335}, + {0x1fcc, 16, 16, 4336}, + {0x0, 0, 1, 4336}, + {0x0, 3, 4, 4337}, + {0x0, 0, 1, 4338}, + {0x0, 9, 10, 4339}, + {0x0, 9, 10, 4340}, + {0x3056, 16, 16, 4341}, + {0x0, 7, 16, 4341}, + {0xf9da, 16, 16, 4350}, + {0x0, 7, 8, 4350}, + {0x2f96e, 16, 16, 4351}, + {0xf9d9, 16, 16, 4351}, + {0x4f2, 16, 16, 4351}, + {0x2f8a6, 16, 16, 4351}, + {0x0, 8, 9, 4351}, + {0x2f869, 16, 16, 4352}, + {0x0, 8, 9, 4352}, + {0xf9ef, 16, 16, 4353}, + {0x0, 5, 6, 4353}, + {0x2f8e0, 16, 16, 4354}, + {0x0, 0, 9, 4354}, + {0x0, 11, 12, 4363}, + {0x2f94a, 16, 16, 4364}, + {0x0, 0, 10, 4364}, + {0x0, 13, 14, 4374}, + {0xf9c4, 16, 16, 4375}, + {0x2f8e5, 16, 16, 4375}, + {0x0, 0, 1, 4375}, + {0x1e1a, 16, 16, 4376}, + {0x0, 10, 11, 4376}, + {0x0, 11, 12, 4377}, + {0x2f91f, 16, 16, 4378}, + {0x0, 0, 1, 4378}, + {0x0, 0, 1, 4379}, + {0x0, 3, 4, 4380}, + {0x0, 0, 3, 4381}, + {0x0, 0, 16, 4384}, + {0x200, 16, 16, 4400}, + {0x1cd, 16, 16, 4400}, + {0xc5, 16, 16, 4400}, + {0x0, 13, 14, 4400}, + {0x2f8d6, 16, 16, 4401}, + {0x0, 5, 6, 4401}, + {0xf976, 16, 16, 4402}, + {0x0, 6, 12, 4402}, + {0xf9b5, 16, 16, 4408}, + {0x0, 0, 1, 4408}, + {0x0, 0, 1, 4409}, + {0x0, 3, 4, 4410}, + {0x0, 0, 4, 4411}, + {0x0, 3, 14, 4415}, + {0x21a, 16, 16, 4426}, + {0x162, 16, 16, 4426}, + {0x1e6c, 16, 16, 4426}, + {0x0, 0, 2, 4426}, + {0x1f05, 16, 16, 4428}, + {0x1f03, 16, 16, 4428}, + {0x0, 1, 2, 4428}, + {0x2f8ef, 16, 16, 4429}, + {0x0, 7, 8, 4429}, + {0x2f9ce, 16, 16, 4430}, + {0xf92d, 16, 16, 4430}, + {0x0, 10, 15, 4430}, + {0x0, 8, 9, 4435}, + {0x2f860, 16, 16, 4436}, + {0x1e70, 16, 16, 4436}, + {0x0, 4, 5, 4436}, + {0xfa2d, 16, 16, 4437}, + {0x0, 12, 13, 4437}, + {0x2f8c9, 16, 16, 4438}, + {0x102, 16, 16, 4438}, + {0x226, 16, 16, 4438}, + {0x100, 16, 16, 4438}, + {0xc2, 16, 16, 4438}, + {0xc3, 16, 16, 4438}, + {0xc0, 16, 16, 4438}, + {0xc1, 16, 16, 4438}, + {0x0, 2, 3, 4438}, + {0x2fa06, 16, 16, 4439}, + {0x0, 2, 3, 4439}, + {0x1f57, 16, 16, 4440}, + {0x0, 5, 6, 4440}, + {0x2f9d2, 16, 16, 4441}, + {0xc4, 16, 16, 4441}, + {0x1ea2, 16, 16, 4441}, + {0x0, 8, 9, 4441}, + {0x2f8bb, 16, 16, 4442}, + {0x0, 15, 16, 4442}, + {0xf910, 16, 16, 4443}, + {0x0, 0, 1, 4443}, + {0x0, 0, 1, 4444}, + {0x0, 3, 4, 4445}, + {0x0, 0, 1, 4446}, + {0x0, 1, 8, 4447}, + {0x1e57, 16, 16, 4454}, + {0x1e55, 16, 16, 4454}, + {0x0, 3, 4, 4454}, + {0xf9e0, 16, 16, 4455}, + {0x0, 0, 1, 4455}, + {0x0, 0, 1, 4456}, + {0x0, 3, 4, 4457}, + {0x0, 0, 3, 4458}, + {0x0, 0, 16, 4461}, + {0xd5, 16, 16, 4477}, + {0x0, 0, 10, 4477}, + {0x1ee0, 16, 16, 4487}, + {0x1eda, 16, 16, 4487}, + {0x1edc, 16, 16, 4487}, + {0x0, 0, 1, 4487}, + {0x0, 0, 1, 4488}, + {0x0, 3, 4, 4489}, + {0x0, 3, 4, 4490}, + {0x0, 8, 9, 4491}, + {0x22ea, 16, 16, 4492}, + {0x1ede, 16, 16, 4492}, + {0x0, 1, 16, 4492}, + {0x0, 14, 15, 4507}, + {0x2f852, 16, 16, 4508}, + {0x0, 0, 12, 4508}, + {0x2f8b2, 16, 16, 4520}, + {0x0, 12, 14, 4520}, + {0x0, 4, 5, 4522}, + {0x2f9de, 16, 16, 4523}, + {0x0, 12, 13, 4523}, + {0x2f88a, 16, 16, 4524}, + {0x0, 0, 14, 4524}, + {0xfa32, 16, 16, 4538}, + {0x0, 0, 1, 4538}, + {0x0, 0, 1, 4539}, + {0x0, 3, 4, 4540}, + {0x0, 0, 1, 4541}, + {0x0, 7, 8, 4542}, + {0x1e67, 16, 16, 4543}, + {0x0, 8, 9, 4543}, + {0x2f9b8, 16, 16, 4544}, + {0x0, 9, 10, 4544}, + {0x2f8de, 16, 16, 4545}, + {0x1f7c, 16, 16, 4545}, + {0x0, 2, 3, 4545}, + {0x1fdf, 16, 16, 4546}, + {0x0, 6, 7, 4546}, + {0x0, 11, 12, 4547}, + {0x2f9a5, 16, 16, 4548}, + {0x0, 6, 7, 4548}, + {0xfa01, 16, 16, 4549}, + {0x0, 9, 10, 4549}, + {0x2f809, 16, 16, 4550}, + {0x0, 4, 14, 4550}, + {0x0, 15, 16, 4560}, + {0x2f81c, 16, 16, 4561}, + {0x0, 9, 10, 4561}, + {0x2f9b7, 16, 16, 4562}, + {0x0, 12, 15, 4562}, + {0xf973, 16, 16, 4565}, + {0x0, 0, 1, 4565}, + {0x0, 3, 4, 4566}, + {0x0, 0, 1, 4567}, + {0x0, 9, 10, 4568}, + {0x0, 9, 10, 4569}, + {0x30c0, 16, 16, 4570}, + {0x0, 3, 5, 4570}, + {0x1f08, 16, 16, 4572}, + {0x2f8b3, 16, 16, 4572}, + {0x1f09, 16, 16, 4572}, + {0x2f8ba, 16, 16, 4572}, + {0x0, 0, 1, 4572}, + {0x0, 0, 1, 4573}, + {0x0, 3, 4, 4574}, + {0x0, 0, 5, 4575}, + {0x0, 0, 2, 4580}, + {0x1fd2, 16, 16, 4582}, + {0x390, 16, 16, 4582}, + {0xfa0c, 16, 16, 4582}, + {0x0, 0, 1, 4582}, + {0x0, 0, 1, 4583}, + {0x0, 3, 4, 4584}, + {0x0, 0, 1, 4585}, + {0x0, 1, 2, 4586}, + {0x1e79, 16, 16, 4587}, + {0x0, 4, 16, 4587}, + {0x2f8ad, 16, 16, 4599}, + {0x0, 2, 3, 4599}, + {0x0, 15, 16, 4600}, + {0x2f958, 16, 16, 4601}, + {0x0, 5, 8, 4601}, + {0x2f81b, 16, 16, 4604}, + {0x0, 0, 1, 4604}, + {0x0, 0, 1, 4605}, + {0x0, 3, 4, 4606}, + {0x0, 3, 4, 4607}, + {0x0, 8, 9, 4608}, + {0x2275, 16, 16, 4609}, + {0x0, 0, 13, 4609}, + {0x148, 16, 16, 4622}, + {0x0, 0, 15, 4622}, + {0x0, 14, 15, 4637}, + {0x2f985, 16, 16, 4638}, + {0x0, 0, 7, 4638}, + {0xfa66, 16, 16, 4645}, + {0xf971, 16, 16, 4645}, + {0x0, 1, 2, 4645}, + {0x20b, 16, 16, 4646}, + {0x0, 0, 1, 4646}, + {0x0, 0, 1, 4647}, + {0x0, 3, 4, 4648}, + {0x0, 0, 5, 4649}, + {0x0, 2, 3, 4654}, + {0x1fe6, 16, 16, 4655}, + {0x0, 2, 3, 4655}, + {0x1f3f, 16, 16, 4656}, + {0x0, 7, 8, 4656}, + {0x0, 1, 2, 4657}, + {0x0, 0, 1, 4658}, + {0x0, 0, 1, 4659}, + {0x0, 15, 16, 4660}, + {0x0, 7, 9, 4661}, + {0x0, 0, 1, 4663}, + {0xf81, 16, 16, 4664}, + {0x0, 0, 1, 4664}, + {0x0, 0, 1, 4665}, + {0x0, 3, 4, 4666}, + {0x0, 4, 5, 4667}, + {0x0, 5, 6, 4668}, + {0x1fb2, 16, 16, 4669}, + {0x0, 3, 4, 4669}, + {0x1e04, 16, 16, 4670}, + {0x0, 1, 2, 4670}, + {0x2f96d, 16, 16, 4671}, + {0x0, 0, 16, 4671}, + {0x2f95b, 16, 16, 4687}, + {0x2f95a, 16, 16, 4687}, + {0x1e45, 16, 16, 4687}, + {0x1f9, 16, 16, 4687}, + {0x144, 16, 16, 4687}, + {0x0, 9, 10, 4687}, + {0x2f9eb, 16, 16, 4688}, + {0xf1, 16, 16, 4688}, + {0x0, 0, 1, 4688}, + {0x0, 0, 1, 4689}, + {0x0, 3, 4, 4690}, + {0x0, 0, 1, 4691}, + {0x0, 2, 7, 4692}, + {0x1ead, 16, 16, 4697}, + {0x0, 9, 10, 4697}, + {0x2f913, 16, 16, 4698}, + {0x1eb7, 16, 16, 4698}, + {0x0, 0, 1, 4698}, + {0x0, 0, 1, 4699}, + {0x0, 3, 4, 4700}, + {0x0, 0, 4, 4701}, + {0x0, 0, 13, 4705}, + {0x147, 16, 16, 4718}, + {0x0, 11, 14, 4718}, + {0xfa09, 16, 16, 4721}, + {0x0, 8, 9, 4721}, + {0x2f83d, 16, 16, 4722}, + {0x0, 10, 12, 4722}, + {0x0, 7, 8, 4724}, + {0x2f987, 16, 16, 4725}, + {0x0, 3, 4, 4725}, + {0x2f951, 16, 16, 4726}, + {0x0, 5, 9, 4726}, + {0x0, 14, 15, 4730}, + {0x2f910, 16, 16, 4731}, + {0xfa54, 16, 16, 4731}, + {0x0, 10, 11, 4731}, + {0xfa46, 16, 16, 4732}, + {0x0, 3, 4, 4732}, + {0x2f86d, 16, 16, 4733}, + {0x0, 0, 16, 4733}, + {0x1ecf, 16, 16, 4749}, + {0xf6, 16, 16, 4749}, + {0x14d, 16, 16, 4749}, + {0x0, 3, 4, 4749}, + {0x2f9a0, 16, 16, 4750}, + {0x14f, 16, 16, 4750}, + {0xf3, 16, 16, 4750}, + {0xf2, 16, 16, 4750}, + {0xf5, 16, 16, 4750}, + {0xf4, 16, 16, 4750}, + {0x0, 5, 6, 4750}, + {0x2f8c0, 16, 16, 4751}, + {0x0, 6, 7, 4751}, + {0x2f841, 16, 16, 4752}, + {0x0, 0, 1, 4752}, + {0x0, 0, 1, 4753}, + {0x0, 3, 4, 4754}, + {0x0, 4, 5, 4755}, + {0x0, 5, 6, 4756}, + {0x1f9d, 16, 16, 4757}, + {0x0, 15, 16, 4757}, + {0xf93c, 16, 16, 4758}, + {0x0, 0, 13, 4758}, + {0xf9fd, 16, 16, 4771}, + {0x0, 0, 2, 4771}, + {0x1f65, 16, 16, 4773}, + {0x1f63, 16, 16, 4773}, + {0x2f8ae, 16, 16, 4773}, + {0x0, 0, 1, 4773}, + {0x0, 0, 1, 4774}, + {0x0, 3, 4, 4775}, + {0x0, 0, 1, 4776}, + {0x0, 4, 5, 4777}, + {0x231, 16, 16, 4778}, + {0x0, 2, 4, 4778}, + {0x2f942, 16, 16, 4780}, + {0x2f941, 16, 16, 4780}, + {0xf951, 16, 16, 4780}, + {0x0, 8, 9, 4780}, + {0x2f8ee, 16, 16, 4781}, + {0x2f819, 16, 16, 4781}, + {0x20d, 16, 16, 4781}, + {0x1d2, 16, 16, 4781}, + {0x151, 16, 16, 4781}, + {0x0, 0, 1, 4781}, + {0x0, 0, 1, 4782}, + {0x0, 3, 4, 4783}, + {0x0, 0, 3, 4784}, + {0x0, 3, 4, 4787}, + {0x1e7f, 16, 16, 4788}, + {0x0, 14, 15, 4788}, + {0x2f80c, 16, 16, 4789}, + {0x2f828, 16, 16, 4789}, + {0x0, 15, 16, 4789}, + {0x2f980, 16, 16, 4790}, + {0x0, 5, 10, 4790}, + {0x2f931, 16, 16, 4795}, + {0x0, 14, 15, 4795}, + {0x2f98d, 16, 16, 4796}, + {0x0, 9, 10, 4796}, + {0xfa63, 16, 16, 4797}, + {0xf994, 16, 16, 4797}, + {0x0, 14, 16, 4797}, + {0x2f947, 16, 16, 4799}, + {0x0, 2, 8, 4799}, + {0x0, 0, 1, 4805}, + {0x0, 0, 1, 4806}, + {0x0, 3, 4, 4807}, + {0x0, 3, 4, 4808}, + {0x0, 8, 9, 4809}, + {0x2289, 16, 16, 4810}, + {0x0, 13, 14, 4810}, + {0x0, 1, 2, 4811}, + {0x2f90d, 16, 16, 4812}, + {0x0, 7, 8, 4812}, + {0x2f8a5, 16, 16, 4813}, + {0x0, 5, 11, 4813}, + {0xf9a7, 16, 16, 4819}, + {0x0, 9, 12, 4819}, + {0x2f813, 16, 16, 4822}, + {0x0, 8, 10, 4822}, + {0x0, 15, 16, 4824}, + {0x2f939, 16, 16, 4825}, + {0x0, 0, 1, 4825}, + {0x0, 0, 1, 4826}, + {0x0, 3, 4, 4827}, + {0x0, 0, 1, 4828}, + {0x0, 0, 10, 4829}, + {0x1ec1, 16, 16, 4839}, + {0x0, 10, 11, 4839}, + {0xf911, 16, 16, 4840}, + {0x2f928, 16, 16, 4840}, + {0x0, 11, 12, 4840}, + {0xf9c8, 16, 16, 4841}, + {0x0, 0, 1, 4841}, + {0xf962, 16, 16, 4842}, + {0x0, 14, 15, 4842}, + {0xf957, 16, 16, 4843}, + {0x0, 0, 1, 4843}, + {0x0, 0, 1, 4844}, + {0x0, 3, 4, 4845}, + {0x0, 0, 1, 4846}, + {0x0, 4, 5, 4847}, + {0x1e1, 16, 16, 4848}, + {0x0, 1, 2, 4848}, + {0x1e6e, 16, 16, 4849}, + {0x0, 10, 11, 4849}, + {0x2f8aa, 16, 16, 4850}, + {0x0, 8, 9, 4850}, + {0xf9c5, 16, 16, 4851}, + {0x0, 0, 1, 4851}, + {0x0, 0, 1, 4852}, + {0x0, 3, 4, 4853}, + {0x0, 0, 1, 4854}, + {0x0, 4, 5, 4855}, + {0x1df, 16, 16, 4856}, + {0x0, 0, 2, 4856}, + {0x1f02, 16, 16, 4858}, + {0x1f04, 16, 16, 4858}, + {0x0, 14, 15, 4858}, + {0xf984, 16, 16, 4859}, + {0x0, 2, 3, 4859}, + {0x0, 5, 6, 4860}, + {0x0, 0, 1, 4861}, + {0x0, 1, 2, 4862}, + {0x0, 0, 1, 4863}, + {0x0, 2, 3, 4864}, + {0x0, 14, 15, 4865}, + {0x1026, 16, 16, 4866}, + {0x0, 14, 15, 4866}, + {0x2f8fa, 16, 16, 4867}, + {0x2f9ca, 16, 16, 4867}, + {0x0, 0, 1, 4867}, + {0x0, 0, 1, 4868}, + {0x0, 3, 4, 4869}, + {0x0, 0, 5, 4870}, + {0x0, 0, 2, 4875}, + {0x1f25, 16, 16, 4877}, + {0x0, 11, 16, 4877}, + {0x2f806, 16, 16, 4882}, + {0x0, 1, 2, 4882}, + {0x202, 16, 16, 4883}, + {0x0, 0, 1, 4883}, + {0x2f8b7, 16, 16, 4884}, + {0x0, 2, 3, 4884}, + {0x2f982, 16, 16, 4885}, + {0x0, 8, 10, 4885}, + {0x0, 0, 1, 4887}, + {0x0, 0, 1, 4888}, + {0x0, 3, 4, 4889}, + {0x0, 0, 1, 4890}, + {0x0, 8, 9, 4891}, + {0x4ea, 16, 16, 4892}, + {0x0, 0, 1, 4892}, + {0xf98f, 16, 16, 4893}, + {0x0, 13, 15, 4893}, + {0x0, 13, 14, 4895}, + {0x2f9e1, 16, 16, 4896}, + {0x0, 0, 1, 4896}, + {0x0, 0, 1, 4897}, + {0x0, 3, 4, 4898}, + {0x0, 0, 2, 4899}, + {0x0, 0, 2, 4901}, + {0x38c, 16, 16, 4903}, + {0x0, 2, 7, 4903}, + {0xf90d, 16, 16, 4908}, + {0x0, 2, 3, 4908}, + {0x2f875, 16, 16, 4909}, + {0x0, 14, 15, 4909}, + {0xf9d2, 16, 16, 4910}, + {0x0, 10, 11, 4910}, + {0xf902, 16, 16, 4911}, + {0x22f, 16, 16, 4911}, + {0x0, 2, 3, 4911}, + {0x1f56, 16, 16, 4912}, + {0x0, 3, 8, 4912}, + {0x15e, 16, 16, 4917}, + {0x218, 16, 16, 4917}, + {0x1e62, 16, 16, 4917}, + {0x0, 2, 7, 4917}, + {0xf9ba, 16, 16, 4922}, + {0xf91b, 16, 16, 4922}, + {0x0, 3, 10, 4922}, + {0x0, 6, 7, 4929}, + {0x2f916, 16, 16, 4930}, + {0x0, 0, 1, 4930}, + {0x0, 0, 1, 4931}, + {0x0, 3, 4, 4932}, + {0x0, 3, 4, 4933}, + {0x0, 8, 9, 4934}, + {0x22ae, 16, 16, 4935}, + {0x0, 7, 8, 4935}, + {0x2f973, 16, 16, 4936}, + {0x0, 0, 1, 4936}, + {0x0, 0, 1, 4937}, + {0x0, 3, 4, 4938}, + {0x0, 4, 5, 4939}, + {0x0, 5, 6, 4940}, + {0x1fa6, 16, 16, 4941}, + {0x0, 0, 1, 4941}, + {0x0, 0, 1, 4942}, + {0x0, 3, 4, 4943}, + {0x0, 0, 1, 4944}, + {0x0, 0, 2, 4945}, + {0x1f42, 16, 16, 4947}, + {0x1f44, 16, 16, 4947}, + {0x0, 3, 4, 4947}, + {0x2f843, 16, 16, 4948}, + {0x0, 10, 11, 4948}, + {0x0, 3, 4, 4949}, + {0x2f8ec, 16, 16, 4950}, + {0x0, 0, 10, 4950}, + {0x1edd, 16, 16, 4960}, + {0x1edb, 16, 16, 4960}, + {0x0, 15, 16, 4960}, + {0xf9eb, 16, 16, 4961}, + {0x1ee1, 16, 16, 4961}, + {0x1edf, 16, 16, 4961}, + {0x622, 16, 16, 4961}, + {0x0, 0, 1, 4961}, + {0x0, 3, 4, 4962}, + {0x0, 0, 1, 4963}, + {0x0, 9, 10, 4964}, + {0x0, 9, 11, 4965}, + {0x30d3, 16, 16, 4967}, + {0x0, 1, 4, 4967}, + {0x0, 12, 13, 4970}, + {0x2f8a2, 16, 16, 4971}, + {0x0, 0, 1, 4971}, + {0xf944, 16, 16, 4972}, + {0x0, 0, 1, 4972}, + {0x1e2c, 16, 16, 4973}, + {0x0, 0, 1, 4973}, + {0x0, 0, 1, 4974}, + {0x0, 3, 4, 4975}, + {0x0, 0, 4, 4976}, + {0x0, 3, 8, 4980}, + {0x1e33, 16, 16, 4985}, + {0x0, 2, 3, 4985}, + {0x2f888, 16, 16, 4986}, + {0x0, 4, 5, 4986}, + {0x2f80f, 16, 16, 4987}, + {0x0, 0, 10, 4987}, + {0x0, 14, 15, 4997}, + {0x2fa13, 16, 16, 4998}, + {0x0, 2, 3, 4998}, + {0x2f960, 16, 16, 4999}, + {0x0, 8, 9, 4999}, + {0x0, 0, 1, 5000}, + {0x0, 0, 1, 5001}, + {0x0, 9, 10, 5002}, + {0x0, 3, 4, 5003}, + {0x0, 12, 13, 5004}, + {0x929, 16, 16, 5005}, + {0x0, 0, 1, 5005}, + {0x0, 10, 11, 5006}, + {0x2f8ca, 16, 16, 5007}, + {0x0, 0, 1, 5007}, + {0x0, 0, 1, 5008}, + {0x0, 3, 4, 5009}, + {0x0, 0, 5, 5010}, + {0x0, 2, 6, 5015}, + {0x1fa8, 16, 16, 5019}, + {0x0, 0, 1, 5019}, + {0x0, 0, 1, 5020}, + {0x0, 3, 4, 5021}, + {0x0, 4, 5, 5022}, + {0x0, 5, 6, 5023}, + {0x1f9e, 16, 16, 5024}, + {0x0, 0, 1, 5024}, + {0x0, 3, 4, 5025}, + {0x0, 0, 1, 5026}, + {0x0, 9, 10, 5027}, + {0x0, 9, 10, 5028}, + {0x30fe, 16, 16, 5029}, + {0x0, 2, 13, 5029}, + {0x1e27, 16, 16, 5040}, + {0x1e23, 16, 16, 5040}, + {0x125, 16, 16, 5040}, + {0x0, 4, 5, 5040}, + {0x2f8f1, 16, 16, 5041}, + {0x0, 3, 5, 5041}, + {0x1f60, 16, 16, 5043}, + {0x0, 4, 5, 5043}, + {0x2f971, 16, 16, 5044}, + {0x30d4, 16, 16, 5044}, + {0x1f61, 16, 16, 5044}, + {0x0, 0, 1, 5044}, + {0x0, 3, 4, 5045}, + {0x0, 0, 1, 5046}, + {0x0, 9, 10, 5047}, + {0x0, 9, 10, 5048}, + {0x304c, 16, 16, 5049}, + {0x0, 0, 1, 5049}, + {0x0, 0, 1, 5050}, + {0x0, 3, 4, 5051}, + {0x0, 0, 1, 5052}, + {0x0, 1, 2, 5053}, + {0x1e78, 16, 16, 5054}, + {0x0, 0, 1, 5054}, + {0x0, 3, 4, 5055}, + {0x0, 0, 1, 5056}, + {0x0, 9, 10, 5057}, + {0x0, 9, 11, 5058}, + {0x30d9, 16, 16, 5060}, + {0x0, 8, 9, 5060}, + {0xf9b3, 16, 16, 5061}, + {0x0, 11, 15, 5061}, + {0x2f914, 16, 16, 5065}, + {0x0, 8, 14, 5065}, + {0xfa5c, 16, 16, 5071}, + {0x0, 0, 2, 5071}, + {0x1f34, 16, 16, 5073}, + {0x2f915, 16, 16, 5073}, + {0x0, 0, 1, 5073}, + {0x0, 0, 1, 5074}, + {0x0, 3, 4, 5075}, + {0x0, 4, 5, 5076}, + {0x0, 5, 6, 5077}, + {0x1f85, 16, 16, 5078}, + {0x0, 4, 15, 5078}, + {0x2f907, 16, 16, 5089}, + {0x0, 2, 3, 5089}, + {0x2f8bf, 16, 16, 5090}, + {0x0, 15, 16, 5090}, + {0xf937, 16, 16, 5091}, + {0x2126, 0, 1, 5091}, + {0x0, 0, 1, 5092}, + {0x0, 3, 4, 5093}, + {0x0, 0, 5, 5094}, + {0x0, 0, 2, 5099}, + {0x1ffa, 16, 16, 5101}, + {0x38f, 16, 16, 5101}, + {0x0, 4, 13, 5101}, + {0x0, 0, 1, 5110}, + {0x0, 0, 1, 5111}, + {0x0, 3, 4, 5112}, + {0x0, 0, 1, 5113}, + {0x0, 1, 2, 5114}, + {0x1ff, 16, 16, 5115}, + {0x0, 0, 1, 5115}, + {0x0, 0, 1, 5116}, + {0x0, 3, 4, 5117}, + {0x0, 4, 5, 5118}, + {0x0, 5, 6, 5119}, + {0x1f84, 16, 16, 5120}, + {0xf9f6, 16, 16, 5120}, + {0x0, 8, 10, 5120}, + {0x2329, 16, 16, 5122}, + {0x232a, 16, 16, 5122}, + {0x0, 0, 1, 5122}, + {0x0, 0, 1, 5123}, + {0x0, 3, 4, 5124}, + {0x0, 3, 4, 5125}, + {0x0, 8, 9, 5126}, + {0x2274, 16, 16, 5127}, + {0x30da, 16, 16, 5127}, + {0x0, 4, 13, 5127}, + {0x0, 0, 1, 5136}, + {0x0, 0, 1, 5137}, + {0x0, 3, 4, 5138}, + {0x0, 0, 1, 5139}, + {0x0, 0, 10, 5140}, + {0x1ed4, 16, 16, 5150}, + {0x0, 4, 5, 5150}, + {0xfa34, 16, 16, 5151}, + {0x1ed0, 16, 16, 5151}, + {0x1ed2, 16, 16, 5151}, + {0x1ed6, 16, 16, 5151}, + {0x2f900, 16, 16, 5151}, + {0x0, 4, 5, 5151}, + {0x2f940, 16, 16, 5152}, + {0x0, 0, 1, 5152}, + {0x0, 0, 1, 5153}, + {0x0, 3, 4, 5154}, + {0x0, 0, 1, 5155}, + {0x0, 1, 9, 5156}, + {0x1e4e, 16, 16, 5164}, + {0x1e4c, 16, 16, 5164}, + {0x22c, 16, 16, 5164}, + {0x0, 9, 15, 5164}, + {0x2fa18, 16, 16, 5170}, + {0x0, 12, 13, 5170}, + {0x0, 8, 9, 5171}, + {0x2f86c, 16, 16, 5172}, + {0x0, 7, 8, 5172}, + {0x2fa0f, 16, 16, 5173}, + {0x0, 1, 3, 5173}, + {0x0, 0, 1, 5175}, + {0x0, 0, 1, 5176}, + {0x0, 3, 4, 5177}, + {0x0, 3, 4, 5178}, + {0x0, 8, 9, 5179}, + {0x22e2, 16, 16, 5180}, + {0x0, 4, 5, 5180}, + {0xfa06, 16, 16, 5181}, + {0x0, 0, 1, 5181}, + {0x0, 0, 1, 5182}, + {0x0, 3, 4, 5183}, + {0x0, 0, 4, 5184}, + {0x0, 1, 16, 5188}, + {0x155, 16, 16, 5203}, + {0x0, 8, 9, 5203}, + {0xfa3e, 16, 16, 5204}, + {0x0, 0, 1, 5204}, + {0xf93d, 16, 16, 5205}, + {0x0, 0, 8, 5205}, + {0x0, 0, 1, 5213}, + {0x0, 0, 1, 5214}, + {0x0, 3, 4, 5215}, + {0x0, 0, 3, 5216}, + {0x0, 3, 4, 5219}, + {0x1ef1, 16, 16, 5220}, + {0x0, 6, 7, 5220}, + {0x2f935, 16, 16, 5221}, + {0x2fa17, 16, 16, 5221}, + {0x0, 14, 15, 5221}, + {0xfa48, 16, 16, 5222}, + {0x0, 15, 16, 5222}, + {0xf939, 16, 16, 5223}, + {0x0, 0, 1, 5223}, + {0x0, 0, 1, 5224}, + {0x0, 3, 4, 5225}, + {0x0, 0, 1, 5226}, + {0x0, 12, 13, 5227}, + {0x1ee, 16, 16, 5228}, + {0x0, 8, 9, 5228}, + {0x2fa11, 16, 16, 5229}, + {0x0, 8, 9, 5229}, + {0x2f97e, 16, 16, 5230}, + {0x0, 4, 5, 5230}, + {0xfa12, 16, 16, 5231}, + {0x0, 0, 1, 5231}, + {0x0, 3, 4, 5232}, + {0x0, 0, 1, 5233}, + {0x0, 9, 10, 5234}, + {0x0, 9, 10, 5235}, + {0x305c, 16, 16, 5236}, + {0x0, 10, 11, 5236}, + {0x2f954, 16, 16, 5237}, + {0x0, 7, 13, 5237}, + {0x1e6a, 16, 16, 5243}, + {0x0, 0, 1, 5243}, + {0x0, 0, 1, 5244}, + {0x0, 3, 4, 5245}, + {0x0, 0, 1, 5246}, + {0x0, 1, 2, 5247}, + {0x344, 16, 16, 5248}, + {0x0, 0, 1, 5248}, + {0x0, 0, 1, 5249}, + {0x0, 3, 4, 5250}, + {0x0, 0, 1, 5251}, + {0x0, 0, 2, 5252}, + {0x1f45, 16, 16, 5254}, + {0x1f43, 16, 16, 5254}, + {0x0, 0, 1, 5254}, + {0x0, 0, 1, 5255}, + {0x0, 3, 4, 5256}, + {0x0, 0, 4, 5257}, + {0x0, 1, 2, 5261}, + {0x1e94, 16, 16, 5262}, + {0x0, 15, 16, 5262}, + {0xf9bd, 16, 16, 5263}, + {0x0, 1, 13, 5263}, + {0xfa43, 16, 16, 5275}, + {0x0, 0, 1, 5275}, + {0x0, 0, 1, 5276}, + {0x0, 3, 4, 5277}, + {0x0, 0, 1, 5278}, + {0x0, 0, 2, 5279}, + {0x1e51, 16, 16, 5281}, + {0x1e53, 16, 16, 5281}, + {0x0, 3, 4, 5281}, + {0x2f889, 16, 16, 5282}, + {0x0, 3, 9, 5282}, + {0x104, 16, 16, 5288}, + {0x164, 16, 16, 5288}, + {0x0, 7, 8, 5288}, + {0x2fa05, 16, 16, 5289}, + {0x1ea0, 16, 16, 5289}, + {0x1e00, 16, 16, 5289}, + {0x0, 13, 14, 5289}, + {0x0, 0, 1, 5290}, + {0x0, 3, 4, 5291}, + {0x0, 0, 1, 5292}, + {0x0, 9, 10, 5293}, + {0x0, 9, 10, 5294}, + {0x309e, 16, 16, 5295}, + {0x0, 2, 3, 5295}, + {0x2f840, 16, 16, 5296}, + {0x0, 10, 11, 5296}, + {0x2f948, 16, 16, 5297}, + {0x2f8d5, 16, 16, 5297}, + {0x0, 11, 12, 5297}, + {0xf9f7, 16, 16, 5298}, + {0x0, 0, 1, 5298}, + {0x0, 0, 1, 5299}, + {0x0, 3, 4, 5300}, + {0x0, 0, 1, 5301}, + {0x0, 6, 9, 5302}, + {0x4c1, 16, 16, 5305}, + {0x1f24, 16, 16, 5305}, + {0x0, 0, 1, 5305}, + {0x0, 0, 1, 5306}, + {0x0, 3, 4, 5307}, + {0x0, 0, 5, 5308}, + {0x0, 2, 6, 5313}, + {0x1f6f, 16, 16, 5317}, + {0x4dc, 16, 16, 5317}, + {0x0, 0, 1, 5317}, + {0x0, 0, 1, 5318}, + {0x0, 3, 4, 5319}, + {0x0, 0, 1, 5320}, + {0x0, 1, 2, 5321}, + {0x1fe, 16, 16, 5322}, + {0x1fa9, 16, 16, 5322}, + {0x0, 13, 14, 5322}, + {0x2f99b, 16, 16, 5323}, + {0x0, 0, 1, 5323}, + {0x0, 0, 1, 5324}, + {0x0, 3, 4, 5325}, + {0x0, 3, 4, 5326}, + {0x0, 8, 9, 5327}, + {0x2204, 16, 16, 5328}, + {0x0, 10, 12, 5328}, + {0x0, 8, 9, 5330}, + {0x2f92d, 16, 16, 5331}, + {0x0, 0, 1, 5331}, + {0x0, 0, 1, 5332}, + {0x0, 3, 4, 5333}, + {0x0, 0, 1, 5334}, + {0x0, 0, 10, 5335}, + {0x1ec2, 16, 16, 5345}, + {0x1ebe, 16, 16, 5345}, + {0x1ec0, 16, 16, 5345}, + {0x1ec4, 16, 16, 5345}, + {0x0, 2, 3, 5345}, + {0x2f9e0, 16, 16, 5346}, + {0x0, 2, 3, 5346}, + {0x0, 12, 13, 5347}, + {0x2f834, 16, 16, 5348}, + {0x0, 7, 9, 5348}, + {0x2f904, 16, 16, 5350}, + {0x0, 6, 7, 5350}, + {0x0, 0, 1, 5351}, + {0x0, 0, 1, 5352}, + {0x0, 3, 4, 5353}, + {0x0, 0, 1, 5354}, + {0x0, 8, 9, 5355}, + {0x457, 16, 16, 5356}, + {0x0, 0, 1, 5356}, + {0x0, 0, 1, 5357}, + {0x0, 3, 4, 5358}, + {0x0, 0, 2, 5359}, + {0x0, 0, 2, 5361}, + {0x3ad, 16, 16, 5363}, + {0x0, 0, 14, 5363}, + {0x0, 8, 9, 5377}, + {0x2f8eb, 16, 16, 5378}, + {0x0, 0, 1, 5378}, + {0x0, 0, 1, 5379}, + {0x0, 3, 4, 5380}, + {0x0, 0, 3, 5381}, + {0x0, 3, 8, 5384}, + {0x1e63, 16, 16, 5389}, + {0x15f, 16, 16, 5389}, + {0x219, 16, 16, 5389}, + {0x0, 0, 1, 5389}, + {0x0, 0, 1, 5390}, + {0x0, 3, 4, 5391}, + {0x0, 3, 4, 5392}, + {0x0, 8, 9, 5393}, + {0x2285, 16, 16, 5394}, + {0x4ef, 16, 16, 5394}, + {0xcf, 16, 16, 5394}, + {0x0, 0, 1, 5394}, + {0x0, 0, 1, 5395}, + {0x0, 13, 14, 5396}, + {0x0, 12, 14, 5397}, + {0x0, 15, 16, 5399}, + {0xdde, 16, 16, 5400}, + {0x4f1, 16, 16, 5400}, + {0x130, 16, 16, 5400}, + {0x12a, 16, 16, 5400}, + {0xce, 16, 16, 5400}, + {0x128, 16, 16, 5400}, + {0xcc, 16, 16, 5400}, + {0xcd, 16, 16, 5400}, + {0x0, 10, 11, 5400}, + {0x2f8ea, 16, 16, 5401}, + {0x0, 2, 6, 5401}, + {0x1fc3, 16, 16, 5405}, + {0x0, 7, 8, 5405}, + {0x1e02, 16, 16, 5406}, + {0x1fc6, 16, 16, 5406}, + {0x0, 2, 4, 5406}, + {0x0, 0, 1, 5408}, + {0x0, 0, 1, 5409}, + {0x0, 3, 4, 5410}, + {0x0, 0, 1, 5411}, + {0x0, 0, 10, 5412}, + {0x1eaf, 16, 16, 5422}, + {0x0, 2, 16, 5422}, + {0x2fa02, 16, 16, 5436}, + {0x0, 2, 6, 5436}, + {0x1fb3, 16, 16, 5440}, + {0x0, 0, 1, 5440}, + {0x0, 0, 1, 5441}, + {0x0, 3, 4, 5442}, + {0x0, 0, 1, 5443}, + {0x0, 8, 9, 5444}, + {0x4f4, 16, 16, 5445}, + {0x1fb6, 16, 16, 5445}, + {0x0, 6, 7, 5445}, + {0xfa1c, 16, 16, 5446}, + {0x0, 2, 3, 5446}, + {0x1f37, 16, 16, 5447}, + {0x0, 13, 14, 5447}, + {0x2f815, 16, 16, 5448}, + {0x0, 11, 12, 5448}, + {0x2f855, 16, 16, 5449}, + {0x0, 12, 14, 5449}, + {0x2f8fd, 16, 16, 5451}, + {0x4f3, 16, 16, 5451}, + {0xf968, 16, 16, 5451}, + {0x208, 16, 16, 5451}, + {0x0, 1, 2, 5451}, + {0xf90a, 16, 16, 5452}, + {0x1cf, 16, 16, 5452}, + {0x0, 14, 15, 5452}, + {0xf9c6, 16, 16, 5453}, + {0xfa2a, 16, 16, 5453}, + {0x0, 3, 5, 5453}, + {0x1f68, 16, 16, 5455}, + {0x1f69, 16, 16, 5455}, + {0x0, 1, 5, 5455}, + {0x2f98c, 16, 16, 5459}, + {0x2f893, 16, 16, 5459}, + {0x0, 8, 9, 5459}, + {0xf926, 16, 16, 5460}, + {0x0, 3, 9, 5460}, + {0x1ecd, 16, 16, 5466}, + {0x0, 0, 1, 5466}, + {0x0, 3, 4, 5467}, + {0x0, 0, 1, 5468}, + {0x0, 9, 10, 5469}, + {0x0, 9, 10, 5470}, + {0x3052, 16, 16, 5471}, + {0x1eb, 16, 16, 5471}, + {0x0, 0, 10, 5471}, + {0xf975, 16, 16, 5481}, + {0x2f8c1, 16, 16, 5481}, + {0x0, 0, 1, 5481}, + {0x0, 0, 1, 5482}, + {0x0, 3, 4, 5483}, + {0x0, 0, 4, 5484}, + {0x0, 7, 13, 5488}, + {0x1e0a, 16, 16, 5494}, + {0x0, 0, 1, 5494}, + {0x2f9dc, 16, 16, 5495}, + {0x0, 0, 1, 5495}, + {0x1e1b, 16, 16, 5496}, + {0x0, 2, 15, 5496}, + {0xf952, 16, 16, 5509}, + {0x0, 13, 14, 5509}, + {0xfa1e, 16, 16, 5510}, + {0x0, 4, 5, 5510}, + {0x2f8d1, 16, 16, 5511}, + {0x10e, 16, 16, 5511}, + {0x0, 14, 15, 5511}, + {0xf977, 16, 16, 5512}, + {0x0, 0, 1, 5512}, + {0xfa60, 16, 16, 5513}, + {0x0, 10, 12, 5513}, + {0x0, 1, 2, 5515}, + {0x2f93b, 16, 16, 5516}, + {0x0, 3, 4, 5516}, + {0x1e7d, 16, 16, 5517}, + {0x0, 0, 1, 5517}, + {0x0, 0, 1, 5518}, + {0x0, 3, 4, 5519}, + {0x0, 4, 5, 5520}, + {0x0, 5, 6, 5521}, + {0x1fac, 16, 16, 5522}, + {0x0, 1, 2, 5522}, + {0x0, 8, 9, 5523}, + {0x2f871, 16, 16, 5524}, + {0x0, 10, 13, 5524}, + {0xf947, 16, 16, 5527}, + {0x2f950, 16, 16, 5527}, + {0x0, 0, 1, 5527}, + {0x0, 0, 1, 5528}, + {0x0, 3, 4, 5529}, + {0x0, 4, 5, 5530}, + {0x0, 5, 6, 5531}, + {0x1ff7, 16, 16, 5532}, + {0x0, 10, 15, 5532}, + {0xf96c, 16, 16, 5537}, + {0x0, 0, 1, 5537}, + {0x0, 0, 1, 5538}, + {0x0, 3, 4, 5539}, + {0x0, 0, 1, 5540}, + {0x0, 8, 9, 5541}, + {0x4ec, 16, 16, 5542}, + {0xfa10, 16, 16, 5542}, + {0x0, 0, 10, 5542}, + {0x0, 10, 11, 5552}, + {0x2f9fb, 16, 16, 5553}, + {0xf92f, 16, 16, 5553}, + {0x0, 6, 7, 5553}, + {0xf98b, 16, 16, 5554}, + {0x0, 4, 5, 5554}, + {0x2f8e6, 16, 16, 5555}, + {0x0, 0, 1, 5555}, + {0x0, 0, 1, 5556}, + {0x0, 3, 4, 5557}, + {0x0, 4, 5, 5558}, + {0x0, 5, 6, 5559}, + {0x1fab, 16, 16, 5560}, + {0x0, 7, 8, 5560}, + {0x0, 7, 8, 5561}, + {0x2f9f1, 16, 16, 5562}, + {0x0, 0, 1, 5562}, + {0x0, 0, 1, 5563}, + {0x0, 3, 4, 5564}, + {0x0, 0, 1, 5565}, + {0x0, 4, 5, 5566}, + {0x22a, 16, 16, 5567}, + {0x0, 0, 1, 5567}, + {0x0, 0, 1, 5568}, + {0x0, 3, 4, 5569}, + {0x0, 3, 4, 5570}, + {0x0, 8, 9, 5571}, + {0x219a, 16, 16, 5572}, + {0xf92e, 16, 16, 5572}, + {0xf965, 16, 16, 5572}, + {0x0, 0, 1, 5572}, + {0x0, 0, 1, 5573}, + {0x0, 3, 4, 5574}, + {0x0, 0, 4, 5575}, + {0x0, 7, 13, 5579}, + {0x165, 16, 16, 5585}, + {0x0, 2, 6, 5585}, + {0x1f99, 16, 16, 5589}, + {0x1f2f, 16, 16, 5589}, + {0x0, 0, 1, 5589}, + {0x0, 0, 1, 5590}, + {0x0, 3, 4, 5591}, + {0x0, 0, 1, 5592}, + {0x0, 8, 9, 5593}, + {0x4de, 16, 16, 5594}, + {0x0, 14, 15, 5594}, + {0xfa1d, 16, 16, 5595}, + {0x1ec3, 16, 16, 5595}, + {0x0, 0, 1, 5595}, + {0x0, 0, 1, 5596}, + {0x0, 3, 4, 5597}, + {0x0, 0, 2, 5598}, + {0x0, 0, 2, 5600}, + {0x1f78, 16, 16, 5602}, + {0x3cc, 16, 16, 5602}, + {0x1ec5, 16, 16, 5602}, + {0x1ebf, 16, 16, 5602}, + {0x0, 11, 12, 5602}, + {0x2fa1c, 16, 16, 5603}, + {0x0, 3, 15, 5603}, + {0x2f8db, 16, 16, 5615}, + {0x0, 1, 2, 5615}, + {0xf904, 16, 16, 5616}, + {0x0, 3, 4, 5616}, + {0x1e92, 16, 16, 5617}, + {0x0, 1, 2, 5617}, + {0x2f9c1, 16, 16, 5618}, + {0x1e6b, 16, 16, 5618}, + {0x1e97, 16, 16, 5618}, + {0x0, 0, 1, 5618}, + {0x0, 0, 1, 5619}, + {0x0, 3, 4, 5620}, + {0x0, 4, 5, 5621}, + {0x0, 5, 6, 5622}, + {0x1ff2, 16, 16, 5623}, + {0x0, 0, 1, 5623}, + {0x0, 0, 1, 5624}, + {0x0, 3, 4, 5625}, + {0x0, 0, 2, 5626}, + {0x0, 0, 9, 5628}, + {0x3aa, 16, 16, 5637}, + {0x0, 0, 1, 5637}, + {0x0, 0, 1, 5638}, + {0x0, 3, 4, 5639}, + {0x0, 0, 1, 5640}, + {0x0, 6, 9, 5641}, + {0x4c2, 16, 16, 5644}, + {0x4dd, 16, 16, 5644}, + {0x0, 8, 9, 5644}, + {0x2f885, 16, 16, 5645}, + {0x1fda, 16, 16, 5645}, + {0x38a, 16, 16, 5645}, + {0x1fd8, 16, 16, 5645}, + {0x1fd9, 16, 16, 5645}, + {0x0, 5, 10, 5645}, + {0xf9a3, 16, 16, 5650}, + {0x0, 0, 1, 5650}, + {0xf921, 16, 16, 5651}, + {0x2f89f, 16, 16, 5651}, + {0x0, 0, 1, 5651}, + {0x0, 0, 1, 5652}, + {0x0, 3, 4, 5653}, + {0x0, 3, 4, 5654}, + {0x0, 8, 9, 5655}, + {0x2288, 16, 16, 5656}, + {0x0, 0, 1, 5656}, + {0x0, 0, 1, 5657}, + {0x0, 3, 4, 5658}, + {0x0, 0, 4, 5659}, + {0x0, 1, 12, 5663}, + {0x1b0, 16, 16, 5674}, + {0xf9aa, 16, 16, 5674}, + {0x0, 2, 3, 5674}, + {0x0, 0, 1, 5675}, + {0x0, 0, 1, 5676}, + {0x0, 3, 4, 5677}, + {0x0, 0, 1, 5678}, + {0x0, 12, 13, 5679}, + {0x1ef, 16, 16, 5680}, + {0x217, 16, 16, 5680}, + {0x0, 11, 12, 5680}, + {0x2f9bd, 16, 16, 5681}, + {0x0, 0, 1, 5681}, + {0x0, 0, 1, 5682}, + {0x0, 3, 4, 5683}, + {0x0, 0, 4, 5684}, + {0x0, 0, 1, 5688}, + {0x1e74, 16, 16, 5689}, + {0x0, 0, 1, 5689}, + {0x0, 0, 1, 5690}, + {0x0, 3, 4, 5691}, + {0x0, 0, 1, 5692}, + {0x0, 0, 10, 5693}, + {0x1eb0, 16, 16, 5703}, + {0x1eae, 16, 16, 5703}, + {0x1eb4, 16, 16, 5703}, + {0x1eb2, 16, 16, 5703}, + {0x0, 8, 9, 5703}, + {0x2f972, 16, 16, 5704}, + {0x0, 15, 16, 5704}, + {0x2f837, 16, 16, 5705}, + {0x0, 0, 1, 5705}, + {0x0, 0, 1, 5706}, + {0x0, 3, 4, 5707}, + {0x0, 4, 5, 5708}, + {0x0, 5, 6, 5709}, + {0x1fa7, 16, 16, 5710}, + {0x0, 0, 1, 5710}, + {0x0, 3, 4, 5711}, + {0x0, 0, 1, 5712}, + {0x0, 9, 10, 5713}, + {0x0, 9, 10, 5714}, + {0x305a, 16, 16, 5715}, + {0x0, 1, 13, 5715}, + {0x1e9, 16, 16, 5727}, + {0x0, 15, 16, 5727}, + {0x2f908, 16, 16, 5728}, + {0x0, 15, 16, 5728}, + {0x2f8fc, 16, 16, 5729}, + {0xfa51, 16, 16, 5729}, + {0x0, 13, 14, 5729}, + {0x2f8e7, 16, 16, 5730}, + {0x0, 5, 6, 5730}, + {0x1fbc, 16, 16, 5731}, + {0x0, 10, 11, 5731}, + {0x2f8a1, 16, 16, 5732}, + {0x0, 1, 14, 5732}, + {0xfa26, 16, 16, 5745}, + {0x0, 11, 15, 5745}, + {0x0, 0, 1, 5749}, + {0x0, 0, 1, 5750}, + {0x0, 3, 4, 5751}, + {0x0, 3, 4, 5752}, + {0x0, 8, 9, 5753}, + {0x2260, 16, 16, 5754}, + {0x0, 3, 4, 5754}, + {0x0, 12, 13, 5755}, + {0x2f997, 16, 16, 5756}, + {0x0, 4, 5, 5756}, + {0x2f853, 16, 16, 5757}, + {0x3076, 16, 16, 5757}, + {0x0, 12, 13, 5757}, + {0xf92b, 16, 16, 5758}, + {0x0, 2, 3, 5758}, + {0x0, 2, 3, 5759}, + {0x2f803, 16, 16, 5760}, + {0x0, 1, 2, 5760}, + {0x20a, 16, 16, 5761}, + {0x0, 0, 1, 5761}, + {0x0, 0, 1, 5762}, + {0x0, 12, 13, 5763}, + {0x0, 12, 14, 5764}, + {0x0, 2, 3, 5766}, + {0xcca, 16, 16, 5767}, + {0x0, 8, 9, 5767}, + {0x2f865, 16, 16, 5768}, + {0x1e31, 16, 16, 5768}, + {0x0, 3, 4, 5768}, + {0x0, 10, 11, 5769}, + {0x2f80d, 16, 16, 5770}, + {0x0, 2, 8, 5770}, + {0x2f817, 16, 16, 5776}, + {0x2f8d2, 16, 16, 5776}, + {0x2f9e3, 16, 16, 5776}, + {0x0, 0, 2, 5776}, + {0x1f3c, 16, 16, 5778}, + {0x1f3a, 16, 16, 5778}, + {0x0, 6, 8, 5778}, + {0xb48, 16, 16, 5780}, + {0xb4c, 16, 16, 5780}, + {0x0, 0, 1, 5780}, + {0x0, 0, 1, 5781}, + {0x0, 3, 4, 5782}, + {0x0, 3, 4, 5783}, + {0x0, 8, 9, 5784}, + {0x2280, 16, 16, 5785}, + {0x0, 0, 1, 5785}, + {0x0, 3, 4, 5786}, + {0x0, 0, 1, 5787}, + {0x0, 9, 10, 5788}, + {0x0, 9, 10, 5789}, + {0x30f4, 16, 16, 5790}, + {0x0, 6, 8, 5790}, + {0xf9b2, 16, 16, 5792}, + {0x0, 3, 8, 5792}, + {0x1e5b, 16, 16, 5797}, + {0x0, 0, 1, 5797}, + {0x0, 0, 1, 5798}, + {0x0, 3, 4, 5799}, + {0x0, 0, 1, 5800}, + {0x0, 8, 9, 5801}, + {0x4f5, 16, 16, 5802}, + {0x157, 16, 16, 5802}, + {0x0, 9, 10, 5802}, + {0x2f9c2, 16, 16, 5803}, + {0x0, 5, 6, 5803}, + {0x2f988, 16, 16, 5804}, + {0x0, 0, 1, 5804}, + {0x0, 0, 1, 5805}, + {0x0, 3, 4, 5806}, + {0x0, 0, 1, 5807}, + {0x0, 0, 9, 5808}, + {0x40d, 16, 16, 5817}, + {0x0, 0, 1, 5817}, + {0x0, 0, 1, 5818}, + {0x0, 3, 4, 5819}, + {0x0, 0, 1, 5820}, + {0x0, 1, 8, 5821}, + {0x1e56, 16, 16, 5828}, + {0x1e54, 16, 16, 5828}, + {0x0, 2, 9, 5828}, + {0x2f83e, 16, 16, 5835}, + {0x0, 0, 1, 5835}, + {0x0, 0, 1, 5836}, + {0x0, 3, 4, 5837}, + {0x0, 4, 5, 5838}, + {0x0, 5, 6, 5839}, + {0x1fa2, 16, 16, 5840}, + {0xf980, 16, 16, 5840}, + {0x0, 10, 11, 5840}, + {0x0, 7, 8, 5841}, + {0x2f8f0, 16, 16, 5842}, + {0x0, 14, 15, 5842}, + {0xd4a, 16, 16, 5843}, + {0x0, 6, 15, 5843}, + {0x2f8ff, 16, 16, 5852}, + {0x0, 0, 1, 5852}, + {0x0, 0, 1, 5853}, + {0x0, 3, 4, 5854}, + {0x0, 0, 3, 5855}, + {0x0, 3, 4, 5858}, + {0x1e89, 16, 16, 5859}, + {0x0, 0, 1, 5859}, + {0x0, 0, 1, 5860}, + {0x0, 9, 10, 5861}, + {0x0, 3, 4, 5862}, + {0x0, 12, 13, 5863}, + {0x934, 16, 16, 5864}, + {0x0, 2, 3, 5864}, + {0x2f8ac, 16, 16, 5865}, + {0x0, 4, 5, 5865}, + {0x2f9ac, 16, 16, 5866}, + {0x0, 11, 12, 5866}, + {0x2f816, 16, 16, 5867}, + {0x0, 14, 15, 5867}, + {0x2f911, 16, 16, 5868}, + {0x0, 8, 9, 5868}, + {0x0, 6, 7, 5869}, + {0x2f96b, 16, 16, 5870}, + {0x1e15, 16, 16, 5870}, + {0x0, 3, 4, 5870}, + {0x1e05, 16, 16, 5871}, + {0x0, 8, 9, 5871}, + {0x2f93f, 16, 16, 5872}, + {0x0, 8, 9, 5872}, + {0x2f8d0, 16, 16, 5873}, + {0x0, 0, 1, 5873}, + {0x0, 0, 1, 5874}, + {0x0, 6, 7, 5875}, + {0x0, 5, 6, 5876}, + {0x0, 4, 5, 5877}, + {0x6d3, 16, 16, 5878}, + {0x0, 1, 2, 5878}, + {0x1e0e, 16, 16, 5879}, + {0x0, 7, 10, 5879}, + {0xfa33, 16, 16, 5882}, + {0x0, 0, 1, 5882}, + {0x0, 0, 1, 5883}, + {0x0, 3, 4, 5884}, + {0x0, 3, 4, 5885}, + {0x0, 8, 9, 5886}, + {0x2279, 16, 16, 5887}, + {0x0, 2, 12, 5887}, + {0x0, 1, 2, 5897}, + {0x2f9b0, 16, 16, 5898}, + {0x0, 0, 1, 5898}, + {0xfa39, 16, 16, 5899}, + {0x2f825, 16, 16, 5899}, + {0x0, 3, 4, 5899}, + {0x2f983, 16, 16, 5900}, + {0xfa05, 16, 16, 5900}, + {0x0, 9, 10, 5900}, + {0xf916, 16, 16, 5901}, + {0xf915, 16, 16, 5901}, + {0x0, 12, 13, 5901}, + {0xf908, 16, 16, 5902}, + {0x0, 9, 13, 5902}, + {0xf955, 16, 16, 5906}, + {0x0, 14, 15, 5906}, + {0xf9e1, 16, 16, 5907}, + {0x2f8d3, 16, 16, 5907}, + {0x0, 8, 9, 5907}, + {0x2f93c, 16, 16, 5908}, + {0x0, 0, 1, 5908}, + {0x0, 0, 1, 5909}, + {0x0, 3, 4, 5910}, + {0x0, 0, 3, 5911}, + {0x0, 2, 13, 5914}, + {0x21e, 16, 16, 5925}, + {0x0, 0, 1, 5925}, + {0x0, 0, 1, 5926}, + {0x0, 3, 4, 5927}, + {0x0, 0, 1, 5928}, + {0x0, 6, 9, 5929}, + {0x4d0, 16, 16, 5932}, + {0x0, 6, 7, 5932}, + {0x0, 6, 7, 5933}, + {0x2f9cc, 16, 16, 5934}, + {0x0, 10, 11, 5934}, + {0xf985, 16, 16, 5935}, + {0x4d2, 16, 16, 5935}, + {0x0, 3, 4, 5935}, + {0x2f99a, 16, 16, 5936}, + {0x1fd3, 16, 16, 5936}, + {0x0, 4, 6, 5936}, + {0x0, 0, 1, 5938}, + {0x0, 0, 1, 5939}, + {0x0, 3, 4, 5940}, + {0x0, 0, 1, 5941}, + {0x0, 15, 16, 5942}, + {0x477, 16, 16, 5943}, + {0x1e26, 16, 16, 5943}, + {0x1e22, 16, 16, 5943}, + {0x124, 16, 16, 5943}, + {0xf979, 16, 16, 5943}, + {0x0, 0, 1, 5943}, + {0x2f93a, 16, 16, 5944}, + {0xfa49, 16, 16, 5944}, + {0x0, 8, 9, 5944}, + {0xf900, 16, 16, 5945}, + {0x0, 4, 5, 5945}, + {0xf924, 16, 16, 5946}, + {0x1f23, 16, 16, 5946}, + {0x0, 5, 6, 5946}, + {0x2f925, 16, 16, 5947}, + {0x0, 4, 13, 5947}, + {0x2f818, 16, 16, 5956}, + {0x0, 10, 11, 5956}, + {0x2f979, 16, 16, 5957}, + {0x0, 0, 1, 5957}, + {0x0, 0, 1, 5958}, + {0x0, 3, 4, 5959}, + {0x0, 0, 1, 5960}, + {0x0, 2, 3, 5961}, + {0x1ec6, 16, 16, 5962}, + {0x0, 2, 3, 5962}, + {0x2f895, 16, 16, 5963}, + {0x0, 6, 7, 5963}, + {0x0, 0, 1, 5964}, + {0x0, 0, 1, 5965}, + {0x0, 3, 4, 5966}, + {0x0, 0, 1, 5967}, + {0x0, 8, 9, 5968}, + {0x407, 16, 16, 5969}, + {0xf949, 16, 16, 5969}, + {0x0, 0, 10, 5969}, + {0x1eed, 16, 16, 5979}, + {0x0, 5, 12, 5979}, + {0x2f839, 16, 16, 5986}, + {0x1eeb, 16, 16, 5986}, + {0x1ee9, 16, 16, 5986}, + {0x0, 3, 5, 5986}, + {0x1f38, 16, 16, 5988}, + {0x1eef, 16, 16, 5988}, + {0x1f39, 16, 16, 5988}, + {0x0, 0, 10, 5988}, + {0x2f962, 16, 16, 5998}, + {0xfa56, 16, 16, 5998}, + {0x0, 3, 4, 5998}, + {0x2f87c, 16, 16, 5999}, + {0x2f963, 16, 16, 5999}, + {0x0, 0, 1, 5999}, + {0x0, 0, 1, 6000}, + {0x0, 3, 4, 6001}, + {0x0, 0, 1, 6002}, + {0x0, 1, 5, 6003}, + {0x1e2, 16, 16, 6007}, + {0x1fc, 16, 16, 6007}, + {0x0, 7, 8, 6007}, + {0xf9f2, 16, 16, 6008}, + {0xf906, 16, 16, 6008}, + {0x0, 13, 14, 6008}, + {0x2f886, 16, 16, 6009}, + {0x0, 15, 16, 6009}, + {0xf927, 16, 16, 6010}, + {0x0, 12, 13, 6010}, + {0x2f92a, 16, 16, 6011}, + {0x0, 3, 5, 6011}, + {0x1f40, 16, 16, 6013}, + {0x1f41, 16, 16, 6013}, + {0x0, 0, 16, 6013}, + {0xfa, 16, 16, 6029}, + {0xf9, 16, 16, 6029}, + {0x169, 16, 16, 6029}, + {0xfb, 16, 16, 6029}, + {0x16b, 16, 16, 6029}, + {0x0, 3, 14, 6029}, + {0x1ee4, 16, 16, 6040}, + {0x16d, 16, 16, 6040}, + {0x1ee7, 16, 16, 6040}, + {0xfc, 16, 16, 6040}, + {0x0, 0, 1, 6040}, + {0x0, 3, 4, 6041}, + {0x0, 0, 1, 6042}, + {0x0, 9, 10, 6043}, + {0x0, 9, 10, 6044}, + {0x3062, 16, 16, 6045}, + {0x172, 16, 16, 6045}, + {0x0, 0, 1, 6045}, + {0x0, 0, 1, 6046}, + {0x0, 3, 4, 6047}, + {0x0, 0, 1, 6048}, + {0x0, 7, 8, 6049}, + {0x1e65, 16, 16, 6050}, + {0x0, 1, 13, 6050}, + {0x161, 16, 16, 6062}, + {0x0, 9, 13, 6062}, + {0x2f9a1, 16, 16, 6066}, + {0x0, 0, 1, 6066}, + {0x0, 0, 1, 6067}, + {0x0, 3, 4, 6068}, + {0x0, 0, 1, 6069}, + {0x0, 0, 13, 6070}, + {0x1da, 16, 16, 6083}, + {0x0, 0, 1, 6083}, + {0x0, 0, 1, 6084}, + {0x0, 3, 4, 6085}, + {0x0, 0, 4, 6086}, + {0x0, 1, 13, 6090}, + {0x13a, 16, 16, 6102}, + {0x16f, 16, 16, 6102}, + {0x1e76, 16, 16, 6102}, + {0x0, 0, 1, 6102}, + {0x0, 0, 1, 6103}, + {0x0, 3, 4, 6104}, + {0x0, 3, 4, 6105}, + {0x0, 8, 9, 6106}, + {0x219b, 16, 16, 6107}, + {0x171, 16, 16, 6107}, + {0x215, 16, 16, 6107}, + {0x0, 0, 1, 6107}, + {0x0, 3, 4, 6108}, + {0x0, 0, 1, 6109}, + {0x0, 9, 10, 6110}, + {0x0, 9, 10, 6111}, + {0x3050, 16, 16, 6112}, + {0x0, 10, 11, 6112}, + {0x0, 7, 8, 6113}, + {0x2f95e, 16, 16, 6114}, + {0x0, 2, 3, 6114}, + {0x2f9ba, 16, 16, 6115}, + {0x0, 14, 15, 6115}, + {0xfa30, 16, 16, 6116}, + {0x0, 10, 11, 6116}, + {0x2f861, 16, 16, 6117}, + {0x13e, 16, 16, 6117}, + {0x1dc, 16, 16, 6117}, + {0x1d8, 16, 16, 6117}, + {0x1d6, 16, 16, 6117}, + {0x0, 2, 3, 6117}, + {0x1fd7, 16, 16, 6118}, + {0x0, 1, 2, 6118}, + {0x0, 4, 5, 6119}, + {0x2f927, 16, 16, 6120}, + {0x15d, 16, 16, 6120}, + {0x15b, 16, 16, 6120}, + {0x1e61, 16, 16, 6120}, + {0x0, 3, 5, 6120}, + {0x1f49, 16, 16, 6122}, + {0x0, 0, 1, 6122}, + {0x0, 3, 4, 6123}, + {0x0, 0, 1, 6124}, + {0x0, 9, 10, 6125}, + {0x0, 9, 10, 6126}, + {0x30c5, 16, 16, 6127}, + {0xf93e, 16, 16, 6127}, + {0x0, 0, 14, 6127}, + {0x0, 4, 5, 6141}, + {0x2f9d9, 16, 16, 6142}, + {0x0, 13, 14, 6142}, + {0x2f8b4, 16, 16, 6143}, + {0x1f48, 16, 16, 6143}, + {0x0, 8, 9, 6143}, + {0xf9e2, 16, 16, 6144}, + {0x0, 3, 9, 6144}, + {0x1eca, 16, 16, 6150}, + {0x12e, 16, 16, 6150}, + {0x0, 0, 9, 6150}, + {0x1f7a, 16, 16, 6159}, + {0x3cd, 16, 16, 6159}, + {0x1fe1, 16, 16, 6159}, + {0x0, 1, 2, 6159}, + {0x1e35, 16, 16, 6160}, + {0x1fe0, 16, 16, 6160}, + {0x0, 0, 1, 6160}, + {0x0, 3, 4, 6161}, + {0x0, 0, 1, 6162}, + {0x0, 9, 10, 6163}, + {0x0, 9, 11, 6164}, + {0x3074, 16, 16, 6166}, + {0x3cb, 16, 16, 6166}, + {0x0, 3, 4, 6166}, + {0xf99d, 16, 16, 6167}, + {0x0, 0, 1, 6167}, + {0x0, 0, 1, 6168}, + {0x0, 3, 4, 6169}, + {0x0, 0, 1, 6170}, + {0x0, 8, 9, 6171}, + {0x4e7, 16, 16, 6172}, + {0x1f3b, 16, 16, 6172}, + {0x0, 0, 1, 6172}, + {0x0, 0, 1, 6173}, + {0x0, 3, 4, 6174}, + {0x0, 4, 5, 6175}, + {0x0, 5, 6, 6176}, + {0x1f92, 16, 16, 6177}, + {0x0, 2, 4, 6177}, + {0xfa42, 16, 16, 6179}, + {0x0, 1, 2, 6179}, + {0x1e5f, 16, 16, 6180}, + {0x0, 0, 1, 6180}, + {0x0, 0, 1, 6181}, + {0x0, 3, 4, 6182}, + {0x0, 3, 4, 6183}, + {0x0, 8, 9, 6184}, + {0x22ed, 16, 16, 6185}, + {0x0, 2, 6, 6185}, + {0x1ff6, 16, 16, 6189}, + {0x1ff3, 16, 16, 6189}, + {0x0, 9, 11, 6189}, + {0xf92a, 16, 16, 6191}, + {0x0, 0, 1, 6191}, + {0x0, 0, 1, 6192}, + {0x0, 3, 4, 6193}, + {0x0, 0, 5, 6194}, + {0x0, 2, 6, 6199}, + {0x1fa0, 16, 16, 6203}, + {0x0, 4, 5, 6203}, + {0xf9b7, 16, 16, 6204}, + {0x1f66, 16, 16, 6204}, + {0x3073, 16, 16, 6204}, + {0x0, 2, 8, 6204}, + {0x2f823, 16, 16, 6210}, + {0x0, 12, 13, 6210}, + {0x2f862, 16, 16, 6211}, + {0x2f822, 16, 16, 6211}, + {0x0, 2, 3, 6211}, + {0xf9e5, 16, 16, 6212}, + {0x2f903, 16, 16, 6212}, + {0x0, 11, 12, 6212}, + {0x2f957, 16, 16, 6213}, + {0x0, 11, 12, 6213}, + {0xf98a, 16, 16, 6214}, + {0x0, 9, 10, 6214}, + {0x2f9bb, 16, 16, 6215}, + {0x0, 0, 1, 6215}, + {0x0, 0, 1, 6216}, + {0x0, 3, 4, 6217}, + {0x0, 0, 1, 6218}, + {0x0, 15, 16, 6219}, + {0x476, 16, 16, 6220}, + {0x0, 0, 1, 6220}, + {0x0, 0, 1, 6221}, + {0x0, 3, 4, 6222}, + {0x0, 0, 1, 6223}, + {0x0, 8, 9, 6224}, + {0x4eb, 16, 16, 6225}, + {0x0, 1, 6, 6225}, + {0xfa5b, 16, 16, 6230}, + {0xf934, 16, 16, 6230}, + {0x0, 0, 10, 6230}, + {0x0, 0, 1, 6240}, + {0x0, 0, 1, 6241}, + {0x0, 3, 4, 6242}, + {0x0, 0, 1, 6243}, + {0x0, 0, 2, 6244}, + {0x1f14, 16, 16, 6246}, + {0x1f12, 16, 16, 6246}, + {0x0, 3, 14, 6246}, + {0x1e0c, 16, 16, 6257}, + {0x1e10, 16, 16, 6257}, + {0x1ffb, 16, 16, 6257}, + {0x1feb, 16, 16, 6257}, + {0x1ff9, 16, 16, 6257}, + {0x1fdb, 16, 16, 6257}, + {0x0, 3, 4, 6257}, + {0x2f992, 16, 16, 6258}, + {0x0, 0, 1, 6258}, + {0x0, 3, 4, 6259}, + {0x0, 0, 1, 6260}, + {0x0, 9, 10, 6261}, + {0x0, 9, 10, 6262}, + {0x30b6, 16, 16, 6263}, + {0x0, 0, 1, 6263}, + {0x0, 0, 1, 6264}, + {0x0, 3, 4, 6265}, + {0x0, 0, 4, 6266}, + {0x0, 3, 14, 6270}, + {0x1e36, 16, 16, 6281}, + {0x13b, 16, 16, 6281}, + {0x1e12, 16, 16, 6281}, + {0x0, 1, 2, 6281}, + {0x0, 14, 15, 6282}, + {0x2f906, 16, 16, 6283}, + {0x0, 0, 1, 6283}, + {0x0, 0, 1, 6284}, + {0x0, 3, 4, 6285}, + {0x0, 0, 1, 6286}, + {0x0, 8, 9, 6287}, + {0x4ed, 16, 16, 6288}, + {0x2f8dc, 16, 16, 6288}, + {0x0, 6, 7, 6288}, + {0x0, 3, 4, 6289}, + {0x2f91d, 16, 16, 6290}, + {0x1e3c, 16, 16, 6290}, + {0x1fbb, 16, 16, 6290}, + {0x1fee, 16, 16, 6290}, + {0x0, 14, 15, 6290}, + {0x2fa08, 16, 16, 6291}, + {0x1fc9, 16, 16, 6291}, + {0x0, 0, 1, 6291}, + {0x0, 0, 1, 6292}, + {0x0, 13, 14, 6293}, + {0x0, 3, 4, 6294}, + {0x0, 14, 15, 6295}, + {0xd4b, 16, 16, 6296}, + {0x0, 6, 7, 6296}, + {0x2fa1b, 16, 16, 6297}, + {0x0, 7, 8, 6297}, + {0x2f896, 16, 16, 6298}, + {0xf97a, 16, 16, 6298}, + {0x0, 1, 13, 6298}, + {0x17d, 16, 16, 6310}, + {0x0, 4, 5, 6310}, + {0xfa57, 16, 16, 6311}, + {0x0, 8, 9, 6311}, + {0xf972, 16, 16, 6312}, + {0x0, 0, 1, 6312}, + {0x0, 0, 1, 6313}, + {0x0, 3, 4, 6314}, + {0x0, 3, 4, 6315}, + {0x0, 8, 9, 6316}, + {0x226f, 16, 16, 6317}, + {0x0, 0, 1, 6317}, + {0x0, 0, 1, 6318}, + {0x0, 3, 4, 6319}, + {0x0, 0, 1, 6320}, + {0x0, 0, 13, 6321}, + {0x1d5, 16, 16, 6334}, + {0x0, 6, 7, 6334}, + {0x0, 7, 8, 6335}, + {0x2f9c5, 16, 16, 6336}, + {0x0, 0, 1, 6336}, + {0x0, 0, 1, 6337}, + {0x0, 3, 4, 6338}, + {0x0, 4, 5, 6339}, + {0x0, 5, 6, 6340}, + {0x1fb7, 16, 16, 6341}, + {0x1db, 16, 16, 6341}, + {0x1d7, 16, 16, 6341}, + {0x0, 3, 14, 6341}, + {0x1e71, 16, 16, 6352}, + {0x0, 0, 1, 6352}, + {0x2f924, 16, 16, 6353}, + {0x0, 0, 1, 6353}, + {0x0, 0, 1, 6354}, + {0x0, 3, 4, 6355}, + {0x0, 3, 4, 6356}, + {0x0, 8, 9, 6357}, + {0x2247, 16, 16, 6358}, + {0x0, 5, 6, 6358}, + {0x0, 6, 7, 6359}, + {0x2fa16, 16, 16, 6360}, + {0x0, 0, 1, 6360}, + {0x0, 0, 1, 6361}, + {0x0, 3, 4, 6362}, + {0x0, 4, 5, 6363}, + {0x0, 5, 6, 6364}, + {0x1f8a, 16, 16, 6365}, + {0x0, 14, 15, 6365}, + {0x2fa0d, 16, 16, 6366}, + {0x0, 1, 2, 6366}, + {0x2f8a0, 16, 16, 6367}, + {0x2f8e4, 16, 16, 6367}, + {0x0, 9, 10, 6367}, + {0x2f8cd, 16, 16, 6368}, + {0x0, 5, 10, 6368}, + {0x2f8d7, 16, 16, 6373}, + {0x1e90, 16, 16, 6373}, + {0x179, 16, 16, 6373}, + {0x2f981, 16, 16, 6373}, + {0x17b, 16, 16, 6373}, + {0x21b, 16, 16, 6373}, + {0x163, 16, 16, 6373}, + {0xfa4c, 16, 16, 6373}, + {0x1e6d, 16, 16, 6373}, + {0x37e, 16, 16, 6373}, + {0x1d9, 16, 16, 6373}, + {0x0, 0, 1, 6373}, + {0x0, 3, 4, 6374}, + {0x0, 0, 1, 6375}, + {0x0, 9, 10, 6376}, + {0x0, 9, 11, 6377}, + {0x30d7, 16, 16, 6379}, + {0x0, 0, 1, 6379}, + {0x0, 3, 4, 6380}, + {0x0, 0, 1, 6381}, + {0x0, 9, 10, 6382}, + {0x0, 9, 10, 6383}, + {0x3060, 16, 16, 6384}, + {0x0, 2, 6, 6384}, + {0x1f91, 16, 16, 6388}, + {0x1e16, 16, 16, 6388}, + {0x1f27, 16, 16, 6388}, + {0x0, 7, 8, 6388}, + {0x2f89e, 16, 16, 6389}, + {0x0, 9, 10, 6389}, + {0x2f8c3, 16, 16, 6390}, + {0x0, 1, 2, 6390}, + {0x2f83a, 16, 16, 6391}, + {0x0, 12, 13, 6391}, + {0x2f880, 16, 16, 6392}, + {0x2f989, 16, 16, 6392}, + {0xd1, 16, 16, 6392}, + {0x1f8, 16, 16, 6392}, + {0x143, 16, 16, 6392}, + {0x1e44, 16, 16, 6392}, + {0x0, 11, 12, 6392}, + {0x2f98e, 16, 16, 6393}, + {0x0, 11, 12, 6393}, + {0x2f933, 16, 16, 6394}, + {0x0, 10, 11, 6394}, + {0xf99b, 16, 16, 6395}, + {0x0, 0, 1, 6395}, + {0x1e75, 16, 16, 6396}, + {0x0, 0, 1, 6396}, + {0x0, 0, 1, 6397}, + {0x0, 3, 4, 6398}, + {0x0, 4, 5, 6399}, + {0x0, 5, 6, 6400}, + {0x1f8d, 16, 16, 6401}, + {0x30d6, 16, 16, 6401}, + {0x1f2b, 16, 16, 6401}, + {0x0, 2, 3, 6401}, + {0xf9ad, 16, 16, 6402}, + {0xf95d, 16, 16, 6402}, + {0x0, 0, 1, 6402}, + {0x0, 0, 1, 6403}, + {0x0, 3, 4, 6404}, + {0x0, 0, 3, 6405}, + {0x0, 3, 4, 6408}, + {0x1e7c, 16, 16, 6409}, + {0x0, 3, 4, 6409}, + {0x0, 14, 15, 6410}, + {0x2f977, 16, 16, 6411}, + {0x0, 0, 1, 6411}, + {0x0, 3, 4, 6412}, + {0x0, 0, 1, 6413}, + {0x0, 9, 10, 6414}, + {0x0, 9, 10, 6415}, + {0x305e, 16, 16, 6416}, + {0x0, 0, 1, 6416}, + {0x2f842, 16, 16, 6417}, + {0x0, 3, 4, 6417}, + {0x2f90a, 16, 16, 6418}, + {0x0, 0, 9, 6418}, + {0x38e, 16, 16, 6427}, + {0x0, 0, 1, 6427}, + {0xf9ee, 16, 16, 6428}, + {0x0, 15, 16, 6428}, + {0x2f80b, 16, 16, 6429}, + {0x0, 10, 11, 6429}, + {0xf919, 16, 16, 6430}, + {0xf912, 16, 16, 6430}, + {0x0, 13, 14, 6430}, + {0x0, 10, 11, 6431}, + {0x2f898, 16, 16, 6432}, + {0x211, 16, 16, 6432}, + {0x159, 16, 16, 6432}, + {0x0, 12, 13, 6432}, + {0xfa2b, 16, 16, 6433}, + {0x0, 10, 11, 6433}, + {0xf9bb, 16, 16, 6434}, + {0x0, 0, 1, 6434}, + {0x0, 0, 1, 6435}, + {0x0, 3, 4, 6436}, + {0x0, 4, 5, 6437}, + {0x0, 5, 6, 6438}, + {0x1f83, 16, 16, 6439}, + {0x1ff8, 16, 16, 6439}, + {0x0, 11, 12, 6439}, + {0x2f9d4, 16, 16, 6440}, + {0x0, 1, 12, 6440}, + {0x216, 16, 16, 6451}, + {0x0, 0, 1, 6451}, + {0x0, 0, 1, 6452}, + {0x0, 3, 4, 6453}, + {0x0, 0, 1, 6454}, + {0x0, 4, 5, 6455}, + {0x1e0, 16, 16, 6456}, + {0x0, 0, 16, 6456}, + {0x0, 6, 7, 6472}, + {0xfa37, 16, 16, 6473}, + {0x0, 0, 1, 6473}, + {0x0, 0, 1, 6474}, + {0x0, 3, 4, 6475}, + {0x0, 3, 4, 6476}, + {0x0, 8, 9, 6477}, + {0x22e3, 16, 16, 6478}, + {0x0, 0, 2, 6478}, + {0x1f6a, 16, 16, 6480}, + {0x1f6c, 16, 16, 6480}, + {0x137, 16, 16, 6480}, + {0x0, 3, 5, 6480}, + {0x1f51, 16, 16, 6482}, + {0x1f50, 16, 16, 6482}, + {0x0, 1, 2, 6482}, + {0x0, 5, 6, 6483}, + {0x2f9ec, 16, 16, 6484}, + {0x0, 14, 15, 6484}, + {0x2f8c2, 16, 16, 6485}, + {0x0, 13, 14, 6485}, + {0x2f99d, 16, 16, 6486}, + {0x1af, 16, 16, 6486}, + {0x0, 9, 10, 6486}, + {0xf9c7, 16, 16, 6487}, + {0x1e59, 16, 16, 6487}, + {0x4d3, 16, 16, 6487}, + {0x0, 0, 1, 6487}, + {0x0, 0, 1, 6488}, + {0x0, 3, 4, 6489}, + {0x0, 0, 1, 6490}, + {0x0, 7, 8, 6491}, + {0x1e1f, 16, 16, 6492}, + {0x0, 7, 8, 6492}, + {0x2f9bf, 16, 16, 6493}, + {0x0, 2, 5, 6493}, + {0xf73, 16, 16, 6496}, + {0xf75, 16, 16, 6496}, + {0x0, 8, 9, 6496}, + {0x2f83f, 16, 16, 6497}, + {0x0, 3, 5, 6497}, + {0x1f30, 16, 16, 6499}, + {0x1f31, 16, 16, 6499}, + {0x0, 15, 16, 6499}, + {0xf913, 16, 16, 6500}, + {0x0, 0, 11, 6500}, + {0x1e87, 16, 16, 6511}, + {0x0, 0, 2, 6511}, + {0x1fcd, 16, 16, 6513}, + {0x1fce, 16, 16, 6513}, + {0x175, 16, 16, 6513}, + {0x1e83, 16, 16, 6513}, + {0x1e81, 16, 16, 6513}, + {0x0, 12, 13, 6513}, + {0x2f8b8, 16, 16, 6514}, + {0x0, 5, 6, 6514}, + {0x1ffc, 16, 16, 6515}, + {0xfa45, 16, 16, 6515}, + {0x1e85, 16, 16, 6515}, + {0x0, 3, 9, 6515}, + {0x1ecc, 16, 16, 6521}, + {0x0, 0, 1, 6521}, + {0x0, 0, 1, 6522}, + {0x0, 11, 12, 6523}, + {0x0, 11, 12, 6524}, + {0x0, 14, 15, 6525}, + {0xbcb, 16, 16, 6526}, + {0x1ea, 16, 16, 6526}, + {0x0, 0, 1, 6526}, + {0x0, 0, 1, 6527}, + {0x0, 3, 4, 6528}, + {0x0, 3, 4, 6529}, + {0x0, 8, 9, 6530}, + {0x22ac, 16, 16, 6531}, + {0x0, 1, 2, 6531}, + {0x0, 10, 11, 6532}, + {0x2f9f7, 16, 16, 6533}, + {0x0, 12, 13, 6533}, + {0xf956, 16, 16, 6534}, + {0x0, 0, 1, 6534}, + {0x0, 0, 1, 6535}, + {0x0, 3, 4, 6536}, + {0x0, 0, 1, 6537}, + {0x0, 8, 9, 6538}, + {0x4f8, 16, 16, 6539}, + {0x0, 12, 16, 6539}, + {0xf9e9, 16, 16, 6543}, + {0xf97e, 16, 16, 6543}, + {0x0, 14, 15, 6543}, + {0x2f8af, 16, 16, 6544}, + {0x21f, 16, 16, 6544}, + {0x1e98, 16, 16, 6544}, + {0x0, 1, 2, 6544}, + {0x1e3a, 16, 16, 6545}, + {0x0, 7, 8, 6545}, + {0x9cc, 16, 16, 6546}, + {0x0, 3, 15, 6546}, + {0x1e2a, 16, 16, 6558}, + {0x0, 5, 16, 6558}, + {0x2fa1a, 16, 16, 6569}, + {0x2f81a, 16, 16, 6569}, + {0x0, 7, 12, 6569}, + {0x2f929, 16, 16, 6574}, + {0x0, 2, 16, 6574}, + {0xf94f, 16, 16, 6588}, + {0x0, 14, 15, 6588}, + {0xf920, 16, 16, 6589}, + {0x0, 10, 11, 6589}, + {0x0, 14, 15, 6590}, + {0x2f9cb, 16, 16, 6591}, + {0xf9a0, 16, 16, 6591}, + {0x1e28, 16, 16, 6591}, + {0x0, 1, 2, 6591}, + {0x2f8da, 16, 16, 6592}, + {0x1e24, 16, 16, 6592}, + {0x2fa19, 16, 16, 6592}, + {0xf9db, 16, 16, 6592}, + {0x0, 0, 1, 6592}, + {0x0, 0, 1, 6593}, + {0x0, 3, 4, 6594}, + {0x0, 0, 3, 6595}, + {0x0, 7, 8, 6598}, + {0x122, 16, 16, 6599}, + {0x0, 0, 2, 6599}, + {0x1f2a, 16, 16, 6601}, + {0x1f2c, 16, 16, 6601}, + {0x0, 0, 1, 6601}, + {0x0, 0, 1, 6602}, + {0x0, 3, 4, 6603}, + {0x0, 4, 5, 6604}, + {0x0, 5, 6, 6605}, + {0x1f93, 16, 16, 6606}, + {0x0, 14, 15, 6606}, + {0xbca, 16, 16, 6607}, + {0x0, 6, 7, 6607}, + {0x2f912, 16, 16, 6608}, + {0x0, 5, 6, 6608}, + {0x2f9f6, 16, 16, 6609}, + {0x0, 3, 4, 6609}, + {0x2f8dd, 16, 16, 6610}, + {0xf96a, 16, 16, 6610}, + {0x0, 14, 15, 6610}, + {0x2f90f, 16, 16, 6611}, + {0x0, 9, 10, 6611}, + {0x374, 16, 16, 6612}, + {0x0, 6, 11, 6612}, + {0xf998, 16, 16, 6617}, + {0x0, 4, 5, 6617}, + {0xfa3d, 16, 16, 6618}, + {0x0, 2, 6, 6618}, + {0x1f26, 16, 16, 6622}, + {0x0, 7, 15, 6622}, + {0x2f8c4, 16, 16, 6630}, + {0x0, 0, 1, 6630}, + {0x2f922, 16, 16, 6631}, + {0x0, 1, 2, 6631}, + {0xf96d, 16, 16, 6632}, + {0x0, 1, 2, 6632}, + {0x1e6f, 16, 16, 6633}, + {0x0, 0, 1, 6633}, + {0x0, 0, 1, 6634}, + {0x0, 3, 4, 6635}, + {0x0, 4, 5, 6636}, + {0x0, 5, 6, 6637}, + {0x1fa4, 16, 16, 6638}, + {0x0, 0, 1, 6638}, + {0x0, 0, 1, 6639}, + {0x0, 3, 4, 6640}, + {0x0, 0, 4, 6641}, + {0x0, 1, 13, 6645}, + {0x17e, 16, 16, 6657}, + {0x1f90, 16, 16, 6657}, + {0x0, 0, 2, 6657}, + {0x1f5b, 16, 16, 6659}, + {0x1f5d, 16, 16, 6659}, + {0x0, 5, 6, 6659}, + {0xfa04, 16, 16, 6660}, + {0x1f6e, 16, 16, 6660}, + {0x0, 0, 1, 6660}, + {0x0, 0, 1, 6661}, + {0x0, 3, 4, 6662}, + {0x0, 0, 3, 6663}, + {0x0, 1, 13, 6666}, + {0x11f, 16, 16, 6678}, + {0x121, 16, 16, 6678}, + {0x1e21, 16, 16, 6678}, + {0x11d, 16, 16, 6678}, + {0x1f5, 16, 16, 6678}, + {0x0, 3, 4, 6678}, + {0x2f8bc, 16, 16, 6679}, + {0x17c, 16, 16, 6679}, + {0x17a, 16, 16, 6679}, + {0x1e91, 16, 16, 6679}, + {0x0, 1, 2, 6679}, + {0x2f8b5, 16, 16, 6680}, + {0xf9d7, 16, 16, 6680}, + {0x2f8c6, 16, 16, 6680}, + {0x1e7, 16, 16, 6680}, + {0x0, 4, 5, 6680}, + {0xf943, 16, 16, 6681}, + {0x0, 0, 1, 6681}, + {0x0, 0, 1, 6682}, + {0x0, 3, 4, 6683}, + {0x0, 0, 1, 6684}, + {0x0, 0, 10, 6685}, + {0x1ed7, 16, 16, 6695}, + {0x0, 0, 1, 6695}, + {0x0, 0, 1, 6696}, + {0x0, 3, 4, 6697}, + {0x0, 4, 5, 6698}, + {0x0, 5, 6, 6699}, + {0x1f8f, 16, 16, 6700}, + {0x1ed1, 16, 16, 6700}, + {0x1ed3, 16, 16, 6700}, + {0x0, 2, 14, 6700}, + {0xf95e, 16, 16, 6712}, + {0x2f801, 16, 16, 6712}, + {0x1ed5, 16, 16, 6712}, + {0xf905, 16, 16, 6712}, + {0x0, 0, 2, 6712}, + {0x1f6d, 16, 16, 6714}, + {0x1f6b, 16, 16, 6714}, + {0x0, 10, 11, 6714}, + {0x2f808, 16, 16, 6715}, + {0x0, 15, 16, 6715}, + {0x0, 0, 1, 6716}, + {0x0, 0, 1, 6717}, + {0x0, 12, 13, 6718}, + {0x0, 13, 14, 6719}, + {0x0, 5, 6, 6720}, + {0xcc0, 16, 16, 6721}, + {0x0, 0, 16, 6721}, + {0x214, 16, 16, 6737}, + {0x0, 11, 12, 6737}, + {0xf953, 16, 16, 6738}, + {0x1d3, 16, 16, 6738}, + {0x170, 16, 16, 6738}, + {0x16e, 16, 16, 6738}, + {0x0, 3, 14, 6738}, + {0x1e77, 16, 16, 6749}, + {0x0, 3, 14, 6749}, + {0x13c, 16, 16, 6760}, + {0x1e37, 16, 16, 6760}, + {0x0, 0, 1, 6760}, + {0x0, 0, 1, 6761}, + {0x0, 3, 4, 6762}, + {0x0, 1, 2, 6763}, + {0x0, 4, 5, 6764}, + {0x1fec, 16, 16, 6765}, + {0x0, 14, 15, 6765}, + {0x0, 4, 5, 6766}, + {0x2f859, 16, 16, 6767}, + {0x2f800, 16, 16, 6767}, + {0x1e3d, 16, 16, 6767}, + {0x0, 0, 1, 6767}, + {0x0, 3, 4, 6768}, + {0x0, 0, 1, 6769}, + {0x0, 9, 10, 6770}, + {0x0, 9, 10, 6771}, + {0x304e, 16, 16, 6772}, + {0x0, 11, 15, 6772}, + {0x2f87e, 16, 16, 6776}, + {0x2f8cb, 16, 16, 6776}, + {0x1e84, 16, 16, 6776}, + {0x0, 0, 1, 6776}, + {0x0, 0, 1, 6777}, + {0x0, 3, 4, 6778}, + {0x0, 0, 1, 6779}, + {0x0, 1, 2, 6780}, + {0x403, 16, 16, 6781}, + {0x173, 16, 16, 6781}, + {0x1ee6, 16, 16, 6781}, + {0xdc, 16, 16, 6781}, + {0x1ee5, 16, 16, 6781}, + {0x16c, 16, 16, 6781}, + {0x16a, 16, 16, 6781}, + {0x168, 16, 16, 6781}, + {0xdb, 16, 16, 6781}, + {0x0, 8, 11, 6781}, + {0x0, 0, 1, 6784}, + {0x0, 0, 1, 6785}, + {0x0, 6, 7, 6786}, + {0x0, 5, 6, 6787}, + {0x0, 4, 5, 6788}, + {0x626, 16, 16, 6789}, + {0x1e73, 16, 16, 6789}, + {0x0, 5, 7, 6789}, + {0xcc7, 16, 16, 6791}, + {0x0, 0, 1, 6791}, + {0x0, 0, 1, 6792}, + {0x0, 3, 4, 6793}, + {0x0, 0, 3, 6794}, + {0x0, 0, 11, 6797}, + {0x233, 16, 16, 6808}, + {0x1e8f, 16, 16, 6808}, + {0xcc8, 16, 16, 6808}, + {0xfd, 16, 16, 6808}, + {0x1ef3, 16, 16, 6808}, + {0x1ef9, 16, 16, 6808}, + {0x177, 16, 16, 6808}, + {0x0, 12, 13, 6808}, + {0x2f812, 16, 16, 6809}, + {0x1ef7, 16, 16, 6809}, + {0xff, 16, 16, 6809}, + {0x1e80, 16, 16, 6809}, + {0x0, 14, 15, 6809}, + {0x2f83c, 16, 16, 6810}, + {0x0, 2, 3, 6810}, + {0x0, 0, 1, 6811}, + {0x0, 0, 1, 6812}, + {0x0, 11, 12, 6813}, + {0x0, 13, 14, 6814}, + {0x0, 7, 8, 6815}, + {0xb94, 16, 16, 6816}, + {0x0, 10, 11, 6816}, + {0x0, 11, 12, 6817}, + {0x2f961, 16, 16, 6818}, + {0x0, 1, 2, 6818}, + {0x213, 16, 16, 6819}, + {0x0, 1, 12, 6819}, + {0x1a0, 16, 16, 6830}, + {0x0, 0, 9, 6830}, + {0x3ca, 16, 16, 6839}, + {0x0, 11, 12, 6839}, + {0xf9f5, 16, 16, 6840}, + {0x3af, 16, 16, 6840}, + {0x1f76, 16, 16, 6840}, + {0x1fd1, 16, 16, 6840}, + {0x1fd0, 16, 16, 6840}, + {0x1e99, 16, 16, 6840}, + {0x0, 1, 2, 6840}, + {0xf9ca, 16, 16, 6841}, + {0x0, 1, 2, 6841}, + {0x2f802, 16, 16, 6842}, + {0x0, 0, 1, 6842}, + {0x0, 0, 1, 6843}, + {0x0, 6, 7, 6844}, + {0x0, 5, 6, 6845}, + {0x0, 4, 5, 6846}, + {0x624, 16, 16, 6847}, + {0x20e, 16, 16, 6847}, + {0x0, 0, 1, 6847}, + {0x0, 0, 1, 6848}, + {0x0, 3, 4, 6849}, + {0x0, 4, 5, 6850}, + {0x0, 5, 6, 6851}, + {0x1fae, 16, 16, 6852}, + {0x0, 4, 5, 6852}, + {0x2f8bd, 16, 16, 6853}, + {0x0, 9, 10, 6853}, + {0x2f949, 16, 16, 6854}, + {0x0, 4, 5, 6854}, + {0xf9a8, 16, 16, 6855}, + {0x0, 3, 9, 6855}, + {0x1e01, 16, 16, 6861}, + {0x1ea1, 16, 16, 6861}, + {0x1ef8, 16, 16, 6861}, + {0x0, 0, 16, 6861}, + {0x101, 16, 16, 6877}, + {0x105, 16, 16, 6877}, + {0x1f32, 16, 16, 6877}, + {0x0, 0, 1, 6877}, + {0x0, 3, 4, 6878}, + {0x0, 0, 1, 6879}, + {0x0, 9, 10, 6880}, + {0x0, 9, 10, 6881}, + {0x3069, 16, 16, 6882}, + {0x0, 1, 13, 6882}, + {0x139, 16, 16, 6894}, + {0x0, 12, 13, 6894}, + {0x2f9db, 16, 16, 6895}, + {0x0, 9, 10, 6895}, + {0xf96e, 16, 16, 6896}, + {0x0, 3, 4, 6896}, + {0x0, 0, 1, 6897}, + {0x2fa09, 16, 16, 6898}, + {0x0, 13, 14, 6898}, + {0xf99e, 16, 16, 6899}, + {0x0, 2, 3, 6899}, + {0x2f85e, 16, 16, 6900}, + {0x0, 13, 14, 6900}, + {0xf91f, 16, 16, 6901}, + {0x0, 13, 14, 6901}, + {0x2f91a, 16, 16, 6902}, + {0x13d, 16, 16, 6902}, + {0x0, 0, 1, 6902}, + {0x0, 3, 4, 6903}, + {0x0, 0, 1, 6904}, + {0x0, 9, 10, 6905}, + {0x0, 9, 10, 6906}, + {0x30f8, 16, 16, 6907}, + {0x0, 5, 6, 6907}, + {0x2f81d, 16, 16, 6908}, + {0x2f945, 16, 16, 6908}, + {0x0, 0, 1, 6908}, + {0x0, 3, 4, 6909}, + {0x0, 0, 1, 6910}, + {0x0, 9, 10, 6911}, + {0x0, 9, 10, 6912}, + {0x30fa, 16, 16, 6913}, + {0x0, 7, 12, 6913}, + {0xf929, 16, 16, 6918}, + {0x0, 14, 15, 6918}, + {0xf917, 16, 16, 6919}, + {0x0, 8, 12, 6919}, + {0xfa07, 16, 16, 6923}, + {0x0, 2, 6, 6923}, + {0x1f0e, 16, 16, 6927}, + {0x0, 0, 1, 6927}, + {0x0, 0, 1, 6928}, + {0x0, 3, 4, 6929}, + {0x0, 0, 1, 6930}, + {0x0, 1, 2, 6931}, + {0x45c, 16, 16, 6932}, + {0x1f88, 16, 16, 6932}, + {0x0, 0, 1, 6932}, + {0x0, 0, 1, 6933}, + {0x0, 3, 4, 6934}, + {0x0, 0, 1, 6935}, + {0x0, 0, 2, 6936}, + {0x1f4d, 16, 16, 6938}, + {0x1f4b, 16, 16, 6938}, + {0x0, 0, 1, 6938}, + {0x0, 0, 1, 6939}, + {0x0, 3, 4, 6940}, + {0x0, 3, 4, 6941}, + {0x0, 8, 9, 6942}, + {0x22eb, 16, 16, 6943}, + {0x0, 0, 1, 6943}, + {0x0, 0, 1, 6944}, + {0x0, 3, 4, 6945}, + {0x0, 3, 4, 6946}, + {0x0, 8, 9, 6947}, + {0x226e, 16, 16, 6948}, + {0x0, 0, 1, 6948}, + {0xf9cf, 16, 16, 6949}, + {0x0, 15, 16, 6949}, + {0x2f8f4, 16, 16, 6950}, + {0x0, 3, 5, 6950}, + {0x1f11, 16, 16, 6952}, + {0x1f10, 16, 16, 6952}, + {0x0, 0, 1, 6952}, + {0x0, 0, 1, 6953}, + {0x0, 3, 4, 6954}, + {0x0, 1, 2, 6955}, + {0x0, 3, 5, 6956}, + {0x1fe4, 16, 16, 6958}, + {0x2f9df, 16, 16, 6958}, + {0x1fe5, 16, 16, 6958}, + {0x0, 0, 1, 6958}, + {0x0, 3, 4, 6959}, + {0x0, 0, 1, 6960}, + {0x0, 9, 10, 6961}, + {0x0, 9, 10, 6962}, + {0x3067, 16, 16, 6963}, + {0x1f4c, 16, 16, 6963}, + {0x0, 6, 7, 6963}, + {0x0, 10, 11, 6964}, + {0xf987, 16, 16, 6965}, + {0x2f87f, 16, 16, 6965}, + {0x2f8d9, 16, 16, 6965}, + {0x0, 0, 1, 6965}, + {0xf990, 16, 16, 6966}, + {0x0, 0, 1, 6966}, + {0x2f879, 16, 16, 6967}, + {0x1f73, 16, 16, 6967}, + {0x0, 7, 8, 6967}, + {0x2f9f0, 16, 16, 6968}, + {0x1f77, 16, 16, 6968}, + {0x1f71, 0, 1, 6968}, + {0x0, 3, 4, 6969}, + {0x0, 1, 2, 6970}, + {0x2f892, 16, 16, 6971}, + {0x0, 1, 2, 6971}, + {0x1e95, 16, 16, 6972}, + {0x0, 0, 1, 6972}, + {0x0, 0, 1, 6973}, + {0x0, 3, 4, 6974}, + {0x0, 4, 5, 6975}, + {0x0, 5, 6, 6976}, + {0x1fa5, 16, 16, 6977}, + {0x0, 0, 1, 6977}, + {0x0, 3, 4, 6978}, + {0x0, 4, 5, 6979}, + {0x0, 5, 6, 6980}, + {0x1fb4, 16, 16, 6981}, + {0xf925, 16, 16, 6981}, + {0xda, 16, 16, 6981}, + {0x0, 6, 10, 6981}, + {0xf9cc, 16, 16, 6985}, + {0xf9e4, 16, 16, 6985}, + {0x0, 3, 14, 6985}, + {0x145, 16, 16, 6996}, + {0x1e46, 16, 16, 6996}, + {0x0, 3, 4, 6996}, + {0x0, 5, 6, 6997}, + {0x2f926, 16, 16, 6998}, + {0x0, 2, 3, 6998}, + {0x1fc1, 16, 16, 6999}, + {0x0, 11, 12, 6999}, + {0x2f9ff, 16, 16, 7000}, + {0x0, 5, 6, 7000}, + {0x2f955, 16, 16, 7001}, + {0x0, 0, 1, 7001}, + {0x0, 0, 1, 7002}, + {0x0, 3, 4, 7003}, + {0x0, 0, 1, 7004}, + {0x0, 7, 8, 7005}, + {0x1e66, 16, 16, 7006}, + {0x0, 0, 1, 7006}, + {0x0, 0, 1, 7007}, + {0x0, 3, 4, 7008}, + {0x0, 0, 1, 7009}, + {0x0, 8, 9, 7010}, + {0x4e6, 16, 16, 7011}, + {0x0, 1, 2, 7011}, + {0x1e3b, 16, 16, 7012}, + {0x0, 7, 8, 7012}, + {0x2f99e, 16, 16, 7013}, + {0x1e4a, 16, 16, 7013}, + {0xd9, 16, 16, 7013}, + {0x0, 3, 4, 7013}, + {0x1e7e, 16, 16, 7014}, + {0x0, 0, 1, 7014}, + {0x0, 0, 1, 7015}, + {0x0, 3, 4, 7016}, + {0x0, 0, 1, 7017}, + {0x0, 1, 9, 7018}, + {0x22d, 16, 16, 7026}, + {0x0, 0, 1, 7026}, + {0x0, 3, 4, 7027}, + {0x0, 0, 1, 7028}, + {0x0, 9, 10, 7029}, + {0x0, 9, 10, 7030}, + {0x30be, 16, 16, 7031}, + {0x1e4d, 16, 16, 7031}, + {0x1e4f, 16, 16, 7031}, + {0x0, 0, 1, 7031}, + {0x0, 0, 1, 7032}, + {0x0, 3, 4, 7033}, + {0x0, 3, 4, 7034}, + {0x0, 8, 9, 7035}, + {0x220c, 16, 16, 7036}, + {0x0, 4, 5, 7036}, + {0x2f84f, 16, 16, 7037}, + {0x0, 3, 12, 7037}, + {0xf931, 16, 16, 7046}, + {0x0, 3, 4, 7046}, + {0x2f849, 16, 16, 7047}, + {0x0, 0, 1, 7047}, + {0x0, 0, 1, 7048}, + {0x0, 3, 4, 7049}, + {0x0, 0, 1, 7050}, + {0x0, 0, 2, 7051}, + {0x1f1b, 16, 16, 7053}, + {0x1f1d, 16, 16, 7053}, + {0x0, 0, 1, 7053}, + {0x0, 0, 1, 7054}, + {0x0, 3, 4, 7055}, + {0x0, 0, 1, 7056}, + {0x0, 4, 5, 7057}, + {0x22b, 16, 16, 7058}, + {0x0, 8, 9, 7058}, + {0xfa38, 16, 16, 7059}, + {0x0, 7, 8, 7059}, + {0xc7, 16, 16, 7060}, + {0x0, 14, 15, 7060}, + {0x2f936, 16, 16, 7061}, + {0x0, 1, 9, 7061}, + {0xf948, 16, 16, 7069}, + {0x2f9d5, 16, 16, 7069}, + {0x0, 12, 13, 7069}, + {0x2f9a3, 16, 16, 7070}, + {0xf903, 16, 16, 7070}, + {0x2f8ed, 16, 16, 7070}, + {0x0, 8, 9, 7070}, + {0xf9b8, 16, 16, 7071}, + {0x0, 11, 12, 7071}, + {0x2f9da, 16, 16, 7072}, + {0x0, 0, 11, 7072}, + {0x2f9cf, 16, 16, 7083}, + {0x0, 0, 1, 7083}, + {0x0, 0, 1, 7084}, + {0x0, 3, 4, 7085}, + {0x0, 3, 4, 7086}, + {0x0, 8, 9, 7087}, + {0x2249, 16, 16, 7088}, + {0x0, 6, 8, 7088}, + {0x2f84b, 16, 16, 7090}, + {0x2f84d, 16, 16, 7090}, + {0x0, 6, 7, 7090}, + {0x2f821, 16, 16, 7091}, + {0x1ece, 16, 16, 7091}, + {0xd6, 16, 16, 7091}, + {0x22e, 16, 16, 7091}, + {0x14e, 16, 16, 7091}, + {0x14c, 16, 16, 7091}, + {0x0, 13, 14, 7091}, + {0x0, 10, 11, 7092}, + {0x2f97b, 16, 16, 7093}, + {0xd4, 16, 16, 7093}, + {0xd3, 16, 16, 7093}, + {0xd2, 16, 16, 7093}, + {0x1eb3, 16, 16, 7093}, + {0xfa40, 16, 16, 7093}, + {0x1eb5, 16, 16, 7093}, + {0x0, 13, 14, 7093}, + {0x2f854, 16, 16, 7094}, + {0x1eb1, 16, 16, 7094}, + {0x0, 14, 15, 7094}, + {0x2f890, 16, 16, 7095}, + {0x0, 8, 9, 7095}, + {0xfa67, 16, 16, 7096}, + {0x0, 10, 16, 7096}, + {0xdda, 16, 16, 7102}, + {0x0, 8, 9, 7102}, + {0xf9b4, 16, 16, 7103}, + {0xddc, 16, 16, 7103}, + {0xf9a1, 16, 16, 7103}, + {0x0, 0, 1, 7103}, + {0x0, 0, 1, 7104}, + {0x0, 3, 4, 7105}, + {0x0, 4, 5, 7106}, + {0x0, 5, 6, 7107}, + {0x1f8b, 16, 16, 7108}, + {0x0, 3, 4, 7108}, + {0x2f9f5, 16, 16, 7109}, + {0x0, 14, 15, 7109}, + {0x2f9b9, 16, 16, 7110}, + {0x20c, 16, 16, 7110}, + {0x0, 0, 1, 7110}, + {0x0, 0, 1, 7111}, + {0x0, 3, 4, 7112}, + {0x0, 3, 4, 7113}, + {0x0, 8, 9, 7114}, + {0x2284, 16, 16, 7115}, + {0x1d1, 16, 16, 7115}, + {0x150, 16, 16, 7115}, + {0x0, 7, 8, 7115}, + {0xfa5f, 16, 16, 7116}, + {0x0, 1, 13, 7116}, + {0x1e6, 16, 16, 7128}, + {0x0, 6, 7, 7128}, + {0x2f9fd, 16, 16, 7129}, + {0x0, 0, 1, 7129}, + {0x0, 5, 6, 7130}, + {0x2fa12, 16, 16, 7131}, + {0x0, 8, 10, 7131}, + {0x2fa04, 16, 16, 7133}, + {0xfa2c, 16, 16, 7133}, + {0x0, 15, 16, 7133}, + {0xf940, 16, 16, 7134}, + {0x0, 1, 2, 7134}, + {0xfa4b, 16, 16, 7135}, + {0x30d1, 16, 16, 7135}, + {0x0, 2, 11, 7135}, + {0x2f9f4, 16, 16, 7144}, + {0x0, 15, 16, 7144}, + {0xf94e, 16, 16, 7145}, + {0x0, 0, 1, 7145}, + {0x2f8d4, 16, 16, 7146}, + {0x1f00, 16, 16, 7146}, + {0x1f4, 16, 16, 7146}, + {0x11c, 16, 16, 7146}, + {0x1e20, 16, 16, 7146}, + {0x11e, 16, 16, 7146}, + {0x120, 16, 16, 7146}, + {0x0, 3, 4, 7146}, + {0x2f9f3, 16, 16, 7147}, + {0x0, 9, 10, 7147}, + {0xf9fb, 16, 16, 7148}, + {0x1fef, 16, 16, 7148}, + {0xf9ab, 16, 16, 7148}, + {0x0, 3, 4, 7148}, + {0xf94c, 16, 16, 7149}, + {0x0, 0, 1, 7149}, + {0x0, 0, 1, 7150}, + {0x0, 3, 4, 7151}, + {0x0, 4, 5, 7152}, + {0x0, 5, 6, 7153}, + {0x1f96, 16, 16, 7154}, + {0x0, 0, 1, 7154}, + {0x2f96a, 16, 16, 7155}, + {0x1f72, 16, 16, 7155}, + {0x0, 7, 12, 7155}, + {0x2f90c, 16, 16, 7160}, + {0x0, 0, 11, 7160}, + {0x2f9d1, 16, 16, 7171}, + {0x0, 0, 1, 7171}, + {0x0, 0, 1, 7172}, + {0x0, 3, 4, 7173}, + {0x0, 0, 1, 7174}, + {0x0, 1, 2, 7175}, + {0x40c, 16, 16, 7176}, + {0x0, 2, 12, 7176}, + {0x2f89a, 16, 16, 7186}, + {0x0, 7, 8, 7186}, + {0x123, 16, 16, 7187}, + {0x0, 5, 7, 7187}, + {0xf974, 16, 16, 7189}, + {0x2f996, 16, 16, 7189}, + {0x0, 3, 4, 7189}, + {0x1e93, 16, 16, 7190}, + {0x0, 2, 3, 7190}, + {0x1fe7, 16, 16, 7191}, + {0x0, 2, 3, 7191}, + {0x2f9fc, 16, 16, 7192}, + {0x2f90b, 16, 16, 7192}, + {0xf95a, 16, 16, 7192}, + {0x0, 3, 5, 7192}, + {0xfa02, 16, 16, 7194}, + {0x2f8b6, 16, 16, 7194}, + {0x0, 1, 2, 7194}, + {0x1e48, 16, 16, 7195}, + {0x4e4, 16, 16, 7195}, + {0x4e2, 16, 16, 7195}, + {0x0, 0, 1, 7195}, + {0x0, 0, 1, 7196}, + {0x0, 3, 4, 7197}, + {0x0, 3, 4, 7198}, + {0x0, 8, 9, 7199}, + {0x2278, 16, 16, 7200}, + {0x419, 16, 16, 7200}, + {0x0, 1, 2, 7200}, + {0x2f9c0, 16, 16, 7201}, + {0x2f899, 16, 16, 7201}, + {0x1e72, 16, 16, 7201}, + {0x0, 4, 5, 7201}, + {0xf98e, 16, 16, 7202}, + {0x0, 5, 6, 7202}, + {0x2f92b, 16, 16, 7203}, + {0x0, 0, 1, 7203}, + {0x2f9fa, 16, 16, 7204}, + {0x0, 3, 14, 7204}, + {0x1e0d, 16, 16, 7215}, + {0x0, 6, 7, 7215}, + {0x2f9f2, 16, 16, 7216}, + {0x1e11, 16, 16, 7216}, + {0x0, 14, 15, 7216}, + {0x2f851, 16, 16, 7217}, + {0x0, 6, 7, 7217}, + {0x2f9f9, 16, 16, 7218}, + {0x0, 2, 3, 7218}, + {0xf9f9, 16, 16, 7219}, + {0x0, 14, 15, 7219}, + {0xf9a5, 16, 16, 7220}, + {0x10f, 16, 16, 7220}, + {0x0, 2, 6, 7220}, + {0x1f0f, 16, 16, 7224}, + {0x1f89, 16, 16, 7224}, + {0x0, 15, 16, 7224}, + {0x0, 0, 1, 7225}, + {0x0, 0, 1, 7226}, + {0x0, 3, 4, 7227}, + {0x0, 0, 1, 7228}, + {0x0, 7, 8, 7229}, + {0x1e9b, 16, 16, 7230}, + {0x1e13, 16, 16, 7230}, + {0x0, 0, 3, 7230}, + {0x2f84a, 16, 16, 7233}, + {0xfa0d, 16, 16, 7233}, + {0x0, 1, 2, 7233}, + {0x2fa14, 16, 16, 7234}, + {0x0, 12, 13, 7234}, + {0x2f9ad, 16, 16, 7235}, + {0x0, 10, 12, 7235}, + {0xf9ff, 16, 16, 7237}, + {0x2f820, 16, 16, 7237}, + {0x0, 1, 2, 7237}, + {0x2f84e, 16, 16, 7238}, + {0x1fe8, 16, 16, 7238}, + {0x1e58, 16, 16, 7238}, + {0x1fe9, 16, 16, 7238}, + {0x1fea, 16, 16, 7238}, + {0x0, 13, 14, 7238}, + {0x2f8f7, 16, 16, 7239}, + {0x0, 0, 1, 7239}, + {0x0, 0, 1, 7240}, + {0x0, 3, 4, 7241}, + {0x0, 4, 5, 7242}, + {0x0, 5, 6, 7243}, + {0x1f97, 16, 16, 7244}, + {0x3ab, 16, 16, 7244}, + {0x0, 3, 4, 7244}, + {0xf9f1, 16, 16, 7245}, + {0x210, 16, 16, 7245}, + {0x2f9a2, 16, 16, 7245}, + {0x158, 16, 16, 7245}, + {0x0, 5, 6, 7245}, + {0x2f9c8, 16, 16, 7246}, + {0x0, 0, 2, 7246}, + {0x1fc8, 16, 16, 7248}, + {0x388, 16, 16, 7248}, + {0x0, 12, 13, 7248}, + {0xf9cb, 16, 16, 7249}, + {0x0, 1, 2, 7249}, + {0xfa62, 16, 16, 7250}, + {0x0, 9, 10, 7250}, + {0xf9a9, 16, 16, 7251}, + {0x0, 14, 15, 7251}, + {0xf9b6, 16, 16, 7252}, + {0x0, 5, 6, 7252}, + {0xf9e3, 16, 16, 7253}, + {0x0, 11, 12, 7253}, + {0xf9ce, 16, 16, 7254}, + {0x0, 3, 4, 7254}, + {0x1ef5, 16, 16, 7255}, + {0x0, 1, 2, 7255}, + {0x1e49, 16, 16, 7256}, + {0x0, 0, 1, 7256}, + {0x0, 0, 1, 7257}, + {0x0, 3, 4, 7258}, + {0x0, 0, 1, 7259}, + {0x0, 0, 2, 7260}, + {0x1f1c, 16, 16, 7262}, + {0x1f1a, 16, 16, 7262}, + {0x0, 3, 4, 7262}, + {0xf99a, 16, 16, 7263}, + {0xe4, 16, 16, 7263}, + {0x1ea3, 16, 16, 7263}, + {0x0, 0, 1, 7263}, + {0x0, 3, 4, 7264}, + {0x0, 0, 1, 7265}, + {0x0, 9, 10, 7266}, + {0x0, 9, 10, 7267}, + {0x3054, 16, 16, 7268}, + {0x0, 1, 3, 7268}, + {0x2f856, 16, 16, 7270}, + {0x2f857, 16, 16, 7270}, + {0xe0, 16, 16, 7270}, + {0xe1, 16, 16, 7270}, + {0xe2, 16, 16, 7270}, + {0xe3, 16, 16, 7270}, + {0x0, 9, 10, 7270}, + {0x2f82c, 16, 16, 7271}, + {0x103, 16, 16, 7271}, + {0x227, 16, 16, 7271}, + {0x0, 0, 1, 7271}, + {0x0, 0, 1, 7272}, + {0x0, 3, 4, 7273}, + {0x0, 0, 1, 7274}, + {0x0, 0, 2, 7275}, + {0x1f13, 16, 16, 7277}, + {0x1f15, 16, 16, 7277}, + {0x0, 1, 2, 7277}, + {0x2f930, 16, 16, 7278}, + {0x0, 0, 2, 7278}, + {0x1f62, 16, 16, 7280}, + {0x1f64, 16, 16, 7280}, + {0x0, 2, 3, 7280}, + {0xf938, 16, 16, 7281}, + {0x0, 12, 13, 7281}, + {0xf93b, 16, 16, 7282}, + {0x0, 6, 7, 7282}, + {0xf935, 16, 16, 7283}, + {0x0, 0, 1, 7283}, + {0x0, 0, 1, 7284}, + {0x0, 3, 4, 7285}, + {0x0, 4, 5, 7286}, + {0x0, 5, 6, 7287}, + {0x1f8c, 16, 16, 7288}, + {0x0, 0, 1, 7288}, + {0x0, 0, 1, 7289}, + {0x0, 3, 4, 7290}, + {0x0, 0, 1, 7291}, + {0x0, 2, 3, 7292}, + {0x1ed9, 16, 16, 7293}, + {0xe5, 16, 16, 7293}, + {0x1ce, 16, 16, 7293}, + {0x0, 11, 12, 7293}, + {0x2f9a7, 16, 16, 7294}, + {0x201, 16, 16, 7294}, + {0x0, 11, 12, 7294}, + {0x2f990, 16, 16, 7295}, + {0x0, 6, 7, 7295}, + {0x2f85c, 16, 16, 7296}, + {0x0, 0, 1, 7296}, + {0x0, 0, 1, 7297}, + {0x0, 3, 4, 7298}, + {0x0, 4, 5, 7299}, + {0x0, 5, 6, 7300}, + {0x1fa3, 16, 16, 7301}, + {0x0, 6, 7, 7301}, + {0x2f9aa, 16, 16, 7302}, + {0x0, 6, 7, 7302}, + {0xf9b0, 16, 16, 7303}, + {0x0, 1, 3, 7303}, + {0x2f881, 16, 16, 7305}, + {0x2f882, 16, 16, 7305}, + {0x0, 2, 3, 7305}, + {0xf9c1, 16, 16, 7306}, + {0x0, 2, 7, 7306}, + {0xfa03, 16, 16, 7311}, + {0x0, 10, 11, 7311}, + {0x2f932, 16, 16, 7312}, + {0x2f966, 16, 16, 7312}, + {0x0, 10, 11, 7312}, + {0xf9ec, 16, 16, 7313}, + {0x1e50, 16, 16, 7313}, + {0x0, 6, 7, 7313}, + {0xfa61, 16, 16, 7314}, + {0x0, 1, 13, 7314}, + {0x109, 16, 16, 7326}, + {0x107, 16, 16, 7326}, + {0x10b, 16, 16, 7326}, + {0x0, 1, 2, 7326}, + {0x0, 0, 1, 7327}, + {0x0, 0, 1, 7328}, + {0x0, 6, 7, 7329}, + {0x0, 5, 6, 7330}, + {0x0, 4, 5, 7331}, + {0x6c2, 16, 16, 7332}, + {0x0, 2, 3, 7332}, + {0xf9bf, 16, 16, 7333}, + {0x0, 0, 1, 7333}, + {0x0, 0, 1, 7334}, + {0x2fa1d, 16, 16, 7335}, + {0x0, 3, 4, 7335}, + {0x1ef4, 16, 16, 7336}, + {0x0, 14, 15, 7336}, + {0x2f9dd, 16, 16, 7337}, + {0x0, 0, 4, 7337}, + {0x2f9c4, 16, 16, 7341}, + {0x0, 0, 1, 7341}, + {0x0, 0, 1, 7342}, + {0x0, 3, 4, 7343}, + {0x0, 4, 5, 7344}, + {0x0, 5, 6, 7345}, + {0x1f87, 16, 16, 7346}, + {0x2f9c3, 16, 16, 7346}, + {0x0, 11, 12, 7346}, + {0xf964, 16, 16, 7347}, + {0x0, 12, 15, 7347}, + {0xfa15, 16, 16, 7350}, + {0xf954, 16, 16, 7350}, + {0x0, 2, 3, 7350}, + {0xf946, 16, 16, 7351}, + {0x0, 0, 1, 7351}, + {0x0, 0, 1, 7352}, + {0x0, 3, 4, 7353}, + {0x0, 3, 4, 7354}, + {0x0, 8, 9, 7355}, + {0x2226, 16, 16, 7356}, + {0x1f79, 16, 16, 7356}, + {0x0, 0, 1, 7356}, + {0x0, 0, 1, 7357}, + {0x0, 3, 4, 7358}, + {0x0, 3, 4, 7359}, + {0x0, 8, 9, 7360}, + {0x21ce, 16, 16, 7361}, + {0x1d4, 16, 16, 7361}, + {0x1f7b, 16, 16, 7361}, + {0x10d, 16, 16, 7361}, + {0x0, 2, 10, 7361}, + {0x2f96f, 16, 16, 7369}, + {0xfa58, 16, 16, 7369}, +}; + +const unsigned short _wind_canon_next_table[] = { + 1, + 0, + 46, + 29, + 15, + 73, + 64, + 11, + 6, + 24, + 38, + 2, + 42, + 722, + 2119, + 3, + 140, + 1467, + 221, + 325, + 285, + 682, + 360, + 729, + 1610, + 635, + 106, + 2045, + 510, + 2830, + 0, + 0, + 0, + 0, + 0, + 748, + 1101, + 4614, + 273, + 0, + 4, + 0, + 0, + 4440, + 5, + 0, + 10, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 97, + 224, + 1388, + 270, + 249, + 1440, + 550, + 3741, + 2040, + 7, + 419, + 54, + 109, + 883, + 1230, + 275, + 336, + 4348, + 0, + 0, + 4568, + 3216, + 2891, + 0, + 0, + 0, + 0, + 1305, + 0, + 0, + 8, + 4480, + 937, + 112, + 0, + 0, + 0, + 0, + 0, + 0, + 9, + 1532, + 2106, + 1144, + 236, + 1215, + 1449, + 1624, + 0, + 0, + 12, + 194, + 1718, + 1680, + 3611, + 217, + 398, + 13, + 0, + 0, + 0, + 0, + 4477, + 14, + 2316, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 328, + 16, + 553, + 3511, + 17, + 646, + 732, + 426, + 532, + 57, + 0, + 0, + 0, + 278, + 1790, + 0, + 0, + 658, + 695, + 2327, + 3451, + 3868, + 18, + 666, + 4417, + 4518, + 391, + 1640, + 1458, + 567, + 340, + 2209, + 2458, + 1747, + 19, + 20, + 21, + 22, + 23, + 1307, + 304, + 1254, + 227, + 750, + 51, + 1120, + 1576, + 467, + 1270, + 2751, + 25, + 1647, + 183, + 1785, + 363, + 1315, + 0, + 1982, + 0, + 0, + 2474, + 0, + 1656, + 0, + 4178, + 4486, + 26, + 28, + 27, + 132, + 82, + 346, + 186, + 98, + 0, + 30, + 0, + 0, + 1028, + 0, + 1050, + 739, + 113, + 0, + 2135, + 1415, + 0, + 4020, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 4647, + 31, + 3197, + 0, + 0, + 32, + 33, + 34, + 35, + 36, + 37, + 354, + 809, + 436, + 1736, + 39, + 547, + 708, + 1945, + 850, + 367, + 594, + 1651, + 388, + 416, + 1251, + 705, + 4230, + 0, + 1894, + 0, + 886, + 424, + 40, + 4586, + 2250, + 1941, + 0, + 0, + 4635, + 41, + 1224, + 1391, + 813, + 1807, + 3757, + 308, + 442, + 43, + 439, + 121, + 4198, + 1596, + 1298, + 529, + 1244, + 1948, + 4367, + 4591, + 2500, + 2808, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 4473, + 44, + 45, + 239, + 1073, + 1218, + 543, + 506, + 124, + 47, + 128, + 772, + 725, + 291, + 3715, + 357, + 3693, + 4339, + 759, + 0, + 2181, + 0, + 0, + 0, + 3076, + 48, + 2065, + 0, + 3213, + 49, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1375, + 50, + 1333, + 0, + 1993, + 1665, + 0, + 52, + 0, + 0, + 1352, + 0, + 3457, + 53, + 1249, + 55, + 0, + 0, + 0, + 1627, + 0, + 0, + 0, + 0, + 1920, + 56, + 2143, + 0, + 0, + 0, + 58, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2970, + 59, + 60, + 61, + 62, + 63, + 65, + 0, + 0, + 0, + 1683, + 403, + 1593, + 1555, + 862, + 2420, + 151, + 259, + 1010, + 2377, + 2719, + 385, + 2542, + 0, + 0, + 0, + 826, + 894, + 66, + 610, + 0, + 2676, + 513, + 90, + 452, + 1152, + 1560, + 470, + 3342, + 0, + 0, + 67, + 0, + 4191, + 0, + 4103, + 0, + 0, + 0, + 0, + 0, + 0, + 1443, + 68, + 69, + 70, + 71, + 72, + 539, + 985, + 74, + 1870, + 0, + 675, + 1542, + 75, + 0, + 1085, + 210, + 2259, + 2582, + 498, + 295, + 76, + 0, + 3605, + 0, + 0, + 4323, + 0, + 0, + 0, + 0, + 1741, + 77, + 78, + 79, + 80, + 81, + 2790, + 587, + 0, + 0, + 978, + 1368, + 83, + 4492, + 0, + 0, + 161, + 2601, + 0, + 0, + 628, + 4245, + 2052, + 0, + 0, + 0, + 0, + 0, + 0, + 2488, + 2098, + 1037, + 84, + 85, + 86, + 87, + 88, + 89, + 372, + 0, + 154, + 0, + 3528, + 0, + 1493, + 0, + 91, + 0, + 1275, + 0, + 4271, + 0, + 2079, + 92, + 93, + 94, + 95, + 96, + 3288, + 1345, + 1907, + 99, + 1176, + 2738, + 0, + 3255, + 0, + 0, + 0, + 0, + 0, + 1615, + 2341, + 764, + 0, + 0, + 1103, + 0, + 1711, + 2982, + 100, + 143, + 0, + 4150, + 0, + 0, + 0, + 3444, + 101, + 102, + 103, + 104, + 105, + 527, + 881, + 0, + 0, + 0, + 0, + 0, + 107, + 0, + 0, + 0, + 4111, + 4319, + 0, + 2519, + 2853, + 108, + 1939, + 0, + 0, + 110, + 0, + 0, + 0, + 0, + 3917, + 0, + 0, + 0, + 2192, + 1883, + 1470, + 1202, + 111, + 318, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 114, + 2770, + 0, + 0, + 115, + 116, + 117, + 118, + 119, + 120, + 4389, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2672, + 0, + 2002, + 0, + 0, + 122, + 123, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 179, + 925, + 125, + 0, + 0, + 1310, + 0, + 1686, + 0, + 0, + 1571, + 3387, + 4056, + 1539, + 0, + 0, + 3187, + 126, + 0, + 954, + 127, + 1047, + 0, + 0, + 1771, + 0, + 0, + 3590, + 0, + 3849, + 3246, + 0, + 0, + 129, + 0, + 0, + 433, + 130, + 131, + 3069, + 133, + 197, + 168, + 1797, + 0, + 0, + 579, + 1377, + 445, + 2552, + 460, + 2528, + 1957, + 1845, + 134, + 2847, + 901, + 1326, + 3859, + 3234, + 1193, + 993, + 753, + 3534, + 520, + 2171, + 2023, + 135, + 136, + 137, + 138, + 0, + 4306, + 181, + 182, + 0, + 0, + 0, + 0, + 180, + 0, + 0, + 0, + 0, + 139, + 842, + 1889, + 1537, + 0, + 2198, + 3252, + 0, + 0, + 0, + 2711, + 3762, + 3357, + 4313, + 4259, + 141, + 142, + 144, + 145, + 146, + 147, + 160, + 0, + 0, + 0, + 150, + 0, + 149, + 0, + 148, + 3760, + 0, + 0, + 0, + 152, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2861, + 153, + 155, + 156, + 157, + 158, + 159, + 1382, + 1759, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 162, + 163, + 164, + 165, + 166, + 0, + 958, + 799, + 167, + 0, + 175, + 0, + 0, + 0, + 0, + 0, + 177, + 4413, + 312, + 479, + 792, + 561, + 169, + 3769, + 3920, + 1487, + 230, + 1065, + 2427, + 3365, + 573, + 1452, + 204, + 170, + 171, + 172, + 962, + 1366, + 173, + 2855, + 174, + 0, + 0, + 0, + 176, + 178, + 0, + 0, + 0, + 0, + 220, + 3165, + 0, + 2515, + 4072, + 0, + 3470, + 2736, + 685, + 0, + 0, + 0, + 4065, + 956, + 1426, + 184, + 185, + 1529, + 1199, + 0, + 0, + 0, + 0, + 0, + 0, + 1294, + 252, + 187, + 406, + 263, + 802, + 3985, + 0, + 0, + 0, + 188, + 0, + 0, + 0, + 2521, + 0, + 0, + 4211, + 4207, + 1549, + 4210, + 189, + 190, + 191, + 3706, + 192, + 193, + 195, + 4482, + 0, + 0, + 0, + 4447, + 196, + 3144, + 0, + 198, + 1689, + 1971, + 3023, + 3687, + 844, + 1257, + 816, + 2650, + 199, + 200, + 201, + 1569, + 202, + 623, + 1006, + 203, + 205, + 206, + 207, + 2194, + 208, + 2835, + 209, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1869, + 2545, + 2111, + 0, + 0, + 4458, + 3207, + 0, + 0, + 3111, + 491, + 243, + 211, + 212, + 213, + 214, + 215, + 216, + 218, + 0, + 0, + 3956, + 4074, + 0, + 0, + 0, + 2374, + 0, + 2864, + 0, + 2217, + 0, + 4093, + 219, + 4624, + 0, + 0, + 0, + 0, + 3181, + 0, + 0, + 0, + 0, + 0, + 1313, + 0, + 0, + 222, + 223, + 225, + 0, + 960, + 0, + 0, + 0, + 0, + 3964, + 0, + 2070, + 0, + 0, + 3710, + 3722, + 1821, + 226, + 228, + 0, + 2337, + 2010, + 1739, + 3930, + 0, + 2844, + 0, + 2205, + 0, + 4089, + 229, + 231, + 232, + 233, + 234, + 2125, + 1147, + 1504, + 1852, + 1853, + 1854, + 1855, + 1856, + 0, + 1857, + 0, + 1858, + 1859, + 0, + 0, + 235, + 0, + 0, + 1893, + 2151, + 0, + 0, + 2478, + 0, + 237, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 3627, + 238, + 3084, + 0, + 0, + 0, + 240, + 3098, + 0, + 3417, + 0, + 2733, + 288, + 4042, + 241, + 0, + 3183, + 242, + 244, + 245, + 246, + 247, + 248, + 1464, + 1829, + 0, + 2409, + 4575, + 250, + 0, + 1026, + 0, + 0, + 0, + 0, + 422, + 3040, + 3298, + 3659, + 311, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 251, + 3254, + 1774, + 0, + 0, + 0, + 253, + 0, + 378, + 0, + 2976, + 0, + 0, + 0, + 0, + 0, + 2353, + 254, + 255, + 256, + 4532, + 257, + 262, + 258, + 3195, + 260, + 0, + 0, + 2060, + 0, + 0, + 0, + 0, + 3061, + 261, + 4183, + 0, + 0, + 0, + 2127, + 0, + 0, + 0, + 1703, + 2090, + 1263, + 4685, + 4693, + 264, + 265, + 266, + 267, + 268, + 269, + 1017, + 644, + 271, + 4507, + 4332, + 0, + 0, + 3482, + 3765, + 3492, + 3442, + 3526, + 3205, + 2857, + 2559, + 701, + 272, + 307, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 274, + 2989, + 3322, + 0, + 0, + 1608, + 4469, + 0, + 0, + 2068, + 302, + 1380, + 276, + 626, + 4351, + 277, + 3593, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 279, + 280, + 281, + 282, + 3789, + 0, + 0, + 0, + 283, + 284, + 4369, + 0, + 286, + 0, + 0, + 0, + 3021, + 3494, + 1812, + 0, + 0, + 2284, + 0, + 0, + 4465, + 287, + 289, + 290, + 1317, + 4386, + 2437, + 292, + 0, + 0, + 4656, + 293, + 294, + 2033, + 4164, + 296, + 3461, + 297, + 298, + 299, + 300, + 301, + 1015, + 0, + 0, + 1016, + 0, + 0, + 303, + 1905, + 0, + 2597, + 2301, + 305, + 2348, + 2104, + 3179, + 0, + 3830, + 0, + 2359, + 306, + 309, + 0, + 477, + 4208, + 310, + 313, + 314, + 315, + 4099, + 316, + 4095, + 317, + 319, + 3561, + 320, + 321, + 322, + 3163, + 0, + 323, + 324, + 4595, + 326, + 4122, + 2012, + 0, + 1788, + 719, + 0, + 2058, + 0, + 2075, + 0, + 0, + 0, + 3390, + 327, + 1058, + 0, + 712, + 408, + 0, + 0, + 0, + 329, + 1629, + 1110, + 330, + 2162, + 331, + 332, + 333, + 334, + 335, + 0, + 0, + 0, + 339, + 3940, + 0, + 3286, + 0, + 0, + 337, + 4436, + 0, + 1343, + 871, + 1287, + 0, + 1301, + 3655, + 0, + 2995, + 338, + 341, + 342, + 343, + 344, + 345, + 347, + 0, + 0, + 0, + 0, + 0, + 0, + 3013, + 0, + 3885, + 3735, + 2293, + 919, + 348, + 0, + 0, + 0, + 0, + 1396, + 2223, + 349, + 350, + 351, + 352, + 353, + 2502, + 0, + 2168, + 1591, + 0, + 0, + 355, + 0, + 4411, + 4124, + 0, + 1008, + 3222, + 402, + 0, + 0, + 0, + 0, + 0, + 0, + 401, + 0, + 0, + 0, + 0, + 0, + 356, + 3038, + 0, + 2386, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 358, + 359, + 2866, + 0, + 0, + 0, + 0, + 3271, + 0, + 361, + 4641, + 362, + 4399, + 0, + 364, + 0, + 0, + 0, + 3883, + 0, + 0, + 0, + 0, + 0, + 3876, + 0, + 1922, + 2314, + 366, + 365, + 3249, + 1663, + 1241, + 1558, + 1903, + 2215, + 368, + 0, + 4541, + 0, + 687, + 0, + 3490, + 370, + 369, + 371, + 373, + 374, + 375, + 376, + 377, + 379, + 380, + 381, + 382, + 865, + 0, + 0, + 1924, + 383, + 384, + 3670, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 386, + 387, + 1408, + 0, + 0, + 2423, + 0, + 0, + 4484, + 0, + 2946, + 0, + 4633, + 389, + 1864, + 0, + 0, + 0, + 1879, + 390, + 392, + 393, + 394, + 3865, + 0, + 0, + 0, + 395, + 396, + 0, + 0, + 397, + 399, + 0, + 1969, + 0, + 3392, + 2333, + 400, + 404, + 405, + 407, + 1019, + 0, + 0, + 0, + 2745, + 0, + 1136, + 0, + 415, + 0, + 0, + 0, + 0, + 0, + 2949, + 835, + 409, + 410, + 411, + 412, + 413, + 414, + 653, + 4423, + 4176, + 3845, + 0, + 0, + 0, + 417, + 0, + 0, + 0, + 2599, + 2291, + 1934, + 0, + 0, + 3574, + 418, + 4616, + 420, + 4120, + 0, + 1510, + 1862, + 762, + 1191, + 0, + 0, + 0, + 0, + 0, + 3095, + 3484, + 421, + 505, + 0, + 0, + 0, + 0, + 0, + 0, + 423, + 425, + 999, + 597, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 427, + 428, + 429, + 430, + 3914, + 0, + 0, + 0, + 431, + 432, + 434, + 435, + 437, + 1581, + 1239, + 0, + 3895, + 4677, + 0, + 3603, + 3274, + 0, + 0, + 1507, + 0, + 0, + 3082, + 438, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1726, + 4241, + 4357, + 703, + 440, + 0, + 1043, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2797, + 3720, + 441, + 2824, + 0, + 2177, + 0, + 0, + 1092, + 1434, + 0, + 4525, + 4317, + 4409, + 0, + 443, + 3123, + 459, + 444, + 1512, + 0, + 855, + 446, + 3312, + 970, + 0, + 0, + 2722, + 0, + 0, + 0, + 0, + 1838, + 447, + 448, + 449, + 450, + 451, + 1523, + 0, + 0, + 3410, + 0, + 689, + 0, + 453, + 0, + 0, + 0, + 0, + 0, + 0, + 875, + 454, + 455, + 456, + 457, + 458, + 1727, + 0, + 2305, + 928, + 485, + 461, + 0, + 0, + 2278, + 0, + 0, + 0, + 0, + 1823, + 462, + 463, + 464, + 465, + 466, + 1932, + 0, + 0, + 0, + 468, + 0, + 0, + 1303, + 0, + 3423, + 469, + 4127, + 471, + 4136, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2464, + 472, + 473, + 474, + 475, + 476, + 478, + 480, + 481, + 482, + 483, + 0, + 3191, + 873, + 484, + 486, + 487, + 488, + 489, + 490, + 0, + 0, + 497, + 492, + 493, + 494, + 495, + 496, + 3810, + 0, + 0, + 0, + 0, + 0, + 604, + 2380, + 0, + 499, + 500, + 501, + 502, + 503, + 504, + 3552, + 1954, + 0, + 0, + 951, + 4236, + 3402, + 0, + 0, + 0, + 507, + 0, + 0, + 2868, + 2608, + 0, + 0, + 0, + 0, + 0, + 508, + 509, + 3887, + 4146, + 0, + 0, + 511, + 0, + 0, + 2252, + 0, + 2122, + 512, + 3117, + 0, + 0, + 0, + 0, + 1695, + 0, + 888, + 0, + 514, + 515, + 516, + 517, + 518, + 519, + 521, + 522, + 523, + 524, + 0, + 1296, + 525, + 0, + 0, + 0, + 0, + 0, + 526, + 528, + 2580, + 0, + 0, + 0, + 0, + 1991, + 0, + 0, + 0, + 530, + 531, + 3472, + 786, + 3153, + 4618, + 3901, + 4217, + 2388, + 3042, + 2452, + 2697, + 533, + 2908, + 2873, + 1753, + 4083, + 1402, + 534, + 535, + 536, + 537, + 538, + 540, + 542, + 541, + 2449, + 0, + 544, + 1667, + 934, + 0, + 2403, + 0, + 3160, + 0, + 868, + 0, + 1133, + 3542, + 2266, + 2186, + 545, + 546, + 548, + 4308, + 0, + 1670, + 1967, + 2289, + 0, + 0, + 0, + 0, + 0, + 0, + 3487, + 549, + 3702, + 0, + 0, + 0, + 2401, + 1428, + 0, + 672, + 1045, + 551, + 4289, + 4500, + 552, + 941, + 554, + 1337, + 3724, + 2535, + 2509, + 1599, + 4665, + 779, + 1355, + 3614, + 4361, + 4597, + 3676, + 638, + 3948, + 555, + 556, + 557, + 1979, + 0, + 0, + 0, + 558, + 559, + 0, + 0, + 560, + 562, + 563, + 564, + 565, + 0, + 4475, + 1430, + 566, + 0, + 0, + 0, + 0, + 4488, + 568, + 569, + 570, + 571, + 572, + 574, + 575, + 576, + 1804, + 0, + 577, + 578, + 580, + 581, + 582, + 583, + 584, + 0, + 0, + 0, + 4239, + 585, + 586, + 1815, + 588, + 589, + 590, + 591, + 592, + 3190, + 593, + 3819, + 0, + 0, + 2153, + 0, + 0, + 0, + 770, + 0, + 0, + 0, + 2688, + 0, + 595, + 596, + 598, + 599, + 600, + 601, + 0, + 0, + 0, + 2004, + 602, + 603, + 605, + 606, + 607, + 608, + 609, + 3435, + 0, + 0, + 1585, + 0, + 0, + 611, + 0, + 0, + 617, + 612, + 613, + 614, + 615, + 616, + 950, + 618, + 619, + 620, + 621, + 940, + 622, + 624, + 0, + 0, + 0, + 625, + 627, + 629, + 1208, + 630, + 631, + 632, + 633, + 634, + 3269, + 2006, + 0, + 0, + 0, + 0, + 3731, + 0, + 4310, + 636, + 637, + 639, + 640, + 641, + 642, + 643, + 645, + 1170, + 1320, + 0, + 0, + 0, + 0, + 0, + 0, + 1832, + 647, + 648, + 649, + 650, + 651, + 0, + 0, + 0, + 2133, + 3450, + 652, + 654, + 655, + 4063, + 3782, + 0, + 0, + 656, + 657, + 2885, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 659, + 660, + 661, + 662, + 663, + 0, + 0, + 0, + 2063, + 665, + 664, + 667, + 668, + 669, + 670, + 671, + 674, + 0, + 0, + 673, + 676, + 0, + 4679, + 677, + 678, + 679, + 680, + 681, + 2966, + 3324, + 0, + 0, + 683, + 0, + 4663, + 0, + 0, + 0, + 0, + 0, + 1117, + 1149, + 1567, + 1865, + 684, + 686, + 688, + 690, + 691, + 692, + 693, + 694, + 696, + 697, + 698, + 699, + 0, + 0, + 0, + 3891, + 700, + 2696, + 702, + 0, + 0, + 0, + 0, + 2247, + 704, + 706, + 1228, + 800, + 0, + 2859, + 0, + 0, + 0, + 3278, + 711, + 0, + 0, + 0, + 0, + 0, + 0, + 707, + 747, + 3266, + 0, + 0, + 4631, + 0, + 777, + 0, + 0, + 0, + 0, + 0, + 709, + 0, + 1574, + 2565, + 710, + 1673, + 713, + 714, + 715, + 716, + 717, + 718, + 720, + 0, + 721, + 3508, + 0, + 0, + 0, + 4626, + 0, + 723, + 1205, + 3975, + 0, + 1965, + 2339, + 776, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 724, + 2072, + 3816, + 0, + 2900, + 726, + 0, + 0, + 0, + 0, + 0, + 4115, + 727, + 728, + 4321, + 0, + 0, + 1499, + 1071, + 730, + 731, + 0, + 0, + 0, + 0, + 0, + 3686, + 2394, + 2643, + 0, + 0, + 0, + 0, + 0, + 0, + 733, + 4157, + 734, + 735, + 736, + 737, + 738, + 4197, + 740, + 0, + 0, + 0, + 0, + 0, + 0, + 3966, + 1159, + 741, + 742, + 743, + 744, + 745, + 746, + 749, + 2517, + 0, + 0, + 0, + 3657, + 3893, + 0, + 1363, + 0, + 0, + 751, + 752, + 754, + 755, + 756, + 1867, + 0, + 1168, + 757, + 758, + 760, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2623, + 761, + 763, + 765, + 766, + 767, + 768, + 769, + 0, + 3768, + 771, + 2350, + 0, + 1289, + 0, + 0, + 0, + 773, + 0, + 2914, + 774, + 775, + 778, + 780, + 781, + 782, + 783, + 0, + 0, + 0, + 4148, + 784, + 785, + 787, + 788, + 789, + 2219, + 0, + 0, + 0, + 790, + 791, + 0, + 0, + 798, + 793, + 794, + 795, + 4643, + 0, + 796, + 797, + 801, + 0, + 0, + 0, + 0, + 861, + 803, + 804, + 805, + 806, + 807, + 812, + 0, + 0, + 0, + 0, + 0, + 0, + 808, + 1914, + 0, + 2611, + 0, + 0, + 810, + 0, + 0, + 1432, + 3708, + 811, + 1166, + 0, + 0, + 0, + 1769, + 0, + 0, + 0, + 0, + 0, + 814, + 841, + 815, + 817, + 818, + 819, + 820, + 0, + 4659, + 823, + 822, + 821, + 4098, + 825, + 0, + 0, + 824, + 834, + 833, + 827, + 0, + 0, + 0, + 0, + 2482, + 0, + 3996, + 0, + 3381, + 828, + 829, + 830, + 831, + 832, + 836, + 837, + 838, + 839, + 840, + 843, + 845, + 846, + 847, + 848, + 0, + 1583, + 4046, + 849, + 853, + 0, + 0, + 0, + 0, + 854, + 4005, + 851, + 0, + 4545, + 0, + 4593, + 4394, + 0, + 0, + 2882, + 0, + 0, + 4672, + 852, + 856, + 857, + 858, + 859, + 860, + 1124, + 0, + 0, + 0, + 2433, + 2048, + 0, + 0, + 0, + 0, + 3569, + 0, + 863, + 864, + 866, + 867, + 4516, + 0, + 0, + 0, + 0, + 0, + 0, + 869, + 870, + 872, + 874, + 876, + 877, + 878, + 879, + 880, + 4396, + 882, + 1658, + 0, + 2361, + 2656, + 0, + 0, + 884, + 0, + 1410, + 0, + 0, + 0, + 4205, + 916, + 0, + 915, + 0, + 918, + 917, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 885, + 887, + 889, + 890, + 891, + 892, + 893, + 2837, + 0, + 4562, + 0, + 1926, + 0, + 895, + 0, + 3048, + 0, + 2627, + 0, + 3696, + 0, + 3645, + 896, + 897, + 898, + 899, + 900, + 902, + 903, + 904, + 905, + 1292, + 1638, + 1952, + 910, + 911, + 908, + 909, + 914, + 0, + 912, + 913, + 906, + 907, + 0, + 0, + 947, + 0, + 0, + 948, + 920, + 921, + 922, + 923, + 924, + 926, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2229, + 927, + 929, + 930, + 931, + 932, + 933, + 935, + 936, + 939, + 0, + 0, + 0, + 0, + 938, + 942, + 943, + 944, + 2311, + 0, + 0, + 0, + 945, + 946, + 0, + 0, + 949, + 952, + 953, + 955, + 957, + 959, + 961, + 966, + 967, + 968, + 969, + 963, + 0, + 964, + 965, + 976, + 977, + 0, + 0, + 1014, + 0, + 0, + 1013, + 971, + 972, + 973, + 974, + 975, + 979, + 2660, + 980, + 981, + 982, + 983, + 4640, + 984, + 1126, + 0, + 0, + 0, + 986, + 1472, + 0, + 987, + 0, + 4686, + 988, + 989, + 990, + 991, + 992, + 994, + 995, + 996, + 997, + 998, + 1000, + 1001, + 1002, + 1003, + 0, + 0, + 0, + 2368, + 1005, + 1004, + 1007, + 1009, + 2233, + 0, + 0, + 1011, + 1012, + 1018, + 0, + 0, + 0, + 1025, + 1020, + 1021, + 1022, + 1412, + 1023, + 0, + 0, + 2799, + 4403, + 1024, + 1123, + 0, + 1119, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1027, + 0, + 1036, + 2442, + 1029, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1078, + 1030, + 0, + 0, + 3173, + 1031, + 1032, + 1033, + 1034, + 1035, + 1038, + 1039, + 1040, + 1041, + 1042, + 1044, + 1046, + 0, + 0, + 0, + 1094, + 1048, + 1049, + 1051, + 0, + 0, + 0, + 0, + 4049, + 0, + 0, + 1184, + 1052, + 1053, + 1054, + 1055, + 1056, + 0, + 3108, + 1057, + 1281, + 1059, + 1060, + 1061, + 1062, + 1063, + 1064, + 1066, + 1067, + 1068, + 1069, + 1070, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1142, + 1072, + 3991, + 0, + 1987, + 0, + 0, + 2577, + 0, + 2879, + 0, + 1074, + 1709, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1075, + 1077, + 0, + 1076, + 1079, + 1080, + 1081, + 1082, + 1083, + 0, + 3836, + 1084, + 1478, + 0, + 0, + 1086, + 1095, + 1087, + 1088, + 1089, + 1090, + 1091, + 1093, + 0, + 0, + 1109, + 1096, + 1097, + 1098, + 1099, + 1100, + 1102, + 1104, + 1105, + 1106, + 1107, + 1108, + 1111, + 4603, + 1112, + 1113, + 1114, + 1115, + 1116, + 3852, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1118, + 2021, + 0, + 0, + 3625, + 0, + 0, + 2625, + 2303, + 2658, + 0, + 2589, + 2904, + 0, + 0, + 1121, + 1122, + 0, + 0, + 0, + 1207, + 1125, + 2923, + 0, + 3373, + 0, + 1127, + 1128, + 1129, + 1130, + 1131, + 1132, + 1134, + 1135, + 1137, + 1138, + 1139, + 1484, + 1140, + 0, + 0, + 2785, + 1143, + 1141, + 2440, + 0, + 1810, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1145, + 1146, + 1151, + 0, + 0, + 0, + 0, + 1148, + 1222, + 0, + 0, + 0, + 0, + 0, + 0, + 1150, + 2414, + 0, + 0, + 3639, + 0, + 0, + 2494, + 0, + 0, + 1153, + 1154, + 1155, + 1156, + 1157, + 1158, + 1214, + 3089, + 0, + 0, + 0, + 1160, + 1161, + 1162, + 1163, + 1164, + 1165, + 1204, + 0, + 0, + 0, + 1167, + 1169, + 0, + 0, + 0, + 1183, + 1171, + 1172, + 1173, + 2506, + 0, + 0, + 0, + 1174, + 1175, + 1177, + 0, + 0, + 0, + 3127, + 0, + 0, + 0, + 1233, + 0, + 3545, + 1178, + 1179, + 1180, + 1181, + 2768, + 0, + 1182, + 0, + 2776, + 0, + 0, + 2818, + 1185, + 3803, + 1186, + 1187, + 1188, + 3874, + 0, + 1189, + 1190, + 1192, + 1194, + 1195, + 1196, + 1197, + 3087, + 3425, + 2425, + 2781, + 2782, + 2779, + 2780, + 2778, + 0, + 1201, + 2777, + 2769, + 1198, + 0, + 0, + 2823, + 0, + 0, + 2820, + 1200, + 1203, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1223, + 1206, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1227, + 1209, + 1210, + 1211, + 1212, + 1213, + 1216, + 0, + 0, + 0, + 0, + 0, + 3668, + 1217, + 2275, + 0, + 4212, + 0, + 0, + 1219, + 0, + 0, + 0, + 0, + 1660, + 1220, + 1221, + 4558, + 4353, + 0, + 0, + 0, + 1225, + 3785, + 1885, + 0, + 0, + 1520, + 0, + 0, + 3067, + 1226, + 1229, + 1701, + 0, + 0, + 3309, + 2997, + 4002, + 3661, + 0, + 0, + 0, + 4397, + 0, + 0, + 4628, + 1231, + 1232, + 1234, + 1235, + 1236, + 1237, + 1238, + 1240, + 1243, + 1242, + 3847, + 0, + 0, + 0, + 0, + 0, + 4392, + 0, + 1247, + 0, + 1245, + 1654, + 0, + 0, + 2575, + 1246, + 1248, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1273, + 1250, + 4695, + 0, + 0, + 1252, + 1605, + 1253, + 4203, + 2043, + 2363, + 0, + 0, + 3420, + 0, + 0, + 0, + 0, + 0, + 3935, + 1255, + 4451, + 0, + 2077, + 4228, + 0, + 0, + 0, + 0, + 0, + 1256, + 1258, + 1259, + 1260, + 1261, + 1262, + 1274, + 1264, + 1265, + 1266, + 1267, + 0, + 0, + 0, + 4445, + 1269, + 1268, + 2906, + 0, + 0, + 1271, + 0, + 0, + 0, + 0, + 0, + 1535, + 0, + 0, + 0, + 2783, + 1272, + 1276, + 1277, + 1278, + 1279, + 1280, + 1282, + 1283, + 1284, + 1285, + 1286, + 1288, + 1290, + 1291, + 1293, + 3557, + 3556, + 0, + 3560, + 1295, + 3525, + 0, + 3524, + 0, + 3523, + 3522, + 1297, + 1299, + 3319, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1394, + 1300, + 1302, + 3571, + 0, + 0, + 0, + 1304, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 3624, + 1306, + 0, + 0, + 0, + 1336, + 1308, + 0, + 0, + 0, + 0, + 0, + 0, + 3622, + 3889, + 0, + 0, + 2269, + 0, + 1622, + 1309, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1335, + 1311, + 1312, + 1314, + 1316, + 1318, + 1319, + 1321, + 1322, + 1323, + 1324, + 0, + 0, + 0, + 2810, + 1325, + 1332, + 1327, + 1328, + 1329, + 1330, + 1331, + 1334, + 1338, + 1339, + 1340, + 1341, + 1342, + 1344, + 3240, + 0, + 0, + 4006, + 0, + 1346, + 2690, + 2940, + 3138, + 0, + 4430, + 0, + 0, + 0, + 4251, + 1347, + 1348, + 1349, + 1350, + 1354, + 0, + 0, + 0, + 0, + 0, + 1351, + 0, + 1362, + 1353, + 1356, + 1357, + 1358, + 1359, + 0, + 0, + 0, + 4489, + 1361, + 1360, + 1365, + 0, + 0, + 1364, + 1367, + 1369, + 3349, + 1370, + 1371, + 1372, + 1373, + 1374, + 1376, + 1379, + 0, + 0, + 1378, + 1425, + 1381, + 1383, + 1384, + 1385, + 2029, + 0, + 1386, + 1387, + 2050, + 2435, + 1389, + 1782, + 2812, + 3101, + 3276, + 2109, + 3227, + 4674, + 0, + 4133, + 1436, + 0, + 0, + 1437, + 0, + 1438, + 0, + 0, + 0, + 1390, + 1392, + 0, + 0, + 0, + 0, + 3712, + 0, + 0, + 0, + 0, + 3478, + 3827, + 2821, + 1439, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1393, + 1395, + 1397, + 1398, + 1399, + 1400, + 1401, + 1403, + 1404, + 1405, + 1406, + 1407, + 1409, + 1411, + 1414, + 1413, + 0, + 0, + 1423, + 0, + 1424, + 1416, + 1417, + 1418, + 1419, + 1420, + 2413, + 1421, + 1422, + 1427, + 1429, + 1431, + 1433, + 1435, + 1860, + 1441, + 0, + 2179, + 3151, + 0, + 3780, + 0, + 0, + 4047, + 2683, + 4118, + 0, + 0, + 0, + 2207, + 1442, + 1444, + 1445, + 1446, + 1447, + 1509, + 1448, + 4611, + 0, + 0, + 1765, + 1450, + 0, + 0, + 0, + 0, + 0, + 0, + 3775, + 0, + 3134, + 1451, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1506, + 1453, + 1454, + 1455, + 2117, + 0, + 1456, + 4549, + 1502, + 0, + 0, + 0, + 1503, + 0, + 0, + 0, + 0, + 0, + 1457, + 1459, + 1460, + 1461, + 1462, + 1463, + 1465, + 1466, + 1877, + 4113, + 4380, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1468, + 1880, + 1469, + 3012, + 0, + 0, + 0, + 0, + 0, + 0, + 1471, + 1473, + 1474, + 1475, + 1476, + 1477, + 1479, + 1480, + 1481, + 1482, + 1483, + 1486, + 1485, + 1488, + 1489, + 1490, + 2470, + 0, + 1767, + 1491, + 1492, + 1494, + 1495, + 1496, + 1497, + 1498, + 1500, + 0, + 0, + 0, + 1501, + 1505, + 1508, + 1511, + 1513, + 1514, + 1515, + 1516, + 1517, + 1518, + 0, + 1519, + 0, + 0, + 0, + 0, + 0, + 1522, + 1521, + 1524, + 1525, + 1526, + 1527, + 1528, + 1530, + 1531, + 0, + 0, + 0, + 0, + 0, + 0, + 2637, + 3193, + 0, + 0, + 4091, + 1891, + 0, + 0, + 0, + 0, + 1533, + 0, + 0, + 0, + 0, + 2184, + 1534, + 1536, + 1538, + 1540, + 1541, + 1543, + 1544, + 1545, + 1546, + 1547, + 1548, + 1550, + 1551, + 1552, + 1553, + 1554, + 1556, + 1557, + 1580, + 0, + 0, + 0, + 0, + 0, + 1579, + 0, + 0, + 0, + 0, + 0, + 0, + 3060, + 1559, + 1561, + 1562, + 1563, + 1564, + 1565, + 1566, + 1568, + 1570, + 0, + 0, + 0, + 0, + 0, + 4513, + 0, + 0, + 0, + 0, + 4529, + 0, + 0, + 4527, + 1572, + 1573, + 1575, + 4401, + 4142, + 3854, + 0, + 3229, + 2960, + 0, + 2287, + 1943, + 1613, + 0, + 0, + 0, + 0, + 0, + 1577, + 1722, + 0, + 0, + 0, + 0, + 0, + 0, + 1578, + 1582, + 0, + 0, + 3268, + 1584, + 1586, + 1587, + 1588, + 1589, + 3081, + 1590, + 1592, + 1636, + 1594, + 1595, + 1597, + 0, + 0, + 0, + 0, + 2613, + 1598, + 1600, + 1601, + 1602, + 1603, + 1604, + 1606, + 0, + 0, + 0, + 1607, + 1609, + 4537, + 0, + 0, + 2254, + 0, + 1611, + 0, + 0, + 4428, + 1612, + 1614, + 1616, + 1897, + 1617, + 1618, + 1619, + 1620, + 1621, + 1623, + 4530, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1625, + 1984, + 1626, + 1628, + 3280, + 1630, + 1631, + 1632, + 1633, + 1634, + 1635, + 1637, + 1650, + 0, + 0, + 0, + 1646, + 1639, + 0, + 0, + 0, + 0, + 1672, + 1641, + 1642, + 1643, + 1644, + 0, + 0, + 0, + 2937, + 3683, + 1645, + 2324, + 0, + 1648, + 0, + 3576, + 0, + 0, + 3058, + 2816, + 0, + 4543, + 1649, + 1652, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 3306, + 1653, + 1655, + 1657, + 0, + 0, + 0, + 0, + 1679, + 1659, + 3795, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1661, + 1662, + 1664, + 0, + 3635, + 1666, + 2248, + 0, + 0, + 0, + 1668, + 0, + 0, + 3880, + 3663, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1669, + 1671, + 1674, + 1675, + 1676, + 1677, + 1678, + 3620, + 0, + 1681, + 2621, + 1682, + 2245, + 0, + 2273, + 0, + 1684, + 1685, + 1687, + 0, + 0, + 0, + 0, + 0, + 0, + 2633, + 0, + 0, + 4243, + 1688, + 1690, + 1691, + 1692, + 1693, + 0, + 2370, + 1724, + 1725, + 0, + 0, + 0, + 0, + 1723, + 0, + 0, + 0, + 0, + 1694, + 1696, + 1697, + 1698, + 1699, + 1700, + 1702, + 1704, + 1705, + 1706, + 1707, + 2476, + 0, + 0, + 3467, + 2062, + 1708, + 1710, + 1712, + 1713, + 1714, + 1715, + 1717, + 0, + 0, + 0, + 0, + 0, + 1721, + 0, + 1716, + 1719, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 3558, + 1720, + 1728, + 1729, + 1730, + 1731, + 1733, + 1734, + 0, + 1732, + 0, + 0, + 0, + 0, + 0, + 1735, + 1737, + 0, + 0, + 0, + 0, + 2271, + 3843, + 0, + 4471, + 3684, + 0, + 4144, + 1738, + 1740, + 1742, + 1743, + 1744, + 1745, + 1746, + 1748, + 1749, + 1750, + 1751, + 1752, + 1754, + 1755, + 1756, + 1757, + 1758, + 1760, + 1761, + 1762, + 2406, + 0, + 1763, + 1764, + 1766, + 1851, + 0, + 0, + 0, + 1844, + 0, + 0, + 0, + 0, + 0, + 0, + 1768, + 1770, + 1772, + 1773, + 1775, + 1776, + 1777, + 1778, + 2085, + 0, + 0, + 3063, + 1779, + 1780, + 0, + 0, + 1784, + 0, + 1781, + 1783, + 2190, + 3056, + 0, + 0, + 0, + 1786, + 0, + 0, + 4535, + 0, + 4638, + 4426, + 2962, + 1787, + 1831, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1789, + 1791, + 1792, + 1793, + 1794, + 1795, + 1796, + 2014, + 0, + 2591, + 2754, + 2931, + 3006, + 2239, + 3167, + 1798, + 4030, + 3907, + 1799, + 1800, + 1801, + 1802, + 1803, + 1814, + 1805, + 0, + 0, + 0, + 0, + 0, + 1806, + 1808, + 0, + 0, + 0, + 3672, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2159, + 1809, + 1811, + 1813, + 1816, + 1817, + 1818, + 1819, + 1820, + 3653, + 1822, + 1824, + 1825, + 1826, + 1827, + 1828, + 1830, + 1833, + 1834, + 1835, + 3105, + 0, + 0, + 0, + 1836, + 1837, + 1839, + 1840, + 1841, + 1842, + 1843, + 1846, + 1847, + 1848, + 2787, + 0, + 2149, + 1849, + 1850, + 1861, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1887, + 1863, + 3714, + 0, + 1866, + 1868, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1888, + 2713, + 0, + 0, + 0, + 0, + 1871, + 0, + 0, + 4279, + 1872, + 1873, + 1874, + 1875, + 1876, + 1878, + 1882, + 0, + 1881, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1896, + 1884, + 1886, + 1890, + 1892, + 1895, + 1898, + 1899, + 1900, + 1901, + 1902, + 1904, + 1936, + 0, + 0, + 0, + 1938, + 0, + 0, + 0, + 1906, + 0, + 1916, + 1908, + 0, + 0, + 0, + 2801, + 0, + 0, + 0, + 3821, + 0, + 2893, + 1909, + 1910, + 1911, + 1912, + 1919, + 0, + 1918, + 0, + 1913, + 0, + 0, + 1937, + 1917, + 0, + 0, + 0, + 1915, + 1921, + 1923, + 1925, + 1927, + 1928, + 1929, + 1930, + 1931, + 1933, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 1951, + 1935, + 1940, + 1942, + 1944, + 3897, + 2257, + 0, + 0, + 2685, + 0, + 0, + 0, + 1946, + 1947, + 3840, + 3567, + 0, + 2958, + 0, + 0, + 0, + 0, + 1949, + 3225, + 1950, + 1953, + 1955, + 1956, + 1958, + 1959, + 1960, + 1961, + 2335, + 2669, + 2000, + 2001, + 1998, + 1999, + 1997, + 0, + 1995, + 1996, + 2008, + 2009, + 1964, + 0, + 1963, + 0, + 0, + 1962, + 1966, + 1968, + 1986, + 0, + 0, + 0, + 0, + 1970, + 1972, + 1973, + 1974, + 2635, + 0, + 1975, + 2299, + 1978, + 0, + 0, + 1976, + 1977, + 0, + 0, + 0, + 0, + 0, + 1990, + 1981, + 1980, + 1983, + 1985, + 1988, + 0, + 0, + 0, + 3394, + 1989, + 1992, + 1994, + 2003, + 2005, + 2007, + 2011, + 2013, + 2015, + 2016, + 2017, + 2018, + 2020, + 0, + 0, + 0, + 0, + 0, + 2019, + 2022, + 2024, + 2025, + 2026, + 2027, + 4061, + 3801, + 4344, + 4343, + 4342, + 2028, + 4338, + 0, + 4337, + 4336, + 4335, + 4334, + 0, + 4379, + 4378, + 0, + 0, + 4371, + 2032, + 2031, + 0, + 2030, + 0, + 0, + 0, + 0, + 0, + 2039, + 2034, + 2035, + 2036, + 2037, + 2038, + 4329, + 0, + 0, + 0, + 0, + 0, + 0, + 2814, + 0, + 0, + 0, + 2041, + 0, + 0, + 3079, + 2042, + 2044, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2087, + 2365, + 2046, + 2047, + 2049, + 2097, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2051, + 2053, + 2054, + 2055, + 2056, + 2057, + 2059, + 2061, + 2064, + 2066, + 2067, + 2069, + 2071, + 3878, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2073, + 2074, + 2076, + 2089, + 0, + 2078, + 2080, + 2081, + 2082, + 2083, + 2084, + 2086, + 2088, + 2091, + 2092, + 2093, + 2094, + 0, + 0, + 0, + 3400, + 2095, + 2096, + 2099, + 2100, + 2101, + 2102, + 2103, + 2105, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2222, + 2107, + 2108, + 2110, + 0, + 2929, + 2112, + 2113, + 2114, + 2115, + 2116, + 2157, + 2158, + 0, + 2161, + 0, + 0, + 0, + 2156, + 0, + 0, + 0, + 0, + 2118, + 3219, + 0, + 0, + 2120, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2833, + 2504, + 2121, + 2124, + 0, + 0, + 0, + 0, + 0, + 2123, + 2126, + 2128, + 2129, + 2130, + 3428, + 3754, + 0, + 0, + 2131, + 2132, + 2134, + 2136, + 2137, + 2138, + 2139, + 2140, + 3777, + 2141, + 2142, + 2144, + 2145, + 2146, + 2147, + 2148, + 2150, + 2152, + 2189, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2155, + 0, + 0, + 0, + 0, + 2154, + 2160, + 2163, + 2164, + 2165, + 2166, + 2167, + 0, + 0, + 0, + 2170, + 2169, + 2172, + 2173, + 2174, + 2175, + 0, + 4233, + 4454, + 3665, + 3666, + 0, + 3664, + 0, + 0, + 0, + 3667, + 0, + 0, + 0, + 0, + 2176, + 2232, + 0, + 2178, + 2180, + 2182, + 3136, + 2183, + 2185, + 2187, + 0, + 0, + 3185, + 2188, + 2191, + 2193, + 2202, + 2201, + 2204, + 2203, + 2197, + 0, + 2200, + 2367, + 2196, + 2195, + 0, + 2238, + 2237, + 0, + 0, + 2236, + 2199, + 2206, + 2208, + 2210, + 2211, + 2212, + 2213, + 2214, + 2216, + 2218, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2235, + 2221, + 2220, + 2224, + 2225, + 2226, + 2227, + 2228, + 2230, + 2231, + 2234, + 2240, + 2241, + 2242, + 2871, + 0, + 2243, + 2244, + 2246, + 2249, + 2251, + 0, + 0, + 0, + 2256, + 2253, + 2255, + 4135, + 2258, + 4372, + 2762, + 0, + 0, + 3000, + 2260, + 2261, + 2262, + 2263, + 2264, + 2265, + 2267, + 2268, + 2270, + 2272, + 0, + 0, + 0, + 0, + 2286, + 2274, + 0, + 2326, + 2667, + 2276, + 2277, + 2279, + 2280, + 2281, + 2282, + 2283, + 2957, + 0, + 2956, + 0, + 0, + 0, + 0, + 0, + 2948, + 2285, + 2288, + 2290, + 2292, + 2294, + 2295, + 2296, + 2297, + 2298, + 2300, + 2302, + 2304, + 2306, + 2307, + 2308, + 2309, + 2310, + 2312, + 2313, + 2315, + 2317, + 2318, + 2319, + 2320, + 2321, + 2322, + 2323, + 2325, + 2328, + 2329, + 2330, + 2331, + 0, + 0, + 0, + 3651, + 3273, + 2332, + 2334, + 0, + 0, + 0, + 2930, + 2336, + 2338, + 2340, + 2342, + 3502, + 2343, + 2344, + 2345, + 2346, + 2347, + 2349, + 2731, + 2351, + 2352, + 2354, + 2355, + 2356, + 2357, + 3408, + 3730, + 2358, + 4346, + 0, + 0, + 0, + 2360, + 2362, + 2364, + 2366, + 2369, + 2373, + 0, + 0, + 2372, + 2371, + 2376, + 0, + 0, + 0, + 2375, + 3704, + 0, + 0, + 0, + 0, + 0, + 2378, + 2379, + 2381, + 2382, + 2383, + 2384, + 2385, + 2387, + 2389, + 2390, + 2391, + 2392, + 2393, + 2395, + 2396, + 2397, + 2398, + 2399, + 2400, + 2402, + 2404, + 2405, + 2407, + 2408, + 0, + 2411, + 0, + 0, + 0, + 0, + 0, + 2412, + 2410, + 2415, + 2416, + 2417, + 2418, + 2419, + 2480, + 2421, + 0, + 3065, + 2422, + 2424, + 2426, + 2428, + 2429, + 2430, + 3054, + 0, + 2431, + 3432, + 2432, + 0, + 0, + 0, + 3753, + 2434, + 2436, + 2438, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 4503, + 2439, + 2441, + 2443, + 2444, + 2445, + 2446, + 2447, + 2448, + 2450, + 2451, + 2453, + 2454, + 2455, + 3750, + 0, + 0, + 0, + 2456, + 3919, + 0, + 0, + 2457, + 2459, + 2460, + 2461, + 2462, + 2463, + 2465, + 2466, + 2467, + 2468, + 2469, + 2473, + 0, + 0, + 0, + 0, + 2472, + 2471, + 0, + 0, + 0, + 3832, + 2475, + 2477, + 2481, + 2479, + 2483, + 2484, + 2485, + 2486, + 2487, + 2489, + 2490, + 2491, + 2492, + 2493, + 2495, + 2496, + 2497, + 2498, + 2499, + 2551, + 2501, + 2508, + 0, + 0, + 2503, + 2541, + 0, + 0, + 0, + 0, + 2505, + 4102, + 2507, + 2510, + 2511, + 2512, + 2513, + 2514, + 2516, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2564, + 2518, + 2520, + 2522, + 2523, + 2524, + 2525, + 2827, + 0, + 0, + 3797, + 2526, + 2527, + 3942, + 4265, + 4298, + 0, + 2529, + 0, + 0, + 0, + 3359, + 2530, + 2531, + 2532, + 2533, + 2534, + 2536, + 2537, + 2538, + 2539, + 2540, + 2543, + 2544, + 2546, + 2547, + 2548, + 2549, + 2550, + 2553, + 2567, + 2917, + 0, + 2704, + 0, + 0, + 0, + 3584, + 2554, + 2555, + 2556, + 2557, + 2562, + 2561, + 0, + 2563, + 0, + 0, + 0, + 0, + 0, + 2558, + 2560, + 2566, + 2568, + 2569, + 2570, + 2571, + 2573, + 0, + 0, + 2574, + 0, + 0, + 0, + 2572, + 2610, + 0, + 0, + 0, + 0, + 2576, + 2578, + 2579, + 2581, + 2583, + 3744, + 2584, + 2585, + 2586, + 2587, + 2588, + 2590, + 2592, + 2593, + 2594, + 2595, + 4059, + 3125, + 3459, + 2596, + 0, + 0, + 0, + 0, + 0, + 3767, + 0, + 0, + 0, + 0, + 3719, + 0, + 0, + 3718, + 2598, + 2600, + 2602, + 0, + 0, + 0, + 0, + 0, + 0, + 2615, + 2603, + 2604, + 2605, + 3296, + 0, + 2606, + 2607, + 2609, + 2612, + 2614, + 2616, + 2617, + 2618, + 2619, + 2620, + 2622, + 2624, + 2626, + 2628, + 2629, + 2630, + 2631, + 2632, + 2634, + 2636, + 0, + 0, + 0, + 0, + 2671, + 2638, + 2639, + 2640, + 2641, + 2642, + 2644, + 2645, + 2646, + 2647, + 2649, + 2648, + 2651, + 2652, + 2653, + 3572, + 0, + 2964, + 2654, + 2655, + 2657, + 2659, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2687, + 2661, + 2662, + 2663, + 2664, + 2665, + 2666, + 2668, + 2674, + 0, + 2675, + 0, + 0, + 2670, + 2673, + 2677, + 2678, + 2679, + 2680, + 2681, + 2682, + 2684, + 2686, + 2689, + 2691, + 2692, + 2693, + 2694, + 2695, + 0, + 2703, + 2698, + 2699, + 2700, + 3961, + 0, + 0, + 0, + 2701, + 2702, + 0, + 0, + 2710, + 2705, + 2706, + 2707, + 2708, + 2709, + 2712, + 2714, + 2715, + 2716, + 2717, + 2718, + 3326, + 2720, + 2721, + 2723, + 2724, + 2725, + 2726, + 2729, + 2728, + 0, + 2730, + 0, + 0, + 0, + 0, + 0, + 2727, + 2732, + 2734, + 2735, + 3799, + 2737, + 2739, + 2740, + 2741, + 2742, + 2743, + 2744, + 2746, + 2747, + 2748, + 2749, + 4180, + 4425, + 2750, + 4654, + 4415, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2752, + 0, + 0, + 4287, + 2753, + 2755, + 2756, + 2757, + 3355, + 0, + 2758, + 2759, + 0, + 0, + 2761, + 2760, + 2763, + 2764, + 2765, + 2766, + 2767, + 2771, + 2772, + 2773, + 4355, + 2774, + 2775, + 2784, + 2789, + 0, + 0, + 2786, + 2788, + 3029, + 2791, + 2792, + 2793, + 2794, + 2795, + 4350, + 2796, + 0, + 4347, + 0, + 0, + 0, + 0, + 0, + 4345, + 2798, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2826, + 2807, + 0, + 0, + 2800, + 2802, + 2803, + 2804, + 2805, + 2806, + 2809, + 2811, + 2813, + 2815, + 2819, + 2817, + 2822, + 2825, + 2828, + 2829, + 2832, + 0, + 0, + 2831, + 2834, + 2836, + 0, + 0, + 0, + 0, + 2843, + 2838, + 2839, + 2840, + 2841, + 2842, + 2845, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2846, + 2848, + 2849, + 2850, + 2851, + 0, + 3519, + 3203, + 2852, + 0, + 0, + 0, + 0, + 2863, + 2854, + 2856, + 2858, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2903, + 2860, + 2862, + 2865, + 2867, + 2869, + 3232, + 2870, + 2872, + 2874, + 2875, + 2876, + 2877, + 2878, + 2880, + 2881, + 2883, + 0, + 2884, + 2886, + 2887, + 2888, + 2889, + 2890, + 2899, + 0, + 0, + 0, + 2892, + 2894, + 2895, + 2896, + 2897, + 2898, + 2901, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 4384, + 2902, + 2905, + 2907, + 2909, + 2910, + 2911, + 2912, + 2913, + 2915, + 2916, + 2918, + 2919, + 2920, + 2921, + 2922, + 2924, + 2925, + 2926, + 2927, + 2928, + 2932, + 2933, + 2934, + 2935, + 0, + 3601, + 3899, + 2968, + 2969, + 0, + 0, + 0, + 2936, + 2939, + 0, + 0, + 2938, + 2941, + 2942, + 2943, + 2944, + 2945, + 2947, + 2950, + 2951, + 2952, + 2953, + 3328, + 2954, + 2955, + 2959, + 3551, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 2961, + 2963, + 2965, + 2967, + 2971, + 2972, + 2973, + 2974, + 2975, + 2977, + 2978, + 2979, + 2980, + 3302, + 2991, + 2992, + 0, + 0, + 2994, + 0, + 2993, + 0, + 2981, + 2983, + 2984, + 2985, + 2986, + 2987, + 0, + 2988, + 2990, + 2996, + 0, + 0, + 0, + 2999, + 2998, + 3001, + 3002, + 3003, + 3004, + 3005, + 3007, + 3008, + 3009, + 3331, + 3010, + 3980, + 3674, + 3020, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 3011, + 3014, + 3015, + 3016, + 3017, + 3018, + 3019, + 3022, + 3024, + 3025, + 3026, + 3973, + 3733, + 3337, + 3027, + 3028, + 3030, + 3031, + 3032, + 3033, + 3034, + 3035, + 0, + 3036, + 0, + 0, + 0, + 0, + 0, + 3037, + 3039, + 3041, + 3043, + 3044, + 3045, + 3046, + 3047, + 3049, + 3050, + 3051, + 3052, + 3053, + 3097, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 3055, + 3057, + 3059, + 3062, + 3064, + 3066, + 3104, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 3068, + 3637, + 4170, + 3070, + 3578, + 3071, + 3072, + 3073, + 3074, + 3075, + 3077, + 3078, + 3080, + 3083, + 3085, + 3086, + 3088, + 3090, + 3091, + 3092, + 3093, + 4028, + 3094, + 3096, + 3099, + 3100, + 3103, + 0, + 0, + 3231, + 0, + 3102, + 3107, + 3106, + 3109, + 3110, + 3112, + 3113, + 3114, + 3115, + 3116, + 3118, + 3119, + 3120, + 3121, + 3122, + 3124, + 3295, + 3126, + 0, + 0, + 0, + 3133, + 3128, + 3129, + 3130, + 3131, + 3132, + 3135, + 3137, + 3139, + 3140, + 3141, + 3142, + 3143, + 0, + 0, + 0, + 4457, + 0, + 4464, + 0, + 4456, + 3145, + 3146, + 3147, + 3148, + 3150, + 0, + 0, + 0, + 0, + 0, + 3149, + 3159, + 0, + 0, + 0, + 0, + 0, + 3152, + 3154, + 3155, + 3156, + 3157, + 3158, + 3161, + 3162, + 3164, + 3166, + 0, + 0, + 0, + 0, + 3224, + 0, + 0, + 3221, + 3168, + 3169, + 3170, + 3787, + 0, + 3171, + 3172, + 3174, + 3175, + 3176, + 3177, + 3178, + 3180, + 3182, + 3184, + 3186, + 3188, + 3189, + 3192, + 3194, + 3196, + 3198, + 3199, + 3200, + 3201, + 3202, + 3204, + 3218, + 0, + 3206, + 3208, + 3209, + 3210, + 3211, + 3212, + 4505, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 3214, + 3215, + 3217, + 3220, + 3223, + 3226, + 3265, + 0, + 0, + 3228, + 3230, + 3233, + 3235, + 3236, + 3237, + 3238, + 0, + 3838, + 3264, + 0, + 0, + 0, + 0, + 3263, + 3262, + 0, + 0, + 0, + 3239, + 3241, + 3242, + 3243, + 3244, + 3245, + 0, + 3251, + 3247, + 3248, + 3250, + 3253, + 3496, + 3256, + 3257, + 3258, + 3259, + 3260, + 3261, + 3267, + 3270, + 3272, + 3275, + 3277, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 3842, + 3279, + 3281, + 3282, + 3283, + 3284, + 3285, + 3287, + 3289, + 3290, + 3291, + 3292, + 3293, + 3294, + 3300, + 3301, + 0, + 3304, + 0, + 0, + 0, + 0, + 0, + 3297, + 3321, + 0, + 0, + 0, + 0, + 0, + 3299, + 3303, + 3305, + 3308, + 0, + 0, + 0, + 0, + 0, + 3307, + 0, + 0, + 3311, + 3310, + 3313, + 3314, + 3315, + 3316, + 3318, + 0, + 0, + 3317, + 3320, + 3323, + 3325, + 3327, + 3329, + 3330, + 3333, + 3332, + 3335, + 3334, + 3336, + 0, + 3339, + 0, + 3341, + 3340, + 3371, + 3379, + 4692, + 0, + 0, + 3380, + 3338, + 4468, + 0, + 0, + 0, + 3348, + 0, + 0, + 0, + 0, + 3372, + 3343, + 3344, + 3345, + 3346, + 3347, + 3350, + 3351, + 3352, + 3353, + 3354, + 3406, + 3405, + 0, + 0, + 0, + 0, + 3407, + 0, + 0, + 0, + 0, + 3356, + 3416, + 3358, + 0, + 4528, + 3360, + 3361, + 3362, + 3363, + 3397, + 3398, + 0, + 0, + 3399, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 3364, + 3366, + 3367, + 3368, + 3369, + 0, + 3982, + 4257, + 3370, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 3396, + 3374, + 3375, + 3376, + 3377, + 3378, + 3382, + 3383, + 3384, + 3385, + 3386, + 3388, + 3389, + 3391, + 3393, + 3395, + 3401, + 3403, + 3404, + 3422, + 3409, + 3411, + 3412, + 3413, + 3414, + 3415, + 3418, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 4661, + 3419, + 3421, + 3424, + 3426, + 0, + 0, + 0, + 0, + 3427, + 3429, + 3430, + 0, + 0, + 3431, + 0, + 3434, + 0, + 3441, + 3433, + 3436, + 3437, + 3438, + 3439, + 3481, + 3440, + 3443, + 3445, + 3446, + 3447, + 3448, + 3449, + 3452, + 3453, + 3454, + 3455, + 3456, + 3458, + 4004, + 3460, + 3462, + 3463, + 3464, + 3465, + 3466, + 3468, + 0, + 0, + 3469, + 3489, + 3471, + 3473, + 3474, + 3475, + 4588, + 0, + 0, + 0, + 3476, + 3480, + 0, + 0, + 3477, + 3479, + 3486, + 0, + 0, + 0, + 0, + 3483, + 3485, + 3488, + 3491, + 3493, + 3495, + 3497, + 3498, + 3499, + 3500, + 3501, + 3503, + 3504, + 3505, + 3506, + 3507, + 3510, + 0, + 0, + 0, + 3509, + 3512, + 4579, + 0, + 0, + 0, + 0, + 0, + 0, + 4551, + 4291, + 3513, + 3514, + 3515, + 3516, + 3518, + 3517, + 3520, + 0, + 0, + 0, + 3521, + 0, + 0, + 0, + 0, + 0, + 3541, + 3527, + 3529, + 3530, + 3531, + 3532, + 3533, + 3535, + 3536, + 3537, + 4109, + 0, + 3538, + 3834, + 3539, + 0, + 0, + 0, + 3540, + 0, + 0, + 0, + 0, + 0, + 3555, + 3543, + 3544, + 3546, + 3547, + 3548, + 3549, + 3550, + 3553, + 3554, + 3559, + 3562, + 3563, + 3564, + 3565, + 3566, + 3568, + 3570, + 3630, + 3629, + 0, + 0, + 0, + 0, + 3632, + 0, + 0, + 0, + 0, + 3573, + 3575, + 3577, + 3579, + 3580, + 3581, + 3582, + 3583, + 3585, + 3586, + 3587, + 3588, + 3599, + 3600, + 0, + 0, + 3589, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 3638, + 3591, + 3592, + 3594, + 3595, + 3596, + 3597, + 3598, + 3636, + 0, + 0, + 3633, + 3634, + 0, + 0, + 0, + 0, + 0, + 3602, + 3604, + 3606, + 3607, + 3608, + 3609, + 3610, + 3612, + 3613, + 3615, + 3616, + 3617, + 3618, + 3619, + 3621, + 3623, + 3626, + 3631, + 0, + 0, + 0, + 3628, + 3640, + 3641, + 3642, + 3643, + 3682, + 3644, + 3646, + 3647, + 3648, + 3649, + 3650, + 3654, + 0, + 0, + 3652, + 3656, + 3658, + 3660, + 3662, + 3669, + 3671, + 3673, + 3675, + 3677, + 3678, + 3679, + 3680, + 3681, + 3685, + 3688, + 3689, + 3690, + 3691, + 0, + 4263, + 3692, + 3694, + 3695, + 3697, + 3698, + 3699, + 3700, + 3701, + 3703, + 3705, + 4515, + 3707, + 0, + 0, + 4514, + 0, + 4512, + 0, + 4524, + 3709, + 3711, + 3713, + 3716, + 3717, + 3721, + 3723, + 3725, + 3726, + 3727, + 3728, + 3729, + 3732, + 3734, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 3764, + 3736, + 3737, + 3738, + 3739, + 3740, + 3742, + 0, + 0, + 0, + 0, + 4510, + 4304, + 4285, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 4539, + 3743, + 3745, + 3746, + 3747, + 3748, + 3749, + 3751, + 3752, + 3756, + 3755, + 3758, + 3759, + 3761, + 3763, + 3766, + 3770, + 3771, + 3772, + 3773, + 3774, + 3776, + 3778, + 0, + 3779, + 3781, + 3783, + 3784, + 3786, + 3794, + 3793, + 3792, + 0, + 0, + 0, + 0, + 3788, + 3800, + 0, + 3833, + 3790, + 3791, + 3796, + 3798, + 3802, + 0, + 0, + 0, + 0, + 3809, + 3804, + 3805, + 3806, + 3807, + 3808, + 3811, + 3812, + 3813, + 3814, + 3815, + 3817, + 3818, + 3820, + 3822, + 3823, + 3824, + 3825, + 3826, + 3828, + 0, + 0, + 3829, + 3831, + 3835, + 3837, + 3856, + 0, + 0, + 0, + 3853, + 0, + 0, + 0, + 0, + 0, + 0, + 3839, + 3857, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 3841, + 3858, + 0, + 0, + 0, + 3844, + 3882, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 3846, + 3848, + 3850, + 3851, + 3855, + 3860, + 3861, + 3862, + 4382, + 0, + 3863, + 3864, + 3866, + 3867, + 3869, + 3870, + 3871, + 3872, + 3873, + 3875, + 3877, + 3879, + 3881, + 3884, + 3886, + 3888, + 0, + 0, + 0, + 3937, + 3890, + 3892, + 0, + 0, + 3913, + 3938, + 0, + 0, + 0, + 0, + 0, + 0, + 3894, + 3896, + 3898, + 3900, + 3902, + 3903, + 3904, + 3905, + 3906, + 3908, + 3909, + 3910, + 3911, + 0, + 4443, + 4215, + 3933, + 3934, + 0, + 0, + 0, + 0, + 3932, + 0, + 0, + 0, + 0, + 3912, + 3915, + 3916, + 3918, + 3921, + 3922, + 3923, + 3924, + 0, + 4438, + 3929, + 3928, + 0, + 3927, + 0, + 3925, + 3926, + 0, + 0, + 0, + 0, + 3939, + 3931, + 3936, + 3941, + 3943, + 3944, + 3945, + 3946, + 3955, + 3954, + 0, + 3947, + 0, + 0, + 0, + 0, + 0, + 3959, + 3949, + 3950, + 3951, + 3952, + 3953, + 3960, + 0, + 0, + 0, + 0, + 0, + 3958, + 3957, + 0, + 0, + 0, + 3994, + 3963, + 3962, + 3965, + 3967, + 3968, + 3969, + 3970, + 3971, + 3972, + 4262, + 4229, + 4019, + 4018, + 4017, + 0, + 4016, + 0, + 4014, + 4013, + 3979, + 3978, + 3977, + 0, + 0, + 3974, + 3976, + 4015, + 4027, + 0, + 0, + 0, + 4012, + 0, + 0, + 0, + 0, + 3981, + 3984, + 0, + 0, + 0, + 3983, + 0, + 0, + 0, + 0, + 0, + 3995, + 3986, + 3987, + 3988, + 3989, + 3990, + 3992, + 3993, + 3997, + 3998, + 3999, + 4000, + 4001, + 4201, + 0, + 0, + 4003, + 4007, + 4008, + 4009, + 4010, + 4011, + 4076, + 0, + 4021, + 4022, + 4023, + 4024, + 4025, + 4026, + 4029, + 4037, + 4031, + 4032, + 4033, + 4034, + 0, + 4547, + 4039, + 4038, + 4041, + 4040, + 4035, + 0, + 0, + 4036, + 4045, + 4044, + 4071, + 4043, + 4048, + 4050, + 4051, + 4052, + 4053, + 4054, + 4055, + 4057, + 4058, + 4060, + 4082, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 4062, + 4068, + 4067, + 0, + 0, + 4069, + 0, + 4070, + 0, + 4064, + 4066, + 4073, + 4075, + 4077, + 4078, + 4079, + 4080, + 4081, + 4084, + 4085, + 4086, + 4087, + 4088, + 4090, + 4092, + 4094, + 4097, + 0, + 4096, + 0, + 0, + 4101, + 4571, + 4572, + 4573, + 4574, + 4100, + 0, + 4577, + 4578, + 4560, + 4561, + 4609, + 0, + 4610, + 0, + 0, + 4613, + 4104, + 4105, + 4106, + 4107, + 4108, + 4110, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 4126, + 4112, + 4114, + 4116, + 4117, + 4119, + 4121, + 4123, + 4125, + 4128, + 4129, + 4130, + 4131, + 4132, + 4134, + 4137, + 4138, + 4139, + 4140, + 4141, + 4143, + 0, + 0, + 0, + 4202, + 4145, + 4189, + 0, + 0, + 4147, + 4149, + 0, + 0, + 4156, + 4151, + 4152, + 4153, + 4154, + 4155, + 4158, + 4159, + 4160, + 4161, + 4163, + 4162, + 4165, + 4166, + 4167, + 4168, + 4169, + 4171, + 4172, + 4173, + 4174, + 4175, + 4177, + 4179, + 4182, + 4181, + 4184, + 4185, + 4186, + 4187, + 4188, + 4190, + 4192, + 4193, + 4194, + 4195, + 4196, + 4199, + 4200, + 4204, + 4206, + 4209, + 4223, + 4213, + 4214, + 4216, + 4218, + 4219, + 4220, + 4221, + 4222, + 4224, + 4225, + 4226, + 4227, + 4232, + 0, + 0, + 4231, + 4235, + 0, + 0, + 0, + 4234, + 0, + 0, + 0, + 0, + 0, + 4261, + 4237, + 4238, + 4240, + 4242, + 4244, + 4246, + 4247, + 4248, + 4249, + 4250, + 4252, + 4253, + 4254, + 4255, + 4256, + 4258, + 4260, + 4264, + 4266, + 4267, + 4268, + 4269, + 4277, + 0, + 0, + 4270, + 0, + 0, + 0, + 4278, + 4272, + 4273, + 4274, + 4275, + 4276, + 4280, + 4281, + 4282, + 4283, + 4284, + 4286, + 4288, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 4316, + 4290, + 4292, + 4293, + 4294, + 4295, + 4296, + 4297, + 4299, + 4300, + 4301, + 4302, + 4303, + 4305, + 4307, + 4309, + 4312, + 4311, + 0, + 0, + 0, + 0, + 0, + 4315, + 4314, + 4318, + 4320, + 4322, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 4360, + 4324, + 4325, + 4326, + 4327, + 4328, + 4330, + 4331, + 4333, + 4340, + 4341, + 4349, + 4352, + 4354, + 4356, + 0, + 0, + 0, + 0, + 4359, + 4358, + 4362, + 4363, + 4364, + 4365, + 4366, + 4368, + 4370, + 4373, + 4374, + 4375, + 4376, + 4377, + 4381, + 4404, + 4405, + 0, + 4406, + 0, + 4407, + 4408, + 0, + 0, + 0, + 0, + 4383, + 4385, + 4387, + 4388, + 4391, + 4390, + 4393, + 4395, + 4398, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 4414, + 4400, + 4402, + 4410, + 4412, + 4416, + 4418, + 4419, + 4420, + 4421, + 4422, + 4424, + 4427, + 0, + 0, + 0, + 4449, + 4450, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 4429, + 4431, + 4432, + 4433, + 4434, + 4435, + 4467, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 4437, + 4439, + 4441, + 4442, + 4444, + 4446, + 4448, + 4452, + 4453, + 4455, + 4459, + 4460, + 4461, + 4462, + 4463, + 4466, + 4470, + 4472, + 4474, + 4476, + 0, + 0, + 0, + 4479, + 0, + 0, + 0, + 0, + 0, + 4499, + 4478, + 4481, + 4483, + 4485, + 4487, + 4490, + 0, + 0, + 4491, + 4493, + 4494, + 4495, + 4496, + 4497, + 4498, + 4502, + 0, + 4501, + 4504, + 4506, + 4508, + 4509, + 4511, + 4517, + 4519, + 4520, + 4521, + 4522, + 4523, + 4526, + 4531, + 4533, + 4534, + 4536, + 4538, + 4540, + 4542, + 4544, + 4546, + 4548, + 4550, + 4552, + 4553, + 4554, + 4555, + 4557, + 4556, + 4559, + 4563, + 4564, + 4565, + 4566, + 4567, + 4570, + 4569, + 4576, + 4580, + 4581, + 4582, + 4583, + 4584, + 4585, + 4587, + 4589, + 4590, + 4592, + 4594, + 4596, + 4598, + 4599, + 4600, + 4601, + 4602, + 4604, + 4605, + 4606, + 4607, + 4608, + 4612, + 4615, + 4617, + 4619, + 4620, + 4621, + 4622, + 4623, + 4625, + 4627, + 4629, + 4630, + 4632, + 4637, + 0, + 0, + 0, + 4634, + 4636, + 4639, + 4642, + 4645, + 4644, + 0, + 0, + 0, + 0, + 4646, + 0, + 0, + 0, + 0, + 4694, + 4648, + 4649, + 4650, + 4651, + 4652, + 4653, + 4655, + 4657, + 4658, + 4660, + 4662, + 4671, + 0, + 0, + 4664, + 4666, + 4667, + 4668, + 4669, + 4670, + 4673, + 4676, + 0, + 4675, + 4678, + 4680, + 4681, + 4682, + 4683, + 4684, + 4687, + 4688, + 4689, + 4690, + 4691, + 4696, + 0, + 0, + 0, + 0, + 0, + 0, + 4697, +}; + diff --git a/source4/heimdal/lib/wind/normalize_table.h b/source4/heimdal/lib/wind/normalize_table.h new file mode 100644 index 0000000000..90b62e645d --- /dev/null +++ b/source4/heimdal/lib/wind/normalize_table.h @@ -0,0 +1,34 @@ +/* normalize_table.h */ +/* Automatically generated at 2008-03-18T11:38:08.923674 */ + +#ifndef NORMALIZE_TABLE_H +#define NORMALIZE_TABLE_H 1 + +#include +#include + +#define MAX_LENGTH_CANON 18 + +struct translation { + uint32_t key; + unsigned short val_len; + unsigned short val_offset; +}; + +extern const struct translation _wind_normalize_table[]; + +extern const uint32_t _wind_normalize_val_table[]; + +extern const size_t _wind_normalize_table_size; + +struct canon_node { + uint32_t val; + unsigned char next_start; + unsigned char next_end; + unsigned short next_offset; +}; + +extern const struct canon_node _wind_canon_table[]; + +extern const unsigned short _wind_canon_next_table[]; +#endif /* NORMALIZE_TABLE_H */ diff --git a/source4/heimdal/lib/wind/stringprep.c b/source4/heimdal/lib/wind/stringprep.c new file mode 100644 index 0000000000..0beba76384 --- /dev/null +++ b/source4/heimdal/lib/wind/stringprep.c @@ -0,0 +1,141 @@ +/* + * Copyright (c) 2004, 2006, 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include "windlocl.h" +#include +#include +#include + +RCSID("$Id: stringprep.c 22593 2008-02-12 11:58:01Z lha $"); + +/** + * Process a input UCS4 string according a string-prep profile. + * + * @param in input UCS4 string to process + * @param in_len length of the input string + * @param out output UCS4 string + * @param out_len length of the output string. + * @param flags stringprep profile. + * + * @return returns 0 on success, an wind error code otherwise + * @ingroup wind + */ + +int +wind_stringprep(const uint32_t *in, size_t in_len, + uint32_t *out, size_t *out_len, + wind_profile_flags flags) +{ + size_t tmp_len = in_len * 3; + uint32_t *tmp = malloc(tmp_len * sizeof(uint32_t)); + int ret; + size_t olen; + + if (tmp == NULL) + return ENOMEM; + + ret = _wind_stringprep_map(in, in_len, tmp, &tmp_len, flags); + if (ret) { + free(tmp); + return ret; + } + + olen = *out_len; + ret = _wind_stringprep_normalize(tmp, tmp_len, tmp, &olen); + if (ret) { + free(tmp); + return ret; + } + ret = _wind_stringprep_prohibited(tmp, olen, flags); + if (ret) { + free(tmp); + return ret; + } + ret = _wind_stringprep_testbidi(tmp, olen, flags); + if (ret) { + free(tmp); + return ret; + } + + /* Insignificant Character Handling for ldap-prep */ + if (flags & WIND_PROFILE_LDAP_CASE_EXACT_ATTRIBUTE) { + ret = _wind_ldap_case_exact_attribute(tmp, olen, out, out_len); +#if 0 + } else if (flags & WIND_PROFILE_LDAP_CASE_EXACT_ASSERTION) { + } else if (flags & WIND_PROFILE_LDAP_NUMERIC) { + } else if (flags & WIND_PROFILE_LDAP_TELEPHONE) { +#endif + } else { + memcpy(out, tmp, sizeof(out[0]) * olen); + *out_len = olen; + } + free(tmp); + + return ret; +} + +static struct { + const char *name; + wind_profile_flags flags; +} profiles[] = { + { "nameprep", WIND_PROFILE_NAME }, + { "saslprep", WIND_PROFILE_SASL }, + { "ldapprep", WIND_PROFILE_LDAP } +}; + +/** + * Try to find the profile given a name. + * + * @param name name of the profile. + * @param flags the resulting profile. + * + * @return returns 0 on success, an wind error code otherwise + * @ingroup wind + */ + +int +wind_profile(const char *name, wind_profile_flags *flags) +{ + unsigned int i; + + for (i = 0; i < sizeof(profiles)/sizeof(profiles[0]); i++) { + if (strcasecmp(profiles[i].name, name) == 0) { + *flags = profiles[i].flags; + return 0; + } + } + return WIND_ERR_NO_PROFILE; +} diff --git a/source4/heimdal/lib/wind/utf8.c b/source4/heimdal/lib/wind/utf8.c new file mode 100644 index 0000000000..c49e80522e --- /dev/null +++ b/source4/heimdal/lib/wind/utf8.c @@ -0,0 +1,443 @@ +/* + * Copyright (c) 2004, 2006, 2007, 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include "windlocl.h" + +RCSID("$Id: utf8.c 22572 2008-02-05 20:22:39Z lha $"); + +/** + * Convert an UTF-8 string to an UCS4 string. + * + * @param in an UTF-8 string to convert. + * @param out the resulting UCS4 strint, must be at least + * wind_utf8ucs4_length() long. If out is NULL, the function will + * calculate the needed space for the out variable (just like + * wind_utf8ucs4_length()). + * @param out_len before processing out_len should be the length of + * the out variable, after processing it will be the length of the out + * string. + * + * @return returns 0 on success, an wind error code otherwise + * @ingroup wind + */ + +int +wind_utf8ucs4(const char *in, uint32_t *out, size_t *out_len) +{ + const unsigned char *p; + size_t o = 0; + + for (p = (const unsigned char *)in; *p != '\0'; ++p) { + unsigned c = *p; + uint32_t u; + + if (c & 0x80) { + if ((c & 0xE0) == 0xC0) { + const unsigned c2 = *++p; + if ((c2 & 0xC0) == 0x80) { + u = ((c & 0x1F) << 6) + | (c2 & 0x3F); + } else { + return WIND_ERR_INVALID_UTF8; + } + } else if ((c & 0xF0) == 0xE0) { + const unsigned c2 = *++p; + if ((c2 & 0xC0) == 0x80) { + const unsigned c3 = *++p; + if ((c3 & 0xC0) == 0x80) { + u = ((c & 0x0F) << 12) + | ((c2 & 0x3F) << 6) + | (c3 & 0x3F); + } else { + return WIND_ERR_INVALID_UTF8; + } + } else { + return WIND_ERR_INVALID_UTF8; + } + } else if ((c & 0xF8) == 0xF0) { + const unsigned c2 = *++p; + if ((c2 & 0xC0) == 0x80) { + const unsigned c3 = *++p; + if ((c3 & 0xC0) == 0x80) { + const unsigned c4 = *++p; + if ((c4 & 0xC0) == 0x80) { + u = ((c & 0x07) << 18) + | ((c2 & 0x3F) << 12) + | ((c3 & 0x3F) << 6) + | (c4 & 0x3F); + } else { + return WIND_ERR_INVALID_UTF8; + } + } else { + return WIND_ERR_INVALID_UTF8; + } + } else { + return WIND_ERR_INVALID_UTF8; + } + } else { + return WIND_ERR_INVALID_UTF8; + } + } else { + u = c; + } + if (out) { + if (o >= *out_len) + return WIND_ERR_OVERRUN; + out[o] = u; + } + o++; + } + *out_len = o; + return 0; +} + +/** + * Calculate the length of from converting a UTF-8 string to a UCS4 + * string. + * + * @param in an UTF-8 string to convert. + * @param out_len the length of the resulting UCS4 string. + * + * @return returns 0 on success, an wind error code otherwise + * @ingroup wind + */ + +int +wind_utf8ucs4_length(const char *in, size_t *out_len) +{ + return wind_utf8ucs4(in, NULL, out_len); +} + +static const char first_char[4] = + { 0x00, 0xC0, 0xE0, 0xF0 }; + +/** + * Convert an UCS4 string to a UTF-8 string. + * + * @param in an UCS4 string to convert. + * @param in_len the length input array. + + * @param out the resulting UTF-8 strint, must be at least + * wind_ucs4utf8_length() + 1 long (the extra char for the NUL). If + * out is NULL, the function will calculate the needed space for the + * out variable (just like wind_ucs4utf8_length()). + + * @param out_len before processing out_len should be the length of + * the out variable, after processing it will be the length of the out + * string. + * + * @return returns 0 on success, an wind error code otherwise + * @ingroup wind + */ + +int +wind_ucs4utf8(const uint32_t *in, size_t in_len, char *out, size_t *out_len) +{ + uint32_t ch; + size_t i, len, o; + + for (o = 0, i = 0; i < in_len; i++) { + ch = in[i]; + + if (ch < 0x80) { + len = 1; + } else if (ch < 0x800) { + len = 2; + } else if (ch < 0x10000) { + len = 3; + } else if (ch <= 0x10FFFF) { + len = 4; + } else + return WIND_ERR_INVALID_UTF32; + + o += len; + + if (out) { + if (o >= *out_len) + return WIND_ERR_OVERRUN; + + switch(len) { + case 4: + out[3] = (ch | 0x80) & 0xbf; + ch = ch << 6; + case 3: + out[2] = (ch | 0x80) & 0xbf; + ch = ch << 6; + case 2: + out[1] = (ch | 0x80) & 0xbf; + ch = ch << 6; + case 1: + out[0] = ch | first_char[len - 1]; + } + } + out += len; + } + if (out) { + if (o + 1 >= *out_len) + return WIND_ERR_OVERRUN; + *out = '\0'; + } + *out_len = o; + return 0; +} + +/** + * Calculate the length of from converting a UCS4 string to an UTF-8 string. + * + * @param in an UCS4 string to convert. + * @param in_len the length of UCS4 string to convert. + * @param out_len the length of the resulting UTF-8 string. + * + * @return returns 0 on success, an wind error code otherwise + * @ingroup wind + */ + +int +wind_ucs4utf8_length(const uint32_t *in, size_t in_len, size_t *out_len) +{ + return wind_ucs4utf8(in, in_len, NULL, out_len); +} + +/** + * Read in an UCS2 from a buffer. + * + * @param ptr The input buffer to read from. + * @param len the length of the input buffer. + * @param flags Flags to control the behavior of the function. + * @param out the output UCS2, the array must be at least out/2 long. + * @param out_len the output length + * + * @return returns 0 on success, an wind error code otherwise. + * @ingroup wind + */ + +int +wind_ucs2read(const void *ptr, size_t len, unsigned int *flags, + uint16_t *out, size_t *out_len) +{ + const unsigned char *p = ptr; + int little = ((*flags) & WIND_RW_LE); + size_t olen = *out_len; + + /** if len is zero, flags are unchanged */ + if (len == 0) { + *out_len = 0; + return 0; + } + + /** if len is odd, WIND_ERR_LENGTH_NOT_MOD2 is returned */ + if (len & 1) + return WIND_ERR_LENGTH_NOT_MOD2; + + /** + * If the flags WIND_RW_BOM is set, check for BOM. If not BOM is + * found, check is LE/BE flag is already and use that otherwise + * fail with WIND_ERR_NO_BOM. When done, clear WIND_RW_BOM and + * the LE/BE flag and set the resulting LE/BE flag. + */ + if ((*flags) & WIND_RW_BOM) { + uint16_t bom = (p[0] << 8) + p[1]; + if (bom == 0xfffe || bom == 0xfeff) { + little = (bom == 0xfffe); + p += 2; + len -= 2; + } else if (((*flags) & (WIND_RW_LE|WIND_RW_BE)) != 0) { + /* little already set */ + } else + return WIND_ERR_NO_BOM; + *flags = ((*flags) & ~(WIND_RW_BOM|WIND_RW_LE|WIND_RW_BE)); + *flags |= little ? WIND_RW_LE : WIND_RW_BE; + } + + while (len) { + if (olen < 1) + return WIND_ERR_OVERRUN; + if (little) + *out = (p[1] << 8) + p[0]; + else + *out = (p[0] << 8) + p[1]; + out++; p += 2; len -= 2; olen--; + } + *out_len -= olen; + return 0; +} + +/** + * Write an UCS2 string to a buffer. + * + * @param in The input UCS2 string. + * @param in_len the length of the input buffer. + * @param flags Flags to control the behavior of the function. + * @param ptr The input buffer to write to, the array must be at least + * (in + 1) * 2 bytes long. + * @param out_len the output length + * + * @return returns 0 on success, an wind error code otherwise. + * @ingroup wind + */ + +int +wind_ucs2write(const uint16_t *in, size_t in_len, unsigned int *flags, + void *ptr, size_t *out_len) +{ + unsigned char *p = ptr; + size_t len = *out_len; + + /** If in buffer is not of length be mod 2, WIND_ERR_LENGTH_NOT_MOD2 is returned*/ + if (len & 1) + return WIND_ERR_LENGTH_NOT_MOD2; + + /** On zero input length, flags are preserved */ + if (in_len == 0) { + *out_len = 0; + return 0; + } + /** If flags have WIND_RW_BOM set, the byte order mark is written + * first to the output data */ + if ((*flags) & WIND_RW_BOM) { + uint16_t bom = 0xfffe; + + if (len < 2) + return WIND_ERR_OVERRUN; + + if ((*flags) & WIND_RW_LE) { + p[0] = (bom >> 8) & 0xff; + p[1] = (bom ) & 0xff; + } else { + p[1] = (bom ) & 0xff; + p[0] = (bom >> 8) & 0xff; + } + len -= 2; + } + + while (in_len) { + /** If the output wont fit into out_len, WIND_ERR_OVERRUN is returned */ + if (len < 2) + return WIND_ERR_OVERRUN; + if ((*flags) & WIND_RW_LE) { + p[0] = (in[0] >> 8) & 0xff; + p[1] = (in[0] ) & 0xff; + } else { + p[1] = (in[0] ) & 0xff; + p[0] = (in[0] >> 8) & 0xff; + } + len -= 2; + in_len--; + p += 2; + in++; + } + *out_len -= len; + return 0; +} + + +/** + * Convert an UCS2 string to a UTF-8 string. + * + * @param in an UCS2 string to convert. + * @param in_len the length of the in UCS2 string. + * @param out the resulting UTF-8 strint, must be at least + * wind_ucs2utf8_length() long. If out is NULL, the function will + * calculate the needed space for the out variable (just like + * wind_ucs2utf8_length()). + * @param out_len before processing out_len should be the length of + * the out variable, after processing it will be the length of the out + * string. + * + * @return returns 0 on success, an wind error code otherwise + * @ingroup wind + */ + +int +wind_ucs2utf8(const uint16_t *in, size_t in_len, char *out, size_t *out_len) +{ + uint16_t ch; + size_t i, len, o; + + for (o = 0, i = 0; i < in_len; i++) { + ch = in[i]; + + if (ch < 0x80) { + len = 1; + } else if (ch < 0x800) { + len = 2; + } else + len = 3; + + o += len; + + if (out) { + if (o >= *out_len) + return WIND_ERR_OVERRUN; + + switch(len) { + case 3: + out[2] = (ch | 0x80) & 0xbf; + ch = ch << 6; + case 2: + out[1] = (ch | 0x80) & 0xbf; + ch = ch << 6; + case 1: + out[0] = ch | first_char[len - 1]; + } + out += len; + } + } + if (out) { + if (o >= *out_len) + return WIND_ERR_OVERRUN; + *out = '\0'; + } + *out_len = o; + return 0; +} + +/** + * Calculate the length of from converting a UCS2 string to an UTF-8 string. + * + * @param in an UCS2 string to convert. + * @param in_len an UCS2 string length to convert. + * @param out_len the length of the resulting UTF-8 string. + * + * @return returns 0 on success, an wind error code otherwise + * @ingroup wind + */ + +int +wind_ucs2utf8_length(const uint16_t *in, size_t in_len, size_t *out_len) +{ + return wind_ucs2utf8(in, in_len, NULL, out_len); +} diff --git a/source4/heimdal/lib/wind/wind.h b/source4/heimdal/lib/wind/wind.h new file mode 100644 index 0000000000..6921b619f5 --- /dev/null +++ b/source4/heimdal/lib/wind/wind.h @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: wind.h 22595 2008-02-12 11:59:05Z lha $ */ + +#ifndef _WIND_H_ +#define _WIND_H_ + +#include +#include + +#include + +typedef unsigned int wind_profile_flags; + +#define WIND_PROFILE_NAME 0x00000001 +#define WIND_PROFILE_SASL 0x00000002 +#define WIND_PROFILE_LDAP 0x00000004 + +#define WIND_PROFILE_LDAP_CASE_EXACT_ATTRIBUTE 0x00010000 +#define WIND_PROFILE_LDAP_CASE_EXACT_ASSERTION 0x00020000 +#define WIND_PROFILE_LDAP_NUMERIC 0x00040000 +#define WIND_PROFILE_LDAP_TELEPHONE 0x00080000 + + +/* flags to wind_ucs2read/wind_ucs2write */ +#define WIND_RW_LE 1 +#define WIND_RW_BE 2 +#define WIND_RW_BOM 4 + +int wind_stringprep(const unsigned *in, size_t in_len, + unsigned *out, size_t *out_len, + wind_profile_flags flags); +int wind_profile(const char *, wind_profile_flags *); + +int wind_punycode_label_toascii(const uint32_t *, size_t, + char *, size_t *); + +int wind_utf8ucs4(const char *, uint32_t *, size_t *); +int wind_utf8ucs4_length(const char *, size_t *); + +int wind_ucs4utf8(const uint32_t *, size_t, char *, size_t *); +int wind_ucs4utf8_length(const uint32_t *, size_t, size_t *); + +int wind_ucs2utf8(const uint16_t *, size_t, char *, size_t *); +int wind_ucs2utf8_length(const uint16_t *, size_t, size_t *); + + +int wind_ucs2read(const void *, size_t, unsigned int *, uint16_t *, size_t *); +int wind_ucs2write(const uint16_t *, size_t, unsigned int *, void *, size_t *); + +#endif /* _WIND_H_ */ diff --git a/source4/heimdal/lib/wind/wind_err.et b/source4/heimdal/lib/wind/wind_err.et new file mode 100644 index 0000000000..025c402790 --- /dev/null +++ b/source4/heimdal/lib/wind/wind_err.et @@ -0,0 +1,22 @@ +# +# Error messages for the wind library +# +# This might look like a com_err file, but is not +# +id "$Id: wind_err.et 22559 2008-02-03 16:35:07Z lha $" + +error_table wind + +prefix WIND_ERR +error_code NONE, "No error" +error_code NO_PROFILE, "No such profile" +error_code OVERRUN, "Buffer overrun" +error_code UNDERUN, "Buffer underrun" +error_code LENGTH_NOT_MOD2, "Lenght not mod2" +error_code LENGTH_NOT_MOD4, "Lenght not mod4" +error_code INVALID_UTF8, "Invalid UTF-8 combination in string" +error_code INVALID_UTF16, "Invalid UTF-16 combination in string" +error_code INVALID_UTF32, "Invalid UTF-32 combination in string" +error_code NO_BOM, "No byte order mark (BOM) in string" + +end diff --git a/source4/heimdal/lib/wind/windlocl.h b/source4/heimdal/lib/wind/windlocl.h new file mode 100644 index 0000000000..02e8c46481 --- /dev/null +++ b/source4/heimdal/lib/wind/windlocl.h @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: windlocl.h 22582 2008-02-11 20:43:50Z lha $ */ + +#ifndef _WINDLOCL_H_ +#define _WINDLOCL_H_ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include "wind.h" +#include "wind_err.h" + +int _wind_combining_class(uint32_t); + +int _wind_stringprep_testbidi(const uint32_t *, size_t, wind_profile_flags); + +int _wind_stringprep_error(const uint32_t, wind_profile_flags); + +int _wind_stringprep_prohibited(const uint32_t *, size_t, wind_profile_flags); + +int _wind_stringprep_map(const uint32_t *, size_t, + uint32_t *, size_t *, + wind_profile_flags); + +int _wind_stringprep_normalize(const uint32_t *, size_t, uint32_t *, size_t *); + +int _wind_ldap_case_exact_attribute(const uint32_t *, size_t, + uint32_t *, size_t *); + + +#endif /* _WINDLOCL_H_ */ -- cgit From b3ec55b98494f9953b1d819166840e61b75b65dd Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 2 Jun 2008 16:27:44 +0200 Subject: krb5_init_sec_context: skip the token header when GSS_C_DCE_STYLE is specified Windows (and heimdal) accepts packets with token header in the server, but it doesn't match the windows client. We now match the windows client and that fixes also the display in wireshark. metze (This used to be commit 58f66184f0f732a78e86bbb0f3c29e920f086d08) --- source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c index d4482a54b2..ab7624eef0 100644 --- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -540,12 +540,18 @@ init_auth goto failure; } - ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token, - (u_char *)"\x01\x00", GSS_KRB5_MECHANISM); - if (ret) - goto failure; + if (flags & GSS_C_DCE_STYLE) { + output_token->value = outbuf.data; + output_token->length = outbuf.length; + } else { + ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token, + (u_char *)"\x01\x00", GSS_KRB5_MECHANISM); + if (ret) + goto failure; + + krb5_data_free (&outbuf); + } - krb5_data_free (&outbuf); krb5_free_creds(context, kcred); free_Checksum(&cksum); if (cred == NULL) -- cgit From eb192abd3a6891b0b5e9e420d296a97247947488 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 27 Jun 2008 11:33:00 +0200 Subject: gsskrb5: fix gss_krb5_cred_no_ci_flags_x_oid_desc variable name metze (This used to be commit d88be1a1cb543b4e2cc5d15262da786558aa276d) --- source4/heimdal/lib/gssapi/krb5/set_cred_option.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c index 242dfa87b4..85b50d0322 100644 --- a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c +++ b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c @@ -35,10 +35,10 @@ RCSID("$Id: set_cred_option.c 22655 2008-02-26 12:40:35Z lha $"); /* 1.2.752.43.13.17 */ -static gss_OID_desc gss_krb5_ccache_name_x_oid_desc = +static gss_OID_desc gss_krb5_cred_no_ci_flags_x_oid_desc = {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")}; -gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X = &gss_krb5_ccache_name_x_oid_desc; +gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X = &gss_krb5_cred_no_ci_flags_x_oid_desc; /* 1.2.752.43.13.18 */ static gss_OID_desc gss_krb5_import_cred_x_oid_desc = -- cgit From 3678411037329d8bebcaadcea6676018e0131afb Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 27 Jun 2008 11:34:05 +0200 Subject: gsskrb5: just don't force, but allow the flags when GSS_CF_NO_CI_FLAGS is given metze (This used to be commit f10c9ca3612d7bdc4c2c221e959f8c48ec2f9349) --- source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c index ab7624eef0..c455a5dc8b 100644 --- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -490,6 +490,12 @@ init_auth if (req_flags & GSS_C_EXTENDED_ERROR_FLAG) flags |= GSS_C_EXTENDED_ERROR_FLAG; + if (req_flags & GSS_C_CONF_FLAG) { + flags |= GSS_C_CONF_FLAG; + } + if (req_flags & GSS_C_INTEG_FLAG) { + flags |= GSS_C_INTEG_FLAG; + } if (cred == NULL || !(cred->cred_flags & GSS_CF_NO_CI_FLAGS)) { flags |= GSS_C_CONF_FLAG; flags |= GSS_C_INTEG_FLAG; -- cgit From a925f039ee382df0f3be434108416bab0d17e8c0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 1 Aug 2008 07:08:51 +0200 Subject: heimdal: update to lorikeet-heimdal rev 801 metze (This used to be commit d6c54a66fb23c784ef221a3c1cf766b72bdb5a0b) --- source4/heimdal/README | 23 +- source4/heimdal/cf/check-var.m4 | 3 +- source4/heimdal/cf/find-func-no-libs.m4 | 2 +- source4/heimdal/cf/find-func-no-libs2.m4 | 2 +- source4/heimdal/cf/find-func.m4 | 2 +- source4/heimdal/cf/resolv.m4 | 2 +- source4/heimdal/kdc/default_config.c | 4 +- source4/heimdal/kdc/digest.c | 200 ++- source4/heimdal/kdc/kaserver.c | 8 +- source4/heimdal/kdc/kerberos5.c | 14 +- source4/heimdal/kdc/krb5tgs.c | 639 ++++--- source4/heimdal/kdc/kx509.c | 36 +- source4/heimdal/kdc/misc.c | 11 +- source4/heimdal/kdc/pkinit.c | 146 +- source4/heimdal/kdc/process.c | 9 +- source4/heimdal/kdc/windc.c | 6 +- source4/heimdal/kdc/windc_plugin.h | 4 +- source4/heimdal/kuser/kinit.c | 61 +- source4/heimdal/lib/asn1/der.h | 2 +- source4/heimdal/lib/asn1/der_free.c | 2 +- source4/heimdal/lib/asn1/gen.c | 17 +- source4/heimdal/lib/asn1/k5.asn1 | 24 +- source4/heimdal/lib/asn1/lex.c | 73 +- source4/heimdal/lib/asn1/lex.l | 2 +- source4/heimdal/lib/asn1/pkinit.asn1 | 13 + source4/heimdal/lib/asn1/test.gen | 2 +- source4/heimdal/lib/com_err/lex.c | 73 +- source4/heimdal/lib/com_err/lex.l | 2 +- source4/heimdal/lib/gssapi/gssapi/gssapi.h | 137 +- source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h | 95 +- source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h | 4 +- .../heimdal/lib/gssapi/krb5/accept_sec_context.c | 75 +- .../heimdal/lib/gssapi/krb5/delete_sec_context.c | 4 +- source4/heimdal/lib/gssapi/krb5/display_status.c | 4 +- source4/heimdal/lib/gssapi/krb5/external.c | 177 +- source4/heimdal/lib/gssapi/krb5/get_mic.c | 6 +- source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h | 11 +- .../heimdal/lib/gssapi/krb5/import_sec_context.c | 8 +- source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 272 ++- source4/heimdal/lib/gssapi/krb5/set_cred_option.c | 2 +- .../lib/gssapi/krb5/set_sec_context_option.c | 61 +- source4/heimdal/lib/gssapi/krb5/unwrap.c | 8 +- source4/heimdal/lib/gssapi/krb5/verify_mic.c | 6 +- source4/heimdal/lib/gssapi/krb5/wrap.c | 14 +- source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_add_cred.c | 4 +- .../lib/gssapi/mech/gss_add_oid_set_member.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_buffer_set.c | 8 +- .../lib/gssapi/mech/gss_canonicalize_name.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_compare_name.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_context_time.c | 4 +- .../lib/gssapi/mech/gss_create_empty_oid_set.c | 4 +- .../lib/gssapi/mech/gss_decapsulate_token.c | 4 +- .../lib/gssapi/mech/gss_delete_sec_context.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_display_name.c | 4 +- .../heimdal/lib/gssapi/mech/gss_display_status.c | 4 +- .../lib/gssapi/mech/gss_encapsulate_token.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_export_name.c | 4 +- .../lib/gssapi/mech/gss_export_sec_context.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_get_mic.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_import_name.c | 4 +- .../lib/gssapi/mech/gss_import_sec_context.c | 4 +- .../heimdal/lib/gssapi/mech/gss_indicate_mechs.c | 4 +- .../heimdal/lib/gssapi/mech/gss_init_sec_context.c | 4 +- .../heimdal/lib/gssapi/mech/gss_inquire_context.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c | 4 +- .../lib/gssapi/mech/gss_inquire_cred_by_mech.c | 4 +- .../lib/gssapi/mech/gss_inquire_cred_by_oid.c | 4 +- .../lib/gssapi/mech/gss_inquire_mechs_for_name.c | 4 +- .../lib/gssapi/mech/gss_inquire_names_for_mech.c | 4 +- .../gssapi/mech/gss_inquire_sec_context_by_oid.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_krb5.c | 91 +- source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 7 +- source4/heimdal/lib/gssapi/mech/gss_oid_equal.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c | 4 +- .../lib/gssapi/mech/gss_process_context_token.c | 4 +- .../heimdal/lib/gssapi/mech/gss_release_buffer.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_release_cred.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_release_name.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_release_oid.c | 4 +- .../heimdal/lib/gssapi/mech/gss_release_oid_set.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_seal.c | 4 +- .../heimdal/lib/gssapi/mech/gss_set_cred_option.c | 4 +- .../lib/gssapi/mech/gss_set_sec_context_option.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_sign.c | 4 +- .../lib/gssapi/mech/gss_test_oid_set_member.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_unseal.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_unwrap.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_verify.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_verify_mic.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_wrap.c | 4 +- .../heimdal/lib/gssapi/mech/gss_wrap_size_limit.c | 4 +- .../heimdal/lib/gssapi/spnego/accept_sec_context.c | 98 +- source4/heimdal/lib/gssapi/spnego/compat.c | 5 +- source4/heimdal/lib/gssapi/spnego/context_stubs.c | 32 +- source4/heimdal/lib/gssapi/spnego/cred_stubs.c | 22 +- source4/heimdal/lib/gssapi/spnego/external.c | 13 +- source4/heimdal/lib/gssapi/spnego/spnego-private.h | 16 + source4/heimdal/lib/gssapi/spnego/spnego_locl.h | 3 +- source4/heimdal/lib/hcrypto/aes.c | 0 source4/heimdal/lib/hcrypto/aes.h | 10 +- source4/heimdal/lib/hcrypto/bn.c | 6 +- source4/heimdal/lib/hcrypto/camellia-ntt.c | 22 +- source4/heimdal/lib/hcrypto/camellia-ntt.h | 6 +- source4/heimdal/lib/hcrypto/camellia.h | 8 +- source4/heimdal/lib/hcrypto/des.c | 302 +++- source4/heimdal/lib/hcrypto/des.h | 78 +- source4/heimdal/lib/hcrypto/evp.c | 31 +- source4/heimdal/lib/hcrypto/evp.h | 26 +- source4/heimdal/lib/hcrypto/imath/LICENSE | 2 +- source4/heimdal/lib/hcrypto/pkcs12.c | 24 +- source4/heimdal/lib/hcrypto/pkcs5.c | 18 +- source4/heimdal/lib/hcrypto/rand-egd.c | 4 +- source4/heimdal/lib/hcrypto/rand-fortuna.c | 15 +- source4/heimdal/lib/hcrypto/rand-unix.c | 6 +- source4/heimdal/lib/hcrypto/rand.c | 166 +- source4/heimdal/lib/hcrypto/rc2.c | 0 source4/heimdal/lib/hcrypto/rc2.h | 0 source4/heimdal/lib/hcrypto/rc4.c | 0 source4/heimdal/lib/hcrypto/rijndael-alg-fst.c | 0 source4/heimdal/lib/hcrypto/rijndael-alg-fst.h | 0 source4/heimdal/lib/hcrypto/rnd_keys.c | 471 +---- source4/heimdal/lib/hcrypto/ui.c | 8 +- source4/heimdal/lib/hdb/db.c | 40 +- source4/heimdal/lib/hdb/dbinfo.c | 4 +- source4/heimdal/lib/hdb/ext.c | 45 +- source4/heimdal/lib/hdb/hdb.c | 7 +- source4/heimdal/lib/hdb/keys.c | 13 +- source4/heimdal/lib/hdb/keytab.c | 10 +- source4/heimdal/lib/hdb/mkey.c | 33 +- source4/heimdal/lib/hdb/ndbm.c | 38 +- source4/heimdal/lib/hx509/ca.c | 4 +- source4/heimdal/lib/hx509/cert.c | 162 +- source4/heimdal/lib/hx509/cms.c | 16 +- source4/heimdal/lib/hx509/crypto.c | 14 +- source4/heimdal/lib/hx509/env.c | 181 +- source4/heimdal/lib/hx509/file.c | 81 +- source4/heimdal/lib/hx509/hx509-private.h | 43 +- source4/heimdal/lib/hx509/hx509-protos.h | 42 +- source4/heimdal/lib/hx509/hx509.h | 13 +- source4/heimdal/lib/hx509/hx_locl.h | 22 +- source4/heimdal/lib/hx509/keyset.c | 16 +- source4/heimdal/lib/hx509/ks_dir.c | 3 +- source4/heimdal/lib/hx509/ks_file.c | 8 +- source4/heimdal/lib/hx509/ks_p11.c | 31 +- source4/heimdal/lib/hx509/ks_p12.c | 7 +- source4/heimdal/lib/hx509/name.c | 4 +- source4/heimdal/lib/hx509/req.c | 6 +- source4/heimdal/lib/hx509/revoke.c | 38 +- source4/heimdal/lib/hx509/sel-gram.c | 1714 ++++++++++++++++++ source4/heimdal/lib/hx509/sel-gram.h | 83 + source4/heimdal/lib/hx509/sel-gram.y | 115 ++ source4/heimdal/lib/hx509/sel-lex.c | 1899 ++++++++++++++++++++ source4/heimdal/lib/hx509/sel-lex.l | 135 ++ source4/heimdal/lib/hx509/sel.c | 232 +++ source4/heimdal/lib/hx509/sel.h | 82 + source4/heimdal/lib/hx509/test_name.c | 7 +- source4/heimdal/lib/krb5/acache.c | 71 +- source4/heimdal/lib/krb5/addr_families.c | 75 +- source4/heimdal/lib/krb5/auth_context.c | 18 +- source4/heimdal/lib/krb5/build_auth.c | 10 +- source4/heimdal/lib/krb5/cache.c | 256 ++- source4/heimdal/lib/krb5/changepw.c | 97 +- source4/heimdal/lib/krb5/config_file.c | 10 +- source4/heimdal/lib/krb5/constants.c | 6 +- source4/heimdal/lib/krb5/context.c | 78 +- source4/heimdal/lib/krb5/convert_creds.c | 8 +- source4/heimdal/lib/krb5/copy_host_realm.c | 17 +- source4/heimdal/lib/krb5/crc.c | 4 +- source4/heimdal/lib/krb5/creds.c | 8 +- source4/heimdal/lib/krb5/crypto.c | 584 +++--- source4/heimdal/lib/krb5/data.c | 4 +- source4/heimdal/lib/krb5/error_string.c | 146 +- source4/heimdal/lib/krb5/expand_hostname.c | 7 +- source4/heimdal/lib/krb5/fcache.c | 204 ++- source4/heimdal/lib/krb5/generate_subkey.c | 4 +- source4/heimdal/lib/krb5/get_cred.c | 588 +++--- source4/heimdal/lib/krb5/get_default_principal.c | 6 +- source4/heimdal/lib/krb5/get_default_realm.c | 4 +- source4/heimdal/lib/krb5/get_for_creds.c | 21 +- source4/heimdal/lib/krb5/get_host_realm.c | 16 +- source4/heimdal/lib/krb5/get_in_tkt.c | 377 +++- source4/heimdal/lib/krb5/init_creds.c | 14 +- source4/heimdal/lib/krb5/init_creds_pw.c | 110 +- source4/heimdal/lib/krb5/kcm.c | 56 +- source4/heimdal/lib/krb5/keyblock.c | 15 +- source4/heimdal/lib/krb5/keytab.c | 57 +- source4/heimdal/lib/krb5/keytab_any.c | 17 +- source4/heimdal/lib/krb5/keytab_file.c | 54 +- source4/heimdal/lib/krb5/keytab_keyfile.c | 54 +- source4/heimdal/lib/krb5/keytab_memory.c | 8 +- source4/heimdal/lib/krb5/krb5-private.h | 32 +- source4/heimdal/lib/krb5/krb5-protos.h | 83 +- source4/heimdal/lib/krb5/krb5.h | 50 +- source4/heimdal/lib/krb5/krb5_err.et | 6 +- source4/heimdal/lib/krb5/krb5_locl.h | 30 +- source4/heimdal/lib/krb5/krbhst.c | 22 +- source4/heimdal/lib/krb5/locate_plugin.h | 4 +- source4/heimdal/lib/krb5/log.c | 24 +- source4/heimdal/lib/krb5/mcache.c | 15 +- source4/heimdal/lib/krb5/mk_priv.c | 4 +- source4/heimdal/lib/krb5/mk_rep.c | 12 +- source4/heimdal/lib/krb5/n-fold.c | 2 +- source4/heimdal/lib/krb5/pac.c | 113 +- source4/heimdal/lib/krb5/padata.c | 4 +- source4/heimdal/lib/krb5/pkinit.c | 415 +++-- source4/heimdal/lib/krb5/plugin.c | 19 +- source4/heimdal/lib/krb5/principal.c | 114 +- source4/heimdal/lib/krb5/rd_cred.c | 9 +- source4/heimdal/lib/krb5/rd_error.c | 36 +- source4/heimdal/lib/krb5/rd_rep.c | 4 +- source4/heimdal/lib/krb5/rd_req.c | 21 +- source4/heimdal/lib/krb5/replay.c | 31 +- source4/heimdal/lib/krb5/send_to_kdc.c | 62 +- source4/heimdal/lib/krb5/send_to_kdc_plugin.h | 58 + source4/heimdal/lib/krb5/set_default_realm.c | 6 +- source4/heimdal/lib/krb5/ticket.c | 36 +- source4/heimdal/lib/krb5/time.c | 31 +- source4/heimdal/lib/krb5/transited.c | 42 +- source4/heimdal/lib/krb5/v4_glue.c | 71 +- source4/heimdal/lib/krb5/warn.c | 8 +- source4/heimdal/lib/ntlm/ntlm.c | 6 +- source4/heimdal/lib/roken/dumpdata.c | 44 +- source4/heimdal/lib/roken/err.hin | 2 +- source4/heimdal/lib/roken/resolve.c | 5 +- source4/heimdal/lib/roken/roken-common.h | 15 +- source4/heimdal/lib/roken/roken.h.in | 2 +- source4/heimdal/lib/roken/vis.hin | 2 +- source4/heimdal/lib/wind/stringprep.c | 4 +- source4/heimdal/lib/wind/utf8.c | 179 +- source4/heimdal/lib/wind/wind.h | 13 +- source4/heimdal/lib/wind/wind_err.et | 3 +- source4/heimdal/lib/wind/windlocl.h | 4 +- 233 files changed, 10176 insertions(+), 3563 deletions(-) mode change 100755 => 100644 source4/heimdal/lib/hcrypto/aes.c mode change 100755 => 100644 source4/heimdal/lib/hcrypto/aes.h mode change 100755 => 100644 source4/heimdal/lib/hcrypto/rc2.c mode change 100755 => 100644 source4/heimdal/lib/hcrypto/rc2.h mode change 100755 => 100644 source4/heimdal/lib/hcrypto/rc4.c mode change 100755 => 100644 source4/heimdal/lib/hcrypto/rijndael-alg-fst.c mode change 100755 => 100644 source4/heimdal/lib/hcrypto/rijndael-alg-fst.h create mode 100644 source4/heimdal/lib/hx509/sel-gram.c create mode 100644 source4/heimdal/lib/hx509/sel-gram.h create mode 100644 source4/heimdal/lib/hx509/sel-gram.y create mode 100644 source4/heimdal/lib/hx509/sel-lex.c create mode 100644 source4/heimdal/lib/hx509/sel-lex.l create mode 100644 source4/heimdal/lib/hx509/sel.c create mode 100644 source4/heimdal/lib/hx509/sel.h create mode 100644 source4/heimdal/lib/krb5/send_to_kdc_plugin.h (limited to 'source4/heimdal') diff --git a/source4/heimdal/README b/source4/heimdal/README index 131cc574fb..88ab7fd121 100644 --- a/source4/heimdal/README +++ b/source4/heimdal/README @@ -1,6 +1,19 @@ -This directory contains a copy of portions of a project known as -'lorikeet-heimdal', a branch of the Heimdal Kerberos distribution. +$Id: README 8839 2000-07-27 02:33:54Z assar $ -The purpose of these files is to provide kerberos support to Samba4 in -a predicatable manner, without reliance on the system kerberos -libraries. +Heimdal is a Kerberos 5 implementation. + +Please see the manual in doc, by default installed in +/usr/heimdal/info/heimdal.info for information on how to install. +There are also briefer man pages for most of the commands. + +Bug reports and bugs are appreciated, see more under Bug reports in +the manual on how we prefer them. + +For more information see the web-page at + or the mailing lists: + +heimdal-announce@sics.se low-volume announcement +heimdal-discuss@sics.se high-volume discussion + +send a mail to heimdal-announce-request@sics.se and +heimdal-discuss-request@sics.se respectively to subscribe. diff --git a/source4/heimdal/cf/check-var.m4 b/source4/heimdal/cf/check-var.m4 index 1f06b479c6..ffa61915e9 100644 --- a/source4/heimdal/cf/check-var.m4 +++ b/source4/heimdal/cf/check-var.m4 @@ -1,4 +1,4 @@ -dnl $Id: check-var.m4,v 1.12 2005/06/16 18:59:10 lha Exp $ +dnl $Id: check-var.m4 15422 2005-06-16 18:59:29Z lha $ dnl dnl rk_CHECK_VAR(variable, includes) AC_DEFUN([rk_CHECK_VAR], [ @@ -23,4 +23,5 @@ if test "$ac_foo" = yes; then fi ]) +dnl AC_WARNING_ENABLE([obsolete]) AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo]) diff --git a/source4/heimdal/cf/find-func-no-libs.m4 b/source4/heimdal/cf/find-func-no-libs.m4 index 03ff6dc02b..76965a84ee 100644 --- a/source4/heimdal/cf/find-func-no-libs.m4 +++ b/source4/heimdal/cf/find-func-no-libs.m4 @@ -1,4 +1,4 @@ -dnl $Id: find-func-no-libs.m4,v 1.6 2004/02/12 14:20:45 lha Exp $ +dnl $Id: find-func-no-libs.m4 13338 2004-02-12 14:21:14Z lha $ dnl dnl dnl Look for function in any of the specified libraries diff --git a/source4/heimdal/cf/find-func-no-libs2.m4 b/source4/heimdal/cf/find-func-no-libs2.m4 index 2e7c8b7d4b..617a09e8da 100644 --- a/source4/heimdal/cf/find-func-no-libs2.m4 +++ b/source4/heimdal/cf/find-func-no-libs2.m4 @@ -1,4 +1,4 @@ -dnl $Id: find-func-no-libs2.m4,v 1.9 2004/08/26 12:35:42 joda Exp $ +dnl $Id: find-func-no-libs2.m4 14166 2004-08-26 12:35:42Z joda $ dnl dnl dnl Look for function in any of the specified libraries diff --git a/source4/heimdal/cf/find-func.m4 b/source4/heimdal/cf/find-func.m4 index aa500283f2..2354f38e5e 100644 --- a/source4/heimdal/cf/find-func.m4 +++ b/source4/heimdal/cf/find-func.m4 @@ -1,4 +1,4 @@ -dnl $Id: find-func.m4,v 1.2 2004/02/12 14:20:47 lha Exp $ +dnl $Id: find-func.m4 13338 2004-02-12 14:21:14Z lha $ dnl dnl AC_FIND_FUNC(func, libraries, includes, arguments) AC_DEFUN([AC_FIND_FUNC], [ diff --git a/source4/heimdal/cf/resolv.m4 b/source4/heimdal/cf/resolv.m4 index 20e85a8400..8bb5e4ecbb 100644 --- a/source4/heimdal/cf/resolv.m4 +++ b/source4/heimdal/cf/resolv.m4 @@ -1,6 +1,6 @@ dnl stuff used by DNS resolv code in roken dnl -dnl $Id: resolv.m4,v 1.1 2005/09/02 10:17:38 lha Exp $ +dnl $Id: resolv.m4 16009 2005-09-02 10:17:38Z lha $ dnl AC_DEFUN([rk_RESOLV],[ diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c index 5f336e3275..33a2c297fa 100644 --- a/source4/heimdal/kdc/default_config.c +++ b/source4/heimdal/kdc/default_config.c @@ -36,7 +36,7 @@ #include #include -RCSID("$Id: default_config.c 21405 2007-07-04 10:35:45Z lha $"); +RCSID("$Id: default_config.c 23316 2008-06-23 04:32:32Z lha $"); krb5_error_code krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) @@ -45,7 +45,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) c = calloc(1, sizeof(*c)); if (c == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c index b845b0f9a8..bf1e45b328 100644 --- a/source4/heimdal/kdc/digest.c +++ b/source4/heimdal/kdc/digest.c @@ -34,7 +34,7 @@ #include "kdc_locl.h" #include -RCSID("$Id: digest.c 22374 2007-12-28 18:36:52Z lha $"); +RCSID("$Id: digest.c 23316 2008-06-23 04:32:32Z lha $"); #define MS_CHAP_V2 0x20 #define CHAP_MD5 0x10 @@ -44,13 +44,13 @@ RCSID("$Id: digest.c 22374 2007-12-28 18:36:52Z lha $"); #define NTLM_V1 0x01 const struct units _kdc_digestunits[] = { - {"ms-chap-v2", 1U << 5}, - {"chap-md5", 1U << 4}, - {"digest-md5", 1U << 3}, - {"ntlm-v2", 1U << 2}, - {"ntlm-v1-session", 1U << 1}, - {"ntlm-v1", 1U << 0}, - {NULL, 0} + {"ms-chap-v2", 1U << 5}, + {"chap-md5", 1U << 4}, + {"digest-md5", 1U << 3}, + {"ntlm-v2", 1U << 2}, + {"ntlm-v1-session", 1U << 1}, + {"ntlm-v1", 1U << 0}, + {NULL, 0} }; @@ -121,10 +121,10 @@ fill_targetinfo(krb5_context context, strcmp("imap", str) == 0 || strcmp("pop", str) == 0 || strcmp("smtp", str))) - { - str = krb5_principal_get_comp_string(context, p, 1); - ti.dnsservername = rk_UNCONST(str); - } + { + str = krb5_principal_get_comp_string(context, p, 1); + ti.dnsservername = rk_UNCONST(str); + } ret = heim_ntlm_encode_targetinfo(&ti, 1, &d); if (ret) @@ -186,7 +186,7 @@ get_password_entry(krb5_context context, if (ret || password == NULL) { if (ret == 0) { ret = EINVAL; - krb5_set_error_string(context, "password missing"); + krb5_set_error_message(context, ret, "password missing"); } memset(user, 0, sizeof(*user)); } @@ -263,7 +263,7 @@ _kdc_do_digest(krb5_context context, goto out; ret = EINVAL; - krb5_set_error_string(context, "Wrong digest server principal used"); + krb5_set_error_message(context, ret, "Wrong digest server principal used"); p = krb5_principal_get_comp_string(context, principal, 0); if (p == NULL) { krb5_free_principal(context, principal); @@ -323,9 +323,9 @@ _kdc_do_digest(krb5_context context, "Client %s tried to use digest " "but is not allowed to", client_name); - krb5_set_error_string(context, - "Client is not permitted to use digest"); ret = KRB5KDC_ERR_POLICY; + krb5_set_error_message(context, ret, + "Client is not permitted to use digest"); goto out; } } @@ -338,8 +338,8 @@ _kdc_do_digest(krb5_context context, if (ret) goto out; if (key == NULL) { - krb5_set_error_string(context, "digest: remote subkey not found"); ret = EINVAL; + krb5_set_error_message(context, ret, "digest: remote subkey not found"); goto out; } @@ -359,7 +359,7 @@ _kdc_do_digest(krb5_context context, ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL); krb5_data_free(&buf); if (ret) { - krb5_set_error_string(context, "Failed to decode digest inner request"); + krb5_set_error_message(context, ret, "Failed to decode digest inner request"); goto out; } @@ -386,15 +386,15 @@ _kdc_do_digest(krb5_context context, hex_encode(server_nonce, sizeof(server_nonce), &r.u.initReply.nonce); if (r.u.initReply.nonce == NULL) { - krb5_set_error_string(context, "Failed to decode server nonce"); ret = ENOMEM; + krb5_set_error_message(context, ret, "Failed to decode server nonce"); goto out; } sp = krb5_storage_emem(); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_store_stringz(sp, ireq.u.init.type); @@ -410,9 +410,9 @@ _kdc_do_digest(krb5_context context, ireq.u.init.channel->cb_type, ireq.u.init.channel->cb_binding); if (s == NULL) { - krb5_set_error_string(context, "Failed to allocate " - "channel binding"); ret = ENOMEM; + krb5_set_error_message(context, ret, + "Failed to allocate channel binding"); goto out; } free(r.u.initReply.nonce); @@ -429,15 +429,15 @@ _kdc_do_digest(krb5_context context, r.u.initReply.identifier = malloc(sizeof(*r.u.initReply.identifier)); if (r.u.initReply.identifier == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } asprintf(r.u.initReply.identifier, "%02X", identifier & 0xff); if (*r.u.initReply.identifier == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -478,8 +478,8 @@ _kdc_do_digest(krb5_context context, ASN1_MALLOC_ENCODE(Checksum, buf.data, buf.length, &res, &size, ret); free_Checksum(&res); if (ret) { - krb5_set_error_string(context, "Failed to encode " - "checksum in digest request"); + krb5_set_error_message(context, ret, "Failed to encode " + "checksum in digest request"); goto out; } if (size != buf.length) @@ -502,7 +502,7 @@ _kdc_do_digest(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_store_stringz(sp, ireq.u.digestRequest.type); @@ -524,15 +524,15 @@ _kdc_do_digest(krb5_context context, buf.length = strlen(ireq.u.digestRequest.opaque); buf.data = malloc(buf.length); if (buf.data == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = hex_decode(ireq.u.digestRequest.opaque, buf.data, buf.length); if (ret <= 0) { - krb5_set_error_string(context, "Failed to decode opaque"); ret = ENOMEM; + krb5_set_error_message(context, ret, "Failed to decode opaque"); goto out; } buf.length = ret; @@ -540,7 +540,7 @@ _kdc_do_digest(krb5_context context, ret = decode_Checksum(buf.data, buf.length, &res, NULL); free(buf.data); if (ret) { - krb5_set_error_string(context, "Failed to decode digest Checksum"); + krb5_set_error_message(context, ret, "Failed to decode digest Checksum"); goto out; } @@ -553,8 +553,8 @@ _kdc_do_digest(krb5_context context, serverNonce.length = strlen(ireq.u.digestRequest.serverNonce); serverNonce.data = malloc(serverNonce.length); if (serverNonce.data == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -568,8 +568,8 @@ _kdc_do_digest(krb5_context context, ssize = hex_decode(ireq.u.digestRequest.serverNonce, serverNonce.data, serverNonce.length); if (ssize <= 0) { - krb5_set_error_string(context, "Failed to decode serverNonce"); ret = ENOMEM; + krb5_set_error_message(context, ret, "Failed to decode serverNonce"); goto out; } serverNonce.length = ssize; @@ -593,15 +593,15 @@ _kdc_do_digest(krb5_context context, uint32_t t; if (serverNonce.length < 4) { - krb5_set_error_string(context, "server nonce too short"); ret = EINVAL; + krb5_set_error_message(context, ret, "server nonce too short"); goto out; } t = p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); if (abs((kdc_time & 0xffffffff) - t) > context->max_skew) { - krb5_set_error_string(context, "time screw in server nonce "); ret = EINVAL; + krb5_set_error_message(context, ret, "time screw in server nonce "); goto out; } } @@ -618,15 +618,15 @@ _kdc_do_digest(krb5_context context, } if (ireq.u.digestRequest.identifier == NULL) { - krb5_set_error_string(context, "Identifier missing " - "from CHAP request"); ret = EINVAL; + krb5_set_error_message(context, ret, "Identifier missing " + "from CHAP request"); goto out; } if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) { - krb5_set_error_string(context, "failed to decode identifier"); ret = EINVAL; + krb5_set_error_message(context, ret, "failed to decode identifier"); goto out; } @@ -714,8 +714,8 @@ _kdc_do_digest(krb5_context context, MD5_Final(md, &ctx); hex_encode(md, sizeof(md), &A1); if (A1 == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto failed; } @@ -733,8 +733,8 @@ _kdc_do_digest(krb5_context context, MD5_Final(md, &ctx); hex_encode(md, sizeof(md), &A2); if (A2 == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); free(A1); goto failed; } @@ -795,15 +795,15 @@ _kdc_do_digest(krb5_context context, } if (ireq.u.digestRequest.clientNonce == NULL) { - krb5_set_error_string(context, - "MS-CHAP-V2 clientNonce missing"); ret = EINVAL; + krb5_set_error_message(context, ret, + "MS-CHAP-V2 clientNonce missing"); goto failed; } if (serverNonce.length != 16) { - krb5_set_error_string(context, - "MS-CHAP-V2 serverNonce wrong length"); ret = EINVAL; + krb5_set_error_message(context, ret, + "MS-CHAP-V2 serverNonce wrong length"); goto failed; } @@ -824,16 +824,16 @@ _kdc_do_digest(krb5_context context, clientNonce.data = malloc(clientNonce.length); if (clientNonce.data == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ssize = hex_decode(*ireq.u.digestRequest.clientNonce, clientNonce.data, clientNonce.length); if (ssize != 16) { - krb5_set_error_string(context, - "Failed to decode clientNonce"); ret = ENOMEM; + krb5_set_error_message(context, ret, + "Failed to decode clientNonce"); goto out; } SHA1_Update(&ctx, clientNonce.data, ssize); @@ -852,18 +852,18 @@ _kdc_do_digest(krb5_context context, HDB_F_GET_CLIENT, NULL, &user); krb5_free_principal(context, clientprincipal); if (ret) { - krb5_set_error_string(context, - "MS-CHAP-V2 user %s not in database", - username); + krb5_set_error_message(context, ret, + "MS-CHAP-V2 user %s not in database", + username); goto failed; } ret = hdb_enctype2key(context, &user->entry, ETYPE_ARCFOUR_HMAC_MD5, &key); if (ret) { - krb5_set_error_string(context, - "MS-CHAP-V2 missing arcfour key %s", - username); + krb5_set_error_message(context, ret, + "MS-CHAP-V2 missing arcfour key %s", + username); goto failed; } @@ -872,7 +872,7 @@ _kdc_do_digest(krb5_context context, key->key.keyvalue.length, challange, &answer); if (ret) { - krb5_set_error_string(context, "NTLM missing arcfour key"); + krb5_set_error_message(context, ret, "NTLM missing arcfour key"); goto failed; } @@ -967,8 +967,8 @@ _kdc_do_digest(krb5_context context, asprintf(&r.u.error.reason, "Unsupported digest type %s", ireq.u.digestRequest.type); if (r.u.error.reason == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } r.u.error.code = EINVAL; @@ -1021,29 +1021,29 @@ _kdc_do_digest(krb5_context context, r.u.ntlmInitReply.targetname = get_ntlm_targetname(context, client); if (r.u.ntlmInitReply.targetname == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } r.u.ntlmInitReply.challange.data = malloc(8); if (r.u.ntlmInitReply.challange.data == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } r.u.ntlmInitReply.challange.length = 8; if (RAND_bytes(r.u.ntlmInitReply.challange.data, r.u.ntlmInitReply.challange.length) != 1) - { - krb5_set_error_string(context, "out of random error"); - ret = ENOMEM; - goto out; - } + { + ret = ENOMEM; + krb5_set_error_message(context, ret, "out of random error"); + goto out; + } /* XXX fix targetinfo */ ALLOC(r.u.ntlmInitReply.targetinfo); if (r.u.ntlmInitReply.targetinfo == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -1052,8 +1052,8 @@ _kdc_do_digest(krb5_context context, client, r.u.ntlmInitReply.targetinfo); if (ret) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -1064,14 +1064,14 @@ _kdc_do_digest(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_storage_write(sp, r.u.ntlmInitReply.challange.data, 8); if (ret != 8) { ret = ENOMEM; - krb5_set_error_string(context, "storage write challange"); + krb5_set_error_message(context, ret, "storage write challange"); goto out; } ret = krb5_store_uint32(sp, r.u.ntlmInitReply.flags); @@ -1127,8 +1127,8 @@ _kdc_do_digest(krb5_context context, HDB_F_GET_CLIENT, NULL, &user); krb5_free_principal(context, clientprincipal); if (ret) { - krb5_set_error_string(context, "NTLM user %s not in database", - ireq.u.ntlmRequest.username); + krb5_set_error_message(context, ret, "NTLM user %s not in database", + ireq.u.ntlmRequest.username); goto failed; } @@ -1150,33 +1150,33 @@ _kdc_do_digest(krb5_context context, sp = krb5_storage_from_data(&buf); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_storage_read(sp, challange, sizeof(challange)); if (ret != sizeof(challange)) { - krb5_set_error_string(context, "NTLM storage read challange"); ret = ENOMEM; + krb5_set_error_message(context, ret, "NTLM storage read challange"); goto out; } ret = krb5_ret_uint32(sp, &flags); if (ret) { - krb5_set_error_string(context, "NTLM storage read flags"); + krb5_set_error_message(context, ret, "NTLM storage read flags"); goto out; } krb5_data_free(&buf); if ((flags & NTLM_NEG_NTLM) == 0) { ret = EINVAL; - krb5_set_error_string(context, "NTLM not negotiated"); + krb5_set_error_message(context, ret, "NTLM not negotiated"); goto out; } ret = hdb_enctype2key(context, &user->entry, ETYPE_ARCFOUR_HMAC_MD5, &key); if (ret) { - krb5_set_error_string(context, "NTLM missing arcfour key"); + krb5_set_error_message(context, ret, "NTLM missing arcfour key"); goto out; } @@ -1194,8 +1194,8 @@ _kdc_do_digest(krb5_context context, targetname = get_ntlm_targetname(context, client); if (targetname == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -1213,7 +1213,7 @@ _kdc_do_digest(krb5_context context, sessionkey); free(targetname); if (ret) { - krb5_set_error_string(context, "NTLM v2 verify failed"); + krb5_set_error_message(context, ret, "NTLM v2 verify failed"); goto failed; } @@ -1238,9 +1238,9 @@ _kdc_do_digest(krb5_context context, } if (ireq.u.ntlmRequest.lm.length != 24) { - krb5_set_error_string(context, "LM hash have wrong length " - "for NTLM session key"); ret = EINVAL; + krb5_set_error_message(context, ret, "LM hash have wrong length " + "for NTLM session key"); goto failed; } @@ -1260,18 +1260,18 @@ _kdc_do_digest(krb5_context context, key->key.keyvalue.length, challange, &answer); if (ret) { - krb5_set_error_string(context, "NTLM missing arcfour key"); + krb5_set_error_message(context, ret, "NTLM missing arcfour key"); goto failed; } if (ireq.u.ntlmRequest.ntlm.length != answer.length || memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0) - { - free(answer.data); - ret = EINVAL; - krb5_set_error_string(context, "NTLM hash mismatch"); - goto failed; - } + { + free(answer.data); + ret = EINVAL; + krb5_set_error_message(context, ret, "NTLM hash mismatch"); + goto failed; + } free(answer.data); { @@ -1290,18 +1290,19 @@ _kdc_do_digest(krb5_context context, size_t len; if ((flags & NTLM_NEG_KEYEX) == 0) { - krb5_set_error_string(context, - "NTLM client failed to neg key " - "exchange but still sent key"); ret = EINVAL; + krb5_set_error_message(context, ret, + "NTLM client failed to neg key " + "exchange but still sent key"); goto failed; } len = ireq.u.ntlmRequest.sessionkey->length; if (len != sizeof(masterkey)){ - krb5_set_error_string(context, - "NTLM master key wrong length: %lu", - (unsigned long)len); + ret = EINVAL; + krb5_set_error_message(context, ret, + "NTLM master key wrong length: %lu", + (unsigned long)len); goto failed; } @@ -1315,14 +1316,15 @@ _kdc_do_digest(krb5_context context, r.u.ntlmResponse.sessionkey = malloc(sizeof(*r.u.ntlmResponse.sessionkey)); if (r.u.ntlmResponse.sessionkey == NULL) { - krb5_set_error_string(context, "out of memory"); + ret = EINVAL; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_data_copy(r.u.ntlmResponse.sessionkey, masterkey, sizeof(masterkey)); if (ret) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } } @@ -1354,11 +1356,11 @@ _kdc_do_digest(krb5_context context, break; default: { - char *s; - krb5_set_error_string(context, "unknown operation to digest"); + const char *s; ret = EINVAL; + krb5_set_error_message(context, ret, "unknown operation to digest"); - failed: + failed: s = krb5_get_error_message(context, ret); if (s == NULL) { @@ -1370,10 +1372,10 @@ _kdc_do_digest(krb5_context context, r.element = choice_DigestRepInner_error; r.u.error.reason = strdup("unknown error"); - krb5_free_error_string(context, s); + krb5_free_error_message(context, s); if (r.u.error.reason == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } r.u.error.code = EINVAL; @@ -1383,7 +1385,7 @@ _kdc_do_digest(krb5_context context, ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret); if (ret) { - krb5_set_error_string(context, "Failed to encode inner digest reply"); + krb5_set_error_message(context, ret, "Failed to encode inner digest reply"); goto out; } if (size != buf.length) @@ -1414,14 +1416,14 @@ _kdc_do_digest(krb5_context context, ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret); if (ret) { - krb5_set_error_string(context, "Failed to encode digest reply"); + krb5_set_error_message(context, ret, "Failed to encode digest reply"); goto out; } if (size != reply->length) krb5_abortx(context, "ASN1 internal error"); -out: + out: if (ac) krb5_auth_con_free(context, ac); if (ret) diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c index 27f497ea66..4f257d717e 100644 --- a/source4/heimdal/kdc/kaserver.c +++ b/source4/heimdal/kdc/kaserver.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kaserver.c 21654 2007-07-21 17:30:18Z lha $"); +RCSID("$Id: kaserver.c 23110 2008-04-27 18:51:17Z lha $"); #include #include @@ -366,7 +366,7 @@ create_reply_ticket (krb5_context context, DES_cblock deskey; memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - DES_set_key (&deskey, &schedule); + DES_set_key_unchecked (&deskey, &schedule); DES_pcbc_encrypt (enc_data.data, enc_data.data, enc_data.length, @@ -524,7 +524,7 @@ do_authenticate (krb5_context context, /* try to decode the `request' */ memcpy (&key, ckey->key.keyvalue.data, sizeof(key)); - DES_set_key (&key, &schedule); + DES_set_key_unchecked (&key, &schedule); DES_pcbc_encrypt (request.data, request.data, request.length, @@ -801,7 +801,7 @@ do_getticket (krb5_context context, /* decrypt the times */ memcpy(&session, ad.session.keyvalue.data, sizeof(session)); - DES_set_key (&session, &schedule); + DES_set_key_unchecked (&session, &schedule); DES_ecb_encrypt (times.data, times.data, &schedule, diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index f1dea6499d..2a2c48c233 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c 22071 2007-11-14 20:04:50Z lha $"); +RCSID("$Id: kerberos5.c 23316 2008-06-23 04:32:32Z lha $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -1648,7 +1648,7 @@ _kdc_as_rep(krb5_context context, memset(&canon, 0, sizeof(canon)); canon.names.requested_name = *b->cname; - canon.names.real_name = client->entry.principal->name; + canon.names.mapped_name = client->entry.principal->name; ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length, &canon.names, &len, ret); @@ -1807,7 +1807,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context, if (tkt->authorization_data == NULL) { tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data)); if (tkt->authorization_data == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "out of memory"); return ENOMEM; } } @@ -1822,7 +1822,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context, ret = add_AuthorizationData(&ad, &ade); if (ret) { - krb5_set_error_string(context, "add AuthorizationData failed"); + krb5_set_error_message(context, ret, "add AuthorizationData failed"); return ret; } @@ -1833,8 +1833,8 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context, &ad, &size, ret); free_AuthorizationData(&ad); if (ret) { - krb5_set_error_string(context, "ASN.1 encode of " - "AuthorizationData failed"); + krb5_set_error_message(context, ret, "ASN.1 encode of " + "AuthorizationData failed"); return ret; } if (ade.ad_data.length != size) @@ -1843,7 +1843,7 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context, ret = add_AuthorizationData(tkt->authorization_data, &ade); der_free_octet_string(&ade.ad_data); if (ret) { - krb5_set_error_string(context, "add AuthorizationData failed"); + krb5_set_error_message(context, ret, "add AuthorizationData failed"); return ret; } } diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 32bdee9799..071a30d5a7 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1,45 +1,45 @@ /* - * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" -RCSID("$Id: krb5tgs.c 22071 2007-11-14 20:04:50Z lha $"); +RCSID("$Id: krb5tgs.c 23316 2008-06-23 04:32:32Z lha $"); /* * return the realm of a krbtgt-ticket or NULL */ -static Realm +static Realm get_krbtgt_realm(const PrincipalName *p) { if(p->name_string.len == 2 @@ -80,8 +80,8 @@ find_KRB5SignedPath(krb5_context context, &child, NULL); if (ret) { - krb5_set_error_string(context, "Failed to decode " - "IF_RELEVANT with %d", ret); + krb5_set_error_message(context, ret, "Failed to decode " + "IF_RELEVANT with %d", ret); return ret; } @@ -168,7 +168,7 @@ _kdc_add_KRB5SignedPath(krb5_context context, if (data.length != size) krb5_abortx(context, "internal asn.1 encoder error"); - + /* * Add IF-RELEVANT(KRB5SignedPath) to the last slot in * authorization data field. @@ -187,13 +187,14 @@ check_KRB5SignedPath(krb5_context context, hdb_entry_ex *krbtgt, EncTicketPart *tkt, KRB5SignedPathPrincipals **delegated, - int require_signedpath) + int *signedpath) { krb5_error_code ret; krb5_data data; krb5_crypto crypto = NULL; - *delegated = NULL; + if (delegated) + *delegated = NULL; ret = find_KRB5SignedPath(context, tkt->authorization_data, &data); if (ret == 0) { @@ -236,8 +237,8 @@ check_KRB5SignedPath(krb5_context context, return ret; } } - ret = krb5_verify_checksum(context, crypto, KRB5_KU_KRB5SIGNEDPATH, - data.data, data.length, + ret = krb5_verify_checksum(context, crypto, KRB5_KU_KRB5SIGNEDPATH, + data.data, data.length, &sp.cksum); krb5_crypto_destroy(context, crypto); free(data.data); @@ -246,7 +247,7 @@ check_KRB5SignedPath(krb5_context context, return ret; } - if (sp.delegated) { + if (delegated && sp.delegated) { *delegated = malloc(sizeof(*sp.delegated)); if (*delegated == NULL) { @@ -263,10 +264,8 @@ check_KRB5SignedPath(krb5_context context, } } free_KRB5SignedPath(&sp); - - } else { - if (require_signedpath) - return KRB5KDC_ERR_BADOPTION; + + *signedpath = 1; } return 0; @@ -286,7 +285,7 @@ check_PAC(krb5_context context, const EncryptionKey *krbtgt_key, EncTicketPart *tkt, krb5_data *rspac, - int *require_signedpath) + int *signedpath) { AuthorizationData *ad = tkt->authorization_data; unsigned i, j; @@ -306,8 +305,8 @@ check_PAC(krb5_context context, &child, NULL); if (ret) { - krb5_set_error_string(context, "Failed to decode " - "IF_RELEVANT with %d", ret); + krb5_set_error_message(context, ret, "Failed to decode " + "IF_RELEVANT with %d", ret); return ret; } for (j = 0; j < child.len; j++) { @@ -324,7 +323,7 @@ check_PAC(krb5_context context, if (ret) return ret; - ret = krb5_pac_verify(context, pac, tkt->authtime, + ret = krb5_pac_verify(context, pac, tkt->authtime, client_principal, krbtgt_key, NULL); if (ret) { @@ -332,13 +331,13 @@ check_PAC(krb5_context context, return ret; } - ret = _kdc_pac_verify(context, client_principal, + ret = _kdc_pac_verify(context, client_principal, client, server, &pac); if (ret) { krb5_pac_free(context, pac); return ret; } - *require_signedpath = 0; + *signedpath = 1; ret = _krb5_pac_sign(context, pac, tkt->authtime, client_principal, @@ -359,7 +358,7 @@ check_PAC(krb5_context context, */ static krb5_error_code -check_tgs_flags(krb5_context context, +check_tgs_flags(krb5_context context, krb5_kdc_configuration *config, KDC_REQ_BODY *b, const EncTicketPart *tgt, EncTicketPart *et) { @@ -379,7 +378,7 @@ check_tgs_flags(krb5_context context, /* XXX tkt = tgt */ et->flags.invalid = 0; }else if(tgt->flags.invalid){ - kdc_log(context, config, 0, + kdc_log(context, config, 0, "Ticket-granting ticket has INVALID flag set"); return KRB5KRB_AP_ERR_TKT_INVALID; } @@ -473,8 +472,8 @@ check_tgs_flags(krb5_context context, et->endtime = *et->starttime + old_life; if (et->renew_till != NULL) et->endtime = min(*et->renew_till, et->endtime); - } - + } + #if 0 /* checks for excess flags */ if(f.request_anonymous && !config->allow_anonymous){ @@ -491,7 +490,7 @@ check_tgs_flags(krb5_context context, */ static krb5_error_code -check_constrained_delegation(krb5_context context, +check_constrained_delegation(krb5_context context, krb5_kdc_configuration *config, hdb_entry_ex *client, krb5_const_principal server) @@ -522,7 +521,7 @@ check_constrained_delegation(krb5_context context, */ static krb5_error_code -verify_flags (krb5_context context, +verify_flags (krb5_context context, krb5_kdc_configuration *config, const EncTicketPart *et, const char *pstr) @@ -543,18 +542,18 @@ verify_flags (krb5_context context, */ static krb5_error_code -fix_transited_encoding(krb5_context context, +fix_transited_encoding(krb5_context context, krb5_kdc_configuration *config, krb5_boolean check_policy, - const TransitedEncoding *tr, - EncTicketPart *et, - const char *client_realm, - const char *server_realm, + const TransitedEncoding *tr, + EncTicketPart *et, + const char *client_realm, + const char *server_realm, const char *tgt_realm) { krb5_error_code ret = 0; char **realms, **tmp; - int num_realms; + unsigned int num_realms; int i; switch (tr->tr_type) { @@ -576,9 +575,9 @@ fix_transited_encoding(krb5_context context, return KRB5KDC_ERR_TRTYPE_NOSUPP; } - ret = krb5_domain_x500_decode(context, + ret = krb5_domain_x500_decode(context, tr->contents, - &realms, + &realms, &num_realms, client_realm, server_realm); @@ -589,7 +588,7 @@ fix_transited_encoding(krb5_context context, } if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) { /* not us, so add the previous realm to transited set */ - if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) { + if (num_realms + 1 > UINT_MAX/sizeof(*realms)) { ret = ERANGE; goto free_realms; } @@ -607,7 +606,7 @@ fix_transited_encoding(krb5_context context, num_realms++; } if(num_realms == 0) { - if(strcmp(client_realm, server_realm)) + if(strcmp(client_realm, server_realm)) kdc_log(context, config, 0, "cross-realm %s -> %s", client_realm, server_realm); } else { @@ -630,11 +629,11 @@ fix_transited_encoding(krb5_context context, } } if(check_policy) { - ret = krb5_check_transited(context, client_realm, - server_realm, + ret = krb5_check_transited(context, client_realm, + server_realm, realms, num_realms, NULL); if(ret) { - krb5_warn(context, ret, "cross-realm %s -> %s", + krb5_warn(context, ret, "cross-realm %s -> %s", client_realm, server_realm); goto free_realms; } @@ -653,23 +652,24 @@ fix_transited_encoding(krb5_context context, static krb5_error_code -tgs_make_reply(krb5_context context, +tgs_make_reply(krb5_context context, krb5_kdc_configuration *config, - KDC_REQ_BODY *b, + KDC_REQ_BODY *b, krb5_const_principal tgt_name, - const EncTicketPart *tgt, + const EncTicketPart *tgt, const EncryptionKey *serverkey, const krb5_keyblock *sessionkey, krb5_kvno kvno, AuthorizationData *auth_data, - hdb_entry_ex *server, - const char *server_name, - hdb_entry_ex *client, - krb5_principal client_principal, + hdb_entry_ex *server, + const char *server_name, + hdb_entry_ex *client, + krb5_principal client_principal, hdb_entry_ex *krbtgt, krb5_enctype krbtgt_etype, KRB5SignedPathPrincipals *spp, const krb5_data *rspac, + const METHOD_DATA *enc_pa_data, const char **e_text, krb5_data *reply) { @@ -678,11 +678,11 @@ tgs_make_reply(krb5_context context, EncTicketPart et; KDCOptions f = b->kdc_options; krb5_error_code ret; - + memset(&rep, 0, sizeof(rep)); memset(&et, 0, sizeof(et)); memset(&ek, 0, sizeof(ek)); - + rep.pvno = 5; rep.msg_type = krb_tgs_rep; @@ -691,7 +691,7 @@ tgs_make_reply(krb5_context context, et.endtime = min(tgt->endtime, *b->till); ALLOC(et.starttime); *et.starttime = kdc_time; - + ret = check_tgs_flags(context, config, b, tgt, &et); if(ret) goto out; @@ -715,11 +715,11 @@ tgs_make_reply(krb5_context context, #define PRINCIPAL_FORCE_TRANSITED_CHECK(P) 0 #define PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(P) 0 - ret = fix_transited_encoding(context, config, + ret = fix_transited_encoding(context, config, !f.disable_transited_check || GLOBAL_FORCE_TRANSITED_CHECK || PRINCIPAL_FORCE_TRANSITED_CHECK(server) || - !((GLOBAL_ALLOW_PER_PRINCIPAL && + !((GLOBAL_ALLOW_PER_PRINCIPAL && PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(server)) || GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK), &tgt->transited, &et, @@ -729,7 +729,7 @@ tgs_make_reply(krb5_context context, if(ret) goto out; - copy_Realm(krb5_princ_realm(context, server->entry.principal), + copy_Realm(krb5_princ_realm(context, server->entry.principal), &rep.ticket.realm); _krb5_principal2principalname(&rep.ticket.sname, server->entry.principal); copy_Realm(&tgt_name->realm, &rep.crealm); @@ -754,7 +754,7 @@ tgs_make_reply(krb5_context context, life = min(life, *server->entry.max_life); et.endtime = *et.starttime + life; } - if(f.renewable_ok && tgt->flags.renewable && + if(f.renewable_ok && tgt->flags.renewable && et.renew_till == NULL && et.endtime < *b->till){ et.flags.renewable = 1; ALLOC(et.renew_till); @@ -769,13 +769,13 @@ tgs_make_reply(krb5_context context, renew = min(renew, *server->entry.max_renew); *et.renew_till = et.authtime + renew; } - + if(et.renew_till){ *et.renew_till = min(*et.renew_till, *tgt->renew_till); *et.starttime = min(*et.starttime, *et.renew_till); et.endtime = min(et.endtime, *et.renew_till); } - + *et.starttime = min(*et.starttime, et.endtime); if(*et.starttime == et.endtime){ @@ -787,12 +787,12 @@ tgs_make_reply(krb5_context context, et.renew_till = NULL; et.flags.renewable = 0; } - + et.flags.pre_authent = tgt->flags.pre_authent; et.flags.hw_authent = tgt->flags.hw_authent; et.flags.anonymous = tgt->flags.anonymous; et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate; - + if (auth_data) { /* XXX Check enc-authorization-data */ et.authorization_data = calloc(1, sizeof(*et.authorization_data)); @@ -836,7 +836,7 @@ tgs_make_reply(krb5_context context, goto out; et.crealm = tgt->crealm; et.cname = tgt_name->name; - + ek.key = et.key; /* MIT must have at least one last_req */ ek.last_req.len = 1; @@ -853,8 +853,8 @@ tgs_make_reply(krb5_context context, ek.renew_till = et.renew_till; ek.srealm = rep.ticket.realm; ek.sname = rep.ticket.sname; - - _kdc_log_timestamp(context, config, "TGS-REQ", et.authtime, et.starttime, + + _kdc_log_timestamp(context, config, "TGS-REQ", et.authtime, et.starttime, et.endtime, et.renew_till); /* Don't sign cross realm tickets, they can't be checked anyway */ @@ -874,6 +874,17 @@ tgs_make_reply(krb5_context context, } } + if (enc_pa_data->len) { + rep.padata = calloc(1, sizeof(*rep.padata)); + if (rep.padata == NULL) { + ret = ENOMEM; + goto out; + } + ret = copy_METHOD_DATA(enc_pa_data, rep.padata); + if (ret) + goto out; + } + /* It is somewhat unclear where the etype in the following encryption should come from. What we have is a session key in the passed tgt, and a list of preferred etypes @@ -884,9 +895,9 @@ tgs_make_reply(krb5_context context, CAST session key. Should the DES3 etype be added to the etype list, even if we don't want a session key with DES3? */ - ret = _kdc_encode_reply(context, config, + ret = _kdc_encode_reply(context, config, &rep, &et, &ek, et.key.keytype, - kvno, + kvno, serverkey, 0, &tgt->key, e_text, reply); out: free_TGS_REP(&rep); @@ -906,10 +917,10 @@ out: } static krb5_error_code -tgs_check_authenticator(krb5_context context, +tgs_check_authenticator(krb5_context context, krb5_kdc_configuration *config, krb5_auth_context ac, - KDC_REQ_BODY *b, + KDC_REQ_BODY *b, const char **e_text, krb5_keyblock *key) { @@ -919,7 +930,7 @@ tgs_check_authenticator(krb5_context context, size_t buf_size; krb5_error_code ret; krb5_crypto crypto; - + krb5_auth_con_getauthenticator(context, ac, &auth); if(auth->cksum == NULL){ kdc_log(context, config, 0, "No authenticator in request"); @@ -936,7 +947,7 @@ tgs_check_authenticator(krb5_context context, || #endif !krb5_checksum_is_collision_proof(context, auth->cksum->cksumtype)) { - kdc_log(context, config, 0, "Bad checksum type in authenticator: %d", + kdc_log(context, config, 0, "Bad checksum type in authenticator: %d", auth->cksum->cksumtype); ret = KRB5KRB_AP_ERR_INAPP_CKSUM; goto out; @@ -945,7 +956,7 @@ tgs_check_authenticator(krb5_context context, /* XXX should not re-encode this */ ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, b, &len, ret); if(ret){ - kdc_log(context, config, 0, "Failed to encode KDC-REQ-BODY: %s", + kdc_log(context, config, 0, "Failed to encode KDC-REQ-BODY: %s", krb5_get_err_text(context, ret)); goto out; } @@ -966,14 +977,14 @@ tgs_check_authenticator(krb5_context context, ret = krb5_verify_checksum(context, crypto, KRB5_KU_TGS_REQ_AUTH_CKSUM, - buf, + buf, len, auth->cksum); free(buf); krb5_crypto_destroy(context, crypto); if(ret){ kdc_log(context, config, 0, - "Failed to verify authenticator checksum: %s", + "Failed to verify authenticator checksum: %s", krb5_get_err_text(context, ret)); } out: @@ -991,27 +1002,38 @@ find_rpath(krb5_context context, Realm crealm, Realm srealm) { const char *new_realm = krb5_config_get_string(context, NULL, - "capaths", + "capaths", crealm, srealm, NULL); return new_realm; } - + static krb5_boolean -need_referral(krb5_context context, krb5_principal server, krb5_realm **realms) +need_referral(krb5_context context, krb5_kdc_configuration *config, + const KDCOptions * const options, krb5_principal server, + krb5_realm **realms) { - if(server->name.name_type != KRB5_NT_SRV_INST || - server->name.name_string.len != 2) + const char *name; + + if(!options->canonicalize && server->name.name_type != KRB5_NT_SRV_INST) + return FALSE; + + if (server->name.name_string.len == 1) + name = server->name.name_string.val[0]; + if (server->name.name_string.len > 1) + name = server->name.name_string.val[1]; + else return FALSE; - - return _krb5_get_host_realm_int(context, server->name.name_string.val[1], - FALSE, realms) == 0; + + kdc_log(context, config, 0, "Searching referral for %s", name); + + return _krb5_get_host_realm_int(context, name, FALSE, realms) == 0; } static krb5_error_code -tgs_parse_request(krb5_context context, +tgs_parse_request(krb5_context context, krb5_kdc_configuration *config, KDC_REQ_BODY *b, const PA_DATA *tgs_req, @@ -1041,7 +1063,7 @@ tgs_parse_request(krb5_context context, memset(&ap_req, 0, sizeof(ap_req)); ret = krb5_decode_ap_req(context, &tgs_req->padata_value, &ap_req); if(ret){ - kdc_log(context, config, 0, "Failed to decode AP-REQ: %s", + kdc_log(context, config, 0, "Failed to decode AP-REQ: %s", krb5_get_err_text(context, ret)); goto out; } @@ -1052,12 +1074,12 @@ tgs_parse_request(krb5_context context, ret = KRB5KDC_ERR_POLICY; /* ? */ goto out; } - + _krb5_principalname2krb5_principal(context, &princ, ap_req.ticket.sname, ap_req.ticket.realm); - + ret = _kdc_db_fetch(context, config, princ, HDB_F_GET_KRBTGT, NULL, krbtgt); if(ret) { @@ -1074,8 +1096,8 @@ tgs_parse_request(krb5_context context, ret = KRB5KRB_AP_ERR_NOT_US; goto out; } - - if(ap_req.ticket.enc_part.kvno && + + if(ap_req.ticket.enc_part.kvno && *ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){ char *p; @@ -1084,7 +1106,7 @@ tgs_parse_request(krb5_context context, if (ret != 0) p = ""; kdc_log(context, config, 0, - "Ticket kvno = %d, DB kvno = %d (%s)", + "Ticket kvno = %d, DB kvno = %d (%s)", *ap_req.ticket.enc_part.kvno, (*krbtgt)->entry.kvno, p); @@ -1096,7 +1118,7 @@ tgs_parse_request(krb5_context context, *krbtgt_etype = ap_req.ticket.enc_part.etype; - ret = hdb_enctype2key(context, &(*krbtgt)->entry, + ret = hdb_enctype2key(context, &(*krbtgt)->entry, ap_req.ticket.enc_part.etype, &tkey); if(ret){ char *str = NULL, *p = NULL; @@ -1112,7 +1134,7 @@ tgs_parse_request(krb5_context context, ret = KRB5KRB_AP_ERR_BADKEYVER; goto out; } - + if (b->kdc_options.validate) verify_ap_req_flags = KRB5_VERIFY_AP_REQ_IGNORE_INVALID; else @@ -1127,10 +1149,10 @@ tgs_parse_request(krb5_context context, &ap_req_options, ticket, KRB5_KU_TGS_REQ_AUTH); - + krb5_free_principal(context, princ); if(ret) { - kdc_log(context, config, 0, "Failed to verify AP-REQ: %s", + kdc_log(context, config, 0, "Failed to verify AP-REQ: %s", krb5_get_err_text(context, ret)); goto out; } @@ -1158,7 +1180,7 @@ tgs_parse_request(krb5_context context, } } - ret = tgs_check_authenticator(context, config, + ret = tgs_check_authenticator(context, config, ac, b, e_text, &(*ticket)->ticket.key); if (ret) { krb5_auth_con_free(context, ac); @@ -1175,7 +1197,7 @@ tgs_parse_request(krb5_context context, &subkey); if(ret){ krb5_auth_con_free(context, ac); - kdc_log(context, config, 0, "Failed to get remote subkey: %s", + kdc_log(context, config, 0, "Failed to get remote subkey: %s", krb5_get_err_text(context, ret)); goto out; } @@ -1184,7 +1206,7 @@ tgs_parse_request(krb5_context context, ret = krb5_auth_con_getkey(context, ac, &subkey); if(ret) { krb5_auth_con_free(context, ac); - kdc_log(context, config, 0, "Failed to get session key: %s", + kdc_log(context, config, 0, "Failed to get session key: %s", krb5_get_err_text(context, ret)); goto out; } @@ -1211,7 +1233,7 @@ tgs_parse_request(krb5_context context, krb5_crypto_destroy(context, crypto); if(ret){ krb5_auth_con_free(context, ac); - kdc_log(context, config, 0, + kdc_log(context, config, 0, "Failed to decrypt enc-authorization-data"); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ goto out; @@ -1235,17 +1257,95 @@ tgs_parse_request(krb5_context context, } krb5_auth_con_free(context, ac); - + out: free_AP_REQ(&ap_req); - + return ret; } static krb5_error_code -tgs_build_reply(krb5_context context, +build_server_referral(krb5_context context, + krb5_kdc_configuration *config, + krb5_crypto session, + krb5_const_realm referred_realm, + const PrincipalName *true_principal_name, + const PrincipalName *requested_principal, + krb5_data *outdata) +{ + PA_ServerReferralData ref; + krb5_error_code ret; + EncryptedData ed; + krb5_data data; + size_t size; + + memset(&ref, 0, sizeof(ref)); + + if (referred_realm) { + ref.referred_realm = malloc(sizeof(ref.referred_realm)); + if (ref.referred_realm == NULL) + goto eout; + *ref.referred_realm = strdup(referred_realm); + if (*ref.referred_realm == NULL) + goto eout; + } + if (true_principal_name) { + ref.true_principal_name = + malloc(sizeof(ref.true_principal_name)); + if (ref.true_principal_name == NULL) + goto eout; + ret = copy_PrincipalName(true_principal_name, ref.true_principal_name); + if (ret) + goto eout; + } + if (requested_principal) { + ref.requested_principal_name = + malloc(sizeof(ref.requested_principal_name)); + if (ref.requested_principal_name == NULL) + goto eout; + ret = copy_PrincipalName(requested_principal, + ref.requested_principal_name); + if (ret) + goto eout; + } + + ASN1_MALLOC_ENCODE(PA_ServerReferralData, + data.data, data.length, + &ref, &size, ret); + free_PA_ServerReferralData(&ref); + if (ret) + return ret; + if (data.length != size) + krb5_abortx(context, "internal asn.1 encoder error"); + + ret = krb5_encrypt_EncryptedData(context, session, + KRB5_KU_PA_SERVER_REFERRAL, + data.data, data.length, + 0 /* kvno */, &ed); + free(data.data); + if (ret) + return ret; + + ASN1_MALLOC_ENCODE(EncryptedData, + outdata->data, outdata->length, + &ed, &size, ret); + free_EncryptedData(&ed); + if (ret) + return ret; + if (outdata->length != size) + krb5_abortx(context, "internal asn.1 encoder error"); + + return 0; +eout: + free_PA_ServerReferralData(&ref); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; +} + +static krb5_error_code +tgs_build_reply(krb5_context context, krb5_kdc_configuration *config, - KDC_REQ *req, + KDC_REQ *req, KDC_REQ_BODY *b, hdb_entry_ex *krbtgt, krb5_enctype krbtgt_etype, @@ -1253,7 +1353,7 @@ tgs_build_reply(krb5_context context, krb5_data *reply, const char *from, const char **e_text, - AuthorizationData *auth_data, + AuthorizationData **auth_data, const struct sockaddr *from_addr, int datagram_reply) { @@ -1262,6 +1362,7 @@ tgs_build_reply(krb5_context context, krb5_principal client_principal = NULL; char *spn = NULL, *cpn = NULL; hdb_entry_ex *server = NULL, *client = NULL; + krb5_realm ref_realm = NULL; EncTicketPart *tgt = &ticket->ticket; KRB5SignedPathPrincipals *spp = NULL; const EncryptionKey *ekey; @@ -1270,16 +1371,19 @@ tgs_build_reply(krb5_context context, krb5_data rspac; int cross_realm = 0; + METHOD_DATA enc_pa_data; + PrincipalName *s; Realm r; int nloop = 0; EncTicketPart adtkt; char opt_str[128]; - int require_signedpath = 0; + int signedpath = 0; memset(&sessionkey, 0, sizeof(sessionkey)); memset(&adtkt, 0, sizeof(adtkt)); krb5_data_zero(&rspac); + memset(&enc_pa_data, 0, sizeof(enc_pa_data)); s = b->sname; r = b->realm; @@ -1289,8 +1393,8 @@ tgs_build_reply(krb5_context context, hdb_entry_ex *uu; krb5_principal p; Key *uukey; - - if(b->additional_tickets == NULL || + + if(b->additional_tickets == NULL || b->additional_tickets->len == 0){ ret = KRB5KDC_ERR_BADOPTION; /* ? */ kdc_log(context, config, 0, @@ -1305,8 +1409,8 @@ tgs_build_reply(krb5_context context, goto out; } _krb5_principalname2krb5_principal(context, &p, t->sname, t->realm); - ret = _kdc_db_fetch(context, config, p, - HDB_F_GET_CLIENT|HDB_F_GET_SERVER, + ret = _kdc_db_fetch(context, config, p, + HDB_F_GET_CLIENT|HDB_F_GET_SERVER, NULL, &uu); krb5_free_principal(context, p); if(ret){ @@ -1314,7 +1418,7 @@ tgs_build_reply(krb5_context context, ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; goto out; } - ret = hdb_enctype2key(context, &uu->entry, + ret = hdb_enctype2key(context, &uu->entry, t->enc_part.etype, &uukey); if(ret){ _kdc_free_ent(context, uu); @@ -1347,7 +1451,7 @@ tgs_build_reply(krb5_context context, opt_str, sizeof(opt_str)); if(*opt_str) kdc_log(context, config, 0, - "TGS-REQ %s from %s for %s [%s]", + "TGS-REQ %s from %s for %s [%s]", cpn, from, spn, opt_str); else kdc_log(context, config, 0, @@ -1370,20 +1474,23 @@ server_lookup: new_rlm = find_rpath(context, tgt->crealm, req_rlm); if(new_rlm) { kdc_log(context, config, 5, "krbtgt for realm %s " - "not found, trying %s", + "not found, trying %s", req_rlm, new_rlm); krb5_free_principal(context, sp); free(spn); - krb5_make_principal(context, &sp, r, + krb5_make_principal(context, &sp, r, KRB5_TGS_NAME, new_rlm, NULL); ret = krb5_unparse_name(context, sp, &spn); if (ret) goto out; - auth_data = NULL; /* ms don't handle AD in referals */ + + if (ref_realm) + free(ref_realm); + ref_realm = strdup(new_rlm); goto server_lookup; } } - } else if(need_referral(context, sp, &realms)) { + } else if(need_referral(context, config, &b->kdc_options, sp, &realms)) { if (strcmp(realms[0], sp->realm) != 0) { kdc_log(context, config, 5, "Returning a referral to realm %s for " @@ -1396,8 +1503,12 @@ server_lookup: ret = krb5_unparse_name(context, sp, &spn); if (ret) goto out; + + if (ref_realm) + free(ref_realm); + ref_realm = strdup(realms[0]); + krb5_free_host_realm(context, realms); - auth_data = NULL; /* ms don't handle AD in referals */ goto server_lookup; } krb5_free_host_realm(context, realms); @@ -1412,7 +1523,7 @@ server_lookup: ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT, NULL, &client); if(ret) { - const char *krbtgt_realm; + const char *krbtgt_realm; /* * If the client belongs to the same realm as our krbtgt, it @@ -1420,8 +1531,8 @@ server_lookup: * */ - krbtgt_realm = - krb5_principal_get_comp_string(context, + krbtgt_realm = + krb5_principal_get_comp_string(context, krbtgt->entry.principal, 1); if(strcmp(krb5_principal_get_realm(context, cp), krbtgt_realm) == 0) { @@ -1437,16 +1548,60 @@ server_lookup: cross_realm = 1; } - + + /* + * Select enctype, return key and kvno. + */ + + { + krb5_enctype etype; + + if(b->kdc_options.enc_tkt_in_skey) { + int i; + ekey = &adtkt.key; + for(i = 0; i < b->etype.len; i++) + if (b->etype.val[i] == adtkt.key.keytype) + break; + if(i == b->etype.len) { + kdc_log(context, config, 0, + "Addition ticket have not matching etypes", spp); + krb5_clear_error_string(context); + return KRB5KDC_ERR_ETYPE_NOSUPP; + } + etype = b->etype.val[i]; + kvno = 0; + } else { + Key *skey; + + ret = _kdc_find_etype(context, server, b->etype.val, b->etype.len, + &skey, &etype); + if(ret) { + kdc_log(context, config, 0, + "Server (%s) has no support for etypes", spn); + return ret; + } + ekey = &skey->key; + kvno = server->entry.kvno; + } + + ret = krb5_generate_random_keyblock(context, etype, &sessionkey); + if (ret) + goto out; + } + + /* + * Validate authoriation data + */ + /* * Check that service is in the same realm as the krbtgt. If it's * not the same, it's someone that is using a uni-directional trust * backward. */ - + if (strcmp(krb5_principal_get_realm(context, sp), - krb5_principal_get_comp_string(context, - krbtgt->entry.principal, + krb5_principal_get_comp_string(context, + krbtgt->entry.principal, 1)) != 0) { char *tpn; ret = krb5_unparse_name(context, krbtgt->entry.principal, &tpn); @@ -1459,8 +1614,45 @@ server_lookup: goto out; } + /* check PAC if not cross realm and if there is one */ + if (!cross_realm) { + Key *tkey; + + ret = hdb_enctype2key(context, &krbtgt->entry, + krbtgt_etype, &tkey); + if(ret) { + kdc_log(context, config, 0, + "Failed to find key for krbtgt PAC check"); + goto out; + } + + ret = check_PAC(context, config, cp, + client, server, ekey, &tkey->key, + tgt, &rspac, &signedpath); + if (ret) { + kdc_log(context, config, 0, + "Verify PAC failed for %s (%s) from %s with %s", + spn, cpn, from, krb5_get_err_text(context, ret)); + goto out; + } + } + + /* also check the krbtgt for signature */ + ret = check_KRB5SignedPath(context, + config, + krbtgt, + tgt, + &spp, + &signedpath); + if (ret) { + kdc_log(context, config, 0, + "KRB5SignedPath check failed for %s (%s) from %s with %s", + spn, cpn, from, krb5_get_err_text(context, ret)); + goto out; + } + /* - * + * Process request */ client_principal = cp; @@ -1477,7 +1669,7 @@ server_lookup: char *selfcpn = NULL; const char *str; - ret = decode_PA_S4U2Self(sdata->padata_value.data, + ret = decode_PA_S4U2Self(sdata->padata_value.data, sdata->padata_value.length, &self, NULL); if (ret) { @@ -1501,14 +1693,14 @@ server_lookup: ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, - datack.data, - datack.length, + datack.data, + datack.length, &self.cksum); krb5_data_free(&datack); krb5_crypto_destroy(context, crypto); if (ret) { free_PA_S4U2Self(&self); - kdc_log(context, config, 0, + kdc_log(context, config, 0, "krb5_verify_checksum failed for S4U2Self: %s", krb5_get_err_text(context, ret)); goto out; @@ -1566,13 +1758,26 @@ server_lookup: && b->additional_tickets->len != 0 && b->kdc_options.enc_tkt_in_skey == 0) { + int ad_signedpath = 0; Key *clientkey; Ticket *t; char *str; + /* + * Require that the KDC have issued the service's krbtgt (not + * self-issued ticket with kimpersonate(1). + */ + if (!signedpath) { + ret = KRB5KDC_ERR_BADOPTION; + kdc_log(context, config, 0, + "Constrained delegation done on service ticket %s/%s", + cpn, spn); + goto out; + } + t = &b->additional_tickets->val[0]; - ret = hdb_enctype2key(context, &client->entry, + ret = hdb_enctype2key(context, &client->entry, t->enc_part.etype, &clientkey); if(ret){ ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */ @@ -1588,19 +1793,18 @@ server_lookup: } /* check that ticket is valid */ - if (adtkt.flags.forwardable == 0) { kdc_log(context, config, 0, "Missing forwardable flag on ticket for " "constrained delegation from %s to %s ", spn, cpn); - ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */ + ret = KRB5KDC_ERR_BADOPTION; goto out; } ret = check_constrained_delegation(context, config, client, sp); if (ret) { kdc_log(context, config, 0, - "constrained delegation from %s to %s not allowed", + "constrained delegation from %s to %s not allowed", spn, cpn); goto out; } @@ -1623,16 +1827,16 @@ server_lookup: } /* - * Check KRB5SignedPath in authorization data and add new entry to - * make sure servers can't fake a ticket to us. + * Check that the KDC issued the user's ticket. */ - ret = check_KRB5SignedPath(context, config, krbtgt, &adtkt, - &spp, - 1); + NULL, + &ad_signedpath); + if (ret == 0 && !ad_signedpath) + ret = KRB5KDC_ERR_BADOPTION; if (ret) { kdc_log(context, config, 0, "KRB5SignedPath check from service %s failed " @@ -1646,27 +1850,21 @@ server_lookup: kdc_log(context, config, 0, "constrained delegation for %s " "from %s to %s", str, cpn, spn); free(str); - - /* - * Also require that the KDC have issue the service's krbtgt - * used to do the request. - */ - require_signedpath = 1; } /* * Check flags */ - ret = _kdc_check_flags(context, config, + ret = _kdc_check_flags(context, config, client, cpn, server, spn, FALSE); if(ret) goto out; - if((b->kdc_options.validate || b->kdc_options.renew) && - !krb5_principal_compare(context, + if((b->kdc_options.validate || b->kdc_options.renew) && + !krb5_principal_compare(context, krbtgt->entry.principal, server->entry.principal)){ kdc_log(context, config, 0, "Inconsistent request."); @@ -1682,108 +1880,68 @@ server_lookup: } /* - * Select enctype, return key and kvno. + * If this is an referral, add server referral data to the + * auth_data reply . */ + if (ref_realm) { + PA_DATA pa; + krb5_crypto crypto; - { - krb5_enctype etype; + kdc_log(context, config, 0, + "Adding server referral to %s", ref_realm); - if(b->kdc_options.enc_tkt_in_skey) { - int i; - ekey = &adtkt.key; - for(i = 0; i < b->etype.len; i++) - if (b->etype.val[i] == adtkt.key.keytype) - break; - if(i == b->etype.len) { - krb5_clear_error_string(context); - return KRB5KDC_ERR_ETYPE_NOSUPP; - } - etype = b->etype.val[i]; - kvno = 0; - } else { - Key *skey; - - ret = _kdc_find_etype(context, server, b->etype.val, b->etype.len, - &skey, &etype); - if(ret) { - kdc_log(context, config, 0, - "Server (%s) has no support for etypes", spp); - return ret; - } - ekey = &skey->key; - kvno = server->entry.kvno; - } - - ret = krb5_generate_random_keyblock(context, etype, &sessionkey); + ret = krb5_crypto_init(context, &sessionkey, 0, &crypto); if (ret) goto out; - } - - /* check PAC if not cross realm and if there is one */ - if (!cross_realm) { - Key *tkey; - ret = hdb_enctype2key(context, &krbtgt->entry, - krbtgt_etype, &tkey); - if(ret) { + ret = build_server_referral(context, config, crypto, ref_realm, + NULL, s, &pa.padata_value); + krb5_crypto_destroy(context, crypto); + if (ret) { kdc_log(context, config, 0, - "Failed to find key for krbtgt PAC check"); + "Failed building server referral"); goto out; } + pa.padata_type = KRB5_PADATA_SERVER_REFERRAL; - ret = check_PAC(context, config, client_principal, - client, server, ekey, &tkey->key, - tgt, &rspac, &require_signedpath); + ret = add_METHOD_DATA(&enc_pa_data, &pa); + krb5_data_free(&pa.padata_value); if (ret) { kdc_log(context, config, 0, - "Verify PAC failed for %s (%s) from %s with %s", - spn, cpn, from, krb5_get_err_text(context, ret)); + "Add server referral METHOD-DATA failed"); goto out; } } - /* also check the krbtgt for signature */ - ret = check_KRB5SignedPath(context, - config, - krbtgt, - tgt, - &spp, - require_signedpath); - if (ret) { - kdc_log(context, config, 0, - "KRB5SignedPath check failed for %s (%s) from %s with %s", - spn, cpn, from, krb5_get_err_text(context, ret)); - goto out; - } - /* * */ ret = tgs_make_reply(context, - config, - b, + config, + b, client_principal, - tgt, + tgt, ekey, &sessionkey, kvno, - auth_data, - server, + *auth_data, + server, spn, - client, - cp, - krbtgt, + client, + cp, + krbtgt, krbtgt_etype, spp, &rspac, + &enc_pa_data, e_text, reply); out: free(spn); free(cpn); - + krb5_data_free(&rspac); krb5_free_keyblock_contents(context, &sessionkey); if(server) @@ -1797,6 +1955,9 @@ out: krb5_free_principal(context, cp); if (sp) krb5_free_principal(context, sp); + if (ref_realm) + free(ref_realm); + free_METHOD_DATA(&enc_pa_data); free_EncTicketPart(&adtkt); @@ -1808,9 +1969,9 @@ out: */ krb5_error_code -_kdc_tgs_rep(krb5_context context, +_kdc_tgs_rep(krb5_context context, krb5_kdc_configuration *config, - KDC_REQ *req, + KDC_REQ *req, krb5_data *data, const char *from, struct sockaddr *from_addr, @@ -1835,17 +1996,17 @@ _kdc_tgs_rep(krb5_context context, "TGS-REQ from %s without PA-DATA", from); goto out; } - + tgs_req = _kdc_find_padata(req, &i, KRB5_PADATA_TGS_REQ); if(tgs_req == NULL){ ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; - kdc_log(context, config, 0, + kdc_log(context, config, 0, "TGS-REQ from %s without PA-TGS-REQ", from); goto out; } - ret = tgs_parse_request(context, config, + ret = tgs_parse_request(context, config, &req->req_body, tgs_req, &krbtgt, &krbtgt_etype, @@ -1855,7 +2016,7 @@ _kdc_tgs_rep(krb5_context context, &csec, &cusec, &auth_data); if (ret) { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "Failed parsing TGS-REQ from %s", from); goto out; } @@ -1870,11 +2031,11 @@ _kdc_tgs_rep(krb5_context context, data, from, &e_text, - auth_data, + &auth_data, from_addr, datagram_reply); if (ret) { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "Failed building TGS-REP to %s", from); goto out; } diff --git a/source4/heimdal/kdc/kx509.c b/source4/heimdal/kdc/kx509.c index b1b861efef..8f117cebc0 100644 --- a/source4/heimdal/kdc/kx509.c +++ b/source4/heimdal/kdc/kx509.c @@ -36,7 +36,7 @@ #include #include -RCSID("$Id: kx509.c 21607 2007-07-17 07:04:52Z lha $"); +RCSID("$Id: kx509.c 23316 2008-06-23 04:32:32Z lha $"); /* * @@ -67,8 +67,9 @@ verify_req_hash(krb5_context context, HMAC_CTX ctx; if (req->pk_hash.length != sizeof(digest)) { - krb5_set_error_string(context, "pk-hash have wrong length: %lu", - (unsigned long)req->pk_hash.length); + krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, + "pk-hash have wrong length: %lu", + (unsigned long)req->pk_hash.length); return KRB5KDC_ERR_PREAUTH_FAILED; } @@ -84,7 +85,8 @@ verify_req_hash(krb5_context context, HMAC_CTX_cleanup(&ctx); if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) { - krb5_set_error_string(context, "pk-hash is not correct"); + krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, + "pk-hash is not correct"); return KRB5KDC_ERR_PREAUTH_FAILED; } return 0; @@ -106,7 +108,7 @@ calculate_reply_hash(krb5_context context, rep->hash->data = malloc(rep->hash->length); if (rep->hash->data == NULL) { HMAC_CTX_cleanup(&ctx); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -157,12 +159,8 @@ build_certificate(krb5_context context, ret = hx509_context_init(&hxctx); if (ret) goto out; - - ret = hx509_env_init(hxctx, &env); - if (ret) - goto out; - - ret = hx509_env_add(hxctx, env, "principal-name", + + ret = hx509_env_add(hxctx, &env, "principal-name", krb5_principal_get_comp_string(context, principal, 0)); if (ret) goto out; @@ -280,7 +278,7 @@ out: hx509_cert_free(signer); if (hxctx) hx509_context_free(&hxctx); - krb5_set_error_string(context, "cert creation failed"); + krb5_set_error_message(context, ret, "cert creation failed"); return ret; } @@ -358,16 +356,18 @@ _kdc_do_kx509(krb5_context context, krb5_free_principal(context, principal); if (ret != TRUE) { ret = KRB5KDC_ERR_SERVER_NOMATCH; - krb5_set_error_string(context, - "User %s used wrong Kx509 service principal", - cname); + krb5_set_error_message(context, ret, + "User %s used wrong Kx509 service principal", + cname); goto out; } } ret = krb5_auth_con_getkey(context, ac, &key); - if (ret || key == NULL) { - krb5_set_error_string(context, "Kx509 can't get session key"); + if (ret == 0 && key == NULL) + ret = KRB5KDC_ERR_NULL_KEY; + if (ret) { + krb5_set_error_message(context, ret, "Kx509 can't get session key"); goto out; } @@ -418,7 +418,7 @@ _kdc_do_kx509(krb5_context context, ASN1_MALLOC_ENCODE(Kx509Response, data.data, data.length, &rep, &size, ret); if (ret) { - krb5_set_error_string(context, "Failed to encode kx509 reply"); + krb5_set_error_message(context, ret, "Failed to encode kx509 reply"); goto out; } if (size != data.length) diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c index 072df44042..528b9e6a3b 100644 --- a/source4/heimdal/kdc/misc.c +++ b/source4/heimdal/kdc/misc.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: misc.c 21106 2007-06-18 10:18:11Z lha $"); +RCSID("$Id: misc.c 23316 2008-06-23 04:32:32Z lha $"); struct timeval _kdc_now; @@ -51,7 +51,7 @@ _kdc_db_fetch(krb5_context context, ent = calloc (1, sizeof (*ent)); if (ent == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -76,8 +76,8 @@ _kdc_db_fetch(krb5_context context, } } free(ent); - krb5_set_error_string(context, "no such entry found in hdb"); - return HDB_ERR_NOENTRY; + krb5_set_error_message(context, HDB_ERR_NOENTRY, "no such entry found in hdb"); + return HDB_ERR_NOENTRY; } void @@ -116,7 +116,8 @@ _kdc_get_preferred_key(krb5_context context, } } - krb5_set_error_string(context, "No valid kerberos key found for %s", name); + krb5_set_error_message(context, EINVAL, + "No valid kerberos key found for %s", name); return EINVAL; } diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index bf248af588..9f6d57f588 100755 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c 22243 2007-12-08 23:39:30Z lha $"); +RCSID("$Id: pkinit.c 23316 2008-06-23 04:32:32Z lha $"); #ifdef PKINIT @@ -45,23 +45,8 @@ RCSID("$Id: pkinit.c 22243 2007-12-08 23:39:30Z lha $"); #include #include "crypto-headers.h" -/* XXX copied from lib/krb5/pkinit.c */ -struct krb5_pk_identity { - hx509_context hx509ctx; - hx509_verify_ctx verify_ctx; - hx509_certs certs; - hx509_certs anchors; - hx509_certs certpool; - hx509_revoke_ctx revoke; -}; - -enum pkinit_type { - PKINIT_COMPAT_WIN2K = 1, - PKINIT_COMPAT_27 = 3 -}; - struct pk_client_params { - enum pkinit_type type; + enum krb5_pk_type type; BIGNUM *dh_public_key; hx509_cert cert; unsigned nonce; @@ -202,13 +187,13 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params, memset(&key, 0, sizeof(key)); if (!DH_generate_key(client_params->dh)) { - krb5_set_error_string(context, "Can't generate Diffie-Hellman keys"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "Can't generate Diffie-Hellman keys"); goto out; } if (client_params->dh_public_key == NULL) { - krb5_set_error_string(context, "dh_public_key"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "dh_public_key"); goto out; } @@ -219,8 +204,8 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params, dh_gen_key = malloc(size); if (dh_gen_key == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } memset(dh_gen_key, 0, size - dh_gen_keylen); @@ -229,8 +214,8 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params, client_params->dh_public_key, client_params->dh); if (dh_gen_keylen == -1) { - krb5_set_error_string(context, "Can't compute Diffie-Hellman key"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "Can't compute Diffie-Hellman key"); goto out; } @@ -256,7 +241,8 @@ integer_to_BN(krb5_context context, const char *field, heim_integer *f) bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL); if (bn == NULL) { - krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field); + krb5_set_error_message(context, KRB5_BADMSGTYPE, + "PKINIT: parsing BN failed %s", field); return NULL; } BN_set_negative(bn, f->negative); @@ -276,13 +262,14 @@ get_dh_param(krb5_context context, memset(&dhparam, 0, sizeof(dhparam)); if (der_heim_oid_cmp(&dh_key_info->algorithm.algorithm, oid_id_dhpublicnumber())) { - krb5_set_error_string(context, - "PKINIT invalid oid in clientPublicValue"); + krb5_set_error_message(context, KRB5_BADMSGTYPE, + "PKINIT invalid oid in clientPublicValue"); return KRB5_BADMSGTYPE; } if (dh_key_info->algorithm.parameters == NULL) { - krb5_set_error_string(context, "PKINIT missing algorithm parameter " + krb5_set_error_message(context, KRB5_BADMSGTYPE, + "PKINIT missing algorithm parameter " "in clientPublicValue"); return KRB5_BADMSGTYPE; } @@ -292,15 +279,16 @@ get_dh_param(krb5_context context, &dhparam, NULL); if (ret) { - krb5_set_error_string(context, "Can't decode algorithm " - "parameters in clientPublicValue"); + krb5_set_error_message(context, ret, "Can't decode algorithm " + "parameters in clientPublicValue"); goto out; } if ((dh_key_info->subjectPublicKey.length % 8) != 0) { ret = KRB5_BADMSGTYPE; - krb5_set_error_string(context, "PKINIT: subjectPublicKey not aligned " - "to 8 bit boundary"); + krb5_set_error_message(context, ret, + "PKINIT: subjectPublicKey not aligned " + "to 8 bit boundary"); goto out; } @@ -315,8 +303,8 @@ get_dh_param(krb5_context context, dh = DH_new(); if (dh == NULL) { - krb5_set_error_string(context, "Cannot create DH structure"); ret = ENOMEM; + krb5_set_error_message(context, ret, "Cannot create DH structure"); goto out; } ret = KRB5_BADMSGTYPE; @@ -347,8 +335,10 @@ get_dh_param(krb5_context context, "subjectPublicKey", &glue); der_free_heim_integer(&glue); - if (client_params->dh_public_key == NULL) + if (client_params->dh_public_key == NULL) { + ret = KRB5_BADMSGTYPE; goto out; + } } client_params->dh = dh; @@ -385,7 +375,7 @@ _kdc_pk_rd_padata(krb5_context context, return 0; } - hx509_verify_set_time(kdc_identity->verify_ctx, _kdc_now.tv_sec); + hx509_verify_set_time(kdc_identity->verify_ctx, kdc_time); client_params = calloc(1, sizeof(*client_params)); if (client_params == NULL) { @@ -404,8 +394,8 @@ _kdc_pk_rd_padata(krb5_context context, &r, NULL); if (ret) { - krb5_set_error_string(context, "Can't decode " - "PK-AS-REQ-Win2k: %d", ret); + krb5_set_error_message(context, ret, "Can't decode " + "PK-AS-REQ-Win2k: %d", ret); goto out; } @@ -415,7 +405,8 @@ _kdc_pk_rd_padata(krb5_context context, &have_data); free_PA_PK_AS_REQ_Win2k(&r); if (ret) { - krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret); + krb5_set_error_message(context, ret, + "Can't decode PK-AS-REQ: %d", ret); goto out; } @@ -429,7 +420,7 @@ _kdc_pk_rd_padata(krb5_context context, &r, NULL); if (ret) { - krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret); + krb5_set_error_message(context, ret, "Can't decode PK-AS-REQ: %d", ret); goto out; } @@ -443,7 +434,7 @@ _kdc_pk_rd_padata(krb5_context context, 0, NULL, &client_params->client_anchors); if (ret) { - krb5_set_error_string(context, "Can't allocate client anchors: %d", ret); + krb5_set_error_message(context, ret, "Can't allocate client anchors: %d", ret); goto out; } @@ -458,7 +449,7 @@ _kdc_pk_rd_padata(krb5_context context, ret = hx509_query_alloc(kdc_identity->hx509ctx, &q); if (ret) { - krb5_set_error_string(context, + krb5_set_error_message(context, ret, "Failed to allocate hx509_query"); goto out; } @@ -495,7 +486,8 @@ _kdc_pk_rd_padata(krb5_context context, &have_data); free_PA_PK_AS_REQ(&r); if (ret) { - krb5_set_error_string(context, "Can't unwrap ContentInfo: %d", ret); + krb5_set_error_message(context, ret, + "Can't unwrap ContentInfo: %d", ret); goto out; } @@ -507,16 +499,16 @@ _kdc_pk_rd_padata(krb5_context context, ret = der_heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData()); if (ret != 0) { - krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content " - "type oid"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + "PK-AS-REQ-Win2k invalid content type oid"); goto out; } if (!have_data) { - krb5_set_error_string(context, - "PK-AS-REQ-Win2k no signed auth pack"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + "PK-AS-REQ-Win2k no signed auth pack"); goto out; } @@ -551,8 +543,8 @@ _kdc_pk_rd_padata(krb5_context context, if (der_heim_oid_cmp(&eContentType, oid_id_pkcs7_data()) != 0 && der_heim_oid_cmp(&eContentType, oid_id_pkauthdata()) != 0) { - krb5_set_error_string(context, "got wrong oid for pkauthdata"); ret = KRB5_BADMSGTYPE; + krb5_set_error_message(context, ret, "got wrong oid for pkauthdata"); goto out; } @@ -564,7 +556,7 @@ _kdc_pk_rd_padata(krb5_context context, &ap, NULL); if (ret) { - krb5_set_error_string(context, "can't decode AuthPack: %d", ret); + krb5_set_error_message(context, ret, "can't decode AuthPack: %d", ret); goto out; } @@ -576,12 +568,12 @@ _kdc_pk_rd_padata(krb5_context context, goto out; } - client_params->type = PKINIT_COMPAT_WIN2K; + client_params->type = PKINIT_WIN2K; client_params->nonce = ap.pkAuthenticator.nonce; if (ap.clientPublicValue) { - krb5_set_error_string(context, "DH not supported for windows"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "DH not supported for windows"); goto out; } free_AuthPack_Win2k(&ap); @@ -594,7 +586,7 @@ _kdc_pk_rd_padata(krb5_context context, &ap, NULL); if (ret) { - krb5_set_error_string(context, "can't decode AuthPack: %d", ret); + krb5_set_error_message(context, ret, "can't decode AuthPack: %d", ret); free_AuthPack(&ap); goto out; } @@ -607,7 +599,7 @@ _kdc_pk_rd_padata(krb5_context context, goto out; } - client_params->type = PKINIT_COMPAT_27; + client_params->type = PKINIT_27; client_params->nonce = ap.pkAuthenticator.nonce; if (ap.clientPublicValue) { @@ -700,7 +692,7 @@ pk_mk_pa_reply_enckey(krb5_context context, */ switch (client_params->type) { - case PKINIT_COMPAT_WIN2K: { + case PKINIT_WIN2K: { int i = 0; if (_kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_09_BINDING) == NULL && config->pkinit_require_binding == 0) @@ -709,7 +701,7 @@ pk_mk_pa_reply_enckey(krb5_context context, } break; } - case PKINIT_COMPAT_27: + case PKINIT_27: break; default: krb5_abortx(context, "internal pkinit error"); @@ -769,8 +761,8 @@ pk_mk_pa_reply_enckey(krb5_context context, free_ReplyKeyPack(&kp); } if (ret) { - krb5_set_error_string(context, "ASN.1 encoding of ReplyKeyPack " - "failed (%d)", ret); + krb5_set_error_message(context, ret, "ASN.1 encoding of ReplyKeyPack " + "failed (%d)", ret); goto out; } if (buf.length != size) @@ -813,7 +805,7 @@ pk_mk_pa_reply_enckey(krb5_context context, if (ret) goto out; - if (client_params->type == PKINIT_COMPAT_WIN2K) { + if (client_params->type == PKINIT_WIN2K) { ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &signed_data, &buf); @@ -874,9 +866,8 @@ pk_mk_pa_reply_dh(krb5_context context, ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret); if (ret) { - krb5_set_error_string(context, "ASN.1 encoding of " - "DHPublicKey failed (%d)", ret); - krb5_clear_error_string(context); + krb5_set_error_message(context, ret, "ASN.1 encoding of " + "DHPublicKey failed (%d)", ret); return ret; } if (buf.length != size) @@ -890,8 +881,8 @@ pk_mk_pa_reply_dh(krb5_context context, ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size, ret); if (ret) { - krb5_set_error_string(context, "ASN.1 encoding of " - "KdcDHKeyInfo failed (%d)", ret); + krb5_set_error_message(context, ret, "ASN.1 encoding of " + "KdcDHKeyInfo failed (%d)", ret); goto out; } if (buf.length != size) @@ -990,15 +981,15 @@ _kdc_pk_mk_pa_reply(krb5_context context, break; if (req->req_body.etype.len <= i) { ret = KRB5KRB_ERR_GENERIC; - krb5_set_error_string(context, - "No valid enctype available from client"); + krb5_set_error_message(context, ret, + "No valid enctype available from client"); goto out; } enctype = req->req_body.etype.val[i]; } else enctype = ETYPE_DES3_CBC_SHA1; - if (client_params->type == PKINIT_COMPAT_27) { + if (client_params->type == PKINIT_27) { PA_PK_AS_REP rep; const char *type, *other = ""; @@ -1035,8 +1026,8 @@ _kdc_pk_mk_pa_reply(krb5_context context, ret); free_ContentInfo(&info); if (ret) { - krb5_set_error_string(context, "encoding of Key ContentInfo " - "failed %d", ret); + krb5_set_error_message(context, ret, "encoding of Key ContentInfo " + "failed %d", ret); free_PA_PK_AS_REP(&rep); goto out; } @@ -1068,8 +1059,8 @@ _kdc_pk_mk_pa_reply(krb5_context context, ret); free_ContentInfo(&info); if (ret) { - krb5_set_error_string(context, "encoding of Key ContentInfo " - "failed %d", ret); + krb5_set_error_message(context, ret, "encoding of Key ContentInfo " + "failed %d", ret); free_PA_PK_AS_REP(&rep); goto out; } @@ -1085,8 +1076,8 @@ _kdc_pk_mk_pa_reply(krb5_context context, ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret); free_PA_PK_AS_REP(&rep); if (ret) { - krb5_set_error_string(context, "encode PA-PK-AS-REP failed %d", - ret); + krb5_set_error_message(context, ret, "encode PA-PK-AS-REP failed %d", + ret); goto out; } if (len != size) @@ -1094,13 +1085,13 @@ _kdc_pk_mk_pa_reply(krb5_context context, kdc_log(context, config, 0, "PK-INIT using %s %s", type, other); - } else if (client_params->type == PKINIT_COMPAT_WIN2K) { + } else if (client_params->type == PKINIT_WIN2K) { PA_PK_AS_REP_Win2k rep; ContentInfo info; if (client_params->dh) { - krb5_set_error_string(context, "Windows PK-INIT doesn't support DH"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "Windows PK-INIT doesn't support DH"); goto out; } @@ -1131,7 +1122,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, ret); free_ContentInfo(&info); if (ret) { - krb5_set_error_string(context, "encoding of Key ContentInfo " + krb5_set_error_message(context, ret, "encoding of Key ContentInfo " "failed %d", ret); free_PA_PK_AS_REP_Win2k(&rep); goto out; @@ -1142,7 +1133,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret); free_PA_PK_AS_REP_Win2k(&rep); if (ret) { - krb5_set_error_string(context, + krb5_set_error_message(context, ret, "encode PA-PK-AS-REP-Win2k failed %d", ret); goto out; } @@ -1155,7 +1146,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, ret = krb5_padata_add(context, md, pa_type, buf, len); if (ret) { - krb5_set_error_string(context, "failed adding PA-PK-AS-REP %d", ret); + krb5_set_error_message(context, ret, "failed adding PA-PK-AS-REP %d", ret); free(buf); goto out; } @@ -1229,8 +1220,8 @@ _kdc_pk_mk_pa_reply(krb5_context context, KRB5_PADATA_PA_PK_OCSP_RESPONSE, ocsp.data.data, ocsp.data.length); if (ret) { - krb5_set_error_string(context, - "Failed adding OCSP response %d", ret); + krb5_set_error_message(context, ret, + "Failed adding OCSP response %d", ret); goto out; } } @@ -1453,7 +1444,8 @@ _kdc_pk_check_client(krb5_context context, return 0; } - krb5_set_error_string(context, + ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; + krb5_set_error_message(context, ret, "PKINIT no matching principals for %s", *subject_name); @@ -1464,7 +1456,7 @@ _kdc_pk_check_client(krb5_context context, free(*subject_name); *subject_name = NULL; - return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; + return ret; } static krb5_error_code diff --git a/source4/heimdal/kdc/process.c b/source4/heimdal/kdc/process.c index 1d0a01a215..550bfb04b2 100644 --- a/source4/heimdal/kdc/process.c +++ b/source4/heimdal/kdc/process.c @@ -34,7 +34,7 @@ #include "kdc_locl.h" -RCSID("$Id: process.c 20959 2007-06-07 04:46:06Z lha $"); +RCSID("$Id: process.c 23316 2008-06-23 04:32:32Z lha $"); /* * @@ -177,14 +177,15 @@ krb5_kdc_save_request(krb5_context context, fd = open(fn, O_WRONLY|O_CREAT|O_APPEND, 0600); if (fd < 0) { - krb5_set_error_string(context, "Failed to open: %s", fn); - return errno; + int saved_errno = errno; + krb5_set_error_message(context, saved_errno, "Failed to open: %s", fn); + return saved_errno; } sp = krb5_storage_from_fd(fd); close(fd); if (sp == NULL) { - krb5_set_error_string(context, "Storage failed to open fd"); + krb5_set_error_message(context, ENOMEM, "Storage failed to open fd"); return ENOMEM; } diff --git a/source4/heimdal/kdc/windc.c b/source4/heimdal/kdc/windc.c index 85e4d7f725..621757f6dc 100644 --- a/source4/heimdal/kdc/windc.c +++ b/source4/heimdal/kdc/windc.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: windc.c 20559 2007-04-24 16:00:07Z lha $"); +RCSID("$Id: windc.c 23316 2008-06-23 04:32:32Z lha $"); static krb5plugin_windc_ftable *windcft; static void *windcctx; @@ -63,7 +63,7 @@ krb5_kdc_windc_init(krb5_context context) } if (e == NULL) { _krb5_plugin_free(list); - krb5_set_error_string(context, "Did not find any WINDC plugin"); + krb5_set_error_message(context, ENOENT, "Did not find any WINDC plugin"); windcft = NULL; return ENOENT; } @@ -91,7 +91,7 @@ _kdc_pac_verify(krb5_context context, krb5_pac *pac) { if (windcft == NULL) { - krb5_set_error_string(context, "Can't verify PAC, no function"); + krb5_set_error_message(context, EINVAL, "Can't verify PAC, no function"); return EINVAL; } return (windcft->pac_verify)(windcctx, context, diff --git a/source4/heimdal/kdc/windc_plugin.h b/source4/heimdal/kdc/windc_plugin.h index 3ae0c94681..44aab9e22b 100644 --- a/source4/heimdal/kdc/windc_plugin.h +++ b/source4/heimdal/kdc/windc_plugin.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: windc_plugin.h 19798 2007-01-10 15:24:51Z lha $ */ +/* $Id: windc_plugin.h 22693 2008-03-19 08:57:49Z lha $ */ #ifndef HEIMDAL_KRB5_PAC_PLUGIN_H #define HEIMDAL_KRB5_PAC_PLUGIN_H 1 @@ -67,7 +67,7 @@ typedef krb5_error_code void *, krb5_context, struct hdb_entry_ex *, KDC_REQ *, krb5_data *); -#define KRB5_WINDC_PLUGING_MINOR 2 +#define KRB5_WINDC_PLUGING_MINOR 3 typedef struct krb5plugin_windc_ftable { int minor_version; diff --git a/source4/heimdal/kuser/kinit.c b/source4/heimdal/kuser/kinit.c index 2676309859..0e03dc4d37 100644 --- a/source4/heimdal/kuser/kinit.c +++ b/source4/heimdal/kuser/kinit.c @@ -32,7 +32,7 @@ */ #include "kuser_locl.h" -RCSID("$Id: kinit.c 22116 2007-12-03 21:22:58Z lha $"); +RCSID("$Id: kinit.c 23418 2008-07-26 18:36:48Z lha $"); #include "krb5-v4compat.h" @@ -66,6 +66,8 @@ char *pk_user_id = NULL; char *pk_x509_anchors = NULL; int pk_use_enckey = 0; static int canonicalize_flag = 0; +static int ok_as_delegate_flag = 0; +static int windows_flag = 0; static char *ntlm_domain; static char *krb4_cc_name; @@ -161,6 +163,12 @@ static struct getargs args[] = { { "ntlm-domain", 0, arg_string, &ntlm_domain, "NTLM domain", "domain" }, + { "ok-as-delegate", 0, arg_flag, &ok_as_delegate_flag, + "honor ok-as-delegate on tickets" }, + + { "windows", 0, arg_flag, &windows_flag, + "get windows behavior" }, + { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } }; @@ -329,36 +337,25 @@ out: } static krb5_error_code -store_ntlmkey(krb5_context context, krb5_ccache id, - const char *domain, krb5_const_principal client, - struct ntlm_buf *buf) +store_ntlmkey(krb5_context context, krb5_ccache id, + const char *domain, struct ntlm_buf *buf) { krb5_error_code ret; - krb5_creds cred; - - memset(&cred, 0, sizeof(cred)); + krb5_data data; + char *name; - ret = krb5_make_principal(context, &cred.server, - krb5_principal_get_realm(context, client), - "@ntlm-key", domain, NULL); - if (ret) - goto out; - ret = krb5_copy_principal(context, client, &cred.client); - if (ret) - goto out; + asprintf(&name, "ntlm-key-%s", domain); + if (name == NULL) { + krb5_clear_error_string(context); + return ENOMEM; + } - cred.times.authtime = time(NULL); - cred.times.endtime = time(NULL) + 3600 * 24 * 30; /* XXX */ - cred.session.keytype = ENCTYPE_ARCFOUR_HMAC_MD5; - ret = krb5_data_copy(&cred.session.keyvalue, buf->data, buf->length); - if (ret) - goto out; - - ret = krb5_cc_store_cred(context, id, &cred); + data.length = buf->length; + data.data = buf->data; -out: - krb5_free_cred_contents (context, &cred); - return 0; + ret = krb5_cc_set_config(context, id, NULL, name, &data); + free(name); + return ret; } static krb5_error_code @@ -598,7 +595,17 @@ get_new_tickets(krb5_context context, krb5_err (context, 1, ret, "krb5_cc_move"); if (ntlm_domain && ntlmkey.data) - store_ntlmkey(context, ccache, ntlm_domain, principal, &ntlmkey); + store_ntlmkey(context, ccache, ntlm_domain, &ntlmkey); + + if (ok_as_delegate_flag || windows_flag) { + krb5_data data; + + data.length = 1; + data.data = "\x01"; + + krb5_cc_set_config(context, ccache, NULL, "realm-config", &data); + } + if (enctype) free(enctype); diff --git a/source4/heimdal/lib/asn1/der.h b/source4/heimdal/lib/asn1/der.h index 13e39320d4..0484137192 100644 --- a/source4/heimdal/lib/asn1/der.h +++ b/source4/heimdal/lib/asn1/der.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: der.h 18437 2006-10-14 05:16:08Z lha $ */ +/* $Id: der.h 23183 2008-05-22 09:56:51Z lha $ */ #ifndef __DER_H__ #define __DER_H__ diff --git a/source4/heimdal/lib/asn1/der_free.c b/source4/heimdal/lib/asn1/der_free.c index 851cb1d407..f59ec72eb7 100644 --- a/source4/heimdal/lib/asn1/der_free.c +++ b/source4/heimdal/lib/asn1/der_free.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_free.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id: der_free.c 23182 2008-05-22 02:59:04Z lha $"); void der_free_general_string (heim_general_string *str) diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c index 499f8eab36..39dba89e4e 100644 --- a/source4/heimdal/lib/asn1/gen.c +++ b/source4/heimdal/lib/asn1/gen.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c 22429 2008-01-13 10:25:50Z lha $"); +RCSID("$Id: gen.c 22896 2008-04-07 18:52:24Z lha $"); FILE *headerfile, *codefile, *logfile; @@ -294,13 +294,18 @@ generate_constant (const Symbol *s) break; case objectidentifiervalue: { struct objid *o, **list; - int i, len; + unsigned int i, len; generate_header_of_codefile(s->gen_name); len = 0; for (o = s->value->u.objectidentifiervalue; o != NULL; o = o->next) len++; + if (len == 0) { + printf("s->gen_name: %s",s->gen_name); + fflush(stdout); + break; + } list = emalloc(sizeof(*list) * len); i = 0; @@ -308,8 +313,8 @@ generate_constant (const Symbol *s) list[i++] = o; fprintf (headerfile, "/* OBJECT IDENTIFIER %s ::= { ", s->name); - for (i = len - 1 ; i >= 0; i--) { - o = list[i]; + for (i = len ; i > 0; i--) { + o = list[i - 1]; fprintf(headerfile, "%s(%d) ", o->label ? o->label : "label-less", o->value); } @@ -320,8 +325,8 @@ generate_constant (const Symbol *s) fprintf (codefile, "static unsigned oid_%s_variable_num[%d] = {", s->gen_name, len); - for (i = len - 1 ; i >= 0; i--) { - fprintf(codefile, "%d%s ", list[i]->value, i > 0 ? "," : ""); + for (i = len ; i > 0; i--) { + fprintf(codefile, "%d%s ", list[i - 1]->value, i > 1 ? "," : ""); } fprintf(codefile, "};\n"); diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1 index 18f1e1541b..ea20eb99d2 100644 --- a/source4/heimdal/lib/asn1/k5.asn1 +++ b/source4/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1 21965 2007-10-18 18:24:36Z lha $ +-- $Id: k5.asn1 22745 2008-03-24 12:07:54Z lha $ KERBEROS5 DEFINITIONS ::= BEGIN @@ -634,18 +634,18 @@ KRB5SignedPath ::= SEQUENCE { } PA-ClientCanonicalizedNames ::= SEQUENCE{ - requested-name [0] PrincipalName, - real-name [1] PrincipalName + requested-name [0] PrincipalName, + mapped-name [1] PrincipalName } PA-ClientCanonicalized ::= SEQUENCE { - names [0] PA-ClientCanonicalizedNames, - canon-checksum [1] Checksum + names [0] PA-ClientCanonicalizedNames, + canon-checksum [1] Checksum } AD-LoginAlias ::= SEQUENCE { -- ad-type number TBD -- - login-alias [0] PrincipalName, - checksum [1] Checksum + login-alias [0] PrincipalName, + checksum [1] Checksum } -- old ms referral @@ -654,6 +654,16 @@ PA-SvrReferralData ::= SEQUENCE { referred-realm [0] Realm } +PA-SERVER-REFERRAL-DATA ::= EncryptedData + +PA-ServerReferralData ::= SEQUENCE { + referred-realm [0] Realm OPTIONAL, + true-principal-name [1] PrincipalName OPTIONAL, + requested-principal-name [2] PrincipalName OPTIONAL, + referral-valid-until [3] KerberosTime OPTIONAL, + ... +} + END -- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1 diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index da4f729c3d..175760be44 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -1,5 +1,6 @@ +#include "config.h" -#line 3 "lex.c" +#line 3 "heimdal/lib/asn1/lex.c" #define YY_INT_ALIGNED short int @@ -8,7 +9,7 @@ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 33 +#define YY_FLEX_SUBMINOR_VERSION 34 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif @@ -30,7 +31,7 @@ /* C99 systems have . Non-C99 systems may or may not. */ -#if __STDC_VERSION__ >= 199901L +#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L /* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, * if you want the limit (max/min) macros for int types. @@ -93,11 +94,12 @@ typedef unsigned int flex_uint32_t; #else /* ! __cplusplus */ -#if __STDC__ +/* C99 requires __STDC__ to be defined as 1. */ +#if defined (__STDC__) #define YY_USE_CONST -#endif /* __STDC__ */ +#endif /* defined (__STDC__) */ #endif /* ! __cplusplus */ #ifdef YY_USE_CONST @@ -180,11 +182,13 @@ extern FILE *yyin, *yyout; /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). + * Given that the standard has decreed that size_t exists since 1989, + * I guess we can afford to depend on it. Manoj. */ #ifndef YY_TYPEDEF_YY_SIZE_T #define YY_TYPEDEF_YY_SIZE_T -typedef unsigned int yy_size_t; +typedef size_t yy_size_t; #endif #ifndef YY_STRUCT_YY_BUFFER_STATE @@ -851,7 +855,7 @@ static unsigned lineno = 1; static void unterminated(const char *, unsigned); /* This is for broken old lexes (solaris 10 and hpux) */ -#line 855 "lex.c" +#line 858 "heimdal/lib/asn1/lex.c" #define INITIAL 0 @@ -869,35 +873,6 @@ static void unterminated(const char *, unsigned); static int yy_init_globals (void ); -/* Accessor methods to globals. - These are made visible to non-reentrant scanners for convenience. */ - -int yylex_destroy (void ); - -int yyget_debug (void ); - -void yyset_debug (int debug_flag ); - -YY_EXTRA_TYPE yyget_extra (void ); - -void yyset_extra (YY_EXTRA_TYPE user_defined ); - -FILE *yyget_in (void ); - -void yyset_in (FILE * in_str ); - -FILE *yyget_out (void ); - -void yyset_out (FILE * out_str ); - -int yyget_leng (void ); - -char *yyget_text (void ); - -int yyget_lineno (void ); - -void yyset_lineno (int line_number ); - /* Macros after this point can all be overridden by user definitions in * section 1. */ @@ -940,7 +915,7 @@ static int input (void ); /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ -#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) +#define ECHO fwrite( yytext, yyleng, 1, yyout ) #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, @@ -951,7 +926,7 @@ static int input (void ); if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ int c = '*'; \ - size_t n; \ + int n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -1035,7 +1010,7 @@ YY_DECL #line 68 "lex.l" -#line 1039 "lex.c" +#line 1013 "heimdal/lib/asn1/lex.c" if ( !(yy_init) ) { @@ -1704,7 +1679,7 @@ YY_RULE_SETUP #line 274 "lex.l" ECHO; YY_BREAK -#line 1708 "lex.c" +#line 1682 "heimdal/lib/asn1/lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -1935,7 +1910,7 @@ static int yy_get_next_buffer (void) /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), num_to_read ); + (yy_n_chars), (size_t) num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } @@ -1959,6 +1934,14 @@ static int yy_get_next_buffer (void) else ret_val = EOB_ACT_CONTINUE_SCAN; + if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { + /* Extend the array by 50%, plus the number we really need. */ + yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ); + if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); + } + (yy_n_chars) += number_to_move; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; @@ -2374,7 +2357,9 @@ static void yyensure_buffer_stack (void) (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) ); - + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); (yy_buffer_stack_max) = num_to_alloc; @@ -2392,6 +2377,8 @@ static void yyensure_buffer_stack (void) ((yy_buffer_stack), num_to_alloc * sizeof(struct yy_buffer_state*) ); + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); /* zero only the new slots.*/ memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); @@ -2436,7 +2423,7 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. - * @param str a NUL-terminated string to scan + * @param yystr a NUL-terminated string to scan * * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use diff --git a/source4/heimdal/lib/asn1/lex.l b/source4/heimdal/lib/asn1/lex.l index 6ec7b67bb9..ec744220e9 100644 --- a/source4/heimdal/lib/asn1/lex.l +++ b/source4/heimdal/lib/asn1/lex.l @@ -32,7 +32,7 @@ * SUCH DAMAGE. */ -/* $Id: lex.l,v 1.31 2006/10/21 11:57:22 lha Exp $ */ +/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */ #ifdef HAVE_CONFIG_H #include diff --git a/source4/heimdal/lib/asn1/pkinit.asn1 b/source4/heimdal/lib/asn1/pkinit.asn1 index 989b26581b..758af6f86e 100644 --- a/source4/heimdal/lib/asn1/pkinit.asn1 +++ b/source4/heimdal/lib/asn1/pkinit.asn1 @@ -17,6 +17,11 @@ id-pkrkeydata OBJECT IDENTIFIER ::= { id-pkinit 3 } id-pkekuoid OBJECT IDENTIFIER ::= { id-pkinit 4 } id-pkkdcekuoid OBJECT IDENTIFIER ::= { id-pkinit 5 } +id-pkinit-kdf OBJECT IDENTIFIER ::= { id-pkinit 6 } +id-pkinit-kdf-ah-sha1 OBJECT IDENTIFIER ::= { id-pkinit-kdf 1 } +id-pkinit-kdf-ah-sha256 OBJECT IDENTIFIER ::= { id-pkinit-kdf 2 } +id-pkinit-kdf-ah-sha512 OBJECT IDENTIFIER ::= { id-pkinit-kdf 3 } + id-pkinit-san OBJECT IDENTIFIER ::= { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) x509-sanan(2) } @@ -171,6 +176,14 @@ ReplyKeyPack-Win2k ::= SEQUENCE { ... } +PkinitSP80056AOtherInfo ::= SEQUENCE { + algorithmID AlgorithmIdentifier, + partyUInfo [0] OCTET STRING, + partyVInfo [1] OCTET STRING, + suppPubInfo [2] OCTET STRING OPTIONAL, + suppPrivInfo [3] OCTET STRING OPTIONAL +} + PkinitSuppPubInfo ::= SEQUENCE { enctype [0] INTEGER (-2147483648..2147483647), as-REQ [1] OCTET STRING, diff --git a/source4/heimdal/lib/asn1/test.gen b/source4/heimdal/lib/asn1/test.gen index 9a1f354791..d0fc7d98a4 100644 --- a/source4/heimdal/lib/asn1/test.gen +++ b/source4/heimdal/lib/asn1/test.gen @@ -1,4 +1,4 @@ -# $Id: test.gen,v 1.2 2005/07/12 06:27:41 lha Exp $ +# $Id: test.gen 15617 2005-07-12 06:27:42Z lha $ # Sample for TESTSeq in test.asn1 # diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index 3c6ea3beb7..b70ef4749f 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -1,5 +1,6 @@ +#include "config.h" -#line 3 "lex.c" +#line 3 "heimdal/lib/com_err/lex.c" #define YY_INT_ALIGNED short int @@ -8,7 +9,7 @@ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 33 +#define YY_FLEX_SUBMINOR_VERSION 34 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif @@ -30,7 +31,7 @@ /* C99 systems have . Non-C99 systems may or may not. */ -#if __STDC_VERSION__ >= 199901L +#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L /* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, * if you want the limit (max/min) macros for int types. @@ -93,11 +94,12 @@ typedef unsigned int flex_uint32_t; #else /* ! __cplusplus */ -#if __STDC__ +/* C99 requires __STDC__ to be defined as 1. */ +#if defined (__STDC__) #define YY_USE_CONST -#endif /* __STDC__ */ +#endif /* defined (__STDC__) */ #endif /* ! __cplusplus */ #ifdef YY_USE_CONST @@ -180,11 +182,13 @@ extern FILE *yyin, *yyout; /* The following is because we cannot portably get our hands on size_t * (without autoconf's help, which isn't available because we want * flex-generated scanners to compile on their own). + * Given that the standard has decreed that size_t exists since 1989, + * I guess we can afford to depend on it. Manoj. */ #ifndef YY_TYPEDEF_YY_SIZE_T #define YY_TYPEDEF_YY_SIZE_T -typedef unsigned int yy_size_t; +typedef size_t yy_size_t; #endif #ifndef YY_STRUCT_YY_BUFFER_STATE @@ -532,7 +536,7 @@ static int getstring(void); #undef ECHO -#line 536 "lex.c" +#line 539 "heimdal/lib/com_err/lex.c" #define INITIAL 0 @@ -550,35 +554,6 @@ static int getstring(void); static int yy_init_globals (void ); -/* Accessor methods to globals. - These are made visible to non-reentrant scanners for convenience. */ - -int yylex_destroy (void ); - -int yyget_debug (void ); - -void yyset_debug (int debug_flag ); - -YY_EXTRA_TYPE yyget_extra (void ); - -void yyset_extra (YY_EXTRA_TYPE user_defined ); - -FILE *yyget_in (void ); - -void yyset_in (FILE * in_str ); - -FILE *yyget_out (void ); - -void yyset_out (FILE * out_str ); - -int yyget_leng (void ); - -char *yyget_text (void ); - -int yyget_lineno (void ); - -void yyset_lineno (int line_number ); - /* Macros after this point can all be overridden by user definitions in * section 1. */ @@ -621,7 +596,7 @@ static int input (void ); /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ -#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) +#define ECHO fwrite( yytext, yyleng, 1, yyout ) #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, @@ -632,7 +607,7 @@ static int input (void ); if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ int c = '*'; \ - size_t n; \ + int n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -716,7 +691,7 @@ YY_DECL #line 59 "lex.l" -#line 720 "lex.c" +#line 694 "heimdal/lib/com_err/lex.c" if ( !(yy_init) ) { @@ -880,7 +855,7 @@ YY_RULE_SETUP #line 75 "lex.l" ECHO; YY_BREAK -#line 884 "lex.c" +#line 858 "heimdal/lib/com_err/lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -1111,7 +1086,7 @@ static int yy_get_next_buffer (void) /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), num_to_read ); + (yy_n_chars), (size_t) num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } @@ -1135,6 +1110,14 @@ static int yy_get_next_buffer (void) else ret_val = EOB_ACT_CONTINUE_SCAN; + if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { + /* Extend the array by 50%, plus the number we really need. */ + yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ); + if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); + } + (yy_n_chars) += number_to_move; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; @@ -1550,7 +1533,9 @@ static void yyensure_buffer_stack (void) (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) ); - + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); (yy_buffer_stack_max) = num_to_alloc; @@ -1568,6 +1553,8 @@ static void yyensure_buffer_stack (void) ((yy_buffer_stack), num_to_alloc * sizeof(struct yy_buffer_state*) ); + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); /* zero only the new slots.*/ memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); @@ -1612,7 +1599,7 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. - * @param str a NUL-terminated string to scan + * @param yystr a NUL-terminated string to scan * * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use diff --git a/source4/heimdal/lib/com_err/lex.l b/source4/heimdal/lib/com_err/lex.l index d60e67c136..08aef516b3 100644 --- a/source4/heimdal/lib/com_err/lex.l +++ b/source4/heimdal/lib/com_err/lex.l @@ -44,7 +44,7 @@ #include "parse.h" #include "lex.h" -RCSID("$Id: lex.l,v 1.8 2005/05/16 08:52:54 lha Exp $"); +RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $"); static unsigned lineno = 1; static int getstring(void); diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h index fbc638c48f..63f66f7313 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi.h 21004 2007-06-08 01:53:10Z lha $ */ +/* $Id: gssapi.h 23025 2008-04-17 10:01:57Z lha $ */ #ifndef GSSAPI_GSSAPI_H_ #define GSSAPI_GSSAPI_H_ @@ -43,6 +43,16 @@ #include +#ifndef BUILD_GSSAPI_LIB +#if defined(_WIN32) +#define GSSAPI_LIB_FUNCTION _stdcall __declspec(dllimport) +#define GSSAPI_LIB_VARIABLE __declspec(dllimport) +#else +#define GSSAPI_LIB_FUNCTION +#define GSSAPI_LIB_VARIABLE +#endif +#endif + /* * Now define the three implementation-dependent types. */ @@ -210,7 +220,7 @@ extern "C" { * GSS_C_NT_USER_NAME should be initialized to point * to that gss_OID_desc. */ -extern gss_OID GSS_C_NT_USER_NAME; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_USER_NAME; /* * The implementation must reserve static storage for a @@ -223,7 +233,7 @@ extern gss_OID GSS_C_NT_USER_NAME; * The constant GSS_C_NT_MACHINE_UID_NAME should be * initialized to point to that gss_OID_desc. */ -extern gss_OID GSS_C_NT_MACHINE_UID_NAME; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_MACHINE_UID_NAME; /* * The implementation must reserve static storage for a @@ -236,7 +246,7 @@ extern gss_OID GSS_C_NT_MACHINE_UID_NAME; * The constant GSS_C_NT_STRING_UID_NAME should be * initialized to point to that gss_OID_desc. */ -extern gss_OID GSS_C_NT_STRING_UID_NAME; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_STRING_UID_NAME; /* * The implementation must reserve static storage for a @@ -255,7 +265,7 @@ extern gss_OID GSS_C_NT_STRING_UID_NAME; * parameter, but should not be emitted by GSS-API * implementations */ -extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; /* * The implementation must reserve static storage for a @@ -268,7 +278,7 @@ extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; * GSS_C_NT_HOSTBASED_SERVICE should be initialized * to point to that gss_OID_desc. */ -extern gss_OID GSS_C_NT_HOSTBASED_SERVICE; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_HOSTBASED_SERVICE; /* * The implementation must reserve static storage for a @@ -280,7 +290,7 @@ extern gss_OID GSS_C_NT_HOSTBASED_SERVICE; * and GSS_C_NT_ANONYMOUS should be initialized to point * to that gss_OID_desc. */ -extern gss_OID GSS_C_NT_ANONYMOUS; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_ANONYMOUS; /* * The implementation must reserve static storage for a @@ -292,19 +302,19 @@ extern gss_OID GSS_C_NT_ANONYMOUS; * GSS_C_NT_EXPORT_NAME should be initialized to point * to that gss_OID_desc. */ -extern gss_OID GSS_C_NT_EXPORT_NAME; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_NT_EXPORT_NAME; /* * Digest mechanism */ -extern gss_OID GSS_SASL_DIGEST_MD5_MECHANISM; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_SASL_DIGEST_MD5_MECHANISM; /* * NTLM mechanism */ -extern gss_OID GSS_NTLM_MECHANISM; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_NTLM_MECHANISM; /* Major status codes */ @@ -387,7 +397,7 @@ extern gss_OID GSS_NTLM_MECHANISM; * Finally, function prototypes for the GSS-API routines. */ -OM_uint32 gss_acquire_cred +OM_uint32 GSSAPI_LIB_FUNCTION gss_acquire_cred (OM_uint32 * /*minor_status*/, const gss_name_t /*desired_name*/, OM_uint32 /*time_req*/, @@ -398,12 +408,12 @@ OM_uint32 gss_acquire_cred OM_uint32 * /*time_rec*/ ); -OM_uint32 gss_release_cred +OM_uint32 GSSAPI_LIB_FUNCTION gss_release_cred (OM_uint32 * /*minor_status*/, gss_cred_id_t * /*cred_handle*/ ); -OM_uint32 gss_init_sec_context +OM_uint32 GSSAPI_LIB_FUNCTION gss_init_sec_context (OM_uint32 * /*minor_status*/, const gss_cred_id_t /*initiator_cred_handle*/, gss_ctx_id_t * /*context_handle*/, @@ -419,7 +429,7 @@ OM_uint32 gss_init_sec_context OM_uint32 * /*time_rec*/ ); -OM_uint32 gss_accept_sec_context +OM_uint32 GSSAPI_LIB_FUNCTION gss_accept_sec_context (OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*context_handle*/, const gss_cred_id_t /*acceptor_cred_handle*/, @@ -433,25 +443,25 @@ OM_uint32 gss_accept_sec_context gss_cred_id_t * /*delegated_cred_handle*/ ); -OM_uint32 gss_process_context_token +OM_uint32 GSSAPI_LIB_FUNCTION gss_process_context_token (OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, const gss_buffer_t /*token_buffer*/ ); -OM_uint32 gss_delete_sec_context +OM_uint32 GSSAPI_LIB_FUNCTION gss_delete_sec_context (OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*context_handle*/, gss_buffer_t /*output_token*/ ); -OM_uint32 gss_context_time +OM_uint32 GSSAPI_LIB_FUNCTION gss_context_time (OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, OM_uint32 * /*time_rec*/ ); -OM_uint32 gss_get_mic +OM_uint32 GSSAPI_LIB_FUNCTION gss_get_mic (OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, gss_qop_t /*qop_req*/, @@ -459,7 +469,7 @@ OM_uint32 gss_get_mic gss_buffer_t /*message_token*/ ); -OM_uint32 gss_verify_mic +OM_uint32 GSSAPI_LIB_FUNCTION gss_verify_mic (OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, const gss_buffer_t /*message_buffer*/, @@ -467,7 +477,7 @@ OM_uint32 gss_verify_mic gss_qop_t * /*qop_state*/ ); -OM_uint32 gss_wrap +OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap (OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, int /*conf_req_flag*/, @@ -477,7 +487,7 @@ OM_uint32 gss_wrap gss_buffer_t /*output_message_buffer*/ ); -OM_uint32 gss_unwrap +OM_uint32 GSSAPI_LIB_FUNCTION gss_unwrap (OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, const gss_buffer_t /*input_message_buffer*/, @@ -486,7 +496,7 @@ OM_uint32 gss_unwrap gss_qop_t * /*qop_state*/ ); -OM_uint32 gss_display_status +OM_uint32 GSSAPI_LIB_FUNCTION gss_display_status (OM_uint32 * /*minor_status*/, OM_uint32 /*status_value*/, int /*status_type*/, @@ -495,54 +505,54 @@ OM_uint32 gss_display_status gss_buffer_t /*status_string*/ ); -OM_uint32 gss_indicate_mechs +OM_uint32 GSSAPI_LIB_FUNCTION gss_indicate_mechs (OM_uint32 * /*minor_status*/, gss_OID_set * /*mech_set*/ ); -OM_uint32 gss_compare_name +OM_uint32 GSSAPI_LIB_FUNCTION gss_compare_name (OM_uint32 * /*minor_status*/, const gss_name_t /*name1*/, const gss_name_t /*name2*/, int * /*name_equal*/ ); -OM_uint32 gss_display_name +OM_uint32 GSSAPI_LIB_FUNCTION gss_display_name (OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, gss_buffer_t /*output_name_buffer*/, gss_OID * /*output_name_type*/ ); -OM_uint32 gss_import_name +OM_uint32 GSSAPI_LIB_FUNCTION gss_import_name (OM_uint32 * /*minor_status*/, const gss_buffer_t /*input_name_buffer*/, const gss_OID /*input_name_type*/, gss_name_t * /*output_name*/ ); -OM_uint32 gss_export_name +OM_uint32 GSSAPI_LIB_FUNCTION gss_export_name (OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, gss_buffer_t /*exported_name*/ ); -OM_uint32 gss_release_name +OM_uint32 GSSAPI_LIB_FUNCTION gss_release_name (OM_uint32 * /*minor_status*/, gss_name_t * /*input_name*/ ); -OM_uint32 gss_release_buffer +OM_uint32 GSSAPI_LIB_FUNCTION gss_release_buffer (OM_uint32 * /*minor_status*/, gss_buffer_t /*buffer*/ ); -OM_uint32 gss_release_oid_set +OM_uint32 GSSAPI_LIB_FUNCTION gss_release_oid_set (OM_uint32 * /*minor_status*/, gss_OID_set * /*set*/ ); -OM_uint32 gss_inquire_cred +OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_cred (OM_uint32 * /*minor_status*/, const gss_cred_id_t /*cred_handle*/, gss_name_t * /*name*/, @@ -551,7 +561,7 @@ OM_uint32 gss_inquire_cred gss_OID_set * /*mechanisms*/ ); -OM_uint32 gss_inquire_context ( +OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_context ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, gss_name_t * /*src_name*/, @@ -563,7 +573,7 @@ OM_uint32 gss_inquire_context ( int * /*open_context*/ ); -OM_uint32 gss_wrap_size_limit ( +OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap_size_limit ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, int /*conf_req_flag*/, @@ -572,7 +582,7 @@ OM_uint32 gss_wrap_size_limit ( OM_uint32 * /*max_input_size*/ ); -OM_uint32 gss_add_cred ( +OM_uint32 GSSAPI_LIB_FUNCTION gss_add_cred ( OM_uint32 * /*minor_status*/, const gss_cred_id_t /*input_cred_handle*/, const gss_name_t /*desired_name*/, @@ -586,7 +596,7 @@ OM_uint32 gss_add_cred ( OM_uint32 * /*acceptor_time_rec*/ ); -OM_uint32 gss_inquire_cred_by_mech ( +OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_cred_by_mech ( OM_uint32 * /*minor_status*/, const gss_cred_id_t /*cred_handle*/, const gss_OID /*mech_type*/, @@ -596,80 +606,81 @@ OM_uint32 gss_inquire_cred_by_mech ( gss_cred_usage_t * /*cred_usage*/ ); -OM_uint32 gss_export_sec_context ( +OM_uint32 GSSAPI_LIB_FUNCTION gss_export_sec_context ( OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*context_handle*/, gss_buffer_t /*interprocess_token*/ ); -OM_uint32 gss_import_sec_context ( +OM_uint32 GSSAPI_LIB_FUNCTION gss_import_sec_context ( OM_uint32 * /*minor_status*/, const gss_buffer_t /*interprocess_token*/, gss_ctx_id_t * /*context_handle*/ ); -OM_uint32 gss_create_empty_oid_set ( +OM_uint32 GSSAPI_LIB_FUNCTION gss_create_empty_oid_set ( OM_uint32 * /*minor_status*/, gss_OID_set * /*oid_set*/ ); -OM_uint32 gss_add_oid_set_member ( +OM_uint32 GSSAPI_LIB_FUNCTION gss_add_oid_set_member ( OM_uint32 * /*minor_status*/, const gss_OID /*member_oid*/, gss_OID_set * /*oid_set*/ ); -OM_uint32 gss_test_oid_set_member ( +OM_uint32 GSSAPI_LIB_FUNCTION gss_test_oid_set_member ( OM_uint32 * /*minor_status*/, const gss_OID /*member*/, const gss_OID_set /*set*/, int * /*present*/ ); -OM_uint32 gss_inquire_names_for_mech ( +OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_names_for_mech ( OM_uint32 * /*minor_status*/, const gss_OID /*mechanism*/, gss_OID_set * /*name_types*/ ); -OM_uint32 gss_inquire_mechs_for_name ( +OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_mechs_for_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, gss_OID_set * /*mech_types*/ ); -OM_uint32 gss_canonicalize_name ( +OM_uint32 GSSAPI_LIB_FUNCTION gss_canonicalize_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, const gss_OID /*mech_type*/, gss_name_t * /*output_name*/ ); -OM_uint32 gss_duplicate_name ( +OM_uint32 GSSAPI_LIB_FUNCTION gss_duplicate_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*src_name*/, gss_name_t * /*dest_name*/ ); -OM_uint32 gss_duplicate_oid ( +OM_uint32 GSSAPI_LIB_FUNCTION gss_duplicate_oid ( OM_uint32 * /* minor_status */, gss_OID /* src_oid */, gss_OID * /* dest_oid */ ); -OM_uint32 + +OM_uint32 GSSAPI_LIB_FUNCTION gss_release_oid (OM_uint32 * /*minor_status*/, gss_OID * /* oid */ ); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_oid_to_str( OM_uint32 * /*minor_status*/, gss_OID /* oid */, gss_buffer_t /* str */ ); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_sec_context_by_oid( OM_uint32 * minor_status, const gss_ctx_id_t context_handle, @@ -677,38 +688,38 @@ gss_inquire_sec_context_by_oid( gss_buffer_set_t *data_set ); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_set_sec_context_option (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, const gss_OID desired_object, const gss_buffer_t value); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_set_cred_option (OM_uint32 *minor_status, gss_cred_id_t *cred_handle, const gss_OID object, const gss_buffer_t value); -int +int GSSAPI_LIB_FUNCTION gss_oid_equal(const gss_OID a, const gss_OID b); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_create_empty_buffer_set (OM_uint32 * minor_status, gss_buffer_set_t *buffer_set); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_add_buffer_set_member (OM_uint32 * minor_status, const gss_buffer_t member_buffer, gss_buffer_set_t *buffer_set); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_release_buffer_set (OM_uint32 * minor_status, gss_buffer_set_t *buffer_set); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_cred_by_oid(OM_uint32 *minor_status, const gss_cred_id_t cred_handle, const gss_OID desired_object, @@ -721,7 +732,7 @@ gss_inquire_cred_by_oid(OM_uint32 *minor_status, #define GSS_C_PRF_KEY_FULL 0 #define GSS_C_PRF_KEY_PARTIAL 1 -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_pseudo_random (OM_uint32 *minor_status, gss_ctx_id_t context, @@ -742,7 +753,7 @@ gss_pseudo_random * obsolete versions of these routines and their current forms. */ -OM_uint32 gss_sign +OM_uint32 GSSAPI_LIB_FUNCTION gss_sign (OM_uint32 * /*minor_status*/, gss_ctx_id_t /*context_handle*/, int /*qop_req*/, @@ -750,7 +761,7 @@ OM_uint32 gss_sign gss_buffer_t /*message_token*/ ); -OM_uint32 gss_verify +OM_uint32 GSSAPI_LIB_FUNCTION gss_verify (OM_uint32 * /*minor_status*/, gss_ctx_id_t /*context_handle*/, gss_buffer_t /*message_buffer*/, @@ -758,7 +769,7 @@ OM_uint32 gss_verify int * /*qop_state*/ ); -OM_uint32 gss_seal +OM_uint32 GSSAPI_LIB_FUNCTION gss_seal (OM_uint32 * /*minor_status*/, gss_ctx_id_t /*context_handle*/, int /*conf_req_flag*/, @@ -768,7 +779,7 @@ OM_uint32 gss_seal gss_buffer_t /*output_message_buffer*/ ); -OM_uint32 gss_unseal +OM_uint32 GSSAPI_LIB_FUNCTION gss_unseal (OM_uint32 * /*minor_status*/, gss_ctx_id_t /*context_handle*/, gss_buffer_t /*input_message_buffer*/, @@ -781,18 +792,18 @@ OM_uint32 gss_unseal * */ -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_OID desired_object, gss_buffer_set_t *data_set); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_encapsulate_token(gss_buffer_t /* input_token */, gss_OID /* oid */, gss_buffer_t /* output_token */); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_decapsulate_token(gss_buffer_t /* input_token */, gss_OID /* oid */, gss_buffer_t /* output_token */); diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h index 2223f4f22f..55f7886658 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_krb5.h 22655 2008-02-26 12:40:35Z lha $ */ +/* $Id: gssapi_krb5.h 23420 2008-07-26 18:37:48Z lha $ */ #ifndef GSSAPI_KRB5_H_ #define GSSAPI_KRB5_H_ @@ -46,12 +46,12 @@ extern "C" { * This is for kerberos5 names. */ -extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME; -extern gss_OID GSS_KRB5_NT_USER_NAME; -extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME; -extern gss_OID GSS_KRB5_NT_STRING_UID_NAME; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_NT_PRINCIPAL_NAME; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_NT_USER_NAME; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_NT_MACHINE_UID_NAME; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_NT_STRING_UID_NAME; -extern gss_OID GSS_KRB5_MECHANISM; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_MECHANISM; /* for compatibility with MIT api */ @@ -59,28 +59,30 @@ extern gss_OID GSS_KRB5_MECHANISM; #define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME /* Extensions set contexts options */ -extern gss_OID GSS_KRB5_COPY_CCACHE_X; -extern gss_OID GSS_KRB5_COMPAT_DES3_MIC_X; -extern gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X; -extern gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X; -extern gss_OID GSS_KRB5_SEND_TO_KDC_X; -extern gss_OID GSS_KRB5_SET_DEFAULT_REALM_X; -extern gss_OID GSS_KRB5_CCACHE_NAME_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_COPY_CCACHE_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_COMPAT_DES3_MIC_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SEND_TO_KDC_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_DEFAULT_REALM_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_CCACHE_NAME_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_TIME_OFFSET_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_TIME_OFFSET_X; /* Extensions inquire context */ -extern gss_OID GSS_KRB5_GET_TKT_FLAGS_X; -extern gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X; -extern gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO; -extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X; -extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X; -extern gss_OID GSS_KRB5_GET_SUBKEY_X; -extern gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X; -extern gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X; -extern gss_OID GSS_KRB5_GET_AUTHTIME_X; -extern gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_TKT_FLAGS_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_SUBKEY_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_AUTHTIME_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X; /* Extensions creds */ -extern gss_OID GSS_KRB5_IMPORT_CRED_X; -extern gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X; -extern gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_IMPORT_CRED_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X; /* * kerberos mechanism specific functions @@ -90,39 +92,42 @@ struct krb5_keytab_data; struct krb5_ccache_data; struct Principal; -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, const char * /*name */, const char ** /*out_name */); -OM_uint32 gsskrb5_register_acceptor_identity +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_register_acceptor_identity (const char */*identity*/); -OM_uint32 gss_krb5_copy_ccache +OM_uint32 GSSAPI_LIB_FUNCTION krb5_gss_register_acceptor_identity + (const char */*identity*/); + +OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_copy_ccache (OM_uint32 */*minor*/, gss_cred_id_t /*cred*/, struct krb5_ccache_data */*out*/); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_import_cred(OM_uint32 */*minor*/, struct krb5_ccache_data * /*in*/, struct Principal * /*keytab_principal*/, struct krb5_keytab_data * /*keytab*/, gss_cred_id_t */*out*/); -OM_uint32 gss_krb5_get_tkt_flags +OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_get_tkt_flags (OM_uint32 */*minor*/, gss_ctx_id_t /*context_handle*/, OM_uint32 */*tkt_flags*/); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_extract_authz_data_from_sec_context (OM_uint32 * /*minor_status*/, gss_ctx_id_t /*context_handle*/, int /*ad_type*/, gss_buffer_t /*ad_data*/); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_set_dns_canonicalize(int); struct gsskrb5_send_to_kdc { @@ -130,30 +135,36 @@ struct gsskrb5_send_to_kdc { void *ptr; }; -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_set_default_realm(const char *); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *); struct EncryptionKey; -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, gss_ctx_id_t context_handle, struct EncryptionKey **out); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, gss_ctx_id_t context_handle, struct EncryptionKey **out); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_get_subkey(OM_uint32 *minor_status, gss_ctx_id_t context_handle, struct EncryptionKey **out); +OM_uint32 GSSAPI_LIB_FUNCTION +gsskrb5_set_time_offset(int); + +OM_uint32 GSSAPI_LIB_FUNCTION +gsskrb5_get_time_offset(int *); + /* * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to * do GSS content token handling in-kernel. @@ -196,19 +207,19 @@ typedef struct gss_krb5_lucid_context_version { * Function declarations */ -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, OM_uint32 version, void **kctx); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *kctx); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, gss_cred_id_t cred, OM_uint32 num_enctypes, diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h index fbb7906369..3358863a80 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_spnego.h 18335 2006-10-07 22:26:21Z lha $ */ +/* $Id: gssapi_spnego.h 23025 2008-04-17 10:01:57Z lha $ */ #ifndef GSSAPI_SPNEGO_H_ #define GSSAPI_SPNEGO_H_ @@ -48,7 +48,7 @@ extern "C" { * negotiation token is identified by the Object Identifier * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). */ -extern gss_OID GSS_SPNEGO_MECHANISM; +extern GSSAPI_LIB_VARIABLE gss_OID GSS_SPNEGO_MECHANISM; #define gss_mech_spnego GSS_SPNEGO_MECHANISM #ifdef __cplusplus diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index 73b93ceba4..8dbd087da6 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: accept_sec_context.c 20199 2007-02-07 22:36:39Z lha $"); +RCSID("$Id: accept_sec_context.c 23433 2008-07-26 18:44:26Z lha $"); HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER; krb5_keytab _gsskrb5_keytab; @@ -250,6 +250,62 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status, return GSS_S_COMPLETE; } +static OM_uint32 +send_error_token(OM_uint32 *minor_status, + krb5_context context, + krb5_error_code kret, + krb5_principal server, + krb5_data *indata, + gss_buffer_t output_token) +{ + krb5_principal ap_req_server = NULL; + krb5_error_code ret; + krb5_data outbuf; + + /* build server from request if the acceptor had not selected one */ + if (server == NULL) { + AP_REQ ap_req; + + ret = krb5_decode_ap_req(context, indata, &ap_req); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + ret = _krb5_principalname2krb5_principal(context, + &ap_req_server, + ap_req.ticket.sname, + ap_req.ticket.realm); + free_AP_REQ(&ap_req); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + server = ap_req_server; + } + + ret = krb5_mk_error(context, kret, NULL, NULL, NULL, + server, NULL, NULL, &outbuf); + if (ap_req_server) + krb5_free_principal(context, ap_req_server); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = _gsskrb5_encapsulate(minor_status, + &outbuf, + output_token, + "\x03\x00", + GSS_KRB5_MECHANISM); + krb5_data_free (&outbuf); + if (ret) + return ret; + + *minor_status = 0; + return GSS_S_CONTINUE_NEEDED; +} + + static OM_uint32 gsskrb5_acceptor_start(OM_uint32 * minor_status, gsskrb5_ctx ctx, @@ -304,6 +360,10 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, { krb5_rd_req_in_ctx in = NULL; krb5_rd_req_out_ctx out = NULL; + krb5_principal server = NULL; + + if (acceptor_cred) + server = acceptor_cred->principal; kret = krb5_rd_req_in_ctx_alloc(context, &in); if (kret == 0) @@ -319,17 +379,20 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, kret = krb5_rd_req_ctx(context, &ctx->auth_context, &indata, - (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred->principal, + server, in, &out); krb5_rd_req_in_ctx_free(context, in); if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - return ret; + /* + * No reply in non-MUTUAL mode, but we don't know that its + * non-MUTUAL mode yet, thats inside the 8003 checksum. + */ + return send_error_token(minor_status, context, kret, + server, &indata, output_token); } /* - * We need to remember some data on the context_handle. + * we need to remember some data on the context_handle. */ kret = krb5_rd_req_out_get_ap_req_options(context, out, &ap_options); diff --git a/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c b/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c index abad986550..9c618ac6a6 100644 --- a/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: delete_sec_context.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id: delete_sec_context.c 23420 2008-07-26 18:37:48Z lha $"); OM_uint32 _gsskrb5_delete_sec_context(OM_uint32 * minor_status, @@ -61,6 +61,8 @@ _gsskrb5_delete_sec_context(OM_uint32 * minor_status, HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); krb5_auth_con_free (context, ctx->auth_context); + if (ctx->kcred) + krb5_free_creds(context, ctx->kcred); if(ctx->source) krb5_free_principal (context, ctx->source); if(ctx->target) diff --git a/source4/heimdal/lib/gssapi/krb5/display_status.c b/source4/heimdal/lib/gssapi/krb5/display_status.c index c0192522a7..f932261ffa 100644 --- a/source4/heimdal/lib/gssapi/krb5/display_status.c +++ b/source4/heimdal/lib/gssapi/krb5/display_status.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: display_status.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id: display_status.c 23316 2008-06-23 04:32:32Z lha $"); static const char * calling_error(OM_uint32 v) @@ -135,7 +135,7 @@ _gsskrb5_set_status (const char *fmt, ...) vasprintf(&str, fmt, args); va_end(args); if (str) { - krb5_set_error_string(context, str); + krb5_set_error_message(context, 0, str); free(str); } } diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c index 03fe61dc57..2ee018708a 100644 --- a/source4/heimdal/lib/gssapi/krb5/external.c +++ b/source4/heimdal/lib/gssapi/krb5/external.c @@ -34,7 +34,7 @@ #include "krb5/gsskrb5_locl.h" #include -RCSID("$Id: external.c 22128 2007-12-04 00:56:55Z lha $"); +RCSID("$Id: external.c 23420 2008-07-26 18:37:48Z lha $"); /* * The implementation must reserve static storage for a @@ -49,9 +49,10 @@ RCSID("$Id: external.c 22128 2007-12-04 00:56:55Z lha $"); */ static gss_OID_desc gss_c_nt_user_name_oid_desc = -{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")}; + {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")}; -gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_USER_NAME = + &gss_c_nt_user_name_oid_desc; /* * The implementation must reserve static storage for a @@ -66,9 +67,10 @@ gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; */ static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc = -{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")}; + {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")}; -gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_MACHINE_UID_NAME = + &gss_c_nt_machine_uid_name_oid_desc; /* * The implementation must reserve static storage for a @@ -83,9 +85,10 @@ gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; */ static gss_OID_desc gss_c_nt_string_uid_name_oid_desc = -{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")}; + {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")}; -gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_STRING_UID_NAME = + &gss_c_nt_string_uid_name_oid_desc; /* * The implementation must reserve static storage for a @@ -106,9 +109,10 @@ gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; */ static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc = -{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")}; + {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")}; -gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_HOSTBASED_SERVICE_X = + &gss_c_nt_hostbased_service_x_oid_desc; /* * The implementation must reserve static storage for a @@ -122,9 +126,10 @@ gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc; * to point to that gss_OID_desc. */ static gss_OID_desc gss_c_nt_hostbased_service_oid_desc = -{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")}; + {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")}; -gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_HOSTBASED_SERVICE = + &gss_c_nt_hostbased_service_oid_desc; /* * The implementation must reserve static storage for a @@ -138,9 +143,10 @@ gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc; */ static gss_OID_desc gss_c_nt_anonymous_oid_desc = -{6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")}; + {6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")}; -gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_ANONYMOUS = + &gss_c_nt_anonymous_oid_desc; /* * The implementation must reserve static storage for a @@ -154,9 +160,10 @@ gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc; */ static gss_OID_desc gss_c_nt_export_name_oid_desc = -{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") }; + {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") }; -gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_EXPORT_NAME = + &gss_c_nt_export_name_oid_desc; /* * This name form shall be represented by the Object Identifier {iso(1) @@ -166,9 +173,10 @@ gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc; */ static gss_OID_desc gss_krb5_nt_principal_name_oid_desc = -{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") }; + {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") }; -gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_PRINCIPAL_NAME = + &gss_krb5_nt_principal_name_oid_desc; /* * This name form shall be represented by the Object Identifier {iso(1) @@ -177,7 +185,8 @@ gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc; * type is "GSS_KRB5_NT_USER_NAME". */ -gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_USER_NAME = + &gss_c_nt_user_name_oid_desc; /* * This name form shall be represented by the Object Identifier {iso(1) @@ -186,7 +195,8 @@ gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". */ -gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_MACHINE_UID_NAME = + &gss_c_nt_machine_uid_name_oid_desc; /* * This name form shall be represented by the Object Identifier {iso(1) @@ -195,7 +205,8 @@ gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; * this type is "GSS_KRB5_NT_STRING_UID_NAME". */ -gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_STRING_UID_NAME = + &gss_c_nt_string_uid_name_oid_desc; /* * To support ongoing experimentation, testing, and evolution of the @@ -217,14 +228,15 @@ gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; #if 0 /* This is the old OID */ static gss_OID_desc gss_krb5_mechanism_oid_desc = -{5, rk_UNCONST("\x2b\x05\x01\x05\x02")}; + {5, rk_UNCONST("\x2b\x05\x01\x05\x02")}; #endif static gss_OID_desc gss_krb5_mechanism_oid_desc = -{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }; + {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }; -gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_MECHANISM = + &gss_krb5_mechanism_oid_desc; /* * draft-ietf-cat-iakerb-09, IAKERB: @@ -240,23 +252,26 @@ gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc; */ static gss_OID_desc gss_iakerb_proxy_mechanism_oid_desc = -{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")}; + {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")}; -gss_OID GSS_IAKERB_PROXY_MECHANISM = &gss_iakerb_proxy_mechanism_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_IAKERB_PROXY_MECHANISM = + &gss_iakerb_proxy_mechanism_oid_desc; static gss_OID_desc gss_iakerb_min_msg_mechanism_oid_desc = -{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") }; + {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") }; -gss_OID GSS_IAKERB_MIN_MSG_MECHANISM = &gss_iakerb_min_msg_mechanism_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_IAKERB_MIN_MSG_MECHANISM = + &gss_iakerb_min_msg_mechanism_oid_desc; /* * */ static gss_OID_desc gss_c_peer_has_updated_spnego_oid_desc = -{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"}; + {9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"}; -gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO = &gss_c_peer_has_updated_spnego_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_C_PEER_HAS_UPDATED_SPNEGO = + &gss_c_peer_has_updated_spnego_oid_desc; /* * 1.2.752.43.13 Heimdal GSS-API Extentions @@ -264,111 +279,143 @@ gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO = &gss_c_peer_has_updated_spnego_oid_desc; /* 1.2.752.43.13.1 */ static gss_OID_desc gss_krb5_copy_ccache_x_oid_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")}; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")}; -gss_OID GSS_KRB5_COPY_CCACHE_X = &gss_krb5_copy_ccache_x_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_COPY_CCACHE_X = + &gss_krb5_copy_ccache_x_oid_desc; /* 1.2.752.43.13.2 */ static gss_OID_desc gss_krb5_get_tkt_flags_x_oid_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")}; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")}; -gss_OID GSS_KRB5_GET_TKT_FLAGS_X = &gss_krb5_get_tkt_flags_x_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_TKT_FLAGS_X = + &gss_krb5_get_tkt_flags_x_oid_desc; /* 1.2.752.43.13.3 */ static gss_OID_desc gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")}; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")}; -gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X = &gss_krb5_extract_authz_data_from_sec_context_x_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X = + &gss_krb5_extract_authz_data_from_sec_context_x_oid_desc; /* 1.2.752.43.13.4 */ static gss_OID_desc gss_krb5_compat_des3_mic_x_oid_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")}; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")}; -gss_OID GSS_KRB5_COMPAT_DES3_MIC_X = &gss_krb5_compat_des3_mic_x_oid_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_COMPAT_DES3_MIC_X = + &gss_krb5_compat_des3_mic_x_oid_desc; /* 1.2.752.43.13.5 */ static gss_OID_desc gss_krb5_register_acceptor_identity_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")}; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")}; -gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X = &gss_krb5_register_acceptor_identity_x_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X = + &gss_krb5_register_acceptor_identity_x_desc; /* 1.2.752.43.13.6 */ static gss_OID_desc gss_krb5_export_lucid_context_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")}; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")}; -gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X = &gss_krb5_export_lucid_context_x_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXPORT_LUCID_CONTEXT_X = + &gss_krb5_export_lucid_context_x_desc; /* 1.2.752.43.13.6.1 */ static gss_OID_desc gss_krb5_export_lucid_context_v1_x_desc = -{7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")}; + {7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")}; -gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X = &gss_krb5_export_lucid_context_v1_x_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X = + &gss_krb5_export_lucid_context_v1_x_desc; /* 1.2.752.43.13.7 */ static gss_OID_desc gss_krb5_set_dns_canonicalize_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")}; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")}; -gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X = &gss_krb5_set_dns_canonicalize_x_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_DNS_CANONICALIZE_X = + &gss_krb5_set_dns_canonicalize_x_desc; /* 1.2.752.43.13.8 */ static gss_OID_desc gss_krb5_get_subkey_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")}; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")}; -gss_OID GSS_KRB5_GET_SUBKEY_X = &gss_krb5_get_subkey_x_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_SUBKEY_X = + &gss_krb5_get_subkey_x_desc; /* 1.2.752.43.13.9 */ static gss_OID_desc gss_krb5_get_initiator_subkey_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")}; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")}; -gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X = &gss_krb5_get_initiator_subkey_x_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_INITIATOR_SUBKEY_X = + &gss_krb5_get_initiator_subkey_x_desc; /* 1.2.752.43.13.10 */ static gss_OID_desc gss_krb5_get_acceptor_subkey_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")}; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")}; -gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X = &gss_krb5_get_acceptor_subkey_x_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_ACCEPTOR_SUBKEY_X = + &gss_krb5_get_acceptor_subkey_x_desc; /* 1.2.752.43.13.11 */ static gss_OID_desc gss_krb5_send_to_kdc_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")}; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")}; -gss_OID GSS_KRB5_SEND_TO_KDC_X = &gss_krb5_send_to_kdc_x_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SEND_TO_KDC_X = + &gss_krb5_send_to_kdc_x_desc; /* 1.2.752.43.13.12 */ static gss_OID_desc gss_krb5_get_authtime_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")}; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")}; -gss_OID GSS_KRB5_GET_AUTHTIME_X = &gss_krb5_get_authtime_x_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_AUTHTIME_X = + &gss_krb5_get_authtime_x_desc; /* 1.2.752.43.13.13 */ static gss_OID_desc gss_krb5_get_service_keyblock_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")}; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")}; -gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X = &gss_krb5_get_service_keyblock_x_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_SERVICE_KEYBLOCK_X = + &gss_krb5_get_service_keyblock_x_desc; /* 1.2.752.43.13.14 */ static gss_OID_desc gss_krb5_set_allowable_enctypes_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")}; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")}; -gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X = &gss_krb5_set_allowable_enctypes_x_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X = + &gss_krb5_set_allowable_enctypes_x_desc; /* 1.2.752.43.13.15 */ static gss_OID_desc gss_krb5_set_default_realm_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")}; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")}; -gss_OID GSS_KRB5_SET_DEFAULT_REALM_X = &gss_krb5_set_default_realm_x_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_DEFAULT_REALM_X = + &gss_krb5_set_default_realm_x_desc; /* 1.2.752.43.13.16 */ static gss_OID_desc gss_krb5_ccache_name_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")}; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")}; -gss_OID GSS_KRB5_CCACHE_NAME_X = &gss_krb5_ccache_name_x_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_CCACHE_NAME_X = + &gss_krb5_ccache_name_x_desc; + +/* 1.2.752.43.13.17 */ +static gss_OID_desc gss_krb5_set_time_offset_x_desc = + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")}; + +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_TIME_OFFSET_X = + &gss_krb5_set_time_offset_x_desc; + +/* 1.2.752.43.13.18 */ +static gss_OID_desc gss_krb5_get_time_offset_x_desc = + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")}; + +gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_TIME_OFFSET_X = + &gss_krb5_get_time_offset_x_desc; /* 1.2.752.43.14.1 */ static gss_OID_desc gss_sasl_digest_md5_mechanism_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") }; + {6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") }; -gss_OID GSS_SASL_DIGEST_MD5_MECHANISM = &gss_sasl_digest_md5_mechanism_desc; +gss_OID GSSAPI_LIB_VARIABLE GSS_SASL_DIGEST_MD5_MECHANISM = + &gss_sasl_digest_md5_mechanism_desc; /* * Context for krb5 calls. diff --git a/source4/heimdal/lib/gssapi/krb5/get_mic.c b/source4/heimdal/lib/gssapi/krb5/get_mic.c index 133481ffe1..f689e624a8 100644 --- a/source4/heimdal/lib/gssapi/krb5/get_mic.c +++ b/source4/heimdal/lib/gssapi/krb5/get_mic.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: get_mic.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id: get_mic.c 23112 2008-04-27 18:51:26Z lha $"); static OM_uint32 mic_des @@ -88,7 +88,7 @@ mic_des memset (&zero, 0, sizeof(zero)); memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - DES_set_key (&deskey, &schedule); + DES_set_key_unchecked (&deskey, &schedule); DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), &schedule, &zero); memcpy (p - 8, hash, 8); /* SGN_CKSUM */ @@ -108,7 +108,7 @@ mic_des (ctx->more_flags & LOCAL) ? 0 : 0xFF, 4); - DES_set_key (&deskey, &schedule); + DES_set_key_unchecked (&deskey, &schedule); DES_cbc_encrypt ((void *)p, (void *)p, 8, &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT); diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h index 3e8c1b8fa6..d9af44f960 100644 --- a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h +++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gsskrb5_locl.h 22655 2008-02-26 12:40:35Z lha $ */ +/* $Id: gsskrb5_locl.h 23435 2008-07-26 20:49:35Z lha $ */ #ifndef GSSKRB5_LOCL_H #define GSSKRB5_LOCL_H @@ -62,11 +62,14 @@ typedef struct { enum { LOCAL = 1, OPEN = 2, COMPAT_OLD_DES3 = 4, COMPAT_OLD_DES3_SELECTED = 8, - ACCEPTOR_SUBKEY = 16 + ACCEPTOR_SUBKEY = 16, + RETRIED = 32, + CLOSE_CCACHE = 64 } more_flags; enum gss_ctx_id_t_state { /* initiator states */ INITIATOR_START, + INITIATOR_RESTART, INITIATOR_WAIT_FOR_MUTAL, INITIATOR_READY, /* acceptor states */ @@ -74,6 +77,8 @@ typedef struct { ACCEPTOR_WAIT_FOR_DCESTYLE, ACCEPTOR_READY } state; + krb5_creds *kcred; + krb5_ccache ccache; struct krb5_ticket *ticket; OM_uint32 lifetime; HEIMDAL_MUTEX ctx_id_mutex; diff --git a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c index 3300036a81..5fd8c94104 100644 --- a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: import_sec_context.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id: import_sec_context.c 22997 2008-04-15 19:36:25Z lha $"); OM_uint32 _gsskrb5_import_sec_context ( @@ -52,8 +52,7 @@ _gsskrb5_import_sec_context ( krb5_data data; gss_buffer_desc buffer; krb5_keyblock keyblock; - int32_t tmp; - int32_t flags; + int32_t flags, tmp; gsskrb5_ctx ctx; gss_name_t name; @@ -96,8 +95,9 @@ _gsskrb5_import_sec_context ( /* retrieve the auth context */ ac = ctx->auth_context; - if (krb5_ret_uint32 (sp, &ac->flags) != 0) + if (krb5_ret_int32 (sp, &tmp) != 0) goto failure; + ac->flags = tmp; if (flags & SC_LOCAL_ADDRESS) { if (krb5_ret_address (sp, localp = &local) != 0) goto failure; diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c index c455a5dc8b..c9b9e15588 100644 --- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: init_sec_context.c 22671 2008-03-09 23:57:54Z lha $"); +RCSID("$Id: init_sec_context.c 23422 2008-07-26 18:38:29Z lha $"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -121,6 +121,8 @@ _gsskrb5_create_ctx( ctx->auth_context = NULL; ctx->source = NULL; ctx->target = NULL; + ctx->kcred = NULL; + ctx->ccache = NULL; ctx->state = state; ctx->flags = 0; ctx->more_flags = 0; @@ -134,9 +136,7 @@ _gsskrb5_create_ctx( kret = krb5_auth_con_init (context, &ctx->auth_context); if (kret) { *minor_status = kret; - HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); - return GSS_S_FAILURE; } @@ -232,27 +232,32 @@ gsskrb5_initiator_ready( gsskrb5_ctx ctx, krb5_context context) { - OM_uint32 ret; - int32_t seq_number; - int is_cfx = 0; - OM_uint32 flags = ctx->flags; - - krb5_auth_getremoteseqnumber (context, - ctx->auth_context, - &seq_number); - - _gsskrb5i_is_cfx(ctx, &is_cfx); - - ret = _gssapi_msg_order_create(minor_status, - &ctx->order, - _gssapi_msg_order_f(flags), - seq_number, 0, is_cfx); - if (ret) return ret; + OM_uint32 ret; + int32_t seq_number; + int is_cfx = 0; + OM_uint32 flags = ctx->flags; + + krb5_free_creds(context, ctx->kcred); + ctx->kcred = NULL; - ctx->state = INITIATOR_READY; - ctx->more_flags |= OPEN; + if (ctx->more_flags & CLOSE_CCACHE) + krb5_cc_close(context, ctx->ccache); + ctx->ccache = NULL; - return GSS_S_COMPLETE; + krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number); + + _gsskrb5i_is_cfx(ctx, &is_cfx); + + ret = _gssapi_msg_order_create(minor_status, + &ctx->order, + _gssapi_msg_order_f(flags), + seq_number, 0, is_cfx); + if (ret) return ret; + + ctx->state = INITIATOR_READY; + ctx->more_flags |= OPEN; + + return GSS_S_COMPLETE; } /* @@ -333,7 +338,6 @@ init_auth const gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, const gss_buffer_t input_token, gss_OID * actual_mech_type, gss_buffer_t output_token, @@ -343,14 +347,7 @@ init_auth { OM_uint32 ret = GSS_S_FAILURE; krb5_error_code kret; - krb5_flags ap_options; - krb5_creds *kcred = NULL; krb5_data outbuf; - krb5_ccache ccache = NULL; - uint32_t flags; - krb5_data authenticator; - Checksum cksum; - krb5_enctype enctype; krb5_data fwd_data; OM_uint32 lifetime_rec; @@ -363,16 +360,17 @@ init_auth *actual_mech_type = GSS_KRB5_MECHANISM; if (cred == NULL) { - kret = krb5_cc_default (context, &ccache); + kret = krb5_cc_default (context, &ctx->ccache); if (kret) { *minor_status = kret; ret = GSS_S_FAILURE; goto failure; } + ctx->more_flags |= CLOSE_CCACHE; } else - ccache = cred->ccache; + ctx->ccache = cred->ccache; - kret = krb5_cc_get_principal (context, ccache, &ctx->source); + kret = krb5_cc_get_principal (context, ctx->ccache, &ctx->source); if (kret) { *minor_status = kret; ret = GSS_S_FAILURE; @@ -407,16 +405,16 @@ init_auth ret = gsskrb5_get_creds(minor_status, context, - ccache, + ctx->ccache, ctx, ctx->target, time_req, time_rec, - &kcred); + &ctx->kcred); if (ret) goto failure; - ctx->lifetime = kcred->times.endtime; + ctx->lifetime = ctx->kcred->times.endtime; ret = _gsskrb5_lifetime_left(minor_status, context, @@ -434,17 +432,59 @@ init_auth krb5_auth_con_setkey(context, ctx->auth_context, - &kcred->session); + &ctx->kcred->session); kret = krb5_auth_con_generatelocalsubkey(context, ctx->auth_context, - &kcred->session); + &ctx->kcred->session); if(kret) { *minor_status = kret; ret = GSS_S_FAILURE; goto failure; } - + + return GSS_S_COMPLETE; + +failure: + if (ctx->ccache && (ctx->more_flags & CLOSE_CCACHE)) + krb5_cc_close(context, ctx->ccache); + ctx->ccache = NULL; + + return ret; + +} + +static OM_uint32 +init_auth_restart +(OM_uint32 * minor_status, + gsskrb5_cred cred, + gsskrb5_ctx ctx, + krb5_context context, + OM_uint32 req_flags, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec + ) +{ + OM_uint32 ret = GSS_S_FAILURE; + krb5_error_code kret; + krb5_flags ap_options; + krb5_data outbuf; + uint32_t flags; + krb5_data authenticator; + Checksum cksum; + krb5_enctype enctype; + krb5_data fwd_data, timedata; + int32_t offset = 0, oldoffset; + + krb5_data_zero(&outbuf); + krb5_data_zero(&fwd_data); + + *minor_status = 0; + /* * If the credential doesn't have ok-as-delegate, check what local * policy say about ok-as-delegate, default is FALSE that makes @@ -452,12 +492,24 @@ init_auth * requested. If it is TRUE, strip of the GSS_C_DELEG_FLAG if the * KDC doesn't set ok-as-delegate. */ - if (!kcred->flags.b.ok_as_delegate) { - krb5_boolean delegate; + if (!ctx->kcred->flags.b.ok_as_delegate) { + krb5_boolean delegate, realm_setting; + krb5_data data; - krb5_appdefault_boolean(context, - "gssapi", name->realm, - "ok-as-delegate", FALSE, &delegate); + realm_setting = FALSE; + + ret = krb5_cc_get_config(context, ctx->ccache, NULL, + "realm-config", &data); + if (ret == 0) { + /* XXX 1 is use ok-as-delegate */ + if (data.length > 0 && (((unsigned char *)data.data)[0]) & 1) + realm_setting = TRUE; + krb5_data_free(&data); + } + + krb5_appdefault_boolean(context, "gssapi", ctx->target->realm, + "ok-as-delegate", realm_setting, + &delegate); if (delegate) req_flags &= ~GSS_C_DELEG_FLAG; } @@ -467,7 +519,8 @@ init_auth if (req_flags & GSS_C_DELEG_FLAG) do_delegation (context, ctx->auth_context, - ccache, kcred, name, &fwd_data, &flags); + ctx->ccache, ctx->kcred, ctx->target, + &fwd_data, &flags); if (req_flags & GSS_C_MUTUAL_FLAG) { flags |= GSS_C_MUTUAL_FLAG; @@ -518,16 +571,33 @@ init_auth enctype = ctx->auth_context->keyblock->keytype; + ret = krb5_cc_get_config(context, ctx->ccache, ctx->target, + "time-offset", &timedata); + if (ret == 0) { + if (timedata.length == 4) { + const u_char *p = timedata.data; + offset = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0); + } + krb5_data_free(&timedata); + } + + if (offset) { + krb5_get_kdc_sec_offset (context, &oldoffset, NULL); + krb5_set_kdc_sec_offset (context, offset, -1); + } + kret = krb5_build_authenticator (context, ctx->auth_context, enctype, - kcred, + ctx->kcred, &cksum, NULL, &authenticator, KRB5_KU_AP_REQ_AUTH); if (kret) { + if (offset) + krb5_set_kdc_sec_offset (context, oldoffset, -1); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -535,11 +605,12 @@ init_auth kret = krb5_build_ap_req (context, enctype, - kcred, + ctx->kcred, ap_options, authenticator, &outbuf); - + if (offset) + krb5_set_kdc_sec_offset (context, oldoffset, -1); if (kret) { *minor_status = kret; ret = GSS_S_FAILURE; @@ -552,16 +623,12 @@ init_auth } else { ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token, (u_char *)"\x01\x00", GSS_KRB5_MECHANISM); + krb5_data_free (&outbuf); if (ret) goto failure; - - krb5_data_free (&outbuf); } - krb5_free_creds(context, kcred); free_Checksum(&cksum); - if (cred == NULL) - krb5_cc_close(context, ccache); if (flags & GSS_C_MUTUAL_FLAG) { ctx->state = INITIATOR_WAIT_FOR_MUTAL; @@ -570,15 +637,14 @@ init_auth return gsskrb5_initiator_ready(minor_status, ctx, context); failure: - if(kcred) - krb5_free_creds(context, kcred); - if (ccache && cred == NULL) - krb5_cc_close(context, ccache); + if (ctx->ccache && (ctx->more_flags & CLOSE_CCACHE)) + krb5_cc_close(context, ctx->ccache); + ctx->ccache = NULL; return ret; - } + static OM_uint32 repl_mutual (OM_uint32 * minor_status, @@ -617,8 +683,46 @@ repl_mutual &indata, "\x02\x00", GSS_KRB5_MECHANISM); - if (ret) { - /* XXX - Handle AP_ERROR */ + if (ret == GSS_S_DEFECTIVE_TOKEN) { + /* check if there is an error token sent instead */ + ret = _gsskrb5_decapsulate (minor_status, + input_token, + &indata, + "\x03\x00", + GSS_KRB5_MECHANISM); + if (ret == GSS_S_COMPLETE) { + KRB_ERROR error; + + kret = krb5_rd_error(context, &indata, &error); + if (kret == 0) { + kret = krb5_error_from_rd_error(context, &error, NULL); + + /* save the time skrew for this host */ + if (kret == KRB5KRB_AP_ERR_SKEW) { + krb5_data timedata; + unsigned char p[4]; + int32_t t = error.stime - time(NULL); + + p[0] = (t >> 24) & 0xFF; + p[1] = (t >> 16) & 0xFF; + p[2] = (t >> 8) & 0xFF; + p[3] = (t >> 0) & 0xFF; + + timedata.data = p; + timedata.length = sizeof(p); + + krb5_cc_set_config(context, ctx->ccache, ctx->target, + "time-offset", &timedata); + + if ((ctx->more_flags & RETRIED) == 0) + ctx->state = INITIATOR_RESTART; + ctx->more_flags |= RETRIED; + } + free_KRB_ERROR (&error); + } + *minor_status = kret; + return GSS_S_FAILURE; + } return ret; } } @@ -661,30 +765,31 @@ repl_mutual *ret_flags = ctx->flags; if (req_flags & GSS_C_DCE_STYLE) { - int32_t con_flags; + int32_t local_seq, remote_seq; krb5_data outbuf; - /* Do don't do sequence number for the mk-rep */ - krb5_auth_con_removeflags(context, - ctx->auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE, - &con_flags); + /* + * So DCE_STYLE is strange. The client echos the seq number + * that the server used in the server's mk_rep in its own + * mk_rep(). After when done, it resets to it's own seq number + * for the gss_wrap calls. + */ - kret = krb5_mk_rep(context, - ctx->auth_context, - &outbuf); + krb5_auth_getremoteseqnumber(context, ctx->auth_context, &remote_seq); + krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq); + krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq); + + kret = krb5_mk_rep(context, ctx->auth_context, &outbuf); if (kret) { *minor_status = kret; return GSS_S_FAILURE; } + /* reset local seq number */ + krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, local_seq); + output_token->length = outbuf.length; output_token->value = outbuf.data; - - krb5_auth_con_removeflags(context, - ctx->auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE, - NULL); } return gsskrb5_initiator_ready(minor_status, ctx, context); @@ -768,6 +873,7 @@ OM_uint32 _gsskrb5_init_sec_context HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + again: switch (ctx->state) { case INITIATOR_START: ret = init_auth(minor_status, @@ -778,12 +884,26 @@ OM_uint32 _gsskrb5_init_sec_context mech_type, req_flags, time_req, - input_chan_bindings, input_token, actual_mech_type, output_token, ret_flags, time_rec); + if (ret != GSS_S_COMPLETE) + break; + /* FALL THOUGH */ + case INITIATOR_RESTART: + ret = init_auth_restart(minor_status, + cred, + ctx, + context, + req_flags, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); break; case INITIATOR_WAIT_FOR_MUTAL: ret = repl_mutual(minor_status, @@ -798,6 +918,8 @@ OM_uint32 _gsskrb5_init_sec_context output_token, ret_flags, time_rec); + if (ctx->state == INITIATOR_RESTART) + goto again; break; case INITIATOR_READY: /* diff --git a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c index 85b50d0322..8c554fb8e0 100644 --- a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c +++ b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: set_cred_option.c 22655 2008-02-26 12:40:35Z lha $"); +RCSID("$Id: set_cred_option.c 23331 2008-06-27 12:01:48Z lha $"); /* 1.2.752.43.13.17 */ static gss_OID_desc gss_krb5_cred_no_ci_flags_x_oid_desc = diff --git a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c index 50441a11ad..fd76838af5 100644 --- a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c +++ b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c @@ -36,7 +36,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: set_sec_context_option.c 20384 2007-04-18 08:51:06Z lha $"); +RCSID("$Id: set_sec_context_option.c 23420 2008-07-26 18:37:48Z lha $"); static OM_uint32 get_bool(OM_uint32 *minor_status, @@ -70,6 +70,36 @@ get_string(OM_uint32 *minor_status, return GSS_S_COMPLETE; } +static OM_uint32 +get_int32(OM_uint32 *minor_status, + const gss_buffer_t value, + OM_uint32 *ret) +{ + *minor_status = 0; + if (value == NULL || value->length == 0) + *ret = 0; + else if (value->length == sizeof(*ret)) + memcpy(ret, value->value, sizeof(*ret)); + else + return GSS_S_UNAVAILABLE; + + return GSS_S_COMPLETE; +} + +static OM_uint32 +set_int32(OM_uint32 *minor_status, + const gss_buffer_t value, + OM_uint32 set) +{ + *minor_status = 0; + if (value->length == sizeof(set)) + memcpy(value->value, &set, sizeof(set)); + else + return GSS_S_UNAVAILABLE; + + return GSS_S_COMPLETE; +} + OM_uint32 _gsskrb5_set_sec_context_option (OM_uint32 *minor_status, @@ -185,6 +215,35 @@ _gsskrb5_set_sec_context_option return GSS_S_FAILURE; return GSS_S_COMPLETE; + } else if (gss_oid_equal(desired_object, GSS_KRB5_SET_TIME_OFFSET_X)) { + OM_uint32 offset; + time_t t; + + maj_stat = get_int32(minor_status, value, &offset); + if (maj_stat != GSS_S_COMPLETE) + return maj_stat; + + t = time(NULL) + offset; + + krb5_set_real_time(context, t, 0); + + *minor_status = 0; + return GSS_S_COMPLETE; + } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_TIME_OFFSET_X)) { + krb5_timestamp sec; + int32_t usec; + time_t t; + + t = time(NULL); + + krb5_us_timeofday (context, &sec, &usec); + + maj_stat = set_int32(minor_status, value, sec - t); + if (maj_stat != GSS_S_COMPLETE) + return maj_stat; + + *minor_status = 0; + return GSS_S_COMPLETE; } *minor_status = EINVAL; diff --git a/source4/heimdal/lib/gssapi/krb5/unwrap.c b/source4/heimdal/lib/gssapi/krb5/unwrap.c index d0a33d86fb..eec4078a70 100644 --- a/source4/heimdal/lib/gssapi/krb5/unwrap.c +++ b/source4/heimdal/lib/gssapi/krb5/unwrap.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: unwrap.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id: unwrap.c 23112 2008-04-27 18:51:26Z lha $"); static OM_uint32 unwrap_des @@ -93,7 +93,7 @@ unwrap_des for (i = 0; i < sizeof(deskey); ++i) deskey[i] ^= 0xf0; - DES_set_key (&deskey, &schedule); + DES_set_key_unchecked (&deskey, &schedule); memset (&zero, 0, sizeof(zero)); DES_cbc_encrypt ((void *)p, (void *)p, @@ -119,7 +119,7 @@ unwrap_des memset (&zero, 0, sizeof(zero)); memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - DES_set_key (&deskey, &schedule); + DES_set_key_unchecked (&deskey, &schedule); DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), &schedule, &zero); if (memcmp (p - 8, hash, 8) != 0) @@ -130,7 +130,7 @@ unwrap_des HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); p -= 16; - DES_set_key (&deskey, &schedule); + DES_set_key_unchecked (&deskey, &schedule); DES_cbc_encrypt ((void *)p, (void *)p, 8, &schedule, (DES_cblock *)hash, DES_DECRYPT); diff --git a/source4/heimdal/lib/gssapi/krb5/verify_mic.c b/source4/heimdal/lib/gssapi/krb5/verify_mic.c index 52381afcc2..560c14bc89 100644 --- a/source4/heimdal/lib/gssapi/krb5/verify_mic.c +++ b/source4/heimdal/lib/gssapi/krb5/verify_mic.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: verify_mic.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id: verify_mic.c 23112 2008-04-27 18:51:26Z lha $"); static OM_uint32 verify_mic_des @@ -83,7 +83,7 @@ verify_mic_des memset (&zero, 0, sizeof(zero)); memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - DES_set_key (&deskey, &schedule); + DES_set_key_unchecked (&deskey, &schedule); DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), &schedule, &zero); if (memcmp (p - 8, hash, 8) != 0) { @@ -97,7 +97,7 @@ verify_mic_des HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); p -= 16; - DES_set_key (&deskey, &schedule); + DES_set_key_unchecked (&deskey, &schedule); DES_cbc_encrypt ((void *)p, (void *)p, 8, &schedule, (DES_cblock *)hash, DES_DECRYPT); diff --git a/source4/heimdal/lib/gssapi/krb5/wrap.c b/source4/heimdal/lib/gssapi/krb5/wrap.c index d41379870a..6d00f2adcf 100644 --- a/source4/heimdal/lib/gssapi/krb5/wrap.c +++ b/source4/heimdal/lib/gssapi/krb5/wrap.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: wrap.c 19035 2006-11-14 09:49:56Z lha $"); +RCSID("$Id: wrap.c 23316 2008-06-23 04:32:32Z lha $"); /* * Return initiator subkey, or if that doesn't exists, the subkey. @@ -61,7 +61,7 @@ _gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx, ctx->auth_context, key); if (ret == 0 && *key == NULL) { - krb5_set_error_string(context, "No initiator subkey available"); + krb5_set_error_message(context, 0, "No initiator subkey available"); return GSS_KRB5_S_KG_NO_SUBKEY; } return ret; @@ -85,7 +85,7 @@ _gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx, key); } if (ret == 0 && *key == NULL) { - krb5_set_error_string(context, "No acceptor subkey available"); + krb5_set_error_message(context, 0, "No acceptor subkey available"); return GSS_KRB5_S_KG_NO_SUBKEY; } return ret; @@ -106,7 +106,7 @@ _gsskrb5i_get_token_key(const gsskrb5_ctx ctx, _gsskrb5i_get_initiator_subkey(ctx, context, key); } if (*key == NULL) { - krb5_set_error_string(context, "No token key available"); + krb5_set_error_message(context, 0, "No token key available"); return GSS_KRB5_S_KG_NO_SUBKEY; } return 0; @@ -259,7 +259,7 @@ wrap_des memset (&zero, 0, sizeof(zero)); memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - DES_set_key (&deskey, &schedule); + DES_set_key_unchecked (&deskey, &schedule); DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), &schedule, &zero); memcpy (p - 8, hash, 8); @@ -279,7 +279,7 @@ wrap_des (ctx->more_flags & LOCAL) ? 0 : 0xFF, 4); - DES_set_key (&deskey, &schedule); + DES_set_key_unchecked (&deskey, &schedule); DES_cbc_encrypt ((void *)p, (void *)p, 8, &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT); @@ -296,7 +296,7 @@ wrap_des for (i = 0; i < sizeof(deskey); ++i) deskey[i] ^= 0xf0; - DES_set_key (&deskey, &schedule); + DES_set_key_unchecked (&deskey, &schedule); memset (&zero, 0, sizeof(zero)); DES_cbc_encrypt ((void *)p, (void *)p, diff --git a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c index cb1b62308c..a2757140ae 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c +++ b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_acquire_cred.c 21478 2007-07-10 16:32:01Z lha $"); +RCSID("$Id: gss_acquire_cred.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_acquire_cred(OM_uint32 *minor_status, const gss_name_t desired_name, OM_uint32 time_req, diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c index 09b592b5da..49efa20c8b 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c +++ b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_add_cred.c 21474 2007-07-10 16:30:23Z lha $"); +RCSID("$Id: gss_add_cred.c 23025 2008-04-17 10:01:57Z lha $"); static struct _gss_mechanism_cred * _gss_copy_cred(struct _gss_mechanism_cred *mc) @@ -71,7 +71,7 @@ _gss_copy_cred(struct _gss_mechanism_cred *mc) return (new_mc); } -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_add_cred(OM_uint32 *minor_status, const gss_cred_id_t input_cred_handle, const gss_name_t desired_name, diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c b/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c index 87d1ab3725..d89adbf63a 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c +++ b/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c @@ -32,9 +32,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_add_oid_set_member.c 18817 2006-10-22 09:36:13Z lha $"); +RCSID("$Id: gss_add_oid_set_member.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_add_oid_set_member (OM_uint32 * minor_status, const gss_OID member_oid, gss_OID_set * oid_set) diff --git a/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c b/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c index 56e0039379..091e219367 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c +++ b/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c @@ -31,9 +31,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_buffer_set.c 18885 2006-10-24 21:53:02Z lha $"); +RCSID("$Id: gss_buffer_set.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_create_empty_buffer_set (OM_uint32 * minor_status, gss_buffer_set_t *buffer_set) @@ -55,7 +55,7 @@ gss_create_empty_buffer_set return GSS_S_COMPLETE; } -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_add_buffer_set_member (OM_uint32 * minor_status, const gss_buffer_t member_buffer, @@ -97,7 +97,7 @@ gss_add_buffer_set_member return GSS_S_COMPLETE; } -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_release_buffer_set(OM_uint32 * minor_status, gss_buffer_set_t *buffer_set) { diff --git a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c index c950c03166..d242c56a90 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_canonicalize_name.c 21476 2007-07-10 16:31:27Z lha $"); +RCSID("$Id: gss_canonicalize_name.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_canonicalize_name(OM_uint32 *minor_status, const gss_name_t input_name, const gss_OID mech_type, diff --git a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c index 617ff13d98..1eb7625ee2 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_compare_name.c 21475 2007-07-10 16:31:03Z lha $"); +RCSID("$Id: gss_compare_name.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_compare_name(OM_uint32 *minor_status, const gss_name_t name1_arg, const gss_name_t name2_arg, diff --git a/source4/heimdal/lib/gssapi/mech/gss_context_time.c b/source4/heimdal/lib/gssapi/mech/gss_context_time.c index 47999f35cf..8dce822a9f 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_context_time.c +++ b/source4/heimdal/lib/gssapi/mech/gss_context_time.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_context_time.c 17700 2006-06-28 09:00:26Z lha $"); +RCSID("$Id: gss_context_time.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_context_time(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, OM_uint32 *time_rec) diff --git a/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c b/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c index 841271b1fd..8dd3527349 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c +++ b/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_create_empty_oid_set.c 19951 2007-01-17 10:14:58Z lha $"); +RCSID("$Id: gss_create_empty_oid_set.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_create_empty_oid_set(OM_uint32 *minor_status, gss_OID_set *oid_set) { diff --git a/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c b/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c index e8b86e4d22..8f93925585 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c +++ b/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c @@ -32,9 +32,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_decapsulate_token.c 19951 2007-01-17 10:14:58Z lha $"); +RCSID("$Id: gss_decapsulate_token.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_decapsulate_token(gss_buffer_t input_token, gss_OID oid, gss_buffer_t output_token) diff --git a/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c index 8c40994739..91273bcf56 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_delete_sec_context.c 19951 2007-01-17 10:14:58Z lha $"); +RCSID("$Id: gss_delete_sec_context.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_delete_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_buffer_t output_token) diff --git a/source4/heimdal/lib/gssapi/mech/gss_display_name.c b/source4/heimdal/lib/gssapi/mech/gss_display_name.c index fc10933692..0d82400246 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_display_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_display_name.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_display_name.c 21246 2007-06-20 15:25:19Z lha $"); +RCSID("$Id: gss_display_name.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_display_name(OM_uint32 *minor_status, const gss_name_t input_name, gss_buffer_t output_name_buffer, diff --git a/source4/heimdal/lib/gssapi/mech/gss_display_status.c b/source4/heimdal/lib/gssapi/mech/gss_display_status.c index 37ded26db6..5bbc89b1ec 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_display_status.c +++ b/source4/heimdal/lib/gssapi/mech/gss_display_status.c @@ -59,7 +59,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_display_status.c 21247 2007-06-21 00:37:27Z lha $"); +RCSID("$Id: gss_display_status.c 23025 2008-04-17 10:01:57Z lha $"); static const char * calling_error(OM_uint32 v) @@ -136,7 +136,7 @@ supplementary_error(OM_uint32 v) } -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_display_status(OM_uint32 *minor_status, OM_uint32 status_value, int status_type, diff --git a/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c b/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c index 476d451375..32ecbbacb2 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c +++ b/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c @@ -32,9 +32,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_encapsulate_token.c 19954 2007-01-17 11:50:23Z lha $"); +RCSID("$Id: gss_encapsulate_token.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_encapsulate_token(gss_buffer_t input_token, gss_OID oid, gss_buffer_t output_token) diff --git a/source4/heimdal/lib/gssapi/mech/gss_export_name.c b/source4/heimdal/lib/gssapi/mech/gss_export_name.c index 11c9dd2db5..22053202aa 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_export_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_export_name.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_export_name.c 19954 2007-01-17 11:50:23Z lha $"); +RCSID("$Id: gss_export_name.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_export_name(OM_uint32 *minor_status, const gss_name_t input_name, gss_buffer_t exported_name) diff --git a/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c index cf13bc0cd3..053d203ba1 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_export_sec_context.c 19954 2007-01-17 11:50:23Z lha $"); +RCSID("$Id: gss_export_sec_context.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_export_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_buffer_t interprocess_token) diff --git a/source4/heimdal/lib/gssapi/mech/gss_get_mic.c b/source4/heimdal/lib/gssapi/mech/gss_get_mic.c index 496dd2065c..7b33ac0ed9 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_get_mic.c +++ b/source4/heimdal/lib/gssapi/mech/gss_get_mic.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_get_mic.c 19954 2007-01-17 11:50:23Z lha $"); +RCSID("$Id: gss_get_mic.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_get_mic(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, gss_qop_t qop_req, diff --git a/source4/heimdal/lib/gssapi/mech/gss_import_name.c b/source4/heimdal/lib/gssapi/mech/gss_import_name.c index 6f55a1d61c..104452f5b9 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_import_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_import_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_import_name.c 19954 2007-01-17 11:50:23Z lha $"); +RCSID("$Id: gss_import_name.c 23025 2008-04-17 10:01:57Z lha $"); static OM_uint32 _gss_import_export_name(OM_uint32 *minor_status, @@ -139,7 +139,7 @@ _gss_import_export_name(OM_uint32 *minor_status, return (GSS_S_COMPLETE); } -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_import_name(OM_uint32 *minor_status, const gss_buffer_t input_name_buffer, const gss_OID input_name_type, diff --git a/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c index 44ca1b2677..c68849ce00 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_import_sec_context.c 19956 2007-01-17 12:04:16Z lha $"); +RCSID("$Id: gss_import_sec_context.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_import_sec_context(OM_uint32 *minor_status, const gss_buffer_t interprocess_token, gss_ctx_id_t *context_handle) diff --git a/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c b/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c index 00c6ed28ee..cafb660991 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c +++ b/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_indicate_mechs.c 17803 2006-07-05 22:36:49Z lha $"); +RCSID("$Id: gss_indicate_mechs.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_indicate_mechs(OM_uint32 *minor_status, gss_OID_set *mech_set) { diff --git a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c index b9a1680dcb..d0e92f41ce 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_init_sec_context.c 21479 2007-07-10 16:32:19Z lha $"); +RCSID("$Id: gss_init_sec_context.c 23025 2008-04-17 10:01:57Z lha $"); static gss_cred_id_t _gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type) @@ -45,7 +45,7 @@ _gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type) return GSS_C_NO_CREDENTIAL; } -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_init_sec_context(OM_uint32 * minor_status, const gss_cred_id_t initiator_cred_handle, gss_ctx_id_t * context_handle, diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c index d45baac602..26f4038071 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_context.c 21125 2007-06-18 20:11:07Z lha $"); +RCSID("$Id: gss_inquire_context.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_context(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, gss_name_t *src_name, diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c index 97c3628225..1610be5538 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_cred.c 20626 2007-05-08 13:56:49Z lha $"); +RCSID("$Id: gss_inquire_cred.c 23025 2008-04-17 10:01:57Z lha $"); #define AUSAGE 1 #define IUSAGE 2 @@ -43,7 +43,7 @@ updateusage(gss_cred_usage_t usage, int *usagemask) *usagemask |= IUSAGE; } -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_cred(OM_uint32 *minor_status, const gss_cred_id_t cred_handle, gss_name_t *name_ret, diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c index aa83efb0c2..fedd963ffa 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_cred_by_mech.c 21124 2007-06-18 20:08:24Z lha $"); +RCSID("$Id: gss_inquire_cred_by_mech.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_cred_by_mech(OM_uint32 *minor_status, const gss_cred_id_t cred_handle, const gss_OID mech_type, diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c index 7b53a2ff4a..c1bbf3a724 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c @@ -31,9 +31,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_cred_by_oid.c 19960 2007-01-17 15:09:24Z lha $"); +RCSID("$Id: gss_inquire_cred_by_oid.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_cred_by_oid (OM_uint32 *minor_status, const gss_cred_id_t cred_handle, const gss_OID desired_object, diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c index 5330a747a6..6b06a33053 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_mechs_for_name.c 17844 2006-07-20 02:04:00Z lha $"); +RCSID("$Id: gss_inquire_mechs_for_name.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_mechs_for_name(OM_uint32 *minor_status, const gss_name_t input_name, gss_OID_set *mech_types) diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c index 65b52cbbc3..1ba1ee0563 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_names_for_mech.c 19960 2007-01-17 15:09:24Z lha $"); +RCSID("$Id: gss_inquire_names_for_mech.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_names_for_mech(OM_uint32 *minor_status, const gss_OID mechanism, gss_OID_set *name_types) diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c index fd8219ce02..b06a3e10f0 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c @@ -31,9 +31,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_sec_context_by_oid.c 19961 2007-01-17 15:57:51Z lha $"); +RCSID("$Id: gss_inquire_sec_context_by_oid.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_OID desired_object, diff --git a/source4/heimdal/lib/gssapi/mech/gss_krb5.c b/source4/heimdal/lib/gssapi/mech/gss_krb5.c index 03081cb70f..d6b89e3e23 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_krb5.c +++ b/source4/heimdal/lib/gssapi/mech/gss_krb5.c @@ -27,13 +27,13 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_krb5.c 21889 2007-08-09 07:43:24Z lha $"); +RCSID("$Id: gss_krb5.c 23420 2008-07-26 18:37:48Z lha $"); #include #include -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_copy_ccache(OM_uint32 *minor_status, gss_cred_id_t cred, krb5_ccache out) @@ -91,7 +91,7 @@ gss_krb5_copy_ccache(OM_uint32 *minor_status, return ret; } -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_import_cred(OM_uint32 *minor_status, krb5_ccache id, krb5_principal keytab_principal, @@ -186,7 +186,7 @@ out: return major_status; } -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_register_acceptor_identity(const char *identity) { struct _gss_mech_switch *m; @@ -208,7 +208,14 @@ gsskrb5_register_acceptor_identity(const char *identity) return (GSS_S_COMPLETE); } -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION +krb5_gss_register_acceptor_identity(const char *identity) +{ + return gsskrb5_register_acceptor_identity(identity); +} + + +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_set_dns_canonicalize(int flag) { struct _gss_mech_switch *m; @@ -253,7 +260,7 @@ free_key(gss_krb5_lucid_key_t *key) memset(key, 0, sizeof(*key)); } -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, OM_uint32 version, @@ -396,7 +403,7 @@ out: return GSS_S_COMPLETE; } -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c) { gss_krb5_lucid_context_v1_t *ctx = c; @@ -424,7 +431,7 @@ gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c) * */ -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, gss_cred_id_t cred, OM_uint32 num_enctypes, @@ -478,7 +485,7 @@ out: * */ -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c) { struct _gss_mech_switch *m; @@ -509,7 +516,7 @@ gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c) * */ -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_ccache_name(OM_uint32 *minor_status, const char *name, const char **out_name) @@ -541,7 +548,7 @@ gss_krb5_ccache_name(OM_uint32 *minor_status, * */ -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, gss_ctx_id_t context_handle, time_t *authtime) @@ -596,7 +603,7 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, * */ -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, gss_ctx_id_t context_handle, int ad_type, @@ -769,7 +776,7 @@ out: * */ -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, gss_ctx_id_t context_handle, krb5_keyblock **keyblock) @@ -780,7 +787,7 @@ gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, keyblock); } -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, gss_ctx_id_t context_handle, krb5_keyblock **keyblock) @@ -791,7 +798,7 @@ gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, keyblock); } -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_get_subkey(OM_uint32 *minor_status, gss_ctx_id_t context_handle, krb5_keyblock **keyblock) @@ -802,7 +809,7 @@ gsskrb5_get_subkey(OM_uint32 *minor_status, keyblock); } -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_set_default_realm(const char *realm) { struct _gss_mech_switch *m; @@ -824,7 +831,7 @@ gsskrb5_set_default_realm(const char *realm) return (GSS_S_COMPLETE); } -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_get_tkt_flags(OM_uint32 *minor_status, gss_ctx_id_t context_handle, OM_uint32 *tkt_flags) @@ -863,3 +870,53 @@ gss_krb5_get_tkt_flags(OM_uint32 *minor_status, return GSS_S_COMPLETE; } +OM_uint32 GSSAPI_LIB_FUNCTION +gsskrb5_set_time_offset(int offset) +{ + struct _gss_mech_switch *m; + gss_buffer_desc buffer; + OM_uint32 junk; + int32_t o = offset; + + _gss_load_mech(); + + buffer.value = &o; + buffer.length = sizeof(o); + + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (m->gm_mech.gm_set_sec_context_option == NULL) + continue; + m->gm_mech.gm_set_sec_context_option(&junk, NULL, + GSS_KRB5_SET_TIME_OFFSET_X, &buffer); + } + + return (GSS_S_COMPLETE); +} + +OM_uint32 GSSAPI_LIB_FUNCTION +gsskrb5_get_time_offset(int *offset) +{ + struct _gss_mech_switch *m; + gss_buffer_desc buffer; + OM_uint32 maj_stat, junk; + int32_t o; + + _gss_load_mech(); + + buffer.value = &o; + buffer.length = sizeof(o); + + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (m->gm_mech.gm_set_sec_context_option == NULL) + continue; + maj_stat = m->gm_mech.gm_set_sec_context_option(&junk, NULL, + GSS_KRB5_GET_TIME_OFFSET_X, &buffer); + + if (maj_stat == GSS_S_COMPLETE) { + *offset = o; + return maj_stat; + } + } + + return (GSS_S_UNAVAILABLE); +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c index fe65ad1ae1..8abbb7d0cc 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c +++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -28,7 +28,7 @@ #include "mech_locl.h" #include -RCSID("$Id: gss_mech_switch.c 21698 2007-07-26 19:07:11Z lha $"); +RCSID("$Id: gss_mech_switch.c 23471 2008-07-27 12:17:49Z lha $"); #ifndef _PATH_GSS_MECH #define _PATH_GSS_MECH "/etc/gss/mech" @@ -46,7 +46,7 @@ static int _gss_string_to_oid(const char* s, gss_OID oid) { int number_count, i, j; - int byte_count; + size_t byte_count; const char *p, *q; char *res; @@ -118,7 +118,7 @@ _gss_string_to_oid(const char* s, gss_OID oid) * The number is encoded in seven bit chunks. */ unsigned int t; - int bytes; + unsigned int bytes; bytes = 0; for (t = number; t; t >>= 7) @@ -229,6 +229,7 @@ _gss_load_mech(void) HEIMDAL_MUTEX_unlock(&_gss_mech_mutex); return; } + rk_cloexec_file(fp); while (fgets(buf, sizeof(buf), fp)) { if (*buf == '#') diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c index 8c75410cc1..b272316115 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c +++ b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c @@ -32,9 +32,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_oid_equal.c 17702 2006-06-28 09:07:08Z lha $"); +RCSID("$Id: gss_oid_equal.c 23025 2008-04-17 10:01:57Z lha $"); -int +int GSSAPI_LIB_FUNCTION gss_oid_equal(const gss_OID a, const gss_OID b) { if (a == b) diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c index e2cecaf6b4..4678a3e710 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c +++ b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c @@ -32,9 +32,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_oid_to_str.c 21409 2007-07-04 14:19:11Z lha $"); +RCSID("$Id: gss_oid_to_str.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str) { int ret; diff --git a/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c b/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c index dff6b04f14..db55bc24be 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c +++ b/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_process_context_token.c 17700 2006-06-28 09:00:26Z lha $"); +RCSID("$Id: gss_process_context_token.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_process_context_token(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t token_buffer) diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c b/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c index fc55cae030..eb1bf34985 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c +++ b/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_buffer.c 19962 2007-01-17 15:59:04Z lha $"); +RCSID("$Id: gss_release_buffer.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_release_buffer(OM_uint32 *minor_status, gss_buffer_t buffer) { diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_cred.c b/source4/heimdal/lib/gssapi/mech/gss_release_cred.c index b26dbd7865..9648929c91 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_release_cred.c +++ b/source4/heimdal/lib/gssapi/mech/gss_release_cred.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_cred.c 19963 2007-01-17 16:01:22Z lha $"); +RCSID("$Id: gss_release_cred.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) { struct _gss_cred *cred = (struct _gss_cred *) *cred_handle; diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_name.c b/source4/heimdal/lib/gssapi/mech/gss_release_name.c index 313eab8245..d8c36c10a7 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_release_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_release_name.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_name.c 18812 2006-10-22 07:59:06Z lha $"); +RCSID("$Id: gss_release_name.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_release_name(OM_uint32 *minor_status, gss_name_t *input_name) { diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_oid.c b/source4/heimdal/lib/gssapi/mech/gss_release_oid.c index 7754787fa8..ccc59638fb 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_release_oid.c +++ b/source4/heimdal/lib/gssapi/mech/gss_release_oid.c @@ -33,9 +33,9 @@ #include "mech_locl.h" -RCSID("$Id: gss_release_oid.c 17747 2006-06-30 09:34:54Z lha $"); +RCSID("$Id: gss_release_oid.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_release_oid(OM_uint32 *minor_status, gss_OID *oid) { gss_OID o = *oid; diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c b/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c index 388cfdbf4c..00b1f4656d 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c +++ b/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_oid_set.c 22144 2007-12-04 17:31:55Z lha $"); +RCSID("$Id: gss_release_oid_set.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_release_oid_set(OM_uint32 *minor_status, gss_OID_set *set) { diff --git a/source4/heimdal/lib/gssapi/mech/gss_seal.c b/source4/heimdal/lib/gssapi/mech/gss_seal.c index 71c5e70dc7..7979455430 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_seal.c +++ b/source4/heimdal/lib/gssapi/mech/gss_seal.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_seal.c 17700 2006-06-28 09:00:26Z lha $"); +RCSID("$Id: gss_seal.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_seal(OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, diff --git a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c index c32291396f..bbd75c9849 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c +++ b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c @@ -31,9 +31,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_set_cred_option.c 21126 2007-06-18 20:19:59Z lha $"); +RCSID("$Id: gss_set_cred_option.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_set_cred_option (OM_uint32 *minor_status, gss_cred_id_t *cred_handle, const gss_OID object, diff --git a/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c b/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c index d312251f53..48377fd6bc 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c +++ b/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c @@ -31,9 +31,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_set_sec_context_option.c 19928 2007-01-16 10:37:54Z lha $"); +RCSID("$Id: gss_set_sec_context_option.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_set_sec_context_option (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, const gss_OID object, diff --git a/source4/heimdal/lib/gssapi/mech/gss_sign.c b/source4/heimdal/lib/gssapi/mech/gss_sign.c index 5268197c61..c91b6490d2 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_sign.c +++ b/source4/heimdal/lib/gssapi/mech/gss_sign.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_sign.c 17700 2006-06-28 09:00:26Z lha $"); +RCSID("$Id: gss_sign.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_sign(OM_uint32 *minor_status, gss_ctx_id_t context_handle, int qop_req, diff --git a/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c b/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c index fc3c5ddeef..ee42cc5d1a 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c +++ b/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_test_oid_set_member.c 17700 2006-06-28 09:00:26Z lha $"); +RCSID("$Id: gss_test_oid_set_member.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_test_oid_set_member(OM_uint32 *minor_status, const gss_OID member, const gss_OID_set set, diff --git a/source4/heimdal/lib/gssapi/mech/gss_unseal.c b/source4/heimdal/lib/gssapi/mech/gss_unseal.c index 205cc6e326..d6f73c5522 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_unseal.c +++ b/source4/heimdal/lib/gssapi/mech/gss_unseal.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_unseal.c 17700 2006-06-28 09:00:26Z lha $"); +RCSID("$Id: gss_unseal.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_unseal(OM_uint32 *minor_status, gss_ctx_id_t context_handle, gss_buffer_t input_message_buffer, diff --git a/source4/heimdal/lib/gssapi/mech/gss_unwrap.c b/source4/heimdal/lib/gssapi/mech/gss_unwrap.c index 69c125356b..4866bacbe5 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_unwrap.c +++ b/source4/heimdal/lib/gssapi/mech/gss_unwrap.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_unwrap.c 17700 2006-06-28 09:00:26Z lha $"); +RCSID("$Id: gss_unwrap.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_unwrap(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t input_message_buffer, diff --git a/source4/heimdal/lib/gssapi/mech/gss_verify.c b/source4/heimdal/lib/gssapi/mech/gss_verify.c index f11cac7d2e..d82ceee984 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_verify.c +++ b/source4/heimdal/lib/gssapi/mech/gss_verify.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_verify.c 17700 2006-06-28 09:00:26Z lha $"); +RCSID("$Id: gss_verify.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_verify(OM_uint32 *minor_status, gss_ctx_id_t context_handle, gss_buffer_t message_buffer, diff --git a/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c b/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c index 118f50735f..c58c63ac0f 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c +++ b/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_verify_mic.c 19965 2007-01-17 16:23:47Z lha $"); +RCSID("$Id: gss_verify_mic.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_verify_mic(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t message_buffer, diff --git a/source4/heimdal/lib/gssapi/mech/gss_wrap.c b/source4/heimdal/lib/gssapi/mech/gss_wrap.c index 0eb9dfbc6d..f6b5077d0e 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_wrap.c +++ b/source4/heimdal/lib/gssapi/mech/gss_wrap.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_wrap.c 19965 2007-01-17 16:23:47Z lha $"); +RCSID("$Id: gss_wrap.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, diff --git a/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c b/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c index 35b3ad723d..14f373dada 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c +++ b/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c @@ -27,9 +27,9 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_wrap_size_limit.c 19965 2007-01-17 16:23:47Z lha $"); +RCSID("$Id: gss_wrap_size_limit.c 23025 2008-04-17 10:01:57Z lha $"); -OM_uint32 +OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap_size_limit(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c index df25b0f4bf..6b618092fe 100644 --- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: accept_sec_context.c 22600 2008-02-21 12:46:24Z lha $"); +RCSID("$Id: accept_sec_context.c 23158 2008-05-02 09:45:28Z lha $"); static OM_uint32 send_reject (OM_uint32 *minor_status, @@ -376,6 +376,9 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p, char mechbuf[64]; size_t mech_len; gss_OID_desc oid; + gss_OID oidp; + gss_OID_set mechs; + int i; OM_uint32 ret, junk; ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1, @@ -396,27 +399,29 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p, *minor_status = 0; /* Translate broken MS Kebreros OID */ - if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc)) { - gssapi_mech_interface mech; + if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc)) + oidp = &_gss_spnego_krb5_mechanism_oid_desc; + else + oidp = &oid; - mech = __gss_get_mechanism(&_gss_spnego_krb5_mechanism_oid_desc); - if (mech == NULL) - return GSS_S_BAD_MECH; - ret = gss_duplicate_oid(minor_status, - &_gss_spnego_mskrb_mechanism_oid_desc, - mech_p); - } else { - gssapi_mech_interface mech; + ret = gss_indicate_mechs(&junk, &mechs); + if (ret) + return (ret); - mech = __gss_get_mechanism(&oid); - if (mech == NULL) - return GSS_S_BAD_MECH; + for (i = 0; i < mechs->count; i++) + if (gss_oid_equal(&mechs->elements[i], oidp)) + break; - ret = gss_duplicate_oid(minor_status, - &mech->gm_mech_oid, - mech_p); + if (i == mechs->count) { + gss_release_oid_set(&junk, &mechs); + return GSS_S_BAD_MECH; } + gss_release_oid_set(&junk, &mechs); + + ret = gss_duplicate_oid(minor_status, + &oid, /* possibly this should be oidp */ + mech_p); if (verify_p) { gss_name_t name = GSS_C_NO_NAME; @@ -635,9 +640,6 @@ acceptor_start if (ctx->mech_src_name != GSS_C_NO_NAME) gss_release_name(&junk, &ctx->mech_src_name); - if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL) - _gss_spnego_release_cred(&junk, &ctx->delegated_cred_id); - ret = gss_accept_sec_context(minor_status, &ctx->negotiated_ctx_id, mech_cred, @@ -649,19 +651,20 @@ acceptor_start &ctx->mech_flags, &ctx->mech_time_rec, &mech_delegated_cred); + + if (mech_delegated_cred && delegated_cred_handle) { + _gss_spnego_alloc_cred(&junk, + mech_delegated_cred, + delegated_cred_handle); + } else if (mech_delegated_cred != GSS_C_NO_CREDENTIAL) + gss_release_cred(&junk, &mech_delegated_cred); + if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) { ctx->preferred_mech_type = preferred_mech_type; ctx->negotiated_mech_type = preferred_mech_type; if (ret == GSS_S_COMPLETE) ctx->open = 1; - if (mech_delegated_cred && delegated_cred_handle) - ret = _gss_spnego_alloc_cred(&junk, - mech_delegated_cred, - delegated_cred_handle); - else - gss_release_cred(&junk, &mech_delegated_cred); - ret = acceptor_complete(minor_status, ctx, &get_mic, @@ -740,10 +743,6 @@ out: *src_name = (gss_name_t)name; } } - if (delegated_cred_handle != NULL) { - *delegated_cred_handle = ctx->delegated_cred_id; - ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL; - } } if (mech_type != NULL) @@ -780,7 +779,7 @@ acceptor_continue gss_cred_id_t *delegated_cred_handle ) { - OM_uint32 ret, ret2, minor; + OM_uint32 ret, ret2, minor, junk; NegotiationToken nt; size_t nt_len; NegTokenResp *na; @@ -836,27 +835,16 @@ acceptor_continue if (mech_input_token != GSS_C_NO_BUFFER) { gss_cred_id_t mech_cred; - gss_cred_id_t mech_delegated_cred; - gss_cred_id_t *mech_delegated_cred_p; + gss_cred_id_t mech_delegated_cred = GSS_C_NO_CREDENTIAL; if (acceptor_cred != NULL) mech_cred = acceptor_cred->negotiated_cred_id; else mech_cred = GSS_C_NO_CREDENTIAL; - if (delegated_cred_handle != NULL) { - mech_delegated_cred = GSS_C_NO_CREDENTIAL; - mech_delegated_cred_p = &mech_delegated_cred; - } else { - mech_delegated_cred_p = NULL; - } - if (ctx->mech_src_name != GSS_C_NO_NAME) gss_release_name(&minor, &ctx->mech_src_name); - if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL) - _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id); - ret = gss_accept_sec_context(&minor, &ctx->negotiated_ctx_id, mech_cred, @@ -867,16 +855,16 @@ acceptor_continue &obuf, &ctx->mech_flags, &ctx->mech_time_rec, - mech_delegated_cred_p); + &mech_delegated_cred); + + if (mech_delegated_cred && delegated_cred_handle) { + _gss_spnego_alloc_cred(&junk, + mech_delegated_cred, + delegated_cred_handle); + } else if (mech_delegated_cred != GSS_C_NO_CREDENTIAL) + gss_release_cred(&junk, &mech_delegated_cred); + if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) { - if (mech_delegated_cred_p != NULL && - mech_delegated_cred != GSS_C_NO_CREDENTIAL) { - ret2 = _gss_spnego_alloc_cred(minor_status, - mech_delegated_cred, - &ctx->delegated_cred_id); - if (ret2 != GSS_S_COMPLETE) - ret = ret2; - } mech_output_token = &obuf; } if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) { @@ -958,10 +946,6 @@ acceptor_continue *src_name = (gss_name_t)name; } } - if (delegated_cred_handle != NULL) { - *delegated_cred_handle = ctx->delegated_cred_id; - ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL; - } } if (mech_type != NULL) diff --git a/source4/heimdal/lib/gssapi/spnego/compat.c b/source4/heimdal/lib/gssapi/spnego/compat.c index 287f4f760e..36de854784 100644 --- a/source4/heimdal/lib/gssapi/spnego/compat.c +++ b/source4/heimdal/lib/gssapi/spnego/compat.c @@ -32,7 +32,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: compat.c 21866 2007-08-08 11:31:29Z lha $"); +RCSID("$Id: compat.c 22688 2008-03-16 11:33:58Z lha $"); /* * Apparently Microsoft got the OID wrong, and used @@ -76,7 +76,6 @@ OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status, ctx->mech_flags = 0; ctx->mech_time_rec = 0; ctx->mech_src_name = GSS_C_NO_NAME; - ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL; ctx->open = 0; ctx->local = 0; @@ -124,8 +123,6 @@ OM_uint32 _gss_spnego_internal_delete_sec_context if (ctx->initiator_mech_types.val != NULL) free_MechTypeList(&ctx->initiator_mech_types); - _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id); - gss_release_oid(&minor, &ctx->preferred_mech_type); ctx->negotiated_mech_type = GSS_C_NO_OID; diff --git a/source4/heimdal/lib/gssapi/spnego/context_stubs.c b/source4/heimdal/lib/gssapi/spnego/context_stubs.c index 0169017ee5..6f1c3eb4b6 100644 --- a/source4/heimdal/lib/gssapi/spnego/context_stubs.c +++ b/source4/heimdal/lib/gssapi/spnego/context_stubs.c @@ -32,7 +32,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: context_stubs.c 22604 2008-02-21 21:12:48Z lha $"); +RCSID("$Id: context_stubs.c 22688 2008-03-16 11:33:58Z lha $"); static OM_uint32 spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs) @@ -907,7 +907,7 @@ OM_uint32 _gss_spnego_set_sec_context_option return GSS_S_NO_CONTEXT; } - ctx = (gssspnego_ctx)context_handle; + ctx = (gssspnego_ctx)*context_handle; if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; @@ -919,3 +919,31 @@ OM_uint32 _gss_spnego_set_sec_context_option value); } + +OM_uint32 +_gss_spnego_pseudo_random(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int prf_key, + const gss_buffer_t prf_in, + ssize_t desired_output_len, + gss_buffer_t prf_out) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) + return GSS_S_NO_CONTEXT; + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) + return GSS_S_NO_CONTEXT; + + return gss_pseudo_random(minor_status, + ctx->negotiated_ctx_id, + prf_key, + prf_in, + desired_output_len, + prf_out); +} diff --git a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c index 2362e99019..d87d7d618e 100644 --- a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c +++ b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c @@ -32,7 +32,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: cred_stubs.c 20619 2007-05-08 13:43:45Z lha $"); +RCSID("$Id: cred_stubs.c 22688 2008-03-16 11:33:58Z lha $"); OM_uint32 _gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) @@ -334,3 +334,23 @@ OM_uint32 _gss_spnego_inquire_cred_by_oid return ret; } +OM_uint32 +_gss_spnego_set_cred_option (OM_uint32 *minor_status, + gss_cred_id_t *cred_handle, + const gss_OID object, + const gss_buffer_t value) +{ + gssspnego_cred cred; + + if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) { + *minor_status = 0; + return GSS_S_NO_CRED; + } + + cred = (gssspnego_cred)*cred_handle; + return gss_set_cred_option(minor_status, + &cred->negotiated_cred_id, + object, + value); +} + diff --git a/source4/heimdal/lib/gssapi/spnego/external.c b/source4/heimdal/lib/gssapi/spnego/external.c index 6c9a03a3b0..317d358707 100644 --- a/source4/heimdal/lib/gssapi/spnego/external.c +++ b/source4/heimdal/lib/gssapi/spnego/external.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" #include -RCSID("$Id: external.c 22600 2008-02-21 12:46:24Z lha $"); +RCSID("$Id: external.c 22688 2008-03-16 11:33:58Z lha $"); /* * RFC2478, SPNEGO: @@ -57,8 +57,8 @@ static gssapi_mech_interface_desc spnego_mech = { _gss_spnego_verify_mic, _gss_spnego_wrap, _gss_spnego_unwrap, - NULL, - NULL, + NULL, /* gm_display_status */ + NULL, /* gm_indicate_mechs */ _gss_spnego_compare_name, _gss_spnego_display_name, _gss_spnego_import_name, @@ -74,7 +74,12 @@ static gssapi_mech_interface_desc spnego_mech = { _gss_spnego_inquire_names_for_mech, _gss_spnego_inquire_mechs_for_name, _gss_spnego_canonicalize_name, - _gss_spnego_duplicate_name + _gss_spnego_duplicate_name, + _gss_spnego_inquire_sec_context_by_oid, + _gss_spnego_inquire_cred_by_oid, + _gss_spnego_set_sec_context_option, + _gss_spnego_set_cred_option, + _gss_spnego_pseudo_random }; gssapi_mech_interface diff --git a/source4/heimdal/lib/gssapi/spnego/spnego-private.h b/source4/heimdal/lib/gssapi/spnego/spnego-private.h index 69f4d8423d..3b20d737b7 100644 --- a/source4/heimdal/lib/gssapi/spnego/spnego-private.h +++ b/source4/heimdal/lib/gssapi/spnego/spnego-private.h @@ -224,6 +224,15 @@ _gss_spnego_process_context_token ( const gss_ctx_id_t /*context_handle*/, const gss_buffer_t token_buffer ); +OM_uint32 +_gss_spnego_pseudo_random ( + OM_uint32 */*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*prf_key*/, + const gss_buffer_t /*prf_in*/, + ssize_t /*desired_output_len*/, + gss_buffer_t /*prf_out*/); + OM_uint32 _gss_spnego_release_cred ( OM_uint32 */*minor_status*/, @@ -250,6 +259,13 @@ _gss_spnego_seal ( int * /*conf_state*/, gss_buffer_t output_message_buffer ); +OM_uint32 +_gss_spnego_set_cred_option ( + OM_uint32 */*minor_status*/, + gss_cred_id_t */*cred_handle*/, + const gss_OID /*object*/, + const gss_buffer_t /*value*/); + OM_uint32 _gss_spnego_set_sec_context_option ( OM_uint32 * /*minor_status*/, diff --git a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h index 44b24688e1..6eb808efbc 100644 --- a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h +++ b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h @@ -30,7 +30,7 @@ * SUCH DAMAGE. */ -/* $Id: spnego_locl.h 19411 2006-12-18 15:42:03Z lha $ */ +/* $Id: spnego_locl.h 23161 2008-05-05 09:56:20Z lha $ */ #ifndef SPNEGO_LOCL_H #define SPNEGO_LOCL_H @@ -86,7 +86,6 @@ typedef struct { OM_uint32 mech_flags; OM_uint32 mech_time_rec; gss_name_t mech_src_name; - gss_cred_id_t delegated_cred_id; unsigned int open : 1; unsigned int local : 1; unsigned int require_mic : 1; diff --git a/source4/heimdal/lib/hcrypto/aes.c b/source4/heimdal/lib/hcrypto/aes.c old mode 100755 new mode 100644 diff --git a/source4/heimdal/lib/hcrypto/aes.h b/source4/heimdal/lib/hcrypto/aes.h old mode 100755 new mode 100644 index e91d8e73e1..eeba5c9e51 --- a/source4/heimdal/lib/hcrypto/aes.h +++ b/source4/heimdal/lib/hcrypto/aes.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: aes.h 17450 2006-05-05 11:11:43Z lha $ */ +/* $Id: aes.h 22958 2008-04-11 11:33:22Z lha $ */ #ifndef HEIM_AES_H #define HEIM_AES_H 1 @@ -58,6 +58,10 @@ typedef struct aes_key { int rounds; } AES_KEY; +#ifdef __cplusplus +extern "C" { +#endif + int AES_set_encrypt_key(const unsigned char *, const int, AES_KEY *); int AES_set_decrypt_key(const unsigned char *, const int, AES_KEY *); @@ -68,4 +72,8 @@ void AES_cbc_encrypt(const unsigned char *, unsigned char *, const unsigned long, const AES_KEY *, unsigned char *, int); +#ifdef __cplusplus +} +#endif + #endif /* HEIM_AES_H */ diff --git a/source4/heimdal/lib/hcrypto/bn.c b/source4/heimdal/lib/hcrypto/bn.c index 6076478bbb..1f8c1d5471 100644 --- a/source4/heimdal/lib/hcrypto/bn.c +++ b/source4/heimdal/lib/hcrypto/bn.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: bn.c 22261 2007-12-09 06:24:18Z lha $"); +RCSID("$Id: bn.c 22850 2008-04-07 18:49:01Z lha $"); #include #include @@ -297,13 +297,13 @@ BN_set_word(BIGNUM *bn, unsigned long num) for (num2 = num, i = 0; num2 > 0; i++) num2 = num2 >> 8; - len = i - 1; + len = i; for (; i > 0; i--) { p[i - 1] = (num & 0xff); num = num >> 8; } - bn = BN_bin2bn(p, len + 1, bn); + bn = BN_bin2bn(p, len, bn); return bn != NULL; } diff --git a/source4/heimdal/lib/hcrypto/camellia-ntt.c b/source4/heimdal/lib/hcrypto/camellia-ntt.c index c32c406baa..80fc49aef9 100644 --- a/source4/heimdal/lib/hcrypto/camellia-ntt.c +++ b/source4/heimdal/lib/hcrypto/camellia-ntt.c @@ -23,14 +23,12 @@ * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html */ + #include #include -#include "camellia.h" - -/* u32 must be 32bit word */ -typedef unsigned int u32; -typedef unsigned char u8; +#include +#include "camellia-ntt.h" /* key constants */ @@ -444,7 +442,7 @@ static const u32 camellia_sp4404[256] = { #define subl(x) subL[(x)] #define subr(x) subR[(x)] -void camellia_setup128(const unsigned char *key, u32 *subkey) +static void camellia_setup128(const unsigned char *key, u32 *subkey) { u32 kll, klr, krl, krr; u32 il, ir, t0, t1, w0, w1; @@ -655,7 +653,7 @@ void camellia_setup128(const unsigned char *key, u32 *subkey) return; } -void camellia_setup256(const unsigned char *key, u32 *subkey) +static void camellia_setup256(const unsigned char *key, u32 *subkey) { u32 kll,klr,krl,krr; /* left half of key */ u32 krll,krlr,krrl,krrr; /* right half of key */ @@ -941,7 +939,7 @@ void camellia_setup256(const unsigned char *key, u32 *subkey) return; } -void camellia_setup192(const unsigned char *key, u32 *subkey) +static void camellia_setup192(const unsigned char *key, u32 *subkey) { unsigned char kk[32]; u32 krll, krlr, krrl,krrr; @@ -963,7 +961,7 @@ void camellia_setup192(const unsigned char *key, u32 *subkey) * * "io" must be 4byte aligned and big-endian data. */ -void camellia_encrypt128(const u32 *subkey, u32 *io) +static void camellia_encrypt128(const u32 *subkey, u32 *io) { u32 il, ir, t0, t1; @@ -1053,7 +1051,7 @@ void camellia_encrypt128(const u32 *subkey, u32 *io) return; } -void camellia_decrypt128(const u32 *subkey, u32 *io) +static void camellia_decrypt128(const u32 *subkey, u32 *io) { u32 il,ir,t0,t1; /* temporary valiables */ @@ -1146,7 +1144,7 @@ void camellia_decrypt128(const u32 *subkey, u32 *io) /** * stuff for 192 and 256bit encryption/decryption */ -void camellia_encrypt256(const u32 *subkey, u32 *io) +static void camellia_encrypt256(const u32 *subkey, u32 *io) { u32 il,ir,t0,t1; /* temporary valiables */ @@ -1260,7 +1258,7 @@ void camellia_encrypt256(const u32 *subkey, u32 *io) return; } -void camellia_decrypt256(const u32 *subkey, u32 *io) +static void camellia_decrypt256(const u32 *subkey, u32 *io) { u32 il,ir,t0,t1; /* temporary valiables */ diff --git a/source4/heimdal/lib/hcrypto/camellia-ntt.h b/source4/heimdal/lib/hcrypto/camellia-ntt.h index 740ed8bfd9..8356e3b31e 100644 --- a/source4/heimdal/lib/hcrypto/camellia-ntt.h +++ b/source4/heimdal/lib/hcrypto/camellia-ntt.h @@ -29,7 +29,11 @@ extern "C" { #define CAMELLIA_TABLE_BYTE_LEN 272 #define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) -typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; +/* u32 must be 32bit word */ +typedef uint32_t u32; +typedef unsigned char u8; + +typedef u32 KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; void Camellia_Ekeygen(const int keyBitLength, diff --git a/source4/heimdal/lib/hcrypto/camellia.h b/source4/heimdal/lib/hcrypto/camellia.h index 3b21934b66..f736f88b1e 100644 --- a/source4/heimdal/lib/hcrypto/camellia.h +++ b/source4/heimdal/lib/hcrypto/camellia.h @@ -36,9 +36,6 @@ #ifndef HEIM_CAMELLIA_H #define HEIM_CAMELLIA_H 1 -#include -#include "camellia-ntt.h" - /* symbol renaming */ #define CAMELLIA_set_key hc_CAMELLIA_set_encrypt_key #define CAMELLIA_encrypt hc_CAMELLIA_encrypt @@ -50,14 +47,15 @@ */ #define CAMELLIA_BLOCK_SIZE 16 -#define CAMELLIA_MAXNR 14 +#define CAMELLIA_TABLE_BYTE_LEN 272 +#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) #define CAMELLIA_ENCRYPT 1 #define CAMELLIA_DECRYPT 0 typedef struct camellia_key { unsigned int bits; - KEY_TABLE_TYPE key; + uint32_t key[CAMELLIA_TABLE_WORD_LEN]; } CAMELLIA_KEY; int CAMELLIA_set_key(const unsigned char *, const int, CAMELLIA_KEY *); diff --git a/source4/heimdal/lib/hcrypto/des.c b/source4/heimdal/lib/hcrypto/des.c index a4444a8a7c..9e533dd708 100644 --- a/source4/heimdal/lib/hcrypto/des.c +++ b/source4/heimdal/lib/hcrypto/des.c @@ -31,7 +31,46 @@ * SUCH DAMAGE. */ -/* +/** + * @page page_des DES - Data Encryption Standard crypto interface + * + * See the library functions here: @ref hcrypto_des + * + * DES was created by IBM, modififed by NSA and then adopted by NBS + * (now NIST) and published ad FIPS PUB 46 (updated by FIPS 46-1). + * + * Since the 19th May 2005 DES was withdrawn by NIST and should no + * longer be used. See @ref page_evp for replacement encryption + * algorithms and interfaces. + * + * Read more the iteresting history of DES on Wikipedia + * http://www.wikipedia.org/wiki/Data_Encryption_Standard . + * + * @section des_keygen DES key generation + * + * To generate a DES key safely you have to use the code-snippet + * below. This is because the DES_random_key() can fail with an + * abort() in case of and failure to start the random generator. + * + * There is a replacement function DES_new_random_key(), however that + * function does not exists in OpenSSL. + * + * @code + * DES_cblock key; + * do { + * if (RAND_rand(&key, sizeof(key)) != 1) + * goto failure; + * DES_set_odd_parity(key); + * } while (DES_is_weak_key(&key)); + * @endcode + * + * @section des_impl DES implementation history + * + * There was no complete BSD licensed, fast, GPL compatible + * implementation of DES, so Love wrote the part that was missing, + * fast key schedule setup and adapted the interface to the orignal + * libdes. + * * The document that got me started for real was "Efficient * Implementation of the Data Encryption Standard" by Dag Arne Osvik. * I never got to the PC1 transformation was working, instead I used @@ -45,9 +84,11 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: des.c 17211 2006-04-24 14:26:19Z lha $"); +RCSID("$Id: des.c 23117 2008-04-28 10:29:36Z lha $"); #endif +#define HC_DEPRECATED + #include #include #include @@ -70,17 +111,39 @@ static void FP(uint32_t [2]); x = ( ((x)<<(2)) & 0xffffffc) | ((x) >> 26); \ } -/* +/** + * Set the parity of the key block, used to generate a des key from a + * random key. See @ref des_keygen. * + * @param key key to fixup the parity for. + * @ingroup hcrypto_des */ -int +void DES_set_odd_parity(DES_cblock *key) { - int i; + unsigned int i; for (i = 0; i < DES_CBLOCK_LEN; i++) (*key)[i] = odd_parity[(*key)[i]]; - return 0; +} + +/** + * Check if the key have correct parity. + * + * @param key key to check the parity. + * @return 1 on success, 0 on failure. + * @ingroup hcrypto_des + */ + +int HC_DEPRECATED +DES_check_key_parity(DES_cblock *key) +{ + unsigned int i; + + for (i = 0; i < DES_CBLOCK_LEN; i++) + if ((*key)[i] != odd_parity[(*key)[i]]) + return 0; + return 1; } /* @@ -107,6 +170,16 @@ static DES_cblock weak_keys[] = { {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1} }; +/** + * Checks if the key is any of the weaks keys that makes DES attacks + * trival. + * + * @param key key to check. + * + * @return 1 if the key is weak, 0 otherwise. + * @ingroup hcrypto_des + */ + int DES_is_weak_key(DES_cblock *key) { @@ -119,13 +192,38 @@ DES_is_weak_key(DES_cblock *key) return 0; } +/** + * Setup a des key schedule from a key. Deprecated function, use + * DES_set_key_unchecked() or DES_set_key_checked() instead. + * + * @param key a key to initialize the key schedule with. + * @param ks a key schedule to initialize. + * + * @return 0 on success + * @ingroup hcrypto_des + */ -/* +int HC_DEPRECATED +DES_set_key(DES_cblock *key, DES_key_schedule *ks) +{ + return DES_set_key_checked(key, ks); +} + +/** + * Setup a des key schedule from a key. The key is no longer needed + * after this transaction and can cleared. * + * Does NOT check that the key is weak for or have wrong parity. + * + * @param key a key to initialize the key schedule with. + * @param ks a key schedule to initialize. + * + * @return 0 on success + * @ingroup hcrypto_des */ int -DES_set_key(DES_cblock *key, DES_key_schedule *ks) +DES_set_key_unchecked(DES_cblock *key, DES_key_schedule *ks) { uint32_t t1, t2; uint32_t c, d; @@ -184,28 +282,46 @@ DES_set_key(DES_cblock *key, DES_key_schedule *ks) return 0; } -/* +/** + * Just like DES_set_key_unchecked() except checking that the key is + * not weak for or have correct parity. + * + * @param key a key to initialize the key schedule with. + * @param ks a key schedule to initialize. * + * @return 0 on success, -1 on invalid parity, -2 on weak key. + * @ingroup hcrypto_des */ int DES_set_key_checked(DES_cblock *key, DES_key_schedule *ks) { + if (!DES_check_key_parity(key)) { + memset(ks, 0, sizeof(*ks)); + return -1; + } if (DES_is_weak_key(key)) { memset(ks, 0, sizeof(*ks)); - return 1; + return -2; } - return DES_set_key(key, ks); + return DES_set_key_unchecked(key, ks); } -/* - * Compatibility function for eay libdes +/** + * Compatibility function for eay libdes, works just like + * DES_set_key_checked(). + * + * @param key a key to initialize the key schedule with. + * @param ks a key schedule to initialize. + * + * @return 0 on success, -1 on invalid parity, -2 on weak key. + * @ingroup hcrypto_des */ int DES_key_sched(DES_cblock *key, DES_key_schedule *ks) { - return DES_set_key(key, ks); + return DES_set_key_checked(key, ks); } /* @@ -238,39 +354,63 @@ store(const uint32_t v[2], unsigned char *b) b[7] = (v[1] >> 0) & 0xff; } -/* +/** + * Encrypt/decrypt a block using DES. Also called ECB mode + * + * @param u data to encrypt + * @param ks key schedule to use + * @param encp if non zero, encrypt. if zero, decrypt. * + * @ingroup hcrypto_des */ void -DES_encrypt(uint32_t u[2], DES_key_schedule *ks, int forward_encrypt) +DES_encrypt(uint32_t u[2], DES_key_schedule *ks, int encp) { IP(u); - desx(u, ks, forward_encrypt); + desx(u, ks, encp); FP(u); } -/* +/** + * Encrypt/decrypt a block using DES. * + * @param input data to encrypt + * @param output data to encrypt + * @param ks key schedule to use + * @param encp if non zero, encrypt. if zero, decrypt. + * + * @ingroup hcrypto_des */ void DES_ecb_encrypt(DES_cblock *input, DES_cblock *output, - DES_key_schedule *ks, int forward_encrypt) + DES_key_schedule *ks, int encp) { uint32_t u[2]; load(*input, u); - DES_encrypt(u, ks, forward_encrypt); + DES_encrypt(u, ks, encp); store(u, *output); } -/* +/** + * Encrypt/decrypt a block using DES in Chain Block Cipher mode (cbc). * + * The IV must always be diffrent for diffrent input data blocks. + * + * @param in data to encrypt + * @param out data to encrypt + * @param length length of data + * @param ks key schedule to use + * @param iv initial vector to use + * @param encp if non zero, encrypt. if zero, decrypt. + * + * @ingroup hcrypto_des */ void DES_cbc_encrypt(const void *in, void *out, long length, - DES_key_schedule *ks, DES_cblock *iv, int forward_encrypt) + DES_key_schedule *ks, DES_cblock *iv, int encp) { const unsigned char *input = in; unsigned char *output = out; @@ -279,7 +419,7 @@ DES_cbc_encrypt(const void *in, void *out, long length, load(*iv, uiv); - if (forward_encrypt) { + if (encp) { while (length >= DES_CBLOCK_LEN) { load(input, u); u[0] ^= uiv[0]; u[1] ^= uiv[1]; @@ -327,13 +467,26 @@ DES_cbc_encrypt(const void *in, void *out, long length, uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0; } -/* +/** + * Encrypt/decrypt a block using DES in Propagating Cipher Block + * Chaining mode. This mode is only used for Kerberos 4, and it should + * stay that way. + * + * The IV must always be diffrent for diffrent input data blocks. * + * @param in data to encrypt + * @param out data to encrypt + * @param length length of data + * @param ks key schedule to use + * @param iv initial vector to use + * @param encp if non zero, encrypt. if zero, decrypt. + * + * @ingroup hcrypto_des */ void DES_pcbc_encrypt(const void *in, void *out, long length, - DES_key_schedule *ks, DES_cblock *iv, int forward_encrypt) + DES_key_schedule *ks, DES_cblock *iv, int encp) { const unsigned char *input = in; unsigned char *output = out; @@ -342,7 +495,7 @@ DES_pcbc_encrypt(const void *in, void *out, long length, load(*iv, uiv); - if (forward_encrypt) { + if (encp) { uint32_t t[2]; while (length >= DES_CBLOCK_LEN) { load(input, u); @@ -397,10 +550,10 @@ DES_pcbc_encrypt(const void *in, void *out, long length, static void _des3_encrypt(uint32_t u[2], DES_key_schedule *ks1, DES_key_schedule *ks2, - DES_key_schedule *ks3, int forward_encrypt) + DES_key_schedule *ks3, int encp) { IP(u); - if (forward_encrypt) { + if (encp) { desx(u, ks1, 1); /* IP + FP cancel out each other */ desx(u, ks2, 0); desx(u, ks3, 1); @@ -412,8 +565,18 @@ _des3_encrypt(uint32_t u[2], DES_key_schedule *ks1, DES_key_schedule *ks2, FP(u); } -/* +/** + * Encrypt/decrypt a block using triple DES using EDE mode, + * encrypt/decrypt/encrypt. + * + * @param input data to encrypt + * @param output data to encrypt + * @param ks1 key schedule to use + * @param ks2 key schedule to use + * @param ks3 key schedule to use + * @param encp if non zero, encrypt. if zero, decrypt. * + * @ingroup hcrypto_des */ void @@ -422,24 +585,37 @@ DES_ecb3_encrypt(DES_cblock *input, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, - int forward_encrypt) + int encp) { uint32_t u[2]; load(*input, u); - _des3_encrypt(u, ks1, ks2, ks3, forward_encrypt); + _des3_encrypt(u, ks1, ks2, ks3, encp); store(u, *output); return; } -/* +/** + * Encrypt/decrypt using Triple DES in Chain Block Cipher mode (cbc). + * + * The IV must always be diffrent for diffrent input data blocks. * + * @param in data to encrypt + * @param out data to encrypt + * @param length length of data + * @param ks1 key schedule to use + * @param ks2 key schedule to use + * @param ks3 key schedule to use + * @param iv initial vector to use + * @param encp if non zero, encrypt. if zero, decrypt. + * + * @ingroup hcrypto_des */ void DES_ede3_cbc_encrypt(const void *in, void *out, long length, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, - DES_cblock *iv, int forward_encrypt) + DES_cblock *iv, int encp) { const unsigned char *input = in; unsigned char *output = out; @@ -448,7 +624,7 @@ DES_ede3_cbc_encrypt(const void *in, void *out, load(*iv, uiv); - if (forward_encrypt) { + if (encp) { while (length >= DES_CBLOCK_LEN) { load(input, u); u[0] ^= uiv[0]; u[1] ^= uiv[1]; @@ -497,14 +673,27 @@ DES_ede3_cbc_encrypt(const void *in, void *out, uiv[0] = 0; u[0] = 0; uiv[1] = 0; u[1] = 0; } -/* +/** + * Encrypt/decrypt using DES in cipher feedback mode with 64 bit + * feedback. + * + * The IV must always be diffrent for diffrent input data blocks. + * + * @param in data to encrypt + * @param out data to encrypt + * @param length length of data + * @param ks key schedule to use + * @param iv initial vector to use + * @param num offset into in cipher block encryption/decryption stop last time. + * @param encp if non zero, encrypt. if zero, decrypt. * + * @ingroup hcrypto_des */ void DES_cfb64_encrypt(const void *in, void *out, long length, DES_key_schedule *ks, DES_cblock *iv, - int *num, int forward_encrypt) + int *num, int encp) { const unsigned char *input = in; unsigned char *output = out; @@ -515,7 +704,7 @@ DES_cfb64_encrypt(const void *in, void *out, assert(*num >= 0 && *num < DES_CBLOCK_LEN); - if (forward_encrypt) { + if (encp) { int i = *num; while (length > 0) { @@ -562,8 +751,19 @@ DES_cfb64_encrypt(const void *in, void *out, } } -/* +/** + * Crete a checksum using DES in CBC encryption mode. This mode is + * only used for Kerberos 4, and it should stay that way. + * + * The IV must always be diffrent for diffrent input data blocks. + * + * @param in data to checksum + * @param output the checksum + * @param length length of data + * @param ks key schedule to use + * @param iv initial vector to use * + * @ingroup hcrypto_des */ uint32_t @@ -616,6 +816,16 @@ bitswap8(unsigned char b) return r; } +/** + * Convert a string to a DES key. Use something like + * PKCS5_PBKDF2_HMAC_SHA1() to create key from passwords. + * + * @param str The string to convert to a key + * @param key the resulting key + * + * @ingroup hcrypto_des + */ + void DES_string_to_key(const char *str, DES_cblock *key) { @@ -646,8 +856,16 @@ DES_string_to_key(const char *str, DES_cblock *key) k[7] ^= 0xF0; } -/* +/** + * Read password from prompt and create a DES key. Internal uses + * DES_string_to_key(). Really, go use a really string2key function + * like PKCS5_PBKDF2_HMAC_SHA1(). + * + * @param key key to convert to + * @param prompt prompt to display user + * @param verify prompt twice. * + * @return 1 on success, non 1 on failure. */ int @@ -657,7 +875,7 @@ DES_read_password(DES_cblock *key, char *prompt, int verify) int ret; ret = UI_UTIL_read_pw_string(buf, sizeof(buf) - 1, prompt, verify); - if (ret == 0) + if (ret == 1) DES_string_to_key(buf, key); return ret; } @@ -892,7 +1110,7 @@ FP(uint32_t v[2]) } static void -desx(uint32_t block[2], DES_key_schedule *ks, int forward_encrypt) +desx(uint32_t block[2], DES_key_schedule *ks, int encp) { uint32_t *keys; uint32_t fval, work, right, left; @@ -901,7 +1119,7 @@ desx(uint32_t block[2], DES_key_schedule *ks, int forward_encrypt) left = block[0]; right = block[1]; - if (forward_encrypt) { + if (encp) { keys = &ks->ks[0]; for( round = 0; round < 8; round++ ) { diff --git a/source4/heimdal/lib/hcrypto/des.h b/source4/heimdal/lib/hcrypto/des.h index ac8deb8ab8..3c52f59e28 100644 --- a/source4/heimdal/lib/hcrypto/des.h +++ b/source4/heimdal/lib/hcrypto/des.h @@ -31,36 +31,38 @@ * SUCH DAMAGE. */ -/* $Id: des.h 16480 2006-01-08 21:47:29Z lha $ */ +/* $Id: des.h 23148 2008-04-29 05:53:27Z biorn $ */ #ifndef _DESperate_H #define _DESperate_H 1 /* symbol renaming */ -#define DES_set_odd_parity hc_DES_set_odd_parity +#define _DES_ipfp_test _hc_DES_ipfp_test +#define DES_cbc_cksum hc_DES_cbc_cksum +#define DES_cbc_encrypt hc_DES_cbc_encrypt +#define DES_cfb64_encrypt hc_DES_cfb64_encrypt +#define DES_check_key_parity hc_DES_check_key_parity +#define DES_ecb3_encrypt hc_DES_ecb3_encrypt +#define DES_ecb_encrypt hc_DES_ecb_encrypt +#define DES_ede3_cbc_encrypt hc_DES_ede3_cbc_encrypt +#define DES_encrypt hc_DES_encrypt +#define DES_generate_random_block hc_DES_generate_random_block +#define DES_init_random_number_generator hc_DES_init_random_number_generator #define DES_is_weak_key hc_DES_is_weak_key #define DES_key_sched hc_DES_key_sched +#define DES_new_random_key hc_DES_new_random_key +#define DES_pcbc_encrypt hc_DES_pcbc_encrypt +#define DES_rand_data hc_DES_rand_data +#define DES_random_key hc_DES_random_key +#define DES_read_password hc_DES_read_password #define DES_set_key hc_DES_set_key #define DES_set_key_checked hc_DES_set_key_checked +#define DES_set_key_unchecked hc_DES_set_key_unchecked #define DES_set_key_sched hc_DES_set_key_sched -#define DES_new_random_key hc_DES_new_random_key -#define DES_string_to_key hc_DES_string_to_key -#define DES_read_password hc_DES_read_password -#define DES_rand_data hc_DES_rand_data +#define DES_set_odd_parity hc_DES_set_odd_parity #define DES_set_random_generator_seed hc_DES_set_random_generator_seed -#define DES_generate_random_block hc_DES_generate_random_block #define DES_set_sequence_number hc_DES_set_sequence_number -#define DES_init_random_number_generator hc_DES_init_random_number_generator -#define DES_random_key hc_DES_random_key -#define DES_encrypt hc_DES_encrypt -#define DES_ecb_encrypt hc_DES_ecb_encrypt -#define DES_ecb3_encrypt hc_DES_ecb3_encrypt -#define DES_pcbc_encrypt hc_DES_pcbc_encrypt -#define DES_cbc_encrypt hc_DES_cbc_encrypt -#define DES_cbc_cksum hc_DES_cbc_cksum -#define DES_ede3_cbc_encrypt hc_DES_ede3_cbc_encrypt -#define DES_cfb64_encrypt hc_DES_cfb64_encrypt -#define _DES_ipfp_test _hc_DES_ipfp_test +#define DES_string_to_key hc_DES_string_to_key /* * @@ -82,21 +84,35 @@ typedef struct DES_key_schedule * */ -int DES_set_odd_parity(DES_cblock *); +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +#ifndef HC_DEPRECATED +#define HC_DEPRECATED __attribute__((deprecated)) +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +void DES_set_odd_parity(DES_cblock *); +int DES_check_key_parity(DES_cblock *); int DES_is_weak_key(DES_cblock *); -int DES_set_key(DES_cblock *, DES_key_schedule *); +int HC_DEPRECATED DES_set_key(DES_cblock *, DES_key_schedule *); int DES_set_key_checked(DES_cblock *, DES_key_schedule *); +int DES_set_key_unchecked(DES_cblock *, DES_key_schedule *); int DES_key_sched(DES_cblock *, DES_key_schedule *); -int DES_new_random_key(DES_cblock *); void DES_string_to_key(const char *, DES_cblock *); int DES_read_password(DES_cblock *, char *, int); -void DES_rand_data(void *, int); -void DES_set_random_generator_seed(DES_cblock *); -void DES_generate_random_block(DES_cblock *); -void DES_set_sequence_number(void *); -void DES_init_random_number_generator(DES_cblock *); -void DES_random_key(DES_cblock *); +void HC_DEPRECATED DES_rand_data(void *, int); +void HC_DEPRECATED DES_set_random_generator_seed(DES_cblock *); +void HC_DEPRECATED DES_generate_random_block(DES_cblock *); +void HC_DEPRECATED DES_set_sequence_number(void *); +void HC_DEPRECATED DES_init_random_number_generator(DES_cblock *); +void HC_DEPRECATED DES_random_key(DES_cblock *); +int HC_DEPRECATED DES_new_random_key(DES_cblock *); void DES_encrypt(uint32_t [2], DES_key_schedule *, int); @@ -110,8 +126,8 @@ void DES_cbc_encrypt(const void *, void *, long, void DES_ede3_cbc_encrypt(const void *, void *, long, DES_key_schedule *, DES_key_schedule *, DES_key_schedule *, DES_cblock *, int); -void DES_cfb64_encrypt(const void *, void *, long, - DES_key_schedule *, DES_cblock *, int *, int); +void DES_cfb64_encrypt(const void *, void *, long, + DES_key_schedule *, DES_cblock *, int *, int); uint32_t DES_cbc_cksum(const void *, DES_cblock *, @@ -120,5 +136,9 @@ uint32_t DES_cbc_cksum(const void *, DES_cblock *, void _DES_ipfp_test(void); +#ifdef __cplusplus +} +#endif + #endif /* _DESperate_H */ diff --git a/source4/heimdal/lib/hcrypto/evp.c b/source4/heimdal/lib/hcrypto/evp.c index 788000b054..b4fb8a7f23 100644 --- a/source4/heimdal/lib/hcrypto/evp.c +++ b/source4/heimdal/lib/hcrypto/evp.c @@ -35,7 +35,9 @@ #include #endif -RCSID("$Id: evp.c 22379 2007-12-29 11:13:26Z lha $"); +RCSID("$Id: evp.c 23144 2008-04-29 05:47:16Z lha $"); + +#define HC_DEPRECATED #include #include @@ -79,6 +81,13 @@ struct hc_evp_md { evp_md_cleanup cleanup; }; +struct hc_EVP_MD_CTX { + const EVP_MD *md; + ENGINE *engine; + void *ptr; +}; + + /** * Return the output size of the message digest function. * @@ -135,7 +144,7 @@ EVP_MD_CTX_create(void) * @ingroup hcrypto_evp */ -void +void HC_DEPRECATED EVP_MD_CTX_init(EVP_MD_CTX *ctx) { memset(ctx, 0, sizeof(*ctx)); @@ -166,7 +175,7 @@ EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) * @ingroup hcrypto_evp */ -int +int HC_DEPRECATED EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) { if (ctx->md && ctx->md->cleanup) @@ -508,7 +517,6 @@ EVP_md_null(void) } #if 0 -void EVP_MD_CTX_init(EVP_MD_CTX *ctx); int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); int EVP_SignFinal(EVP_MD_CTX *, void *, size_t *, EVP_PKEY *); @@ -1050,10 +1058,19 @@ des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, int encp) { struct des_ede3_cbc *k = ctx->cipher_data; + DES_cblock deskey; + + memcpy(&deskey, key, sizeof(deskey)); + DES_set_odd_parity(&deskey); + DES_set_key_unchecked(&deskey, &k->ks[0]); + + memcpy(&deskey, key + 8, sizeof(deskey)); + DES_set_odd_parity(&deskey); + DES_set_key_unchecked(&deskey, &k->ks[1]); - DES_key_sched((DES_cblock *)(key), &k->ks[0]); - DES_key_sched((DES_cblock *)(key + 8), &k->ks[1]); - DES_key_sched((DES_cblock *)(key + 16), &k->ks[2]); + memcpy(&deskey, key + 16, sizeof(deskey)); + DES_set_odd_parity(&deskey); + DES_set_key_unchecked(&deskey, &k->ks[2]); return 1; } diff --git a/source4/heimdal/lib/hcrypto/evp.h b/source4/heimdal/lib/hcrypto/evp.h index 4910ca01b8..c8f8f80f80 100644 --- a/source4/heimdal/lib/hcrypto/evp.h +++ b/source4/heimdal/lib/hcrypto/evp.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: evp.h 21687 2007-07-24 16:29:05Z lha $ */ +/* $Id: evp.h 23141 2008-04-29 05:47:04Z lha $ */ #ifndef HEIM_EVP_H #define HEIM_EVP_H 1 @@ -155,11 +155,17 @@ struct hc_CIPHER_CTX { unsigned char final[EVP_MAX_BLOCK_LENGTH]; }; -struct hc_EVP_MD_CTX { - const EVP_MD *md; - ENGINE *engine; - void *ptr; -}; +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +#ifndef HC_DEPRECATED +#define HC_DEPRECATED __attribute__((deprecated)) +#endif + +#ifdef __cplusplus +extern "C" { +#endif /* * Avaible crypto algs @@ -201,9 +207,9 @@ size_t EVP_MD_CTX_block_size(EVP_MD_CTX *); EVP_MD_CTX * EVP_MD_CTX_create(void); -void EVP_MD_CTX_init(EVP_MD_CTX *); +void HC_DEPRECATED EVP_MD_CTX_init(EVP_MD_CTX *); void EVP_MD_CTX_destroy(EVP_MD_CTX *); -int EVP_MD_CTX_cleanup(EVP_MD_CTX *); +int HC_DEPRECATED EVP_MD_CTX_cleanup(EVP_MD_CTX *); int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *); int EVP_DigestUpdate(EVP_MD_CTX *,const void *, size_t); @@ -258,4 +264,8 @@ void OpenSSL_add_all_algorithms(void); void OpenSSL_add_all_algorithms_conf(void); void OpenSSL_add_all_algorithms_noconf(void); +#ifdef __cplusplus +} +#endif + #endif /* HEIM_EVP_H */ diff --git a/source4/heimdal/lib/hcrypto/imath/LICENSE b/source4/heimdal/lib/hcrypto/imath/LICENSE index cecfb11404..53dd364c2b 100644 --- a/source4/heimdal/lib/hcrypto/imath/LICENSE +++ b/source4/heimdal/lib/hcrypto/imath/LICENSE @@ -1,4 +1,4 @@ -IMath is Copyright 2002-2006 Michael J. Fromberger +IMath is Copyright 2002-2007 Michael J. Fromberger You may use it subject to the following Licensing Terms: Permission is hereby granted, free of charge, to any person obtaining diff --git a/source4/heimdal/lib/hcrypto/pkcs12.c b/source4/heimdal/lib/hcrypto/pkcs12.c index b43fe571d6..fcf04a73c1 100644 --- a/source4/heimdal/lib/hcrypto/pkcs12.c +++ b/source4/heimdal/lib/hcrypto/pkcs12.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: pkcs12.c 21155 2007-06-18 21:59:44Z lha $"); +RCSID("$Id: pkcs12.c 23137 2008-04-29 05:46:48Z lha $"); #include #include @@ -55,19 +55,24 @@ PKCS12_key_gen(const void *key, size_t keylen, unsigned char *v, *I, hash[EVP_MAX_MD_SIZE]; unsigned int size, size_I = 0; unsigned char idc = id; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx; unsigned char *outp = out; int i, vlen; - EVP_MD_CTX_init(&ctx); + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) + return 0; vlen = EVP_MD_block_size(md); v = malloc(vlen + 1); - if (v == NULL) + if (v == NULL) { + EVP_MD_CTX_destroy(ctx); return 0; + } I = calloc(1, vlen * 2); if (I == NULL) { + EVP_MD_CTX_destroy(ctx); free(v); return 0; } @@ -93,15 +98,16 @@ PKCS12_key_gen(const void *key, size_t keylen, while (1) { BIGNUM *bnB, *bnOne; - if (!EVP_DigestInit_ex(&ctx, md, NULL)) { + if (!EVP_DigestInit_ex(ctx, md, NULL)) { + EVP_MD_CTX_destroy(ctx); free(I); free(v); return 0; } for (i = 0; i < vlen; i++) - EVP_DigestUpdate(&ctx, &idc, 1); - EVP_DigestUpdate(&ctx, I, size_I); - EVP_DigestFinal_ex(&ctx, hash, &size); + EVP_DigestUpdate(ctx, &idc, 1); + EVP_DigestUpdate(ctx, I, size_I); + EVP_DigestFinal_ex(ctx, hash, &size); for (i = 1; i < iteration; i++) EVP_Digest(hash, size, hash, &size, md, NULL); @@ -145,7 +151,7 @@ PKCS12_key_gen(const void *key, size_t keylen, size_I = vlen * 2; } - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_destroy(ctx); free(I); free(v); diff --git a/source4/heimdal/lib/hcrypto/pkcs5.c b/source4/heimdal/lib/hcrypto/pkcs5.c index 85b8713cba..8a8f948abb 100644 --- a/source4/heimdal/lib/hcrypto/pkcs5.c +++ b/source4/heimdal/lib/hcrypto/pkcs5.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: pkcs5.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id: pkcs5.c 23059 2008-04-18 13:04:08Z lha $"); #ifdef KRB5 #include @@ -49,6 +49,22 @@ RCSID("$Id: pkcs5.c 17445 2006-05-05 10:37:46Z lha $"); #include +/** + * As descriped in PKCS5, convert a password, salt, and iteration counter into a crypto key. + * + * @param password Password. + * @param password_len Length of password. + * @param salt Salt + * @param salt_len Length of salt. + * @param iter iteration counter. + * @param keylen the output key length. + * @param key the output key. + * + * @return 1 on success, non 1 on failure. + * + * @ingroup hcrypto_misc + */ + int PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len, const void * salt, size_t salt_len, diff --git a/source4/heimdal/lib/hcrypto/rand-egd.c b/source4/heimdal/lib/hcrypto/rand-egd.c index 497a3ab5f8..c1f306bcc3 100644 --- a/source4/heimdal/lib/hcrypto/rand-egd.c +++ b/source4/heimdal/lib/hcrypto/rand-egd.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rand-egd.c 21156 2007-06-18 22:00:59Z lha $"); +RCSID("$Id: rand-egd.c 23461 2008-07-27 12:14:20Z lha $"); #include #ifdef HAVE_SYS_UN_H @@ -76,6 +76,8 @@ connect_egd(const char *path) if (fd < 0) return -1; + rk_cloexec(fd); + if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) != 0) { close(fd); return -1; diff --git a/source4/heimdal/lib/hcrypto/rand-fortuna.c b/source4/heimdal/lib/hcrypto/rand-fortuna.c index 1d47ed49cc..da59a433b1 100644 --- a/source4/heimdal/lib/hcrypto/rand-fortuna.c +++ b/source4/heimdal/lib/hcrypto/rand-fortuna.c @@ -33,7 +33,7 @@ #include #endif -RCSID("$Id: rand-fortuna.c 21196 2007-06-20 05:08:58Z lha $"); +RCSID("$Id: rand-fortuna.c 23463 2008-07-27 12:15:06Z lha $"); #include #include @@ -118,6 +118,7 @@ struct fortuna_state unsigned pool0_bytes; unsigned rnd_pos; int tricks_done; + pid_t pid; }; typedef struct fortuna_state FState; @@ -175,6 +176,7 @@ init_state(FState * st) memset(st, 0, sizeof(*st)); for (i = 0; i < NUM_POOLS; i++) md_init(&st->pool[i]); + st->pid = getpid(); } /* @@ -276,6 +278,9 @@ reseed(FState * st) /* add old key into mix too */ md_update(&key_md, st->key, BLOCK); + /* add pid to make output diverse after fork() */ + md_update(&key_md, (const unsigned char *)&st->pid, sizeof(st->pid)); + /* now we have new key */ md_result(&key_md, st->key); @@ -384,6 +389,7 @@ extract_data(FState * st, unsigned count, unsigned char *dst) { unsigned n; unsigned block_nr = 0; + pid_t pid = getpid(); /* Should we reseed? */ if (st->pool0_bytes >= POOL0_FILL || st->reseed_count == 0) @@ -394,6 +400,12 @@ extract_data(FState * st, unsigned count, unsigned char *dst) if (!st->tricks_done) startup_tricks(st); + /* If we forked, force a reseed again */ + if (pid != st->pid) { + st->pid = pid; + reseed(st); + } + while (count > 0) { /* produce bytes */ @@ -493,6 +505,7 @@ fortuna_reseed(void) fd = open("/etc/shadow", O_RDONLY, 0); if (fd >= 0) { ssize_t n; + rk_cloexec(fd); /* add_entropy will hash the buf */ while ((n = read(fd, (char *)u.shad, sizeof(u.shad))) > 0) add_entropy(&main_state, u.shad, sizeof(u.shad)); diff --git a/source4/heimdal/lib/hcrypto/rand-unix.c b/source4/heimdal/lib/hcrypto/rand-unix.c index 354492fb3d..5fb099d724 100644 --- a/source4/heimdal/lib/hcrypto/rand-unix.c +++ b/source4/heimdal/lib/hcrypto/rand-unix.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rand-unix.c 20028 2007-01-21 09:54:56Z lha $"); +RCSID("$Id: rand-unix.c 23462 2008-07-27 12:14:42Z lha $"); #include #include @@ -63,8 +63,10 @@ get_device_fd(int flags) for(p = rnd_devices; *p; p++) { int fd = open(*p, flags | O_NDELAY); - if(fd >= 0) + if(fd >= 0) { + rk_cloexec(fd); return fd; + } } return -1; } diff --git a/source4/heimdal/lib/hcrypto/rand.c b/source4/heimdal/lib/hcrypto/rand.c index 79dd39eb76..1561f2ad39 100644 --- a/source4/heimdal/lib/hcrypto/rand.c +++ b/source4/heimdal/lib/hcrypto/rand.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rand.c 22199 2007-12-07 13:43:25Z lha $"); +RCSID("$Id: rand.c 23464 2008-07-27 12:15:21Z lha $"); #include #include @@ -48,8 +48,14 @@ RCSID("$Id: rand.c 22199 2007-12-07 13:43:25Z lha $"); #define O_BINARY 0 #endif +/** + * @page page_rand RAND - random number + * + * See the library functions here: @ref hcrypto_rand + */ const static RAND_METHOD *selected_meth = NULL; +static ENGINE *selected_engine = NULL; static void init_method(void) @@ -59,6 +65,16 @@ init_method(void) selected_meth = &hc_rand_fortuna_method; } +/** + * Seed that random number generator. Secret material can securely be + * feed into the function, they will never be returned. + * + * @param indata seed data + * @param size length seed data + * + * @ingroup hcrypto_rand + */ + void RAND_seed(const void *indata, size_t size) { @@ -66,6 +82,16 @@ RAND_seed(const void *indata, size_t size) (*selected_meth->seed)(indata, size); } +/** + * Get a random block from the random generator, can be used for key material. + * + * @param outdata random data + * @param size length random data + * + * @return 1 on success, 0 on failure. + * + * @ingroup hcrypto_rand + */ int RAND_bytes(void *outdata, size_t size) { @@ -73,13 +99,39 @@ RAND_bytes(void *outdata, size_t size) return (*selected_meth->bytes)(outdata, size); } +/** + * Reset and free memory used by the random generator. + * + * @ingroup hcrypto_rand + */ + void RAND_cleanup(void) { - init_method(); - (*selected_meth->cleanup)(); + const RAND_METHOD *meth = selected_meth; + ENGINE *engine = selected_engine; + + selected_meth = NULL; + selected_engine = NULL; + + if (meth) + (*meth->cleanup)(); + if (engine) + ENGINE_finish(engine); } +/** + * Seed that random number generator. Secret material can securely be + * feed into the function, they will never be returned. + * + * @param indata the input data. + * @param size size of in data. + * @param entropi entropi in data. + * + * + * @ingroup hcrypto_rand + */ + void RAND_add(const void *indata, size_t size, double entropi) { @@ -87,6 +139,17 @@ RAND_add(const void *indata, size_t size, double entropi) (*selected_meth->add)(indata, size, entropi); } +/** + * Get a random block from the random generator, should NOT be used for key material. + * + * @param outdata random data + * @param size length random data + * + * @return 1 on success, 0 on failure. + * + * @ingroup hcrypto_rand + */ + int RAND_pseudo_bytes(void *outdata, size_t size) { @@ -94,6 +157,14 @@ RAND_pseudo_bytes(void *outdata, size_t size) return (*selected_meth->pseudorand)(outdata, size); } +/** + * Return status of the random generator + * + * @return 1 if the random generator can deliver random data. + * + * @ingroup hcrypto_rand + */ + int RAND_status(void) { @@ -101,27 +172,92 @@ RAND_status(void) return (*selected_meth->status)(); } +/** + * Set the default random method. + * + * @param meth set the new default method. + * + * @return 1 on success. + * + * @ingroup hcrypto_rand + */ + int RAND_set_rand_method(const RAND_METHOD *meth) { + const RAND_METHOD *old = selected_meth; selected_meth = meth; + if (old) + (*old->cleanup)(); + if (selected_engine) { + ENGINE_finish(selected_engine); + selected_engine = NULL; + } return 1; } +/** + * Get the default random method. + * + * @ingroup hcrypto_rand + */ + const RAND_METHOD * RAND_get_rand_method(void) { + init_method(); return selected_meth; } +/** + * Set the default random method from engine. + * + * @param engine use engine, if NULL is passed it, old method and engine is cleared. + * + * @return 1 on success, 0 on failure. + * + * @ingroup hcrypto_rand + */ + int RAND_set_rand_engine(ENGINE *engine) { + const RAND_METHOD *meth, *old = selected_meth; + + if (engine) { + ENGINE_up_ref(engine); + meth = ENGINE_get_RAND(engine); + if (meth == NULL) { + ENGINE_finish(engine); + return 0; + } + } else { + meth = NULL; + } + + if (old) + (*old->cleanup)(); + + if (selected_engine) + ENGINE_finish(selected_engine); + + selected_engine = engine; + selected_meth = meth; + return 1; } #define RAND_FILE_SIZE 1024 +/** + * Load a a file and feed it into RAND_seed(). + * + * @param filename name of file to read. + * @param size minimum size to read. + * + * @ingroup hcrypto_rand + */ + int RAND_load_file(const char *filename, size_t size) { @@ -133,7 +269,7 @@ RAND_load_file(const char *filename, size_t size) fd = open(filename, O_RDONLY | O_BINARY, 0600); if (fd < 0) return 0; - + rk_cloexec(fd); len = 0; while(len < size) { slen = read(fd, buf, sizeof(buf)); @@ -147,6 +283,15 @@ RAND_load_file(const char *filename, size_t size) return len ? 1 : 0; } +/** + * Write of random numbers to a file to store for later initiation with RAND_load_file(). + * + * @param filename name of file to write. + * + * @return 1 on success and non-one on failure. + * @ingroup hcrypto_rand + */ + int RAND_write_file(const char *filename) { @@ -157,6 +302,7 @@ RAND_write_file(const char *filename) fd = open(filename, O_WRONLY | O_CREAT | O_BINARY, 0600); if (fd < 0) return 0; + rk_cloexec(fd); len = 0; while(len < RAND_FILE_SIZE) { @@ -175,6 +321,18 @@ RAND_write_file(const char *filename) return res; } +/** + * Return the default random state filename for a user to use for + * RAND_load_file(), and RAND_write_file(). + * + * @param filename buffer to hold file name. + * @param size size of buffer filename. + * + * @return the buffer filename or NULL on failure. + * + * @ingroup hcrypto_rand + */ + const char * RAND_file_name(char *filename, size_t size) { diff --git a/source4/heimdal/lib/hcrypto/rc2.c b/source4/heimdal/lib/hcrypto/rc2.c old mode 100755 new mode 100644 diff --git a/source4/heimdal/lib/hcrypto/rc2.h b/source4/heimdal/lib/hcrypto/rc2.h old mode 100755 new mode 100644 diff --git a/source4/heimdal/lib/hcrypto/rc4.c b/source4/heimdal/lib/hcrypto/rc4.c old mode 100755 new mode 100644 diff --git a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c old mode 100755 new mode 100644 diff --git a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.h b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.h old mode 100755 new mode 100644 diff --git a/source4/heimdal/lib/hcrypto/rnd_keys.c b/source4/heimdal/lib/hcrypto/rnd_keys.c index a035b890b8..0fd64af3b5 100644 --- a/source4/heimdal/lib/hcrypto/rnd_keys.c +++ b/source4/heimdal/lib/hcrypto/rnd_keys.c @@ -34,476 +34,109 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: rnd_keys.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id: rnd_keys.c 23093 2008-04-27 18:49:51Z lha $"); #endif +#define HC_DEPRECATED + #ifdef KRB5 #include #endif #include +#include #include -#include - -#ifdef TIME_WITH_SYS_TIME -#include -#include -#elif defined(HAVE_SYS_TIME_H) -#include -#else -#include -#endif - -#ifdef HAVE_SYS_TYPES_H -#include -#endif - -#ifdef HAVE_UNISTD_H -#include -#endif -#ifdef HAVE_IO_H -#include -#endif - -#ifdef HAVE_SIGNAL_H -#include -#endif -#ifdef HAVE_FCNTL_H -#include -#endif - -/* - * Generate "random" data by checksumming a file. - * - * Returns -1 if there were any problems with permissions or I/O - * errors. - */ -static -int -sumFile (const char *name, int len, void *res) -{ - uint32_t sum[2] = { 0, 0 }; - uint32_t buf[1024*2]; - int fd, i; - - fd = open (name, 0); - if (fd < 0) - return -1; - - while (len > 0) - { - int n = read(fd, buf, sizeof(buf)); - if (n < 0) - { - close(fd); - return n; - } - for (i = 0; i < (n/sizeof(buf[0])); i++) - { - sum[0] += buf[i]; - i++; - sum[1] += buf[i]; - } - len -= n; - } - close (fd); - memcpy (res, &sum, sizeof(sum)); - return 0; -} - -#if 0 -static -int -md5sumFile (const char *name, int len, int32_t sum[4]) -{ - int32_t buf[1024*2]; - int fd, cnt; - struct md5 md5; - - fd = open (name, 0); - if (fd < 0) - return -1; - - md5_init(&md5); - while (len > 0) - { - int n = read(fd, buf, sizeof(buf)); - if (n < 0) - { - close(fd); - return n; - } - md5_update(&md5, buf, n); - len -= n; - } - md5_finito(&md5, (unsigned char *)sum); - close (fd); - return 0; -} -#endif - -/* - * Create a sequence of random 64 bit blocks. - * The sequence is indexed with a long long and - * based on an initial des key used as a seed. - */ -static DES_key_schedule sequence_seed; -static uint32_t sequence_index[2]; - -/* - * Random number generator based on ideas from truerand in cryptolib - * as described on page 424 in Applied Cryptography 2 ed. by Bruce - * Schneier. - */ - -static volatile int counter; -static volatile unsigned char *gdata; /* Global data */ -static volatile int igdata; /* Index into global data */ -static int gsize; -#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__) -/* Visual C++ 4.0 (Windows95/NT) */ +#undef __attribute__ +#define __attribute__(X) -static -RETSIGTYPE -sigALRM(int sig) -{ - if (igdata < gsize) - gdata[igdata++] ^= counter & 0xff; - -#ifndef HAVE_SIGACTION - signal(SIGALRM, sigALRM); /* Reinstall SysV signal handler */ -#endif - SIGRETURN(0); -} - -#endif - -#if !defined(HAVE_RANDOM) && defined(HAVE_RAND) -#ifndef srandom -#define srandom srand -#endif -#ifndef random -#define random rand -#endif -#endif - -#if !defined(HAVE_SETITIMER) || defined(WIN32) || defined(__EMX__) || defined(__OS2__) || defined(__CYGWIN32__) -static void -des_not_rand_data(unsigned char *data, int size) -{ - int i; - - srandom (time (NULL)); - - for(i = 0; i < size; ++i) - data[i] ^= random() % 0x100; -} -#endif - -#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__) - -#ifndef HAVE_SETITIMER -static void -pacemaker(struct timeval *tv) -{ - fd_set fds; - pid_t pid; - pid = getppid(); - while(1){ - FD_ZERO(&fds); - FD_SET(0, &fds); - select(1, &fds, NULL, NULL, tv); - kill(pid, SIGALRM); - } -} -#endif - -#ifdef HAVE_SIGACTION -/* XXX ugly hack, should perhaps use function from roken */ -static RETSIGTYPE -(*fake_signal(int sig, RETSIGTYPE (*f)(int)))(int) -{ - struct sigaction sa, osa; - sa.sa_handler = f; - sa.sa_flags = 0; - sigemptyset(&sa.sa_mask); - sigaction(sig, &sa, &osa); - return osa.sa_handler; -} -#define signal(S, F) fake_signal((S), (F)) -#endif - -/* - * Generate size bytes of "random" data using timed interrupts. - * It takes about 40ms/byte random data. - * It's not neccessary to be root to run it. - */ -void +void HC_DEPRECATED DES_rand_data(void *outdata, int size) { - unsigned char *data = outdata; - struct itimerval tv, otv; - RETSIGTYPE (*osa)(int); - int i, j; -#ifndef HAVE_SETITIMER - RETSIGTYPE (*ochld)(int); - pid_t pid; -#endif - const char *rnd_devices[] = {"/dev/random", - "/dev/srandom", - "/dev/urandom", - "/dev/arandom", - NULL}; - const char **p; - - for(p = rnd_devices; *p; p++) { - int fd = open(*p, O_RDONLY | O_NDELAY); - - if(fd >= 0 && read(fd, data, size) == size) { - close(fd); - return; - } - close(fd); - } - - /* Paranoia? Initialize data from /dev/mem if we can read it. */ - if (size >= 8) - sumFile("/dev/mem", (1024*1024*2), data); - - gdata = data; - gsize = size; - igdata = 0; - - osa = signal(SIGALRM, sigALRM); - - /* Start timer */ - tv.it_value.tv_sec = 0; - tv.it_value.tv_usec = 10 * 1000; /* 10 ms */ - tv.it_interval = tv.it_value; -#ifdef HAVE_SETITIMER - setitimer(ITIMER_REAL, &tv, &otv); -#else - ochld = signal(SIGCHLD, SIG_IGN); - pid = fork(); - if(pid == -1){ - signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL); - des_not_rand_data(data, size); - return; - } - if(pid == 0) - pacemaker(&tv.it_interval); -#endif - - for(i = 0; i < 4; i++) { - for (igdata = 0; igdata < size;) /* igdata++ in sigALRM */ - counter++; - for (j = 0; j < size; j++) /* Only use 2 bits each lap */ - gdata[j] = (gdata[j]>>2) | (gdata[j]<<6); - } -#ifdef HAVE_SETITIMER - setitimer(ITIMER_REAL, &otv, 0); -#else - kill(pid, SIGKILL); - while(waitpid(pid, NULL, 0) != pid); - signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL); -#endif - signal(SIGALRM, osa != SIG_ERR ? osa : SIG_DFL); -} -#else -void -DES_rand_data(unsigned char *p, int s) -{ - des_not_rand_data (p, s); + RAND_bytes(outdata, size); } -#endif -void +void HC_DEPRECATED DES_generate_random_block(DES_cblock *block) { - DES_rand_data((unsigned char *)block, sizeof(*block)); + RAND_bytes(block, sizeof(*block)); } #define DES_rand_data_key hc_DES_rand_data_key -void +void HC_DEPRECATED DES_rand_data_key(DES_cblock *key); /* - * Generate a "random" DES key. + * Generate a random DES key. */ -void -DES_rand_data_key(DES_cblock *key) -{ - unsigned char data[8]; - DES_key_schedule sched; - do { - DES_rand_data(data, sizeof(data)); - DES_rand_data((unsigned char*)key, sizeof(DES_cblock)); - DES_set_odd_parity(key); - DES_set_key(key, &sched); - DES_ecb_encrypt(&data, key, &sched, DES_ENCRYPT); - memset(&data, 0, sizeof(data)); - memset(&sched, 0, sizeof(sched)); - DES_set_odd_parity(key); - } while(DES_is_weak_key(key)); -} -/* - * Generate "random" data by checksumming /dev/mem - * - * It's neccessary to be root to run it. Returns -1 if there were any - * problems with permissions. - */ - -#define DES_mem_rand8 hc_DES_mem_rand8 - -int -DES_mem_rand8(unsigned char *data); - -int -DES_mem_rand8(unsigned char *data) -{ - return 1; -} - -/* - * In case the generator does not get initialized use this as fallback. - */ -static int initialized; - -static void -do_initialize(void) +void HC_DEPRECATED +DES_rand_data_key(DES_cblock *key) { - DES_cblock default_seed; - do { - DES_generate_random_block(&default_seed); - DES_set_odd_parity(&default_seed); - } while (DES_is_weak_key(&default_seed)); - DES_init_random_number_generator(&default_seed); + DES_new_random_key(key); } -#define zero_long_long(ll) do { ll[0] = ll[1] = 0; } while (0) - -#define incr_long_long(ll) do { if (++ll[0] == 0) ++ll[1]; } while (0) - -#define set_sequence_number(ll) \ -memcpy((char *)sequence_index, (ll), sizeof(sequence_index)); - -/* - * Set the sequnce number to this value (a long long). - */ -void +void HC_DEPRECATED DES_set_sequence_number(void *ll) { - set_sequence_number(ll); } -/* - * Set the generator seed and reset the sequence number to 0. - */ -void +void HC_DEPRECATED DES_set_random_generator_seed(DES_cblock *seed) { - DES_set_key(seed, &sequence_seed); - zero_long_long(sequence_index); - initialized = 1; + RAND_seed(seed, sizeof(*seed)); } -/* - * Generate a sequence of random des keys - * using the random block sequence, fixup - * parity and skip weak keys. +/** + * Generate a random des key using a random block, fixup parity and + * skip weak keys. + * + * @param key is set to a random key. + * + * @return 0 on success, non zero on random number generator failure. + * + * @ingroup hcrypto_des */ -int + +int HC_DEPRECATED DES_new_random_key(DES_cblock *key) { - if (!initialized) - do_initialize(); - do { - DES_ecb_encrypt((DES_cblock *) sequence_index, - key, - &sequence_seed, - DES_ENCRYPT); - incr_long_long(sequence_index); - /* random key must have odd parity and not be weak */ + if (RAND_bytes(key, sizeof(*key)) != 1) + return 1; DES_set_odd_parity(key); - } while (DES_is_weak_key(key)); + } while(DES_is_weak_key(key)); + return(0); } -/* - * des_init_random_number_generator: +/** + * Seed the random number generator. Deprecated, use @ref page_rand * - * Initialize the sequence of random 64 bit blocks. The input seed - * can be a secret key since it should be well hidden and is also not - * kept. + * @param seed a seed to seed that random number generate with. * + * @ingroup hcrypto_des */ -void -DES_init_random_number_generator(DES_cblock *seed) -{ - struct timeval now; - DES_cblock uniq; - DES_cblock new_key; - gettimeofday(&now, (struct timezone *)0); - DES_generate_random_block(&uniq); - - /* Pick a unique random key from the shared sequence. */ - DES_set_random_generator_seed(seed); - set_sequence_number((unsigned char *)&uniq); - DES_new_random_key(&new_key); - - /* Select a new nonshared sequence, */ - DES_set_random_generator_seed(&new_key); - - /* and use the current time to pick a key for the new sequence. */ - set_sequence_number((unsigned char *)&now); - DES_new_random_key(&new_key); - DES_set_random_generator_seed(&new_key); -} - -/* This is for backwards compatibility. */ -void -DES_random_key(DES_cblock *ret) +void HC_DEPRECATED +DES_init_random_number_generator(DES_cblock *seed) { - DES_new_random_key(ret); + RAND_seed(seed, sizeof(*seed)); } -#ifdef TESTRUN -int -main() -{ - unsigned char data[8]; - int i; - - while (1) - { - if (sumFile("/dev/mem", (1024*1024*8), data) != 0) - { perror("sumFile"); exit(1); } - for (i = 0; i < 8; i++) - printf("%02x", data[i]); - printf("\n"); - } -} -#endif +/** + * Generate a random key, deprecated since it doesn't return an error + * code, use DES_new_random_key(). + * + * @param key is set to a random key. + * + * @ingroup hcrypto_des + */ -#ifdef TESTRUN2 -int -main() +void HC_DEPRECATED +DES_random_key(DES_cblock *key) { - DES_cblock data; - int i; - - while (1) - { - do_initialize(); - DES_random_key(data); - for (i = 0; i < 8; i++) - printf("%02x", data[i]); - printf("\n"); - } + if (DES_new_random_key(key)) + abort(); } -#endif diff --git a/source4/heimdal/lib/hcrypto/ui.c b/source4/heimdal/lib/hcrypto/ui.c index 3e651998b5..8c3ea1fa15 100644 --- a/source4/heimdal/lib/hcrypto/ui.c +++ b/source4/heimdal/lib/hcrypto/ui.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: ui.c 18158 2006-09-22 15:45:57Z lha $"); +RCSID("$Id: ui.c 23466 2008-07-27 12:16:15Z lha $"); #endif #include @@ -84,7 +84,9 @@ read_string(const char *preprompt, const char *prompt, if (sigaction(i, &sa, &sigs[i]) == 0) oksigs[i] = 1; - if((tty = fopen("/dev/tty", "r")) == NULL) + if((tty = fopen("/dev/tty", "r")) != NULL) + rk_cloexec_file(tty); + else tty = stdin; fprintf(stderr, "%s%s", preprompt, prompt); @@ -116,7 +118,7 @@ read_string(const char *preprompt, const char *prompt, *p = 0; if(echo == 0){ - printf("\n"); + fprintf(stderr, "\n"); tcsetattr(fileno(tty), TCSANOW, &t_old); } diff --git a/source4/heimdal/lib/hdb/db.c b/source4/heimdal/lib/hdb/db.c index 870f0431cf..cb28226431 100644 --- a/source4/heimdal/lib/hdb/db.c +++ b/source4/heimdal/lib/hdb/db.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: db.c 20215 2007-02-09 21:59:53Z lha $"); +RCSID("$Id: db.c 23316 2008-06-23 04:32:32Z lha $"); #if HAVE_DB1 @@ -68,8 +68,8 @@ DB_lock(krb5_context context, HDB *db, int operation) DB *d = (DB*)db->hdb_db; int fd = (*d->fd)(d); if(fd < 0) { - krb5_set_error_string(context, - "Can't lock database: %s", db->hdb_name); + krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB, + "Can't lock database: %s", db->hdb_name); return HDB_ERR_CANT_LOCK_DB; } return hdb_lock(fd, operation); @@ -81,8 +81,8 @@ DB_unlock(krb5_context context, HDB *db) DB *d = (DB*)db->hdb_db; int fd = (*d->fd)(d); if(fd < 0) { - krb5_set_error_string(context, - "Can't unlock database: %s", db->hdb_name); + krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB, + "Can't unlock database: %s", db->hdb_name); return HDB_ERR_CANT_LOCK_DB; } return hdb_unlock(fd); @@ -100,15 +100,15 @@ DB_seq(krb5_context context, HDB *db, code = db->hdb_lock(context, db, HDB_RLOCK); if(code == -1) { - krb5_set_error_string(context, "Database %s in use", db->hdb_name); + krb5_set_error_message(context, HDB_ERR_DB_INUSE, "Database %s in use", db->hdb_name); return HDB_ERR_DB_INUSE; } code = (*d->seq)(d, &key, &value, flag); db->hdb_unlock(context, db); /* XXX check value */ if(code == -1) { code = errno; - krb5_set_error_string(context, "Database %s seq error: %s", - db->hdb_name, strerror(code)); + krb5_set_error_message(context, code, "Database %s seq error: %s", + db->hdb_name, strerror(code)); return code; } if(code == 1) { @@ -131,8 +131,8 @@ DB_seq(krb5_context context, HDB *db, if (code == 0 && entry->entry.principal == NULL) { entry->entry.principal = malloc(sizeof(*entry->entry.principal)); if (entry->entry.principal == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); code = ENOMEM; + krb5_set_error_message(context, code, "malloc: out of memory"); hdb_free_entry (context, entry); } else { hdb_key2principal(context, &key_data, entry->entry.principal); @@ -190,8 +190,8 @@ DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply) db->hdb_unlock(context, db); if(code < 0) { code = errno; - krb5_set_error_string(context, "Database %s get error: %s", - db->hdb_name, strerror(code)); + krb5_set_error_message(context, code, "Database %s get error: %s", + db->hdb_name, strerror(code)); return code; } if(code == 1) { @@ -222,8 +222,8 @@ DB__put(krb5_context context, HDB *db, int replace, db->hdb_unlock(context, db); if(code < 0) { code = errno; - krb5_set_error_string(context, "Database %s put error: %s", - db->hdb_name, strerror(code)); + krb5_set_error_message(context, code, "Database %s put error: %s", + db->hdb_name, strerror(code)); return code; } if(code == 1) { @@ -248,8 +248,8 @@ DB__del(krb5_context context, HDB *db, krb5_data key) db->hdb_unlock(context, db); if(code == 1) { code = errno; - krb5_set_error_string(context, "Database %s put error: %s", - db->hdb_name, strerror(code)); + krb5_set_error_message(context, code, "Database %s put error: %s", + db->hdb_name, strerror(code)); return code; } if(code < 0) @@ -265,7 +265,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) asprintf(&fn, "%s.db", db->hdb_name); if (fn == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } db->hdb_db = dbopen(fn, flags, mode, DB_BTREE, NULL); @@ -275,7 +275,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) db->hdb_db = dbopen(db->hdb_name, flags, mode, DB_BTREE, NULL); if(db->hdb_db == NULL) { ret = errno; - krb5_set_error_string(context, "dbopen (%s): %s", + krb5_set_error_message(context, ret, "dbopen (%s): %s", db->hdb_name, strerror(ret)); return ret; } @@ -289,7 +289,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) } if (ret) { DB_close(context, db); - krb5_set_error_string(context, "hdb_open: failed %s database %s", + krb5_set_error_message(context, ret, "hdb_open: failed %s database %s", (flags & O_ACCMODE) == O_RDONLY ? "checking format of" : "initialize", db->hdb_name); @@ -303,16 +303,16 @@ hdb_db_create(krb5_context context, HDB **db, { *db = calloc(1, sizeof(**db)); if (*db == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_db = NULL; (*db)->hdb_name = strdup(filename); if ((*db)->hdb_name == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); free(*db); *db = NULL; + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_master_key_set = 0; diff --git a/source4/heimdal/lib/hdb/dbinfo.c b/source4/heimdal/lib/hdb/dbinfo.c index d43e31b39a..e99f72050d 100644 --- a/source4/heimdal/lib/hdb/dbinfo.c +++ b/source4/heimdal/lib/hdb/dbinfo.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: dbinfo.c 22306 2007-12-14 12:22:38Z lha $"); +RCSID("$Id: dbinfo.c 23316 2008-06-23 04:32:32Z lha $"); struct hdb_dbinfo { char *label; @@ -63,7 +63,7 @@ get_dbinfo(krb5_context context, di = calloc(1, sizeof(*di)); if (di == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } di->label = strdup(label); diff --git a/source4/heimdal/lib/hdb/ext.c b/source4/heimdal/lib/hdb/ext.c index 5f60999946..30e15efb27 100644 --- a/source4/heimdal/lib/hdb/ext.c +++ b/source4/heimdal/lib/hdb/ext.c @@ -34,7 +34,7 @@ #include "hdb_locl.h" #include -RCSID("$Id: ext.c 21113 2007-06-18 12:59:32Z lha $"); +RCSID("$Id: ext.c 23316 2008-06-23 04:32:32Z lha $"); krb5_error_code hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) @@ -53,8 +53,9 @@ hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) choice_HDB_extension_data_asn1_ellipsis) continue; if (ent->extensions->val[i].mandatory) { - krb5_set_error_string(context, "Principal have unknown " - "mandatory extension"); + krb5_set_error_message(context, HDB_ERR_MANDATORY_OPTION, + "Principal have unknown " + "mandatory extension"); return HDB_ERR_MANDATORY_OPTION; } } @@ -95,7 +96,7 @@ hdb_replace_extension(krb5_context context, if (entry->extensions == NULL) { entry->extensions = calloc(1, sizeof(*entry->extensions)); if (entry->extensions == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } } else if (ext->data.element != choice_HDB_extension_data_asn1_ellipsis) { @@ -120,8 +121,8 @@ hdb_replace_extension(krb5_context context, &replace_class, &replace_type, &replace_tag, &size); if (ret) { - krb5_set_error_string(context, "hdb: failed to decode " - "replacement hdb extention"); + krb5_set_error_message(context, ret, "hdb: failed to decode " + "replacement hdb extention"); return ret; } @@ -136,8 +137,8 @@ hdb_replace_extension(krb5_context context, &list_class, &list_type, &list_tag, &size); if (ret) { - krb5_set_error_string(context, "hdb: failed to decode " - "present hdb extention"); + krb5_set_error_message(context, ret, "hdb: failed to decode " + "present hdb extention"); return ret; } @@ -153,15 +154,15 @@ hdb_replace_extension(krb5_context context, free_HDB_extension(ext2); ret = copy_HDB_extension(ext, ext2); if (ret) - krb5_set_error_string(context, "hdb: failed to copy replacement " - "hdb extention"); + krb5_set_error_message(context, ret, "hdb: failed to copy replacement " + "hdb extention"); return ret; } es = realloc(entry->extensions->val, (entry->extensions->len+1)*sizeof(entry->extensions->val[0])); if (es == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } entry->extensions->val = es; @@ -171,7 +172,7 @@ hdb_replace_extension(krb5_context context, if (ret == 0) entry->extensions->len++; else - krb5_set_error_string(context, "hdb: failed to copy new extension"); + krb5_set_error_message(context, ret, "hdb: failed to copy new extension"); return ret; } @@ -283,8 +284,9 @@ hdb_entry_get_password(krb5_context context, HDB *db, db->hdb_master_key); if (key == NULL) { - krb5_set_error_string(context, "master key %d missing", - *ext->data.u.password.mkvno); + krb5_set_error_message(context, HDB_ERR_NO_MKEY, + "master key %d missing", + *ext->data.u.password.mkvno); return HDB_ERR_NO_MKEY; } @@ -302,7 +304,7 @@ hdb_entry_get_password(krb5_context context, HDB *db, str = pw.data; if (str[pw.length - 1] != '\0') { - krb5_set_error_string(context, "password malformated"); + krb5_set_error_message(context, EINVAL, "password malformated"); return EINVAL; } @@ -310,7 +312,7 @@ hdb_entry_get_password(krb5_context context, HDB *db, der_free_octet_string(&pw); if (*p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } return 0; @@ -318,7 +320,7 @@ hdb_entry_get_password(krb5_context context, HDB *db, ret = krb5_unparse_name(context, entry->principal, &str); if (ret == 0) { - krb5_set_error_string(context, "no password attributefor %s", str); + krb5_set_error_message(context, ENOENT, "no password attributefor %s", str); free(str); } else krb5_clear_error_string(context); @@ -341,8 +343,9 @@ hdb_entry_set_password(krb5_context context, HDB *db, key = _hdb_find_master_key(NULL, db->hdb_master_key); if (key == NULL) { - krb5_set_error_string(context, "hdb_entry_set_password: " - "failed to find masterkey"); + krb5_set_error_message(context, HDB_ERR_NO_MKEY, + "hdb_entry_set_password: " + "failed to find masterkey"); return HDB_ERR_NO_MKEY; } @@ -356,7 +359,7 @@ hdb_entry_set_password(krb5_context context, HDB *db, malloc(sizeof(*ext.data.u.password.mkvno)); if (ext.data.u.password.mkvno == NULL) { free_HDB_extension(&ext); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } *ext.data.u.password.mkvno = _hdb_mkey_version(key); @@ -367,7 +370,7 @@ hdb_entry_set_password(krb5_context context, HDB *db, ret = krb5_data_copy(&ext.data.u.password.password, p, strlen(p) + 1); if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); free_HDB_extension(&ext); return ret; } diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index f0731ed98e..3da980a81f 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: hdb.c 20214 2007-02-09 21:51:10Z lha $"); +RCSID("$Id: hdb.c 23316 2008-06-23 04:32:32Z lha $"); #ifdef HAVE_DLFCN_H #include @@ -88,7 +88,8 @@ hdb_next_enctype2key(krb5_context context, return 0; } } - krb5_set_error_string(context, "No next enctype %d for hdb-entry", + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "No next enctype %d for hdb-entry", (int)enctype); return KRB5_PROG_ETYPE_NOSUPP; /* XXX */ } @@ -381,7 +382,7 @@ hdb_list_builtin(krb5_context context, char **list) len += 1; buf = malloc(len); if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } buf[0] = '\0'; diff --git a/source4/heimdal/lib/hdb/keys.c b/source4/heimdal/lib/hdb/keys.c index 60a58677fe..e689ae1020 100644 --- a/source4/heimdal/lib/hdb/keys.c +++ b/source4/heimdal/lib/hdb/keys.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: keys.c 22071 2007-11-14 20:04:50Z lha $"); +RCSID("$Id: keys.c 23316 2008-06-23 04:32:32Z lha $"); /* * free all the memory used by (len, keys) @@ -153,7 +153,7 @@ parse_key_set(krb5_context context, const char *key, v4 compat, and a cell name for afs compat */ salt->saltvalue.data = strdup(buf[i]); if (salt->saltvalue.data == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } salt->saltvalue.length = strlen(buf[i]); @@ -161,7 +161,7 @@ parse_key_set(krb5_context context, const char *key, } if(enctypes == NULL || salt->salttype == 0) { - krb5_set_error_string(context, "bad value for default_keys `%s'", key); + krb5_set_error_message(context, EINVAL, "bad value for default_keys `%s'", key); return EINVAL; } @@ -173,8 +173,9 @@ parse_key_set(krb5_context context, const char *key, krb5_realm *realm = krb5_princ_realm(context, principal); salt->saltvalue.data = strdup(*realm); if(salt->saltvalue.data == NULL) { - krb5_set_error_string(context, "out of memory while " - "parsing salt specifiers"); + krb5_set_error_message(context, ENOMEM, + "out of memory while " + "parsing salt specifiers"); return ENOMEM; } strlwr(salt->saltvalue.data); @@ -185,7 +186,7 @@ parse_key_set(krb5_context context, const char *key, *ret_enctypes = malloc(sizeof(enctypes[0]) * num_enctypes); if (*ret_enctypes == NULL) { krb5_free_salt(context, *salt); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy(*ret_enctypes, enctypes, sizeof(enctypes[0]) * num_enctypes); diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index 5c867daf20..dc4ccf7678 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -35,7 +35,7 @@ /* keytab backend for HDB databases */ -RCSID("$Id: keytab.c 18380 2006-10-09 12:36:40Z lha $"); +RCSID("$Id: keytab.c 23316 2008-06-23 04:32:32Z lha $"); struct hdb_data { char *dbname; @@ -55,7 +55,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id) d = malloc(sizeof(*d)); if(d == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } db = name; @@ -67,7 +67,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id) d->dbname = strdup(name); if(d->dbname == NULL) { free(d); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } } @@ -79,7 +79,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id) d->dbname = malloc(mkey - db + 1); if(d->dbname == NULL) { free(d); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memmove(d->dbname, db, mkey - db); @@ -89,7 +89,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id) if(d->mkey == NULL) { free(d->dbname); free(d); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } } diff --git a/source4/heimdal/lib/hdb/mkey.c b/source4/heimdal/lib/hdb/mkey.c index 05cf71c593..04cb423889 100644 --- a/source4/heimdal/lib/hdb/mkey.c +++ b/source4/heimdal/lib/hdb/mkey.c @@ -36,7 +36,7 @@ #define O_BINARY 0 #endif -RCSID("$Id: mkey.c 21745 2007-07-31 16:11:25Z lha $"); +RCSID("$Id: mkey.c 23316 2008-06-23 04:32:32Z lha $"); struct hdb_master_key_data { krb5_keytab_entry keytab; @@ -67,7 +67,7 @@ hdb_process_master_key(krb5_context context, *mkey = calloc(1, sizeof(**mkey)); if(*mkey == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*mkey)->keytab.vno = kvno; @@ -159,8 +159,8 @@ read_master_mit(krb5_context context, const char *filename, fd = open(filename, O_RDONLY | O_BINARY); if(fd < 0) { int save_errno = errno; - krb5_set_error_string(context, "failed to open %s: %s", filename, - strerror(save_errno)); + krb5_set_error_message(context, save_errno, "failed to open %s: %s", + filename, strerror(save_errno)); return save_errno; } sp = krb5_storage_from_fd(fd); @@ -176,9 +176,9 @@ read_master_mit(krb5_context context, const char *filename, #else ret = krb5_ret_int16(sp, &enctype); if((htons(enctype) & 0xff00) == 0x3000) { - krb5_set_error_string(context, "unknown keytype in %s: %#x, expected %#x", - filename, htons(enctype), 0x3000); ret = HEIM_ERR_BAD_MKEY; + krb5_set_error_message(context, ret, "unknown keytype in %s: %#x, expected %#x", + filename, htons(enctype), 0x3000); goto out; } key.keytype = enctype; @@ -209,7 +209,7 @@ read_master_encryptionkey(krb5_context context, const char *filename, fd = open(filename, O_RDONLY | O_BINARY); if(fd < 0) { int save_errno = errno; - krb5_set_error_string(context, "failed to open %s: %s", + krb5_set_error_message(context, save_errno, "failed to open %s: %s", filename, strerror(save_errno)); return save_errno; } @@ -218,7 +218,7 @@ read_master_encryptionkey(krb5_context context, const char *filename, close(fd); if(len < 0) { int save_errno = errno; - krb5_set_error_string(context, "error reading %s: %s", + krb5_set_error_message(context, save_errno, "error reading %s: %s", filename, strerror(save_errno)); return save_errno; } @@ -255,8 +255,8 @@ read_master_krb4(krb5_context context, const char *filename, fd = open(filename, O_RDONLY | O_BINARY); if(fd < 0) { int save_errno = errno; - krb5_set_error_string(context, "failed to open %s: %s", - filename, strerror(save_errno)); + krb5_set_error_message(context, save_errno, "failed to open %s: %s", + filename, strerror(save_errno)); return save_errno; } @@ -264,12 +264,13 @@ read_master_krb4(krb5_context context, const char *filename, close(fd); if(len < 0) { int save_errno = errno; - krb5_set_error_string(context, "error reading %s: %s", - filename, strerror(save_errno)); + krb5_set_error_message(context, save_errno, "error reading %s: %s", + filename, strerror(save_errno)); return save_errno; } if(len != 8) { - krb5_set_error_string(context, "bad contents of %s", filename); + krb5_set_error_message(context, HEIM_ERR_EOF, + "bad contents of %s", filename); return HEIM_ERR_EOF; /* XXX file might be too large */ } @@ -303,14 +304,14 @@ hdb_read_master_key(krb5_context context, const char *filename, f = fopen(filename, "r"); if(f == NULL) { int save_errno = errno; - krb5_set_error_string(context, "failed to open %s: %s", - filename, strerror(save_errno)); + krb5_set_error_message(context, save_errno, "failed to open %s: %s", + filename, strerror(save_errno)); return save_errno; } if(fread(buf, 1, 2, f) != 2) { - krb5_set_error_string(context, "end of file reading %s", filename); fclose(f); + krb5_set_error_message(context, HEIM_ERR_EOF, "end of file reading %s", filename); return HEIM_ERR_EOF; } diff --git a/source4/heimdal/lib/hdb/ndbm.c b/source4/heimdal/lib/hdb/ndbm.c index 6575b8a417..e1e8aacf87 100644 --- a/source4/heimdal/lib/hdb/ndbm.c +++ b/source4/heimdal/lib/hdb/ndbm.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: ndbm.c 16395 2005-12-13 11:54:10Z lha $"); +RCSID("$Id: ndbm.c 23316 2008-06-23 04:32:32Z lha $"); #if HAVE_NDBM @@ -110,9 +110,9 @@ NDBM_seq(krb5_context context, HDB *db, if (ret == 0 && entry->entry.principal == NULL) { entry->entry.principal = malloc (sizeof(*entry->entry.principal)); if (entry->entry.principal == NULL) { - ret = ENOMEM; hdb_free_entry (context, entry); - krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); } else { hdb_key2principal (context, &key_data, entry->entry.principal); } @@ -152,15 +152,15 @@ NDBM_rename(krb5_context context, HDB *db, const char *new_name) asprintf(&new_lock, "%s.lock", new_name); if(new_lock == NULL) { db->hdb_unlock(context, db); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } lock_fd = open(new_lock, O_RDWR | O_CREAT, 0600); if(lock_fd < 0) { ret = errno; db->hdb_unlock(context, db); - krb5_set_error_string(context, "open(%s): %s", new_lock, - strerror(ret)); + krb5_set_error_message(context, ret, "open(%s): %s", new_lock, + strerror(ret)); free(new_lock); return ret; } @@ -188,7 +188,7 @@ NDBM_rename(krb5_context context, HDB *db, const char *new_name) if(ret) { ret = errno; close(lock_fd); - krb5_set_error_string(context, "rename: %s", strerror(ret)); + krb5_set_error_message(context, ret, "rename: %s", strerror(ret)); return ret; } @@ -284,13 +284,13 @@ NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode) char *lock_file; if(d == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } asprintf(&lock_file, "%s.lock", (char*)db->hdb_name); if(lock_file == NULL) { free(d); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } d->db = dbm_open((char*)db->hdb_name, flags, mode); @@ -298,8 +298,8 @@ NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode) ret = errno; free(d); free(lock_file); - krb5_set_error_string(context, "dbm_open(%s): %s", db->hdb_name, - strerror(ret)); + krb5_set_error_message(context, ret, "dbm_open(%s): %s", db->hdb_name, + strerror(ret)); return ret; } d->lock_fd = open(lock_file, O_RDWR | O_CREAT, 0600); @@ -307,8 +307,8 @@ NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode) ret = errno; dbm_close(d->db); free(d); - krb5_set_error_string(context, "open(%s): %s", lock_file, - strerror(ret)); + krb5_set_error_message(context, ret, "open(%s): %s", lock_file, + strerror(ret)); free(lock_file); return ret; } @@ -322,10 +322,10 @@ NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode) return 0; if (ret) { NDBM_close(context, db); - krb5_set_error_string(context, "hdb_open: failed %s database %s", - (flags & O_ACCMODE) == O_RDONLY ? - "checking format of" : "initialize", - db->hdb_name); + krb5_set_error_message(context, ret, "hdb_open: failed %s database %s", + (flags & O_ACCMODE) == O_RDONLY ? + "checking format of" : "initialize", + db->hdb_name); } return ret; } @@ -336,16 +336,16 @@ hdb_ndbm_create(krb5_context context, HDB **db, { *db = calloc(1, sizeof(**db)); if (*db == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_db = NULL; (*db)->hdb_name = strdup(filename); if ((*db)->hdb_name == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); free(*db); *db = NULL; + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_master_key_set = 0; diff --git a/source4/heimdal/lib/hx509/ca.c b/source4/heimdal/lib/hx509/ca.c index 40260700b3..55374321ea 100644 --- a/source4/heimdal/lib/hx509/ca.c +++ b/source4/heimdal/lib/hx509/ca.c @@ -33,7 +33,7 @@ #include "hx_locl.h" #include -RCSID("$Id: ca.c 22456 2008-01-15 20:22:53Z lha $"); +RCSID("$Id: ca.c 22995 2008-04-15 19:31:29Z lha $"); /** * @page page_ca Hx509 CA functions @@ -1225,7 +1225,7 @@ ca_sign(hx509_context context, { BasicConstraints bc; int aCA = 1; - uint32_t path; + unsigned int path; memset(&bc, 0, sizeof(bc)); diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c index 09c85bc084..3194526e34 100644 --- a/source4/heimdal/lib/hx509/cert.c +++ b/source4/heimdal/lib/hx509/cert.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: cert.c 22583 2008-02-11 20:46:21Z lha $"); +RCSID("$Id: cert.c 23457 2008-07-27 12:12:56Z lha $"); #include "crypto-headers.h" #include @@ -138,7 +138,7 @@ hx509_context_init(hx509_context *context) /** * Selects if the hx509_revoke_verify() function is going to require - * the existans of a revokation method (OSCP, CRL) or not. Note that + * the existans of a revokation method (OCSP, CRL) or not. Note that * hx509_verify_path(), hx509_cms_verify_signed(), and other function * call hx509_revoke_verify(). * @@ -485,6 +485,12 @@ hx509_verify_set_time(hx509_verify_ctx ctx, time_t t) ctx->time_now = t; } +time_t +_hx509_verify_get_time(hx509_verify_ctx ctx) +{ + return ctx->time_now; +} + /** * Set the maximum depth of the certificate chain that the path * builder is going to try. @@ -2355,7 +2361,7 @@ hx509_verify_hostname(hx509_context context, } while (1); { - Name *name = &cert->data->tbsCertificate.subject; + const Name *name = &cert->data->tbsCertificate.subject; /* match if first component is a CN= */ if (name->u.rdnSequence.len > 0 @@ -2491,8 +2497,16 @@ hx509_cert_get_friendly_name(hx509_cert cert) a = hx509_cert_get_attribute(cert, oid_id_pkcs_9_at_friendlyName()); if (a == NULL) { - /* XXX use subject name ? */ - return NULL; + hx509_name name; + + ret = hx509_cert_get_subject(cert, &name); + if (ret) + return NULL; + ret = hx509_name_to_string(name, &cert->friendlyname); + hx509_name_free(&name); + if (ret) + return NULL; + return cert->friendlyname; } ret = decode_PKCS9_friendlyName(a->data.data, a->data.length, &n, &sz); @@ -2548,6 +2562,7 @@ hx509_query_alloc(hx509_context context, hx509_query **q) return 0; } + /** * Set match options for the hx509 query controller. * @@ -2697,6 +2712,25 @@ hx509_query_match_eku(hx509_query *q, const heim_oid *eku) return 0; } +int +hx509_query_match_expr(hx509_context context, hx509_query *q, const char *expr) +{ + if (q->expr) { + _hx509_expr_free(q->expr); + q->expr = NULL; + } + + if (expr == NULL) { + q->match &= ~HX509_QUERY_MATCH_EXPR; + } else { + q->expr = _hx509_expr_parse(expr); + if (q->expr) + q->match |= HX509_QUERY_MATCH_EXPR; + } + + return 0; +} + /** * Set the query controller to match using a specific match function. * @@ -2753,6 +2787,9 @@ hx509_query_free(hx509_context context, hx509_query *q) } if (q->friendlyname) free(q->friendlyname); + if (q->expr) + _hx509_expr_free(q->expr); + memset(q, 0, sizeof(*q)); free(q); } @@ -2890,6 +2927,19 @@ _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert hx509_cert_check_eku(context, cert, q->eku, 0)) return 0; + if ((q->match & HX509_QUERY_MATCH_EXPR)) { + hx509_env env = NULL; + + ret = _hx509_cert_to_env(context, cert, &env); + if (ret) + return 0; + + ret = _hx509_expr_eval(context, env, q->expr); + hx509_env_free(&env); + if (ret == 0) + return 0; + } + if (q->match & ~HX509_QUERY_MASK) return 0; @@ -2922,6 +2972,7 @@ _hx509_query_statistic(hx509_context context, int type, const hx509_query *q) f = fopen(context->querystat, "a"); if (f == NULL) return; + rk_cloexec_file(f); fprintf(f, "%d %d\n", type, q->match); fclose(f); } @@ -2992,6 +3043,7 @@ hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out) context->querystat, strerror(errno)); return; } + rk_cloexec_file(f); for (i = 0; i < sizeof(stats)/sizeof(stats[0]); i++) { stats[i].index = i; @@ -3206,3 +3258,103 @@ hx509_xfree(void *ptr) { free(ptr); } + +/** + * + */ + +int +_hx509_cert_to_env(hx509_context context, hx509_cert cert, hx509_env *env) +{ + ExtKeyUsage eku; + hx509_name name; + char *buf; + int ret; + hx509_env envcert = NULL; + + *env = NULL; + + /* version */ + asprintf(&buf, "%d", _hx509_cert_get_version(_hx509_get_cert(cert))); + ret = hx509_env_add(context, &envcert, "version", buf); + free(buf); + if (ret) + goto out; + + /* subject */ + ret = hx509_cert_get_subject(cert, &name); + if (ret) + goto out; + + ret = hx509_name_to_string(name, &buf); + if (ret) { + hx509_name_free(&name); + goto out; + } + + ret = hx509_env_add(context, &envcert, "subject", buf); + hx509_name_free(&name); + if (ret) + goto out; + + /* issuer */ + ret = hx509_cert_get_issuer(cert, &name); + if (ret) + goto out; + + ret = hx509_name_to_string(name, &buf); + hx509_name_free(&name); + if (ret) + goto out; + + ret = hx509_env_add(context, &envcert, "issuer", buf); + hx509_xfree(buf); + if (ret) + goto out; + + /* eku */ + + ret = _hx509_cert_get_eku(context, cert, &eku); + if (ret == HX509_EXTENSION_NOT_FOUND) + ; + else if (ret != 0) + goto out; + else { + int i; + hx509_env enveku = NULL; + + for (i = 0; i < eku.len; i++) { + + ret = der_print_heim_oid(&eku.val[i], '.', &buf); + if (ret) { + free_ExtKeyUsage(&eku); + hx509_env_free(&enveku); + goto out; + } + ret = hx509_env_add(context, &enveku, buf, "oid-name-here"); + free(buf); + if (ret) { + free_ExtKeyUsage(&eku); + hx509_env_free(&enveku); + goto out; + } + } + free_ExtKeyUsage(&eku); + + ret = hx509_env_add_binding(context, &envcert, "eku", enveku); + if (ret) { + hx509_env_free(&enveku); + goto out; + } + } + + ret = hx509_env_add_binding(context, env, "certificate", envcert); + if (ret) + goto out; + + return 0; + +out: + hx509_env_free(&envcert); + return ret; +} diff --git a/source4/heimdal/lib/hx509/cms.c b/source4/heimdal/lib/hx509/cms.c index 80bcaac6c9..69e7730f3c 100644 --- a/source4/heimdal/lib/hx509/cms.c +++ b/source4/heimdal/lib/hx509/cms.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: cms.c 22327 2007-12-15 04:49:37Z lha $"); +RCSID("$Id: cms.c 23268 2008-06-23 03:23:47Z lha $"); /** * @page page_cms CMS/PKCS7 message functions. @@ -260,6 +260,7 @@ static int find_CMSIdentifier(hx509_context context, CMSIdentifier *client, hx509_certs certs, + time_t time_now, hx509_cert *signer_cert, int match) { @@ -292,7 +293,10 @@ find_CMSIdentifier(hx509_context context, q.match |= match; q.match |= HX509_QUERY_MATCH_TIME; - q.timenow = time(NULL); + if (time_now) + q.timenow = time_now; + else + q.timenow = time(NULL); ret = hx509_certs_find(context, certs, &q, &cert); if (ret == HX509_CERT_NOT_FOUND) { @@ -333,6 +337,7 @@ find_CMSIdentifier(hx509_context context, * @param length length of the data that data point to. * @param encryptedContent in case of detached signature, this * contains the actual encrypted data, othersize its should be NULL. + * @param time_now set the current time, if zero the library uses now as the date. * @param contentType output type oid, should be freed with der_free_oid(). * @param content the data, free with der_free_octet_string(). * @@ -346,6 +351,7 @@ hx509_cms_unenvelope(hx509_context context, const void *data, size_t length, const heim_octet_string *encryptedContent, + time_t time_now, heim_oid *contentType, heim_octet_string *content) { @@ -407,7 +413,8 @@ hx509_cms_unenvelope(hx509_context context, ri = &ed.recipientInfos.val[i]; - ret = find_CMSIdentifier(context, &ri->rid, certs, &cert, + ret = find_CMSIdentifier(context, &ri->rid, certs, + time_now, &cert, HX509_QUERY_PRIVATE_KEY|findflags); if (ret) continue; @@ -831,7 +838,8 @@ hx509_cms_verify_signed(hx509_context context, continue; } - ret = find_CMSIdentifier(context, &signer_info->sid, certs, &cert, + ret = find_CMSIdentifier(context, &signer_info->sid, certs, + _hx509_verify_get_time(ctx), &cert, HX509_QUERY_KU_DIGITALSIGNATURE); if (ret) continue; diff --git a/source4/heimdal/lib/hx509/crypto.c b/source4/heimdal/lib/hx509/crypto.c index e0f00ad7b4..9334a4a847 100644 --- a/source4/heimdal/lib/hx509/crypto.c +++ b/source4/heimdal/lib/hx509/crypto.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: crypto.c 22435 2008-01-14 20:53:56Z lha $"); +RCSID("$Id: crypto.c 22855 2008-04-07 18:49:24Z lha $"); struct hx509_crypto; @@ -1592,11 +1592,11 @@ _hx509_private_key_init(hx509_private_key *key, hx509_private_key _hx509_private_key_ref(hx509_private_key key) { - if (key->ref <= 0) - _hx509_abort("refcount <= 0"); - key->ref++; if (key->ref == 0) - _hx509_abort("refcount == 0"); + _hx509_abort("key refcount <= 0 on ref"); + key->ref++; + if (key->ref == UINT_MAX) + _hx509_abort("key refcount == UINT_MAX on ref"); return key; } @@ -1612,8 +1612,8 @@ _hx509_private_key_free(hx509_private_key *key) if (key == NULL || *key == NULL) return 0; - if ((*key)->ref <= 0) - _hx509_abort("refcount <= 0"); + if ((*key)->ref == 0) + _hx509_abort("key refcount == 0 on free"); if (--(*key)->ref > 0) return 0; diff --git a/source4/heimdal/lib/hx509/env.c b/source4/heimdal/lib/hx509/env.c index f868c22488..a124e6ea1c 100644 --- a/source4/heimdal/lib/hx509/env.c +++ b/source4/heimdal/lib/hx509/env.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007 Kungliga Tekniska Högskolan + * Copyright (c) 2007 - 2008 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: env.c 22349 2007-12-26 19:32:49Z lha $"); +RCSID("$Id: env.c 22677 2008-03-13 17:35:49Z lha $"); /** * @page page_env Hx509 enviroment functions @@ -40,19 +40,13 @@ RCSID("$Id: env.c 22349 2007-12-26 19:32:49Z lha $"); * See the library functions here: @ref hx509_env */ -struct hx509_env { - struct { - char *key; - char *value; - } *val; - size_t len; -}; - /** - * Allocate a new hx509_env container object. + * Add a new key/value pair to the hx509_env. * * @param context A hx509 context. - * @param env return a hx509_env structure, free with hx509_env_free(). + * @param env enviroment to add the enviroment variable too. + * @param key key to add + * @param value value to add * * @return An hx509 error code, see hx509_get_error_string(). * @@ -60,23 +54,50 @@ struct hx509_env { */ int -hx509_env_init(hx509_context context, hx509_env *env) +hx509_env_add(hx509_context context, hx509_env *env, + const char *key, const char *value) { - *env = calloc(1, sizeof(**env)); - if (*env == NULL) { + hx509_env n; + + n = malloc(sizeof(*n)); + if (n == NULL) { hx509_set_error_string(context, 0, ENOMEM, "out of memory"); return ENOMEM; } + + n->type = env_string; + n->next = NULL; + n->name = strdup(key); + if (n->name == NULL) { + free(n); + return ENOMEM; + } + n->u.string = strdup(value); + if (n->u.string == NULL) { + free(n->name); + free(n); + return ENOMEM; + } + + /* add to tail */ + if (*env) { + hx509_env e = *env; + while (e->next) + e = e->next; + e->next = n; + } else + *env = n; + return 0; } /** - * Add a new key/value pair to the hx509_env. + * Add a new key/binding pair to the hx509_env. * * @param context A hx509 context. * @param env enviroment to add the enviroment variable too. * @param key key to add - * @param value value to add + * @param list binding list to add * * @return An hx509 error code, see hx509_get_error_string(). * @@ -84,34 +105,41 @@ hx509_env_init(hx509_context context, hx509_env *env) */ int -hx509_env_add(hx509_context context, hx509_env env, - const char *key, const char *value) +hx509_env_add_binding(hx509_context context, hx509_env *env, + const char *key, hx509_env list) { - void *ptr; + hx509_env n; - ptr = realloc(env->val, sizeof(env->val[0]) * (env->len + 1)); - if (ptr == NULL) { + n = malloc(sizeof(*n)); + if (n == NULL) { hx509_set_error_string(context, 0, ENOMEM, "out of memory"); return ENOMEM; } - env->val = ptr; - env->val[env->len].key = strdup(key); - if (env->val[env->len].key == NULL) { - hx509_set_error_string(context, 0, ENOMEM, "out of memory"); - return ENOMEM; - } - env->val[env->len].value = strdup(value); - if (env->val[env->len].value == NULL) { - free(env->val[env->len].key); - hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + + n->type = env_list; + n->next = NULL; + n->name = strdup(key); + if (n->name == NULL) { + free(n); return ENOMEM; } - env->len++; + n->u.list = list; + + /* add to tail */ + if (*env) { + hx509_env e = *env; + while (e->next) + e = e->next; + e->next = n; + } else + *env = n; + return 0; } + /** - * Search the hx509_env for a key. + * Search the hx509_env for a length based key. * * @param context A hx509 context. * @param env enviroment to add the enviroment variable too. @@ -127,16 +155,80 @@ const char * hx509_env_lfind(hx509_context context, hx509_env env, const char *key, size_t len) { - size_t i; + while(env) { + if (strncmp(key, env->name ,len) == 0 + && env->name[len] == '\0' && env->type == env_string) + return env->u.string; + env = env->next; + } + return NULL; +} - for (i = 0; i < env->len; i++) { - char *s = env->val[i].key; - if (strncmp(key, s, len) == 0 && s[len] == '\0') - return env->val[i].value; +/** + * Search the hx509_env for a key. + * + * @param context A hx509 context. + * @param env enviroment to add the enviroment variable too. + * @param key key to search for. + * + * @return the value if the key is found, NULL otherwise. + * + * @ingroup hx509_env + */ + +const char * +hx509_env_find(hx509_context context, hx509_env env, const char *key) +{ + while(env) { + if (strcmp(key, env->name) == 0 && env->type == env_string) + return env->u.string; + env = env->next; } return NULL; } +/** + * Search the hx509_env for a binding. + * + * @param context A hx509 context. + * @param env enviroment to add the enviroment variable too. + * @param key key to search for. + * + * @return the binding if the key is found, NULL if not found. + * + * @ingroup hx509_env + */ + +hx509_env +hx509_env_find_binding(hx509_context context, + hx509_env env, + const char *key) +{ + while(env) { + if (strcmp(key, env->name) == 0 && env->type == env_list) + return env->u.list; + env = env->next; + } + return NULL; +} + +static void +env_free(hx509_env b) +{ + while(b) { + hx509_env next = b->next; + + if (b->type == env_string) + free(b->u.string); + else if (b->type == env_list) + env_free(b->u.list); + + free(b->name); + free(b); + b = next; + } +} + /** * Free an hx509_env enviroment context. * @@ -148,14 +240,7 @@ hx509_env_lfind(hx509_context context, hx509_env env, void hx509_env_free(hx509_env *env) { - size_t i; - - for (i = 0; i < (*env)->len; i++) { - free((*env)->val[i].key); - free((*env)->val[i].value); - } - free((*env)->val); - free(*env); + if (*env) + env_free(*env); *env = NULL; } - diff --git a/source4/heimdal/lib/hx509/file.c b/source4/heimdal/lib/hx509/file.c index b076b74f44..c8f0e9a642 100644 --- a/source4/heimdal/lib/hx509/file.c +++ b/source4/heimdal/lib/hx509/file.c @@ -35,13 +35,13 @@ RCSID("$ID$"); int -_hx509_map_file_os(const char *fn, heim_octet_string *os, struct stat *rsb) +_hx509_map_file_os(const char *fn, heim_octet_string *os) { size_t length; void *data; int ret; - ret = _hx509_map_file(fn, &data, &length, rsb); + ret = rk_undumpdata(fn, &data, &length); os->data = data; os->length = length; @@ -52,86 +52,13 @@ _hx509_map_file_os(const char *fn, heim_octet_string *os, struct stat *rsb) void _hx509_unmap_file_os(heim_octet_string *os) { - _hx509_unmap_file(os->data, os->length); -} - -int -_hx509_map_file(const char *fn, void **data, size_t *length, struct stat *rsb) -{ - struct stat sb; - size_t len; - ssize_t l; - int ret; - void *d; - int fd; - - *data = NULL; - *length = 0; - - fd = open(fn, O_RDONLY); - if (fd < 0) - return errno; - - if (fstat(fd, &sb) < 0) { - ret = errno; - close(fd); - return ret; - } - - len = sb.st_size; - - d = malloc(len); - if (d == NULL) { - close(fd); - return ENOMEM; - } - - l = read(fd, d, len); - close(fd); - if (l < 0 || l != len) { - free(d); - return EINVAL; - } - - if (rsb) - *rsb = sb; - *data = d; - *length = len; - return 0; -} - -void -_hx509_unmap_file(void *data, size_t len) -{ - free(data); + rk_xfree(os->data); } int _hx509_write_file(const char *fn, const void *data, size_t length) { - ssize_t sz; - const unsigned char *p = data; - int fd; - - fd = open(fn, O_WRONLY|O_TRUNC|O_CREAT, 0644); - if (fd < 0) - return errno; - - do { - sz = write(fd, p, length); - if (sz < 0) { - int saved_errno = errno; - close(fd); - return saved_errno; - } - if (sz == 0) - break; - length -= sz; - } while (length > 0); - - if (close(fd) == -1) - return errno; - + rk_dumpdata(fn, data, length); return 0; } diff --git a/source4/heimdal/lib/hx509/hx509-private.h b/source4/heimdal/lib/hx509/hx509-private.h index be36c07421..de1fcfa7e6 100644 --- a/source4/heimdal/lib/hx509/hx509-private.h +++ b/source4/heimdal/lib/hx509/hx509-private.h @@ -97,6 +97,12 @@ _hx509_cert_set_release ( _hx509_cert_release_func /*release*/, void */*ctx*/); +int +_hx509_cert_to_env ( + hx509_context /*context*/, + hx509_cert /*cert*/, + hx509_env */*env*/); + int _hx509_certs_keys_add ( hx509_context /*context*/, @@ -181,6 +187,18 @@ _hx509_create_signature_bitstring ( AlgorithmIdentifier */*signatureAlgorithm*/, heim_bit_string */*sig*/); +int +_hx509_expr_eval ( + hx509_context /*context*/, + hx509_env /*env*/, + struct hx_expr */*expr*/); + +void +_hx509_expr_free (struct hx_expr */*expr*/); + +struct hx_expr * +_hx509_expr_parse (const char */*buf*/); + int _hx509_find_extension_subject_key_id ( const Certificate */*issuer*/, @@ -253,18 +271,16 @@ _hx509_lock_get_passwords (hx509_lock /*lock*/); hx509_certs _hx509_lock_unlock_certs (hx509_lock /*lock*/); -int -_hx509_map_file ( - const char */*fn*/, - void **/*data*/, - size_t */*length*/, - struct stat */*rsb*/); +struct hx_expr * +_hx509_make_expr ( + enum hx_expr_op /*op*/, + void */*arg1*/, + void */*arg2*/); int _hx509_map_file_os ( const char */*fn*/, - heim_octet_string */*os*/, - struct stat */*rsb*/); + heim_octet_string */*os*/); int _hx509_match_keys ( @@ -486,6 +502,9 @@ _hx509_request_to_pkcs10 ( hx509_revoke_ctx _hx509_revoke_ref (hx509_revoke_ctx /*ctx*/); +void +_hx509_sel_yyerror (char */*s*/); + int _hx509_set_cert_attribute ( hx509_context /*context*/, @@ -493,11 +512,6 @@ _hx509_set_cert_attribute ( const heim_oid */*oid*/, const heim_octet_string */*attr*/); -void -_hx509_unmap_file ( - void */*data*/, - size_t /*len*/); - void _hx509_unmap_file_os (heim_octet_string */*os*/); @@ -506,6 +520,9 @@ _hx509_unparse_Name ( const Name */*aname*/, char **/*str*/); +time_t +_hx509_verify_get_time (hx509_verify_ctx /*ctx*/); + int _hx509_verify_signature ( hx509_context /*context*/, diff --git a/source4/heimdal/lib/hx509/hx509-protos.h b/source4/heimdal/lib/hx509/hx509-protos.h index 3e297424cc..f8e6bc19a4 100644 --- a/source4/heimdal/lib/hx509/hx509-protos.h +++ b/source4/heimdal/lib/hx509/hx509-protos.h @@ -8,11 +8,13 @@ extern "C" { #endif -#ifndef HX509_LIB_FUNCTION +#ifndef HX509_LIB #if defined(_WIN32) -#define HX509_LIB_FUNCTION _stdcall +#define HX509_LIB_FUNCTION _stdcall __declspec(dllimport) +#define HX509_LIB_VARIABLE __declspec(dllimport) #else #define HX509_LIB_FUNCTION +#define HX509_LIB_VARIABLE #endif #endif @@ -396,6 +398,7 @@ hx509_cms_unenvelope ( const void */*data*/, size_t /*length*/, const heim_octet_string */*encryptedContent*/, + time_t /*time_now*/, heim_oid */*contentType*/, heim_octet_string */*content*/); @@ -564,17 +567,31 @@ hx509_crypto_set_random_key ( int hx509_env_add ( hx509_context /*context*/, - hx509_env /*env*/, + hx509_env */*env*/, const char */*key*/, const char */*value*/); -void -hx509_env_free (hx509_env */*env*/); - int -hx509_env_init ( +hx509_env_add_binding ( hx509_context /*context*/, - hx509_env */*env*/); + hx509_env */*env*/, + const char */*key*/, + hx509_env /*list*/); + +const char * +hx509_env_find ( + hx509_context /*context*/, + hx509_env /*env*/, + const char */*key*/); + +hx509_env +hx509_env_find_binding ( + hx509_context /*context*/, + hx509_env /*env*/, + const char */*key*/); + +void +hx509_env_free (hx509_env */*env*/); const char * hx509_env_lfind ( @@ -825,6 +842,12 @@ hx509_query_match_eku ( hx509_query */*q*/, const heim_oid */*eku*/); +int +hx509_query_match_expr ( + hx509_context /*context*/, + hx509_query */*q*/, + const char */*expr*/); + int hx509_query_match_friendly_name ( hx509_query */*q*/, @@ -1047,6 +1070,9 @@ hx509_verify_signature ( void hx509_xfree (void */*ptr*/); +int +yywrap (void); + #ifdef __cplusplus } #endif diff --git a/source4/heimdal/lib/hx509/hx509.h b/source4/heimdal/lib/hx509/hx509.h index be02f63474..d2a6b06e0c 100644 --- a/source4/heimdal/lib/hx509/hx509.h +++ b/source4/heimdal/lib/hx509/hx509.h @@ -31,7 +31,13 @@ * SUCH DAMAGE. */ -/* $Id: hx509.h 22464 2008-01-16 14:24:50Z lha $ */ +/* $Id: hx509.h 22908 2008-04-08 08:16:32Z lha $ */ + +#ifndef HEIMDAL_HX509_H +#define HEIMDAL_HX509_H 1 + +#include +#include typedef struct hx509_cert_attribute_data *hx509_cert_attribute; typedef struct hx509_cert_data *hx509_cert; @@ -50,7 +56,7 @@ typedef struct hx509_request_data *hx509_request; typedef struct hx509_error_data *hx509_error; typedef struct hx509_peer_info *hx509_peer_info; typedef struct hx509_ca_tbs *hx509_ca_tbs; -typedef struct hx509_env *hx509_env; +typedef struct hx509_env_data *hx509_env; typedef struct hx509_crl *hx509_crl; typedef void (*hx509_vprint_func)(void *, const char *, va_list); @@ -146,3 +152,6 @@ typedef enum { } hx509_hostname_type; #include +#include + +#endif /* HEIMDAL_HX509_H */ diff --git a/source4/heimdal/lib/hx509/hx_locl.h b/source4/heimdal/lib/hx509/hx_locl.h index 6d89167bfc..d2db3354c7 100644 --- a/source4/heimdal/lib/hx509/hx_locl.h +++ b/source4/heimdal/lib/hx509/hx_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hx_locl.h 22538 2008-01-27 13:05:47Z lha $ */ +/* $Id: hx_locl.h 23189 2008-05-23 15:04:27Z lha $ */ #ifdef HAVE_CONFIG_H #include @@ -45,6 +45,8 @@ #include #include #include +#include + #include #include #include @@ -80,6 +82,8 @@ typedef void (*_hx509_cert_release_func)(struct hx509_cert_data *, void *); typedef struct hx509_private_key_ops hx509_private_key_ops; +#include "sel.h" + #include #include @@ -129,7 +133,8 @@ struct hx509_query_data { #define HX509_QUERY_MATCH_KEY_HASH_SHA1 0x100000 #define HX509_QUERY_MATCH_TIME 0x200000 #define HX509_QUERY_MATCH_EKU 0x400000 -#define HX509_QUERY_MASK 0x7fffff +#define HX509_QUERY_MATCH_EXPR 0x800000 +#define HX509_QUERY_MASK 0xffffff Certificate *subject; Certificate *certificate; heim_integer *serial; @@ -144,6 +149,7 @@ struct hx509_query_data { heim_octet_string *keyhash_sha1; time_t timenow; heim_oid *eku; + struct hx_expr *expr; }; struct hx509_keyset_ops { @@ -188,6 +194,18 @@ struct hx509_context_data { /* _hx509_calculate_path flag field */ #define HX509_CALCULATE_PATH_NO_ANCHOR 1 +/* environment */ +struct hx509_env_data { + enum { env_string, env_list } type; + char *name; + struct hx509_env_data *next; + union { + char *string; + struct hx509_env_data *list; + } u; +}; + + extern const AlgorithmIdentifier * _hx509_crypto_default_sig_alg; extern const AlgorithmIdentifier * _hx509_crypto_default_digest_alg; extern const AlgorithmIdentifier * _hx509_crypto_default_secret_alg; diff --git a/source4/heimdal/lib/hx509/keyset.c b/source4/heimdal/lib/hx509/keyset.c index 2fcff7b03b..1fceb849ec 100644 --- a/source4/heimdal/lib/hx509/keyset.c +++ b/source4/heimdal/lib/hx509/keyset.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: keyset.c 22466 2008-01-16 14:26:35Z lha $"); +RCSID("$Id: keyset.c 22851 2008-04-07 18:49:07Z lha $"); /** * @page page_keyset Certificate store operations @@ -59,7 +59,7 @@ RCSID("$Id: keyset.c 22466 2008-01-16 14:26:35Z lha $"); */ struct hx509_certs_data { - int ref; + unsigned int ref; struct hx509_keyset_ops *ops; void *ops_data; }; @@ -203,11 +203,11 @@ _hx509_certs_ref(hx509_certs certs) { if (certs == NULL) return NULL; - if (certs->ref <= 0) - _hx509_abort("certs refcount <= 0"); - certs->ref++; if (certs->ref == 0) - _hx509_abort("certs refcount == 0"); + _hx509_abort("certs refcount == 0 on ref"); + if (certs->ref == UINT_MAX) + _hx509_abort("certs refcount == UINT_MAX on ref"); + certs->ref++; return certs; } @@ -223,8 +223,8 @@ void hx509_certs_free(hx509_certs *certs) { if (*certs) { - if ((*certs)->ref <= 0) - _hx509_abort("refcount <= 0"); + if ((*certs)->ref == 0) + _hx509_abort("cert refcount == 0 on free"); if (--(*certs)->ref > 0) return; diff --git a/source4/heimdal/lib/hx509/ks_dir.c b/source4/heimdal/lib/hx509/ks_dir.c index a0bc875e5b..0dabc78c52 100644 --- a/source4/heimdal/lib/hx509/ks_dir.c +++ b/source4/heimdal/lib/hx509/ks_dir.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_dir.c 19778 2007-01-09 10:52:13Z lha $"); +RCSID("$Id: ks_dir.c 23460 2008-07-27 12:14:03Z lha $"); #include /* @@ -116,6 +116,7 @@ dir_iter_start(hx509_context context, free(d); return errno; } + rk_cloexec(dirfd(d->dir)); d->certs = NULL; d->iter = NULL; diff --git a/source4/heimdal/lib/hx509/ks_file.c b/source4/heimdal/lib/hx509/ks_file.c index 87b97af401..25ceb1c64f 100644 --- a/source4/heimdal/lib/hx509/ks_file.c +++ b/source4/heimdal/lib/hx509/ks_file.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_file.c 22465 2008-01-16 14:25:24Z lha $"); +RCSID("$Id: ks_file.c 23459 2008-07-27 12:13:31Z lha $"); typedef enum { USE_PEM, USE_DER } outformat; @@ -391,6 +391,7 @@ file_init_common(hx509_context context, p, strerror(errno)); goto out; } + rk_cloexec_file(f); ret = hx509_pem_read(context, f, pem_func, &pem_ctx); fclose(f); @@ -401,7 +402,7 @@ file_init_common(hx509_context context, void *ptr; int i; - ret = _hx509_map_file(p, &ptr, &length, NULL); + ret = rk_undumpdata(p, &ptr, &length); if (ret) { hx509_clear_error_string(context); goto out; @@ -412,7 +413,7 @@ file_init_common(hx509_context context, if (ret == 0) break; } - _hx509_unmap_file(ptr, length); + rk_xfree(ptr); if (ret) goto out; } @@ -525,6 +526,7 @@ file_store(hx509_context context, "Failed to open file %s for writing"); return ENOENT; } + rk_cloexec_file(sc.f); sc.format = f->format; ret = hx509_certs_iter(context, f->certs, store_func, &sc); diff --git a/source4/heimdal/lib/hx509/ks_p11.c b/source4/heimdal/lib/hx509/ks_p11.c index 0d7c312c72..bf46e6604e 100644 --- a/source4/heimdal/lib/hx509/ks_p11.c +++ b/source4/heimdal/lib/hx509/ks_p11.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_p11.c 22071 2007-11-14 20:04:50Z lha $"); +RCSID("$Id: ks_p11.c 22899 2008-04-07 18:52:36Z lha $"); #ifdef HAVE_DLFCN_H #include #endif @@ -65,7 +65,7 @@ struct p11_module { void *dl_handle; CK_FUNCTION_LIST_PTR funcs; CK_ULONG num_slots; - unsigned int refcount; + unsigned int ref; struct p11_slot *slot; }; @@ -309,7 +309,8 @@ p11_init_slot(hx509_context context, CK_SESSION_HANDLE session; CK_SLOT_INFO slot_info; CK_TOKEN_INFO token_info; - int ret, i; + size_t i; + int ret; slot->certs = NULL; slot->id = id; @@ -640,9 +641,11 @@ collect_private_key(hx509_context context, p11rsa->slot = slot; p11rsa->private_key = object; - p->refcount++; - if (p->refcount == 0) - _hx509_abort("pkcs11 refcount to high"); + if (p->ref == 0) + _hx509_abort("pkcs11 ref == 0 on alloc"); + p->ref++; + if (p->ref == UINT_MAX) + _hx509_abort("pkcs11 ref == UINT_MAX on alloc"); RSA_set_method(rsa, &p11_rsa_pkcs1_method); ret = RSA_set_app_data(rsa, p11rsa); @@ -695,9 +698,11 @@ collect_cert(hx509_context context, if (ret) return ret; - p->refcount++; - if (p->refcount == 0) - _hx509_abort("pkcs11 refcount to high"); + if (p->ref == 0) + _hx509_abort("pkcs11 ref == 0 on alloc"); + p->ref++; + if (p->ref == UINT_MAX) + _hx509_abort("pkcs11 ref to high"); _hx509_cert_set_release(cert, p11_cert_release, p); @@ -808,7 +813,7 @@ p11_init(hx509_context context, return ENOMEM; } - p->refcount = 1; + p->ref = 1; str = strchr(list, ','); if (str) @@ -934,9 +939,9 @@ p11_release_module(struct p11_module *p) { int i; - if (p->refcount == 0) - _hx509_abort("pkcs11 refcount to low"); - if (--p->refcount > 0) + if (p->ref == 0) + _hx509_abort("pkcs11 ref to low"); + if (--p->ref > 0) return; for (i = 0; i < p->num_slots; i++) { diff --git a/source4/heimdal/lib/hx509/ks_p12.c b/source4/heimdal/lib/hx509/ks_p12.c index 12756e6c07..3ab824a330 100644 --- a/source4/heimdal/lib/hx509/ks_p12.c +++ b/source4/heimdal/lib/hx509/ks_p12.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_p12.c 21146 2007-06-18 21:37:25Z lha $"); +RCSID("$Id: ks_p12.c 23413 2008-07-26 18:34:53Z lha $"); struct ks_pkcs12 { hx509_certs certs; @@ -276,6 +276,7 @@ envelopedData_parser(hx509_context context, 0, data, length, NULL, + 0, &contentType, &content); if (ret) { @@ -361,14 +362,14 @@ p12_init(hx509_context context, goto out; } - ret = _hx509_map_file(residue, &buf, &len, NULL); + ret = rk_undumpdata(residue, &buf, &len); if (ret) { hx509_clear_error_string(context); goto out; } ret = decode_PKCS12_PFX(buf, len, &pfx, NULL); - _hx509_unmap_file(buf, len); + rk_xfree(buf); if (ret) { hx509_set_error_string(context, 0, ret, "Failed to decode the PFX in %s", residue); diff --git a/source4/heimdal/lib/hx509/name.c b/source4/heimdal/lib/hx509/name.c index 3f0806ddc0..ccc33a3e55 100644 --- a/source4/heimdal/lib/hx509/name.c +++ b/source4/heimdal/lib/hx509/name.c @@ -33,7 +33,7 @@ #include "hx_locl.h" #include -RCSID("$Id: name.c 22583 2008-02-11 20:46:21Z lha $"); +RCSID("$Id: name.c 22677 2008-03-13 17:35:49Z lha $"); /** * @page page_name PKIX/X.509 Names @@ -897,7 +897,7 @@ hx509_name_is_null_p(const hx509_name name) * @param name the name to print * @param str an allocated string returns the name in string form * - * @return An hx509 error code, see krb5_get_error_string(). + * @return An hx509 error code, see hx509_get_error_string(). * * @ingroup hx509_name */ diff --git a/source4/heimdal/lib/hx509/req.c b/source4/heimdal/lib/hx509/req.c index d7a85e1cec..f374044ca6 100644 --- a/source4/heimdal/lib/hx509/req.c +++ b/source4/heimdal/lib/hx509/req.c @@ -33,7 +33,7 @@ #include "hx_locl.h" #include -RCSID("$Id: req.c 21344 2007-06-26 14:22:34Z lha $"); +RCSID("$Id: req.c 23413 2008-07-26 18:34:53Z lha $"); struct hx509_request_data { hx509_name name; @@ -257,14 +257,14 @@ _hx509_request_parse(hx509_context context, /* XXX PEM request */ - ret = _hx509_map_file(path, &p, &len, NULL); + ret = rk_undumpdata(path, &p, &len); if (ret) { hx509_set_error_string(context, 0, ret, "Failed to map file %s", path); return ret; } ret = decode_CertificationRequest(p, len, &r, &size); - _hx509_unmap_file(p, len); + rk_xfree(p); if (ret) { hx509_set_error_string(context, 0, ret, "Failed to decode %s", path); return ret; diff --git a/source4/heimdal/lib/hx509/revoke.c b/source4/heimdal/lib/hx509/revoke.c index 2010f945f0..8325c4723d 100644 --- a/source4/heimdal/lib/hx509/revoke.c +++ b/source4/heimdal/lib/hx509/revoke.c @@ -50,7 +50,7 @@ */ #include "hx_locl.h" -RCSID("$Id: revoke.c 22583 2008-02-11 20:46:21Z lha $"); +RCSID("$Id: revoke.c 23413 2008-07-26 18:34:53Z lha $"); struct revoke_crl { char *path; @@ -70,7 +70,7 @@ struct revoke_ocsp { struct hx509_revoke_ctx_data { - unsigned ref; + unsigned int ref; struct { struct revoke_crl *val; size_t len; @@ -113,11 +113,11 @@ _hx509_revoke_ref(hx509_revoke_ctx ctx) { if (ctx == NULL) return NULL; - if (ctx->ref <= 0) - _hx509_abort("revoke ctx refcount <= 0"); - ctx->ref++; if (ctx->ref == 0) - _hx509_abort("revoke ctx refcount == 0"); + _hx509_abort("revoke ctx refcount == 0 on ref"); + ctx->ref++; + if (ctx->ref == UINT_MAX) + _hx509_abort("revoke ctx refcount == UINT_MAX on ref"); return ctx; } @@ -146,8 +146,8 @@ hx509_revoke_free(hx509_revoke_ctx *ctx) if (ctx == NULL || *ctx == NULL) return; - if ((*ctx)->ref <= 0) - _hx509_abort("revoke ctx refcount <= 0 on free"); + if ((*ctx)->ref == 0) + _hx509_abort("revoke ctx refcount == 0 on free"); if (--(*ctx)->ref > 0) return; @@ -218,7 +218,7 @@ verify_ocsp(hx509_context context, ret = _hx509_cert_is_parent_cmp(s, p, 0); if (ret != 0) { ret = HX509_PARENT_NOT_CA; - hx509_set_error_string(context, 0, ret, "Revoke OSCP signer is " + hx509_set_error_string(context, 0, ret, "Revoke OCSP signer is " "doesn't have CA as signer certificate"); goto out; } @@ -230,7 +230,7 @@ verify_ocsp(hx509_context context, &s->signatureValue); if (ret) { hx509_set_error_string(context, HX509_ERROR_APPEND, ret, - "OSCP signer signature invalid"); + "OCSP signer signature invalid"); goto out; } @@ -247,7 +247,7 @@ verify_ocsp(hx509_context context, &ocsp->ocsp.signature); if (ret) { hx509_set_error_string(context, HX509_ERROR_APPEND, ret, - "OSCP signature invalid"); + "OCSP signature invalid"); goto out; } @@ -333,12 +333,16 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp) void *data; int ret; - ret = _hx509_map_file(ocsp->path, &data, &length, &sb); + ret = rk_undumpdata(ocsp->path, &data, &length); if (ret) return ret; + ret = stat(ocsp->path, &sb); + if (ret) + return errno; + ret = parse_ocsp_basic(data, length, &basic); - _hx509_unmap_file(data, length); + rk_xfree(data); if (ret) { hx509_set_error_string(context, 0, ret, "Failed to parse OCSP response"); @@ -567,14 +571,18 @@ load_crl(const char *path, time_t *t, CRLCertificateList *crl) memset(crl, 0, sizeof(*crl)); - ret = _hx509_map_file(path, &data, &length, &sb); + ret = rk_undumpdata(path, &data, &length); if (ret) return ret; + ret = stat(path, &sb); + if (ret) + return errno; + *t = sb.st_mtime; ret = decode_CRLCertificateList(data, length, crl, &size); - _hx509_unmap_file(data, length); + rk_xfree(data); if (ret) return ret; diff --git a/source4/heimdal/lib/hx509/sel-gram.c b/source4/heimdal/lib/hx509/sel-gram.c new file mode 100644 index 0000000000..905384da55 --- /dev/null +++ b/source4/heimdal/lib/hx509/sel-gram.c @@ -0,0 +1,1714 @@ +/* A Bison parser, made by GNU Bison 2.3. */ + +/* Skeleton implementation for Bison's Yacc-like parsers in C + + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 + Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. */ + +/* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work + under terms of your choice, so long as that work isn't itself a + parser generator using the skeleton or a modified version thereof + as a parser skeleton. Alternatively, if you modify or redistribute + the parser skeleton itself, you may (at your option) remove this + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. + + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. */ + +/* C LALR(1) parser skeleton written by Richard Stallman, by + simplifying the original so-called "semantic" parser. */ + +/* All symbols defined below should begin with yy or YY, to avoid + infringing on user name space. This should be done even for local + variables, as they might otherwise be expanded by user macros. + There are some unavoidable exceptions within include files to + define necessary library symbols; they are noted "INFRINGES ON + USER NAME SPACE" below. */ + +/* Identify Bison output. */ +#define YYBISON 1 + +/* Bison version. */ +#define YYBISON_VERSION "2.3" + +/* Skeleton name. */ +#define YYSKELETON_NAME "yacc.c" + +/* Pure parsers. */ +#define YYPURE 0 + +/* Using locations. */ +#define YYLSP_NEEDED 0 + + + +/* Tokens. */ +#ifndef YYTOKENTYPE +# define YYTOKENTYPE + /* Put the tokens into the symbol table, so that GDB and other debuggers + know about them. */ + enum yytokentype { + kw_TRUE = 258, + kw_FALSE = 259, + kw_AND = 260, + kw_OR = 261, + kw_IN = 262, + kw_TAILMATCH = 263, + NUMBER = 264, + STRING = 265, + IDENTIFIER = 266 + }; +#endif +/* Tokens. */ +#define kw_TRUE 258 +#define kw_FALSE 259 +#define kw_AND 260 +#define kw_OR 261 +#define kw_IN 262 +#define kw_TAILMATCH 263 +#define NUMBER 264 +#define STRING 265 +#define IDENTIFIER 266 + + + + +/* Copy the first part of user declarations. */ +#line 34 "heimdal/lib/hx509/sel-gram.y" + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include + +RCSID("$Id$"); + + + +/* Enabling traces. */ +#ifndef YYDEBUG +# define YYDEBUG 0 +#endif + +/* Enabling verbose error messages. */ +#ifdef YYERROR_VERBOSE +# undef YYERROR_VERBOSE +# define YYERROR_VERBOSE 1 +#else +# define YYERROR_VERBOSE 0 +#endif + +/* Enabling the token table. */ +#ifndef YYTOKEN_TABLE +# define YYTOKEN_TABLE 0 +#endif + +#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED +typedef union YYSTYPE +#line 46 "heimdal/lib/hx509/sel-gram.y" +{ + char *string; + struct hx_expr *expr; +} +/* Line 187 of yacc.c. */ +#line 135 "heimdal/lib/hx509/sel-gram.y" + YYSTYPE; +# define yystype YYSTYPE /* obsolescent; will be withdrawn */ +# define YYSTYPE_IS_DECLARED 1 +# define YYSTYPE_IS_TRIVIAL 1 +#endif + + + +/* Copy the second part of user declarations. */ + + +/* Line 216 of yacc.c. */ +#line 148 "heimdal/lib/hx509/sel-gram.y" + +#ifdef short +# undef short +#endif + +#ifdef YYTYPE_UINT8 +typedef YYTYPE_UINT8 yytype_uint8; +#else +typedef unsigned char yytype_uint8; +#endif + +#ifdef YYTYPE_INT8 +typedef YYTYPE_INT8 yytype_int8; +#elif (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +typedef signed char yytype_int8; +#else +typedef short int yytype_int8; +#endif + +#ifdef YYTYPE_UINT16 +typedef YYTYPE_UINT16 yytype_uint16; +#else +typedef unsigned short int yytype_uint16; +#endif + +#ifdef YYTYPE_INT16 +typedef YYTYPE_INT16 yytype_int16; +#else +typedef short int yytype_int16; +#endif + +#ifndef YYSIZE_T +# ifdef __SIZE_TYPE__ +# define YYSIZE_T __SIZE_TYPE__ +# elif defined size_t +# define YYSIZE_T size_t +# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +# else +# define YYSIZE_T unsigned int +# endif +#endif + +#define YYSIZE_MAXIMUM ((YYSIZE_T) -1) + +#ifndef YY_ +# if YYENABLE_NLS +# if ENABLE_NLS +# include /* INFRINGES ON USER NAME SPACE */ +# define YY_(msgid) dgettext ("bison-runtime", msgid) +# endif +# endif +# ifndef YY_ +# define YY_(msgid) msgid +# endif +#endif + +/* Suppress unused-variable warnings by "using" E. */ +#if ! defined lint || defined __GNUC__ +# define YYUSE(e) ((void) (e)) +#else +# define YYUSE(e) /* empty */ +#endif + +/* Identity function, used to suppress warnings about constant conditions. */ +#ifndef lint +# define YYID(n) (n) +#else +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static int +YYID (int i) +#else +static int +YYID (i) + int i; +#endif +{ + return i; +} +#endif + +#if ! defined yyoverflow || YYERROR_VERBOSE + +/* The parser invokes alloca or malloc; define the necessary symbols. */ + +# ifdef YYSTACK_USE_ALLOCA +# if YYSTACK_USE_ALLOCA +# ifdef __GNUC__ +# define YYSTACK_ALLOC __builtin_alloca +# elif defined __BUILTIN_VA_ARG_INCR +# include /* INFRINGES ON USER NAME SPACE */ +# elif defined _AIX +# define YYSTACK_ALLOC __alloca +# elif defined _MSC_VER +# include /* INFRINGES ON USER NAME SPACE */ +# define alloca _alloca +# else +# define YYSTACK_ALLOC alloca +# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +# include /* INFRINGES ON USER NAME SPACE */ +# ifndef _STDLIB_H +# define _STDLIB_H 1 +# endif +# endif +# endif +# endif +# endif + +# ifdef YYSTACK_ALLOC + /* Pacify GCC's `empty if-body' warning. */ +# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0)) +# ifndef YYSTACK_ALLOC_MAXIMUM + /* The OS might guarantee only one guard page at the bottom of the stack, + and a page size can be as small as 4096 bytes. So we cannot safely + invoke alloca (N) if N exceeds 4096. Use a slightly smaller number + to allow for a few compiler-allocated temporary stack slots. */ +# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ +# endif +# else +# define YYSTACK_ALLOC YYMALLOC +# define YYSTACK_FREE YYFREE +# ifndef YYSTACK_ALLOC_MAXIMUM +# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM +# endif +# if (defined __cplusplus && ! defined _STDLIB_H \ + && ! ((defined YYMALLOC || defined malloc) \ + && (defined YYFREE || defined free))) +# include /* INFRINGES ON USER NAME SPACE */ +# ifndef _STDLIB_H +# define _STDLIB_H 1 +# endif +# endif +# ifndef YYMALLOC +# define YYMALLOC malloc +# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ +# endif +# endif +# ifndef YYFREE +# define YYFREE free +# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +void free (void *); /* INFRINGES ON USER NAME SPACE */ +# endif +# endif +# endif +#endif /* ! defined yyoverflow || YYERROR_VERBOSE */ + + +#if (! defined yyoverflow \ + && (! defined __cplusplus \ + || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) + +/* A type that is properly aligned for any stack member. */ +union yyalloc +{ + yytype_int16 yyss; + YYSTYPE yyvs; + }; + +/* The size of the maximum gap between one aligned stack and the next. */ +# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) + +/* The size of an array large to enough to hold all stacks, each with + N elements. */ +# define YYSTACK_BYTES(N) \ + ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ + + YYSTACK_GAP_MAXIMUM) + +/* Copy COUNT objects from FROM to TO. The source and destination do + not overlap. */ +# ifndef YYCOPY +# if defined __GNUC__ && 1 < __GNUC__ +# define YYCOPY(To, From, Count) \ + __builtin_memcpy (To, From, (Count) * sizeof (*(From))) +# else +# define YYCOPY(To, From, Count) \ + do \ + { \ + YYSIZE_T yyi; \ + for (yyi = 0; yyi < (Count); yyi++) \ + (To)[yyi] = (From)[yyi]; \ + } \ + while (YYID (0)) +# endif +# endif + +/* Relocate STACK from its old location to the new one. The + local variables YYSIZE and YYSTACKSIZE give the old and new number of + elements in the stack, and YYPTR gives the new location of the + stack. Advance YYPTR to a properly aligned location for the next + stack. */ +# define YYSTACK_RELOCATE(Stack) \ + do \ + { \ + YYSIZE_T yynewbytes; \ + YYCOPY (&yyptr->Stack, Stack, yysize); \ + Stack = &yyptr->Stack; \ + yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ + yyptr += yynewbytes / sizeof (*yyptr); \ + } \ + while (YYID (0)) + +#endif + +/* YYFINAL -- State number of the termination state. */ +#define YYFINAL 21 +/* YYLAST -- Last index in YYTABLE. */ +#define YYLAST 50 + +/* YYNTOKENS -- Number of terminals. */ +#define YYNTOKENS 21 +/* YYNNTS -- Number of nonterminals. */ +#define YYNNTS 11 +/* YYNRULES -- Number of rules. */ +#define YYNRULES 26 +/* YYNRULES -- Number of states. */ +#define YYNSTATES 50 + +/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ +#define YYUNDEFTOK 2 +#define YYMAXUTOK 266 + +#define YYTRANSLATE(YYX) \ + ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) + +/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ +static const yytype_uint8 yytranslate[] = +{ + 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 12, 2, 2, 2, 17, 2, 2, + 13, 14, 2, 2, 15, 2, 20, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 16, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 18, 2, 19, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, + 5, 6, 7, 8, 9, 10, 11 +}; + +#if YYDEBUG +/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in + YYRHS. */ +static const yytype_uint8 yyprhs[] = +{ + 0, 0, 3, 5, 7, 9, 12, 16, 20, 24, + 26, 28, 32, 37, 42, 46, 52, 56, 58, 60, + 62, 64, 66, 68, 73, 78, 82 +}; + +/* YYRHS -- A `-1'-separated list of the rules' RHS. */ +static const yytype_int8 yyrhs[] = +{ + 22, 0, -1, 23, -1, 3, -1, 4, -1, 12, + 23, -1, 23, 5, 23, -1, 23, 6, 23, -1, + 13, 23, 14, -1, 25, -1, 26, -1, 26, 15, + 24, -1, 26, 16, 16, 26, -1, 26, 12, 16, + 26, -1, 26, 8, 26, -1, 26, 7, 13, 24, + 14, -1, 26, 7, 30, -1, 27, -1, 28, -1, + 29, -1, 30, -1, 9, -1, 10, -1, 11, 13, + 24, 14, -1, 17, 18, 31, 19, -1, 11, 20, + 31, -1, 11, -1 +}; + +/* YYRLINE[YYN] -- source line where rule number YYN was defined. */ +static const yytype_uint8 yyrline[] = +{ + 0, 74, 74, 76, 77, 78, 79, 80, 81, 82, + 85, 86, 89, 90, 91, 92, 93, 96, 97, 98, + 99, 102, 103, 105, 108, 111, 113 +}; +#endif + +#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE +/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. + First, the terminals, then, starting at YYNTOKENS, nonterminals. */ +static const char *const yytname[] = +{ + "$end", "error", "$undefined", "kw_TRUE", "kw_FALSE", "kw_AND", "kw_OR", + "kw_IN", "kw_TAILMATCH", "NUMBER", "STRING", "IDENTIFIER", "'!'", "'('", + "')'", "','", "'='", "'%'", "'{'", "'}'", "'.'", "$accept", "start", + "expr", "words", "comp", "word", "number", "string", "function", + "variable", "variables", 0 +}; +#endif + +# ifdef YYPRINT +/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to + token YYLEX-NUM. */ +static const yytype_uint16 yytoknum[] = +{ + 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, + 265, 266, 33, 40, 41, 44, 61, 37, 123, 125, + 46 +}; +# endif + +/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ +static const yytype_uint8 yyr1[] = +{ + 0, 21, 22, 23, 23, 23, 23, 23, 23, 23, + 24, 24, 25, 25, 25, 25, 25, 26, 26, 26, + 26, 27, 28, 29, 30, 31, 31 +}; + +/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ +static const yytype_uint8 yyr2[] = +{ + 0, 2, 1, 1, 1, 2, 3, 3, 3, 1, + 1, 3, 4, 4, 3, 5, 3, 1, 1, 1, + 1, 1, 1, 4, 4, 3, 1 +}; + +/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state + STATE-NUM when YYTABLE doesn't specify something else to do. Zero + means the default is an error. */ +static const yytype_uint8 yydefact[] = +{ + 0, 3, 4, 21, 22, 0, 0, 0, 0, 0, + 2, 9, 0, 17, 18, 19, 20, 0, 5, 0, + 0, 1, 0, 0, 0, 0, 0, 0, 0, 10, + 8, 26, 0, 6, 7, 0, 16, 14, 0, 0, + 23, 0, 0, 24, 0, 13, 12, 11, 25, 15 +}; + +/* YYDEFGOTO[NTERM-NUM]. */ +static const yytype_int8 yydefgoto[] = +{ + -1, 9, 10, 28, 11, 12, 13, 14, 15, 16, + 32 +}; + +/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing + STATE-NUM. */ +#define YYPACT_NINF -31 +static const yytype_int8 yypact[] = +{ + 22, -31, -31, -31, -31, -1, 22, 22, -11, 27, + 11, -31, -6, -31, -31, -31, -31, 19, 11, 9, + 26, -31, 22, 22, -4, 19, 24, 25, 28, 23, + -31, 29, 31, 11, 11, 19, -31, -31, 19, 19, + -31, 19, 26, -31, 30, -31, -31, -31, -31, -31 +}; + +/* YYPGOTO[NTERM-NUM]. */ +static const yytype_int8 yypgoto[] = +{ + -31, -31, -3, -30, -31, -17, -31, -31, -31, 21, + 1 +}; + +/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If + positive, shift that token. If negative, reduce the rule which + number is the opposite. If zero, do what YYDEFACT says. + If YYTABLE_NINF, syntax error. */ +#define YYTABLE_NINF -1 +static const yytype_uint8 yytable[] = +{ + 29, 24, 25, 18, 19, 44, 26, 20, 37, 35, + 27, 47, 17, 8, 22, 23, 22, 23, 29, 33, + 34, 45, 46, 30, 29, 1, 2, 21, 3, 4, + 5, 3, 4, 5, 6, 7, 8, 31, 41, 8, + 38, 39, 40, 48, 49, 36, 0, 0, 0, 42, + 43 +}; + +static const yytype_int8 yycheck[] = +{ + 17, 7, 8, 6, 7, 35, 12, 18, 25, 13, + 16, 41, 13, 17, 5, 6, 5, 6, 35, 22, + 23, 38, 39, 14, 41, 3, 4, 0, 9, 10, + 11, 9, 10, 11, 12, 13, 17, 11, 15, 17, + 16, 16, 14, 42, 14, 24, -1, -1, -1, 20, + 19 +}; + +/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing + symbol of state STATE-NUM. */ +static const yytype_uint8 yystos[] = +{ + 0, 3, 4, 9, 10, 11, 12, 13, 17, 22, + 23, 25, 26, 27, 28, 29, 30, 13, 23, 23, + 18, 0, 5, 6, 7, 8, 12, 16, 24, 26, + 14, 11, 31, 23, 23, 13, 30, 26, 16, 16, + 14, 15, 20, 19, 24, 26, 26, 24, 31, 14 +}; + +#define yyerrok (yyerrstatus = 0) +#define yyclearin (yychar = YYEMPTY) +#define YYEMPTY (-2) +#define YYEOF 0 + +#define YYACCEPT goto yyacceptlab +#define YYABORT goto yyabortlab +#define YYERROR goto yyerrorlab + + +/* Like YYERROR except do call yyerror. This remains here temporarily + to ease the transition to the new meaning of YYERROR, for GCC. + Once GCC version 2 has supplanted version 1, this can go. */ + +#define YYFAIL goto yyerrlab + +#define YYRECOVERING() (!!yyerrstatus) + +#define YYBACKUP(Token, Value) \ +do \ + if (yychar == YYEMPTY && yylen == 1) \ + { \ + yychar = (Token); \ + yylval = (Value); \ + yytoken = YYTRANSLATE (yychar); \ + YYPOPSTACK (1); \ + goto yybackup; \ + } \ + else \ + { \ + yyerror (YY_("syntax error: cannot back up")); \ + YYERROR; \ + } \ +while (YYID (0)) + + +#define YYTERROR 1 +#define YYERRCODE 256 + + +/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. + If N is 0, then set CURRENT to the empty location which ends + the previous symbol: RHS[0] (always defined). */ + +#define YYRHSLOC(Rhs, K) ((Rhs)[K]) +#ifndef YYLLOC_DEFAULT +# define YYLLOC_DEFAULT(Current, Rhs, N) \ + do \ + if (YYID (N)) \ + { \ + (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ + (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ + (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ + (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ + } \ + else \ + { \ + (Current).first_line = (Current).last_line = \ + YYRHSLOC (Rhs, 0).last_line; \ + (Current).first_column = (Current).last_column = \ + YYRHSLOC (Rhs, 0).last_column; \ + } \ + while (YYID (0)) +#endif + + +/* YY_LOCATION_PRINT -- Print the location on the stream. + This macro was not mandated originally: define only if we know + we won't break user code: when these are the locations we know. */ + +#ifndef YY_LOCATION_PRINT +# if YYLTYPE_IS_TRIVIAL +# define YY_LOCATION_PRINT(File, Loc) \ + fprintf (File, "%d.%d-%d.%d", \ + (Loc).first_line, (Loc).first_column, \ + (Loc).last_line, (Loc).last_column) +# else +# define YY_LOCATION_PRINT(File, Loc) ((void) 0) +# endif +#endif + + +/* YYLEX -- calling `yylex' with the right arguments. */ + +#ifdef YYLEX_PARAM +# define YYLEX yylex (YYLEX_PARAM) +#else +# define YYLEX yylex () +#endif + +/* Enable debugging if requested. */ +#if YYDEBUG + +# ifndef YYFPRINTF +# include /* INFRINGES ON USER NAME SPACE */ +# define YYFPRINTF fprintf +# endif + +# define YYDPRINTF(Args) \ +do { \ + if (yydebug) \ + YYFPRINTF Args; \ +} while (YYID (0)) + +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ +do { \ + if (yydebug) \ + { \ + YYFPRINTF (stderr, "%s ", Title); \ + yy_symbol_print (stderr, \ + Type, Value); \ + YYFPRINTF (stderr, "\n"); \ + } \ +} while (YYID (0)) + + +/*--------------------------------. +| Print this symbol on YYOUTPUT. | +`--------------------------------*/ + +/*ARGSUSED*/ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) +#else +static void +yy_symbol_value_print (yyoutput, yytype, yyvaluep) + FILE *yyoutput; + int yytype; + YYSTYPE const * const yyvaluep; +#endif +{ + if (!yyvaluep) + return; +# ifdef YYPRINT + if (yytype < YYNTOKENS) + YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); +# else + YYUSE (yyoutput); +# endif + switch (yytype) + { + default: + break; + } +} + + +/*--------------------------------. +| Print this symbol on YYOUTPUT. | +`--------------------------------*/ + +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) +#else +static void +yy_symbol_print (yyoutput, yytype, yyvaluep) + FILE *yyoutput; + int yytype; + YYSTYPE const * const yyvaluep; +#endif +{ + if (yytype < YYNTOKENS) + YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); + else + YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + + yy_symbol_value_print (yyoutput, yytype, yyvaluep); + YYFPRINTF (yyoutput, ")"); +} + +/*------------------------------------------------------------------. +| yy_stack_print -- Print the state stack from its BOTTOM up to its | +| TOP (included). | +`------------------------------------------------------------------*/ + +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yy_stack_print (yytype_int16 *bottom, yytype_int16 *top) +#else +static void +yy_stack_print (bottom, top) + yytype_int16 *bottom; + yytype_int16 *top; +#endif +{ + YYFPRINTF (stderr, "Stack now"); + for (; bottom <= top; ++bottom) + YYFPRINTF (stderr, " %d", *bottom); + YYFPRINTF (stderr, "\n"); +} + +# define YY_STACK_PRINT(Bottom, Top) \ +do { \ + if (yydebug) \ + yy_stack_print ((Bottom), (Top)); \ +} while (YYID (0)) + + +/*------------------------------------------------. +| Report that the YYRULE is going to be reduced. | +`------------------------------------------------*/ + +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yy_reduce_print (YYSTYPE *yyvsp, int yyrule) +#else +static void +yy_reduce_print (yyvsp, yyrule) + YYSTYPE *yyvsp; + int yyrule; +#endif +{ + int yynrhs = yyr2[yyrule]; + int yyi; + unsigned long int yylno = yyrline[yyrule]; + YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", + yyrule - 1, yylno); + /* The symbols being reduced. */ + for (yyi = 0; yyi < yynrhs; yyi++) + { + fprintf (stderr, " $%d = ", yyi + 1); + yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], + &(yyvsp[(yyi + 1) - (yynrhs)]) + ); + fprintf (stderr, "\n"); + } +} + +# define YY_REDUCE_PRINT(Rule) \ +do { \ + if (yydebug) \ + yy_reduce_print (yyvsp, Rule); \ +} while (YYID (0)) + +/* Nonzero means print parse trace. It is left uninitialized so that + multiple parsers can coexist. */ +int yydebug; +#else /* !YYDEBUG */ +# define YYDPRINTF(Args) +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) +# define YY_STACK_PRINT(Bottom, Top) +# define YY_REDUCE_PRINT(Rule) +#endif /* !YYDEBUG */ + + +/* YYINITDEPTH -- initial size of the parser's stacks. */ +#ifndef YYINITDEPTH +# define YYINITDEPTH 200 +#endif + +/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only + if the built-in stack extension method is used). + + Do not make this value too large; the results are undefined if + YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) + evaluated with infinite-precision integer arithmetic. */ + +#ifndef YYMAXDEPTH +# define YYMAXDEPTH 10000 +#endif + + + +#if YYERROR_VERBOSE + +# ifndef yystrlen +# if defined __GLIBC__ && defined _STRING_H +# define yystrlen strlen +# else +/* Return the length of YYSTR. */ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static YYSIZE_T +yystrlen (const char *yystr) +#else +static YYSIZE_T +yystrlen (yystr) + const char *yystr; +#endif +{ + YYSIZE_T yylen; + for (yylen = 0; yystr[yylen]; yylen++) + continue; + return yylen; +} +# endif +# endif + +# ifndef yystpcpy +# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE +# define yystpcpy stpcpy +# else +/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in + YYDEST. */ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static char * +yystpcpy (char *yydest, const char *yysrc) +#else +static char * +yystpcpy (yydest, yysrc) + char *yydest; + const char *yysrc; +#endif +{ + char *yyd = yydest; + const char *yys = yysrc; + + while ((*yyd++ = *yys++) != '\0') + continue; + + return yyd - 1; +} +# endif +# endif + +# ifndef yytnamerr +/* Copy to YYRES the contents of YYSTR after stripping away unnecessary + quotes and backslashes, so that it's suitable for yyerror. The + heuristic is that double-quoting is unnecessary unless the string + contains an apostrophe, a comma, or backslash (other than + backslash-backslash). YYSTR is taken from yytname. If YYRES is + null, do not copy; instead, return the length of what the result + would have been. */ +static YYSIZE_T +yytnamerr (char *yyres, const char *yystr) +{ + if (*yystr == '"') + { + YYSIZE_T yyn = 0; + char const *yyp = yystr; + + for (;;) + switch (*++yyp) + { + case '\'': + case ',': + goto do_not_strip_quotes; + + case '\\': + if (*++yyp != '\\') + goto do_not_strip_quotes; + /* Fall through. */ + default: + if (yyres) + yyres[yyn] = *yyp; + yyn++; + break; + + case '"': + if (yyres) + yyres[yyn] = '\0'; + return yyn; + } + do_not_strip_quotes: ; + } + + if (! yyres) + return yystrlen (yystr); + + return yystpcpy (yyres, yystr) - yyres; +} +# endif + +/* Copy into YYRESULT an error message about the unexpected token + YYCHAR while in state YYSTATE. Return the number of bytes copied, + including the terminating null byte. If YYRESULT is null, do not + copy anything; just return the number of bytes that would be + copied. As a special case, return 0 if an ordinary "syntax error" + message will do. Return YYSIZE_MAXIMUM if overflow occurs during + size calculation. */ +static YYSIZE_T +yysyntax_error (char *yyresult, int yystate, int yychar) +{ + int yyn = yypact[yystate]; + + if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) + return 0; + else + { + int yytype = YYTRANSLATE (yychar); + YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); + YYSIZE_T yysize = yysize0; + YYSIZE_T yysize1; + int yysize_overflow = 0; + enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; + char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; + int yyx; + +# if 0 + /* This is so xgettext sees the translatable formats that are + constructed on the fly. */ + YY_("syntax error, unexpected %s"); + YY_("syntax error, unexpected %s, expecting %s"); + YY_("syntax error, unexpected %s, expecting %s or %s"); + YY_("syntax error, unexpected %s, expecting %s or %s or %s"); + YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); +# endif + char *yyfmt; + char const *yyf; + static char const yyunexpected[] = "syntax error, unexpected %s"; + static char const yyexpecting[] = ", expecting %s"; + static char const yyor[] = " or %s"; + char yyformat[sizeof yyunexpected + + sizeof yyexpecting - 1 + + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) + * (sizeof yyor - 1))]; + char const *yyprefix = yyexpecting; + + /* Start YYX at -YYN if negative to avoid negative indexes in + YYCHECK. */ + int yyxbegin = yyn < 0 ? -yyn : 0; + + /* Stay within bounds of both yycheck and yytname. */ + int yychecklim = YYLAST - yyn + 1; + int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; + int yycount = 1; + + yyarg[0] = yytname[yytype]; + yyfmt = yystpcpy (yyformat, yyunexpected); + + for (yyx = yyxbegin; yyx < yyxend; ++yyx) + if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) + { + if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) + { + yycount = 1; + yysize = yysize0; + yyformat[sizeof yyunexpected - 1] = '\0'; + break; + } + yyarg[yycount++] = yytname[yyx]; + yysize1 = yysize + yytnamerr (0, yytname[yyx]); + yysize_overflow |= (yysize1 < yysize); + yysize = yysize1; + yyfmt = yystpcpy (yyfmt, yyprefix); + yyprefix = yyor; + } + + yyf = YY_(yyformat); + yysize1 = yysize + yystrlen (yyf); + yysize_overflow |= (yysize1 < yysize); + yysize = yysize1; + + if (yysize_overflow) + return YYSIZE_MAXIMUM; + + if (yyresult) + { + /* Avoid sprintf, as that infringes on the user's name space. + Don't have undefined behavior even if the translation + produced a string with the wrong number of "%s"s. */ + char *yyp = yyresult; + int yyi = 0; + while ((*yyp = *yyf) != '\0') + { + if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) + { + yyp += yytnamerr (yyp, yyarg[yyi++]); + yyf += 2; + } + else + { + yyp++; + yyf++; + } + } + } + return yysize; + } +} +#endif /* YYERROR_VERBOSE */ + + +/*-----------------------------------------------. +| Release the memory associated to this symbol. | +`-----------------------------------------------*/ + +/*ARGSUSED*/ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) +#else +static void +yydestruct (yymsg, yytype, yyvaluep) + const char *yymsg; + int yytype; + YYSTYPE *yyvaluep; +#endif +{ + YYUSE (yyvaluep); + + if (!yymsg) + yymsg = "Deleting"; + YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); + + switch (yytype) + { + + default: + break; + } +} + + +/* Prevent warnings from -Wmissing-prototypes. */ + +#ifdef YYPARSE_PARAM +#if defined __STDC__ || defined __cplusplus +int yyparse (void *YYPARSE_PARAM); +#else +int yyparse (); +#endif +#else /* ! YYPARSE_PARAM */ +#if defined __STDC__ || defined __cplusplus +int yyparse (void); +#else +int yyparse (); +#endif +#endif /* ! YYPARSE_PARAM */ + + + +/* The look-ahead symbol. */ +int yychar; + +/* The semantic value of the look-ahead symbol. */ +YYSTYPE yylval; + +/* Number of syntax errors so far. */ +int yynerrs; + + + +/*----------. +| yyparse. | +`----------*/ + +#ifdef YYPARSE_PARAM +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +int +yyparse (void *YYPARSE_PARAM) +#else +int +yyparse (YYPARSE_PARAM) + void *YYPARSE_PARAM; +#endif +#else /* ! YYPARSE_PARAM */ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +int +yyparse (void) +#else +int +yyparse () + +#endif +#endif +{ + + int yystate; + int yyn; + int yyresult; + /* Number of tokens to shift before error messages enabled. */ + int yyerrstatus; + /* Look-ahead token as an internal (translated) token number. */ + int yytoken = 0; +#if YYERROR_VERBOSE + /* Buffer for error messages, and its allocated size. */ + char yymsgbuf[128]; + char *yymsg = yymsgbuf; + YYSIZE_T yymsg_alloc = sizeof yymsgbuf; +#endif + + /* Three stacks and their tools: + `yyss': related to states, + `yyvs': related to semantic values, + `yyls': related to locations. + + Refer to the stacks thru separate pointers, to allow yyoverflow + to reallocate them elsewhere. */ + + /* The state stack. */ + yytype_int16 yyssa[YYINITDEPTH]; + yytype_int16 *yyss = yyssa; + yytype_int16 *yyssp; + + /* The semantic value stack. */ + YYSTYPE yyvsa[YYINITDEPTH]; + YYSTYPE *yyvs = yyvsa; + YYSTYPE *yyvsp; + + + +#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) + + YYSIZE_T yystacksize = YYINITDEPTH; + + /* The variables used to return semantic value and location from the + action routines. */ + YYSTYPE yyval; + + + /* The number of symbols on the RHS of the reduced rule. + Keep to zero when no symbol should be popped. */ + int yylen = 0; + + YYDPRINTF ((stderr, "Starting parse\n")); + + yystate = 0; + yyerrstatus = 0; + yynerrs = 0; + yychar = YYEMPTY; /* Cause a token to be read. */ + + /* Initialize stack pointers. + Waste one element of value and location stack + so that they stay on the same level as the state stack. + The wasted elements are never initialized. */ + + yyssp = yyss; + yyvsp = yyvs; + + goto yysetstate; + +/*------------------------------------------------------------. +| yynewstate -- Push a new state, which is found in yystate. | +`------------------------------------------------------------*/ + yynewstate: + /* In all cases, when you get here, the value and location stacks + have just been pushed. So pushing a state here evens the stacks. */ + yyssp++; + + yysetstate: + *yyssp = yystate; + + if (yyss + yystacksize - 1 <= yyssp) + { + /* Get the current used size of the three stacks, in elements. */ + YYSIZE_T yysize = yyssp - yyss + 1; + +#ifdef yyoverflow + { + /* Give user a chance to reallocate the stack. Use copies of + these so that the &'s don't force the real ones into + memory. */ + YYSTYPE *yyvs1 = yyvs; + yytype_int16 *yyss1 = yyss; + + + /* Each stack pointer address is followed by the size of the + data in use in that stack, in bytes. This used to be a + conditional around just the two extra args, but that might + be undefined if yyoverflow is a macro. */ + yyoverflow (YY_("memory exhausted"), + &yyss1, yysize * sizeof (*yyssp), + &yyvs1, yysize * sizeof (*yyvsp), + + &yystacksize); + + yyss = yyss1; + yyvs = yyvs1; + } +#else /* no yyoverflow */ +# ifndef YYSTACK_RELOCATE + goto yyexhaustedlab; +# else + /* Extend the stack our own way. */ + if (YYMAXDEPTH <= yystacksize) + goto yyexhaustedlab; + yystacksize *= 2; + if (YYMAXDEPTH < yystacksize) + yystacksize = YYMAXDEPTH; + + { + yytype_int16 *yyss1 = yyss; + union yyalloc *yyptr = + (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); + if (! yyptr) + goto yyexhaustedlab; + YYSTACK_RELOCATE (yyss); + YYSTACK_RELOCATE (yyvs); + +# undef YYSTACK_RELOCATE + if (yyss1 != yyssa) + YYSTACK_FREE (yyss1); + } +# endif +#endif /* no yyoverflow */ + + yyssp = yyss + yysize - 1; + yyvsp = yyvs + yysize - 1; + + + YYDPRINTF ((stderr, "Stack size increased to %lu\n", + (unsigned long int) yystacksize)); + + if (yyss + yystacksize - 1 <= yyssp) + YYABORT; + } + + YYDPRINTF ((stderr, "Entering state %d\n", yystate)); + + goto yybackup; + +/*-----------. +| yybackup. | +`-----------*/ +yybackup: + + /* Do appropriate processing given the current state. Read a + look-ahead token if we need one and don't already have one. */ + + /* First try to decide what to do without reference to look-ahead token. */ + yyn = yypact[yystate]; + if (yyn == YYPACT_NINF) + goto yydefault; + + /* Not known => get a look-ahead token if don't already have one. */ + + /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ + if (yychar == YYEMPTY) + { + YYDPRINTF ((stderr, "Reading a token: ")); + yychar = YYLEX; + } + + if (yychar <= YYEOF) + { + yychar = yytoken = YYEOF; + YYDPRINTF ((stderr, "Now at end of input.\n")); + } + else + { + yytoken = YYTRANSLATE (yychar); + YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); + } + + /* If the proper action on seeing token YYTOKEN is to reduce or to + detect an error, take that action. */ + yyn += yytoken; + if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) + goto yydefault; + yyn = yytable[yyn]; + if (yyn <= 0) + { + if (yyn == 0 || yyn == YYTABLE_NINF) + goto yyerrlab; + yyn = -yyn; + goto yyreduce; + } + + if (yyn == YYFINAL) + YYACCEPT; + + /* Count tokens shifted since error; after three, turn off error + status. */ + if (yyerrstatus) + yyerrstatus--; + + /* Shift the look-ahead token. */ + YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); + + /* Discard the shifted token unless it is eof. */ + if (yychar != YYEOF) + yychar = YYEMPTY; + + yystate = yyn; + *++yyvsp = yylval; + + goto yynewstate; + + +/*-----------------------------------------------------------. +| yydefault -- do the default action for the current state. | +`-----------------------------------------------------------*/ +yydefault: + yyn = yydefact[yystate]; + if (yyn == 0) + goto yyerrlab; + goto yyreduce; + + +/*-----------------------------. +| yyreduce -- Do a reduction. | +`-----------------------------*/ +yyreduce: + /* yyn is the number of a rule to reduce with. */ + yylen = yyr2[yyn]; + + /* If YYLEN is nonzero, implement the default value of the action: + `$$ = $1'. + + Otherwise, the following line sets YYVAL to garbage. + This behavior is undocumented and Bison + users should not rely upon it. Assigning to YYVAL + unconditionally makes the parser a bit smaller, and it avoids a + GCC warning that YYVAL may be used uninitialized. */ + yyval = yyvsp[1-yylen]; + + + YY_REDUCE_PRINT (yyn); + switch (yyn) + { + case 2: +#line 74 "heimdal/lib/hx509/sel-gram.y" + { _hx509_expr_input.expr = (yyvsp[(1) - (1)].expr); } + break; + + case 3: +#line 76 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = _hx509_make_expr(op_TRUE, NULL, NULL); } + break; + + case 4: +#line 77 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = _hx509_make_expr(op_FALSE, NULL, NULL); } + break; + + case 5: +#line 78 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = _hx509_make_expr(op_NOT, (yyvsp[(2) - (2)].expr), NULL); } + break; + + case 6: +#line 79 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = _hx509_make_expr(op_AND, (yyvsp[(1) - (3)].expr), (yyvsp[(3) - (3)].expr)); } + break; + + case 7: +#line 80 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = _hx509_make_expr(op_OR, (yyvsp[(1) - (3)].expr), (yyvsp[(3) - (3)].expr)); } + break; + + case 8: +#line 81 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = (yyvsp[(2) - (3)].expr); } + break; + + case 9: +#line 82 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = _hx509_make_expr(op_COMP, (yyvsp[(1) - (1)].expr), NULL); } + break; + + case 10: +#line 85 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = _hx509_make_expr(expr_WORDS, (yyvsp[(1) - (1)].expr), NULL); } + break; + + case 11: +#line 86 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = _hx509_make_expr(expr_WORDS, (yyvsp[(1) - (3)].expr), (yyvsp[(3) - (3)].expr)); } + break; + + case 12: +#line 89 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = _hx509_make_expr(comp_EQ, (yyvsp[(1) - (4)].expr), (yyvsp[(4) - (4)].expr)); } + break; + + case 13: +#line 90 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = _hx509_make_expr(comp_NE, (yyvsp[(1) - (4)].expr), (yyvsp[(4) - (4)].expr)); } + break; + + case 14: +#line 91 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = _hx509_make_expr(comp_TAILEQ, (yyvsp[(1) - (3)].expr), (yyvsp[(3) - (3)].expr)); } + break; + + case 15: +#line 92 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = _hx509_make_expr(comp_IN, (yyvsp[(1) - (5)].expr), (yyvsp[(4) - (5)].expr)); } + break; + + case 16: +#line 93 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = _hx509_make_expr(comp_IN, (yyvsp[(1) - (3)].expr), (yyvsp[(3) - (3)].expr)); } + break; + + case 17: +#line 96 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = (yyvsp[(1) - (1)].expr); } + break; + + case 18: +#line 97 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = (yyvsp[(1) - (1)].expr); } + break; + + case 19: +#line 98 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = (yyvsp[(1) - (1)].expr); } + break; + + case 20: +#line 99 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = (yyvsp[(1) - (1)].expr); } + break; + + case 21: +#line 102 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = _hx509_make_expr(expr_NUMBER, (yyvsp[(1) - (1)].string), NULL); } + break; + + case 22: +#line 103 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = _hx509_make_expr(expr_STRING, (yyvsp[(1) - (1)].string), NULL); } + break; + + case 23: +#line 105 "heimdal/lib/hx509/sel-gram.y" + { + (yyval.expr) = _hx509_make_expr(expr_FUNCTION, (yyvsp[(1) - (4)].string), (yyvsp[(3) - (4)].expr)); } + break; + + case 24: +#line 108 "heimdal/lib/hx509/sel-gram.y" + { (yyval.expr) = (yyvsp[(3) - (4)].expr); } + break; + + case 25: +#line 111 "heimdal/lib/hx509/sel-gram.y" + { + (yyval.expr) = _hx509_make_expr(expr_VAR, (yyvsp[(1) - (3)].string), (yyvsp[(3) - (3)].expr)); } + break; + + case 26: +#line 113 "heimdal/lib/hx509/sel-gram.y" + { + (yyval.expr) = _hx509_make_expr(expr_VAR, (yyvsp[(1) - (1)].string), NULL); } + break; + + +/* Line 1267 of yacc.c. */ +#line 1501 "heimdal/lib/hx509/sel-gram.y" + default: break; + } + YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); + + YYPOPSTACK (yylen); + yylen = 0; + YY_STACK_PRINT (yyss, yyssp); + + *++yyvsp = yyval; + + + /* Now `shift' the result of the reduction. Determine what state + that goes to, based on the state we popped back to and the rule + number reduced by. */ + + yyn = yyr1[yyn]; + + yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; + if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) + yystate = yytable[yystate]; + else + yystate = yydefgoto[yyn - YYNTOKENS]; + + goto yynewstate; + + +/*------------------------------------. +| yyerrlab -- here on detecting error | +`------------------------------------*/ +yyerrlab: + /* If not already recovering from an error, report this error. */ + if (!yyerrstatus) + { + ++yynerrs; +#if ! YYERROR_VERBOSE + yyerror (YY_("syntax error")); +#else + { + YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); + if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) + { + YYSIZE_T yyalloc = 2 * yysize; + if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) + yyalloc = YYSTACK_ALLOC_MAXIMUM; + if (yymsg != yymsgbuf) + YYSTACK_FREE (yymsg); + yymsg = (char *) YYSTACK_ALLOC (yyalloc); + if (yymsg) + yymsg_alloc = yyalloc; + else + { + yymsg = yymsgbuf; + yymsg_alloc = sizeof yymsgbuf; + } + } + + if (0 < yysize && yysize <= yymsg_alloc) + { + (void) yysyntax_error (yymsg, yystate, yychar); + yyerror (yymsg); + } + else + { + yyerror (YY_("syntax error")); + if (yysize != 0) + goto yyexhaustedlab; + } + } +#endif + } + + + + if (yyerrstatus == 3) + { + /* If just tried and failed to reuse look-ahead token after an + error, discard it. */ + + if (yychar <= YYEOF) + { + /* Return failure if at end of input. */ + if (yychar == YYEOF) + YYABORT; + } + else + { + yydestruct ("Error: discarding", + yytoken, &yylval); + yychar = YYEMPTY; + } + } + + /* Else will try to reuse look-ahead token after shifting the error + token. */ + goto yyerrlab1; + + +/*---------------------------------------------------. +| yyerrorlab -- error raised explicitly by YYERROR. | +`---------------------------------------------------*/ +yyerrorlab: + + /* Pacify compilers like GCC when the user code never invokes + YYERROR and the label yyerrorlab therefore never appears in user + code. */ + if (/*CONSTCOND*/ 0) + goto yyerrorlab; + + /* Do not reclaim the symbols of the rule which action triggered + this YYERROR. */ + YYPOPSTACK (yylen); + yylen = 0; + YY_STACK_PRINT (yyss, yyssp); + yystate = *yyssp; + goto yyerrlab1; + + +/*-------------------------------------------------------------. +| yyerrlab1 -- common code for both syntax error and YYERROR. | +`-------------------------------------------------------------*/ +yyerrlab1: + yyerrstatus = 3; /* Each real token shifted decrements this. */ + + for (;;) + { + yyn = yypact[yystate]; + if (yyn != YYPACT_NINF) + { + yyn += YYTERROR; + if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) + { + yyn = yytable[yyn]; + if (0 < yyn) + break; + } + } + + /* Pop the current state because it cannot handle the error token. */ + if (yyssp == yyss) + YYABORT; + + + yydestruct ("Error: popping", + yystos[yystate], yyvsp); + YYPOPSTACK (1); + yystate = *yyssp; + YY_STACK_PRINT (yyss, yyssp); + } + + if (yyn == YYFINAL) + YYACCEPT; + + *++yyvsp = yylval; + + + /* Shift the error token. */ + YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); + + yystate = yyn; + goto yynewstate; + + +/*-------------------------------------. +| yyacceptlab -- YYACCEPT comes here. | +`-------------------------------------*/ +yyacceptlab: + yyresult = 0; + goto yyreturn; + +/*-----------------------------------. +| yyabortlab -- YYABORT comes here. | +`-----------------------------------*/ +yyabortlab: + yyresult = 1; + goto yyreturn; + +#ifndef yyoverflow +/*-------------------------------------------------. +| yyexhaustedlab -- memory exhaustion comes here. | +`-------------------------------------------------*/ +yyexhaustedlab: + yyerror (YY_("memory exhausted")); + yyresult = 2; + /* Fall through. */ +#endif + +yyreturn: + if (yychar != YYEOF && yychar != YYEMPTY) + yydestruct ("Cleanup: discarding lookahead", + yytoken, &yylval); + /* Do not reclaim the symbols of the rule which action triggered + this YYABORT or YYACCEPT. */ + YYPOPSTACK (yylen); + YY_STACK_PRINT (yyss, yyssp); + while (yyssp != yyss) + { + yydestruct ("Cleanup: popping", + yystos[*yyssp], yyvsp); + YYPOPSTACK (1); + } +#ifndef yyoverflow + if (yyss != yyssa) + YYSTACK_FREE (yyss); +#endif +#if YYERROR_VERBOSE + if (yymsg != yymsgbuf) + YYSTACK_FREE (yymsg); +#endif + /* Make sure YYID is used. */ + return YYID (yyresult); +} + + + diff --git a/source4/heimdal/lib/hx509/sel-gram.h b/source4/heimdal/lib/hx509/sel-gram.h new file mode 100644 index 0000000000..bb4a64d1c7 --- /dev/null +++ b/source4/heimdal/lib/hx509/sel-gram.h @@ -0,0 +1,83 @@ +/* A Bison parser, made by GNU Bison 2.3. */ + +/* Skeleton interface for Bison's Yacc-like parsers in C + + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 + Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. */ + +/* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work + under terms of your choice, so long as that work isn't itself a + parser generator using the skeleton or a modified version thereof + as a parser skeleton. Alternatively, if you modify or redistribute + the parser skeleton itself, you may (at your option) remove this + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. + + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. */ + +/* Tokens. */ +#ifndef YYTOKENTYPE +# define YYTOKENTYPE + /* Put the tokens into the symbol table, so that GDB and other debuggers + know about them. */ + enum yytokentype { + kw_TRUE = 258, + kw_FALSE = 259, + kw_AND = 260, + kw_OR = 261, + kw_IN = 262, + kw_TAILMATCH = 263, + NUMBER = 264, + STRING = 265, + IDENTIFIER = 266 + }; +#endif +/* Tokens. */ +#define kw_TRUE 258 +#define kw_FALSE 259 +#define kw_AND 260 +#define kw_OR 261 +#define kw_IN 262 +#define kw_TAILMATCH 263 +#define NUMBER 264 +#define STRING 265 +#define IDENTIFIER 266 + + + + +#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED +typedef union YYSTYPE +#line 46 "heimdal/lib/hx509/sel-gram.y" +{ + char *string; + struct hx_expr *expr; +} +/* Line 1489 of yacc.c. */ +#line 76 "heimdal/lib/hx509/sel-gram.y" + YYSTYPE; +# define yystype YYSTYPE /* obsolescent; will be withdrawn */ +# define YYSTYPE_IS_DECLARED 1 +# define YYSTYPE_IS_TRIVIAL 1 +#endif + +extern YYSTYPE yylval; + diff --git a/source4/heimdal/lib/hx509/sel-gram.y b/source4/heimdal/lib/hx509/sel-gram.y new file mode 100644 index 0000000000..ca34a1975f --- /dev/null +++ b/source4/heimdal/lib/hx509/sel-gram.y @@ -0,0 +1,115 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +%{ +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include + +RCSID("$Id$"); + +%} + +%union { + char *string; + struct hx_expr *expr; +} + +%token kw_TRUE +%token kw_FALSE +%token kw_AND +%token kw_OR +%token kw_IN +%token kw_TAILMATCH + +%type expr +%type comp +%type word words +%type number +%type string +%type function +%type variable variables + +%token NUMBER +%token STRING +%token IDENTIFIER + +%start start + +%% + +start: expr { _hx509_expr_input.expr = $1; } + +expr : kw_TRUE { $$ = _hx509_make_expr(op_TRUE, NULL, NULL); } + | kw_FALSE { $$ = _hx509_make_expr(op_FALSE, NULL, NULL); } + | '!' expr { $$ = _hx509_make_expr(op_NOT, $2, NULL); } + | expr kw_AND expr { $$ = _hx509_make_expr(op_AND, $1, $3); } + | expr kw_OR expr { $$ = _hx509_make_expr(op_OR, $1, $3); } + | '(' expr ')' { $$ = $2; } + | comp { $$ = _hx509_make_expr(op_COMP, $1, NULL); } + ; + +words : word { $$ = _hx509_make_expr(expr_WORDS, $1, NULL); } + | word ',' words { $$ = _hx509_make_expr(expr_WORDS, $1, $3); } + ; + +comp : word '=' '=' word { $$ = _hx509_make_expr(comp_EQ, $1, $4); } + | word '!' '=' word { $$ = _hx509_make_expr(comp_NE, $1, $4); } + | word kw_TAILMATCH word { $$ = _hx509_make_expr(comp_TAILEQ, $1, $3); } + | word kw_IN '(' words ')' { $$ = _hx509_make_expr(comp_IN, $1, $4); } + | word kw_IN variable { $$ = _hx509_make_expr(comp_IN, $1, $3); } + ; + +word : number { $$ = $1; } + | string { $$ = $1; } + | function { $$ = $1; } + | variable { $$ = $1; } + ; + +number : NUMBER { $$ = _hx509_make_expr(expr_NUMBER, $1, NULL); }; +string : STRING { $$ = _hx509_make_expr(expr_STRING, $1, NULL); }; + +function: IDENTIFIER '(' words ')' { + $$ = _hx509_make_expr(expr_FUNCTION, $1, $3); } + ; +variable: '%' '{' variables '}' { $$ = $3; } + ; + +variables: IDENTIFIER '.' variables { + $$ = _hx509_make_expr(expr_VAR, $1, $3); } + | IDENTIFIER { + $$ = _hx509_make_expr(expr_VAR, $1, NULL); } + ; diff --git a/source4/heimdal/lib/hx509/sel-lex.c b/source4/heimdal/lib/hx509/sel-lex.c new file mode 100644 index 0000000000..8dcb374c1f --- /dev/null +++ b/source4/heimdal/lib/hx509/sel-lex.c @@ -0,0 +1,1899 @@ +#include "config.h" + +#line 3 "heimdal/lib/hx509/sel-lex.c" + +#define YY_INT_ALIGNED short int + +/* A lexical scanner generated by flex */ + +#define FLEX_SCANNER +#define YY_FLEX_MAJOR_VERSION 2 +#define YY_FLEX_MINOR_VERSION 5 +#define YY_FLEX_SUBMINOR_VERSION 34 +#if YY_FLEX_SUBMINOR_VERSION > 0 +#define FLEX_BETA +#endif + +/* First, we deal with platform-specific or compiler-specific issues. */ + +/* begin standard C headers. */ +#include +#include +#include +#include + +/* end standard C headers. */ + +/* flex integer type definitions */ + +#ifndef FLEXINT_H +#define FLEXINT_H + +/* C99 systems have . Non-C99 systems may or may not. */ + +#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L + +/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, + * if you want the limit (max/min) macros for int types. + */ +#ifndef __STDC_LIMIT_MACROS +#define __STDC_LIMIT_MACROS 1 +#endif + +#include +typedef int8_t flex_int8_t; +typedef uint8_t flex_uint8_t; +typedef int16_t flex_int16_t; +typedef uint16_t flex_uint16_t; +typedef int32_t flex_int32_t; +typedef uint32_t flex_uint32_t; +#else +typedef signed char flex_int8_t; +typedef short int flex_int16_t; +typedef int flex_int32_t; +typedef unsigned char flex_uint8_t; +typedef unsigned short int flex_uint16_t; +typedef unsigned int flex_uint32_t; +#endif /* ! C99 */ + +/* Limits of integral types. */ +#ifndef INT8_MIN +#define INT8_MIN (-128) +#endif +#ifndef INT16_MIN +#define INT16_MIN (-32767-1) +#endif +#ifndef INT32_MIN +#define INT32_MIN (-2147483647-1) +#endif +#ifndef INT8_MAX +#define INT8_MAX (127) +#endif +#ifndef INT16_MAX +#define INT16_MAX (32767) +#endif +#ifndef INT32_MAX +#define INT32_MAX (2147483647) +#endif +#ifndef UINT8_MAX +#define UINT8_MAX (255U) +#endif +#ifndef UINT16_MAX +#define UINT16_MAX (65535U) +#endif +#ifndef UINT32_MAX +#define UINT32_MAX (4294967295U) +#endif + +#endif /* ! FLEXINT_H */ + +#ifdef __cplusplus + +/* The "const" storage-class-modifier is valid. */ +#define YY_USE_CONST + +#else /* ! __cplusplus */ + +/* C99 requires __STDC__ to be defined as 1. */ +#if defined (__STDC__) + +#define YY_USE_CONST + +#endif /* defined (__STDC__) */ +#endif /* ! __cplusplus */ + +#ifdef YY_USE_CONST +#define yyconst const +#else +#define yyconst +#endif + +/* Returned upon end-of-file. */ +#define YY_NULL 0 + +/* Promotes a possibly negative, possibly signed char to an unsigned + * integer for use as an array index. If the signed char is negative, + * we want to instead treat it as an 8-bit unsigned char, hence the + * double cast. + */ +#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) + +/* Enter a start condition. This macro really ought to take a parameter, + * but we do it the disgusting crufty way forced on us by the ()-less + * definition of BEGIN. + */ +#define BEGIN (yy_start) = 1 + 2 * + +/* Translate the current start state into a value that can be later handed + * to BEGIN to return to the state. The YYSTATE alias is for lex + * compatibility. + */ +#define YY_START (((yy_start) - 1) / 2) +#define YYSTATE YY_START + +/* Action number for EOF rule of a given start state. */ +#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) + +/* Special action meaning "start processing a new file". */ +#define YY_NEW_FILE yyrestart(yyin ) + +#define YY_END_OF_BUFFER_CHAR 0 + +/* Size of default input buffer. */ +#ifndef YY_BUF_SIZE +#define YY_BUF_SIZE 16384 +#endif + +/* The state buf must be large enough to hold one state per character in the main buffer. + */ +#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) + +#ifndef YY_TYPEDEF_YY_BUFFER_STATE +#define YY_TYPEDEF_YY_BUFFER_STATE +typedef struct yy_buffer_state *YY_BUFFER_STATE; +#endif + +extern int yyleng; + +extern FILE *yyin, *yyout; + +#define EOB_ACT_CONTINUE_SCAN 0 +#define EOB_ACT_END_OF_FILE 1 +#define EOB_ACT_LAST_MATCH 2 + + #define YY_LESS_LINENO(n) + +/* Return all but the first "n" matched characters back to the input stream. */ +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + *yy_cp = (yy_hold_char); \ + YY_RESTORE_YY_MORE_OFFSET \ + (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ + YY_DO_BEFORE_ACTION; /* set up yytext again */ \ + } \ + while ( 0 ) + +#define unput(c) yyunput( c, (yytext_ptr) ) + +/* The following is because we cannot portably get our hands on size_t + * (without autoconf's help, which isn't available because we want + * flex-generated scanners to compile on their own). + * Given that the standard has decreed that size_t exists since 1989, + * I guess we can afford to depend on it. Manoj. + */ + +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef size_t yy_size_t; +#endif + +#ifndef YY_STRUCT_YY_BUFFER_STATE +#define YY_STRUCT_YY_BUFFER_STATE +struct yy_buffer_state + { + FILE *yy_input_file; + + char *yy_ch_buf; /* input buffer */ + char *yy_buf_pos; /* current position in input buffer */ + + /* Size of input buffer in bytes, not including room for EOB + * characters. + */ + yy_size_t yy_buf_size; + + /* Number of characters read into yy_ch_buf, not including EOB + * characters. + */ + int yy_n_chars; + + /* Whether we "own" the buffer - i.e., we know we created it, + * and can realloc() it to grow it, and should free() it to + * delete it. + */ + int yy_is_our_buffer; + + /* Whether this is an "interactive" input source; if so, and + * if we're using stdio for input, then we want to use getc() + * instead of fread(), to make sure we stop fetching input after + * each newline. + */ + int yy_is_interactive; + + /* Whether we're considered to be at the beginning of a line. + * If so, '^' rules will be active on the next match, otherwise + * not. + */ + int yy_at_bol; + + int yy_bs_lineno; /**< The line count. */ + int yy_bs_column; /**< The column count. */ + + /* Whether to try to fill the input buffer when we reach the + * end of it. + */ + int yy_fill_buffer; + + int yy_buffer_status; + +#define YY_BUFFER_NEW 0 +#define YY_BUFFER_NORMAL 1 + /* When an EOF's been seen but there's still some text to process + * then we mark the buffer as YY_EOF_PENDING, to indicate that we + * shouldn't try reading from the input source any more. We might + * still have a bunch of tokens to match, though, because of + * possible backing-up. + * + * When we actually see the EOF, we change the status to "new" + * (via yyrestart()), so that the user can continue scanning by + * just pointing yyin at a new input file. + */ +#define YY_BUFFER_EOF_PENDING 2 + + }; +#endif /* !YY_STRUCT_YY_BUFFER_STATE */ + +/* Stack of input buffers. */ +static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ +static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ +static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ + +/* We provide macros for accessing buffer states in case in the + * future we want to put the buffer states in a more general + * "scanner state". + * + * Returns the top of the stack, or NULL. + */ +#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ + ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ + : NULL) + +/* Same as previous macro, but useful when we know that the buffer stack is not + * NULL or when we need an lvalue. For internal use only. + */ +#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] + +/* yy_hold_char holds the character lost when yytext is formed. */ +static char yy_hold_char; +static int yy_n_chars; /* number of characters read into yy_ch_buf */ +int yyleng; + +/* Points to current character in buffer. */ +static char *yy_c_buf_p = (char *) 0; +static int yy_init = 0; /* whether we need to initialize */ +static int yy_start = 0; /* start state number */ + +/* Flag which is used to allow yywrap()'s to do buffer switches + * instead of setting up a fresh yyin. A bit of a hack ... + */ +static int yy_did_buffer_switch_on_eof; + +void yyrestart (FILE *input_file ); +void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); +YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); +void yy_delete_buffer (YY_BUFFER_STATE b ); +void yy_flush_buffer (YY_BUFFER_STATE b ); +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); +void yypop_buffer_state (void ); + +static void yyensure_buffer_stack (void ); +static void yy_load_buffer_state (void ); +static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); + +#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) + +YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); +YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); +YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); + +void *yyalloc (yy_size_t ); +void *yyrealloc (void *,yy_size_t ); +void yyfree (void * ); + +#define yy_new_buffer yy_create_buffer + +#define yy_set_interactive(is_interactive) \ + { \ + if ( ! YY_CURRENT_BUFFER ){ \ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ + } + +#define yy_set_bol(at_bol) \ + { \ + if ( ! YY_CURRENT_BUFFER ){\ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + yy_create_buffer(yyin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ + } + +#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) + +/* Begin user sect3 */ + +typedef unsigned char YY_CHAR; + +FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; + +typedef int yy_state_type; + +extern int yylineno; + +int yylineno = 1; + +extern char *yytext; +#define yytext_ptr yytext + +static yy_state_type yy_get_previous_state (void ); +static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); +static int yy_get_next_buffer (void ); +static void yy_fatal_error (yyconst char msg[] ); + +/* Done after the current pattern has been matched and before the + * corresponding action - sets up yytext. + */ +#define YY_DO_BEFORE_ACTION \ + (yytext_ptr) = yy_bp; \ + yyleng = (size_t) (yy_cp - yy_bp); \ + (yy_hold_char) = *yy_cp; \ + *yy_cp = '\0'; \ + (yy_c_buf_p) = yy_cp; + +#define YY_NUM_RULES 12 +#define YY_END_OF_BUFFER 13 +/* This struct is not used in this scanner, + but its presence is necessary. */ +struct yy_trans_info + { + flex_int32_t yy_verify; + flex_int32_t yy_nxt; + }; +static yyconst flex_int16_t yy_accept[36] = + { 0, + 0, 0, 13, 12, 11, 9, 10, 8, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 5, 4, 7, + 7, 3, 7, 7, 7, 7, 7, 1, 2, 7, + 7, 7, 7, 6, 0 + } ; + +static yyconst flex_int32_t yy_ec[256] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 2, 4, 5, 1, 1, 4, 1, 1, 4, + 4, 1, 1, 4, 6, 4, 1, 6, 6, 6, + 6, 6, 6, 6, 6, 6, 6, 1, 1, 1, + 4, 1, 1, 1, 7, 8, 9, 10, 11, 12, + 8, 13, 14, 8, 8, 15, 16, 17, 18, 8, + 8, 19, 20, 21, 22, 8, 8, 8, 8, 8, + 1, 1, 1, 1, 6, 1, 8, 8, 8, 8, + + 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, + 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, + 8, 8, 4, 1, 4, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1 + } ; + +static yyconst flex_int32_t yy_meta[23] = + { 0, + 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2 + } ; + +static yyconst flex_int16_t yy_base[37] = + { 0, + 0, 0, 43, 44, 44, 44, 44, 44, 25, 0, + 34, 23, 20, 16, 0, 28, 22, 0, 0, 22, + 12, 0, 13, 17, 20, 19, 13, 0, 0, 21, + 6, 17, 12, 0, 44, 22 + } ; + +static yyconst flex_int16_t yy_def[37] = + { 0, + 35, 1, 35, 35, 35, 35, 35, 35, 36, 36, + 36, 36, 36, 36, 36, 36, 36, 36, 36, 36, + 36, 36, 36, 36, 36, 36, 36, 36, 36, 36, + 36, 36, 36, 36, 0, 35 + } ; + +static yyconst flex_int16_t yy_nxt[67] = + { 0, + 4, 5, 6, 7, 8, 4, 9, 10, 10, 10, + 10, 11, 10, 12, 10, 10, 10, 13, 10, 10, + 14, 10, 20, 15, 34, 33, 32, 31, 30, 29, + 28, 27, 26, 25, 21, 24, 23, 22, 19, 18, + 17, 16, 35, 3, 35, 35, 35, 35, 35, 35, + 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, + 35, 35, 35, 35, 35, 35 + } ; + +static yyconst flex_int16_t yy_chk[67] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 14, 36, 33, 32, 31, 30, 27, 26, + 25, 24, 23, 21, 14, 20, 17, 16, 13, 12, + 11, 9, 3, 35, 35, 35, 35, 35, 35, 35, + 35, 35, 35, 35, 35, 35, 35, 35, 35, 35, + 35, 35, 35, 35, 35, 35 + } ; + +static yy_state_type yy_last_accepting_state; +static char *yy_last_accepting_cpos; + +extern int yy_flex_debug; +int yy_flex_debug = 0; + +/* The intent behind this definition is that it'll catch + * any uses of REJECT which flex missed. + */ +#define REJECT reject_used_but_not_detected +#define yymore() yymore_used_but_not_detected +#define YY_MORE_ADJ 0 +#define YY_RESTORE_YY_MORE_OFFSET +char *yytext; +#line 1 "sel-lex.l" +#line 2 "sel-lex.l" +/* + * Copyright (c) 2004, 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#undef ECHO + +#include +#include +#include +#include +#include "sel.h" +#include "sel-gram.h" +unsigned lineno = 1; + +static char * handle_string(void); +static int lex_input(char *, int); + +struct hx_expr_input _hx509_expr_input; + +#define YY_NO_UNPUT 1 + +#undef YY_INPUT +#define YY_INPUT(buf,res,maxsize) (res = lex_input(buf, maxsize)) + +#undef ECHO + +#line 541 "heimdal/lib/hx509/sel-lex.c" + +#define INITIAL 0 + +#ifndef YY_NO_UNISTD_H +/* Special case for "unistd.h", since it is non-ANSI. We include it way + * down here because we want the user's section 1 to have been scanned first. + * The user has a chance to override it with an option. + */ +#include +#endif + +#ifndef YY_EXTRA_TYPE +#define YY_EXTRA_TYPE void * +#endif + +static int yy_init_globals (void ); + +/* Macros after this point can all be overridden by user definitions in + * section 1. + */ + +#ifndef YY_SKIP_YYWRAP +#ifdef __cplusplus +extern "C" int yywrap (void ); +#else +extern int yywrap (void ); +#endif +#endif + + static void yyunput (int c,char *buf_ptr ); + +#ifndef yytext_ptr +static void yy_flex_strncpy (char *,yyconst char *,int ); +#endif + +#ifdef YY_NEED_STRLEN +static int yy_flex_strlen (yyconst char * ); +#endif + +#ifndef YY_NO_INPUT + +#ifdef __cplusplus +static int yyinput (void ); +#else +static int input (void ); +#endif + +#endif + +/* Amount of stuff to slurp up with each read. */ +#ifndef YY_READ_BUF_SIZE +#define YY_READ_BUF_SIZE 8192 +#endif + +/* Copy whatever the last rule matched to the standard output. */ +#ifndef ECHO +/* This used to be an fputs(), but since the string might contain NUL's, + * we now use fwrite(). + */ +#define ECHO fwrite( yytext, yyleng, 1, yyout ) +#endif + +/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, + * is returned in "result". + */ +#ifndef YY_INPUT +#define YY_INPUT(buf,result,max_size) \ + if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + { \ + int c = '*'; \ + int n; \ + for ( n = 0; n < max_size && \ + (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ + buf[n] = (char) c; \ + if ( c == '\n' ) \ + buf[n++] = (char) c; \ + if ( c == EOF && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + result = n; \ + } \ + else \ + { \ + errno=0; \ + while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ + { \ + if( errno != EINTR) \ + { \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + break; \ + } \ + errno=0; \ + clearerr(yyin); \ + } \ + }\ +\ + +#endif + +/* No semi-colon after return; correct usage is to write "yyterminate();" - + * we don't want an extra ';' after the "return" because that will cause + * some compilers to complain about unreachable statements. + */ +#ifndef yyterminate +#define yyterminate() return YY_NULL +#endif + +/* Number of entries by which start-condition stack grows. */ +#ifndef YY_START_STACK_INCR +#define YY_START_STACK_INCR 25 +#endif + +/* Report a fatal error. */ +#ifndef YY_FATAL_ERROR +#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) +#endif + +/* end tables serialization structures and prototypes */ + +/* Default declaration of generated scanner - a define so the user can + * easily add parameters. + */ +#ifndef YY_DECL +#define YY_DECL_IS_OURS 1 + +extern int yylex (void); + +#define YY_DECL int yylex (void) +#endif /* !YY_DECL */ + +/* Code executed at the beginning of each rule, after yytext and yyleng + * have been set up. + */ +#ifndef YY_USER_ACTION +#define YY_USER_ACTION +#endif + +/* Code executed at the end of each rule. */ +#ifndef YY_BREAK +#define YY_BREAK break; +#endif + +#define YY_RULE_SETUP \ + YY_USER_ACTION + +/** The main scanner function which does all the work. + */ +YY_DECL +{ + register yy_state_type yy_current_state; + register char *yy_cp, *yy_bp; + register int yy_act; + +#line 64 "sel-lex.l" + + +#line 697 "heimdal/lib/hx509/sel-lex.c" + + if ( !(yy_init) ) + { + (yy_init) = 1; + +#ifdef YY_USER_INIT + YY_USER_INIT; +#endif + + if ( ! (yy_start) ) + (yy_start) = 1; /* first start state */ + + if ( ! yyin ) + yyin = stdin; + + if ( ! yyout ) + yyout = stdout; + + if ( ! YY_CURRENT_BUFFER ) { + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } + + yy_load_buffer_state( ); + } + + while ( 1 ) /* loops until end-of-file is reached */ + { + yy_cp = (yy_c_buf_p); + + /* Support of yytext. */ + *yy_cp = (yy_hold_char); + + /* yy_bp points to the position in yy_ch_buf of the start of + * the current run. + */ + yy_bp = yy_cp; + + yy_current_state = (yy_start); +yy_match: + do + { + register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 36 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + ++yy_cp; + } + while ( yy_base[yy_current_state] != 44 ); + +yy_find_action: + yy_act = yy_accept[yy_current_state]; + if ( yy_act == 0 ) + { /* have to back up */ + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); + yy_act = yy_accept[yy_current_state]; + } + + YY_DO_BEFORE_ACTION; + +do_action: /* This label is used only to access EOF actions. */ + + switch ( yy_act ) + { /* beginning of action switch */ + case 0: /* must back up */ + /* undo the effects of YY_DO_BEFORE_ACTION */ + *yy_cp = (yy_hold_char); + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); + goto yy_find_action; + +case 1: +YY_RULE_SETUP +#line 66 "sel-lex.l" +{ return kw_TRUE; } + YY_BREAK +case 2: +YY_RULE_SETUP +#line 67 "sel-lex.l" +{ return kw_FALSE; } + YY_BREAK +case 3: +YY_RULE_SETUP +#line 68 "sel-lex.l" +{ return kw_AND; } + YY_BREAK +case 4: +YY_RULE_SETUP +#line 69 "sel-lex.l" +{ return kw_OR; } + YY_BREAK +case 5: +YY_RULE_SETUP +#line 70 "sel-lex.l" +{ return kw_IN; } + YY_BREAK +case 6: +YY_RULE_SETUP +#line 71 "sel-lex.l" +{ return kw_TAILMATCH; } + YY_BREAK +case 7: +YY_RULE_SETUP +#line 73 "sel-lex.l" +{ + yylval.string = strdup ((const char *)yytext); + return IDENTIFIER; + } + YY_BREAK +case 8: +YY_RULE_SETUP +#line 77 "sel-lex.l" +{ yylval.string = handle_string(); return STRING; } + YY_BREAK +case 9: +/* rule 9 can match eol */ +YY_RULE_SETUP +#line 78 "sel-lex.l" +{ ++lineno; } + YY_BREAK +case 10: +YY_RULE_SETUP +#line 79 "sel-lex.l" +{ return *yytext; } + YY_BREAK +case 11: +YY_RULE_SETUP +#line 80 "sel-lex.l" +; + YY_BREAK +case 12: +YY_RULE_SETUP +#line 81 "sel-lex.l" +ECHO; + YY_BREAK +#line 844 "heimdal/lib/hx509/sel-lex.c" +case YY_STATE_EOF(INITIAL): + yyterminate(); + + case YY_END_OF_BUFFER: + { + /* Amount of text matched not including the EOB char. */ + int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; + + /* Undo the effects of YY_DO_BEFORE_ACTION. */ + *yy_cp = (yy_hold_char); + YY_RESTORE_YY_MORE_OFFSET + + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) + { + /* We're scanning a new file or input source. It's + * possible that this happened because the user + * just pointed yyin at a new source and called + * yylex(). If so, then we have to assure + * consistency between YY_CURRENT_BUFFER and our + * globals. Here is the right place to do so, because + * this is the first action (other than possibly a + * back-up) that will match for the new input source. + */ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; + } + + /* Note that here we test for yy_c_buf_p "<=" to the position + * of the first EOB in the buffer, since yy_c_buf_p will + * already have been incremented past the NUL character + * (since all states make transitions on EOB to the + * end-of-buffer state). Contrast this with the test + * in input(). + */ + if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + { /* This was really a NUL. */ + yy_state_type yy_next_state; + + (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state( ); + + /* Okay, we're now positioned to make the NUL + * transition. We couldn't have + * yy_get_previous_state() go ahead and do it + * for us because it doesn't know how to deal + * with the possibility of jamming (and we don't + * want to build jamming into it because then it + * will run more slowly). + */ + + yy_next_state = yy_try_NUL_trans( yy_current_state ); + + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + + if ( yy_next_state ) + { + /* Consume the NUL. */ + yy_cp = ++(yy_c_buf_p); + yy_current_state = yy_next_state; + goto yy_match; + } + + else + { + yy_cp = (yy_c_buf_p); + goto yy_find_action; + } + } + + else switch ( yy_get_next_buffer( ) ) + { + case EOB_ACT_END_OF_FILE: + { + (yy_did_buffer_switch_on_eof) = 0; + + if ( yywrap( ) ) + { + /* Note: because we've taken care in + * yy_get_next_buffer() to have set up + * yytext, we can now set up + * yy_c_buf_p so that if some total + * hoser (like flex itself) wants to + * call the scanner after we return the + * YY_NULL, it'll still work - another + * YY_NULL will get returned. + */ + (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; + + yy_act = YY_STATE_EOF(YY_START); + goto do_action; + } + + else + { + if ( ! (yy_did_buffer_switch_on_eof) ) + YY_NEW_FILE; + } + break; + } + + case EOB_ACT_CONTINUE_SCAN: + (yy_c_buf_p) = + (yytext_ptr) + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state( ); + + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + goto yy_match; + + case EOB_ACT_LAST_MATCH: + (yy_c_buf_p) = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; + + yy_current_state = yy_get_previous_state( ); + + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; + goto yy_find_action; + } + break; + } + + default: + YY_FATAL_ERROR( + "fatal flex scanner internal error--no action found" ); + } /* end of action switch */ + } /* end of scanning one token */ +} /* end of yylex */ + +/* yy_get_next_buffer - try to read in a new buffer + * + * Returns a code representing an action: + * EOB_ACT_LAST_MATCH - + * EOB_ACT_CONTINUE_SCAN - continue scanning from current position + * EOB_ACT_END_OF_FILE - end of file + */ +static int yy_get_next_buffer (void) +{ + register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + register char *source = (yytext_ptr); + register int number_to_move, i; + int ret_val; + + if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) + YY_FATAL_ERROR( + "fatal flex scanner internal error--end of buffer missed" ); + + if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) + { /* Don't try to fill the buffer, so this is an EOF. */ + if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) + { + /* We matched a single character, the EOB, so + * treat this as a final EOF. + */ + return EOB_ACT_END_OF_FILE; + } + + else + { + /* We matched some text prior to the EOB, first + * process it. + */ + return EOB_ACT_LAST_MATCH; + } + } + + /* Try to read more data. */ + + /* First move last chars to start of buffer. */ + number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + + for ( i = 0; i < number_to_move; ++i ) + *(dest++) = *(source++); + + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + /* don't do the read, it's not guaranteed to return an EOF, + * just force an EOF + */ + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; + + else + { + int num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) + { /* Not enough room in the buffer - grow it. */ + + /* just a shorter name for the current buffer */ + YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + + int yy_c_buf_p_offset = + (int) ((yy_c_buf_p) - b->yy_ch_buf); + + if ( b->yy_is_our_buffer ) + { + int new_size = b->yy_buf_size * 2; + + if ( new_size <= 0 ) + b->yy_buf_size += b->yy_buf_size / 8; + else + b->yy_buf_size *= 2; + + b->yy_ch_buf = (char *) + /* Include room in for 2 EOB chars. */ + yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); + } + else + /* Can't grow it, we don't own it. */ + b->yy_ch_buf = 0; + + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( + "fatal error - scanner input buffer overflow" ); + + (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; + + num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - + number_to_move - 1; + + } + + if ( num_to_read > YY_READ_BUF_SIZE ) + num_to_read = YY_READ_BUF_SIZE; + + /* Read in more data. */ + YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), + (yy_n_chars), (size_t) num_to_read ); + + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + if ( (yy_n_chars) == 0 ) + { + if ( number_to_move == YY_MORE_ADJ ) + { + ret_val = EOB_ACT_END_OF_FILE; + yyrestart(yyin ); + } + + else + { + ret_val = EOB_ACT_LAST_MATCH; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = + YY_BUFFER_EOF_PENDING; + } + } + + else + ret_val = EOB_ACT_CONTINUE_SCAN; + + if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { + /* Extend the array by 50%, plus the number we really need. */ + yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ); + if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); + } + + (yy_n_chars) += number_to_move; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; + + (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; + + return ret_val; +} + +/* yy_get_previous_state - get the state just before the EOB char was reached */ + + static yy_state_type yy_get_previous_state (void) +{ + register yy_state_type yy_current_state; + register char *yy_cp; + + yy_current_state = (yy_start); + + for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) + { + register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 36 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + } + + return yy_current_state; +} + +/* yy_try_NUL_trans - try to make a transition on the NUL character + * + * synopsis + * next_state = yy_try_NUL_trans( current_state ); + */ + static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) +{ + register int yy_is_jam; + register char *yy_cp = (yy_c_buf_p); + + register YY_CHAR yy_c = 1; + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 36 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + yy_is_jam = (yy_current_state == 35); + + return yy_is_jam ? 0 : yy_current_state; +} + + static void yyunput (int c, register char * yy_bp ) +{ + register char *yy_cp; + + yy_cp = (yy_c_buf_p); + + /* undo effects of setting up yytext */ + *yy_cp = (yy_hold_char); + + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + { /* need to shift things up to make room */ + /* +2 for EOB chars. */ + register int number_to_move = (yy_n_chars) + 2; + register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; + register char *source = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; + + while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + *--dest = *--source; + + yy_cp += (int) (dest - source); + yy_bp += (int) (dest - source); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + YY_FATAL_ERROR( "flex scanner push-back overflow" ); + } + + *--yy_cp = (char) c; + + (yytext_ptr) = yy_bp; + (yy_hold_char) = *yy_cp; + (yy_c_buf_p) = yy_cp; +} + +#ifndef YY_NO_INPUT +#ifdef __cplusplus + static int yyinput (void) +#else + static int input (void) +#endif + +{ + int c; + + *(yy_c_buf_p) = (yy_hold_char); + + if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) + { + /* yy_c_buf_p now points to the character we want to return. + * If this occurs *before* the EOB characters, then it's a + * valid NUL; if not, then we've hit the end of the buffer. + */ + if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) + /* This was really a NUL. */ + *(yy_c_buf_p) = '\0'; + + else + { /* need more input */ + int offset = (yy_c_buf_p) - (yytext_ptr); + ++(yy_c_buf_p); + + switch ( yy_get_next_buffer( ) ) + { + case EOB_ACT_LAST_MATCH: + /* This happens because yy_g_n_b() + * sees that we've accumulated a + * token and flags that we need to + * try matching the token before + * proceeding. But for input(), + * there's no matching to consider. + * So convert the EOB_ACT_LAST_MATCH + * to EOB_ACT_END_OF_FILE. + */ + + /* Reset buffer status. */ + yyrestart(yyin ); + + /*FALLTHROUGH*/ + + case EOB_ACT_END_OF_FILE: + { + if ( yywrap( ) ) + return EOF; + + if ( ! (yy_did_buffer_switch_on_eof) ) + YY_NEW_FILE; +#ifdef __cplusplus + return yyinput(); +#else + return input(); +#endif + } + + case EOB_ACT_CONTINUE_SCAN: + (yy_c_buf_p) = (yytext_ptr) + offset; + break; + } + } + } + + c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ + *(yy_c_buf_p) = '\0'; /* preserve yytext */ + (yy_hold_char) = *++(yy_c_buf_p); + + return c; +} +#endif /* ifndef YY_NO_INPUT */ + +/** Immediately switch to a different input stream. + * @param input_file A readable stream. + * + * @note This function does not reset the start condition to @c INITIAL . + */ + void yyrestart (FILE * input_file ) +{ + + if ( ! YY_CURRENT_BUFFER ){ + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + yy_create_buffer(yyin,YY_BUF_SIZE ); + } + + yy_init_buffer(YY_CURRENT_BUFFER,input_file ); + yy_load_buffer_state( ); +} + +/** Switch to a different input buffer. + * @param new_buffer The new input buffer. + * + */ + void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) +{ + + /* TODO. We should be able to replace this entire function body + * with + * yypop_buffer_state(); + * yypush_buffer_state(new_buffer); + */ + yyensure_buffer_stack (); + if ( YY_CURRENT_BUFFER == new_buffer ) + return; + + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + YY_CURRENT_BUFFER_LVALUE = new_buffer; + yy_load_buffer_state( ); + + /* We don't actually know whether we did this switch during + * EOF (yywrap()) processing, but the only time this flag + * is looked at is after yywrap() is called, so it's safe + * to go ahead and always set it. + */ + (yy_did_buffer_switch_on_eof) = 1; +} + +static void yy_load_buffer_state (void) +{ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; + yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; + (yy_hold_char) = *(yy_c_buf_p); +} + +/** Allocate and initialize an input buffer state. + * @param file A readable stream. + * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. + * + * @return the allocated buffer state. + */ + YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) +{ + YY_BUFFER_STATE b; + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_buf_size = size; + + /* yy_ch_buf has to be 2 characters longer than the size given because + * we need to put in 2 end-of-buffer characters. + */ + b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_is_our_buffer = 1; + + yy_init_buffer(b,file ); + + return b; +} + +/** Destroy the buffer. + * @param b a buffer created with yy_create_buffer() + * + */ + void yy_delete_buffer (YY_BUFFER_STATE b ) +{ + + if ( ! b ) + return; + + if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ + YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; + + if ( b->yy_is_our_buffer ) + yyfree((void *) b->yy_ch_buf ); + + yyfree((void *) b ); +} + +#ifndef __cplusplus +extern int isatty (int ); +#endif /* __cplusplus */ + +/* Initializes or reinitializes a buffer. + * This function is sometimes called more than once on the same buffer, + * such as during a yyrestart() or at EOF. + */ + static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) + +{ + int oerrno = errno; + + yy_flush_buffer(b ); + + b->yy_input_file = file; + b->yy_fill_buffer = 1; + + /* If b is the current buffer, then yy_init_buffer was _probably_ + * called from yyrestart() or through yy_get_next_buffer. + * In that case, we don't want to reset the lineno or column. + */ + if (b != YY_CURRENT_BUFFER){ + b->yy_bs_lineno = 1; + b->yy_bs_column = 0; + } + + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; + + errno = oerrno; +} + +/** Discard all buffered characters. On the next scan, YY_INPUT will be called. + * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. + * + */ + void yy_flush_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) + return; + + b->yy_n_chars = 0; + + /* We always need two end-of-buffer characters. The first causes + * a transition to the end-of-buffer state. The second causes + * a jam in that state. + */ + b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; + b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; + + b->yy_buf_pos = &b->yy_ch_buf[0]; + + b->yy_at_bol = 1; + b->yy_buffer_status = YY_BUFFER_NEW; + + if ( b == YY_CURRENT_BUFFER ) + yy_load_buffer_state( ); +} + +/** Pushes the new state onto the stack. The new state becomes + * the current state. This function will allocate the stack + * if necessary. + * @param new_buffer The new state. + * + */ +void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) +{ + if (new_buffer == NULL) + return; + + yyensure_buffer_stack(); + + /* This block is copied from yy_switch_to_buffer. */ + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + /* Only push if top exists. Otherwise, replace top. */ + if (YY_CURRENT_BUFFER) + (yy_buffer_stack_top)++; + YY_CURRENT_BUFFER_LVALUE = new_buffer; + + /* copied from yy_switch_to_buffer. */ + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; +} + +/** Removes and deletes the top of the stack, if present. + * The next element becomes the new top. + * + */ +void yypop_buffer_state (void) +{ + if (!YY_CURRENT_BUFFER) + return; + + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + if ((yy_buffer_stack_top) > 0) + --(yy_buffer_stack_top); + + if (YY_CURRENT_BUFFER) { + yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; + } +} + +/* Allocates the stack if it does not exist. + * Guarantees space for at least one push. + */ +static void yyensure_buffer_stack (void) +{ + int num_to_alloc; + + if (!(yy_buffer_stack)) { + + /* First allocation is just for 2 elements, since we don't know if this + * scanner will even need a stack. We use 2 instead of 1 to avoid an + * immediate realloc on the next call. + */ + num_to_alloc = 1; + (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc + (num_to_alloc * sizeof(struct yy_buffer_state*) + ); + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); + + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); + + (yy_buffer_stack_max) = num_to_alloc; + (yy_buffer_stack_top) = 0; + return; + } + + if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ + + /* Increase the buffer to prepare for a possible push. */ + int grow_size = 8 /* arbitrary grow size */; + + num_to_alloc = (yy_buffer_stack_max) + grow_size; + (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc + ((yy_buffer_stack), + num_to_alloc * sizeof(struct yy_buffer_state*) + ); + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); + + /* zero only the new slots.*/ + memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); + (yy_buffer_stack_max) = num_to_alloc; + } +} + +/** Setup the input buffer state to scan directly from a user-specified character buffer. + * @param base the character buffer + * @param size the size in bytes of the character buffer + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) +{ + YY_BUFFER_STATE b; + + if ( size < 2 || + base[size-2] != YY_END_OF_BUFFER_CHAR || + base[size-1] != YY_END_OF_BUFFER_CHAR ) + /* They forgot to leave room for the EOB's. */ + return 0; + + b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); + + b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ + b->yy_buf_pos = b->yy_ch_buf = base; + b->yy_is_our_buffer = 0; + b->yy_input_file = 0; + b->yy_n_chars = b->yy_buf_size; + b->yy_is_interactive = 0; + b->yy_at_bol = 1; + b->yy_fill_buffer = 0; + b->yy_buffer_status = YY_BUFFER_NEW; + + yy_switch_to_buffer(b ); + + return b; +} + +/** Setup the input buffer state to scan a string. The next call to yylex() will + * scan from a @e copy of @a str. + * @param yystr a NUL-terminated string to scan + * + * @return the newly allocated buffer state object. + * @note If you want to scan bytes that may contain NUL values, then use + * yy_scan_bytes() instead. + */ +YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) +{ + + return yy_scan_bytes(yystr,strlen(yystr) ); +} + +/** Setup the input buffer state to scan the given bytes. The next call to yylex() will + * scan from a @e copy of @a bytes. + * @param bytes the byte buffer to scan + * @param len the number of bytes in the buffer pointed to by @a bytes. + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) +{ + YY_BUFFER_STATE b; + char *buf; + yy_size_t n; + int i; + + /* Get memory for full buffer, including space for trailing EOB's. */ + n = _yybytes_len + 2; + buf = (char *) yyalloc(n ); + if ( ! buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); + + for ( i = 0; i < _yybytes_len; ++i ) + buf[i] = yybytes[i]; + + buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; + + b = yy_scan_buffer(buf,n ); + if ( ! b ) + YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); + + /* It's okay to grow etc. this buffer, and we should throw it + * away when we're done. + */ + b->yy_is_our_buffer = 1; + + return b; +} + +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif + +static void yy_fatal_error (yyconst char* msg ) +{ + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); +} + +/* Redefine yyless() so it works in section 3 code. */ + +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + yytext[yyleng] = (yy_hold_char); \ + (yy_c_buf_p) = yytext + yyless_macro_arg; \ + (yy_hold_char) = *(yy_c_buf_p); \ + *(yy_c_buf_p) = '\0'; \ + yyleng = yyless_macro_arg; \ + } \ + while ( 0 ) + +/* Accessor methods (get/set functions) to struct members. */ + +/** Get the current line number. + * + */ +int yyget_lineno (void) +{ + + return yylineno; +} + +/** Get the input stream. + * + */ +FILE *yyget_in (void) +{ + return yyin; +} + +/** Get the output stream. + * + */ +FILE *yyget_out (void) +{ + return yyout; +} + +/** Get the length of the current token. + * + */ +int yyget_leng (void) +{ + return yyleng; +} + +/** Get the current token. + * + */ + +char *yyget_text (void) +{ + return yytext; +} + +/** Set the current line number. + * @param line_number + * + */ +void yyset_lineno (int line_number ) +{ + + yylineno = line_number; +} + +/** Set the input stream. This does not discard the current + * input buffer. + * @param in_str A readable stream. + * + * @see yy_switch_to_buffer + */ +void yyset_in (FILE * in_str ) +{ + yyin = in_str ; +} + +void yyset_out (FILE * out_str ) +{ + yyout = out_str ; +} + +int yyget_debug (void) +{ + return yy_flex_debug; +} + +void yyset_debug (int bdebug ) +{ + yy_flex_debug = bdebug ; +} + +static int yy_init_globals (void) +{ + /* Initialization is the same as for the non-reentrant scanner. + * This function is called from yylex_destroy(), so don't allocate here. + */ + + (yy_buffer_stack) = 0; + (yy_buffer_stack_top) = 0; + (yy_buffer_stack_max) = 0; + (yy_c_buf_p) = (char *) 0; + (yy_init) = 0; + (yy_start) = 0; + +/* Defined in main.c */ +#ifdef YY_STDINIT + yyin = stdin; + yyout = stdout; +#else + yyin = (FILE *) 0; + yyout = (FILE *) 0; +#endif + + /* For future reference: Set errno on error, since we are called by + * yylex_init() + */ + return 0; +} + +/* yylex_destroy is for both reentrant and non-reentrant scanners. */ +int yylex_destroy (void) +{ + + /* Pop the buffer stack, destroying each element. */ + while(YY_CURRENT_BUFFER){ + yy_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + yypop_buffer_state(); + } + + /* Destroy the stack itself. */ + yyfree((yy_buffer_stack) ); + (yy_buffer_stack) = NULL; + + /* Reset the globals. This is important in a non-reentrant scanner so the next time + * yylex() is called, initialization will occur. */ + yy_init_globals( ); + + return 0; +} + +/* + * Internal utility routines. + */ + +#ifndef yytext_ptr +static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) +{ + register int i; + for ( i = 0; i < n; ++i ) + s1[i] = s2[i]; +} +#endif + +#ifdef YY_NEED_STRLEN +static int yy_flex_strlen (yyconst char * s ) +{ + register int n; + for ( n = 0; s[n]; ++n ) + ; + + return n; +} +#endif + +void *yyalloc (yy_size_t size ) +{ + return (void *) malloc( size ); +} + +void *yyrealloc (void * ptr, yy_size_t size ) +{ + /* The cast to (char *) in the following accommodates both + * implementations that use char* generic pointers, and those + * that use void* generic pointers. It works with the latter + * because both ANSI C and C++ allow castless assignment from + * any pointer type to void*, and deal with argument conversions + * as though doing an assignment. + */ + return (void *) realloc( (char *) ptr, size ); +} + +void yyfree (void * ptr ) +{ + free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ +} + +#define YYTABLES_NAME "yytables" + +#line 81 "sel-lex.l" + + + +static char * +handle_string(void) +{ + char x[1024]; + int i = 0; + int c; + int quote = 0; + while((c = input()) != EOF){ + if(quote) { + x[i++] = '\\'; + x[i++] = c; + quote = 0; + continue; + } + if(c == '\n'){ + _hx509_sel_yyerror("unterminated string"); + lineno++; + break; + } + if(c == '\\'){ + quote++; + continue; + } + if(c == '\"') + break; + x[i++] = c; + } + x[i] = '\0'; + return strdup(x); +} + +int +yywrap () +{ + return 1; +} + +static int +lex_input(char *buf, int max_size) +{ + int n; + + n = _hx509_expr_input.length - _hx509_expr_input.offset; + if (max_size < n) + n = max_size; + if (n <= 0) + return YY_NULL; + + memcpy(buf, _hx509_expr_input.buf + _hx509_expr_input.offset, n); + _hx509_expr_input.offset += n; + + return n; +} + diff --git a/source4/heimdal/lib/hx509/sel-lex.l b/source4/heimdal/lib/hx509/sel-lex.l new file mode 100644 index 0000000000..53944897f9 --- /dev/null +++ b/source4/heimdal/lib/hx509/sel-lex.l @@ -0,0 +1,135 @@ +%{ +/* + * Copyright (c) 2004, 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#undef ECHO + +#include +#include +#include +#include +#include "sel.h" +#include "sel-gram.h" +unsigned lineno = 1; + +static char * handle_string(void); +static int lex_input(char *, int); + +struct hx_expr_input _hx509_expr_input; + +#define YY_NO_UNPUT 1 + +#undef YY_INPUT +#define YY_INPUT(buf,res,maxsize) (res = lex_input(buf, maxsize)) + +#undef ECHO + +%} +%% + +TRUE { return kw_TRUE; } +FALSE { return kw_FALSE; } +AND { return kw_AND; } +OR { return kw_OR; } +IN { return kw_IN; } +TAILMATCH { return kw_TAILMATCH; } + +[A-Za-z][-A-Za-z0-9_]* { + yylval.string = strdup ((const char *)yytext); + return IDENTIFIER; + } +"\"" { yylval.string = handle_string(); return STRING; } +\n { ++lineno; } +[,.!={}()%] { return *yytext; } +[ \t] ; +%% + +static char * +handle_string(void) +{ + char x[1024]; + int i = 0; + int c; + int quote = 0; + while((c = input()) != EOF){ + if(quote) { + x[i++] = '\\'; + x[i++] = c; + quote = 0; + continue; + } + if(c == '\n'){ + _hx509_sel_yyerror("unterminated string"); + lineno++; + break; + } + if(c == '\\'){ + quote++; + continue; + } + if(c == '\"') + break; + x[i++] = c; + } + x[i] = '\0'; + return strdup(x); +} + +int +yywrap () +{ + return 1; +} + +static int +lex_input(char *buf, int max_size) +{ + int n; + + n = _hx509_expr_input.length - _hx509_expr_input.offset; + if (max_size < n) + n = max_size; + if (n <= 0) + return YY_NULL; + + memcpy(buf, _hx509_expr_input.buf + _hx509_expr_input.offset, n); + _hx509_expr_input.offset += n; + + return n; +} diff --git a/source4/heimdal/lib/hx509/sel.c b/source4/heimdal/lib/hx509/sel.c new file mode 100644 index 0000000000..0e68f8ba5d --- /dev/null +++ b/source4/heimdal/lib/hx509/sel.c @@ -0,0 +1,232 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" + +struct hx_expr * +_hx509_make_expr(enum hx_expr_op op, void *arg1, void *arg2) +{ + struct hx_expr *expr; + + expr = malloc(sizeof(*expr)); + if (expr == NULL) + return NULL; + expr->op = op; + expr->arg1 = arg1; + expr->arg2 = arg2; + + return expr; +} + +static const char * +eval_word(hx509_context context, hx509_env env, struct hx_expr *word) +{ + switch (word->op) { + case expr_STRING: + return word->arg1; + case expr_VAR: + if (word->arg2 == NULL) + return hx509_env_find(context, env, word->arg1); + + env = hx509_env_find_binding(context, env, word->arg1); + if (env == NULL) + return NULL; + + return eval_word(context, env, word->arg2); + default: + return NULL; + } +} + +static hx509_env +find_variable(hx509_context context, hx509_env env, struct hx_expr *word) +{ + assert(word->op == expr_VAR); + + if (word->arg2 == NULL) + return hx509_env_find_binding(context, env, word->arg1); + + env = hx509_env_find_binding(context, env, word->arg1); + if (env == NULL) + return NULL; + return find_variable(context, env, word->arg2); +} + +static int +eval_comp(hx509_context context, hx509_env env, struct hx_expr *expr) +{ + switch (expr->op) { + case comp_NE: + case comp_EQ: + case comp_TAILEQ: { + const char *s1, *s2; + int ret; + + s1 = eval_word(context, env, expr->arg1); + s2 = eval_word(context, env, expr->arg2); + + if (s1 == NULL || s2 == NULL) + return FALSE; + + if (expr->op == comp_TAILEQ) { + size_t len1 = strlen(s1); + size_t len2 = strlen(s2); + + if (len1 < len2) + return 0; + ret = strcmp(s1 + (len1 - len2), s2) == 0; + } else { + ret = strcmp(s1, s2) == 0; + if (expr->op == comp_NE) + ret = !ret; + } + return ret; + } + case comp_IN: { + struct hx_expr *subexpr; + const char *w, *s1; + + w = eval_word(context, env, expr->arg1); + + subexpr = expr->arg2; + + if (subexpr->op == expr_WORDS) { + while (subexpr) { + s1 = eval_word(context, env, subexpr->arg1); + if (strcmp(w, s1) == 0) + return TRUE; + subexpr = subexpr->arg2; + } + } else if (subexpr->op == expr_VAR) { + hx509_env subenv; + + subenv = find_variable(context, env, subexpr); + if (subenv == NULL) + return FALSE; + + while (subenv) { + if (subenv->type != env_string) + continue; + if (strcmp(w, subenv->name) == 0) + return TRUE; + if (strcmp(w, subenv->u.string) == 0) + return TRUE; + subenv = subenv->next; + } + + } else + _hx509_abort("hx509 eval IN unknown op: %d", (int)subexpr->op); + + return FALSE; + } + default: + _hx509_abort("hx509 eval expr with unknown op: %d", (int)expr->op); + } + return FALSE; +} + +int +_hx509_expr_eval(hx509_context context, hx509_env env, struct hx_expr *expr) +{ + switch (expr->op) { + case op_TRUE: + return 1; + case op_FALSE: + return 0; + case op_NOT: + return ! _hx509_expr_eval(context, env, expr->arg1); + case op_AND: + return _hx509_expr_eval(context, env, expr->arg1) && + _hx509_expr_eval(context, env, expr->arg2); + case op_OR: + return _hx509_expr_eval(context, env, expr->arg1) || + _hx509_expr_eval(context, env, expr->arg2); + case op_COMP: + return eval_comp(context, env, expr->arg1); + default: + _hx509_abort("hx509 eval expr with unknown op: %d", (int)expr->op); + } +} + +void +_hx509_expr_free(struct hx_expr *expr) +{ + switch (expr->op) { + case expr_STRING: + case expr_NUMBER: + free(expr->arg1); + break; + case expr_WORDS: + case expr_FUNCTION: + case expr_VAR: + free(expr->arg1); + if (expr->arg2) + _hx509_expr_free(expr->arg2); + break; + default: + if (expr->arg1) + _hx509_expr_free(expr->arg1); + if (expr->arg2) + _hx509_expr_free(expr->arg2); + break; + } + free(expr); +} + +struct hx_expr * +_hx509_expr_parse(const char *buf) +{ + _hx509_expr_input.buf = buf; + _hx509_expr_input.length = strlen(buf); + _hx509_expr_input.offset = 0; + _hx509_expr_input.expr = NULL; + + if (_hx509_expr_input.error) { + free(_hx509_expr_input.error); + _hx509_expr_input.error = NULL; + } + + yyparse(); + + return _hx509_expr_input.expr; +} + +void +_hx509_sel_yyerror (char *s) +{ + if (_hx509_expr_input.error) + free(_hx509_expr_input.error); + + _hx509_expr_input.error = strdup(s); +} + diff --git a/source4/heimdal/lib/hx509/sel.h b/source4/heimdal/lib/hx509/sel.h new file mode 100644 index 0000000000..ce6c3636bc --- /dev/null +++ b/source4/heimdal/lib/hx509/sel.h @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +enum hx_expr_op { + op_TRUE, + op_FALSE, + op_NOT, + op_AND, + op_OR, + op_COMP, + + comp_EQ, + comp_NE, + comp_IN, + comp_TAILEQ, + + expr_NUMBER, + expr_STRING, + expr_FUNCTION, + expr_VAR, + expr_WORDS +}; + +struct hx_expr { + enum hx_expr_op op; + void *arg1; + void *arg2; +}; + +struct hx_expr_input { + const char *buf; + size_t length; + size_t offset; + struct hx_expr *expr; + char *error; +}; + +extern struct hx_expr_input _hx509_expr_input; + +#define yyparse _hx509_sel_yyparse +#define yylex _hx509_sel_yylex +#define yyerror _hx509_sel_yyerror +#define yylval _hx509_sel_yylval +#define yychar _hx509_sel_yychar +#define yydebug _hx509_sel_yydebug +#define yynerrs _hx509_sel_yynerrs +#define yywrap _hx509_sel_yywrap + +int _hx509_sel_yyparse(void); +int _hx509_sel_yylex(void); +void _hx509_sel_yyerror(char *); + diff --git a/source4/heimdal/lib/hx509/test_name.c b/source4/heimdal/lib/hx509/test_name.c index 2c6dd516cb..6dcf542d01 100644 --- a/source4/heimdal/lib/hx509/test_name.c +++ b/source4/heimdal/lib/hx509/test_name.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: test_name.c 19882 2007-01-13 01:02:57Z lha $"); +RCSID("$Id: test_name.c 22677 2008-03-13 17:35:49Z lha $"); static int test_name(hx509_context context, const char *name) @@ -72,13 +72,12 @@ test_name_fail(hx509_context context, const char *name) static int test_expand(hx509_context context, const char *name, const char *expected) { - hx509_env env; + hx509_env env = NULL; hx509_name n; char *s; int ret; - hx509_env_init(context, &env); - hx509_env_add(context, env, "uid", "lha"); + hx509_env_add(context, &env, "uid", "lha"); ret = hx509_parse_name(context, name, &n); if (ret) diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c index 775239cf6d..8dd8687005 100644 --- a/source4/heimdal/lib/krb5/acache.c +++ b/source4/heimdal/lib/krb5/acache.c @@ -37,7 +37,7 @@ #include #endif -RCSID("$Id: acache.c 22669 2008-03-09 23:39:25Z lha $"); +RCSID("$Id: acache.c 23316 2008-06-23 04:32:32Z lha $"); /* XXX should we fetch these for each open ? */ static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; @@ -68,6 +68,7 @@ static const struct { { ccIteratorEnd, KRB5_CC_END }, { ccErrNoMem, KRB5_CC_NOMEM }, { ccErrServerUnavailable, KRB5_CC_NOSUPP }, + { ccErrInvalidCCache, KRB5_CC_BADNAME }, { ccNoError, 0 } }; @@ -114,15 +115,17 @@ init_ccapi(krb5_context context) cc_handle = dlopen(lib, RTLD_LAZY); if (cc_handle == NULL) { HEIMDAL_MUTEX_unlock(&acc_mutex); - krb5_set_error_string(context, "Failed to load %s", lib); + krb5_set_error_message(context, KRB5_CC_NOSUPP, + "Failed to load %s", lib); return KRB5_CC_NOSUPP; } init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize"); HEIMDAL_MUTEX_unlock(&acc_mutex); if (init_func == NULL) { - krb5_set_error_string(context, "Failed to find cc_initialize" - "in %s: %s", lib, dlerror()); + krb5_set_error_message(context, KRB5_CC_NOSUPP, + "Failed to find cc_initialize" + "in %s: %s", lib, dlerror()); dlclose(cc_handle); return KRB5_CC_NOSUPP; } @@ -130,7 +133,7 @@ init_ccapi(krb5_context context) return 0; #else HEIMDAL_MUTEX_unlock(&acc_mutex); - krb5_set_error_string(context, "no support for shared object"); + krb5_set_error_message(context, KRB5_CC_NOSUPP, "no support for shared object"); return KRB5_CC_NOSUPP; #endif } @@ -141,7 +144,7 @@ make_cred_from_ccred(krb5_context context, krb5_creds *cred) { krb5_error_code ret; - int i; + unsigned int i; memset(cred, 0, sizeof(*cred)); @@ -255,7 +258,7 @@ make_cred_from_ccred(krb5_context context, nomem: ret = ENOMEM; - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); fail: krb5_free_cred_contents(context, cred); @@ -584,8 +587,10 @@ acc_close(krb5_context context, free(a->cache_name); a->cache_name = NULL; } - (*a->context->func->release)(a->context); - a->context = NULL; + if (a->context) { + (*a->context->func->release)(a->context); + a->context = NULL; + } krb5_data_free(&id->data); return 0; } @@ -620,7 +625,8 @@ acc_store_cred(krb5_context context, cc_int32 error; if (a->ccache == NULL) { - krb5_set_error_string(context, "No API credential found"); + krb5_set_error_message(context, KRB5_CC_NOTFOUND, + "No API credential found"); return KRB5_CC_NOTFOUND; } @@ -653,7 +659,8 @@ acc_get_principal(krb5_context context, cc_string_t name; if (a->ccache == NULL) { - krb5_set_error_string(context, "No API credential found"); + krb5_set_error_message(context, KRB5_CC_NOTFOUND, + "No API credential found"); return KRB5_CC_NOTFOUND; } @@ -679,7 +686,8 @@ acc_get_first (krb5_context context, int32_t error; if (a->ccache == NULL) { - krb5_set_error_string(context, "No API credential found"); + krb5_set_error_message(context, KRB5_CC_NOTFOUND, + "No API credential found"); return KRB5_CC_NOTFOUND; } @@ -744,7 +752,8 @@ acc_remove_cred(krb5_context context, char *client, *server; if (a->ccache == NULL) { - krb5_set_error_string(context, "No API credential found"); + krb5_set_error_message(context, KRB5_CC_NOTFOUND, + "No API credential found"); return KRB5_CC_NOTFOUND; } @@ -796,8 +805,8 @@ acc_remove_cred(krb5_context context, (*iter->func->release)(iter); if (ret) - krb5_set_error_string(context, "Can't find credential %s in cache", - server); + krb5_set_error_message(context, ret, + "Can't find credential %s in cache", server); free(server); free(client); @@ -812,7 +821,7 @@ acc_set_flags(krb5_context context, return 0; } -static krb5_error_code +static int acc_get_version(krb5_context context, krb5_ccache id) { @@ -837,7 +846,7 @@ acc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) iter = calloc(1, sizeof(*iter)); if (iter == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -940,7 +949,7 @@ acc_move(krb5_context context, krb5_ccache from, krb5_ccache to) } static krb5_error_code -acc_default_name(krb5_context context, char **str) +acc_get_default_name(krb5_context context, char **str) { krb5_error_code ret; cc_context_t cc; @@ -966,12 +975,30 @@ acc_default_name(krb5_context context, char **str) (*cc->func->release)(cc); if (*str == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "out of memory"); return ENOMEM; } return 0; } +static krb5_error_code +acc_set_default(krb5_context context, krb5_ccache id) +{ + krb5_acc *a = ACACHE(id); + cc_int32 error; + + if (a->ccache == NULL) { + krb5_set_error_message(context, KRB5_CC_NOTFOUND, + "No API credential found"); + return KRB5_CC_NOTFOUND; + } + + error = (*a->ccache->func->set_default)(a->ccache); + if (error) + return translate_cc_error(context, error); + + return 0; +} /** * Variable containing the API based credential cache implemention. @@ -979,7 +1006,8 @@ acc_default_name(krb5_context context, char **str) * @ingroup krb5_ccache */ -const krb5_cc_ops krb5_acc_ops = { +KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops = { + KRB5_CC_OPS_VERSION, "API", acc_get_name, acc_resolve, @@ -1000,5 +1028,6 @@ const krb5_cc_ops krb5_acc_ops = { acc_get_cache_next, acc_end_cache_get, acc_move, - acc_default_name + acc_get_default_name, + acc_set_default }; diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c index f364f5974d..40abd874cc 100644 --- a/source4/heimdal/lib/krb5/addr_families.c +++ b/source4/heimdal/lib/krb5/addr_families.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c 22039 2007-11-10 11:47:35Z lha $"); +RCSID("$Id: addr_families.c 23316 2008-06-23 04:32:32Z lha $"); struct addr_operations { int af; @@ -202,7 +202,8 @@ ipv4_mask_boundary(krb5_context context, const krb5_address *inaddr, uint32_t l, h, m = 0xffffffff; if (len > 32) { - krb5_set_error_string(context, "IPv4 prefix too large (%ld)", len); + krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP, + "IPv4 prefix too large (%ld)", len); return KRB5_PROG_ATYPE_NOSUPP; } m = m << (32 - len); @@ -395,12 +396,14 @@ ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr, int i, sub_len; if (len > 128) { - krb5_set_error_string(context, "IPv6 prefix too large (%ld)", len); + krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP, + "IPv6 prefix too large (%ld)", len); return KRB5_PROG_ATYPE_NOSUPP; } if (inaddr->address.length != sizeof(addr)) { - krb5_set_error_string(context, "IPv6 addr bad length"); + krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP, + "IPv6 addr bad length"); return KRB5_PROG_ATYPE_NOSUPP; } @@ -786,8 +789,9 @@ krb5_sockaddr2address (krb5_context context, { struct addr_operations *a = find_af(sa->sa_family); if (a == NULL) { - krb5_set_error_string (context, "Address family %d not supported", - sa->sa_family); + krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, + "Address family %d not supported", + sa->sa_family); return KRB5_PROG_ATYPE_NOSUPP; } return (*a->sockaddr2addr)(sa, addr); @@ -813,8 +817,9 @@ krb5_sockaddr2port (krb5_context context, { struct addr_operations *a = find_af(sa->sa_family); if (a == NULL) { - krb5_set_error_string (context, "Address family %d not supported", - sa->sa_family); + krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, + "Address family %d not supported", + sa->sa_family); return KRB5_PROG_ATYPE_NOSUPP; } return (*a->sockaddr2port)(sa, port); @@ -851,14 +856,16 @@ krb5_addr2sockaddr (krb5_context context, struct addr_operations *a = find_atype(addr->addr_type); if (a == NULL) { - krb5_set_error_string (context, "Address type %d not supported", - addr->addr_type); + krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, + "Address type %d not supported", + addr->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } if (a->addr2sockaddr == NULL) { - krb5_set_error_string (context, - "Can't convert address type %d to sockaddr", - addr->addr_type); + krb5_set_error_message (context, + KRB5_PROG_ATYPE_NOSUPP, + "Can't convert address type %d to sockaddr", + addr->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } (*a->addr2sockaddr)(addr, sa, sa_size, port); @@ -935,7 +942,8 @@ krb5_h_addr2sockaddr (krb5_context context, { struct addr_operations *a = find_af(af); if (a == NULL) { - krb5_set_error_string (context, "Address family %d not supported", af); + krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, + "Address family %d not supported", af); return KRB5_PROG_ATYPE_NOSUPP; } (*a->h_addr2sockaddr)(addr, sa, sa_size, port); @@ -963,7 +971,8 @@ krb5_h_addr2addr (krb5_context context, { struct addr_operations *a = find_af(af); if (a == NULL) { - krb5_set_error_string (context, "Address family %d not supported", af); + krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, + "Address family %d not supported", af); return KRB5_PROG_ATYPE_NOSUPP; } return (*a->h_addr2addr)(haddr, addr); @@ -996,7 +1005,8 @@ krb5_anyaddr (krb5_context context, struct addr_operations *a = find_af (af); if (a == NULL) { - krb5_set_error_string (context, "Address family %d not supported", af); + krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, + "Address family %d not supported", af); return KRB5_PROG_ATYPE_NOSUPP; } @@ -1089,7 +1099,8 @@ krb5_parse_address(krb5_context context, if((*at[i].parse_addr)(context, string, &addr) == 0) { ALLOC_SEQ(addresses, 1); if (addresses->val == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + "malloc: out of memory"); return ENOMEM; } addresses->val[0] = addr; @@ -1100,9 +1111,12 @@ krb5_parse_address(krb5_context context, error = getaddrinfo (string, NULL, NULL, &ai); if (error) { + krb5_error_code ret2; save_errno = errno; - krb5_set_error_string (context, "%s: %s", string, gai_strerror(error)); - return krb5_eai_to_heim_errno(error, save_errno); + ret2 = krb5_eai_to_heim_errno(error, save_errno); + krb5_set_error_message (context, ret2, "%s: %s", + string, gai_strerror(error)); + return ret2; } n = 0; @@ -1111,7 +1125,8 @@ krb5_parse_address(krb5_context context, ALLOC_SEQ(addresses, n); if (addresses->val == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + "malloc: out of memory"); freeaddrinfo(ai); return ENOMEM; } @@ -1154,15 +1169,17 @@ krb5_address_order(krb5_context context, struct addr_operations *a; a = find_atype(addr1->addr_type); if(a == NULL) { - krb5_set_error_string (context, "Address family %d not supported", - addr1->addr_type); + krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, + "Address family %d not supported", + addr1->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } if(a->order_addr != NULL) return (*a->order_addr)(context, addr1, addr2); a = find_atype(addr2->addr_type); if(a == NULL) { - krb5_set_error_string (context, "Address family %d not supported", + krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, + "Address family %d not supported", addr2->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } @@ -1349,7 +1366,8 @@ krb5_append_addresses(krb5_context context, if(source->len > 0) { tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp)); if(tmp == NULL) { - krb5_set_error_string(context, "realloc: out of memory"); + krb5_set_error_message (context, ENOMEM, + "realloc: out of memory"); return ENOMEM; } dest->val = tmp; @@ -1391,13 +1409,15 @@ krb5_make_addrport (krb5_context context, *res = malloc (sizeof(**res)); if (*res == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, + "malloc: out of memory"); return ENOMEM; } (*res)->addr_type = KRB5_ADDRESS_ADDRPORT; ret = krb5_data_alloc (&(*res)->address, len); if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message (context, ret, + "malloc: out of memory"); free (*res); *res = NULL; return ret; @@ -1457,7 +1477,8 @@ krb5_address_prefixlen_boundary(krb5_context context, struct addr_operations *a = find_atype (inaddr->addr_type); if(a != NULL && a->mask_boundary != NULL) return (*a->mask_boundary)(context, inaddr, prefixlen, low, high); - krb5_set_error_string(context, "Address family %d doesn't support " + krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP, + "Address family %d doesn't support " "address mask operation", inaddr->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } diff --git a/source4/heimdal/lib/krb5/auth_context.c b/source4/heimdal/lib/krb5/auth_context.c index 323f17a245..e4fb50e5b8 100644 --- a/source4/heimdal/lib/krb5/auth_context.c +++ b/source4/heimdal/lib/krb5/auth_context.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: auth_context.c 21745 2007-07-31 16:11:25Z lha $"); +RCSID("$Id: auth_context.c 23273 2008-06-23 03:25:00Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_auth_con_init(krb5_context context, @@ -43,13 +43,13 @@ krb5_auth_con_init(krb5_context context, ALLOC(p, 1); if(!p) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memset(p, 0, sizeof(*p)); ALLOC(p->authenticator, 1); if (!p->authenticator) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); free(p); return ENOMEM; } @@ -174,7 +174,8 @@ krb5_auth_con_genaddrs(krb5_context context, len = sizeof(ss_local); if(getsockname(fd, local, &len) < 0) { ret = errno; - krb5_set_error_string (context, "getsockname: %s", + krb5_set_error_message(context, ret, + "getsockname: %s", strerror(ret)); goto out; } @@ -191,7 +192,8 @@ krb5_auth_con_genaddrs(krb5_context context, len = sizeof(ss_remote); if(getpeername(fd, remote, &len) < 0) { ret = errno; - krb5_set_error_string (context, "getpeername: %s", strerror(ret)); + krb5_set_error_message(context, ret, + "getpeername: %s", strerror(ret)); goto out; } ret = krb5_sockaddr2address (context, remote, &remote_k_address); @@ -239,7 +241,7 @@ krb5_auth_con_getaddrs(krb5_context context, krb5_free_address (context, *local_addr); *local_addr = malloc (sizeof(**local_addr)); if (*local_addr == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_copy_address(context, @@ -250,7 +252,7 @@ krb5_auth_con_getaddrs(krb5_context context, krb5_free_address (context, *remote_addr); *remote_addr = malloc (sizeof(**remote_addr)); if (*remote_addr == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); krb5_free_address (context, *local_addr); *local_addr = NULL; return ENOMEM; @@ -450,7 +452,7 @@ krb5_auth_con_getauthenticator(krb5_context context, { *authenticator = malloc(sizeof(**authenticator)); if (*authenticator == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } diff --git a/source4/heimdal/lib/krb5/build_auth.c b/source4/heimdal/lib/krb5/build_auth.c index f8739c044d..fe3a5f523c 100644 --- a/source4/heimdal/lib/krb5/build_auth.c +++ b/source4/heimdal/lib/krb5/build_auth.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: build_auth.c 17033 2006-04-10 08:53:21Z lha $"); +RCSID("$Id: build_auth.c 23273 2008-06-23 03:25:00Z lha $"); static krb5_error_code make_etypelist(krb5_context context, @@ -62,7 +62,7 @@ make_etypelist(krb5_context context, ALLOC_SEQ(&ad, 1); if (ad.val == NULL) { free(buf); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -81,14 +81,14 @@ make_etypelist(krb5_context context, ALLOC(*auth_data, 1); if (*auth_data == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ALLOC_SEQ(*auth_data, 1); if ((*auth_data)->val == NULL) { free(buf); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -118,7 +118,7 @@ krb5_build_authenticator (krb5_context context, auth = calloc(1, sizeof(*auth)); if (auth == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index 5db6d2b2cf..34bfb4a350 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c 22127 2007-12-04 00:54:37Z lha $"); +RCSID("$Id: cache.c 23417 2008-07-26 18:36:33Z lha $"); /** * Add a new ccache type with operations `ops', overwriting any @@ -59,9 +59,10 @@ krb5_cc_register(krb5_context context, for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) { if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) { if(!override) { - krb5_set_error_string(context, - "ccache type %s already exists", - ops->prefix); + krb5_set_error_message(context, + KRB5_CC_TYPE_EXISTS, + "ccache type %s already exists", + ops->prefix); return KRB5_CC_TYPE_EXISTS; } break; @@ -72,7 +73,8 @@ krb5_cc_register(krb5_context context, (context->num_cc_ops + 1) * sizeof(*context->cc_ops)); if(o == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + "malloc: out of memory"); return KRB5_CC_NOMEM; } context->num_cc_ops++; @@ -98,7 +100,7 @@ _krb5_cc_allocate(krb5_context context, p = malloc (sizeof(*p)); if(p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, "malloc: out of memory"); return KRB5_CC_NOMEM; } p->ops = ops; @@ -166,7 +168,8 @@ krb5_cc_resolve(krb5_context context, if (strchr (name, ':') == NULL) return allocate_ccache (context, &krb5_fcc_ops, name, id); else { - krb5_set_error_string(context, "unknown ccache type %s", name); + krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE, + "unknown ccache type %s", name); return KRB5_CC_UNKNOWN_TYPE; } } @@ -204,16 +207,14 @@ krb5_error_code KRB5_LIB_FUNCTION krb5_cc_new_unique(krb5_context context, const char *type, const char *hint, krb5_ccache *id) { - const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE; + const krb5_cc_ops *ops; krb5_error_code ret; - if (type) { - ops = krb5_cc_get_prefix_ops(context, type); - if (ops == NULL) { - krb5_set_error_string(context, - "Credential cache type %s is unknown", type); - return KRB5_CC_UNKNOWN_TYPE; - } + ops = krb5_cc_get_prefix_ops(context, type); + if (ops == NULL) { + krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE, + "Credential cache type %s is unknown", type); + return KRB5_CC_UNKNOWN_TYPE; } ret = _krb5_cc_allocate(context, ops, id); @@ -270,18 +271,20 @@ krb5_cc_get_full_name(krb5_context context, type = krb5_cc_get_type(context, id); if (type == NULL) { - krb5_set_error_string(context, "cache have no name of type"); + krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE, + "cache have no name of type"); return KRB5_CC_UNKNOWN_TYPE; } name = krb5_cc_get_name(context, id); if (name == NULL) { - krb5_set_error_string(context, "cache of type %s have no name", type); + krb5_set_error_message(context, KRB5_CC_BADNAME, + "cache of type %s have no name", type); return KRB5_CC_BADNAME; } if (asprintf(str, "%s:%s", type, name) == -1) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); *str = NULL; return ENOMEM; } @@ -327,7 +330,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) if (tmp2 == NULL) { free(*res); *res = NULL; - krb5_set_error_string(context, "variable missing }"); + krb5_set_error_message(context, KRB5_CONFIG_BADFORMAT, + "variable missing }"); return KRB5_CONFIG_BADFORMAT; } if (strncasecmp(tmp, "%{uid}", 6) == 0) @@ -337,10 +341,11 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) else { free(*res); *res = NULL; - krb5_set_error_string(context, - "expand default cache unknown " - "variable \"%.*s\"", - (int)(tmp2 - tmp) - 2, tmp + 2); + krb5_set_error_message(context, + KRB5_CONFIG_BADFORMAT, + "expand default cache unknown " + "variable \"%.*s\"", + (int)(tmp2 - tmp) - 2, tmp + 2); return KRB5_CONFIG_BADFORMAT; } str = tmp2 + 1; @@ -351,7 +356,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) if (append == NULL) { free(*res); *res = NULL; - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -361,7 +366,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) free(append); free(*res); *res = NULL; - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, + "malloc: out of memory"); return ENOMEM; } *res = tmp; @@ -406,11 +412,29 @@ environment_changed(krb5_context context) } /** - * Set the default cc name for `context' to `name'. + * Switch the default default credential cache for a specific + * credcache type (and name for some implementations). + * + * @return Returns 0 or an error code. * * @ingroup krb5_ccache */ +krb5_error_code +krb5_cc_switch(krb5_context context, krb5_ccache id) +{ + + if (id->ops->set_default == NULL) + return 0; + + return (*id->ops->set_default)(context, id); +} + +/** + * Set the default cc name for `context' to `name'. + * + * @ingroup krb5_ccache + */ krb5_error_code KRB5_LIB_FUNCTION krb5_cc_set_default_name(krb5_context context, const char *name) @@ -440,7 +464,19 @@ krb5_cc_set_default_name(krb5_context context, const char *name) } if (e == NULL) { const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE; - ret = (*ops->default_name)(context, &p); + e = krb5_config_get_string(context, NULL, "libdefaults", + "default_cc_type", NULL); + if (e) { + ops = krb5_cc_get_prefix_ops(context, e); + if (ops == NULL) { + krb5_set_error_message(context, + KRB5_CC_UNKNOWN_TYPE, + "Credential cache type %s " + "is unknown", e); + return KRB5_CC_UNKNOWN_TYPE; + } + } + ret = (*ops->get_default_name)(context, &p); if (ret) return ret; } @@ -452,7 +488,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name) } if (p == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -499,7 +535,7 @@ krb5_cc_default(krb5_context context, const char *p = krb5_cc_default_name(context); if (p == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } return krb5_cc_resolve(context, p, id); @@ -728,9 +764,10 @@ krb5_cc_remove_cred(krb5_context context, krb5_creds *cred) { if(id->ops->remove_cred == NULL) { - krb5_set_error_string(context, - "ccache %s does not support remove_cred", - id->ops->prefix); + krb5_set_error_message(context, + EACCES, + "ccache %s does not support remove_cred", + id->ops->prefix); return EACCES; /* XXX */ } return (*id->ops->remove_cred)(context, id, which, cred); @@ -846,10 +883,12 @@ krb5_cc_clear_mcred(krb5_creds *mcred) /** * Get the cc ops that is registered in `context' to handle the - * `prefix'. `prefix' can be a complete credential cache name or a + * prefix. prefix can be a complete credential cache name or a * prefix, the function will only use part up to the first colon (:) - * if there is one. - * Returns NULL if ops not found. + * if there is one. If prefix the argument is NULL, the default ccache + * implemtation is returned. + + * @return Returns NULL if ops not found. * * @ingroup krb5_ccache */ @@ -861,12 +900,14 @@ krb5_cc_get_prefix_ops(krb5_context context, const char *prefix) char *p, *p1; int i; + if (prefix == NULL) + return KRB5_DEFAULT_CCTYPE; if (prefix[0] == '/') return &krb5_fcc_ops; p = strdup(prefix); if (p == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return NULL; } p1 = strchr(p, ':'); @@ -911,20 +952,22 @@ krb5_cc_cache_get_first (krb5_context context, ops = krb5_cc_get_prefix_ops(context, type); if (ops == NULL) { - krb5_set_error_string(context, "Unknown type \"%s\" when iterating " - "trying to iterate the credential caches", type); + krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE, + "Unknown type \"%s\" when iterating " + "trying to iterate the credential caches", type); return KRB5_CC_UNKNOWN_TYPE; } if (ops->get_cache_first == NULL) { - krb5_set_error_string(context, "Credential cache type %s doesn't support " - "iterations over caches", ops->prefix); + krb5_set_error_message(context, KRB5_CC_NOSUPP, + "Credential cache type %s doesn't support " + "iterations over caches", ops->prefix); return KRB5_CC_NOSUPP; } *cursor = calloc(1, sizeof(**cursor)); if (*cursor == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -1028,8 +1071,10 @@ krb5_cc_cache_match (krb5_context context, krb5_unparse_name(context, client, &str); - krb5_set_error_string(context, "Principal %s not found in a " - "credential cache", str ? str : ""); + krb5_set_error_message(context, KRB5_CC_NOTFOUND, + "Principal %s not found in a " + "credential cache", + str ? str : ""); if (str) free(str); return KRB5_CC_NOTFOUND; @@ -1059,8 +1104,9 @@ krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to) krb5_error_code ret; if (strcmp(from->ops->prefix, to->ops->prefix) != 0) { - krb5_set_error_string(context, "Moving credentials between diffrent " - "types not yet supported"); + krb5_set_error_message(context, KRB5_CC_NOSUPP, + "Moving credentials between diffrent " + "types not yet supported"); return KRB5_CC_NOSUPP; } @@ -1071,3 +1117,123 @@ krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to) } return ret; } + +#define KRB5_CONF_NAME "@krb5_ccache_conf_data" + +static krb5_error_code +build_conf_principals(krb5_context context, krb5_ccache id, + krb5_const_principal principal, + const char *name, krb5_creds *cred) +{ + krb5_principal client; + krb5_error_code ret; + char *pname = NULL; + + memset(cred, 0, sizeof(*cred)); + + ret = krb5_cc_get_principal(context, id, &client); + if (ret) + return ret; + + if (principal) { + ret = krb5_unparse_name(context, principal, &pname); + if (ret) + return ret; + } + + ret = krb5_make_principal(context, &cred->server, + krb5_principal_get_realm(context, client), + KRB5_CONF_NAME, name, pname, NULL); + free(pname); + if (ret) { + krb5_free_principal(context, client); + return ret; + } + ret = krb5_copy_principal(context, client, &cred->client); + krb5_free_principal(context, client); + return ret; +} + +/** + * Store some configuration for the credential cache in the cache. + * Existing configuration under the same name is over-written. + * + * @param context a Keberos context + * @param id the credential cache to store the data for + * @param principal configuration for a specific principal, if + * NULL, global for the whole cache. + * @param name name under which the configuraion is stored. + * @param data data to store + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_set_config(krb5_context context, krb5_ccache id, + krb5_const_principal principal, + const char *name, krb5_data *data) +{ + krb5_error_code ret; + krb5_creds cred; + + ret = build_conf_principals(context, id, principal, name, &cred); + if (ret) + goto out; + + /* Remove old configuration */ + ret = krb5_cc_remove_cred(context, id, 0, &cred); + if (ret) + goto out; + + /* not that anyone care when this expire */ + cred.times.authtime = time(NULL); + cred.times.endtime = cred.times.authtime + 3600 * 24 * 30; + + ret = krb5_data_copy(&cred.ticket, data->data, data->length); + if (ret) + goto out; + + ret = krb5_cc_store_cred(context, id, &cred); + +out: + krb5_free_cred_contents (context, &cred); + return ret; +} + +/** + * Get some configuration for the credential cache in the cache. + * + * @param context a Keberos context + * @param id the credential cache to store the data for + * @param principal configuration for a specific principal, if + * NULL, global for the whole cache. + * @param name name under which the configuraion is stored. + * @param data data to fetched, free with krb5_data_free() + */ + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_get_config(krb5_context context, krb5_ccache id, + krb5_const_principal principal, + const char *name, krb5_data *data) +{ + krb5_creds mcred, cred; + krb5_error_code ret; + + memset(&cred, 0, sizeof(cred)); + krb5_data_zero(data); + + ret = build_conf_principals(context, id, principal, name, &mcred); + if (ret) + goto out; + + ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred); + if (ret) + goto out; + + ret = krb5_data_copy(data, cred.ticket.data, cred.ticket.length); + +out: + krb5_free_cred_contents (context, &cred); + krb5_free_cred_contents (context, &mcred); + return ret; +} + diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c index 703cf43eb6..ac1a2d312e 100644 --- a/source4/heimdal/lib/krb5/changepw.c +++ b/source4/heimdal/lib/krb5/changepw.c @@ -33,7 +33,11 @@ #include -RCSID("$Id: changepw.c 21505 2007-07-12 12:28:38Z lha $"); +RCSID("$Id: changepw.c 23445 2008-07-27 12:08:03Z lha $"); + +#undef __attribute__ +#define __attribute__(X) + static void str2data (krb5_data *d, @@ -141,7 +145,8 @@ chgpw_send_request (krb5_context context, if (sendmsg (sock, &msghdr, 0) < 0) { ret = errno; - krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret)); + krb5_set_error_message(context, ret, "sendmsg %s: %s", + host, strerror(ret)); } krb5_data_free (&krb_priv_data); @@ -250,7 +255,8 @@ setpw_send_request (krb5_context context, if (sendmsg (sock, &msghdr, 0) < 0) { ret = errno; - krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret)); + krb5_set_error_message(context, ret, "sendmsg %s: %s", + host, strerror(ret)); } krb5_data_free (&krb_priv_data); @@ -286,11 +292,12 @@ process_reply (krb5_context context, 0, NULL, NULL); if (ret < 0) { save_errno = errno; - krb5_set_error_string(context, "recvfrom %s: %s", - host, strerror(save_errno)); + krb5_set_error_message(context, save_errno, + "recvfrom %s: %s", + host, strerror(save_errno)); return save_errno; } else if (ret == 0) { - krb5_set_error_string(context, "recvfrom timeout %s", host); + krb5_set_error_message(context, 1,"recvfrom timeout %s", host); return 1; } len += ret; @@ -304,16 +311,18 @@ process_reply (krb5_context context, break; } if (len == sizeof(reply)) { - krb5_set_error_string(context, "message too large from %s", - host); + krb5_set_error_message(context, ENOMEM, + "message too large from %s", + host); return ENOMEM; } } else { ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL); if (ret < 0) { save_errno = errno; - krb5_set_error_string(context, "recvfrom %s: %s", - host, strerror(save_errno)); + krb5_set_error_message(context, save_errno, + "recvfrom %s: %s", + host, strerror(save_errno)); return save_errno; } len = ret; @@ -522,7 +531,7 @@ change_password_loop (krb5_context context, krb5_krbhst_handle handle = NULL; krb5_krbhst_info *hi; int sock; - int i; + unsigned int i; int done = 0; krb5_realm realm; @@ -571,6 +580,7 @@ change_password_loop (krb5_context context, sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol); if (sock < 0) continue; + rk_cloexec(sock); ret = connect(sock, a->ai_addr, a->ai_addrlen); if (ret < 0) { @@ -607,8 +617,9 @@ change_password_loop (krb5_context context, } if (sock >= FD_SETSIZE) { - krb5_set_error_string(context, "fd %d too large", sock); ret = ERANGE; + krb5_set_error_message(context, ret, + "fd %d too large", sock); close (sock); goto out; } @@ -647,24 +658,32 @@ change_password_loop (krb5_context context, out: krb5_krbhst_free (context, handle); krb5_auth_con_free (context, auth_context); - if (done) - return 0; - else { - if (ret == KRB5_KDC_UNREACH) { - krb5_set_error_string(context, - "unable to reach any changepw server " - " in realm %s", realm); - *result_code = KRB5_KPASSWD_HARDERROR; - } - return ret; + + if (ret == KRB5_KDC_UNREACH) { + krb5_set_error_message(context, + ret, + "unable to reach any changepw server " + " in realm %s", realm); + *result_code = KRB5_KPASSWD_HARDERROR; } + return ret; } +#ifndef HEIMDAL_SMALLER -/* - * change the password using the credentials in `creds' (for the - * principal indicated in them) to `newpw', storing the result of - * the operation in `result_*' and an error code or 0. +/** + * krb5_change_password() is deprecated, use krb5_set_password(). + * + * @param context a Keberos context + * @param creds + * @param newpw + * @param result_code + * @param result_code_string + * @param result_string + * + * @return On sucess password is changed. + + * @ingroup @krb5_deprecated */ krb5_error_code KRB5_LIB_FUNCTION @@ -674,6 +693,7 @@ krb5_change_password (krb5_context context, int *result_code, krb5_data *result_code_string, krb5_data *result_string) + __attribute__((deprecated)) { struct kpwd_proc *p = find_chpw_proto("change password"); @@ -688,9 +708,24 @@ krb5_change_password (krb5_context context, result_code, result_code_string, result_string, p); } +#endif /* HEIMDAL_SMALLER */ -/* +/** + * Change passwrod using creds. + * + * @param context a Keberos context + * @param creds The initial kadmin/passwd for the principal or an admin principal + * @param newpw The new password to set + * @param targprinc if unset, the default principal is used. + * @param result_code Result code, KRB5_KPASSWD_SUCCESS is when password is changed. + * @param result_code_string binary message from the server, contains + * at least the result_code. + * @param result_string A message from the kpasswd service or the + * library in human printable form. The string is NUL terminated. * + * @return On sucess and *result_code is KRB5_KPASSWD_SUCCESS, the password is changed. + + * @ingroup @krb5 */ krb5_error_code KRB5_LIB_FUNCTION @@ -707,8 +742,8 @@ krb5_set_password(krb5_context context, int i; *result_code = KRB5_KPASSWD_MALFORMED; - result_code_string->data = result_string->data = NULL; - result_code_string->length = result_string->length = 0; + krb5_data_zero(result_code_string); + krb5_data_zero(result_string); if (targprinc == NULL) { ret = krb5_get_default_principal(context, &principal); @@ -732,6 +767,8 @@ krb5_set_password(krb5_context context, return ret; } +#ifndef HEIMDAL_SMALLER + /* * */ @@ -797,6 +834,8 @@ krb5_set_password_using_ccache(krb5_context context, return ret; } +#endif /* !HEIMDAL_SMALLER */ + /* * */ diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c index ac5eba39dc..bf3c432397 100644 --- a/source4/heimdal/lib/krb5/config_file.c +++ b/source4/heimdal/lib/krb5/config_file.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file.c 19213 2006-12-04 23:36:36Z lha $"); +RCSID("$Id: config_file.c 23280 2008-06-23 03:26:18Z lha $"); #ifndef HAVE_NETINFO @@ -295,7 +295,8 @@ krb5_config_parse_string_multi(krb5_context context, ret = krb5_config_parse_debug (&f, res, &lineno, &str); if (ret) { - krb5_set_error_string (context, "%s:%u: %s", "", lineno, str); + krb5_set_error_message (context, ret, "%s:%u: %s", + "", lineno, str); return ret; } return 0; @@ -314,14 +315,15 @@ krb5_config_parse_file_multi (krb5_context context, f.s = NULL; if(f.f == NULL) { ret = errno; - krb5_set_error_string (context, "open %s: %s", fname, strerror(ret)); + krb5_set_error_message (context, ret, "open %s: %s", + fname, strerror(ret)); return ret; } ret = krb5_config_parse_debug (&f, res, &lineno, &str); fclose(f.f); if (ret) { - krb5_set_error_string (context, "%s:%u: %s", fname, lineno, str); + krb5_set_error_message (context, ret, "%s:%u: %s", fname, lineno, str); return ret; } return 0; diff --git a/source4/heimdal/lib/krb5/constants.c b/source4/heimdal/lib/krb5/constants.c index 5188a1d3a8..8fffb0f402 100644 --- a/source4/heimdal/lib/krb5/constants.c +++ b/source4/heimdal/lib/krb5/constants.c @@ -33,11 +33,11 @@ #include "krb5_locl.h" -RCSID("$Id: constants.c 14253 2004-09-23 07:57:37Z joda $"); +RCSID("$Id: constants.c 23026 2008-04-17 10:02:03Z lha $"); -const char *krb5_config_file = +KRB5_LIB_VARIABLE const char *krb5_config_file = #ifdef __APPLE__ "/Library/Preferences/edu.mit.Kerberos:" #endif SYSCONFDIR "/krb5.conf:/etc/krb5.conf"; -const char *krb5_defkeyname = KEYTAB_DEFAULT; +KRB5_LIB_VARIABLE const char *krb5_defkeyname = KEYTAB_DEFAULT; diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index 256783310e..543dba396d 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: context.c 22293 2007-12-14 05:25:59Z lha $"); +RCSID("$Id: context.c 23420 2008-07-26 18:37:48Z lha $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -68,7 +68,7 @@ set_etypes (krb5_context context, etypes = malloc((i+1) * sizeof(*etypes)); if (etypes == NULL) { krb5_config_free_strings (etypes_str); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); return ENOMEM; } for(j = 0, k = 0; j < i; j++) { @@ -246,6 +246,9 @@ krb5_init_context(krb5_context *context) krb5_cc_register(p, &krb5_acc_ops, TRUE); krb5_cc_register(p, &krb5_fcc_ops, TRUE); krb5_cc_register(p, &krb5_mcc_ops, TRUE); +#if 0 + krb5_cc_register(p, &krb5_scc_ops, TRUE); +#endif #ifdef HAVE_KCM krb5_cc_register(p, &krb5_kcm_ops, TRUE); #endif @@ -257,8 +260,6 @@ krb5_init_context(krb5_context *context) krb5_kt_register (p, &krb5_javakt_ops); krb5_kt_register (p, &krb5_mkt_ops); krb5_kt_register (p, &krb5_akf_ops); - krb5_kt_register (p, &krb4_fkt_ops); - krb5_kt_register (p, &krb5_srvtab_fkt_ops); krb5_kt_register (p, &krb5_any_ops); out: @@ -552,7 +553,7 @@ default_etypes(krb5_context context, krb5_enctype **etype) ep = realloc(e, (n + 2) * sizeof(*e)); if (ep == NULL) { free(e); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); return ENOMEM; } e = ep; @@ -594,7 +595,7 @@ krb5_set_default_in_tkt_etypes(krb5_context context, ++i; ALLOC(p, i); if(!p) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memmove(p, etypes, i * sizeof(krb5_enctype)); @@ -623,26 +624,26 @@ krb5_error_code KRB5_LIB_FUNCTION krb5_get_default_in_tkt_etypes(krb5_context context, krb5_enctype **etypes) { - krb5_enctype *p; - int i; - krb5_error_code ret; - - if(context->etypes) { - for(i = 0; context->etypes[i]; i++); - ++i; - ALLOC(p, i); - if(!p) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; + krb5_enctype *p; + int i; + krb5_error_code ret; + + if(context->etypes) { + for(i = 0; context->etypes[i]; i++); + ++i; + ALLOC(p, i); + if(!p) { + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + memmove(p, context->etypes, i * sizeof(krb5_enctype)); + } else { + ret = default_etypes(context, &p); + if (ret) + return ret; } - memmove(p, context->etypes, i * sizeof(krb5_enctype)); - } else { - ret = default_etypes(context, &p); - if (ret) - return ret; - } - *etypes = p; - return 0; + *etypes = p; + return 0; } /** @@ -776,7 +777,7 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) if(context->extra_addresses == NULL) { context->extra_addresses = malloc(sizeof(*context->extra_addresses)); if(context->extra_addresses == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); return ENOMEM; } } @@ -858,7 +859,7 @@ krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) if(context->ignore_addresses == NULL) { context->ignore_addresses = malloc(sizeof(*context->ignore_addresses)); if(context->ignore_addresses == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); return ENOMEM; } } @@ -986,7 +987,7 @@ krb5_get_dns_canonicalize_hostname (krb5_context context) * @param sec seconds part of offset. * @param usec micro seconds part of offset. * - * @return return non zero if the library uses DNS to canonicalize hostnames. + * @return returns zero * * @ingroup krb5 */ @@ -1001,6 +1002,27 @@ krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec) return 0; } +/** + * Set current offset in time to the KDC. + * + * @param context Kerberos 5 context. + * @param sec seconds part of offset. + * @param usec micro seconds part of offset. + * + * @return returns zero + * + * @ingroup krb5 + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec) +{ + context->kdc_sec_offset = sec; + if (usec >= 0) + context->kdc_usec_offset = usec; + return 0; +} + /** * Get max time skew allowed. * diff --git a/source4/heimdal/lib/krb5/convert_creds.c b/source4/heimdal/lib/krb5/convert_creds.c index b2af0187ea..07943efb28 100644 --- a/source4/heimdal/lib/krb5/convert_creds.c +++ b/source4/heimdal/lib/krb5/convert_creds.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: convert_creds.c 22050 2007-11-11 11:20:46Z lha $"); +RCSID("$Id: convert_creds.c 23280 2008-06-23 03:26:18Z lha $"); #include "krb5-v4compat.h" @@ -97,7 +97,7 @@ krb524_convert_creds_kdc(krb5_context context, sp = krb5_storage_from_mem(reply.data, reply.length); if(sp == NULL) { ret = ENOMEM; - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); goto out2; } krb5_ret_int32(sp, &tmp); @@ -132,8 +132,8 @@ krb524_convert_creds_kdc(krb5_context context, goto out; memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8); } else { - krb5_set_error_string(context, "converting credentials: %s", - krb5_get_err_text(context, ret)); + krb5_set_error_message (context, ret, "converting credentials: %s", + krb5_get_err_text(context, ret)); } out: krb5_storage_free(sp); diff --git a/source4/heimdal/lib/krb5/copy_host_realm.c b/source4/heimdal/lib/krb5/copy_host_realm.c index 8c4f39b4ac..cbe333850c 100644 --- a/source4/heimdal/lib/krb5/copy_host_realm.c +++ b/source4/heimdal/lib/krb5/copy_host_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: copy_host_realm.c 22057 2007-11-11 15:13:13Z lha $"); +RCSID("$Id: copy_host_realm.c 23280 2008-06-23 03:26:18Z lha $"); /** * Copy the list of realms from `from' to `to'. @@ -53,24 +53,23 @@ krb5_copy_host_realm(krb5_context context, const krb5_realm *from, krb5_realm **to) { - int n, i; + unsigned int n, i; const krb5_realm *p; - for (n = 0, p = from; *p != NULL; ++p) + for (n = 1, p = from; *p != NULL; ++p) ++n; - ++n; - *to = malloc (n * sizeof(**to)); + + *to = calloc (n, sizeof(**to)); if (*to == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); return ENOMEM; } - for (i = 0; i < n; ++i) - (*to)[i] = NULL; + for (i = 0, p = from; *p != NULL; ++p, ++i) { (*to)[i] = strdup(*p); if ((*to)[i] == NULL) { krb5_free_host_realm (context, *to); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); return ENOMEM; } } diff --git a/source4/heimdal/lib/krb5/crc.c b/source4/heimdal/lib/krb5/crc.c index 072c29d689..e8ddecf7ba 100644 --- a/source4/heimdal/lib/krb5/crc.c +++ b/source4/heimdal/lib/krb5/crc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: crc.c 17442 2006-05-05 09:31:15Z lha $"); +RCSID("$Id: crc.c 22862 2008-04-07 18:49:55Z lha $"); static u_long table[256]; @@ -44,7 +44,7 @@ _krb5_crc_init_table(void) { static int flag = 0; unsigned long crc, poly; - int i, j; + unsigned int i, j; if(flag) return; poly = CRC_GEN; diff --git a/source4/heimdal/lib/krb5/creds.c b/source4/heimdal/lib/krb5/creds.c index 17ef46dfa3..938ec294a4 100644 --- a/source4/heimdal/lib/krb5/creds.c +++ b/source4/heimdal/lib/krb5/creds.c @@ -33,11 +33,13 @@ #include "krb5_locl.h" -RCSID("$Id: creds.c 22062 2007-11-11 15:41:50Z lha $"); +RCSID("$Id: creds.c 23280 2008-06-23 03:26:18Z lha $"); #undef __attribute__ #define __attribute__(X) +#ifndef HEIMDAL_SMALLER + /* keep this for compatibility with older code */ krb5_error_code KRB5_LIB_FUNCTION __attribute__((deprecated)) krb5_free_creds_contents (krb5_context context, krb5_creds *c) @@ -45,6 +47,8 @@ krb5_free_creds_contents (krb5_context context, krb5_creds *c) return krb5_free_cred_contents (context, c); } +#endif /* HEIMDAL_SMALLER */ + /** * Free content of krb5_creds. * @@ -152,7 +156,7 @@ krb5_copy_creds (krb5_context context, c = malloc (sizeof (*c)); if (c == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memset (c, 0, sizeof(*c)); diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 2e63490946..e91cb9391a 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,8 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c 22200 2007-12-07 13:48:01Z lha $"); +RCSID("$Id: crypto.c 23454 2008-07-27 12:11:44Z lha $"); +#include #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -111,7 +112,6 @@ struct checksum_type { struct encryption_type { krb5_enctype type; const char *name; - heim_oid *oid; size_t blocksize; size_t padsize; size_t confoundersize; @@ -178,7 +178,7 @@ static void krb5_DES_schedule(krb5_context context, struct key_data *key) { - DES_set_key(key->key->keyvalue.data, key->schedule->data); + DES_set_key_unchecked(key->key->keyvalue.data, key->schedule->data); } #ifdef ENABLE_AFS_STRING_TO_KEY @@ -245,12 +245,12 @@ krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw, memcpy(&ivec, "kerberos", 8); memcpy(&temp_key, "kerberos", 8); DES_set_odd_parity (&temp_key); - DES_set_key (&temp_key, &schedule); + DES_set_key_unchecked (&temp_key, &schedule); DES_cbc_cksum ((void*)password, &ivec, passlen, &schedule, &ivec); memcpy(&temp_key, &ivec, 8); DES_set_odd_parity (&temp_key); - DES_set_key (&temp_key, &schedule); + DES_set_key_unchecked (&temp_key, &schedule); DES_cbc_cksum ((void*)password, key, passlen, &schedule, &ivec); memset(&schedule, 0, sizeof(schedule)); memset(&temp_key, 0, sizeof(temp_key)); @@ -305,7 +305,7 @@ DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) DES_set_odd_parity(key); if(DES_is_weak_key(key)) (*key)[7] ^= 0xF0; - DES_set_key(key, &schedule); + DES_set_key_unchecked(key, &schedule); DES_cbc_cksum((void*)data, key, length, &schedule, key); memset(&schedule, 0, sizeof(schedule)); DES_set_odd_parity(key); @@ -338,7 +338,7 @@ krb5_DES_string_to_key(krb5_context context, len = password.length + salt.saltvalue.length; s = malloc(len); if(len > 0 && s == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy(s, password.data, password.length); @@ -390,9 +390,9 @@ DES3_schedule(krb5_context context, { DES_cblock *k = key->key->keyvalue.data; DES_key_schedule *s = key->schedule->data; - DES_set_key(&k[0], &s[0]); - DES_set_key(&k[1], &s[1]); - DES_set_key(&k[2], &s[2]); + DES_set_key_unchecked(&k[0], &s[0]); + DES_set_key_unchecked(&k[1], &s[1]); + DES_set_key_unchecked(&k[2], &s[2]); } /* @@ -430,7 +430,7 @@ DES3_string_to_key(krb5_context context, len = password.length + salt.saltvalue.length; str = malloc(len); if(len != 0 && str == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy(str, password.data, password.length); @@ -444,7 +444,7 @@ DES3_string_to_key(krb5_context context, if (ret) { memset(str, 0, len); free(str); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message (context, ret, "malloc: out of memory"); return ret; } @@ -453,7 +453,7 @@ DES3_string_to_key(krb5_context context, DES_set_odd_parity(keys + i); if(DES_is_weak_key(keys + i)) xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); - DES_set_key(keys + i, &s[i]); + DES_set_key_unchecked(keys + i, &s[i]); } memset(&ivec, 0, sizeof(ivec)); DES_ede3_cbc_encrypt(tmp, @@ -491,7 +491,7 @@ DES3_string_to_key_derived(krb5_context context, s = malloc(len); if(len != 0 && s == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy(s, password.data, password.length); @@ -560,35 +560,49 @@ ARCFOUR_string_to_key(krb5_context context, krb5_data opaque, krb5_keyblock *key) { - char *s, *p; - size_t len; - int i; - MD4_CTX m; krb5_error_code ret; + uint16_t *s; + size_t len, i; + MD4_CTX m; - len = 2 * password.length; - s = malloc (len); + ret = wind_utf8ucs2_length(password.data, &len); + if (ret) { + krb5_set_error_message (context, ret, "Password not an UCS2 string"); + return ret; + } + + s = malloc (len * sizeof(s[0])); if (len != 0 && s == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + return ENOMEM; } - for (p = s, i = 0; i < password.length; ++i) { - *p++ = ((char *)password.data)[i]; - *p++ = 0; + + ret = wind_utf8ucs2(password.data, s, &len); + if (ret) { + krb5_set_error_message (context, ret, "Password not an UCS2 string"); + goto out; } + + /* LE encoding */ MD4_Init (&m); - MD4_Update (&m, s, len); + for (i = 0; i < len; i++) { + unsigned char p; + p = (s[i] & 0xff); + MD4_Update (&m, &p, 1); + p = (s[i] >> 8) & 0xff; + MD4_Update (&m, &p, 1); + } + key->keytype = enctype; ret = krb5_data_alloc (&key->keyvalue, 16); if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); goto out; } MD4_Final (key->keyvalue.data, &m); - memset (s, 0, len); ret = 0; out: + memset (s, 0, len); free (s); return ret; } @@ -628,13 +642,13 @@ AES_string_to_key(krb5_context context, kd.schedule = NULL; ALLOC(kd.key, 1); if(kd.key == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); return ENOMEM; } kd.key->keytype = enctype; ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); if (ret) { - krb5_set_error_string(context, "Failed to allocate pkcs5 key"); + krb5_set_error_message (context, ret, "malloc: out of memory"); return ret; } @@ -644,7 +658,8 @@ AES_string_to_key(krb5_context context, et->keytype->size, kd.key->keyvalue.data); if (ret != 1) { free_key_data(context, &kd); - krb5_set_error_string(context, "Error calculating s2k"); + krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, + "Error calculating s2k"); return KRB5_PROG_KEYTYPE_NOSUPP; } @@ -847,21 +862,24 @@ krb5_salttype_to_string (krb5_context context, e = _find_enctype (etype); if (e == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - etype); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + etype); return KRB5_PROG_ETYPE_NOSUPP; } for (st = e->keytype->string_to_key; st && st->type; st++) { if (st->type == stype) { *string = strdup (st->name); if (*string == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, + "malloc: out of memory"); return ENOMEM; } return 0; } } - krb5_set_error_string(context, "salttype %d not supported", stype); + krb5_set_error_message (context, HEIM_ERR_SALTTYPE_NOSUPP, + "salttype %d not supported", stype); return HEIM_ERR_SALTTYPE_NOSUPP; } @@ -876,8 +894,9 @@ krb5_string_to_salttype (krb5_context context, e = _find_enctype (etype); if (e == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - etype); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + etype); return KRB5_PROG_ETYPE_NOSUPP; } for (st = e->keytype->string_to_key; st && st->type; st++) { @@ -886,7 +905,8 @@ krb5_string_to_salttype (krb5_context context, return 0; } } - krb5_set_error_string(context, "salttype %s not supported", string); + krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP, + "salttype %s not supported", string); return HEIM_ERR_SALTTYPE_NOSUPP; } @@ -988,16 +1008,18 @@ krb5_string_to_key_data_salt_opaque (krb5_context context, struct encryption_type *et =_find_enctype(enctype); struct salt_type *st; if(et == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - enctype); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + enctype); return KRB5_PROG_ETYPE_NOSUPP; } for(st = et->keytype->string_to_key; st && st->type; st++) if(st->type == salt.salttype) return (*st->string_to_key)(context, enctype, password, salt, opaque, key); - krb5_set_error_string(context, "salt type %d not supported", - salt.salttype); + krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP, + "salt type %d not supported", + salt.salttype); return HEIM_ERR_SALTTYPE_NOSUPP; } @@ -1042,12 +1064,13 @@ krb5_keytype_to_string(krb5_context context, { struct key_type *kt = _find_keytype(keytype); if(kt == NULL) { - krb5_set_error_string(context, "key type %d not supported", keytype); + krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, + "key type %d not supported", keytype); return KRB5_PROG_KEYTYPE_NOSUPP; } *string = strdup(kt->name); if(*string == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } return 0; @@ -1058,13 +1081,24 @@ krb5_string_to_keytype(krb5_context context, const char *string, krb5_keytype *keytype) { + char *end; int i; + for(i = 0; i < num_keytypes; i++) if(strcasecmp(keytypes[i]->name, string) == 0){ *keytype = keytypes[i]->type; return 0; } - krb5_set_error_string(context, "key type %s not supported", string); + + /* check if the enctype is a number */ + *keytype = strtol(string, &end, 0); + if(*end == '\0' && *keytype != 0) { + if (krb5_enctype_valid(context, *keytype) == 0) + return 0; + } + + krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, + "key type %s not supported", string); return KRB5_PROG_KEYTYPE_NOSUPP; } @@ -1075,8 +1109,9 @@ krb5_enctype_keysize(krb5_context context, { struct encryption_type *et = _find_enctype(type); if(et == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - type); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + type); return KRB5_PROG_ETYPE_NOSUPP; } *keysize = et->keytype->size; @@ -1090,7 +1125,8 @@ krb5_enctype_keybits(krb5_context context, { struct encryption_type *et = _find_enctype(type); if(et == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", type); return KRB5_PROG_ETYPE_NOSUPP; } @@ -1106,8 +1142,9 @@ krb5_generate_random_keyblock(krb5_context context, krb5_error_code ret; struct encryption_type *et = _find_enctype(type); if(et == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - type); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + type); return KRB5_PROG_ETYPE_NOSUPP; } ret = krb5_data_alloc(&key->keyvalue, et->keytype->size); @@ -1136,7 +1173,7 @@ _key_schedule(krb5_context context, return 0; ALLOC(key->schedule, 1); if(key->schedule == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = krb5_data_alloc(key->schedule, kt->schedule_size); @@ -1481,8 +1518,9 @@ krb5_hmac(krb5_context context, krb5_error_code ret; if (c == NULL) { - krb5_set_error_string (context, "checksum type %d not supported", - cktype); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + "checksum type %d not supported", + cktype); return KRB5_PROG_SUMTYPE_NOSUPP; } @@ -1797,7 +1835,7 @@ get_checksum_key(krb5_context context, *key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */); if(*key == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = krb5_copy_keyblock(context, crypto->key.key, &(*key)->key); @@ -1832,9 +1870,10 @@ create_checksum (krb5_context context, } keyed_checksum = (ct->flags & F_KEYED) != 0; if(keyed_checksum && crypto == NULL) { - krb5_set_error_string (context, "Checksum type %s is keyed " - "but no crypto context (key) was passed in", - ct->name); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + "Checksum type %s is keyed " + "but no crypto context (key) was passed in", + ct->name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } if(keyed_checksum) { @@ -1880,8 +1919,9 @@ krb5_create_checksum(krb5_context context, } if(ct == NULL) { - krb5_set_error_string (context, "checksum type %d not supported", - type); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + "checksum type %d not supported", + type); return KRB5_PROG_SUMTYPE_NOSUPP; } @@ -1911,7 +1951,8 @@ verify_checksum(krb5_context context, ct = _find_checksum(cksum->cksumtype); if (ct == NULL || (ct->flags & F_DISABLED)) { - krb5_set_error_string (context, "checksum type %d not supported", + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + "checksum type %d not supported", cksum->cksumtype); return KRB5_PROG_SUMTYPE_NOSUPP; } @@ -1921,9 +1962,10 @@ verify_checksum(krb5_context context, } keyed_checksum = (ct->flags & F_KEYED) != 0; if(keyed_checksum && crypto == NULL) { - krb5_set_error_string (context, "Checksum type %s is keyed " - "but no crypto context (key) was passed in", - ct->name); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + "Checksum type %s is keyed " + "but no crypto context (key) was passed in", + ct->name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } if(keyed_checksum) @@ -1963,8 +2005,9 @@ krb5_verify_checksum(krb5_context context, ct = _find_checksum(cksum->cksumtype); if(ct == NULL) { - krb5_set_error_string (context, "checksum type %d not supported", - cksum->cksumtype); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + "checksum type %d not supported", + cksum->cksumtype); return KRB5_PROG_SUMTYPE_NOSUPP; } @@ -1992,7 +2035,8 @@ krb5_crypto_get_checksum_type(krb5_context context, } if (ct == NULL) { - krb5_set_error_string (context, "checksum type not found"); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + "checksum type not found"); return KRB5_PROG_SUMTYPE_NOSUPP; } @@ -2009,8 +2053,9 @@ krb5_checksumsize(krb5_context context, { struct checksum_type *ct = _find_checksum(type); if(ct == NULL) { - krb5_set_error_string (context, "checksum type %d not supported", - type); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + "checksum type %d not supported", + type); return KRB5_PROG_SUMTYPE_NOSUPP; } *size = ct->checksumsize; @@ -2024,8 +2069,9 @@ krb5_checksum_is_keyed(krb5_context context, struct checksum_type *ct = _find_checksum(type); if(ct == NULL) { if (context) - krb5_set_error_string (context, "checksum type %d not supported", - type); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + "checksum type %d not supported", + type); return KRB5_PROG_SUMTYPE_NOSUPP; } return ct->flags & F_KEYED; @@ -2038,8 +2084,9 @@ krb5_checksum_is_collision_proof(krb5_context context, struct checksum_type *ct = _find_checksum(type); if(ct == NULL) { if (context) - krb5_set_error_string (context, "checksum type %d not supported", - type); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + "checksum type %d not supported", + type); return KRB5_PROG_SUMTYPE_NOSUPP; } return ct->flags & F_CPROOF; @@ -2052,8 +2099,9 @@ krb5_checksum_disable(krb5_context context, struct checksum_type *ct = _find_checksum(type); if(ct == NULL) { if (context) - krb5_set_error_string (context, "checksum type %d not supported", - type); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + "checksum type %d not supported", + type); return KRB5_PROG_SUMTYPE_NOSUPP; } ct->flags |= F_DISABLED; @@ -2478,7 +2526,7 @@ AES_PRF(krb5_context context, result.cksumtype = ct->type; ret = krb5_data_alloc(&result.checksum, ct->checksumsize); if (ret) { - krb5_set_error_string(context, "out memory"); + krb5_set_error_message(context, ret, "out memory"); return ret; } @@ -2519,7 +2567,6 @@ AES_PRF(krb5_context context, static struct encryption_type enctype_null = { ETYPE_NULL, "null", - NULL, 1, 1, 0, @@ -2534,7 +2581,6 @@ static struct encryption_type enctype_null = { static struct encryption_type enctype_des_cbc_crc = { ETYPE_DES_CBC_CRC, "des-cbc-crc", - NULL, 8, 8, 8, @@ -2549,7 +2595,6 @@ static struct encryption_type enctype_des_cbc_crc = { static struct encryption_type enctype_des_cbc_md4 = { ETYPE_DES_CBC_MD4, "des-cbc-md4", - NULL, 8, 8, 8, @@ -2564,7 +2609,6 @@ static struct encryption_type enctype_des_cbc_md4 = { static struct encryption_type enctype_des_cbc_md5 = { ETYPE_DES_CBC_MD5, "des-cbc-md5", - NULL, 8, 8, 8, @@ -2579,7 +2623,6 @@ static struct encryption_type enctype_des_cbc_md5 = { static struct encryption_type enctype_arcfour_hmac_md5 = { ETYPE_ARCFOUR_HMAC_MD5, "arcfour-hmac-md5", - NULL, 1, 1, 8, @@ -2594,7 +2637,6 @@ static struct encryption_type enctype_arcfour_hmac_md5 = { static struct encryption_type enctype_des3_cbc_md5 = { ETYPE_DES3_CBC_MD5, "des3-cbc-md5", - NULL, 8, 8, 8, @@ -2609,7 +2651,6 @@ static struct encryption_type enctype_des3_cbc_md5 = { static struct encryption_type enctype_des3_cbc_sha1 = { ETYPE_DES3_CBC_SHA1, "des3-cbc-sha1", - NULL, 8, 8, 8, @@ -2624,7 +2665,6 @@ static struct encryption_type enctype_des3_cbc_sha1 = { static struct encryption_type enctype_old_des3_cbc_sha1 = { ETYPE_OLD_DES3_CBC_SHA1, "old-des3-cbc-sha1", - NULL, 8, 8, 8, @@ -2639,7 +2679,6 @@ static struct encryption_type enctype_old_des3_cbc_sha1 = { static struct encryption_type enctype_aes128_cts_hmac_sha1 = { ETYPE_AES128_CTS_HMAC_SHA1_96, "aes128-cts-hmac-sha1-96", - NULL, 16, 1, 16, @@ -2654,7 +2693,6 @@ static struct encryption_type enctype_aes128_cts_hmac_sha1 = { static struct encryption_type enctype_aes256_cts_hmac_sha1 = { ETYPE_AES256_CTS_HMAC_SHA1_96, "aes256-cts-hmac-sha1-96", - NULL, 16, 1, 16, @@ -2669,7 +2707,6 @@ static struct encryption_type enctype_aes256_cts_hmac_sha1 = { static struct encryption_type enctype_des_cbc_none = { ETYPE_DES_CBC_NONE, "des-cbc-none", - NULL, 8, 8, 0, @@ -2684,7 +2721,6 @@ static struct encryption_type enctype_des_cbc_none = { static struct encryption_type enctype_des_cfb64_none = { ETYPE_DES_CFB64_NONE, "des-cfb64-none", - NULL, 1, 1, 0, @@ -2699,7 +2735,6 @@ static struct encryption_type enctype_des_cfb64_none = { static struct encryption_type enctype_des_pcbc_none = { ETYPE_DES_PCBC_NONE, "des-pcbc-none", - NULL, 8, 8, 0, @@ -2714,7 +2749,6 @@ static struct encryption_type enctype_des_pcbc_none = { static struct encryption_type enctype_des3_cbc_none = { ETYPE_DES3_CBC_NONE, "des3-cbc-none", - NULL, 8, 8, 0, @@ -2766,14 +2800,15 @@ krb5_enctype_to_string(krb5_context context, struct encryption_type *e; e = _find_enctype(etype); if(e == NULL) { - krb5_set_error_string (context, "encryption type %d not supported", - etype); + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + etype); *string = NULL; return KRB5_PROG_ETYPE_NOSUPP; } *string = strdup(e->name); if(*string == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } return 0; @@ -2790,43 +2825,9 @@ krb5_string_to_enctype(krb5_context context, *etype = etypes[i]->type; return 0; } - krb5_set_error_string (context, "encryption type %s not supported", - string); - return KRB5_PROG_ETYPE_NOSUPP; -} - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_enctype_to_oid(krb5_context context, - krb5_enctype etype, - heim_oid *oid) -{ - struct encryption_type *et = _find_enctype(etype); - if(et == NULL) { - krb5_set_error_string (context, "encryption type %d not supported", - etype); - return KRB5_PROG_ETYPE_NOSUPP; - } - if(et->oid == NULL) { - krb5_set_error_string (context, "%s have not oid", et->name); - return KRB5_PROG_ETYPE_NOSUPP; - } - krb5_clear_error_string(context); - return der_copy_oid(et->oid, oid); -} - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_oid_to_enctype(krb5_context context, - const heim_oid *oid, - krb5_enctype *etype) -{ - int i; - for(i = 0; i < num_etypes; i++) { - if(etypes[i]->oid && der_heim_oid_cmp(etypes[i]->oid, oid) == 0) { - *etype = etypes[i]->type; - return 0; - } - } - krb5_set_error_string(context, "enctype for oid not supported"); + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %s not supported", + string); return KRB5_PROG_ETYPE_NOSUPP; } @@ -2837,7 +2838,8 @@ krb5_enctype_to_keytype(krb5_context context, { struct encryption_type *e = _find_enctype(etype); if(e == NULL) { - krb5_set_error_string (context, "encryption type %d not supported", + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", etype); return KRB5_PROG_ETYPE_NOSUPP; } @@ -2845,21 +2847,6 @@ krb5_enctype_to_keytype(krb5_context context, return 0; } -#if 0 -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_enctype(krb5_context context, - krb5_keytype keytype, - krb5_enctype *etype) -{ - struct key_type *kt = _find_keytype(keytype); - krb5_warnx(context, "krb5_keytype_to_enctype(%u)", keytype); - if(kt == NULL) - return KRB5_PROG_KEYTYPE_NOSUPP; - *etype = kt->best_etype; - return 0; -} -#endif - krb5_error_code KRB5_LIB_FUNCTION krb5_keytype_to_enctypes (krb5_context context, krb5_keytype keytype, @@ -2877,7 +2864,7 @@ krb5_keytype_to_enctypes (krb5_context context, } ret = malloc(n * sizeof(*ret)); if (ret == NULL && n != 0) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } n = 0; @@ -2902,7 +2889,7 @@ krb5_keytype_to_enctypes_default (krb5_context context, unsigned *len, krb5_enctype **val) { - int i, n; + unsigned int i, n; krb5_enctype *ret; if (keytype != KEYTYPE_DES || context->etypes_des == NULL) @@ -2912,7 +2899,7 @@ krb5_keytype_to_enctypes_default (krb5_context context, ; ret = malloc (n * sizeof(*ret)); if (ret == NULL && n != 0) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } for (i = 0; i < n; ++i) @@ -2928,13 +2915,15 @@ krb5_enctype_valid(krb5_context context, { struct encryption_type *e = _find_enctype(etype); if(e == NULL) { - krb5_set_error_string (context, "encryption type %d not supported", - etype); + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + etype); return KRB5_PROG_ETYPE_NOSUPP; } if (e->flags & F_DISABLED) { - krb5_set_error_string (context, "encryption type %s is disabled", - e->name); + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %s is disabled", + e->name); return KRB5_PROG_ETYPE_NOSUPP; } return 0; @@ -2946,13 +2935,15 @@ krb5_cksumtype_valid(krb5_context context, { struct checksum_type *c = _find_checksum(ctype); if (c == NULL) { - krb5_set_error_string (context, "checksum type %d not supported", - ctype); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + "checksum type %d not supported", + ctype); return KRB5_PROG_SUMTYPE_NOSUPP; } if (c->flags & F_DISABLED) { - krb5_set_error_string (context, "checksum type %s is disabled", - c->name); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + "checksum type %s is disabled", + c->name); return KRB5_PROG_SUMTYPE_NOSUPP; } return 0; @@ -3010,7 +3001,7 @@ encrypt_internal_derived(krb5_context context, total_sz = block_sz + checksum_sz; p = calloc(1, total_sz); if(p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -3077,7 +3068,7 @@ encrypt_internal(krb5_context context, block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ p = calloc(1, block_sz); if(p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -3142,7 +3133,7 @@ encrypt_internal_special(krb5_context context, tmp = malloc (sz); if (tmp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } p = tmp; @@ -3181,8 +3172,9 @@ decrypt_internal_derived(krb5_context context, checksum_sz = CHECKSUMSIZE(et->keyed_checksum); if (len < checksum_sz + et->confoundersize) { - krb5_set_error_string(context, "Encrypted data shorter then " - "checksum + confunder"); + krb5_set_error_message(context, KRB5_BAD_MSIZE, + "Encrypted data shorter then " + "checksum + confunder"); return KRB5_BAD_MSIZE; } @@ -3193,7 +3185,7 @@ decrypt_internal_derived(krb5_context context, p = malloc(len); if(len != 0 && p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy(p, data, len); @@ -3238,7 +3230,7 @@ decrypt_internal_derived(krb5_context context, result->data = realloc(p, l); if(result->data == NULL && l != 0) { free(p); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } result->length = l; @@ -3267,7 +3259,7 @@ decrypt_internal(krb5_context context, checksum_sz = CHECKSUMSIZE(et->checksum); p = malloc(len); if(len != 0 && p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy(p, data, len); @@ -3303,7 +3295,7 @@ decrypt_internal(krb5_context context, result->data = realloc(p, l); if(result->data == NULL && l != 0) { free(p); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } result->length = l; @@ -3332,7 +3324,7 @@ decrypt_internal_special(krb5_context context, p = malloc (len); if (p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy(p, data, len); @@ -3347,7 +3339,7 @@ decrypt_internal_special(krb5_context context, result->data = realloc(p, sz); if(result->data == NULL && sz != 0) { free(p); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } result->length = sz; @@ -3463,6 +3455,7 @@ seed_something(void) fd = open(seedfile, O_RDONLY); if (fd >= 0) { ssize_t ret; + rk_cloexec(fd); ret = read(fd, buf, sizeof(buf)); if (ret > 0) RAND_add(buf, ret, 0.0); @@ -3547,13 +3540,13 @@ derive_key(krb5_context context, nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8); k = malloc(nblocks * et->blocksize); if(k == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = _krb5_n_fold(constant, len, k, et->blocksize); if (ret) { free(k); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); return ret; } for(i = 0; i < nblocks; i++) { @@ -3570,7 +3563,7 @@ derive_key(krb5_context context, size_t res_len = (kt->bits + 7) / 8; if(len != 0 && c == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy(c, constant, len); @@ -3578,13 +3571,13 @@ derive_key(krb5_context context, k = malloc(res_len); if(res_len != 0 && k == NULL) { free(c); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = _krb5_n_fold(c, len, k, res_len); if (ret) { free(k); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); return ret; } free(c); @@ -3600,10 +3593,10 @@ derive_key(krb5_context context, memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length); break; default: - krb5_set_error_string(context, - "derive_key() called with unknown keytype (%u)", - kt->type); ret = KRB5_CRYPTO_INTERNAL; + krb5_set_error_message(context, ret, + "derive_key() called with unknown keytype (%u)", + kt->type); break; } if (key->schedule) { @@ -3645,8 +3638,9 @@ krb5_derive_key(krb5_context context, et = _find_enctype (etype); if (et == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - etype); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + etype); return KRB5_PROG_ETYPE_NOSUPP; } @@ -3679,7 +3673,7 @@ _get_derived_key(krb5_context context, } d = _new_derived_key(crypto, usage); if(d == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_copy_keyblock(context, crypto->key.key, &d->key); @@ -3699,7 +3693,7 @@ krb5_crypto_init(krb5_context context, krb5_error_code ret; ALLOC(*crypto, 1); if(*crypto == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } if(etype == ETYPE_NULL) @@ -3708,14 +3702,16 @@ krb5_crypto_init(krb5_context context, if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) { free(*crypto); *crypto = NULL; - krb5_set_error_string (context, "encryption type %d not supported", - etype); + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + etype); return KRB5_PROG_ETYPE_NOSUPP; } if((*crypto)->et->keytype->size != key->keyvalue.length) { free(*crypto); *crypto = NULL; - krb5_set_error_string (context, "encryption key has bad length"); + krb5_set_error_message (context, KRB5_BAD_KEYSIZE, + "encryption key has bad length"); return KRB5_BAD_KEYSIZE; } ret = krb5_copy_keyblock(context, key, &(*crypto)->key.key); @@ -3803,8 +3799,9 @@ krb5_enctype_disable(krb5_context context, struct encryption_type *et = _find_enctype(enctype); if(et == NULL) { if (context) - krb5_set_error_string (context, "encryption type %d not supported", - enctype); + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + enctype); return KRB5_PROG_ETYPE_NOSUPP; } et->flags |= F_DISABLED; @@ -3825,15 +3822,17 @@ krb5_string_to_key_derived(krb5_context context, u_char *tmp; if(et == NULL) { - krb5_set_error_string (context, "encryption type %d not supported", - etype); + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + etype); return KRB5_PROG_ETYPE_NOSUPP; } keylen = et->keytype->bits / 8; ALLOC(kd.key, 1); if(kd.key == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, + "malloc: out of memory"); return ENOMEM; } ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); @@ -3845,13 +3844,13 @@ krb5_string_to_key_derived(krb5_context context, tmp = malloc (keylen); if(tmp == NULL) { krb5_free_keyblock(context, kd.key); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = _krb5_n_fold(str, len, tmp, keylen); if (ret) { free(tmp); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); return ret; } kd.schedule = NULL; @@ -3970,14 +3969,16 @@ krb5_random_to_key(krb5_context context, krb5_error_code ret; struct encryption_type *et = _find_enctype(type); if(et == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - type); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + type); return KRB5_PROG_ETYPE_NOSUPP; } if ((et->keytype->bits + 7) / 8 > size) { - krb5_set_error_string(context, "encryption key %s needs %d bytes " - "of random to make an encryption key out of it", - et->name, (int)et->keytype->size); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "encryption key %s needs %d bytes " + "of random to make an encryption key out of it", + et->name, (int)et->keytype->size); return KRB5_PROG_ETYPE_NOSUPP; } ret = krb5_data_alloc(&key->keyvalue, et->keytype->size); @@ -4009,15 +4010,16 @@ _krb5_pk_octetstring2key(krb5_context context, unsigned char shaoutput[20]; if(et == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - type); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + type); return KRB5_PROG_ETYPE_NOSUPP; } keylen = (et->keytype->bits + 7) / 8; keydata = malloc(keylen); if (keydata == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -4050,6 +4052,182 @@ _krb5_pk_octetstring2key(krb5_context context, return ret; } +static krb5_error_code +encode_uvinfo(krb5_context context, krb5_const_principal p, krb5_data *data) +{ + KRB5PrincipalName pn; + krb5_error_code ret; + size_t size; + + pn.principalName = p->name; + pn.realm = p->realm; + + ASN1_MALLOC_ENCODE(KRB5PrincipalName, data->data, data->length, + &pn, &size, ret); + if (ret) { + krb5_data_zero(data); + krb5_set_error_message(context, ret, + "Failed to encode KRB5PrincipalName"); + return ret; + } + if (data->length != size) + krb5_abortx(context, "asn1 compiler internal error"); + return 0; +} + +static krb5_error_code +encode_otherinfo(krb5_context context, + const AlgorithmIdentifier *ai, + krb5_const_principal client, + krb5_const_principal server, + krb5_enctype enctype, + const krb5_data *as_req, + const krb5_data *pk_as_rep, + const Ticket *ticket, + krb5_data *other) +{ + PkinitSP80056AOtherInfo otherinfo; + PkinitSuppPubInfo pubinfo; + krb5_error_code ret; + krb5_data pub; + size_t size; + + krb5_data_zero(other); + memset(&otherinfo, 0, sizeof(otherinfo)); + memset(&pubinfo, 0, sizeof(pubinfo)); + + pubinfo.enctype = enctype; + pubinfo.as_REQ = *as_req; + pubinfo.pk_as_rep = *pk_as_rep; + pubinfo.ticket = *ticket; + ASN1_MALLOC_ENCODE(PkinitSuppPubInfo, pub.data, pub.length, + &pubinfo, &size, ret); + if (ret) { + krb5_set_error_message(context, ret, "out of memory"); + return ret; + } + if (pub.length != size) + krb5_abortx(context, "asn1 compiler internal error"); + + ret = encode_uvinfo(context, client, &otherinfo.partyUInfo); + if (ret) { + free(pub.data); + return ret; + } + ret = encode_uvinfo(context, server, &otherinfo.partyVInfo); + if (ret) { + free(otherinfo.partyUInfo.data); + free(pub.data); + return ret; + } + + otherinfo.algorithmID = *ai; + otherinfo.suppPubInfo = &pub; + + ASN1_MALLOC_ENCODE(PkinitSP80056AOtherInfo, other->data, other->length, + &otherinfo, &size, ret); + free(otherinfo.partyUInfo.data); + free(otherinfo.partyVInfo.data); + free(pub.data); + if (ret) { + krb5_set_error_message(context, ret, "out of memory"); + return ret; + } + if (other->length != size) + krb5_abortx(context, "asn1 compiler internal error"); + + return 0; +} + +krb5_error_code +_krb5_pk_kdf(krb5_context context, + const struct AlgorithmIdentifier *ai, + const void *dhdata, + size_t dhsize, + krb5_const_principal client, + krb5_const_principal server, + krb5_enctype enctype, + const krb5_data *as_req, + const krb5_data *pk_as_rep, + const Ticket *ticket, + krb5_keyblock *key) +{ + struct encryption_type *et; + krb5_error_code ret; + krb5_data other; + size_t keylen, offset; + uint32_t counter; + unsigned char *keydata; + unsigned char shaoutput[20]; + + if (der_heim_oid_cmp(oid_id_pkinit_kdf_ah_sha1(), &ai->algorithm) != 0) { + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "kdf not supported"); + return KRB5_PROG_ETYPE_NOSUPP; + } + if (ai->parameters != NULL && + (ai->parameters->length != 2 || + memcmp(ai->parameters->data, "\x05\x00", 2) != 0)) + { + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "kdf params not NULL or the NULL-type"); + return KRB5_PROG_ETYPE_NOSUPP; + } + + et = _find_enctype(enctype); + if(et == NULL) { + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + enctype); + return KRB5_PROG_ETYPE_NOSUPP; + } + keylen = (et->keytype->bits + 7) / 8; + + keydata = malloc(keylen); + if (keydata == NULL) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + + ret = encode_otherinfo(context, ai, client, server, + enctype, as_req, pk_as_rep, ticket, &other); + if (ret) { + free(keydata); + return ret; + } + + offset = 0; + counter = 1; + do { + unsigned char cdata[4]; + SHA_CTX m; + + SHA1_Init(&m); + _krb5_put_int(cdata, counter, 4); + SHA1_Update(&m, cdata, 4); + SHA1_Update(&m, dhdata, dhsize); + SHA1_Update(&m, other.data, other.length); + SHA1_Final(shaoutput, &m); + + memcpy((unsigned char *)keydata + offset, + shaoutput, + min(keylen - offset, sizeof(shaoutput))); + + offset += sizeof(shaoutput); + counter++; + } while(offset < keylen); + memset(shaoutput, 0, sizeof(shaoutput)); + + free(other.data); + + ret = krb5_random_to_key(context, enctype, keydata, keylen, key); + memset(keydata, 0, sizeof(keylen)); + free(keydata); + + return ret; +} + + krb5_error_code KRB5_LIB_FUNCTION krb5_crypto_prf_length(krb5_context context, krb5_enctype type, @@ -4058,8 +4236,9 @@ krb5_crypto_prf_length(krb5_context context, struct encryption_type *et = _find_enctype(type); if(et == NULL || et->prf_length == 0) { - krb5_set_error_string(context, "encryption type %d not supported", - type); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + type); return KRB5_PROG_ETYPE_NOSUPP; } @@ -4078,8 +4257,9 @@ krb5_crypto_prf(krb5_context context, krb5_data_zero(output); if(et->prf == NULL) { - krb5_set_error_string(context, "kerberos prf for %s not supported", - et->name); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "kerberos prf for %s not supported", + et->name); return KRB5_PROG_ETYPE_NOSUPP; } diff --git a/source4/heimdal/lib/krb5/data.c b/source4/heimdal/lib/krb5/data.c index eda1a8b259..2b78bfb32b 100644 --- a/source4/heimdal/lib/krb5/data.c +++ b/source4/heimdal/lib/krb5/data.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: data.c 22064 2007-11-11 16:28:14Z lha $"); +RCSID("$Id: data.c 23280 2008-06-23 03:26:18Z lha $"); /** * Reset the (potentially uninitalized) krb5_data structure. @@ -192,7 +192,7 @@ krb5_copy_data(krb5_context context, krb5_error_code ret; ALLOC(*outdata, 1); if(*outdata == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = der_copy_octet_string(indata, *outdata); diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c index ff6e98a3dc..6679b76749 100644 --- a/source4/heimdal/lib/krb5/error_string.c +++ b/source4/heimdal/lib/krb5/error_string.c @@ -33,59 +33,71 @@ #include "krb5_locl.h" -RCSID("$Id: error_string.c 22142 2007-12-04 16:56:02Z lha $"); +RCSID("$Id: error_string.c 23274 2008-06-23 03:25:08Z lha $"); #undef __attribute__ #define __attribute__(X) -void KRB5_LIB_FUNCTION -krb5_free_error_string(krb5_context context, char *str) -{ - HEIMDAL_MUTEX_lock(context->mutex); - if (str != context->error_buf) - free(str); - HEIMDAL_MUTEX_unlock(context->mutex); -} - void KRB5_LIB_FUNCTION krb5_clear_error_string(krb5_context context) { HEIMDAL_MUTEX_lock(context->mutex); - if (context->error_string != NULL - && context->error_string != context->error_buf) + if (context->error_string) free(context->error_string); + context->error_code = 0; context->error_string = NULL; HEIMDAL_MUTEX_unlock(context->mutex); } -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_error_string(krb5_context context, const char *fmt, ...) - __attribute__((format (printf, 2, 3))) +/** + * Set the context full error string for a specific error code. + * + * @param context Kerberos 5 context + * @param ret The error code + * @param fmt Error string for the error code + * @param ... printf(3) style parameters. + * + * @ingroup krb5_error + */ + +void KRB5_LIB_FUNCTION +krb5_set_error_message(krb5_context context, krb5_error_code ret, + const char *fmt, ...) + __attribute__ ((format (printf, 3, 4))) { - krb5_error_code ret; va_list ap; va_start(ap, fmt); - ret = krb5_vset_error_string (context, fmt, ap); + krb5_vset_error_message (context, ret, fmt, ap); va_end(ap); - return ret; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_vset_error_string(krb5_context context, const char *fmt, va_list args) - __attribute__ ((format (printf, 2, 0))) +/** + * Set the context full error string for a specific error code. + * + * @param context Kerberos 5 context + * @param ret The error code + * @param fmt Error string for the error code + * @param args printf(3) style parameters. + * + * @ingroup krb5_error + */ + + +void KRB5_LIB_FUNCTION +krb5_vset_error_message (krb5_context context, krb5_error_code ret, + const char *fmt, va_list args) + __attribute__ ((format (printf, 3, 0))) { + krb5_clear_error_string(context); HEIMDAL_MUTEX_lock(context->mutex); + context->error_code = ret; vasprintf(&context->error_string, fmt, args); - if(context->error_string == NULL) { - vsnprintf (context->error_buf, sizeof(context->error_buf), fmt, args); - context->error_string = context->error_buf; - } HEIMDAL_MUTEX_unlock(context->mutex); - return 0; } + /** * Return the error message in context. On error or no error string, * the function returns NULL. @@ -93,7 +105,7 @@ krb5_vset_error_string(krb5_context context, const char *fmt, va_list args) * @param context Kerberos 5 context * * @return an error string, needs to be freed with - * krb5_free_error_string(). The functions return NULL on error. + * krb5_free_error_message(). The functions return NULL on error. * * @ingroup krb5_error */ @@ -121,35 +133,99 @@ krb5_have_error_string(krb5_context context) } /** - * Return the error message for `code' in context. On error the - * function returns NULL. + * Return the error message for `code' in context. On memory + * allocation error the function returns NULL. * * @param context Kerberos 5 context * @param code Error code related to the error * * @return an error string, needs to be freed with - * krb5_free_error_string(). The functions return NULL on error. + * krb5_free_error_message(). The functions return NULL on error. * * @ingroup krb5_error */ -char * KRB5_LIB_FUNCTION +const char * KRB5_LIB_FUNCTION krb5_get_error_message(krb5_context context, krb5_error_code code) { const char *cstr; char *str; - str = krb5_get_error_string(context); - if (str) - return str; + HEIMDAL_MUTEX_lock(context->mutex); + if (context->error_string && + (code == context->error_code || context->error_code == 0)) + { + str = strdup(context->error_string); + if (str) { + HEIMDAL_MUTEX_unlock(context->mutex); + return str; + } + } + HEIMDAL_MUTEX_unlock(context->mutex); cstr = krb5_get_err_text(context, code); if (cstr) return strdup(cstr); - if (asprintf(&str, "", code) == -1) + if (asprintf(&str, "", (int)code) == -1) return NULL; return str; } + +/** + * Free the error message returned by krb5_get_error_message(). + * + * @param context Kerberos context + * @param msg error message to free, returned byg + * krb5_get_error_message(). + * + * @ingroup krb5_error + */ + +void KRB5_LIB_FUNCTION +krb5_free_error_message(krb5_context context, const char *msg) +{ + free(rk_UNCONST(msg)); +} + +#ifndef HEIMDAL_SMALLER + +/** + * Free the error message returned by krb5_get_error_string(), + * deprecated, use krb5_free_error_message(). + * + * @param context Kerberos context + * @param msg error message to free + * + * @ingroup krb5_error + */ + +void KRB5_LIB_FUNCTION __attribute__((deprecated)) +krb5_free_error_string(krb5_context context, char *str) +{ + krb5_free_error_message(context, str); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_error_string(krb5_context context, const char *fmt, ...) + __attribute__((format (printf, 2, 3))) __attribute__((deprecated)) +{ + va_list ap; + + va_start(ap, fmt); + krb5_vset_error_message (context, 0, fmt, ap); + va_end(ap); + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_vset_error_string(krb5_context context, const char *fmt, va_list args) + __attribute__ ((format (printf, 2, 0))) __attribute__((deprecated)) +{ + krb5_vset_error_message(context, 0, fmt, args); + return 0; +} + +#endif /* !HEIMDAL_SMALLER */ diff --git a/source4/heimdal/lib/krb5/expand_hostname.c b/source4/heimdal/lib/krb5/expand_hostname.c index 28e39afb42..d06d576432 100644 --- a/source4/heimdal/lib/krb5/expand_hostname.c +++ b/source4/heimdal/lib/krb5/expand_hostname.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: expand_hostname.c 22229 2007-12-08 21:40:59Z lha $"); +RCSID("$Id: expand_hostname.c 23280 2008-06-23 03:26:18Z lha $"); static krb5_error_code copy_hostname(krb5_context context, @@ -42,7 +42,7 @@ copy_hostname(krb5_context context, { *new_hostname = strdup (orig_hostname); if (*new_hostname == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } strlwr (*new_hostname); @@ -76,7 +76,8 @@ krb5_expand_hostname (krb5_context context, *new_hostname = strdup (a->ai_canonname); freeaddrinfo (ai); if (*new_hostname == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + "malloc: out of memory"); return ENOMEM; } else { return 0; diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c index 484df059ab..8951bdb24e 100644 --- a/source4/heimdal/lib/krb5/fcache.c +++ b/source4/heimdal/lib/krb5/fcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: fcache.c 22517 2008-01-24 11:45:51Z lha $"); +RCSID("$Id: fcache.c 23444 2008-07-27 12:07:47Z lha $"); typedef struct krb5_fcache{ char *filename; @@ -93,12 +93,12 @@ _krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive, ret = 0; break; case EAGAIN: - krb5_set_error_string(context, "timed out locking cache file %s", - filename); + krb5_set_error_message(context, ret, "timed out locking cache file %s", + filename); break; default: - krb5_set_error_string(context, "error locking cache file %s: %s", - filename, strerror(ret)); + krb5_set_error_message(context, ret, "error locking cache file %s: %s", + filename, strerror(ret)); break; } return ret; @@ -127,13 +127,39 @@ _krb5_xunlock(krb5_context context, int fd) ret = 0; break; default: - krb5_set_error_string(context, - "Failed to unlock file: %s", strerror(ret)); + krb5_set_error_message(context, ret, + "Failed to unlock file: %s", + strerror(ret)); break; } return ret; } +static krb5_error_code +write_storage(krb5_context context, krb5_storage *sp, int fd) +{ + krb5_error_code ret; + krb5_data data; + ssize_t sret; + + ret = krb5_storage_to_data(sp, &data); + if (ret) { + krb5_set_error_message(context, ret, "malloc: out of memory"); + return ret; + } + sret = write(fd, data.data, data.length); + ret = (sret != data.length); + krb5_data_free(&data); + if (ret) { + ret = errno; + krb5_set_error_message(context, ret, + "Failed to write FILE credential data"); + return ret; + } + return 0; +} + + static krb5_error_code fcc_lock(krb5_context context, krb5_ccache id, int fd, krb5_boolean exclusive) @@ -153,13 +179,15 @@ fcc_resolve(krb5_context context, krb5_ccache *id, const char *res) krb5_fcache *f; f = malloc(sizeof(*f)); if(f == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + "malloc: out of memory"); return KRB5_CC_NOMEM; } f->filename = strdup(res); if(f->filename == NULL){ free(f); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + "malloc: out of memory"); return KRB5_CC_NOMEM; } f->version = 0; @@ -203,7 +231,7 @@ scrub_file (int fd) */ static krb5_error_code -erase_file(const char *filename) +erase_file(krb5_context context, const char *filename) { int fd; struct stat sb1, sb2; @@ -220,12 +248,20 @@ erase_file(const char *filename) else return errno; } + rk_cloexec(fd); + ret = _krb5_xlock(context, fd, 1, filename); + if (ret) { + close(fd); + return ret; + } if (unlink(filename) < 0) { + _krb5_xunlock(context, fd); close (fd); return errno; } ret = fstat (fd, &sb2); if (ret < 0) { + _krb5_xunlock(context, fd); close (fd); return errno; } @@ -233,6 +269,7 @@ erase_file(const char *filename) /* check if someone was playing with symlinks */ if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) { + _krb5_xunlock(context, fd); close (fd); return EPERM; } @@ -240,11 +277,18 @@ erase_file(const char *filename) /* there are still hard links to this file */ if (sb2.st_nlink != 0) { + _krb5_xunlock(context, fd); close (fd); return 0; } ret = scrub_file (fd); + if (ret) { + _krb5_xunlock(context, fd); + close(fd); + return ret; + } + ret = _krb5_xunlock(context, fd); close (fd); return ret; } @@ -258,19 +302,21 @@ fcc_gen_new(krb5_context context, krb5_ccache *id) f = malloc(sizeof(*f)); if(f == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + "malloc: out of memory"); return KRB5_CC_NOMEM; } asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT); if(file == NULL) { free(f); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + "malloc: out of memory"); return KRB5_CC_NOMEM; } fd = mkstemp(file); if(fd < 0) { int ret = errno; - krb5_set_error_string(context, "mkstemp %s", file); + krb5_set_error_message(context, ret, "mkstemp %s", file); free(f); free(file); return ret; @@ -323,11 +369,12 @@ fcc_open(krb5_context context, fd = open(filename, flags, mode); if(fd < 0) { ret = errno; - krb5_set_error_string(context, "open(%s): %s", filename, - strerror(ret)); + krb5_set_error_message(context, ret, "open(%s): %s", filename, + strerror(ret)); return ret; } - + rk_cloexec(fd); + if((ret = fcc_lock(context, id, fd, exclusive)) != 0) { close(fd); return ret; @@ -353,7 +400,7 @@ fcc_initialize(krb5_context context, return ret; { krb5_storage *sp; - sp = krb5_storage_from_fd(fd); + sp = krb5_storage_emem(); krb5_storage_set_eof_code(sp, KRB5_CC_END); if(context->fcache_vno != 0) f->version = context->fcache_vno; @@ -376,14 +423,16 @@ fcc_initialize(krb5_context context, } ret |= krb5_store_principal(sp, primary_principal); + ret |= write_storage(context, sp, fd); + krb5_storage_free(sp); } fcc_unlock(context, fd); if (close(fd) < 0) if (ret == 0) { ret = errno; - krb5_set_error_string (context, "close %s: %s", - FILENAME(id), strerror(ret)); + krb5_set_error_message (context, ret, "close %s: %s", + FILENAME(id), strerror(ret)); } return ret; } @@ -401,7 +450,7 @@ static krb5_error_code fcc_destroy(krb5_context context, krb5_ccache id) { - erase_file(FILENAME(id)); + erase_file(context, FILENAME(id)); return 0; } @@ -418,7 +467,8 @@ fcc_store_cred(krb5_context context, return ret; { krb5_storage *sp; - sp = krb5_storage_from_fd(fd); + + sp = krb5_storage_emem(); krb5_storage_set_eof_code(sp, KRB5_CC_END); storage_set_flags(context, sp, FCACHE(id)->version); if (!krb5_config_get_bool_default(context, NULL, TRUE, @@ -427,15 +477,18 @@ fcc_store_cred(krb5_context context, NULL)) krb5_storage_set_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER); ret = krb5_store_creds(sp, creds); + if (ret == 0) + ret = write_storage(context, sp, fd); krb5_storage_free(sp); } fcc_unlock(context, fd); - if (close(fd) < 0) + if (close(fd) < 0) { if (ret == 0) { ret = errno; - krb5_set_error_string (context, "close %s: %s", - FILENAME(id), strerror(ret)); + krb5_set_error_message (context, ret, "close %s: %s", + FILENAME(id), strerror(ret)); } + } return ret; } @@ -464,25 +517,27 @@ init_fcc (krb5_context context, ret = krb5_ret_int8(sp, &pvno); if(ret != 0) { if(ret == KRB5_CC_END) { - krb5_set_error_string(context, "Empty credential cache file: %s", - FILENAME(id)); ret = ENOENT; + krb5_set_error_message(context, ret, + "Empty credential cache file: %s", + FILENAME(id)); } else - krb5_set_error_string(context, "Error reading pvno in " - "cache file: %s", FILENAME(id)); + krb5_set_error_message(context, ret, "Error reading pvno in " + "cache file: %s", FILENAME(id)); goto out; } if(pvno != 5) { - krb5_set_error_string(context, "Bad version number in credential " - "cache file: %s", FILENAME(id)); ret = KRB5_CCACHE_BADVNO; + krb5_set_error_message(context, ret, "Bad version number in " + "credential cache file: %s", + FILENAME(id)); goto out; } ret = krb5_ret_int8(sp, &tag); /* should not be host byte order */ if(ret != 0) { - krb5_set_error_string(context, "Error reading tag in " - "cache file: %s", FILENAME(id)); ret = KRB5_CC_FORMAT; + krb5_set_error_message(context, ret, "Error reading tag in " + "cache file: %s", FILENAME(id)); goto out; } FCACHE(id)->version = tag; @@ -494,8 +549,9 @@ init_fcc (krb5_context context, ret = krb5_ret_int16 (sp, &length); if(ret) { ret = KRB5_CC_FORMAT; - krb5_set_error_string(context, "Error reading tag length in " - "cache file: %s", FILENAME(id)); + krb5_set_error_message(context, ret, + "Error reading tag length in " + "cache file: %s", FILENAME(id)); goto out; } while(length > 0) { @@ -505,32 +561,32 @@ init_fcc (krb5_context context, ret = krb5_ret_int16 (sp, &dtag); if(ret) { - krb5_set_error_string(context, "Error reading dtag in " - "cache file: %s", FILENAME(id)); ret = KRB5_CC_FORMAT; + krb5_set_error_message(context, ret, "Error reading dtag in " + "cache file: %s", FILENAME(id)); goto out; } ret = krb5_ret_int16 (sp, &data_len); if(ret) { - krb5_set_error_string(context, "Error reading dlength in " - "cache file: %s", FILENAME(id)); ret = KRB5_CC_FORMAT; + krb5_set_error_message(context, ret, "Error reading dlength in " + "cache file: %s", FILENAME(id)); goto out; } switch (dtag) { case FCC_TAG_DELTATIME : ret = krb5_ret_int32 (sp, &context->kdc_sec_offset); if(ret) { - krb5_set_error_string(context, "Error reading kdc_sec in " - "cache file: %s", FILENAME(id)); ret = KRB5_CC_FORMAT; + krb5_set_error_message(context, ret, "Error reading kdc_sec in " + "cache file: %s", FILENAME(id)); goto out; } ret = krb5_ret_int32 (sp, &context->kdc_usec_offset); if(ret) { - krb5_set_error_string(context, "Error reading kdc_usec in " - "cache file: %s", FILENAME(id)); ret = KRB5_CC_FORMAT; + krb5_set_error_message(context, ret, "Error reading kdc_usec in " + "cache file: %s", FILENAME(id)); goto out; } break; @@ -538,10 +594,11 @@ init_fcc (krb5_context context, for (i = 0; i < data_len; ++i) { ret = krb5_ret_int8 (sp, &dummy); if(ret) { - krb5_set_error_string(context, "Error reading unknown " - "tag in cache file: %s", - FILENAME(id)); ret = KRB5_CC_FORMAT; + krb5_set_error_message(context, ret, + "Error reading unknown " + "tag in cache file: %s", + FILENAME(id)); goto out; } } @@ -557,9 +614,9 @@ init_fcc (krb5_context context, break; default : ret = KRB5_CCACHE_BADVNO; - krb5_set_error_string(context, "Unknown version number (%d) in " - "credential cache file: %s", - (int)tag, FILENAME(id)); + krb5_set_error_message(context, ret, "Unknown version number (%d) in " + "credential cache file: %s", + (int)tag, FILENAME(id)); goto out; } *ret_sp = sp; @@ -610,7 +667,7 @@ fcc_get_first (krb5_context context, *cursor = malloc(sizeof(struct fcc_cursor)); if (*cursor == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memset(*cursor, 0, sizeof(struct fcc_cursor)); @@ -670,7 +727,7 @@ fcc_remove_cred(krb5_context context, krb5_creds *cred) { krb5_error_code ret; - krb5_ccache copy; + krb5_ccache copy, newfile; ret = krb5_cc_gen_new(context, &krb5_mcc_ops, ©); if (ret) @@ -688,12 +745,20 @@ fcc_remove_cred(krb5_context context, return ret; } - fcc_destroy(context, id); + ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &newfile); + if (ret) { + krb5_cc_destroy(context, copy); + return ret; + } - ret = krb5_cc_copy_cache(context, copy, id); + ret = krb5_cc_copy_cache(context, copy, newfile); krb5_cc_destroy(context, copy); + if (ret) { + krb5_cc_destroy(context, newfile); + return ret; + } - return ret; + return krb5_cc_move(context, newfile, id); } static krb5_error_code @@ -704,7 +769,7 @@ fcc_set_flags(krb5_context context, return 0; /* XXX */ } -static krb5_error_code +static int fcc_get_version(krb5_context context, krb5_ccache id) { @@ -722,7 +787,7 @@ fcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) iter = calloc(1, sizeof(*iter)); if (iter == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } iter->first = 1; @@ -775,10 +840,10 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) ret = rename(FILENAME(from), FILENAME(to)); if (ret && errno != EXDEV) { ret = errno; - krb5_set_error_string(context, - "Rename of file from %s to %s failed: %s", - FILENAME(from), FILENAME(to), - strerror(ret)); + krb5_set_error_message(context, ret, + "Rename of file from %s to %s failed: %s", + FILENAME(from), FILENAME(to), + strerror(ret)); return ret; } else if (ret && errno == EXDEV) { /* make a copy and delete the orignal */ @@ -801,21 +866,19 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) sz2 = write(fd2, buf, sz1); if (sz1 != sz2) { ret = EIO; - krb5_set_error_string(context, - "Failed to write data from one file " - "credential cache to the other"); + krb5_set_error_message(context, ret, + "Failed to write data from one file " + "credential cache to the other"); goto out2; } } if (sz1 < 0) { ret = EIO; - krb5_set_error_string(context, - "Failed to read data from one file " - "credential cache to the other"); + krb5_set_error_message(context, ret, + "Failed to read data from one file " + "credential cache to the other"); goto out2; } - erase_file(FILENAME(from)); - out2: fcc_unlock(context, fd2); close(fd2); @@ -824,8 +887,10 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) fcc_unlock(context, fd1); close(fd1); + erase_file(context, FILENAME(from)); + if (ret) { - erase_file(FILENAME(to)); + erase_file(context, FILENAME(to)); return ret; } } @@ -856,7 +921,8 @@ fcc_default_name(krb5_context context, char **str) * @ingroup krb5_ccache */ -const krb5_cc_ops krb5_fcc_ops = { +KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops = { + KRB5_CC_OPS_VERSION, "FILE", fcc_get_name, fcc_resolve, diff --git a/source4/heimdal/lib/krb5/generate_subkey.c b/source4/heimdal/lib/krb5/generate_subkey.c index fb99cbbf3f..fb7efbcd29 100644 --- a/source4/heimdal/lib/krb5/generate_subkey.c +++ b/source4/heimdal/lib/krb5/generate_subkey.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: generate_subkey.c 14455 2005-01-05 02:39:21Z lukeh $"); +RCSID("$Id: generate_subkey.c 23280 2008-06-23 03:26:18Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_generate_subkey(krb5_context context, @@ -53,7 +53,7 @@ krb5_generate_subkey_extended(krb5_context context, ALLOC(*subkey, 1); if (*subkey == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index fc78945c63..268550b229 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include -RCSID("$Id: get_cred.c 22530 2008-01-27 11:48:16Z lha $"); +RCSID("$Id: get_cred.c 23280 2008-06-23 03:26:18Z lha $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -41,12 +41,11 @@ RCSID("$Id: get_cred.c 22530 2008-01-27 11:48:16Z lha $"); */ static krb5_error_code -make_pa_tgs_req(krb5_context context, +make_pa_tgs_req(krb5_context context, krb5_auth_context ac, KDC_REQ_BODY *body, PA_DATA *padata, - krb5_creds *creds, - krb5_key_usage usage) + krb5_creds *creds) { u_char *buf; size_t buf_size; @@ -65,8 +64,7 @@ make_pa_tgs_req(krb5_context context, ret = _krb5_mk_req_internal(context, &ac, 0, &in_data, creds, &padata->padata_value, KRB5_KU_TGS_REQ_AUTH_CKSUM, - usage - /* KRB5_KU_TGS_REQ_AUTH */); + KRB5_KU_TGS_REQ_AUTH); out: free (buf); if(ret) @@ -101,7 +99,7 @@ set_auth_data (krb5_context context, ALLOC(req_body->enc_authorization_data, 1); if (req_body->enc_authorization_data == NULL) { free (buf); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = krb5_crypto_init(context, key, 0, &crypto); @@ -111,9 +109,9 @@ set_auth_data (krb5_context context, req_body->enc_authorization_data = NULL; return ret; } - krb5_encrypt_EncryptedData(context, + krb5_encrypt_EncryptedData(context, crypto, - KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY, + KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY, /* KRB5_KU_TGS_REQ_AUTH_DAT_SESSION? */ buf, len, @@ -125,7 +123,7 @@ set_auth_data (krb5_context context, req_body->enc_authorization_data = NULL; } return 0; -} +} /* * Create a tgs-req in `t' with `addresses', `flags', `second_ticket' @@ -144,8 +142,7 @@ init_tgs_req (krb5_context context, unsigned nonce, const METHOD_DATA *padata, krb5_keyblock **subkey, - TGS_REQ *t, - krb5_key_usage usage) + TGS_REQ *t) { krb5_error_code ret = 0; @@ -156,14 +153,14 @@ init_tgs_req (krb5_context context, ALLOC_SEQ(&t->req_body.etype, 1); if(t->req_body.etype.val == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } t->req_body.etype.val[0] = in_creds->session.keytype; } else { - ret = krb5_init_etype(context, - &t->req_body.etype.len, - &t->req_body.etype.val, + ret = krb5_init_etype(context, + &t->req_body.etype.len, + &t->req_body.etype.val, NULL); } if (ret) @@ -176,7 +173,7 @@ init_tgs_req (krb5_context context, ALLOC(t->req_body.sname, 1); if (t->req_body.sname == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } @@ -192,39 +189,39 @@ init_tgs_req (krb5_context context, ALLOC(t->req_body.till, 1); if(t->req_body.till == NULL){ ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } *t->req_body.till = in_creds->times.endtime; - + t->req_body.nonce = nonce; if(second_ticket){ ALLOC(t->req_body.additional_tickets, 1); if (t->req_body.additional_tickets == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } ALLOC_SEQ(t->req_body.additional_tickets, 1); if (t->req_body.additional_tickets->val == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } - ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val); + ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val); if (ret) goto fail; } ALLOC(t->padata, 1); if (t->padata == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } ALLOC_SEQ(t->padata, 1 + padata->len); if (t->padata->val == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } { @@ -232,7 +229,7 @@ init_tgs_req (krb5_context context, for (i = 0; i < padata->len; i++) { ret = copy_PA_DATA(&padata->val[i], &t->padata->val[i + 1]); if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } } @@ -278,10 +275,9 @@ init_tgs_req (krb5_context context, ret = make_pa_tgs_req(context, ac, - &t->req_body, + &t->req_body, &t->padata->val[0], - krbtgt, - usage); + krbtgt); if(ret) { if (key) krb5_free_keyblock (context, key); @@ -315,7 +311,7 @@ _krb5_get_krbtgt(krb5_context context, if (ret) return ret; - ret = krb5_make_principal(context, + ret = krb5_make_principal(context, &tmp_cred.server, realm, KRB5_TGS_NAME, @@ -349,7 +345,7 @@ decrypt_tkt_with_subkey (krb5_context context, krb5_data data; size_t size; krb5_crypto crypto; - + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) return ret; @@ -373,33 +369,32 @@ decrypt_tkt_with_subkey (krb5_context context, } if (ret) return ret; - + ret = krb5_decode_EncASRepPart(context, data.data, data.length, - &dec_rep->enc_part, + &dec_rep->enc_part, &size); if (ret) ret = krb5_decode_EncTGSRepPart(context, data.data, data.length, - &dec_rep->enc_part, + &dec_rep->enc_part, &size); krb5_data_free (&data); return ret; } static krb5_error_code -get_cred_kdc_usage(krb5_context context, - krb5_ccache id, - krb5_kdc_flags flags, - krb5_addresses *addresses, - krb5_creds *in_creds, - krb5_creds *krbtgt, - krb5_principal impersonate_principal, - Ticket *second_ticket, - krb5_creds *out_creds, - krb5_key_usage usage) +get_cred_kdc(krb5_context context, + krb5_ccache id, + krb5_kdc_flags flags, + krb5_addresses *addresses, + krb5_creds *in_creds, + krb5_creds *krbtgt, + krb5_principal impersonate_principal, + Ticket *second_ticket, + krb5_creds *out_creds) { TGS_REQ req; krb5_data enc; @@ -412,7 +407,7 @@ get_cred_kdc_usage(krb5_context context, size_t len; Ticket second_ticket_data; METHOD_DATA padata; - + krb5_data_zero(&resp); krb5_data_zero(&enc); padata.val = NULL; @@ -420,10 +415,10 @@ get_cred_kdc_usage(krb5_context context, krb5_generate_random_block(&nonce, sizeof(nonce)); nonce &= 0xffffffff; - + if(flags.b.enc_tkt_in_skey && second_ticket == NULL){ - ret = decode_Ticket(in_creds->second_ticket.data, - in_creds->second_ticket.length, + ret = decode_Ticket(in_creds->second_ticket.data, + in_creds->second_ticket.length, &second_ticket_data, &len); if(ret) return ret; @@ -460,7 +455,7 @@ get_cred_kdc_usage(krb5_context context, KRB5_KU_OTHER_CKSUM, 0, data.data, - data.length, + data.length, &self.cksum); krb5_crypto_destroy(context, crypto); krb5_data_free(&data); @@ -491,14 +486,13 @@ get_cred_kdc_usage(krb5_context context, krbtgt, nonce, &padata, - &subkey, - &req, - usage); + &subkey, + &req); if (ret) goto out; ASN1_MALLOC_ENCODE(TGS_REQ, enc.data, enc.length, &req, &len, ret); - if (ret) + if (ret) goto out; if(enc.length != len) krb5_abortx(context, "internal error in ASN.1 encoder"); @@ -526,20 +520,26 @@ get_cred_kdc_usage(krb5_context context, goto out; memset(&rep, 0, sizeof(rep)); - if(decode_TGS_REP(resp.data, resp.length, &rep.kdc_rep, &len) == 0){ - ret = krb5_copy_principal(context, - in_creds->client, + if(decode_TGS_REP(resp.data, resp.length, &rep.kdc_rep, &len) == 0) { + unsigned eflags = 0; + + ret = krb5_copy_principal(context, + in_creds->client, &out_creds->client); if(ret) - goto out; - ret = krb5_copy_principal(context, - in_creds->server, + goto out2; + ret = krb5_copy_principal(context, + in_creds->server, &out_creds->server); if(ret) - goto out; + goto out2; /* this should go someplace else */ out_creds->times.endtime = in_creds->times.endtime; + /* XXX should do better testing */ + if (flags.b.constrained_delegation || impersonate_principal) + eflags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH; + ret = _krb5_extract_ticket(context, &rep, out_creds, @@ -548,10 +548,10 @@ get_cred_kdc_usage(krb5_context context, KRB5_KU_TGS_REP_ENC_PART_SESSION, &krbtgt->addresses, nonce, - EXTRACT_TICKET_ALLOW_CNAME_MISMATCH| - EXTRACT_TICKET_ALLOW_SERVER_MISMATCH, + eflags, decrypt_tkt_with_subkey, subkey); + out2: krb5_free_kdc_rep(context, &rep); } else if(krb5_rd_error(context, &resp, &error) == 0) { ret = krb5_error_from_rd_error(context, &error, in_creds); @@ -575,52 +575,50 @@ out: free(subkey); } return ret; - + } +/* + * same as above, just get local addresses first if the krbtgt have + * them and the realm is not addressless + */ + static krb5_error_code -get_cred_kdc(krb5_context context, - krb5_ccache id, - krb5_kdc_flags flags, - krb5_addresses *addresses, - krb5_creds *in_creds, - krb5_creds *krbtgt, - krb5_principal impersonate_principal, - Ticket *second_ticket, - krb5_creds *out_creds) +get_cred_kdc_address(krb5_context context, + krb5_ccache id, + krb5_kdc_flags flags, + krb5_addresses *addrs, + krb5_creds *in_creds, + krb5_creds *krbtgt, + krb5_principal impersonate_principal, + Ticket *second_ticket, + krb5_creds *out_creds) { krb5_error_code ret; + krb5_addresses addresses = { 0, NULL }; - ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds, - krbtgt, impersonate_principal, second_ticket, - out_creds, KRB5_KU_TGS_REQ_AUTH); - if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) { - krb5_clear_error_string (context); - ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds, - krbtgt, impersonate_principal, second_ticket, - out_creds, KRB5_KU_AP_REQ_AUTH); - } - return ret; -} + /* + * Inherit the address-ness of the krbtgt if the address is not + * specified. + */ -/* same as above, just get local addresses first */ + if (addrs == NULL && krbtgt->addresses.len != 0) { + krb5_boolean noaddr; -static krb5_error_code -get_cred_kdc_la(krb5_context context, krb5_ccache id, krb5_kdc_flags flags, - krb5_creds *in_creds, krb5_creds *krbtgt, - krb5_principal impersonate_principal, Ticket *second_ticket, - krb5_creds *out_creds) -{ - krb5_error_code ret; - krb5_addresses addresses, *addrs = &addresses; - - krb5_get_all_client_addrs(context, &addresses); - /* XXX this sucks. */ - if(addresses.len == 0) - addrs = NULL; - ret = get_cred_kdc(context, id, flags, addrs, - in_creds, krbtgt, impersonate_principal, second_ticket, - out_creds); + krb5_appdefault_boolean(context, NULL, krbtgt->server->realm, + "no-addresses", FALSE, &noaddr); + + if (!noaddr) { + krb5_get_all_client_addrs(context, &addresses); + /* XXX this sucks. */ + addrs = &addresses; + if(addresses.len == 0) + addrs = NULL; + } + } + ret = get_cred_kdc(context, id, flags, addrs, in_creds, + krbtgt, impersonate_principal, + second_ticket, out_creds); krb5_free_addresses(context, &addresses); return ret; } @@ -640,7 +638,7 @@ krb5_get_kdc_cred(krb5_context context, *out_creds = calloc(1, sizeof(**out_creds)); if(*out_creds == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = _krb5_get_krbtgt (context, @@ -651,7 +649,7 @@ krb5_get_kdc_cred(krb5_context context, free(*out_creds); return ret; } - ret = get_cred_kdc(context, id, flags, addresses, + ret = get_cred_kdc(context, id, flags, addresses, in_creds, krbtgt, NULL, NULL, *out_creds); krb5_free_creds (context, krbtgt); if(ret) @@ -659,8 +657,8 @@ krb5_get_kdc_cred(krb5_context context, return ret; } -static void -not_found(krb5_context context, krb5_const_principal p) +static int +not_found(krb5_context context, krb5_const_principal p, krb5_error_code code) { krb5_error_code ret; char *str; @@ -668,10 +666,11 @@ not_found(krb5_context context, krb5_const_principal p) ret = krb5_unparse_name(context, p, &str); if(ret) { krb5_clear_error_string(context); - return; + return code; } - krb5_set_error_string(context, "Matching credential (%s) not found", str); + krb5_set_error_message(context, code, "Matching credential (%s) not found", str); free(str); + return code; } static krb5_error_code @@ -686,24 +685,23 @@ find_cred(krb5_context context, krb5_cc_clear_mcred(&mcreds); mcreds.server = server; - ret = krb5_cc_retrieve_cred(context, id, KRB5_TC_DONT_MATCH_REALM, + ret = krb5_cc_retrieve_cred(context, id, KRB5_TC_DONT_MATCH_REALM, &mcreds, out_creds); if(ret == 0) return 0; while(tgts && *tgts){ - if(krb5_compare_creds(context, KRB5_TC_DONT_MATCH_REALM, + if(krb5_compare_creds(context, KRB5_TC_DONT_MATCH_REALM, &mcreds, *tgts)){ ret = krb5_copy_creds_contents(context, *tgts, out_creds); return ret; } tgts++; } - not_found(context, server); - return KRB5_CC_NOTFOUND; + return not_found(context, server, KRB5_CC_NOTFOUND); } static krb5_error_code -add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt) +add_cred(krb5_context context, krb5_creds const *tkt, krb5_creds ***tgts) { int i; krb5_error_code ret; @@ -712,7 +710,7 @@ add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt) for(i = 0; tmp && tmp[i]; i++); /* XXX */ tmp = realloc(tmp, (i+2)*sizeof(*tmp)); if(tmp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } *tgts = tmp; @@ -737,14 +735,14 @@ get_cred(server) */ static krb5_error_code -get_cred_from_kdc_flags(krb5_context context, - krb5_kdc_flags flags, - krb5_ccache ccache, - krb5_creds *in_creds, - krb5_principal impersonate_principal, - Ticket *second_ticket, - krb5_creds **out_creds, - krb5_creds ***ret_tgts) +get_cred_kdc_capath(krb5_context context, + krb5_kdc_flags flags, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_principal impersonate_principal, + Ticket *second_ticket, + krb5_creds **out_creds, + krb5_creds ***ret_tgts) { krb5_error_code ret; krb5_creds *tgt, tmp_creds; @@ -759,7 +757,7 @@ get_cred_from_kdc_flags(krb5_context context, if(ret) return ret; - try_realm = krb5_config_get_string(context, NULL, "capaths", + try_realm = krb5_config_get_string(context, NULL, "capaths", client_realm, server_realm, NULL); if (try_realm == NULL) try_realm = client_realm; @@ -768,7 +766,7 @@ get_cred_from_kdc_flags(krb5_context context, &tmp_creds.server, try_realm, KRB5_TGS_NAME, - server_realm, + server_realm, NULL); if(ret){ krb5_free_principal(context, tmp_creds.client); @@ -776,32 +774,20 @@ get_cred_from_kdc_flags(krb5_context context, } { krb5_creds tgts; - /* XXX try krb5_cc_retrieve_cred first? */ - ret = find_cred(context, ccache, tmp_creds.server, + + ret = find_cred(context, ccache, tmp_creds.server, *ret_tgts, &tgts); if(ret == 0){ *out_creds = calloc(1, sizeof(**out_creds)); if(*out_creds == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); } else { - krb5_boolean noaddr; - - krb5_appdefault_boolean(context, NULL, tgts.server->realm, - "no-addresses", FALSE, &noaddr); - - if (noaddr) - ret = get_cred_kdc(context, ccache, flags, NULL, - in_creds, &tgts, - impersonate_principal, - second_ticket, - *out_creds); - else - ret = get_cred_kdc_la(context, ccache, flags, - in_creds, &tgts, - impersonate_principal, - second_ticket, - *out_creds); + ret = get_cred_kdc_address(context, ccache, flags, NULL, + in_creds, &tgts, + impersonate_principal, + second_ticket, + *out_creds); if (ret) { free (*out_creds); *out_creds = NULL; @@ -813,22 +799,21 @@ get_cred_from_kdc_flags(krb5_context context, return ret; } } - if(krb5_realm_compare(context, in_creds->client, in_creds->server)) { - not_found(context, in_creds->server); - return KRB5_CC_NOTFOUND; - } + if(krb5_realm_compare(context, in_creds->client, in_creds->server)) + return not_found(context, in_creds->server, KRB5_CC_NOTFOUND); + /* XXX this can loop forever */ while(1){ heim_general_string tgt_inst; - ret = get_cred_from_kdc_flags(context, flags, ccache, &tmp_creds, - NULL, NULL, &tgt, ret_tgts); + ret = get_cred_kdc_capath(context, flags, ccache, &tmp_creds, + NULL, NULL, &tgt, ret_tgts); if(ret) { krb5_free_principal(context, tmp_creds.server); krb5_free_principal(context, tmp_creds.client); return ret; } - ret = add_cred(context, ret_tgts, tgt); + ret = add_cred(context, tgt, ret_tgts); if(ret) { krb5_free_principal(context, tmp_creds.server); krb5_free_principal(context, tmp_creds.client); @@ -838,7 +823,7 @@ get_cred_from_kdc_flags(krb5_context context, if(strcmp(tgt_inst, server_realm) == 0) break; krb5_free_principal(context, tmp_creds.server); - ret = krb5_make_principal(context, &tmp_creds.server, + ret = krb5_make_principal(context, &tmp_creds.server, tgt_inst, KRB5_TGS_NAME, server_realm, NULL); if(ret) { krb5_free_principal(context, tmp_creds.server); @@ -857,22 +842,12 @@ get_cred_from_kdc_flags(krb5_context context, krb5_free_principal(context, tmp_creds.client); *out_creds = calloc(1, sizeof(**out_creds)); if(*out_creds == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); } else { - krb5_boolean noaddr; - - krb5_appdefault_boolean(context, NULL, tgt->server->realm, - "no-addresses", KRB5_ADDRESSLESS_DEFAULT, - &noaddr); - if (noaddr) - ret = get_cred_kdc (context, ccache, flags, NULL, - in_creds, tgt, NULL, NULL, - *out_creds); - else - ret = get_cred_kdc_la(context, ccache, flags, - in_creds, tgt, NULL, NULL, - *out_creds); + ret = get_cred_kdc_address (context, ccache, flags, NULL, + in_creds, tgt, impersonate_principal, + second_ticket, *out_creds); if (ret) { free (*out_creds); *out_creds = NULL; @@ -882,6 +857,185 @@ get_cred_from_kdc_flags(krb5_context context, return ret; } +static krb5_error_code +get_cred_kdc_referral(krb5_context context, + krb5_kdc_flags flags, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_principal impersonate_principal, + Ticket *second_ticket, + krb5_creds **out_creds, + krb5_creds ***ret_tgts) +{ + krb5_const_realm client_realm; + krb5_error_code ret; + krb5_creds tgt, referral, ticket; + int loop = 0; + + memset(&tgt, 0, sizeof(tgt)); + memset(&ticket, 0, sizeof(ticket)); + + flags.b.canonicalize = 1; + + *out_creds = NULL; + + client_realm = krb5_principal_get_realm(context, in_creds->client); + + /* find tgt for the clients base realm */ + { + krb5_principal tgtname; + + ret = krb5_make_principal(context, &tgtname, + client_realm, + KRB5_TGS_NAME, + client_realm, + NULL); + if(ret) + return ret; + + ret = find_cred(context, ccache, tgtname, *ret_tgts, &tgt); + krb5_free_principal(context, tgtname); + if (ret) + return ret; + } + + referral = *in_creds; + ret = krb5_copy_principal(context, in_creds->server, &referral.server); + if (ret) { + krb5_free_cred_contents(context, &tgt); + return ret; + } + ret = krb5_principal_set_realm(context, referral.server, client_realm); + if (ret) { + krb5_free_cred_contents(context, &tgt); + krb5_free_principal(context, referral.server); + return ret; + } + + while (loop++ < 17) { + krb5_creds **tickets; + krb5_creds mcreds; + char *referral_realm; + + /* Use cache if we are not doing impersonation or contrainte deleg */ + if (impersonate_principal == NULL || flags.b.constrained_delegation) { + krb5_cc_clear_mcred(&mcreds); + mcreds.server = referral.server; + ret = krb5_cc_retrieve_cred(context, ccache, 0, &mcreds, &ticket); + } else + ret = EINVAL; + + if (ret) { + ret = get_cred_kdc_address (context, ccache, flags, NULL, + &referral, &tgt, impersonate_principal, + second_ticket, &ticket); + if (ret) + goto out; + } + + /* Did we get the right ticket ? */ + if (krb5_principal_compare_any_realm(context, + referral.server, + ticket.server)) + break; + + if (ticket.server->name.name_string.len != 2 && + strcmp(ticket.server->name.name_string.val[0], KRB5_TGS_NAME) != 0) + { + krb5_set_error_message(context, KRB5KRB_AP_ERR_NOT_US, + "Got back an non krbtgt ticket referrals"); + krb5_free_cred_contents(context, &ticket); + return KRB5KRB_AP_ERR_NOT_US; + } + + referral_realm = ticket.server->name.name_string.val[1]; + + /* check that there are no referrals loops */ + tickets = *ret_tgts; + + krb5_cc_clear_mcred(&mcreds); + mcreds.server = ticket.server; + + while(tickets && *tickets){ + if(krb5_compare_creds(context, + KRB5_TC_DONT_MATCH_REALM, + &mcreds, + *tickets)) + { + krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP, + "Referral from %s loops back to realm %s", + tgt.server->realm, + referral_realm); + krb5_free_cred_contents(context, &ticket); + return KRB5_GET_IN_TKT_LOOP; + } + tickets++; + } + + ret = add_cred(context, &ticket, ret_tgts); + if (ret) { + krb5_free_cred_contents(context, &ticket); + goto out; + } + + /* try realm in the referral */ + ret = krb5_principal_set_realm(context, + referral.server, + referral_realm); + krb5_free_cred_contents(context, &tgt); + tgt = ticket; + memset(&ticket, 0, sizeof(ticket)); + if (ret) + goto out; + } + + ret = krb5_copy_creds(context, &ticket, out_creds); + +out: + krb5_free_principal(context, referral.server); + krb5_free_cred_contents(context, &tgt); + return ret; +} + + +/* + * Glue function between referrals version and old client chasing + * codebase. + */ + +static krb5_error_code +get_cred_kdc_any(krb5_context context, + krb5_kdc_flags flags, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_principal impersonate_principal, + Ticket *second_ticket, + krb5_creds **out_creds, + krb5_creds ***ret_tgts) +{ + krb5_error_code ret; + + ret = get_cred_kdc_referral(context, + flags, + ccache, + in_creds, + impersonate_principal, + second_ticket, + out_creds, + ret_tgts); + if (ret == 0 || flags.b.canonicalize) + return ret; + return get_cred_kdc_capath(context, + flags, + ccache, + in_creds, + impersonate_principal, + second_ticket, + out_creds, + ret_tgts); +} + + krb5_error_code KRB5_LIB_FUNCTION krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, @@ -892,9 +1046,9 @@ krb5_get_cred_from_kdc_opt(krb5_context context, { krb5_kdc_flags f; f.i = flags; - return get_cred_from_kdc_flags(context, f, ccache, - in_creds, NULL, NULL, - out_creds, ret_tgts); + return get_cred_kdc_any(context, f, ccache, + in_creds, NULL, NULL, + out_creds, ret_tgts); } krb5_error_code KRB5_LIB_FUNCTION @@ -904,10 +1058,10 @@ krb5_get_cred_from_kdc(krb5_context context, krb5_creds **out_creds, krb5_creds ***ret_tgts) { - return krb5_get_cred_from_kdc_opt(context, ccache, + return krb5_get_cred_from_kdc_opt(context, ccache, in_creds, out_creds, ret_tgts, 0); } - + krb5_error_code KRB5_LIB_FUNCTION krb5_get_credentials_with_flags(krb5_context context, @@ -921,18 +1075,18 @@ krb5_get_credentials_with_flags(krb5_context context, krb5_creds **tgts; krb5_creds *res_creds; int i; - + *out_creds = NULL; res_creds = calloc(1, sizeof(*res_creds)); if (res_creds == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } if (in_creds->session.keytype) options |= KRB5_TC_MATCH_KEYTYPE; - /* + /* * If we got a credential, check if credential is expired before * returning it. */ @@ -941,7 +1095,7 @@ krb5_get_credentials_with_flags(krb5_context context, in_creds->session.keytype ? KRB5_TC_MATCH_KEYTYPE : 0, in_creds, res_creds); - /* + /* * If we got a credential, check if credential is expired before * returning it, but only if KRB5_GC_EXPIRED_OK is not set. */ @@ -953,7 +1107,7 @@ krb5_get_credentials_with_flags(krb5_context context, *out_creds = res_creds; return 0; } - + krb5_timeofday(context, &timeret); if(res_creds->times.endtime > timeret) { *out_creds = res_creds; @@ -967,18 +1121,17 @@ krb5_get_credentials_with_flags(krb5_context context, return ret; } free(res_creds); - if(options & KRB5_GC_CACHED) { - not_found(context, in_creds->server); - return KRB5_CC_NOTFOUND; - } + if(options & KRB5_GC_CACHED) + return not_found(context, in_creds->server, KRB5_CC_NOTFOUND); + if(options & KRB5_GC_USER_USER) flags.b.enc_tkt_in_skey = 1; if (flags.b.enc_tkt_in_skey) options |= KRB5_GC_NO_STORE; tgts = NULL; - ret = get_cred_from_kdc_flags(context, flags, ccache, - in_creds, NULL, NULL, out_creds, &tgts); + ret = get_cred_kdc_any(context, flags, ccache, + in_creds, NULL, NULL, out_creds, &tgts); for(i = 0; tgts && tgts[i]; i++) { krb5_cc_store_cred(context, ccache, tgts[i]); krb5_free_creds(context, tgts[i]); @@ -1015,7 +1168,7 @@ krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt) { *opt = calloc(1, sizeof(**opt)); if (*opt == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } return 0; @@ -1079,14 +1232,14 @@ krb5_get_creds_opt_set_ticket(krb5_context context, opt->ticket = malloc(sizeof(*ticket)); if (opt->ticket == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = copy_Ticket(ticket, opt->ticket); if (ret) { free(opt->ticket); opt->ticket = NULL; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); return ret; } } @@ -1109,7 +1262,7 @@ krb5_get_creds(krb5_context context, krb5_creds **tgts; krb5_creds *res_creds; int i; - + memset(&in_creds, 0, sizeof(in_creds)); in_creds.server = rk_UNCONST(inprinc); @@ -1124,7 +1277,7 @@ krb5_get_creds(krb5_context context, res_creds = calloc(1, sizeof(*res_creds)); if (res_creds == NULL) { krb5_free_principal(context, in_creds.client); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -1133,7 +1286,7 @@ krb5_get_creds(krb5_context context, options |= KRB5_TC_MATCH_KEYTYPE; } - /* + /* * If we got a credential, check if credential is expired before * returning it. */ @@ -1141,7 +1294,7 @@ krb5_get_creds(krb5_context context, ccache, opt->enctype ? KRB5_TC_MATCH_KEYTYPE : 0, &in_creds, res_creds); - /* + /* * If we got a credential, check if credential is expired before * returning it, but only if KRB5_GC_EXPIRED_OK is not set. */ @@ -1154,7 +1307,7 @@ krb5_get_creds(krb5_context context, krb5_free_principal(context, in_creds.client); return 0; } - + krb5_timeofday(context, &timeret); if(res_creds->times.endtime > timeret) { *out_creds = res_creds; @@ -1171,9 +1324,8 @@ krb5_get_creds(krb5_context context, } free(res_creds); if(options & KRB5_GC_CACHED) { - not_found(context, in_creds.server); krb5_free_principal(context, in_creds.client); - return KRB5_CC_NOTFOUND; + return not_found(context, in_creds.server, KRB5_CC_NOTFOUND); } if(options & KRB5_GC_USER_USER) { flags.b.enc_tkt_in_skey = 1; @@ -1187,11 +1339,13 @@ krb5_get_creds(krb5_context context, flags.b.request_anonymous = 1; /* XXX ARGH confusion */ flags.b.constrained_delegation = 1; } + if (options & KRB5_GC_CANONICALIZE) + flags.b.canonicalize = 1; tgts = NULL; - ret = get_cred_from_kdc_flags(context, flags, ccache, - &in_creds, opt->self, opt->ticket, - out_creds, &tgts); + ret = get_cred_kdc_any(context, flags, ccache, + &in_creds, opt->self, opt->ticket, + out_creds, &tgts); krb5_free_principal(context, in_creds.client); for(i = 0; tgts && tgts[i]; i++) { krb5_cc_store_cred(context, ccache, tgts[i]); diff --git a/source4/heimdal/lib/krb5/get_default_principal.c b/source4/heimdal/lib/krb5/get_default_principal.c index 83fb2b0fa9..5a7a7829fc 100644 --- a/source4/heimdal/lib/krb5/get_default_principal.c +++ b/source4/heimdal/lib/krb5/get_default_principal.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_default_principal.c 14870 2005-04-20 20:53:29Z lha $"); +RCSID("$Id: get_default_principal.c 23280 2008-06-23 03:26:18Z lha $"); /* * Try to find out what's a reasonable default principal. @@ -85,8 +85,8 @@ _krb5_get_default_principal_local (krb5_context context, user = getlogin(); } if(user == NULL) { - krb5_set_error_string(context, - "unable to figure out current principal"); + krb5_set_error_message(context, ENOTTY, + "unable to figure out current principal"); return ENOTTY; /* XXX */ } ret = krb5_make_principal(context, princ, NULL, user, NULL); diff --git a/source4/heimdal/lib/krb5/get_default_realm.c b/source4/heimdal/lib/krb5/get_default_realm.c index 09c8577b26..1c996031e8 100644 --- a/source4/heimdal/lib/krb5/get_default_realm.c +++ b/source4/heimdal/lib/krb5/get_default_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_default_realm.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id: get_default_realm.c 23280 2008-06-23 03:26:18Z lha $"); /* * Return a NULL-terminated list of default realms in `realms'. @@ -76,7 +76,7 @@ krb5_get_default_realm(krb5_context context, res = strdup (context->default_realms[0]); if (res == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } *realm = res; diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index cb8b7c8641..a8aac950ec 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_for_creds.c 22504 2008-01-21 15:49:58Z lha $"); +RCSID("$Id: get_for_creds.c 23316 2008-06-23 04:32:32Z lha $"); static krb5_error_code add_addrs(krb5_context context, @@ -51,8 +51,8 @@ add_addrs(krb5_context context, tmp = realloc(addr->val, (addr->len + n) * sizeof(*addr->val)); if (tmp == NULL && (addr->len + n) != 0) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } addr->val = tmp; @@ -207,7 +207,6 @@ krb5_get_forwarded_creds (krb5_context context, krb5_kdc_flags kdc_flags; krb5_crypto crypto; struct addrinfo *ai; - int save_errno; krb5_creds *ticket; paddrs = NULL; @@ -238,10 +237,10 @@ krb5_get_forwarded_creds (krb5_context context, ret = getaddrinfo (hostname, NULL, NULL, &ai); if (ret) { - save_errno = errno; - krb5_set_error_string(context, "resolving %s: %s", + krb5_error_code ret2 = krb5_eai_to_heim_errno(ret, errno); + krb5_set_error_message(context, ret2, "resolving %s: %s", hostname, gai_strerror(ret)); - return krb5_eai_to_heim_errno(ret, save_errno); + return ret2; } ret = add_addrs (context, &addrs, ai); @@ -269,7 +268,7 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC_SEQ(&cred.tickets, 1); if (cred.tickets.val == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out2; } ret = decode_Ticket(out_creds->ticket.data, @@ -282,7 +281,7 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC_SEQ(&enc_krb_cred_part.ticket_info, 1); if (enc_krb_cred_part.ticket_info.val == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out4; } @@ -295,14 +294,14 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC(enc_krb_cred_part.timestamp, 1); if (enc_krb_cred_part.timestamp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out4; } *enc_krb_cred_part.timestamp = sec; ALLOC(enc_krb_cred_part.usec, 1); if (enc_krb_cred_part.usec == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out4; } *enc_krb_cred_part.usec = usec; @@ -346,7 +345,7 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC(enc_krb_cred_part.r_address, 1); if (enc_krb_cred_part.r_address == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out4; } diff --git a/source4/heimdal/lib/krb5/get_host_realm.c b/source4/heimdal/lib/krb5/get_host_realm.c index d709e4b38d..f4c875b347 100644 --- a/source4/heimdal/lib/krb5/get_host_realm.c +++ b/source4/heimdal/lib/krb5/get_host_realm.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: get_host_realm.c 18541 2006-10-17 19:28:36Z lha $"); +RCSID("$Id: get_host_realm.c 23316 2008-06-23 04:32:32Z lha $"); /* To automagically find the correct realm of a host (without * [domain_realm] in krb5.conf) add a text record for your domain with @@ -55,7 +55,7 @@ copy_txt_to_realms (struct resource_record *head, krb5_realm **realms) { struct resource_record *rr; - int n, i; + unsigned int n, i; for(n = 0, rr = head; rr; rr = rr->next) if (rr->type == T_TXT) @@ -192,21 +192,22 @@ _krb5_get_host_realm_int (krb5_context context, p++; *realms = malloc(2 * sizeof(krb5_realm)); if (*realms == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*realms)[0] = strdup(p); if((*realms)[0] == NULL) { free(*realms); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } strupr((*realms)[0]); (*realms)[1] = NULL; return 0; } - krb5_set_error_string(context, "unable to find realm of host %s", host); + krb5_set_error_message(context, KRB5_ERR_HOST_REALM_UNKNOWN, + "unable to find realm of host %s", host); return KRB5_ERR_HOST_REALM_UNKNOWN; } @@ -248,8 +249,9 @@ krb5_get_host_realm(krb5_context context, */ ret = krb5_get_default_realms(context, realms); if (ret) { - krb5_set_error_string(context, "Unable to find realm of host %s", - host); + krb5_set_error_message(context, KRB5_ERR_HOST_REALM_UNKNOWN, + "Unable to find realm of host %s", + host); return KRB5_ERR_HOST_REALM_UNKNOWN; } } diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c index a9ed3857d0..8bdc8c0eb2 100644 --- a/source4/heimdal/lib/krb5/get_in_tkt.c +++ b/source4/heimdal/lib/krb5/get_in_tkt.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt.c 20226 2007-02-16 03:31:50Z lha $"); +RCSID("$Id: get_in_tkt.c 23316 2008-06-23 04:32:32Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_init_etype (krb5_context context, @@ -41,7 +41,7 @@ krb5_init_etype (krb5_context context, krb5_enctype **val, const krb5_enctype *etypes) { - int i; + unsigned int i; krb5_error_code ret; krb5_enctype *tmp = NULL; @@ -60,7 +60,7 @@ krb5_init_etype (krb5_context context, *val = malloc(i * sizeof(**val)); if (i != 0 && *val == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto cleanup; } memmove (*val, @@ -72,6 +72,225 @@ cleanup: return ret; } +static krb5_error_code +check_server_referral(krb5_context context, + krb5_kdc_rep *rep, + unsigned flags, + krb5_const_principal requested, + krb5_const_principal returned, + const krb5_keyblock const * key) +{ + krb5_error_code ret; + PA_ServerReferralData ref; + krb5_crypto session; + EncryptedData ed; + size_t len; + krb5_data data; + PA_DATA *pa; + int i = 0, cmp; + + if (rep->kdc_rep.padata == NULL) + goto noreferral; + + pa = krb5_find_padata(rep->kdc_rep.padata->val, + rep->kdc_rep.padata->len, + KRB5_PADATA_SERVER_REFERRAL, &i); + if (pa == NULL) + goto noreferral; + + memset(&ed, 0, sizeof(ed)); + memset(&ref, 0, sizeof(ref)); + + ret = decode_EncryptedData(pa->padata_value.data, + pa->padata_value.length, + &ed, &len); + if (ret) + return ret; + if (len != pa->padata_value.length) { + free_EncryptedData(&ed); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, "Referral EncryptedData wrong"); + return KRB5KRB_AP_ERR_MODIFIED; + } + + ret = krb5_crypto_init(context, key, 0, &session); + if (ret) { + free_EncryptedData(&ed); + return ret; + } + + ret = krb5_decrypt_EncryptedData(context, session, + KRB5_KU_PA_SERVER_REFERRAL, + &ed, &data); + free_EncryptedData(&ed); + krb5_crypto_destroy(context, session); + if (ret) + return ret; + + ret = decode_PA_ServerReferralData(data.data, data.length, &ref, &len); + if (ret) { + krb5_data_free(&data); + return ret; + } + krb5_data_free(&data); + + if (strcmp(requested->realm, returned->realm) != 0) { + free_PA_ServerReferralData(&ref); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + "server ref realm mismatch"); + return KRB5KRB_AP_ERR_MODIFIED; + } + + if (returned->name.name_string.len == 2 && + strcmp(returned->name.name_string.val[0], KRB5_TGS_NAME) == 0) + { + const char *realm = returned->name.name_string.val[1]; + + if (ref.referred_realm == NULL + || strcmp(*ref.referred_realm, realm) != 0) + { + free_PA_ServerReferralData(&ref); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + "tgt returned with wrong ref"); + return KRB5KRB_AP_ERR_MODIFIED; + } + } else if (krb5_principal_compare(context, returned, requested) == 0) { + free_PA_ServerReferralData(&ref); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + "req princ no same as returned"); + return KRB5KRB_AP_ERR_MODIFIED; + } + + if (ref.requested_principal_name) { + cmp = _krb5_principal_compare_PrincipalName(context, + requested, + ref.requested_principal_name); + if (!cmp) { + free_PA_ServerReferralData(&ref); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + "compare requested failed"); + return KRB5KRB_AP_ERR_MODIFIED; + } + } else if (flags & EXTRACT_TICKET_AS_REQ) { + free_PA_ServerReferralData(&ref); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + "Requested principal missing on AS-REQ"); + return KRB5KRB_AP_ERR_MODIFIED; + } + + free_PA_ServerReferralData(&ref); + + return ret; +noreferral: + if (krb5_principal_compare(context, requested, returned) == FALSE) { + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + "Not same server principal returned " + "as requested"); + return KRB5KRB_AP_ERR_MODIFIED; + } + return 0; +} + + +/* + * Verify referral data + */ + + +static krb5_error_code +check_client_referral(krb5_context context, + krb5_kdc_rep *rep, + krb5_const_principal requested, + krb5_const_principal mapped, + krb5_keyblock const * key) +{ + krb5_error_code ret; + PA_ClientCanonicalized canon; + krb5_crypto crypto; + krb5_data data; + PA_DATA *pa; + size_t len; + int i = 0; + + if (rep->kdc_rep.padata == NULL) + goto noreferral; + + pa = krb5_find_padata(rep->kdc_rep.padata->val, + rep->kdc_rep.padata->len, + KRB5_PADATA_CLIENT_CANONICALIZED, &i); + if (pa == NULL) + goto noreferral; + + ret = decode_PA_ClientCanonicalized(pa->padata_value.data, + pa->padata_value.length, + &canon, &len); + if (ret) { + krb5_set_error_message(context, ret, "Failed to decode " + "PA_ClientCanonicalized"); + return ret; + } + + ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length, + &canon.names, &len, ret); + if (ret) { + free_PA_ClientCanonicalized(&canon); + return ret; + } + if (data.length != len) + krb5_abortx(context, "internal asn.1 error"); + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) { + free(data.data); + free_PA_ClientCanonicalized(&canon); + return ret; + } + + ret = krb5_verify_checksum(context, crypto, KRB5_KU_CANONICALIZED_NAMES, + data.data, data.length, + &canon.canon_checksum); + krb5_crypto_destroy(context, crypto); + free(data.data); + if (ret) { + krb5_set_error_message(context, ret, "Failed to verify " + "client canonicalized data"); + free_PA_ClientCanonicalized(&canon); + return ret; + } + + if (!_krb5_principal_compare_PrincipalName(context, + requested, + &canon.names.requested_name)) + { + free_PA_ClientCanonicalized(&canon); + krb5_set_error_message(context, KRB5_PRINC_NOMATCH, + "Requested name doesn't match" + " in client referral"); + return KRB5_PRINC_NOMATCH; + } + if (!_krb5_principal_compare_PrincipalName(context, + mapped, + &canon.names.mapped_name)) + { + free_PA_ClientCanonicalized(&canon); + krb5_set_error_message(context, KRB5_PRINC_NOMATCH, + "Mapped name doesn't match" + " in client referral"); + return KRB5_PRINC_NOMATCH; + } + + return 0; + +noreferral: + if (krb5_principal_compare(context, requested, mapped) == FALSE) { + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + "Not same client principal returned " + "as requested"); + return KRB5KRB_AP_ERR_MODIFIED; + } + return 0; +} + + static krb5_error_code decrypt_tkt (krb5_context context, @@ -117,9 +336,9 @@ decrypt_tkt (krb5_context context, } int -_krb5_extract_ticket(krb5_context context, - krb5_kdc_rep *rep, - krb5_creds *creds, +_krb5_extract_ticket(krb5_context context, + krb5_kdc_rep *rep, + krb5_creds *creds, krb5_keyblock *key, krb5_const_pointer keyseed, krb5_key_usage key_usage, @@ -131,83 +350,86 @@ _krb5_extract_ticket(krb5_context context, { krb5_error_code ret; krb5_principal tmp_principal; - int tmp; size_t len; time_t tmp_time; krb5_timestamp sec_now; -/* - * HACK: - * this is really a ugly hack, to support using the Netbios Domain Name - * as realm against windows KDC's, they always return the full realm - * based on the DNS Name. - */ -flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; -flags |=EXTRACT_TICKET_ALLOW_CNAME_MISMATCH ; + /* decrypt */ + + if (decrypt_proc == NULL) + decrypt_proc = decrypt_tkt; + + ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep); + if (ret) + goto out; + + /* save session key */ + + creds->session.keyvalue.length = 0; + creds->session.keyvalue.data = NULL; + creds->session.keytype = rep->enc_part.key.keytype; + ret = krb5_data_copy (&creds->session.keyvalue, + rep->enc_part.key.keyvalue.data, + rep->enc_part.key.keyvalue.length); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + + /* + * HACK: + * this is really a ugly hack, to support using the Netbios Domain Name + * as realm against windows KDC's, they always return the full realm + * based on the DNS Name. + */ + flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; + flags |=EXTRACT_TICKET_ALLOW_CNAME_MISMATCH ; + - ret = _krb5_principalname2krb5_principal (context, + /* compare client and save */ + ret = _krb5_principalname2krb5_principal (context, &tmp_principal, rep->kdc_rep.cname, rep->kdc_rep.crealm); if (ret) goto out; - /* compare client */ - - if((flags & EXTRACT_TICKET_ALLOW_CNAME_MISMATCH) == 0){ - tmp = krb5_principal_compare (context, tmp_principal, creds->client); - if (!tmp) { + /* check client referral and save principal */ + /* anonymous here ? */ + if((flags & EXTRACT_TICKET_ALLOW_CNAME_MISMATCH) == 0) { + ret = check_client_referral(context, rep, + creds->client, + tmp_principal, + &creds->session); + if (ret) { krb5_free_principal (context, tmp_principal); - krb5_clear_error_string (context); - ret = KRB5KRB_AP_ERR_MODIFIED; goto out; } } - krb5_free_principal (context, creds->client); creds->client = tmp_principal; - /* extract ticket */ - ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, - &rep->kdc_rep.ticket, &len, ret); - if(ret) - goto out; - if (creds->ticket.length != len) - krb5_abortx(context, "internal error in ASN.1 encoder"); - creds->second_ticket.length = 0; - creds->second_ticket.data = NULL; - - /* compare server */ - + /* check server referral and save principal */ ret = _krb5_principalname2krb5_principal (context, &tmp_principal, rep->kdc_rep.ticket.sname, rep->kdc_rep.ticket.realm); if (ret) goto out; - if(flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH){ - krb5_free_principal(context, creds->server); - creds->server = tmp_principal; - tmp_principal = NULL; - } else { - tmp = krb5_principal_compare (context, tmp_principal, - creds->server); - krb5_free_principal (context, tmp_principal); - if (!tmp) { - ret = KRB5KRB_AP_ERR_MODIFIED; - krb5_clear_error_string (context); + if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){ + ret = check_server_referral(context, + rep, + flags, + creds->server, + tmp_principal, + &creds->session); + if (ret) { + krb5_free_principal (context, tmp_principal); goto out; } } - - /* decrypt */ - - if (decrypt_proc == NULL) - decrypt_proc = decrypt_tkt; - - ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep); - if (ret) - goto out; + krb5_free_principal(context, creds->server); + creds->server = tmp_principal; /* verify names */ if(flags & EXTRACT_TICKET_MATCH_REALM){ @@ -227,7 +449,7 @@ flags |=EXTRACT_TICKET_ALLOW_CNAME_MISMATCH ; if (nonce != rep->enc_part.nonce) { ret = KRB5KRB_AP_ERR_MODIFIED; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -254,7 +476,7 @@ flags |=EXTRACT_TICKET_ALLOW_CNAME_MISMATCH ; if (creds->times.starttime == 0 && abs(tmp_time - sec_now) > context->max_skew) { ret = KRB5KRB_AP_ERR_SKEW; - krb5_set_error_string (context, + krb5_set_error_message (context, ret, "time skew (%d) larger than max (%d)", abs(tmp_time - sec_now), (int)context->max_skew); @@ -307,12 +529,17 @@ flags |=EXTRACT_TICKET_ALLOW_CNAME_MISMATCH ; creds->authdata.len = 0; creds->authdata.val = NULL; - creds->session.keyvalue.length = 0; - creds->session.keyvalue.data = NULL; - creds->session.keytype = rep->enc_part.key.keytype; - ret = krb5_data_copy (&creds->session.keyvalue, - rep->enc_part.key.keyvalue.data, - rep->enc_part.key.keyvalue.length); + + /* extract ticket */ + ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, + &rep->kdc_rep.ticket, &len, ret); + if(ret) + goto out; + if (creds->ticket.length != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + creds->second_ticket.length = 0; + creds->second_ticket.data = NULL; + out: memset (rep->enc_part.key.keyvalue.data, 0, @@ -402,7 +629,7 @@ add_padata(krb5_context context, } pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val)); if (pa2 == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } md->val = pa2; @@ -449,13 +676,13 @@ init_as_req (krb5_context context, a->req_body.cname = malloc(sizeof(*a->req_body.cname)); if (a->req_body.cname == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } a->req_body.sname = malloc(sizeof(*a->req_body.sname)); if (a->req_body.sname == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } ret = _krb5_principal2principalname (a->req_body.cname, creds->client); @@ -472,7 +699,7 @@ init_as_req (krb5_context context, a->req_body.from = malloc(sizeof(*a->req_body.from)); if (a->req_body.from == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } *a->req_body.from = creds->times.starttime; @@ -485,7 +712,7 @@ init_as_req (krb5_context context, a->req_body.rtime = malloc(sizeof(*a->req_body.rtime)); if (a->req_body.rtime == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } *a->req_body.rtime = creds->times.renew_till; @@ -508,7 +735,7 @@ init_as_req (krb5_context context, a->req_body.addresses = malloc(sizeof(*a->req_body.addresses)); if (a->req_body.addresses == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } @@ -533,7 +760,7 @@ init_as_req (krb5_context context, ALLOC(a->padata, 1); if(a->padata == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } a->padata->val = NULL; @@ -572,7 +799,7 @@ init_as_req (krb5_context context, ALLOC(a->padata, 1); if (a->padata == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } a->padata->len = 0; @@ -590,9 +817,9 @@ init_as_req (krb5_context context, key_proc, keyseed, a->req_body.etype.val, a->req_body.etype.len, &salt); } else { - krb5_set_error_string (context, "pre-auth type %d not supported", - *ptypes); ret = KRB5_PREAUTH_BAD_TYPE; + krb5_set_error_message (context, ret, "pre-auth type %d not supported", + *ptypes); goto fail; } return 0; diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c index a59c903bd9..74c9ff78e5 100644 --- a/source4/heimdal/lib/krb5/init_creds.c +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds.c 21711 2007-07-27 14:22:02Z lha $"); +RCSID("$Id: init_creds.c 23316 2008-06-23 04:32:32Z lha $"); void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) @@ -52,13 +52,13 @@ krb5_get_init_creds_opt_alloc(krb5_context context, *opt = NULL; o = calloc(1, sizeof(*o)); if (o == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_get_init_creds_opt_init(o); o->opt_private = calloc(1, sizeof(*o->opt_private)); if (o->opt_private == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); free(o); return ENOMEM; } @@ -77,7 +77,7 @@ _krb5_get_init_creds_opt_copy(krb5_context context, *out = NULL; opt = calloc(1, sizeof(*opt)); if (opt == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } if (in) @@ -85,7 +85,7 @@ _krb5_get_init_creds_opt_copy(krb5_context context, if(opt->opt_private == NULL) { opt->opt_private = calloc(1, sizeof(*opt->opt_private)); if (opt->opt_private == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); free(opt); return ENOMEM; } @@ -327,7 +327,7 @@ require_ext_opt(krb5_context context, const char *type) { if (opt->opt_private == NULL) { - krb5_set_error_string(context, "%s on non extendable opt", type); + krb5_set_error_message(context, EINVAL, "%s on non extendable opt", type); return EINVAL; } return 0; @@ -381,7 +381,7 @@ krb5_get_init_creds_opt_get_error(krb5_context context, *error = malloc(sizeof(**error)); if (*error == NULL) { - krb5_set_error_string(context, "malloc - out memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index 441adff8fd..e3098b0a92 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c 21931 2007-08-27 14:11:55Z lha $"); +RCSID("$Id: init_creds_pw.c 23316 2008-06-23 04:32:32Z lha $"); typedef struct krb5_get_init_creds_ctx { KDCOptions flags; @@ -165,14 +165,10 @@ init_cred (krb5_context context, } if (in_tkt_service) { - krb5_realm server_realm; - ret = krb5_parse_name (context, in_tkt_service, &cred->server); if (ret) goto out; - server_realm = strdup (client_realm); - free (*krb5_princ_realm(context, cred->server)); - krb5_princ_set_realm (context, cred->server, &server_realm); + krb5_principal_set_realm (context, cred->server, client_realm); } else { ret = krb5_make_principal(context, &cred->server, client_realm, KRB5_TGS_NAME, client_realm, @@ -340,7 +336,7 @@ get_init_creds_common(krb5_context context, etypes = malloc((options->etype_list_length + 1) * sizeof(krb5_enctype)); if (etypes == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy (etypes, options->etype_list, @@ -352,7 +348,7 @@ get_init_creds_common(krb5_context context, pre_auth_types = malloc((options->preauth_list_length + 1) * sizeof(krb5_preauthtype)); if (pre_auth_types == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy (pre_auth_types, options->preauth_list, @@ -445,12 +441,13 @@ change_password (krb5_context context, memset (buf2, 0, sizeof(buf2)); } - ret = krb5_change_password (context, - &cpw_cred, - buf1, - &result_code, - &result_code_string, - &result_string); + ret = krb5_set_password (context, + &cpw_cred, + buf1, + client, + &result_code, + &result_code_string, + &result_string); if (ret) goto out; asprintf (&p, "%s: %.*s\n", @@ -464,8 +461,8 @@ change_password (krb5_context context, strlcpy (newpw, buf1, newpw_sz); ret = 0; } else { - krb5_set_error_string (context, "failed changing password"); ret = ENOTTY; + krb5_set_error_message(context, ret, "failed changing password"); } out: @@ -507,8 +504,8 @@ krb5_get_init_creds_keytab(krb5_context context, a = malloc (sizeof(*a)); if (a == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } a->principal = ctx.cred.client; @@ -560,13 +557,13 @@ init_creds_init_as_req (krb5_context context, a->req_body.cname = malloc(sizeof(*a->req_body.cname)); if (a->req_body.cname == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } a->req_body.sname = malloc(sizeof(*a->req_body.sname)); if (a->req_body.sname == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } @@ -585,7 +582,7 @@ init_creds_init_as_req (krb5_context context, a->req_body.from = malloc(sizeof(*a->req_body.from)); if (a->req_body.from == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } *a->req_body.from = creds->times.starttime; @@ -598,7 +595,7 @@ init_creds_init_as_req (krb5_context context, a->req_body.rtime = malloc(sizeof(*a->req_body.rtime)); if (a->req_body.rtime == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } *a->req_body.rtime = creds->times.renew_till; @@ -621,7 +618,7 @@ init_creds_init_as_req (krb5_context context, a->req_body.addresses = malloc(sizeof(*a->req_body.addresses)); if (a->req_body.addresses == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } @@ -1036,7 +1033,7 @@ pa_data_to_md_pkinit(krb5_context context, ctx->pk_nonce, md); #else - krb5_set_error_string(context, "no support for PKINIT compiled in"); + krb5_set_error_message(context, EINVAL, "no support for PKINIT compiled in"); return EINVAL; #endif } @@ -1093,7 +1090,7 @@ process_pa_data_to_md(krb5_context context, ALLOC(*out_md, 1); if (*out_md == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*out_md)->len = 0; @@ -1191,15 +1188,15 @@ process_pa_data_to_key(krb5_context context, pa, key); #else - krb5_set_error_string(context, "no support for PKINIT compiled in"); ret = EINVAL; + krb5_set_error_message(context, ret, "no support for PKINIT compiled in"); #endif } else if (ctx->password) ret = pa_data_to_key_plain(context, creds->client, ctx, paid.salt, paid.s2kparams, etype, key); else { - krb5_set_error_string(context, "No usable pa data type"); ret = EINVAL; + krb5_set_error_message(context, ret, "No usable pa data type"); } free_paid(context, &paid); @@ -1325,8 +1322,8 @@ init_cred_loop(krb5_context context, &md, NULL); if (ret) - krb5_set_error_string(context, - "failed to decode METHOD DATA"); + krb5_set_error_message(context, ret, + "failed to decode METHOD DATA"); } else { /* XXX guess what the server want here add add md */ } @@ -1348,15 +1345,16 @@ init_cred_loop(krb5_context context, { krb5_keyblock *key = NULL; - unsigned flags = 0; + unsigned flags = EXTRACT_TICKET_AS_REQ; if (ctx->flags.request_anonymous) flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; if (ctx->flags.canonicalize) { - flags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH; flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; flags |= EXTRACT_TICKET_MATCH_REALM; } + if (ctx->ic_flags & KRB5_INIT_CREDS_NO_C_CANON_CHECK) + flags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH; ret = process_pa_data_to_key(context, ctx, creds, &ctx->as_req, &rep, hi, &key); @@ -1376,60 +1374,6 @@ init_cred_loop(krb5_context context, NULL); krb5_free_keyblock(context, key); } - /* - * Verify referral data - */ - if ((ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) && - (ctx->ic_flags & KRB5_INIT_CREDS_NO_C_CANON_CHECK) == 0) - { - PA_ClientCanonicalized canon; - krb5_crypto crypto; - krb5_data data; - PA_DATA *pa; - size_t len; - - pa = find_pa_data(rep.kdc_rep.padata, KRB5_PADATA_CLIENT_CANONICALIZED); - if (pa == NULL) { - ret = EINVAL; - krb5_set_error_string(context, "Client canonicalizion not signed"); - goto out; - } - - ret = decode_PA_ClientCanonicalized(pa->padata_value.data, - pa->padata_value.length, - &canon, &len); - if (ret) { - krb5_set_error_string(context, "Failed to decode " - "PA_ClientCanonicalized"); - goto out; - } - - ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length, - &canon.names, &len, ret); - if (ret) - goto out; - if (data.length != len) - krb5_abortx(context, "internal asn.1 error"); - - ret = krb5_crypto_init(context, &creds->session, 0, &crypto); - if (ret) { - free(data.data); - free_PA_ClientCanonicalized(&canon); - goto out; - } - - ret = krb5_verify_checksum(context, crypto, KRB5_KU_CANONICALIZED_NAMES, - data.data, data.length, - &canon.canon_checksum); - krb5_crypto_destroy(context, crypto); - free(data.data); - free_PA_ClientCanonicalized(&canon); - if (ret) { - krb5_set_error_string(context, "Failed to verify " - "client canonicalized data"); - goto out; - } - } out: if (stctx) krb5_sendto_ctx_free(context, stctx); diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c index 8afaa6ea80..0c91fbb3a0 100644 --- a/source4/heimdal/lib/krb5/kcm.c +++ b/source4/heimdal/lib/krb5/kcm.c @@ -43,7 +43,7 @@ #include "kcm.h" -RCSID("$Id: kcm.c 22108 2007-12-03 17:23:53Z lha $"); +RCSID("$Id: kcm.c 23446 2008-07-27 12:08:37Z lha $"); typedef struct krb5_kcmcache { char *name; @@ -56,7 +56,8 @@ typedef struct krb5_kcmcache { #define KCMCURSOR(C) (*(uint32_t *)(C)) static krb5_error_code -try_door(krb5_context context, const krb5_kcmcache *k, +try_door(krb5_context context, + krb5_kcmcache *k, krb5_data *request_data, krb5_data *response_data) { @@ -70,6 +71,7 @@ try_door(krb5_context context, const krb5_kcmcache *k, fd = open(k->door_path, O_RDWR); if (fd < 0) return KRB5_CC_IO; + rk_cloexec(fd); arg.data_ptr = request_data->data; arg.data_size = request_data->length; @@ -95,7 +97,8 @@ try_door(krb5_context context, const krb5_kcmcache *k, } static krb5_error_code -try_unix_socket(krb5_context context, const krb5_kcmcache *k, +try_unix_socket(krb5_context context, + krb5_kcmcache *k, krb5_data *request_data, krb5_data *response_data) { @@ -105,7 +108,8 @@ try_unix_socket(krb5_context context, const krb5_kcmcache *k, fd = socket(AF_UNIX, SOCK_STREAM, 0); if (fd < 0) return KRB5_CC_IO; - + rk_cloexec(fd); + if (connect(fd, rk_UNCONST(&k->path), sizeof(k->path)) != 0) { close(fd); return KRB5_CC_IO; @@ -136,7 +140,7 @@ kcm_send_request(krb5_context context, return KRB5_CC_NOMEM; } - ret = KRB5_CC_IO; + ret = KRB5_CC_NOSUPP; for (i = 0; i < context->max_retries; i++) { ret = try_door(context, k, &request_data, response_data); @@ -151,7 +155,7 @@ kcm_send_request(krb5_context context, if (ret) { krb5_clear_error_string(context); - ret = KRB5_CC_IO; + ret = KRB5_CC_NOSUPP; } return ret; @@ -169,7 +173,7 @@ kcm_storage_request(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, "malloc: out of memory"); return KRB5_CC_NOMEM; } @@ -187,7 +191,7 @@ kcm_storage_request(krb5_context context, *storage_p = sp; fail: if (ret) { - krb5_set_error_string(context, "Failed to encode request"); + krb5_set_error_message(context, ret, "Failed to encode request"); krb5_storage_free(sp); } @@ -202,7 +206,7 @@ kcm_alloc(krb5_context context, const char *name, krb5_ccache *id) k = malloc(sizeof(*k)); if (k == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, "malloc: out of memory"); return KRB5_CC_NOMEM; } @@ -210,7 +214,7 @@ kcm_alloc(krb5_context context, const char *name, krb5_ccache *id) k->name = strdup(name); if (k->name == NULL) { free(k); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, "malloc: out of memory"); return KRB5_CC_NOMEM; } } else @@ -822,7 +826,7 @@ kcm_set_flags(krb5_context context, return ret; } -static krb5_error_code +static int kcm_get_version(krb5_context context, krb5_ccache id) { @@ -832,8 +836,30 @@ kcm_get_version(krb5_context context, static krb5_error_code kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to) { - krb5_set_error_string(context, "kcm_move not implemented"); - return EINVAL; + krb5_error_code ret; + krb5_kcmcache *oldk = KCMCACHE(from); + krb5_kcmcache *newk = KCMCACHE(to); + krb5_storage *request; + + ret = kcm_storage_request(context, KCM_OP_MOVE_CACHE, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, oldk->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_stringz(request, newk->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + ret = kcm_call(context, oldk, request, NULL, NULL); + + krb5_storage_free(request); + return ret; } static krb5_error_code @@ -850,7 +876,8 @@ kcm_default_name(krb5_context context, char **str) * @ingroup krb5_ccache */ -const krb5_cc_ops krb5_kcm_ops = { +KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops = { + KRB5_CC_OPS_VERSION, "KCM", kcm_get_name, kcm_resolve, @@ -1118,5 +1145,4 @@ _krb5_kcm_get_ticket(krb5_context context, return ret; } - #endif /* HAVE_KCM */ diff --git a/source4/heimdal/lib/krb5/keyblock.c b/source4/heimdal/lib/krb5/keyblock.c index ff4f972e57..fa19e1e726 100644 --- a/source4/heimdal/lib/krb5/keyblock.c +++ b/source4/heimdal/lib/krb5/keyblock.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keyblock.c 15167 2005-05-18 04:21:57Z lha $"); +RCSID("$Id: keyblock.c 23316 2008-06-23 04:32:32Z lha $"); void KRB5_LIB_FUNCTION krb5_keyblock_zero(krb5_keyblock *keyblock) @@ -81,7 +81,7 @@ krb5_copy_keyblock (krb5_context context, k = malloc (sizeof(*k)); if (k == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } *to = k; @@ -116,15 +116,16 @@ krb5_keyblock_init(krb5_context context, return ret; if (len != size) { - krb5_set_error_string(context, "Encryption key %d is %lu bytes " - "long, %lu was passed in", - type, (unsigned long)len, (unsigned long)size); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "Encryption key %d is %lu bytes " + "long, %lu was passed in", + type, (unsigned long)len, (unsigned long)size); return KRB5_PROG_ETYPE_NOSUPP; } ret = krb5_data_copy(&key->keyvalue, data, len); if(ret) { - krb5_set_error_string(context, "malloc failed: %lu", - (unsigned long)len); + krb5_set_error_message(context, ret, "malloc failed: %lu", + (unsigned long)len); return ret; } key->keytype = type; diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c index 79a3f20e79..09e130d850 100644 --- a/source4/heimdal/lib/krb5/keytab.c +++ b/source4/heimdal/lib/krb5/keytab.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab.c 22532 2008-01-27 11:59:18Z lha $"); +RCSID("$Id: keytab.c 23316 2008-06-23 04:32:32Z lha $"); /* * Register a new keytab in `ops' @@ -47,14 +47,15 @@ krb5_kt_register(krb5_context context, struct krb5_keytab_data *tmp; if (strlen(ops->prefix) > KRB5_KT_PREFIX_MAX_LEN - 1) { - krb5_set_error_string(context, "krb5_kt_register; prefix too long"); + krb5_set_error_message(context, KRB5_KT_BADNAME, + "krb5_kt_register; prefix too long"); return KRB5_KT_BADNAME; } tmp = realloc(context->kt_types, (context->num_kt_types + 1) * sizeof(*context->kt_types)); if(tmp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy(&tmp[context->num_kt_types], ops, @@ -97,14 +98,15 @@ krb5_kt_resolve(krb5_context context, break; } if(i == context->num_kt_types) { - krb5_set_error_string(context, "unknown keytab type %.*s", - (int)type_len, type); + krb5_set_error_message(context, KRB5_KT_UNKNOWN_TYPE, + "unknown keytab type %.*s", + (int)type_len, type); return KRB5_KT_UNKNOWN_TYPE; } k = malloc (sizeof(*k)); if (k == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy(k, &context->kt_types[i], sizeof(*k)); @@ -265,7 +267,7 @@ krb5_kt_get_full_name(krb5_context context, return ret; if (asprintf(str, "%s:%s", type, name) == -1) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); *str = NULL; return ENOMEM; } @@ -377,12 +379,12 @@ krb5_kt_get_entry(krb5_context context, else kvno_str[0] = '\0'; - krb5_set_error_string (context, - "Failed to find %s%s in keytab %s (%s)", - princ, - kvno_str, - kt_name ? kt_name : "unknown keytab", - enctype_str ? enctype_str : "unknown enctype"); + krb5_set_error_message (context, KRB5_KT_NOTFOUND, + "Failed to find %s%s in keytab %s (%s)", + princ, + kvno_str, + kt_name ? kt_name : "unknown keytab", + enctype_str ? enctype_str : "unknown enctype"); free(kt_name); free(enctype_str); return KRB5_KT_NOTFOUND; @@ -443,9 +445,9 @@ krb5_kt_start_seq_get(krb5_context context, krb5_kt_cursor *cursor) { if(id->start_seq_get == NULL) { - krb5_set_error_string(context, - "start_seq_get is not supported in the %s " - " keytab", id->prefix); + krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP, + "start_seq_get is not supported in the %s " + " keytab", id->prefix); return HEIM_ERR_OPNOTSUPP; } return (*id->start_seq_get)(context, id, cursor); @@ -464,9 +466,9 @@ krb5_kt_next_entry(krb5_context context, krb5_kt_cursor *cursor) { if(id->next_entry == NULL) { - krb5_set_error_string(context, - "next_entry is not supported in the %s " - " keytab", id->prefix); + krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP, + "next_entry is not supported in the %s " + " keytab", id->prefix); return HEIM_ERR_OPNOTSUPP; } return (*id->next_entry)(context, id, entry, cursor); @@ -482,9 +484,9 @@ krb5_kt_end_seq_get(krb5_context context, krb5_kt_cursor *cursor) { if(id->end_seq_get == NULL) { - krb5_set_error_string(context, - "end_seq_get is not supported in the %s " - " keytab", id->prefix); + krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP, + "end_seq_get is not supported in the %s " + " keytab", id->prefix); return HEIM_ERR_OPNOTSUPP; } return (*id->end_seq_get)(context, id, cursor); @@ -501,8 +503,9 @@ krb5_kt_add_entry(krb5_context context, krb5_keytab_entry *entry) { if(id->add == NULL) { - krb5_set_error_string(context, "Add is not supported in the %s keytab", - id->prefix); + krb5_set_error_message(context, KRB5_KT_NOWRITE, + "Add is not supported in the %s keytab", + id->prefix); return KRB5_KT_NOWRITE; } entry->timestamp = time(NULL); @@ -520,9 +523,9 @@ krb5_kt_remove_entry(krb5_context context, krb5_keytab_entry *entry) { if(id->remove == NULL) { - krb5_set_error_string(context, - "Remove is not supported in the %s keytab", - id->prefix); + krb5_set_error_message(context, KRB5_KT_NOWRITE, + "Remove is not supported in the %s keytab", + id->prefix); return KRB5_KT_NOWRITE; } return (*id->remove)(context, id, entry); diff --git a/source4/heimdal/lib/krb5/keytab_any.c b/source4/heimdal/lib/krb5/keytab_any.c index 54272d4845..9e93191045 100644 --- a/source4/heimdal/lib/krb5/keytab_any.c +++ b/source4/heimdal/lib/krb5/keytab_any.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_any.c 17035 2006-04-10 09:20:13Z lha $"); +RCSID("$Id: keytab_any.c 23316 2008-06-23 04:32:32Z lha $"); struct any_data { krb5_keytab kt; @@ -72,8 +72,8 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id) a0 = a; a->name = strdup(buf); if (a->name == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto fail; } } else @@ -87,7 +87,7 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id) prev = a; } if (a0 == NULL) { - krb5_set_error_string(context, "empty ANY: keytab"); + krb5_set_error_message(context, ENOENT, "empty ANY: keytab"); return ENOENT; } id->data = a0; @@ -134,7 +134,7 @@ any_start_seq_get(krb5_context context, c->data = malloc (sizeof(struct any_cursor_extra_data)); if(c->data == NULL){ - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ed = (struct any_cursor_extra_data *)c->data; @@ -206,8 +206,8 @@ any_add_entry(krb5_context context, while(a != NULL) { ret = krb5_kt_add_entry(context, a->kt, entry); if(ret != 0 && ret != KRB5_KT_NOWRITE) { - krb5_set_error_string(context, "failed to add entry to %s", - a->name); + krb5_set_error_message(context, ret, "failed to add entry to %s", + a->name); return ret; } a = a->next; @@ -229,8 +229,9 @@ any_remove_entry(krb5_context context, found++; else { if(ret != KRB5_KT_NOWRITE && ret != KRB5_KT_NOTFOUND) { - krb5_set_error_string(context, "failed to remove entry from %s", - a->name); + krb5_set_error_message(context, ret, + "Failed to remove keytab entry from %s", + a->name); return ret; } } diff --git a/source4/heimdal/lib/krb5/keytab_file.c b/source4/heimdal/lib/krb5/keytab_file.c index be195d96c2..e830ab3412 100644 --- a/source4/heimdal/lib/krb5/keytab_file.c +++ b/source4/heimdal/lib/krb5/keytab_file.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_file.c 22532 2008-01-27 11:59:18Z lha $"); +RCSID("$Id: keytab_file.c 23469 2008-07-27 12:17:12Z lha $"); #define KRB5_KT_VNO_1 1 #define KRB5_KT_VNO_2 2 @@ -62,7 +62,7 @@ krb5_kt_ret_data(krb5_context context, data->length = size; data->data = malloc(size); if (data->data == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = krb5_storage_read(sp, data->data, size); @@ -83,7 +83,7 @@ krb5_kt_ret_string(krb5_context context, return ret; *data = malloc(size + 1); if (*data == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = krb5_storage_read(sp, *data, size); @@ -168,22 +168,22 @@ krb5_kt_ret_principal(krb5_context context, ALLOC(p, 1); if(p == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = krb5_ret_int16(sp, &len); if(ret) { - krb5_set_error_string(context, - "Failed decoding length of keytab principal"); + krb5_set_error_message(context, ret, + "Failed decoding length of keytab principal"); goto out; } if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) len--; if (len < 0) { - krb5_set_error_string(context, - "Keytab principal contains invalid length"); ret = KRB5_KT_END; + krb5_set_error_message(context, ret, + "Keytab principal contains invalid length"); goto out; } ret = krb5_kt_ret_string(context, sp, &p->realm); @@ -191,8 +191,8 @@ krb5_kt_ret_principal(krb5_context context, goto out; p->name.name_string.val = calloc(len, sizeof(*p->name.name_string.val)); if(p->name.name_string.val == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } p->name.name_string.len = len; @@ -253,13 +253,13 @@ fkt_resolve(krb5_context context, const char *name, krb5_keytab id) d = malloc(sizeof(*d)); if(d == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } d->filename = strdup(name); if(d->filename == NULL) { free(d); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } d->flags = 0; @@ -334,10 +334,11 @@ fkt_start_seq_get_int(krb5_context context, c->fd = open (d->filename, flags); if (c->fd < 0) { ret = errno; - krb5_set_error_string(context, "keytab %s open failed: %s", - d->filename, strerror(ret)); + krb5_set_error_message(context, ret, "keytab %s open failed: %s", + d->filename, strerror(ret)); return ret; } + rk_cloexec(c->fd); ret = _krb5_xlock(context, c->fd, exclusive, d->filename); if (ret) { close(c->fd); @@ -347,7 +348,7 @@ fkt_start_seq_get_int(krb5_context context, if (c->sp == NULL) { _krb5_xunlock(context, c->fd); close(c->fd); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_storage_set_eof_code(c->sp, KRB5_KT_END); @@ -492,10 +493,12 @@ fkt_add_entry(krb5_context context, fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); if (fd < 0) { ret = errno; - krb5_set_error_string(context, "open(%s): %s", d->filename, - strerror(ret)); + krb5_set_error_message(context, ret, "open(%s): %s", d->filename, + strerror(ret)); return ret; } + rk_cloexec(fd); + ret = _krb5_xlock(context, fd, 1, d->filename); if (ret) { close(fd); @@ -510,6 +513,9 @@ fkt_add_entry(krb5_context context, storage_set_flags(context, sp, id->version); } else { int8_t pvno, tag; + + rk_cloexec(fd); + ret = _krb5_xlock(context, fd, 1, d->filename); if (ret) { close(fd); @@ -523,22 +529,22 @@ fkt_add_entry(krb5_context context, properly */ ret = fkt_setup_keytab(context, id, sp); if(ret) { - krb5_set_error_string(context, "%s: keytab is corrupted: %s", - d->filename, strerror(ret)); + krb5_set_error_message(context, ret, "%s: keytab is corrupted: %s", + d->filename, strerror(ret)); goto out; } storage_set_flags(context, sp, id->version); } else { if(pvno != 5) { ret = KRB5_KEYTAB_BADVNO; - krb5_set_error_string(context, "%s: %s", - d->filename, strerror(ret)); + krb5_set_error_message(context, ret, "%s: %s", + d->filename, strerror(ret)); goto out; } ret = krb5_ret_int8 (sp, &tag); if (ret) { - krb5_set_error_string(context, "%s: reading tag: %s", - d->filename, strerror(ret)); + krb5_set_error_message(context, ret, "%s: reading tag: %s", + d->filename, strerror(ret)); goto out; } id->version = tag; @@ -551,7 +557,7 @@ fkt_add_entry(krb5_context context, emem = krb5_storage_emem(); if(emem == NULL) { ret = ENOMEM; - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_kt_store_principal(context, emem, entry->principal); diff --git a/source4/heimdal/lib/krb5/keytab_keyfile.c b/source4/heimdal/lib/krb5/keytab_keyfile.c index aa612add09..7e14cbd329 100644 --- a/source4/heimdal/lib/krb5/keytab_keyfile.c +++ b/source4/heimdal/lib/krb5/keytab_keyfile.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c 22532 2008-01-27 11:59:18Z lha $"); +RCSID("$Id: keytab_keyfile.c 23316 2008-06-23 04:32:32Z lha $"); /* afs keyfile operations --------------------------------------- */ @@ -52,7 +52,7 @@ RCSID("$Id: keytab_keyfile.c 22532 2008-01-27 11:59:18Z lha $"); #define AFS_SERVERMAGICKRBCONF "/usr/afs/etc/krb.conf" struct akf_data { - int num_entries; + uint32_t num_entries; char *filename; char *cell; char *realm; @@ -72,13 +72,13 @@ get_cell_and_realm (krb5_context context, struct akf_data *d) f = fopen (AFS_SERVERTHISCELL, "r"); if (f == NULL) { ret = errno; - krb5_set_error_string (context, "open %s: %s", AFS_SERVERTHISCELL, - strerror(ret)); + krb5_set_error_message (context, ret, "open %s: %s", AFS_SERVERTHISCELL, + strerror(ret)); return ret; } if (fgets (buf, sizeof(buf), f) == NULL) { fclose (f); - krb5_set_error_string (context, "no cell in %s", AFS_SERVERTHISCELL); + krb5_set_error_message (context, EINVAL, "no cell in %s", AFS_SERVERTHISCELL); return EINVAL; } buf[strcspn(buf, "\n")] = '\0'; @@ -86,7 +86,7 @@ get_cell_and_realm (krb5_context context, struct akf_data *d) d->cell = strdup (buf); if (d->cell == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -96,8 +96,8 @@ get_cell_and_realm (krb5_context context, struct akf_data *d) free (d->cell); d->cell = NULL; fclose (f); - krb5_set_error_string (context, "no realm in %s", - AFS_SERVERMAGICKRBCONF); + krb5_set_error_message (context, EINVAL, "no realm in %s", + AFS_SERVERMAGICKRBCONF); return EINVAL; } buf[strcspn(buf, "\n")] = '\0'; @@ -111,7 +111,7 @@ get_cell_and_realm (krb5_context context, struct akf_data *d) if (d->realm == NULL) { free (d->cell); d->cell = NULL; - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } return 0; @@ -128,7 +128,7 @@ akf_resolve(krb5_context context, const char *name, krb5_keytab id) struct akf_data *d = malloc(sizeof (struct akf_data)); if (d == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -143,7 +143,7 @@ akf_resolve(krb5_context context, const char *name, krb5_keytab id) free (d->cell); free (d->realm); free (d); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } id->data = d; @@ -197,13 +197,13 @@ akf_start_seq_get(krb5_context context, c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600); if (c->fd < 0) { ret = errno; - krb5_set_error_string(context, "keytab afs keyfil open %s failed: %s", - d->filename, strerror(ret)); + krb5_set_error_message(context, ret, "keytab afs keyfil open %s failed: %s", + d->filename, strerror(ret)); return ret; } c->sp = krb5_storage_from_fd(c->fd); - ret = krb5_ret_int32(c->sp, &d->num_entries); + ret = krb5_ret_uint32(c->sp, &d->num_entries); if(ret) { krb5_storage_free(c->sp); close(c->fd); @@ -250,7 +250,7 @@ akf_next_entry(krb5_context context, entry->keyblock.keyvalue.data = malloc (8); if (entry->keyblock.keyvalue.data == NULL) { krb5_free_principal (context, entry->principal); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); ret = ENOMEM; goto out; } @@ -307,8 +307,8 @@ akf_add_entry(krb5_context context, O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600); if (fd < 0) { ret = errno; - krb5_set_error_string(context, "open(%s): %s", d->filename, - strerror(ret)); + krb5_set_error_message(context, ret, "open(%s): %s", d->filename, + strerror(ret)); return ret; } created = 1; @@ -317,7 +317,7 @@ akf_add_entry(krb5_context context, sp = krb5_storage_from_fd(fd); if(sp == NULL) { close(fd); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } if (created) @@ -327,7 +327,7 @@ akf_add_entry(krb5_context context, ret = errno; krb5_storage_free(sp); close(fd); - krb5_set_error_string (context, "seek: %s", strerror(ret)); + krb5_set_error_message(context, ret, "seek: %s", strerror(ret)); return ret; } @@ -350,11 +350,12 @@ akf_add_entry(krb5_context context, for (i = 0; i < len; i++) { ret = krb5_ret_int32(sp, &kvno); if (ret) { - krb5_set_error_string (context, "Failed to get kvno "); + krb5_set_error_message (context, ret, "Failed to get kvno "); goto out; } if(krb5_storage_seek(sp, 8, SEEK_CUR) < 0) { - krb5_set_error_string (context, "seek: %s", strerror(ret)); + ret = errno; + krb5_set_error_message (context, ret, "seek: %s", strerror(ret)); goto out; } if (kvno == entry->vno) { @@ -368,25 +369,26 @@ akf_add_entry(krb5_context context, if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) { ret = errno; - krb5_set_error_string (context, "seek: %s", strerror(ret)); + krb5_set_error_message (context, ret, "seek: %s", strerror(ret)); goto out; } ret = krb5_store_int32(sp, len); if(ret) { - krb5_set_error_string(context, "keytab keyfile failed new length"); + ret = errno; + krb5_set_error_message (context, ret, "keytab keyfile failed new length"); return ret; } if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) { ret = errno; - krb5_set_error_string (context, "seek to end: %s", strerror(ret)); + krb5_set_error_message (context, ret, "seek to end: %s", strerror(ret)); goto out; } ret = krb5_store_int32(sp, entry->vno); if(ret) { - krb5_set_error_string(context, "keytab keyfile failed store kvno"); + krb5_set_error_message(context, ret, "keytab keyfile failed store kvno"); goto out; } ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, @@ -396,7 +398,7 @@ akf_add_entry(krb5_context context, ret = errno; else ret = ENOTTY; - krb5_set_error_string(context, "keytab keyfile failed to add key"); + krb5_set_error_message(context, ret, "keytab keyfile failed to add key"); goto out; } ret = 0; diff --git a/source4/heimdal/lib/krb5/keytab_memory.c b/source4/heimdal/lib/krb5/keytab_memory.c index 0ad8720c3f..eabee7c693 100644 --- a/source4/heimdal/lib/krb5/keytab_memory.c +++ b/source4/heimdal/lib/krb5/keytab_memory.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_memory.c 16352 2005-12-05 18:39:46Z lha $"); +RCSID("$Id: keytab_memory.c 23293 2008-06-23 03:28:22Z lha $"); /* memory operations -------------------------------------------- */ @@ -75,14 +75,14 @@ mkt_resolve(krb5_context context, const char *name, krb5_keytab id) d = calloc(1, sizeof(*d)); if(d == NULL) { HEIMDAL_MUTEX_unlock(&mkt_mutex); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } d->name = strdup(name); if (d->name == NULL) { HEIMDAL_MUTEX_unlock(&mkt_mutex); free(d); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } d->entries = NULL; @@ -176,7 +176,7 @@ mkt_add_entry(krb5_context context, krb5_keytab_entry *tmp; tmp = realloc(d->entries, (d->num_entries + 1) * sizeof(*d->entries)); if(tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } d->entries = tmp; diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h index 7e04446fe0..867d08e3e5 100644 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ b/source4/heimdal/lib/krb5/krb5-private.h @@ -38,12 +38,6 @@ _krb5_dh_group_ok ( struct krb5_dh_moduli **/*moduli*/, char **/*name*/); -krb5_error_code KRB5_LIB_FUNCTION -_krb5_enctype_to_oid ( - krb5_context /*context*/, - krb5_enctype /*etype*/, - heim_oid */*oid*/); - krb5_error_code _krb5_expand_default_cc_name ( krb5_context /*context*/, @@ -283,12 +277,6 @@ _krb5_n_fold ( void */*key*/, size_t /*size*/); -krb5_error_code KRB5_LIB_FUNCTION -_krb5_oid_to_enctype ( - krb5_context /*context*/, - const heim_oid */*oid*/, - krb5_enctype */*etype*/); - krb5_error_code _krb5_pac_sign ( krb5_context /*context*/, @@ -321,6 +309,20 @@ _krb5_pk_allow_proxy_certificate ( void KRB5_LIB_FUNCTION _krb5_pk_cert_free (struct krb5_pk_cert */*cert*/); +krb5_error_code +_krb5_pk_kdf ( + krb5_context /*context*/, + const struct AlgorithmIdentifier */*ai*/, + const void */*dhdata*/, + size_t /*dhsize*/, + krb5_const_principal /*client*/, + krb5_const_principal /*server*/, + krb5_enctype /*enctype*/, + const krb5_data */*as_req*/, + const krb5_data */*pk_as_rep*/, + const Ticket */*ticket*/, + krb5_keyblock */*key*/); + krb5_error_code KRB5_LIB_FUNCTION _krb5_pk_load_id ( krb5_context /*context*/, @@ -401,6 +403,12 @@ _krb5_principal2principalname ( PrincipalName */*p*/, const krb5_principal /*from*/); +krb5_boolean KRB5_LIB_FUNCTION +_krb5_principal_compare_PrincipalName ( + krb5_context /*context*/, + krb5_const_principal /*princ1*/, + PrincipalName */*princ2*/); + krb5_error_code KRB5_LIB_FUNCTION _krb5_principalname2krb5_principal ( krb5_context /*context*/, diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h index 647d8886b7..ead66565e7 100644 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ b/source4/heimdal/lib/krb5/krb5-protos.h @@ -12,11 +12,13 @@ extern "C" { #endif -#ifndef KRB5_LIB_FUNCTION +#ifndef KRB5_LIB #if defined(_WIN32) -#define KRB5_LIB_FUNCTION _stdcall +#define KRB5_LIB_FUNCTION _stdcall __declspec(dllimport) +#define KRB5_LIB_VARIABLE __declspec(dllimport) #else #define KRB5_LIB_FUNCTION +#define KRB5_LIB_VARIABLE #endif #endif @@ -627,6 +629,14 @@ krb5_cc_gen_new ( const krb5_cc_ops */*ops*/, krb5_ccache */*id*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_get_config ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_const_principal /*principal*/, + const char */*name*/, + krb5_data */*data*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_get_full_name ( krb5_context /*context*/, @@ -726,6 +736,14 @@ krb5_cc_retrieve_cred ( const krb5_creds */*mcreds*/, krb5_creds */*creds*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_set_config ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_const_principal /*principal*/, + const char */*name*/, + krb5_data */*data*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_cc_set_default_name ( krb5_context /*context*/, @@ -749,6 +767,11 @@ krb5_cc_store_cred ( krb5_ccache /*id*/, krb5_creds */*creds*/); +krb5_error_code +krb5_cc_switch ( + krb5_context /*context*/, + krb5_ccache /*id*/); + krb5_error_code KRB5_LIB_FUNCTION krb5_change_password ( krb5_context /*context*/, @@ -756,7 +779,8 @@ krb5_change_password ( const char */*newpw*/, int */*result_code*/, krb5_data */*result_code_string*/, - krb5_data */*result_string*/); + krb5_data */*result_string*/) + __attribute__((deprecated)); krb5_error_code KRB5_LIB_FUNCTION krb5_check_transited ( @@ -764,14 +788,14 @@ krb5_check_transited ( krb5_const_realm /*client_realm*/, krb5_const_realm /*server_realm*/, krb5_realm */*realms*/, - int /*num_realms*/, + unsigned int /*num_realms*/, int */*bad_realm*/); krb5_error_code KRB5_LIB_FUNCTION krb5_check_transited_realms ( krb5_context /*context*/, const char *const */*realms*/, - int /*num_realms*/, + unsigned int /*num_realms*/, int */*bad_realm*/); krb5_error_code KRB5_LIB_FUNCTION @@ -1462,14 +1486,14 @@ krb5_domain_x500_decode ( krb5_context /*context*/, krb5_data /*tr*/, char ***/*realms*/, - int */*num_realms*/, + unsigned int */*num_realms*/, const char */*client_realm*/, const char */*server_realm*/); krb5_error_code KRB5_LIB_FUNCTION krb5_domain_x500_encode ( char **/*realms*/, - int /*num_realms*/, + unsigned int /*num_realms*/, krb5_data */*encoding*/); krb5_error_code KRB5_LIB_FUNCTION @@ -1731,9 +1755,9 @@ krb5_free_error_contents ( krb5_error */*error*/); void KRB5_LIB_FUNCTION -krb5_free_error_string ( +krb5_free_error_message ( krb5_context /*context*/, - char */*str*/); + const char */*msg*/); krb5_error_code KRB5_LIB_FUNCTION krb5_free_host_realm ( @@ -1939,7 +1963,7 @@ krb5_get_err_text ( krb5_context /*context*/, krb5_error_code /*code*/); -char * KRB5_LIB_FUNCTION +const char * KRB5_LIB_FUNCTION krb5_get_error_message ( krb5_context /*context*/, krb5_error_code /*code*/); @@ -2969,6 +2993,12 @@ krb5_principal_match ( krb5_const_principal /*princ*/, krb5_const_principal /*pattern*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_principal_set_realm ( + krb5_context /*context*/, + krb5_principal /*principal*/, + krb5_const_realm /*realm*/); + void KRB5_LIB_FUNCTION krb5_principal_set_type ( krb5_context /*context*/, @@ -3450,12 +3480,20 @@ krb5_set_dns_canonicalize_hostname ( krb5_context /*context*/, krb5_boolean /*flag*/); +void KRB5_LIB_FUNCTION +krb5_set_error_message ( + krb5_context /*context*/, + krb5_error_code /*ret*/, + const char */*fmt*/, + ...) + __attribute__ ((format (printf, 3, 4))); + krb5_error_code KRB5_LIB_FUNCTION krb5_set_error_string ( krb5_context /*context*/, const char */*fmt*/, - ...) - __attribute__((format (printf, 2, 3))); + ...) __attribute__((format (printf, 2, 3))) + __attribute__((deprecated)); krb5_error_code KRB5_LIB_FUNCTION krb5_set_extra_addresses ( @@ -3472,6 +3510,12 @@ krb5_set_ignore_addresses ( krb5_context /*context*/, const krb5_addresses */*addresses*/); +krb5_error_code KRB5_LIB_FUNCTION +krb5_set_kdc_sec_offset ( + krb5_context /*context*/, + int32_t /*sec*/, + int32_t /*usec*/); + void KRB5_LIB_FUNCTION krb5_set_max_time_skew ( krb5_context /*context*/, @@ -4047,12 +4091,20 @@ krb5_vlog_msg ( va_list /*ap*/) __attribute__((format (printf, 5, 0))); +void KRB5_LIB_FUNCTION +krb5_vset_error_message ( + krb5_context /*context*/, + krb5_error_code /*ret*/, + const char */*fmt*/, + va_list /*args*/) + __attribute__ ((format (printf, 3, 0))); + krb5_error_code KRB5_LIB_FUNCTION krb5_vset_error_string ( krb5_context /*context*/, const char */*fmt*/, - va_list /*args*/) - __attribute__ ((format (printf, 2, 0))); + va_list args) __attribute__ ((format (printf, 2, 0))) + __attribute__((deprecated)); krb5_error_code KRB5_LIB_FUNCTION krb5_vwarn ( @@ -4107,6 +4159,9 @@ krb5_write_safe_message ( krb5_error_code KRB5_LIB_FUNCTION krb5_xfree (void */*ptr*/); +void KRB5_LIB_FUNCTION + __attribute__((deprecated)) krb5_free_error_string(krb5_context context, char *str); + #ifdef __cplusplus } #endif diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index 571eb6192a..b1e2781d52 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h 22100 2007-12-03 17:15:00Z lha $ */ +/* $Id: krb5.h 23026 2008-04-17 10:02:03Z lha $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -363,6 +363,7 @@ typedef union { #define KRB5_GC_FORWARDABLE (1U << 4) #define KRB5_GC_NO_TRANSIT_CHECK (1U << 5) #define KRB5_GC_CONSTRAINED_DELEGATION (1U << 6) +#define KRB5_GC_CANONICALIZE (1U << 7) /* constants for compare_creds (and cc_retrieve_cred) */ #define KRB5_TC_DONT_MATCH_REALM (1U << 31) @@ -395,7 +396,10 @@ typedef struct krb5_creds { typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor; +#define KRB5_CC_OPS_VERSION 1 + typedef struct krb5_cc_ops { + int version; const char *prefix; const char* (*get_name)(krb5_context, krb5_ccache); krb5_error_code (*resolve)(krb5_context, krb5_ccache *, const char *); @@ -419,7 +423,8 @@ typedef struct krb5_cc_ops { krb5_error_code (*get_cache_next)(krb5_context, krb5_cc_cursor, krb5_ccache *); krb5_error_code (*end_cache_get)(krb5_context, krb5_cc_cursor); krb5_error_code (*move)(krb5_context, krb5_ccache, krb5_ccache); - krb5_error_code (*default_name)(krb5_context, char **); + krb5_error_code (*get_default_name)(krb5_context, char **); + krb5_error_code (*set_default)(krb5_context, krb5_ccache); } krb5_cc_ops; struct krb5_log_facility; @@ -589,11 +594,6 @@ typedef EncAPRepPart krb5_ap_rep_enc_part; #define KRB5_DIGEST_NAME ("digest") -/* variables */ - -extern const char *krb5_config_file; -extern const char *krb5_defkeyname; - typedef enum { KRB5_PROMPT_TYPE_PASSWORD = 0x1, KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2, @@ -681,20 +681,6 @@ typedef struct krb5_verify_opt { #define KRB5_VERIFY_LREALMS 1 #define KRB5_VERIFY_NO_ADDRESSES 2 -extern const krb5_cc_ops krb5_acc_ops; -extern const krb5_cc_ops krb5_fcc_ops; -extern const krb5_cc_ops krb5_mcc_ops; -extern const krb5_cc_ops krb5_kcm_ops; - -extern const krb5_kt_ops krb5_fkt_ops; -extern const krb5_kt_ops krb5_wrfkt_ops; -extern const krb5_kt_ops krb5_javakt_ops; -extern const krb5_kt_ops krb5_mkt_ops; -extern const krb5_kt_ops krb5_akf_ops; -extern const krb5_kt_ops krb4_fkt_ops; -extern const krb5_kt_ops krb5_srvtab_fkt_ops; -extern const krb5_kt_ops krb5_any_ops; - #define KRB5_KPASSWD_VERS_CHANGEPW 1 #define KRB5_KPASSWD_VERS_SETPW 0xff80 @@ -739,6 +725,7 @@ enum { typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, void *, krb5_krbhst_info *, + time_t timeout, const krb5_data *, krb5_data *); @@ -776,5 +763,26 @@ struct sockaddr; #include +/* variables */ + +extern KRB5_LIB_VARIABLE const char *krb5_config_file; +extern KRB5_LIB_VARIABLE const char *krb5_defkeyname; + + +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops; +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops; +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops; +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops; +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops; + +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_fkt_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_wrfkt_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_javakt_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_mkt_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_akf_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb4_fkt_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_srvtab_fkt_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_any_ops; + #endif /* __KRB5_H__ */ diff --git a/source4/heimdal/lib/krb5/krb5_err.et b/source4/heimdal/lib/krb5/krb5_err.et index 6714401e45..8e49ffcc4a 100644 --- a/source4/heimdal/lib/krb5/krb5_err.et +++ b/source4/heimdal/lib/krb5/krb5_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: krb5_err.et 21050 2007-06-12 02:00:40Z lha $" +id "$Id: krb5_err.et 23354 2008-07-15 11:23:34Z lha $" error_table krb5 @@ -110,7 +110,7 @@ error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not suppo index 128 prefix -error_code KRB5_ERR_RCSID, "$Id: krb5_err.et 21050 2007-06-12 02:00:40Z lha $" +error_code KRB5_ERR_RCSID, "$Id: krb5_err.et 23354 2008-07-15 11:23:34Z lha $" error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode" error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password" @@ -262,5 +262,7 @@ error_code KRB5_ERR_BAD_S2K_PARAMS, "Invalid key generation parameters from KDC" error_code KRB5_ERR_NO_SERVICE, "Service not available" error_code KRB5_CC_NOSUPP, "Credential cache function not supported" error_code KRB5_DELTAT_BADFORMAT, "Invalid format of Kerberos lifetime or clock skew string" +error_code KRB5_PLUGIN_NO_HANDLE, "Supplied data not handled by this plugin" +error_code KRB5_PLUGIN_OP_NOTSUPP, "Plugin does not support the operaton" end diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index 8b7c41cc80..aaabd4541b 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h 22226 2007-12-08 21:31:53Z lha $ */ +/* $Id: krb5_locl.h 23324 2008-06-26 03:54:45Z lha $ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ @@ -131,6 +131,8 @@ struct sockaddr_dl; #include #include +#include + #include "crypto-headers.h" @@ -142,6 +144,7 @@ struct send_to_kdc; struct krb5_pk_identity; struct krb5_pk_cert; struct ContentInfo; +struct AlgorithmIdentifier; typedef struct krb5_pk_init_ctx_data *krb5_pk_init_ctx; struct krb5_dh_moduli; @@ -154,7 +157,7 @@ struct _krb5_krb_auth_data; #include #include #ifdef PKINIT -#include +#include #endif #include @@ -164,7 +167,7 @@ struct _krb5_krb_auth_data; #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0) /* should this be public? */ -#define KEYTAB_DEFAULT "ANY:FILE:" SYSCONFDIR "/krb5.keytab,krb4:" SYSCONFDIR "/srvtab" +#define KEYTAB_DEFAULT "FILE:" SYSCONFDIR "/krb5.keytab" #define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab" #define MODULI_FILE SYSCONFDIR "/krb5.moduli" @@ -227,7 +230,7 @@ typedef struct krb5_context_data { struct krb5_keytab_data *kt_types; /* registered keytab types */ const char *date_fmt; char *error_string; - char error_buf[256]; + krb5_error_code error_code; krb5_addresses *ignore_addresses; char *default_cc_name; char *default_cc_name_env; @@ -247,6 +250,7 @@ typedef struct krb5_context_data { #define EXTRACT_TICKET_ALLOW_CNAME_MISMATCH 1 #define EXTRACT_TICKET_ALLOW_SERVER_MISMATCH 2 #define EXTRACT_TICKET_MATCH_REALM 4 +#define EXTRACT_TICKET_AS_REQ 8 /* * Configurable options @@ -264,4 +268,22 @@ typedef struct krb5_context_data { #define KRB5_ADDRESSLESS_DEFAULT TRUE #endif +#ifdef PKINIT + +struct krb5_pk_identity { + hx509_context hx509ctx; + hx509_verify_ctx verify_ctx; + hx509_certs certs; + hx509_certs anchors; + hx509_certs certpool; + hx509_revoke_ctx revokectx; +}; + +enum krb5_pk_type { + PKINIT_WIN2K = 1, + PKINIT_27 = 2 +}; + +#endif /* PKINIT */ + #endif /* __KRB5_LOCL_H__ */ diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c index 094fd4f9c6..3514a026b7 100644 --- a/source4/heimdal/lib/krb5/krbhst.c +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -35,7 +35,7 @@ #include #include "locate_plugin.h" -RCSID("$Id: krbhst.c 21457 2007-07-10 12:53:25Z lha $"); +RCSID("$Id: krbhst.c 23447 2008-07-27 12:09:05Z lha $"); static int string_to_proto(const char *string) @@ -72,7 +72,8 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, proto_num = string_to_proto(proto); if(proto_num < 0) { - krb5_set_error_string(context, "unknown protocol `%s'", proto); + krb5_set_error_message(context, EINVAL, + "unknown protocol `%s'", proto); return EINVAL; } @@ -96,7 +97,7 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, *res = malloc(num_srv * sizeof(**res)); if(*res == NULL) { dns_free_data(r); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -247,7 +248,7 @@ _krb5_krbhost_info_move(krb5_context context, /* trailing NUL is included in structure */ *to = calloc(1, sizeof(**to) + hostnamelen); if(*to == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -522,7 +523,8 @@ plugin_get_hosts(krb5_context context, struct krb5_plugin *list = NULL, *e; krb5_error_code ret; - ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "resolve", &list); + ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, + KRB5_PLUGIN_LOCATE, &list); if(ret != 0 || list == NULL) return; @@ -539,8 +541,9 @@ plugin_get_hosts(krb5_context context, (*service->init)(context, &ctx); ret = (*service->lookup)(ctx, type, kd->realm, 0, 0, add_locate, kd); (*service->fini)(ctx); - if (ret) { - krb5_set_error_string(context, "Plugin failed to lookup"); + if (ret && ret != KRB5_PLUGIN_NO_HANDLE) { + krb5_set_error_message(context, ret, + "Locate plugin failed to lookup: %d", ret); break; } } @@ -832,7 +835,7 @@ krb5_krbhst_init_flags(krb5_context context, def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444)); break; default: - krb5_set_error_string(context, "unknown krbhst type (%u)", type); + krb5_set_error_message(context, ENOTTY, "unknown krbhst type (%u)", type); return ENOTTY; } if((kd = common_init(context, realm, flags)) == NULL) @@ -920,7 +923,8 @@ gethostlist(krb5_context context, const char *realm, while(krb5_krbhst_next(context, handle, &hostinfo) == 0) nhost++; if(nhost == 0) { - krb5_set_error_string(context, "No KDC found for realm %s", realm); + krb5_set_error_message(context, KRB5_KDC_UNREACH, + "No KDC found for realm %s", realm); return KRB5_KDC_UNREACH; } *hostlist = calloc(nhost + 1, sizeof(**hostlist)); diff --git a/source4/heimdal/lib/krb5/locate_plugin.h b/source4/heimdal/lib/krb5/locate_plugin.h index 251712c894..a342617d38 100644 --- a/source4/heimdal/lib/krb5/locate_plugin.h +++ b/source4/heimdal/lib/krb5/locate_plugin.h @@ -31,13 +31,15 @@ * SUCH DAMAGE. */ -/* $Id: locate_plugin.h 18998 2006-11-12 19:00:03Z lha $ */ +/* $Id: locate_plugin.h 23351 2008-07-15 11:22:39Z lha $ */ #ifndef HEIMDAL_KRB5_LOCATE_PLUGIN_H #define HEIMDAL_KRB5_LOCATE_PLUGIN_H 1 #include +#define KRB5_PLUGIN_LOCATE "resolve" + enum locate_service_type { locate_service_kdc = 1, locate_service_master_kdc, diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c index c04f50fd9a..721e3691ca 100644 --- a/source4/heimdal/lib/krb5/log.c +++ b/source4/heimdal/lib/krb5/log.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: log.c 19088 2006-11-21 08:08:46Z lha $"); +RCSID("$Id: log.c 23443 2008-07-27 12:07:25Z lha $"); struct facility { int min; @@ -121,13 +121,13 @@ krb5_initlog(krb5_context context, { krb5_log_facility *f = calloc(1, sizeof(*f)); if(f == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } f->program = strdup(program); if(f->program == NULL){ free(f); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } *fac = f; @@ -145,7 +145,7 @@ krb5_addlog_func(krb5_context context, { struct facility *fp = log_realloc(fac); if(fp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } fp->min = min; @@ -187,7 +187,7 @@ open_syslog(krb5_context context, int i; if(sd == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } i = find_value(sev, syslogvals); @@ -242,7 +242,7 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max, { struct file_data *fd = malloc(sizeof(*fd)); if(fd == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } fd->filename = filename; @@ -277,7 +277,8 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) if(n){ p = strchr(p, '/'); if(p == NULL) { - krb5_set_error_string (context, "failed to parse \"%s\"", orig); + krb5_set_error_message(context, HEIM_ERR_LOG_PARSE, + "failed to parse \"%s\"", orig); return HEIM_ERR_LOG_PARSE; } p++; @@ -292,7 +293,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) int keep_open = 0; fn = strdup(p + 5); if(fn == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } if(p[4] == '='){ @@ -300,16 +301,17 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) O_TRUNC | O_APPEND, 0666); if(i < 0) { ret = errno; - krb5_set_error_string (context, "open(%s): %s", fn, + krb5_set_error_message(context, ret, "open(%s): %s", fn, strerror(ret)); free(fn); return ret; } + rk_cloexec(i); file = fdopen(i, "a"); if(file == NULL){ ret = errno; close(i); - krb5_set_error_string (context, "fdopen(%s): %s", fn, + krb5_set_error_message(context, ret, "fdopen(%s): %s", fn, strerror(ret)); free(fn); return ret; @@ -333,8 +335,8 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) strlcpy(facility, "AUTH", sizeof(facility)); ret = open_syslog(context, f, min, max, severity, facility); }else{ - krb5_set_error_string (context, "unknown log type: %s", p); ret = HEIM_ERR_LOG_PARSE; /* XXX */ + krb5_set_error_message (context, ret, "unknown log type: %s", p); } return ret; } diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c index 01bcb09d3b..682f9f6abd 100644 --- a/source4/heimdal/lib/krb5/mcache.c +++ b/source4/heimdal/lib/krb5/mcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mcache.c 22107 2007-12-03 17:22:51Z lha $"); +RCSID("$Id: mcache.c 23316 2008-06-23 04:32:32Z lha $"); typedef struct krb5_mcache { char *name; @@ -119,7 +119,7 @@ mcc_resolve(krb5_context context, krb5_ccache *id, const char *res) m = mcc_alloc(res); if (m == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, "malloc: out of memory"); return KRB5_CC_NOMEM; } @@ -138,7 +138,7 @@ mcc_gen_new(krb5_context context, krb5_ccache *id) m = mcc_alloc(NULL); if (m == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, "malloc: out of memory"); return KRB5_CC_NOMEM; } @@ -237,7 +237,7 @@ mcc_store_cred(krb5_context context, l = malloc (sizeof(*l)); if (l == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, "malloc: out of memory"); return KRB5_CC_NOMEM; } l->next = m->creds; @@ -348,7 +348,7 @@ mcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) iter = calloc(1, sizeof(*iter)); if (iter == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -439,7 +439,7 @@ mcc_default_name(krb5_context context, char **str) { *str = strdup("MEMORY:"); if (*str == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } return 0; @@ -452,7 +452,8 @@ mcc_default_name(krb5_context context, char **str) * @ingroup krb5_ccache */ -const krb5_cc_ops krb5_mcc_ops = { +KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops = { + KRB5_CC_OPS_VERSION, "MEMORY", mcc_get_name, mcc_resolve, diff --git a/source4/heimdal/lib/krb5/mk_priv.c b/source4/heimdal/lib/krb5/mk_priv.c index 87e429af8c..3b4b6e30b7 100644 --- a/source4/heimdal/lib/krb5/mk_priv.c +++ b/source4/heimdal/lib/krb5/mk_priv.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_priv.c 16680 2006-02-01 12:39:26Z lha $"); +RCSID("$Id: mk_priv.c 23297 2008-06-23 03:28:53Z lha $"); krb5_error_code KRB5_LIB_FUNCTION @@ -138,7 +138,7 @@ krb5_mk_priv(krb5_context context, ret = krb5_data_copy(outbuf, buf + buf_size - len, len); if (ret) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); free(buf); return ENOMEM; } diff --git a/source4/heimdal/lib/krb5/mk_rep.c b/source4/heimdal/lib/krb5/mk_rep.c index 570a837201..069df42e26 100644 --- a/source4/heimdal/lib/krb5/mk_rep.c +++ b/source4/heimdal/lib/krb5/mk_rep.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_rep.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id: mk_rep.c 23316 2008-06-23 04:32:32Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_mk_rep(krb5_context context, @@ -61,18 +61,18 @@ krb5_mk_rep(krb5_context context, auth_context, auth_context->keyblock); if(ret) { - krb5_set_error_string (context, - "krb5_mk_rep: generating subkey"); free_EncAPRepPart(&body); + krb5_set_error_message(context, ret, + "krb5_mk_rep: generating subkey"); return ret; } } ret = krb5_copy_keyblock(context, auth_context->local_subkey, &body.subkey); if (ret) { - krb5_set_error_string (context, - "krb5_copy_keyblock: out of memory"); free_EncAPRepPart(&body); + krb5_set_error_message(context, ENOMEM, + "krb5_copy_keyblock: out of memory"); return ENOMEM; } } else @@ -84,7 +84,7 @@ krb5_mk_rep(krb5_context context, &auth_context->local_seqnumber); ALLOC(body.seq_number, 1); if (body.seq_number == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); free_EncAPRepPart(&body); return ENOMEM; } diff --git a/source4/heimdal/lib/krb5/n-fold.c b/source4/heimdal/lib/krb5/n-fold.c index 53528cfd1f..287f8cf64f 100644 --- a/source4/heimdal/lib/krb5/n-fold.c +++ b/source4/heimdal/lib/krb5/n-fold.c @@ -32,7 +32,7 @@ #include "krb5_locl.h" -RCSID("$Id: n-fold.c 22190 2007-12-06 16:24:22Z lha $"); +RCSID("$Id: n-fold.c 22923 2008-04-08 14:51:33Z lha $"); static krb5_error_code rr13(unsigned char *buf, size_t len) diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c index 0b44ca1da3..fbc754efda 100644 --- a/source4/heimdal/lib/krb5/pac.c +++ b/source4/heimdal/lib/krb5/pac.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: pac.c 22562 2008-02-03 17:38:35Z lha $"); +RCSID("$Id: pac.c 23316 2008-06-23 04:32:32Z lha $"); struct PAC_INFO_BUFFER { uint32_t type; @@ -93,14 +93,14 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, p = calloc(1, sizeof(*p)); if (p == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } sp = krb5_storage_from_readonly_mem(ptr, len); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -108,21 +108,21 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, CHECK(ret, krb5_ret_uint32(sp, &tmp), out); CHECK(ret, krb5_ret_uint32(sp, &tmp2), out); if (tmp < 1) { - krb5_set_error_string(context, "PAC have too few buffer"); ret = EINVAL; /* Too few buffers */ + krb5_set_error_message(context, ret, "PAC have too few buffer"); goto out; } if (tmp2 != 0) { - krb5_set_error_string(context, "PAC have wrong version"); ret = EINVAL; /* Wrong version */ + krb5_set_error_message(context, ret, "PAC have wrong version"); goto out; } p->pac = calloc(1, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1))); if (p->pac == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -143,51 +143,52 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, /* consistency checks */ if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) { - krb5_set_error_string(context, "PAC out of allignment"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC out of allignment"); goto out; } if (p->pac->buffers[i].offset_hi) { - krb5_set_error_string(context, "PAC high offset set"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC high offset set"); goto out; } if (p->pac->buffers[i].offset_lo > len) { - krb5_set_error_string(context, "PAC offset off end"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC offset off end"); goto out; } if (p->pac->buffers[i].offset_lo < header_end) { - krb5_set_error_string(context, "PAC offset inside header: %d %d", - p->pac->buffers[i].offset_lo, header_end); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC offset inside header: %lu %lu", + (unsigned long)p->pac->buffers[i].offset_lo, + (unsigned long)header_end); goto out; } if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){ - krb5_set_error_string(context, "PAC length off end"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC length off end"); goto out; } /* let save pointer to data we need later */ if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) { if (p->server_checksum) { - krb5_set_error_string(context, "PAC have two server checksums"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC have two server checksums"); goto out; } p->server_checksum = &p->pac->buffers[i]; } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) { if (p->privsvr_checksum) { - krb5_set_error_string(context, "PAC have two KDC checksums"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC have two KDC checksums"); goto out; } p->privsvr_checksum = &p->pac->buffers[i]; } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) { if (p->logon_name) { - krb5_set_error_string(context, "PAC have two logon names"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC have two logon names"); goto out; } p->logon_name = &p->pac->buffers[i]; @@ -224,14 +225,14 @@ krb5_pac_init(krb5_context context, krb5_pac *pac) p = calloc(1, sizeof(*p)); if (p == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } p->pac = calloc(1, sizeof(*p->pac)); if (p->pac == NULL) { free(p); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -239,7 +240,7 @@ krb5_pac_init(krb5_context context, krb5_pac *pac) if (ret) { free (p->pac); free(p); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); return ret; } @@ -262,7 +263,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p, ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len)); if (ptr == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } p->pac = ptr; @@ -280,7 +281,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p, old_end = p->data.length; len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE; if (len < p->data.length) { - krb5_set_error_string(context, "integer overrun"); + krb5_set_error_message(context, EINVAL, "integer overrun"); return EINVAL; } @@ -289,7 +290,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p, ret = krb5_data_realloc(&p->data, len); if (ret) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); return ret; } @@ -330,7 +331,7 @@ krb5_pac_get_buffer(krb5_context context, krb5_pac p, if (type == PAC_PRIVSVR_CHECKSUM || type == PAC_SERVER_CHECKSUM) { ret = krb5_data_alloc(data, 16); if (ret) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); return ret; } memset(data->data, 0, data->length); @@ -346,13 +347,13 @@ krb5_pac_get_buffer(krb5_context context, krb5_pac p, ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len); if (ret) { - krb5_set_error_string(context, "Out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); return ret; } return 0; } - krb5_set_error_string(context, "No PAC buffer of type %lu was found", - (unsigned long)type); + krb5_set_error_message(context, ENOENT, "No PAC buffer of type %lu was found", + (unsigned long)type); return ENOENT; } @@ -371,7 +372,7 @@ krb5_pac_get_types(krb5_context context, *types = calloc(p->pac->numbuffers, sizeof(*types)); if (*types == NULL) { *len = 0; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } for (i = 0; i < p->pac->numbuffers; i++) @@ -415,7 +416,7 @@ verify_checksum(krb5_context context, sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo, sig->buffersize); if (sp == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -426,21 +427,21 @@ verify_checksum(krb5_context context, sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR); cksum.checksum.data = malloc(cksum.checksum.length); if (cksum.checksum.data == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length); if (ret != cksum.checksum.length) { - krb5_set_error_string(context, "PAC checksum missing checksum"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC checksum missing checksum"); goto out; } if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) { - krb5_set_error_string (context, "Checksum type %d not keyed", - cksum.cksumtype); ret = EINVAL; + krb5_set_error_message(context, ret, "Checksum type %d not keyed", + cksum.cksumtype); goto out; } @@ -487,7 +488,7 @@ create_checksum(krb5_context context, return ret; if (cksum.checksum.length != siglen) { - krb5_set_error_string(context, "pac checksum wrong length"); + krb5_set_error_message(context, EINVAL, "pac checksum wrong length"); free_Checksum(&cksum); return EINVAL; } @@ -530,7 +531,7 @@ verify_logonname(krb5_context context, sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo, logon_name->buffersize); if (sp == NULL) { - krb5_set_error_string(context, "Out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -545,27 +546,27 @@ verify_logonname(krb5_context context, t2 = ((uint64_t)time2 << 32) | time1; if (t1 != t2) { krb5_storage_free(sp); - krb5_set_error_string(context, "PAC timestamp mismatch"); + krb5_set_error_message(context, EINVAL, "PAC timestamp mismatch"); return EINVAL; } } CHECK(ret, krb5_ret_uint16(sp, &len), out); if (len == 0) { krb5_storage_free(sp); - krb5_set_error_string(context, "PAC logon name length missing"); + krb5_set_error_message(context, EINVAL, "PAC logon name length missing"); return EINVAL; } s = malloc(len); if (s == NULL) { krb5_storage_free(sp); - krb5_set_error_string(context, "Out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = krb5_storage_read(sp, s, len); if (ret != len) { krb5_storage_free(sp); - krb5_set_error_string(context, "Failed to read PAC logon name"); + krb5_set_error_message(context, EINVAL, "Failed to read PAC logon name"); return EINVAL; } krb5_storage_free(sp); @@ -577,33 +578,33 @@ verify_logonname(krb5_context context, ucs2 = malloc(sizeof(ucs2[0]) * ucs2len); if (ucs2 == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = wind_ucs2read(s, len, &flags, ucs2, &ucs2len); free(s); if (ret) { free(ucs2); - krb5_set_error_string(context, "Failed to convert string to UCS-2"); + krb5_set_error_message(context, ret, "Failed to convert string to UCS-2"); return ret; } ret = wind_ucs2utf8_length(ucs2, ucs2len, &u8len); if (ret) { free(ucs2); - krb5_set_error_string(context, "Failed to count length of UCS-2 string"); + krb5_set_error_message(context, ret, "Failed to count length of UCS-2 string"); return ret; } u8len += 1; /* Add space for NUL */ s = malloc(u8len); if (s == NULL) { free(ucs2); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len); free(ucs2); if (ret) { - krb5_set_error_string(context, "Failed to convert to UTF-8"); + krb5_set_error_message(context, ret, "Failed to convert to UTF-8"); return ret; } } @@ -613,8 +614,8 @@ verify_logonname(krb5_context context, return ret; if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) { - krb5_set_error_string(context, "PAC logon name mismatch"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC logon name mismatch"); } krb5_free_principal(context, p2); return ret; @@ -644,7 +645,7 @@ build_logon_name(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -710,15 +711,15 @@ krb5_pac_verify(krb5_context context, krb5_error_code ret; if (pac->server_checksum == NULL) { - krb5_set_error_string(context, "PAC missing server checksum"); + krb5_set_error_message(context, EINVAL, "PAC missing server checksum"); return EINVAL; } if (pac->privsvr_checksum == NULL) { - krb5_set_error_string(context, "PAC missing kdc checksum"); + krb5_set_error_message(context, EINVAL, "PAC missing kdc checksum"); return EINVAL; } if (pac->logon_name == NULL) { - krb5_set_error_string(context, "PAC missing logon name"); + krb5_set_error_message(context, EINVAL, "PAC missing logon name"); return EINVAL; } @@ -795,7 +796,7 @@ fill_zeros(krb5_context context, krb5_storage *sp, size_t len) l = sizeof(zeros); sret = krb5_storage_write(sp, zeros, l); if (sret <= 0) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } len -= sret; @@ -823,7 +824,7 @@ pac_checksum(krb5_context context, return ret; if (krb5_checksum_is_keyed(context, cktype) == FALSE) { - krb5_set_error_string(context, "PAC checksum type is not keyed"); + krb5_set_error_message(context, EINVAL, "PAC checksum type is not keyed"); return EINVAL; } @@ -868,7 +869,7 @@ _krb5_pac_sign(krb5_context context, ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1))); if (ptr == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } p->pac = ptr; @@ -906,7 +907,7 @@ _krb5_pac_sign(krb5_context context, /* Encode PAC */ sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -914,7 +915,7 @@ _krb5_pac_sign(krb5_context context, spdata = krb5_storage_emem(); if (spdata == NULL) { krb5_storage_free(sp); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE); @@ -953,8 +954,8 @@ _krb5_pac_sign(krb5_context context, sret = krb5_storage_write(spdata, ptr, len); if (sret != len) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } /* XXX if not aligned, fill_zeros */ @@ -985,21 +986,21 @@ _krb5_pac_sign(krb5_context context, /* export PAC */ ret = krb5_storage_to_data(spdata, &d); if (ret) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_storage_write(sp, d.data, d.length); if (ret != d.length) { krb5_data_free(&d); - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } krb5_data_free(&d); ret = krb5_storage_to_data(sp, &d); if (ret) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } diff --git a/source4/heimdal/lib/krb5/padata.c b/source4/heimdal/lib/krb5/padata.c index b2b70f52e7..9dc3fe69a5 100644 --- a/source4/heimdal/lib/krb5/padata.c +++ b/source4/heimdal/lib/krb5/padata.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: padata.c 15469 2005-06-17 04:28:35Z lha $"); +RCSID("$Id: padata.c 23300 2008-06-23 03:29:22Z lha $"); PA_DATA * krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx) @@ -52,7 +52,7 @@ krb5_padata_add(krb5_context context, METHOD_DATA *md, pa = realloc (md->val, (md->len + 1) * sizeof(*md->val)); if (pa == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } md->val = pa; diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 4a585bff07..1e82971c6e 100755 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c 22673 2008-03-10 15:00:05Z lha $"); +RCSID("$Id: pkinit.c 23450 2008-07-27 12:10:10Z lha $"); struct krb5_dh_moduli { char *name; @@ -45,8 +45,6 @@ struct krb5_dh_moduli { #ifdef PKINIT -#include -#include #include #include #include @@ -56,22 +54,6 @@ struct krb5_dh_moduli { #include -#include - -enum { - COMPAT_WIN2K = 1, - COMPAT_IETF = 2 -}; - -struct krb5_pk_identity { - hx509_context hx509ctx; - hx509_verify_ctx verify_ctx; - hx509_certs certs; - hx509_certs anchors; - hx509_certs certpool; - hx509_revoke_ctx revokectx; -}; - struct krb5_pk_cert { hx509_cert cert; }; @@ -82,7 +64,7 @@ struct krb5_pk_init_ctx_data { krb5_data *clientDHNonce; struct krb5_dh_moduli **m; hx509_peer_info peer; - int type; + enum krb5_pk_type type; unsigned int require_binding:1; unsigned int require_eku:1; unsigned int require_krbtgt_otherName:1; @@ -91,11 +73,11 @@ struct krb5_pk_init_ctx_data { }; static void -_krb5_pk_copy_error(krb5_context context, - hx509_context hx509ctx, - int hxret, - const char *fmt, - ...) +pk_copy_error(krb5_context context, + hx509_context hx509ctx, + int hxret, + const char *fmt, + ...) __attribute__ ((format (printf, 4, 5))); /* @@ -132,7 +114,7 @@ integer_to_BN(krb5_context context, const char *field, const heim_integer *f) bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL); if (bn == NULL) { - krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field); + krb5_set_error_message(context, ENOMEM, "PKINIT: parsing BN failed %s", field); return NULL; } BN_set_negative(bn, f->negative); @@ -167,16 +149,16 @@ find_cert(krb5_context context, struct krb5_pk_identity *id, for (i = 0; i < sizeof(cf)/sizeof(cf[0]); i++) { ret = hx509_query_match_eku(q, cf[i].oid); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed setting %s OID", cf[i].type); + pk_copy_error(context, id->hx509ctx, ret, + "Failed setting %s OID", cf[i].type); return ret; } ret = hx509_certs_find(id->hx509ctx, id->certs, q, cert); if (ret == 0) break; - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed cert for finding %s OID", cf[i].type); + pk_copy_error(context, id->hx509ctx, ret, + "Failed cert for finding %s OID", cf[i].type); } return ret; } @@ -196,8 +178,8 @@ create_signature(krb5_context context, ret = hx509_query_alloc(id->hx509ctx, &q); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Allocate query to find signing certificate"); + pk_copy_error(context, id->hx509ctx, ret, + "Allocate query to find signing certificate"); return ret; } @@ -222,8 +204,8 @@ create_signature(krb5_context context, sd_data); hx509_cert_free(cert); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Create CMS signedData"); + pk_copy_error(context, id->hx509ctx, ret, + "Create CMS signedData"); return ret; } @@ -374,7 +356,7 @@ build_auth_pack(krb5_context context, ALLOC(a->pkAuthenticator.paChecksum, 1); if (a->pkAuthenticator.paChecksum == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -524,7 +506,7 @@ pk_mk_padata(krb5_context context, krb5_data_zero(&sd_buf); memset(&content_info, 0, sizeof(content_info)); - if (ctx->type == COMPAT_WIN2K) { + if (ctx->type == PKINIT_WIN2K) { AuthPack_Win2k ap; krb5_timestamp sec; int32_t usec; @@ -554,14 +536,15 @@ pk_mk_padata(krb5_context context, &ap, &size, ret); free_AuthPack_Win2k(&ap); if (ret) { - krb5_set_error_string(context, "AuthPack_Win2k: %d", ret); + krb5_set_error_message(context, ret, "AuthPack_Win2k: %d", + (int)ret); goto out; } if (buf.length != size) krb5_abortx(context, "internal ASN1 encoder error"); oid = oid_id_pkcs7_data(); - } else if (ctx->type == COMPAT_IETF) { + } else if (ctx->type == PKINIT_27) { AuthPack ap; memset(&ap, 0, sizeof(ap)); @@ -575,7 +558,7 @@ pk_mk_padata(krb5_context context, ASN1_MALLOC_ENCODE(AuthPack, buf.data, buf.length, &ap, &size, ret); free_AuthPack(&ap); if (ret) { - krb5_set_error_string(context, "AuthPack: %d", ret); + krb5_set_error_message(context, ret, "AuthPack: %d", (int)ret); goto out; } if (buf.length != size) @@ -594,12 +577,12 @@ pk_mk_padata(krb5_context context, ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &sd_buf, &buf); krb5_data_free(&sd_buf); if (ret) { - krb5_set_error_string(context, - "ContentInfo wrapping of signedData failed"); + krb5_set_error_message(context, ret, + "ContentInfo wrapping of signedData failed"); goto out; } - if (ctx->type == COMPAT_WIN2K) { + if (ctx->type == PKINIT_WIN2K) { PA_PK_AS_REQ_Win2k winreq; pa_type = KRB5_PADATA_PK_AS_REQ_WIN; @@ -612,7 +595,7 @@ pk_mk_padata(krb5_context context, &winreq, &size, ret); free_PA_PK_AS_REQ_Win2k(&winreq); - } else if (ctx->type == COMPAT_IETF) { + } else if (ctx->type == PKINIT_27) { PA_PK_AS_REQ req; pa_type = KRB5_PADATA_PK_AS_REQ; @@ -624,14 +607,15 @@ pk_mk_padata(krb5_context context, req.trustedCertifiers = calloc(1, sizeof(*req.trustedCertifiers)); if (req.trustedCertifiers == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); free_PA_PK_AS_REQ(&req); goto out; } ret = build_edi(context, ctx->id->hx509ctx, ctx->id->anchors, req.trustedCertifiers); if (ret) { - krb5_set_error_string(context, "pk-init: failed to build trustedCertifiers"); + krb5_set_error_message(context, ret, "pk-init: failed to build trustedCertifiers"); free_PA_PK_AS_REQ(&req); goto out; } @@ -646,7 +630,7 @@ pk_mk_padata(krb5_context context, } else krb5_abortx(context, "internal pkinit error"); if (ret) { - krb5_set_error_string(context, "PA-PK-AS-REQ %d", ret); + krb5_set_error_message(context, ret, "PA-PK-AS-REQ %d", (int)ret); goto out; } if (buf.length != size) @@ -656,10 +640,10 @@ pk_mk_padata(krb5_context context, if (ret) free(buf.data); - if (ret == 0 && ctx->type == COMPAT_WIN2K) + if (ret == 0 && ctx->type == PKINIT_WIN2K) krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0); -out: + out: free_ContentInfo(&content_info); return ret; @@ -691,9 +675,9 @@ _krb5_pk_mk_padata(krb5_context context, req_body->realm, "pkinit_win2k_require_binding", NULL); - ctx->type = COMPAT_WIN2K; + ctx->type = PKINIT_WIN2K; } else - ctx->type = COMPAT_IETF; + ctx->type = PKINIT_27; ctx->require_eku = krb5_config_get_bool_default(context, NULL, @@ -753,8 +737,8 @@ _krb5_pk_verify_sign(krb5_context context, content, &signer_certs); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "CMS verify signed failed"); + pk_copy_error(context, id->hx509ctx, ret, + "CMS verify signed failed"); return ret; } @@ -767,12 +751,12 @@ _krb5_pk_verify_sign(krb5_context context, ret = hx509_get_one_cert(id->hx509ctx, signer_certs, &(*signer)->cert); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed to get on of the signer certs"); + pk_copy_error(context, id->hx509ctx, ret, + "Failed to get on of the signer certs"); goto out; } -out: + out: hx509_certs_free(&signer_certs); if (ret) { if (*signer) { @@ -800,29 +784,28 @@ get_reply_key_win(krb5_context context, &key_pack, &size); if (ret) { - krb5_set_error_string(context, "PKINIT decoding reply key failed"); + krb5_set_error_message(context, ret, "PKINIT decoding reply key failed"); free_ReplyKeyPack_Win2k(&key_pack); return ret; } if (key_pack.nonce != nonce) { - krb5_set_error_string(context, "PKINIT enckey nonce is wrong"); + krb5_set_error_message(context, ret, "PKINIT enckey nonce is wrong"); free_ReplyKeyPack_Win2k(&key_pack); return KRB5KRB_AP_ERR_MODIFIED; } *key = malloc (sizeof (**key)); if (*key == NULL) { - krb5_set_error_string(context, "PKINIT failed allocating reply key"); free_ReplyKeyPack_Win2k(&key_pack); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = copy_EncryptionKey(&key_pack.replyKey, *key); free_ReplyKeyPack_Win2k(&key_pack); if (ret) { - krb5_set_error_string(context, "PKINIT failed copying reply key"); + krb5_set_error_message(context, ret, "PKINIT failed copying reply key"); free(*key); *key = NULL; } @@ -845,7 +828,7 @@ get_reply_key(krb5_context context, &key_pack, &size); if (ret) { - krb5_set_error_string(context, "PKINIT decoding reply key failed"); + krb5_set_error_message(context, ret, "PKINIT decoding reply key failed"); free_ReplyKeyPack(&key_pack); return ret; } @@ -876,16 +859,15 @@ get_reply_key(krb5_context context, *key = malloc (sizeof (**key)); if (*key == NULL) { - krb5_set_error_string(context, "PKINIT failed allocating reply key"); free_ReplyKeyPack(&key_pack); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = copy_EncryptionKey(&key_pack.replyKey, *key); free_ReplyKeyPack(&key_pack); if (ret) { - krb5_set_error_string(context, "PKINIT failed copying reply key"); + krb5_set_error_message(context, ret, "PKINIT failed copying reply key"); free(*key); *key = NULL; } @@ -907,7 +889,7 @@ pk_verify_host(krb5_context context, ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert, oid_id_pkkdcekuoid(), 0); if (ret) { - krb5_set_error_string(context, "No PK-INIT KDC EKU in kdc certificate"); + krb5_set_error_message(context, ret, "No PK-INIT KDC EKU in kdc certificate"); return ret; } } @@ -920,8 +902,8 @@ pk_verify_host(krb5_context context, oid_id_pkinit_san(), &list); if (ret) { - krb5_set_error_string(context, "Failed to find the PK-INIT " - "subjectAltName in the KDC certificate"); + krb5_set_error_message(context, ret, "Failed to find the PK-INIT " + "subjectAltName in the KDC certificate"); return ret; } @@ -934,8 +916,8 @@ pk_verify_host(krb5_context context, &r, NULL); if (ret) { - krb5_set_error_string(context, "Failed to decode the PK-INIT " - "subjectAltName in the KDC certificate"); + krb5_set_error_message(context, ret, "Failed to decode the PK-INIT " + "subjectAltName in the KDC certificate"); break; } @@ -944,11 +926,11 @@ pk_verify_host(krb5_context context, strcmp(r.principalName.name_string.val[0], KRB5_TGS_NAME) != 0 || strcmp(r.principalName.name_string.val[1], realm) != 0 || strcmp(r.realm, realm) != 0) - { - krb5_set_error_string(context, "KDC have wrong realm name in " - "the certificate"); - ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; - } + { + ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; + krb5_set_error_message(context, ret, "KDC have wrong realm name in " + "the certificate"); + } free_KRB5PrincipalName(&r); if (ret) @@ -967,8 +949,8 @@ pk_verify_host(krb5_context context, hi->ai->ai_addr, hi->ai->ai_addrlen); if (ret) - krb5_set_error_string(context, "Address mismatch in " - "the KDC certificate"); + krb5_set_error_message(context, ret, "Address mismatch in " + "the KDC certificate"); } return ret; } @@ -993,7 +975,7 @@ pk_rd_pa_reply_enckey(krb5_context context, heim_oid contentType = { 0, NULL }; if (der_heim_oid_cmp(oid_id_pkcs7_envelopedData(), dataType)) { - krb5_set_error_string(context, "PKINIT: Invalid content type"); + krb5_set_error_message(context, EINVAL, "PKINIT: Invalid content type"); return EINVAL; } @@ -1003,11 +985,12 @@ pk_rd_pa_reply_enckey(krb5_context context, indata->data, indata->length, NULL, + 0, &contentType, &content); if (ret) { - _krb5_pk_copy_error(context, ctx->id->hx509ctx, ret, - "Failed to unenvelope CMS data in PK-INIT reply"); + pk_copy_error(context, ctx->id->hx509ctx, ret, + "Failed to unenvelope CMS data in PK-INIT reply"); return ret; } der_free_oid(&contentType); @@ -1031,14 +1014,14 @@ pk_rd_pa_reply_enckey(krb5_context context, #endif /* win2k uses ContentInfo */ - if (type == COMPAT_WIN2K) { + if (type == PKINIT_WIN2K) { heim_oid type; heim_octet_string out; ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL); if (der_heim_oid_cmp(&type, oid_id_pkcs7_signedData())) { ret = EINVAL; /* XXX */ - krb5_set_error_string(context, "PKINIT: Invalid content type"); + krb5_set_error_message(context, ret, "PKINIT: Invalid content type"); der_free_oid(&type); der_free_octet_string(&out); goto out; @@ -1048,7 +1031,7 @@ pk_rd_pa_reply_enckey(krb5_context context, ret = krb5_data_copy(&content, out.data, out.length); der_free_octet_string(&out); if (ret) { - krb5_set_error_string(context, "PKINIT: out of memory"); + krb5_set_error_message(context, ret, "PKINIT: out of memory"); goto out; } } @@ -1070,28 +1053,28 @@ pk_rd_pa_reply_enckey(krb5_context context, } #if 0 - if (type == COMPAT_WIN2K) { + if (type == PKINIT_WIN2K) { if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) { - krb5_set_error_string(context, "PKINIT: reply key, wrong oid"); ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid"); goto out; } } else { if (der_heim_oid_cmp(&contentType, oid_id_pkrkeydata()) != 0) { - krb5_set_error_string(context, "PKINIT: reply key, wrong oid"); ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid"); goto out; } } #endif switch(type) { - case COMPAT_WIN2K: + case PKINIT_WIN2K: ret = get_reply_key(context, &content, req_buffer, key); if (ret != 0 && ctx->require_binding == 0) ret = get_reply_key_win(context, &content, nonce, key); break; - case COMPAT_IETF: + case PKINIT_27: ret = get_reply_key(context, &content, req_buffer, key); break; } @@ -1137,7 +1120,7 @@ pk_rd_pa_reply_dh(krb5_context context, memset(&kdc_dh_info, 0, sizeof(kdc_dh_info)); if (der_heim_oid_cmp(oid_id_pkcs7_signedData(), dataType)) { - krb5_set_error_string(context, "PKINIT: Invalid content type"); + krb5_set_error_message(context, EINVAL, "PKINIT: Invalid content type"); return EINVAL; } @@ -1157,8 +1140,8 @@ pk_rd_pa_reply_dh(krb5_context context, goto out; if (der_heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) { - krb5_set_error_string(context, "pkinit - dh reply contains wrong oid"); ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_set_error_message(context, ret, "pkinit - dh reply contains wrong oid"); goto out; } @@ -1168,35 +1151,35 @@ pk_rd_pa_reply_dh(krb5_context context, &size); if (ret) { - krb5_set_error_string(context, "pkinit - " - "failed to decode KDC DH Key Info"); + krb5_set_error_message(context, ret, "pkinit - " + "failed to decode KDC DH Key Info"); goto out; } if (kdc_dh_info.nonce != nonce) { - krb5_set_error_string(context, "PKINIT: DH nonce is wrong"); ret = KRB5KRB_AP_ERR_MODIFIED; + krb5_set_error_message(context, ret, "PKINIT: DH nonce is wrong"); goto out; } if (kdc_dh_info.dhKeyExpiration) { if (k_n == NULL) { - krb5_set_error_string(context, "pkinit; got key expiration " - "without server nonce"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "pkinit; got key expiration " + "without server nonce"); goto out; } if (c_n == NULL) { - krb5_set_error_string(context, "pkinit; got DH reuse but no " - "client nonce"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "pkinit; got DH reuse but no " + "client nonce"); goto out; } } else { if (k_n) { - krb5_set_error_string(context, "pkinit: got server nonce " - "without key expiration"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "pkinit: got server nonce " + "without key expiration"); goto out; } c_n = NULL; @@ -1210,15 +1193,15 @@ pk_rd_pa_reply_dh(krb5_context context, DHPublicKey k; ret = decode_DHPublicKey(p, size, &k, NULL); if (ret) { - krb5_set_error_string(context, "pkinit: can't decode " - "without key expiration"); + krb5_set_error_message(context, ret, "pkinit: can't decode " + "without key expiration"); goto out; } kdc_dh_pubkey = integer_to_BN(context, "DHPublicKey", &k); free_DHPublicKey(&k); if (kdc_dh_pubkey == NULL) { - ret = KRB5KRB_ERR_GENERIC; + ret = ENOMEM; goto out; } } @@ -1230,8 +1213,8 @@ pk_rd_pa_reply_dh(krb5_context context, dh_gen_key = malloc(size); if (dh_gen_key == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } memset(dh_gen_key, 0, size - dh_gen_keylen); @@ -1239,16 +1222,16 @@ pk_rd_pa_reply_dh(krb5_context context, dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen), kdc_dh_pubkey, ctx->dh); if (dh_gen_keylen == -1) { - krb5_set_error_string(context, - "PKINIT: Can't compute Diffie-Hellman key"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + "PKINIT: Can't compute Diffie-Hellman key"); goto out; } *key = malloc (sizeof (**key)); if (*key == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -1258,8 +1241,8 @@ pk_rd_pa_reply_dh(krb5_context context, c_n, k_n, *key); if (ret) { - krb5_set_error_string(context, - "PKINIT: can't create key from DH key"); + krb5_set_error_message(context, ret, + "PKINIT: can't create key from DH key"); free(*key); *key = NULL; goto out; @@ -1298,13 +1281,13 @@ _krb5_pk_rd_pa_reply(krb5_context context, size_t size; /* Check for IETF PK-INIT first */ - if (ctx->type == COMPAT_IETF) { + if (ctx->type == PKINIT_27) { PA_PK_AS_REP rep; heim_octet_string os, data; heim_oid oid; if (pa->padata_type != KRB5_PADATA_PK_AS_REP) { - krb5_set_error_string(context, "PKINIT: wrong padata recv"); + krb5_set_error_message(context, EINVAL, "PKINIT: wrong padata recv"); return EINVAL; } @@ -1313,7 +1296,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, &rep, &size); if (ret) { - krb5_set_error_string(context, "Failed to decode pkinit AS rep"); + krb5_set_error_message(context, ret, "Failed to decode pkinit AS rep"); return ret; } @@ -1326,15 +1309,15 @@ _krb5_pk_rd_pa_reply(krb5_context context, break; default: free_PA_PK_AS_REP(&rep); - krb5_set_error_string(context, "PKINIT: -27 reply " - "invalid content type"); + krb5_set_error_message(context, EINVAL, "PKINIT: -27 reply " + "invalid content type"); return EINVAL; } ret = hx509_cms_unwrap_ContentInfo(&os, &oid, &data, NULL); if (ret) { free_PA_PK_AS_REP(&rep); - krb5_set_error_string(context, "PKINIT: failed to unwrap CI"); + krb5_set_error_message(context, ret, "PKINIT: failed to unwrap CI"); return ret; } @@ -1346,7 +1329,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, nonce, pa, key); break; case choice_PA_PK_AS_REP_encKeyPack: - ret = pk_rd_pa_reply_enckey(context, COMPAT_IETF, &data, &oid, realm, + ret = pk_rd_pa_reply_enckey(context, PKINIT_27, &data, &oid, realm, ctx, etype, hi, nonce, req_buffer, pa, key); break; default: @@ -1356,14 +1339,14 @@ _krb5_pk_rd_pa_reply(krb5_context context, der_free_oid(&oid); free_PA_PK_AS_REP(&rep); - } else if (ctx->type == COMPAT_WIN2K) { + } else if (ctx->type == PKINIT_WIN2K) { PA_PK_AS_REP_Win2k w2krep; /* Check for Windows encoding of the AS-REP pa data */ #if 0 /* should this be ? */ if (pa->padata_type != KRB5_PADATA_PK_AS_REP) { - krb5_set_error_string(context, "PKINIT: wrong padata recv"); + krb5_set_error_message(context, EINVAL, "PKINIT: wrong padata recv"); return EINVAL; } #endif @@ -1375,8 +1358,8 @@ _krb5_pk_rd_pa_reply(krb5_context context, &w2krep, &size); if (ret) { - krb5_set_error_string(context, "PKINIT: Failed decoding windows " - "pkinit reply %d", ret); + krb5_set_error_message(context, ret, "PKINIT: Failed decoding windows " + "pkinit reply %d", (int)ret); return ret; } @@ -1391,11 +1374,11 @@ _krb5_pk_rd_pa_reply(krb5_context context, &oid, &data, NULL); free_PA_PK_AS_REP_Win2k(&w2krep); if (ret) { - krb5_set_error_string(context, "PKINIT: failed to unwrap CI"); + krb5_set_error_message(context, ret, "PKINIT: failed to unwrap CI"); return ret; } - ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &data, &oid, realm, + ret = pk_rd_pa_reply_enckey(context, PKINIT_WIN2K, &data, &oid, realm, ctx, etype, hi, nonce, req_buffer, pa, key); der_free_octet_string(&data); der_free_oid(&oid); @@ -1404,15 +1387,15 @@ _krb5_pk_rd_pa_reply(krb5_context context, } default: free_PA_PK_AS_REP_Win2k(&w2krep); - krb5_set_error_string(context, "PKINIT: win2k reply invalid " - "content type"); ret = EINVAL; + krb5_set_error_message(context, ret, "PKINIT: win2k reply invalid " + "content type"); break; } } else { - krb5_set_error_string(context, "PKINIT: unknown reply type"); ret = EINVAL; + krb5_set_error_message(context, ret, "PKINIT: unknown reply type"); } return ret; @@ -1486,13 +1469,14 @@ _krb5_pk_load_id(krb5_context context, *ret_id = NULL; if (anchor_id == NULL) { - krb5_set_error_string(context, "PKINIT: No anchor given"); + krb5_set_error_message(context, HEIM_PKINIT_NO_VALID_CA, + "PKINIT: No anchor given"); return HEIM_PKINIT_NO_VALID_CA; } if (user_id == NULL) { - krb5_set_error_string(context, - "PKINIT: No user certificate given"); + krb5_set_error_message(context, HEIM_PKINIT_NO_PRIVATE_KEY, + "PKINIT: No user certificate given"); return HEIM_PKINIT_NO_PRIVATE_KEY; } @@ -1500,7 +1484,7 @@ _krb5_pk_load_id(krb5_context context, id = calloc(1, sizeof(*id)); if (id == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -1524,23 +1508,23 @@ _krb5_pk_load_id(krb5_context context, ret = hx509_certs_init(id->hx509ctx, user_id, 0, lock, &id->certs); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed to init cert certs"); + pk_copy_error(context, id->hx509ctx, ret, + "Failed to init cert certs"); goto out; } ret = hx509_certs_init(id->hx509ctx, anchor_id, 0, NULL, &id->anchors); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed to init anchors"); + pk_copy_error(context, id->hx509ctx, ret, + "Failed to init anchors"); goto out; } ret = hx509_certs_init(id->hx509ctx, "MEMORY:pkinit-cert-chain", 0, NULL, &id->certpool); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed to init chain"); + pk_copy_error(context, id->hx509ctx, ret, + "Failed to init chain"); goto out; } @@ -1548,9 +1532,9 @@ _krb5_pk_load_id(krb5_context context, ret = hx509_certs_append(id->hx509ctx, id->certpool, NULL, *chain_list); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed to laod chain %s", - *chain_list); + pk_copy_error(context, id->hx509ctx, ret, + "Failed to laod chain %s", + *chain_list); goto out; } chain_list++; @@ -1559,8 +1543,8 @@ _krb5_pk_load_id(krb5_context context, if (revoke_list) { ret = hx509_revoke_init(id->hx509ctx, &id->revokectx); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed init revoke list"); + pk_copy_error(context, id->hx509ctx, ret, + "Failed init revoke list"); goto out; } @@ -1569,8 +1553,8 @@ _krb5_pk_load_id(krb5_context context, id->revokectx, *revoke_list); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed load revoke list"); + pk_copy_error(context, id->hx509ctx, ret, + "Failed load revoke list"); goto out; } revoke_list++; @@ -1580,15 +1564,15 @@ _krb5_pk_load_id(krb5_context context, ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed init verify context"); + pk_copy_error(context, id->hx509ctx, ret, + "Failed init verify context"); goto out; } hx509_verify_attach_anchors(id->verify_ctx, id->anchors); hx509_verify_attach_revoke(id->verify_ctx, id->revokectx); -out: + out: if (ret) { hx509_verify_destroy_ctx(id->verify_ctx); hx509_certs_free(&id->certs); @@ -1622,10 +1606,10 @@ select_dh_group(krb5_context context, DH *dh, unsigned long bits, break; } if (moduli[i] == NULL) { - krb5_set_error_string(context, - "Did not find a DH group parameter " - "matching requirement of %lu bits", - bits); + krb5_set_error_message(context, EINVAL, + "Did not find a DH group parameter " + "matching requirement of %lu bits", + bits); return EINVAL; } m = moduli[i]; @@ -1644,6 +1628,39 @@ select_dh_group(krb5_context context, DH *dh, unsigned long bits, return 0; } +/* + * + */ + +static void +pk_copy_error(krb5_context context, + hx509_context hx509ctx, + int hxret, + const char *fmt, + ...) +{ + va_list va; + char *s, *f; + + va_start(va, fmt); + vasprintf(&f, fmt, va); + va_end(va); + if (f == NULL) { + krb5_clear_error_string(context); + return; + } + + s = hx509_get_error_string(hx509ctx, hxret); + if (s == NULL) { + krb5_clear_error_string(context); + free(f); + return; + } + krb5_set_error_message(context, hxret, "%s: %s", f, s); + free(s); + free(f); +} + #endif /* PKINIT */ static int @@ -1654,15 +1671,15 @@ parse_integer(krb5_context context, char **p, const char *file, int lineno, char *p1; p1 = strsep(p, " \t"); if (p1 == NULL) { - krb5_set_error_string(context, "moduli file %s missing %s on line %d", - file, name, lineno); + krb5_set_error_message(context, EINVAL, "moduli file %s missing %s on line %d", + file, name, lineno); return EINVAL; } ret = der_parse_hex_heim_integer(p1, integer); if (ret) { - krb5_set_error_string(context, "moduli file %s failed parsing %s " - "on line %d", - file, name, lineno); + krb5_set_error_message(context, ret, "moduli file %s failed parsing %s " + "on line %d", + file, name, lineno); return ret; } @@ -1684,7 +1701,7 @@ _krb5_parse_moduli_line(krb5_context context, m1 = calloc(1, sizeof(*m1)); if (m1 == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -1696,28 +1713,28 @@ _krb5_parse_moduli_line(krb5_context context, p1 = strsep(&p, " \t"); if (p1 == NULL) { - krb5_set_error_string(context, "moduli file %s missing name " - "on line %d", file, lineno); + krb5_set_error_message(context, ret, "moduli file %s missing name " + "on line %d", file, lineno); goto out; } m1->name = strdup(p1); if (p1 == NULL) { - krb5_set_error_string(context, "malloc - out of memeory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc - out of memeory"); goto out; } p1 = strsep(&p, " \t"); if (p1 == NULL) { - krb5_set_error_string(context, "moduli file %s missing bits on line %d", - file, lineno); + krb5_set_error_message(context, ret, "moduli file %s missing bits on line %d", + file, lineno); goto out; } m1->bits = atoi(p1); if (m1->bits == 0) { - krb5_set_error_string(context, "moduli file %s have un-parsable " - "bits on line %d", file, lineno); + krb5_set_error_message(context, ret, "moduli file %s have un-parsable " + "bits on line %d", file, lineno); goto out; } @@ -1734,7 +1751,7 @@ _krb5_parse_moduli_line(krb5_context context, *m = m1; return 0; -out: + out: free(m1->name); der_free_heim_integer(&m1->p); der_free_heim_integer(&m1->g); @@ -1826,7 +1843,7 @@ _krb5_parse_moduli(krb5_context context, const char *file, m = calloc(1, sizeof(m[0]) * 3); if (m == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -1855,6 +1872,7 @@ _krb5_parse_moduli(krb5_context context, const char *file, *moduli = m; return 0; } + rk_cloexec_file(f); while(fgets(buf, sizeof(buf), f) != NULL) { struct krb5_dh_moduli *element; @@ -1864,8 +1882,8 @@ _krb5_parse_moduli(krb5_context context, const char *file, m2 = realloc(m, (n + 2) * sizeof(m[0])); if (m2 == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); _krb5_free_moduli(m); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } m = m2; @@ -1903,19 +1921,23 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits, if (der_heim_integer_cmp(&moduli[i]->g, g) == 0 && der_heim_integer_cmp(&moduli[i]->p, p) == 0 && (q == NULL || der_heim_integer_cmp(&moduli[i]->q, q) == 0)) - { - if (bits && bits > moduli[i]->bits) { - krb5_set_error_string(context, "PKINIT: DH group parameter %s " - "no accepted, not enough bits generated", - moduli[i]->name); - return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; + { + if (bits && bits > moduli[i]->bits) { + krb5_set_error_message(context, + KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, + "PKINIT: DH group parameter %s " + "no accepted, not enough bits generated", + moduli[i]->name); + return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; + } + if (name) + *name = strdup(moduli[i]->name); + return 0; } - if (name) - *name = strdup(moduli[i]->name); - return 0; - } } - krb5_set_error_string(context, "PKINIT: DH group parameter no ok"); + krb5_set_error_message(context, + KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, + "PKINIT: DH group parameter no ok"); return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; } @@ -1930,7 +1952,7 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) ctx = opt->opt_private->pk_init_ctx; if (ctx->dh) DH_free(ctx->dh); - ctx->dh = NULL; + ctx->dh = NULL; if (ctx->id) { hx509_verify_destroy_ctx(ctx->id->verify_ctx); hx509_certs_free(&ctx->id->certs); @@ -1970,14 +1992,14 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, char *anchors = NULL; if (opt->opt_private == NULL) { - krb5_set_error_string(context, "PKINIT: on non extendable opt"); + krb5_set_error_message(context, EINVAL, "PKINIT: on non extendable opt"); return EINVAL; } opt->opt_private->pk_init_ctx = calloc(1, sizeof(*opt->opt_private->pk_init_ctx)); if (opt->opt_private->pk_init_ctx == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } opt->opt_private->pk_init_ctx->dh = NULL; @@ -2047,8 +2069,8 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, opt->opt_private->pk_init_ctx->dh = DH_new(); if (opt->opt_private->pk_init_ctx->dh == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); _krb5_get_init_creds_opt_free_pkinit(opt); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -2061,48 +2083,15 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, } if (DH_generate_key(opt->opt_private->pk_init_ctx->dh) != 1) { - krb5_set_error_string(context, "pkinit: failed to generate DH key"); _krb5_get_init_creds_opt_free_pkinit(opt); + krb5_set_error_message(context, ENOMEM, "pkinit: failed to generate DH key"); return ENOMEM; } } return 0; #else - krb5_set_error_string(context, "no support for PKINIT compiled in"); + krb5_set_error_message(context, EINVAL, "no support for PKINIT compiled in"); return EINVAL; #endif } - -/* - * - */ - -static void -_krb5_pk_copy_error(krb5_context context, - hx509_context hx509ctx, - int hxret, - const char *fmt, - ...) -{ - va_list va; - char *s, *f; - - va_start(va, fmt); - vasprintf(&f, fmt, va); - va_end(va); - if (f == NULL) { - krb5_clear_error_string(context); - return; - } - - s = hx509_get_error_string(hx509ctx, hxret); - if (s == NULL) { - krb5_clear_error_string(context); - free(f); - return; - } - krb5_set_error_string(context, "%s: %s", f, s); - free(s); - free(f); -} diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c index bae28496aa..8dda27fa59 100644 --- a/source4/heimdal/lib/krb5/plugin.c +++ b/source4/heimdal/lib/krb5/plugin.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: plugin.c 22033 2007-11-10 10:39:47Z lha $"); +RCSID("$Id: plugin.c 23451 2008-07-27 12:10:30Z lha $"); #ifdef HAVE_DLFCN_H #include #endif @@ -87,7 +87,7 @@ loadlib(krb5_context context, { *e = calloc(1, sizeof(**e)); if (*e == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -99,8 +99,8 @@ loadlib(krb5_context context, if ((*e)->dsohandle == NULL) { free(*e); *e = NULL; - krb5_set_error_string(context, "Failed to load %s: %s", - lib, dlerror()); + krb5_set_error_message(context, ENOMEM, "Failed to load %s: %s", + lib, dlerror()); return ENOMEM; } @@ -139,14 +139,14 @@ krb5_plugin_register(krb5_context context, e = calloc(1, sizeof(*e)); if (e == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } e->type = type; e->name = strdup(name); if (e->name == NULL) { free(e); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } e->symbol = symbol; @@ -185,8 +185,8 @@ _krb5_plugin_find(krb5_context context, e = calloc(1, sizeof(*e)); if (e == NULL) { HEIMDAL_MUTEX_unlock(&plugin_mutex); - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } e->symbol = p->symbol; @@ -210,12 +210,13 @@ _krb5_plugin_find(krb5_context context, d = opendir(*di); if (d == NULL) continue; + rk_cloexec(dirfd(d)); while ((entry = readdir(d)) != NULL) { asprintf(&path, "%s/%s", *di, entry->d_name); if (path == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = loadlib(context, type, name, path, &e); @@ -233,7 +234,7 @@ _krb5_plugin_find(krb5_context context, #endif /* HAVE_DLOPEN */ if (*list == NULL) { - krb5_set_error_string(context, "Did not find a plugin for %s", name); + krb5_set_error_message(context, ENOENT, "Did not find a plugin for %s", name); return ENOENT; } diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index cdad477115..0d6d72dbcf 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -57,7 +57,7 @@ host/admin@H5L.ORG #include #include "resolve.h" -RCSID("$Id: principal.c 22549 2008-01-29 09:37:25Z lha $"); +RCSID("$Id: principal.c 23316 2008-06-23 04:32:32Z lha $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) @@ -149,8 +149,9 @@ krb5_parse_name_flags(krb5_context context, #define RFLAGS (KRB5_PRINCIPAL_PARSE_NO_REALM|KRB5_PRINCIPAL_PARSE_MUST_REALM) if ((flags & RFLAGS) == RFLAGS) { - krb5_set_error_string(context, "Can't require both realm and " - "no realm at the same time"); + krb5_set_error_message(context, KRB5_ERR_NO_SERVICE, + "Can't require both realm and " + "no realm at the same time"); return KRB5_ERR_NO_SERVICE; } #undef RFLAGS @@ -163,7 +164,7 @@ krb5_parse_name_flags(krb5_context context, for(p = name; *p; p++){ if(*p=='\\'){ if(!p[1]) { - krb5_set_error_string (context, + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, "trailing \\ in principal name"); return KRB5_PARSE_MALFORMED; } @@ -176,7 +177,7 @@ krb5_parse_name_flags(krb5_context context, } comp = calloc(ncomp, sizeof(*comp)); if (comp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -184,7 +185,7 @@ krb5_parse_name_flags(krb5_context context, p = start = q = s = strdup(name); if (start == NULL) { free (comp); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } while(*p){ @@ -200,9 +201,9 @@ krb5_parse_name_flags(krb5_context context, else if(c == '0') c = '\0'; else if(c == '\0') { - krb5_set_error_string (context, - "trailing \\ in principal name"); ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, + "trailing \\ in principal name"); goto exit; } }else if(enterprise && first_at) { @@ -210,15 +211,15 @@ krb5_parse_name_flags(krb5_context context, first_at = 0; }else if((c == '/' && !enterprise) || c == '@'){ if(got_realm){ - krb5_set_error_string (context, - "part after realm in principal name"); ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, + "part after realm in principal name"); goto exit; }else{ comp[n] = malloc(q - start + 1); if (comp[n] == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto exit; } memcpy(comp[n], start, q - start); @@ -231,33 +232,33 @@ krb5_parse_name_flags(krb5_context context, continue; } if(got_realm && (c == ':' || c == '/' || c == '\0')) { - krb5_set_error_string (context, - "part after realm in principal name"); ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, + "part after realm in principal name"); goto exit; } *q++ = c; } if(got_realm){ if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) { - krb5_set_error_string (context, "realm found in 'short' principal " - "expected to be without one"); ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, "realm found in 'short' principal " + "expected to be without one"); goto exit; } realm = malloc(q - start + 1); if (realm == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto exit; } memcpy(realm, start, q - start); realm[q - start] = 0; }else{ if (flags & KRB5_PRINCIPAL_PARSE_MUST_REALM) { - krb5_set_error_string (context, "realm NOT found in principal " - "expected to be with one"); ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, "realm NOT found in principal " + "expected to be with one"); goto exit; } else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) { realm = NULL; @@ -269,8 +270,8 @@ krb5_parse_name_flags(krb5_context context, comp[n] = malloc(q - start + 1); if (comp[n] == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto exit; } memcpy(comp[n], start, q - start); @@ -279,8 +280,8 @@ krb5_parse_name_flags(krb5_context context, } *principal = malloc(sizeof(**principal)); if (*principal == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto exit; } if (enterprise) @@ -350,7 +351,8 @@ unparse_name_fixed(krb5_context context, int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0; if (!no_realm && princ_realm(principal) == NULL) { - krb5_set_error_string(context, "Realm missing from principal, " + krb5_set_error_message(context, ERANGE, + "Realm missing from principal, " "can't unparse"); return ERANGE; } @@ -360,7 +362,7 @@ unparse_name_fixed(krb5_context context, add_char(name, idx, len, '/'); idx = quote_string(princ_ncomp(principal, i), name, idx, len, display); if(idx == len) { - krb5_set_error_string(context, "Out of space printing principal"); + krb5_set_error_message(context, ERANGE, "Out of space printing principal"); return ERANGE; } } @@ -379,8 +381,8 @@ unparse_name_fixed(krb5_context context, add_char(name, idx, len, '@'); idx = quote_string(princ_realm(principal), name, idx, len, display); if(idx == len) { - krb5_set_error_string(context, - "Out of space printing realm of principal"); + krb5_set_error_message(context, ERANGE, + "Out of space printing realm of principal"); return ERANGE; } } @@ -446,7 +448,7 @@ unparse_name(krb5_context context, len++; /* '\0' */ *name = malloc(len); if(*name == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = unparse_name_fixed(context, principal, *name, len, flags); @@ -511,6 +513,22 @@ krb5_princ_set_realm(krb5_context context, princ_realm(principal) = *realm; } +krb5_error_code KRB5_LIB_FUNCTION +krb5_principal_set_realm(krb5_context context, + krb5_principal principal, + krb5_const_realm realm) +{ + if (princ_realm(principal)) + free(princ_realm(principal)); + + princ_realm(principal) = strdup(realm); + if (princ_realm(principal) == NULL) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + return 0; +} + krb5_error_code KRB5_LIB_FUNCTION krb5_build_principal(krb5_context context, @@ -537,13 +555,13 @@ append_component(krb5_context context, krb5_principal p, tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp)); if(tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } princ_comp(p) = tmp; princ_ncomp(p, len) = malloc(comp_len + 1); if (princ_ncomp(p, len) == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy (princ_ncomp(p, len), comp, comp_len); @@ -591,7 +609,7 @@ build_principal(krb5_context context, p = calloc(1, sizeof(*p)); if (p == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } princ_type(p) = KRB5_NT_PRINCIPAL; @@ -599,7 +617,7 @@ build_principal(krb5_context context, princ_realm(p) = strdup(realm); if(p->realm == NULL){ free(p); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -675,12 +693,12 @@ krb5_copy_principal(krb5_context context, { krb5_principal p = malloc(sizeof(*p)); if (p == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } if(copy_Principal(inprinc, p)) { free(p); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } *outprinc = p; @@ -706,6 +724,22 @@ krb5_principal_compare_any_realm(krb5_context context, return TRUE; } +krb5_boolean KRB5_LIB_FUNCTION +_krb5_principal_compare_PrincipalName(krb5_context context, + krb5_const_principal princ1, + PrincipalName *princ2) +{ + int i; + if (princ_num_comp(princ1) != princ2->name_string.len) + return FALSE; + for(i = 0; i < princ_num_comp(princ1); i++){ + if(strcmp(princ_ncomp(princ1, i), princ2->name_string.val[i]) != 0) + return FALSE; + } + return TRUE; +} + + /* * return TRUE iff princ1 == princ2 */ @@ -909,7 +943,7 @@ krb5_425_conv_principal_ext2(krb5_context context, #endif if (passed) { if (inst == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } strlwr(inst); @@ -1160,7 +1194,7 @@ krb5_524_conv_principal(krb5_context context, i = principal->name.name_string.val[1]; break; default: - krb5_set_error_string (context, + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, "cannot convert a %d component principal", principal->name.name_string.len); return KRB5_PARSE_MALFORMED; @@ -1186,17 +1220,17 @@ krb5_524_conv_principal(krb5_context context, } if (strlcpy (name, n, aname_sz) >= aname_sz) { - krb5_set_error_string (context, + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, "too long name component to convert"); return KRB5_PARSE_MALFORMED; } if (strlcpy (instance, i, aname_sz) >= aname_sz) { - krb5_set_error_string (context, + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, "too long instance component to convert"); return KRB5_PARSE_MALFORMED; } if (strlcpy (realm, r, aname_sz) >= aname_sz) { - krb5_set_error_string (context, + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, "too long realm component to convert"); return KRB5_PARSE_MALFORMED; } @@ -1219,8 +1253,9 @@ krb5_sname_to_principal (krb5_context context, char **realms, *host = NULL; if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) { - krb5_set_error_string (context, "unsupported name type %d", - type); + krb5_set_error_message(context, KRB5_SNAME_UNSUPP_NAMETYPE, + "unsupported name type %d", + (int)type); return KRB5_SNAME_UNSUPP_NAMETYPE; } if(hostname == NULL) { @@ -1280,6 +1315,7 @@ krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype) return 0; } } - krb5_set_error_string(context, "Failed to find name type %s", str); + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, + "Failed to find name type %s", str); return KRB5_PARSE_MALFORMED; } diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c index c3f732201f..26aa3f2d79 100644 --- a/source4/heimdal/lib/krb5/rd_cred.c +++ b/source4/heimdal/lib/krb5/rd_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_cred.c 20304 2007-04-11 11:15:05Z lha $"); +RCSID("$Id: rd_cred.c 23316 2008-06-23 04:32:32Z lha $"); static krb5_error_code compare_addrs(krb5_context context, @@ -49,7 +49,8 @@ compare_addrs(krb5_context context, krb5_print_address (a, a_str, sizeof(a_str), &len); krb5_print_address (b, b_str, sizeof(b_str), &len); - krb5_set_error_string(context, "%s: %s != %s", message, b_str, a_str); + krb5_set_error_message(context, KRB5KRB_AP_ERR_BADADDR, + "%s: %s != %s", message, b_str, a_str); return KRB5KRB_AP_ERR_BADADDR; } @@ -244,7 +245,7 @@ krb5_rd_cred(krb5_context context, if (*ret_creds == NULL) { ret = ENOMEM; - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -255,7 +256,7 @@ krb5_rd_cred(krb5_context context, creds = calloc(1, sizeof(*creds)); if(creds == NULL) { ret = ENOMEM; - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } diff --git a/source4/heimdal/lib/krb5/rd_error.c b/source4/heimdal/lib/krb5/rd_error.c index e7646467af..9e50af539a 100644 --- a/source4/heimdal/lib/krb5/rd_error.c +++ b/source4/heimdal/lib/krb5/rd_error.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: rd_error.c 21057 2007-06-12 17:22:31Z lha $"); +RCSID("$Id: rd_error.c 23316 2008-06-23 04:32:32Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_error(krb5_context context, @@ -78,7 +78,7 @@ krb5_error_from_rd_error(krb5_context context, ret = error->error_code; if (error->e_text != NULL) { - krb5_set_error_string(context, "%s", *error->e_text); + krb5_set_error_message(context, ret, "%s", *error->e_text); } else { char clientname[256], servername[256]; @@ -91,28 +91,28 @@ krb5_error_from_rd_error(krb5_context context, switch (ret) { case KRB5KDC_ERR_NAME_EXP : - krb5_set_error_string(context, "Client %s%s%s expired", - creds ? "(" : "", - creds ? clientname : "", - creds ? ")" : ""); + krb5_set_error_message(context, ret, "Client %s%s%s expired", + creds ? "(" : "", + creds ? clientname : "", + creds ? ")" : ""); break; case KRB5KDC_ERR_SERVICE_EXP : - krb5_set_error_string(context, "Server %s%s%s expired", - creds ? "(" : "", - creds ? servername : "", - creds ? ")" : ""); + krb5_set_error_message(context, ret, "Server %s%s%s expired", + creds ? "(" : "", + creds ? servername : "", + creds ? ")" : ""); break; case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN : - krb5_set_error_string(context, "Client %s%s%s unknown", - creds ? "(" : "", - creds ? clientname : "", - creds ? ")" : ""); + krb5_set_error_message(context, ret, "Client %s%s%s unknown", + creds ? "(" : "", + creds ? clientname : "", + creds ? ")" : ""); break; case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN : - krb5_set_error_string(context, "Server %s%s%s unknown", - creds ? "(" : "", - creds ? servername : "", - creds ? ")" : ""); + krb5_set_error_message(context, ret, "Server %s%s%s unknown", + creds ? "(" : "", + creds ? servername : "", + creds ? ")" : ""); break; default : krb5_clear_error_string(context); diff --git a/source4/heimdal/lib/krb5/rd_rep.c b/source4/heimdal/lib/krb5/rd_rep.c index 8c9b7bb441..0e6e3d09af 100644 --- a/source4/heimdal/lib/krb5/rd_rep.c +++ b/source4/heimdal/lib/krb5/rd_rep.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_rep.c 17890 2006-08-21 09:19:22Z lha $"); +RCSID("$Id: rd_rep.c 23304 2008-06-23 03:29:56Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_rep(krb5_context context, @@ -79,7 +79,7 @@ krb5_rd_rep(krb5_context context, *repl = malloc(sizeof(**repl)); if (*repl == NULL) { ret = ENOMEM; - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_decode_EncAPRepPart(context, diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index 0f33b97164..ddf1f69ae4 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_req.c 22235 2007-12-08 21:52:07Z lha $"); +RCSID("$Id: rd_req.c 23415 2008-07-26 18:35:44Z lha $"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -133,7 +133,7 @@ static krb5_error_code check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc) { char **realms; - int num_realms; + unsigned int num_realms; krb5_error_code ret; /* @@ -389,11 +389,6 @@ krb5_verify_ap_req2(krb5_context context, t->ticket.crealm); if (ret) goto out; - /* save key */ - - ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock); - if (ret) goto out; - ret = decrypt_authenticator (context, &t->ticket.key, &ap_req->authenticator, @@ -479,6 +474,10 @@ krb5_verify_ap_req2(krb5_context context, } } + /* save key */ + ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock); + if (ret) goto out; + if (ap_req_options) { *ap_req_options = 0; if (ac->keytype != ETYPE_NULL) @@ -533,7 +532,7 @@ krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx) { *ctx = calloc(1, sizeof(**ctx)); if (*ctx == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "out of memory"); return ENOMEM; } (*ctx)->check_pac = (context->flags & KRB5_CTX_F_CHECK_PAC) ? 1 : 0; @@ -616,7 +615,7 @@ _krb5_rd_req_out_ctx_alloc(krb5_context context, krb5_rd_req_out_ctx *ctx) { *ctx = calloc(1, sizeof(**ctx)); if (*ctx == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "out of memory"); return ENOMEM; } return 0; @@ -805,9 +804,9 @@ krb5_rd_req_ctx(krb5_context context, } if (ap_req.ap_options.use_session_key && (*auth_context)->keyblock == NULL) { - krb5_set_error_string(context, "krb5_rd_req: user to user auth " - "without session key given"); ret = KRB5KRB_AP_ERR_NOKEY; + krb5_set_error_message(context, ret, "krb5_rd_req: user to user auth " + "without session key given"); goto out; } diff --git a/source4/heimdal/lib/krb5/replay.c b/source4/heimdal/lib/krb5/replay.c index 12894d96a9..7639bfa2ce 100644 --- a/source4/heimdal/lib/krb5/replay.c +++ b/source4/heimdal/lib/krb5/replay.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: replay.c 17047 2006-04-10 17:13:49Z lha $"); +RCSID("$Id: replay.c 23467 2008-07-27 12:16:37Z lha $"); struct krb5_rcache_data { char *name; @@ -47,7 +47,7 @@ krb5_rc_resolve(krb5_context context, { id->name = strdup(name); if(id->name == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_RC_MALLOC, "malloc: out of memory"); return KRB5_RC_MALLOC; } return 0; @@ -60,13 +60,14 @@ krb5_rc_resolve_type(krb5_context context, { *id = NULL; if(strcmp(type, "FILE")) { - krb5_set_error_string (context, "replay cache type %s not supported", - type); + krb5_set_error_message (context, KRB5_RC_TYPE_NOTFOUND, + "replay cache type %s not supported", + type); return KRB5_RC_TYPE_NOTFOUND; } *id = calloc(1, sizeof(**id)); if(*id == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_RC_MALLOC, "malloc: out of memory"); return KRB5_RC_MALLOC; } return 0; @@ -82,7 +83,8 @@ krb5_rc_resolve_full(krb5_context context, *id = NULL; if(strncmp(string_name, "FILE:", 5)) { - krb5_set_error_string (context, "replay cache type %s not supported", + krb5_set_error_message(context, KRB5_RC_TYPE_NOTFOUND, + "replay cache type %s not supported", string_name); return KRB5_RC_TYPE_NOTFOUND; } @@ -132,7 +134,7 @@ krb5_rc_initialize(krb5_context context, if(f == NULL) { ret = errno; - krb5_set_error_string (context, "open(%s): %s", id->name, + krb5_set_error_message(context, ret, "open(%s): %s", id->name, strerror(ret)); return ret; } @@ -157,7 +159,7 @@ krb5_rc_destroy(krb5_context context, if(remove(id->name) < 0) { ret = errno; - krb5_set_error_string (context, "remove(%s): %s", id->name, + krb5_set_error_message(context, ret, "remove(%s): %s", id->name, strerror(ret)); return ret; } @@ -204,10 +206,11 @@ krb5_rc_store(krb5_context context, f = fopen(id->name, "r"); if(f == NULL) { ret = errno; - krb5_set_error_string (context, "open(%s): %s", id->name, + krb5_set_error_message(context, ret, "open(%s): %s", id->name, strerror(ret)); return ret; } + rk_cloexec_file(f); fread(&tmp, sizeof(ent), 1, f); t = ent.stamp - tmp.stamp; while(fread(&tmp, sizeof(ent), 1, f)){ @@ -222,13 +225,15 @@ krb5_rc_store(krb5_context context, if(ferror(f)){ ret = errno; fclose(f); - krb5_set_error_string (context, "%s: %s", id->name, strerror(ret)); + krb5_set_error_message(context, ret, "%s: %s", + id->name, strerror(ret)); return ret; } fclose(f); f = fopen(id->name, "a"); if(f == NULL) { - krb5_set_error_string (context, "open(%s): %s", id->name, + krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, + "open(%s): %s", id->name, strerror(errno)); return KRB5_RC_IO_UNKNOWN; } @@ -288,7 +293,7 @@ krb5_get_server_rcache(krb5_context context, char *name; if(tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL); @@ -299,7 +304,7 @@ krb5_get_server_rcache(krb5_context context, #endif free(tmp); if(name == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c index 2582a615c0..1ddb5afd1f 100644 --- a/source4/heimdal/lib/krb5/send_to_kdc.c +++ b/source4/heimdal/lib/krb5/send_to_kdc.c @@ -32,8 +32,9 @@ */ #include "krb5_locl.h" +#include "send_to_kdc_plugin.h" -RCSID("$Id: send_to_kdc.c 21934 2007-08-27 14:21:04Z lha $"); +RCSID("$Id: send_to_kdc.c 23448 2008-07-27 12:09:22Z lha $"); struct send_to_kdc { krb5_send_to_kdc_func func; @@ -290,6 +291,7 @@ send_via_proxy (krb5_context context, s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); if (s < 0) continue; + rk_cloexec(s); if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { close (s); continue; @@ -316,6 +318,46 @@ send_via_proxy (krb5_context context, return 1; } +static krb5_error_code +send_via_plugin(krb5_context context, + krb5_krbhst_info *hi, + time_t timeout, + const krb5_data *send_data, + krb5_data *receive) +{ + struct krb5_plugin *list = NULL, *e; + krb5_error_code ret; + + ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, KRB5_PLUGIN_SEND_TO_KDC, &list); + if(ret != 0 || list == NULL) + return KRB5_PLUGIN_NO_HANDLE; + + for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) { + krb5plugin_send_to_kdc_ftable *service; + void *ctx; + + service = _krb5_plugin_get_symbol(e); + if (service->minor_version != 0) + continue; + + (*service->init)(context, &ctx); + ret = (*service->send_to_kdc)(context, ctx, hi, + timeout, send_data, receive); + (*service->fini)(ctx); + if (ret == 0) + break; + if (ret != KRB5_PLUGIN_NO_HANDLE) { + krb5_set_error_message(context, ret, + "Plugin %s failed to lookup with error: %d", + KRB5_PLUGIN_SEND_TO_KDC, ret); + break; + } + } + _krb5_plugin_free(list); + return KRB5_PLUGIN_NO_HANDLE; +} + + /* * Send the data `send' to one host from `handle` and get back the reply * in `receive'. @@ -343,12 +385,19 @@ krb5_sendto (krb5_context context, struct send_to_kdc *s = context->send_to_kdc; ret = (*s->func)(context, s->data, - hi, send_data, receive); + hi, context->kdc_timeout, send_data, receive); if (ret == 0 && receive->length != 0) goto out; continue; } + ret = send_via_plugin(context, hi, context->kdc_timeout, + send_data, receive); + if (ret == 0 && receive->length != 0) + goto out; + else if (ret != KRB5_PLUGIN_NO_HANDLE) + continue; + if(hi->proto == KRB5_KRBHST_HTTP && context->http_proxy) { if (send_via_proxy (context, hi, send_data, receive) == 0) { ret = 0; @@ -365,6 +414,7 @@ krb5_sendto (krb5_context context, fd = socket (a->ai_family, a->ai_socktype, a->ai_protocol); if (fd < 0) continue; + rk_cloexec(fd); if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) { close (fd); continue; @@ -439,7 +489,7 @@ krb5_set_send_to_kdc_func(krb5_context context, context->send_to_kdc = malloc(sizeof(*context->send_to_kdc)); if (context->send_to_kdc == NULL) { - krb5_set_error_string(context, "Out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -460,7 +510,7 @@ krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx) { *ctx = calloc(1, sizeof(**ctx)); if (*ctx == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } return 0; @@ -566,8 +616,8 @@ krb5_sendto_context(krb5_context context, if (handle) krb5_krbhst_free(context, handle); if (ret == KRB5_KDC_UNREACH) - krb5_set_error_string(context, - "unable to reach any KDC in realm %s", realm); + krb5_set_error_message(context, ret, + "unable to reach any KDC in realm %s", realm); if (ret) krb5_data_free(receive); if (freectx) diff --git a/source4/heimdal/lib/krb5/send_to_kdc_plugin.h b/source4/heimdal/lib/krb5/send_to_kdc_plugin.h new file mode 100644 index 0000000000..e0c2979e28 --- /dev/null +++ b/source4/heimdal/lib/krb5/send_to_kdc_plugin.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef HEIMDAL_KRB5_SEND_TO_KDC_PLUGIN_H +#define HEIMDAL_KRB5_SEND_TO_KDC_PLUGIN_H 1 + +#include + +#define KRB5_PLUGIN_SEND_TO_KDC "send_to_kdc" + +typedef krb5_error_code +(*krb5plugin_send_to_kdc_func)(krb5_context, + void *, + krb5_krbhst_info *, + time_t timeout, + const krb5_data *, + krb5_data *); + +typedef struct krb5plugin_send_to_kdc_ftable { + int minor_version; + krb5_error_code (*init)(krb5_context, void **); + void (*fini)(void *); + krb5plugin_send_to_kdc_func send_to_kdc; +} krb5plugin_send_to_kdc_ftable; + +#endif /* HEIMDAL_KRB5_SEND_TO_KDC_PLUGIN_H */ diff --git a/source4/heimdal/lib/krb5/set_default_realm.c b/source4/heimdal/lib/krb5/set_default_realm.c index 98040bc2e9..55abf2ea7d 100644 --- a/source4/heimdal/lib/krb5/set_default_realm.c +++ b/source4/heimdal/lib/krb5/set_default_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: set_default_realm.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id: set_default_realm.c 23309 2008-06-23 03:30:41Z lha $"); /* * Convert the simple string `s' into a NULL-terminated and freshly allocated @@ -46,13 +46,13 @@ string_to_list (krb5_context context, const char *s, krb5_realm **list) *list = malloc (2 * sizeof(**list)); if (*list == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*list)[0] = strdup (s); if ((*list)[0] == NULL) { free (*list); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*list)[1] = NULL; diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c index 7eb4d32fad..5eff64e12d 100644 --- a/source4/heimdal/lib/krb5/ticket.c +++ b/source4/heimdal/lib/krb5/ticket.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: ticket.c 19544 2006-12-28 20:49:18Z lha $"); +RCSID("$Id: ticket.c 23310 2008-06-23 03:30:49Z lha $"); krb5_error_code KRB5_LIB_FUNCTION krb5_free_ticket(krb5_context context, @@ -57,7 +57,7 @@ krb5_copy_ticket(krb5_context context, *to = NULL; tmp = malloc(sizeof(*tmp)); if(tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } if((ret = copy_EncTicketPart(&from->ticket, &tmp->ticket))){ @@ -118,9 +118,10 @@ find_type_in_ad(krb5_context context, int i; if (level > 9) { - krb5_set_error_string(context, "Authorization data nested deeper " - "then %d levels, stop searching", level); ret = ENOENT; /* XXX */ + krb5_set_error_message(context, ret, + "Authorization data nested deeper " + "then %d levels, stop searching", level); goto out; } @@ -133,7 +134,7 @@ find_type_in_ad(krb5_context context, if (!*found && ad->val[i].ad_type == type) { ret = der_copy_octet_string(&ad->val[i].ad_data, data); if (ret) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } *found = TRUE; @@ -147,8 +148,8 @@ find_type_in_ad(krb5_context context, &child, NULL); if (ret) { - krb5_set_error_string(context, "Failed to decode " - "IF_RELEVANT with %d", ret); + krb5_set_error_message(context, ret, "Failed to decode " + "IF_RELEVANT with %d", (int)ret); goto out; } ret = find_type_in_ad(context, type, data, found, FALSE, @@ -167,8 +168,8 @@ find_type_in_ad(krb5_context context, &child, NULL); if (ret) { - krb5_set_error_string(context, "Failed to decode " - "AD_KDCIssued with %d", ret); + krb5_set_error_message(context, ret, "Failed to decode " + "AD_KDCIssued with %d", ret); goto out; } if (failp) { @@ -211,17 +212,17 @@ find_type_in_ad(krb5_context context, case KRB5_AUTHDATA_AND_OR: if (!failp) break; - krb5_set_error_string(context, "Authorization data contains " - "AND-OR element that is unknown to the " - "application"); ret = ENOENT; /* XXX */ + krb5_set_error_message(context, ret, "Authorization data contains " + "AND-OR element that is unknown to the " + "application"); goto out; default: if (!failp) break; - krb5_set_error_string(context, "Authorization data contains " - "unknown type (%d) ", ad->val[i].ad_type); ret = ENOENT; /* XXX */ + krb5_set_error_message(context, ret, "Authorization data contains " + "unknown type (%d) ", ad->val[i].ad_type); goto out; } } @@ -255,7 +256,8 @@ krb5_ticket_get_authorization_data_type(krb5_context context, ad = ticket->ticket.authorization_data; if (ticket->ticket.authorization_data == NULL) { - krb5_set_error_string(context, "Ticket have not authorization data"); + krb5_set_error_message(context, ENOENT, + "Ticket have not authorization data"); return ENOENT; /* XXX */ } @@ -264,8 +266,8 @@ krb5_ticket_get_authorization_data_type(krb5_context context, if (ret) return ret; if (!found) { - krb5_set_error_string(context, "Ticket have not authorization " - "data of type %d", type); + krb5_set_error_message(context, ENOENT, "Ticket have not " + "authorization data of type %d", type); return ENOENT; /* XXX */ } return 0; diff --git a/source4/heimdal/lib/krb5/time.c b/source4/heimdal/lib/krb5/time.c index 4cd992d48f..46f88a86cd 100644 --- a/source4/heimdal/lib/krb5/time.c +++ b/source4/heimdal/lib/krb5/time.c @@ -33,12 +33,20 @@ #include "krb5_locl.h" -RCSID("$Id: time.c 14308 2004-10-13 17:57:11Z lha $"); +RCSID("$Id: time.c 23260 2008-06-21 15:22:37Z lha $"); -/* +/** * Set the absolute time that the caller knows the kdc has so the * kerberos library can calculate the relative diffrence beteen the * KDC time and local system time. + * + * @param context Keberos 5 context. + * @param sec The applications new of "now" in seconds + * @param usec The applications new of "now" in micro seconds + + * @return Kerberos 5 error code, see krb5_get_error_message(). + * + * @ingroup krb5 */ krb5_error_code KRB5_LIB_FUNCTION @@ -51,12 +59,21 @@ krb5_set_real_time (krb5_context context, gettimeofday(&tv, NULL); context->kdc_sec_offset = sec - tv.tv_sec; - context->kdc_usec_offset = usec - tv.tv_usec; - if (context->kdc_usec_offset < 0) { - context->kdc_sec_offset--; - context->kdc_usec_offset += 1000000; - } + /** + * If the caller passes in a negative usec, its assumed to be + * unknown and the function will use the current time usec. + */ + if (usec >= 0) { + context->kdc_usec_offset = usec - tv.tv_usec; + + if (context->kdc_usec_offset < 0) { + context->kdc_sec_offset--; + context->kdc_usec_offset += 1000000; + } + } else + context->kdc_usec_offset = tv.tv_usec; + return 0; } diff --git a/source4/heimdal/lib/krb5/transited.c b/source4/heimdal/lib/krb5/transited.c index 9b67ecc04f..58b00a4b7a 100644 --- a/source4/heimdal/lib/krb5/transited.c +++ b/source4/heimdal/lib/krb5/transited.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c 21745 2007-07-31 16:11:25Z lha $"); +RCSID("$Id: transited.c 23316 2008-06-23 04:32:32Z lha $"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead @@ -88,7 +88,7 @@ make_path(krb5_context context, struct tr_realm *r, break; tmp = calloc(1, sizeof(*tmp)); if(tmp == NULL){ - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } tmp->next = path; @@ -96,7 +96,7 @@ make_path(krb5_context context, struct tr_realm *r, path->realm = strdup(p); if(path->realm == NULL){ r->next = path; /* XXX */ - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM;; } } @@ -112,7 +112,7 @@ make_path(krb5_context context, struct tr_realm *r, break; tmp = calloc(1, sizeof(*tmp)); if(tmp == NULL){ - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } tmp->next = path; @@ -120,7 +120,7 @@ make_path(krb5_context context, struct tr_realm *r, path->realm = malloc(p - from + 1); if(path->realm == NULL){ r->next = path; /* XXX */ - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy(path->realm, from, p - from); @@ -186,7 +186,7 @@ expand_realms(krb5_context context, tmp = realloc(r->realm, len); if(tmp == NULL){ free_realms(realms); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } r->realm = tmp; @@ -200,7 +200,7 @@ expand_realms(krb5_context context, tmp = malloc(len); if(tmp == NULL){ free_realms(realms); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } strlcpy(tmp, prev_realm, len); @@ -286,7 +286,7 @@ decode_realms(krb5_context context, if(tr[i] == ','){ tmp = malloc(tr + i - start + 1); if(tmp == NULL){ - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy(tmp, start, tr + i - start); @@ -294,7 +294,7 @@ decode_realms(krb5_context context, r = make_realm(tmp); if(r == NULL){ free_realms(*realms); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } *realms = append_realm(*realms, r); @@ -304,7 +304,7 @@ decode_realms(krb5_context context, tmp = malloc(tr + i - start + 1); if(tmp == NULL){ free(*realms); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy(tmp, start, tr + i - start); @@ -312,7 +312,7 @@ decode_realms(krb5_context context, r = make_realm(tmp); if(r == NULL){ free_realms(*realms); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } *realms = append_realm(*realms, r); @@ -323,7 +323,7 @@ decode_realms(krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_domain_x500_decode(krb5_context context, - krb5_data tr, char ***realms, int *num_realms, + krb5_data tr, char ***realms, unsigned int *num_realms, const char *client_realm, const char *server_realm) { struct tr_realm *r = NULL; @@ -385,11 +385,12 @@ krb5_domain_x500_decode(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding) +krb5_domain_x500_encode(char **realms, unsigned int num_realms, + krb5_data *encoding) { char *s = NULL; int len = 0; - int i; + unsigned int i; krb5_data_zero(encoding); if (num_realms == 0) return 0; @@ -420,7 +421,7 @@ krb5_check_transited(krb5_context context, krb5_const_realm client_realm, krb5_const_realm server_realm, krb5_realm *realms, - int num_realms, + unsigned int num_realms, int *bad_realm) { char **tr_realms; @@ -442,8 +443,9 @@ krb5_check_transited(krb5_context context, } if(p == NULL || *p == NULL) { krb5_config_free_strings(tr_realms); - krb5_set_error_string (context, "no transit through realm %s", - realms[i]); + krb5_set_error_message (context, KRB5KRB_AP_ERR_ILL_CR_TKT, + "no transit through realm %s", + realms[i]); if(bad_realm) *bad_realm = i; return KRB5KRB_AP_ERR_ILL_CR_TKT; @@ -456,7 +458,7 @@ krb5_check_transited(krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_check_transited_realms(krb5_context context, const char *const *realms, - int num_realms, + unsigned int num_realms, int *bad_realm) { int i; @@ -472,9 +474,9 @@ krb5_check_transited_realms(krb5_context context, char **p; for(p = bad_realms; *p; p++) if(strcmp(*p, realms[i]) == 0) { - krb5_set_error_string (context, "no transit through realm %s", - *p); ret = KRB5KRB_AP_ERR_ILL_CR_TKT; + krb5_set_error_message (context, ret, + "no transit through realm %s", *p); if(bad_realm) *bad_realm = i; break; diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c index 37b1e35dd1..55570c44dd 100644 --- a/source4/heimdal/lib/krb5/v4_glue.c +++ b/source4/heimdal/lib/krb5/v4_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: v4_glue.c 22071 2007-11-14 20:04:50Z lha $"); +RCSID("$Id: v4_glue.c 23452 2008-07-27 12:10:54Z lha $"); #include "krb5-v4compat.h" @@ -147,7 +147,7 @@ write_v4_cc(krb5_context context, const char *tkfile, ret = get_krb4_cc_name(tkfile, &path); if (ret) { - krb5_set_error_string(context, + krb5_set_error_message(context, ret, "krb5_krb_tf_setup: failed getting " "the krb4 credentials cache name"); return ret; @@ -156,15 +156,16 @@ write_v4_cc(krb5_context context, const char *tkfile, fd = open(path, O_WRONLY|O_CREAT, 0600); if (fd < 0) { ret = errno; - krb5_set_error_string(context, + krb5_set_error_message(context, ret, "krb5_krb_tf_setup: error opening file %s", path); free(path); return ret; } + rk_cloexec(fd); if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) { - krb5_set_error_string(context, + krb5_set_error_message(context, ret, "krb5_krb_tf_setup: tktfile %s is not a file", path); free(path); @@ -179,9 +180,9 @@ write_v4_cc(krb5_context context, const char *tkfile, break; } if (i == KRB5_TF_LCK_RETRY_COUNT) { - krb5_set_error_string(context, - "krb5_krb_tf_setup: failed to lock %s", - path); + krb5_set_error_message(context, KRB5_FCC_PERM, + "krb5_krb_tf_setup: failed to lock %s", + path); free(path); close(fd); return KRB5_FCC_PERM; @@ -191,9 +192,9 @@ write_v4_cc(krb5_context context, const char *tkfile, ret = ftruncate(fd, 0); if (ret < 0) { flock(fd, LOCK_UN); - krb5_set_error_string(context, - "krb5_krb_tf_setup: failed to truncate %s", - path); + krb5_set_error_message(context, KRB5_FCC_PERM, + "krb5_krb_tf_setup: failed to truncate %s", + path); free(path); close(fd); return KRB5_FCC_PERM; @@ -291,7 +292,7 @@ _krb5_krb_dest_tkt(krb5_context context, const char *tkfile) ret = get_krb4_cc_name(tkfile, &path); if (ret) { - krb5_set_error_string(context, + krb5_set_error_message(context, ret, "krb5_krb_tf_setup: failed getting " "the krb4 credentials cache name"); return ret; @@ -299,7 +300,7 @@ _krb5_krb_dest_tkt(krb5_context context, const char *tkfile) if (unlink(path) < 0) { ret = errno; - krb5_set_error_string(context, + krb5_set_error_message(context, ret, "krb5_krb_dest_tkt failed removing the cache " "with error %s", strerror(ret)); } @@ -421,7 +422,7 @@ _krb5_krb_create_ticket(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); @@ -448,7 +449,7 @@ _krb5_krb_create_ticket(krb5_context context, error: krb5_storage_free(sp); if (ret) - krb5_set_error_string(context, "Failed to encode kerberos 4 ticket"); + krb5_set_error_message(context, ret, "Failed to encode kerberos 4 ticket"); return ret; } @@ -477,7 +478,7 @@ _krb5_krb_create_ciph(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); @@ -507,7 +508,7 @@ _krb5_krb_create_ciph(krb5_context context, error: krb5_storage_free(sp); if (ret) - krb5_set_error_string(context, "Failed to encode kerberos 4 ticket"); + krb5_set_error_message(context, ret, "Failed to encode kerberos 4 ticket"); return ret; } @@ -535,7 +536,7 @@ _krb5_krb_create_auth_reply(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); @@ -559,7 +560,7 @@ _krb5_krb_create_auth_reply(krb5_context context, error: krb5_storage_free(sp); if (ret) - krb5_set_error_string(context, "Failed to encode kerberos 4 ticket"); + krb5_set_error_message(context, ret, "Failed to encode kerberos 4 ticket"); return ret; } @@ -590,7 +591,7 @@ _krb5_krb_cr_err_reply(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); @@ -610,7 +611,7 @@ _krb5_krb_cr_err_reply(krb5_context context, error: krb5_storage_free(sp); if (ret) - krb5_set_error_string(context, "Failed to encode kerberos 4 error"); + krb5_set_error_message(context, ret, "Failed to encode kerberos 4 error"); return 0; } @@ -661,7 +662,7 @@ _krb5_krb_decomp_ticket(krb5_context context, sp = krb5_storage_from_data(&ticket); if (sp == NULL) { krb5_data_free(&ticket); - krb5_set_error_string(context, "alloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "alloc: out of memory"); return ENOMEM; } @@ -720,7 +721,7 @@ _krb5_krb_decomp_ticket(krb5_context context, *sinstance = NULL; } _krb5_krb_free_auth_data(context, ad); - krb5_set_error_string(context, "Failed to decode v4 ticket"); + krb5_set_error_message(context, ret, "Failed to decode v4 ticket"); } return ret; } @@ -769,7 +770,7 @@ _krb5_krb_rd_req(krb5_context context, sp = krb5_storage_from_data(authent); if (sp == NULL) { - krb5_set_error_string(context, "alloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "alloc: out of memory"); return ENOMEM; } @@ -777,19 +778,19 @@ _krb5_krb_rd_req(krb5_context context, ret = krb5_ret_int8(sp, &pvno); if (ret) { - krb5_set_error_string(context, "Failed reading v4 pvno"); + krb5_set_error_message(context, ret, "Failed reading v4 pvno"); goto error; } if (pvno != KRB_PROT_VERSION) { ret = KRB4ET_RD_AP_VERSION; - krb5_set_error_string(context, "Failed v4 pvno not 4"); + krb5_set_error_message(context, ret, "Failed v4 pvno not 4"); goto error; } ret = krb5_ret_int8(sp, &type); if (ret) { - krb5_set_error_string(context, "Failed readin v4 type"); + krb5_set_error_message(context, ret, "Failed readin v4 type"); goto error; } @@ -798,7 +799,7 @@ _krb5_krb_rd_req(krb5_context context, if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) { ret = KRB4ET_RD_AP_MSG_TYPE; - krb5_set_error_string(context, "Not a valid v4 request type"); + krb5_set_error_message(context, ret, "Not a valid v4 request type"); goto error; } @@ -811,7 +812,7 @@ _krb5_krb_rd_req(krb5_context context, size = krb5_storage_read(sp, ticket.data, ticket.length); if (size != ticket.length) { ret = KRB4ET_INTK_PROT; - krb5_set_error_string(context, "Failed reading v4 ticket"); + krb5_set_error_message(context, ret, "Failed reading v4 ticket"); goto error; } @@ -826,7 +827,7 @@ _krb5_krb_rd_req(krb5_context context, size = krb5_storage_read(sp, eaut.data, eaut.length); if (size != eaut.length) { ret = KRB4ET_INTK_PROT; - krb5_set_error_string(context, "Failed reading v4 authenticator"); + krb5_set_error_message(context, ret, "Failed reading v4 authenticator"); goto error; } @@ -840,7 +841,7 @@ _krb5_krb_rd_req(krb5_context context, sp = krb5_storage_from_data(&aut); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "alloc: out of memory"); + krb5_set_error_message(context, ret, "alloc: out of memory"); goto error; } @@ -860,14 +861,14 @@ _krb5_krb_rd_req(krb5_context context, if (strcmp(ad->pname, r_name) != 0 || strcmp(ad->pinst, r_instance) != 0 || strcmp(ad->prealm, r_realm) != 0) { - krb5_set_error_string(context, "v4 principal mismatch"); ret = KRB4ET_RD_AP_INCON; + krb5_set_error_message(context, ret, "v4 principal mismatch"); goto error; } if (from_addr && ad->address && from_addr != ad->address) { - krb5_set_error_string(context, "v4 bad address in ticket"); ret = KRB4ET_RD_AP_BADD; + krb5_set_error_message(context, ret, "v4 bad address in ticket"); goto error; } @@ -875,7 +876,7 @@ _krb5_krb_rd_req(krb5_context context, delta_t = abs((int)(tv.tv_sec - r_time_sec)); if (delta_t > CLOCK_SKEW) { ret = KRB4ET_RD_AP_TIME; - krb5_set_error_string(context, "v4 clock skew"); + krb5_set_error_message(context, ret, "v4 clock skew"); goto error; } @@ -885,13 +886,13 @@ _krb5_krb_rd_req(krb5_context context, if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) { ret = KRB4ET_RD_AP_NYV; - krb5_set_error_string(context, "v4 clock skew for expiration"); + krb5_set_error_message(context, ret, "v4 clock skew for expiration"); goto error; } if (tv.tv_sec > _krb5_krb_life_to_time(ad->time_sec, ad->life)) { ret = KRB4ET_RD_AP_EXP; - krb5_set_error_string(context, "v4 ticket expired"); + krb5_set_error_message(context, ret, "v4 ticket expired"); goto error; } diff --git a/source4/heimdal/lib/krb5/warn.c b/source4/heimdal/lib/krb5/warn.c index 85f143b8b4..97a6cc9e0a 100644 --- a/source4/heimdal/lib/krb5/warn.c +++ b/source4/heimdal/lib/krb5/warn.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: warn.c 19086 2006-11-21 08:06:40Z lha $"); +RCSID("$Id: warn.c 23206 2008-05-29 02:13:41Z lha $"); static krb5_error_code _warnerr(krb5_context context, int do_errtext, krb5_error_code code, int level, const char *fmt, va_list ap) @@ -47,7 +47,7 @@ _warnerr(krb5_context context, int do_errtext, char xfmt[7] = ""; const char *args[2], **arg; char *msg = NULL; - char *err_str = NULL; + const char *err_str = NULL; args[0] = args[1] = NULL; arg = args; @@ -65,7 +65,7 @@ _warnerr(krb5_context context, int do_errtext, strlcat(xfmt, "%s", sizeof(xfmt)); - err_str = krb5_get_error_string(context); + err_str = krb5_get_error_message(context, code); if (err_str != NULL) { *arg++ = err_str; } else { @@ -82,7 +82,7 @@ _warnerr(krb5_context context, int do_errtext, else warnx(xfmt, args[0], args[1]); free(msg); - free(err_str); + krb5_free_error_message(context, err_str); return 0; } diff --git a/source4/heimdal/lib/ntlm/ntlm.c b/source4/heimdal/lib/ntlm/ntlm.c index f3dccfaca1..d3309824b5 100644 --- a/source4/heimdal/lib/ntlm/ntlm.c +++ b/source4/heimdal/lib/ntlm/ntlm.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: ntlm.c 22370 2007-12-28 16:12:01Z lha $"); +RCSID("$Id: ntlm.c 23169 2008-05-22 02:52:07Z lha $"); #include #include @@ -68,7 +68,7 @@ RCSID("$Id: ntlm.c 22370 2007-12-28 16:12:01Z lha $"); * Heimdal to implement and GSS-API mechanism. There is also support * in the KDC to do remote digest authenticiation, this to allow * services to authenticate users w/o direct access to the users ntlm - * hashes (same as Kerberos arcfour enctype hashes). + * hashes (same as Kerberos arcfour enctype keys). * * More information about the NTLM protocol can found here * http://davenport.sourceforge.net/ntlm.html . @@ -876,7 +876,7 @@ splitandenc(unsigned char *hash, ((unsigned char*)key)[7] = (hash[6] << 1); DES_set_odd_parity(&key); - DES_set_key(&key, &sched); + DES_set_key_unchecked(&key, &sched); DES_ecb_encrypt((DES_cblock *)challange, (DES_cblock *)answer, &sched, 1); memset(&sched, 0, sizeof(sched)); memset(key, 0, sizeof(key)); diff --git a/source4/heimdal/lib/roken/dumpdata.c b/source4/heimdal/lib/roken/dumpdata.c index c445bfa361..81fd127296 100644 --- a/source4/heimdal/lib/roken/dumpdata.c +++ b/source4/heimdal/lib/roken/dumpdata.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: dumpdata.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id: dumpdata.c 23412 2008-07-26 18:34:23Z lha $"); #endif #include @@ -55,3 +55,45 @@ rk_dumpdata (const char *filename, const void *buf, size_t size) net_write(fd, buf, size); close(fd); } + +/* + * Read all data from a filename, care about errors. + */ + +int ROKEN_LIB_FUNCTION +rk_undumpdata(const char *filename, void **buf, size_t *size) +{ + struct stat sb; + int fd, ret; + ssize_t sret; + + *buf = NULL; + + fd = open(filename, O_RDONLY, 0); + if (fd < 0) + return errno; + if (fstat(fd, &sb) != 0){ + ret = errno; + goto out; + } + *buf = malloc(sb.st_size); + if (*buf == NULL) { + ret = ENOMEM; + goto out; + } + *size = sb.st_size; + + sret = net_read(fd, *buf, *size); + if (sret < 0) + ret = errno; + else if (sret != *size) { + ret = EINVAL; + free(*buf); + *buf = NULL; + } else + ret = 0; + + out: + close(fd); + return ret; +} diff --git a/source4/heimdal/lib/roken/err.hin b/source4/heimdal/lib/roken/err.hin index fcae879279..2f1232d3e7 100644 --- a/source4/heimdal/lib/roken/err.hin +++ b/source4/heimdal/lib/roken/err.hin @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: err.hin,v 1.18 2005/04/12 11:28:38 lha Exp $ */ +/* $Id: err.hin 14773 2005-04-12 11:29:18Z lha $ */ #ifndef __ERR_H__ #define __ERR_H__ diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c index a8778fda57..bf064e8aae 100644 --- a/source4/heimdal/lib/roken/resolve.c +++ b/source4/heimdal/lib/roken/resolve.c @@ -45,7 +45,7 @@ #include -RCSID("$Id: resolve.c 19869 2007-01-12 16:03:14Z lha $"); +RCSID("$Id: resolve.c 22873 2008-04-07 18:50:39Z lha $"); #ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */ #undef HAVE_RES_NSEARCH @@ -128,7 +128,8 @@ parse_record(const unsigned char *data, const unsigned char *end_data, const unsigned char **pp, struct resource_record **ret_rr) { struct resource_record *rr; - int type, class, ttl, size; + int type, class, ttl; + unsigned size; int status; char host[MAXDNAME]; const unsigned char *p = *pp; diff --git a/source4/heimdal/lib/roken/roken-common.h b/source4/heimdal/lib/roken/roken-common.h index b835e880a2..f943202c45 100644 --- a/source4/heimdal/lib/roken/roken-common.h +++ b/source4/heimdal/lib/roken/roken-common.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: roken-common.h 20867 2007-06-03 21:00:45Z lha $ */ +/* $Id: roken-common.h 23468 2008-07-27 12:16:56Z lha $ */ #ifndef __ROKEN_COMMON_H__ #define __ROKEN_COMMON_H__ @@ -400,6 +400,19 @@ rk_strpoolfree(struct rk_strpool *); void ROKEN_LIB_FUNCTION rk_dumpdata (const char *, const void *, size_t); +int ROKEN_LIB_FUNCTION +rk_undumpdata (const char *, void **, size_t *); + +void ROKEN_LIB_FUNCTION +rk_xfree (void *); + +void ROKEN_LIB_FUNCTION +rk_cloexec(int); + +void ROKEN_LIB_FUNCTION +rk_cloexec_file(FILE *); + + ROKEN_CPP_END #endif /* __ROKEN_COMMON_H__ */ diff --git a/source4/heimdal/lib/roken/roken.h.in b/source4/heimdal/lib/roken/roken.h.in index 82473d7053..cf2ee9ed7b 100644 --- a/source4/heimdal/lib/roken/roken.h.in +++ b/source4/heimdal/lib/roken/roken.h.in @@ -32,7 +32,7 @@ * SUCH DAMAGE. */ -/* $Id: roken.h.in,v 1.182 2006/10/19 16:35:16 lha Exp $ */ +/* $Id: roken.h.in 18612 2006-10-19 16:35:16Z lha $ */ #include #include diff --git a/source4/heimdal/lib/roken/vis.hin b/source4/heimdal/lib/roken/vis.hin index b7a6f3ceff..224870b00a 100644 --- a/source4/heimdal/lib/roken/vis.hin +++ b/source4/heimdal/lib/roken/vis.hin @@ -1,5 +1,5 @@ /* $NetBSD: vis.h,v 1.11 1999/11/25 16:55:50 wennmach Exp $ */ -/* $Id: vis.hin,v 1.7 2006/12/15 11:53:09 lha Exp $ */ +/* $Id: vis.hin 19341 2006-12-15 11:53:09Z lha $ */ /*- * Copyright (c) 1990, 1993 diff --git a/source4/heimdal/lib/wind/stringprep.c b/source4/heimdal/lib/wind/stringprep.c index 0beba76384..7c28fdae1f 100644 --- a/source4/heimdal/lib/wind/stringprep.c +++ b/source4/heimdal/lib/wind/stringprep.c @@ -36,10 +36,10 @@ #endif #include "windlocl.h" #include -#include +#include #include -RCSID("$Id: stringprep.c 22593 2008-02-12 11:58:01Z lha $"); +RCSID("$Id: stringprep.c 23063 2008-04-21 11:18:04Z lha $"); /** * Process a input UCS4 string according a string-prep profile. diff --git a/source4/heimdal/lib/wind/utf8.c b/source4/heimdal/lib/wind/utf8.c index c49e80522e..544e0fe00d 100644 --- a/source4/heimdal/lib/wind/utf8.c +++ b/source4/heimdal/lib/wind/utf8.c @@ -36,7 +36,68 @@ #endif #include "windlocl.h" -RCSID("$Id: utf8.c 22572 2008-02-05 20:22:39Z lha $"); +RCSID("$Id: utf8.c 23246 2008-06-01 22:29:04Z lha $"); + +static int +utf8toutf32(const unsigned char **pp, uint32_t *out) +{ + const unsigned char *p = *pp; + unsigned c = *p; + + if (c & 0x80) { + if ((c & 0xE0) == 0xC0) { + const unsigned c2 = *++p; + if ((c2 & 0xC0) == 0x80) { + *out = ((c & 0x1F) << 6) + | (c2 & 0x3F); + } else { + return WIND_ERR_INVALID_UTF8; + } + } else if ((c & 0xF0) == 0xE0) { + const unsigned c2 = *++p; + if ((c2 & 0xC0) == 0x80) { + const unsigned c3 = *++p; + if ((c3 & 0xC0) == 0x80) { + *out = ((c & 0x0F) << 12) + | ((c2 & 0x3F) << 6) + | (c3 & 0x3F); + } else { + return WIND_ERR_INVALID_UTF8; + } + } else { + return WIND_ERR_INVALID_UTF8; + } + } else if ((c & 0xF8) == 0xF0) { + const unsigned c2 = *++p; + if ((c2 & 0xC0) == 0x80) { + const unsigned c3 = *++p; + if ((c3 & 0xC0) == 0x80) { + const unsigned c4 = *++p; + if ((c4 & 0xC0) == 0x80) { + *out = ((c & 0x07) << 18) + | ((c2 & 0x3F) << 12) + | ((c3 & 0x3F) << 6) + | (c4 & 0x3F); + } else { + return WIND_ERR_INVALID_UTF8; + } + } else { + return WIND_ERR_INVALID_UTF8; + } + } else { + return WIND_ERR_INVALID_UTF8; + } + } else { + return WIND_ERR_INVALID_UTF8; + } + } else { + *out = c; + } + + *pp = p; + + return 0; +} /** * Convert an UTF-8 string to an UCS4 string. @@ -59,60 +120,15 @@ wind_utf8ucs4(const char *in, uint32_t *out, size_t *out_len) { const unsigned char *p; size_t o = 0; + int ret; for (p = (const unsigned char *)in; *p != '\0'; ++p) { - unsigned c = *p; uint32_t u; - if (c & 0x80) { - if ((c & 0xE0) == 0xC0) { - const unsigned c2 = *++p; - if ((c2 & 0xC0) == 0x80) { - u = ((c & 0x1F) << 6) - | (c2 & 0x3F); - } else { - return WIND_ERR_INVALID_UTF8; - } - } else if ((c & 0xF0) == 0xE0) { - const unsigned c2 = *++p; - if ((c2 & 0xC0) == 0x80) { - const unsigned c3 = *++p; - if ((c3 & 0xC0) == 0x80) { - u = ((c & 0x0F) << 12) - | ((c2 & 0x3F) << 6) - | (c3 & 0x3F); - } else { - return WIND_ERR_INVALID_UTF8; - } - } else { - return WIND_ERR_INVALID_UTF8; - } - } else if ((c & 0xF8) == 0xF0) { - const unsigned c2 = *++p; - if ((c2 & 0xC0) == 0x80) { - const unsigned c3 = *++p; - if ((c3 & 0xC0) == 0x80) { - const unsigned c4 = *++p; - if ((c4 & 0xC0) == 0x80) { - u = ((c & 0x07) << 18) - | ((c2 & 0x3F) << 12) - | ((c3 & 0x3F) << 6) - | (c4 & 0x3F); - } else { - return WIND_ERR_INVALID_UTF8; - } - } else { - return WIND_ERR_INVALID_UTF8; - } - } else { - return WIND_ERR_INVALID_UTF8; - } - } else { - return WIND_ERR_INVALID_UTF8; - } - } else { - u = c; - } + ret = utf8toutf32(&p, &u); + if (ret) + return ret; + if (out) { if (o >= *out_len) return WIND_ERR_OVERRUN; @@ -364,6 +380,67 @@ wind_ucs2write(const uint16_t *in, size_t in_len, unsigned int *flags, } +/** + * Convert an UTF-8 string to an UCS2 string. + * + * @param in an UTF-8 string to convert. + * @param out the resulting UCS2 strint, must be at least + * wind_utf8ucs2_length() long. If out is NULL, the function will + * calculate the needed space for the out variable (just like + * wind_utf8ucs2_length()). + * @param out_len before processing out_len should be the length of + * the out variable, after processing it will be the length of the out + * string. + * + * @return returns 0 on success, an wind error code otherwise + * @ingroup wind + */ + +int +wind_utf8ucs2(const char *in, uint16_t *out, size_t *out_len) +{ + const unsigned char *p; + size_t o = 0; + int ret; + + for (p = (const unsigned char *)in; *p != '\0'; ++p) { + uint32_t u; + + ret = utf8toutf32(&p, &u); + if (ret) + return ret; + + if (u & 0xffff0000) + return WIND_ERR_NOT_UTF16; + + if (out) { + if (o >= *out_len) + return WIND_ERR_OVERRUN; + out[o] = u; + } + o++; + } + *out_len = o; + return 0; +} + +/** + * Calculate the length of from converting a UTF-8 string to a UCS2 + * string. + * + * @param in an UTF-8 string to convert. + * @param out_len the length of the resulting UCS4 string. + * + * @return returns 0 on success, an wind error code otherwise + * @ingroup wind + */ + +int +wind_utf8ucs2_length(const char *in, size_t *out_len) +{ + return wind_utf8ucs2(in, NULL, out_len); +} + /** * Convert an UCS2 string to a UTF-8 string. * diff --git a/source4/heimdal/lib/wind/wind.h b/source4/heimdal/lib/wind/wind.h index 6921b619f5..3120e87da5 100644 --- a/source4/heimdal/lib/wind/wind.h +++ b/source4/heimdal/lib/wind/wind.h @@ -31,13 +31,13 @@ * SUCH DAMAGE. */ -/* $Id: wind.h 22595 2008-02-12 11:59:05Z lha $ */ +/* $Id: wind.h 23233 2008-06-01 22:25:25Z lha $ */ #ifndef _WIND_H_ #define _WIND_H_ #include -#include +#include #include @@ -58,9 +58,9 @@ typedef unsigned int wind_profile_flags; #define WIND_RW_BE 2 #define WIND_RW_BOM 4 -int wind_stringprep(const unsigned *in, size_t in_len, - unsigned *out, size_t *out_len, - wind_profile_flags flags); +int wind_stringprep(const uint32_t *, size_t, + uint32_t *, size_t *, + wind_profile_flags); int wind_profile(const char *, wind_profile_flags *); int wind_punycode_label_toascii(const uint32_t *, size_t, @@ -72,6 +72,9 @@ int wind_utf8ucs4_length(const char *, size_t *); int wind_ucs4utf8(const uint32_t *, size_t, char *, size_t *); int wind_ucs4utf8_length(const uint32_t *, size_t, size_t *); +int wind_utf8ucs2(const char *, uint16_t *, size_t *); +int wind_utf8ucs2_length(const char *, size_t *); + int wind_ucs2utf8(const uint16_t *, size_t, char *, size_t *); int wind_ucs2utf8_length(const uint16_t *, size_t, size_t *); diff --git a/source4/heimdal/lib/wind/wind_err.et b/source4/heimdal/lib/wind/wind_err.et index 025c402790..65bdff992f 100644 --- a/source4/heimdal/lib/wind/wind_err.et +++ b/source4/heimdal/lib/wind/wind_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: wind_err.et 22559 2008-02-03 16:35:07Z lha $" +id "$Id: wind_err.et 23233 2008-06-01 22:25:25Z lha $" error_table wind @@ -18,5 +18,6 @@ error_code INVALID_UTF8, "Invalid UTF-8 combination in string" error_code INVALID_UTF16, "Invalid UTF-16 combination in string" error_code INVALID_UTF32, "Invalid UTF-32 combination in string" error_code NO_BOM, "No byte order mark (BOM) in string" +error_code NOT_UTF16, "Code can't be represented as UTF-16" end diff --git a/source4/heimdal/lib/wind/windlocl.h b/source4/heimdal/lib/wind/windlocl.h index 02e8c46481..009a4ae94a 100644 --- a/source4/heimdal/lib/wind/windlocl.h +++ b/source4/heimdal/lib/wind/windlocl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: windlocl.h 22582 2008-02-11 20:43:50Z lha $ */ +/* $Id: windlocl.h 23187 2008-05-23 15:04:07Z lha $ */ #ifndef _WINDLOCL_H_ #define _WINDLOCL_H_ @@ -40,6 +40,8 @@ #include #endif +#include + #include "wind.h" #include "wind_err.h" -- cgit From 9f5325ce394d4c6cae0d13cb9c3ddf87258ce5a9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 1 Aug 2008 17:21:57 +0200 Subject: heimdal: add missing file heimdal/lib/gssapi/mech/gss_pseudo_random.c metze (This used to be commit 3bd7e68a5cfe80733782367e327b570d04b21586) --- .../heimdal/lib/gssapi/mech/gss_pseudo_random.c | 69 ++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 source4/heimdal/lib/gssapi/mech/gss_pseudo_random.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/mech/gss_pseudo_random.c b/source4/heimdal/lib/gssapi/mech/gss_pseudo_random.c new file mode 100644 index 0000000000..ba027cb95a --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_pseudo_random.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: gss_pseudo_random.c 23025 2008-04-17 10:01:57Z lha $ */ + +#include "mech_locl.h" +RCSID("$Id: gss_pseudo_random.c 23025 2008-04-17 10:01:57Z lha $"); + +OM_uint32 GSSAPI_LIB_FUNCTION +gss_pseudo_random(OM_uint32 *minor_status, + gss_ctx_id_t context, + int prf_key, + const gss_buffer_t prf_in, + ssize_t desired_output_len, + gss_buffer_t prf_out) +{ + struct _gss_context *ctx = (struct _gss_context *) context; + gssapi_mech_interface m = ctx->gc_mech; + OM_uint32 major_status; + + _mg_buffer_zero(prf_out); + *minor_status = 0; + + if (ctx == NULL) { + *minor_status = 0; + return GSS_S_NO_CONTEXT; + } + + if (m->gm_pseudo_random == NULL) + return GSS_S_UNAVAILABLE; + + major_status = (*m->gm_pseudo_random)(minor_status, ctx->gc_ctx, + prf_key, prf_in, desired_output_len, + prf_out); + if (major_status != GSS_S_COMPLETE) + _gss_mg_error(m, major_status, *minor_status); + + return major_status; +} -- cgit From 86c9db8d4a3b485f25616282b96646446773b079 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 1 Aug 2008 17:49:07 +0200 Subject: heimdal: add missing files metze (This used to be commit b395cd7acdb3ca5b25368fbbad0606efe4699d04) --- source4/heimdal/lib/roken/cloexec.c | 60 +++++++++++++++++++++++++++++++++++++ source4/heimdal/lib/roken/xfree.c | 47 +++++++++++++++++++++++++++++ 2 files changed, 107 insertions(+) create mode 100644 source4/heimdal/lib/roken/cloexec.c create mode 100644 source4/heimdal/lib/roken/xfree.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/roken/cloexec.c b/source4/heimdal/lib/roken/cloexec.c new file mode 100644 index 0000000000..6308daa1db --- /dev/null +++ b/source4/heimdal/lib/roken/cloexec.c @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id$"); +#endif + +#include +#include + +#include + +void ROKEN_LIB_FUNCTION +rk_cloexec(int fd) +{ + int ret; + + ret = fcntl(fd, F_GETFD); + if (ret == -1) + return; + if (fcntl(fd, F_SETFD, ret | FD_CLOEXEC) == -1) + return; +} + +void ROKEN_LIB_FUNCTION +rk_cloexec_file(FILE *f) +{ + rk_cloexec(fileno(f)); +} diff --git a/source4/heimdal/lib/roken/xfree.c b/source4/heimdal/lib/roken/xfree.c new file mode 100644 index 0000000000..7bc21af0b8 --- /dev/null +++ b/source4/heimdal/lib/roken/xfree.c @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id$"); +#endif + +#include + +#include + +void ROKEN_LIB_FUNCTION +rk_xfree (void *buf) +{ + free(buf); +} -- cgit From 4ad02f51857322b3d63b435f1e3ea60ead2e1993 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 25 Jul 2008 13:11:46 +0200 Subject: gsskrb5: add support for DCE_STYLE and des and des3 keys Only the des keys are tested as windows doesn't support des3 metze (This used to be commit 86848dd0f217774faed81af8fbf68618013e20a1) --- source4/heimdal/lib/gssapi/krb5/unwrap.c | 52 +++++++++++++++++++++++--------- source4/heimdal/lib/gssapi/krb5/wrap.c | 34 ++++++++++++++++----- 2 files changed, 64 insertions(+), 22 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/krb5/unwrap.c b/source4/heimdal/lib/gssapi/krb5/unwrap.c index eec4078a70..c287469e96 100644 --- a/source4/heimdal/lib/gssapi/krb5/unwrap.c +++ b/source4/heimdal/lib/gssapi/krb5/unwrap.c @@ -59,10 +59,17 @@ unwrap_des OM_uint32 ret; int cstate; int cmp; + int token_len; + + if (IS_DCE_STYLE(context_handle)) { + token_len = 22 + 8 + 15; /* 45 */ + } else { + token_len = input_message_buffer->length; + } p = input_message_buffer->value; ret = _gsskrb5_verify_header (&p, - input_message_buffer->length, + token_len, "\x02\x01", GSS_KRB5_MECHANISM); if (ret) @@ -105,12 +112,17 @@ unwrap_des memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); } - /* check pad */ - ret = _gssapi_verify_pad(input_message_buffer, - input_message_buffer->length - len, - &padlength); - if (ret) - return ret; + + if (IS_DCE_STYLE(context_handle)) { + padlength = 0; + } else { + /* check pad */ + ret = _gssapi_verify_pad(input_message_buffer, + input_message_buffer->length - len, + &padlength); + if (ret) + return ret; + } MD5_Init (&md5); MD5_Update (&md5, p - 24, 8); @@ -195,10 +207,17 @@ unwrap_des3 krb5_crypto crypto; Checksum csum; int cmp; + int token_len; + + if (IS_DCE_STYLE(context_handle)) { + token_len = 34 + 8 + 15; /* 57 */ + } else { + token_len = input_message_buffer->length; + } p = input_message_buffer->value; ret = _gsskrb5_verify_header (&p, - input_message_buffer->length, + token_len, "\x02\x01", GSS_KRB5_MECHANISM); if (ret) @@ -245,12 +264,17 @@ unwrap_des3 memcpy (p, tmp.data, tmp.length); krb5_data_free(&tmp); } - /* check pad */ - ret = _gssapi_verify_pad(input_message_buffer, - input_message_buffer->length - len, - &padlength); - if (ret) - return ret; + + if (IS_DCE_STYLE(context_handle)) { + padlength = 0; + } else { + /* check pad */ + ret = _gssapi_verify_pad(input_message_buffer, + input_message_buffer->length - len, + &padlength); + if (ret) + return ret; + } /* verify sequence number */ diff --git a/source4/heimdal/lib/gssapi/krb5/wrap.c b/source4/heimdal/lib/gssapi/krb5/wrap.c index 6d00f2adcf..bedeace4dd 100644 --- a/source4/heimdal/lib/gssapi/krb5/wrap.c +++ b/source4/heimdal/lib/gssapi/krb5/wrap.c @@ -210,10 +210,19 @@ wrap_des int32_t seq_number; size_t len, total_len, padlength, datalen; - padlength = 8 - (input_message_buffer->length % 8); - datalen = input_message_buffer->length + padlength + 8; - len = datalen + 22; - _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + if (IS_DCE_STYLE(ctx)) { + padlength = 0; + datalen = input_message_buffer->length; + len = 22 + 8; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + total_len += datalen; + datalen += 8; + } else { + padlength = 8 - (input_message_buffer->length % 8); + datalen = input_message_buffer->length + padlength + 8; + len = datalen + 22; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + } output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); @@ -336,10 +345,19 @@ wrap_des3 Checksum cksum; krb5_data encdata; - padlength = 8 - (input_message_buffer->length % 8); - datalen = input_message_buffer->length + padlength + 8; - len = datalen + 34; - _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + if (IS_DCE_STYLE(ctx)) { + padlength = 0; + datalen = input_message_buffer->length; + len = 34 + 8; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + total_len += datalen; + datalen += 8; + } else { + padlength = 8 - (input_message_buffer->length % 8); + datalen = input_message_buffer->length + padlength + 8; + len = datalen + 34; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + } output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); -- cgit From 610b1ada1535b2ae1b38adde4de112ee6dc23a2c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 8 Aug 2008 15:22:39 +0200 Subject: krb5: always generate the acceptor subkey as the same enctype as the used service key With this patch samba4 can use gsskrb5_get_subkey() to get the session key. metze (This used to be commit dbb94133e0313cae933d261af0bf1210807a6d11) --- source4/heimdal/lib/krb5/rd_req.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index ddf1f69ae4..e80aaa6789 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -463,6 +463,8 @@ krb5_verify_ap_req2(krb5_context context, ac->keytype = ETYPE_NULL; +#if 0 +/* it's bad to use a different enctype as the client */ if (etypes.val) { int i; @@ -473,6 +475,7 @@ krb5_verify_ap_req2(krb5_context context, } } } +#endif /* save key */ ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock); -- cgit From 5569132f45e12011697d2f465be9f33f34a5ea60 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 8 Aug 2008 15:01:15 +0200 Subject: gsskrb5: try to be compatible with windows for gss_wrap* and cfx The good thing is that windows and heimdal both use EC=0 in the non DCE_STYLE case, so we need the windows compat hack only in DCE_STYLE mode. metze (This used to be commit 0fa41a94e466d5e11bcf362ccd8ff41b72733d1a) --- source4/heimdal/lib/gssapi/krb5/cfx.c | 49 ++++++++++++++++++----- source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h | 1 + 2 files changed, 39 insertions(+), 11 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.c b/source4/heimdal/lib/gssapi/krb5/cfx.c index 6452f802ab..bc0d736e81 100755 --- a/source4/heimdal/lib/gssapi/krb5/cfx.c +++ b/source4/heimdal/lib/gssapi/krb5/cfx.c @@ -43,7 +43,8 @@ RCSID("$Id: cfx.c 19031 2006-11-13 18:02:57Z lha $"); #define CFXAcceptorSubkey (1 << 2) krb5_error_code -_gsskrb5cfx_wrap_length_cfx(krb5_context context, +_gsskrb5cfx_wrap_length_cfx(const gsskrb5_ctx context_handle, + krb5_context context, krb5_crypto crypto, int conf_req_flag, size_t input_length, @@ -72,7 +73,11 @@ _gsskrb5cfx_wrap_length_cfx(krb5_context context, /* Header is concatenated with data before encryption */ input_length += sizeof(gss_cfx_wrap_token_desc); - ret = krb5_crypto_getpadsize(context, crypto, &padsize); + if (IS_DCE_STYLE(context_handle)) { + ret = krb5_crypto_getblocksize(context, crypto, &padsize); + } else { + ret = krb5_crypto_getpadsize(context, crypto, &padsize); + } if (ret) { return ret; } @@ -258,7 +263,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, return GSS_S_FAILURE; } - ret = _gsskrb5cfx_wrap_length_cfx(context, + ret = _gsskrb5cfx_wrap_length_cfx(context_handle, context, crypto, conf_req_flag, input_message_buffer->length, &wrapped_len, &cksumsize, &padlength); @@ -380,7 +385,15 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, token->RRC[0] = (rrc >> 8) & 0xFF; token->RRC[1] = (rrc >> 0) & 0xFF; - ret = rrc_rotate(cipher.data, cipher.length, rrc, FALSE); + /* + * this is really ugly, but needed against windows + * for DCERPC, as windows rotates by EC+RRC. + */ + if (IS_DCE_STYLE(context_handle)) { + ret = rrc_rotate(cipher.data, cipher.length, rrc+padlength, FALSE); + } else { + ret = rrc_rotate(cipher.data, cipher.length, rrc, FALSE); + } if (ret != 0) { *minor_status = ret; krb5_crypto_destroy(context, crypto); @@ -553,14 +566,21 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, len = input_message_buffer->length; len -= (p - (u_char *)input_message_buffer->value); - /* Rotate by RRC; bogus to do this in-place XXX */ - *minor_status = rrc_rotate(p, len, rrc, TRUE); - if (*minor_status != 0) { - krb5_crypto_destroy(context, crypto); - return GSS_S_FAILURE; - } - if (token_flags & CFXSealed) { + /* + * this is really ugly, but needed against windows + * for DCERPC, as windows rotates by EC+RRC. + */ + if (IS_DCE_STYLE(context_handle)) { + *minor_status = rrc_rotate(p, len, rrc+ec, TRUE); + } else { + *minor_status = rrc_rotate(p, len, rrc, TRUE); + } + if (*minor_status != 0) { + krb5_crypto_destroy(context, crypto); + return GSS_S_FAILURE; + } + ret = krb5_decrypt(context, crypto, usage, p, len, &data); if (ret != 0) { @@ -594,6 +614,13 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, } else { Checksum cksum; + /* Rotate by RRC; bogus to do this in-place XXX */ + *minor_status = rrc_rotate(p, len, rrc, TRUE); + if (*minor_status != 0) { + krb5_crypto_destroy(context, crypto); + return GSS_S_FAILURE; + } + /* Determine checksum type */ ret = krb5_crypto_get_checksum_type(context, crypto, &cksum.cksumtype); diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h index 64a0dd36b1..f6edb8b247 100644 --- a/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h +++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h @@ -661,6 +661,7 @@ _gsskrb5cfx_max_wrap_length_cfx ( krb5_error_code _gsskrb5cfx_wrap_length_cfx ( + const gsskrb5_ctx /*context_handle*/, krb5_context /*context*/, krb5_crypto /*crypto*/, int /*conf_req_flag*/, -- cgit From 69d074af81e57c67ee85314c2b5f7a642844ae88 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 13 Aug 2008 09:52:20 +0200 Subject: gsskrb5: always return an acceptor subkey For non cfx keys it's the same as the intiator subkey. This matches windows behavior. metze (This used to be commit 6a8b07c39558f240b89e833ecba15d8b9fc020e8) --- .../heimdal/lib/gssapi/krb5/accept_sec_context.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index 8dbd087da6..a6f0f31246 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -520,16 +520,30 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, if(ctx->flags & GSS_C_MUTUAL_FLAG) { krb5_data outbuf; + int use_subkey = 0; _gsskrb5i_is_cfx(ctx, &is_cfx); if (is_cfx != 0 || (ap_options & AP_OPTS_USE_SUBKEY)) { - kret = krb5_auth_con_addflags(context, - ctx->auth_context, - KRB5_AUTH_CONTEXT_USE_SUBKEY, - NULL); + use_subkey = 1; + } else { + krb5_keyblock *rkey; + kret = krb5_auth_con_getremotesubkey(context, ctx->auth_context, &rkey); + if (kret == 0) { + kret = krb5_auth_con_setlocalsubkey(context, ctx->auth_context, rkey); + if (kret == 0) { + use_subkey = 1; + } + krb5_free_keyblock(context, rkey); + } + } + if (use_subkey) { ctx->more_flags |= ACCEPTOR_SUBKEY; + krb5_auth_con_addflags(context, + ctx->auth_context, + KRB5_AUTH_CONTEXT_USE_SUBKEY, + NULL); } kret = krb5_mk_rep(context, -- cgit From e75f1072b6c3735690d7b20682036b8bc5977dc5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 13 Aug 2008 07:22:36 +0200 Subject: Revert "krb5: always generate the acceptor subkey as the same enctype as the used service key" This reverts commit dbb94133e0313cae933d261af0bf1210807a6d11. As we fixed gensec_gssapi to only return a session key when it's have the correct session key, this hack isn't needed anymore. metze (This used to be commit 697cd1896bccaa55ee422f17d9312d787ca699ed) --- source4/heimdal/lib/krb5/rd_req.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index e80aaa6789..ddf1f69ae4 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -463,8 +463,6 @@ krb5_verify_ap_req2(krb5_context context, ac->keytype = ETYPE_NULL; -#if 0 -/* it's bad to use a different enctype as the client */ if (etypes.val) { int i; @@ -475,7 +473,6 @@ krb5_verify_ap_req2(krb5_context context, } } } -#endif /* save key */ ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock); -- cgit From 64826077bf966c21008358b8e66f410034864fed Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 26 Aug 2008 12:23:13 +0200 Subject: Revert "gsskrb5: always return an acceptor subkey" This reverts commit 6a8b07c39558f240b89e833ecba15d8b9fc020e8. This isn't strictly needed and will come back in the next merge from heimdal's trunk. metze (This used to be commit 8ed040c8c4bed082ab74ab267090b35bb57db3f3) --- .../heimdal/lib/gssapi/krb5/accept_sec_context.c | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index a6f0f31246..8dbd087da6 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -520,30 +520,16 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, if(ctx->flags & GSS_C_MUTUAL_FLAG) { krb5_data outbuf; - int use_subkey = 0; _gsskrb5i_is_cfx(ctx, &is_cfx); if (is_cfx != 0 || (ap_options & AP_OPTS_USE_SUBKEY)) { - use_subkey = 1; - } else { - krb5_keyblock *rkey; - kret = krb5_auth_con_getremotesubkey(context, ctx->auth_context, &rkey); - if (kret == 0) { - kret = krb5_auth_con_setlocalsubkey(context, ctx->auth_context, rkey); - if (kret == 0) { - use_subkey = 1; - } - krb5_free_keyblock(context, rkey); - } - } - if (use_subkey) { + kret = krb5_auth_con_addflags(context, + ctx->auth_context, + KRB5_AUTH_CONTEXT_USE_SUBKEY, + NULL); ctx->more_flags |= ACCEPTOR_SUBKEY; - krb5_auth_con_addflags(context, - ctx->auth_context, - KRB5_AUTH_CONTEXT_USE_SUBKEY, - NULL); } kret = krb5_mk_rep(context, -- cgit From cec74e9b00ae849916ed01674996711eabf6b220 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 26 Aug 2008 12:25:54 +0200 Subject: Revert "gsskrb5: add support for DCE_STYLE and des and des3 keys" This reverts commit 86848dd0f217774faed81af8fbf68618013e20a1. This should come back via a merge from heimdal's trunk later. metze (This used to be commit 585e5360e2d9f722e80850eb86c3d4253530e8ba) --- source4/heimdal/lib/gssapi/krb5/unwrap.c | 52 +++++++++----------------------- source4/heimdal/lib/gssapi/krb5/wrap.c | 34 +++++---------------- 2 files changed, 22 insertions(+), 64 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/gssapi/krb5/unwrap.c b/source4/heimdal/lib/gssapi/krb5/unwrap.c index c287469e96..eec4078a70 100644 --- a/source4/heimdal/lib/gssapi/krb5/unwrap.c +++ b/source4/heimdal/lib/gssapi/krb5/unwrap.c @@ -59,17 +59,10 @@ unwrap_des OM_uint32 ret; int cstate; int cmp; - int token_len; - - if (IS_DCE_STYLE(context_handle)) { - token_len = 22 + 8 + 15; /* 45 */ - } else { - token_len = input_message_buffer->length; - } p = input_message_buffer->value; ret = _gsskrb5_verify_header (&p, - token_len, + input_message_buffer->length, "\x02\x01", GSS_KRB5_MECHANISM); if (ret) @@ -112,17 +105,12 @@ unwrap_des memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); } - - if (IS_DCE_STYLE(context_handle)) { - padlength = 0; - } else { - /* check pad */ - ret = _gssapi_verify_pad(input_message_buffer, - input_message_buffer->length - len, - &padlength); - if (ret) - return ret; - } + /* check pad */ + ret = _gssapi_verify_pad(input_message_buffer, + input_message_buffer->length - len, + &padlength); + if (ret) + return ret; MD5_Init (&md5); MD5_Update (&md5, p - 24, 8); @@ -207,17 +195,10 @@ unwrap_des3 krb5_crypto crypto; Checksum csum; int cmp; - int token_len; - - if (IS_DCE_STYLE(context_handle)) { - token_len = 34 + 8 + 15; /* 57 */ - } else { - token_len = input_message_buffer->length; - } p = input_message_buffer->value; ret = _gsskrb5_verify_header (&p, - token_len, + input_message_buffer->length, "\x02\x01", GSS_KRB5_MECHANISM); if (ret) @@ -264,17 +245,12 @@ unwrap_des3 memcpy (p, tmp.data, tmp.length); krb5_data_free(&tmp); } - - if (IS_DCE_STYLE(context_handle)) { - padlength = 0; - } else { - /* check pad */ - ret = _gssapi_verify_pad(input_message_buffer, - input_message_buffer->length - len, - &padlength); - if (ret) - return ret; - } + /* check pad */ + ret = _gssapi_verify_pad(input_message_buffer, + input_message_buffer->length - len, + &padlength); + if (ret) + return ret; /* verify sequence number */ diff --git a/source4/heimdal/lib/gssapi/krb5/wrap.c b/source4/heimdal/lib/gssapi/krb5/wrap.c index bedeace4dd..6d00f2adcf 100644 --- a/source4/heimdal/lib/gssapi/krb5/wrap.c +++ b/source4/heimdal/lib/gssapi/krb5/wrap.c @@ -210,19 +210,10 @@ wrap_des int32_t seq_number; size_t len, total_len, padlength, datalen; - if (IS_DCE_STYLE(ctx)) { - padlength = 0; - datalen = input_message_buffer->length; - len = 22 + 8; - _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); - total_len += datalen; - datalen += 8; - } else { - padlength = 8 - (input_message_buffer->length % 8); - datalen = input_message_buffer->length + padlength + 8; - len = datalen + 22; - _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); - } + padlength = 8 - (input_message_buffer->length % 8); + datalen = input_message_buffer->length + padlength + 8; + len = datalen + 22; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); @@ -345,19 +336,10 @@ wrap_des3 Checksum cksum; krb5_data encdata; - if (IS_DCE_STYLE(ctx)) { - padlength = 0; - datalen = input_message_buffer->length; - len = 34 + 8; - _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); - total_len += datalen; - datalen += 8; - } else { - padlength = 8 - (input_message_buffer->length % 8); - datalen = input_message_buffer->length + padlength + 8; - len = datalen + 34; - _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); - } + padlength = 8 - (input_message_buffer->length % 8); + datalen = input_message_buffer->length + padlength + 8; + len = datalen + 34; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); -- cgit From 1c4b84ee4fc0f30b5e2418e029c31fb99570a325 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 26 Aug 2008 12:19:52 +0200 Subject: heimdal_build: add a fake sqlite keytab implementation This remove a difference against lorikeet-heimdal. metze (This used to be commit 4314df3561dfe60228db0af220549300b0137c85) --- source4/heimdal/lib/krb5/context.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index 543dba396d..9f17b8c205 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -246,9 +246,7 @@ krb5_init_context(krb5_context *context) krb5_cc_register(p, &krb5_acc_ops, TRUE); krb5_cc_register(p, &krb5_fcc_ops, TRUE); krb5_cc_register(p, &krb5_mcc_ops, TRUE); -#if 0 krb5_cc_register(p, &krb5_scc_ops, TRUE); -#endif #ifdef HAVE_KCM krb5_cc_register(p, &krb5_kcm_ops, TRUE); #endif -- cgit From f09f67d24d0504cbb29d4344b3bd443f0e7e0b90 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 26 Aug 2008 11:25:10 +0200 Subject: heimdal: remove unused old files metze (This used to be commit 94cef56212d7d7c1150aea760dba24bda7190442) --- source4/heimdal/lib/asn1/libasn1.h | 51 ---- source4/heimdal/lib/krb5/keytab_krb4.c | 458 --------------------------------- 2 files changed, 509 deletions(-) delete mode 100644 source4/heimdal/lib/asn1/libasn1.h delete mode 100644 source4/heimdal/lib/krb5/keytab_krb4.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/asn1/libasn1.h b/source4/heimdal/lib/asn1/libasn1.h deleted file mode 100644 index 64f554f2c8..0000000000 --- a/source4/heimdal/lib/asn1/libasn1.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: libasn1.h 15617 2005-07-12 06:27:42Z lha $ */ - -#ifndef __LIBASN1_H__ -#define __LIBASN1_H__ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include -#include -#include "krb5_asn1.h" -#include "der.h" -#include "asn1_err.h" -#include - -#endif /* __LIBASN1_H__ */ diff --git a/source4/heimdal/lib/krb5/keytab_krb4.c b/source4/heimdal/lib/krb5/keytab_krb4.c deleted file mode 100644 index 32bb00141a..0000000000 --- a/source4/heimdal/lib/krb5/keytab_krb4.c +++ /dev/null @@ -1,458 +0,0 @@ -/* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5_locl.h" - -RCSID("$Id: keytab_krb4.c 22532 2008-01-27 11:59:18Z lha $"); - -struct krb4_kt_data { - char *filename; -}; - -static krb5_error_code -krb4_kt_resolve(krb5_context context, const char *name, krb5_keytab id) -{ - struct krb4_kt_data *d; - - d = malloc (sizeof(*d)); - if (d == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - d->filename = strdup (name); - if (d->filename == NULL) { - free(d); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - id->data = d; - return 0; -} - -static krb5_error_code -krb4_kt_get_name (krb5_context context, - krb5_keytab id, - char *name, - size_t name_sz) -{ - struct krb4_kt_data *d = id->data; - - strlcpy (name, d->filename, name_sz); - return 0; -} - -static krb5_error_code -krb4_kt_close (krb5_context context, - krb5_keytab id) -{ - struct krb4_kt_data *d = id->data; - - free (d->filename); - free (d); - return 0; -} - -struct krb4_cursor_extra_data { - krb5_keytab_entry entry; - int num; -}; - -static int -open_flock(const char *filename, int flags, int mode) -{ - int lock_mode; - int tries = 0; - int fd = open(filename, flags, mode); - if(fd < 0) - return fd; - if((flags & O_ACCMODE) == O_RDONLY) - lock_mode = LOCK_SH | LOCK_NB; - else - lock_mode = LOCK_EX | LOCK_NB; - while(flock(fd, lock_mode) < 0) { - if(++tries < 5) { - sleep(1); - } else { - close(fd); - return -1; - } - } - return fd; -} - - - -static krb5_error_code -krb4_kt_start_seq_get_int (krb5_context context, - krb5_keytab id, - int flags, - krb5_kt_cursor *c) -{ - struct krb4_kt_data *d = id->data; - struct krb4_cursor_extra_data *ed; - int ret; - - ed = malloc (sizeof(*ed)); - if (ed == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - ed->entry.principal = NULL; - ed->num = -1; - c->data = ed; - c->fd = open_flock (d->filename, flags, 0); - if (c->fd < 0) { - ret = errno; - free (ed); - krb5_set_error_string(context, "keytab krb5 open %s failed: %s", - d->filename, strerror(ret)); - return ret; - } - c->sp = krb5_storage_from_fd(c->fd); - if(c->sp == NULL) { - close(c->fd); - free(ed); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - krb5_storage_set_eof_code(c->sp, KRB5_KT_END); - return 0; -} - -static krb5_error_code -krb4_kt_start_seq_get (krb5_context context, - krb5_keytab id, - krb5_kt_cursor *c) -{ - return krb4_kt_start_seq_get_int (context, id, O_BINARY | O_RDONLY, c); -} - -static krb5_error_code -read_v4_entry (krb5_context context, - struct krb4_kt_data *d, - krb5_kt_cursor *c, - struct krb4_cursor_extra_data *ed) -{ - unsigned char des_key[8]; - krb5_error_code ret; - char *service, *instance, *realm; - int8_t kvno; - - ret = krb5_ret_stringz(c->sp, &service); - if (ret) - return ret; - ret = krb5_ret_stringz(c->sp, &instance); - if (ret) { - free (service); - return ret; - } - ret = krb5_ret_stringz(c->sp, &realm); - if (ret) { - free (service); - free (instance); - return ret; - } - ret = krb5_425_conv_principal (context, service, instance, realm, - &ed->entry.principal); - free (service); - free (instance); - free (realm); - if (ret) - return ret; - ret = krb5_ret_int8(c->sp, &kvno); - if (ret) { - krb5_free_principal (context, ed->entry.principal); - return ret; - } - ret = krb5_storage_read(c->sp, des_key, sizeof(des_key)); - if (ret < 0) { - krb5_free_principal(context, ed->entry.principal); - return ret; - } - if (ret < 8) { - krb5_free_principal(context, ed->entry.principal); - return EINVAL; - } - ed->entry.vno = kvno; - ret = krb5_data_copy (&ed->entry.keyblock.keyvalue, - des_key, sizeof(des_key)); - if (ret) - return ret; - ed->entry.timestamp = time(NULL); - ed->num = 0; - return 0; -} - -static krb5_error_code -krb4_kt_next_entry (krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry, - krb5_kt_cursor *c) -{ - krb5_error_code ret; - struct krb4_kt_data *d = id->data; - struct krb4_cursor_extra_data *ed = c->data; - const krb5_enctype keytypes[] = {ETYPE_DES_CBC_MD5, - ETYPE_DES_CBC_MD4, - ETYPE_DES_CBC_CRC}; - - if (ed->num == -1) { - ret = read_v4_entry (context, d, c, ed); - if (ret) - return ret; - } - ret = krb5_kt_copy_entry_contents (context, - &ed->entry, - entry); - if (ret) - return ret; - entry->keyblock.keytype = keytypes[ed->num]; - if (++ed->num == 3) { - krb5_kt_free_entry (context, &ed->entry); - ed->num = -1; - } - return 0; -} - -static krb5_error_code -krb4_kt_end_seq_get (krb5_context context, - krb5_keytab id, - krb5_kt_cursor *c) -{ - struct krb4_cursor_extra_data *ed = c->data; - - krb5_storage_free (c->sp); - if (ed->num != -1) - krb5_kt_free_entry (context, &ed->entry); - free (c->data); - close (c->fd); - return 0; -} - -static krb5_error_code -krb4_store_keytab_entry(krb5_context context, - krb5_keytab_entry *entry, - krb5_storage *sp) -{ - krb5_error_code ret; -#define ANAME_SZ 40 -#define INST_SZ 40 -#define REALM_SZ 40 - char service[ANAME_SZ]; - char instance[INST_SZ]; - char realm[REALM_SZ]; - ret = krb5_524_conv_principal (context, entry->principal, - service, instance, realm); - if (ret) - return ret; - if (entry->keyblock.keyvalue.length == 8 - && entry->keyblock.keytype == ETYPE_DES_CBC_MD5) { - ret = krb5_store_stringz(sp, service); - ret = krb5_store_stringz(sp, instance); - ret = krb5_store_stringz(sp, realm); - ret = krb5_store_int8(sp, entry->vno); - ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, 8); - } - return 0; -} - -static krb5_error_code -krb4_kt_add_entry (krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry) -{ - struct krb4_kt_data *d = id->data; - krb5_storage *sp; - krb5_error_code ret; - int fd; - - fd = open_flock (d->filename, O_WRONLY | O_APPEND | O_BINARY, 0); - if (fd < 0) { - fd = open_flock (d->filename, - O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600); - if (fd < 0) { - ret = errno; - krb5_set_error_string(context, "open(%s): %s", d->filename, - strerror(ret)); - return ret; - } - } - sp = krb5_storage_from_fd(fd); - if(sp == NULL) { - close(fd); - return ENOMEM; - } - krb5_storage_set_eof_code(sp, KRB5_KT_END); - ret = krb4_store_keytab_entry(context, entry, sp); - krb5_storage_free(sp); - if(close (fd) < 0) - return errno; - return ret; -} - -static krb5_error_code -krb4_kt_remove_entry(krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry) -{ - struct krb4_kt_data *d = id->data; - krb5_error_code ret; - krb5_keytab_entry e; - krb5_kt_cursor cursor; - krb5_storage *sp; - int remove_flag = 0; - - sp = krb5_storage_emem(); - if (sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - ret = krb5_kt_start_seq_get(context, id, &cursor); - if (ret) { - krb5_storage_free(sp); - return ret; - } - while(krb5_kt_next_entry(context, id, &e, &cursor) == 0) { - if(!krb5_kt_compare(context, &e, entry->principal, - entry->vno, entry->keyblock.keytype)) { - ret = krb4_store_keytab_entry(context, &e, sp); - if(ret) { - krb5_kt_free_entry(context, &e); - krb5_storage_free(sp); - return ret; - } - } else - remove_flag = 1; - krb5_kt_free_entry(context, &e); - } - krb5_kt_end_seq_get(context, id, &cursor); - if(remove_flag) { - int fd; - unsigned char buf[1024]; - ssize_t n; - krb5_data data; - struct stat st; - - krb5_storage_to_data(sp, &data); - krb5_storage_free(sp); - - fd = open_flock (d->filename, O_RDWR | O_BINARY, 0); - if(fd < 0) { - memset(data.data, 0, data.length); - krb5_data_free(&data); - if(errno == EACCES || errno == EROFS) { - krb5_set_error_string(context, "failed to open %s for writing", - d->filename); - return KRB5_KT_NOWRITE; - } - return errno; - } - - if(write(fd, data.data, data.length) != data.length) { - memset(data.data, 0, data.length); - krb5_data_free(&data); - close(fd); - krb5_set_error_string(context, "failed writing to file %s", - d->filename); - return errno; - } - memset(data.data, 0, data.length); - if(fstat(fd, &st) < 0) { - krb5_data_free(&data); - close(fd); - krb5_set_error_string(context, "failed getting size of file %s", - d->filename); - return errno; - } - st.st_size -= data.length; - memset(buf, 0, sizeof(buf)); - while(st.st_size > 0) { - n = min(st.st_size, sizeof(buf)); - n = write(fd, buf, n); - if(n <= 0) { - krb5_data_free(&data); - close(fd); - krb5_set_error_string(context, "failed writing to file %s", - d->filename); - return errno; - - } - st.st_size -= n; - } - if(ftruncate(fd, data.length) < 0) { - krb5_data_free(&data); - close(fd); - krb5_set_error_string(context, "failed truncating file %s", - d->filename); - return errno; - } - krb5_data_free(&data); - if(close(fd) < 0) { - krb5_set_error_string(context, "error closing %s", - d->filename); - return errno; - } - return 0; - } else { - krb5_storage_free(sp); - krb5_set_error_string(context, "Keytab entry not found"); - return KRB5_KT_NOTFOUND; - } -} - - -const krb5_kt_ops krb4_fkt_ops = { - "krb4", - krb4_kt_resolve, - krb4_kt_get_name, - krb4_kt_close, - NULL, /* get */ - krb4_kt_start_seq_get, - krb4_kt_next_entry, - krb4_kt_end_seq_get, - krb4_kt_add_entry, /* add_entry */ - krb4_kt_remove_entry /* remove_entry */ -}; - -const krb5_kt_ops krb5_srvtab_fkt_ops = { - "SRVTAB", - krb4_kt_resolve, - krb4_kt_get_name, - krb4_kt_close, - NULL, /* get */ - krb4_kt_start_seq_get, - krb4_kt_next_entry, - krb4_kt_end_seq_get, - krb4_kt_add_entry, /* add_entry */ - krb4_kt_remove_entry /* remove_entry */ -}; -- cgit From 57d4e110236a42ba32a8db802cf2f4aab0e8aba8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 26 Aug 2008 11:29:33 +0200 Subject: heimdal_build: add fallback for AC_WARNING_ENABLE() metze (This used to be commit 8d6d96898dcc948aa0ee004eaeb48dc847946361) --- source4/heimdal/cf/check-var.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/cf/check-var.m4 b/source4/heimdal/cf/check-var.m4 index ffa61915e9..1e6846593b 100644 --- a/source4/heimdal/cf/check-var.m4 +++ b/source4/heimdal/cf/check-var.m4 @@ -23,5 +23,5 @@ if test "$ac_foo" = yes; then fi ]) -dnl AC_WARNING_ENABLE([obsolete]) +AC_WARNING_ENABLE([obsolete]) AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo]) -- cgit From a1bbd66b0f68d3d1bb1940bbf82d62b8e56acb4e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 26 Aug 2008 11:22:17 +0200 Subject: heimdal_build: autogenerate table files in heimdal/lib/wind/ metze (This used to be commit f4cfba26aebb18fecdb50478bec9c07d4910ab3b) --- .../lib/wind/CompositionExclusions-3.2.0.txt | 176 + .../heimdal/lib/wind/DerivedNormalizationProps.txt | 2574 +++ .../heimdal/lib/wind/NormalizationCorrections.txt | 43 + source4/heimdal/lib/wind/NormalizationTest.txt | 17166 ++++++++++++++ source4/heimdal/lib/wind/UnicodeData.py | 57 + source4/heimdal/lib/wind/UnicodeData.txt | 15100 ++++++++++++ source4/heimdal/lib/wind/bidi_table.c | 410 - source4/heimdal/lib/wind/bidi_table.h | 21 - source4/heimdal/lib/wind/combining_table.c | 362 - source4/heimdal/lib/wind/combining_table.h | 18 - source4/heimdal/lib/wind/errorlist_table.c | 88 - source4/heimdal/lib/wind/errorlist_table.h | 19 - source4/heimdal/lib/wind/gen-bidi.py | 101 + source4/heimdal/lib/wind/gen-combining.py | 104 + source4/heimdal/lib/wind/gen-errorlist.py | 120 + source4/heimdal/lib/wind/gen-map.py | 158 + source4/heimdal/lib/wind/gen-normalize.py | 210 + source4/heimdal/lib/wind/generate.py | 81 + source4/heimdal/lib/wind/map_table.c | 2613 --- source4/heimdal/lib/wind/map_table.h | 22 - source4/heimdal/lib/wind/normalize_table.c | 22976 ------------------- source4/heimdal/lib/wind/normalize_table.h | 34 - source4/heimdal/lib/wind/rfc3454.py | 60 + source4/heimdal/lib/wind/rfc3454.txt | 5099 ++++ source4/heimdal/lib/wind/rfc3490.txt | 1235 + source4/heimdal/lib/wind/rfc3491.txt | 395 + source4/heimdal/lib/wind/rfc3492.txt | 1963 ++ source4/heimdal/lib/wind/rfc4013.txt | 339 + source4/heimdal/lib/wind/rfc4518.py | 150 + source4/heimdal/lib/wind/rfc4518.txt | 787 + source4/heimdal/lib/wind/stringprep.py | 90 + source4/heimdal/lib/wind/util.py | 48 + 32 files changed, 46056 insertions(+), 26563 deletions(-) create mode 100644 source4/heimdal/lib/wind/CompositionExclusions-3.2.0.txt create mode 100644 source4/heimdal/lib/wind/DerivedNormalizationProps.txt create mode 100644 source4/heimdal/lib/wind/NormalizationCorrections.txt create mode 100644 source4/heimdal/lib/wind/NormalizationTest.txt create mode 100644 source4/heimdal/lib/wind/UnicodeData.py create mode 100644 source4/heimdal/lib/wind/UnicodeData.txt delete mode 100644 source4/heimdal/lib/wind/bidi_table.c delete mode 100644 source4/heimdal/lib/wind/bidi_table.h delete mode 100644 source4/heimdal/lib/wind/combining_table.c delete mode 100644 source4/heimdal/lib/wind/combining_table.h delete mode 100644 source4/heimdal/lib/wind/errorlist_table.c delete mode 100644 source4/heimdal/lib/wind/errorlist_table.h create mode 100755 source4/heimdal/lib/wind/gen-bidi.py create mode 100755 source4/heimdal/lib/wind/gen-combining.py create mode 100755 source4/heimdal/lib/wind/gen-errorlist.py create mode 100755 source4/heimdal/lib/wind/gen-map.py create mode 100755 source4/heimdal/lib/wind/gen-normalize.py create mode 100644 source4/heimdal/lib/wind/generate.py delete mode 100644 source4/heimdal/lib/wind/map_table.c delete mode 100644 source4/heimdal/lib/wind/map_table.h delete mode 100644 source4/heimdal/lib/wind/normalize_table.c delete mode 100644 source4/heimdal/lib/wind/normalize_table.h create mode 100644 source4/heimdal/lib/wind/rfc3454.py create mode 100644 source4/heimdal/lib/wind/rfc3454.txt create mode 100644 source4/heimdal/lib/wind/rfc3490.txt create mode 100644 source4/heimdal/lib/wind/rfc3491.txt create mode 100644 source4/heimdal/lib/wind/rfc3492.txt create mode 100644 source4/heimdal/lib/wind/rfc4013.txt create mode 100644 source4/heimdal/lib/wind/rfc4518.py create mode 100644 source4/heimdal/lib/wind/rfc4518.txt create mode 100644 source4/heimdal/lib/wind/stringprep.py create mode 100644 source4/heimdal/lib/wind/util.py (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/wind/CompositionExclusions-3.2.0.txt b/source4/heimdal/lib/wind/CompositionExclusions-3.2.0.txt new file mode 100644 index 0000000000..07a60b8b92 --- /dev/null +++ b/source4/heimdal/lib/wind/CompositionExclusions-3.2.0.txt @@ -0,0 +1,176 @@ +# CompositionExclusions-3.2.0.txt +# Date: 2002-03-19,23:30:28 GMT [MD] +# +# This file lists the characters from the UAX #15 Composition Exclusion Table. +# +# The format of the comments in this file has been updated since the last version, +# CompositionExclusions-3.txt. The only substantive change to this file between that +# version and this one is the addition of U+2ADC FORKING. +# +# For more information, see +# http://www.unicode.org/unicode/reports/tr15/#Primary Exclusion List Table +# ================================================ + +# (1) Script Specifics +# This list of characters cannot be derived from the UnicodeData file. +# ================================================ + +0958 # DEVANAGARI LETTER QA +0959 # DEVANAGARI LETTER KHHA +095A # DEVANAGARI LETTER GHHA +095B # DEVANAGARI LETTER ZA +095C # DEVANAGARI LETTER DDDHA +095D # DEVANAGARI LETTER RHA +095E # DEVANAGARI LETTER FA +095F # DEVANAGARI LETTER YYA +09DC # BENGALI LETTER RRA +09DD # BENGALI LETTER RHA +09DF # BENGALI LETTER YYA +0A33 # GURMUKHI LETTER LLA +0A36 # GURMUKHI LETTER SHA +0A59 # GURMUKHI LETTER KHHA +0A5A # GURMUKHI LETTER GHHA +0A5B # GURMUKHI LETTER ZA +0A5E # GURMUKHI LETTER FA +0B5C # ORIYA LETTER RRA +0B5D # ORIYA LETTER RHA +0F43 # TIBETAN LETTER GHA +0F4D # TIBETAN LETTER DDHA +0F52 # TIBETAN LETTER DHA +0F57 # TIBETAN LETTER BHA +0F5C # TIBETAN LETTER DZHA +0F69 # TIBETAN LETTER KSSA +0F76 # TIBETAN VOWEL SIGN VOCALIC R +0F78 # TIBETAN VOWEL SIGN VOCALIC L +0F93 # TIBETAN SUBJOINED LETTER GHA +0F9D # TIBETAN SUBJOINED LETTER DDHA +0FA2 # TIBETAN SUBJOINED LETTER DHA +0FA7 # TIBETAN SUBJOINED LETTER BHA +0FAC # TIBETAN SUBJOINED LETTER DZHA +0FB9 # TIBETAN SUBJOINED LETTER KSSA +FB1D # HEBREW LETTER YOD WITH HIRIQ +FB1F # HEBREW LIGATURE YIDDISH YOD YOD PATAH +FB2A # HEBREW LETTER SHIN WITH SHIN DOT +FB2B # HEBREW LETTER SHIN WITH SIN DOT +FB2C # HEBREW LETTER SHIN WITH DAGESH AND SHIN DOT +FB2D # HEBREW LETTER SHIN WITH DAGESH AND SIN DOT +FB2E # HEBREW LETTER ALEF WITH PATAH +FB2F # HEBREW LETTER ALEF WITH QAMATS +FB30 # HEBREW LETTER ALEF WITH MAPIQ +FB31 # HEBREW LETTER BET WITH DAGESH +FB32 # HEBREW LETTER GIMEL WITH DAGESH +FB33 # HEBREW LETTER DALET WITH DAGESH +FB34 # HEBREW LETTER HE WITH MAPIQ +FB35 # HEBREW LETTER VAV WITH DAGESH +FB36 # HEBREW LETTER ZAYIN WITH DAGESH +FB38 # HEBREW LETTER TET WITH DAGESH +FB39 # HEBREW LETTER YOD WITH DAGESH +FB3A # HEBREW LETTER FINAL KAF WITH DAGESH +FB3B # HEBREW LETTER KAF WITH DAGESH +FB3C # HEBREW LETTER LAMED WITH DAGESH +FB3E # HEBREW LETTER MEM WITH DAGESH +FB40 # HEBREW LETTER NUN WITH DAGESH +FB41 # HEBREW LETTER SAMEKH WITH DAGESH +FB43 # HEBREW LETTER FINAL PE WITH DAGESH +FB44 # HEBREW LETTER PE WITH DAGESH +FB46 # HEBREW LETTER TSADI WITH DAGESH +FB47 # HEBREW LETTER QOF WITH DAGESH +FB48 # HEBREW LETTER RESH WITH DAGESH +FB49 # HEBREW LETTER SHIN WITH DAGESH +FB4A # HEBREW LETTER TAV WITH DAGESH +FB4B # HEBREW LETTER VAV WITH HOLAM +FB4C # HEBREW LETTER BET WITH RAFE +FB4D # HEBREW LETTER KAF WITH RAFE +FB4E # HEBREW LETTER PE WITH RAFE + +# Total code points: 67 + +# ================================================ +# (2) Post Composition Version precomposed characters +# These characters cannot be derived solely from the UnicodeData.txt file +# in this version of Unicode. +# ================================================ + +2ADC # FORKING +1D15E # MUSICAL SYMBOL HALF NOTE +1D15F # MUSICAL SYMBOL QUARTER NOTE +1D160 # MUSICAL SYMBOL EIGHTH NOTE +1D161 # MUSICAL SYMBOL SIXTEENTH NOTE +1D162 # MUSICAL SYMBOL THIRTY-SECOND NOTE +1D163 # MUSICAL SYMBOL SIXTY-FOURTH NOTE +1D164 # MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE +1D1BB # MUSICAL SYMBOL MINIMA +1D1BC # MUSICAL SYMBOL MINIMA BLACK +1D1BD # MUSICAL SYMBOL SEMIMINIMA WHITE +1D1BE # MUSICAL SYMBOL SEMIMINIMA BLACK +1D1BF # MUSICAL SYMBOL FUSA WHITE +1D1C0 # MUSICAL SYMBOL FUSA BLACK + +# Total code points: 14 + +# ================================================ +# (3) Singleton Decompositions +# These characters can be derived from the UnicodeData file +# by including all characters whose canonical decomposition +# consists of a single character. +# These characters are simply quoted here for reference. +# ================================================ + +# 0340..0341 [2] COMBINING GRAVE TONE MARK..COMBINING ACUTE TONE MARK +# 0343 COMBINING GREEK KORONIS +# 0374 GREEK NUMERAL SIGN +# 037E GREEK QUESTION MARK +# 0387 GREEK ANO TELEIA +# 1F71 GREEK SMALL LETTER ALPHA WITH OXIA +# 1F73 GREEK SMALL LETTER EPSILON WITH OXIA +# 1F75 GREEK SMALL LETTER ETA WITH OXIA +# 1F77 GREEK SMALL LETTER IOTA WITH OXIA +# 1F79 GREEK SMALL LETTER OMICRON WITH OXIA +# 1F7B GREEK SMALL LETTER UPSILON WITH OXIA +# 1F7D GREEK SMALL LETTER OMEGA WITH OXIA +# 1FBB GREEK CAPITAL LETTER ALPHA WITH OXIA +# 1FBE GREEK PROSGEGRAMMENI +# 1FC9 GREEK CAPITAL LETTER EPSILON WITH OXIA +# 1FCB GREEK CAPITAL LETTER ETA WITH OXIA +# 1FD3 GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA +# 1FDB GREEK CAPITAL LETTER IOTA WITH OXIA +# 1FE3 GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND OXIA +# 1FEB GREEK CAPITAL LETTER UPSILON WITH OXIA +# 1FEE..1FEF [2] GREEK DIALYTIKA AND OXIA..GREEK VARIA +# 1FF9 GREEK CAPITAL LETTER OMICRON WITH OXIA +# 1FFB GREEK CAPITAL LETTER OMEGA WITH OXIA +# 1FFD GREEK OXIA +# 2000..2001 [2] EN QUAD..EM QUAD +# 2126 OHM SIGN +# 212A..212B [2] KELVIN SIGN..ANGSTROM SIGN +# 2329 LEFT-POINTING ANGLE BRACKET +# 232A RIGHT-POINTING ANGLE BRACKET +# F900..FA0D [270] CJK COMPATIBILITY IDEOGRAPH-F900..CJK COMPATIBILITY IDEOGRAPH-FA0D +# FA10 CJK COMPATIBILITY IDEOGRAPH-FA10 +# FA12 CJK COMPATIBILITY IDEOGRAPH-FA12 +# FA15..FA1E [10] CJK COMPATIBILITY IDEOGRAPH-FA15..CJK COMPATIBILITY IDEOGRAPH-FA1E +# FA20 CJK COMPATIBILITY IDEOGRAPH-FA20 +# FA22 CJK COMPATIBILITY IDEOGRAPH-FA22 +# FA25..FA26 [2] CJK COMPATIBILITY IDEOGRAPH-FA25..CJK COMPATIBILITY IDEOGRAPH-FA26 +# FA2A..FA2D [4] CJK COMPATIBILITY IDEOGRAPH-FA2A..CJK COMPATIBILITY IDEOGRAPH-FA2D +# FA30..FA6A [59] CJK COMPATIBILITY IDEOGRAPH-FA30..CJK COMPATIBILITY IDEOGRAPH-FA6A +# 2F800..2FA1D [542] CJK COMPATIBILITY IDEOGRAPH-2F800..CJK COMPATIBILITY IDEOGRAPH-2FA1D + +# Total code points: 924 + +# ================================================ +# (4) Non-Starter Decompositions +# These characters can be derived from the UnicodeData file +# by including all characters whose canonical decomposition consists +# of a sequence of characters, the first of which has a non-zero +# combining class. +# These characters are simply quoted here for reference. +# ================================================ + +# 0344 COMBINING GREEK DIALYTIKA TONOS +# 0F73 TIBETAN VOWEL SIGN II +# 0F75 TIBETAN VOWEL SIGN UU +# 0F81 TIBETAN VOWEL SIGN REVERSED II + +# Total code points: 4 + diff --git a/source4/heimdal/lib/wind/DerivedNormalizationProps.txt b/source4/heimdal/lib/wind/DerivedNormalizationProps.txt new file mode 100644 index 0000000000..2d4f0a6e5d --- /dev/null +++ b/source4/heimdal/lib/wind/DerivedNormalizationProps.txt @@ -0,0 +1,2574 @@ +# DerivedNormalizationProps-4.0.1.txt +# Date: 2004-03-02, 02:42:17 GMT [MD] +# +# Unicode Character Database +# Copyright (c) 1991-2004 Unicode, Inc. +# For terms of use, see http://www.unicode.org/terms_of_use.html +# For documentation, see UCD.html + +# ================================================ + +# Derived Property: FC_NFKC_Closure +# Generated from computing: b = NFKC(Fold(a)); c = NFKC(Fold(b)); +# Then if (c != b) add the mapping from a to c to the set of +# mappings that constitute the FC_NFKC_Closure list +# Uses the full case folding from CaseFolding.txt, without the T option. + +037A ; FC_NFKC; 0020 03B9 # Lm GREEK YPOGEGRAMMENI +03D2 ; FC_NFKC; 03C5 # L& GREEK UPSILON WITH HOOK SYMBOL +03D3 ; FC_NFKC; 03CD # L& GREEK UPSILON WITH ACUTE AND HOOK SYMBOL +03D4 ; FC_NFKC; 03CB # L& GREEK UPSILON WITH DIAERESIS AND HOOK SYMBOL +03F2 ; FC_NFKC; 03C3 # L& GREEK LUNATE SIGMA SYMBOL +03F9 ; FC_NFKC; 03C3 # L& GREEK CAPITAL LUNATE SIGMA SYMBOL +1D2C ; FC_NFKC; 0061 # Lm MODIFIER LETTER CAPITAL A +1D2D ; FC_NFKC; 00E6 # Lm MODIFIER LETTER CAPITAL AE +1D2E ; FC_NFKC; 0062 # Lm MODIFIER LETTER CAPITAL B +1D30 ; FC_NFKC; 0064 # Lm MODIFIER LETTER CAPITAL D +1D31 ; FC_NFKC; 0065 # Lm MODIFIER LETTER CAPITAL E +1D32 ; FC_NFKC; 01DD # Lm MODIFIER LETTER CAPITAL REVERSED E +1D33 ; FC_NFKC; 0067 # Lm MODIFIER LETTER CAPITAL G +1D34 ; FC_NFKC; 0068 # Lm MODIFIER LETTER CAPITAL H +1D35 ; FC_NFKC; 0069 # Lm MODIFIER LETTER CAPITAL I +1D36 ; FC_NFKC; 006A # Lm MODIFIER LETTER CAPITAL J +1D37 ; FC_NFKC; 006B # Lm MODIFIER LETTER CAPITAL K +1D38 ; FC_NFKC; 006C # Lm MODIFIER LETTER CAPITAL L +1D39 ; FC_NFKC; 006D # Lm MODIFIER LETTER CAPITAL M +1D3A ; FC_NFKC; 006E # Lm MODIFIER LETTER CAPITAL N +1D3C ; FC_NFKC; 006F # Lm MODIFIER LETTER CAPITAL O +1D3D ; FC_NFKC; 0223 # Lm MODIFIER LETTER CAPITAL OU +1D3E ; FC_NFKC; 0070 # Lm MODIFIER LETTER CAPITAL P +1D3F ; FC_NFKC; 0072 # Lm MODIFIER LETTER CAPITAL R +1D40 ; FC_NFKC; 0074 # Lm MODIFIER LETTER CAPITAL T +1D41 ; FC_NFKC; 0075 # Lm MODIFIER LETTER CAPITAL U +1D42 ; FC_NFKC; 0077 # Lm MODIFIER LETTER CAPITAL W +20A8 ; FC_NFKC; 0072 0073 # Sc RUPEE SIGN +2102 ; FC_NFKC; 0063 # L& DOUBLE-STRUCK CAPITAL C +2103 ; FC_NFKC; 00B0 0063 # So DEGREE CELSIUS +2107 ; FC_NFKC; 025B # L& EULER CONSTANT +2109 ; FC_NFKC; 00B0 0066 # So DEGREE FAHRENHEIT +210B ; FC_NFKC; 0068 # L& SCRIPT CAPITAL H +210C ; FC_NFKC; 0068 # L& BLACK-LETTER CAPITAL H +210D ; FC_NFKC; 0068 # L& DOUBLE-STRUCK CAPITAL H +2110 ; FC_NFKC; 0069 # L& SCRIPT CAPITAL I +2111 ; FC_NFKC; 0069 # L& BLACK-LETTER CAPITAL I +2112 ; FC_NFKC; 006C # L& SCRIPT CAPITAL L +2115 ; FC_NFKC; 006E # L& DOUBLE-STRUCK CAPITAL N +2116 ; FC_NFKC; 006E 006F # So NUMERO SIGN +2119 ; FC_NFKC; 0070 # L& DOUBLE-STRUCK CAPITAL P +211A ; FC_NFKC; 0071 # L& DOUBLE-STRUCK CAPITAL Q +211B ; FC_NFKC; 0072 # L& SCRIPT CAPITAL R +211C ; FC_NFKC; 0072 # L& BLACK-LETTER CAPITAL R +211D ; FC_NFKC; 0072 # L& DOUBLE-STRUCK CAPITAL R +2120 ; FC_NFKC; 0073 006D # So SERVICE MARK +2121 ; FC_NFKC; 0074 0065 006C # So TELEPHONE SIGN +2122 ; FC_NFKC; 0074 006D # So TRADE MARK SIGN +2124 ; FC_NFKC; 007A # L& DOUBLE-STRUCK CAPITAL Z +2128 ; FC_NFKC; 007A # L& BLACK-LETTER CAPITAL Z +212C ; FC_NFKC; 0062 # L& SCRIPT CAPITAL B +212D ; FC_NFKC; 0063 # L& BLACK-LETTER CAPITAL C +2130 ; FC_NFKC; 0065 # L& SCRIPT CAPITAL E +2131 ; FC_NFKC; 0066 # L& SCRIPT CAPITAL F +2133 ; FC_NFKC; 006D # L& SCRIPT CAPITAL M +213B ; FC_NFKC; 0066 0061 0078 # So FACSIMILE SIGN +213E ; FC_NFKC; 03B3 # L& DOUBLE-STRUCK CAPITAL GAMMA +213F ; FC_NFKC; 03C0 # L& DOUBLE-STRUCK CAPITAL PI +2145 ; FC_NFKC; 0064 # L& DOUBLE-STRUCK ITALIC CAPITAL D +3250 ; FC_NFKC; 0070 0074 0065 # So PARTNERSHIP SIGN +32CC ; FC_NFKC; 0068 0067 # So SQUARE HG +32CE ; FC_NFKC; 0065 0076 # So SQUARE EV +32CF ; FC_NFKC; 006C 0074 0064 # So LIMITED LIABILITY SIGN +3371 ; FC_NFKC; 0068 0070 0061 # So SQUARE HPA +3373 ; FC_NFKC; 0061 0075 # So SQUARE AU +3375 ; FC_NFKC; 006F 0076 # So SQUARE OV +337A ; FC_NFKC; 0069 0075 # So SQUARE IU +3380 ; FC_NFKC; 0070 0061 # So SQUARE PA AMPS +3381 ; FC_NFKC; 006E 0061 # So SQUARE NA +3382 ; FC_NFKC; 03BC 0061 # So SQUARE MU A +3383 ; FC_NFKC; 006D 0061 # So SQUARE MA +3384 ; FC_NFKC; 006B 0061 # So SQUARE KA +3385 ; FC_NFKC; 006B 0062 # So SQUARE KB +3386 ; FC_NFKC; 006D 0062 # So SQUARE MB +3387 ; FC_NFKC; 0067 0062 # So SQUARE GB +338A ; FC_NFKC; 0070 0066 # So SQUARE PF +338B ; FC_NFKC; 006E 0066 # So SQUARE NF +338C ; FC_NFKC; 03BC 0066 # So SQUARE MU F +3390 ; FC_NFKC; 0068 007A # So SQUARE HZ +3391 ; FC_NFKC; 006B 0068 007A # So SQUARE KHZ +3392 ; FC_NFKC; 006D 0068 007A # So SQUARE MHZ +3393 ; FC_NFKC; 0067 0068 007A # So SQUARE GHZ +3394 ; FC_NFKC; 0074 0068 007A # So SQUARE THZ +33A9 ; FC_NFKC; 0070 0061 # So SQUARE PA +33AA ; FC_NFKC; 006B 0070 0061 # So SQUARE KPA +33AB ; FC_NFKC; 006D 0070 0061 # So SQUARE MPA +33AC ; FC_NFKC; 0067 0070 0061 # So SQUARE GPA +33B4 ; FC_NFKC; 0070 0076 # So SQUARE PV +33B5 ; FC_NFKC; 006E 0076 # So SQUARE NV +33B6 ; FC_NFKC; 03BC 0076 # So SQUARE MU V +33B7 ; FC_NFKC; 006D 0076 # So SQUARE MV +33B8 ; FC_NFKC; 006B 0076 # So SQUARE KV +33B9 ; FC_NFKC; 006D 0076 # So SQUARE MV MEGA +33BA ; FC_NFKC; 0070 0077 # So SQUARE PW +33BB ; FC_NFKC; 006E 0077 # So SQUARE NW +33BC ; FC_NFKC; 03BC 0077 # So SQUARE MU W +33BD ; FC_NFKC; 006D 0077 # So SQUARE MW +33BE ; FC_NFKC; 006B 0077 # So SQUARE KW +33BF ; FC_NFKC; 006D 0077 # So SQUARE MW MEGA +33C0 ; FC_NFKC; 006B 03C9 # So SQUARE K OHM +33C1 ; FC_NFKC; 006D 03C9 # So SQUARE M OHM +33C3 ; FC_NFKC; 0062 0071 # So SQUARE BQ +33C6 ; FC_NFKC; 0063 2215 006B 0067 # So SQUARE C OVER KG +33C7 ; FC_NFKC; 0063 006F 002E # So SQUARE CO +33C8 ; FC_NFKC; 0064 0062 # So SQUARE DB +33C9 ; FC_NFKC; 0067 0079 # So SQUARE GY +33CB ; FC_NFKC; 0068 0070 # So SQUARE HP +33CD ; FC_NFKC; 006B 006B # So SQUARE KK +33CE ; FC_NFKC; 006B 006D # So SQUARE KM CAPITAL +33D7 ; FC_NFKC; 0070 0068 # So SQUARE PH +33D9 ; FC_NFKC; 0070 0070 006D # So SQUARE PPM +33DA ; FC_NFKC; 0070 0072 # So SQUARE PR +33DC ; FC_NFKC; 0073 0076 # So SQUARE SV +33DD ; FC_NFKC; 0077 0062 # So SQUARE WB +33DE ; FC_NFKC; 0076 2215 006D # So SQUARE V OVER M +33DF ; FC_NFKC; 0061 2215 006D # So SQUARE A OVER M +1D400 ; FC_NFKC; 0061 # L& MATHEMATICAL BOLD CAPITAL A +1D401 ; FC_NFKC; 0062 # L& MATHEMATICAL BOLD CAPITAL B +1D402 ; FC_NFKC; 0063 # L& MATHEMATICAL BOLD CAPITAL C +1D403 ; FC_NFKC; 0064 # L& MATHEMATICAL BOLD CAPITAL D +1D404 ; FC_NFKC; 0065 # L& MATHEMATICAL BOLD CAPITAL E +1D405 ; FC_NFKC; 0066 # L& MATHEMATICAL BOLD CAPITAL F +1D406 ; FC_NFKC; 0067 # L& MATHEMATICAL BOLD CAPITAL G +1D407 ; FC_NFKC; 0068 # L& MATHEMATICAL BOLD CAPITAL H +1D408 ; FC_NFKC; 0069 # L& MATHEMATICAL BOLD CAPITAL I +1D409 ; FC_NFKC; 006A # L& MATHEMATICAL BOLD CAPITAL J +1D40A ; FC_NFKC; 006B # L& MATHEMATICAL BOLD CAPITAL K +1D40B ; FC_NFKC; 006C # L& MATHEMATICAL BOLD CAPITAL L +1D40C ; FC_NFKC; 006D # L& MATHEMATICAL BOLD CAPITAL M +1D40D ; FC_NFKC; 006E # L& MATHEMATICAL BOLD CAPITAL N +1D40E ; FC_NFKC; 006F # L& MATHEMATICAL BOLD CAPITAL O +1D40F ; FC_NFKC; 0070 # L& MATHEMATICAL BOLD CAPITAL P +1D410 ; FC_NFKC; 0071 # L& MATHEMATICAL BOLD CAPITAL Q +1D411 ; FC_NFKC; 0072 # L& MATHEMATICAL BOLD CAPITAL R +1D412 ; FC_NFKC; 0073 # L& MATHEMATICAL BOLD CAPITAL S +1D413 ; FC_NFKC; 0074 # L& MATHEMATICAL BOLD CAPITAL T +1D414 ; FC_NFKC; 0075 # L& MATHEMATICAL BOLD CAPITAL U +1D415 ; FC_NFKC; 0076 # L& MATHEMATICAL BOLD CAPITAL V +1D416 ; FC_NFKC; 0077 # L& MATHEMATICAL BOLD CAPITAL W +1D417 ; FC_NFKC; 0078 # L& MATHEMATICAL BOLD CAPITAL X +1D418 ; FC_NFKC; 0079 # L& MATHEMATICAL BOLD CAPITAL Y +1D419 ; FC_NFKC; 007A # L& MATHEMATICAL BOLD CAPITAL Z +1D434 ; FC_NFKC; 0061 # L& MATHEMATICAL ITALIC CAPITAL A +1D435 ; FC_NFKC; 0062 # L& MATHEMATICAL ITALIC CAPITAL B +1D436 ; FC_NFKC; 0063 # L& MATHEMATICAL ITALIC CAPITAL C +1D437 ; FC_NFKC; 0064 # L& MATHEMATICAL ITALIC CAPITAL D +1D438 ; FC_NFKC; 0065 # L& MATHEMATICAL ITALIC CAPITAL E +1D439 ; FC_NFKC; 0066 # L& MATHEMATICAL ITALIC CAPITAL F +1D43A ; FC_NFKC; 0067 # L& MATHEMATICAL ITALIC CAPITAL G +1D43B ; FC_NFKC; 0068 # L& MATHEMATICAL ITALIC CAPITAL H +1D43C ; FC_NFKC; 0069 # L& MATHEMATICAL ITALIC CAPITAL I +1D43D ; FC_NFKC; 006A # L& MATHEMATICAL ITALIC CAPITAL J +1D43E ; FC_NFKC; 006B # L& MATHEMATICAL ITALIC CAPITAL K +1D43F ; FC_NFKC; 006C # L& MATHEMATICAL ITALIC CAPITAL L +1D440 ; FC_NFKC; 006D # L& MATHEMATICAL ITALIC CAPITAL M +1D441 ; FC_NFKC; 006E # L& MATHEMATICAL ITALIC CAPITAL N +1D442 ; FC_NFKC; 006F # L& MATHEMATICAL ITALIC CAPITAL O +1D443 ; FC_NFKC; 0070 # L& MATHEMATICAL ITALIC CAPITAL P +1D444 ; FC_NFKC; 0071 # L& MATHEMATICAL ITALIC CAPITAL Q +1D445 ; FC_NFKC; 0072 # L& MATHEMATICAL ITALIC CAPITAL R +1D446 ; FC_NFKC; 0073 # L& MATHEMATICAL ITALIC CAPITAL S +1D447 ; FC_NFKC; 0074 # L& MATHEMATICAL ITALIC CAPITAL T +1D448 ; FC_NFKC; 0075 # L& MATHEMATICAL ITALIC CAPITAL U +1D449 ; FC_NFKC; 0076 # L& MATHEMATICAL ITALIC CAPITAL V +1D44A ; FC_NFKC; 0077 # L& MATHEMATICAL ITALIC CAPITAL W +1D44B ; FC_NFKC; 0078 # L& MATHEMATICAL ITALIC CAPITAL X +1D44C ; FC_NFKC; 0079 # L& MATHEMATICAL ITALIC CAPITAL Y +1D44D ; FC_NFKC; 007A # L& MATHEMATICAL ITALIC CAPITAL Z +1D468 ; FC_NFKC; 0061 # L& MATHEMATICAL BOLD ITALIC CAPITAL A +1D469 ; FC_NFKC; 0062 # L& MATHEMATICAL BOLD ITALIC CAPITAL B +1D46A ; FC_NFKC; 0063 # L& MATHEMATICAL BOLD ITALIC CAPITAL C +1D46B ; FC_NFKC; 0064 # L& MATHEMATICAL BOLD ITALIC CAPITAL D +1D46C ; FC_NFKC; 0065 # L& MATHEMATICAL BOLD ITALIC CAPITAL E +1D46D ; FC_NFKC; 0066 # L& MATHEMATICAL BOLD ITALIC CAPITAL F +1D46E ; FC_NFKC; 0067 # L& MATHEMATICAL BOLD ITALIC CAPITAL G +1D46F ; FC_NFKC; 0068 # L& MATHEMATICAL BOLD ITALIC CAPITAL H +1D470 ; FC_NFKC; 0069 # L& MATHEMATICAL BOLD ITALIC CAPITAL I +1D471 ; FC_NFKC; 006A # L& MATHEMATICAL BOLD ITALIC CAPITAL J +1D472 ; FC_NFKC; 006B # L& MATHEMATICAL BOLD ITALIC CAPITAL K +1D473 ; FC_NFKC; 006C # L& MATHEMATICAL BOLD ITALIC CAPITAL L +1D474 ; FC_NFKC; 006D # L& MATHEMATICAL BOLD ITALIC CAPITAL M +1D475 ; FC_NFKC; 006E # L& MATHEMATICAL BOLD ITALIC CAPITAL N +1D476 ; FC_NFKC; 006F # L& MATHEMATICAL BOLD ITALIC CAPITAL O +1D477 ; FC_NFKC; 0070 # L& MATHEMATICAL BOLD ITALIC CAPITAL P +1D478 ; FC_NFKC; 0071 # L& MATHEMATICAL BOLD ITALIC CAPITAL Q +1D479 ; FC_NFKC; 0072 # L& MATHEMATICAL BOLD ITALIC CAPITAL R +1D47A ; FC_NFKC; 0073 # L& MATHEMATICAL BOLD ITALIC CAPITAL S +1D47B ; FC_NFKC; 0074 # L& MATHEMATICAL BOLD ITALIC CAPITAL T +1D47C ; FC_NFKC; 0075 # L& MATHEMATICAL BOLD ITALIC CAPITAL U +1D47D ; FC_NFKC; 0076 # L& MATHEMATICAL BOLD ITALIC CAPITAL V +1D47E ; FC_NFKC; 0077 # L& MATHEMATICAL BOLD ITALIC CAPITAL W +1D47F ; FC_NFKC; 0078 # L& MATHEMATICAL BOLD ITALIC CAPITAL X +1D480 ; FC_NFKC; 0079 # L& MATHEMATICAL BOLD ITALIC CAPITAL Y +1D481 ; FC_NFKC; 007A # L& MATHEMATICAL BOLD ITALIC CAPITAL Z +1D49C ; FC_NFKC; 0061 # L& MATHEMATICAL SCRIPT CAPITAL A +1D49E ; FC_NFKC; 0063 # L& MATHEMATICAL SCRIPT CAPITAL C +1D49F ; FC_NFKC; 0064 # L& MATHEMATICAL SCRIPT CAPITAL D +1D4A2 ; FC_NFKC; 0067 # L& MATHEMATICAL SCRIPT CAPITAL G +1D4A5 ; FC_NFKC; 006A # L& MATHEMATICAL SCRIPT CAPITAL J +1D4A6 ; FC_NFKC; 006B # L& MATHEMATICAL SCRIPT CAPITAL K +1D4A9 ; FC_NFKC; 006E # L& MATHEMATICAL SCRIPT CAPITAL N +1D4AA ; FC_NFKC; 006F # L& MATHEMATICAL SCRIPT CAPITAL O +1D4AB ; FC_NFKC; 0070 # L& MATHEMATICAL SCRIPT CAPITAL P +1D4AC ; FC_NFKC; 0071 # L& MATHEMATICAL SCRIPT CAPITAL Q +1D4AE ; FC_NFKC; 0073 # L& MATHEMATICAL SCRIPT CAPITAL S +1D4AF ; FC_NFKC; 0074 # L& MATHEMATICAL SCRIPT CAPITAL T +1D4B0 ; FC_NFKC; 0075 # L& MATHEMATICAL SCRIPT CAPITAL U +1D4B1 ; FC_NFKC; 0076 # L& MATHEMATICAL SCRIPT CAPITAL V +1D4B2 ; FC_NFKC; 0077 # L& MATHEMATICAL SCRIPT CAPITAL W +1D4B3 ; FC_NFKC; 0078 # L& MATHEMATICAL SCRIPT CAPITAL X +1D4B4 ; FC_NFKC; 0079 # L& MATHEMATICAL SCRIPT CAPITAL Y +1D4B5 ; FC_NFKC; 007A # L& MATHEMATICAL SCRIPT CAPITAL Z +1D4D0 ; FC_NFKC; 0061 # L& MATHEMATICAL BOLD SCRIPT CAPITAL A +1D4D1 ; FC_NFKC; 0062 # L& MATHEMATICAL BOLD SCRIPT CAPITAL B +1D4D2 ; FC_NFKC; 0063 # L& MATHEMATICAL BOLD SCRIPT CAPITAL C +1D4D3 ; FC_NFKC; 0064 # L& MATHEMATICAL BOLD SCRIPT CAPITAL D +1D4D4 ; FC_NFKC; 0065 # L& MATHEMATICAL BOLD SCRIPT CAPITAL E +1D4D5 ; FC_NFKC; 0066 # L& MATHEMATICAL BOLD SCRIPT CAPITAL F +1D4D6 ; FC_NFKC; 0067 # L& MATHEMATICAL BOLD SCRIPT CAPITAL G +1D4D7 ; FC_NFKC; 0068 # L& MATHEMATICAL BOLD SCRIPT CAPITAL H +1D4D8 ; FC_NFKC; 0069 # L& MATHEMATICAL BOLD SCRIPT CAPITAL I +1D4D9 ; FC_NFKC; 006A # L& MATHEMATICAL BOLD SCRIPT CAPITAL J +1D4DA ; FC_NFKC; 006B # L& MATHEMATICAL BOLD SCRIPT CAPITAL K +1D4DB ; FC_NFKC; 006C # L& MATHEMATICAL BOLD SCRIPT CAPITAL L +1D4DC ; FC_NFKC; 006D # L& MATHEMATICAL BOLD SCRIPT CAPITAL M +1D4DD ; FC_NFKC; 006E # L& MATHEMATICAL BOLD SCRIPT CAPITAL N +1D4DE ; FC_NFKC; 006F # L& MATHEMATICAL BOLD SCRIPT CAPITAL O +1D4DF ; FC_NFKC; 0070 # L& MATHEMATICAL BOLD SCRIPT CAPITAL P +1D4E0 ; FC_NFKC; 0071 # L& MATHEMATICAL BOLD SCRIPT CAPITAL Q +1D4E1 ; FC_NFKC; 0072 # L& MATHEMATICAL BOLD SCRIPT CAPITAL R +1D4E2 ; FC_NFKC; 0073 # L& MATHEMATICAL BOLD SCRIPT CAPITAL S +1D4E3 ; FC_NFKC; 0074 # L& MATHEMATICAL BOLD SCRIPT CAPITAL T +1D4E4 ; FC_NFKC; 0075 # L& MATHEMATICAL BOLD SCRIPT CAPITAL U +1D4E5 ; FC_NFKC; 0076 # L& MATHEMATICAL BOLD SCRIPT CAPITAL V +1D4E6 ; FC_NFKC; 0077 # L& MATHEMATICAL BOLD SCRIPT CAPITAL W +1D4E7 ; FC_NFKC; 0078 # L& MATHEMATICAL BOLD SCRIPT CAPITAL X +1D4E8 ; FC_NFKC; 0079 # L& MATHEMATICAL BOLD SCRIPT CAPITAL Y +1D4E9 ; FC_NFKC; 007A # L& MATHEMATICAL BOLD SCRIPT CAPITAL Z +1D504 ; FC_NFKC; 0061 # L& MATHEMATICAL FRAKTUR CAPITAL A +1D505 ; FC_NFKC; 0062 # L& MATHEMATICAL FRAKTUR CAPITAL B +1D507 ; FC_NFKC; 0064 # L& MATHEMATICAL FRAKTUR CAPITAL D +1D508 ; FC_NFKC; 0065 # L& MATHEMATICAL FRAKTUR CAPITAL E +1D509 ; FC_NFKC; 0066 # L& MATHEMATICAL FRAKTUR CAPITAL F +1D50A ; FC_NFKC; 0067 # L& MATHEMATICAL FRAKTUR CAPITAL G +1D50D ; FC_NFKC; 006A # L& MATHEMATICAL FRAKTUR CAPITAL J +1D50E ; FC_NFKC; 006B # L& MATHEMATICAL FRAKTUR CAPITAL K +1D50F ; FC_NFKC; 006C # L& MATHEMATICAL FRAKTUR CAPITAL L +1D510 ; FC_NFKC; 006D # L& MATHEMATICAL FRAKTUR CAPITAL M +1D511 ; FC_NFKC; 006E # L& MATHEMATICAL FRAKTUR CAPITAL N +1D512 ; FC_NFKC; 006F # L& MATHEMATICAL FRAKTUR CAPITAL O +1D513 ; FC_NFKC; 0070 # L& MATHEMATICAL FRAKTUR CAPITAL P +1D514 ; FC_NFKC; 0071 # L& MATHEMATICAL FRAKTUR CAPITAL Q +1D516 ; FC_NFKC; 0073 # L& MATHEMATICAL FRAKTUR CAPITAL S +1D517 ; FC_NFKC; 0074 # L& MATHEMATICAL FRAKTUR CAPITAL T +1D518 ; FC_NFKC; 0075 # L& MATHEMATICAL FRAKTUR CAPITAL U +1D519 ; FC_NFKC; 0076 # L& MATHEMATICAL FRAKTUR CAPITAL V +1D51A ; FC_NFKC; 0077 # L& MATHEMATICAL FRAKTUR CAPITAL W +1D51B ; FC_NFKC; 0078 # L& MATHEMATICAL FRAKTUR CAPITAL X +1D51C ; FC_NFKC; 0079 # L& MATHEMATICAL FRAKTUR CAPITAL Y +1D538 ; FC_NFKC; 0061 # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL A +1D539 ; FC_NFKC; 0062 # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL B +1D53B ; FC_NFKC; 0064 # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL D +1D53C ; FC_NFKC; 0065 # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL E +1D53D ; FC_NFKC; 0066 # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL F +1D53E ; FC_NFKC; 0067 # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL G +1D540 ; FC_NFKC; 0069 # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL I +1D541 ; FC_NFKC; 006A # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL J +1D542 ; FC_NFKC; 006B # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL K +1D543 ; FC_NFKC; 006C # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL L +1D544 ; FC_NFKC; 006D # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL M +1D546 ; FC_NFKC; 006F # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL O +1D54A ; FC_NFKC; 0073 # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL S +1D54B ; FC_NFKC; 0074 # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL T +1D54C ; FC_NFKC; 0075 # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL U +1D54D ; FC_NFKC; 0076 # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL V +1D54E ; FC_NFKC; 0077 # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL W +1D54F ; FC_NFKC; 0078 # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL X +1D550 ; FC_NFKC; 0079 # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL Y +1D56C ; FC_NFKC; 0061 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL A +1D56D ; FC_NFKC; 0062 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL B +1D56E ; FC_NFKC; 0063 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL C +1D56F ; FC_NFKC; 0064 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL D +1D570 ; FC_NFKC; 0065 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL E +1D571 ; FC_NFKC; 0066 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL F +1D572 ; FC_NFKC; 0067 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL G +1D573 ; FC_NFKC; 0068 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL H +1D574 ; FC_NFKC; 0069 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL I +1D575 ; FC_NFKC; 006A # L& MATHEMATICAL BOLD FRAKTUR CAPITAL J +1D576 ; FC_NFKC; 006B # L& MATHEMATICAL BOLD FRAKTUR CAPITAL K +1D577 ; FC_NFKC; 006C # L& MATHEMATICAL BOLD FRAKTUR CAPITAL L +1D578 ; FC_NFKC; 006D # L& MATHEMATICAL BOLD FRAKTUR CAPITAL M +1D579 ; FC_NFKC; 006E # L& MATHEMATICAL BOLD FRAKTUR CAPITAL N +1D57A ; FC_NFKC; 006F # L& MATHEMATICAL BOLD FRAKTUR CAPITAL O +1D57B ; FC_NFKC; 0070 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL P +1D57C ; FC_NFKC; 0071 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL Q +1D57D ; FC_NFKC; 0072 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL R +1D57E ; FC_NFKC; 0073 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL S +1D57F ; FC_NFKC; 0074 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL T +1D580 ; FC_NFKC; 0075 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL U +1D581 ; FC_NFKC; 0076 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL V +1D582 ; FC_NFKC; 0077 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL W +1D583 ; FC_NFKC; 0078 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL X +1D584 ; FC_NFKC; 0079 # L& MATHEMATICAL BOLD FRAKTUR CAPITAL Y +1D585 ; FC_NFKC; 007A # L& MATHEMATICAL BOLD FRAKTUR CAPITAL Z +1D5A0 ; FC_NFKC; 0061 # L& MATHEMATICAL SANS-SERIF CAPITAL A +1D5A1 ; FC_NFKC; 0062 # L& MATHEMATICAL SANS-SERIF CAPITAL B +1D5A2 ; FC_NFKC; 0063 # L& MATHEMATICAL SANS-SERIF CAPITAL C +1D5A3 ; FC_NFKC; 0064 # L& MATHEMATICAL SANS-SERIF CAPITAL D +1D5A4 ; FC_NFKC; 0065 # L& MATHEMATICAL SANS-SERIF CAPITAL E +1D5A5 ; FC_NFKC; 0066 # L& MATHEMATICAL SANS-SERIF CAPITAL F +1D5A6 ; FC_NFKC; 0067 # L& MATHEMATICAL SANS-SERIF CAPITAL G +1D5A7 ; FC_NFKC; 0068 # L& MATHEMATICAL SANS-SERIF CAPITAL H +1D5A8 ; FC_NFKC; 0069 # L& MATHEMATICAL SANS-SERIF CAPITAL I +1D5A9 ; FC_NFKC; 006A # L& MATHEMATICAL SANS-SERIF CAPITAL J +1D5AA ; FC_NFKC; 006B # L& MATHEMATICAL SANS-SERIF CAPITAL K +1D5AB ; FC_NFKC; 006C # L& MATHEMATICAL SANS-SERIF CAPITAL L +1D5AC ; FC_NFKC; 006D # L& MATHEMATICAL SANS-SERIF CAPITAL M +1D5AD ; FC_NFKC; 006E # L& MATHEMATICAL SANS-SERIF CAPITAL N +1D5AE ; FC_NFKC; 006F # L& MATHEMATICAL SANS-SERIF CAPITAL O +1D5AF ; FC_NFKC; 0070 # L& MATHEMATICAL SANS-SERIF CAPITAL P +1D5B0 ; FC_NFKC; 0071 # L& MATHEMATICAL SANS-SERIF CAPITAL Q +1D5B1 ; FC_NFKC; 0072 # L& MATHEMATICAL SANS-SERIF CAPITAL R +1D5B2 ; FC_NFKC; 0073 # L& MATHEMATICAL SANS-SERIF CAPITAL S +1D5B3 ; FC_NFKC; 0074 # L& MATHEMATICAL SANS-SERIF CAPITAL T +1D5B4 ; FC_NFKC; 0075 # L& MATHEMATICAL SANS-SERIF CAPITAL U +1D5B5 ; FC_NFKC; 0076 # L& MATHEMATICAL SANS-SERIF CAPITAL V +1D5B6 ; FC_NFKC; 0077 # L& MATHEMATICAL SANS-SERIF CAPITAL W +1D5B7 ; FC_NFKC; 0078 # L& MATHEMATICAL SANS-SERIF CAPITAL X +1D5B8 ; FC_NFKC; 0079 # L& MATHEMATICAL SANS-SERIF CAPITAL Y +1D5B9 ; FC_NFKC; 007A # L& MATHEMATICAL SANS-SERIF CAPITAL Z +1D5D4 ; FC_NFKC; 0061 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL A +1D5D5 ; FC_NFKC; 0062 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL B +1D5D6 ; FC_NFKC; 0063 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL C +1D5D7 ; FC_NFKC; 0064 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL D +1D5D8 ; FC_NFKC; 0065 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL E +1D5D9 ; FC_NFKC; 0066 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL F +1D5DA ; FC_NFKC; 0067 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL G +1D5DB ; FC_NFKC; 0068 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL H +1D5DC ; FC_NFKC; 0069 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL I +1D5DD ; FC_NFKC; 006A # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL J +1D5DE ; FC_NFKC; 006B # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL K +1D5DF ; FC_NFKC; 006C # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL L +1D5E0 ; FC_NFKC; 006D # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL M +1D5E1 ; FC_NFKC; 006E # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL N +1D5E2 ; FC_NFKC; 006F # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL O +1D5E3 ; FC_NFKC; 0070 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL P +1D5E4 ; FC_NFKC; 0071 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL Q +1D5E5 ; FC_NFKC; 0072 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL R +1D5E6 ; FC_NFKC; 0073 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL S +1D5E7 ; FC_NFKC; 0074 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL T +1D5E8 ; FC_NFKC; 0075 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL U +1D5E9 ; FC_NFKC; 0076 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL V +1D5EA ; FC_NFKC; 0077 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL W +1D5EB ; FC_NFKC; 0078 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL X +1D5EC ; FC_NFKC; 0079 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL Y +1D5ED ; FC_NFKC; 007A # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL Z +1D608 ; FC_NFKC; 0061 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL A +1D609 ; FC_NFKC; 0062 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL B +1D60A ; FC_NFKC; 0063 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL C +1D60B ; FC_NFKC; 0064 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL D +1D60C ; FC_NFKC; 0065 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL E +1D60D ; FC_NFKC; 0066 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL F +1D60E ; FC_NFKC; 0067 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL G +1D60F ; FC_NFKC; 0068 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL H +1D610 ; FC_NFKC; 0069 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL I +1D611 ; FC_NFKC; 006A # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL J +1D612 ; FC_NFKC; 006B # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL K +1D613 ; FC_NFKC; 006C # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL L +1D614 ; FC_NFKC; 006D # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL M +1D615 ; FC_NFKC; 006E # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL N +1D616 ; FC_NFKC; 006F # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL O +1D617 ; FC_NFKC; 0070 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL P +1D618 ; FC_NFKC; 0071 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL Q +1D619 ; FC_NFKC; 0072 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL R +1D61A ; FC_NFKC; 0073 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL S +1D61B ; FC_NFKC; 0074 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL T +1D61C ; FC_NFKC; 0075 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL U +1D61D ; FC_NFKC; 0076 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL V +1D61E ; FC_NFKC; 0077 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL W +1D61F ; FC_NFKC; 0078 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL X +1D620 ; FC_NFKC; 0079 # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL Y +1D621 ; FC_NFKC; 007A # L& MATHEMATICAL SANS-SERIF ITALIC CAPITAL Z +1D63C ; FC_NFKC; 0061 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL A +1D63D ; FC_NFKC; 0062 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL B +1D63E ; FC_NFKC; 0063 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL C +1D63F ; FC_NFKC; 0064 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL D +1D640 ; FC_NFKC; 0065 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL E +1D641 ; FC_NFKC; 0066 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL F +1D642 ; FC_NFKC; 0067 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL G +1D643 ; FC_NFKC; 0068 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL H +1D644 ; FC_NFKC; 0069 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL I +1D645 ; FC_NFKC; 006A # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL J +1D646 ; FC_NFKC; 006B # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL K +1D647 ; FC_NFKC; 006C # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL L +1D648 ; FC_NFKC; 006D # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL M +1D649 ; FC_NFKC; 006E # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL N +1D64A ; FC_NFKC; 006F # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL O +1D64B ; FC_NFKC; 0070 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL P +1D64C ; FC_NFKC; 0071 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Q +1D64D ; FC_NFKC; 0072 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL R +1D64E ; FC_NFKC; 0073 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL S +1D64F ; FC_NFKC; 0074 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL T +1D650 ; FC_NFKC; 0075 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL U +1D651 ; FC_NFKC; 0076 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL V +1D652 ; FC_NFKC; 0077 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL W +1D653 ; FC_NFKC; 0078 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL X +1D654 ; FC_NFKC; 0079 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Y +1D655 ; FC_NFKC; 007A # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Z +1D670 ; FC_NFKC; 0061 # L& MATHEMATICAL MONOSPACE CAPITAL A +1D671 ; FC_NFKC; 0062 # L& MATHEMATICAL MONOSPACE CAPITAL B +1D672 ; FC_NFKC; 0063 # L& MATHEMATICAL MONOSPACE CAPITAL C +1D673 ; FC_NFKC; 0064 # L& MATHEMATICAL MONOSPACE CAPITAL D +1D674 ; FC_NFKC; 0065 # L& MATHEMATICAL MONOSPACE CAPITAL E +1D675 ; FC_NFKC; 0066 # L& MATHEMATICAL MONOSPACE CAPITAL F +1D676 ; FC_NFKC; 0067 # L& MATHEMATICAL MONOSPACE CAPITAL G +1D677 ; FC_NFKC; 0068 # L& MATHEMATICAL MONOSPACE CAPITAL H +1D678 ; FC_NFKC; 0069 # L& MATHEMATICAL MONOSPACE CAPITAL I +1D679 ; FC_NFKC; 006A # L& MATHEMATICAL MONOSPACE CAPITAL J +1D67A ; FC_NFKC; 006B # L& MATHEMATICAL MONOSPACE CAPITAL K +1D67B ; FC_NFKC; 006C # L& MATHEMATICAL MONOSPACE CAPITAL L +1D67C ; FC_NFKC; 006D # L& MATHEMATICAL MONOSPACE CAPITAL M +1D67D ; FC_NFKC; 006E # L& MATHEMATICAL MONOSPACE CAPITAL N +1D67E ; FC_NFKC; 006F # L& MATHEMATICAL MONOSPACE CAPITAL O +1D67F ; FC_NFKC; 0070 # L& MATHEMATICAL MONOSPACE CAPITAL P +1D680 ; FC_NFKC; 0071 # L& MATHEMATICAL MONOSPACE CAPITAL Q +1D681 ; FC_NFKC; 0072 # L& MATHEMATICAL MONOSPACE CAPITAL R +1D682 ; FC_NFKC; 0073 # L& MATHEMATICAL MONOSPACE CAPITAL S +1D683 ; FC_NFKC; 0074 # L& MATHEMATICAL MONOSPACE CAPITAL T +1D684 ; FC_NFKC; 0075 # L& MATHEMATICAL MONOSPACE CAPITAL U +1D685 ; FC_NFKC; 0076 # L& MATHEMATICAL MONOSPACE CAPITAL V +1D686 ; FC_NFKC; 0077 # L& MATHEMATICAL MONOSPACE CAPITAL W +1D687 ; FC_NFKC; 0078 # L& MATHEMATICAL MONOSPACE CAPITAL X +1D688 ; FC_NFKC; 0079 # L& MATHEMATICAL MONOSPACE CAPITAL Y +1D689 ; FC_NFKC; 007A # L& MATHEMATICAL MONOSPACE CAPITAL Z +1D6A8 ; FC_NFKC; 03B1 # L& MATHEMATICAL BOLD CAPITAL ALPHA +1D6A9 ; FC_NFKC; 03B2 # L& MATHEMATICAL BOLD CAPITAL BETA +1D6AA ; FC_NFKC; 03B3 # L& MATHEMATICAL BOLD CAPITAL GAMMA +1D6AB ; FC_NFKC; 03B4 # L& MATHEMATICAL BOLD CAPITAL DELTA +1D6AC ; FC_NFKC; 03B5 # L& MATHEMATICAL BOLD CAPITAL EPSILON +1D6AD ; FC_NFKC; 03B6 # L& MATHEMATICAL BOLD CAPITAL ZETA +1D6AE ; FC_NFKC; 03B7 # L& MATHEMATICAL BOLD CAPITAL ETA +1D6AF ; FC_NFKC; 03B8 # L& MATHEMATICAL BOLD CAPITAL THETA +1D6B0 ; FC_NFKC; 03B9 # L& MATHEMATICAL BOLD CAPITAL IOTA +1D6B1 ; FC_NFKC; 03BA # L& MATHEMATICAL BOLD CAPITAL KAPPA +1D6B2 ; FC_NFKC; 03BB # L& MATHEMATICAL BOLD CAPITAL LAMDA +1D6B3 ; FC_NFKC; 03BC # L& MATHEMATICAL BOLD CAPITAL MU +1D6B4 ; FC_NFKC; 03BD # L& MATHEMATICAL BOLD CAPITAL NU +1D6B5 ; FC_NFKC; 03BE # L& MATHEMATICAL BOLD CAPITAL XI +1D6B6 ; FC_NFKC; 03BF # L& MATHEMATICAL BOLD CAPITAL OMICRON +1D6B7 ; FC_NFKC; 03C0 # L& MATHEMATICAL BOLD CAPITAL PI +1D6B8 ; FC_NFKC; 03C1 # L& MATHEMATICAL BOLD CAPITAL RHO +1D6B9 ; FC_NFKC; 03B8 # L& MATHEMATICAL BOLD CAPITAL THETA SYMBOL +1D6BA ; FC_NFKC; 03C3 # L& MATHEMATICAL BOLD CAPITAL SIGMA +1D6BB ; FC_NFKC; 03C4 # L& MATHEMATICAL BOLD CAPITAL TAU +1D6BC ; FC_NFKC; 03C5 # L& MATHEMATICAL BOLD CAPITAL UPSILON +1D6BD ; FC_NFKC; 03C6 # L& MATHEMATICAL BOLD CAPITAL PHI +1D6BE ; FC_NFKC; 03C7 # L& MATHEMATICAL BOLD CAPITAL CHI +1D6BF ; FC_NFKC; 03C8 # L& MATHEMATICAL BOLD CAPITAL PSI +1D6C0 ; FC_NFKC; 03C9 # L& MATHEMATICAL BOLD CAPITAL OMEGA +1D6D3 ; FC_NFKC; 03C3 # L& MATHEMATICAL BOLD SMALL FINAL SIGMA +1D6E2 ; FC_NFKC; 03B1 # L& MATHEMATICAL ITALIC CAPITAL ALPHA +1D6E3 ; FC_NFKC; 03B2 # L& MATHEMATICAL ITALIC CAPITAL BETA +1D6E4 ; FC_NFKC; 03B3 # L& MATHEMATICAL ITALIC CAPITAL GAMMA +1D6E5 ; FC_NFKC; 03B4 # L& MATHEMATICAL ITALIC CAPITAL DELTA +1D6E6 ; FC_NFKC; 03B5 # L& MATHEMATICAL ITALIC CAPITAL EPSILON +1D6E7 ; FC_NFKC; 03B6 # L& MATHEMATICAL ITALIC CAPITAL ZETA +1D6E8 ; FC_NFKC; 03B7 # L& MATHEMATICAL ITALIC CAPITAL ETA +1D6E9 ; FC_NFKC; 03B8 # L& MATHEMATICAL ITALIC CAPITAL THETA +1D6EA ; FC_NFKC; 03B9 # L& MATHEMATICAL ITALIC CAPITAL IOTA +1D6EB ; FC_NFKC; 03BA # L& MATHEMATICAL ITALIC CAPITAL KAPPA +1D6EC ; FC_NFKC; 03BB # L& MATHEMATICAL ITALIC CAPITAL LAMDA +1D6ED ; FC_NFKC; 03BC # L& MATHEMATICAL ITALIC CAPITAL MU +1D6EE ; FC_NFKC; 03BD # L& MATHEMATICAL ITALIC CAPITAL NU +1D6EF ; FC_NFKC; 03BE # L& MATHEMATICAL ITALIC CAPITAL XI +1D6F0 ; FC_NFKC; 03BF # L& MATHEMATICAL ITALIC CAPITAL OMICRON +1D6F1 ; FC_NFKC; 03C0 # L& MATHEMATICAL ITALIC CAPITAL PI +1D6F2 ; FC_NFKC; 03C1 # L& MATHEMATICAL ITALIC CAPITAL RHO +1D6F3 ; FC_NFKC; 03B8 # L& MATHEMATICAL ITALIC CAPITAL THETA SYMBOL +1D6F4 ; FC_NFKC; 03C3 # L& MATHEMATICAL ITALIC CAPITAL SIGMA +1D6F5 ; FC_NFKC; 03C4 # L& MATHEMATICAL ITALIC CAPITAL TAU +1D6F6 ; FC_NFKC; 03C5 # L& MATHEMATICAL ITALIC CAPITAL UPSILON +1D6F7 ; FC_NFKC; 03C6 # L& MATHEMATICAL ITALIC CAPITAL PHI +1D6F8 ; FC_NFKC; 03C7 # L& MATHEMATICAL ITALIC CAPITAL CHI +1D6F9 ; FC_NFKC; 03C8 # L& MATHEMATICAL ITALIC CAPITAL PSI +1D6FA ; FC_NFKC; 03C9 # L& MATHEMATICAL ITALIC CAPITAL OMEGA +1D70D ; FC_NFKC; 03C3 # L& MATHEMATICAL ITALIC SMALL FINAL SIGMA +1D71C ; FC_NFKC; 03B1 # L& MATHEMATICAL BOLD ITALIC CAPITAL ALPHA +1D71D ; FC_NFKC; 03B2 # L& MATHEMATICAL BOLD ITALIC CAPITAL BETA +1D71E ; FC_NFKC; 03B3 # L& MATHEMATICAL BOLD ITALIC CAPITAL GAMMA +1D71F ; FC_NFKC; 03B4 # L& MATHEMATICAL BOLD ITALIC CAPITAL DELTA +1D720 ; FC_NFKC; 03B5 # L& MATHEMATICAL BOLD ITALIC CAPITAL EPSILON +1D721 ; FC_NFKC; 03B6 # L& MATHEMATICAL BOLD ITALIC CAPITAL ZETA +1D722 ; FC_NFKC; 03B7 # L& MATHEMATICAL BOLD ITALIC CAPITAL ETA +1D723 ; FC_NFKC; 03B8 # L& MATHEMATICAL BOLD ITALIC CAPITAL THETA +1D724 ; FC_NFKC; 03B9 # L& MATHEMATICAL BOLD ITALIC CAPITAL IOTA +1D725 ; FC_NFKC; 03BA # L& MATHEMATICAL BOLD ITALIC CAPITAL KAPPA +1D726 ; FC_NFKC; 03BB # L& MATHEMATICAL BOLD ITALIC CAPITAL LAMDA +1D727 ; FC_NFKC; 03BC # L& MATHEMATICAL BOLD ITALIC CAPITAL MU +1D728 ; FC_NFKC; 03BD # L& MATHEMATICAL BOLD ITALIC CAPITAL NU +1D729 ; FC_NFKC; 03BE # L& MATHEMATICAL BOLD ITALIC CAPITAL XI +1D72A ; FC_NFKC; 03BF # L& MATHEMATICAL BOLD ITALIC CAPITAL OMICRON +1D72B ; FC_NFKC; 03C0 # L& MATHEMATICAL BOLD ITALIC CAPITAL PI +1D72C ; FC_NFKC; 03C1 # L& MATHEMATICAL BOLD ITALIC CAPITAL RHO +1D72D ; FC_NFKC; 03B8 # L& MATHEMATICAL BOLD ITALIC CAPITAL THETA SYMBOL +1D72E ; FC_NFKC; 03C3 # L& MATHEMATICAL BOLD ITALIC CAPITAL SIGMA +1D72F ; FC_NFKC; 03C4 # L& MATHEMATICAL BOLD ITALIC CAPITAL TAU +1D730 ; FC_NFKC; 03C5 # L& MATHEMATICAL BOLD ITALIC CAPITAL UPSILON +1D731 ; FC_NFKC; 03C6 # L& MATHEMATICAL BOLD ITALIC CAPITAL PHI +1D732 ; FC_NFKC; 03C7 # L& MATHEMATICAL BOLD ITALIC CAPITAL CHI +1D733 ; FC_NFKC; 03C8 # L& MATHEMATICAL BOLD ITALIC CAPITAL PSI +1D734 ; FC_NFKC; 03C9 # L& MATHEMATICAL BOLD ITALIC CAPITAL OMEGA +1D747 ; FC_NFKC; 03C3 # L& MATHEMATICAL BOLD ITALIC SMALL FINAL SIGMA +1D756 ; FC_NFKC; 03B1 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL ALPHA +1D757 ; FC_NFKC; 03B2 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL BETA +1D758 ; FC_NFKC; 03B3 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL GAMMA +1D759 ; FC_NFKC; 03B4 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL DELTA +1D75A ; FC_NFKC; 03B5 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL EPSILON +1D75B ; FC_NFKC; 03B6 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL ZETA +1D75C ; FC_NFKC; 03B7 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL ETA +1D75D ; FC_NFKC; 03B8 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL THETA +1D75E ; FC_NFKC; 03B9 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL IOTA +1D75F ; FC_NFKC; 03BA # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL KAPPA +1D760 ; FC_NFKC; 03BB # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL LAMDA +1D761 ; FC_NFKC; 03BC # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL MU +1D762 ; FC_NFKC; 03BD # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL NU +1D763 ; FC_NFKC; 03BE # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL XI +1D764 ; FC_NFKC; 03BF # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL OMICRON +1D765 ; FC_NFKC; 03C0 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL PI +1D766 ; FC_NFKC; 03C1 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL RHO +1D767 ; FC_NFKC; 03B8 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL THETA SYMBOL +1D768 ; FC_NFKC; 03C3 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL SIGMA +1D769 ; FC_NFKC; 03C4 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL TAU +1D76A ; FC_NFKC; 03C5 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL UPSILON +1D76B ; FC_NFKC; 03C6 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL PHI +1D76C ; FC_NFKC; 03C7 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL CHI +1D76D ; FC_NFKC; 03C8 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL PSI +1D76E ; FC_NFKC; 03C9 # L& MATHEMATICAL SANS-SERIF BOLD CAPITAL OMEGA +1D781 ; FC_NFKC; 03C3 # L& MATHEMATICAL SANS-SERIF BOLD SMALL FINAL SIGMA +1D790 ; FC_NFKC; 03B1 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ALPHA +1D791 ; FC_NFKC; 03B2 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL BETA +1D792 ; FC_NFKC; 03B3 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL GAMMA +1D793 ; FC_NFKC; 03B4 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL DELTA +1D794 ; FC_NFKC; 03B5 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL EPSILON +1D795 ; FC_NFKC; 03B6 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ZETA +1D796 ; FC_NFKC; 03B7 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ETA +1D797 ; FC_NFKC; 03B8 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL THETA +1D798 ; FC_NFKC; 03B9 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL IOTA +1D799 ; FC_NFKC; 03BA # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL KAPPA +1D79A ; FC_NFKC; 03BB # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL LAMDA +1D79B ; FC_NFKC; 03BC # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL MU +1D79C ; FC_NFKC; 03BD # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL NU +1D79D ; FC_NFKC; 03BE # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL XI +1D79E ; FC_NFKC; 03BF # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMICRON +1D79F ; FC_NFKC; 03C0 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PI +1D7A0 ; FC_NFKC; 03C1 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL RHO +1D7A1 ; FC_NFKC; 03B8 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL THETA SYMBOL +1D7A2 ; FC_NFKC; 03C3 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL SIGMA +1D7A3 ; FC_NFKC; 03C4 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL TAU +1D7A4 ; FC_NFKC; 03C5 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL UPSILON +1D7A5 ; FC_NFKC; 03C6 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PHI +1D7A6 ; FC_NFKC; 03C7 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL CHI +1D7A7 ; FC_NFKC; 03C8 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PSI +1D7A8 ; FC_NFKC; 03C9 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMEGA +1D7BB ; FC_NFKC; 03C3 # L& MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL FINAL SIGMA + +# Total code points: 564 + +# ================================================ + +# Derived Property: Full_Composition_Exclusion +# Generated from: Composition Exclusions + Singletons + Non-Starter Decompositions + +0340..0341 ; Full_Composition_Exclusion # Mn [2] COMBINING GRAVE TONE MARK..COMBINING ACUTE TONE MARK +0343..0344 ; Full_Composition_Exclusion # Mn [2] COMBINING GREEK KORONIS..COMBINING GREEK DIALYTIKA TONOS +0374 ; Full_Composition_Exclusion # Sk GREEK NUMERAL SIGN +037E ; Full_Composition_Exclusion # Po GREEK QUESTION MARK +0387 ; Full_Composition_Exclusion # Po GREEK ANO TELEIA +0958..095F ; Full_Composition_Exclusion # Lo [8] DEVANAGARI LETTER QA..DEVANAGARI LETTER YYA +09DC..09DD ; Full_Composition_Exclusion # Lo [2] BENGALI LETTER RRA..BENGALI LETTER RHA +09DF ; Full_Composition_Exclusion # Lo BENGALI LETTER YYA +0A33 ; Full_Composition_Exclusion # Lo GURMUKHI LETTER LLA +0A36 ; Full_Composition_Exclusion # Lo GURMUKHI LETTER SHA +0A59..0A5B ; Full_Composition_Exclusion # Lo [3] GURMUKHI LETTER KHHA..GURMUKHI LETTER ZA +0A5E ; Full_Composition_Exclusion # Lo GURMUKHI LETTER FA +0B5C..0B5D ; Full_Composition_Exclusion # Lo [2] ORIYA LETTER RRA..ORIYA LETTER RHA +0F43 ; Full_Composition_Exclusion # Lo TIBETAN LETTER GHA +0F4D ; Full_Composition_Exclusion # Lo TIBETAN LETTER DDHA +0F52 ; Full_Composition_Exclusion # Lo TIBETAN LETTER DHA +0F57 ; Full_Composition_Exclusion # Lo TIBETAN LETTER BHA +0F5C ; Full_Composition_Exclusion # Lo TIBETAN LETTER DZHA +0F69 ; Full_Composition_Exclusion # Lo TIBETAN LETTER KSSA +0F73 ; Full_Composition_Exclusion # Mn TIBETAN VOWEL SIGN II +0F75..0F76 ; Full_Composition_Exclusion # Mn [2] TIBETAN VOWEL SIGN UU..TIBETAN VOWEL SIGN VOCALIC R +0F78 ; Full_Composition_Exclusion # Mn TIBETAN VOWEL SIGN VOCALIC L +0F81 ; Full_Composition_Exclusion # Mn TIBETAN VOWEL SIGN REVERSED II +0F93 ; Full_Composition_Exclusion # Mn TIBETAN SUBJOINED LETTER GHA +0F9D ; Full_Composition_Exclusion # Mn TIBETAN SUBJOINED LETTER DDHA +0FA2 ; Full_Composition_Exclusion # Mn TIBETAN SUBJOINED LETTER DHA +0FA7 ; Full_Composition_Exclusion # Mn TIBETAN SUBJOINED LETTER BHA +0FAC ; Full_Composition_Exclusion # Mn TIBETAN SUBJOINED LETTER DZHA +0FB9 ; Full_Composition_Exclusion # Mn TIBETAN SUBJOINED LETTER KSSA +1F71 ; Full_Composition_Exclusion # L& GREEK SMALL LETTER ALPHA WITH OXIA +1F73 ; Full_Composition_Exclusion # L& GREEK SMALL LETTER EPSILON WITH OXIA +1F75 ; Full_Composition_Exclusion # L& GREEK SMALL LETTER ETA WITH OXIA +1F77 ; Full_Composition_Exclusion # L& GREEK SMALL LETTER IOTA WITH OXIA +1F79 ; Full_Composition_Exclusion # L& GREEK SMALL LETTER OMICRON WITH OXIA +1F7B ; Full_Composition_Exclusion # L& GREEK SMALL LETTER UPSILON WITH OXIA +1F7D ; Full_Composition_Exclusion # L& GREEK SMALL LETTER OMEGA WITH OXIA +1FBB ; Full_Composition_Exclusion # L& GREEK CAPITAL LETTER ALPHA WITH OXIA +1FBE ; Full_Composition_Exclusion # L& GREEK PROSGEGRAMMENI +1FC9 ; Full_Composition_Exclusion # L& GREEK CAPITAL LETTER EPSILON WITH OXIA +1FCB ; Full_Composition_Exclusion # L& GREEK CAPITAL LETTER ETA WITH OXIA +1FD3 ; Full_Composition_Exclusion # L& GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA +1FDB ; Full_Composition_Exclusion # L& GREEK CAPITAL LETTER IOTA WITH OXIA +1FE3 ; Full_Composition_Exclusion # L& GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND OXIA +1FEB ; Full_Composition_Exclusion # L& GREEK CAPITAL LETTER UPSILON WITH OXIA +1FEE..1FEF ; Full_Composition_Exclusion # Sk [2] GREEK DIALYTIKA AND OXIA..GREEK VARIA +1FF9 ; Full_Composition_Exclusion # L& GREEK CAPITAL LETTER OMICRON WITH OXIA +1FFB ; Full_Composition_Exclusion # L& GREEK CAPITAL LETTER OMEGA WITH OXIA +1FFD ; Full_Composition_Exclusion # Sk GREEK OXIA +2000..2001 ; Full_Composition_Exclusion # Zs [2] EN QUAD..EM QUAD +2126 ; Full_Composition_Exclusion # L& OHM SIGN +212A..212B ; Full_Composition_Exclusion # L& [2] KELVIN SIGN..ANGSTROM SIGN +2329 ; Full_Composition_Exclusion # Ps LEFT-POINTING ANGLE BRACKET +232A ; Full_Composition_Exclusion # Pe RIGHT-POINTING ANGLE BRACKET +2ADC ; Full_Composition_Exclusion # Sm FORKING +F900..FA0D ; Full_Composition_Exclusion # Lo [270] CJK COMPATIBILITY IDEOGRAPH-F900..CJK COMPATIBILITY IDEOGRAPH-FA0D +FA10 ; Full_Composition_Exclusion # Lo CJK COMPATIBILITY IDEOGRAPH-FA10 +FA12 ; Full_Composition_Exclusion # Lo CJK COMPATIBILITY IDEOGRAPH-FA12 +FA15..FA1E ; Full_Composition_Exclusion # Lo [10] CJK COMPATIBILITY IDEOGRAPH-FA15..CJK COMPATIBILITY IDEOGRAPH-FA1E +FA20 ; Full_Composition_Exclusion # Lo CJK COMPATIBILITY IDEOGRAPH-FA20 +FA22 ; Full_Composition_Exclusion # Lo CJK COMPATIBILITY IDEOGRAPH-FA22 +FA25..FA26 ; Full_Composition_Exclusion # Lo [2] CJK COMPATIBILITY IDEOGRAPH-FA25..CJK COMPATIBILITY IDEOGRAPH-FA26 +FA2A..FA2D ; Full_Composition_Exclusion # Lo [4] CJK COMPATIBILITY IDEOGRAPH-FA2A..CJK COMPATIBILITY IDEOGRAPH-FA2D +FA30..FA6A ; Full_Composition_Exclusion # Lo [59] CJK COMPATIBILITY IDEOGRAPH-FA30..CJK COMPATIBILITY IDEOGRAPH-FA6A +FB1D ; Full_Composition_Exclusion # Lo HEBREW LETTER YOD WITH HIRIQ +FB1F ; Full_Composition_Exclusion # Lo HEBREW LIGATURE YIDDISH YOD YOD PATAH +FB2A..FB36 ; Full_Composition_Exclusion # Lo [13] HEBREW LETTER SHIN WITH SHIN DOT..HEBREW LETTER ZAYIN WITH DAGESH +FB38..FB3C ; Full_Composition_Exclusion # Lo [5] HEBREW LETTER TET WITH DAGESH..HEBREW LETTER LAMED WITH DAGESH +FB3E ; Full_Composition_Exclusion # Lo HEBREW LETTER MEM WITH DAGESH +FB40..FB41 ; Full_Composition_Exclusion # Lo [2] HEBREW LETTER NUN WITH DAGESH..HEBREW LETTER SAMEKH WITH DAGESH +FB43..FB44 ; Full_Composition_Exclusion # Lo [2] HEBREW LETTER FINAL PE WITH DAGESH..HEBREW LETTER PE WITH DAGESH +FB46..FB4E ; Full_Composition_Exclusion # Lo [9] HEBREW LETTER TSADI WITH DAGESH..HEBREW LETTER PE WITH RAFE +1D15E..1D164 ; Full_Composition_Exclusion # So [7] MUSICAL SYMBOL HALF NOTE..MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE +1D1BB..1D1C0 ; Full_Composition_Exclusion # So [6] MUSICAL SYMBOL MINIMA..MUSICAL SYMBOL FUSA BLACK +2F800..2FA1D ; Full_Composition_Exclusion # Lo [542] CJK COMPATIBILITY IDEOGRAPH-2F800..CJK COMPATIBILITY IDEOGRAPH-2FA1D + +# Total code points: 1009 + +# ================================================ + +# Property: NFD_Quick_Check + +# All code points not explicitly listed for NFD_Quick_Check +# have the value Yes (Y). + +# ================================================ + +# NFD_Quick_Check=No + +00C0..00C5 ; NFD_QC; N # L& [6] LATIN CAPITAL LETTER A WITH GRAVE..LATIN CAPITAL LETTER A WITH RING ABOVE +00C7..00CF ; NFD_QC; N # L& [9] LATIN CAPITAL LETTER C WITH CEDILLA..LATIN CAPITAL LETTER I WITH DIAERESIS +00D1..00D6 ; NFD_QC; N # L& [6] LATIN CAPITAL LETTER N WITH TILDE..LATIN CAPITAL LETTER O WITH DIAERESIS +00D9..00DD ; NFD_QC; N # L& [5] LATIN CAPITAL LETTER U WITH GRAVE..LATIN CAPITAL LETTER Y WITH ACUTE +00E0..00E5 ; NFD_QC; N # L& [6] LATIN SMALL LETTER A WITH GRAVE..LATIN SMALL LETTER A WITH RING ABOVE +00E7..00EF ; NFD_QC; N # L& [9] LATIN SMALL LETTER C WITH CEDILLA..LATIN SMALL LETTER I WITH DIAERESIS +00F1..00F6 ; NFD_QC; N # L& [6] LATIN SMALL LETTER N WITH TILDE..LATIN SMALL LETTER O WITH DIAERESIS +00F9..00FD ; NFD_QC; N # L& [5] LATIN SMALL LETTER U WITH GRAVE..LATIN SMALL LETTER Y WITH ACUTE +00FF..010F ; NFD_QC; N # L& [17] LATIN SMALL LETTER Y WITH DIAERESIS..LATIN SMALL LETTER D WITH CARON +0112..0125 ; NFD_QC; N # L& [20] LATIN CAPITAL LETTER E WITH MACRON..LATIN SMALL LETTER H WITH CIRCUMFLEX +0128..0130 ; NFD_QC; N # L& [9] LATIN CAPITAL LETTER I WITH TILDE..LATIN CAPITAL LETTER I WITH DOT ABOVE +0134..0137 ; NFD_QC; N # L& [4] LATIN CAPITAL LETTER J WITH CIRCUMFLEX..LATIN SMALL LETTER K WITH CEDILLA +0139..013E ; NFD_QC; N # L& [6] LATIN CAPITAL LETTER L WITH ACUTE..LATIN SMALL LETTER L WITH CARON +0143..0148 ; NFD_QC; N # L& [6] LATIN CAPITAL LETTER N WITH ACUTE..LATIN SMALL LETTER N WITH CARON +014C..0151 ; NFD_QC; N # L& [6] LATIN CAPITAL LETTER O WITH MACRON..LATIN SMALL LETTER O WITH DOUBLE ACUTE +0154..0165 ; NFD_QC; N # L& [18] LATIN CAPITAL LETTER R WITH ACUTE..LATIN SMALL LETTER T WITH CARON +0168..017E ; NFD_QC; N # L& [23] LATIN CAPITAL LETTER U WITH TILDE..LATIN SMALL LETTER Z WITH CARON +01A0..01A1 ; NFD_QC; N # L& [2] LATIN CAPITAL LETTER O WITH HORN..LATIN SMALL LETTER O WITH HORN +01AF..01B0 ; NFD_QC; N # L& [2] LATIN CAPITAL LETTER U WITH HORN..LATIN SMALL LETTER U WITH HORN +01CD..01DC ; NFD_QC; N # L& [16] LATIN CAPITAL LETTER A WITH CARON..LATIN SMALL LETTER U WITH DIAERESIS AND GRAVE +01DE..01E3 ; NFD_QC; N # L& [6] LATIN CAPITAL LETTER A WITH DIAERESIS AND MACRON..LATIN SMALL LETTER AE WITH MACRON +01E6..01F0 ; NFD_QC; N # L& [11] LATIN CAPITAL LETTER G WITH CARON..LATIN SMALL LETTER J WITH CARON +01F4..01F5 ; NFD_QC; N # L& [2] LATIN CAPITAL LETTER G WITH ACUTE..LATIN SMALL LETTER G WITH ACUTE +01F8..021B ; NFD_QC; N # L& [36] LATIN CAPITAL LETTER N WITH GRAVE..LATIN SMALL LETTER T WITH COMMA BELOW +021E..021F ; NFD_QC; N # L& [2] LATIN CAPITAL LETTER H WITH CARON..LATIN SMALL LETTER H WITH CARON +0226..0233 ; NFD_QC; N # L& [14] LATIN CAPITAL LETTER A WITH DOT ABOVE..LATIN SMALL LETTER Y WITH MACRON +0340..0341 ; NFD_QC; N # Mn [2] COMBINING GRAVE TONE MARK..COMBINING ACUTE TONE MARK +0343..0344 ; NFD_QC; N # Mn [2] COMBINING GREEK KORONIS..COMBINING GREEK DIALYTIKA TONOS +0374 ; NFD_QC; N # Sk GREEK NUMERAL SIGN +037E ; NFD_QC; N # Po GREEK QUESTION MARK +0385 ; NFD_QC; N # Sk GREEK DIALYTIKA TONOS +0386 ; NFD_QC; N # L& GREEK CAPITAL LETTER ALPHA WITH TONOS +0387 ; NFD_QC; N # Po GREEK ANO TELEIA +0388..038A ; NFD_QC; N # L& [3] GREEK CAPITAL LETTER EPSILON WITH TONOS..GREEK CAPITAL LETTER IOTA WITH TONOS +038C ; NFD_QC; N # L& GREEK CAPITAL LETTER OMICRON WITH TONOS +038E..0390 ; NFD_QC; N # L& [3] GREEK CAPITAL LETTER UPSILON WITH TONOS..GREEK SMALL LETTER IOTA WITH DIALYTIKA AND TONOS +03AA..03B0 ; NFD_QC; N # L& [7] GREEK CAPITAL LETTER IOTA WITH DIALYTIKA..GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND TONOS +03CA..03CE ; NFD_QC; N # L& [5] GREEK SMALL LETTER IOTA WITH DIALYTIKA..GREEK SMALL LETTER OMEGA WITH TONOS +03D3..03D4 ; NFD_QC; N # L& [2] GREEK UPSILON WITH ACUTE AND HOOK SYMBOL..GREEK UPSILON WITH DIAERESIS AND HOOK SYMBOL +0400..0401 ; NFD_QC; N # L& [2] CYRILLIC CAPITAL LETTER IE WITH GRAVE..CYRILLIC CAPITAL LETTER IO +0403 ; NFD_QC; N # L& CYRILLIC CAPITAL LETTER GJE +0407 ; NFD_QC; N # L& CYRILLIC CAPITAL LETTER YI +040C..040E ; NFD_QC; N # L& [3] CYRILLIC CAPITAL LETTER KJE..CYRILLIC CAPITAL LETTER SHORT U +0419 ; NFD_QC; N # L& CYRILLIC CAPITAL LETTER SHORT I +0439 ; NFD_QC; N # L& CYRILLIC SMALL LETTER SHORT I +0450..0451 ; NFD_QC; N # L& [2] CYRILLIC SMALL LETTER IE WITH GRAVE..CYRILLIC SMALL LETTER IO +0453 ; NFD_QC; N # L& CYRILLIC SMALL LETTER GJE +0457 ; NFD_QC; N # L& CYRILLIC SMALL LETTER YI +045C..045E ; NFD_QC; N # L& [3] CYRILLIC SMALL LETTER KJE..CYRILLIC SMALL LETTER SHORT U +0476..0477 ; NFD_QC; N # L& [2] CYRILLIC CAPITAL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT..CYRILLIC SMALL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT +04C1..04C2 ; NFD_QC; N # L& [2] CYRILLIC CAPITAL LETTER ZHE WITH BREVE..CYRILLIC SMALL LETTER ZHE WITH BREVE +04D0..04D3 ; NFD_QC; N # L& [4] CYRILLIC CAPITAL LETTER A WITH BREVE..CYRILLIC SMALL LETTER A WITH DIAERESIS +04D6..04D7 ; NFD_QC; N # L& [2] CYRILLIC CAPITAL LETTER IE WITH BREVE..CYRILLIC SMALL LETTER IE WITH BREVE +04DA..04DF ; NFD_QC; N # L& [6] CYRILLIC CAPITAL LETTER SCHWA WITH DIAERESIS..CYRILLIC SMALL LETTER ZE WITH DIAERESIS +04E2..04E7 ; NFD_QC; N # L& [6] CYRILLIC CAPITAL LETTER I WITH MACRON..CYRILLIC SMALL LETTER O WITH DIAERESIS +04EA..04F5 ; NFD_QC; N # L& [12] CYRILLIC CAPITAL LETTER BARRED O WITH DIAERESIS..CYRILLIC SMALL LETTER CHE WITH DIAERESIS +04F8..04F9 ; NFD_QC; N # L& [2] CYRILLIC CAPITAL LETTER YERU WITH DIAERESIS..CYRILLIC SMALL LETTER YERU WITH DIAERESIS +0622..0626 ; NFD_QC; N # Lo [5] ARABIC LETTER ALEF WITH MADDA ABOVE..ARABIC LETTER YEH WITH HAMZA ABOVE +06C0 ; NFD_QC; N # Lo ARABIC LETTER HEH WITH YEH ABOVE +06C2 ; NFD_QC; N # Lo ARABIC LETTER HEH GOAL WITH HAMZA ABOVE +06D3 ; NFD_QC; N # Lo ARABIC LETTER YEH BARREE WITH HAMZA ABOVE +0929 ; NFD_QC; N # Lo DEVANAGARI LETTER NNNA +0931 ; NFD_QC; N # Lo DEVANAGARI LETTER RRA +0934 ; NFD_QC; N # Lo DEVANAGARI LETTER LLLA +0958..095F ; NFD_QC; N # Lo [8] DEVANAGARI LETTER QA..DEVANAGARI LETTER YYA +09CB..09CC ; NFD_QC; N # Mc [2] BENGALI VOWEL SIGN O..BENGALI VOWEL SIGN AU +09DC..09DD ; NFD_QC; N # Lo [2] BENGALI LETTER RRA..BENGALI LETTER RHA +09DF ; NFD_QC; N # Lo BENGALI LETTER YYA +0A33 ; NFD_QC; N # Lo GURMUKHI LETTER LLA +0A36 ; NFD_QC; N # Lo GURMUKHI LETTER SHA +0A59..0A5B ; NFD_QC; N # Lo [3] GURMUKHI LETTER KHHA..GURMUKHI LETTER ZA +0A5E ; NFD_QC; N # Lo GURMUKHI LETTER FA +0B48 ; NFD_QC; N # Mc ORIYA VOWEL SIGN AI +0B4B..0B4C ; NFD_QC; N # Mc [2] ORIYA VOWEL SIGN O..ORIYA VOWEL SIGN AU +0B5C..0B5D ; NFD_QC; N # Lo [2] ORIYA LETTER RRA..ORIYA LETTER RHA +0B94 ; NFD_QC; N # Lo TAMIL LETTER AU +0BCA..0BCC ; NFD_QC; N # Mc [3] TAMIL VOWEL SIGN O..TAMIL VOWEL SIGN AU +0C48 ; NFD_QC; N # Mn TELUGU VOWEL SIGN AI +0CC0 ; NFD_QC; N # Mc KANNADA VOWEL SIGN II +0CC7..0CC8 ; NFD_QC; N # Mc [2] KANNADA VOWEL SIGN EE..KANNADA VOWEL SIGN AI +0CCA..0CCB ; NFD_QC; N # Mc [2] KANNADA VOWEL SIGN O..KANNADA VOWEL SIGN OO +0D4A..0D4C ; NFD_QC; N # Mc [3] MALAYALAM VOWEL SIGN O..MALAYALAM VOWEL SIGN AU +0DDA ; NFD_QC; N # Mc SINHALA VOWEL SIGN DIGA KOMBUVA +0DDC..0DDE ; NFD_QC; N # Mc [3] SINHALA VOWEL SIGN KOMBUVA HAA AELA-PILLA..SINHALA VOWEL SIGN KOMBUVA HAA GAYANUKITTA +0F43 ; NFD_QC; N # Lo TIBETAN LETTER GHA +0F4D ; NFD_QC; N # Lo TIBETAN LETTER DDHA +0F52 ; NFD_QC; N # Lo TIBETAN LETTER DHA +0F57 ; NFD_QC; N # Lo TIBETAN LETTER BHA +0F5C ; NFD_QC; N # Lo TIBETAN LETTER DZHA +0F69 ; NFD_QC; N # Lo TIBETAN LETTER KSSA +0F73 ; NFD_QC; N # Mn TIBETAN VOWEL SIGN II +0F75..0F76 ; NFD_QC; N # Mn [2] TIBETAN VOWEL SIGN UU..TIBETAN VOWEL SIGN VOCALIC R +0F78 ; NFD_QC; N # Mn TIBETAN VOWEL SIGN VOCALIC L +0F81 ; NFD_QC; N # Mn TIBETAN VOWEL SIGN REVERSED II +0F93 ; NFD_QC; N # Mn TIBETAN SUBJOINED LETTER GHA +0F9D ; NFD_QC; N # Mn TIBETAN SUBJOINED LETTER DDHA +0FA2 ; NFD_QC; N # Mn TIBETAN SUBJOINED LETTER DHA +0FA7 ; NFD_QC; N # Mn TIBETAN SUBJOINED LETTER BHA +0FAC ; NFD_QC; N # Mn TIBETAN SUBJOINED LETTER DZHA +0FB9 ; NFD_QC; N # Mn TIBETAN SUBJOINED LETTER KSSA +1026 ; NFD_QC; N # Lo MYANMAR LETTER UU +1E00..1E99 ; NFD_QC; N # L& [154] LATIN CAPITAL LETTER A WITH RING BELOW..LATIN SMALL LETTER Y WITH RING ABOVE +1E9B ; NFD_QC; N # L& LATIN SMALL LETTER LONG S WITH DOT ABOVE +1EA0..1EF9 ; NFD_QC; N # L& [90] LATIN CAPITAL LETTER A WITH DOT BELOW..LATIN SMALL LETTER Y WITH TILDE +1F00..1F15 ; NFD_QC; N # L& [22] GREEK SMALL LETTER ALPHA WITH PSILI..GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA +1F18..1F1D ; NFD_QC; N # L& [6] GREEK CAPITAL LETTER EPSILON WITH PSILI..GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA +1F20..1F45 ; NFD_QC; N # L& [38] GREEK SMALL LETTER ETA WITH PSILI..GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA +1F48..1F4D ; NFD_QC; N # L& [6] GREEK CAPITAL LETTER OMICRON WITH PSILI..GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA +1F50..1F57 ; NFD_QC; N # L& [8] GREEK SMALL LETTER UPSILON WITH PSILI..GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI +1F59 ; NFD_QC; N # L& GREEK CAPITAL LETTER UPSILON WITH DASIA +1F5B ; NFD_QC; N # L& GREEK CAPITAL LETTER UPSILON WITH DASIA AND VARIA +1F5D ; NFD_QC; N # L& GREEK CAPITAL LETTER UPSILON WITH DASIA AND OXIA +1F5F..1F7D ; NFD_QC; N # L& [31] GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI..GREEK SMALL LETTER OMEGA WITH OXIA +1F80..1FB4 ; NFD_QC; N # L& [53] GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI..GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI +1FB6..1FBC ; NFD_QC; N # L& [7] GREEK SMALL LETTER ALPHA WITH PERISPOMENI..GREEK CAPITAL LETTER ALPHA WITH PROSGEGRAMMENI +1FBE ; NFD_QC; N # L& GREEK PROSGEGRAMMENI +1FC1 ; NFD_QC; N # Sk GREEK DIALYTIKA AND PERISPOMENI +1FC2..1FC4 ; NFD_QC; N # L& [3] GREEK SMALL LETTER ETA WITH VARIA AND YPOGEGRAMMENI..GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI +1FC6..1FCC ; NFD_QC; N # L& [7] GREEK SMALL LETTER ETA WITH PERISPOMENI..GREEK CAPITAL LETTER ETA WITH PROSGEGRAMMENI +1FCD..1FCF ; NFD_QC; N # Sk [3] GREEK PSILI AND VARIA..GREEK PSILI AND PERISPOMENI +1FD0..1FD3 ; NFD_QC; N # L& [4] GREEK SMALL LETTER IOTA WITH VRACHY..GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA +1FD6..1FDB ; NFD_QC; N # L& [6] GREEK SMALL LETTER IOTA WITH PERISPOMENI..GREEK CAPITAL LETTER IOTA WITH OXIA +1FDD..1FDF ; NFD_QC; N # Sk [3] GREEK DASIA AND VARIA..GREEK DASIA AND PERISPOMENI +1FE0..1FEC ; NFD_QC; N # L& [13] GREEK SMALL LETTER UPSILON WITH VRACHY..GREEK CAPITAL LETTER RHO WITH DASIA +1FED..1FEF ; NFD_QC; N # Sk [3] GREEK DIALYTIKA AND VARIA..GREEK VARIA +1FF2..1FF4 ; NFD_QC; N # L& [3] GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI..GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI +1FF6..1FFC ; NFD_QC; N # L& [7] GREEK SMALL LETTER OMEGA WITH PERISPOMENI..GREEK CAPITAL LETTER OMEGA WITH PROSGEGRAMMENI +1FFD ; NFD_QC; N # Sk GREEK OXIA +2000..2001 ; NFD_QC; N # Zs [2] EN QUAD..EM QUAD +2126 ; NFD_QC; N # L& OHM SIGN +212A..212B ; NFD_QC; N # L& [2] KELVIN SIGN..ANGSTROM SIGN +219A..219B ; NFD_QC; N # Sm [2] LEFTWARDS ARROW WITH STROKE..RIGHTWARDS ARROW WITH STROKE +21AE ; NFD_QC; N # Sm LEFT RIGHT ARROW WITH STROKE +21CD ; NFD_QC; N # So LEFTWARDS DOUBLE ARROW WITH STROKE +21CE..21CF ; NFD_QC; N # Sm [2] LEFT RIGHT DOUBLE ARROW WITH STROKE..RIGHTWARDS DOUBLE ARROW WITH STROKE +2204 ; NFD_QC; N # Sm THERE DOES NOT EXIST +2209 ; NFD_QC; N # Sm NOT AN ELEMENT OF +220C ; NFD_QC; N # Sm DOES NOT CONTAIN AS MEMBER +2224 ; NFD_QC; N # Sm DOES NOT DIVIDE +2226 ; NFD_QC; N # Sm NOT PARALLEL TO +2241 ; NFD_QC; N # Sm NOT TILDE +2244 ; NFD_QC; N # Sm NOT ASYMPTOTICALLY EQUAL TO +2247 ; NFD_QC; N # Sm NEITHER APPROXIMATELY NOR ACTUALLY EQUAL TO +2249 ; NFD_QC; N # Sm NOT ALMOST EQUAL TO +2260 ; NFD_QC; N # Sm NOT EQUAL TO +2262 ; NFD_QC; N # Sm NOT IDENTICAL TO +226D..2271 ; NFD_QC; N # Sm [5] NOT EQUIVALENT TO..NEITHER GREATER-THAN NOR EQUAL TO +2274..2275 ; NFD_QC; N # Sm [2] NEITHER LESS-THAN NOR EQUIVALENT TO..NEITHER GREATER-THAN NOR EQUIVALENT TO +2278..2279 ; NFD_QC; N # Sm [2] NEITHER LESS-THAN NOR GREATER-THAN..NEITHER GREATER-THAN NOR LESS-THAN +2280..2281 ; NFD_QC; N # Sm [2] DOES NOT PRECEDE..DOES NOT SUCCEED +2284..2285 ; NFD_QC; N # Sm [2] NOT A SUBSET OF..NOT A SUPERSET OF +2288..2289 ; NFD_QC; N # Sm [2] NEITHER A SUBSET OF NOR EQUAL TO..NEITHER A SUPERSET OF NOR EQUAL TO +22AC..22AF ; NFD_QC; N # Sm [4] DOES NOT PROVE..NEGATED DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE +22E0..22E3 ; NFD_QC; N # Sm [4] DOES NOT PRECEDE OR EQUAL..NOT SQUARE ORIGINAL OF OR EQUAL TO +22EA..22ED ; NFD_QC; N # Sm [4] NOT NORMAL SUBGROUP OF..DOES NOT CONTAIN AS NORMAL SUBGROUP OR EQUAL +2329 ; NFD_QC; N # Ps LEFT-POINTING ANGLE BRACKET +232A ; NFD_QC; N # Pe RIGHT-POINTING ANGLE BRACKET +2ADC ; NFD_QC; N # Sm FORKING +304C ; NFD_QC; N # Lo HIRAGANA LETTER GA +304E ; NFD_QC; N # Lo HIRAGANA LETTER GI +3050 ; NFD_QC; N # Lo HIRAGANA LETTER GU +3052 ; NFD_QC; N # Lo HIRAGANA LETTER GE +3054 ; NFD_QC; N # Lo HIRAGANA LETTER GO +3056 ; NFD_QC; N # Lo HIRAGANA LETTER ZA +3058 ; NFD_QC; N # Lo HIRAGANA LETTER ZI +305A ; NFD_QC; N # Lo HIRAGANA LETTER ZU +305C ; NFD_QC; N # Lo HIRAGANA LETTER ZE +305E ; NFD_QC; N # Lo HIRAGANA LETTER ZO +3060 ; NFD_QC; N # Lo HIRAGANA LETTER DA +3062 ; NFD_QC; N # Lo HIRAGANA LETTER DI +3065 ; NFD_QC; N # Lo HIRAGANA LETTER DU +3067 ; NFD_QC; N # Lo HIRAGANA LETTER DE +3069 ; NFD_QC; N # Lo HIRAGANA LETTER DO +3070..3071 ; NFD_QC; N # Lo [2] HIRAGANA LETTER BA..HIRAGANA LETTER PA +3073..3074 ; NFD_QC; N # Lo [2] HIRAGANA LETTER BI..HIRAGANA LETTER PI +3076..3077 ; NFD_QC; N # Lo [2] HIRAGANA LETTER BU..HIRAGANA LETTER PU +3079..307A ; NFD_QC; N # Lo [2] HIRAGANA LETTER BE..HIRAGANA LETTER PE +307C..307D ; NFD_QC; N # Lo [2] HIRAGANA LETTER BO..HIRAGANA LETTER PO +3094 ; NFD_QC; N # Lo HIRAGANA LETTER VU +309E ; NFD_QC; N # Lm HIRAGANA VOICED ITERATION MARK +30AC ; NFD_QC; N # Lo KATAKANA LETTER GA +30AE ; NFD_QC; N # Lo KATAKANA LETTER GI +30B0 ; NFD_QC; N # Lo KATAKANA LETTER GU +30B2 ; NFD_QC; N # Lo KATAKANA LETTER GE +30B4 ; NFD_QC; N # Lo KATAKANA LETTER GO +30B6 ; NFD_QC; N # Lo KATAKANA LETTER ZA +30B8 ; NFD_QC; N # Lo KATAKANA LETTER ZI +30BA ; NFD_QC; N # Lo KATAKANA LETTER ZU +30BC ; NFD_QC; N # Lo KATAKANA LETTER ZE +30BE ; NFD_QC; N # Lo KATAKANA LETTER ZO +30C0 ; NFD_QC; N # Lo KATAKANA LETTER DA +30C2 ; NFD_QC; N # Lo KATAKANA LETTER DI +30C5 ; NFD_QC; N # Lo KATAKANA LETTER DU +30C7 ; NFD_QC; N # Lo KATAKANA LETTER DE +30C9 ; NFD_QC; N # Lo KATAKANA LETTER DO +30D0..30D1 ; NFD_QC; N # Lo [2] KATAKANA LETTER BA..KATAKANA LETTER PA +30D3..30D4 ; NFD_QC; N # Lo [2] KATAKANA LETTER BI..KATAKANA LETTER PI +30D6..30D7 ; NFD_QC; N # Lo [2] KATAKANA LETTER BU..KATAKANA LETTER PU +30D9..30DA ; NFD_QC; N # Lo [2] KATAKANA LETTER BE..KATAKANA LETTER PE +30DC..30DD ; NFD_QC; N # Lo [2] KATAKANA LETTER BO..KATAKANA LETTER PO +30F4 ; NFD_QC; N # Lo KATAKANA LETTER VU +30F7..30FA ; NFD_QC; N # Lo [4] KATAKANA LETTER VA..KATAKANA LETTER VO +30FE ; NFD_QC; N # Lm KATAKANA VOICED ITERATION MARK +AC00..D7A3 ; NFD_QC; N # Lo [11172] HANGUL SYLLABLE GA..HANGUL SYLLABLE HIH +F900..FA0D ; NFD_QC; N # Lo [270] CJK COMPATIBILITY IDEOGRAPH-F900..CJK COMPATIBILITY IDEOGRAPH-FA0D +FA10 ; NFD_QC; N # Lo CJK COMPATIBILITY IDEOGRAPH-FA10 +FA12 ; NFD_QC; N # Lo CJK COMPATIBILITY IDEOGRAPH-FA12 +FA15..FA1E ; NFD_QC; N # Lo [10] CJK COMPATIBILITY IDEOGRAPH-FA15..CJK COMPATIBILITY IDEOGRAPH-FA1E +FA20 ; NFD_QC; N # Lo CJK COMPATIBILITY IDEOGRAPH-FA20 +FA22 ; NFD_QC; N # Lo CJK COMPATIBILITY IDEOGRAPH-FA22 +FA25..FA26 ; NFD_QC; N # Lo [2] CJK COMPATIBILITY IDEOGRAPH-FA25..CJK COMPATIBILITY IDEOGRAPH-FA26 +FA2A..FA2D ; NFD_QC; N # Lo [4] CJK COMPATIBILITY IDEOGRAPH-FA2A..CJK COMPATIBILITY IDEOGRAPH-FA2D +FA30..FA6A ; NFD_QC; N # Lo [59] CJK COMPATIBILITY IDEOGRAPH-FA30..CJK COMPATIBILITY IDEOGRAPH-FA6A +FB1D ; NFD_QC; N # Lo HEBREW LETTER YOD WITH HIRIQ +FB1F ; NFD_QC; N # Lo HEBREW LIGATURE YIDDISH YOD YOD PATAH +FB2A..FB36 ; NFD_QC; N # Lo [13] HEBREW LETTER SHIN WITH SHIN DOT..HEBREW LETTER ZAYIN WITH DAGESH +FB38..FB3C ; NFD_QC; N # Lo [5] HEBREW LETTER TET WITH DAGESH..HEBREW LETTER LAMED WITH DAGESH +FB3E ; NFD_QC; N # Lo HEBREW LETTER MEM WITH DAGESH +FB40..FB41 ; NFD_QC; N # Lo [2] HEBREW LETTER NUN WITH DAGESH..HEBREW LETTER SAMEKH WITH DAGESH +FB43..FB44 ; NFD_QC; N # Lo [2] HEBREW LETTER FINAL PE WITH DAGESH..HEBREW LETTER PE WITH DAGESH +FB46..FB4E ; NFD_QC; N # Lo [9] HEBREW LETTER TSADI WITH DAGESH..HEBREW LETTER PE WITH RAFE +1D15E..1D164 ; NFD_QC; N # So [7] MUSICAL SYMBOL HALF NOTE..MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE +1D1BB..1D1C0 ; NFD_QC; N # So [6] MUSICAL SYMBOL MINIMA..MUSICAL SYMBOL FUSA BLACK +2F800..2FA1D ; NFD_QC; N # Lo [542] CJK COMPATIBILITY IDEOGRAPH-2F800..CJK COMPATIBILITY IDEOGRAPH-2FA1D + +# Total code points: 13098 + +# ================================================ + +# Property: NFC_Quick_Check + +# All code points not explicitly listed for NFC_Quick_Check +# have the value Yes (Y). + +# ================================================ + +# NFC_Quick_Check=No + +0340..0341 ; NFC_QC; N # Mn [2] COMBINING GRAVE TONE MARK..COMBINING ACUTE TONE MARK +0343..0344 ; NFC_QC; N # Mn [2] COMBINING GREEK KORONIS..COMBINING GREEK DIALYTIKA TONOS +0374 ; NFC_QC; N # Sk GREEK NUMERAL SIGN +037E ; NFC_QC; N # Po GREEK QUESTION MARK +0387 ; NFC_QC; N # Po GREEK ANO TELEIA +0958..095F ; NFC_QC; N # Lo [8] DEVANAGARI LETTER QA..DEVANAGARI LETTER YYA +09DC..09DD ; NFC_QC; N # Lo [2] BENGALI LETTER RRA..BENGALI LETTER RHA +09DF ; NFC_QC; N # Lo BENGALI LETTER YYA +0A33 ; NFC_QC; N # Lo GURMUKHI LETTER LLA +0A36 ; NFC_QC; N # Lo GURMUKHI LETTER SHA +0A59..0A5B ; NFC_QC; N # Lo [3] GURMUKHI LETTER KHHA..GURMUKHI LETTER ZA +0A5E ; NFC_QC; N # Lo GURMUKHI LETTER FA +0B5C..0B5D ; NFC_QC; N # Lo [2] ORIYA LETTER RRA..ORIYA LETTER RHA +0F43 ; NFC_QC; N # Lo TIBETAN LETTER GHA +0F4D ; NFC_QC; N # Lo TIBETAN LETTER DDHA +0F52 ; NFC_QC; N # Lo TIBETAN LETTER DHA +0F57 ; NFC_QC; N # Lo TIBETAN LETTER BHA +0F5C ; NFC_QC; N # Lo TIBETAN LETTER DZHA +0F69 ; NFC_QC; N # Lo TIBETAN LETTER KSSA +0F73 ; NFC_QC; N # Mn TIBETAN VOWEL SIGN II +0F75..0F76 ; NFC_QC; N # Mn [2] TIBETAN VOWEL SIGN UU..TIBETAN VOWEL SIGN VOCALIC R +0F78 ; NFC_QC; N # Mn TIBETAN VOWEL SIGN VOCALIC L +0F81 ; NFC_QC; N # Mn TIBETAN VOWEL SIGN REVERSED II +0F93 ; NFC_QC; N # Mn TIBETAN SUBJOINED LETTER GHA +0F9D ; NFC_QC; N # Mn TIBETAN SUBJOINED LETTER DDHA +0FA2 ; NFC_QC; N # Mn TIBETAN SUBJOINED LETTER DHA +0FA7 ; NFC_QC; N # Mn TIBETAN SUBJOINED LETTER BHA +0FAC ; NFC_QC; N # Mn TIBETAN SUBJOINED LETTER DZHA +0FB9 ; NFC_QC; N # Mn TIBETAN SUBJOINED LETTER KSSA +1F71 ; NFC_QC; N # L& GREEK SMALL LETTER ALPHA WITH OXIA +1F73 ; NFC_QC; N # L& GREEK SMALL LETTER EPSILON WITH OXIA +1F75 ; NFC_QC; N # L& GREEK SMALL LETTER ETA WITH OXIA +1F77 ; NFC_QC; N # L& GREEK SMALL LETTER IOTA WITH OXIA +1F79 ; NFC_QC; N # L& GREEK SMALL LETTER OMICRON WITH OXIA +1F7B ; NFC_QC; N # L& GREEK SMALL LETTER UPSILON WITH OXIA +1F7D ; NFC_QC; N # L& GREEK SMALL LETTER OMEGA WITH OXIA +1FBB ; NFC_QC; N # L& GREEK CAPITAL LETTER ALPHA WITH OXIA +1FBE ; NFC_QC; N # L& GREEK PROSGEGRAMMENI +1FC9 ; NFC_QC; N # L& GREEK CAPITAL LETTER EPSILON WITH OXIA +1FCB ; NFC_QC; N # L& GREEK CAPITAL LETTER ETA WITH OXIA +1FD3 ; NFC_QC; N # L& GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA +1FDB ; NFC_QC; N # L& GREEK CAPITAL LETTER IOTA WITH OXIA +1FE3 ; NFC_QC; N # L& GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND OXIA +1FEB ; NFC_QC; N # L& GREEK CAPITAL LETTER UPSILON WITH OXIA +1FEE..1FEF ; NFC_QC; N # Sk [2] GREEK DIALYTIKA AND OXIA..GREEK VARIA +1FF9 ; NFC_QC; N # L& GREEK CAPITAL LETTER OMICRON WITH OXIA +1FFB ; NFC_QC; N # L& GREEK CAPITAL LETTER OMEGA WITH OXIA +1FFD ; NFC_QC; N # Sk GREEK OXIA +2000..2001 ; NFC_QC; N # Zs [2] EN QUAD..EM QUAD +2126 ; NFC_QC; N # L& OHM SIGN +212A..212B ; NFC_QC; N # L& [2] KELVIN SIGN..ANGSTROM SIGN +2329 ; NFC_QC; N # Ps LEFT-POINTING ANGLE BRACKET +232A ; NFC_QC; N # Pe RIGHT-POINTING ANGLE BRACKET +2ADC ; NFC_QC; N # Sm FORKING +F900..FA0D ; NFC_QC; N # Lo [270] CJK COMPATIBILITY IDEOGRAPH-F900..CJK COMPATIBILITY IDEOGRAPH-FA0D +FA10 ; NFC_QC; N # Lo CJK COMPATIBILITY IDEOGRAPH-FA10 +FA12 ; NFC_QC; N # Lo CJK COMPATIBILITY IDEOGRAPH-FA12 +FA15..FA1E ; NFC_QC; N # Lo [10] CJK COMPATIBILITY IDEOGRAPH-FA15..CJK COMPATIBILITY IDEOGRAPH-FA1E +FA20 ; NFC_QC; N # Lo CJK COMPATIBILITY IDEOGRAPH-FA20 +FA22 ; NFC_QC; N # Lo CJK COMPATIBILITY IDEOGRAPH-FA22 +FA25..FA26 ; NFC_QC; N # Lo [2] CJK COMPATIBILITY IDEOGRAPH-FA25..CJK COMPATIBILITY IDEOGRAPH-FA26 +FA2A..FA2D ; NFC_QC; N # Lo [4] CJK COMPATIBILITY IDEOGRAPH-FA2A..CJK COMPATIBILITY IDEOGRAPH-FA2D +FA30..FA6A ; NFC_QC; N # Lo [59] CJK COMPATIBILITY IDEOGRAPH-FA30..CJK COMPATIBILITY IDEOGRAPH-FA6A +FB1D ; NFC_QC; N # Lo HEBREW LETTER YOD WITH HIRIQ +FB1F ; NFC_QC; N # Lo HEBREW LIGATURE YIDDISH YOD YOD PATAH +FB2A..FB36 ; NFC_QC; N # Lo [13] HEBREW LETTER SHIN WITH SHIN DOT..HEBREW LETTER ZAYIN WITH DAGESH +FB38..FB3C ; NFC_QC; N # Lo [5] HEBREW LETTER TET WITH DAGESH..HEBREW LETTER LAMED WITH DAGESH +FB3E ; NFC_QC; N # Lo HEBREW LETTER MEM WITH DAGESH +FB40..FB41 ; NFC_QC; N # Lo [2] HEBREW LETTER NUN WITH DAGESH..HEBREW LETTER SAMEKH WITH DAGESH +FB43..FB44 ; NFC_QC; N # Lo [2] HEBREW LETTER FINAL PE WITH DAGESH..HEBREW LETTER PE WITH DAGESH +FB46..FB4E ; NFC_QC; N # Lo [9] HEBREW LETTER TSADI WITH DAGESH..HEBREW LETTER PE WITH RAFE +1D15E..1D164 ; NFC_QC; N # So [7] MUSICAL SYMBOL HALF NOTE..MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE +1D1BB..1D1C0 ; NFC_QC; N # So [6] MUSICAL SYMBOL MINIMA..MUSICAL SYMBOL FUSA BLACK +2F800..2FA1D ; NFC_QC; N # Lo [542] CJK COMPATIBILITY IDEOGRAPH-2F800..CJK COMPATIBILITY IDEOGRAPH-2FA1D + +# Total code points: 1009 + +# ================================================ + +# NFC_Quick_Check=Maybe + +0300..0304 ; NFC_QC; M # Mn [5] COMBINING GRAVE ACCENT..COMBINING MACRON +0306..030C ; NFC_QC; M # Mn [7] COMBINING BREVE..COMBINING CARON +030F ; NFC_QC; M # Mn COMBINING DOUBLE GRAVE ACCENT +0311 ; NFC_QC; M # Mn COMBINING INVERTED BREVE +0313..0314 ; NFC_QC; M # Mn [2] COMBINING COMMA ABOVE..COMBINING REVERSED COMMA ABOVE +031B ; NFC_QC; M # Mn COMBINING HORN +0323..0328 ; NFC_QC; M # Mn [6] COMBINING DOT BELOW..COMBINING OGONEK +032D..032E ; NFC_QC; M # Mn [2] COMBINING CIRCUMFLEX ACCENT BELOW..COMBINING BREVE BELOW +0330..0331 ; NFC_QC; M # Mn [2] COMBINING TILDE BELOW..COMBINING MACRON BELOW +0338 ; NFC_QC; M # Mn COMBINING LONG SOLIDUS OVERLAY +0342 ; NFC_QC; M # Mn COMBINING GREEK PERISPOMENI +0345 ; NFC_QC; M # Mn COMBINING GREEK YPOGEGRAMMENI +0653..0655 ; NFC_QC; M # Mn [3] ARABIC MADDAH ABOVE..ARABIC HAMZA BELOW +093C ; NFC_QC; M # Mn DEVANAGARI SIGN NUKTA +09BE ; NFC_QC; M # Mc BENGALI VOWEL SIGN AA +09D7 ; NFC_QC; M # Mc BENGALI AU LENGTH MARK +0B3E ; NFC_QC; M # Mc ORIYA VOWEL SIGN AA +0B56 ; NFC_QC; M # Mn ORIYA AI LENGTH MARK +0B57 ; NFC_QC; M # Mc ORIYA AU LENGTH MARK +0BBE ; NFC_QC; M # Mc TAMIL VOWEL SIGN AA +0BD7 ; NFC_QC; M # Mc TAMIL AU LENGTH MARK +0C56 ; NFC_QC; M # Mn TELUGU AI LENGTH MARK +0CC2 ; NFC_QC; M # Mc KANNADA VOWEL SIGN UU +0CD5..0CD6 ; NFC_QC; M # Mc [2] KANNADA LENGTH MARK..KANNADA AI LENGTH MARK +0D3E ; NFC_QC; M # Mc MALAYALAM VOWEL SIGN AA +0D57 ; NFC_QC; M # Mc MALAYALAM AU LENGTH MARK +0DCA ; NFC_QC; M # Mn SINHALA SIGN AL-LAKUNA +0DCF ; NFC_QC; M # Mc SINHALA VOWEL SIGN AELA-PILLA +0DDF ; NFC_QC; M # Mc SINHALA VOWEL SIGN GAYANUKITTA +102E ; NFC_QC; M # Mn MYANMAR VOWEL SIGN II +1161..1175 ; NFC_QC; M # Lo [21] HANGUL JUNGSEONG A..HANGUL JUNGSEONG I +11A8..11C2 ; NFC_QC; M # Lo [27] HANGUL JONGSEONG KIYEOK..HANGUL JONGSEONG HIEUH +3099..309A ; NFC_QC; M # Mn [2] COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK..COMBINING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK + +# Total code points: 101 + +# ================================================ + +# Property: NFKD_Quick_Check + +# All code points not explicitly listed for NFKD_Quick_Check +# have the value Yes (Y). + +# ================================================ + +# NFKD_Quick_Check=No + +00A0 ; NFKD_QC; N # Zs NO-BREAK SPACE +00A8 ; NFKD_QC; N # Sk DIAERESIS +00AA ; NFKD_QC; N # L& FEMININE ORDINAL INDICATOR +00AF ; NFKD_QC; N # Sk MACRON +00B2..00B3 ; NFKD_QC; N # No [2] SUPERSCRIPT TWO..SUPERSCRIPT THREE +00B4 ; NFKD_QC; N # Sk ACUTE ACCENT +00B5 ; NFKD_QC; N # L& MICRO SIGN +00B8 ; NFKD_QC; N # Sk CEDILLA +00B9 ; NFKD_QC; N # No SUPERSCRIPT ONE +00BA ; NFKD_QC; N # L& MASCULINE ORDINAL INDICATOR +00BC..00BE ; NFKD_QC; N # No [3] VULGAR FRACTION ONE QUARTER..VULGAR FRACTION THREE QUARTERS +00C0..00C5 ; NFKD_QC; N # L& [6] LATIN CAPITAL LETTER A WITH GRAVE..LATIN CAPITAL LETTER A WITH RING ABOVE +00C7..00CF ; NFKD_QC; N # L& [9] LATIN CAPITAL LETTER C WITH CEDILLA..LATIN CAPITAL LETTER I WITH DIAERESIS +00D1..00D6 ; NFKD_QC; N # L& [6] LATIN CAPITAL LETTER N WITH TILDE..LATIN CAPITAL LETTER O WITH DIAERESIS +00D9..00DD ; NFKD_QC; N # L& [5] LATIN CAPITAL LETTER U WITH GRAVE..LATIN CAPITAL LETTER Y WITH ACUTE +00E0..00E5 ; NFKD_QC; N # L& [6] LATIN SMALL LETTER A WITH GRAVE..LATIN SMALL LETTER A WITH RING ABOVE +00E7..00EF ; NFKD_QC; N # L& [9] LATIN SMALL LETTER C WITH CEDILLA..LATIN SMALL LETTER I WITH DIAERESIS +00F1..00F6 ; NFKD_QC; N # L& [6] LATIN SMALL LETTER N WITH TILDE..LATIN SMALL LETTER O WITH DIAERESIS +00F9..00FD ; NFKD_QC; N # L& [5] LATIN SMALL LETTER U WITH GRAVE..LATIN SMALL LETTER Y WITH ACUTE +00FF..010F ; NFKD_QC; N # L& [17] LATIN SMALL LETTER Y WITH DIAERESIS..LATIN SMALL LETTER D WITH CARON +0112..0125 ; NFKD_QC; N # L& [20] LATIN CAPITAL LETTER E WITH MACRON..LATIN SMALL LETTER H WITH CIRCUMFLEX +0128..0130 ; NFKD_QC; N # L& [9] LATIN CAPITAL LETTER I WITH TILDE..LATIN CAPITAL LETTER I WITH DOT ABOVE +0132..0137 ; NFKD_QC; N # L& [6] LATIN CAPITAL LIGATURE IJ..LATIN SMALL LETTER K WITH CEDILLA +0139..0140 ; NFKD_QC; N # L& [8] LATIN CAPITAL LETTER L WITH ACUTE..LATIN SMALL LETTER L WITH MIDDLE DOT +0143..0149 ; NFKD_QC; N # L& [7] LATIN CAPITAL LETTER N WITH ACUTE..LATIN SMALL LETTER N PRECEDED BY APOSTROPHE +014C..0151 ; NFKD_QC; N # L& [6] LATIN CAPITAL LETTER O WITH MACRON..LATIN SMALL LETTER O WITH DOUBLE ACUTE +0154..0165 ; NFKD_QC; N # L& [18] LATIN CAPITAL LETTER R WITH ACUTE..LATIN SMALL LETTER T WITH CARON +0168..017F ; NFKD_QC; N # L& [24] LATIN CAPITAL LETTER U WITH TILDE..LATIN SMALL LETTER LONG S +01A0..01A1 ; NFKD_QC; N # L& [2] LATIN CAPITAL LETTER O WITH HORN..LATIN SMALL LETTER O WITH HORN +01AF..01B0 ; NFKD_QC; N # L& [2] LATIN CAPITAL LETTER U WITH HORN..LATIN SMALL LETTER U WITH HORN +01C4..01DC ; NFKD_QC; N # L& [25] LATIN CAPITAL LETTER DZ WITH CARON..LATIN SMALL LETTER U WITH DIAERESIS AND GRAVE +01DE..01E3 ; NFKD_QC; N # L& [6] LATIN CAPITAL LETTER A WITH DIAERESIS AND MACRON..LATIN SMALL LETTER AE WITH MACRON +01E6..01F5 ; NFKD_QC; N # L& [16] LATIN CAPITAL LETTER G WITH CARON..LATIN SMALL LETTER G WITH ACUTE +01F8..021B ; NFKD_QC; N # L& [36] LATIN CAPITAL LETTER N WITH GRAVE..LATIN SMALL LETTER T WITH COMMA BELOW +021E..021F ; NFKD_QC; N # L& [2] LATIN CAPITAL LETTER H WITH CARON..LATIN SMALL LETTER H WITH CARON +0226..0233 ; NFKD_QC; N # L& [14] LATIN CAPITAL LETTER A WITH DOT ABOVE..LATIN SMALL LETTER Y WITH MACRON +02B0..02B8 ; NFKD_QC; N # Lm [9] MODIFIER LETTER SMALL H..MODIFIER LETTER SMALL Y +02D8..02DD ; NFKD_QC; N # Sk [6] BREVE..DOUBLE ACUTE ACCENT +02E0..02E4 ; NFKD_QC; N # Lm [5] MODIFIER LETTER SMALL GAMMA..MODIFIER LETTER SMALL REVERSED GLOTTAL STOP +0340..0341 ; NFKD_QC; N # Mn [2] COMBINING GRAVE TONE MARK..COMBINING ACUTE TONE MARK +0343..0344 ; NFKD_QC; N # Mn [2] COMBINING GREEK KORONIS..COMBINING GREEK DIALYTIKA TONOS +0374 ; NFKD_QC; N # Sk GREEK NUMERAL SIGN +037A ; NFKD_QC; N # Lm GREEK YPOGEGRAMMENI +037E ; NFKD_QC; N # Po GREEK QUESTION MARK +0384..0385 ; NFKD_QC; N # Sk [2] GREEK TONOS..GREEK DIALYTIKA TONOS +0386 ; NFKD_QC; N # L& GREEK CAPITAL LETTER ALPHA WITH TONOS +0387 ; NFKD_QC; N # Po GREEK ANO TELEIA +0388..038A ; NFKD_QC; N # L& [3] GREEK CAPITAL LETTER EPSILON WITH TONOS..GREEK CAPITAL LETTER IOTA WITH TONOS +038C ; NFKD_QC; N # L& GREEK CAPITAL LETTER OMICRON WITH TONOS +038E..0390 ; NFKD_QC; N # L& [3] GREEK CAPITAL LETTER UPSILON WITH TONOS..GREEK SMALL LETTER IOTA WITH DIALYTIKA AND TONOS +03AA..03B0 ; NFKD_QC; N # L& [7] GREEK CAPITAL LETTER IOTA WITH DIALYTIKA..GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND TONOS +03CA..03CE ; NFKD_QC; N # L& [5] GREEK SMALL LETTER IOTA WITH DIALYTIKA..GREEK SMALL LETTER OMEGA WITH TONOS +03D0..03D6 ; NFKD_QC; N # L& [7] GREEK BETA SYMBOL..GREEK PI SYMBOL +03F0..03F2 ; NFKD_QC; N # L& [3] GREEK KAPPA SYMBOL..GREEK LUNATE SIGMA SYMBOL +03F4..03F5 ; NFKD_QC; N # L& [2] GREEK CAPITAL THETA SYMBOL..GREEK LUNATE EPSILON SYMBOL +03F9 ; NFKD_QC; N # L& GREEK CAPITAL LUNATE SIGMA SYMBOL +0400..0401 ; NFKD_QC; N # L& [2] CYRILLIC CAPITAL LETTER IE WITH GRAVE..CYRILLIC CAPITAL LETTER IO +0403 ; NFKD_QC; N # L& CYRILLIC CAPITAL LETTER GJE +0407 ; NFKD_QC; N # L& CYRILLIC CAPITAL LETTER YI +040C..040E ; NFKD_QC; N # L& [3] CYRILLIC CAPITAL LETTER KJE..CYRILLIC CAPITAL LETTER SHORT U +0419 ; NFKD_QC; N # L& CYRILLIC CAPITAL LETTER SHORT I +0439 ; NFKD_QC; N # L& CYRILLIC SMALL LETTER SHORT I +0450..0451 ; NFKD_QC; N # L& [2] CYRILLIC SMALL LETTER IE WITH GRAVE..CYRILLIC SMALL LETTER IO +0453 ; NFKD_QC; N # L& CYRILLIC SMALL LETTER GJE +0457 ; NFKD_QC; N # L& CYRILLIC SMALL LETTER YI +045C..045E ; NFKD_QC; N # L& [3] CYRILLIC SMALL LETTER KJE..CYRILLIC SMALL LETTER SHORT U +0476..0477 ; NFKD_QC; N # L& [2] CYRILLIC CAPITAL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT..CYRILLIC SMALL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT +04C1..04C2 ; NFKD_QC; N # L& [2] CYRILLIC CAPITAL LETTER ZHE WITH BREVE..CYRILLIC SMALL LETTER ZHE WITH BREVE +04D0..04D3 ; NFKD_QC; N # L& [4] CYRILLIC CAPITAL LETTER A WITH BREVE..CYRILLIC SMALL LETTER A WITH DIAERESIS +04D6..04D7 ; NFKD_QC; N # L& [2] CYRILLIC CAPITAL LETTER IE WITH BREVE..CYRILLIC SMALL LETTER IE WITH BREVE +04DA..04DF ; NFKD_QC; N # L& [6] CYRILLIC CAPITAL LETTER SCHWA WITH DIAERESIS..CYRILLIC SMALL LETTER ZE WITH DIAERESIS +04E2..04E7 ; NFKD_QC; N # L& [6] CYRILLIC CAPITAL LETTER I WITH MACRON..CYRILLIC SMALL LETTER O WITH DIAERESIS +04EA..04F5 ; NFKD_QC; N # L& [12] CYRILLIC CAPITAL LETTER BARRED O WITH DIAERESIS..CYRILLIC SMALL LETTER CHE WITH DIAERESIS +04F8..04F9 ; NFKD_QC; N # L& [2] CYRILLIC CAPITAL LETTER YERU WITH DIAERESIS..CYRILLIC SMALL LETTER YERU WITH DIAERESIS +0587 ; NFKD_QC; N # L& ARMENIAN SMALL LIGATURE ECH YIWN +0622..0626 ; NFKD_QC; N # Lo [5] ARABIC LETTER ALEF WITH MADDA ABOVE..ARABIC LETTER YEH WITH HAMZA ABOVE +0675..0678 ; NFKD_QC; N # Lo [4] ARABIC LETTER HIGH HAMZA ALEF..ARABIC LETTER HIGH HAMZA YEH +06C0 ; NFKD_QC; N # Lo ARABIC LETTER HEH WITH YEH ABOVE +06C2 ; NFKD_QC; N # Lo ARABIC LETTER HEH GOAL WITH HAMZA ABOVE +06D3 ; NFKD_QC; N # Lo ARABIC LETTER YEH BARREE WITH HAMZA ABOVE +0929 ; NFKD_QC; N # Lo DEVANAGARI LETTER NNNA +0931 ; NFKD_QC; N # Lo DEVANAGARI LETTER RRA +0934 ; NFKD_QC; N # Lo DEVANAGARI LETTER LLLA +0958..095F ; NFKD_QC; N # Lo [8] DEVANAGARI LETTER QA..DEVANAGARI LETTER YYA +09CB..09CC ; NFKD_QC; N # Mc [2] BENGALI VOWEL SIGN O..BENGALI VOWEL SIGN AU +09DC..09DD ; NFKD_QC; N # Lo [2] BENGALI LETTER RRA..BENGALI LETTER RHA +09DF ; NFKD_QC; N # Lo BENGALI LETTER YYA +0A33 ; NFKD_QC; N # Lo GURMUKHI LETTER LLA +0A36 ; NFKD_QC; N # Lo GURMUKHI LETTER SHA +0A59..0A5B ; NFKD_QC; N # Lo [3] GURMUKHI LETTER KHHA..GURMUKHI LETTER ZA +0A5E ; NFKD_QC; N # Lo GURMUKHI LETTER FA +0B48 ; NFKD_QC; N # Mc ORIYA VOWEL SIGN AI +0B4B..0B4C ; NFKD_QC; N # Mc [2] ORIYA VOWEL SIGN O..ORIYA VOWEL SIGN AU +0B5C..0B5D ; NFKD_QC; N # Lo [2] ORIYA LETTER RRA..ORIYA LETTER RHA +0B94 ; NFKD_QC; N # Lo TAMIL LETTER AU +0BCA..0BCC ; NFKD_QC; N # Mc [3] TAMIL VOWEL SIGN O..TAMIL VOWEL SIGN AU +0C48 ; NFKD_QC; N # Mn TELUGU VOWEL SIGN AI +0CC0 ; NFKD_QC; N # Mc KANNADA VOWEL SIGN II +0CC7..0CC8 ; NFKD_QC; N # Mc [2] KANNADA VOWEL SIGN EE..KANNADA VOWEL SIGN AI +0CCA..0CCB ; NFKD_QC; N # Mc [2] KANNADA VOWEL SIGN O..KANNADA VOWEL SIGN OO +0D4A..0D4C ; NFKD_QC; N # Mc [3] MALAYALAM VOWEL SIGN O..MALAYALAM VOWEL SIGN AU +0DDA ; NFKD_QC; N # Mc SINHALA VOWEL SIGN DIGA KOMBUVA +0DDC..0DDE ; NFKD_QC; N # Mc [3] SINHALA VOWEL SIGN KOMBUVA HAA AELA-PILLA..SINHALA VOWEL SIGN KOMBUVA HAA GAYANUKITTA +0E33 ; NFKD_QC; N # Lo THAI CHARACTER SARA AM +0EB3 ; NFKD_QC; N # Lo LAO VOWEL SIGN AM +0EDC..0EDD ; NFKD_QC; N # Lo [2] LAO HO NO..LAO HO MO +0F0C ; NFKD_QC; N # Po TIBETAN MARK DELIMITER TSHEG BSTAR +0F43 ; NFKD_QC; N # Lo TIBETAN LETTER GHA +0F4D ; NFKD_QC; N # Lo TIBETAN LETTER DDHA +0F52 ; NFKD_QC; N # Lo TIBETAN LETTER DHA +0F57 ; NFKD_QC; N # Lo TIBETAN LETTER BHA +0F5C ; NFKD_QC; N # Lo TIBETAN LETTER DZHA +0F69 ; NFKD_QC; N # Lo TIBETAN LETTER KSSA +0F73 ; NFKD_QC; N # Mn TIBETAN VOWEL SIGN II +0F75..0F79 ; NFKD_QC; N # Mn [5] TIBETAN VOWEL SIGN UU..TIBETAN VOWEL SIGN VOCALIC LL +0F81 ; NFKD_QC; N # Mn TIBETAN VOWEL SIGN REVERSED II +0F93 ; NFKD_QC; N # Mn TIBETAN SUBJOINED LETTER GHA +0F9D ; NFKD_QC; N # Mn TIBETAN SUBJOINED LETTER DDHA +0FA2 ; NFKD_QC; N # Mn TIBETAN SUBJOINED LETTER DHA +0FA7 ; NFKD_QC; N # Mn TIBETAN SUBJOINED LETTER BHA +0FAC ; NFKD_QC; N # Mn TIBETAN SUBJOINED LETTER DZHA +0FB9 ; NFKD_QC; N # Mn TIBETAN SUBJOINED LETTER KSSA +1026 ; NFKD_QC; N # Lo MYANMAR LETTER UU +1D2C..1D2E ; NFKD_QC; N # Lm [3] MODIFIER LETTER CAPITAL A..MODIFIER LETTER CAPITAL B +1D30..1D3A ; NFKD_QC; N # Lm [11] MODIFIER LETTER CAPITAL D..MODIFIER LETTER CAPITAL N +1D3C..1D4D ; NFKD_QC; N # Lm [18] MODIFIER LETTER CAPITAL O..MODIFIER LETTER SMALL G +1D4F..1D61 ; NFKD_QC; N # Lm [19] MODIFIER LETTER SMALL K..MODIFIER LETTER SMALL CHI +1D62..1D6A ; NFKD_QC; N # L& [9] LATIN SUBSCRIPT SMALL LETTER I..GREEK SUBSCRIPT SMALL LETTER CHI +1E00..1E9B ; NFKD_QC; N # L& [156] LATIN CAPITAL LETTER A WITH RING BELOW..LATIN SMALL LETTER LONG S WITH DOT ABOVE +1EA0..1EF9 ; NFKD_QC; N # L& [90] LATIN CAPITAL LETTER A WITH DOT BELOW..LATIN SMALL LETTER Y WITH TILDE +1F00..1F15 ; NFKD_QC; N # L& [22] GREEK SMALL LETTER ALPHA WITH PSILI..GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA +1F18..1F1D ; NFKD_QC; N # L& [6] GREEK CAPITAL LETTER EPSILON WITH PSILI..GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA +1F20..1F45 ; NFKD_QC; N # L& [38] GREEK SMALL LETTER ETA WITH PSILI..GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA +1F48..1F4D ; NFKD_QC; N # L& [6] GREEK CAPITAL LETTER OMICRON WITH PSILI..GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA +1F50..1F57 ; NFKD_QC; N # L& [8] GREEK SMALL LETTER UPSILON WITH PSILI..GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI +1F59 ; NFKD_QC; N # L& GREEK CAPITAL LETTER UPSILON WITH DASIA +1F5B ; NFKD_QC; N # L& GREEK CAPITAL LETTER UPSILON WITH DASIA AND VARIA +1F5D ; NFKD_QC; N # L& GREEK CAPITAL LETTER UPSILON WITH DASIA AND OXIA +1F5F..1F7D ; NFKD_QC; N # L& [31] GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI..GREEK SMALL LETTER OMEGA WITH OXIA +1F80..1FB4 ; NFKD_QC; N # L& [53] GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI..GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI +1FB6..1FBC ; NFKD_QC; N # L& [7] GREEK SMALL LETTER ALPHA WITH PERISPOMENI..GREEK CAPITAL LETTER ALPHA WITH PROSGEGRAMMENI +1FBD ; NFKD_QC; N # Sk GREEK KORONIS +1FBE ; NFKD_QC; N # L& GREEK PROSGEGRAMMENI +1FBF..1FC1 ; NFKD_QC; N # Sk [3] GREEK PSILI..GREEK DIALYTIKA AND PERISPOMENI +1FC2..1FC4 ; NFKD_QC; N # L& [3] GREEK SMALL LETTER ETA WITH VARIA AND YPOGEGRAMMENI..GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI +1FC6..1FCC ; NFKD_QC; N # L& [7] GREEK SMALL LETTER ETA WITH PERISPOMENI..GREEK CAPITAL LETTER ETA WITH PROSGEGRAMMENI +1FCD..1FCF ; NFKD_QC; N # Sk [3] GREEK PSILI AND VARIA..GREEK PSILI AND PERISPOMENI +1FD0..1FD3 ; NFKD_QC; N # L& [4] GREEK SMALL LETTER IOTA WITH VRACHY..GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA +1FD6..1FDB ; NFKD_QC; N # L& [6] GREEK SMALL LETTER IOTA WITH PERISPOMENI..GREEK CAPITAL LETTER IOTA WITH OXIA +1FDD..1FDF ; NFKD_QC; N # Sk [3] GREEK DASIA AND VARIA..GREEK DASIA AND PERISPOMENI +1FE0..1FEC ; NFKD_QC; N # L& [13] GREEK SMALL LETTER UPSILON WITH VRACHY..GREEK CAPITAL LETTER RHO WITH DASIA +1FED..1FEF ; NFKD_QC; N # Sk [3] GREEK DIALYTIKA AND VARIA..GREEK VARIA +1FF2..1FF4 ; NFKD_QC; N # L& [3] GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI..GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI +1FF6..1FFC ; NFKD_QC; N # L& [7] GREEK SMALL LETTER OMEGA WITH PERISPOMENI..GREEK CAPITAL LETTER OMEGA WITH PROSGEGRAMMENI +1FFD..1FFE ; NFKD_QC; N # Sk [2] GREEK OXIA..GREEK DASIA +2000..200A ; NFKD_QC; N # Zs [11] EN QUAD..HAIR SPACE +2011 ; NFKD_QC; N # Pd NON-BREAKING HYPHEN +2017 ; NFKD_QC; N # Po DOUBLE LOW LINE +2024..2026 ; NFKD_QC; N # Po [3] ONE DOT LEADER..HORIZONTAL ELLIPSIS +202F ; NFKD_QC; N # Zs NARROW NO-BREAK SPACE +2033..2034 ; NFKD_QC; N # Po [2] DOUBLE PRIME..TRIPLE PRIME +2036..2037 ; NFKD_QC; N # Po [2] REVERSED DOUBLE PRIME..REVERSED TRIPLE PRIME +203C ; NFKD_QC; N # Po DOUBLE EXCLAMATION MARK +203E ; NFKD_QC; N # Po OVERLINE +2047..2049 ; NFKD_QC; N # Po [3] DOUBLE QUESTION MARK..EXCLAMATION QUESTION MARK +2057 ; NFKD_QC; N # Po QUADRUPLE PRIME +205F ; NFKD_QC; N # Zs MEDIUM MATHEMATICAL SPACE +2070 ; NFKD_QC; N # No SUPERSCRIPT ZERO +2071 ; NFKD_QC; N # L& SUPERSCRIPT LATIN SMALL LETTER I +2074..2079 ; NFKD_QC; N # No [6] SUPERSCRIPT FOUR..SUPERSCRIPT NINE +207A..207C ; NFKD_QC; N # Sm [3] SUPERSCRIPT PLUS SIGN..SUPERSCRIPT EQUALS SIGN +207D ; NFKD_QC; N # Ps SUPERSCRIPT LEFT PARENTHESIS +207E ; NFKD_QC; N # Pe SUPERSCRIPT RIGHT PARENTHESIS +207F ; NFKD_QC; N # L& SUPERSCRIPT LATIN SMALL LETTER N +2080..2089 ; NFKD_QC; N # No [10] SUBSCRIPT ZERO..SUBSCRIPT NINE +208A..208C ; NFKD_QC; N # Sm [3] SUBSCRIPT PLUS SIGN..SUBSCRIPT EQUALS SIGN +208D ; NFKD_QC; N # Ps SUBSCRIPT LEFT PARENTHESIS +208E ; NFKD_QC; N # Pe SUBSCRIPT RIGHT PARENTHESIS +20A8 ; NFKD_QC; N # Sc RUPEE SIGN +2100..2101 ; NFKD_QC; N # So [2] ACCOUNT OF..ADDRESSED TO THE SUBJECT +2102 ; NFKD_QC; N # L& DOUBLE-STRUCK CAPITAL C +2103 ; NFKD_QC; N # So DEGREE CELSIUS +2105..2106 ; NFKD_QC; N # So [2] CARE OF..CADA UNA +2107 ; NFKD_QC; N # L& EULER CONSTANT +2109 ; NFKD_QC; N # So DEGREE FAHRENHEIT +210A..2113 ; NFKD_QC; N # L& [10] SCRIPT SMALL G..SCRIPT SMALL L +2115 ; NFKD_QC; N # L& DOUBLE-STRUCK CAPITAL N +2116 ; NFKD_QC; N # So NUMERO SIGN +2119..211D ; NFKD_QC; N # L& [5] DOUBLE-STRUCK CAPITAL P..DOUBLE-STRUCK CAPITAL R +2120..2122 ; NFKD_QC; N # So [3] SERVICE MARK..TRADE MARK SIGN +2124 ; NFKD_QC; N # L& DOUBLE-STRUCK CAPITAL Z +2126 ; NFKD_QC; N # L& OHM SIGN +2128 ; NFKD_QC; N # L& BLACK-LETTER CAPITAL Z +212A..212D ; NFKD_QC; N # L& [4] KELVIN SIGN..BLACK-LETTER CAPITAL C +212F..2131 ; NFKD_QC; N # L& [3] SCRIPT SMALL E..SCRIPT CAPITAL F +2133..2134 ; NFKD_QC; N # L& [2] SCRIPT CAPITAL M..SCRIPT SMALL O +2135..2138 ; NFKD_QC; N # Lo [4] ALEF SYMBOL..DALET SYMBOL +2139 ; NFKD_QC; N # L& INFORMATION SOURCE +213B ; NFKD_QC; N # So FACSIMILE SIGN +213D..213F ; NFKD_QC; N # L& [3] DOUBLE-STRUCK SMALL GAMMA..DOUBLE-STRUCK CAPITAL PI +2140 ; NFKD_QC; N # Sm DOUBLE-STRUCK N-ARY SUMMATION +2145..2149 ; NFKD_QC; N # L& [5] DOUBLE-STRUCK ITALIC CAPITAL D..DOUBLE-STRUCK ITALIC SMALL J +2153..215F ; NFKD_QC; N # No [13] VULGAR FRACTION ONE THIRD..FRACTION NUMERATOR ONE +2160..217F ; NFKD_QC; N # Nl [32] ROMAN NUMERAL ONE..SMALL ROMAN NUMERAL ONE THOUSAND +219A..219B ; NFKD_QC; N # Sm [2] LEFTWARDS ARROW WITH STROKE..RIGHTWARDS ARROW WITH STROKE +21AE ; NFKD_QC; N # Sm LEFT RIGHT ARROW WITH STROKE +21CD ; NFKD_QC; N # So LEFTWARDS DOUBLE ARROW WITH STROKE +21CE..21CF ; NFKD_QC; N # Sm [2] LEFT RIGHT DOUBLE ARROW WITH STROKE..RIGHTWARDS DOUBLE ARROW WITH STROKE +2204 ; NFKD_QC; N # Sm THERE DOES NOT EXIST +2209 ; NFKD_QC; N # Sm NOT AN ELEMENT OF +220C ; NFKD_QC; N # Sm DOES NOT CONTAIN AS MEMBER +2224 ; NFKD_QC; N # Sm DOES NOT DIVIDE +2226 ; NFKD_QC; N # Sm NOT PARALLEL TO +222C..222D ; NFKD_QC; N # Sm [2] DOUBLE INTEGRAL..TRIPLE INTEGRAL +222F..2230 ; NFKD_QC; N # Sm [2] SURFACE INTEGRAL..VOLUME INTEGRAL +2241 ; NFKD_QC; N # Sm NOT TILDE +2244 ; NFKD_QC; N # Sm NOT ASYMPTOTICALLY EQUAL TO +2247 ; NFKD_QC; N # Sm NEITHER APPROXIMATELY NOR ACTUALLY EQUAL TO +2249 ; NFKD_QC; N # Sm NOT ALMOST EQUAL TO +2260 ; NFKD_QC; N # Sm NOT EQUAL TO +2262 ; NFKD_QC; N # Sm NOT IDENTICAL TO +226D..2271 ; NFKD_QC; N # Sm [5] NOT EQUIVALENT TO..NEITHER GREATER-THAN NOR EQUAL TO +2274..2275 ; NFKD_QC; N # Sm [2] NEITHER LESS-THAN NOR EQUIVALENT TO..NEITHER GREATER-THAN NOR EQUIVALENT TO +2278..2279 ; NFKD_QC; N # Sm [2] NEITHER LESS-THAN NOR GREATER-THAN..NEITHER GREATER-THAN NOR LESS-THAN +2280..2281 ; NFKD_QC; N # Sm [2] DOES NOT PRECEDE..DOES NOT SUCCEED +2284..2285 ; NFKD_QC; N # Sm [2] NOT A SUBSET OF..NOT A SUPERSET OF +2288..2289 ; NFKD_QC; N # Sm [2] NEITHER A SUBSET OF NOR EQUAL TO..NEITHER A SUPERSET OF NOR EQUAL TO +22AC..22AF ; NFKD_QC; N # Sm [4] DOES NOT PROVE..NEGATED DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE +22E0..22E3 ; NFKD_QC; N # Sm [4] DOES NOT PRECEDE OR EQUAL..NOT SQUARE ORIGINAL OF OR EQUAL TO +22EA..22ED ; NFKD_QC; N # Sm [4] NOT NORMAL SUBGROUP OF..DOES NOT CONTAIN AS NORMAL SUBGROUP OR EQUAL +2329 ; NFKD_QC; N # Ps LEFT-POINTING ANGLE BRACKET +232A ; NFKD_QC; N # Pe RIGHT-POINTING ANGLE BRACKET +2460..249B ; NFKD_QC; N # No [60] CIRCLED DIGIT ONE..NUMBER TWENTY FULL STOP +249C..24E9 ; NFKD_QC; N # So [78] PARENTHESIZED LATIN SMALL LETTER A..CIRCLED LATIN SMALL LETTER Z +24EA ; NFKD_QC; N # No CIRCLED DIGIT ZERO +2A0C ; NFKD_QC; N # Sm QUADRUPLE INTEGRAL OPERATOR +2A74..2A76 ; NFKD_QC; N # Sm [3] DOUBLE COLON EQUAL..THREE CONSECUTIVE EQUALS SIGNS +2ADC ; NFKD_QC; N # Sm FORKING +2E9F ; NFKD_QC; N # So CJK RADICAL MOTHER +2EF3 ; NFKD_QC; N # So CJK RADICAL C-SIMPLIFIED TURTLE +2F00..2FD5 ; NFKD_QC; N # So [214] KANGXI RADICAL ONE..KANGXI RADICAL FLUTE +3000 ; NFKD_QC; N # Zs IDEOGRAPHIC SPACE +3036 ; NFKD_QC; N # So CIRCLED POSTAL MARK +3038..303A ; NFKD_QC; N # Nl [3] HANGZHOU NUMERAL TEN..HANGZHOU NUMERAL THIRTY +304C ; NFKD_QC; N # Lo HIRAGANA LETTER GA +304E ; NFKD_QC; N # Lo HIRAGANA LETTER GI +3050 ; NFKD_QC; N # Lo HIRAGANA LETTER GU +3052 ; NFKD_QC; N # Lo HIRAGANA LETTER GE +3054 ; NFKD_QC; N # Lo HIRAGANA LETTER GO +3056 ; NFKD_QC; N # Lo HIRAGANA LETTER ZA +3058 ; NFKD_QC; N # Lo HIRAGANA LETTER ZI +305A ; NFKD_QC; N # Lo HIRAGANA LETTER ZU +305C ; NFKD_QC; N # Lo HIRAGANA LETTER ZE +305E ; NFKD_QC; N # Lo HIRAGANA LETTER ZO +3060 ; NFKD_QC; N # Lo HIRAGANA LETTER DA +3062 ; NFKD_QC; N # Lo HIRAGANA LETTER DI +3065 ; NFKD_QC; N # Lo HIRAGANA LETTER DU +3067 ; NFKD_QC; N # Lo HIRAGANA LETTER DE +3069 ; NFKD_QC; N # Lo HIRAGANA LETTER DO +3070..3071 ; NFKD_QC; N # Lo [2] HIRAGANA LETTER BA..HIRAGANA LETTER PA +3073..3074 ; NFKD_QC; N # Lo [2] HIRAGANA LETTER BI..HIRAGANA LETTER PI +3076..3077 ; NFKD_QC; N # Lo [2] HIRAGANA LETTER BU..HIRAGANA LETTER PU +3079..307A ; NFKD_QC; N # Lo [2] HIRAGANA LETTER BE..HIRAGANA LETTER PE +307C..307D ; NFKD_QC; N # Lo [2] HIRAGANA LETTER BO..HIRAGANA LETTER PO +3094 ; NFKD_QC; N # Lo HIRAGANA LETTER VU +309B..309C ; NFKD_QC; N # Sk [2] KATAKANA-HIRAGANA VOICED SOUND MARK..KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK +309E ; NFKD_QC; N # Lm HIRAGANA VOICED ITERATION MARK +309F ; NFKD_QC; N # Lo HIRAGANA DIGRAPH YORI +30AC ; NFKD_QC; N # Lo KATAKANA LETTER GA +30AE ; NFKD_QC; N # Lo KATAKANA LETTER GI +30B0 ; NFKD_QC; N # Lo KATAKANA LETTER GU +30B2 ; NFKD_QC; N # Lo KATAKANA LETTER GE +30B4 ; NFKD_QC; N # Lo KATAKANA LETTER GO +30B6 ; NFKD_QC; N # Lo KATAKANA LETTER ZA +30B8 ; NFKD_QC; N # Lo KATAKANA LETTER ZI +30BA ; NFKD_QC; N # Lo KATAKANA LETTER ZU +30BC ; NFKD_QC; N # Lo KATAKANA LETTER ZE +30BE ; NFKD_QC; N # Lo KATAKANA LETTER ZO +30C0 ; NFKD_QC; N # Lo KATAKANA LETTER DA +30C2 ; NFKD_QC; N # Lo KATAKANA LETTER DI +30C5 ; NFKD_QC; N # Lo KATAKANA LETTER DU +30C7 ; NFKD_QC; N # Lo KATAKANA LETTER DE +30C9 ; NFKD_QC; N # Lo KATAKANA LETTER DO +30D0..30D1 ; NFKD_QC; N # Lo [2] KATAKANA LETTER BA..KATAKANA LETTER PA +30D3..30D4 ; NFKD_QC; N # Lo [2] KATAKANA LETTER BI..KATAKANA LETTER PI +30D6..30D7 ; NFKD_QC; N # Lo [2] KATAKANA LETTER BU..KATAKANA LETTER PU +30D9..30DA ; NFKD_QC; N # Lo [2] KATAKANA LETTER BE..KATAKANA LETTER PE +30DC..30DD ; NFKD_QC; N # Lo [2] KATAKANA LETTER BO..KATAKANA LETTER PO +30F4 ; NFKD_QC; N # Lo KATAKANA LETTER VU +30F7..30FA ; NFKD_QC; N # Lo [4] KATAKANA LETTER VA..KATAKANA LETTER VO +30FE ; NFKD_QC; N # Lm KATAKANA VOICED ITERATION MARK +30FF ; NFKD_QC; N # Lo KATAKANA DIGRAPH KOTO +3131..318E ; NFKD_QC; N # Lo [94] HANGUL LETTER KIYEOK..HANGUL LETTER ARAEAE +3192..3195 ; NFKD_QC; N # No [4] IDEOGRAPHIC ANNOTATION ONE MARK..IDEOGRAPHIC ANNOTATION FOUR MARK +3196..319F ; NFKD_QC; N # So [10] IDEOGRAPHIC ANNOTATION TOP MARK..IDEOGRAPHIC ANNOTATION MAN MARK +3200..321E ; NFKD_QC; N # So [31] PARENTHESIZED HANGUL KIYEOK..PARENTHESIZED KOREAN CHARACTER O HU +3220..3229 ; NFKD_QC; N # No [10] PARENTHESIZED IDEOGRAPH ONE..PARENTHESIZED IDEOGRAPH TEN +322A..3243 ; NFKD_QC; N # So [26] PARENTHESIZED IDEOGRAPH MOON..PARENTHESIZED IDEOGRAPH REACH +3250 ; NFKD_QC; N # So PARTNERSHIP SIGN +3251..325F ; NFKD_QC; N # No [15] CIRCLED NUMBER TWENTY ONE..CIRCLED NUMBER THIRTY FIVE +3260..327D ; NFKD_QC; N # So [30] CIRCLED HANGUL KIYEOK..CIRCLED KOREAN CHARACTER JUEUI +3280..3289 ; NFKD_QC; N # No [10] CIRCLED IDEOGRAPH ONE..CIRCLED IDEOGRAPH TEN +328A..32B0 ; NFKD_QC; N # So [39] CIRCLED IDEOGRAPH MOON..CIRCLED IDEOGRAPH NIGHT +32B1..32BF ; NFKD_QC; N # No [15] CIRCLED NUMBER THIRTY SIX..CIRCLED NUMBER FIFTY +32C0..32FE ; NFKD_QC; N # So [63] IDEOGRAPHIC TELEGRAPH SYMBOL FOR JANUARY..CIRCLED KATAKANA WO +3300..33FF ; NFKD_QC; N # So [256] SQUARE APAATO..SQUARE GAL +AC00..D7A3 ; NFKD_QC; N # Lo [11172] HANGUL SYLLABLE GA..HANGUL SYLLABLE HIH +F900..FA0D ; NFKD_QC; N # Lo [270] CJK COMPATIBILITY IDEOGRAPH-F900..CJK COMPATIBILITY IDEOGRAPH-FA0D +FA10 ; NFKD_QC; N # Lo CJK COMPATIBILITY IDEOGRAPH-FA10 +FA12 ; NFKD_QC; N # Lo CJK COMPATIBILITY IDEOGRAPH-FA12 +FA15..FA1E ; NFKD_QC; N # Lo [10] CJK COMPATIBILITY IDEOGRAPH-FA15..CJK COMPATIBILITY IDEOGRAPH-FA1E +FA20 ; NFKD_QC; N # Lo CJK COMPATIBILITY IDEOGRAPH-FA20 +FA22 ; NFKD_QC; N # Lo CJK COMPATIBILITY IDEOGRAPH-FA22 +FA25..FA26 ; NFKD_QC; N # Lo [2] CJK COMPATIBILITY IDEOGRAPH-FA25..CJK COMPATIBILITY IDEOGRAPH-FA26 +FA2A..FA2D ; NFKD_QC; N # Lo [4] CJK COMPATIBILITY IDEOGRAPH-FA2A..CJK COMPATIBILITY IDEOGRAPH-FA2D +FA30..FA6A ; NFKD_QC; N # Lo [59] CJK COMPATIBILITY IDEOGRAPH-FA30..CJK COMPATIBILITY IDEOGRAPH-FA6A +FB00..FB06 ; NFKD_QC; N # L& [7] LATIN SMALL LIGATURE FF..LATIN SMALL LIGATURE ST +FB13..FB17 ; NFKD_QC; N # L& [5] ARMENIAN SMALL LIGATURE MEN NOW..ARMENIAN SMALL LIGATURE MEN XEH +FB1D ; NFKD_QC; N # Lo HEBREW LETTER YOD WITH HIRIQ +FB1F..FB28 ; NFKD_QC; N # Lo [10] HEBREW LIGATURE YIDDISH YOD YOD PATAH..HEBREW LETTER WIDE TAV +FB29 ; NFKD_QC; N # Sm HEBREW LETTER ALTERNATIVE PLUS SIGN +FB2A..FB36 ; NFKD_QC; N # Lo [13] HEBREW LETTER SHIN WITH SHIN DOT..HEBREW LETTER ZAYIN WITH DAGESH +FB38..FB3C ; NFKD_QC; N # Lo [5] HEBREW LETTER TET WITH DAGESH..HEBREW LETTER LAMED WITH DAGESH +FB3E ; NFKD_QC; N # Lo HEBREW LETTER MEM WITH DAGESH +FB40..FB41 ; NFKD_QC; N # Lo [2] HEBREW LETTER NUN WITH DAGESH..HEBREW LETTER SAMEKH WITH DAGESH +FB43..FB44 ; NFKD_QC; N # Lo [2] HEBREW LETTER FINAL PE WITH DAGESH..HEBREW LETTER PE WITH DAGESH +FB46..FBB1 ; NFKD_QC; N # Lo [108] HEBREW LETTER TSADI WITH DAGESH..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE FINAL FORM +FBD3..FD3D ; NFKD_QC; N # Lo [363] ARABIC LETTER NG ISOLATED FORM..ARABIC LIGATURE ALEF WITH FATHATAN ISOLATED FORM +FD50..FD8F ; NFKD_QC; N # Lo [64] ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM..ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM +FD92..FDC7 ; NFKD_QC; N # Lo [54] ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM..ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM +FDF0..FDFB ; NFKD_QC; N # Lo [12] ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM..ARABIC LIGATURE JALLAJALALOUHOU +FDFC ; NFKD_QC; N # Sc RIAL SIGN +FE30 ; NFKD_QC; N # Po PRESENTATION FORM FOR VERTICAL TWO DOT LEADER +FE31..FE32 ; NFKD_QC; N # Pd [2] PRESENTATION FORM FOR VERTICAL EM DASH..PRESENTATION FORM FOR VERTICAL EN DASH +FE33..FE34 ; NFKD_QC; N # Pc [2] PRESENTATION FORM FOR VERTICAL LOW LINE..PRESENTATION FORM FOR VERTICAL WAVY LOW LINE +FE35 ; NFKD_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT PARENTHESIS +FE36 ; NFKD_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT PARENTHESIS +FE37 ; NFKD_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT CURLY BRACKET +FE38 ; NFKD_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT CURLY BRACKET +FE39 ; NFKD_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT TORTOISE SHELL BRACKET +FE3A ; NFKD_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT TORTOISE SHELL BRACKET +FE3B ; NFKD_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT BLACK LENTICULAR BRACKET +FE3C ; NFKD_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT BLACK LENTICULAR BRACKET +FE3D ; NFKD_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT DOUBLE ANGLE BRACKET +FE3E ; NFKD_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT DOUBLE ANGLE BRACKET +FE3F ; NFKD_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT ANGLE BRACKET +FE40 ; NFKD_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT ANGLE BRACKET +FE41 ; NFKD_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT CORNER BRACKET +FE42 ; NFKD_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT CORNER BRACKET +FE43 ; NFKD_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT WHITE CORNER BRACKET +FE44 ; NFKD_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT WHITE CORNER BRACKET +FE47 ; NFKD_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT SQUARE BRACKET +FE48 ; NFKD_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT SQUARE BRACKET +FE49..FE4C ; NFKD_QC; N # Po [4] DASHED OVERLINE..DOUBLE WAVY OVERLINE +FE4D..FE4F ; NFKD_QC; N # Pc [3] DASHED LOW LINE..WAVY LOW LINE +FE50..FE52 ; NFKD_QC; N # Po [3] SMALL COMMA..SMALL FULL STOP +FE54..FE57 ; NFKD_QC; N # Po [4] SMALL SEMICOLON..SMALL EXCLAMATION MARK +FE58 ; NFKD_QC; N # Pd SMALL EM DASH +FE59 ; NFKD_QC; N # Ps SMALL LEFT PARENTHESIS +FE5A ; NFKD_QC; N # Pe SMALL RIGHT PARENTHESIS +FE5B ; NFKD_QC; N # Ps SMALL LEFT CURLY BRACKET +FE5C ; NFKD_QC; N # Pe SMALL RIGHT CURLY BRACKET +FE5D ; NFKD_QC; N # Ps SMALL LEFT TORTOISE SHELL BRACKET +FE5E ; NFKD_QC; N # Pe SMALL RIGHT TORTOISE SHELL BRACKET +FE5F..FE61 ; NFKD_QC; N # Po [3] SMALL NUMBER SIGN..SMALL ASTERISK +FE62 ; NFKD_QC; N # Sm SMALL PLUS SIGN +FE63 ; NFKD_QC; N # Pd SMALL HYPHEN-MINUS +FE64..FE66 ; NFKD_QC; N # Sm [3] SMALL LESS-THAN SIGN..SMALL EQUALS SIGN +FE68 ; NFKD_QC; N # Po SMALL REVERSE SOLIDUS +FE69 ; NFKD_QC; N # Sc SMALL DOLLAR SIGN +FE6A..FE6B ; NFKD_QC; N # Po [2] SMALL PERCENT SIGN..SMALL COMMERCIAL AT +FE70..FE72 ; NFKD_QC; N # Lo [3] ARABIC FATHATAN ISOLATED FORM..ARABIC DAMMATAN ISOLATED FORM +FE74 ; NFKD_QC; N # Lo ARABIC KASRATAN ISOLATED FORM +FE76..FEFC ; NFKD_QC; N # Lo [135] ARABIC FATHA ISOLATED FORM..ARABIC LIGATURE LAM WITH ALEF FINAL FORM +FF01..FF03 ; NFKD_QC; N # Po [3] FULLWIDTH EXCLAMATION MARK..FULLWIDTH NUMBER SIGN +FF04 ; NFKD_QC; N # Sc FULLWIDTH DOLLAR SIGN +FF05..FF07 ; NFKD_QC; N # Po [3] FULLWIDTH PERCENT SIGN..FULLWIDTH APOSTROPHE +FF08 ; NFKD_QC; N # Ps FULLWIDTH LEFT PARENTHESIS +FF09 ; NFKD_QC; N # Pe FULLWIDTH RIGHT PARENTHESIS +FF0A ; NFKD_QC; N # Po FULLWIDTH ASTERISK +FF0B ; NFKD_QC; N # Sm FULLWIDTH PLUS SIGN +FF0C ; NFKD_QC; N # Po FULLWIDTH COMMA +FF0D ; NFKD_QC; N # Pd FULLWIDTH HYPHEN-MINUS +FF0E..FF0F ; NFKD_QC; N # Po [2] FULLWIDTH FULL STOP..FULLWIDTH SOLIDUS +FF10..FF19 ; NFKD_QC; N # Nd [10] FULLWIDTH DIGIT ZERO..FULLWIDTH DIGIT NINE +FF1A..FF1B ; NFKD_QC; N # Po [2] FULLWIDTH COLON..FULLWIDTH SEMICOLON +FF1C..FF1E ; NFKD_QC; N # Sm [3] FULLWIDTH LESS-THAN SIGN..FULLWIDTH GREATER-THAN SIGN +FF1F..FF20 ; NFKD_QC; N # Po [2] FULLWIDTH QUESTION MARK..FULLWIDTH COMMERCIAL AT +FF21..FF3A ; NFKD_QC; N # L& [26] FULLWIDTH LATIN CAPITAL LETTER A..FULLWIDTH LATIN CAPITAL LETTER Z +FF3B ; NFKD_QC; N # Ps FULLWIDTH LEFT SQUARE BRACKET +FF3C ; NFKD_QC; N # Po FULLWIDTH REVERSE SOLIDUS +FF3D ; NFKD_QC; N # Pe FULLWIDTH RIGHT SQUARE BRACKET +FF3E ; NFKD_QC; N # Sk FULLWIDTH CIRCUMFLEX ACCENT +FF3F ; NFKD_QC; N # Pc FULLWIDTH LOW LINE +FF40 ; NFKD_QC; N # Sk FULLWIDTH GRAVE ACCENT +FF41..FF5A ; NFKD_QC; N # L& [26] FULLWIDTH LATIN SMALL LETTER A..FULLWIDTH LATIN SMALL LETTER Z +FF5B ; NFKD_QC; N # Ps FULLWIDTH LEFT CURLY BRACKET +FF5C ; NFKD_QC; N # Sm FULLWIDTH VERTICAL LINE +FF5D ; NFKD_QC; N # Pe FULLWIDTH RIGHT CURLY BRACKET +FF5E ; NFKD_QC; N # Sm FULLWIDTH TILDE +FF5F ; NFKD_QC; N # Ps FULLWIDTH LEFT WHITE PARENTHESIS +FF60 ; NFKD_QC; N # Pe FULLWIDTH RIGHT WHITE PARENTHESIS +FF61 ; NFKD_QC; N # Po HALFWIDTH IDEOGRAPHIC FULL STOP +FF62 ; NFKD_QC; N # Ps HALFWIDTH LEFT CORNER BRACKET +FF63 ; NFKD_QC; N # Pe HALFWIDTH RIGHT CORNER BRACKET +FF64 ; NFKD_QC; N # Po HALFWIDTH IDEOGRAPHIC COMMA +FF65 ; NFKD_QC; N # Pc HALFWIDTH KATAKANA MIDDLE DOT +FF66..FF6F ; NFKD_QC; N # Lo [10] HALFWIDTH KATAKANA LETTER WO..HALFWIDTH KATAKANA LETTER SMALL TU +FF70 ; NFKD_QC; N # Lm HALFWIDTH KATAKANA-HIRAGANA PROLONGED SOUND MARK +FF71..FF9D ; NFKD_QC; N # Lo [45] HALFWIDTH KATAKANA LETTER A..HALFWIDTH KATAKANA LETTER N +FF9E..FF9F ; NFKD_QC; N # Lm [2] HALFWIDTH KATAKANA VOICED SOUND MARK..HALFWIDTH KATAKANA SEMI-VOICED SOUND MARK +FFA0..FFBE ; NFKD_QC; N # Lo [31] HALFWIDTH HANGUL FILLER..HALFWIDTH HANGUL LETTER HIEUH +FFC2..FFC7 ; NFKD_QC; N # Lo [6] HALFWIDTH HANGUL LETTER A..HALFWIDTH HANGUL LETTER E +FFCA..FFCF ; NFKD_QC; N # Lo [6] HALFWIDTH HANGUL LETTER YEO..HALFWIDTH HANGUL LETTER OE +FFD2..FFD7 ; NFKD_QC; N # Lo [6] HALFWIDTH HANGUL LETTER YO..HALFWIDTH HANGUL LETTER YU +FFDA..FFDC ; NFKD_QC; N # Lo [3] HALFWIDTH HANGUL LETTER EU..HALFWIDTH HANGUL LETTER I +FFE0..FFE1 ; NFKD_QC; N # Sc [2] FULLWIDTH CENT SIGN..FULLWIDTH POUND SIGN +FFE2 ; NFKD_QC; N # Sm FULLWIDTH NOT SIGN +FFE3 ; NFKD_QC; N # Sk FULLWIDTH MACRON +FFE4 ; NFKD_QC; N # So FULLWIDTH BROKEN BAR +FFE5..FFE6 ; NFKD_QC; N # Sc [2] FULLWIDTH YEN SIGN..FULLWIDTH WON SIGN +FFE8 ; NFKD_QC; N # So HALFWIDTH FORMS LIGHT VERTICAL +FFE9..FFEC ; NFKD_QC; N # Sm [4] HALFWIDTH LEFTWARDS ARROW..HALFWIDTH DOWNWARDS ARROW +FFED..FFEE ; NFKD_QC; N # So [2] HALFWIDTH BLACK SQUARE..HALFWIDTH WHITE CIRCLE +1D15E..1D164 ; NFKD_QC; N # So [7] MUSICAL SYMBOL HALF NOTE..MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE +1D1BB..1D1C0 ; NFKD_QC; N # So [6] MUSICAL SYMBOL MINIMA..MUSICAL SYMBOL FUSA BLACK +1D400..1D454 ; NFKD_QC; N # L& [85] MATHEMATICAL BOLD CAPITAL A..MATHEMATICAL ITALIC SMALL G +1D456..1D49C ; NFKD_QC; N # L& [71] MATHEMATICAL ITALIC SMALL I..MATHEMATICAL SCRIPT CAPITAL A +1D49E..1D49F ; NFKD_QC; N # L& [2] MATHEMATICAL SCRIPT CAPITAL C..MATHEMATICAL SCRIPT CAPITAL D +1D4A2 ; NFKD_QC; N # L& MATHEMATICAL SCRIPT CAPITAL G +1D4A5..1D4A6 ; NFKD_QC; N # L& [2] MATHEMATICAL SCRIPT CAPITAL J..MATHEMATICAL SCRIPT CAPITAL K +1D4A9..1D4AC ; NFKD_QC; N # L& [4] MATHEMATICAL SCRIPT CAPITAL N..MATHEMATICAL SCRIPT CAPITAL Q +1D4AE..1D4B9 ; NFKD_QC; N # L& [12] MATHEMATICAL SCRIPT CAPITAL S..MATHEMATICAL SCRIPT SMALL D +1D4BB ; NFKD_QC; N # L& MATHEMATICAL SCRIPT SMALL F +1D4BD..1D4C3 ; NFKD_QC; N # L& [7] MATHEMATICAL SCRIPT SMALL H..MATHEMATICAL SCRIPT SMALL N +1D4C5..1D505 ; NFKD_QC; N # L& [65] MATHEMATICAL SCRIPT SMALL P..MATHEMATICAL FRAKTUR CAPITAL B +1D507..1D50A ; NFKD_QC; N # L& [4] MATHEMATICAL FRAKTUR CAPITAL D..MATHEMATICAL FRAKTUR CAPITAL G +1D50D..1D514 ; NFKD_QC; N # L& [8] MATHEMATICAL FRAKTUR CAPITAL J..MATHEMATICAL FRAKTUR CAPITAL Q +1D516..1D51C ; NFKD_QC; N # L& [7] MATHEMATICAL FRAKTUR CAPITAL S..MATHEMATICAL FRAKTUR CAPITAL Y +1D51E..1D539 ; NFKD_QC; N # L& [28] MATHEMATICAL FRAKTUR SMALL A..MATHEMATICAL DOUBLE-STRUCK CAPITAL B +1D53B..1D53E ; NFKD_QC; N # L& [4] MATHEMATICAL DOUBLE-STRUCK CAPITAL D..MATHEMATICAL DOUBLE-STRUCK CAPITAL G +1D540..1D544 ; NFKD_QC; N # L& [5] MATHEMATICAL DOUBLE-STRUCK CAPITAL I..MATHEMATICAL DOUBLE-STRUCK CAPITAL M +1D546 ; NFKD_QC; N # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL O +1D54A..1D550 ; NFKD_QC; N # L& [7] MATHEMATICAL DOUBLE-STRUCK CAPITAL S..MATHEMATICAL DOUBLE-STRUCK CAPITAL Y +1D552..1D6A3 ; NFKD_QC; N # L& [338] MATHEMATICAL DOUBLE-STRUCK SMALL A..MATHEMATICAL MONOSPACE SMALL Z +1D6A8..1D6C0 ; NFKD_QC; N # L& [25] MATHEMATICAL BOLD CAPITAL ALPHA..MATHEMATICAL BOLD CAPITAL OMEGA +1D6C1 ; NFKD_QC; N # Sm MATHEMATICAL BOLD NABLA +1D6C2..1D6DA ; NFKD_QC; N # L& [25] MATHEMATICAL BOLD SMALL ALPHA..MATHEMATICAL BOLD SMALL OMEGA +1D6DB ; NFKD_QC; N # Sm MATHEMATICAL BOLD PARTIAL DIFFERENTIAL +1D6DC..1D6FA ; NFKD_QC; N # L& [31] MATHEMATICAL BOLD EPSILON SYMBOL..MATHEMATICAL ITALIC CAPITAL OMEGA +1D6FB ; NFKD_QC; N # Sm MATHEMATICAL ITALIC NABLA +1D6FC..1D714 ; NFKD_QC; N # L& [25] MATHEMATICAL ITALIC SMALL ALPHA..MATHEMATICAL ITALIC SMALL OMEGA +1D715 ; NFKD_QC; N # Sm MATHEMATICAL ITALIC PARTIAL DIFFERENTIAL +1D716..1D734 ; NFKD_QC; N # L& [31] MATHEMATICAL ITALIC EPSILON SYMBOL..MATHEMATICAL BOLD ITALIC CAPITAL OMEGA +1D735 ; NFKD_QC; N # Sm MATHEMATICAL BOLD ITALIC NABLA +1D736..1D74E ; NFKD_QC; N # L& [25] MATHEMATICAL BOLD ITALIC SMALL ALPHA..MATHEMATICAL BOLD ITALIC SMALL OMEGA +1D74F ; NFKD_QC; N # Sm MATHEMATICAL BOLD ITALIC PARTIAL DIFFERENTIAL +1D750..1D76E ; NFKD_QC; N # L& [31] MATHEMATICAL BOLD ITALIC EPSILON SYMBOL..MATHEMATICAL SANS-SERIF BOLD CAPITAL OMEGA +1D76F ; NFKD_QC; N # Sm MATHEMATICAL SANS-SERIF BOLD NABLA +1D770..1D788 ; NFKD_QC; N # L& [25] MATHEMATICAL SANS-SERIF BOLD SMALL ALPHA..MATHEMATICAL SANS-SERIF BOLD SMALL OMEGA +1D789 ; NFKD_QC; N # Sm MATHEMATICAL SANS-SERIF BOLD PARTIAL DIFFERENTIAL +1D78A..1D7A8 ; NFKD_QC; N # L& [31] MATHEMATICAL SANS-SERIF BOLD EPSILON SYMBOL..MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMEGA +1D7A9 ; NFKD_QC; N # Sm MATHEMATICAL SANS-SERIF BOLD ITALIC NABLA +1D7AA..1D7C2 ; NFKD_QC; N # L& [25] MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ALPHA..MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMEGA +1D7C3 ; NFKD_QC; N # Sm MATHEMATICAL SANS-SERIF BOLD ITALIC PARTIAL DIFFERENTIAL +1D7C4..1D7C9 ; NFKD_QC; N # L& [6] MATHEMATICAL SANS-SERIF BOLD ITALIC EPSILON SYMBOL..MATHEMATICAL SANS-SERIF BOLD ITALIC PI SYMBOL +1D7CE..1D7FF ; NFKD_QC; N # Nd [50] MATHEMATICAL BOLD DIGIT ZERO..MATHEMATICAL MONOSPACE DIGIT NINE +2F800..2FA1D ; NFKD_QC; N # Lo [542] CJK COMPATIBILITY IDEOGRAPH-2F800..CJK COMPATIBILITY IDEOGRAPH-2FA1D + +# Total code points: 16396 + +# ================================================ + +# Property: NFKC_Quick_Check + +# All code points not explicitly listed for NFKC_Quick_Check +# have the value Yes (Y). + +# ================================================ + +# NFKC_Quick_Check=No + +00A0 ; NFKC_QC; N # Zs NO-BREAK SPACE +00A8 ; NFKC_QC; N # Sk DIAERESIS +00AA ; NFKC_QC; N # L& FEMININE ORDINAL INDICATOR +00AF ; NFKC_QC; N # Sk MACRON +00B2..00B3 ; NFKC_QC; N # No [2] SUPERSCRIPT TWO..SUPERSCRIPT THREE +00B4 ; NFKC_QC; N # Sk ACUTE ACCENT +00B5 ; NFKC_QC; N # L& MICRO SIGN +00B8 ; NFKC_QC; N # Sk CEDILLA +00B9 ; NFKC_QC; N # No SUPERSCRIPT ONE +00BA ; NFKC_QC; N # L& MASCULINE ORDINAL INDICATOR +00BC..00BE ; NFKC_QC; N # No [3] VULGAR FRACTION ONE QUARTER..VULGAR FRACTION THREE QUARTERS +0132..0133 ; NFKC_QC; N # L& [2] LATIN CAPITAL LIGATURE IJ..LATIN SMALL LIGATURE IJ +013F..0140 ; NFKC_QC; N # L& [2] LATIN CAPITAL LETTER L WITH MIDDLE DOT..LATIN SMALL LETTER L WITH MIDDLE DOT +0149 ; NFKC_QC; N # L& LATIN SMALL LETTER N PRECEDED BY APOSTROPHE +017F ; NFKC_QC; N # L& LATIN SMALL LETTER LONG S +01C4..01CC ; NFKC_QC; N # L& [9] LATIN CAPITAL LETTER DZ WITH CARON..LATIN SMALL LETTER NJ +01F1..01F3 ; NFKC_QC; N # L& [3] LATIN CAPITAL LETTER DZ..LATIN SMALL LETTER DZ +02B0..02B8 ; NFKC_QC; N # Lm [9] MODIFIER LETTER SMALL H..MODIFIER LETTER SMALL Y +02D8..02DD ; NFKC_QC; N # Sk [6] BREVE..DOUBLE ACUTE ACCENT +02E0..02E4 ; NFKC_QC; N # Lm [5] MODIFIER LETTER SMALL GAMMA..MODIFIER LETTER SMALL REVERSED GLOTTAL STOP +0340..0341 ; NFKC_QC; N # Mn [2] COMBINING GRAVE TONE MARK..COMBINING ACUTE TONE MARK +0343..0344 ; NFKC_QC; N # Mn [2] COMBINING GREEK KORONIS..COMBINING GREEK DIALYTIKA TONOS +0374 ; NFKC_QC; N # Sk GREEK NUMERAL SIGN +037A ; NFKC_QC; N # Lm GREEK YPOGEGRAMMENI +037E ; NFKC_QC; N # Po GREEK QUESTION MARK +0384..0385 ; NFKC_QC; N # Sk [2] GREEK TONOS..GREEK DIALYTIKA TONOS +0387 ; NFKC_QC; N # Po GREEK ANO TELEIA +03D0..03D6 ; NFKC_QC; N # L& [7] GREEK BETA SYMBOL..GREEK PI SYMBOL +03F0..03F2 ; NFKC_QC; N # L& [3] GREEK KAPPA SYMBOL..GREEK LUNATE SIGMA SYMBOL +03F4..03F5 ; NFKC_QC; N # L& [2] GREEK CAPITAL THETA SYMBOL..GREEK LUNATE EPSILON SYMBOL +03F9 ; NFKC_QC; N # L& GREEK CAPITAL LUNATE SIGMA SYMBOL +0587 ; NFKC_QC; N # L& ARMENIAN SMALL LIGATURE ECH YIWN +0675..0678 ; NFKC_QC; N # Lo [4] ARABIC LETTER HIGH HAMZA ALEF..ARABIC LETTER HIGH HAMZA YEH +0958..095F ; NFKC_QC; N # Lo [8] DEVANAGARI LETTER QA..DEVANAGARI LETTER YYA +09DC..09DD ; NFKC_QC; N # Lo [2] BENGALI LETTER RRA..BENGALI LETTER RHA +09DF ; NFKC_QC; N # Lo BENGALI LETTER YYA +0A33 ; NFKC_QC; N # Lo GURMUKHI LETTER LLA +0A36 ; NFKC_QC; N # Lo GURMUKHI LETTER SHA +0A59..0A5B ; NFKC_QC; N # Lo [3] GURMUKHI LETTER KHHA..GURMUKHI LETTER ZA +0A5E ; NFKC_QC; N # Lo GURMUKHI LETTER FA +0B5C..0B5D ; NFKC_QC; N # Lo [2] ORIYA LETTER RRA..ORIYA LETTER RHA +0E33 ; NFKC_QC; N # Lo THAI CHARACTER SARA AM +0EB3 ; NFKC_QC; N # Lo LAO VOWEL SIGN AM +0EDC..0EDD ; NFKC_QC; N # Lo [2] LAO HO NO..LAO HO MO +0F0C ; NFKC_QC; N # Po TIBETAN MARK DELIMITER TSHEG BSTAR +0F43 ; NFKC_QC; N # Lo TIBETAN LETTER GHA +0F4D ; NFKC_QC; N # Lo TIBETAN LETTER DDHA +0F52 ; NFKC_QC; N # Lo TIBETAN LETTER DHA +0F57 ; NFKC_QC; N # Lo TIBETAN LETTER BHA +0F5C ; NFKC_QC; N # Lo TIBETAN LETTER DZHA +0F69 ; NFKC_QC; N # Lo TIBETAN LETTER KSSA +0F73 ; NFKC_QC; N # Mn TIBETAN VOWEL SIGN II +0F75..0F79 ; NFKC_QC; N # Mn [5] TIBETAN VOWEL SIGN UU..TIBETAN VOWEL SIGN VOCALIC LL +0F81 ; NFKC_QC; N # Mn TIBETAN VOWEL SIGN REVERSED II +0F93 ; NFKC_QC; N # Mn TIBETAN SUBJOINED LETTER GHA +0F9D ; NFKC_QC; N # Mn TIBETAN SUBJOINED LETTER DDHA +0FA2 ; NFKC_QC; N # Mn TIBETAN SUBJOINED LETTER DHA +0FA7 ; NFKC_QC; N # Mn TIBETAN SUBJOINED LETTER BHA +0FAC ; NFKC_QC; N # Mn TIBETAN SUBJOINED LETTER DZHA +0FB9 ; NFKC_QC; N # Mn TIBETAN SUBJOINED LETTER KSSA +1D2C..1D2E ; NFKC_QC; N # Lm [3] MODIFIER LETTER CAPITAL A..MODIFIER LETTER CAPITAL B +1D30..1D3A ; NFKC_QC; N # Lm [11] MODIFIER LETTER CAPITAL D..MODIFIER LETTER CAPITAL N +1D3C..1D4D ; NFKC_QC; N # Lm [18] MODIFIER LETTER CAPITAL O..MODIFIER LETTER SMALL G +1D4F..1D61 ; NFKC_QC; N # Lm [19] MODIFIER LETTER SMALL K..MODIFIER LETTER SMALL CHI +1D62..1D6A ; NFKC_QC; N # L& [9] LATIN SUBSCRIPT SMALL LETTER I..GREEK SUBSCRIPT SMALL LETTER CHI +1E9A..1E9B ; NFKC_QC; N # L& [2] LATIN SMALL LETTER A WITH RIGHT HALF RING..LATIN SMALL LETTER LONG S WITH DOT ABOVE +1F71 ; NFKC_QC; N # L& GREEK SMALL LETTER ALPHA WITH OXIA +1F73 ; NFKC_QC; N # L& GREEK SMALL LETTER EPSILON WITH OXIA +1F75 ; NFKC_QC; N # L& GREEK SMALL LETTER ETA WITH OXIA +1F77 ; NFKC_QC; N # L& GREEK SMALL LETTER IOTA WITH OXIA +1F79 ; NFKC_QC; N # L& GREEK SMALL LETTER OMICRON WITH OXIA +1F7B ; NFKC_QC; N # L& GREEK SMALL LETTER UPSILON WITH OXIA +1F7D ; NFKC_QC; N # L& GREEK SMALL LETTER OMEGA WITH OXIA +1FBB ; NFKC_QC; N # L& GREEK CAPITAL LETTER ALPHA WITH OXIA +1FBD ; NFKC_QC; N # Sk GREEK KORONIS +1FBE ; NFKC_QC; N # L& GREEK PROSGEGRAMMENI +1FBF..1FC1 ; NFKC_QC; N # Sk [3] GREEK PSILI..GREEK DIALYTIKA AND PERISPOMENI +1FC9 ; NFKC_QC; N # L& GREEK CAPITAL LETTER EPSILON WITH OXIA +1FCB ; NFKC_QC; N # L& GREEK CAPITAL LETTER ETA WITH OXIA +1FCD..1FCF ; NFKC_QC; N # Sk [3] GREEK PSILI AND VARIA..GREEK PSILI AND PERISPOMENI +1FD3 ; NFKC_QC; N # L& GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA +1FDB ; NFKC_QC; N # L& GREEK CAPITAL LETTER IOTA WITH OXIA +1FDD..1FDF ; NFKC_QC; N # Sk [3] GREEK DASIA AND VARIA..GREEK DASIA AND PERISPOMENI +1FE3 ; NFKC_QC; N # L& GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND OXIA +1FEB ; NFKC_QC; N # L& GREEK CAPITAL LETTER UPSILON WITH OXIA +1FED..1FEF ; NFKC_QC; N # Sk [3] GREEK DIALYTIKA AND VARIA..GREEK VARIA +1FF9 ; NFKC_QC; N # L& GREEK CAPITAL LETTER OMICRON WITH OXIA +1FFB ; NFKC_QC; N # L& GREEK CAPITAL LETTER OMEGA WITH OXIA +1FFD..1FFE ; NFKC_QC; N # Sk [2] GREEK OXIA..GREEK DASIA +2000..200A ; NFKC_QC; N # Zs [11] EN QUAD..HAIR SPACE +2011 ; NFKC_QC; N # Pd NON-BREAKING HYPHEN +2017 ; NFKC_QC; N # Po DOUBLE LOW LINE +2024..2026 ; NFKC_QC; N # Po [3] ONE DOT LEADER..HORIZONTAL ELLIPSIS +202F ; NFKC_QC; N # Zs NARROW NO-BREAK SPACE +2033..2034 ; NFKC_QC; N # Po [2] DOUBLE PRIME..TRIPLE PRIME +2036..2037 ; NFKC_QC; N # Po [2] REVERSED DOUBLE PRIME..REVERSED TRIPLE PRIME +203C ; NFKC_QC; N # Po DOUBLE EXCLAMATION MARK +203E ; NFKC_QC; N # Po OVERLINE +2047..2049 ; NFKC_QC; N # Po [3] DOUBLE QUESTION MARK..EXCLAMATION QUESTION MARK +2057 ; NFKC_QC; N # Po QUADRUPLE PRIME +205F ; NFKC_QC; N # Zs MEDIUM MATHEMATICAL SPACE +2070 ; NFKC_QC; N # No SUPERSCRIPT ZERO +2071 ; NFKC_QC; N # L& SUPERSCRIPT LATIN SMALL LETTER I +2074..2079 ; NFKC_QC; N # No [6] SUPERSCRIPT FOUR..SUPERSCRIPT NINE +207A..207C ; NFKC_QC; N # Sm [3] SUPERSCRIPT PLUS SIGN..SUPERSCRIPT EQUALS SIGN +207D ; NFKC_QC; N # Ps SUPERSCRIPT LEFT PARENTHESIS +207E ; NFKC_QC; N # Pe SUPERSCRIPT RIGHT PARENTHESIS +207F ; NFKC_QC; N # L& SUPERSCRIPT LATIN SMALL LETTER N +2080..2089 ; NFKC_QC; N # No [10] SUBSCRIPT ZERO..SUBSCRIPT NINE +208A..208C ; NFKC_QC; N # Sm [3] SUBSCRIPT PLUS SIGN..SUBSCRIPT EQUALS SIGN +208D ; NFKC_QC; N # Ps SUBSCRIPT LEFT PARENTHESIS +208E ; NFKC_QC; N # Pe SUBSCRIPT RIGHT PARENTHESIS +20A8 ; NFKC_QC; N # Sc RUPEE SIGN +2100..2101 ; NFKC_QC; N # So [2] ACCOUNT OF..ADDRESSED TO THE SUBJECT +2102 ; NFKC_QC; N # L& DOUBLE-STRUCK CAPITAL C +2103 ; NFKC_QC; N # So DEGREE CELSIUS +2105..2106 ; NFKC_QC; N # So [2] CARE OF..CADA UNA +2107 ; NFKC_QC; N # L& EULER CONSTANT +2109 ; NFKC_QC; N # So DEGREE FAHRENHEIT +210A..2113 ; NFKC_QC; N # L& [10] SCRIPT SMALL G..SCRIPT SMALL L +2115 ; NFKC_QC; N # L& DOUBLE-STRUCK CAPITAL N +2116 ; NFKC_QC; N # So NUMERO SIGN +2119..211D ; NFKC_QC; N # L& [5] DOUBLE-STRUCK CAPITAL P..DOUBLE-STRUCK CAPITAL R +2120..2122 ; NFKC_QC; N # So [3] SERVICE MARK..TRADE MARK SIGN +2124 ; NFKC_QC; N # L& DOUBLE-STRUCK CAPITAL Z +2126 ; NFKC_QC; N # L& OHM SIGN +2128 ; NFKC_QC; N # L& BLACK-LETTER CAPITAL Z +212A..212D ; NFKC_QC; N # L& [4] KELVIN SIGN..BLACK-LETTER CAPITAL C +212F..2131 ; NFKC_QC; N # L& [3] SCRIPT SMALL E..SCRIPT CAPITAL F +2133..2134 ; NFKC_QC; N # L& [2] SCRIPT CAPITAL M..SCRIPT SMALL O +2135..2138 ; NFKC_QC; N # Lo [4] ALEF SYMBOL..DALET SYMBOL +2139 ; NFKC_QC; N # L& INFORMATION SOURCE +213B ; NFKC_QC; N # So FACSIMILE SIGN +213D..213F ; NFKC_QC; N # L& [3] DOUBLE-STRUCK SMALL GAMMA..DOUBLE-STRUCK CAPITAL PI +2140 ; NFKC_QC; N # Sm DOUBLE-STRUCK N-ARY SUMMATION +2145..2149 ; NFKC_QC; N # L& [5] DOUBLE-STRUCK ITALIC CAPITAL D..DOUBLE-STRUCK ITALIC SMALL J +2153..215F ; NFKC_QC; N # No [13] VULGAR FRACTION ONE THIRD..FRACTION NUMERATOR ONE +2160..217F ; NFKC_QC; N # Nl [32] ROMAN NUMERAL ONE..SMALL ROMAN NUMERAL ONE THOUSAND +222C..222D ; NFKC_QC; N # Sm [2] DOUBLE INTEGRAL..TRIPLE INTEGRAL +222F..2230 ; NFKC_QC; N # Sm [2] SURFACE INTEGRAL..VOLUME INTEGRAL +2329 ; NFKC_QC; N # Ps LEFT-POINTING ANGLE BRACKET +232A ; NFKC_QC; N # Pe RIGHT-POINTING ANGLE BRACKET +2460..249B ; NFKC_QC; N # No [60] CIRCLED DIGIT ONE..NUMBER TWENTY FULL STOP +249C..24E9 ; NFKC_QC; N # So [78] PARENTHESIZED LATIN SMALL LETTER A..CIRCLED LATIN SMALL LETTER Z +24EA ; NFKC_QC; N # No CIRCLED DIGIT ZERO +2A0C ; NFKC_QC; N # Sm QUADRUPLE INTEGRAL OPERATOR +2A74..2A76 ; NFKC_QC; N # Sm [3] DOUBLE COLON EQUAL..THREE CONSECUTIVE EQUALS SIGNS +2ADC ; NFKC_QC; N # Sm FORKING +2E9F ; NFKC_QC; N # So CJK RADICAL MOTHER +2EF3 ; NFKC_QC; N # So CJK RADICAL C-SIMPLIFIED TURTLE +2F00..2FD5 ; NFKC_QC; N # So [214] KANGXI RADICAL ONE..KANGXI RADICAL FLUTE +3000 ; NFKC_QC; N # Zs IDEOGRAPHIC SPACE +3036 ; NFKC_QC; N # So CIRCLED POSTAL MARK +3038..303A ; NFKC_QC; N # Nl [3] HANGZHOU NUMERAL TEN..HANGZHOU NUMERAL THIRTY +309B..309C ; NFKC_QC; N # Sk [2] KATAKANA-HIRAGANA VOICED SOUND MARK..KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK +309F ; NFKC_QC; N # Lo HIRAGANA DIGRAPH YORI +30FF ; NFKC_QC; N # Lo KATAKANA DIGRAPH KOTO +3131..318E ; NFKC_QC; N # Lo [94] HANGUL LETTER KIYEOK..HANGUL LETTER ARAEAE +3192..3195 ; NFKC_QC; N # No [4] IDEOGRAPHIC ANNOTATION ONE MARK..IDEOGRAPHIC ANNOTATION FOUR MARK +3196..319F ; NFKC_QC; N # So [10] IDEOGRAPHIC ANNOTATION TOP MARK..IDEOGRAPHIC ANNOTATION MAN MARK +3200..321E ; NFKC_QC; N # So [31] PARENTHESIZED HANGUL KIYEOK..PARENTHESIZED KOREAN CHARACTER O HU +3220..3229 ; NFKC_QC; N # No [10] PARENTHESIZED IDEOGRAPH ONE..PARENTHESIZED IDEOGRAPH TEN +322A..3243 ; NFKC_QC; N # So [26] PARENTHESIZED IDEOGRAPH MOON..PARENTHESIZED IDEOGRAPH REACH +3250 ; NFKC_QC; N # So PARTNERSHIP SIGN +3251..325F ; NFKC_QC; N # No [15] CIRCLED NUMBER TWENTY ONE..CIRCLED NUMBER THIRTY FIVE +3260..327D ; NFKC_QC; N # So [30] CIRCLED HANGUL KIYEOK..CIRCLED KOREAN CHARACTER JUEUI +3280..3289 ; NFKC_QC; N # No [10] CIRCLED IDEOGRAPH ONE..CIRCLED IDEOGRAPH TEN +328A..32B0 ; NFKC_QC; N # So [39] CIRCLED IDEOGRAPH MOON..CIRCLED IDEOGRAPH NIGHT +32B1..32BF ; NFKC_QC; N # No [15] CIRCLED NUMBER THIRTY SIX..CIRCLED NUMBER FIFTY +32C0..32FE ; NFKC_QC; N # So [63] IDEOGRAPHIC TELEGRAPH SYMBOL FOR JANUARY..CIRCLED KATAKANA WO +3300..33FF ; NFKC_QC; N # So [256] SQUARE APAATO..SQUARE GAL +F900..FA0D ; NFKC_QC; N # Lo [270] CJK COMPATIBILITY IDEOGRAPH-F900..CJK COMPATIBILITY IDEOGRAPH-FA0D +FA10 ; NFKC_QC; N # Lo CJK COMPATIBILITY IDEOGRAPH-FA10 +FA12 ; NFKC_QC; N # Lo CJK COMPATIBILITY IDEOGRAPH-FA12 +FA15..FA1E ; NFKC_QC; N # Lo [10] CJK COMPATIBILITY IDEOGRAPH-FA15..CJK COMPATIBILITY IDEOGRAPH-FA1E +FA20 ; NFKC_QC; N # Lo CJK COMPATIBILITY IDEOGRAPH-FA20 +FA22 ; NFKC_QC; N # Lo CJK COMPATIBILITY IDEOGRAPH-FA22 +FA25..FA26 ; NFKC_QC; N # Lo [2] CJK COMPATIBILITY IDEOGRAPH-FA25..CJK COMPATIBILITY IDEOGRAPH-FA26 +FA2A..FA2D ; NFKC_QC; N # Lo [4] CJK COMPATIBILITY IDEOGRAPH-FA2A..CJK COMPATIBILITY IDEOGRAPH-FA2D +FA30..FA6A ; NFKC_QC; N # Lo [59] CJK COMPATIBILITY IDEOGRAPH-FA30..CJK COMPATIBILITY IDEOGRAPH-FA6A +FB00..FB06 ; NFKC_QC; N # L& [7] LATIN SMALL LIGATURE FF..LATIN SMALL LIGATURE ST +FB13..FB17 ; NFKC_QC; N # L& [5] ARMENIAN SMALL LIGATURE MEN NOW..ARMENIAN SMALL LIGATURE MEN XEH +FB1D ; NFKC_QC; N # Lo HEBREW LETTER YOD WITH HIRIQ +FB1F..FB28 ; NFKC_QC; N # Lo [10] HEBREW LIGATURE YIDDISH YOD YOD PATAH..HEBREW LETTER WIDE TAV +FB29 ; NFKC_QC; N # Sm HEBREW LETTER ALTERNATIVE PLUS SIGN +FB2A..FB36 ; NFKC_QC; N # Lo [13] HEBREW LETTER SHIN WITH SHIN DOT..HEBREW LETTER ZAYIN WITH DAGESH +FB38..FB3C ; NFKC_QC; N # Lo [5] HEBREW LETTER TET WITH DAGESH..HEBREW LETTER LAMED WITH DAGESH +FB3E ; NFKC_QC; N # Lo HEBREW LETTER MEM WITH DAGESH +FB40..FB41 ; NFKC_QC; N # Lo [2] HEBREW LETTER NUN WITH DAGESH..HEBREW LETTER SAMEKH WITH DAGESH +FB43..FB44 ; NFKC_QC; N # Lo [2] HEBREW LETTER FINAL PE WITH DAGESH..HEBREW LETTER PE WITH DAGESH +FB46..FBB1 ; NFKC_QC; N # Lo [108] HEBREW LETTER TSADI WITH DAGESH..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE FINAL FORM +FBD3..FD3D ; NFKC_QC; N # Lo [363] ARABIC LETTER NG ISOLATED FORM..ARABIC LIGATURE ALEF WITH FATHATAN ISOLATED FORM +FD50..FD8F ; NFKC_QC; N # Lo [64] ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM..ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM +FD92..FDC7 ; NFKC_QC; N # Lo [54] ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM..ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM +FDF0..FDFB ; NFKC_QC; N # Lo [12] ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM..ARABIC LIGATURE JALLAJALALOUHOU +FDFC ; NFKC_QC; N # Sc RIAL SIGN +FE30 ; NFKC_QC; N # Po PRESENTATION FORM FOR VERTICAL TWO DOT LEADER +FE31..FE32 ; NFKC_QC; N # Pd [2] PRESENTATION FORM FOR VERTICAL EM DASH..PRESENTATION FORM FOR VERTICAL EN DASH +FE33..FE34 ; NFKC_QC; N # Pc [2] PRESENTATION FORM FOR VERTICAL LOW LINE..PRESENTATION FORM FOR VERTICAL WAVY LOW LINE +FE35 ; NFKC_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT PARENTHESIS +FE36 ; NFKC_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT PARENTHESIS +FE37 ; NFKC_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT CURLY BRACKET +FE38 ; NFKC_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT CURLY BRACKET +FE39 ; NFKC_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT TORTOISE SHELL BRACKET +FE3A ; NFKC_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT TORTOISE SHELL BRACKET +FE3B ; NFKC_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT BLACK LENTICULAR BRACKET +FE3C ; NFKC_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT BLACK LENTICULAR BRACKET +FE3D ; NFKC_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT DOUBLE ANGLE BRACKET +FE3E ; NFKC_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT DOUBLE ANGLE BRACKET +FE3F ; NFKC_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT ANGLE BRACKET +FE40 ; NFKC_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT ANGLE BRACKET +FE41 ; NFKC_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT CORNER BRACKET +FE42 ; NFKC_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT CORNER BRACKET +FE43 ; NFKC_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT WHITE CORNER BRACKET +FE44 ; NFKC_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT WHITE CORNER BRACKET +FE47 ; NFKC_QC; N # Ps PRESENTATION FORM FOR VERTICAL LEFT SQUARE BRACKET +FE48 ; NFKC_QC; N # Pe PRESENTATION FORM FOR VERTICAL RIGHT SQUARE BRACKET +FE49..FE4C ; NFKC_QC; N # Po [4] DASHED OVERLINE..DOUBLE WAVY OVERLINE +FE4D..FE4F ; NFKC_QC; N # Pc [3] DASHED LOW LINE..WAVY LOW LINE +FE50..FE52 ; NFKC_QC; N # Po [3] SMALL COMMA..SMALL FULL STOP +FE54..FE57 ; NFKC_QC; N # Po [4] SMALL SEMICOLON..SMALL EXCLAMATION MARK +FE58 ; NFKC_QC; N # Pd SMALL EM DASH +FE59 ; NFKC_QC; N # Ps SMALL LEFT PARENTHESIS +FE5A ; NFKC_QC; N # Pe SMALL RIGHT PARENTHESIS +FE5B ; NFKC_QC; N # Ps SMALL LEFT CURLY BRACKET +FE5C ; NFKC_QC; N # Pe SMALL RIGHT CURLY BRACKET +FE5D ; NFKC_QC; N # Ps SMALL LEFT TORTOISE SHELL BRACKET +FE5E ; NFKC_QC; N # Pe SMALL RIGHT TORTOISE SHELL BRACKET +FE5F..FE61 ; NFKC_QC; N # Po [3] SMALL NUMBER SIGN..SMALL ASTERISK +FE62 ; NFKC_QC; N # Sm SMALL PLUS SIGN +FE63 ; NFKC_QC; N # Pd SMALL HYPHEN-MINUS +FE64..FE66 ; NFKC_QC; N # Sm [3] SMALL LESS-THAN SIGN..SMALL EQUALS SIGN +FE68 ; NFKC_QC; N # Po SMALL REVERSE SOLIDUS +FE69 ; NFKC_QC; N # Sc SMALL DOLLAR SIGN +FE6A..FE6B ; NFKC_QC; N # Po [2] SMALL PERCENT SIGN..SMALL COMMERCIAL AT +FE70..FE72 ; NFKC_QC; N # Lo [3] ARABIC FATHATAN ISOLATED FORM..ARABIC DAMMATAN ISOLATED FORM +FE74 ; NFKC_QC; N # Lo ARABIC KASRATAN ISOLATED FORM +FE76..FEFC ; NFKC_QC; N # Lo [135] ARABIC FATHA ISOLATED FORM..ARABIC LIGATURE LAM WITH ALEF FINAL FORM +FF01..FF03 ; NFKC_QC; N # Po [3] FULLWIDTH EXCLAMATION MARK..FULLWIDTH NUMBER SIGN +FF04 ; NFKC_QC; N # Sc FULLWIDTH DOLLAR SIGN +FF05..FF07 ; NFKC_QC; N # Po [3] FULLWIDTH PERCENT SIGN..FULLWIDTH APOSTROPHE +FF08 ; NFKC_QC; N # Ps FULLWIDTH LEFT PARENTHESIS +FF09 ; NFKC_QC; N # Pe FULLWIDTH RIGHT PARENTHESIS +FF0A ; NFKC_QC; N # Po FULLWIDTH ASTERISK +FF0B ; NFKC_QC; N # Sm FULLWIDTH PLUS SIGN +FF0C ; NFKC_QC; N # Po FULLWIDTH COMMA +FF0D ; NFKC_QC; N # Pd FULLWIDTH HYPHEN-MINUS +FF0E..FF0F ; NFKC_QC; N # Po [2] FULLWIDTH FULL STOP..FULLWIDTH SOLIDUS +FF10..FF19 ; NFKC_QC; N # Nd [10] FULLWIDTH DIGIT ZERO..FULLWIDTH DIGIT NINE +FF1A..FF1B ; NFKC_QC; N # Po [2] FULLWIDTH COLON..FULLWIDTH SEMICOLON +FF1C..FF1E ; NFKC_QC; N # Sm [3] FULLWIDTH LESS-THAN SIGN..FULLWIDTH GREATER-THAN SIGN +FF1F..FF20 ; NFKC_QC; N # Po [2] FULLWIDTH QUESTION MARK..FULLWIDTH COMMERCIAL AT +FF21..FF3A ; NFKC_QC; N # L& [26] FULLWIDTH LATIN CAPITAL LETTER A..FULLWIDTH LATIN CAPITAL LETTER Z +FF3B ; NFKC_QC; N # Ps FULLWIDTH LEFT SQUARE BRACKET +FF3C ; NFKC_QC; N # Po FULLWIDTH REVERSE SOLIDUS +FF3D ; NFKC_QC; N # Pe FULLWIDTH RIGHT SQUARE BRACKET +FF3E ; NFKC_QC; N # Sk FULLWIDTH CIRCUMFLEX ACCENT +FF3F ; NFKC_QC; N # Pc FULLWIDTH LOW LINE +FF40 ; NFKC_QC; N # Sk FULLWIDTH GRAVE ACCENT +FF41..FF5A ; NFKC_QC; N # L& [26] FULLWIDTH LATIN SMALL LETTER A..FULLWIDTH LATIN SMALL LETTER Z +FF5B ; NFKC_QC; N # Ps FULLWIDTH LEFT CURLY BRACKET +FF5C ; NFKC_QC; N # Sm FULLWIDTH VERTICAL LINE +FF5D ; NFKC_QC; N # Pe FULLWIDTH RIGHT CURLY BRACKET +FF5E ; NFKC_QC; N # Sm FULLWIDTH TILDE +FF5F ; NFKC_QC; N # Ps FULLWIDTH LEFT WHITE PARENTHESIS +FF60 ; NFKC_QC; N # Pe FULLWIDTH RIGHT WHITE PARENTHESIS +FF61 ; NFKC_QC; N # Po HALFWIDTH IDEOGRAPHIC FULL STOP +FF62 ; NFKC_QC; N # Ps HALFWIDTH LEFT CORNER BRACKET +FF63 ; NFKC_QC; N # Pe HALFWIDTH RIGHT CORNER BRACKET +FF64 ; NFKC_QC; N # Po HALFWIDTH IDEOGRAPHIC COMMA +FF65 ; NFKC_QC; N # Pc HALFWIDTH KATAKANA MIDDLE DOT +FF66..FF6F ; NFKC_QC; N # Lo [10] HALFWIDTH KATAKANA LETTER WO..HALFWIDTH KATAKANA LETTER SMALL TU +FF70 ; NFKC_QC; N # Lm HALFWIDTH KATAKANA-HIRAGANA PROLONGED SOUND MARK +FF71..FF9D ; NFKC_QC; N # Lo [45] HALFWIDTH KATAKANA LETTER A..HALFWIDTH KATAKANA LETTER N +FF9E..FF9F ; NFKC_QC; N # Lm [2] HALFWIDTH KATAKANA VOICED SOUND MARK..HALFWIDTH KATAKANA SEMI-VOICED SOUND MARK +FFA0..FFBE ; NFKC_QC; N # Lo [31] HALFWIDTH HANGUL FILLER..HALFWIDTH HANGUL LETTER HIEUH +FFC2..FFC7 ; NFKC_QC; N # Lo [6] HALFWIDTH HANGUL LETTER A..HALFWIDTH HANGUL LETTER E +FFCA..FFCF ; NFKC_QC; N # Lo [6] HALFWIDTH HANGUL LETTER YEO..HALFWIDTH HANGUL LETTER OE +FFD2..FFD7 ; NFKC_QC; N # Lo [6] HALFWIDTH HANGUL LETTER YO..HALFWIDTH HANGUL LETTER YU +FFDA..FFDC ; NFKC_QC; N # Lo [3] HALFWIDTH HANGUL LETTER EU..HALFWIDTH HANGUL LETTER I +FFE0..FFE1 ; NFKC_QC; N # Sc [2] FULLWIDTH CENT SIGN..FULLWIDTH POUND SIGN +FFE2 ; NFKC_QC; N # Sm FULLWIDTH NOT SIGN +FFE3 ; NFKC_QC; N # Sk FULLWIDTH MACRON +FFE4 ; NFKC_QC; N # So FULLWIDTH BROKEN BAR +FFE5..FFE6 ; NFKC_QC; N # Sc [2] FULLWIDTH YEN SIGN..FULLWIDTH WON SIGN +FFE8 ; NFKC_QC; N # So HALFWIDTH FORMS LIGHT VERTICAL +FFE9..FFEC ; NFKC_QC; N # Sm [4] HALFWIDTH LEFTWARDS ARROW..HALFWIDTH DOWNWARDS ARROW +FFED..FFEE ; NFKC_QC; N # So [2] HALFWIDTH BLACK SQUARE..HALFWIDTH WHITE CIRCLE +1D15E..1D164 ; NFKC_QC; N # So [7] MUSICAL SYMBOL HALF NOTE..MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE +1D1BB..1D1C0 ; NFKC_QC; N # So [6] MUSICAL SYMBOL MINIMA..MUSICAL SYMBOL FUSA BLACK +1D400..1D454 ; NFKC_QC; N # L& [85] MATHEMATICAL BOLD CAPITAL A..MATHEMATICAL ITALIC SMALL G +1D456..1D49C ; NFKC_QC; N # L& [71] MATHEMATICAL ITALIC SMALL I..MATHEMATICAL SCRIPT CAPITAL A +1D49E..1D49F ; NFKC_QC; N # L& [2] MATHEMATICAL SCRIPT CAPITAL C..MATHEMATICAL SCRIPT CAPITAL D +1D4A2 ; NFKC_QC; N # L& MATHEMATICAL SCRIPT CAPITAL G +1D4A5..1D4A6 ; NFKC_QC; N # L& [2] MATHEMATICAL SCRIPT CAPITAL J..MATHEMATICAL SCRIPT CAPITAL K +1D4A9..1D4AC ; NFKC_QC; N # L& [4] MATHEMATICAL SCRIPT CAPITAL N..MATHEMATICAL SCRIPT CAPITAL Q +1D4AE..1D4B9 ; NFKC_QC; N # L& [12] MATHEMATICAL SCRIPT CAPITAL S..MATHEMATICAL SCRIPT SMALL D +1D4BB ; NFKC_QC; N # L& MATHEMATICAL SCRIPT SMALL F +1D4BD..1D4C3 ; NFKC_QC; N # L& [7] MATHEMATICAL SCRIPT SMALL H..MATHEMATICAL SCRIPT SMALL N +1D4C5..1D505 ; NFKC_QC; N # L& [65] MATHEMATICAL SCRIPT SMALL P..MATHEMATICAL FRAKTUR CAPITAL B +1D507..1D50A ; NFKC_QC; N # L& [4] MATHEMATICAL FRAKTUR CAPITAL D..MATHEMATICAL FRAKTUR CAPITAL G +1D50D..1D514 ; NFKC_QC; N # L& [8] MATHEMATICAL FRAKTUR CAPITAL J..MATHEMATICAL FRAKTUR CAPITAL Q +1D516..1D51C ; NFKC_QC; N # L& [7] MATHEMATICAL FRAKTUR CAPITAL S..MATHEMATICAL FRAKTUR CAPITAL Y +1D51E..1D539 ; NFKC_QC; N # L& [28] MATHEMATICAL FRAKTUR SMALL A..MATHEMATICAL DOUBLE-STRUCK CAPITAL B +1D53B..1D53E ; NFKC_QC; N # L& [4] MATHEMATICAL DOUBLE-STRUCK CAPITAL D..MATHEMATICAL DOUBLE-STRUCK CAPITAL G +1D540..1D544 ; NFKC_QC; N # L& [5] MATHEMATICAL DOUBLE-STRUCK CAPITAL I..MATHEMATICAL DOUBLE-STRUCK CAPITAL M +1D546 ; NFKC_QC; N # L& MATHEMATICAL DOUBLE-STRUCK CAPITAL O +1D54A..1D550 ; NFKC_QC; N # L& [7] MATHEMATICAL DOUBLE-STRUCK CAPITAL S..MATHEMATICAL DOUBLE-STRUCK CAPITAL Y +1D552..1D6A3 ; NFKC_QC; N # L& [338] MATHEMATICAL DOUBLE-STRUCK SMALL A..MATHEMATICAL MONOSPACE SMALL Z +1D6A8..1D6C0 ; NFKC_QC; N # L& [25] MATHEMATICAL BOLD CAPITAL ALPHA..MATHEMATICAL BOLD CAPITAL OMEGA +1D6C1 ; NFKC_QC; N # Sm MATHEMATICAL BOLD NABLA +1D6C2..1D6DA ; NFKC_QC; N # L& [25] MATHEMATICAL BOLD SMALL ALPHA..MATHEMATICAL BOLD SMALL OMEGA +1D6DB ; NFKC_QC; N # Sm MATHEMATICAL BOLD PARTIAL DIFFERENTIAL +1D6DC..1D6FA ; NFKC_QC; N # L& [31] MATHEMATICAL BOLD EPSILON SYMBOL..MATHEMATICAL ITALIC CAPITAL OMEGA +1D6FB ; NFKC_QC; N # Sm MATHEMATICAL ITALIC NABLA +1D6FC..1D714 ; NFKC_QC; N # L& [25] MATHEMATICAL ITALIC SMALL ALPHA..MATHEMATICAL ITALIC SMALL OMEGA +1D715 ; NFKC_QC; N # Sm MATHEMATICAL ITALIC PARTIAL DIFFERENTIAL +1D716..1D734 ; NFKC_QC; N # L& [31] MATHEMATICAL ITALIC EPSILON SYMBOL..MATHEMATICAL BOLD ITALIC CAPITAL OMEGA +1D735 ; NFKC_QC; N # Sm MATHEMATICAL BOLD ITALIC NABLA +1D736..1D74E ; NFKC_QC; N # L& [25] MATHEMATICAL BOLD ITALIC SMALL ALPHA..MATHEMATICAL BOLD ITALIC SMALL OMEGA +1D74F ; NFKC_QC; N # Sm MATHEMATICAL BOLD ITALIC PARTIAL DIFFERENTIAL +1D750..1D76E ; NFKC_QC; N # L& [31] MATHEMATICAL BOLD ITALIC EPSILON SYMBOL..MATHEMATICAL SANS-SERIF BOLD CAPITAL OMEGA +1D76F ; NFKC_QC; N # Sm MATHEMATICAL SANS-SERIF BOLD NABLA +1D770..1D788 ; NFKC_QC; N # L& [25] MATHEMATICAL SANS-SERIF BOLD SMALL ALPHA..MATHEMATICAL SANS-SERIF BOLD SMALL OMEGA +1D789 ; NFKC_QC; N # Sm MATHEMATICAL SANS-SERIF BOLD PARTIAL DIFFERENTIAL +1D78A..1D7A8 ; NFKC_QC; N # L& [31] MATHEMATICAL SANS-SERIF BOLD EPSILON SYMBOL..MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMEGA +1D7A9 ; NFKC_QC; N # Sm MATHEMATICAL SANS-SERIF BOLD ITALIC NABLA +1D7AA..1D7C2 ; NFKC_QC; N # L& [25] MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ALPHA..MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMEGA +1D7C3 ; NFKC_QC; N # Sm MATHEMATICAL SANS-SERIF BOLD ITALIC PARTIAL DIFFERENTIAL +1D7C4..1D7C9 ; NFKC_QC; N # L& [6] MATHEMATICAL SANS-SERIF BOLD ITALIC EPSILON SYMBOL..MATHEMATICAL SANS-SERIF BOLD ITALIC PI SYMBOL +1D7CE..1D7FF ; NFKC_QC; N # Nd [50] MATHEMATICAL BOLD DIGIT ZERO..MATHEMATICAL MONOSPACE DIGIT NINE +2F800..2FA1D ; NFKC_QC; N # Lo [542] CJK COMPATIBILITY IDEOGRAPH-2F800..CJK COMPATIBILITY IDEOGRAPH-2FA1D + +# Total code points: 4319 + +# ================================================ + +# NFKC_Quick_Check=Maybe + +0300..0304 ; NFKC_QC; M # Mn [5] COMBINING GRAVE ACCENT..COMBINING MACRON +0306..030C ; NFKC_QC; M # Mn [7] COMBINING BREVE..COMBINING CARON +030F ; NFKC_QC; M # Mn COMBINING DOUBLE GRAVE ACCENT +0311 ; NFKC_QC; M # Mn COMBINING INVERTED BREVE +0313..0314 ; NFKC_QC; M # Mn [2] COMBINING COMMA ABOVE..COMBINING REVERSED COMMA ABOVE +031B ; NFKC_QC; M # Mn COMBINING HORN +0323..0328 ; NFKC_QC; M # Mn [6] COMBINING DOT BELOW..COMBINING OGONEK +032D..032E ; NFKC_QC; M # Mn [2] COMBINING CIRCUMFLEX ACCENT BELOW..COMBINING BREVE BELOW +0330..0331 ; NFKC_QC; M # Mn [2] COMBINING TILDE BELOW..COMBINING MACRON BELOW +0338 ; NFKC_QC; M # Mn COMBINING LONG SOLIDUS OVERLAY +0342 ; NFKC_QC; M # Mn COMBINING GREEK PERISPOMENI +0345 ; NFKC_QC; M # Mn COMBINING GREEK YPOGEGRAMMENI +0653..0655 ; NFKC_QC; M # Mn [3] ARABIC MADDAH ABOVE..ARABIC HAMZA BELOW +093C ; NFKC_QC; M # Mn DEVANAGARI SIGN NUKTA +09BE ; NFKC_QC; M # Mc BENGALI VOWEL SIGN AA +09D7 ; NFKC_QC; M # Mc BENGALI AU LENGTH MARK +0B3E ; NFKC_QC; M # Mc ORIYA VOWEL SIGN AA +0B56 ; NFKC_QC; M # Mn ORIYA AI LENGTH MARK +0B57 ; NFKC_QC; M # Mc ORIYA AU LENGTH MARK +0BBE ; NFKC_QC; M # Mc TAMIL VOWEL SIGN AA +0BD7 ; NFKC_QC; M # Mc TAMIL AU LENGTH MARK +0C56 ; NFKC_QC; M # Mn TELUGU AI LENGTH MARK +0CC2 ; NFKC_QC; M # Mc KANNADA VOWEL SIGN UU +0CD5..0CD6 ; NFKC_QC; M # Mc [2] KANNADA LENGTH MARK..KANNADA AI LENGTH MARK +0D3E ; NFKC_QC; M # Mc MALAYALAM VOWEL SIGN AA +0D57 ; NFKC_QC; M # Mc MALAYALAM AU LENGTH MARK +0DCA ; NFKC_QC; M # Mn SINHALA SIGN AL-LAKUNA +0DCF ; NFKC_QC; M # Mc SINHALA VOWEL SIGN AELA-PILLA +0DDF ; NFKC_QC; M # Mc SINHALA VOWEL SIGN GAYANUKITTA +102E ; NFKC_QC; M # Mn MYANMAR VOWEL SIGN II +1161..1175 ; NFKC_QC; M # Lo [21] HANGUL JUNGSEONG A..HANGUL JUNGSEONG I +11A8..11C2 ; NFKC_QC; M # Lo [27] HANGUL JONGSEONG KIYEOK..HANGUL JONGSEONG HIEUH +3099..309A ; NFKC_QC; M # Mn [2] COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK..COMBINING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK + +# Total code points: 101 + +# ================================================ + +# Derived Property: Expands_On_NFD +# Generated according to UAX #15. +# Characters whose normalized length is not one. +# WARNING: Normalization of STRINGS must use the algorithm in UAX #15 because characters may interact. +# The length of a normalized string is not necessarily the sum of the lengths of the normalized characters! + +00C0..00C5 ; Expands_On_NFD # L& [6] LATIN CAPITAL LETTER A WITH GRAVE..LATIN CAPITAL LETTER A WITH RING ABOVE +00C7..00CF ; Expands_On_NFD # L& [9] LATIN CAPITAL LETTER C WITH CEDILLA..LATIN CAPITAL LETTER I WITH DIAERESIS +00D1..00D6 ; Expands_On_NFD # L& [6] LATIN CAPITAL LETTER N WITH TILDE..LATIN CAPITAL LETTER O WITH DIAERESIS +00D9..00DD ; Expands_On_NFD # L& [5] LATIN CAPITAL LETTER U WITH GRAVE..LATIN CAPITAL LETTER Y WITH ACUTE +00E0..00E5 ; Expands_On_NFD # L& [6] LATIN SMALL LETTER A WITH GRAVE..LATIN SMALL LETTER A WITH RING ABOVE +00E7..00EF ; Expands_On_NFD # L& [9] LATIN SMALL LETTER C WITH CEDILLA..LATIN SMALL LETTER I WITH DIAERESIS +00F1..00F6 ; Expands_On_NFD # L& [6] LATIN SMALL LETTER N WITH TILDE..LATIN SMALL LETTER O WITH DIAERESIS +00F9..00FD ; Expands_On_NFD # L& [5] LATIN SMALL LETTER U WITH GRAVE..LATIN SMALL LETTER Y WITH ACUTE +00FF..010F ; Expands_On_NFD # L& [17] LATIN SMALL LETTER Y WITH DIAERESIS..LATIN SMALL LETTER D WITH CARON +0112..0125 ; Expands_On_NFD # L& [20] LATIN CAPITAL LETTER E WITH MACRON..LATIN SMALL LETTER H WITH CIRCUMFLEX +0128..0130 ; Expands_On_NFD # L& [9] LATIN CAPITAL LETTER I WITH TILDE..LATIN CAPITAL LETTER I WITH DOT ABOVE +0134..0137 ; Expands_On_NFD # L& [4] LATIN CAPITAL LETTER J WITH CIRCUMFLEX..LATIN SMALL LETTER K WITH CEDILLA +0139..013E ; Expands_On_NFD # L& [6] LATIN CAPITAL LETTER L WITH ACUTE..LATIN SMALL LETTER L WITH CARON +0143..0148 ; Expands_On_NFD # L& [6] LATIN CAPITAL LETTER N WITH ACUTE..LATIN SMALL LETTER N WITH CARON +014C..0151 ; Expands_On_NFD # L& [6] LATIN CAPITAL LETTER O WITH MACRON..LATIN SMALL LETTER O WITH DOUBLE ACUTE +0154..0165 ; Expands_On_NFD # L& [18] LATIN CAPITAL LETTER R WITH ACUTE..LATIN SMALL LETTER T WITH CARON +0168..017E ; Expands_On_NFD # L& [23] LATIN CAPITAL LETTER U WITH TILDE..LATIN SMALL LETTER Z WITH CARON +01A0..01A1 ; Expands_On_NFD # L& [2] LATIN CAPITAL LETTER O WITH HORN..LATIN SMALL LETTER O WITH HORN +01AF..01B0 ; Expands_On_NFD # L& [2] LATIN CAPITAL LETTER U WITH HORN..LATIN SMALL LETTER U WITH HORN +01CD..01DC ; Expands_On_NFD # L& [16] LATIN CAPITAL LETTER A WITH CARON..LATIN SMALL LETTER U WITH DIAERESIS AND GRAVE +01DE..01E3 ; Expands_On_NFD # L& [6] LATIN CAPITAL LETTER A WITH DIAERESIS AND MACRON..LATIN SMALL LETTER AE WITH MACRON +01E6..01F0 ; Expands_On_NFD # L& [11] LATIN CAPITAL LETTER G WITH CARON..LATIN SMALL LETTER J WITH CARON +01F4..01F5 ; Expands_On_NFD # L& [2] LATIN CAPITAL LETTER G WITH ACUTE..LATIN SMALL LETTER G WITH ACUTE +01F8..021B ; Expands_On_NFD # L& [36] LATIN CAPITAL LETTER N WITH GRAVE..LATIN SMALL LETTER T WITH COMMA BELOW +021E..021F ; Expands_On_NFD # L& [2] LATIN CAPITAL LETTER H WITH CARON..LATIN SMALL LETTER H WITH CARON +0226..0233 ; Expands_On_NFD # L& [14] LATIN CAPITAL LETTER A WITH DOT ABOVE..LATIN SMALL LETTER Y WITH MACRON +0344 ; Expands_On_NFD # Mn COMBINING GREEK DIALYTIKA TONOS +0385 ; Expands_On_NFD # Sk GREEK DIALYTIKA TONOS +0386 ; Expands_On_NFD # L& GREEK CAPITAL LETTER ALPHA WITH TONOS +0388..038A ; Expands_On_NFD # L& [3] GREEK CAPITAL LETTER EPSILON WITH TONOS..GREEK CAPITAL LETTER IOTA WITH TONOS +038C ; Expands_On_NFD # L& GREEK CAPITAL LETTER OMICRON WITH TONOS +038E..0390 ; Expands_On_NFD # L& [3] GREEK CAPITAL LETTER UPSILON WITH TONOS..GREEK SMALL LETTER IOTA WITH DIALYTIKA AND TONOS +03AA..03B0 ; Expands_On_NFD # L& [7] GREEK CAPITAL LETTER IOTA WITH DIALYTIKA..GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND TONOS +03CA..03CE ; Expands_On_NFD # L& [5] GREEK SMALL LETTER IOTA WITH DIALYTIKA..GREEK SMALL LETTER OMEGA WITH TONOS +03D3..03D4 ; Expands_On_NFD # L& [2] GREEK UPSILON WITH ACUTE AND HOOK SYMBOL..GREEK UPSILON WITH DIAERESIS AND HOOK SYMBOL +0400..0401 ; Expands_On_NFD # L& [2] CYRILLIC CAPITAL LETTER IE WITH GRAVE..CYRILLIC CAPITAL LETTER IO +0403 ; Expands_On_NFD # L& CYRILLIC CAPITAL LETTER GJE +0407 ; Expands_On_NFD # L& CYRILLIC CAPITAL LETTER YI +040C..040E ; Expands_On_NFD # L& [3] CYRILLIC CAPITAL LETTER KJE..CYRILLIC CAPITAL LETTER SHORT U +0419 ; Expands_On_NFD # L& CYRILLIC CAPITAL LETTER SHORT I +0439 ; Expands_On_NFD # L& CYRILLIC SMALL LETTER SHORT I +0450..0451 ; Expands_On_NFD # L& [2] CYRILLIC SMALL LETTER IE WITH GRAVE..CYRILLIC SMALL LETTER IO +0453 ; Expands_On_NFD # L& CYRILLIC SMALL LETTER GJE +0457 ; Expands_On_NFD # L& CYRILLIC SMALL LETTER YI +045C..045E ; Expands_On_NFD # L& [3] CYRILLIC SMALL LETTER KJE..CYRILLIC SMALL LETTER SHORT U +0476..0477 ; Expands_On_NFD # L& [2] CYRILLIC CAPITAL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT..CYRILLIC SMALL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT +04C1..04C2 ; Expands_On_NFD # L& [2] CYRILLIC CAPITAL LETTER ZHE WITH BREVE..CYRILLIC SMALL LETTER ZHE WITH BREVE +04D0..04D3 ; Expands_On_NFD # L& [4] CYRILLIC CAPITAL LETTER A WITH BREVE..CYRILLIC SMALL LETTER A WITH DIAERESIS +04D6..04D7 ; Expands_On_NFD # L& [2] CYRILLIC CAPITAL LETTER IE WITH BREVE..CYRILLIC SMALL LETTER IE WITH BREVE +04DA..04DF ; Expands_On_NFD # L& [6] CYRILLIC CAPITAL LETTER SCHWA WITH DIAERESIS..CYRILLIC SMALL LETTER ZE WITH DIAERESIS +04E2..04E7 ; Expands_On_NFD # L& [6] CYRILLIC CAPITAL LETTER I WITH MACRON..CYRILLIC SMALL LETTER O WITH DIAERESIS +04EA..04F5 ; Expands_On_NFD # L& [12] CYRILLIC CAPITAL LETTER BARRED O WITH DIAERESIS..CYRILLIC SMALL LETTER CHE WITH DIAERESIS +04F8..04F9 ; Expands_On_NFD # L& [2] CYRILLIC CAPITAL LETTER YERU WITH DIAERESIS..CYRILLIC SMALL LETTER YERU WITH DIAERESIS +0622..0626 ; Expands_On_NFD # Lo [5] ARABIC LETTER ALEF WITH MADDA ABOVE..ARABIC LETTER YEH WITH HAMZA ABOVE +06C0 ; Expands_On_NFD # Lo ARABIC LETTER HEH WITH YEH ABOVE +06C2 ; Expands_On_NFD # Lo ARABIC LETTER HEH GOAL WITH HAMZA ABOVE +06D3 ; Expands_On_NFD # Lo ARABIC LETTER YEH BARREE WITH HAMZA ABOVE +0929 ; Expands_On_NFD # Lo DEVANAGARI LETTER NNNA +0931 ; Expands_On_NFD # Lo DEVANAGARI LETTER RRA +0934 ; Expands_On_NFD # Lo DEVANAGARI LETTER LLLA +0958..095F ; Expands_On_NFD # Lo [8] DEVANAGARI LETTER QA..DEVANAGARI LETTER YYA +09CB..09CC ; Expands_On_NFD # Mc [2] BENGALI VOWEL SIGN O..BENGALI VOWEL SIGN AU +09DC..09DD ; Expands_On_NFD # Lo [2] BENGALI LETTER RRA..BENGALI LETTER RHA +09DF ; Expands_On_NFD # Lo BENGALI LETTER YYA +0A33 ; Expands_On_NFD # Lo GURMUKHI LETTER LLA +0A36 ; Expands_On_NFD # Lo GURMUKHI LETTER SHA +0A59..0A5B ; Expands_On_NFD # Lo [3] GURMUKHI LETTER KHHA..GURMUKHI LETTER ZA +0A5E ; Expands_On_NFD # Lo GURMUKHI LETTER FA +0B48 ; Expands_On_NFD # Mc ORIYA VOWEL SIGN AI +0B4B..0B4C ; Expands_On_NFD # Mc [2] ORIYA VOWEL SIGN O..ORIYA VOWEL SIGN AU +0B5C..0B5D ; Expands_On_NFD # Lo [2] ORIYA LETTER RRA..ORIYA LETTER RHA +0B94 ; Expands_On_NFD # Lo TAMIL LETTER AU +0BCA..0BCC ; Expands_On_NFD # Mc [3] TAMIL VOWEL SIGN O..TAMIL VOWEL SIGN AU +0C48 ; Expands_On_NFD # Mn TELUGU VOWEL SIGN AI +0CC0 ; Expands_On_NFD # Mc KANNADA VOWEL SIGN II +0CC7..0CC8 ; Expands_On_NFD # Mc [2] KANNADA VOWEL SIGN EE..KANNADA VOWEL SIGN AI +0CCA..0CCB ; Expands_On_NFD # Mc [2] KANNADA VOWEL SIGN O..KANNADA VOWEL SIGN OO +0D4A..0D4C ; Expands_On_NFD # Mc [3] MALAYALAM VOWEL SIGN O..MALAYALAM VOWEL SIGN AU +0DDA ; Expands_On_NFD # Mc SINHALA VOWEL SIGN DIGA KOMBUVA +0DDC..0DDE ; Expands_On_NFD # Mc [3] SINHALA VOWEL SIGN KOMBUVA HAA AELA-PILLA..SINHALA VOWEL SIGN KOMBUVA HAA GAYANUKITTA +0F43 ; Expands_On_NFD # Lo TIBETAN LETTER GHA +0F4D ; Expands_On_NFD # Lo TIBETAN LETTER DDHA +0F52 ; Expands_On_NFD # Lo TIBETAN LETTER DHA +0F57 ; Expands_On_NFD # Lo TIBETAN LETTER BHA +0F5C ; Expands_On_NFD # Lo TIBETAN LETTER DZHA +0F69 ; Expands_On_NFD # Lo TIBETAN LETTER KSSA +0F73 ; Expands_On_NFD # Mn TIBETAN VOWEL SIGN II +0F75..0F76 ; Expands_On_NFD # Mn [2] TIBETAN VOWEL SIGN UU..TIBETAN VOWEL SIGN VOCALIC R +0F78 ; Expands_On_NFD # Mn TIBETAN VOWEL SIGN VOCALIC L +0F81 ; Expands_On_NFD # Mn TIBETAN VOWEL SIGN REVERSED II +0F93 ; Expands_On_NFD # Mn TIBETAN SUBJOINED LETTER GHA +0F9D ; Expands_On_NFD # Mn TIBETAN SUBJOINED LETTER DDHA +0FA2 ; Expands_On_NFD # Mn TIBETAN SUBJOINED LETTER DHA +0FA7 ; Expands_On_NFD # Mn TIBETAN SUBJOINED LETTER BHA +0FAC ; Expands_On_NFD # Mn TIBETAN SUBJOINED LETTER DZHA +0FB9 ; Expands_On_NFD # Mn TIBETAN SUBJOINED LETTER KSSA +1026 ; Expands_On_NFD # Lo MYANMAR LETTER UU +1E00..1E99 ; Expands_On_NFD # L& [154] LATIN CAPITAL LETTER A WITH RING BELOW..LATIN SMALL LETTER Y WITH RING ABOVE +1E9B ; Expands_On_NFD # L& LATIN SMALL LETTER LONG S WITH DOT ABOVE +1EA0..1EF9 ; Expands_On_NFD # L& [90] LATIN CAPITAL LETTER A WITH DOT BELOW..LATIN SMALL LETTER Y WITH TILDE +1F00..1F15 ; Expands_On_NFD # L& [22] GREEK SMALL LETTER ALPHA WITH PSILI..GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA +1F18..1F1D ; Expands_On_NFD # L& [6] GREEK CAPITAL LETTER EPSILON WITH PSILI..GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA +1F20..1F45 ; Expands_On_NFD # L& [38] GREEK SMALL LETTER ETA WITH PSILI..GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA +1F48..1F4D ; Expands_On_NFD # L& [6] GREEK CAPITAL LETTER OMICRON WITH PSILI..GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA +1F50..1F57 ; Expands_On_NFD # L& [8] GREEK SMALL LETTER UPSILON WITH PSILI..GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI +1F59 ; Expands_On_NFD # L& GREEK CAPITAL LETTER UPSILON WITH DASIA +1F5B ; Expands_On_NFD # L& GREEK CAPITAL LETTER UPSILON WITH DASIA AND VARIA +1F5D ; Expands_On_NFD # L& GREEK CAPITAL LETTER UPSILON WITH DASIA AND OXIA +1F5F..1F7D ; Expands_On_NFD # L& [31] GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI..GREEK SMALL LETTER OMEGA WITH OXIA +1F80..1FB4 ; Expands_On_NFD # L& [53] GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI..GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI +1FB6..1FBC ; Expands_On_NFD # L& [7] GREEK SMALL LETTER ALPHA WITH PERISPOMENI..GREEK CAPITAL LETTER ALPHA WITH PROSGEGRAMMENI +1FC1 ; Expands_On_NFD # Sk GREEK DIALYTIKA AND PERISPOMENI +1FC2..1FC4 ; Expands_On_NFD # L& [3] GREEK SMALL LETTER ETA WITH VARIA AND YPOGEGRAMMENI..GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI +1FC6..1FCC ; Expands_On_NFD # L& [7] GREEK SMALL LETTER ETA WITH PERISPOMENI..GREEK CAPITAL LETTER ETA WITH PROSGEGRAMMENI +1FCD..1FCF ; Expands_On_NFD # Sk [3] GREEK PSILI AND VARIA..GREEK PSILI AND PERISPOMENI +1FD0..1FD3 ; Expands_On_NFD # L& [4] GREEK SMALL LETTER IOTA WITH VRACHY..GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA +1FD6..1FDB ; Expands_On_NFD # L& [6] GREEK SMALL LETTER IOTA WITH PERISPOMENI..GREEK CAPITAL LETTER IOTA WITH OXIA +1FDD..1FDF ; Expands_On_NFD # Sk [3] GREEK DASIA AND VARIA..GREEK DASIA AND PERISPOMENI +1FE0..1FEC ; Expands_On_NFD # L& [13] GREEK SMALL LETTER UPSILON WITH VRACHY..GREEK CAPITAL LETTER RHO WITH DASIA +1FED..1FEE ; Expands_On_NFD # Sk [2] GREEK DIALYTIKA AND VARIA..GREEK DIALYTIKA AND OXIA +1FF2..1FF4 ; Expands_On_NFD # L& [3] GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI..GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI +1FF6..1FFC ; Expands_On_NFD # L& [7] GREEK SMALL LETTER OMEGA WITH PERISPOMENI..GREEK CAPITAL LETTER OMEGA WITH PROSGEGRAMMENI +212B ; Expands_On_NFD # L& ANGSTROM SIGN +219A..219B ; Expands_On_NFD # Sm [2] LEFTWARDS ARROW WITH STROKE..RIGHTWARDS ARROW WITH STROKE +21AE ; Expands_On_NFD # Sm LEFT RIGHT ARROW WITH STROKE +21CD ; Expands_On_NFD # So LEFTWARDS DOUBLE ARROW WITH STROKE +21CE..21CF ; Expands_On_NFD # Sm [2] LEFT RIGHT DOUBLE ARROW WITH STROKE..RIGHTWARDS DOUBLE ARROW WITH STROKE +2204 ; Expands_On_NFD # Sm THERE DOES NOT EXIST +2209 ; Expands_On_NFD # Sm NOT AN ELEMENT OF +220C ; Expands_On_NFD # Sm DOES NOT CONTAIN AS MEMBER +2224 ; Expands_On_NFD # Sm DOES NOT DIVIDE +2226 ; Expands_On_NFD # Sm NOT PARALLEL TO +2241 ; Expands_On_NFD # Sm NOT TILDE +2244 ; Expands_On_NFD # Sm NOT ASYMPTOTICALLY EQUAL TO +2247 ; Expands_On_NFD # Sm NEITHER APPROXIMATELY NOR ACTUALLY EQUAL TO +2249 ; Expands_On_NFD # Sm NOT ALMOST EQUAL TO +2260 ; Expands_On_NFD # Sm NOT EQUAL TO +2262 ; Expands_On_NFD # Sm NOT IDENTICAL TO +226D..2271 ; Expands_On_NFD # Sm [5] NOT EQUIVALENT TO..NEITHER GREATER-THAN NOR EQUAL TO +2274..2275 ; Expands_On_NFD # Sm [2] NEITHER LESS-THAN NOR EQUIVALENT TO..NEITHER GREATER-THAN NOR EQUIVALENT TO +2278..2279 ; Expands_On_NFD # Sm [2] NEITHER LESS-THAN NOR GREATER-THAN..NEITHER GREATER-THAN NOR LESS-THAN +2280..2281 ; Expands_On_NFD # Sm [2] DOES NOT PRECEDE..DOES NOT SUCCEED +2284..2285 ; Expands_On_NFD # Sm [2] NOT A SUBSET OF..NOT A SUPERSET OF +2288..2289 ; Expands_On_NFD # Sm [2] NEITHER A SUBSET OF NOR EQUAL TO..NEITHER A SUPERSET OF NOR EQUAL TO +22AC..22AF ; Expands_On_NFD # Sm [4] DOES NOT PROVE..NEGATED DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE +22E0..22E3 ; Expands_On_NFD # Sm [4] DOES NOT PRECEDE OR EQUAL..NOT SQUARE ORIGINAL OF OR EQUAL TO +22EA..22ED ; Expands_On_NFD # Sm [4] NOT NORMAL SUBGROUP OF..DOES NOT CONTAIN AS NORMAL SUBGROUP OR EQUAL +2ADC ; Expands_On_NFD # Sm FORKING +304C ; Expands_On_NFD # Lo HIRAGANA LETTER GA +304E ; Expands_On_NFD # Lo HIRAGANA LETTER GI +3050 ; Expands_On_NFD # Lo HIRAGANA LETTER GU +3052 ; Expands_On_NFD # Lo HIRAGANA LETTER GE +3054 ; Expands_On_NFD # Lo HIRAGANA LETTER GO +3056 ; Expands_On_NFD # Lo HIRAGANA LETTER ZA +3058 ; Expands_On_NFD # Lo HIRAGANA LETTER ZI +305A ; Expands_On_NFD # Lo HIRAGANA LETTER ZU +305C ; Expands_On_NFD # Lo HIRAGANA LETTER ZE +305E ; Expands_On_NFD # Lo HIRAGANA LETTER ZO +3060 ; Expands_On_NFD # Lo HIRAGANA LETTER DA +3062 ; Expands_On_NFD # Lo HIRAGANA LETTER DI +3065 ; Expands_On_NFD # Lo HIRAGANA LETTER DU +3067 ; Expands_On_NFD # Lo HIRAGANA LETTER DE +3069 ; Expands_On_NFD # Lo HIRAGANA LETTER DO +3070..3071 ; Expands_On_NFD # Lo [2] HIRAGANA LETTER BA..HIRAGANA LETTER PA +3073..3074 ; Expands_On_NFD # Lo [2] HIRAGANA LETTER BI..HIRAGANA LETTER PI +3076..3077 ; Expands_On_NFD # Lo [2] HIRAGANA LETTER BU..HIRAGANA LETTER PU +3079..307A ; Expands_On_NFD # Lo [2] HIRAGANA LETTER BE..HIRAGANA LETTER PE +307C..307D ; Expands_On_NFD # Lo [2] HIRAGANA LETTER BO..HIRAGANA LETTER PO +3094 ; Expands_On_NFD # Lo HIRAGANA LETTER VU +309E ; Expands_On_NFD # Lm HIRAGANA VOICED ITERATION MARK +30AC ; Expands_On_NFD # Lo KATAKANA LETTER GA +30AE ; Expands_On_NFD # Lo KATAKANA LETTER GI +30B0 ; Expands_On_NFD # Lo KATAKANA LETTER GU +30B2 ; Expands_On_NFD # Lo KATAKANA LETTER GE +30B4 ; Expands_On_NFD # Lo KATAKANA LETTER GO +30B6 ; Expands_On_NFD # Lo KATAKANA LETTER ZA +30B8 ; Expands_On_NFD # Lo KATAKANA LETTER ZI +30BA ; Expands_On_NFD # Lo KATAKANA LETTER ZU +30BC ; Expands_On_NFD # Lo KATAKANA LETTER ZE +30BE ; Expands_On_NFD # Lo KATAKANA LETTER ZO +30C0 ; Expands_On_NFD # Lo KATAKANA LETTER DA +30C2 ; Expands_On_NFD # Lo KATAKANA LETTER DI +30C5 ; Expands_On_NFD # Lo KATAKANA LETTER DU +30C7 ; Expands_On_NFD # Lo KATAKANA LETTER DE +30C9 ; Expands_On_NFD # Lo KATAKANA LETTER DO +30D0..30D1 ; Expands_On_NFD # Lo [2] KATAKANA LETTER BA..KATAKANA LETTER PA +30D3..30D4 ; Expands_On_NFD # Lo [2] KATAKANA LETTER BI..KATAKANA LETTER PI +30D6..30D7 ; Expands_On_NFD # Lo [2] KATAKANA LETTER BU..KATAKANA LETTER PU +30D9..30DA ; Expands_On_NFD # Lo [2] KATAKANA LETTER BE..KATAKANA LETTER PE +30DC..30DD ; Expands_On_NFD # Lo [2] KATAKANA LETTER BO..KATAKANA LETTER PO +30F4 ; Expands_On_NFD # Lo KATAKANA LETTER VU +30F7..30FA ; Expands_On_NFD # Lo [4] KATAKANA LETTER VA..KATAKANA LETTER VO +30FE ; Expands_On_NFD # Lm KATAKANA VOICED ITERATION MARK +AC00..D7A3 ; Expands_On_NFD # Lo [11172] HANGUL SYLLABLE GA..HANGUL SYLLABLE HIH +FB1D ; Expands_On_NFD # Lo HEBREW LETTER YOD WITH HIRIQ +FB1F ; Expands_On_NFD # Lo HEBREW LIGATURE YIDDISH YOD YOD PATAH +FB2A..FB36 ; Expands_On_NFD # Lo [13] HEBREW LETTER SHIN WITH SHIN DOT..HEBREW LETTER ZAYIN WITH DAGESH +FB38..FB3C ; Expands_On_NFD # Lo [5] HEBREW LETTER TET WITH DAGESH..HEBREW LETTER LAMED WITH DAGESH +FB3E ; Expands_On_NFD # Lo HEBREW LETTER MEM WITH DAGESH +FB40..FB41 ; Expands_On_NFD # Lo [2] HEBREW LETTER NUN WITH DAGESH..HEBREW LETTER SAMEKH WITH DAGESH +FB43..FB44 ; Expands_On_NFD # Lo [2] HEBREW LETTER FINAL PE WITH DAGESH..HEBREW LETTER PE WITH DAGESH +FB46..FB4E ; Expands_On_NFD # Lo [9] HEBREW LETTER TSADI WITH DAGESH..HEBREW LETTER PE WITH RAFE +1D15E..1D164 ; Expands_On_NFD # So [7] MUSICAL SYMBOL HALF NOTE..MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE +1D1BB..1D1C0 ; Expands_On_NFD # So [6] MUSICAL SYMBOL MINIMA..MUSICAL SYMBOL FUSA BLACK + +# Total code points: 12192 + +# ================================================ + +# Derived Property: Expands_On_NFC +# Generated according to UAX #15. +# Characters whose normalized length is not one. +# WARNING: Normalization of STRINGS must use the algorithm in UAX #15 because characters may interact. +# The length of a normalized string is not necessarily the sum of the lengths of the normalized characters! + +0344 ; Expands_On_NFC # Mn COMBINING GREEK DIALYTIKA TONOS +0958..095F ; Expands_On_NFC # Lo [8] DEVANAGARI LETTER QA..DEVANAGARI LETTER YYA +09DC..09DD ; Expands_On_NFC # Lo [2] BENGALI LETTER RRA..BENGALI LETTER RHA +09DF ; Expands_On_NFC # Lo BENGALI LETTER YYA +0A33 ; Expands_On_NFC # Lo GURMUKHI LETTER LLA +0A36 ; Expands_On_NFC # Lo GURMUKHI LETTER SHA +0A59..0A5B ; Expands_On_NFC # Lo [3] GURMUKHI LETTER KHHA..GURMUKHI LETTER ZA +0A5E ; Expands_On_NFC # Lo GURMUKHI LETTER FA +0B5C..0B5D ; Expands_On_NFC # Lo [2] ORIYA LETTER RRA..ORIYA LETTER RHA +0F43 ; Expands_On_NFC # Lo TIBETAN LETTER GHA +0F4D ; Expands_On_NFC # Lo TIBETAN LETTER DDHA +0F52 ; Expands_On_NFC # Lo TIBETAN LETTER DHA +0F57 ; Expands_On_NFC # Lo TIBETAN LETTER BHA +0F5C ; Expands_On_NFC # Lo TIBETAN LETTER DZHA +0F69 ; Expands_On_NFC # Lo TIBETAN LETTER KSSA +0F73 ; Expands_On_NFC # Mn TIBETAN VOWEL SIGN II +0F75..0F76 ; Expands_On_NFC # Mn [2] TIBETAN VOWEL SIGN UU..TIBETAN VOWEL SIGN VOCALIC R +0F78 ; Expands_On_NFC # Mn TIBETAN VOWEL SIGN VOCALIC L +0F81 ; Expands_On_NFC # Mn TIBETAN VOWEL SIGN REVERSED II +0F93 ; Expands_On_NFC # Mn TIBETAN SUBJOINED LETTER GHA +0F9D ; Expands_On_NFC # Mn TIBETAN SUBJOINED LETTER DDHA +0FA2 ; Expands_On_NFC # Mn TIBETAN SUBJOINED LETTER DHA +0FA7 ; Expands_On_NFC # Mn TIBETAN SUBJOINED LETTER BHA +0FAC ; Expands_On_NFC # Mn TIBETAN SUBJOINED LETTER DZHA +0FB9 ; Expands_On_NFC # Mn TIBETAN SUBJOINED LETTER KSSA +2ADC ; Expands_On_NFC # Sm FORKING +FB1D ; Expands_On_NFC # Lo HEBREW LETTER YOD WITH HIRIQ +FB1F ; Expands_On_NFC # Lo HEBREW LIGATURE YIDDISH YOD YOD PATAH +FB2A..FB36 ; Expands_On_NFC # Lo [13] HEBREW LETTER SHIN WITH SHIN DOT..HEBREW LETTER ZAYIN WITH DAGESH +FB38..FB3C ; Expands_On_NFC # Lo [5] HEBREW LETTER TET WITH DAGESH..HEBREW LETTER LAMED WITH DAGESH +FB3E ; Expands_On_NFC # Lo HEBREW LETTER MEM WITH DAGESH +FB40..FB41 ; Expands_On_NFC # Lo [2] HEBREW LETTER NUN WITH DAGESH..HEBREW LETTER SAMEKH WITH DAGESH +FB43..FB44 ; Expands_On_NFC # Lo [2] HEBREW LETTER FINAL PE WITH DAGESH..HEBREW LETTER PE WITH DAGESH +FB46..FB4E ; Expands_On_NFC # Lo [9] HEBREW LETTER TSADI WITH DAGESH..HEBREW LETTER PE WITH RAFE +1D15E..1D164 ; Expands_On_NFC # So [7] MUSICAL SYMBOL HALF NOTE..MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE +1D1BB..1D1C0 ; Expands_On_NFC # So [6] MUSICAL SYMBOL MINIMA..MUSICAL SYMBOL FUSA BLACK + +# Total code points: 85 + +# ================================================ + +# Derived Property: Expands_On_NFKD +# Generated according to UAX #15. +# Characters whose normalized length is not one. +# WARNING: Normalization of STRINGS must use the algorithm in UAX #15 because characters may interact. +# The length of a normalized string is not necessarily the sum of the lengths of the normalized characters! + +00A8 ; Expands_On_NFKD # Sk DIAERESIS +00AF ; Expands_On_NFKD # Sk MACRON +00B4 ; Expands_On_NFKD # Sk ACUTE ACCENT +00B8 ; Expands_On_NFKD # Sk CEDILLA +00BC..00BE ; Expands_On_NFKD # No [3] VULGAR FRACTION ONE QUARTER..VULGAR FRACTION THREE QUARTERS +00C0..00C5 ; Expands_On_NFKD # L& [6] LATIN CAPITAL LETTER A WITH GRAVE..LATIN CAPITAL LETTER A WITH RING ABOVE +00C7..00CF ; Expands_On_NFKD # L& [9] LATIN CAPITAL LETTER C WITH CEDILLA..LATIN CAPITAL LETTER I WITH DIAERESIS +00D1..00D6 ; Expands_On_NFKD # L& [6] LATIN CAPITAL LETTER N WITH TILDE..LATIN CAPITAL LETTER O WITH DIAERESIS +00D9..00DD ; Expands_On_NFKD # L& [5] LATIN CAPITAL LETTER U WITH GRAVE..LATIN CAPITAL LETTER Y WITH ACUTE +00E0..00E5 ; Expands_On_NFKD # L& [6] LATIN SMALL LETTER A WITH GRAVE..LATIN SMALL LETTER A WITH RING ABOVE +00E7..00EF ; Expands_On_NFKD # L& [9] LATIN SMALL LETTER C WITH CEDILLA..LATIN SMALL LETTER I WITH DIAERESIS +00F1..00F6 ; Expands_On_NFKD # L& [6] LATIN SMALL LETTER N WITH TILDE..LATIN SMALL LETTER O WITH DIAERESIS +00F9..00FD ; Expands_On_NFKD # L& [5] LATIN SMALL LETTER U WITH GRAVE..LATIN SMALL LETTER Y WITH ACUTE +00FF..010F ; Expands_On_NFKD # L& [17] LATIN SMALL LETTER Y WITH DIAERESIS..LATIN SMALL LETTER D WITH CARON +0112..0125 ; Expands_On_NFKD # L& [20] LATIN CAPITAL LETTER E WITH MACRON..LATIN SMALL LETTER H WITH CIRCUMFLEX +0128..0130 ; Expands_On_NFKD # L& [9] LATIN CAPITAL LETTER I WITH TILDE..LATIN CAPITAL LETTER I WITH DOT ABOVE +0132..0137 ; Expands_On_NFKD # L& [6] LATIN CAPITAL LIGATURE IJ..LATIN SMALL LETTER K WITH CEDILLA +0139..0140 ; Expands_On_NFKD # L& [8] LATIN CAPITAL LETTER L WITH ACUTE..LATIN SMALL LETTER L WITH MIDDLE DOT +0143..0149 ; Expands_On_NFKD # L& [7] LATIN CAPITAL LETTER N WITH ACUTE..LATIN SMALL LETTER N PRECEDED BY APOSTROPHE +014C..0151 ; Expands_On_NFKD # L& [6] LATIN CAPITAL LETTER O WITH MACRON..LATIN SMALL LETTER O WITH DOUBLE ACUTE +0154..0165 ; Expands_On_NFKD # L& [18] LATIN CAPITAL LETTER R WITH ACUTE..LATIN SMALL LETTER T WITH CARON +0168..017E ; Expands_On_NFKD # L& [23] LATIN CAPITAL LETTER U WITH TILDE..LATIN SMALL LETTER Z WITH CARON +01A0..01A1 ; Expands_On_NFKD # L& [2] LATIN CAPITAL LETTER O WITH HORN..LATIN SMALL LETTER O WITH HORN +01AF..01B0 ; Expands_On_NFKD # L& [2] LATIN CAPITAL LETTER U WITH HORN..LATIN SMALL LETTER U WITH HORN +01C4..01DC ; Expands_On_NFKD # L& [25] LATIN CAPITAL LETTER DZ WITH CARON..LATIN SMALL LETTER U WITH DIAERESIS AND GRAVE +01DE..01E3 ; Expands_On_NFKD # L& [6] LATIN CAPITAL LETTER A WITH DIAERESIS AND MACRON..LATIN SMALL LETTER AE WITH MACRON +01E6..01F5 ; Expands_On_NFKD # L& [16] LATIN CAPITAL LETTER G WITH CARON..LATIN SMALL LETTER G WITH ACUTE +01F8..021B ; Expands_On_NFKD # L& [36] LATIN CAPITAL LETTER N WITH GRAVE..LATIN SMALL LETTER T WITH COMMA BELOW +021E..021F ; Expands_On_NFKD # L& [2] LATIN CAPITAL LETTER H WITH CARON..LATIN SMALL LETTER H WITH CARON +0226..0233 ; Expands_On_NFKD # L& [14] LATIN CAPITAL LETTER A WITH DOT ABOVE..LATIN SMALL LETTER Y WITH MACRON +02D8..02DD ; Expands_On_NFKD # Sk [6] BREVE..DOUBLE ACUTE ACCENT +0344 ; Expands_On_NFKD # Mn COMBINING GREEK DIALYTIKA TONOS +037A ; Expands_On_NFKD # Lm GREEK YPOGEGRAMMENI +0384..0385 ; Expands_On_NFKD # Sk [2] GREEK TONOS..GREEK DIALYTIKA TONOS +0386 ; Expands_On_NFKD # L& GREEK CAPITAL LETTER ALPHA WITH TONOS +0388..038A ; Expands_On_NFKD # L& [3] GREEK CAPITAL LETTER EPSILON WITH TONOS..GREEK CAPITAL LETTER IOTA WITH TONOS +038C ; Expands_On_NFKD # L& GREEK CAPITAL LETTER OMICRON WITH TONOS +038E..0390 ; Expands_On_NFKD # L& [3] GREEK CAPITAL LETTER UPSILON WITH TONOS..GREEK SMALL LETTER IOTA WITH DIALYTIKA AND TONOS +03AA..03B0 ; Expands_On_NFKD # L& [7] GREEK CAPITAL LETTER IOTA WITH DIALYTIKA..GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND TONOS +03CA..03CE ; Expands_On_NFKD # L& [5] GREEK SMALL LETTER IOTA WITH DIALYTIKA..GREEK SMALL LETTER OMEGA WITH TONOS +03D3..03D4 ; Expands_On_NFKD # L& [2] GREEK UPSILON WITH ACUTE AND HOOK SYMBOL..GREEK UPSILON WITH DIAERESIS AND HOOK SYMBOL +0400..0401 ; Expands_On_NFKD # L& [2] CYRILLIC CAPITAL LETTER IE WITH GRAVE..CYRILLIC CAPITAL LETTER IO +0403 ; Expands_On_NFKD # L& CYRILLIC CAPITAL LETTER GJE +0407 ; Expands_On_NFKD # L& CYRILLIC CAPITAL LETTER YI +040C..040E ; Expands_On_NFKD # L& [3] CYRILLIC CAPITAL LETTER KJE..CYRILLIC CAPITAL LETTER SHORT U +0419 ; Expands_On_NFKD # L& CYRILLIC CAPITAL LETTER SHORT I +0439 ; Expands_On_NFKD # L& CYRILLIC SMALL LETTER SHORT I +0450..0451 ; Expands_On_NFKD # L& [2] CYRILLIC SMALL LETTER IE WITH GRAVE..CYRILLIC SMALL LETTER IO +0453 ; Expands_On_NFKD # L& CYRILLIC SMALL LETTER GJE +0457 ; Expands_On_NFKD # L& CYRILLIC SMALL LETTER YI +045C..045E ; Expands_On_NFKD # L& [3] CYRILLIC SMALL LETTER KJE..CYRILLIC SMALL LETTER SHORT U +0476..0477 ; Expands_On_NFKD # L& [2] CYRILLIC CAPITAL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT..CYRILLIC SMALL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT +04C1..04C2 ; Expands_On_NFKD # L& [2] CYRILLIC CAPITAL LETTER ZHE WITH BREVE..CYRILLIC SMALL LETTER ZHE WITH BREVE +04D0..04D3 ; Expands_On_NFKD # L& [4] CYRILLIC CAPITAL LETTER A WITH BREVE..CYRILLIC SMALL LETTER A WITH DIAERESIS +04D6..04D7 ; Expands_On_NFKD # L& [2] CYRILLIC CAPITAL LETTER IE WITH BREVE..CYRILLIC SMALL LETTER IE WITH BREVE +04DA..04DF ; Expands_On_NFKD # L& [6] CYRILLIC CAPITAL LETTER SCHWA WITH DIAERESIS..CYRILLIC SMALL LETTER ZE WITH DIAERESIS +04E2..04E7 ; Expands_On_NFKD # L& [6] CYRILLIC CAPITAL LETTER I WITH MACRON..CYRILLIC SMALL LETTER O WITH DIAERESIS +04EA..04F5 ; Expands_On_NFKD # L& [12] CYRILLIC CAPITAL LETTER BARRED O WITH DIAERESIS..CYRILLIC SMALL LETTER CHE WITH DIAERESIS +04F8..04F9 ; Expands_On_NFKD # L& [2] CYRILLIC CAPITAL LETTER YERU WITH DIAERESIS..CYRILLIC SMALL LETTER YERU WITH DIAERESIS +0587 ; Expands_On_NFKD # L& ARMENIAN SMALL LIGATURE ECH YIWN +0622..0626 ; Expands_On_NFKD # Lo [5] ARABIC LETTER ALEF WITH MADDA ABOVE..ARABIC LETTER YEH WITH HAMZA ABOVE +0675..0678 ; Expands_On_NFKD # Lo [4] ARABIC LETTER HIGH HAMZA ALEF..ARABIC LETTER HIGH HAMZA YEH +06C0 ; Expands_On_NFKD # Lo ARABIC LETTER HEH WITH YEH ABOVE +06C2 ; Expands_On_NFKD # Lo ARABIC LETTER HEH GOAL WITH HAMZA ABOVE +06D3 ; Expands_On_NFKD # Lo ARABIC LETTER YEH BARREE WITH HAMZA ABOVE +0929 ; Expands_On_NFKD # Lo DEVANAGARI LETTER NNNA +0931 ; Expands_On_NFKD # Lo DEVANAGARI LETTER RRA +0934 ; Expands_On_NFKD # Lo DEVANAGARI LETTER LLLA +0958..095F ; Expands_On_NFKD # Lo [8] DEVANAGARI LETTER QA..DEVANAGARI LETTER YYA +09CB..09CC ; Expands_On_NFKD # Mc [2] BENGALI VOWEL SIGN O..BENGALI VOWEL SIGN AU +09DC..09DD ; Expands_On_NFKD # Lo [2] BENGALI LETTER RRA..BENGALI LETTER RHA +09DF ; Expands_On_NFKD # Lo BENGALI LETTER YYA +0A33 ; Expands_On_NFKD # Lo GURMUKHI LETTER LLA +0A36 ; Expands_On_NFKD # Lo GURMUKHI LETTER SHA +0A59..0A5B ; Expands_On_NFKD # Lo [3] GURMUKHI LETTER KHHA..GURMUKHI LETTER ZA +0A5E ; Expands_On_NFKD # Lo GURMUKHI LETTER FA +0B48 ; Expands_On_NFKD # Mc ORIYA VOWEL SIGN AI +0B4B..0B4C ; Expands_On_NFKD # Mc [2] ORIYA VOWEL SIGN O..ORIYA VOWEL SIGN AU +0B5C..0B5D ; Expands_On_NFKD # Lo [2] ORIYA LETTER RRA..ORIYA LETTER RHA +0B94 ; Expands_On_NFKD # Lo TAMIL LETTER AU +0BCA..0BCC ; Expands_On_NFKD # Mc [3] TAMIL VOWEL SIGN O..TAMIL VOWEL SIGN AU +0C48 ; Expands_On_NFKD # Mn TELUGU VOWEL SIGN AI +0CC0 ; Expands_On_NFKD # Mc KANNADA VOWEL SIGN II +0CC7..0CC8 ; Expands_On_NFKD # Mc [2] KANNADA VOWEL SIGN EE..KANNADA VOWEL SIGN AI +0CCA..0CCB ; Expands_On_NFKD # Mc [2] KANNADA VOWEL SIGN O..KANNADA VOWEL SIGN OO +0D4A..0D4C ; Expands_On_NFKD # Mc [3] MALAYALAM VOWEL SIGN O..MALAYALAM VOWEL SIGN AU +0DDA ; Expands_On_NFKD # Mc SINHALA VOWEL SIGN DIGA KOMBUVA +0DDC..0DDE ; Expands_On_NFKD # Mc [3] SINHALA VOWEL SIGN KOMBUVA HAA AELA-PILLA..SINHALA VOWEL SIGN KOMBUVA HAA GAYANUKITTA +0E33 ; Expands_On_NFKD # Lo THAI CHARACTER SARA AM +0EB3 ; Expands_On_NFKD # Lo LAO VOWEL SIGN AM +0EDC..0EDD ; Expands_On_NFKD # Lo [2] LAO HO NO..LAO HO MO +0F43 ; Expands_On_NFKD # Lo TIBETAN LETTER GHA +0F4D ; Expands_On_NFKD # Lo TIBETAN LETTER DDHA +0F52 ; Expands_On_NFKD # Lo TIBETAN LETTER DHA +0F57 ; Expands_On_NFKD # Lo TIBETAN LETTER BHA +0F5C ; Expands_On_NFKD # Lo TIBETAN LETTER DZHA +0F69 ; Expands_On_NFKD # Lo TIBETAN LETTER KSSA +0F73 ; Expands_On_NFKD # Mn TIBETAN VOWEL SIGN II +0F75..0F79 ; Expands_On_NFKD # Mn [5] TIBETAN VOWEL SIGN UU..TIBETAN VOWEL SIGN VOCALIC LL +0F81 ; Expands_On_NFKD # Mn TIBETAN VOWEL SIGN REVERSED II +0F93 ; Expands_On_NFKD # Mn TIBETAN SUBJOINED LETTER GHA +0F9D ; Expands_On_NFKD # Mn TIBETAN SUBJOINED LETTER DDHA +0FA2 ; Expands_On_NFKD # Mn TIBETAN SUBJOINED LETTER DHA +0FA7 ; Expands_On_NFKD # Mn TIBETAN SUBJOINED LETTER BHA +0FAC ; Expands_On_NFKD # Mn TIBETAN SUBJOINED LETTER DZHA +0FB9 ; Expands_On_NFKD # Mn TIBETAN SUBJOINED LETTER KSSA +1026 ; Expands_On_NFKD # Lo MYANMAR LETTER UU +1E00..1E9B ; Expands_On_NFKD # L& [156] LATIN CAPITAL LETTER A WITH RING BELOW..LATIN SMALL LETTER LONG S WITH DOT ABOVE +1EA0..1EF9 ; Expands_On_NFKD # L& [90] LATIN CAPITAL LETTER A WITH DOT BELOW..LATIN SMALL LETTER Y WITH TILDE +1F00..1F15 ; Expands_On_NFKD # L& [22] GREEK SMALL LETTER ALPHA WITH PSILI..GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA +1F18..1F1D ; Expands_On_NFKD # L& [6] GREEK CAPITAL LETTER EPSILON WITH PSILI..GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA +1F20..1F45 ; Expands_On_NFKD # L& [38] GREEK SMALL LETTER ETA WITH PSILI..GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA +1F48..1F4D ; Expands_On_NFKD # L& [6] GREEK CAPITAL LETTER OMICRON WITH PSILI..GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA +1F50..1F57 ; Expands_On_NFKD # L& [8] GREEK SMALL LETTER UPSILON WITH PSILI..GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI +1F59 ; Expands_On_NFKD # L& GREEK CAPITAL LETTER UPSILON WITH DASIA +1F5B ; Expands_On_NFKD # L& GREEK CAPITAL LETTER UPSILON WITH DASIA AND VARIA +1F5D ; Expands_On_NFKD # L& GREEK CAPITAL LETTER UPSILON WITH DASIA AND OXIA +1F5F..1F7D ; Expands_On_NFKD # L& [31] GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI..GREEK SMALL LETTER OMEGA WITH OXIA +1F80..1FB4 ; Expands_On_NFKD # L& [53] GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI..GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI +1FB6..1FBC ; Expands_On_NFKD # L& [7] GREEK SMALL LETTER ALPHA WITH PERISPOMENI..GREEK CAPITAL LETTER ALPHA WITH PROSGEGRAMMENI +1FBD ; Expands_On_NFKD # Sk GREEK KORONIS +1FBF..1FC1 ; Expands_On_NFKD # Sk [3] GREEK PSILI..GREEK DIALYTIKA AND PERISPOMENI +1FC2..1FC4 ; Expands_On_NFKD # L& [3] GREEK SMALL LETTER ETA WITH VARIA AND YPOGEGRAMMENI..GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI +1FC6..1FCC ; Expands_On_NFKD # L& [7] GREEK SMALL LETTER ETA WITH PERISPOMENI..GREEK CAPITAL LETTER ETA WITH PROSGEGRAMMENI +1FCD..1FCF ; Expands_On_NFKD # Sk [3] GREEK PSILI AND VARIA..GREEK PSILI AND PERISPOMENI +1FD0..1FD3 ; Expands_On_NFKD # L& [4] GREEK SMALL LETTER IOTA WITH VRACHY..GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA +1FD6..1FDB ; Expands_On_NFKD # L& [6] GREEK SMALL LETTER IOTA WITH PERISPOMENI..GREEK CAPITAL LETTER IOTA WITH OXIA +1FDD..1FDF ; Expands_On_NFKD # Sk [3] GREEK DASIA AND VARIA..GREEK DASIA AND PERISPOMENI +1FE0..1FEC ; Expands_On_NFKD # L& [13] GREEK SMALL LETTER UPSILON WITH VRACHY..GREEK CAPITAL LETTER RHO WITH DASIA +1FED..1FEE ; Expands_On_NFKD # Sk [2] GREEK DIALYTIKA AND VARIA..GREEK DIALYTIKA AND OXIA +1FF2..1FF4 ; Expands_On_NFKD # L& [3] GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI..GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI +1FF6..1FFC ; Expands_On_NFKD # L& [7] GREEK SMALL LETTER OMEGA WITH PERISPOMENI..GREEK CAPITAL LETTER OMEGA WITH PROSGEGRAMMENI +1FFD..1FFE ; Expands_On_NFKD # Sk [2] GREEK OXIA..GREEK DASIA +2017 ; Expands_On_NFKD # Po DOUBLE LOW LINE +2025..2026 ; Expands_On_NFKD # Po [2] TWO DOT LEADER..HORIZONTAL ELLIPSIS +2033..2034 ; Expands_On_NFKD # Po [2] DOUBLE PRIME..TRIPLE PRIME +2036..2037 ; Expands_On_NFKD # Po [2] REVERSED DOUBLE PRIME..REVERSED TRIPLE PRIME +203C ; Expands_On_NFKD # Po DOUBLE EXCLAMATION MARK +203E ; Expands_On_NFKD # Po OVERLINE +2047..2049 ; Expands_On_NFKD # Po [3] DOUBLE QUESTION MARK..EXCLAMATION QUESTION MARK +2057 ; Expands_On_NFKD # Po QUADRUPLE PRIME +20A8 ; Expands_On_NFKD # Sc RUPEE SIGN +2100..2101 ; Expands_On_NFKD # So [2] ACCOUNT OF..ADDRESSED TO THE SUBJECT +2103 ; Expands_On_NFKD # So DEGREE CELSIUS +2105..2106 ; Expands_On_NFKD # So [2] CARE OF..CADA UNA +2109 ; Expands_On_NFKD # So DEGREE FAHRENHEIT +2116 ; Expands_On_NFKD # So NUMERO SIGN +2120..2122 ; Expands_On_NFKD # So [3] SERVICE MARK..TRADE MARK SIGN +212B ; Expands_On_NFKD # L& ANGSTROM SIGN +213B ; Expands_On_NFKD # So FACSIMILE SIGN +2153..215F ; Expands_On_NFKD # No [13] VULGAR FRACTION ONE THIRD..FRACTION NUMERATOR ONE +2161..2163 ; Expands_On_NFKD # Nl [3] ROMAN NUMERAL TWO..ROMAN NUMERAL FOUR +2165..2168 ; Expands_On_NFKD # Nl [4] ROMAN NUMERAL SIX..ROMAN NUMERAL NINE +216A..216B ; Expands_On_NFKD # Nl [2] ROMAN NUMERAL ELEVEN..ROMAN NUMERAL TWELVE +2171..2173 ; Expands_On_NFKD # Nl [3] SMALL ROMAN NUMERAL TWO..SMALL ROMAN NUMERAL FOUR +2175..2178 ; Expands_On_NFKD # Nl [4] SMALL ROMAN NUMERAL SIX..SMALL ROMAN NUMERAL NINE +217A..217B ; Expands_On_NFKD # Nl [2] SMALL ROMAN NUMERAL ELEVEN..SMALL ROMAN NUMERAL TWELVE +219A..219B ; Expands_On_NFKD # Sm [2] LEFTWARDS ARROW WITH STROKE..RIGHTWARDS ARROW WITH STROKE +21AE ; Expands_On_NFKD # Sm LEFT RIGHT ARROW WITH STROKE +21CD ; Expands_On_NFKD # So LEFTWARDS DOUBLE ARROW WITH STROKE +21CE..21CF ; Expands_On_NFKD # Sm [2] LEFT RIGHT DOUBLE ARROW WITH STROKE..RIGHTWARDS DOUBLE ARROW WITH STROKE +2204 ; Expands_On_NFKD # Sm THERE DOES NOT EXIST +2209 ; Expands_On_NFKD # Sm NOT AN ELEMENT OF +220C ; Expands_On_NFKD # Sm DOES NOT CONTAIN AS MEMBER +2224 ; Expands_On_NFKD # Sm DOES NOT DIVIDE +2226 ; Expands_On_NFKD # Sm NOT PARALLEL TO +222C..222D ; Expands_On_NFKD # Sm [2] DOUBLE INTEGRAL..TRIPLE INTEGRAL +222F..2230 ; Expands_On_NFKD # Sm [2] SURFACE INTEGRAL..VOLUME INTEGRAL +2241 ; Expands_On_NFKD # Sm NOT TILDE +2244 ; Expands_On_NFKD # Sm NOT ASYMPTOTICALLY EQUAL TO +2247 ; Expands_On_NFKD # Sm NEITHER APPROXIMATELY NOR ACTUALLY EQUAL TO +2249 ; Expands_On_NFKD # Sm NOT ALMOST EQUAL TO +2260 ; Expands_On_NFKD # Sm NOT EQUAL TO +2262 ; Expands_On_NFKD # Sm NOT IDENTICAL TO +226D..2271 ; Expands_On_NFKD # Sm [5] NOT EQUIVALENT TO..NEITHER GREATER-THAN NOR EQUAL TO +2274..2275 ; Expands_On_NFKD # Sm [2] NEITHER LESS-THAN NOR EQUIVALENT TO..NEITHER GREATER-THAN NOR EQUIVALENT TO +2278..2279 ; Expands_On_NFKD # Sm [2] NEITHER LESS-THAN NOR GREATER-THAN..NEITHER GREATER-THAN NOR LESS-THAN +2280..2281 ; Expands_On_NFKD # Sm [2] DOES NOT PRECEDE..DOES NOT SUCCEED +2284..2285 ; Expands_On_NFKD # Sm [2] NOT A SUBSET OF..NOT A SUPERSET OF +2288..2289 ; Expands_On_NFKD # Sm [2] NEITHER A SUBSET OF NOR EQUAL TO..NEITHER A SUPERSET OF NOR EQUAL TO +22AC..22AF ; Expands_On_NFKD # Sm [4] DOES NOT PROVE..NEGATED DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE +22E0..22E3 ; Expands_On_NFKD # Sm [4] DOES NOT PRECEDE OR EQUAL..NOT SQUARE ORIGINAL OF OR EQUAL TO +22EA..22ED ; Expands_On_NFKD # Sm [4] NOT NORMAL SUBGROUP OF..DOES NOT CONTAIN AS NORMAL SUBGROUP OR EQUAL +2469..249B ; Expands_On_NFKD # No [51] CIRCLED NUMBER TEN..NUMBER TWENTY FULL STOP +249C..24B5 ; Expands_On_NFKD # So [26] PARENTHESIZED LATIN SMALL LETTER A..PARENTHESIZED LATIN SMALL LETTER Z +2A0C ; Expands_On_NFKD # Sm QUADRUPLE INTEGRAL OPERATOR +2A74..2A76 ; Expands_On_NFKD # Sm [3] DOUBLE COLON EQUAL..THREE CONSECUTIVE EQUALS SIGNS +2ADC ; Expands_On_NFKD # Sm FORKING +304C ; Expands_On_NFKD # Lo HIRAGANA LETTER GA +304E ; Expands_On_NFKD # Lo HIRAGANA LETTER GI +3050 ; Expands_On_NFKD # Lo HIRAGANA LETTER GU +3052 ; Expands_On_NFKD # Lo HIRAGANA LETTER GE +3054 ; Expands_On_NFKD # Lo HIRAGANA LETTER GO +3056 ; Expands_On_NFKD # Lo HIRAGANA LETTER ZA +3058 ; Expands_On_NFKD # Lo HIRAGANA LETTER ZI +305A ; Expands_On_NFKD # Lo HIRAGANA LETTER ZU +305C ; Expands_On_NFKD # Lo HIRAGANA LETTER ZE +305E ; Expands_On_NFKD # Lo HIRAGANA LETTER ZO +3060 ; Expands_On_NFKD # Lo HIRAGANA LETTER DA +3062 ; Expands_On_NFKD # Lo HIRAGANA LETTER DI +3065 ; Expands_On_NFKD # Lo HIRAGANA LETTER DU +3067 ; Expands_On_NFKD # Lo HIRAGANA LETTER DE +3069 ; Expands_On_NFKD # Lo HIRAGANA LETTER DO +3070..3071 ; Expands_On_NFKD # Lo [2] HIRAGANA LETTER BA..HIRAGANA LETTER PA +3073..3074 ; Expands_On_NFKD # Lo [2] HIRAGANA LETTER BI..HIRAGANA LETTER PI +3076..3077 ; Expands_On_NFKD # Lo [2] HIRAGANA LETTER BU..HIRAGANA LETTER PU +3079..307A ; Expands_On_NFKD # Lo [2] HIRAGANA LETTER BE..HIRAGANA LETTER PE +307C..307D ; Expands_On_NFKD # Lo [2] HIRAGANA LETTER BO..HIRAGANA LETTER PO +3094 ; Expands_On_NFKD # Lo HIRAGANA LETTER VU +309B..309C ; Expands_On_NFKD # Sk [2] KATAKANA-HIRAGANA VOICED SOUND MARK..KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK +309E ; Expands_On_NFKD # Lm HIRAGANA VOICED ITERATION MARK +309F ; Expands_On_NFKD # Lo HIRAGANA DIGRAPH YORI +30AC ; Expands_On_NFKD # Lo KATAKANA LETTER GA +30AE ; Expands_On_NFKD # Lo KATAKANA LETTER GI +30B0 ; Expands_On_NFKD # Lo KATAKANA LETTER GU +30B2 ; Expands_On_NFKD # Lo KATAKANA LETTER GE +30B4 ; Expands_On_NFKD # Lo KATAKANA LETTER GO +30B6 ; Expands_On_NFKD # Lo KATAKANA LETTER ZA +30B8 ; Expands_On_NFKD # Lo KATAKANA LETTER ZI +30BA ; Expands_On_NFKD # Lo KATAKANA LETTER ZU +30BC ; Expands_On_NFKD # Lo KATAKANA LETTER ZE +30BE ; Expands_On_NFKD # Lo KATAKANA LETTER ZO +30C0 ; Expands_On_NFKD # Lo KATAKANA LETTER DA +30C2 ; Expands_On_NFKD # Lo KATAKANA LETTER DI +30C5 ; Expands_On_NFKD # Lo KATAKANA LETTER DU +30C7 ; Expands_On_NFKD # Lo KATAKANA LETTER DE +30C9 ; Expands_On_NFKD # Lo KATAKANA LETTER DO +30D0..30D1 ; Expands_On_NFKD # Lo [2] KATAKANA LETTER BA..KATAKANA LETTER PA +30D3..30D4 ; Expands_On_NFKD # Lo [2] KATAKANA LETTER BI..KATAKANA LETTER PI +30D6..30D7 ; Expands_On_NFKD # Lo [2] KATAKANA LETTER BU..KATAKANA LETTER PU +30D9..30DA ; Expands_On_NFKD # Lo [2] KATAKANA LETTER BE..KATAKANA LETTER PE +30DC..30DD ; Expands_On_NFKD # Lo [2] KATAKANA LETTER BO..KATAKANA LETTER PO +30F4 ; Expands_On_NFKD # Lo KATAKANA LETTER VU +30F7..30FA ; Expands_On_NFKD # Lo [4] KATAKANA LETTER VA..KATAKANA LETTER VO +30FE ; Expands_On_NFKD # Lm KATAKANA VOICED ITERATION MARK +30FF ; Expands_On_NFKD # Lo KATAKANA DIGRAPH KOTO +3200..321E ; Expands_On_NFKD # So [31] PARENTHESIZED HANGUL KIYEOK..PARENTHESIZED KOREAN CHARACTER O HU +3220..3229 ; Expands_On_NFKD # No [10] PARENTHESIZED IDEOGRAPH ONE..PARENTHESIZED IDEOGRAPH TEN +322A..3243 ; Expands_On_NFKD # So [26] PARENTHESIZED IDEOGRAPH MOON..PARENTHESIZED IDEOGRAPH REACH +3250 ; Expands_On_NFKD # So PARTNERSHIP SIGN +3251..325F ; Expands_On_NFKD # No [15] CIRCLED NUMBER TWENTY ONE..CIRCLED NUMBER THIRTY FIVE +326E..327D ; Expands_On_NFKD # So [16] CIRCLED HANGUL KIYEOK A..CIRCLED KOREAN CHARACTER JUEUI +32B1..32BF ; Expands_On_NFKD # No [15] CIRCLED NUMBER THIRTY SIX..CIRCLED NUMBER FIFTY +32C0..32CF ; Expands_On_NFKD # So [16] IDEOGRAPHIC TELEGRAPH SYMBOL FOR JANUARY..LIMITED LIABILITY SIGN +3300..33FF ; Expands_On_NFKD # So [256] SQUARE APAATO..SQUARE GAL +AC00..D7A3 ; Expands_On_NFKD # Lo [11172] HANGUL SYLLABLE GA..HANGUL SYLLABLE HIH +FB00..FB06 ; Expands_On_NFKD # L& [7] LATIN SMALL LIGATURE FF..LATIN SMALL LIGATURE ST +FB13..FB17 ; Expands_On_NFKD # L& [5] ARMENIAN SMALL LIGATURE MEN NOW..ARMENIAN SMALL LIGATURE MEN XEH +FB1D ; Expands_On_NFKD # Lo HEBREW LETTER YOD WITH HIRIQ +FB1F ; Expands_On_NFKD # Lo HEBREW LIGATURE YIDDISH YOD YOD PATAH +FB2A..FB36 ; Expands_On_NFKD # Lo [13] HEBREW LETTER SHIN WITH SHIN DOT..HEBREW LETTER ZAYIN WITH DAGESH +FB38..FB3C ; Expands_On_NFKD # Lo [5] HEBREW LETTER TET WITH DAGESH..HEBREW LETTER LAMED WITH DAGESH +FB3E ; Expands_On_NFKD # Lo HEBREW LETTER MEM WITH DAGESH +FB40..FB41 ; Expands_On_NFKD # Lo [2] HEBREW LETTER NUN WITH DAGESH..HEBREW LETTER SAMEKH WITH DAGESH +FB43..FB44 ; Expands_On_NFKD # Lo [2] HEBREW LETTER FINAL PE WITH DAGESH..HEBREW LETTER PE WITH DAGESH +FB46..FB4F ; Expands_On_NFKD # Lo [10] HEBREW LETTER TSADI WITH DAGESH..HEBREW LIGATURE ALEF LAMED +FBA4..FBA5 ; Expands_On_NFKD # Lo [2] ARABIC LETTER HEH WITH YEH ABOVE ISOLATED FORM..ARABIC LETTER HEH WITH YEH ABOVE FINAL FORM +FBB0..FBB1 ; Expands_On_NFKD # Lo [2] ARABIC LETTER YEH BARREE WITH HAMZA ABOVE ISOLATED FORM..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE FINAL FORM +FBDD ; Expands_On_NFKD # Lo ARABIC LETTER U WITH HAMZA ABOVE ISOLATED FORM +FBEA..FBFB ; Expands_On_NFKD # Lo [18] ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF ISOLATED FORM..ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA INITIAL FORM +FC00..FD3D ; Expands_On_NFKD # Lo [318] ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH JEEM ISOLATED FORM..ARABIC LIGATURE ALEF WITH FATHATAN ISOLATED FORM +FD50..FD8F ; Expands_On_NFKD # Lo [64] ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM..ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM +FD92..FDC7 ; Expands_On_NFKD # Lo [54] ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM..ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM +FDF0..FDFB ; Expands_On_NFKD # Lo [12] ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM..ARABIC LIGATURE JALLAJALALOUHOU +FDFC ; Expands_On_NFKD # Sc RIAL SIGN +FE30 ; Expands_On_NFKD # Po PRESENTATION FORM FOR VERTICAL TWO DOT LEADER +FE49..FE4C ; Expands_On_NFKD # Po [4] DASHED OVERLINE..DOUBLE WAVY OVERLINE +FE70..FE72 ; Expands_On_NFKD # Lo [3] ARABIC FATHATAN ISOLATED FORM..ARABIC DAMMATAN ISOLATED FORM +FE74 ; Expands_On_NFKD # Lo ARABIC KASRATAN ISOLATED FORM +FE76..FE7F ; Expands_On_NFKD # Lo [10] ARABIC FATHA ISOLATED FORM..ARABIC SUKUN MEDIAL FORM +FE81..FE8C ; Expands_On_NFKD # Lo [12] ARABIC LETTER ALEF WITH MADDA ABOVE ISOLATED FORM..ARABIC LETTER YEH WITH HAMZA ABOVE MEDIAL FORM +FEF5..FEFC ; Expands_On_NFKD # Lo [8] ARABIC LIGATURE LAM WITH ALEF WITH MADDA ABOVE ISOLATED FORM..ARABIC LIGATURE LAM WITH ALEF FINAL FORM +FFE3 ; Expands_On_NFKD # Sk FULLWIDTH MACRON +1D15E..1D164 ; Expands_On_NFKD # So [7] MUSICAL SYMBOL HALF NOTE..MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE +1D1BB..1D1C0 ; Expands_On_NFKD # So [6] MUSICAL SYMBOL MINIMA..MUSICAL SYMBOL FUSA BLACK + +# Total code points: 13297 + +# ================================================ + +# Derived Property: Expands_On_NFKC +# Generated according to UAX #15. +# Characters whose normalized length is not one. +# WARNING: Normalization of STRINGS must use the algorithm in UAX #15 because characters may interact. +# The length of a normalized string is not necessarily the sum of the lengths of the normalized characters! + +00A8 ; Expands_On_NFKC # Sk DIAERESIS +00AF ; Expands_On_NFKC # Sk MACRON +00B4 ; Expands_On_NFKC # Sk ACUTE ACCENT +00B8 ; Expands_On_NFKC # Sk CEDILLA +00BC..00BE ; Expands_On_NFKC # No [3] VULGAR FRACTION ONE QUARTER..VULGAR FRACTION THREE QUARTERS +0132..0133 ; Expands_On_NFKC # L& [2] LATIN CAPITAL LIGATURE IJ..LATIN SMALL LIGATURE IJ +013F..0140 ; Expands_On_NFKC # L& [2] LATIN CAPITAL LETTER L WITH MIDDLE DOT..LATIN SMALL LETTER L WITH MIDDLE DOT +0149 ; Expands_On_NFKC # L& LATIN SMALL LETTER N PRECEDED BY APOSTROPHE +01C4..01CC ; Expands_On_NFKC # L& [9] LATIN CAPITAL LETTER DZ WITH CARON..LATIN SMALL LETTER NJ +01F1..01F3 ; Expands_On_NFKC # L& [3] LATIN CAPITAL LETTER DZ..LATIN SMALL LETTER DZ +02D8..02DD ; Expands_On_NFKC # Sk [6] BREVE..DOUBLE ACUTE ACCENT +0344 ; Expands_On_NFKC # Mn COMBINING GREEK DIALYTIKA TONOS +037A ; Expands_On_NFKC # Lm GREEK YPOGEGRAMMENI +0384..0385 ; Expands_On_NFKC # Sk [2] GREEK TONOS..GREEK DIALYTIKA TONOS +0587 ; Expands_On_NFKC # L& ARMENIAN SMALL LIGATURE ECH YIWN +0675..0678 ; Expands_On_NFKC # Lo [4] ARABIC LETTER HIGH HAMZA ALEF..ARABIC LETTER HIGH HAMZA YEH +0958..095F ; Expands_On_NFKC # Lo [8] DEVANAGARI LETTER QA..DEVANAGARI LETTER YYA +09DC..09DD ; Expands_On_NFKC # Lo [2] BENGALI LETTER RRA..BENGALI LETTER RHA +09DF ; Expands_On_NFKC # Lo BENGALI LETTER YYA +0A33 ; Expands_On_NFKC # Lo GURMUKHI LETTER LLA +0A36 ; Expands_On_NFKC # Lo GURMUKHI LETTER SHA +0A59..0A5B ; Expands_On_NFKC # Lo [3] GURMUKHI LETTER KHHA..GURMUKHI LETTER ZA +0A5E ; Expands_On_NFKC # Lo GURMUKHI LETTER FA +0B5C..0B5D ; Expands_On_NFKC # Lo [2] ORIYA LETTER RRA..ORIYA LETTER RHA +0E33 ; Expands_On_NFKC # Lo THAI CHARACTER SARA AM +0EB3 ; Expands_On_NFKC # Lo LAO VOWEL SIGN AM +0EDC..0EDD ; Expands_On_NFKC # Lo [2] LAO HO NO..LAO HO MO +0F43 ; Expands_On_NFKC # Lo TIBETAN LETTER GHA +0F4D ; Expands_On_NFKC # Lo TIBETAN LETTER DDHA +0F52 ; Expands_On_NFKC # Lo TIBETAN LETTER DHA +0F57 ; Expands_On_NFKC # Lo TIBETAN LETTER BHA +0F5C ; Expands_On_NFKC # Lo TIBETAN LETTER DZHA +0F69 ; Expands_On_NFKC # Lo TIBETAN LETTER KSSA +0F73 ; Expands_On_NFKC # Mn TIBETAN VOWEL SIGN II +0F75..0F79 ; Expands_On_NFKC # Mn [5] TIBETAN VOWEL SIGN UU..TIBETAN VOWEL SIGN VOCALIC LL +0F81 ; Expands_On_NFKC # Mn TIBETAN VOWEL SIGN REVERSED II +0F93 ; Expands_On_NFKC # Mn TIBETAN SUBJOINED LETTER GHA +0F9D ; Expands_On_NFKC # Mn TIBETAN SUBJOINED LETTER DDHA +0FA2 ; Expands_On_NFKC # Mn TIBETAN SUBJOINED LETTER DHA +0FA7 ; Expands_On_NFKC # Mn TIBETAN SUBJOINED LETTER BHA +0FAC ; Expands_On_NFKC # Mn TIBETAN SUBJOINED LETTER DZHA +0FB9 ; Expands_On_NFKC # Mn TIBETAN SUBJOINED LETTER KSSA +1E9A ; Expands_On_NFKC # L& LATIN SMALL LETTER A WITH RIGHT HALF RING +1FBD ; Expands_On_NFKC # Sk GREEK KORONIS +1FBF..1FC1 ; Expands_On_NFKC # Sk [3] GREEK PSILI..GREEK DIALYTIKA AND PERISPOMENI +1FCD..1FCF ; Expands_On_NFKC # Sk [3] GREEK PSILI AND VARIA..GREEK PSILI AND PERISPOMENI +1FDD..1FDF ; Expands_On_NFKC # Sk [3] GREEK DASIA AND VARIA..GREEK DASIA AND PERISPOMENI +1FED..1FEE ; Expands_On_NFKC # Sk [2] GREEK DIALYTIKA AND VARIA..GREEK DIALYTIKA AND OXIA +1FFD..1FFE ; Expands_On_NFKC # Sk [2] GREEK OXIA..GREEK DASIA +2017 ; Expands_On_NFKC # Po DOUBLE LOW LINE +2025..2026 ; Expands_On_NFKC # Po [2] TWO DOT LEADER..HORIZONTAL ELLIPSIS +2033..2034 ; Expands_On_NFKC # Po [2] DOUBLE PRIME..TRIPLE PRIME +2036..2037 ; Expands_On_NFKC # Po [2] REVERSED DOUBLE PRIME..REVERSED TRIPLE PRIME +203C ; Expands_On_NFKC # Po DOUBLE EXCLAMATION MARK +203E ; Expands_On_NFKC # Po OVERLINE +2047..2049 ; Expands_On_NFKC # Po [3] DOUBLE QUESTION MARK..EXCLAMATION QUESTION MARK +2057 ; Expands_On_NFKC # Po QUADRUPLE PRIME +20A8 ; Expands_On_NFKC # Sc RUPEE SIGN +2100..2101 ; Expands_On_NFKC # So [2] ACCOUNT OF..ADDRESSED TO THE SUBJECT +2103 ; Expands_On_NFKC # So DEGREE CELSIUS +2105..2106 ; Expands_On_NFKC # So [2] CARE OF..CADA UNA +2109 ; Expands_On_NFKC # So DEGREE FAHRENHEIT +2116 ; Expands_On_NFKC # So NUMERO SIGN +2120..2122 ; Expands_On_NFKC # So [3] SERVICE MARK..TRADE MARK SIGN +213B ; Expands_On_NFKC # So FACSIMILE SIGN +2153..215F ; Expands_On_NFKC # No [13] VULGAR FRACTION ONE THIRD..FRACTION NUMERATOR ONE +2161..2163 ; Expands_On_NFKC # Nl [3] ROMAN NUMERAL TWO..ROMAN NUMERAL FOUR +2165..2168 ; Expands_On_NFKC # Nl [4] ROMAN NUMERAL SIX..ROMAN NUMERAL NINE +216A..216B ; Expands_On_NFKC # Nl [2] ROMAN NUMERAL ELEVEN..ROMAN NUMERAL TWELVE +2171..2173 ; Expands_On_NFKC # Nl [3] SMALL ROMAN NUMERAL TWO..SMALL ROMAN NUMERAL FOUR +2175..2178 ; Expands_On_NFKC # Nl [4] SMALL ROMAN NUMERAL SIX..SMALL ROMAN NUMERAL NINE +217A..217B ; Expands_On_NFKC # Nl [2] SMALL ROMAN NUMERAL ELEVEN..SMALL ROMAN NUMERAL TWELVE +222C..222D ; Expands_On_NFKC # Sm [2] DOUBLE INTEGRAL..TRIPLE INTEGRAL +222F..2230 ; Expands_On_NFKC # Sm [2] SURFACE INTEGRAL..VOLUME INTEGRAL +2469..249B ; Expands_On_NFKC # No [51] CIRCLED NUMBER TEN..NUMBER TWENTY FULL STOP +249C..24B5 ; Expands_On_NFKC # So [26] PARENTHESIZED LATIN SMALL LETTER A..PARENTHESIZED LATIN SMALL LETTER Z +2A0C ; Expands_On_NFKC # Sm QUADRUPLE INTEGRAL OPERATOR +2A74..2A76 ; Expands_On_NFKC # Sm [3] DOUBLE COLON EQUAL..THREE CONSECUTIVE EQUALS SIGNS +2ADC ; Expands_On_NFKC # Sm FORKING +309B..309C ; Expands_On_NFKC # Sk [2] KATAKANA-HIRAGANA VOICED SOUND MARK..KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK +309F ; Expands_On_NFKC # Lo HIRAGANA DIGRAPH YORI +30FF ; Expands_On_NFKC # Lo KATAKANA DIGRAPH KOTO +3200..321E ; Expands_On_NFKC # So [31] PARENTHESIZED HANGUL KIYEOK..PARENTHESIZED KOREAN CHARACTER O HU +3220..3229 ; Expands_On_NFKC # No [10] PARENTHESIZED IDEOGRAPH ONE..PARENTHESIZED IDEOGRAPH TEN +322A..3243 ; Expands_On_NFKC # So [26] PARENTHESIZED IDEOGRAPH MOON..PARENTHESIZED IDEOGRAPH REACH +3250 ; Expands_On_NFKC # So PARTNERSHIP SIGN +3251..325F ; Expands_On_NFKC # No [15] CIRCLED NUMBER TWENTY ONE..CIRCLED NUMBER THIRTY FIVE +327C..327D ; Expands_On_NFKC # So [2] CIRCLED KOREAN CHARACTER CHAMKO..CIRCLED KOREAN CHARACTER JUEUI +32B1..32BF ; Expands_On_NFKC # No [15] CIRCLED NUMBER THIRTY SIX..CIRCLED NUMBER FIFTY +32C0..32CF ; Expands_On_NFKC # So [16] IDEOGRAPHIC TELEGRAPH SYMBOL FOR JANUARY..LIMITED LIABILITY SIGN +3300..33FF ; Expands_On_NFKC # So [256] SQUARE APAATO..SQUARE GAL +FB00..FB06 ; Expands_On_NFKC # L& [7] LATIN SMALL LIGATURE FF..LATIN SMALL LIGATURE ST +FB13..FB17 ; Expands_On_NFKC # L& [5] ARMENIAN SMALL LIGATURE MEN NOW..ARMENIAN SMALL LIGATURE MEN XEH +FB1D ; Expands_On_NFKC # Lo HEBREW LETTER YOD WITH HIRIQ +FB1F ; Expands_On_NFKC # Lo HEBREW LIGATURE YIDDISH YOD YOD PATAH +FB2A..FB36 ; Expands_On_NFKC # Lo [13] HEBREW LETTER SHIN WITH SHIN DOT..HEBREW LETTER ZAYIN WITH DAGESH +FB38..FB3C ; Expands_On_NFKC # Lo [5] HEBREW LETTER TET WITH DAGESH..HEBREW LETTER LAMED WITH DAGESH +FB3E ; Expands_On_NFKC # Lo HEBREW LETTER MEM WITH DAGESH +FB40..FB41 ; Expands_On_NFKC # Lo [2] HEBREW LETTER NUN WITH DAGESH..HEBREW LETTER SAMEKH WITH DAGESH +FB43..FB44 ; Expands_On_NFKC # Lo [2] HEBREW LETTER FINAL PE WITH DAGESH..HEBREW LETTER PE WITH DAGESH +FB46..FB4F ; Expands_On_NFKC # Lo [10] HEBREW LETTER TSADI WITH DAGESH..HEBREW LIGATURE ALEF LAMED +FBDD ; Expands_On_NFKC # Lo ARABIC LETTER U WITH HAMZA ABOVE ISOLATED FORM +FBEA..FBFB ; Expands_On_NFKC # Lo [18] ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF ISOLATED FORM..ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA INITIAL FORM +FC00..FD3D ; Expands_On_NFKC # Lo [318] ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH JEEM ISOLATED FORM..ARABIC LIGATURE ALEF WITH FATHATAN ISOLATED FORM +FD50..FD8F ; Expands_On_NFKC # Lo [64] ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM..ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM +FD92..FDC7 ; Expands_On_NFKC # Lo [54] ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM..ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM +FDF0..FDFB ; Expands_On_NFKC # Lo [12] ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM..ARABIC LIGATURE JALLAJALALOUHOU +FDFC ; Expands_On_NFKC # Sc RIAL SIGN +FE30 ; Expands_On_NFKC # Po PRESENTATION FORM FOR VERTICAL TWO DOT LEADER +FE49..FE4C ; Expands_On_NFKC # Po [4] DASHED OVERLINE..DOUBLE WAVY OVERLINE +FE70..FE72 ; Expands_On_NFKC # Lo [3] ARABIC FATHATAN ISOLATED FORM..ARABIC DAMMATAN ISOLATED FORM +FE74 ; Expands_On_NFKC # Lo ARABIC KASRATAN ISOLATED FORM +FE76..FE7F ; Expands_On_NFKC # Lo [10] ARABIC FATHA ISOLATED FORM..ARABIC SUKUN MEDIAL FORM +FEF5..FEFC ; Expands_On_NFKC # Lo [8] ARABIC LIGATURE LAM WITH ALEF WITH MADDA ABOVE ISOLATED FORM..ARABIC LIGATURE LAM WITH ALEF FINAL FORM +FFE3 ; Expands_On_NFKC # Sk FULLWIDTH MACRON +1D15E..1D164 ; Expands_On_NFKC # So [7] MUSICAL SYMBOL HALF NOTE..MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE +1D1BB..1D1C0 ; Expands_On_NFKC # So [6] MUSICAL SYMBOL MINIMA..MUSICAL SYMBOL FUSA BLACK + +# Total code points: 1170 diff --git a/source4/heimdal/lib/wind/NormalizationCorrections.txt b/source4/heimdal/lib/wind/NormalizationCorrections.txt new file mode 100644 index 0000000000..d76c150d2e --- /dev/null +++ b/source4/heimdal/lib/wind/NormalizationCorrections.txt @@ -0,0 +1,43 @@ +# NormalizationCorrections-4.0.0.txt +# +# This file is a normative contributory data file in the +# Unicode Character Database. +# +# The normalization stabilization policy of the Unicode +# Consortium ordinarily precludes any change to the decomposition +# for any character, once established in a relevant version +# of the UnicodeData.txt data file. However, under certain +# exceptional (and rare) conditions, an error in a decomposition +# mapping may be discovered that is truly just an unintended +# typo in the data, and not a matter of dubious interpretation. +# +# Whenever such an error may be found, and if it meets the +# requirements for possible exceptions to normalization +# stability, the correction is entered in this data file, +# so that any implementation depending on absolute stability +# of normalization, *including* any errors in the data, can +# safely reconstruct the exact state of the data tables at +# any given version of Unicode. +# +# Currently this list has exactly six entries in it, one for the +# typo found and corrected in Corrigendum #3, and five for +# the typos and misidentifications found and corrected in +# Corrigendum #4. All efforts +# will be made to keep the entries limited to just those fixes. +# +# Interpretation of the fields: +# Field 1: Unicode code point +# Field 2: Original (erroneous) decomposition +# Field 3: Corrected decomposition +# Field 4: Version of Unicode for which the correction was +# entered into UnicodeData.txt, in n.n.n format. +# Comment: Indicates the Unicode Corrigendum which documents +# the correction +# +# +F951;96FB;964B;3.2.0 # Corrigendum 3 +2F868;2136A;36FC;4.0.0 # Corrigendum 4 +2F874;5F33;5F53;4.0.0 # Corrigendum 4 +2F91F;43AB;243AB;4.0.0 # Corrigendum 4 +2F95F;7AAE;7AEE;4.0.0 # Corrigendum 4 +2F9BF;4D57;45D7;4.0.0 # Corrigendum 4 diff --git a/source4/heimdal/lib/wind/NormalizationTest.txt b/source4/heimdal/lib/wind/NormalizationTest.txt new file mode 100644 index 0000000000..afbb369df2 --- /dev/null +++ b/source4/heimdal/lib/wind/NormalizationTest.txt @@ -0,0 +1,17166 @@ +# NormalizationTest-4.0.0.txt +# Date: 2003-02-25,23:12:31 GMT [MD] +# +# Normalization Test Suite +# Format: +# +# Columns (c1, c2,...) are separated by semicolons +# Comments are indicated with hash marks +# +# CONFORMANCE: +# 1. The following invariants must be true for all conformant implementations +# +# NFC +# c2 == NFC(c1) == NFC(c2) == NFC(c3) +# c4 == NFC(c4) == NFC(c5) +# +# NFD +# c3 == NFD(c1) == NFD(c2) == NFD(c3) +# c5 == NFD(c4) == NFD(c5) +# +# NFKC +# c4 == NFKC(c1) == NFKC(c2) == NFKC(c3) == NFKC(c4) == NFKC(c5) +# +# NFKD +# c5 == NFKD(c1) == NFKD(c2) == NFKD(c3) == NFKD(c4) == NFKD(c5) +# +# 2. For every code point X assigned in this version of Unicode that is not specifically +# listed in Part 1, the following invariants must be true for all conformant +# implementations: +# +# X == NFC(X) == NFD(X) == NFKC(X) == NFKD(X) +# +@Part0 # Specific cases +# +1E0A;1E0A;0044 0307;1E0A;0044 0307; # (Ḋ; Ḋ; D◌̇; Ḋ; D◌̇; ) LATIN CAPITAL LETTER D WITH DOT ABOVE +1E0C;1E0C;0044 0323;1E0C;0044 0323; # (Ḍ; Ḍ; D◌̣; Ḍ; D◌̣; ) LATIN CAPITAL LETTER D WITH DOT BELOW +1E0A 0323;1E0C 0307;0044 0323 0307;1E0C 0307;0044 0323 0307; # (Ḋ◌̣; Ḍ◌̇; D◌̣◌̇; Ḍ◌̇; D◌̣◌̇; ) LATIN CAPITAL LETTER D WITH DOT ABOVE, COMBINING DOT BELOW +1E0C 0307;1E0C 0307;0044 0323 0307;1E0C 0307;0044 0323 0307; # (Ḍ◌̇; Ḍ◌̇; D◌̣◌̇; Ḍ◌̇; D◌̣◌̇; ) LATIN CAPITAL LETTER D WITH DOT BELOW, COMBINING DOT ABOVE +0044 0307 0323;1E0C 0307;0044 0323 0307;1E0C 0307;0044 0323 0307; # (D◌̇◌̣; Ḍ◌̇; D◌̣◌̇; Ḍ◌̇; D◌̣◌̇; ) LATIN CAPITAL LETTER D, COMBINING DOT ABOVE, COMBINING DOT BELOW +0044 0323 0307;1E0C 0307;0044 0323 0307;1E0C 0307;0044 0323 0307; # (D◌̣◌̇; Ḍ◌̇; D◌̣◌̇; Ḍ◌̇; D◌̣◌̇; ) LATIN CAPITAL LETTER D, COMBINING DOT BELOW, COMBINING DOT ABOVE +1E0A 031B;1E0A 031B;0044 031B 0307;1E0A 031B;0044 031B 0307; # (Ḋ◌̛; Ḋ◌̛; D◌̛◌̇; Ḋ◌̛; D◌̛◌̇; ) LATIN CAPITAL LETTER D WITH DOT ABOVE, COMBINING HORN +1E0C 031B;1E0C 031B;0044 031B 0323;1E0C 031B;0044 031B 0323; # (Ḍ◌̛; Ḍ◌̛; D◌̛◌̣; Ḍ◌̛; D◌̛◌̣; ) LATIN CAPITAL LETTER D WITH DOT BELOW, COMBINING HORN +1E0A 031B 0323;1E0C 031B 0307;0044 031B 0323 0307;1E0C 031B 0307;0044 031B 0323 0307; # (Ḋ◌̛◌̣; Ḍ◌̛◌̇; D◌̛◌̣◌̇; Ḍ◌̛◌̇; D◌̛◌̣◌̇; ) LATIN CAPITAL LETTER D WITH DOT ABOVE, COMBINING HORN, COMBINING DOT BELOW +1E0C 031B 0307;1E0C 031B 0307;0044 031B 0323 0307;1E0C 031B 0307;0044 031B 0323 0307; # (Ḍ◌̛◌̇; Ḍ◌̛◌̇; D◌̛◌̣◌̇; Ḍ◌̛◌̇; D◌̛◌̣◌̇; ) LATIN CAPITAL LETTER D WITH DOT BELOW, COMBINING HORN, COMBINING DOT ABOVE +0044 031B 0307 0323;1E0C 031B 0307;0044 031B 0323 0307;1E0C 031B 0307;0044 031B 0323 0307; # (D◌̛◌̇◌̣; Ḍ◌̛◌̇; D◌̛◌̣◌̇; Ḍ◌̛◌̇; D◌̛◌̣◌̇; ) LATIN CAPITAL LETTER D, COMBINING HORN, COMBINING DOT ABOVE, COMBINING DOT BELOW +0044 031B 0323 0307;1E0C 031B 0307;0044 031B 0323 0307;1E0C 031B 0307;0044 031B 0323 0307; # (D◌̛◌̣◌̇; Ḍ◌̛◌̇; D◌̛◌̣◌̇; Ḍ◌̛◌̇; D◌̛◌̣◌̇; ) LATIN CAPITAL LETTER D, COMBINING HORN, COMBINING DOT BELOW, COMBINING DOT ABOVE +00C8;00C8;0045 0300;00C8;0045 0300; # (È; È; E◌̀; È; E◌̀; ) LATIN CAPITAL LETTER E WITH GRAVE +0112;0112;0045 0304;0112;0045 0304; # (Ä’; Ä’; E◌̄; Ä’; E◌̄; ) LATIN CAPITAL LETTER E WITH MACRON +0045 0300;00C8;0045 0300;00C8;0045 0300; # (E◌̀; È; E◌̀; È; E◌̀; ) LATIN CAPITAL LETTER E, COMBINING GRAVE ACCENT +0045 0304;0112;0045 0304;0112;0045 0304; # (E◌̄; Ä’; E◌̄; Ä’; E◌̄; ) LATIN CAPITAL LETTER E, COMBINING MACRON +1E14;1E14;0045 0304 0300;1E14;0045 0304 0300; # (Ḕ; Ḕ; E◌̄◌̀; Ḕ; E◌̄◌̀; ) LATIN CAPITAL LETTER E WITH MACRON AND GRAVE +0112 0300;1E14;0045 0304 0300;1E14;0045 0304 0300; # (Ē◌̀; Ḕ; E◌̄◌̀; Ḕ; E◌̄◌̀; ) LATIN CAPITAL LETTER E WITH MACRON, COMBINING GRAVE ACCENT +1E14 0304;1E14 0304;0045 0304 0300 0304;1E14 0304;0045 0304 0300 0304; # (Ḕ◌̄; Ḕ◌̄; E◌̄◌̀◌̄; Ḕ◌̄; E◌̄◌̀◌̄; ) LATIN CAPITAL LETTER E WITH MACRON AND GRAVE, COMBINING MACRON +0045 0304 0300;1E14;0045 0304 0300;1E14;0045 0304 0300; # (E◌̄◌̀; Ḕ; E◌̄◌̀; Ḕ; E◌̄◌̀; ) LATIN CAPITAL LETTER E, COMBINING MACRON, COMBINING GRAVE ACCENT +0045 0300 0304;00C8 0304;0045 0300 0304;00C8 0304;0045 0300 0304; # (E◌̀◌̄; È◌̄; E◌̀◌̄; È◌̄; E◌̀◌̄; ) LATIN CAPITAL LETTER E, COMBINING GRAVE ACCENT, COMBINING MACRON +05B8 05B9 05B1 0591 05C3 05B0 05AC 059F;05B1 05B8 05B9 0591 05C3 05B0 05AC 059F;05B1 05B8 05B9 0591 05C3 05B0 05AC 059F;05B1 05B8 05B9 0591 05C3 05B0 05AC 059F;05B1 05B8 05B9 0591 05C3 05B0 05AC 059F; # (◌ָ◌ֹ◌ֱ◌֑׃◌ְ◌֬◌֟; ◌ֱ◌ָ◌ֹ◌֑׃◌ְ◌֬◌֟; ◌ֱ◌ָ◌ֹ◌֑׃◌ְ◌֬◌֟; ◌ֱ◌ָ◌ֹ◌֑׃◌ְ◌֬◌֟; ◌ֱ◌ָ◌ֹ◌֑׃◌ְ◌֬◌֟; ) HEBREW POINT QAMATS, HEBREW POINT HOLAM, HEBREW POINT HATAF SEGOL, HEBREW ACCENT ETNAHTA, HEBREW PUNCTUATION SOF PASUQ, HEBREW POINT SHEVA, HEBREW ACCENT ILUY, HEBREW ACCENT QARNEY PARA +0592 05B7 05BC 05A5 05B0 05C0 05C4 05AD;05B0 05B7 05BC 05A5 0592 05C0 05AD 05C4;05B0 05B7 05BC 05A5 0592 05C0 05AD 05C4;05B0 05B7 05BC 05A5 0592 05C0 05AD 05C4;05B0 05B7 05BC 05A5 0592 05C0 05AD 05C4; # (◌֒◌ַ◌ּ◌֥◌ְ׀◌ׄ◌֭; ◌ְ◌ַ◌ּ◌֥◌֒׀◌֭◌ׄ; ◌ְ◌ַ◌ּ◌֥◌֒׀◌֭◌ׄ; ◌ְ◌ַ◌ּ◌֥◌֒׀◌֭◌ׄ; ◌ְ◌ַ◌ּ◌֥◌֒׀◌֭◌ׄ; ) HEBREW ACCENT SEGOL, HEBREW POINT PATAH, HEBREW POINT DAGESH OR MAPIQ, HEBREW ACCENT MERKHA, HEBREW POINT SHEVA, HEBREW PUNCTUATION PASEQ, HEBREW MARK UPPER DOT, HEBREW ACCENT DEHI +# +@Part1 # Character by character test +# All characters not explicitly occurring in c1 of Part 1 have identical NFC, D, KC, KD forms. +# +00A0;00A0;00A0;0020;0020; # ( ;  ;  ; ; ; ) NO-BREAK SPACE +00A8;00A8;00A8;0020 0308;0020 0308; # (¨; ¨; ¨; ◌̈; ◌̈; ) DIAERESIS +00AA;00AA;00AA;0061;0061; # (ª; ª; ª; a; a; ) FEMININE ORDINAL INDICATOR +00AF;00AF;00AF;0020 0304;0020 0304; # (¯; ¯; ¯; ◌̄; ◌̄; ) MACRON +00B2;00B2;00B2;0032;0032; # (²; ²; ²; 2; 2; ) SUPERSCRIPT TWO +00B3;00B3;00B3;0033;0033; # (³; ³; ³; 3; 3; ) SUPERSCRIPT THREE +00B4;00B4;00B4;0020 0301;0020 0301; # (´; ´; ´; â—ŒÌ; â—ŒÌ; ) ACUTE ACCENT +00B5;00B5;00B5;03BC;03BC; # (µ; µ; µ; μ; μ; ) MICRO SIGN +00B8;00B8;00B8;0020 0327;0020 0327; # (¸; ¸; ¸; ◌̧; ◌̧; ) CEDILLA +00B9;00B9;00B9;0031;0031; # (¹; ¹; ¹; 1; 1; ) SUPERSCRIPT ONE +00BA;00BA;00BA;006F;006F; # (º; º; º; o; o; ) MASCULINE ORDINAL INDICATOR +00BC;00BC;00BC;0031 2044 0034;0031 2044 0034; # (¼; ¼; ¼; 1â„4; 1â„4; ) VULGAR FRACTION ONE QUARTER +00BD;00BD;00BD;0031 2044 0032;0031 2044 0032; # (½; ½; ½; 1â„2; 1â„2; ) VULGAR FRACTION ONE HALF +00BE;00BE;00BE;0033 2044 0034;0033 2044 0034; # (¾; ¾; ¾; 3â„4; 3â„4; ) VULGAR FRACTION THREE QUARTERS +00C0;00C0;0041 0300;00C0;0041 0300; # (À; À; A◌̀; À; A◌̀; ) LATIN CAPITAL LETTER A WITH GRAVE +00C1;00C1;0041 0301;00C1;0041 0301; # (Ã; Ã; Aâ—ŒÌ; Ã; Aâ—ŒÌ; ) LATIN CAPITAL LETTER A WITH ACUTE +00C2;00C2;0041 0302;00C2;0041 0302; # (Â; Â; A◌̂; Â; A◌̂; ) LATIN CAPITAL LETTER A WITH CIRCUMFLEX +00C3;00C3;0041 0303;00C3;0041 0303; # (Ã; Ã; A◌̃; Ã; A◌̃; ) LATIN CAPITAL LETTER A WITH TILDE +00C4;00C4;0041 0308;00C4;0041 0308; # (Ä; Ä; A◌̈; Ä; A◌̈; ) LATIN CAPITAL LETTER A WITH DIAERESIS +00C5;00C5;0041 030A;00C5;0041 030A; # (Ã…; Ã…; A◌̊; Ã…; A◌̊; ) LATIN CAPITAL LETTER A WITH RING ABOVE +00C7;00C7;0043 0327;00C7;0043 0327; # (Ç; Ç; C◌̧; Ç; C◌̧; ) LATIN CAPITAL LETTER C WITH CEDILLA +00C8;00C8;0045 0300;00C8;0045 0300; # (È; È; E◌̀; È; E◌̀; ) LATIN CAPITAL LETTER E WITH GRAVE +00C9;00C9;0045 0301;00C9;0045 0301; # (É; É; Eâ—ŒÌ; É; Eâ—ŒÌ; ) LATIN CAPITAL LETTER E WITH ACUTE +00CA;00CA;0045 0302;00CA;0045 0302; # (Ê; Ê; E◌̂; Ê; E◌̂; ) LATIN CAPITAL LETTER E WITH CIRCUMFLEX +00CB;00CB;0045 0308;00CB;0045 0308; # (Ë; Ë; E◌̈; Ë; E◌̈; ) LATIN CAPITAL LETTER E WITH DIAERESIS +00CC;00CC;0049 0300;00CC;0049 0300; # (ÃŒ; ÃŒ; I◌̀; ÃŒ; I◌̀; ) LATIN CAPITAL LETTER I WITH GRAVE +00CD;00CD;0049 0301;00CD;0049 0301; # (Ã; Ã; Iâ—ŒÌ; Ã; Iâ—ŒÌ; ) LATIN CAPITAL LETTER I WITH ACUTE +00CE;00CE;0049 0302;00CE;0049 0302; # (ÃŽ; ÃŽ; I◌̂; ÃŽ; I◌̂; ) LATIN CAPITAL LETTER I WITH CIRCUMFLEX +00CF;00CF;0049 0308;00CF;0049 0308; # (Ã; Ã; I◌̈; Ã; I◌̈; ) LATIN CAPITAL LETTER I WITH DIAERESIS +00D1;00D1;004E 0303;00D1;004E 0303; # (Ñ; Ñ; N◌̃; Ñ; N◌̃; ) LATIN CAPITAL LETTER N WITH TILDE +00D2;00D2;004F 0300;00D2;004F 0300; # (Ã’; Ã’; O◌̀; Ã’; O◌̀; ) LATIN CAPITAL LETTER O WITH GRAVE +00D3;00D3;004F 0301;00D3;004F 0301; # (Ó; Ó; Oâ—ŒÌ; Ó; Oâ—ŒÌ; ) LATIN CAPITAL LETTER O WITH ACUTE +00D4;00D4;004F 0302;00D4;004F 0302; # (Ô; Ô; O◌̂; Ô; O◌̂; ) LATIN CAPITAL LETTER O WITH CIRCUMFLEX +00D5;00D5;004F 0303;00D5;004F 0303; # (Õ; Õ; O◌̃; Õ; O◌̃; ) LATIN CAPITAL LETTER O WITH TILDE +00D6;00D6;004F 0308;00D6;004F 0308; # (Ö; Ö; O◌̈; Ö; O◌̈; ) LATIN CAPITAL LETTER O WITH DIAERESIS +00D9;00D9;0055 0300;00D9;0055 0300; # (Ù; Ù; U◌̀; Ù; U◌̀; ) LATIN CAPITAL LETTER U WITH GRAVE +00DA;00DA;0055 0301;00DA;0055 0301; # (Ú; Ú; Uâ—ŒÌ; Ú; Uâ—ŒÌ; ) LATIN CAPITAL LETTER U WITH ACUTE +00DB;00DB;0055 0302;00DB;0055 0302; # (Û; Û; U◌̂; Û; U◌̂; ) LATIN CAPITAL LETTER U WITH CIRCUMFLEX +00DC;00DC;0055 0308;00DC;0055 0308; # (Ãœ; Ãœ; U◌̈; Ãœ; U◌̈; ) LATIN CAPITAL LETTER U WITH DIAERESIS +00DD;00DD;0059 0301;00DD;0059 0301; # (Ã; Ã; Yâ—ŒÌ; Ã; Yâ—ŒÌ; ) LATIN CAPITAL LETTER Y WITH ACUTE +00E0;00E0;0061 0300;00E0;0061 0300; # (à; à; a◌̀; à; a◌̀; ) LATIN SMALL LETTER A WITH GRAVE +00E1;00E1;0061 0301;00E1;0061 0301; # (á; á; aâ—ŒÌ; á; aâ—ŒÌ; ) LATIN SMALL LETTER A WITH ACUTE +00E2;00E2;0061 0302;00E2;0061 0302; # (â; â; a◌̂; â; a◌̂; ) LATIN SMALL LETTER A WITH CIRCUMFLEX +00E3;00E3;0061 0303;00E3;0061 0303; # (ã; ã; a◌̃; ã; a◌̃; ) LATIN SMALL LETTER A WITH TILDE +00E4;00E4;0061 0308;00E4;0061 0308; # (ä; ä; a◌̈; ä; a◌̈; ) LATIN SMALL LETTER A WITH DIAERESIS +00E5;00E5;0061 030A;00E5;0061 030A; # (Ã¥; Ã¥; a◌̊; Ã¥; a◌̊; ) LATIN SMALL LETTER A WITH RING ABOVE +00E7;00E7;0063 0327;00E7;0063 0327; # (ç; ç; c◌̧; ç; c◌̧; ) LATIN SMALL LETTER C WITH CEDILLA +00E8;00E8;0065 0300;00E8;0065 0300; # (è; è; e◌̀; è; e◌̀; ) LATIN SMALL LETTER E WITH GRAVE +00E9;00E9;0065 0301;00E9;0065 0301; # (é; é; eâ—ŒÌ; é; eâ—ŒÌ; ) LATIN SMALL LETTER E WITH ACUTE +00EA;00EA;0065 0302;00EA;0065 0302; # (ê; ê; e◌̂; ê; e◌̂; ) LATIN SMALL LETTER E WITH CIRCUMFLEX +00EB;00EB;0065 0308;00EB;0065 0308; # (ë; ë; e◌̈; ë; e◌̈; ) LATIN SMALL LETTER E WITH DIAERESIS +00EC;00EC;0069 0300;00EC;0069 0300; # (ì; ì; i◌̀; ì; i◌̀; ) LATIN SMALL LETTER I WITH GRAVE +00ED;00ED;0069 0301;00ED;0069 0301; # (í; í; iâ—ŒÌ; í; iâ—ŒÌ; ) LATIN SMALL LETTER I WITH ACUTE +00EE;00EE;0069 0302;00EE;0069 0302; # (î; î; i◌̂; î; i◌̂; ) LATIN SMALL LETTER I WITH CIRCUMFLEX +00EF;00EF;0069 0308;00EF;0069 0308; # (ï; ï; i◌̈; ï; i◌̈; ) LATIN SMALL LETTER I WITH DIAERESIS +00F1;00F1;006E 0303;00F1;006E 0303; # (ñ; ñ; n◌̃; ñ; n◌̃; ) LATIN SMALL LETTER N WITH TILDE +00F2;00F2;006F 0300;00F2;006F 0300; # (ò; ò; o◌̀; ò; o◌̀; ) LATIN SMALL LETTER O WITH GRAVE +00F3;00F3;006F 0301;00F3;006F 0301; # (ó; ó; oâ—ŒÌ; ó; oâ—ŒÌ; ) LATIN SMALL LETTER O WITH ACUTE +00F4;00F4;006F 0302;00F4;006F 0302; # (ô; ô; o◌̂; ô; o◌̂; ) LATIN SMALL LETTER O WITH CIRCUMFLEX +00F5;00F5;006F 0303;00F5;006F 0303; # (õ; õ; o◌̃; õ; o◌̃; ) LATIN SMALL LETTER O WITH TILDE +00F6;00F6;006F 0308;00F6;006F 0308; # (ö; ö; o◌̈; ö; o◌̈; ) LATIN SMALL LETTER O WITH DIAERESIS +00F9;00F9;0075 0300;00F9;0075 0300; # (ù; ù; u◌̀; ù; u◌̀; ) LATIN SMALL LETTER U WITH GRAVE +00FA;00FA;0075 0301;00FA;0075 0301; # (ú; ú; uâ—ŒÌ; ú; uâ—ŒÌ; ) LATIN SMALL LETTER U WITH ACUTE +00FB;00FB;0075 0302;00FB;0075 0302; # (û; û; u◌̂; û; u◌̂; ) LATIN SMALL LETTER U WITH CIRCUMFLEX +00FC;00FC;0075 0308;00FC;0075 0308; # (ü; ü; u◌̈; ü; u◌̈; ) LATIN SMALL LETTER U WITH DIAERESIS +00FD;00FD;0079 0301;00FD;0079 0301; # (ý; ý; yâ—ŒÌ; ý; yâ—ŒÌ; ) LATIN SMALL LETTER Y WITH ACUTE +00FF;00FF;0079 0308;00FF;0079 0308; # (ÿ; ÿ; y◌̈; ÿ; y◌̈; ) LATIN SMALL LETTER Y WITH DIAERESIS +0100;0100;0041 0304;0100;0041 0304; # (Ä€; Ä€; A◌̄; Ä€; A◌̄; ) LATIN CAPITAL LETTER A WITH MACRON +0101;0101;0061 0304;0101;0061 0304; # (Ä; Ä; a◌̄; Ä; a◌̄; ) LATIN SMALL LETTER A WITH MACRON +0102;0102;0041 0306;0102;0041 0306; # (Ä‚; Ä‚; A◌̆; Ä‚; A◌̆; ) LATIN CAPITAL LETTER A WITH BREVE +0103;0103;0061 0306;0103;0061 0306; # (ă; ă; a◌̆; ă; a◌̆; ) LATIN SMALL LETTER A WITH BREVE +0104;0104;0041 0328;0104;0041 0328; # (Ä„; Ä„; A◌̨; Ä„; A◌̨; ) LATIN CAPITAL LETTER A WITH OGONEK +0105;0105;0061 0328;0105;0061 0328; # (Ä…; Ä…; a◌̨; Ä…; a◌̨; ) LATIN SMALL LETTER A WITH OGONEK +0106;0106;0043 0301;0106;0043 0301; # (Ć; Ć; Câ—ŒÌ; Ć; Câ—ŒÌ; ) LATIN CAPITAL LETTER C WITH ACUTE +0107;0107;0063 0301;0107;0063 0301; # (ć; ć; câ—ŒÌ; ć; câ—ŒÌ; ) LATIN SMALL LETTER C WITH ACUTE +0108;0108;0043 0302;0108;0043 0302; # (Ĉ; Ĉ; C◌̂; Ĉ; C◌̂; ) LATIN CAPITAL LETTER C WITH CIRCUMFLEX +0109;0109;0063 0302;0109;0063 0302; # (ĉ; ĉ; c◌̂; ĉ; c◌̂; ) LATIN SMALL LETTER C WITH CIRCUMFLEX +010A;010A;0043 0307;010A;0043 0307; # (ÄŠ; ÄŠ; C◌̇; ÄŠ; C◌̇; ) LATIN CAPITAL LETTER C WITH DOT ABOVE +010B;010B;0063 0307;010B;0063 0307; # (Ä‹; Ä‹; c◌̇; Ä‹; c◌̇; ) LATIN SMALL LETTER C WITH DOT ABOVE +010C;010C;0043 030C;010C;0043 030C; # (ÄŒ; ÄŒ; C◌̌; ÄŒ; C◌̌; ) LATIN CAPITAL LETTER C WITH CARON +010D;010D;0063 030C;010D;0063 030C; # (Ä; Ä; c◌̌; Ä; c◌̌; ) LATIN SMALL LETTER C WITH CARON +010E;010E;0044 030C;010E;0044 030C; # (ÄŽ; ÄŽ; D◌̌; ÄŽ; D◌̌; ) LATIN CAPITAL LETTER D WITH CARON +010F;010F;0064 030C;010F;0064 030C; # (Ä; Ä; d◌̌; Ä; d◌̌; ) LATIN SMALL LETTER D WITH CARON +0112;0112;0045 0304;0112;0045 0304; # (Ä’; Ä’; E◌̄; Ä’; E◌̄; ) LATIN CAPITAL LETTER E WITH MACRON +0113;0113;0065 0304;0113;0065 0304; # (Ä“; Ä“; e◌̄; Ä“; e◌̄; ) LATIN SMALL LETTER E WITH MACRON +0114;0114;0045 0306;0114;0045 0306; # (Ä”; Ä”; E◌̆; Ä”; E◌̆; ) LATIN CAPITAL LETTER E WITH BREVE +0115;0115;0065 0306;0115;0065 0306; # (Ä•; Ä•; e◌̆; Ä•; e◌̆; ) LATIN SMALL LETTER E WITH BREVE +0116;0116;0045 0307;0116;0045 0307; # (Ä–; Ä–; E◌̇; Ä–; E◌̇; ) LATIN CAPITAL LETTER E WITH DOT ABOVE +0117;0117;0065 0307;0117;0065 0307; # (Ä—; Ä—; e◌̇; Ä—; e◌̇; ) LATIN SMALL LETTER E WITH DOT ABOVE +0118;0118;0045 0328;0118;0045 0328; # (Ę; Ę; E◌̨; Ę; E◌̨; ) LATIN CAPITAL LETTER E WITH OGONEK +0119;0119;0065 0328;0119;0065 0328; # (Ä™; Ä™; e◌̨; Ä™; e◌̨; ) LATIN SMALL LETTER E WITH OGONEK +011A;011A;0045 030C;011A;0045 030C; # (Äš; Äš; E◌̌; Äš; E◌̌; ) LATIN CAPITAL LETTER E WITH CARON +011B;011B;0065 030C;011B;0065 030C; # (Ä›; Ä›; e◌̌; Ä›; e◌̌; ) LATIN SMALL LETTER E WITH CARON +011C;011C;0047 0302;011C;0047 0302; # (Äœ; Äœ; G◌̂; Äœ; G◌̂; ) LATIN CAPITAL LETTER G WITH CIRCUMFLEX +011D;011D;0067 0302;011D;0067 0302; # (Ä; Ä; g◌̂; Ä; g◌̂; ) LATIN SMALL LETTER G WITH CIRCUMFLEX +011E;011E;0047 0306;011E;0047 0306; # (Äž; Äž; G◌̆; Äž; G◌̆; ) LATIN CAPITAL LETTER G WITH BREVE +011F;011F;0067 0306;011F;0067 0306; # (ÄŸ; ÄŸ; g◌̆; ÄŸ; g◌̆; ) LATIN SMALL LETTER G WITH BREVE +0120;0120;0047 0307;0120;0047 0307; # (Ä ; Ä ; G◌̇; Ä ; G◌̇; ) LATIN CAPITAL LETTER G WITH DOT ABOVE +0121;0121;0067 0307;0121;0067 0307; # (Ä¡; Ä¡; g◌̇; Ä¡; g◌̇; ) LATIN SMALL LETTER G WITH DOT ABOVE +0122;0122;0047 0327;0122;0047 0327; # (Ä¢; Ä¢; G◌̧; Ä¢; G◌̧; ) LATIN CAPITAL LETTER G WITH CEDILLA +0123;0123;0067 0327;0123;0067 0327; # (Ä£; Ä£; g◌̧; Ä£; g◌̧; ) LATIN SMALL LETTER G WITH CEDILLA +0124;0124;0048 0302;0124;0048 0302; # (Ĥ; Ĥ; H◌̂; Ĥ; H◌̂; ) LATIN CAPITAL LETTER H WITH CIRCUMFLEX +0125;0125;0068 0302;0125;0068 0302; # (Ä¥; Ä¥; h◌̂; Ä¥; h◌̂; ) LATIN SMALL LETTER H WITH CIRCUMFLEX +0128;0128;0049 0303;0128;0049 0303; # (Ĩ; Ĩ; I◌̃; Ĩ; I◌̃; ) LATIN CAPITAL LETTER I WITH TILDE +0129;0129;0069 0303;0129;0069 0303; # (Ä©; Ä©; i◌̃; Ä©; i◌̃; ) LATIN SMALL LETTER I WITH TILDE +012A;012A;0049 0304;012A;0049 0304; # (Ī; Ī; I◌̄; Ī; I◌̄; ) LATIN CAPITAL LETTER I WITH MACRON +012B;012B;0069 0304;012B;0069 0304; # (Ä«; Ä«; i◌̄; Ä«; i◌̄; ) LATIN SMALL LETTER I WITH MACRON +012C;012C;0049 0306;012C;0049 0306; # (Ĭ; Ĭ; I◌̆; Ĭ; I◌̆; ) LATIN CAPITAL LETTER I WITH BREVE +012D;012D;0069 0306;012D;0069 0306; # (Ä­; Ä­; i◌̆; Ä­; i◌̆; ) LATIN SMALL LETTER I WITH BREVE +012E;012E;0049 0328;012E;0049 0328; # (Ä®; Ä®; I◌̨; Ä®; I◌̨; ) LATIN CAPITAL LETTER I WITH OGONEK +012F;012F;0069 0328;012F;0069 0328; # (į; į; i◌̨; į; i◌̨; ) LATIN SMALL LETTER I WITH OGONEK +0130;0130;0049 0307;0130;0049 0307; # (Ä°; Ä°; I◌̇; Ä°; I◌̇; ) LATIN CAPITAL LETTER I WITH DOT ABOVE +0132;0132;0132;0049 004A;0049 004A; # (IJ; IJ; IJ; IJ; IJ; ) LATIN CAPITAL LIGATURE IJ +0133;0133;0133;0069 006A;0069 006A; # (ij; ij; ij; ij; ij; ) LATIN SMALL LIGATURE IJ +0134;0134;004A 0302;0134;004A 0302; # (Ä´; Ä´; J◌̂; Ä´; J◌̂; ) LATIN CAPITAL LETTER J WITH CIRCUMFLEX +0135;0135;006A 0302;0135;006A 0302; # (ĵ; ĵ; j◌̂; ĵ; j◌̂; ) LATIN SMALL LETTER J WITH CIRCUMFLEX +0136;0136;004B 0327;0136;004B 0327; # (Ķ; Ķ; K◌̧; Ķ; K◌̧; ) LATIN CAPITAL LETTER K WITH CEDILLA +0137;0137;006B 0327;0137;006B 0327; # (Ä·; Ä·; k◌̧; Ä·; k◌̧; ) LATIN SMALL LETTER K WITH CEDILLA +0139;0139;004C 0301;0139;004C 0301; # (Ĺ; Ĺ; Lâ—ŒÌ; Ĺ; Lâ—ŒÌ; ) LATIN CAPITAL LETTER L WITH ACUTE +013A;013A;006C 0301;013A;006C 0301; # (ĺ; ĺ; lâ—ŒÌ; ĺ; lâ—ŒÌ; ) LATIN SMALL LETTER L WITH ACUTE +013B;013B;004C 0327;013B;004C 0327; # (Ä»; Ä»; L◌̧; Ä»; L◌̧; ) LATIN CAPITAL LETTER L WITH CEDILLA +013C;013C;006C 0327;013C;006C 0327; # (ļ; ļ; l◌̧; ļ; l◌̧; ) LATIN SMALL LETTER L WITH CEDILLA +013D;013D;004C 030C;013D;004C 030C; # (Ľ; Ľ; L◌̌; Ľ; L◌̌; ) LATIN CAPITAL LETTER L WITH CARON +013E;013E;006C 030C;013E;006C 030C; # (ľ; ľ; l◌̌; ľ; l◌̌; ) LATIN SMALL LETTER L WITH CARON +013F;013F;013F;004C 00B7;004C 00B7; # (Ä¿; Ä¿; Ä¿; L·; L·; ) LATIN CAPITAL LETTER L WITH MIDDLE DOT +0140;0140;0140;006C 00B7;006C 00B7; # (Å€; Å€; Å€; l·; l·; ) LATIN SMALL LETTER L WITH MIDDLE DOT +0143;0143;004E 0301;0143;004E 0301; # (Ń; Ń; Nâ—ŒÌ; Ń; Nâ—ŒÌ; ) LATIN CAPITAL LETTER N WITH ACUTE +0144;0144;006E 0301;0144;006E 0301; # (Å„; Å„; nâ—ŒÌ; Å„; nâ—ŒÌ; ) LATIN SMALL LETTER N WITH ACUTE +0145;0145;004E 0327;0145;004E 0327; # (Å…; Å…; N◌̧; Å…; N◌̧; ) LATIN CAPITAL LETTER N WITH CEDILLA +0146;0146;006E 0327;0146;006E 0327; # (ņ; ņ; n◌̧; ņ; n◌̧; ) LATIN SMALL LETTER N WITH CEDILLA +0147;0147;004E 030C;0147;004E 030C; # (Ň; Ň; N◌̌; Ň; N◌̌; ) LATIN CAPITAL LETTER N WITH CARON +0148;0148;006E 030C;0148;006E 030C; # (ň; ň; n◌̌; ň; n◌̌; ) LATIN SMALL LETTER N WITH CARON +0149;0149;0149;02BC 006E;02BC 006E; # (ʼn; ʼn; ʼn; ʼn; ʼn; ) LATIN SMALL LETTER N PRECEDED BY APOSTROPHE +014C;014C;004F 0304;014C;004F 0304; # (ÅŒ; ÅŒ; O◌̄; ÅŒ; O◌̄; ) LATIN CAPITAL LETTER O WITH MACRON +014D;014D;006F 0304;014D;006F 0304; # (Å; Å; o◌̄; Å; o◌̄; ) LATIN SMALL LETTER O WITH MACRON +014E;014E;004F 0306;014E;004F 0306; # (ÅŽ; ÅŽ; O◌̆; ÅŽ; O◌̆; ) LATIN CAPITAL LETTER O WITH BREVE +014F;014F;006F 0306;014F;006F 0306; # (Å; Å; o◌̆; Å; o◌̆; ) LATIN SMALL LETTER O WITH BREVE +0150;0150;004F 030B;0150;004F 030B; # (Å; Å; O◌̋; Å; O◌̋; ) LATIN CAPITAL LETTER O WITH DOUBLE ACUTE +0151;0151;006F 030B;0151;006F 030B; # (Å‘; Å‘; o◌̋; Å‘; o◌̋; ) LATIN SMALL LETTER O WITH DOUBLE ACUTE +0154;0154;0052 0301;0154;0052 0301; # (Å”; Å”; Râ—ŒÌ; Å”; Râ—ŒÌ; ) LATIN CAPITAL LETTER R WITH ACUTE +0155;0155;0072 0301;0155;0072 0301; # (Å•; Å•; râ—ŒÌ; Å•; râ—ŒÌ; ) LATIN SMALL LETTER R WITH ACUTE +0156;0156;0052 0327;0156;0052 0327; # (Å–; Å–; R◌̧; Å–; R◌̧; ) LATIN CAPITAL LETTER R WITH CEDILLA +0157;0157;0072 0327;0157;0072 0327; # (Å—; Å—; r◌̧; Å—; r◌̧; ) LATIN SMALL LETTER R WITH CEDILLA +0158;0158;0052 030C;0158;0052 030C; # (Ř; Ř; R◌̌; Ř; R◌̌; ) LATIN CAPITAL LETTER R WITH CARON +0159;0159;0072 030C;0159;0072 030C; # (Å™; Å™; r◌̌; Å™; r◌̌; ) LATIN SMALL LETTER R WITH CARON +015A;015A;0053 0301;015A;0053 0301; # (Åš; Åš; Sâ—ŒÌ; Åš; Sâ—ŒÌ; ) LATIN CAPITAL LETTER S WITH ACUTE +015B;015B;0073 0301;015B;0073 0301; # (Å›; Å›; sâ—ŒÌ; Å›; sâ—ŒÌ; ) LATIN SMALL LETTER S WITH ACUTE +015C;015C;0053 0302;015C;0053 0302; # (Åœ; Åœ; S◌̂; Åœ; S◌̂; ) LATIN CAPITAL LETTER S WITH CIRCUMFLEX +015D;015D;0073 0302;015D;0073 0302; # (Å; Å; s◌̂; Å; s◌̂; ) LATIN SMALL LETTER S WITH CIRCUMFLEX +015E;015E;0053 0327;015E;0053 0327; # (Åž; Åž; S◌̧; Åž; S◌̧; ) LATIN CAPITAL LETTER S WITH CEDILLA +015F;015F;0073 0327;015F;0073 0327; # (ÅŸ; ÅŸ; s◌̧; ÅŸ; s◌̧; ) LATIN SMALL LETTER S WITH CEDILLA +0160;0160;0053 030C;0160;0053 030C; # (Å ; Å ; S◌̌; Å ; S◌̌; ) LATIN CAPITAL LETTER S WITH CARON +0161;0161;0073 030C;0161;0073 030C; # (Å¡; Å¡; s◌̌; Å¡; s◌̌; ) LATIN SMALL LETTER S WITH CARON +0162;0162;0054 0327;0162;0054 0327; # (Å¢; Å¢; T◌̧; Å¢; T◌̧; ) LATIN CAPITAL LETTER T WITH CEDILLA +0163;0163;0074 0327;0163;0074 0327; # (Å£; Å£; t◌̧; Å£; t◌̧; ) LATIN SMALL LETTER T WITH CEDILLA +0164;0164;0054 030C;0164;0054 030C; # (Ť; Ť; T◌̌; Ť; T◌̌; ) LATIN CAPITAL LETTER T WITH CARON +0165;0165;0074 030C;0165;0074 030C; # (Å¥; Å¥; t◌̌; Å¥; t◌̌; ) LATIN SMALL LETTER T WITH CARON +0168;0168;0055 0303;0168;0055 0303; # (Ũ; Ũ; U◌̃; Ũ; U◌̃; ) LATIN CAPITAL LETTER U WITH TILDE +0169;0169;0075 0303;0169;0075 0303; # (Å©; Å©; u◌̃; Å©; u◌̃; ) LATIN SMALL LETTER U WITH TILDE +016A;016A;0055 0304;016A;0055 0304; # (Ū; Ū; U◌̄; Ū; U◌̄; ) LATIN CAPITAL LETTER U WITH MACRON +016B;016B;0075 0304;016B;0075 0304; # (Å«; Å«; u◌̄; Å«; u◌̄; ) LATIN SMALL LETTER U WITH MACRON +016C;016C;0055 0306;016C;0055 0306; # (Ŭ; Ŭ; U◌̆; Ŭ; U◌̆; ) LATIN CAPITAL LETTER U WITH BREVE +016D;016D;0075 0306;016D;0075 0306; # (Å­; Å­; u◌̆; Å­; u◌̆; ) LATIN SMALL LETTER U WITH BREVE +016E;016E;0055 030A;016E;0055 030A; # (Å®; Å®; U◌̊; Å®; U◌̊; ) LATIN CAPITAL LETTER U WITH RING ABOVE +016F;016F;0075 030A;016F;0075 030A; # (ů; ů; u◌̊; ů; u◌̊; ) LATIN SMALL LETTER U WITH RING ABOVE +0170;0170;0055 030B;0170;0055 030B; # (Å°; Å°; U◌̋; Å°; U◌̋; ) LATIN CAPITAL LETTER U WITH DOUBLE ACUTE +0171;0171;0075 030B;0171;0075 030B; # (ű; ű; u◌̋; ű; u◌̋; ) LATIN SMALL LETTER U WITH DOUBLE ACUTE +0172;0172;0055 0328;0172;0055 0328; # (Ų; Ų; U◌̨; Ų; U◌̨; ) LATIN CAPITAL LETTER U WITH OGONEK +0173;0173;0075 0328;0173;0075 0328; # (ų; ų; u◌̨; ų; u◌̨; ) LATIN SMALL LETTER U WITH OGONEK +0174;0174;0057 0302;0174;0057 0302; # (Å´; Å´; W◌̂; Å´; W◌̂; ) LATIN CAPITAL LETTER W WITH CIRCUMFLEX +0175;0175;0077 0302;0175;0077 0302; # (ŵ; ŵ; w◌̂; ŵ; w◌̂; ) LATIN SMALL LETTER W WITH CIRCUMFLEX +0176;0176;0059 0302;0176;0059 0302; # (Ŷ; Ŷ; Y◌̂; Ŷ; Y◌̂; ) LATIN CAPITAL LETTER Y WITH CIRCUMFLEX +0177;0177;0079 0302;0177;0079 0302; # (Å·; Å·; y◌̂; Å·; y◌̂; ) LATIN SMALL LETTER Y WITH CIRCUMFLEX +0178;0178;0059 0308;0178;0059 0308; # (Ÿ; Ÿ; Y◌̈; Ÿ; Y◌̈; ) LATIN CAPITAL LETTER Y WITH DIAERESIS +0179;0179;005A 0301;0179;005A 0301; # (Ź; Ź; Zâ—ŒÌ; Ź; Zâ—ŒÌ; ) LATIN CAPITAL LETTER Z WITH ACUTE +017A;017A;007A 0301;017A;007A 0301; # (ź; ź; zâ—ŒÌ; ź; zâ—ŒÌ; ) LATIN SMALL LETTER Z WITH ACUTE +017B;017B;005A 0307;017B;005A 0307; # (Å»; Å»; Z◌̇; Å»; Z◌̇; ) LATIN CAPITAL LETTER Z WITH DOT ABOVE +017C;017C;007A 0307;017C;007A 0307; # (ż; ż; z◌̇; ż; z◌̇; ) LATIN SMALL LETTER Z WITH DOT ABOVE +017D;017D;005A 030C;017D;005A 030C; # (Ž; Ž; Z◌̌; Ž; Z◌̌; ) LATIN CAPITAL LETTER Z WITH CARON +017E;017E;007A 030C;017E;007A 030C; # (ž; ž; z◌̌; ž; z◌̌; ) LATIN SMALL LETTER Z WITH CARON +017F;017F;017F;0073;0073; # (Å¿; Å¿; Å¿; s; s; ) LATIN SMALL LETTER LONG S +01A0;01A0;004F 031B;01A0;004F 031B; # (Æ ; Æ ; O◌̛; Æ ; O◌̛; ) LATIN CAPITAL LETTER O WITH HORN +01A1;01A1;006F 031B;01A1;006F 031B; # (Æ¡; Æ¡; o◌̛; Æ¡; o◌̛; ) LATIN SMALL LETTER O WITH HORN +01AF;01AF;0055 031B;01AF;0055 031B; # (Ư; Ư; U◌̛; Ư; U◌̛; ) LATIN CAPITAL LETTER U WITH HORN +01B0;01B0;0075 031B;01B0;0075 031B; # (Æ°; Æ°; u◌̛; Æ°; u◌̛; ) LATIN SMALL LETTER U WITH HORN +01C4;01C4;01C4;0044 017D;0044 005A 030C; # (Ç„; Ç„; Ç„; DŽ; DZ◌̌; ) LATIN CAPITAL LETTER DZ WITH CARON +01C5;01C5;01C5;0044 017E;0044 007A 030C; # (Ç…; Ç…; Ç…; Dž; Dz◌̌; ) LATIN CAPITAL LETTER D WITH SMALL LETTER Z WITH CARON +01C6;01C6;01C6;0064 017E;0064 007A 030C; # (dž; dž; dž; dž; dz◌̌; ) LATIN SMALL LETTER DZ WITH CARON +01C7;01C7;01C7;004C 004A;004C 004A; # (LJ; LJ; LJ; LJ; LJ; ) LATIN CAPITAL LETTER LJ +01C8;01C8;01C8;004C 006A;004C 006A; # (Lj; Lj; Lj; Lj; Lj; ) LATIN CAPITAL LETTER L WITH SMALL LETTER J +01C9;01C9;01C9;006C 006A;006C 006A; # (lj; lj; lj; lj; lj; ) LATIN SMALL LETTER LJ +01CA;01CA;01CA;004E 004A;004E 004A; # (ÇŠ; ÇŠ; ÇŠ; NJ; NJ; ) LATIN CAPITAL LETTER NJ +01CB;01CB;01CB;004E 006A;004E 006A; # (Ç‹; Ç‹; Ç‹; Nj; Nj; ) LATIN CAPITAL LETTER N WITH SMALL LETTER J +01CC;01CC;01CC;006E 006A;006E 006A; # (ÇŒ; ÇŒ; ÇŒ; nj; nj; ) LATIN SMALL LETTER NJ +01CD;01CD;0041 030C;01CD;0041 030C; # (Ç; Ç; A◌̌; Ç; A◌̌; ) LATIN CAPITAL LETTER A WITH CARON +01CE;01CE;0061 030C;01CE;0061 030C; # (ÇŽ; ÇŽ; a◌̌; ÇŽ; a◌̌; ) LATIN SMALL LETTER A WITH CARON +01CF;01CF;0049 030C;01CF;0049 030C; # (Ç; Ç; I◌̌; Ç; I◌̌; ) LATIN CAPITAL LETTER I WITH CARON +01D0;01D0;0069 030C;01D0;0069 030C; # (Ç; Ç; i◌̌; Ç; i◌̌; ) LATIN SMALL LETTER I WITH CARON +01D1;01D1;004F 030C;01D1;004F 030C; # (Ç‘; Ç‘; O◌̌; Ç‘; O◌̌; ) LATIN CAPITAL LETTER O WITH CARON +01D2;01D2;006F 030C;01D2;006F 030C; # (Ç’; Ç’; o◌̌; Ç’; o◌̌; ) LATIN SMALL LETTER O WITH CARON +01D3;01D3;0055 030C;01D3;0055 030C; # (Ç“; Ç“; U◌̌; Ç“; U◌̌; ) LATIN CAPITAL LETTER U WITH CARON +01D4;01D4;0075 030C;01D4;0075 030C; # (Ç”; Ç”; u◌̌; Ç”; u◌̌; ) LATIN SMALL LETTER U WITH CARON +01D5;01D5;0055 0308 0304;01D5;0055 0308 0304; # (Ç•; Ç•; U◌̈◌̄; Ç•; U◌̈◌̄; ) LATIN CAPITAL LETTER U WITH DIAERESIS AND MACRON +01D6;01D6;0075 0308 0304;01D6;0075 0308 0304; # (Ç–; Ç–; u◌̈◌̄; Ç–; u◌̈◌̄; ) LATIN SMALL LETTER U WITH DIAERESIS AND MACRON +01D7;01D7;0055 0308 0301;01D7;0055 0308 0301; # (Ç—; Ç—; U◌̈◌Ì; Ç—; U◌̈◌Ì; ) LATIN CAPITAL LETTER U WITH DIAERESIS AND ACUTE +01D8;01D8;0075 0308 0301;01D8;0075 0308 0301; # (ǘ; ǘ; u◌̈◌Ì; ǘ; u◌̈◌Ì; ) LATIN SMALL LETTER U WITH DIAERESIS AND ACUTE +01D9;01D9;0055 0308 030C;01D9;0055 0308 030C; # (Ç™; Ç™; U◌̈◌̌; Ç™; U◌̈◌̌; ) LATIN CAPITAL LETTER U WITH DIAERESIS AND CARON +01DA;01DA;0075 0308 030C;01DA;0075 0308 030C; # (Çš; Çš; u◌̈◌̌; Çš; u◌̈◌̌; ) LATIN SMALL LETTER U WITH DIAERESIS AND CARON +01DB;01DB;0055 0308 0300;01DB;0055 0308 0300; # (Ç›; Ç›; U◌̈◌̀; Ç›; U◌̈◌̀; ) LATIN CAPITAL LETTER U WITH DIAERESIS AND GRAVE +01DC;01DC;0075 0308 0300;01DC;0075 0308 0300; # (Çœ; Çœ; u◌̈◌̀; Çœ; u◌̈◌̀; ) LATIN SMALL LETTER U WITH DIAERESIS AND GRAVE +01DE;01DE;0041 0308 0304;01DE;0041 0308 0304; # (Çž; Çž; A◌̈◌̄; Çž; A◌̈◌̄; ) LATIN CAPITAL LETTER A WITH DIAERESIS AND MACRON +01DF;01DF;0061 0308 0304;01DF;0061 0308 0304; # (ÇŸ; ÇŸ; a◌̈◌̄; ÇŸ; a◌̈◌̄; ) LATIN SMALL LETTER A WITH DIAERESIS AND MACRON +01E0;01E0;0041 0307 0304;01E0;0041 0307 0304; # (Ç ; Ç ; A◌̇◌̄; Ç ; A◌̇◌̄; ) LATIN CAPITAL LETTER A WITH DOT ABOVE AND MACRON +01E1;01E1;0061 0307 0304;01E1;0061 0307 0304; # (Ç¡; Ç¡; a◌̇◌̄; Ç¡; a◌̇◌̄; ) LATIN SMALL LETTER A WITH DOT ABOVE AND MACRON +01E2;01E2;00C6 0304;01E2;00C6 0304; # (Ç¢; Ç¢; Æ◌̄; Ç¢; Æ◌̄; ) LATIN CAPITAL LETTER AE WITH MACRON +01E3;01E3;00E6 0304;01E3;00E6 0304; # (Ç£; Ç£; æ◌̄; Ç£; æ◌̄; ) LATIN SMALL LETTER AE WITH MACRON +01E6;01E6;0047 030C;01E6;0047 030C; # (Ǧ; Ǧ; G◌̌; Ǧ; G◌̌; ) LATIN CAPITAL LETTER G WITH CARON +01E7;01E7;0067 030C;01E7;0067 030C; # (ǧ; ǧ; g◌̌; ǧ; g◌̌; ) LATIN SMALL LETTER G WITH CARON +01E8;01E8;004B 030C;01E8;004B 030C; # (Ǩ; Ǩ; K◌̌; Ǩ; K◌̌; ) LATIN CAPITAL LETTER K WITH CARON +01E9;01E9;006B 030C;01E9;006B 030C; # (Ç©; Ç©; k◌̌; Ç©; k◌̌; ) LATIN SMALL LETTER K WITH CARON +01EA;01EA;004F 0328;01EA;004F 0328; # (Ǫ; Ǫ; O◌̨; Ǫ; O◌̨; ) LATIN CAPITAL LETTER O WITH OGONEK +01EB;01EB;006F 0328;01EB;006F 0328; # (Ç«; Ç«; o◌̨; Ç«; o◌̨; ) LATIN SMALL LETTER O WITH OGONEK +01EC;01EC;004F 0328 0304;01EC;004F 0328 0304; # (Ǭ; Ǭ; O◌̨◌̄; Ǭ; O◌̨◌̄; ) LATIN CAPITAL LETTER O WITH OGONEK AND MACRON +01ED;01ED;006F 0328 0304;01ED;006F 0328 0304; # (Ç­; Ç­; o◌̨◌̄; Ç­; o◌̨◌̄; ) LATIN SMALL LETTER O WITH OGONEK AND MACRON +01EE;01EE;01B7 030C;01EE;01B7 030C; # (Ç®; Ç®; Ʒ◌̌; Ç®; Ʒ◌̌; ) LATIN CAPITAL LETTER EZH WITH CARON +01EF;01EF;0292 030C;01EF;0292 030C; # (ǯ; ǯ; ʒ◌̌; ǯ; ʒ◌̌; ) LATIN SMALL LETTER EZH WITH CARON +01F0;01F0;006A 030C;01F0;006A 030C; # (Ç°; Ç°; j◌̌; Ç°; j◌̌; ) LATIN SMALL LETTER J WITH CARON +01F1;01F1;01F1;0044 005A;0044 005A; # (DZ; DZ; DZ; DZ; DZ; ) LATIN CAPITAL LETTER DZ +01F2;01F2;01F2;0044 007A;0044 007A; # (Dz; Dz; Dz; Dz; Dz; ) LATIN CAPITAL LETTER D WITH SMALL LETTER Z +01F3;01F3;01F3;0064 007A;0064 007A; # (dz; dz; dz; dz; dz; ) LATIN SMALL LETTER DZ +01F4;01F4;0047 0301;01F4;0047 0301; # (Ç´; Ç´; Gâ—ŒÌ; Ç´; Gâ—ŒÌ; ) LATIN CAPITAL LETTER G WITH ACUTE +01F5;01F5;0067 0301;01F5;0067 0301; # (ǵ; ǵ; gâ—ŒÌ; ǵ; gâ—ŒÌ; ) LATIN SMALL LETTER G WITH ACUTE +01F8;01F8;004E 0300;01F8;004E 0300; # (Ǹ; Ǹ; N◌̀; Ǹ; N◌̀; ) LATIN CAPITAL LETTER N WITH GRAVE +01F9;01F9;006E 0300;01F9;006E 0300; # (ǹ; ǹ; n◌̀; ǹ; n◌̀; ) LATIN SMALL LETTER N WITH GRAVE +01FA;01FA;0041 030A 0301;01FA;0041 030A 0301; # (Ǻ; Ǻ; A◌̊◌Ì; Ǻ; A◌̊◌Ì; ) LATIN CAPITAL LETTER A WITH RING ABOVE AND ACUTE +01FB;01FB;0061 030A 0301;01FB;0061 030A 0301; # (Ç»; Ç»; a◌̊◌Ì; Ç»; a◌̊◌Ì; ) LATIN SMALL LETTER A WITH RING ABOVE AND ACUTE +01FC;01FC;00C6 0301;01FC;00C6 0301; # (Ǽ; Ǽ; Æ◌Ì; Ǽ; Æ◌Ì; ) LATIN CAPITAL LETTER AE WITH ACUTE +01FD;01FD;00E6 0301;01FD;00E6 0301; # (ǽ; ǽ; æ◌Ì; ǽ; æ◌Ì; ) LATIN SMALL LETTER AE WITH ACUTE +01FE;01FE;00D8 0301;01FE;00D8 0301; # (Ǿ; Ǿ; Ø◌Ì; Ǿ; Ø◌Ì; ) LATIN CAPITAL LETTER O WITH STROKE AND ACUTE +01FF;01FF;00F8 0301;01FF;00F8 0301; # (Ç¿; Ç¿; ø◌Ì; Ç¿; ø◌Ì; ) LATIN SMALL LETTER O WITH STROKE AND ACUTE +0200;0200;0041 030F;0200;0041 030F; # (È€; È€; Aâ—ŒÌ; È€; Aâ—ŒÌ; ) LATIN CAPITAL LETTER A WITH DOUBLE GRAVE +0201;0201;0061 030F;0201;0061 030F; # (È; È; aâ—ŒÌ; È; aâ—ŒÌ; ) LATIN SMALL LETTER A WITH DOUBLE GRAVE +0202;0202;0041 0311;0202;0041 0311; # (È‚; È‚; A◌̑; È‚; A◌̑; ) LATIN CAPITAL LETTER A WITH INVERTED BREVE +0203;0203;0061 0311;0203;0061 0311; # (ȃ; ȃ; a◌̑; ȃ; a◌̑; ) LATIN SMALL LETTER A WITH INVERTED BREVE +0204;0204;0045 030F;0204;0045 030F; # (È„; È„; Eâ—ŒÌ; È„; Eâ—ŒÌ; ) LATIN CAPITAL LETTER E WITH DOUBLE GRAVE +0205;0205;0065 030F;0205;0065 030F; # (È…; È…; eâ—ŒÌ; È…; eâ—ŒÌ; ) LATIN SMALL LETTER E WITH DOUBLE GRAVE +0206;0206;0045 0311;0206;0045 0311; # (Ȇ; Ȇ; E◌̑; Ȇ; E◌̑; ) LATIN CAPITAL LETTER E WITH INVERTED BREVE +0207;0207;0065 0311;0207;0065 0311; # (ȇ; ȇ; e◌̑; ȇ; e◌̑; ) LATIN SMALL LETTER E WITH INVERTED BREVE +0208;0208;0049 030F;0208;0049 030F; # (Ȉ; Ȉ; Iâ—ŒÌ; Ȉ; Iâ—ŒÌ; ) LATIN CAPITAL LETTER I WITH DOUBLE GRAVE +0209;0209;0069 030F;0209;0069 030F; # (ȉ; ȉ; iâ—ŒÌ; ȉ; iâ—ŒÌ; ) LATIN SMALL LETTER I WITH DOUBLE GRAVE +020A;020A;0049 0311;020A;0049 0311; # (ÈŠ; ÈŠ; I◌̑; ÈŠ; I◌̑; ) LATIN CAPITAL LETTER I WITH INVERTED BREVE +020B;020B;0069 0311;020B;0069 0311; # (È‹; È‹; i◌̑; È‹; i◌̑; ) LATIN SMALL LETTER I WITH INVERTED BREVE +020C;020C;004F 030F;020C;004F 030F; # (ÈŒ; ÈŒ; Oâ—ŒÌ; ÈŒ; Oâ—ŒÌ; ) LATIN CAPITAL LETTER O WITH DOUBLE GRAVE +020D;020D;006F 030F;020D;006F 030F; # (È; È; oâ—ŒÌ; È; oâ—ŒÌ; ) LATIN SMALL LETTER O WITH DOUBLE GRAVE +020E;020E;004F 0311;020E;004F 0311; # (ÈŽ; ÈŽ; O◌̑; ÈŽ; O◌̑; ) LATIN CAPITAL LETTER O WITH INVERTED BREVE +020F;020F;006F 0311;020F;006F 0311; # (È; È; o◌̑; È; o◌̑; ) LATIN SMALL LETTER O WITH INVERTED BREVE +0210;0210;0052 030F;0210;0052 030F; # (È; È; Râ—ŒÌ; È; Râ—ŒÌ; ) LATIN CAPITAL LETTER R WITH DOUBLE GRAVE +0211;0211;0072 030F;0211;0072 030F; # (È‘; È‘; râ—ŒÌ; È‘; râ—ŒÌ; ) LATIN SMALL LETTER R WITH DOUBLE GRAVE +0212;0212;0052 0311;0212;0052 0311; # (È’; È’; R◌̑; È’; R◌̑; ) LATIN CAPITAL LETTER R WITH INVERTED BREVE +0213;0213;0072 0311;0213;0072 0311; # (È“; È“; r◌̑; È“; r◌̑; ) LATIN SMALL LETTER R WITH INVERTED BREVE +0214;0214;0055 030F;0214;0055 030F; # (È”; È”; Uâ—ŒÌ; È”; Uâ—ŒÌ; ) LATIN CAPITAL LETTER U WITH DOUBLE GRAVE +0215;0215;0075 030F;0215;0075 030F; # (È•; È•; uâ—ŒÌ; È•; uâ—ŒÌ; ) LATIN SMALL LETTER U WITH DOUBLE GRAVE +0216;0216;0055 0311;0216;0055 0311; # (È–; È–; U◌̑; È–; U◌̑; ) LATIN CAPITAL LETTER U WITH INVERTED BREVE +0217;0217;0075 0311;0217;0075 0311; # (È—; È—; u◌̑; È—; u◌̑; ) LATIN SMALL LETTER U WITH INVERTED BREVE +0218;0218;0053 0326;0218;0053 0326; # (Ș; Ș; S◌̦; Ș; S◌̦; ) LATIN CAPITAL LETTER S WITH COMMA BELOW +0219;0219;0073 0326;0219;0073 0326; # (È™; È™; s◌̦; È™; s◌̦; ) LATIN SMALL LETTER S WITH COMMA BELOW +021A;021A;0054 0326;021A;0054 0326; # (Èš; Èš; T◌̦; Èš; T◌̦; ) LATIN CAPITAL LETTER T WITH COMMA BELOW +021B;021B;0074 0326;021B;0074 0326; # (È›; È›; t◌̦; È›; t◌̦; ) LATIN SMALL LETTER T WITH COMMA BELOW +021E;021E;0048 030C;021E;0048 030C; # (Èž; Èž; H◌̌; Èž; H◌̌; ) LATIN CAPITAL LETTER H WITH CARON +021F;021F;0068 030C;021F;0068 030C; # (ÈŸ; ÈŸ; h◌̌; ÈŸ; h◌̌; ) LATIN SMALL LETTER H WITH CARON +0226;0226;0041 0307;0226;0041 0307; # (Ȧ; Ȧ; A◌̇; Ȧ; A◌̇; ) LATIN CAPITAL LETTER A WITH DOT ABOVE +0227;0227;0061 0307;0227;0061 0307; # (ȧ; ȧ; a◌̇; ȧ; a◌̇; ) LATIN SMALL LETTER A WITH DOT ABOVE +0228;0228;0045 0327;0228;0045 0327; # (Ȩ; Ȩ; E◌̧; Ȩ; E◌̧; ) LATIN CAPITAL LETTER E WITH CEDILLA +0229;0229;0065 0327;0229;0065 0327; # (È©; È©; e◌̧; È©; e◌̧; ) LATIN SMALL LETTER E WITH CEDILLA +022A;022A;004F 0308 0304;022A;004F 0308 0304; # (Ȫ; Ȫ; O◌̈◌̄; Ȫ; O◌̈◌̄; ) LATIN CAPITAL LETTER O WITH DIAERESIS AND MACRON +022B;022B;006F 0308 0304;022B;006F 0308 0304; # (È«; È«; o◌̈◌̄; È«; o◌̈◌̄; ) LATIN SMALL LETTER O WITH DIAERESIS AND MACRON +022C;022C;004F 0303 0304;022C;004F 0303 0304; # (Ȭ; Ȭ; O◌̃◌̄; Ȭ; O◌̃◌̄; ) LATIN CAPITAL LETTER O WITH TILDE AND MACRON +022D;022D;006F 0303 0304;022D;006F 0303 0304; # (È­; È­; o◌̃◌̄; È­; o◌̃◌̄; ) LATIN SMALL LETTER O WITH TILDE AND MACRON +022E;022E;004F 0307;022E;004F 0307; # (È®; È®; O◌̇; È®; O◌̇; ) LATIN CAPITAL LETTER O WITH DOT ABOVE +022F;022F;006F 0307;022F;006F 0307; # (ȯ; ȯ; o◌̇; ȯ; o◌̇; ) LATIN SMALL LETTER O WITH DOT ABOVE +0230;0230;004F 0307 0304;0230;004F 0307 0304; # (È°; È°; O◌̇◌̄; È°; O◌̇◌̄; ) LATIN CAPITAL LETTER O WITH DOT ABOVE AND MACRON +0231;0231;006F 0307 0304;0231;006F 0307 0304; # (ȱ; ȱ; o◌̇◌̄; ȱ; o◌̇◌̄; ) LATIN SMALL LETTER O WITH DOT ABOVE AND MACRON +0232;0232;0059 0304;0232;0059 0304; # (Ȳ; Ȳ; Y◌̄; Ȳ; Y◌̄; ) LATIN CAPITAL LETTER Y WITH MACRON +0233;0233;0079 0304;0233;0079 0304; # (ȳ; ȳ; y◌̄; ȳ; y◌̄; ) LATIN SMALL LETTER Y WITH MACRON +02B0;02B0;02B0;0068;0068; # (Ê°; Ê°; Ê°; h; h; ) MODIFIER LETTER SMALL H +02B1;02B1;02B1;0266;0266; # (ʱ; ʱ; ʱ; ɦ; ɦ; ) MODIFIER LETTER SMALL H WITH HOOK +02B2;02B2;02B2;006A;006A; # (ʲ; ʲ; ʲ; j; j; ) MODIFIER LETTER SMALL J +02B3;02B3;02B3;0072;0072; # (ʳ; ʳ; ʳ; r; r; ) MODIFIER LETTER SMALL R +02B4;02B4;02B4;0279;0279; # (Ê´; Ê´; Ê´; ɹ; ɹ; ) MODIFIER LETTER SMALL TURNED R +02B5;02B5;02B5;027B;027B; # (ʵ; ʵ; ʵ; É»; É»; ) MODIFIER LETTER SMALL TURNED R WITH HOOK +02B6;02B6;02B6;0281;0281; # (ʶ; ʶ; ʶ; Ê; Ê; ) MODIFIER LETTER SMALL CAPITAL INVERTED R +02B7;02B7;02B7;0077;0077; # (Ê·; Ê·; Ê·; w; w; ) MODIFIER LETTER SMALL W +02B8;02B8;02B8;0079;0079; # (ʸ; ʸ; ʸ; y; y; ) MODIFIER LETTER SMALL Y +02D8;02D8;02D8;0020 0306;0020 0306; # (˘; ˘; ˘; ◌̆; ◌̆; ) BREVE +02D9;02D9;02D9;0020 0307;0020 0307; # (Ë™; Ë™; Ë™; ◌̇; ◌̇; ) DOT ABOVE +02DA;02DA;02DA;0020 030A;0020 030A; # (Ëš; Ëš; Ëš; ◌̊; ◌̊; ) RING ABOVE +02DB;02DB;02DB;0020 0328;0020 0328; # (Ë›; Ë›; Ë›; ◌̨; ◌̨; ) OGONEK +02DC;02DC;02DC;0020 0303;0020 0303; # (Ëœ; Ëœ; Ëœ; ◌̃; ◌̃; ) SMALL TILDE +02DD;02DD;02DD;0020 030B;0020 030B; # (Ë; Ë; Ë; ◌̋; ◌̋; ) DOUBLE ACUTE ACCENT +02E0;02E0;02E0;0263;0263; # (Ë ; Ë ; Ë ; É£; É£; ) MODIFIER LETTER SMALL GAMMA +02E1;02E1;02E1;006C;006C; # (Ë¡; Ë¡; Ë¡; l; l; ) MODIFIER LETTER SMALL L +02E2;02E2;02E2;0073;0073; # (Ë¢; Ë¢; Ë¢; s; s; ) MODIFIER LETTER SMALL S +02E3;02E3;02E3;0078;0078; # (Ë£; Ë£; Ë£; x; x; ) MODIFIER LETTER SMALL X +02E4;02E4;02E4;0295;0295; # (ˤ; ˤ; ˤ; Ê•; Ê•; ) MODIFIER LETTER SMALL REVERSED GLOTTAL STOP +0340;0300;0300;0300;0300; # (◌̀; ◌̀; ◌̀; ◌̀; ◌̀; ) COMBINING GRAVE TONE MARK +0341;0301;0301;0301;0301; # (â—ŒÍ; â—ŒÌ; â—ŒÌ; â—ŒÌ; â—ŒÌ; ) COMBINING ACUTE TONE MARK +0343;0313;0313;0313;0313; # (◌̓; ◌̓; ◌̓; ◌̓; ◌̓; ) COMBINING GREEK KORONIS +0344;0308 0301;0308 0301;0308 0301;0308 0301; # (◌̈́; ◌̈◌Ì; ◌̈◌Ì; ◌̈◌Ì; ◌̈◌Ì; ) COMBINING GREEK DIALYTIKA TONOS +0374;02B9;02B9;02B9;02B9; # (Í´; ʹ; ʹ; ʹ; ʹ; ) GREEK NUMERAL SIGN +037A;037A;037A;0020 0345;0020 0345; # (ͺ; ͺ; ͺ; ◌ͅ; ◌ͅ; ) GREEK YPOGEGRAMMENI +037E;003B;003B;003B;003B; # (;; ;; ;; ;; ;; ) GREEK QUESTION MARK +0384;0384;0384;0020 0301;0020 0301; # (΄; ΄; ΄; â—ŒÌ; â—ŒÌ; ) GREEK TONOS +0385;0385;00A8 0301;0020 0308 0301;0020 0308 0301; # (Î…; Î…; ¨◌Ì; ◌̈◌Ì; ◌̈◌Ì; ) GREEK DIALYTIKA TONOS +0386;0386;0391 0301;0386;0391 0301; # (Ά; Ά; Α◌Ì; Ά; Α◌Ì; ) GREEK CAPITAL LETTER ALPHA WITH TONOS +0387;00B7;00B7;00B7;00B7; # (·; ·; ·; ·; ·; ) GREEK ANO TELEIA +0388;0388;0395 0301;0388;0395 0301; # (Έ; Έ; Ε◌Ì; Έ; Ε◌Ì; ) GREEK CAPITAL LETTER EPSILON WITH TONOS +0389;0389;0397 0301;0389;0397 0301; # (Ή; Ή; Η◌Ì; Ή; Η◌Ì; ) GREEK CAPITAL LETTER ETA WITH TONOS +038A;038A;0399 0301;038A;0399 0301; # (Ί; Ί; Ι◌Ì; Ί; Ι◌Ì; ) GREEK CAPITAL LETTER IOTA WITH TONOS +038C;038C;039F 0301;038C;039F 0301; # (ÎŒ; ÎŒ; Ο◌Ì; ÎŒ; Ο◌Ì; ) GREEK CAPITAL LETTER OMICRON WITH TONOS +038E;038E;03A5 0301;038E;03A5 0301; # (ÎŽ; ÎŽ; Υ◌Ì; ÎŽ; Υ◌Ì; ) GREEK CAPITAL LETTER UPSILON WITH TONOS +038F;038F;03A9 0301;038F;03A9 0301; # (Î; Î; Ω◌Ì; Î; Ω◌Ì; ) GREEK CAPITAL LETTER OMEGA WITH TONOS +0390;0390;03B9 0308 0301;0390;03B9 0308 0301; # (Î; Î; ι◌̈◌Ì; Î; ι◌̈◌Ì; ) GREEK SMALL LETTER IOTA WITH DIALYTIKA AND TONOS +03AA;03AA;0399 0308;03AA;0399 0308; # (Ϊ; Ϊ; Ι◌̈; Ϊ; Ι◌̈; ) GREEK CAPITAL LETTER IOTA WITH DIALYTIKA +03AB;03AB;03A5 0308;03AB;03A5 0308; # (Ϋ; Ϋ; Υ◌̈; Ϋ; Υ◌̈; ) GREEK CAPITAL LETTER UPSILON WITH DIALYTIKA +03AC;03AC;03B1 0301;03AC;03B1 0301; # (ά; ά; α◌Ì; ά; α◌Ì; ) GREEK SMALL LETTER ALPHA WITH TONOS +03AD;03AD;03B5 0301;03AD;03B5 0301; # (έ; έ; ε◌Ì; έ; ε◌Ì; ) GREEK SMALL LETTER EPSILON WITH TONOS +03AE;03AE;03B7 0301;03AE;03B7 0301; # (ή; ή; η◌Ì; ή; η◌Ì; ) GREEK SMALL LETTER ETA WITH TONOS +03AF;03AF;03B9 0301;03AF;03B9 0301; # (ί; ί; ι◌Ì; ί; ι◌Ì; ) GREEK SMALL LETTER IOTA WITH TONOS +03B0;03B0;03C5 0308 0301;03B0;03C5 0308 0301; # (ΰ; ΰ; υ◌̈◌Ì; ΰ; υ◌̈◌Ì; ) GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND TONOS +03CA;03CA;03B9 0308;03CA;03B9 0308; # (ÏŠ; ÏŠ; ι◌̈; ÏŠ; ι◌̈; ) GREEK SMALL LETTER IOTA WITH DIALYTIKA +03CB;03CB;03C5 0308;03CB;03C5 0308; # (Ï‹; Ï‹; υ◌̈; Ï‹; υ◌̈; ) GREEK SMALL LETTER UPSILON WITH DIALYTIKA +03CC;03CC;03BF 0301;03CC;03BF 0301; # (ÏŒ; ÏŒ; ο◌Ì; ÏŒ; ο◌Ì; ) GREEK SMALL LETTER OMICRON WITH TONOS +03CD;03CD;03C5 0301;03CD;03C5 0301; # (Ï; Ï; Ï…â—ŒÌ; Ï; Ï…â—ŒÌ; ) GREEK SMALL LETTER UPSILON WITH TONOS +03CE;03CE;03C9 0301;03CE;03C9 0301; # (ÏŽ; ÏŽ; ω◌Ì; ÏŽ; ω◌Ì; ) GREEK SMALL LETTER OMEGA WITH TONOS +03D0;03D0;03D0;03B2;03B2; # (Ï; Ï; Ï; β; β; ) GREEK BETA SYMBOL +03D1;03D1;03D1;03B8;03B8; # (Ï‘; Ï‘; Ï‘; θ; θ; ) GREEK THETA SYMBOL +03D2;03D2;03D2;03A5;03A5; # (Ï’; Ï’; Ï’; Î¥; Î¥; ) GREEK UPSILON WITH HOOK SYMBOL +03D3;03D3;03D2 0301;038E;03A5 0301; # (Ï“; Ï“; Ï’â—ŒÌ; ÎŽ; Υ◌Ì; ) GREEK UPSILON WITH ACUTE AND HOOK SYMBOL +03D4;03D4;03D2 0308;03AB;03A5 0308; # (Ï”; Ï”; ϒ◌̈; Ϋ; Υ◌̈; ) GREEK UPSILON WITH DIAERESIS AND HOOK SYMBOL +03D5;03D5;03D5;03C6;03C6; # (Ï•; Ï•; Ï•; φ; φ; ) GREEK PHI SYMBOL +03D6;03D6;03D6;03C0;03C0; # (Ï–; Ï–; Ï–; Ï€; Ï€; ) GREEK PI SYMBOL +03F0;03F0;03F0;03BA;03BA; # (Ï°; Ï°; Ï°; κ; κ; ) GREEK KAPPA SYMBOL +03F1;03F1;03F1;03C1;03C1; # (ϱ; ϱ; ϱ; Ï; Ï; ) GREEK RHO SYMBOL +03F2;03F2;03F2;03C2;03C2; # (ϲ; ϲ; ϲ; Ï‚; Ï‚; ) GREEK LUNATE SIGMA SYMBOL +03F4;03F4;03F4;0398;0398; # (Ï´; Ï´; Ï´; Θ; Θ; ) GREEK CAPITAL THETA SYMBOL +03F5;03F5;03F5;03B5;03B5; # (ϵ; ϵ; ϵ; ε; ε; ) GREEK LUNATE EPSILON SYMBOL +03F9;03F9;03F9;03A3;03A3; # (Ϲ; Ϲ; Ϲ; Σ; Σ; ) GREEK CAPITAL LUNATE SIGMA SYMBOL +0400;0400;0415 0300;0400;0415 0300; # (Ѐ; Ѐ; Е◌̀; Ѐ; Е◌̀; ) CYRILLIC CAPITAL LETTER IE WITH GRAVE +0401;0401;0415 0308;0401;0415 0308; # (Ð; Ð; Е◌̈; Ð; Е◌̈; ) CYRILLIC CAPITAL LETTER IO +0403;0403;0413 0301;0403;0413 0301; # (Ѓ; Ѓ; Г◌Ì; Ѓ; Г◌Ì; ) CYRILLIC CAPITAL LETTER GJE +0407;0407;0406 0308;0407;0406 0308; # (Ї; Ї; І◌̈; Ї; І◌̈; ) CYRILLIC CAPITAL LETTER YI +040C;040C;041A 0301;040C;041A 0301; # (ÐŒ; ÐŒ; К◌Ì; ÐŒ; К◌Ì; ) CYRILLIC CAPITAL LETTER KJE +040D;040D;0418 0300;040D;0418 0300; # (Ð; Ð; И◌̀; Ð; И◌̀; ) CYRILLIC CAPITAL LETTER I WITH GRAVE +040E;040E;0423 0306;040E;0423 0306; # (ÐŽ; ÐŽ; У◌̆; ÐŽ; У◌̆; ) CYRILLIC CAPITAL LETTER SHORT U +0419;0419;0418 0306;0419;0418 0306; # (Й; Й; И◌̆; Й; И◌̆; ) CYRILLIC CAPITAL LETTER SHORT I +0439;0439;0438 0306;0439;0438 0306; # (й; й; и◌̆; й; и◌̆; ) CYRILLIC SMALL LETTER SHORT I +0450;0450;0435 0300;0450;0435 0300; # (Ñ; Ñ; е◌̀; Ñ; е◌̀; ) CYRILLIC SMALL LETTER IE WITH GRAVE +0451;0451;0435 0308;0451;0435 0308; # (Ñ‘; Ñ‘; е◌̈; Ñ‘; е◌̈; ) CYRILLIC SMALL LETTER IO +0453;0453;0433 0301;0453;0433 0301; # (Ñ“; Ñ“; г◌Ì; Ñ“; г◌Ì; ) CYRILLIC SMALL LETTER GJE +0457;0457;0456 0308;0457;0456 0308; # (Ñ—; Ñ—; і◌̈; Ñ—; і◌̈; ) CYRILLIC SMALL LETTER YI +045C;045C;043A 0301;045C;043A 0301; # (Ñœ; Ñœ; к◌Ì; Ñœ; к◌Ì; ) CYRILLIC SMALL LETTER KJE +045D;045D;0438 0300;045D;0438 0300; # (Ñ; Ñ; и◌̀; Ñ; и◌̀; ) CYRILLIC SMALL LETTER I WITH GRAVE +045E;045E;0443 0306;045E;0443 0306; # (Ñž; Ñž; у◌̆; Ñž; у◌̆; ) CYRILLIC SMALL LETTER SHORT U +0476;0476;0474 030F;0476;0474 030F; # (Ѷ; Ѷ; Ñ´â—ŒÌ; Ѷ; Ñ´â—ŒÌ; ) CYRILLIC CAPITAL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT +0477;0477;0475 030F;0477;0475 030F; # (Ñ·; Ñ·; ѵ◌Ì; Ñ·; ѵ◌Ì; ) CYRILLIC SMALL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT +04C1;04C1;0416 0306;04C1;0416 0306; # (Ó; Ó; Ж◌̆; Ó; Ж◌̆; ) CYRILLIC CAPITAL LETTER ZHE WITH BREVE +04C2;04C2;0436 0306;04C2;0436 0306; # (Ó‚; Ó‚; ж◌̆; Ó‚; ж◌̆; ) CYRILLIC SMALL LETTER ZHE WITH BREVE +04D0;04D0;0410 0306;04D0;0410 0306; # (Ó; Ó; Ð◌̆; Ó; Ð◌̆; ) CYRILLIC CAPITAL LETTER A WITH BREVE +04D1;04D1;0430 0306;04D1;0430 0306; # (Ó‘; Ó‘; а◌̆; Ó‘; а◌̆; ) CYRILLIC SMALL LETTER A WITH BREVE +04D2;04D2;0410 0308;04D2;0410 0308; # (Ó’; Ó’; Ð◌̈; Ó’; Ð◌̈; ) CYRILLIC CAPITAL LETTER A WITH DIAERESIS +04D3;04D3;0430 0308;04D3;0430 0308; # (Ó“; Ó“; а◌̈; Ó“; а◌̈; ) CYRILLIC SMALL LETTER A WITH DIAERESIS +04D6;04D6;0415 0306;04D6;0415 0306; # (Ó–; Ó–; Е◌̆; Ó–; Е◌̆; ) CYRILLIC CAPITAL LETTER IE WITH BREVE +04D7;04D7;0435 0306;04D7;0435 0306; # (Ó—; Ó—; е◌̆; Ó—; е◌̆; ) CYRILLIC SMALL LETTER IE WITH BREVE +04DA;04DA;04D8 0308;04DA;04D8 0308; # (Óš; Óš; Ә◌̈; Óš; Ә◌̈; ) CYRILLIC CAPITAL LETTER SCHWA WITH DIAERESIS +04DB;04DB;04D9 0308;04DB;04D9 0308; # (Ó›; Ó›; ә◌̈; Ó›; ә◌̈; ) CYRILLIC SMALL LETTER SCHWA WITH DIAERESIS +04DC;04DC;0416 0308;04DC;0416 0308; # (Óœ; Óœ; Ж◌̈; Óœ; Ж◌̈; ) CYRILLIC CAPITAL LETTER ZHE WITH DIAERESIS +04DD;04DD;0436 0308;04DD;0436 0308; # (Ó; Ó; ж◌̈; Ó; ж◌̈; ) CYRILLIC SMALL LETTER ZHE WITH DIAERESIS +04DE;04DE;0417 0308;04DE;0417 0308; # (Óž; Óž; З◌̈; Óž; З◌̈; ) CYRILLIC CAPITAL LETTER ZE WITH DIAERESIS +04DF;04DF;0437 0308;04DF;0437 0308; # (ÓŸ; ÓŸ; з◌̈; ÓŸ; з◌̈; ) CYRILLIC SMALL LETTER ZE WITH DIAERESIS +04E2;04E2;0418 0304;04E2;0418 0304; # (Ó¢; Ó¢; И◌̄; Ó¢; И◌̄; ) CYRILLIC CAPITAL LETTER I WITH MACRON +04E3;04E3;0438 0304;04E3;0438 0304; # (Ó£; Ó£; и◌̄; Ó£; и◌̄; ) CYRILLIC SMALL LETTER I WITH MACRON +04E4;04E4;0418 0308;04E4;0418 0308; # (Ó¤; Ó¤; И◌̈; Ó¤; И◌̈; ) CYRILLIC CAPITAL LETTER I WITH DIAERESIS +04E5;04E5;0438 0308;04E5;0438 0308; # (Ó¥; Ó¥; и◌̈; Ó¥; и◌̈; ) CYRILLIC SMALL LETTER I WITH DIAERESIS +04E6;04E6;041E 0308;04E6;041E 0308; # (Ó¦; Ó¦; О◌̈; Ó¦; О◌̈; ) CYRILLIC CAPITAL LETTER O WITH DIAERESIS +04E7;04E7;043E 0308;04E7;043E 0308; # (Ó§; Ó§; о◌̈; Ó§; о◌̈; ) CYRILLIC SMALL LETTER O WITH DIAERESIS +04EA;04EA;04E8 0308;04EA;04E8 0308; # (Óª; Óª; Ө◌̈; Óª; Ө◌̈; ) CYRILLIC CAPITAL LETTER BARRED O WITH DIAERESIS +04EB;04EB;04E9 0308;04EB;04E9 0308; # (Ó«; Ó«; ө◌̈; Ó«; ө◌̈; ) CYRILLIC SMALL LETTER BARRED O WITH DIAERESIS +04EC;04EC;042D 0308;04EC;042D 0308; # (Ó¬; Ó¬; Э◌̈; Ó¬; Э◌̈; ) CYRILLIC CAPITAL LETTER E WITH DIAERESIS +04ED;04ED;044D 0308;04ED;044D 0308; # (Ó­; Ó­; Ñ◌̈; Ó­; Ñ◌̈; ) CYRILLIC SMALL LETTER E WITH DIAERESIS +04EE;04EE;0423 0304;04EE;0423 0304; # (Ó®; Ó®; У◌̄; Ó®; У◌̄; ) CYRILLIC CAPITAL LETTER U WITH MACRON +04EF;04EF;0443 0304;04EF;0443 0304; # (Ó¯; Ó¯; у◌̄; Ó¯; у◌̄; ) CYRILLIC SMALL LETTER U WITH MACRON +04F0;04F0;0423 0308;04F0;0423 0308; # (Ó°; Ó°; У◌̈; Ó°; У◌̈; ) CYRILLIC CAPITAL LETTER U WITH DIAERESIS +04F1;04F1;0443 0308;04F1;0443 0308; # (Ó±; Ó±; у◌̈; Ó±; у◌̈; ) CYRILLIC SMALL LETTER U WITH DIAERESIS +04F2;04F2;0423 030B;04F2;0423 030B; # (Ó²; Ó²; У◌̋; Ó²; У◌̋; ) CYRILLIC CAPITAL LETTER U WITH DOUBLE ACUTE +04F3;04F3;0443 030B;04F3;0443 030B; # (Ó³; Ó³; у◌̋; Ó³; у◌̋; ) CYRILLIC SMALL LETTER U WITH DOUBLE ACUTE +04F4;04F4;0427 0308;04F4;0427 0308; # (Ó´; Ó´; Ч◌̈; Ó´; Ч◌̈; ) CYRILLIC CAPITAL LETTER CHE WITH DIAERESIS +04F5;04F5;0447 0308;04F5;0447 0308; # (Óµ; Óµ; ч◌̈; Óµ; ч◌̈; ) CYRILLIC SMALL LETTER CHE WITH DIAERESIS +04F8;04F8;042B 0308;04F8;042B 0308; # (Ó¸; Ó¸; Ы◌̈; Ó¸; Ы◌̈; ) CYRILLIC CAPITAL LETTER YERU WITH DIAERESIS +04F9;04F9;044B 0308;04F9;044B 0308; # (Ó¹; Ó¹; ы◌̈; Ó¹; ы◌̈; ) CYRILLIC SMALL LETTER YERU WITH DIAERESIS +0587;0587;0587;0565 0582;0565 0582; # (Ö‡; Ö‡; Ö‡; Õ¥Ö‚; Õ¥Ö‚; ) ARMENIAN SMALL LIGATURE ECH YIWN +0622;0622;0627 0653;0622;0627 0653; # (Ø¢; Ø¢; ا◌ٓ; Ø¢; ا◌ٓ; ) ARABIC LETTER ALEF WITH MADDA ABOVE +0623;0623;0627 0654;0623;0627 0654; # (Ø£; Ø£; ا◌ٔ; Ø£; ا◌ٔ; ) ARABIC LETTER ALEF WITH HAMZA ABOVE +0624;0624;0648 0654;0624;0648 0654; # (ؤ; ؤ; و◌ٔ; ؤ; و◌ٔ; ) ARABIC LETTER WAW WITH HAMZA ABOVE +0625;0625;0627 0655;0625;0627 0655; # (Ø¥; Ø¥; ا◌ٕ; Ø¥; ا◌ٕ; ) ARABIC LETTER ALEF WITH HAMZA BELOW +0626;0626;064A 0654;0626;064A 0654; # (ئ; ئ; ي◌ٔ; ئ; ي◌ٔ; ) ARABIC LETTER YEH WITH HAMZA ABOVE +0675;0675;0675;0627 0674;0627 0674; # (Ùµ; Ùµ; Ùµ; اٴ; اٴ; ) ARABIC LETTER HIGH HAMZA ALEF +0676;0676;0676;0648 0674;0648 0674; # (Ù¶; Ù¶; Ù¶; وٴ; وٴ; ) ARABIC LETTER HIGH HAMZA WAW +0677;0677;0677;06C7 0674;06C7 0674; # (Ù·; Ù·; Ù·; Û‡Ù´; Û‡Ù´; ) ARABIC LETTER U WITH HAMZA ABOVE +0678;0678;0678;064A 0674;064A 0674; # (Ù¸; Ù¸; Ù¸; يٴ; يٴ; ) ARABIC LETTER HIGH HAMZA YEH +06C0;06C0;06D5 0654;06C0;06D5 0654; # (Û€; Û€; ە◌ٔ; Û€; ە◌ٔ; ) ARABIC LETTER HEH WITH YEH ABOVE +06C2;06C2;06C1 0654;06C2;06C1 0654; # (Û‚; Û‚; Û◌ٔ; Û‚; Û◌ٔ; ) ARABIC LETTER HEH GOAL WITH HAMZA ABOVE +06D3;06D3;06D2 0654;06D3;06D2 0654; # (Û“; Û“; ے◌ٔ; Û“; ے◌ٔ; ) ARABIC LETTER YEH BARREE WITH HAMZA ABOVE +0929;0929;0928 093C;0929;0928 093C; # (ऩ; ऩ; न◌़; ऩ; न◌़; ) DEVANAGARI LETTER NNNA +0931;0931;0930 093C;0931;0930 093C; # (ऱ; ऱ; र◌़; ऱ; र◌़; ) DEVANAGARI LETTER RRA +0934;0934;0933 093C;0934;0933 093C; # (ऴ; ऴ; ळ◌़; ऴ; ळ◌़; ) DEVANAGARI LETTER LLLA +0958;0915 093C;0915 093C;0915 093C;0915 093C; # (क़; क◌़; क◌़; क◌़; क◌़; ) DEVANAGARI LETTER QA +0959;0916 093C;0916 093C;0916 093C;0916 093C; # (ख़; ख◌़; ख◌़; ख◌़; ख◌़; ) DEVANAGARI LETTER KHHA +095A;0917 093C;0917 093C;0917 093C;0917 093C; # (ग़; ग◌़; ग◌़; ग◌़; ग◌़; ) DEVANAGARI LETTER GHHA +095B;091C 093C;091C 093C;091C 093C;091C 093C; # (ज़; ज◌़; ज◌़; ज◌़; ज◌़; ) DEVANAGARI LETTER ZA +095C;0921 093C;0921 093C;0921 093C;0921 093C; # (ड़; ड◌़; ड◌़; ड◌़; ड◌़; ) DEVANAGARI LETTER DDDHA +095D;0922 093C;0922 093C;0922 093C;0922 093C; # (à¥; ढ◌़; ढ◌़; ढ◌़; ढ◌़; ) DEVANAGARI LETTER RHA +095E;092B 093C;092B 093C;092B 093C;092B 093C; # (फ़; फ◌़; फ◌़; फ◌़; फ◌़; ) DEVANAGARI LETTER FA +095F;092F 093C;092F 093C;092F 093C;092F 093C; # (य़; य◌़; य◌़; य◌़; य◌़; ) DEVANAGARI LETTER YYA +09CB;09CB;09C7 09BE;09CB;09C7 09BE; # (ো; ো; ো; ো; ো; ) BENGALI VOWEL SIGN O +09CC;09CC;09C7 09D7;09CC;09C7 09D7; # (ৌ; ৌ; ৌ; ৌ; ৌ; ) BENGALI VOWEL SIGN AU +09DC;09A1 09BC;09A1 09BC;09A1 09BC;09A1 09BC; # (ড়; ড◌়; ড◌়; ড◌়; ড◌়; ) BENGALI LETTER RRA +09DD;09A2 09BC;09A2 09BC;09A2 09BC;09A2 09BC; # (à§; ঢ◌়; ঢ◌়; ঢ◌়; ঢ◌়; ) BENGALI LETTER RHA +09DF;09AF 09BC;09AF 09BC;09AF 09BC;09AF 09BC; # (য়; য◌়; য◌়; য◌়; য◌়; ) BENGALI LETTER YYA +0A33;0A32 0A3C;0A32 0A3C;0A32 0A3C;0A32 0A3C; # (ਲ਼; ਲ◌਼; ਲ◌਼; ਲ◌਼; ਲ◌਼; ) GURMUKHI LETTER LLA +0A36;0A38 0A3C;0A38 0A3C;0A38 0A3C;0A38 0A3C; # (ਸ਼; ਸ◌਼; ਸ◌਼; ਸ◌਼; ਸ◌਼; ) GURMUKHI LETTER SHA +0A59;0A16 0A3C;0A16 0A3C;0A16 0A3C;0A16 0A3C; # (à©™; ਖ◌਼; ਖ◌਼; ਖ◌਼; ਖ◌਼; ) GURMUKHI LETTER KHHA +0A5A;0A17 0A3C;0A17 0A3C;0A17 0A3C;0A17 0A3C; # (à©š; ਗ◌਼; ਗ◌਼; ਗ◌਼; ਗ◌਼; ) GURMUKHI LETTER GHHA +0A5B;0A1C 0A3C;0A1C 0A3C;0A1C 0A3C;0A1C 0A3C; # (à©›; ਜ◌਼; ਜ◌਼; ਜ◌਼; ਜ◌਼; ) GURMUKHI LETTER ZA +0A5E;0A2B 0A3C;0A2B 0A3C;0A2B 0A3C;0A2B 0A3C; # (à©ž; ਫ◌਼; ਫ◌਼; ਫ◌਼; ਫ◌਼; ) GURMUKHI LETTER FA +0B48;0B48;0B47 0B56;0B48;0B47 0B56; # (à­ˆ; à­ˆ; େ◌ୖ; à­ˆ; େ◌ୖ; ) ORIYA VOWEL SIGN AI +0B4B;0B4B;0B47 0B3E;0B4B;0B47 0B3E; # (à­‹; à­‹; ୋ; à­‹; ୋ; ) ORIYA VOWEL SIGN O +0B4C;0B4C;0B47 0B57;0B4C;0B47 0B57; # (à­Œ; à­Œ; ୌ; à­Œ; ୌ; ) ORIYA VOWEL SIGN AU +0B5C;0B21 0B3C;0B21 0B3C;0B21 0B3C;0B21 0B3C; # (à­œ; ଡ◌଼; ଡ◌଼; ଡ◌଼; ଡ◌଼; ) ORIYA LETTER RRA +0B5D;0B22 0B3C;0B22 0B3C;0B22 0B3C;0B22 0B3C; # (à­; ଢ◌଼; ଢ◌଼; ଢ◌଼; ଢ◌଼; ) ORIYA LETTER RHA +0B94;0B94;0B92 0BD7;0B94;0B92 0BD7; # (à®”; à®”; ஔ; à®”; ஔ; ) TAMIL LETTER AU +0BCA;0BCA;0BC6 0BBE;0BCA;0BC6 0BBE; # (ொ; ொ; ொ; ொ; ொ; ) TAMIL VOWEL SIGN O +0BCB;0BCB;0BC7 0BBE;0BCB;0BC7 0BBE; # (ோ; ோ; ோ; ோ; ோ; ) TAMIL VOWEL SIGN OO +0BCC;0BCC;0BC6 0BD7;0BCC;0BC6 0BD7; # (ௌ; ௌ; ௌ; ௌ; ௌ; ) TAMIL VOWEL SIGN AU +0C48;0C48;0C46 0C56;0C48;0C46 0C56; # (◌ై; ◌ై; ◌ె◌ౖ; ◌ై; ◌ె◌ౖ; ) TELUGU VOWEL SIGN AI +0CC0;0CC0;0CBF 0CD5;0CC0;0CBF 0CD5; # (à³€; à³€; ◌ೀ; à³€; ◌ೀ; ) KANNADA VOWEL SIGN II +0CC7;0CC7;0CC6 0CD5;0CC7;0CC6 0CD5; # (ೇ; ೇ; ◌ೇ; ೇ; ◌ೇ; ) KANNADA VOWEL SIGN EE +0CC8;0CC8;0CC6 0CD6;0CC8;0CC6 0CD6; # (ೈ; ೈ; ◌ೈ; ೈ; ◌ೈ; ) KANNADA VOWEL SIGN AI +0CCA;0CCA;0CC6 0CC2;0CCA;0CC6 0CC2; # (ೊ; ೊ; ◌ೊ; ೊ; ◌ೊ; ) KANNADA VOWEL SIGN O +0CCB;0CCB;0CC6 0CC2 0CD5;0CCB;0CC6 0CC2 0CD5; # (ೋ; ೋ; ◌ೋ; ೋ; ◌ೋ; ) KANNADA VOWEL SIGN OO +0D4A;0D4A;0D46 0D3E;0D4A;0D46 0D3E; # (ൊ; ൊ; ൊ; ൊ; ൊ; ) MALAYALAM VOWEL SIGN O +0D4B;0D4B;0D47 0D3E;0D4B;0D47 0D3E; # (ോ; ോ; ോ; ോ; ോ; ) MALAYALAM VOWEL SIGN OO +0D4C;0D4C;0D46 0D57;0D4C;0D46 0D57; # (ൌ; ൌ; ൌ; ൌ; ൌ; ) MALAYALAM VOWEL SIGN AU +0DDA;0DDA;0DD9 0DCA;0DDA;0DD9 0DCA; # (à·š; à·š; ෙ◌්; à·š; ෙ◌්; ) SINHALA VOWEL SIGN DIGA KOMBUVA +0DDC;0DDC;0DD9 0DCF;0DDC;0DD9 0DCF; # (à·œ; à·œ; à·™à·; à·œ; à·™à·; ) SINHALA VOWEL SIGN KOMBUVA HAA AELA-PILLA +0DDD;0DDD;0DD9 0DCF 0DCA;0DDD;0DD9 0DCF 0DCA; # (à·; à·; à·™à·â—Œà·Š; à·; à·™à·â—Œà·Š; ) SINHALA VOWEL SIGN KOMBUVA HAA DIGA AELA-PILLA +0DDE;0DDE;0DD9 0DDF;0DDE;0DD9 0DDF; # (à·ž; à·ž; ෞ; à·ž; ෞ; ) SINHALA VOWEL SIGN KOMBUVA HAA GAYANUKITTA +0E33;0E33;0E33;0E4D 0E32;0E4D 0E32; # (ำ; ำ; ำ; â—Œà¹à¸²; â—Œà¹à¸²; ) THAI CHARACTER SARA AM +0EB3;0EB3;0EB3;0ECD 0EB2;0ECD 0EB2; # (ຳ; ຳ; ຳ; â—Œà»àº²; â—Œà»àº²; ) LAO VOWEL SIGN AM +0EDC;0EDC;0EDC;0EAB 0E99;0EAB 0E99; # (ໜ; ໜ; ໜ; ຫນ; ຫນ; ) LAO HO NO +0EDD;0EDD;0EDD;0EAB 0EA1;0EAB 0EA1; # (à»; à»; à»; ຫມ; ຫມ; ) LAO HO MO +0F0C;0F0C;0F0C;0F0B;0F0B; # (༌; ༌; ༌; ་; ་; ) TIBETAN MARK DELIMITER TSHEG BSTAR +0F43;0F42 0FB7;0F42 0FB7;0F42 0FB7;0F42 0FB7; # (གྷ; ག◌ྷ; ག◌ྷ; ག◌ྷ; ག◌ྷ; ) TIBETAN LETTER GHA +0F4D;0F4C 0FB7;0F4C 0FB7;0F4C 0FB7;0F4C 0FB7; # (à½; ཌ◌ྷ; ཌ◌ྷ; ཌ◌ྷ; ཌ◌ྷ; ) TIBETAN LETTER DDHA +0F52;0F51 0FB7;0F51 0FB7;0F51 0FB7;0F51 0FB7; # (དྷ; ད◌ྷ; ད◌ྷ; ད◌ྷ; ད◌ྷ; ) TIBETAN LETTER DHA +0F57;0F56 0FB7;0F56 0FB7;0F56 0FB7;0F56 0FB7; # (བྷ; བ◌ྷ; བ◌ྷ; བ◌ྷ; བ◌ྷ; ) TIBETAN LETTER BHA +0F5C;0F5B 0FB7;0F5B 0FB7;0F5B 0FB7;0F5B 0FB7; # (ཛྷ; ཛ◌ྷ; ཛ◌ྷ; ཛ◌ྷ; ཛ◌ྷ; ) TIBETAN LETTER DZHA +0F69;0F40 0FB5;0F40 0FB5;0F40 0FB5;0F40 0FB5; # (ཀྵ; ཀ◌ྵ; ཀ◌ྵ; ཀ◌ྵ; ཀ◌ྵ; ) TIBETAN LETTER KSSA +0F73;0F71 0F72;0F71 0F72;0F71 0F72;0F71 0F72; # (◌ཱི; ◌ཱ◌ི; ◌ཱ◌ི; ◌ཱ◌ི; ◌ཱ◌ི; ) TIBETAN VOWEL SIGN II +0F75;0F71 0F74;0F71 0F74;0F71 0F74;0F71 0F74; # (◌ཱུ; ◌ཱ◌ུ; ◌ཱ◌ུ; ◌ཱ◌ུ; ◌ཱ◌ུ; ) TIBETAN VOWEL SIGN UU +0F76;0FB2 0F80;0FB2 0F80;0FB2 0F80;0FB2 0F80; # (◌ྲྀ; ◌ྲ◌ྀ; ◌ྲ◌ྀ; ◌ྲ◌ྀ; ◌ྲ◌ྀ; ) TIBETAN VOWEL SIGN VOCALIC R +0F77;0F77;0F77;0FB2 0F71 0F80;0FB2 0F71 0F80; # (◌ཷ; ◌ཷ; ◌ཷ; ◌ྲ◌ཱ◌ྀ; ◌ྲ◌ཱ◌ྀ; ) TIBETAN VOWEL SIGN VOCALIC RR +0F78;0FB3 0F80;0FB3 0F80;0FB3 0F80;0FB3 0F80; # (◌ླྀ; ◌ླ◌ྀ; ◌ླ◌ྀ; ◌ླ◌ྀ; ◌ླ◌ྀ; ) TIBETAN VOWEL SIGN VOCALIC L +0F79;0F79;0F79;0FB3 0F71 0F80;0FB3 0F71 0F80; # (◌ཹ; ◌ཹ; ◌ཹ; ◌ླ◌ཱ◌ྀ; ◌ླ◌ཱ◌ྀ; ) TIBETAN VOWEL SIGN VOCALIC LL +0F81;0F71 0F80;0F71 0F80;0F71 0F80;0F71 0F80; # (â—Œà¾; ◌ཱ◌ྀ; ◌ཱ◌ྀ; ◌ཱ◌ྀ; ◌ཱ◌ྀ; ) TIBETAN VOWEL SIGN REVERSED II +0F93;0F92 0FB7;0F92 0FB7;0F92 0FB7;0F92 0FB7; # (◌ྒྷ; ◌ྒ◌ྷ; ◌ྒ◌ྷ; ◌ྒ◌ྷ; ◌ྒ◌ྷ; ) TIBETAN SUBJOINED LETTER GHA +0F9D;0F9C 0FB7;0F9C 0FB7;0F9C 0FB7;0F9C 0FB7; # (â—Œà¾; ◌ྜ◌ྷ; ◌ྜ◌ྷ; ◌ྜ◌ྷ; ◌ྜ◌ྷ; ) TIBETAN SUBJOINED LETTER DDHA +0FA2;0FA1 0FB7;0FA1 0FB7;0FA1 0FB7;0FA1 0FB7; # (◌ྡྷ; ◌ྡ◌ྷ; ◌ྡ◌ྷ; ◌ྡ◌ྷ; ◌ྡ◌ྷ; ) TIBETAN SUBJOINED LETTER DHA +0FA7;0FA6 0FB7;0FA6 0FB7;0FA6 0FB7;0FA6 0FB7; # (◌ྦྷ; ◌ྦ◌ྷ; ◌ྦ◌ྷ; ◌ྦ◌ྷ; ◌ྦ◌ྷ; ) TIBETAN SUBJOINED LETTER BHA +0FAC;0FAB 0FB7;0FAB 0FB7;0FAB 0FB7;0FAB 0FB7; # (◌ྫྷ; ◌ྫ◌ྷ; ◌ྫ◌ྷ; ◌ྫ◌ྷ; ◌ྫ◌ྷ; ) TIBETAN SUBJOINED LETTER DZHA +0FB9;0F90 0FB5;0F90 0FB5;0F90 0FB5;0F90 0FB5; # (◌ྐྵ; â—Œà¾â—Œà¾µ; â—Œà¾â—Œà¾µ; â—Œà¾â—Œà¾µ; â—Œà¾â—Œà¾µ; ) TIBETAN SUBJOINED LETTER KSSA +1026;1026;1025 102E;1026;1025 102E; # (ဦ; ဦ; ဥ◌ီ; ဦ; ဥ◌ီ; ) MYANMAR LETTER UU +1D2C;1D2C;1D2C;0041;0041; # (á´¬; á´¬; á´¬; A; A; ) MODIFIER LETTER CAPITAL A +1D2D;1D2D;1D2D;00C6;00C6; # (á´­; á´­; á´­; Æ; Æ; ) MODIFIER LETTER CAPITAL AE +1D2E;1D2E;1D2E;0042;0042; # (á´®; á´®; á´®; B; B; ) MODIFIER LETTER CAPITAL B +1D30;1D30;1D30;0044;0044; # (á´°; á´°; á´°; D; D; ) MODIFIER LETTER CAPITAL D +1D31;1D31;1D31;0045;0045; # (á´±; á´±; á´±; E; E; ) MODIFIER LETTER CAPITAL E +1D32;1D32;1D32;018E;018E; # (á´²; á´²; á´²; ÆŽ; ÆŽ; ) MODIFIER LETTER CAPITAL REVERSED E +1D33;1D33;1D33;0047;0047; # (á´³; á´³; á´³; G; G; ) MODIFIER LETTER CAPITAL G +1D34;1D34;1D34;0048;0048; # (á´´; á´´; á´´; H; H; ) MODIFIER LETTER CAPITAL H +1D35;1D35;1D35;0049;0049; # (á´µ; á´µ; á´µ; I; I; ) MODIFIER LETTER CAPITAL I +1D36;1D36;1D36;004A;004A; # (á´¶; á´¶; á´¶; J; J; ) MODIFIER LETTER CAPITAL J +1D37;1D37;1D37;004B;004B; # (á´·; á´·; á´·; K; K; ) MODIFIER LETTER CAPITAL K +1D38;1D38;1D38;004C;004C; # (á´¸; á´¸; á´¸; L; L; ) MODIFIER LETTER CAPITAL L +1D39;1D39;1D39;004D;004D; # (á´¹; á´¹; á´¹; M; M; ) MODIFIER LETTER CAPITAL M +1D3A;1D3A;1D3A;004E;004E; # (á´º; á´º; á´º; N; N; ) MODIFIER LETTER CAPITAL N +1D3C;1D3C;1D3C;004F;004F; # (á´¼; á´¼; á´¼; O; O; ) MODIFIER LETTER CAPITAL O +1D3D;1D3D;1D3D;0222;0222; # (á´½; á´½; á´½; È¢; È¢; ) MODIFIER LETTER CAPITAL OU +1D3E;1D3E;1D3E;0050;0050; # (á´¾; á´¾; á´¾; P; P; ) MODIFIER LETTER CAPITAL P +1D3F;1D3F;1D3F;0052;0052; # (á´¿; á´¿; á´¿; R; R; ) MODIFIER LETTER CAPITAL R +1D40;1D40;1D40;0054;0054; # (áµ€; áµ€; áµ€; T; T; ) MODIFIER LETTER CAPITAL T +1D41;1D41;1D41;0055;0055; # (áµ; áµ; áµ; U; U; ) MODIFIER LETTER CAPITAL U +1D42;1D42;1D42;0057;0057; # (ᵂ; ᵂ; ᵂ; W; W; ) MODIFIER LETTER CAPITAL W +1D43;1D43;1D43;0061;0061; # (ᵃ; ᵃ; ᵃ; a; a; ) MODIFIER LETTER SMALL A +1D44;1D44;1D44;0250;0250; # (ᵄ; ᵄ; ᵄ; É; É; ) MODIFIER LETTER SMALL TURNED A +1D45;1D45;1D45;0251;0251; # (áµ…; áµ…; áµ…; É‘; É‘; ) MODIFIER LETTER SMALL ALPHA +1D46;1D46;1D46;1D02;1D02; # (ᵆ; ᵆ; ᵆ; á´‚; á´‚; ) MODIFIER LETTER SMALL TURNED AE +1D47;1D47;1D47;0062;0062; # (ᵇ; ᵇ; ᵇ; b; b; ) MODIFIER LETTER SMALL B +1D48;1D48;1D48;0064;0064; # (ᵈ; ᵈ; ᵈ; d; d; ) MODIFIER LETTER SMALL D +1D49;1D49;1D49;0065;0065; # (ᵉ; ᵉ; ᵉ; e; e; ) MODIFIER LETTER SMALL E +1D4A;1D4A;1D4A;0259;0259; # (ᵊ; ᵊ; ᵊ; É™; É™; ) MODIFIER LETTER SMALL SCHWA +1D4B;1D4B;1D4B;025B;025B; # (ᵋ; ᵋ; ᵋ; É›; É›; ) MODIFIER LETTER SMALL OPEN E +1D4C;1D4C;1D4C;025C;025C; # (ᵌ; ᵌ; ᵌ; Éœ; Éœ; ) MODIFIER LETTER SMALL TURNED OPEN E +1D4D;1D4D;1D4D;0067;0067; # (áµ; áµ; áµ; g; g; ) MODIFIER LETTER SMALL G +1D4F;1D4F;1D4F;006B;006B; # (áµ; áµ; áµ; k; k; ) MODIFIER LETTER SMALL K +1D50;1D50;1D50;006D;006D; # (áµ; áµ; áµ; m; m; ) MODIFIER LETTER SMALL M +1D51;1D51;1D51;014B;014B; # (ᵑ; ᵑ; ᵑ; Å‹; Å‹; ) MODIFIER LETTER SMALL ENG +1D52;1D52;1D52;006F;006F; # (áµ’; áµ’; áµ’; o; o; ) MODIFIER LETTER SMALL O +1D53;1D53;1D53;0254;0254; # (ᵓ; ᵓ; ᵓ; É”; É”; ) MODIFIER LETTER SMALL OPEN O +1D54;1D54;1D54;1D16;1D16; # (áµ”; áµ”; áµ”; á´–; á´–; ) MODIFIER LETTER SMALL TOP HALF O +1D55;1D55;1D55;1D17;1D17; # (ᵕ; ᵕ; ᵕ; á´—; á´—; ) MODIFIER LETTER SMALL BOTTOM HALF O +1D56;1D56;1D56;0070;0070; # (áµ–; áµ–; áµ–; p; p; ) MODIFIER LETTER SMALL P +1D57;1D57;1D57;0074;0074; # (áµ—; áµ—; áµ—; t; t; ) MODIFIER LETTER SMALL T +1D58;1D58;1D58;0075;0075; # (ᵘ; ᵘ; ᵘ; u; u; ) MODIFIER LETTER SMALL U +1D59;1D59;1D59;1D1D;1D1D; # (áµ™; áµ™; áµ™; á´; á´; ) MODIFIER LETTER SMALL SIDEWAYS U +1D5A;1D5A;1D5A;026F;026F; # (ᵚ; ᵚ; ᵚ; ɯ; ɯ; ) MODIFIER LETTER SMALL TURNED M +1D5B;1D5B;1D5B;0076;0076; # (áµ›; áµ›; áµ›; v; v; ) MODIFIER LETTER SMALL V +1D5C;1D5C;1D5C;1D25;1D25; # (ᵜ; ᵜ; ᵜ; á´¥; á´¥; ) MODIFIER LETTER SMALL AIN +1D5D;1D5D;1D5D;03B2;03B2; # (áµ; áµ; áµ; β; β; ) MODIFIER LETTER SMALL BETA +1D5E;1D5E;1D5E;03B3;03B3; # (ᵞ; ᵞ; ᵞ; γ; γ; ) MODIFIER LETTER SMALL GREEK GAMMA +1D5F;1D5F;1D5F;03B4;03B4; # (ᵟ; ᵟ; ᵟ; δ; δ; ) MODIFIER LETTER SMALL DELTA +1D60;1D60;1D60;03C6;03C6; # (áµ ; áµ ; áµ ; φ; φ; ) MODIFIER LETTER SMALL GREEK PHI +1D61;1D61;1D61;03C7;03C7; # (ᵡ; ᵡ; ᵡ; χ; χ; ) MODIFIER LETTER SMALL CHI +1D62;1D62;1D62;0069;0069; # (áµ¢; áµ¢; áµ¢; i; i; ) LATIN SUBSCRIPT SMALL LETTER I +1D63;1D63;1D63;0072;0072; # (áµ£; áµ£; áµ£; r; r; ) LATIN SUBSCRIPT SMALL LETTER R +1D64;1D64;1D64;0075;0075; # (ᵤ; ᵤ; ᵤ; u; u; ) LATIN SUBSCRIPT SMALL LETTER U +1D65;1D65;1D65;0076;0076; # (áµ¥; áµ¥; áµ¥; v; v; ) LATIN SUBSCRIPT SMALL LETTER V +1D66;1D66;1D66;03B2;03B2; # (ᵦ; ᵦ; ᵦ; β; β; ) GREEK SUBSCRIPT SMALL LETTER BETA +1D67;1D67;1D67;03B3;03B3; # (ᵧ; ᵧ; ᵧ; γ; γ; ) GREEK SUBSCRIPT SMALL LETTER GAMMA +1D68;1D68;1D68;03C1;03C1; # (ᵨ; ᵨ; ᵨ; Ï; Ï; ) GREEK SUBSCRIPT SMALL LETTER RHO +1D69;1D69;1D69;03C6;03C6; # (ᵩ; ᵩ; ᵩ; φ; φ; ) GREEK SUBSCRIPT SMALL LETTER PHI +1D6A;1D6A;1D6A;03C7;03C7; # (ᵪ; ᵪ; ᵪ; χ; χ; ) GREEK SUBSCRIPT SMALL LETTER CHI +1E00;1E00;0041 0325;1E00;0041 0325; # (Ḁ; Ḁ; A◌̥; Ḁ; A◌̥; ) LATIN CAPITAL LETTER A WITH RING BELOW +1E01;1E01;0061 0325;1E01;0061 0325; # (á¸; á¸; a◌̥; á¸; a◌̥; ) LATIN SMALL LETTER A WITH RING BELOW +1E02;1E02;0042 0307;1E02;0042 0307; # (Ḃ; Ḃ; B◌̇; Ḃ; B◌̇; ) LATIN CAPITAL LETTER B WITH DOT ABOVE +1E03;1E03;0062 0307;1E03;0062 0307; # (ḃ; ḃ; b◌̇; ḃ; b◌̇; ) LATIN SMALL LETTER B WITH DOT ABOVE +1E04;1E04;0042 0323;1E04;0042 0323; # (Ḅ; Ḅ; B◌̣; Ḅ; B◌̣; ) LATIN CAPITAL LETTER B WITH DOT BELOW +1E05;1E05;0062 0323;1E05;0062 0323; # (ḅ; ḅ; b◌̣; ḅ; b◌̣; ) LATIN SMALL LETTER B WITH DOT BELOW +1E06;1E06;0042 0331;1E06;0042 0331; # (Ḇ; Ḇ; B◌̱; Ḇ; B◌̱; ) LATIN CAPITAL LETTER B WITH LINE BELOW +1E07;1E07;0062 0331;1E07;0062 0331; # (ḇ; ḇ; b◌̱; ḇ; b◌̱; ) LATIN SMALL LETTER B WITH LINE BELOW +1E08;1E08;0043 0327 0301;1E08;0043 0327 0301; # (Ḉ; Ḉ; C◌̧◌Ì; Ḉ; C◌̧◌Ì; ) LATIN CAPITAL LETTER C WITH CEDILLA AND ACUTE +1E09;1E09;0063 0327 0301;1E09;0063 0327 0301; # (ḉ; ḉ; c◌̧◌Ì; ḉ; c◌̧◌Ì; ) LATIN SMALL LETTER C WITH CEDILLA AND ACUTE +1E0A;1E0A;0044 0307;1E0A;0044 0307; # (Ḋ; Ḋ; D◌̇; Ḋ; D◌̇; ) LATIN CAPITAL LETTER D WITH DOT ABOVE +1E0B;1E0B;0064 0307;1E0B;0064 0307; # (ḋ; ḋ; d◌̇; ḋ; d◌̇; ) LATIN SMALL LETTER D WITH DOT ABOVE +1E0C;1E0C;0044 0323;1E0C;0044 0323; # (Ḍ; Ḍ; D◌̣; Ḍ; D◌̣; ) LATIN CAPITAL LETTER D WITH DOT BELOW +1E0D;1E0D;0064 0323;1E0D;0064 0323; # (á¸; á¸; d◌̣; á¸; d◌̣; ) LATIN SMALL LETTER D WITH DOT BELOW +1E0E;1E0E;0044 0331;1E0E;0044 0331; # (Ḏ; Ḏ; D◌̱; Ḏ; D◌̱; ) LATIN CAPITAL LETTER D WITH LINE BELOW +1E0F;1E0F;0064 0331;1E0F;0064 0331; # (á¸; á¸; d◌̱; á¸; d◌̱; ) LATIN SMALL LETTER D WITH LINE BELOW +1E10;1E10;0044 0327;1E10;0044 0327; # (á¸; á¸; D◌̧; á¸; D◌̧; ) LATIN CAPITAL LETTER D WITH CEDILLA +1E11;1E11;0064 0327;1E11;0064 0327; # (ḑ; ḑ; d◌̧; ḑ; d◌̧; ) LATIN SMALL LETTER D WITH CEDILLA +1E12;1E12;0044 032D;1E12;0044 032D; # (Ḓ; Ḓ; D◌̭; Ḓ; D◌̭; ) LATIN CAPITAL LETTER D WITH CIRCUMFLEX BELOW +1E13;1E13;0064 032D;1E13;0064 032D; # (ḓ; ḓ; d◌̭; ḓ; d◌̭; ) LATIN SMALL LETTER D WITH CIRCUMFLEX BELOW +1E14;1E14;0045 0304 0300;1E14;0045 0304 0300; # (Ḕ; Ḕ; E◌̄◌̀; Ḕ; E◌̄◌̀; ) LATIN CAPITAL LETTER E WITH MACRON AND GRAVE +1E15;1E15;0065 0304 0300;1E15;0065 0304 0300; # (ḕ; ḕ; e◌̄◌̀; ḕ; e◌̄◌̀; ) LATIN SMALL LETTER E WITH MACRON AND GRAVE +1E16;1E16;0045 0304 0301;1E16;0045 0304 0301; # (Ḗ; Ḗ; E◌̄◌Ì; Ḗ; E◌̄◌Ì; ) LATIN CAPITAL LETTER E WITH MACRON AND ACUTE +1E17;1E17;0065 0304 0301;1E17;0065 0304 0301; # (ḗ; ḗ; e◌̄◌Ì; ḗ; e◌̄◌Ì; ) LATIN SMALL LETTER E WITH MACRON AND ACUTE +1E18;1E18;0045 032D;1E18;0045 032D; # (Ḙ; Ḙ; E◌̭; Ḙ; E◌̭; ) LATIN CAPITAL LETTER E WITH CIRCUMFLEX BELOW +1E19;1E19;0065 032D;1E19;0065 032D; # (ḙ; ḙ; e◌̭; ḙ; e◌̭; ) LATIN SMALL LETTER E WITH CIRCUMFLEX BELOW +1E1A;1E1A;0045 0330;1E1A;0045 0330; # (Ḛ; Ḛ; E◌̰; Ḛ; E◌̰; ) LATIN CAPITAL LETTER E WITH TILDE BELOW +1E1B;1E1B;0065 0330;1E1B;0065 0330; # (ḛ; ḛ; e◌̰; ḛ; e◌̰; ) LATIN SMALL LETTER E WITH TILDE BELOW +1E1C;1E1C;0045 0327 0306;1E1C;0045 0327 0306; # (Ḝ; Ḝ; E◌̧◌̆; Ḝ; E◌̧◌̆; ) LATIN CAPITAL LETTER E WITH CEDILLA AND BREVE +1E1D;1E1D;0065 0327 0306;1E1D;0065 0327 0306; # (á¸; á¸; e◌̧◌̆; á¸; e◌̧◌̆; ) LATIN SMALL LETTER E WITH CEDILLA AND BREVE +1E1E;1E1E;0046 0307;1E1E;0046 0307; # (Ḟ; Ḟ; F◌̇; Ḟ; F◌̇; ) LATIN CAPITAL LETTER F WITH DOT ABOVE +1E1F;1E1F;0066 0307;1E1F;0066 0307; # (ḟ; ḟ; f◌̇; ḟ; f◌̇; ) LATIN SMALL LETTER F WITH DOT ABOVE +1E20;1E20;0047 0304;1E20;0047 0304; # (Ḡ; Ḡ; G◌̄; Ḡ; G◌̄; ) LATIN CAPITAL LETTER G WITH MACRON +1E21;1E21;0067 0304;1E21;0067 0304; # (ḡ; ḡ; g◌̄; ḡ; g◌̄; ) LATIN SMALL LETTER G WITH MACRON +1E22;1E22;0048 0307;1E22;0048 0307; # (Ḣ; Ḣ; H◌̇; Ḣ; H◌̇; ) LATIN CAPITAL LETTER H WITH DOT ABOVE +1E23;1E23;0068 0307;1E23;0068 0307; # (ḣ; ḣ; h◌̇; ḣ; h◌̇; ) LATIN SMALL LETTER H WITH DOT ABOVE +1E24;1E24;0048 0323;1E24;0048 0323; # (Ḥ; Ḥ; H◌̣; Ḥ; H◌̣; ) LATIN CAPITAL LETTER H WITH DOT BELOW +1E25;1E25;0068 0323;1E25;0068 0323; # (ḥ; ḥ; h◌̣; ḥ; h◌̣; ) LATIN SMALL LETTER H WITH DOT BELOW +1E26;1E26;0048 0308;1E26;0048 0308; # (Ḧ; Ḧ; H◌̈; Ḧ; H◌̈; ) LATIN CAPITAL LETTER H WITH DIAERESIS +1E27;1E27;0068 0308;1E27;0068 0308; # (ḧ; ḧ; h◌̈; ḧ; h◌̈; ) LATIN SMALL LETTER H WITH DIAERESIS +1E28;1E28;0048 0327;1E28;0048 0327; # (Ḩ; Ḩ; H◌̧; Ḩ; H◌̧; ) LATIN CAPITAL LETTER H WITH CEDILLA +1E29;1E29;0068 0327;1E29;0068 0327; # (ḩ; ḩ; h◌̧; ḩ; h◌̧; ) LATIN SMALL LETTER H WITH CEDILLA +1E2A;1E2A;0048 032E;1E2A;0048 032E; # (Ḫ; Ḫ; H◌̮; Ḫ; H◌̮; ) LATIN CAPITAL LETTER H WITH BREVE BELOW +1E2B;1E2B;0068 032E;1E2B;0068 032E; # (ḫ; ḫ; h◌̮; ḫ; h◌̮; ) LATIN SMALL LETTER H WITH BREVE BELOW +1E2C;1E2C;0049 0330;1E2C;0049 0330; # (Ḭ; Ḭ; I◌̰; Ḭ; I◌̰; ) LATIN CAPITAL LETTER I WITH TILDE BELOW +1E2D;1E2D;0069 0330;1E2D;0069 0330; # (ḭ; ḭ; i◌̰; ḭ; i◌̰; ) LATIN SMALL LETTER I WITH TILDE BELOW +1E2E;1E2E;0049 0308 0301;1E2E;0049 0308 0301; # (Ḯ; Ḯ; I◌̈◌Ì; Ḯ; I◌̈◌Ì; ) LATIN CAPITAL LETTER I WITH DIAERESIS AND ACUTE +1E2F;1E2F;0069 0308 0301;1E2F;0069 0308 0301; # (ḯ; ḯ; i◌̈◌Ì; ḯ; i◌̈◌Ì; ) LATIN SMALL LETTER I WITH DIAERESIS AND ACUTE +1E30;1E30;004B 0301;1E30;004B 0301; # (Ḱ; Ḱ; Kâ—ŒÌ; Ḱ; Kâ—ŒÌ; ) LATIN CAPITAL LETTER K WITH ACUTE +1E31;1E31;006B 0301;1E31;006B 0301; # (ḱ; ḱ; kâ—ŒÌ; ḱ; kâ—ŒÌ; ) LATIN SMALL LETTER K WITH ACUTE +1E32;1E32;004B 0323;1E32;004B 0323; # (Ḳ; Ḳ; K◌̣; Ḳ; K◌̣; ) LATIN CAPITAL LETTER K WITH DOT BELOW +1E33;1E33;006B 0323;1E33;006B 0323; # (ḳ; ḳ; k◌̣; ḳ; k◌̣; ) LATIN SMALL LETTER K WITH DOT BELOW +1E34;1E34;004B 0331;1E34;004B 0331; # (Ḵ; Ḵ; K◌̱; Ḵ; K◌̱; ) LATIN CAPITAL LETTER K WITH LINE BELOW +1E35;1E35;006B 0331;1E35;006B 0331; # (ḵ; ḵ; k◌̱; ḵ; k◌̱; ) LATIN SMALL LETTER K WITH LINE BELOW +1E36;1E36;004C 0323;1E36;004C 0323; # (Ḷ; Ḷ; L◌̣; Ḷ; L◌̣; ) LATIN CAPITAL LETTER L WITH DOT BELOW +1E37;1E37;006C 0323;1E37;006C 0323; # (ḷ; ḷ; l◌̣; ḷ; l◌̣; ) LATIN SMALL LETTER L WITH DOT BELOW +1E38;1E38;004C 0323 0304;1E38;004C 0323 0304; # (Ḹ; Ḹ; L◌̣◌̄; Ḹ; L◌̣◌̄; ) LATIN CAPITAL LETTER L WITH DOT BELOW AND MACRON +1E39;1E39;006C 0323 0304;1E39;006C 0323 0304; # (ḹ; ḹ; l◌̣◌̄; ḹ; l◌̣◌̄; ) LATIN SMALL LETTER L WITH DOT BELOW AND MACRON +1E3A;1E3A;004C 0331;1E3A;004C 0331; # (Ḻ; Ḻ; L◌̱; Ḻ; L◌̱; ) LATIN CAPITAL LETTER L WITH LINE BELOW +1E3B;1E3B;006C 0331;1E3B;006C 0331; # (ḻ; ḻ; l◌̱; ḻ; l◌̱; ) LATIN SMALL LETTER L WITH LINE BELOW +1E3C;1E3C;004C 032D;1E3C;004C 032D; # (Ḽ; Ḽ; L◌̭; Ḽ; L◌̭; ) LATIN CAPITAL LETTER L WITH CIRCUMFLEX BELOW +1E3D;1E3D;006C 032D;1E3D;006C 032D; # (ḽ; ḽ; l◌̭; ḽ; l◌̭; ) LATIN SMALL LETTER L WITH CIRCUMFLEX BELOW +1E3E;1E3E;004D 0301;1E3E;004D 0301; # (Ḿ; Ḿ; Mâ—ŒÌ; Ḿ; Mâ—ŒÌ; ) LATIN CAPITAL LETTER M WITH ACUTE +1E3F;1E3F;006D 0301;1E3F;006D 0301; # (ḿ; ḿ; mâ—ŒÌ; ḿ; mâ—ŒÌ; ) LATIN SMALL LETTER M WITH ACUTE +1E40;1E40;004D 0307;1E40;004D 0307; # (á¹€; á¹€; M◌̇; á¹€; M◌̇; ) LATIN CAPITAL LETTER M WITH DOT ABOVE +1E41;1E41;006D 0307;1E41;006D 0307; # (á¹; á¹; m◌̇; á¹; m◌̇; ) LATIN SMALL LETTER M WITH DOT ABOVE +1E42;1E42;004D 0323;1E42;004D 0323; # (Ṃ; Ṃ; M◌̣; Ṃ; M◌̣; ) LATIN CAPITAL LETTER M WITH DOT BELOW +1E43;1E43;006D 0323;1E43;006D 0323; # (ṃ; ṃ; m◌̣; ṃ; m◌̣; ) LATIN SMALL LETTER M WITH DOT BELOW +1E44;1E44;004E 0307;1E44;004E 0307; # (Ṅ; Ṅ; N◌̇; Ṅ; N◌̇; ) LATIN CAPITAL LETTER N WITH DOT ABOVE +1E45;1E45;006E 0307;1E45;006E 0307; # (á¹…; á¹…; n◌̇; á¹…; n◌̇; ) LATIN SMALL LETTER N WITH DOT ABOVE +1E46;1E46;004E 0323;1E46;004E 0323; # (Ṇ; Ṇ; N◌̣; Ṇ; N◌̣; ) LATIN CAPITAL LETTER N WITH DOT BELOW +1E47;1E47;006E 0323;1E47;006E 0323; # (ṇ; ṇ; n◌̣; ṇ; n◌̣; ) LATIN SMALL LETTER N WITH DOT BELOW +1E48;1E48;004E 0331;1E48;004E 0331; # (Ṉ; Ṉ; N◌̱; Ṉ; N◌̱; ) LATIN CAPITAL LETTER N WITH LINE BELOW +1E49;1E49;006E 0331;1E49;006E 0331; # (ṉ; ṉ; n◌̱; ṉ; n◌̱; ) LATIN SMALL LETTER N WITH LINE BELOW +1E4A;1E4A;004E 032D;1E4A;004E 032D; # (Ṋ; Ṋ; N◌̭; Ṋ; N◌̭; ) LATIN CAPITAL LETTER N WITH CIRCUMFLEX BELOW +1E4B;1E4B;006E 032D;1E4B;006E 032D; # (ṋ; ṋ; n◌̭; ṋ; n◌̭; ) LATIN SMALL LETTER N WITH CIRCUMFLEX BELOW +1E4C;1E4C;004F 0303 0301;1E4C;004F 0303 0301; # (Ṍ; Ṍ; O◌̃◌Ì; Ṍ; O◌̃◌Ì; ) LATIN CAPITAL LETTER O WITH TILDE AND ACUTE +1E4D;1E4D;006F 0303 0301;1E4D;006F 0303 0301; # (á¹; á¹; o◌̃◌Ì; á¹; o◌̃◌Ì; ) LATIN SMALL LETTER O WITH TILDE AND ACUTE +1E4E;1E4E;004F 0303 0308;1E4E;004F 0303 0308; # (Ṏ; Ṏ; O◌̃◌̈; Ṏ; O◌̃◌̈; ) LATIN CAPITAL LETTER O WITH TILDE AND DIAERESIS +1E4F;1E4F;006F 0303 0308;1E4F;006F 0303 0308; # (á¹; á¹; o◌̃◌̈; á¹; o◌̃◌̈; ) LATIN SMALL LETTER O WITH TILDE AND DIAERESIS +1E50;1E50;004F 0304 0300;1E50;004F 0304 0300; # (á¹; á¹; O◌̄◌̀; á¹; O◌̄◌̀; ) LATIN CAPITAL LETTER O WITH MACRON AND GRAVE +1E51;1E51;006F 0304 0300;1E51;006F 0304 0300; # (ṑ; ṑ; o◌̄◌̀; ṑ; o◌̄◌̀; ) LATIN SMALL LETTER O WITH MACRON AND GRAVE +1E52;1E52;004F 0304 0301;1E52;004F 0304 0301; # (á¹’; á¹’; O◌̄◌Ì; á¹’; O◌̄◌Ì; ) LATIN CAPITAL LETTER O WITH MACRON AND ACUTE +1E53;1E53;006F 0304 0301;1E53;006F 0304 0301; # (ṓ; ṓ; o◌̄◌Ì; ṓ; o◌̄◌Ì; ) LATIN SMALL LETTER O WITH MACRON AND ACUTE +1E54;1E54;0050 0301;1E54;0050 0301; # (á¹”; á¹”; Pâ—ŒÌ; á¹”; Pâ—ŒÌ; ) LATIN CAPITAL LETTER P WITH ACUTE +1E55;1E55;0070 0301;1E55;0070 0301; # (ṕ; ṕ; pâ—ŒÌ; ṕ; pâ—ŒÌ; ) LATIN SMALL LETTER P WITH ACUTE +1E56;1E56;0050 0307;1E56;0050 0307; # (á¹–; á¹–; P◌̇; á¹–; P◌̇; ) LATIN CAPITAL LETTER P WITH DOT ABOVE +1E57;1E57;0070 0307;1E57;0070 0307; # (á¹—; á¹—; p◌̇; á¹—; p◌̇; ) LATIN SMALL LETTER P WITH DOT ABOVE +1E58;1E58;0052 0307;1E58;0052 0307; # (Ṙ; Ṙ; R◌̇; Ṙ; R◌̇; ) LATIN CAPITAL LETTER R WITH DOT ABOVE +1E59;1E59;0072 0307;1E59;0072 0307; # (á¹™; á¹™; r◌̇; á¹™; r◌̇; ) LATIN SMALL LETTER R WITH DOT ABOVE +1E5A;1E5A;0052 0323;1E5A;0052 0323; # (Ṛ; Ṛ; R◌̣; Ṛ; R◌̣; ) LATIN CAPITAL LETTER R WITH DOT BELOW +1E5B;1E5B;0072 0323;1E5B;0072 0323; # (á¹›; á¹›; r◌̣; á¹›; r◌̣; ) LATIN SMALL LETTER R WITH DOT BELOW +1E5C;1E5C;0052 0323 0304;1E5C;0052 0323 0304; # (Ṝ; Ṝ; R◌̣◌̄; Ṝ; R◌̣◌̄; ) LATIN CAPITAL LETTER R WITH DOT BELOW AND MACRON +1E5D;1E5D;0072 0323 0304;1E5D;0072 0323 0304; # (á¹; á¹; r◌̣◌̄; á¹; r◌̣◌̄; ) LATIN SMALL LETTER R WITH DOT BELOW AND MACRON +1E5E;1E5E;0052 0331;1E5E;0052 0331; # (Ṟ; Ṟ; R◌̱; Ṟ; R◌̱; ) LATIN CAPITAL LETTER R WITH LINE BELOW +1E5F;1E5F;0072 0331;1E5F;0072 0331; # (ṟ; ṟ; r◌̱; ṟ; r◌̱; ) LATIN SMALL LETTER R WITH LINE BELOW +1E60;1E60;0053 0307;1E60;0053 0307; # (á¹ ; á¹ ; S◌̇; á¹ ; S◌̇; ) LATIN CAPITAL LETTER S WITH DOT ABOVE +1E61;1E61;0073 0307;1E61;0073 0307; # (ṡ; ṡ; s◌̇; ṡ; s◌̇; ) LATIN SMALL LETTER S WITH DOT ABOVE +1E62;1E62;0053 0323;1E62;0053 0323; # (á¹¢; á¹¢; S◌̣; á¹¢; S◌̣; ) LATIN CAPITAL LETTER S WITH DOT BELOW +1E63;1E63;0073 0323;1E63;0073 0323; # (á¹£; á¹£; s◌̣; á¹£; s◌̣; ) LATIN SMALL LETTER S WITH DOT BELOW +1E64;1E64;0053 0301 0307;1E64;0053 0301 0307; # (Ṥ; Ṥ; Sâ—ŒÌ◌̇; Ṥ; Sâ—ŒÌ◌̇; ) LATIN CAPITAL LETTER S WITH ACUTE AND DOT ABOVE +1E65;1E65;0073 0301 0307;1E65;0073 0301 0307; # (á¹¥; á¹¥; sâ—ŒÌ◌̇; á¹¥; sâ—ŒÌ◌̇; ) LATIN SMALL LETTER S WITH ACUTE AND DOT ABOVE +1E66;1E66;0053 030C 0307;1E66;0053 030C 0307; # (Ṧ; Ṧ; S◌̌◌̇; Ṧ; S◌̌◌̇; ) LATIN CAPITAL LETTER S WITH CARON AND DOT ABOVE +1E67;1E67;0073 030C 0307;1E67;0073 030C 0307; # (ṧ; ṧ; s◌̌◌̇; ṧ; s◌̌◌̇; ) LATIN SMALL LETTER S WITH CARON AND DOT ABOVE +1E68;1E68;0053 0323 0307;1E68;0053 0323 0307; # (Ṩ; Ṩ; S◌̣◌̇; Ṩ; S◌̣◌̇; ) LATIN CAPITAL LETTER S WITH DOT BELOW AND DOT ABOVE +1E69;1E69;0073 0323 0307;1E69;0073 0323 0307; # (ṩ; ṩ; s◌̣◌̇; ṩ; s◌̣◌̇; ) LATIN SMALL LETTER S WITH DOT BELOW AND DOT ABOVE +1E6A;1E6A;0054 0307;1E6A;0054 0307; # (Ṫ; Ṫ; T◌̇; Ṫ; T◌̇; ) LATIN CAPITAL LETTER T WITH DOT ABOVE +1E6B;1E6B;0074 0307;1E6B;0074 0307; # (ṫ; ṫ; t◌̇; ṫ; t◌̇; ) LATIN SMALL LETTER T WITH DOT ABOVE +1E6C;1E6C;0054 0323;1E6C;0054 0323; # (Ṭ; Ṭ; T◌̣; Ṭ; T◌̣; ) LATIN CAPITAL LETTER T WITH DOT BELOW +1E6D;1E6D;0074 0323;1E6D;0074 0323; # (á¹­; á¹­; t◌̣; á¹­; t◌̣; ) LATIN SMALL LETTER T WITH DOT BELOW +1E6E;1E6E;0054 0331;1E6E;0054 0331; # (á¹®; á¹®; T◌̱; á¹®; T◌̱; ) LATIN CAPITAL LETTER T WITH LINE BELOW +1E6F;1E6F;0074 0331;1E6F;0074 0331; # (ṯ; ṯ; t◌̱; ṯ; t◌̱; ) LATIN SMALL LETTER T WITH LINE BELOW +1E70;1E70;0054 032D;1E70;0054 032D; # (á¹°; á¹°; T◌̭; á¹°; T◌̭; ) LATIN CAPITAL LETTER T WITH CIRCUMFLEX BELOW +1E71;1E71;0074 032D;1E71;0074 032D; # (á¹±; á¹±; t◌̭; á¹±; t◌̭; ) LATIN SMALL LETTER T WITH CIRCUMFLEX BELOW +1E72;1E72;0055 0324;1E72;0055 0324; # (á¹²; á¹²; U◌̤; á¹²; U◌̤; ) LATIN CAPITAL LETTER U WITH DIAERESIS BELOW +1E73;1E73;0075 0324;1E73;0075 0324; # (á¹³; á¹³; u◌̤; á¹³; u◌̤; ) LATIN SMALL LETTER U WITH DIAERESIS BELOW +1E74;1E74;0055 0330;1E74;0055 0330; # (á¹´; á¹´; U◌̰; á¹´; U◌̰; ) LATIN CAPITAL LETTER U WITH TILDE BELOW +1E75;1E75;0075 0330;1E75;0075 0330; # (á¹µ; á¹µ; u◌̰; á¹µ; u◌̰; ) LATIN SMALL LETTER U WITH TILDE BELOW +1E76;1E76;0055 032D;1E76;0055 032D; # (Ṷ; Ṷ; U◌̭; Ṷ; U◌̭; ) LATIN CAPITAL LETTER U WITH CIRCUMFLEX BELOW +1E77;1E77;0075 032D;1E77;0075 032D; # (á¹·; á¹·; u◌̭; á¹·; u◌̭; ) LATIN SMALL LETTER U WITH CIRCUMFLEX BELOW +1E78;1E78;0055 0303 0301;1E78;0055 0303 0301; # (Ṹ; Ṹ; U◌̃◌Ì; Ṹ; U◌̃◌Ì; ) LATIN CAPITAL LETTER U WITH TILDE AND ACUTE +1E79;1E79;0075 0303 0301;1E79;0075 0303 0301; # (á¹¹; á¹¹; u◌̃◌Ì; á¹¹; u◌̃◌Ì; ) LATIN SMALL LETTER U WITH TILDE AND ACUTE +1E7A;1E7A;0055 0304 0308;1E7A;0055 0304 0308; # (Ṻ; Ṻ; U◌̄◌̈; Ṻ; U◌̄◌̈; ) LATIN CAPITAL LETTER U WITH MACRON AND DIAERESIS +1E7B;1E7B;0075 0304 0308;1E7B;0075 0304 0308; # (á¹»; á¹»; u◌̄◌̈; á¹»; u◌̄◌̈; ) LATIN SMALL LETTER U WITH MACRON AND DIAERESIS +1E7C;1E7C;0056 0303;1E7C;0056 0303; # (á¹¼; á¹¼; V◌̃; á¹¼; V◌̃; ) LATIN CAPITAL LETTER V WITH TILDE +1E7D;1E7D;0076 0303;1E7D;0076 0303; # (á¹½; á¹½; v◌̃; á¹½; v◌̃; ) LATIN SMALL LETTER V WITH TILDE +1E7E;1E7E;0056 0323;1E7E;0056 0323; # (á¹¾; á¹¾; V◌̣; á¹¾; V◌̣; ) LATIN CAPITAL LETTER V WITH DOT BELOW +1E7F;1E7F;0076 0323;1E7F;0076 0323; # (ṿ; ṿ; v◌̣; ṿ; v◌̣; ) LATIN SMALL LETTER V WITH DOT BELOW +1E80;1E80;0057 0300;1E80;0057 0300; # (Ẁ; Ẁ; W◌̀; Ẁ; W◌̀; ) LATIN CAPITAL LETTER W WITH GRAVE +1E81;1E81;0077 0300;1E81;0077 0300; # (áº; áº; w◌̀; áº; w◌̀; ) LATIN SMALL LETTER W WITH GRAVE +1E82;1E82;0057 0301;1E82;0057 0301; # (Ẃ; Ẃ; Wâ—ŒÌ; Ẃ; Wâ—ŒÌ; ) LATIN CAPITAL LETTER W WITH ACUTE +1E83;1E83;0077 0301;1E83;0077 0301; # (ẃ; ẃ; wâ—ŒÌ; ẃ; wâ—ŒÌ; ) LATIN SMALL LETTER W WITH ACUTE +1E84;1E84;0057 0308;1E84;0057 0308; # (Ẅ; Ẅ; W◌̈; Ẅ; W◌̈; ) LATIN CAPITAL LETTER W WITH DIAERESIS +1E85;1E85;0077 0308;1E85;0077 0308; # (ẅ; ẅ; w◌̈; ẅ; w◌̈; ) LATIN SMALL LETTER W WITH DIAERESIS +1E86;1E86;0057 0307;1E86;0057 0307; # (Ẇ; Ẇ; W◌̇; Ẇ; W◌̇; ) LATIN CAPITAL LETTER W WITH DOT ABOVE +1E87;1E87;0077 0307;1E87;0077 0307; # (ẇ; ẇ; w◌̇; ẇ; w◌̇; ) LATIN SMALL LETTER W WITH DOT ABOVE +1E88;1E88;0057 0323;1E88;0057 0323; # (Ẉ; Ẉ; W◌̣; Ẉ; W◌̣; ) LATIN CAPITAL LETTER W WITH DOT BELOW +1E89;1E89;0077 0323;1E89;0077 0323; # (ẉ; ẉ; w◌̣; ẉ; w◌̣; ) LATIN SMALL LETTER W WITH DOT BELOW +1E8A;1E8A;0058 0307;1E8A;0058 0307; # (Ẋ; Ẋ; X◌̇; Ẋ; X◌̇; ) LATIN CAPITAL LETTER X WITH DOT ABOVE +1E8B;1E8B;0078 0307;1E8B;0078 0307; # (ẋ; ẋ; x◌̇; ẋ; x◌̇; ) LATIN SMALL LETTER X WITH DOT ABOVE +1E8C;1E8C;0058 0308;1E8C;0058 0308; # (Ẍ; Ẍ; X◌̈; Ẍ; X◌̈; ) LATIN CAPITAL LETTER X WITH DIAERESIS +1E8D;1E8D;0078 0308;1E8D;0078 0308; # (áº; áº; x◌̈; áº; x◌̈; ) LATIN SMALL LETTER X WITH DIAERESIS +1E8E;1E8E;0059 0307;1E8E;0059 0307; # (Ẏ; Ẏ; Y◌̇; Ẏ; Y◌̇; ) LATIN CAPITAL LETTER Y WITH DOT ABOVE +1E8F;1E8F;0079 0307;1E8F;0079 0307; # (áº; áº; y◌̇; áº; y◌̇; ) LATIN SMALL LETTER Y WITH DOT ABOVE +1E90;1E90;005A 0302;1E90;005A 0302; # (áº; áº; Z◌̂; áº; Z◌̂; ) LATIN CAPITAL LETTER Z WITH CIRCUMFLEX +1E91;1E91;007A 0302;1E91;007A 0302; # (ẑ; ẑ; z◌̂; ẑ; z◌̂; ) LATIN SMALL LETTER Z WITH CIRCUMFLEX +1E92;1E92;005A 0323;1E92;005A 0323; # (Ẓ; Ẓ; Z◌̣; Ẓ; Z◌̣; ) LATIN CAPITAL LETTER Z WITH DOT BELOW +1E93;1E93;007A 0323;1E93;007A 0323; # (ẓ; ẓ; z◌̣; ẓ; z◌̣; ) LATIN SMALL LETTER Z WITH DOT BELOW +1E94;1E94;005A 0331;1E94;005A 0331; # (Ẕ; Ẕ; Z◌̱; Ẕ; Z◌̱; ) LATIN CAPITAL LETTER Z WITH LINE BELOW +1E95;1E95;007A 0331;1E95;007A 0331; # (ẕ; ẕ; z◌̱; ẕ; z◌̱; ) LATIN SMALL LETTER Z WITH LINE BELOW +1E96;1E96;0068 0331;1E96;0068 0331; # (ẖ; ẖ; h◌̱; ẖ; h◌̱; ) LATIN SMALL LETTER H WITH LINE BELOW +1E97;1E97;0074 0308;1E97;0074 0308; # (ẗ; ẗ; t◌̈; ẗ; t◌̈; ) LATIN SMALL LETTER T WITH DIAERESIS +1E98;1E98;0077 030A;1E98;0077 030A; # (ẘ; ẘ; w◌̊; ẘ; w◌̊; ) LATIN SMALL LETTER W WITH RING ABOVE +1E99;1E99;0079 030A;1E99;0079 030A; # (ẙ; ẙ; y◌̊; ẙ; y◌̊; ) LATIN SMALL LETTER Y WITH RING ABOVE +1E9A;1E9A;1E9A;0061 02BE;0061 02BE; # (ẚ; ẚ; ẚ; aʾ; aʾ; ) LATIN SMALL LETTER A WITH RIGHT HALF RING +1E9B;1E9B;017F 0307;1E61;0073 0307; # (ẛ; ẛ; ſ◌̇; ṡ; s◌̇; ) LATIN SMALL LETTER LONG S WITH DOT ABOVE +1EA0;1EA0;0041 0323;1EA0;0041 0323; # (Ạ; Ạ; A◌̣; Ạ; A◌̣; ) LATIN CAPITAL LETTER A WITH DOT BELOW +1EA1;1EA1;0061 0323;1EA1;0061 0323; # (ạ; ạ; a◌̣; ạ; a◌̣; ) LATIN SMALL LETTER A WITH DOT BELOW +1EA2;1EA2;0041 0309;1EA2;0041 0309; # (Ả; Ả; A◌̉; Ả; A◌̉; ) LATIN CAPITAL LETTER A WITH HOOK ABOVE +1EA3;1EA3;0061 0309;1EA3;0061 0309; # (ả; ả; a◌̉; ả; a◌̉; ) LATIN SMALL LETTER A WITH HOOK ABOVE +1EA4;1EA4;0041 0302 0301;1EA4;0041 0302 0301; # (Ấ; Ấ; A◌̂◌Ì; Ấ; A◌̂◌Ì; ) LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND ACUTE +1EA5;1EA5;0061 0302 0301;1EA5;0061 0302 0301; # (ấ; ấ; a◌̂◌Ì; ấ; a◌̂◌Ì; ) LATIN SMALL LETTER A WITH CIRCUMFLEX AND ACUTE +1EA6;1EA6;0041 0302 0300;1EA6;0041 0302 0300; # (Ầ; Ầ; A◌̂◌̀; Ầ; A◌̂◌̀; ) LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND GRAVE +1EA7;1EA7;0061 0302 0300;1EA7;0061 0302 0300; # (ầ; ầ; a◌̂◌̀; ầ; a◌̂◌̀; ) LATIN SMALL LETTER A WITH CIRCUMFLEX AND GRAVE +1EA8;1EA8;0041 0302 0309;1EA8;0041 0302 0309; # (Ẩ; Ẩ; A◌̂◌̉; Ẩ; A◌̂◌̉; ) LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND HOOK ABOVE +1EA9;1EA9;0061 0302 0309;1EA9;0061 0302 0309; # (ẩ; ẩ; a◌̂◌̉; ẩ; a◌̂◌̉; ) LATIN SMALL LETTER A WITH CIRCUMFLEX AND HOOK ABOVE +1EAA;1EAA;0041 0302 0303;1EAA;0041 0302 0303; # (Ẫ; Ẫ; A◌̂◌̃; Ẫ; A◌̂◌̃; ) LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND TILDE +1EAB;1EAB;0061 0302 0303;1EAB;0061 0302 0303; # (ẫ; ẫ; a◌̂◌̃; ẫ; a◌̂◌̃; ) LATIN SMALL LETTER A WITH CIRCUMFLEX AND TILDE +1EAC;1EAC;0041 0323 0302;1EAC;0041 0323 0302; # (Ậ; Ậ; A◌̣◌̂; Ậ; A◌̣◌̂; ) LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND DOT BELOW +1EAD;1EAD;0061 0323 0302;1EAD;0061 0323 0302; # (ậ; ậ; a◌̣◌̂; ậ; a◌̣◌̂; ) LATIN SMALL LETTER A WITH CIRCUMFLEX AND DOT BELOW +1EAE;1EAE;0041 0306 0301;1EAE;0041 0306 0301; # (Ắ; Ắ; A◌̆◌Ì; Ắ; A◌̆◌Ì; ) LATIN CAPITAL LETTER A WITH BREVE AND ACUTE +1EAF;1EAF;0061 0306 0301;1EAF;0061 0306 0301; # (ắ; ắ; a◌̆◌Ì; ắ; a◌̆◌Ì; ) LATIN SMALL LETTER A WITH BREVE AND ACUTE +1EB0;1EB0;0041 0306 0300;1EB0;0041 0306 0300; # (Ằ; Ằ; A◌̆◌̀; Ằ; A◌̆◌̀; ) LATIN CAPITAL LETTER A WITH BREVE AND GRAVE +1EB1;1EB1;0061 0306 0300;1EB1;0061 0306 0300; # (ằ; ằ; a◌̆◌̀; ằ; a◌̆◌̀; ) LATIN SMALL LETTER A WITH BREVE AND GRAVE +1EB2;1EB2;0041 0306 0309;1EB2;0041 0306 0309; # (Ẳ; Ẳ; A◌̆◌̉; Ẳ; A◌̆◌̉; ) LATIN CAPITAL LETTER A WITH BREVE AND HOOK ABOVE +1EB3;1EB3;0061 0306 0309;1EB3;0061 0306 0309; # (ẳ; ẳ; a◌̆◌̉; ẳ; a◌̆◌̉; ) LATIN SMALL LETTER A WITH BREVE AND HOOK ABOVE +1EB4;1EB4;0041 0306 0303;1EB4;0041 0306 0303; # (Ẵ; Ẵ; A◌̆◌̃; Ẵ; A◌̆◌̃; ) LATIN CAPITAL LETTER A WITH BREVE AND TILDE +1EB5;1EB5;0061 0306 0303;1EB5;0061 0306 0303; # (ẵ; ẵ; a◌̆◌̃; ẵ; a◌̆◌̃; ) LATIN SMALL LETTER A WITH BREVE AND TILDE +1EB6;1EB6;0041 0323 0306;1EB6;0041 0323 0306; # (Ặ; Ặ; A◌̣◌̆; Ặ; A◌̣◌̆; ) LATIN CAPITAL LETTER A WITH BREVE AND DOT BELOW +1EB7;1EB7;0061 0323 0306;1EB7;0061 0323 0306; # (ặ; ặ; a◌̣◌̆; ặ; a◌̣◌̆; ) LATIN SMALL LETTER A WITH BREVE AND DOT BELOW +1EB8;1EB8;0045 0323;1EB8;0045 0323; # (Ẹ; Ẹ; E◌̣; Ẹ; E◌̣; ) LATIN CAPITAL LETTER E WITH DOT BELOW +1EB9;1EB9;0065 0323;1EB9;0065 0323; # (ẹ; ẹ; e◌̣; ẹ; e◌̣; ) LATIN SMALL LETTER E WITH DOT BELOW +1EBA;1EBA;0045 0309;1EBA;0045 0309; # (Ẻ; Ẻ; E◌̉; Ẻ; E◌̉; ) LATIN CAPITAL LETTER E WITH HOOK ABOVE +1EBB;1EBB;0065 0309;1EBB;0065 0309; # (ẻ; ẻ; e◌̉; ẻ; e◌̉; ) LATIN SMALL LETTER E WITH HOOK ABOVE +1EBC;1EBC;0045 0303;1EBC;0045 0303; # (Ẽ; Ẽ; E◌̃; Ẽ; E◌̃; ) LATIN CAPITAL LETTER E WITH TILDE +1EBD;1EBD;0065 0303;1EBD;0065 0303; # (ẽ; ẽ; e◌̃; ẽ; e◌̃; ) LATIN SMALL LETTER E WITH TILDE +1EBE;1EBE;0045 0302 0301;1EBE;0045 0302 0301; # (Ế; Ế; E◌̂◌Ì; Ế; E◌̂◌Ì; ) LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND ACUTE +1EBF;1EBF;0065 0302 0301;1EBF;0065 0302 0301; # (ế; ế; e◌̂◌Ì; ế; e◌̂◌Ì; ) LATIN SMALL LETTER E WITH CIRCUMFLEX AND ACUTE +1EC0;1EC0;0045 0302 0300;1EC0;0045 0302 0300; # (Ề; Ề; E◌̂◌̀; Ề; E◌̂◌̀; ) LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND GRAVE +1EC1;1EC1;0065 0302 0300;1EC1;0065 0302 0300; # (á»; á»; e◌̂◌̀; á»; e◌̂◌̀; ) LATIN SMALL LETTER E WITH CIRCUMFLEX AND GRAVE +1EC2;1EC2;0045 0302 0309;1EC2;0045 0302 0309; # (Ể; Ể; E◌̂◌̉; Ể; E◌̂◌̉; ) LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND HOOK ABOVE +1EC3;1EC3;0065 0302 0309;1EC3;0065 0302 0309; # (ể; ể; e◌̂◌̉; ể; e◌̂◌̉; ) LATIN SMALL LETTER E WITH CIRCUMFLEX AND HOOK ABOVE +1EC4;1EC4;0045 0302 0303;1EC4;0045 0302 0303; # (Ễ; Ễ; E◌̂◌̃; Ễ; E◌̂◌̃; ) LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND TILDE +1EC5;1EC5;0065 0302 0303;1EC5;0065 0302 0303; # (á»…; á»…; e◌̂◌̃; á»…; e◌̂◌̃; ) LATIN SMALL LETTER E WITH CIRCUMFLEX AND TILDE +1EC6;1EC6;0045 0323 0302;1EC6;0045 0323 0302; # (Ệ; Ệ; E◌̣◌̂; Ệ; E◌̣◌̂; ) LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND DOT BELOW +1EC7;1EC7;0065 0323 0302;1EC7;0065 0323 0302; # (ệ; ệ; e◌̣◌̂; ệ; e◌̣◌̂; ) LATIN SMALL LETTER E WITH CIRCUMFLEX AND DOT BELOW +1EC8;1EC8;0049 0309;1EC8;0049 0309; # (Ỉ; Ỉ; I◌̉; Ỉ; I◌̉; ) LATIN CAPITAL LETTER I WITH HOOK ABOVE +1EC9;1EC9;0069 0309;1EC9;0069 0309; # (ỉ; ỉ; i◌̉; ỉ; i◌̉; ) LATIN SMALL LETTER I WITH HOOK ABOVE +1ECA;1ECA;0049 0323;1ECA;0049 0323; # (Ị; Ị; I◌̣; Ị; I◌̣; ) LATIN CAPITAL LETTER I WITH DOT BELOW +1ECB;1ECB;0069 0323;1ECB;0069 0323; # (ị; ị; i◌̣; ị; i◌̣; ) LATIN SMALL LETTER I WITH DOT BELOW +1ECC;1ECC;004F 0323;1ECC;004F 0323; # (Ọ; Ọ; O◌̣; Ọ; O◌̣; ) LATIN CAPITAL LETTER O WITH DOT BELOW +1ECD;1ECD;006F 0323;1ECD;006F 0323; # (á»; á»; o◌̣; á»; o◌̣; ) LATIN SMALL LETTER O WITH DOT BELOW +1ECE;1ECE;004F 0309;1ECE;004F 0309; # (Ỏ; Ỏ; O◌̉; Ỏ; O◌̉; ) LATIN CAPITAL LETTER O WITH HOOK ABOVE +1ECF;1ECF;006F 0309;1ECF;006F 0309; # (á»; á»; o◌̉; á»; o◌̉; ) LATIN SMALL LETTER O WITH HOOK ABOVE +1ED0;1ED0;004F 0302 0301;1ED0;004F 0302 0301; # (á»; á»; O◌̂◌Ì; á»; O◌̂◌Ì; ) LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND ACUTE +1ED1;1ED1;006F 0302 0301;1ED1;006F 0302 0301; # (ố; ố; o◌̂◌Ì; ố; o◌̂◌Ì; ) LATIN SMALL LETTER O WITH CIRCUMFLEX AND ACUTE +1ED2;1ED2;004F 0302 0300;1ED2;004F 0302 0300; # (á»’; á»’; O◌̂◌̀; á»’; O◌̂◌̀; ) LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND GRAVE +1ED3;1ED3;006F 0302 0300;1ED3;006F 0302 0300; # (ồ; ồ; o◌̂◌̀; ồ; o◌̂◌̀; ) LATIN SMALL LETTER O WITH CIRCUMFLEX AND GRAVE +1ED4;1ED4;004F 0302 0309;1ED4;004F 0302 0309; # (á»”; á»”; O◌̂◌̉; á»”; O◌̂◌̉; ) LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND HOOK ABOVE +1ED5;1ED5;006F 0302 0309;1ED5;006F 0302 0309; # (ổ; ổ; o◌̂◌̉; ổ; o◌̂◌̉; ) LATIN SMALL LETTER O WITH CIRCUMFLEX AND HOOK ABOVE +1ED6;1ED6;004F 0302 0303;1ED6;004F 0302 0303; # (á»–; á»–; O◌̂◌̃; á»–; O◌̂◌̃; ) LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND TILDE +1ED7;1ED7;006F 0302 0303;1ED7;006F 0302 0303; # (á»—; á»—; o◌̂◌̃; á»—; o◌̂◌̃; ) LATIN SMALL LETTER O WITH CIRCUMFLEX AND TILDE +1ED8;1ED8;004F 0323 0302;1ED8;004F 0323 0302; # (Ộ; Ộ; O◌̣◌̂; Ộ; O◌̣◌̂; ) LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND DOT BELOW +1ED9;1ED9;006F 0323 0302;1ED9;006F 0323 0302; # (á»™; á»™; o◌̣◌̂; á»™; o◌̣◌̂; ) LATIN SMALL LETTER O WITH CIRCUMFLEX AND DOT BELOW +1EDA;1EDA;004F 031B 0301;1EDA;004F 031B 0301; # (Ớ; Ớ; O◌̛◌Ì; Ớ; O◌̛◌Ì; ) LATIN CAPITAL LETTER O WITH HORN AND ACUTE +1EDB;1EDB;006F 031B 0301;1EDB;006F 031B 0301; # (á»›; á»›; o◌̛◌Ì; á»›; o◌̛◌Ì; ) LATIN SMALL LETTER O WITH HORN AND ACUTE +1EDC;1EDC;004F 031B 0300;1EDC;004F 031B 0300; # (Ờ; Ờ; O◌̛◌̀; Ờ; O◌̛◌̀; ) LATIN CAPITAL LETTER O WITH HORN AND GRAVE +1EDD;1EDD;006F 031B 0300;1EDD;006F 031B 0300; # (á»; á»; o◌̛◌̀; á»; o◌̛◌̀; ) LATIN SMALL LETTER O WITH HORN AND GRAVE +1EDE;1EDE;004F 031B 0309;1EDE;004F 031B 0309; # (Ở; Ở; O◌̛◌̉; Ở; O◌̛◌̉; ) LATIN CAPITAL LETTER O WITH HORN AND HOOK ABOVE +1EDF;1EDF;006F 031B 0309;1EDF;006F 031B 0309; # (ở; ở; o◌̛◌̉; ở; o◌̛◌̉; ) LATIN SMALL LETTER O WITH HORN AND HOOK ABOVE +1EE0;1EE0;004F 031B 0303;1EE0;004F 031B 0303; # (á» ; á» ; O◌̛◌̃; á» ; O◌̛◌̃; ) LATIN CAPITAL LETTER O WITH HORN AND TILDE +1EE1;1EE1;006F 031B 0303;1EE1;006F 031B 0303; # (ỡ; ỡ; o◌̛◌̃; ỡ; o◌̛◌̃; ) LATIN SMALL LETTER O WITH HORN AND TILDE +1EE2;1EE2;004F 031B 0323;1EE2;004F 031B 0323; # (Ợ; Ợ; O◌̛◌̣; Ợ; O◌̛◌̣; ) LATIN CAPITAL LETTER O WITH HORN AND DOT BELOW +1EE3;1EE3;006F 031B 0323;1EE3;006F 031B 0323; # (ợ; ợ; o◌̛◌̣; ợ; o◌̛◌̣; ) LATIN SMALL LETTER O WITH HORN AND DOT BELOW +1EE4;1EE4;0055 0323;1EE4;0055 0323; # (Ụ; Ụ; U◌̣; Ụ; U◌̣; ) LATIN CAPITAL LETTER U WITH DOT BELOW +1EE5;1EE5;0075 0323;1EE5;0075 0323; # (ụ; ụ; u◌̣; ụ; u◌̣; ) LATIN SMALL LETTER U WITH DOT BELOW +1EE6;1EE6;0055 0309;1EE6;0055 0309; # (Ủ; Ủ; U◌̉; Ủ; U◌̉; ) LATIN CAPITAL LETTER U WITH HOOK ABOVE +1EE7;1EE7;0075 0309;1EE7;0075 0309; # (ủ; ủ; u◌̉; ủ; u◌̉; ) LATIN SMALL LETTER U WITH HOOK ABOVE +1EE8;1EE8;0055 031B 0301;1EE8;0055 031B 0301; # (Ứ; Ứ; U◌̛◌Ì; Ứ; U◌̛◌Ì; ) LATIN CAPITAL LETTER U WITH HORN AND ACUTE +1EE9;1EE9;0075 031B 0301;1EE9;0075 031B 0301; # (ứ; ứ; u◌̛◌Ì; ứ; u◌̛◌Ì; ) LATIN SMALL LETTER U WITH HORN AND ACUTE +1EEA;1EEA;0055 031B 0300;1EEA;0055 031B 0300; # (Ừ; Ừ; U◌̛◌̀; Ừ; U◌̛◌̀; ) LATIN CAPITAL LETTER U WITH HORN AND GRAVE +1EEB;1EEB;0075 031B 0300;1EEB;0075 031B 0300; # (ừ; ừ; u◌̛◌̀; ừ; u◌̛◌̀; ) LATIN SMALL LETTER U WITH HORN AND GRAVE +1EEC;1EEC;0055 031B 0309;1EEC;0055 031B 0309; # (Ử; Ử; U◌̛◌̉; Ử; U◌̛◌̉; ) LATIN CAPITAL LETTER U WITH HORN AND HOOK ABOVE +1EED;1EED;0075 031B 0309;1EED;0075 031B 0309; # (á»­; á»­; u◌̛◌̉; á»­; u◌̛◌̉; ) LATIN SMALL LETTER U WITH HORN AND HOOK ABOVE +1EEE;1EEE;0055 031B 0303;1EEE;0055 031B 0303; # (á»®; á»®; U◌̛◌̃; á»®; U◌̛◌̃; ) LATIN CAPITAL LETTER U WITH HORN AND TILDE +1EEF;1EEF;0075 031B 0303;1EEF;0075 031B 0303; # (ữ; ữ; u◌̛◌̃; ữ; u◌̛◌̃; ) LATIN SMALL LETTER U WITH HORN AND TILDE +1EF0;1EF0;0055 031B 0323;1EF0;0055 031B 0323; # (á»°; á»°; U◌̛◌̣; á»°; U◌̛◌̣; ) LATIN CAPITAL LETTER U WITH HORN AND DOT BELOW +1EF1;1EF1;0075 031B 0323;1EF1;0075 031B 0323; # (á»±; á»±; u◌̛◌̣; á»±; u◌̛◌̣; ) LATIN SMALL LETTER U WITH HORN AND DOT BELOW +1EF2;1EF2;0059 0300;1EF2;0059 0300; # (Ỳ; Ỳ; Y◌̀; Ỳ; Y◌̀; ) LATIN CAPITAL LETTER Y WITH GRAVE +1EF3;1EF3;0079 0300;1EF3;0079 0300; # (ỳ; ỳ; y◌̀; ỳ; y◌̀; ) LATIN SMALL LETTER Y WITH GRAVE +1EF4;1EF4;0059 0323;1EF4;0059 0323; # (á»´; á»´; Y◌̣; á»´; Y◌̣; ) LATIN CAPITAL LETTER Y WITH DOT BELOW +1EF5;1EF5;0079 0323;1EF5;0079 0323; # (ỵ; ỵ; y◌̣; ỵ; y◌̣; ) LATIN SMALL LETTER Y WITH DOT BELOW +1EF6;1EF6;0059 0309;1EF6;0059 0309; # (Ỷ; Ỷ; Y◌̉; Ỷ; Y◌̉; ) LATIN CAPITAL LETTER Y WITH HOOK ABOVE +1EF7;1EF7;0079 0309;1EF7;0079 0309; # (á»·; á»·; y◌̉; á»·; y◌̉; ) LATIN SMALL LETTER Y WITH HOOK ABOVE +1EF8;1EF8;0059 0303;1EF8;0059 0303; # (Ỹ; Ỹ; Y◌̃; Ỹ; Y◌̃; ) LATIN CAPITAL LETTER Y WITH TILDE +1EF9;1EF9;0079 0303;1EF9;0079 0303; # (ỹ; ỹ; y◌̃; ỹ; y◌̃; ) LATIN SMALL LETTER Y WITH TILDE +1F00;1F00;03B1 0313;1F00;03B1 0313; # (á¼€; á¼€; α◌̓; á¼€; α◌̓; ) GREEK SMALL LETTER ALPHA WITH PSILI +1F01;1F01;03B1 0314;1F01;03B1 0314; # (á¼; á¼; α◌̔; á¼; α◌̔; ) GREEK SMALL LETTER ALPHA WITH DASIA +1F02;1F02;03B1 0313 0300;1F02;03B1 0313 0300; # (ἂ; ἂ; α◌̓◌̀; ἂ; α◌̓◌̀; ) GREEK SMALL LETTER ALPHA WITH PSILI AND VARIA +1F03;1F03;03B1 0314 0300;1F03;03B1 0314 0300; # (ἃ; ἃ; α◌̔◌̀; ἃ; α◌̔◌̀; ) GREEK SMALL LETTER ALPHA WITH DASIA AND VARIA +1F04;1F04;03B1 0313 0301;1F04;03B1 0313 0301; # (ἄ; ἄ; α◌̓◌Ì; ἄ; α◌̓◌Ì; ) GREEK SMALL LETTER ALPHA WITH PSILI AND OXIA +1F05;1F05;03B1 0314 0301;1F05;03B1 0314 0301; # (á¼…; á¼…; α◌̔◌Ì; á¼…; α◌̔◌Ì; ) GREEK SMALL LETTER ALPHA WITH DASIA AND OXIA +1F06;1F06;03B1 0313 0342;1F06;03B1 0313 0342; # (ἆ; ἆ; α◌̓◌͂; ἆ; α◌̓◌͂; ) GREEK SMALL LETTER ALPHA WITH PSILI AND PERISPOMENI +1F07;1F07;03B1 0314 0342;1F07;03B1 0314 0342; # (ἇ; ἇ; α◌̔◌͂; ἇ; α◌̔◌͂; ) GREEK SMALL LETTER ALPHA WITH DASIA AND PERISPOMENI +1F08;1F08;0391 0313;1F08;0391 0313; # (Ἀ; Ἀ; Α◌̓; Ἀ; Α◌̓; ) GREEK CAPITAL LETTER ALPHA WITH PSILI +1F09;1F09;0391 0314;1F09;0391 0314; # (Ἁ; Ἁ; Α◌̔; Ἁ; Α◌̔; ) GREEK CAPITAL LETTER ALPHA WITH DASIA +1F0A;1F0A;0391 0313 0300;1F0A;0391 0313 0300; # (Ἂ; Ἂ; Α◌̓◌̀; Ἂ; Α◌̓◌̀; ) GREEK CAPITAL LETTER ALPHA WITH PSILI AND VARIA +1F0B;1F0B;0391 0314 0300;1F0B;0391 0314 0300; # (Ἃ; Ἃ; Α◌̔◌̀; Ἃ; Α◌̔◌̀; ) GREEK CAPITAL LETTER ALPHA WITH DASIA AND VARIA +1F0C;1F0C;0391 0313 0301;1F0C;0391 0313 0301; # (Ἄ; Ἄ; Α◌̓◌Ì; Ἄ; Α◌̓◌Ì; ) GREEK CAPITAL LETTER ALPHA WITH PSILI AND OXIA +1F0D;1F0D;0391 0314 0301;1F0D;0391 0314 0301; # (á¼; á¼; Α◌̔◌Ì; á¼; Α◌̔◌Ì; ) GREEK CAPITAL LETTER ALPHA WITH DASIA AND OXIA +1F0E;1F0E;0391 0313 0342;1F0E;0391 0313 0342; # (Ἆ; Ἆ; Α◌̓◌͂; Ἆ; Α◌̓◌͂; ) GREEK CAPITAL LETTER ALPHA WITH PSILI AND PERISPOMENI +1F0F;1F0F;0391 0314 0342;1F0F;0391 0314 0342; # (á¼; á¼; Α◌̔◌͂; á¼; Α◌̔◌͂; ) GREEK CAPITAL LETTER ALPHA WITH DASIA AND PERISPOMENI +1F10;1F10;03B5 0313;1F10;03B5 0313; # (á¼; á¼; ε◌̓; á¼; ε◌̓; ) GREEK SMALL LETTER EPSILON WITH PSILI +1F11;1F11;03B5 0314;1F11;03B5 0314; # (ἑ; ἑ; ε◌̔; ἑ; ε◌̔; ) GREEK SMALL LETTER EPSILON WITH DASIA +1F12;1F12;03B5 0313 0300;1F12;03B5 0313 0300; # (á¼’; á¼’; ε◌̓◌̀; á¼’; ε◌̓◌̀; ) GREEK SMALL LETTER EPSILON WITH PSILI AND VARIA +1F13;1F13;03B5 0314 0300;1F13;03B5 0314 0300; # (ἓ; ἓ; ε◌̔◌̀; ἓ; ε◌̔◌̀; ) GREEK SMALL LETTER EPSILON WITH DASIA AND VARIA +1F14;1F14;03B5 0313 0301;1F14;03B5 0313 0301; # (á¼”; á¼”; ε◌̓◌Ì; á¼”; ε◌̓◌Ì; ) GREEK SMALL LETTER EPSILON WITH PSILI AND OXIA +1F15;1F15;03B5 0314 0301;1F15;03B5 0314 0301; # (ἕ; ἕ; ε◌̔◌Ì; ἕ; ε◌̔◌Ì; ) GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA +1F18;1F18;0395 0313;1F18;0395 0313; # (Ἐ; Ἐ; Ε◌̓; Ἐ; Ε◌̓; ) GREEK CAPITAL LETTER EPSILON WITH PSILI +1F19;1F19;0395 0314;1F19;0395 0314; # (á¼™; á¼™; Ε◌̔; á¼™; Ε◌̔; ) GREEK CAPITAL LETTER EPSILON WITH DASIA +1F1A;1F1A;0395 0313 0300;1F1A;0395 0313 0300; # (Ἒ; Ἒ; Ε◌̓◌̀; Ἒ; Ε◌̓◌̀; ) GREEK CAPITAL LETTER EPSILON WITH PSILI AND VARIA +1F1B;1F1B;0395 0314 0300;1F1B;0395 0314 0300; # (á¼›; á¼›; Ε◌̔◌̀; á¼›; Ε◌̔◌̀; ) GREEK CAPITAL LETTER EPSILON WITH DASIA AND VARIA +1F1C;1F1C;0395 0313 0301;1F1C;0395 0313 0301; # (Ἔ; Ἔ; Ε◌̓◌Ì; Ἔ; Ε◌̓◌Ì; ) GREEK CAPITAL LETTER EPSILON WITH PSILI AND OXIA +1F1D;1F1D;0395 0314 0301;1F1D;0395 0314 0301; # (á¼; á¼; Ε◌̔◌Ì; á¼; Ε◌̔◌Ì; ) GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA +1F20;1F20;03B7 0313;1F20;03B7 0313; # (á¼ ; á¼ ; η◌̓; á¼ ; η◌̓; ) GREEK SMALL LETTER ETA WITH PSILI +1F21;1F21;03B7 0314;1F21;03B7 0314; # (ἡ; ἡ; η◌̔; ἡ; η◌̔; ) GREEK SMALL LETTER ETA WITH DASIA +1F22;1F22;03B7 0313 0300;1F22;03B7 0313 0300; # (á¼¢; á¼¢; η◌̓◌̀; á¼¢; η◌̓◌̀; ) GREEK SMALL LETTER ETA WITH PSILI AND VARIA +1F23;1F23;03B7 0314 0300;1F23;03B7 0314 0300; # (á¼£; á¼£; η◌̔◌̀; á¼£; η◌̔◌̀; ) GREEK SMALL LETTER ETA WITH DASIA AND VARIA +1F24;1F24;03B7 0313 0301;1F24;03B7 0313 0301; # (ἤ; ἤ; η◌̓◌Ì; ἤ; η◌̓◌Ì; ) GREEK SMALL LETTER ETA WITH PSILI AND OXIA +1F25;1F25;03B7 0314 0301;1F25;03B7 0314 0301; # (á¼¥; á¼¥; η◌̔◌Ì; á¼¥; η◌̔◌Ì; ) GREEK SMALL LETTER ETA WITH DASIA AND OXIA +1F26;1F26;03B7 0313 0342;1F26;03B7 0313 0342; # (ἦ; ἦ; η◌̓◌͂; ἦ; η◌̓◌͂; ) GREEK SMALL LETTER ETA WITH PSILI AND PERISPOMENI +1F27;1F27;03B7 0314 0342;1F27;03B7 0314 0342; # (ἧ; ἧ; η◌̔◌͂; ἧ; η◌̔◌͂; ) GREEK SMALL LETTER ETA WITH DASIA AND PERISPOMENI +1F28;1F28;0397 0313;1F28;0397 0313; # (Ἠ; Ἠ; Η◌̓; Ἠ; Η◌̓; ) GREEK CAPITAL LETTER ETA WITH PSILI +1F29;1F29;0397 0314;1F29;0397 0314; # (Ἡ; Ἡ; Η◌̔; Ἡ; Η◌̔; ) GREEK CAPITAL LETTER ETA WITH DASIA +1F2A;1F2A;0397 0313 0300;1F2A;0397 0313 0300; # (Ἢ; Ἢ; Η◌̓◌̀; Ἢ; Η◌̓◌̀; ) GREEK CAPITAL LETTER ETA WITH PSILI AND VARIA +1F2B;1F2B;0397 0314 0300;1F2B;0397 0314 0300; # (Ἣ; Ἣ; Η◌̔◌̀; Ἣ; Η◌̔◌̀; ) GREEK CAPITAL LETTER ETA WITH DASIA AND VARIA +1F2C;1F2C;0397 0313 0301;1F2C;0397 0313 0301; # (Ἤ; Ἤ; Η◌̓◌Ì; Ἤ; Η◌̓◌Ì; ) GREEK CAPITAL LETTER ETA WITH PSILI AND OXIA +1F2D;1F2D;0397 0314 0301;1F2D;0397 0314 0301; # (á¼­; á¼­; Η◌̔◌Ì; á¼­; Η◌̔◌Ì; ) GREEK CAPITAL LETTER ETA WITH DASIA AND OXIA +1F2E;1F2E;0397 0313 0342;1F2E;0397 0313 0342; # (á¼®; á¼®; Η◌̓◌͂; á¼®; Η◌̓◌͂; ) GREEK CAPITAL LETTER ETA WITH PSILI AND PERISPOMENI +1F2F;1F2F;0397 0314 0342;1F2F;0397 0314 0342; # (Ἧ; Ἧ; Η◌̔◌͂; Ἧ; Η◌̔◌͂; ) GREEK CAPITAL LETTER ETA WITH DASIA AND PERISPOMENI +1F30;1F30;03B9 0313;1F30;03B9 0313; # (á¼°; á¼°; ι◌̓; á¼°; ι◌̓; ) GREEK SMALL LETTER IOTA WITH PSILI +1F31;1F31;03B9 0314;1F31;03B9 0314; # (á¼±; á¼±; ι◌̔; á¼±; ι◌̔; ) GREEK SMALL LETTER IOTA WITH DASIA +1F32;1F32;03B9 0313 0300;1F32;03B9 0313 0300; # (á¼²; á¼²; ι◌̓◌̀; á¼²; ι◌̓◌̀; ) GREEK SMALL LETTER IOTA WITH PSILI AND VARIA +1F33;1F33;03B9 0314 0300;1F33;03B9 0314 0300; # (á¼³; á¼³; ι◌̔◌̀; á¼³; ι◌̔◌̀; ) GREEK SMALL LETTER IOTA WITH DASIA AND VARIA +1F34;1F34;03B9 0313 0301;1F34;03B9 0313 0301; # (á¼´; á¼´; ι◌̓◌Ì; á¼´; ι◌̓◌Ì; ) GREEK SMALL LETTER IOTA WITH PSILI AND OXIA +1F35;1F35;03B9 0314 0301;1F35;03B9 0314 0301; # (á¼µ; á¼µ; ι◌̔◌Ì; á¼µ; ι◌̔◌Ì; ) GREEK SMALL LETTER IOTA WITH DASIA AND OXIA +1F36;1F36;03B9 0313 0342;1F36;03B9 0313 0342; # (ἶ; ἶ; ι◌̓◌͂; ἶ; ι◌̓◌͂; ) GREEK SMALL LETTER IOTA WITH PSILI AND PERISPOMENI +1F37;1F37;03B9 0314 0342;1F37;03B9 0314 0342; # (á¼·; á¼·; ι◌̔◌͂; á¼·; ι◌̔◌͂; ) GREEK SMALL LETTER IOTA WITH DASIA AND PERISPOMENI +1F38;1F38;0399 0313;1F38;0399 0313; # (Ἰ; Ἰ; Ι◌̓; Ἰ; Ι◌̓; ) GREEK CAPITAL LETTER IOTA WITH PSILI +1F39;1F39;0399 0314;1F39;0399 0314; # (á¼¹; á¼¹; Ι◌̔; á¼¹; Ι◌̔; ) GREEK CAPITAL LETTER IOTA WITH DASIA +1F3A;1F3A;0399 0313 0300;1F3A;0399 0313 0300; # (Ἲ; Ἲ; Ι◌̓◌̀; Ἲ; Ι◌̓◌̀; ) GREEK CAPITAL LETTER IOTA WITH PSILI AND VARIA +1F3B;1F3B;0399 0314 0300;1F3B;0399 0314 0300; # (á¼»; á¼»; Ι◌̔◌̀; á¼»; Ι◌̔◌̀; ) GREEK CAPITAL LETTER IOTA WITH DASIA AND VARIA +1F3C;1F3C;0399 0313 0301;1F3C;0399 0313 0301; # (á¼¼; á¼¼; Ι◌̓◌Ì; á¼¼; Ι◌̓◌Ì; ) GREEK CAPITAL LETTER IOTA WITH PSILI AND OXIA +1F3D;1F3D;0399 0314 0301;1F3D;0399 0314 0301; # (á¼½; á¼½; Ι◌̔◌Ì; á¼½; Ι◌̔◌Ì; ) GREEK CAPITAL LETTER IOTA WITH DASIA AND OXIA +1F3E;1F3E;0399 0313 0342;1F3E;0399 0313 0342; # (á¼¾; á¼¾; Ι◌̓◌͂; á¼¾; Ι◌̓◌͂; ) GREEK CAPITAL LETTER IOTA WITH PSILI AND PERISPOMENI +1F3F;1F3F;0399 0314 0342;1F3F;0399 0314 0342; # (Ἷ; Ἷ; Ι◌̔◌͂; Ἷ; Ι◌̔◌͂; ) GREEK CAPITAL LETTER IOTA WITH DASIA AND PERISPOMENI +1F40;1F40;03BF 0313;1F40;03BF 0313; # (á½€; á½€; ο◌̓; á½€; ο◌̓; ) GREEK SMALL LETTER OMICRON WITH PSILI +1F41;1F41;03BF 0314;1F41;03BF 0314; # (á½; á½; ο◌̔; á½; ο◌̔; ) GREEK SMALL LETTER OMICRON WITH DASIA +1F42;1F42;03BF 0313 0300;1F42;03BF 0313 0300; # (ὂ; ὂ; ο◌̓◌̀; ὂ; ο◌̓◌̀; ) GREEK SMALL LETTER OMICRON WITH PSILI AND VARIA +1F43;1F43;03BF 0314 0300;1F43;03BF 0314 0300; # (ὃ; ὃ; ο◌̔◌̀; ὃ; ο◌̔◌̀; ) GREEK SMALL LETTER OMICRON WITH DASIA AND VARIA +1F44;1F44;03BF 0313 0301;1F44;03BF 0313 0301; # (ὄ; ὄ; ο◌̓◌Ì; ὄ; ο◌̓◌Ì; ) GREEK SMALL LETTER OMICRON WITH PSILI AND OXIA +1F45;1F45;03BF 0314 0301;1F45;03BF 0314 0301; # (á½…; á½…; ο◌̔◌Ì; á½…; ο◌̔◌Ì; ) GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA +1F48;1F48;039F 0313;1F48;039F 0313; # (Ὀ; Ὀ; Ο◌̓; Ὀ; Ο◌̓; ) GREEK CAPITAL LETTER OMICRON WITH PSILI +1F49;1F49;039F 0314;1F49;039F 0314; # (Ὁ; Ὁ; Ο◌̔; Ὁ; Ο◌̔; ) GREEK CAPITAL LETTER OMICRON WITH DASIA +1F4A;1F4A;039F 0313 0300;1F4A;039F 0313 0300; # (Ὂ; Ὂ; Ο◌̓◌̀; Ὂ; Ο◌̓◌̀; ) GREEK CAPITAL LETTER OMICRON WITH PSILI AND VARIA +1F4B;1F4B;039F 0314 0300;1F4B;039F 0314 0300; # (Ὃ; Ὃ; Ο◌̔◌̀; Ὃ; Ο◌̔◌̀; ) GREEK CAPITAL LETTER OMICRON WITH DASIA AND VARIA +1F4C;1F4C;039F 0313 0301;1F4C;039F 0313 0301; # (Ὄ; Ὄ; Ο◌̓◌Ì; Ὄ; Ο◌̓◌Ì; ) GREEK CAPITAL LETTER OMICRON WITH PSILI AND OXIA +1F4D;1F4D;039F 0314 0301;1F4D;039F 0314 0301; # (á½; á½; Ο◌̔◌Ì; á½; Ο◌̔◌Ì; ) GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA +1F50;1F50;03C5 0313;1F50;03C5 0313; # (á½; á½; υ◌̓; á½; υ◌̓; ) GREEK SMALL LETTER UPSILON WITH PSILI +1F51;1F51;03C5 0314;1F51;03C5 0314; # (ὑ; ὑ; υ◌̔; ὑ; υ◌̔; ) GREEK SMALL LETTER UPSILON WITH DASIA +1F52;1F52;03C5 0313 0300;1F52;03C5 0313 0300; # (á½’; á½’; υ◌̓◌̀; á½’; υ◌̓◌̀; ) GREEK SMALL LETTER UPSILON WITH PSILI AND VARIA +1F53;1F53;03C5 0314 0300;1F53;03C5 0314 0300; # (ὓ; ὓ; υ◌̔◌̀; ὓ; υ◌̔◌̀; ) GREEK SMALL LETTER UPSILON WITH DASIA AND VARIA +1F54;1F54;03C5 0313 0301;1F54;03C5 0313 0301; # (á½”; á½”; υ◌̓◌Ì; á½”; υ◌̓◌Ì; ) GREEK SMALL LETTER UPSILON WITH PSILI AND OXIA +1F55;1F55;03C5 0314 0301;1F55;03C5 0314 0301; # (ὕ; ὕ; υ◌̔◌Ì; ὕ; υ◌̔◌Ì; ) GREEK SMALL LETTER UPSILON WITH DASIA AND OXIA +1F56;1F56;03C5 0313 0342;1F56;03C5 0313 0342; # (á½–; á½–; υ◌̓◌͂; á½–; υ◌̓◌͂; ) GREEK SMALL LETTER UPSILON WITH PSILI AND PERISPOMENI +1F57;1F57;03C5 0314 0342;1F57;03C5 0314 0342; # (á½—; á½—; υ◌̔◌͂; á½—; υ◌̔◌͂; ) GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI +1F59;1F59;03A5 0314;1F59;03A5 0314; # (á½™; á½™; Υ◌̔; á½™; Υ◌̔; ) GREEK CAPITAL LETTER UPSILON WITH DASIA +1F5B;1F5B;03A5 0314 0300;1F5B;03A5 0314 0300; # (á½›; á½›; Υ◌̔◌̀; á½›; Υ◌̔◌̀; ) GREEK CAPITAL LETTER UPSILON WITH DASIA AND VARIA +1F5D;1F5D;03A5 0314 0301;1F5D;03A5 0314 0301; # (á½; á½; Υ◌̔◌Ì; á½; Υ◌̔◌Ì; ) GREEK CAPITAL LETTER UPSILON WITH DASIA AND OXIA +1F5F;1F5F;03A5 0314 0342;1F5F;03A5 0314 0342; # (Ὗ; Ὗ; Υ◌̔◌͂; Ὗ; Υ◌̔◌͂; ) GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI +1F60;1F60;03C9 0313;1F60;03C9 0313; # (á½ ; á½ ; ω◌̓; á½ ; ω◌̓; ) GREEK SMALL LETTER OMEGA WITH PSILI +1F61;1F61;03C9 0314;1F61;03C9 0314; # (ὡ; ὡ; ω◌̔; ὡ; ω◌̔; ) GREEK SMALL LETTER OMEGA WITH DASIA +1F62;1F62;03C9 0313 0300;1F62;03C9 0313 0300; # (á½¢; á½¢; ω◌̓◌̀; á½¢; ω◌̓◌̀; ) GREEK SMALL LETTER OMEGA WITH PSILI AND VARIA +1F63;1F63;03C9 0314 0300;1F63;03C9 0314 0300; # (á½£; á½£; ω◌̔◌̀; á½£; ω◌̔◌̀; ) GREEK SMALL LETTER OMEGA WITH DASIA AND VARIA +1F64;1F64;03C9 0313 0301;1F64;03C9 0313 0301; # (ὤ; ὤ; ω◌̓◌Ì; ὤ; ω◌̓◌Ì; ) GREEK SMALL LETTER OMEGA WITH PSILI AND OXIA +1F65;1F65;03C9 0314 0301;1F65;03C9 0314 0301; # (á½¥; á½¥; ω◌̔◌Ì; á½¥; ω◌̔◌Ì; ) GREEK SMALL LETTER OMEGA WITH DASIA AND OXIA +1F66;1F66;03C9 0313 0342;1F66;03C9 0313 0342; # (ὦ; ὦ; ω◌̓◌͂; ὦ; ω◌̓◌͂; ) GREEK SMALL LETTER OMEGA WITH PSILI AND PERISPOMENI +1F67;1F67;03C9 0314 0342;1F67;03C9 0314 0342; # (ὧ; ὧ; ω◌̔◌͂; ὧ; ω◌̔◌͂; ) GREEK SMALL LETTER OMEGA WITH DASIA AND PERISPOMENI +1F68;1F68;03A9 0313;1F68;03A9 0313; # (Ὠ; Ὠ; Ω◌̓; Ὠ; Ω◌̓; ) GREEK CAPITAL LETTER OMEGA WITH PSILI +1F69;1F69;03A9 0314;1F69;03A9 0314; # (Ὡ; Ὡ; Ω◌̔; Ὡ; Ω◌̔; ) GREEK CAPITAL LETTER OMEGA WITH DASIA +1F6A;1F6A;03A9 0313 0300;1F6A;03A9 0313 0300; # (Ὢ; Ὢ; Ω◌̓◌̀; Ὢ; Ω◌̓◌̀; ) GREEK CAPITAL LETTER OMEGA WITH PSILI AND VARIA +1F6B;1F6B;03A9 0314 0300;1F6B;03A9 0314 0300; # (Ὣ; Ὣ; Ω◌̔◌̀; Ὣ; Ω◌̔◌̀; ) GREEK CAPITAL LETTER OMEGA WITH DASIA AND VARIA +1F6C;1F6C;03A9 0313 0301;1F6C;03A9 0313 0301; # (Ὤ; Ὤ; Ω◌̓◌Ì; Ὤ; Ω◌̓◌Ì; ) GREEK CAPITAL LETTER OMEGA WITH PSILI AND OXIA +1F6D;1F6D;03A9 0314 0301;1F6D;03A9 0314 0301; # (á½­; á½­; Ω◌̔◌Ì; á½­; Ω◌̔◌Ì; ) GREEK CAPITAL LETTER OMEGA WITH DASIA AND OXIA +1F6E;1F6E;03A9 0313 0342;1F6E;03A9 0313 0342; # (á½®; á½®; Ω◌̓◌͂; á½®; Ω◌̓◌͂; ) GREEK CAPITAL LETTER OMEGA WITH PSILI AND PERISPOMENI +1F6F;1F6F;03A9 0314 0342;1F6F;03A9 0314 0342; # (Ὧ; Ὧ; Ω◌̔◌͂; Ὧ; Ω◌̔◌͂; ) GREEK CAPITAL LETTER OMEGA WITH DASIA AND PERISPOMENI +1F70;1F70;03B1 0300;1F70;03B1 0300; # (á½°; á½°; α◌̀; á½°; α◌̀; ) GREEK SMALL LETTER ALPHA WITH VARIA +1F71;03AC;03B1 0301;03AC;03B1 0301; # (á½±; ά; α◌Ì; ά; α◌Ì; ) GREEK SMALL LETTER ALPHA WITH OXIA +1F72;1F72;03B5 0300;1F72;03B5 0300; # (á½²; á½²; ε◌̀; á½²; ε◌̀; ) GREEK SMALL LETTER EPSILON WITH VARIA +1F73;03AD;03B5 0301;03AD;03B5 0301; # (á½³; έ; ε◌Ì; έ; ε◌Ì; ) GREEK SMALL LETTER EPSILON WITH OXIA +1F74;1F74;03B7 0300;1F74;03B7 0300; # (á½´; á½´; η◌̀; á½´; η◌̀; ) GREEK SMALL LETTER ETA WITH VARIA +1F75;03AE;03B7 0301;03AE;03B7 0301; # (á½µ; ή; η◌Ì; ή; η◌Ì; ) GREEK SMALL LETTER ETA WITH OXIA +1F76;1F76;03B9 0300;1F76;03B9 0300; # (ὶ; ὶ; ι◌̀; ὶ; ι◌̀; ) GREEK SMALL LETTER IOTA WITH VARIA +1F77;03AF;03B9 0301;03AF;03B9 0301; # (á½·; ί; ι◌Ì; ί; ι◌Ì; ) GREEK SMALL LETTER IOTA WITH OXIA +1F78;1F78;03BF 0300;1F78;03BF 0300; # (ὸ; ὸ; ο◌̀; ὸ; ο◌̀; ) GREEK SMALL LETTER OMICRON WITH VARIA +1F79;03CC;03BF 0301;03CC;03BF 0301; # (á½¹; ÏŒ; ο◌Ì; ÏŒ; ο◌Ì; ) GREEK SMALL LETTER OMICRON WITH OXIA +1F7A;1F7A;03C5 0300;1F7A;03C5 0300; # (ὺ; ὺ; υ◌̀; ὺ; υ◌̀; ) GREEK SMALL LETTER UPSILON WITH VARIA +1F7B;03CD;03C5 0301;03CD;03C5 0301; # (á½»; Ï; Ï…â—ŒÌ; Ï; Ï…â—ŒÌ; ) GREEK SMALL LETTER UPSILON WITH OXIA +1F7C;1F7C;03C9 0300;1F7C;03C9 0300; # (á½¼; á½¼; ω◌̀; á½¼; ω◌̀; ) GREEK SMALL LETTER OMEGA WITH VARIA +1F7D;03CE;03C9 0301;03CE;03C9 0301; # (á½½; ÏŽ; ω◌Ì; ÏŽ; ω◌Ì; ) GREEK SMALL LETTER OMEGA WITH OXIA +1F80;1F80;03B1 0313 0345;1F80;03B1 0313 0345; # (á¾€; á¾€; α◌̓◌ͅ; á¾€; α◌̓◌ͅ; ) GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI +1F81;1F81;03B1 0314 0345;1F81;03B1 0314 0345; # (á¾; á¾; α◌̔◌ͅ; á¾; α◌̔◌ͅ; ) GREEK SMALL LETTER ALPHA WITH DASIA AND YPOGEGRAMMENI +1F82;1F82;03B1 0313 0300 0345;1F82;03B1 0313 0300 0345; # (ᾂ; ᾂ; α◌̓◌̀◌ͅ; ᾂ; α◌̓◌̀◌ͅ; ) GREEK SMALL LETTER ALPHA WITH PSILI AND VARIA AND YPOGEGRAMMENI +1F83;1F83;03B1 0314 0300 0345;1F83;03B1 0314 0300 0345; # (ᾃ; ᾃ; α◌̔◌̀◌ͅ; ᾃ; α◌̔◌̀◌ͅ; ) GREEK SMALL LETTER ALPHA WITH DASIA AND VARIA AND YPOGEGRAMMENI +1F84;1F84;03B1 0313 0301 0345;1F84;03B1 0313 0301 0345; # (ᾄ; ᾄ; α◌̓◌Ì◌ͅ; ᾄ; α◌̓◌Ì◌ͅ; ) GREEK SMALL LETTER ALPHA WITH PSILI AND OXIA AND YPOGEGRAMMENI +1F85;1F85;03B1 0314 0301 0345;1F85;03B1 0314 0301 0345; # (á¾…; á¾…; α◌̔◌Ì◌ͅ; á¾…; α◌̔◌Ì◌ͅ; ) GREEK SMALL LETTER ALPHA WITH DASIA AND OXIA AND YPOGEGRAMMENI +1F86;1F86;03B1 0313 0342 0345;1F86;03B1 0313 0342 0345; # (ᾆ; ᾆ; α◌̓◌͂◌ͅ; ᾆ; α◌̓◌͂◌ͅ; ) GREEK SMALL LETTER ALPHA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI +1F87;1F87;03B1 0314 0342 0345;1F87;03B1 0314 0342 0345; # (ᾇ; ᾇ; α◌̔◌͂◌ͅ; ᾇ; α◌̔◌͂◌ͅ; ) GREEK SMALL LETTER ALPHA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI +1F88;1F88;0391 0313 0345;1F88;0391 0313 0345; # (ᾈ; ᾈ; Α◌̓◌ͅ; ᾈ; Α◌̓◌ͅ; ) GREEK CAPITAL LETTER ALPHA WITH PSILI AND PROSGEGRAMMENI +1F89;1F89;0391 0314 0345;1F89;0391 0314 0345; # (ᾉ; ᾉ; Α◌̔◌ͅ; ᾉ; Α◌̔◌ͅ; ) GREEK CAPITAL LETTER ALPHA WITH DASIA AND PROSGEGRAMMENI +1F8A;1F8A;0391 0313 0300 0345;1F8A;0391 0313 0300 0345; # (ᾊ; ᾊ; Α◌̓◌̀◌ͅ; ᾊ; Α◌̓◌̀◌ͅ; ) GREEK CAPITAL LETTER ALPHA WITH PSILI AND VARIA AND PROSGEGRAMMENI +1F8B;1F8B;0391 0314 0300 0345;1F8B;0391 0314 0300 0345; # (ᾋ; ᾋ; Α◌̔◌̀◌ͅ; ᾋ; Α◌̔◌̀◌ͅ; ) GREEK CAPITAL LETTER ALPHA WITH DASIA AND VARIA AND PROSGEGRAMMENI +1F8C;1F8C;0391 0313 0301 0345;1F8C;0391 0313 0301 0345; # (ᾌ; ᾌ; Α◌̓◌Ì◌ͅ; ᾌ; Α◌̓◌Ì◌ͅ; ) GREEK CAPITAL LETTER ALPHA WITH PSILI AND OXIA AND PROSGEGRAMMENI +1F8D;1F8D;0391 0314 0301 0345;1F8D;0391 0314 0301 0345; # (á¾; á¾; Α◌̔◌Ì◌ͅ; á¾; Α◌̔◌Ì◌ͅ; ) GREEK CAPITAL LETTER ALPHA WITH DASIA AND OXIA AND PROSGEGRAMMENI +1F8E;1F8E;0391 0313 0342 0345;1F8E;0391 0313 0342 0345; # (ᾎ; ᾎ; Α◌̓◌͂◌ͅ; ᾎ; Α◌̓◌͂◌ͅ; ) GREEK CAPITAL LETTER ALPHA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI +1F8F;1F8F;0391 0314 0342 0345;1F8F;0391 0314 0342 0345; # (á¾; á¾; Α◌̔◌͂◌ͅ; á¾; Α◌̔◌͂◌ͅ; ) GREEK CAPITAL LETTER ALPHA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI +1F90;1F90;03B7 0313 0345;1F90;03B7 0313 0345; # (á¾; á¾; η◌̓◌ͅ; á¾; η◌̓◌ͅ; ) GREEK SMALL LETTER ETA WITH PSILI AND YPOGEGRAMMENI +1F91;1F91;03B7 0314 0345;1F91;03B7 0314 0345; # (ᾑ; ᾑ; η◌̔◌ͅ; ᾑ; η◌̔◌ͅ; ) GREEK SMALL LETTER ETA WITH DASIA AND YPOGEGRAMMENI +1F92;1F92;03B7 0313 0300 0345;1F92;03B7 0313 0300 0345; # (á¾’; á¾’; η◌̓◌̀◌ͅ; á¾’; η◌̓◌̀◌ͅ; ) GREEK SMALL LETTER ETA WITH PSILI AND VARIA AND YPOGEGRAMMENI +1F93;1F93;03B7 0314 0300 0345;1F93;03B7 0314 0300 0345; # (ᾓ; ᾓ; η◌̔◌̀◌ͅ; ᾓ; η◌̔◌̀◌ͅ; ) GREEK SMALL LETTER ETA WITH DASIA AND VARIA AND YPOGEGRAMMENI +1F94;1F94;03B7 0313 0301 0345;1F94;03B7 0313 0301 0345; # (á¾”; á¾”; η◌̓◌Ì◌ͅ; á¾”; η◌̓◌Ì◌ͅ; ) GREEK SMALL LETTER ETA WITH PSILI AND OXIA AND YPOGEGRAMMENI +1F95;1F95;03B7 0314 0301 0345;1F95;03B7 0314 0301 0345; # (ᾕ; ᾕ; η◌̔◌Ì◌ͅ; ᾕ; η◌̔◌Ì◌ͅ; ) GREEK SMALL LETTER ETA WITH DASIA AND OXIA AND YPOGEGRAMMENI +1F96;1F96;03B7 0313 0342 0345;1F96;03B7 0313 0342 0345; # (á¾–; á¾–; η◌̓◌͂◌ͅ; á¾–; η◌̓◌͂◌ͅ; ) GREEK SMALL LETTER ETA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI +1F97;1F97;03B7 0314 0342 0345;1F97;03B7 0314 0342 0345; # (á¾—; á¾—; η◌̔◌͂◌ͅ; á¾—; η◌̔◌͂◌ͅ; ) GREEK SMALL LETTER ETA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI +1F98;1F98;0397 0313 0345;1F98;0397 0313 0345; # (ᾘ; ᾘ; Η◌̓◌ͅ; ᾘ; Η◌̓◌ͅ; ) GREEK CAPITAL LETTER ETA WITH PSILI AND PROSGEGRAMMENI +1F99;1F99;0397 0314 0345;1F99;0397 0314 0345; # (á¾™; á¾™; Η◌̔◌ͅ; á¾™; Η◌̔◌ͅ; ) GREEK CAPITAL LETTER ETA WITH DASIA AND PROSGEGRAMMENI +1F9A;1F9A;0397 0313 0300 0345;1F9A;0397 0313 0300 0345; # (ᾚ; ᾚ; Η◌̓◌̀◌ͅ; ᾚ; Η◌̓◌̀◌ͅ; ) GREEK CAPITAL LETTER ETA WITH PSILI AND VARIA AND PROSGEGRAMMENI +1F9B;1F9B;0397 0314 0300 0345;1F9B;0397 0314 0300 0345; # (á¾›; á¾›; Η◌̔◌̀◌ͅ; á¾›; Η◌̔◌̀◌ͅ; ) GREEK CAPITAL LETTER ETA WITH DASIA AND VARIA AND PROSGEGRAMMENI +1F9C;1F9C;0397 0313 0301 0345;1F9C;0397 0313 0301 0345; # (ᾜ; ᾜ; Η◌̓◌Ì◌ͅ; ᾜ; Η◌̓◌Ì◌ͅ; ) GREEK CAPITAL LETTER ETA WITH PSILI AND OXIA AND PROSGEGRAMMENI +1F9D;1F9D;0397 0314 0301 0345;1F9D;0397 0314 0301 0345; # (á¾; á¾; Η◌̔◌Ì◌ͅ; á¾; Η◌̔◌Ì◌ͅ; ) GREEK CAPITAL LETTER ETA WITH DASIA AND OXIA AND PROSGEGRAMMENI +1F9E;1F9E;0397 0313 0342 0345;1F9E;0397 0313 0342 0345; # (ᾞ; ᾞ; Η◌̓◌͂◌ͅ; ᾞ; Η◌̓◌͂◌ͅ; ) GREEK CAPITAL LETTER ETA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI +1F9F;1F9F;0397 0314 0342 0345;1F9F;0397 0314 0342 0345; # (ᾟ; ᾟ; Η◌̔◌͂◌ͅ; ᾟ; Η◌̔◌͂◌ͅ; ) GREEK CAPITAL LETTER ETA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI +1FA0;1FA0;03C9 0313 0345;1FA0;03C9 0313 0345; # (á¾ ; á¾ ; ω◌̓◌ͅ; á¾ ; ω◌̓◌ͅ; ) GREEK SMALL LETTER OMEGA WITH PSILI AND YPOGEGRAMMENI +1FA1;1FA1;03C9 0314 0345;1FA1;03C9 0314 0345; # (ᾡ; ᾡ; ω◌̔◌ͅ; ᾡ; ω◌̔◌ͅ; ) GREEK SMALL LETTER OMEGA WITH DASIA AND YPOGEGRAMMENI +1FA2;1FA2;03C9 0313 0300 0345;1FA2;03C9 0313 0300 0345; # (á¾¢; á¾¢; ω◌̓◌̀◌ͅ; á¾¢; ω◌̓◌̀◌ͅ; ) GREEK SMALL LETTER OMEGA WITH PSILI AND VARIA AND YPOGEGRAMMENI +1FA3;1FA3;03C9 0314 0300 0345;1FA3;03C9 0314 0300 0345; # (á¾£; á¾£; ω◌̔◌̀◌ͅ; á¾£; ω◌̔◌̀◌ͅ; ) GREEK SMALL LETTER OMEGA WITH DASIA AND VARIA AND YPOGEGRAMMENI +1FA4;1FA4;03C9 0313 0301 0345;1FA4;03C9 0313 0301 0345; # (ᾤ; ᾤ; ω◌̓◌Ì◌ͅ; ᾤ; ω◌̓◌Ì◌ͅ; ) GREEK SMALL LETTER OMEGA WITH PSILI AND OXIA AND YPOGEGRAMMENI +1FA5;1FA5;03C9 0314 0301 0345;1FA5;03C9 0314 0301 0345; # (á¾¥; á¾¥; ω◌̔◌Ì◌ͅ; á¾¥; ω◌̔◌Ì◌ͅ; ) GREEK SMALL LETTER OMEGA WITH DASIA AND OXIA AND YPOGEGRAMMENI +1FA6;1FA6;03C9 0313 0342 0345;1FA6;03C9 0313 0342 0345; # (ᾦ; ᾦ; ω◌̓◌͂◌ͅ; ᾦ; ω◌̓◌͂◌ͅ; ) GREEK SMALL LETTER OMEGA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI +1FA7;1FA7;03C9 0314 0342 0345;1FA7;03C9 0314 0342 0345; # (ᾧ; ᾧ; ω◌̔◌͂◌ͅ; ᾧ; ω◌̔◌͂◌ͅ; ) GREEK SMALL LETTER OMEGA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI +1FA8;1FA8;03A9 0313 0345;1FA8;03A9 0313 0345; # (ᾨ; ᾨ; Ω◌̓◌ͅ; ᾨ; Ω◌̓◌ͅ; ) GREEK CAPITAL LETTER OMEGA WITH PSILI AND PROSGEGRAMMENI +1FA9;1FA9;03A9 0314 0345;1FA9;03A9 0314 0345; # (ᾩ; ᾩ; Ω◌̔◌ͅ; ᾩ; Ω◌̔◌ͅ; ) GREEK CAPITAL LETTER OMEGA WITH DASIA AND PROSGEGRAMMENI +1FAA;1FAA;03A9 0313 0300 0345;1FAA;03A9 0313 0300 0345; # (ᾪ; ᾪ; Ω◌̓◌̀◌ͅ; ᾪ; Ω◌̓◌̀◌ͅ; ) GREEK CAPITAL LETTER OMEGA WITH PSILI AND VARIA AND PROSGEGRAMMENI +1FAB;1FAB;03A9 0314 0300 0345;1FAB;03A9 0314 0300 0345; # (ᾫ; ᾫ; Ω◌̔◌̀◌ͅ; ᾫ; Ω◌̔◌̀◌ͅ; ) GREEK CAPITAL LETTER OMEGA WITH DASIA AND VARIA AND PROSGEGRAMMENI +1FAC;1FAC;03A9 0313 0301 0345;1FAC;03A9 0313 0301 0345; # (ᾬ; ᾬ; Ω◌̓◌Ì◌ͅ; ᾬ; Ω◌̓◌Ì◌ͅ; ) GREEK CAPITAL LETTER OMEGA WITH PSILI AND OXIA AND PROSGEGRAMMENI +1FAD;1FAD;03A9 0314 0301 0345;1FAD;03A9 0314 0301 0345; # (á¾­; á¾­; Ω◌̔◌Ì◌ͅ; á¾­; Ω◌̔◌Ì◌ͅ; ) GREEK CAPITAL LETTER OMEGA WITH DASIA AND OXIA AND PROSGEGRAMMENI +1FAE;1FAE;03A9 0313 0342 0345;1FAE;03A9 0313 0342 0345; # (á¾®; á¾®; Ω◌̓◌͂◌ͅ; á¾®; Ω◌̓◌͂◌ͅ; ) GREEK CAPITAL LETTER OMEGA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI +1FAF;1FAF;03A9 0314 0342 0345;1FAF;03A9 0314 0342 0345; # (ᾯ; ᾯ; Ω◌̔◌͂◌ͅ; ᾯ; Ω◌̔◌͂◌ͅ; ) GREEK CAPITAL LETTER OMEGA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI +1FB0;1FB0;03B1 0306;1FB0;03B1 0306; # (á¾°; á¾°; α◌̆; á¾°; α◌̆; ) GREEK SMALL LETTER ALPHA WITH VRACHY +1FB1;1FB1;03B1 0304;1FB1;03B1 0304; # (á¾±; á¾±; α◌̄; á¾±; α◌̄; ) GREEK SMALL LETTER ALPHA WITH MACRON +1FB2;1FB2;03B1 0300 0345;1FB2;03B1 0300 0345; # (á¾²; á¾²; α◌̀◌ͅ; á¾²; α◌̀◌ͅ; ) GREEK SMALL LETTER ALPHA WITH VARIA AND YPOGEGRAMMENI +1FB3;1FB3;03B1 0345;1FB3;03B1 0345; # (á¾³; á¾³; α◌ͅ; á¾³; α◌ͅ; ) GREEK SMALL LETTER ALPHA WITH YPOGEGRAMMENI +1FB4;1FB4;03B1 0301 0345;1FB4;03B1 0301 0345; # (á¾´; á¾´; α◌Ì◌ͅ; á¾´; α◌Ì◌ͅ; ) GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI +1FB6;1FB6;03B1 0342;1FB6;03B1 0342; # (ᾶ; ᾶ; α◌͂; ᾶ; α◌͂; ) GREEK SMALL LETTER ALPHA WITH PERISPOMENI +1FB7;1FB7;03B1 0342 0345;1FB7;03B1 0342 0345; # (á¾·; á¾·; α◌͂◌ͅ; á¾·; α◌͂◌ͅ; ) GREEK SMALL LETTER ALPHA WITH PERISPOMENI AND YPOGEGRAMMENI +1FB8;1FB8;0391 0306;1FB8;0391 0306; # (Ᾰ; Ᾰ; Α◌̆; Ᾰ; Α◌̆; ) GREEK CAPITAL LETTER ALPHA WITH VRACHY +1FB9;1FB9;0391 0304;1FB9;0391 0304; # (á¾¹; á¾¹; Α◌̄; á¾¹; Α◌̄; ) GREEK CAPITAL LETTER ALPHA WITH MACRON +1FBA;1FBA;0391 0300;1FBA;0391 0300; # (Ὰ; Ὰ; Α◌̀; Ὰ; Α◌̀; ) GREEK CAPITAL LETTER ALPHA WITH VARIA +1FBB;0386;0391 0301;0386;0391 0301; # (á¾»; Ά; Α◌Ì; Ά; Α◌Ì; ) GREEK CAPITAL LETTER ALPHA WITH OXIA +1FBC;1FBC;0391 0345;1FBC;0391 0345; # (á¾¼; á¾¼; Α◌ͅ; á¾¼; Α◌ͅ; ) GREEK CAPITAL LETTER ALPHA WITH PROSGEGRAMMENI +1FBD;1FBD;1FBD;0020 0313;0020 0313; # (á¾½; á¾½; á¾½; ◌̓; ◌̓; ) GREEK KORONIS +1FBE;03B9;03B9;03B9;03B9; # (á¾¾; ι; ι; ι; ι; ) GREEK PROSGEGRAMMENI +1FBF;1FBF;1FBF;0020 0313;0020 0313; # (᾿; ᾿; ᾿; ◌̓; ◌̓; ) GREEK PSILI +1FC0;1FC0;1FC0;0020 0342;0020 0342; # (á¿€; á¿€; á¿€; ◌͂; ◌͂; ) GREEK PERISPOMENI +1FC1;1FC1;00A8 0342;0020 0308 0342;0020 0308 0342; # (á¿; á¿; ¨◌͂; ◌̈◌͂; ◌̈◌͂; ) GREEK DIALYTIKA AND PERISPOMENI +1FC2;1FC2;03B7 0300 0345;1FC2;03B7 0300 0345; # (á¿‚; á¿‚; η◌̀◌ͅ; á¿‚; η◌̀◌ͅ; ) GREEK SMALL LETTER ETA WITH VARIA AND YPOGEGRAMMENI +1FC3;1FC3;03B7 0345;1FC3;03B7 0345; # (ῃ; ῃ; η◌ͅ; ῃ; η◌ͅ; ) GREEK SMALL LETTER ETA WITH YPOGEGRAMMENI +1FC4;1FC4;03B7 0301 0345;1FC4;03B7 0301 0345; # (á¿„; á¿„; η◌Ì◌ͅ; á¿„; η◌Ì◌ͅ; ) GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI +1FC6;1FC6;03B7 0342;1FC6;03B7 0342; # (ῆ; ῆ; η◌͂; ῆ; η◌͂; ) GREEK SMALL LETTER ETA WITH PERISPOMENI +1FC7;1FC7;03B7 0342 0345;1FC7;03B7 0342 0345; # (ῇ; ῇ; η◌͂◌ͅ; ῇ; η◌͂◌ͅ; ) GREEK SMALL LETTER ETA WITH PERISPOMENI AND YPOGEGRAMMENI +1FC8;1FC8;0395 0300;1FC8;0395 0300; # (Ὲ; Ὲ; Ε◌̀; Ὲ; Ε◌̀; ) GREEK CAPITAL LETTER EPSILON WITH VARIA +1FC9;0388;0395 0301;0388;0395 0301; # (Έ; Έ; Ε◌Ì; Έ; Ε◌Ì; ) GREEK CAPITAL LETTER EPSILON WITH OXIA +1FCA;1FCA;0397 0300;1FCA;0397 0300; # (á¿Š; á¿Š; Η◌̀; á¿Š; Η◌̀; ) GREEK CAPITAL LETTER ETA WITH VARIA +1FCB;0389;0397 0301;0389;0397 0301; # (á¿‹; Ή; Η◌Ì; Ή; Η◌Ì; ) GREEK CAPITAL LETTER ETA WITH OXIA +1FCC;1FCC;0397 0345;1FCC;0397 0345; # (á¿Œ; á¿Œ; Η◌ͅ; á¿Œ; Η◌ͅ; ) GREEK CAPITAL LETTER ETA WITH PROSGEGRAMMENI +1FCD;1FCD;1FBF 0300;0020 0313 0300;0020 0313 0300; # (á¿; á¿; ᾿◌̀; ◌̓◌̀; ◌̓◌̀; ) GREEK PSILI AND VARIA +1FCE;1FCE;1FBF 0301;0020 0313 0301;0020 0313 0301; # (á¿Ž; á¿Ž; ᾿◌Ì; ◌̓◌Ì; ◌̓◌Ì; ) GREEK PSILI AND OXIA +1FCF;1FCF;1FBF 0342;0020 0313 0342;0020 0313 0342; # (á¿; á¿; ᾿◌͂; ◌̓◌͂; ◌̓◌͂; ) GREEK PSILI AND PERISPOMENI +1FD0;1FD0;03B9 0306;1FD0;03B9 0306; # (á¿; á¿; ι◌̆; á¿; ι◌̆; ) GREEK SMALL LETTER IOTA WITH VRACHY +1FD1;1FD1;03B9 0304;1FD1;03B9 0304; # (á¿‘; á¿‘; ι◌̄; á¿‘; ι◌̄; ) GREEK SMALL LETTER IOTA WITH MACRON +1FD2;1FD2;03B9 0308 0300;1FD2;03B9 0308 0300; # (á¿’; á¿’; ι◌̈◌̀; á¿’; ι◌̈◌̀; ) GREEK SMALL LETTER IOTA WITH DIALYTIKA AND VARIA +1FD3;0390;03B9 0308 0301;0390;03B9 0308 0301; # (á¿“; Î; ι◌̈◌Ì; Î; ι◌̈◌Ì; ) GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA +1FD6;1FD6;03B9 0342;1FD6;03B9 0342; # (á¿–; á¿–; ι◌͂; á¿–; ι◌͂; ) GREEK SMALL LETTER IOTA WITH PERISPOMENI +1FD7;1FD7;03B9 0308 0342;1FD7;03B9 0308 0342; # (á¿—; á¿—; ι◌̈◌͂; á¿—; ι◌̈◌͂; ) GREEK SMALL LETTER IOTA WITH DIALYTIKA AND PERISPOMENI +1FD8;1FD8;0399 0306;1FD8;0399 0306; # (Ῐ; Ῐ; Ι◌̆; Ῐ; Ι◌̆; ) GREEK CAPITAL LETTER IOTA WITH VRACHY +1FD9;1FD9;0399 0304;1FD9;0399 0304; # (á¿™; á¿™; Ι◌̄; á¿™; Ι◌̄; ) GREEK CAPITAL LETTER IOTA WITH MACRON +1FDA;1FDA;0399 0300;1FDA;0399 0300; # (á¿š; á¿š; Ι◌̀; á¿š; Ι◌̀; ) GREEK CAPITAL LETTER IOTA WITH VARIA +1FDB;038A;0399 0301;038A;0399 0301; # (á¿›; Ί; Ι◌Ì; Ί; Ι◌Ì; ) GREEK CAPITAL LETTER IOTA WITH OXIA +1FDD;1FDD;1FFE 0300;0020 0314 0300;0020 0314 0300; # (á¿; á¿; ῾◌̀; ◌̔◌̀; ◌̔◌̀; ) GREEK DASIA AND VARIA +1FDE;1FDE;1FFE 0301;0020 0314 0301;0020 0314 0301; # (á¿ž; á¿ž; ῾◌Ì; ◌̔◌Ì; ◌̔◌Ì; ) GREEK DASIA AND OXIA +1FDF;1FDF;1FFE 0342;0020 0314 0342;0020 0314 0342; # (á¿Ÿ; á¿Ÿ; ῾◌͂; ◌̔◌͂; ◌̔◌͂; ) GREEK DASIA AND PERISPOMENI +1FE0;1FE0;03C5 0306;1FE0;03C5 0306; # (á¿ ; á¿ ; υ◌̆; á¿ ; υ◌̆; ) GREEK SMALL LETTER UPSILON WITH VRACHY +1FE1;1FE1;03C5 0304;1FE1;03C5 0304; # (á¿¡; á¿¡; υ◌̄; á¿¡; υ◌̄; ) GREEK SMALL LETTER UPSILON WITH MACRON +1FE2;1FE2;03C5 0308 0300;1FE2;03C5 0308 0300; # (á¿¢; á¿¢; υ◌̈◌̀; á¿¢; υ◌̈◌̀; ) GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND VARIA +1FE3;03B0;03C5 0308 0301;03B0;03C5 0308 0301; # (á¿£; ΰ; υ◌̈◌Ì; ΰ; υ◌̈◌Ì; ) GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND OXIA +1FE4;1FE4;03C1 0313;1FE4;03C1 0313; # (ῤ; ῤ; Ï◌̓; ῤ; Ï◌̓; ) GREEK SMALL LETTER RHO WITH PSILI +1FE5;1FE5;03C1 0314;1FE5;03C1 0314; # (á¿¥; á¿¥; Ï◌̔; á¿¥; Ï◌̔; ) GREEK SMALL LETTER RHO WITH DASIA +1FE6;1FE6;03C5 0342;1FE6;03C5 0342; # (ῦ; ῦ; υ◌͂; ῦ; υ◌͂; ) GREEK SMALL LETTER UPSILON WITH PERISPOMENI +1FE7;1FE7;03C5 0308 0342;1FE7;03C5 0308 0342; # (ῧ; ῧ; υ◌̈◌͂; ῧ; υ◌̈◌͂; ) GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND PERISPOMENI +1FE8;1FE8;03A5 0306;1FE8;03A5 0306; # (Ῠ; Ῠ; Υ◌̆; Ῠ; Υ◌̆; ) GREEK CAPITAL LETTER UPSILON WITH VRACHY +1FE9;1FE9;03A5 0304;1FE9;03A5 0304; # (á¿©; á¿©; Υ◌̄; á¿©; Υ◌̄; ) GREEK CAPITAL LETTER UPSILON WITH MACRON +1FEA;1FEA;03A5 0300;1FEA;03A5 0300; # (Ὺ; Ὺ; Υ◌̀; Ὺ; Υ◌̀; ) GREEK CAPITAL LETTER UPSILON WITH VARIA +1FEB;038E;03A5 0301;038E;03A5 0301; # (á¿«; ÎŽ; Υ◌Ì; ÎŽ; Υ◌Ì; ) GREEK CAPITAL LETTER UPSILON WITH OXIA +1FEC;1FEC;03A1 0314;1FEC;03A1 0314; # (Ῥ; Ῥ; Ρ◌̔; Ῥ; Ρ◌̔; ) GREEK CAPITAL LETTER RHO WITH DASIA +1FED;1FED;00A8 0300;0020 0308 0300;0020 0308 0300; # (á¿­; á¿­; ¨◌̀; ◌̈◌̀; ◌̈◌̀; ) GREEK DIALYTIKA AND VARIA +1FEE;0385;00A8 0301;0020 0308 0301;0020 0308 0301; # (á¿®; Î…; ¨◌Ì; ◌̈◌Ì; ◌̈◌Ì; ) GREEK DIALYTIKA AND OXIA +1FEF;0060;0060;0060;0060; # (`; `; `; `; `; ) GREEK VARIA +1FF2;1FF2;03C9 0300 0345;1FF2;03C9 0300 0345; # (ῲ; ῲ; ω◌̀◌ͅ; ῲ; ω◌̀◌ͅ; ) GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI +1FF3;1FF3;03C9 0345;1FF3;03C9 0345; # (ῳ; ῳ; ω◌ͅ; ῳ; ω◌ͅ; ) GREEK SMALL LETTER OMEGA WITH YPOGEGRAMMENI +1FF4;1FF4;03C9 0301 0345;1FF4;03C9 0301 0345; # (á¿´; á¿´; ω◌Ì◌ͅ; á¿´; ω◌Ì◌ͅ; ) GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI +1FF6;1FF6;03C9 0342;1FF6;03C9 0342; # (ῶ; ῶ; ω◌͂; ῶ; ω◌͂; ) GREEK SMALL LETTER OMEGA WITH PERISPOMENI +1FF7;1FF7;03C9 0342 0345;1FF7;03C9 0342 0345; # (á¿·; á¿·; ω◌͂◌ͅ; á¿·; ω◌͂◌ͅ; ) GREEK SMALL LETTER OMEGA WITH PERISPOMENI AND YPOGEGRAMMENI +1FF8;1FF8;039F 0300;1FF8;039F 0300; # (Ὸ; Ὸ; Ο◌̀; Ὸ; Ο◌̀; ) GREEK CAPITAL LETTER OMICRON WITH VARIA +1FF9;038C;039F 0301;038C;039F 0301; # (Ό; ÎŒ; Ο◌Ì; ÎŒ; Ο◌Ì; ) GREEK CAPITAL LETTER OMICRON WITH OXIA +1FFA;1FFA;03A9 0300;1FFA;03A9 0300; # (Ὼ; Ὼ; Ω◌̀; Ὼ; Ω◌̀; ) GREEK CAPITAL LETTER OMEGA WITH VARIA +1FFB;038F;03A9 0301;038F;03A9 0301; # (á¿»; Î; Ω◌Ì; Î; Ω◌Ì; ) GREEK CAPITAL LETTER OMEGA WITH OXIA +1FFC;1FFC;03A9 0345;1FFC;03A9 0345; # (ῼ; ῼ; Ω◌ͅ; ῼ; Ω◌ͅ; ) GREEK CAPITAL LETTER OMEGA WITH PROSGEGRAMMENI +1FFD;00B4;00B4;0020 0301;0020 0301; # (´; ´; ´; â—ŒÌ; â—ŒÌ; ) GREEK OXIA +1FFE;1FFE;1FFE;0020 0314;0020 0314; # (῾; ῾; ῾; ◌̔; ◌̔; ) GREEK DASIA +2000;2002;2002;0020;0020; # ( ;  ;  ; ; ; ) EN QUAD +2001;2003;2003;0020;0020; # (â€;  ;  ; ; ; ) EM QUAD +2002;2002;2002;0020;0020; # ( ;  ;  ; ; ; ) EN SPACE +2003;2003;2003;0020;0020; # ( ;  ;  ; ; ; ) EM SPACE +2004;2004;2004;0020;0020; # ( ;  ;  ; ; ; ) THREE-PER-EM SPACE +2005;2005;2005;0020;0020; # ( ;  ;  ; ; ; ) FOUR-PER-EM SPACE +2006;2006;2006;0020;0020; # ( ;  ;  ; ; ; ) SIX-PER-EM SPACE +2007;2007;2007;0020;0020; # ( ;  ;  ; ; ; ) FIGURE SPACE +2008;2008;2008;0020;0020; # ( ;  ;  ; ; ; ) PUNCTUATION SPACE +2009;2009;2009;0020;0020; # ( ;  ;  ; ; ; ) THIN SPACE +200A;200A;200A;0020;0020; # ( ;  ;  ; ; ; ) HAIR SPACE +2011;2011;2011;2010;2010; # (‑; ‑; ‑; â€; â€; ) NON-BREAKING HYPHEN +2017;2017;2017;0020 0333;0020 0333; # (‗; ‗; ‗; ◌̳; ◌̳; ) DOUBLE LOW LINE +2024;2024;2024;002E;002E; # (․; ․; ․; .; .; ) ONE DOT LEADER +2025;2025;2025;002E 002E;002E 002E; # (‥; ‥; ‥; ..; ..; ) TWO DOT LEADER +2026;2026;2026;002E 002E 002E;002E 002E 002E; # (…; …; …; ...; ...; ) HORIZONTAL ELLIPSIS +202F;202F;202F;0020;0020; # ( ;  ;  ; ; ; ) NARROW NO-BREAK SPACE +2033;2033;2033;2032 2032;2032 2032; # (″; ″; ″; ′′; ′′; ) DOUBLE PRIME +2034;2034;2034;2032 2032 2032;2032 2032 2032; # (‴; ‴; ‴; ′′′; ′′′; ) TRIPLE PRIME +2036;2036;2036;2035 2035;2035 2035; # (‶; ‶; ‶; ‵‵; ‵‵; ) REVERSED DOUBLE PRIME +2037;2037;2037;2035 2035 2035;2035 2035 2035; # (‷; ‷; ‷; ‵‵‵; ‵‵‵; ) REVERSED TRIPLE PRIME +203C;203C;203C;0021 0021;0021 0021; # (‼; ‼; ‼; !!; !!; ) DOUBLE EXCLAMATION MARK +203E;203E;203E;0020 0305;0020 0305; # (‾; ‾; ‾; ◌̅; ◌̅; ) OVERLINE +2047;2047;2047;003F 003F;003F 003F; # (â‡; â‡; â‡; ??; ??; ) DOUBLE QUESTION MARK +2048;2048;2048;003F 0021;003F 0021; # (âˆ; âˆ; âˆ; ?!; ?!; ) QUESTION EXCLAMATION MARK +2049;2049;2049;0021 003F;0021 003F; # (â‰; â‰; â‰; !?; !?; ) EXCLAMATION QUESTION MARK +2057;2057;2057;2032 2032 2032 2032;2032 2032 2032 2032; # (â—; â—; â—; ′′′′; ′′′′; ) QUADRUPLE PRIME +205F;205F;205F;0020;0020; # (âŸ; âŸ; âŸ; ; ; ) MEDIUM MATHEMATICAL SPACE +2070;2070;2070;0030;0030; # (â°; â°; â°; 0; 0; ) SUPERSCRIPT ZERO +2071;2071;2071;0069;0069; # (â±; â±; â±; i; i; ) SUPERSCRIPT LATIN SMALL LETTER I +2074;2074;2074;0034;0034; # (â´; â´; â´; 4; 4; ) SUPERSCRIPT FOUR +2075;2075;2075;0035;0035; # (âµ; âµ; âµ; 5; 5; ) SUPERSCRIPT FIVE +2076;2076;2076;0036;0036; # (â¶; â¶; â¶; 6; 6; ) SUPERSCRIPT SIX +2077;2077;2077;0037;0037; # (â·; â·; â·; 7; 7; ) SUPERSCRIPT SEVEN +2078;2078;2078;0038;0038; # (â¸; â¸; â¸; 8; 8; ) SUPERSCRIPT EIGHT +2079;2079;2079;0039;0039; # (â¹; â¹; â¹; 9; 9; ) SUPERSCRIPT NINE +207A;207A;207A;002B;002B; # (âº; âº; âº; +; +; ) SUPERSCRIPT PLUS SIGN +207B;207B;207B;2212;2212; # (â»; â»; â»; −; −; ) SUPERSCRIPT MINUS +207C;207C;207C;003D;003D; # (â¼; â¼; â¼; =; =; ) SUPERSCRIPT EQUALS SIGN +207D;207D;207D;0028;0028; # (â½; â½; â½; (; (; ) SUPERSCRIPT LEFT PARENTHESIS +207E;207E;207E;0029;0029; # (â¾; â¾; â¾; ); ); ) SUPERSCRIPT RIGHT PARENTHESIS +207F;207F;207F;006E;006E; # (â¿; â¿; â¿; n; n; ) SUPERSCRIPT LATIN SMALL LETTER N +2080;2080;2080;0030;0030; # (â‚€; â‚€; â‚€; 0; 0; ) SUBSCRIPT ZERO +2081;2081;2081;0031;0031; # (â‚; â‚; â‚; 1; 1; ) SUBSCRIPT ONE +2082;2082;2082;0032;0032; # (â‚‚; â‚‚; â‚‚; 2; 2; ) SUBSCRIPT TWO +2083;2083;2083;0033;0033; # (₃; ₃; ₃; 3; 3; ) SUBSCRIPT THREE +2084;2084;2084;0034;0034; # (â‚„; â‚„; â‚„; 4; 4; ) SUBSCRIPT FOUR +2085;2085;2085;0035;0035; # (â‚…; â‚…; â‚…; 5; 5; ) SUBSCRIPT FIVE +2086;2086;2086;0036;0036; # (₆; ₆; ₆; 6; 6; ) SUBSCRIPT SIX +2087;2087;2087;0037;0037; # (₇; ₇; ₇; 7; 7; ) SUBSCRIPT SEVEN +2088;2088;2088;0038;0038; # (₈; ₈; ₈; 8; 8; ) SUBSCRIPT EIGHT +2089;2089;2089;0039;0039; # (₉; ₉; ₉; 9; 9; ) SUBSCRIPT NINE +208A;208A;208A;002B;002B; # (â‚Š; â‚Š; â‚Š; +; +; ) SUBSCRIPT PLUS SIGN +208B;208B;208B;2212;2212; # (â‚‹; â‚‹; â‚‹; −; −; ) SUBSCRIPT MINUS +208C;208C;208C;003D;003D; # (â‚Œ; â‚Œ; â‚Œ; =; =; ) SUBSCRIPT EQUALS SIGN +208D;208D;208D;0028;0028; # (â‚; â‚; â‚; (; (; ) SUBSCRIPT LEFT PARENTHESIS +208E;208E;208E;0029;0029; # (â‚Ž; â‚Ž; â‚Ž; ); ); ) SUBSCRIPT RIGHT PARENTHESIS +20A8;20A8;20A8;0052 0073;0052 0073; # (₨; ₨; ₨; Rs; Rs; ) RUPEE SIGN +2100;2100;2100;0061 002F 0063;0061 002F 0063; # (â„€; â„€; â„€; a/c; a/c; ) ACCOUNT OF +2101;2101;2101;0061 002F 0073;0061 002F 0073; # (â„; â„; â„; a/s; a/s; ) ADDRESSED TO THE SUBJECT +2102;2102;2102;0043;0043; # (â„‚; â„‚; â„‚; C; C; ) DOUBLE-STRUCK CAPITAL C +2103;2103;2103;00B0 0043;00B0 0043; # (℃; ℃; ℃; °C; °C; ) DEGREE CELSIUS +2105;2105;2105;0063 002F 006F;0063 002F 006F; # (â„…; â„…; â„…; c/o; c/o; ) CARE OF +2106;2106;2106;0063 002F 0075;0063 002F 0075; # (℆; ℆; ℆; c/u; c/u; ) CADA UNA +2107;2107;2107;0190;0190; # (ℇ; ℇ; ℇ; Æ; Æ; ) EULER CONSTANT +2109;2109;2109;00B0 0046;00B0 0046; # (℉; ℉; ℉; °F; °F; ) DEGREE FAHRENHEIT +210A;210A;210A;0067;0067; # (â„Š; â„Š; â„Š; g; g; ) SCRIPT SMALL G +210B;210B;210B;0048;0048; # (â„‹; â„‹; â„‹; H; H; ) SCRIPT CAPITAL H +210C;210C;210C;0048;0048; # (â„Œ; â„Œ; â„Œ; H; H; ) BLACK-LETTER CAPITAL H +210D;210D;210D;0048;0048; # (â„; â„; â„; H; H; ) DOUBLE-STRUCK CAPITAL H +210E;210E;210E;0068;0068; # (â„Ž; â„Ž; â„Ž; h; h; ) PLANCK CONSTANT +210F;210F;210F;0127;0127; # (â„; â„; â„; ħ; ħ; ) PLANCK CONSTANT OVER TWO PI +2110;2110;2110;0049;0049; # (â„; â„; â„; I; I; ) SCRIPT CAPITAL I +2111;2111;2111;0049;0049; # (â„‘; â„‘; â„‘; I; I; ) BLACK-LETTER CAPITAL I +2112;2112;2112;004C;004C; # (â„’; â„’; â„’; L; L; ) SCRIPT CAPITAL L +2113;2113;2113;006C;006C; # (â„“; â„“; â„“; l; l; ) SCRIPT SMALL L +2115;2115;2115;004E;004E; # (â„•; â„•; â„•; N; N; ) DOUBLE-STRUCK CAPITAL N +2116;2116;2116;004E 006F;004E 006F; # (â„–; â„–; â„–; No; No; ) NUMERO SIGN +2119;2119;2119;0050;0050; # (â„™; â„™; â„™; P; P; ) DOUBLE-STRUCK CAPITAL P +211A;211A;211A;0051;0051; # (â„š; â„š; â„š; Q; Q; ) DOUBLE-STRUCK CAPITAL Q +211B;211B;211B;0052;0052; # (â„›; â„›; â„›; R; R; ) SCRIPT CAPITAL R +211C;211C;211C;0052;0052; # (â„œ; â„œ; â„œ; R; R; ) BLACK-LETTER CAPITAL R +211D;211D;211D;0052;0052; # (â„; â„; â„; R; R; ) DOUBLE-STRUCK CAPITAL R +2120;2120;2120;0053 004D;0053 004D; # (â„ ; â„ ; â„ ; SM; SM; ) SERVICE MARK +2121;2121;2121;0054 0045 004C;0054 0045 004C; # (â„¡; â„¡; â„¡; TEL; TEL; ) TELEPHONE SIGN +2122;2122;2122;0054 004D;0054 004D; # (â„¢; â„¢; â„¢; TM; TM; ) TRADE MARK SIGN +2124;2124;2124;005A;005A; # (ℤ; ℤ; ℤ; Z; Z; ) DOUBLE-STRUCK CAPITAL Z +2126;03A9;03A9;03A9;03A9; # (Ω; Ω; Ω; Ω; Ω; ) OHM SIGN +2128;2128;2128;005A;005A; # (ℨ; ℨ; ℨ; Z; Z; ) BLACK-LETTER CAPITAL Z +212A;004B;004B;004B;004B; # (K; K; K; K; K; ) KELVIN SIGN +212B;00C5;0041 030A;00C5;0041 030A; # (â„«; Ã…; A◌̊; Ã…; A◌̊; ) ANGSTROM SIGN +212C;212C;212C;0042;0042; # (ℬ; ℬ; ℬ; B; B; ) SCRIPT CAPITAL B +212D;212D;212D;0043;0043; # (â„­; â„­; â„­; C; C; ) BLACK-LETTER CAPITAL C +212F;212F;212F;0065;0065; # (ℯ; ℯ; ℯ; e; e; ) SCRIPT SMALL E +2130;2130;2130;0045;0045; # (â„°; â„°; â„°; E; E; ) SCRIPT CAPITAL E +2131;2131;2131;0046;0046; # (ℱ; ℱ; ℱ; F; F; ) SCRIPT CAPITAL F +2133;2133;2133;004D;004D; # (ℳ; ℳ; ℳ; M; M; ) SCRIPT CAPITAL M +2134;2134;2134;006F;006F; # (â„´; â„´; â„´; o; o; ) SCRIPT SMALL O +2135;2135;2135;05D0;05D0; # (ℵ; ℵ; ℵ; ×; ×; ) ALEF SYMBOL +2136;2136;2136;05D1;05D1; # (ℶ; ℶ; ℶ; ב; ב; ) BET SYMBOL +2137;2137;2137;05D2;05D2; # (â„·; â„·; â„·; ×’; ×’; ) GIMEL SYMBOL +2138;2138;2138;05D3;05D3; # (ℸ; ℸ; ℸ; ד; ד; ) DALET SYMBOL +2139;2139;2139;0069;0069; # (ℹ; ℹ; ℹ; i; i; ) INFORMATION SOURCE +213B;213B;213B;0046 0041 0058;0046 0041 0058; # (â„»; â„»; â„»; FAX; FAX; ) FACSIMILE SIGN +213D;213D;213D;03B3;03B3; # (ℽ; ℽ; ℽ; γ; γ; ) DOUBLE-STRUCK SMALL GAMMA +213E;213E;213E;0393;0393; # (ℾ; ℾ; ℾ; Γ; Γ; ) DOUBLE-STRUCK CAPITAL GAMMA +213F;213F;213F;03A0;03A0; # (â„¿; â„¿; â„¿; Π; Π; ) DOUBLE-STRUCK CAPITAL PI +2140;2140;2140;2211;2211; # (â…€; â…€; â…€; ∑; ∑; ) DOUBLE-STRUCK N-ARY SUMMATION +2145;2145;2145;0044;0044; # (â……; â……; â……; D; D; ) DOUBLE-STRUCK ITALIC CAPITAL D +2146;2146;2146;0064;0064; # (â…†; â…†; â…†; d; d; ) DOUBLE-STRUCK ITALIC SMALL D +2147;2147;2147;0065;0065; # (â…‡; â…‡; â…‡; e; e; ) DOUBLE-STRUCK ITALIC SMALL E +2148;2148;2148;0069;0069; # (â…ˆ; â…ˆ; â…ˆ; i; i; ) DOUBLE-STRUCK ITALIC SMALL I +2149;2149;2149;006A;006A; # (â…‰; â…‰; â…‰; j; j; ) DOUBLE-STRUCK ITALIC SMALL J +2153;2153;2153;0031 2044 0033;0031 2044 0033; # (â…“; â…“; â…“; 1â„3; 1â„3; ) VULGAR FRACTION ONE THIRD +2154;2154;2154;0032 2044 0033;0032 2044 0033; # (â…”; â…”; â…”; 2â„3; 2â„3; ) VULGAR FRACTION TWO THIRDS +2155;2155;2155;0031 2044 0035;0031 2044 0035; # (â…•; â…•; â…•; 1â„5; 1â„5; ) VULGAR FRACTION ONE FIFTH +2156;2156;2156;0032 2044 0035;0032 2044 0035; # (â…–; â…–; â…–; 2â„5; 2â„5; ) VULGAR FRACTION TWO FIFTHS +2157;2157;2157;0033 2044 0035;0033 2044 0035; # (â…—; â…—; â…—; 3â„5; 3â„5; ) VULGAR FRACTION THREE FIFTHS +2158;2158;2158;0034 2044 0035;0034 2044 0035; # (â…˜; â…˜; â…˜; 4â„5; 4â„5; ) VULGAR FRACTION FOUR FIFTHS +2159;2159;2159;0031 2044 0036;0031 2044 0036; # (â…™; â…™; â…™; 1â„6; 1â„6; ) VULGAR FRACTION ONE SIXTH +215A;215A;215A;0035 2044 0036;0035 2044 0036; # (â…š; â…š; â…š; 5â„6; 5â„6; ) VULGAR FRACTION FIVE SIXTHS +215B;215B;215B;0031 2044 0038;0031 2044 0038; # (â…›; â…›; â…›; 1â„8; 1â„8; ) VULGAR FRACTION ONE EIGHTH +215C;215C;215C;0033 2044 0038;0033 2044 0038; # (â…œ; â…œ; â…œ; 3â„8; 3â„8; ) VULGAR FRACTION THREE EIGHTHS +215D;215D;215D;0035 2044 0038;0035 2044 0038; # (â…; â…; â…; 5â„8; 5â„8; ) VULGAR FRACTION FIVE EIGHTHS +215E;215E;215E;0037 2044 0038;0037 2044 0038; # (â…ž; â…ž; â…ž; 7â„8; 7â„8; ) VULGAR FRACTION SEVEN EIGHTHS +215F;215F;215F;0031 2044;0031 2044; # (â…Ÿ; â…Ÿ; â…Ÿ; 1â„; 1â„; ) FRACTION NUMERATOR ONE +2160;2160;2160;0049;0049; # (â… ; â… ; â… ; I; I; ) ROMAN NUMERAL ONE +2161;2161;2161;0049 0049;0049 0049; # (â…¡; â…¡; â…¡; II; II; ) ROMAN NUMERAL TWO +2162;2162;2162;0049 0049 0049;0049 0049 0049; # (â…¢; â…¢; â…¢; III; III; ) ROMAN NUMERAL THREE +2163;2163;2163;0049 0056;0049 0056; # (â…£; â…£; â…£; IV; IV; ) ROMAN NUMERAL FOUR +2164;2164;2164;0056;0056; # (â…¤; â…¤; â…¤; V; V; ) ROMAN NUMERAL FIVE +2165;2165;2165;0056 0049;0056 0049; # (â…¥; â…¥; â…¥; VI; VI; ) ROMAN NUMERAL SIX +2166;2166;2166;0056 0049 0049;0056 0049 0049; # (â…¦; â…¦; â…¦; VII; VII; ) ROMAN NUMERAL SEVEN +2167;2167;2167;0056 0049 0049 0049;0056 0049 0049 0049; # (â…§; â…§; â…§; VIII; VIII; ) ROMAN NUMERAL EIGHT +2168;2168;2168;0049 0058;0049 0058; # (â…¨; â…¨; â…¨; IX; IX; ) ROMAN NUMERAL NINE +2169;2169;2169;0058;0058; # (â…©; â…©; â…©; X; X; ) ROMAN NUMERAL TEN +216A;216A;216A;0058 0049;0058 0049; # (â…ª; â…ª; â…ª; XI; XI; ) ROMAN NUMERAL ELEVEN +216B;216B;216B;0058 0049 0049;0058 0049 0049; # (â…«; â…«; â…«; XII; XII; ) ROMAN NUMERAL TWELVE +216C;216C;216C;004C;004C; # (â…¬; â…¬; â…¬; L; L; ) ROMAN NUMERAL FIFTY +216D;216D;216D;0043;0043; # (â…­; â…­; â…­; C; C; ) ROMAN NUMERAL ONE HUNDRED +216E;216E;216E;0044;0044; # (â…®; â…®; â…®; D; D; ) ROMAN NUMERAL FIVE HUNDRED +216F;216F;216F;004D;004D; # (â…¯; â…¯; â…¯; M; M; ) ROMAN NUMERAL ONE THOUSAND +2170;2170;2170;0069;0069; # (â…°; â…°; â…°; i; i; ) SMALL ROMAN NUMERAL ONE +2171;2171;2171;0069 0069;0069 0069; # (â…±; â…±; â…±; ii; ii; ) SMALL ROMAN NUMERAL TWO +2172;2172;2172;0069 0069 0069;0069 0069 0069; # (â…²; â…²; â…²; iii; iii; ) SMALL ROMAN NUMERAL THREE +2173;2173;2173;0069 0076;0069 0076; # (â…³; â…³; â…³; iv; iv; ) SMALL ROMAN NUMERAL FOUR +2174;2174;2174;0076;0076; # (â…´; â…´; â…´; v; v; ) SMALL ROMAN NUMERAL FIVE +2175;2175;2175;0076 0069;0076 0069; # (â…µ; â…µ; â…µ; vi; vi; ) SMALL ROMAN NUMERAL SIX +2176;2176;2176;0076 0069 0069;0076 0069 0069; # (â…¶; â…¶; â…¶; vii; vii; ) SMALL ROMAN NUMERAL SEVEN +2177;2177;2177;0076 0069 0069 0069;0076 0069 0069 0069; # (â…·; â…·; â…·; viii; viii; ) SMALL ROMAN NUMERAL EIGHT +2178;2178;2178;0069 0078;0069 0078; # (â…¸; â…¸; â…¸; ix; ix; ) SMALL ROMAN NUMERAL NINE +2179;2179;2179;0078;0078; # (â…¹; â…¹; â…¹; x; x; ) SMALL ROMAN NUMERAL TEN +217A;217A;217A;0078 0069;0078 0069; # (â…º; â…º; â…º; xi; xi; ) SMALL ROMAN NUMERAL ELEVEN +217B;217B;217B;0078 0069 0069;0078 0069 0069; # (â…»; â…»; â…»; xii; xii; ) SMALL ROMAN NUMERAL TWELVE +217C;217C;217C;006C;006C; # (â…¼; â…¼; â…¼; l; l; ) SMALL ROMAN NUMERAL FIFTY +217D;217D;217D;0063;0063; # (â…½; â…½; â…½; c; c; ) SMALL ROMAN NUMERAL ONE HUNDRED +217E;217E;217E;0064;0064; # (â…¾; â…¾; â…¾; d; d; ) SMALL ROMAN NUMERAL FIVE HUNDRED +217F;217F;217F;006D;006D; # (â…¿; â…¿; â…¿; m; m; ) SMALL ROMAN NUMERAL ONE THOUSAND +219A;219A;2190 0338;219A;2190 0338; # (↚; ↚; â†â—ŒÌ¸; ↚; â†â—ŒÌ¸; ) LEFTWARDS ARROW WITH STROKE +219B;219B;2192 0338;219B;2192 0338; # (↛; ↛; →◌̸; ↛; →◌̸; ) RIGHTWARDS ARROW WITH STROKE +21AE;21AE;2194 0338;21AE;2194 0338; # (↮; ↮; ↔◌̸; ↮; ↔◌̸; ) LEFT RIGHT ARROW WITH STROKE +21CD;21CD;21D0 0338;21CD;21D0 0338; # (â‡; â‡; â‡â—ŒÌ¸; â‡; â‡â—ŒÌ¸; ) LEFTWARDS DOUBLE ARROW WITH STROKE +21CE;21CE;21D4 0338;21CE;21D4 0338; # (⇎; ⇎; ⇔◌̸; ⇎; ⇔◌̸; ) LEFT RIGHT DOUBLE ARROW WITH STROKE +21CF;21CF;21D2 0338;21CF;21D2 0338; # (â‡; â‡; ⇒◌̸; â‡; ⇒◌̸; ) RIGHTWARDS DOUBLE ARROW WITH STROKE +2204;2204;2203 0338;2204;2203 0338; # (∄; ∄; ∃◌̸; ∄; ∃◌̸; ) THERE DOES NOT EXIST +2209;2209;2208 0338;2209;2208 0338; # (∉; ∉; ∈◌̸; ∉; ∈◌̸; ) NOT AN ELEMENT OF +220C;220C;220B 0338;220C;220B 0338; # (∌; ∌; ∋◌̸; ∌; ∋◌̸; ) DOES NOT CONTAIN AS MEMBER +2224;2224;2223 0338;2224;2223 0338; # (∤; ∤; ∣◌̸; ∤; ∣◌̸; ) DOES NOT DIVIDE +2226;2226;2225 0338;2226;2225 0338; # (∦; ∦; ∥◌̸; ∦; ∥◌̸; ) NOT PARALLEL TO +222C;222C;222C;222B 222B;222B 222B; # (∬; ∬; ∬; ∫∫; ∫∫; ) DOUBLE INTEGRAL +222D;222D;222D;222B 222B 222B;222B 222B 222B; # (∭; ∭; ∭; ∫∫∫; ∫∫∫; ) TRIPLE INTEGRAL +222F;222F;222F;222E 222E;222E 222E; # (∯; ∯; ∯; ∮∮; ∮∮; ) SURFACE INTEGRAL +2230;2230;2230;222E 222E 222E;222E 222E 222E; # (∰; ∰; ∰; ∮∮∮; ∮∮∮; ) VOLUME INTEGRAL +2241;2241;223C 0338;2241;223C 0338; # (â‰; â‰; ∼◌̸; â‰; ∼◌̸; ) NOT TILDE +2244;2244;2243 0338;2244;2243 0338; # (≄; ≄; ≃◌̸; ≄; ≃◌̸; ) NOT ASYMPTOTICALLY EQUAL TO +2247;2247;2245 0338;2247;2245 0338; # (≇; ≇; ≅◌̸; ≇; ≅◌̸; ) NEITHER APPROXIMATELY NOR ACTUALLY EQUAL TO +2249;2249;2248 0338;2249;2248 0338; # (≉; ≉; ≈◌̸; ≉; ≈◌̸; ) NOT ALMOST EQUAL TO +2260;2260;003D 0338;2260;003D 0338; # (≠; ≠; =◌̸; ≠; =◌̸; ) NOT EQUAL TO +2262;2262;2261 0338;2262;2261 0338; # (≢; ≢; ≡◌̸; ≢; ≡◌̸; ) NOT IDENTICAL TO +226D;226D;224D 0338;226D;224D 0338; # (≭; ≭; â‰â—ŒÌ¸; ≭; â‰â—ŒÌ¸; ) NOT EQUIVALENT TO +226E;226E;003C 0338;226E;003C 0338; # (≮; ≮; <◌̸; ≮; <◌̸; ) NOT LESS-THAN +226F;226F;003E 0338;226F;003E 0338; # (≯; ≯; >◌̸; ≯; >◌̸; ) NOT GREATER-THAN +2270;2270;2264 0338;2270;2264 0338; # (≰; ≰; ≤◌̸; ≰; ≤◌̸; ) NEITHER LESS-THAN NOR EQUAL TO +2271;2271;2265 0338;2271;2265 0338; # (≱; ≱; ≥◌̸; ≱; ≥◌̸; ) NEITHER GREATER-THAN NOR EQUAL TO +2274;2274;2272 0338;2274;2272 0338; # (≴; ≴; ≲◌̸; ≴; ≲◌̸; ) NEITHER LESS-THAN NOR EQUIVALENT TO +2275;2275;2273 0338;2275;2273 0338; # (≵; ≵; ≳◌̸; ≵; ≳◌̸; ) NEITHER GREATER-THAN NOR EQUIVALENT TO +2278;2278;2276 0338;2278;2276 0338; # (≸; ≸; ≶◌̸; ≸; ≶◌̸; ) NEITHER LESS-THAN NOR GREATER-THAN +2279;2279;2277 0338;2279;2277 0338; # (≹; ≹; ≷◌̸; ≹; ≷◌̸; ) NEITHER GREATER-THAN NOR LESS-THAN +2280;2280;227A 0338;2280;227A 0338; # (⊀; ⊀; ≺◌̸; ⊀; ≺◌̸; ) DOES NOT PRECEDE +2281;2281;227B 0338;2281;227B 0338; # (âŠ; âŠ; ≻◌̸; âŠ; ≻◌̸; ) DOES NOT SUCCEED +2284;2284;2282 0338;2284;2282 0338; # (⊄; ⊄; ⊂◌̸; ⊄; ⊂◌̸; ) NOT A SUBSET OF +2285;2285;2283 0338;2285;2283 0338; # (⊅; ⊅; ⊃◌̸; ⊅; ⊃◌̸; ) NOT A SUPERSET OF +2288;2288;2286 0338;2288;2286 0338; # (⊈; ⊈; ⊆◌̸; ⊈; ⊆◌̸; ) NEITHER A SUBSET OF NOR EQUAL TO +2289;2289;2287 0338;2289;2287 0338; # (⊉; ⊉; ⊇◌̸; ⊉; ⊇◌̸; ) NEITHER A SUPERSET OF NOR EQUAL TO +22AC;22AC;22A2 0338;22AC;22A2 0338; # (⊬; ⊬; ⊢◌̸; ⊬; ⊢◌̸; ) DOES NOT PROVE +22AD;22AD;22A8 0338;22AD;22A8 0338; # (⊭; ⊭; ⊨◌̸; ⊭; ⊨◌̸; ) NOT TRUE +22AE;22AE;22A9 0338;22AE;22A9 0338; # (⊮; ⊮; ⊩◌̸; ⊮; ⊩◌̸; ) DOES NOT FORCE +22AF;22AF;22AB 0338;22AF;22AB 0338; # (⊯; ⊯; ⊫◌̸; ⊯; ⊫◌̸; ) NEGATED DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE +22E0;22E0;227C 0338;22E0;227C 0338; # (â‹ ; â‹ ; ≼◌̸; â‹ ; ≼◌̸; ) DOES NOT PRECEDE OR EQUAL +22E1;22E1;227D 0338;22E1;227D 0338; # (â‹¡; â‹¡; ≽◌̸; â‹¡; ≽◌̸; ) DOES NOT SUCCEED OR EQUAL +22E2;22E2;2291 0338;22E2;2291 0338; # (â‹¢; â‹¢; ⊑◌̸; â‹¢; ⊑◌̸; ) NOT SQUARE IMAGE OF OR EQUAL TO +22E3;22E3;2292 0338;22E3;2292 0338; # (â‹£; â‹£; ⊒◌̸; â‹£; ⊒◌̸; ) NOT SQUARE ORIGINAL OF OR EQUAL TO +22EA;22EA;22B2 0338;22EA;22B2 0338; # (⋪; ⋪; ⊲◌̸; ⋪; ⊲◌̸; ) NOT NORMAL SUBGROUP OF +22EB;22EB;22B3 0338;22EB;22B3 0338; # (â‹«; â‹«; ⊳◌̸; â‹«; ⊳◌̸; ) DOES NOT CONTAIN AS NORMAL SUBGROUP +22EC;22EC;22B4 0338;22EC;22B4 0338; # (⋬; ⋬; ⊴◌̸; ⋬; ⊴◌̸; ) NOT NORMAL SUBGROUP OF OR EQUAL TO +22ED;22ED;22B5 0338;22ED;22B5 0338; # (â‹­; â‹­; ⊵◌̸; â‹­; ⊵◌̸; ) DOES NOT CONTAIN AS NORMAL SUBGROUP OR EQUAL +2329;3008;3008;3008;3008; # (〈; 〈; 〈; 〈; 〈; ) LEFT-POINTING ANGLE BRACKET +232A;3009;3009;3009;3009; # (〉; 〉; 〉; 〉; 〉; ) RIGHT-POINTING ANGLE BRACKET +2460;2460;2460;0031;0031; # (â‘ ; â‘ ; â‘ ; 1; 1; ) CIRCLED DIGIT ONE +2461;2461;2461;0032;0032; # (â‘¡; â‘¡; â‘¡; 2; 2; ) CIRCLED DIGIT TWO +2462;2462;2462;0033;0033; # (â‘¢; â‘¢; â‘¢; 3; 3; ) CIRCLED DIGIT THREE +2463;2463;2463;0034;0034; # (â‘£; â‘£; â‘£; 4; 4; ) CIRCLED DIGIT FOUR +2464;2464;2464;0035;0035; # (⑤; ⑤; ⑤; 5; 5; ) CIRCLED DIGIT FIVE +2465;2465;2465;0036;0036; # (â‘¥; â‘¥; â‘¥; 6; 6; ) CIRCLED DIGIT SIX +2466;2466;2466;0037;0037; # (⑦; ⑦; ⑦; 7; 7; ) CIRCLED DIGIT SEVEN +2467;2467;2467;0038;0038; # (⑧; ⑧; ⑧; 8; 8; ) CIRCLED DIGIT EIGHT +2468;2468;2468;0039;0039; # (⑨; ⑨; ⑨; 9; 9; ) CIRCLED DIGIT NINE +2469;2469;2469;0031 0030;0031 0030; # (â‘©; â‘©; â‘©; 10; 10; ) CIRCLED NUMBER TEN +246A;246A;246A;0031 0031;0031 0031; # (⑪; ⑪; ⑪; 11; 11; ) CIRCLED NUMBER ELEVEN +246B;246B;246B;0031 0032;0031 0032; # (â‘«; â‘«; â‘«; 12; 12; ) CIRCLED NUMBER TWELVE +246C;246C;246C;0031 0033;0031 0033; # (⑬; ⑬; ⑬; 13; 13; ) CIRCLED NUMBER THIRTEEN +246D;246D;246D;0031 0034;0031 0034; # (â‘­; â‘­; â‘­; 14; 14; ) CIRCLED NUMBER FOURTEEN +246E;246E;246E;0031 0035;0031 0035; # (â‘®; â‘®; â‘®; 15; 15; ) CIRCLED NUMBER FIFTEEN +246F;246F;246F;0031 0036;0031 0036; # (⑯; ⑯; ⑯; 16; 16; ) CIRCLED NUMBER SIXTEEN +2470;2470;2470;0031 0037;0031 0037; # (â‘°; â‘°; â‘°; 17; 17; ) CIRCLED NUMBER SEVENTEEN +2471;2471;2471;0031 0038;0031 0038; # (⑱; ⑱; ⑱; 18; 18; ) CIRCLED NUMBER EIGHTEEN +2472;2472;2472;0031 0039;0031 0039; # (⑲; ⑲; ⑲; 19; 19; ) CIRCLED NUMBER NINETEEN +2473;2473;2473;0032 0030;0032 0030; # (⑳; ⑳; ⑳; 20; 20; ) CIRCLED NUMBER TWENTY +2474;2474;2474;0028 0031 0029;0028 0031 0029; # (â‘´; â‘´; â‘´; (1); (1); ) PARENTHESIZED DIGIT ONE +2475;2475;2475;0028 0032 0029;0028 0032 0029; # (⑵; ⑵; ⑵; (2); (2); ) PARENTHESIZED DIGIT TWO +2476;2476;2476;0028 0033 0029;0028 0033 0029; # (⑶; ⑶; ⑶; (3); (3); ) PARENTHESIZED DIGIT THREE +2477;2477;2477;0028 0034 0029;0028 0034 0029; # (â‘·; â‘·; â‘·; (4); (4); ) PARENTHESIZED DIGIT FOUR +2478;2478;2478;0028 0035 0029;0028 0035 0029; # (⑸; ⑸; ⑸; (5); (5); ) PARENTHESIZED DIGIT FIVE +2479;2479;2479;0028 0036 0029;0028 0036 0029; # (⑹; ⑹; ⑹; (6); (6); ) PARENTHESIZED DIGIT SIX +247A;247A;247A;0028 0037 0029;0028 0037 0029; # (⑺; ⑺; ⑺; (7); (7); ) PARENTHESIZED DIGIT SEVEN +247B;247B;247B;0028 0038 0029;0028 0038 0029; # (â‘»; â‘»; â‘»; (8); (8); ) PARENTHESIZED DIGIT EIGHT +247C;247C;247C;0028 0039 0029;0028 0039 0029; # (⑼; ⑼; ⑼; (9); (9); ) PARENTHESIZED DIGIT NINE +247D;247D;247D;0028 0031 0030 0029;0028 0031 0030 0029; # (⑽; ⑽; ⑽; (10); (10); ) PARENTHESIZED NUMBER TEN +247E;247E;247E;0028 0031 0031 0029;0028 0031 0031 0029; # (⑾; ⑾; ⑾; (11); (11); ) PARENTHESIZED NUMBER ELEVEN +247F;247F;247F;0028 0031 0032 0029;0028 0031 0032 0029; # (â‘¿; â‘¿; â‘¿; (12); (12); ) PARENTHESIZED NUMBER TWELVE +2480;2480;2480;0028 0031 0033 0029;0028 0031 0033 0029; # (â’€; â’€; â’€; (13); (13); ) PARENTHESIZED NUMBER THIRTEEN +2481;2481;2481;0028 0031 0034 0029;0028 0031 0034 0029; # (â’; â’; â’; (14); (14); ) PARENTHESIZED NUMBER FOURTEEN +2482;2482;2482;0028 0031 0035 0029;0028 0031 0035 0029; # (â’‚; â’‚; â’‚; (15); (15); ) PARENTHESIZED NUMBER FIFTEEN +2483;2483;2483;0028 0031 0036 0029;0028 0031 0036 0029; # (â’ƒ; â’ƒ; â’ƒ; (16); (16); ) PARENTHESIZED NUMBER SIXTEEN +2484;2484;2484;0028 0031 0037 0029;0028 0031 0037 0029; # (â’„; â’„; â’„; (17); (17); ) PARENTHESIZED NUMBER SEVENTEEN +2485;2485;2485;0028 0031 0038 0029;0028 0031 0038 0029; # (â’…; â’…; â’…; (18); (18); ) PARENTHESIZED NUMBER EIGHTEEN +2486;2486;2486;0028 0031 0039 0029;0028 0031 0039 0029; # (â’†; â’†; â’†; (19); (19); ) PARENTHESIZED NUMBER NINETEEN +2487;2487;2487;0028 0032 0030 0029;0028 0032 0030 0029; # (â’‡; â’‡; â’‡; (20); (20); ) PARENTHESIZED NUMBER TWENTY +2488;2488;2488;0031 002E;0031 002E; # (â’ˆ; â’ˆ; â’ˆ; 1.; 1.; ) DIGIT ONE FULL STOP +2489;2489;2489;0032 002E;0032 002E; # (â’‰; â’‰; â’‰; 2.; 2.; ) DIGIT TWO FULL STOP +248A;248A;248A;0033 002E;0033 002E; # (â’Š; â’Š; â’Š; 3.; 3.; ) DIGIT THREE FULL STOP +248B;248B;248B;0034 002E;0034 002E; # (â’‹; â’‹; â’‹; 4.; 4.; ) DIGIT FOUR FULL STOP +248C;248C;248C;0035 002E;0035 002E; # (â’Œ; â’Œ; â’Œ; 5.; 5.; ) DIGIT FIVE FULL STOP +248D;248D;248D;0036 002E;0036 002E; # (â’; â’; â’; 6.; 6.; ) DIGIT SIX FULL STOP +248E;248E;248E;0037 002E;0037 002E; # (â’Ž; â’Ž; â’Ž; 7.; 7.; ) DIGIT SEVEN FULL STOP +248F;248F;248F;0038 002E;0038 002E; # (â’; â’; â’; 8.; 8.; ) DIGIT EIGHT FULL STOP +2490;2490;2490;0039 002E;0039 002E; # (â’; â’; â’; 9.; 9.; ) DIGIT NINE FULL STOP +2491;2491;2491;0031 0030 002E;0031 0030 002E; # (â’‘; â’‘; â’‘; 10.; 10.; ) NUMBER TEN FULL STOP +2492;2492;2492;0031 0031 002E;0031 0031 002E; # (â’’; â’’; â’’; 11.; 11.; ) NUMBER ELEVEN FULL STOP +2493;2493;2493;0031 0032 002E;0031 0032 002E; # (â’“; â’“; â’“; 12.; 12.; ) NUMBER TWELVE FULL STOP +2494;2494;2494;0031 0033 002E;0031 0033 002E; # (â’”; â’”; â’”; 13.; 13.; ) NUMBER THIRTEEN FULL STOP +2495;2495;2495;0031 0034 002E;0031 0034 002E; # (â’•; â’•; â’•; 14.; 14.; ) NUMBER FOURTEEN FULL STOP +2496;2496;2496;0031 0035 002E;0031 0035 002E; # (â’–; â’–; â’–; 15.; 15.; ) NUMBER FIFTEEN FULL STOP +2497;2497;2497;0031 0036 002E;0031 0036 002E; # (â’—; â’—; â’—; 16.; 16.; ) NUMBER SIXTEEN FULL STOP +2498;2498;2498;0031 0037 002E;0031 0037 002E; # (â’˜; â’˜; â’˜; 17.; 17.; ) NUMBER SEVENTEEN FULL STOP +2499;2499;2499;0031 0038 002E;0031 0038 002E; # (â’™; â’™; â’™; 18.; 18.; ) NUMBER EIGHTEEN FULL STOP +249A;249A;249A;0031 0039 002E;0031 0039 002E; # (â’š; â’š; â’š; 19.; 19.; ) NUMBER NINETEEN FULL STOP +249B;249B;249B;0032 0030 002E;0032 0030 002E; # (â’›; â’›; â’›; 20.; 20.; ) NUMBER TWENTY FULL STOP +249C;249C;249C;0028 0061 0029;0028 0061 0029; # (â’œ; â’œ; â’œ; (a); (a); ) PARENTHESIZED LATIN SMALL LETTER A +249D;249D;249D;0028 0062 0029;0028 0062 0029; # (â’; â’; â’; (b); (b); ) PARENTHESIZED LATIN SMALL LETTER B +249E;249E;249E;0028 0063 0029;0028 0063 0029; # (â’ž; â’ž; â’ž; (c); (c); ) PARENTHESIZED LATIN SMALL LETTER C +249F;249F;249F;0028 0064 0029;0028 0064 0029; # (â’Ÿ; â’Ÿ; â’Ÿ; (d); (d); ) PARENTHESIZED LATIN SMALL LETTER D +24A0;24A0;24A0;0028 0065 0029;0028 0065 0029; # (â’ ; â’ ; â’ ; (e); (e); ) PARENTHESIZED LATIN SMALL LETTER E +24A1;24A1;24A1;0028 0066 0029;0028 0066 0029; # (â’¡; â’¡; â’¡; (f); (f); ) PARENTHESIZED LATIN SMALL LETTER F +24A2;24A2;24A2;0028 0067 0029;0028 0067 0029; # (â’¢; â’¢; â’¢; (g); (g); ) PARENTHESIZED LATIN SMALL LETTER G +24A3;24A3;24A3;0028 0068 0029;0028 0068 0029; # (â’£; â’£; â’£; (h); (h); ) PARENTHESIZED LATIN SMALL LETTER H +24A4;24A4;24A4;0028 0069 0029;0028 0069 0029; # (â’¤; â’¤; â’¤; (i); (i); ) PARENTHESIZED LATIN SMALL LETTER I +24A5;24A5;24A5;0028 006A 0029;0028 006A 0029; # (â’¥; â’¥; â’¥; (j); (j); ) PARENTHESIZED LATIN SMALL LETTER J +24A6;24A6;24A6;0028 006B 0029;0028 006B 0029; # (â’¦; â’¦; â’¦; (k); (k); ) PARENTHESIZED LATIN SMALL LETTER K +24A7;24A7;24A7;0028 006C 0029;0028 006C 0029; # (â’§; â’§; â’§; (l); (l); ) PARENTHESIZED LATIN SMALL LETTER L +24A8;24A8;24A8;0028 006D 0029;0028 006D 0029; # (â’¨; â’¨; â’¨; (m); (m); ) PARENTHESIZED LATIN SMALL LETTER M +24A9;24A9;24A9;0028 006E 0029;0028 006E 0029; # (â’©; â’©; â’©; (n); (n); ) PARENTHESIZED LATIN SMALL LETTER N +24AA;24AA;24AA;0028 006F 0029;0028 006F 0029; # (â’ª; â’ª; â’ª; (o); (o); ) PARENTHESIZED LATIN SMALL LETTER O +24AB;24AB;24AB;0028 0070 0029;0028 0070 0029; # (â’«; â’«; â’«; (p); (p); ) PARENTHESIZED LATIN SMALL LETTER P +24AC;24AC;24AC;0028 0071 0029;0028 0071 0029; # (â’¬; â’¬; â’¬; (q); (q); ) PARENTHESIZED LATIN SMALL LETTER Q +24AD;24AD;24AD;0028 0072 0029;0028 0072 0029; # (â’­; â’­; â’­; (r); (r); ) PARENTHESIZED LATIN SMALL LETTER R +24AE;24AE;24AE;0028 0073 0029;0028 0073 0029; # (â’®; â’®; â’®; (s); (s); ) PARENTHESIZED LATIN SMALL LETTER S +24AF;24AF;24AF;0028 0074 0029;0028 0074 0029; # (â’¯; â’¯; â’¯; (t); (t); ) PARENTHESIZED LATIN SMALL LETTER T +24B0;24B0;24B0;0028 0075 0029;0028 0075 0029; # (â’°; â’°; â’°; (u); (u); ) PARENTHESIZED LATIN SMALL LETTER U +24B1;24B1;24B1;0028 0076 0029;0028 0076 0029; # (â’±; â’±; â’±; (v); (v); ) PARENTHESIZED LATIN SMALL LETTER V +24B2;24B2;24B2;0028 0077 0029;0028 0077 0029; # (â’²; â’²; â’²; (w); (w); ) PARENTHESIZED LATIN SMALL LETTER W +24B3;24B3;24B3;0028 0078 0029;0028 0078 0029; # (â’³; â’³; â’³; (x); (x); ) PARENTHESIZED LATIN SMALL LETTER X +24B4;24B4;24B4;0028 0079 0029;0028 0079 0029; # (â’´; â’´; â’´; (y); (y); ) PARENTHESIZED LATIN SMALL LETTER Y +24B5;24B5;24B5;0028 007A 0029;0028 007A 0029; # (â’µ; â’µ; â’µ; (z); (z); ) PARENTHESIZED LATIN SMALL LETTER Z +24B6;24B6;24B6;0041;0041; # (â’¶; â’¶; â’¶; A; A; ) CIRCLED LATIN CAPITAL LETTER A +24B7;24B7;24B7;0042;0042; # (â’·; â’·; â’·; B; B; ) CIRCLED LATIN CAPITAL LETTER B +24B8;24B8;24B8;0043;0043; # (â’¸; â’¸; â’¸; C; C; ) CIRCLED LATIN CAPITAL LETTER C +24B9;24B9;24B9;0044;0044; # (â’¹; â’¹; â’¹; D; D; ) CIRCLED LATIN CAPITAL LETTER D +24BA;24BA;24BA;0045;0045; # (â’º; â’º; â’º; E; E; ) CIRCLED LATIN CAPITAL LETTER E +24BB;24BB;24BB;0046;0046; # (â’»; â’»; â’»; F; F; ) CIRCLED LATIN CAPITAL LETTER F +24BC;24BC;24BC;0047;0047; # (â’¼; â’¼; â’¼; G; G; ) CIRCLED LATIN CAPITAL LETTER G +24BD;24BD;24BD;0048;0048; # (â’½; â’½; â’½; H; H; ) CIRCLED LATIN CAPITAL LETTER H +24BE;24BE;24BE;0049;0049; # (â’¾; â’¾; â’¾; I; I; ) CIRCLED LATIN CAPITAL LETTER I +24BF;24BF;24BF;004A;004A; # (â’¿; â’¿; â’¿; J; J; ) CIRCLED LATIN CAPITAL LETTER J +24C0;24C0;24C0;004B;004B; # (â“€; â“€; â“€; K; K; ) CIRCLED LATIN CAPITAL LETTER K +24C1;24C1;24C1;004C;004C; # (â“; â“; â“; L; L; ) CIRCLED LATIN CAPITAL LETTER L +24C2;24C2;24C2;004D;004D; # (â“‚; â“‚; â“‚; M; M; ) CIRCLED LATIN CAPITAL LETTER M +24C3;24C3;24C3;004E;004E; # (Ⓝ; Ⓝ; Ⓝ; N; N; ) CIRCLED LATIN CAPITAL LETTER N +24C4;24C4;24C4;004F;004F; # (â“„; â“„; â“„; O; O; ) CIRCLED LATIN CAPITAL LETTER O +24C5;24C5;24C5;0050;0050; # (â“…; â“…; â“…; P; P; ) CIRCLED LATIN CAPITAL LETTER P +24C6;24C6;24C6;0051;0051; # (Ⓠ; Ⓠ; Ⓠ; Q; Q; ) CIRCLED LATIN CAPITAL LETTER Q +24C7;24C7;24C7;0052;0052; # (Ⓡ; Ⓡ; Ⓡ; R; R; ) CIRCLED LATIN CAPITAL LETTER R +24C8;24C8;24C8;0053;0053; # (Ⓢ; Ⓢ; Ⓢ; S; S; ) CIRCLED LATIN CAPITAL LETTER S +24C9;24C9;24C9;0054;0054; # (Ⓣ; Ⓣ; Ⓣ; T; T; ) CIRCLED LATIN CAPITAL LETTER T +24CA;24CA;24CA;0055;0055; # (â“Š; â“Š; â“Š; U; U; ) CIRCLED LATIN CAPITAL LETTER U +24CB;24CB;24CB;0056;0056; # (â“‹; â“‹; â“‹; V; V; ) CIRCLED LATIN CAPITAL LETTER V +24CC;24CC;24CC;0057;0057; # (â“Œ; â“Œ; â“Œ; W; W; ) CIRCLED LATIN CAPITAL LETTER W +24CD;24CD;24CD;0058;0058; # (â“; â“; â“; X; X; ) CIRCLED LATIN CAPITAL LETTER X +24CE;24CE;24CE;0059;0059; # (â“Ž; â“Ž; â“Ž; Y; Y; ) CIRCLED LATIN CAPITAL LETTER Y +24CF;24CF;24CF;005A;005A; # (â“; â“; â“; Z; Z; ) CIRCLED LATIN CAPITAL LETTER Z +24D0;24D0;24D0;0061;0061; # (â“; â“; â“; a; a; ) CIRCLED LATIN SMALL LETTER A +24D1;24D1;24D1;0062;0062; # (â“‘; â“‘; â“‘; b; b; ) CIRCLED LATIN SMALL LETTER B +24D2;24D2;24D2;0063;0063; # (â“’; â“’; â“’; c; c; ) CIRCLED LATIN SMALL LETTER C +24D3;24D3;24D3;0064;0064; # (â““; â““; â““; d; d; ) CIRCLED LATIN SMALL LETTER D +24D4;24D4;24D4;0065;0065; # (â“”; â“”; â“”; e; e; ) CIRCLED LATIN SMALL LETTER E +24D5;24D5;24D5;0066;0066; # (â“•; â“•; â“•; f; f; ) CIRCLED LATIN SMALL LETTER F +24D6;24D6;24D6;0067;0067; # (â“–; â“–; â“–; g; g; ) CIRCLED LATIN SMALL LETTER G +24D7;24D7;24D7;0068;0068; # (â“—; â“—; â“—; h; h; ) CIRCLED LATIN SMALL LETTER H +24D8;24D8;24D8;0069;0069; # (ⓘ; ⓘ; ⓘ; i; i; ) CIRCLED LATIN SMALL LETTER I +24D9;24D9;24D9;006A;006A; # (â“™; â“™; â“™; j; j; ) CIRCLED LATIN SMALL LETTER J +24DA;24DA;24DA;006B;006B; # (â“š; â“š; â“š; k; k; ) CIRCLED LATIN SMALL LETTER K +24DB;24DB;24DB;006C;006C; # (â“›; â“›; â“›; l; l; ) CIRCLED LATIN SMALL LETTER L +24DC;24DC;24DC;006D;006D; # (â“œ; â“œ; â“œ; m; m; ) CIRCLED LATIN SMALL LETTER M +24DD;24DD;24DD;006E;006E; # (â“; â“; â“; n; n; ) CIRCLED LATIN SMALL LETTER N +24DE;24DE;24DE;006F;006F; # (â“ž; â“ž; â“ž; o; o; ) CIRCLED LATIN SMALL LETTER O +24DF;24DF;24DF;0070;0070; # (â“Ÿ; â“Ÿ; â“Ÿ; p; p; ) CIRCLED LATIN SMALL LETTER P +24E0;24E0;24E0;0071;0071; # (â“ ; â“ ; â“ ; q; q; ) CIRCLED LATIN SMALL LETTER Q +24E1;24E1;24E1;0072;0072; # (â“¡; â“¡; â“¡; r; r; ) CIRCLED LATIN SMALL LETTER R +24E2;24E2;24E2;0073;0073; # (â“¢; â“¢; â“¢; s; s; ) CIRCLED LATIN SMALL LETTER S +24E3;24E3;24E3;0074;0074; # (â“£; â“£; â“£; t; t; ) CIRCLED LATIN SMALL LETTER T +24E4;24E4;24E4;0075;0075; # (ⓤ; ⓤ; ⓤ; u; u; ) CIRCLED LATIN SMALL LETTER U +24E5;24E5;24E5;0076;0076; # (â“¥; â“¥; â“¥; v; v; ) CIRCLED LATIN SMALL LETTER V +24E6;24E6;24E6;0077;0077; # (ⓦ; ⓦ; ⓦ; w; w; ) CIRCLED LATIN SMALL LETTER W +24E7;24E7;24E7;0078;0078; # (ⓧ; ⓧ; ⓧ; x; x; ) CIRCLED LATIN SMALL LETTER X +24E8;24E8;24E8;0079;0079; # (ⓨ; ⓨ; ⓨ; y; y; ) CIRCLED LATIN SMALL LETTER Y +24E9;24E9;24E9;007A;007A; # (â“©; â“©; â“©; z; z; ) CIRCLED LATIN SMALL LETTER Z +24EA;24EA;24EA;0030;0030; # (⓪; ⓪; ⓪; 0; 0; ) CIRCLED DIGIT ZERO +2A0C;2A0C;2A0C;222B 222B 222B 222B;222B 222B 222B 222B; # (⨌; ⨌; ⨌; ∫∫∫∫; ∫∫∫∫; ) QUADRUPLE INTEGRAL OPERATOR +2A74;2A74;2A74;003A 003A 003D;003A 003A 003D; # (â©´; â©´; â©´; ::=; ::=; ) DOUBLE COLON EQUAL +2A75;2A75;2A75;003D 003D;003D 003D; # (⩵; ⩵; ⩵; ==; ==; ) TWO CONSECUTIVE EQUALS SIGNS +2A76;2A76;2A76;003D 003D 003D;003D 003D 003D; # (⩶; ⩶; ⩶; ===; ===; ) THREE CONSECUTIVE EQUALS SIGNS +2ADC;2ADD 0338;2ADD 0338;2ADD 0338;2ADD 0338; # (â«œ; â«â—ŒÌ¸; â«â—ŒÌ¸; â«â—ŒÌ¸; â«â—ŒÌ¸; ) FORKING +2E9F;2E9F;2E9F;6BCD;6BCD; # (⺟; ⺟; ⺟; æ¯; æ¯; ) CJK RADICAL MOTHER +2EF3;2EF3;2EF3;9F9F;9F9F; # (⻳; ⻳; ⻳; 龟; 龟; ) CJK RADICAL C-SIMPLIFIED TURTLE +2F00;2F00;2F00;4E00;4E00; # (â¼€; â¼€; â¼€; 一; 一; ) KANGXI RADICAL ONE +2F01;2F01;2F01;4E28;4E28; # (â¼; â¼; â¼; 丨; 丨; ) KANGXI RADICAL LINE +2F02;2F02;2F02;4E36;4E36; # (⼂; ⼂; ⼂; 丶; 丶; ) KANGXI RADICAL DOT +2F03;2F03;2F03;4E3F;4E3F; # (⼃; ⼃; ⼃; 丿; 丿; ) KANGXI RADICAL SLASH +2F04;2F04;2F04;4E59;4E59; # (⼄; ⼄; ⼄; ä¹™; ä¹™; ) KANGXI RADICAL SECOND +2F05;2F05;2F05;4E85;4E85; # (â¼…; â¼…; â¼…; 亅; 亅; ) KANGXI RADICAL HOOK +2F06;2F06;2F06;4E8C;4E8C; # (⼆; ⼆; ⼆; 二; 二; ) KANGXI RADICAL TWO +2F07;2F07;2F07;4EA0;4EA0; # (⼇; ⼇; ⼇; 亠; 亠; ) KANGXI RADICAL LID +2F08;2F08;2F08;4EBA;4EBA; # (⼈; ⼈; ⼈; 人; 人; ) KANGXI RADICAL MAN +2F09;2F09;2F09;513F;513F; # (⼉; ⼉; ⼉; å„¿; å„¿; ) KANGXI RADICAL LEGS +2F0A;2F0A;2F0A;5165;5165; # (⼊; ⼊; ⼊; å…¥; å…¥; ) KANGXI RADICAL ENTER +2F0B;2F0B;2F0B;516B;516B; # (⼋; ⼋; ⼋; å…«; å…«; ) KANGXI RADICAL EIGHT +2F0C;2F0C;2F0C;5182;5182; # (⼌; ⼌; ⼌; 冂; 冂; ) KANGXI RADICAL DOWN BOX +2F0D;2F0D;2F0D;5196;5196; # (â¼; â¼; â¼; 冖; 冖; ) KANGXI RADICAL COVER +2F0E;2F0E;2F0E;51AB;51AB; # (⼎; ⼎; ⼎; 冫; 冫; ) KANGXI RADICAL ICE +2F0F;2F0F;2F0F;51E0;51E0; # (â¼; â¼; â¼; 几; 几; ) KANGXI RADICAL TABLE +2F10;2F10;2F10;51F5;51F5; # (â¼; â¼; â¼; 凵; 凵; ) KANGXI RADICAL OPEN BOX +2F11;2F11;2F11;5200;5200; # (⼑; ⼑; ⼑; 刀; 刀; ) KANGXI RADICAL KNIFE +2F12;2F12;2F12;529B;529B; # (â¼’; â¼’; â¼’; 力; 力; ) KANGXI RADICAL POWER +2F13;2F13;2F13;52F9;52F9; # (⼓; ⼓; ⼓; 勹; 勹; ) KANGXI RADICAL WRAP +2F14;2F14;2F14;5315;5315; # (â¼”; â¼”; â¼”; 匕; 匕; ) KANGXI RADICAL SPOON +2F15;2F15;2F15;531A;531A; # (⼕; ⼕; ⼕; 匚; 匚; ) KANGXI RADICAL RIGHT OPEN BOX +2F16;2F16;2F16;5338;5338; # (â¼–; â¼–; â¼–; 匸; 匸; ) KANGXI RADICAL HIDING ENCLOSURE +2F17;2F17;2F17;5341;5341; # (â¼—; â¼—; â¼—; å; å; ) KANGXI RADICAL TEN +2F18;2F18;2F18;535C;535C; # (⼘; ⼘; ⼘; åœ; åœ; ) KANGXI RADICAL DIVINATION +2F19;2F19;2F19;5369;5369; # (â¼™; â¼™; â¼™; å©; å©; ) KANGXI RADICAL SEAL +2F1A;2F1A;2F1A;5382;5382; # (⼚; ⼚; ⼚; 厂; 厂; ) KANGXI RADICAL CLIFF +2F1B;2F1B;2F1B;53B6;53B6; # (â¼›; â¼›; â¼›; 厶; 厶; ) KANGXI RADICAL PRIVATE +2F1C;2F1C;2F1C;53C8;53C8; # (⼜; ⼜; ⼜; åˆ; åˆ; ) KANGXI RADICAL AGAIN +2F1D;2F1D;2F1D;53E3;53E3; # (â¼; â¼; â¼; å£; å£; ) KANGXI RADICAL MOUTH +2F1E;2F1E;2F1E;56D7;56D7; # (⼞; ⼞; ⼞; å›—; å›—; ) KANGXI RADICAL ENCLOSURE +2F1F;2F1F;2F1F;571F;571F; # (⼟; ⼟; ⼟; 土; 土; ) KANGXI RADICAL EARTH +2F20;2F20;2F20;58EB;58EB; # (â¼ ; â¼ ; â¼ ; 士; 士; ) KANGXI RADICAL SCHOLAR +2F21;2F21;2F21;5902;5902; # (⼡; ⼡; ⼡; 夂; 夂; ) KANGXI RADICAL GO +2F22;2F22;2F22;590A;590A; # (â¼¢; â¼¢; â¼¢; 夊; 夊; ) KANGXI RADICAL GO SLOWLY +2F23;2F23;2F23;5915;5915; # (â¼£; â¼£; â¼£; 夕; 夕; ) KANGXI RADICAL EVENING +2F24;2F24;2F24;5927;5927; # (⼤; ⼤; ⼤; 大; 大; ) KANGXI RADICAL BIG +2F25;2F25;2F25;5973;5973; # (â¼¥; â¼¥; â¼¥; 女; 女; ) KANGXI RADICAL WOMAN +2F26;2F26;2F26;5B50;5B50; # (⼦; ⼦; ⼦; å­; å­; ) KANGXI RADICAL CHILD +2F27;2F27;2F27;5B80;5B80; # (⼧; ⼧; ⼧; 宀; 宀; ) KANGXI RADICAL ROOF +2F28;2F28;2F28;5BF8;5BF8; # (⼨; ⼨; ⼨; 寸; 寸; ) KANGXI RADICAL INCH +2F29;2F29;2F29;5C0F;5C0F; # (⼩; ⼩; ⼩; å°; å°; ) KANGXI RADICAL SMALL +2F2A;2F2A;2F2A;5C22;5C22; # (⼪; ⼪; ⼪; å°¢; å°¢; ) KANGXI RADICAL LAME +2F2B;2F2B;2F2B;5C38;5C38; # (⼫; ⼫; ⼫; å°¸; å°¸; ) KANGXI RADICAL CORPSE +2F2C;2F2C;2F2C;5C6E;5C6E; # (⼬; ⼬; ⼬; å±®; å±®; ) KANGXI RADICAL SPROUT +2F2D;2F2D;2F2D;5C71;5C71; # (â¼­; â¼­; â¼­; å±±; å±±; ) KANGXI RADICAL MOUNTAIN +2F2E;2F2E;2F2E;5DDB;5DDB; # (â¼®; â¼®; â¼®; å·›; å·›; ) KANGXI RADICAL RIVER +2F2F;2F2F;2F2F;5DE5;5DE5; # (⼯; ⼯; ⼯; å·¥; å·¥; ) KANGXI RADICAL WORK +2F30;2F30;2F30;5DF1;5DF1; # (â¼°; â¼°; â¼°; å·±; å·±; ) KANGXI RADICAL ONESELF +2F31;2F31;2F31;5DFE;5DFE; # (â¼±; â¼±; â¼±; å·¾; å·¾; ) KANGXI RADICAL TURBAN +2F32;2F32;2F32;5E72;5E72; # (â¼²; â¼²; â¼²; å¹²; å¹²; ) KANGXI RADICAL DRY +2F33;2F33;2F33;5E7A;5E7A; # (â¼³; â¼³; â¼³; 幺; 幺; ) KANGXI RADICAL SHORT THREAD +2F34;2F34;2F34;5E7F;5E7F; # (â¼´; â¼´; â¼´; 广; 广; ) KANGXI RADICAL DOTTED CLIFF +2F35;2F35;2F35;5EF4;5EF4; # (â¼µ; â¼µ; â¼µ; å»´; å»´; ) KANGXI RADICAL LONG STRIDE +2F36;2F36;2F36;5EFE;5EFE; # (⼶; ⼶; ⼶; 廾; 廾; ) KANGXI RADICAL TWO HANDS +2F37;2F37;2F37;5F0B;5F0B; # (â¼·; â¼·; â¼·; 弋; 弋; ) KANGXI RADICAL SHOOT +2F38;2F38;2F38;5F13;5F13; # (⼸; ⼸; ⼸; 弓; 弓; ) KANGXI RADICAL BOW +2F39;2F39;2F39;5F50;5F50; # (â¼¹; â¼¹; â¼¹; å½; å½; ) KANGXI RADICAL SNOUT +2F3A;2F3A;2F3A;5F61;5F61; # (⼺; ⼺; ⼺; 彡; 彡; ) KANGXI RADICAL BRISTLE +2F3B;2F3B;2F3B;5F73;5F73; # (â¼»; â¼»; â¼»; å½³; å½³; ) KANGXI RADICAL STEP +2F3C;2F3C;2F3C;5FC3;5FC3; # (â¼¼; â¼¼; â¼¼; 心; 心; ) KANGXI RADICAL HEART +2F3D;2F3D;2F3D;6208;6208; # (â¼½; â¼½; â¼½; 戈; 戈; ) KANGXI RADICAL HALBERD +2F3E;2F3E;2F3E;6236;6236; # (â¼¾; â¼¾; â¼¾; 戶; 戶; ) KANGXI RADICAL DOOR +2F3F;2F3F;2F3F;624B;624B; # (⼿; ⼿; ⼿; 手; 手; ) KANGXI RADICAL HAND +2F40;2F40;2F40;652F;652F; # (â½€; â½€; â½€; 支; 支; ) KANGXI RADICAL BRANCH +2F41;2F41;2F41;6534;6534; # (â½; â½; â½; æ”´; æ”´; ) KANGXI RADICAL RAP +2F42;2F42;2F42;6587;6587; # (⽂; ⽂; ⽂; æ–‡; æ–‡; ) KANGXI RADICAL SCRIPT +2F43;2F43;2F43;6597;6597; # (⽃; ⽃; ⽃; æ–—; æ–—; ) KANGXI RADICAL DIPPER +2F44;2F44;2F44;65A4;65A4; # (⽄; ⽄; ⽄; æ–¤; æ–¤; ) KANGXI RADICAL AXE +2F45;2F45;2F45;65B9;65B9; # (â½…; â½…; â½…; æ–¹; æ–¹; ) KANGXI RADICAL SQUARE +2F46;2F46;2F46;65E0;65E0; # (⽆; ⽆; ⽆; æ— ; æ— ; ) KANGXI RADICAL NOT +2F47;2F47;2F47;65E5;65E5; # (⽇; ⽇; ⽇; æ—¥; æ—¥; ) KANGXI RADICAL SUN +2F48;2F48;2F48;66F0;66F0; # (⽈; ⽈; ⽈; æ›°; æ›°; ) KANGXI RADICAL SAY +2F49;2F49;2F49;6708;6708; # (⽉; ⽉; ⽉; 月; 月; ) KANGXI RADICAL MOON +2F4A;2F4A;2F4A;6728;6728; # (⽊; ⽊; ⽊; 木; 木; ) KANGXI RADICAL TREE +2F4B;2F4B;2F4B;6B20;6B20; # (⽋; ⽋; ⽋; 欠; 欠; ) KANGXI RADICAL LACK +2F4C;2F4C;2F4C;6B62;6B62; # (⽌; ⽌; ⽌; æ­¢; æ­¢; ) KANGXI RADICAL STOP +2F4D;2F4D;2F4D;6B79;6B79; # (â½; â½; â½; æ­¹; æ­¹; ) KANGXI RADICAL DEATH +2F4E;2F4E;2F4E;6BB3;6BB3; # (⽎; ⽎; ⽎; 殳; 殳; ) KANGXI RADICAL WEAPON +2F4F;2F4F;2F4F;6BCB;6BCB; # (â½; â½; â½; 毋; 毋; ) KANGXI RADICAL DO NOT +2F50;2F50;2F50;6BD4;6BD4; # (â½; â½; â½; 比; 比; ) KANGXI RADICAL COMPARE +2F51;2F51;2F51;6BDB;6BDB; # (⽑; ⽑; ⽑; 毛; 毛; ) KANGXI RADICAL FUR +2F52;2F52;2F52;6C0F;6C0F; # (â½’; â½’; â½’; æ°; æ°; ) KANGXI RADICAL CLAN +2F53;2F53;2F53;6C14;6C14; # (⽓; ⽓; ⽓; æ°”; æ°”; ) KANGXI RADICAL STEAM +2F54;2F54;2F54;6C34;6C34; # (â½”; â½”; â½”; æ°´; æ°´; ) KANGXI RADICAL WATER +2F55;2F55;2F55;706B;706B; # (⽕; ⽕; ⽕; ç«; ç«; ) KANGXI RADICAL FIRE +2F56;2F56;2F56;722A;722A; # (â½–; â½–; â½–; 爪; 爪; ) KANGXI RADICAL CLAW +2F57;2F57;2F57;7236;7236; # (â½—; â½—; â½—; 父; 父; ) KANGXI RADICAL FATHER +2F58;2F58;2F58;723B;723B; # (⽘; ⽘; ⽘; 爻; 爻; ) KANGXI RADICAL DOUBLE X +2F59;2F59;2F59;723F;723F; # (â½™; â½™; â½™; 爿; 爿; ) KANGXI RADICAL HALF TREE TRUNK +2F5A;2F5A;2F5A;7247;7247; # (⽚; ⽚; ⽚; 片; 片; ) KANGXI RADICAL SLICE +2F5B;2F5B;2F5B;7259;7259; # (â½›; â½›; â½›; 牙; 牙; ) KANGXI RADICAL FANG +2F5C;2F5C;2F5C;725B;725B; # (⽜; ⽜; ⽜; 牛; 牛; ) KANGXI RADICAL COW +2F5D;2F5D;2F5D;72AC;72AC; # (â½; â½; â½; 犬; 犬; ) KANGXI RADICAL DOG +2F5E;2F5E;2F5E;7384;7384; # (⽞; ⽞; ⽞; 玄; 玄; ) KANGXI RADICAL PROFOUND +2F5F;2F5F;2F5F;7389;7389; # (⽟; ⽟; ⽟; 玉; 玉; ) KANGXI RADICAL JADE +2F60;2F60;2F60;74DC;74DC; # (â½ ; â½ ; â½ ; ç“œ; ç“œ; ) KANGXI RADICAL MELON +2F61;2F61;2F61;74E6;74E6; # (⽡; ⽡; ⽡; 瓦; 瓦; ) KANGXI RADICAL TILE +2F62;2F62;2F62;7518;7518; # (â½¢; â½¢; â½¢; 甘; 甘; ) KANGXI RADICAL SWEET +2F63;2F63;2F63;751F;751F; # (â½£; â½£; â½£; 生; 生; ) KANGXI RADICAL LIFE +2F64;2F64;2F64;7528;7528; # (⽤; ⽤; ⽤; 用; 用; ) KANGXI RADICAL USE +2F65;2F65;2F65;7530;7530; # (â½¥; â½¥; â½¥; ç”°; ç”°; ) KANGXI RADICAL FIELD +2F66;2F66;2F66;758B;758B; # (⽦; ⽦; ⽦; ç–‹; ç–‹; ) KANGXI RADICAL BOLT OF CLOTH +2F67;2F67;2F67;7592;7592; # (⽧; ⽧; ⽧; ç–’; ç–’; ) KANGXI RADICAL SICKNESS +2F68;2F68;2F68;7676;7676; # (⽨; ⽨; ⽨; 癶; 癶; ) KANGXI RADICAL DOTTED TENT +2F69;2F69;2F69;767D;767D; # (⽩; ⽩; ⽩; 白; 白; ) KANGXI RADICAL WHITE +2F6A;2F6A;2F6A;76AE;76AE; # (⽪; ⽪; ⽪; çš®; çš®; ) KANGXI RADICAL SKIN +2F6B;2F6B;2F6B;76BF;76BF; # (⽫; ⽫; ⽫; çš¿; çš¿; ) KANGXI RADICAL DISH +2F6C;2F6C;2F6C;76EE;76EE; # (⽬; ⽬; ⽬; ç›®; ç›®; ) KANGXI RADICAL EYE +2F6D;2F6D;2F6D;77DB;77DB; # (â½­; â½­; â½­; 矛; 矛; ) KANGXI RADICAL SPEAR +2F6E;2F6E;2F6E;77E2;77E2; # (â½®; â½®; â½®; 矢; 矢; ) KANGXI RADICAL ARROW +2F6F;2F6F;2F6F;77F3;77F3; # (⽯; ⽯; ⽯; 石; 石; ) KANGXI RADICAL STONE +2F70;2F70;2F70;793A;793A; # (â½°; â½°; â½°; 示; 示; ) KANGXI RADICAL SPIRIT +2F71;2F71;2F71;79B8;79B8; # (â½±; â½±; â½±; 禸; 禸; ) KANGXI RADICAL TRACK +2F72;2F72;2F72;79BE;79BE; # (â½²; â½²; â½²; 禾; 禾; ) KANGXI RADICAL GRAIN +2F73;2F73;2F73;7A74;7A74; # (â½³; â½³; â½³; ç©´; ç©´; ) KANGXI RADICAL CAVE +2F74;2F74;2F74;7ACB;7ACB; # (â½´; â½´; â½´; ç«‹; ç«‹; ) KANGXI RADICAL STAND +2F75;2F75;2F75;7AF9;7AF9; # (â½µ; â½µ; â½µ; 竹; 竹; ) KANGXI RADICAL BAMBOO +2F76;2F76;2F76;7C73;7C73; # (⽶; ⽶; ⽶; ç±³; ç±³; ) KANGXI RADICAL RICE +2F77;2F77;2F77;7CF8;7CF8; # (â½·; â½·; â½·; 糸; 糸; ) KANGXI RADICAL SILK +2F78;2F78;2F78;7F36;7F36; # (⽸; ⽸; ⽸; 缶; 缶; ) KANGXI RADICAL JAR +2F79;2F79;2F79;7F51;7F51; # (â½¹; â½¹; â½¹; 网; 网; ) KANGXI RADICAL NET +2F7A;2F7A;2F7A;7F8A;7F8A; # (⽺; ⽺; ⽺; 羊; 羊; ) KANGXI RADICAL SHEEP +2F7B;2F7B;2F7B;7FBD;7FBD; # (â½»; â½»; â½»; ç¾½; ç¾½; ) KANGXI RADICAL FEATHER +2F7C;2F7C;2F7C;8001;8001; # (â½¼; â½¼; â½¼; è€; è€; ) KANGXI RADICAL OLD +2F7D;2F7D;2F7D;800C;800C; # (â½½; â½½; â½½; 而; 而; ) KANGXI RADICAL AND +2F7E;2F7E;2F7E;8012;8012; # (â½¾; â½¾; â½¾; 耒; 耒; ) KANGXI RADICAL PLOW +2F7F;2F7F;2F7F;8033;8033; # (⽿; ⽿; ⽿; 耳; 耳; ) KANGXI RADICAL EAR +2F80;2F80;2F80;807F;807F; # (â¾€; â¾€; â¾€; è¿; è¿; ) KANGXI RADICAL BRUSH +2F81;2F81;2F81;8089;8089; # (â¾; â¾; â¾; 肉; 肉; ) KANGXI RADICAL MEAT +2F82;2F82;2F82;81E3;81E3; # (⾂; ⾂; ⾂; 臣; 臣; ) KANGXI RADICAL MINISTER +2F83;2F83;2F83;81EA;81EA; # (⾃; ⾃; ⾃; 自; 自; ) KANGXI RADICAL SELF +2F84;2F84;2F84;81F3;81F3; # (⾄; ⾄; ⾄; 至; 至; ) KANGXI RADICAL ARRIVE +2F85;2F85;2F85;81FC;81FC; # (â¾…; â¾…; â¾…; 臼; 臼; ) KANGXI RADICAL MORTAR +2F86;2F86;2F86;820C;820C; # (⾆; ⾆; ⾆; 舌; 舌; ) KANGXI RADICAL TONGUE +2F87;2F87;2F87;821B;821B; # (⾇; ⾇; ⾇; 舛; 舛; ) KANGXI RADICAL OPPOSE +2F88;2F88;2F88;821F;821F; # (⾈; ⾈; ⾈; 舟; 舟; ) KANGXI RADICAL BOAT +2F89;2F89;2F89;826E;826E; # (⾉; ⾉; ⾉; 艮; 艮; ) KANGXI RADICAL STOPPING +2F8A;2F8A;2F8A;8272;8272; # (⾊; ⾊; ⾊; 色; 色; ) KANGXI RADICAL COLOR +2F8B;2F8B;2F8B;8278;8278; # (⾋; ⾋; ⾋; 艸; 艸; ) KANGXI RADICAL GRASS +2F8C;2F8C;2F8C;864D;864D; # (⾌; ⾌; ⾌; è™; è™; ) KANGXI RADICAL TIGER +2F8D;2F8D;2F8D;866B;866B; # (â¾; â¾; â¾; 虫; 虫; ) KANGXI RADICAL INSECT +2F8E;2F8E;2F8E;8840;8840; # (⾎; ⾎; ⾎; è¡€; è¡€; ) KANGXI RADICAL BLOOD +2F8F;2F8F;2F8F;884C;884C; # (â¾; â¾; â¾; è¡Œ; è¡Œ; ) KANGXI RADICAL WALK ENCLOSURE +2F90;2F90;2F90;8863;8863; # (â¾; â¾; â¾; è¡£; è¡£; ) KANGXI RADICAL CLOTHES +2F91;2F91;2F91;897E;897E; # (⾑; ⾑; ⾑; 襾; 襾; ) KANGXI RADICAL WEST +2F92;2F92;2F92;898B;898B; # (â¾’; â¾’; â¾’; 見; 見; ) KANGXI RADICAL SEE +2F93;2F93;2F93;89D2;89D2; # (⾓; ⾓; ⾓; 角; 角; ) KANGXI RADICAL HORN +2F94;2F94;2F94;8A00;8A00; # (â¾”; â¾”; â¾”; 言; 言; ) KANGXI RADICAL SPEECH +2F95;2F95;2F95;8C37;8C37; # (⾕; ⾕; ⾕; è°·; è°·; ) KANGXI RADICAL VALLEY +2F96;2F96;2F96;8C46;8C46; # (â¾–; â¾–; â¾–; 豆; 豆; ) KANGXI RADICAL BEAN +2F97;2F97;2F97;8C55;8C55; # (â¾—; â¾—; â¾—; 豕; 豕; ) KANGXI RADICAL PIG +2F98;2F98;2F98;8C78;8C78; # (⾘; ⾘; ⾘; 豸; 豸; ) KANGXI RADICAL BADGER +2F99;2F99;2F99;8C9D;8C9D; # (â¾™; â¾™; â¾™; è²; è²; ) KANGXI RADICAL SHELL +2F9A;2F9A;2F9A;8D64;8D64; # (⾚; ⾚; ⾚; 赤; 赤; ) KANGXI RADICAL RED +2F9B;2F9B;2F9B;8D70;8D70; # (â¾›; â¾›; â¾›; èµ°; èµ°; ) KANGXI RADICAL RUN +2F9C;2F9C;2F9C;8DB3;8DB3; # (⾜; ⾜; ⾜; 足; 足; ) KANGXI RADICAL FOOT +2F9D;2F9D;2F9D;8EAB;8EAB; # (â¾; â¾; â¾; 身; 身; ) KANGXI RADICAL BODY +2F9E;2F9E;2F9E;8ECA;8ECA; # (⾞; ⾞; ⾞; 車; 車; ) KANGXI RADICAL CART +2F9F;2F9F;2F9F;8F9B;8F9B; # (⾟; ⾟; ⾟; è¾›; è¾›; ) KANGXI RADICAL BITTER +2FA0;2FA0;2FA0;8FB0;8FB0; # (â¾ ; â¾ ; â¾ ; è¾°; è¾°; ) KANGXI RADICAL MORNING +2FA1;2FA1;2FA1;8FB5;8FB5; # (⾡; ⾡; ⾡; è¾µ; è¾µ; ) KANGXI RADICAL WALK +2FA2;2FA2;2FA2;9091;9091; # (â¾¢; â¾¢; â¾¢; é‚‘; é‚‘; ) KANGXI RADICAL CITY +2FA3;2FA3;2FA3;9149;9149; # (â¾£; â¾£; â¾£; é…‰; é…‰; ) KANGXI RADICAL WINE +2FA4;2FA4;2FA4;91C6;91C6; # (⾤; ⾤; ⾤; 釆; 釆; ) KANGXI RADICAL DISTINGUISH +2FA5;2FA5;2FA5;91CC;91CC; # (â¾¥; â¾¥; â¾¥; 里; 里; ) KANGXI RADICAL VILLAGE +2FA6;2FA6;2FA6;91D1;91D1; # (⾦; ⾦; ⾦; 金; 金; ) KANGXI RADICAL GOLD +2FA7;2FA7;2FA7;9577;9577; # (⾧; ⾧; ⾧; é•·; é•·; ) KANGXI RADICAL LONG +2FA8;2FA8;2FA8;9580;9580; # (⾨; ⾨; ⾨; é–€; é–€; ) KANGXI RADICAL GATE +2FA9;2FA9;2FA9;961C;961C; # (⾩; ⾩; ⾩; 阜; 阜; ) KANGXI RADICAL MOUND +2FAA;2FAA;2FAA;96B6;96B6; # (⾪; ⾪; ⾪; 隶; 隶; ) KANGXI RADICAL SLAVE +2FAB;2FAB;2FAB;96B9;96B9; # (⾫; ⾫; ⾫; éš¹; éš¹; ) KANGXI RADICAL SHORT TAILED BIRD +2FAC;2FAC;2FAC;96E8;96E8; # (⾬; ⾬; ⾬; 雨; 雨; ) KANGXI RADICAL RAIN +2FAD;2FAD;2FAD;9751;9751; # (â¾­; â¾­; â¾­; é‘; é‘; ) KANGXI RADICAL BLUE +2FAE;2FAE;2FAE;975E;975E; # (â¾®; â¾®; â¾®; éž; éž; ) KANGXI RADICAL WRONG +2FAF;2FAF;2FAF;9762;9762; # (⾯; ⾯; ⾯; é¢; é¢; ) KANGXI RADICAL FACE +2FB0;2FB0;2FB0;9769;9769; # (â¾°; â¾°; â¾°; é©; é©; ) KANGXI RADICAL LEATHER +2FB1;2FB1;2FB1;97CB;97CB; # (â¾±; â¾±; â¾±; 韋; 韋; ) KANGXI RADICAL TANNED LEATHER +2FB2;2FB2;2FB2;97ED;97ED; # (â¾²; â¾²; â¾²; 韭; 韭; ) KANGXI RADICAL LEEK +2FB3;2FB3;2FB3;97F3;97F3; # (â¾³; â¾³; â¾³; 音; 音; ) KANGXI RADICAL SOUND +2FB4;2FB4;2FB4;9801;9801; # (â¾´; â¾´; â¾´; é ; é ; ) KANGXI RADICAL LEAF +2FB5;2FB5;2FB5;98A8;98A8; # (â¾µ; â¾µ; â¾µ; 風; 風; ) KANGXI RADICAL WIND +2FB6;2FB6;2FB6;98DB;98DB; # (⾶; ⾶; ⾶; 飛; 飛; ) KANGXI RADICAL FLY +2FB7;2FB7;2FB7;98DF;98DF; # (â¾·; â¾·; â¾·; 食; 食; ) KANGXI RADICAL EAT +2FB8;2FB8;2FB8;9996;9996; # (⾸; ⾸; ⾸; 首; 首; ) KANGXI RADICAL HEAD +2FB9;2FB9;2FB9;9999;9999; # (â¾¹; â¾¹; â¾¹; 香; 香; ) KANGXI RADICAL FRAGRANT +2FBA;2FBA;2FBA;99AC;99AC; # (⾺; ⾺; ⾺; 馬; 馬; ) KANGXI RADICAL HORSE +2FBB;2FBB;2FBB;9AA8;9AA8; # (â¾»; â¾»; â¾»; 骨; 骨; ) KANGXI RADICAL BONE +2FBC;2FBC;2FBC;9AD8;9AD8; # (â¾¼; â¾¼; â¾¼; 高; 高; ) KANGXI RADICAL TALL +2FBD;2FBD;2FBD;9ADF;9ADF; # (â¾½; â¾½; â¾½; é«Ÿ; é«Ÿ; ) KANGXI RADICAL HAIR +2FBE;2FBE;2FBE;9B25;9B25; # (â¾¾; â¾¾; â¾¾; 鬥; 鬥; ) KANGXI RADICAL FIGHT +2FBF;2FBF;2FBF;9B2F;9B2F; # (⾿; ⾿; ⾿; 鬯; 鬯; ) KANGXI RADICAL SACRIFICIAL WINE +2FC0;2FC0;2FC0;9B32;9B32; # (â¿€; â¿€; â¿€; 鬲; 鬲; ) KANGXI RADICAL CAULDRON +2FC1;2FC1;2FC1;9B3C;9B3C; # (â¿; â¿; â¿; 鬼; 鬼; ) KANGXI RADICAL GHOST +2FC2;2FC2;2FC2;9B5A;9B5A; # (â¿‚; â¿‚; â¿‚; é­š; é­š; ) KANGXI RADICAL FISH +2FC3;2FC3;2FC3;9CE5;9CE5; # (⿃; ⿃; ⿃; é³¥; é³¥; ) KANGXI RADICAL BIRD +2FC4;2FC4;2FC4;9E75;9E75; # (â¿„; â¿„; â¿„; é¹µ; é¹µ; ) KANGXI RADICAL SALT +2FC5;2FC5;2FC5;9E7F;9E7F; # (â¿…; â¿…; â¿…; 鹿; 鹿; ) KANGXI RADICAL DEER +2FC6;2FC6;2FC6;9EA5;9EA5; # (⿆; ⿆; ⿆; 麥; 麥; ) KANGXI RADICAL WHEAT +2FC7;2FC7;2FC7;9EBB;9EBB; # (⿇; ⿇; ⿇; 麻; 麻; ) KANGXI RADICAL HEMP +2FC8;2FC8;2FC8;9EC3;9EC3; # (⿈; ⿈; ⿈; 黃; 黃; ) KANGXI RADICAL YELLOW +2FC9;2FC9;2FC9;9ECD;9ECD; # (⿉; ⿉; ⿉; é»; é»; ) KANGXI RADICAL MILLET +2FCA;2FCA;2FCA;9ED1;9ED1; # (â¿Š; â¿Š; â¿Š; 黑; 黑; ) KANGXI RADICAL BLACK +2FCB;2FCB;2FCB;9EF9;9EF9; # (â¿‹; â¿‹; â¿‹; 黹; 黹; ) KANGXI RADICAL EMBROIDERY +2FCC;2FCC;2FCC;9EFD;9EFD; # (â¿Œ; â¿Œ; â¿Œ; 黽; 黽; ) KANGXI RADICAL FROG +2FCD;2FCD;2FCD;9F0E;9F0E; # (â¿; â¿; â¿; 鼎; 鼎; ) KANGXI RADICAL TRIPOD +2FCE;2FCE;2FCE;9F13;9F13; # (â¿Ž; â¿Ž; â¿Ž; 鼓; 鼓; ) KANGXI RADICAL DRUM +2FCF;2FCF;2FCF;9F20;9F20; # (â¿; â¿; â¿; é¼ ; é¼ ; ) KANGXI RADICAL RAT +2FD0;2FD0;2FD0;9F3B;9F3B; # (â¿; â¿; â¿; é¼»; é¼»; ) KANGXI RADICAL NOSE +2FD1;2FD1;2FD1;9F4A;9F4A; # (â¿‘; â¿‘; â¿‘; 齊; 齊; ) KANGXI RADICAL EVEN +2FD2;2FD2;2FD2;9F52;9F52; # (â¿’; â¿’; â¿’; é½’; é½’; ) KANGXI RADICAL TOOTH +2FD3;2FD3;2FD3;9F8D;9F8D; # (â¿“; â¿“; â¿“; é¾; é¾; ) KANGXI RADICAL DRAGON +2FD4;2FD4;2FD4;9F9C;9F9C; # (â¿”; â¿”; â¿”; 龜; 龜; ) KANGXI RADICAL TURTLE +2FD5;2FD5;2FD5;9FA0;9FA0; # (â¿•; â¿•; â¿•; é¾ ; é¾ ; ) KANGXI RADICAL FLUTE +3000;3000;3000;0020;0020; # ( ;  ;  ; ; ; ) IDEOGRAPHIC SPACE +3036;3036;3036;3012;3012; # (〶; 〶; 〶; 〒; 〒; ) CIRCLED POSTAL MARK +3038;3038;3038;5341;5341; # (〸; 〸; 〸; å; å; ) HANGZHOU NUMERAL TEN +3039;3039;3039;5344;5344; # (〹; 〹; 〹; å„; å„; ) HANGZHOU NUMERAL TWENTY +303A;303A;303A;5345;5345; # (〺; 〺; 〺; å…; å…; ) HANGZHOU NUMERAL THIRTY +304C;304C;304B 3099;304C;304B 3099; # (ãŒ; ãŒ; ã‹â—Œã‚™; ãŒ; ã‹â—Œã‚™; ) HIRAGANA LETTER GA +304E;304E;304D 3099;304E;304D 3099; # (ãŽ; ãŽ; ã◌゙; ãŽ; ã◌゙; ) HIRAGANA LETTER GI +3050;3050;304F 3099;3050;304F 3099; # (ã; ã; ã◌゙; ã; ã◌゙; ) HIRAGANA LETTER GU +3052;3052;3051 3099;3052;3051 3099; # (ã’; ã’; ã‘◌゙; ã’; ã‘◌゙; ) HIRAGANA LETTER GE +3054;3054;3053 3099;3054;3053 3099; # (ã”; ã”; ã“◌゙; ã”; ã“◌゙; ) HIRAGANA LETTER GO +3056;3056;3055 3099;3056;3055 3099; # (ã–; ã–; ã•â—Œã‚™; ã–; ã•â—Œã‚™; ) HIRAGANA LETTER ZA +3058;3058;3057 3099;3058;3057 3099; # (ã˜; ã˜; ã—◌゙; ã˜; ã—◌゙; ) HIRAGANA LETTER ZI +305A;305A;3059 3099;305A;3059 3099; # (ãš; ãš; ã™â—Œã‚™; ãš; ã™â—Œã‚™; ) HIRAGANA LETTER ZU +305C;305C;305B 3099;305C;305B 3099; # (ãœ; ãœ; ã›â—Œã‚™; ãœ; ã›â—Œã‚™; ) HIRAGANA LETTER ZE +305E;305E;305D 3099;305E;305D 3099; # (ãž; ãž; ã◌゙; ãž; ã◌゙; ) HIRAGANA LETTER ZO +3060;3060;305F 3099;3060;305F 3099; # (ã ; ã ; ãŸâ—Œã‚™; ã ; ãŸâ—Œã‚™; ) HIRAGANA LETTER DA +3062;3062;3061 3099;3062;3061 3099; # (ã¢; ã¢; ã¡â—Œã‚™; ã¢; ã¡â—Œã‚™; ) HIRAGANA LETTER DI +3065;3065;3064 3099;3065;3064 3099; # (ã¥; ã¥; ã¤â—Œã‚™; ã¥; ã¤â—Œã‚™; ) HIRAGANA LETTER DU +3067;3067;3066 3099;3067;3066 3099; # (ã§; ã§; ã¦â—Œã‚™; ã§; ã¦â—Œã‚™; ) HIRAGANA LETTER DE +3069;3069;3068 3099;3069;3068 3099; # (ã©; ã©; ã¨â—Œã‚™; ã©; ã¨â—Œã‚™; ) HIRAGANA LETTER DO +3070;3070;306F 3099;3070;306F 3099; # (ã°; ã°; ã¯â—Œã‚™; ã°; ã¯â—Œã‚™; ) HIRAGANA LETTER BA +3071;3071;306F 309A;3071;306F 309A; # (ã±; ã±; ã¯â—Œã‚š; ã±; ã¯â—Œã‚š; ) HIRAGANA LETTER PA +3073;3073;3072 3099;3073;3072 3099; # (ã³; ã³; ã²â—Œã‚™; ã³; ã²â—Œã‚™; ) HIRAGANA LETTER BI +3074;3074;3072 309A;3074;3072 309A; # (ã´; ã´; ã²â—Œã‚š; ã´; ã²â—Œã‚š; ) HIRAGANA LETTER PI +3076;3076;3075 3099;3076;3075 3099; # (ã¶; ã¶; ãµâ—Œã‚™; ã¶; ãµâ—Œã‚™; ) HIRAGANA LETTER BU +3077;3077;3075 309A;3077;3075 309A; # (ã·; ã·; ãµâ—Œã‚š; ã·; ãµâ—Œã‚š; ) HIRAGANA LETTER PU +3079;3079;3078 3099;3079;3078 3099; # (ã¹; ã¹; ã¸â—Œã‚™; ã¹; ã¸â—Œã‚™; ) HIRAGANA LETTER BE +307A;307A;3078 309A;307A;3078 309A; # (ãº; ãº; ã¸â—Œã‚š; ãº; ã¸â—Œã‚š; ) HIRAGANA LETTER PE +307C;307C;307B 3099;307C;307B 3099; # (ã¼; ã¼; ã»â—Œã‚™; ã¼; ã»â—Œã‚™; ) HIRAGANA LETTER BO +307D;307D;307B 309A;307D;307B 309A; # (ã½; ã½; ã»â—Œã‚š; ã½; ã»â—Œã‚š; ) HIRAGANA LETTER PO +3094;3094;3046 3099;3094;3046 3099; # (ã‚”; ã‚”; ã†â—Œã‚™; ã‚”; ã†â—Œã‚™; ) HIRAGANA LETTER VU +309B;309B;309B;0020 3099;0020 3099; # (ã‚›; ã‚›; ã‚›; ◌゙; ◌゙; ) KATAKANA-HIRAGANA VOICED SOUND MARK +309C;309C;309C;0020 309A;0020 309A; # (ã‚œ; ã‚œ; ã‚œ; ◌゚; ◌゚; ) KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK +309E;309E;309D 3099;309E;309D 3099; # (ã‚ž; ã‚ž; ã‚◌゙; ã‚ž; ã‚◌゙; ) HIRAGANA VOICED ITERATION MARK +309F;309F;309F;3088 308A;3088 308A; # (ã‚Ÿ; ã‚Ÿ; ã‚Ÿ; より; より; ) HIRAGANA DIGRAPH YORI +30AC;30AC;30AB 3099;30AC;30AB 3099; # (ガ; ガ; カ◌゙; ガ; カ◌゙; ) KATAKANA LETTER GA +30AE;30AE;30AD 3099;30AE;30AD 3099; # (ã‚®; ã‚®; キ◌゙; ã‚®; キ◌゙; ) KATAKANA LETTER GI +30B0;30B0;30AF 3099;30B0;30AF 3099; # (ã‚°; ã‚°; ク◌゙; ã‚°; ク◌゙; ) KATAKANA LETTER GU +30B2;30B2;30B1 3099;30B2;30B1 3099; # (ゲ; ゲ; ケ◌゙; ゲ; ケ◌゙; ) KATAKANA LETTER GE +30B4;30B4;30B3 3099;30B4;30B3 3099; # (ã‚´; ã‚´; コ◌゙; ã‚´; コ◌゙; ) KATAKANA LETTER GO +30B6;30B6;30B5 3099;30B6;30B5 3099; # (ザ; ザ; サ◌゙; ザ; サ◌゙; ) KATAKANA LETTER ZA +30B8;30B8;30B7 3099;30B8;30B7 3099; # (ジ; ジ; シ◌゙; ジ; シ◌゙; ) KATAKANA LETTER ZI +30BA;30BA;30B9 3099;30BA;30B9 3099; # (ズ; ズ; ス◌゙; ズ; ス◌゙; ) KATAKANA LETTER ZU +30BC;30BC;30BB 3099;30BC;30BB 3099; # (ゼ; ゼ; セ◌゙; ゼ; セ◌゙; ) KATAKANA LETTER ZE +30BE;30BE;30BD 3099;30BE;30BD 3099; # (ゾ; ゾ; ソ◌゙; ゾ; ソ◌゙; ) KATAKANA LETTER ZO +30C0;30C0;30BF 3099;30C0;30BF 3099; # (ダ; ダ; タ◌゙; ダ; タ◌゙; ) KATAKANA LETTER DA +30C2;30C2;30C1 3099;30C2;30C1 3099; # (ヂ; ヂ; ãƒâ—Œã‚™; ヂ; ãƒâ—Œã‚™; ) KATAKANA LETTER DI +30C5;30C5;30C4 3099;30C5;30C4 3099; # (ヅ; ヅ; ツ◌゙; ヅ; ツ◌゙; ) KATAKANA LETTER DU +30C7;30C7;30C6 3099;30C7;30C6 3099; # (デ; デ; テ◌゙; デ; テ◌゙; ) KATAKANA LETTER DE +30C9;30C9;30C8 3099;30C9;30C8 3099; # (ド; ド; ト◌゙; ド; ト◌゙; ) KATAKANA LETTER DO +30D0;30D0;30CF 3099;30D0;30CF 3099; # (ãƒ; ãƒ; ãƒâ—Œã‚™; ãƒ; ãƒâ—Œã‚™; ) KATAKANA LETTER BA +30D1;30D1;30CF 309A;30D1;30CF 309A; # (パ; パ; ãƒâ—Œã‚š; パ; ãƒâ—Œã‚š; ) KATAKANA LETTER PA +30D3;30D3;30D2 3099;30D3;30D2 3099; # (ビ; ビ; ヒ◌゙; ビ; ヒ◌゙; ) KATAKANA LETTER BI +30D4;30D4;30D2 309A;30D4;30D2 309A; # (ピ; ピ; ヒ◌゚; ピ; ヒ◌゚; ) KATAKANA LETTER PI +30D6;30D6;30D5 3099;30D6;30D5 3099; # (ブ; ブ; フ◌゙; ブ; フ◌゙; ) KATAKANA LETTER BU +30D7;30D7;30D5 309A;30D7;30D5 309A; # (プ; プ; フ◌゚; プ; フ◌゚; ) KATAKANA LETTER PU +30D9;30D9;30D8 3099;30D9;30D8 3099; # (ベ; ベ; ヘ◌゙; ベ; ヘ◌゙; ) KATAKANA LETTER BE +30DA;30DA;30D8 309A;30DA;30D8 309A; # (ペ; ペ; ヘ◌゚; ペ; ヘ◌゚; ) KATAKANA LETTER PE +30DC;30DC;30DB 3099;30DC;30DB 3099; # (ボ; ボ; ホ◌゙; ボ; ホ◌゙; ) KATAKANA LETTER BO +30DD;30DD;30DB 309A;30DD;30DB 309A; # (ãƒ; ãƒ; ホ◌゚; ãƒ; ホ◌゚; ) KATAKANA LETTER PO +30F4;30F4;30A6 3099;30F4;30A6 3099; # (ヴ; ヴ; ウ◌゙; ヴ; ウ◌゙; ) KATAKANA LETTER VU +30F7;30F7;30EF 3099;30F7;30EF 3099; # (ヷ; ヷ; ワ◌゙; ヷ; ワ◌゙; ) KATAKANA LETTER VA +30F8;30F8;30F0 3099;30F8;30F0 3099; # (ヸ; ヸ; ヰ◌゙; ヸ; ヰ◌゙; ) KATAKANA LETTER VI +30F9;30F9;30F1 3099;30F9;30F1 3099; # (ヹ; ヹ; ヱ◌゙; ヹ; ヱ◌゙; ) KATAKANA LETTER VE +30FA;30FA;30F2 3099;30FA;30F2 3099; # (ヺ; ヺ; ヲ◌゙; ヺ; ヲ◌゙; ) KATAKANA LETTER VO +30FE;30FE;30FD 3099;30FE;30FD 3099; # (ヾ; ヾ; ヽ◌゙; ヾ; ヽ◌゙; ) KATAKANA VOICED ITERATION MARK +30FF;30FF;30FF;30B3 30C8;30B3 30C8; # (ヿ; ヿ; ヿ; コト; コト; ) KATAKANA DIGRAPH KOTO +3131;3131;3131;1100;1100; # (ㄱ; ㄱ; ㄱ; á„€; á„€; ) HANGUL LETTER KIYEOK +3132;3132;3132;1101;1101; # (ㄲ; ㄲ; ㄲ; á„; á„; ) HANGUL LETTER SSANGKIYEOK +3133;3133;3133;11AA;11AA; # (ㄳ; ㄳ; ㄳ; ᆪ; ᆪ; ) HANGUL LETTER KIYEOK-SIOS +3134;3134;3134;1102;1102; # (ã„´; ã„´; ã„´; á„‚; á„‚; ) HANGUL LETTER NIEUN +3135;3135;3135;11AC;11AC; # (ㄵ; ㄵ; ㄵ; ᆬ; ᆬ; ) HANGUL LETTER NIEUN-CIEUC +3136;3136;3136;11AD;11AD; # (ㄶ; ㄶ; ㄶ; ᆭ; ᆭ; ) HANGUL LETTER NIEUN-HIEUH +3137;3137;3137;1103;1103; # (ã„·; ã„·; ã„·; ᄃ; ᄃ; ) HANGUL LETTER TIKEUT +3138;3138;3138;1104;1104; # (ㄸ; ㄸ; ㄸ; á„„; á„„; ) HANGUL LETTER SSANGTIKEUT +3139;3139;3139;1105;1105; # (ㄹ; ㄹ; ㄹ; á„…; á„…; ) HANGUL LETTER RIEUL +313A;313A;313A;11B0;11B0; # (ㄺ; ㄺ; ㄺ; ᆰ; ᆰ; ) HANGUL LETTER RIEUL-KIYEOK +313B;313B;313B;11B1;11B1; # (ã„»; ã„»; ã„»; ᆱ; ᆱ; ) HANGUL LETTER RIEUL-MIEUM +313C;313C;313C;11B2;11B2; # (ㄼ; ㄼ; ㄼ; ᆲ; ᆲ; ) HANGUL LETTER RIEUL-PIEUP +313D;313D;313D;11B3;11B3; # (ㄽ; ㄽ; ㄽ; ᆳ; ᆳ; ) HANGUL LETTER RIEUL-SIOS +313E;313E;313E;11B4;11B4; # (ㄾ; ㄾ; ㄾ; ᆴ; ᆴ; ) HANGUL LETTER RIEUL-THIEUTH +313F;313F;313F;11B5;11B5; # (ã„¿; ã„¿; ã„¿; ᆵ; ᆵ; ) HANGUL LETTER RIEUL-PHIEUPH +3140;3140;3140;111A;111A; # (ã…€; ã…€; ã…€; á„š; á„š; ) HANGUL LETTER RIEUL-HIEUH +3141;3141;3141;1106;1106; # (ã…; ã…; ã…; ᄆ; ᄆ; ) HANGUL LETTER MIEUM +3142;3142;3142;1107;1107; # (ã…‚; ã…‚; ã…‚; ᄇ; ᄇ; ) HANGUL LETTER PIEUP +3143;3143;3143;1108;1108; # (ã…ƒ; ã…ƒ; ã…ƒ; ᄈ; ᄈ; ) HANGUL LETTER SSANGPIEUP +3144;3144;3144;1121;1121; # (ã…„; ã…„; ã…„; á„¡; á„¡; ) HANGUL LETTER PIEUP-SIOS +3145;3145;3145;1109;1109; # (ã……; ã……; ã……; ᄉ; ᄉ; ) HANGUL LETTER SIOS +3146;3146;3146;110A;110A; # (ã…†; ã…†; ã…†; á„Š; á„Š; ) HANGUL LETTER SSANGSIOS +3147;3147;3147;110B;110B; # (ã…‡; ã…‡; ã…‡; á„‹; á„‹; ) HANGUL LETTER IEUNG +3148;3148;3148;110C;110C; # (ã…ˆ; ã…ˆ; ã…ˆ; á„Œ; á„Œ; ) HANGUL LETTER CIEUC +3149;3149;3149;110D;110D; # (ã…‰; ã…‰; ã…‰; á„; á„; ) HANGUL LETTER SSANGCIEUC +314A;314A;314A;110E;110E; # (ã…Š; ã…Š; ã…Š; á„Ž; á„Ž; ) HANGUL LETTER CHIEUCH +314B;314B;314B;110F;110F; # (ã…‹; ã…‹; ã…‹; á„; á„; ) HANGUL LETTER KHIEUKH +314C;314C;314C;1110;1110; # (ã…Œ; ã…Œ; ã…Œ; á„; á„; ) HANGUL LETTER THIEUTH +314D;314D;314D;1111;1111; # (ã…; ã…; ã…; á„‘; á„‘; ) HANGUL LETTER PHIEUPH +314E;314E;314E;1112;1112; # (ã…Ž; ã…Ž; ã…Ž; á„’; á„’; ) HANGUL LETTER HIEUH +314F;314F;314F;1161;1161; # (ã…; ã…; ã…; á…¡; á…¡; ) HANGUL LETTER A +3150;3150;3150;1162;1162; # (ã…; ã…; ã…; á…¢; á…¢; ) HANGUL LETTER AE +3151;3151;3151;1163;1163; # (ã…‘; ã…‘; ã…‘; á…£; á…£; ) HANGUL LETTER YA +3152;3152;3152;1164;1164; # (ã…’; ã…’; ã…’; á…¤; á…¤; ) HANGUL LETTER YAE +3153;3153;3153;1165;1165; # (ã…“; ã…“; ã…“; á…¥; á…¥; ) HANGUL LETTER EO +3154;3154;3154;1166;1166; # (ã…”; ã…”; ã…”; á…¦; á…¦; ) HANGUL LETTER E +3155;3155;3155;1167;1167; # (ã…•; ã…•; ã…•; á…§; á…§; ) HANGUL LETTER YEO +3156;3156;3156;1168;1168; # (ã…–; ã…–; ã…–; á…¨; á…¨; ) HANGUL LETTER YE +3157;3157;3157;1169;1169; # (ã…—; ã…—; ã…—; á…©; á…©; ) HANGUL LETTER O +3158;3158;3158;116A;116A; # (ã…˜; ã…˜; ã…˜; á…ª; á…ª; ) HANGUL LETTER WA +3159;3159;3159;116B;116B; # (ã…™; ã…™; ã…™; á…«; á…«; ) HANGUL LETTER WAE +315A;315A;315A;116C;116C; # (ã…š; ã…š; ã…š; á…¬; á…¬; ) HANGUL LETTER OE +315B;315B;315B;116D;116D; # (ã…›; ã…›; ã…›; á…­; á…­; ) HANGUL LETTER YO +315C;315C;315C;116E;116E; # (ã…œ; ã…œ; ã…œ; á…®; á…®; ) HANGUL LETTER U +315D;315D;315D;116F;116F; # (ã…; ã…; ã…; á…¯; á…¯; ) HANGUL LETTER WEO +315E;315E;315E;1170;1170; # (ã…ž; ã…ž; ã…ž; á…°; á…°; ) HANGUL LETTER WE +315F;315F;315F;1171;1171; # (ã…Ÿ; ã…Ÿ; ã…Ÿ; á…±; á…±; ) HANGUL LETTER WI +3160;3160;3160;1172;1172; # (ã… ; ã… ; ã… ; á…²; á…²; ) HANGUL LETTER YU +3161;3161;3161;1173;1173; # (ã…¡; ã…¡; ã…¡; á…³; á…³; ) HANGUL LETTER EU +3162;3162;3162;1174;1174; # (ã…¢; ã…¢; ã…¢; á…´; á…´; ) HANGUL LETTER YI +3163;3163;3163;1175;1175; # (ã…£; ã…£; ã…£; á…µ; á…µ; ) HANGUL LETTER I +3164;3164;3164;1160;1160; # (ã…¤; ã…¤; ã…¤; á… ; á… ; ) HANGUL FILLER +3165;3165;3165;1114;1114; # (ã…¥; ã…¥; ã…¥; á„”; á„”; ) HANGUL LETTER SSANGNIEUN +3166;3166;3166;1115;1115; # (ã…¦; ã…¦; ã…¦; á„•; á„•; ) HANGUL LETTER NIEUN-TIKEUT +3167;3167;3167;11C7;11C7; # (ã…§; ã…§; ã…§; ᇇ; ᇇ; ) HANGUL LETTER NIEUN-SIOS +3168;3168;3168;11C8;11C8; # (ã…¨; ã…¨; ã…¨; ᇈ; ᇈ; ) HANGUL LETTER NIEUN-PANSIOS +3169;3169;3169;11CC;11CC; # (ã…©; ã…©; ã…©; ᇌ; ᇌ; ) HANGUL LETTER RIEUL-KIYEOK-SIOS +316A;316A;316A;11CE;11CE; # (ã…ª; ã…ª; ã…ª; ᇎ; ᇎ; ) HANGUL LETTER RIEUL-TIKEUT +316B;316B;316B;11D3;11D3; # (ã…«; ã…«; ã…«; ᇓ; ᇓ; ) HANGUL LETTER RIEUL-PIEUP-SIOS +316C;316C;316C;11D7;11D7; # (ã…¬; ã…¬; ã…¬; ᇗ; ᇗ; ) HANGUL LETTER RIEUL-PANSIOS +316D;316D;316D;11D9;11D9; # (ã…­; ã…­; ã…­; ᇙ; ᇙ; ) HANGUL LETTER RIEUL-YEORINHIEUH +316E;316E;316E;111C;111C; # (ã…®; ã…®; ã…®; á„œ; á„œ; ) HANGUL LETTER MIEUM-PIEUP +316F;316F;316F;11DD;11DD; # (ã…¯; ã…¯; ã…¯; á‡; á‡; ) HANGUL LETTER MIEUM-SIOS +3170;3170;3170;11DF;11DF; # (ã…°; ã…°; ã…°; ᇟ; ᇟ; ) HANGUL LETTER MIEUM-PANSIOS +3171;3171;3171;111D;111D; # (ã…±; ã…±; ã…±; á„; á„; ) HANGUL LETTER KAPYEOUNMIEUM +3172;3172;3172;111E;111E; # (ã…²; ã…²; ã…²; á„ž; á„ž; ) HANGUL LETTER PIEUP-KIYEOK +3173;3173;3173;1120;1120; # (ã…³; ã…³; ã…³; á„ ; á„ ; ) HANGUL LETTER PIEUP-TIKEUT +3174;3174;3174;1122;1122; # (ã…´; ã…´; ã…´; á„¢; á„¢; ) HANGUL LETTER PIEUP-SIOS-KIYEOK +3175;3175;3175;1123;1123; # (ã…µ; ã…µ; ã…µ; á„£; á„£; ) HANGUL LETTER PIEUP-SIOS-TIKEUT +3176;3176;3176;1127;1127; # (ã…¶; ã…¶; ã…¶; ᄧ; ᄧ; ) HANGUL LETTER PIEUP-CIEUC +3177;3177;3177;1129;1129; # (ã…·; ã…·; ã…·; á„©; á„©; ) HANGUL LETTER PIEUP-THIEUTH +3178;3178;3178;112B;112B; # (ã…¸; ã…¸; ã…¸; á„«; á„«; ) HANGUL LETTER KAPYEOUNPIEUP +3179;3179;3179;112C;112C; # (ã…¹; ã…¹; ã…¹; ᄬ; ᄬ; ) HANGUL LETTER KAPYEOUNSSANGPIEUP +317A;317A;317A;112D;112D; # (ã…º; ã…º; ã…º; á„­; á„­; ) HANGUL LETTER SIOS-KIYEOK +317B;317B;317B;112E;112E; # (ã…»; ã…»; ã…»; á„®; á„®; ) HANGUL LETTER SIOS-NIEUN +317C;317C;317C;112F;112F; # (ã…¼; ã…¼; ã…¼; ᄯ; ᄯ; ) HANGUL LETTER SIOS-TIKEUT +317D;317D;317D;1132;1132; # (ã…½; ã…½; ã…½; ᄲ; ᄲ; ) HANGUL LETTER SIOS-PIEUP +317E;317E;317E;1136;1136; # (ã…¾; ã…¾; ã…¾; ᄶ; ᄶ; ) HANGUL LETTER SIOS-CIEUC +317F;317F;317F;1140;1140; # (ã…¿; ã…¿; ã…¿; á…€; á…€; ) HANGUL LETTER PANSIOS +3180;3180;3180;1147;1147; # (ㆀ; ㆀ; ㆀ; á…‡; á…‡; ) HANGUL LETTER SSANGIEUNG +3181;3181;3181;114C;114C; # (ã†; ã†; ã†; á…Œ; á…Œ; ) HANGUL LETTER YESIEUNG +3182;3182;3182;11F1;11F1; # (ㆂ; ㆂ; ㆂ; ᇱ; ᇱ; ) HANGUL LETTER YESIEUNG-SIOS +3183;3183;3183;11F2;11F2; # (ㆃ; ㆃ; ㆃ; ᇲ; ᇲ; ) HANGUL LETTER YESIEUNG-PANSIOS +3184;3184;3184;1157;1157; # (ㆄ; ㆄ; ㆄ; á…—; á…—; ) HANGUL LETTER KAPYEOUNPHIEUPH +3185;3185;3185;1158;1158; # (ㆅ; ㆅ; ㆅ; á…˜; á…˜; ) HANGUL LETTER SSANGHIEUH +3186;3186;3186;1159;1159; # (ㆆ; ㆆ; ㆆ; á…™; á…™; ) HANGUL LETTER YEORINHIEUH +3187;3187;3187;1184;1184; # (ㆇ; ㆇ; ㆇ; ᆄ; ᆄ; ) HANGUL LETTER YO-YA +3188;3188;3188;1185;1185; # (ㆈ; ㆈ; ㆈ; ᆅ; ᆅ; ) HANGUL LETTER YO-YAE +3189;3189;3189;1188;1188; # (ㆉ; ㆉ; ㆉ; ᆈ; ᆈ; ) HANGUL LETTER YO-I +318A;318A;318A;1191;1191; # (ㆊ; ㆊ; ㆊ; ᆑ; ᆑ; ) HANGUL LETTER YU-YEO +318B;318B;318B;1192;1192; # (ㆋ; ㆋ; ㆋ; ᆒ; ᆒ; ) HANGUL LETTER YU-YE +318C;318C;318C;1194;1194; # (ㆌ; ㆌ; ㆌ; ᆔ; ᆔ; ) HANGUL LETTER YU-I +318D;318D;318D;119E;119E; # (ã†; ã†; ã†; ᆞ; ᆞ; ) HANGUL LETTER ARAEA +318E;318E;318E;11A1;11A1; # (ㆎ; ㆎ; ㆎ; ᆡ; ᆡ; ) HANGUL LETTER ARAEAE +3192;3192;3192;4E00;4E00; # (㆒; ㆒; ㆒; 一; 一; ) IDEOGRAPHIC ANNOTATION ONE MARK +3193;3193;3193;4E8C;4E8C; # (㆓; ㆓; ㆓; 二; 二; ) IDEOGRAPHIC ANNOTATION TWO MARK +3194;3194;3194;4E09;4E09; # (㆔; ㆔; ㆔; 三; 三; ) IDEOGRAPHIC ANNOTATION THREE MARK +3195;3195;3195;56DB;56DB; # (㆕; ㆕; ㆕; å››; å››; ) IDEOGRAPHIC ANNOTATION FOUR MARK +3196;3196;3196;4E0A;4E0A; # (㆖; ㆖; ㆖; 上; 上; ) IDEOGRAPHIC ANNOTATION TOP MARK +3197;3197;3197;4E2D;4E2D; # (㆗; ㆗; ㆗; 中; 中; ) IDEOGRAPHIC ANNOTATION MIDDLE MARK +3198;3198;3198;4E0B;4E0B; # (㆘; ㆘; ㆘; 下; 下; ) IDEOGRAPHIC ANNOTATION BOTTOM MARK +3199;3199;3199;7532;7532; # (㆙; ㆙; ㆙; 甲; 甲; ) IDEOGRAPHIC ANNOTATION FIRST MARK +319A;319A;319A;4E59;4E59; # (㆚; ㆚; ㆚; ä¹™; ä¹™; ) IDEOGRAPHIC ANNOTATION SECOND MARK +319B;319B;319B;4E19;4E19; # (㆛; ㆛; ㆛; 丙; 丙; ) IDEOGRAPHIC ANNOTATION THIRD MARK +319C;319C;319C;4E01;4E01; # (㆜; ㆜; ㆜; ä¸; ä¸; ) IDEOGRAPHIC ANNOTATION FOURTH MARK +319D;319D;319D;5929;5929; # (ã†; ã†; ã†; 天; 天; ) IDEOGRAPHIC ANNOTATION HEAVEN MARK +319E;319E;319E;5730;5730; # (㆞; ㆞; ㆞; 地; 地; ) IDEOGRAPHIC ANNOTATION EARTH MARK +319F;319F;319F;4EBA;4EBA; # (㆟; ㆟; ㆟; 人; 人; ) IDEOGRAPHIC ANNOTATION MAN MARK +3200;3200;3200;0028 1100 0029;0028 1100 0029; # (㈀; ㈀; ㈀; (á„€); (á„€); ) PARENTHESIZED HANGUL KIYEOK +3201;3201;3201;0028 1102 0029;0028 1102 0029; # (ãˆ; ãˆ; ãˆ; (á„‚); (á„‚); ) PARENTHESIZED HANGUL NIEUN +3202;3202;3202;0028 1103 0029;0028 1103 0029; # (㈂; ㈂; ㈂; (ᄃ); (ᄃ); ) PARENTHESIZED HANGUL TIKEUT +3203;3203;3203;0028 1105 0029;0028 1105 0029; # (㈃; ㈃; ㈃; (á„…); (á„…); ) PARENTHESIZED HANGUL RIEUL +3204;3204;3204;0028 1106 0029;0028 1106 0029; # (㈄; ㈄; ㈄; (ᄆ); (ᄆ); ) PARENTHESIZED HANGUL MIEUM +3205;3205;3205;0028 1107 0029;0028 1107 0029; # (㈅; ㈅; ㈅; (ᄇ); (ᄇ); ) PARENTHESIZED HANGUL PIEUP +3206;3206;3206;0028 1109 0029;0028 1109 0029; # (㈆; ㈆; ㈆; (ᄉ); (ᄉ); ) PARENTHESIZED HANGUL SIOS +3207;3207;3207;0028 110B 0029;0028 110B 0029; # (㈇; ㈇; ㈇; (á„‹); (á„‹); ) PARENTHESIZED HANGUL IEUNG +3208;3208;3208;0028 110C 0029;0028 110C 0029; # (㈈; ㈈; ㈈; (á„Œ); (á„Œ); ) PARENTHESIZED HANGUL CIEUC +3209;3209;3209;0028 110E 0029;0028 110E 0029; # (㈉; ㈉; ㈉; (á„Ž); (á„Ž); ) PARENTHESIZED HANGUL CHIEUCH +320A;320A;320A;0028 110F 0029;0028 110F 0029; # (㈊; ㈊; ㈊; (á„); (á„); ) PARENTHESIZED HANGUL KHIEUKH +320B;320B;320B;0028 1110 0029;0028 1110 0029; # (㈋; ㈋; ㈋; (á„); (á„); ) PARENTHESIZED HANGUL THIEUTH +320C;320C;320C;0028 1111 0029;0028 1111 0029; # (㈌; ㈌; ㈌; (á„‘); (á„‘); ) PARENTHESIZED HANGUL PHIEUPH +320D;320D;320D;0028 1112 0029;0028 1112 0029; # (ãˆ; ãˆ; ãˆ; (á„’); (á„’); ) PARENTHESIZED HANGUL HIEUH +320E;320E;320E;0028 AC00 0029;0028 1100 1161 0029; # (㈎; ㈎; ㈎; (ê°€); (가); ) PARENTHESIZED HANGUL KIYEOK A +320F;320F;320F;0028 B098 0029;0028 1102 1161 0029; # (ãˆ; ãˆ; ãˆ; (나); (á„‚á…¡); ) PARENTHESIZED HANGUL NIEUN A +3210;3210;3210;0028 B2E4 0029;0028 1103 1161 0029; # (ãˆ; ãˆ; ãˆ; (다); (다); ) PARENTHESIZED HANGUL TIKEUT A +3211;3211;3211;0028 B77C 0029;0028 1105 1161 0029; # (㈑; ㈑; ㈑; (ë¼); (á„…á…¡); ) PARENTHESIZED HANGUL RIEUL A +3212;3212;3212;0028 B9C8 0029;0028 1106 1161 0029; # (㈒; ㈒; ㈒; (마); (마); ) PARENTHESIZED HANGUL MIEUM A +3213;3213;3213;0028 BC14 0029;0028 1107 1161 0029; # (㈓; ㈓; ㈓; (ë°”); (바); ) PARENTHESIZED HANGUL PIEUP A +3214;3214;3214;0028 C0AC 0029;0028 1109 1161 0029; # (㈔; ㈔; ㈔; (사); (사); ) PARENTHESIZED HANGUL SIOS A +3215;3215;3215;0028 C544 0029;0028 110B 1161 0029; # (㈕; ㈕; ㈕; (ì•„); (á„‹á…¡); ) PARENTHESIZED HANGUL IEUNG A +3216;3216;3216;0028 C790 0029;0028 110C 1161 0029; # (㈖; ㈖; ㈖; (ìž); (자); ) PARENTHESIZED HANGUL CIEUC A +3217;3217;3217;0028 CC28 0029;0028 110E 1161 0029; # (㈗; ㈗; ㈗; (ì°¨); (á„Žá…¡); ) PARENTHESIZED HANGUL CHIEUCH A +3218;3218;3218;0028 CE74 0029;0028 110F 1161 0029; # (㈘; ㈘; ㈘; (ì¹´); (á„á…¡); ) PARENTHESIZED HANGUL KHIEUKH A +3219;3219;3219;0028 D0C0 0029;0028 1110 1161 0029; # (㈙; ㈙; ㈙; (타); (á„á…¡); ) PARENTHESIZED HANGUL THIEUTH A +321A;321A;321A;0028 D30C 0029;0028 1111 1161 0029; # (㈚; ㈚; ㈚; (파); (á„‘á…¡); ) PARENTHESIZED HANGUL PHIEUPH A +321B;321B;321B;0028 D558 0029;0028 1112 1161 0029; # (㈛; ㈛; ㈛; (하); (á„’á…¡); ) PARENTHESIZED HANGUL HIEUH A +321C;321C;321C;0028 C8FC 0029;0028 110C 116E 0029; # (㈜; ㈜; ㈜; (주); (주); ) PARENTHESIZED HANGUL CIEUC U +321D;321D;321D;0028 C624 C804 0029;0028 110B 1169 110C 1165 11AB 0029; # (ãˆ; ãˆ; ãˆ; (오전); (오전); ) PARENTHESIZED KOREAN CHARACTER OJEON +321E;321E;321E;0028 C624 D6C4 0029;0028 110B 1169 1112 116E 0029; # (㈞; ㈞; ㈞; (오후); (á„‹á…©á„’á…®); ) PARENTHESIZED KOREAN CHARACTER O HU +3220;3220;3220;0028 4E00 0029;0028 4E00 0029; # (㈠; ㈠; ㈠; (一); (一); ) PARENTHESIZED IDEOGRAPH ONE +3221;3221;3221;0028 4E8C 0029;0028 4E8C 0029; # (㈡; ㈡; ㈡; (二); (二); ) PARENTHESIZED IDEOGRAPH TWO +3222;3222;3222;0028 4E09 0029;0028 4E09 0029; # (㈢; ㈢; ㈢; (三); (三); ) PARENTHESIZED IDEOGRAPH THREE +3223;3223;3223;0028 56DB 0029;0028 56DB 0029; # (㈣; ㈣; ㈣; (å››); (å››); ) PARENTHESIZED IDEOGRAPH FOUR +3224;3224;3224;0028 4E94 0029;0028 4E94 0029; # (㈤; ㈤; ㈤; (五); (五); ) PARENTHESIZED IDEOGRAPH FIVE +3225;3225;3225;0028 516D 0029;0028 516D 0029; # (㈥; ㈥; ㈥; (å…­); (å…­); ) PARENTHESIZED IDEOGRAPH SIX +3226;3226;3226;0028 4E03 0029;0028 4E03 0029; # (㈦; ㈦; ㈦; (七); (七); ) PARENTHESIZED IDEOGRAPH SEVEN +3227;3227;3227;0028 516B 0029;0028 516B 0029; # (㈧; ㈧; ㈧; (å…«); (å…«); ) PARENTHESIZED IDEOGRAPH EIGHT +3228;3228;3228;0028 4E5D 0029;0028 4E5D 0029; # (㈨; ㈨; ㈨; (ä¹); (ä¹); ) PARENTHESIZED IDEOGRAPH NINE +3229;3229;3229;0028 5341 0029;0028 5341 0029; # (㈩; ㈩; ㈩; (å); (å); ) PARENTHESIZED IDEOGRAPH TEN +322A;322A;322A;0028 6708 0029;0028 6708 0029; # (㈪; ㈪; ㈪; (月); (月); ) PARENTHESIZED IDEOGRAPH MOON +322B;322B;322B;0028 706B 0029;0028 706B 0029; # (㈫; ㈫; ㈫; (ç«); (ç«); ) PARENTHESIZED IDEOGRAPH FIRE +322C;322C;322C;0028 6C34 0029;0028 6C34 0029; # (㈬; ㈬; ㈬; (æ°´); (æ°´); ) PARENTHESIZED IDEOGRAPH WATER +322D;322D;322D;0028 6728 0029;0028 6728 0029; # (㈭; ㈭; ㈭; (木); (木); ) PARENTHESIZED IDEOGRAPH WOOD +322E;322E;322E;0028 91D1 0029;0028 91D1 0029; # (㈮; ㈮; ㈮; (金); (金); ) PARENTHESIZED IDEOGRAPH METAL +322F;322F;322F;0028 571F 0029;0028 571F 0029; # (㈯; ㈯; ㈯; (土); (土); ) PARENTHESIZED IDEOGRAPH EARTH +3230;3230;3230;0028 65E5 0029;0028 65E5 0029; # (㈰; ㈰; ㈰; (æ—¥); (æ—¥); ) PARENTHESIZED IDEOGRAPH SUN +3231;3231;3231;0028 682A 0029;0028 682A 0029; # (㈱; ㈱; ㈱; (æ ª); (æ ª); ) PARENTHESIZED IDEOGRAPH STOCK +3232;3232;3232;0028 6709 0029;0028 6709 0029; # (㈲; ㈲; ㈲; (有); (有); ) PARENTHESIZED IDEOGRAPH HAVE +3233;3233;3233;0028 793E 0029;0028 793E 0029; # (㈳; ㈳; ㈳; (社); (社); ) PARENTHESIZED IDEOGRAPH SOCIETY +3234;3234;3234;0028 540D 0029;0028 540D 0029; # (㈴; ㈴; ㈴; (å); (å); ) PARENTHESIZED IDEOGRAPH NAME +3235;3235;3235;0028 7279 0029;0028 7279 0029; # (㈵; ㈵; ㈵; (特); (特); ) PARENTHESIZED IDEOGRAPH SPECIAL +3236;3236;3236;0028 8CA1 0029;0028 8CA1 0029; # (㈶; ㈶; ㈶; (財); (財); ) PARENTHESIZED IDEOGRAPH FINANCIAL +3237;3237;3237;0028 795D 0029;0028 795D 0029; # (㈷; ㈷; ㈷; (ç¥); (ç¥); ) PARENTHESIZED IDEOGRAPH CONGRATULATION +3238;3238;3238;0028 52B4 0029;0028 52B4 0029; # (㈸; ㈸; ㈸; (労); (労); ) PARENTHESIZED IDEOGRAPH LABOR +3239;3239;3239;0028 4EE3 0029;0028 4EE3 0029; # (㈹; ㈹; ㈹; (代); (代); ) PARENTHESIZED IDEOGRAPH REPRESENT +323A;323A;323A;0028 547C 0029;0028 547C 0029; # (㈺; ㈺; ㈺; (呼); (呼); ) PARENTHESIZED IDEOGRAPH CALL +323B;323B;323B;0028 5B66 0029;0028 5B66 0029; # (㈻; ㈻; ㈻; (å­¦); (å­¦); ) PARENTHESIZED IDEOGRAPH STUDY +323C;323C;323C;0028 76E3 0029;0028 76E3 0029; # (㈼; ㈼; ㈼; (監); (監); ) PARENTHESIZED IDEOGRAPH SUPERVISE +323D;323D;323D;0028 4F01 0029;0028 4F01 0029; # (㈽; ㈽; ㈽; (ä¼); (ä¼); ) PARENTHESIZED IDEOGRAPH ENTERPRISE +323E;323E;323E;0028 8CC7 0029;0028 8CC7 0029; # (㈾; ㈾; ㈾; (資); (資); ) PARENTHESIZED IDEOGRAPH RESOURCE +323F;323F;323F;0028 5354 0029;0028 5354 0029; # (㈿; ㈿; ㈿; (å”); (å”); ) PARENTHESIZED IDEOGRAPH ALLIANCE +3240;3240;3240;0028 796D 0029;0028 796D 0029; # (㉀; ㉀; ㉀; (祭); (祭); ) PARENTHESIZED IDEOGRAPH FESTIVAL +3241;3241;3241;0028 4F11 0029;0028 4F11 0029; # (ã‰; ã‰; ã‰; (休); (休); ) PARENTHESIZED IDEOGRAPH REST +3242;3242;3242;0028 81EA 0029;0028 81EA 0029; # (㉂; ㉂; ㉂; (自); (自); ) PARENTHESIZED IDEOGRAPH SELF +3243;3243;3243;0028 81F3 0029;0028 81F3 0029; # (㉃; ㉃; ㉃; (至); (至); ) PARENTHESIZED IDEOGRAPH REACH +3250;3250;3250;0050 0054 0045;0050 0054 0045; # (ã‰; ã‰; ã‰; PTE; PTE; ) PARTNERSHIP SIGN +3251;3251;3251;0032 0031;0032 0031; # (㉑; ㉑; ㉑; 21; 21; ) CIRCLED NUMBER TWENTY ONE +3252;3252;3252;0032 0032;0032 0032; # (㉒; ㉒; ㉒; 22; 22; ) CIRCLED NUMBER TWENTY TWO +3253;3253;3253;0032 0033;0032 0033; # (㉓; ㉓; ㉓; 23; 23; ) CIRCLED NUMBER TWENTY THREE +3254;3254;3254;0032 0034;0032 0034; # (㉔; ㉔; ㉔; 24; 24; ) CIRCLED NUMBER TWENTY FOUR +3255;3255;3255;0032 0035;0032 0035; # (㉕; ㉕; ㉕; 25; 25; ) CIRCLED NUMBER TWENTY FIVE +3256;3256;3256;0032 0036;0032 0036; # (㉖; ㉖; ㉖; 26; 26; ) CIRCLED NUMBER TWENTY SIX +3257;3257;3257;0032 0037;0032 0037; # (㉗; ㉗; ㉗; 27; 27; ) CIRCLED NUMBER TWENTY SEVEN +3258;3258;3258;0032 0038;0032 0038; # (㉘; ㉘; ㉘; 28; 28; ) CIRCLED NUMBER TWENTY EIGHT +3259;3259;3259;0032 0039;0032 0039; # (㉙; ㉙; ㉙; 29; 29; ) CIRCLED NUMBER TWENTY NINE +325A;325A;325A;0033 0030;0033 0030; # (㉚; ㉚; ㉚; 30; 30; ) CIRCLED NUMBER THIRTY +325B;325B;325B;0033 0031;0033 0031; # (㉛; ㉛; ㉛; 31; 31; ) CIRCLED NUMBER THIRTY ONE +325C;325C;325C;0033 0032;0033 0032; # (㉜; ㉜; ㉜; 32; 32; ) CIRCLED NUMBER THIRTY TWO +325D;325D;325D;0033 0033;0033 0033; # (ã‰; ã‰; ã‰; 33; 33; ) CIRCLED NUMBER THIRTY THREE +325E;325E;325E;0033 0034;0033 0034; # (㉞; ㉞; ㉞; 34; 34; ) CIRCLED NUMBER THIRTY FOUR +325F;325F;325F;0033 0035;0033 0035; # (㉟; ㉟; ㉟; 35; 35; ) CIRCLED NUMBER THIRTY FIVE +3260;3260;3260;1100;1100; # (㉠; ㉠; ㉠; á„€; á„€; ) CIRCLED HANGUL KIYEOK +3261;3261;3261;1102;1102; # (㉡; ㉡; ㉡; á„‚; á„‚; ) CIRCLED HANGUL NIEUN +3262;3262;3262;1103;1103; # (㉢; ㉢; ㉢; ᄃ; ᄃ; ) CIRCLED HANGUL TIKEUT +3263;3263;3263;1105;1105; # (㉣; ㉣; ㉣; á„…; á„…; ) CIRCLED HANGUL RIEUL +3264;3264;3264;1106;1106; # (㉤; ㉤; ㉤; ᄆ; ᄆ; ) CIRCLED HANGUL MIEUM +3265;3265;3265;1107;1107; # (㉥; ㉥; ㉥; ᄇ; ᄇ; ) CIRCLED HANGUL PIEUP +3266;3266;3266;1109;1109; # (㉦; ㉦; ㉦; ᄉ; ᄉ; ) CIRCLED HANGUL SIOS +3267;3267;3267;110B;110B; # (㉧; ㉧; ㉧; á„‹; á„‹; ) CIRCLED HANGUL IEUNG +3268;3268;3268;110C;110C; # (㉨; ㉨; ㉨; á„Œ; á„Œ; ) CIRCLED HANGUL CIEUC +3269;3269;3269;110E;110E; # (㉩; ㉩; ㉩; á„Ž; á„Ž; ) CIRCLED HANGUL CHIEUCH +326A;326A;326A;110F;110F; # (㉪; ㉪; ㉪; á„; á„; ) CIRCLED HANGUL KHIEUKH +326B;326B;326B;1110;1110; # (㉫; ㉫; ㉫; á„; á„; ) CIRCLED HANGUL THIEUTH +326C;326C;326C;1111;1111; # (㉬; ㉬; ㉬; á„‘; á„‘; ) CIRCLED HANGUL PHIEUPH +326D;326D;326D;1112;1112; # (㉭; ㉭; ㉭; á„’; á„’; ) CIRCLED HANGUL HIEUH +326E;326E;326E;AC00;1100 1161; # (㉮; ㉮; ㉮; ê°€; 가; ) CIRCLED HANGUL KIYEOK A +326F;326F;326F;B098;1102 1161; # (㉯; ㉯; ㉯; 나; á„‚á…¡; ) CIRCLED HANGUL NIEUN A +3270;3270;3270;B2E4;1103 1161; # (㉰; ㉰; ㉰; 다; 다; ) CIRCLED HANGUL TIKEUT A +3271;3271;3271;B77C;1105 1161; # (㉱; ㉱; ㉱; ë¼; á„…á…¡; ) CIRCLED HANGUL RIEUL A +3272;3272;3272;B9C8;1106 1161; # (㉲; ㉲; ㉲; 마; 마; ) CIRCLED HANGUL MIEUM A +3273;3273;3273;BC14;1107 1161; # (㉳; ㉳; ㉳; ë°”; 바; ) CIRCLED HANGUL PIEUP A +3274;3274;3274;C0AC;1109 1161; # (㉴; ㉴; ㉴; 사; 사; ) CIRCLED HANGUL SIOS A +3275;3275;3275;C544;110B 1161; # (㉵; ㉵; ㉵; ì•„; á„‹á…¡; ) CIRCLED HANGUL IEUNG A +3276;3276;3276;C790;110C 1161; # (㉶; ㉶; ㉶; ìž; 자; ) CIRCLED HANGUL CIEUC A +3277;3277;3277;CC28;110E 1161; # (㉷; ㉷; ㉷; ì°¨; á„Žá…¡; ) CIRCLED HANGUL CHIEUCH A +3278;3278;3278;CE74;110F 1161; # (㉸; ㉸; ㉸; ì¹´; á„á…¡; ) CIRCLED HANGUL KHIEUKH A +3279;3279;3279;D0C0;1110 1161; # (㉹; ㉹; ㉹; 타; á„á…¡; ) CIRCLED HANGUL THIEUTH A +327A;327A;327A;D30C;1111 1161; # (㉺; ㉺; ㉺; 파; á„‘á…¡; ) CIRCLED HANGUL PHIEUPH A +327B;327B;327B;D558;1112 1161; # (㉻; ㉻; ㉻; 하; á„’á…¡; ) CIRCLED HANGUL HIEUH A +327C;327C;327C;CC38 ACE0;110E 1161 11B7 1100 1169; # (㉼; ㉼; ㉼; 참고; 참고; ) CIRCLED KOREAN CHARACTER CHAMKO +327D;327D;327D;C8FC C758;110C 116E 110B 1174; # (㉽; ㉽; ㉽; 주ì˜; 주의; ) CIRCLED KOREAN CHARACTER JUEUI +3280;3280;3280;4E00;4E00; # (㊀; ㊀; ㊀; 一; 一; ) CIRCLED IDEOGRAPH ONE +3281;3281;3281;4E8C;4E8C; # (ãŠ; ãŠ; ãŠ; 二; 二; ) CIRCLED IDEOGRAPH TWO +3282;3282;3282;4E09;4E09; # (㊂; ㊂; ㊂; 三; 三; ) CIRCLED IDEOGRAPH THREE +3283;3283;3283;56DB;56DB; # (㊃; ㊃; ㊃; å››; å››; ) CIRCLED IDEOGRAPH FOUR +3284;3284;3284;4E94;4E94; # (㊄; ㊄; ㊄; 五; 五; ) CIRCLED IDEOGRAPH FIVE +3285;3285;3285;516D;516D; # (㊅; ㊅; ㊅; å…­; å…­; ) CIRCLED IDEOGRAPH SIX +3286;3286;3286;4E03;4E03; # (㊆; ㊆; ㊆; 七; 七; ) CIRCLED IDEOGRAPH SEVEN +3287;3287;3287;516B;516B; # (㊇; ㊇; ㊇; å…«; å…«; ) CIRCLED IDEOGRAPH EIGHT +3288;3288;3288;4E5D;4E5D; # (㊈; ㊈; ㊈; ä¹; ä¹; ) CIRCLED IDEOGRAPH NINE +3289;3289;3289;5341;5341; # (㊉; ㊉; ㊉; å; å; ) CIRCLED IDEOGRAPH TEN +328A;328A;328A;6708;6708; # (㊊; ㊊; ㊊; 月; 月; ) CIRCLED IDEOGRAPH MOON +328B;328B;328B;706B;706B; # (㊋; ㊋; ㊋; ç«; ç«; ) CIRCLED IDEOGRAPH FIRE +328C;328C;328C;6C34;6C34; # (㊌; ㊌; ㊌; æ°´; æ°´; ) CIRCLED IDEOGRAPH WATER +328D;328D;328D;6728;6728; # (ãŠ; ãŠ; ãŠ; 木; 木; ) CIRCLED IDEOGRAPH WOOD +328E;328E;328E;91D1;91D1; # (㊎; ㊎; ㊎; 金; 金; ) CIRCLED IDEOGRAPH METAL +328F;328F;328F;571F;571F; # (ãŠ; ãŠ; ãŠ; 土; 土; ) CIRCLED IDEOGRAPH EARTH +3290;3290;3290;65E5;65E5; # (ãŠ; ãŠ; ãŠ; æ—¥; æ—¥; ) CIRCLED IDEOGRAPH SUN +3291;3291;3291;682A;682A; # (㊑; ㊑; ㊑; æ ª; æ ª; ) CIRCLED IDEOGRAPH STOCK +3292;3292;3292;6709;6709; # (㊒; ㊒; ㊒; 有; 有; ) CIRCLED IDEOGRAPH HAVE +3293;3293;3293;793E;793E; # (㊓; ㊓; ㊓; 社; 社; ) CIRCLED IDEOGRAPH SOCIETY +3294;3294;3294;540D;540D; # (㊔; ㊔; ㊔; å; å; ) CIRCLED IDEOGRAPH NAME +3295;3295;3295;7279;7279; # (㊕; ㊕; ㊕; 特; 特; ) CIRCLED IDEOGRAPH SPECIAL +3296;3296;3296;8CA1;8CA1; # (㊖; ㊖; ㊖; 財; 財; ) CIRCLED IDEOGRAPH FINANCIAL +3297;3297;3297;795D;795D; # (㊗; ㊗; ㊗; ç¥; ç¥; ) CIRCLED IDEOGRAPH CONGRATULATION +3298;3298;3298;52B4;52B4; # (㊘; ㊘; ㊘; 労; 労; ) CIRCLED IDEOGRAPH LABOR +3299;3299;3299;79D8;79D8; # (㊙; ㊙; ㊙; 秘; 秘; ) CIRCLED IDEOGRAPH SECRET +329A;329A;329A;7537;7537; # (㊚; ㊚; ㊚; ç”·; ç”·; ) CIRCLED IDEOGRAPH MALE +329B;329B;329B;5973;5973; # (㊛; ㊛; ㊛; 女; 女; ) CIRCLED IDEOGRAPH FEMALE +329C;329C;329C;9069;9069; # (㊜; ㊜; ㊜; é©; é©; ) CIRCLED IDEOGRAPH SUITABLE +329D;329D;329D;512A;512A; # (ãŠ; ãŠ; ãŠ; 優; 優; ) CIRCLED IDEOGRAPH EXCELLENT +329E;329E;329E;5370;5370; # (㊞; ㊞; ㊞; å°; å°; ) CIRCLED IDEOGRAPH PRINT +329F;329F;329F;6CE8;6CE8; # (㊟; ㊟; ㊟; 注; 注; ) CIRCLED IDEOGRAPH ATTENTION +32A0;32A0;32A0;9805;9805; # (㊠; ㊠; ㊠; é …; é …; ) CIRCLED IDEOGRAPH ITEM +32A1;32A1;32A1;4F11;4F11; # (㊡; ㊡; ㊡; 休; 休; ) CIRCLED IDEOGRAPH REST +32A2;32A2;32A2;5199;5199; # (㊢; ㊢; ㊢; 写; 写; ) CIRCLED IDEOGRAPH COPY +32A3;32A3;32A3;6B63;6B63; # (㊣; ㊣; ㊣; æ­£; æ­£; ) CIRCLED IDEOGRAPH CORRECT +32A4;32A4;32A4;4E0A;4E0A; # (㊤; ㊤; ㊤; 上; 上; ) CIRCLED IDEOGRAPH HIGH +32A5;32A5;32A5;4E2D;4E2D; # (㊥; ㊥; ㊥; 中; 中; ) CIRCLED IDEOGRAPH CENTRE +32A6;32A6;32A6;4E0B;4E0B; # (㊦; ㊦; ㊦; 下; 下; ) CIRCLED IDEOGRAPH LOW +32A7;32A7;32A7;5DE6;5DE6; # (㊧; ㊧; ㊧; å·¦; å·¦; ) CIRCLED IDEOGRAPH LEFT +32A8;32A8;32A8;53F3;53F3; # (㊨; ㊨; ㊨; å³; å³; ) CIRCLED IDEOGRAPH RIGHT +32A9;32A9;32A9;533B;533B; # (㊩; ㊩; ㊩; 医; 医; ) CIRCLED IDEOGRAPH MEDICINE +32AA;32AA;32AA;5B97;5B97; # (㊪; ㊪; ㊪; å®—; å®—; ) CIRCLED IDEOGRAPH RELIGION +32AB;32AB;32AB;5B66;5B66; # (㊫; ㊫; ㊫; å­¦; å­¦; ) CIRCLED IDEOGRAPH STUDY +32AC;32AC;32AC;76E3;76E3; # (㊬; ㊬; ㊬; 監; 監; ) CIRCLED IDEOGRAPH SUPERVISE +32AD;32AD;32AD;4F01;4F01; # (㊭; ㊭; ㊭; ä¼; ä¼; ) CIRCLED IDEOGRAPH ENTERPRISE +32AE;32AE;32AE;8CC7;8CC7; # (㊮; ㊮; ㊮; 資; 資; ) CIRCLED IDEOGRAPH RESOURCE +32AF;32AF;32AF;5354;5354; # (㊯; ㊯; ㊯; å”; å”; ) CIRCLED IDEOGRAPH ALLIANCE +32B0;32B0;32B0;591C;591C; # (㊰; ㊰; ㊰; 夜; 夜; ) CIRCLED IDEOGRAPH NIGHT +32B1;32B1;32B1;0033 0036;0033 0036; # (㊱; ㊱; ㊱; 36; 36; ) CIRCLED NUMBER THIRTY SIX +32B2;32B2;32B2;0033 0037;0033 0037; # (㊲; ㊲; ㊲; 37; 37; ) CIRCLED NUMBER THIRTY SEVEN +32B3;32B3;32B3;0033 0038;0033 0038; # (㊳; ㊳; ㊳; 38; 38; ) CIRCLED NUMBER THIRTY EIGHT +32B4;32B4;32B4;0033 0039;0033 0039; # (㊴; ㊴; ㊴; 39; 39; ) CIRCLED NUMBER THIRTY NINE +32B5;32B5;32B5;0034 0030;0034 0030; # (㊵; ㊵; ㊵; 40; 40; ) CIRCLED NUMBER FORTY +32B6;32B6;32B6;0034 0031;0034 0031; # (㊶; ㊶; ㊶; 41; 41; ) CIRCLED NUMBER FORTY ONE +32B7;32B7;32B7;0034 0032;0034 0032; # (㊷; ㊷; ㊷; 42; 42; ) CIRCLED NUMBER FORTY TWO +32B8;32B8;32B8;0034 0033;0034 0033; # (㊸; ㊸; ㊸; 43; 43; ) CIRCLED NUMBER FORTY THREE +32B9;32B9;32B9;0034 0034;0034 0034; # (㊹; ㊹; ㊹; 44; 44; ) CIRCLED NUMBER FORTY FOUR +32BA;32BA;32BA;0034 0035;0034 0035; # (㊺; ㊺; ㊺; 45; 45; ) CIRCLED NUMBER FORTY FIVE +32BB;32BB;32BB;0034 0036;0034 0036; # (㊻; ㊻; ㊻; 46; 46; ) CIRCLED NUMBER FORTY SIX +32BC;32BC;32BC;0034 0037;0034 0037; # (㊼; ㊼; ㊼; 47; 47; ) CIRCLED NUMBER FORTY SEVEN +32BD;32BD;32BD;0034 0038;0034 0038; # (㊽; ㊽; ㊽; 48; 48; ) CIRCLED NUMBER FORTY EIGHT +32BE;32BE;32BE;0034 0039;0034 0039; # (㊾; ㊾; ㊾; 49; 49; ) CIRCLED NUMBER FORTY NINE +32BF;32BF;32BF;0035 0030;0035 0030; # (㊿; ㊿; ㊿; 50; 50; ) CIRCLED NUMBER FIFTY +32C0;32C0;32C0;0031 6708;0031 6708; # (ã‹€; ã‹€; ã‹€; 1月; 1月; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR JANUARY +32C1;32C1;32C1;0032 6708;0032 6708; # (ã‹; ã‹; ã‹; 2月; 2月; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR FEBRUARY +32C2;32C2;32C2;0033 6708;0033 6708; # (ã‹‚; ã‹‚; ã‹‚; 3月; 3月; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR MARCH +32C3;32C3;32C3;0034 6708;0034 6708; # (㋃; ㋃; ㋃; 4月; 4月; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR APRIL +32C4;32C4;32C4;0035 6708;0035 6708; # (ã‹„; ã‹„; ã‹„; 5月; 5月; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR MAY +32C5;32C5;32C5;0036 6708;0036 6708; # (ã‹…; ã‹…; ã‹…; 6月; 6月; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR JUNE +32C6;32C6;32C6;0037 6708;0037 6708; # (㋆; ㋆; ㋆; 7月; 7月; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR JULY +32C7;32C7;32C7;0038 6708;0038 6708; # (㋇; ㋇; ㋇; 8月; 8月; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR AUGUST +32C8;32C8;32C8;0039 6708;0039 6708; # (㋈; ㋈; ㋈; 9月; 9月; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR SEPTEMBER +32C9;32C9;32C9;0031 0030 6708;0031 0030 6708; # (㋉; ㋉; ㋉; 10月; 10月; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR OCTOBER +32CA;32CA;32CA;0031 0031 6708;0031 0031 6708; # (ã‹Š; ã‹Š; ã‹Š; 11月; 11月; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR NOVEMBER +32CB;32CB;32CB;0031 0032 6708;0031 0032 6708; # (ã‹‹; ã‹‹; ã‹‹; 12月; 12月; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DECEMBER +32CC;32CC;32CC;0048 0067;0048 0067; # (ã‹Œ; ã‹Œ; ã‹Œ; Hg; Hg; ) SQUARE HG +32CD;32CD;32CD;0065 0072 0067;0065 0072 0067; # (ã‹; ã‹; ã‹; erg; erg; ) SQUARE ERG +32CE;32CE;32CE;0065 0056;0065 0056; # (ã‹Ž; ã‹Ž; ã‹Ž; eV; eV; ) SQUARE EV +32CF;32CF;32CF;004C 0054 0044;004C 0054 0044; # (ã‹; ã‹; ã‹; LTD; LTD; ) LIMITED LIABILITY SIGN +32D0;32D0;32D0;30A2;30A2; # (ã‹; ã‹; ã‹; ã‚¢; ã‚¢; ) CIRCLED KATAKANA A +32D1;32D1;32D1;30A4;30A4; # (ã‹‘; ã‹‘; ã‹‘; イ; イ; ) CIRCLED KATAKANA I +32D2;32D2;32D2;30A6;30A6; # (ã‹’; ã‹’; ã‹’; ウ; ウ; ) CIRCLED KATAKANA U +32D3;32D3;32D3;30A8;30A8; # (ã‹“; ã‹“; ã‹“; エ; エ; ) CIRCLED KATAKANA E +32D4;32D4;32D4;30AA;30AA; # (ã‹”; ã‹”; ã‹”; オ; オ; ) CIRCLED KATAKANA O +32D5;32D5;32D5;30AB;30AB; # (ã‹•; ã‹•; ã‹•; ã‚«; ã‚«; ) CIRCLED KATAKANA KA +32D6;32D6;32D6;30AD;30AD; # (ã‹–; ã‹–; ã‹–; ã‚­; ã‚­; ) CIRCLED KATAKANA KI +32D7;32D7;32D7;30AF;30AF; # (ã‹—; ã‹—; ã‹—; ク; ク; ) CIRCLED KATAKANA KU +32D8;32D8;32D8;30B1;30B1; # (㋘; ㋘; ㋘; ケ; ケ; ) CIRCLED KATAKANA KE +32D9;32D9;32D9;30B3;30B3; # (ã‹™; ã‹™; ã‹™; コ; コ; ) CIRCLED KATAKANA KO +32DA;32DA;32DA;30B5;30B5; # (ã‹š; ã‹š; ã‹š; サ; サ; ) CIRCLED KATAKANA SA +32DB;32DB;32DB;30B7;30B7; # (ã‹›; ã‹›; ã‹›; ã‚·; ã‚·; ) CIRCLED KATAKANA SI +32DC;32DC;32DC;30B9;30B9; # (ã‹œ; ã‹œ; ã‹œ; ス; ス; ) CIRCLED KATAKANA SU +32DD;32DD;32DD;30BB;30BB; # (ã‹; ã‹; ã‹; ã‚»; ã‚»; ) CIRCLED KATAKANA SE +32DE;32DE;32DE;30BD;30BD; # (ã‹ž; ã‹ž; ã‹ž; ソ; ソ; ) CIRCLED KATAKANA SO +32DF;32DF;32DF;30BF;30BF; # (ã‹Ÿ; ã‹Ÿ; ã‹Ÿ; ã‚¿; ã‚¿; ) CIRCLED KATAKANA TA +32E0;32E0;32E0;30C1;30C1; # (ã‹ ; ã‹ ; ã‹ ; ãƒ; ãƒ; ) CIRCLED KATAKANA TI +32E1;32E1;32E1;30C4;30C4; # (ã‹¡; ã‹¡; ã‹¡; ツ; ツ; ) CIRCLED KATAKANA TU +32E2;32E2;32E2;30C6;30C6; # (ã‹¢; ã‹¢; ã‹¢; テ; テ; ) CIRCLED KATAKANA TE +32E3;32E3;32E3;30C8;30C8; # (ã‹£; ã‹£; ã‹£; ト; ト; ) CIRCLED KATAKANA TO +32E4;32E4;32E4;30CA;30CA; # (㋤; ㋤; ㋤; ナ; ナ; ) CIRCLED KATAKANA NA +32E5;32E5;32E5;30CB;30CB; # (ã‹¥; ã‹¥; ã‹¥; ニ; ニ; ) CIRCLED KATAKANA NI +32E6;32E6;32E6;30CC;30CC; # (㋦; ㋦; ㋦; ヌ; ヌ; ) CIRCLED KATAKANA NU +32E7;32E7;32E7;30CD;30CD; # (㋧; ㋧; ㋧; ãƒ; ãƒ; ) CIRCLED KATAKANA NE +32E8;32E8;32E8;30CE;30CE; # (㋨; ㋨; ㋨; ノ; ノ; ) CIRCLED KATAKANA NO +32E9;32E9;32E9;30CF;30CF; # (ã‹©; ã‹©; ã‹©; ãƒ; ãƒ; ) CIRCLED KATAKANA HA +32EA;32EA;32EA;30D2;30D2; # (㋪; ㋪; ㋪; ヒ; ヒ; ) CIRCLED KATAKANA HI +32EB;32EB;32EB;30D5;30D5; # (ã‹«; ã‹«; ã‹«; フ; フ; ) CIRCLED KATAKANA HU +32EC;32EC;32EC;30D8;30D8; # (㋬; ㋬; ㋬; ヘ; ヘ; ) CIRCLED KATAKANA HE +32ED;32ED;32ED;30DB;30DB; # (ã‹­; ã‹­; ã‹­; ホ; ホ; ) CIRCLED KATAKANA HO +32EE;32EE;32EE;30DE;30DE; # (ã‹®; ã‹®; ã‹®; マ; マ; ) CIRCLED KATAKANA MA +32EF;32EF;32EF;30DF;30DF; # (㋯; ㋯; ㋯; ミ; ミ; ) CIRCLED KATAKANA MI +32F0;32F0;32F0;30E0;30E0; # (ã‹°; ã‹°; ã‹°; ム; ム; ) CIRCLED KATAKANA MU +32F1;32F1;32F1;30E1;30E1; # (㋱; ㋱; ㋱; メ; メ; ) CIRCLED KATAKANA ME +32F2;32F2;32F2;30E2;30E2; # (㋲; ㋲; ㋲; モ; モ; ) CIRCLED KATAKANA MO +32F3;32F3;32F3;30E4;30E4; # (㋳; ㋳; ㋳; ヤ; ヤ; ) CIRCLED KATAKANA YA +32F4;32F4;32F4;30E6;30E6; # (ã‹´; ã‹´; ã‹´; ユ; ユ; ) CIRCLED KATAKANA YU +32F5;32F5;32F5;30E8;30E8; # (㋵; ㋵; ㋵; ヨ; ヨ; ) CIRCLED KATAKANA YO +32F6;32F6;32F6;30E9;30E9; # (㋶; ㋶; ㋶; ラ; ラ; ) CIRCLED KATAKANA RA +32F7;32F7;32F7;30EA;30EA; # (ã‹·; ã‹·; ã‹·; リ; リ; ) CIRCLED KATAKANA RI +32F8;32F8;32F8;30EB;30EB; # (㋸; ㋸; ㋸; ル; ル; ) CIRCLED KATAKANA RU +32F9;32F9;32F9;30EC;30EC; # (㋹; ㋹; ㋹; レ; レ; ) CIRCLED KATAKANA RE +32FA;32FA;32FA;30ED;30ED; # (㋺; ㋺; ㋺; ロ; ロ; ) CIRCLED KATAKANA RO +32FB;32FB;32FB;30EF;30EF; # (ã‹»; ã‹»; ã‹»; ワ; ワ; ) CIRCLED KATAKANA WA +32FC;32FC;32FC;30F0;30F0; # (㋼; ㋼; ㋼; ヰ; ヰ; ) CIRCLED KATAKANA WI +32FD;32FD;32FD;30F1;30F1; # (㋽; ㋽; ㋽; ヱ; ヱ; ) CIRCLED KATAKANA WE +32FE;32FE;32FE;30F2;30F2; # (㋾; ㋾; ㋾; ヲ; ヲ; ) CIRCLED KATAKANA WO +3300;3300;3300;30A2 30D1 30FC 30C8;30A2 30CF 309A 30FC 30C8; # (㌀; ㌀; ㌀; アパート; ã‚¢ãƒâ—Œã‚šãƒ¼ãƒˆ; ) SQUARE APAATO +3301;3301;3301;30A2 30EB 30D5 30A1;30A2 30EB 30D5 30A1; # (ãŒ; ãŒ; ãŒ; アルファ; アルファ; ) SQUARE ARUHUA +3302;3302;3302;30A2 30F3 30DA 30A2;30A2 30F3 30D8 309A 30A2; # (㌂; ㌂; ㌂; アンペア; アンヘ◌゚ア; ) SQUARE ANPEA +3303;3303;3303;30A2 30FC 30EB;30A2 30FC 30EB; # (㌃; ㌃; ㌃; アール; アール; ) SQUARE AARU +3304;3304;3304;30A4 30CB 30F3 30B0;30A4 30CB 30F3 30AF 3099; # (㌄; ㌄; ㌄; イニング; イニンク◌゙; ) SQUARE ININGU +3305;3305;3305;30A4 30F3 30C1;30A4 30F3 30C1; # (㌅; ㌅; ㌅; インãƒ; インãƒ; ) SQUARE INTI +3306;3306;3306;30A6 30A9 30F3;30A6 30A9 30F3; # (㌆; ㌆; ㌆; ウォン; ウォン; ) SQUARE UON +3307;3307;3307;30A8 30B9 30AF 30FC 30C9;30A8 30B9 30AF 30FC 30C8 3099; # (㌇; ㌇; ㌇; エスクード; エスクート◌゙; ) SQUARE ESUKUUDO +3308;3308;3308;30A8 30FC 30AB 30FC;30A8 30FC 30AB 30FC; # (㌈; ㌈; ㌈; エーカー; エーカー; ) SQUARE EEKAA +3309;3309;3309;30AA 30F3 30B9;30AA 30F3 30B9; # (㌉; ㌉; ㌉; オンス; オンス; ) SQUARE ONSU +330A;330A;330A;30AA 30FC 30E0;30AA 30FC 30E0; # (㌊; ㌊; ㌊; オーム; オーム; ) SQUARE OOMU +330B;330B;330B;30AB 30A4 30EA;30AB 30A4 30EA; # (㌋; ㌋; ㌋; カイリ; カイリ; ) SQUARE KAIRI +330C;330C;330C;30AB 30E9 30C3 30C8;30AB 30E9 30C3 30C8; # (㌌; ㌌; ㌌; カラット; カラット; ) SQUARE KARATTO +330D;330D;330D;30AB 30ED 30EA 30FC;30AB 30ED 30EA 30FC; # (ãŒ; ãŒ; ãŒ; カロリー; カロリー; ) SQUARE KARORII +330E;330E;330E;30AC 30ED 30F3;30AB 3099 30ED 30F3; # (㌎; ㌎; ㌎; ガロン; カ◌゙ロン; ) SQUARE GARON +330F;330F;330F;30AC 30F3 30DE;30AB 3099 30F3 30DE; # (ãŒ; ãŒ; ãŒ; ガンマ; カ◌゙ンマ; ) SQUARE GANMA +3310;3310;3310;30AE 30AC;30AD 3099 30AB 3099; # (ãŒ; ãŒ; ãŒ; ギガ; キ◌゙カ◌゙; ) SQUARE GIGA +3311;3311;3311;30AE 30CB 30FC;30AD 3099 30CB 30FC; # (㌑; ㌑; ㌑; ギニー; キ◌゙ニー; ) SQUARE GINII +3312;3312;3312;30AD 30E5 30EA 30FC;30AD 30E5 30EA 30FC; # (㌒; ㌒; ㌒; キュリー; キュリー; ) SQUARE KYURII +3313;3313;3313;30AE 30EB 30C0 30FC;30AD 3099 30EB 30BF 3099 30FC; # (㌓; ㌓; ㌓; ギルダー; キ◌゙ルタ◌゙ー; ) SQUARE GIRUDAA +3314;3314;3314;30AD 30ED;30AD 30ED; # (㌔; ㌔; ㌔; キロ; キロ; ) SQUARE KIRO +3315;3315;3315;30AD 30ED 30B0 30E9 30E0;30AD 30ED 30AF 3099 30E9 30E0; # (㌕; ㌕; ㌕; キログラム; キロク◌゙ラム; ) SQUARE KIROGURAMU +3316;3316;3316;30AD 30ED 30E1 30FC 30C8 30EB;30AD 30ED 30E1 30FC 30C8 30EB; # (㌖; ㌖; ㌖; キロメートル; キロメートル; ) SQUARE KIROMEETORU +3317;3317;3317;30AD 30ED 30EF 30C3 30C8;30AD 30ED 30EF 30C3 30C8; # (㌗; ㌗; ㌗; キロワット; キロワット; ) SQUARE KIROWATTO +3318;3318;3318;30B0 30E9 30E0;30AF 3099 30E9 30E0; # (㌘; ㌘; ㌘; グラム; ク◌゙ラム; ) SQUARE GURAMU +3319;3319;3319;30B0 30E9 30E0 30C8 30F3;30AF 3099 30E9 30E0 30C8 30F3; # (㌙; ㌙; ㌙; グラムトン; ク◌゙ラムトン; ) SQUARE GURAMUTON +331A;331A;331A;30AF 30EB 30BC 30A4 30ED;30AF 30EB 30BB 3099 30A4 30ED; # (㌚; ㌚; ㌚; クルゼイロ; クルセ◌゙イロ; ) SQUARE KURUZEIRO +331B;331B;331B;30AF 30ED 30FC 30CD;30AF 30ED 30FC 30CD; # (㌛; ㌛; ㌛; クローãƒ; クローãƒ; ) SQUARE KUROONE +331C;331C;331C;30B1 30FC 30B9;30B1 30FC 30B9; # (㌜; ㌜; ㌜; ケース; ケース; ) SQUARE KEESU +331D;331D;331D;30B3 30EB 30CA;30B3 30EB 30CA; # (ãŒ; ãŒ; ãŒ; コルナ; コルナ; ) SQUARE KORUNA +331E;331E;331E;30B3 30FC 30DD;30B3 30FC 30DB 309A; # (㌞; ㌞; ㌞; コーãƒ; コーホ◌゚; ) SQUARE KOOPO +331F;331F;331F;30B5 30A4 30AF 30EB;30B5 30A4 30AF 30EB; # (㌟; ㌟; ㌟; サイクル; サイクル; ) SQUARE SAIKURU +3320;3320;3320;30B5 30F3 30C1 30FC 30E0;30B5 30F3 30C1 30FC 30E0; # (㌠; ㌠; ㌠; サンãƒãƒ¼ãƒ ; サンãƒãƒ¼ãƒ ; ) SQUARE SANTIIMU +3321;3321;3321;30B7 30EA 30F3 30B0;30B7 30EA 30F3 30AF 3099; # (㌡; ㌡; ㌡; シリング; シリンク◌゙; ) SQUARE SIRINGU +3322;3322;3322;30BB 30F3 30C1;30BB 30F3 30C1; # (㌢; ㌢; ㌢; センãƒ; センãƒ; ) SQUARE SENTI +3323;3323;3323;30BB 30F3 30C8;30BB 30F3 30C8; # (㌣; ㌣; ㌣; セント; セント; ) SQUARE SENTO +3324;3324;3324;30C0 30FC 30B9;30BF 3099 30FC 30B9; # (㌤; ㌤; ㌤; ダース; タ◌゙ース; ) SQUARE DAASU +3325;3325;3325;30C7 30B7;30C6 3099 30B7; # (㌥; ㌥; ㌥; デシ; テ◌゙シ; ) SQUARE DESI +3326;3326;3326;30C9 30EB;30C8 3099 30EB; # (㌦; ㌦; ㌦; ドル; ト◌゙ル; ) SQUARE DORU +3327;3327;3327;30C8 30F3;30C8 30F3; # (㌧; ㌧; ㌧; トン; トン; ) SQUARE TON +3328;3328;3328;30CA 30CE;30CA 30CE; # (㌨; ㌨; ㌨; ナノ; ナノ; ) SQUARE NANO +3329;3329;3329;30CE 30C3 30C8;30CE 30C3 30C8; # (㌩; ㌩; ㌩; ノット; ノット; ) SQUARE NOTTO +332A;332A;332A;30CF 30A4 30C4;30CF 30A4 30C4; # (㌪; ㌪; ㌪; ãƒã‚¤ãƒ„; ãƒã‚¤ãƒ„; ) SQUARE HAITU +332B;332B;332B;30D1 30FC 30BB 30F3 30C8;30CF 309A 30FC 30BB 30F3 30C8; # (㌫; ㌫; ㌫; パーセント; ãƒâ—Œã‚šãƒ¼ã‚»ãƒ³ãƒˆ; ) SQUARE PAASENTO +332C;332C;332C;30D1 30FC 30C4;30CF 309A 30FC 30C4; # (㌬; ㌬; ㌬; パーツ; ãƒâ—Œã‚šãƒ¼ãƒ„; ) SQUARE PAATU +332D;332D;332D;30D0 30FC 30EC 30EB;30CF 3099 30FC 30EC 30EB; # (㌭; ㌭; ㌭; ãƒãƒ¼ãƒ¬ãƒ«; ãƒâ—Œã‚™ãƒ¼ãƒ¬ãƒ«; ) SQUARE BAARERU +332E;332E;332E;30D4 30A2 30B9 30C8 30EB;30D2 309A 30A2 30B9 30C8 30EB; # (㌮; ㌮; ㌮; ピアストル; ヒ◌゚アストル; ) SQUARE PIASUTORU +332F;332F;332F;30D4 30AF 30EB;30D2 309A 30AF 30EB; # (㌯; ㌯; ㌯; ピクル; ヒ◌゚クル; ) SQUARE PIKURU +3330;3330;3330;30D4 30B3;30D2 309A 30B3; # (㌰; ㌰; ㌰; ピコ; ヒ◌゚コ; ) SQUARE PIKO +3331;3331;3331;30D3 30EB;30D2 3099 30EB; # (㌱; ㌱; ㌱; ビル; ヒ◌゙ル; ) SQUARE BIRU +3332;3332;3332;30D5 30A1 30E9 30C3 30C9;30D5 30A1 30E9 30C3 30C8 3099; # (㌲; ㌲; ㌲; ファラッド; ファラット◌゙; ) SQUARE HUARADDO +3333;3333;3333;30D5 30A3 30FC 30C8;30D5 30A3 30FC 30C8; # (㌳; ㌳; ㌳; フィート; フィート; ) SQUARE HUIITO +3334;3334;3334;30D6 30C3 30B7 30A7 30EB;30D5 3099 30C3 30B7 30A7 30EB; # (㌴; ㌴; ㌴; ブッシェル; フ◌゙ッシェル; ) SQUARE BUSSYERU +3335;3335;3335;30D5 30E9 30F3;30D5 30E9 30F3; # (㌵; ㌵; ㌵; フラン; フラン; ) SQUARE HURAN +3336;3336;3336;30D8 30AF 30BF 30FC 30EB;30D8 30AF 30BF 30FC 30EB; # (㌶; ㌶; ㌶; ヘクタール; ヘクタール; ) SQUARE HEKUTAARU +3337;3337;3337;30DA 30BD;30D8 309A 30BD; # (㌷; ㌷; ㌷; ペソ; ヘ◌゚ソ; ) SQUARE PESO +3338;3338;3338;30DA 30CB 30D2;30D8 309A 30CB 30D2; # (㌸; ㌸; ㌸; ペニヒ; ヘ◌゚ニヒ; ) SQUARE PENIHI +3339;3339;3339;30D8 30EB 30C4;30D8 30EB 30C4; # (㌹; ㌹; ㌹; ヘルツ; ヘルツ; ) SQUARE HERUTU +333A;333A;333A;30DA 30F3 30B9;30D8 309A 30F3 30B9; # (㌺; ㌺; ㌺; ペンス; ヘ◌゚ンス; ) SQUARE PENSU +333B;333B;333B;30DA 30FC 30B8;30D8 309A 30FC 30B7 3099; # (㌻; ㌻; ㌻; ページ; ヘ◌゚ーシ◌゙; ) SQUARE PEEZI +333C;333C;333C;30D9 30FC 30BF;30D8 3099 30FC 30BF; # (㌼; ㌼; ㌼; ベータ; ヘ◌゙ータ; ) SQUARE BEETA +333D;333D;333D;30DD 30A4 30F3 30C8;30DB 309A 30A4 30F3 30C8; # (㌽; ㌽; ㌽; ãƒã‚¤ãƒ³ãƒˆ; ホ◌゚イント; ) SQUARE POINTO +333E;333E;333E;30DC 30EB 30C8;30DB 3099 30EB 30C8; # (㌾; ㌾; ㌾; ボルト; ホ◌゙ルト; ) SQUARE BORUTO +333F;333F;333F;30DB 30F3;30DB 30F3; # (㌿; ㌿; ㌿; ホン; ホン; ) SQUARE HON +3340;3340;3340;30DD 30F3 30C9;30DB 309A 30F3 30C8 3099; # (ã€; ã€; ã€; ãƒãƒ³ãƒ‰; ホ◌゚ント◌゙; ) SQUARE PONDO +3341;3341;3341;30DB 30FC 30EB;30DB 30FC 30EB; # (ã; ã; ã; ホール; ホール; ) SQUARE HOORU +3342;3342;3342;30DB 30FC 30F3;30DB 30FC 30F3; # (ã‚; ã‚; ã‚; ホーン; ホーン; ) SQUARE HOON +3343;3343;3343;30DE 30A4 30AF 30ED;30DE 30A4 30AF 30ED; # (ãƒ; ãƒ; ãƒ; マイクロ; マイクロ; ) SQUARE MAIKURO +3344;3344;3344;30DE 30A4 30EB;30DE 30A4 30EB; # (ã„; ã„; ã„; マイル; マイル; ) SQUARE MAIRU +3345;3345;3345;30DE 30C3 30CF;30DE 30C3 30CF; # (ã…; ã…; ã…; マッãƒ; マッãƒ; ) SQUARE MAHHA +3346;3346;3346;30DE 30EB 30AF;30DE 30EB 30AF; # (ã†; ã†; ã†; マルク; マルク; ) SQUARE MARUKU +3347;3347;3347;30DE 30F3 30B7 30E7 30F3;30DE 30F3 30B7 30E7 30F3; # (ã‡; ã‡; ã‡; マンション; マンション; ) SQUARE MANSYON +3348;3348;3348;30DF 30AF 30ED 30F3;30DF 30AF 30ED 30F3; # (ãˆ; ãˆ; ãˆ; ミクロン; ミクロン; ) SQUARE MIKURON +3349;3349;3349;30DF 30EA;30DF 30EA; # (ã‰; ã‰; ã‰; ミリ; ミリ; ) SQUARE MIRI +334A;334A;334A;30DF 30EA 30D0 30FC 30EB;30DF 30EA 30CF 3099 30FC 30EB; # (ãŠ; ãŠ; ãŠ; ミリãƒãƒ¼ãƒ«; ミリãƒâ—Œã‚™ãƒ¼ãƒ«; ) SQUARE MIRIBAARU +334B;334B;334B;30E1 30AC;30E1 30AB 3099; # (ã‹; ã‹; ã‹; メガ; メカ◌゙; ) SQUARE MEGA +334C;334C;334C;30E1 30AC 30C8 30F3;30E1 30AB 3099 30C8 30F3; # (ãŒ; ãŒ; ãŒ; メガトン; メカ◌゙トン; ) SQUARE MEGATON +334D;334D;334D;30E1 30FC 30C8 30EB;30E1 30FC 30C8 30EB; # (ã; ã; ã; メートル; メートル; ) SQUARE MEETORU +334E;334E;334E;30E4 30FC 30C9;30E4 30FC 30C8 3099; # (ãŽ; ãŽ; ãŽ; ヤード; ヤート◌゙; ) SQUARE YAADO +334F;334F;334F;30E4 30FC 30EB;30E4 30FC 30EB; # (ã; ã; ã; ヤール; ヤール; ) SQUARE YAARU +3350;3350;3350;30E6 30A2 30F3;30E6 30A2 30F3; # (ã; ã; ã; ユアン; ユアン; ) SQUARE YUAN +3351;3351;3351;30EA 30C3 30C8 30EB;30EA 30C3 30C8 30EB; # (ã‘; ã‘; ã‘; リットル; リットル; ) SQUARE RITTORU +3352;3352;3352;30EA 30E9;30EA 30E9; # (ã’; ã’; ã’; リラ; リラ; ) SQUARE RIRA +3353;3353;3353;30EB 30D4 30FC;30EB 30D2 309A 30FC; # (ã“; ã“; ã“; ルピー; ルヒ◌゚ー; ) SQUARE RUPII +3354;3354;3354;30EB 30FC 30D6 30EB;30EB 30FC 30D5 3099 30EB; # (ã”; ã”; ã”; ルーブル; ルーフ◌゙ル; ) SQUARE RUUBURU +3355;3355;3355;30EC 30E0;30EC 30E0; # (ã•; ã•; ã•; レム; レム; ) SQUARE REMU +3356;3356;3356;30EC 30F3 30C8 30B2 30F3;30EC 30F3 30C8 30B1 3099 30F3; # (ã–; ã–; ã–; レントゲン; レントケ◌゙ン; ) SQUARE RENTOGEN +3357;3357;3357;30EF 30C3 30C8;30EF 30C3 30C8; # (ã—; ã—; ã—; ワット; ワット; ) SQUARE WATTO +3358;3358;3358;0030 70B9;0030 70B9; # (ã˜; ã˜; ã˜; 0点; 0点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ZERO +3359;3359;3359;0031 70B9;0031 70B9; # (ã™; ã™; ã™; 1点; 1点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ONE +335A;335A;335A;0032 70B9;0032 70B9; # (ãš; ãš; ãš; 2点; 2点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWO +335B;335B;335B;0033 70B9;0033 70B9; # (ã›; ã›; ã›; 3点; 3点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR THREE +335C;335C;335C;0034 70B9;0034 70B9; # (ãœ; ãœ; ãœ; 4点; 4点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FOUR +335D;335D;335D;0035 70B9;0035 70B9; # (ã; ã; ã; 5点; 5点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FIVE +335E;335E;335E;0036 70B9;0036 70B9; # (ãž; ãž; ãž; 6点; 6点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SIX +335F;335F;335F;0037 70B9;0037 70B9; # (ãŸ; ãŸ; ãŸ; 7点; 7点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SEVEN +3360;3360;3360;0038 70B9;0038 70B9; # (ã ; ã ; ã ; 8点; 8点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR EIGHT +3361;3361;3361;0039 70B9;0039 70B9; # (ã¡; ã¡; ã¡; 9点; 9点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR NINE +3362;3362;3362;0031 0030 70B9;0031 0030 70B9; # (ã¢; ã¢; ã¢; 10点; 10点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TEN +3363;3363;3363;0031 0031 70B9;0031 0031 70B9; # (ã£; ã£; ã£; 11点; 11点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ELEVEN +3364;3364;3364;0031 0032 70B9;0031 0032 70B9; # (ã¤; ã¤; ã¤; 12点; 12点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWELVE +3365;3365;3365;0031 0033 70B9;0031 0033 70B9; # (ã¥; ã¥; ã¥; 13点; 13点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR THIRTEEN +3366;3366;3366;0031 0034 70B9;0031 0034 70B9; # (ã¦; ã¦; ã¦; 14点; 14点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FOURTEEN +3367;3367;3367;0031 0035 70B9;0031 0035 70B9; # (ã§; ã§; ã§; 15点; 15点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FIFTEEN +3368;3368;3368;0031 0036 70B9;0031 0036 70B9; # (ã¨; ã¨; ã¨; 16点; 16点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SIXTEEN +3369;3369;3369;0031 0037 70B9;0031 0037 70B9; # (ã©; ã©; ã©; 17点; 17点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SEVENTEEN +336A;336A;336A;0031 0038 70B9;0031 0038 70B9; # (ãª; ãª; ãª; 18点; 18点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR EIGHTEEN +336B;336B;336B;0031 0039 70B9;0031 0039 70B9; # (ã«; ã«; ã«; 19点; 19点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR NINETEEN +336C;336C;336C;0032 0030 70B9;0032 0030 70B9; # (ã¬; ã¬; ã¬; 20点; 20点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY +336D;336D;336D;0032 0031 70B9;0032 0031 70B9; # (ã­; ã­; ã­; 21点; 21点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-ONE +336E;336E;336E;0032 0032 70B9;0032 0032 70B9; # (ã®; ã®; ã®; 22点; 22点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-TWO +336F;336F;336F;0032 0033 70B9;0032 0033 70B9; # (ã¯; ã¯; ã¯; 23点; 23点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-THREE +3370;3370;3370;0032 0034 70B9;0032 0034 70B9; # (ã°; ã°; ã°; 24点; 24点; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-FOUR +3371;3371;3371;0068 0050 0061;0068 0050 0061; # (ã±; ã±; ã±; hPa; hPa; ) SQUARE HPA +3372;3372;3372;0064 0061;0064 0061; # (ã²; ã²; ã²; da; da; ) SQUARE DA +3373;3373;3373;0041 0055;0041 0055; # (ã³; ã³; ã³; AU; AU; ) SQUARE AU +3374;3374;3374;0062 0061 0072;0062 0061 0072; # (ã´; ã´; ã´; bar; bar; ) SQUARE BAR +3375;3375;3375;006F 0056;006F 0056; # (ãµ; ãµ; ãµ; oV; oV; ) SQUARE OV +3376;3376;3376;0070 0063;0070 0063; # (ã¶; ã¶; ã¶; pc; pc; ) SQUARE PC +3377;3377;3377;0064 006D;0064 006D; # (ã·; ã·; ã·; dm; dm; ) SQUARE DM +3378;3378;3378;0064 006D 0032;0064 006D 0032; # (ã¸; ã¸; ã¸; dm2; dm2; ) SQUARE DM SQUARED +3379;3379;3379;0064 006D 0033;0064 006D 0033; # (ã¹; ã¹; ã¹; dm3; dm3; ) SQUARE DM CUBED +337A;337A;337A;0049 0055;0049 0055; # (ãº; ãº; ãº; IU; IU; ) SQUARE IU +337B;337B;337B;5E73 6210;5E73 6210; # (ã»; ã»; ã»; å¹³æˆ; å¹³æˆ; ) SQUARE ERA NAME HEISEI +337C;337C;337C;662D 548C;662D 548C; # (ã¼; ã¼; ã¼; 昭和; 昭和; ) SQUARE ERA NAME SYOUWA +337D;337D;337D;5927 6B63;5927 6B63; # (ã½; ã½; ã½; 大正; 大正; ) SQUARE ERA NAME TAISYOU +337E;337E;337E;660E 6CBB;660E 6CBB; # (ã¾; ã¾; ã¾; 明治; 明治; ) SQUARE ERA NAME MEIZI +337F;337F;337F;682A 5F0F 4F1A 793E;682A 5F0F 4F1A 793E; # (ã¿; ã¿; ã¿; æ ªå¼ä¼šç¤¾; æ ªå¼ä¼šç¤¾; ) SQUARE CORPORATION +3380;3380;3380;0070 0041;0070 0041; # (㎀; ㎀; ㎀; pA; pA; ) SQUARE PA AMPS +3381;3381;3381;006E 0041;006E 0041; # (ãŽ; ãŽ; ãŽ; nA; nA; ) SQUARE NA +3382;3382;3382;03BC 0041;03BC 0041; # (㎂; ㎂; ㎂; μA; μA; ) SQUARE MU A +3383;3383;3383;006D 0041;006D 0041; # (㎃; ㎃; ㎃; mA; mA; ) SQUARE MA +3384;3384;3384;006B 0041;006B 0041; # (㎄; ㎄; ㎄; kA; kA; ) SQUARE KA +3385;3385;3385;004B 0042;004B 0042; # (㎅; ㎅; ㎅; KB; KB; ) SQUARE KB +3386;3386;3386;004D 0042;004D 0042; # (㎆; ㎆; ㎆; MB; MB; ) SQUARE MB +3387;3387;3387;0047 0042;0047 0042; # (㎇; ㎇; ㎇; GB; GB; ) SQUARE GB +3388;3388;3388;0063 0061 006C;0063 0061 006C; # (㎈; ㎈; ㎈; cal; cal; ) SQUARE CAL +3389;3389;3389;006B 0063 0061 006C;006B 0063 0061 006C; # (㎉; ㎉; ㎉; kcal; kcal; ) SQUARE KCAL +338A;338A;338A;0070 0046;0070 0046; # (㎊; ㎊; ㎊; pF; pF; ) SQUARE PF +338B;338B;338B;006E 0046;006E 0046; # (㎋; ㎋; ㎋; nF; nF; ) SQUARE NF +338C;338C;338C;03BC 0046;03BC 0046; # (㎌; ㎌; ㎌; μF; μF; ) SQUARE MU F +338D;338D;338D;03BC 0067;03BC 0067; # (ãŽ; ãŽ; ãŽ; μg; μg; ) SQUARE MU G +338E;338E;338E;006D 0067;006D 0067; # (㎎; ㎎; ㎎; mg; mg; ) SQUARE MG +338F;338F;338F;006B 0067;006B 0067; # (ãŽ; ãŽ; ãŽ; kg; kg; ) SQUARE KG +3390;3390;3390;0048 007A;0048 007A; # (ãŽ; ãŽ; ãŽ; Hz; Hz; ) SQUARE HZ +3391;3391;3391;006B 0048 007A;006B 0048 007A; # (㎑; ㎑; ㎑; kHz; kHz; ) SQUARE KHZ +3392;3392;3392;004D 0048 007A;004D 0048 007A; # (㎒; ㎒; ㎒; MHz; MHz; ) SQUARE MHZ +3393;3393;3393;0047 0048 007A;0047 0048 007A; # (㎓; ㎓; ㎓; GHz; GHz; ) SQUARE GHZ +3394;3394;3394;0054 0048 007A;0054 0048 007A; # (㎔; ㎔; ㎔; THz; THz; ) SQUARE THZ +3395;3395;3395;03BC 006C;03BC 006C; # (㎕; ㎕; ㎕; μl; μl; ) SQUARE MU L +3396;3396;3396;006D 006C;006D 006C; # (㎖; ㎖; ㎖; ml; ml; ) SQUARE ML +3397;3397;3397;0064 006C;0064 006C; # (㎗; ㎗; ㎗; dl; dl; ) SQUARE DL +3398;3398;3398;006B 006C;006B 006C; # (㎘; ㎘; ㎘; kl; kl; ) SQUARE KL +3399;3399;3399;0066 006D;0066 006D; # (㎙; ㎙; ㎙; fm; fm; ) SQUARE FM +339A;339A;339A;006E 006D;006E 006D; # (㎚; ㎚; ㎚; nm; nm; ) SQUARE NM +339B;339B;339B;03BC 006D;03BC 006D; # (㎛; ㎛; ㎛; μm; μm; ) SQUARE MU M +339C;339C;339C;006D 006D;006D 006D; # (㎜; ㎜; ㎜; mm; mm; ) SQUARE MM +339D;339D;339D;0063 006D;0063 006D; # (ãŽ; ãŽ; ãŽ; cm; cm; ) SQUARE CM +339E;339E;339E;006B 006D;006B 006D; # (㎞; ㎞; ㎞; km; km; ) SQUARE KM +339F;339F;339F;006D 006D 0032;006D 006D 0032; # (㎟; ㎟; ㎟; mm2; mm2; ) SQUARE MM SQUARED +33A0;33A0;33A0;0063 006D 0032;0063 006D 0032; # (㎠; ㎠; ㎠; cm2; cm2; ) SQUARE CM SQUARED +33A1;33A1;33A1;006D 0032;006D 0032; # (㎡; ㎡; ㎡; m2; m2; ) SQUARE M SQUARED +33A2;33A2;33A2;006B 006D 0032;006B 006D 0032; # (㎢; ㎢; ㎢; km2; km2; ) SQUARE KM SQUARED +33A3;33A3;33A3;006D 006D 0033;006D 006D 0033; # (㎣; ㎣; ㎣; mm3; mm3; ) SQUARE MM CUBED +33A4;33A4;33A4;0063 006D 0033;0063 006D 0033; # (㎤; ㎤; ㎤; cm3; cm3; ) SQUARE CM CUBED +33A5;33A5;33A5;006D 0033;006D 0033; # (㎥; ㎥; ㎥; m3; m3; ) SQUARE M CUBED +33A6;33A6;33A6;006B 006D 0033;006B 006D 0033; # (㎦; ㎦; ㎦; km3; km3; ) SQUARE KM CUBED +33A7;33A7;33A7;006D 2215 0073;006D 2215 0073; # (㎧; ㎧; ㎧; m∕s; m∕s; ) SQUARE M OVER S +33A8;33A8;33A8;006D 2215 0073 0032;006D 2215 0073 0032; # (㎨; ㎨; ㎨; m∕s2; m∕s2; ) SQUARE M OVER S SQUARED +33A9;33A9;33A9;0050 0061;0050 0061; # (㎩; ㎩; ㎩; Pa; Pa; ) SQUARE PA +33AA;33AA;33AA;006B 0050 0061;006B 0050 0061; # (㎪; ㎪; ㎪; kPa; kPa; ) SQUARE KPA +33AB;33AB;33AB;004D 0050 0061;004D 0050 0061; # (㎫; ㎫; ㎫; MPa; MPa; ) SQUARE MPA +33AC;33AC;33AC;0047 0050 0061;0047 0050 0061; # (㎬; ㎬; ㎬; GPa; GPa; ) SQUARE GPA +33AD;33AD;33AD;0072 0061 0064;0072 0061 0064; # (㎭; ㎭; ㎭; rad; rad; ) SQUARE RAD +33AE;33AE;33AE;0072 0061 0064 2215 0073;0072 0061 0064 2215 0073; # (㎮; ㎮; ㎮; rad∕s; rad∕s; ) SQUARE RAD OVER S +33AF;33AF;33AF;0072 0061 0064 2215 0073 0032;0072 0061 0064 2215 0073 0032; # (㎯; ㎯; ㎯; rad∕s2; rad∕s2; ) SQUARE RAD OVER S SQUARED +33B0;33B0;33B0;0070 0073;0070 0073; # (㎰; ㎰; ㎰; ps; ps; ) SQUARE PS +33B1;33B1;33B1;006E 0073;006E 0073; # (㎱; ㎱; ㎱; ns; ns; ) SQUARE NS +33B2;33B2;33B2;03BC 0073;03BC 0073; # (㎲; ㎲; ㎲; μs; μs; ) SQUARE MU S +33B3;33B3;33B3;006D 0073;006D 0073; # (㎳; ㎳; ㎳; ms; ms; ) SQUARE MS +33B4;33B4;33B4;0070 0056;0070 0056; # (㎴; ㎴; ㎴; pV; pV; ) SQUARE PV +33B5;33B5;33B5;006E 0056;006E 0056; # (㎵; ㎵; ㎵; nV; nV; ) SQUARE NV +33B6;33B6;33B6;03BC 0056;03BC 0056; # (㎶; ㎶; ㎶; μV; μV; ) SQUARE MU V +33B7;33B7;33B7;006D 0056;006D 0056; # (㎷; ㎷; ㎷; mV; mV; ) SQUARE MV +33B8;33B8;33B8;006B 0056;006B 0056; # (㎸; ㎸; ㎸; kV; kV; ) SQUARE KV +33B9;33B9;33B9;004D 0056;004D 0056; # (㎹; ㎹; ㎹; MV; MV; ) SQUARE MV MEGA +33BA;33BA;33BA;0070 0057;0070 0057; # (㎺; ㎺; ㎺; pW; pW; ) SQUARE PW +33BB;33BB;33BB;006E 0057;006E 0057; # (㎻; ㎻; ㎻; nW; nW; ) SQUARE NW +33BC;33BC;33BC;03BC 0057;03BC 0057; # (㎼; ㎼; ㎼; μW; μW; ) SQUARE MU W +33BD;33BD;33BD;006D 0057;006D 0057; # (㎽; ㎽; ㎽; mW; mW; ) SQUARE MW +33BE;33BE;33BE;006B 0057;006B 0057; # (㎾; ㎾; ㎾; kW; kW; ) SQUARE KW +33BF;33BF;33BF;004D 0057;004D 0057; # (㎿; ㎿; ㎿; MW; MW; ) SQUARE MW MEGA +33C0;33C0;33C0;006B 03A9;006B 03A9; # (ã€; ã€; ã€; kΩ; kΩ; ) SQUARE K OHM +33C1;33C1;33C1;004D 03A9;004D 03A9; # (ã; ã; ã; MΩ; MΩ; ) SQUARE M OHM +33C2;33C2;33C2;0061 002E 006D 002E;0061 002E 006D 002E; # (ã‚; ã‚; ã‚; a.m.; a.m.; ) SQUARE AM +33C3;33C3;33C3;0042 0071;0042 0071; # (ãƒ; ãƒ; ãƒ; Bq; Bq; ) SQUARE BQ +33C4;33C4;33C4;0063 0063;0063 0063; # (ã„; ã„; ã„; cc; cc; ) SQUARE CC +33C5;33C5;33C5;0063 0064;0063 0064; # (ã…; ã…; ã…; cd; cd; ) SQUARE CD +33C6;33C6;33C6;0043 2215 006B 0067;0043 2215 006B 0067; # (ã†; ã†; ã†; C∕kg; C∕kg; ) SQUARE C OVER KG +33C7;33C7;33C7;0043 006F 002E;0043 006F 002E; # (ã‡; ã‡; ã‡; Co.; Co.; ) SQUARE CO +33C8;33C8;33C8;0064 0042;0064 0042; # (ãˆ; ãˆ; ãˆ; dB; dB; ) SQUARE DB +33C9;33C9;33C9;0047 0079;0047 0079; # (ã‰; ã‰; ã‰; Gy; Gy; ) SQUARE GY +33CA;33CA;33CA;0068 0061;0068 0061; # (ãŠ; ãŠ; ãŠ; ha; ha; ) SQUARE HA +33CB;33CB;33CB;0048 0050;0048 0050; # (ã‹; ã‹; ã‹; HP; HP; ) SQUARE HP +33CC;33CC;33CC;0069 006E;0069 006E; # (ãŒ; ãŒ; ãŒ; in; in; ) SQUARE IN +33CD;33CD;33CD;004B 004B;004B 004B; # (ã; ã; ã; KK; KK; ) SQUARE KK +33CE;33CE;33CE;004B 004D;004B 004D; # (ãŽ; ãŽ; ãŽ; KM; KM; ) SQUARE KM CAPITAL +33CF;33CF;33CF;006B 0074;006B 0074; # (ã; ã; ã; kt; kt; ) SQUARE KT +33D0;33D0;33D0;006C 006D;006C 006D; # (ã; ã; ã; lm; lm; ) SQUARE LM +33D1;33D1;33D1;006C 006E;006C 006E; # (ã‘; ã‘; ã‘; ln; ln; ) SQUARE LN +33D2;33D2;33D2;006C 006F 0067;006C 006F 0067; # (ã’; ã’; ã’; log; log; ) SQUARE LOG +33D3;33D3;33D3;006C 0078;006C 0078; # (ã“; ã“; ã“; lx; lx; ) SQUARE LX +33D4;33D4;33D4;006D 0062;006D 0062; # (ã”; ã”; ã”; mb; mb; ) SQUARE MB SMALL +33D5;33D5;33D5;006D 0069 006C;006D 0069 006C; # (ã•; ã•; ã•; mil; mil; ) SQUARE MIL +33D6;33D6;33D6;006D 006F 006C;006D 006F 006C; # (ã–; ã–; ã–; mol; mol; ) SQUARE MOL +33D7;33D7;33D7;0050 0048;0050 0048; # (ã—; ã—; ã—; PH; PH; ) SQUARE PH +33D8;33D8;33D8;0070 002E 006D 002E;0070 002E 006D 002E; # (ã˜; ã˜; ã˜; p.m.; p.m.; ) SQUARE PM +33D9;33D9;33D9;0050 0050 004D;0050 0050 004D; # (ã™; ã™; ã™; PPM; PPM; ) SQUARE PPM +33DA;33DA;33DA;0050 0052;0050 0052; # (ãš; ãš; ãš; PR; PR; ) SQUARE PR +33DB;33DB;33DB;0073 0072;0073 0072; # (ã›; ã›; ã›; sr; sr; ) SQUARE SR +33DC;33DC;33DC;0053 0076;0053 0076; # (ãœ; ãœ; ãœ; Sv; Sv; ) SQUARE SV +33DD;33DD;33DD;0057 0062;0057 0062; # (ã; ã; ã; Wb; Wb; ) SQUARE WB +33DE;33DE;33DE;0056 2215 006D;0056 2215 006D; # (ãž; ãž; ãž; V∕m; V∕m; ) SQUARE V OVER M +33DF;33DF;33DF;0041 2215 006D;0041 2215 006D; # (ãŸ; ãŸ; ãŸ; A∕m; A∕m; ) SQUARE A OVER M +33E0;33E0;33E0;0031 65E5;0031 65E5; # (ã ; ã ; ã ; 1æ—¥; 1æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY ONE +33E1;33E1;33E1;0032 65E5;0032 65E5; # (ã¡; ã¡; ã¡; 2æ—¥; 2æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWO +33E2;33E2;33E2;0033 65E5;0033 65E5; # (ã¢; ã¢; ã¢; 3æ—¥; 3æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THREE +33E3;33E3;33E3;0034 65E5;0034 65E5; # (ã£; ã£; ã£; 4æ—¥; 4æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FOUR +33E4;33E4;33E4;0035 65E5;0035 65E5; # (ã¤; ã¤; ã¤; 5æ—¥; 5æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FIVE +33E5;33E5;33E5;0036 65E5;0036 65E5; # (ã¥; ã¥; ã¥; 6æ—¥; 6æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SIX +33E6;33E6;33E6;0037 65E5;0037 65E5; # (ã¦; ã¦; ã¦; 7æ—¥; 7æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SEVEN +33E7;33E7;33E7;0038 65E5;0038 65E5; # (ã§; ã§; ã§; 8æ—¥; 8æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY EIGHT +33E8;33E8;33E8;0039 65E5;0039 65E5; # (ã¨; ã¨; ã¨; 9æ—¥; 9æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY NINE +33E9;33E9;33E9;0031 0030 65E5;0031 0030 65E5; # (ã©; ã©; ã©; 10æ—¥; 10æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TEN +33EA;33EA;33EA;0031 0031 65E5;0031 0031 65E5; # (ãª; ãª; ãª; 11æ—¥; 11æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY ELEVEN +33EB;33EB;33EB;0031 0032 65E5;0031 0032 65E5; # (ã«; ã«; ã«; 12æ—¥; 12æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWELVE +33EC;33EC;33EC;0031 0033 65E5;0031 0033 65E5; # (ã¬; ã¬; ã¬; 13æ—¥; 13æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTEEN +33ED;33ED;33ED;0031 0034 65E5;0031 0034 65E5; # (ã­; ã­; ã­; 14æ—¥; 14æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FOURTEEN +33EE;33EE;33EE;0031 0035 65E5;0031 0035 65E5; # (ã®; ã®; ã®; 15æ—¥; 15æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FIFTEEN +33EF;33EF;33EF;0031 0036 65E5;0031 0036 65E5; # (ã¯; ã¯; ã¯; 16æ—¥; 16æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SIXTEEN +33F0;33F0;33F0;0031 0037 65E5;0031 0037 65E5; # (ã°; ã°; ã°; 17æ—¥; 17æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SEVENTEEN +33F1;33F1;33F1;0031 0038 65E5;0031 0038 65E5; # (ã±; ã±; ã±; 18æ—¥; 18æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY EIGHTEEN +33F2;33F2;33F2;0031 0039 65E5;0031 0039 65E5; # (ã²; ã²; ã²; 19æ—¥; 19æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY NINETEEN +33F3;33F3;33F3;0032 0030 65E5;0032 0030 65E5; # (ã³; ã³; ã³; 20æ—¥; 20æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY +33F4;33F4;33F4;0032 0031 65E5;0032 0031 65E5; # (ã´; ã´; ã´; 21æ—¥; 21æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-ONE +33F5;33F5;33F5;0032 0032 65E5;0032 0032 65E5; # (ãµ; ãµ; ãµ; 22æ—¥; 22æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-TWO +33F6;33F6;33F6;0032 0033 65E5;0032 0033 65E5; # (ã¶; ã¶; ã¶; 23æ—¥; 23æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-THREE +33F7;33F7;33F7;0032 0034 65E5;0032 0034 65E5; # (ã·; ã·; ã·; 24æ—¥; 24æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-FOUR +33F8;33F8;33F8;0032 0035 65E5;0032 0035 65E5; # (ã¸; ã¸; ã¸; 25æ—¥; 25æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-FIVE +33F9;33F9;33F9;0032 0036 65E5;0032 0036 65E5; # (ã¹; ã¹; ã¹; 26æ—¥; 26æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-SIX +33FA;33FA;33FA;0032 0037 65E5;0032 0037 65E5; # (ãº; ãº; ãº; 27æ—¥; 27æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-SEVEN +33FB;33FB;33FB;0032 0038 65E5;0032 0038 65E5; # (ã»; ã»; ã»; 28æ—¥; 28æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-EIGHT +33FC;33FC;33FC;0032 0039 65E5;0032 0039 65E5; # (ã¼; ã¼; ã¼; 29æ—¥; 29æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-NINE +33FD;33FD;33FD;0033 0030 65E5;0033 0030 65E5; # (ã½; ã½; ã½; 30æ—¥; 30æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTY +33FE;33FE;33FE;0033 0031 65E5;0033 0031 65E5; # (ã¾; ã¾; ã¾; 31æ—¥; 31æ—¥; ) IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTY-ONE +33FF;33FF;33FF;0067 0061 006C;0067 0061 006C; # (ã¿; ã¿; ã¿; gal; gal; ) SQUARE GAL +AC00;AC00;1100 1161;AC00;1100 1161; # (ê°€; ê°€; 가; ê°€; 가; ) HANGUL SYLLABLE GA +AC01;AC01;1100 1161 11A8;AC01;1100 1161 11A8; # (ê°; ê°; 각; ê°; 각; ) HANGUL SYLLABLE GAG +AC02;AC02;1100 1161 11A9;AC02;1100 1161 11A9; # (ê°‚; ê°‚; 갂; ê°‚; 갂; ) HANGUL SYLLABLE GAGG +AC03;AC03;1100 1161 11AA;AC03;1100 1161 11AA; # (ê°ƒ; ê°ƒ; 갃; ê°ƒ; 갃; ) HANGUL SYLLABLE GAGS +AC04;AC04;1100 1161 11AB;AC04;1100 1161 11AB; # (ê°„; ê°„; 간; ê°„; 간; ) HANGUL SYLLABLE GAN +AC05;AC05;1100 1161 11AC;AC05;1100 1161 11AC; # (ê°…; ê°…; 갅; ê°…; 갅; ) HANGUL SYLLABLE GANJ +AC06;AC06;1100 1161 11AD;AC06;1100 1161 11AD; # (ê°†; ê°†; 갆; ê°†; 갆; ) HANGUL SYLLABLE GANH +AC07;AC07;1100 1161 11AE;AC07;1100 1161 11AE; # (ê°‡; ê°‡; 갇; ê°‡; 갇; ) HANGUL SYLLABLE GAD +AC08;AC08;1100 1161 11AF;AC08;1100 1161 11AF; # (ê°ˆ; ê°ˆ; 갈; ê°ˆ; 갈; ) HANGUL SYLLABLE GAL +AC09;AC09;1100 1161 11B0;AC09;1100 1161 11B0; # (ê°‰; ê°‰; 갉; ê°‰; 갉; ) HANGUL SYLLABLE GALG +AC0A;AC0A;1100 1161 11B1;AC0A;1100 1161 11B1; # (ê°Š; ê°Š; 갊; ê°Š; 갊; ) HANGUL SYLLABLE GALM +AC0B;AC0B;1100 1161 11B2;AC0B;1100 1161 11B2; # (ê°‹; ê°‹; 갋; ê°‹; 갋; ) HANGUL SYLLABLE GALB +AC0C;AC0C;1100 1161 11B3;AC0C;1100 1161 11B3; # (ê°Œ; ê°Œ; 갌; ê°Œ; 갌; ) HANGUL SYLLABLE GALS +AC0D;AC0D;1100 1161 11B4;AC0D;1100 1161 11B4; # (ê°; ê°; 갍; ê°; 갍; ) HANGUL SYLLABLE GALT +AC0E;AC0E;1100 1161 11B5;AC0E;1100 1161 11B5; # (ê°Ž; ê°Ž; 갎; ê°Ž; 갎; ) HANGUL SYLLABLE GALP +AC0F;AC0F;1100 1161 11B6;AC0F;1100 1161 11B6; # (ê°; ê°; 갏; ê°; 갏; ) HANGUL SYLLABLE GALH +AC10;AC10;1100 1161 11B7;AC10;1100 1161 11B7; # (ê°; ê°; 감; ê°; 감; ) HANGUL SYLLABLE GAM +AC11;AC11;1100 1161 11B8;AC11;1100 1161 11B8; # (ê°‘; ê°‘; 갑; ê°‘; 갑; ) HANGUL SYLLABLE GAB +AC12;AC12;1100 1161 11B9;AC12;1100 1161 11B9; # (ê°’; ê°’; 값; ê°’; 값; ) HANGUL SYLLABLE GABS +AC13;AC13;1100 1161 11BA;AC13;1100 1161 11BA; # (ê°“; ê°“; 갓; ê°“; 갓; ) HANGUL SYLLABLE GAS +AC14;AC14;1100 1161 11BB;AC14;1100 1161 11BB; # (ê°”; ê°”; 갔; ê°”; 갔; ) HANGUL SYLLABLE GASS +AC15;AC15;1100 1161 11BC;AC15;1100 1161 11BC; # (ê°•; ê°•; 강; ê°•; 강; ) HANGUL SYLLABLE GANG +AC16;AC16;1100 1161 11BD;AC16;1100 1161 11BD; # (ê°–; ê°–; 갖; ê°–; 갖; ) HANGUL SYLLABLE GAJ +AC17;AC17;1100 1161 11BE;AC17;1100 1161 11BE; # (ê°—; ê°—; 갗; ê°—; 갗; ) HANGUL SYLLABLE GAC +AC18;AC18;1100 1161 11BF;AC18;1100 1161 11BF; # (ê°˜; ê°˜; 갘; ê°˜; 갘; ) HANGUL SYLLABLE GAK +AC19;AC19;1100 1161 11C0;AC19;1100 1161 11C0; # (ê°™; ê°™; 같; ê°™; 같; ) HANGUL SYLLABLE GAT +AC1A;AC1A;1100 1161 11C1;AC1A;1100 1161 11C1; # (ê°š; ê°š; 가á‡; ê°š; 가á‡; ) HANGUL SYLLABLE GAP +AC1B;AC1B;1100 1161 11C2;AC1B;1100 1161 11C2; # (ê°›; ê°›; 갛; ê°›; 갛; ) HANGUL SYLLABLE GAH +AC1C;AC1C;1100 1162;AC1C;1100 1162; # (ê°œ; ê°œ; 개; ê°œ; 개; ) HANGUL SYLLABLE GAE +AC1D;AC1D;1100 1162 11A8;AC1D;1100 1162 11A8; # (ê°; ê°; 객; ê°; 객; ) HANGUL SYLLABLE GAEG +AC1E;AC1E;1100 1162 11A9;AC1E;1100 1162 11A9; # (ê°ž; ê°ž; 갞; ê°ž; 갞; ) HANGUL SYLLABLE GAEGG +AC1F;AC1F;1100 1162 11AA;AC1F;1100 1162 11AA; # (ê°Ÿ; ê°Ÿ; 갟; ê°Ÿ; 갟; ) HANGUL SYLLABLE GAEGS +AC20;AC20;1100 1162 11AB;AC20;1100 1162 11AB; # (ê° ; ê° ; 갠; ê° ; 갠; ) HANGUL SYLLABLE GAEN +AC21;AC21;1100 1162 11AC;AC21;1100 1162 11AC; # (ê°¡; ê°¡; 갡; ê°¡; 갡; ) HANGUL SYLLABLE GAENJ +AC22;AC22;1100 1162 11AD;AC22;1100 1162 11AD; # (ê°¢; ê°¢; 갢; ê°¢; 갢; ) HANGUL SYLLABLE GAENH +AC23;AC23;1100 1162 11AE;AC23;1100 1162 11AE; # (ê°£; ê°£; 갣; ê°£; 갣; ) HANGUL SYLLABLE GAED +AC24;AC24;1100 1162 11AF;AC24;1100 1162 11AF; # (ê°¤; ê°¤; 갤; ê°¤; 갤; ) HANGUL SYLLABLE GAEL +AC25;AC25;1100 1162 11B0;AC25;1100 1162 11B0; # (ê°¥; ê°¥; 갥; ê°¥; 갥; ) HANGUL SYLLABLE GAELG +AC26;AC26;1100 1162 11B1;AC26;1100 1162 11B1; # (ê°¦; ê°¦; 갦; ê°¦; 갦; ) HANGUL SYLLABLE GAELM +AC27;AC27;1100 1162 11B2;AC27;1100 1162 11B2; # (ê°§; ê°§; 갧; ê°§; 갧; ) HANGUL SYLLABLE GAELB +AC28;AC28;1100 1162 11B3;AC28;1100 1162 11B3; # (ê°¨; ê°¨; 갨; ê°¨; 갨; ) HANGUL SYLLABLE GAELS +AC29;AC29;1100 1162 11B4;AC29;1100 1162 11B4; # (ê°©; ê°©; 갩; ê°©; 갩; ) HANGUL SYLLABLE GAELT +AC2A;AC2A;1100 1162 11B5;AC2A;1100 1162 11B5; # (ê°ª; ê°ª; 갪; ê°ª; 갪; ) HANGUL SYLLABLE GAELP +AC2B;AC2B;1100 1162 11B6;AC2B;1100 1162 11B6; # (ê°«; ê°«; 갫; ê°«; 갫; ) HANGUL SYLLABLE GAELH +AC2C;AC2C;1100 1162 11B7;AC2C;1100 1162 11B7; # (ê°¬; ê°¬; 갬; ê°¬; 갬; ) HANGUL SYLLABLE GAEM +AC2D;AC2D;1100 1162 11B8;AC2D;1100 1162 11B8; # (ê°­; ê°­; 갭; ê°­; 갭; ) HANGUL SYLLABLE GAEB +AC2E;AC2E;1100 1162 11B9;AC2E;1100 1162 11B9; # (ê°®; ê°®; 갮; ê°®; 갮; ) HANGUL SYLLABLE GAEBS +AC2F;AC2F;1100 1162 11BA;AC2F;1100 1162 11BA; # (ê°¯; ê°¯; 갯; ê°¯; 갯; ) HANGUL SYLLABLE GAES +AC30;AC30;1100 1162 11BB;AC30;1100 1162 11BB; # (ê°°; ê°°; 갰; ê°°; 갰; ) HANGUL SYLLABLE GAESS +AC31;AC31;1100 1162 11BC;AC31;1100 1162 11BC; # (ê°±; ê°±; 갱; ê°±; 갱; ) HANGUL SYLLABLE GAENG +AC32;AC32;1100 1162 11BD;AC32;1100 1162 11BD; # (ê°²; ê°²; 갲; ê°²; 갲; ) HANGUL SYLLABLE GAEJ +AC33;AC33;1100 1162 11BE;AC33;1100 1162 11BE; # (ê°³; ê°³; 갳; ê°³; 갳; ) HANGUL SYLLABLE GAEC +AC34;AC34;1100 1162 11BF;AC34;1100 1162 11BF; # (ê°´; ê°´; 갴; ê°´; 갴; ) HANGUL SYLLABLE GAEK +AC35;AC35;1100 1162 11C0;AC35;1100 1162 11C0; # (ê°µ; ê°µ; 갵; ê°µ; 갵; ) HANGUL SYLLABLE GAET +AC36;AC36;1100 1162 11C1;AC36;1100 1162 11C1; # (ê°¶; ê°¶; 개á‡; ê°¶; 개á‡; ) HANGUL SYLLABLE GAEP +AC37;AC37;1100 1162 11C2;AC37;1100 1162 11C2; # (ê°·; ê°·; 갷; ê°·; 갷; ) HANGUL SYLLABLE GAEH +AC38;AC38;1100 1163;AC38;1100 1163; # (ê°¸; ê°¸; 갸; ê°¸; 갸; ) HANGUL SYLLABLE GYA +AC39;AC39;1100 1163 11A8;AC39;1100 1163 11A8; # (ê°¹; ê°¹; 갹; ê°¹; 갹; ) HANGUL SYLLABLE GYAG +AC3A;AC3A;1100 1163 11A9;AC3A;1100 1163 11A9; # (ê°º; ê°º; 갺; ê°º; 갺; ) HANGUL SYLLABLE GYAGG +AC3B;AC3B;1100 1163 11AA;AC3B;1100 1163 11AA; # (ê°»; ê°»; 갻; ê°»; 갻; ) HANGUL SYLLABLE GYAGS +AC3C;AC3C;1100 1163 11AB;AC3C;1100 1163 11AB; # (ê°¼; ê°¼; 갼; ê°¼; 갼; ) HANGUL SYLLABLE GYAN +AC3D;AC3D;1100 1163 11AC;AC3D;1100 1163 11AC; # (ê°½; ê°½; 갽; ê°½; 갽; ) HANGUL SYLLABLE GYANJ +AC3E;AC3E;1100 1163 11AD;AC3E;1100 1163 11AD; # (ê°¾; ê°¾; 갾; ê°¾; 갾; ) HANGUL SYLLABLE GYANH +AC3F;AC3F;1100 1163 11AE;AC3F;1100 1163 11AE; # (ê°¿; ê°¿; 갿; ê°¿; 갿; ) HANGUL SYLLABLE GYAD +AC40;AC40;1100 1163 11AF;AC40;1100 1163 11AF; # (ê±€; ê±€; 걀; ê±€; 걀; ) HANGUL SYLLABLE GYAL +AC41;AC41;1100 1163 11B0;AC41;1100 1163 11B0; # (ê±; ê±; 걁; ê±; 걁; ) HANGUL SYLLABLE GYALG +AC42;AC42;1100 1163 11B1;AC42;1100 1163 11B1; # (걂; 걂; 걂; 걂; 걂; ) HANGUL SYLLABLE GYALM +AC43;AC43;1100 1163 11B2;AC43;1100 1163 11B2; # (걃; 걃; 걃; 걃; 걃; ) HANGUL SYLLABLE GYALB +AC44;AC44;1100 1163 11B3;AC44;1100 1163 11B3; # (걄; 걄; 걄; 걄; 걄; ) HANGUL SYLLABLE GYALS +AC45;AC45;1100 1163 11B4;AC45;1100 1163 11B4; # (ê±…; ê±…; 걅; ê±…; 걅; ) HANGUL SYLLABLE GYALT +AC46;AC46;1100 1163 11B5;AC46;1100 1163 11B5; # (걆; 걆; 걆; 걆; 걆; ) HANGUL SYLLABLE GYALP +AC47;AC47;1100 1163 11B6;AC47;1100 1163 11B6; # (걇; 걇; 걇; 걇; 걇; ) HANGUL SYLLABLE GYALH +AC48;AC48;1100 1163 11B7;AC48;1100 1163 11B7; # (걈; 걈; 걈; 걈; 걈; ) HANGUL SYLLABLE GYAM +AC49;AC49;1100 1163 11B8;AC49;1100 1163 11B8; # (걉; 걉; 걉; 걉; 걉; ) HANGUL SYLLABLE GYAB +AC4A;AC4A;1100 1163 11B9;AC4A;1100 1163 11B9; # (걊; 걊; 걊; 걊; 걊; ) HANGUL SYLLABLE GYABS +AC4B;AC4B;1100 1163 11BA;AC4B;1100 1163 11BA; # (걋; 걋; 걋; 걋; 걋; ) HANGUL SYLLABLE GYAS +AC4C;AC4C;1100 1163 11BB;AC4C;1100 1163 11BB; # (걌; 걌; 걌; 걌; 걌; ) HANGUL SYLLABLE GYASS +AC4D;AC4D;1100 1163 11BC;AC4D;1100 1163 11BC; # (ê±; ê±; 걍; ê±; 걍; ) HANGUL SYLLABLE GYANG +AC4E;AC4E;1100 1163 11BD;AC4E;1100 1163 11BD; # (걎; 걎; 걎; 걎; 걎; ) HANGUL SYLLABLE GYAJ +AC4F;AC4F;1100 1163 11BE;AC4F;1100 1163 11BE; # (ê±; ê±; 걏; ê±; 걏; ) HANGUL SYLLABLE GYAC +AC50;AC50;1100 1163 11BF;AC50;1100 1163 11BF; # (ê±; ê±; 걐; ê±; 걐; ) HANGUL SYLLABLE GYAK +AC51;AC51;1100 1163 11C0;AC51;1100 1163 11C0; # (걑; 걑; 걑; 걑; 걑; ) HANGUL SYLLABLE GYAT +AC52;AC52;1100 1163 11C1;AC52;1100 1163 11C1; # (ê±’; ê±’; 갸á‡; ê±’; 갸á‡; ) HANGUL SYLLABLE GYAP +AC53;AC53;1100 1163 11C2;AC53;1100 1163 11C2; # (걓; 걓; 걓; 걓; 걓; ) HANGUL SYLLABLE GYAH +AC54;AC54;1100 1164;AC54;1100 1164; # (ê±”; ê±”; 걔; ê±”; 걔; ) HANGUL SYLLABLE GYAE +AC55;AC55;1100 1164 11A8;AC55;1100 1164 11A8; # (걕; 걕; 걕; 걕; 걕; ) HANGUL SYLLABLE GYAEG +AC56;AC56;1100 1164 11A9;AC56;1100 1164 11A9; # (ê±–; ê±–; 걖; ê±–; 걖; ) HANGUL SYLLABLE GYAEGG +AC57;AC57;1100 1164 11AA;AC57;1100 1164 11AA; # (ê±—; ê±—; 걗; ê±—; 걗; ) HANGUL SYLLABLE GYAEGS +AC58;AC58;1100 1164 11AB;AC58;1100 1164 11AB; # (걘; 걘; 걘; 걘; 걘; ) HANGUL SYLLABLE GYAEN +AC59;AC59;1100 1164 11AC;AC59;1100 1164 11AC; # (ê±™; ê±™; 걙; ê±™; 걙; ) HANGUL SYLLABLE GYAENJ +AC5A;AC5A;1100 1164 11AD;AC5A;1100 1164 11AD; # (걚; 걚; 걚; 걚; 걚; ) HANGUL SYLLABLE GYAENH +AC5B;AC5B;1100 1164 11AE;AC5B;1100 1164 11AE; # (ê±›; ê±›; 걛; ê±›; 걛; ) HANGUL SYLLABLE GYAED +AC5C;AC5C;1100 1164 11AF;AC5C;1100 1164 11AF; # (걜; 걜; 걜; 걜; 걜; ) HANGUL SYLLABLE GYAEL +AC5D;AC5D;1100 1164 11B0;AC5D;1100 1164 11B0; # (ê±; ê±; 걝; ê±; 걝; ) HANGUL SYLLABLE GYAELG +AC5E;AC5E;1100 1164 11B1;AC5E;1100 1164 11B1; # (걞; 걞; 걞; 걞; 걞; ) HANGUL SYLLABLE GYAELM +AC5F;AC5F;1100 1164 11B2;AC5F;1100 1164 11B2; # (걟; 걟; 걟; 걟; 걟; ) HANGUL SYLLABLE GYAELB +AC60;AC60;1100 1164 11B3;AC60;1100 1164 11B3; # (ê± ; ê± ; 걠; ê± ; 걠; ) HANGUL SYLLABLE GYAELS +AC61;AC61;1100 1164 11B4;AC61;1100 1164 11B4; # (걡; 걡; 걡; 걡; 걡; ) HANGUL SYLLABLE GYAELT +AC62;AC62;1100 1164 11B5;AC62;1100 1164 11B5; # (ê±¢; ê±¢; 걢; ê±¢; 걢; ) HANGUL SYLLABLE GYAELP +AC63;AC63;1100 1164 11B6;AC63;1100 1164 11B6; # (ê±£; ê±£; 걣; ê±£; 걣; ) HANGUL SYLLABLE GYAELH +AC64;AC64;1100 1164 11B7;AC64;1100 1164 11B7; # (걤; 걤; 걤; 걤; 걤; ) HANGUL SYLLABLE GYAEM +AC65;AC65;1100 1164 11B8;AC65;1100 1164 11B8; # (ê±¥; ê±¥; 걥; ê±¥; 걥; ) HANGUL SYLLABLE GYAEB +AC66;AC66;1100 1164 11B9;AC66;1100 1164 11B9; # (걦; 걦; 걦; 걦; 걦; ) HANGUL SYLLABLE GYAEBS +AC67;AC67;1100 1164 11BA;AC67;1100 1164 11BA; # (걧; 걧; 걧; 걧; 걧; ) HANGUL SYLLABLE GYAES +AC68;AC68;1100 1164 11BB;AC68;1100 1164 11BB; # (걨; 걨; 걨; 걨; 걨; ) HANGUL SYLLABLE GYAESS +AC69;AC69;1100 1164 11BC;AC69;1100 1164 11BC; # (걩; 걩; 걩; 걩; 걩; ) HANGUL SYLLABLE GYAENG +AC6A;AC6A;1100 1164 11BD;AC6A;1100 1164 11BD; # (걪; 걪; 걪; 걪; 걪; ) HANGUL SYLLABLE GYAEJ +AC6B;AC6B;1100 1164 11BE;AC6B;1100 1164 11BE; # (걫; 걫; 걫; 걫; 걫; ) HANGUL SYLLABLE GYAEC +AC6C;AC6C;1100 1164 11BF;AC6C;1100 1164 11BF; # (걬; 걬; 걬; 걬; 걬; ) HANGUL SYLLABLE GYAEK +AC6D;AC6D;1100 1164 11C0;AC6D;1100 1164 11C0; # (ê±­; ê±­; 걭; ê±­; 걭; ) HANGUL SYLLABLE GYAET +AC6E;AC6E;1100 1164 11C1;AC6E;1100 1164 11C1; # (ê±®; ê±®; 걔á‡; ê±®; 걔á‡; ) HANGUL SYLLABLE GYAEP +AC6F;AC6F;1100 1164 11C2;AC6F;1100 1164 11C2; # (걯; 걯; 걯; 걯; 걯; ) HANGUL SYLLABLE GYAEH +AC70;AC70;1100 1165;AC70;1100 1165; # (ê±°; ê±°; 거; ê±°; 거; ) HANGUL SYLLABLE GEO +AC71;AC71;1100 1165 11A8;AC71;1100 1165 11A8; # (ê±±; ê±±; 걱; ê±±; 걱; ) HANGUL SYLLABLE GEOG +AC72;AC72;1100 1165 11A9;AC72;1100 1165 11A9; # (ê±²; ê±²; 걲; ê±²; 걲; ) HANGUL SYLLABLE GEOGG +AC73;AC73;1100 1165 11AA;AC73;1100 1165 11AA; # (ê±³; ê±³; 걳; ê±³; 걳; ) HANGUL SYLLABLE GEOGS +AC74;AC74;1100 1165 11AB;AC74;1100 1165 11AB; # (ê±´; ê±´; 건; ê±´; 건; ) HANGUL SYLLABLE GEON +AC75;AC75;1100 1165 11AC;AC75;1100 1165 11AC; # (ê±µ; ê±µ; 걵; ê±µ; 걵; ) HANGUL SYLLABLE GEONJ +AC76;AC76;1100 1165 11AD;AC76;1100 1165 11AD; # (걶; 걶; 걶; 걶; 걶; ) HANGUL SYLLABLE GEONH +AC77;AC77;1100 1165 11AE;AC77;1100 1165 11AE; # (ê±·; ê±·; 걷; ê±·; 걷; ) HANGUL SYLLABLE GEOD +AC78;AC78;1100 1165 11AF;AC78;1100 1165 11AF; # (걸; 걸; 걸; 걸; 걸; ) HANGUL SYLLABLE GEOL +AC79;AC79;1100 1165 11B0;AC79;1100 1165 11B0; # (ê±¹; ê±¹; 걹; ê±¹; 걹; ) HANGUL SYLLABLE GEOLG +AC7A;AC7A;1100 1165 11B1;AC7A;1100 1165 11B1; # (걺; 걺; 걺; 걺; 걺; ) HANGUL SYLLABLE GEOLM +AC7B;AC7B;1100 1165 11B2;AC7B;1100 1165 11B2; # (ê±»; ê±»; 걻; ê±»; 걻; ) HANGUL SYLLABLE GEOLB +AC7C;AC7C;1100 1165 11B3;AC7C;1100 1165 11B3; # (ê±¼; ê±¼; 걼; ê±¼; 걼; ) HANGUL SYLLABLE GEOLS +AC7D;AC7D;1100 1165 11B4;AC7D;1100 1165 11B4; # (ê±½; ê±½; 걽; ê±½; 걽; ) HANGUL SYLLABLE GEOLT +AC7E;AC7E;1100 1165 11B5;AC7E;1100 1165 11B5; # (ê±¾; ê±¾; 걾; ê±¾; 걾; ) HANGUL SYLLABLE GEOLP +AC7F;AC7F;1100 1165 11B6;AC7F;1100 1165 11B6; # (걿; 걿; 걿; 걿; 걿; ) HANGUL SYLLABLE GEOLH +AC80;AC80;1100 1165 11B7;AC80;1100 1165 11B7; # (ê²€; ê²€; 검; ê²€; 검; ) HANGUL SYLLABLE GEOM +AC81;AC81;1100 1165 11B8;AC81;1100 1165 11B8; # (ê²; ê²; 겁; ê²; 겁; ) HANGUL SYLLABLE GEOB +AC82;AC82;1100 1165 11B9;AC82;1100 1165 11B9; # (겂; 겂; 겂; 겂; 겂; ) HANGUL SYLLABLE GEOBS +AC83;AC83;1100 1165 11BA;AC83;1100 1165 11BA; # (것; 것; 것; 것; 것; ) HANGUL SYLLABLE GEOS +AC84;AC84;1100 1165 11BB;AC84;1100 1165 11BB; # (겄; 겄; 겄; 겄; 겄; ) HANGUL SYLLABLE GEOSS +AC85;AC85;1100 1165 11BC;AC85;1100 1165 11BC; # (ê²…; ê²…; 겅; ê²…; 겅; ) HANGUL SYLLABLE GEONG +AC86;AC86;1100 1165 11BD;AC86;1100 1165 11BD; # (겆; 겆; 겆; 겆; 겆; ) HANGUL SYLLABLE GEOJ +AC87;AC87;1100 1165 11BE;AC87;1100 1165 11BE; # (겇; 겇; 겇; 겇; 겇; ) HANGUL SYLLABLE GEOC +AC88;AC88;1100 1165 11BF;AC88;1100 1165 11BF; # (겈; 겈; 겈; 겈; 겈; ) HANGUL SYLLABLE GEOK +AC89;AC89;1100 1165 11C0;AC89;1100 1165 11C0; # (겉; 겉; 겉; 겉; 겉; ) HANGUL SYLLABLE GEOT +AC8A;AC8A;1100 1165 11C1;AC8A;1100 1165 11C1; # (겊; 겊; 거á‡; 겊; 거á‡; ) HANGUL SYLLABLE GEOP +AC8B;AC8B;1100 1165 11C2;AC8B;1100 1165 11C2; # (겋; 겋; 겋; 겋; 겋; ) HANGUL SYLLABLE GEOH +AC8C;AC8C;1100 1166;AC8C;1100 1166; # (게; 게; 게; 게; 게; ) HANGUL SYLLABLE GE +AC8D;AC8D;1100 1166 11A8;AC8D;1100 1166 11A8; # (ê²; ê²; 겍; ê²; 겍; ) HANGUL SYLLABLE GEG +AC8E;AC8E;1100 1166 11A9;AC8E;1100 1166 11A9; # (겎; 겎; 겎; 겎; 겎; ) HANGUL SYLLABLE GEGG +AC8F;AC8F;1100 1166 11AA;AC8F;1100 1166 11AA; # (ê²; ê²; 겏; ê²; 겏; ) HANGUL SYLLABLE GEGS +AC90;AC90;1100 1166 11AB;AC90;1100 1166 11AB; # (ê²; ê²; 겐; ê²; 겐; ) HANGUL SYLLABLE GEN +AC91;AC91;1100 1166 11AC;AC91;1100 1166 11AC; # (겑; 겑; 겑; 겑; 겑; ) HANGUL SYLLABLE GENJ +AC92;AC92;1100 1166 11AD;AC92;1100 1166 11AD; # (ê²’; ê²’; 겒; ê²’; 겒; ) HANGUL SYLLABLE GENH +AC93;AC93;1100 1166 11AE;AC93;1100 1166 11AE; # (겓; 겓; 겓; 겓; 겓; ) HANGUL SYLLABLE GED +AC94;AC94;1100 1166 11AF;AC94;1100 1166 11AF; # (ê²”; ê²”; 겔; ê²”; 겔; ) HANGUL SYLLABLE GEL +AC95;AC95;1100 1166 11B0;AC95;1100 1166 11B0; # (겕; 겕; 겕; 겕; 겕; ) HANGUL SYLLABLE GELG +AC96;AC96;1100 1166 11B1;AC96;1100 1166 11B1; # (ê²–; ê²–; 겖; ê²–; 겖; ) HANGUL SYLLABLE GELM +AC97;AC97;1100 1166 11B2;AC97;1100 1166 11B2; # (ê²—; ê²—; 겗; ê²—; 겗; ) HANGUL SYLLABLE GELB +AC98;AC98;1100 1166 11B3;AC98;1100 1166 11B3; # (겘; 겘; 겘; 겘; 겘; ) HANGUL SYLLABLE GELS +AC99;AC99;1100 1166 11B4;AC99;1100 1166 11B4; # (ê²™; ê²™; 겙; ê²™; 겙; ) HANGUL SYLLABLE GELT +AC9A;AC9A;1100 1166 11B5;AC9A;1100 1166 11B5; # (겚; 겚; 겚; 겚; 겚; ) HANGUL SYLLABLE GELP +AC9B;AC9B;1100 1166 11B6;AC9B;1100 1166 11B6; # (ê²›; ê²›; 겛; ê²›; 겛; ) HANGUL SYLLABLE GELH +AC9C;AC9C;1100 1166 11B7;AC9C;1100 1166 11B7; # (겜; 겜; 겜; 겜; 겜; ) HANGUL SYLLABLE GEM +AC9D;AC9D;1100 1166 11B8;AC9D;1100 1166 11B8; # (ê²; ê²; 겝; ê²; 겝; ) HANGUL SYLLABLE GEB +AC9E;AC9E;1100 1166 11B9;AC9E;1100 1166 11B9; # (겞; 겞; 겞; 겞; 겞; ) HANGUL SYLLABLE GEBS +AC9F;AC9F;1100 1166 11BA;AC9F;1100 1166 11BA; # (겟; 겟; 겟; 겟; 겟; ) HANGUL SYLLABLE GES +ACA0;ACA0;1100 1166 11BB;ACA0;1100 1166 11BB; # (ê² ; ê² ; 겠; ê² ; 겠; ) HANGUL SYLLABLE GESS +ACA1;ACA1;1100 1166 11BC;ACA1;1100 1166 11BC; # (겡; 겡; 겡; 겡; 겡; ) HANGUL SYLLABLE GENG +ACA2;ACA2;1100 1166 11BD;ACA2;1100 1166 11BD; # (ê²¢; ê²¢; 겢; ê²¢; 겢; ) HANGUL SYLLABLE GEJ +ACA3;ACA3;1100 1166 11BE;ACA3;1100 1166 11BE; # (ê²£; ê²£; 겣; ê²£; 겣; ) HANGUL SYLLABLE GEC +ACA4;ACA4;1100 1166 11BF;ACA4;1100 1166 11BF; # (겤; 겤; 겤; 겤; 겤; ) HANGUL SYLLABLE GEK +ACA5;ACA5;1100 1166 11C0;ACA5;1100 1166 11C0; # (ê²¥; ê²¥; 겥; ê²¥; 겥; ) HANGUL SYLLABLE GET +ACA6;ACA6;1100 1166 11C1;ACA6;1100 1166 11C1; # (겦; 겦; 게á‡; 겦; 게á‡; ) HANGUL SYLLABLE GEP +ACA7;ACA7;1100 1166 11C2;ACA7;1100 1166 11C2; # (겧; 겧; 겧; 겧; 겧; ) HANGUL SYLLABLE GEH +ACA8;ACA8;1100 1167;ACA8;1100 1167; # (겨; 겨; 겨; 겨; 겨; ) HANGUL SYLLABLE GYEO +ACA9;ACA9;1100 1167 11A8;ACA9;1100 1167 11A8; # (격; 격; 격; 격; 격; ) HANGUL SYLLABLE GYEOG +ACAA;ACAA;1100 1167 11A9;ACAA;1100 1167 11A9; # (겪; 겪; 겪; 겪; 겪; ) HANGUL SYLLABLE GYEOGG +ACAB;ACAB;1100 1167 11AA;ACAB;1100 1167 11AA; # (겫; 겫; 겫; 겫; 겫; ) HANGUL SYLLABLE GYEOGS +ACAC;ACAC;1100 1167 11AB;ACAC;1100 1167 11AB; # (견; 견; 견; 견; 견; ) HANGUL SYLLABLE GYEON +ACAD;ACAD;1100 1167 11AC;ACAD;1100 1167 11AC; # (ê²­; ê²­; 겭; ê²­; 겭; ) HANGUL SYLLABLE GYEONJ +ACAE;ACAE;1100 1167 11AD;ACAE;1100 1167 11AD; # (ê²®; ê²®; 겮; ê²®; 겮; ) HANGUL SYLLABLE GYEONH +ACAF;ACAF;1100 1167 11AE;ACAF;1100 1167 11AE; # (겯; 겯; 겯; 겯; 겯; ) HANGUL SYLLABLE GYEOD +ACB0;ACB0;1100 1167 11AF;ACB0;1100 1167 11AF; # (ê²°; ê²°; 결; ê²°; 결; ) HANGUL SYLLABLE GYEOL +ACB1;ACB1;1100 1167 11B0;ACB1;1100 1167 11B0; # (ê²±; ê²±; 겱; ê²±; 겱; ) HANGUL SYLLABLE GYEOLG +ACB2;ACB2;1100 1167 11B1;ACB2;1100 1167 11B1; # (ê²²; ê²²; 겲; ê²²; 겲; ) HANGUL SYLLABLE GYEOLM +ACB3;ACB3;1100 1167 11B2;ACB3;1100 1167 11B2; # (ê²³; ê²³; 겳; ê²³; 겳; ) HANGUL SYLLABLE GYEOLB +ACB4;ACB4;1100 1167 11B3;ACB4;1100 1167 11B3; # (ê²´; ê²´; 겴; ê²´; 겴; ) HANGUL SYLLABLE GYEOLS +ACB5;ACB5;1100 1167 11B4;ACB5;1100 1167 11B4; # (ê²µ; ê²µ; 겵; ê²µ; 겵; ) HANGUL SYLLABLE GYEOLT +ACB6;ACB6;1100 1167 11B5;ACB6;1100 1167 11B5; # (겶; 겶; 겶; 겶; 겶; ) HANGUL SYLLABLE GYEOLP +ACB7;ACB7;1100 1167 11B6;ACB7;1100 1167 11B6; # (ê²·; ê²·; 겷; ê²·; 겷; ) HANGUL SYLLABLE GYEOLH +ACB8;ACB8;1100 1167 11B7;ACB8;1100 1167 11B7; # (겸; 겸; 겸; 겸; 겸; ) HANGUL SYLLABLE GYEOM +ACB9;ACB9;1100 1167 11B8;ACB9;1100 1167 11B8; # (ê²¹; ê²¹; 겹; ê²¹; 겹; ) HANGUL SYLLABLE GYEOB +ACBA;ACBA;1100 1167 11B9;ACBA;1100 1167 11B9; # (겺; 겺; 겺; 겺; 겺; ) HANGUL SYLLABLE GYEOBS +ACBB;ACBB;1100 1167 11BA;ACBB;1100 1167 11BA; # (ê²»; ê²»; 겻; ê²»; 겻; ) HANGUL SYLLABLE GYEOS +ACBC;ACBC;1100 1167 11BB;ACBC;1100 1167 11BB; # (ê²¼; ê²¼; 겼; ê²¼; 겼; ) HANGUL SYLLABLE GYEOSS +ACBD;ACBD;1100 1167 11BC;ACBD;1100 1167 11BC; # (ê²½; ê²½; 경; ê²½; 경; ) HANGUL SYLLABLE GYEONG +ACBE;ACBE;1100 1167 11BD;ACBE;1100 1167 11BD; # (ê²¾; ê²¾; 겾; ê²¾; 겾; ) HANGUL SYLLABLE GYEOJ +ACBF;ACBF;1100 1167 11BE;ACBF;1100 1167 11BE; # (겿; 겿; 겿; 겿; 겿; ) HANGUL SYLLABLE GYEOC +ACC0;ACC0;1100 1167 11BF;ACC0;1100 1167 11BF; # (ê³€; ê³€; 곀; ê³€; 곀; ) HANGUL SYLLABLE GYEOK +ACC1;ACC1;1100 1167 11C0;ACC1;1100 1167 11C0; # (ê³; ê³; 곁; ê³; 곁; ) HANGUL SYLLABLE GYEOT +ACC2;ACC2;1100 1167 11C1;ACC2;1100 1167 11C1; # (곂; 곂; 겨á‡; 곂; 겨á‡; ) HANGUL SYLLABLE GYEOP +ACC3;ACC3;1100 1167 11C2;ACC3;1100 1167 11C2; # (곃; 곃; 곃; 곃; 곃; ) HANGUL SYLLABLE GYEOH +ACC4;ACC4;1100 1168;ACC4;1100 1168; # (계; 계; 계; 계; 계; ) HANGUL SYLLABLE GYE +ACC5;ACC5;1100 1168 11A8;ACC5;1100 1168 11A8; # (ê³…; ê³…; 곅; ê³…; 곅; ) HANGUL SYLLABLE GYEG +ACC6;ACC6;1100 1168 11A9;ACC6;1100 1168 11A9; # (곆; 곆; 곆; 곆; 곆; ) HANGUL SYLLABLE GYEGG +ACC7;ACC7;1100 1168 11AA;ACC7;1100 1168 11AA; # (곇; 곇; 곇; 곇; 곇; ) HANGUL SYLLABLE GYEGS +ACC8;ACC8;1100 1168 11AB;ACC8;1100 1168 11AB; # (곈; 곈; 곈; 곈; 곈; ) HANGUL SYLLABLE GYEN +ACC9;ACC9;1100 1168 11AC;ACC9;1100 1168 11AC; # (곉; 곉; 곉; 곉; 곉; ) HANGUL SYLLABLE GYENJ +ACCA;ACCA;1100 1168 11AD;ACCA;1100 1168 11AD; # (곊; 곊; 곊; 곊; 곊; ) HANGUL SYLLABLE GYENH +ACCB;ACCB;1100 1168 11AE;ACCB;1100 1168 11AE; # (곋; 곋; 곋; 곋; 곋; ) HANGUL SYLLABLE GYED +ACCC;ACCC;1100 1168 11AF;ACCC;1100 1168 11AF; # (곌; 곌; 곌; 곌; 곌; ) HANGUL SYLLABLE GYEL +ACCD;ACCD;1100 1168 11B0;ACCD;1100 1168 11B0; # (ê³; ê³; 곍; ê³; 곍; ) HANGUL SYLLABLE GYELG +ACCE;ACCE;1100 1168 11B1;ACCE;1100 1168 11B1; # (곎; 곎; 곎; 곎; 곎; ) HANGUL SYLLABLE GYELM +ACCF;ACCF;1100 1168 11B2;ACCF;1100 1168 11B2; # (ê³; ê³; 곏; ê³; 곏; ) HANGUL SYLLABLE GYELB +ACD0;ACD0;1100 1168 11B3;ACD0;1100 1168 11B3; # (ê³; ê³; 곐; ê³; 곐; ) HANGUL SYLLABLE GYELS +ACD1;ACD1;1100 1168 11B4;ACD1;1100 1168 11B4; # (곑; 곑; 곑; 곑; 곑; ) HANGUL SYLLABLE GYELT +ACD2;ACD2;1100 1168 11B5;ACD2;1100 1168 11B5; # (ê³’; ê³’; 곒; ê³’; 곒; ) HANGUL SYLLABLE GYELP +ACD3;ACD3;1100 1168 11B6;ACD3;1100 1168 11B6; # (곓; 곓; 곓; 곓; 곓; ) HANGUL SYLLABLE GYELH +ACD4;ACD4;1100 1168 11B7;ACD4;1100 1168 11B7; # (ê³”; ê³”; 곔; ê³”; 곔; ) HANGUL SYLLABLE GYEM +ACD5;ACD5;1100 1168 11B8;ACD5;1100 1168 11B8; # (곕; 곕; 곕; 곕; 곕; ) HANGUL SYLLABLE GYEB +ACD6;ACD6;1100 1168 11B9;ACD6;1100 1168 11B9; # (ê³–; ê³–; 곖; ê³–; 곖; ) HANGUL SYLLABLE GYEBS +ACD7;ACD7;1100 1168 11BA;ACD7;1100 1168 11BA; # (ê³—; ê³—; 곗; ê³—; 곗; ) HANGUL SYLLABLE GYES +ACD8;ACD8;1100 1168 11BB;ACD8;1100 1168 11BB; # (곘; 곘; 곘; 곘; 곘; ) HANGUL SYLLABLE GYESS +ACD9;ACD9;1100 1168 11BC;ACD9;1100 1168 11BC; # (ê³™; ê³™; 곙; ê³™; 곙; ) HANGUL SYLLABLE GYENG +ACDA;ACDA;1100 1168 11BD;ACDA;1100 1168 11BD; # (곚; 곚; 곚; 곚; 곚; ) HANGUL SYLLABLE GYEJ +ACDB;ACDB;1100 1168 11BE;ACDB;1100 1168 11BE; # (ê³›; ê³›; 곛; ê³›; 곛; ) HANGUL SYLLABLE GYEC +ACDC;ACDC;1100 1168 11BF;ACDC;1100 1168 11BF; # (곜; 곜; 곜; 곜; 곜; ) HANGUL SYLLABLE GYEK +ACDD;ACDD;1100 1168 11C0;ACDD;1100 1168 11C0; # (ê³; ê³; 곝; ê³; 곝; ) HANGUL SYLLABLE GYET +ACDE;ACDE;1100 1168 11C1;ACDE;1100 1168 11C1; # (곞; 곞; 계á‡; 곞; 계á‡; ) HANGUL SYLLABLE GYEP +ACDF;ACDF;1100 1168 11C2;ACDF;1100 1168 11C2; # (곟; 곟; 곟; 곟; 곟; ) HANGUL SYLLABLE GYEH +ACE0;ACE0;1100 1169;ACE0;1100 1169; # (ê³ ; ê³ ; 고; ê³ ; 고; ) HANGUL SYLLABLE GO +ACE1;ACE1;1100 1169 11A8;ACE1;1100 1169 11A8; # (곡; 곡; 곡; 곡; 곡; ) HANGUL SYLLABLE GOG +ACE2;ACE2;1100 1169 11A9;ACE2;1100 1169 11A9; # (ê³¢; ê³¢; 곢; ê³¢; 곢; ) HANGUL SYLLABLE GOGG +ACE3;ACE3;1100 1169 11AA;ACE3;1100 1169 11AA; # (ê³£; ê³£; 곣; ê³£; 곣; ) HANGUL SYLLABLE GOGS +ACE4;ACE4;1100 1169 11AB;ACE4;1100 1169 11AB; # (곤; 곤; 곤; 곤; 곤; ) HANGUL SYLLABLE GON +ACE5;ACE5;1100 1169 11AC;ACE5;1100 1169 11AC; # (ê³¥; ê³¥; 곥; ê³¥; 곥; ) HANGUL SYLLABLE GONJ +ACE6;ACE6;1100 1169 11AD;ACE6;1100 1169 11AD; # (곦; 곦; 곦; 곦; 곦; ) HANGUL SYLLABLE GONH +ACE7;ACE7;1100 1169 11AE;ACE7;1100 1169 11AE; # (곧; 곧; 곧; 곧; 곧; ) HANGUL SYLLABLE GOD +ACE8;ACE8;1100 1169 11AF;ACE8;1100 1169 11AF; # (골; 골; 골; 골; 골; ) HANGUL SYLLABLE GOL +ACE9;ACE9;1100 1169 11B0;ACE9;1100 1169 11B0; # (곩; 곩; 곩; 곩; 곩; ) HANGUL SYLLABLE GOLG +ACEA;ACEA;1100 1169 11B1;ACEA;1100 1169 11B1; # (곪; 곪; 곪; 곪; 곪; ) HANGUL SYLLABLE GOLM +ACEB;ACEB;1100 1169 11B2;ACEB;1100 1169 11B2; # (곫; 곫; 곫; 곫; 곫; ) HANGUL SYLLABLE GOLB +ACEC;ACEC;1100 1169 11B3;ACEC;1100 1169 11B3; # (곬; 곬; 곬; 곬; 곬; ) HANGUL SYLLABLE GOLS +ACED;ACED;1100 1169 11B4;ACED;1100 1169 11B4; # (ê³­; ê³­; 곭; ê³­; 곭; ) HANGUL SYLLABLE GOLT +ACEE;ACEE;1100 1169 11B5;ACEE;1100 1169 11B5; # (ê³®; ê³®; 곮; ê³®; 곮; ) HANGUL SYLLABLE GOLP +ACEF;ACEF;1100 1169 11B6;ACEF;1100 1169 11B6; # (곯; 곯; 곯; 곯; 곯; ) HANGUL SYLLABLE GOLH +ACF0;ACF0;1100 1169 11B7;ACF0;1100 1169 11B7; # (ê³°; ê³°; 곰; ê³°; 곰; ) HANGUL SYLLABLE GOM +ACF1;ACF1;1100 1169 11B8;ACF1;1100 1169 11B8; # (ê³±; ê³±; 곱; ê³±; 곱; ) HANGUL SYLLABLE GOB +ACF2;ACF2;1100 1169 11B9;ACF2;1100 1169 11B9; # (ê³²; ê³²; 곲; ê³²; 곲; ) HANGUL SYLLABLE GOBS +ACF3;ACF3;1100 1169 11BA;ACF3;1100 1169 11BA; # (ê³³; ê³³; 곳; ê³³; 곳; ) HANGUL SYLLABLE GOS +ACF4;ACF4;1100 1169 11BB;ACF4;1100 1169 11BB; # (ê³´; ê³´; 곴; ê³´; 곴; ) HANGUL SYLLABLE GOSS +ACF5;ACF5;1100 1169 11BC;ACF5;1100 1169 11BC; # (ê³µ; ê³µ; 공; ê³µ; 공; ) HANGUL SYLLABLE GONG +ACF6;ACF6;1100 1169 11BD;ACF6;1100 1169 11BD; # (곶; 곶; 곶; 곶; 곶; ) HANGUL SYLLABLE GOJ +ACF7;ACF7;1100 1169 11BE;ACF7;1100 1169 11BE; # (ê³·; ê³·; 곷; ê³·; 곷; ) HANGUL SYLLABLE GOC +ACF8;ACF8;1100 1169 11BF;ACF8;1100 1169 11BF; # (곸; 곸; 곸; 곸; 곸; ) HANGUL SYLLABLE GOK +ACF9;ACF9;1100 1169 11C0;ACF9;1100 1169 11C0; # (ê³¹; ê³¹; 곹; ê³¹; 곹; ) HANGUL SYLLABLE GOT +ACFA;ACFA;1100 1169 11C1;ACFA;1100 1169 11C1; # (곺; 곺; 고á‡; 곺; 고á‡; ) HANGUL SYLLABLE GOP +ACFB;ACFB;1100 1169 11C2;ACFB;1100 1169 11C2; # (ê³»; ê³»; 곻; ê³»; 곻; ) HANGUL SYLLABLE GOH +ACFC;ACFC;1100 116A;ACFC;1100 116A; # (ê³¼; ê³¼; 과; ê³¼; 과; ) HANGUL SYLLABLE GWA +ACFD;ACFD;1100 116A 11A8;ACFD;1100 116A 11A8; # (ê³½; ê³½; 곽; ê³½; 곽; ) HANGUL SYLLABLE GWAG +ACFE;ACFE;1100 116A 11A9;ACFE;1100 116A 11A9; # (ê³¾; ê³¾; 곾; ê³¾; 곾; ) HANGUL SYLLABLE GWAGG +ACFF;ACFF;1100 116A 11AA;ACFF;1100 116A 11AA; # (곿; 곿; 곿; 곿; 곿; ) HANGUL SYLLABLE GWAGS +AD00;AD00;1100 116A 11AB;AD00;1100 116A 11AB; # (ê´€; ê´€; 관; ê´€; 관; ) HANGUL SYLLABLE GWAN +AD01;AD01;1100 116A 11AC;AD01;1100 116A 11AC; # (ê´; ê´; 괁; ê´; 괁; ) HANGUL SYLLABLE GWANJ +AD02;AD02;1100 116A 11AD;AD02;1100 116A 11AD; # (ê´‚; ê´‚; 괂; ê´‚; 괂; ) HANGUL SYLLABLE GWANH +AD03;AD03;1100 116A 11AE;AD03;1100 116A 11AE; # (ê´ƒ; ê´ƒ; 괃; ê´ƒ; 괃; ) HANGUL SYLLABLE GWAD +AD04;AD04;1100 116A 11AF;AD04;1100 116A 11AF; # (ê´„; ê´„; 괄; ê´„; 괄; ) HANGUL SYLLABLE GWAL +AD05;AD05;1100 116A 11B0;AD05;1100 116A 11B0; # (ê´…; ê´…; 괅; ê´…; 괅; ) HANGUL SYLLABLE GWALG +AD06;AD06;1100 116A 11B1;AD06;1100 116A 11B1; # (ê´†; ê´†; 괆; ê´†; 괆; ) HANGUL SYLLABLE GWALM +AD07;AD07;1100 116A 11B2;AD07;1100 116A 11B2; # (ê´‡; ê´‡; 괇; ê´‡; 괇; ) HANGUL SYLLABLE GWALB +AD08;AD08;1100 116A 11B3;AD08;1100 116A 11B3; # (ê´ˆ; ê´ˆ; 괈; ê´ˆ; 괈; ) HANGUL SYLLABLE GWALS +AD09;AD09;1100 116A 11B4;AD09;1100 116A 11B4; # (ê´‰; ê´‰; 괉; ê´‰; 괉; ) HANGUL SYLLABLE GWALT +AD0A;AD0A;1100 116A 11B5;AD0A;1100 116A 11B5; # (ê´Š; ê´Š; 괊; ê´Š; 괊; ) HANGUL SYLLABLE GWALP +AD0B;AD0B;1100 116A 11B6;AD0B;1100 116A 11B6; # (ê´‹; ê´‹; 괋; ê´‹; 괋; ) HANGUL SYLLABLE GWALH +AD0C;AD0C;1100 116A 11B7;AD0C;1100 116A 11B7; # (ê´Œ; ê´Œ; 괌; ê´Œ; 괌; ) HANGUL SYLLABLE GWAM +AD0D;AD0D;1100 116A 11B8;AD0D;1100 116A 11B8; # (ê´; ê´; 괍; ê´; 괍; ) HANGUL SYLLABLE GWAB +AD0E;AD0E;1100 116A 11B9;AD0E;1100 116A 11B9; # (ê´Ž; ê´Ž; 괎; ê´Ž; 괎; ) HANGUL SYLLABLE GWABS +AD0F;AD0F;1100 116A 11BA;AD0F;1100 116A 11BA; # (ê´; ê´; 괏; ê´; 괏; ) HANGUL SYLLABLE GWAS +AD10;AD10;1100 116A 11BB;AD10;1100 116A 11BB; # (ê´; ê´; 괐; ê´; 괐; ) HANGUL SYLLABLE GWASS +AD11;AD11;1100 116A 11BC;AD11;1100 116A 11BC; # (ê´‘; ê´‘; 광; ê´‘; 광; ) HANGUL SYLLABLE GWANG +AD12;AD12;1100 116A 11BD;AD12;1100 116A 11BD; # (ê´’; ê´’; 괒; ê´’; 괒; ) HANGUL SYLLABLE GWAJ +AD13;AD13;1100 116A 11BE;AD13;1100 116A 11BE; # (ê´“; ê´“; 괓; ê´“; 괓; ) HANGUL SYLLABLE GWAC +AD14;AD14;1100 116A 11BF;AD14;1100 116A 11BF; # (ê´”; ê´”; 괔; ê´”; 괔; ) HANGUL SYLLABLE GWAK +AD15;AD15;1100 116A 11C0;AD15;1100 116A 11C0; # (ê´•; ê´•; 괕; ê´•; 괕; ) HANGUL SYLLABLE GWAT +AD16;AD16;1100 116A 11C1;AD16;1100 116A 11C1; # (ê´–; ê´–; 과á‡; ê´–; 과á‡; ) HANGUL SYLLABLE GWAP +AD17;AD17;1100 116A 11C2;AD17;1100 116A 11C2; # (ê´—; ê´—; 괗; ê´—; 괗; ) HANGUL SYLLABLE GWAH +AD18;AD18;1100 116B;AD18;1100 116B; # (ê´˜; ê´˜; 괘; ê´˜; 괘; ) HANGUL SYLLABLE GWAE +AD19;AD19;1100 116B 11A8;AD19;1100 116B 11A8; # (ê´™; ê´™; 괙; ê´™; 괙; ) HANGUL SYLLABLE GWAEG +AD1A;AD1A;1100 116B 11A9;AD1A;1100 116B 11A9; # (ê´š; ê´š; 괚; ê´š; 괚; ) HANGUL SYLLABLE GWAEGG +AD1B;AD1B;1100 116B 11AA;AD1B;1100 116B 11AA; # (ê´›; ê´›; 괛; ê´›; 괛; ) HANGUL SYLLABLE GWAEGS +AD1C;AD1C;1100 116B 11AB;AD1C;1100 116B 11AB; # (ê´œ; ê´œ; 괜; ê´œ; 괜; ) HANGUL SYLLABLE GWAEN +AD1D;AD1D;1100 116B 11AC;AD1D;1100 116B 11AC; # (ê´; ê´; 괝; ê´; 괝; ) HANGUL SYLLABLE GWAENJ +AD1E;AD1E;1100 116B 11AD;AD1E;1100 116B 11AD; # (ê´ž; ê´ž; 괞; ê´ž; 괞; ) HANGUL SYLLABLE GWAENH +AD1F;AD1F;1100 116B 11AE;AD1F;1100 116B 11AE; # (ê´Ÿ; ê´Ÿ; 괟; ê´Ÿ; 괟; ) HANGUL SYLLABLE GWAED +AD20;AD20;1100 116B 11AF;AD20;1100 116B 11AF; # (ê´ ; ê´ ; 괠; ê´ ; 괠; ) HANGUL SYLLABLE GWAEL +AD21;AD21;1100 116B 11B0;AD21;1100 116B 11B0; # (ê´¡; ê´¡; 괡; ê´¡; 괡; ) HANGUL SYLLABLE GWAELG +AD22;AD22;1100 116B 11B1;AD22;1100 116B 11B1; # (ê´¢; ê´¢; 괢; ê´¢; 괢; ) HANGUL SYLLABLE GWAELM +AD23;AD23;1100 116B 11B2;AD23;1100 116B 11B2; # (ê´£; ê´£; 괣; ê´£; 괣; ) HANGUL SYLLABLE GWAELB +AD24;AD24;1100 116B 11B3;AD24;1100 116B 11B3; # (ê´¤; ê´¤; 괤; ê´¤; 괤; ) HANGUL SYLLABLE GWAELS +AD25;AD25;1100 116B 11B4;AD25;1100 116B 11B4; # (ê´¥; ê´¥; 괥; ê´¥; 괥; ) HANGUL SYLLABLE GWAELT +AD26;AD26;1100 116B 11B5;AD26;1100 116B 11B5; # (ê´¦; ê´¦; 괦; ê´¦; 괦; ) HANGUL SYLLABLE GWAELP +AD27;AD27;1100 116B 11B6;AD27;1100 116B 11B6; # (ê´§; ê´§; 괧; ê´§; 괧; ) HANGUL SYLLABLE GWAELH +AD28;AD28;1100 116B 11B7;AD28;1100 116B 11B7; # (ê´¨; ê´¨; 괨; ê´¨; 괨; ) HANGUL SYLLABLE GWAEM +AD29;AD29;1100 116B 11B8;AD29;1100 116B 11B8; # (ê´©; ê´©; 괩; ê´©; 괩; ) HANGUL SYLLABLE GWAEB +AD2A;AD2A;1100 116B 11B9;AD2A;1100 116B 11B9; # (ê´ª; ê´ª; 괪; ê´ª; 괪; ) HANGUL SYLLABLE GWAEBS +AD2B;AD2B;1100 116B 11BA;AD2B;1100 116B 11BA; # (ê´«; ê´«; 괫; ê´«; 괫; ) HANGUL SYLLABLE GWAES +AD2C;AD2C;1100 116B 11BB;AD2C;1100 116B 11BB; # (ê´¬; ê´¬; 괬; ê´¬; 괬; ) HANGUL SYLLABLE GWAESS +AD2D;AD2D;1100 116B 11BC;AD2D;1100 116B 11BC; # (ê´­; ê´­; 괭; ê´­; 괭; ) HANGUL SYLLABLE GWAENG +AD2E;AD2E;1100 116B 11BD;AD2E;1100 116B 11BD; # (ê´®; ê´®; 괮; ê´®; 괮; ) HANGUL SYLLABLE GWAEJ +AD2F;AD2F;1100 116B 11BE;AD2F;1100 116B 11BE; # (ê´¯; ê´¯; 괯; ê´¯; 괯; ) HANGUL SYLLABLE GWAEC +AD30;AD30;1100 116B 11BF;AD30;1100 116B 11BF; # (ê´°; ê´°; 괰; ê´°; 괰; ) HANGUL SYLLABLE GWAEK +AD31;AD31;1100 116B 11C0;AD31;1100 116B 11C0; # (ê´±; ê´±; 괱; ê´±; 괱; ) HANGUL SYLLABLE GWAET +AD32;AD32;1100 116B 11C1;AD32;1100 116B 11C1; # (ê´²; ê´²; 괘á‡; ê´²; 괘á‡; ) HANGUL SYLLABLE GWAEP +AD33;AD33;1100 116B 11C2;AD33;1100 116B 11C2; # (ê´³; ê´³; 괳; ê´³; 괳; ) HANGUL SYLLABLE GWAEH +AD34;AD34;1100 116C;AD34;1100 116C; # (ê´´; ê´´; 괴; ê´´; 괴; ) HANGUL SYLLABLE GOE +AD35;AD35;1100 116C 11A8;AD35;1100 116C 11A8; # (ê´µ; ê´µ; 괵; ê´µ; 괵; ) HANGUL SYLLABLE GOEG +AD36;AD36;1100 116C 11A9;AD36;1100 116C 11A9; # (ê´¶; ê´¶; 괶; ê´¶; 괶; ) HANGUL SYLLABLE GOEGG +AD37;AD37;1100 116C 11AA;AD37;1100 116C 11AA; # (ê´·; ê´·; 괷; ê´·; 괷; ) HANGUL SYLLABLE GOEGS +AD38;AD38;1100 116C 11AB;AD38;1100 116C 11AB; # (ê´¸; ê´¸; 괸; ê´¸; 괸; ) HANGUL SYLLABLE GOEN +AD39;AD39;1100 116C 11AC;AD39;1100 116C 11AC; # (ê´¹; ê´¹; 괹; ê´¹; 괹; ) HANGUL SYLLABLE GOENJ +AD3A;AD3A;1100 116C 11AD;AD3A;1100 116C 11AD; # (ê´º; ê´º; 괺; ê´º; 괺; ) HANGUL SYLLABLE GOENH +AD3B;AD3B;1100 116C 11AE;AD3B;1100 116C 11AE; # (ê´»; ê´»; 괻; ê´»; 괻; ) HANGUL SYLLABLE GOED +AD3C;AD3C;1100 116C 11AF;AD3C;1100 116C 11AF; # (ê´¼; ê´¼; 괼; ê´¼; 괼; ) HANGUL SYLLABLE GOEL +AD3D;AD3D;1100 116C 11B0;AD3D;1100 116C 11B0; # (ê´½; ê´½; 괽; ê´½; 괽; ) HANGUL SYLLABLE GOELG +AD3E;AD3E;1100 116C 11B1;AD3E;1100 116C 11B1; # (ê´¾; ê´¾; 괾; ê´¾; 괾; ) HANGUL SYLLABLE GOELM +AD3F;AD3F;1100 116C 11B2;AD3F;1100 116C 11B2; # (ê´¿; ê´¿; 괿; ê´¿; 괿; ) HANGUL SYLLABLE GOELB +AD40;AD40;1100 116C 11B3;AD40;1100 116C 11B3; # (êµ€; êµ€; 굀; êµ€; 굀; ) HANGUL SYLLABLE GOELS +AD41;AD41;1100 116C 11B4;AD41;1100 116C 11B4; # (êµ; êµ; 굁; êµ; 굁; ) HANGUL SYLLABLE GOELT +AD42;AD42;1100 116C 11B5;AD42;1100 116C 11B5; # (굂; 굂; 굂; 굂; 굂; ) HANGUL SYLLABLE GOELP +AD43;AD43;1100 116C 11B6;AD43;1100 116C 11B6; # (굃; 굃; 굃; 굃; 굃; ) HANGUL SYLLABLE GOELH +AD44;AD44;1100 116C 11B7;AD44;1100 116C 11B7; # (굄; 굄; 굄; 굄; 굄; ) HANGUL SYLLABLE GOEM +AD45;AD45;1100 116C 11B8;AD45;1100 116C 11B8; # (êµ…; êµ…; 굅; êµ…; 굅; ) HANGUL SYLLABLE GOEB +AD46;AD46;1100 116C 11B9;AD46;1100 116C 11B9; # (굆; 굆; 굆; 굆; 굆; ) HANGUL SYLLABLE GOEBS +AD47;AD47;1100 116C 11BA;AD47;1100 116C 11BA; # (굇; 굇; 굇; 굇; 굇; ) HANGUL SYLLABLE GOES +AD48;AD48;1100 116C 11BB;AD48;1100 116C 11BB; # (굈; 굈; 굈; 굈; 굈; ) HANGUL SYLLABLE GOESS +AD49;AD49;1100 116C 11BC;AD49;1100 116C 11BC; # (굉; 굉; 굉; 굉; 굉; ) HANGUL SYLLABLE GOENG +AD4A;AD4A;1100 116C 11BD;AD4A;1100 116C 11BD; # (굊; 굊; 굊; 굊; 굊; ) HANGUL SYLLABLE GOEJ +AD4B;AD4B;1100 116C 11BE;AD4B;1100 116C 11BE; # (굋; 굋; 굋; 굋; 굋; ) HANGUL SYLLABLE GOEC +AD4C;AD4C;1100 116C 11BF;AD4C;1100 116C 11BF; # (굌; 굌; 굌; 굌; 굌; ) HANGUL SYLLABLE GOEK +AD4D;AD4D;1100 116C 11C0;AD4D;1100 116C 11C0; # (êµ; êµ; 굍; êµ; 굍; ) HANGUL SYLLABLE GOET +AD4E;AD4E;1100 116C 11C1;AD4E;1100 116C 11C1; # (굎; 굎; 괴á‡; 굎; 괴á‡; ) HANGUL SYLLABLE GOEP +AD4F;AD4F;1100 116C 11C2;AD4F;1100 116C 11C2; # (êµ; êµ; 굏; êµ; 굏; ) HANGUL SYLLABLE GOEH +AD50;AD50;1100 116D;AD50;1100 116D; # (êµ; êµ; 교; êµ; 교; ) HANGUL SYLLABLE GYO +AD51;AD51;1100 116D 11A8;AD51;1100 116D 11A8; # (굑; 굑; 굑; 굑; 굑; ) HANGUL SYLLABLE GYOG +AD52;AD52;1100 116D 11A9;AD52;1100 116D 11A9; # (êµ’; êµ’; 굒; êµ’; 굒; ) HANGUL SYLLABLE GYOGG +AD53;AD53;1100 116D 11AA;AD53;1100 116D 11AA; # (굓; 굓; 굓; 굓; 굓; ) HANGUL SYLLABLE GYOGS +AD54;AD54;1100 116D 11AB;AD54;1100 116D 11AB; # (êµ”; êµ”; 굔; êµ”; 굔; ) HANGUL SYLLABLE GYON +AD55;AD55;1100 116D 11AC;AD55;1100 116D 11AC; # (굕; 굕; 굕; 굕; 굕; ) HANGUL SYLLABLE GYONJ +AD56;AD56;1100 116D 11AD;AD56;1100 116D 11AD; # (êµ–; êµ–; 굖; êµ–; 굖; ) HANGUL SYLLABLE GYONH +AD57;AD57;1100 116D 11AE;AD57;1100 116D 11AE; # (êµ—; êµ—; 굗; êµ—; 굗; ) HANGUL SYLLABLE GYOD +AD58;AD58;1100 116D 11AF;AD58;1100 116D 11AF; # (굘; 굘; 굘; 굘; 굘; ) HANGUL SYLLABLE GYOL +AD59;AD59;1100 116D 11B0;AD59;1100 116D 11B0; # (êµ™; êµ™; 굙; êµ™; 굙; ) HANGUL SYLLABLE GYOLG +AD5A;AD5A;1100 116D 11B1;AD5A;1100 116D 11B1; # (굚; 굚; 굚; 굚; 굚; ) HANGUL SYLLABLE GYOLM +AD5B;AD5B;1100 116D 11B2;AD5B;1100 116D 11B2; # (êµ›; êµ›; 굛; êµ›; 굛; ) HANGUL SYLLABLE GYOLB +AD5C;AD5C;1100 116D 11B3;AD5C;1100 116D 11B3; # (굜; 굜; 굜; 굜; 굜; ) HANGUL SYLLABLE GYOLS +AD5D;AD5D;1100 116D 11B4;AD5D;1100 116D 11B4; # (êµ; êµ; 굝; êµ; 굝; ) HANGUL SYLLABLE GYOLT +AD5E;AD5E;1100 116D 11B5;AD5E;1100 116D 11B5; # (굞; 굞; 굞; 굞; 굞; ) HANGUL SYLLABLE GYOLP +AD5F;AD5F;1100 116D 11B6;AD5F;1100 116D 11B6; # (굟; 굟; 굟; 굟; 굟; ) HANGUL SYLLABLE GYOLH +AD60;AD60;1100 116D 11B7;AD60;1100 116D 11B7; # (êµ ; êµ ; 굠; êµ ; 굠; ) HANGUL SYLLABLE GYOM +AD61;AD61;1100 116D 11B8;AD61;1100 116D 11B8; # (굡; 굡; 굡; 굡; 굡; ) HANGUL SYLLABLE GYOB +AD62;AD62;1100 116D 11B9;AD62;1100 116D 11B9; # (êµ¢; êµ¢; 굢; êµ¢; 굢; ) HANGUL SYLLABLE GYOBS +AD63;AD63;1100 116D 11BA;AD63;1100 116D 11BA; # (êµ£; êµ£; 굣; êµ£; 굣; ) HANGUL SYLLABLE GYOS +AD64;AD64;1100 116D 11BB;AD64;1100 116D 11BB; # (굤; 굤; 굤; 굤; 굤; ) HANGUL SYLLABLE GYOSS +AD65;AD65;1100 116D 11BC;AD65;1100 116D 11BC; # (êµ¥; êµ¥; 굥; êµ¥; 굥; ) HANGUL SYLLABLE GYONG +AD66;AD66;1100 116D 11BD;AD66;1100 116D 11BD; # (굦; 굦; 굦; 굦; 굦; ) HANGUL SYLLABLE GYOJ +AD67;AD67;1100 116D 11BE;AD67;1100 116D 11BE; # (굧; 굧; 굧; 굧; 굧; ) HANGUL SYLLABLE GYOC +AD68;AD68;1100 116D 11BF;AD68;1100 116D 11BF; # (굨; 굨; 굨; 굨; 굨; ) HANGUL SYLLABLE GYOK +AD69;AD69;1100 116D 11C0;AD69;1100 116D 11C0; # (굩; 굩; 굩; 굩; 굩; ) HANGUL SYLLABLE GYOT +AD6A;AD6A;1100 116D 11C1;AD6A;1100 116D 11C1; # (굪; 굪; 교á‡; 굪; 교á‡; ) HANGUL SYLLABLE GYOP +AD6B;AD6B;1100 116D 11C2;AD6B;1100 116D 11C2; # (굫; 굫; 굫; 굫; 굫; ) HANGUL SYLLABLE GYOH +AD6C;AD6C;1100 116E;AD6C;1100 116E; # (구; 구; 구; 구; 구; ) HANGUL SYLLABLE GU +AD6D;AD6D;1100 116E 11A8;AD6D;1100 116E 11A8; # (êµ­; êµ­; 국; êµ­; 국; ) HANGUL SYLLABLE GUG +AD6E;AD6E;1100 116E 11A9;AD6E;1100 116E 11A9; # (êµ®; êµ®; 굮; êµ®; 굮; ) HANGUL SYLLABLE GUGG +AD6F;AD6F;1100 116E 11AA;AD6F;1100 116E 11AA; # (굯; 굯; 굯; 굯; 굯; ) HANGUL SYLLABLE GUGS +AD70;AD70;1100 116E 11AB;AD70;1100 116E 11AB; # (êµ°; êµ°; 군; êµ°; 군; ) HANGUL SYLLABLE GUN +AD71;AD71;1100 116E 11AC;AD71;1100 116E 11AC; # (êµ±; êµ±; 굱; êµ±; 굱; ) HANGUL SYLLABLE GUNJ +AD72;AD72;1100 116E 11AD;AD72;1100 116E 11AD; # (êµ²; êµ²; 굲; êµ²; 굲; ) HANGUL SYLLABLE GUNH +AD73;AD73;1100 116E 11AE;AD73;1100 116E 11AE; # (êµ³; êµ³; 굳; êµ³; 굳; ) HANGUL SYLLABLE GUD +AD74;AD74;1100 116E 11AF;AD74;1100 116E 11AF; # (êµ´; êµ´; 굴; êµ´; 굴; ) HANGUL SYLLABLE GUL +AD75;AD75;1100 116E 11B0;AD75;1100 116E 11B0; # (êµµ; êµµ; 굵; êµµ; 굵; ) HANGUL SYLLABLE GULG +AD76;AD76;1100 116E 11B1;AD76;1100 116E 11B1; # (굶; 굶; 굶; 굶; 굶; ) HANGUL SYLLABLE GULM +AD77;AD77;1100 116E 11B2;AD77;1100 116E 11B2; # (êµ·; êµ·; 굷; êµ·; 굷; ) HANGUL SYLLABLE GULB +AD78;AD78;1100 116E 11B3;AD78;1100 116E 11B3; # (굸; 굸; 굸; 굸; 굸; ) HANGUL SYLLABLE GULS +AD79;AD79;1100 116E 11B4;AD79;1100 116E 11B4; # (êµ¹; êµ¹; 굹; êµ¹; 굹; ) HANGUL SYLLABLE GULT +AD7A;AD7A;1100 116E 11B5;AD7A;1100 116E 11B5; # (굺; 굺; 굺; 굺; 굺; ) HANGUL SYLLABLE GULP +AD7B;AD7B;1100 116E 11B6;AD7B;1100 116E 11B6; # (êµ»; êµ»; 굻; êµ»; 굻; ) HANGUL SYLLABLE GULH +AD7C;AD7C;1100 116E 11B7;AD7C;1100 116E 11B7; # (êµ¼; êµ¼; 굼; êµ¼; 굼; ) HANGUL SYLLABLE GUM +AD7D;AD7D;1100 116E 11B8;AD7D;1100 116E 11B8; # (êµ½; êµ½; 굽; êµ½; 굽; ) HANGUL SYLLABLE GUB +AD7E;AD7E;1100 116E 11B9;AD7E;1100 116E 11B9; # (êµ¾; êµ¾; 굾; êµ¾; 굾; ) HANGUL SYLLABLE GUBS +AD7F;AD7F;1100 116E 11BA;AD7F;1100 116E 11BA; # (굿; 굿; 굿; 굿; 굿; ) HANGUL SYLLABLE GUS +AD80;AD80;1100 116E 11BB;AD80;1100 116E 11BB; # (궀; 궀; 궀; 궀; 궀; ) HANGUL SYLLABLE GUSS +AD81;AD81;1100 116E 11BC;AD81;1100 116E 11BC; # (ê¶; ê¶; 궁; ê¶; 궁; ) HANGUL SYLLABLE GUNG +AD82;AD82;1100 116E 11BD;AD82;1100 116E 11BD; # (궂; 궂; 궂; 궂; 궂; ) HANGUL SYLLABLE GUJ +AD83;AD83;1100 116E 11BE;AD83;1100 116E 11BE; # (궃; 궃; 궃; 궃; 궃; ) HANGUL SYLLABLE GUC +AD84;AD84;1100 116E 11BF;AD84;1100 116E 11BF; # (궄; 궄; 궄; 궄; 궄; ) HANGUL SYLLABLE GUK +AD85;AD85;1100 116E 11C0;AD85;1100 116E 11C0; # (궅; 궅; 궅; 궅; 궅; ) HANGUL SYLLABLE GUT +AD86;AD86;1100 116E 11C1;AD86;1100 116E 11C1; # (궆; 궆; 구á‡; 궆; 구á‡; ) HANGUL SYLLABLE GUP +AD87;AD87;1100 116E 11C2;AD87;1100 116E 11C2; # (궇; 궇; 궇; 궇; 궇; ) HANGUL SYLLABLE GUH +AD88;AD88;1100 116F;AD88;1100 116F; # (궈; 궈; 궈; 궈; 궈; ) HANGUL SYLLABLE GWEO +AD89;AD89;1100 116F 11A8;AD89;1100 116F 11A8; # (궉; 궉; 궉; 궉; 궉; ) HANGUL SYLLABLE GWEOG +AD8A;AD8A;1100 116F 11A9;AD8A;1100 116F 11A9; # (궊; 궊; 궊; 궊; 궊; ) HANGUL SYLLABLE GWEOGG +AD8B;AD8B;1100 116F 11AA;AD8B;1100 116F 11AA; # (궋; 궋; 궋; 궋; 궋; ) HANGUL SYLLABLE GWEOGS +AD8C;AD8C;1100 116F 11AB;AD8C;1100 116F 11AB; # (권; 권; 권; 권; 권; ) HANGUL SYLLABLE GWEON +AD8D;AD8D;1100 116F 11AC;AD8D;1100 116F 11AC; # (ê¶; ê¶; 궍; ê¶; 궍; ) HANGUL SYLLABLE GWEONJ +AD8E;AD8E;1100 116F 11AD;AD8E;1100 116F 11AD; # (궎; 궎; 궎; 궎; 궎; ) HANGUL SYLLABLE GWEONH +AD8F;AD8F;1100 116F 11AE;AD8F;1100 116F 11AE; # (ê¶; ê¶; 궏; ê¶; 궏; ) HANGUL SYLLABLE GWEOD +AD90;AD90;1100 116F 11AF;AD90;1100 116F 11AF; # (ê¶; ê¶; 궐; ê¶; 궐; ) HANGUL SYLLABLE GWEOL +AD91;AD91;1100 116F 11B0;AD91;1100 116F 11B0; # (궑; 궑; 궑; 궑; 궑; ) HANGUL SYLLABLE GWEOLG +AD92;AD92;1100 116F 11B1;AD92;1100 116F 11B1; # (궒; 궒; 궒; 궒; 궒; ) HANGUL SYLLABLE GWEOLM +AD93;AD93;1100 116F 11B2;AD93;1100 116F 11B2; # (궓; 궓; 궓; 궓; 궓; ) HANGUL SYLLABLE GWEOLB +AD94;AD94;1100 116F 11B3;AD94;1100 116F 11B3; # (궔; 궔; 궔; 궔; 궔; ) HANGUL SYLLABLE GWEOLS +AD95;AD95;1100 116F 11B4;AD95;1100 116F 11B4; # (궕; 궕; 궕; 궕; 궕; ) HANGUL SYLLABLE GWEOLT +AD96;AD96;1100 116F 11B5;AD96;1100 116F 11B5; # (궖; 궖; 궖; 궖; 궖; ) HANGUL SYLLABLE GWEOLP +AD97;AD97;1100 116F 11B6;AD97;1100 116F 11B6; # (궗; 궗; 궗; 궗; 궗; ) HANGUL SYLLABLE GWEOLH +AD98;AD98;1100 116F 11B7;AD98;1100 116F 11B7; # (궘; 궘; 궘; 궘; 궘; ) HANGUL SYLLABLE GWEOM +AD99;AD99;1100 116F 11B8;AD99;1100 116F 11B8; # (궙; 궙; 궙; 궙; 궙; ) HANGUL SYLLABLE GWEOB +AD9A;AD9A;1100 116F 11B9;AD9A;1100 116F 11B9; # (궚; 궚; 궚; 궚; 궚; ) HANGUL SYLLABLE GWEOBS +AD9B;AD9B;1100 116F 11BA;AD9B;1100 116F 11BA; # (궛; 궛; 궛; 궛; 궛; ) HANGUL SYLLABLE GWEOS +AD9C;AD9C;1100 116F 11BB;AD9C;1100 116F 11BB; # (궜; 궜; 궜; 궜; 궜; ) HANGUL SYLLABLE GWEOSS +AD9D;AD9D;1100 116F 11BC;AD9D;1100 116F 11BC; # (ê¶; ê¶; 궝; ê¶; 궝; ) HANGUL SYLLABLE GWEONG +AD9E;AD9E;1100 116F 11BD;AD9E;1100 116F 11BD; # (궞; 궞; 궞; 궞; 궞; ) HANGUL SYLLABLE GWEOJ +AD9F;AD9F;1100 116F 11BE;AD9F;1100 116F 11BE; # (궟; 궟; 궟; 궟; 궟; ) HANGUL SYLLABLE GWEOC +ADA0;ADA0;1100 116F 11BF;ADA0;1100 116F 11BF; # (궠; 궠; 궠; 궠; 궠; ) HANGUL SYLLABLE GWEOK +ADA1;ADA1;1100 116F 11C0;ADA1;1100 116F 11C0; # (궡; 궡; 궡; 궡; 궡; ) HANGUL SYLLABLE GWEOT +ADA2;ADA2;1100 116F 11C1;ADA2;1100 116F 11C1; # (궢; 궢; 궈á‡; 궢; 궈á‡; ) HANGUL SYLLABLE GWEOP +ADA3;ADA3;1100 116F 11C2;ADA3;1100 116F 11C2; # (궣; 궣; 궣; 궣; 궣; ) HANGUL SYLLABLE GWEOH +ADA4;ADA4;1100 1170;ADA4;1100 1170; # (궤; 궤; 궤; 궤; 궤; ) HANGUL SYLLABLE GWE +ADA5;ADA5;1100 1170 11A8;ADA5;1100 1170 11A8; # (궥; 궥; 궥; 궥; 궥; ) HANGUL SYLLABLE GWEG +ADA6;ADA6;1100 1170 11A9;ADA6;1100 1170 11A9; # (궦; 궦; 궦; 궦; 궦; ) HANGUL SYLLABLE GWEGG +ADA7;ADA7;1100 1170 11AA;ADA7;1100 1170 11AA; # (궧; 궧; 궧; 궧; 궧; ) HANGUL SYLLABLE GWEGS +ADA8;ADA8;1100 1170 11AB;ADA8;1100 1170 11AB; # (궨; 궨; 궨; 궨; 궨; ) HANGUL SYLLABLE GWEN +ADA9;ADA9;1100 1170 11AC;ADA9;1100 1170 11AC; # (궩; 궩; 궩; 궩; 궩; ) HANGUL SYLLABLE GWENJ +ADAA;ADAA;1100 1170 11AD;ADAA;1100 1170 11AD; # (궪; 궪; 궪; 궪; 궪; ) HANGUL SYLLABLE GWENH +ADAB;ADAB;1100 1170 11AE;ADAB;1100 1170 11AE; # (궫; 궫; 궫; 궫; 궫; ) HANGUL SYLLABLE GWED +ADAC;ADAC;1100 1170 11AF;ADAC;1100 1170 11AF; # (궬; 궬; 궬; 궬; 궬; ) HANGUL SYLLABLE GWEL +ADAD;ADAD;1100 1170 11B0;ADAD;1100 1170 11B0; # (궭; 궭; 궭; 궭; 궭; ) HANGUL SYLLABLE GWELG +ADAE;ADAE;1100 1170 11B1;ADAE;1100 1170 11B1; # (궮; 궮; 궮; 궮; 궮; ) HANGUL SYLLABLE GWELM +ADAF;ADAF;1100 1170 11B2;ADAF;1100 1170 11B2; # (궯; 궯; 궯; 궯; 궯; ) HANGUL SYLLABLE GWELB +ADB0;ADB0;1100 1170 11B3;ADB0;1100 1170 11B3; # (궰; 궰; 궰; 궰; 궰; ) HANGUL SYLLABLE GWELS +ADB1;ADB1;1100 1170 11B4;ADB1;1100 1170 11B4; # (궱; 궱; 궱; 궱; 궱; ) HANGUL SYLLABLE GWELT +ADB2;ADB2;1100 1170 11B5;ADB2;1100 1170 11B5; # (궲; 궲; 궲; 궲; 궲; ) HANGUL SYLLABLE GWELP +ADB3;ADB3;1100 1170 11B6;ADB3;1100 1170 11B6; # (궳; 궳; 궳; 궳; 궳; ) HANGUL SYLLABLE GWELH +ADB4;ADB4;1100 1170 11B7;ADB4;1100 1170 11B7; # (궴; 궴; 궴; 궴; 궴; ) HANGUL SYLLABLE GWEM +ADB5;ADB5;1100 1170 11B8;ADB5;1100 1170 11B8; # (궵; 궵; 궵; 궵; 궵; ) HANGUL SYLLABLE GWEB +ADB6;ADB6;1100 1170 11B9;ADB6;1100 1170 11B9; # (궶; 궶; 궶; 궶; 궶; ) HANGUL SYLLABLE GWEBS +ADB7;ADB7;1100 1170 11BA;ADB7;1100 1170 11BA; # (궷; 궷; 궷; 궷; 궷; ) HANGUL SYLLABLE GWES +ADB8;ADB8;1100 1170 11BB;ADB8;1100 1170 11BB; # (궸; 궸; 궸; 궸; 궸; ) HANGUL SYLLABLE GWESS +ADB9;ADB9;1100 1170 11BC;ADB9;1100 1170 11BC; # (궹; 궹; 궹; 궹; 궹; ) HANGUL SYLLABLE GWENG +ADBA;ADBA;1100 1170 11BD;ADBA;1100 1170 11BD; # (궺; 궺; 궺; 궺; 궺; ) HANGUL SYLLABLE GWEJ +ADBB;ADBB;1100 1170 11BE;ADBB;1100 1170 11BE; # (궻; 궻; 궻; 궻; 궻; ) HANGUL SYLLABLE GWEC +ADBC;ADBC;1100 1170 11BF;ADBC;1100 1170 11BF; # (궼; 궼; 궼; 궼; 궼; ) HANGUL SYLLABLE GWEK +ADBD;ADBD;1100 1170 11C0;ADBD;1100 1170 11C0; # (궽; 궽; 궽; 궽; 궽; ) HANGUL SYLLABLE GWET +ADBE;ADBE;1100 1170 11C1;ADBE;1100 1170 11C1; # (궾; 궾; 궤á‡; 궾; 궤á‡; ) HANGUL SYLLABLE GWEP +ADBF;ADBF;1100 1170 11C2;ADBF;1100 1170 11C2; # (궿; 궿; 궿; 궿; 궿; ) HANGUL SYLLABLE GWEH +ADC0;ADC0;1100 1171;ADC0;1100 1171; # (ê·€; ê·€; 귀; ê·€; 귀; ) HANGUL SYLLABLE GWI +ADC1;ADC1;1100 1171 11A8;ADC1;1100 1171 11A8; # (ê·; ê·; 귁; ê·; 귁; ) HANGUL SYLLABLE GWIG +ADC2;ADC2;1100 1171 11A9;ADC2;1100 1171 11A9; # (ê·‚; ê·‚; 귂; ê·‚; 귂; ) HANGUL SYLLABLE GWIGG +ADC3;ADC3;1100 1171 11AA;ADC3;1100 1171 11AA; # (ê·ƒ; ê·ƒ; 귃; ê·ƒ; 귃; ) HANGUL SYLLABLE GWIGS +ADC4;ADC4;1100 1171 11AB;ADC4;1100 1171 11AB; # (ê·„; ê·„; 귄; ê·„; 귄; ) HANGUL SYLLABLE GWIN +ADC5;ADC5;1100 1171 11AC;ADC5;1100 1171 11AC; # (ê·…; ê·…; 귅; ê·…; 귅; ) HANGUL SYLLABLE GWINJ +ADC6;ADC6;1100 1171 11AD;ADC6;1100 1171 11AD; # (ê·†; ê·†; 귆; ê·†; 귆; ) HANGUL SYLLABLE GWINH +ADC7;ADC7;1100 1171 11AE;ADC7;1100 1171 11AE; # (ê·‡; ê·‡; 귇; ê·‡; 귇; ) HANGUL SYLLABLE GWID +ADC8;ADC8;1100 1171 11AF;ADC8;1100 1171 11AF; # (ê·ˆ; ê·ˆ; 귈; ê·ˆ; 귈; ) HANGUL SYLLABLE GWIL +ADC9;ADC9;1100 1171 11B0;ADC9;1100 1171 11B0; # (ê·‰; ê·‰; 귉; ê·‰; 귉; ) HANGUL SYLLABLE GWILG +ADCA;ADCA;1100 1171 11B1;ADCA;1100 1171 11B1; # (ê·Š; ê·Š; 귊; ê·Š; 귊; ) HANGUL SYLLABLE GWILM +ADCB;ADCB;1100 1171 11B2;ADCB;1100 1171 11B2; # (ê·‹; ê·‹; 귋; ê·‹; 귋; ) HANGUL SYLLABLE GWILB +ADCC;ADCC;1100 1171 11B3;ADCC;1100 1171 11B3; # (ê·Œ; ê·Œ; 귌; ê·Œ; 귌; ) HANGUL SYLLABLE GWILS +ADCD;ADCD;1100 1171 11B4;ADCD;1100 1171 11B4; # (ê·; ê·; 귍; ê·; 귍; ) HANGUL SYLLABLE GWILT +ADCE;ADCE;1100 1171 11B5;ADCE;1100 1171 11B5; # (ê·Ž; ê·Ž; 귎; ê·Ž; 귎; ) HANGUL SYLLABLE GWILP +ADCF;ADCF;1100 1171 11B6;ADCF;1100 1171 11B6; # (ê·; ê·; 귏; ê·; 귏; ) HANGUL SYLLABLE GWILH +ADD0;ADD0;1100 1171 11B7;ADD0;1100 1171 11B7; # (ê·; ê·; 귐; ê·; 귐; ) HANGUL SYLLABLE GWIM +ADD1;ADD1;1100 1171 11B8;ADD1;1100 1171 11B8; # (ê·‘; ê·‘; 귑; ê·‘; 귑; ) HANGUL SYLLABLE GWIB +ADD2;ADD2;1100 1171 11B9;ADD2;1100 1171 11B9; # (ê·’; ê·’; 귒; ê·’; 귒; ) HANGUL SYLLABLE GWIBS +ADD3;ADD3;1100 1171 11BA;ADD3;1100 1171 11BA; # (ê·“; ê·“; 귓; ê·“; 귓; ) HANGUL SYLLABLE GWIS +ADD4;ADD4;1100 1171 11BB;ADD4;1100 1171 11BB; # (ê·”; ê·”; 귔; ê·”; 귔; ) HANGUL SYLLABLE GWISS +ADD5;ADD5;1100 1171 11BC;ADD5;1100 1171 11BC; # (ê·•; ê·•; 귕; ê·•; 귕; ) HANGUL SYLLABLE GWING +ADD6;ADD6;1100 1171 11BD;ADD6;1100 1171 11BD; # (ê·–; ê·–; 귖; ê·–; 귖; ) HANGUL SYLLABLE GWIJ +ADD7;ADD7;1100 1171 11BE;ADD7;1100 1171 11BE; # (ê·—; ê·—; 귗; ê·—; 귗; ) HANGUL SYLLABLE GWIC +ADD8;ADD8;1100 1171 11BF;ADD8;1100 1171 11BF; # (ê·˜; ê·˜; 귘; ê·˜; 귘; ) HANGUL SYLLABLE GWIK +ADD9;ADD9;1100 1171 11C0;ADD9;1100 1171 11C0; # (ê·™; ê·™; 귙; ê·™; 귙; ) HANGUL SYLLABLE GWIT +ADDA;ADDA;1100 1171 11C1;ADDA;1100 1171 11C1; # (ê·š; ê·š; 귀á‡; ê·š; 귀á‡; ) HANGUL SYLLABLE GWIP +ADDB;ADDB;1100 1171 11C2;ADDB;1100 1171 11C2; # (ê·›; ê·›; 귛; ê·›; 귛; ) HANGUL SYLLABLE GWIH +ADDC;ADDC;1100 1172;ADDC;1100 1172; # (ê·œ; ê·œ; 규; ê·œ; 규; ) HANGUL SYLLABLE GYU +ADDD;ADDD;1100 1172 11A8;ADDD;1100 1172 11A8; # (ê·; ê·; 귝; ê·; 귝; ) HANGUL SYLLABLE GYUG +ADDE;ADDE;1100 1172 11A9;ADDE;1100 1172 11A9; # (ê·ž; ê·ž; 귞; ê·ž; 귞; ) HANGUL SYLLABLE GYUGG +ADDF;ADDF;1100 1172 11AA;ADDF;1100 1172 11AA; # (ê·Ÿ; ê·Ÿ; 귟; ê·Ÿ; 귟; ) HANGUL SYLLABLE GYUGS +ADE0;ADE0;1100 1172 11AB;ADE0;1100 1172 11AB; # (ê· ; ê· ; 균; ê· ; 균; ) HANGUL SYLLABLE GYUN +ADE1;ADE1;1100 1172 11AC;ADE1;1100 1172 11AC; # (ê·¡; ê·¡; 귡; ê·¡; 귡; ) HANGUL SYLLABLE GYUNJ +ADE2;ADE2;1100 1172 11AD;ADE2;1100 1172 11AD; # (ê·¢; ê·¢; 귢; ê·¢; 귢; ) HANGUL SYLLABLE GYUNH +ADE3;ADE3;1100 1172 11AE;ADE3;1100 1172 11AE; # (ê·£; ê·£; 귣; ê·£; 귣; ) HANGUL SYLLABLE GYUD +ADE4;ADE4;1100 1172 11AF;ADE4;1100 1172 11AF; # (ê·¤; ê·¤; 귤; ê·¤; 귤; ) HANGUL SYLLABLE GYUL +ADE5;ADE5;1100 1172 11B0;ADE5;1100 1172 11B0; # (ê·¥; ê·¥; 귥; ê·¥; 귥; ) HANGUL SYLLABLE GYULG +ADE6;ADE6;1100 1172 11B1;ADE6;1100 1172 11B1; # (ê·¦; ê·¦; 귦; ê·¦; 귦; ) HANGUL SYLLABLE GYULM +ADE7;ADE7;1100 1172 11B2;ADE7;1100 1172 11B2; # (ê·§; ê·§; 귧; ê·§; 귧; ) HANGUL SYLLABLE GYULB +ADE8;ADE8;1100 1172 11B3;ADE8;1100 1172 11B3; # (ê·¨; ê·¨; 귨; ê·¨; 귨; ) HANGUL SYLLABLE GYULS +ADE9;ADE9;1100 1172 11B4;ADE9;1100 1172 11B4; # (ê·©; ê·©; 귩; ê·©; 귩; ) HANGUL SYLLABLE GYULT +ADEA;ADEA;1100 1172 11B5;ADEA;1100 1172 11B5; # (ê·ª; ê·ª; 귪; ê·ª; 귪; ) HANGUL SYLLABLE GYULP +ADEB;ADEB;1100 1172 11B6;ADEB;1100 1172 11B6; # (ê·«; ê·«; 귫; ê·«; 귫; ) HANGUL SYLLABLE GYULH +ADEC;ADEC;1100 1172 11B7;ADEC;1100 1172 11B7; # (ê·¬; ê·¬; 귬; ê·¬; 귬; ) HANGUL SYLLABLE GYUM +ADED;ADED;1100 1172 11B8;ADED;1100 1172 11B8; # (ê·­; ê·­; 귭; ê·­; 귭; ) HANGUL SYLLABLE GYUB +ADEE;ADEE;1100 1172 11B9;ADEE;1100 1172 11B9; # (ê·®; ê·®; 귮; ê·®; 귮; ) HANGUL SYLLABLE GYUBS +ADEF;ADEF;1100 1172 11BA;ADEF;1100 1172 11BA; # (ê·¯; ê·¯; 귯; ê·¯; 귯; ) HANGUL SYLLABLE GYUS +ADF0;ADF0;1100 1172 11BB;ADF0;1100 1172 11BB; # (ê·°; ê·°; 귰; ê·°; 귰; ) HANGUL SYLLABLE GYUSS +ADF1;ADF1;1100 1172 11BC;ADF1;1100 1172 11BC; # (ê·±; ê·±; 귱; ê·±; 귱; ) HANGUL SYLLABLE GYUNG +ADF2;ADF2;1100 1172 11BD;ADF2;1100 1172 11BD; # (ê·²; ê·²; 귲; ê·²; 귲; ) HANGUL SYLLABLE GYUJ +ADF3;ADF3;1100 1172 11BE;ADF3;1100 1172 11BE; # (ê·³; ê·³; 귳; ê·³; 귳; ) HANGUL SYLLABLE GYUC +ADF4;ADF4;1100 1172 11BF;ADF4;1100 1172 11BF; # (ê·´; ê·´; 귴; ê·´; 귴; ) HANGUL SYLLABLE GYUK +ADF5;ADF5;1100 1172 11C0;ADF5;1100 1172 11C0; # (ê·µ; ê·µ; 귵; ê·µ; 귵; ) HANGUL SYLLABLE GYUT +ADF6;ADF6;1100 1172 11C1;ADF6;1100 1172 11C1; # (ê·¶; ê·¶; 규á‡; ê·¶; 규á‡; ) HANGUL SYLLABLE GYUP +ADF7;ADF7;1100 1172 11C2;ADF7;1100 1172 11C2; # (ê··; ê··; 귷; ê··; 귷; ) HANGUL SYLLABLE GYUH +ADF8;ADF8;1100 1173;ADF8;1100 1173; # (ê·¸; ê·¸; 그; ê·¸; 그; ) HANGUL SYLLABLE GEU +ADF9;ADF9;1100 1173 11A8;ADF9;1100 1173 11A8; # (ê·¹; ê·¹; 극; ê·¹; 극; ) HANGUL SYLLABLE GEUG +ADFA;ADFA;1100 1173 11A9;ADFA;1100 1173 11A9; # (ê·º; ê·º; 귺; ê·º; 귺; ) HANGUL SYLLABLE GEUGG +ADFB;ADFB;1100 1173 11AA;ADFB;1100 1173 11AA; # (ê·»; ê·»; 귻; ê·»; 귻; ) HANGUL SYLLABLE GEUGS +ADFC;ADFC;1100 1173 11AB;ADFC;1100 1173 11AB; # (ê·¼; ê·¼; 근; ê·¼; 근; ) HANGUL SYLLABLE GEUN +ADFD;ADFD;1100 1173 11AC;ADFD;1100 1173 11AC; # (ê·½; ê·½; 귽; ê·½; 귽; ) HANGUL SYLLABLE GEUNJ +ADFE;ADFE;1100 1173 11AD;ADFE;1100 1173 11AD; # (ê·¾; ê·¾; 귾; ê·¾; 귾; ) HANGUL SYLLABLE GEUNH +ADFF;ADFF;1100 1173 11AE;ADFF;1100 1173 11AE; # (ê·¿; ê·¿; 귿; ê·¿; 귿; ) HANGUL SYLLABLE GEUD +AE00;AE00;1100 1173 11AF;AE00;1100 1173 11AF; # (글; 글; 글; 글; 글; ) HANGUL SYLLABLE GEUL +AE01;AE01;1100 1173 11B0;AE01;1100 1173 11B0; # (ê¸; ê¸; 긁; ê¸; 긁; ) HANGUL SYLLABLE GEULG +AE02;AE02;1100 1173 11B1;AE02;1100 1173 11B1; # (긂; 긂; 긂; 긂; 긂; ) HANGUL SYLLABLE GEULM +AE03;AE03;1100 1173 11B2;AE03;1100 1173 11B2; # (긃; 긃; 긃; 긃; 긃; ) HANGUL SYLLABLE GEULB +AE04;AE04;1100 1173 11B3;AE04;1100 1173 11B3; # (긄; 긄; 긄; 긄; 긄; ) HANGUL SYLLABLE GEULS +AE05;AE05;1100 1173 11B4;AE05;1100 1173 11B4; # (긅; 긅; 긅; 긅; 긅; ) HANGUL SYLLABLE GEULT +AE06;AE06;1100 1173 11B5;AE06;1100 1173 11B5; # (긆; 긆; 긆; 긆; 긆; ) HANGUL SYLLABLE GEULP +AE07;AE07;1100 1173 11B6;AE07;1100 1173 11B6; # (긇; 긇; 긇; 긇; 긇; ) HANGUL SYLLABLE GEULH +AE08;AE08;1100 1173 11B7;AE08;1100 1173 11B7; # (금; 금; 금; 금; 금; ) HANGUL SYLLABLE GEUM +AE09;AE09;1100 1173 11B8;AE09;1100 1173 11B8; # (급; 급; 급; 급; 급; ) HANGUL SYLLABLE GEUB +AE0A;AE0A;1100 1173 11B9;AE0A;1100 1173 11B9; # (긊; 긊; 긊; 긊; 긊; ) HANGUL SYLLABLE GEUBS +AE0B;AE0B;1100 1173 11BA;AE0B;1100 1173 11BA; # (긋; 긋; 긋; 긋; 긋; ) HANGUL SYLLABLE GEUS +AE0C;AE0C;1100 1173 11BB;AE0C;1100 1173 11BB; # (긌; 긌; 긌; 긌; 긌; ) HANGUL SYLLABLE GEUSS +AE0D;AE0D;1100 1173 11BC;AE0D;1100 1173 11BC; # (ê¸; ê¸; 긍; ê¸; 긍; ) HANGUL SYLLABLE GEUNG +AE0E;AE0E;1100 1173 11BD;AE0E;1100 1173 11BD; # (긎; 긎; 긎; 긎; 긎; ) HANGUL SYLLABLE GEUJ +AE0F;AE0F;1100 1173 11BE;AE0F;1100 1173 11BE; # (ê¸; ê¸; 긏; ê¸; 긏; ) HANGUL SYLLABLE GEUC +AE10;AE10;1100 1173 11BF;AE10;1100 1173 11BF; # (ê¸; ê¸; 긐; ê¸; 긐; ) HANGUL SYLLABLE GEUK +AE11;AE11;1100 1173 11C0;AE11;1100 1173 11C0; # (긑; 긑; 긑; 긑; 긑; ) HANGUL SYLLABLE GEUT +AE12;AE12;1100 1173 11C1;AE12;1100 1173 11C1; # (긒; 긒; 그á‡; 긒; 그á‡; ) HANGUL SYLLABLE GEUP +AE13;AE13;1100 1173 11C2;AE13;1100 1173 11C2; # (긓; 긓; 긓; 긓; 긓; ) HANGUL SYLLABLE GEUH +AE14;AE14;1100 1174;AE14;1100 1174; # (긔; 긔; 긔; 긔; 긔; ) HANGUL SYLLABLE GYI +AE15;AE15;1100 1174 11A8;AE15;1100 1174 11A8; # (긕; 긕; 긕; 긕; 긕; ) HANGUL SYLLABLE GYIG +AE16;AE16;1100 1174 11A9;AE16;1100 1174 11A9; # (긖; 긖; 긖; 긖; 긖; ) HANGUL SYLLABLE GYIGG +AE17;AE17;1100 1174 11AA;AE17;1100 1174 11AA; # (긗; 긗; 긗; 긗; 긗; ) HANGUL SYLLABLE GYIGS +AE18;AE18;1100 1174 11AB;AE18;1100 1174 11AB; # (긘; 긘; 긘; 긘; 긘; ) HANGUL SYLLABLE GYIN +AE19;AE19;1100 1174 11AC;AE19;1100 1174 11AC; # (긙; 긙; 긙; 긙; 긙; ) HANGUL SYLLABLE GYINJ +AE1A;AE1A;1100 1174 11AD;AE1A;1100 1174 11AD; # (긚; 긚; 긚; 긚; 긚; ) HANGUL SYLLABLE GYINH +AE1B;AE1B;1100 1174 11AE;AE1B;1100 1174 11AE; # (긛; 긛; 긛; 긛; 긛; ) HANGUL SYLLABLE GYID +AE1C;AE1C;1100 1174 11AF;AE1C;1100 1174 11AF; # (긜; 긜; 긜; 긜; 긜; ) HANGUL SYLLABLE GYIL +AE1D;AE1D;1100 1174 11B0;AE1D;1100 1174 11B0; # (ê¸; ê¸; 긝; ê¸; 긝; ) HANGUL SYLLABLE GYILG +AE1E;AE1E;1100 1174 11B1;AE1E;1100 1174 11B1; # (긞; 긞; 긞; 긞; 긞; ) HANGUL SYLLABLE GYILM +AE1F;AE1F;1100 1174 11B2;AE1F;1100 1174 11B2; # (긟; 긟; 긟; 긟; 긟; ) HANGUL SYLLABLE GYILB +AE20;AE20;1100 1174 11B3;AE20;1100 1174 11B3; # (긠; 긠; 긠; 긠; 긠; ) HANGUL SYLLABLE GYILS +AE21;AE21;1100 1174 11B4;AE21;1100 1174 11B4; # (긡; 긡; 긡; 긡; 긡; ) HANGUL SYLLABLE GYILT +AE22;AE22;1100 1174 11B5;AE22;1100 1174 11B5; # (긢; 긢; 긢; 긢; 긢; ) HANGUL SYLLABLE GYILP +AE23;AE23;1100 1174 11B6;AE23;1100 1174 11B6; # (긣; 긣; 긣; 긣; 긣; ) HANGUL SYLLABLE GYILH +AE24;AE24;1100 1174 11B7;AE24;1100 1174 11B7; # (긤; 긤; 긤; 긤; 긤; ) HANGUL SYLLABLE GYIM +AE25;AE25;1100 1174 11B8;AE25;1100 1174 11B8; # (긥; 긥; 긥; 긥; 긥; ) HANGUL SYLLABLE GYIB +AE26;AE26;1100 1174 11B9;AE26;1100 1174 11B9; # (긦; 긦; 긦; 긦; 긦; ) HANGUL SYLLABLE GYIBS +AE27;AE27;1100 1174 11BA;AE27;1100 1174 11BA; # (긧; 긧; 긧; 긧; 긧; ) HANGUL SYLLABLE GYIS +AE28;AE28;1100 1174 11BB;AE28;1100 1174 11BB; # (긨; 긨; 긨; 긨; 긨; ) HANGUL SYLLABLE GYISS +AE29;AE29;1100 1174 11BC;AE29;1100 1174 11BC; # (긩; 긩; 긩; 긩; 긩; ) HANGUL SYLLABLE GYING +AE2A;AE2A;1100 1174 11BD;AE2A;1100 1174 11BD; # (긪; 긪; 긪; 긪; 긪; ) HANGUL SYLLABLE GYIJ +AE2B;AE2B;1100 1174 11BE;AE2B;1100 1174 11BE; # (긫; 긫; 긫; 긫; 긫; ) HANGUL SYLLABLE GYIC +AE2C;AE2C;1100 1174 11BF;AE2C;1100 1174 11BF; # (긬; 긬; 긬; 긬; 긬; ) HANGUL SYLLABLE GYIK +AE2D;AE2D;1100 1174 11C0;AE2D;1100 1174 11C0; # (긭; 긭; 긭; 긭; 긭; ) HANGUL SYLLABLE GYIT +AE2E;AE2E;1100 1174 11C1;AE2E;1100 1174 11C1; # (긮; 긮; 긔á‡; 긮; 긔á‡; ) HANGUL SYLLABLE GYIP +AE2F;AE2F;1100 1174 11C2;AE2F;1100 1174 11C2; # (긯; 긯; 긯; 긯; 긯; ) HANGUL SYLLABLE GYIH +AE30;AE30;1100 1175;AE30;1100 1175; # (기; 기; 기; 기; 기; ) HANGUL SYLLABLE GI +AE31;AE31;1100 1175 11A8;AE31;1100 1175 11A8; # (긱; 긱; 긱; 긱; 긱; ) HANGUL SYLLABLE GIG +AE32;AE32;1100 1175 11A9;AE32;1100 1175 11A9; # (긲; 긲; 긲; 긲; 긲; ) HANGUL SYLLABLE GIGG +AE33;AE33;1100 1175 11AA;AE33;1100 1175 11AA; # (긳; 긳; 긳; 긳; 긳; ) HANGUL SYLLABLE GIGS +AE34;AE34;1100 1175 11AB;AE34;1100 1175 11AB; # (긴; 긴; 긴; 긴; 긴; ) HANGUL SYLLABLE GIN +AE35;AE35;1100 1175 11AC;AE35;1100 1175 11AC; # (긵; 긵; 긵; 긵; 긵; ) HANGUL SYLLABLE GINJ +AE36;AE36;1100 1175 11AD;AE36;1100 1175 11AD; # (긶; 긶; 긶; 긶; 긶; ) HANGUL SYLLABLE GINH +AE37;AE37;1100 1175 11AE;AE37;1100 1175 11AE; # (긷; 긷; 긷; 긷; 긷; ) HANGUL SYLLABLE GID +AE38;AE38;1100 1175 11AF;AE38;1100 1175 11AF; # (길; 길; 길; 길; 길; ) HANGUL SYLLABLE GIL +AE39;AE39;1100 1175 11B0;AE39;1100 1175 11B0; # (긹; 긹; 긹; 긹; 긹; ) HANGUL SYLLABLE GILG +AE3A;AE3A;1100 1175 11B1;AE3A;1100 1175 11B1; # (긺; 긺; 긺; 긺; 긺; ) HANGUL SYLLABLE GILM +AE3B;AE3B;1100 1175 11B2;AE3B;1100 1175 11B2; # (긻; 긻; 긻; 긻; 긻; ) HANGUL SYLLABLE GILB +AE3C;AE3C;1100 1175 11B3;AE3C;1100 1175 11B3; # (긼; 긼; 긼; 긼; 긼; ) HANGUL SYLLABLE GILS +AE3D;AE3D;1100 1175 11B4;AE3D;1100 1175 11B4; # (긽; 긽; 긽; 긽; 긽; ) HANGUL SYLLABLE GILT +AE3E;AE3E;1100 1175 11B5;AE3E;1100 1175 11B5; # (긾; 긾; 긾; 긾; 긾; ) HANGUL SYLLABLE GILP +AE3F;AE3F;1100 1175 11B6;AE3F;1100 1175 11B6; # (긿; 긿; 긿; 긿; 긿; ) HANGUL SYLLABLE GILH +AE40;AE40;1100 1175 11B7;AE40;1100 1175 11B7; # (ê¹€; ê¹€; 김; ê¹€; 김; ) HANGUL SYLLABLE GIM +AE41;AE41;1100 1175 11B8;AE41;1100 1175 11B8; # (ê¹; ê¹; 깁; ê¹; 깁; ) HANGUL SYLLABLE GIB +AE42;AE42;1100 1175 11B9;AE42;1100 1175 11B9; # (깂; 깂; 깂; 깂; 깂; ) HANGUL SYLLABLE GIBS +AE43;AE43;1100 1175 11BA;AE43;1100 1175 11BA; # (깃; 깃; 깃; 깃; 깃; ) HANGUL SYLLABLE GIS +AE44;AE44;1100 1175 11BB;AE44;1100 1175 11BB; # (깄; 깄; 깄; 깄; 깄; ) HANGUL SYLLABLE GISS +AE45;AE45;1100 1175 11BC;AE45;1100 1175 11BC; # (ê¹…; ê¹…; 깅; ê¹…; 깅; ) HANGUL SYLLABLE GING +AE46;AE46;1100 1175 11BD;AE46;1100 1175 11BD; # (깆; 깆; 깆; 깆; 깆; ) HANGUL SYLLABLE GIJ +AE47;AE47;1100 1175 11BE;AE47;1100 1175 11BE; # (깇; 깇; 깇; 깇; 깇; ) HANGUL SYLLABLE GIC +AE48;AE48;1100 1175 11BF;AE48;1100 1175 11BF; # (깈; 깈; 깈; 깈; 깈; ) HANGUL SYLLABLE GIK +AE49;AE49;1100 1175 11C0;AE49;1100 1175 11C0; # (깉; 깉; 깉; 깉; 깉; ) HANGUL SYLLABLE GIT +AE4A;AE4A;1100 1175 11C1;AE4A;1100 1175 11C1; # (깊; 깊; 기á‡; 깊; 기á‡; ) HANGUL SYLLABLE GIP +AE4B;AE4B;1100 1175 11C2;AE4B;1100 1175 11C2; # (깋; 깋; 깋; 깋; 깋; ) HANGUL SYLLABLE GIH +AE4C;AE4C;1101 1161;AE4C;1101 1161; # (까; 까; á„á…¡; 까; á„á…¡; ) HANGUL SYLLABLE GGA +AE4D;AE4D;1101 1161 11A8;AE4D;1101 1161 11A8; # (ê¹; ê¹; á„ᅡᆨ; ê¹; á„ᅡᆨ; ) HANGUL SYLLABLE GGAG +AE4E;AE4E;1101 1161 11A9;AE4E;1101 1161 11A9; # (깎; 깎; á„ᅡᆩ; 깎; á„ᅡᆩ; ) HANGUL SYLLABLE GGAGG +AE4F;AE4F;1101 1161 11AA;AE4F;1101 1161 11AA; # (ê¹; ê¹; á„ᅡᆪ; ê¹; á„ᅡᆪ; ) HANGUL SYLLABLE GGAGS +AE50;AE50;1101 1161 11AB;AE50;1101 1161 11AB; # (ê¹; ê¹; á„ᅡᆫ; ê¹; á„ᅡᆫ; ) HANGUL SYLLABLE GGAN +AE51;AE51;1101 1161 11AC;AE51;1101 1161 11AC; # (깑; 깑; á„ᅡᆬ; 깑; á„ᅡᆬ; ) HANGUL SYLLABLE GGANJ +AE52;AE52;1101 1161 11AD;AE52;1101 1161 11AD; # (ê¹’; ê¹’; á„ᅡᆭ; ê¹’; á„ᅡᆭ; ) HANGUL SYLLABLE GGANH +AE53;AE53;1101 1161 11AE;AE53;1101 1161 11AE; # (깓; 깓; á„ᅡᆮ; 깓; á„ᅡᆮ; ) HANGUL SYLLABLE GGAD +AE54;AE54;1101 1161 11AF;AE54;1101 1161 11AF; # (ê¹”; ê¹”; á„ᅡᆯ; ê¹”; á„ᅡᆯ; ) HANGUL SYLLABLE GGAL +AE55;AE55;1101 1161 11B0;AE55;1101 1161 11B0; # (깕; 깕; á„ᅡᆰ; 깕; á„ᅡᆰ; ) HANGUL SYLLABLE GGALG +AE56;AE56;1101 1161 11B1;AE56;1101 1161 11B1; # (ê¹–; ê¹–; á„ᅡᆱ; ê¹–; á„ᅡᆱ; ) HANGUL SYLLABLE GGALM +AE57;AE57;1101 1161 11B2;AE57;1101 1161 11B2; # (ê¹—; ê¹—; á„ᅡᆲ; ê¹—; á„ᅡᆲ; ) HANGUL SYLLABLE GGALB +AE58;AE58;1101 1161 11B3;AE58;1101 1161 11B3; # (깘; 깘; á„ᅡᆳ; 깘; á„ᅡᆳ; ) HANGUL SYLLABLE GGALS +AE59;AE59;1101 1161 11B4;AE59;1101 1161 11B4; # (ê¹™; ê¹™; á„ᅡᆴ; ê¹™; á„ᅡᆴ; ) HANGUL SYLLABLE GGALT +AE5A;AE5A;1101 1161 11B5;AE5A;1101 1161 11B5; # (깚; 깚; á„ᅡᆵ; 깚; á„ᅡᆵ; ) HANGUL SYLLABLE GGALP +AE5B;AE5B;1101 1161 11B6;AE5B;1101 1161 11B6; # (ê¹›; ê¹›; á„ᅡᆶ; ê¹›; á„ᅡᆶ; ) HANGUL SYLLABLE GGALH +AE5C;AE5C;1101 1161 11B7;AE5C;1101 1161 11B7; # (깜; 깜; á„ᅡᆷ; 깜; á„ᅡᆷ; ) HANGUL SYLLABLE GGAM +AE5D;AE5D;1101 1161 11B8;AE5D;1101 1161 11B8; # (ê¹; ê¹; á„ᅡᆸ; ê¹; á„ᅡᆸ; ) HANGUL SYLLABLE GGAB +AE5E;AE5E;1101 1161 11B9;AE5E;1101 1161 11B9; # (깞; 깞; á„ᅡᆹ; 깞; á„ᅡᆹ; ) HANGUL SYLLABLE GGABS +AE5F;AE5F;1101 1161 11BA;AE5F;1101 1161 11BA; # (깟; 깟; á„ᅡᆺ; 깟; á„ᅡᆺ; ) HANGUL SYLLABLE GGAS +AE60;AE60;1101 1161 11BB;AE60;1101 1161 11BB; # (ê¹ ; ê¹ ; á„ᅡᆻ; ê¹ ; á„ᅡᆻ; ) HANGUL SYLLABLE GGASS +AE61;AE61;1101 1161 11BC;AE61;1101 1161 11BC; # (깡; 깡; á„ᅡᆼ; 깡; á„ᅡᆼ; ) HANGUL SYLLABLE GGANG +AE62;AE62;1101 1161 11BD;AE62;1101 1161 11BD; # (ê¹¢; ê¹¢; á„ᅡᆽ; ê¹¢; á„ᅡᆽ; ) HANGUL SYLLABLE GGAJ +AE63;AE63;1101 1161 11BE;AE63;1101 1161 11BE; # (ê¹£; ê¹£; á„ᅡᆾ; ê¹£; á„ᅡᆾ; ) HANGUL SYLLABLE GGAC +AE64;AE64;1101 1161 11BF;AE64;1101 1161 11BF; # (깤; 깤; á„ᅡᆿ; 깤; á„ᅡᆿ; ) HANGUL SYLLABLE GGAK +AE65;AE65;1101 1161 11C0;AE65;1101 1161 11C0; # (ê¹¥; ê¹¥; á„ᅡᇀ; ê¹¥; á„ᅡᇀ; ) HANGUL SYLLABLE GGAT +AE66;AE66;1101 1161 11C1;AE66;1101 1161 11C1; # (깦; 깦; á„á…¡á‡; 깦; á„á…¡á‡; ) HANGUL SYLLABLE GGAP +AE67;AE67;1101 1161 11C2;AE67;1101 1161 11C2; # (깧; 깧; á„ᅡᇂ; 깧; á„ᅡᇂ; ) HANGUL SYLLABLE GGAH +AE68;AE68;1101 1162;AE68;1101 1162; # (깨; 깨; á„á…¢; 깨; á„á…¢; ) HANGUL SYLLABLE GGAE +AE69;AE69;1101 1162 11A8;AE69;1101 1162 11A8; # (깩; 깩; á„ᅢᆨ; 깩; á„ᅢᆨ; ) HANGUL SYLLABLE GGAEG +AE6A;AE6A;1101 1162 11A9;AE6A;1101 1162 11A9; # (깪; 깪; á„ᅢᆩ; 깪; á„ᅢᆩ; ) HANGUL SYLLABLE GGAEGG +AE6B;AE6B;1101 1162 11AA;AE6B;1101 1162 11AA; # (깫; 깫; á„ᅢᆪ; 깫; á„ᅢᆪ; ) HANGUL SYLLABLE GGAEGS +AE6C;AE6C;1101 1162 11AB;AE6C;1101 1162 11AB; # (깬; 깬; á„ᅢᆫ; 깬; á„ᅢᆫ; ) HANGUL SYLLABLE GGAEN +AE6D;AE6D;1101 1162 11AC;AE6D;1101 1162 11AC; # (ê¹­; ê¹­; á„ᅢᆬ; ê¹­; á„ᅢᆬ; ) HANGUL SYLLABLE GGAENJ +AE6E;AE6E;1101 1162 11AD;AE6E;1101 1162 11AD; # (ê¹®; ê¹®; á„ᅢᆭ; ê¹®; á„ᅢᆭ; ) HANGUL SYLLABLE GGAENH +AE6F;AE6F;1101 1162 11AE;AE6F;1101 1162 11AE; # (깯; 깯; á„ᅢᆮ; 깯; á„ᅢᆮ; ) HANGUL SYLLABLE GGAED +AE70;AE70;1101 1162 11AF;AE70;1101 1162 11AF; # (ê¹°; ê¹°; á„ᅢᆯ; ê¹°; á„ᅢᆯ; ) HANGUL SYLLABLE GGAEL +AE71;AE71;1101 1162 11B0;AE71;1101 1162 11B0; # (ê¹±; ê¹±; á„ᅢᆰ; ê¹±; á„ᅢᆰ; ) HANGUL SYLLABLE GGAELG +AE72;AE72;1101 1162 11B1;AE72;1101 1162 11B1; # (ê¹²; ê¹²; á„ᅢᆱ; ê¹²; á„ᅢᆱ; ) HANGUL SYLLABLE GGAELM +AE73;AE73;1101 1162 11B2;AE73;1101 1162 11B2; # (ê¹³; ê¹³; á„ᅢᆲ; ê¹³; á„ᅢᆲ; ) HANGUL SYLLABLE GGAELB +AE74;AE74;1101 1162 11B3;AE74;1101 1162 11B3; # (ê¹´; ê¹´; á„ᅢᆳ; ê¹´; á„ᅢᆳ; ) HANGUL SYLLABLE GGAELS +AE75;AE75;1101 1162 11B4;AE75;1101 1162 11B4; # (ê¹µ; ê¹µ; á„ᅢᆴ; ê¹µ; á„ᅢᆴ; ) HANGUL SYLLABLE GGAELT +AE76;AE76;1101 1162 11B5;AE76;1101 1162 11B5; # (깶; 깶; á„ᅢᆵ; 깶; á„ᅢᆵ; ) HANGUL SYLLABLE GGAELP +AE77;AE77;1101 1162 11B6;AE77;1101 1162 11B6; # (ê¹·; ê¹·; á„ᅢᆶ; ê¹·; á„ᅢᆶ; ) HANGUL SYLLABLE GGAELH +AE78;AE78;1101 1162 11B7;AE78;1101 1162 11B7; # (깸; 깸; á„ᅢᆷ; 깸; á„ᅢᆷ; ) HANGUL SYLLABLE GGAEM +AE79;AE79;1101 1162 11B8;AE79;1101 1162 11B8; # (ê¹¹; ê¹¹; á„ᅢᆸ; ê¹¹; á„ᅢᆸ; ) HANGUL SYLLABLE GGAEB +AE7A;AE7A;1101 1162 11B9;AE7A;1101 1162 11B9; # (깺; 깺; á„ᅢᆹ; 깺; á„ᅢᆹ; ) HANGUL SYLLABLE GGAEBS +AE7B;AE7B;1101 1162 11BA;AE7B;1101 1162 11BA; # (ê¹»; ê¹»; á„ᅢᆺ; ê¹»; á„ᅢᆺ; ) HANGUL SYLLABLE GGAES +AE7C;AE7C;1101 1162 11BB;AE7C;1101 1162 11BB; # (ê¹¼; ê¹¼; á„ᅢᆻ; ê¹¼; á„ᅢᆻ; ) HANGUL SYLLABLE GGAESS +AE7D;AE7D;1101 1162 11BC;AE7D;1101 1162 11BC; # (ê¹½; ê¹½; á„ᅢᆼ; ê¹½; á„ᅢᆼ; ) HANGUL SYLLABLE GGAENG +AE7E;AE7E;1101 1162 11BD;AE7E;1101 1162 11BD; # (ê¹¾; ê¹¾; á„ᅢᆽ; ê¹¾; á„ᅢᆽ; ) HANGUL SYLLABLE GGAEJ +AE7F;AE7F;1101 1162 11BE;AE7F;1101 1162 11BE; # (깿; 깿; á„ᅢᆾ; 깿; á„ᅢᆾ; ) HANGUL SYLLABLE GGAEC +AE80;AE80;1101 1162 11BF;AE80;1101 1162 11BF; # (꺀; 꺀; á„ᅢᆿ; 꺀; á„ᅢᆿ; ) HANGUL SYLLABLE GGAEK +AE81;AE81;1101 1162 11C0;AE81;1101 1162 11C0; # (êº; êº; á„ᅢᇀ; êº; á„ᅢᇀ; ) HANGUL SYLLABLE GGAET +AE82;AE82;1101 1162 11C1;AE82;1101 1162 11C1; # (꺂; 꺂; á„á…¢á‡; 꺂; á„á…¢á‡; ) HANGUL SYLLABLE GGAEP +AE83;AE83;1101 1162 11C2;AE83;1101 1162 11C2; # (꺃; 꺃; á„ᅢᇂ; 꺃; á„ᅢᇂ; ) HANGUL SYLLABLE GGAEH +AE84;AE84;1101 1163;AE84;1101 1163; # (꺄; 꺄; á„á…£; 꺄; á„á…£; ) HANGUL SYLLABLE GGYA +AE85;AE85;1101 1163 11A8;AE85;1101 1163 11A8; # (꺅; 꺅; á„ᅣᆨ; 꺅; á„ᅣᆨ; ) HANGUL SYLLABLE GGYAG +AE86;AE86;1101 1163 11A9;AE86;1101 1163 11A9; # (꺆; 꺆; á„ᅣᆩ; 꺆; á„ᅣᆩ; ) HANGUL SYLLABLE GGYAGG +AE87;AE87;1101 1163 11AA;AE87;1101 1163 11AA; # (꺇; 꺇; á„ᅣᆪ; 꺇; á„ᅣᆪ; ) HANGUL SYLLABLE GGYAGS +AE88;AE88;1101 1163 11AB;AE88;1101 1163 11AB; # (꺈; 꺈; á„ᅣᆫ; 꺈; á„ᅣᆫ; ) HANGUL SYLLABLE GGYAN +AE89;AE89;1101 1163 11AC;AE89;1101 1163 11AC; # (꺉; 꺉; á„ᅣᆬ; 꺉; á„ᅣᆬ; ) HANGUL SYLLABLE GGYANJ +AE8A;AE8A;1101 1163 11AD;AE8A;1101 1163 11AD; # (꺊; 꺊; á„ᅣᆭ; 꺊; á„ᅣᆭ; ) HANGUL SYLLABLE GGYANH +AE8B;AE8B;1101 1163 11AE;AE8B;1101 1163 11AE; # (꺋; 꺋; á„ᅣᆮ; 꺋; á„ᅣᆮ; ) HANGUL SYLLABLE GGYAD +AE8C;AE8C;1101 1163 11AF;AE8C;1101 1163 11AF; # (꺌; 꺌; á„ᅣᆯ; 꺌; á„ᅣᆯ; ) HANGUL SYLLABLE GGYAL +AE8D;AE8D;1101 1163 11B0;AE8D;1101 1163 11B0; # (êº; êº; á„ᅣᆰ; êº; á„ᅣᆰ; ) HANGUL SYLLABLE GGYALG +AE8E;AE8E;1101 1163 11B1;AE8E;1101 1163 11B1; # (꺎; 꺎; á„ᅣᆱ; 꺎; á„ᅣᆱ; ) HANGUL SYLLABLE GGYALM +AE8F;AE8F;1101 1163 11B2;AE8F;1101 1163 11B2; # (êº; êº; á„ᅣᆲ; êº; á„ᅣᆲ; ) HANGUL SYLLABLE GGYALB +AE90;AE90;1101 1163 11B3;AE90;1101 1163 11B3; # (êº; êº; á„ᅣᆳ; êº; á„ᅣᆳ; ) HANGUL SYLLABLE GGYALS +AE91;AE91;1101 1163 11B4;AE91;1101 1163 11B4; # (꺑; 꺑; á„ᅣᆴ; 꺑; á„ᅣᆴ; ) HANGUL SYLLABLE GGYALT +AE92;AE92;1101 1163 11B5;AE92;1101 1163 11B5; # (꺒; 꺒; á„ᅣᆵ; 꺒; á„ᅣᆵ; ) HANGUL SYLLABLE GGYALP +AE93;AE93;1101 1163 11B6;AE93;1101 1163 11B6; # (꺓; 꺓; á„ᅣᆶ; 꺓; á„ᅣᆶ; ) HANGUL SYLLABLE GGYALH +AE94;AE94;1101 1163 11B7;AE94;1101 1163 11B7; # (꺔; 꺔; á„ᅣᆷ; 꺔; á„ᅣᆷ; ) HANGUL SYLLABLE GGYAM +AE95;AE95;1101 1163 11B8;AE95;1101 1163 11B8; # (꺕; 꺕; á„ᅣᆸ; 꺕; á„ᅣᆸ; ) HANGUL SYLLABLE GGYAB +AE96;AE96;1101 1163 11B9;AE96;1101 1163 11B9; # (꺖; 꺖; á„ᅣᆹ; 꺖; á„ᅣᆹ; ) HANGUL SYLLABLE GGYABS +AE97;AE97;1101 1163 11BA;AE97;1101 1163 11BA; # (꺗; 꺗; á„ᅣᆺ; 꺗; á„ᅣᆺ; ) HANGUL SYLLABLE GGYAS +AE98;AE98;1101 1163 11BB;AE98;1101 1163 11BB; # (꺘; 꺘; á„ᅣᆻ; 꺘; á„ᅣᆻ; ) HANGUL SYLLABLE GGYASS +AE99;AE99;1101 1163 11BC;AE99;1101 1163 11BC; # (꺙; 꺙; á„ᅣᆼ; 꺙; á„ᅣᆼ; ) HANGUL SYLLABLE GGYANG +AE9A;AE9A;1101 1163 11BD;AE9A;1101 1163 11BD; # (꺚; 꺚; á„ᅣᆽ; 꺚; á„ᅣᆽ; ) HANGUL SYLLABLE GGYAJ +AE9B;AE9B;1101 1163 11BE;AE9B;1101 1163 11BE; # (꺛; 꺛; á„ᅣᆾ; 꺛; á„ᅣᆾ; ) HANGUL SYLLABLE GGYAC +AE9C;AE9C;1101 1163 11BF;AE9C;1101 1163 11BF; # (꺜; 꺜; á„ᅣᆿ; 꺜; á„ᅣᆿ; ) HANGUL SYLLABLE GGYAK +AE9D;AE9D;1101 1163 11C0;AE9D;1101 1163 11C0; # (êº; êº; á„ᅣᇀ; êº; á„ᅣᇀ; ) HANGUL SYLLABLE GGYAT +AE9E;AE9E;1101 1163 11C1;AE9E;1101 1163 11C1; # (꺞; 꺞; á„á…£á‡; 꺞; á„á…£á‡; ) HANGUL SYLLABLE GGYAP +AE9F;AE9F;1101 1163 11C2;AE9F;1101 1163 11C2; # (꺟; 꺟; á„ᅣᇂ; 꺟; á„ᅣᇂ; ) HANGUL SYLLABLE GGYAH +AEA0;AEA0;1101 1164;AEA0;1101 1164; # (꺠; 꺠; á„á…¤; 꺠; á„á…¤; ) HANGUL SYLLABLE GGYAE +AEA1;AEA1;1101 1164 11A8;AEA1;1101 1164 11A8; # (꺡; 꺡; á„ᅤᆨ; 꺡; á„ᅤᆨ; ) HANGUL SYLLABLE GGYAEG +AEA2;AEA2;1101 1164 11A9;AEA2;1101 1164 11A9; # (꺢; 꺢; á„ᅤᆩ; 꺢; á„ᅤᆩ; ) HANGUL SYLLABLE GGYAEGG +AEA3;AEA3;1101 1164 11AA;AEA3;1101 1164 11AA; # (꺣; 꺣; á„ᅤᆪ; 꺣; á„ᅤᆪ; ) HANGUL SYLLABLE GGYAEGS +AEA4;AEA4;1101 1164 11AB;AEA4;1101 1164 11AB; # (꺤; 꺤; á„ᅤᆫ; 꺤; á„ᅤᆫ; ) HANGUL SYLLABLE GGYAEN +AEA5;AEA5;1101 1164 11AC;AEA5;1101 1164 11AC; # (꺥; 꺥; á„ᅤᆬ; 꺥; á„ᅤᆬ; ) HANGUL SYLLABLE GGYAENJ +AEA6;AEA6;1101 1164 11AD;AEA6;1101 1164 11AD; # (꺦; 꺦; á„ᅤᆭ; 꺦; á„ᅤᆭ; ) HANGUL SYLLABLE GGYAENH +AEA7;AEA7;1101 1164 11AE;AEA7;1101 1164 11AE; # (꺧; 꺧; á„ᅤᆮ; 꺧; á„ᅤᆮ; ) HANGUL SYLLABLE GGYAED +AEA8;AEA8;1101 1164 11AF;AEA8;1101 1164 11AF; # (꺨; 꺨; á„ᅤᆯ; 꺨; á„ᅤᆯ; ) HANGUL SYLLABLE GGYAEL +AEA9;AEA9;1101 1164 11B0;AEA9;1101 1164 11B0; # (꺩; 꺩; á„ᅤᆰ; 꺩; á„ᅤᆰ; ) HANGUL SYLLABLE GGYAELG +AEAA;AEAA;1101 1164 11B1;AEAA;1101 1164 11B1; # (꺪; 꺪; á„ᅤᆱ; 꺪; á„ᅤᆱ; ) HANGUL SYLLABLE GGYAELM +AEAB;AEAB;1101 1164 11B2;AEAB;1101 1164 11B2; # (꺫; 꺫; á„ᅤᆲ; 꺫; á„ᅤᆲ; ) HANGUL SYLLABLE GGYAELB +AEAC;AEAC;1101 1164 11B3;AEAC;1101 1164 11B3; # (꺬; 꺬; á„ᅤᆳ; 꺬; á„ᅤᆳ; ) HANGUL SYLLABLE GGYAELS +AEAD;AEAD;1101 1164 11B4;AEAD;1101 1164 11B4; # (꺭; 꺭; á„ᅤᆴ; 꺭; á„ᅤᆴ; ) HANGUL SYLLABLE GGYAELT +AEAE;AEAE;1101 1164 11B5;AEAE;1101 1164 11B5; # (꺮; 꺮; á„ᅤᆵ; 꺮; á„ᅤᆵ; ) HANGUL SYLLABLE GGYAELP +AEAF;AEAF;1101 1164 11B6;AEAF;1101 1164 11B6; # (꺯; 꺯; á„ᅤᆶ; 꺯; á„ᅤᆶ; ) HANGUL SYLLABLE GGYAELH +AEB0;AEB0;1101 1164 11B7;AEB0;1101 1164 11B7; # (꺰; 꺰; á„ᅤᆷ; 꺰; á„ᅤᆷ; ) HANGUL SYLLABLE GGYAEM +AEB1;AEB1;1101 1164 11B8;AEB1;1101 1164 11B8; # (꺱; 꺱; á„ᅤᆸ; 꺱; á„ᅤᆸ; ) HANGUL SYLLABLE GGYAEB +AEB2;AEB2;1101 1164 11B9;AEB2;1101 1164 11B9; # (꺲; 꺲; á„ᅤᆹ; 꺲; á„ᅤᆹ; ) HANGUL SYLLABLE GGYAEBS +AEB3;AEB3;1101 1164 11BA;AEB3;1101 1164 11BA; # (꺳; 꺳; á„ᅤᆺ; 꺳; á„ᅤᆺ; ) HANGUL SYLLABLE GGYAES +AEB4;AEB4;1101 1164 11BB;AEB4;1101 1164 11BB; # (꺴; 꺴; á„ᅤᆻ; 꺴; á„ᅤᆻ; ) HANGUL SYLLABLE GGYAESS +AEB5;AEB5;1101 1164 11BC;AEB5;1101 1164 11BC; # (꺵; 꺵; á„ᅤᆼ; 꺵; á„ᅤᆼ; ) HANGUL SYLLABLE GGYAENG +AEB6;AEB6;1101 1164 11BD;AEB6;1101 1164 11BD; # (꺶; 꺶; á„ᅤᆽ; 꺶; á„ᅤᆽ; ) HANGUL SYLLABLE GGYAEJ +AEB7;AEB7;1101 1164 11BE;AEB7;1101 1164 11BE; # (꺷; 꺷; á„ᅤᆾ; 꺷; á„ᅤᆾ; ) HANGUL SYLLABLE GGYAEC +AEB8;AEB8;1101 1164 11BF;AEB8;1101 1164 11BF; # (꺸; 꺸; á„ᅤᆿ; 꺸; á„ᅤᆿ; ) HANGUL SYLLABLE GGYAEK +AEB9;AEB9;1101 1164 11C0;AEB9;1101 1164 11C0; # (꺹; 꺹; á„ᅤᇀ; 꺹; á„ᅤᇀ; ) HANGUL SYLLABLE GGYAET +AEBA;AEBA;1101 1164 11C1;AEBA;1101 1164 11C1; # (꺺; 꺺; á„á…¤á‡; 꺺; á„á…¤á‡; ) HANGUL SYLLABLE GGYAEP +AEBB;AEBB;1101 1164 11C2;AEBB;1101 1164 11C2; # (꺻; 꺻; á„ᅤᇂ; 꺻; á„ᅤᇂ; ) HANGUL SYLLABLE GGYAEH +AEBC;AEBC;1101 1165;AEBC;1101 1165; # (꺼; 꺼; á„á…¥; 꺼; á„á…¥; ) HANGUL SYLLABLE GGEO +AEBD;AEBD;1101 1165 11A8;AEBD;1101 1165 11A8; # (꺽; 꺽; á„ᅥᆨ; 꺽; á„ᅥᆨ; ) HANGUL SYLLABLE GGEOG +AEBE;AEBE;1101 1165 11A9;AEBE;1101 1165 11A9; # (꺾; 꺾; á„ᅥᆩ; 꺾; á„ᅥᆩ; ) HANGUL SYLLABLE GGEOGG +AEBF;AEBF;1101 1165 11AA;AEBF;1101 1165 11AA; # (꺿; 꺿; á„ᅥᆪ; 꺿; á„ᅥᆪ; ) HANGUL SYLLABLE GGEOGS +AEC0;AEC0;1101 1165 11AB;AEC0;1101 1165 11AB; # (껀; 껀; á„ᅥᆫ; 껀; á„ᅥᆫ; ) HANGUL SYLLABLE GGEON +AEC1;AEC1;1101 1165 11AC;AEC1;1101 1165 11AC; # (ê»; ê»; á„ᅥᆬ; ê»; á„ᅥᆬ; ) HANGUL SYLLABLE GGEONJ +AEC2;AEC2;1101 1165 11AD;AEC2;1101 1165 11AD; # (껂; 껂; á„ᅥᆭ; 껂; á„ᅥᆭ; ) HANGUL SYLLABLE GGEONH +AEC3;AEC3;1101 1165 11AE;AEC3;1101 1165 11AE; # (껃; 껃; á„ᅥᆮ; 껃; á„ᅥᆮ; ) HANGUL SYLLABLE GGEOD +AEC4;AEC4;1101 1165 11AF;AEC4;1101 1165 11AF; # (껄; 껄; á„ᅥᆯ; 껄; á„ᅥᆯ; ) HANGUL SYLLABLE GGEOL +AEC5;AEC5;1101 1165 11B0;AEC5;1101 1165 11B0; # (ê»…; ê»…; á„ᅥᆰ; ê»…; á„ᅥᆰ; ) HANGUL SYLLABLE GGEOLG +AEC6;AEC6;1101 1165 11B1;AEC6;1101 1165 11B1; # (껆; 껆; á„ᅥᆱ; 껆; á„ᅥᆱ; ) HANGUL SYLLABLE GGEOLM +AEC7;AEC7;1101 1165 11B2;AEC7;1101 1165 11B2; # (껇; 껇; á„ᅥᆲ; 껇; á„ᅥᆲ; ) HANGUL SYLLABLE GGEOLB +AEC8;AEC8;1101 1165 11B3;AEC8;1101 1165 11B3; # (껈; 껈; á„ᅥᆳ; 껈; á„ᅥᆳ; ) HANGUL SYLLABLE GGEOLS +AEC9;AEC9;1101 1165 11B4;AEC9;1101 1165 11B4; # (껉; 껉; á„ᅥᆴ; 껉; á„ᅥᆴ; ) HANGUL SYLLABLE GGEOLT +AECA;AECA;1101 1165 11B5;AECA;1101 1165 11B5; # (껊; 껊; á„ᅥᆵ; 껊; á„ᅥᆵ; ) HANGUL SYLLABLE GGEOLP +AECB;AECB;1101 1165 11B6;AECB;1101 1165 11B6; # (껋; 껋; á„ᅥᆶ; 껋; á„ᅥᆶ; ) HANGUL SYLLABLE GGEOLH +AECC;AECC;1101 1165 11B7;AECC;1101 1165 11B7; # (껌; 껌; á„ᅥᆷ; 껌; á„ᅥᆷ; ) HANGUL SYLLABLE GGEOM +AECD;AECD;1101 1165 11B8;AECD;1101 1165 11B8; # (ê»; ê»; á„ᅥᆸ; ê»; á„ᅥᆸ; ) HANGUL SYLLABLE GGEOB +AECE;AECE;1101 1165 11B9;AECE;1101 1165 11B9; # (껎; 껎; á„ᅥᆹ; 껎; á„ᅥᆹ; ) HANGUL SYLLABLE GGEOBS +AECF;AECF;1101 1165 11BA;AECF;1101 1165 11BA; # (ê»; ê»; á„ᅥᆺ; ê»; á„ᅥᆺ; ) HANGUL SYLLABLE GGEOS +AED0;AED0;1101 1165 11BB;AED0;1101 1165 11BB; # (ê»; ê»; á„ᅥᆻ; ê»; á„ᅥᆻ; ) HANGUL SYLLABLE GGEOSS +AED1;AED1;1101 1165 11BC;AED1;1101 1165 11BC; # (껑; 껑; á„ᅥᆼ; 껑; á„ᅥᆼ; ) HANGUL SYLLABLE GGEONG +AED2;AED2;1101 1165 11BD;AED2;1101 1165 11BD; # (ê»’; ê»’; á„ᅥᆽ; ê»’; á„ᅥᆽ; ) HANGUL SYLLABLE GGEOJ +AED3;AED3;1101 1165 11BE;AED3;1101 1165 11BE; # (껓; 껓; á„ᅥᆾ; 껓; á„ᅥᆾ; ) HANGUL SYLLABLE GGEOC +AED4;AED4;1101 1165 11BF;AED4;1101 1165 11BF; # (ê»”; ê»”; á„ᅥᆿ; ê»”; á„ᅥᆿ; ) HANGUL SYLLABLE GGEOK +AED5;AED5;1101 1165 11C0;AED5;1101 1165 11C0; # (껕; 껕; á„ᅥᇀ; 껕; á„ᅥᇀ; ) HANGUL SYLLABLE GGEOT +AED6;AED6;1101 1165 11C1;AED6;1101 1165 11C1; # (ê»–; ê»–; á„á…¥á‡; ê»–; á„á…¥á‡; ) HANGUL SYLLABLE GGEOP +AED7;AED7;1101 1165 11C2;AED7;1101 1165 11C2; # (ê»—; ê»—; á„ᅥᇂ; ê»—; á„ᅥᇂ; ) HANGUL SYLLABLE GGEOH +AED8;AED8;1101 1166;AED8;1101 1166; # (께; 께; á„á…¦; 께; á„á…¦; ) HANGUL SYLLABLE GGE +AED9;AED9;1101 1166 11A8;AED9;1101 1166 11A8; # (ê»™; ê»™; á„ᅦᆨ; ê»™; á„ᅦᆨ; ) HANGUL SYLLABLE GGEG +AEDA;AEDA;1101 1166 11A9;AEDA;1101 1166 11A9; # (껚; 껚; á„ᅦᆩ; 껚; á„ᅦᆩ; ) HANGUL SYLLABLE GGEGG +AEDB;AEDB;1101 1166 11AA;AEDB;1101 1166 11AA; # (ê»›; ê»›; á„ᅦᆪ; ê»›; á„ᅦᆪ; ) HANGUL SYLLABLE GGEGS +AEDC;AEDC;1101 1166 11AB;AEDC;1101 1166 11AB; # (껜; 껜; á„ᅦᆫ; 껜; á„ᅦᆫ; ) HANGUL SYLLABLE GGEN +AEDD;AEDD;1101 1166 11AC;AEDD;1101 1166 11AC; # (ê»; ê»; á„ᅦᆬ; ê»; á„ᅦᆬ; ) HANGUL SYLLABLE GGENJ +AEDE;AEDE;1101 1166 11AD;AEDE;1101 1166 11AD; # (껞; 껞; á„ᅦᆭ; 껞; á„ᅦᆭ; ) HANGUL SYLLABLE GGENH +AEDF;AEDF;1101 1166 11AE;AEDF;1101 1166 11AE; # (껟; 껟; á„ᅦᆮ; 껟; á„ᅦᆮ; ) HANGUL SYLLABLE GGED +AEE0;AEE0;1101 1166 11AF;AEE0;1101 1166 11AF; # (ê» ; ê» ; á„ᅦᆯ; ê» ; á„ᅦᆯ; ) HANGUL SYLLABLE GGEL +AEE1;AEE1;1101 1166 11B0;AEE1;1101 1166 11B0; # (껡; 껡; á„ᅦᆰ; 껡; á„ᅦᆰ; ) HANGUL SYLLABLE GGELG +AEE2;AEE2;1101 1166 11B1;AEE2;1101 1166 11B1; # (껢; 껢; á„ᅦᆱ; 껢; á„ᅦᆱ; ) HANGUL SYLLABLE GGELM +AEE3;AEE3;1101 1166 11B2;AEE3;1101 1166 11B2; # (껣; 껣; á„ᅦᆲ; 껣; á„ᅦᆲ; ) HANGUL SYLLABLE GGELB +AEE4;AEE4;1101 1166 11B3;AEE4;1101 1166 11B3; # (껤; 껤; á„ᅦᆳ; 껤; á„ᅦᆳ; ) HANGUL SYLLABLE GGELS +AEE5;AEE5;1101 1166 11B4;AEE5;1101 1166 11B4; # (껥; 껥; á„ᅦᆴ; 껥; á„ᅦᆴ; ) HANGUL SYLLABLE GGELT +AEE6;AEE6;1101 1166 11B5;AEE6;1101 1166 11B5; # (껦; 껦; á„ᅦᆵ; 껦; á„ᅦᆵ; ) HANGUL SYLLABLE GGELP +AEE7;AEE7;1101 1166 11B6;AEE7;1101 1166 11B6; # (껧; 껧; á„ᅦᆶ; 껧; á„ᅦᆶ; ) HANGUL SYLLABLE GGELH +AEE8;AEE8;1101 1166 11B7;AEE8;1101 1166 11B7; # (껨; 껨; á„ᅦᆷ; 껨; á„ᅦᆷ; ) HANGUL SYLLABLE GGEM +AEE9;AEE9;1101 1166 11B8;AEE9;1101 1166 11B8; # (껩; 껩; á„ᅦᆸ; 껩; á„ᅦᆸ; ) HANGUL SYLLABLE GGEB +AEEA;AEEA;1101 1166 11B9;AEEA;1101 1166 11B9; # (껪; 껪; á„ᅦᆹ; 껪; á„ᅦᆹ; ) HANGUL SYLLABLE GGEBS +AEEB;AEEB;1101 1166 11BA;AEEB;1101 1166 11BA; # (껫; 껫; á„ᅦᆺ; 껫; á„ᅦᆺ; ) HANGUL SYLLABLE GGES +AEEC;AEEC;1101 1166 11BB;AEEC;1101 1166 11BB; # (껬; 껬; á„ᅦᆻ; 껬; á„ᅦᆻ; ) HANGUL SYLLABLE GGESS +AEED;AEED;1101 1166 11BC;AEED;1101 1166 11BC; # (ê»­; ê»­; á„ᅦᆼ; ê»­; á„ᅦᆼ; ) HANGUL SYLLABLE GGENG +AEEE;AEEE;1101 1166 11BD;AEEE;1101 1166 11BD; # (ê»®; ê»®; á„ᅦᆽ; ê»®; á„ᅦᆽ; ) HANGUL SYLLABLE GGEJ +AEEF;AEEF;1101 1166 11BE;AEEF;1101 1166 11BE; # (껯; 껯; á„ᅦᆾ; 껯; á„ᅦᆾ; ) HANGUL SYLLABLE GGEC +AEF0;AEF0;1101 1166 11BF;AEF0;1101 1166 11BF; # (ê»°; ê»°; á„ᅦᆿ; ê»°; á„ᅦᆿ; ) HANGUL SYLLABLE GGEK +AEF1;AEF1;1101 1166 11C0;AEF1;1101 1166 11C0; # (ê»±; ê»±; á„ᅦᇀ; ê»±; á„ᅦᇀ; ) HANGUL SYLLABLE GGET +AEF2;AEF2;1101 1166 11C1;AEF2;1101 1166 11C1; # (껲; 껲; á„á…¦á‡; 껲; á„á…¦á‡; ) HANGUL SYLLABLE GGEP +AEF3;AEF3;1101 1166 11C2;AEF3;1101 1166 11C2; # (껳; 껳; á„ᅦᇂ; 껳; á„ᅦᇂ; ) HANGUL SYLLABLE GGEH +AEF4;AEF4;1101 1167;AEF4;1101 1167; # (ê»´; ê»´; á„á…§; ê»´; á„á…§; ) HANGUL SYLLABLE GGYEO +AEF5;AEF5;1101 1167 11A8;AEF5;1101 1167 11A8; # (껵; 껵; á„ᅧᆨ; 껵; á„ᅧᆨ; ) HANGUL SYLLABLE GGYEOG +AEF6;AEF6;1101 1167 11A9;AEF6;1101 1167 11A9; # (껶; 껶; á„ᅧᆩ; 껶; á„ᅧᆩ; ) HANGUL SYLLABLE GGYEOGG +AEF7;AEF7;1101 1167 11AA;AEF7;1101 1167 11AA; # (ê»·; ê»·; á„ᅧᆪ; ê»·; á„ᅧᆪ; ) HANGUL SYLLABLE GGYEOGS +AEF8;AEF8;1101 1167 11AB;AEF8;1101 1167 11AB; # (껸; 껸; á„ᅧᆫ; 껸; á„ᅧᆫ; ) HANGUL SYLLABLE GGYEON +AEF9;AEF9;1101 1167 11AC;AEF9;1101 1167 11AC; # (껹; 껹; á„ᅧᆬ; 껹; á„ᅧᆬ; ) HANGUL SYLLABLE GGYEONJ +AEFA;AEFA;1101 1167 11AD;AEFA;1101 1167 11AD; # (껺; 껺; á„ᅧᆭ; 껺; á„ᅧᆭ; ) HANGUL SYLLABLE GGYEONH +AEFB;AEFB;1101 1167 11AE;AEFB;1101 1167 11AE; # (ê»»; ê»»; á„ᅧᆮ; ê»»; á„ᅧᆮ; ) HANGUL SYLLABLE GGYEOD +AEFC;AEFC;1101 1167 11AF;AEFC;1101 1167 11AF; # (껼; 껼; á„ᅧᆯ; 껼; á„ᅧᆯ; ) HANGUL SYLLABLE GGYEOL +AEFD;AEFD;1101 1167 11B0;AEFD;1101 1167 11B0; # (껽; 껽; á„ᅧᆰ; 껽; á„ᅧᆰ; ) HANGUL SYLLABLE GGYEOLG +AEFE;AEFE;1101 1167 11B1;AEFE;1101 1167 11B1; # (껾; 껾; á„ᅧᆱ; 껾; á„ᅧᆱ; ) HANGUL SYLLABLE GGYEOLM +AEFF;AEFF;1101 1167 11B2;AEFF;1101 1167 11B2; # (껿; 껿; á„ᅧᆲ; 껿; á„ᅧᆲ; ) HANGUL SYLLABLE GGYEOLB +AF00;AF00;1101 1167 11B3;AF00;1101 1167 11B3; # (ê¼€; ê¼€; á„ᅧᆳ; ê¼€; á„ᅧᆳ; ) HANGUL SYLLABLE GGYEOLS +AF01;AF01;1101 1167 11B4;AF01;1101 1167 11B4; # (ê¼; ê¼; á„ᅧᆴ; ê¼; á„ᅧᆴ; ) HANGUL SYLLABLE GGYEOLT +AF02;AF02;1101 1167 11B5;AF02;1101 1167 11B5; # (꼂; 꼂; á„ᅧᆵ; 꼂; á„ᅧᆵ; ) HANGUL SYLLABLE GGYEOLP +AF03;AF03;1101 1167 11B6;AF03;1101 1167 11B6; # (꼃; 꼃; á„ᅧᆶ; 꼃; á„ᅧᆶ; ) HANGUL SYLLABLE GGYEOLH +AF04;AF04;1101 1167 11B7;AF04;1101 1167 11B7; # (꼄; 꼄; á„ᅧᆷ; 꼄; á„ᅧᆷ; ) HANGUL SYLLABLE GGYEOM +AF05;AF05;1101 1167 11B8;AF05;1101 1167 11B8; # (ê¼…; ê¼…; á„ᅧᆸ; ê¼…; á„ᅧᆸ; ) HANGUL SYLLABLE GGYEOB +AF06;AF06;1101 1167 11B9;AF06;1101 1167 11B9; # (꼆; 꼆; á„ᅧᆹ; 꼆; á„ᅧᆹ; ) HANGUL SYLLABLE GGYEOBS +AF07;AF07;1101 1167 11BA;AF07;1101 1167 11BA; # (꼇; 꼇; á„ᅧᆺ; 꼇; á„ᅧᆺ; ) HANGUL SYLLABLE GGYEOS +AF08;AF08;1101 1167 11BB;AF08;1101 1167 11BB; # (꼈; 꼈; á„ᅧᆻ; 꼈; á„ᅧᆻ; ) HANGUL SYLLABLE GGYEOSS +AF09;AF09;1101 1167 11BC;AF09;1101 1167 11BC; # (꼉; 꼉; á„ᅧᆼ; 꼉; á„ᅧᆼ; ) HANGUL SYLLABLE GGYEONG +AF0A;AF0A;1101 1167 11BD;AF0A;1101 1167 11BD; # (꼊; 꼊; á„ᅧᆽ; 꼊; á„ᅧᆽ; ) HANGUL SYLLABLE GGYEOJ +AF0B;AF0B;1101 1167 11BE;AF0B;1101 1167 11BE; # (꼋; 꼋; á„ᅧᆾ; 꼋; á„ᅧᆾ; ) HANGUL SYLLABLE GGYEOC +AF0C;AF0C;1101 1167 11BF;AF0C;1101 1167 11BF; # (꼌; 꼌; á„ᅧᆿ; 꼌; á„ᅧᆿ; ) HANGUL SYLLABLE GGYEOK +AF0D;AF0D;1101 1167 11C0;AF0D;1101 1167 11C0; # (ê¼; ê¼; á„ᅧᇀ; ê¼; á„ᅧᇀ; ) HANGUL SYLLABLE GGYEOT +AF0E;AF0E;1101 1167 11C1;AF0E;1101 1167 11C1; # (꼎; 꼎; á„á…§á‡; 꼎; á„á…§á‡; ) HANGUL SYLLABLE GGYEOP +AF0F;AF0F;1101 1167 11C2;AF0F;1101 1167 11C2; # (ê¼; ê¼; á„ᅧᇂ; ê¼; á„ᅧᇂ; ) HANGUL SYLLABLE GGYEOH +AF10;AF10;1101 1168;AF10;1101 1168; # (ê¼; ê¼; á„á…¨; ê¼; á„á…¨; ) HANGUL SYLLABLE GGYE +AF11;AF11;1101 1168 11A8;AF11;1101 1168 11A8; # (꼑; 꼑; á„ᅨᆨ; 꼑; á„ᅨᆨ; ) HANGUL SYLLABLE GGYEG +AF12;AF12;1101 1168 11A9;AF12;1101 1168 11A9; # (ê¼’; ê¼’; á„ᅨᆩ; ê¼’; á„ᅨᆩ; ) HANGUL SYLLABLE GGYEGG +AF13;AF13;1101 1168 11AA;AF13;1101 1168 11AA; # (꼓; 꼓; á„ᅨᆪ; 꼓; á„ᅨᆪ; ) HANGUL SYLLABLE GGYEGS +AF14;AF14;1101 1168 11AB;AF14;1101 1168 11AB; # (ê¼”; ê¼”; á„ᅨᆫ; ê¼”; á„ᅨᆫ; ) HANGUL SYLLABLE GGYEN +AF15;AF15;1101 1168 11AC;AF15;1101 1168 11AC; # (꼕; 꼕; á„ᅨᆬ; 꼕; á„ᅨᆬ; ) HANGUL SYLLABLE GGYENJ +AF16;AF16;1101 1168 11AD;AF16;1101 1168 11AD; # (ê¼–; ê¼–; á„ᅨᆭ; ê¼–; á„ᅨᆭ; ) HANGUL SYLLABLE GGYENH +AF17;AF17;1101 1168 11AE;AF17;1101 1168 11AE; # (ê¼—; ê¼—; á„ᅨᆮ; ê¼—; á„ᅨᆮ; ) HANGUL SYLLABLE GGYED +AF18;AF18;1101 1168 11AF;AF18;1101 1168 11AF; # (꼘; 꼘; á„ᅨᆯ; 꼘; á„ᅨᆯ; ) HANGUL SYLLABLE GGYEL +AF19;AF19;1101 1168 11B0;AF19;1101 1168 11B0; # (ê¼™; ê¼™; á„ᅨᆰ; ê¼™; á„ᅨᆰ; ) HANGUL SYLLABLE GGYELG +AF1A;AF1A;1101 1168 11B1;AF1A;1101 1168 11B1; # (꼚; 꼚; á„ᅨᆱ; 꼚; á„ᅨᆱ; ) HANGUL SYLLABLE GGYELM +AF1B;AF1B;1101 1168 11B2;AF1B;1101 1168 11B2; # (ê¼›; ê¼›; á„ᅨᆲ; ê¼›; á„ᅨᆲ; ) HANGUL SYLLABLE GGYELB +AF1C;AF1C;1101 1168 11B3;AF1C;1101 1168 11B3; # (꼜; 꼜; á„ᅨᆳ; 꼜; á„ᅨᆳ; ) HANGUL SYLLABLE GGYELS +AF1D;AF1D;1101 1168 11B4;AF1D;1101 1168 11B4; # (ê¼; ê¼; á„ᅨᆴ; ê¼; á„ᅨᆴ; ) HANGUL SYLLABLE GGYELT +AF1E;AF1E;1101 1168 11B5;AF1E;1101 1168 11B5; # (꼞; 꼞; á„ᅨᆵ; 꼞; á„ᅨᆵ; ) HANGUL SYLLABLE GGYELP +AF1F;AF1F;1101 1168 11B6;AF1F;1101 1168 11B6; # (꼟; 꼟; á„ᅨᆶ; 꼟; á„ᅨᆶ; ) HANGUL SYLLABLE GGYELH +AF20;AF20;1101 1168 11B7;AF20;1101 1168 11B7; # (ê¼ ; ê¼ ; á„ᅨᆷ; ê¼ ; á„ᅨᆷ; ) HANGUL SYLLABLE GGYEM +AF21;AF21;1101 1168 11B8;AF21;1101 1168 11B8; # (꼡; 꼡; á„ᅨᆸ; 꼡; á„ᅨᆸ; ) HANGUL SYLLABLE GGYEB +AF22;AF22;1101 1168 11B9;AF22;1101 1168 11B9; # (ê¼¢; ê¼¢; á„ᅨᆹ; ê¼¢; á„ᅨᆹ; ) HANGUL SYLLABLE GGYEBS +AF23;AF23;1101 1168 11BA;AF23;1101 1168 11BA; # (ê¼£; ê¼£; á„ᅨᆺ; ê¼£; á„ᅨᆺ; ) HANGUL SYLLABLE GGYES +AF24;AF24;1101 1168 11BB;AF24;1101 1168 11BB; # (꼤; 꼤; á„ᅨᆻ; 꼤; á„ᅨᆻ; ) HANGUL SYLLABLE GGYESS +AF25;AF25;1101 1168 11BC;AF25;1101 1168 11BC; # (ê¼¥; ê¼¥; á„ᅨᆼ; ê¼¥; á„ᅨᆼ; ) HANGUL SYLLABLE GGYENG +AF26;AF26;1101 1168 11BD;AF26;1101 1168 11BD; # (꼦; 꼦; á„ᅨᆽ; 꼦; á„ᅨᆽ; ) HANGUL SYLLABLE GGYEJ +AF27;AF27;1101 1168 11BE;AF27;1101 1168 11BE; # (꼧; 꼧; á„ᅨᆾ; 꼧; á„ᅨᆾ; ) HANGUL SYLLABLE GGYEC +AF28;AF28;1101 1168 11BF;AF28;1101 1168 11BF; # (꼨; 꼨; á„ᅨᆿ; 꼨; á„ᅨᆿ; ) HANGUL SYLLABLE GGYEK +AF29;AF29;1101 1168 11C0;AF29;1101 1168 11C0; # (꼩; 꼩; á„ᅨᇀ; 꼩; á„ᅨᇀ; ) HANGUL SYLLABLE GGYET +AF2A;AF2A;1101 1168 11C1;AF2A;1101 1168 11C1; # (꼪; 꼪; á„á…¨á‡; 꼪; á„á…¨á‡; ) HANGUL SYLLABLE GGYEP +AF2B;AF2B;1101 1168 11C2;AF2B;1101 1168 11C2; # (꼫; 꼫; á„ᅨᇂ; 꼫; á„ᅨᇂ; ) HANGUL SYLLABLE GGYEH +AF2C;AF2C;1101 1169;AF2C;1101 1169; # (꼬; 꼬; á„á…©; 꼬; á„á…©; ) HANGUL SYLLABLE GGO +AF2D;AF2D;1101 1169 11A8;AF2D;1101 1169 11A8; # (ê¼­; ê¼­; á„ᅩᆨ; ê¼­; á„ᅩᆨ; ) HANGUL SYLLABLE GGOG +AF2E;AF2E;1101 1169 11A9;AF2E;1101 1169 11A9; # (ê¼®; ê¼®; á„ᅩᆩ; ê¼®; á„ᅩᆩ; ) HANGUL SYLLABLE GGOGG +AF2F;AF2F;1101 1169 11AA;AF2F;1101 1169 11AA; # (꼯; 꼯; á„ᅩᆪ; 꼯; á„ᅩᆪ; ) HANGUL SYLLABLE GGOGS +AF30;AF30;1101 1169 11AB;AF30;1101 1169 11AB; # (ê¼°; ê¼°; á„ᅩᆫ; ê¼°; á„ᅩᆫ; ) HANGUL SYLLABLE GGON +AF31;AF31;1101 1169 11AC;AF31;1101 1169 11AC; # (ê¼±; ê¼±; á„ᅩᆬ; ê¼±; á„ᅩᆬ; ) HANGUL SYLLABLE GGONJ +AF32;AF32;1101 1169 11AD;AF32;1101 1169 11AD; # (ê¼²; ê¼²; á„ᅩᆭ; ê¼²; á„ᅩᆭ; ) HANGUL SYLLABLE GGONH +AF33;AF33;1101 1169 11AE;AF33;1101 1169 11AE; # (ê¼³; ê¼³; á„ᅩᆮ; ê¼³; á„ᅩᆮ; ) HANGUL SYLLABLE GGOD +AF34;AF34;1101 1169 11AF;AF34;1101 1169 11AF; # (ê¼´; ê¼´; á„ᅩᆯ; ê¼´; á„ᅩᆯ; ) HANGUL SYLLABLE GGOL +AF35;AF35;1101 1169 11B0;AF35;1101 1169 11B0; # (ê¼µ; ê¼µ; á„ᅩᆰ; ê¼µ; á„ᅩᆰ; ) HANGUL SYLLABLE GGOLG +AF36;AF36;1101 1169 11B1;AF36;1101 1169 11B1; # (꼶; 꼶; á„ᅩᆱ; 꼶; á„ᅩᆱ; ) HANGUL SYLLABLE GGOLM +AF37;AF37;1101 1169 11B2;AF37;1101 1169 11B2; # (ê¼·; ê¼·; á„ᅩᆲ; ê¼·; á„ᅩᆲ; ) HANGUL SYLLABLE GGOLB +AF38;AF38;1101 1169 11B3;AF38;1101 1169 11B3; # (꼸; 꼸; á„ᅩᆳ; 꼸; á„ᅩᆳ; ) HANGUL SYLLABLE GGOLS +AF39;AF39;1101 1169 11B4;AF39;1101 1169 11B4; # (ê¼¹; ê¼¹; á„ᅩᆴ; ê¼¹; á„ᅩᆴ; ) HANGUL SYLLABLE GGOLT +AF3A;AF3A;1101 1169 11B5;AF3A;1101 1169 11B5; # (꼺; 꼺; á„ᅩᆵ; 꼺; á„ᅩᆵ; ) HANGUL SYLLABLE GGOLP +AF3B;AF3B;1101 1169 11B6;AF3B;1101 1169 11B6; # (ê¼»; ê¼»; á„ᅩᆶ; ê¼»; á„ᅩᆶ; ) HANGUL SYLLABLE GGOLH +AF3C;AF3C;1101 1169 11B7;AF3C;1101 1169 11B7; # (ê¼¼; ê¼¼; á„ᅩᆷ; ê¼¼; á„ᅩᆷ; ) HANGUL SYLLABLE GGOM +AF3D;AF3D;1101 1169 11B8;AF3D;1101 1169 11B8; # (ê¼½; ê¼½; á„ᅩᆸ; ê¼½; á„ᅩᆸ; ) HANGUL SYLLABLE GGOB +AF3E;AF3E;1101 1169 11B9;AF3E;1101 1169 11B9; # (ê¼¾; ê¼¾; á„ᅩᆹ; ê¼¾; á„ᅩᆹ; ) HANGUL SYLLABLE GGOBS +AF3F;AF3F;1101 1169 11BA;AF3F;1101 1169 11BA; # (꼿; 꼿; á„ᅩᆺ; 꼿; á„ᅩᆺ; ) HANGUL SYLLABLE GGOS +AF40;AF40;1101 1169 11BB;AF40;1101 1169 11BB; # (ê½€; ê½€; á„ᅩᆻ; ê½€; á„ᅩᆻ; ) HANGUL SYLLABLE GGOSS +AF41;AF41;1101 1169 11BC;AF41;1101 1169 11BC; # (ê½; ê½; á„ᅩᆼ; ê½; á„ᅩᆼ; ) HANGUL SYLLABLE GGONG +AF42;AF42;1101 1169 11BD;AF42;1101 1169 11BD; # (꽂; 꽂; á„ᅩᆽ; 꽂; á„ᅩᆽ; ) HANGUL SYLLABLE GGOJ +AF43;AF43;1101 1169 11BE;AF43;1101 1169 11BE; # (꽃; 꽃; á„ᅩᆾ; 꽃; á„ᅩᆾ; ) HANGUL SYLLABLE GGOC +AF44;AF44;1101 1169 11BF;AF44;1101 1169 11BF; # (꽄; 꽄; á„ᅩᆿ; 꽄; á„ᅩᆿ; ) HANGUL SYLLABLE GGOK +AF45;AF45;1101 1169 11C0;AF45;1101 1169 11C0; # (ê½…; ê½…; á„ᅩᇀ; ê½…; á„ᅩᇀ; ) HANGUL SYLLABLE GGOT +AF46;AF46;1101 1169 11C1;AF46;1101 1169 11C1; # (꽆; 꽆; á„á…©á‡; 꽆; á„á…©á‡; ) HANGUL SYLLABLE GGOP +AF47;AF47;1101 1169 11C2;AF47;1101 1169 11C2; # (꽇; 꽇; á„ᅩᇂ; 꽇; á„ᅩᇂ; ) HANGUL SYLLABLE GGOH +AF48;AF48;1101 116A;AF48;1101 116A; # (꽈; 꽈; á„á…ª; 꽈; á„á…ª; ) HANGUL SYLLABLE GGWA +AF49;AF49;1101 116A 11A8;AF49;1101 116A 11A8; # (꽉; 꽉; á„ᅪᆨ; 꽉; á„ᅪᆨ; ) HANGUL SYLLABLE GGWAG +AF4A;AF4A;1101 116A 11A9;AF4A;1101 116A 11A9; # (꽊; 꽊; á„ᅪᆩ; 꽊; á„ᅪᆩ; ) HANGUL SYLLABLE GGWAGG +AF4B;AF4B;1101 116A 11AA;AF4B;1101 116A 11AA; # (꽋; 꽋; á„ᅪᆪ; 꽋; á„ᅪᆪ; ) HANGUL SYLLABLE GGWAGS +AF4C;AF4C;1101 116A 11AB;AF4C;1101 116A 11AB; # (꽌; 꽌; á„ᅪᆫ; 꽌; á„ᅪᆫ; ) HANGUL SYLLABLE GGWAN +AF4D;AF4D;1101 116A 11AC;AF4D;1101 116A 11AC; # (ê½; ê½; á„ᅪᆬ; ê½; á„ᅪᆬ; ) HANGUL SYLLABLE GGWANJ +AF4E;AF4E;1101 116A 11AD;AF4E;1101 116A 11AD; # (꽎; 꽎; á„ᅪᆭ; 꽎; á„ᅪᆭ; ) HANGUL SYLLABLE GGWANH +AF4F;AF4F;1101 116A 11AE;AF4F;1101 116A 11AE; # (ê½; ê½; á„ᅪᆮ; ê½; á„ᅪᆮ; ) HANGUL SYLLABLE GGWAD +AF50;AF50;1101 116A 11AF;AF50;1101 116A 11AF; # (ê½; ê½; á„ᅪᆯ; ê½; á„ᅪᆯ; ) HANGUL SYLLABLE GGWAL +AF51;AF51;1101 116A 11B0;AF51;1101 116A 11B0; # (꽑; 꽑; á„ᅪᆰ; 꽑; á„ᅪᆰ; ) HANGUL SYLLABLE GGWALG +AF52;AF52;1101 116A 11B1;AF52;1101 116A 11B1; # (ê½’; ê½’; á„ᅪᆱ; ê½’; á„ᅪᆱ; ) HANGUL SYLLABLE GGWALM +AF53;AF53;1101 116A 11B2;AF53;1101 116A 11B2; # (꽓; 꽓; á„ᅪᆲ; 꽓; á„ᅪᆲ; ) HANGUL SYLLABLE GGWALB +AF54;AF54;1101 116A 11B3;AF54;1101 116A 11B3; # (ê½”; ê½”; á„ᅪᆳ; ê½”; á„ᅪᆳ; ) HANGUL SYLLABLE GGWALS +AF55;AF55;1101 116A 11B4;AF55;1101 116A 11B4; # (꽕; 꽕; á„ᅪᆴ; 꽕; á„ᅪᆴ; ) HANGUL SYLLABLE GGWALT +AF56;AF56;1101 116A 11B5;AF56;1101 116A 11B5; # (ê½–; ê½–; á„ᅪᆵ; ê½–; á„ᅪᆵ; ) HANGUL SYLLABLE GGWALP +AF57;AF57;1101 116A 11B6;AF57;1101 116A 11B6; # (ê½—; ê½—; á„ᅪᆶ; ê½—; á„ᅪᆶ; ) HANGUL SYLLABLE GGWALH +AF58;AF58;1101 116A 11B7;AF58;1101 116A 11B7; # (꽘; 꽘; á„ᅪᆷ; 꽘; á„ᅪᆷ; ) HANGUL SYLLABLE GGWAM +AF59;AF59;1101 116A 11B8;AF59;1101 116A 11B8; # (ê½™; ê½™; á„ᅪᆸ; ê½™; á„ᅪᆸ; ) HANGUL SYLLABLE GGWAB +AF5A;AF5A;1101 116A 11B9;AF5A;1101 116A 11B9; # (꽚; 꽚; á„ᅪᆹ; 꽚; á„ᅪᆹ; ) HANGUL SYLLABLE GGWABS +AF5B;AF5B;1101 116A 11BA;AF5B;1101 116A 11BA; # (ê½›; ê½›; á„ᅪᆺ; ê½›; á„ᅪᆺ; ) HANGUL SYLLABLE GGWAS +AF5C;AF5C;1101 116A 11BB;AF5C;1101 116A 11BB; # (꽜; 꽜; á„ᅪᆻ; 꽜; á„ᅪᆻ; ) HANGUL SYLLABLE GGWASS +AF5D;AF5D;1101 116A 11BC;AF5D;1101 116A 11BC; # (ê½; ê½; á„ᅪᆼ; ê½; á„ᅪᆼ; ) HANGUL SYLLABLE GGWANG +AF5E;AF5E;1101 116A 11BD;AF5E;1101 116A 11BD; # (꽞; 꽞; á„ᅪᆽ; 꽞; á„ᅪᆽ; ) HANGUL SYLLABLE GGWAJ +AF5F;AF5F;1101 116A 11BE;AF5F;1101 116A 11BE; # (꽟; 꽟; á„ᅪᆾ; 꽟; á„ᅪᆾ; ) HANGUL SYLLABLE GGWAC +AF60;AF60;1101 116A 11BF;AF60;1101 116A 11BF; # (ê½ ; ê½ ; á„ᅪᆿ; ê½ ; á„ᅪᆿ; ) HANGUL SYLLABLE GGWAK +AF61;AF61;1101 116A 11C0;AF61;1101 116A 11C0; # (꽡; 꽡; á„ᅪᇀ; 꽡; á„ᅪᇀ; ) HANGUL SYLLABLE GGWAT +AF62;AF62;1101 116A 11C1;AF62;1101 116A 11C1; # (ê½¢; ê½¢; á„á…ªá‡; ê½¢; á„á…ªá‡; ) HANGUL SYLLABLE GGWAP +AF63;AF63;1101 116A 11C2;AF63;1101 116A 11C2; # (ê½£; ê½£; á„ᅪᇂ; ê½£; á„ᅪᇂ; ) HANGUL SYLLABLE GGWAH +AF64;AF64;1101 116B;AF64;1101 116B; # (꽤; 꽤; á„á…«; 꽤; á„á…«; ) HANGUL SYLLABLE GGWAE +AF65;AF65;1101 116B 11A8;AF65;1101 116B 11A8; # (ê½¥; ê½¥; á„ᅫᆨ; ê½¥; á„ᅫᆨ; ) HANGUL SYLLABLE GGWAEG +AF66;AF66;1101 116B 11A9;AF66;1101 116B 11A9; # (꽦; 꽦; á„ᅫᆩ; 꽦; á„ᅫᆩ; ) HANGUL SYLLABLE GGWAEGG +AF67;AF67;1101 116B 11AA;AF67;1101 116B 11AA; # (꽧; 꽧; á„ᅫᆪ; 꽧; á„ᅫᆪ; ) HANGUL SYLLABLE GGWAEGS +AF68;AF68;1101 116B 11AB;AF68;1101 116B 11AB; # (꽨; 꽨; á„ᅫᆫ; 꽨; á„ᅫᆫ; ) HANGUL SYLLABLE GGWAEN +AF69;AF69;1101 116B 11AC;AF69;1101 116B 11AC; # (꽩; 꽩; á„ᅫᆬ; 꽩; á„ᅫᆬ; ) HANGUL SYLLABLE GGWAENJ +AF6A;AF6A;1101 116B 11AD;AF6A;1101 116B 11AD; # (꽪; 꽪; á„ᅫᆭ; 꽪; á„ᅫᆭ; ) HANGUL SYLLABLE GGWAENH +AF6B;AF6B;1101 116B 11AE;AF6B;1101 116B 11AE; # (꽫; 꽫; á„ᅫᆮ; 꽫; á„ᅫᆮ; ) HANGUL SYLLABLE GGWAED +AF6C;AF6C;1101 116B 11AF;AF6C;1101 116B 11AF; # (꽬; 꽬; á„ᅫᆯ; 꽬; á„ᅫᆯ; ) HANGUL SYLLABLE GGWAEL +AF6D;AF6D;1101 116B 11B0;AF6D;1101 116B 11B0; # (ê½­; ê½­; á„ᅫᆰ; ê½­; á„ᅫᆰ; ) HANGUL SYLLABLE GGWAELG +AF6E;AF6E;1101 116B 11B1;AF6E;1101 116B 11B1; # (ê½®; ê½®; á„ᅫᆱ; ê½®; á„ᅫᆱ; ) HANGUL SYLLABLE GGWAELM +AF6F;AF6F;1101 116B 11B2;AF6F;1101 116B 11B2; # (꽯; 꽯; á„ᅫᆲ; 꽯; á„ᅫᆲ; ) HANGUL SYLLABLE GGWAELB +AF70;AF70;1101 116B 11B3;AF70;1101 116B 11B3; # (ê½°; ê½°; á„ᅫᆳ; ê½°; á„ᅫᆳ; ) HANGUL SYLLABLE GGWAELS +AF71;AF71;1101 116B 11B4;AF71;1101 116B 11B4; # (ê½±; ê½±; á„ᅫᆴ; ê½±; á„ᅫᆴ; ) HANGUL SYLLABLE GGWAELT +AF72;AF72;1101 116B 11B5;AF72;1101 116B 11B5; # (ê½²; ê½²; á„ᅫᆵ; ê½²; á„ᅫᆵ; ) HANGUL SYLLABLE GGWAELP +AF73;AF73;1101 116B 11B6;AF73;1101 116B 11B6; # (ê½³; ê½³; á„ᅫᆶ; ê½³; á„ᅫᆶ; ) HANGUL SYLLABLE GGWAELH +AF74;AF74;1101 116B 11B7;AF74;1101 116B 11B7; # (ê½´; ê½´; á„ᅫᆷ; ê½´; á„ᅫᆷ; ) HANGUL SYLLABLE GGWAEM +AF75;AF75;1101 116B 11B8;AF75;1101 116B 11B8; # (ê½µ; ê½µ; á„ᅫᆸ; ê½µ; á„ᅫᆸ; ) HANGUL SYLLABLE GGWAEB +AF76;AF76;1101 116B 11B9;AF76;1101 116B 11B9; # (꽶; 꽶; á„ᅫᆹ; 꽶; á„ᅫᆹ; ) HANGUL SYLLABLE GGWAEBS +AF77;AF77;1101 116B 11BA;AF77;1101 116B 11BA; # (ê½·; ê½·; á„ᅫᆺ; ê½·; á„ᅫᆺ; ) HANGUL SYLLABLE GGWAES +AF78;AF78;1101 116B 11BB;AF78;1101 116B 11BB; # (꽸; 꽸; á„ᅫᆻ; 꽸; á„ᅫᆻ; ) HANGUL SYLLABLE GGWAESS +AF79;AF79;1101 116B 11BC;AF79;1101 116B 11BC; # (ê½¹; ê½¹; á„ᅫᆼ; ê½¹; á„ᅫᆼ; ) HANGUL SYLLABLE GGWAENG +AF7A;AF7A;1101 116B 11BD;AF7A;1101 116B 11BD; # (꽺; 꽺; á„ᅫᆽ; 꽺; á„ᅫᆽ; ) HANGUL SYLLABLE GGWAEJ +AF7B;AF7B;1101 116B 11BE;AF7B;1101 116B 11BE; # (ê½»; ê½»; á„ᅫᆾ; ê½»; á„ᅫᆾ; ) HANGUL SYLLABLE GGWAEC +AF7C;AF7C;1101 116B 11BF;AF7C;1101 116B 11BF; # (ê½¼; ê½¼; á„ᅫᆿ; ê½¼; á„ᅫᆿ; ) HANGUL SYLLABLE GGWAEK +AF7D;AF7D;1101 116B 11C0;AF7D;1101 116B 11C0; # (ê½½; ê½½; á„ᅫᇀ; ê½½; á„ᅫᇀ; ) HANGUL SYLLABLE GGWAET +AF7E;AF7E;1101 116B 11C1;AF7E;1101 116B 11C1; # (ê½¾; ê½¾; á„á…«á‡; ê½¾; á„á…«á‡; ) HANGUL SYLLABLE GGWAEP +AF7F;AF7F;1101 116B 11C2;AF7F;1101 116B 11C2; # (꽿; 꽿; á„ᅫᇂ; 꽿; á„ᅫᇂ; ) HANGUL SYLLABLE GGWAEH +AF80;AF80;1101 116C;AF80;1101 116C; # (ê¾€; ê¾€; á„á…¬; ê¾€; á„á…¬; ) HANGUL SYLLABLE GGOE +AF81;AF81;1101 116C 11A8;AF81;1101 116C 11A8; # (ê¾; ê¾; á„ᅬᆨ; ê¾; á„ᅬᆨ; ) HANGUL SYLLABLE GGOEG +AF82;AF82;1101 116C 11A9;AF82;1101 116C 11A9; # (꾂; 꾂; á„ᅬᆩ; 꾂; á„ᅬᆩ; ) HANGUL SYLLABLE GGOEGG +AF83;AF83;1101 116C 11AA;AF83;1101 116C 11AA; # (꾃; 꾃; á„ᅬᆪ; 꾃; á„ᅬᆪ; ) HANGUL SYLLABLE GGOEGS +AF84;AF84;1101 116C 11AB;AF84;1101 116C 11AB; # (꾄; 꾄; á„ᅬᆫ; 꾄; á„ᅬᆫ; ) HANGUL SYLLABLE GGOEN +AF85;AF85;1101 116C 11AC;AF85;1101 116C 11AC; # (ê¾…; ê¾…; á„ᅬᆬ; ê¾…; á„ᅬᆬ; ) HANGUL SYLLABLE GGOENJ +AF86;AF86;1101 116C 11AD;AF86;1101 116C 11AD; # (꾆; 꾆; á„ᅬᆭ; 꾆; á„ᅬᆭ; ) HANGUL SYLLABLE GGOENH +AF87;AF87;1101 116C 11AE;AF87;1101 116C 11AE; # (꾇; 꾇; á„ᅬᆮ; 꾇; á„ᅬᆮ; ) HANGUL SYLLABLE GGOED +AF88;AF88;1101 116C 11AF;AF88;1101 116C 11AF; # (꾈; 꾈; á„ᅬᆯ; 꾈; á„ᅬᆯ; ) HANGUL SYLLABLE GGOEL +AF89;AF89;1101 116C 11B0;AF89;1101 116C 11B0; # (꾉; 꾉; á„ᅬᆰ; 꾉; á„ᅬᆰ; ) HANGUL SYLLABLE GGOELG +AF8A;AF8A;1101 116C 11B1;AF8A;1101 116C 11B1; # (꾊; 꾊; á„ᅬᆱ; 꾊; á„ᅬᆱ; ) HANGUL SYLLABLE GGOELM +AF8B;AF8B;1101 116C 11B2;AF8B;1101 116C 11B2; # (꾋; 꾋; á„ᅬᆲ; 꾋; á„ᅬᆲ; ) HANGUL SYLLABLE GGOELB +AF8C;AF8C;1101 116C 11B3;AF8C;1101 116C 11B3; # (꾌; 꾌; á„ᅬᆳ; 꾌; á„ᅬᆳ; ) HANGUL SYLLABLE GGOELS +AF8D;AF8D;1101 116C 11B4;AF8D;1101 116C 11B4; # (ê¾; ê¾; á„ᅬᆴ; ê¾; á„ᅬᆴ; ) HANGUL SYLLABLE GGOELT +AF8E;AF8E;1101 116C 11B5;AF8E;1101 116C 11B5; # (꾎; 꾎; á„ᅬᆵ; 꾎; á„ᅬᆵ; ) HANGUL SYLLABLE GGOELP +AF8F;AF8F;1101 116C 11B6;AF8F;1101 116C 11B6; # (ê¾; ê¾; á„ᅬᆶ; ê¾; á„ᅬᆶ; ) HANGUL SYLLABLE GGOELH +AF90;AF90;1101 116C 11B7;AF90;1101 116C 11B7; # (ê¾; ê¾; á„ᅬᆷ; ê¾; á„ᅬᆷ; ) HANGUL SYLLABLE GGOEM +AF91;AF91;1101 116C 11B8;AF91;1101 116C 11B8; # (꾑; 꾑; á„ᅬᆸ; 꾑; á„ᅬᆸ; ) HANGUL SYLLABLE GGOEB +AF92;AF92;1101 116C 11B9;AF92;1101 116C 11B9; # (ê¾’; ê¾’; á„ᅬᆹ; ê¾’; á„ᅬᆹ; ) HANGUL SYLLABLE GGOEBS +AF93;AF93;1101 116C 11BA;AF93;1101 116C 11BA; # (꾓; 꾓; á„ᅬᆺ; 꾓; á„ᅬᆺ; ) HANGUL SYLLABLE GGOES +AF94;AF94;1101 116C 11BB;AF94;1101 116C 11BB; # (ê¾”; ê¾”; á„ᅬᆻ; ê¾”; á„ᅬᆻ; ) HANGUL SYLLABLE GGOESS +AF95;AF95;1101 116C 11BC;AF95;1101 116C 11BC; # (꾕; 꾕; á„ᅬᆼ; 꾕; á„ᅬᆼ; ) HANGUL SYLLABLE GGOENG +AF96;AF96;1101 116C 11BD;AF96;1101 116C 11BD; # (ê¾–; ê¾–; á„ᅬᆽ; ê¾–; á„ᅬᆽ; ) HANGUL SYLLABLE GGOEJ +AF97;AF97;1101 116C 11BE;AF97;1101 116C 11BE; # (ê¾—; ê¾—; á„ᅬᆾ; ê¾—; á„ᅬᆾ; ) HANGUL SYLLABLE GGOEC +AF98;AF98;1101 116C 11BF;AF98;1101 116C 11BF; # (꾘; 꾘; á„ᅬᆿ; 꾘; á„ᅬᆿ; ) HANGUL SYLLABLE GGOEK +AF99;AF99;1101 116C 11C0;AF99;1101 116C 11C0; # (ê¾™; ê¾™; á„ᅬᇀ; ê¾™; á„ᅬᇀ; ) HANGUL SYLLABLE GGOET +AF9A;AF9A;1101 116C 11C1;AF9A;1101 116C 11C1; # (꾚; 꾚; á„á…¬á‡; 꾚; á„á…¬á‡; ) HANGUL SYLLABLE GGOEP +AF9B;AF9B;1101 116C 11C2;AF9B;1101 116C 11C2; # (ê¾›; ê¾›; á„ᅬᇂ; ê¾›; á„ᅬᇂ; ) HANGUL SYLLABLE GGOEH +AF9C;AF9C;1101 116D;AF9C;1101 116D; # (꾜; 꾜; á„á…­; 꾜; á„á…­; ) HANGUL SYLLABLE GGYO +AF9D;AF9D;1101 116D 11A8;AF9D;1101 116D 11A8; # (ê¾; ê¾; á„ᅭᆨ; ê¾; á„ᅭᆨ; ) HANGUL SYLLABLE GGYOG +AF9E;AF9E;1101 116D 11A9;AF9E;1101 116D 11A9; # (꾞; 꾞; á„ᅭᆩ; 꾞; á„ᅭᆩ; ) HANGUL SYLLABLE GGYOGG +AF9F;AF9F;1101 116D 11AA;AF9F;1101 116D 11AA; # (꾟; 꾟; á„ᅭᆪ; 꾟; á„ᅭᆪ; ) HANGUL SYLLABLE GGYOGS +AFA0;AFA0;1101 116D 11AB;AFA0;1101 116D 11AB; # (ê¾ ; ê¾ ; á„ᅭᆫ; ê¾ ; á„ᅭᆫ; ) HANGUL SYLLABLE GGYON +AFA1;AFA1;1101 116D 11AC;AFA1;1101 116D 11AC; # (꾡; 꾡; á„ᅭᆬ; 꾡; á„ᅭᆬ; ) HANGUL SYLLABLE GGYONJ +AFA2;AFA2;1101 116D 11AD;AFA2;1101 116D 11AD; # (ê¾¢; ê¾¢; á„ᅭᆭ; ê¾¢; á„ᅭᆭ; ) HANGUL SYLLABLE GGYONH +AFA3;AFA3;1101 116D 11AE;AFA3;1101 116D 11AE; # (ê¾£; ê¾£; á„ᅭᆮ; ê¾£; á„ᅭᆮ; ) HANGUL SYLLABLE GGYOD +AFA4;AFA4;1101 116D 11AF;AFA4;1101 116D 11AF; # (꾤; 꾤; á„ᅭᆯ; 꾤; á„ᅭᆯ; ) HANGUL SYLLABLE GGYOL +AFA5;AFA5;1101 116D 11B0;AFA5;1101 116D 11B0; # (ê¾¥; ê¾¥; á„ᅭᆰ; ê¾¥; á„ᅭᆰ; ) HANGUL SYLLABLE GGYOLG +AFA6;AFA6;1101 116D 11B1;AFA6;1101 116D 11B1; # (꾦; 꾦; á„ᅭᆱ; 꾦; á„ᅭᆱ; ) HANGUL SYLLABLE GGYOLM +AFA7;AFA7;1101 116D 11B2;AFA7;1101 116D 11B2; # (꾧; 꾧; á„ᅭᆲ; 꾧; á„ᅭᆲ; ) HANGUL SYLLABLE GGYOLB +AFA8;AFA8;1101 116D 11B3;AFA8;1101 116D 11B3; # (꾨; 꾨; á„ᅭᆳ; 꾨; á„ᅭᆳ; ) HANGUL SYLLABLE GGYOLS +AFA9;AFA9;1101 116D 11B4;AFA9;1101 116D 11B4; # (꾩; 꾩; á„ᅭᆴ; 꾩; á„ᅭᆴ; ) HANGUL SYLLABLE GGYOLT +AFAA;AFAA;1101 116D 11B5;AFAA;1101 116D 11B5; # (꾪; 꾪; á„ᅭᆵ; 꾪; á„ᅭᆵ; ) HANGUL SYLLABLE GGYOLP +AFAB;AFAB;1101 116D 11B6;AFAB;1101 116D 11B6; # (꾫; 꾫; á„ᅭᆶ; 꾫; á„ᅭᆶ; ) HANGUL SYLLABLE GGYOLH +AFAC;AFAC;1101 116D 11B7;AFAC;1101 116D 11B7; # (꾬; 꾬; á„ᅭᆷ; 꾬; á„ᅭᆷ; ) HANGUL SYLLABLE GGYOM +AFAD;AFAD;1101 116D 11B8;AFAD;1101 116D 11B8; # (ê¾­; ê¾­; á„ᅭᆸ; ê¾­; á„ᅭᆸ; ) HANGUL SYLLABLE GGYOB +AFAE;AFAE;1101 116D 11B9;AFAE;1101 116D 11B9; # (ê¾®; ê¾®; á„ᅭᆹ; ê¾®; á„ᅭᆹ; ) HANGUL SYLLABLE GGYOBS +AFAF;AFAF;1101 116D 11BA;AFAF;1101 116D 11BA; # (꾯; 꾯; á„ᅭᆺ; 꾯; á„ᅭᆺ; ) HANGUL SYLLABLE GGYOS +AFB0;AFB0;1101 116D 11BB;AFB0;1101 116D 11BB; # (ê¾°; ê¾°; á„ᅭᆻ; ê¾°; á„ᅭᆻ; ) HANGUL SYLLABLE GGYOSS +AFB1;AFB1;1101 116D 11BC;AFB1;1101 116D 11BC; # (ê¾±; ê¾±; á„ᅭᆼ; ê¾±; á„ᅭᆼ; ) HANGUL SYLLABLE GGYONG +AFB2;AFB2;1101 116D 11BD;AFB2;1101 116D 11BD; # (ê¾²; ê¾²; á„ᅭᆽ; ê¾²; á„ᅭᆽ; ) HANGUL SYLLABLE GGYOJ +AFB3;AFB3;1101 116D 11BE;AFB3;1101 116D 11BE; # (ê¾³; ê¾³; á„ᅭᆾ; ê¾³; á„ᅭᆾ; ) HANGUL SYLLABLE GGYOC +AFB4;AFB4;1101 116D 11BF;AFB4;1101 116D 11BF; # (ê¾´; ê¾´; á„ᅭᆿ; ê¾´; á„ᅭᆿ; ) HANGUL SYLLABLE GGYOK +AFB5;AFB5;1101 116D 11C0;AFB5;1101 116D 11C0; # (ê¾µ; ê¾µ; á„ᅭᇀ; ê¾µ; á„ᅭᇀ; ) HANGUL SYLLABLE GGYOT +AFB6;AFB6;1101 116D 11C1;AFB6;1101 116D 11C1; # (꾶; 꾶; á„á…­á‡; 꾶; á„á…­á‡; ) HANGUL SYLLABLE GGYOP +AFB7;AFB7;1101 116D 11C2;AFB7;1101 116D 11C2; # (ê¾·; ê¾·; á„ᅭᇂ; ê¾·; á„ᅭᇂ; ) HANGUL SYLLABLE GGYOH +AFB8;AFB8;1101 116E;AFB8;1101 116E; # (꾸; 꾸; á„á…®; 꾸; á„á…®; ) HANGUL SYLLABLE GGU +AFB9;AFB9;1101 116E 11A8;AFB9;1101 116E 11A8; # (ê¾¹; ê¾¹; á„ᅮᆨ; ê¾¹; á„ᅮᆨ; ) HANGUL SYLLABLE GGUG +AFBA;AFBA;1101 116E 11A9;AFBA;1101 116E 11A9; # (꾺; 꾺; á„ᅮᆩ; 꾺; á„ᅮᆩ; ) HANGUL SYLLABLE GGUGG +AFBB;AFBB;1101 116E 11AA;AFBB;1101 116E 11AA; # (ê¾»; ê¾»; á„ᅮᆪ; ê¾»; á„ᅮᆪ; ) HANGUL SYLLABLE GGUGS +AFBC;AFBC;1101 116E 11AB;AFBC;1101 116E 11AB; # (ê¾¼; ê¾¼; á„ᅮᆫ; ê¾¼; á„ᅮᆫ; ) HANGUL SYLLABLE GGUN +AFBD;AFBD;1101 116E 11AC;AFBD;1101 116E 11AC; # (ê¾½; ê¾½; á„ᅮᆬ; ê¾½; á„ᅮᆬ; ) HANGUL SYLLABLE GGUNJ +AFBE;AFBE;1101 116E 11AD;AFBE;1101 116E 11AD; # (ê¾¾; ê¾¾; á„ᅮᆭ; ê¾¾; á„ᅮᆭ; ) HANGUL SYLLABLE GGUNH +AFBF;AFBF;1101 116E 11AE;AFBF;1101 116E 11AE; # (꾿; 꾿; á„ᅮᆮ; 꾿; á„ᅮᆮ; ) HANGUL SYLLABLE GGUD +AFC0;AFC0;1101 116E 11AF;AFC0;1101 116E 11AF; # (ê¿€; ê¿€; á„ᅮᆯ; ê¿€; á„ᅮᆯ; ) HANGUL SYLLABLE GGUL +AFC1;AFC1;1101 116E 11B0;AFC1;1101 116E 11B0; # (ê¿; ê¿; á„ᅮᆰ; ê¿; á„ᅮᆰ; ) HANGUL SYLLABLE GGULG +AFC2;AFC2;1101 116E 11B1;AFC2;1101 116E 11B1; # (ê¿‚; ê¿‚; á„ᅮᆱ; ê¿‚; á„ᅮᆱ; ) HANGUL SYLLABLE GGULM +AFC3;AFC3;1101 116E 11B2;AFC3;1101 116E 11B2; # (꿃; 꿃; á„ᅮᆲ; 꿃; á„ᅮᆲ; ) HANGUL SYLLABLE GGULB +AFC4;AFC4;1101 116E 11B3;AFC4;1101 116E 11B3; # (ê¿„; ê¿„; á„ᅮᆳ; ê¿„; á„ᅮᆳ; ) HANGUL SYLLABLE GGULS +AFC5;AFC5;1101 116E 11B4;AFC5;1101 116E 11B4; # (ê¿…; ê¿…; á„ᅮᆴ; ê¿…; á„ᅮᆴ; ) HANGUL SYLLABLE GGULT +AFC6;AFC6;1101 116E 11B5;AFC6;1101 116E 11B5; # (꿆; 꿆; á„ᅮᆵ; 꿆; á„ᅮᆵ; ) HANGUL SYLLABLE GGULP +AFC7;AFC7;1101 116E 11B6;AFC7;1101 116E 11B6; # (꿇; 꿇; á„ᅮᆶ; 꿇; á„ᅮᆶ; ) HANGUL SYLLABLE GGULH +AFC8;AFC8;1101 116E 11B7;AFC8;1101 116E 11B7; # (꿈; 꿈; á„ᅮᆷ; 꿈; á„ᅮᆷ; ) HANGUL SYLLABLE GGUM +AFC9;AFC9;1101 116E 11B8;AFC9;1101 116E 11B8; # (꿉; 꿉; á„ᅮᆸ; 꿉; á„ᅮᆸ; ) HANGUL SYLLABLE GGUB +AFCA;AFCA;1101 116E 11B9;AFCA;1101 116E 11B9; # (ê¿Š; ê¿Š; á„ᅮᆹ; ê¿Š; á„ᅮᆹ; ) HANGUL SYLLABLE GGUBS +AFCB;AFCB;1101 116E 11BA;AFCB;1101 116E 11BA; # (ê¿‹; ê¿‹; á„ᅮᆺ; ê¿‹; á„ᅮᆺ; ) HANGUL SYLLABLE GGUS +AFCC;AFCC;1101 116E 11BB;AFCC;1101 116E 11BB; # (ê¿Œ; ê¿Œ; á„ᅮᆻ; ê¿Œ; á„ᅮᆻ; ) HANGUL SYLLABLE GGUSS +AFCD;AFCD;1101 116E 11BC;AFCD;1101 116E 11BC; # (ê¿; ê¿; á„ᅮᆼ; ê¿; á„ᅮᆼ; ) HANGUL SYLLABLE GGUNG +AFCE;AFCE;1101 116E 11BD;AFCE;1101 116E 11BD; # (ê¿Ž; ê¿Ž; á„ᅮᆽ; ê¿Ž; á„ᅮᆽ; ) HANGUL SYLLABLE GGUJ +AFCF;AFCF;1101 116E 11BE;AFCF;1101 116E 11BE; # (ê¿; ê¿; á„ᅮᆾ; ê¿; á„ᅮᆾ; ) HANGUL SYLLABLE GGUC +AFD0;AFD0;1101 116E 11BF;AFD0;1101 116E 11BF; # (ê¿; ê¿; á„ᅮᆿ; ê¿; á„ᅮᆿ; ) HANGUL SYLLABLE GGUK +AFD1;AFD1;1101 116E 11C0;AFD1;1101 116E 11C0; # (ê¿‘; ê¿‘; á„ᅮᇀ; ê¿‘; á„ᅮᇀ; ) HANGUL SYLLABLE GGUT +AFD2;AFD2;1101 116E 11C1;AFD2;1101 116E 11C1; # (ê¿’; ê¿’; á„á…®á‡; ê¿’; á„á…®á‡; ) HANGUL SYLLABLE GGUP +AFD3;AFD3;1101 116E 11C2;AFD3;1101 116E 11C2; # (ê¿“; ê¿“; á„ᅮᇂ; ê¿“; á„ᅮᇂ; ) HANGUL SYLLABLE GGUH +AFD4;AFD4;1101 116F;AFD4;1101 116F; # (ê¿”; ê¿”; á„á…¯; ê¿”; á„á…¯; ) HANGUL SYLLABLE GGWEO +AFD5;AFD5;1101 116F 11A8;AFD5;1101 116F 11A8; # (ê¿•; ê¿•; á„ᅯᆨ; ê¿•; á„ᅯᆨ; ) HANGUL SYLLABLE GGWEOG +AFD6;AFD6;1101 116F 11A9;AFD6;1101 116F 11A9; # (ê¿–; ê¿–; á„ᅯᆩ; ê¿–; á„ᅯᆩ; ) HANGUL SYLLABLE GGWEOGG +AFD7;AFD7;1101 116F 11AA;AFD7;1101 116F 11AA; # (ê¿—; ê¿—; á„ᅯᆪ; ê¿—; á„ᅯᆪ; ) HANGUL SYLLABLE GGWEOGS +AFD8;AFD8;1101 116F 11AB;AFD8;1101 116F 11AB; # (꿘; 꿘; á„ᅯᆫ; 꿘; á„ᅯᆫ; ) HANGUL SYLLABLE GGWEON +AFD9;AFD9;1101 116F 11AC;AFD9;1101 116F 11AC; # (ê¿™; ê¿™; á„ᅯᆬ; ê¿™; á„ᅯᆬ; ) HANGUL SYLLABLE GGWEONJ +AFDA;AFDA;1101 116F 11AD;AFDA;1101 116F 11AD; # (ê¿š; ê¿š; á„ᅯᆭ; ê¿š; á„ᅯᆭ; ) HANGUL SYLLABLE GGWEONH +AFDB;AFDB;1101 116F 11AE;AFDB;1101 116F 11AE; # (ê¿›; ê¿›; á„ᅯᆮ; ê¿›; á„ᅯᆮ; ) HANGUL SYLLABLE GGWEOD +AFDC;AFDC;1101 116F 11AF;AFDC;1101 116F 11AF; # (ê¿œ; ê¿œ; á„ᅯᆯ; ê¿œ; á„ᅯᆯ; ) HANGUL SYLLABLE GGWEOL +AFDD;AFDD;1101 116F 11B0;AFDD;1101 116F 11B0; # (ê¿; ê¿; á„ᅯᆰ; ê¿; á„ᅯᆰ; ) HANGUL SYLLABLE GGWEOLG +AFDE;AFDE;1101 116F 11B1;AFDE;1101 116F 11B1; # (ê¿ž; ê¿ž; á„ᅯᆱ; ê¿ž; á„ᅯᆱ; ) HANGUL SYLLABLE GGWEOLM +AFDF;AFDF;1101 116F 11B2;AFDF;1101 116F 11B2; # (ê¿Ÿ; ê¿Ÿ; á„ᅯᆲ; ê¿Ÿ; á„ᅯᆲ; ) HANGUL SYLLABLE GGWEOLB +AFE0;AFE0;1101 116F 11B3;AFE0;1101 116F 11B3; # (ê¿ ; ê¿ ; á„ᅯᆳ; ê¿ ; á„ᅯᆳ; ) HANGUL SYLLABLE GGWEOLS +AFE1;AFE1;1101 116F 11B4;AFE1;1101 116F 11B4; # (ê¿¡; ê¿¡; á„ᅯᆴ; ê¿¡; á„ᅯᆴ; ) HANGUL SYLLABLE GGWEOLT +AFE2;AFE2;1101 116F 11B5;AFE2;1101 116F 11B5; # (ê¿¢; ê¿¢; á„ᅯᆵ; ê¿¢; á„ᅯᆵ; ) HANGUL SYLLABLE GGWEOLP +AFE3;AFE3;1101 116F 11B6;AFE3;1101 116F 11B6; # (ê¿£; ê¿£; á„ᅯᆶ; ê¿£; á„ᅯᆶ; ) HANGUL SYLLABLE GGWEOLH +AFE4;AFE4;1101 116F 11B7;AFE4;1101 116F 11B7; # (꿤; 꿤; á„ᅯᆷ; 꿤; á„ᅯᆷ; ) HANGUL SYLLABLE GGWEOM +AFE5;AFE5;1101 116F 11B8;AFE5;1101 116F 11B8; # (ê¿¥; ê¿¥; á„ᅯᆸ; ê¿¥; á„ᅯᆸ; ) HANGUL SYLLABLE GGWEOB +AFE6;AFE6;1101 116F 11B9;AFE6;1101 116F 11B9; # (꿦; 꿦; á„ᅯᆹ; 꿦; á„ᅯᆹ; ) HANGUL SYLLABLE GGWEOBS +AFE7;AFE7;1101 116F 11BA;AFE7;1101 116F 11BA; # (꿧; 꿧; á„ᅯᆺ; 꿧; á„ᅯᆺ; ) HANGUL SYLLABLE GGWEOS +AFE8;AFE8;1101 116F 11BB;AFE8;1101 116F 11BB; # (꿨; 꿨; á„ᅯᆻ; 꿨; á„ᅯᆻ; ) HANGUL SYLLABLE GGWEOSS +AFE9;AFE9;1101 116F 11BC;AFE9;1101 116F 11BC; # (ê¿©; ê¿©; á„ᅯᆼ; ê¿©; á„ᅯᆼ; ) HANGUL SYLLABLE GGWEONG +AFEA;AFEA;1101 116F 11BD;AFEA;1101 116F 11BD; # (꿪; 꿪; á„ᅯᆽ; 꿪; á„ᅯᆽ; ) HANGUL SYLLABLE GGWEOJ +AFEB;AFEB;1101 116F 11BE;AFEB;1101 116F 11BE; # (ê¿«; ê¿«; á„ᅯᆾ; ê¿«; á„ᅯᆾ; ) HANGUL SYLLABLE GGWEOC +AFEC;AFEC;1101 116F 11BF;AFEC;1101 116F 11BF; # (꿬; 꿬; á„ᅯᆿ; 꿬; á„ᅯᆿ; ) HANGUL SYLLABLE GGWEOK +AFED;AFED;1101 116F 11C0;AFED;1101 116F 11C0; # (ê¿­; ê¿­; á„ᅯᇀ; ê¿­; á„ᅯᇀ; ) HANGUL SYLLABLE GGWEOT +AFEE;AFEE;1101 116F 11C1;AFEE;1101 116F 11C1; # (ê¿®; ê¿®; á„á…¯á‡; ê¿®; á„á…¯á‡; ) HANGUL SYLLABLE GGWEOP +AFEF;AFEF;1101 116F 11C2;AFEF;1101 116F 11C2; # (꿯; 꿯; á„ᅯᇂ; 꿯; á„ᅯᇂ; ) HANGUL SYLLABLE GGWEOH +AFF0;AFF0;1101 1170;AFF0;1101 1170; # (ê¿°; ê¿°; á„á…°; ê¿°; á„á…°; ) HANGUL SYLLABLE GGWE +AFF1;AFF1;1101 1170 11A8;AFF1;1101 1170 11A8; # (꿱; 꿱; á„ᅰᆨ; 꿱; á„ᅰᆨ; ) HANGUL SYLLABLE GGWEG +AFF2;AFF2;1101 1170 11A9;AFF2;1101 1170 11A9; # (꿲; 꿲; á„ᅰᆩ; 꿲; á„ᅰᆩ; ) HANGUL SYLLABLE GGWEGG +AFF3;AFF3;1101 1170 11AA;AFF3;1101 1170 11AA; # (꿳; 꿳; á„ᅰᆪ; 꿳; á„ᅰᆪ; ) HANGUL SYLLABLE GGWEGS +AFF4;AFF4;1101 1170 11AB;AFF4;1101 1170 11AB; # (ê¿´; ê¿´; á„ᅰᆫ; ê¿´; á„ᅰᆫ; ) HANGUL SYLLABLE GGWEN +AFF5;AFF5;1101 1170 11AC;AFF5;1101 1170 11AC; # (꿵; 꿵; á„ᅰᆬ; 꿵; á„ᅰᆬ; ) HANGUL SYLLABLE GGWENJ +AFF6;AFF6;1101 1170 11AD;AFF6;1101 1170 11AD; # (꿶; 꿶; á„ᅰᆭ; 꿶; á„ᅰᆭ; ) HANGUL SYLLABLE GGWENH +AFF7;AFF7;1101 1170 11AE;AFF7;1101 1170 11AE; # (ê¿·; ê¿·; á„ᅰᆮ; ê¿·; á„ᅰᆮ; ) HANGUL SYLLABLE GGWED +AFF8;AFF8;1101 1170 11AF;AFF8;1101 1170 11AF; # (꿸; 꿸; á„ᅰᆯ; 꿸; á„ᅰᆯ; ) HANGUL SYLLABLE GGWEL +AFF9;AFF9;1101 1170 11B0;AFF9;1101 1170 11B0; # (꿹; 꿹; á„ᅰᆰ; 꿹; á„ᅰᆰ; ) HANGUL SYLLABLE GGWELG +AFFA;AFFA;1101 1170 11B1;AFFA;1101 1170 11B1; # (꿺; 꿺; á„ᅰᆱ; 꿺; á„ᅰᆱ; ) HANGUL SYLLABLE GGWELM +AFFB;AFFB;1101 1170 11B2;AFFB;1101 1170 11B2; # (ê¿»; ê¿»; á„ᅰᆲ; ê¿»; á„ᅰᆲ; ) HANGUL SYLLABLE GGWELB +AFFC;AFFC;1101 1170 11B3;AFFC;1101 1170 11B3; # (꿼; 꿼; á„ᅰᆳ; 꿼; á„ᅰᆳ; ) HANGUL SYLLABLE GGWELS +AFFD;AFFD;1101 1170 11B4;AFFD;1101 1170 11B4; # (꿽; 꿽; á„ᅰᆴ; 꿽; á„ᅰᆴ; ) HANGUL SYLLABLE GGWELT +AFFE;AFFE;1101 1170 11B5;AFFE;1101 1170 11B5; # (꿾; 꿾; á„ᅰᆵ; 꿾; á„ᅰᆵ; ) HANGUL SYLLABLE GGWELP +AFFF;AFFF;1101 1170 11B6;AFFF;1101 1170 11B6; # (ê¿¿; ê¿¿; á„ᅰᆶ; ê¿¿; á„ᅰᆶ; ) HANGUL SYLLABLE GGWELH +B000;B000;1101 1170 11B7;B000;1101 1170 11B7; # (뀀; 뀀; á„ᅰᆷ; 뀀; á„ᅰᆷ; ) HANGUL SYLLABLE GGWEM +B001;B001;1101 1170 11B8;B001;1101 1170 11B8; # (ë€; ë€; á„ᅰᆸ; ë€; á„ᅰᆸ; ) HANGUL SYLLABLE GGWEB +B002;B002;1101 1170 11B9;B002;1101 1170 11B9; # (뀂; 뀂; á„ᅰᆹ; 뀂; á„ᅰᆹ; ) HANGUL SYLLABLE GGWEBS +B003;B003;1101 1170 11BA;B003;1101 1170 11BA; # (뀃; 뀃; á„ᅰᆺ; 뀃; á„ᅰᆺ; ) HANGUL SYLLABLE GGWES +B004;B004;1101 1170 11BB;B004;1101 1170 11BB; # (뀄; 뀄; á„ᅰᆻ; 뀄; á„ᅰᆻ; ) HANGUL SYLLABLE GGWESS +B005;B005;1101 1170 11BC;B005;1101 1170 11BC; # (뀅; 뀅; á„ᅰᆼ; 뀅; á„ᅰᆼ; ) HANGUL SYLLABLE GGWENG +B006;B006;1101 1170 11BD;B006;1101 1170 11BD; # (뀆; 뀆; á„ᅰᆽ; 뀆; á„ᅰᆽ; ) HANGUL SYLLABLE GGWEJ +B007;B007;1101 1170 11BE;B007;1101 1170 11BE; # (뀇; 뀇; á„ᅰᆾ; 뀇; á„ᅰᆾ; ) HANGUL SYLLABLE GGWEC +B008;B008;1101 1170 11BF;B008;1101 1170 11BF; # (뀈; 뀈; á„ᅰᆿ; 뀈; á„ᅰᆿ; ) HANGUL SYLLABLE GGWEK +B009;B009;1101 1170 11C0;B009;1101 1170 11C0; # (뀉; 뀉; á„ᅰᇀ; 뀉; á„ᅰᇀ; ) HANGUL SYLLABLE GGWET +B00A;B00A;1101 1170 11C1;B00A;1101 1170 11C1; # (뀊; 뀊; á„á…°á‡; 뀊; á„á…°á‡; ) HANGUL SYLLABLE GGWEP +B00B;B00B;1101 1170 11C2;B00B;1101 1170 11C2; # (뀋; 뀋; á„ᅰᇂ; 뀋; á„ᅰᇂ; ) HANGUL SYLLABLE GGWEH +B00C;B00C;1101 1171;B00C;1101 1171; # (뀌; 뀌; á„á…±; 뀌; á„á…±; ) HANGUL SYLLABLE GGWI +B00D;B00D;1101 1171 11A8;B00D;1101 1171 11A8; # (ë€; ë€; á„ᅱᆨ; ë€; á„ᅱᆨ; ) HANGUL SYLLABLE GGWIG +B00E;B00E;1101 1171 11A9;B00E;1101 1171 11A9; # (뀎; 뀎; á„ᅱᆩ; 뀎; á„ᅱᆩ; ) HANGUL SYLLABLE GGWIGG +B00F;B00F;1101 1171 11AA;B00F;1101 1171 11AA; # (ë€; ë€; á„ᅱᆪ; ë€; á„ᅱᆪ; ) HANGUL SYLLABLE GGWIGS +B010;B010;1101 1171 11AB;B010;1101 1171 11AB; # (ë€; ë€; á„ᅱᆫ; ë€; á„ᅱᆫ; ) HANGUL SYLLABLE GGWIN +B011;B011;1101 1171 11AC;B011;1101 1171 11AC; # (뀑; 뀑; á„ᅱᆬ; 뀑; á„ᅱᆬ; ) HANGUL SYLLABLE GGWINJ +B012;B012;1101 1171 11AD;B012;1101 1171 11AD; # (뀒; 뀒; á„ᅱᆭ; 뀒; á„ᅱᆭ; ) HANGUL SYLLABLE GGWINH +B013;B013;1101 1171 11AE;B013;1101 1171 11AE; # (뀓; 뀓; á„ᅱᆮ; 뀓; á„ᅱᆮ; ) HANGUL SYLLABLE GGWID +B014;B014;1101 1171 11AF;B014;1101 1171 11AF; # (뀔; 뀔; á„ᅱᆯ; 뀔; á„ᅱᆯ; ) HANGUL SYLLABLE GGWIL +B015;B015;1101 1171 11B0;B015;1101 1171 11B0; # (뀕; 뀕; á„ᅱᆰ; 뀕; á„ᅱᆰ; ) HANGUL SYLLABLE GGWILG +B016;B016;1101 1171 11B1;B016;1101 1171 11B1; # (뀖; 뀖; á„ᅱᆱ; 뀖; á„ᅱᆱ; ) HANGUL SYLLABLE GGWILM +B017;B017;1101 1171 11B2;B017;1101 1171 11B2; # (뀗; 뀗; á„ᅱᆲ; 뀗; á„ᅱᆲ; ) HANGUL SYLLABLE GGWILB +B018;B018;1101 1171 11B3;B018;1101 1171 11B3; # (뀘; 뀘; á„ᅱᆳ; 뀘; á„ᅱᆳ; ) HANGUL SYLLABLE GGWILS +B019;B019;1101 1171 11B4;B019;1101 1171 11B4; # (뀙; 뀙; á„ᅱᆴ; 뀙; á„ᅱᆴ; ) HANGUL SYLLABLE GGWILT +B01A;B01A;1101 1171 11B5;B01A;1101 1171 11B5; # (뀚; 뀚; á„ᅱᆵ; 뀚; á„ᅱᆵ; ) HANGUL SYLLABLE GGWILP +B01B;B01B;1101 1171 11B6;B01B;1101 1171 11B6; # (뀛; 뀛; á„ᅱᆶ; 뀛; á„ᅱᆶ; ) HANGUL SYLLABLE GGWILH +B01C;B01C;1101 1171 11B7;B01C;1101 1171 11B7; # (뀜; 뀜; á„ᅱᆷ; 뀜; á„ᅱᆷ; ) HANGUL SYLLABLE GGWIM +B01D;B01D;1101 1171 11B8;B01D;1101 1171 11B8; # (ë€; ë€; á„ᅱᆸ; ë€; á„ᅱᆸ; ) HANGUL SYLLABLE GGWIB +B01E;B01E;1101 1171 11B9;B01E;1101 1171 11B9; # (뀞; 뀞; á„ᅱᆹ; 뀞; á„ᅱᆹ; ) HANGUL SYLLABLE GGWIBS +B01F;B01F;1101 1171 11BA;B01F;1101 1171 11BA; # (뀟; 뀟; á„ᅱᆺ; 뀟; á„ᅱᆺ; ) HANGUL SYLLABLE GGWIS +B020;B020;1101 1171 11BB;B020;1101 1171 11BB; # (뀠; 뀠; á„ᅱᆻ; 뀠; á„ᅱᆻ; ) HANGUL SYLLABLE GGWISS +B021;B021;1101 1171 11BC;B021;1101 1171 11BC; # (뀡; 뀡; á„ᅱᆼ; 뀡; á„ᅱᆼ; ) HANGUL SYLLABLE GGWING +B022;B022;1101 1171 11BD;B022;1101 1171 11BD; # (뀢; 뀢; á„ᅱᆽ; 뀢; á„ᅱᆽ; ) HANGUL SYLLABLE GGWIJ +B023;B023;1101 1171 11BE;B023;1101 1171 11BE; # (뀣; 뀣; á„ᅱᆾ; 뀣; á„ᅱᆾ; ) HANGUL SYLLABLE GGWIC +B024;B024;1101 1171 11BF;B024;1101 1171 11BF; # (뀤; 뀤; á„ᅱᆿ; 뀤; á„ᅱᆿ; ) HANGUL SYLLABLE GGWIK +B025;B025;1101 1171 11C0;B025;1101 1171 11C0; # (뀥; 뀥; á„ᅱᇀ; 뀥; á„ᅱᇀ; ) HANGUL SYLLABLE GGWIT +B026;B026;1101 1171 11C1;B026;1101 1171 11C1; # (뀦; 뀦; á„á…±á‡; 뀦; á„á…±á‡; ) HANGUL SYLLABLE GGWIP +B027;B027;1101 1171 11C2;B027;1101 1171 11C2; # (뀧; 뀧; á„ᅱᇂ; 뀧; á„ᅱᇂ; ) HANGUL SYLLABLE GGWIH +B028;B028;1101 1172;B028;1101 1172; # (뀨; 뀨; á„á…²; 뀨; á„á…²; ) HANGUL SYLLABLE GGYU +B029;B029;1101 1172 11A8;B029;1101 1172 11A8; # (뀩; 뀩; á„ᅲᆨ; 뀩; á„ᅲᆨ; ) HANGUL SYLLABLE GGYUG +B02A;B02A;1101 1172 11A9;B02A;1101 1172 11A9; # (뀪; 뀪; á„ᅲᆩ; 뀪; á„ᅲᆩ; ) HANGUL SYLLABLE GGYUGG +B02B;B02B;1101 1172 11AA;B02B;1101 1172 11AA; # (뀫; 뀫; á„ᅲᆪ; 뀫; á„ᅲᆪ; ) HANGUL SYLLABLE GGYUGS +B02C;B02C;1101 1172 11AB;B02C;1101 1172 11AB; # (뀬; 뀬; á„ᅲᆫ; 뀬; á„ᅲᆫ; ) HANGUL SYLLABLE GGYUN +B02D;B02D;1101 1172 11AC;B02D;1101 1172 11AC; # (뀭; 뀭; á„ᅲᆬ; 뀭; á„ᅲᆬ; ) HANGUL SYLLABLE GGYUNJ +B02E;B02E;1101 1172 11AD;B02E;1101 1172 11AD; # (뀮; 뀮; á„ᅲᆭ; 뀮; á„ᅲᆭ; ) HANGUL SYLLABLE GGYUNH +B02F;B02F;1101 1172 11AE;B02F;1101 1172 11AE; # (뀯; 뀯; á„ᅲᆮ; 뀯; á„ᅲᆮ; ) HANGUL SYLLABLE GGYUD +B030;B030;1101 1172 11AF;B030;1101 1172 11AF; # (뀰; 뀰; á„ᅲᆯ; 뀰; á„ᅲᆯ; ) HANGUL SYLLABLE GGYUL +B031;B031;1101 1172 11B0;B031;1101 1172 11B0; # (뀱; 뀱; á„ᅲᆰ; 뀱; á„ᅲᆰ; ) HANGUL SYLLABLE GGYULG +B032;B032;1101 1172 11B1;B032;1101 1172 11B1; # (뀲; 뀲; á„ᅲᆱ; 뀲; á„ᅲᆱ; ) HANGUL SYLLABLE GGYULM +B033;B033;1101 1172 11B2;B033;1101 1172 11B2; # (뀳; 뀳; á„ᅲᆲ; 뀳; á„ᅲᆲ; ) HANGUL SYLLABLE GGYULB +B034;B034;1101 1172 11B3;B034;1101 1172 11B3; # (뀴; 뀴; á„ᅲᆳ; 뀴; á„ᅲᆳ; ) HANGUL SYLLABLE GGYULS +B035;B035;1101 1172 11B4;B035;1101 1172 11B4; # (뀵; 뀵; á„ᅲᆴ; 뀵; á„ᅲᆴ; ) HANGUL SYLLABLE GGYULT +B036;B036;1101 1172 11B5;B036;1101 1172 11B5; # (뀶; 뀶; á„ᅲᆵ; 뀶; á„ᅲᆵ; ) HANGUL SYLLABLE GGYULP +B037;B037;1101 1172 11B6;B037;1101 1172 11B6; # (뀷; 뀷; á„ᅲᆶ; 뀷; á„ᅲᆶ; ) HANGUL SYLLABLE GGYULH +B038;B038;1101 1172 11B7;B038;1101 1172 11B7; # (뀸; 뀸; á„ᅲᆷ; 뀸; á„ᅲᆷ; ) HANGUL SYLLABLE GGYUM +B039;B039;1101 1172 11B8;B039;1101 1172 11B8; # (뀹; 뀹; á„ᅲᆸ; 뀹; á„ᅲᆸ; ) HANGUL SYLLABLE GGYUB +B03A;B03A;1101 1172 11B9;B03A;1101 1172 11B9; # (뀺; 뀺; á„ᅲᆹ; 뀺; á„ᅲᆹ; ) HANGUL SYLLABLE GGYUBS +B03B;B03B;1101 1172 11BA;B03B;1101 1172 11BA; # (뀻; 뀻; á„ᅲᆺ; 뀻; á„ᅲᆺ; ) HANGUL SYLLABLE GGYUS +B03C;B03C;1101 1172 11BB;B03C;1101 1172 11BB; # (뀼; 뀼; á„ᅲᆻ; 뀼; á„ᅲᆻ; ) HANGUL SYLLABLE GGYUSS +B03D;B03D;1101 1172 11BC;B03D;1101 1172 11BC; # (뀽; 뀽; á„ᅲᆼ; 뀽; á„ᅲᆼ; ) HANGUL SYLLABLE GGYUNG +B03E;B03E;1101 1172 11BD;B03E;1101 1172 11BD; # (뀾; 뀾; á„ᅲᆽ; 뀾; á„ᅲᆽ; ) HANGUL SYLLABLE GGYUJ +B03F;B03F;1101 1172 11BE;B03F;1101 1172 11BE; # (뀿; 뀿; á„ᅲᆾ; 뀿; á„ᅲᆾ; ) HANGUL SYLLABLE GGYUC +B040;B040;1101 1172 11BF;B040;1101 1172 11BF; # (ë€; ë€; á„ᅲᆿ; ë€; á„ᅲᆿ; ) HANGUL SYLLABLE GGYUK +B041;B041;1101 1172 11C0;B041;1101 1172 11C0; # (ë; ë; á„ᅲᇀ; ë; á„ᅲᇀ; ) HANGUL SYLLABLE GGYUT +B042;B042;1101 1172 11C1;B042;1101 1172 11C1; # (ë‚; ë‚; á„á…²á‡; ë‚; á„á…²á‡; ) HANGUL SYLLABLE GGYUP +B043;B043;1101 1172 11C2;B043;1101 1172 11C2; # (ëƒ; ëƒ; á„ᅲᇂ; ëƒ; á„ᅲᇂ; ) HANGUL SYLLABLE GGYUH +B044;B044;1101 1173;B044;1101 1173; # (ë„; ë„; á„á…³; ë„; á„á…³; ) HANGUL SYLLABLE GGEU +B045;B045;1101 1173 11A8;B045;1101 1173 11A8; # (ë…; ë…; á„ᅳᆨ; ë…; á„ᅳᆨ; ) HANGUL SYLLABLE GGEUG +B046;B046;1101 1173 11A9;B046;1101 1173 11A9; # (ë†; ë†; á„ᅳᆩ; ë†; á„ᅳᆩ; ) HANGUL SYLLABLE GGEUGG +B047;B047;1101 1173 11AA;B047;1101 1173 11AA; # (ë‡; ë‡; á„ᅳᆪ; ë‡; á„ᅳᆪ; ) HANGUL SYLLABLE GGEUGS +B048;B048;1101 1173 11AB;B048;1101 1173 11AB; # (ëˆ; ëˆ; á„ᅳᆫ; ëˆ; á„ᅳᆫ; ) HANGUL SYLLABLE GGEUN +B049;B049;1101 1173 11AC;B049;1101 1173 11AC; # (ë‰; ë‰; á„ᅳᆬ; ë‰; á„ᅳᆬ; ) HANGUL SYLLABLE GGEUNJ +B04A;B04A;1101 1173 11AD;B04A;1101 1173 11AD; # (ëŠ; ëŠ; á„ᅳᆭ; ëŠ; á„ᅳᆭ; ) HANGUL SYLLABLE GGEUNH +B04B;B04B;1101 1173 11AE;B04B;1101 1173 11AE; # (ë‹; ë‹; á„ᅳᆮ; ë‹; á„ᅳᆮ; ) HANGUL SYLLABLE GGEUD +B04C;B04C;1101 1173 11AF;B04C;1101 1173 11AF; # (ëŒ; ëŒ; á„ᅳᆯ; ëŒ; á„ᅳᆯ; ) HANGUL SYLLABLE GGEUL +B04D;B04D;1101 1173 11B0;B04D;1101 1173 11B0; # (ë; ë; á„ᅳᆰ; ë; á„ᅳᆰ; ) HANGUL SYLLABLE GGEULG +B04E;B04E;1101 1173 11B1;B04E;1101 1173 11B1; # (ëŽ; ëŽ; á„ᅳᆱ; ëŽ; á„ᅳᆱ; ) HANGUL SYLLABLE GGEULM +B04F;B04F;1101 1173 11B2;B04F;1101 1173 11B2; # (ë; ë; á„ᅳᆲ; ë; á„ᅳᆲ; ) HANGUL SYLLABLE GGEULB +B050;B050;1101 1173 11B3;B050;1101 1173 11B3; # (ë; ë; á„ᅳᆳ; ë; á„ᅳᆳ; ) HANGUL SYLLABLE GGEULS +B051;B051;1101 1173 11B4;B051;1101 1173 11B4; # (ë‘; ë‘; á„ᅳᆴ; ë‘; á„ᅳᆴ; ) HANGUL SYLLABLE GGEULT +B052;B052;1101 1173 11B5;B052;1101 1173 11B5; # (ë’; ë’; á„ᅳᆵ; ë’; á„ᅳᆵ; ) HANGUL SYLLABLE GGEULP +B053;B053;1101 1173 11B6;B053;1101 1173 11B6; # (ë“; ë“; á„ᅳᆶ; ë“; á„ᅳᆶ; ) HANGUL SYLLABLE GGEULH +B054;B054;1101 1173 11B7;B054;1101 1173 11B7; # (ë”; ë”; á„ᅳᆷ; ë”; á„ᅳᆷ; ) HANGUL SYLLABLE GGEUM +B055;B055;1101 1173 11B8;B055;1101 1173 11B8; # (ë•; ë•; á„ᅳᆸ; ë•; á„ᅳᆸ; ) HANGUL SYLLABLE GGEUB +B056;B056;1101 1173 11B9;B056;1101 1173 11B9; # (ë–; ë–; á„ᅳᆹ; ë–; á„ᅳᆹ; ) HANGUL SYLLABLE GGEUBS +B057;B057;1101 1173 11BA;B057;1101 1173 11BA; # (ë—; ë—; á„ᅳᆺ; ë—; á„ᅳᆺ; ) HANGUL SYLLABLE GGEUS +B058;B058;1101 1173 11BB;B058;1101 1173 11BB; # (ë˜; ë˜; á„ᅳᆻ; ë˜; á„ᅳᆻ; ) HANGUL SYLLABLE GGEUSS +B059;B059;1101 1173 11BC;B059;1101 1173 11BC; # (ë™; ë™; á„ᅳᆼ; ë™; á„ᅳᆼ; ) HANGUL SYLLABLE GGEUNG +B05A;B05A;1101 1173 11BD;B05A;1101 1173 11BD; # (ëš; ëš; á„ᅳᆽ; ëš; á„ᅳᆽ; ) HANGUL SYLLABLE GGEUJ +B05B;B05B;1101 1173 11BE;B05B;1101 1173 11BE; # (ë›; ë›; á„ᅳᆾ; ë›; á„ᅳᆾ; ) HANGUL SYLLABLE GGEUC +B05C;B05C;1101 1173 11BF;B05C;1101 1173 11BF; # (ëœ; ëœ; á„ᅳᆿ; ëœ; á„ᅳᆿ; ) HANGUL SYLLABLE GGEUK +B05D;B05D;1101 1173 11C0;B05D;1101 1173 11C0; # (ë; ë; á„ᅳᇀ; ë; á„ᅳᇀ; ) HANGUL SYLLABLE GGEUT +B05E;B05E;1101 1173 11C1;B05E;1101 1173 11C1; # (ëž; ëž; á„á…³á‡; ëž; á„á…³á‡; ) HANGUL SYLLABLE GGEUP +B05F;B05F;1101 1173 11C2;B05F;1101 1173 11C2; # (ëŸ; ëŸ; á„ᅳᇂ; ëŸ; á„ᅳᇂ; ) HANGUL SYLLABLE GGEUH +B060;B060;1101 1174;B060;1101 1174; # (ë ; ë ; á„á…´; ë ; á„á…´; ) HANGUL SYLLABLE GGYI +B061;B061;1101 1174 11A8;B061;1101 1174 11A8; # (ë¡; ë¡; á„ᅴᆨ; ë¡; á„ᅴᆨ; ) HANGUL SYLLABLE GGYIG +B062;B062;1101 1174 11A9;B062;1101 1174 11A9; # (ë¢; ë¢; á„ᅴᆩ; ë¢; á„ᅴᆩ; ) HANGUL SYLLABLE GGYIGG +B063;B063;1101 1174 11AA;B063;1101 1174 11AA; # (ë£; ë£; á„ᅴᆪ; ë£; á„ᅴᆪ; ) HANGUL SYLLABLE GGYIGS +B064;B064;1101 1174 11AB;B064;1101 1174 11AB; # (ë¤; ë¤; á„ᅴᆫ; ë¤; á„ᅴᆫ; ) HANGUL SYLLABLE GGYIN +B065;B065;1101 1174 11AC;B065;1101 1174 11AC; # (ë¥; ë¥; á„ᅴᆬ; ë¥; á„ᅴᆬ; ) HANGUL SYLLABLE GGYINJ +B066;B066;1101 1174 11AD;B066;1101 1174 11AD; # (ë¦; ë¦; á„ᅴᆭ; ë¦; á„ᅴᆭ; ) HANGUL SYLLABLE GGYINH +B067;B067;1101 1174 11AE;B067;1101 1174 11AE; # (ë§; ë§; á„ᅴᆮ; ë§; á„ᅴᆮ; ) HANGUL SYLLABLE GGYID +B068;B068;1101 1174 11AF;B068;1101 1174 11AF; # (ë¨; ë¨; á„ᅴᆯ; ë¨; á„ᅴᆯ; ) HANGUL SYLLABLE GGYIL +B069;B069;1101 1174 11B0;B069;1101 1174 11B0; # (ë©; ë©; á„ᅴᆰ; ë©; á„ᅴᆰ; ) HANGUL SYLLABLE GGYILG +B06A;B06A;1101 1174 11B1;B06A;1101 1174 11B1; # (ëª; ëª; á„ᅴᆱ; ëª; á„ᅴᆱ; ) HANGUL SYLLABLE GGYILM +B06B;B06B;1101 1174 11B2;B06B;1101 1174 11B2; # (ë«; ë«; á„ᅴᆲ; ë«; á„ᅴᆲ; ) HANGUL SYLLABLE GGYILB +B06C;B06C;1101 1174 11B3;B06C;1101 1174 11B3; # (ë¬; ë¬; á„ᅴᆳ; ë¬; á„ᅴᆳ; ) HANGUL SYLLABLE GGYILS +B06D;B06D;1101 1174 11B4;B06D;1101 1174 11B4; # (ë­; ë­; á„ᅴᆴ; ë­; á„ᅴᆴ; ) HANGUL SYLLABLE GGYILT +B06E;B06E;1101 1174 11B5;B06E;1101 1174 11B5; # (ë®; ë®; á„ᅴᆵ; ë®; á„ᅴᆵ; ) HANGUL SYLLABLE GGYILP +B06F;B06F;1101 1174 11B6;B06F;1101 1174 11B6; # (ë¯; ë¯; á„ᅴᆶ; ë¯; á„ᅴᆶ; ) HANGUL SYLLABLE GGYILH +B070;B070;1101 1174 11B7;B070;1101 1174 11B7; # (ë°; ë°; á„ᅴᆷ; ë°; á„ᅴᆷ; ) HANGUL SYLLABLE GGYIM +B071;B071;1101 1174 11B8;B071;1101 1174 11B8; # (ë±; ë±; á„ᅴᆸ; ë±; á„ᅴᆸ; ) HANGUL SYLLABLE GGYIB +B072;B072;1101 1174 11B9;B072;1101 1174 11B9; # (ë²; ë²; á„ᅴᆹ; ë²; á„ᅴᆹ; ) HANGUL SYLLABLE GGYIBS +B073;B073;1101 1174 11BA;B073;1101 1174 11BA; # (ë³; ë³; á„ᅴᆺ; ë³; á„ᅴᆺ; ) HANGUL SYLLABLE GGYIS +B074;B074;1101 1174 11BB;B074;1101 1174 11BB; # (ë´; ë´; á„ᅴᆻ; ë´; á„ᅴᆻ; ) HANGUL SYLLABLE GGYISS +B075;B075;1101 1174 11BC;B075;1101 1174 11BC; # (ëµ; ëµ; á„ᅴᆼ; ëµ; á„ᅴᆼ; ) HANGUL SYLLABLE GGYING +B076;B076;1101 1174 11BD;B076;1101 1174 11BD; # (ë¶; ë¶; á„ᅴᆽ; ë¶; á„ᅴᆽ; ) HANGUL SYLLABLE GGYIJ +B077;B077;1101 1174 11BE;B077;1101 1174 11BE; # (ë·; ë·; á„ᅴᆾ; ë·; á„ᅴᆾ; ) HANGUL SYLLABLE GGYIC +B078;B078;1101 1174 11BF;B078;1101 1174 11BF; # (ë¸; ë¸; á„ᅴᆿ; ë¸; á„ᅴᆿ; ) HANGUL SYLLABLE GGYIK +B079;B079;1101 1174 11C0;B079;1101 1174 11C0; # (ë¹; ë¹; á„ᅴᇀ; ë¹; á„ᅴᇀ; ) HANGUL SYLLABLE GGYIT +B07A;B07A;1101 1174 11C1;B07A;1101 1174 11C1; # (ëº; ëº; á„á…´á‡; ëº; á„á…´á‡; ) HANGUL SYLLABLE GGYIP +B07B;B07B;1101 1174 11C2;B07B;1101 1174 11C2; # (ë»; ë»; á„ᅴᇂ; ë»; á„ᅴᇂ; ) HANGUL SYLLABLE GGYIH +B07C;B07C;1101 1175;B07C;1101 1175; # (ë¼; ë¼; á„á…µ; ë¼; á„á…µ; ) HANGUL SYLLABLE GGI +B07D;B07D;1101 1175 11A8;B07D;1101 1175 11A8; # (ë½; ë½; á„ᅵᆨ; ë½; á„ᅵᆨ; ) HANGUL SYLLABLE GGIG +B07E;B07E;1101 1175 11A9;B07E;1101 1175 11A9; # (ë¾; ë¾; á„ᅵᆩ; ë¾; á„ᅵᆩ; ) HANGUL SYLLABLE GGIGG +B07F;B07F;1101 1175 11AA;B07F;1101 1175 11AA; # (ë¿; ë¿; á„ᅵᆪ; ë¿; á„ᅵᆪ; ) HANGUL SYLLABLE GGIGS +B080;B080;1101 1175 11AB;B080;1101 1175 11AB; # (ë‚€; ë‚€; á„ᅵᆫ; ë‚€; á„ᅵᆫ; ) HANGUL SYLLABLE GGIN +B081;B081;1101 1175 11AC;B081;1101 1175 11AC; # (ë‚; ë‚; á„ᅵᆬ; ë‚; á„ᅵᆬ; ) HANGUL SYLLABLE GGINJ +B082;B082;1101 1175 11AD;B082;1101 1175 11AD; # (ë‚‚; ë‚‚; á„ᅵᆭ; ë‚‚; á„ᅵᆭ; ) HANGUL SYLLABLE GGINH +B083;B083;1101 1175 11AE;B083;1101 1175 11AE; # (낃; 낃; á„ᅵᆮ; 낃; á„ᅵᆮ; ) HANGUL SYLLABLE GGID +B084;B084;1101 1175 11AF;B084;1101 1175 11AF; # (ë‚„; ë‚„; á„ᅵᆯ; ë‚„; á„ᅵᆯ; ) HANGUL SYLLABLE GGIL +B085;B085;1101 1175 11B0;B085;1101 1175 11B0; # (ë‚…; ë‚…; á„ᅵᆰ; ë‚…; á„ᅵᆰ; ) HANGUL SYLLABLE GGILG +B086;B086;1101 1175 11B1;B086;1101 1175 11B1; # (낆; 낆; á„ᅵᆱ; 낆; á„ᅵᆱ; ) HANGUL SYLLABLE GGILM +B087;B087;1101 1175 11B2;B087;1101 1175 11B2; # (낇; 낇; á„ᅵᆲ; 낇; á„ᅵᆲ; ) HANGUL SYLLABLE GGILB +B088;B088;1101 1175 11B3;B088;1101 1175 11B3; # (낈; 낈; á„ᅵᆳ; 낈; á„ᅵᆳ; ) HANGUL SYLLABLE GGILS +B089;B089;1101 1175 11B4;B089;1101 1175 11B4; # (낉; 낉; á„ᅵᆴ; 낉; á„ᅵᆴ; ) HANGUL SYLLABLE GGILT +B08A;B08A;1101 1175 11B5;B08A;1101 1175 11B5; # (ë‚Š; ë‚Š; á„ᅵᆵ; ë‚Š; á„ᅵᆵ; ) HANGUL SYLLABLE GGILP +B08B;B08B;1101 1175 11B6;B08B;1101 1175 11B6; # (ë‚‹; ë‚‹; á„ᅵᆶ; ë‚‹; á„ᅵᆶ; ) HANGUL SYLLABLE GGILH +B08C;B08C;1101 1175 11B7;B08C;1101 1175 11B7; # (ë‚Œ; ë‚Œ; á„ᅵᆷ; ë‚Œ; á„ᅵᆷ; ) HANGUL SYLLABLE GGIM +B08D;B08D;1101 1175 11B8;B08D;1101 1175 11B8; # (ë‚; ë‚; á„ᅵᆸ; ë‚; á„ᅵᆸ; ) HANGUL SYLLABLE GGIB +B08E;B08E;1101 1175 11B9;B08E;1101 1175 11B9; # (ë‚Ž; ë‚Ž; á„ᅵᆹ; ë‚Ž; á„ᅵᆹ; ) HANGUL SYLLABLE GGIBS +B08F;B08F;1101 1175 11BA;B08F;1101 1175 11BA; # (ë‚; ë‚; á„ᅵᆺ; ë‚; á„ᅵᆺ; ) HANGUL SYLLABLE GGIS +B090;B090;1101 1175 11BB;B090;1101 1175 11BB; # (ë‚; ë‚; á„ᅵᆻ; ë‚; á„ᅵᆻ; ) HANGUL SYLLABLE GGISS +B091;B091;1101 1175 11BC;B091;1101 1175 11BC; # (ë‚‘; ë‚‘; á„ᅵᆼ; ë‚‘; á„ᅵᆼ; ) HANGUL SYLLABLE GGING +B092;B092;1101 1175 11BD;B092;1101 1175 11BD; # (ë‚’; ë‚’; á„ᅵᆽ; ë‚’; á„ᅵᆽ; ) HANGUL SYLLABLE GGIJ +B093;B093;1101 1175 11BE;B093;1101 1175 11BE; # (ë‚“; ë‚“; á„ᅵᆾ; ë‚“; á„ᅵᆾ; ) HANGUL SYLLABLE GGIC +B094;B094;1101 1175 11BF;B094;1101 1175 11BF; # (ë‚”; ë‚”; á„ᅵᆿ; ë‚”; á„ᅵᆿ; ) HANGUL SYLLABLE GGIK +B095;B095;1101 1175 11C0;B095;1101 1175 11C0; # (ë‚•; ë‚•; á„ᅵᇀ; ë‚•; á„ᅵᇀ; ) HANGUL SYLLABLE GGIT +B096;B096;1101 1175 11C1;B096;1101 1175 11C1; # (ë‚–; ë‚–; á„á…µá‡; ë‚–; á„á…µá‡; ) HANGUL SYLLABLE GGIP +B097;B097;1101 1175 11C2;B097;1101 1175 11C2; # (ë‚—; ë‚—; á„ᅵᇂ; ë‚—; á„ᅵᇂ; ) HANGUL SYLLABLE GGIH +B098;B098;1102 1161;B098;1102 1161; # (나; 나; á„‚á…¡; 나; á„‚á…¡; ) HANGUL SYLLABLE NA +B099;B099;1102 1161 11A8;B099;1102 1161 11A8; # (ë‚™; ë‚™; 낙; ë‚™; 낙; ) HANGUL SYLLABLE NAG +B09A;B09A;1102 1161 11A9;B09A;1102 1161 11A9; # (ë‚š; ë‚š; 낚; ë‚š; 낚; ) HANGUL SYLLABLE NAGG +B09B;B09B;1102 1161 11AA;B09B;1102 1161 11AA; # (ë‚›; ë‚›; 낛; ë‚›; 낛; ) HANGUL SYLLABLE NAGS +B09C;B09C;1102 1161 11AB;B09C;1102 1161 11AB; # (ë‚œ; ë‚œ; 난; ë‚œ; 난; ) HANGUL SYLLABLE NAN +B09D;B09D;1102 1161 11AC;B09D;1102 1161 11AC; # (ë‚; ë‚; 낝; ë‚; 낝; ) HANGUL SYLLABLE NANJ +B09E;B09E;1102 1161 11AD;B09E;1102 1161 11AD; # (ë‚ž; ë‚ž; 낞; ë‚ž; 낞; ) HANGUL SYLLABLE NANH +B09F;B09F;1102 1161 11AE;B09F;1102 1161 11AE; # (ë‚Ÿ; ë‚Ÿ; 낟; ë‚Ÿ; 낟; ) HANGUL SYLLABLE NAD +B0A0;B0A0;1102 1161 11AF;B0A0;1102 1161 11AF; # (ë‚ ; ë‚ ; 날; ë‚ ; 날; ) HANGUL SYLLABLE NAL +B0A1;B0A1;1102 1161 11B0;B0A1;1102 1161 11B0; # (ë‚¡; ë‚¡; 낡; ë‚¡; 낡; ) HANGUL SYLLABLE NALG +B0A2;B0A2;1102 1161 11B1;B0A2;1102 1161 11B1; # (ë‚¢; ë‚¢; 낢; ë‚¢; 낢; ) HANGUL SYLLABLE NALM +B0A3;B0A3;1102 1161 11B2;B0A3;1102 1161 11B2; # (ë‚£; ë‚£; 낣; ë‚£; 낣; ) HANGUL SYLLABLE NALB +B0A4;B0A4;1102 1161 11B3;B0A4;1102 1161 11B3; # (낤; 낤; 낤; 낤; 낤; ) HANGUL SYLLABLE NALS +B0A5;B0A5;1102 1161 11B4;B0A5;1102 1161 11B4; # (ë‚¥; ë‚¥; 낥; ë‚¥; 낥; ) HANGUL SYLLABLE NALT +B0A6;B0A6;1102 1161 11B5;B0A6;1102 1161 11B5; # (낦; 낦; 낦; 낦; 낦; ) HANGUL SYLLABLE NALP +B0A7;B0A7;1102 1161 11B6;B0A7;1102 1161 11B6; # (낧; 낧; 낧; 낧; 낧; ) HANGUL SYLLABLE NALH +B0A8;B0A8;1102 1161 11B7;B0A8;1102 1161 11B7; # (남; 남; 남; 남; 남; ) HANGUL SYLLABLE NAM +B0A9;B0A9;1102 1161 11B8;B0A9;1102 1161 11B8; # (ë‚©; ë‚©; 납; ë‚©; 납; ) HANGUL SYLLABLE NAB +B0AA;B0AA;1102 1161 11B9;B0AA;1102 1161 11B9; # (낪; 낪; 낪; 낪; 낪; ) HANGUL SYLLABLE NABS +B0AB;B0AB;1102 1161 11BA;B0AB;1102 1161 11BA; # (ë‚«; ë‚«; 낫; ë‚«; 낫; ) HANGUL SYLLABLE NAS +B0AC;B0AC;1102 1161 11BB;B0AC;1102 1161 11BB; # (났; 났; 났; 났; 났; ) HANGUL SYLLABLE NASS +B0AD;B0AD;1102 1161 11BC;B0AD;1102 1161 11BC; # (ë‚­; ë‚­; 낭; ë‚­; 낭; ) HANGUL SYLLABLE NANG +B0AE;B0AE;1102 1161 11BD;B0AE;1102 1161 11BD; # (ë‚®; ë‚®; 낮; ë‚®; 낮; ) HANGUL SYLLABLE NAJ +B0AF;B0AF;1102 1161 11BE;B0AF;1102 1161 11BE; # (낯; 낯; 낯; 낯; 낯; ) HANGUL SYLLABLE NAC +B0B0;B0B0;1102 1161 11BF;B0B0;1102 1161 11BF; # (ë‚°; ë‚°; 낰; ë‚°; 낰; ) HANGUL SYLLABLE NAK +B0B1;B0B1;1102 1161 11C0;B0B1;1102 1161 11C0; # (낱; 낱; 낱; 낱; 낱; ) HANGUL SYLLABLE NAT +B0B2;B0B2;1102 1161 11C1;B0B2;1102 1161 11C1; # (낲; 낲; á„‚á…¡á‡; 낲; á„‚á…¡á‡; ) HANGUL SYLLABLE NAP +B0B3;B0B3;1102 1161 11C2;B0B3;1102 1161 11C2; # (낳; 낳; 낳; 낳; 낳; ) HANGUL SYLLABLE NAH +B0B4;B0B4;1102 1162;B0B4;1102 1162; # (ë‚´; ë‚´; á„‚á…¢; ë‚´; á„‚á…¢; ) HANGUL SYLLABLE NAE +B0B5;B0B5;1102 1162 11A8;B0B5;1102 1162 11A8; # (낵; 낵; 낵; 낵; 낵; ) HANGUL SYLLABLE NAEG +B0B6;B0B6;1102 1162 11A9;B0B6;1102 1162 11A9; # (낶; 낶; 낶; 낶; 낶; ) HANGUL SYLLABLE NAEGG +B0B7;B0B7;1102 1162 11AA;B0B7;1102 1162 11AA; # (ë‚·; ë‚·; 낷; ë‚·; 낷; ) HANGUL SYLLABLE NAEGS +B0B8;B0B8;1102 1162 11AB;B0B8;1102 1162 11AB; # (낸; 낸; 낸; 낸; 낸; ) HANGUL SYLLABLE NAEN +B0B9;B0B9;1102 1162 11AC;B0B9;1102 1162 11AC; # (낹; 낹; 낹; 낹; 낹; ) HANGUL SYLLABLE NAENJ +B0BA;B0BA;1102 1162 11AD;B0BA;1102 1162 11AD; # (낺; 낺; 낺; 낺; 낺; ) HANGUL SYLLABLE NAENH +B0BB;B0BB;1102 1162 11AE;B0BB;1102 1162 11AE; # (ë‚»; ë‚»; 낻; ë‚»; 낻; ) HANGUL SYLLABLE NAED +B0BC;B0BC;1102 1162 11AF;B0BC;1102 1162 11AF; # (낼; 낼; 낼; 낼; 낼; ) HANGUL SYLLABLE NAEL +B0BD;B0BD;1102 1162 11B0;B0BD;1102 1162 11B0; # (낽; 낽; 낽; 낽; 낽; ) HANGUL SYLLABLE NAELG +B0BE;B0BE;1102 1162 11B1;B0BE;1102 1162 11B1; # (낾; 낾; 낾; 낾; 낾; ) HANGUL SYLLABLE NAELM +B0BF;B0BF;1102 1162 11B2;B0BF;1102 1162 11B2; # (ë‚¿; ë‚¿; 낿; ë‚¿; 낿; ) HANGUL SYLLABLE NAELB +B0C0;B0C0;1102 1162 11B3;B0C0;1102 1162 11B3; # (냀; 냀; 냀; 냀; 냀; ) HANGUL SYLLABLE NAELS +B0C1;B0C1;1102 1162 11B4;B0C1;1102 1162 11B4; # (ëƒ; ëƒ; 냁; ëƒ; 냁; ) HANGUL SYLLABLE NAELT +B0C2;B0C2;1102 1162 11B5;B0C2;1102 1162 11B5; # (냂; 냂; 냂; 냂; 냂; ) HANGUL SYLLABLE NAELP +B0C3;B0C3;1102 1162 11B6;B0C3;1102 1162 11B6; # (냃; 냃; 냃; 냃; 냃; ) HANGUL SYLLABLE NAELH +B0C4;B0C4;1102 1162 11B7;B0C4;1102 1162 11B7; # (냄; 냄; 냄; 냄; 냄; ) HANGUL SYLLABLE NAEM +B0C5;B0C5;1102 1162 11B8;B0C5;1102 1162 11B8; # (냅; 냅; 냅; 냅; 냅; ) HANGUL SYLLABLE NAEB +B0C6;B0C6;1102 1162 11B9;B0C6;1102 1162 11B9; # (냆; 냆; 냆; 냆; 냆; ) HANGUL SYLLABLE NAEBS +B0C7;B0C7;1102 1162 11BA;B0C7;1102 1162 11BA; # (냇; 냇; 냇; 냇; 냇; ) HANGUL SYLLABLE NAES +B0C8;B0C8;1102 1162 11BB;B0C8;1102 1162 11BB; # (냈; 냈; 냈; 냈; 냈; ) HANGUL SYLLABLE NAESS +B0C9;B0C9;1102 1162 11BC;B0C9;1102 1162 11BC; # (냉; 냉; 냉; 냉; 냉; ) HANGUL SYLLABLE NAENG +B0CA;B0CA;1102 1162 11BD;B0CA;1102 1162 11BD; # (냊; 냊; 냊; 냊; 냊; ) HANGUL SYLLABLE NAEJ +B0CB;B0CB;1102 1162 11BE;B0CB;1102 1162 11BE; # (냋; 냋; 냋; 냋; 냋; ) HANGUL SYLLABLE NAEC +B0CC;B0CC;1102 1162 11BF;B0CC;1102 1162 11BF; # (냌; 냌; 냌; 냌; 냌; ) HANGUL SYLLABLE NAEK +B0CD;B0CD;1102 1162 11C0;B0CD;1102 1162 11C0; # (ëƒ; ëƒ; 냍; ëƒ; 냍; ) HANGUL SYLLABLE NAET +B0CE;B0CE;1102 1162 11C1;B0CE;1102 1162 11C1; # (냎; 냎; á„‚á…¢á‡; 냎; á„‚á…¢á‡; ) HANGUL SYLLABLE NAEP +B0CF;B0CF;1102 1162 11C2;B0CF;1102 1162 11C2; # (ëƒ; ëƒ; 냏; ëƒ; 냏; ) HANGUL SYLLABLE NAEH +B0D0;B0D0;1102 1163;B0D0;1102 1163; # (ëƒ; ëƒ; á„‚á…£; ëƒ; á„‚á…£; ) HANGUL SYLLABLE NYA +B0D1;B0D1;1102 1163 11A8;B0D1;1102 1163 11A8; # (냑; 냑; 냑; 냑; 냑; ) HANGUL SYLLABLE NYAG +B0D2;B0D2;1102 1163 11A9;B0D2;1102 1163 11A9; # (냒; 냒; 냒; 냒; 냒; ) HANGUL SYLLABLE NYAGG +B0D3;B0D3;1102 1163 11AA;B0D3;1102 1163 11AA; # (냓; 냓; 냓; 냓; 냓; ) HANGUL SYLLABLE NYAGS +B0D4;B0D4;1102 1163 11AB;B0D4;1102 1163 11AB; # (냔; 냔; 냔; 냔; 냔; ) HANGUL SYLLABLE NYAN +B0D5;B0D5;1102 1163 11AC;B0D5;1102 1163 11AC; # (냕; 냕; 냕; 냕; 냕; ) HANGUL SYLLABLE NYANJ +B0D6;B0D6;1102 1163 11AD;B0D6;1102 1163 11AD; # (냖; 냖; 냖; 냖; 냖; ) HANGUL SYLLABLE NYANH +B0D7;B0D7;1102 1163 11AE;B0D7;1102 1163 11AE; # (냗; 냗; 냗; 냗; 냗; ) HANGUL SYLLABLE NYAD +B0D8;B0D8;1102 1163 11AF;B0D8;1102 1163 11AF; # (냘; 냘; 냘; 냘; 냘; ) HANGUL SYLLABLE NYAL +B0D9;B0D9;1102 1163 11B0;B0D9;1102 1163 11B0; # (냙; 냙; 냙; 냙; 냙; ) HANGUL SYLLABLE NYALG +B0DA;B0DA;1102 1163 11B1;B0DA;1102 1163 11B1; # (냚; 냚; 냚; 냚; 냚; ) HANGUL SYLLABLE NYALM +B0DB;B0DB;1102 1163 11B2;B0DB;1102 1163 11B2; # (냛; 냛; 냛; 냛; 냛; ) HANGUL SYLLABLE NYALB +B0DC;B0DC;1102 1163 11B3;B0DC;1102 1163 11B3; # (냜; 냜; 냜; 냜; 냜; ) HANGUL SYLLABLE NYALS +B0DD;B0DD;1102 1163 11B4;B0DD;1102 1163 11B4; # (ëƒ; ëƒ; 냝; ëƒ; 냝; ) HANGUL SYLLABLE NYALT +B0DE;B0DE;1102 1163 11B5;B0DE;1102 1163 11B5; # (냞; 냞; 냞; 냞; 냞; ) HANGUL SYLLABLE NYALP +B0DF;B0DF;1102 1163 11B6;B0DF;1102 1163 11B6; # (냟; 냟; 냟; 냟; 냟; ) HANGUL SYLLABLE NYALH +B0E0;B0E0;1102 1163 11B7;B0E0;1102 1163 11B7; # (냠; 냠; 냠; 냠; 냠; ) HANGUL SYLLABLE NYAM +B0E1;B0E1;1102 1163 11B8;B0E1;1102 1163 11B8; # (냡; 냡; 냡; 냡; 냡; ) HANGUL SYLLABLE NYAB +B0E2;B0E2;1102 1163 11B9;B0E2;1102 1163 11B9; # (냢; 냢; 냢; 냢; 냢; ) HANGUL SYLLABLE NYABS +B0E3;B0E3;1102 1163 11BA;B0E3;1102 1163 11BA; # (냣; 냣; 냣; 냣; 냣; ) HANGUL SYLLABLE NYAS +B0E4;B0E4;1102 1163 11BB;B0E4;1102 1163 11BB; # (냤; 냤; 냤; 냤; 냤; ) HANGUL SYLLABLE NYASS +B0E5;B0E5;1102 1163 11BC;B0E5;1102 1163 11BC; # (냥; 냥; 냥; 냥; 냥; ) HANGUL SYLLABLE NYANG +B0E6;B0E6;1102 1163 11BD;B0E6;1102 1163 11BD; # (냦; 냦; 냦; 냦; 냦; ) HANGUL SYLLABLE NYAJ +B0E7;B0E7;1102 1163 11BE;B0E7;1102 1163 11BE; # (냧; 냧; 냧; 냧; 냧; ) HANGUL SYLLABLE NYAC +B0E8;B0E8;1102 1163 11BF;B0E8;1102 1163 11BF; # (냨; 냨; 냨; 냨; 냨; ) HANGUL SYLLABLE NYAK +B0E9;B0E9;1102 1163 11C0;B0E9;1102 1163 11C0; # (냩; 냩; 냩; 냩; 냩; ) HANGUL SYLLABLE NYAT +B0EA;B0EA;1102 1163 11C1;B0EA;1102 1163 11C1; # (냪; 냪; á„‚á…£á‡; 냪; á„‚á…£á‡; ) HANGUL SYLLABLE NYAP +B0EB;B0EB;1102 1163 11C2;B0EB;1102 1163 11C2; # (냫; 냫; 냫; 냫; 냫; ) HANGUL SYLLABLE NYAH +B0EC;B0EC;1102 1164;B0EC;1102 1164; # (냬; 냬; á„‚á…¤; 냬; á„‚á…¤; ) HANGUL SYLLABLE NYAE +B0ED;B0ED;1102 1164 11A8;B0ED;1102 1164 11A8; # (냭; 냭; 냭; 냭; 냭; ) HANGUL SYLLABLE NYAEG +B0EE;B0EE;1102 1164 11A9;B0EE;1102 1164 11A9; # (냮; 냮; 냮; 냮; 냮; ) HANGUL SYLLABLE NYAEGG +B0EF;B0EF;1102 1164 11AA;B0EF;1102 1164 11AA; # (냯; 냯; 냯; 냯; 냯; ) HANGUL SYLLABLE NYAEGS +B0F0;B0F0;1102 1164 11AB;B0F0;1102 1164 11AB; # (냰; 냰; 냰; 냰; 냰; ) HANGUL SYLLABLE NYAEN +B0F1;B0F1;1102 1164 11AC;B0F1;1102 1164 11AC; # (냱; 냱; 냱; 냱; 냱; ) HANGUL SYLLABLE NYAENJ +B0F2;B0F2;1102 1164 11AD;B0F2;1102 1164 11AD; # (냲; 냲; 냲; 냲; 냲; ) HANGUL SYLLABLE NYAENH +B0F3;B0F3;1102 1164 11AE;B0F3;1102 1164 11AE; # (냳; 냳; 냳; 냳; 냳; ) HANGUL SYLLABLE NYAED +B0F4;B0F4;1102 1164 11AF;B0F4;1102 1164 11AF; # (냴; 냴; 냴; 냴; 냴; ) HANGUL SYLLABLE NYAEL +B0F5;B0F5;1102 1164 11B0;B0F5;1102 1164 11B0; # (냵; 냵; 냵; 냵; 냵; ) HANGUL SYLLABLE NYAELG +B0F6;B0F6;1102 1164 11B1;B0F6;1102 1164 11B1; # (냶; 냶; 냶; 냶; 냶; ) HANGUL SYLLABLE NYAELM +B0F7;B0F7;1102 1164 11B2;B0F7;1102 1164 11B2; # (냷; 냷; 냷; 냷; 냷; ) HANGUL SYLLABLE NYAELB +B0F8;B0F8;1102 1164 11B3;B0F8;1102 1164 11B3; # (냸; 냸; 냸; 냸; 냸; ) HANGUL SYLLABLE NYAELS +B0F9;B0F9;1102 1164 11B4;B0F9;1102 1164 11B4; # (냹; 냹; 냹; 냹; 냹; ) HANGUL SYLLABLE NYAELT +B0FA;B0FA;1102 1164 11B5;B0FA;1102 1164 11B5; # (냺; 냺; 냺; 냺; 냺; ) HANGUL SYLLABLE NYAELP +B0FB;B0FB;1102 1164 11B6;B0FB;1102 1164 11B6; # (냻; 냻; 냻; 냻; 냻; ) HANGUL SYLLABLE NYAELH +B0FC;B0FC;1102 1164 11B7;B0FC;1102 1164 11B7; # (냼; 냼; 냼; 냼; 냼; ) HANGUL SYLLABLE NYAEM +B0FD;B0FD;1102 1164 11B8;B0FD;1102 1164 11B8; # (냽; 냽; 냽; 냽; 냽; ) HANGUL SYLLABLE NYAEB +B0FE;B0FE;1102 1164 11B9;B0FE;1102 1164 11B9; # (냾; 냾; 냾; 냾; 냾; ) HANGUL SYLLABLE NYAEBS +B0FF;B0FF;1102 1164 11BA;B0FF;1102 1164 11BA; # (냿; 냿; 냿; 냿; 냿; ) HANGUL SYLLABLE NYAES +B100;B100;1102 1164 11BB;B100;1102 1164 11BB; # (ë„€; ë„€; 넀; ë„€; 넀; ) HANGUL SYLLABLE NYAESS +B101;B101;1102 1164 11BC;B101;1102 1164 11BC; # (ë„; ë„; 넁; ë„; 넁; ) HANGUL SYLLABLE NYAENG +B102;B102;1102 1164 11BD;B102;1102 1164 11BD; # (ë„‚; ë„‚; 넂; ë„‚; 넂; ) HANGUL SYLLABLE NYAEJ +B103;B103;1102 1164 11BE;B103;1102 1164 11BE; # (넃; 넃; 넃; 넃; 넃; ) HANGUL SYLLABLE NYAEC +B104;B104;1102 1164 11BF;B104;1102 1164 11BF; # (ë„„; ë„„; 넄; ë„„; 넄; ) HANGUL SYLLABLE NYAEK +B105;B105;1102 1164 11C0;B105;1102 1164 11C0; # (ë„…; ë„…; 넅; ë„…; 넅; ) HANGUL SYLLABLE NYAET +B106;B106;1102 1164 11C1;B106;1102 1164 11C1; # (넆; 넆; á„‚á…¤á‡; 넆; á„‚á…¤á‡; ) HANGUL SYLLABLE NYAEP +B107;B107;1102 1164 11C2;B107;1102 1164 11C2; # (넇; 넇; 넇; 넇; 넇; ) HANGUL SYLLABLE NYAEH +B108;B108;1102 1165;B108;1102 1165; # (너; 너; á„‚á…¥; 너; á„‚á…¥; ) HANGUL SYLLABLE NEO +B109;B109;1102 1165 11A8;B109;1102 1165 11A8; # (넉; 넉; 넉; 넉; 넉; ) HANGUL SYLLABLE NEOG +B10A;B10A;1102 1165 11A9;B10A;1102 1165 11A9; # (ë„Š; ë„Š; 넊; ë„Š; 넊; ) HANGUL SYLLABLE NEOGG +B10B;B10B;1102 1165 11AA;B10B;1102 1165 11AA; # (ë„‹; ë„‹; 넋; ë„‹; 넋; ) HANGUL SYLLABLE NEOGS +B10C;B10C;1102 1165 11AB;B10C;1102 1165 11AB; # (ë„Œ; ë„Œ; 넌; ë„Œ; 넌; ) HANGUL SYLLABLE NEON +B10D;B10D;1102 1165 11AC;B10D;1102 1165 11AC; # (ë„; ë„; 넍; ë„; 넍; ) HANGUL SYLLABLE NEONJ +B10E;B10E;1102 1165 11AD;B10E;1102 1165 11AD; # (ë„Ž; ë„Ž; 넎; ë„Ž; 넎; ) HANGUL SYLLABLE NEONH +B10F;B10F;1102 1165 11AE;B10F;1102 1165 11AE; # (ë„; ë„; 넏; ë„; 넏; ) HANGUL SYLLABLE NEOD +B110;B110;1102 1165 11AF;B110;1102 1165 11AF; # (ë„; ë„; 널; ë„; 널; ) HANGUL SYLLABLE NEOL +B111;B111;1102 1165 11B0;B111;1102 1165 11B0; # (ë„‘; ë„‘; 넑; ë„‘; 넑; ) HANGUL SYLLABLE NEOLG +B112;B112;1102 1165 11B1;B112;1102 1165 11B1; # (ë„’; ë„’; 넒; ë„’; 넒; ) HANGUL SYLLABLE NEOLM +B113;B113;1102 1165 11B2;B113;1102 1165 11B2; # (ë„“; ë„“; 넓; ë„“; 넓; ) HANGUL SYLLABLE NEOLB +B114;B114;1102 1165 11B3;B114;1102 1165 11B3; # (ë„”; ë„”; 넔; ë„”; 넔; ) HANGUL SYLLABLE NEOLS +B115;B115;1102 1165 11B4;B115;1102 1165 11B4; # (ë„•; ë„•; 넕; ë„•; 넕; ) HANGUL SYLLABLE NEOLT +B116;B116;1102 1165 11B5;B116;1102 1165 11B5; # (ë„–; ë„–; 넖; ë„–; 넖; ) HANGUL SYLLABLE NEOLP +B117;B117;1102 1165 11B6;B117;1102 1165 11B6; # (ë„—; ë„—; 넗; ë„—; 넗; ) HANGUL SYLLABLE NEOLH +B118;B118;1102 1165 11B7;B118;1102 1165 11B7; # (넘; 넘; 넘; 넘; 넘; ) HANGUL SYLLABLE NEOM +B119;B119;1102 1165 11B8;B119;1102 1165 11B8; # (ë„™; ë„™; 넙; ë„™; 넙; ) HANGUL SYLLABLE NEOB +B11A;B11A;1102 1165 11B9;B11A;1102 1165 11B9; # (ë„š; ë„š; 넚; ë„š; 넚; ) HANGUL SYLLABLE NEOBS +B11B;B11B;1102 1165 11BA;B11B;1102 1165 11BA; # (ë„›; ë„›; 넛; ë„›; 넛; ) HANGUL SYLLABLE NEOS +B11C;B11C;1102 1165 11BB;B11C;1102 1165 11BB; # (ë„œ; ë„œ; 넜; ë„œ; 넜; ) HANGUL SYLLABLE NEOSS +B11D;B11D;1102 1165 11BC;B11D;1102 1165 11BC; # (ë„; ë„; 넝; ë„; 넝; ) HANGUL SYLLABLE NEONG +B11E;B11E;1102 1165 11BD;B11E;1102 1165 11BD; # (ë„ž; ë„ž; 넞; ë„ž; 넞; ) HANGUL SYLLABLE NEOJ +B11F;B11F;1102 1165 11BE;B11F;1102 1165 11BE; # (ë„Ÿ; ë„Ÿ; 넟; ë„Ÿ; 넟; ) HANGUL SYLLABLE NEOC +B120;B120;1102 1165 11BF;B120;1102 1165 11BF; # (ë„ ; ë„ ; 넠; ë„ ; 넠; ) HANGUL SYLLABLE NEOK +B121;B121;1102 1165 11C0;B121;1102 1165 11C0; # (ë„¡; ë„¡; 넡; ë„¡; 넡; ) HANGUL SYLLABLE NEOT +B122;B122;1102 1165 11C1;B122;1102 1165 11C1; # (ë„¢; ë„¢; á„‚á…¥á‡; ë„¢; á„‚á…¥á‡; ) HANGUL SYLLABLE NEOP +B123;B123;1102 1165 11C2;B123;1102 1165 11C2; # (ë„£; ë„£; 넣; ë„£; 넣; ) HANGUL SYLLABLE NEOH +B124;B124;1102 1166;B124;1102 1166; # (네; 네; á„‚á…¦; 네; á„‚á…¦; ) HANGUL SYLLABLE NE +B125;B125;1102 1166 11A8;B125;1102 1166 11A8; # (ë„¥; ë„¥; 넥; ë„¥; 넥; ) HANGUL SYLLABLE NEG +B126;B126;1102 1166 11A9;B126;1102 1166 11A9; # (넦; 넦; 넦; 넦; 넦; ) HANGUL SYLLABLE NEGG +B127;B127;1102 1166 11AA;B127;1102 1166 11AA; # (넧; 넧; 넧; 넧; 넧; ) HANGUL SYLLABLE NEGS +B128;B128;1102 1166 11AB;B128;1102 1166 11AB; # (넨; 넨; 넨; 넨; 넨; ) HANGUL SYLLABLE NEN +B129;B129;1102 1166 11AC;B129;1102 1166 11AC; # (ë„©; ë„©; 넩; ë„©; 넩; ) HANGUL SYLLABLE NENJ +B12A;B12A;1102 1166 11AD;B12A;1102 1166 11AD; # (넪; 넪; 넪; 넪; 넪; ) HANGUL SYLLABLE NENH +B12B;B12B;1102 1166 11AE;B12B;1102 1166 11AE; # (ë„«; ë„«; 넫; ë„«; 넫; ) HANGUL SYLLABLE NED +B12C;B12C;1102 1166 11AF;B12C;1102 1166 11AF; # (넬; 넬; 넬; 넬; 넬; ) HANGUL SYLLABLE NEL +B12D;B12D;1102 1166 11B0;B12D;1102 1166 11B0; # (ë„­; ë„­; 넭; ë„­; 넭; ) HANGUL SYLLABLE NELG +B12E;B12E;1102 1166 11B1;B12E;1102 1166 11B1; # (ë„®; ë„®; 넮; ë„®; 넮; ) HANGUL SYLLABLE NELM +B12F;B12F;1102 1166 11B2;B12F;1102 1166 11B2; # (넯; 넯; 넯; 넯; 넯; ) HANGUL SYLLABLE NELB +B130;B130;1102 1166 11B3;B130;1102 1166 11B3; # (ë„°; ë„°; 넰; ë„°; 넰; ) HANGUL SYLLABLE NELS +B131;B131;1102 1166 11B4;B131;1102 1166 11B4; # (넱; 넱; 넱; 넱; 넱; ) HANGUL SYLLABLE NELT +B132;B132;1102 1166 11B5;B132;1102 1166 11B5; # (넲; 넲; 넲; 넲; 넲; ) HANGUL SYLLABLE NELP +B133;B133;1102 1166 11B6;B133;1102 1166 11B6; # (넳; 넳; 넳; 넳; 넳; ) HANGUL SYLLABLE NELH +B134;B134;1102 1166 11B7;B134;1102 1166 11B7; # (ë„´; ë„´; 넴; ë„´; 넴; ) HANGUL SYLLABLE NEM +B135;B135;1102 1166 11B8;B135;1102 1166 11B8; # (넵; 넵; 넵; 넵; 넵; ) HANGUL SYLLABLE NEB +B136;B136;1102 1166 11B9;B136;1102 1166 11B9; # (넶; 넶; 넶; 넶; 넶; ) HANGUL SYLLABLE NEBS +B137;B137;1102 1166 11BA;B137;1102 1166 11BA; # (ë„·; ë„·; 넷; ë„·; 넷; ) HANGUL SYLLABLE NES +B138;B138;1102 1166 11BB;B138;1102 1166 11BB; # (넸; 넸; 넸; 넸; 넸; ) HANGUL SYLLABLE NESS +B139;B139;1102 1166 11BC;B139;1102 1166 11BC; # (넹; 넹; 넹; 넹; 넹; ) HANGUL SYLLABLE NENG +B13A;B13A;1102 1166 11BD;B13A;1102 1166 11BD; # (넺; 넺; 넺; 넺; 넺; ) HANGUL SYLLABLE NEJ +B13B;B13B;1102 1166 11BE;B13B;1102 1166 11BE; # (ë„»; ë„»; 넻; ë„»; 넻; ) HANGUL SYLLABLE NEC +B13C;B13C;1102 1166 11BF;B13C;1102 1166 11BF; # (넼; 넼; 넼; 넼; 넼; ) HANGUL SYLLABLE NEK +B13D;B13D;1102 1166 11C0;B13D;1102 1166 11C0; # (넽; 넽; 넽; 넽; 넽; ) HANGUL SYLLABLE NET +B13E;B13E;1102 1166 11C1;B13E;1102 1166 11C1; # (넾; 넾; á„‚á…¦á‡; 넾; á„‚á…¦á‡; ) HANGUL SYLLABLE NEP +B13F;B13F;1102 1166 11C2;B13F;1102 1166 11C2; # (ë„¿; ë„¿; 넿; ë„¿; 넿; ) HANGUL SYLLABLE NEH +B140;B140;1102 1167;B140;1102 1167; # (ë…€; ë…€; á„‚á…§; ë…€; á„‚á…§; ) HANGUL SYLLABLE NYEO +B141;B141;1102 1167 11A8;B141;1102 1167 11A8; # (ë…; ë…; 녁; ë…; 녁; ) HANGUL SYLLABLE NYEOG +B142;B142;1102 1167 11A9;B142;1102 1167 11A9; # (ë…‚; ë…‚; 녂; ë…‚; 녂; ) HANGUL SYLLABLE NYEOGG +B143;B143;1102 1167 11AA;B143;1102 1167 11AA; # (ë…ƒ; ë…ƒ; 녃; ë…ƒ; 녃; ) HANGUL SYLLABLE NYEOGS +B144;B144;1102 1167 11AB;B144;1102 1167 11AB; # (ë…„; ë…„; 년; ë…„; 년; ) HANGUL SYLLABLE NYEON +B145;B145;1102 1167 11AC;B145;1102 1167 11AC; # (ë……; ë……; 녅; ë……; 녅; ) HANGUL SYLLABLE NYEONJ +B146;B146;1102 1167 11AD;B146;1102 1167 11AD; # (ë…†; ë…†; 녆; ë…†; 녆; ) HANGUL SYLLABLE NYEONH +B147;B147;1102 1167 11AE;B147;1102 1167 11AE; # (ë…‡; ë…‡; 녇; ë…‡; 녇; ) HANGUL SYLLABLE NYEOD +B148;B148;1102 1167 11AF;B148;1102 1167 11AF; # (ë…ˆ; ë…ˆ; 녈; ë…ˆ; 녈; ) HANGUL SYLLABLE NYEOL +B149;B149;1102 1167 11B0;B149;1102 1167 11B0; # (ë…‰; ë…‰; 녉; ë…‰; 녉; ) HANGUL SYLLABLE NYEOLG +B14A;B14A;1102 1167 11B1;B14A;1102 1167 11B1; # (ë…Š; ë…Š; 녊; ë…Š; 녊; ) HANGUL SYLLABLE NYEOLM +B14B;B14B;1102 1167 11B2;B14B;1102 1167 11B2; # (ë…‹; ë…‹; 녋; ë…‹; 녋; ) HANGUL SYLLABLE NYEOLB +B14C;B14C;1102 1167 11B3;B14C;1102 1167 11B3; # (ë…Œ; ë…Œ; 녌; ë…Œ; 녌; ) HANGUL SYLLABLE NYEOLS +B14D;B14D;1102 1167 11B4;B14D;1102 1167 11B4; # (ë…; ë…; 녍; ë…; 녍; ) HANGUL SYLLABLE NYEOLT +B14E;B14E;1102 1167 11B5;B14E;1102 1167 11B5; # (ë…Ž; ë…Ž; 녎; ë…Ž; 녎; ) HANGUL SYLLABLE NYEOLP +B14F;B14F;1102 1167 11B6;B14F;1102 1167 11B6; # (ë…; ë…; 녏; ë…; 녏; ) HANGUL SYLLABLE NYEOLH +B150;B150;1102 1167 11B7;B150;1102 1167 11B7; # (ë…; ë…; 념; ë…; 념; ) HANGUL SYLLABLE NYEOM +B151;B151;1102 1167 11B8;B151;1102 1167 11B8; # (ë…‘; ë…‘; 녑; ë…‘; 녑; ) HANGUL SYLLABLE NYEOB +B152;B152;1102 1167 11B9;B152;1102 1167 11B9; # (ë…’; ë…’; 녒; ë…’; 녒; ) HANGUL SYLLABLE NYEOBS +B153;B153;1102 1167 11BA;B153;1102 1167 11BA; # (ë…“; ë…“; 녓; ë…“; 녓; ) HANGUL SYLLABLE NYEOS +B154;B154;1102 1167 11BB;B154;1102 1167 11BB; # (ë…”; ë…”; 녔; ë…”; 녔; ) HANGUL SYLLABLE NYEOSS +B155;B155;1102 1167 11BC;B155;1102 1167 11BC; # (ë…•; ë…•; 녕; ë…•; 녕; ) HANGUL SYLLABLE NYEONG +B156;B156;1102 1167 11BD;B156;1102 1167 11BD; # (ë…–; ë…–; 녖; ë…–; 녖; ) HANGUL SYLLABLE NYEOJ +B157;B157;1102 1167 11BE;B157;1102 1167 11BE; # (ë…—; ë…—; 녗; ë…—; 녗; ) HANGUL SYLLABLE NYEOC +B158;B158;1102 1167 11BF;B158;1102 1167 11BF; # (ë…˜; ë…˜; 녘; ë…˜; 녘; ) HANGUL SYLLABLE NYEOK +B159;B159;1102 1167 11C0;B159;1102 1167 11C0; # (ë…™; ë…™; 녙; ë…™; 녙; ) HANGUL SYLLABLE NYEOT +B15A;B15A;1102 1167 11C1;B15A;1102 1167 11C1; # (ë…š; ë…š; á„‚á…§á‡; ë…š; á„‚á…§á‡; ) HANGUL SYLLABLE NYEOP +B15B;B15B;1102 1167 11C2;B15B;1102 1167 11C2; # (ë…›; ë…›; 녛; ë…›; 녛; ) HANGUL SYLLABLE NYEOH +B15C;B15C;1102 1168;B15C;1102 1168; # (ë…œ; ë…œ; á„‚á…¨; ë…œ; á„‚á…¨; ) HANGUL SYLLABLE NYE +B15D;B15D;1102 1168 11A8;B15D;1102 1168 11A8; # (ë…; ë…; 녝; ë…; 녝; ) HANGUL SYLLABLE NYEG +B15E;B15E;1102 1168 11A9;B15E;1102 1168 11A9; # (ë…ž; ë…ž; 녞; ë…ž; 녞; ) HANGUL SYLLABLE NYEGG +B15F;B15F;1102 1168 11AA;B15F;1102 1168 11AA; # (ë…Ÿ; ë…Ÿ; 녟; ë…Ÿ; 녟; ) HANGUL SYLLABLE NYEGS +B160;B160;1102 1168 11AB;B160;1102 1168 11AB; # (ë… ; ë… ; 녠; ë… ; 녠; ) HANGUL SYLLABLE NYEN +B161;B161;1102 1168 11AC;B161;1102 1168 11AC; # (ë…¡; ë…¡; 녡; ë…¡; 녡; ) HANGUL SYLLABLE NYENJ +B162;B162;1102 1168 11AD;B162;1102 1168 11AD; # (ë…¢; ë…¢; 녢; ë…¢; 녢; ) HANGUL SYLLABLE NYENH +B163;B163;1102 1168 11AE;B163;1102 1168 11AE; # (ë…£; ë…£; 녣; ë…£; 녣; ) HANGUL SYLLABLE NYED +B164;B164;1102 1168 11AF;B164;1102 1168 11AF; # (ë…¤; ë…¤; 녤; ë…¤; 녤; ) HANGUL SYLLABLE NYEL +B165;B165;1102 1168 11B0;B165;1102 1168 11B0; # (ë…¥; ë…¥; 녥; ë…¥; 녥; ) HANGUL SYLLABLE NYELG +B166;B166;1102 1168 11B1;B166;1102 1168 11B1; # (ë…¦; ë…¦; 녦; ë…¦; 녦; ) HANGUL SYLLABLE NYELM +B167;B167;1102 1168 11B2;B167;1102 1168 11B2; # (ë…§; ë…§; 녧; ë…§; 녧; ) HANGUL SYLLABLE NYELB +B168;B168;1102 1168 11B3;B168;1102 1168 11B3; # (ë…¨; ë…¨; 녨; ë…¨; 녨; ) HANGUL SYLLABLE NYELS +B169;B169;1102 1168 11B4;B169;1102 1168 11B4; # (ë…©; ë…©; 녩; ë…©; 녩; ) HANGUL SYLLABLE NYELT +B16A;B16A;1102 1168 11B5;B16A;1102 1168 11B5; # (ë…ª; ë…ª; 녪; ë…ª; 녪; ) HANGUL SYLLABLE NYELP +B16B;B16B;1102 1168 11B6;B16B;1102 1168 11B6; # (ë…«; ë…«; 녫; ë…«; 녫; ) HANGUL SYLLABLE NYELH +B16C;B16C;1102 1168 11B7;B16C;1102 1168 11B7; # (ë…¬; ë…¬; 녬; ë…¬; 녬; ) HANGUL SYLLABLE NYEM +B16D;B16D;1102 1168 11B8;B16D;1102 1168 11B8; # (ë…­; ë…­; 녭; ë…­; 녭; ) HANGUL SYLLABLE NYEB +B16E;B16E;1102 1168 11B9;B16E;1102 1168 11B9; # (ë…®; ë…®; 녮; ë…®; 녮; ) HANGUL SYLLABLE NYEBS +B16F;B16F;1102 1168 11BA;B16F;1102 1168 11BA; # (ë…¯; ë…¯; 녯; ë…¯; 녯; ) HANGUL SYLLABLE NYES +B170;B170;1102 1168 11BB;B170;1102 1168 11BB; # (ë…°; ë…°; 녰; ë…°; 녰; ) HANGUL SYLLABLE NYESS +B171;B171;1102 1168 11BC;B171;1102 1168 11BC; # (ë…±; ë…±; 녱; ë…±; 녱; ) HANGUL SYLLABLE NYENG +B172;B172;1102 1168 11BD;B172;1102 1168 11BD; # (ë…²; ë…²; 녲; ë…²; 녲; ) HANGUL SYLLABLE NYEJ +B173;B173;1102 1168 11BE;B173;1102 1168 11BE; # (ë…³; ë…³; 녳; ë…³; 녳; ) HANGUL SYLLABLE NYEC +B174;B174;1102 1168 11BF;B174;1102 1168 11BF; # (ë…´; ë…´; 녴; ë…´; 녴; ) HANGUL SYLLABLE NYEK +B175;B175;1102 1168 11C0;B175;1102 1168 11C0; # (ë…µ; ë…µ; 녵; ë…µ; 녵; ) HANGUL SYLLABLE NYET +B176;B176;1102 1168 11C1;B176;1102 1168 11C1; # (ë…¶; ë…¶; á„‚á…¨á‡; ë…¶; á„‚á…¨á‡; ) HANGUL SYLLABLE NYEP +B177;B177;1102 1168 11C2;B177;1102 1168 11C2; # (ë…·; ë…·; 녷; ë…·; 녷; ) HANGUL SYLLABLE NYEH +B178;B178;1102 1169;B178;1102 1169; # (ë…¸; ë…¸; á„‚á…©; ë…¸; á„‚á…©; ) HANGUL SYLLABLE NO +B179;B179;1102 1169 11A8;B179;1102 1169 11A8; # (ë…¹; ë…¹; 녹; ë…¹; 녹; ) HANGUL SYLLABLE NOG +B17A;B17A;1102 1169 11A9;B17A;1102 1169 11A9; # (ë…º; ë…º; 녺; ë…º; 녺; ) HANGUL SYLLABLE NOGG +B17B;B17B;1102 1169 11AA;B17B;1102 1169 11AA; # (ë…»; ë…»; 녻; ë…»; 녻; ) HANGUL SYLLABLE NOGS +B17C;B17C;1102 1169 11AB;B17C;1102 1169 11AB; # (ë…¼; ë…¼; 논; ë…¼; 논; ) HANGUL SYLLABLE NON +B17D;B17D;1102 1169 11AC;B17D;1102 1169 11AC; # (ë…½; ë…½; 녽; ë…½; 녽; ) HANGUL SYLLABLE NONJ +B17E;B17E;1102 1169 11AD;B17E;1102 1169 11AD; # (ë…¾; ë…¾; 녾; ë…¾; 녾; ) HANGUL SYLLABLE NONH +B17F;B17F;1102 1169 11AE;B17F;1102 1169 11AE; # (ë…¿; ë…¿; 녿; ë…¿; 녿; ) HANGUL SYLLABLE NOD +B180;B180;1102 1169 11AF;B180;1102 1169 11AF; # (놀; 놀; 놀; 놀; 놀; ) HANGUL SYLLABLE NOL +B181;B181;1102 1169 11B0;B181;1102 1169 11B0; # (ë†; ë†; 놁; ë†; 놁; ) HANGUL SYLLABLE NOLG +B182;B182;1102 1169 11B1;B182;1102 1169 11B1; # (놂; 놂; 놂; 놂; 놂; ) HANGUL SYLLABLE NOLM +B183;B183;1102 1169 11B2;B183;1102 1169 11B2; # (놃; 놃; 놃; 놃; 놃; ) HANGUL SYLLABLE NOLB +B184;B184;1102 1169 11B3;B184;1102 1169 11B3; # (놄; 놄; 놄; 놄; 놄; ) HANGUL SYLLABLE NOLS +B185;B185;1102 1169 11B4;B185;1102 1169 11B4; # (놅; 놅; 놅; 놅; 놅; ) HANGUL SYLLABLE NOLT +B186;B186;1102 1169 11B5;B186;1102 1169 11B5; # (놆; 놆; 놆; 놆; 놆; ) HANGUL SYLLABLE NOLP +B187;B187;1102 1169 11B6;B187;1102 1169 11B6; # (놇; 놇; 놇; 놇; 놇; ) HANGUL SYLLABLE NOLH +B188;B188;1102 1169 11B7;B188;1102 1169 11B7; # (놈; 놈; 놈; 놈; 놈; ) HANGUL SYLLABLE NOM +B189;B189;1102 1169 11B8;B189;1102 1169 11B8; # (놉; 놉; 놉; 놉; 놉; ) HANGUL SYLLABLE NOB +B18A;B18A;1102 1169 11B9;B18A;1102 1169 11B9; # (놊; 놊; 놊; 놊; 놊; ) HANGUL SYLLABLE NOBS +B18B;B18B;1102 1169 11BA;B18B;1102 1169 11BA; # (놋; 놋; 놋; 놋; 놋; ) HANGUL SYLLABLE NOS +B18C;B18C;1102 1169 11BB;B18C;1102 1169 11BB; # (놌; 놌; 놌; 놌; 놌; ) HANGUL SYLLABLE NOSS +B18D;B18D;1102 1169 11BC;B18D;1102 1169 11BC; # (ë†; ë†; 농; ë†; 농; ) HANGUL SYLLABLE NONG +B18E;B18E;1102 1169 11BD;B18E;1102 1169 11BD; # (놎; 놎; 놎; 놎; 놎; ) HANGUL SYLLABLE NOJ +B18F;B18F;1102 1169 11BE;B18F;1102 1169 11BE; # (ë†; ë†; 놏; ë†; 놏; ) HANGUL SYLLABLE NOC +B190;B190;1102 1169 11BF;B190;1102 1169 11BF; # (ë†; ë†; 놐; ë†; 놐; ) HANGUL SYLLABLE NOK +B191;B191;1102 1169 11C0;B191;1102 1169 11C0; # (놑; 놑; 놑; 놑; 놑; ) HANGUL SYLLABLE NOT +B192;B192;1102 1169 11C1;B192;1102 1169 11C1; # (높; 높; á„‚á…©á‡; 높; á„‚á…©á‡; ) HANGUL SYLLABLE NOP +B193;B193;1102 1169 11C2;B193;1102 1169 11C2; # (놓; 놓; 놓; 놓; 놓; ) HANGUL SYLLABLE NOH +B194;B194;1102 116A;B194;1102 116A; # (놔; 놔; á„‚á…ª; 놔; á„‚á…ª; ) HANGUL SYLLABLE NWA +B195;B195;1102 116A 11A8;B195;1102 116A 11A8; # (놕; 놕; 놕; 놕; 놕; ) HANGUL SYLLABLE NWAG +B196;B196;1102 116A 11A9;B196;1102 116A 11A9; # (놖; 놖; 놖; 놖; 놖; ) HANGUL SYLLABLE NWAGG +B197;B197;1102 116A 11AA;B197;1102 116A 11AA; # (놗; 놗; 놗; 놗; 놗; ) HANGUL SYLLABLE NWAGS +B198;B198;1102 116A 11AB;B198;1102 116A 11AB; # (놘; 놘; 놘; 놘; 놘; ) HANGUL SYLLABLE NWAN +B199;B199;1102 116A 11AC;B199;1102 116A 11AC; # (놙; 놙; 놙; 놙; 놙; ) HANGUL SYLLABLE NWANJ +B19A;B19A;1102 116A 11AD;B19A;1102 116A 11AD; # (놚; 놚; 놚; 놚; 놚; ) HANGUL SYLLABLE NWANH +B19B;B19B;1102 116A 11AE;B19B;1102 116A 11AE; # (놛; 놛; 놛; 놛; 놛; ) HANGUL SYLLABLE NWAD +B19C;B19C;1102 116A 11AF;B19C;1102 116A 11AF; # (놜; 놜; 놜; 놜; 놜; ) HANGUL SYLLABLE NWAL +B19D;B19D;1102 116A 11B0;B19D;1102 116A 11B0; # (ë†; ë†; 놝; ë†; 놝; ) HANGUL SYLLABLE NWALG +B19E;B19E;1102 116A 11B1;B19E;1102 116A 11B1; # (놞; 놞; 놞; 놞; 놞; ) HANGUL SYLLABLE NWALM +B19F;B19F;1102 116A 11B2;B19F;1102 116A 11B2; # (놟; 놟; 놟; 놟; 놟; ) HANGUL SYLLABLE NWALB +B1A0;B1A0;1102 116A 11B3;B1A0;1102 116A 11B3; # (놠; 놠; 놠; 놠; 놠; ) HANGUL SYLLABLE NWALS +B1A1;B1A1;1102 116A 11B4;B1A1;1102 116A 11B4; # (놡; 놡; 놡; 놡; 놡; ) HANGUL SYLLABLE NWALT +B1A2;B1A2;1102 116A 11B5;B1A2;1102 116A 11B5; # (놢; 놢; 놢; 놢; 놢; ) HANGUL SYLLABLE NWALP +B1A3;B1A3;1102 116A 11B6;B1A3;1102 116A 11B6; # (놣; 놣; 놣; 놣; 놣; ) HANGUL SYLLABLE NWALH +B1A4;B1A4;1102 116A 11B7;B1A4;1102 116A 11B7; # (놤; 놤; 놤; 놤; 놤; ) HANGUL SYLLABLE NWAM +B1A5;B1A5;1102 116A 11B8;B1A5;1102 116A 11B8; # (놥; 놥; 놥; 놥; 놥; ) HANGUL SYLLABLE NWAB +B1A6;B1A6;1102 116A 11B9;B1A6;1102 116A 11B9; # (놦; 놦; 놦; 놦; 놦; ) HANGUL SYLLABLE NWABS +B1A7;B1A7;1102 116A 11BA;B1A7;1102 116A 11BA; # (놧; 놧; 놧; 놧; 놧; ) HANGUL SYLLABLE NWAS +B1A8;B1A8;1102 116A 11BB;B1A8;1102 116A 11BB; # (놨; 놨; 놨; 놨; 놨; ) HANGUL SYLLABLE NWASS +B1A9;B1A9;1102 116A 11BC;B1A9;1102 116A 11BC; # (놩; 놩; 놩; 놩; 놩; ) HANGUL SYLLABLE NWANG +B1AA;B1AA;1102 116A 11BD;B1AA;1102 116A 11BD; # (놪; 놪; 놪; 놪; 놪; ) HANGUL SYLLABLE NWAJ +B1AB;B1AB;1102 116A 11BE;B1AB;1102 116A 11BE; # (놫; 놫; 놫; 놫; 놫; ) HANGUL SYLLABLE NWAC +B1AC;B1AC;1102 116A 11BF;B1AC;1102 116A 11BF; # (놬; 놬; 놬; 놬; 놬; ) HANGUL SYLLABLE NWAK +B1AD;B1AD;1102 116A 11C0;B1AD;1102 116A 11C0; # (놭; 놭; 놭; 놭; 놭; ) HANGUL SYLLABLE NWAT +B1AE;B1AE;1102 116A 11C1;B1AE;1102 116A 11C1; # (놮; 놮; á„‚á…ªá‡; 놮; á„‚á…ªá‡; ) HANGUL SYLLABLE NWAP +B1AF;B1AF;1102 116A 11C2;B1AF;1102 116A 11C2; # (놯; 놯; 놯; 놯; 놯; ) HANGUL SYLLABLE NWAH +B1B0;B1B0;1102 116B;B1B0;1102 116B; # (놰; 놰; á„‚á…«; 놰; á„‚á…«; ) HANGUL SYLLABLE NWAE +B1B1;B1B1;1102 116B 11A8;B1B1;1102 116B 11A8; # (놱; 놱; 놱; 놱; 놱; ) HANGUL SYLLABLE NWAEG +B1B2;B1B2;1102 116B 11A9;B1B2;1102 116B 11A9; # (놲; 놲; 놲; 놲; 놲; ) HANGUL SYLLABLE NWAEGG +B1B3;B1B3;1102 116B 11AA;B1B3;1102 116B 11AA; # (놳; 놳; 놳; 놳; 놳; ) HANGUL SYLLABLE NWAEGS +B1B4;B1B4;1102 116B 11AB;B1B4;1102 116B 11AB; # (놴; 놴; 놴; 놴; 놴; ) HANGUL SYLLABLE NWAEN +B1B5;B1B5;1102 116B 11AC;B1B5;1102 116B 11AC; # (놵; 놵; 놵; 놵; 놵; ) HANGUL SYLLABLE NWAENJ +B1B6;B1B6;1102 116B 11AD;B1B6;1102 116B 11AD; # (놶; 놶; 놶; 놶; 놶; ) HANGUL SYLLABLE NWAENH +B1B7;B1B7;1102 116B 11AE;B1B7;1102 116B 11AE; # (놷; 놷; 놷; 놷; 놷; ) HANGUL SYLLABLE NWAED +B1B8;B1B8;1102 116B 11AF;B1B8;1102 116B 11AF; # (놸; 놸; 놸; 놸; 놸; ) HANGUL SYLLABLE NWAEL +B1B9;B1B9;1102 116B 11B0;B1B9;1102 116B 11B0; # (놹; 놹; 놹; 놹; 놹; ) HANGUL SYLLABLE NWAELG +B1BA;B1BA;1102 116B 11B1;B1BA;1102 116B 11B1; # (놺; 놺; 놺; 놺; 놺; ) HANGUL SYLLABLE NWAELM +B1BB;B1BB;1102 116B 11B2;B1BB;1102 116B 11B2; # (놻; 놻; 놻; 놻; 놻; ) HANGUL SYLLABLE NWAELB +B1BC;B1BC;1102 116B 11B3;B1BC;1102 116B 11B3; # (놼; 놼; 놼; 놼; 놼; ) HANGUL SYLLABLE NWAELS +B1BD;B1BD;1102 116B 11B4;B1BD;1102 116B 11B4; # (놽; 놽; 놽; 놽; 놽; ) HANGUL SYLLABLE NWAELT +B1BE;B1BE;1102 116B 11B5;B1BE;1102 116B 11B5; # (놾; 놾; 놾; 놾; 놾; ) HANGUL SYLLABLE NWAELP +B1BF;B1BF;1102 116B 11B6;B1BF;1102 116B 11B6; # (놿; 놿; 놿; 놿; 놿; ) HANGUL SYLLABLE NWAELH +B1C0;B1C0;1102 116B 11B7;B1C0;1102 116B 11B7; # (뇀; 뇀; 뇀; 뇀; 뇀; ) HANGUL SYLLABLE NWAEM +B1C1;B1C1;1102 116B 11B8;B1C1;1102 116B 11B8; # (ë‡; ë‡; 뇁; ë‡; 뇁; ) HANGUL SYLLABLE NWAEB +B1C2;B1C2;1102 116B 11B9;B1C2;1102 116B 11B9; # (뇂; 뇂; 뇂; 뇂; 뇂; ) HANGUL SYLLABLE NWAEBS +B1C3;B1C3;1102 116B 11BA;B1C3;1102 116B 11BA; # (뇃; 뇃; 뇃; 뇃; 뇃; ) HANGUL SYLLABLE NWAES +B1C4;B1C4;1102 116B 11BB;B1C4;1102 116B 11BB; # (뇄; 뇄; 뇄; 뇄; 뇄; ) HANGUL SYLLABLE NWAESS +B1C5;B1C5;1102 116B 11BC;B1C5;1102 116B 11BC; # (뇅; 뇅; 뇅; 뇅; 뇅; ) HANGUL SYLLABLE NWAENG +B1C6;B1C6;1102 116B 11BD;B1C6;1102 116B 11BD; # (뇆; 뇆; 뇆; 뇆; 뇆; ) HANGUL SYLLABLE NWAEJ +B1C7;B1C7;1102 116B 11BE;B1C7;1102 116B 11BE; # (뇇; 뇇; 뇇; 뇇; 뇇; ) HANGUL SYLLABLE NWAEC +B1C8;B1C8;1102 116B 11BF;B1C8;1102 116B 11BF; # (뇈; 뇈; 뇈; 뇈; 뇈; ) HANGUL SYLLABLE NWAEK +B1C9;B1C9;1102 116B 11C0;B1C9;1102 116B 11C0; # (뇉; 뇉; 뇉; 뇉; 뇉; ) HANGUL SYLLABLE NWAET +B1CA;B1CA;1102 116B 11C1;B1CA;1102 116B 11C1; # (뇊; 뇊; á„‚á…«á‡; 뇊; á„‚á…«á‡; ) HANGUL SYLLABLE NWAEP +B1CB;B1CB;1102 116B 11C2;B1CB;1102 116B 11C2; # (뇋; 뇋; 뇋; 뇋; 뇋; ) HANGUL SYLLABLE NWAEH +B1CC;B1CC;1102 116C;B1CC;1102 116C; # (뇌; 뇌; á„‚á…¬; 뇌; á„‚á…¬; ) HANGUL SYLLABLE NOE +B1CD;B1CD;1102 116C 11A8;B1CD;1102 116C 11A8; # (ë‡; ë‡; 뇍; ë‡; 뇍; ) HANGUL SYLLABLE NOEG +B1CE;B1CE;1102 116C 11A9;B1CE;1102 116C 11A9; # (뇎; 뇎; 뇎; 뇎; 뇎; ) HANGUL SYLLABLE NOEGG +B1CF;B1CF;1102 116C 11AA;B1CF;1102 116C 11AA; # (ë‡; ë‡; 뇏; ë‡; 뇏; ) HANGUL SYLLABLE NOEGS +B1D0;B1D0;1102 116C 11AB;B1D0;1102 116C 11AB; # (ë‡; ë‡; 뇐; ë‡; 뇐; ) HANGUL SYLLABLE NOEN +B1D1;B1D1;1102 116C 11AC;B1D1;1102 116C 11AC; # (뇑; 뇑; 뇑; 뇑; 뇑; ) HANGUL SYLLABLE NOENJ +B1D2;B1D2;1102 116C 11AD;B1D2;1102 116C 11AD; # (뇒; 뇒; 뇒; 뇒; 뇒; ) HANGUL SYLLABLE NOENH +B1D3;B1D3;1102 116C 11AE;B1D3;1102 116C 11AE; # (뇓; 뇓; 뇓; 뇓; 뇓; ) HANGUL SYLLABLE NOED +B1D4;B1D4;1102 116C 11AF;B1D4;1102 116C 11AF; # (뇔; 뇔; 뇔; 뇔; 뇔; ) HANGUL SYLLABLE NOEL +B1D5;B1D5;1102 116C 11B0;B1D5;1102 116C 11B0; # (뇕; 뇕; 뇕; 뇕; 뇕; ) HANGUL SYLLABLE NOELG +B1D6;B1D6;1102 116C 11B1;B1D6;1102 116C 11B1; # (뇖; 뇖; 뇖; 뇖; 뇖; ) HANGUL SYLLABLE NOELM +B1D7;B1D7;1102 116C 11B2;B1D7;1102 116C 11B2; # (뇗; 뇗; 뇗; 뇗; 뇗; ) HANGUL SYLLABLE NOELB +B1D8;B1D8;1102 116C 11B3;B1D8;1102 116C 11B3; # (뇘; 뇘; 뇘; 뇘; 뇘; ) HANGUL SYLLABLE NOELS +B1D9;B1D9;1102 116C 11B4;B1D9;1102 116C 11B4; # (뇙; 뇙; 뇙; 뇙; 뇙; ) HANGUL SYLLABLE NOELT +B1DA;B1DA;1102 116C 11B5;B1DA;1102 116C 11B5; # (뇚; 뇚; 뇚; 뇚; 뇚; ) HANGUL SYLLABLE NOELP +B1DB;B1DB;1102 116C 11B6;B1DB;1102 116C 11B6; # (뇛; 뇛; 뇛; 뇛; 뇛; ) HANGUL SYLLABLE NOELH +B1DC;B1DC;1102 116C 11B7;B1DC;1102 116C 11B7; # (뇜; 뇜; 뇜; 뇜; 뇜; ) HANGUL SYLLABLE NOEM +B1DD;B1DD;1102 116C 11B8;B1DD;1102 116C 11B8; # (ë‡; ë‡; 뇝; ë‡; 뇝; ) HANGUL SYLLABLE NOEB +B1DE;B1DE;1102 116C 11B9;B1DE;1102 116C 11B9; # (뇞; 뇞; 뇞; 뇞; 뇞; ) HANGUL SYLLABLE NOEBS +B1DF;B1DF;1102 116C 11BA;B1DF;1102 116C 11BA; # (뇟; 뇟; 뇟; 뇟; 뇟; ) HANGUL SYLLABLE NOES +B1E0;B1E0;1102 116C 11BB;B1E0;1102 116C 11BB; # (뇠; 뇠; 뇠; 뇠; 뇠; ) HANGUL SYLLABLE NOESS +B1E1;B1E1;1102 116C 11BC;B1E1;1102 116C 11BC; # (뇡; 뇡; 뇡; 뇡; 뇡; ) HANGUL SYLLABLE NOENG +B1E2;B1E2;1102 116C 11BD;B1E2;1102 116C 11BD; # (뇢; 뇢; 뇢; 뇢; 뇢; ) HANGUL SYLLABLE NOEJ +B1E3;B1E3;1102 116C 11BE;B1E3;1102 116C 11BE; # (뇣; 뇣; 뇣; 뇣; 뇣; ) HANGUL SYLLABLE NOEC +B1E4;B1E4;1102 116C 11BF;B1E4;1102 116C 11BF; # (뇤; 뇤; 뇤; 뇤; 뇤; ) HANGUL SYLLABLE NOEK +B1E5;B1E5;1102 116C 11C0;B1E5;1102 116C 11C0; # (뇥; 뇥; 뇥; 뇥; 뇥; ) HANGUL SYLLABLE NOET +B1E6;B1E6;1102 116C 11C1;B1E6;1102 116C 11C1; # (뇦; 뇦; á„‚á…¬á‡; 뇦; á„‚á…¬á‡; ) HANGUL SYLLABLE NOEP +B1E7;B1E7;1102 116C 11C2;B1E7;1102 116C 11C2; # (뇧; 뇧; 뇧; 뇧; 뇧; ) HANGUL SYLLABLE NOEH +B1E8;B1E8;1102 116D;B1E8;1102 116D; # (뇨; 뇨; á„‚á…­; 뇨; á„‚á…­; ) HANGUL SYLLABLE NYO +B1E9;B1E9;1102 116D 11A8;B1E9;1102 116D 11A8; # (뇩; 뇩; 뇩; 뇩; 뇩; ) HANGUL SYLLABLE NYOG +B1EA;B1EA;1102 116D 11A9;B1EA;1102 116D 11A9; # (뇪; 뇪; 뇪; 뇪; 뇪; ) HANGUL SYLLABLE NYOGG +B1EB;B1EB;1102 116D 11AA;B1EB;1102 116D 11AA; # (뇫; 뇫; 뇫; 뇫; 뇫; ) HANGUL SYLLABLE NYOGS +B1EC;B1EC;1102 116D 11AB;B1EC;1102 116D 11AB; # (뇬; 뇬; 뇬; 뇬; 뇬; ) HANGUL SYLLABLE NYON +B1ED;B1ED;1102 116D 11AC;B1ED;1102 116D 11AC; # (뇭; 뇭; 뇭; 뇭; 뇭; ) HANGUL SYLLABLE NYONJ +B1EE;B1EE;1102 116D 11AD;B1EE;1102 116D 11AD; # (뇮; 뇮; 뇮; 뇮; 뇮; ) HANGUL SYLLABLE NYONH +B1EF;B1EF;1102 116D 11AE;B1EF;1102 116D 11AE; # (뇯; 뇯; 뇯; 뇯; 뇯; ) HANGUL SYLLABLE NYOD +B1F0;B1F0;1102 116D 11AF;B1F0;1102 116D 11AF; # (뇰; 뇰; 뇰; 뇰; 뇰; ) HANGUL SYLLABLE NYOL +B1F1;B1F1;1102 116D 11B0;B1F1;1102 116D 11B0; # (뇱; 뇱; 뇱; 뇱; 뇱; ) HANGUL SYLLABLE NYOLG +B1F2;B1F2;1102 116D 11B1;B1F2;1102 116D 11B1; # (뇲; 뇲; 뇲; 뇲; 뇲; ) HANGUL SYLLABLE NYOLM +B1F3;B1F3;1102 116D 11B2;B1F3;1102 116D 11B2; # (뇳; 뇳; 뇳; 뇳; 뇳; ) HANGUL SYLLABLE NYOLB +B1F4;B1F4;1102 116D 11B3;B1F4;1102 116D 11B3; # (뇴; 뇴; 뇴; 뇴; 뇴; ) HANGUL SYLLABLE NYOLS +B1F5;B1F5;1102 116D 11B4;B1F5;1102 116D 11B4; # (뇵; 뇵; 뇵; 뇵; 뇵; ) HANGUL SYLLABLE NYOLT +B1F6;B1F6;1102 116D 11B5;B1F6;1102 116D 11B5; # (뇶; 뇶; 뇶; 뇶; 뇶; ) HANGUL SYLLABLE NYOLP +B1F7;B1F7;1102 116D 11B6;B1F7;1102 116D 11B6; # (뇷; 뇷; 뇷; 뇷; 뇷; ) HANGUL SYLLABLE NYOLH +B1F8;B1F8;1102 116D 11B7;B1F8;1102 116D 11B7; # (뇸; 뇸; 뇸; 뇸; 뇸; ) HANGUL SYLLABLE NYOM +B1F9;B1F9;1102 116D 11B8;B1F9;1102 116D 11B8; # (뇹; 뇹; 뇹; 뇹; 뇹; ) HANGUL SYLLABLE NYOB +B1FA;B1FA;1102 116D 11B9;B1FA;1102 116D 11B9; # (뇺; 뇺; 뇺; 뇺; 뇺; ) HANGUL SYLLABLE NYOBS +B1FB;B1FB;1102 116D 11BA;B1FB;1102 116D 11BA; # (뇻; 뇻; 뇻; 뇻; 뇻; ) HANGUL SYLLABLE NYOS +B1FC;B1FC;1102 116D 11BB;B1FC;1102 116D 11BB; # (뇼; 뇼; 뇼; 뇼; 뇼; ) HANGUL SYLLABLE NYOSS +B1FD;B1FD;1102 116D 11BC;B1FD;1102 116D 11BC; # (뇽; 뇽; 뇽; 뇽; 뇽; ) HANGUL SYLLABLE NYONG +B1FE;B1FE;1102 116D 11BD;B1FE;1102 116D 11BD; # (뇾; 뇾; 뇾; 뇾; 뇾; ) HANGUL SYLLABLE NYOJ +B1FF;B1FF;1102 116D 11BE;B1FF;1102 116D 11BE; # (뇿; 뇿; 뇿; 뇿; 뇿; ) HANGUL SYLLABLE NYOC +B200;B200;1102 116D 11BF;B200;1102 116D 11BF; # (눀; 눀; 눀; 눀; 눀; ) HANGUL SYLLABLE NYOK +B201;B201;1102 116D 11C0;B201;1102 116D 11C0; # (ëˆ; ëˆ; 눁; ëˆ; 눁; ) HANGUL SYLLABLE NYOT +B202;B202;1102 116D 11C1;B202;1102 116D 11C1; # (눂; 눂; á„‚á…­á‡; 눂; á„‚á…­á‡; ) HANGUL SYLLABLE NYOP +B203;B203;1102 116D 11C2;B203;1102 116D 11C2; # (눃; 눃; 눃; 눃; 눃; ) HANGUL SYLLABLE NYOH +B204;B204;1102 116E;B204;1102 116E; # (누; 누; á„‚á…®; 누; á„‚á…®; ) HANGUL SYLLABLE NU +B205;B205;1102 116E 11A8;B205;1102 116E 11A8; # (눅; 눅; 눅; 눅; 눅; ) HANGUL SYLLABLE NUG +B206;B206;1102 116E 11A9;B206;1102 116E 11A9; # (눆; 눆; 눆; 눆; 눆; ) HANGUL SYLLABLE NUGG +B207;B207;1102 116E 11AA;B207;1102 116E 11AA; # (눇; 눇; 눇; 눇; 눇; ) HANGUL SYLLABLE NUGS +B208;B208;1102 116E 11AB;B208;1102 116E 11AB; # (눈; 눈; 눈; 눈; 눈; ) HANGUL SYLLABLE NUN +B209;B209;1102 116E 11AC;B209;1102 116E 11AC; # (눉; 눉; 눉; 눉; 눉; ) HANGUL SYLLABLE NUNJ +B20A;B20A;1102 116E 11AD;B20A;1102 116E 11AD; # (눊; 눊; 눊; 눊; 눊; ) HANGUL SYLLABLE NUNH +B20B;B20B;1102 116E 11AE;B20B;1102 116E 11AE; # (눋; 눋; 눋; 눋; 눋; ) HANGUL SYLLABLE NUD +B20C;B20C;1102 116E 11AF;B20C;1102 116E 11AF; # (눌; 눌; 눌; 눌; 눌; ) HANGUL SYLLABLE NUL +B20D;B20D;1102 116E 11B0;B20D;1102 116E 11B0; # (ëˆ; ëˆ; 눍; ëˆ; 눍; ) HANGUL SYLLABLE NULG +B20E;B20E;1102 116E 11B1;B20E;1102 116E 11B1; # (눎; 눎; 눎; 눎; 눎; ) HANGUL SYLLABLE NULM +B20F;B20F;1102 116E 11B2;B20F;1102 116E 11B2; # (ëˆ; ëˆ; 눏; ëˆ; 눏; ) HANGUL SYLLABLE NULB +B210;B210;1102 116E 11B3;B210;1102 116E 11B3; # (ëˆ; ëˆ; 눐; ëˆ; 눐; ) HANGUL SYLLABLE NULS +B211;B211;1102 116E 11B4;B211;1102 116E 11B4; # (눑; 눑; 눑; 눑; 눑; ) HANGUL SYLLABLE NULT +B212;B212;1102 116E 11B5;B212;1102 116E 11B5; # (눒; 눒; 눒; 눒; 눒; ) HANGUL SYLLABLE NULP +B213;B213;1102 116E 11B6;B213;1102 116E 11B6; # (눓; 눓; 눓; 눓; 눓; ) HANGUL SYLLABLE NULH +B214;B214;1102 116E 11B7;B214;1102 116E 11B7; # (눔; 눔; 눔; 눔; 눔; ) HANGUL SYLLABLE NUM +B215;B215;1102 116E 11B8;B215;1102 116E 11B8; # (눕; 눕; 눕; 눕; 눕; ) HANGUL SYLLABLE NUB +B216;B216;1102 116E 11B9;B216;1102 116E 11B9; # (눖; 눖; 눖; 눖; 눖; ) HANGUL SYLLABLE NUBS +B217;B217;1102 116E 11BA;B217;1102 116E 11BA; # (눗; 눗; 눗; 눗; 눗; ) HANGUL SYLLABLE NUS +B218;B218;1102 116E 11BB;B218;1102 116E 11BB; # (눘; 눘; 눘; 눘; 눘; ) HANGUL SYLLABLE NUSS +B219;B219;1102 116E 11BC;B219;1102 116E 11BC; # (눙; 눙; 눙; 눙; 눙; ) HANGUL SYLLABLE NUNG +B21A;B21A;1102 116E 11BD;B21A;1102 116E 11BD; # (눚; 눚; 눚; 눚; 눚; ) HANGUL SYLLABLE NUJ +B21B;B21B;1102 116E 11BE;B21B;1102 116E 11BE; # (눛; 눛; 눛; 눛; 눛; ) HANGUL SYLLABLE NUC +B21C;B21C;1102 116E 11BF;B21C;1102 116E 11BF; # (눜; 눜; 눜; 눜; 눜; ) HANGUL SYLLABLE NUK +B21D;B21D;1102 116E 11C0;B21D;1102 116E 11C0; # (ëˆ; ëˆ; 눝; ëˆ; 눝; ) HANGUL SYLLABLE NUT +B21E;B21E;1102 116E 11C1;B21E;1102 116E 11C1; # (눞; 눞; á„‚á…®á‡; 눞; á„‚á…®á‡; ) HANGUL SYLLABLE NUP +B21F;B21F;1102 116E 11C2;B21F;1102 116E 11C2; # (눟; 눟; 눟; 눟; 눟; ) HANGUL SYLLABLE NUH +B220;B220;1102 116F;B220;1102 116F; # (눠; 눠; á„‚á…¯; 눠; á„‚á…¯; ) HANGUL SYLLABLE NWEO +B221;B221;1102 116F 11A8;B221;1102 116F 11A8; # (눡; 눡; 눡; 눡; 눡; ) HANGUL SYLLABLE NWEOG +B222;B222;1102 116F 11A9;B222;1102 116F 11A9; # (눢; 눢; 눢; 눢; 눢; ) HANGUL SYLLABLE NWEOGG +B223;B223;1102 116F 11AA;B223;1102 116F 11AA; # (눣; 눣; 눣; 눣; 눣; ) HANGUL SYLLABLE NWEOGS +B224;B224;1102 116F 11AB;B224;1102 116F 11AB; # (눤; 눤; 눤; 눤; 눤; ) HANGUL SYLLABLE NWEON +B225;B225;1102 116F 11AC;B225;1102 116F 11AC; # (눥; 눥; 눥; 눥; 눥; ) HANGUL SYLLABLE NWEONJ +B226;B226;1102 116F 11AD;B226;1102 116F 11AD; # (눦; 눦; 눦; 눦; 눦; ) HANGUL SYLLABLE NWEONH +B227;B227;1102 116F 11AE;B227;1102 116F 11AE; # (눧; 눧; 눧; 눧; 눧; ) HANGUL SYLLABLE NWEOD +B228;B228;1102 116F 11AF;B228;1102 116F 11AF; # (눨; 눨; 눨; 눨; 눨; ) HANGUL SYLLABLE NWEOL +B229;B229;1102 116F 11B0;B229;1102 116F 11B0; # (눩; 눩; 눩; 눩; 눩; ) HANGUL SYLLABLE NWEOLG +B22A;B22A;1102 116F 11B1;B22A;1102 116F 11B1; # (눪; 눪; 눪; 눪; 눪; ) HANGUL SYLLABLE NWEOLM +B22B;B22B;1102 116F 11B2;B22B;1102 116F 11B2; # (눫; 눫; 눫; 눫; 눫; ) HANGUL SYLLABLE NWEOLB +B22C;B22C;1102 116F 11B3;B22C;1102 116F 11B3; # (눬; 눬; 눬; 눬; 눬; ) HANGUL SYLLABLE NWEOLS +B22D;B22D;1102 116F 11B4;B22D;1102 116F 11B4; # (눭; 눭; 눭; 눭; 눭; ) HANGUL SYLLABLE NWEOLT +B22E;B22E;1102 116F 11B5;B22E;1102 116F 11B5; # (눮; 눮; 눮; 눮; 눮; ) HANGUL SYLLABLE NWEOLP +B22F;B22F;1102 116F 11B6;B22F;1102 116F 11B6; # (눯; 눯; 눯; 눯; 눯; ) HANGUL SYLLABLE NWEOLH +B230;B230;1102 116F 11B7;B230;1102 116F 11B7; # (눰; 눰; 눰; 눰; 눰; ) HANGUL SYLLABLE NWEOM +B231;B231;1102 116F 11B8;B231;1102 116F 11B8; # (눱; 눱; 눱; 눱; 눱; ) HANGUL SYLLABLE NWEOB +B232;B232;1102 116F 11B9;B232;1102 116F 11B9; # (눲; 눲; 눲; 눲; 눲; ) HANGUL SYLLABLE NWEOBS +B233;B233;1102 116F 11BA;B233;1102 116F 11BA; # (눳; 눳; 눳; 눳; 눳; ) HANGUL SYLLABLE NWEOS +B234;B234;1102 116F 11BB;B234;1102 116F 11BB; # (눴; 눴; 눴; 눴; 눴; ) HANGUL SYLLABLE NWEOSS +B235;B235;1102 116F 11BC;B235;1102 116F 11BC; # (눵; 눵; 눵; 눵; 눵; ) HANGUL SYLLABLE NWEONG +B236;B236;1102 116F 11BD;B236;1102 116F 11BD; # (눶; 눶; 눶; 눶; 눶; ) HANGUL SYLLABLE NWEOJ +B237;B237;1102 116F 11BE;B237;1102 116F 11BE; # (눷; 눷; 눷; 눷; 눷; ) HANGUL SYLLABLE NWEOC +B238;B238;1102 116F 11BF;B238;1102 116F 11BF; # (눸; 눸; 눸; 눸; 눸; ) HANGUL SYLLABLE NWEOK +B239;B239;1102 116F 11C0;B239;1102 116F 11C0; # (눹; 눹; 눹; 눹; 눹; ) HANGUL SYLLABLE NWEOT +B23A;B23A;1102 116F 11C1;B23A;1102 116F 11C1; # (눺; 눺; á„‚á…¯á‡; 눺; á„‚á…¯á‡; ) HANGUL SYLLABLE NWEOP +B23B;B23B;1102 116F 11C2;B23B;1102 116F 11C2; # (눻; 눻; 눻; 눻; 눻; ) HANGUL SYLLABLE NWEOH +B23C;B23C;1102 1170;B23C;1102 1170; # (눼; 눼; á„‚á…°; 눼; á„‚á…°; ) HANGUL SYLLABLE NWE +B23D;B23D;1102 1170 11A8;B23D;1102 1170 11A8; # (눽; 눽; 눽; 눽; 눽; ) HANGUL SYLLABLE NWEG +B23E;B23E;1102 1170 11A9;B23E;1102 1170 11A9; # (눾; 눾; 눾; 눾; 눾; ) HANGUL SYLLABLE NWEGG +B23F;B23F;1102 1170 11AA;B23F;1102 1170 11AA; # (눿; 눿; 눿; 눿; 눿; ) HANGUL SYLLABLE NWEGS +B240;B240;1102 1170 11AB;B240;1102 1170 11AB; # (뉀; 뉀; 뉀; 뉀; 뉀; ) HANGUL SYLLABLE NWEN +B241;B241;1102 1170 11AC;B241;1102 1170 11AC; # (ë‰; ë‰; 뉁; ë‰; 뉁; ) HANGUL SYLLABLE NWENJ +B242;B242;1102 1170 11AD;B242;1102 1170 11AD; # (뉂; 뉂; 뉂; 뉂; 뉂; ) HANGUL SYLLABLE NWENH +B243;B243;1102 1170 11AE;B243;1102 1170 11AE; # (뉃; 뉃; 뉃; 뉃; 뉃; ) HANGUL SYLLABLE NWED +B244;B244;1102 1170 11AF;B244;1102 1170 11AF; # (뉄; 뉄; 뉄; 뉄; 뉄; ) HANGUL SYLLABLE NWEL +B245;B245;1102 1170 11B0;B245;1102 1170 11B0; # (뉅; 뉅; 뉅; 뉅; 뉅; ) HANGUL SYLLABLE NWELG +B246;B246;1102 1170 11B1;B246;1102 1170 11B1; # (뉆; 뉆; 뉆; 뉆; 뉆; ) HANGUL SYLLABLE NWELM +B247;B247;1102 1170 11B2;B247;1102 1170 11B2; # (뉇; 뉇; 뉇; 뉇; 뉇; ) HANGUL SYLLABLE NWELB +B248;B248;1102 1170 11B3;B248;1102 1170 11B3; # (뉈; 뉈; 뉈; 뉈; 뉈; ) HANGUL SYLLABLE NWELS +B249;B249;1102 1170 11B4;B249;1102 1170 11B4; # (뉉; 뉉; 뉉; 뉉; 뉉; ) HANGUL SYLLABLE NWELT +B24A;B24A;1102 1170 11B5;B24A;1102 1170 11B5; # (뉊; 뉊; 뉊; 뉊; 뉊; ) HANGUL SYLLABLE NWELP +B24B;B24B;1102 1170 11B6;B24B;1102 1170 11B6; # (뉋; 뉋; 뉋; 뉋; 뉋; ) HANGUL SYLLABLE NWELH +B24C;B24C;1102 1170 11B7;B24C;1102 1170 11B7; # (뉌; 뉌; 뉌; 뉌; 뉌; ) HANGUL SYLLABLE NWEM +B24D;B24D;1102 1170 11B8;B24D;1102 1170 11B8; # (ë‰; ë‰; 뉍; ë‰; 뉍; ) HANGUL SYLLABLE NWEB +B24E;B24E;1102 1170 11B9;B24E;1102 1170 11B9; # (뉎; 뉎; 뉎; 뉎; 뉎; ) HANGUL SYLLABLE NWEBS +B24F;B24F;1102 1170 11BA;B24F;1102 1170 11BA; # (ë‰; ë‰; 뉏; ë‰; 뉏; ) HANGUL SYLLABLE NWES +B250;B250;1102 1170 11BB;B250;1102 1170 11BB; # (ë‰; ë‰; 뉐; ë‰; 뉐; ) HANGUL SYLLABLE NWESS +B251;B251;1102 1170 11BC;B251;1102 1170 11BC; # (뉑; 뉑; 뉑; 뉑; 뉑; ) HANGUL SYLLABLE NWENG +B252;B252;1102 1170 11BD;B252;1102 1170 11BD; # (뉒; 뉒; 뉒; 뉒; 뉒; ) HANGUL SYLLABLE NWEJ +B253;B253;1102 1170 11BE;B253;1102 1170 11BE; # (뉓; 뉓; 뉓; 뉓; 뉓; ) HANGUL SYLLABLE NWEC +B254;B254;1102 1170 11BF;B254;1102 1170 11BF; # (뉔; 뉔; 뉔; 뉔; 뉔; ) HANGUL SYLLABLE NWEK +B255;B255;1102 1170 11C0;B255;1102 1170 11C0; # (뉕; 뉕; 뉕; 뉕; 뉕; ) HANGUL SYLLABLE NWET +B256;B256;1102 1170 11C1;B256;1102 1170 11C1; # (뉖; 뉖; á„‚á…°á‡; 뉖; á„‚á…°á‡; ) HANGUL SYLLABLE NWEP +B257;B257;1102 1170 11C2;B257;1102 1170 11C2; # (뉗; 뉗; 뉗; 뉗; 뉗; ) HANGUL SYLLABLE NWEH +B258;B258;1102 1171;B258;1102 1171; # (뉘; 뉘; á„‚á…±; 뉘; á„‚á…±; ) HANGUL SYLLABLE NWI +B259;B259;1102 1171 11A8;B259;1102 1171 11A8; # (뉙; 뉙; 뉙; 뉙; 뉙; ) HANGUL SYLLABLE NWIG +B25A;B25A;1102 1171 11A9;B25A;1102 1171 11A9; # (뉚; 뉚; 뉚; 뉚; 뉚; ) HANGUL SYLLABLE NWIGG +B25B;B25B;1102 1171 11AA;B25B;1102 1171 11AA; # (뉛; 뉛; 뉛; 뉛; 뉛; ) HANGUL SYLLABLE NWIGS +B25C;B25C;1102 1171 11AB;B25C;1102 1171 11AB; # (뉜; 뉜; 뉜; 뉜; 뉜; ) HANGUL SYLLABLE NWIN +B25D;B25D;1102 1171 11AC;B25D;1102 1171 11AC; # (ë‰; ë‰; 뉝; ë‰; 뉝; ) HANGUL SYLLABLE NWINJ +B25E;B25E;1102 1171 11AD;B25E;1102 1171 11AD; # (뉞; 뉞; 뉞; 뉞; 뉞; ) HANGUL SYLLABLE NWINH +B25F;B25F;1102 1171 11AE;B25F;1102 1171 11AE; # (뉟; 뉟; 뉟; 뉟; 뉟; ) HANGUL SYLLABLE NWID +B260;B260;1102 1171 11AF;B260;1102 1171 11AF; # (뉠; 뉠; 뉠; 뉠; 뉠; ) HANGUL SYLLABLE NWIL +B261;B261;1102 1171 11B0;B261;1102 1171 11B0; # (뉡; 뉡; 뉡; 뉡; 뉡; ) HANGUL SYLLABLE NWILG +B262;B262;1102 1171 11B1;B262;1102 1171 11B1; # (뉢; 뉢; 뉢; 뉢; 뉢; ) HANGUL SYLLABLE NWILM +B263;B263;1102 1171 11B2;B263;1102 1171 11B2; # (뉣; 뉣; 뉣; 뉣; 뉣; ) HANGUL SYLLABLE NWILB +B264;B264;1102 1171 11B3;B264;1102 1171 11B3; # (뉤; 뉤; 뉤; 뉤; 뉤; ) HANGUL SYLLABLE NWILS +B265;B265;1102 1171 11B4;B265;1102 1171 11B4; # (뉥; 뉥; 뉥; 뉥; 뉥; ) HANGUL SYLLABLE NWILT +B266;B266;1102 1171 11B5;B266;1102 1171 11B5; # (뉦; 뉦; 뉦; 뉦; 뉦; ) HANGUL SYLLABLE NWILP +B267;B267;1102 1171 11B6;B267;1102 1171 11B6; # (뉧; 뉧; 뉧; 뉧; 뉧; ) HANGUL SYLLABLE NWILH +B268;B268;1102 1171 11B7;B268;1102 1171 11B7; # (뉨; 뉨; 뉨; 뉨; 뉨; ) HANGUL SYLLABLE NWIM +B269;B269;1102 1171 11B8;B269;1102 1171 11B8; # (뉩; 뉩; 뉩; 뉩; 뉩; ) HANGUL SYLLABLE NWIB +B26A;B26A;1102 1171 11B9;B26A;1102 1171 11B9; # (뉪; 뉪; 뉪; 뉪; 뉪; ) HANGUL SYLLABLE NWIBS +B26B;B26B;1102 1171 11BA;B26B;1102 1171 11BA; # (뉫; 뉫; 뉫; 뉫; 뉫; ) HANGUL SYLLABLE NWIS +B26C;B26C;1102 1171 11BB;B26C;1102 1171 11BB; # (뉬; 뉬; 뉬; 뉬; 뉬; ) HANGUL SYLLABLE NWISS +B26D;B26D;1102 1171 11BC;B26D;1102 1171 11BC; # (뉭; 뉭; 뉭; 뉭; 뉭; ) HANGUL SYLLABLE NWING +B26E;B26E;1102 1171 11BD;B26E;1102 1171 11BD; # (뉮; 뉮; 뉮; 뉮; 뉮; ) HANGUL SYLLABLE NWIJ +B26F;B26F;1102 1171 11BE;B26F;1102 1171 11BE; # (뉯; 뉯; 뉯; 뉯; 뉯; ) HANGUL SYLLABLE NWIC +B270;B270;1102 1171 11BF;B270;1102 1171 11BF; # (뉰; 뉰; 뉰; 뉰; 뉰; ) HANGUL SYLLABLE NWIK +B271;B271;1102 1171 11C0;B271;1102 1171 11C0; # (뉱; 뉱; 뉱; 뉱; 뉱; ) HANGUL SYLLABLE NWIT +B272;B272;1102 1171 11C1;B272;1102 1171 11C1; # (뉲; 뉲; á„‚á…±á‡; 뉲; á„‚á…±á‡; ) HANGUL SYLLABLE NWIP +B273;B273;1102 1171 11C2;B273;1102 1171 11C2; # (뉳; 뉳; 뉳; 뉳; 뉳; ) HANGUL SYLLABLE NWIH +B274;B274;1102 1172;B274;1102 1172; # (뉴; 뉴; á„‚á…²; 뉴; á„‚á…²; ) HANGUL SYLLABLE NYU +B275;B275;1102 1172 11A8;B275;1102 1172 11A8; # (뉵; 뉵; 뉵; 뉵; 뉵; ) HANGUL SYLLABLE NYUG +B276;B276;1102 1172 11A9;B276;1102 1172 11A9; # (뉶; 뉶; 뉶; 뉶; 뉶; ) HANGUL SYLLABLE NYUGG +B277;B277;1102 1172 11AA;B277;1102 1172 11AA; # (뉷; 뉷; 뉷; 뉷; 뉷; ) HANGUL SYLLABLE NYUGS +B278;B278;1102 1172 11AB;B278;1102 1172 11AB; # (뉸; 뉸; 뉸; 뉸; 뉸; ) HANGUL SYLLABLE NYUN +B279;B279;1102 1172 11AC;B279;1102 1172 11AC; # (뉹; 뉹; 뉹; 뉹; 뉹; ) HANGUL SYLLABLE NYUNJ +B27A;B27A;1102 1172 11AD;B27A;1102 1172 11AD; # (뉺; 뉺; 뉺; 뉺; 뉺; ) HANGUL SYLLABLE NYUNH +B27B;B27B;1102 1172 11AE;B27B;1102 1172 11AE; # (뉻; 뉻; 뉻; 뉻; 뉻; ) HANGUL SYLLABLE NYUD +B27C;B27C;1102 1172 11AF;B27C;1102 1172 11AF; # (뉼; 뉼; 뉼; 뉼; 뉼; ) HANGUL SYLLABLE NYUL +B27D;B27D;1102 1172 11B0;B27D;1102 1172 11B0; # (뉽; 뉽; 뉽; 뉽; 뉽; ) HANGUL SYLLABLE NYULG +B27E;B27E;1102 1172 11B1;B27E;1102 1172 11B1; # (뉾; 뉾; 뉾; 뉾; 뉾; ) HANGUL SYLLABLE NYULM +B27F;B27F;1102 1172 11B2;B27F;1102 1172 11B2; # (뉿; 뉿; 뉿; 뉿; 뉿; ) HANGUL SYLLABLE NYULB +B280;B280;1102 1172 11B3;B280;1102 1172 11B3; # (늀; 늀; 늀; 늀; 늀; ) HANGUL SYLLABLE NYULS +B281;B281;1102 1172 11B4;B281;1102 1172 11B4; # (ëŠ; ëŠ; 늁; ëŠ; 늁; ) HANGUL SYLLABLE NYULT +B282;B282;1102 1172 11B5;B282;1102 1172 11B5; # (늂; 늂; 늂; 늂; 늂; ) HANGUL SYLLABLE NYULP +B283;B283;1102 1172 11B6;B283;1102 1172 11B6; # (늃; 늃; 늃; 늃; 늃; ) HANGUL SYLLABLE NYULH +B284;B284;1102 1172 11B7;B284;1102 1172 11B7; # (늄; 늄; 늄; 늄; 늄; ) HANGUL SYLLABLE NYUM +B285;B285;1102 1172 11B8;B285;1102 1172 11B8; # (늅; 늅; 늅; 늅; 늅; ) HANGUL SYLLABLE NYUB +B286;B286;1102 1172 11B9;B286;1102 1172 11B9; # (늆; 늆; 늆; 늆; 늆; ) HANGUL SYLLABLE NYUBS +B287;B287;1102 1172 11BA;B287;1102 1172 11BA; # (늇; 늇; 늇; 늇; 늇; ) HANGUL SYLLABLE NYUS +B288;B288;1102 1172 11BB;B288;1102 1172 11BB; # (늈; 늈; 늈; 늈; 늈; ) HANGUL SYLLABLE NYUSS +B289;B289;1102 1172 11BC;B289;1102 1172 11BC; # (늉; 늉; 늉; 늉; 늉; ) HANGUL SYLLABLE NYUNG +B28A;B28A;1102 1172 11BD;B28A;1102 1172 11BD; # (늊; 늊; 늊; 늊; 늊; ) HANGUL SYLLABLE NYUJ +B28B;B28B;1102 1172 11BE;B28B;1102 1172 11BE; # (늋; 늋; 늋; 늋; 늋; ) HANGUL SYLLABLE NYUC +B28C;B28C;1102 1172 11BF;B28C;1102 1172 11BF; # (늌; 늌; 늌; 늌; 늌; ) HANGUL SYLLABLE NYUK +B28D;B28D;1102 1172 11C0;B28D;1102 1172 11C0; # (ëŠ; ëŠ; 늍; ëŠ; 늍; ) HANGUL SYLLABLE NYUT +B28E;B28E;1102 1172 11C1;B28E;1102 1172 11C1; # (늎; 늎; á„‚á…²á‡; 늎; á„‚á…²á‡; ) HANGUL SYLLABLE NYUP +B28F;B28F;1102 1172 11C2;B28F;1102 1172 11C2; # (ëŠ; ëŠ; 늏; ëŠ; 늏; ) HANGUL SYLLABLE NYUH +B290;B290;1102 1173;B290;1102 1173; # (ëŠ; ëŠ; á„‚á…³; ëŠ; á„‚á…³; ) HANGUL SYLLABLE NEU +B291;B291;1102 1173 11A8;B291;1102 1173 11A8; # (늑; 늑; 늑; 늑; 늑; ) HANGUL SYLLABLE NEUG +B292;B292;1102 1173 11A9;B292;1102 1173 11A9; # (늒; 늒; 늒; 늒; 늒; ) HANGUL SYLLABLE NEUGG +B293;B293;1102 1173 11AA;B293;1102 1173 11AA; # (늓; 늓; 늓; 늓; 늓; ) HANGUL SYLLABLE NEUGS +B294;B294;1102 1173 11AB;B294;1102 1173 11AB; # (는; 는; 는; 는; 는; ) HANGUL SYLLABLE NEUN +B295;B295;1102 1173 11AC;B295;1102 1173 11AC; # (늕; 늕; 늕; 늕; 늕; ) HANGUL SYLLABLE NEUNJ +B296;B296;1102 1173 11AD;B296;1102 1173 11AD; # (늖; 늖; 늖; 늖; 늖; ) HANGUL SYLLABLE NEUNH +B297;B297;1102 1173 11AE;B297;1102 1173 11AE; # (늗; 늗; 늗; 늗; 늗; ) HANGUL SYLLABLE NEUD +B298;B298;1102 1173 11AF;B298;1102 1173 11AF; # (늘; 늘; 늘; 늘; 늘; ) HANGUL SYLLABLE NEUL +B299;B299;1102 1173 11B0;B299;1102 1173 11B0; # (늙; 늙; 늙; 늙; 늙; ) HANGUL SYLLABLE NEULG +B29A;B29A;1102 1173 11B1;B29A;1102 1173 11B1; # (늚; 늚; 늚; 늚; 늚; ) HANGUL SYLLABLE NEULM +B29B;B29B;1102 1173 11B2;B29B;1102 1173 11B2; # (늛; 늛; 늛; 늛; 늛; ) HANGUL SYLLABLE NEULB +B29C;B29C;1102 1173 11B3;B29C;1102 1173 11B3; # (늜; 늜; 늜; 늜; 늜; ) HANGUL SYLLABLE NEULS +B29D;B29D;1102 1173 11B4;B29D;1102 1173 11B4; # (ëŠ; ëŠ; 늝; ëŠ; 늝; ) HANGUL SYLLABLE NEULT +B29E;B29E;1102 1173 11B5;B29E;1102 1173 11B5; # (늞; 늞; 늞; 늞; 늞; ) HANGUL SYLLABLE NEULP +B29F;B29F;1102 1173 11B6;B29F;1102 1173 11B6; # (늟; 늟; 늟; 늟; 늟; ) HANGUL SYLLABLE NEULH +B2A0;B2A0;1102 1173 11B7;B2A0;1102 1173 11B7; # (늠; 늠; 늠; 늠; 늠; ) HANGUL SYLLABLE NEUM +B2A1;B2A1;1102 1173 11B8;B2A1;1102 1173 11B8; # (늡; 늡; 늡; 늡; 늡; ) HANGUL SYLLABLE NEUB +B2A2;B2A2;1102 1173 11B9;B2A2;1102 1173 11B9; # (늢; 늢; 늢; 늢; 늢; ) HANGUL SYLLABLE NEUBS +B2A3;B2A3;1102 1173 11BA;B2A3;1102 1173 11BA; # (늣; 늣; 늣; 늣; 늣; ) HANGUL SYLLABLE NEUS +B2A4;B2A4;1102 1173 11BB;B2A4;1102 1173 11BB; # (늤; 늤; 늤; 늤; 늤; ) HANGUL SYLLABLE NEUSS +B2A5;B2A5;1102 1173 11BC;B2A5;1102 1173 11BC; # (능; 능; 능; 능; 능; ) HANGUL SYLLABLE NEUNG +B2A6;B2A6;1102 1173 11BD;B2A6;1102 1173 11BD; # (늦; 늦; 늦; 늦; 늦; ) HANGUL SYLLABLE NEUJ +B2A7;B2A7;1102 1173 11BE;B2A7;1102 1173 11BE; # (늧; 늧; 늧; 늧; 늧; ) HANGUL SYLLABLE NEUC +B2A8;B2A8;1102 1173 11BF;B2A8;1102 1173 11BF; # (늨; 늨; 늨; 늨; 늨; ) HANGUL SYLLABLE NEUK +B2A9;B2A9;1102 1173 11C0;B2A9;1102 1173 11C0; # (늩; 늩; 늩; 늩; 늩; ) HANGUL SYLLABLE NEUT +B2AA;B2AA;1102 1173 11C1;B2AA;1102 1173 11C1; # (늪; 늪; á„‚á…³á‡; 늪; á„‚á…³á‡; ) HANGUL SYLLABLE NEUP +B2AB;B2AB;1102 1173 11C2;B2AB;1102 1173 11C2; # (늫; 늫; 늫; 늫; 늫; ) HANGUL SYLLABLE NEUH +B2AC;B2AC;1102 1174;B2AC;1102 1174; # (늬; 늬; á„‚á…´; 늬; á„‚á…´; ) HANGUL SYLLABLE NYI +B2AD;B2AD;1102 1174 11A8;B2AD;1102 1174 11A8; # (늭; 늭; 늭; 늭; 늭; ) HANGUL SYLLABLE NYIG +B2AE;B2AE;1102 1174 11A9;B2AE;1102 1174 11A9; # (늮; 늮; 늮; 늮; 늮; ) HANGUL SYLLABLE NYIGG +B2AF;B2AF;1102 1174 11AA;B2AF;1102 1174 11AA; # (늯; 늯; 늯; 늯; 늯; ) HANGUL SYLLABLE NYIGS +B2B0;B2B0;1102 1174 11AB;B2B0;1102 1174 11AB; # (늰; 늰; 늰; 늰; 늰; ) HANGUL SYLLABLE NYIN +B2B1;B2B1;1102 1174 11AC;B2B1;1102 1174 11AC; # (늱; 늱; 늱; 늱; 늱; ) HANGUL SYLLABLE NYINJ +B2B2;B2B2;1102 1174 11AD;B2B2;1102 1174 11AD; # (늲; 늲; 늲; 늲; 늲; ) HANGUL SYLLABLE NYINH +B2B3;B2B3;1102 1174 11AE;B2B3;1102 1174 11AE; # (늳; 늳; 늳; 늳; 늳; ) HANGUL SYLLABLE NYID +B2B4;B2B4;1102 1174 11AF;B2B4;1102 1174 11AF; # (늴; 늴; 늴; 늴; 늴; ) HANGUL SYLLABLE NYIL +B2B5;B2B5;1102 1174 11B0;B2B5;1102 1174 11B0; # (늵; 늵; 늵; 늵; 늵; ) HANGUL SYLLABLE NYILG +B2B6;B2B6;1102 1174 11B1;B2B6;1102 1174 11B1; # (늶; 늶; 늶; 늶; 늶; ) HANGUL SYLLABLE NYILM +B2B7;B2B7;1102 1174 11B2;B2B7;1102 1174 11B2; # (늷; 늷; 늷; 늷; 늷; ) HANGUL SYLLABLE NYILB +B2B8;B2B8;1102 1174 11B3;B2B8;1102 1174 11B3; # (늸; 늸; 늸; 늸; 늸; ) HANGUL SYLLABLE NYILS +B2B9;B2B9;1102 1174 11B4;B2B9;1102 1174 11B4; # (늹; 늹; 늹; 늹; 늹; ) HANGUL SYLLABLE NYILT +B2BA;B2BA;1102 1174 11B5;B2BA;1102 1174 11B5; # (늺; 늺; 늺; 늺; 늺; ) HANGUL SYLLABLE NYILP +B2BB;B2BB;1102 1174 11B6;B2BB;1102 1174 11B6; # (늻; 늻; 늻; 늻; 늻; ) HANGUL SYLLABLE NYILH +B2BC;B2BC;1102 1174 11B7;B2BC;1102 1174 11B7; # (늼; 늼; 늼; 늼; 늼; ) HANGUL SYLLABLE NYIM +B2BD;B2BD;1102 1174 11B8;B2BD;1102 1174 11B8; # (늽; 늽; 늽; 늽; 늽; ) HANGUL SYLLABLE NYIB +B2BE;B2BE;1102 1174 11B9;B2BE;1102 1174 11B9; # (늾; 늾; 늾; 늾; 늾; ) HANGUL SYLLABLE NYIBS +B2BF;B2BF;1102 1174 11BA;B2BF;1102 1174 11BA; # (늿; 늿; 늿; 늿; 늿; ) HANGUL SYLLABLE NYIS +B2C0;B2C0;1102 1174 11BB;B2C0;1102 1174 11BB; # (ë‹€; ë‹€; 닀; ë‹€; 닀; ) HANGUL SYLLABLE NYISS +B2C1;B2C1;1102 1174 11BC;B2C1;1102 1174 11BC; # (ë‹; ë‹; 닁; ë‹; 닁; ) HANGUL SYLLABLE NYING +B2C2;B2C2;1102 1174 11BD;B2C2;1102 1174 11BD; # (ë‹‚; ë‹‚; 닂; ë‹‚; 닂; ) HANGUL SYLLABLE NYIJ +B2C3;B2C3;1102 1174 11BE;B2C3;1102 1174 11BE; # (닃; 닃; 닃; 닃; 닃; ) HANGUL SYLLABLE NYIC +B2C4;B2C4;1102 1174 11BF;B2C4;1102 1174 11BF; # (ë‹„; ë‹„; 닄; ë‹„; 닄; ) HANGUL SYLLABLE NYIK +B2C5;B2C5;1102 1174 11C0;B2C5;1102 1174 11C0; # (ë‹…; ë‹…; 닅; ë‹…; 닅; ) HANGUL SYLLABLE NYIT +B2C6;B2C6;1102 1174 11C1;B2C6;1102 1174 11C1; # (닆; 닆; á„‚á…´á‡; 닆; á„‚á…´á‡; ) HANGUL SYLLABLE NYIP +B2C7;B2C7;1102 1174 11C2;B2C7;1102 1174 11C2; # (닇; 닇; 닇; 닇; 닇; ) HANGUL SYLLABLE NYIH +B2C8;B2C8;1102 1175;B2C8;1102 1175; # (니; 니; á„‚á…µ; 니; á„‚á…µ; ) HANGUL SYLLABLE NI +B2C9;B2C9;1102 1175 11A8;B2C9;1102 1175 11A8; # (닉; 닉; 닉; 닉; 닉; ) HANGUL SYLLABLE NIG +B2CA;B2CA;1102 1175 11A9;B2CA;1102 1175 11A9; # (ë‹Š; ë‹Š; 닊; ë‹Š; 닊; ) HANGUL SYLLABLE NIGG +B2CB;B2CB;1102 1175 11AA;B2CB;1102 1175 11AA; # (ë‹‹; ë‹‹; 닋; ë‹‹; 닋; ) HANGUL SYLLABLE NIGS +B2CC;B2CC;1102 1175 11AB;B2CC;1102 1175 11AB; # (ë‹Œ; ë‹Œ; 닌; ë‹Œ; 닌; ) HANGUL SYLLABLE NIN +B2CD;B2CD;1102 1175 11AC;B2CD;1102 1175 11AC; # (ë‹; ë‹; 닍; ë‹; 닍; ) HANGUL SYLLABLE NINJ +B2CE;B2CE;1102 1175 11AD;B2CE;1102 1175 11AD; # (ë‹Ž; ë‹Ž; 닎; ë‹Ž; 닎; ) HANGUL SYLLABLE NINH +B2CF;B2CF;1102 1175 11AE;B2CF;1102 1175 11AE; # (ë‹; ë‹; 닏; ë‹; 닏; ) HANGUL SYLLABLE NID +B2D0;B2D0;1102 1175 11AF;B2D0;1102 1175 11AF; # (ë‹; ë‹; 닐; ë‹; 닐; ) HANGUL SYLLABLE NIL +B2D1;B2D1;1102 1175 11B0;B2D1;1102 1175 11B0; # (ë‹‘; ë‹‘; 닑; ë‹‘; 닑; ) HANGUL SYLLABLE NILG +B2D2;B2D2;1102 1175 11B1;B2D2;1102 1175 11B1; # (ë‹’; ë‹’; 닒; ë‹’; 닒; ) HANGUL SYLLABLE NILM +B2D3;B2D3;1102 1175 11B2;B2D3;1102 1175 11B2; # (ë‹“; ë‹“; 닓; ë‹“; 닓; ) HANGUL SYLLABLE NILB +B2D4;B2D4;1102 1175 11B3;B2D4;1102 1175 11B3; # (ë‹”; ë‹”; 닔; ë‹”; 닔; ) HANGUL SYLLABLE NILS +B2D5;B2D5;1102 1175 11B4;B2D5;1102 1175 11B4; # (ë‹•; ë‹•; 닕; ë‹•; 닕; ) HANGUL SYLLABLE NILT +B2D6;B2D6;1102 1175 11B5;B2D6;1102 1175 11B5; # (ë‹–; ë‹–; 닖; ë‹–; 닖; ) HANGUL SYLLABLE NILP +B2D7;B2D7;1102 1175 11B6;B2D7;1102 1175 11B6; # (ë‹—; ë‹—; 닗; ë‹—; 닗; ) HANGUL SYLLABLE NILH +B2D8;B2D8;1102 1175 11B7;B2D8;1102 1175 11B7; # (님; 님; 님; 님; 님; ) HANGUL SYLLABLE NIM +B2D9;B2D9;1102 1175 11B8;B2D9;1102 1175 11B8; # (ë‹™; ë‹™; 닙; ë‹™; 닙; ) HANGUL SYLLABLE NIB +B2DA;B2DA;1102 1175 11B9;B2DA;1102 1175 11B9; # (ë‹š; ë‹š; 닚; ë‹š; 닚; ) HANGUL SYLLABLE NIBS +B2DB;B2DB;1102 1175 11BA;B2DB;1102 1175 11BA; # (ë‹›; ë‹›; 닛; ë‹›; 닛; ) HANGUL SYLLABLE NIS +B2DC;B2DC;1102 1175 11BB;B2DC;1102 1175 11BB; # (ë‹œ; ë‹œ; 닜; ë‹œ; 닜; ) HANGUL SYLLABLE NISS +B2DD;B2DD;1102 1175 11BC;B2DD;1102 1175 11BC; # (ë‹; ë‹; 닝; ë‹; 닝; ) HANGUL SYLLABLE NING +B2DE;B2DE;1102 1175 11BD;B2DE;1102 1175 11BD; # (ë‹ž; ë‹ž; 닞; ë‹ž; 닞; ) HANGUL SYLLABLE NIJ +B2DF;B2DF;1102 1175 11BE;B2DF;1102 1175 11BE; # (ë‹Ÿ; ë‹Ÿ; 닟; ë‹Ÿ; 닟; ) HANGUL SYLLABLE NIC +B2E0;B2E0;1102 1175 11BF;B2E0;1102 1175 11BF; # (ë‹ ; ë‹ ; 닠; ë‹ ; 닠; ) HANGUL SYLLABLE NIK +B2E1;B2E1;1102 1175 11C0;B2E1;1102 1175 11C0; # (ë‹¡; ë‹¡; 닡; ë‹¡; 닡; ) HANGUL SYLLABLE NIT +B2E2;B2E2;1102 1175 11C1;B2E2;1102 1175 11C1; # (ë‹¢; ë‹¢; á„‚á…µá‡; ë‹¢; á„‚á…µá‡; ) HANGUL SYLLABLE NIP +B2E3;B2E3;1102 1175 11C2;B2E3;1102 1175 11C2; # (ë‹£; ë‹£; 닣; ë‹£; 닣; ) HANGUL SYLLABLE NIH +B2E4;B2E4;1103 1161;B2E4;1103 1161; # (다; 다; 다; 다; 다; ) HANGUL SYLLABLE DA +B2E5;B2E5;1103 1161 11A8;B2E5;1103 1161 11A8; # (ë‹¥; ë‹¥; 닥; ë‹¥; 닥; ) HANGUL SYLLABLE DAG +B2E6;B2E6;1103 1161 11A9;B2E6;1103 1161 11A9; # (닦; 닦; 닦; 닦; 닦; ) HANGUL SYLLABLE DAGG +B2E7;B2E7;1103 1161 11AA;B2E7;1103 1161 11AA; # (닧; 닧; 닧; 닧; 닧; ) HANGUL SYLLABLE DAGS +B2E8;B2E8;1103 1161 11AB;B2E8;1103 1161 11AB; # (단; 단; 단; 단; 단; ) HANGUL SYLLABLE DAN +B2E9;B2E9;1103 1161 11AC;B2E9;1103 1161 11AC; # (ë‹©; ë‹©; 닩; ë‹©; 닩; ) HANGUL SYLLABLE DANJ +B2EA;B2EA;1103 1161 11AD;B2EA;1103 1161 11AD; # (닪; 닪; 닪; 닪; 닪; ) HANGUL SYLLABLE DANH +B2EB;B2EB;1103 1161 11AE;B2EB;1103 1161 11AE; # (ë‹«; ë‹«; 닫; ë‹«; 닫; ) HANGUL SYLLABLE DAD +B2EC;B2EC;1103 1161 11AF;B2EC;1103 1161 11AF; # (달; 달; 달; 달; 달; ) HANGUL SYLLABLE DAL +B2ED;B2ED;1103 1161 11B0;B2ED;1103 1161 11B0; # (ë‹­; ë‹­; 닭; ë‹­; 닭; ) HANGUL SYLLABLE DALG +B2EE;B2EE;1103 1161 11B1;B2EE;1103 1161 11B1; # (ë‹®; ë‹®; 닮; ë‹®; 닮; ) HANGUL SYLLABLE DALM +B2EF;B2EF;1103 1161 11B2;B2EF;1103 1161 11B2; # (닯; 닯; 닯; 닯; 닯; ) HANGUL SYLLABLE DALB +B2F0;B2F0;1103 1161 11B3;B2F0;1103 1161 11B3; # (ë‹°; ë‹°; 닰; ë‹°; 닰; ) HANGUL SYLLABLE DALS +B2F1;B2F1;1103 1161 11B4;B2F1;1103 1161 11B4; # (닱; 닱; 닱; 닱; 닱; ) HANGUL SYLLABLE DALT +B2F2;B2F2;1103 1161 11B5;B2F2;1103 1161 11B5; # (닲; 닲; 닲; 닲; 닲; ) HANGUL SYLLABLE DALP +B2F3;B2F3;1103 1161 11B6;B2F3;1103 1161 11B6; # (닳; 닳; 닳; 닳; 닳; ) HANGUL SYLLABLE DALH +B2F4;B2F4;1103 1161 11B7;B2F4;1103 1161 11B7; # (ë‹´; ë‹´; 담; ë‹´; 담; ) HANGUL SYLLABLE DAM +B2F5;B2F5;1103 1161 11B8;B2F5;1103 1161 11B8; # (답; 답; 답; 답; 답; ) HANGUL SYLLABLE DAB +B2F6;B2F6;1103 1161 11B9;B2F6;1103 1161 11B9; # (닶; 닶; 닶; 닶; 닶; ) HANGUL SYLLABLE DABS +B2F7;B2F7;1103 1161 11BA;B2F7;1103 1161 11BA; # (ë‹·; ë‹·; 닷; ë‹·; 닷; ) HANGUL SYLLABLE DAS +B2F8;B2F8;1103 1161 11BB;B2F8;1103 1161 11BB; # (닸; 닸; 닸; 닸; 닸; ) HANGUL SYLLABLE DASS +B2F9;B2F9;1103 1161 11BC;B2F9;1103 1161 11BC; # (당; 당; 당; 당; 당; ) HANGUL SYLLABLE DANG +B2FA;B2FA;1103 1161 11BD;B2FA;1103 1161 11BD; # (닺; 닺; 닺; 닺; 닺; ) HANGUL SYLLABLE DAJ +B2FB;B2FB;1103 1161 11BE;B2FB;1103 1161 11BE; # (ë‹»; ë‹»; 닻; ë‹»; 닻; ) HANGUL SYLLABLE DAC +B2FC;B2FC;1103 1161 11BF;B2FC;1103 1161 11BF; # (닼; 닼; 닼; 닼; 닼; ) HANGUL SYLLABLE DAK +B2FD;B2FD;1103 1161 11C0;B2FD;1103 1161 11C0; # (닽; 닽; 닽; 닽; 닽; ) HANGUL SYLLABLE DAT +B2FE;B2FE;1103 1161 11C1;B2FE;1103 1161 11C1; # (닾; 닾; 다á‡; 닾; 다á‡; ) HANGUL SYLLABLE DAP +B2FF;B2FF;1103 1161 11C2;B2FF;1103 1161 11C2; # (ë‹¿; ë‹¿; 닿; ë‹¿; 닿; ) HANGUL SYLLABLE DAH +B300;B300;1103 1162;B300;1103 1162; # (대; 대; 대; 대; 대; ) HANGUL SYLLABLE DAE +B301;B301;1103 1162 11A8;B301;1103 1162 11A8; # (ëŒ; ëŒ; 댁; ëŒ; 댁; ) HANGUL SYLLABLE DAEG +B302;B302;1103 1162 11A9;B302;1103 1162 11A9; # (댂; 댂; 댂; 댂; 댂; ) HANGUL SYLLABLE DAEGG +B303;B303;1103 1162 11AA;B303;1103 1162 11AA; # (댃; 댃; 댃; 댃; 댃; ) HANGUL SYLLABLE DAEGS +B304;B304;1103 1162 11AB;B304;1103 1162 11AB; # (댄; 댄; 댄; 댄; 댄; ) HANGUL SYLLABLE DAEN +B305;B305;1103 1162 11AC;B305;1103 1162 11AC; # (댅; 댅; 댅; 댅; 댅; ) HANGUL SYLLABLE DAENJ +B306;B306;1103 1162 11AD;B306;1103 1162 11AD; # (댆; 댆; 댆; 댆; 댆; ) HANGUL SYLLABLE DAENH +B307;B307;1103 1162 11AE;B307;1103 1162 11AE; # (댇; 댇; 댇; 댇; 댇; ) HANGUL SYLLABLE DAED +B308;B308;1103 1162 11AF;B308;1103 1162 11AF; # (댈; 댈; 댈; 댈; 댈; ) HANGUL SYLLABLE DAEL +B309;B309;1103 1162 11B0;B309;1103 1162 11B0; # (댉; 댉; 댉; 댉; 댉; ) HANGUL SYLLABLE DAELG +B30A;B30A;1103 1162 11B1;B30A;1103 1162 11B1; # (댊; 댊; 댊; 댊; 댊; ) HANGUL SYLLABLE DAELM +B30B;B30B;1103 1162 11B2;B30B;1103 1162 11B2; # (댋; 댋; 댋; 댋; 댋; ) HANGUL SYLLABLE DAELB +B30C;B30C;1103 1162 11B3;B30C;1103 1162 11B3; # (댌; 댌; 댌; 댌; 댌; ) HANGUL SYLLABLE DAELS +B30D;B30D;1103 1162 11B4;B30D;1103 1162 11B4; # (ëŒ; ëŒ; 댍; ëŒ; 댍; ) HANGUL SYLLABLE DAELT +B30E;B30E;1103 1162 11B5;B30E;1103 1162 11B5; # (댎; 댎; 댎; 댎; 댎; ) HANGUL SYLLABLE DAELP +B30F;B30F;1103 1162 11B6;B30F;1103 1162 11B6; # (ëŒ; ëŒ; 댏; ëŒ; 댏; ) HANGUL SYLLABLE DAELH +B310;B310;1103 1162 11B7;B310;1103 1162 11B7; # (ëŒ; ëŒ; 댐; ëŒ; 댐; ) HANGUL SYLLABLE DAEM +B311;B311;1103 1162 11B8;B311;1103 1162 11B8; # (댑; 댑; 댑; 댑; 댑; ) HANGUL SYLLABLE DAEB +B312;B312;1103 1162 11B9;B312;1103 1162 11B9; # (댒; 댒; 댒; 댒; 댒; ) HANGUL SYLLABLE DAEBS +B313;B313;1103 1162 11BA;B313;1103 1162 11BA; # (댓; 댓; 댓; 댓; 댓; ) HANGUL SYLLABLE DAES +B314;B314;1103 1162 11BB;B314;1103 1162 11BB; # (댔; 댔; 댔; 댔; 댔; ) HANGUL SYLLABLE DAESS +B315;B315;1103 1162 11BC;B315;1103 1162 11BC; # (댕; 댕; 댕; 댕; 댕; ) HANGUL SYLLABLE DAENG +B316;B316;1103 1162 11BD;B316;1103 1162 11BD; # (댖; 댖; 댖; 댖; 댖; ) HANGUL SYLLABLE DAEJ +B317;B317;1103 1162 11BE;B317;1103 1162 11BE; # (댗; 댗; 댗; 댗; 댗; ) HANGUL SYLLABLE DAEC +B318;B318;1103 1162 11BF;B318;1103 1162 11BF; # (댘; 댘; 댘; 댘; 댘; ) HANGUL SYLLABLE DAEK +B319;B319;1103 1162 11C0;B319;1103 1162 11C0; # (댙; 댙; 댙; 댙; 댙; ) HANGUL SYLLABLE DAET +B31A;B31A;1103 1162 11C1;B31A;1103 1162 11C1; # (댚; 댚; 대á‡; 댚; 대á‡; ) HANGUL SYLLABLE DAEP +B31B;B31B;1103 1162 11C2;B31B;1103 1162 11C2; # (댛; 댛; 댛; 댛; 댛; ) HANGUL SYLLABLE DAEH +B31C;B31C;1103 1163;B31C;1103 1163; # (댜; 댜; 댜; 댜; 댜; ) HANGUL SYLLABLE DYA +B31D;B31D;1103 1163 11A8;B31D;1103 1163 11A8; # (ëŒ; ëŒ; 댝; ëŒ; 댝; ) HANGUL SYLLABLE DYAG +B31E;B31E;1103 1163 11A9;B31E;1103 1163 11A9; # (댞; 댞; 댞; 댞; 댞; ) HANGUL SYLLABLE DYAGG +B31F;B31F;1103 1163 11AA;B31F;1103 1163 11AA; # (댟; 댟; 댟; 댟; 댟; ) HANGUL SYLLABLE DYAGS +B320;B320;1103 1163 11AB;B320;1103 1163 11AB; # (댠; 댠; 댠; 댠; 댠; ) HANGUL SYLLABLE DYAN +B321;B321;1103 1163 11AC;B321;1103 1163 11AC; # (댡; 댡; 댡; 댡; 댡; ) HANGUL SYLLABLE DYANJ +B322;B322;1103 1163 11AD;B322;1103 1163 11AD; # (댢; 댢; 댢; 댢; 댢; ) HANGUL SYLLABLE DYANH +B323;B323;1103 1163 11AE;B323;1103 1163 11AE; # (댣; 댣; 댣; 댣; 댣; ) HANGUL SYLLABLE DYAD +B324;B324;1103 1163 11AF;B324;1103 1163 11AF; # (댤; 댤; 댤; 댤; 댤; ) HANGUL SYLLABLE DYAL +B325;B325;1103 1163 11B0;B325;1103 1163 11B0; # (댥; 댥; 댥; 댥; 댥; ) HANGUL SYLLABLE DYALG +B326;B326;1103 1163 11B1;B326;1103 1163 11B1; # (댦; 댦; 댦; 댦; 댦; ) HANGUL SYLLABLE DYALM +B327;B327;1103 1163 11B2;B327;1103 1163 11B2; # (댧; 댧; 댧; 댧; 댧; ) HANGUL SYLLABLE DYALB +B328;B328;1103 1163 11B3;B328;1103 1163 11B3; # (댨; 댨; 댨; 댨; 댨; ) HANGUL SYLLABLE DYALS +B329;B329;1103 1163 11B4;B329;1103 1163 11B4; # (댩; 댩; 댩; 댩; 댩; ) HANGUL SYLLABLE DYALT +B32A;B32A;1103 1163 11B5;B32A;1103 1163 11B5; # (댪; 댪; 댪; 댪; 댪; ) HANGUL SYLLABLE DYALP +B32B;B32B;1103 1163 11B6;B32B;1103 1163 11B6; # (댫; 댫; 댫; 댫; 댫; ) HANGUL SYLLABLE DYALH +B32C;B32C;1103 1163 11B7;B32C;1103 1163 11B7; # (댬; 댬; 댬; 댬; 댬; ) HANGUL SYLLABLE DYAM +B32D;B32D;1103 1163 11B8;B32D;1103 1163 11B8; # (댭; 댭; 댭; 댭; 댭; ) HANGUL SYLLABLE DYAB +B32E;B32E;1103 1163 11B9;B32E;1103 1163 11B9; # (댮; 댮; 댮; 댮; 댮; ) HANGUL SYLLABLE DYABS +B32F;B32F;1103 1163 11BA;B32F;1103 1163 11BA; # (댯; 댯; 댯; 댯; 댯; ) HANGUL SYLLABLE DYAS +B330;B330;1103 1163 11BB;B330;1103 1163 11BB; # (댰; 댰; 댰; 댰; 댰; ) HANGUL SYLLABLE DYASS +B331;B331;1103 1163 11BC;B331;1103 1163 11BC; # (댱; 댱; 댱; 댱; 댱; ) HANGUL SYLLABLE DYANG +B332;B332;1103 1163 11BD;B332;1103 1163 11BD; # (댲; 댲; 댲; 댲; 댲; ) HANGUL SYLLABLE DYAJ +B333;B333;1103 1163 11BE;B333;1103 1163 11BE; # (댳; 댳; 댳; 댳; 댳; ) HANGUL SYLLABLE DYAC +B334;B334;1103 1163 11BF;B334;1103 1163 11BF; # (댴; 댴; 댴; 댴; 댴; ) HANGUL SYLLABLE DYAK +B335;B335;1103 1163 11C0;B335;1103 1163 11C0; # (댵; 댵; 댵; 댵; 댵; ) HANGUL SYLLABLE DYAT +B336;B336;1103 1163 11C1;B336;1103 1163 11C1; # (댶; 댶; 댜á‡; 댶; 댜á‡; ) HANGUL SYLLABLE DYAP +B337;B337;1103 1163 11C2;B337;1103 1163 11C2; # (댷; 댷; 댷; 댷; 댷; ) HANGUL SYLLABLE DYAH +B338;B338;1103 1164;B338;1103 1164; # (댸; 댸; 댸; 댸; 댸; ) HANGUL SYLLABLE DYAE +B339;B339;1103 1164 11A8;B339;1103 1164 11A8; # (댹; 댹; 댹; 댹; 댹; ) HANGUL SYLLABLE DYAEG +B33A;B33A;1103 1164 11A9;B33A;1103 1164 11A9; # (댺; 댺; 댺; 댺; 댺; ) HANGUL SYLLABLE DYAEGG +B33B;B33B;1103 1164 11AA;B33B;1103 1164 11AA; # (댻; 댻; 댻; 댻; 댻; ) HANGUL SYLLABLE DYAEGS +B33C;B33C;1103 1164 11AB;B33C;1103 1164 11AB; # (댼; 댼; 댼; 댼; 댼; ) HANGUL SYLLABLE DYAEN +B33D;B33D;1103 1164 11AC;B33D;1103 1164 11AC; # (댽; 댽; 댽; 댽; 댽; ) HANGUL SYLLABLE DYAENJ +B33E;B33E;1103 1164 11AD;B33E;1103 1164 11AD; # (댾; 댾; 댾; 댾; 댾; ) HANGUL SYLLABLE DYAENH +B33F;B33F;1103 1164 11AE;B33F;1103 1164 11AE; # (댿; 댿; 댿; 댿; 댿; ) HANGUL SYLLABLE DYAED +B340;B340;1103 1164 11AF;B340;1103 1164 11AF; # (ë€; ë€; 덀; ë€; 덀; ) HANGUL SYLLABLE DYAEL +B341;B341;1103 1164 11B0;B341;1103 1164 11B0; # (ë; ë; 덁; ë; 덁; ) HANGUL SYLLABLE DYAELG +B342;B342;1103 1164 11B1;B342;1103 1164 11B1; # (ë‚; ë‚; 덂; ë‚; 덂; ) HANGUL SYLLABLE DYAELM +B343;B343;1103 1164 11B2;B343;1103 1164 11B2; # (ëƒ; ëƒ; 덃; ëƒ; 덃; ) HANGUL SYLLABLE DYAELB +B344;B344;1103 1164 11B3;B344;1103 1164 11B3; # (ë„; ë„; 덄; ë„; 덄; ) HANGUL SYLLABLE DYAELS +B345;B345;1103 1164 11B4;B345;1103 1164 11B4; # (ë…; ë…; 덅; ë…; 덅; ) HANGUL SYLLABLE DYAELT +B346;B346;1103 1164 11B5;B346;1103 1164 11B5; # (ë†; ë†; 덆; ë†; 덆; ) HANGUL SYLLABLE DYAELP +B347;B347;1103 1164 11B6;B347;1103 1164 11B6; # (ë‡; ë‡; 덇; ë‡; 덇; ) HANGUL SYLLABLE DYAELH +B348;B348;1103 1164 11B7;B348;1103 1164 11B7; # (ëˆ; ëˆ; 덈; ëˆ; 덈; ) HANGUL SYLLABLE DYAEM +B349;B349;1103 1164 11B8;B349;1103 1164 11B8; # (ë‰; ë‰; 덉; ë‰; 덉; ) HANGUL SYLLABLE DYAEB +B34A;B34A;1103 1164 11B9;B34A;1103 1164 11B9; # (ëŠ; ëŠ; 덊; ëŠ; 덊; ) HANGUL SYLLABLE DYAEBS +B34B;B34B;1103 1164 11BA;B34B;1103 1164 11BA; # (ë‹; ë‹; 덋; ë‹; 덋; ) HANGUL SYLLABLE DYAES +B34C;B34C;1103 1164 11BB;B34C;1103 1164 11BB; # (ëŒ; ëŒ; 덌; ëŒ; 덌; ) HANGUL SYLLABLE DYAESS +B34D;B34D;1103 1164 11BC;B34D;1103 1164 11BC; # (ë; ë; 덍; ë; 덍; ) HANGUL SYLLABLE DYAENG +B34E;B34E;1103 1164 11BD;B34E;1103 1164 11BD; # (ëŽ; ëŽ; 덎; ëŽ; 덎; ) HANGUL SYLLABLE DYAEJ +B34F;B34F;1103 1164 11BE;B34F;1103 1164 11BE; # (ë; ë; 덏; ë; 덏; ) HANGUL SYLLABLE DYAEC +B350;B350;1103 1164 11BF;B350;1103 1164 11BF; # (ë; ë; 덐; ë; 덐; ) HANGUL SYLLABLE DYAEK +B351;B351;1103 1164 11C0;B351;1103 1164 11C0; # (ë‘; ë‘; 덑; ë‘; 덑; ) HANGUL SYLLABLE DYAET +B352;B352;1103 1164 11C1;B352;1103 1164 11C1; # (ë’; ë’; 댸á‡; ë’; 댸á‡; ) HANGUL SYLLABLE DYAEP +B353;B353;1103 1164 11C2;B353;1103 1164 11C2; # (ë“; ë“; 덓; ë“; 덓; ) HANGUL SYLLABLE DYAEH +B354;B354;1103 1165;B354;1103 1165; # (ë”; ë”; 더; ë”; 더; ) HANGUL SYLLABLE DEO +B355;B355;1103 1165 11A8;B355;1103 1165 11A8; # (ë•; ë•; 덕; ë•; 덕; ) HANGUL SYLLABLE DEOG +B356;B356;1103 1165 11A9;B356;1103 1165 11A9; # (ë–; ë–; 덖; ë–; 덖; ) HANGUL SYLLABLE DEOGG +B357;B357;1103 1165 11AA;B357;1103 1165 11AA; # (ë—; ë—; 덗; ë—; 덗; ) HANGUL SYLLABLE DEOGS +B358;B358;1103 1165 11AB;B358;1103 1165 11AB; # (ë˜; ë˜; 던; ë˜; 던; ) HANGUL SYLLABLE DEON +B359;B359;1103 1165 11AC;B359;1103 1165 11AC; # (ë™; ë™; 덙; ë™; 덙; ) HANGUL SYLLABLE DEONJ +B35A;B35A;1103 1165 11AD;B35A;1103 1165 11AD; # (ëš; ëš; 덚; ëš; 덚; ) HANGUL SYLLABLE DEONH +B35B;B35B;1103 1165 11AE;B35B;1103 1165 11AE; # (ë›; ë›; 덛; ë›; 덛; ) HANGUL SYLLABLE DEOD +B35C;B35C;1103 1165 11AF;B35C;1103 1165 11AF; # (ëœ; ëœ; 덜; ëœ; 덜; ) HANGUL SYLLABLE DEOL +B35D;B35D;1103 1165 11B0;B35D;1103 1165 11B0; # (ë; ë; 덝; ë; 덝; ) HANGUL SYLLABLE DEOLG +B35E;B35E;1103 1165 11B1;B35E;1103 1165 11B1; # (ëž; ëž; 덞; ëž; 덞; ) HANGUL SYLLABLE DEOLM +B35F;B35F;1103 1165 11B2;B35F;1103 1165 11B2; # (ëŸ; ëŸ; 덟; ëŸ; 덟; ) HANGUL SYLLABLE DEOLB +B360;B360;1103 1165 11B3;B360;1103 1165 11B3; # (ë ; ë ; 덠; ë ; 덠; ) HANGUL SYLLABLE DEOLS +B361;B361;1103 1165 11B4;B361;1103 1165 11B4; # (ë¡; ë¡; 덡; ë¡; 덡; ) HANGUL SYLLABLE DEOLT +B362;B362;1103 1165 11B5;B362;1103 1165 11B5; # (ë¢; ë¢; 덢; ë¢; 덢; ) HANGUL SYLLABLE DEOLP +B363;B363;1103 1165 11B6;B363;1103 1165 11B6; # (ë£; ë£; 덣; ë£; 덣; ) HANGUL SYLLABLE DEOLH +B364;B364;1103 1165 11B7;B364;1103 1165 11B7; # (ë¤; ë¤; 덤; ë¤; 덤; ) HANGUL SYLLABLE DEOM +B365;B365;1103 1165 11B8;B365;1103 1165 11B8; # (ë¥; ë¥; 덥; ë¥; 덥; ) HANGUL SYLLABLE DEOB +B366;B366;1103 1165 11B9;B366;1103 1165 11B9; # (ë¦; ë¦; 덦; ë¦; 덦; ) HANGUL SYLLABLE DEOBS +B367;B367;1103 1165 11BA;B367;1103 1165 11BA; # (ë§; ë§; 덧; ë§; 덧; ) HANGUL SYLLABLE DEOS +B368;B368;1103 1165 11BB;B368;1103 1165 11BB; # (ë¨; ë¨; 덨; ë¨; 덨; ) HANGUL SYLLABLE DEOSS +B369;B369;1103 1165 11BC;B369;1103 1165 11BC; # (ë©; ë©; 덩; ë©; 덩; ) HANGUL SYLLABLE DEONG +B36A;B36A;1103 1165 11BD;B36A;1103 1165 11BD; # (ëª; ëª; 덪; ëª; 덪; ) HANGUL SYLLABLE DEOJ +B36B;B36B;1103 1165 11BE;B36B;1103 1165 11BE; # (ë«; ë«; 덫; ë«; 덫; ) HANGUL SYLLABLE DEOC +B36C;B36C;1103 1165 11BF;B36C;1103 1165 11BF; # (ë¬; ë¬; 덬; ë¬; 덬; ) HANGUL SYLLABLE DEOK +B36D;B36D;1103 1165 11C0;B36D;1103 1165 11C0; # (ë­; ë­; 덭; ë­; 덭; ) HANGUL SYLLABLE DEOT +B36E;B36E;1103 1165 11C1;B36E;1103 1165 11C1; # (ë®; ë®; 더á‡; ë®; 더á‡; ) HANGUL SYLLABLE DEOP +B36F;B36F;1103 1165 11C2;B36F;1103 1165 11C2; # (ë¯; ë¯; 덯; ë¯; 덯; ) HANGUL SYLLABLE DEOH +B370;B370;1103 1166;B370;1103 1166; # (ë°; ë°; 데; ë°; 데; ) HANGUL SYLLABLE DE +B371;B371;1103 1166 11A8;B371;1103 1166 11A8; # (ë±; ë±; 덱; ë±; 덱; ) HANGUL SYLLABLE DEG +B372;B372;1103 1166 11A9;B372;1103 1166 11A9; # (ë²; ë²; 덲; ë²; 덲; ) HANGUL SYLLABLE DEGG +B373;B373;1103 1166 11AA;B373;1103 1166 11AA; # (ë³; ë³; 덳; ë³; 덳; ) HANGUL SYLLABLE DEGS +B374;B374;1103 1166 11AB;B374;1103 1166 11AB; # (ë´; ë´; 덴; ë´; 덴; ) HANGUL SYLLABLE DEN +B375;B375;1103 1166 11AC;B375;1103 1166 11AC; # (ëµ; ëµ; 덵; ëµ; 덵; ) HANGUL SYLLABLE DENJ +B376;B376;1103 1166 11AD;B376;1103 1166 11AD; # (ë¶; ë¶; 덶; ë¶; 덶; ) HANGUL SYLLABLE DENH +B377;B377;1103 1166 11AE;B377;1103 1166 11AE; # (ë·; ë·; 덷; ë·; 덷; ) HANGUL SYLLABLE DED +B378;B378;1103 1166 11AF;B378;1103 1166 11AF; # (ë¸; ë¸; 델; ë¸; 델; ) HANGUL SYLLABLE DEL +B379;B379;1103 1166 11B0;B379;1103 1166 11B0; # (ë¹; ë¹; 덹; ë¹; 덹; ) HANGUL SYLLABLE DELG +B37A;B37A;1103 1166 11B1;B37A;1103 1166 11B1; # (ëº; ëº; 덺; ëº; 덺; ) HANGUL SYLLABLE DELM +B37B;B37B;1103 1166 11B2;B37B;1103 1166 11B2; # (ë»; ë»; 덻; ë»; 덻; ) HANGUL SYLLABLE DELB +B37C;B37C;1103 1166 11B3;B37C;1103 1166 11B3; # (ë¼; ë¼; 덼; ë¼; 덼; ) HANGUL SYLLABLE DELS +B37D;B37D;1103 1166 11B4;B37D;1103 1166 11B4; # (ë½; ë½; 덽; ë½; 덽; ) HANGUL SYLLABLE DELT +B37E;B37E;1103 1166 11B5;B37E;1103 1166 11B5; # (ë¾; ë¾; 덾; ë¾; 덾; ) HANGUL SYLLABLE DELP +B37F;B37F;1103 1166 11B6;B37F;1103 1166 11B6; # (ë¿; ë¿; 덿; ë¿; 덿; ) HANGUL SYLLABLE DELH +B380;B380;1103 1166 11B7;B380;1103 1166 11B7; # (뎀; 뎀; 뎀; 뎀; 뎀; ) HANGUL SYLLABLE DEM +B381;B381;1103 1166 11B8;B381;1103 1166 11B8; # (ëŽ; ëŽ; 뎁; ëŽ; 뎁; ) HANGUL SYLLABLE DEB +B382;B382;1103 1166 11B9;B382;1103 1166 11B9; # (뎂; 뎂; 뎂; 뎂; 뎂; ) HANGUL SYLLABLE DEBS +B383;B383;1103 1166 11BA;B383;1103 1166 11BA; # (뎃; 뎃; 뎃; 뎃; 뎃; ) HANGUL SYLLABLE DES +B384;B384;1103 1166 11BB;B384;1103 1166 11BB; # (뎄; 뎄; 뎄; 뎄; 뎄; ) HANGUL SYLLABLE DESS +B385;B385;1103 1166 11BC;B385;1103 1166 11BC; # (뎅; 뎅; 뎅; 뎅; 뎅; ) HANGUL SYLLABLE DENG +B386;B386;1103 1166 11BD;B386;1103 1166 11BD; # (뎆; 뎆; 뎆; 뎆; 뎆; ) HANGUL SYLLABLE DEJ +B387;B387;1103 1166 11BE;B387;1103 1166 11BE; # (뎇; 뎇; 뎇; 뎇; 뎇; ) HANGUL SYLLABLE DEC +B388;B388;1103 1166 11BF;B388;1103 1166 11BF; # (뎈; 뎈; 뎈; 뎈; 뎈; ) HANGUL SYLLABLE DEK +B389;B389;1103 1166 11C0;B389;1103 1166 11C0; # (뎉; 뎉; 뎉; 뎉; 뎉; ) HANGUL SYLLABLE DET +B38A;B38A;1103 1166 11C1;B38A;1103 1166 11C1; # (뎊; 뎊; 데á‡; 뎊; 데á‡; ) HANGUL SYLLABLE DEP +B38B;B38B;1103 1166 11C2;B38B;1103 1166 11C2; # (뎋; 뎋; 뎋; 뎋; 뎋; ) HANGUL SYLLABLE DEH +B38C;B38C;1103 1167;B38C;1103 1167; # (뎌; 뎌; 뎌; 뎌; 뎌; ) HANGUL SYLLABLE DYEO +B38D;B38D;1103 1167 11A8;B38D;1103 1167 11A8; # (ëŽ; ëŽ; 뎍; ëŽ; 뎍; ) HANGUL SYLLABLE DYEOG +B38E;B38E;1103 1167 11A9;B38E;1103 1167 11A9; # (뎎; 뎎; 뎎; 뎎; 뎎; ) HANGUL SYLLABLE DYEOGG +B38F;B38F;1103 1167 11AA;B38F;1103 1167 11AA; # (ëŽ; ëŽ; 뎏; ëŽ; 뎏; ) HANGUL SYLLABLE DYEOGS +B390;B390;1103 1167 11AB;B390;1103 1167 11AB; # (ëŽ; ëŽ; 뎐; ëŽ; 뎐; ) HANGUL SYLLABLE DYEON +B391;B391;1103 1167 11AC;B391;1103 1167 11AC; # (뎑; 뎑; 뎑; 뎑; 뎑; ) HANGUL SYLLABLE DYEONJ +B392;B392;1103 1167 11AD;B392;1103 1167 11AD; # (뎒; 뎒; 뎒; 뎒; 뎒; ) HANGUL SYLLABLE DYEONH +B393;B393;1103 1167 11AE;B393;1103 1167 11AE; # (뎓; 뎓; 뎓; 뎓; 뎓; ) HANGUL SYLLABLE DYEOD +B394;B394;1103 1167 11AF;B394;1103 1167 11AF; # (뎔; 뎔; 뎔; 뎔; 뎔; ) HANGUL SYLLABLE DYEOL +B395;B395;1103 1167 11B0;B395;1103 1167 11B0; # (뎕; 뎕; 뎕; 뎕; 뎕; ) HANGUL SYLLABLE DYEOLG +B396;B396;1103 1167 11B1;B396;1103 1167 11B1; # (뎖; 뎖; 뎖; 뎖; 뎖; ) HANGUL SYLLABLE DYEOLM +B397;B397;1103 1167 11B2;B397;1103 1167 11B2; # (뎗; 뎗; 뎗; 뎗; 뎗; ) HANGUL SYLLABLE DYEOLB +B398;B398;1103 1167 11B3;B398;1103 1167 11B3; # (뎘; 뎘; 뎘; 뎘; 뎘; ) HANGUL SYLLABLE DYEOLS +B399;B399;1103 1167 11B4;B399;1103 1167 11B4; # (뎙; 뎙; 뎙; 뎙; 뎙; ) HANGUL SYLLABLE DYEOLT +B39A;B39A;1103 1167 11B5;B39A;1103 1167 11B5; # (뎚; 뎚; 뎚; 뎚; 뎚; ) HANGUL SYLLABLE DYEOLP +B39B;B39B;1103 1167 11B6;B39B;1103 1167 11B6; # (뎛; 뎛; 뎛; 뎛; 뎛; ) HANGUL SYLLABLE DYEOLH +B39C;B39C;1103 1167 11B7;B39C;1103 1167 11B7; # (뎜; 뎜; 뎜; 뎜; 뎜; ) HANGUL SYLLABLE DYEOM +B39D;B39D;1103 1167 11B8;B39D;1103 1167 11B8; # (ëŽ; ëŽ; 뎝; ëŽ; 뎝; ) HANGUL SYLLABLE DYEOB +B39E;B39E;1103 1167 11B9;B39E;1103 1167 11B9; # (뎞; 뎞; 뎞; 뎞; 뎞; ) HANGUL SYLLABLE DYEOBS +B39F;B39F;1103 1167 11BA;B39F;1103 1167 11BA; # (뎟; 뎟; 뎟; 뎟; 뎟; ) HANGUL SYLLABLE DYEOS +B3A0;B3A0;1103 1167 11BB;B3A0;1103 1167 11BB; # (뎠; 뎠; 뎠; 뎠; 뎠; ) HANGUL SYLLABLE DYEOSS +B3A1;B3A1;1103 1167 11BC;B3A1;1103 1167 11BC; # (뎡; 뎡; 뎡; 뎡; 뎡; ) HANGUL SYLLABLE DYEONG +B3A2;B3A2;1103 1167 11BD;B3A2;1103 1167 11BD; # (뎢; 뎢; 뎢; 뎢; 뎢; ) HANGUL SYLLABLE DYEOJ +B3A3;B3A3;1103 1167 11BE;B3A3;1103 1167 11BE; # (뎣; 뎣; 뎣; 뎣; 뎣; ) HANGUL SYLLABLE DYEOC +B3A4;B3A4;1103 1167 11BF;B3A4;1103 1167 11BF; # (뎤; 뎤; 뎤; 뎤; 뎤; ) HANGUL SYLLABLE DYEOK +B3A5;B3A5;1103 1167 11C0;B3A5;1103 1167 11C0; # (뎥; 뎥; 뎥; 뎥; 뎥; ) HANGUL SYLLABLE DYEOT +B3A6;B3A6;1103 1167 11C1;B3A6;1103 1167 11C1; # (뎦; 뎦; 뎌á‡; 뎦; 뎌á‡; ) HANGUL SYLLABLE DYEOP +B3A7;B3A7;1103 1167 11C2;B3A7;1103 1167 11C2; # (뎧; 뎧; 뎧; 뎧; 뎧; ) HANGUL SYLLABLE DYEOH +B3A8;B3A8;1103 1168;B3A8;1103 1168; # (뎨; 뎨; 뎨; 뎨; 뎨; ) HANGUL SYLLABLE DYE +B3A9;B3A9;1103 1168 11A8;B3A9;1103 1168 11A8; # (뎩; 뎩; 뎩; 뎩; 뎩; ) HANGUL SYLLABLE DYEG +B3AA;B3AA;1103 1168 11A9;B3AA;1103 1168 11A9; # (뎪; 뎪; 뎪; 뎪; 뎪; ) HANGUL SYLLABLE DYEGG +B3AB;B3AB;1103 1168 11AA;B3AB;1103 1168 11AA; # (뎫; 뎫; 뎫; 뎫; 뎫; ) HANGUL SYLLABLE DYEGS +B3AC;B3AC;1103 1168 11AB;B3AC;1103 1168 11AB; # (뎬; 뎬; 뎬; 뎬; 뎬; ) HANGUL SYLLABLE DYEN +B3AD;B3AD;1103 1168 11AC;B3AD;1103 1168 11AC; # (뎭; 뎭; 뎭; 뎭; 뎭; ) HANGUL SYLLABLE DYENJ +B3AE;B3AE;1103 1168 11AD;B3AE;1103 1168 11AD; # (뎮; 뎮; 뎮; 뎮; 뎮; ) HANGUL SYLLABLE DYENH +B3AF;B3AF;1103 1168 11AE;B3AF;1103 1168 11AE; # (뎯; 뎯; 뎯; 뎯; 뎯; ) HANGUL SYLLABLE DYED +B3B0;B3B0;1103 1168 11AF;B3B0;1103 1168 11AF; # (뎰; 뎰; 뎰; 뎰; 뎰; ) HANGUL SYLLABLE DYEL +B3B1;B3B1;1103 1168 11B0;B3B1;1103 1168 11B0; # (뎱; 뎱; 뎱; 뎱; 뎱; ) HANGUL SYLLABLE DYELG +B3B2;B3B2;1103 1168 11B1;B3B2;1103 1168 11B1; # (뎲; 뎲; 뎲; 뎲; 뎲; ) HANGUL SYLLABLE DYELM +B3B3;B3B3;1103 1168 11B2;B3B3;1103 1168 11B2; # (뎳; 뎳; 뎳; 뎳; 뎳; ) HANGUL SYLLABLE DYELB +B3B4;B3B4;1103 1168 11B3;B3B4;1103 1168 11B3; # (뎴; 뎴; 뎴; 뎴; 뎴; ) HANGUL SYLLABLE DYELS +B3B5;B3B5;1103 1168 11B4;B3B5;1103 1168 11B4; # (뎵; 뎵; 뎵; 뎵; 뎵; ) HANGUL SYLLABLE DYELT +B3B6;B3B6;1103 1168 11B5;B3B6;1103 1168 11B5; # (뎶; 뎶; 뎶; 뎶; 뎶; ) HANGUL SYLLABLE DYELP +B3B7;B3B7;1103 1168 11B6;B3B7;1103 1168 11B6; # (뎷; 뎷; 뎷; 뎷; 뎷; ) HANGUL SYLLABLE DYELH +B3B8;B3B8;1103 1168 11B7;B3B8;1103 1168 11B7; # (뎸; 뎸; 뎸; 뎸; 뎸; ) HANGUL SYLLABLE DYEM +B3B9;B3B9;1103 1168 11B8;B3B9;1103 1168 11B8; # (뎹; 뎹; 뎹; 뎹; 뎹; ) HANGUL SYLLABLE DYEB +B3BA;B3BA;1103 1168 11B9;B3BA;1103 1168 11B9; # (뎺; 뎺; 뎺; 뎺; 뎺; ) HANGUL SYLLABLE DYEBS +B3BB;B3BB;1103 1168 11BA;B3BB;1103 1168 11BA; # (뎻; 뎻; 뎻; 뎻; 뎻; ) HANGUL SYLLABLE DYES +B3BC;B3BC;1103 1168 11BB;B3BC;1103 1168 11BB; # (뎼; 뎼; 뎼; 뎼; 뎼; ) HANGUL SYLLABLE DYESS +B3BD;B3BD;1103 1168 11BC;B3BD;1103 1168 11BC; # (뎽; 뎽; 뎽; 뎽; 뎽; ) HANGUL SYLLABLE DYENG +B3BE;B3BE;1103 1168 11BD;B3BE;1103 1168 11BD; # (뎾; 뎾; 뎾; 뎾; 뎾; ) HANGUL SYLLABLE DYEJ +B3BF;B3BF;1103 1168 11BE;B3BF;1103 1168 11BE; # (뎿; 뎿; 뎿; 뎿; 뎿; ) HANGUL SYLLABLE DYEC +B3C0;B3C0;1103 1168 11BF;B3C0;1103 1168 11BF; # (ë€; ë€; 돀; ë€; 돀; ) HANGUL SYLLABLE DYEK +B3C1;B3C1;1103 1168 11C0;B3C1;1103 1168 11C0; # (ë; ë; 돁; ë; 돁; ) HANGUL SYLLABLE DYET +B3C2;B3C2;1103 1168 11C1;B3C2;1103 1168 11C1; # (ë‚; ë‚; 뎨á‡; ë‚; 뎨á‡; ) HANGUL SYLLABLE DYEP +B3C3;B3C3;1103 1168 11C2;B3C3;1103 1168 11C2; # (ëƒ; ëƒ; 돃; ëƒ; 돃; ) HANGUL SYLLABLE DYEH +B3C4;B3C4;1103 1169;B3C4;1103 1169; # (ë„; ë„; 도; ë„; 도; ) HANGUL SYLLABLE DO +B3C5;B3C5;1103 1169 11A8;B3C5;1103 1169 11A8; # (ë…; ë…; 독; ë…; 독; ) HANGUL SYLLABLE DOG +B3C6;B3C6;1103 1169 11A9;B3C6;1103 1169 11A9; # (ë†; ë†; 돆; ë†; 돆; ) HANGUL SYLLABLE DOGG +B3C7;B3C7;1103 1169 11AA;B3C7;1103 1169 11AA; # (ë‡; ë‡; 돇; ë‡; 돇; ) HANGUL SYLLABLE DOGS +B3C8;B3C8;1103 1169 11AB;B3C8;1103 1169 11AB; # (ëˆ; ëˆ; 돈; ëˆ; 돈; ) HANGUL SYLLABLE DON +B3C9;B3C9;1103 1169 11AC;B3C9;1103 1169 11AC; # (ë‰; ë‰; 돉; ë‰; 돉; ) HANGUL SYLLABLE DONJ +B3CA;B3CA;1103 1169 11AD;B3CA;1103 1169 11AD; # (ëŠ; ëŠ; 돊; ëŠ; 돊; ) HANGUL SYLLABLE DONH +B3CB;B3CB;1103 1169 11AE;B3CB;1103 1169 11AE; # (ë‹; ë‹; 돋; ë‹; 돋; ) HANGUL SYLLABLE DOD +B3CC;B3CC;1103 1169 11AF;B3CC;1103 1169 11AF; # (ëŒ; ëŒ; 돌; ëŒ; 돌; ) HANGUL SYLLABLE DOL +B3CD;B3CD;1103 1169 11B0;B3CD;1103 1169 11B0; # (ë; ë; 돍; ë; 돍; ) HANGUL SYLLABLE DOLG +B3CE;B3CE;1103 1169 11B1;B3CE;1103 1169 11B1; # (ëŽ; ëŽ; 돎; ëŽ; 돎; ) HANGUL SYLLABLE DOLM +B3CF;B3CF;1103 1169 11B2;B3CF;1103 1169 11B2; # (ë; ë; 돏; ë; 돏; ) HANGUL SYLLABLE DOLB +B3D0;B3D0;1103 1169 11B3;B3D0;1103 1169 11B3; # (ë; ë; 돐; ë; 돐; ) HANGUL SYLLABLE DOLS +B3D1;B3D1;1103 1169 11B4;B3D1;1103 1169 11B4; # (ë‘; ë‘; 돑; ë‘; 돑; ) HANGUL SYLLABLE DOLT +B3D2;B3D2;1103 1169 11B5;B3D2;1103 1169 11B5; # (ë’; ë’; 돒; ë’; 돒; ) HANGUL SYLLABLE DOLP +B3D3;B3D3;1103 1169 11B6;B3D3;1103 1169 11B6; # (ë“; ë“; 돓; ë“; 돓; ) HANGUL SYLLABLE DOLH +B3D4;B3D4;1103 1169 11B7;B3D4;1103 1169 11B7; # (ë”; ë”; 돔; ë”; 돔; ) HANGUL SYLLABLE DOM +B3D5;B3D5;1103 1169 11B8;B3D5;1103 1169 11B8; # (ë•; ë•; 돕; ë•; 돕; ) HANGUL SYLLABLE DOB +B3D6;B3D6;1103 1169 11B9;B3D6;1103 1169 11B9; # (ë–; ë–; 돖; ë–; 돖; ) HANGUL SYLLABLE DOBS +B3D7;B3D7;1103 1169 11BA;B3D7;1103 1169 11BA; # (ë—; ë—; 돗; ë—; 돗; ) HANGUL SYLLABLE DOS +B3D8;B3D8;1103 1169 11BB;B3D8;1103 1169 11BB; # (ë˜; ë˜; 돘; ë˜; 돘; ) HANGUL SYLLABLE DOSS +B3D9;B3D9;1103 1169 11BC;B3D9;1103 1169 11BC; # (ë™; ë™; 동; ë™; 동; ) HANGUL SYLLABLE DONG +B3DA;B3DA;1103 1169 11BD;B3DA;1103 1169 11BD; # (ëš; ëš; 돚; ëš; 돚; ) HANGUL SYLLABLE DOJ +B3DB;B3DB;1103 1169 11BE;B3DB;1103 1169 11BE; # (ë›; ë›; 돛; ë›; 돛; ) HANGUL SYLLABLE DOC +B3DC;B3DC;1103 1169 11BF;B3DC;1103 1169 11BF; # (ëœ; ëœ; 돜; ëœ; 돜; ) HANGUL SYLLABLE DOK +B3DD;B3DD;1103 1169 11C0;B3DD;1103 1169 11C0; # (ë; ë; 돝; ë; 돝; ) HANGUL SYLLABLE DOT +B3DE;B3DE;1103 1169 11C1;B3DE;1103 1169 11C1; # (ëž; ëž; 도á‡; ëž; 도á‡; ) HANGUL SYLLABLE DOP +B3DF;B3DF;1103 1169 11C2;B3DF;1103 1169 11C2; # (ëŸ; ëŸ; 돟; ëŸ; 돟; ) HANGUL SYLLABLE DOH +B3E0;B3E0;1103 116A;B3E0;1103 116A; # (ë ; ë ; 돠; ë ; 돠; ) HANGUL SYLLABLE DWA +B3E1;B3E1;1103 116A 11A8;B3E1;1103 116A 11A8; # (ë¡; ë¡; 돡; ë¡; 돡; ) HANGUL SYLLABLE DWAG +B3E2;B3E2;1103 116A 11A9;B3E2;1103 116A 11A9; # (ë¢; ë¢; 돢; ë¢; 돢; ) HANGUL SYLLABLE DWAGG +B3E3;B3E3;1103 116A 11AA;B3E3;1103 116A 11AA; # (ë£; ë£; 돣; ë£; 돣; ) HANGUL SYLLABLE DWAGS +B3E4;B3E4;1103 116A 11AB;B3E4;1103 116A 11AB; # (ë¤; ë¤; 돤; ë¤; 돤; ) HANGUL SYLLABLE DWAN +B3E5;B3E5;1103 116A 11AC;B3E5;1103 116A 11AC; # (ë¥; ë¥; 돥; ë¥; 돥; ) HANGUL SYLLABLE DWANJ +B3E6;B3E6;1103 116A 11AD;B3E6;1103 116A 11AD; # (ë¦; ë¦; 돦; ë¦; 돦; ) HANGUL SYLLABLE DWANH +B3E7;B3E7;1103 116A 11AE;B3E7;1103 116A 11AE; # (ë§; ë§; 돧; ë§; 돧; ) HANGUL SYLLABLE DWAD +B3E8;B3E8;1103 116A 11AF;B3E8;1103 116A 11AF; # (ë¨; ë¨; 돨; ë¨; 돨; ) HANGUL SYLLABLE DWAL +B3E9;B3E9;1103 116A 11B0;B3E9;1103 116A 11B0; # (ë©; ë©; 돩; ë©; 돩; ) HANGUL SYLLABLE DWALG +B3EA;B3EA;1103 116A 11B1;B3EA;1103 116A 11B1; # (ëª; ëª; 돪; ëª; 돪; ) HANGUL SYLLABLE DWALM +B3EB;B3EB;1103 116A 11B2;B3EB;1103 116A 11B2; # (ë«; ë«; 돫; ë«; 돫; ) HANGUL SYLLABLE DWALB +B3EC;B3EC;1103 116A 11B3;B3EC;1103 116A 11B3; # (ë¬; ë¬; 돬; ë¬; 돬; ) HANGUL SYLLABLE DWALS +B3ED;B3ED;1103 116A 11B4;B3ED;1103 116A 11B4; # (ë­; ë­; 돭; ë­; 돭; ) HANGUL SYLLABLE DWALT +B3EE;B3EE;1103 116A 11B5;B3EE;1103 116A 11B5; # (ë®; ë®; 돮; ë®; 돮; ) HANGUL SYLLABLE DWALP +B3EF;B3EF;1103 116A 11B6;B3EF;1103 116A 11B6; # (ë¯; ë¯; 돯; ë¯; 돯; ) HANGUL SYLLABLE DWALH +B3F0;B3F0;1103 116A 11B7;B3F0;1103 116A 11B7; # (ë°; ë°; 돰; ë°; 돰; ) HANGUL SYLLABLE DWAM +B3F1;B3F1;1103 116A 11B8;B3F1;1103 116A 11B8; # (ë±; ë±; 돱; ë±; 돱; ) HANGUL SYLLABLE DWAB +B3F2;B3F2;1103 116A 11B9;B3F2;1103 116A 11B9; # (ë²; ë²; 돲; ë²; 돲; ) HANGUL SYLLABLE DWABS +B3F3;B3F3;1103 116A 11BA;B3F3;1103 116A 11BA; # (ë³; ë³; 돳; ë³; 돳; ) HANGUL SYLLABLE DWAS +B3F4;B3F4;1103 116A 11BB;B3F4;1103 116A 11BB; # (ë´; ë´; 돴; ë´; 돴; ) HANGUL SYLLABLE DWASS +B3F5;B3F5;1103 116A 11BC;B3F5;1103 116A 11BC; # (ëµ; ëµ; 돵; ëµ; 돵; ) HANGUL SYLLABLE DWANG +B3F6;B3F6;1103 116A 11BD;B3F6;1103 116A 11BD; # (ë¶; ë¶; 돶; ë¶; 돶; ) HANGUL SYLLABLE DWAJ +B3F7;B3F7;1103 116A 11BE;B3F7;1103 116A 11BE; # (ë·; ë·; 돷; ë·; 돷; ) HANGUL SYLLABLE DWAC +B3F8;B3F8;1103 116A 11BF;B3F8;1103 116A 11BF; # (ë¸; ë¸; 돸; ë¸; 돸; ) HANGUL SYLLABLE DWAK +B3F9;B3F9;1103 116A 11C0;B3F9;1103 116A 11C0; # (ë¹; ë¹; 돹; ë¹; 돹; ) HANGUL SYLLABLE DWAT +B3FA;B3FA;1103 116A 11C1;B3FA;1103 116A 11C1; # (ëº; ëº; 돠á‡; ëº; 돠á‡; ) HANGUL SYLLABLE DWAP +B3FB;B3FB;1103 116A 11C2;B3FB;1103 116A 11C2; # (ë»; ë»; 돻; ë»; 돻; ) HANGUL SYLLABLE DWAH +B3FC;B3FC;1103 116B;B3FC;1103 116B; # (ë¼; ë¼; 돼; ë¼; 돼; ) HANGUL SYLLABLE DWAE +B3FD;B3FD;1103 116B 11A8;B3FD;1103 116B 11A8; # (ë½; ë½; 돽; ë½; 돽; ) HANGUL SYLLABLE DWAEG +B3FE;B3FE;1103 116B 11A9;B3FE;1103 116B 11A9; # (ë¾; ë¾; 돾; ë¾; 돾; ) HANGUL SYLLABLE DWAEGG +B3FF;B3FF;1103 116B 11AA;B3FF;1103 116B 11AA; # (ë¿; ë¿; 돿; ë¿; 돿; ) HANGUL SYLLABLE DWAEGS +B400;B400;1103 116B 11AB;B400;1103 116B 11AB; # (ë€; ë€; 됀; ë€; 됀; ) HANGUL SYLLABLE DWAEN +B401;B401;1103 116B 11AC;B401;1103 116B 11AC; # (ë; ë; 됁; ë; 됁; ) HANGUL SYLLABLE DWAENJ +B402;B402;1103 116B 11AD;B402;1103 116B 11AD; # (ë‚; ë‚; 됂; ë‚; 됂; ) HANGUL SYLLABLE DWAENH +B403;B403;1103 116B 11AE;B403;1103 116B 11AE; # (ëƒ; ëƒ; 됃; ëƒ; 됃; ) HANGUL SYLLABLE DWAED +B404;B404;1103 116B 11AF;B404;1103 116B 11AF; # (ë„; ë„; 됄; ë„; 됄; ) HANGUL SYLLABLE DWAEL +B405;B405;1103 116B 11B0;B405;1103 116B 11B0; # (ë…; ë…; 됅; ë…; 됅; ) HANGUL SYLLABLE DWAELG +B406;B406;1103 116B 11B1;B406;1103 116B 11B1; # (ë†; ë†; 됆; ë†; 됆; ) HANGUL SYLLABLE DWAELM +B407;B407;1103 116B 11B2;B407;1103 116B 11B2; # (ë‡; ë‡; 됇; ë‡; 됇; ) HANGUL SYLLABLE DWAELB +B408;B408;1103 116B 11B3;B408;1103 116B 11B3; # (ëˆ; ëˆ; 됈; ëˆ; 됈; ) HANGUL SYLLABLE DWAELS +B409;B409;1103 116B 11B4;B409;1103 116B 11B4; # (ë‰; ë‰; 됉; ë‰; 됉; ) HANGUL SYLLABLE DWAELT +B40A;B40A;1103 116B 11B5;B40A;1103 116B 11B5; # (ëŠ; ëŠ; 됊; ëŠ; 됊; ) HANGUL SYLLABLE DWAELP +B40B;B40B;1103 116B 11B6;B40B;1103 116B 11B6; # (ë‹; ë‹; 됋; ë‹; 됋; ) HANGUL SYLLABLE DWAELH +B40C;B40C;1103 116B 11B7;B40C;1103 116B 11B7; # (ëŒ; ëŒ; 됌; ëŒ; 됌; ) HANGUL SYLLABLE DWAEM +B40D;B40D;1103 116B 11B8;B40D;1103 116B 11B8; # (ë; ë; 됍; ë; 됍; ) HANGUL SYLLABLE DWAEB +B40E;B40E;1103 116B 11B9;B40E;1103 116B 11B9; # (ëŽ; ëŽ; 됎; ëŽ; 됎; ) HANGUL SYLLABLE DWAEBS +B40F;B40F;1103 116B 11BA;B40F;1103 116B 11BA; # (ë; ë; 됏; ë; 됏; ) HANGUL SYLLABLE DWAES +B410;B410;1103 116B 11BB;B410;1103 116B 11BB; # (ë; ë; 됐; ë; 됐; ) HANGUL SYLLABLE DWAESS +B411;B411;1103 116B 11BC;B411;1103 116B 11BC; # (ë‘; ë‘; 됑; ë‘; 됑; ) HANGUL SYLLABLE DWAENG +B412;B412;1103 116B 11BD;B412;1103 116B 11BD; # (ë’; ë’; 됒; ë’; 됒; ) HANGUL SYLLABLE DWAEJ +B413;B413;1103 116B 11BE;B413;1103 116B 11BE; # (ë“; ë“; 됓; ë“; 됓; ) HANGUL SYLLABLE DWAEC +B414;B414;1103 116B 11BF;B414;1103 116B 11BF; # (ë”; ë”; 됔; ë”; 됔; ) HANGUL SYLLABLE DWAEK +B415;B415;1103 116B 11C0;B415;1103 116B 11C0; # (ë•; ë•; 됕; ë•; 됕; ) HANGUL SYLLABLE DWAET +B416;B416;1103 116B 11C1;B416;1103 116B 11C1; # (ë–; ë–; 돼á‡; ë–; 돼á‡; ) HANGUL SYLLABLE DWAEP +B417;B417;1103 116B 11C2;B417;1103 116B 11C2; # (ë—; ë—; 됗; ë—; 됗; ) HANGUL SYLLABLE DWAEH +B418;B418;1103 116C;B418;1103 116C; # (ë˜; ë˜; 되; ë˜; 되; ) HANGUL SYLLABLE DOE +B419;B419;1103 116C 11A8;B419;1103 116C 11A8; # (ë™; ë™; 됙; ë™; 됙; ) HANGUL SYLLABLE DOEG +B41A;B41A;1103 116C 11A9;B41A;1103 116C 11A9; # (ëš; ëš; 됚; ëš; 됚; ) HANGUL SYLLABLE DOEGG +B41B;B41B;1103 116C 11AA;B41B;1103 116C 11AA; # (ë›; ë›; 됛; ë›; 됛; ) HANGUL SYLLABLE DOEGS +B41C;B41C;1103 116C 11AB;B41C;1103 116C 11AB; # (ëœ; ëœ; 된; ëœ; 된; ) HANGUL SYLLABLE DOEN +B41D;B41D;1103 116C 11AC;B41D;1103 116C 11AC; # (ë; ë; 됝; ë; 됝; ) HANGUL SYLLABLE DOENJ +B41E;B41E;1103 116C 11AD;B41E;1103 116C 11AD; # (ëž; ëž; 됞; ëž; 됞; ) HANGUL SYLLABLE DOENH +B41F;B41F;1103 116C 11AE;B41F;1103 116C 11AE; # (ëŸ; ëŸ; 됟; ëŸ; 됟; ) HANGUL SYLLABLE DOED +B420;B420;1103 116C 11AF;B420;1103 116C 11AF; # (ë ; ë ; 될; ë ; 될; ) HANGUL SYLLABLE DOEL +B421;B421;1103 116C 11B0;B421;1103 116C 11B0; # (ë¡; ë¡; 됡; ë¡; 됡; ) HANGUL SYLLABLE DOELG +B422;B422;1103 116C 11B1;B422;1103 116C 11B1; # (ë¢; ë¢; 됢; ë¢; 됢; ) HANGUL SYLLABLE DOELM +B423;B423;1103 116C 11B2;B423;1103 116C 11B2; # (ë£; ë£; 됣; ë£; 됣; ) HANGUL SYLLABLE DOELB +B424;B424;1103 116C 11B3;B424;1103 116C 11B3; # (ë¤; ë¤; 됤; ë¤; 됤; ) HANGUL SYLLABLE DOELS +B425;B425;1103 116C 11B4;B425;1103 116C 11B4; # (ë¥; ë¥; 됥; ë¥; 됥; ) HANGUL SYLLABLE DOELT +B426;B426;1103 116C 11B5;B426;1103 116C 11B5; # (ë¦; ë¦; 됦; ë¦; 됦; ) HANGUL SYLLABLE DOELP +B427;B427;1103 116C 11B6;B427;1103 116C 11B6; # (ë§; ë§; 됧; ë§; 됧; ) HANGUL SYLLABLE DOELH +B428;B428;1103 116C 11B7;B428;1103 116C 11B7; # (ë¨; ë¨; 됨; ë¨; 됨; ) HANGUL SYLLABLE DOEM +B429;B429;1103 116C 11B8;B429;1103 116C 11B8; # (ë©; ë©; 됩; ë©; 됩; ) HANGUL SYLLABLE DOEB +B42A;B42A;1103 116C 11B9;B42A;1103 116C 11B9; # (ëª; ëª; 됪; ëª; 됪; ) HANGUL SYLLABLE DOEBS +B42B;B42B;1103 116C 11BA;B42B;1103 116C 11BA; # (ë«; ë«; 됫; ë«; 됫; ) HANGUL SYLLABLE DOES +B42C;B42C;1103 116C 11BB;B42C;1103 116C 11BB; # (ë¬; ë¬; 됬; ë¬; 됬; ) HANGUL SYLLABLE DOESS +B42D;B42D;1103 116C 11BC;B42D;1103 116C 11BC; # (ë­; ë­; 됭; ë­; 됭; ) HANGUL SYLLABLE DOENG +B42E;B42E;1103 116C 11BD;B42E;1103 116C 11BD; # (ë®; ë®; 됮; ë®; 됮; ) HANGUL SYLLABLE DOEJ +B42F;B42F;1103 116C 11BE;B42F;1103 116C 11BE; # (ë¯; ë¯; 됯; ë¯; 됯; ) HANGUL SYLLABLE DOEC +B430;B430;1103 116C 11BF;B430;1103 116C 11BF; # (ë°; ë°; 됰; ë°; 됰; ) HANGUL SYLLABLE DOEK +B431;B431;1103 116C 11C0;B431;1103 116C 11C0; # (ë±; ë±; 됱; ë±; 됱; ) HANGUL SYLLABLE DOET +B432;B432;1103 116C 11C1;B432;1103 116C 11C1; # (ë²; ë²; 되á‡; ë²; 되á‡; ) HANGUL SYLLABLE DOEP +B433;B433;1103 116C 11C2;B433;1103 116C 11C2; # (ë³; ë³; 됳; ë³; 됳; ) HANGUL SYLLABLE DOEH +B434;B434;1103 116D;B434;1103 116D; # (ë´; ë´; 됴; ë´; 됴; ) HANGUL SYLLABLE DYO +B435;B435;1103 116D 11A8;B435;1103 116D 11A8; # (ëµ; ëµ; 됵; ëµ; 됵; ) HANGUL SYLLABLE DYOG +B436;B436;1103 116D 11A9;B436;1103 116D 11A9; # (ë¶; ë¶; 됶; ë¶; 됶; ) HANGUL SYLLABLE DYOGG +B437;B437;1103 116D 11AA;B437;1103 116D 11AA; # (ë·; ë·; 됷; ë·; 됷; ) HANGUL SYLLABLE DYOGS +B438;B438;1103 116D 11AB;B438;1103 116D 11AB; # (ë¸; ë¸; 됸; ë¸; 됸; ) HANGUL SYLLABLE DYON +B439;B439;1103 116D 11AC;B439;1103 116D 11AC; # (ë¹; ë¹; 됹; ë¹; 됹; ) HANGUL SYLLABLE DYONJ +B43A;B43A;1103 116D 11AD;B43A;1103 116D 11AD; # (ëº; ëº; 됺; ëº; 됺; ) HANGUL SYLLABLE DYONH +B43B;B43B;1103 116D 11AE;B43B;1103 116D 11AE; # (ë»; ë»; 됻; ë»; 됻; ) HANGUL SYLLABLE DYOD +B43C;B43C;1103 116D 11AF;B43C;1103 116D 11AF; # (ë¼; ë¼; 됼; ë¼; 됼; ) HANGUL SYLLABLE DYOL +B43D;B43D;1103 116D 11B0;B43D;1103 116D 11B0; # (ë½; ë½; 됽; ë½; 됽; ) HANGUL SYLLABLE DYOLG +B43E;B43E;1103 116D 11B1;B43E;1103 116D 11B1; # (ë¾; ë¾; 됾; ë¾; 됾; ) HANGUL SYLLABLE DYOLM +B43F;B43F;1103 116D 11B2;B43F;1103 116D 11B2; # (ë¿; ë¿; 됿; ë¿; 됿; ) HANGUL SYLLABLE DYOLB +B440;B440;1103 116D 11B3;B440;1103 116D 11B3; # (ë‘€; ë‘€; 둀; ë‘€; 둀; ) HANGUL SYLLABLE DYOLS +B441;B441;1103 116D 11B4;B441;1103 116D 11B4; # (ë‘; ë‘; 둁; ë‘; 둁; ) HANGUL SYLLABLE DYOLT +B442;B442;1103 116D 11B5;B442;1103 116D 11B5; # (ë‘‚; ë‘‚; 둂; ë‘‚; 둂; ) HANGUL SYLLABLE DYOLP +B443;B443;1103 116D 11B6;B443;1103 116D 11B6; # (둃; 둃; 둃; 둃; 둃; ) HANGUL SYLLABLE DYOLH +B444;B444;1103 116D 11B7;B444;1103 116D 11B7; # (ë‘„; ë‘„; 둄; ë‘„; 둄; ) HANGUL SYLLABLE DYOM +B445;B445;1103 116D 11B8;B445;1103 116D 11B8; # (ë‘…; ë‘…; 둅; ë‘…; 둅; ) HANGUL SYLLABLE DYOB +B446;B446;1103 116D 11B9;B446;1103 116D 11B9; # (둆; 둆; 둆; 둆; 둆; ) HANGUL SYLLABLE DYOBS +B447;B447;1103 116D 11BA;B447;1103 116D 11BA; # (둇; 둇; 둇; 둇; 둇; ) HANGUL SYLLABLE DYOS +B448;B448;1103 116D 11BB;B448;1103 116D 11BB; # (둈; 둈; 둈; 둈; 둈; ) HANGUL SYLLABLE DYOSS +B449;B449;1103 116D 11BC;B449;1103 116D 11BC; # (둉; 둉; 둉; 둉; 둉; ) HANGUL SYLLABLE DYONG +B44A;B44A;1103 116D 11BD;B44A;1103 116D 11BD; # (ë‘Š; ë‘Š; 둊; ë‘Š; 둊; ) HANGUL SYLLABLE DYOJ +B44B;B44B;1103 116D 11BE;B44B;1103 116D 11BE; # (ë‘‹; ë‘‹; 둋; ë‘‹; 둋; ) HANGUL SYLLABLE DYOC +B44C;B44C;1103 116D 11BF;B44C;1103 116D 11BF; # (ë‘Œ; ë‘Œ; 둌; ë‘Œ; 둌; ) HANGUL SYLLABLE DYOK +B44D;B44D;1103 116D 11C0;B44D;1103 116D 11C0; # (ë‘; ë‘; 둍; ë‘; 둍; ) HANGUL SYLLABLE DYOT +B44E;B44E;1103 116D 11C1;B44E;1103 116D 11C1; # (ë‘Ž; ë‘Ž; 됴á‡; ë‘Ž; 됴á‡; ) HANGUL SYLLABLE DYOP +B44F;B44F;1103 116D 11C2;B44F;1103 116D 11C2; # (ë‘; ë‘; 둏; ë‘; 둏; ) HANGUL SYLLABLE DYOH +B450;B450;1103 116E;B450;1103 116E; # (ë‘; ë‘; 두; ë‘; 두; ) HANGUL SYLLABLE DU +B451;B451;1103 116E 11A8;B451;1103 116E 11A8; # (ë‘‘; ë‘‘; 둑; ë‘‘; 둑; ) HANGUL SYLLABLE DUG +B452;B452;1103 116E 11A9;B452;1103 116E 11A9; # (ë‘’; ë‘’; 둒; ë‘’; 둒; ) HANGUL SYLLABLE DUGG +B453;B453;1103 116E 11AA;B453;1103 116E 11AA; # (ë‘“; ë‘“; 둓; ë‘“; 둓; ) HANGUL SYLLABLE DUGS +B454;B454;1103 116E 11AB;B454;1103 116E 11AB; # (ë‘”; ë‘”; 둔; ë‘”; 둔; ) HANGUL SYLLABLE DUN +B455;B455;1103 116E 11AC;B455;1103 116E 11AC; # (ë‘•; ë‘•; 둕; ë‘•; 둕; ) HANGUL SYLLABLE DUNJ +B456;B456;1103 116E 11AD;B456;1103 116E 11AD; # (ë‘–; ë‘–; 둖; ë‘–; 둖; ) HANGUL SYLLABLE DUNH +B457;B457;1103 116E 11AE;B457;1103 116E 11AE; # (ë‘—; ë‘—; 둗; ë‘—; 둗; ) HANGUL SYLLABLE DUD +B458;B458;1103 116E 11AF;B458;1103 116E 11AF; # (둘; 둘; 둘; 둘; 둘; ) HANGUL SYLLABLE DUL +B459;B459;1103 116E 11B0;B459;1103 116E 11B0; # (ë‘™; ë‘™; 둙; ë‘™; 둙; ) HANGUL SYLLABLE DULG +B45A;B45A;1103 116E 11B1;B45A;1103 116E 11B1; # (ë‘š; ë‘š; 둚; ë‘š; 둚; ) HANGUL SYLLABLE DULM +B45B;B45B;1103 116E 11B2;B45B;1103 116E 11B2; # (ë‘›; ë‘›; 둛; ë‘›; 둛; ) HANGUL SYLLABLE DULB +B45C;B45C;1103 116E 11B3;B45C;1103 116E 11B3; # (ë‘œ; ë‘œ; 둜; ë‘œ; 둜; ) HANGUL SYLLABLE DULS +B45D;B45D;1103 116E 11B4;B45D;1103 116E 11B4; # (ë‘; ë‘; 둝; ë‘; 둝; ) HANGUL SYLLABLE DULT +B45E;B45E;1103 116E 11B5;B45E;1103 116E 11B5; # (ë‘ž; ë‘ž; 둞; ë‘ž; 둞; ) HANGUL SYLLABLE DULP +B45F;B45F;1103 116E 11B6;B45F;1103 116E 11B6; # (ë‘Ÿ; ë‘Ÿ; 둟; ë‘Ÿ; 둟; ) HANGUL SYLLABLE DULH +B460;B460;1103 116E 11B7;B460;1103 116E 11B7; # (ë‘ ; ë‘ ; 둠; ë‘ ; 둠; ) HANGUL SYLLABLE DUM +B461;B461;1103 116E 11B8;B461;1103 116E 11B8; # (ë‘¡; ë‘¡; 둡; ë‘¡; 둡; ) HANGUL SYLLABLE DUB +B462;B462;1103 116E 11B9;B462;1103 116E 11B9; # (ë‘¢; ë‘¢; 둢; ë‘¢; 둢; ) HANGUL SYLLABLE DUBS +B463;B463;1103 116E 11BA;B463;1103 116E 11BA; # (ë‘£; ë‘£; 둣; ë‘£; 둣; ) HANGUL SYLLABLE DUS +B464;B464;1103 116E 11BB;B464;1103 116E 11BB; # (둤; 둤; 둤; 둤; 둤; ) HANGUL SYLLABLE DUSS +B465;B465;1103 116E 11BC;B465;1103 116E 11BC; # (ë‘¥; ë‘¥; 둥; ë‘¥; 둥; ) HANGUL SYLLABLE DUNG +B466;B466;1103 116E 11BD;B466;1103 116E 11BD; # (둦; 둦; 둦; 둦; 둦; ) HANGUL SYLLABLE DUJ +B467;B467;1103 116E 11BE;B467;1103 116E 11BE; # (둧; 둧; 둧; 둧; 둧; ) HANGUL SYLLABLE DUC +B468;B468;1103 116E 11BF;B468;1103 116E 11BF; # (둨; 둨; 둨; 둨; 둨; ) HANGUL SYLLABLE DUK +B469;B469;1103 116E 11C0;B469;1103 116E 11C0; # (ë‘©; ë‘©; 둩; ë‘©; 둩; ) HANGUL SYLLABLE DUT +B46A;B46A;1103 116E 11C1;B46A;1103 116E 11C1; # (둪; 둪; 두á‡; 둪; 두á‡; ) HANGUL SYLLABLE DUP +B46B;B46B;1103 116E 11C2;B46B;1103 116E 11C2; # (ë‘«; ë‘«; 둫; ë‘«; 둫; ) HANGUL SYLLABLE DUH +B46C;B46C;1103 116F;B46C;1103 116F; # (둬; 둬; 둬; 둬; 둬; ) HANGUL SYLLABLE DWEO +B46D;B46D;1103 116F 11A8;B46D;1103 116F 11A8; # (ë‘­; ë‘­; 둭; ë‘­; 둭; ) HANGUL SYLLABLE DWEOG +B46E;B46E;1103 116F 11A9;B46E;1103 116F 11A9; # (ë‘®; ë‘®; 둮; ë‘®; 둮; ) HANGUL SYLLABLE DWEOGG +B46F;B46F;1103 116F 11AA;B46F;1103 116F 11AA; # (둯; 둯; 둯; 둯; 둯; ) HANGUL SYLLABLE DWEOGS +B470;B470;1103 116F 11AB;B470;1103 116F 11AB; # (ë‘°; ë‘°; 둰; ë‘°; 둰; ) HANGUL SYLLABLE DWEON +B471;B471;1103 116F 11AC;B471;1103 116F 11AC; # (둱; 둱; 둱; 둱; 둱; ) HANGUL SYLLABLE DWEONJ +B472;B472;1103 116F 11AD;B472;1103 116F 11AD; # (둲; 둲; 둲; 둲; 둲; ) HANGUL SYLLABLE DWEONH +B473;B473;1103 116F 11AE;B473;1103 116F 11AE; # (둳; 둳; 둳; 둳; 둳; ) HANGUL SYLLABLE DWEOD +B474;B474;1103 116F 11AF;B474;1103 116F 11AF; # (ë‘´; ë‘´; 둴; ë‘´; 둴; ) HANGUL SYLLABLE DWEOL +B475;B475;1103 116F 11B0;B475;1103 116F 11B0; # (둵; 둵; 둵; 둵; 둵; ) HANGUL SYLLABLE DWEOLG +B476;B476;1103 116F 11B1;B476;1103 116F 11B1; # (둶; 둶; 둶; 둶; 둶; ) HANGUL SYLLABLE DWEOLM +B477;B477;1103 116F 11B2;B477;1103 116F 11B2; # (ë‘·; ë‘·; 둷; ë‘·; 둷; ) HANGUL SYLLABLE DWEOLB +B478;B478;1103 116F 11B3;B478;1103 116F 11B3; # (둸; 둸; 둸; 둸; 둸; ) HANGUL SYLLABLE DWEOLS +B479;B479;1103 116F 11B4;B479;1103 116F 11B4; # (둹; 둹; 둹; 둹; 둹; ) HANGUL SYLLABLE DWEOLT +B47A;B47A;1103 116F 11B5;B47A;1103 116F 11B5; # (둺; 둺; 둺; 둺; 둺; ) HANGUL SYLLABLE DWEOLP +B47B;B47B;1103 116F 11B6;B47B;1103 116F 11B6; # (ë‘»; ë‘»; 둻; ë‘»; 둻; ) HANGUL SYLLABLE DWEOLH +B47C;B47C;1103 116F 11B7;B47C;1103 116F 11B7; # (둼; 둼; 둼; 둼; 둼; ) HANGUL SYLLABLE DWEOM +B47D;B47D;1103 116F 11B8;B47D;1103 116F 11B8; # (둽; 둽; 둽; 둽; 둽; ) HANGUL SYLLABLE DWEOB +B47E;B47E;1103 116F 11B9;B47E;1103 116F 11B9; # (둾; 둾; 둾; 둾; 둾; ) HANGUL SYLLABLE DWEOBS +B47F;B47F;1103 116F 11BA;B47F;1103 116F 11BA; # (ë‘¿; ë‘¿; 둿; ë‘¿; 둿; ) HANGUL SYLLABLE DWEOS +B480;B480;1103 116F 11BB;B480;1103 116F 11BB; # (ë’€; ë’€; 뒀; ë’€; 뒀; ) HANGUL SYLLABLE DWEOSS +B481;B481;1103 116F 11BC;B481;1103 116F 11BC; # (ë’; ë’; 뒁; ë’; 뒁; ) HANGUL SYLLABLE DWEONG +B482;B482;1103 116F 11BD;B482;1103 116F 11BD; # (ë’‚; ë’‚; 뒂; ë’‚; 뒂; ) HANGUL SYLLABLE DWEOJ +B483;B483;1103 116F 11BE;B483;1103 116F 11BE; # (ë’ƒ; ë’ƒ; 뒃; ë’ƒ; 뒃; ) HANGUL SYLLABLE DWEOC +B484;B484;1103 116F 11BF;B484;1103 116F 11BF; # (ë’„; ë’„; 뒄; ë’„; 뒄; ) HANGUL SYLLABLE DWEOK +B485;B485;1103 116F 11C0;B485;1103 116F 11C0; # (ë’…; ë’…; 뒅; ë’…; 뒅; ) HANGUL SYLLABLE DWEOT +B486;B486;1103 116F 11C1;B486;1103 116F 11C1; # (ë’†; ë’†; 둬á‡; ë’†; 둬á‡; ) HANGUL SYLLABLE DWEOP +B487;B487;1103 116F 11C2;B487;1103 116F 11C2; # (ë’‡; ë’‡; 뒇; ë’‡; 뒇; ) HANGUL SYLLABLE DWEOH +B488;B488;1103 1170;B488;1103 1170; # (ë’ˆ; ë’ˆ; 뒈; ë’ˆ; 뒈; ) HANGUL SYLLABLE DWE +B489;B489;1103 1170 11A8;B489;1103 1170 11A8; # (ë’‰; ë’‰; 뒉; ë’‰; 뒉; ) HANGUL SYLLABLE DWEG +B48A;B48A;1103 1170 11A9;B48A;1103 1170 11A9; # (ë’Š; ë’Š; 뒊; ë’Š; 뒊; ) HANGUL SYLLABLE DWEGG +B48B;B48B;1103 1170 11AA;B48B;1103 1170 11AA; # (ë’‹; ë’‹; 뒋; ë’‹; 뒋; ) HANGUL SYLLABLE DWEGS +B48C;B48C;1103 1170 11AB;B48C;1103 1170 11AB; # (ë’Œ; ë’Œ; 뒌; ë’Œ; 뒌; ) HANGUL SYLLABLE DWEN +B48D;B48D;1103 1170 11AC;B48D;1103 1170 11AC; # (ë’; ë’; 뒍; ë’; 뒍; ) HANGUL SYLLABLE DWENJ +B48E;B48E;1103 1170 11AD;B48E;1103 1170 11AD; # (ë’Ž; ë’Ž; 뒎; ë’Ž; 뒎; ) HANGUL SYLLABLE DWENH +B48F;B48F;1103 1170 11AE;B48F;1103 1170 11AE; # (ë’; ë’; 뒏; ë’; 뒏; ) HANGUL SYLLABLE DWED +B490;B490;1103 1170 11AF;B490;1103 1170 11AF; # (ë’; ë’; 뒐; ë’; 뒐; ) HANGUL SYLLABLE DWEL +B491;B491;1103 1170 11B0;B491;1103 1170 11B0; # (ë’‘; ë’‘; 뒑; ë’‘; 뒑; ) HANGUL SYLLABLE DWELG +B492;B492;1103 1170 11B1;B492;1103 1170 11B1; # (ë’’; ë’’; 뒒; ë’’; 뒒; ) HANGUL SYLLABLE DWELM +B493;B493;1103 1170 11B2;B493;1103 1170 11B2; # (ë’“; ë’“; 뒓; ë’“; 뒓; ) HANGUL SYLLABLE DWELB +B494;B494;1103 1170 11B3;B494;1103 1170 11B3; # (ë’”; ë’”; 뒔; ë’”; 뒔; ) HANGUL SYLLABLE DWELS +B495;B495;1103 1170 11B4;B495;1103 1170 11B4; # (ë’•; ë’•; 뒕; ë’•; 뒕; ) HANGUL SYLLABLE DWELT +B496;B496;1103 1170 11B5;B496;1103 1170 11B5; # (ë’–; ë’–; 뒖; ë’–; 뒖; ) HANGUL SYLLABLE DWELP +B497;B497;1103 1170 11B6;B497;1103 1170 11B6; # (ë’—; ë’—; 뒗; ë’—; 뒗; ) HANGUL SYLLABLE DWELH +B498;B498;1103 1170 11B7;B498;1103 1170 11B7; # (ë’˜; ë’˜; 뒘; ë’˜; 뒘; ) HANGUL SYLLABLE DWEM +B499;B499;1103 1170 11B8;B499;1103 1170 11B8; # (ë’™; ë’™; 뒙; ë’™; 뒙; ) HANGUL SYLLABLE DWEB +B49A;B49A;1103 1170 11B9;B49A;1103 1170 11B9; # (ë’š; ë’š; 뒚; ë’š; 뒚; ) HANGUL SYLLABLE DWEBS +B49B;B49B;1103 1170 11BA;B49B;1103 1170 11BA; # (ë’›; ë’›; 뒛; ë’›; 뒛; ) HANGUL SYLLABLE DWES +B49C;B49C;1103 1170 11BB;B49C;1103 1170 11BB; # (ë’œ; ë’œ; 뒜; ë’œ; 뒜; ) HANGUL SYLLABLE DWESS +B49D;B49D;1103 1170 11BC;B49D;1103 1170 11BC; # (ë’; ë’; 뒝; ë’; 뒝; ) HANGUL SYLLABLE DWENG +B49E;B49E;1103 1170 11BD;B49E;1103 1170 11BD; # (ë’ž; ë’ž; 뒞; ë’ž; 뒞; ) HANGUL SYLLABLE DWEJ +B49F;B49F;1103 1170 11BE;B49F;1103 1170 11BE; # (ë’Ÿ; ë’Ÿ; 뒟; ë’Ÿ; 뒟; ) HANGUL SYLLABLE DWEC +B4A0;B4A0;1103 1170 11BF;B4A0;1103 1170 11BF; # (ë’ ; ë’ ; 뒠; ë’ ; 뒠; ) HANGUL SYLLABLE DWEK +B4A1;B4A1;1103 1170 11C0;B4A1;1103 1170 11C0; # (ë’¡; ë’¡; 뒡; ë’¡; 뒡; ) HANGUL SYLLABLE DWET +B4A2;B4A2;1103 1170 11C1;B4A2;1103 1170 11C1; # (ë’¢; ë’¢; 뒈á‡; ë’¢; 뒈á‡; ) HANGUL SYLLABLE DWEP +B4A3;B4A3;1103 1170 11C2;B4A3;1103 1170 11C2; # (ë’£; ë’£; 뒣; ë’£; 뒣; ) HANGUL SYLLABLE DWEH +B4A4;B4A4;1103 1171;B4A4;1103 1171; # (ë’¤; ë’¤; 뒤; ë’¤; 뒤; ) HANGUL SYLLABLE DWI +B4A5;B4A5;1103 1171 11A8;B4A5;1103 1171 11A8; # (ë’¥; ë’¥; 뒥; ë’¥; 뒥; ) HANGUL SYLLABLE DWIG +B4A6;B4A6;1103 1171 11A9;B4A6;1103 1171 11A9; # (ë’¦; ë’¦; 뒦; ë’¦; 뒦; ) HANGUL SYLLABLE DWIGG +B4A7;B4A7;1103 1171 11AA;B4A7;1103 1171 11AA; # (ë’§; ë’§; 뒧; ë’§; 뒧; ) HANGUL SYLLABLE DWIGS +B4A8;B4A8;1103 1171 11AB;B4A8;1103 1171 11AB; # (ë’¨; ë’¨; 뒨; ë’¨; 뒨; ) HANGUL SYLLABLE DWIN +B4A9;B4A9;1103 1171 11AC;B4A9;1103 1171 11AC; # (ë’©; ë’©; 뒩; ë’©; 뒩; ) HANGUL SYLLABLE DWINJ +B4AA;B4AA;1103 1171 11AD;B4AA;1103 1171 11AD; # (ë’ª; ë’ª; 뒪; ë’ª; 뒪; ) HANGUL SYLLABLE DWINH +B4AB;B4AB;1103 1171 11AE;B4AB;1103 1171 11AE; # (ë’«; ë’«; 뒫; ë’«; 뒫; ) HANGUL SYLLABLE DWID +B4AC;B4AC;1103 1171 11AF;B4AC;1103 1171 11AF; # (ë’¬; ë’¬; 뒬; ë’¬; 뒬; ) HANGUL SYLLABLE DWIL +B4AD;B4AD;1103 1171 11B0;B4AD;1103 1171 11B0; # (ë’­; ë’­; 뒭; ë’­; 뒭; ) HANGUL SYLLABLE DWILG +B4AE;B4AE;1103 1171 11B1;B4AE;1103 1171 11B1; # (ë’®; ë’®; 뒮; ë’®; 뒮; ) HANGUL SYLLABLE DWILM +B4AF;B4AF;1103 1171 11B2;B4AF;1103 1171 11B2; # (ë’¯; ë’¯; 뒯; ë’¯; 뒯; ) HANGUL SYLLABLE DWILB +B4B0;B4B0;1103 1171 11B3;B4B0;1103 1171 11B3; # (ë’°; ë’°; 뒰; ë’°; 뒰; ) HANGUL SYLLABLE DWILS +B4B1;B4B1;1103 1171 11B4;B4B1;1103 1171 11B4; # (ë’±; ë’±; 뒱; ë’±; 뒱; ) HANGUL SYLLABLE DWILT +B4B2;B4B2;1103 1171 11B5;B4B2;1103 1171 11B5; # (ë’²; ë’²; 뒲; ë’²; 뒲; ) HANGUL SYLLABLE DWILP +B4B3;B4B3;1103 1171 11B6;B4B3;1103 1171 11B6; # (ë’³; ë’³; 뒳; ë’³; 뒳; ) HANGUL SYLLABLE DWILH +B4B4;B4B4;1103 1171 11B7;B4B4;1103 1171 11B7; # (ë’´; ë’´; 뒴; ë’´; 뒴; ) HANGUL SYLLABLE DWIM +B4B5;B4B5;1103 1171 11B8;B4B5;1103 1171 11B8; # (ë’µ; ë’µ; 뒵; ë’µ; 뒵; ) HANGUL SYLLABLE DWIB +B4B6;B4B6;1103 1171 11B9;B4B6;1103 1171 11B9; # (ë’¶; ë’¶; 뒶; ë’¶; 뒶; ) HANGUL SYLLABLE DWIBS +B4B7;B4B7;1103 1171 11BA;B4B7;1103 1171 11BA; # (ë’·; ë’·; 뒷; ë’·; 뒷; ) HANGUL SYLLABLE DWIS +B4B8;B4B8;1103 1171 11BB;B4B8;1103 1171 11BB; # (ë’¸; ë’¸; 뒸; ë’¸; 뒸; ) HANGUL SYLLABLE DWISS +B4B9;B4B9;1103 1171 11BC;B4B9;1103 1171 11BC; # (ë’¹; ë’¹; 뒹; ë’¹; 뒹; ) HANGUL SYLLABLE DWING +B4BA;B4BA;1103 1171 11BD;B4BA;1103 1171 11BD; # (ë’º; ë’º; 뒺; ë’º; 뒺; ) HANGUL SYLLABLE DWIJ +B4BB;B4BB;1103 1171 11BE;B4BB;1103 1171 11BE; # (ë’»; ë’»; 뒻; ë’»; 뒻; ) HANGUL SYLLABLE DWIC +B4BC;B4BC;1103 1171 11BF;B4BC;1103 1171 11BF; # (ë’¼; ë’¼; 뒼; ë’¼; 뒼; ) HANGUL SYLLABLE DWIK +B4BD;B4BD;1103 1171 11C0;B4BD;1103 1171 11C0; # (ë’½; ë’½; 뒽; ë’½; 뒽; ) HANGUL SYLLABLE DWIT +B4BE;B4BE;1103 1171 11C1;B4BE;1103 1171 11C1; # (ë’¾; ë’¾; 뒤á‡; ë’¾; 뒤á‡; ) HANGUL SYLLABLE DWIP +B4BF;B4BF;1103 1171 11C2;B4BF;1103 1171 11C2; # (ë’¿; ë’¿; 뒿; ë’¿; 뒿; ) HANGUL SYLLABLE DWIH +B4C0;B4C0;1103 1172;B4C0;1103 1172; # (ë“€; ë“€; 듀; ë“€; 듀; ) HANGUL SYLLABLE DYU +B4C1;B4C1;1103 1172 11A8;B4C1;1103 1172 11A8; # (ë“; ë“; 듁; ë“; 듁; ) HANGUL SYLLABLE DYUG +B4C2;B4C2;1103 1172 11A9;B4C2;1103 1172 11A9; # (ë“‚; ë“‚; 듂; ë“‚; 듂; ) HANGUL SYLLABLE DYUGG +B4C3;B4C3;1103 1172 11AA;B4C3;1103 1172 11AA; # (듃; 듃; 듃; 듃; 듃; ) HANGUL SYLLABLE DYUGS +B4C4;B4C4;1103 1172 11AB;B4C4;1103 1172 11AB; # (ë“„; ë“„; 듄; ë“„; 듄; ) HANGUL SYLLABLE DYUN +B4C5;B4C5;1103 1172 11AC;B4C5;1103 1172 11AC; # (ë“…; ë“…; 듅; ë“…; 듅; ) HANGUL SYLLABLE DYUNJ +B4C6;B4C6;1103 1172 11AD;B4C6;1103 1172 11AD; # (듆; 듆; 듆; 듆; 듆; ) HANGUL SYLLABLE DYUNH +B4C7;B4C7;1103 1172 11AE;B4C7;1103 1172 11AE; # (듇; 듇; 듇; 듇; 듇; ) HANGUL SYLLABLE DYUD +B4C8;B4C8;1103 1172 11AF;B4C8;1103 1172 11AF; # (듈; 듈; 듈; 듈; 듈; ) HANGUL SYLLABLE DYUL +B4C9;B4C9;1103 1172 11B0;B4C9;1103 1172 11B0; # (듉; 듉; 듉; 듉; 듉; ) HANGUL SYLLABLE DYULG +B4CA;B4CA;1103 1172 11B1;B4CA;1103 1172 11B1; # (ë“Š; ë“Š; 듊; ë“Š; 듊; ) HANGUL SYLLABLE DYULM +B4CB;B4CB;1103 1172 11B2;B4CB;1103 1172 11B2; # (ë“‹; ë“‹; 듋; ë“‹; 듋; ) HANGUL SYLLABLE DYULB +B4CC;B4CC;1103 1172 11B3;B4CC;1103 1172 11B3; # (ë“Œ; ë“Œ; 듌; ë“Œ; 듌; ) HANGUL SYLLABLE DYULS +B4CD;B4CD;1103 1172 11B4;B4CD;1103 1172 11B4; # (ë“; ë“; 듍; ë“; 듍; ) HANGUL SYLLABLE DYULT +B4CE;B4CE;1103 1172 11B5;B4CE;1103 1172 11B5; # (ë“Ž; ë“Ž; 듎; ë“Ž; 듎; ) HANGUL SYLLABLE DYULP +B4CF;B4CF;1103 1172 11B6;B4CF;1103 1172 11B6; # (ë“; ë“; 듏; ë“; 듏; ) HANGUL SYLLABLE DYULH +B4D0;B4D0;1103 1172 11B7;B4D0;1103 1172 11B7; # (ë“; ë“; 듐; ë“; 듐; ) HANGUL SYLLABLE DYUM +B4D1;B4D1;1103 1172 11B8;B4D1;1103 1172 11B8; # (ë“‘; ë“‘; 듑; ë“‘; 듑; ) HANGUL SYLLABLE DYUB +B4D2;B4D2;1103 1172 11B9;B4D2;1103 1172 11B9; # (ë“’; ë“’; 듒; ë“’; 듒; ) HANGUL SYLLABLE DYUBS +B4D3;B4D3;1103 1172 11BA;B4D3;1103 1172 11BA; # (ë““; ë““; 듓; ë““; 듓; ) HANGUL SYLLABLE DYUS +B4D4;B4D4;1103 1172 11BB;B4D4;1103 1172 11BB; # (ë“”; ë“”; 듔; ë“”; 듔; ) HANGUL SYLLABLE DYUSS +B4D5;B4D5;1103 1172 11BC;B4D5;1103 1172 11BC; # (ë“•; ë“•; 듕; ë“•; 듕; ) HANGUL SYLLABLE DYUNG +B4D6;B4D6;1103 1172 11BD;B4D6;1103 1172 11BD; # (ë“–; ë“–; 듖; ë“–; 듖; ) HANGUL SYLLABLE DYUJ +B4D7;B4D7;1103 1172 11BE;B4D7;1103 1172 11BE; # (ë“—; ë“—; 듗; ë“—; 듗; ) HANGUL SYLLABLE DYUC +B4D8;B4D8;1103 1172 11BF;B4D8;1103 1172 11BF; # (듘; 듘; 듘; 듘; 듘; ) HANGUL SYLLABLE DYUK +B4D9;B4D9;1103 1172 11C0;B4D9;1103 1172 11C0; # (ë“™; ë“™; 듙; ë“™; 듙; ) HANGUL SYLLABLE DYUT +B4DA;B4DA;1103 1172 11C1;B4DA;1103 1172 11C1; # (ë“š; ë“š; 듀á‡; ë“š; 듀á‡; ) HANGUL SYLLABLE DYUP +B4DB;B4DB;1103 1172 11C2;B4DB;1103 1172 11C2; # (ë“›; ë“›; 듛; ë“›; 듛; ) HANGUL SYLLABLE DYUH +B4DC;B4DC;1103 1173;B4DC;1103 1173; # (ë“œ; ë“œ; 드; ë“œ; 드; ) HANGUL SYLLABLE DEU +B4DD;B4DD;1103 1173 11A8;B4DD;1103 1173 11A8; # (ë“; ë“; 득; ë“; 득; ) HANGUL SYLLABLE DEUG +B4DE;B4DE;1103 1173 11A9;B4DE;1103 1173 11A9; # (ë“ž; ë“ž; 듞; ë“ž; 듞; ) HANGUL SYLLABLE DEUGG +B4DF;B4DF;1103 1173 11AA;B4DF;1103 1173 11AA; # (ë“Ÿ; ë“Ÿ; 듟; ë“Ÿ; 듟; ) HANGUL SYLLABLE DEUGS +B4E0;B4E0;1103 1173 11AB;B4E0;1103 1173 11AB; # (ë“ ; ë“ ; 든; ë“ ; 든; ) HANGUL SYLLABLE DEUN +B4E1;B4E1;1103 1173 11AC;B4E1;1103 1173 11AC; # (ë“¡; ë“¡; 듡; ë“¡; 듡; ) HANGUL SYLLABLE DEUNJ +B4E2;B4E2;1103 1173 11AD;B4E2;1103 1173 11AD; # (ë“¢; ë“¢; 듢; ë“¢; 듢; ) HANGUL SYLLABLE DEUNH +B4E3;B4E3;1103 1173 11AE;B4E3;1103 1173 11AE; # (ë“£; ë“£; 듣; ë“£; 듣; ) HANGUL SYLLABLE DEUD +B4E4;B4E4;1103 1173 11AF;B4E4;1103 1173 11AF; # (들; 들; 들; 들; 들; ) HANGUL SYLLABLE DEUL +B4E5;B4E5;1103 1173 11B0;B4E5;1103 1173 11B0; # (ë“¥; ë“¥; 듥; ë“¥; 듥; ) HANGUL SYLLABLE DEULG +B4E6;B4E6;1103 1173 11B1;B4E6;1103 1173 11B1; # (듦; 듦; 듦; 듦; 듦; ) HANGUL SYLLABLE DEULM +B4E7;B4E7;1103 1173 11B2;B4E7;1103 1173 11B2; # (듧; 듧; 듧; 듧; 듧; ) HANGUL SYLLABLE DEULB +B4E8;B4E8;1103 1173 11B3;B4E8;1103 1173 11B3; # (듨; 듨; 듨; 듨; 듨; ) HANGUL SYLLABLE DEULS +B4E9;B4E9;1103 1173 11B4;B4E9;1103 1173 11B4; # (ë“©; ë“©; 듩; ë“©; 듩; ) HANGUL SYLLABLE DEULT +B4EA;B4EA;1103 1173 11B5;B4EA;1103 1173 11B5; # (듪; 듪; 듪; 듪; 듪; ) HANGUL SYLLABLE DEULP +B4EB;B4EB;1103 1173 11B6;B4EB;1103 1173 11B6; # (ë“«; ë“«; 듫; ë“«; 듫; ) HANGUL SYLLABLE DEULH +B4EC;B4EC;1103 1173 11B7;B4EC;1103 1173 11B7; # (듬; 듬; 듬; 듬; 듬; ) HANGUL SYLLABLE DEUM +B4ED;B4ED;1103 1173 11B8;B4ED;1103 1173 11B8; # (ë“­; ë“­; 듭; ë“­; 듭; ) HANGUL SYLLABLE DEUB +B4EE;B4EE;1103 1173 11B9;B4EE;1103 1173 11B9; # (ë“®; ë“®; 듮; ë“®; 듮; ) HANGUL SYLLABLE DEUBS +B4EF;B4EF;1103 1173 11BA;B4EF;1103 1173 11BA; # (듯; 듯; 듯; 듯; 듯; ) HANGUL SYLLABLE DEUS +B4F0;B4F0;1103 1173 11BB;B4F0;1103 1173 11BB; # (ë“°; ë“°; 듰; ë“°; 듰; ) HANGUL SYLLABLE DEUSS +B4F1;B4F1;1103 1173 11BC;B4F1;1103 1173 11BC; # (등; 등; 등; 등; 등; ) HANGUL SYLLABLE DEUNG +B4F2;B4F2;1103 1173 11BD;B4F2;1103 1173 11BD; # (듲; 듲; 듲; 듲; 듲; ) HANGUL SYLLABLE DEUJ +B4F3;B4F3;1103 1173 11BE;B4F3;1103 1173 11BE; # (듳; 듳; 듳; 듳; 듳; ) HANGUL SYLLABLE DEUC +B4F4;B4F4;1103 1173 11BF;B4F4;1103 1173 11BF; # (ë“´; ë“´; 듴; ë“´; 듴; ) HANGUL SYLLABLE DEUK +B4F5;B4F5;1103 1173 11C0;B4F5;1103 1173 11C0; # (듵; 듵; 듵; 듵; 듵; ) HANGUL SYLLABLE DEUT +B4F6;B4F6;1103 1173 11C1;B4F6;1103 1173 11C1; # (듶; 듶; 드á‡; 듶; 드á‡; ) HANGUL SYLLABLE DEUP +B4F7;B4F7;1103 1173 11C2;B4F7;1103 1173 11C2; # (ë“·; ë“·; 듷; ë“·; 듷; ) HANGUL SYLLABLE DEUH +B4F8;B4F8;1103 1174;B4F8;1103 1174; # (듸; 듸; 듸; 듸; 듸; ) HANGUL SYLLABLE DYI +B4F9;B4F9;1103 1174 11A8;B4F9;1103 1174 11A8; # (듹; 듹; 듹; 듹; 듹; ) HANGUL SYLLABLE DYIG +B4FA;B4FA;1103 1174 11A9;B4FA;1103 1174 11A9; # (듺; 듺; 듺; 듺; 듺; ) HANGUL SYLLABLE DYIGG +B4FB;B4FB;1103 1174 11AA;B4FB;1103 1174 11AA; # (ë“»; ë“»; 듻; ë“»; 듻; ) HANGUL SYLLABLE DYIGS +B4FC;B4FC;1103 1174 11AB;B4FC;1103 1174 11AB; # (듼; 듼; 듼; 듼; 듼; ) HANGUL SYLLABLE DYIN +B4FD;B4FD;1103 1174 11AC;B4FD;1103 1174 11AC; # (듽; 듽; 듽; 듽; 듽; ) HANGUL SYLLABLE DYINJ +B4FE;B4FE;1103 1174 11AD;B4FE;1103 1174 11AD; # (듾; 듾; 듾; 듾; 듾; ) HANGUL SYLLABLE DYINH +B4FF;B4FF;1103 1174 11AE;B4FF;1103 1174 11AE; # (ë“¿; ë“¿; 듿; ë“¿; 듿; ) HANGUL SYLLABLE DYID +B500;B500;1103 1174 11AF;B500;1103 1174 11AF; # (딀; 딀; 딀; 딀; 딀; ) HANGUL SYLLABLE DYIL +B501;B501;1103 1174 11B0;B501;1103 1174 11B0; # (ë”; ë”; 딁; ë”; 딁; ) HANGUL SYLLABLE DYILG +B502;B502;1103 1174 11B1;B502;1103 1174 11B1; # (딂; 딂; 딂; 딂; 딂; ) HANGUL SYLLABLE DYILM +B503;B503;1103 1174 11B2;B503;1103 1174 11B2; # (딃; 딃; 딃; 딃; 딃; ) HANGUL SYLLABLE DYILB +B504;B504;1103 1174 11B3;B504;1103 1174 11B3; # (딄; 딄; 딄; 딄; 딄; ) HANGUL SYLLABLE DYILS +B505;B505;1103 1174 11B4;B505;1103 1174 11B4; # (ë”…; ë”…; 딅; ë”…; 딅; ) HANGUL SYLLABLE DYILT +B506;B506;1103 1174 11B5;B506;1103 1174 11B5; # (딆; 딆; 딆; 딆; 딆; ) HANGUL SYLLABLE DYILP +B507;B507;1103 1174 11B6;B507;1103 1174 11B6; # (딇; 딇; 딇; 딇; 딇; ) HANGUL SYLLABLE DYILH +B508;B508;1103 1174 11B7;B508;1103 1174 11B7; # (딈; 딈; 딈; 딈; 딈; ) HANGUL SYLLABLE DYIM +B509;B509;1103 1174 11B8;B509;1103 1174 11B8; # (딉; 딉; 딉; 딉; 딉; ) HANGUL SYLLABLE DYIB +B50A;B50A;1103 1174 11B9;B50A;1103 1174 11B9; # (딊; 딊; 딊; 딊; 딊; ) HANGUL SYLLABLE DYIBS +B50B;B50B;1103 1174 11BA;B50B;1103 1174 11BA; # (딋; 딋; 딋; 딋; 딋; ) HANGUL SYLLABLE DYIS +B50C;B50C;1103 1174 11BB;B50C;1103 1174 11BB; # (딌; 딌; 딌; 딌; 딌; ) HANGUL SYLLABLE DYISS +B50D;B50D;1103 1174 11BC;B50D;1103 1174 11BC; # (ë”; ë”; 딍; ë”; 딍; ) HANGUL SYLLABLE DYING +B50E;B50E;1103 1174 11BD;B50E;1103 1174 11BD; # (딎; 딎; 딎; 딎; 딎; ) HANGUL SYLLABLE DYIJ +B50F;B50F;1103 1174 11BE;B50F;1103 1174 11BE; # (ë”; ë”; 딏; ë”; 딏; ) HANGUL SYLLABLE DYIC +B510;B510;1103 1174 11BF;B510;1103 1174 11BF; # (ë”; ë”; 딐; ë”; 딐; ) HANGUL SYLLABLE DYIK +B511;B511;1103 1174 11C0;B511;1103 1174 11C0; # (딑; 딑; 딑; 딑; 딑; ) HANGUL SYLLABLE DYIT +B512;B512;1103 1174 11C1;B512;1103 1174 11C1; # (ë”’; ë”’; 듸á‡; ë”’; 듸á‡; ) HANGUL SYLLABLE DYIP +B513;B513;1103 1174 11C2;B513;1103 1174 11C2; # (딓; 딓; 딓; 딓; 딓; ) HANGUL SYLLABLE DYIH +B514;B514;1103 1175;B514;1103 1175; # (ë””; ë””; 디; ë””; 디; ) HANGUL SYLLABLE DI +B515;B515;1103 1175 11A8;B515;1103 1175 11A8; # (딕; 딕; 딕; 딕; 딕; ) HANGUL SYLLABLE DIG +B516;B516;1103 1175 11A9;B516;1103 1175 11A9; # (ë”–; ë”–; 딖; ë”–; 딖; ) HANGUL SYLLABLE DIGG +B517;B517;1103 1175 11AA;B517;1103 1175 11AA; # (ë”—; ë”—; 딗; ë”—; 딗; ) HANGUL SYLLABLE DIGS +B518;B518;1103 1175 11AB;B518;1103 1175 11AB; # (딘; 딘; 딘; 딘; 딘; ) HANGUL SYLLABLE DIN +B519;B519;1103 1175 11AC;B519;1103 1175 11AC; # (ë”™; ë”™; 딙; ë”™; 딙; ) HANGUL SYLLABLE DINJ +B51A;B51A;1103 1175 11AD;B51A;1103 1175 11AD; # (딚; 딚; 딚; 딚; 딚; ) HANGUL SYLLABLE DINH +B51B;B51B;1103 1175 11AE;B51B;1103 1175 11AE; # (ë”›; ë”›; 딛; ë”›; 딛; ) HANGUL SYLLABLE DID +B51C;B51C;1103 1175 11AF;B51C;1103 1175 11AF; # (딜; 딜; 딜; 딜; 딜; ) HANGUL SYLLABLE DIL +B51D;B51D;1103 1175 11B0;B51D;1103 1175 11B0; # (ë”; ë”; 딝; ë”; 딝; ) HANGUL SYLLABLE DILG +B51E;B51E;1103 1175 11B1;B51E;1103 1175 11B1; # (딞; 딞; 딞; 딞; 딞; ) HANGUL SYLLABLE DILM +B51F;B51F;1103 1175 11B2;B51F;1103 1175 11B2; # (딟; 딟; 딟; 딟; 딟; ) HANGUL SYLLABLE DILB +B520;B520;1103 1175 11B3;B520;1103 1175 11B3; # (ë” ; ë” ; 딠; ë” ; 딠; ) HANGUL SYLLABLE DILS +B521;B521;1103 1175 11B4;B521;1103 1175 11B4; # (딡; 딡; 딡; 딡; 딡; ) HANGUL SYLLABLE DILT +B522;B522;1103 1175 11B5;B522;1103 1175 11B5; # (딢; 딢; 딢; 딢; 딢; ) HANGUL SYLLABLE DILP +B523;B523;1103 1175 11B6;B523;1103 1175 11B6; # (딣; 딣; 딣; 딣; 딣; ) HANGUL SYLLABLE DILH +B524;B524;1103 1175 11B7;B524;1103 1175 11B7; # (딤; 딤; 딤; 딤; 딤; ) HANGUL SYLLABLE DIM +B525;B525;1103 1175 11B8;B525;1103 1175 11B8; # (딥; 딥; 딥; 딥; 딥; ) HANGUL SYLLABLE DIB +B526;B526;1103 1175 11B9;B526;1103 1175 11B9; # (딦; 딦; 딦; 딦; 딦; ) HANGUL SYLLABLE DIBS +B527;B527;1103 1175 11BA;B527;1103 1175 11BA; # (딧; 딧; 딧; 딧; 딧; ) HANGUL SYLLABLE DIS +B528;B528;1103 1175 11BB;B528;1103 1175 11BB; # (딨; 딨; 딨; 딨; 딨; ) HANGUL SYLLABLE DISS +B529;B529;1103 1175 11BC;B529;1103 1175 11BC; # (딩; 딩; 딩; 딩; 딩; ) HANGUL SYLLABLE DING +B52A;B52A;1103 1175 11BD;B52A;1103 1175 11BD; # (딪; 딪; 딪; 딪; 딪; ) HANGUL SYLLABLE DIJ +B52B;B52B;1103 1175 11BE;B52B;1103 1175 11BE; # (딫; 딫; 딫; 딫; 딫; ) HANGUL SYLLABLE DIC +B52C;B52C;1103 1175 11BF;B52C;1103 1175 11BF; # (딬; 딬; 딬; 딬; 딬; ) HANGUL SYLLABLE DIK +B52D;B52D;1103 1175 11C0;B52D;1103 1175 11C0; # (ë”­; ë”­; 딭; ë”­; 딭; ) HANGUL SYLLABLE DIT +B52E;B52E;1103 1175 11C1;B52E;1103 1175 11C1; # (ë”®; ë”®; 디á‡; ë”®; 디á‡; ) HANGUL SYLLABLE DIP +B52F;B52F;1103 1175 11C2;B52F;1103 1175 11C2; # (딯; 딯; 딯; 딯; 딯; ) HANGUL SYLLABLE DIH +B530;B530;1104 1161;B530;1104 1161; # (ë”°; ë”°; á„„á…¡; ë”°; á„„á…¡; ) HANGUL SYLLABLE DDA +B531;B531;1104 1161 11A8;B531;1104 1161 11A8; # (ë”±; ë”±; 딱; ë”±; 딱; ) HANGUL SYLLABLE DDAG +B532;B532;1104 1161 11A9;B532;1104 1161 11A9; # (딲; 딲; 딲; 딲; 딲; ) HANGUL SYLLABLE DDAGG +B533;B533;1104 1161 11AA;B533;1104 1161 11AA; # (딳; 딳; 딳; 딳; 딳; ) HANGUL SYLLABLE DDAGS +B534;B534;1104 1161 11AB;B534;1104 1161 11AB; # (ë”´; ë”´; 딴; ë”´; 딴; ) HANGUL SYLLABLE DDAN +B535;B535;1104 1161 11AC;B535;1104 1161 11AC; # (딵; 딵; 딵; 딵; 딵; ) HANGUL SYLLABLE DDANJ +B536;B536;1104 1161 11AD;B536;1104 1161 11AD; # (딶; 딶; 딶; 딶; 딶; ) HANGUL SYLLABLE DDANH +B537;B537;1104 1161 11AE;B537;1104 1161 11AE; # (ë”·; ë”·; 딷; ë”·; 딷; ) HANGUL SYLLABLE DDAD +B538;B538;1104 1161 11AF;B538;1104 1161 11AF; # (딸; 딸; 딸; 딸; 딸; ) HANGUL SYLLABLE DDAL +B539;B539;1104 1161 11B0;B539;1104 1161 11B0; # (딹; 딹; 딹; 딹; 딹; ) HANGUL SYLLABLE DDALG +B53A;B53A;1104 1161 11B1;B53A;1104 1161 11B1; # (딺; 딺; 딺; 딺; 딺; ) HANGUL SYLLABLE DDALM +B53B;B53B;1104 1161 11B2;B53B;1104 1161 11B2; # (ë”»; ë”»; 딻; ë”»; 딻; ) HANGUL SYLLABLE DDALB +B53C;B53C;1104 1161 11B3;B53C;1104 1161 11B3; # (딼; 딼; 딼; 딼; 딼; ) HANGUL SYLLABLE DDALS +B53D;B53D;1104 1161 11B4;B53D;1104 1161 11B4; # (딽; 딽; 딽; 딽; 딽; ) HANGUL SYLLABLE DDALT +B53E;B53E;1104 1161 11B5;B53E;1104 1161 11B5; # (딾; 딾; 딾; 딾; 딾; ) HANGUL SYLLABLE DDALP +B53F;B53F;1104 1161 11B6;B53F;1104 1161 11B6; # (딿; 딿; 딿; 딿; 딿; ) HANGUL SYLLABLE DDALH +B540;B540;1104 1161 11B7;B540;1104 1161 11B7; # (ë•€; ë•€; 땀; ë•€; 땀; ) HANGUL SYLLABLE DDAM +B541;B541;1104 1161 11B8;B541;1104 1161 11B8; # (ë•; ë•; 땁; ë•; 땁; ) HANGUL SYLLABLE DDAB +B542;B542;1104 1161 11B9;B542;1104 1161 11B9; # (ë•‚; ë•‚; 땂; ë•‚; 땂; ) HANGUL SYLLABLE DDABS +B543;B543;1104 1161 11BA;B543;1104 1161 11BA; # (땃; 땃; 땃; 땃; 땃; ) HANGUL SYLLABLE DDAS +B544;B544;1104 1161 11BB;B544;1104 1161 11BB; # (ë•„; ë•„; 땄; ë•„; 땄; ) HANGUL SYLLABLE DDASS +B545;B545;1104 1161 11BC;B545;1104 1161 11BC; # (ë•…; ë•…; 땅; ë•…; 땅; ) HANGUL SYLLABLE DDANG +B546;B546;1104 1161 11BD;B546;1104 1161 11BD; # (땆; 땆; 땆; 땆; 땆; ) HANGUL SYLLABLE DDAJ +B547;B547;1104 1161 11BE;B547;1104 1161 11BE; # (땇; 땇; 땇; 땇; 땇; ) HANGUL SYLLABLE DDAC +B548;B548;1104 1161 11BF;B548;1104 1161 11BF; # (땈; 땈; 땈; 땈; 땈; ) HANGUL SYLLABLE DDAK +B549;B549;1104 1161 11C0;B549;1104 1161 11C0; # (땉; 땉; 땉; 땉; 땉; ) HANGUL SYLLABLE DDAT +B54A;B54A;1104 1161 11C1;B54A;1104 1161 11C1; # (ë•Š; ë•Š; á„„á…¡á‡; ë•Š; á„„á…¡á‡; ) HANGUL SYLLABLE DDAP +B54B;B54B;1104 1161 11C2;B54B;1104 1161 11C2; # (ë•‹; ë•‹; 땋; ë•‹; 땋; ) HANGUL SYLLABLE DDAH +B54C;B54C;1104 1162;B54C;1104 1162; # (ë•Œ; ë•Œ; á„„á…¢; ë•Œ; á„„á…¢; ) HANGUL SYLLABLE DDAE +B54D;B54D;1104 1162 11A8;B54D;1104 1162 11A8; # (ë•; ë•; 땍; ë•; 땍; ) HANGUL SYLLABLE DDAEG +B54E;B54E;1104 1162 11A9;B54E;1104 1162 11A9; # (ë•Ž; ë•Ž; 땎; ë•Ž; 땎; ) HANGUL SYLLABLE DDAEGG +B54F;B54F;1104 1162 11AA;B54F;1104 1162 11AA; # (ë•; ë•; 땏; ë•; 땏; ) HANGUL SYLLABLE DDAEGS +B550;B550;1104 1162 11AB;B550;1104 1162 11AB; # (ë•; ë•; 땐; ë•; 땐; ) HANGUL SYLLABLE DDAEN +B551;B551;1104 1162 11AC;B551;1104 1162 11AC; # (ë•‘; ë•‘; 땑; ë•‘; 땑; ) HANGUL SYLLABLE DDAENJ +B552;B552;1104 1162 11AD;B552;1104 1162 11AD; # (ë•’; ë•’; 땒; ë•’; 땒; ) HANGUL SYLLABLE DDAENH +B553;B553;1104 1162 11AE;B553;1104 1162 11AE; # (ë•“; ë•“; 땓; ë•“; 땓; ) HANGUL SYLLABLE DDAED +B554;B554;1104 1162 11AF;B554;1104 1162 11AF; # (ë•”; ë•”; 땔; ë•”; 땔; ) HANGUL SYLLABLE DDAEL +B555;B555;1104 1162 11B0;B555;1104 1162 11B0; # (ë••; ë••; 땕; ë••; 땕; ) HANGUL SYLLABLE DDAELG +B556;B556;1104 1162 11B1;B556;1104 1162 11B1; # (ë•–; ë•–; 땖; ë•–; 땖; ) HANGUL SYLLABLE DDAELM +B557;B557;1104 1162 11B2;B557;1104 1162 11B2; # (ë•—; ë•—; 땗; ë•—; 땗; ) HANGUL SYLLABLE DDAELB +B558;B558;1104 1162 11B3;B558;1104 1162 11B3; # (땘; 땘; 땘; 땘; 땘; ) HANGUL SYLLABLE DDAELS +B559;B559;1104 1162 11B4;B559;1104 1162 11B4; # (ë•™; ë•™; 땙; ë•™; 땙; ) HANGUL SYLLABLE DDAELT +B55A;B55A;1104 1162 11B5;B55A;1104 1162 11B5; # (ë•š; ë•š; 땚; ë•š; 땚; ) HANGUL SYLLABLE DDAELP +B55B;B55B;1104 1162 11B6;B55B;1104 1162 11B6; # (ë•›; ë•›; 땛; ë•›; 땛; ) HANGUL SYLLABLE DDAELH +B55C;B55C;1104 1162 11B7;B55C;1104 1162 11B7; # (ë•œ; ë•œ; 땜; ë•œ; 땜; ) HANGUL SYLLABLE DDAEM +B55D;B55D;1104 1162 11B8;B55D;1104 1162 11B8; # (ë•; ë•; 땝; ë•; 땝; ) HANGUL SYLLABLE DDAEB +B55E;B55E;1104 1162 11B9;B55E;1104 1162 11B9; # (ë•ž; ë•ž; 땞; ë•ž; 땞; ) HANGUL SYLLABLE DDAEBS +B55F;B55F;1104 1162 11BA;B55F;1104 1162 11BA; # (ë•Ÿ; ë•Ÿ; 땟; ë•Ÿ; 땟; ) HANGUL SYLLABLE DDAES +B560;B560;1104 1162 11BB;B560;1104 1162 11BB; # (ë• ; ë• ; 땠; ë• ; 땠; ) HANGUL SYLLABLE DDAESS +B561;B561;1104 1162 11BC;B561;1104 1162 11BC; # (ë•¡; ë•¡; 땡; ë•¡; 땡; ) HANGUL SYLLABLE DDAENG +B562;B562;1104 1162 11BD;B562;1104 1162 11BD; # (ë•¢; ë•¢; 땢; ë•¢; 땢; ) HANGUL SYLLABLE DDAEJ +B563;B563;1104 1162 11BE;B563;1104 1162 11BE; # (ë•£; ë•£; 땣; ë•£; 땣; ) HANGUL SYLLABLE DDAEC +B564;B564;1104 1162 11BF;B564;1104 1162 11BF; # (땤; 땤; 땤; 땤; 땤; ) HANGUL SYLLABLE DDAEK +B565;B565;1104 1162 11C0;B565;1104 1162 11C0; # (ë•¥; ë•¥; 땥; ë•¥; 땥; ) HANGUL SYLLABLE DDAET +B566;B566;1104 1162 11C1;B566;1104 1162 11C1; # (땦; 땦; á„„á…¢á‡; 땦; á„„á…¢á‡; ) HANGUL SYLLABLE DDAEP +B567;B567;1104 1162 11C2;B567;1104 1162 11C2; # (땧; 땧; 땧; 땧; 땧; ) HANGUL SYLLABLE DDAEH +B568;B568;1104 1163;B568;1104 1163; # (땨; 땨; á„„á…£; 땨; á„„á…£; ) HANGUL SYLLABLE DDYA +B569;B569;1104 1163 11A8;B569;1104 1163 11A8; # (ë•©; ë•©; 땩; ë•©; 땩; ) HANGUL SYLLABLE DDYAG +B56A;B56A;1104 1163 11A9;B56A;1104 1163 11A9; # (땪; 땪; 땪; 땪; 땪; ) HANGUL SYLLABLE DDYAGG +B56B;B56B;1104 1163 11AA;B56B;1104 1163 11AA; # (ë•«; ë•«; 땫; ë•«; 땫; ) HANGUL SYLLABLE DDYAGS +B56C;B56C;1104 1163 11AB;B56C;1104 1163 11AB; # (땬; 땬; 땬; 땬; 땬; ) HANGUL SYLLABLE DDYAN +B56D;B56D;1104 1163 11AC;B56D;1104 1163 11AC; # (ë•­; ë•­; 땭; ë•­; 땭; ) HANGUL SYLLABLE DDYANJ +B56E;B56E;1104 1163 11AD;B56E;1104 1163 11AD; # (ë•®; ë•®; 땮; ë•®; 땮; ) HANGUL SYLLABLE DDYANH +B56F;B56F;1104 1163 11AE;B56F;1104 1163 11AE; # (땯; 땯; 땯; 땯; 땯; ) HANGUL SYLLABLE DDYAD +B570;B570;1104 1163 11AF;B570;1104 1163 11AF; # (ë•°; ë•°; 땰; ë•°; 땰; ) HANGUL SYLLABLE DDYAL +B571;B571;1104 1163 11B0;B571;1104 1163 11B0; # (땱; 땱; 땱; 땱; 땱; ) HANGUL SYLLABLE DDYALG +B572;B572;1104 1163 11B1;B572;1104 1163 11B1; # (땲; 땲; 땲; 땲; 땲; ) HANGUL SYLLABLE DDYALM +B573;B573;1104 1163 11B2;B573;1104 1163 11B2; # (땳; 땳; 땳; 땳; 땳; ) HANGUL SYLLABLE DDYALB +B574;B574;1104 1163 11B3;B574;1104 1163 11B3; # (ë•´; ë•´; 땴; ë•´; 땴; ) HANGUL SYLLABLE DDYALS +B575;B575;1104 1163 11B4;B575;1104 1163 11B4; # (땵; 땵; 땵; 땵; 땵; ) HANGUL SYLLABLE DDYALT +B576;B576;1104 1163 11B5;B576;1104 1163 11B5; # (땶; 땶; 땶; 땶; 땶; ) HANGUL SYLLABLE DDYALP +B577;B577;1104 1163 11B6;B577;1104 1163 11B6; # (ë•·; ë•·; 땷; ë•·; 땷; ) HANGUL SYLLABLE DDYALH +B578;B578;1104 1163 11B7;B578;1104 1163 11B7; # (땸; 땸; 땸; 땸; 땸; ) HANGUL SYLLABLE DDYAM +B579;B579;1104 1163 11B8;B579;1104 1163 11B8; # (땹; 땹; 땹; 땹; 땹; ) HANGUL SYLLABLE DDYAB +B57A;B57A;1104 1163 11B9;B57A;1104 1163 11B9; # (땺; 땺; 땺; 땺; 땺; ) HANGUL SYLLABLE DDYABS +B57B;B57B;1104 1163 11BA;B57B;1104 1163 11BA; # (ë•»; ë•»; 땻; ë•»; 땻; ) HANGUL SYLLABLE DDYAS +B57C;B57C;1104 1163 11BB;B57C;1104 1163 11BB; # (땼; 땼; 땼; 땼; 땼; ) HANGUL SYLLABLE DDYASS +B57D;B57D;1104 1163 11BC;B57D;1104 1163 11BC; # (땽; 땽; 땽; 땽; 땽; ) HANGUL SYLLABLE DDYANG +B57E;B57E;1104 1163 11BD;B57E;1104 1163 11BD; # (땾; 땾; 땾; 땾; 땾; ) HANGUL SYLLABLE DDYAJ +B57F;B57F;1104 1163 11BE;B57F;1104 1163 11BE; # (ë•¿; ë•¿; 땿; ë•¿; 땿; ) HANGUL SYLLABLE DDYAC +B580;B580;1104 1163 11BF;B580;1104 1163 11BF; # (ë–€; ë–€; 떀; ë–€; 떀; ) HANGUL SYLLABLE DDYAK +B581;B581;1104 1163 11C0;B581;1104 1163 11C0; # (ë–; ë–; 떁; ë–; 떁; ) HANGUL SYLLABLE DDYAT +B582;B582;1104 1163 11C1;B582;1104 1163 11C1; # (ë–‚; ë–‚; á„„á…£á‡; ë–‚; á„„á…£á‡; ) HANGUL SYLLABLE DDYAP +B583;B583;1104 1163 11C2;B583;1104 1163 11C2; # (ë–ƒ; ë–ƒ; 떃; ë–ƒ; 떃; ) HANGUL SYLLABLE DDYAH +B584;B584;1104 1164;B584;1104 1164; # (ë–„; ë–„; á„„á…¤; ë–„; á„„á…¤; ) HANGUL SYLLABLE DDYAE +B585;B585;1104 1164 11A8;B585;1104 1164 11A8; # (ë–…; ë–…; 떅; ë–…; 떅; ) HANGUL SYLLABLE DDYAEG +B586;B586;1104 1164 11A9;B586;1104 1164 11A9; # (ë–†; ë–†; 떆; ë–†; 떆; ) HANGUL SYLLABLE DDYAEGG +B587;B587;1104 1164 11AA;B587;1104 1164 11AA; # (ë–‡; ë–‡; 떇; ë–‡; 떇; ) HANGUL SYLLABLE DDYAEGS +B588;B588;1104 1164 11AB;B588;1104 1164 11AB; # (ë–ˆ; ë–ˆ; 떈; ë–ˆ; 떈; ) HANGUL SYLLABLE DDYAEN +B589;B589;1104 1164 11AC;B589;1104 1164 11AC; # (ë–‰; ë–‰; 떉; ë–‰; 떉; ) HANGUL SYLLABLE DDYAENJ +B58A;B58A;1104 1164 11AD;B58A;1104 1164 11AD; # (ë–Š; ë–Š; 떊; ë–Š; 떊; ) HANGUL SYLLABLE DDYAENH +B58B;B58B;1104 1164 11AE;B58B;1104 1164 11AE; # (ë–‹; ë–‹; 떋; ë–‹; 떋; ) HANGUL SYLLABLE DDYAED +B58C;B58C;1104 1164 11AF;B58C;1104 1164 11AF; # (ë–Œ; ë–Œ; 떌; ë–Œ; 떌; ) HANGUL SYLLABLE DDYAEL +B58D;B58D;1104 1164 11B0;B58D;1104 1164 11B0; # (ë–; ë–; 떍; ë–; 떍; ) HANGUL SYLLABLE DDYAELG +B58E;B58E;1104 1164 11B1;B58E;1104 1164 11B1; # (ë–Ž; ë–Ž; 떎; ë–Ž; 떎; ) HANGUL SYLLABLE DDYAELM +B58F;B58F;1104 1164 11B2;B58F;1104 1164 11B2; # (ë–; ë–; 떏; ë–; 떏; ) HANGUL SYLLABLE DDYAELB +B590;B590;1104 1164 11B3;B590;1104 1164 11B3; # (ë–; ë–; 떐; ë–; 떐; ) HANGUL SYLLABLE DDYAELS +B591;B591;1104 1164 11B4;B591;1104 1164 11B4; # (ë–‘; ë–‘; 떑; ë–‘; 떑; ) HANGUL SYLLABLE DDYAELT +B592;B592;1104 1164 11B5;B592;1104 1164 11B5; # (ë–’; ë–’; 떒; ë–’; 떒; ) HANGUL SYLLABLE DDYAELP +B593;B593;1104 1164 11B6;B593;1104 1164 11B6; # (ë–“; ë–“; 떓; ë–“; 떓; ) HANGUL SYLLABLE DDYAELH +B594;B594;1104 1164 11B7;B594;1104 1164 11B7; # (ë–”; ë–”; 떔; ë–”; 떔; ) HANGUL SYLLABLE DDYAEM +B595;B595;1104 1164 11B8;B595;1104 1164 11B8; # (ë–•; ë–•; 떕; ë–•; 떕; ) HANGUL SYLLABLE DDYAEB +B596;B596;1104 1164 11B9;B596;1104 1164 11B9; # (ë––; ë––; 떖; ë––; 떖; ) HANGUL SYLLABLE DDYAEBS +B597;B597;1104 1164 11BA;B597;1104 1164 11BA; # (ë–—; ë–—; 떗; ë–—; 떗; ) HANGUL SYLLABLE DDYAES +B598;B598;1104 1164 11BB;B598;1104 1164 11BB; # (ë–˜; ë–˜; 떘; ë–˜; 떘; ) HANGUL SYLLABLE DDYAESS +B599;B599;1104 1164 11BC;B599;1104 1164 11BC; # (ë–™; ë–™; 떙; ë–™; 떙; ) HANGUL SYLLABLE DDYAENG +B59A;B59A;1104 1164 11BD;B59A;1104 1164 11BD; # (ë–š; ë–š; 떚; ë–š; 떚; ) HANGUL SYLLABLE DDYAEJ +B59B;B59B;1104 1164 11BE;B59B;1104 1164 11BE; # (ë–›; ë–›; 떛; ë–›; 떛; ) HANGUL SYLLABLE DDYAEC +B59C;B59C;1104 1164 11BF;B59C;1104 1164 11BF; # (ë–œ; ë–œ; 떜; ë–œ; 떜; ) HANGUL SYLLABLE DDYAEK +B59D;B59D;1104 1164 11C0;B59D;1104 1164 11C0; # (ë–; ë–; 떝; ë–; 떝; ) HANGUL SYLLABLE DDYAET +B59E;B59E;1104 1164 11C1;B59E;1104 1164 11C1; # (ë–ž; ë–ž; á„„á…¤á‡; ë–ž; á„„á…¤á‡; ) HANGUL SYLLABLE DDYAEP +B59F;B59F;1104 1164 11C2;B59F;1104 1164 11C2; # (ë–Ÿ; ë–Ÿ; 떟; ë–Ÿ; 떟; ) HANGUL SYLLABLE DDYAEH +B5A0;B5A0;1104 1165;B5A0;1104 1165; # (ë– ; ë– ; á„„á…¥; ë– ; á„„á…¥; ) HANGUL SYLLABLE DDEO +B5A1;B5A1;1104 1165 11A8;B5A1;1104 1165 11A8; # (ë–¡; ë–¡; 떡; ë–¡; 떡; ) HANGUL SYLLABLE DDEOG +B5A2;B5A2;1104 1165 11A9;B5A2;1104 1165 11A9; # (ë–¢; ë–¢; 떢; ë–¢; 떢; ) HANGUL SYLLABLE DDEOGG +B5A3;B5A3;1104 1165 11AA;B5A3;1104 1165 11AA; # (ë–£; ë–£; 떣; ë–£; 떣; ) HANGUL SYLLABLE DDEOGS +B5A4;B5A4;1104 1165 11AB;B5A4;1104 1165 11AB; # (ë–¤; ë–¤; 떤; ë–¤; 떤; ) HANGUL SYLLABLE DDEON +B5A5;B5A5;1104 1165 11AC;B5A5;1104 1165 11AC; # (ë–¥; ë–¥; 떥; ë–¥; 떥; ) HANGUL SYLLABLE DDEONJ +B5A6;B5A6;1104 1165 11AD;B5A6;1104 1165 11AD; # (ë–¦; ë–¦; 떦; ë–¦; 떦; ) HANGUL SYLLABLE DDEONH +B5A7;B5A7;1104 1165 11AE;B5A7;1104 1165 11AE; # (ë–§; ë–§; 떧; ë–§; 떧; ) HANGUL SYLLABLE DDEOD +B5A8;B5A8;1104 1165 11AF;B5A8;1104 1165 11AF; # (ë–¨; ë–¨; 떨; ë–¨; 떨; ) HANGUL SYLLABLE DDEOL +B5A9;B5A9;1104 1165 11B0;B5A9;1104 1165 11B0; # (ë–©; ë–©; 떩; ë–©; 떩; ) HANGUL SYLLABLE DDEOLG +B5AA;B5AA;1104 1165 11B1;B5AA;1104 1165 11B1; # (ë–ª; ë–ª; 떪; ë–ª; 떪; ) HANGUL SYLLABLE DDEOLM +B5AB;B5AB;1104 1165 11B2;B5AB;1104 1165 11B2; # (ë–«; ë–«; 떫; ë–«; 떫; ) HANGUL SYLLABLE DDEOLB +B5AC;B5AC;1104 1165 11B3;B5AC;1104 1165 11B3; # (ë–¬; ë–¬; 떬; ë–¬; 떬; ) HANGUL SYLLABLE DDEOLS +B5AD;B5AD;1104 1165 11B4;B5AD;1104 1165 11B4; # (ë–­; ë–­; 떭; ë–­; 떭; ) HANGUL SYLLABLE DDEOLT +B5AE;B5AE;1104 1165 11B5;B5AE;1104 1165 11B5; # (ë–®; ë–®; 떮; ë–®; 떮; ) HANGUL SYLLABLE DDEOLP +B5AF;B5AF;1104 1165 11B6;B5AF;1104 1165 11B6; # (ë–¯; ë–¯; 떯; ë–¯; 떯; ) HANGUL SYLLABLE DDEOLH +B5B0;B5B0;1104 1165 11B7;B5B0;1104 1165 11B7; # (ë–°; ë–°; 떰; ë–°; 떰; ) HANGUL SYLLABLE DDEOM +B5B1;B5B1;1104 1165 11B8;B5B1;1104 1165 11B8; # (ë–±; ë–±; 떱; ë–±; 떱; ) HANGUL SYLLABLE DDEOB +B5B2;B5B2;1104 1165 11B9;B5B2;1104 1165 11B9; # (ë–²; ë–²; 떲; ë–²; 떲; ) HANGUL SYLLABLE DDEOBS +B5B3;B5B3;1104 1165 11BA;B5B3;1104 1165 11BA; # (ë–³; ë–³; 떳; ë–³; 떳; ) HANGUL SYLLABLE DDEOS +B5B4;B5B4;1104 1165 11BB;B5B4;1104 1165 11BB; # (ë–´; ë–´; 떴; ë–´; 떴; ) HANGUL SYLLABLE DDEOSS +B5B5;B5B5;1104 1165 11BC;B5B5;1104 1165 11BC; # (ë–µ; ë–µ; 떵; ë–µ; 떵; ) HANGUL SYLLABLE DDEONG +B5B6;B5B6;1104 1165 11BD;B5B6;1104 1165 11BD; # (ë–¶; ë–¶; 떶; ë–¶; 떶; ) HANGUL SYLLABLE DDEOJ +B5B7;B5B7;1104 1165 11BE;B5B7;1104 1165 11BE; # (ë–·; ë–·; 떷; ë–·; 떷; ) HANGUL SYLLABLE DDEOC +B5B8;B5B8;1104 1165 11BF;B5B8;1104 1165 11BF; # (ë–¸; ë–¸; 떸; ë–¸; 떸; ) HANGUL SYLLABLE DDEOK +B5B9;B5B9;1104 1165 11C0;B5B9;1104 1165 11C0; # (ë–¹; ë–¹; 떹; ë–¹; 떹; ) HANGUL SYLLABLE DDEOT +B5BA;B5BA;1104 1165 11C1;B5BA;1104 1165 11C1; # (ë–º; ë–º; á„„á…¥á‡; ë–º; á„„á…¥á‡; ) HANGUL SYLLABLE DDEOP +B5BB;B5BB;1104 1165 11C2;B5BB;1104 1165 11C2; # (ë–»; ë–»; 떻; ë–»; 떻; ) HANGUL SYLLABLE DDEOH +B5BC;B5BC;1104 1166;B5BC;1104 1166; # (ë–¼; ë–¼; á„„á…¦; ë–¼; á„„á…¦; ) HANGUL SYLLABLE DDE +B5BD;B5BD;1104 1166 11A8;B5BD;1104 1166 11A8; # (ë–½; ë–½; 떽; ë–½; 떽; ) HANGUL SYLLABLE DDEG +B5BE;B5BE;1104 1166 11A9;B5BE;1104 1166 11A9; # (ë–¾; ë–¾; 떾; ë–¾; 떾; ) HANGUL SYLLABLE DDEGG +B5BF;B5BF;1104 1166 11AA;B5BF;1104 1166 11AA; # (ë–¿; ë–¿; 떿; ë–¿; 떿; ) HANGUL SYLLABLE DDEGS +B5C0;B5C0;1104 1166 11AB;B5C0;1104 1166 11AB; # (ë—€; ë—€; 뗀; ë—€; 뗀; ) HANGUL SYLLABLE DDEN +B5C1;B5C1;1104 1166 11AC;B5C1;1104 1166 11AC; # (ë—; ë—; 뗁; ë—; 뗁; ) HANGUL SYLLABLE DDENJ +B5C2;B5C2;1104 1166 11AD;B5C2;1104 1166 11AD; # (ë—‚; ë—‚; 뗂; ë—‚; 뗂; ) HANGUL SYLLABLE DDENH +B5C3;B5C3;1104 1166 11AE;B5C3;1104 1166 11AE; # (ë—ƒ; ë—ƒ; 뗃; ë—ƒ; 뗃; ) HANGUL SYLLABLE DDED +B5C4;B5C4;1104 1166 11AF;B5C4;1104 1166 11AF; # (ë—„; ë—„; 뗄; ë—„; 뗄; ) HANGUL SYLLABLE DDEL +B5C5;B5C5;1104 1166 11B0;B5C5;1104 1166 11B0; # (ë—…; ë—…; 뗅; ë—…; 뗅; ) HANGUL SYLLABLE DDELG +B5C6;B5C6;1104 1166 11B1;B5C6;1104 1166 11B1; # (ë—†; ë—†; 뗆; ë—†; 뗆; ) HANGUL SYLLABLE DDELM +B5C7;B5C7;1104 1166 11B2;B5C7;1104 1166 11B2; # (ë—‡; ë—‡; 뗇; ë—‡; 뗇; ) HANGUL SYLLABLE DDELB +B5C8;B5C8;1104 1166 11B3;B5C8;1104 1166 11B3; # (ë—ˆ; ë—ˆ; 뗈; ë—ˆ; 뗈; ) HANGUL SYLLABLE DDELS +B5C9;B5C9;1104 1166 11B4;B5C9;1104 1166 11B4; # (ë—‰; ë—‰; 뗉; ë—‰; 뗉; ) HANGUL SYLLABLE DDELT +B5CA;B5CA;1104 1166 11B5;B5CA;1104 1166 11B5; # (ë—Š; ë—Š; 뗊; ë—Š; 뗊; ) HANGUL SYLLABLE DDELP +B5CB;B5CB;1104 1166 11B6;B5CB;1104 1166 11B6; # (ë—‹; ë—‹; 뗋; ë—‹; 뗋; ) HANGUL SYLLABLE DDELH +B5CC;B5CC;1104 1166 11B7;B5CC;1104 1166 11B7; # (ë—Œ; ë—Œ; 뗌; ë—Œ; 뗌; ) HANGUL SYLLABLE DDEM +B5CD;B5CD;1104 1166 11B8;B5CD;1104 1166 11B8; # (ë—; ë—; 뗍; ë—; 뗍; ) HANGUL SYLLABLE DDEB +B5CE;B5CE;1104 1166 11B9;B5CE;1104 1166 11B9; # (ë—Ž; ë—Ž; 뗎; ë—Ž; 뗎; ) HANGUL SYLLABLE DDEBS +B5CF;B5CF;1104 1166 11BA;B5CF;1104 1166 11BA; # (ë—; ë—; 뗏; ë—; 뗏; ) HANGUL SYLLABLE DDES +B5D0;B5D0;1104 1166 11BB;B5D0;1104 1166 11BB; # (ë—; ë—; 뗐; ë—; 뗐; ) HANGUL SYLLABLE DDESS +B5D1;B5D1;1104 1166 11BC;B5D1;1104 1166 11BC; # (ë—‘; ë—‘; 뗑; ë—‘; 뗑; ) HANGUL SYLLABLE DDENG +B5D2;B5D2;1104 1166 11BD;B5D2;1104 1166 11BD; # (ë—’; ë—’; 뗒; ë—’; 뗒; ) HANGUL SYLLABLE DDEJ +B5D3;B5D3;1104 1166 11BE;B5D3;1104 1166 11BE; # (ë—“; ë—“; 뗓; ë—“; 뗓; ) HANGUL SYLLABLE DDEC +B5D4;B5D4;1104 1166 11BF;B5D4;1104 1166 11BF; # (ë—”; ë—”; 뗔; ë—”; 뗔; ) HANGUL SYLLABLE DDEK +B5D5;B5D5;1104 1166 11C0;B5D5;1104 1166 11C0; # (ë—•; ë—•; 뗕; ë—•; 뗕; ) HANGUL SYLLABLE DDET +B5D6;B5D6;1104 1166 11C1;B5D6;1104 1166 11C1; # (ë—–; ë—–; á„„á…¦á‡; ë—–; á„„á…¦á‡; ) HANGUL SYLLABLE DDEP +B5D7;B5D7;1104 1166 11C2;B5D7;1104 1166 11C2; # (ë——; ë——; 뗗; ë——; 뗗; ) HANGUL SYLLABLE DDEH +B5D8;B5D8;1104 1167;B5D8;1104 1167; # (ë—˜; ë—˜; á„„á…§; ë—˜; á„„á…§; ) HANGUL SYLLABLE DDYEO +B5D9;B5D9;1104 1167 11A8;B5D9;1104 1167 11A8; # (ë—™; ë—™; 뗙; ë—™; 뗙; ) HANGUL SYLLABLE DDYEOG +B5DA;B5DA;1104 1167 11A9;B5DA;1104 1167 11A9; # (ë—š; ë—š; 뗚; ë—š; 뗚; ) HANGUL SYLLABLE DDYEOGG +B5DB;B5DB;1104 1167 11AA;B5DB;1104 1167 11AA; # (ë—›; ë—›; 뗛; ë—›; 뗛; ) HANGUL SYLLABLE DDYEOGS +B5DC;B5DC;1104 1167 11AB;B5DC;1104 1167 11AB; # (ë—œ; ë—œ; 뗜; ë—œ; 뗜; ) HANGUL SYLLABLE DDYEON +B5DD;B5DD;1104 1167 11AC;B5DD;1104 1167 11AC; # (ë—; ë—; 뗝; ë—; 뗝; ) HANGUL SYLLABLE DDYEONJ +B5DE;B5DE;1104 1167 11AD;B5DE;1104 1167 11AD; # (ë—ž; ë—ž; 뗞; ë—ž; 뗞; ) HANGUL SYLLABLE DDYEONH +B5DF;B5DF;1104 1167 11AE;B5DF;1104 1167 11AE; # (ë—Ÿ; ë—Ÿ; 뗟; ë—Ÿ; 뗟; ) HANGUL SYLLABLE DDYEOD +B5E0;B5E0;1104 1167 11AF;B5E0;1104 1167 11AF; # (ë— ; ë— ; 뗠; ë— ; 뗠; ) HANGUL SYLLABLE DDYEOL +B5E1;B5E1;1104 1167 11B0;B5E1;1104 1167 11B0; # (ë—¡; ë—¡; 뗡; ë—¡; 뗡; ) HANGUL SYLLABLE DDYEOLG +B5E2;B5E2;1104 1167 11B1;B5E2;1104 1167 11B1; # (ë—¢; ë—¢; 뗢; ë—¢; 뗢; ) HANGUL SYLLABLE DDYEOLM +B5E3;B5E3;1104 1167 11B2;B5E3;1104 1167 11B2; # (ë—£; ë—£; 뗣; ë—£; 뗣; ) HANGUL SYLLABLE DDYEOLB +B5E4;B5E4;1104 1167 11B3;B5E4;1104 1167 11B3; # (ë—¤; ë—¤; 뗤; ë—¤; 뗤; ) HANGUL SYLLABLE DDYEOLS +B5E5;B5E5;1104 1167 11B4;B5E5;1104 1167 11B4; # (ë—¥; ë—¥; 뗥; ë—¥; 뗥; ) HANGUL SYLLABLE DDYEOLT +B5E6;B5E6;1104 1167 11B5;B5E6;1104 1167 11B5; # (ë—¦; ë—¦; 뗦; ë—¦; 뗦; ) HANGUL SYLLABLE DDYEOLP +B5E7;B5E7;1104 1167 11B6;B5E7;1104 1167 11B6; # (ë—§; ë—§; 뗧; ë—§; 뗧; ) HANGUL SYLLABLE DDYEOLH +B5E8;B5E8;1104 1167 11B7;B5E8;1104 1167 11B7; # (ë—¨; ë—¨; 뗨; ë—¨; 뗨; ) HANGUL SYLLABLE DDYEOM +B5E9;B5E9;1104 1167 11B8;B5E9;1104 1167 11B8; # (ë—©; ë—©; 뗩; ë—©; 뗩; ) HANGUL SYLLABLE DDYEOB +B5EA;B5EA;1104 1167 11B9;B5EA;1104 1167 11B9; # (ë—ª; ë—ª; 뗪; ë—ª; 뗪; ) HANGUL SYLLABLE DDYEOBS +B5EB;B5EB;1104 1167 11BA;B5EB;1104 1167 11BA; # (ë—«; ë—«; 뗫; ë—«; 뗫; ) HANGUL SYLLABLE DDYEOS +B5EC;B5EC;1104 1167 11BB;B5EC;1104 1167 11BB; # (ë—¬; ë—¬; 뗬; ë—¬; 뗬; ) HANGUL SYLLABLE DDYEOSS +B5ED;B5ED;1104 1167 11BC;B5ED;1104 1167 11BC; # (ë—­; ë—­; 뗭; ë—­; 뗭; ) HANGUL SYLLABLE DDYEONG +B5EE;B5EE;1104 1167 11BD;B5EE;1104 1167 11BD; # (ë—®; ë—®; 뗮; ë—®; 뗮; ) HANGUL SYLLABLE DDYEOJ +B5EF;B5EF;1104 1167 11BE;B5EF;1104 1167 11BE; # (ë—¯; ë—¯; 뗯; ë—¯; 뗯; ) HANGUL SYLLABLE DDYEOC +B5F0;B5F0;1104 1167 11BF;B5F0;1104 1167 11BF; # (ë—°; ë—°; 뗰; ë—°; 뗰; ) HANGUL SYLLABLE DDYEOK +B5F1;B5F1;1104 1167 11C0;B5F1;1104 1167 11C0; # (ë—±; ë—±; 뗱; ë—±; 뗱; ) HANGUL SYLLABLE DDYEOT +B5F2;B5F2;1104 1167 11C1;B5F2;1104 1167 11C1; # (ë—²; ë—²; á„„á…§á‡; ë—²; á„„á…§á‡; ) HANGUL SYLLABLE DDYEOP +B5F3;B5F3;1104 1167 11C2;B5F3;1104 1167 11C2; # (ë—³; ë—³; 뗳; ë—³; 뗳; ) HANGUL SYLLABLE DDYEOH +B5F4;B5F4;1104 1168;B5F4;1104 1168; # (ë—´; ë—´; á„„á…¨; ë—´; á„„á…¨; ) HANGUL SYLLABLE DDYE +B5F5;B5F5;1104 1168 11A8;B5F5;1104 1168 11A8; # (ë—µ; ë—µ; 뗵; ë—µ; 뗵; ) HANGUL SYLLABLE DDYEG +B5F6;B5F6;1104 1168 11A9;B5F6;1104 1168 11A9; # (ë—¶; ë—¶; 뗶; ë—¶; 뗶; ) HANGUL SYLLABLE DDYEGG +B5F7;B5F7;1104 1168 11AA;B5F7;1104 1168 11AA; # (ë—·; ë—·; 뗷; ë—·; 뗷; ) HANGUL SYLLABLE DDYEGS +B5F8;B5F8;1104 1168 11AB;B5F8;1104 1168 11AB; # (ë—¸; ë—¸; 뗸; ë—¸; 뗸; ) HANGUL SYLLABLE DDYEN +B5F9;B5F9;1104 1168 11AC;B5F9;1104 1168 11AC; # (ë—¹; ë—¹; 뗹; ë—¹; 뗹; ) HANGUL SYLLABLE DDYENJ +B5FA;B5FA;1104 1168 11AD;B5FA;1104 1168 11AD; # (ë—º; ë—º; 뗺; ë—º; 뗺; ) HANGUL SYLLABLE DDYENH +B5FB;B5FB;1104 1168 11AE;B5FB;1104 1168 11AE; # (ë—»; ë—»; 뗻; ë—»; 뗻; ) HANGUL SYLLABLE DDYED +B5FC;B5FC;1104 1168 11AF;B5FC;1104 1168 11AF; # (ë—¼; ë—¼; 뗼; ë—¼; 뗼; ) HANGUL SYLLABLE DDYEL +B5FD;B5FD;1104 1168 11B0;B5FD;1104 1168 11B0; # (ë—½; ë—½; 뗽; ë—½; 뗽; ) HANGUL SYLLABLE DDYELG +B5FE;B5FE;1104 1168 11B1;B5FE;1104 1168 11B1; # (ë—¾; ë—¾; 뗾; ë—¾; 뗾; ) HANGUL SYLLABLE DDYELM +B5FF;B5FF;1104 1168 11B2;B5FF;1104 1168 11B2; # (ë—¿; ë—¿; 뗿; ë—¿; 뗿; ) HANGUL SYLLABLE DDYELB +B600;B600;1104 1168 11B3;B600;1104 1168 11B3; # (똀; 똀; 똀; 똀; 똀; ) HANGUL SYLLABLE DDYELS +B601;B601;1104 1168 11B4;B601;1104 1168 11B4; # (ë˜; ë˜; 똁; ë˜; 똁; ) HANGUL SYLLABLE DDYELT +B602;B602;1104 1168 11B5;B602;1104 1168 11B5; # (똂; 똂; 똂; 똂; 똂; ) HANGUL SYLLABLE DDYELP +B603;B603;1104 1168 11B6;B603;1104 1168 11B6; # (똃; 똃; 똃; 똃; 똃; ) HANGUL SYLLABLE DDYELH +B604;B604;1104 1168 11B7;B604;1104 1168 11B7; # (똄; 똄; 똄; 똄; 똄; ) HANGUL SYLLABLE DDYEM +B605;B605;1104 1168 11B8;B605;1104 1168 11B8; # (똅; 똅; 똅; 똅; 똅; ) HANGUL SYLLABLE DDYEB +B606;B606;1104 1168 11B9;B606;1104 1168 11B9; # (똆; 똆; 똆; 똆; 똆; ) HANGUL SYLLABLE DDYEBS +B607;B607;1104 1168 11BA;B607;1104 1168 11BA; # (똇; 똇; 똇; 똇; 똇; ) HANGUL SYLLABLE DDYES +B608;B608;1104 1168 11BB;B608;1104 1168 11BB; # (똈; 똈; 똈; 똈; 똈; ) HANGUL SYLLABLE DDYESS +B609;B609;1104 1168 11BC;B609;1104 1168 11BC; # (똉; 똉; 똉; 똉; 똉; ) HANGUL SYLLABLE DDYENG +B60A;B60A;1104 1168 11BD;B60A;1104 1168 11BD; # (똊; 똊; 똊; 똊; 똊; ) HANGUL SYLLABLE DDYEJ +B60B;B60B;1104 1168 11BE;B60B;1104 1168 11BE; # (똋; 똋; 똋; 똋; 똋; ) HANGUL SYLLABLE DDYEC +B60C;B60C;1104 1168 11BF;B60C;1104 1168 11BF; # (똌; 똌; 똌; 똌; 똌; ) HANGUL SYLLABLE DDYEK +B60D;B60D;1104 1168 11C0;B60D;1104 1168 11C0; # (ë˜; ë˜; 똍; ë˜; 똍; ) HANGUL SYLLABLE DDYET +B60E;B60E;1104 1168 11C1;B60E;1104 1168 11C1; # (똎; 똎; á„„á…¨á‡; 똎; á„„á…¨á‡; ) HANGUL SYLLABLE DDYEP +B60F;B60F;1104 1168 11C2;B60F;1104 1168 11C2; # (ë˜; ë˜; 똏; ë˜; 똏; ) HANGUL SYLLABLE DDYEH +B610;B610;1104 1169;B610;1104 1169; # (ë˜; ë˜; á„„á…©; ë˜; á„„á…©; ) HANGUL SYLLABLE DDO +B611;B611;1104 1169 11A8;B611;1104 1169 11A8; # (똑; 똑; 똑; 똑; 똑; ) HANGUL SYLLABLE DDOG +B612;B612;1104 1169 11A9;B612;1104 1169 11A9; # (똒; 똒; 똒; 똒; 똒; ) HANGUL SYLLABLE DDOGG +B613;B613;1104 1169 11AA;B613;1104 1169 11AA; # (똓; 똓; 똓; 똓; 똓; ) HANGUL SYLLABLE DDOGS +B614;B614;1104 1169 11AB;B614;1104 1169 11AB; # (똔; 똔; 똔; 똔; 똔; ) HANGUL SYLLABLE DDON +B615;B615;1104 1169 11AC;B615;1104 1169 11AC; # (똕; 똕; 똕; 똕; 똕; ) HANGUL SYLLABLE DDONJ +B616;B616;1104 1169 11AD;B616;1104 1169 11AD; # (똖; 똖; 똖; 똖; 똖; ) HANGUL SYLLABLE DDONH +B617;B617;1104 1169 11AE;B617;1104 1169 11AE; # (똗; 똗; 똗; 똗; 똗; ) HANGUL SYLLABLE DDOD +B618;B618;1104 1169 11AF;B618;1104 1169 11AF; # (똘; 똘; 똘; 똘; 똘; ) HANGUL SYLLABLE DDOL +B619;B619;1104 1169 11B0;B619;1104 1169 11B0; # (똙; 똙; 똙; 똙; 똙; ) HANGUL SYLLABLE DDOLG +B61A;B61A;1104 1169 11B1;B61A;1104 1169 11B1; # (똚; 똚; 똚; 똚; 똚; ) HANGUL SYLLABLE DDOLM +B61B;B61B;1104 1169 11B2;B61B;1104 1169 11B2; # (똛; 똛; 똛; 똛; 똛; ) HANGUL SYLLABLE DDOLB +B61C;B61C;1104 1169 11B3;B61C;1104 1169 11B3; # (똜; 똜; 똜; 똜; 똜; ) HANGUL SYLLABLE DDOLS +B61D;B61D;1104 1169 11B4;B61D;1104 1169 11B4; # (ë˜; ë˜; 똝; ë˜; 똝; ) HANGUL SYLLABLE DDOLT +B61E;B61E;1104 1169 11B5;B61E;1104 1169 11B5; # (똞; 똞; 똞; 똞; 똞; ) HANGUL SYLLABLE DDOLP +B61F;B61F;1104 1169 11B6;B61F;1104 1169 11B6; # (똟; 똟; 똟; 똟; 똟; ) HANGUL SYLLABLE DDOLH +B620;B620;1104 1169 11B7;B620;1104 1169 11B7; # (똠; 똠; 똠; 똠; 똠; ) HANGUL SYLLABLE DDOM +B621;B621;1104 1169 11B8;B621;1104 1169 11B8; # (똡; 똡; 똡; 똡; 똡; ) HANGUL SYLLABLE DDOB +B622;B622;1104 1169 11B9;B622;1104 1169 11B9; # (똢; 똢; 똢; 똢; 똢; ) HANGUL SYLLABLE DDOBS +B623;B623;1104 1169 11BA;B623;1104 1169 11BA; # (똣; 똣; 똣; 똣; 똣; ) HANGUL SYLLABLE DDOS +B624;B624;1104 1169 11BB;B624;1104 1169 11BB; # (똤; 똤; 똤; 똤; 똤; ) HANGUL SYLLABLE DDOSS +B625;B625;1104 1169 11BC;B625;1104 1169 11BC; # (똥; 똥; 똥; 똥; 똥; ) HANGUL SYLLABLE DDONG +B626;B626;1104 1169 11BD;B626;1104 1169 11BD; # (똦; 똦; 똦; 똦; 똦; ) HANGUL SYLLABLE DDOJ +B627;B627;1104 1169 11BE;B627;1104 1169 11BE; # (똧; 똧; 똧; 똧; 똧; ) HANGUL SYLLABLE DDOC +B628;B628;1104 1169 11BF;B628;1104 1169 11BF; # (똨; 똨; 똨; 똨; 똨; ) HANGUL SYLLABLE DDOK +B629;B629;1104 1169 11C0;B629;1104 1169 11C0; # (똩; 똩; 똩; 똩; 똩; ) HANGUL SYLLABLE DDOT +B62A;B62A;1104 1169 11C1;B62A;1104 1169 11C1; # (똪; 똪; á„„á…©á‡; 똪; á„„á…©á‡; ) HANGUL SYLLABLE DDOP +B62B;B62B;1104 1169 11C2;B62B;1104 1169 11C2; # (똫; 똫; 똫; 똫; 똫; ) HANGUL SYLLABLE DDOH +B62C;B62C;1104 116A;B62C;1104 116A; # (똬; 똬; á„„á…ª; 똬; á„„á…ª; ) HANGUL SYLLABLE DDWA +B62D;B62D;1104 116A 11A8;B62D;1104 116A 11A8; # (똭; 똭; 똭; 똭; 똭; ) HANGUL SYLLABLE DDWAG +B62E;B62E;1104 116A 11A9;B62E;1104 116A 11A9; # (똮; 똮; 똮; 똮; 똮; ) HANGUL SYLLABLE DDWAGG +B62F;B62F;1104 116A 11AA;B62F;1104 116A 11AA; # (똯; 똯; 똯; 똯; 똯; ) HANGUL SYLLABLE DDWAGS +B630;B630;1104 116A 11AB;B630;1104 116A 11AB; # (똰; 똰; 똰; 똰; 똰; ) HANGUL SYLLABLE DDWAN +B631;B631;1104 116A 11AC;B631;1104 116A 11AC; # (똱; 똱; 똱; 똱; 똱; ) HANGUL SYLLABLE DDWANJ +B632;B632;1104 116A 11AD;B632;1104 116A 11AD; # (똲; 똲; 똲; 똲; 똲; ) HANGUL SYLLABLE DDWANH +B633;B633;1104 116A 11AE;B633;1104 116A 11AE; # (똳; 똳; 똳; 똳; 똳; ) HANGUL SYLLABLE DDWAD +B634;B634;1104 116A 11AF;B634;1104 116A 11AF; # (똴; 똴; 똴; 똴; 똴; ) HANGUL SYLLABLE DDWAL +B635;B635;1104 116A 11B0;B635;1104 116A 11B0; # (똵; 똵; 똵; 똵; 똵; ) HANGUL SYLLABLE DDWALG +B636;B636;1104 116A 11B1;B636;1104 116A 11B1; # (똶; 똶; 똶; 똶; 똶; ) HANGUL SYLLABLE DDWALM +B637;B637;1104 116A 11B2;B637;1104 116A 11B2; # (똷; 똷; 똷; 똷; 똷; ) HANGUL SYLLABLE DDWALB +B638;B638;1104 116A 11B3;B638;1104 116A 11B3; # (똸; 똸; 똸; 똸; 똸; ) HANGUL SYLLABLE DDWALS +B639;B639;1104 116A 11B4;B639;1104 116A 11B4; # (똹; 똹; 똹; 똹; 똹; ) HANGUL SYLLABLE DDWALT +B63A;B63A;1104 116A 11B5;B63A;1104 116A 11B5; # (똺; 똺; 똺; 똺; 똺; ) HANGUL SYLLABLE DDWALP +B63B;B63B;1104 116A 11B6;B63B;1104 116A 11B6; # (똻; 똻; 똻; 똻; 똻; ) HANGUL SYLLABLE DDWALH +B63C;B63C;1104 116A 11B7;B63C;1104 116A 11B7; # (똼; 똼; 똼; 똼; 똼; ) HANGUL SYLLABLE DDWAM +B63D;B63D;1104 116A 11B8;B63D;1104 116A 11B8; # (똽; 똽; 똽; 똽; 똽; ) HANGUL SYLLABLE DDWAB +B63E;B63E;1104 116A 11B9;B63E;1104 116A 11B9; # (똾; 똾; 똾; 똾; 똾; ) HANGUL SYLLABLE DDWABS +B63F;B63F;1104 116A 11BA;B63F;1104 116A 11BA; # (똿; 똿; 똿; 똿; 똿; ) HANGUL SYLLABLE DDWAS +B640;B640;1104 116A 11BB;B640;1104 116A 11BB; # (뙀; 뙀; 뙀; 뙀; 뙀; ) HANGUL SYLLABLE DDWASS +B641;B641;1104 116A 11BC;B641;1104 116A 11BC; # (ë™; ë™; 뙁; ë™; 뙁; ) HANGUL SYLLABLE DDWANG +B642;B642;1104 116A 11BD;B642;1104 116A 11BD; # (뙂; 뙂; 뙂; 뙂; 뙂; ) HANGUL SYLLABLE DDWAJ +B643;B643;1104 116A 11BE;B643;1104 116A 11BE; # (뙃; 뙃; 뙃; 뙃; 뙃; ) HANGUL SYLLABLE DDWAC +B644;B644;1104 116A 11BF;B644;1104 116A 11BF; # (뙄; 뙄; 뙄; 뙄; 뙄; ) HANGUL SYLLABLE DDWAK +B645;B645;1104 116A 11C0;B645;1104 116A 11C0; # (ë™…; ë™…; 뙅; ë™…; 뙅; ) HANGUL SYLLABLE DDWAT +B646;B646;1104 116A 11C1;B646;1104 116A 11C1; # (뙆; 뙆; á„„á…ªá‡; 뙆; á„„á…ªá‡; ) HANGUL SYLLABLE DDWAP +B647;B647;1104 116A 11C2;B647;1104 116A 11C2; # (뙇; 뙇; 뙇; 뙇; 뙇; ) HANGUL SYLLABLE DDWAH +B648;B648;1104 116B;B648;1104 116B; # (뙈; 뙈; á„„á…«; 뙈; á„„á…«; ) HANGUL SYLLABLE DDWAE +B649;B649;1104 116B 11A8;B649;1104 116B 11A8; # (뙉; 뙉; 뙉; 뙉; 뙉; ) HANGUL SYLLABLE DDWAEG +B64A;B64A;1104 116B 11A9;B64A;1104 116B 11A9; # (뙊; 뙊; 뙊; 뙊; 뙊; ) HANGUL SYLLABLE DDWAEGG +B64B;B64B;1104 116B 11AA;B64B;1104 116B 11AA; # (뙋; 뙋; 뙋; 뙋; 뙋; ) HANGUL SYLLABLE DDWAEGS +B64C;B64C;1104 116B 11AB;B64C;1104 116B 11AB; # (뙌; 뙌; 뙌; 뙌; 뙌; ) HANGUL SYLLABLE DDWAEN +B64D;B64D;1104 116B 11AC;B64D;1104 116B 11AC; # (ë™; ë™; 뙍; ë™; 뙍; ) HANGUL SYLLABLE DDWAENJ +B64E;B64E;1104 116B 11AD;B64E;1104 116B 11AD; # (뙎; 뙎; 뙎; 뙎; 뙎; ) HANGUL SYLLABLE DDWAENH +B64F;B64F;1104 116B 11AE;B64F;1104 116B 11AE; # (ë™; ë™; 뙏; ë™; 뙏; ) HANGUL SYLLABLE DDWAED +B650;B650;1104 116B 11AF;B650;1104 116B 11AF; # (ë™; ë™; 뙐; ë™; 뙐; ) HANGUL SYLLABLE DDWAEL +B651;B651;1104 116B 11B0;B651;1104 116B 11B0; # (뙑; 뙑; 뙑; 뙑; 뙑; ) HANGUL SYLLABLE DDWAELG +B652;B652;1104 116B 11B1;B652;1104 116B 11B1; # (ë™’; ë™’; 뙒; ë™’; 뙒; ) HANGUL SYLLABLE DDWAELM +B653;B653;1104 116B 11B2;B653;1104 116B 11B2; # (뙓; 뙓; 뙓; 뙓; 뙓; ) HANGUL SYLLABLE DDWAELB +B654;B654;1104 116B 11B3;B654;1104 116B 11B3; # (ë™”; ë™”; 뙔; ë™”; 뙔; ) HANGUL SYLLABLE DDWAELS +B655;B655;1104 116B 11B4;B655;1104 116B 11B4; # (뙕; 뙕; 뙕; 뙕; 뙕; ) HANGUL SYLLABLE DDWAELT +B656;B656;1104 116B 11B5;B656;1104 116B 11B5; # (ë™–; ë™–; 뙖; ë™–; 뙖; ) HANGUL SYLLABLE DDWAELP +B657;B657;1104 116B 11B6;B657;1104 116B 11B6; # (ë™—; ë™—; 뙗; ë™—; 뙗; ) HANGUL SYLLABLE DDWAELH +B658;B658;1104 116B 11B7;B658;1104 116B 11B7; # (뙘; 뙘; 뙘; 뙘; 뙘; ) HANGUL SYLLABLE DDWAEM +B659;B659;1104 116B 11B8;B659;1104 116B 11B8; # (ë™™; ë™™; 뙙; ë™™; 뙙; ) HANGUL SYLLABLE DDWAEB +B65A;B65A;1104 116B 11B9;B65A;1104 116B 11B9; # (뙚; 뙚; 뙚; 뙚; 뙚; ) HANGUL SYLLABLE DDWAEBS +B65B;B65B;1104 116B 11BA;B65B;1104 116B 11BA; # (ë™›; ë™›; 뙛; ë™›; 뙛; ) HANGUL SYLLABLE DDWAES +B65C;B65C;1104 116B 11BB;B65C;1104 116B 11BB; # (뙜; 뙜; 뙜; 뙜; 뙜; ) HANGUL SYLLABLE DDWAESS +B65D;B65D;1104 116B 11BC;B65D;1104 116B 11BC; # (ë™; ë™; 뙝; ë™; 뙝; ) HANGUL SYLLABLE DDWAENG +B65E;B65E;1104 116B 11BD;B65E;1104 116B 11BD; # (뙞; 뙞; 뙞; 뙞; 뙞; ) HANGUL SYLLABLE DDWAEJ +B65F;B65F;1104 116B 11BE;B65F;1104 116B 11BE; # (뙟; 뙟; 뙟; 뙟; 뙟; ) HANGUL SYLLABLE DDWAEC +B660;B660;1104 116B 11BF;B660;1104 116B 11BF; # (ë™ ; ë™ ; 뙠; ë™ ; 뙠; ) HANGUL SYLLABLE DDWAEK +B661;B661;1104 116B 11C0;B661;1104 116B 11C0; # (뙡; 뙡; 뙡; 뙡; 뙡; ) HANGUL SYLLABLE DDWAET +B662;B662;1104 116B 11C1;B662;1104 116B 11C1; # (뙢; 뙢; á„„á…«á‡; 뙢; á„„á…«á‡; ) HANGUL SYLLABLE DDWAEP +B663;B663;1104 116B 11C2;B663;1104 116B 11C2; # (뙣; 뙣; 뙣; 뙣; 뙣; ) HANGUL SYLLABLE DDWAEH +B664;B664;1104 116C;B664;1104 116C; # (뙤; 뙤; á„„á…¬; 뙤; á„„á…¬; ) HANGUL SYLLABLE DDOE +B665;B665;1104 116C 11A8;B665;1104 116C 11A8; # (뙥; 뙥; 뙥; 뙥; 뙥; ) HANGUL SYLLABLE DDOEG +B666;B666;1104 116C 11A9;B666;1104 116C 11A9; # (뙦; 뙦; 뙦; 뙦; 뙦; ) HANGUL SYLLABLE DDOEGG +B667;B667;1104 116C 11AA;B667;1104 116C 11AA; # (뙧; 뙧; 뙧; 뙧; 뙧; ) HANGUL SYLLABLE DDOEGS +B668;B668;1104 116C 11AB;B668;1104 116C 11AB; # (뙨; 뙨; 뙨; 뙨; 뙨; ) HANGUL SYLLABLE DDOEN +B669;B669;1104 116C 11AC;B669;1104 116C 11AC; # (뙩; 뙩; 뙩; 뙩; 뙩; ) HANGUL SYLLABLE DDOENJ +B66A;B66A;1104 116C 11AD;B66A;1104 116C 11AD; # (뙪; 뙪; 뙪; 뙪; 뙪; ) HANGUL SYLLABLE DDOENH +B66B;B66B;1104 116C 11AE;B66B;1104 116C 11AE; # (뙫; 뙫; 뙫; 뙫; 뙫; ) HANGUL SYLLABLE DDOED +B66C;B66C;1104 116C 11AF;B66C;1104 116C 11AF; # (뙬; 뙬; 뙬; 뙬; 뙬; ) HANGUL SYLLABLE DDOEL +B66D;B66D;1104 116C 11B0;B66D;1104 116C 11B0; # (ë™­; ë™­; 뙭; ë™­; 뙭; ) HANGUL SYLLABLE DDOELG +B66E;B66E;1104 116C 11B1;B66E;1104 116C 11B1; # (ë™®; ë™®; 뙮; ë™®; 뙮; ) HANGUL SYLLABLE DDOELM +B66F;B66F;1104 116C 11B2;B66F;1104 116C 11B2; # (뙯; 뙯; 뙯; 뙯; 뙯; ) HANGUL SYLLABLE DDOELB +B670;B670;1104 116C 11B3;B670;1104 116C 11B3; # (ë™°; ë™°; 뙰; ë™°; 뙰; ) HANGUL SYLLABLE DDOELS +B671;B671;1104 116C 11B4;B671;1104 116C 11B4; # (ë™±; ë™±; 뙱; ë™±; 뙱; ) HANGUL SYLLABLE DDOELT +B672;B672;1104 116C 11B5;B672;1104 116C 11B5; # (뙲; 뙲; 뙲; 뙲; 뙲; ) HANGUL SYLLABLE DDOELP +B673;B673;1104 116C 11B6;B673;1104 116C 11B6; # (뙳; 뙳; 뙳; 뙳; 뙳; ) HANGUL SYLLABLE DDOELH +B674;B674;1104 116C 11B7;B674;1104 116C 11B7; # (ë™´; ë™´; 뙴; ë™´; 뙴; ) HANGUL SYLLABLE DDOEM +B675;B675;1104 116C 11B8;B675;1104 116C 11B8; # (뙵; 뙵; 뙵; 뙵; 뙵; ) HANGUL SYLLABLE DDOEB +B676;B676;1104 116C 11B9;B676;1104 116C 11B9; # (뙶; 뙶; 뙶; 뙶; 뙶; ) HANGUL SYLLABLE DDOEBS +B677;B677;1104 116C 11BA;B677;1104 116C 11BA; # (ë™·; ë™·; 뙷; ë™·; 뙷; ) HANGUL SYLLABLE DDOES +B678;B678;1104 116C 11BB;B678;1104 116C 11BB; # (뙸; 뙸; 뙸; 뙸; 뙸; ) HANGUL SYLLABLE DDOESS +B679;B679;1104 116C 11BC;B679;1104 116C 11BC; # (뙹; 뙹; 뙹; 뙹; 뙹; ) HANGUL SYLLABLE DDOENG +B67A;B67A;1104 116C 11BD;B67A;1104 116C 11BD; # (뙺; 뙺; 뙺; 뙺; 뙺; ) HANGUL SYLLABLE DDOEJ +B67B;B67B;1104 116C 11BE;B67B;1104 116C 11BE; # (ë™»; ë™»; 뙻; ë™»; 뙻; ) HANGUL SYLLABLE DDOEC +B67C;B67C;1104 116C 11BF;B67C;1104 116C 11BF; # (뙼; 뙼; 뙼; 뙼; 뙼; ) HANGUL SYLLABLE DDOEK +B67D;B67D;1104 116C 11C0;B67D;1104 116C 11C0; # (뙽; 뙽; 뙽; 뙽; 뙽; ) HANGUL SYLLABLE DDOET +B67E;B67E;1104 116C 11C1;B67E;1104 116C 11C1; # (뙾; 뙾; á„„á…¬á‡; 뙾; á„„á…¬á‡; ) HANGUL SYLLABLE DDOEP +B67F;B67F;1104 116C 11C2;B67F;1104 116C 11C2; # (뙿; 뙿; 뙿; 뙿; 뙿; ) HANGUL SYLLABLE DDOEH +B680;B680;1104 116D;B680;1104 116D; # (뚀; 뚀; á„„á…­; 뚀; á„„á…­; ) HANGUL SYLLABLE DDYO +B681;B681;1104 116D 11A8;B681;1104 116D 11A8; # (ëš; ëš; 뚁; ëš; 뚁; ) HANGUL SYLLABLE DDYOG +B682;B682;1104 116D 11A9;B682;1104 116D 11A9; # (ëš‚; ëš‚; 뚂; ëš‚; 뚂; ) HANGUL SYLLABLE DDYOGG +B683;B683;1104 116D 11AA;B683;1104 116D 11AA; # (뚃; 뚃; 뚃; 뚃; 뚃; ) HANGUL SYLLABLE DDYOGS +B684;B684;1104 116D 11AB;B684;1104 116D 11AB; # (ëš„; ëš„; 뚄; ëš„; 뚄; ) HANGUL SYLLABLE DDYON +B685;B685;1104 116D 11AC;B685;1104 116D 11AC; # (ëš…; ëš…; 뚅; ëš…; 뚅; ) HANGUL SYLLABLE DDYONJ +B686;B686;1104 116D 11AD;B686;1104 116D 11AD; # (뚆; 뚆; 뚆; 뚆; 뚆; ) HANGUL SYLLABLE DDYONH +B687;B687;1104 116D 11AE;B687;1104 116D 11AE; # (뚇; 뚇; 뚇; 뚇; 뚇; ) HANGUL SYLLABLE DDYOD +B688;B688;1104 116D 11AF;B688;1104 116D 11AF; # (뚈; 뚈; 뚈; 뚈; 뚈; ) HANGUL SYLLABLE DDYOL +B689;B689;1104 116D 11B0;B689;1104 116D 11B0; # (뚉; 뚉; 뚉; 뚉; 뚉; ) HANGUL SYLLABLE DDYOLG +B68A;B68A;1104 116D 11B1;B68A;1104 116D 11B1; # (뚊; 뚊; 뚊; 뚊; 뚊; ) HANGUL SYLLABLE DDYOLM +B68B;B68B;1104 116D 11B2;B68B;1104 116D 11B2; # (ëš‹; ëš‹; 뚋; ëš‹; 뚋; ) HANGUL SYLLABLE DDYOLB +B68C;B68C;1104 116D 11B3;B68C;1104 116D 11B3; # (뚌; 뚌; 뚌; 뚌; 뚌; ) HANGUL SYLLABLE DDYOLS +B68D;B68D;1104 116D 11B4;B68D;1104 116D 11B4; # (ëš; ëš; 뚍; ëš; 뚍; ) HANGUL SYLLABLE DDYOLT +B68E;B68E;1104 116D 11B5;B68E;1104 116D 11B5; # (뚎; 뚎; 뚎; 뚎; 뚎; ) HANGUL SYLLABLE DDYOLP +B68F;B68F;1104 116D 11B6;B68F;1104 116D 11B6; # (ëš; ëš; 뚏; ëš; 뚏; ) HANGUL SYLLABLE DDYOLH +B690;B690;1104 116D 11B7;B690;1104 116D 11B7; # (ëš; ëš; 뚐; ëš; 뚐; ) HANGUL SYLLABLE DDYOM +B691;B691;1104 116D 11B8;B691;1104 116D 11B8; # (ëš‘; ëš‘; 뚑; ëš‘; 뚑; ) HANGUL SYLLABLE DDYOB +B692;B692;1104 116D 11B9;B692;1104 116D 11B9; # (ëš’; ëš’; 뚒; ëš’; 뚒; ) HANGUL SYLLABLE DDYOBS +B693;B693;1104 116D 11BA;B693;1104 116D 11BA; # (ëš“; ëš“; 뚓; ëš“; 뚓; ) HANGUL SYLLABLE DDYOS +B694;B694;1104 116D 11BB;B694;1104 116D 11BB; # (ëš”; ëš”; 뚔; ëš”; 뚔; ) HANGUL SYLLABLE DDYOSS +B695;B695;1104 116D 11BC;B695;1104 116D 11BC; # (ëš•; ëš•; 뚕; ëš•; 뚕; ) HANGUL SYLLABLE DDYONG +B696;B696;1104 116D 11BD;B696;1104 116D 11BD; # (ëš–; ëš–; 뚖; ëš–; 뚖; ) HANGUL SYLLABLE DDYOJ +B697;B697;1104 116D 11BE;B697;1104 116D 11BE; # (ëš—; ëš—; 뚗; ëš—; 뚗; ) HANGUL SYLLABLE DDYOC +B698;B698;1104 116D 11BF;B698;1104 116D 11BF; # (뚘; 뚘; 뚘; 뚘; 뚘; ) HANGUL SYLLABLE DDYOK +B699;B699;1104 116D 11C0;B699;1104 116D 11C0; # (ëš™; ëš™; 뚙; ëš™; 뚙; ) HANGUL SYLLABLE DDYOT +B69A;B69A;1104 116D 11C1;B69A;1104 116D 11C1; # (ëšš; ëšš; á„„á…­á‡; ëšš; á„„á…­á‡; ) HANGUL SYLLABLE DDYOP +B69B;B69B;1104 116D 11C2;B69B;1104 116D 11C2; # (ëš›; ëš›; 뚛; ëš›; 뚛; ) HANGUL SYLLABLE DDYOH +B69C;B69C;1104 116E;B69C;1104 116E; # (ëšœ; ëšœ; á„„á…®; ëšœ; á„„á…®; ) HANGUL SYLLABLE DDU +B69D;B69D;1104 116E 11A8;B69D;1104 116E 11A8; # (ëš; ëš; 뚝; ëš; 뚝; ) HANGUL SYLLABLE DDUG +B69E;B69E;1104 116E 11A9;B69E;1104 116E 11A9; # (ëšž; ëšž; 뚞; ëšž; 뚞; ) HANGUL SYLLABLE DDUGG +B69F;B69F;1104 116E 11AA;B69F;1104 116E 11AA; # (뚟; 뚟; 뚟; 뚟; 뚟; ) HANGUL SYLLABLE DDUGS +B6A0;B6A0;1104 116E 11AB;B6A0;1104 116E 11AB; # (ëš ; ëš ; 뚠; ëš ; 뚠; ) HANGUL SYLLABLE DDUN +B6A1;B6A1;1104 116E 11AC;B6A1;1104 116E 11AC; # (ëš¡; ëš¡; 뚡; ëš¡; 뚡; ) HANGUL SYLLABLE DDUNJ +B6A2;B6A2;1104 116E 11AD;B6A2;1104 116E 11AD; # (뚢; 뚢; 뚢; 뚢; 뚢; ) HANGUL SYLLABLE DDUNH +B6A3;B6A3;1104 116E 11AE;B6A3;1104 116E 11AE; # (뚣; 뚣; 뚣; 뚣; 뚣; ) HANGUL SYLLABLE DDUD +B6A4;B6A4;1104 116E 11AF;B6A4;1104 116E 11AF; # (뚤; 뚤; 뚤; 뚤; 뚤; ) HANGUL SYLLABLE DDUL +B6A5;B6A5;1104 116E 11B0;B6A5;1104 116E 11B0; # (뚥; 뚥; 뚥; 뚥; 뚥; ) HANGUL SYLLABLE DDULG +B6A6;B6A6;1104 116E 11B1;B6A6;1104 116E 11B1; # (뚦; 뚦; 뚦; 뚦; 뚦; ) HANGUL SYLLABLE DDULM +B6A7;B6A7;1104 116E 11B2;B6A7;1104 116E 11B2; # (뚧; 뚧; 뚧; 뚧; 뚧; ) HANGUL SYLLABLE DDULB +B6A8;B6A8;1104 116E 11B3;B6A8;1104 116E 11B3; # (뚨; 뚨; 뚨; 뚨; 뚨; ) HANGUL SYLLABLE DDULS +B6A9;B6A9;1104 116E 11B4;B6A9;1104 116E 11B4; # (ëš©; ëš©; 뚩; ëš©; 뚩; ) HANGUL SYLLABLE DDULT +B6AA;B6AA;1104 116E 11B5;B6AA;1104 116E 11B5; # (뚪; 뚪; 뚪; 뚪; 뚪; ) HANGUL SYLLABLE DDULP +B6AB;B6AB;1104 116E 11B6;B6AB;1104 116E 11B6; # (ëš«; ëš«; 뚫; ëš«; 뚫; ) HANGUL SYLLABLE DDULH +B6AC;B6AC;1104 116E 11B7;B6AC;1104 116E 11B7; # (뚬; 뚬; 뚬; 뚬; 뚬; ) HANGUL SYLLABLE DDUM +B6AD;B6AD;1104 116E 11B8;B6AD;1104 116E 11B8; # (ëš­; ëš­; 뚭; ëš­; 뚭; ) HANGUL SYLLABLE DDUB +B6AE;B6AE;1104 116E 11B9;B6AE;1104 116E 11B9; # (ëš®; ëš®; 뚮; ëš®; 뚮; ) HANGUL SYLLABLE DDUBS +B6AF;B6AF;1104 116E 11BA;B6AF;1104 116E 11BA; # (뚯; 뚯; 뚯; 뚯; 뚯; ) HANGUL SYLLABLE DDUS +B6B0;B6B0;1104 116E 11BB;B6B0;1104 116E 11BB; # (ëš°; ëš°; 뚰; ëš°; 뚰; ) HANGUL SYLLABLE DDUSS +B6B1;B6B1;1104 116E 11BC;B6B1;1104 116E 11BC; # (ëš±; ëš±; 뚱; ëš±; 뚱; ) HANGUL SYLLABLE DDUNG +B6B2;B6B2;1104 116E 11BD;B6B2;1104 116E 11BD; # (ëš²; ëš²; 뚲; ëš²; 뚲; ) HANGUL SYLLABLE DDUJ +B6B3;B6B3;1104 116E 11BE;B6B3;1104 116E 11BE; # (ëš³; ëš³; 뚳; ëš³; 뚳; ) HANGUL SYLLABLE DDUC +B6B4;B6B4;1104 116E 11BF;B6B4;1104 116E 11BF; # (ëš´; ëš´; 뚴; ëš´; 뚴; ) HANGUL SYLLABLE DDUK +B6B5;B6B5;1104 116E 11C0;B6B5;1104 116E 11C0; # (ëšµ; ëšµ; 뚵; ëšµ; 뚵; ) HANGUL SYLLABLE DDUT +B6B6;B6B6;1104 116E 11C1;B6B6;1104 116E 11C1; # (뚶; 뚶; á„„á…®á‡; 뚶; á„„á…®á‡; ) HANGUL SYLLABLE DDUP +B6B7;B6B7;1104 116E 11C2;B6B7;1104 116E 11C2; # (ëš·; ëš·; 뚷; ëš·; 뚷; ) HANGUL SYLLABLE DDUH +B6B8;B6B8;1104 116F;B6B8;1104 116F; # (뚸; 뚸; á„„á…¯; 뚸; á„„á…¯; ) HANGUL SYLLABLE DDWEO +B6B9;B6B9;1104 116F 11A8;B6B9;1104 116F 11A8; # (ëš¹; ëš¹; 뚹; ëš¹; 뚹; ) HANGUL SYLLABLE DDWEOG +B6BA;B6BA;1104 116F 11A9;B6BA;1104 116F 11A9; # (뚺; 뚺; 뚺; 뚺; 뚺; ) HANGUL SYLLABLE DDWEOGG +B6BB;B6BB;1104 116F 11AA;B6BB;1104 116F 11AA; # (ëš»; ëš»; 뚻; ëš»; 뚻; ) HANGUL SYLLABLE DDWEOGS +B6BC;B6BC;1104 116F 11AB;B6BC;1104 116F 11AB; # (ëš¼; ëš¼; 뚼; ëš¼; 뚼; ) HANGUL SYLLABLE DDWEON +B6BD;B6BD;1104 116F 11AC;B6BD;1104 116F 11AC; # (ëš½; ëš½; 뚽; ëš½; 뚽; ) HANGUL SYLLABLE DDWEONJ +B6BE;B6BE;1104 116F 11AD;B6BE;1104 116F 11AD; # (ëš¾; ëš¾; 뚾; ëš¾; 뚾; ) HANGUL SYLLABLE DDWEONH +B6BF;B6BF;1104 116F 11AE;B6BF;1104 116F 11AE; # (ëš¿; ëš¿; 뚿; ëš¿; 뚿; ) HANGUL SYLLABLE DDWEOD +B6C0;B6C0;1104 116F 11AF;B6C0;1104 116F 11AF; # (뛀; 뛀; 뛀; 뛀; 뛀; ) HANGUL SYLLABLE DDWEOL +B6C1;B6C1;1104 116F 11B0;B6C1;1104 116F 11B0; # (ë›; ë›; 뛁; ë›; 뛁; ) HANGUL SYLLABLE DDWEOLG +B6C2;B6C2;1104 116F 11B1;B6C2;1104 116F 11B1; # (뛂; 뛂; 뛂; 뛂; 뛂; ) HANGUL SYLLABLE DDWEOLM +B6C3;B6C3;1104 116F 11B2;B6C3;1104 116F 11B2; # (뛃; 뛃; 뛃; 뛃; 뛃; ) HANGUL SYLLABLE DDWEOLB +B6C4;B6C4;1104 116F 11B3;B6C4;1104 116F 11B3; # (뛄; 뛄; 뛄; 뛄; 뛄; ) HANGUL SYLLABLE DDWEOLS +B6C5;B6C5;1104 116F 11B4;B6C5;1104 116F 11B4; # (ë›…; ë›…; 뛅; ë›…; 뛅; ) HANGUL SYLLABLE DDWEOLT +B6C6;B6C6;1104 116F 11B5;B6C6;1104 116F 11B5; # (뛆; 뛆; 뛆; 뛆; 뛆; ) HANGUL SYLLABLE DDWEOLP +B6C7;B6C7;1104 116F 11B6;B6C7;1104 116F 11B6; # (뛇; 뛇; 뛇; 뛇; 뛇; ) HANGUL SYLLABLE DDWEOLH +B6C8;B6C8;1104 116F 11B7;B6C8;1104 116F 11B7; # (뛈; 뛈; 뛈; 뛈; 뛈; ) HANGUL SYLLABLE DDWEOM +B6C9;B6C9;1104 116F 11B8;B6C9;1104 116F 11B8; # (뛉; 뛉; 뛉; 뛉; 뛉; ) HANGUL SYLLABLE DDWEOB +B6CA;B6CA;1104 116F 11B9;B6CA;1104 116F 11B9; # (뛊; 뛊; 뛊; 뛊; 뛊; ) HANGUL SYLLABLE DDWEOBS +B6CB;B6CB;1104 116F 11BA;B6CB;1104 116F 11BA; # (뛋; 뛋; 뛋; 뛋; 뛋; ) HANGUL SYLLABLE DDWEOS +B6CC;B6CC;1104 116F 11BB;B6CC;1104 116F 11BB; # (뛌; 뛌; 뛌; 뛌; 뛌; ) HANGUL SYLLABLE DDWEOSS +B6CD;B6CD;1104 116F 11BC;B6CD;1104 116F 11BC; # (ë›; ë›; 뛍; ë›; 뛍; ) HANGUL SYLLABLE DDWEONG +B6CE;B6CE;1104 116F 11BD;B6CE;1104 116F 11BD; # (뛎; 뛎; 뛎; 뛎; 뛎; ) HANGUL SYLLABLE DDWEOJ +B6CF;B6CF;1104 116F 11BE;B6CF;1104 116F 11BE; # (ë›; ë›; 뛏; ë›; 뛏; ) HANGUL SYLLABLE DDWEOC +B6D0;B6D0;1104 116F 11BF;B6D0;1104 116F 11BF; # (ë›; ë›; 뛐; ë›; 뛐; ) HANGUL SYLLABLE DDWEOK +B6D1;B6D1;1104 116F 11C0;B6D1;1104 116F 11C0; # (뛑; 뛑; 뛑; 뛑; 뛑; ) HANGUL SYLLABLE DDWEOT +B6D2;B6D2;1104 116F 11C1;B6D2;1104 116F 11C1; # (ë›’; ë›’; á„„á…¯á‡; ë›’; á„„á…¯á‡; ) HANGUL SYLLABLE DDWEOP +B6D3;B6D3;1104 116F 11C2;B6D3;1104 116F 11C2; # (뛓; 뛓; 뛓; 뛓; 뛓; ) HANGUL SYLLABLE DDWEOH +B6D4;B6D4;1104 1170;B6D4;1104 1170; # (ë›”; ë›”; á„„á…°; ë›”; á„„á…°; ) HANGUL SYLLABLE DDWE +B6D5;B6D5;1104 1170 11A8;B6D5;1104 1170 11A8; # (뛕; 뛕; 뛕; 뛕; 뛕; ) HANGUL SYLLABLE DDWEG +B6D6;B6D6;1104 1170 11A9;B6D6;1104 1170 11A9; # (ë›–; ë›–; 뛖; ë›–; 뛖; ) HANGUL SYLLABLE DDWEGG +B6D7;B6D7;1104 1170 11AA;B6D7;1104 1170 11AA; # (ë›—; ë›—; 뛗; ë›—; 뛗; ) HANGUL SYLLABLE DDWEGS +B6D8;B6D8;1104 1170 11AB;B6D8;1104 1170 11AB; # (뛘; 뛘; 뛘; 뛘; 뛘; ) HANGUL SYLLABLE DDWEN +B6D9;B6D9;1104 1170 11AC;B6D9;1104 1170 11AC; # (ë›™; ë›™; 뛙; ë›™; 뛙; ) HANGUL SYLLABLE DDWENJ +B6DA;B6DA;1104 1170 11AD;B6DA;1104 1170 11AD; # (뛚; 뛚; 뛚; 뛚; 뛚; ) HANGUL SYLLABLE DDWENH +B6DB;B6DB;1104 1170 11AE;B6DB;1104 1170 11AE; # (ë››; ë››; 뛛; ë››; 뛛; ) HANGUL SYLLABLE DDWED +B6DC;B6DC;1104 1170 11AF;B6DC;1104 1170 11AF; # (뛜; 뛜; 뛜; 뛜; 뛜; ) HANGUL SYLLABLE DDWEL +B6DD;B6DD;1104 1170 11B0;B6DD;1104 1170 11B0; # (ë›; ë›; 뛝; ë›; 뛝; ) HANGUL SYLLABLE DDWELG +B6DE;B6DE;1104 1170 11B1;B6DE;1104 1170 11B1; # (뛞; 뛞; 뛞; 뛞; 뛞; ) HANGUL SYLLABLE DDWELM +B6DF;B6DF;1104 1170 11B2;B6DF;1104 1170 11B2; # (뛟; 뛟; 뛟; 뛟; 뛟; ) HANGUL SYLLABLE DDWELB +B6E0;B6E0;1104 1170 11B3;B6E0;1104 1170 11B3; # (ë› ; ë› ; 뛠; ë› ; 뛠; ) HANGUL SYLLABLE DDWELS +B6E1;B6E1;1104 1170 11B4;B6E1;1104 1170 11B4; # (뛡; 뛡; 뛡; 뛡; 뛡; ) HANGUL SYLLABLE DDWELT +B6E2;B6E2;1104 1170 11B5;B6E2;1104 1170 11B5; # (뛢; 뛢; 뛢; 뛢; 뛢; ) HANGUL SYLLABLE DDWELP +B6E3;B6E3;1104 1170 11B6;B6E3;1104 1170 11B6; # (뛣; 뛣; 뛣; 뛣; 뛣; ) HANGUL SYLLABLE DDWELH +B6E4;B6E4;1104 1170 11B7;B6E4;1104 1170 11B7; # (뛤; 뛤; 뛤; 뛤; 뛤; ) HANGUL SYLLABLE DDWEM +B6E5;B6E5;1104 1170 11B8;B6E5;1104 1170 11B8; # (뛥; 뛥; 뛥; 뛥; 뛥; ) HANGUL SYLLABLE DDWEB +B6E6;B6E6;1104 1170 11B9;B6E6;1104 1170 11B9; # (뛦; 뛦; 뛦; 뛦; 뛦; ) HANGUL SYLLABLE DDWEBS +B6E7;B6E7;1104 1170 11BA;B6E7;1104 1170 11BA; # (뛧; 뛧; 뛧; 뛧; 뛧; ) HANGUL SYLLABLE DDWES +B6E8;B6E8;1104 1170 11BB;B6E8;1104 1170 11BB; # (뛨; 뛨; 뛨; 뛨; 뛨; ) HANGUL SYLLABLE DDWESS +B6E9;B6E9;1104 1170 11BC;B6E9;1104 1170 11BC; # (뛩; 뛩; 뛩; 뛩; 뛩; ) HANGUL SYLLABLE DDWENG +B6EA;B6EA;1104 1170 11BD;B6EA;1104 1170 11BD; # (뛪; 뛪; 뛪; 뛪; 뛪; ) HANGUL SYLLABLE DDWEJ +B6EB;B6EB;1104 1170 11BE;B6EB;1104 1170 11BE; # (뛫; 뛫; 뛫; 뛫; 뛫; ) HANGUL SYLLABLE DDWEC +B6EC;B6EC;1104 1170 11BF;B6EC;1104 1170 11BF; # (뛬; 뛬; 뛬; 뛬; 뛬; ) HANGUL SYLLABLE DDWEK +B6ED;B6ED;1104 1170 11C0;B6ED;1104 1170 11C0; # (ë›­; ë›­; 뛭; ë›­; 뛭; ) HANGUL SYLLABLE DDWET +B6EE;B6EE;1104 1170 11C1;B6EE;1104 1170 11C1; # (ë›®; ë›®; á„„á…°á‡; ë›®; á„„á…°á‡; ) HANGUL SYLLABLE DDWEP +B6EF;B6EF;1104 1170 11C2;B6EF;1104 1170 11C2; # (뛯; 뛯; 뛯; 뛯; 뛯; ) HANGUL SYLLABLE DDWEH +B6F0;B6F0;1104 1171;B6F0;1104 1171; # (ë›°; ë›°; á„„á…±; ë›°; á„„á…±; ) HANGUL SYLLABLE DDWI +B6F1;B6F1;1104 1171 11A8;B6F1;1104 1171 11A8; # (ë›±; ë›±; 뛱; ë›±; 뛱; ) HANGUL SYLLABLE DDWIG +B6F2;B6F2;1104 1171 11A9;B6F2;1104 1171 11A9; # (뛲; 뛲; 뛲; 뛲; 뛲; ) HANGUL SYLLABLE DDWIGG +B6F3;B6F3;1104 1171 11AA;B6F3;1104 1171 11AA; # (뛳; 뛳; 뛳; 뛳; 뛳; ) HANGUL SYLLABLE DDWIGS +B6F4;B6F4;1104 1171 11AB;B6F4;1104 1171 11AB; # (ë›´; ë›´; 뛴; ë›´; 뛴; ) HANGUL SYLLABLE DDWIN +B6F5;B6F5;1104 1171 11AC;B6F5;1104 1171 11AC; # (뛵; 뛵; 뛵; 뛵; 뛵; ) HANGUL SYLLABLE DDWINJ +B6F6;B6F6;1104 1171 11AD;B6F6;1104 1171 11AD; # (뛶; 뛶; 뛶; 뛶; 뛶; ) HANGUL SYLLABLE DDWINH +B6F7;B6F7;1104 1171 11AE;B6F7;1104 1171 11AE; # (ë›·; ë›·; 뛷; ë›·; 뛷; ) HANGUL SYLLABLE DDWID +B6F8;B6F8;1104 1171 11AF;B6F8;1104 1171 11AF; # (뛸; 뛸; 뛸; 뛸; 뛸; ) HANGUL SYLLABLE DDWIL +B6F9;B6F9;1104 1171 11B0;B6F9;1104 1171 11B0; # (뛹; 뛹; 뛹; 뛹; 뛹; ) HANGUL SYLLABLE DDWILG +B6FA;B6FA;1104 1171 11B1;B6FA;1104 1171 11B1; # (뛺; 뛺; 뛺; 뛺; 뛺; ) HANGUL SYLLABLE DDWILM +B6FB;B6FB;1104 1171 11B2;B6FB;1104 1171 11B2; # (ë›»; ë›»; 뛻; ë›»; 뛻; ) HANGUL SYLLABLE DDWILB +B6FC;B6FC;1104 1171 11B3;B6FC;1104 1171 11B3; # (뛼; 뛼; 뛼; 뛼; 뛼; ) HANGUL SYLLABLE DDWILS +B6FD;B6FD;1104 1171 11B4;B6FD;1104 1171 11B4; # (뛽; 뛽; 뛽; 뛽; 뛽; ) HANGUL SYLLABLE DDWILT +B6FE;B6FE;1104 1171 11B5;B6FE;1104 1171 11B5; # (뛾; 뛾; 뛾; 뛾; 뛾; ) HANGUL SYLLABLE DDWILP +B6FF;B6FF;1104 1171 11B6;B6FF;1104 1171 11B6; # (뛿; 뛿; 뛿; 뛿; 뛿; ) HANGUL SYLLABLE DDWILH +B700;B700;1104 1171 11B7;B700;1104 1171 11B7; # (뜀; 뜀; 뜀; 뜀; 뜀; ) HANGUL SYLLABLE DDWIM +B701;B701;1104 1171 11B8;B701;1104 1171 11B8; # (ëœ; ëœ; 뜁; ëœ; 뜁; ) HANGUL SYLLABLE DDWIB +B702;B702;1104 1171 11B9;B702;1104 1171 11B9; # (뜂; 뜂; 뜂; 뜂; 뜂; ) HANGUL SYLLABLE DDWIBS +B703;B703;1104 1171 11BA;B703;1104 1171 11BA; # (뜃; 뜃; 뜃; 뜃; 뜃; ) HANGUL SYLLABLE DDWIS +B704;B704;1104 1171 11BB;B704;1104 1171 11BB; # (뜄; 뜄; 뜄; 뜄; 뜄; ) HANGUL SYLLABLE DDWISS +B705;B705;1104 1171 11BC;B705;1104 1171 11BC; # (뜅; 뜅; 뜅; 뜅; 뜅; ) HANGUL SYLLABLE DDWING +B706;B706;1104 1171 11BD;B706;1104 1171 11BD; # (뜆; 뜆; 뜆; 뜆; 뜆; ) HANGUL SYLLABLE DDWIJ +B707;B707;1104 1171 11BE;B707;1104 1171 11BE; # (뜇; 뜇; 뜇; 뜇; 뜇; ) HANGUL SYLLABLE DDWIC +B708;B708;1104 1171 11BF;B708;1104 1171 11BF; # (뜈; 뜈; 뜈; 뜈; 뜈; ) HANGUL SYLLABLE DDWIK +B709;B709;1104 1171 11C0;B709;1104 1171 11C0; # (뜉; 뜉; 뜉; 뜉; 뜉; ) HANGUL SYLLABLE DDWIT +B70A;B70A;1104 1171 11C1;B70A;1104 1171 11C1; # (뜊; 뜊; á„„á…±á‡; 뜊; á„„á…±á‡; ) HANGUL SYLLABLE DDWIP +B70B;B70B;1104 1171 11C2;B70B;1104 1171 11C2; # (뜋; 뜋; 뜋; 뜋; 뜋; ) HANGUL SYLLABLE DDWIH +B70C;B70C;1104 1172;B70C;1104 1172; # (뜌; 뜌; á„„á…²; 뜌; á„„á…²; ) HANGUL SYLLABLE DDYU +B70D;B70D;1104 1172 11A8;B70D;1104 1172 11A8; # (ëœ; ëœ; 뜍; ëœ; 뜍; ) HANGUL SYLLABLE DDYUG +B70E;B70E;1104 1172 11A9;B70E;1104 1172 11A9; # (뜎; 뜎; 뜎; 뜎; 뜎; ) HANGUL SYLLABLE DDYUGG +B70F;B70F;1104 1172 11AA;B70F;1104 1172 11AA; # (ëœ; ëœ; 뜏; ëœ; 뜏; ) HANGUL SYLLABLE DDYUGS +B710;B710;1104 1172 11AB;B710;1104 1172 11AB; # (ëœ; ëœ; 뜐; ëœ; 뜐; ) HANGUL SYLLABLE DDYUN +B711;B711;1104 1172 11AC;B711;1104 1172 11AC; # (뜑; 뜑; 뜑; 뜑; 뜑; ) HANGUL SYLLABLE DDYUNJ +B712;B712;1104 1172 11AD;B712;1104 1172 11AD; # (뜒; 뜒; 뜒; 뜒; 뜒; ) HANGUL SYLLABLE DDYUNH +B713;B713;1104 1172 11AE;B713;1104 1172 11AE; # (뜓; 뜓; 뜓; 뜓; 뜓; ) HANGUL SYLLABLE DDYUD +B714;B714;1104 1172 11AF;B714;1104 1172 11AF; # (뜔; 뜔; 뜔; 뜔; 뜔; ) HANGUL SYLLABLE DDYUL +B715;B715;1104 1172 11B0;B715;1104 1172 11B0; # (뜕; 뜕; 뜕; 뜕; 뜕; ) HANGUL SYLLABLE DDYULG +B716;B716;1104 1172 11B1;B716;1104 1172 11B1; # (뜖; 뜖; 뜖; 뜖; 뜖; ) HANGUL SYLLABLE DDYULM +B717;B717;1104 1172 11B2;B717;1104 1172 11B2; # (뜗; 뜗; 뜗; 뜗; 뜗; ) HANGUL SYLLABLE DDYULB +B718;B718;1104 1172 11B3;B718;1104 1172 11B3; # (뜘; 뜘; 뜘; 뜘; 뜘; ) HANGUL SYLLABLE DDYULS +B719;B719;1104 1172 11B4;B719;1104 1172 11B4; # (뜙; 뜙; 뜙; 뜙; 뜙; ) HANGUL SYLLABLE DDYULT +B71A;B71A;1104 1172 11B5;B71A;1104 1172 11B5; # (뜚; 뜚; 뜚; 뜚; 뜚; ) HANGUL SYLLABLE DDYULP +B71B;B71B;1104 1172 11B6;B71B;1104 1172 11B6; # (뜛; 뜛; 뜛; 뜛; 뜛; ) HANGUL SYLLABLE DDYULH +B71C;B71C;1104 1172 11B7;B71C;1104 1172 11B7; # (뜜; 뜜; 뜜; 뜜; 뜜; ) HANGUL SYLLABLE DDYUM +B71D;B71D;1104 1172 11B8;B71D;1104 1172 11B8; # (ëœ; ëœ; 뜝; ëœ; 뜝; ) HANGUL SYLLABLE DDYUB +B71E;B71E;1104 1172 11B9;B71E;1104 1172 11B9; # (뜞; 뜞; 뜞; 뜞; 뜞; ) HANGUL SYLLABLE DDYUBS +B71F;B71F;1104 1172 11BA;B71F;1104 1172 11BA; # (뜟; 뜟; 뜟; 뜟; 뜟; ) HANGUL SYLLABLE DDYUS +B720;B720;1104 1172 11BB;B720;1104 1172 11BB; # (뜠; 뜠; 뜠; 뜠; 뜠; ) HANGUL SYLLABLE DDYUSS +B721;B721;1104 1172 11BC;B721;1104 1172 11BC; # (뜡; 뜡; 뜡; 뜡; 뜡; ) HANGUL SYLLABLE DDYUNG +B722;B722;1104 1172 11BD;B722;1104 1172 11BD; # (뜢; 뜢; 뜢; 뜢; 뜢; ) HANGUL SYLLABLE DDYUJ +B723;B723;1104 1172 11BE;B723;1104 1172 11BE; # (뜣; 뜣; 뜣; 뜣; 뜣; ) HANGUL SYLLABLE DDYUC +B724;B724;1104 1172 11BF;B724;1104 1172 11BF; # (뜤; 뜤; 뜤; 뜤; 뜤; ) HANGUL SYLLABLE DDYUK +B725;B725;1104 1172 11C0;B725;1104 1172 11C0; # (뜥; 뜥; 뜥; 뜥; 뜥; ) HANGUL SYLLABLE DDYUT +B726;B726;1104 1172 11C1;B726;1104 1172 11C1; # (뜦; 뜦; á„„á…²á‡; 뜦; á„„á…²á‡; ) HANGUL SYLLABLE DDYUP +B727;B727;1104 1172 11C2;B727;1104 1172 11C2; # (뜧; 뜧; 뜧; 뜧; 뜧; ) HANGUL SYLLABLE DDYUH +B728;B728;1104 1173;B728;1104 1173; # (뜨; 뜨; á„„á…³; 뜨; á„„á…³; ) HANGUL SYLLABLE DDEU +B729;B729;1104 1173 11A8;B729;1104 1173 11A8; # (뜩; 뜩; 뜩; 뜩; 뜩; ) HANGUL SYLLABLE DDEUG +B72A;B72A;1104 1173 11A9;B72A;1104 1173 11A9; # (뜪; 뜪; 뜪; 뜪; 뜪; ) HANGUL SYLLABLE DDEUGG +B72B;B72B;1104 1173 11AA;B72B;1104 1173 11AA; # (뜫; 뜫; 뜫; 뜫; 뜫; ) HANGUL SYLLABLE DDEUGS +B72C;B72C;1104 1173 11AB;B72C;1104 1173 11AB; # (뜬; 뜬; 뜬; 뜬; 뜬; ) HANGUL SYLLABLE DDEUN +B72D;B72D;1104 1173 11AC;B72D;1104 1173 11AC; # (뜭; 뜭; 뜭; 뜭; 뜭; ) HANGUL SYLLABLE DDEUNJ +B72E;B72E;1104 1173 11AD;B72E;1104 1173 11AD; # (뜮; 뜮; 뜮; 뜮; 뜮; ) HANGUL SYLLABLE DDEUNH +B72F;B72F;1104 1173 11AE;B72F;1104 1173 11AE; # (뜯; 뜯; 뜯; 뜯; 뜯; ) HANGUL SYLLABLE DDEUD +B730;B730;1104 1173 11AF;B730;1104 1173 11AF; # (뜰; 뜰; 뜰; 뜰; 뜰; ) HANGUL SYLLABLE DDEUL +B731;B731;1104 1173 11B0;B731;1104 1173 11B0; # (뜱; 뜱; 뜱; 뜱; 뜱; ) HANGUL SYLLABLE DDEULG +B732;B732;1104 1173 11B1;B732;1104 1173 11B1; # (뜲; 뜲; 뜲; 뜲; 뜲; ) HANGUL SYLLABLE DDEULM +B733;B733;1104 1173 11B2;B733;1104 1173 11B2; # (뜳; 뜳; 뜳; 뜳; 뜳; ) HANGUL SYLLABLE DDEULB +B734;B734;1104 1173 11B3;B734;1104 1173 11B3; # (뜴; 뜴; 뜴; 뜴; 뜴; ) HANGUL SYLLABLE DDEULS +B735;B735;1104 1173 11B4;B735;1104 1173 11B4; # (뜵; 뜵; 뜵; 뜵; 뜵; ) HANGUL SYLLABLE DDEULT +B736;B736;1104 1173 11B5;B736;1104 1173 11B5; # (뜶; 뜶; 뜶; 뜶; 뜶; ) HANGUL SYLLABLE DDEULP +B737;B737;1104 1173 11B6;B737;1104 1173 11B6; # (뜷; 뜷; 뜷; 뜷; 뜷; ) HANGUL SYLLABLE DDEULH +B738;B738;1104 1173 11B7;B738;1104 1173 11B7; # (뜸; 뜸; 뜸; 뜸; 뜸; ) HANGUL SYLLABLE DDEUM +B739;B739;1104 1173 11B8;B739;1104 1173 11B8; # (뜹; 뜹; 뜹; 뜹; 뜹; ) HANGUL SYLLABLE DDEUB +B73A;B73A;1104 1173 11B9;B73A;1104 1173 11B9; # (뜺; 뜺; 뜺; 뜺; 뜺; ) HANGUL SYLLABLE DDEUBS +B73B;B73B;1104 1173 11BA;B73B;1104 1173 11BA; # (뜻; 뜻; 뜻; 뜻; 뜻; ) HANGUL SYLLABLE DDEUS +B73C;B73C;1104 1173 11BB;B73C;1104 1173 11BB; # (뜼; 뜼; 뜼; 뜼; 뜼; ) HANGUL SYLLABLE DDEUSS +B73D;B73D;1104 1173 11BC;B73D;1104 1173 11BC; # (뜽; 뜽; 뜽; 뜽; 뜽; ) HANGUL SYLLABLE DDEUNG +B73E;B73E;1104 1173 11BD;B73E;1104 1173 11BD; # (뜾; 뜾; 뜾; 뜾; 뜾; ) HANGUL SYLLABLE DDEUJ +B73F;B73F;1104 1173 11BE;B73F;1104 1173 11BE; # (뜿; 뜿; 뜿; 뜿; 뜿; ) HANGUL SYLLABLE DDEUC +B740;B740;1104 1173 11BF;B740;1104 1173 11BF; # (ë€; ë€; 띀; ë€; 띀; ) HANGUL SYLLABLE DDEUK +B741;B741;1104 1173 11C0;B741;1104 1173 11C0; # (ë; ë; 띁; ë; 띁; ) HANGUL SYLLABLE DDEUT +B742;B742;1104 1173 11C1;B742;1104 1173 11C1; # (ë‚; ë‚; á„„á…³á‡; ë‚; á„„á…³á‡; ) HANGUL SYLLABLE DDEUP +B743;B743;1104 1173 11C2;B743;1104 1173 11C2; # (ëƒ; ëƒ; 띃; ëƒ; 띃; ) HANGUL SYLLABLE DDEUH +B744;B744;1104 1174;B744;1104 1174; # (ë„; ë„; á„„á…´; ë„; á„„á…´; ) HANGUL SYLLABLE DDYI +B745;B745;1104 1174 11A8;B745;1104 1174 11A8; # (ë…; ë…; 띅; ë…; 띅; ) HANGUL SYLLABLE DDYIG +B746;B746;1104 1174 11A9;B746;1104 1174 11A9; # (ë†; ë†; 띆; ë†; 띆; ) HANGUL SYLLABLE DDYIGG +B747;B747;1104 1174 11AA;B747;1104 1174 11AA; # (ë‡; ë‡; 띇; ë‡; 띇; ) HANGUL SYLLABLE DDYIGS +B748;B748;1104 1174 11AB;B748;1104 1174 11AB; # (ëˆ; ëˆ; 띈; ëˆ; 띈; ) HANGUL SYLLABLE DDYIN +B749;B749;1104 1174 11AC;B749;1104 1174 11AC; # (ë‰; ë‰; 띉; ë‰; 띉; ) HANGUL SYLLABLE DDYINJ +B74A;B74A;1104 1174 11AD;B74A;1104 1174 11AD; # (ëŠ; ëŠ; 띊; ëŠ; 띊; ) HANGUL SYLLABLE DDYINH +B74B;B74B;1104 1174 11AE;B74B;1104 1174 11AE; # (ë‹; ë‹; 띋; ë‹; 띋; ) HANGUL SYLLABLE DDYID +B74C;B74C;1104 1174 11AF;B74C;1104 1174 11AF; # (ëŒ; ëŒ; 띌; ëŒ; 띌; ) HANGUL SYLLABLE DDYIL +B74D;B74D;1104 1174 11B0;B74D;1104 1174 11B0; # (ë; ë; 띍; ë; 띍; ) HANGUL SYLLABLE DDYILG +B74E;B74E;1104 1174 11B1;B74E;1104 1174 11B1; # (ëŽ; ëŽ; 띎; ëŽ; 띎; ) HANGUL SYLLABLE DDYILM +B74F;B74F;1104 1174 11B2;B74F;1104 1174 11B2; # (ë; ë; 띏; ë; 띏; ) HANGUL SYLLABLE DDYILB +B750;B750;1104 1174 11B3;B750;1104 1174 11B3; # (ë; ë; 띐; ë; 띐; ) HANGUL SYLLABLE DDYILS +B751;B751;1104 1174 11B4;B751;1104 1174 11B4; # (ë‘; ë‘; 띑; ë‘; 띑; ) HANGUL SYLLABLE DDYILT +B752;B752;1104 1174 11B5;B752;1104 1174 11B5; # (ë’; ë’; 띒; ë’; 띒; ) HANGUL SYLLABLE DDYILP +B753;B753;1104 1174 11B6;B753;1104 1174 11B6; # (ë“; ë“; 띓; ë“; 띓; ) HANGUL SYLLABLE DDYILH +B754;B754;1104 1174 11B7;B754;1104 1174 11B7; # (ë”; ë”; 띔; ë”; 띔; ) HANGUL SYLLABLE DDYIM +B755;B755;1104 1174 11B8;B755;1104 1174 11B8; # (ë•; ë•; 띕; ë•; 띕; ) HANGUL SYLLABLE DDYIB +B756;B756;1104 1174 11B9;B756;1104 1174 11B9; # (ë–; ë–; 띖; ë–; 띖; ) HANGUL SYLLABLE DDYIBS +B757;B757;1104 1174 11BA;B757;1104 1174 11BA; # (ë—; ë—; 띗; ë—; 띗; ) HANGUL SYLLABLE DDYIS +B758;B758;1104 1174 11BB;B758;1104 1174 11BB; # (ë˜; ë˜; 띘; ë˜; 띘; ) HANGUL SYLLABLE DDYISS +B759;B759;1104 1174 11BC;B759;1104 1174 11BC; # (ë™; ë™; 띙; ë™; 띙; ) HANGUL SYLLABLE DDYING +B75A;B75A;1104 1174 11BD;B75A;1104 1174 11BD; # (ëš; ëš; 띚; ëš; 띚; ) HANGUL SYLLABLE DDYIJ +B75B;B75B;1104 1174 11BE;B75B;1104 1174 11BE; # (ë›; ë›; 띛; ë›; 띛; ) HANGUL SYLLABLE DDYIC +B75C;B75C;1104 1174 11BF;B75C;1104 1174 11BF; # (ëœ; ëœ; 띜; ëœ; 띜; ) HANGUL SYLLABLE DDYIK +B75D;B75D;1104 1174 11C0;B75D;1104 1174 11C0; # (ë; ë; 띝; ë; 띝; ) HANGUL SYLLABLE DDYIT +B75E;B75E;1104 1174 11C1;B75E;1104 1174 11C1; # (ëž; ëž; á„„á…´á‡; ëž; á„„á…´á‡; ) HANGUL SYLLABLE DDYIP +B75F;B75F;1104 1174 11C2;B75F;1104 1174 11C2; # (ëŸ; ëŸ; 띟; ëŸ; 띟; ) HANGUL SYLLABLE DDYIH +B760;B760;1104 1175;B760;1104 1175; # (ë ; ë ; á„„á…µ; ë ; á„„á…µ; ) HANGUL SYLLABLE DDI +B761;B761;1104 1175 11A8;B761;1104 1175 11A8; # (ë¡; ë¡; 띡; ë¡; 띡; ) HANGUL SYLLABLE DDIG +B762;B762;1104 1175 11A9;B762;1104 1175 11A9; # (ë¢; ë¢; 띢; ë¢; 띢; ) HANGUL SYLLABLE DDIGG +B763;B763;1104 1175 11AA;B763;1104 1175 11AA; # (ë£; ë£; 띣; ë£; 띣; ) HANGUL SYLLABLE DDIGS +B764;B764;1104 1175 11AB;B764;1104 1175 11AB; # (ë¤; ë¤; 띤; ë¤; 띤; ) HANGUL SYLLABLE DDIN +B765;B765;1104 1175 11AC;B765;1104 1175 11AC; # (ë¥; ë¥; 띥; ë¥; 띥; ) HANGUL SYLLABLE DDINJ +B766;B766;1104 1175 11AD;B766;1104 1175 11AD; # (ë¦; ë¦; 띦; ë¦; 띦; ) HANGUL SYLLABLE DDINH +B767;B767;1104 1175 11AE;B767;1104 1175 11AE; # (ë§; ë§; 띧; ë§; 띧; ) HANGUL SYLLABLE DDID +B768;B768;1104 1175 11AF;B768;1104 1175 11AF; # (ë¨; ë¨; 띨; ë¨; 띨; ) HANGUL SYLLABLE DDIL +B769;B769;1104 1175 11B0;B769;1104 1175 11B0; # (ë©; ë©; 띩; ë©; 띩; ) HANGUL SYLLABLE DDILG +B76A;B76A;1104 1175 11B1;B76A;1104 1175 11B1; # (ëª; ëª; 띪; ëª; 띪; ) HANGUL SYLLABLE DDILM +B76B;B76B;1104 1175 11B2;B76B;1104 1175 11B2; # (ë«; ë«; 띫; ë«; 띫; ) HANGUL SYLLABLE DDILB +B76C;B76C;1104 1175 11B3;B76C;1104 1175 11B3; # (ë¬; ë¬; 띬; ë¬; 띬; ) HANGUL SYLLABLE DDILS +B76D;B76D;1104 1175 11B4;B76D;1104 1175 11B4; # (ë­; ë­; 띭; ë­; 띭; ) HANGUL SYLLABLE DDILT +B76E;B76E;1104 1175 11B5;B76E;1104 1175 11B5; # (ë®; ë®; 띮; ë®; 띮; ) HANGUL SYLLABLE DDILP +B76F;B76F;1104 1175 11B6;B76F;1104 1175 11B6; # (ë¯; ë¯; 띯; ë¯; 띯; ) HANGUL SYLLABLE DDILH +B770;B770;1104 1175 11B7;B770;1104 1175 11B7; # (ë°; ë°; 띰; ë°; 띰; ) HANGUL SYLLABLE DDIM +B771;B771;1104 1175 11B8;B771;1104 1175 11B8; # (ë±; ë±; 띱; ë±; 띱; ) HANGUL SYLLABLE DDIB +B772;B772;1104 1175 11B9;B772;1104 1175 11B9; # (ë²; ë²; 띲; ë²; 띲; ) HANGUL SYLLABLE DDIBS +B773;B773;1104 1175 11BA;B773;1104 1175 11BA; # (ë³; ë³; 띳; ë³; 띳; ) HANGUL SYLLABLE DDIS +B774;B774;1104 1175 11BB;B774;1104 1175 11BB; # (ë´; ë´; 띴; ë´; 띴; ) HANGUL SYLLABLE DDISS +B775;B775;1104 1175 11BC;B775;1104 1175 11BC; # (ëµ; ëµ; 띵; ëµ; 띵; ) HANGUL SYLLABLE DDING +B776;B776;1104 1175 11BD;B776;1104 1175 11BD; # (ë¶; ë¶; 띶; ë¶; 띶; ) HANGUL SYLLABLE DDIJ +B777;B777;1104 1175 11BE;B777;1104 1175 11BE; # (ë·; ë·; 띷; ë·; 띷; ) HANGUL SYLLABLE DDIC +B778;B778;1104 1175 11BF;B778;1104 1175 11BF; # (ë¸; ë¸; 띸; ë¸; 띸; ) HANGUL SYLLABLE DDIK +B779;B779;1104 1175 11C0;B779;1104 1175 11C0; # (ë¹; ë¹; 띹; ë¹; 띹; ) HANGUL SYLLABLE DDIT +B77A;B77A;1104 1175 11C1;B77A;1104 1175 11C1; # (ëº; ëº; á„„á…µá‡; ëº; á„„á…µá‡; ) HANGUL SYLLABLE DDIP +B77B;B77B;1104 1175 11C2;B77B;1104 1175 11C2; # (ë»; ë»; 띻; ë»; 띻; ) HANGUL SYLLABLE DDIH +B77C;B77C;1105 1161;B77C;1105 1161; # (ë¼; ë¼; á„…á…¡; ë¼; á„…á…¡; ) HANGUL SYLLABLE RA +B77D;B77D;1105 1161 11A8;B77D;1105 1161 11A8; # (ë½; ë½; 락; ë½; 락; ) HANGUL SYLLABLE RAG +B77E;B77E;1105 1161 11A9;B77E;1105 1161 11A9; # (ë¾; ë¾; 띾; ë¾; 띾; ) HANGUL SYLLABLE RAGG +B77F;B77F;1105 1161 11AA;B77F;1105 1161 11AA; # (ë¿; ë¿; 띿; ë¿; 띿; ) HANGUL SYLLABLE RAGS +B780;B780;1105 1161 11AB;B780;1105 1161 11AB; # (란; 란; 란; 란; 란; ) HANGUL SYLLABLE RAN +B781;B781;1105 1161 11AC;B781;1105 1161 11AC; # (ëž; ëž; 랁; ëž; 랁; ) HANGUL SYLLABLE RANJ +B782;B782;1105 1161 11AD;B782;1105 1161 11AD; # (ëž‚; ëž‚; 랂; ëž‚; 랂; ) HANGUL SYLLABLE RANH +B783;B783;1105 1161 11AE;B783;1105 1161 11AE; # (랃; 랃; 랃; 랃; 랃; ) HANGUL SYLLABLE RAD +B784;B784;1105 1161 11AF;B784;1105 1161 11AF; # (ëž„; ëž„; 랄; ëž„; 랄; ) HANGUL SYLLABLE RAL +B785;B785;1105 1161 11B0;B785;1105 1161 11B0; # (ëž…; ëž…; 랅; ëž…; 랅; ) HANGUL SYLLABLE RALG +B786;B786;1105 1161 11B1;B786;1105 1161 11B1; # (랆; 랆; 랆; 랆; 랆; ) HANGUL SYLLABLE RALM +B787;B787;1105 1161 11B2;B787;1105 1161 11B2; # (랇; 랇; 랇; 랇; 랇; ) HANGUL SYLLABLE RALB +B788;B788;1105 1161 11B3;B788;1105 1161 11B3; # (랈; 랈; 랈; 랈; 랈; ) HANGUL SYLLABLE RALS +B789;B789;1105 1161 11B4;B789;1105 1161 11B4; # (랉; 랉; 랉; 랉; 랉; ) HANGUL SYLLABLE RALT +B78A;B78A;1105 1161 11B5;B78A;1105 1161 11B5; # (랊; 랊; 랊; 랊; 랊; ) HANGUL SYLLABLE RALP +B78B;B78B;1105 1161 11B6;B78B;1105 1161 11B6; # (ëž‹; ëž‹; 랋; ëž‹; 랋; ) HANGUL SYLLABLE RALH +B78C;B78C;1105 1161 11B7;B78C;1105 1161 11B7; # (람; 람; 람; 람; 람; ) HANGUL SYLLABLE RAM +B78D;B78D;1105 1161 11B8;B78D;1105 1161 11B8; # (ëž; ëž; 랍; ëž; 랍; ) HANGUL SYLLABLE RAB +B78E;B78E;1105 1161 11B9;B78E;1105 1161 11B9; # (랎; 랎; 랎; 랎; 랎; ) HANGUL SYLLABLE RABS +B78F;B78F;1105 1161 11BA;B78F;1105 1161 11BA; # (ëž; ëž; 랏; ëž; 랏; ) HANGUL SYLLABLE RAS +B790;B790;1105 1161 11BB;B790;1105 1161 11BB; # (ëž; ëž; 랐; ëž; 랐; ) HANGUL SYLLABLE RASS +B791;B791;1105 1161 11BC;B791;1105 1161 11BC; # (ëž‘; ëž‘; 랑; ëž‘; 랑; ) HANGUL SYLLABLE RANG +B792;B792;1105 1161 11BD;B792;1105 1161 11BD; # (ëž’; ëž’; 랒; ëž’; 랒; ) HANGUL SYLLABLE RAJ +B793;B793;1105 1161 11BE;B793;1105 1161 11BE; # (ëž“; ëž“; 랓; ëž“; 랓; ) HANGUL SYLLABLE RAC +B794;B794;1105 1161 11BF;B794;1105 1161 11BF; # (ëž”; ëž”; 랔; ëž”; 랔; ) HANGUL SYLLABLE RAK +B795;B795;1105 1161 11C0;B795;1105 1161 11C0; # (ëž•; ëž•; 랕; ëž•; 랕; ) HANGUL SYLLABLE RAT +B796;B796;1105 1161 11C1;B796;1105 1161 11C1; # (ëž–; ëž–; á„…á…¡á‡; ëž–; á„…á…¡á‡; ) HANGUL SYLLABLE RAP +B797;B797;1105 1161 11C2;B797;1105 1161 11C2; # (ëž—; ëž—; 랗; ëž—; 랗; ) HANGUL SYLLABLE RAH +B798;B798;1105 1162;B798;1105 1162; # (래; 래; á„…á…¢; 래; á„…á…¢; ) HANGUL SYLLABLE RAE +B799;B799;1105 1162 11A8;B799;1105 1162 11A8; # (ëž™; ëž™; 랙; ëž™; 랙; ) HANGUL SYLLABLE RAEG +B79A;B79A;1105 1162 11A9;B79A;1105 1162 11A9; # (ëžš; ëžš; 랚; ëžš; 랚; ) HANGUL SYLLABLE RAEGG +B79B;B79B;1105 1162 11AA;B79B;1105 1162 11AA; # (ëž›; ëž›; 랛; ëž›; 랛; ) HANGUL SYLLABLE RAEGS +B79C;B79C;1105 1162 11AB;B79C;1105 1162 11AB; # (ëžœ; ëžœ; 랜; ëžœ; 랜; ) HANGUL SYLLABLE RAEN +B79D;B79D;1105 1162 11AC;B79D;1105 1162 11AC; # (ëž; ëž; 랝; ëž; 랝; ) HANGUL SYLLABLE RAENJ +B79E;B79E;1105 1162 11AD;B79E;1105 1162 11AD; # (ëžž; ëžž; 랞; ëžž; 랞; ) HANGUL SYLLABLE RAENH +B79F;B79F;1105 1162 11AE;B79F;1105 1162 11AE; # (랟; 랟; 랟; 랟; 랟; ) HANGUL SYLLABLE RAED +B7A0;B7A0;1105 1162 11AF;B7A0;1105 1162 11AF; # (ëž ; ëž ; 랠; ëž ; 랠; ) HANGUL SYLLABLE RAEL +B7A1;B7A1;1105 1162 11B0;B7A1;1105 1162 11B0; # (ëž¡; ëž¡; 랡; ëž¡; 랡; ) HANGUL SYLLABLE RAELG +B7A2;B7A2;1105 1162 11B1;B7A2;1105 1162 11B1; # (랢; 랢; 랢; 랢; 랢; ) HANGUL SYLLABLE RAELM +B7A3;B7A3;1105 1162 11B2;B7A3;1105 1162 11B2; # (랣; 랣; 랣; 랣; 랣; ) HANGUL SYLLABLE RAELB +B7A4;B7A4;1105 1162 11B3;B7A4;1105 1162 11B3; # (랤; 랤; 랤; 랤; 랤; ) HANGUL SYLLABLE RAELS +B7A5;B7A5;1105 1162 11B4;B7A5;1105 1162 11B4; # (랥; 랥; 랥; 랥; 랥; ) HANGUL SYLLABLE RAELT +B7A6;B7A6;1105 1162 11B5;B7A6;1105 1162 11B5; # (랦; 랦; 랦; 랦; 랦; ) HANGUL SYLLABLE RAELP +B7A7;B7A7;1105 1162 11B6;B7A7;1105 1162 11B6; # (랧; 랧; 랧; 랧; 랧; ) HANGUL SYLLABLE RAELH +B7A8;B7A8;1105 1162 11B7;B7A8;1105 1162 11B7; # (램; 램; 램; 램; 램; ) HANGUL SYLLABLE RAEM +B7A9;B7A9;1105 1162 11B8;B7A9;1105 1162 11B8; # (ëž©; ëž©; 랩; ëž©; 랩; ) HANGUL SYLLABLE RAEB +B7AA;B7AA;1105 1162 11B9;B7AA;1105 1162 11B9; # (랪; 랪; 랪; 랪; 랪; ) HANGUL SYLLABLE RAEBS +B7AB;B7AB;1105 1162 11BA;B7AB;1105 1162 11BA; # (ëž«; ëž«; 랫; ëž«; 랫; ) HANGUL SYLLABLE RAES +B7AC;B7AC;1105 1162 11BB;B7AC;1105 1162 11BB; # (랬; 랬; 랬; 랬; 랬; ) HANGUL SYLLABLE RAESS +B7AD;B7AD;1105 1162 11BC;B7AD;1105 1162 11BC; # (ëž­; ëž­; 랭; ëž­; 랭; ) HANGUL SYLLABLE RAENG +B7AE;B7AE;1105 1162 11BD;B7AE;1105 1162 11BD; # (ëž®; ëž®; 랮; ëž®; 랮; ) HANGUL SYLLABLE RAEJ +B7AF;B7AF;1105 1162 11BE;B7AF;1105 1162 11BE; # (랯; 랯; 랯; 랯; 랯; ) HANGUL SYLLABLE RAEC +B7B0;B7B0;1105 1162 11BF;B7B0;1105 1162 11BF; # (ëž°; ëž°; 랰; ëž°; 랰; ) HANGUL SYLLABLE RAEK +B7B1;B7B1;1105 1162 11C0;B7B1;1105 1162 11C0; # (ëž±; ëž±; 랱; ëž±; 랱; ) HANGUL SYLLABLE RAET +B7B2;B7B2;1105 1162 11C1;B7B2;1105 1162 11C1; # (ëž²; ëž²; á„…á…¢á‡; ëž²; á„…á…¢á‡; ) HANGUL SYLLABLE RAEP +B7B3;B7B3;1105 1162 11C2;B7B3;1105 1162 11C2; # (ëž³; ëž³; 랳; ëž³; 랳; ) HANGUL SYLLABLE RAEH +B7B4;B7B4;1105 1163;B7B4;1105 1163; # (ëž´; ëž´; á„…á…£; ëž´; á„…á…£; ) HANGUL SYLLABLE RYA +B7B5;B7B5;1105 1163 11A8;B7B5;1105 1163 11A8; # (ëžµ; ëžµ; 략; ëžµ; 략; ) HANGUL SYLLABLE RYAG +B7B6;B7B6;1105 1163 11A9;B7B6;1105 1163 11A9; # (랶; 랶; 랶; 랶; 랶; ) HANGUL SYLLABLE RYAGG +B7B7;B7B7;1105 1163 11AA;B7B7;1105 1163 11AA; # (ëž·; ëž·; 랷; ëž·; 랷; ) HANGUL SYLLABLE RYAGS +B7B8;B7B8;1105 1163 11AB;B7B8;1105 1163 11AB; # (랸; 랸; 랸; 랸; 랸; ) HANGUL SYLLABLE RYAN +B7B9;B7B9;1105 1163 11AC;B7B9;1105 1163 11AC; # (ëž¹; ëž¹; 랹; ëž¹; 랹; ) HANGUL SYLLABLE RYANJ +B7BA;B7BA;1105 1163 11AD;B7BA;1105 1163 11AD; # (랺; 랺; 랺; 랺; 랺; ) HANGUL SYLLABLE RYANH +B7BB;B7BB;1105 1163 11AE;B7BB;1105 1163 11AE; # (ëž»; ëž»; 랻; ëž»; 랻; ) HANGUL SYLLABLE RYAD +B7BC;B7BC;1105 1163 11AF;B7BC;1105 1163 11AF; # (ëž¼; ëž¼; 랼; ëž¼; 랼; ) HANGUL SYLLABLE RYAL +B7BD;B7BD;1105 1163 11B0;B7BD;1105 1163 11B0; # (ëž½; ëž½; 랽; ëž½; 랽; ) HANGUL SYLLABLE RYALG +B7BE;B7BE;1105 1163 11B1;B7BE;1105 1163 11B1; # (ëž¾; ëž¾; 랾; ëž¾; 랾; ) HANGUL SYLLABLE RYALM +B7BF;B7BF;1105 1163 11B2;B7BF;1105 1163 11B2; # (ëž¿; ëž¿; 랿; ëž¿; 랿; ) HANGUL SYLLABLE RYALB +B7C0;B7C0;1105 1163 11B3;B7C0;1105 1163 11B3; # (럀; 럀; 럀; 럀; 럀; ) HANGUL SYLLABLE RYALS +B7C1;B7C1;1105 1163 11B4;B7C1;1105 1163 11B4; # (ëŸ; ëŸ; 럁; ëŸ; 럁; ) HANGUL SYLLABLE RYALT +B7C2;B7C2;1105 1163 11B5;B7C2;1105 1163 11B5; # (럂; 럂; 럂; 럂; 럂; ) HANGUL SYLLABLE RYALP +B7C3;B7C3;1105 1163 11B6;B7C3;1105 1163 11B6; # (럃; 럃; 럃; 럃; 럃; ) HANGUL SYLLABLE RYALH +B7C4;B7C4;1105 1163 11B7;B7C4;1105 1163 11B7; # (럄; 럄; 럄; 럄; 럄; ) HANGUL SYLLABLE RYAM +B7C5;B7C5;1105 1163 11B8;B7C5;1105 1163 11B8; # (럅; 럅; 럅; 럅; 럅; ) HANGUL SYLLABLE RYAB +B7C6;B7C6;1105 1163 11B9;B7C6;1105 1163 11B9; # (럆; 럆; 럆; 럆; 럆; ) HANGUL SYLLABLE RYABS +B7C7;B7C7;1105 1163 11BA;B7C7;1105 1163 11BA; # (럇; 럇; 럇; 럇; 럇; ) HANGUL SYLLABLE RYAS +B7C8;B7C8;1105 1163 11BB;B7C8;1105 1163 11BB; # (럈; 럈; 럈; 럈; 럈; ) HANGUL SYLLABLE RYASS +B7C9;B7C9;1105 1163 11BC;B7C9;1105 1163 11BC; # (량; 량; 량; 량; 량; ) HANGUL SYLLABLE RYANG +B7CA;B7CA;1105 1163 11BD;B7CA;1105 1163 11BD; # (럊; 럊; 럊; 럊; 럊; ) HANGUL SYLLABLE RYAJ +B7CB;B7CB;1105 1163 11BE;B7CB;1105 1163 11BE; # (럋; 럋; 럋; 럋; 럋; ) HANGUL SYLLABLE RYAC +B7CC;B7CC;1105 1163 11BF;B7CC;1105 1163 11BF; # (럌; 럌; 럌; 럌; 럌; ) HANGUL SYLLABLE RYAK +B7CD;B7CD;1105 1163 11C0;B7CD;1105 1163 11C0; # (ëŸ; ëŸ; 럍; ëŸ; 럍; ) HANGUL SYLLABLE RYAT +B7CE;B7CE;1105 1163 11C1;B7CE;1105 1163 11C1; # (럎; 럎; á„…á…£á‡; 럎; á„…á…£á‡; ) HANGUL SYLLABLE RYAP +B7CF;B7CF;1105 1163 11C2;B7CF;1105 1163 11C2; # (ëŸ; ëŸ; 럏; ëŸ; 럏; ) HANGUL SYLLABLE RYAH +B7D0;B7D0;1105 1164;B7D0;1105 1164; # (ëŸ; ëŸ; á„…á…¤; ëŸ; á„…á…¤; ) HANGUL SYLLABLE RYAE +B7D1;B7D1;1105 1164 11A8;B7D1;1105 1164 11A8; # (럑; 럑; 럑; 럑; 럑; ) HANGUL SYLLABLE RYAEG +B7D2;B7D2;1105 1164 11A9;B7D2;1105 1164 11A9; # (럒; 럒; 럒; 럒; 럒; ) HANGUL SYLLABLE RYAEGG +B7D3;B7D3;1105 1164 11AA;B7D3;1105 1164 11AA; # (럓; 럓; 럓; 럓; 럓; ) HANGUL SYLLABLE RYAEGS +B7D4;B7D4;1105 1164 11AB;B7D4;1105 1164 11AB; # (럔; 럔; 럔; 럔; 럔; ) HANGUL SYLLABLE RYAEN +B7D5;B7D5;1105 1164 11AC;B7D5;1105 1164 11AC; # (럕; 럕; 럕; 럕; 럕; ) HANGUL SYLLABLE RYAENJ +B7D6;B7D6;1105 1164 11AD;B7D6;1105 1164 11AD; # (럖; 럖; 럖; 럖; 럖; ) HANGUL SYLLABLE RYAENH +B7D7;B7D7;1105 1164 11AE;B7D7;1105 1164 11AE; # (럗; 럗; 럗; 럗; 럗; ) HANGUL SYLLABLE RYAED +B7D8;B7D8;1105 1164 11AF;B7D8;1105 1164 11AF; # (럘; 럘; 럘; 럘; 럘; ) HANGUL SYLLABLE RYAEL +B7D9;B7D9;1105 1164 11B0;B7D9;1105 1164 11B0; # (럙; 럙; 럙; 럙; 럙; ) HANGUL SYLLABLE RYAELG +B7DA;B7DA;1105 1164 11B1;B7DA;1105 1164 11B1; # (럚; 럚; 럚; 럚; 럚; ) HANGUL SYLLABLE RYAELM +B7DB;B7DB;1105 1164 11B2;B7DB;1105 1164 11B2; # (럛; 럛; 럛; 럛; 럛; ) HANGUL SYLLABLE RYAELB +B7DC;B7DC;1105 1164 11B3;B7DC;1105 1164 11B3; # (럜; 럜; 럜; 럜; 럜; ) HANGUL SYLLABLE RYAELS +B7DD;B7DD;1105 1164 11B4;B7DD;1105 1164 11B4; # (ëŸ; ëŸ; 럝; ëŸ; 럝; ) HANGUL SYLLABLE RYAELT +B7DE;B7DE;1105 1164 11B5;B7DE;1105 1164 11B5; # (럞; 럞; 럞; 럞; 럞; ) HANGUL SYLLABLE RYAELP +B7DF;B7DF;1105 1164 11B6;B7DF;1105 1164 11B6; # (럟; 럟; 럟; 럟; 럟; ) HANGUL SYLLABLE RYAELH +B7E0;B7E0;1105 1164 11B7;B7E0;1105 1164 11B7; # (럠; 럠; 럠; 럠; 럠; ) HANGUL SYLLABLE RYAEM +B7E1;B7E1;1105 1164 11B8;B7E1;1105 1164 11B8; # (럡; 럡; 럡; 럡; 럡; ) HANGUL SYLLABLE RYAEB +B7E2;B7E2;1105 1164 11B9;B7E2;1105 1164 11B9; # (럢; 럢; 럢; 럢; 럢; ) HANGUL SYLLABLE RYAEBS +B7E3;B7E3;1105 1164 11BA;B7E3;1105 1164 11BA; # (럣; 럣; 럣; 럣; 럣; ) HANGUL SYLLABLE RYAES +B7E4;B7E4;1105 1164 11BB;B7E4;1105 1164 11BB; # (럤; 럤; 럤; 럤; 럤; ) HANGUL SYLLABLE RYAESS +B7E5;B7E5;1105 1164 11BC;B7E5;1105 1164 11BC; # (럥; 럥; 럥; 럥; 럥; ) HANGUL SYLLABLE RYAENG +B7E6;B7E6;1105 1164 11BD;B7E6;1105 1164 11BD; # (럦; 럦; 럦; 럦; 럦; ) HANGUL SYLLABLE RYAEJ +B7E7;B7E7;1105 1164 11BE;B7E7;1105 1164 11BE; # (럧; 럧; 럧; 럧; 럧; ) HANGUL SYLLABLE RYAEC +B7E8;B7E8;1105 1164 11BF;B7E8;1105 1164 11BF; # (럨; 럨; 럨; 럨; 럨; ) HANGUL SYLLABLE RYAEK +B7E9;B7E9;1105 1164 11C0;B7E9;1105 1164 11C0; # (럩; 럩; 럩; 럩; 럩; ) HANGUL SYLLABLE RYAET +B7EA;B7EA;1105 1164 11C1;B7EA;1105 1164 11C1; # (럪; 럪; á„…á…¤á‡; 럪; á„…á…¤á‡; ) HANGUL SYLLABLE RYAEP +B7EB;B7EB;1105 1164 11C2;B7EB;1105 1164 11C2; # (럫; 럫; 럫; 럫; 럫; ) HANGUL SYLLABLE RYAEH +B7EC;B7EC;1105 1165;B7EC;1105 1165; # (러; 러; á„…á…¥; 러; á„…á…¥; ) HANGUL SYLLABLE REO +B7ED;B7ED;1105 1165 11A8;B7ED;1105 1165 11A8; # (럭; 럭; 럭; 럭; 럭; ) HANGUL SYLLABLE REOG +B7EE;B7EE;1105 1165 11A9;B7EE;1105 1165 11A9; # (럮; 럮; 럮; 럮; 럮; ) HANGUL SYLLABLE REOGG +B7EF;B7EF;1105 1165 11AA;B7EF;1105 1165 11AA; # (럯; 럯; 럯; 럯; 럯; ) HANGUL SYLLABLE REOGS +B7F0;B7F0;1105 1165 11AB;B7F0;1105 1165 11AB; # (런; 런; 런; 런; 런; ) HANGUL SYLLABLE REON +B7F1;B7F1;1105 1165 11AC;B7F1;1105 1165 11AC; # (럱; 럱; 럱; 럱; 럱; ) HANGUL SYLLABLE REONJ +B7F2;B7F2;1105 1165 11AD;B7F2;1105 1165 11AD; # (럲; 럲; 럲; 럲; 럲; ) HANGUL SYLLABLE REONH +B7F3;B7F3;1105 1165 11AE;B7F3;1105 1165 11AE; # (럳; 럳; 럳; 럳; 럳; ) HANGUL SYLLABLE REOD +B7F4;B7F4;1105 1165 11AF;B7F4;1105 1165 11AF; # (럴; 럴; 럴; 럴; 럴; ) HANGUL SYLLABLE REOL +B7F5;B7F5;1105 1165 11B0;B7F5;1105 1165 11B0; # (럵; 럵; 럵; 럵; 럵; ) HANGUL SYLLABLE REOLG +B7F6;B7F6;1105 1165 11B1;B7F6;1105 1165 11B1; # (럶; 럶; 럶; 럶; 럶; ) HANGUL SYLLABLE REOLM +B7F7;B7F7;1105 1165 11B2;B7F7;1105 1165 11B2; # (럷; 럷; 럷; 럷; 럷; ) HANGUL SYLLABLE REOLB +B7F8;B7F8;1105 1165 11B3;B7F8;1105 1165 11B3; # (럸; 럸; 럸; 럸; 럸; ) HANGUL SYLLABLE REOLS +B7F9;B7F9;1105 1165 11B4;B7F9;1105 1165 11B4; # (럹; 럹; 럹; 럹; 럹; ) HANGUL SYLLABLE REOLT +B7FA;B7FA;1105 1165 11B5;B7FA;1105 1165 11B5; # (럺; 럺; 럺; 럺; 럺; ) HANGUL SYLLABLE REOLP +B7FB;B7FB;1105 1165 11B6;B7FB;1105 1165 11B6; # (럻; 럻; 럻; 럻; 럻; ) HANGUL SYLLABLE REOLH +B7FC;B7FC;1105 1165 11B7;B7FC;1105 1165 11B7; # (럼; 럼; 럼; 럼; 럼; ) HANGUL SYLLABLE REOM +B7FD;B7FD;1105 1165 11B8;B7FD;1105 1165 11B8; # (럽; 럽; 럽; 럽; 럽; ) HANGUL SYLLABLE REOB +B7FE;B7FE;1105 1165 11B9;B7FE;1105 1165 11B9; # (럾; 럾; 럾; 럾; 럾; ) HANGUL SYLLABLE REOBS +B7FF;B7FF;1105 1165 11BA;B7FF;1105 1165 11BA; # (럿; 럿; 럿; 럿; 럿; ) HANGUL SYLLABLE REOS +B800;B800;1105 1165 11BB;B800;1105 1165 11BB; # (ë €; ë €; 렀; ë €; 렀; ) HANGUL SYLLABLE REOSS +B801;B801;1105 1165 11BC;B801;1105 1165 11BC; # (ë ; ë ; 렁; ë ; 렁; ) HANGUL SYLLABLE REONG +B802;B802;1105 1165 11BD;B802;1105 1165 11BD; # (ë ‚; ë ‚; 렂; ë ‚; 렂; ) HANGUL SYLLABLE REOJ +B803;B803;1105 1165 11BE;B803;1105 1165 11BE; # (ë ƒ; ë ƒ; 렃; ë ƒ; 렃; ) HANGUL SYLLABLE REOC +B804;B804;1105 1165 11BF;B804;1105 1165 11BF; # (ë „; ë „; 렄; ë „; 렄; ) HANGUL SYLLABLE REOK +B805;B805;1105 1165 11C0;B805;1105 1165 11C0; # (ë …; ë …; 렅; ë …; 렅; ) HANGUL SYLLABLE REOT +B806;B806;1105 1165 11C1;B806;1105 1165 11C1; # (ë †; ë †; á„…á…¥á‡; ë †; á„…á…¥á‡; ) HANGUL SYLLABLE REOP +B807;B807;1105 1165 11C2;B807;1105 1165 11C2; # (ë ‡; ë ‡; 렇; ë ‡; 렇; ) HANGUL SYLLABLE REOH +B808;B808;1105 1166;B808;1105 1166; # (ë ˆ; ë ˆ; á„…á…¦; ë ˆ; á„…á…¦; ) HANGUL SYLLABLE RE +B809;B809;1105 1166 11A8;B809;1105 1166 11A8; # (ë ‰; ë ‰; 렉; ë ‰; 렉; ) HANGUL SYLLABLE REG +B80A;B80A;1105 1166 11A9;B80A;1105 1166 11A9; # (ë Š; ë Š; 렊; ë Š; 렊; ) HANGUL SYLLABLE REGG +B80B;B80B;1105 1166 11AA;B80B;1105 1166 11AA; # (ë ‹; ë ‹; 렋; ë ‹; 렋; ) HANGUL SYLLABLE REGS +B80C;B80C;1105 1166 11AB;B80C;1105 1166 11AB; # (ë Œ; ë Œ; 렌; ë Œ; 렌; ) HANGUL SYLLABLE REN +B80D;B80D;1105 1166 11AC;B80D;1105 1166 11AC; # (ë ; ë ; 렍; ë ; 렍; ) HANGUL SYLLABLE RENJ +B80E;B80E;1105 1166 11AD;B80E;1105 1166 11AD; # (ë Ž; ë Ž; 렎; ë Ž; 렎; ) HANGUL SYLLABLE RENH +B80F;B80F;1105 1166 11AE;B80F;1105 1166 11AE; # (ë ; ë ; 렏; ë ; 렏; ) HANGUL SYLLABLE RED +B810;B810;1105 1166 11AF;B810;1105 1166 11AF; # (ë ; ë ; 렐; ë ; 렐; ) HANGUL SYLLABLE REL +B811;B811;1105 1166 11B0;B811;1105 1166 11B0; # (ë ‘; ë ‘; 렑; ë ‘; 렑; ) HANGUL SYLLABLE RELG +B812;B812;1105 1166 11B1;B812;1105 1166 11B1; # (ë ’; ë ’; 렒; ë ’; 렒; ) HANGUL SYLLABLE RELM +B813;B813;1105 1166 11B2;B813;1105 1166 11B2; # (ë “; ë “; 렓; ë “; 렓; ) HANGUL SYLLABLE RELB +B814;B814;1105 1166 11B3;B814;1105 1166 11B3; # (ë ”; ë ”; 렔; ë ”; 렔; ) HANGUL SYLLABLE RELS +B815;B815;1105 1166 11B4;B815;1105 1166 11B4; # (ë •; ë •; 렕; ë •; 렕; ) HANGUL SYLLABLE RELT +B816;B816;1105 1166 11B5;B816;1105 1166 11B5; # (ë –; ë –; 렖; ë –; 렖; ) HANGUL SYLLABLE RELP +B817;B817;1105 1166 11B6;B817;1105 1166 11B6; # (ë —; ë —; 렗; ë —; 렗; ) HANGUL SYLLABLE RELH +B818;B818;1105 1166 11B7;B818;1105 1166 11B7; # (ë ˜; ë ˜; 렘; ë ˜; 렘; ) HANGUL SYLLABLE REM +B819;B819;1105 1166 11B8;B819;1105 1166 11B8; # (ë ™; ë ™; 렙; ë ™; 렙; ) HANGUL SYLLABLE REB +B81A;B81A;1105 1166 11B9;B81A;1105 1166 11B9; # (ë š; ë š; 렚; ë š; 렚; ) HANGUL SYLLABLE REBS +B81B;B81B;1105 1166 11BA;B81B;1105 1166 11BA; # (ë ›; ë ›; 렛; ë ›; 렛; ) HANGUL SYLLABLE RES +B81C;B81C;1105 1166 11BB;B81C;1105 1166 11BB; # (ë œ; ë œ; 렜; ë œ; 렜; ) HANGUL SYLLABLE RESS +B81D;B81D;1105 1166 11BC;B81D;1105 1166 11BC; # (ë ; ë ; 렝; ë ; 렝; ) HANGUL SYLLABLE RENG +B81E;B81E;1105 1166 11BD;B81E;1105 1166 11BD; # (ë ž; ë ž; 렞; ë ž; 렞; ) HANGUL SYLLABLE REJ +B81F;B81F;1105 1166 11BE;B81F;1105 1166 11BE; # (ë Ÿ; ë Ÿ; 렟; ë Ÿ; 렟; ) HANGUL SYLLABLE REC +B820;B820;1105 1166 11BF;B820;1105 1166 11BF; # (ë  ; ë  ; 렠; ë  ; 렠; ) HANGUL SYLLABLE REK +B821;B821;1105 1166 11C0;B821;1105 1166 11C0; # (ë ¡; ë ¡; 렡; ë ¡; 렡; ) HANGUL SYLLABLE RET +B822;B822;1105 1166 11C1;B822;1105 1166 11C1; # (ë ¢; ë ¢; á„…á…¦á‡; ë ¢; á„…á…¦á‡; ) HANGUL SYLLABLE REP +B823;B823;1105 1166 11C2;B823;1105 1166 11C2; # (ë £; ë £; 렣; ë £; 렣; ) HANGUL SYLLABLE REH +B824;B824;1105 1167;B824;1105 1167; # (ë ¤; ë ¤; á„…á…§; ë ¤; á„…á…§; ) HANGUL SYLLABLE RYEO +B825;B825;1105 1167 11A8;B825;1105 1167 11A8; # (ë ¥; ë ¥; 력; ë ¥; 력; ) HANGUL SYLLABLE RYEOG +B826;B826;1105 1167 11A9;B826;1105 1167 11A9; # (ë ¦; ë ¦; 렦; ë ¦; 렦; ) HANGUL SYLLABLE RYEOGG +B827;B827;1105 1167 11AA;B827;1105 1167 11AA; # (ë §; ë §; 렧; ë §; 렧; ) HANGUL SYLLABLE RYEOGS +B828;B828;1105 1167 11AB;B828;1105 1167 11AB; # (ë ¨; ë ¨; 련; ë ¨; 련; ) HANGUL SYLLABLE RYEON +B829;B829;1105 1167 11AC;B829;1105 1167 11AC; # (ë ©; ë ©; 렩; ë ©; 렩; ) HANGUL SYLLABLE RYEONJ +B82A;B82A;1105 1167 11AD;B82A;1105 1167 11AD; # (ë ª; ë ª; 렪; ë ª; 렪; ) HANGUL SYLLABLE RYEONH +B82B;B82B;1105 1167 11AE;B82B;1105 1167 11AE; # (ë «; ë «; 렫; ë «; 렫; ) HANGUL SYLLABLE RYEOD +B82C;B82C;1105 1167 11AF;B82C;1105 1167 11AF; # (ë ¬; ë ¬; 렬; ë ¬; 렬; ) HANGUL SYLLABLE RYEOL +B82D;B82D;1105 1167 11B0;B82D;1105 1167 11B0; # (ë ­; ë ­; 렭; ë ­; 렭; ) HANGUL SYLLABLE RYEOLG +B82E;B82E;1105 1167 11B1;B82E;1105 1167 11B1; # (ë ®; ë ®; 렮; ë ®; 렮; ) HANGUL SYLLABLE RYEOLM +B82F;B82F;1105 1167 11B2;B82F;1105 1167 11B2; # (ë ¯; ë ¯; 렯; ë ¯; 렯; ) HANGUL SYLLABLE RYEOLB +B830;B830;1105 1167 11B3;B830;1105 1167 11B3; # (ë °; ë °; 렰; ë °; 렰; ) HANGUL SYLLABLE RYEOLS +B831;B831;1105 1167 11B4;B831;1105 1167 11B4; # (ë ±; ë ±; 렱; ë ±; 렱; ) HANGUL SYLLABLE RYEOLT +B832;B832;1105 1167 11B5;B832;1105 1167 11B5; # (ë ²; ë ²; 렲; ë ²; 렲; ) HANGUL SYLLABLE RYEOLP +B833;B833;1105 1167 11B6;B833;1105 1167 11B6; # (ë ³; ë ³; 렳; ë ³; 렳; ) HANGUL SYLLABLE RYEOLH +B834;B834;1105 1167 11B7;B834;1105 1167 11B7; # (ë ´; ë ´; 렴; ë ´; 렴; ) HANGUL SYLLABLE RYEOM +B835;B835;1105 1167 11B8;B835;1105 1167 11B8; # (ë µ; ë µ; 렵; ë µ; 렵; ) HANGUL SYLLABLE RYEOB +B836;B836;1105 1167 11B9;B836;1105 1167 11B9; # (ë ¶; ë ¶; 렶; ë ¶; 렶; ) HANGUL SYLLABLE RYEOBS +B837;B837;1105 1167 11BA;B837;1105 1167 11BA; # (ë ·; ë ·; 렷; ë ·; 렷; ) HANGUL SYLLABLE RYEOS +B838;B838;1105 1167 11BB;B838;1105 1167 11BB; # (ë ¸; ë ¸; 렸; ë ¸; 렸; ) HANGUL SYLLABLE RYEOSS +B839;B839;1105 1167 11BC;B839;1105 1167 11BC; # (ë ¹; ë ¹; 령; ë ¹; 령; ) HANGUL SYLLABLE RYEONG +B83A;B83A;1105 1167 11BD;B83A;1105 1167 11BD; # (ë º; ë º; 렺; ë º; 렺; ) HANGUL SYLLABLE RYEOJ +B83B;B83B;1105 1167 11BE;B83B;1105 1167 11BE; # (ë »; ë »; 렻; ë »; 렻; ) HANGUL SYLLABLE RYEOC +B83C;B83C;1105 1167 11BF;B83C;1105 1167 11BF; # (ë ¼; ë ¼; 렼; ë ¼; 렼; ) HANGUL SYLLABLE RYEOK +B83D;B83D;1105 1167 11C0;B83D;1105 1167 11C0; # (ë ½; ë ½; 렽; ë ½; 렽; ) HANGUL SYLLABLE RYEOT +B83E;B83E;1105 1167 11C1;B83E;1105 1167 11C1; # (ë ¾; ë ¾; á„…á…§á‡; ë ¾; á„…á…§á‡; ) HANGUL SYLLABLE RYEOP +B83F;B83F;1105 1167 11C2;B83F;1105 1167 11C2; # (ë ¿; ë ¿; 렿; ë ¿; 렿; ) HANGUL SYLLABLE RYEOH +B840;B840;1105 1168;B840;1105 1168; # (ë¡€; ë¡€; á„…á…¨; ë¡€; á„…á…¨; ) HANGUL SYLLABLE RYE +B841;B841;1105 1168 11A8;B841;1105 1168 11A8; # (ë¡; ë¡; 롁; ë¡; 롁; ) HANGUL SYLLABLE RYEG +B842;B842;1105 1168 11A9;B842;1105 1168 11A9; # (ë¡‚; ë¡‚; 롂; ë¡‚; 롂; ) HANGUL SYLLABLE RYEGG +B843;B843;1105 1168 11AA;B843;1105 1168 11AA; # (롃; 롃; 롃; 롃; 롃; ) HANGUL SYLLABLE RYEGS +B844;B844;1105 1168 11AB;B844;1105 1168 11AB; # (ë¡„; ë¡„; 롄; ë¡„; 롄; ) HANGUL SYLLABLE RYEN +B845;B845;1105 1168 11AC;B845;1105 1168 11AC; # (ë¡…; ë¡…; 롅; ë¡…; 롅; ) HANGUL SYLLABLE RYENJ +B846;B846;1105 1168 11AD;B846;1105 1168 11AD; # (롆; 롆; 롆; 롆; 롆; ) HANGUL SYLLABLE RYENH +B847;B847;1105 1168 11AE;B847;1105 1168 11AE; # (롇; 롇; 롇; 롇; 롇; ) HANGUL SYLLABLE RYED +B848;B848;1105 1168 11AF;B848;1105 1168 11AF; # (롈; 롈; 롈; 롈; 롈; ) HANGUL SYLLABLE RYEL +B849;B849;1105 1168 11B0;B849;1105 1168 11B0; # (롉; 롉; 롉; 롉; 롉; ) HANGUL SYLLABLE RYELG +B84A;B84A;1105 1168 11B1;B84A;1105 1168 11B1; # (ë¡Š; ë¡Š; 롊; ë¡Š; 롊; ) HANGUL SYLLABLE RYELM +B84B;B84B;1105 1168 11B2;B84B;1105 1168 11B2; # (ë¡‹; ë¡‹; 롋; ë¡‹; 롋; ) HANGUL SYLLABLE RYELB +B84C;B84C;1105 1168 11B3;B84C;1105 1168 11B3; # (ë¡Œ; ë¡Œ; 롌; ë¡Œ; 롌; ) HANGUL SYLLABLE RYELS +B84D;B84D;1105 1168 11B4;B84D;1105 1168 11B4; # (ë¡; ë¡; 롍; ë¡; 롍; ) HANGUL SYLLABLE RYELT +B84E;B84E;1105 1168 11B5;B84E;1105 1168 11B5; # (ë¡Ž; ë¡Ž; 롎; ë¡Ž; 롎; ) HANGUL SYLLABLE RYELP +B84F;B84F;1105 1168 11B6;B84F;1105 1168 11B6; # (ë¡; ë¡; 롏; ë¡; 롏; ) HANGUL SYLLABLE RYELH +B850;B850;1105 1168 11B7;B850;1105 1168 11B7; # (ë¡; ë¡; 롐; ë¡; 롐; ) HANGUL SYLLABLE RYEM +B851;B851;1105 1168 11B8;B851;1105 1168 11B8; # (ë¡‘; ë¡‘; 롑; ë¡‘; 롑; ) HANGUL SYLLABLE RYEB +B852;B852;1105 1168 11B9;B852;1105 1168 11B9; # (ë¡’; ë¡’; 롒; ë¡’; 롒; ) HANGUL SYLLABLE RYEBS +B853;B853;1105 1168 11BA;B853;1105 1168 11BA; # (ë¡“; ë¡“; 롓; ë¡“; 롓; ) HANGUL SYLLABLE RYES +B854;B854;1105 1168 11BB;B854;1105 1168 11BB; # (ë¡”; ë¡”; 롔; ë¡”; 롔; ) HANGUL SYLLABLE RYESS +B855;B855;1105 1168 11BC;B855;1105 1168 11BC; # (ë¡•; ë¡•; 롕; ë¡•; 롕; ) HANGUL SYLLABLE RYENG +B856;B856;1105 1168 11BD;B856;1105 1168 11BD; # (ë¡–; ë¡–; 롖; ë¡–; 롖; ) HANGUL SYLLABLE RYEJ +B857;B857;1105 1168 11BE;B857;1105 1168 11BE; # (ë¡—; ë¡—; 롗; ë¡—; 롗; ) HANGUL SYLLABLE RYEC +B858;B858;1105 1168 11BF;B858;1105 1168 11BF; # (롘; 롘; 롘; 롘; 롘; ) HANGUL SYLLABLE RYEK +B859;B859;1105 1168 11C0;B859;1105 1168 11C0; # (ë¡™; ë¡™; 롙; ë¡™; 롙; ) HANGUL SYLLABLE RYET +B85A;B85A;1105 1168 11C1;B85A;1105 1168 11C1; # (ë¡š; ë¡š; á„…á…¨á‡; ë¡š; á„…á…¨á‡; ) HANGUL SYLLABLE RYEP +B85B;B85B;1105 1168 11C2;B85B;1105 1168 11C2; # (ë¡›; ë¡›; 롛; ë¡›; 롛; ) HANGUL SYLLABLE RYEH +B85C;B85C;1105 1169;B85C;1105 1169; # (ë¡œ; ë¡œ; á„…á…©; ë¡œ; á„…á…©; ) HANGUL SYLLABLE RO +B85D;B85D;1105 1169 11A8;B85D;1105 1169 11A8; # (ë¡; ë¡; 록; ë¡; 록; ) HANGUL SYLLABLE ROG +B85E;B85E;1105 1169 11A9;B85E;1105 1169 11A9; # (ë¡ž; ë¡ž; 롞; ë¡ž; 롞; ) HANGUL SYLLABLE ROGG +B85F;B85F;1105 1169 11AA;B85F;1105 1169 11AA; # (ë¡Ÿ; ë¡Ÿ; 롟; ë¡Ÿ; 롟; ) HANGUL SYLLABLE ROGS +B860;B860;1105 1169 11AB;B860;1105 1169 11AB; # (ë¡ ; ë¡ ; 론; ë¡ ; 론; ) HANGUL SYLLABLE RON +B861;B861;1105 1169 11AC;B861;1105 1169 11AC; # (ë¡¡; ë¡¡; 롡; ë¡¡; 롡; ) HANGUL SYLLABLE RONJ +B862;B862;1105 1169 11AD;B862;1105 1169 11AD; # (ë¡¢; ë¡¢; 롢; ë¡¢; 롢; ) HANGUL SYLLABLE RONH +B863;B863;1105 1169 11AE;B863;1105 1169 11AE; # (ë¡£; ë¡£; 롣; ë¡£; 롣; ) HANGUL SYLLABLE ROD +B864;B864;1105 1169 11AF;B864;1105 1169 11AF; # (롤; 롤; 롤; 롤; 롤; ) HANGUL SYLLABLE ROL +B865;B865;1105 1169 11B0;B865;1105 1169 11B0; # (ë¡¥; ë¡¥; 롥; ë¡¥; 롥; ) HANGUL SYLLABLE ROLG +B866;B866;1105 1169 11B1;B866;1105 1169 11B1; # (롦; 롦; 롦; 롦; 롦; ) HANGUL SYLLABLE ROLM +B867;B867;1105 1169 11B2;B867;1105 1169 11B2; # (롧; 롧; 롧; 롧; 롧; ) HANGUL SYLLABLE ROLB +B868;B868;1105 1169 11B3;B868;1105 1169 11B3; # (롨; 롨; 롨; 롨; 롨; ) HANGUL SYLLABLE ROLS +B869;B869;1105 1169 11B4;B869;1105 1169 11B4; # (ë¡©; ë¡©; 롩; ë¡©; 롩; ) HANGUL SYLLABLE ROLT +B86A;B86A;1105 1169 11B5;B86A;1105 1169 11B5; # (롪; 롪; 롪; 롪; 롪; ) HANGUL SYLLABLE ROLP +B86B;B86B;1105 1169 11B6;B86B;1105 1169 11B6; # (ë¡«; ë¡«; 롫; ë¡«; 롫; ) HANGUL SYLLABLE ROLH +B86C;B86C;1105 1169 11B7;B86C;1105 1169 11B7; # (롬; 롬; 롬; 롬; 롬; ) HANGUL SYLLABLE ROM +B86D;B86D;1105 1169 11B8;B86D;1105 1169 11B8; # (ë¡­; ë¡­; 롭; ë¡­; 롭; ) HANGUL SYLLABLE ROB +B86E;B86E;1105 1169 11B9;B86E;1105 1169 11B9; # (ë¡®; ë¡®; 롮; ë¡®; 롮; ) HANGUL SYLLABLE ROBS +B86F;B86F;1105 1169 11BA;B86F;1105 1169 11BA; # (롯; 롯; 롯; 롯; 롯; ) HANGUL SYLLABLE ROS +B870;B870;1105 1169 11BB;B870;1105 1169 11BB; # (ë¡°; ë¡°; 롰; ë¡°; 롰; ) HANGUL SYLLABLE ROSS +B871;B871;1105 1169 11BC;B871;1105 1169 11BC; # (롱; 롱; 롱; 롱; 롱; ) HANGUL SYLLABLE RONG +B872;B872;1105 1169 11BD;B872;1105 1169 11BD; # (롲; 롲; 롲; 롲; 롲; ) HANGUL SYLLABLE ROJ +B873;B873;1105 1169 11BE;B873;1105 1169 11BE; # (롳; 롳; 롳; 롳; 롳; ) HANGUL SYLLABLE ROC +B874;B874;1105 1169 11BF;B874;1105 1169 11BF; # (ë¡´; ë¡´; 롴; ë¡´; 롴; ) HANGUL SYLLABLE ROK +B875;B875;1105 1169 11C0;B875;1105 1169 11C0; # (롵; 롵; 롵; 롵; 롵; ) HANGUL SYLLABLE ROT +B876;B876;1105 1169 11C1;B876;1105 1169 11C1; # (롶; 롶; á„…á…©á‡; 롶; á„…á…©á‡; ) HANGUL SYLLABLE ROP +B877;B877;1105 1169 11C2;B877;1105 1169 11C2; # (ë¡·; ë¡·; 롷; ë¡·; 롷; ) HANGUL SYLLABLE ROH +B878;B878;1105 116A;B878;1105 116A; # (롸; 롸; á„…á…ª; 롸; á„…á…ª; ) HANGUL SYLLABLE RWA +B879;B879;1105 116A 11A8;B879;1105 116A 11A8; # (롹; 롹; 롹; 롹; 롹; ) HANGUL SYLLABLE RWAG +B87A;B87A;1105 116A 11A9;B87A;1105 116A 11A9; # (롺; 롺; 롺; 롺; 롺; ) HANGUL SYLLABLE RWAGG +B87B;B87B;1105 116A 11AA;B87B;1105 116A 11AA; # (ë¡»; ë¡»; 롻; ë¡»; 롻; ) HANGUL SYLLABLE RWAGS +B87C;B87C;1105 116A 11AB;B87C;1105 116A 11AB; # (롼; 롼; 롼; 롼; 롼; ) HANGUL SYLLABLE RWAN +B87D;B87D;1105 116A 11AC;B87D;1105 116A 11AC; # (롽; 롽; 롽; 롽; 롽; ) HANGUL SYLLABLE RWANJ +B87E;B87E;1105 116A 11AD;B87E;1105 116A 11AD; # (롾; 롾; 롾; 롾; 롾; ) HANGUL SYLLABLE RWANH +B87F;B87F;1105 116A 11AE;B87F;1105 116A 11AE; # (ë¡¿; ë¡¿; 롿; ë¡¿; 롿; ) HANGUL SYLLABLE RWAD +B880;B880;1105 116A 11AF;B880;1105 116A 11AF; # (뢀; 뢀; 뢀; 뢀; 뢀; ) HANGUL SYLLABLE RWAL +B881;B881;1105 116A 11B0;B881;1105 116A 11B0; # (ë¢; ë¢; 뢁; ë¢; 뢁; ) HANGUL SYLLABLE RWALG +B882;B882;1105 116A 11B1;B882;1105 116A 11B1; # (뢂; 뢂; 뢂; 뢂; 뢂; ) HANGUL SYLLABLE RWALM +B883;B883;1105 116A 11B2;B883;1105 116A 11B2; # (뢃; 뢃; 뢃; 뢃; 뢃; ) HANGUL SYLLABLE RWALB +B884;B884;1105 116A 11B3;B884;1105 116A 11B3; # (뢄; 뢄; 뢄; 뢄; 뢄; ) HANGUL SYLLABLE RWALS +B885;B885;1105 116A 11B4;B885;1105 116A 11B4; # (뢅; 뢅; 뢅; 뢅; 뢅; ) HANGUL SYLLABLE RWALT +B886;B886;1105 116A 11B5;B886;1105 116A 11B5; # (뢆; 뢆; 뢆; 뢆; 뢆; ) HANGUL SYLLABLE RWALP +B887;B887;1105 116A 11B6;B887;1105 116A 11B6; # (뢇; 뢇; 뢇; 뢇; 뢇; ) HANGUL SYLLABLE RWALH +B888;B888;1105 116A 11B7;B888;1105 116A 11B7; # (뢈; 뢈; 뢈; 뢈; 뢈; ) HANGUL SYLLABLE RWAM +B889;B889;1105 116A 11B8;B889;1105 116A 11B8; # (뢉; 뢉; 뢉; 뢉; 뢉; ) HANGUL SYLLABLE RWAB +B88A;B88A;1105 116A 11B9;B88A;1105 116A 11B9; # (뢊; 뢊; 뢊; 뢊; 뢊; ) HANGUL SYLLABLE RWABS +B88B;B88B;1105 116A 11BA;B88B;1105 116A 11BA; # (뢋; 뢋; 뢋; 뢋; 뢋; ) HANGUL SYLLABLE RWAS +B88C;B88C;1105 116A 11BB;B88C;1105 116A 11BB; # (뢌; 뢌; 뢌; 뢌; 뢌; ) HANGUL SYLLABLE RWASS +B88D;B88D;1105 116A 11BC;B88D;1105 116A 11BC; # (ë¢; ë¢; 뢍; ë¢; 뢍; ) HANGUL SYLLABLE RWANG +B88E;B88E;1105 116A 11BD;B88E;1105 116A 11BD; # (뢎; 뢎; 뢎; 뢎; 뢎; ) HANGUL SYLLABLE RWAJ +B88F;B88F;1105 116A 11BE;B88F;1105 116A 11BE; # (ë¢; ë¢; 뢏; ë¢; 뢏; ) HANGUL SYLLABLE RWAC +B890;B890;1105 116A 11BF;B890;1105 116A 11BF; # (ë¢; ë¢; 뢐; ë¢; 뢐; ) HANGUL SYLLABLE RWAK +B891;B891;1105 116A 11C0;B891;1105 116A 11C0; # (뢑; 뢑; 뢑; 뢑; 뢑; ) HANGUL SYLLABLE RWAT +B892;B892;1105 116A 11C1;B892;1105 116A 11C1; # (뢒; 뢒; á„…á…ªá‡; 뢒; á„…á…ªá‡; ) HANGUL SYLLABLE RWAP +B893;B893;1105 116A 11C2;B893;1105 116A 11C2; # (뢓; 뢓; 뢓; 뢓; 뢓; ) HANGUL SYLLABLE RWAH +B894;B894;1105 116B;B894;1105 116B; # (뢔; 뢔; á„…á…«; 뢔; á„…á…«; ) HANGUL SYLLABLE RWAE +B895;B895;1105 116B 11A8;B895;1105 116B 11A8; # (뢕; 뢕; 뢕; 뢕; 뢕; ) HANGUL SYLLABLE RWAEG +B896;B896;1105 116B 11A9;B896;1105 116B 11A9; # (뢖; 뢖; 뢖; 뢖; 뢖; ) HANGUL SYLLABLE RWAEGG +B897;B897;1105 116B 11AA;B897;1105 116B 11AA; # (뢗; 뢗; 뢗; 뢗; 뢗; ) HANGUL SYLLABLE RWAEGS +B898;B898;1105 116B 11AB;B898;1105 116B 11AB; # (뢘; 뢘; 뢘; 뢘; 뢘; ) HANGUL SYLLABLE RWAEN +B899;B899;1105 116B 11AC;B899;1105 116B 11AC; # (뢙; 뢙; 뢙; 뢙; 뢙; ) HANGUL SYLLABLE RWAENJ +B89A;B89A;1105 116B 11AD;B89A;1105 116B 11AD; # (뢚; 뢚; 뢚; 뢚; 뢚; ) HANGUL SYLLABLE RWAENH +B89B;B89B;1105 116B 11AE;B89B;1105 116B 11AE; # (뢛; 뢛; 뢛; 뢛; 뢛; ) HANGUL SYLLABLE RWAED +B89C;B89C;1105 116B 11AF;B89C;1105 116B 11AF; # (뢜; 뢜; 뢜; 뢜; 뢜; ) HANGUL SYLLABLE RWAEL +B89D;B89D;1105 116B 11B0;B89D;1105 116B 11B0; # (ë¢; ë¢; 뢝; ë¢; 뢝; ) HANGUL SYLLABLE RWAELG +B89E;B89E;1105 116B 11B1;B89E;1105 116B 11B1; # (뢞; 뢞; 뢞; 뢞; 뢞; ) HANGUL SYLLABLE RWAELM +B89F;B89F;1105 116B 11B2;B89F;1105 116B 11B2; # (뢟; 뢟; 뢟; 뢟; 뢟; ) HANGUL SYLLABLE RWAELB +B8A0;B8A0;1105 116B 11B3;B8A0;1105 116B 11B3; # (뢠; 뢠; 뢠; 뢠; 뢠; ) HANGUL SYLLABLE RWAELS +B8A1;B8A1;1105 116B 11B4;B8A1;1105 116B 11B4; # (뢡; 뢡; 뢡; 뢡; 뢡; ) HANGUL SYLLABLE RWAELT +B8A2;B8A2;1105 116B 11B5;B8A2;1105 116B 11B5; # (뢢; 뢢; 뢢; 뢢; 뢢; ) HANGUL SYLLABLE RWAELP +B8A3;B8A3;1105 116B 11B6;B8A3;1105 116B 11B6; # (뢣; 뢣; 뢣; 뢣; 뢣; ) HANGUL SYLLABLE RWAELH +B8A4;B8A4;1105 116B 11B7;B8A4;1105 116B 11B7; # (뢤; 뢤; 뢤; 뢤; 뢤; ) HANGUL SYLLABLE RWAEM +B8A5;B8A5;1105 116B 11B8;B8A5;1105 116B 11B8; # (뢥; 뢥; 뢥; 뢥; 뢥; ) HANGUL SYLLABLE RWAEB +B8A6;B8A6;1105 116B 11B9;B8A6;1105 116B 11B9; # (뢦; 뢦; 뢦; 뢦; 뢦; ) HANGUL SYLLABLE RWAEBS +B8A7;B8A7;1105 116B 11BA;B8A7;1105 116B 11BA; # (뢧; 뢧; 뢧; 뢧; 뢧; ) HANGUL SYLLABLE RWAES +B8A8;B8A8;1105 116B 11BB;B8A8;1105 116B 11BB; # (뢨; 뢨; 뢨; 뢨; 뢨; ) HANGUL SYLLABLE RWAESS +B8A9;B8A9;1105 116B 11BC;B8A9;1105 116B 11BC; # (뢩; 뢩; 뢩; 뢩; 뢩; ) HANGUL SYLLABLE RWAENG +B8AA;B8AA;1105 116B 11BD;B8AA;1105 116B 11BD; # (뢪; 뢪; 뢪; 뢪; 뢪; ) HANGUL SYLLABLE RWAEJ +B8AB;B8AB;1105 116B 11BE;B8AB;1105 116B 11BE; # (뢫; 뢫; 뢫; 뢫; 뢫; ) HANGUL SYLLABLE RWAEC +B8AC;B8AC;1105 116B 11BF;B8AC;1105 116B 11BF; # (뢬; 뢬; 뢬; 뢬; 뢬; ) HANGUL SYLLABLE RWAEK +B8AD;B8AD;1105 116B 11C0;B8AD;1105 116B 11C0; # (뢭; 뢭; 뢭; 뢭; 뢭; ) HANGUL SYLLABLE RWAET +B8AE;B8AE;1105 116B 11C1;B8AE;1105 116B 11C1; # (뢮; 뢮; á„…á…«á‡; 뢮; á„…á…«á‡; ) HANGUL SYLLABLE RWAEP +B8AF;B8AF;1105 116B 11C2;B8AF;1105 116B 11C2; # (뢯; 뢯; 뢯; 뢯; 뢯; ) HANGUL SYLLABLE RWAEH +B8B0;B8B0;1105 116C;B8B0;1105 116C; # (뢰; 뢰; á„…á…¬; 뢰; á„…á…¬; ) HANGUL SYLLABLE ROE +B8B1;B8B1;1105 116C 11A8;B8B1;1105 116C 11A8; # (뢱; 뢱; 뢱; 뢱; 뢱; ) HANGUL SYLLABLE ROEG +B8B2;B8B2;1105 116C 11A9;B8B2;1105 116C 11A9; # (뢲; 뢲; 뢲; 뢲; 뢲; ) HANGUL SYLLABLE ROEGG +B8B3;B8B3;1105 116C 11AA;B8B3;1105 116C 11AA; # (뢳; 뢳; 뢳; 뢳; 뢳; ) HANGUL SYLLABLE ROEGS +B8B4;B8B4;1105 116C 11AB;B8B4;1105 116C 11AB; # (뢴; 뢴; 뢴; 뢴; 뢴; ) HANGUL SYLLABLE ROEN +B8B5;B8B5;1105 116C 11AC;B8B5;1105 116C 11AC; # (뢵; 뢵; 뢵; 뢵; 뢵; ) HANGUL SYLLABLE ROENJ +B8B6;B8B6;1105 116C 11AD;B8B6;1105 116C 11AD; # (뢶; 뢶; 뢶; 뢶; 뢶; ) HANGUL SYLLABLE ROENH +B8B7;B8B7;1105 116C 11AE;B8B7;1105 116C 11AE; # (뢷; 뢷; 뢷; 뢷; 뢷; ) HANGUL SYLLABLE ROED +B8B8;B8B8;1105 116C 11AF;B8B8;1105 116C 11AF; # (뢸; 뢸; 뢸; 뢸; 뢸; ) HANGUL SYLLABLE ROEL +B8B9;B8B9;1105 116C 11B0;B8B9;1105 116C 11B0; # (뢹; 뢹; 뢹; 뢹; 뢹; ) HANGUL SYLLABLE ROELG +B8BA;B8BA;1105 116C 11B1;B8BA;1105 116C 11B1; # (뢺; 뢺; 뢺; 뢺; 뢺; ) HANGUL SYLLABLE ROELM +B8BB;B8BB;1105 116C 11B2;B8BB;1105 116C 11B2; # (뢻; 뢻; 뢻; 뢻; 뢻; ) HANGUL SYLLABLE ROELB +B8BC;B8BC;1105 116C 11B3;B8BC;1105 116C 11B3; # (뢼; 뢼; 뢼; 뢼; 뢼; ) HANGUL SYLLABLE ROELS +B8BD;B8BD;1105 116C 11B4;B8BD;1105 116C 11B4; # (뢽; 뢽; 뢽; 뢽; 뢽; ) HANGUL SYLLABLE ROELT +B8BE;B8BE;1105 116C 11B5;B8BE;1105 116C 11B5; # (뢾; 뢾; 뢾; 뢾; 뢾; ) HANGUL SYLLABLE ROELP +B8BF;B8BF;1105 116C 11B6;B8BF;1105 116C 11B6; # (뢿; 뢿; 뢿; 뢿; 뢿; ) HANGUL SYLLABLE ROELH +B8C0;B8C0;1105 116C 11B7;B8C0;1105 116C 11B7; # (룀; 룀; 룀; 룀; 룀; ) HANGUL SYLLABLE ROEM +B8C1;B8C1;1105 116C 11B8;B8C1;1105 116C 11B8; # (ë£; ë£; 룁; ë£; 룁; ) HANGUL SYLLABLE ROEB +B8C2;B8C2;1105 116C 11B9;B8C2;1105 116C 11B9; # (룂; 룂; 룂; 룂; 룂; ) HANGUL SYLLABLE ROEBS +B8C3;B8C3;1105 116C 11BA;B8C3;1105 116C 11BA; # (룃; 룃; 룃; 룃; 룃; ) HANGUL SYLLABLE ROES +B8C4;B8C4;1105 116C 11BB;B8C4;1105 116C 11BB; # (룄; 룄; 룄; 룄; 룄; ) HANGUL SYLLABLE ROESS +B8C5;B8C5;1105 116C 11BC;B8C5;1105 116C 11BC; # (룅; 룅; 룅; 룅; 룅; ) HANGUL SYLLABLE ROENG +B8C6;B8C6;1105 116C 11BD;B8C6;1105 116C 11BD; # (룆; 룆; 룆; 룆; 룆; ) HANGUL SYLLABLE ROEJ +B8C7;B8C7;1105 116C 11BE;B8C7;1105 116C 11BE; # (룇; 룇; 룇; 룇; 룇; ) HANGUL SYLLABLE ROEC +B8C8;B8C8;1105 116C 11BF;B8C8;1105 116C 11BF; # (룈; 룈; 룈; 룈; 룈; ) HANGUL SYLLABLE ROEK +B8C9;B8C9;1105 116C 11C0;B8C9;1105 116C 11C0; # (룉; 룉; 룉; 룉; 룉; ) HANGUL SYLLABLE ROET +B8CA;B8CA;1105 116C 11C1;B8CA;1105 116C 11C1; # (룊; 룊; á„…á…¬á‡; 룊; á„…á…¬á‡; ) HANGUL SYLLABLE ROEP +B8CB;B8CB;1105 116C 11C2;B8CB;1105 116C 11C2; # (룋; 룋; 룋; 룋; 룋; ) HANGUL SYLLABLE ROEH +B8CC;B8CC;1105 116D;B8CC;1105 116D; # (료; 료; á„…á…­; 료; á„…á…­; ) HANGUL SYLLABLE RYO +B8CD;B8CD;1105 116D 11A8;B8CD;1105 116D 11A8; # (ë£; ë£; 룍; ë£; 룍; ) HANGUL SYLLABLE RYOG +B8CE;B8CE;1105 116D 11A9;B8CE;1105 116D 11A9; # (룎; 룎; 룎; 룎; 룎; ) HANGUL SYLLABLE RYOGG +B8CF;B8CF;1105 116D 11AA;B8CF;1105 116D 11AA; # (ë£; ë£; 룏; ë£; 룏; ) HANGUL SYLLABLE RYOGS +B8D0;B8D0;1105 116D 11AB;B8D0;1105 116D 11AB; # (ë£; ë£; 룐; ë£; 룐; ) HANGUL SYLLABLE RYON +B8D1;B8D1;1105 116D 11AC;B8D1;1105 116D 11AC; # (룑; 룑; 룑; 룑; 룑; ) HANGUL SYLLABLE RYONJ +B8D2;B8D2;1105 116D 11AD;B8D2;1105 116D 11AD; # (룒; 룒; 룒; 룒; 룒; ) HANGUL SYLLABLE RYONH +B8D3;B8D3;1105 116D 11AE;B8D3;1105 116D 11AE; # (룓; 룓; 룓; 룓; 룓; ) HANGUL SYLLABLE RYOD +B8D4;B8D4;1105 116D 11AF;B8D4;1105 116D 11AF; # (룔; 룔; 룔; 룔; 룔; ) HANGUL SYLLABLE RYOL +B8D5;B8D5;1105 116D 11B0;B8D5;1105 116D 11B0; # (룕; 룕; 룕; 룕; 룕; ) HANGUL SYLLABLE RYOLG +B8D6;B8D6;1105 116D 11B1;B8D6;1105 116D 11B1; # (룖; 룖; 룖; 룖; 룖; ) HANGUL SYLLABLE RYOLM +B8D7;B8D7;1105 116D 11B2;B8D7;1105 116D 11B2; # (룗; 룗; 룗; 룗; 룗; ) HANGUL SYLLABLE RYOLB +B8D8;B8D8;1105 116D 11B3;B8D8;1105 116D 11B3; # (룘; 룘; 룘; 룘; 룘; ) HANGUL SYLLABLE RYOLS +B8D9;B8D9;1105 116D 11B4;B8D9;1105 116D 11B4; # (룙; 룙; 룙; 룙; 룙; ) HANGUL SYLLABLE RYOLT +B8DA;B8DA;1105 116D 11B5;B8DA;1105 116D 11B5; # (룚; 룚; 룚; 룚; 룚; ) HANGUL SYLLABLE RYOLP +B8DB;B8DB;1105 116D 11B6;B8DB;1105 116D 11B6; # (룛; 룛; 룛; 룛; 룛; ) HANGUL SYLLABLE RYOLH +B8DC;B8DC;1105 116D 11B7;B8DC;1105 116D 11B7; # (룜; 룜; 룜; 룜; 룜; ) HANGUL SYLLABLE RYOM +B8DD;B8DD;1105 116D 11B8;B8DD;1105 116D 11B8; # (ë£; ë£; 룝; ë£; 룝; ) HANGUL SYLLABLE RYOB +B8DE;B8DE;1105 116D 11B9;B8DE;1105 116D 11B9; # (룞; 룞; 룞; 룞; 룞; ) HANGUL SYLLABLE RYOBS +B8DF;B8DF;1105 116D 11BA;B8DF;1105 116D 11BA; # (룟; 룟; 룟; 룟; 룟; ) HANGUL SYLLABLE RYOS +B8E0;B8E0;1105 116D 11BB;B8E0;1105 116D 11BB; # (룠; 룠; 룠; 룠; 룠; ) HANGUL SYLLABLE RYOSS +B8E1;B8E1;1105 116D 11BC;B8E1;1105 116D 11BC; # (룡; 룡; 룡; 룡; 룡; ) HANGUL SYLLABLE RYONG +B8E2;B8E2;1105 116D 11BD;B8E2;1105 116D 11BD; # (룢; 룢; 룢; 룢; 룢; ) HANGUL SYLLABLE RYOJ +B8E3;B8E3;1105 116D 11BE;B8E3;1105 116D 11BE; # (룣; 룣; 룣; 룣; 룣; ) HANGUL SYLLABLE RYOC +B8E4;B8E4;1105 116D 11BF;B8E4;1105 116D 11BF; # (룤; 룤; 룤; 룤; 룤; ) HANGUL SYLLABLE RYOK +B8E5;B8E5;1105 116D 11C0;B8E5;1105 116D 11C0; # (룥; 룥; 룥; 룥; 룥; ) HANGUL SYLLABLE RYOT +B8E6;B8E6;1105 116D 11C1;B8E6;1105 116D 11C1; # (룦; 룦; á„…á…­á‡; 룦; á„…á…­á‡; ) HANGUL SYLLABLE RYOP +B8E7;B8E7;1105 116D 11C2;B8E7;1105 116D 11C2; # (룧; 룧; 룧; 룧; 룧; ) HANGUL SYLLABLE RYOH +B8E8;B8E8;1105 116E;B8E8;1105 116E; # (루; 루; á„…á…®; 루; á„…á…®; ) HANGUL SYLLABLE RU +B8E9;B8E9;1105 116E 11A8;B8E9;1105 116E 11A8; # (룩; 룩; 룩; 룩; 룩; ) HANGUL SYLLABLE RUG +B8EA;B8EA;1105 116E 11A9;B8EA;1105 116E 11A9; # (룪; 룪; 룪; 룪; 룪; ) HANGUL SYLLABLE RUGG +B8EB;B8EB;1105 116E 11AA;B8EB;1105 116E 11AA; # (룫; 룫; 룫; 룫; 룫; ) HANGUL SYLLABLE RUGS +B8EC;B8EC;1105 116E 11AB;B8EC;1105 116E 11AB; # (룬; 룬; 룬; 룬; 룬; ) HANGUL SYLLABLE RUN +B8ED;B8ED;1105 116E 11AC;B8ED;1105 116E 11AC; # (룭; 룭; 룭; 룭; 룭; ) HANGUL SYLLABLE RUNJ +B8EE;B8EE;1105 116E 11AD;B8EE;1105 116E 11AD; # (룮; 룮; 룮; 룮; 룮; ) HANGUL SYLLABLE RUNH +B8EF;B8EF;1105 116E 11AE;B8EF;1105 116E 11AE; # (룯; 룯; 룯; 룯; 룯; ) HANGUL SYLLABLE RUD +B8F0;B8F0;1105 116E 11AF;B8F0;1105 116E 11AF; # (룰; 룰; 룰; 룰; 룰; ) HANGUL SYLLABLE RUL +B8F1;B8F1;1105 116E 11B0;B8F1;1105 116E 11B0; # (룱; 룱; 룱; 룱; 룱; ) HANGUL SYLLABLE RULG +B8F2;B8F2;1105 116E 11B1;B8F2;1105 116E 11B1; # (룲; 룲; 룲; 룲; 룲; ) HANGUL SYLLABLE RULM +B8F3;B8F3;1105 116E 11B2;B8F3;1105 116E 11B2; # (룳; 룳; 룳; 룳; 룳; ) HANGUL SYLLABLE RULB +B8F4;B8F4;1105 116E 11B3;B8F4;1105 116E 11B3; # (룴; 룴; 룴; 룴; 룴; ) HANGUL SYLLABLE RULS +B8F5;B8F5;1105 116E 11B4;B8F5;1105 116E 11B4; # (룵; 룵; 룵; 룵; 룵; ) HANGUL SYLLABLE RULT +B8F6;B8F6;1105 116E 11B5;B8F6;1105 116E 11B5; # (룶; 룶; 룶; 룶; 룶; ) HANGUL SYLLABLE RULP +B8F7;B8F7;1105 116E 11B6;B8F7;1105 116E 11B6; # (룷; 룷; 룷; 룷; 룷; ) HANGUL SYLLABLE RULH +B8F8;B8F8;1105 116E 11B7;B8F8;1105 116E 11B7; # (룸; 룸; 룸; 룸; 룸; ) HANGUL SYLLABLE RUM +B8F9;B8F9;1105 116E 11B8;B8F9;1105 116E 11B8; # (룹; 룹; 룹; 룹; 룹; ) HANGUL SYLLABLE RUB +B8FA;B8FA;1105 116E 11B9;B8FA;1105 116E 11B9; # (룺; 룺; 룺; 룺; 룺; ) HANGUL SYLLABLE RUBS +B8FB;B8FB;1105 116E 11BA;B8FB;1105 116E 11BA; # (룻; 룻; 룻; 룻; 룻; ) HANGUL SYLLABLE RUS +B8FC;B8FC;1105 116E 11BB;B8FC;1105 116E 11BB; # (룼; 룼; 룼; 룼; 룼; ) HANGUL SYLLABLE RUSS +B8FD;B8FD;1105 116E 11BC;B8FD;1105 116E 11BC; # (룽; 룽; 룽; 룽; 룽; ) HANGUL SYLLABLE RUNG +B8FE;B8FE;1105 116E 11BD;B8FE;1105 116E 11BD; # (룾; 룾; 룾; 룾; 룾; ) HANGUL SYLLABLE RUJ +B8FF;B8FF;1105 116E 11BE;B8FF;1105 116E 11BE; # (룿; 룿; 룿; 룿; 룿; ) HANGUL SYLLABLE RUC +B900;B900;1105 116E 11BF;B900;1105 116E 11BF; # (뤀; 뤀; 뤀; 뤀; 뤀; ) HANGUL SYLLABLE RUK +B901;B901;1105 116E 11C0;B901;1105 116E 11C0; # (ë¤; ë¤; 뤁; ë¤; 뤁; ) HANGUL SYLLABLE RUT +B902;B902;1105 116E 11C1;B902;1105 116E 11C1; # (뤂; 뤂; á„…á…®á‡; 뤂; á„…á…®á‡; ) HANGUL SYLLABLE RUP +B903;B903;1105 116E 11C2;B903;1105 116E 11C2; # (뤃; 뤃; 뤃; 뤃; 뤃; ) HANGUL SYLLABLE RUH +B904;B904;1105 116F;B904;1105 116F; # (뤄; 뤄; á„…á…¯; 뤄; á„…á…¯; ) HANGUL SYLLABLE RWEO +B905;B905;1105 116F 11A8;B905;1105 116F 11A8; # (뤅; 뤅; 뤅; 뤅; 뤅; ) HANGUL SYLLABLE RWEOG +B906;B906;1105 116F 11A9;B906;1105 116F 11A9; # (뤆; 뤆; 뤆; 뤆; 뤆; ) HANGUL SYLLABLE RWEOGG +B907;B907;1105 116F 11AA;B907;1105 116F 11AA; # (뤇; 뤇; 뤇; 뤇; 뤇; ) HANGUL SYLLABLE RWEOGS +B908;B908;1105 116F 11AB;B908;1105 116F 11AB; # (뤈; 뤈; 뤈; 뤈; 뤈; ) HANGUL SYLLABLE RWEON +B909;B909;1105 116F 11AC;B909;1105 116F 11AC; # (뤉; 뤉; 뤉; 뤉; 뤉; ) HANGUL SYLLABLE RWEONJ +B90A;B90A;1105 116F 11AD;B90A;1105 116F 11AD; # (뤊; 뤊; 뤊; 뤊; 뤊; ) HANGUL SYLLABLE RWEONH +B90B;B90B;1105 116F 11AE;B90B;1105 116F 11AE; # (뤋; 뤋; 뤋; 뤋; 뤋; ) HANGUL SYLLABLE RWEOD +B90C;B90C;1105 116F 11AF;B90C;1105 116F 11AF; # (뤌; 뤌; 뤌; 뤌; 뤌; ) HANGUL SYLLABLE RWEOL +B90D;B90D;1105 116F 11B0;B90D;1105 116F 11B0; # (ë¤; ë¤; 뤍; ë¤; 뤍; ) HANGUL SYLLABLE RWEOLG +B90E;B90E;1105 116F 11B1;B90E;1105 116F 11B1; # (뤎; 뤎; 뤎; 뤎; 뤎; ) HANGUL SYLLABLE RWEOLM +B90F;B90F;1105 116F 11B2;B90F;1105 116F 11B2; # (ë¤; ë¤; 뤏; ë¤; 뤏; ) HANGUL SYLLABLE RWEOLB +B910;B910;1105 116F 11B3;B910;1105 116F 11B3; # (ë¤; ë¤; 뤐; ë¤; 뤐; ) HANGUL SYLLABLE RWEOLS +B911;B911;1105 116F 11B4;B911;1105 116F 11B4; # (뤑; 뤑; 뤑; 뤑; 뤑; ) HANGUL SYLLABLE RWEOLT +B912;B912;1105 116F 11B5;B912;1105 116F 11B5; # (뤒; 뤒; 뤒; 뤒; 뤒; ) HANGUL SYLLABLE RWEOLP +B913;B913;1105 116F 11B6;B913;1105 116F 11B6; # (뤓; 뤓; 뤓; 뤓; 뤓; ) HANGUL SYLLABLE RWEOLH +B914;B914;1105 116F 11B7;B914;1105 116F 11B7; # (뤔; 뤔; 뤔; 뤔; 뤔; ) HANGUL SYLLABLE RWEOM +B915;B915;1105 116F 11B8;B915;1105 116F 11B8; # (뤕; 뤕; 뤕; 뤕; 뤕; ) HANGUL SYLLABLE RWEOB +B916;B916;1105 116F 11B9;B916;1105 116F 11B9; # (뤖; 뤖; 뤖; 뤖; 뤖; ) HANGUL SYLLABLE RWEOBS +B917;B917;1105 116F 11BA;B917;1105 116F 11BA; # (뤗; 뤗; 뤗; 뤗; 뤗; ) HANGUL SYLLABLE RWEOS +B918;B918;1105 116F 11BB;B918;1105 116F 11BB; # (뤘; 뤘; 뤘; 뤘; 뤘; ) HANGUL SYLLABLE RWEOSS +B919;B919;1105 116F 11BC;B919;1105 116F 11BC; # (뤙; 뤙; 뤙; 뤙; 뤙; ) HANGUL SYLLABLE RWEONG +B91A;B91A;1105 116F 11BD;B91A;1105 116F 11BD; # (뤚; 뤚; 뤚; 뤚; 뤚; ) HANGUL SYLLABLE RWEOJ +B91B;B91B;1105 116F 11BE;B91B;1105 116F 11BE; # (뤛; 뤛; 뤛; 뤛; 뤛; ) HANGUL SYLLABLE RWEOC +B91C;B91C;1105 116F 11BF;B91C;1105 116F 11BF; # (뤜; 뤜; 뤜; 뤜; 뤜; ) HANGUL SYLLABLE RWEOK +B91D;B91D;1105 116F 11C0;B91D;1105 116F 11C0; # (ë¤; ë¤; 뤝; ë¤; 뤝; ) HANGUL SYLLABLE RWEOT +B91E;B91E;1105 116F 11C1;B91E;1105 116F 11C1; # (뤞; 뤞; á„…á…¯á‡; 뤞; á„…á…¯á‡; ) HANGUL SYLLABLE RWEOP +B91F;B91F;1105 116F 11C2;B91F;1105 116F 11C2; # (뤟; 뤟; 뤟; 뤟; 뤟; ) HANGUL SYLLABLE RWEOH +B920;B920;1105 1170;B920;1105 1170; # (뤠; 뤠; á„…á…°; 뤠; á„…á…°; ) HANGUL SYLLABLE RWE +B921;B921;1105 1170 11A8;B921;1105 1170 11A8; # (뤡; 뤡; 뤡; 뤡; 뤡; ) HANGUL SYLLABLE RWEG +B922;B922;1105 1170 11A9;B922;1105 1170 11A9; # (뤢; 뤢; 뤢; 뤢; 뤢; ) HANGUL SYLLABLE RWEGG +B923;B923;1105 1170 11AA;B923;1105 1170 11AA; # (뤣; 뤣; 뤣; 뤣; 뤣; ) HANGUL SYLLABLE RWEGS +B924;B924;1105 1170 11AB;B924;1105 1170 11AB; # (뤤; 뤤; 뤤; 뤤; 뤤; ) HANGUL SYLLABLE RWEN +B925;B925;1105 1170 11AC;B925;1105 1170 11AC; # (뤥; 뤥; 뤥; 뤥; 뤥; ) HANGUL SYLLABLE RWENJ +B926;B926;1105 1170 11AD;B926;1105 1170 11AD; # (뤦; 뤦; 뤦; 뤦; 뤦; ) HANGUL SYLLABLE RWENH +B927;B927;1105 1170 11AE;B927;1105 1170 11AE; # (뤧; 뤧; 뤧; 뤧; 뤧; ) HANGUL SYLLABLE RWED +B928;B928;1105 1170 11AF;B928;1105 1170 11AF; # (뤨; 뤨; 뤨; 뤨; 뤨; ) HANGUL SYLLABLE RWEL +B929;B929;1105 1170 11B0;B929;1105 1170 11B0; # (뤩; 뤩; 뤩; 뤩; 뤩; ) HANGUL SYLLABLE RWELG +B92A;B92A;1105 1170 11B1;B92A;1105 1170 11B1; # (뤪; 뤪; 뤪; 뤪; 뤪; ) HANGUL SYLLABLE RWELM +B92B;B92B;1105 1170 11B2;B92B;1105 1170 11B2; # (뤫; 뤫; 뤫; 뤫; 뤫; ) HANGUL SYLLABLE RWELB +B92C;B92C;1105 1170 11B3;B92C;1105 1170 11B3; # (뤬; 뤬; 뤬; 뤬; 뤬; ) HANGUL SYLLABLE RWELS +B92D;B92D;1105 1170 11B4;B92D;1105 1170 11B4; # (뤭; 뤭; 뤭; 뤭; 뤭; ) HANGUL SYLLABLE RWELT +B92E;B92E;1105 1170 11B5;B92E;1105 1170 11B5; # (뤮; 뤮; 뤮; 뤮; 뤮; ) HANGUL SYLLABLE RWELP +B92F;B92F;1105 1170 11B6;B92F;1105 1170 11B6; # (뤯; 뤯; 뤯; 뤯; 뤯; ) HANGUL SYLLABLE RWELH +B930;B930;1105 1170 11B7;B930;1105 1170 11B7; # (뤰; 뤰; 뤰; 뤰; 뤰; ) HANGUL SYLLABLE RWEM +B931;B931;1105 1170 11B8;B931;1105 1170 11B8; # (뤱; 뤱; 뤱; 뤱; 뤱; ) HANGUL SYLLABLE RWEB +B932;B932;1105 1170 11B9;B932;1105 1170 11B9; # (뤲; 뤲; 뤲; 뤲; 뤲; ) HANGUL SYLLABLE RWEBS +B933;B933;1105 1170 11BA;B933;1105 1170 11BA; # (뤳; 뤳; 뤳; 뤳; 뤳; ) HANGUL SYLLABLE RWES +B934;B934;1105 1170 11BB;B934;1105 1170 11BB; # (뤴; 뤴; 뤴; 뤴; 뤴; ) HANGUL SYLLABLE RWESS +B935;B935;1105 1170 11BC;B935;1105 1170 11BC; # (뤵; 뤵; 뤵; 뤵; 뤵; ) HANGUL SYLLABLE RWENG +B936;B936;1105 1170 11BD;B936;1105 1170 11BD; # (뤶; 뤶; 뤶; 뤶; 뤶; ) HANGUL SYLLABLE RWEJ +B937;B937;1105 1170 11BE;B937;1105 1170 11BE; # (뤷; 뤷; 뤷; 뤷; 뤷; ) HANGUL SYLLABLE RWEC +B938;B938;1105 1170 11BF;B938;1105 1170 11BF; # (뤸; 뤸; 뤸; 뤸; 뤸; ) HANGUL SYLLABLE RWEK +B939;B939;1105 1170 11C0;B939;1105 1170 11C0; # (뤹; 뤹; 뤹; 뤹; 뤹; ) HANGUL SYLLABLE RWET +B93A;B93A;1105 1170 11C1;B93A;1105 1170 11C1; # (뤺; 뤺; á„…á…°á‡; 뤺; á„…á…°á‡; ) HANGUL SYLLABLE RWEP +B93B;B93B;1105 1170 11C2;B93B;1105 1170 11C2; # (뤻; 뤻; 뤻; 뤻; 뤻; ) HANGUL SYLLABLE RWEH +B93C;B93C;1105 1171;B93C;1105 1171; # (뤼; 뤼; á„…á…±; 뤼; á„…á…±; ) HANGUL SYLLABLE RWI +B93D;B93D;1105 1171 11A8;B93D;1105 1171 11A8; # (뤽; 뤽; 뤽; 뤽; 뤽; ) HANGUL SYLLABLE RWIG +B93E;B93E;1105 1171 11A9;B93E;1105 1171 11A9; # (뤾; 뤾; 뤾; 뤾; 뤾; ) HANGUL SYLLABLE RWIGG +B93F;B93F;1105 1171 11AA;B93F;1105 1171 11AA; # (뤿; 뤿; 뤿; 뤿; 뤿; ) HANGUL SYLLABLE RWIGS +B940;B940;1105 1171 11AB;B940;1105 1171 11AB; # (륀; 륀; 륀; 륀; 륀; ) HANGUL SYLLABLE RWIN +B941;B941;1105 1171 11AC;B941;1105 1171 11AC; # (ë¥; ë¥; 륁; ë¥; 륁; ) HANGUL SYLLABLE RWINJ +B942;B942;1105 1171 11AD;B942;1105 1171 11AD; # (륂; 륂; 륂; 륂; 륂; ) HANGUL SYLLABLE RWINH +B943;B943;1105 1171 11AE;B943;1105 1171 11AE; # (륃; 륃; 륃; 륃; 륃; ) HANGUL SYLLABLE RWID +B944;B944;1105 1171 11AF;B944;1105 1171 11AF; # (륄; 륄; 륄; 륄; 륄; ) HANGUL SYLLABLE RWIL +B945;B945;1105 1171 11B0;B945;1105 1171 11B0; # (륅; 륅; 륅; 륅; 륅; ) HANGUL SYLLABLE RWILG +B946;B946;1105 1171 11B1;B946;1105 1171 11B1; # (륆; 륆; 륆; 륆; 륆; ) HANGUL SYLLABLE RWILM +B947;B947;1105 1171 11B2;B947;1105 1171 11B2; # (륇; 륇; 륇; 륇; 륇; ) HANGUL SYLLABLE RWILB +B948;B948;1105 1171 11B3;B948;1105 1171 11B3; # (륈; 륈; 륈; 륈; 륈; ) HANGUL SYLLABLE RWILS +B949;B949;1105 1171 11B4;B949;1105 1171 11B4; # (륉; 륉; 륉; 륉; 륉; ) HANGUL SYLLABLE RWILT +B94A;B94A;1105 1171 11B5;B94A;1105 1171 11B5; # (륊; 륊; 륊; 륊; 륊; ) HANGUL SYLLABLE RWILP +B94B;B94B;1105 1171 11B6;B94B;1105 1171 11B6; # (륋; 륋; 륋; 륋; 륋; ) HANGUL SYLLABLE RWILH +B94C;B94C;1105 1171 11B7;B94C;1105 1171 11B7; # (륌; 륌; á„…á…±á†·; 륌; 륌; ) HANGUL SYLLABLE RWIM +B94D;B94D;1105 1171 11B8;B94D;1105 1171 11B8; # (ë¥; ë¥; 륍; ë¥; 륍; ) HANGUL SYLLABLE RWIB +B94E;B94E;1105 1171 11B9;B94E;1105 1171 11B9; # (륎; 륎; 륎; 륎; 륎; ) HANGUL SYLLABLE RWIBS +B94F;B94F;1105 1171 11BA;B94F;1105 1171 11BA; # (ë¥; ë¥; 륏; ë¥; 륏; ) HANGUL SYLLABLE RWIS +B950;B950;1105 1171 11BB;B950;1105 1171 11BB; # (ë¥; ë¥; 륐; ë¥; 륐; ) HANGUL SYLLABLE RWISS +B951;B951;1105 1171 11BC;B951;1105 1171 11BC; # (륑; 륑; 륑; 륑; 륑; ) HANGUL SYLLABLE RWING +B952;B952;1105 1171 11BD;B952;1105 1171 11BD; # (륒; 륒; 륒; 륒; 륒; ) HANGUL SYLLABLE RWIJ +B953;B953;1105 1171 11BE;B953;1105 1171 11BE; # (륓; 륓; 륓; 륓; 륓; ) HANGUL SYLLABLE RWIC +B954;B954;1105 1171 11BF;B954;1105 1171 11BF; # (륔; 륔; 륔; 륔; 륔; ) HANGUL SYLLABLE RWIK +B955;B955;1105 1171 11C0;B955;1105 1171 11C0; # (륕; 륕; 륕; 륕; 륕; ) HANGUL SYLLABLE RWIT +B956;B956;1105 1171 11C1;B956;1105 1171 11C1; # (륖; 륖; á„…á…±á‡; 륖; á„…á…±á‡; ) HANGUL SYLLABLE RWIP +B957;B957;1105 1171 11C2;B957;1105 1171 11C2; # (륗; 륗; 륗; 륗; 륗; ) HANGUL SYLLABLE RWIH +B958;B958;1105 1172;B958;1105 1172; # (류; 류; á„…á…²; 류; á„…á…²; ) HANGUL SYLLABLE RYU +B959;B959;1105 1172 11A8;B959;1105 1172 11A8; # (륙; 륙; 륙; 륙; 륙; ) HANGUL SYLLABLE RYUG +B95A;B95A;1105 1172 11A9;B95A;1105 1172 11A9; # (륚; 륚; 륚; 륚; 륚; ) HANGUL SYLLABLE RYUGG +B95B;B95B;1105 1172 11AA;B95B;1105 1172 11AA; # (륛; 륛; 륛; 륛; 륛; ) HANGUL SYLLABLE RYUGS +B95C;B95C;1105 1172 11AB;B95C;1105 1172 11AB; # (륜; 륜; 륜; 륜; 륜; ) HANGUL SYLLABLE RYUN +B95D;B95D;1105 1172 11AC;B95D;1105 1172 11AC; # (ë¥; ë¥; 륝; ë¥; 륝; ) HANGUL SYLLABLE RYUNJ +B95E;B95E;1105 1172 11AD;B95E;1105 1172 11AD; # (륞; 륞; 륞; 륞; 륞; ) HANGUL SYLLABLE RYUNH +B95F;B95F;1105 1172 11AE;B95F;1105 1172 11AE; # (륟; 륟; 륟; 륟; 륟; ) HANGUL SYLLABLE RYUD +B960;B960;1105 1172 11AF;B960;1105 1172 11AF; # (률; 률; 률; 률; 률; ) HANGUL SYLLABLE RYUL +B961;B961;1105 1172 11B0;B961;1105 1172 11B0; # (륡; 륡; 륡; 륡; 륡; ) HANGUL SYLLABLE RYULG +B962;B962;1105 1172 11B1;B962;1105 1172 11B1; # (륢; 륢; 륢; 륢; 륢; ) HANGUL SYLLABLE RYULM +B963;B963;1105 1172 11B2;B963;1105 1172 11B2; # (륣; 륣; 륣; 륣; 륣; ) HANGUL SYLLABLE RYULB +B964;B964;1105 1172 11B3;B964;1105 1172 11B3; # (륤; 륤; 륤; 륤; 륤; ) HANGUL SYLLABLE RYULS +B965;B965;1105 1172 11B4;B965;1105 1172 11B4; # (륥; 륥; 륥; 륥; 륥; ) HANGUL SYLLABLE RYULT +B966;B966;1105 1172 11B5;B966;1105 1172 11B5; # (륦; 륦; 륦; 륦; 륦; ) HANGUL SYLLABLE RYULP +B967;B967;1105 1172 11B6;B967;1105 1172 11B6; # (륧; 륧; 륧; 륧; 륧; ) HANGUL SYLLABLE RYULH +B968;B968;1105 1172 11B7;B968;1105 1172 11B7; # (륨; 륨; 륨; 륨; 륨; ) HANGUL SYLLABLE RYUM +B969;B969;1105 1172 11B8;B969;1105 1172 11B8; # (륩; 륩; 륩; 륩; 륩; ) HANGUL SYLLABLE RYUB +B96A;B96A;1105 1172 11B9;B96A;1105 1172 11B9; # (륪; 륪; 륪; 륪; 륪; ) HANGUL SYLLABLE RYUBS +B96B;B96B;1105 1172 11BA;B96B;1105 1172 11BA; # (륫; 륫; 륫; 륫; 륫; ) HANGUL SYLLABLE RYUS +B96C;B96C;1105 1172 11BB;B96C;1105 1172 11BB; # (륬; 륬; 륬; 륬; 륬; ) HANGUL SYLLABLE RYUSS +B96D;B96D;1105 1172 11BC;B96D;1105 1172 11BC; # (륭; 륭; 륭; 륭; 륭; ) HANGUL SYLLABLE RYUNG +B96E;B96E;1105 1172 11BD;B96E;1105 1172 11BD; # (륮; 륮; 륮; 륮; 륮; ) HANGUL SYLLABLE RYUJ +B96F;B96F;1105 1172 11BE;B96F;1105 1172 11BE; # (륯; 륯; 륯; 륯; 륯; ) HANGUL SYLLABLE RYUC +B970;B970;1105 1172 11BF;B970;1105 1172 11BF; # (륰; 륰; 륰; 륰; 륰; ) HANGUL SYLLABLE RYUK +B971;B971;1105 1172 11C0;B971;1105 1172 11C0; # (륱; 륱; 륱; 륱; 륱; ) HANGUL SYLLABLE RYUT +B972;B972;1105 1172 11C1;B972;1105 1172 11C1; # (륲; 륲; á„…á…²á‡; 륲; á„…á…²á‡; ) HANGUL SYLLABLE RYUP +B973;B973;1105 1172 11C2;B973;1105 1172 11C2; # (륳; 륳; 륳; 륳; 륳; ) HANGUL SYLLABLE RYUH +B974;B974;1105 1173;B974;1105 1173; # (르; 르; á„…á…³; 르; á„…á…³; ) HANGUL SYLLABLE REU +B975;B975;1105 1173 11A8;B975;1105 1173 11A8; # (륵; 륵; 륵; 륵; 륵; ) HANGUL SYLLABLE REUG +B976;B976;1105 1173 11A9;B976;1105 1173 11A9; # (륶; 륶; 륶; 륶; 륶; ) HANGUL SYLLABLE REUGG +B977;B977;1105 1173 11AA;B977;1105 1173 11AA; # (륷; 륷; 륷; 륷; 륷; ) HANGUL SYLLABLE REUGS +B978;B978;1105 1173 11AB;B978;1105 1173 11AB; # (른; 른; 른; 른; 른; ) HANGUL SYLLABLE REUN +B979;B979;1105 1173 11AC;B979;1105 1173 11AC; # (륹; 륹; 륹; 륹; 륹; ) HANGUL SYLLABLE REUNJ +B97A;B97A;1105 1173 11AD;B97A;1105 1173 11AD; # (륺; 륺; 륺; 륺; 륺; ) HANGUL SYLLABLE REUNH +B97B;B97B;1105 1173 11AE;B97B;1105 1173 11AE; # (륻; 륻; 륻; 륻; 륻; ) HANGUL SYLLABLE REUD +B97C;B97C;1105 1173 11AF;B97C;1105 1173 11AF; # (를; 를; 를; 를; 를; ) HANGUL SYLLABLE REUL +B97D;B97D;1105 1173 11B0;B97D;1105 1173 11B0; # (륽; 륽; 륽; 륽; 륽; ) HANGUL SYLLABLE REULG +B97E;B97E;1105 1173 11B1;B97E;1105 1173 11B1; # (륾; 륾; 륾; 륾; 륾; ) HANGUL SYLLABLE REULM +B97F;B97F;1105 1173 11B2;B97F;1105 1173 11B2; # (륿; 륿; 륿; 륿; 륿; ) HANGUL SYLLABLE REULB +B980;B980;1105 1173 11B3;B980;1105 1173 11B3; # (릀; 릀; 릀; 릀; 릀; ) HANGUL SYLLABLE REULS +B981;B981;1105 1173 11B4;B981;1105 1173 11B4; # (ë¦; ë¦; 릁; ë¦; 릁; ) HANGUL SYLLABLE REULT +B982;B982;1105 1173 11B5;B982;1105 1173 11B5; # (릂; 릂; 릂; 릂; 릂; ) HANGUL SYLLABLE REULP +B983;B983;1105 1173 11B6;B983;1105 1173 11B6; # (릃; 릃; 릃; 릃; 릃; ) HANGUL SYLLABLE REULH +B984;B984;1105 1173 11B7;B984;1105 1173 11B7; # (름; 름; 름; 름; 름; ) HANGUL SYLLABLE REUM +B985;B985;1105 1173 11B8;B985;1105 1173 11B8; # (릅; 릅; 릅; 릅; 릅; ) HANGUL SYLLABLE REUB +B986;B986;1105 1173 11B9;B986;1105 1173 11B9; # (릆; 릆; 릆; 릆; 릆; ) HANGUL SYLLABLE REUBS +B987;B987;1105 1173 11BA;B987;1105 1173 11BA; # (릇; 릇; 릇; 릇; 릇; ) HANGUL SYLLABLE REUS +B988;B988;1105 1173 11BB;B988;1105 1173 11BB; # (릈; 릈; 릈; 릈; 릈; ) HANGUL SYLLABLE REUSS +B989;B989;1105 1173 11BC;B989;1105 1173 11BC; # (릉; 릉; 릉; 릉; 릉; ) HANGUL SYLLABLE REUNG +B98A;B98A;1105 1173 11BD;B98A;1105 1173 11BD; # (릊; 릊; 릊; 릊; 릊; ) HANGUL SYLLABLE REUJ +B98B;B98B;1105 1173 11BE;B98B;1105 1173 11BE; # (릋; 릋; 릋; 릋; 릋; ) HANGUL SYLLABLE REUC +B98C;B98C;1105 1173 11BF;B98C;1105 1173 11BF; # (릌; 릌; 릌; 릌; 릌; ) HANGUL SYLLABLE REUK +B98D;B98D;1105 1173 11C0;B98D;1105 1173 11C0; # (ë¦; ë¦; 릍; ë¦; 릍; ) HANGUL SYLLABLE REUT +B98E;B98E;1105 1173 11C1;B98E;1105 1173 11C1; # (릎; 릎; á„…á…³á‡; 릎; á„…á…³á‡; ) HANGUL SYLLABLE REUP +B98F;B98F;1105 1173 11C2;B98F;1105 1173 11C2; # (ë¦; ë¦; 릏; ë¦; 릏; ) HANGUL SYLLABLE REUH +B990;B990;1105 1174;B990;1105 1174; # (ë¦; ë¦; á„…á…´; ë¦; á„…á…´; ) HANGUL SYLLABLE RYI +B991;B991;1105 1174 11A8;B991;1105 1174 11A8; # (릑; 릑; 릑; 릑; 릑; ) HANGUL SYLLABLE RYIG +B992;B992;1105 1174 11A9;B992;1105 1174 11A9; # (릒; 릒; 릒; 릒; 릒; ) HANGUL SYLLABLE RYIGG +B993;B993;1105 1174 11AA;B993;1105 1174 11AA; # (릓; 릓; 릓; 릓; 릓; ) HANGUL SYLLABLE RYIGS +B994;B994;1105 1174 11AB;B994;1105 1174 11AB; # (릔; 릔; 릔; 릔; 릔; ) HANGUL SYLLABLE RYIN +B995;B995;1105 1174 11AC;B995;1105 1174 11AC; # (릕; 릕; 릕; 릕; 릕; ) HANGUL SYLLABLE RYINJ +B996;B996;1105 1174 11AD;B996;1105 1174 11AD; # (릖; 릖; 릖; 릖; 릖; ) HANGUL SYLLABLE RYINH +B997;B997;1105 1174 11AE;B997;1105 1174 11AE; # (릗; 릗; 릗; 릗; 릗; ) HANGUL SYLLABLE RYID +B998;B998;1105 1174 11AF;B998;1105 1174 11AF; # (릘; 릘; 릘; 릘; 릘; ) HANGUL SYLLABLE RYIL +B999;B999;1105 1174 11B0;B999;1105 1174 11B0; # (릙; 릙; 릙; 릙; 릙; ) HANGUL SYLLABLE RYILG +B99A;B99A;1105 1174 11B1;B99A;1105 1174 11B1; # (릚; 릚; 릚; 릚; 릚; ) HANGUL SYLLABLE RYILM +B99B;B99B;1105 1174 11B2;B99B;1105 1174 11B2; # (릛; 릛; 릛; 릛; 릛; ) HANGUL SYLLABLE RYILB +B99C;B99C;1105 1174 11B3;B99C;1105 1174 11B3; # (릜; 릜; 릜; 릜; 릜; ) HANGUL SYLLABLE RYILS +B99D;B99D;1105 1174 11B4;B99D;1105 1174 11B4; # (ë¦; ë¦; 릝; ë¦; 릝; ) HANGUL SYLLABLE RYILT +B99E;B99E;1105 1174 11B5;B99E;1105 1174 11B5; # (릞; 릞; 릞; 릞; 릞; ) HANGUL SYLLABLE RYILP +B99F;B99F;1105 1174 11B6;B99F;1105 1174 11B6; # (릟; 릟; 릟; 릟; 릟; ) HANGUL SYLLABLE RYILH +B9A0;B9A0;1105 1174 11B7;B9A0;1105 1174 11B7; # (릠; 릠; 릠; 릠; 릠; ) HANGUL SYLLABLE RYIM +B9A1;B9A1;1105 1174 11B8;B9A1;1105 1174 11B8; # (릡; 릡; 릡; 릡; 릡; ) HANGUL SYLLABLE RYIB +B9A2;B9A2;1105 1174 11B9;B9A2;1105 1174 11B9; # (릢; 릢; 릢; 릢; 릢; ) HANGUL SYLLABLE RYIBS +B9A3;B9A3;1105 1174 11BA;B9A3;1105 1174 11BA; # (릣; 릣; 릣; 릣; 릣; ) HANGUL SYLLABLE RYIS +B9A4;B9A4;1105 1174 11BB;B9A4;1105 1174 11BB; # (릤; 릤; 릤; 릤; 릤; ) HANGUL SYLLABLE RYISS +B9A5;B9A5;1105 1174 11BC;B9A5;1105 1174 11BC; # (릥; 릥; 릥; 릥; 릥; ) HANGUL SYLLABLE RYING +B9A6;B9A6;1105 1174 11BD;B9A6;1105 1174 11BD; # (릦; 릦; 릦; 릦; 릦; ) HANGUL SYLLABLE RYIJ +B9A7;B9A7;1105 1174 11BE;B9A7;1105 1174 11BE; # (릧; 릧; 릧; 릧; 릧; ) HANGUL SYLLABLE RYIC +B9A8;B9A8;1105 1174 11BF;B9A8;1105 1174 11BF; # (릨; 릨; 릨; 릨; 릨; ) HANGUL SYLLABLE RYIK +B9A9;B9A9;1105 1174 11C0;B9A9;1105 1174 11C0; # (릩; 릩; 릩; 릩; 릩; ) HANGUL SYLLABLE RYIT +B9AA;B9AA;1105 1174 11C1;B9AA;1105 1174 11C1; # (릪; 릪; á„…á…´á‡; 릪; á„…á…´á‡; ) HANGUL SYLLABLE RYIP +B9AB;B9AB;1105 1174 11C2;B9AB;1105 1174 11C2; # (릫; 릫; 릫; 릫; 릫; ) HANGUL SYLLABLE RYIH +B9AC;B9AC;1105 1175;B9AC;1105 1175; # (리; 리; á„…á…µ; 리; á„…á…µ; ) HANGUL SYLLABLE RI +B9AD;B9AD;1105 1175 11A8;B9AD;1105 1175 11A8; # (릭; 릭; 릭; 릭; 릭; ) HANGUL SYLLABLE RIG +B9AE;B9AE;1105 1175 11A9;B9AE;1105 1175 11A9; # (릮; 릮; 릮; 릮; 릮; ) HANGUL SYLLABLE RIGG +B9AF;B9AF;1105 1175 11AA;B9AF;1105 1175 11AA; # (릯; 릯; 릯; 릯; 릯; ) HANGUL SYLLABLE RIGS +B9B0;B9B0;1105 1175 11AB;B9B0;1105 1175 11AB; # (린; 린; 린; 린; 린; ) HANGUL SYLLABLE RIN +B9B1;B9B1;1105 1175 11AC;B9B1;1105 1175 11AC; # (릱; 릱; 릱; 릱; 릱; ) HANGUL SYLLABLE RINJ +B9B2;B9B2;1105 1175 11AD;B9B2;1105 1175 11AD; # (릲; 릲; 릲; 릲; 릲; ) HANGUL SYLLABLE RINH +B9B3;B9B3;1105 1175 11AE;B9B3;1105 1175 11AE; # (릳; 릳; 릳; 릳; 릳; ) HANGUL SYLLABLE RID +B9B4;B9B4;1105 1175 11AF;B9B4;1105 1175 11AF; # (릴; 릴; 릴; 릴; 릴; ) HANGUL SYLLABLE RIL +B9B5;B9B5;1105 1175 11B0;B9B5;1105 1175 11B0; # (릵; 릵; 릵; 릵; 릵; ) HANGUL SYLLABLE RILG +B9B6;B9B6;1105 1175 11B1;B9B6;1105 1175 11B1; # (릶; 릶; 릶; 릶; 릶; ) HANGUL SYLLABLE RILM +B9B7;B9B7;1105 1175 11B2;B9B7;1105 1175 11B2; # (릷; 릷; 릷; 릷; 릷; ) HANGUL SYLLABLE RILB +B9B8;B9B8;1105 1175 11B3;B9B8;1105 1175 11B3; # (릸; 릸; 릸; 릸; 릸; ) HANGUL SYLLABLE RILS +B9B9;B9B9;1105 1175 11B4;B9B9;1105 1175 11B4; # (릹; 릹; 릹; 릹; 릹; ) HANGUL SYLLABLE RILT +B9BA;B9BA;1105 1175 11B5;B9BA;1105 1175 11B5; # (릺; 릺; 릺; 릺; 릺; ) HANGUL SYLLABLE RILP +B9BB;B9BB;1105 1175 11B6;B9BB;1105 1175 11B6; # (릻; 릻; 릻; 릻; 릻; ) HANGUL SYLLABLE RILH +B9BC;B9BC;1105 1175 11B7;B9BC;1105 1175 11B7; # (림; 림; 림; 림; 림; ) HANGUL SYLLABLE RIM +B9BD;B9BD;1105 1175 11B8;B9BD;1105 1175 11B8; # (립; 립; 립; 립; 립; ) HANGUL SYLLABLE RIB +B9BE;B9BE;1105 1175 11B9;B9BE;1105 1175 11B9; # (릾; 릾; 릾; 릾; 릾; ) HANGUL SYLLABLE RIBS +B9BF;B9BF;1105 1175 11BA;B9BF;1105 1175 11BA; # (릿; 릿; 릿; 릿; 릿; ) HANGUL SYLLABLE RIS +B9C0;B9C0;1105 1175 11BB;B9C0;1105 1175 11BB; # (맀; 맀; 맀; 맀; 맀; ) HANGUL SYLLABLE RISS +B9C1;B9C1;1105 1175 11BC;B9C1;1105 1175 11BC; # (ë§; ë§; 링; ë§; 링; ) HANGUL SYLLABLE RING +B9C2;B9C2;1105 1175 11BD;B9C2;1105 1175 11BD; # (맂; 맂; 맂; 맂; 맂; ) HANGUL SYLLABLE RIJ +B9C3;B9C3;1105 1175 11BE;B9C3;1105 1175 11BE; # (맃; 맃; 맃; 맃; 맃; ) HANGUL SYLLABLE RIC +B9C4;B9C4;1105 1175 11BF;B9C4;1105 1175 11BF; # (맄; 맄; 맄; 맄; 맄; ) HANGUL SYLLABLE RIK +B9C5;B9C5;1105 1175 11C0;B9C5;1105 1175 11C0; # (맅; 맅; 맅; 맅; 맅; ) HANGUL SYLLABLE RIT +B9C6;B9C6;1105 1175 11C1;B9C6;1105 1175 11C1; # (맆; 맆; á„…á…µá‡; 맆; á„…á…µá‡; ) HANGUL SYLLABLE RIP +B9C7;B9C7;1105 1175 11C2;B9C7;1105 1175 11C2; # (맇; 맇; 맇; 맇; 맇; ) HANGUL SYLLABLE RIH +B9C8;B9C8;1106 1161;B9C8;1106 1161; # (마; 마; 마; 마; 마; ) HANGUL SYLLABLE MA +B9C9;B9C9;1106 1161 11A8;B9C9;1106 1161 11A8; # (막; 막; 막; 막; 막; ) HANGUL SYLLABLE MAG +B9CA;B9CA;1106 1161 11A9;B9CA;1106 1161 11A9; # (맊; 맊; 맊; 맊; 맊; ) HANGUL SYLLABLE MAGG +B9CB;B9CB;1106 1161 11AA;B9CB;1106 1161 11AA; # (맋; 맋; 맋; 맋; 맋; ) HANGUL SYLLABLE MAGS +B9CC;B9CC;1106 1161 11AB;B9CC;1106 1161 11AB; # (만; 만; 만; 만; 만; ) HANGUL SYLLABLE MAN +B9CD;B9CD;1106 1161 11AC;B9CD;1106 1161 11AC; # (ë§; ë§; 맍; ë§; 맍; ) HANGUL SYLLABLE MANJ +B9CE;B9CE;1106 1161 11AD;B9CE;1106 1161 11AD; # (많; 많; 많; 많; 많; ) HANGUL SYLLABLE MANH +B9CF;B9CF;1106 1161 11AE;B9CF;1106 1161 11AE; # (ë§; ë§; 맏; ë§; 맏; ) HANGUL SYLLABLE MAD +B9D0;B9D0;1106 1161 11AF;B9D0;1106 1161 11AF; # (ë§; ë§; 말; ë§; 말; ) HANGUL SYLLABLE MAL +B9D1;B9D1;1106 1161 11B0;B9D1;1106 1161 11B0; # (맑; 맑; 맑; 맑; 맑; ) HANGUL SYLLABLE MALG +B9D2;B9D2;1106 1161 11B1;B9D2;1106 1161 11B1; # (맒; 맒; 맒; 맒; 맒; ) HANGUL SYLLABLE MALM +B9D3;B9D3;1106 1161 11B2;B9D3;1106 1161 11B2; # (맓; 맓; 맓; 맓; 맓; ) HANGUL SYLLABLE MALB +B9D4;B9D4;1106 1161 11B3;B9D4;1106 1161 11B3; # (맔; 맔; 맔; 맔; 맔; ) HANGUL SYLLABLE MALS +B9D5;B9D5;1106 1161 11B4;B9D5;1106 1161 11B4; # (맕; 맕; 맕; 맕; 맕; ) HANGUL SYLLABLE MALT +B9D6;B9D6;1106 1161 11B5;B9D6;1106 1161 11B5; # (맖; 맖; 맖; 맖; 맖; ) HANGUL SYLLABLE MALP +B9D7;B9D7;1106 1161 11B6;B9D7;1106 1161 11B6; # (맗; 맗; 맗; 맗; 맗; ) HANGUL SYLLABLE MALH +B9D8;B9D8;1106 1161 11B7;B9D8;1106 1161 11B7; # (맘; 맘; 맘; 맘; 맘; ) HANGUL SYLLABLE MAM +B9D9;B9D9;1106 1161 11B8;B9D9;1106 1161 11B8; # (맙; 맙; 맙; 맙; 맙; ) HANGUL SYLLABLE MAB +B9DA;B9DA;1106 1161 11B9;B9DA;1106 1161 11B9; # (맚; 맚; 맚; 맚; 맚; ) HANGUL SYLLABLE MABS +B9DB;B9DB;1106 1161 11BA;B9DB;1106 1161 11BA; # (맛; 맛; 맛; 맛; 맛; ) HANGUL SYLLABLE MAS +B9DC;B9DC;1106 1161 11BB;B9DC;1106 1161 11BB; # (맜; 맜; 맜; 맜; 맜; ) HANGUL SYLLABLE MASS +B9DD;B9DD;1106 1161 11BC;B9DD;1106 1161 11BC; # (ë§; ë§; 망; ë§; 망; ) HANGUL SYLLABLE MANG +B9DE;B9DE;1106 1161 11BD;B9DE;1106 1161 11BD; # (맞; 맞; 맞; 맞; 맞; ) HANGUL SYLLABLE MAJ +B9DF;B9DF;1106 1161 11BE;B9DF;1106 1161 11BE; # (맟; 맟; 맟; 맟; 맟; ) HANGUL SYLLABLE MAC +B9E0;B9E0;1106 1161 11BF;B9E0;1106 1161 11BF; # (맠; 맠; 맠; 맠; 맠; ) HANGUL SYLLABLE MAK +B9E1;B9E1;1106 1161 11C0;B9E1;1106 1161 11C0; # (맡; 맡; 맡; 맡; 맡; ) HANGUL SYLLABLE MAT +B9E2;B9E2;1106 1161 11C1;B9E2;1106 1161 11C1; # (맢; 맢; 마á‡; 맢; 마á‡; ) HANGUL SYLLABLE MAP +B9E3;B9E3;1106 1161 11C2;B9E3;1106 1161 11C2; # (맣; 맣; 맣; 맣; 맣; ) HANGUL SYLLABLE MAH +B9E4;B9E4;1106 1162;B9E4;1106 1162; # (매; 매; 매; 매; 매; ) HANGUL SYLLABLE MAE +B9E5;B9E5;1106 1162 11A8;B9E5;1106 1162 11A8; # (맥; 맥; 맥; 맥; 맥; ) HANGUL SYLLABLE MAEG +B9E6;B9E6;1106 1162 11A9;B9E6;1106 1162 11A9; # (맦; 맦; 맦; 맦; 맦; ) HANGUL SYLLABLE MAEGG +B9E7;B9E7;1106 1162 11AA;B9E7;1106 1162 11AA; # (맧; 맧; 맧; 맧; 맧; ) HANGUL SYLLABLE MAEGS +B9E8;B9E8;1106 1162 11AB;B9E8;1106 1162 11AB; # (맨; 맨; 맨; 맨; 맨; ) HANGUL SYLLABLE MAEN +B9E9;B9E9;1106 1162 11AC;B9E9;1106 1162 11AC; # (맩; 맩; 맩; 맩; 맩; ) HANGUL SYLLABLE MAENJ +B9EA;B9EA;1106 1162 11AD;B9EA;1106 1162 11AD; # (맪; 맪; 맪; 맪; 맪; ) HANGUL SYLLABLE MAENH +B9EB;B9EB;1106 1162 11AE;B9EB;1106 1162 11AE; # (맫; 맫; 맫; 맫; 맫; ) HANGUL SYLLABLE MAED +B9EC;B9EC;1106 1162 11AF;B9EC;1106 1162 11AF; # (맬; 맬; 맬; 맬; 맬; ) HANGUL SYLLABLE MAEL +B9ED;B9ED;1106 1162 11B0;B9ED;1106 1162 11B0; # (맭; 맭; 맭; 맭; 맭; ) HANGUL SYLLABLE MAELG +B9EE;B9EE;1106 1162 11B1;B9EE;1106 1162 11B1; # (맮; 맮; 맮; 맮; 맮; ) HANGUL SYLLABLE MAELM +B9EF;B9EF;1106 1162 11B2;B9EF;1106 1162 11B2; # (맯; 맯; 맯; 맯; 맯; ) HANGUL SYLLABLE MAELB +B9F0;B9F0;1106 1162 11B3;B9F0;1106 1162 11B3; # (맰; 맰; 맰; 맰; 맰; ) HANGUL SYLLABLE MAELS +B9F1;B9F1;1106 1162 11B4;B9F1;1106 1162 11B4; # (맱; 맱; 맱; 맱; 맱; ) HANGUL SYLLABLE MAELT +B9F2;B9F2;1106 1162 11B5;B9F2;1106 1162 11B5; # (맲; 맲; 맲; 맲; 맲; ) HANGUL SYLLABLE MAELP +B9F3;B9F3;1106 1162 11B6;B9F3;1106 1162 11B6; # (맳; 맳; 맳; 맳; 맳; ) HANGUL SYLLABLE MAELH +B9F4;B9F4;1106 1162 11B7;B9F4;1106 1162 11B7; # (맴; 맴; 맴; 맴; 맴; ) HANGUL SYLLABLE MAEM +B9F5;B9F5;1106 1162 11B8;B9F5;1106 1162 11B8; # (맵; 맵; 맵; 맵; 맵; ) HANGUL SYLLABLE MAEB +B9F6;B9F6;1106 1162 11B9;B9F6;1106 1162 11B9; # (맶; 맶; 맶; 맶; 맶; ) HANGUL SYLLABLE MAEBS +B9F7;B9F7;1106 1162 11BA;B9F7;1106 1162 11BA; # (맷; 맷; 맷; 맷; 맷; ) HANGUL SYLLABLE MAES +B9F8;B9F8;1106 1162 11BB;B9F8;1106 1162 11BB; # (맸; 맸; 맸; 맸; 맸; ) HANGUL SYLLABLE MAESS +B9F9;B9F9;1106 1162 11BC;B9F9;1106 1162 11BC; # (맹; 맹; 맹; 맹; 맹; ) HANGUL SYLLABLE MAENG +B9FA;B9FA;1106 1162 11BD;B9FA;1106 1162 11BD; # (맺; 맺; 맺; 맺; 맺; ) HANGUL SYLLABLE MAEJ +B9FB;B9FB;1106 1162 11BE;B9FB;1106 1162 11BE; # (맻; 맻; 맻; 맻; 맻; ) HANGUL SYLLABLE MAEC +B9FC;B9FC;1106 1162 11BF;B9FC;1106 1162 11BF; # (맼; 맼; 맼; 맼; 맼; ) HANGUL SYLLABLE MAEK +B9FD;B9FD;1106 1162 11C0;B9FD;1106 1162 11C0; # (맽; 맽; 맽; 맽; 맽; ) HANGUL SYLLABLE MAET +B9FE;B9FE;1106 1162 11C1;B9FE;1106 1162 11C1; # (맾; 맾; 매á‡; 맾; 매á‡; ) HANGUL SYLLABLE MAEP +B9FF;B9FF;1106 1162 11C2;B9FF;1106 1162 11C2; # (맿; 맿; 맿; 맿; 맿; ) HANGUL SYLLABLE MAEH +BA00;BA00;1106 1163;BA00;1106 1163; # (먀; 먀; 먀; 먀; 먀; ) HANGUL SYLLABLE MYA +BA01;BA01;1106 1163 11A8;BA01;1106 1163 11A8; # (ë¨; ë¨; 먁; ë¨; 먁; ) HANGUL SYLLABLE MYAG +BA02;BA02;1106 1163 11A9;BA02;1106 1163 11A9; # (먂; 먂; 먂; 먂; 먂; ) HANGUL SYLLABLE MYAGG +BA03;BA03;1106 1163 11AA;BA03;1106 1163 11AA; # (먃; 먃; 먃; 먃; 먃; ) HANGUL SYLLABLE MYAGS +BA04;BA04;1106 1163 11AB;BA04;1106 1163 11AB; # (먄; 먄; 먄; 먄; 먄; ) HANGUL SYLLABLE MYAN +BA05;BA05;1106 1163 11AC;BA05;1106 1163 11AC; # (먅; 먅; 먅; 먅; 먅; ) HANGUL SYLLABLE MYANJ +BA06;BA06;1106 1163 11AD;BA06;1106 1163 11AD; # (먆; 먆; 먆; 먆; 먆; ) HANGUL SYLLABLE MYANH +BA07;BA07;1106 1163 11AE;BA07;1106 1163 11AE; # (먇; 먇; 먇; 먇; 먇; ) HANGUL SYLLABLE MYAD +BA08;BA08;1106 1163 11AF;BA08;1106 1163 11AF; # (먈; 먈; 먈; 먈; 먈; ) HANGUL SYLLABLE MYAL +BA09;BA09;1106 1163 11B0;BA09;1106 1163 11B0; # (먉; 먉; 먉; 먉; 먉; ) HANGUL SYLLABLE MYALG +BA0A;BA0A;1106 1163 11B1;BA0A;1106 1163 11B1; # (먊; 먊; 먊; 먊; 먊; ) HANGUL SYLLABLE MYALM +BA0B;BA0B;1106 1163 11B2;BA0B;1106 1163 11B2; # (먋; 먋; 먋; 먋; 먋; ) HANGUL SYLLABLE MYALB +BA0C;BA0C;1106 1163 11B3;BA0C;1106 1163 11B3; # (먌; 먌; 먌; 먌; 먌; ) HANGUL SYLLABLE MYALS +BA0D;BA0D;1106 1163 11B4;BA0D;1106 1163 11B4; # (ë¨; ë¨; 먍; ë¨; 먍; ) HANGUL SYLLABLE MYALT +BA0E;BA0E;1106 1163 11B5;BA0E;1106 1163 11B5; # (먎; 먎; 먎; 먎; 먎; ) HANGUL SYLLABLE MYALP +BA0F;BA0F;1106 1163 11B6;BA0F;1106 1163 11B6; # (ë¨; ë¨; 먏; ë¨; 먏; ) HANGUL SYLLABLE MYALH +BA10;BA10;1106 1163 11B7;BA10;1106 1163 11B7; # (ë¨; ë¨; 먐; ë¨; 먐; ) HANGUL SYLLABLE MYAM +BA11;BA11;1106 1163 11B8;BA11;1106 1163 11B8; # (먑; 먑; 먑; 먑; 먑; ) HANGUL SYLLABLE MYAB +BA12;BA12;1106 1163 11B9;BA12;1106 1163 11B9; # (먒; 먒; 먒; 먒; 먒; ) HANGUL SYLLABLE MYABS +BA13;BA13;1106 1163 11BA;BA13;1106 1163 11BA; # (먓; 먓; 먓; 먓; 먓; ) HANGUL SYLLABLE MYAS +BA14;BA14;1106 1163 11BB;BA14;1106 1163 11BB; # (먔; 먔; 먔; 먔; 먔; ) HANGUL SYLLABLE MYASS +BA15;BA15;1106 1163 11BC;BA15;1106 1163 11BC; # (먕; 먕; 먕; 먕; 먕; ) HANGUL SYLLABLE MYANG +BA16;BA16;1106 1163 11BD;BA16;1106 1163 11BD; # (먖; 먖; 먖; 먖; 먖; ) HANGUL SYLLABLE MYAJ +BA17;BA17;1106 1163 11BE;BA17;1106 1163 11BE; # (먗; 먗; 먗; 먗; 먗; ) HANGUL SYLLABLE MYAC +BA18;BA18;1106 1163 11BF;BA18;1106 1163 11BF; # (먘; 먘; 먘; 먘; 먘; ) HANGUL SYLLABLE MYAK +BA19;BA19;1106 1163 11C0;BA19;1106 1163 11C0; # (먙; 먙; 먙; 먙; 먙; ) HANGUL SYLLABLE MYAT +BA1A;BA1A;1106 1163 11C1;BA1A;1106 1163 11C1; # (먚; 먚; 먀á‡; 먚; 먀á‡; ) HANGUL SYLLABLE MYAP +BA1B;BA1B;1106 1163 11C2;BA1B;1106 1163 11C2; # (먛; 먛; 먛; 먛; 먛; ) HANGUL SYLLABLE MYAH +BA1C;BA1C;1106 1164;BA1C;1106 1164; # (먜; 먜; 먜; 먜; 먜; ) HANGUL SYLLABLE MYAE +BA1D;BA1D;1106 1164 11A8;BA1D;1106 1164 11A8; # (ë¨; ë¨; 먝; ë¨; 먝; ) HANGUL SYLLABLE MYAEG +BA1E;BA1E;1106 1164 11A9;BA1E;1106 1164 11A9; # (먞; 먞; 먞; 먞; 먞; ) HANGUL SYLLABLE MYAEGG +BA1F;BA1F;1106 1164 11AA;BA1F;1106 1164 11AA; # (먟; 먟; 먟; 먟; 먟; ) HANGUL SYLLABLE MYAEGS +BA20;BA20;1106 1164 11AB;BA20;1106 1164 11AB; # (먠; 먠; 먠; 먠; 먠; ) HANGUL SYLLABLE MYAEN +BA21;BA21;1106 1164 11AC;BA21;1106 1164 11AC; # (먡; 먡; 먡; 먡; 먡; ) HANGUL SYLLABLE MYAENJ +BA22;BA22;1106 1164 11AD;BA22;1106 1164 11AD; # (먢; 먢; 먢; 먢; 먢; ) HANGUL SYLLABLE MYAENH +BA23;BA23;1106 1164 11AE;BA23;1106 1164 11AE; # (먣; 먣; 먣; 먣; 먣; ) HANGUL SYLLABLE MYAED +BA24;BA24;1106 1164 11AF;BA24;1106 1164 11AF; # (먤; 먤; 먤; 먤; 먤; ) HANGUL SYLLABLE MYAEL +BA25;BA25;1106 1164 11B0;BA25;1106 1164 11B0; # (먥; 먥; 먥; 먥; 먥; ) HANGUL SYLLABLE MYAELG +BA26;BA26;1106 1164 11B1;BA26;1106 1164 11B1; # (먦; 먦; 먦; 먦; 먦; ) HANGUL SYLLABLE MYAELM +BA27;BA27;1106 1164 11B2;BA27;1106 1164 11B2; # (먧; 먧; 먧; 먧; 먧; ) HANGUL SYLLABLE MYAELB +BA28;BA28;1106 1164 11B3;BA28;1106 1164 11B3; # (먨; 먨; 먨; 먨; 먨; ) HANGUL SYLLABLE MYAELS +BA29;BA29;1106 1164 11B4;BA29;1106 1164 11B4; # (먩; 먩; 먩; 먩; 먩; ) HANGUL SYLLABLE MYAELT +BA2A;BA2A;1106 1164 11B5;BA2A;1106 1164 11B5; # (먪; 먪; 먪; 먪; 먪; ) HANGUL SYLLABLE MYAELP +BA2B;BA2B;1106 1164 11B6;BA2B;1106 1164 11B6; # (먫; 먫; 먫; 먫; 먫; ) HANGUL SYLLABLE MYAELH +BA2C;BA2C;1106 1164 11B7;BA2C;1106 1164 11B7; # (먬; 먬; 먬; 먬; 먬; ) HANGUL SYLLABLE MYAEM +BA2D;BA2D;1106 1164 11B8;BA2D;1106 1164 11B8; # (먭; 먭; 먭; 먭; 먭; ) HANGUL SYLLABLE MYAEB +BA2E;BA2E;1106 1164 11B9;BA2E;1106 1164 11B9; # (먮; 먮; 먮; 먮; 먮; ) HANGUL SYLLABLE MYAEBS +BA2F;BA2F;1106 1164 11BA;BA2F;1106 1164 11BA; # (먯; 먯; 먯; 먯; 먯; ) HANGUL SYLLABLE MYAES +BA30;BA30;1106 1164 11BB;BA30;1106 1164 11BB; # (먰; 먰; 먰; 먰; 먰; ) HANGUL SYLLABLE MYAESS +BA31;BA31;1106 1164 11BC;BA31;1106 1164 11BC; # (먱; 먱; 먱; 먱; 먱; ) HANGUL SYLLABLE MYAENG +BA32;BA32;1106 1164 11BD;BA32;1106 1164 11BD; # (먲; 먲; 먲; 먲; 먲; ) HANGUL SYLLABLE MYAEJ +BA33;BA33;1106 1164 11BE;BA33;1106 1164 11BE; # (먳; 먳; 먳; 먳; 먳; ) HANGUL SYLLABLE MYAEC +BA34;BA34;1106 1164 11BF;BA34;1106 1164 11BF; # (먴; 먴; 먴; 먴; 먴; ) HANGUL SYLLABLE MYAEK +BA35;BA35;1106 1164 11C0;BA35;1106 1164 11C0; # (먵; 먵; 먵; 먵; 먵; ) HANGUL SYLLABLE MYAET +BA36;BA36;1106 1164 11C1;BA36;1106 1164 11C1; # (먶; 먶; 먜á‡; 먶; 먜á‡; ) HANGUL SYLLABLE MYAEP +BA37;BA37;1106 1164 11C2;BA37;1106 1164 11C2; # (먷; 먷; 먷; 먷; 먷; ) HANGUL SYLLABLE MYAEH +BA38;BA38;1106 1165;BA38;1106 1165; # (머; 머; 머; 머; 머; ) HANGUL SYLLABLE MEO +BA39;BA39;1106 1165 11A8;BA39;1106 1165 11A8; # (먹; 먹; 먹; 먹; 먹; ) HANGUL SYLLABLE MEOG +BA3A;BA3A;1106 1165 11A9;BA3A;1106 1165 11A9; # (먺; 먺; 먺; 먺; 먺; ) HANGUL SYLLABLE MEOGG +BA3B;BA3B;1106 1165 11AA;BA3B;1106 1165 11AA; # (먻; 먻; 먻; 먻; 먻; ) HANGUL SYLLABLE MEOGS +BA3C;BA3C;1106 1165 11AB;BA3C;1106 1165 11AB; # (먼; 먼; 먼; 먼; 먼; ) HANGUL SYLLABLE MEON +BA3D;BA3D;1106 1165 11AC;BA3D;1106 1165 11AC; # (먽; 먽; 먽; 먽; 먽; ) HANGUL SYLLABLE MEONJ +BA3E;BA3E;1106 1165 11AD;BA3E;1106 1165 11AD; # (먾; 먾; 먾; 먾; 먾; ) HANGUL SYLLABLE MEONH +BA3F;BA3F;1106 1165 11AE;BA3F;1106 1165 11AE; # (먿; 먿; 먿; 먿; 먿; ) HANGUL SYLLABLE MEOD +BA40;BA40;1106 1165 11AF;BA40;1106 1165 11AF; # (ë©€; ë©€; 멀; ë©€; 멀; ) HANGUL SYLLABLE MEOL +BA41;BA41;1106 1165 11B0;BA41;1106 1165 11B0; # (ë©; ë©; 멁; ë©; 멁; ) HANGUL SYLLABLE MEOLG +BA42;BA42;1106 1165 11B1;BA42;1106 1165 11B1; # (ë©‚; ë©‚; 멂; ë©‚; 멂; ) HANGUL SYLLABLE MEOLM +BA43;BA43;1106 1165 11B2;BA43;1106 1165 11B2; # (멃; 멃; 멃; 멃; 멃; ) HANGUL SYLLABLE MEOLB +BA44;BA44;1106 1165 11B3;BA44;1106 1165 11B3; # (ë©„; ë©„; 멄; ë©„; 멄; ) HANGUL SYLLABLE MEOLS +BA45;BA45;1106 1165 11B4;BA45;1106 1165 11B4; # (ë©…; ë©…; 멅; ë©…; 멅; ) HANGUL SYLLABLE MEOLT +BA46;BA46;1106 1165 11B5;BA46;1106 1165 11B5; # (멆; 멆; 멆; 멆; 멆; ) HANGUL SYLLABLE MEOLP +BA47;BA47;1106 1165 11B6;BA47;1106 1165 11B6; # (멇; 멇; 멇; 멇; 멇; ) HANGUL SYLLABLE MEOLH +BA48;BA48;1106 1165 11B7;BA48;1106 1165 11B7; # (멈; 멈; 멈; 멈; 멈; ) HANGUL SYLLABLE MEOM +BA49;BA49;1106 1165 11B8;BA49;1106 1165 11B8; # (멉; 멉; 멉; 멉; 멉; ) HANGUL SYLLABLE MEOB +BA4A;BA4A;1106 1165 11B9;BA4A;1106 1165 11B9; # (ë©Š; ë©Š; 멊; ë©Š; 멊; ) HANGUL SYLLABLE MEOBS +BA4B;BA4B;1106 1165 11BA;BA4B;1106 1165 11BA; # (ë©‹; ë©‹; 멋; ë©‹; 멋; ) HANGUL SYLLABLE MEOS +BA4C;BA4C;1106 1165 11BB;BA4C;1106 1165 11BB; # (ë©Œ; ë©Œ; 멌; ë©Œ; 멌; ) HANGUL SYLLABLE MEOSS +BA4D;BA4D;1106 1165 11BC;BA4D;1106 1165 11BC; # (ë©; ë©; 멍; ë©; 멍; ) HANGUL SYLLABLE MEONG +BA4E;BA4E;1106 1165 11BD;BA4E;1106 1165 11BD; # (ë©Ž; ë©Ž; 멎; ë©Ž; 멎; ) HANGUL SYLLABLE MEOJ +BA4F;BA4F;1106 1165 11BE;BA4F;1106 1165 11BE; # (ë©; ë©; 멏; ë©; 멏; ) HANGUL SYLLABLE MEOC +BA50;BA50;1106 1165 11BF;BA50;1106 1165 11BF; # (ë©; ë©; 멐; ë©; 멐; ) HANGUL SYLLABLE MEOK +BA51;BA51;1106 1165 11C0;BA51;1106 1165 11C0; # (ë©‘; ë©‘; 멑; ë©‘; 멑; ) HANGUL SYLLABLE MEOT +BA52;BA52;1106 1165 11C1;BA52;1106 1165 11C1; # (ë©’; ë©’; 머á‡; ë©’; 머á‡; ) HANGUL SYLLABLE MEOP +BA53;BA53;1106 1165 11C2;BA53;1106 1165 11C2; # (ë©“; ë©“; 멓; ë©“; 멓; ) HANGUL SYLLABLE MEOH +BA54;BA54;1106 1166;BA54;1106 1166; # (ë©”; ë©”; 메; ë©”; 메; ) HANGUL SYLLABLE ME +BA55;BA55;1106 1166 11A8;BA55;1106 1166 11A8; # (ë©•; ë©•; 멕; ë©•; 멕; ) HANGUL SYLLABLE MEG +BA56;BA56;1106 1166 11A9;BA56;1106 1166 11A9; # (ë©–; ë©–; 멖; ë©–; 멖; ) HANGUL SYLLABLE MEGG +BA57;BA57;1106 1166 11AA;BA57;1106 1166 11AA; # (ë©—; ë©—; 멗; ë©—; 멗; ) HANGUL SYLLABLE MEGS +BA58;BA58;1106 1166 11AB;BA58;1106 1166 11AB; # (멘; 멘; 멘; 멘; 멘; ) HANGUL SYLLABLE MEN +BA59;BA59;1106 1166 11AC;BA59;1106 1166 11AC; # (ë©™; ë©™; 멙; ë©™; 멙; ) HANGUL SYLLABLE MENJ +BA5A;BA5A;1106 1166 11AD;BA5A;1106 1166 11AD; # (ë©š; ë©š; 멚; ë©š; 멚; ) HANGUL SYLLABLE MENH +BA5B;BA5B;1106 1166 11AE;BA5B;1106 1166 11AE; # (ë©›; ë©›; 멛; ë©›; 멛; ) HANGUL SYLLABLE MED +BA5C;BA5C;1106 1166 11AF;BA5C;1106 1166 11AF; # (ë©œ; ë©œ; 멜; ë©œ; 멜; ) HANGUL SYLLABLE MEL +BA5D;BA5D;1106 1166 11B0;BA5D;1106 1166 11B0; # (ë©; ë©; 멝; ë©; 멝; ) HANGUL SYLLABLE MELG +BA5E;BA5E;1106 1166 11B1;BA5E;1106 1166 11B1; # (ë©ž; ë©ž; 멞; ë©ž; 멞; ) HANGUL SYLLABLE MELM +BA5F;BA5F;1106 1166 11B2;BA5F;1106 1166 11B2; # (ë©Ÿ; ë©Ÿ; 멟; ë©Ÿ; 멟; ) HANGUL SYLLABLE MELB +BA60;BA60;1106 1166 11B3;BA60;1106 1166 11B3; # (ë© ; ë© ; 멠; ë© ; 멠; ) HANGUL SYLLABLE MELS +BA61;BA61;1106 1166 11B4;BA61;1106 1166 11B4; # (ë©¡; ë©¡; 멡; ë©¡; 멡; ) HANGUL SYLLABLE MELT +BA62;BA62;1106 1166 11B5;BA62;1106 1166 11B5; # (ë©¢; ë©¢; 멢; ë©¢; 멢; ) HANGUL SYLLABLE MELP +BA63;BA63;1106 1166 11B6;BA63;1106 1166 11B6; # (ë©£; ë©£; 멣; ë©£; 멣; ) HANGUL SYLLABLE MELH +BA64;BA64;1106 1166 11B7;BA64;1106 1166 11B7; # (멤; 멤; 멤; 멤; 멤; ) HANGUL SYLLABLE MEM +BA65;BA65;1106 1166 11B8;BA65;1106 1166 11B8; # (ë©¥; ë©¥; 멥; ë©¥; 멥; ) HANGUL SYLLABLE MEB +BA66;BA66;1106 1166 11B9;BA66;1106 1166 11B9; # (멦; 멦; 멦; 멦; 멦; ) HANGUL SYLLABLE MEBS +BA67;BA67;1106 1166 11BA;BA67;1106 1166 11BA; # (멧; 멧; 멧; 멧; 멧; ) HANGUL SYLLABLE MES +BA68;BA68;1106 1166 11BB;BA68;1106 1166 11BB; # (멨; 멨; 멨; 멨; 멨; ) HANGUL SYLLABLE MESS +BA69;BA69;1106 1166 11BC;BA69;1106 1166 11BC; # (ë©©; ë©©; 멩; ë©©; 멩; ) HANGUL SYLLABLE MENG +BA6A;BA6A;1106 1166 11BD;BA6A;1106 1166 11BD; # (멪; 멪; 멪; 멪; 멪; ) HANGUL SYLLABLE MEJ +BA6B;BA6B;1106 1166 11BE;BA6B;1106 1166 11BE; # (ë©«; ë©«; 멫; ë©«; 멫; ) HANGUL SYLLABLE MEC +BA6C;BA6C;1106 1166 11BF;BA6C;1106 1166 11BF; # (멬; 멬; 멬; 멬; 멬; ) HANGUL SYLLABLE MEK +BA6D;BA6D;1106 1166 11C0;BA6D;1106 1166 11C0; # (ë©­; ë©­; 멭; ë©­; 멭; ) HANGUL SYLLABLE MET +BA6E;BA6E;1106 1166 11C1;BA6E;1106 1166 11C1; # (ë©®; ë©®; 메á‡; ë©®; 메á‡; ) HANGUL SYLLABLE MEP +BA6F;BA6F;1106 1166 11C2;BA6F;1106 1166 11C2; # (멯; 멯; 멯; 멯; 멯; ) HANGUL SYLLABLE MEH +BA70;BA70;1106 1167;BA70;1106 1167; # (ë©°; ë©°; 며; ë©°; 며; ) HANGUL SYLLABLE MYEO +BA71;BA71;1106 1167 11A8;BA71;1106 1167 11A8; # (멱; 멱; 멱; 멱; 멱; ) HANGUL SYLLABLE MYEOG +BA72;BA72;1106 1167 11A9;BA72;1106 1167 11A9; # (멲; 멲; 멲; 멲; 멲; ) HANGUL SYLLABLE MYEOGG +BA73;BA73;1106 1167 11AA;BA73;1106 1167 11AA; # (멳; 멳; 멳; 멳; 멳; ) HANGUL SYLLABLE MYEOGS +BA74;BA74;1106 1167 11AB;BA74;1106 1167 11AB; # (ë©´; ë©´; 면; ë©´; 면; ) HANGUL SYLLABLE MYEON +BA75;BA75;1106 1167 11AC;BA75;1106 1167 11AC; # (멵; 멵; 멵; 멵; 멵; ) HANGUL SYLLABLE MYEONJ +BA76;BA76;1106 1167 11AD;BA76;1106 1167 11AD; # (멶; 멶; 멶; 멶; 멶; ) HANGUL SYLLABLE MYEONH +BA77;BA77;1106 1167 11AE;BA77;1106 1167 11AE; # (ë©·; ë©·; 멷; ë©·; 멷; ) HANGUL SYLLABLE MYEOD +BA78;BA78;1106 1167 11AF;BA78;1106 1167 11AF; # (멸; 멸; 멸; 멸; 멸; ) HANGUL SYLLABLE MYEOL +BA79;BA79;1106 1167 11B0;BA79;1106 1167 11B0; # (멹; 멹; 멹; 멹; 멹; ) HANGUL SYLLABLE MYEOLG +BA7A;BA7A;1106 1167 11B1;BA7A;1106 1167 11B1; # (멺; 멺; 멺; 멺; 멺; ) HANGUL SYLLABLE MYEOLM +BA7B;BA7B;1106 1167 11B2;BA7B;1106 1167 11B2; # (ë©»; ë©»; 멻; ë©»; 멻; ) HANGUL SYLLABLE MYEOLB +BA7C;BA7C;1106 1167 11B3;BA7C;1106 1167 11B3; # (멼; 멼; 멼; 멼; 멼; ) HANGUL SYLLABLE MYEOLS +BA7D;BA7D;1106 1167 11B4;BA7D;1106 1167 11B4; # (멽; 멽; 멽; 멽; 멽; ) HANGUL SYLLABLE MYEOLT +BA7E;BA7E;1106 1167 11B5;BA7E;1106 1167 11B5; # (멾; 멾; 멾; 멾; 멾; ) HANGUL SYLLABLE MYEOLP +BA7F;BA7F;1106 1167 11B6;BA7F;1106 1167 11B6; # (ë©¿; ë©¿; 멿; ë©¿; 멿; ) HANGUL SYLLABLE MYEOLH +BA80;BA80;1106 1167 11B7;BA80;1106 1167 11B7; # (몀; 몀; 몀; 몀; 몀; ) HANGUL SYLLABLE MYEOM +BA81;BA81;1106 1167 11B8;BA81;1106 1167 11B8; # (ëª; ëª; 몁; ëª; 몁; ) HANGUL SYLLABLE MYEOB +BA82;BA82;1106 1167 11B9;BA82;1106 1167 11B9; # (몂; 몂; 몂; 몂; 몂; ) HANGUL SYLLABLE MYEOBS +BA83;BA83;1106 1167 11BA;BA83;1106 1167 11BA; # (몃; 몃; 몃; 몃; 몃; ) HANGUL SYLLABLE MYEOS +BA84;BA84;1106 1167 11BB;BA84;1106 1167 11BB; # (몄; 몄; 몄; 몄; 몄; ) HANGUL SYLLABLE MYEOSS +BA85;BA85;1106 1167 11BC;BA85;1106 1167 11BC; # (명; 명; 명; 명; 명; ) HANGUL SYLLABLE MYEONG +BA86;BA86;1106 1167 11BD;BA86;1106 1167 11BD; # (몆; 몆; 몆; 몆; 몆; ) HANGUL SYLLABLE MYEOJ +BA87;BA87;1106 1167 11BE;BA87;1106 1167 11BE; # (몇; 몇; 몇; 몇; 몇; ) HANGUL SYLLABLE MYEOC +BA88;BA88;1106 1167 11BF;BA88;1106 1167 11BF; # (몈; 몈; 몈; 몈; 몈; ) HANGUL SYLLABLE MYEOK +BA89;BA89;1106 1167 11C0;BA89;1106 1167 11C0; # (몉; 몉; 몉; 몉; 몉; ) HANGUL SYLLABLE MYEOT +BA8A;BA8A;1106 1167 11C1;BA8A;1106 1167 11C1; # (몊; 몊; 며á‡; 몊; 며á‡; ) HANGUL SYLLABLE MYEOP +BA8B;BA8B;1106 1167 11C2;BA8B;1106 1167 11C2; # (몋; 몋; 몋; 몋; 몋; ) HANGUL SYLLABLE MYEOH +BA8C;BA8C;1106 1168;BA8C;1106 1168; # (몌; 몌; 몌; 몌; 몌; ) HANGUL SYLLABLE MYE +BA8D;BA8D;1106 1168 11A8;BA8D;1106 1168 11A8; # (ëª; ëª; 몍; ëª; 몍; ) HANGUL SYLLABLE MYEG +BA8E;BA8E;1106 1168 11A9;BA8E;1106 1168 11A9; # (몎; 몎; 몎; 몎; 몎; ) HANGUL SYLLABLE MYEGG +BA8F;BA8F;1106 1168 11AA;BA8F;1106 1168 11AA; # (ëª; ëª; 몏; ëª; 몏; ) HANGUL SYLLABLE MYEGS +BA90;BA90;1106 1168 11AB;BA90;1106 1168 11AB; # (ëª; ëª; 몐; ëª; 몐; ) HANGUL SYLLABLE MYEN +BA91;BA91;1106 1168 11AC;BA91;1106 1168 11AC; # (몑; 몑; 몑; 몑; 몑; ) HANGUL SYLLABLE MYENJ +BA92;BA92;1106 1168 11AD;BA92;1106 1168 11AD; # (몒; 몒; 몒; 몒; 몒; ) HANGUL SYLLABLE MYENH +BA93;BA93;1106 1168 11AE;BA93;1106 1168 11AE; # (몓; 몓; 몓; 몓; 몓; ) HANGUL SYLLABLE MYED +BA94;BA94;1106 1168 11AF;BA94;1106 1168 11AF; # (몔; 몔; 몔; 몔; 몔; ) HANGUL SYLLABLE MYEL +BA95;BA95;1106 1168 11B0;BA95;1106 1168 11B0; # (몕; 몕; 몕; 몕; 몕; ) HANGUL SYLLABLE MYELG +BA96;BA96;1106 1168 11B1;BA96;1106 1168 11B1; # (몖; 몖; 몖; 몖; 몖; ) HANGUL SYLLABLE MYELM +BA97;BA97;1106 1168 11B2;BA97;1106 1168 11B2; # (몗; 몗; 몗; 몗; 몗; ) HANGUL SYLLABLE MYELB +BA98;BA98;1106 1168 11B3;BA98;1106 1168 11B3; # (몘; 몘; 몘; 몘; 몘; ) HANGUL SYLLABLE MYELS +BA99;BA99;1106 1168 11B4;BA99;1106 1168 11B4; # (몙; 몙; 몙; 몙; 몙; ) HANGUL SYLLABLE MYELT +BA9A;BA9A;1106 1168 11B5;BA9A;1106 1168 11B5; # (몚; 몚; 몚; 몚; 몚; ) HANGUL SYLLABLE MYELP +BA9B;BA9B;1106 1168 11B6;BA9B;1106 1168 11B6; # (몛; 몛; 몛; 몛; 몛; ) HANGUL SYLLABLE MYELH +BA9C;BA9C;1106 1168 11B7;BA9C;1106 1168 11B7; # (몜; 몜; 몜; 몜; 몜; ) HANGUL SYLLABLE MYEM +BA9D;BA9D;1106 1168 11B8;BA9D;1106 1168 11B8; # (ëª; ëª; 몝; ëª; 몝; ) HANGUL SYLLABLE MYEB +BA9E;BA9E;1106 1168 11B9;BA9E;1106 1168 11B9; # (몞; 몞; 몞; 몞; 몞; ) HANGUL SYLLABLE MYEBS +BA9F;BA9F;1106 1168 11BA;BA9F;1106 1168 11BA; # (몟; 몟; 몟; 몟; 몟; ) HANGUL SYLLABLE MYES +BAA0;BAA0;1106 1168 11BB;BAA0;1106 1168 11BB; # (몠; 몠; 몠; 몠; 몠; ) HANGUL SYLLABLE MYESS +BAA1;BAA1;1106 1168 11BC;BAA1;1106 1168 11BC; # (몡; 몡; 몡; 몡; 몡; ) HANGUL SYLLABLE MYENG +BAA2;BAA2;1106 1168 11BD;BAA2;1106 1168 11BD; # (몢; 몢; 몢; 몢; 몢; ) HANGUL SYLLABLE MYEJ +BAA3;BAA3;1106 1168 11BE;BAA3;1106 1168 11BE; # (몣; 몣; 몣; 몣; 몣; ) HANGUL SYLLABLE MYEC +BAA4;BAA4;1106 1168 11BF;BAA4;1106 1168 11BF; # (몤; 몤; 몤; 몤; 몤; ) HANGUL SYLLABLE MYEK +BAA5;BAA5;1106 1168 11C0;BAA5;1106 1168 11C0; # (몥; 몥; 몥; 몥; 몥; ) HANGUL SYLLABLE MYET +BAA6;BAA6;1106 1168 11C1;BAA6;1106 1168 11C1; # (몦; 몦; 몌á‡; 몦; 몌á‡; ) HANGUL SYLLABLE MYEP +BAA7;BAA7;1106 1168 11C2;BAA7;1106 1168 11C2; # (몧; 몧; 몧; 몧; 몧; ) HANGUL SYLLABLE MYEH +BAA8;BAA8;1106 1169;BAA8;1106 1169; # (모; 모; 모; 모; 모; ) HANGUL SYLLABLE MO +BAA9;BAA9;1106 1169 11A8;BAA9;1106 1169 11A8; # (목; 목; 목; 목; 목; ) HANGUL SYLLABLE MOG +BAAA;BAAA;1106 1169 11A9;BAAA;1106 1169 11A9; # (몪; 몪; 몪; 몪; 몪; ) HANGUL SYLLABLE MOGG +BAAB;BAAB;1106 1169 11AA;BAAB;1106 1169 11AA; # (몫; 몫; 몫; 몫; 몫; ) HANGUL SYLLABLE MOGS +BAAC;BAAC;1106 1169 11AB;BAAC;1106 1169 11AB; # (몬; 몬; 몬; 몬; 몬; ) HANGUL SYLLABLE MON +BAAD;BAAD;1106 1169 11AC;BAAD;1106 1169 11AC; # (몭; 몭; 몭; 몭; 몭; ) HANGUL SYLLABLE MONJ +BAAE;BAAE;1106 1169 11AD;BAAE;1106 1169 11AD; # (몮; 몮; 몮; 몮; 몮; ) HANGUL SYLLABLE MONH +BAAF;BAAF;1106 1169 11AE;BAAF;1106 1169 11AE; # (몯; 몯; 몯; 몯; 몯; ) HANGUL SYLLABLE MOD +BAB0;BAB0;1106 1169 11AF;BAB0;1106 1169 11AF; # (몰; 몰; 몰; 몰; 몰; ) HANGUL SYLLABLE MOL +BAB1;BAB1;1106 1169 11B0;BAB1;1106 1169 11B0; # (몱; 몱; 몱; 몱; 몱; ) HANGUL SYLLABLE MOLG +BAB2;BAB2;1106 1169 11B1;BAB2;1106 1169 11B1; # (몲; 몲; 몲; 몲; 몲; ) HANGUL SYLLABLE MOLM +BAB3;BAB3;1106 1169 11B2;BAB3;1106 1169 11B2; # (몳; 몳; 몳; 몳; 몳; ) HANGUL SYLLABLE MOLB +BAB4;BAB4;1106 1169 11B3;BAB4;1106 1169 11B3; # (몴; 몴; 몴; 몴; 몴; ) HANGUL SYLLABLE MOLS +BAB5;BAB5;1106 1169 11B4;BAB5;1106 1169 11B4; # (몵; 몵; 몵; 몵; 몵; ) HANGUL SYLLABLE MOLT +BAB6;BAB6;1106 1169 11B5;BAB6;1106 1169 11B5; # (몶; 몶; 몶; 몶; 몶; ) HANGUL SYLLABLE MOLP +BAB7;BAB7;1106 1169 11B6;BAB7;1106 1169 11B6; # (몷; 몷; 몷; 몷; 몷; ) HANGUL SYLLABLE MOLH +BAB8;BAB8;1106 1169 11B7;BAB8;1106 1169 11B7; # (몸; 몸; 몸; 몸; 몸; ) HANGUL SYLLABLE MOM +BAB9;BAB9;1106 1169 11B8;BAB9;1106 1169 11B8; # (몹; 몹; 몹; 몹; 몹; ) HANGUL SYLLABLE MOB +BABA;BABA;1106 1169 11B9;BABA;1106 1169 11B9; # (몺; 몺; 몺; 몺; 몺; ) HANGUL SYLLABLE MOBS +BABB;BABB;1106 1169 11BA;BABB;1106 1169 11BA; # (못; 못; 못; 못; 못; ) HANGUL SYLLABLE MOS +BABC;BABC;1106 1169 11BB;BABC;1106 1169 11BB; # (몼; 몼; 몼; 몼; 몼; ) HANGUL SYLLABLE MOSS +BABD;BABD;1106 1169 11BC;BABD;1106 1169 11BC; # (몽; 몽; 몽; 몽; 몽; ) HANGUL SYLLABLE MONG +BABE;BABE;1106 1169 11BD;BABE;1106 1169 11BD; # (몾; 몾; 몾; 몾; 몾; ) HANGUL SYLLABLE MOJ +BABF;BABF;1106 1169 11BE;BABF;1106 1169 11BE; # (몿; 몿; 몿; 몿; 몿; ) HANGUL SYLLABLE MOC +BAC0;BAC0;1106 1169 11BF;BAC0;1106 1169 11BF; # (ë«€; ë«€; 뫀; ë«€; 뫀; ) HANGUL SYLLABLE MOK +BAC1;BAC1;1106 1169 11C0;BAC1;1106 1169 11C0; # (ë«; ë«; 뫁; ë«; 뫁; ) HANGUL SYLLABLE MOT +BAC2;BAC2;1106 1169 11C1;BAC2;1106 1169 11C1; # (ë«‚; ë«‚; 모á‡; ë«‚; 모á‡; ) HANGUL SYLLABLE MOP +BAC3;BAC3;1106 1169 11C2;BAC3;1106 1169 11C2; # (뫃; 뫃; 뫃; 뫃; 뫃; ) HANGUL SYLLABLE MOH +BAC4;BAC4;1106 116A;BAC4;1106 116A; # (ë«„; ë«„; 뫄; ë«„; 뫄; ) HANGUL SYLLABLE MWA +BAC5;BAC5;1106 116A 11A8;BAC5;1106 116A 11A8; # (ë«…; ë«…; 뫅; ë«…; 뫅; ) HANGUL SYLLABLE MWAG +BAC6;BAC6;1106 116A 11A9;BAC6;1106 116A 11A9; # (뫆; 뫆; 뫆; 뫆; 뫆; ) HANGUL SYLLABLE MWAGG +BAC7;BAC7;1106 116A 11AA;BAC7;1106 116A 11AA; # (뫇; 뫇; 뫇; 뫇; 뫇; ) HANGUL SYLLABLE MWAGS +BAC8;BAC8;1106 116A 11AB;BAC8;1106 116A 11AB; # (뫈; 뫈; 뫈; 뫈; 뫈; ) HANGUL SYLLABLE MWAN +BAC9;BAC9;1106 116A 11AC;BAC9;1106 116A 11AC; # (뫉; 뫉; 뫉; 뫉; 뫉; ) HANGUL SYLLABLE MWANJ +BACA;BACA;1106 116A 11AD;BACA;1106 116A 11AD; # (ë«Š; ë«Š; 뫊; ë«Š; 뫊; ) HANGUL SYLLABLE MWANH +BACB;BACB;1106 116A 11AE;BACB;1106 116A 11AE; # (ë«‹; ë«‹; 뫋; ë«‹; 뫋; ) HANGUL SYLLABLE MWAD +BACC;BACC;1106 116A 11AF;BACC;1106 116A 11AF; # (ë«Œ; ë«Œ; 뫌; ë«Œ; 뫌; ) HANGUL SYLLABLE MWAL +BACD;BACD;1106 116A 11B0;BACD;1106 116A 11B0; # (ë«; ë«; 뫍; ë«; 뫍; ) HANGUL SYLLABLE MWALG +BACE;BACE;1106 116A 11B1;BACE;1106 116A 11B1; # (ë«Ž; ë«Ž; 뫎; ë«Ž; 뫎; ) HANGUL SYLLABLE MWALM +BACF;BACF;1106 116A 11B2;BACF;1106 116A 11B2; # (ë«; ë«; 뫏; ë«; 뫏; ) HANGUL SYLLABLE MWALB +BAD0;BAD0;1106 116A 11B3;BAD0;1106 116A 11B3; # (ë«; ë«; 뫐; ë«; 뫐; ) HANGUL SYLLABLE MWALS +BAD1;BAD1;1106 116A 11B4;BAD1;1106 116A 11B4; # (ë«‘; ë«‘; 뫑; ë«‘; 뫑; ) HANGUL SYLLABLE MWALT +BAD2;BAD2;1106 116A 11B5;BAD2;1106 116A 11B5; # (ë«’; ë«’; 뫒; ë«’; 뫒; ) HANGUL SYLLABLE MWALP +BAD3;BAD3;1106 116A 11B6;BAD3;1106 116A 11B6; # (ë«“; ë«“; 뫓; ë«“; 뫓; ) HANGUL SYLLABLE MWALH +BAD4;BAD4;1106 116A 11B7;BAD4;1106 116A 11B7; # (ë«”; ë«”; 뫔; ë«”; 뫔; ) HANGUL SYLLABLE MWAM +BAD5;BAD5;1106 116A 11B8;BAD5;1106 116A 11B8; # (ë«•; ë«•; 뫕; ë«•; 뫕; ) HANGUL SYLLABLE MWAB +BAD6;BAD6;1106 116A 11B9;BAD6;1106 116A 11B9; # (ë«–; ë«–; 뫖; ë«–; 뫖; ) HANGUL SYLLABLE MWABS +BAD7;BAD7;1106 116A 11BA;BAD7;1106 116A 11BA; # (ë«—; ë«—; 뫗; ë«—; 뫗; ) HANGUL SYLLABLE MWAS +BAD8;BAD8;1106 116A 11BB;BAD8;1106 116A 11BB; # (뫘; 뫘; 뫘; 뫘; 뫘; ) HANGUL SYLLABLE MWASS +BAD9;BAD9;1106 116A 11BC;BAD9;1106 116A 11BC; # (ë«™; ë«™; 뫙; ë«™; 뫙; ) HANGUL SYLLABLE MWANG +BADA;BADA;1106 116A 11BD;BADA;1106 116A 11BD; # (ë«š; ë«š; 뫚; ë«š; 뫚; ) HANGUL SYLLABLE MWAJ +BADB;BADB;1106 116A 11BE;BADB;1106 116A 11BE; # (ë«›; ë«›; 뫛; ë«›; 뫛; ) HANGUL SYLLABLE MWAC +BADC;BADC;1106 116A 11BF;BADC;1106 116A 11BF; # (ë«œ; ë«œ; 뫜; ë«œ; 뫜; ) HANGUL SYLLABLE MWAK +BADD;BADD;1106 116A 11C0;BADD;1106 116A 11C0; # (ë«; ë«; 뫝; ë«; 뫝; ) HANGUL SYLLABLE MWAT +BADE;BADE;1106 116A 11C1;BADE;1106 116A 11C1; # (ë«ž; ë«ž; 뫄á‡; ë«ž; 뫄á‡; ) HANGUL SYLLABLE MWAP +BADF;BADF;1106 116A 11C2;BADF;1106 116A 11C2; # (ë«Ÿ; ë«Ÿ; 뫟; ë«Ÿ; 뫟; ) HANGUL SYLLABLE MWAH +BAE0;BAE0;1106 116B;BAE0;1106 116B; # (ë« ; ë« ; 뫠; ë« ; 뫠; ) HANGUL SYLLABLE MWAE +BAE1;BAE1;1106 116B 11A8;BAE1;1106 116B 11A8; # (ë«¡; ë«¡; 뫡; ë«¡; 뫡; ) HANGUL SYLLABLE MWAEG +BAE2;BAE2;1106 116B 11A9;BAE2;1106 116B 11A9; # (ë«¢; ë«¢; 뫢; ë«¢; 뫢; ) HANGUL SYLLABLE MWAEGG +BAE3;BAE3;1106 116B 11AA;BAE3;1106 116B 11AA; # (ë«£; ë«£; 뫣; ë«£; 뫣; ) HANGUL SYLLABLE MWAEGS +BAE4;BAE4;1106 116B 11AB;BAE4;1106 116B 11AB; # (뫤; 뫤; 뫤; 뫤; 뫤; ) HANGUL SYLLABLE MWAEN +BAE5;BAE5;1106 116B 11AC;BAE5;1106 116B 11AC; # (ë«¥; ë«¥; 뫥; ë«¥; 뫥; ) HANGUL SYLLABLE MWAENJ +BAE6;BAE6;1106 116B 11AD;BAE6;1106 116B 11AD; # (뫦; 뫦; 뫦; 뫦; 뫦; ) HANGUL SYLLABLE MWAENH +BAE7;BAE7;1106 116B 11AE;BAE7;1106 116B 11AE; # (뫧; 뫧; 뫧; 뫧; 뫧; ) HANGUL SYLLABLE MWAED +BAE8;BAE8;1106 116B 11AF;BAE8;1106 116B 11AF; # (뫨; 뫨; 뫨; 뫨; 뫨; ) HANGUL SYLLABLE MWAEL +BAE9;BAE9;1106 116B 11B0;BAE9;1106 116B 11B0; # (ë«©; ë«©; 뫩; ë«©; 뫩; ) HANGUL SYLLABLE MWAELG +BAEA;BAEA;1106 116B 11B1;BAEA;1106 116B 11B1; # (뫪; 뫪; 뫪; 뫪; 뫪; ) HANGUL SYLLABLE MWAELM +BAEB;BAEB;1106 116B 11B2;BAEB;1106 116B 11B2; # (ë««; ë««; 뫫; ë««; 뫫; ) HANGUL SYLLABLE MWAELB +BAEC;BAEC;1106 116B 11B3;BAEC;1106 116B 11B3; # (뫬; 뫬; 뫬; 뫬; 뫬; ) HANGUL SYLLABLE MWAELS +BAED;BAED;1106 116B 11B4;BAED;1106 116B 11B4; # (ë«­; ë«­; 뫭; ë«­; 뫭; ) HANGUL SYLLABLE MWAELT +BAEE;BAEE;1106 116B 11B5;BAEE;1106 116B 11B5; # (ë«®; ë«®; 뫮; ë«®; 뫮; ) HANGUL SYLLABLE MWAELP +BAEF;BAEF;1106 116B 11B6;BAEF;1106 116B 11B6; # (뫯; 뫯; 뫯; 뫯; 뫯; ) HANGUL SYLLABLE MWAELH +BAF0;BAF0;1106 116B 11B7;BAF0;1106 116B 11B7; # (ë«°; ë«°; 뫰; ë«°; 뫰; ) HANGUL SYLLABLE MWAEM +BAF1;BAF1;1106 116B 11B8;BAF1;1106 116B 11B8; # (뫱; 뫱; 뫱; 뫱; 뫱; ) HANGUL SYLLABLE MWAEB +BAF2;BAF2;1106 116B 11B9;BAF2;1106 116B 11B9; # (뫲; 뫲; 뫲; 뫲; 뫲; ) HANGUL SYLLABLE MWAEBS +BAF3;BAF3;1106 116B 11BA;BAF3;1106 116B 11BA; # (뫳; 뫳; 뫳; 뫳; 뫳; ) HANGUL SYLLABLE MWAES +BAF4;BAF4;1106 116B 11BB;BAF4;1106 116B 11BB; # (ë«´; ë«´; 뫴; ë«´; 뫴; ) HANGUL SYLLABLE MWAESS +BAF5;BAF5;1106 116B 11BC;BAF5;1106 116B 11BC; # (뫵; 뫵; 뫵; 뫵; 뫵; ) HANGUL SYLLABLE MWAENG +BAF6;BAF6;1106 116B 11BD;BAF6;1106 116B 11BD; # (뫶; 뫶; 뫶; 뫶; 뫶; ) HANGUL SYLLABLE MWAEJ +BAF7;BAF7;1106 116B 11BE;BAF7;1106 116B 11BE; # (ë«·; ë«·; 뫷; ë«·; 뫷; ) HANGUL SYLLABLE MWAEC +BAF8;BAF8;1106 116B 11BF;BAF8;1106 116B 11BF; # (뫸; 뫸; 뫸; 뫸; 뫸; ) HANGUL SYLLABLE MWAEK +BAF9;BAF9;1106 116B 11C0;BAF9;1106 116B 11C0; # (뫹; 뫹; 뫹; 뫹; 뫹; ) HANGUL SYLLABLE MWAET +BAFA;BAFA;1106 116B 11C1;BAFA;1106 116B 11C1; # (뫺; 뫺; 뫠á‡; 뫺; 뫠á‡; ) HANGUL SYLLABLE MWAEP +BAFB;BAFB;1106 116B 11C2;BAFB;1106 116B 11C2; # (ë«»; ë«»; 뫻; ë«»; 뫻; ) HANGUL SYLLABLE MWAEH +BAFC;BAFC;1106 116C;BAFC;1106 116C; # (뫼; 뫼; 뫼; 뫼; 뫼; ) HANGUL SYLLABLE MOE +BAFD;BAFD;1106 116C 11A8;BAFD;1106 116C 11A8; # (뫽; 뫽; 뫽; 뫽; 뫽; ) HANGUL SYLLABLE MOEG +BAFE;BAFE;1106 116C 11A9;BAFE;1106 116C 11A9; # (뫾; 뫾; 뫾; 뫾; 뫾; ) HANGUL SYLLABLE MOEGG +BAFF;BAFF;1106 116C 11AA;BAFF;1106 116C 11AA; # (ë«¿; ë«¿; 뫿; ë«¿; 뫿; ) HANGUL SYLLABLE MOEGS +BB00;BB00;1106 116C 11AB;BB00;1106 116C 11AB; # (묀; 묀; 묀; 묀; 묀; ) HANGUL SYLLABLE MOEN +BB01;BB01;1106 116C 11AC;BB01;1106 116C 11AC; # (ë¬; ë¬; 묁; ë¬; 묁; ) HANGUL SYLLABLE MOENJ +BB02;BB02;1106 116C 11AD;BB02;1106 116C 11AD; # (묂; 묂; 묂; 묂; 묂; ) HANGUL SYLLABLE MOENH +BB03;BB03;1106 116C 11AE;BB03;1106 116C 11AE; # (묃; 묃; 묃; 묃; 묃; ) HANGUL SYLLABLE MOED +BB04;BB04;1106 116C 11AF;BB04;1106 116C 11AF; # (묄; 묄; 묄; 묄; 묄; ) HANGUL SYLLABLE MOEL +BB05;BB05;1106 116C 11B0;BB05;1106 116C 11B0; # (묅; 묅; 묅; 묅; 묅; ) HANGUL SYLLABLE MOELG +BB06;BB06;1106 116C 11B1;BB06;1106 116C 11B1; # (묆; 묆; 묆; 묆; 묆; ) HANGUL SYLLABLE MOELM +BB07;BB07;1106 116C 11B2;BB07;1106 116C 11B2; # (묇; 묇; 묇; 묇; 묇; ) HANGUL SYLLABLE MOELB +BB08;BB08;1106 116C 11B3;BB08;1106 116C 11B3; # (묈; 묈; 묈; 묈; 묈; ) HANGUL SYLLABLE MOELS +BB09;BB09;1106 116C 11B4;BB09;1106 116C 11B4; # (묉; 묉; 묉; 묉; 묉; ) HANGUL SYLLABLE MOELT +BB0A;BB0A;1106 116C 11B5;BB0A;1106 116C 11B5; # (묊; 묊; 묊; 묊; 묊; ) HANGUL SYLLABLE MOELP +BB0B;BB0B;1106 116C 11B6;BB0B;1106 116C 11B6; # (묋; 묋; 묋; 묋; 묋; ) HANGUL SYLLABLE MOELH +BB0C;BB0C;1106 116C 11B7;BB0C;1106 116C 11B7; # (묌; 묌; 묌; 묌; 묌; ) HANGUL SYLLABLE MOEM +BB0D;BB0D;1106 116C 11B8;BB0D;1106 116C 11B8; # (ë¬; ë¬; 묍; ë¬; 묍; ) HANGUL SYLLABLE MOEB +BB0E;BB0E;1106 116C 11B9;BB0E;1106 116C 11B9; # (묎; 묎; 묎; 묎; 묎; ) HANGUL SYLLABLE MOEBS +BB0F;BB0F;1106 116C 11BA;BB0F;1106 116C 11BA; # (ë¬; ë¬; 묏; ë¬; 묏; ) HANGUL SYLLABLE MOES +BB10;BB10;1106 116C 11BB;BB10;1106 116C 11BB; # (ë¬; ë¬; 묐; ë¬; 묐; ) HANGUL SYLLABLE MOESS +BB11;BB11;1106 116C 11BC;BB11;1106 116C 11BC; # (묑; 묑; 묑; 묑; 묑; ) HANGUL SYLLABLE MOENG +BB12;BB12;1106 116C 11BD;BB12;1106 116C 11BD; # (묒; 묒; 묒; 묒; 묒; ) HANGUL SYLLABLE MOEJ +BB13;BB13;1106 116C 11BE;BB13;1106 116C 11BE; # (묓; 묓; 묓; 묓; 묓; ) HANGUL SYLLABLE MOEC +BB14;BB14;1106 116C 11BF;BB14;1106 116C 11BF; # (묔; 묔; 묔; 묔; 묔; ) HANGUL SYLLABLE MOEK +BB15;BB15;1106 116C 11C0;BB15;1106 116C 11C0; # (묕; 묕; 묕; 묕; 묕; ) HANGUL SYLLABLE MOET +BB16;BB16;1106 116C 11C1;BB16;1106 116C 11C1; # (묖; 묖; 뫼á‡; 묖; 뫼á‡; ) HANGUL SYLLABLE MOEP +BB17;BB17;1106 116C 11C2;BB17;1106 116C 11C2; # (묗; 묗; 묗; 묗; 묗; ) HANGUL SYLLABLE MOEH +BB18;BB18;1106 116D;BB18;1106 116D; # (묘; 묘; 묘; 묘; 묘; ) HANGUL SYLLABLE MYO +BB19;BB19;1106 116D 11A8;BB19;1106 116D 11A8; # (묙; 묙; 묙; 묙; 묙; ) HANGUL SYLLABLE MYOG +BB1A;BB1A;1106 116D 11A9;BB1A;1106 116D 11A9; # (묚; 묚; 묚; 묚; 묚; ) HANGUL SYLLABLE MYOGG +BB1B;BB1B;1106 116D 11AA;BB1B;1106 116D 11AA; # (묛; 묛; 묛; 묛; 묛; ) HANGUL SYLLABLE MYOGS +BB1C;BB1C;1106 116D 11AB;BB1C;1106 116D 11AB; # (묜; 묜; 묜; 묜; 묜; ) HANGUL SYLLABLE MYON +BB1D;BB1D;1106 116D 11AC;BB1D;1106 116D 11AC; # (ë¬; ë¬; 묝; ë¬; 묝; ) HANGUL SYLLABLE MYONJ +BB1E;BB1E;1106 116D 11AD;BB1E;1106 116D 11AD; # (묞; 묞; 묞; 묞; 묞; ) HANGUL SYLLABLE MYONH +BB1F;BB1F;1106 116D 11AE;BB1F;1106 116D 11AE; # (묟; 묟; 묟; 묟; 묟; ) HANGUL SYLLABLE MYOD +BB20;BB20;1106 116D 11AF;BB20;1106 116D 11AF; # (묠; 묠; 묠; 묠; 묠; ) HANGUL SYLLABLE MYOL +BB21;BB21;1106 116D 11B0;BB21;1106 116D 11B0; # (묡; 묡; 묡; 묡; 묡; ) HANGUL SYLLABLE MYOLG +BB22;BB22;1106 116D 11B1;BB22;1106 116D 11B1; # (묢; 묢; 묢; 묢; 묢; ) HANGUL SYLLABLE MYOLM +BB23;BB23;1106 116D 11B2;BB23;1106 116D 11B2; # (묣; 묣; 묣; 묣; 묣; ) HANGUL SYLLABLE MYOLB +BB24;BB24;1106 116D 11B3;BB24;1106 116D 11B3; # (묤; 묤; 묤; 묤; 묤; ) HANGUL SYLLABLE MYOLS +BB25;BB25;1106 116D 11B4;BB25;1106 116D 11B4; # (묥; 묥; 묥; 묥; 묥; ) HANGUL SYLLABLE MYOLT +BB26;BB26;1106 116D 11B5;BB26;1106 116D 11B5; # (묦; 묦; 묦; 묦; 묦; ) HANGUL SYLLABLE MYOLP +BB27;BB27;1106 116D 11B6;BB27;1106 116D 11B6; # (묧; 묧; 묧; 묧; 묧; ) HANGUL SYLLABLE MYOLH +BB28;BB28;1106 116D 11B7;BB28;1106 116D 11B7; # (묨; 묨; 묨; 묨; 묨; ) HANGUL SYLLABLE MYOM +BB29;BB29;1106 116D 11B8;BB29;1106 116D 11B8; # (묩; 묩; 묩; 묩; 묩; ) HANGUL SYLLABLE MYOB +BB2A;BB2A;1106 116D 11B9;BB2A;1106 116D 11B9; # (묪; 묪; 묪; 묪; 묪; ) HANGUL SYLLABLE MYOBS +BB2B;BB2B;1106 116D 11BA;BB2B;1106 116D 11BA; # (묫; 묫; 묫; 묫; 묫; ) HANGUL SYLLABLE MYOS +BB2C;BB2C;1106 116D 11BB;BB2C;1106 116D 11BB; # (묬; 묬; 묬; 묬; 묬; ) HANGUL SYLLABLE MYOSS +BB2D;BB2D;1106 116D 11BC;BB2D;1106 116D 11BC; # (묭; 묭; 묭; 묭; 묭; ) HANGUL SYLLABLE MYONG +BB2E;BB2E;1106 116D 11BD;BB2E;1106 116D 11BD; # (묮; 묮; 묮; 묮; 묮; ) HANGUL SYLLABLE MYOJ +BB2F;BB2F;1106 116D 11BE;BB2F;1106 116D 11BE; # (묯; 묯; 묯; 묯; 묯; ) HANGUL SYLLABLE MYOC +BB30;BB30;1106 116D 11BF;BB30;1106 116D 11BF; # (묰; 묰; 묰; 묰; 묰; ) HANGUL SYLLABLE MYOK +BB31;BB31;1106 116D 11C0;BB31;1106 116D 11C0; # (묱; 묱; 묱; 묱; 묱; ) HANGUL SYLLABLE MYOT +BB32;BB32;1106 116D 11C1;BB32;1106 116D 11C1; # (묲; 묲; 묘á‡; 묲; 묘á‡; ) HANGUL SYLLABLE MYOP +BB33;BB33;1106 116D 11C2;BB33;1106 116D 11C2; # (묳; 묳; 묳; 묳; 묳; ) HANGUL SYLLABLE MYOH +BB34;BB34;1106 116E;BB34;1106 116E; # (무; 무; 무; 무; 무; ) HANGUL SYLLABLE MU +BB35;BB35;1106 116E 11A8;BB35;1106 116E 11A8; # (묵; 묵; 묵; 묵; 묵; ) HANGUL SYLLABLE MUG +BB36;BB36;1106 116E 11A9;BB36;1106 116E 11A9; # (묶; 묶; 묶; 묶; 묶; ) HANGUL SYLLABLE MUGG +BB37;BB37;1106 116E 11AA;BB37;1106 116E 11AA; # (묷; 묷; 묷; 묷; 묷; ) HANGUL SYLLABLE MUGS +BB38;BB38;1106 116E 11AB;BB38;1106 116E 11AB; # (문; 문; 문; 문; 문; ) HANGUL SYLLABLE MUN +BB39;BB39;1106 116E 11AC;BB39;1106 116E 11AC; # (묹; 묹; 묹; 묹; 묹; ) HANGUL SYLLABLE MUNJ +BB3A;BB3A;1106 116E 11AD;BB3A;1106 116E 11AD; # (묺; 묺; 묺; 묺; 묺; ) HANGUL SYLLABLE MUNH +BB3B;BB3B;1106 116E 11AE;BB3B;1106 116E 11AE; # (묻; 묻; 묻; 묻; 묻; ) HANGUL SYLLABLE MUD +BB3C;BB3C;1106 116E 11AF;BB3C;1106 116E 11AF; # (물; 물; 물; 물; 물; ) HANGUL SYLLABLE MUL +BB3D;BB3D;1106 116E 11B0;BB3D;1106 116E 11B0; # (묽; 묽; 묽; 묽; 묽; ) HANGUL SYLLABLE MULG +BB3E;BB3E;1106 116E 11B1;BB3E;1106 116E 11B1; # (묾; 묾; 묾; 묾; 묾; ) HANGUL SYLLABLE MULM +BB3F;BB3F;1106 116E 11B2;BB3F;1106 116E 11B2; # (묿; 묿; 묿; 묿; 묿; ) HANGUL SYLLABLE MULB +BB40;BB40;1106 116E 11B3;BB40;1106 116E 11B3; # (ë­€; ë­€; 뭀; ë­€; 뭀; ) HANGUL SYLLABLE MULS +BB41;BB41;1106 116E 11B4;BB41;1106 116E 11B4; # (ë­; ë­; 뭁; ë­; 뭁; ) HANGUL SYLLABLE MULT +BB42;BB42;1106 116E 11B5;BB42;1106 116E 11B5; # (ë­‚; ë­‚; 뭂; ë­‚; 뭂; ) HANGUL SYLLABLE MULP +BB43;BB43;1106 116E 11B6;BB43;1106 116E 11B6; # (ë­ƒ; ë­ƒ; 뭃; ë­ƒ; 뭃; ) HANGUL SYLLABLE MULH +BB44;BB44;1106 116E 11B7;BB44;1106 116E 11B7; # (ë­„; ë­„; 뭄; ë­„; 뭄; ) HANGUL SYLLABLE MUM +BB45;BB45;1106 116E 11B8;BB45;1106 116E 11B8; # (ë­…; ë­…; 뭅; ë­…; 뭅; ) HANGUL SYLLABLE MUB +BB46;BB46;1106 116E 11B9;BB46;1106 116E 11B9; # (ë­†; ë­†; 뭆; ë­†; 뭆; ) HANGUL SYLLABLE MUBS +BB47;BB47;1106 116E 11BA;BB47;1106 116E 11BA; # (ë­‡; ë­‡; 뭇; ë­‡; 뭇; ) HANGUL SYLLABLE MUS +BB48;BB48;1106 116E 11BB;BB48;1106 116E 11BB; # (ë­ˆ; ë­ˆ; 뭈; ë­ˆ; 뭈; ) HANGUL SYLLABLE MUSS +BB49;BB49;1106 116E 11BC;BB49;1106 116E 11BC; # (ë­‰; ë­‰; 뭉; ë­‰; 뭉; ) HANGUL SYLLABLE MUNG +BB4A;BB4A;1106 116E 11BD;BB4A;1106 116E 11BD; # (ë­Š; ë­Š; 뭊; ë­Š; 뭊; ) HANGUL SYLLABLE MUJ +BB4B;BB4B;1106 116E 11BE;BB4B;1106 116E 11BE; # (ë­‹; ë­‹; 뭋; ë­‹; 뭋; ) HANGUL SYLLABLE MUC +BB4C;BB4C;1106 116E 11BF;BB4C;1106 116E 11BF; # (ë­Œ; ë­Œ; 뭌; ë­Œ; 뭌; ) HANGUL SYLLABLE MUK +BB4D;BB4D;1106 116E 11C0;BB4D;1106 116E 11C0; # (ë­; ë­; 뭍; ë­; 뭍; ) HANGUL SYLLABLE MUT +BB4E;BB4E;1106 116E 11C1;BB4E;1106 116E 11C1; # (ë­Ž; ë­Ž; 무á‡; ë­Ž; 무á‡; ) HANGUL SYLLABLE MUP +BB4F;BB4F;1106 116E 11C2;BB4F;1106 116E 11C2; # (ë­; ë­; 뭏; ë­; 뭏; ) HANGUL SYLLABLE MUH +BB50;BB50;1106 116F;BB50;1106 116F; # (ë­; ë­; 뭐; ë­; 뭐; ) HANGUL SYLLABLE MWEO +BB51;BB51;1106 116F 11A8;BB51;1106 116F 11A8; # (ë­‘; ë­‘; 뭑; ë­‘; 뭑; ) HANGUL SYLLABLE MWEOG +BB52;BB52;1106 116F 11A9;BB52;1106 116F 11A9; # (ë­’; ë­’; 뭒; ë­’; 뭒; ) HANGUL SYLLABLE MWEOGG +BB53;BB53;1106 116F 11AA;BB53;1106 116F 11AA; # (ë­“; ë­“; 뭓; ë­“; 뭓; ) HANGUL SYLLABLE MWEOGS +BB54;BB54;1106 116F 11AB;BB54;1106 116F 11AB; # (ë­”; ë­”; 뭔; ë­”; 뭔; ) HANGUL SYLLABLE MWEON +BB55;BB55;1106 116F 11AC;BB55;1106 116F 11AC; # (ë­•; ë­•; 뭕; ë­•; 뭕; ) HANGUL SYLLABLE MWEONJ +BB56;BB56;1106 116F 11AD;BB56;1106 116F 11AD; # (ë­–; ë­–; 뭖; ë­–; 뭖; ) HANGUL SYLLABLE MWEONH +BB57;BB57;1106 116F 11AE;BB57;1106 116F 11AE; # (ë­—; ë­—; 뭗; ë­—; 뭗; ) HANGUL SYLLABLE MWEOD +BB58;BB58;1106 116F 11AF;BB58;1106 116F 11AF; # (ë­˜; ë­˜; 뭘; ë­˜; 뭘; ) HANGUL SYLLABLE MWEOL +BB59;BB59;1106 116F 11B0;BB59;1106 116F 11B0; # (ë­™; ë­™; 뭙; ë­™; 뭙; ) HANGUL SYLLABLE MWEOLG +BB5A;BB5A;1106 116F 11B1;BB5A;1106 116F 11B1; # (ë­š; ë­š; 뭚; ë­š; 뭚; ) HANGUL SYLLABLE MWEOLM +BB5B;BB5B;1106 116F 11B2;BB5B;1106 116F 11B2; # (ë­›; ë­›; 뭛; ë­›; 뭛; ) HANGUL SYLLABLE MWEOLB +BB5C;BB5C;1106 116F 11B3;BB5C;1106 116F 11B3; # (ë­œ; ë­œ; 뭜; ë­œ; 뭜; ) HANGUL SYLLABLE MWEOLS +BB5D;BB5D;1106 116F 11B4;BB5D;1106 116F 11B4; # (ë­; ë­; 뭝; ë­; 뭝; ) HANGUL SYLLABLE MWEOLT +BB5E;BB5E;1106 116F 11B5;BB5E;1106 116F 11B5; # (ë­ž; ë­ž; 뭞; ë­ž; 뭞; ) HANGUL SYLLABLE MWEOLP +BB5F;BB5F;1106 116F 11B6;BB5F;1106 116F 11B6; # (ë­Ÿ; ë­Ÿ; 뭟; ë­Ÿ; 뭟; ) HANGUL SYLLABLE MWEOLH +BB60;BB60;1106 116F 11B7;BB60;1106 116F 11B7; # (ë­ ; ë­ ; 뭠; ë­ ; 뭠; ) HANGUL SYLLABLE MWEOM +BB61;BB61;1106 116F 11B8;BB61;1106 116F 11B8; # (ë­¡; ë­¡; 뭡; ë­¡; 뭡; ) HANGUL SYLLABLE MWEOB +BB62;BB62;1106 116F 11B9;BB62;1106 116F 11B9; # (ë­¢; ë­¢; 뭢; ë­¢; 뭢; ) HANGUL SYLLABLE MWEOBS +BB63;BB63;1106 116F 11BA;BB63;1106 116F 11BA; # (ë­£; ë­£; 뭣; ë­£; 뭣; ) HANGUL SYLLABLE MWEOS +BB64;BB64;1106 116F 11BB;BB64;1106 116F 11BB; # (ë­¤; ë­¤; 뭤; ë­¤; 뭤; ) HANGUL SYLLABLE MWEOSS +BB65;BB65;1106 116F 11BC;BB65;1106 116F 11BC; # (ë­¥; ë­¥; 뭥; ë­¥; 뭥; ) HANGUL SYLLABLE MWEONG +BB66;BB66;1106 116F 11BD;BB66;1106 116F 11BD; # (ë­¦; ë­¦; 뭦; ë­¦; 뭦; ) HANGUL SYLLABLE MWEOJ +BB67;BB67;1106 116F 11BE;BB67;1106 116F 11BE; # (ë­§; ë­§; 뭧; ë­§; 뭧; ) HANGUL SYLLABLE MWEOC +BB68;BB68;1106 116F 11BF;BB68;1106 116F 11BF; # (ë­¨; ë­¨; 뭨; ë­¨; 뭨; ) HANGUL SYLLABLE MWEOK +BB69;BB69;1106 116F 11C0;BB69;1106 116F 11C0; # (ë­©; ë­©; 뭩; ë­©; 뭩; ) HANGUL SYLLABLE MWEOT +BB6A;BB6A;1106 116F 11C1;BB6A;1106 116F 11C1; # (ë­ª; ë­ª; 뭐á‡; ë­ª; 뭐á‡; ) HANGUL SYLLABLE MWEOP +BB6B;BB6B;1106 116F 11C2;BB6B;1106 116F 11C2; # (ë­«; ë­«; 뭫; ë­«; 뭫; ) HANGUL SYLLABLE MWEOH +BB6C;BB6C;1106 1170;BB6C;1106 1170; # (ë­¬; ë­¬; 뭬; ë­¬; 뭬; ) HANGUL SYLLABLE MWE +BB6D;BB6D;1106 1170 11A8;BB6D;1106 1170 11A8; # (ë­­; ë­­; 뭭; ë­­; 뭭; ) HANGUL SYLLABLE MWEG +BB6E;BB6E;1106 1170 11A9;BB6E;1106 1170 11A9; # (ë­®; ë­®; 뭮; ë­®; 뭮; ) HANGUL SYLLABLE MWEGG +BB6F;BB6F;1106 1170 11AA;BB6F;1106 1170 11AA; # (ë­¯; ë­¯; 뭯; ë­¯; 뭯; ) HANGUL SYLLABLE MWEGS +BB70;BB70;1106 1170 11AB;BB70;1106 1170 11AB; # (ë­°; ë­°; 뭰; ë­°; 뭰; ) HANGUL SYLLABLE MWEN +BB71;BB71;1106 1170 11AC;BB71;1106 1170 11AC; # (ë­±; ë­±; 뭱; ë­±; 뭱; ) HANGUL SYLLABLE MWENJ +BB72;BB72;1106 1170 11AD;BB72;1106 1170 11AD; # (ë­²; ë­²; 뭲; ë­²; 뭲; ) HANGUL SYLLABLE MWENH +BB73;BB73;1106 1170 11AE;BB73;1106 1170 11AE; # (ë­³; ë­³; 뭳; ë­³; 뭳; ) HANGUL SYLLABLE MWED +BB74;BB74;1106 1170 11AF;BB74;1106 1170 11AF; # (ë­´; ë­´; 뭴; ë­´; 뭴; ) HANGUL SYLLABLE MWEL +BB75;BB75;1106 1170 11B0;BB75;1106 1170 11B0; # (ë­µ; ë­µ; 뭵; ë­µ; 뭵; ) HANGUL SYLLABLE MWELG +BB76;BB76;1106 1170 11B1;BB76;1106 1170 11B1; # (ë­¶; ë­¶; 뭶; ë­¶; 뭶; ) HANGUL SYLLABLE MWELM +BB77;BB77;1106 1170 11B2;BB77;1106 1170 11B2; # (ë­·; ë­·; 뭷; ë­·; 뭷; ) HANGUL SYLLABLE MWELB +BB78;BB78;1106 1170 11B3;BB78;1106 1170 11B3; # (ë­¸; ë­¸; 뭸; ë­¸; 뭸; ) HANGUL SYLLABLE MWELS +BB79;BB79;1106 1170 11B4;BB79;1106 1170 11B4; # (ë­¹; ë­¹; 뭹; ë­¹; 뭹; ) HANGUL SYLLABLE MWELT +BB7A;BB7A;1106 1170 11B5;BB7A;1106 1170 11B5; # (ë­º; ë­º; 뭺; ë­º; 뭺; ) HANGUL SYLLABLE MWELP +BB7B;BB7B;1106 1170 11B6;BB7B;1106 1170 11B6; # (ë­»; ë­»; 뭻; ë­»; 뭻; ) HANGUL SYLLABLE MWELH +BB7C;BB7C;1106 1170 11B7;BB7C;1106 1170 11B7; # (ë­¼; ë­¼; 뭼; ë­¼; 뭼; ) HANGUL SYLLABLE MWEM +BB7D;BB7D;1106 1170 11B8;BB7D;1106 1170 11B8; # (ë­½; ë­½; 뭽; ë­½; 뭽; ) HANGUL SYLLABLE MWEB +BB7E;BB7E;1106 1170 11B9;BB7E;1106 1170 11B9; # (ë­¾; ë­¾; 뭾; ë­¾; 뭾; ) HANGUL SYLLABLE MWEBS +BB7F;BB7F;1106 1170 11BA;BB7F;1106 1170 11BA; # (ë­¿; ë­¿; 뭿; ë­¿; 뭿; ) HANGUL SYLLABLE MWES +BB80;BB80;1106 1170 11BB;BB80;1106 1170 11BB; # (뮀; 뮀; 뮀; 뮀; 뮀; ) HANGUL SYLLABLE MWESS +BB81;BB81;1106 1170 11BC;BB81;1106 1170 11BC; # (ë®; ë®; 뮁; ë®; 뮁; ) HANGUL SYLLABLE MWENG +BB82;BB82;1106 1170 11BD;BB82;1106 1170 11BD; # (뮂; 뮂; 뮂; 뮂; 뮂; ) HANGUL SYLLABLE MWEJ +BB83;BB83;1106 1170 11BE;BB83;1106 1170 11BE; # (뮃; 뮃; 뮃; 뮃; 뮃; ) HANGUL SYLLABLE MWEC +BB84;BB84;1106 1170 11BF;BB84;1106 1170 11BF; # (뮄; 뮄; 뮄; 뮄; 뮄; ) HANGUL SYLLABLE MWEK +BB85;BB85;1106 1170 11C0;BB85;1106 1170 11C0; # (ë®…; ë®…; 뮅; ë®…; 뮅; ) HANGUL SYLLABLE MWET +BB86;BB86;1106 1170 11C1;BB86;1106 1170 11C1; # (뮆; 뮆; 뭬á‡; 뮆; 뭬á‡; ) HANGUL SYLLABLE MWEP +BB87;BB87;1106 1170 11C2;BB87;1106 1170 11C2; # (뮇; 뮇; 뮇; 뮇; 뮇; ) HANGUL SYLLABLE MWEH +BB88;BB88;1106 1171;BB88;1106 1171; # (뮈; 뮈; 뮈; 뮈; 뮈; ) HANGUL SYLLABLE MWI +BB89;BB89;1106 1171 11A8;BB89;1106 1171 11A8; # (뮉; 뮉; 뮉; 뮉; 뮉; ) HANGUL SYLLABLE MWIG +BB8A;BB8A;1106 1171 11A9;BB8A;1106 1171 11A9; # (뮊; 뮊; 뮊; 뮊; 뮊; ) HANGUL SYLLABLE MWIGG +BB8B;BB8B;1106 1171 11AA;BB8B;1106 1171 11AA; # (뮋; 뮋; 뮋; 뮋; 뮋; ) HANGUL SYLLABLE MWIGS +BB8C;BB8C;1106 1171 11AB;BB8C;1106 1171 11AB; # (뮌; 뮌; 뮌; 뮌; 뮌; ) HANGUL SYLLABLE MWIN +BB8D;BB8D;1106 1171 11AC;BB8D;1106 1171 11AC; # (ë®; ë®; 뮍; ë®; 뮍; ) HANGUL SYLLABLE MWINJ +BB8E;BB8E;1106 1171 11AD;BB8E;1106 1171 11AD; # (뮎; 뮎; 뮎; 뮎; 뮎; ) HANGUL SYLLABLE MWINH +BB8F;BB8F;1106 1171 11AE;BB8F;1106 1171 11AE; # (ë®; ë®; 뮏; ë®; 뮏; ) HANGUL SYLLABLE MWID +BB90;BB90;1106 1171 11AF;BB90;1106 1171 11AF; # (ë®; ë®; 뮐; ë®; 뮐; ) HANGUL SYLLABLE MWIL +BB91;BB91;1106 1171 11B0;BB91;1106 1171 11B0; # (뮑; 뮑; 뮑; 뮑; 뮑; ) HANGUL SYLLABLE MWILG +BB92;BB92;1106 1171 11B1;BB92;1106 1171 11B1; # (ë®’; ë®’; 뮒; ë®’; 뮒; ) HANGUL SYLLABLE MWILM +BB93;BB93;1106 1171 11B2;BB93;1106 1171 11B2; # (뮓; 뮓; 뮓; 뮓; 뮓; ) HANGUL SYLLABLE MWILB +BB94;BB94;1106 1171 11B3;BB94;1106 1171 11B3; # (ë®”; ë®”; 뮔; ë®”; 뮔; ) HANGUL SYLLABLE MWILS +BB95;BB95;1106 1171 11B4;BB95;1106 1171 11B4; # (뮕; 뮕; 뮕; 뮕; 뮕; ) HANGUL SYLLABLE MWILT +BB96;BB96;1106 1171 11B5;BB96;1106 1171 11B5; # (ë®–; ë®–; 뮖; ë®–; 뮖; ) HANGUL SYLLABLE MWILP +BB97;BB97;1106 1171 11B6;BB97;1106 1171 11B6; # (ë®—; ë®—; 뮗; ë®—; 뮗; ) HANGUL SYLLABLE MWILH +BB98;BB98;1106 1171 11B7;BB98;1106 1171 11B7; # (뮘; 뮘; 뮘; 뮘; 뮘; ) HANGUL SYLLABLE MWIM +BB99;BB99;1106 1171 11B8;BB99;1106 1171 11B8; # (ë®™; ë®™; 뮙; ë®™; 뮙; ) HANGUL SYLLABLE MWIB +BB9A;BB9A;1106 1171 11B9;BB9A;1106 1171 11B9; # (뮚; 뮚; 뮚; 뮚; 뮚; ) HANGUL SYLLABLE MWIBS +BB9B;BB9B;1106 1171 11BA;BB9B;1106 1171 11BA; # (ë®›; ë®›; 뮛; ë®›; 뮛; ) HANGUL SYLLABLE MWIS +BB9C;BB9C;1106 1171 11BB;BB9C;1106 1171 11BB; # (뮜; 뮜; 뮜; 뮜; 뮜; ) HANGUL SYLLABLE MWISS +BB9D;BB9D;1106 1171 11BC;BB9D;1106 1171 11BC; # (ë®; ë®; 뮝; ë®; 뮝; ) HANGUL SYLLABLE MWING +BB9E;BB9E;1106 1171 11BD;BB9E;1106 1171 11BD; # (뮞; 뮞; 뮞; 뮞; 뮞; ) HANGUL SYLLABLE MWIJ +BB9F;BB9F;1106 1171 11BE;BB9F;1106 1171 11BE; # (뮟; 뮟; 뮟; 뮟; 뮟; ) HANGUL SYLLABLE MWIC +BBA0;BBA0;1106 1171 11BF;BBA0;1106 1171 11BF; # (ë® ; ë® ; 뮠; ë® ; 뮠; ) HANGUL SYLLABLE MWIK +BBA1;BBA1;1106 1171 11C0;BBA1;1106 1171 11C0; # (뮡; 뮡; 뮡; 뮡; 뮡; ) HANGUL SYLLABLE MWIT +BBA2;BBA2;1106 1171 11C1;BBA2;1106 1171 11C1; # (뮢; 뮢; 뮈á‡; 뮢; 뮈á‡; ) HANGUL SYLLABLE MWIP +BBA3;BBA3;1106 1171 11C2;BBA3;1106 1171 11C2; # (뮣; 뮣; 뮣; 뮣; 뮣; ) HANGUL SYLLABLE MWIH +BBA4;BBA4;1106 1172;BBA4;1106 1172; # (뮤; 뮤; 뮤; 뮤; 뮤; ) HANGUL SYLLABLE MYU +BBA5;BBA5;1106 1172 11A8;BBA5;1106 1172 11A8; # (뮥; 뮥; 뮥; 뮥; 뮥; ) HANGUL SYLLABLE MYUG +BBA6;BBA6;1106 1172 11A9;BBA6;1106 1172 11A9; # (뮦; 뮦; 뮦; 뮦; 뮦; ) HANGUL SYLLABLE MYUGG +BBA7;BBA7;1106 1172 11AA;BBA7;1106 1172 11AA; # (뮧; 뮧; 뮧; 뮧; 뮧; ) HANGUL SYLLABLE MYUGS +BBA8;BBA8;1106 1172 11AB;BBA8;1106 1172 11AB; # (뮨; 뮨; 뮨; 뮨; 뮨; ) HANGUL SYLLABLE MYUN +BBA9;BBA9;1106 1172 11AC;BBA9;1106 1172 11AC; # (뮩; 뮩; 뮩; 뮩; 뮩; ) HANGUL SYLLABLE MYUNJ +BBAA;BBAA;1106 1172 11AD;BBAA;1106 1172 11AD; # (뮪; 뮪; 뮪; 뮪; 뮪; ) HANGUL SYLLABLE MYUNH +BBAB;BBAB;1106 1172 11AE;BBAB;1106 1172 11AE; # (뮫; 뮫; 뮫; 뮫; 뮫; ) HANGUL SYLLABLE MYUD +BBAC;BBAC;1106 1172 11AF;BBAC;1106 1172 11AF; # (뮬; 뮬; 뮬; 뮬; 뮬; ) HANGUL SYLLABLE MYUL +BBAD;BBAD;1106 1172 11B0;BBAD;1106 1172 11B0; # (ë®­; ë®­; 뮭; ë®­; 뮭; ) HANGUL SYLLABLE MYULG +BBAE;BBAE;1106 1172 11B1;BBAE;1106 1172 11B1; # (ë®®; ë®®; 뮮; ë®®; 뮮; ) HANGUL SYLLABLE MYULM +BBAF;BBAF;1106 1172 11B2;BBAF;1106 1172 11B2; # (뮯; 뮯; 뮯; 뮯; 뮯; ) HANGUL SYLLABLE MYULB +BBB0;BBB0;1106 1172 11B3;BBB0;1106 1172 11B3; # (ë®°; ë®°; 뮰; ë®°; 뮰; ) HANGUL SYLLABLE MYULS +BBB1;BBB1;1106 1172 11B4;BBB1;1106 1172 11B4; # (ë®±; ë®±; 뮱; ë®±; 뮱; ) HANGUL SYLLABLE MYULT +BBB2;BBB2;1106 1172 11B5;BBB2;1106 1172 11B5; # (뮲; 뮲; 뮲; 뮲; 뮲; ) HANGUL SYLLABLE MYULP +BBB3;BBB3;1106 1172 11B6;BBB3;1106 1172 11B6; # (뮳; 뮳; 뮳; 뮳; 뮳; ) HANGUL SYLLABLE MYULH +BBB4;BBB4;1106 1172 11B7;BBB4;1106 1172 11B7; # (ë®´; ë®´; 뮴; ë®´; 뮴; ) HANGUL SYLLABLE MYUM +BBB5;BBB5;1106 1172 11B8;BBB5;1106 1172 11B8; # (뮵; 뮵; 뮵; 뮵; 뮵; ) HANGUL SYLLABLE MYUB +BBB6;BBB6;1106 1172 11B9;BBB6;1106 1172 11B9; # (뮶; 뮶; 뮶; 뮶; 뮶; ) HANGUL SYLLABLE MYUBS +BBB7;BBB7;1106 1172 11BA;BBB7;1106 1172 11BA; # (ë®·; ë®·; 뮷; ë®·; 뮷; ) HANGUL SYLLABLE MYUS +BBB8;BBB8;1106 1172 11BB;BBB8;1106 1172 11BB; # (뮸; 뮸; 뮸; 뮸; 뮸; ) HANGUL SYLLABLE MYUSS +BBB9;BBB9;1106 1172 11BC;BBB9;1106 1172 11BC; # (뮹; 뮹; 뮹; 뮹; 뮹; ) HANGUL SYLLABLE MYUNG +BBBA;BBBA;1106 1172 11BD;BBBA;1106 1172 11BD; # (뮺; 뮺; 뮺; 뮺; 뮺; ) HANGUL SYLLABLE MYUJ +BBBB;BBBB;1106 1172 11BE;BBBB;1106 1172 11BE; # (ë®»; ë®»; 뮻; ë®»; 뮻; ) HANGUL SYLLABLE MYUC +BBBC;BBBC;1106 1172 11BF;BBBC;1106 1172 11BF; # (뮼; 뮼; 뮼; 뮼; 뮼; ) HANGUL SYLLABLE MYUK +BBBD;BBBD;1106 1172 11C0;BBBD;1106 1172 11C0; # (뮽; 뮽; 뮽; 뮽; 뮽; ) HANGUL SYLLABLE MYUT +BBBE;BBBE;1106 1172 11C1;BBBE;1106 1172 11C1; # (뮾; 뮾; 뮤á‡; 뮾; 뮤á‡; ) HANGUL SYLLABLE MYUP +BBBF;BBBF;1106 1172 11C2;BBBF;1106 1172 11C2; # (뮿; 뮿; 뮿; 뮿; 뮿; ) HANGUL SYLLABLE MYUH +BBC0;BBC0;1106 1173;BBC0;1106 1173; # (므; 므; 므; 므; 므; ) HANGUL SYLLABLE MEU +BBC1;BBC1;1106 1173 11A8;BBC1;1106 1173 11A8; # (ë¯; ë¯; 믁; ë¯; 믁; ) HANGUL SYLLABLE MEUG +BBC2;BBC2;1106 1173 11A9;BBC2;1106 1173 11A9; # (믂; 믂; 믂; 믂; 믂; ) HANGUL SYLLABLE MEUGG +BBC3;BBC3;1106 1173 11AA;BBC3;1106 1173 11AA; # (믃; 믃; 믃; 믃; 믃; ) HANGUL SYLLABLE MEUGS +BBC4;BBC4;1106 1173 11AB;BBC4;1106 1173 11AB; # (믄; 믄; 믄; 믄; 믄; ) HANGUL SYLLABLE MEUN +BBC5;BBC5;1106 1173 11AC;BBC5;1106 1173 11AC; # (믅; 믅; 믅; 믅; 믅; ) HANGUL SYLLABLE MEUNJ +BBC6;BBC6;1106 1173 11AD;BBC6;1106 1173 11AD; # (믆; 믆; 믆; 믆; 믆; ) HANGUL SYLLABLE MEUNH +BBC7;BBC7;1106 1173 11AE;BBC7;1106 1173 11AE; # (믇; 믇; 믇; 믇; 믇; ) HANGUL SYLLABLE MEUD +BBC8;BBC8;1106 1173 11AF;BBC8;1106 1173 11AF; # (믈; 믈; 믈; 믈; 믈; ) HANGUL SYLLABLE MEUL +BBC9;BBC9;1106 1173 11B0;BBC9;1106 1173 11B0; # (믉; 믉; 믉; 믉; 믉; ) HANGUL SYLLABLE MEULG +BBCA;BBCA;1106 1173 11B1;BBCA;1106 1173 11B1; # (믊; 믊; 믊; 믊; 믊; ) HANGUL SYLLABLE MEULM +BBCB;BBCB;1106 1173 11B2;BBCB;1106 1173 11B2; # (믋; 믋; 믋; 믋; 믋; ) HANGUL SYLLABLE MEULB +BBCC;BBCC;1106 1173 11B3;BBCC;1106 1173 11B3; # (믌; 믌; 믌; 믌; 믌; ) HANGUL SYLLABLE MEULS +BBCD;BBCD;1106 1173 11B4;BBCD;1106 1173 11B4; # (ë¯; ë¯; 믍; ë¯; 믍; ) HANGUL SYLLABLE MEULT +BBCE;BBCE;1106 1173 11B5;BBCE;1106 1173 11B5; # (믎; 믎; 믎; 믎; 믎; ) HANGUL SYLLABLE MEULP +BBCF;BBCF;1106 1173 11B6;BBCF;1106 1173 11B6; # (ë¯; ë¯; 믏; ë¯; 믏; ) HANGUL SYLLABLE MEULH +BBD0;BBD0;1106 1173 11B7;BBD0;1106 1173 11B7; # (ë¯; ë¯; 믐; ë¯; 믐; ) HANGUL SYLLABLE MEUM +BBD1;BBD1;1106 1173 11B8;BBD1;1106 1173 11B8; # (믑; 믑; 믑; 믑; 믑; ) HANGUL SYLLABLE MEUB +BBD2;BBD2;1106 1173 11B9;BBD2;1106 1173 11B9; # (믒; 믒; 믒; 믒; 믒; ) HANGUL SYLLABLE MEUBS +BBD3;BBD3;1106 1173 11BA;BBD3;1106 1173 11BA; # (믓; 믓; 믓; 믓; 믓; ) HANGUL SYLLABLE MEUS +BBD4;BBD4;1106 1173 11BB;BBD4;1106 1173 11BB; # (믔; 믔; 믔; 믔; 믔; ) HANGUL SYLLABLE MEUSS +BBD5;BBD5;1106 1173 11BC;BBD5;1106 1173 11BC; # (믕; 믕; 믕; 믕; 믕; ) HANGUL SYLLABLE MEUNG +BBD6;BBD6;1106 1173 11BD;BBD6;1106 1173 11BD; # (믖; 믖; 믖; 믖; 믖; ) HANGUL SYLLABLE MEUJ +BBD7;BBD7;1106 1173 11BE;BBD7;1106 1173 11BE; # (믗; 믗; 믗; 믗; 믗; ) HANGUL SYLLABLE MEUC +BBD8;BBD8;1106 1173 11BF;BBD8;1106 1173 11BF; # (믘; 믘; 믘; 믘; 믘; ) HANGUL SYLLABLE MEUK +BBD9;BBD9;1106 1173 11C0;BBD9;1106 1173 11C0; # (믙; 믙; 믙; 믙; 믙; ) HANGUL SYLLABLE MEUT +BBDA;BBDA;1106 1173 11C1;BBDA;1106 1173 11C1; # (믚; 믚; 므á‡; 믚; 므á‡; ) HANGUL SYLLABLE MEUP +BBDB;BBDB;1106 1173 11C2;BBDB;1106 1173 11C2; # (믛; 믛; 믛; 믛; 믛; ) HANGUL SYLLABLE MEUH +BBDC;BBDC;1106 1174;BBDC;1106 1174; # (믜; 믜; 믜; 믜; 믜; ) HANGUL SYLLABLE MYI +BBDD;BBDD;1106 1174 11A8;BBDD;1106 1174 11A8; # (ë¯; ë¯; 믝; ë¯; 믝; ) HANGUL SYLLABLE MYIG +BBDE;BBDE;1106 1174 11A9;BBDE;1106 1174 11A9; # (믞; 믞; 믞; 믞; 믞; ) HANGUL SYLLABLE MYIGG +BBDF;BBDF;1106 1174 11AA;BBDF;1106 1174 11AA; # (믟; 믟; 믟; 믟; 믟; ) HANGUL SYLLABLE MYIGS +BBE0;BBE0;1106 1174 11AB;BBE0;1106 1174 11AB; # (믠; 믠; 믠; 믠; 믠; ) HANGUL SYLLABLE MYIN +BBE1;BBE1;1106 1174 11AC;BBE1;1106 1174 11AC; # (믡; 믡; 믡; 믡; 믡; ) HANGUL SYLLABLE MYINJ +BBE2;BBE2;1106 1174 11AD;BBE2;1106 1174 11AD; # (믢; 믢; 믢; 믢; 믢; ) HANGUL SYLLABLE MYINH +BBE3;BBE3;1106 1174 11AE;BBE3;1106 1174 11AE; # (믣; 믣; 믣; 믣; 믣; ) HANGUL SYLLABLE MYID +BBE4;BBE4;1106 1174 11AF;BBE4;1106 1174 11AF; # (믤; 믤; 믤; 믤; 믤; ) HANGUL SYLLABLE MYIL +BBE5;BBE5;1106 1174 11B0;BBE5;1106 1174 11B0; # (믥; 믥; 믥; 믥; 믥; ) HANGUL SYLLABLE MYILG +BBE6;BBE6;1106 1174 11B1;BBE6;1106 1174 11B1; # (믦; 믦; 믦; 믦; 믦; ) HANGUL SYLLABLE MYILM +BBE7;BBE7;1106 1174 11B2;BBE7;1106 1174 11B2; # (믧; 믧; 믧; 믧; 믧; ) HANGUL SYLLABLE MYILB +BBE8;BBE8;1106 1174 11B3;BBE8;1106 1174 11B3; # (믨; 믨; 믨; 믨; 믨; ) HANGUL SYLLABLE MYILS +BBE9;BBE9;1106 1174 11B4;BBE9;1106 1174 11B4; # (믩; 믩; 믩; 믩; 믩; ) HANGUL SYLLABLE MYILT +BBEA;BBEA;1106 1174 11B5;BBEA;1106 1174 11B5; # (믪; 믪; 믪; 믪; 믪; ) HANGUL SYLLABLE MYILP +BBEB;BBEB;1106 1174 11B6;BBEB;1106 1174 11B6; # (믫; 믫; 믫; 믫; 믫; ) HANGUL SYLLABLE MYILH +BBEC;BBEC;1106 1174 11B7;BBEC;1106 1174 11B7; # (믬; 믬; 믬; 믬; 믬; ) HANGUL SYLLABLE MYIM +BBED;BBED;1106 1174 11B8;BBED;1106 1174 11B8; # (믭; 믭; 믭; 믭; 믭; ) HANGUL SYLLABLE MYIB +BBEE;BBEE;1106 1174 11B9;BBEE;1106 1174 11B9; # (믮; 믮; 믮; 믮; 믮; ) HANGUL SYLLABLE MYIBS +BBEF;BBEF;1106 1174 11BA;BBEF;1106 1174 11BA; # (믯; 믯; 믯; 믯; 믯; ) HANGUL SYLLABLE MYIS +BBF0;BBF0;1106 1174 11BB;BBF0;1106 1174 11BB; # (믰; 믰; 믰; 믰; 믰; ) HANGUL SYLLABLE MYISS +BBF1;BBF1;1106 1174 11BC;BBF1;1106 1174 11BC; # (믱; 믱; 믱; 믱; 믱; ) HANGUL SYLLABLE MYING +BBF2;BBF2;1106 1174 11BD;BBF2;1106 1174 11BD; # (믲; 믲; 믲; 믲; 믲; ) HANGUL SYLLABLE MYIJ +BBF3;BBF3;1106 1174 11BE;BBF3;1106 1174 11BE; # (믳; 믳; 믳; 믳; 믳; ) HANGUL SYLLABLE MYIC +BBF4;BBF4;1106 1174 11BF;BBF4;1106 1174 11BF; # (믴; 믴; 믴; 믴; 믴; ) HANGUL SYLLABLE MYIK +BBF5;BBF5;1106 1174 11C0;BBF5;1106 1174 11C0; # (믵; 믵; 믵; 믵; 믵; ) HANGUL SYLLABLE MYIT +BBF6;BBF6;1106 1174 11C1;BBF6;1106 1174 11C1; # (믶; 믶; 믜á‡; 믶; 믜á‡; ) HANGUL SYLLABLE MYIP +BBF7;BBF7;1106 1174 11C2;BBF7;1106 1174 11C2; # (믷; 믷; 믷; 믷; 믷; ) HANGUL SYLLABLE MYIH +BBF8;BBF8;1106 1175;BBF8;1106 1175; # (미; 미; 미; 미; 미; ) HANGUL SYLLABLE MI +BBF9;BBF9;1106 1175 11A8;BBF9;1106 1175 11A8; # (믹; 믹; 믹; 믹; 믹; ) HANGUL SYLLABLE MIG +BBFA;BBFA;1106 1175 11A9;BBFA;1106 1175 11A9; # (믺; 믺; 믺; 믺; 믺; ) HANGUL SYLLABLE MIGG +BBFB;BBFB;1106 1175 11AA;BBFB;1106 1175 11AA; # (믻; 믻; 믻; 믻; 믻; ) HANGUL SYLLABLE MIGS +BBFC;BBFC;1106 1175 11AB;BBFC;1106 1175 11AB; # (민; 민; 민; 민; 민; ) HANGUL SYLLABLE MIN +BBFD;BBFD;1106 1175 11AC;BBFD;1106 1175 11AC; # (믽; 믽; 믽; 믽; 믽; ) HANGUL SYLLABLE MINJ +BBFE;BBFE;1106 1175 11AD;BBFE;1106 1175 11AD; # (믾; 믾; 믾; 믾; 믾; ) HANGUL SYLLABLE MINH +BBFF;BBFF;1106 1175 11AE;BBFF;1106 1175 11AE; # (믿; 믿; 믿; 믿; 믿; ) HANGUL SYLLABLE MID +BC00;BC00;1106 1175 11AF;BC00;1106 1175 11AF; # (ë°€; ë°€; 밀; ë°€; 밀; ) HANGUL SYLLABLE MIL +BC01;BC01;1106 1175 11B0;BC01;1106 1175 11B0; # (ë°; ë°; 밁; ë°; 밁; ) HANGUL SYLLABLE MILG +BC02;BC02;1106 1175 11B1;BC02;1106 1175 11B1; # (ë°‚; ë°‚; 밂; ë°‚; 밂; ) HANGUL SYLLABLE MILM +BC03;BC03;1106 1175 11B2;BC03;1106 1175 11B2; # (ë°ƒ; ë°ƒ; 밃; ë°ƒ; 밃; ) HANGUL SYLLABLE MILB +BC04;BC04;1106 1175 11B3;BC04;1106 1175 11B3; # (ë°„; ë°„; 밄; ë°„; 밄; ) HANGUL SYLLABLE MILS +BC05;BC05;1106 1175 11B4;BC05;1106 1175 11B4; # (ë°…; ë°…; 밅; ë°…; 밅; ) HANGUL SYLLABLE MILT +BC06;BC06;1106 1175 11B5;BC06;1106 1175 11B5; # (ë°†; ë°†; 밆; ë°†; 밆; ) HANGUL SYLLABLE MILP +BC07;BC07;1106 1175 11B6;BC07;1106 1175 11B6; # (ë°‡; ë°‡; 밇; ë°‡; 밇; ) HANGUL SYLLABLE MILH +BC08;BC08;1106 1175 11B7;BC08;1106 1175 11B7; # (ë°ˆ; ë°ˆ; 밈; ë°ˆ; 밈; ) HANGUL SYLLABLE MIM +BC09;BC09;1106 1175 11B8;BC09;1106 1175 11B8; # (ë°‰; ë°‰; 밉; ë°‰; 밉; ) HANGUL SYLLABLE MIB +BC0A;BC0A;1106 1175 11B9;BC0A;1106 1175 11B9; # (ë°Š; ë°Š; 밊; ë°Š; 밊; ) HANGUL SYLLABLE MIBS +BC0B;BC0B;1106 1175 11BA;BC0B;1106 1175 11BA; # (ë°‹; ë°‹; 밋; ë°‹; 밋; ) HANGUL SYLLABLE MIS +BC0C;BC0C;1106 1175 11BB;BC0C;1106 1175 11BB; # (ë°Œ; ë°Œ; 밌; ë°Œ; 밌; ) HANGUL SYLLABLE MISS +BC0D;BC0D;1106 1175 11BC;BC0D;1106 1175 11BC; # (ë°; ë°; 밍; ë°; 밍; ) HANGUL SYLLABLE MING +BC0E;BC0E;1106 1175 11BD;BC0E;1106 1175 11BD; # (ë°Ž; ë°Ž; 밎; ë°Ž; 밎; ) HANGUL SYLLABLE MIJ +BC0F;BC0F;1106 1175 11BE;BC0F;1106 1175 11BE; # (ë°; ë°; 및; ë°; 및; ) HANGUL SYLLABLE MIC +BC10;BC10;1106 1175 11BF;BC10;1106 1175 11BF; # (ë°; ë°; 밐; ë°; 밐; ) HANGUL SYLLABLE MIK +BC11;BC11;1106 1175 11C0;BC11;1106 1175 11C0; # (ë°‘; ë°‘; 밑; ë°‘; 밑; ) HANGUL SYLLABLE MIT +BC12;BC12;1106 1175 11C1;BC12;1106 1175 11C1; # (ë°’; ë°’; 미á‡; ë°’; 미á‡; ) HANGUL SYLLABLE MIP +BC13;BC13;1106 1175 11C2;BC13;1106 1175 11C2; # (ë°“; ë°“; 밓; ë°“; 밓; ) HANGUL SYLLABLE MIH +BC14;BC14;1107 1161;BC14;1107 1161; # (ë°”; ë°”; 바; ë°”; 바; ) HANGUL SYLLABLE BA +BC15;BC15;1107 1161 11A8;BC15;1107 1161 11A8; # (ë°•; ë°•; 박; ë°•; 박; ) HANGUL SYLLABLE BAG +BC16;BC16;1107 1161 11A9;BC16;1107 1161 11A9; # (ë°–; ë°–; 밖; ë°–; 밖; ) HANGUL SYLLABLE BAGG +BC17;BC17;1107 1161 11AA;BC17;1107 1161 11AA; # (ë°—; ë°—; 밗; ë°—; 밗; ) HANGUL SYLLABLE BAGS +BC18;BC18;1107 1161 11AB;BC18;1107 1161 11AB; # (ë°˜; ë°˜; 반; ë°˜; 반; ) HANGUL SYLLABLE BAN +BC19;BC19;1107 1161 11AC;BC19;1107 1161 11AC; # (ë°™; ë°™; 밙; ë°™; 밙; ) HANGUL SYLLABLE BANJ +BC1A;BC1A;1107 1161 11AD;BC1A;1107 1161 11AD; # (ë°š; ë°š; 밚; ë°š; 밚; ) HANGUL SYLLABLE BANH +BC1B;BC1B;1107 1161 11AE;BC1B;1107 1161 11AE; # (ë°›; ë°›; 받; ë°›; 받; ) HANGUL SYLLABLE BAD +BC1C;BC1C;1107 1161 11AF;BC1C;1107 1161 11AF; # (ë°œ; ë°œ; 발; ë°œ; 발; ) HANGUL SYLLABLE BAL +BC1D;BC1D;1107 1161 11B0;BC1D;1107 1161 11B0; # (ë°; ë°; 밝; ë°; 밝; ) HANGUL SYLLABLE BALG +BC1E;BC1E;1107 1161 11B1;BC1E;1107 1161 11B1; # (ë°ž; ë°ž; 밞; ë°ž; 밞; ) HANGUL SYLLABLE BALM +BC1F;BC1F;1107 1161 11B2;BC1F;1107 1161 11B2; # (ë°Ÿ; ë°Ÿ; 밟; ë°Ÿ; 밟; ) HANGUL SYLLABLE BALB +BC20;BC20;1107 1161 11B3;BC20;1107 1161 11B3; # (ë° ; ë° ; 밠; ë° ; 밠; ) HANGUL SYLLABLE BALS +BC21;BC21;1107 1161 11B4;BC21;1107 1161 11B4; # (ë°¡; ë°¡; 밡; ë°¡; 밡; ) HANGUL SYLLABLE BALT +BC22;BC22;1107 1161 11B5;BC22;1107 1161 11B5; # (ë°¢; ë°¢; 밢; ë°¢; 밢; ) HANGUL SYLLABLE BALP +BC23;BC23;1107 1161 11B6;BC23;1107 1161 11B6; # (ë°£; ë°£; 밣; ë°£; 밣; ) HANGUL SYLLABLE BALH +BC24;BC24;1107 1161 11B7;BC24;1107 1161 11B7; # (ë°¤; ë°¤; 밤; ë°¤; 밤; ) HANGUL SYLLABLE BAM +BC25;BC25;1107 1161 11B8;BC25;1107 1161 11B8; # (ë°¥; ë°¥; 밥; ë°¥; 밥; ) HANGUL SYLLABLE BAB +BC26;BC26;1107 1161 11B9;BC26;1107 1161 11B9; # (ë°¦; ë°¦; 밦; ë°¦; 밦; ) HANGUL SYLLABLE BABS +BC27;BC27;1107 1161 11BA;BC27;1107 1161 11BA; # (ë°§; ë°§; 밧; ë°§; 밧; ) HANGUL SYLLABLE BAS +BC28;BC28;1107 1161 11BB;BC28;1107 1161 11BB; # (ë°¨; ë°¨; 밨; ë°¨; 밨; ) HANGUL SYLLABLE BASS +BC29;BC29;1107 1161 11BC;BC29;1107 1161 11BC; # (ë°©; ë°©; 방; ë°©; 방; ) HANGUL SYLLABLE BANG +BC2A;BC2A;1107 1161 11BD;BC2A;1107 1161 11BD; # (ë°ª; ë°ª; 밪; ë°ª; 밪; ) HANGUL SYLLABLE BAJ +BC2B;BC2B;1107 1161 11BE;BC2B;1107 1161 11BE; # (ë°«; ë°«; 밫; ë°«; 밫; ) HANGUL SYLLABLE BAC +BC2C;BC2C;1107 1161 11BF;BC2C;1107 1161 11BF; # (ë°¬; ë°¬; 밬; ë°¬; 밬; ) HANGUL SYLLABLE BAK +BC2D;BC2D;1107 1161 11C0;BC2D;1107 1161 11C0; # (ë°­; ë°­; 밭; ë°­; 밭; ) HANGUL SYLLABLE BAT +BC2E;BC2E;1107 1161 11C1;BC2E;1107 1161 11C1; # (ë°®; ë°®; 바á‡; ë°®; 바á‡; ) HANGUL SYLLABLE BAP +BC2F;BC2F;1107 1161 11C2;BC2F;1107 1161 11C2; # (ë°¯; ë°¯; 밯; ë°¯; 밯; ) HANGUL SYLLABLE BAH +BC30;BC30;1107 1162;BC30;1107 1162; # (ë°°; ë°°; 배; ë°°; 배; ) HANGUL SYLLABLE BAE +BC31;BC31;1107 1162 11A8;BC31;1107 1162 11A8; # (ë°±; ë°±; 백; ë°±; 백; ) HANGUL SYLLABLE BAEG +BC32;BC32;1107 1162 11A9;BC32;1107 1162 11A9; # (ë°²; ë°²; 밲; ë°²; 밲; ) HANGUL SYLLABLE BAEGG +BC33;BC33;1107 1162 11AA;BC33;1107 1162 11AA; # (ë°³; ë°³; 밳; ë°³; 밳; ) HANGUL SYLLABLE BAEGS +BC34;BC34;1107 1162 11AB;BC34;1107 1162 11AB; # (ë°´; ë°´; 밴; ë°´; 밴; ) HANGUL SYLLABLE BAEN +BC35;BC35;1107 1162 11AC;BC35;1107 1162 11AC; # (ë°µ; ë°µ; 밵; ë°µ; 밵; ) HANGUL SYLLABLE BAENJ +BC36;BC36;1107 1162 11AD;BC36;1107 1162 11AD; # (ë°¶; ë°¶; 밶; ë°¶; 밶; ) HANGUL SYLLABLE BAENH +BC37;BC37;1107 1162 11AE;BC37;1107 1162 11AE; # (ë°·; ë°·; 밷; ë°·; 밷; ) HANGUL SYLLABLE BAED +BC38;BC38;1107 1162 11AF;BC38;1107 1162 11AF; # (ë°¸; ë°¸; 밸; ë°¸; 밸; ) HANGUL SYLLABLE BAEL +BC39;BC39;1107 1162 11B0;BC39;1107 1162 11B0; # (ë°¹; ë°¹; 밹; ë°¹; 밹; ) HANGUL SYLLABLE BAELG +BC3A;BC3A;1107 1162 11B1;BC3A;1107 1162 11B1; # (ë°º; ë°º; 밺; ë°º; 밺; ) HANGUL SYLLABLE BAELM +BC3B;BC3B;1107 1162 11B2;BC3B;1107 1162 11B2; # (ë°»; ë°»; 밻; ë°»; 밻; ) HANGUL SYLLABLE BAELB +BC3C;BC3C;1107 1162 11B3;BC3C;1107 1162 11B3; # (ë°¼; ë°¼; 밼; ë°¼; 밼; ) HANGUL SYLLABLE BAELS +BC3D;BC3D;1107 1162 11B4;BC3D;1107 1162 11B4; # (ë°½; ë°½; 밽; ë°½; 밽; ) HANGUL SYLLABLE BAELT +BC3E;BC3E;1107 1162 11B5;BC3E;1107 1162 11B5; # (ë°¾; ë°¾; 밾; ë°¾; 밾; ) HANGUL SYLLABLE BAELP +BC3F;BC3F;1107 1162 11B6;BC3F;1107 1162 11B6; # (ë°¿; ë°¿; 밿; ë°¿; 밿; ) HANGUL SYLLABLE BAELH +BC40;BC40;1107 1162 11B7;BC40;1107 1162 11B7; # (ë±€; ë±€; 뱀; ë±€; 뱀; ) HANGUL SYLLABLE BAEM +BC41;BC41;1107 1162 11B8;BC41;1107 1162 11B8; # (ë±; ë±; 뱁; ë±; 뱁; ) HANGUL SYLLABLE BAEB +BC42;BC42;1107 1162 11B9;BC42;1107 1162 11B9; # (뱂; 뱂; 뱂; 뱂; 뱂; ) HANGUL SYLLABLE BAEBS +BC43;BC43;1107 1162 11BA;BC43;1107 1162 11BA; # (뱃; 뱃; 뱃; 뱃; 뱃; ) HANGUL SYLLABLE BAES +BC44;BC44;1107 1162 11BB;BC44;1107 1162 11BB; # (뱄; 뱄; 뱄; 뱄; 뱄; ) HANGUL SYLLABLE BAESS +BC45;BC45;1107 1162 11BC;BC45;1107 1162 11BC; # (ë±…; ë±…; 뱅; ë±…; 뱅; ) HANGUL SYLLABLE BAENG +BC46;BC46;1107 1162 11BD;BC46;1107 1162 11BD; # (뱆; 뱆; 뱆; 뱆; 뱆; ) HANGUL SYLLABLE BAEJ +BC47;BC47;1107 1162 11BE;BC47;1107 1162 11BE; # (뱇; 뱇; 뱇; 뱇; 뱇; ) HANGUL SYLLABLE BAEC +BC48;BC48;1107 1162 11BF;BC48;1107 1162 11BF; # (뱈; 뱈; 뱈; 뱈; 뱈; ) HANGUL SYLLABLE BAEK +BC49;BC49;1107 1162 11C0;BC49;1107 1162 11C0; # (뱉; 뱉; 뱉; 뱉; 뱉; ) HANGUL SYLLABLE BAET +BC4A;BC4A;1107 1162 11C1;BC4A;1107 1162 11C1; # (뱊; 뱊; 배á‡; 뱊; 배á‡; ) HANGUL SYLLABLE BAEP +BC4B;BC4B;1107 1162 11C2;BC4B;1107 1162 11C2; # (뱋; 뱋; 뱋; 뱋; 뱋; ) HANGUL SYLLABLE BAEH +BC4C;BC4C;1107 1163;BC4C;1107 1163; # (뱌; 뱌; 뱌; 뱌; 뱌; ) HANGUL SYLLABLE BYA +BC4D;BC4D;1107 1163 11A8;BC4D;1107 1163 11A8; # (ë±; ë±; 뱍; ë±; 뱍; ) HANGUL SYLLABLE BYAG +BC4E;BC4E;1107 1163 11A9;BC4E;1107 1163 11A9; # (뱎; 뱎; 뱎; 뱎; 뱎; ) HANGUL SYLLABLE BYAGG +BC4F;BC4F;1107 1163 11AA;BC4F;1107 1163 11AA; # (ë±; ë±; 뱏; ë±; 뱏; ) HANGUL SYLLABLE BYAGS +BC50;BC50;1107 1163 11AB;BC50;1107 1163 11AB; # (ë±; ë±; 뱐; ë±; 뱐; ) HANGUL SYLLABLE BYAN +BC51;BC51;1107 1163 11AC;BC51;1107 1163 11AC; # (뱑; 뱑; 뱑; 뱑; 뱑; ) HANGUL SYLLABLE BYANJ +BC52;BC52;1107 1163 11AD;BC52;1107 1163 11AD; # (ë±’; ë±’; 뱒; ë±’; 뱒; ) HANGUL SYLLABLE BYANH +BC53;BC53;1107 1163 11AE;BC53;1107 1163 11AE; # (뱓; 뱓; 뱓; 뱓; 뱓; ) HANGUL SYLLABLE BYAD +BC54;BC54;1107 1163 11AF;BC54;1107 1163 11AF; # (ë±”; ë±”; 뱔; ë±”; 뱔; ) HANGUL SYLLABLE BYAL +BC55;BC55;1107 1163 11B0;BC55;1107 1163 11B0; # (뱕; 뱕; 뱕; 뱕; 뱕; ) HANGUL SYLLABLE BYALG +BC56;BC56;1107 1163 11B1;BC56;1107 1163 11B1; # (ë±–; ë±–; 뱖; ë±–; 뱖; ) HANGUL SYLLABLE BYALM +BC57;BC57;1107 1163 11B2;BC57;1107 1163 11B2; # (ë±—; ë±—; 뱗; ë±—; 뱗; ) HANGUL SYLLABLE BYALB +BC58;BC58;1107 1163 11B3;BC58;1107 1163 11B3; # (뱘; 뱘; 뱘; 뱘; 뱘; ) HANGUL SYLLABLE BYALS +BC59;BC59;1107 1163 11B4;BC59;1107 1163 11B4; # (ë±™; ë±™; 뱙; ë±™; 뱙; ) HANGUL SYLLABLE BYALT +BC5A;BC5A;1107 1163 11B5;BC5A;1107 1163 11B5; # (뱚; 뱚; 뱚; 뱚; 뱚; ) HANGUL SYLLABLE BYALP +BC5B;BC5B;1107 1163 11B6;BC5B;1107 1163 11B6; # (ë±›; ë±›; 뱛; ë±›; 뱛; ) HANGUL SYLLABLE BYALH +BC5C;BC5C;1107 1163 11B7;BC5C;1107 1163 11B7; # (뱜; 뱜; 뱜; 뱜; 뱜; ) HANGUL SYLLABLE BYAM +BC5D;BC5D;1107 1163 11B8;BC5D;1107 1163 11B8; # (ë±; ë±; 뱝; ë±; 뱝; ) HANGUL SYLLABLE BYAB +BC5E;BC5E;1107 1163 11B9;BC5E;1107 1163 11B9; # (뱞; 뱞; 뱞; 뱞; 뱞; ) HANGUL SYLLABLE BYABS +BC5F;BC5F;1107 1163 11BA;BC5F;1107 1163 11BA; # (뱟; 뱟; 뱟; 뱟; 뱟; ) HANGUL SYLLABLE BYAS +BC60;BC60;1107 1163 11BB;BC60;1107 1163 11BB; # (ë± ; ë± ; 뱠; ë± ; 뱠; ) HANGUL SYLLABLE BYASS +BC61;BC61;1107 1163 11BC;BC61;1107 1163 11BC; # (뱡; 뱡; 뱡; 뱡; 뱡; ) HANGUL SYLLABLE BYANG +BC62;BC62;1107 1163 11BD;BC62;1107 1163 11BD; # (ë±¢; ë±¢; 뱢; ë±¢; 뱢; ) HANGUL SYLLABLE BYAJ +BC63;BC63;1107 1163 11BE;BC63;1107 1163 11BE; # (ë±£; ë±£; 뱣; ë±£; 뱣; ) HANGUL SYLLABLE BYAC +BC64;BC64;1107 1163 11BF;BC64;1107 1163 11BF; # (뱤; 뱤; 뱤; 뱤; 뱤; ) HANGUL SYLLABLE BYAK +BC65;BC65;1107 1163 11C0;BC65;1107 1163 11C0; # (ë±¥; ë±¥; 뱥; ë±¥; 뱥; ) HANGUL SYLLABLE BYAT +BC66;BC66;1107 1163 11C1;BC66;1107 1163 11C1; # (뱦; 뱦; 뱌á‡; 뱦; 뱌á‡; ) HANGUL SYLLABLE BYAP +BC67;BC67;1107 1163 11C2;BC67;1107 1163 11C2; # (뱧; 뱧; 뱧; 뱧; 뱧; ) HANGUL SYLLABLE BYAH +BC68;BC68;1107 1164;BC68;1107 1164; # (뱨; 뱨; 뱨; 뱨; 뱨; ) HANGUL SYLLABLE BYAE +BC69;BC69;1107 1164 11A8;BC69;1107 1164 11A8; # (뱩; 뱩; 뱩; 뱩; 뱩; ) HANGUL SYLLABLE BYAEG +BC6A;BC6A;1107 1164 11A9;BC6A;1107 1164 11A9; # (뱪; 뱪; 뱪; 뱪; 뱪; ) HANGUL SYLLABLE BYAEGG +BC6B;BC6B;1107 1164 11AA;BC6B;1107 1164 11AA; # (뱫; 뱫; 뱫; 뱫; 뱫; ) HANGUL SYLLABLE BYAEGS +BC6C;BC6C;1107 1164 11AB;BC6C;1107 1164 11AB; # (뱬; 뱬; 뱬; 뱬; 뱬; ) HANGUL SYLLABLE BYAEN +BC6D;BC6D;1107 1164 11AC;BC6D;1107 1164 11AC; # (ë±­; ë±­; 뱭; ë±­; 뱭; ) HANGUL SYLLABLE BYAENJ +BC6E;BC6E;1107 1164 11AD;BC6E;1107 1164 11AD; # (ë±®; ë±®; 뱮; ë±®; 뱮; ) HANGUL SYLLABLE BYAENH +BC6F;BC6F;1107 1164 11AE;BC6F;1107 1164 11AE; # (뱯; 뱯; 뱯; 뱯; 뱯; ) HANGUL SYLLABLE BYAED +BC70;BC70;1107 1164 11AF;BC70;1107 1164 11AF; # (ë±°; ë±°; 뱰; ë±°; 뱰; ) HANGUL SYLLABLE BYAEL +BC71;BC71;1107 1164 11B0;BC71;1107 1164 11B0; # (ë±±; ë±±; 뱱; ë±±; 뱱; ) HANGUL SYLLABLE BYAELG +BC72;BC72;1107 1164 11B1;BC72;1107 1164 11B1; # (ë±²; ë±²; 뱲; ë±²; 뱲; ) HANGUL SYLLABLE BYAELM +BC73;BC73;1107 1164 11B2;BC73;1107 1164 11B2; # (ë±³; ë±³; 뱳; ë±³; 뱳; ) HANGUL SYLLABLE BYAELB +BC74;BC74;1107 1164 11B3;BC74;1107 1164 11B3; # (ë±´; ë±´; 뱴; ë±´; 뱴; ) HANGUL SYLLABLE BYAELS +BC75;BC75;1107 1164 11B4;BC75;1107 1164 11B4; # (ë±µ; ë±µ; 뱵; ë±µ; 뱵; ) HANGUL SYLLABLE BYAELT +BC76;BC76;1107 1164 11B5;BC76;1107 1164 11B5; # (뱶; 뱶; 뱶; 뱶; 뱶; ) HANGUL SYLLABLE BYAELP +BC77;BC77;1107 1164 11B6;BC77;1107 1164 11B6; # (ë±·; ë±·; 뱷; ë±·; 뱷; ) HANGUL SYLLABLE BYAELH +BC78;BC78;1107 1164 11B7;BC78;1107 1164 11B7; # (뱸; 뱸; 뱸; 뱸; 뱸; ) HANGUL SYLLABLE BYAEM +BC79;BC79;1107 1164 11B8;BC79;1107 1164 11B8; # (ë±¹; ë±¹; 뱹; ë±¹; 뱹; ) HANGUL SYLLABLE BYAEB +BC7A;BC7A;1107 1164 11B9;BC7A;1107 1164 11B9; # (뱺; 뱺; 뱺; 뱺; 뱺; ) HANGUL SYLLABLE BYAEBS +BC7B;BC7B;1107 1164 11BA;BC7B;1107 1164 11BA; # (ë±»; ë±»; 뱻; ë±»; 뱻; ) HANGUL SYLLABLE BYAES +BC7C;BC7C;1107 1164 11BB;BC7C;1107 1164 11BB; # (ë±¼; ë±¼; 뱼; ë±¼; 뱼; ) HANGUL SYLLABLE BYAESS +BC7D;BC7D;1107 1164 11BC;BC7D;1107 1164 11BC; # (ë±½; ë±½; 뱽; ë±½; 뱽; ) HANGUL SYLLABLE BYAENG +BC7E;BC7E;1107 1164 11BD;BC7E;1107 1164 11BD; # (ë±¾; ë±¾; 뱾; ë±¾; 뱾; ) HANGUL SYLLABLE BYAEJ +BC7F;BC7F;1107 1164 11BE;BC7F;1107 1164 11BE; # (뱿; 뱿; 뱿; 뱿; 뱿; ) HANGUL SYLLABLE BYAEC +BC80;BC80;1107 1164 11BF;BC80;1107 1164 11BF; # (ë²€; ë²€; 벀; ë²€; 벀; ) HANGUL SYLLABLE BYAEK +BC81;BC81;1107 1164 11C0;BC81;1107 1164 11C0; # (ë²; ë²; 벁; ë²; 벁; ) HANGUL SYLLABLE BYAET +BC82;BC82;1107 1164 11C1;BC82;1107 1164 11C1; # (벂; 벂; 뱨á‡; 벂; 뱨á‡; ) HANGUL SYLLABLE BYAEP +BC83;BC83;1107 1164 11C2;BC83;1107 1164 11C2; # (벃; 벃; 벃; 벃; 벃; ) HANGUL SYLLABLE BYAEH +BC84;BC84;1107 1165;BC84;1107 1165; # (버; 버; 버; 버; 버; ) HANGUL SYLLABLE BEO +BC85;BC85;1107 1165 11A8;BC85;1107 1165 11A8; # (ë²…; ë²…; 벅; ë²…; 벅; ) HANGUL SYLLABLE BEOG +BC86;BC86;1107 1165 11A9;BC86;1107 1165 11A9; # (벆; 벆; 벆; 벆; 벆; ) HANGUL SYLLABLE BEOGG +BC87;BC87;1107 1165 11AA;BC87;1107 1165 11AA; # (벇; 벇; 벇; 벇; 벇; ) HANGUL SYLLABLE BEOGS +BC88;BC88;1107 1165 11AB;BC88;1107 1165 11AB; # (번; 번; 번; 번; 번; ) HANGUL SYLLABLE BEON +BC89;BC89;1107 1165 11AC;BC89;1107 1165 11AC; # (벉; 벉; 벉; 벉; 벉; ) HANGUL SYLLABLE BEONJ +BC8A;BC8A;1107 1165 11AD;BC8A;1107 1165 11AD; # (벊; 벊; 벊; 벊; 벊; ) HANGUL SYLLABLE BEONH +BC8B;BC8B;1107 1165 11AE;BC8B;1107 1165 11AE; # (벋; 벋; 벋; 벋; 벋; ) HANGUL SYLLABLE BEOD +BC8C;BC8C;1107 1165 11AF;BC8C;1107 1165 11AF; # (벌; 벌; 벌; 벌; 벌; ) HANGUL SYLLABLE BEOL +BC8D;BC8D;1107 1165 11B0;BC8D;1107 1165 11B0; # (ë²; ë²; 벍; ë²; 벍; ) HANGUL SYLLABLE BEOLG +BC8E;BC8E;1107 1165 11B1;BC8E;1107 1165 11B1; # (벎; 벎; 벎; 벎; 벎; ) HANGUL SYLLABLE BEOLM +BC8F;BC8F;1107 1165 11B2;BC8F;1107 1165 11B2; # (ë²; ë²; 벏; ë²; 벏; ) HANGUL SYLLABLE BEOLB +BC90;BC90;1107 1165 11B3;BC90;1107 1165 11B3; # (ë²; ë²; 벐; ë²; 벐; ) HANGUL SYLLABLE BEOLS +BC91;BC91;1107 1165 11B4;BC91;1107 1165 11B4; # (벑; 벑; 벑; 벑; 벑; ) HANGUL SYLLABLE BEOLT +BC92;BC92;1107 1165 11B5;BC92;1107 1165 11B5; # (ë²’; ë²’; 벒; ë²’; 벒; ) HANGUL SYLLABLE BEOLP +BC93;BC93;1107 1165 11B6;BC93;1107 1165 11B6; # (벓; 벓; 벓; 벓; 벓; ) HANGUL SYLLABLE BEOLH +BC94;BC94;1107 1165 11B7;BC94;1107 1165 11B7; # (ë²”; ë²”; 범; ë²”; 범; ) HANGUL SYLLABLE BEOM +BC95;BC95;1107 1165 11B8;BC95;1107 1165 11B8; # (법; 법; 법; 법; 법; ) HANGUL SYLLABLE BEOB +BC96;BC96;1107 1165 11B9;BC96;1107 1165 11B9; # (ë²–; ë²–; 벖; ë²–; 벖; ) HANGUL SYLLABLE BEOBS +BC97;BC97;1107 1165 11BA;BC97;1107 1165 11BA; # (ë²—; ë²—; 벗; ë²—; 벗; ) HANGUL SYLLABLE BEOS +BC98;BC98;1107 1165 11BB;BC98;1107 1165 11BB; # (벘; 벘; 벘; 벘; 벘; ) HANGUL SYLLABLE BEOSS +BC99;BC99;1107 1165 11BC;BC99;1107 1165 11BC; # (ë²™; ë²™; 벙; ë²™; 벙; ) HANGUL SYLLABLE BEONG +BC9A;BC9A;1107 1165 11BD;BC9A;1107 1165 11BD; # (벚; 벚; 벚; 벚; 벚; ) HANGUL SYLLABLE BEOJ +BC9B;BC9B;1107 1165 11BE;BC9B;1107 1165 11BE; # (ë²›; ë²›; 벛; ë²›; 벛; ) HANGUL SYLLABLE BEOC +BC9C;BC9C;1107 1165 11BF;BC9C;1107 1165 11BF; # (벜; 벜; 벜; 벜; 벜; ) HANGUL SYLLABLE BEOK +BC9D;BC9D;1107 1165 11C0;BC9D;1107 1165 11C0; # (ë²; ë²; 벝; ë²; 벝; ) HANGUL SYLLABLE BEOT +BC9E;BC9E;1107 1165 11C1;BC9E;1107 1165 11C1; # (벞; 벞; 버á‡; 벞; 버á‡; ) HANGUL SYLLABLE BEOP +BC9F;BC9F;1107 1165 11C2;BC9F;1107 1165 11C2; # (벟; 벟; 벟; 벟; 벟; ) HANGUL SYLLABLE BEOH +BCA0;BCA0;1107 1166;BCA0;1107 1166; # (ë² ; ë² ; 베; ë² ; 베; ) HANGUL SYLLABLE BE +BCA1;BCA1;1107 1166 11A8;BCA1;1107 1166 11A8; # (벡; 벡; 벡; 벡; 벡; ) HANGUL SYLLABLE BEG +BCA2;BCA2;1107 1166 11A9;BCA2;1107 1166 11A9; # (ë²¢; ë²¢; 벢; ë²¢; 벢; ) HANGUL SYLLABLE BEGG +BCA3;BCA3;1107 1166 11AA;BCA3;1107 1166 11AA; # (ë²£; ë²£; 벣; ë²£; 벣; ) HANGUL SYLLABLE BEGS +BCA4;BCA4;1107 1166 11AB;BCA4;1107 1166 11AB; # (벤; 벤; 벤; 벤; 벤; ) HANGUL SYLLABLE BEN +BCA5;BCA5;1107 1166 11AC;BCA5;1107 1166 11AC; # (ë²¥; ë²¥; 벥; ë²¥; 벥; ) HANGUL SYLLABLE BENJ +BCA6;BCA6;1107 1166 11AD;BCA6;1107 1166 11AD; # (벦; 벦; 벦; 벦; 벦; ) HANGUL SYLLABLE BENH +BCA7;BCA7;1107 1166 11AE;BCA7;1107 1166 11AE; # (벧; 벧; 벧; 벧; 벧; ) HANGUL SYLLABLE BED +BCA8;BCA8;1107 1166 11AF;BCA8;1107 1166 11AF; # (벨; 벨; 벨; 벨; 벨; ) HANGUL SYLLABLE BEL +BCA9;BCA9;1107 1166 11B0;BCA9;1107 1166 11B0; # (벩; 벩; 벩; 벩; 벩; ) HANGUL SYLLABLE BELG +BCAA;BCAA;1107 1166 11B1;BCAA;1107 1166 11B1; # (벪; 벪; 벪; 벪; 벪; ) HANGUL SYLLABLE BELM +BCAB;BCAB;1107 1166 11B2;BCAB;1107 1166 11B2; # (벫; 벫; 벫; 벫; 벫; ) HANGUL SYLLABLE BELB +BCAC;BCAC;1107 1166 11B3;BCAC;1107 1166 11B3; # (벬; 벬; 벬; 벬; 벬; ) HANGUL SYLLABLE BELS +BCAD;BCAD;1107 1166 11B4;BCAD;1107 1166 11B4; # (ë²­; ë²­; 벭; ë²­; 벭; ) HANGUL SYLLABLE BELT +BCAE;BCAE;1107 1166 11B5;BCAE;1107 1166 11B5; # (ë²®; ë²®; 벮; ë²®; 벮; ) HANGUL SYLLABLE BELP +BCAF;BCAF;1107 1166 11B6;BCAF;1107 1166 11B6; # (벯; 벯; 벯; 벯; 벯; ) HANGUL SYLLABLE BELH +BCB0;BCB0;1107 1166 11B7;BCB0;1107 1166 11B7; # (ë²°; ë²°; 벰; ë²°; 벰; ) HANGUL SYLLABLE BEM +BCB1;BCB1;1107 1166 11B8;BCB1;1107 1166 11B8; # (ë²±; ë²±; 벱; ë²±; 벱; ) HANGUL SYLLABLE BEB +BCB2;BCB2;1107 1166 11B9;BCB2;1107 1166 11B9; # (ë²²; ë²²; 벲; ë²²; 벲; ) HANGUL SYLLABLE BEBS +BCB3;BCB3;1107 1166 11BA;BCB3;1107 1166 11BA; # (ë²³; ë²³; 벳; ë²³; 벳; ) HANGUL SYLLABLE BES +BCB4;BCB4;1107 1166 11BB;BCB4;1107 1166 11BB; # (ë²´; ë²´; 벴; ë²´; 벴; ) HANGUL SYLLABLE BESS +BCB5;BCB5;1107 1166 11BC;BCB5;1107 1166 11BC; # (ë²µ; ë²µ; 벵; ë²µ; 벵; ) HANGUL SYLLABLE BENG +BCB6;BCB6;1107 1166 11BD;BCB6;1107 1166 11BD; # (벶; 벶; 벶; 벶; 벶; ) HANGUL SYLLABLE BEJ +BCB7;BCB7;1107 1166 11BE;BCB7;1107 1166 11BE; # (ë²·; ë²·; 벷; ë²·; 벷; ) HANGUL SYLLABLE BEC +BCB8;BCB8;1107 1166 11BF;BCB8;1107 1166 11BF; # (벸; 벸; 벸; 벸; 벸; ) HANGUL SYLLABLE BEK +BCB9;BCB9;1107 1166 11C0;BCB9;1107 1166 11C0; # (ë²¹; ë²¹; 벹; ë²¹; 벹; ) HANGUL SYLLABLE BET +BCBA;BCBA;1107 1166 11C1;BCBA;1107 1166 11C1; # (벺; 벺; 베á‡; 벺; 베á‡; ) HANGUL SYLLABLE BEP +BCBB;BCBB;1107 1166 11C2;BCBB;1107 1166 11C2; # (ë²»; ë²»; 벻; ë²»; 벻; ) HANGUL SYLLABLE BEH +BCBC;BCBC;1107 1167;BCBC;1107 1167; # (ë²¼; ë²¼; 벼; ë²¼; 벼; ) HANGUL SYLLABLE BYEO +BCBD;BCBD;1107 1167 11A8;BCBD;1107 1167 11A8; # (ë²½; ë²½; 벽; ë²½; 벽; ) HANGUL SYLLABLE BYEOG +BCBE;BCBE;1107 1167 11A9;BCBE;1107 1167 11A9; # (ë²¾; ë²¾; 벾; ë²¾; 벾; ) HANGUL SYLLABLE BYEOGG +BCBF;BCBF;1107 1167 11AA;BCBF;1107 1167 11AA; # (벿; 벿; 벿; 벿; 벿; ) HANGUL SYLLABLE BYEOGS +BCC0;BCC0;1107 1167 11AB;BCC0;1107 1167 11AB; # (ë³€; ë³€; 변; ë³€; 변; ) HANGUL SYLLABLE BYEON +BCC1;BCC1;1107 1167 11AC;BCC1;1107 1167 11AC; # (ë³; ë³; 볁; ë³; 볁; ) HANGUL SYLLABLE BYEONJ +BCC2;BCC2;1107 1167 11AD;BCC2;1107 1167 11AD; # (볂; 볂; 볂; 볂; 볂; ) HANGUL SYLLABLE BYEONH +BCC3;BCC3;1107 1167 11AE;BCC3;1107 1167 11AE; # (볃; 볃; 볃; 볃; 볃; ) HANGUL SYLLABLE BYEOD +BCC4;BCC4;1107 1167 11AF;BCC4;1107 1167 11AF; # (별; 별; 별; 별; 별; ) HANGUL SYLLABLE BYEOL +BCC5;BCC5;1107 1167 11B0;BCC5;1107 1167 11B0; # (ë³…; ë³…; 볅; ë³…; 볅; ) HANGUL SYLLABLE BYEOLG +BCC6;BCC6;1107 1167 11B1;BCC6;1107 1167 11B1; # (볆; 볆; 볆; 볆; 볆; ) HANGUL SYLLABLE BYEOLM +BCC7;BCC7;1107 1167 11B2;BCC7;1107 1167 11B2; # (볇; 볇; 볇; 볇; 볇; ) HANGUL SYLLABLE BYEOLB +BCC8;BCC8;1107 1167 11B3;BCC8;1107 1167 11B3; # (볈; 볈; 볈; 볈; 볈; ) HANGUL SYLLABLE BYEOLS +BCC9;BCC9;1107 1167 11B4;BCC9;1107 1167 11B4; # (볉; 볉; 볉; 볉; 볉; ) HANGUL SYLLABLE BYEOLT +BCCA;BCCA;1107 1167 11B5;BCCA;1107 1167 11B5; # (볊; 볊; 볊; 볊; 볊; ) HANGUL SYLLABLE BYEOLP +BCCB;BCCB;1107 1167 11B6;BCCB;1107 1167 11B6; # (볋; 볋; 볋; 볋; 볋; ) HANGUL SYLLABLE BYEOLH +BCCC;BCCC;1107 1167 11B7;BCCC;1107 1167 11B7; # (볌; 볌; 볌; 볌; 볌; ) HANGUL SYLLABLE BYEOM +BCCD;BCCD;1107 1167 11B8;BCCD;1107 1167 11B8; # (ë³; ë³; 볍; ë³; 볍; ) HANGUL SYLLABLE BYEOB +BCCE;BCCE;1107 1167 11B9;BCCE;1107 1167 11B9; # (볎; 볎; 볎; 볎; 볎; ) HANGUL SYLLABLE BYEOBS +BCCF;BCCF;1107 1167 11BA;BCCF;1107 1167 11BA; # (ë³; ë³; 볏; ë³; 볏; ) HANGUL SYLLABLE BYEOS +BCD0;BCD0;1107 1167 11BB;BCD0;1107 1167 11BB; # (ë³; ë³; 볐; ë³; 볐; ) HANGUL SYLLABLE BYEOSS +BCD1;BCD1;1107 1167 11BC;BCD1;1107 1167 11BC; # (병; 병; 병; 병; 병; ) HANGUL SYLLABLE BYEONG +BCD2;BCD2;1107 1167 11BD;BCD2;1107 1167 11BD; # (ë³’; ë³’; 볒; ë³’; 볒; ) HANGUL SYLLABLE BYEOJ +BCD3;BCD3;1107 1167 11BE;BCD3;1107 1167 11BE; # (볓; 볓; 볓; 볓; 볓; ) HANGUL SYLLABLE BYEOC +BCD4;BCD4;1107 1167 11BF;BCD4;1107 1167 11BF; # (ë³”; ë³”; 볔; ë³”; 볔; ) HANGUL SYLLABLE BYEOK +BCD5;BCD5;1107 1167 11C0;BCD5;1107 1167 11C0; # (볕; 볕; 볕; 볕; 볕; ) HANGUL SYLLABLE BYEOT +BCD6;BCD6;1107 1167 11C1;BCD6;1107 1167 11C1; # (ë³–; ë³–; 벼á‡; ë³–; 벼á‡; ) HANGUL SYLLABLE BYEOP +BCD7;BCD7;1107 1167 11C2;BCD7;1107 1167 11C2; # (ë³—; ë³—; 볗; ë³—; 볗; ) HANGUL SYLLABLE BYEOH +BCD8;BCD8;1107 1168;BCD8;1107 1168; # (볘; 볘; 볘; 볘; 볘; ) HANGUL SYLLABLE BYE +BCD9;BCD9;1107 1168 11A8;BCD9;1107 1168 11A8; # (ë³™; ë³™; 볙; ë³™; 볙; ) HANGUL SYLLABLE BYEG +BCDA;BCDA;1107 1168 11A9;BCDA;1107 1168 11A9; # (볚; 볚; 볚; 볚; 볚; ) HANGUL SYLLABLE BYEGG +BCDB;BCDB;1107 1168 11AA;BCDB;1107 1168 11AA; # (ë³›; ë³›; 볛; ë³›; 볛; ) HANGUL SYLLABLE BYEGS +BCDC;BCDC;1107 1168 11AB;BCDC;1107 1168 11AB; # (볜; 볜; 볜; 볜; 볜; ) HANGUL SYLLABLE BYEN +BCDD;BCDD;1107 1168 11AC;BCDD;1107 1168 11AC; # (ë³; ë³; 볝; ë³; 볝; ) HANGUL SYLLABLE BYENJ +BCDE;BCDE;1107 1168 11AD;BCDE;1107 1168 11AD; # (볞; 볞; 볞; 볞; 볞; ) HANGUL SYLLABLE BYENH +BCDF;BCDF;1107 1168 11AE;BCDF;1107 1168 11AE; # (볟; 볟; 볟; 볟; 볟; ) HANGUL SYLLABLE BYED +BCE0;BCE0;1107 1168 11AF;BCE0;1107 1168 11AF; # (ë³ ; ë³ ; 볠; ë³ ; 볠; ) HANGUL SYLLABLE BYEL +BCE1;BCE1;1107 1168 11B0;BCE1;1107 1168 11B0; # (볡; 볡; 볡; 볡; 볡; ) HANGUL SYLLABLE BYELG +BCE2;BCE2;1107 1168 11B1;BCE2;1107 1168 11B1; # (ë³¢; ë³¢; 볢; ë³¢; 볢; ) HANGUL SYLLABLE BYELM +BCE3;BCE3;1107 1168 11B2;BCE3;1107 1168 11B2; # (ë³£; ë³£; 볣; ë³£; 볣; ) HANGUL SYLLABLE BYELB +BCE4;BCE4;1107 1168 11B3;BCE4;1107 1168 11B3; # (볤; 볤; 볤; 볤; 볤; ) HANGUL SYLLABLE BYELS +BCE5;BCE5;1107 1168 11B4;BCE5;1107 1168 11B4; # (ë³¥; ë³¥; 볥; ë³¥; 볥; ) HANGUL SYLLABLE BYELT +BCE6;BCE6;1107 1168 11B5;BCE6;1107 1168 11B5; # (볦; 볦; 볦; 볦; 볦; ) HANGUL SYLLABLE BYELP +BCE7;BCE7;1107 1168 11B6;BCE7;1107 1168 11B6; # (볧; 볧; 볧; 볧; 볧; ) HANGUL SYLLABLE BYELH +BCE8;BCE8;1107 1168 11B7;BCE8;1107 1168 11B7; # (볨; 볨; 볨; 볨; 볨; ) HANGUL SYLLABLE BYEM +BCE9;BCE9;1107 1168 11B8;BCE9;1107 1168 11B8; # (볩; 볩; 볩; 볩; 볩; ) HANGUL SYLLABLE BYEB +BCEA;BCEA;1107 1168 11B9;BCEA;1107 1168 11B9; # (볪; 볪; 볪; 볪; 볪; ) HANGUL SYLLABLE BYEBS +BCEB;BCEB;1107 1168 11BA;BCEB;1107 1168 11BA; # (볫; 볫; 볫; 볫; 볫; ) HANGUL SYLLABLE BYES +BCEC;BCEC;1107 1168 11BB;BCEC;1107 1168 11BB; # (볬; 볬; 볬; 볬; 볬; ) HANGUL SYLLABLE BYESS +BCED;BCED;1107 1168 11BC;BCED;1107 1168 11BC; # (ë³­; ë³­; 볭; ë³­; 볭; ) HANGUL SYLLABLE BYENG +BCEE;BCEE;1107 1168 11BD;BCEE;1107 1168 11BD; # (ë³®; ë³®; 볮; ë³®; 볮; ) HANGUL SYLLABLE BYEJ +BCEF;BCEF;1107 1168 11BE;BCEF;1107 1168 11BE; # (볯; 볯; 볯; 볯; 볯; ) HANGUL SYLLABLE BYEC +BCF0;BCF0;1107 1168 11BF;BCF0;1107 1168 11BF; # (ë³°; ë³°; 볰; ë³°; 볰; ) HANGUL SYLLABLE BYEK +BCF1;BCF1;1107 1168 11C0;BCF1;1107 1168 11C0; # (ë³±; ë³±; 볱; ë³±; 볱; ) HANGUL SYLLABLE BYET +BCF2;BCF2;1107 1168 11C1;BCF2;1107 1168 11C1; # (ë³²; ë³²; 볘á‡; ë³²; 볘á‡; ) HANGUL SYLLABLE BYEP +BCF3;BCF3;1107 1168 11C2;BCF3;1107 1168 11C2; # (ë³³; ë³³; 볳; ë³³; 볳; ) HANGUL SYLLABLE BYEH +BCF4;BCF4;1107 1169;BCF4;1107 1169; # (ë³´; ë³´; 보; ë³´; 보; ) HANGUL SYLLABLE BO +BCF5;BCF5;1107 1169 11A8;BCF5;1107 1169 11A8; # (ë³µ; ë³µ; 복; ë³µ; 복; ) HANGUL SYLLABLE BOG +BCF6;BCF6;1107 1169 11A9;BCF6;1107 1169 11A9; # (볶; 볶; 볶; 볶; 볶; ) HANGUL SYLLABLE BOGG +BCF7;BCF7;1107 1169 11AA;BCF7;1107 1169 11AA; # (ë³·; ë³·; 볷; ë³·; 볷; ) HANGUL SYLLABLE BOGS +BCF8;BCF8;1107 1169 11AB;BCF8;1107 1169 11AB; # (본; 본; 본; 본; 본; ) HANGUL SYLLABLE BON +BCF9;BCF9;1107 1169 11AC;BCF9;1107 1169 11AC; # (ë³¹; ë³¹; 볹; ë³¹; 볹; ) HANGUL SYLLABLE BONJ +BCFA;BCFA;1107 1169 11AD;BCFA;1107 1169 11AD; # (볺; 볺; 볺; 볺; 볺; ) HANGUL SYLLABLE BONH +BCFB;BCFB;1107 1169 11AE;BCFB;1107 1169 11AE; # (ë³»; ë³»; 볻; ë³»; 볻; ) HANGUL SYLLABLE BOD +BCFC;BCFC;1107 1169 11AF;BCFC;1107 1169 11AF; # (ë³¼; ë³¼; 볼; ë³¼; 볼; ) HANGUL SYLLABLE BOL +BCFD;BCFD;1107 1169 11B0;BCFD;1107 1169 11B0; # (ë³½; ë³½; 볽; ë³½; 볽; ) HANGUL SYLLABLE BOLG +BCFE;BCFE;1107 1169 11B1;BCFE;1107 1169 11B1; # (ë³¾; ë³¾; 볾; ë³¾; 볾; ) HANGUL SYLLABLE BOLM +BCFF;BCFF;1107 1169 11B2;BCFF;1107 1169 11B2; # (볿; 볿; 볿; 볿; 볿; ) HANGUL SYLLABLE BOLB +BD00;BD00;1107 1169 11B3;BD00;1107 1169 11B3; # (ë´€; ë´€; 봀; ë´€; 봀; ) HANGUL SYLLABLE BOLS +BD01;BD01;1107 1169 11B4;BD01;1107 1169 11B4; # (ë´; ë´; 봁; ë´; 봁; ) HANGUL SYLLABLE BOLT +BD02;BD02;1107 1169 11B5;BD02;1107 1169 11B5; # (ë´‚; ë´‚; 봂; ë´‚; 봂; ) HANGUL SYLLABLE BOLP +BD03;BD03;1107 1169 11B6;BD03;1107 1169 11B6; # (ë´ƒ; ë´ƒ; 봃; ë´ƒ; 봃; ) HANGUL SYLLABLE BOLH +BD04;BD04;1107 1169 11B7;BD04;1107 1169 11B7; # (ë´„; ë´„; 봄; ë´„; 봄; ) HANGUL SYLLABLE BOM +BD05;BD05;1107 1169 11B8;BD05;1107 1169 11B8; # (ë´…; ë´…; 봅; ë´…; 봅; ) HANGUL SYLLABLE BOB +BD06;BD06;1107 1169 11B9;BD06;1107 1169 11B9; # (ë´†; ë´†; 봆; ë´†; 봆; ) HANGUL SYLLABLE BOBS +BD07;BD07;1107 1169 11BA;BD07;1107 1169 11BA; # (ë´‡; ë´‡; 봇; ë´‡; 봇; ) HANGUL SYLLABLE BOS +BD08;BD08;1107 1169 11BB;BD08;1107 1169 11BB; # (ë´ˆ; ë´ˆ; 봈; ë´ˆ; 봈; ) HANGUL SYLLABLE BOSS +BD09;BD09;1107 1169 11BC;BD09;1107 1169 11BC; # (ë´‰; ë´‰; 봉; ë´‰; 봉; ) HANGUL SYLLABLE BONG +BD0A;BD0A;1107 1169 11BD;BD0A;1107 1169 11BD; # (ë´Š; ë´Š; 봊; ë´Š; 봊; ) HANGUL SYLLABLE BOJ +BD0B;BD0B;1107 1169 11BE;BD0B;1107 1169 11BE; # (ë´‹; ë´‹; 봋; ë´‹; 봋; ) HANGUL SYLLABLE BOC +BD0C;BD0C;1107 1169 11BF;BD0C;1107 1169 11BF; # (ë´Œ; ë´Œ; 봌; ë´Œ; 봌; ) HANGUL SYLLABLE BOK +BD0D;BD0D;1107 1169 11C0;BD0D;1107 1169 11C0; # (ë´; ë´; 봍; ë´; 봍; ) HANGUL SYLLABLE BOT +BD0E;BD0E;1107 1169 11C1;BD0E;1107 1169 11C1; # (ë´Ž; ë´Ž; 보á‡; ë´Ž; 보á‡; ) HANGUL SYLLABLE BOP +BD0F;BD0F;1107 1169 11C2;BD0F;1107 1169 11C2; # (ë´; ë´; 봏; ë´; 봏; ) HANGUL SYLLABLE BOH +BD10;BD10;1107 116A;BD10;1107 116A; # (ë´; ë´; 봐; ë´; 봐; ) HANGUL SYLLABLE BWA +BD11;BD11;1107 116A 11A8;BD11;1107 116A 11A8; # (ë´‘; ë´‘; 봑; ë´‘; 봑; ) HANGUL SYLLABLE BWAG +BD12;BD12;1107 116A 11A9;BD12;1107 116A 11A9; # (ë´’; ë´’; 봒; ë´’; 봒; ) HANGUL SYLLABLE BWAGG +BD13;BD13;1107 116A 11AA;BD13;1107 116A 11AA; # (ë´“; ë´“; 봓; ë´“; 봓; ) HANGUL SYLLABLE BWAGS +BD14;BD14;1107 116A 11AB;BD14;1107 116A 11AB; # (ë´”; ë´”; 봔; ë´”; 봔; ) HANGUL SYLLABLE BWAN +BD15;BD15;1107 116A 11AC;BD15;1107 116A 11AC; # (ë´•; ë´•; 봕; ë´•; 봕; ) HANGUL SYLLABLE BWANJ +BD16;BD16;1107 116A 11AD;BD16;1107 116A 11AD; # (ë´–; ë´–; 봖; ë´–; 봖; ) HANGUL SYLLABLE BWANH +BD17;BD17;1107 116A 11AE;BD17;1107 116A 11AE; # (ë´—; ë´—; 봗; ë´—; 봗; ) HANGUL SYLLABLE BWAD +BD18;BD18;1107 116A 11AF;BD18;1107 116A 11AF; # (ë´˜; ë´˜; 봘; ë´˜; 봘; ) HANGUL SYLLABLE BWAL +BD19;BD19;1107 116A 11B0;BD19;1107 116A 11B0; # (ë´™; ë´™; 봙; ë´™; 봙; ) HANGUL SYLLABLE BWALG +BD1A;BD1A;1107 116A 11B1;BD1A;1107 116A 11B1; # (ë´š; ë´š; 봚; ë´š; 봚; ) HANGUL SYLLABLE BWALM +BD1B;BD1B;1107 116A 11B2;BD1B;1107 116A 11B2; # (ë´›; ë´›; 봛; ë´›; 봛; ) HANGUL SYLLABLE BWALB +BD1C;BD1C;1107 116A 11B3;BD1C;1107 116A 11B3; # (ë´œ; ë´œ; 봜; ë´œ; 봜; ) HANGUL SYLLABLE BWALS +BD1D;BD1D;1107 116A 11B4;BD1D;1107 116A 11B4; # (ë´; ë´; 봝; ë´; 봝; ) HANGUL SYLLABLE BWALT +BD1E;BD1E;1107 116A 11B5;BD1E;1107 116A 11B5; # (ë´ž; ë´ž; 봞; ë´ž; 봞; ) HANGUL SYLLABLE BWALP +BD1F;BD1F;1107 116A 11B6;BD1F;1107 116A 11B6; # (ë´Ÿ; ë´Ÿ; 봟; ë´Ÿ; 봟; ) HANGUL SYLLABLE BWALH +BD20;BD20;1107 116A 11B7;BD20;1107 116A 11B7; # (ë´ ; ë´ ; 봠; ë´ ; 봠; ) HANGUL SYLLABLE BWAM +BD21;BD21;1107 116A 11B8;BD21;1107 116A 11B8; # (ë´¡; ë´¡; 봡; ë´¡; 봡; ) HANGUL SYLLABLE BWAB +BD22;BD22;1107 116A 11B9;BD22;1107 116A 11B9; # (ë´¢; ë´¢; 봢; ë´¢; 봢; ) HANGUL SYLLABLE BWABS +BD23;BD23;1107 116A 11BA;BD23;1107 116A 11BA; # (ë´£; ë´£; 봣; ë´£; 봣; ) HANGUL SYLLABLE BWAS +BD24;BD24;1107 116A 11BB;BD24;1107 116A 11BB; # (ë´¤; ë´¤; 봤; ë´¤; 봤; ) HANGUL SYLLABLE BWASS +BD25;BD25;1107 116A 11BC;BD25;1107 116A 11BC; # (ë´¥; ë´¥; 봥; ë´¥; 봥; ) HANGUL SYLLABLE BWANG +BD26;BD26;1107 116A 11BD;BD26;1107 116A 11BD; # (ë´¦; ë´¦; 봦; ë´¦; 봦; ) HANGUL SYLLABLE BWAJ +BD27;BD27;1107 116A 11BE;BD27;1107 116A 11BE; # (ë´§; ë´§; 봧; ë´§; 봧; ) HANGUL SYLLABLE BWAC +BD28;BD28;1107 116A 11BF;BD28;1107 116A 11BF; # (ë´¨; ë´¨; 봨; ë´¨; 봨; ) HANGUL SYLLABLE BWAK +BD29;BD29;1107 116A 11C0;BD29;1107 116A 11C0; # (ë´©; ë´©; 봩; ë´©; 봩; ) HANGUL SYLLABLE BWAT +BD2A;BD2A;1107 116A 11C1;BD2A;1107 116A 11C1; # (ë´ª; ë´ª; 봐á‡; ë´ª; 봐á‡; ) HANGUL SYLLABLE BWAP +BD2B;BD2B;1107 116A 11C2;BD2B;1107 116A 11C2; # (ë´«; ë´«; 봫; ë´«; 봫; ) HANGUL SYLLABLE BWAH +BD2C;BD2C;1107 116B;BD2C;1107 116B; # (ë´¬; ë´¬; 봬; ë´¬; 봬; ) HANGUL SYLLABLE BWAE +BD2D;BD2D;1107 116B 11A8;BD2D;1107 116B 11A8; # (ë´­; ë´­; 봭; ë´­; 봭; ) HANGUL SYLLABLE BWAEG +BD2E;BD2E;1107 116B 11A9;BD2E;1107 116B 11A9; # (ë´®; ë´®; 봮; ë´®; 봮; ) HANGUL SYLLABLE BWAEGG +BD2F;BD2F;1107 116B 11AA;BD2F;1107 116B 11AA; # (ë´¯; ë´¯; 봯; ë´¯; 봯; ) HANGUL SYLLABLE BWAEGS +BD30;BD30;1107 116B 11AB;BD30;1107 116B 11AB; # (ë´°; ë´°; 봰; ë´°; 봰; ) HANGUL SYLLABLE BWAEN +BD31;BD31;1107 116B 11AC;BD31;1107 116B 11AC; # (ë´±; ë´±; 봱; ë´±; 봱; ) HANGUL SYLLABLE BWAENJ +BD32;BD32;1107 116B 11AD;BD32;1107 116B 11AD; # (ë´²; ë´²; 봲; ë´²; 봲; ) HANGUL SYLLABLE BWAENH +BD33;BD33;1107 116B 11AE;BD33;1107 116B 11AE; # (ë´³; ë´³; 봳; ë´³; 봳; ) HANGUL SYLLABLE BWAED +BD34;BD34;1107 116B 11AF;BD34;1107 116B 11AF; # (ë´´; ë´´; 봴; ë´´; 봴; ) HANGUL SYLLABLE BWAEL +BD35;BD35;1107 116B 11B0;BD35;1107 116B 11B0; # (ë´µ; ë´µ; 봵; ë´µ; 봵; ) HANGUL SYLLABLE BWAELG +BD36;BD36;1107 116B 11B1;BD36;1107 116B 11B1; # (ë´¶; ë´¶; 봶; ë´¶; 봶; ) HANGUL SYLLABLE BWAELM +BD37;BD37;1107 116B 11B2;BD37;1107 116B 11B2; # (ë´·; ë´·; 봷; ë´·; 봷; ) HANGUL SYLLABLE BWAELB +BD38;BD38;1107 116B 11B3;BD38;1107 116B 11B3; # (ë´¸; ë´¸; 봸; ë´¸; 봸; ) HANGUL SYLLABLE BWAELS +BD39;BD39;1107 116B 11B4;BD39;1107 116B 11B4; # (ë´¹; ë´¹; 봹; ë´¹; 봹; ) HANGUL SYLLABLE BWAELT +BD3A;BD3A;1107 116B 11B5;BD3A;1107 116B 11B5; # (ë´º; ë´º; 봺; ë´º; 봺; ) HANGUL SYLLABLE BWAELP +BD3B;BD3B;1107 116B 11B6;BD3B;1107 116B 11B6; # (ë´»; ë´»; 봻; ë´»; 봻; ) HANGUL SYLLABLE BWAELH +BD3C;BD3C;1107 116B 11B7;BD3C;1107 116B 11B7; # (ë´¼; ë´¼; 봼; ë´¼; 봼; ) HANGUL SYLLABLE BWAEM +BD3D;BD3D;1107 116B 11B8;BD3D;1107 116B 11B8; # (ë´½; ë´½; 봽; ë´½; 봽; ) HANGUL SYLLABLE BWAEB +BD3E;BD3E;1107 116B 11B9;BD3E;1107 116B 11B9; # (ë´¾; ë´¾; 봾; ë´¾; 봾; ) HANGUL SYLLABLE BWAEBS +BD3F;BD3F;1107 116B 11BA;BD3F;1107 116B 11BA; # (ë´¿; ë´¿; 봿; ë´¿; 봿; ) HANGUL SYLLABLE BWAES +BD40;BD40;1107 116B 11BB;BD40;1107 116B 11BB; # (ëµ€; ëµ€; 뵀; ëµ€; 뵀; ) HANGUL SYLLABLE BWAESS +BD41;BD41;1107 116B 11BC;BD41;1107 116B 11BC; # (ëµ; ëµ; 뵁; ëµ; 뵁; ) HANGUL SYLLABLE BWAENG +BD42;BD42;1107 116B 11BD;BD42;1107 116B 11BD; # (뵂; 뵂; 뵂; 뵂; 뵂; ) HANGUL SYLLABLE BWAEJ +BD43;BD43;1107 116B 11BE;BD43;1107 116B 11BE; # (뵃; 뵃; 뵃; 뵃; 뵃; ) HANGUL SYLLABLE BWAEC +BD44;BD44;1107 116B 11BF;BD44;1107 116B 11BF; # (뵄; 뵄; 뵄; 뵄; 뵄; ) HANGUL SYLLABLE BWAEK +BD45;BD45;1107 116B 11C0;BD45;1107 116B 11C0; # (ëµ…; ëµ…; 뵅; ëµ…; 뵅; ) HANGUL SYLLABLE BWAET +BD46;BD46;1107 116B 11C1;BD46;1107 116B 11C1; # (뵆; 뵆; 봬á‡; 뵆; 봬á‡; ) HANGUL SYLLABLE BWAEP +BD47;BD47;1107 116B 11C2;BD47;1107 116B 11C2; # (뵇; 뵇; 뵇; 뵇; 뵇; ) HANGUL SYLLABLE BWAEH +BD48;BD48;1107 116C;BD48;1107 116C; # (뵈; 뵈; 뵈; 뵈; 뵈; ) HANGUL SYLLABLE BOE +BD49;BD49;1107 116C 11A8;BD49;1107 116C 11A8; # (뵉; 뵉; 뵉; 뵉; 뵉; ) HANGUL SYLLABLE BOEG +BD4A;BD4A;1107 116C 11A9;BD4A;1107 116C 11A9; # (뵊; 뵊; 뵊; 뵊; 뵊; ) HANGUL SYLLABLE BOEGG +BD4B;BD4B;1107 116C 11AA;BD4B;1107 116C 11AA; # (뵋; 뵋; 뵋; 뵋; 뵋; ) HANGUL SYLLABLE BOEGS +BD4C;BD4C;1107 116C 11AB;BD4C;1107 116C 11AB; # (뵌; 뵌; 뵌; 뵌; 뵌; ) HANGUL SYLLABLE BOEN +BD4D;BD4D;1107 116C 11AC;BD4D;1107 116C 11AC; # (ëµ; ëµ; 뵍; ëµ; 뵍; ) HANGUL SYLLABLE BOENJ +BD4E;BD4E;1107 116C 11AD;BD4E;1107 116C 11AD; # (뵎; 뵎; 뵎; 뵎; 뵎; ) HANGUL SYLLABLE BOENH +BD4F;BD4F;1107 116C 11AE;BD4F;1107 116C 11AE; # (ëµ; ëµ; 뵏; ëµ; 뵏; ) HANGUL SYLLABLE BOED +BD50;BD50;1107 116C 11AF;BD50;1107 116C 11AF; # (ëµ; ëµ; 뵐; ëµ; 뵐; ) HANGUL SYLLABLE BOEL +BD51;BD51;1107 116C 11B0;BD51;1107 116C 11B0; # (뵑; 뵑; 뵑; 뵑; 뵑; ) HANGUL SYLLABLE BOELG +BD52;BD52;1107 116C 11B1;BD52;1107 116C 11B1; # (ëµ’; ëµ’; 뵒; ëµ’; 뵒; ) HANGUL SYLLABLE BOELM +BD53;BD53;1107 116C 11B2;BD53;1107 116C 11B2; # (뵓; 뵓; 뵓; 뵓; 뵓; ) HANGUL SYLLABLE BOELB +BD54;BD54;1107 116C 11B3;BD54;1107 116C 11B3; # (ëµ”; ëµ”; 뵔; ëµ”; 뵔; ) HANGUL SYLLABLE BOELS +BD55;BD55;1107 116C 11B4;BD55;1107 116C 11B4; # (뵕; 뵕; 뵕; 뵕; 뵕; ) HANGUL SYLLABLE BOELT +BD56;BD56;1107 116C 11B5;BD56;1107 116C 11B5; # (ëµ–; ëµ–; 뵖; ëµ–; 뵖; ) HANGUL SYLLABLE BOELP +BD57;BD57;1107 116C 11B6;BD57;1107 116C 11B6; # (ëµ—; ëµ—; 뵗; ëµ—; 뵗; ) HANGUL SYLLABLE BOELH +BD58;BD58;1107 116C 11B7;BD58;1107 116C 11B7; # (뵘; 뵘; 뵘; 뵘; 뵘; ) HANGUL SYLLABLE BOEM +BD59;BD59;1107 116C 11B8;BD59;1107 116C 11B8; # (ëµ™; ëµ™; 뵙; ëµ™; 뵙; ) HANGUL SYLLABLE BOEB +BD5A;BD5A;1107 116C 11B9;BD5A;1107 116C 11B9; # (뵚; 뵚; 뵚; 뵚; 뵚; ) HANGUL SYLLABLE BOEBS +BD5B;BD5B;1107 116C 11BA;BD5B;1107 116C 11BA; # (ëµ›; ëµ›; 뵛; ëµ›; 뵛; ) HANGUL SYLLABLE BOES +BD5C;BD5C;1107 116C 11BB;BD5C;1107 116C 11BB; # (뵜; 뵜; 뵜; 뵜; 뵜; ) HANGUL SYLLABLE BOESS +BD5D;BD5D;1107 116C 11BC;BD5D;1107 116C 11BC; # (ëµ; ëµ; 뵝; ëµ; 뵝; ) HANGUL SYLLABLE BOENG +BD5E;BD5E;1107 116C 11BD;BD5E;1107 116C 11BD; # (뵞; 뵞; 뵞; 뵞; 뵞; ) HANGUL SYLLABLE BOEJ +BD5F;BD5F;1107 116C 11BE;BD5F;1107 116C 11BE; # (뵟; 뵟; 뵟; 뵟; 뵟; ) HANGUL SYLLABLE BOEC +BD60;BD60;1107 116C 11BF;BD60;1107 116C 11BF; # (ëµ ; ëµ ; 뵠; ëµ ; 뵠; ) HANGUL SYLLABLE BOEK +BD61;BD61;1107 116C 11C0;BD61;1107 116C 11C0; # (뵡; 뵡; 뵡; 뵡; 뵡; ) HANGUL SYLLABLE BOET +BD62;BD62;1107 116C 11C1;BD62;1107 116C 11C1; # (ëµ¢; ëµ¢; 뵈á‡; ëµ¢; 뵈á‡; ) HANGUL SYLLABLE BOEP +BD63;BD63;1107 116C 11C2;BD63;1107 116C 11C2; # (ëµ£; ëµ£; 뵣; ëµ£; 뵣; ) HANGUL SYLLABLE BOEH +BD64;BD64;1107 116D;BD64;1107 116D; # (뵤; 뵤; 뵤; 뵤; 뵤; ) HANGUL SYLLABLE BYO +BD65;BD65;1107 116D 11A8;BD65;1107 116D 11A8; # (ëµ¥; ëµ¥; 뵥; ëµ¥; 뵥; ) HANGUL SYLLABLE BYOG +BD66;BD66;1107 116D 11A9;BD66;1107 116D 11A9; # (뵦; 뵦; 뵦; 뵦; 뵦; ) HANGUL SYLLABLE BYOGG +BD67;BD67;1107 116D 11AA;BD67;1107 116D 11AA; # (뵧; 뵧; 뵧; 뵧; 뵧; ) HANGUL SYLLABLE BYOGS +BD68;BD68;1107 116D 11AB;BD68;1107 116D 11AB; # (뵨; 뵨; 뵨; 뵨; 뵨; ) HANGUL SYLLABLE BYON +BD69;BD69;1107 116D 11AC;BD69;1107 116D 11AC; # (뵩; 뵩; 뵩; 뵩; 뵩; ) HANGUL SYLLABLE BYONJ +BD6A;BD6A;1107 116D 11AD;BD6A;1107 116D 11AD; # (뵪; 뵪; 뵪; 뵪; 뵪; ) HANGUL SYLLABLE BYONH +BD6B;BD6B;1107 116D 11AE;BD6B;1107 116D 11AE; # (뵫; 뵫; 뵫; 뵫; 뵫; ) HANGUL SYLLABLE BYOD +BD6C;BD6C;1107 116D 11AF;BD6C;1107 116D 11AF; # (뵬; 뵬; 뵬; 뵬; 뵬; ) HANGUL SYLLABLE BYOL +BD6D;BD6D;1107 116D 11B0;BD6D;1107 116D 11B0; # (ëµ­; ëµ­; 뵭; ëµ­; 뵭; ) HANGUL SYLLABLE BYOLG +BD6E;BD6E;1107 116D 11B1;BD6E;1107 116D 11B1; # (ëµ®; ëµ®; 뵮; ëµ®; 뵮; ) HANGUL SYLLABLE BYOLM +BD6F;BD6F;1107 116D 11B2;BD6F;1107 116D 11B2; # (뵯; 뵯; 뵯; 뵯; 뵯; ) HANGUL SYLLABLE BYOLB +BD70;BD70;1107 116D 11B3;BD70;1107 116D 11B3; # (ëµ°; ëµ°; 뵰; ëµ°; 뵰; ) HANGUL SYLLABLE BYOLS +BD71;BD71;1107 116D 11B4;BD71;1107 116D 11B4; # (ëµ±; ëµ±; 뵱; ëµ±; 뵱; ) HANGUL SYLLABLE BYOLT +BD72;BD72;1107 116D 11B5;BD72;1107 116D 11B5; # (ëµ²; ëµ²; 뵲; ëµ²; 뵲; ) HANGUL SYLLABLE BYOLP +BD73;BD73;1107 116D 11B6;BD73;1107 116D 11B6; # (ëµ³; ëµ³; 뵳; ëµ³; 뵳; ) HANGUL SYLLABLE BYOLH +BD74;BD74;1107 116D 11B7;BD74;1107 116D 11B7; # (ëµ´; ëµ´; 뵴; ëµ´; 뵴; ) HANGUL SYLLABLE BYOM +BD75;BD75;1107 116D 11B8;BD75;1107 116D 11B8; # (ëµµ; ëµµ; 뵵; ëµµ; 뵵; ) HANGUL SYLLABLE BYOB +BD76;BD76;1107 116D 11B9;BD76;1107 116D 11B9; # (뵶; 뵶; 뵶; 뵶; 뵶; ) HANGUL SYLLABLE BYOBS +BD77;BD77;1107 116D 11BA;BD77;1107 116D 11BA; # (ëµ·; ëµ·; 뵷; ëµ·; 뵷; ) HANGUL SYLLABLE BYOS +BD78;BD78;1107 116D 11BB;BD78;1107 116D 11BB; # (뵸; 뵸; 뵸; 뵸; 뵸; ) HANGUL SYLLABLE BYOSS +BD79;BD79;1107 116D 11BC;BD79;1107 116D 11BC; # (ëµ¹; ëµ¹; 뵹; ëµ¹; 뵹; ) HANGUL SYLLABLE BYONG +BD7A;BD7A;1107 116D 11BD;BD7A;1107 116D 11BD; # (뵺; 뵺; 뵺; 뵺; 뵺; ) HANGUL SYLLABLE BYOJ +BD7B;BD7B;1107 116D 11BE;BD7B;1107 116D 11BE; # (ëµ»; ëµ»; 뵻; ëµ»; 뵻; ) HANGUL SYLLABLE BYOC +BD7C;BD7C;1107 116D 11BF;BD7C;1107 116D 11BF; # (ëµ¼; ëµ¼; 뵼; ëµ¼; 뵼; ) HANGUL SYLLABLE BYOK +BD7D;BD7D;1107 116D 11C0;BD7D;1107 116D 11C0; # (ëµ½; ëµ½; 뵽; ëµ½; 뵽; ) HANGUL SYLLABLE BYOT +BD7E;BD7E;1107 116D 11C1;BD7E;1107 116D 11C1; # (ëµ¾; ëµ¾; 뵤á‡; ëµ¾; 뵤á‡; ) HANGUL SYLLABLE BYOP +BD7F;BD7F;1107 116D 11C2;BD7F;1107 116D 11C2; # (뵿; 뵿; 뵿; 뵿; 뵿; ) HANGUL SYLLABLE BYOH +BD80;BD80;1107 116E;BD80;1107 116E; # (부; 부; 부; 부; 부; ) HANGUL SYLLABLE BU +BD81;BD81;1107 116E 11A8;BD81;1107 116E 11A8; # (ë¶; ë¶; 북; ë¶; 북; ) HANGUL SYLLABLE BUG +BD82;BD82;1107 116E 11A9;BD82;1107 116E 11A9; # (붂; 붂; 붂; 붂; 붂; ) HANGUL SYLLABLE BUGG +BD83;BD83;1107 116E 11AA;BD83;1107 116E 11AA; # (붃; 붃; 붃; 붃; 붃; ) HANGUL SYLLABLE BUGS +BD84;BD84;1107 116E 11AB;BD84;1107 116E 11AB; # (분; 분; 분; 분; 분; ) HANGUL SYLLABLE BUN +BD85;BD85;1107 116E 11AC;BD85;1107 116E 11AC; # (붅; 붅; 붅; 붅; 붅; ) HANGUL SYLLABLE BUNJ +BD86;BD86;1107 116E 11AD;BD86;1107 116E 11AD; # (붆; 붆; 붆; 붆; 붆; ) HANGUL SYLLABLE BUNH +BD87;BD87;1107 116E 11AE;BD87;1107 116E 11AE; # (붇; 붇; 붇; 붇; 붇; ) HANGUL SYLLABLE BUD +BD88;BD88;1107 116E 11AF;BD88;1107 116E 11AF; # (불; 불; 불; 불; 불; ) HANGUL SYLLABLE BUL +BD89;BD89;1107 116E 11B0;BD89;1107 116E 11B0; # (붉; 붉; 붉; 붉; 붉; ) HANGUL SYLLABLE BULG +BD8A;BD8A;1107 116E 11B1;BD8A;1107 116E 11B1; # (붊; 붊; 붊; 붊; 붊; ) HANGUL SYLLABLE BULM +BD8B;BD8B;1107 116E 11B2;BD8B;1107 116E 11B2; # (붋; 붋; 붋; 붋; 붋; ) HANGUL SYLLABLE BULB +BD8C;BD8C;1107 116E 11B3;BD8C;1107 116E 11B3; # (붌; 붌; 붌; 붌; 붌; ) HANGUL SYLLABLE BULS +BD8D;BD8D;1107 116E 11B4;BD8D;1107 116E 11B4; # (ë¶; ë¶; 붍; ë¶; 붍; ) HANGUL SYLLABLE BULT +BD8E;BD8E;1107 116E 11B5;BD8E;1107 116E 11B5; # (붎; 붎; 붎; 붎; 붎; ) HANGUL SYLLABLE BULP +BD8F;BD8F;1107 116E 11B6;BD8F;1107 116E 11B6; # (ë¶; ë¶; 붏; ë¶; 붏; ) HANGUL SYLLABLE BULH +BD90;BD90;1107 116E 11B7;BD90;1107 116E 11B7; # (ë¶; ë¶; 붐; ë¶; 붐; ) HANGUL SYLLABLE BUM +BD91;BD91;1107 116E 11B8;BD91;1107 116E 11B8; # (붑; 붑; 붑; 붑; 붑; ) HANGUL SYLLABLE BUB +BD92;BD92;1107 116E 11B9;BD92;1107 116E 11B9; # (붒; 붒; 붒; 붒; 붒; ) HANGUL SYLLABLE BUBS +BD93;BD93;1107 116E 11BA;BD93;1107 116E 11BA; # (붓; 붓; 붓; 붓; 붓; ) HANGUL SYLLABLE BUS +BD94;BD94;1107 116E 11BB;BD94;1107 116E 11BB; # (붔; 붔; 붔; 붔; 붔; ) HANGUL SYLLABLE BUSS +BD95;BD95;1107 116E 11BC;BD95;1107 116E 11BC; # (붕; 붕; 붕; 붕; 붕; ) HANGUL SYLLABLE BUNG +BD96;BD96;1107 116E 11BD;BD96;1107 116E 11BD; # (붖; 붖; 붖; 붖; 붖; ) HANGUL SYLLABLE BUJ +BD97;BD97;1107 116E 11BE;BD97;1107 116E 11BE; # (붗; 붗; 붗; 붗; 붗; ) HANGUL SYLLABLE BUC +BD98;BD98;1107 116E 11BF;BD98;1107 116E 11BF; # (붘; 붘; 붘; 붘; 붘; ) HANGUL SYLLABLE BUK +BD99;BD99;1107 116E 11C0;BD99;1107 116E 11C0; # (붙; 붙; 붙; 붙; 붙; ) HANGUL SYLLABLE BUT +BD9A;BD9A;1107 116E 11C1;BD9A;1107 116E 11C1; # (붚; 붚; 부á‡; 붚; 부á‡; ) HANGUL SYLLABLE BUP +BD9B;BD9B;1107 116E 11C2;BD9B;1107 116E 11C2; # (붛; 붛; 붛; 붛; 붛; ) HANGUL SYLLABLE BUH +BD9C;BD9C;1107 116F;BD9C;1107 116F; # (붜; 붜; 붜; 붜; 붜; ) HANGUL SYLLABLE BWEO +BD9D;BD9D;1107 116F 11A8;BD9D;1107 116F 11A8; # (ë¶; ë¶; 붝; ë¶; 붝; ) HANGUL SYLLABLE BWEOG +BD9E;BD9E;1107 116F 11A9;BD9E;1107 116F 11A9; # (붞; 붞; 붞; 붞; 붞; ) HANGUL SYLLABLE BWEOGG +BD9F;BD9F;1107 116F 11AA;BD9F;1107 116F 11AA; # (붟; 붟; 붟; 붟; 붟; ) HANGUL SYLLABLE BWEOGS +BDA0;BDA0;1107 116F 11AB;BDA0;1107 116F 11AB; # (붠; 붠; 붠; 붠; 붠; ) HANGUL SYLLABLE BWEON +BDA1;BDA1;1107 116F 11AC;BDA1;1107 116F 11AC; # (붡; 붡; 붡; 붡; 붡; ) HANGUL SYLLABLE BWEONJ +BDA2;BDA2;1107 116F 11AD;BDA2;1107 116F 11AD; # (붢; 붢; 붢; 붢; 붢; ) HANGUL SYLLABLE BWEONH +BDA3;BDA3;1107 116F 11AE;BDA3;1107 116F 11AE; # (붣; 붣; 붣; 붣; 붣; ) HANGUL SYLLABLE BWEOD +BDA4;BDA4;1107 116F 11AF;BDA4;1107 116F 11AF; # (붤; 붤; 붤; 붤; 붤; ) HANGUL SYLLABLE BWEOL +BDA5;BDA5;1107 116F 11B0;BDA5;1107 116F 11B0; # (붥; 붥; 붥; 붥; 붥; ) HANGUL SYLLABLE BWEOLG +BDA6;BDA6;1107 116F 11B1;BDA6;1107 116F 11B1; # (붦; 붦; 붦; 붦; 붦; ) HANGUL SYLLABLE BWEOLM +BDA7;BDA7;1107 116F 11B2;BDA7;1107 116F 11B2; # (붧; 붧; 붧; 붧; 붧; ) HANGUL SYLLABLE BWEOLB +BDA8;BDA8;1107 116F 11B3;BDA8;1107 116F 11B3; # (붨; 붨; 붨; 붨; 붨; ) HANGUL SYLLABLE BWEOLS +BDA9;BDA9;1107 116F 11B4;BDA9;1107 116F 11B4; # (붩; 붩; 붩; 붩; 붩; ) HANGUL SYLLABLE BWEOLT +BDAA;BDAA;1107 116F 11B5;BDAA;1107 116F 11B5; # (붪; 붪; 붪; 붪; 붪; ) HANGUL SYLLABLE BWEOLP +BDAB;BDAB;1107 116F 11B6;BDAB;1107 116F 11B6; # (붫; 붫; 붫; 붫; 붫; ) HANGUL SYLLABLE BWEOLH +BDAC;BDAC;1107 116F 11B7;BDAC;1107 116F 11B7; # (붬; 붬; 붬; 붬; 붬; ) HANGUL SYLLABLE BWEOM +BDAD;BDAD;1107 116F 11B8;BDAD;1107 116F 11B8; # (붭; 붭; 붭; 붭; 붭; ) HANGUL SYLLABLE BWEOB +BDAE;BDAE;1107 116F 11B9;BDAE;1107 116F 11B9; # (붮; 붮; 붮; 붮; 붮; ) HANGUL SYLLABLE BWEOBS +BDAF;BDAF;1107 116F 11BA;BDAF;1107 116F 11BA; # (붯; 붯; 붯; 붯; 붯; ) HANGUL SYLLABLE BWEOS +BDB0;BDB0;1107 116F 11BB;BDB0;1107 116F 11BB; # (붰; 붰; 붰; 붰; 붰; ) HANGUL SYLLABLE BWEOSS +BDB1;BDB1;1107 116F 11BC;BDB1;1107 116F 11BC; # (붱; 붱; 붱; 붱; 붱; ) HANGUL SYLLABLE BWEONG +BDB2;BDB2;1107 116F 11BD;BDB2;1107 116F 11BD; # (붲; 붲; 붲; 붲; 붲; ) HANGUL SYLLABLE BWEOJ +BDB3;BDB3;1107 116F 11BE;BDB3;1107 116F 11BE; # (붳; 붳; 붳; 붳; 붳; ) HANGUL SYLLABLE BWEOC +BDB4;BDB4;1107 116F 11BF;BDB4;1107 116F 11BF; # (붴; 붴; 붴; 붴; 붴; ) HANGUL SYLLABLE BWEOK +BDB5;BDB5;1107 116F 11C0;BDB5;1107 116F 11C0; # (붵; 붵; 붵; 붵; 붵; ) HANGUL SYLLABLE BWEOT +BDB6;BDB6;1107 116F 11C1;BDB6;1107 116F 11C1; # (붶; 붶; 붜á‡; 붶; 붜á‡; ) HANGUL SYLLABLE BWEOP +BDB7;BDB7;1107 116F 11C2;BDB7;1107 116F 11C2; # (붷; 붷; 붷; 붷; 붷; ) HANGUL SYLLABLE BWEOH +BDB8;BDB8;1107 1170;BDB8;1107 1170; # (붸; 붸; 붸; 붸; 붸; ) HANGUL SYLLABLE BWE +BDB9;BDB9;1107 1170 11A8;BDB9;1107 1170 11A8; # (붹; 붹; 붹; 붹; 붹; ) HANGUL SYLLABLE BWEG +BDBA;BDBA;1107 1170 11A9;BDBA;1107 1170 11A9; # (붺; 붺; 붺; 붺; 붺; ) HANGUL SYLLABLE BWEGG +BDBB;BDBB;1107 1170 11AA;BDBB;1107 1170 11AA; # (붻; 붻; 붻; 붻; 붻; ) HANGUL SYLLABLE BWEGS +BDBC;BDBC;1107 1170 11AB;BDBC;1107 1170 11AB; # (붼; 붼; 붼; 붼; 붼; ) HANGUL SYLLABLE BWEN +BDBD;BDBD;1107 1170 11AC;BDBD;1107 1170 11AC; # (붽; 붽; 붽; 붽; 붽; ) HANGUL SYLLABLE BWENJ +BDBE;BDBE;1107 1170 11AD;BDBE;1107 1170 11AD; # (붾; 붾; 붾; 붾; 붾; ) HANGUL SYLLABLE BWENH +BDBF;BDBF;1107 1170 11AE;BDBF;1107 1170 11AE; # (붿; 붿; 붿; 붿; 붿; ) HANGUL SYLLABLE BWED +BDC0;BDC0;1107 1170 11AF;BDC0;1107 1170 11AF; # (ë·€; ë·€; 뷀; ë·€; 뷀; ) HANGUL SYLLABLE BWEL +BDC1;BDC1;1107 1170 11B0;BDC1;1107 1170 11B0; # (ë·; ë·; 뷁; ë·; 뷁; ) HANGUL SYLLABLE BWELG +BDC2;BDC2;1107 1170 11B1;BDC2;1107 1170 11B1; # (ë·‚; ë·‚; 뷂; ë·‚; 뷂; ) HANGUL SYLLABLE BWELM +BDC3;BDC3;1107 1170 11B2;BDC3;1107 1170 11B2; # (ë·ƒ; ë·ƒ; 뷃; ë·ƒ; 뷃; ) HANGUL SYLLABLE BWELB +BDC4;BDC4;1107 1170 11B3;BDC4;1107 1170 11B3; # (ë·„; ë·„; 뷄; ë·„; 뷄; ) HANGUL SYLLABLE BWELS +BDC5;BDC5;1107 1170 11B4;BDC5;1107 1170 11B4; # (ë·…; ë·…; 뷅; ë·…; 뷅; ) HANGUL SYLLABLE BWELT +BDC6;BDC6;1107 1170 11B5;BDC6;1107 1170 11B5; # (ë·†; ë·†; 뷆; ë·†; 뷆; ) HANGUL SYLLABLE BWELP +BDC7;BDC7;1107 1170 11B6;BDC7;1107 1170 11B6; # (ë·‡; ë·‡; 뷇; ë·‡; 뷇; ) HANGUL SYLLABLE BWELH +BDC8;BDC8;1107 1170 11B7;BDC8;1107 1170 11B7; # (ë·ˆ; ë·ˆ; 뷈; ë·ˆ; 뷈; ) HANGUL SYLLABLE BWEM +BDC9;BDC9;1107 1170 11B8;BDC9;1107 1170 11B8; # (ë·‰; ë·‰; 뷉; ë·‰; 뷉; ) HANGUL SYLLABLE BWEB +BDCA;BDCA;1107 1170 11B9;BDCA;1107 1170 11B9; # (ë·Š; ë·Š; 뷊; ë·Š; 뷊; ) HANGUL SYLLABLE BWEBS +BDCB;BDCB;1107 1170 11BA;BDCB;1107 1170 11BA; # (ë·‹; ë·‹; 뷋; ë·‹; 뷋; ) HANGUL SYLLABLE BWES +BDCC;BDCC;1107 1170 11BB;BDCC;1107 1170 11BB; # (ë·Œ; ë·Œ; 뷌; ë·Œ; 뷌; ) HANGUL SYLLABLE BWESS +BDCD;BDCD;1107 1170 11BC;BDCD;1107 1170 11BC; # (ë·; ë·; 뷍; ë·; 뷍; ) HANGUL SYLLABLE BWENG +BDCE;BDCE;1107 1170 11BD;BDCE;1107 1170 11BD; # (ë·Ž; ë·Ž; 뷎; ë·Ž; 뷎; ) HANGUL SYLLABLE BWEJ +BDCF;BDCF;1107 1170 11BE;BDCF;1107 1170 11BE; # (ë·; ë·; 뷏; ë·; 뷏; ) HANGUL SYLLABLE BWEC +BDD0;BDD0;1107 1170 11BF;BDD0;1107 1170 11BF; # (ë·; ë·; 뷐; ë·; 뷐; ) HANGUL SYLLABLE BWEK +BDD1;BDD1;1107 1170 11C0;BDD1;1107 1170 11C0; # (ë·‘; ë·‘; 뷑; ë·‘; 뷑; ) HANGUL SYLLABLE BWET +BDD2;BDD2;1107 1170 11C1;BDD2;1107 1170 11C1; # (ë·’; ë·’; 붸á‡; ë·’; 붸á‡; ) HANGUL SYLLABLE BWEP +BDD3;BDD3;1107 1170 11C2;BDD3;1107 1170 11C2; # (ë·“; ë·“; 뷓; ë·“; 뷓; ) HANGUL SYLLABLE BWEH +BDD4;BDD4;1107 1171;BDD4;1107 1171; # (ë·”; ë·”; 뷔; ë·”; 뷔; ) HANGUL SYLLABLE BWI +BDD5;BDD5;1107 1171 11A8;BDD5;1107 1171 11A8; # (ë·•; ë·•; 뷕; ë·•; 뷕; ) HANGUL SYLLABLE BWIG +BDD6;BDD6;1107 1171 11A9;BDD6;1107 1171 11A9; # (ë·–; ë·–; 뷖; ë·–; 뷖; ) HANGUL SYLLABLE BWIGG +BDD7;BDD7;1107 1171 11AA;BDD7;1107 1171 11AA; # (ë·—; ë·—; 뷗; ë·—; 뷗; ) HANGUL SYLLABLE BWIGS +BDD8;BDD8;1107 1171 11AB;BDD8;1107 1171 11AB; # (ë·˜; ë·˜; 뷘; ë·˜; 뷘; ) HANGUL SYLLABLE BWIN +BDD9;BDD9;1107 1171 11AC;BDD9;1107 1171 11AC; # (ë·™; ë·™; 뷙; ë·™; 뷙; ) HANGUL SYLLABLE BWINJ +BDDA;BDDA;1107 1171 11AD;BDDA;1107 1171 11AD; # (ë·š; ë·š; 뷚; ë·š; 뷚; ) HANGUL SYLLABLE BWINH +BDDB;BDDB;1107 1171 11AE;BDDB;1107 1171 11AE; # (ë·›; ë·›; 뷛; ë·›; 뷛; ) HANGUL SYLLABLE BWID +BDDC;BDDC;1107 1171 11AF;BDDC;1107 1171 11AF; # (ë·œ; ë·œ; 뷜; ë·œ; 뷜; ) HANGUL SYLLABLE BWIL +BDDD;BDDD;1107 1171 11B0;BDDD;1107 1171 11B0; # (ë·; ë·; 뷝; ë·; 뷝; ) HANGUL SYLLABLE BWILG +BDDE;BDDE;1107 1171 11B1;BDDE;1107 1171 11B1; # (ë·ž; ë·ž; 뷞; ë·ž; 뷞; ) HANGUL SYLLABLE BWILM +BDDF;BDDF;1107 1171 11B2;BDDF;1107 1171 11B2; # (ë·Ÿ; ë·Ÿ; 뷟; ë·Ÿ; 뷟; ) HANGUL SYLLABLE BWILB +BDE0;BDE0;1107 1171 11B3;BDE0;1107 1171 11B3; # (ë· ; ë· ; 뷠; ë· ; 뷠; ) HANGUL SYLLABLE BWILS +BDE1;BDE1;1107 1171 11B4;BDE1;1107 1171 11B4; # (ë·¡; ë·¡; 뷡; ë·¡; 뷡; ) HANGUL SYLLABLE BWILT +BDE2;BDE2;1107 1171 11B5;BDE2;1107 1171 11B5; # (ë·¢; ë·¢; 뷢; ë·¢; 뷢; ) HANGUL SYLLABLE BWILP +BDE3;BDE3;1107 1171 11B6;BDE3;1107 1171 11B6; # (ë·£; ë·£; 뷣; ë·£; 뷣; ) HANGUL SYLLABLE BWILH +BDE4;BDE4;1107 1171 11B7;BDE4;1107 1171 11B7; # (ë·¤; ë·¤; 뷤; ë·¤; 뷤; ) HANGUL SYLLABLE BWIM +BDE5;BDE5;1107 1171 11B8;BDE5;1107 1171 11B8; # (ë·¥; ë·¥; 뷥; ë·¥; 뷥; ) HANGUL SYLLABLE BWIB +BDE6;BDE6;1107 1171 11B9;BDE6;1107 1171 11B9; # (ë·¦; ë·¦; 뷦; ë·¦; 뷦; ) HANGUL SYLLABLE BWIBS +BDE7;BDE7;1107 1171 11BA;BDE7;1107 1171 11BA; # (ë·§; ë·§; 뷧; ë·§; 뷧; ) HANGUL SYLLABLE BWIS +BDE8;BDE8;1107 1171 11BB;BDE8;1107 1171 11BB; # (ë·¨; ë·¨; 뷨; ë·¨; 뷨; ) HANGUL SYLLABLE BWISS +BDE9;BDE9;1107 1171 11BC;BDE9;1107 1171 11BC; # (ë·©; ë·©; 뷩; ë·©; 뷩; ) HANGUL SYLLABLE BWING +BDEA;BDEA;1107 1171 11BD;BDEA;1107 1171 11BD; # (ë·ª; ë·ª; 뷪; ë·ª; 뷪; ) HANGUL SYLLABLE BWIJ +BDEB;BDEB;1107 1171 11BE;BDEB;1107 1171 11BE; # (ë·«; ë·«; 뷫; ë·«; 뷫; ) HANGUL SYLLABLE BWIC +BDEC;BDEC;1107 1171 11BF;BDEC;1107 1171 11BF; # (ë·¬; ë·¬; 뷬; ë·¬; 뷬; ) HANGUL SYLLABLE BWIK +BDED;BDED;1107 1171 11C0;BDED;1107 1171 11C0; # (ë·­; ë·­; 뷭; ë·­; 뷭; ) HANGUL SYLLABLE BWIT +BDEE;BDEE;1107 1171 11C1;BDEE;1107 1171 11C1; # (ë·®; ë·®; 뷔á‡; ë·®; 뷔á‡; ) HANGUL SYLLABLE BWIP +BDEF;BDEF;1107 1171 11C2;BDEF;1107 1171 11C2; # (ë·¯; ë·¯; 뷯; ë·¯; 뷯; ) HANGUL SYLLABLE BWIH +BDF0;BDF0;1107 1172;BDF0;1107 1172; # (ë·°; ë·°; 뷰; ë·°; 뷰; ) HANGUL SYLLABLE BYU +BDF1;BDF1;1107 1172 11A8;BDF1;1107 1172 11A8; # (ë·±; ë·±; 뷱; ë·±; 뷱; ) HANGUL SYLLABLE BYUG +BDF2;BDF2;1107 1172 11A9;BDF2;1107 1172 11A9; # (ë·²; ë·²; 뷲; ë·²; 뷲; ) HANGUL SYLLABLE BYUGG +BDF3;BDF3;1107 1172 11AA;BDF3;1107 1172 11AA; # (ë·³; ë·³; 뷳; ë·³; 뷳; ) HANGUL SYLLABLE BYUGS +BDF4;BDF4;1107 1172 11AB;BDF4;1107 1172 11AB; # (ë·´; ë·´; 뷴; ë·´; 뷴; ) HANGUL SYLLABLE BYUN +BDF5;BDF5;1107 1172 11AC;BDF5;1107 1172 11AC; # (ë·µ; ë·µ; 뷵; ë·µ; 뷵; ) HANGUL SYLLABLE BYUNJ +BDF6;BDF6;1107 1172 11AD;BDF6;1107 1172 11AD; # (ë·¶; ë·¶; 뷶; ë·¶; 뷶; ) HANGUL SYLLABLE BYUNH +BDF7;BDF7;1107 1172 11AE;BDF7;1107 1172 11AE; # (ë··; ë··; 뷷; ë··; 뷷; ) HANGUL SYLLABLE BYUD +BDF8;BDF8;1107 1172 11AF;BDF8;1107 1172 11AF; # (ë·¸; ë·¸; 뷸; ë·¸; 뷸; ) HANGUL SYLLABLE BYUL +BDF9;BDF9;1107 1172 11B0;BDF9;1107 1172 11B0; # (ë·¹; ë·¹; 뷹; ë·¹; 뷹; ) HANGUL SYLLABLE BYULG +BDFA;BDFA;1107 1172 11B1;BDFA;1107 1172 11B1; # (ë·º; ë·º; 뷺; ë·º; 뷺; ) HANGUL SYLLABLE BYULM +BDFB;BDFB;1107 1172 11B2;BDFB;1107 1172 11B2; # (ë·»; ë·»; 뷻; ë·»; 뷻; ) HANGUL SYLLABLE BYULB +BDFC;BDFC;1107 1172 11B3;BDFC;1107 1172 11B3; # (ë·¼; ë·¼; 뷼; ë·¼; 뷼; ) HANGUL SYLLABLE BYULS +BDFD;BDFD;1107 1172 11B4;BDFD;1107 1172 11B4; # (ë·½; ë·½; 뷽; ë·½; 뷽; ) HANGUL SYLLABLE BYULT +BDFE;BDFE;1107 1172 11B5;BDFE;1107 1172 11B5; # (ë·¾; ë·¾; 뷾; ë·¾; 뷾; ) HANGUL SYLLABLE BYULP +BDFF;BDFF;1107 1172 11B6;BDFF;1107 1172 11B6; # (ë·¿; ë·¿; 뷿; ë·¿; 뷿; ) HANGUL SYLLABLE BYULH +BE00;BE00;1107 1172 11B7;BE00;1107 1172 11B7; # (븀; 븀; 븀; 븀; 븀; ) HANGUL SYLLABLE BYUM +BE01;BE01;1107 1172 11B8;BE01;1107 1172 11B8; # (ë¸; ë¸; 븁; ë¸; 븁; ) HANGUL SYLLABLE BYUB +BE02;BE02;1107 1172 11B9;BE02;1107 1172 11B9; # (븂; 븂; 븂; 븂; 븂; ) HANGUL SYLLABLE BYUBS +BE03;BE03;1107 1172 11BA;BE03;1107 1172 11BA; # (븃; 븃; 븃; 븃; 븃; ) HANGUL SYLLABLE BYUS +BE04;BE04;1107 1172 11BB;BE04;1107 1172 11BB; # (븄; 븄; 븄; 븄; 븄; ) HANGUL SYLLABLE BYUSS +BE05;BE05;1107 1172 11BC;BE05;1107 1172 11BC; # (븅; 븅; 븅; 븅; 븅; ) HANGUL SYLLABLE BYUNG +BE06;BE06;1107 1172 11BD;BE06;1107 1172 11BD; # (븆; 븆; 븆; 븆; 븆; ) HANGUL SYLLABLE BYUJ +BE07;BE07;1107 1172 11BE;BE07;1107 1172 11BE; # (븇; 븇; 븇; 븇; 븇; ) HANGUL SYLLABLE BYUC +BE08;BE08;1107 1172 11BF;BE08;1107 1172 11BF; # (븈; 븈; 븈; 븈; 븈; ) HANGUL SYLLABLE BYUK +BE09;BE09;1107 1172 11C0;BE09;1107 1172 11C0; # (븉; 븉; 븉; 븉; 븉; ) HANGUL SYLLABLE BYUT +BE0A;BE0A;1107 1172 11C1;BE0A;1107 1172 11C1; # (븊; 븊; 뷰á‡; 븊; 뷰á‡; ) HANGUL SYLLABLE BYUP +BE0B;BE0B;1107 1172 11C2;BE0B;1107 1172 11C2; # (븋; 븋; 븋; 븋; 븋; ) HANGUL SYLLABLE BYUH +BE0C;BE0C;1107 1173;BE0C;1107 1173; # (브; 브; 브; 브; 브; ) HANGUL SYLLABLE BEU +BE0D;BE0D;1107 1173 11A8;BE0D;1107 1173 11A8; # (ë¸; ë¸; 븍; ë¸; 븍; ) HANGUL SYLLABLE BEUG +BE0E;BE0E;1107 1173 11A9;BE0E;1107 1173 11A9; # (븎; 븎; 븎; 븎; 븎; ) HANGUL SYLLABLE BEUGG +BE0F;BE0F;1107 1173 11AA;BE0F;1107 1173 11AA; # (ë¸; ë¸; 븏; ë¸; 븏; ) HANGUL SYLLABLE BEUGS +BE10;BE10;1107 1173 11AB;BE10;1107 1173 11AB; # (ë¸; ë¸; 븐; ë¸; 븐; ) HANGUL SYLLABLE BEUN +BE11;BE11;1107 1173 11AC;BE11;1107 1173 11AC; # (븑; 븑; 븑; 븑; 븑; ) HANGUL SYLLABLE BEUNJ +BE12;BE12;1107 1173 11AD;BE12;1107 1173 11AD; # (븒; 븒; 븒; 븒; 븒; ) HANGUL SYLLABLE BEUNH +BE13;BE13;1107 1173 11AE;BE13;1107 1173 11AE; # (븓; 븓; 븓; 븓; 븓; ) HANGUL SYLLABLE BEUD +BE14;BE14;1107 1173 11AF;BE14;1107 1173 11AF; # (블; 블; 블; 블; 블; ) HANGUL SYLLABLE BEUL +BE15;BE15;1107 1173 11B0;BE15;1107 1173 11B0; # (븕; 븕; 븕; 븕; 븕; ) HANGUL SYLLABLE BEULG +BE16;BE16;1107 1173 11B1;BE16;1107 1173 11B1; # (븖; 븖; 븖; 븖; 븖; ) HANGUL SYLLABLE BEULM +BE17;BE17;1107 1173 11B2;BE17;1107 1173 11B2; # (븗; 븗; 븗; 븗; 븗; ) HANGUL SYLLABLE BEULB +BE18;BE18;1107 1173 11B3;BE18;1107 1173 11B3; # (븘; 븘; 븘; 븘; 븘; ) HANGUL SYLLABLE BEULS +BE19;BE19;1107 1173 11B4;BE19;1107 1173 11B4; # (븙; 븙; 븙; 븙; 븙; ) HANGUL SYLLABLE BEULT +BE1A;BE1A;1107 1173 11B5;BE1A;1107 1173 11B5; # (븚; 븚; 븚; 븚; 븚; ) HANGUL SYLLABLE BEULP +BE1B;BE1B;1107 1173 11B6;BE1B;1107 1173 11B6; # (븛; 븛; 븛; 븛; 븛; ) HANGUL SYLLABLE BEULH +BE1C;BE1C;1107 1173 11B7;BE1C;1107 1173 11B7; # (븜; 븜; 븜; 븜; 븜; ) HANGUL SYLLABLE BEUM +BE1D;BE1D;1107 1173 11B8;BE1D;1107 1173 11B8; # (ë¸; ë¸; 븝; ë¸; 븝; ) HANGUL SYLLABLE BEUB +BE1E;BE1E;1107 1173 11B9;BE1E;1107 1173 11B9; # (븞; 븞; 븞; 븞; 븞; ) HANGUL SYLLABLE BEUBS +BE1F;BE1F;1107 1173 11BA;BE1F;1107 1173 11BA; # (븟; 븟; 븟; 븟; 븟; ) HANGUL SYLLABLE BEUS +BE20;BE20;1107 1173 11BB;BE20;1107 1173 11BB; # (븠; 븠; 븠; 븠; 븠; ) HANGUL SYLLABLE BEUSS +BE21;BE21;1107 1173 11BC;BE21;1107 1173 11BC; # (븡; 븡; 븡; 븡; 븡; ) HANGUL SYLLABLE BEUNG +BE22;BE22;1107 1173 11BD;BE22;1107 1173 11BD; # (븢; 븢; 븢; 븢; 븢; ) HANGUL SYLLABLE BEUJ +BE23;BE23;1107 1173 11BE;BE23;1107 1173 11BE; # (븣; 븣; 븣; 븣; 븣; ) HANGUL SYLLABLE BEUC +BE24;BE24;1107 1173 11BF;BE24;1107 1173 11BF; # (븤; 븤; 븤; 븤; 븤; ) HANGUL SYLLABLE BEUK +BE25;BE25;1107 1173 11C0;BE25;1107 1173 11C0; # (븥; 븥; 븥; 븥; 븥; ) HANGUL SYLLABLE BEUT +BE26;BE26;1107 1173 11C1;BE26;1107 1173 11C1; # (븦; 븦; 브á‡; 븦; 브á‡; ) HANGUL SYLLABLE BEUP +BE27;BE27;1107 1173 11C2;BE27;1107 1173 11C2; # (븧; 븧; 븧; 븧; 븧; ) HANGUL SYLLABLE BEUH +BE28;BE28;1107 1174;BE28;1107 1174; # (븨; 븨; 븨; 븨; 븨; ) HANGUL SYLLABLE BYI +BE29;BE29;1107 1174 11A8;BE29;1107 1174 11A8; # (븩; 븩; 븩; 븩; 븩; ) HANGUL SYLLABLE BYIG +BE2A;BE2A;1107 1174 11A9;BE2A;1107 1174 11A9; # (븪; 븪; 븪; 븪; 븪; ) HANGUL SYLLABLE BYIGG +BE2B;BE2B;1107 1174 11AA;BE2B;1107 1174 11AA; # (븫; 븫; 븫; 븫; 븫; ) HANGUL SYLLABLE BYIGS +BE2C;BE2C;1107 1174 11AB;BE2C;1107 1174 11AB; # (븬; 븬; 븬; 븬; 븬; ) HANGUL SYLLABLE BYIN +BE2D;BE2D;1107 1174 11AC;BE2D;1107 1174 11AC; # (븭; 븭; 븭; 븭; 븭; ) HANGUL SYLLABLE BYINJ +BE2E;BE2E;1107 1174 11AD;BE2E;1107 1174 11AD; # (븮; 븮; 븮; 븮; 븮; ) HANGUL SYLLABLE BYINH +BE2F;BE2F;1107 1174 11AE;BE2F;1107 1174 11AE; # (븯; 븯; 븯; 븯; 븯; ) HANGUL SYLLABLE BYID +BE30;BE30;1107 1174 11AF;BE30;1107 1174 11AF; # (븰; 븰; 븰; 븰; 븰; ) HANGUL SYLLABLE BYIL +BE31;BE31;1107 1174 11B0;BE31;1107 1174 11B0; # (븱; 븱; 븱; 븱; 븱; ) HANGUL SYLLABLE BYILG +BE32;BE32;1107 1174 11B1;BE32;1107 1174 11B1; # (븲; 븲; 븲; 븲; 븲; ) HANGUL SYLLABLE BYILM +BE33;BE33;1107 1174 11B2;BE33;1107 1174 11B2; # (븳; 븳; 븳; 븳; 븳; ) HANGUL SYLLABLE BYILB +BE34;BE34;1107 1174 11B3;BE34;1107 1174 11B3; # (븴; 븴; 븴; 븴; 븴; ) HANGUL SYLLABLE BYILS +BE35;BE35;1107 1174 11B4;BE35;1107 1174 11B4; # (븵; 븵; 븵; 븵; 븵; ) HANGUL SYLLABLE BYILT +BE36;BE36;1107 1174 11B5;BE36;1107 1174 11B5; # (븶; 븶; 븶; 븶; 븶; ) HANGUL SYLLABLE BYILP +BE37;BE37;1107 1174 11B6;BE37;1107 1174 11B6; # (븷; 븷; 븷; 븷; 븷; ) HANGUL SYLLABLE BYILH +BE38;BE38;1107 1174 11B7;BE38;1107 1174 11B7; # (븸; 븸; 븸; 븸; 븸; ) HANGUL SYLLABLE BYIM +BE39;BE39;1107 1174 11B8;BE39;1107 1174 11B8; # (븹; 븹; 븹; 븹; 븹; ) HANGUL SYLLABLE BYIB +BE3A;BE3A;1107 1174 11B9;BE3A;1107 1174 11B9; # (븺; 븺; 븺; 븺; 븺; ) HANGUL SYLLABLE BYIBS +BE3B;BE3B;1107 1174 11BA;BE3B;1107 1174 11BA; # (븻; 븻; 븻; 븻; 븻; ) HANGUL SYLLABLE BYIS +BE3C;BE3C;1107 1174 11BB;BE3C;1107 1174 11BB; # (븼; 븼; 븼; 븼; 븼; ) HANGUL SYLLABLE BYISS +BE3D;BE3D;1107 1174 11BC;BE3D;1107 1174 11BC; # (븽; 븽; 븽; 븽; 븽; ) HANGUL SYLLABLE BYING +BE3E;BE3E;1107 1174 11BD;BE3E;1107 1174 11BD; # (븾; 븾; 븾; 븾; 븾; ) HANGUL SYLLABLE BYIJ +BE3F;BE3F;1107 1174 11BE;BE3F;1107 1174 11BE; # (븿; 븿; 븿; 븿; 븿; ) HANGUL SYLLABLE BYIC +BE40;BE40;1107 1174 11BF;BE40;1107 1174 11BF; # (ë¹€; ë¹€; 빀; ë¹€; 빀; ) HANGUL SYLLABLE BYIK +BE41;BE41;1107 1174 11C0;BE41;1107 1174 11C0; # (ë¹; ë¹; 빁; ë¹; 빁; ) HANGUL SYLLABLE BYIT +BE42;BE42;1107 1174 11C1;BE42;1107 1174 11C1; # (빂; 빂; 븨á‡; 빂; 븨á‡; ) HANGUL SYLLABLE BYIP +BE43;BE43;1107 1174 11C2;BE43;1107 1174 11C2; # (빃; 빃; 빃; 빃; 빃; ) HANGUL SYLLABLE BYIH +BE44;BE44;1107 1175;BE44;1107 1175; # (비; 비; 비; 비; 비; ) HANGUL SYLLABLE BI +BE45;BE45;1107 1175 11A8;BE45;1107 1175 11A8; # (ë¹…; ë¹…; 빅; ë¹…; 빅; ) HANGUL SYLLABLE BIG +BE46;BE46;1107 1175 11A9;BE46;1107 1175 11A9; # (빆; 빆; 빆; 빆; 빆; ) HANGUL SYLLABLE BIGG +BE47;BE47;1107 1175 11AA;BE47;1107 1175 11AA; # (빇; 빇; 빇; 빇; 빇; ) HANGUL SYLLABLE BIGS +BE48;BE48;1107 1175 11AB;BE48;1107 1175 11AB; # (빈; 빈; 빈; 빈; 빈; ) HANGUL SYLLABLE BIN +BE49;BE49;1107 1175 11AC;BE49;1107 1175 11AC; # (빉; 빉; 빉; 빉; 빉; ) HANGUL SYLLABLE BINJ +BE4A;BE4A;1107 1175 11AD;BE4A;1107 1175 11AD; # (빊; 빊; 빊; 빊; 빊; ) HANGUL SYLLABLE BINH +BE4B;BE4B;1107 1175 11AE;BE4B;1107 1175 11AE; # (빋; 빋; 빋; 빋; 빋; ) HANGUL SYLLABLE BID +BE4C;BE4C;1107 1175 11AF;BE4C;1107 1175 11AF; # (빌; 빌; 빌; 빌; 빌; ) HANGUL SYLLABLE BIL +BE4D;BE4D;1107 1175 11B0;BE4D;1107 1175 11B0; # (ë¹; ë¹; 빍; ë¹; 빍; ) HANGUL SYLLABLE BILG +BE4E;BE4E;1107 1175 11B1;BE4E;1107 1175 11B1; # (빎; 빎; 빎; 빎; 빎; ) HANGUL SYLLABLE BILM +BE4F;BE4F;1107 1175 11B2;BE4F;1107 1175 11B2; # (ë¹; ë¹; 빏; ë¹; 빏; ) HANGUL SYLLABLE BILB +BE50;BE50;1107 1175 11B3;BE50;1107 1175 11B3; # (ë¹; ë¹; 빐; ë¹; 빐; ) HANGUL SYLLABLE BILS +BE51;BE51;1107 1175 11B4;BE51;1107 1175 11B4; # (빑; 빑; 빑; 빑; 빑; ) HANGUL SYLLABLE BILT +BE52;BE52;1107 1175 11B5;BE52;1107 1175 11B5; # (ë¹’; ë¹’; 빒; ë¹’; 빒; ) HANGUL SYLLABLE BILP +BE53;BE53;1107 1175 11B6;BE53;1107 1175 11B6; # (빓; 빓; 빓; 빓; 빓; ) HANGUL SYLLABLE BILH +BE54;BE54;1107 1175 11B7;BE54;1107 1175 11B7; # (ë¹”; ë¹”; 빔; ë¹”; 빔; ) HANGUL SYLLABLE BIM +BE55;BE55;1107 1175 11B8;BE55;1107 1175 11B8; # (빕; 빕; 빕; 빕; 빕; ) HANGUL SYLLABLE BIB +BE56;BE56;1107 1175 11B9;BE56;1107 1175 11B9; # (ë¹–; ë¹–; 빖; ë¹–; 빖; ) HANGUL SYLLABLE BIBS +BE57;BE57;1107 1175 11BA;BE57;1107 1175 11BA; # (ë¹—; ë¹—; 빗; ë¹—; 빗; ) HANGUL SYLLABLE BIS +BE58;BE58;1107 1175 11BB;BE58;1107 1175 11BB; # (빘; 빘; 빘; 빘; 빘; ) HANGUL SYLLABLE BISS +BE59;BE59;1107 1175 11BC;BE59;1107 1175 11BC; # (ë¹™; ë¹™; 빙; ë¹™; 빙; ) HANGUL SYLLABLE BING +BE5A;BE5A;1107 1175 11BD;BE5A;1107 1175 11BD; # (빚; 빚; 빚; 빚; 빚; ) HANGUL SYLLABLE BIJ +BE5B;BE5B;1107 1175 11BE;BE5B;1107 1175 11BE; # (ë¹›; ë¹›; 빛; ë¹›; 빛; ) HANGUL SYLLABLE BIC +BE5C;BE5C;1107 1175 11BF;BE5C;1107 1175 11BF; # (빜; 빜; 빜; 빜; 빜; ) HANGUL SYLLABLE BIK +BE5D;BE5D;1107 1175 11C0;BE5D;1107 1175 11C0; # (ë¹; ë¹; 빝; ë¹; 빝; ) HANGUL SYLLABLE BIT +BE5E;BE5E;1107 1175 11C1;BE5E;1107 1175 11C1; # (빞; 빞; 비á‡; 빞; 비á‡; ) HANGUL SYLLABLE BIP +BE5F;BE5F;1107 1175 11C2;BE5F;1107 1175 11C2; # (빟; 빟; 빟; 빟; 빟; ) HANGUL SYLLABLE BIH +BE60;BE60;1108 1161;BE60;1108 1161; # (ë¹ ; ë¹ ; 빠; ë¹ ; 빠; ) HANGUL SYLLABLE BBA +BE61;BE61;1108 1161 11A8;BE61;1108 1161 11A8; # (빡; 빡; 빡; 빡; 빡; ) HANGUL SYLLABLE BBAG +BE62;BE62;1108 1161 11A9;BE62;1108 1161 11A9; # (ë¹¢; ë¹¢; 빢; ë¹¢; 빢; ) HANGUL SYLLABLE BBAGG +BE63;BE63;1108 1161 11AA;BE63;1108 1161 11AA; # (ë¹£; ë¹£; 빣; ë¹£; 빣; ) HANGUL SYLLABLE BBAGS +BE64;BE64;1108 1161 11AB;BE64;1108 1161 11AB; # (빤; 빤; 빤; 빤; 빤; ) HANGUL SYLLABLE BBAN +BE65;BE65;1108 1161 11AC;BE65;1108 1161 11AC; # (ë¹¥; ë¹¥; 빥; ë¹¥; 빥; ) HANGUL SYLLABLE BBANJ +BE66;BE66;1108 1161 11AD;BE66;1108 1161 11AD; # (빦; 빦; 빦; 빦; 빦; ) HANGUL SYLLABLE BBANH +BE67;BE67;1108 1161 11AE;BE67;1108 1161 11AE; # (빧; 빧; 빧; 빧; 빧; ) HANGUL SYLLABLE BBAD +BE68;BE68;1108 1161 11AF;BE68;1108 1161 11AF; # (빨; 빨; 빨; 빨; 빨; ) HANGUL SYLLABLE BBAL +BE69;BE69;1108 1161 11B0;BE69;1108 1161 11B0; # (빩; 빩; 빩; 빩; 빩; ) HANGUL SYLLABLE BBALG +BE6A;BE6A;1108 1161 11B1;BE6A;1108 1161 11B1; # (빪; 빪; 빪; 빪; 빪; ) HANGUL SYLLABLE BBALM +BE6B;BE6B;1108 1161 11B2;BE6B;1108 1161 11B2; # (빫; 빫; 빫; 빫; 빫; ) HANGUL SYLLABLE BBALB +BE6C;BE6C;1108 1161 11B3;BE6C;1108 1161 11B3; # (빬; 빬; 빬; 빬; 빬; ) HANGUL SYLLABLE BBALS +BE6D;BE6D;1108 1161 11B4;BE6D;1108 1161 11B4; # (ë¹­; ë¹­; 빭; ë¹­; 빭; ) HANGUL SYLLABLE BBALT +BE6E;BE6E;1108 1161 11B5;BE6E;1108 1161 11B5; # (ë¹®; ë¹®; 빮; ë¹®; 빮; ) HANGUL SYLLABLE BBALP +BE6F;BE6F;1108 1161 11B6;BE6F;1108 1161 11B6; # (빯; 빯; 빯; 빯; 빯; ) HANGUL SYLLABLE BBALH +BE70;BE70;1108 1161 11B7;BE70;1108 1161 11B7; # (ë¹°; ë¹°; 빰; ë¹°; 빰; ) HANGUL SYLLABLE BBAM +BE71;BE71;1108 1161 11B8;BE71;1108 1161 11B8; # (ë¹±; ë¹±; 빱; ë¹±; 빱; ) HANGUL SYLLABLE BBAB +BE72;BE72;1108 1161 11B9;BE72;1108 1161 11B9; # (ë¹²; ë¹²; 빲; ë¹²; 빲; ) HANGUL SYLLABLE BBABS +BE73;BE73;1108 1161 11BA;BE73;1108 1161 11BA; # (ë¹³; ë¹³; 빳; ë¹³; 빳; ) HANGUL SYLLABLE BBAS +BE74;BE74;1108 1161 11BB;BE74;1108 1161 11BB; # (ë¹´; ë¹´; 빴; ë¹´; 빴; ) HANGUL SYLLABLE BBASS +BE75;BE75;1108 1161 11BC;BE75;1108 1161 11BC; # (ë¹µ; ë¹µ; 빵; ë¹µ; 빵; ) HANGUL SYLLABLE BBANG +BE76;BE76;1108 1161 11BD;BE76;1108 1161 11BD; # (빶; 빶; 빶; 빶; 빶; ) HANGUL SYLLABLE BBAJ +BE77;BE77;1108 1161 11BE;BE77;1108 1161 11BE; # (ë¹·; ë¹·; 빷; ë¹·; 빷; ) HANGUL SYLLABLE BBAC +BE78;BE78;1108 1161 11BF;BE78;1108 1161 11BF; # (빸; 빸; 빸; 빸; 빸; ) HANGUL SYLLABLE BBAK +BE79;BE79;1108 1161 11C0;BE79;1108 1161 11C0; # (ë¹¹; ë¹¹; 빹; ë¹¹; 빹; ) HANGUL SYLLABLE BBAT +BE7A;BE7A;1108 1161 11C1;BE7A;1108 1161 11C1; # (빺; 빺; 빠á‡; 빺; 빠á‡; ) HANGUL SYLLABLE BBAP +BE7B;BE7B;1108 1161 11C2;BE7B;1108 1161 11C2; # (ë¹»; ë¹»; 빻; ë¹»; 빻; ) HANGUL SYLLABLE BBAH +BE7C;BE7C;1108 1162;BE7C;1108 1162; # (ë¹¼; ë¹¼; 빼; ë¹¼; 빼; ) HANGUL SYLLABLE BBAE +BE7D;BE7D;1108 1162 11A8;BE7D;1108 1162 11A8; # (ë¹½; ë¹½; 빽; ë¹½; 빽; ) HANGUL SYLLABLE BBAEG +BE7E;BE7E;1108 1162 11A9;BE7E;1108 1162 11A9; # (ë¹¾; ë¹¾; 빾; ë¹¾; 빾; ) HANGUL SYLLABLE BBAEGG +BE7F;BE7F;1108 1162 11AA;BE7F;1108 1162 11AA; # (빿; 빿; 빿; 빿; 빿; ) HANGUL SYLLABLE BBAEGS +BE80;BE80;1108 1162 11AB;BE80;1108 1162 11AB; # (뺀; 뺀; 뺀; 뺀; 뺀; ) HANGUL SYLLABLE BBAEN +BE81;BE81;1108 1162 11AC;BE81;1108 1162 11AC; # (ëº; ëº; 뺁; ëº; 뺁; ) HANGUL SYLLABLE BBAENJ +BE82;BE82;1108 1162 11AD;BE82;1108 1162 11AD; # (뺂; 뺂; 뺂; 뺂; 뺂; ) HANGUL SYLLABLE BBAENH +BE83;BE83;1108 1162 11AE;BE83;1108 1162 11AE; # (뺃; 뺃; 뺃; 뺃; 뺃; ) HANGUL SYLLABLE BBAED +BE84;BE84;1108 1162 11AF;BE84;1108 1162 11AF; # (뺄; 뺄; 뺄; 뺄; 뺄; ) HANGUL SYLLABLE BBAEL +BE85;BE85;1108 1162 11B0;BE85;1108 1162 11B0; # (뺅; 뺅; 뺅; 뺅; 뺅; ) HANGUL SYLLABLE BBAELG +BE86;BE86;1108 1162 11B1;BE86;1108 1162 11B1; # (뺆; 뺆; 뺆; 뺆; 뺆; ) HANGUL SYLLABLE BBAELM +BE87;BE87;1108 1162 11B2;BE87;1108 1162 11B2; # (뺇; 뺇; 뺇; 뺇; 뺇; ) HANGUL SYLLABLE BBAELB +BE88;BE88;1108 1162 11B3;BE88;1108 1162 11B3; # (뺈; 뺈; 뺈; 뺈; 뺈; ) HANGUL SYLLABLE BBAELS +BE89;BE89;1108 1162 11B4;BE89;1108 1162 11B4; # (뺉; 뺉; 뺉; 뺉; 뺉; ) HANGUL SYLLABLE BBAELT +BE8A;BE8A;1108 1162 11B5;BE8A;1108 1162 11B5; # (뺊; 뺊; 뺊; 뺊; 뺊; ) HANGUL SYLLABLE BBAELP +BE8B;BE8B;1108 1162 11B6;BE8B;1108 1162 11B6; # (뺋; 뺋; 뺋; 뺋; 뺋; ) HANGUL SYLLABLE BBAELH +BE8C;BE8C;1108 1162 11B7;BE8C;1108 1162 11B7; # (뺌; 뺌; 뺌; 뺌; 뺌; ) HANGUL SYLLABLE BBAEM +BE8D;BE8D;1108 1162 11B8;BE8D;1108 1162 11B8; # (ëº; ëº; 뺍; ëº; 뺍; ) HANGUL SYLLABLE BBAEB +BE8E;BE8E;1108 1162 11B9;BE8E;1108 1162 11B9; # (뺎; 뺎; 뺎; 뺎; 뺎; ) HANGUL SYLLABLE BBAEBS +BE8F;BE8F;1108 1162 11BA;BE8F;1108 1162 11BA; # (ëº; ëº; 뺏; ëº; 뺏; ) HANGUL SYLLABLE BBAES +BE90;BE90;1108 1162 11BB;BE90;1108 1162 11BB; # (ëº; ëº; 뺐; ëº; 뺐; ) HANGUL SYLLABLE BBAESS +BE91;BE91;1108 1162 11BC;BE91;1108 1162 11BC; # (뺑; 뺑; 뺑; 뺑; 뺑; ) HANGUL SYLLABLE BBAENG +BE92;BE92;1108 1162 11BD;BE92;1108 1162 11BD; # (뺒; 뺒; 뺒; 뺒; 뺒; ) HANGUL SYLLABLE BBAEJ +BE93;BE93;1108 1162 11BE;BE93;1108 1162 11BE; # (뺓; 뺓; 뺓; 뺓; 뺓; ) HANGUL SYLLABLE BBAEC +BE94;BE94;1108 1162 11BF;BE94;1108 1162 11BF; # (뺔; 뺔; 뺔; 뺔; 뺔; ) HANGUL SYLLABLE BBAEK +BE95;BE95;1108 1162 11C0;BE95;1108 1162 11C0; # (뺕; 뺕; 뺕; 뺕; 뺕; ) HANGUL SYLLABLE BBAET +BE96;BE96;1108 1162 11C1;BE96;1108 1162 11C1; # (뺖; 뺖; 빼á‡; 뺖; 빼á‡; ) HANGUL SYLLABLE BBAEP +BE97;BE97;1108 1162 11C2;BE97;1108 1162 11C2; # (뺗; 뺗; 뺗; 뺗; 뺗; ) HANGUL SYLLABLE BBAEH +BE98;BE98;1108 1163;BE98;1108 1163; # (뺘; 뺘; 뺘; 뺘; 뺘; ) HANGUL SYLLABLE BBYA +BE99;BE99;1108 1163 11A8;BE99;1108 1163 11A8; # (뺙; 뺙; 뺙; 뺙; 뺙; ) HANGUL SYLLABLE BBYAG +BE9A;BE9A;1108 1163 11A9;BE9A;1108 1163 11A9; # (뺚; 뺚; 뺚; 뺚; 뺚; ) HANGUL SYLLABLE BBYAGG +BE9B;BE9B;1108 1163 11AA;BE9B;1108 1163 11AA; # (뺛; 뺛; 뺛; 뺛; 뺛; ) HANGUL SYLLABLE BBYAGS +BE9C;BE9C;1108 1163 11AB;BE9C;1108 1163 11AB; # (뺜; 뺜; 뺜; 뺜; 뺜; ) HANGUL SYLLABLE BBYAN +BE9D;BE9D;1108 1163 11AC;BE9D;1108 1163 11AC; # (ëº; ëº; 뺝; ëº; 뺝; ) HANGUL SYLLABLE BBYANJ +BE9E;BE9E;1108 1163 11AD;BE9E;1108 1163 11AD; # (뺞; 뺞; 뺞; 뺞; 뺞; ) HANGUL SYLLABLE BBYANH +BE9F;BE9F;1108 1163 11AE;BE9F;1108 1163 11AE; # (뺟; 뺟; 뺟; 뺟; 뺟; ) HANGUL SYLLABLE BBYAD +BEA0;BEA0;1108 1163 11AF;BEA0;1108 1163 11AF; # (뺠; 뺠; 뺠; 뺠; 뺠; ) HANGUL SYLLABLE BBYAL +BEA1;BEA1;1108 1163 11B0;BEA1;1108 1163 11B0; # (뺡; 뺡; 뺡; 뺡; 뺡; ) HANGUL SYLLABLE BBYALG +BEA2;BEA2;1108 1163 11B1;BEA2;1108 1163 11B1; # (뺢; 뺢; 뺢; 뺢; 뺢; ) HANGUL SYLLABLE BBYALM +BEA3;BEA3;1108 1163 11B2;BEA3;1108 1163 11B2; # (뺣; 뺣; 뺣; 뺣; 뺣; ) HANGUL SYLLABLE BBYALB +BEA4;BEA4;1108 1163 11B3;BEA4;1108 1163 11B3; # (뺤; 뺤; 뺤; 뺤; 뺤; ) HANGUL SYLLABLE BBYALS +BEA5;BEA5;1108 1163 11B4;BEA5;1108 1163 11B4; # (뺥; 뺥; 뺥; 뺥; 뺥; ) HANGUL SYLLABLE BBYALT +BEA6;BEA6;1108 1163 11B5;BEA6;1108 1163 11B5; # (뺦; 뺦; 뺦; 뺦; 뺦; ) HANGUL SYLLABLE BBYALP +BEA7;BEA7;1108 1163 11B6;BEA7;1108 1163 11B6; # (뺧; 뺧; 뺧; 뺧; 뺧; ) HANGUL SYLLABLE BBYALH +BEA8;BEA8;1108 1163 11B7;BEA8;1108 1163 11B7; # (뺨; 뺨; 뺨; 뺨; 뺨; ) HANGUL SYLLABLE BBYAM +BEA9;BEA9;1108 1163 11B8;BEA9;1108 1163 11B8; # (뺩; 뺩; 뺩; 뺩; 뺩; ) HANGUL SYLLABLE BBYAB +BEAA;BEAA;1108 1163 11B9;BEAA;1108 1163 11B9; # (뺪; 뺪; 뺪; 뺪; 뺪; ) HANGUL SYLLABLE BBYABS +BEAB;BEAB;1108 1163 11BA;BEAB;1108 1163 11BA; # (뺫; 뺫; 뺫; 뺫; 뺫; ) HANGUL SYLLABLE BBYAS +BEAC;BEAC;1108 1163 11BB;BEAC;1108 1163 11BB; # (뺬; 뺬; 뺬; 뺬; 뺬; ) HANGUL SYLLABLE BBYASS +BEAD;BEAD;1108 1163 11BC;BEAD;1108 1163 11BC; # (뺭; 뺭; 뺭; 뺭; 뺭; ) HANGUL SYLLABLE BBYANG +BEAE;BEAE;1108 1163 11BD;BEAE;1108 1163 11BD; # (뺮; 뺮; 뺮; 뺮; 뺮; ) HANGUL SYLLABLE BBYAJ +BEAF;BEAF;1108 1163 11BE;BEAF;1108 1163 11BE; # (뺯; 뺯; 뺯; 뺯; 뺯; ) HANGUL SYLLABLE BBYAC +BEB0;BEB0;1108 1163 11BF;BEB0;1108 1163 11BF; # (뺰; 뺰; 뺰; 뺰; 뺰; ) HANGUL SYLLABLE BBYAK +BEB1;BEB1;1108 1163 11C0;BEB1;1108 1163 11C0; # (뺱; 뺱; 뺱; 뺱; 뺱; ) HANGUL SYLLABLE BBYAT +BEB2;BEB2;1108 1163 11C1;BEB2;1108 1163 11C1; # (뺲; 뺲; 뺘á‡; 뺲; 뺘á‡; ) HANGUL SYLLABLE BBYAP +BEB3;BEB3;1108 1163 11C2;BEB3;1108 1163 11C2; # (뺳; 뺳; 뺳; 뺳; 뺳; ) HANGUL SYLLABLE BBYAH +BEB4;BEB4;1108 1164;BEB4;1108 1164; # (뺴; 뺴; 뺴; 뺴; 뺴; ) HANGUL SYLLABLE BBYAE +BEB5;BEB5;1108 1164 11A8;BEB5;1108 1164 11A8; # (뺵; 뺵; 뺵; 뺵; 뺵; ) HANGUL SYLLABLE BBYAEG +BEB6;BEB6;1108 1164 11A9;BEB6;1108 1164 11A9; # (뺶; 뺶; 뺶; 뺶; 뺶; ) HANGUL SYLLABLE BBYAEGG +BEB7;BEB7;1108 1164 11AA;BEB7;1108 1164 11AA; # (뺷; 뺷; 뺷; 뺷; 뺷; ) HANGUL SYLLABLE BBYAEGS +BEB8;BEB8;1108 1164 11AB;BEB8;1108 1164 11AB; # (뺸; 뺸; 뺸; 뺸; 뺸; ) HANGUL SYLLABLE BBYAEN +BEB9;BEB9;1108 1164 11AC;BEB9;1108 1164 11AC; # (뺹; 뺹; 뺹; 뺹; 뺹; ) HANGUL SYLLABLE BBYAENJ +BEBA;BEBA;1108 1164 11AD;BEBA;1108 1164 11AD; # (뺺; 뺺; 뺺; 뺺; 뺺; ) HANGUL SYLLABLE BBYAENH +BEBB;BEBB;1108 1164 11AE;BEBB;1108 1164 11AE; # (뺻; 뺻; 뺻; 뺻; 뺻; ) HANGUL SYLLABLE BBYAED +BEBC;BEBC;1108 1164 11AF;BEBC;1108 1164 11AF; # (뺼; 뺼; 뺼; 뺼; 뺼; ) HANGUL SYLLABLE BBYAEL +BEBD;BEBD;1108 1164 11B0;BEBD;1108 1164 11B0; # (뺽; 뺽; 뺽; 뺽; 뺽; ) HANGUL SYLLABLE BBYAELG +BEBE;BEBE;1108 1164 11B1;BEBE;1108 1164 11B1; # (뺾; 뺾; 뺾; 뺾; 뺾; ) HANGUL SYLLABLE BBYAELM +BEBF;BEBF;1108 1164 11B2;BEBF;1108 1164 11B2; # (뺿; 뺿; 뺿; 뺿; 뺿; ) HANGUL SYLLABLE BBYAELB +BEC0;BEC0;1108 1164 11B3;BEC0;1108 1164 11B3; # (뻀; 뻀; 뻀; 뻀; 뻀; ) HANGUL SYLLABLE BBYAELS +BEC1;BEC1;1108 1164 11B4;BEC1;1108 1164 11B4; # (ë»; ë»; 뻁; ë»; 뻁; ) HANGUL SYLLABLE BBYAELT +BEC2;BEC2;1108 1164 11B5;BEC2;1108 1164 11B5; # (뻂; 뻂; 뻂; 뻂; 뻂; ) HANGUL SYLLABLE BBYAELP +BEC3;BEC3;1108 1164 11B6;BEC3;1108 1164 11B6; # (뻃; 뻃; 뻃; 뻃; 뻃; ) HANGUL SYLLABLE BBYAELH +BEC4;BEC4;1108 1164 11B7;BEC4;1108 1164 11B7; # (뻄; 뻄; 뻄; 뻄; 뻄; ) HANGUL SYLLABLE BBYAEM +BEC5;BEC5;1108 1164 11B8;BEC5;1108 1164 11B8; # (ë»…; ë»…; 뻅; ë»…; 뻅; ) HANGUL SYLLABLE BBYAEB +BEC6;BEC6;1108 1164 11B9;BEC6;1108 1164 11B9; # (뻆; 뻆; 뻆; 뻆; 뻆; ) HANGUL SYLLABLE BBYAEBS +BEC7;BEC7;1108 1164 11BA;BEC7;1108 1164 11BA; # (뻇; 뻇; 뻇; 뻇; 뻇; ) HANGUL SYLLABLE BBYAES +BEC8;BEC8;1108 1164 11BB;BEC8;1108 1164 11BB; # (뻈; 뻈; 뻈; 뻈; 뻈; ) HANGUL SYLLABLE BBYAESS +BEC9;BEC9;1108 1164 11BC;BEC9;1108 1164 11BC; # (뻉; 뻉; 뻉; 뻉; 뻉; ) HANGUL SYLLABLE BBYAENG +BECA;BECA;1108 1164 11BD;BECA;1108 1164 11BD; # (뻊; 뻊; 뻊; 뻊; 뻊; ) HANGUL SYLLABLE BBYAEJ +BECB;BECB;1108 1164 11BE;BECB;1108 1164 11BE; # (뻋; 뻋; 뻋; 뻋; 뻋; ) HANGUL SYLLABLE BBYAEC +BECC;BECC;1108 1164 11BF;BECC;1108 1164 11BF; # (뻌; 뻌; 뻌; 뻌; 뻌; ) HANGUL SYLLABLE BBYAEK +BECD;BECD;1108 1164 11C0;BECD;1108 1164 11C0; # (ë»; ë»; 뻍; ë»; 뻍; ) HANGUL SYLLABLE BBYAET +BECE;BECE;1108 1164 11C1;BECE;1108 1164 11C1; # (뻎; 뻎; 뺴á‡; 뻎; 뺴á‡; ) HANGUL SYLLABLE BBYAEP +BECF;BECF;1108 1164 11C2;BECF;1108 1164 11C2; # (ë»; ë»; 뻏; ë»; 뻏; ) HANGUL SYLLABLE BBYAEH +BED0;BED0;1108 1165;BED0;1108 1165; # (ë»; ë»; 뻐; ë»; 뻐; ) HANGUL SYLLABLE BBEO +BED1;BED1;1108 1165 11A8;BED1;1108 1165 11A8; # (뻑; 뻑; 뻑; 뻑; 뻑; ) HANGUL SYLLABLE BBEOG +BED2;BED2;1108 1165 11A9;BED2;1108 1165 11A9; # (ë»’; ë»’; 뻒; ë»’; 뻒; ) HANGUL SYLLABLE BBEOGG +BED3;BED3;1108 1165 11AA;BED3;1108 1165 11AA; # (뻓; 뻓; 뻓; 뻓; 뻓; ) HANGUL SYLLABLE BBEOGS +BED4;BED4;1108 1165 11AB;BED4;1108 1165 11AB; # (ë»”; ë»”; 뻔; ë»”; 뻔; ) HANGUL SYLLABLE BBEON +BED5;BED5;1108 1165 11AC;BED5;1108 1165 11AC; # (뻕; 뻕; 뻕; 뻕; 뻕; ) HANGUL SYLLABLE BBEONJ +BED6;BED6;1108 1165 11AD;BED6;1108 1165 11AD; # (ë»–; ë»–; 뻖; ë»–; 뻖; ) HANGUL SYLLABLE BBEONH +BED7;BED7;1108 1165 11AE;BED7;1108 1165 11AE; # (ë»—; ë»—; 뻗; ë»—; 뻗; ) HANGUL SYLLABLE BBEOD +BED8;BED8;1108 1165 11AF;BED8;1108 1165 11AF; # (뻘; 뻘; 뻘; 뻘; 뻘; ) HANGUL SYLLABLE BBEOL +BED9;BED9;1108 1165 11B0;BED9;1108 1165 11B0; # (ë»™; ë»™; 뻙; ë»™; 뻙; ) HANGUL SYLLABLE BBEOLG +BEDA;BEDA;1108 1165 11B1;BEDA;1108 1165 11B1; # (뻚; 뻚; 뻚; 뻚; 뻚; ) HANGUL SYLLABLE BBEOLM +BEDB;BEDB;1108 1165 11B2;BEDB;1108 1165 11B2; # (ë»›; ë»›; 뻛; ë»›; 뻛; ) HANGUL SYLLABLE BBEOLB +BEDC;BEDC;1108 1165 11B3;BEDC;1108 1165 11B3; # (뻜; 뻜; 뻜; 뻜; 뻜; ) HANGUL SYLLABLE BBEOLS +BEDD;BEDD;1108 1165 11B4;BEDD;1108 1165 11B4; # (ë»; ë»; 뻝; ë»; 뻝; ) HANGUL SYLLABLE BBEOLT +BEDE;BEDE;1108 1165 11B5;BEDE;1108 1165 11B5; # (뻞; 뻞; 뻞; 뻞; 뻞; ) HANGUL SYLLABLE BBEOLP +BEDF;BEDF;1108 1165 11B6;BEDF;1108 1165 11B6; # (뻟; 뻟; 뻟; 뻟; 뻟; ) HANGUL SYLLABLE BBEOLH +BEE0;BEE0;1108 1165 11B7;BEE0;1108 1165 11B7; # (ë» ; ë» ; 뻠; ë» ; 뻠; ) HANGUL SYLLABLE BBEOM +BEE1;BEE1;1108 1165 11B8;BEE1;1108 1165 11B8; # (뻡; 뻡; 뻡; 뻡; 뻡; ) HANGUL SYLLABLE BBEOB +BEE2;BEE2;1108 1165 11B9;BEE2;1108 1165 11B9; # (뻢; 뻢; 뻢; 뻢; 뻢; ) HANGUL SYLLABLE BBEOBS +BEE3;BEE3;1108 1165 11BA;BEE3;1108 1165 11BA; # (뻣; 뻣; 뻣; 뻣; 뻣; ) HANGUL SYLLABLE BBEOS +BEE4;BEE4;1108 1165 11BB;BEE4;1108 1165 11BB; # (뻤; 뻤; 뻤; 뻤; 뻤; ) HANGUL SYLLABLE BBEOSS +BEE5;BEE5;1108 1165 11BC;BEE5;1108 1165 11BC; # (뻥; 뻥; 뻥; 뻥; 뻥; ) HANGUL SYLLABLE BBEONG +BEE6;BEE6;1108 1165 11BD;BEE6;1108 1165 11BD; # (뻦; 뻦; 뻦; 뻦; 뻦; ) HANGUL SYLLABLE BBEOJ +BEE7;BEE7;1108 1165 11BE;BEE7;1108 1165 11BE; # (뻧; 뻧; 뻧; 뻧; 뻧; ) HANGUL SYLLABLE BBEOC +BEE8;BEE8;1108 1165 11BF;BEE8;1108 1165 11BF; # (뻨; 뻨; 뻨; 뻨; 뻨; ) HANGUL SYLLABLE BBEOK +BEE9;BEE9;1108 1165 11C0;BEE9;1108 1165 11C0; # (뻩; 뻩; 뻩; 뻩; 뻩; ) HANGUL SYLLABLE BBEOT +BEEA;BEEA;1108 1165 11C1;BEEA;1108 1165 11C1; # (뻪; 뻪; 뻐á‡; 뻪; 뻐á‡; ) HANGUL SYLLABLE BBEOP +BEEB;BEEB;1108 1165 11C2;BEEB;1108 1165 11C2; # (뻫; 뻫; 뻫; 뻫; 뻫; ) HANGUL SYLLABLE BBEOH +BEEC;BEEC;1108 1166;BEEC;1108 1166; # (뻬; 뻬; 뻬; 뻬; 뻬; ) HANGUL SYLLABLE BBE +BEED;BEED;1108 1166 11A8;BEED;1108 1166 11A8; # (ë»­; ë»­; 뻭; ë»­; 뻭; ) HANGUL SYLLABLE BBEG +BEEE;BEEE;1108 1166 11A9;BEEE;1108 1166 11A9; # (ë»®; ë»®; 뻮; ë»®; 뻮; ) HANGUL SYLLABLE BBEGG +BEEF;BEEF;1108 1166 11AA;BEEF;1108 1166 11AA; # (뻯; 뻯; 뻯; 뻯; 뻯; ) HANGUL SYLLABLE BBEGS +BEF0;BEF0;1108 1166 11AB;BEF0;1108 1166 11AB; # (ë»°; ë»°; 뻰; ë»°; 뻰; ) HANGUL SYLLABLE BBEN +BEF1;BEF1;1108 1166 11AC;BEF1;1108 1166 11AC; # (ë»±; ë»±; 뻱; ë»±; 뻱; ) HANGUL SYLLABLE BBENJ +BEF2;BEF2;1108 1166 11AD;BEF2;1108 1166 11AD; # (뻲; 뻲; 뻲; 뻲; 뻲; ) HANGUL SYLLABLE BBENH +BEF3;BEF3;1108 1166 11AE;BEF3;1108 1166 11AE; # (뻳; 뻳; 뻳; 뻳; 뻳; ) HANGUL SYLLABLE BBED +BEF4;BEF4;1108 1166 11AF;BEF4;1108 1166 11AF; # (ë»´; ë»´; 뻴; ë»´; 뻴; ) HANGUL SYLLABLE BBEL +BEF5;BEF5;1108 1166 11B0;BEF5;1108 1166 11B0; # (뻵; 뻵; 뻵; 뻵; 뻵; ) HANGUL SYLLABLE BBELG +BEF6;BEF6;1108 1166 11B1;BEF6;1108 1166 11B1; # (뻶; 뻶; 뻶; 뻶; 뻶; ) HANGUL SYLLABLE BBELM +BEF7;BEF7;1108 1166 11B2;BEF7;1108 1166 11B2; # (ë»·; ë»·; 뻷; ë»·; 뻷; ) HANGUL SYLLABLE BBELB +BEF8;BEF8;1108 1166 11B3;BEF8;1108 1166 11B3; # (뻸; 뻸; 뻸; 뻸; 뻸; ) HANGUL SYLLABLE BBELS +BEF9;BEF9;1108 1166 11B4;BEF9;1108 1166 11B4; # (뻹; 뻹; 뻹; 뻹; 뻹; ) HANGUL SYLLABLE BBELT +BEFA;BEFA;1108 1166 11B5;BEFA;1108 1166 11B5; # (뻺; 뻺; 뻺; 뻺; 뻺; ) HANGUL SYLLABLE BBELP +BEFB;BEFB;1108 1166 11B6;BEFB;1108 1166 11B6; # (ë»»; ë»»; 뻻; ë»»; 뻻; ) HANGUL SYLLABLE BBELH +BEFC;BEFC;1108 1166 11B7;BEFC;1108 1166 11B7; # (뻼; 뻼; 뻼; 뻼; 뻼; ) HANGUL SYLLABLE BBEM +BEFD;BEFD;1108 1166 11B8;BEFD;1108 1166 11B8; # (뻽; 뻽; 뻽; 뻽; 뻽; ) HANGUL SYLLABLE BBEB +BEFE;BEFE;1108 1166 11B9;BEFE;1108 1166 11B9; # (뻾; 뻾; 뻾; 뻾; 뻾; ) HANGUL SYLLABLE BBEBS +BEFF;BEFF;1108 1166 11BA;BEFF;1108 1166 11BA; # (뻿; 뻿; 뻿; 뻿; 뻿; ) HANGUL SYLLABLE BBES +BF00;BF00;1108 1166 11BB;BF00;1108 1166 11BB; # (ë¼€; ë¼€; 뼀; ë¼€; 뼀; ) HANGUL SYLLABLE BBESS +BF01;BF01;1108 1166 11BC;BF01;1108 1166 11BC; # (ë¼; ë¼; 뼁; ë¼; 뼁; ) HANGUL SYLLABLE BBENG +BF02;BF02;1108 1166 11BD;BF02;1108 1166 11BD; # (뼂; 뼂; 뼂; 뼂; 뼂; ) HANGUL SYLLABLE BBEJ +BF03;BF03;1108 1166 11BE;BF03;1108 1166 11BE; # (뼃; 뼃; 뼃; 뼃; 뼃; ) HANGUL SYLLABLE BBEC +BF04;BF04;1108 1166 11BF;BF04;1108 1166 11BF; # (뼄; 뼄; 뼄; 뼄; 뼄; ) HANGUL SYLLABLE BBEK +BF05;BF05;1108 1166 11C0;BF05;1108 1166 11C0; # (ë¼…; ë¼…; 뼅; ë¼…; 뼅; ) HANGUL SYLLABLE BBET +BF06;BF06;1108 1166 11C1;BF06;1108 1166 11C1; # (뼆; 뼆; 뻬á‡; 뼆; 뻬á‡; ) HANGUL SYLLABLE BBEP +BF07;BF07;1108 1166 11C2;BF07;1108 1166 11C2; # (뼇; 뼇; 뼇; 뼇; 뼇; ) HANGUL SYLLABLE BBEH +BF08;BF08;1108 1167;BF08;1108 1167; # (뼈; 뼈; 뼈; 뼈; 뼈; ) HANGUL SYLLABLE BBYEO +BF09;BF09;1108 1167 11A8;BF09;1108 1167 11A8; # (뼉; 뼉; 뼉; 뼉; 뼉; ) HANGUL SYLLABLE BBYEOG +BF0A;BF0A;1108 1167 11A9;BF0A;1108 1167 11A9; # (뼊; 뼊; 뼊; 뼊; 뼊; ) HANGUL SYLLABLE BBYEOGG +BF0B;BF0B;1108 1167 11AA;BF0B;1108 1167 11AA; # (뼋; 뼋; 뼋; 뼋; 뼋; ) HANGUL SYLLABLE BBYEOGS +BF0C;BF0C;1108 1167 11AB;BF0C;1108 1167 11AB; # (뼌; 뼌; 뼌; 뼌; 뼌; ) HANGUL SYLLABLE BBYEON +BF0D;BF0D;1108 1167 11AC;BF0D;1108 1167 11AC; # (ë¼; ë¼; 뼍; ë¼; 뼍; ) HANGUL SYLLABLE BBYEONJ +BF0E;BF0E;1108 1167 11AD;BF0E;1108 1167 11AD; # (뼎; 뼎; 뼎; 뼎; 뼎; ) HANGUL SYLLABLE BBYEONH +BF0F;BF0F;1108 1167 11AE;BF0F;1108 1167 11AE; # (ë¼; ë¼; 뼏; ë¼; 뼏; ) HANGUL SYLLABLE BBYEOD +BF10;BF10;1108 1167 11AF;BF10;1108 1167 11AF; # (ë¼; ë¼; 뼐; ë¼; 뼐; ) HANGUL SYLLABLE BBYEOL +BF11;BF11;1108 1167 11B0;BF11;1108 1167 11B0; # (뼑; 뼑; 뼑; 뼑; 뼑; ) HANGUL SYLLABLE BBYEOLG +BF12;BF12;1108 1167 11B1;BF12;1108 1167 11B1; # (ë¼’; ë¼’; 뼒; ë¼’; 뼒; ) HANGUL SYLLABLE BBYEOLM +BF13;BF13;1108 1167 11B2;BF13;1108 1167 11B2; # (뼓; 뼓; 뼓; 뼓; 뼓; ) HANGUL SYLLABLE BBYEOLB +BF14;BF14;1108 1167 11B3;BF14;1108 1167 11B3; # (ë¼”; ë¼”; 뼔; ë¼”; 뼔; ) HANGUL SYLLABLE BBYEOLS +BF15;BF15;1108 1167 11B4;BF15;1108 1167 11B4; # (뼕; 뼕; 뼕; 뼕; 뼕; ) HANGUL SYLLABLE BBYEOLT +BF16;BF16;1108 1167 11B5;BF16;1108 1167 11B5; # (ë¼–; ë¼–; 뼖; ë¼–; 뼖; ) HANGUL SYLLABLE BBYEOLP +BF17;BF17;1108 1167 11B6;BF17;1108 1167 11B6; # (ë¼—; ë¼—; 뼗; ë¼—; 뼗; ) HANGUL SYLLABLE BBYEOLH +BF18;BF18;1108 1167 11B7;BF18;1108 1167 11B7; # (뼘; 뼘; 뼘; 뼘; 뼘; ) HANGUL SYLLABLE BBYEOM +BF19;BF19;1108 1167 11B8;BF19;1108 1167 11B8; # (ë¼™; ë¼™; 뼙; ë¼™; 뼙; ) HANGUL SYLLABLE BBYEOB +BF1A;BF1A;1108 1167 11B9;BF1A;1108 1167 11B9; # (뼚; 뼚; 뼚; 뼚; 뼚; ) HANGUL SYLLABLE BBYEOBS +BF1B;BF1B;1108 1167 11BA;BF1B;1108 1167 11BA; # (ë¼›; ë¼›; 뼛; ë¼›; 뼛; ) HANGUL SYLLABLE BBYEOS +BF1C;BF1C;1108 1167 11BB;BF1C;1108 1167 11BB; # (뼜; 뼜; 뼜; 뼜; 뼜; ) HANGUL SYLLABLE BBYEOSS +BF1D;BF1D;1108 1167 11BC;BF1D;1108 1167 11BC; # (ë¼; ë¼; 뼝; ë¼; 뼝; ) HANGUL SYLLABLE BBYEONG +BF1E;BF1E;1108 1167 11BD;BF1E;1108 1167 11BD; # (뼞; 뼞; 뼞; 뼞; 뼞; ) HANGUL SYLLABLE BBYEOJ +BF1F;BF1F;1108 1167 11BE;BF1F;1108 1167 11BE; # (뼟; 뼟; 뼟; 뼟; 뼟; ) HANGUL SYLLABLE BBYEOC +BF20;BF20;1108 1167 11BF;BF20;1108 1167 11BF; # (ë¼ ; ë¼ ; 뼠; ë¼ ; 뼠; ) HANGUL SYLLABLE BBYEOK +BF21;BF21;1108 1167 11C0;BF21;1108 1167 11C0; # (뼡; 뼡; 뼡; 뼡; 뼡; ) HANGUL SYLLABLE BBYEOT +BF22;BF22;1108 1167 11C1;BF22;1108 1167 11C1; # (ë¼¢; ë¼¢; 뼈á‡; ë¼¢; 뼈á‡; ) HANGUL SYLLABLE BBYEOP +BF23;BF23;1108 1167 11C2;BF23;1108 1167 11C2; # (ë¼£; ë¼£; 뼣; ë¼£; 뼣; ) HANGUL SYLLABLE BBYEOH +BF24;BF24;1108 1168;BF24;1108 1168; # (뼤; 뼤; 뼤; 뼤; 뼤; ) HANGUL SYLLABLE BBYE +BF25;BF25;1108 1168 11A8;BF25;1108 1168 11A8; # (ë¼¥; ë¼¥; 뼥; ë¼¥; 뼥; ) HANGUL SYLLABLE BBYEG +BF26;BF26;1108 1168 11A9;BF26;1108 1168 11A9; # (뼦; 뼦; 뼦; 뼦; 뼦; ) HANGUL SYLLABLE BBYEGG +BF27;BF27;1108 1168 11AA;BF27;1108 1168 11AA; # (뼧; 뼧; 뼧; 뼧; 뼧; ) HANGUL SYLLABLE BBYEGS +BF28;BF28;1108 1168 11AB;BF28;1108 1168 11AB; # (뼨; 뼨; 뼨; 뼨; 뼨; ) HANGUL SYLLABLE BBYEN +BF29;BF29;1108 1168 11AC;BF29;1108 1168 11AC; # (뼩; 뼩; 뼩; 뼩; 뼩; ) HANGUL SYLLABLE BBYENJ +BF2A;BF2A;1108 1168 11AD;BF2A;1108 1168 11AD; # (뼪; 뼪; 뼪; 뼪; 뼪; ) HANGUL SYLLABLE BBYENH +BF2B;BF2B;1108 1168 11AE;BF2B;1108 1168 11AE; # (뼫; 뼫; 뼫; 뼫; 뼫; ) HANGUL SYLLABLE BBYED +BF2C;BF2C;1108 1168 11AF;BF2C;1108 1168 11AF; # (뼬; 뼬; 뼬; 뼬; 뼬; ) HANGUL SYLLABLE BBYEL +BF2D;BF2D;1108 1168 11B0;BF2D;1108 1168 11B0; # (ë¼­; ë¼­; 뼭; ë¼­; 뼭; ) HANGUL SYLLABLE BBYELG +BF2E;BF2E;1108 1168 11B1;BF2E;1108 1168 11B1; # (ë¼®; ë¼®; 뼮; ë¼®; 뼮; ) HANGUL SYLLABLE BBYELM +BF2F;BF2F;1108 1168 11B2;BF2F;1108 1168 11B2; # (뼯; 뼯; 뼯; 뼯; 뼯; ) HANGUL SYLLABLE BBYELB +BF30;BF30;1108 1168 11B3;BF30;1108 1168 11B3; # (ë¼°; ë¼°; 뼰; ë¼°; 뼰; ) HANGUL SYLLABLE BBYELS +BF31;BF31;1108 1168 11B4;BF31;1108 1168 11B4; # (ë¼±; ë¼±; 뼱; ë¼±; 뼱; ) HANGUL SYLLABLE BBYELT +BF32;BF32;1108 1168 11B5;BF32;1108 1168 11B5; # (ë¼²; ë¼²; 뼲; ë¼²; 뼲; ) HANGUL SYLLABLE BBYELP +BF33;BF33;1108 1168 11B6;BF33;1108 1168 11B6; # (ë¼³; ë¼³; 뼳; ë¼³; 뼳; ) HANGUL SYLLABLE BBYELH +BF34;BF34;1108 1168 11B7;BF34;1108 1168 11B7; # (ë¼´; ë¼´; 뼴; ë¼´; 뼴; ) HANGUL SYLLABLE BBYEM +BF35;BF35;1108 1168 11B8;BF35;1108 1168 11B8; # (ë¼µ; ë¼µ; 뼵; ë¼µ; 뼵; ) HANGUL SYLLABLE BBYEB +BF36;BF36;1108 1168 11B9;BF36;1108 1168 11B9; # (뼶; 뼶; 뼶; 뼶; 뼶; ) HANGUL SYLLABLE BBYEBS +BF37;BF37;1108 1168 11BA;BF37;1108 1168 11BA; # (ë¼·; ë¼·; 뼷; ë¼·; 뼷; ) HANGUL SYLLABLE BBYES +BF38;BF38;1108 1168 11BB;BF38;1108 1168 11BB; # (뼸; 뼸; 뼸; 뼸; 뼸; ) HANGUL SYLLABLE BBYESS +BF39;BF39;1108 1168 11BC;BF39;1108 1168 11BC; # (ë¼¹; ë¼¹; 뼹; ë¼¹; 뼹; ) HANGUL SYLLABLE BBYENG +BF3A;BF3A;1108 1168 11BD;BF3A;1108 1168 11BD; # (뼺; 뼺; 뼺; 뼺; 뼺; ) HANGUL SYLLABLE BBYEJ +BF3B;BF3B;1108 1168 11BE;BF3B;1108 1168 11BE; # (ë¼»; ë¼»; 뼻; ë¼»; 뼻; ) HANGUL SYLLABLE BBYEC +BF3C;BF3C;1108 1168 11BF;BF3C;1108 1168 11BF; # (ë¼¼; ë¼¼; 뼼; ë¼¼; 뼼; ) HANGUL SYLLABLE BBYEK +BF3D;BF3D;1108 1168 11C0;BF3D;1108 1168 11C0; # (ë¼½; ë¼½; 뼽; ë¼½; 뼽; ) HANGUL SYLLABLE BBYET +BF3E;BF3E;1108 1168 11C1;BF3E;1108 1168 11C1; # (ë¼¾; ë¼¾; 뼤á‡; ë¼¾; 뼤á‡; ) HANGUL SYLLABLE BBYEP +BF3F;BF3F;1108 1168 11C2;BF3F;1108 1168 11C2; # (뼿; 뼿; 뼿; 뼿; 뼿; ) HANGUL SYLLABLE BBYEH +BF40;BF40;1108 1169;BF40;1108 1169; # (ë½€; ë½€; 뽀; ë½€; 뽀; ) HANGUL SYLLABLE BBO +BF41;BF41;1108 1169 11A8;BF41;1108 1169 11A8; # (ë½; ë½; 뽁; ë½; 뽁; ) HANGUL SYLLABLE BBOG +BF42;BF42;1108 1169 11A9;BF42;1108 1169 11A9; # (뽂; 뽂; 뽂; 뽂; 뽂; ) HANGUL SYLLABLE BBOGG +BF43;BF43;1108 1169 11AA;BF43;1108 1169 11AA; # (뽃; 뽃; 뽃; 뽃; 뽃; ) HANGUL SYLLABLE BBOGS +BF44;BF44;1108 1169 11AB;BF44;1108 1169 11AB; # (뽄; 뽄; 뽄; 뽄; 뽄; ) HANGUL SYLLABLE BBON +BF45;BF45;1108 1169 11AC;BF45;1108 1169 11AC; # (ë½…; ë½…; 뽅; ë½…; 뽅; ) HANGUL SYLLABLE BBONJ +BF46;BF46;1108 1169 11AD;BF46;1108 1169 11AD; # (뽆; 뽆; 뽆; 뽆; 뽆; ) HANGUL SYLLABLE BBONH +BF47;BF47;1108 1169 11AE;BF47;1108 1169 11AE; # (뽇; 뽇; 뽇; 뽇; 뽇; ) HANGUL SYLLABLE BBOD +BF48;BF48;1108 1169 11AF;BF48;1108 1169 11AF; # (뽈; 뽈; 뽈; 뽈; 뽈; ) HANGUL SYLLABLE BBOL +BF49;BF49;1108 1169 11B0;BF49;1108 1169 11B0; # (뽉; 뽉; 뽉; 뽉; 뽉; ) HANGUL SYLLABLE BBOLG +BF4A;BF4A;1108 1169 11B1;BF4A;1108 1169 11B1; # (뽊; 뽊; 뽊; 뽊; 뽊; ) HANGUL SYLLABLE BBOLM +BF4B;BF4B;1108 1169 11B2;BF4B;1108 1169 11B2; # (뽋; 뽋; 뽋; 뽋; 뽋; ) HANGUL SYLLABLE BBOLB +BF4C;BF4C;1108 1169 11B3;BF4C;1108 1169 11B3; # (뽌; 뽌; 뽌; 뽌; 뽌; ) HANGUL SYLLABLE BBOLS +BF4D;BF4D;1108 1169 11B4;BF4D;1108 1169 11B4; # (ë½; ë½; 뽍; ë½; 뽍; ) HANGUL SYLLABLE BBOLT +BF4E;BF4E;1108 1169 11B5;BF4E;1108 1169 11B5; # (뽎; 뽎; 뽎; 뽎; 뽎; ) HANGUL SYLLABLE BBOLP +BF4F;BF4F;1108 1169 11B6;BF4F;1108 1169 11B6; # (ë½; ë½; 뽏; ë½; 뽏; ) HANGUL SYLLABLE BBOLH +BF50;BF50;1108 1169 11B7;BF50;1108 1169 11B7; # (ë½; ë½; 뽐; ë½; 뽐; ) HANGUL SYLLABLE BBOM +BF51;BF51;1108 1169 11B8;BF51;1108 1169 11B8; # (뽑; 뽑; 뽑; 뽑; 뽑; ) HANGUL SYLLABLE BBOB +BF52;BF52;1108 1169 11B9;BF52;1108 1169 11B9; # (ë½’; ë½’; 뽒; ë½’; 뽒; ) HANGUL SYLLABLE BBOBS +BF53;BF53;1108 1169 11BA;BF53;1108 1169 11BA; # (뽓; 뽓; 뽓; 뽓; 뽓; ) HANGUL SYLLABLE BBOS +BF54;BF54;1108 1169 11BB;BF54;1108 1169 11BB; # (ë½”; ë½”; 뽔; ë½”; 뽔; ) HANGUL SYLLABLE BBOSS +BF55;BF55;1108 1169 11BC;BF55;1108 1169 11BC; # (뽕; 뽕; 뽕; 뽕; 뽕; ) HANGUL SYLLABLE BBONG +BF56;BF56;1108 1169 11BD;BF56;1108 1169 11BD; # (ë½–; ë½–; 뽖; ë½–; 뽖; ) HANGUL SYLLABLE BBOJ +BF57;BF57;1108 1169 11BE;BF57;1108 1169 11BE; # (ë½—; ë½—; 뽗; ë½—; 뽗; ) HANGUL SYLLABLE BBOC +BF58;BF58;1108 1169 11BF;BF58;1108 1169 11BF; # (뽘; 뽘; 뽘; 뽘; 뽘; ) HANGUL SYLLABLE BBOK +BF59;BF59;1108 1169 11C0;BF59;1108 1169 11C0; # (ë½™; ë½™; 뽙; ë½™; 뽙; ) HANGUL SYLLABLE BBOT +BF5A;BF5A;1108 1169 11C1;BF5A;1108 1169 11C1; # (뽚; 뽚; 뽀á‡; 뽚; 뽀á‡; ) HANGUL SYLLABLE BBOP +BF5B;BF5B;1108 1169 11C2;BF5B;1108 1169 11C2; # (ë½›; ë½›; 뽛; ë½›; 뽛; ) HANGUL SYLLABLE BBOH +BF5C;BF5C;1108 116A;BF5C;1108 116A; # (뽜; 뽜; 뽜; 뽜; 뽜; ) HANGUL SYLLABLE BBWA +BF5D;BF5D;1108 116A 11A8;BF5D;1108 116A 11A8; # (ë½; ë½; 뽝; ë½; 뽝; ) HANGUL SYLLABLE BBWAG +BF5E;BF5E;1108 116A 11A9;BF5E;1108 116A 11A9; # (뽞; 뽞; 뽞; 뽞; 뽞; ) HANGUL SYLLABLE BBWAGG +BF5F;BF5F;1108 116A 11AA;BF5F;1108 116A 11AA; # (뽟; 뽟; 뽟; 뽟; 뽟; ) HANGUL SYLLABLE BBWAGS +BF60;BF60;1108 116A 11AB;BF60;1108 116A 11AB; # (ë½ ; ë½ ; 뽠; ë½ ; 뽠; ) HANGUL SYLLABLE BBWAN +BF61;BF61;1108 116A 11AC;BF61;1108 116A 11AC; # (뽡; 뽡; 뽡; 뽡; 뽡; ) HANGUL SYLLABLE BBWANJ +BF62;BF62;1108 116A 11AD;BF62;1108 116A 11AD; # (ë½¢; ë½¢; 뽢; ë½¢; 뽢; ) HANGUL SYLLABLE BBWANH +BF63;BF63;1108 116A 11AE;BF63;1108 116A 11AE; # (ë½£; ë½£; 뽣; ë½£; 뽣; ) HANGUL SYLLABLE BBWAD +BF64;BF64;1108 116A 11AF;BF64;1108 116A 11AF; # (뽤; 뽤; 뽤; 뽤; 뽤; ) HANGUL SYLLABLE BBWAL +BF65;BF65;1108 116A 11B0;BF65;1108 116A 11B0; # (ë½¥; ë½¥; 뽥; ë½¥; 뽥; ) HANGUL SYLLABLE BBWALG +BF66;BF66;1108 116A 11B1;BF66;1108 116A 11B1; # (뽦; 뽦; 뽦; 뽦; 뽦; ) HANGUL SYLLABLE BBWALM +BF67;BF67;1108 116A 11B2;BF67;1108 116A 11B2; # (뽧; 뽧; 뽧; 뽧; 뽧; ) HANGUL SYLLABLE BBWALB +BF68;BF68;1108 116A 11B3;BF68;1108 116A 11B3; # (뽨; 뽨; 뽨; 뽨; 뽨; ) HANGUL SYLLABLE BBWALS +BF69;BF69;1108 116A 11B4;BF69;1108 116A 11B4; # (뽩; 뽩; 뽩; 뽩; 뽩; ) HANGUL SYLLABLE BBWALT +BF6A;BF6A;1108 116A 11B5;BF6A;1108 116A 11B5; # (뽪; 뽪; 뽪; 뽪; 뽪; ) HANGUL SYLLABLE BBWALP +BF6B;BF6B;1108 116A 11B6;BF6B;1108 116A 11B6; # (뽫; 뽫; 뽫; 뽫; 뽫; ) HANGUL SYLLABLE BBWALH +BF6C;BF6C;1108 116A 11B7;BF6C;1108 116A 11B7; # (뽬; 뽬; 뽬; 뽬; 뽬; ) HANGUL SYLLABLE BBWAM +BF6D;BF6D;1108 116A 11B8;BF6D;1108 116A 11B8; # (ë½­; ë½­; 뽭; ë½­; 뽭; ) HANGUL SYLLABLE BBWAB +BF6E;BF6E;1108 116A 11B9;BF6E;1108 116A 11B9; # (ë½®; ë½®; 뽮; ë½®; 뽮; ) HANGUL SYLLABLE BBWABS +BF6F;BF6F;1108 116A 11BA;BF6F;1108 116A 11BA; # (뽯; 뽯; 뽯; 뽯; 뽯; ) HANGUL SYLLABLE BBWAS +BF70;BF70;1108 116A 11BB;BF70;1108 116A 11BB; # (ë½°; ë½°; 뽰; ë½°; 뽰; ) HANGUL SYLLABLE BBWASS +BF71;BF71;1108 116A 11BC;BF71;1108 116A 11BC; # (ë½±; ë½±; 뽱; ë½±; 뽱; ) HANGUL SYLLABLE BBWANG +BF72;BF72;1108 116A 11BD;BF72;1108 116A 11BD; # (ë½²; ë½²; 뽲; ë½²; 뽲; ) HANGUL SYLLABLE BBWAJ +BF73;BF73;1108 116A 11BE;BF73;1108 116A 11BE; # (ë½³; ë½³; 뽳; ë½³; 뽳; ) HANGUL SYLLABLE BBWAC +BF74;BF74;1108 116A 11BF;BF74;1108 116A 11BF; # (ë½´; ë½´; 뽴; ë½´; 뽴; ) HANGUL SYLLABLE BBWAK +BF75;BF75;1108 116A 11C0;BF75;1108 116A 11C0; # (ë½µ; ë½µ; 뽵; ë½µ; 뽵; ) HANGUL SYLLABLE BBWAT +BF76;BF76;1108 116A 11C1;BF76;1108 116A 11C1; # (뽶; 뽶; 뽜á‡; 뽶; 뽜á‡; ) HANGUL SYLLABLE BBWAP +BF77;BF77;1108 116A 11C2;BF77;1108 116A 11C2; # (ë½·; ë½·; 뽷; ë½·; 뽷; ) HANGUL SYLLABLE BBWAH +BF78;BF78;1108 116B;BF78;1108 116B; # (뽸; 뽸; 뽸; 뽸; 뽸; ) HANGUL SYLLABLE BBWAE +BF79;BF79;1108 116B 11A8;BF79;1108 116B 11A8; # (ë½¹; ë½¹; 뽹; ë½¹; 뽹; ) HANGUL SYLLABLE BBWAEG +BF7A;BF7A;1108 116B 11A9;BF7A;1108 116B 11A9; # (뽺; 뽺; 뽺; 뽺; 뽺; ) HANGUL SYLLABLE BBWAEGG +BF7B;BF7B;1108 116B 11AA;BF7B;1108 116B 11AA; # (ë½»; ë½»; 뽻; ë½»; 뽻; ) HANGUL SYLLABLE BBWAEGS +BF7C;BF7C;1108 116B 11AB;BF7C;1108 116B 11AB; # (ë½¼; ë½¼; 뽼; ë½¼; 뽼; ) HANGUL SYLLABLE BBWAEN +BF7D;BF7D;1108 116B 11AC;BF7D;1108 116B 11AC; # (ë½½; ë½½; 뽽; ë½½; 뽽; ) HANGUL SYLLABLE BBWAENJ +BF7E;BF7E;1108 116B 11AD;BF7E;1108 116B 11AD; # (ë½¾; ë½¾; 뽾; ë½¾; 뽾; ) HANGUL SYLLABLE BBWAENH +BF7F;BF7F;1108 116B 11AE;BF7F;1108 116B 11AE; # (뽿; 뽿; 뽿; 뽿; 뽿; ) HANGUL SYLLABLE BBWAED +BF80;BF80;1108 116B 11AF;BF80;1108 116B 11AF; # (ë¾€; ë¾€; 뾀; ë¾€; 뾀; ) HANGUL SYLLABLE BBWAEL +BF81;BF81;1108 116B 11B0;BF81;1108 116B 11B0; # (ë¾; ë¾; 뾁; ë¾; 뾁; ) HANGUL SYLLABLE BBWAELG +BF82;BF82;1108 116B 11B1;BF82;1108 116B 11B1; # (뾂; 뾂; 뾂; 뾂; 뾂; ) HANGUL SYLLABLE BBWAELM +BF83;BF83;1108 116B 11B2;BF83;1108 116B 11B2; # (뾃; 뾃; 뾃; 뾃; 뾃; ) HANGUL SYLLABLE BBWAELB +BF84;BF84;1108 116B 11B3;BF84;1108 116B 11B3; # (뾄; 뾄; 뾄; 뾄; 뾄; ) HANGUL SYLLABLE BBWAELS +BF85;BF85;1108 116B 11B4;BF85;1108 116B 11B4; # (ë¾…; ë¾…; 뾅; ë¾…; 뾅; ) HANGUL SYLLABLE BBWAELT +BF86;BF86;1108 116B 11B5;BF86;1108 116B 11B5; # (뾆; 뾆; 뾆; 뾆; 뾆; ) HANGUL SYLLABLE BBWAELP +BF87;BF87;1108 116B 11B6;BF87;1108 116B 11B6; # (뾇; 뾇; 뾇; 뾇; 뾇; ) HANGUL SYLLABLE BBWAELH +BF88;BF88;1108 116B 11B7;BF88;1108 116B 11B7; # (뾈; 뾈; 뾈; 뾈; 뾈; ) HANGUL SYLLABLE BBWAEM +BF89;BF89;1108 116B 11B8;BF89;1108 116B 11B8; # (뾉; 뾉; 뾉; 뾉; 뾉; ) HANGUL SYLLABLE BBWAEB +BF8A;BF8A;1108 116B 11B9;BF8A;1108 116B 11B9; # (뾊; 뾊; 뾊; 뾊; 뾊; ) HANGUL SYLLABLE BBWAEBS +BF8B;BF8B;1108 116B 11BA;BF8B;1108 116B 11BA; # (뾋; 뾋; 뾋; 뾋; 뾋; ) HANGUL SYLLABLE BBWAES +BF8C;BF8C;1108 116B 11BB;BF8C;1108 116B 11BB; # (뾌; 뾌; 뾌; 뾌; 뾌; ) HANGUL SYLLABLE BBWAESS +BF8D;BF8D;1108 116B 11BC;BF8D;1108 116B 11BC; # (ë¾; ë¾; 뾍; ë¾; 뾍; ) HANGUL SYLLABLE BBWAENG +BF8E;BF8E;1108 116B 11BD;BF8E;1108 116B 11BD; # (뾎; 뾎; 뾎; 뾎; 뾎; ) HANGUL SYLLABLE BBWAEJ +BF8F;BF8F;1108 116B 11BE;BF8F;1108 116B 11BE; # (ë¾; ë¾; 뾏; ë¾; 뾏; ) HANGUL SYLLABLE BBWAEC +BF90;BF90;1108 116B 11BF;BF90;1108 116B 11BF; # (ë¾; ë¾; 뾐; ë¾; 뾐; ) HANGUL SYLLABLE BBWAEK +BF91;BF91;1108 116B 11C0;BF91;1108 116B 11C0; # (뾑; 뾑; 뾑; 뾑; 뾑; ) HANGUL SYLLABLE BBWAET +BF92;BF92;1108 116B 11C1;BF92;1108 116B 11C1; # (ë¾’; ë¾’; 뽸á‡; ë¾’; 뽸á‡; ) HANGUL SYLLABLE BBWAEP +BF93;BF93;1108 116B 11C2;BF93;1108 116B 11C2; # (뾓; 뾓; 뾓; 뾓; 뾓; ) HANGUL SYLLABLE BBWAEH +BF94;BF94;1108 116C;BF94;1108 116C; # (ë¾”; ë¾”; 뾔; ë¾”; 뾔; ) HANGUL SYLLABLE BBOE +BF95;BF95;1108 116C 11A8;BF95;1108 116C 11A8; # (뾕; 뾕; 뾕; 뾕; 뾕; ) HANGUL SYLLABLE BBOEG +BF96;BF96;1108 116C 11A9;BF96;1108 116C 11A9; # (ë¾–; ë¾–; 뾖; ë¾–; 뾖; ) HANGUL SYLLABLE BBOEGG +BF97;BF97;1108 116C 11AA;BF97;1108 116C 11AA; # (ë¾—; ë¾—; 뾗; ë¾—; 뾗; ) HANGUL SYLLABLE BBOEGS +BF98;BF98;1108 116C 11AB;BF98;1108 116C 11AB; # (뾘; 뾘; 뾘; 뾘; 뾘; ) HANGUL SYLLABLE BBOEN +BF99;BF99;1108 116C 11AC;BF99;1108 116C 11AC; # (ë¾™; ë¾™; 뾙; ë¾™; 뾙; ) HANGUL SYLLABLE BBOENJ +BF9A;BF9A;1108 116C 11AD;BF9A;1108 116C 11AD; # (뾚; 뾚; 뾚; 뾚; 뾚; ) HANGUL SYLLABLE BBOENH +BF9B;BF9B;1108 116C 11AE;BF9B;1108 116C 11AE; # (ë¾›; ë¾›; 뾛; ë¾›; 뾛; ) HANGUL SYLLABLE BBOED +BF9C;BF9C;1108 116C 11AF;BF9C;1108 116C 11AF; # (뾜; 뾜; 뾜; 뾜; 뾜; ) HANGUL SYLLABLE BBOEL +BF9D;BF9D;1108 116C 11B0;BF9D;1108 116C 11B0; # (ë¾; ë¾; 뾝; ë¾; 뾝; ) HANGUL SYLLABLE BBOELG +BF9E;BF9E;1108 116C 11B1;BF9E;1108 116C 11B1; # (뾞; 뾞; 뾞; 뾞; 뾞; ) HANGUL SYLLABLE BBOELM +BF9F;BF9F;1108 116C 11B2;BF9F;1108 116C 11B2; # (뾟; 뾟; 뾟; 뾟; 뾟; ) HANGUL SYLLABLE BBOELB +BFA0;BFA0;1108 116C 11B3;BFA0;1108 116C 11B3; # (ë¾ ; ë¾ ; 뾠; ë¾ ; 뾠; ) HANGUL SYLLABLE BBOELS +BFA1;BFA1;1108 116C 11B4;BFA1;1108 116C 11B4; # (뾡; 뾡; 뾡; 뾡; 뾡; ) HANGUL SYLLABLE BBOELT +BFA2;BFA2;1108 116C 11B5;BFA2;1108 116C 11B5; # (ë¾¢; ë¾¢; 뾢; ë¾¢; 뾢; ) HANGUL SYLLABLE BBOELP +BFA3;BFA3;1108 116C 11B6;BFA3;1108 116C 11B6; # (ë¾£; ë¾£; 뾣; ë¾£; 뾣; ) HANGUL SYLLABLE BBOELH +BFA4;BFA4;1108 116C 11B7;BFA4;1108 116C 11B7; # (뾤; 뾤; 뾤; 뾤; 뾤; ) HANGUL SYLLABLE BBOEM +BFA5;BFA5;1108 116C 11B8;BFA5;1108 116C 11B8; # (ë¾¥; ë¾¥; 뾥; ë¾¥; 뾥; ) HANGUL SYLLABLE BBOEB +BFA6;BFA6;1108 116C 11B9;BFA6;1108 116C 11B9; # (뾦; 뾦; 뾦; 뾦; 뾦; ) HANGUL SYLLABLE BBOEBS +BFA7;BFA7;1108 116C 11BA;BFA7;1108 116C 11BA; # (뾧; 뾧; 뾧; 뾧; 뾧; ) HANGUL SYLLABLE BBOES +BFA8;BFA8;1108 116C 11BB;BFA8;1108 116C 11BB; # (뾨; 뾨; 뾨; 뾨; 뾨; ) HANGUL SYLLABLE BBOESS +BFA9;BFA9;1108 116C 11BC;BFA9;1108 116C 11BC; # (뾩; 뾩; 뾩; 뾩; 뾩; ) HANGUL SYLLABLE BBOENG +BFAA;BFAA;1108 116C 11BD;BFAA;1108 116C 11BD; # (뾪; 뾪; 뾪; 뾪; 뾪; ) HANGUL SYLLABLE BBOEJ +BFAB;BFAB;1108 116C 11BE;BFAB;1108 116C 11BE; # (뾫; 뾫; 뾫; 뾫; 뾫; ) HANGUL SYLLABLE BBOEC +BFAC;BFAC;1108 116C 11BF;BFAC;1108 116C 11BF; # (뾬; 뾬; 뾬; 뾬; 뾬; ) HANGUL SYLLABLE BBOEK +BFAD;BFAD;1108 116C 11C0;BFAD;1108 116C 11C0; # (ë¾­; ë¾­; 뾭; ë¾­; 뾭; ) HANGUL SYLLABLE BBOET +BFAE;BFAE;1108 116C 11C1;BFAE;1108 116C 11C1; # (ë¾®; ë¾®; 뾔á‡; ë¾®; 뾔á‡; ) HANGUL SYLLABLE BBOEP +BFAF;BFAF;1108 116C 11C2;BFAF;1108 116C 11C2; # (뾯; 뾯; 뾯; 뾯; 뾯; ) HANGUL SYLLABLE BBOEH +BFB0;BFB0;1108 116D;BFB0;1108 116D; # (ë¾°; ë¾°; 뾰; ë¾°; 뾰; ) HANGUL SYLLABLE BBYO +BFB1;BFB1;1108 116D 11A8;BFB1;1108 116D 11A8; # (ë¾±; ë¾±; 뾱; ë¾±; 뾱; ) HANGUL SYLLABLE BBYOG +BFB2;BFB2;1108 116D 11A9;BFB2;1108 116D 11A9; # (ë¾²; ë¾²; 뾲; ë¾²; 뾲; ) HANGUL SYLLABLE BBYOGG +BFB3;BFB3;1108 116D 11AA;BFB3;1108 116D 11AA; # (ë¾³; ë¾³; 뾳; ë¾³; 뾳; ) HANGUL SYLLABLE BBYOGS +BFB4;BFB4;1108 116D 11AB;BFB4;1108 116D 11AB; # (ë¾´; ë¾´; 뾴; ë¾´; 뾴; ) HANGUL SYLLABLE BBYON +BFB5;BFB5;1108 116D 11AC;BFB5;1108 116D 11AC; # (ë¾µ; ë¾µ; 뾵; ë¾µ; 뾵; ) HANGUL SYLLABLE BBYONJ +BFB6;BFB6;1108 116D 11AD;BFB6;1108 116D 11AD; # (뾶; 뾶; 뾶; 뾶; 뾶; ) HANGUL SYLLABLE BBYONH +BFB7;BFB7;1108 116D 11AE;BFB7;1108 116D 11AE; # (ë¾·; ë¾·; 뾷; ë¾·; 뾷; ) HANGUL SYLLABLE BBYOD +BFB8;BFB8;1108 116D 11AF;BFB8;1108 116D 11AF; # (뾸; 뾸; 뾸; 뾸; 뾸; ) HANGUL SYLLABLE BBYOL +BFB9;BFB9;1108 116D 11B0;BFB9;1108 116D 11B0; # (ë¾¹; ë¾¹; 뾹; ë¾¹; 뾹; ) HANGUL SYLLABLE BBYOLG +BFBA;BFBA;1108 116D 11B1;BFBA;1108 116D 11B1; # (뾺; 뾺; 뾺; 뾺; 뾺; ) HANGUL SYLLABLE BBYOLM +BFBB;BFBB;1108 116D 11B2;BFBB;1108 116D 11B2; # (ë¾»; ë¾»; 뾻; ë¾»; 뾻; ) HANGUL SYLLABLE BBYOLB +BFBC;BFBC;1108 116D 11B3;BFBC;1108 116D 11B3; # (ë¾¼; ë¾¼; 뾼; ë¾¼; 뾼; ) HANGUL SYLLABLE BBYOLS +BFBD;BFBD;1108 116D 11B4;BFBD;1108 116D 11B4; # (ë¾½; ë¾½; 뾽; ë¾½; 뾽; ) HANGUL SYLLABLE BBYOLT +BFBE;BFBE;1108 116D 11B5;BFBE;1108 116D 11B5; # (ë¾¾; ë¾¾; 뾾; ë¾¾; 뾾; ) HANGUL SYLLABLE BBYOLP +BFBF;BFBF;1108 116D 11B6;BFBF;1108 116D 11B6; # (뾿; 뾿; 뾿; 뾿; 뾿; ) HANGUL SYLLABLE BBYOLH +BFC0;BFC0;1108 116D 11B7;BFC0;1108 116D 11B7; # (ë¿€; ë¿€; 뿀; ë¿€; 뿀; ) HANGUL SYLLABLE BBYOM +BFC1;BFC1;1108 116D 11B8;BFC1;1108 116D 11B8; # (ë¿; ë¿; 뿁; ë¿; 뿁; ) HANGUL SYLLABLE BBYOB +BFC2;BFC2;1108 116D 11B9;BFC2;1108 116D 11B9; # (ë¿‚; ë¿‚; 뿂; ë¿‚; 뿂; ) HANGUL SYLLABLE BBYOBS +BFC3;BFC3;1108 116D 11BA;BFC3;1108 116D 11BA; # (뿃; 뿃; 뿃; 뿃; 뿃; ) HANGUL SYLLABLE BBYOS +BFC4;BFC4;1108 116D 11BB;BFC4;1108 116D 11BB; # (ë¿„; ë¿„; 뿄; ë¿„; 뿄; ) HANGUL SYLLABLE BBYOSS +BFC5;BFC5;1108 116D 11BC;BFC5;1108 116D 11BC; # (ë¿…; ë¿…; 뿅; ë¿…; 뿅; ) HANGUL SYLLABLE BBYONG +BFC6;BFC6;1108 116D 11BD;BFC6;1108 116D 11BD; # (뿆; 뿆; 뿆; 뿆; 뿆; ) HANGUL SYLLABLE BBYOJ +BFC7;BFC7;1108 116D 11BE;BFC7;1108 116D 11BE; # (뿇; 뿇; 뿇; 뿇; 뿇; ) HANGUL SYLLABLE BBYOC +BFC8;BFC8;1108 116D 11BF;BFC8;1108 116D 11BF; # (뿈; 뿈; 뿈; 뿈; 뿈; ) HANGUL SYLLABLE BBYOK +BFC9;BFC9;1108 116D 11C0;BFC9;1108 116D 11C0; # (뿉; 뿉; 뿉; 뿉; 뿉; ) HANGUL SYLLABLE BBYOT +BFCA;BFCA;1108 116D 11C1;BFCA;1108 116D 11C1; # (ë¿Š; ë¿Š; 뾰á‡; ë¿Š; 뾰á‡; ) HANGUL SYLLABLE BBYOP +BFCB;BFCB;1108 116D 11C2;BFCB;1108 116D 11C2; # (ë¿‹; ë¿‹; 뿋; ë¿‹; 뿋; ) HANGUL SYLLABLE BBYOH +BFCC;BFCC;1108 116E;BFCC;1108 116E; # (ë¿Œ; ë¿Œ; 뿌; ë¿Œ; 뿌; ) HANGUL SYLLABLE BBU +BFCD;BFCD;1108 116E 11A8;BFCD;1108 116E 11A8; # (ë¿; ë¿; 뿍; ë¿; 뿍; ) HANGUL SYLLABLE BBUG +BFCE;BFCE;1108 116E 11A9;BFCE;1108 116E 11A9; # (ë¿Ž; ë¿Ž; 뿎; ë¿Ž; 뿎; ) HANGUL SYLLABLE BBUGG +BFCF;BFCF;1108 116E 11AA;BFCF;1108 116E 11AA; # (ë¿; ë¿; 뿏; ë¿; 뿏; ) HANGUL SYLLABLE BBUGS +BFD0;BFD0;1108 116E 11AB;BFD0;1108 116E 11AB; # (ë¿; ë¿; 뿐; ë¿; 뿐; ) HANGUL SYLLABLE BBUN +BFD1;BFD1;1108 116E 11AC;BFD1;1108 116E 11AC; # (ë¿‘; ë¿‘; 뿑; ë¿‘; 뿑; ) HANGUL SYLLABLE BBUNJ +BFD2;BFD2;1108 116E 11AD;BFD2;1108 116E 11AD; # (ë¿’; ë¿’; 뿒; ë¿’; 뿒; ) HANGUL SYLLABLE BBUNH +BFD3;BFD3;1108 116E 11AE;BFD3;1108 116E 11AE; # (ë¿“; ë¿“; 뿓; ë¿“; 뿓; ) HANGUL SYLLABLE BBUD +BFD4;BFD4;1108 116E 11AF;BFD4;1108 116E 11AF; # (ë¿”; ë¿”; 뿔; ë¿”; 뿔; ) HANGUL SYLLABLE BBUL +BFD5;BFD5;1108 116E 11B0;BFD5;1108 116E 11B0; # (ë¿•; ë¿•; 뿕; ë¿•; 뿕; ) HANGUL SYLLABLE BBULG +BFD6;BFD6;1108 116E 11B1;BFD6;1108 116E 11B1; # (ë¿–; ë¿–; 뿖; ë¿–; 뿖; ) HANGUL SYLLABLE BBULM +BFD7;BFD7;1108 116E 11B2;BFD7;1108 116E 11B2; # (ë¿—; ë¿—; 뿗; ë¿—; 뿗; ) HANGUL SYLLABLE BBULB +BFD8;BFD8;1108 116E 11B3;BFD8;1108 116E 11B3; # (뿘; 뿘; 뿘; 뿘; 뿘; ) HANGUL SYLLABLE BBULS +BFD9;BFD9;1108 116E 11B4;BFD9;1108 116E 11B4; # (ë¿™; ë¿™; 뿙; ë¿™; 뿙; ) HANGUL SYLLABLE BBULT +BFDA;BFDA;1108 116E 11B5;BFDA;1108 116E 11B5; # (ë¿š; ë¿š; 뿚; ë¿š; 뿚; ) HANGUL SYLLABLE BBULP +BFDB;BFDB;1108 116E 11B6;BFDB;1108 116E 11B6; # (ë¿›; ë¿›; 뿛; ë¿›; 뿛; ) HANGUL SYLLABLE BBULH +BFDC;BFDC;1108 116E 11B7;BFDC;1108 116E 11B7; # (ë¿œ; ë¿œ; 뿜; ë¿œ; 뿜; ) HANGUL SYLLABLE BBUM +BFDD;BFDD;1108 116E 11B8;BFDD;1108 116E 11B8; # (ë¿; ë¿; 뿝; ë¿; 뿝; ) HANGUL SYLLABLE BBUB +BFDE;BFDE;1108 116E 11B9;BFDE;1108 116E 11B9; # (ë¿ž; ë¿ž; 뿞; ë¿ž; 뿞; ) HANGUL SYLLABLE BBUBS +BFDF;BFDF;1108 116E 11BA;BFDF;1108 116E 11BA; # (ë¿Ÿ; ë¿Ÿ; 뿟; ë¿Ÿ; 뿟; ) HANGUL SYLLABLE BBUS +BFE0;BFE0;1108 116E 11BB;BFE0;1108 116E 11BB; # (ë¿ ; ë¿ ; 뿠; ë¿ ; 뿠; ) HANGUL SYLLABLE BBUSS +BFE1;BFE1;1108 116E 11BC;BFE1;1108 116E 11BC; # (ë¿¡; ë¿¡; 뿡; ë¿¡; 뿡; ) HANGUL SYLLABLE BBUNG +BFE2;BFE2;1108 116E 11BD;BFE2;1108 116E 11BD; # (ë¿¢; ë¿¢; 뿢; ë¿¢; 뿢; ) HANGUL SYLLABLE BBUJ +BFE3;BFE3;1108 116E 11BE;BFE3;1108 116E 11BE; # (ë¿£; ë¿£; 뿣; ë¿£; 뿣; ) HANGUL SYLLABLE BBUC +BFE4;BFE4;1108 116E 11BF;BFE4;1108 116E 11BF; # (뿤; 뿤; 뿤; 뿤; 뿤; ) HANGUL SYLLABLE BBUK +BFE5;BFE5;1108 116E 11C0;BFE5;1108 116E 11C0; # (ë¿¥; ë¿¥; 뿥; ë¿¥; 뿥; ) HANGUL SYLLABLE BBUT +BFE6;BFE6;1108 116E 11C1;BFE6;1108 116E 11C1; # (뿦; 뿦; 뿌á‡; 뿦; 뿌á‡; ) HANGUL SYLLABLE BBUP +BFE7;BFE7;1108 116E 11C2;BFE7;1108 116E 11C2; # (뿧; 뿧; 뿧; 뿧; 뿧; ) HANGUL SYLLABLE BBUH +BFE8;BFE8;1108 116F;BFE8;1108 116F; # (뿨; 뿨; 뿨; 뿨; 뿨; ) HANGUL SYLLABLE BBWEO +BFE9;BFE9;1108 116F 11A8;BFE9;1108 116F 11A8; # (ë¿©; ë¿©; 뿩; ë¿©; 뿩; ) HANGUL SYLLABLE BBWEOG +BFEA;BFEA;1108 116F 11A9;BFEA;1108 116F 11A9; # (뿪; 뿪; 뿪; 뿪; 뿪; ) HANGUL SYLLABLE BBWEOGG +BFEB;BFEB;1108 116F 11AA;BFEB;1108 116F 11AA; # (ë¿«; ë¿«; 뿫; ë¿«; 뿫; ) HANGUL SYLLABLE BBWEOGS +BFEC;BFEC;1108 116F 11AB;BFEC;1108 116F 11AB; # (뿬; 뿬; 뿬; 뿬; 뿬; ) HANGUL SYLLABLE BBWEON +BFED;BFED;1108 116F 11AC;BFED;1108 116F 11AC; # (ë¿­; ë¿­; 뿭; ë¿­; 뿭; ) HANGUL SYLLABLE BBWEONJ +BFEE;BFEE;1108 116F 11AD;BFEE;1108 116F 11AD; # (ë¿®; ë¿®; 뿮; ë¿®; 뿮; ) HANGUL SYLLABLE BBWEONH +BFEF;BFEF;1108 116F 11AE;BFEF;1108 116F 11AE; # (뿯; 뿯; 뿯; 뿯; 뿯; ) HANGUL SYLLABLE BBWEOD +BFF0;BFF0;1108 116F 11AF;BFF0;1108 116F 11AF; # (ë¿°; ë¿°; 뿰; ë¿°; 뿰; ) HANGUL SYLLABLE BBWEOL +BFF1;BFF1;1108 116F 11B0;BFF1;1108 116F 11B0; # (뿱; 뿱; 뿱; 뿱; 뿱; ) HANGUL SYLLABLE BBWEOLG +BFF2;BFF2;1108 116F 11B1;BFF2;1108 116F 11B1; # (뿲; 뿲; 뿲; 뿲; 뿲; ) HANGUL SYLLABLE BBWEOLM +BFF3;BFF3;1108 116F 11B2;BFF3;1108 116F 11B2; # (뿳; 뿳; 뿳; 뿳; 뿳; ) HANGUL SYLLABLE BBWEOLB +BFF4;BFF4;1108 116F 11B3;BFF4;1108 116F 11B3; # (ë¿´; ë¿´; 뿴; ë¿´; 뿴; ) HANGUL SYLLABLE BBWEOLS +BFF5;BFF5;1108 116F 11B4;BFF5;1108 116F 11B4; # (뿵; 뿵; 뿵; 뿵; 뿵; ) HANGUL SYLLABLE BBWEOLT +BFF6;BFF6;1108 116F 11B5;BFF6;1108 116F 11B5; # (뿶; 뿶; 뿶; 뿶; 뿶; ) HANGUL SYLLABLE BBWEOLP +BFF7;BFF7;1108 116F 11B6;BFF7;1108 116F 11B6; # (ë¿·; ë¿·; 뿷; ë¿·; 뿷; ) HANGUL SYLLABLE BBWEOLH +BFF8;BFF8;1108 116F 11B7;BFF8;1108 116F 11B7; # (뿸; 뿸; 뿸; 뿸; 뿸; ) HANGUL SYLLABLE BBWEOM +BFF9;BFF9;1108 116F 11B8;BFF9;1108 116F 11B8; # (뿹; 뿹; 뿹; 뿹; 뿹; ) HANGUL SYLLABLE BBWEOB +BFFA;BFFA;1108 116F 11B9;BFFA;1108 116F 11B9; # (뿺; 뿺; 뿺; 뿺; 뿺; ) HANGUL SYLLABLE BBWEOBS +BFFB;BFFB;1108 116F 11BA;BFFB;1108 116F 11BA; # (ë¿»; ë¿»; 뿻; ë¿»; 뿻; ) HANGUL SYLLABLE BBWEOS +BFFC;BFFC;1108 116F 11BB;BFFC;1108 116F 11BB; # (뿼; 뿼; 뿼; 뿼; 뿼; ) HANGUL SYLLABLE BBWEOSS +BFFD;BFFD;1108 116F 11BC;BFFD;1108 116F 11BC; # (뿽; 뿽; 뿽; 뿽; 뿽; ) HANGUL SYLLABLE BBWEONG +BFFE;BFFE;1108 116F 11BD;BFFE;1108 116F 11BD; # (뿾; 뿾; 뿾; 뿾; 뿾; ) HANGUL SYLLABLE BBWEOJ +BFFF;BFFF;1108 116F 11BE;BFFF;1108 116F 11BE; # (ë¿¿; ë¿¿; 뿿; ë¿¿; 뿿; ) HANGUL SYLLABLE BBWEOC +C000;C000;1108 116F 11BF;C000;1108 116F 11BF; # (쀀; 쀀; 쀀; 쀀; 쀀; ) HANGUL SYLLABLE BBWEOK +C001;C001;1108 116F 11C0;C001;1108 116F 11C0; # (ì€; ì€; 쀁; ì€; 쀁; ) HANGUL SYLLABLE BBWEOT +C002;C002;1108 116F 11C1;C002;1108 116F 11C1; # (쀂; 쀂; 뿨á‡; 쀂; 뿨á‡; ) HANGUL SYLLABLE BBWEOP +C003;C003;1108 116F 11C2;C003;1108 116F 11C2; # (쀃; 쀃; 쀃; 쀃; 쀃; ) HANGUL SYLLABLE BBWEOH +C004;C004;1108 1170;C004;1108 1170; # (쀄; 쀄; 쀄; 쀄; 쀄; ) HANGUL SYLLABLE BBWE +C005;C005;1108 1170 11A8;C005;1108 1170 11A8; # (쀅; 쀅; 쀅; 쀅; 쀅; ) HANGUL SYLLABLE BBWEG +C006;C006;1108 1170 11A9;C006;1108 1170 11A9; # (쀆; 쀆; 쀆; 쀆; 쀆; ) HANGUL SYLLABLE BBWEGG +C007;C007;1108 1170 11AA;C007;1108 1170 11AA; # (쀇; 쀇; 쀇; 쀇; 쀇; ) HANGUL SYLLABLE BBWEGS +C008;C008;1108 1170 11AB;C008;1108 1170 11AB; # (쀈; 쀈; 쀈; 쀈; 쀈; ) HANGUL SYLLABLE BBWEN +C009;C009;1108 1170 11AC;C009;1108 1170 11AC; # (쀉; 쀉; 쀉; 쀉; 쀉; ) HANGUL SYLLABLE BBWENJ +C00A;C00A;1108 1170 11AD;C00A;1108 1170 11AD; # (쀊; 쀊; 쀊; 쀊; 쀊; ) HANGUL SYLLABLE BBWENH +C00B;C00B;1108 1170 11AE;C00B;1108 1170 11AE; # (쀋; 쀋; 쀋; 쀋; 쀋; ) HANGUL SYLLABLE BBWED +C00C;C00C;1108 1170 11AF;C00C;1108 1170 11AF; # (쀌; 쀌; 쀌; 쀌; 쀌; ) HANGUL SYLLABLE BBWEL +C00D;C00D;1108 1170 11B0;C00D;1108 1170 11B0; # (ì€; ì€; 쀍; ì€; 쀍; ) HANGUL SYLLABLE BBWELG +C00E;C00E;1108 1170 11B1;C00E;1108 1170 11B1; # (쀎; 쀎; 쀎; 쀎; 쀎; ) HANGUL SYLLABLE BBWELM +C00F;C00F;1108 1170 11B2;C00F;1108 1170 11B2; # (ì€; ì€; 쀏; ì€; 쀏; ) HANGUL SYLLABLE BBWELB +C010;C010;1108 1170 11B3;C010;1108 1170 11B3; # (ì€; ì€; 쀐; ì€; 쀐; ) HANGUL SYLLABLE BBWELS +C011;C011;1108 1170 11B4;C011;1108 1170 11B4; # (쀑; 쀑; 쀑; 쀑; 쀑; ) HANGUL SYLLABLE BBWELT +C012;C012;1108 1170 11B5;C012;1108 1170 11B5; # (쀒; 쀒; 쀒; 쀒; 쀒; ) HANGUL SYLLABLE BBWELP +C013;C013;1108 1170 11B6;C013;1108 1170 11B6; # (쀓; 쀓; 쀓; 쀓; 쀓; ) HANGUL SYLLABLE BBWELH +C014;C014;1108 1170 11B7;C014;1108 1170 11B7; # (쀔; 쀔; 쀔; 쀔; 쀔; ) HANGUL SYLLABLE BBWEM +C015;C015;1108 1170 11B8;C015;1108 1170 11B8; # (쀕; 쀕; 쀕; 쀕; 쀕; ) HANGUL SYLLABLE BBWEB +C016;C016;1108 1170 11B9;C016;1108 1170 11B9; # (쀖; 쀖; 쀖; 쀖; 쀖; ) HANGUL SYLLABLE BBWEBS +C017;C017;1108 1170 11BA;C017;1108 1170 11BA; # (쀗; 쀗; 쀗; 쀗; 쀗; ) HANGUL SYLLABLE BBWES +C018;C018;1108 1170 11BB;C018;1108 1170 11BB; # (쀘; 쀘; 쀘; 쀘; 쀘; ) HANGUL SYLLABLE BBWESS +C019;C019;1108 1170 11BC;C019;1108 1170 11BC; # (쀙; 쀙; 쀙; 쀙; 쀙; ) HANGUL SYLLABLE BBWENG +C01A;C01A;1108 1170 11BD;C01A;1108 1170 11BD; # (쀚; 쀚; 쀚; 쀚; 쀚; ) HANGUL SYLLABLE BBWEJ +C01B;C01B;1108 1170 11BE;C01B;1108 1170 11BE; # (쀛; 쀛; 쀛; 쀛; 쀛; ) HANGUL SYLLABLE BBWEC +C01C;C01C;1108 1170 11BF;C01C;1108 1170 11BF; # (쀜; 쀜; 쀜; 쀜; 쀜; ) HANGUL SYLLABLE BBWEK +C01D;C01D;1108 1170 11C0;C01D;1108 1170 11C0; # (ì€; ì€; 쀝; ì€; 쀝; ) HANGUL SYLLABLE BBWET +C01E;C01E;1108 1170 11C1;C01E;1108 1170 11C1; # (쀞; 쀞; 쀄á‡; 쀞; 쀄á‡; ) HANGUL SYLLABLE BBWEP +C01F;C01F;1108 1170 11C2;C01F;1108 1170 11C2; # (쀟; 쀟; 쀟; 쀟; 쀟; ) HANGUL SYLLABLE BBWEH +C020;C020;1108 1171;C020;1108 1171; # (쀠; 쀠; 쀠; 쀠; 쀠; ) HANGUL SYLLABLE BBWI +C021;C021;1108 1171 11A8;C021;1108 1171 11A8; # (쀡; 쀡; 쀡; 쀡; 쀡; ) HANGUL SYLLABLE BBWIG +C022;C022;1108 1171 11A9;C022;1108 1171 11A9; # (쀢; 쀢; 쀢; 쀢; 쀢; ) HANGUL SYLLABLE BBWIGG +C023;C023;1108 1171 11AA;C023;1108 1171 11AA; # (쀣; 쀣; 쀣; 쀣; 쀣; ) HANGUL SYLLABLE BBWIGS +C024;C024;1108 1171 11AB;C024;1108 1171 11AB; # (쀤; 쀤; 쀤; 쀤; 쀤; ) HANGUL SYLLABLE BBWIN +C025;C025;1108 1171 11AC;C025;1108 1171 11AC; # (쀥; 쀥; 쀥; 쀥; 쀥; ) HANGUL SYLLABLE BBWINJ +C026;C026;1108 1171 11AD;C026;1108 1171 11AD; # (쀦; 쀦; 쀦; 쀦; 쀦; ) HANGUL SYLLABLE BBWINH +C027;C027;1108 1171 11AE;C027;1108 1171 11AE; # (쀧; 쀧; 쀧; 쀧; 쀧; ) HANGUL SYLLABLE BBWID +C028;C028;1108 1171 11AF;C028;1108 1171 11AF; # (쀨; 쀨; 쀨; 쀨; 쀨; ) HANGUL SYLLABLE BBWIL +C029;C029;1108 1171 11B0;C029;1108 1171 11B0; # (쀩; 쀩; 쀩; 쀩; 쀩; ) HANGUL SYLLABLE BBWILG +C02A;C02A;1108 1171 11B1;C02A;1108 1171 11B1; # (쀪; 쀪; 쀪; 쀪; 쀪; ) HANGUL SYLLABLE BBWILM +C02B;C02B;1108 1171 11B2;C02B;1108 1171 11B2; # (쀫; 쀫; 쀫; 쀫; 쀫; ) HANGUL SYLLABLE BBWILB +C02C;C02C;1108 1171 11B3;C02C;1108 1171 11B3; # (쀬; 쀬; 쀬; 쀬; 쀬; ) HANGUL SYLLABLE BBWILS +C02D;C02D;1108 1171 11B4;C02D;1108 1171 11B4; # (쀭; 쀭; 쀭; 쀭; 쀭; ) HANGUL SYLLABLE BBWILT +C02E;C02E;1108 1171 11B5;C02E;1108 1171 11B5; # (쀮; 쀮; 쀮; 쀮; 쀮; ) HANGUL SYLLABLE BBWILP +C02F;C02F;1108 1171 11B6;C02F;1108 1171 11B6; # (쀯; 쀯; 쀯; 쀯; 쀯; ) HANGUL SYLLABLE BBWILH +C030;C030;1108 1171 11B7;C030;1108 1171 11B7; # (쀰; 쀰; 쀰; 쀰; 쀰; ) HANGUL SYLLABLE BBWIM +C031;C031;1108 1171 11B8;C031;1108 1171 11B8; # (쀱; 쀱; 쀱; 쀱; 쀱; ) HANGUL SYLLABLE BBWIB +C032;C032;1108 1171 11B9;C032;1108 1171 11B9; # (쀲; 쀲; 쀲; 쀲; 쀲; ) HANGUL SYLLABLE BBWIBS +C033;C033;1108 1171 11BA;C033;1108 1171 11BA; # (쀳; 쀳; 쀳; 쀳; 쀳; ) HANGUL SYLLABLE BBWIS +C034;C034;1108 1171 11BB;C034;1108 1171 11BB; # (쀴; 쀴; 쀴; 쀴; 쀴; ) HANGUL SYLLABLE BBWISS +C035;C035;1108 1171 11BC;C035;1108 1171 11BC; # (쀵; 쀵; 쀵; 쀵; 쀵; ) HANGUL SYLLABLE BBWING +C036;C036;1108 1171 11BD;C036;1108 1171 11BD; # (쀶; 쀶; 쀶; 쀶; 쀶; ) HANGUL SYLLABLE BBWIJ +C037;C037;1108 1171 11BE;C037;1108 1171 11BE; # (쀷; 쀷; 쀷; 쀷; 쀷; ) HANGUL SYLLABLE BBWIC +C038;C038;1108 1171 11BF;C038;1108 1171 11BF; # (쀸; 쀸; 쀸; 쀸; 쀸; ) HANGUL SYLLABLE BBWIK +C039;C039;1108 1171 11C0;C039;1108 1171 11C0; # (쀹; 쀹; 쀹; 쀹; 쀹; ) HANGUL SYLLABLE BBWIT +C03A;C03A;1108 1171 11C1;C03A;1108 1171 11C1; # (쀺; 쀺; 쀠á‡; 쀺; 쀠á‡; ) HANGUL SYLLABLE BBWIP +C03B;C03B;1108 1171 11C2;C03B;1108 1171 11C2; # (쀻; 쀻; 쀻; 쀻; 쀻; ) HANGUL SYLLABLE BBWIH +C03C;C03C;1108 1172;C03C;1108 1172; # (쀼; 쀼; 쀼; 쀼; 쀼; ) HANGUL SYLLABLE BBYU +C03D;C03D;1108 1172 11A8;C03D;1108 1172 11A8; # (쀽; 쀽; 쀽; 쀽; 쀽; ) HANGUL SYLLABLE BBYUG +C03E;C03E;1108 1172 11A9;C03E;1108 1172 11A9; # (쀾; 쀾; 쀾; 쀾; 쀾; ) HANGUL SYLLABLE BBYUGG +C03F;C03F;1108 1172 11AA;C03F;1108 1172 11AA; # (쀿; 쀿; 쀿; 쀿; 쀿; ) HANGUL SYLLABLE BBYUGS +C040;C040;1108 1172 11AB;C040;1108 1172 11AB; # (ì€; ì€; 쁀; ì€; 쁀; ) HANGUL SYLLABLE BBYUN +C041;C041;1108 1172 11AC;C041;1108 1172 11AC; # (ì; ì; 쁁; ì; 쁁; ) HANGUL SYLLABLE BBYUNJ +C042;C042;1108 1172 11AD;C042;1108 1172 11AD; # (ì‚; ì‚; 쁂; ì‚; 쁂; ) HANGUL SYLLABLE BBYUNH +C043;C043;1108 1172 11AE;C043;1108 1172 11AE; # (ìƒ; ìƒ; 쁃; ìƒ; 쁃; ) HANGUL SYLLABLE BBYUD +C044;C044;1108 1172 11AF;C044;1108 1172 11AF; # (ì„; ì„; 쁄; ì„; 쁄; ) HANGUL SYLLABLE BBYUL +C045;C045;1108 1172 11B0;C045;1108 1172 11B0; # (ì…; ì…; 쁅; ì…; 쁅; ) HANGUL SYLLABLE BBYULG +C046;C046;1108 1172 11B1;C046;1108 1172 11B1; # (ì†; ì†; 쁆; ì†; 쁆; ) HANGUL SYLLABLE BBYULM +C047;C047;1108 1172 11B2;C047;1108 1172 11B2; # (ì‡; ì‡; 쁇; ì‡; 쁇; ) HANGUL SYLLABLE BBYULB +C048;C048;1108 1172 11B3;C048;1108 1172 11B3; # (ìˆ; ìˆ; 쁈; ìˆ; 쁈; ) HANGUL SYLLABLE BBYULS +C049;C049;1108 1172 11B4;C049;1108 1172 11B4; # (ì‰; ì‰; 쁉; ì‰; 쁉; ) HANGUL SYLLABLE BBYULT +C04A;C04A;1108 1172 11B5;C04A;1108 1172 11B5; # (ìŠ; ìŠ; 쁊; ìŠ; 쁊; ) HANGUL SYLLABLE BBYULP +C04B;C04B;1108 1172 11B6;C04B;1108 1172 11B6; # (ì‹; ì‹; 쁋; ì‹; 쁋; ) HANGUL SYLLABLE BBYULH +C04C;C04C;1108 1172 11B7;C04C;1108 1172 11B7; # (ìŒ; ìŒ; 쁌; ìŒ; 쁌; ) HANGUL SYLLABLE BBYUM +C04D;C04D;1108 1172 11B8;C04D;1108 1172 11B8; # (ì; ì; 쁍; ì; 쁍; ) HANGUL SYLLABLE BBYUB +C04E;C04E;1108 1172 11B9;C04E;1108 1172 11B9; # (ìŽ; ìŽ; 쁎; ìŽ; 쁎; ) HANGUL SYLLABLE BBYUBS +C04F;C04F;1108 1172 11BA;C04F;1108 1172 11BA; # (ì; ì; 쁏; ì; 쁏; ) HANGUL SYLLABLE BBYUS +C050;C050;1108 1172 11BB;C050;1108 1172 11BB; # (ì; ì; 쁐; ì; 쁐; ) HANGUL SYLLABLE BBYUSS +C051;C051;1108 1172 11BC;C051;1108 1172 11BC; # (ì‘; ì‘; 쁑; ì‘; 쁑; ) HANGUL SYLLABLE BBYUNG +C052;C052;1108 1172 11BD;C052;1108 1172 11BD; # (ì’; ì’; 쁒; ì’; 쁒; ) HANGUL SYLLABLE BBYUJ +C053;C053;1108 1172 11BE;C053;1108 1172 11BE; # (ì“; ì“; 쁓; ì“; 쁓; ) HANGUL SYLLABLE BBYUC +C054;C054;1108 1172 11BF;C054;1108 1172 11BF; # (ì”; ì”; 쁔; ì”; 쁔; ) HANGUL SYLLABLE BBYUK +C055;C055;1108 1172 11C0;C055;1108 1172 11C0; # (ì•; ì•; 쁕; ì•; 쁕; ) HANGUL SYLLABLE BBYUT +C056;C056;1108 1172 11C1;C056;1108 1172 11C1; # (ì–; ì–; 쀼á‡; ì–; 쀼á‡; ) HANGUL SYLLABLE BBYUP +C057;C057;1108 1172 11C2;C057;1108 1172 11C2; # (ì—; ì—; 쁗; ì—; 쁗; ) HANGUL SYLLABLE BBYUH +C058;C058;1108 1173;C058;1108 1173; # (ì˜; ì˜; 쁘; ì˜; 쁘; ) HANGUL SYLLABLE BBEU +C059;C059;1108 1173 11A8;C059;1108 1173 11A8; # (ì™; ì™; 쁙; ì™; 쁙; ) HANGUL SYLLABLE BBEUG +C05A;C05A;1108 1173 11A9;C05A;1108 1173 11A9; # (ìš; ìš; 쁚; ìš; 쁚; ) HANGUL SYLLABLE BBEUGG +C05B;C05B;1108 1173 11AA;C05B;1108 1173 11AA; # (ì›; ì›; 쁛; ì›; 쁛; ) HANGUL SYLLABLE BBEUGS +C05C;C05C;1108 1173 11AB;C05C;1108 1173 11AB; # (ìœ; ìœ; 쁜; ìœ; 쁜; ) HANGUL SYLLABLE BBEUN +C05D;C05D;1108 1173 11AC;C05D;1108 1173 11AC; # (ì; ì; 쁝; ì; 쁝; ) HANGUL SYLLABLE BBEUNJ +C05E;C05E;1108 1173 11AD;C05E;1108 1173 11AD; # (ìž; ìž; 쁞; ìž; 쁞; ) HANGUL SYLLABLE BBEUNH +C05F;C05F;1108 1173 11AE;C05F;1108 1173 11AE; # (ìŸ; ìŸ; 쁟; ìŸ; 쁟; ) HANGUL SYLLABLE BBEUD +C060;C060;1108 1173 11AF;C060;1108 1173 11AF; # (ì ; ì ; 쁠; ì ; 쁠; ) HANGUL SYLLABLE BBEUL +C061;C061;1108 1173 11B0;C061;1108 1173 11B0; # (ì¡; ì¡; 쁡; ì¡; 쁡; ) HANGUL SYLLABLE BBEULG +C062;C062;1108 1173 11B1;C062;1108 1173 11B1; # (ì¢; ì¢; 쁢; ì¢; 쁢; ) HANGUL SYLLABLE BBEULM +C063;C063;1108 1173 11B2;C063;1108 1173 11B2; # (ì£; ì£; 쁣; ì£; 쁣; ) HANGUL SYLLABLE BBEULB +C064;C064;1108 1173 11B3;C064;1108 1173 11B3; # (ì¤; ì¤; 쁤; ì¤; 쁤; ) HANGUL SYLLABLE BBEULS +C065;C065;1108 1173 11B4;C065;1108 1173 11B4; # (ì¥; ì¥; 쁥; ì¥; 쁥; ) HANGUL SYLLABLE BBEULT +C066;C066;1108 1173 11B5;C066;1108 1173 11B5; # (ì¦; ì¦; 쁦; ì¦; 쁦; ) HANGUL SYLLABLE BBEULP +C067;C067;1108 1173 11B6;C067;1108 1173 11B6; # (ì§; ì§; 쁧; ì§; 쁧; ) HANGUL SYLLABLE BBEULH +C068;C068;1108 1173 11B7;C068;1108 1173 11B7; # (ì¨; ì¨; 쁨; ì¨; 쁨; ) HANGUL SYLLABLE BBEUM +C069;C069;1108 1173 11B8;C069;1108 1173 11B8; # (ì©; ì©; 쁩; ì©; 쁩; ) HANGUL SYLLABLE BBEUB +C06A;C06A;1108 1173 11B9;C06A;1108 1173 11B9; # (ìª; ìª; 쁪; ìª; 쁪; ) HANGUL SYLLABLE BBEUBS +C06B;C06B;1108 1173 11BA;C06B;1108 1173 11BA; # (ì«; ì«; 쁫; ì«; 쁫; ) HANGUL SYLLABLE BBEUS +C06C;C06C;1108 1173 11BB;C06C;1108 1173 11BB; # (ì¬; ì¬; 쁬; ì¬; 쁬; ) HANGUL SYLLABLE BBEUSS +C06D;C06D;1108 1173 11BC;C06D;1108 1173 11BC; # (ì­; ì­; 쁭; ì­; 쁭; ) HANGUL SYLLABLE BBEUNG +C06E;C06E;1108 1173 11BD;C06E;1108 1173 11BD; # (ì®; ì®; 쁮; ì®; 쁮; ) HANGUL SYLLABLE BBEUJ +C06F;C06F;1108 1173 11BE;C06F;1108 1173 11BE; # (ì¯; ì¯; 쁯; ì¯; 쁯; ) HANGUL SYLLABLE BBEUC +C070;C070;1108 1173 11BF;C070;1108 1173 11BF; # (ì°; ì°; 쁰; ì°; 쁰; ) HANGUL SYLLABLE BBEUK +C071;C071;1108 1173 11C0;C071;1108 1173 11C0; # (ì±; ì±; 쁱; ì±; 쁱; ) HANGUL SYLLABLE BBEUT +C072;C072;1108 1173 11C1;C072;1108 1173 11C1; # (ì²; ì²; 쁘á‡; ì²; 쁘á‡; ) HANGUL SYLLABLE BBEUP +C073;C073;1108 1173 11C2;C073;1108 1173 11C2; # (ì³; ì³; 쁳; ì³; 쁳; ) HANGUL SYLLABLE BBEUH +C074;C074;1108 1174;C074;1108 1174; # (ì´; ì´; 쁴; ì´; 쁴; ) HANGUL SYLLABLE BBYI +C075;C075;1108 1174 11A8;C075;1108 1174 11A8; # (ìµ; ìµ; 쁵; ìµ; 쁵; ) HANGUL SYLLABLE BBYIG +C076;C076;1108 1174 11A9;C076;1108 1174 11A9; # (ì¶; ì¶; 쁶; ì¶; 쁶; ) HANGUL SYLLABLE BBYIGG +C077;C077;1108 1174 11AA;C077;1108 1174 11AA; # (ì·; ì·; 쁷; ì·; 쁷; ) HANGUL SYLLABLE BBYIGS +C078;C078;1108 1174 11AB;C078;1108 1174 11AB; # (ì¸; ì¸; 쁸; ì¸; 쁸; ) HANGUL SYLLABLE BBYIN +C079;C079;1108 1174 11AC;C079;1108 1174 11AC; # (ì¹; ì¹; 쁹; ì¹; 쁹; ) HANGUL SYLLABLE BBYINJ +C07A;C07A;1108 1174 11AD;C07A;1108 1174 11AD; # (ìº; ìº; 쁺; ìº; 쁺; ) HANGUL SYLLABLE BBYINH +C07B;C07B;1108 1174 11AE;C07B;1108 1174 11AE; # (ì»; ì»; 쁻; ì»; 쁻; ) HANGUL SYLLABLE BBYID +C07C;C07C;1108 1174 11AF;C07C;1108 1174 11AF; # (ì¼; ì¼; 쁼; ì¼; 쁼; ) HANGUL SYLLABLE BBYIL +C07D;C07D;1108 1174 11B0;C07D;1108 1174 11B0; # (ì½; ì½; 쁽; ì½; 쁽; ) HANGUL SYLLABLE BBYILG +C07E;C07E;1108 1174 11B1;C07E;1108 1174 11B1; # (ì¾; ì¾; 쁾; ì¾; 쁾; ) HANGUL SYLLABLE BBYILM +C07F;C07F;1108 1174 11B2;C07F;1108 1174 11B2; # (ì¿; ì¿; 쁿; ì¿; 쁿; ) HANGUL SYLLABLE BBYILB +C080;C080;1108 1174 11B3;C080;1108 1174 11B3; # (ì‚€; ì‚€; 삀; ì‚€; 삀; ) HANGUL SYLLABLE BBYILS +C081;C081;1108 1174 11B4;C081;1108 1174 11B4; # (ì‚; ì‚; 삁; ì‚; 삁; ) HANGUL SYLLABLE BBYILT +C082;C082;1108 1174 11B5;C082;1108 1174 11B5; # (ì‚‚; ì‚‚; 삂; ì‚‚; 삂; ) HANGUL SYLLABLE BBYILP +C083;C083;1108 1174 11B6;C083;1108 1174 11B6; # (삃; 삃; 삃; 삃; 삃; ) HANGUL SYLLABLE BBYILH +C084;C084;1108 1174 11B7;C084;1108 1174 11B7; # (ì‚„; ì‚„; 삄; ì‚„; 삄; ) HANGUL SYLLABLE BBYIM +C085;C085;1108 1174 11B8;C085;1108 1174 11B8; # (ì‚…; ì‚…; 삅; ì‚…; 삅; ) HANGUL SYLLABLE BBYIB +C086;C086;1108 1174 11B9;C086;1108 1174 11B9; # (삆; 삆; 삆; 삆; 삆; ) HANGUL SYLLABLE BBYIBS +C087;C087;1108 1174 11BA;C087;1108 1174 11BA; # (삇; 삇; 삇; 삇; 삇; ) HANGUL SYLLABLE BBYIS +C088;C088;1108 1174 11BB;C088;1108 1174 11BB; # (삈; 삈; 삈; 삈; 삈; ) HANGUL SYLLABLE BBYISS +C089;C089;1108 1174 11BC;C089;1108 1174 11BC; # (삉; 삉; 삉; 삉; 삉; ) HANGUL SYLLABLE BBYING +C08A;C08A;1108 1174 11BD;C08A;1108 1174 11BD; # (ì‚Š; ì‚Š; 삊; ì‚Š; 삊; ) HANGUL SYLLABLE BBYIJ +C08B;C08B;1108 1174 11BE;C08B;1108 1174 11BE; # (ì‚‹; ì‚‹; 삋; ì‚‹; 삋; ) HANGUL SYLLABLE BBYIC +C08C;C08C;1108 1174 11BF;C08C;1108 1174 11BF; # (ì‚Œ; ì‚Œ; 삌; ì‚Œ; 삌; ) HANGUL SYLLABLE BBYIK +C08D;C08D;1108 1174 11C0;C08D;1108 1174 11C0; # (ì‚; ì‚; 삍; ì‚; 삍; ) HANGUL SYLLABLE BBYIT +C08E;C08E;1108 1174 11C1;C08E;1108 1174 11C1; # (ì‚Ž; ì‚Ž; 쁴á‡; ì‚Ž; 쁴á‡; ) HANGUL SYLLABLE BBYIP +C08F;C08F;1108 1174 11C2;C08F;1108 1174 11C2; # (ì‚; ì‚; 삏; ì‚; 삏; ) HANGUL SYLLABLE BBYIH +C090;C090;1108 1175;C090;1108 1175; # (ì‚; ì‚; 삐; ì‚; 삐; ) HANGUL SYLLABLE BBI +C091;C091;1108 1175 11A8;C091;1108 1175 11A8; # (ì‚‘; ì‚‘; 삑; ì‚‘; 삑; ) HANGUL SYLLABLE BBIG +C092;C092;1108 1175 11A9;C092;1108 1175 11A9; # (ì‚’; ì‚’; 삒; ì‚’; 삒; ) HANGUL SYLLABLE BBIGG +C093;C093;1108 1175 11AA;C093;1108 1175 11AA; # (ì‚“; ì‚“; 삓; ì‚“; 삓; ) HANGUL SYLLABLE BBIGS +C094;C094;1108 1175 11AB;C094;1108 1175 11AB; # (ì‚”; ì‚”; 삔; ì‚”; 삔; ) HANGUL SYLLABLE BBIN +C095;C095;1108 1175 11AC;C095;1108 1175 11AC; # (ì‚•; ì‚•; 삕; ì‚•; 삕; ) HANGUL SYLLABLE BBINJ +C096;C096;1108 1175 11AD;C096;1108 1175 11AD; # (ì‚–; ì‚–; 삖; ì‚–; 삖; ) HANGUL SYLLABLE BBINH +C097;C097;1108 1175 11AE;C097;1108 1175 11AE; # (ì‚—; ì‚—; 삗; ì‚—; 삗; ) HANGUL SYLLABLE BBID +C098;C098;1108 1175 11AF;C098;1108 1175 11AF; # (삘; 삘; 삘; 삘; 삘; ) HANGUL SYLLABLE BBIL +C099;C099;1108 1175 11B0;C099;1108 1175 11B0; # (ì‚™; ì‚™; 삙; ì‚™; 삙; ) HANGUL SYLLABLE BBILG +C09A;C09A;1108 1175 11B1;C09A;1108 1175 11B1; # (ì‚š; ì‚š; 삚; ì‚š; 삚; ) HANGUL SYLLABLE BBILM +C09B;C09B;1108 1175 11B2;C09B;1108 1175 11B2; # (ì‚›; ì‚›; 삛; ì‚›; 삛; ) HANGUL SYLLABLE BBILB +C09C;C09C;1108 1175 11B3;C09C;1108 1175 11B3; # (ì‚œ; ì‚œ; 삜; ì‚œ; 삜; ) HANGUL SYLLABLE BBILS +C09D;C09D;1108 1175 11B4;C09D;1108 1175 11B4; # (ì‚; ì‚; 삝; ì‚; 삝; ) HANGUL SYLLABLE BBILT +C09E;C09E;1108 1175 11B5;C09E;1108 1175 11B5; # (ì‚ž; ì‚ž; 삞; ì‚ž; 삞; ) HANGUL SYLLABLE BBILP +C09F;C09F;1108 1175 11B6;C09F;1108 1175 11B6; # (ì‚Ÿ; ì‚Ÿ; 삟; ì‚Ÿ; 삟; ) HANGUL SYLLABLE BBILH +C0A0;C0A0;1108 1175 11B7;C0A0;1108 1175 11B7; # (ì‚ ; ì‚ ; 삠; ì‚ ; 삠; ) HANGUL SYLLABLE BBIM +C0A1;C0A1;1108 1175 11B8;C0A1;1108 1175 11B8; # (ì‚¡; ì‚¡; 삡; ì‚¡; 삡; ) HANGUL SYLLABLE BBIB +C0A2;C0A2;1108 1175 11B9;C0A2;1108 1175 11B9; # (ì‚¢; ì‚¢; 삢; ì‚¢; 삢; ) HANGUL SYLLABLE BBIBS +C0A3;C0A3;1108 1175 11BA;C0A3;1108 1175 11BA; # (ì‚£; ì‚£; 삣; ì‚£; 삣; ) HANGUL SYLLABLE BBIS +C0A4;C0A4;1108 1175 11BB;C0A4;1108 1175 11BB; # (삤; 삤; 삤; 삤; 삤; ) HANGUL SYLLABLE BBISS +C0A5;C0A5;1108 1175 11BC;C0A5;1108 1175 11BC; # (ì‚¥; ì‚¥; 삥; ì‚¥; 삥; ) HANGUL SYLLABLE BBING +C0A6;C0A6;1108 1175 11BD;C0A6;1108 1175 11BD; # (삦; 삦; 삦; 삦; 삦; ) HANGUL SYLLABLE BBIJ +C0A7;C0A7;1108 1175 11BE;C0A7;1108 1175 11BE; # (삧; 삧; 삧; 삧; 삧; ) HANGUL SYLLABLE BBIC +C0A8;C0A8;1108 1175 11BF;C0A8;1108 1175 11BF; # (삨; 삨; 삨; 삨; 삨; ) HANGUL SYLLABLE BBIK +C0A9;C0A9;1108 1175 11C0;C0A9;1108 1175 11C0; # (ì‚©; ì‚©; 삩; ì‚©; 삩; ) HANGUL SYLLABLE BBIT +C0AA;C0AA;1108 1175 11C1;C0AA;1108 1175 11C1; # (삪; 삪; 삐á‡; 삪; 삐á‡; ) HANGUL SYLLABLE BBIP +C0AB;C0AB;1108 1175 11C2;C0AB;1108 1175 11C2; # (ì‚«; ì‚«; 삫; ì‚«; 삫; ) HANGUL SYLLABLE BBIH +C0AC;C0AC;1109 1161;C0AC;1109 1161; # (사; 사; 사; 사; 사; ) HANGUL SYLLABLE SA +C0AD;C0AD;1109 1161 11A8;C0AD;1109 1161 11A8; # (ì‚­; ì‚­; 삭; ì‚­; 삭; ) HANGUL SYLLABLE SAG +C0AE;C0AE;1109 1161 11A9;C0AE;1109 1161 11A9; # (ì‚®; ì‚®; 삮; ì‚®; 삮; ) HANGUL SYLLABLE SAGG +C0AF;C0AF;1109 1161 11AA;C0AF;1109 1161 11AA; # (삯; 삯; 삯; 삯; 삯; ) HANGUL SYLLABLE SAGS +C0B0;C0B0;1109 1161 11AB;C0B0;1109 1161 11AB; # (ì‚°; ì‚°; 산; ì‚°; 산; ) HANGUL SYLLABLE SAN +C0B1;C0B1;1109 1161 11AC;C0B1;1109 1161 11AC; # (삱; 삱; 삱; 삱; 삱; ) HANGUL SYLLABLE SANJ +C0B2;C0B2;1109 1161 11AD;C0B2;1109 1161 11AD; # (삲; 삲; 삲; 삲; 삲; ) HANGUL SYLLABLE SANH +C0B3;C0B3;1109 1161 11AE;C0B3;1109 1161 11AE; # (삳; 삳; 삳; 삳; 삳; ) HANGUL SYLLABLE SAD +C0B4;C0B4;1109 1161 11AF;C0B4;1109 1161 11AF; # (ì‚´; ì‚´; 살; ì‚´; 살; ) HANGUL SYLLABLE SAL +C0B5;C0B5;1109 1161 11B0;C0B5;1109 1161 11B0; # (삵; 삵; 삵; 삵; 삵; ) HANGUL SYLLABLE SALG +C0B6;C0B6;1109 1161 11B1;C0B6;1109 1161 11B1; # (삶; 삶; 삶; 삶; 삶; ) HANGUL SYLLABLE SALM +C0B7;C0B7;1109 1161 11B2;C0B7;1109 1161 11B2; # (ì‚·; ì‚·; 삷; ì‚·; 삷; ) HANGUL SYLLABLE SALB +C0B8;C0B8;1109 1161 11B3;C0B8;1109 1161 11B3; # (삸; 삸; 삸; 삸; 삸; ) HANGUL SYLLABLE SALS +C0B9;C0B9;1109 1161 11B4;C0B9;1109 1161 11B4; # (삹; 삹; 삹; 삹; 삹; ) HANGUL SYLLABLE SALT +C0BA;C0BA;1109 1161 11B5;C0BA;1109 1161 11B5; # (삺; 삺; 삺; 삺; 삺; ) HANGUL SYLLABLE SALP +C0BB;C0BB;1109 1161 11B6;C0BB;1109 1161 11B6; # (ì‚»; ì‚»; 삻; ì‚»; 삻; ) HANGUL SYLLABLE SALH +C0BC;C0BC;1109 1161 11B7;C0BC;1109 1161 11B7; # (삼; 삼; 삼; 삼; 삼; ) HANGUL SYLLABLE SAM +C0BD;C0BD;1109 1161 11B8;C0BD;1109 1161 11B8; # (삽; 삽; 삽; 삽; 삽; ) HANGUL SYLLABLE SAB +C0BE;C0BE;1109 1161 11B9;C0BE;1109 1161 11B9; # (삾; 삾; 삾; 삾; 삾; ) HANGUL SYLLABLE SABS +C0BF;C0BF;1109 1161 11BA;C0BF;1109 1161 11BA; # (ì‚¿; ì‚¿; 삿; ì‚¿; 삿; ) HANGUL SYLLABLE SAS +C0C0;C0C0;1109 1161 11BB;C0C0;1109 1161 11BB; # (샀; 샀; 샀; 샀; 샀; ) HANGUL SYLLABLE SASS +C0C1;C0C1;1109 1161 11BC;C0C1;1109 1161 11BC; # (ìƒ; ìƒ; 상; ìƒ; 상; ) HANGUL SYLLABLE SANG +C0C2;C0C2;1109 1161 11BD;C0C2;1109 1161 11BD; # (샂; 샂; 샂; 샂; 샂; ) HANGUL SYLLABLE SAJ +C0C3;C0C3;1109 1161 11BE;C0C3;1109 1161 11BE; # (샃; 샃; 샃; 샃; 샃; ) HANGUL SYLLABLE SAC +C0C4;C0C4;1109 1161 11BF;C0C4;1109 1161 11BF; # (샄; 샄; 샄; 샄; 샄; ) HANGUL SYLLABLE SAK +C0C5;C0C5;1109 1161 11C0;C0C5;1109 1161 11C0; # (샅; 샅; 샅; 샅; 샅; ) HANGUL SYLLABLE SAT +C0C6;C0C6;1109 1161 11C1;C0C6;1109 1161 11C1; # (샆; 샆; 사á‡; 샆; 사á‡; ) HANGUL SYLLABLE SAP +C0C7;C0C7;1109 1161 11C2;C0C7;1109 1161 11C2; # (샇; 샇; 샇; 샇; 샇; ) HANGUL SYLLABLE SAH +C0C8;C0C8;1109 1162;C0C8;1109 1162; # (새; 새; 새; 새; 새; ) HANGUL SYLLABLE SAE +C0C9;C0C9;1109 1162 11A8;C0C9;1109 1162 11A8; # (색; 색; 색; 색; 색; ) HANGUL SYLLABLE SAEG +C0CA;C0CA;1109 1162 11A9;C0CA;1109 1162 11A9; # (샊; 샊; 샊; 샊; 샊; ) HANGUL SYLLABLE SAEGG +C0CB;C0CB;1109 1162 11AA;C0CB;1109 1162 11AA; # (샋; 샋; 샋; 샋; 샋; ) HANGUL SYLLABLE SAEGS +C0CC;C0CC;1109 1162 11AB;C0CC;1109 1162 11AB; # (샌; 샌; 샌; 샌; 샌; ) HANGUL SYLLABLE SAEN +C0CD;C0CD;1109 1162 11AC;C0CD;1109 1162 11AC; # (ìƒ; ìƒ; 샍; ìƒ; 샍; ) HANGUL SYLLABLE SAENJ +C0CE;C0CE;1109 1162 11AD;C0CE;1109 1162 11AD; # (샎; 샎; 샎; 샎; 샎; ) HANGUL SYLLABLE SAENH +C0CF;C0CF;1109 1162 11AE;C0CF;1109 1162 11AE; # (ìƒ; ìƒ; 샏; ìƒ; 샏; ) HANGUL SYLLABLE SAED +C0D0;C0D0;1109 1162 11AF;C0D0;1109 1162 11AF; # (ìƒ; ìƒ; 샐; ìƒ; 샐; ) HANGUL SYLLABLE SAEL +C0D1;C0D1;1109 1162 11B0;C0D1;1109 1162 11B0; # (샑; 샑; 샑; 샑; 샑; ) HANGUL SYLLABLE SAELG +C0D2;C0D2;1109 1162 11B1;C0D2;1109 1162 11B1; # (샒; 샒; 샒; 샒; 샒; ) HANGUL SYLLABLE SAELM +C0D3;C0D3;1109 1162 11B2;C0D3;1109 1162 11B2; # (샓; 샓; 샓; 샓; 샓; ) HANGUL SYLLABLE SAELB +C0D4;C0D4;1109 1162 11B3;C0D4;1109 1162 11B3; # (샔; 샔; 샔; 샔; 샔; ) HANGUL SYLLABLE SAELS +C0D5;C0D5;1109 1162 11B4;C0D5;1109 1162 11B4; # (샕; 샕; 샕; 샕; 샕; ) HANGUL SYLLABLE SAELT +C0D6;C0D6;1109 1162 11B5;C0D6;1109 1162 11B5; # (샖; 샖; 샖; 샖; 샖; ) HANGUL SYLLABLE SAELP +C0D7;C0D7;1109 1162 11B6;C0D7;1109 1162 11B6; # (샗; 샗; 샗; 샗; 샗; ) HANGUL SYLLABLE SAELH +C0D8;C0D8;1109 1162 11B7;C0D8;1109 1162 11B7; # (샘; 샘; 샘; 샘; 샘; ) HANGUL SYLLABLE SAEM +C0D9;C0D9;1109 1162 11B8;C0D9;1109 1162 11B8; # (샙; 샙; 샙; 샙; 샙; ) HANGUL SYLLABLE SAEB +C0DA;C0DA;1109 1162 11B9;C0DA;1109 1162 11B9; # (샚; 샚; 샚; 샚; 샚; ) HANGUL SYLLABLE SAEBS +C0DB;C0DB;1109 1162 11BA;C0DB;1109 1162 11BA; # (샛; 샛; 샛; 샛; 샛; ) HANGUL SYLLABLE SAES +C0DC;C0DC;1109 1162 11BB;C0DC;1109 1162 11BB; # (샜; 샜; 샜; 샜; 샜; ) HANGUL SYLLABLE SAESS +C0DD;C0DD;1109 1162 11BC;C0DD;1109 1162 11BC; # (ìƒ; ìƒ; 생; ìƒ; 생; ) HANGUL SYLLABLE SAENG +C0DE;C0DE;1109 1162 11BD;C0DE;1109 1162 11BD; # (샞; 샞; 샞; 샞; 샞; ) HANGUL SYLLABLE SAEJ +C0DF;C0DF;1109 1162 11BE;C0DF;1109 1162 11BE; # (샟; 샟; 샟; 샟; 샟; ) HANGUL SYLLABLE SAEC +C0E0;C0E0;1109 1162 11BF;C0E0;1109 1162 11BF; # (샠; 샠; 샠; 샠; 샠; ) HANGUL SYLLABLE SAEK +C0E1;C0E1;1109 1162 11C0;C0E1;1109 1162 11C0; # (샡; 샡; 샡; 샡; 샡; ) HANGUL SYLLABLE SAET +C0E2;C0E2;1109 1162 11C1;C0E2;1109 1162 11C1; # (샢; 샢; 새á‡; 샢; 새á‡; ) HANGUL SYLLABLE SAEP +C0E3;C0E3;1109 1162 11C2;C0E3;1109 1162 11C2; # (샣; 샣; 샣; 샣; 샣; ) HANGUL SYLLABLE SAEH +C0E4;C0E4;1109 1163;C0E4;1109 1163; # (샤; 샤; 샤; 샤; 샤; ) HANGUL SYLLABLE SYA +C0E5;C0E5;1109 1163 11A8;C0E5;1109 1163 11A8; # (샥; 샥; 샥; 샥; 샥; ) HANGUL SYLLABLE SYAG +C0E6;C0E6;1109 1163 11A9;C0E6;1109 1163 11A9; # (샦; 샦; 샦; 샦; 샦; ) HANGUL SYLLABLE SYAGG +C0E7;C0E7;1109 1163 11AA;C0E7;1109 1163 11AA; # (샧; 샧; 샧; 샧; 샧; ) HANGUL SYLLABLE SYAGS +C0E8;C0E8;1109 1163 11AB;C0E8;1109 1163 11AB; # (샨; 샨; 샨; 샨; 샨; ) HANGUL SYLLABLE SYAN +C0E9;C0E9;1109 1163 11AC;C0E9;1109 1163 11AC; # (샩; 샩; 샩; 샩; 샩; ) HANGUL SYLLABLE SYANJ +C0EA;C0EA;1109 1163 11AD;C0EA;1109 1163 11AD; # (샪; 샪; 샪; 샪; 샪; ) HANGUL SYLLABLE SYANH +C0EB;C0EB;1109 1163 11AE;C0EB;1109 1163 11AE; # (샫; 샫; 샫; 샫; 샫; ) HANGUL SYLLABLE SYAD +C0EC;C0EC;1109 1163 11AF;C0EC;1109 1163 11AF; # (샬; 샬; 샬; 샬; 샬; ) HANGUL SYLLABLE SYAL +C0ED;C0ED;1109 1163 11B0;C0ED;1109 1163 11B0; # (샭; 샭; 샭; 샭; 샭; ) HANGUL SYLLABLE SYALG +C0EE;C0EE;1109 1163 11B1;C0EE;1109 1163 11B1; # (샮; 샮; 샮; 샮; 샮; ) HANGUL SYLLABLE SYALM +C0EF;C0EF;1109 1163 11B2;C0EF;1109 1163 11B2; # (샯; 샯; 샯; 샯; 샯; ) HANGUL SYLLABLE SYALB +C0F0;C0F0;1109 1163 11B3;C0F0;1109 1163 11B3; # (샰; 샰; 샰; 샰; 샰; ) HANGUL SYLLABLE SYALS +C0F1;C0F1;1109 1163 11B4;C0F1;1109 1163 11B4; # (샱; 샱; 샱; 샱; 샱; ) HANGUL SYLLABLE SYALT +C0F2;C0F2;1109 1163 11B5;C0F2;1109 1163 11B5; # (샲; 샲; 샲; 샲; 샲; ) HANGUL SYLLABLE SYALP +C0F3;C0F3;1109 1163 11B6;C0F3;1109 1163 11B6; # (샳; 샳; 샳; 샳; 샳; ) HANGUL SYLLABLE SYALH +C0F4;C0F4;1109 1163 11B7;C0F4;1109 1163 11B7; # (샴; 샴; 샴; 샴; 샴; ) HANGUL SYLLABLE SYAM +C0F5;C0F5;1109 1163 11B8;C0F5;1109 1163 11B8; # (샵; 샵; 샵; 샵; 샵; ) HANGUL SYLLABLE SYAB +C0F6;C0F6;1109 1163 11B9;C0F6;1109 1163 11B9; # (샶; 샶; 샶; 샶; 샶; ) HANGUL SYLLABLE SYABS +C0F7;C0F7;1109 1163 11BA;C0F7;1109 1163 11BA; # (샷; 샷; 샷; 샷; 샷; ) HANGUL SYLLABLE SYAS +C0F8;C0F8;1109 1163 11BB;C0F8;1109 1163 11BB; # (샸; 샸; 샸; 샸; 샸; ) HANGUL SYLLABLE SYASS +C0F9;C0F9;1109 1163 11BC;C0F9;1109 1163 11BC; # (샹; 샹; 샹; 샹; 샹; ) HANGUL SYLLABLE SYANG +C0FA;C0FA;1109 1163 11BD;C0FA;1109 1163 11BD; # (샺; 샺; 샺; 샺; 샺; ) HANGUL SYLLABLE SYAJ +C0FB;C0FB;1109 1163 11BE;C0FB;1109 1163 11BE; # (샻; 샻; 샻; 샻; 샻; ) HANGUL SYLLABLE SYAC +C0FC;C0FC;1109 1163 11BF;C0FC;1109 1163 11BF; # (샼; 샼; 샼; 샼; 샼; ) HANGUL SYLLABLE SYAK +C0FD;C0FD;1109 1163 11C0;C0FD;1109 1163 11C0; # (샽; 샽; 샽; 샽; 샽; ) HANGUL SYLLABLE SYAT +C0FE;C0FE;1109 1163 11C1;C0FE;1109 1163 11C1; # (샾; 샾; 샤á‡; 샾; 샤á‡; ) HANGUL SYLLABLE SYAP +C0FF;C0FF;1109 1163 11C2;C0FF;1109 1163 11C2; # (샿; 샿; 샿; 샿; 샿; ) HANGUL SYLLABLE SYAH +C100;C100;1109 1164;C100;1109 1164; # (ì„€; ì„€; 섀; ì„€; 섀; ) HANGUL SYLLABLE SYAE +C101;C101;1109 1164 11A8;C101;1109 1164 11A8; # (ì„; ì„; 섁; ì„; 섁; ) HANGUL SYLLABLE SYAEG +C102;C102;1109 1164 11A9;C102;1109 1164 11A9; # (ì„‚; ì„‚; 섂; ì„‚; 섂; ) HANGUL SYLLABLE SYAEGG +C103;C103;1109 1164 11AA;C103;1109 1164 11AA; # (섃; 섃; 섃; 섃; 섃; ) HANGUL SYLLABLE SYAEGS +C104;C104;1109 1164 11AB;C104;1109 1164 11AB; # (ì„„; ì„„; 섄; ì„„; 섄; ) HANGUL SYLLABLE SYAEN +C105;C105;1109 1164 11AC;C105;1109 1164 11AC; # (ì„…; ì„…; 섅; ì„…; 섅; ) HANGUL SYLLABLE SYAENJ +C106;C106;1109 1164 11AD;C106;1109 1164 11AD; # (섆; 섆; 섆; 섆; 섆; ) HANGUL SYLLABLE SYAENH +C107;C107;1109 1164 11AE;C107;1109 1164 11AE; # (섇; 섇; 섇; 섇; 섇; ) HANGUL SYLLABLE SYAED +C108;C108;1109 1164 11AF;C108;1109 1164 11AF; # (섈; 섈; 섈; 섈; 섈; ) HANGUL SYLLABLE SYAEL +C109;C109;1109 1164 11B0;C109;1109 1164 11B0; # (섉; 섉; 섉; 섉; 섉; ) HANGUL SYLLABLE SYAELG +C10A;C10A;1109 1164 11B1;C10A;1109 1164 11B1; # (ì„Š; ì„Š; 섊; ì„Š; 섊; ) HANGUL SYLLABLE SYAELM +C10B;C10B;1109 1164 11B2;C10B;1109 1164 11B2; # (ì„‹; ì„‹; 섋; ì„‹; 섋; ) HANGUL SYLLABLE SYAELB +C10C;C10C;1109 1164 11B3;C10C;1109 1164 11B3; # (ì„Œ; ì„Œ; 섌; ì„Œ; 섌; ) HANGUL SYLLABLE SYAELS +C10D;C10D;1109 1164 11B4;C10D;1109 1164 11B4; # (ì„; ì„; 섍; ì„; 섍; ) HANGUL SYLLABLE SYAELT +C10E;C10E;1109 1164 11B5;C10E;1109 1164 11B5; # (ì„Ž; ì„Ž; 섎; ì„Ž; 섎; ) HANGUL SYLLABLE SYAELP +C10F;C10F;1109 1164 11B6;C10F;1109 1164 11B6; # (ì„; ì„; 섏; ì„; 섏; ) HANGUL SYLLABLE SYAELH +C110;C110;1109 1164 11B7;C110;1109 1164 11B7; # (ì„; ì„; 섐; ì„; 섐; ) HANGUL SYLLABLE SYAEM +C111;C111;1109 1164 11B8;C111;1109 1164 11B8; # (ì„‘; ì„‘; 섑; ì„‘; 섑; ) HANGUL SYLLABLE SYAEB +C112;C112;1109 1164 11B9;C112;1109 1164 11B9; # (ì„’; ì„’; 섒; ì„’; 섒; ) HANGUL SYLLABLE SYAEBS +C113;C113;1109 1164 11BA;C113;1109 1164 11BA; # (ì„“; ì„“; 섓; ì„“; 섓; ) HANGUL SYLLABLE SYAES +C114;C114;1109 1164 11BB;C114;1109 1164 11BB; # (ì„”; ì„”; 섔; ì„”; 섔; ) HANGUL SYLLABLE SYAESS +C115;C115;1109 1164 11BC;C115;1109 1164 11BC; # (ì„•; ì„•; 섕; ì„•; 섕; ) HANGUL SYLLABLE SYAENG +C116;C116;1109 1164 11BD;C116;1109 1164 11BD; # (ì„–; ì„–; 섖; ì„–; 섖; ) HANGUL SYLLABLE SYAEJ +C117;C117;1109 1164 11BE;C117;1109 1164 11BE; # (ì„—; ì„—; 섗; ì„—; 섗; ) HANGUL SYLLABLE SYAEC +C118;C118;1109 1164 11BF;C118;1109 1164 11BF; # (섘; 섘; 섘; 섘; 섘; ) HANGUL SYLLABLE SYAEK +C119;C119;1109 1164 11C0;C119;1109 1164 11C0; # (ì„™; ì„™; 섙; ì„™; 섙; ) HANGUL SYLLABLE SYAET +C11A;C11A;1109 1164 11C1;C11A;1109 1164 11C1; # (ì„š; ì„š; 섀á‡; ì„š; 섀á‡; ) HANGUL SYLLABLE SYAEP +C11B;C11B;1109 1164 11C2;C11B;1109 1164 11C2; # (ì„›; ì„›; 섛; ì„›; 섛; ) HANGUL SYLLABLE SYAEH +C11C;C11C;1109 1165;C11C;1109 1165; # (ì„œ; ì„œ; 서; ì„œ; 서; ) HANGUL SYLLABLE SEO +C11D;C11D;1109 1165 11A8;C11D;1109 1165 11A8; # (ì„; ì„; 석; ì„; 석; ) HANGUL SYLLABLE SEOG +C11E;C11E;1109 1165 11A9;C11E;1109 1165 11A9; # (ì„ž; ì„ž; 섞; ì„ž; 섞; ) HANGUL SYLLABLE SEOGG +C11F;C11F;1109 1165 11AA;C11F;1109 1165 11AA; # (ì„Ÿ; ì„Ÿ; 섟; ì„Ÿ; 섟; ) HANGUL SYLLABLE SEOGS +C120;C120;1109 1165 11AB;C120;1109 1165 11AB; # (ì„ ; ì„ ; 선; ì„ ; 선; ) HANGUL SYLLABLE SEON +C121;C121;1109 1165 11AC;C121;1109 1165 11AC; # (ì„¡; ì„¡; 섡; ì„¡; 섡; ) HANGUL SYLLABLE SEONJ +C122;C122;1109 1165 11AD;C122;1109 1165 11AD; # (ì„¢; ì„¢; 섢; ì„¢; 섢; ) HANGUL SYLLABLE SEONH +C123;C123;1109 1165 11AE;C123;1109 1165 11AE; # (ì„£; ì„£; 섣; ì„£; 섣; ) HANGUL SYLLABLE SEOD +C124;C124;1109 1165 11AF;C124;1109 1165 11AF; # (설; 설; 설; 설; 설; ) HANGUL SYLLABLE SEOL +C125;C125;1109 1165 11B0;C125;1109 1165 11B0; # (ì„¥; ì„¥; 섥; ì„¥; 섥; ) HANGUL SYLLABLE SEOLG +C126;C126;1109 1165 11B1;C126;1109 1165 11B1; # (섦; 섦; 섦; 섦; 섦; ) HANGUL SYLLABLE SEOLM +C127;C127;1109 1165 11B2;C127;1109 1165 11B2; # (섧; 섧; 섧; 섧; 섧; ) HANGUL SYLLABLE SEOLB +C128;C128;1109 1165 11B3;C128;1109 1165 11B3; # (섨; 섨; 섨; 섨; 섨; ) HANGUL SYLLABLE SEOLS +C129;C129;1109 1165 11B4;C129;1109 1165 11B4; # (ì„©; ì„©; 섩; ì„©; 섩; ) HANGUL SYLLABLE SEOLT +C12A;C12A;1109 1165 11B5;C12A;1109 1165 11B5; # (섪; 섪; 섪; 섪; 섪; ) HANGUL SYLLABLE SEOLP +C12B;C12B;1109 1165 11B6;C12B;1109 1165 11B6; # (ì„«; ì„«; 섫; ì„«; 섫; ) HANGUL SYLLABLE SEOLH +C12C;C12C;1109 1165 11B7;C12C;1109 1165 11B7; # (섬; 섬; 섬; 섬; 섬; ) HANGUL SYLLABLE SEOM +C12D;C12D;1109 1165 11B8;C12D;1109 1165 11B8; # (ì„­; ì„­; 섭; ì„­; 섭; ) HANGUL SYLLABLE SEOB +C12E;C12E;1109 1165 11B9;C12E;1109 1165 11B9; # (ì„®; ì„®; 섮; ì„®; 섮; ) HANGUL SYLLABLE SEOBS +C12F;C12F;1109 1165 11BA;C12F;1109 1165 11BA; # (섯; 섯; 섯; 섯; 섯; ) HANGUL SYLLABLE SEOS +C130;C130;1109 1165 11BB;C130;1109 1165 11BB; # (ì„°; ì„°; 섰; ì„°; 섰; ) HANGUL SYLLABLE SEOSS +C131;C131;1109 1165 11BC;C131;1109 1165 11BC; # (성; 성; 성; 성; 성; ) HANGUL SYLLABLE SEONG +C132;C132;1109 1165 11BD;C132;1109 1165 11BD; # (섲; 섲; 섲; 섲; 섲; ) HANGUL SYLLABLE SEOJ +C133;C133;1109 1165 11BE;C133;1109 1165 11BE; # (섳; 섳; 섳; 섳; 섳; ) HANGUL SYLLABLE SEOC +C134;C134;1109 1165 11BF;C134;1109 1165 11BF; # (ì„´; ì„´; 섴; ì„´; 섴; ) HANGUL SYLLABLE SEOK +C135;C135;1109 1165 11C0;C135;1109 1165 11C0; # (섵; 섵; 섵; 섵; 섵; ) HANGUL SYLLABLE SEOT +C136;C136;1109 1165 11C1;C136;1109 1165 11C1; # (섶; 섶; 서á‡; 섶; 서á‡; ) HANGUL SYLLABLE SEOP +C137;C137;1109 1165 11C2;C137;1109 1165 11C2; # (ì„·; ì„·; 섷; ì„·; 섷; ) HANGUL SYLLABLE SEOH +C138;C138;1109 1166;C138;1109 1166; # (세; 세; 세; 세; 세; ) HANGUL SYLLABLE SE +C139;C139;1109 1166 11A8;C139;1109 1166 11A8; # (섹; 섹; 섹; 섹; 섹; ) HANGUL SYLLABLE SEG +C13A;C13A;1109 1166 11A9;C13A;1109 1166 11A9; # (섺; 섺; 섺; 섺; 섺; ) HANGUL SYLLABLE SEGG +C13B;C13B;1109 1166 11AA;C13B;1109 1166 11AA; # (ì„»; ì„»; 섻; ì„»; 섻; ) HANGUL SYLLABLE SEGS +C13C;C13C;1109 1166 11AB;C13C;1109 1166 11AB; # (센; 센; 센; 센; 센; ) HANGUL SYLLABLE SEN +C13D;C13D;1109 1166 11AC;C13D;1109 1166 11AC; # (섽; 섽; 섽; 섽; 섽; ) HANGUL SYLLABLE SENJ +C13E;C13E;1109 1166 11AD;C13E;1109 1166 11AD; # (섾; 섾; 섾; 섾; 섾; ) HANGUL SYLLABLE SENH +C13F;C13F;1109 1166 11AE;C13F;1109 1166 11AE; # (ì„¿; ì„¿; 섿; ì„¿; 섿; ) HANGUL SYLLABLE SED +C140;C140;1109 1166 11AF;C140;1109 1166 11AF; # (ì…€; ì…€; 셀; ì…€; 셀; ) HANGUL SYLLABLE SEL +C141;C141;1109 1166 11B0;C141;1109 1166 11B0; # (ì…; ì…; 셁; ì…; 셁; ) HANGUL SYLLABLE SELG +C142;C142;1109 1166 11B1;C142;1109 1166 11B1; # (ì…‚; ì…‚; 셂; ì…‚; 셂; ) HANGUL SYLLABLE SELM +C143;C143;1109 1166 11B2;C143;1109 1166 11B2; # (ì…ƒ; ì…ƒ; 셃; ì…ƒ; 셃; ) HANGUL SYLLABLE SELB +C144;C144;1109 1166 11B3;C144;1109 1166 11B3; # (ì…„; ì…„; 셄; ì…„; 셄; ) HANGUL SYLLABLE SELS +C145;C145;1109 1166 11B4;C145;1109 1166 11B4; # (ì……; ì……; 셅; ì……; 셅; ) HANGUL SYLLABLE SELT +C146;C146;1109 1166 11B5;C146;1109 1166 11B5; # (ì…†; ì…†; 셆; ì…†; 셆; ) HANGUL SYLLABLE SELP +C147;C147;1109 1166 11B6;C147;1109 1166 11B6; # (ì…‡; ì…‡; 셇; ì…‡; 셇; ) HANGUL SYLLABLE SELH +C148;C148;1109 1166 11B7;C148;1109 1166 11B7; # (ì…ˆ; ì…ˆ; 셈; ì…ˆ; 셈; ) HANGUL SYLLABLE SEM +C149;C149;1109 1166 11B8;C149;1109 1166 11B8; # (ì…‰; ì…‰; 셉; ì…‰; 셉; ) HANGUL SYLLABLE SEB +C14A;C14A;1109 1166 11B9;C14A;1109 1166 11B9; # (ì…Š; ì…Š; 셊; ì…Š; 셊; ) HANGUL SYLLABLE SEBS +C14B;C14B;1109 1166 11BA;C14B;1109 1166 11BA; # (ì…‹; ì…‹; 셋; ì…‹; 셋; ) HANGUL SYLLABLE SES +C14C;C14C;1109 1166 11BB;C14C;1109 1166 11BB; # (ì…Œ; ì…Œ; 셌; ì…Œ; 셌; ) HANGUL SYLLABLE SESS +C14D;C14D;1109 1166 11BC;C14D;1109 1166 11BC; # (ì…; ì…; 셍; ì…; 셍; ) HANGUL SYLLABLE SENG +C14E;C14E;1109 1166 11BD;C14E;1109 1166 11BD; # (ì…Ž; ì…Ž; 셎; ì…Ž; 셎; ) HANGUL SYLLABLE SEJ +C14F;C14F;1109 1166 11BE;C14F;1109 1166 11BE; # (ì…; ì…; 셏; ì…; 셏; ) HANGUL SYLLABLE SEC +C150;C150;1109 1166 11BF;C150;1109 1166 11BF; # (ì…; ì…; 셐; ì…; 셐; ) HANGUL SYLLABLE SEK +C151;C151;1109 1166 11C0;C151;1109 1166 11C0; # (ì…‘; ì…‘; 셑; ì…‘; 셑; ) HANGUL SYLLABLE SET +C152;C152;1109 1166 11C1;C152;1109 1166 11C1; # (ì…’; ì…’; 세á‡; ì…’; 세á‡; ) HANGUL SYLLABLE SEP +C153;C153;1109 1166 11C2;C153;1109 1166 11C2; # (ì…“; ì…“; 셓; ì…“; 셓; ) HANGUL SYLLABLE SEH +C154;C154;1109 1167;C154;1109 1167; # (ì…”; ì…”; 셔; ì…”; 셔; ) HANGUL SYLLABLE SYEO +C155;C155;1109 1167 11A8;C155;1109 1167 11A8; # (ì…•; ì…•; 셕; ì…•; 셕; ) HANGUL SYLLABLE SYEOG +C156;C156;1109 1167 11A9;C156;1109 1167 11A9; # (ì…–; ì…–; 셖; ì…–; 셖; ) HANGUL SYLLABLE SYEOGG +C157;C157;1109 1167 11AA;C157;1109 1167 11AA; # (ì…—; ì…—; 셗; ì…—; 셗; ) HANGUL SYLLABLE SYEOGS +C158;C158;1109 1167 11AB;C158;1109 1167 11AB; # (ì…˜; ì…˜; 션; ì…˜; 션; ) HANGUL SYLLABLE SYEON +C159;C159;1109 1167 11AC;C159;1109 1167 11AC; # (ì…™; ì…™; 셙; ì…™; 셙; ) HANGUL SYLLABLE SYEONJ +C15A;C15A;1109 1167 11AD;C15A;1109 1167 11AD; # (ì…š; ì…š; 셚; ì…š; 셚; ) HANGUL SYLLABLE SYEONH +C15B;C15B;1109 1167 11AE;C15B;1109 1167 11AE; # (ì…›; ì…›; 셛; ì…›; 셛; ) HANGUL SYLLABLE SYEOD +C15C;C15C;1109 1167 11AF;C15C;1109 1167 11AF; # (ì…œ; ì…œ; 셜; ì…œ; 셜; ) HANGUL SYLLABLE SYEOL +C15D;C15D;1109 1167 11B0;C15D;1109 1167 11B0; # (ì…; ì…; 셝; ì…; 셝; ) HANGUL SYLLABLE SYEOLG +C15E;C15E;1109 1167 11B1;C15E;1109 1167 11B1; # (ì…ž; ì…ž; 셞; ì…ž; 셞; ) HANGUL SYLLABLE SYEOLM +C15F;C15F;1109 1167 11B2;C15F;1109 1167 11B2; # (ì…Ÿ; ì…Ÿ; 셟; ì…Ÿ; 셟; ) HANGUL SYLLABLE SYEOLB +C160;C160;1109 1167 11B3;C160;1109 1167 11B3; # (ì… ; ì… ; 셠; ì… ; 셠; ) HANGUL SYLLABLE SYEOLS +C161;C161;1109 1167 11B4;C161;1109 1167 11B4; # (ì…¡; ì…¡; 셡; ì…¡; 셡; ) HANGUL SYLLABLE SYEOLT +C162;C162;1109 1167 11B5;C162;1109 1167 11B5; # (ì…¢; ì…¢; 셢; ì…¢; 셢; ) HANGUL SYLLABLE SYEOLP +C163;C163;1109 1167 11B6;C163;1109 1167 11B6; # (ì…£; ì…£; 셣; ì…£; 셣; ) HANGUL SYLLABLE SYEOLH +C164;C164;1109 1167 11B7;C164;1109 1167 11B7; # (ì…¤; ì…¤; 셤; ì…¤; 셤; ) HANGUL SYLLABLE SYEOM +C165;C165;1109 1167 11B8;C165;1109 1167 11B8; # (ì…¥; ì…¥; 셥; ì…¥; 셥; ) HANGUL SYLLABLE SYEOB +C166;C166;1109 1167 11B9;C166;1109 1167 11B9; # (ì…¦; ì…¦; 셦; ì…¦; 셦; ) HANGUL SYLLABLE SYEOBS +C167;C167;1109 1167 11BA;C167;1109 1167 11BA; # (ì…§; ì…§; 셧; ì…§; 셧; ) HANGUL SYLLABLE SYEOS +C168;C168;1109 1167 11BB;C168;1109 1167 11BB; # (ì…¨; ì…¨; 셨; ì…¨; 셨; ) HANGUL SYLLABLE SYEOSS +C169;C169;1109 1167 11BC;C169;1109 1167 11BC; # (ì…©; ì…©; 셩; ì…©; 셩; ) HANGUL SYLLABLE SYEONG +C16A;C16A;1109 1167 11BD;C16A;1109 1167 11BD; # (ì…ª; ì…ª; 셪; ì…ª; 셪; ) HANGUL SYLLABLE SYEOJ +C16B;C16B;1109 1167 11BE;C16B;1109 1167 11BE; # (ì…«; ì…«; 셫; ì…«; 셫; ) HANGUL SYLLABLE SYEOC +C16C;C16C;1109 1167 11BF;C16C;1109 1167 11BF; # (ì…¬; ì…¬; 셬; ì…¬; 셬; ) HANGUL SYLLABLE SYEOK +C16D;C16D;1109 1167 11C0;C16D;1109 1167 11C0; # (ì…­; ì…­; 셭; ì…­; 셭; ) HANGUL SYLLABLE SYEOT +C16E;C16E;1109 1167 11C1;C16E;1109 1167 11C1; # (ì…®; ì…®; 셔á‡; ì…®; 셔á‡; ) HANGUL SYLLABLE SYEOP +C16F;C16F;1109 1167 11C2;C16F;1109 1167 11C2; # (ì…¯; ì…¯; 셯; ì…¯; 셯; ) HANGUL SYLLABLE SYEOH +C170;C170;1109 1168;C170;1109 1168; # (ì…°; ì…°; 셰; ì…°; 셰; ) HANGUL SYLLABLE SYE +C171;C171;1109 1168 11A8;C171;1109 1168 11A8; # (ì…±; ì…±; 셱; ì…±; 셱; ) HANGUL SYLLABLE SYEG +C172;C172;1109 1168 11A9;C172;1109 1168 11A9; # (ì…²; ì…²; 셲; ì…²; 셲; ) HANGUL SYLLABLE SYEGG +C173;C173;1109 1168 11AA;C173;1109 1168 11AA; # (ì…³; ì…³; 셳; ì…³; 셳; ) HANGUL SYLLABLE SYEGS +C174;C174;1109 1168 11AB;C174;1109 1168 11AB; # (ì…´; ì…´; 셴; ì…´; 셴; ) HANGUL SYLLABLE SYEN +C175;C175;1109 1168 11AC;C175;1109 1168 11AC; # (ì…µ; ì…µ; 셵; ì…µ; 셵; ) HANGUL SYLLABLE SYENJ +C176;C176;1109 1168 11AD;C176;1109 1168 11AD; # (ì…¶; ì…¶; 셶; ì…¶; 셶; ) HANGUL SYLLABLE SYENH +C177;C177;1109 1168 11AE;C177;1109 1168 11AE; # (ì…·; ì…·; 셷; ì…·; 셷; ) HANGUL SYLLABLE SYED +C178;C178;1109 1168 11AF;C178;1109 1168 11AF; # (ì…¸; ì…¸; 셸; ì…¸; 셸; ) HANGUL SYLLABLE SYEL +C179;C179;1109 1168 11B0;C179;1109 1168 11B0; # (ì…¹; ì…¹; 셹; ì…¹; 셹; ) HANGUL SYLLABLE SYELG +C17A;C17A;1109 1168 11B1;C17A;1109 1168 11B1; # (ì…º; ì…º; 셺; ì…º; 셺; ) HANGUL SYLLABLE SYELM +C17B;C17B;1109 1168 11B2;C17B;1109 1168 11B2; # (ì…»; ì…»; 셻; ì…»; 셻; ) HANGUL SYLLABLE SYELB +C17C;C17C;1109 1168 11B3;C17C;1109 1168 11B3; # (ì…¼; ì…¼; 셼; ì…¼; 셼; ) HANGUL SYLLABLE SYELS +C17D;C17D;1109 1168 11B4;C17D;1109 1168 11B4; # (ì…½; ì…½; 셽; ì…½; 셽; ) HANGUL SYLLABLE SYELT +C17E;C17E;1109 1168 11B5;C17E;1109 1168 11B5; # (ì…¾; ì…¾; 셾; ì…¾; 셾; ) HANGUL SYLLABLE SYELP +C17F;C17F;1109 1168 11B6;C17F;1109 1168 11B6; # (ì…¿; ì…¿; 셿; ì…¿; 셿; ) HANGUL SYLLABLE SYELH +C180;C180;1109 1168 11B7;C180;1109 1168 11B7; # (솀; 솀; 솀; 솀; 솀; ) HANGUL SYLLABLE SYEM +C181;C181;1109 1168 11B8;C181;1109 1168 11B8; # (ì†; ì†; 솁; ì†; 솁; ) HANGUL SYLLABLE SYEB +C182;C182;1109 1168 11B9;C182;1109 1168 11B9; # (솂; 솂; 솂; 솂; 솂; ) HANGUL SYLLABLE SYEBS +C183;C183;1109 1168 11BA;C183;1109 1168 11BA; # (솃; 솃; 솃; 솃; 솃; ) HANGUL SYLLABLE SYES +C184;C184;1109 1168 11BB;C184;1109 1168 11BB; # (솄; 솄; 솄; 솄; 솄; ) HANGUL SYLLABLE SYESS +C185;C185;1109 1168 11BC;C185;1109 1168 11BC; # (솅; 솅; 솅; 솅; 솅; ) HANGUL SYLLABLE SYENG +C186;C186;1109 1168 11BD;C186;1109 1168 11BD; # (솆; 솆; 솆; 솆; 솆; ) HANGUL SYLLABLE SYEJ +C187;C187;1109 1168 11BE;C187;1109 1168 11BE; # (솇; 솇; 솇; 솇; 솇; ) HANGUL SYLLABLE SYEC +C188;C188;1109 1168 11BF;C188;1109 1168 11BF; # (솈; 솈; 솈; 솈; 솈; ) HANGUL SYLLABLE SYEK +C189;C189;1109 1168 11C0;C189;1109 1168 11C0; # (솉; 솉; 솉; 솉; 솉; ) HANGUL SYLLABLE SYET +C18A;C18A;1109 1168 11C1;C18A;1109 1168 11C1; # (솊; 솊; 셰á‡; 솊; 셰á‡; ) HANGUL SYLLABLE SYEP +C18B;C18B;1109 1168 11C2;C18B;1109 1168 11C2; # (솋; 솋; 솋; 솋; 솋; ) HANGUL SYLLABLE SYEH +C18C;C18C;1109 1169;C18C;1109 1169; # (소; 소; 소; 소; 소; ) HANGUL SYLLABLE SO +C18D;C18D;1109 1169 11A8;C18D;1109 1169 11A8; # (ì†; ì†; 속; ì†; 속; ) HANGUL SYLLABLE SOG +C18E;C18E;1109 1169 11A9;C18E;1109 1169 11A9; # (솎; 솎; 솎; 솎; 솎; ) HANGUL SYLLABLE SOGG +C18F;C18F;1109 1169 11AA;C18F;1109 1169 11AA; # (ì†; ì†; 솏; ì†; 솏; ) HANGUL SYLLABLE SOGS +C190;C190;1109 1169 11AB;C190;1109 1169 11AB; # (ì†; ì†; 손; ì†; 손; ) HANGUL SYLLABLE SON +C191;C191;1109 1169 11AC;C191;1109 1169 11AC; # (솑; 솑; 솑; 솑; 솑; ) HANGUL SYLLABLE SONJ +C192;C192;1109 1169 11AD;C192;1109 1169 11AD; # (솒; 솒; 솒; 솒; 솒; ) HANGUL SYLLABLE SONH +C193;C193;1109 1169 11AE;C193;1109 1169 11AE; # (솓; 솓; 솓; 솓; 솓; ) HANGUL SYLLABLE SOD +C194;C194;1109 1169 11AF;C194;1109 1169 11AF; # (솔; 솔; 솔; 솔; 솔; ) HANGUL SYLLABLE SOL +C195;C195;1109 1169 11B0;C195;1109 1169 11B0; # (솕; 솕; 솕; 솕; 솕; ) HANGUL SYLLABLE SOLG +C196;C196;1109 1169 11B1;C196;1109 1169 11B1; # (솖; 솖; 솖; 솖; 솖; ) HANGUL SYLLABLE SOLM +C197;C197;1109 1169 11B2;C197;1109 1169 11B2; # (솗; 솗; 솗; 솗; 솗; ) HANGUL SYLLABLE SOLB +C198;C198;1109 1169 11B3;C198;1109 1169 11B3; # (솘; 솘; 솘; 솘; 솘; ) HANGUL SYLLABLE SOLS +C199;C199;1109 1169 11B4;C199;1109 1169 11B4; # (솙; 솙; 솙; 솙; 솙; ) HANGUL SYLLABLE SOLT +C19A;C19A;1109 1169 11B5;C19A;1109 1169 11B5; # (솚; 솚; 솚; 솚; 솚; ) HANGUL SYLLABLE SOLP +C19B;C19B;1109 1169 11B6;C19B;1109 1169 11B6; # (솛; 솛; 솛; 솛; 솛; ) HANGUL SYLLABLE SOLH +C19C;C19C;1109 1169 11B7;C19C;1109 1169 11B7; # (솜; 솜; 솜; 솜; 솜; ) HANGUL SYLLABLE SOM +C19D;C19D;1109 1169 11B8;C19D;1109 1169 11B8; # (ì†; ì†; 솝; ì†; 솝; ) HANGUL SYLLABLE SOB +C19E;C19E;1109 1169 11B9;C19E;1109 1169 11B9; # (솞; 솞; 솞; 솞; 솞; ) HANGUL SYLLABLE SOBS +C19F;C19F;1109 1169 11BA;C19F;1109 1169 11BA; # (솟; 솟; 솟; 솟; 솟; ) HANGUL SYLLABLE SOS +C1A0;C1A0;1109 1169 11BB;C1A0;1109 1169 11BB; # (솠; 솠; 솠; 솠; 솠; ) HANGUL SYLLABLE SOSS +C1A1;C1A1;1109 1169 11BC;C1A1;1109 1169 11BC; # (송; 송; 송; 송; 송; ) HANGUL SYLLABLE SONG +C1A2;C1A2;1109 1169 11BD;C1A2;1109 1169 11BD; # (솢; 솢; 솢; 솢; 솢; ) HANGUL SYLLABLE SOJ +C1A3;C1A3;1109 1169 11BE;C1A3;1109 1169 11BE; # (솣; 솣; 솣; 솣; 솣; ) HANGUL SYLLABLE SOC +C1A4;C1A4;1109 1169 11BF;C1A4;1109 1169 11BF; # (솤; 솤; 솤; 솤; 솤; ) HANGUL SYLLABLE SOK +C1A5;C1A5;1109 1169 11C0;C1A5;1109 1169 11C0; # (솥; 솥; 솥; 솥; 솥; ) HANGUL SYLLABLE SOT +C1A6;C1A6;1109 1169 11C1;C1A6;1109 1169 11C1; # (솦; 솦; 소á‡; 솦; 소á‡; ) HANGUL SYLLABLE SOP +C1A7;C1A7;1109 1169 11C2;C1A7;1109 1169 11C2; # (솧; 솧; 솧; 솧; 솧; ) HANGUL SYLLABLE SOH +C1A8;C1A8;1109 116A;C1A8;1109 116A; # (솨; 솨; 솨; 솨; 솨; ) HANGUL SYLLABLE SWA +C1A9;C1A9;1109 116A 11A8;C1A9;1109 116A 11A8; # (솩; 솩; 솩; 솩; 솩; ) HANGUL SYLLABLE SWAG +C1AA;C1AA;1109 116A 11A9;C1AA;1109 116A 11A9; # (솪; 솪; 솪; 솪; 솪; ) HANGUL SYLLABLE SWAGG +C1AB;C1AB;1109 116A 11AA;C1AB;1109 116A 11AA; # (솫; 솫; 솫; 솫; 솫; ) HANGUL SYLLABLE SWAGS +C1AC;C1AC;1109 116A 11AB;C1AC;1109 116A 11AB; # (솬; 솬; 솬; 솬; 솬; ) HANGUL SYLLABLE SWAN +C1AD;C1AD;1109 116A 11AC;C1AD;1109 116A 11AC; # (솭; 솭; 솭; 솭; 솭; ) HANGUL SYLLABLE SWANJ +C1AE;C1AE;1109 116A 11AD;C1AE;1109 116A 11AD; # (솮; 솮; 솮; 솮; 솮; ) HANGUL SYLLABLE SWANH +C1AF;C1AF;1109 116A 11AE;C1AF;1109 116A 11AE; # (솯; 솯; 솯; 솯; 솯; ) HANGUL SYLLABLE SWAD +C1B0;C1B0;1109 116A 11AF;C1B0;1109 116A 11AF; # (솰; 솰; 솰; 솰; 솰; ) HANGUL SYLLABLE SWAL +C1B1;C1B1;1109 116A 11B0;C1B1;1109 116A 11B0; # (솱; 솱; 솱; 솱; 솱; ) HANGUL SYLLABLE SWALG +C1B2;C1B2;1109 116A 11B1;C1B2;1109 116A 11B1; # (솲; 솲; 솲; 솲; 솲; ) HANGUL SYLLABLE SWALM +C1B3;C1B3;1109 116A 11B2;C1B3;1109 116A 11B2; # (솳; 솳; 솳; 솳; 솳; ) HANGUL SYLLABLE SWALB +C1B4;C1B4;1109 116A 11B3;C1B4;1109 116A 11B3; # (솴; 솴; 솴; 솴; 솴; ) HANGUL SYLLABLE SWALS +C1B5;C1B5;1109 116A 11B4;C1B5;1109 116A 11B4; # (솵; 솵; 솵; 솵; 솵; ) HANGUL SYLLABLE SWALT +C1B6;C1B6;1109 116A 11B5;C1B6;1109 116A 11B5; # (솶; 솶; 솶; 솶; 솶; ) HANGUL SYLLABLE SWALP +C1B7;C1B7;1109 116A 11B6;C1B7;1109 116A 11B6; # (솷; 솷; 솷; 솷; 솷; ) HANGUL SYLLABLE SWALH +C1B8;C1B8;1109 116A 11B7;C1B8;1109 116A 11B7; # (솸; 솸; 솸; 솸; 솸; ) HANGUL SYLLABLE SWAM +C1B9;C1B9;1109 116A 11B8;C1B9;1109 116A 11B8; # (솹; 솹; 솹; 솹; 솹; ) HANGUL SYLLABLE SWAB +C1BA;C1BA;1109 116A 11B9;C1BA;1109 116A 11B9; # (솺; 솺; 솺; 솺; 솺; ) HANGUL SYLLABLE SWABS +C1BB;C1BB;1109 116A 11BA;C1BB;1109 116A 11BA; # (솻; 솻; 솻; 솻; 솻; ) HANGUL SYLLABLE SWAS +C1BC;C1BC;1109 116A 11BB;C1BC;1109 116A 11BB; # (솼; 솼; 솼; 솼; 솼; ) HANGUL SYLLABLE SWASS +C1BD;C1BD;1109 116A 11BC;C1BD;1109 116A 11BC; # (솽; 솽; 솽; 솽; 솽; ) HANGUL SYLLABLE SWANG +C1BE;C1BE;1109 116A 11BD;C1BE;1109 116A 11BD; # (솾; 솾; 솾; 솾; 솾; ) HANGUL SYLLABLE SWAJ +C1BF;C1BF;1109 116A 11BE;C1BF;1109 116A 11BE; # (솿; 솿; 솿; 솿; 솿; ) HANGUL SYLLABLE SWAC +C1C0;C1C0;1109 116A 11BF;C1C0;1109 116A 11BF; # (쇀; 쇀; 쇀; 쇀; 쇀; ) HANGUL SYLLABLE SWAK +C1C1;C1C1;1109 116A 11C0;C1C1;1109 116A 11C0; # (ì‡; ì‡; 쇁; ì‡; 쇁; ) HANGUL SYLLABLE SWAT +C1C2;C1C2;1109 116A 11C1;C1C2;1109 116A 11C1; # (쇂; 쇂; 솨á‡; 쇂; 솨á‡; ) HANGUL SYLLABLE SWAP +C1C3;C1C3;1109 116A 11C2;C1C3;1109 116A 11C2; # (쇃; 쇃; 쇃; 쇃; 쇃; ) HANGUL SYLLABLE SWAH +C1C4;C1C4;1109 116B;C1C4;1109 116B; # (쇄; 쇄; 쇄; 쇄; 쇄; ) HANGUL SYLLABLE SWAE +C1C5;C1C5;1109 116B 11A8;C1C5;1109 116B 11A8; # (쇅; 쇅; 쇅; 쇅; 쇅; ) HANGUL SYLLABLE SWAEG +C1C6;C1C6;1109 116B 11A9;C1C6;1109 116B 11A9; # (쇆; 쇆; 쇆; 쇆; 쇆; ) HANGUL SYLLABLE SWAEGG +C1C7;C1C7;1109 116B 11AA;C1C7;1109 116B 11AA; # (쇇; 쇇; 쇇; 쇇; 쇇; ) HANGUL SYLLABLE SWAEGS +C1C8;C1C8;1109 116B 11AB;C1C8;1109 116B 11AB; # (쇈; 쇈; 쇈; 쇈; 쇈; ) HANGUL SYLLABLE SWAEN +C1C9;C1C9;1109 116B 11AC;C1C9;1109 116B 11AC; # (쇉; 쇉; 쇉; 쇉; 쇉; ) HANGUL SYLLABLE SWAENJ +C1CA;C1CA;1109 116B 11AD;C1CA;1109 116B 11AD; # (쇊; 쇊; 쇊; 쇊; 쇊; ) HANGUL SYLLABLE SWAENH +C1CB;C1CB;1109 116B 11AE;C1CB;1109 116B 11AE; # (쇋; 쇋; 쇋; 쇋; 쇋; ) HANGUL SYLLABLE SWAED +C1CC;C1CC;1109 116B 11AF;C1CC;1109 116B 11AF; # (쇌; 쇌; 쇌; 쇌; 쇌; ) HANGUL SYLLABLE SWAEL +C1CD;C1CD;1109 116B 11B0;C1CD;1109 116B 11B0; # (ì‡; ì‡; 쇍; ì‡; 쇍; ) HANGUL SYLLABLE SWAELG +C1CE;C1CE;1109 116B 11B1;C1CE;1109 116B 11B1; # (쇎; 쇎; 쇎; 쇎; 쇎; ) HANGUL SYLLABLE SWAELM +C1CF;C1CF;1109 116B 11B2;C1CF;1109 116B 11B2; # (ì‡; ì‡; 쇏; ì‡; 쇏; ) HANGUL SYLLABLE SWAELB +C1D0;C1D0;1109 116B 11B3;C1D0;1109 116B 11B3; # (ì‡; ì‡; 쇐; ì‡; 쇐; ) HANGUL SYLLABLE SWAELS +C1D1;C1D1;1109 116B 11B4;C1D1;1109 116B 11B4; # (쇑; 쇑; 쇑; 쇑; 쇑; ) HANGUL SYLLABLE SWAELT +C1D2;C1D2;1109 116B 11B5;C1D2;1109 116B 11B5; # (쇒; 쇒; 쇒; 쇒; 쇒; ) HANGUL SYLLABLE SWAELP +C1D3;C1D3;1109 116B 11B6;C1D3;1109 116B 11B6; # (쇓; 쇓; 쇓; 쇓; 쇓; ) HANGUL SYLLABLE SWAELH +C1D4;C1D4;1109 116B 11B7;C1D4;1109 116B 11B7; # (쇔; 쇔; 쇔; 쇔; 쇔; ) HANGUL SYLLABLE SWAEM +C1D5;C1D5;1109 116B 11B8;C1D5;1109 116B 11B8; # (쇕; 쇕; 쇕; 쇕; 쇕; ) HANGUL SYLLABLE SWAEB +C1D6;C1D6;1109 116B 11B9;C1D6;1109 116B 11B9; # (쇖; 쇖; 쇖; 쇖; 쇖; ) HANGUL SYLLABLE SWAEBS +C1D7;C1D7;1109 116B 11BA;C1D7;1109 116B 11BA; # (쇗; 쇗; 쇗; 쇗; 쇗; ) HANGUL SYLLABLE SWAES +C1D8;C1D8;1109 116B 11BB;C1D8;1109 116B 11BB; # (쇘; 쇘; 쇘; 쇘; 쇘; ) HANGUL SYLLABLE SWAESS +C1D9;C1D9;1109 116B 11BC;C1D9;1109 116B 11BC; # (쇙; 쇙; 쇙; 쇙; 쇙; ) HANGUL SYLLABLE SWAENG +C1DA;C1DA;1109 116B 11BD;C1DA;1109 116B 11BD; # (쇚; 쇚; 쇚; 쇚; 쇚; ) HANGUL SYLLABLE SWAEJ +C1DB;C1DB;1109 116B 11BE;C1DB;1109 116B 11BE; # (쇛; 쇛; 쇛; 쇛; 쇛; ) HANGUL SYLLABLE SWAEC +C1DC;C1DC;1109 116B 11BF;C1DC;1109 116B 11BF; # (쇜; 쇜; 쇜; 쇜; 쇜; ) HANGUL SYLLABLE SWAEK +C1DD;C1DD;1109 116B 11C0;C1DD;1109 116B 11C0; # (ì‡; ì‡; 쇝; ì‡; 쇝; ) HANGUL SYLLABLE SWAET +C1DE;C1DE;1109 116B 11C1;C1DE;1109 116B 11C1; # (쇞; 쇞; 쇄á‡; 쇞; 쇄á‡; ) HANGUL SYLLABLE SWAEP +C1DF;C1DF;1109 116B 11C2;C1DF;1109 116B 11C2; # (쇟; 쇟; 쇟; 쇟; 쇟; ) HANGUL SYLLABLE SWAEH +C1E0;C1E0;1109 116C;C1E0;1109 116C; # (쇠; 쇠; 쇠; 쇠; 쇠; ) HANGUL SYLLABLE SOE +C1E1;C1E1;1109 116C 11A8;C1E1;1109 116C 11A8; # (쇡; 쇡; 쇡; 쇡; 쇡; ) HANGUL SYLLABLE SOEG +C1E2;C1E2;1109 116C 11A9;C1E2;1109 116C 11A9; # (쇢; 쇢; 쇢; 쇢; 쇢; ) HANGUL SYLLABLE SOEGG +C1E3;C1E3;1109 116C 11AA;C1E3;1109 116C 11AA; # (쇣; 쇣; 쇣; 쇣; 쇣; ) HANGUL SYLLABLE SOEGS +C1E4;C1E4;1109 116C 11AB;C1E4;1109 116C 11AB; # (쇤; 쇤; 쇤; 쇤; 쇤; ) HANGUL SYLLABLE SOEN +C1E5;C1E5;1109 116C 11AC;C1E5;1109 116C 11AC; # (쇥; 쇥; 쇥; 쇥; 쇥; ) HANGUL SYLLABLE SOENJ +C1E6;C1E6;1109 116C 11AD;C1E6;1109 116C 11AD; # (쇦; 쇦; 쇦; 쇦; 쇦; ) HANGUL SYLLABLE SOENH +C1E7;C1E7;1109 116C 11AE;C1E7;1109 116C 11AE; # (쇧; 쇧; 쇧; 쇧; 쇧; ) HANGUL SYLLABLE SOED +C1E8;C1E8;1109 116C 11AF;C1E8;1109 116C 11AF; # (쇨; 쇨; 쇨; 쇨; 쇨; ) HANGUL SYLLABLE SOEL +C1E9;C1E9;1109 116C 11B0;C1E9;1109 116C 11B0; # (쇩; 쇩; 쇩; 쇩; 쇩; ) HANGUL SYLLABLE SOELG +C1EA;C1EA;1109 116C 11B1;C1EA;1109 116C 11B1; # (쇪; 쇪; 쇪; 쇪; 쇪; ) HANGUL SYLLABLE SOELM +C1EB;C1EB;1109 116C 11B2;C1EB;1109 116C 11B2; # (쇫; 쇫; 쇫; 쇫; 쇫; ) HANGUL SYLLABLE SOELB +C1EC;C1EC;1109 116C 11B3;C1EC;1109 116C 11B3; # (쇬; 쇬; 쇬; 쇬; 쇬; ) HANGUL SYLLABLE SOELS +C1ED;C1ED;1109 116C 11B4;C1ED;1109 116C 11B4; # (쇭; 쇭; 쇭; 쇭; 쇭; ) HANGUL SYLLABLE SOELT +C1EE;C1EE;1109 116C 11B5;C1EE;1109 116C 11B5; # (쇮; 쇮; 쇮; 쇮; 쇮; ) HANGUL SYLLABLE SOELP +C1EF;C1EF;1109 116C 11B6;C1EF;1109 116C 11B6; # (쇯; 쇯; 쇯; 쇯; 쇯; ) HANGUL SYLLABLE SOELH +C1F0;C1F0;1109 116C 11B7;C1F0;1109 116C 11B7; # (쇰; 쇰; 쇰; 쇰; 쇰; ) HANGUL SYLLABLE SOEM +C1F1;C1F1;1109 116C 11B8;C1F1;1109 116C 11B8; # (쇱; 쇱; 쇱; 쇱; 쇱; ) HANGUL SYLLABLE SOEB +C1F2;C1F2;1109 116C 11B9;C1F2;1109 116C 11B9; # (쇲; 쇲; 쇲; 쇲; 쇲; ) HANGUL SYLLABLE SOEBS +C1F3;C1F3;1109 116C 11BA;C1F3;1109 116C 11BA; # (쇳; 쇳; 쇳; 쇳; 쇳; ) HANGUL SYLLABLE SOES +C1F4;C1F4;1109 116C 11BB;C1F4;1109 116C 11BB; # (쇴; 쇴; 쇴; 쇴; 쇴; ) HANGUL SYLLABLE SOESS +C1F5;C1F5;1109 116C 11BC;C1F5;1109 116C 11BC; # (쇵; 쇵; 쇵; 쇵; 쇵; ) HANGUL SYLLABLE SOENG +C1F6;C1F6;1109 116C 11BD;C1F6;1109 116C 11BD; # (쇶; 쇶; 쇶; 쇶; 쇶; ) HANGUL SYLLABLE SOEJ +C1F7;C1F7;1109 116C 11BE;C1F7;1109 116C 11BE; # (쇷; 쇷; 쇷; 쇷; 쇷; ) HANGUL SYLLABLE SOEC +C1F8;C1F8;1109 116C 11BF;C1F8;1109 116C 11BF; # (쇸; 쇸; 쇸; 쇸; 쇸; ) HANGUL SYLLABLE SOEK +C1F9;C1F9;1109 116C 11C0;C1F9;1109 116C 11C0; # (쇹; 쇹; 쇹; 쇹; 쇹; ) HANGUL SYLLABLE SOET +C1FA;C1FA;1109 116C 11C1;C1FA;1109 116C 11C1; # (쇺; 쇺; 쇠á‡; 쇺; 쇠á‡; ) HANGUL SYLLABLE SOEP +C1FB;C1FB;1109 116C 11C2;C1FB;1109 116C 11C2; # (쇻; 쇻; 쇻; 쇻; 쇻; ) HANGUL SYLLABLE SOEH +C1FC;C1FC;1109 116D;C1FC;1109 116D; # (쇼; 쇼; 쇼; 쇼; 쇼; ) HANGUL SYLLABLE SYO +C1FD;C1FD;1109 116D 11A8;C1FD;1109 116D 11A8; # (쇽; 쇽; 쇽; 쇽; 쇽; ) HANGUL SYLLABLE SYOG +C1FE;C1FE;1109 116D 11A9;C1FE;1109 116D 11A9; # (쇾; 쇾; 쇾; 쇾; 쇾; ) HANGUL SYLLABLE SYOGG +C1FF;C1FF;1109 116D 11AA;C1FF;1109 116D 11AA; # (쇿; 쇿; 쇿; 쇿; 쇿; ) HANGUL SYLLABLE SYOGS +C200;C200;1109 116D 11AB;C200;1109 116D 11AB; # (숀; 숀; 숀; 숀; 숀; ) HANGUL SYLLABLE SYON +C201;C201;1109 116D 11AC;C201;1109 116D 11AC; # (ìˆ; ìˆ; 숁; ìˆ; 숁; ) HANGUL SYLLABLE SYONJ +C202;C202;1109 116D 11AD;C202;1109 116D 11AD; # (숂; 숂; 숂; 숂; 숂; ) HANGUL SYLLABLE SYONH +C203;C203;1109 116D 11AE;C203;1109 116D 11AE; # (숃; 숃; 숃; 숃; 숃; ) HANGUL SYLLABLE SYOD +C204;C204;1109 116D 11AF;C204;1109 116D 11AF; # (숄; 숄; 숄; 숄; 숄; ) HANGUL SYLLABLE SYOL +C205;C205;1109 116D 11B0;C205;1109 116D 11B0; # (숅; 숅; 숅; 숅; 숅; ) HANGUL SYLLABLE SYOLG +C206;C206;1109 116D 11B1;C206;1109 116D 11B1; # (숆; 숆; 숆; 숆; 숆; ) HANGUL SYLLABLE SYOLM +C207;C207;1109 116D 11B2;C207;1109 116D 11B2; # (숇; 숇; 숇; 숇; 숇; ) HANGUL SYLLABLE SYOLB +C208;C208;1109 116D 11B3;C208;1109 116D 11B3; # (숈; 숈; 숈; 숈; 숈; ) HANGUL SYLLABLE SYOLS +C209;C209;1109 116D 11B4;C209;1109 116D 11B4; # (숉; 숉; 숉; 숉; 숉; ) HANGUL SYLLABLE SYOLT +C20A;C20A;1109 116D 11B5;C20A;1109 116D 11B5; # (숊; 숊; 숊; 숊; 숊; ) HANGUL SYLLABLE SYOLP +C20B;C20B;1109 116D 11B6;C20B;1109 116D 11B6; # (숋; 숋; 숋; 숋; 숋; ) HANGUL SYLLABLE SYOLH +C20C;C20C;1109 116D 11B7;C20C;1109 116D 11B7; # (숌; 숌; 숌; 숌; 숌; ) HANGUL SYLLABLE SYOM +C20D;C20D;1109 116D 11B8;C20D;1109 116D 11B8; # (ìˆ; ìˆ; 숍; ìˆ; 숍; ) HANGUL SYLLABLE SYOB +C20E;C20E;1109 116D 11B9;C20E;1109 116D 11B9; # (숎; 숎; 숎; 숎; 숎; ) HANGUL SYLLABLE SYOBS +C20F;C20F;1109 116D 11BA;C20F;1109 116D 11BA; # (ìˆ; ìˆ; 숏; ìˆ; 숏; ) HANGUL SYLLABLE SYOS +C210;C210;1109 116D 11BB;C210;1109 116D 11BB; # (ìˆ; ìˆ; 숐; ìˆ; 숐; ) HANGUL SYLLABLE SYOSS +C211;C211;1109 116D 11BC;C211;1109 116D 11BC; # (숑; 숑; 숑; 숑; 숑; ) HANGUL SYLLABLE SYONG +C212;C212;1109 116D 11BD;C212;1109 116D 11BD; # (숒; 숒; 숒; 숒; 숒; ) HANGUL SYLLABLE SYOJ +C213;C213;1109 116D 11BE;C213;1109 116D 11BE; # (숓; 숓; 숓; 숓; 숓; ) HANGUL SYLLABLE SYOC +C214;C214;1109 116D 11BF;C214;1109 116D 11BF; # (숔; 숔; 숔; 숔; 숔; ) HANGUL SYLLABLE SYOK +C215;C215;1109 116D 11C0;C215;1109 116D 11C0; # (숕; 숕; 숕; 숕; 숕; ) HANGUL SYLLABLE SYOT +C216;C216;1109 116D 11C1;C216;1109 116D 11C1; # (숖; 숖; 쇼á‡; 숖; 쇼á‡; ) HANGUL SYLLABLE SYOP +C217;C217;1109 116D 11C2;C217;1109 116D 11C2; # (숗; 숗; 숗; 숗; 숗; ) HANGUL SYLLABLE SYOH +C218;C218;1109 116E;C218;1109 116E; # (수; 수; 수; 수; 수; ) HANGUL SYLLABLE SU +C219;C219;1109 116E 11A8;C219;1109 116E 11A8; # (숙; 숙; 숙; 숙; 숙; ) HANGUL SYLLABLE SUG +C21A;C21A;1109 116E 11A9;C21A;1109 116E 11A9; # (숚; 숚; 숚; 숚; 숚; ) HANGUL SYLLABLE SUGG +C21B;C21B;1109 116E 11AA;C21B;1109 116E 11AA; # (숛; 숛; 숛; 숛; 숛; ) HANGUL SYLLABLE SUGS +C21C;C21C;1109 116E 11AB;C21C;1109 116E 11AB; # (순; 순; 순; 순; 순; ) HANGUL SYLLABLE SUN +C21D;C21D;1109 116E 11AC;C21D;1109 116E 11AC; # (ìˆ; ìˆ; 숝; ìˆ; 숝; ) HANGUL SYLLABLE SUNJ +C21E;C21E;1109 116E 11AD;C21E;1109 116E 11AD; # (숞; 숞; 숞; 숞; 숞; ) HANGUL SYLLABLE SUNH +C21F;C21F;1109 116E 11AE;C21F;1109 116E 11AE; # (숟; 숟; 숟; 숟; 숟; ) HANGUL SYLLABLE SUD +C220;C220;1109 116E 11AF;C220;1109 116E 11AF; # (술; 술; 술; 술; 술; ) HANGUL SYLLABLE SUL +C221;C221;1109 116E 11B0;C221;1109 116E 11B0; # (숡; 숡; 숡; 숡; 숡; ) HANGUL SYLLABLE SULG +C222;C222;1109 116E 11B1;C222;1109 116E 11B1; # (숢; 숢; 숢; 숢; 숢; ) HANGUL SYLLABLE SULM +C223;C223;1109 116E 11B2;C223;1109 116E 11B2; # (숣; 숣; 숣; 숣; 숣; ) HANGUL SYLLABLE SULB +C224;C224;1109 116E 11B3;C224;1109 116E 11B3; # (숤; 숤; 숤; 숤; 숤; ) HANGUL SYLLABLE SULS +C225;C225;1109 116E 11B4;C225;1109 116E 11B4; # (숥; 숥; 숥; 숥; 숥; ) HANGUL SYLLABLE SULT +C226;C226;1109 116E 11B5;C226;1109 116E 11B5; # (숦; 숦; 숦; 숦; 숦; ) HANGUL SYLLABLE SULP +C227;C227;1109 116E 11B6;C227;1109 116E 11B6; # (숧; 숧; 숧; 숧; 숧; ) HANGUL SYLLABLE SULH +C228;C228;1109 116E 11B7;C228;1109 116E 11B7; # (숨; 숨; 숨; 숨; 숨; ) HANGUL SYLLABLE SUM +C229;C229;1109 116E 11B8;C229;1109 116E 11B8; # (숩; 숩; 숩; 숩; 숩; ) HANGUL SYLLABLE SUB +C22A;C22A;1109 116E 11B9;C22A;1109 116E 11B9; # (숪; 숪; 숪; 숪; 숪; ) HANGUL SYLLABLE SUBS +C22B;C22B;1109 116E 11BA;C22B;1109 116E 11BA; # (숫; 숫; 숫; 숫; 숫; ) HANGUL SYLLABLE SUS +C22C;C22C;1109 116E 11BB;C22C;1109 116E 11BB; # (숬; 숬; 숬; 숬; 숬; ) HANGUL SYLLABLE SUSS +C22D;C22D;1109 116E 11BC;C22D;1109 116E 11BC; # (숭; 숭; 숭; 숭; 숭; ) HANGUL SYLLABLE SUNG +C22E;C22E;1109 116E 11BD;C22E;1109 116E 11BD; # (숮; 숮; 숮; 숮; 숮; ) HANGUL SYLLABLE SUJ +C22F;C22F;1109 116E 11BE;C22F;1109 116E 11BE; # (숯; 숯; 숯; 숯; 숯; ) HANGUL SYLLABLE SUC +C230;C230;1109 116E 11BF;C230;1109 116E 11BF; # (숰; 숰; 숰; 숰; 숰; ) HANGUL SYLLABLE SUK +C231;C231;1109 116E 11C0;C231;1109 116E 11C0; # (숱; 숱; 숱; 숱; 숱; ) HANGUL SYLLABLE SUT +C232;C232;1109 116E 11C1;C232;1109 116E 11C1; # (숲; 숲; 수á‡; 숲; 수á‡; ) HANGUL SYLLABLE SUP +C233;C233;1109 116E 11C2;C233;1109 116E 11C2; # (숳; 숳; 숳; 숳; 숳; ) HANGUL SYLLABLE SUH +C234;C234;1109 116F;C234;1109 116F; # (숴; 숴; 숴; 숴; 숴; ) HANGUL SYLLABLE SWEO +C235;C235;1109 116F 11A8;C235;1109 116F 11A8; # (숵; 숵; 숵; 숵; 숵; ) HANGUL SYLLABLE SWEOG +C236;C236;1109 116F 11A9;C236;1109 116F 11A9; # (숶; 숶; 숶; 숶; 숶; ) HANGUL SYLLABLE SWEOGG +C237;C237;1109 116F 11AA;C237;1109 116F 11AA; # (숷; 숷; 숷; 숷; 숷; ) HANGUL SYLLABLE SWEOGS +C238;C238;1109 116F 11AB;C238;1109 116F 11AB; # (숸; 숸; 숸; 숸; 숸; ) HANGUL SYLLABLE SWEON +C239;C239;1109 116F 11AC;C239;1109 116F 11AC; # (숹; 숹; 숹; 숹; 숹; ) HANGUL SYLLABLE SWEONJ +C23A;C23A;1109 116F 11AD;C23A;1109 116F 11AD; # (숺; 숺; 숺; 숺; 숺; ) HANGUL SYLLABLE SWEONH +C23B;C23B;1109 116F 11AE;C23B;1109 116F 11AE; # (숻; 숻; 숻; 숻; 숻; ) HANGUL SYLLABLE SWEOD +C23C;C23C;1109 116F 11AF;C23C;1109 116F 11AF; # (숼; 숼; 숼; 숼; 숼; ) HANGUL SYLLABLE SWEOL +C23D;C23D;1109 116F 11B0;C23D;1109 116F 11B0; # (숽; 숽; 숽; 숽; 숽; ) HANGUL SYLLABLE SWEOLG +C23E;C23E;1109 116F 11B1;C23E;1109 116F 11B1; # (숾; 숾; 숾; 숾; 숾; ) HANGUL SYLLABLE SWEOLM +C23F;C23F;1109 116F 11B2;C23F;1109 116F 11B2; # (숿; 숿; 숿; 숿; 숿; ) HANGUL SYLLABLE SWEOLB +C240;C240;1109 116F 11B3;C240;1109 116F 11B3; # (쉀; 쉀; 쉀; 쉀; 쉀; ) HANGUL SYLLABLE SWEOLS +C241;C241;1109 116F 11B4;C241;1109 116F 11B4; # (ì‰; ì‰; 쉁; ì‰; 쉁; ) HANGUL SYLLABLE SWEOLT +C242;C242;1109 116F 11B5;C242;1109 116F 11B5; # (쉂; 쉂; 쉂; 쉂; 쉂; ) HANGUL SYLLABLE SWEOLP +C243;C243;1109 116F 11B6;C243;1109 116F 11B6; # (쉃; 쉃; 쉃; 쉃; 쉃; ) HANGUL SYLLABLE SWEOLH +C244;C244;1109 116F 11B7;C244;1109 116F 11B7; # (쉄; 쉄; 쉄; 쉄; 쉄; ) HANGUL SYLLABLE SWEOM +C245;C245;1109 116F 11B8;C245;1109 116F 11B8; # (쉅; 쉅; 쉅; 쉅; 쉅; ) HANGUL SYLLABLE SWEOB +C246;C246;1109 116F 11B9;C246;1109 116F 11B9; # (쉆; 쉆; 쉆; 쉆; 쉆; ) HANGUL SYLLABLE SWEOBS +C247;C247;1109 116F 11BA;C247;1109 116F 11BA; # (쉇; 쉇; 쉇; 쉇; 쉇; ) HANGUL SYLLABLE SWEOS +C248;C248;1109 116F 11BB;C248;1109 116F 11BB; # (쉈; 쉈; 쉈; 쉈; 쉈; ) HANGUL SYLLABLE SWEOSS +C249;C249;1109 116F 11BC;C249;1109 116F 11BC; # (쉉; 쉉; 쉉; 쉉; 쉉; ) HANGUL SYLLABLE SWEONG +C24A;C24A;1109 116F 11BD;C24A;1109 116F 11BD; # (쉊; 쉊; 쉊; 쉊; 쉊; ) HANGUL SYLLABLE SWEOJ +C24B;C24B;1109 116F 11BE;C24B;1109 116F 11BE; # (쉋; 쉋; 쉋; 쉋; 쉋; ) HANGUL SYLLABLE SWEOC +C24C;C24C;1109 116F 11BF;C24C;1109 116F 11BF; # (쉌; 쉌; 쉌; 쉌; 쉌; ) HANGUL SYLLABLE SWEOK +C24D;C24D;1109 116F 11C0;C24D;1109 116F 11C0; # (ì‰; ì‰; 쉍; ì‰; 쉍; ) HANGUL SYLLABLE SWEOT +C24E;C24E;1109 116F 11C1;C24E;1109 116F 11C1; # (쉎; 쉎; 숴á‡; 쉎; 숴á‡; ) HANGUL SYLLABLE SWEOP +C24F;C24F;1109 116F 11C2;C24F;1109 116F 11C2; # (ì‰; ì‰; 쉏; ì‰; 쉏; ) HANGUL SYLLABLE SWEOH +C250;C250;1109 1170;C250;1109 1170; # (ì‰; ì‰; 쉐; ì‰; 쉐; ) HANGUL SYLLABLE SWE +C251;C251;1109 1170 11A8;C251;1109 1170 11A8; # (쉑; 쉑; 쉑; 쉑; 쉑; ) HANGUL SYLLABLE SWEG +C252;C252;1109 1170 11A9;C252;1109 1170 11A9; # (쉒; 쉒; 쉒; 쉒; 쉒; ) HANGUL SYLLABLE SWEGG +C253;C253;1109 1170 11AA;C253;1109 1170 11AA; # (쉓; 쉓; 쉓; 쉓; 쉓; ) HANGUL SYLLABLE SWEGS +C254;C254;1109 1170 11AB;C254;1109 1170 11AB; # (쉔; 쉔; 쉔; 쉔; 쉔; ) HANGUL SYLLABLE SWEN +C255;C255;1109 1170 11AC;C255;1109 1170 11AC; # (쉕; 쉕; 쉕; 쉕; 쉕; ) HANGUL SYLLABLE SWENJ +C256;C256;1109 1170 11AD;C256;1109 1170 11AD; # (쉖; 쉖; 쉖; 쉖; 쉖; ) HANGUL SYLLABLE SWENH +C257;C257;1109 1170 11AE;C257;1109 1170 11AE; # (쉗; 쉗; 쉗; 쉗; 쉗; ) HANGUL SYLLABLE SWED +C258;C258;1109 1170 11AF;C258;1109 1170 11AF; # (쉘; 쉘; 쉘; 쉘; 쉘; ) HANGUL SYLLABLE SWEL +C259;C259;1109 1170 11B0;C259;1109 1170 11B0; # (쉙; 쉙; 쉙; 쉙; 쉙; ) HANGUL SYLLABLE SWELG +C25A;C25A;1109 1170 11B1;C25A;1109 1170 11B1; # (쉚; 쉚; 쉚; 쉚; 쉚; ) HANGUL SYLLABLE SWELM +C25B;C25B;1109 1170 11B2;C25B;1109 1170 11B2; # (쉛; 쉛; 쉛; 쉛; 쉛; ) HANGUL SYLLABLE SWELB +C25C;C25C;1109 1170 11B3;C25C;1109 1170 11B3; # (쉜; 쉜; 쉜; 쉜; 쉜; ) HANGUL SYLLABLE SWELS +C25D;C25D;1109 1170 11B4;C25D;1109 1170 11B4; # (ì‰; ì‰; 쉝; ì‰; 쉝; ) HANGUL SYLLABLE SWELT +C25E;C25E;1109 1170 11B5;C25E;1109 1170 11B5; # (쉞; 쉞; 쉞; 쉞; 쉞; ) HANGUL SYLLABLE SWELP +C25F;C25F;1109 1170 11B6;C25F;1109 1170 11B6; # (쉟; 쉟; 쉟; 쉟; 쉟; ) HANGUL SYLLABLE SWELH +C260;C260;1109 1170 11B7;C260;1109 1170 11B7; # (쉠; 쉠; 쉠; 쉠; 쉠; ) HANGUL SYLLABLE SWEM +C261;C261;1109 1170 11B8;C261;1109 1170 11B8; # (쉡; 쉡; 쉡; 쉡; 쉡; ) HANGUL SYLLABLE SWEB +C262;C262;1109 1170 11B9;C262;1109 1170 11B9; # (쉢; 쉢; 쉢; 쉢; 쉢; ) HANGUL SYLLABLE SWEBS +C263;C263;1109 1170 11BA;C263;1109 1170 11BA; # (쉣; 쉣; 쉣; 쉣; 쉣; ) HANGUL SYLLABLE SWES +C264;C264;1109 1170 11BB;C264;1109 1170 11BB; # (쉤; 쉤; 쉤; 쉤; 쉤; ) HANGUL SYLLABLE SWESS +C265;C265;1109 1170 11BC;C265;1109 1170 11BC; # (쉥; 쉥; 쉥; 쉥; 쉥; ) HANGUL SYLLABLE SWENG +C266;C266;1109 1170 11BD;C266;1109 1170 11BD; # (쉦; 쉦; 쉦; 쉦; 쉦; ) HANGUL SYLLABLE SWEJ +C267;C267;1109 1170 11BE;C267;1109 1170 11BE; # (쉧; 쉧; 쉧; 쉧; 쉧; ) HANGUL SYLLABLE SWEC +C268;C268;1109 1170 11BF;C268;1109 1170 11BF; # (쉨; 쉨; 쉨; 쉨; 쉨; ) HANGUL SYLLABLE SWEK +C269;C269;1109 1170 11C0;C269;1109 1170 11C0; # (쉩; 쉩; 쉩; 쉩; 쉩; ) HANGUL SYLLABLE SWET +C26A;C26A;1109 1170 11C1;C26A;1109 1170 11C1; # (쉪; 쉪; 쉐á‡; 쉪; 쉐á‡; ) HANGUL SYLLABLE SWEP +C26B;C26B;1109 1170 11C2;C26B;1109 1170 11C2; # (쉫; 쉫; 쉫; 쉫; 쉫; ) HANGUL SYLLABLE SWEH +C26C;C26C;1109 1171;C26C;1109 1171; # (쉬; 쉬; 쉬; 쉬; 쉬; ) HANGUL SYLLABLE SWI +C26D;C26D;1109 1171 11A8;C26D;1109 1171 11A8; # (쉭; 쉭; 쉭; 쉭; 쉭; ) HANGUL SYLLABLE SWIG +C26E;C26E;1109 1171 11A9;C26E;1109 1171 11A9; # (쉮; 쉮; 쉮; 쉮; 쉮; ) HANGUL SYLLABLE SWIGG +C26F;C26F;1109 1171 11AA;C26F;1109 1171 11AA; # (쉯; 쉯; 쉯; 쉯; 쉯; ) HANGUL SYLLABLE SWIGS +C270;C270;1109 1171 11AB;C270;1109 1171 11AB; # (쉰; 쉰; 쉰; 쉰; 쉰; ) HANGUL SYLLABLE SWIN +C271;C271;1109 1171 11AC;C271;1109 1171 11AC; # (쉱; 쉱; 쉱; 쉱; 쉱; ) HANGUL SYLLABLE SWINJ +C272;C272;1109 1171 11AD;C272;1109 1171 11AD; # (쉲; 쉲; 쉲; 쉲; 쉲; ) HANGUL SYLLABLE SWINH +C273;C273;1109 1171 11AE;C273;1109 1171 11AE; # (쉳; 쉳; 쉳; 쉳; 쉳; ) HANGUL SYLLABLE SWID +C274;C274;1109 1171 11AF;C274;1109 1171 11AF; # (쉴; 쉴; 쉴; 쉴; 쉴; ) HANGUL SYLLABLE SWIL +C275;C275;1109 1171 11B0;C275;1109 1171 11B0; # (쉵; 쉵; 쉵; 쉵; 쉵; ) HANGUL SYLLABLE SWILG +C276;C276;1109 1171 11B1;C276;1109 1171 11B1; # (쉶; 쉶; 쉶; 쉶; 쉶; ) HANGUL SYLLABLE SWILM +C277;C277;1109 1171 11B2;C277;1109 1171 11B2; # (쉷; 쉷; 쉷; 쉷; 쉷; ) HANGUL SYLLABLE SWILB +C278;C278;1109 1171 11B3;C278;1109 1171 11B3; # (쉸; 쉸; 쉸; 쉸; 쉸; ) HANGUL SYLLABLE SWILS +C279;C279;1109 1171 11B4;C279;1109 1171 11B4; # (쉹; 쉹; 쉹; 쉹; 쉹; ) HANGUL SYLLABLE SWILT +C27A;C27A;1109 1171 11B5;C27A;1109 1171 11B5; # (쉺; 쉺; 쉺; 쉺; 쉺; ) HANGUL SYLLABLE SWILP +C27B;C27B;1109 1171 11B6;C27B;1109 1171 11B6; # (쉻; 쉻; 쉻; 쉻; 쉻; ) HANGUL SYLLABLE SWILH +C27C;C27C;1109 1171 11B7;C27C;1109 1171 11B7; # (쉼; 쉼; 쉼; 쉼; 쉼; ) HANGUL SYLLABLE SWIM +C27D;C27D;1109 1171 11B8;C27D;1109 1171 11B8; # (쉽; 쉽; 쉽; 쉽; 쉽; ) HANGUL SYLLABLE SWIB +C27E;C27E;1109 1171 11B9;C27E;1109 1171 11B9; # (쉾; 쉾; 쉾; 쉾; 쉾; ) HANGUL SYLLABLE SWIBS +C27F;C27F;1109 1171 11BA;C27F;1109 1171 11BA; # (쉿; 쉿; 쉿; 쉿; 쉿; ) HANGUL SYLLABLE SWIS +C280;C280;1109 1171 11BB;C280;1109 1171 11BB; # (슀; 슀; 슀; 슀; 슀; ) HANGUL SYLLABLE SWISS +C281;C281;1109 1171 11BC;C281;1109 1171 11BC; # (ìŠ; ìŠ; 슁; ìŠ; 슁; ) HANGUL SYLLABLE SWING +C282;C282;1109 1171 11BD;C282;1109 1171 11BD; # (슂; 슂; 슂; 슂; 슂; ) HANGUL SYLLABLE SWIJ +C283;C283;1109 1171 11BE;C283;1109 1171 11BE; # (슃; 슃; 슃; 슃; 슃; ) HANGUL SYLLABLE SWIC +C284;C284;1109 1171 11BF;C284;1109 1171 11BF; # (슄; 슄; 슄; 슄; 슄; ) HANGUL SYLLABLE SWIK +C285;C285;1109 1171 11C0;C285;1109 1171 11C0; # (슅; 슅; 슅; 슅; 슅; ) HANGUL SYLLABLE SWIT +C286;C286;1109 1171 11C1;C286;1109 1171 11C1; # (슆; 슆; 쉬á‡; 슆; 쉬á‡; ) HANGUL SYLLABLE SWIP +C287;C287;1109 1171 11C2;C287;1109 1171 11C2; # (슇; 슇; 슇; 슇; 슇; ) HANGUL SYLLABLE SWIH +C288;C288;1109 1172;C288;1109 1172; # (슈; 슈; 슈; 슈; 슈; ) HANGUL SYLLABLE SYU +C289;C289;1109 1172 11A8;C289;1109 1172 11A8; # (슉; 슉; 슉; 슉; 슉; ) HANGUL SYLLABLE SYUG +C28A;C28A;1109 1172 11A9;C28A;1109 1172 11A9; # (슊; 슊; 슊; 슊; 슊; ) HANGUL SYLLABLE SYUGG +C28B;C28B;1109 1172 11AA;C28B;1109 1172 11AA; # (슋; 슋; 슋; 슋; 슋; ) HANGUL SYLLABLE SYUGS +C28C;C28C;1109 1172 11AB;C28C;1109 1172 11AB; # (슌; 슌; 슌; 슌; 슌; ) HANGUL SYLLABLE SYUN +C28D;C28D;1109 1172 11AC;C28D;1109 1172 11AC; # (ìŠ; ìŠ; 슍; ìŠ; 슍; ) HANGUL SYLLABLE SYUNJ +C28E;C28E;1109 1172 11AD;C28E;1109 1172 11AD; # (슎; 슎; 슎; 슎; 슎; ) HANGUL SYLLABLE SYUNH +C28F;C28F;1109 1172 11AE;C28F;1109 1172 11AE; # (ìŠ; ìŠ; 슏; ìŠ; 슏; ) HANGUL SYLLABLE SYUD +C290;C290;1109 1172 11AF;C290;1109 1172 11AF; # (ìŠ; ìŠ; 슐; ìŠ; 슐; ) HANGUL SYLLABLE SYUL +C291;C291;1109 1172 11B0;C291;1109 1172 11B0; # (슑; 슑; 슑; 슑; 슑; ) HANGUL SYLLABLE SYULG +C292;C292;1109 1172 11B1;C292;1109 1172 11B1; # (슒; 슒; 슒; 슒; 슒; ) HANGUL SYLLABLE SYULM +C293;C293;1109 1172 11B2;C293;1109 1172 11B2; # (슓; 슓; 슓; 슓; 슓; ) HANGUL SYLLABLE SYULB +C294;C294;1109 1172 11B3;C294;1109 1172 11B3; # (슔; 슔; 슔; 슔; 슔; ) HANGUL SYLLABLE SYULS +C295;C295;1109 1172 11B4;C295;1109 1172 11B4; # (슕; 슕; 슕; 슕; 슕; ) HANGUL SYLLABLE SYULT +C296;C296;1109 1172 11B5;C296;1109 1172 11B5; # (슖; 슖; 슖; 슖; 슖; ) HANGUL SYLLABLE SYULP +C297;C297;1109 1172 11B6;C297;1109 1172 11B6; # (슗; 슗; 슗; 슗; 슗; ) HANGUL SYLLABLE SYULH +C298;C298;1109 1172 11B7;C298;1109 1172 11B7; # (슘; 슘; 슘; 슘; 슘; ) HANGUL SYLLABLE SYUM +C299;C299;1109 1172 11B8;C299;1109 1172 11B8; # (슙; 슙; 슙; 슙; 슙; ) HANGUL SYLLABLE SYUB +C29A;C29A;1109 1172 11B9;C29A;1109 1172 11B9; # (슚; 슚; 슚; 슚; 슚; ) HANGUL SYLLABLE SYUBS +C29B;C29B;1109 1172 11BA;C29B;1109 1172 11BA; # (슛; 슛; 슛; 슛; 슛; ) HANGUL SYLLABLE SYUS +C29C;C29C;1109 1172 11BB;C29C;1109 1172 11BB; # (슜; 슜; 슜; 슜; 슜; ) HANGUL SYLLABLE SYUSS +C29D;C29D;1109 1172 11BC;C29D;1109 1172 11BC; # (ìŠ; ìŠ; 슝; ìŠ; 슝; ) HANGUL SYLLABLE SYUNG +C29E;C29E;1109 1172 11BD;C29E;1109 1172 11BD; # (슞; 슞; 슞; 슞; 슞; ) HANGUL SYLLABLE SYUJ +C29F;C29F;1109 1172 11BE;C29F;1109 1172 11BE; # (슟; 슟; 슟; 슟; 슟; ) HANGUL SYLLABLE SYUC +C2A0;C2A0;1109 1172 11BF;C2A0;1109 1172 11BF; # (슠; 슠; 슠; 슠; 슠; ) HANGUL SYLLABLE SYUK +C2A1;C2A1;1109 1172 11C0;C2A1;1109 1172 11C0; # (슡; 슡; 슡; 슡; 슡; ) HANGUL SYLLABLE SYUT +C2A2;C2A2;1109 1172 11C1;C2A2;1109 1172 11C1; # (슢; 슢; 슈á‡; 슢; 슈á‡; ) HANGUL SYLLABLE SYUP +C2A3;C2A3;1109 1172 11C2;C2A3;1109 1172 11C2; # (슣; 슣; 슣; 슣; 슣; ) HANGUL SYLLABLE SYUH +C2A4;C2A4;1109 1173;C2A4;1109 1173; # (스; 스; 스; 스; 스; ) HANGUL SYLLABLE SEU +C2A5;C2A5;1109 1173 11A8;C2A5;1109 1173 11A8; # (슥; 슥; 슥; 슥; 슥; ) HANGUL SYLLABLE SEUG +C2A6;C2A6;1109 1173 11A9;C2A6;1109 1173 11A9; # (슦; 슦; 슦; 슦; 슦; ) HANGUL SYLLABLE SEUGG +C2A7;C2A7;1109 1173 11AA;C2A7;1109 1173 11AA; # (슧; 슧; 슧; 슧; 슧; ) HANGUL SYLLABLE SEUGS +C2A8;C2A8;1109 1173 11AB;C2A8;1109 1173 11AB; # (슨; 슨; 슨; 슨; 슨; ) HANGUL SYLLABLE SEUN +C2A9;C2A9;1109 1173 11AC;C2A9;1109 1173 11AC; # (슩; 슩; 슩; 슩; 슩; ) HANGUL SYLLABLE SEUNJ +C2AA;C2AA;1109 1173 11AD;C2AA;1109 1173 11AD; # (슪; 슪; 슪; 슪; 슪; ) HANGUL SYLLABLE SEUNH +C2AB;C2AB;1109 1173 11AE;C2AB;1109 1173 11AE; # (슫; 슫; 슫; 슫; 슫; ) HANGUL SYLLABLE SEUD +C2AC;C2AC;1109 1173 11AF;C2AC;1109 1173 11AF; # (슬; 슬; 슬; 슬; 슬; ) HANGUL SYLLABLE SEUL +C2AD;C2AD;1109 1173 11B0;C2AD;1109 1173 11B0; # (슭; 슭; 슭; 슭; 슭; ) HANGUL SYLLABLE SEULG +C2AE;C2AE;1109 1173 11B1;C2AE;1109 1173 11B1; # (슮; 슮; 슮; 슮; 슮; ) HANGUL SYLLABLE SEULM +C2AF;C2AF;1109 1173 11B2;C2AF;1109 1173 11B2; # (슯; 슯; 슯; 슯; 슯; ) HANGUL SYLLABLE SEULB +C2B0;C2B0;1109 1173 11B3;C2B0;1109 1173 11B3; # (슰; 슰; 슰; 슰; 슰; ) HANGUL SYLLABLE SEULS +C2B1;C2B1;1109 1173 11B4;C2B1;1109 1173 11B4; # (슱; 슱; 슱; 슱; 슱; ) HANGUL SYLLABLE SEULT +C2B2;C2B2;1109 1173 11B5;C2B2;1109 1173 11B5; # (슲; 슲; 슲; 슲; 슲; ) HANGUL SYLLABLE SEULP +C2B3;C2B3;1109 1173 11B6;C2B3;1109 1173 11B6; # (슳; 슳; 슳; 슳; 슳; ) HANGUL SYLLABLE SEULH +C2B4;C2B4;1109 1173 11B7;C2B4;1109 1173 11B7; # (슴; 슴; 슴; 슴; 슴; ) HANGUL SYLLABLE SEUM +C2B5;C2B5;1109 1173 11B8;C2B5;1109 1173 11B8; # (습; 습; 습; 습; 습; ) HANGUL SYLLABLE SEUB +C2B6;C2B6;1109 1173 11B9;C2B6;1109 1173 11B9; # (슶; 슶; 슶; 슶; 슶; ) HANGUL SYLLABLE SEUBS +C2B7;C2B7;1109 1173 11BA;C2B7;1109 1173 11BA; # (슷; 슷; 슷; 슷; 슷; ) HANGUL SYLLABLE SEUS +C2B8;C2B8;1109 1173 11BB;C2B8;1109 1173 11BB; # (슸; 슸; 슸; 슸; 슸; ) HANGUL SYLLABLE SEUSS +C2B9;C2B9;1109 1173 11BC;C2B9;1109 1173 11BC; # (승; 승; 승; 승; 승; ) HANGUL SYLLABLE SEUNG +C2BA;C2BA;1109 1173 11BD;C2BA;1109 1173 11BD; # (슺; 슺; 슺; 슺; 슺; ) HANGUL SYLLABLE SEUJ +C2BB;C2BB;1109 1173 11BE;C2BB;1109 1173 11BE; # (슻; 슻; 슻; 슻; 슻; ) HANGUL SYLLABLE SEUC +C2BC;C2BC;1109 1173 11BF;C2BC;1109 1173 11BF; # (슼; 슼; 슼; 슼; 슼; ) HANGUL SYLLABLE SEUK +C2BD;C2BD;1109 1173 11C0;C2BD;1109 1173 11C0; # (슽; 슽; 슽; 슽; 슽; ) HANGUL SYLLABLE SEUT +C2BE;C2BE;1109 1173 11C1;C2BE;1109 1173 11C1; # (슾; 슾; 스á‡; 슾; 스á‡; ) HANGUL SYLLABLE SEUP +C2BF;C2BF;1109 1173 11C2;C2BF;1109 1173 11C2; # (슿; 슿; 슿; 슿; 슿; ) HANGUL SYLLABLE SEUH +C2C0;C2C0;1109 1174;C2C0;1109 1174; # (ì‹€; ì‹€; 싀; ì‹€; 싀; ) HANGUL SYLLABLE SYI +C2C1;C2C1;1109 1174 11A8;C2C1;1109 1174 11A8; # (ì‹; ì‹; 싁; ì‹; 싁; ) HANGUL SYLLABLE SYIG +C2C2;C2C2;1109 1174 11A9;C2C2;1109 1174 11A9; # (ì‹‚; ì‹‚; 싂; ì‹‚; 싂; ) HANGUL SYLLABLE SYIGG +C2C3;C2C3;1109 1174 11AA;C2C3;1109 1174 11AA; # (싃; 싃; 싃; 싃; 싃; ) HANGUL SYLLABLE SYIGS +C2C4;C2C4;1109 1174 11AB;C2C4;1109 1174 11AB; # (ì‹„; ì‹„; 싄; ì‹„; 싄; ) HANGUL SYLLABLE SYIN +C2C5;C2C5;1109 1174 11AC;C2C5;1109 1174 11AC; # (ì‹…; ì‹…; 싅; ì‹…; 싅; ) HANGUL SYLLABLE SYINJ +C2C6;C2C6;1109 1174 11AD;C2C6;1109 1174 11AD; # (싆; 싆; 싆; 싆; 싆; ) HANGUL SYLLABLE SYINH +C2C7;C2C7;1109 1174 11AE;C2C7;1109 1174 11AE; # (싇; 싇; 싇; 싇; 싇; ) HANGUL SYLLABLE SYID +C2C8;C2C8;1109 1174 11AF;C2C8;1109 1174 11AF; # (싈; 싈; 싈; 싈; 싈; ) HANGUL SYLLABLE SYIL +C2C9;C2C9;1109 1174 11B0;C2C9;1109 1174 11B0; # (싉; 싉; 싉; 싉; 싉; ) HANGUL SYLLABLE SYILG +C2CA;C2CA;1109 1174 11B1;C2CA;1109 1174 11B1; # (ì‹Š; ì‹Š; 싊; ì‹Š; 싊; ) HANGUL SYLLABLE SYILM +C2CB;C2CB;1109 1174 11B2;C2CB;1109 1174 11B2; # (ì‹‹; ì‹‹; 싋; ì‹‹; 싋; ) HANGUL SYLLABLE SYILB +C2CC;C2CC;1109 1174 11B3;C2CC;1109 1174 11B3; # (ì‹Œ; ì‹Œ; 싌; ì‹Œ; 싌; ) HANGUL SYLLABLE SYILS +C2CD;C2CD;1109 1174 11B4;C2CD;1109 1174 11B4; # (ì‹; ì‹; 싍; ì‹; 싍; ) HANGUL SYLLABLE SYILT +C2CE;C2CE;1109 1174 11B5;C2CE;1109 1174 11B5; # (ì‹Ž; ì‹Ž; 싎; ì‹Ž; 싎; ) HANGUL SYLLABLE SYILP +C2CF;C2CF;1109 1174 11B6;C2CF;1109 1174 11B6; # (ì‹; ì‹; 싏; ì‹; 싏; ) HANGUL SYLLABLE SYILH +C2D0;C2D0;1109 1174 11B7;C2D0;1109 1174 11B7; # (ì‹; ì‹; 싐; ì‹; 싐; ) HANGUL SYLLABLE SYIM +C2D1;C2D1;1109 1174 11B8;C2D1;1109 1174 11B8; # (ì‹‘; ì‹‘; 싑; ì‹‘; 싑; ) HANGUL SYLLABLE SYIB +C2D2;C2D2;1109 1174 11B9;C2D2;1109 1174 11B9; # (ì‹’; ì‹’; 싒; ì‹’; 싒; ) HANGUL SYLLABLE SYIBS +C2D3;C2D3;1109 1174 11BA;C2D3;1109 1174 11BA; # (ì‹“; ì‹“; 싓; ì‹“; 싓; ) HANGUL SYLLABLE SYIS +C2D4;C2D4;1109 1174 11BB;C2D4;1109 1174 11BB; # (ì‹”; ì‹”; 싔; ì‹”; 싔; ) HANGUL SYLLABLE SYISS +C2D5;C2D5;1109 1174 11BC;C2D5;1109 1174 11BC; # (ì‹•; ì‹•; 싕; ì‹•; 싕; ) HANGUL SYLLABLE SYING +C2D6;C2D6;1109 1174 11BD;C2D6;1109 1174 11BD; # (ì‹–; ì‹–; 싖; ì‹–; 싖; ) HANGUL SYLLABLE SYIJ +C2D7;C2D7;1109 1174 11BE;C2D7;1109 1174 11BE; # (ì‹—; ì‹—; 싗; ì‹—; 싗; ) HANGUL SYLLABLE SYIC +C2D8;C2D8;1109 1174 11BF;C2D8;1109 1174 11BF; # (싘; 싘; 싘; 싘; 싘; ) HANGUL SYLLABLE SYIK +C2D9;C2D9;1109 1174 11C0;C2D9;1109 1174 11C0; # (ì‹™; ì‹™; 싙; ì‹™; 싙; ) HANGUL SYLLABLE SYIT +C2DA;C2DA;1109 1174 11C1;C2DA;1109 1174 11C1; # (ì‹š; ì‹š; 싀á‡; ì‹š; 싀á‡; ) HANGUL SYLLABLE SYIP +C2DB;C2DB;1109 1174 11C2;C2DB;1109 1174 11C2; # (ì‹›; ì‹›; 싛; ì‹›; 싛; ) HANGUL SYLLABLE SYIH +C2DC;C2DC;1109 1175;C2DC;1109 1175; # (ì‹œ; ì‹œ; 시; ì‹œ; 시; ) HANGUL SYLLABLE SI +C2DD;C2DD;1109 1175 11A8;C2DD;1109 1175 11A8; # (ì‹; ì‹; 식; ì‹; 식; ) HANGUL SYLLABLE SIG +C2DE;C2DE;1109 1175 11A9;C2DE;1109 1175 11A9; # (ì‹ž; ì‹ž; 싞; ì‹ž; 싞; ) HANGUL SYLLABLE SIGG +C2DF;C2DF;1109 1175 11AA;C2DF;1109 1175 11AA; # (ì‹Ÿ; ì‹Ÿ; 싟; ì‹Ÿ; 싟; ) HANGUL SYLLABLE SIGS +C2E0;C2E0;1109 1175 11AB;C2E0;1109 1175 11AB; # (ì‹ ; ì‹ ; 신; ì‹ ; 신; ) HANGUL SYLLABLE SIN +C2E1;C2E1;1109 1175 11AC;C2E1;1109 1175 11AC; # (ì‹¡; ì‹¡; 싡; ì‹¡; 싡; ) HANGUL SYLLABLE SINJ +C2E2;C2E2;1109 1175 11AD;C2E2;1109 1175 11AD; # (ì‹¢; ì‹¢; 싢; ì‹¢; 싢; ) HANGUL SYLLABLE SINH +C2E3;C2E3;1109 1175 11AE;C2E3;1109 1175 11AE; # (ì‹£; ì‹£; 싣; ì‹£; 싣; ) HANGUL SYLLABLE SID +C2E4;C2E4;1109 1175 11AF;C2E4;1109 1175 11AF; # (실; 실; 실; 실; 실; ) HANGUL SYLLABLE SIL +C2E5;C2E5;1109 1175 11B0;C2E5;1109 1175 11B0; # (ì‹¥; ì‹¥; 싥; ì‹¥; 싥; ) HANGUL SYLLABLE SILG +C2E6;C2E6;1109 1175 11B1;C2E6;1109 1175 11B1; # (싦; 싦; 싦; 싦; 싦; ) HANGUL SYLLABLE SILM +C2E7;C2E7;1109 1175 11B2;C2E7;1109 1175 11B2; # (싧; 싧; 싧; 싧; 싧; ) HANGUL SYLLABLE SILB +C2E8;C2E8;1109 1175 11B3;C2E8;1109 1175 11B3; # (싨; 싨; 싨; 싨; 싨; ) HANGUL SYLLABLE SILS +C2E9;C2E9;1109 1175 11B4;C2E9;1109 1175 11B4; # (ì‹©; ì‹©; 싩; ì‹©; 싩; ) HANGUL SYLLABLE SILT +C2EA;C2EA;1109 1175 11B5;C2EA;1109 1175 11B5; # (싪; 싪; 싪; 싪; 싪; ) HANGUL SYLLABLE SILP +C2EB;C2EB;1109 1175 11B6;C2EB;1109 1175 11B6; # (ì‹«; ì‹«; 싫; ì‹«; 싫; ) HANGUL SYLLABLE SILH +C2EC;C2EC;1109 1175 11B7;C2EC;1109 1175 11B7; # (심; 심; 심; 심; 심; ) HANGUL SYLLABLE SIM +C2ED;C2ED;1109 1175 11B8;C2ED;1109 1175 11B8; # (ì‹­; ì‹­; 십; ì‹­; 십; ) HANGUL SYLLABLE SIB +C2EE;C2EE;1109 1175 11B9;C2EE;1109 1175 11B9; # (ì‹®; ì‹®; 싮; ì‹®; 싮; ) HANGUL SYLLABLE SIBS +C2EF;C2EF;1109 1175 11BA;C2EF;1109 1175 11BA; # (싯; 싯; 싯; 싯; 싯; ) HANGUL SYLLABLE SIS +C2F0;C2F0;1109 1175 11BB;C2F0;1109 1175 11BB; # (ì‹°; ì‹°; 싰; ì‹°; 싰; ) HANGUL SYLLABLE SISS +C2F1;C2F1;1109 1175 11BC;C2F1;1109 1175 11BC; # (싱; 싱; 싱; 싱; 싱; ) HANGUL SYLLABLE SING +C2F2;C2F2;1109 1175 11BD;C2F2;1109 1175 11BD; # (싲; 싲; 싲; 싲; 싲; ) HANGUL SYLLABLE SIJ +C2F3;C2F3;1109 1175 11BE;C2F3;1109 1175 11BE; # (싳; 싳; 싳; 싳; 싳; ) HANGUL SYLLABLE SIC +C2F4;C2F4;1109 1175 11BF;C2F4;1109 1175 11BF; # (ì‹´; ì‹´; 싴; ì‹´; 싴; ) HANGUL SYLLABLE SIK +C2F5;C2F5;1109 1175 11C0;C2F5;1109 1175 11C0; # (싵; 싵; 싵; 싵; 싵; ) HANGUL SYLLABLE SIT +C2F6;C2F6;1109 1175 11C1;C2F6;1109 1175 11C1; # (싶; 싶; 시á‡; 싶; 시á‡; ) HANGUL SYLLABLE SIP +C2F7;C2F7;1109 1175 11C2;C2F7;1109 1175 11C2; # (ì‹·; ì‹·; 싷; ì‹·; 싷; ) HANGUL SYLLABLE SIH +C2F8;C2F8;110A 1161;C2F8;110A 1161; # (싸; 싸; á„Šá…¡; 싸; á„Šá…¡; ) HANGUL SYLLABLE SSA +C2F9;C2F9;110A 1161 11A8;C2F9;110A 1161 11A8; # (싹; 싹; 싹; 싹; 싹; ) HANGUL SYLLABLE SSAG +C2FA;C2FA;110A 1161 11A9;C2FA;110A 1161 11A9; # (싺; 싺; 싺; 싺; 싺; ) HANGUL SYLLABLE SSAGG +C2FB;C2FB;110A 1161 11AA;C2FB;110A 1161 11AA; # (ì‹»; ì‹»; 싻; ì‹»; 싻; ) HANGUL SYLLABLE SSAGS +C2FC;C2FC;110A 1161 11AB;C2FC;110A 1161 11AB; # (싼; 싼; 싼; 싼; 싼; ) HANGUL SYLLABLE SSAN +C2FD;C2FD;110A 1161 11AC;C2FD;110A 1161 11AC; # (싽; 싽; 싽; 싽; 싽; ) HANGUL SYLLABLE SSANJ +C2FE;C2FE;110A 1161 11AD;C2FE;110A 1161 11AD; # (싾; 싾; 싾; 싾; 싾; ) HANGUL SYLLABLE SSANH +C2FF;C2FF;110A 1161 11AE;C2FF;110A 1161 11AE; # (ì‹¿; ì‹¿; 싿; ì‹¿; 싿; ) HANGUL SYLLABLE SSAD +C300;C300;110A 1161 11AF;C300;110A 1161 11AF; # (쌀; 쌀; 쌀; 쌀; 쌀; ) HANGUL SYLLABLE SSAL +C301;C301;110A 1161 11B0;C301;110A 1161 11B0; # (ìŒ; ìŒ; 쌁; ìŒ; 쌁; ) HANGUL SYLLABLE SSALG +C302;C302;110A 1161 11B1;C302;110A 1161 11B1; # (쌂; 쌂; 쌂; 쌂; 쌂; ) HANGUL SYLLABLE SSALM +C303;C303;110A 1161 11B2;C303;110A 1161 11B2; # (쌃; 쌃; 쌃; 쌃; 쌃; ) HANGUL SYLLABLE SSALB +C304;C304;110A 1161 11B3;C304;110A 1161 11B3; # (쌄; 쌄; 쌄; 쌄; 쌄; ) HANGUL SYLLABLE SSALS +C305;C305;110A 1161 11B4;C305;110A 1161 11B4; # (쌅; 쌅; 쌅; 쌅; 쌅; ) HANGUL SYLLABLE SSALT +C306;C306;110A 1161 11B5;C306;110A 1161 11B5; # (쌆; 쌆; 쌆; 쌆; 쌆; ) HANGUL SYLLABLE SSALP +C307;C307;110A 1161 11B6;C307;110A 1161 11B6; # (쌇; 쌇; 쌇; 쌇; 쌇; ) HANGUL SYLLABLE SSALH +C308;C308;110A 1161 11B7;C308;110A 1161 11B7; # (쌈; 쌈; 쌈; 쌈; 쌈; ) HANGUL SYLLABLE SSAM +C309;C309;110A 1161 11B8;C309;110A 1161 11B8; # (쌉; 쌉; 쌉; 쌉; 쌉; ) HANGUL SYLLABLE SSAB +C30A;C30A;110A 1161 11B9;C30A;110A 1161 11B9; # (쌊; 쌊; 쌊; 쌊; 쌊; ) HANGUL SYLLABLE SSABS +C30B;C30B;110A 1161 11BA;C30B;110A 1161 11BA; # (쌋; 쌋; 쌋; 쌋; 쌋; ) HANGUL SYLLABLE SSAS +C30C;C30C;110A 1161 11BB;C30C;110A 1161 11BB; # (쌌; 쌌; 쌌; 쌌; 쌌; ) HANGUL SYLLABLE SSASS +C30D;C30D;110A 1161 11BC;C30D;110A 1161 11BC; # (ìŒ; ìŒ; 쌍; ìŒ; 쌍; ) HANGUL SYLLABLE SSANG +C30E;C30E;110A 1161 11BD;C30E;110A 1161 11BD; # (쌎; 쌎; 쌎; 쌎; 쌎; ) HANGUL SYLLABLE SSAJ +C30F;C30F;110A 1161 11BE;C30F;110A 1161 11BE; # (ìŒ; ìŒ; 쌏; ìŒ; 쌏; ) HANGUL SYLLABLE SSAC +C310;C310;110A 1161 11BF;C310;110A 1161 11BF; # (ìŒ; ìŒ; 쌐; ìŒ; 쌐; ) HANGUL SYLLABLE SSAK +C311;C311;110A 1161 11C0;C311;110A 1161 11C0; # (쌑; 쌑; 쌑; 쌑; 쌑; ) HANGUL SYLLABLE SSAT +C312;C312;110A 1161 11C1;C312;110A 1161 11C1; # (쌒; 쌒; á„Šá…¡á‡; 쌒; á„Šá…¡á‡; ) HANGUL SYLLABLE SSAP +C313;C313;110A 1161 11C2;C313;110A 1161 11C2; # (쌓; 쌓; 쌓; 쌓; 쌓; ) HANGUL SYLLABLE SSAH +C314;C314;110A 1162;C314;110A 1162; # (쌔; 쌔; á„Šá…¢; 쌔; á„Šá…¢; ) HANGUL SYLLABLE SSAE +C315;C315;110A 1162 11A8;C315;110A 1162 11A8; # (쌕; 쌕; 쌕; 쌕; 쌕; ) HANGUL SYLLABLE SSAEG +C316;C316;110A 1162 11A9;C316;110A 1162 11A9; # (쌖; 쌖; 쌖; 쌖; 쌖; ) HANGUL SYLLABLE SSAEGG +C317;C317;110A 1162 11AA;C317;110A 1162 11AA; # (쌗; 쌗; 쌗; 쌗; 쌗; ) HANGUL SYLLABLE SSAEGS +C318;C318;110A 1162 11AB;C318;110A 1162 11AB; # (쌘; 쌘; 쌘; 쌘; 쌘; ) HANGUL SYLLABLE SSAEN +C319;C319;110A 1162 11AC;C319;110A 1162 11AC; # (쌙; 쌙; 쌙; 쌙; 쌙; ) HANGUL SYLLABLE SSAENJ +C31A;C31A;110A 1162 11AD;C31A;110A 1162 11AD; # (쌚; 쌚; 쌚; 쌚; 쌚; ) HANGUL SYLLABLE SSAENH +C31B;C31B;110A 1162 11AE;C31B;110A 1162 11AE; # (쌛; 쌛; 쌛; 쌛; 쌛; ) HANGUL SYLLABLE SSAED +C31C;C31C;110A 1162 11AF;C31C;110A 1162 11AF; # (쌜; 쌜; 쌜; 쌜; 쌜; ) HANGUL SYLLABLE SSAEL +C31D;C31D;110A 1162 11B0;C31D;110A 1162 11B0; # (ìŒ; ìŒ; 쌝; ìŒ; 쌝; ) HANGUL SYLLABLE SSAELG +C31E;C31E;110A 1162 11B1;C31E;110A 1162 11B1; # (쌞; 쌞; 쌞; 쌞; 쌞; ) HANGUL SYLLABLE SSAELM +C31F;C31F;110A 1162 11B2;C31F;110A 1162 11B2; # (쌟; 쌟; 쌟; 쌟; 쌟; ) HANGUL SYLLABLE SSAELB +C320;C320;110A 1162 11B3;C320;110A 1162 11B3; # (쌠; 쌠; 쌠; 쌠; 쌠; ) HANGUL SYLLABLE SSAELS +C321;C321;110A 1162 11B4;C321;110A 1162 11B4; # (쌡; 쌡; 쌡; 쌡; 쌡; ) HANGUL SYLLABLE SSAELT +C322;C322;110A 1162 11B5;C322;110A 1162 11B5; # (쌢; 쌢; 쌢; 쌢; 쌢; ) HANGUL SYLLABLE SSAELP +C323;C323;110A 1162 11B6;C323;110A 1162 11B6; # (쌣; 쌣; 쌣; 쌣; 쌣; ) HANGUL SYLLABLE SSAELH +C324;C324;110A 1162 11B7;C324;110A 1162 11B7; # (쌤; 쌤; 쌤; 쌤; 쌤; ) HANGUL SYLLABLE SSAEM +C325;C325;110A 1162 11B8;C325;110A 1162 11B8; # (쌥; 쌥; 쌥; 쌥; 쌥; ) HANGUL SYLLABLE SSAEB +C326;C326;110A 1162 11B9;C326;110A 1162 11B9; # (쌦; 쌦; 쌦; 쌦; 쌦; ) HANGUL SYLLABLE SSAEBS +C327;C327;110A 1162 11BA;C327;110A 1162 11BA; # (쌧; 쌧; 쌧; 쌧; 쌧; ) HANGUL SYLLABLE SSAES +C328;C328;110A 1162 11BB;C328;110A 1162 11BB; # (쌨; 쌨; 쌨; 쌨; 쌨; ) HANGUL SYLLABLE SSAESS +C329;C329;110A 1162 11BC;C329;110A 1162 11BC; # (쌩; 쌩; 쌩; 쌩; 쌩; ) HANGUL SYLLABLE SSAENG +C32A;C32A;110A 1162 11BD;C32A;110A 1162 11BD; # (쌪; 쌪; 쌪; 쌪; 쌪; ) HANGUL SYLLABLE SSAEJ +C32B;C32B;110A 1162 11BE;C32B;110A 1162 11BE; # (쌫; 쌫; 쌫; 쌫; 쌫; ) HANGUL SYLLABLE SSAEC +C32C;C32C;110A 1162 11BF;C32C;110A 1162 11BF; # (쌬; 쌬; 쌬; 쌬; 쌬; ) HANGUL SYLLABLE SSAEK +C32D;C32D;110A 1162 11C0;C32D;110A 1162 11C0; # (쌭; 쌭; 쌭; 쌭; 쌭; ) HANGUL SYLLABLE SSAET +C32E;C32E;110A 1162 11C1;C32E;110A 1162 11C1; # (쌮; 쌮; á„Šá…¢á‡; 쌮; á„Šá…¢á‡; ) HANGUL SYLLABLE SSAEP +C32F;C32F;110A 1162 11C2;C32F;110A 1162 11C2; # (쌯; 쌯; 쌯; 쌯; 쌯; ) HANGUL SYLLABLE SSAEH +C330;C330;110A 1163;C330;110A 1163; # (쌰; 쌰; á„Šá…£; 쌰; á„Šá…£; ) HANGUL SYLLABLE SSYA +C331;C331;110A 1163 11A8;C331;110A 1163 11A8; # (쌱; 쌱; 쌱; 쌱; 쌱; ) HANGUL SYLLABLE SSYAG +C332;C332;110A 1163 11A9;C332;110A 1163 11A9; # (쌲; 쌲; 쌲; 쌲; 쌲; ) HANGUL SYLLABLE SSYAGG +C333;C333;110A 1163 11AA;C333;110A 1163 11AA; # (쌳; 쌳; 쌳; 쌳; 쌳; ) HANGUL SYLLABLE SSYAGS +C334;C334;110A 1163 11AB;C334;110A 1163 11AB; # (쌴; 쌴; 쌴; 쌴; 쌴; ) HANGUL SYLLABLE SSYAN +C335;C335;110A 1163 11AC;C335;110A 1163 11AC; # (쌵; 쌵; 쌵; 쌵; 쌵; ) HANGUL SYLLABLE SSYANJ +C336;C336;110A 1163 11AD;C336;110A 1163 11AD; # (쌶; 쌶; 쌶; 쌶; 쌶; ) HANGUL SYLLABLE SSYANH +C337;C337;110A 1163 11AE;C337;110A 1163 11AE; # (쌷; 쌷; 쌷; 쌷; 쌷; ) HANGUL SYLLABLE SSYAD +C338;C338;110A 1163 11AF;C338;110A 1163 11AF; # (쌸; 쌸; 쌸; 쌸; 쌸; ) HANGUL SYLLABLE SSYAL +C339;C339;110A 1163 11B0;C339;110A 1163 11B0; # (쌹; 쌹; 쌹; 쌹; 쌹; ) HANGUL SYLLABLE SSYALG +C33A;C33A;110A 1163 11B1;C33A;110A 1163 11B1; # (쌺; 쌺; 쌺; 쌺; 쌺; ) HANGUL SYLLABLE SSYALM +C33B;C33B;110A 1163 11B2;C33B;110A 1163 11B2; # (쌻; 쌻; 쌻; 쌻; 쌻; ) HANGUL SYLLABLE SSYALB +C33C;C33C;110A 1163 11B3;C33C;110A 1163 11B3; # (쌼; 쌼; 쌼; 쌼; 쌼; ) HANGUL SYLLABLE SSYALS +C33D;C33D;110A 1163 11B4;C33D;110A 1163 11B4; # (쌽; 쌽; 쌽; 쌽; 쌽; ) HANGUL SYLLABLE SSYALT +C33E;C33E;110A 1163 11B5;C33E;110A 1163 11B5; # (쌾; 쌾; 쌾; 쌾; 쌾; ) HANGUL SYLLABLE SSYALP +C33F;C33F;110A 1163 11B6;C33F;110A 1163 11B6; # (쌿; 쌿; 쌿; 쌿; 쌿; ) HANGUL SYLLABLE SSYALH +C340;C340;110A 1163 11B7;C340;110A 1163 11B7; # (ì€; ì€; 썀; ì€; 썀; ) HANGUL SYLLABLE SSYAM +C341;C341;110A 1163 11B8;C341;110A 1163 11B8; # (ì; ì; 썁; ì; 썁; ) HANGUL SYLLABLE SSYAB +C342;C342;110A 1163 11B9;C342;110A 1163 11B9; # (ì‚; ì‚; 썂; ì‚; 썂; ) HANGUL SYLLABLE SSYABS +C343;C343;110A 1163 11BA;C343;110A 1163 11BA; # (ìƒ; ìƒ; 썃; ìƒ; 썃; ) HANGUL SYLLABLE SSYAS +C344;C344;110A 1163 11BB;C344;110A 1163 11BB; # (ì„; ì„; 썄; ì„; 썄; ) HANGUL SYLLABLE SSYASS +C345;C345;110A 1163 11BC;C345;110A 1163 11BC; # (ì…; ì…; 썅; ì…; 썅; ) HANGUL SYLLABLE SSYANG +C346;C346;110A 1163 11BD;C346;110A 1163 11BD; # (ì†; ì†; 썆; ì†; 썆; ) HANGUL SYLLABLE SSYAJ +C347;C347;110A 1163 11BE;C347;110A 1163 11BE; # (ì‡; ì‡; 썇; ì‡; 썇; ) HANGUL SYLLABLE SSYAC +C348;C348;110A 1163 11BF;C348;110A 1163 11BF; # (ìˆ; ìˆ; 썈; ìˆ; 썈; ) HANGUL SYLLABLE SSYAK +C349;C349;110A 1163 11C0;C349;110A 1163 11C0; # (ì‰; ì‰; 썉; ì‰; 썉; ) HANGUL SYLLABLE SSYAT +C34A;C34A;110A 1163 11C1;C34A;110A 1163 11C1; # (ìŠ; ìŠ; á„Šá…£á‡; ìŠ; á„Šá…£á‡; ) HANGUL SYLLABLE SSYAP +C34B;C34B;110A 1163 11C2;C34B;110A 1163 11C2; # (ì‹; ì‹; 썋; ì‹; 썋; ) HANGUL SYLLABLE SSYAH +C34C;C34C;110A 1164;C34C;110A 1164; # (ìŒ; ìŒ; á„Šá…¤; ìŒ; á„Šá…¤; ) HANGUL SYLLABLE SSYAE +C34D;C34D;110A 1164 11A8;C34D;110A 1164 11A8; # (ì; ì; 썍; ì; 썍; ) HANGUL SYLLABLE SSYAEG +C34E;C34E;110A 1164 11A9;C34E;110A 1164 11A9; # (ìŽ; ìŽ; 썎; ìŽ; 썎; ) HANGUL SYLLABLE SSYAEGG +C34F;C34F;110A 1164 11AA;C34F;110A 1164 11AA; # (ì; ì; 썏; ì; 썏; ) HANGUL SYLLABLE SSYAEGS +C350;C350;110A 1164 11AB;C350;110A 1164 11AB; # (ì; ì; 썐; ì; 썐; ) HANGUL SYLLABLE SSYAEN +C351;C351;110A 1164 11AC;C351;110A 1164 11AC; # (ì‘; ì‘; 썑; ì‘; 썑; ) HANGUL SYLLABLE SSYAENJ +C352;C352;110A 1164 11AD;C352;110A 1164 11AD; # (ì’; ì’; 썒; ì’; 썒; ) HANGUL SYLLABLE SSYAENH +C353;C353;110A 1164 11AE;C353;110A 1164 11AE; # (ì“; ì“; 썓; ì“; 썓; ) HANGUL SYLLABLE SSYAED +C354;C354;110A 1164 11AF;C354;110A 1164 11AF; # (ì”; ì”; 썔; ì”; 썔; ) HANGUL SYLLABLE SSYAEL +C355;C355;110A 1164 11B0;C355;110A 1164 11B0; # (ì•; ì•; 썕; ì•; 썕; ) HANGUL SYLLABLE SSYAELG +C356;C356;110A 1164 11B1;C356;110A 1164 11B1; # (ì–; ì–; 썖; ì–; 썖; ) HANGUL SYLLABLE SSYAELM +C357;C357;110A 1164 11B2;C357;110A 1164 11B2; # (ì—; ì—; 썗; ì—; 썗; ) HANGUL SYLLABLE SSYAELB +C358;C358;110A 1164 11B3;C358;110A 1164 11B3; # (ì˜; ì˜; 썘; ì˜; 썘; ) HANGUL SYLLABLE SSYAELS +C359;C359;110A 1164 11B4;C359;110A 1164 11B4; # (ì™; ì™; 썙; ì™; 썙; ) HANGUL SYLLABLE SSYAELT +C35A;C35A;110A 1164 11B5;C35A;110A 1164 11B5; # (ìš; ìš; 썚; ìš; 썚; ) HANGUL SYLLABLE SSYAELP +C35B;C35B;110A 1164 11B6;C35B;110A 1164 11B6; # (ì›; ì›; 썛; ì›; 썛; ) HANGUL SYLLABLE SSYAELH +C35C;C35C;110A 1164 11B7;C35C;110A 1164 11B7; # (ìœ; ìœ; 썜; ìœ; 썜; ) HANGUL SYLLABLE SSYAEM +C35D;C35D;110A 1164 11B8;C35D;110A 1164 11B8; # (ì; ì; 썝; ì; 썝; ) HANGUL SYLLABLE SSYAEB +C35E;C35E;110A 1164 11B9;C35E;110A 1164 11B9; # (ìž; ìž; 썞; ìž; 썞; ) HANGUL SYLLABLE SSYAEBS +C35F;C35F;110A 1164 11BA;C35F;110A 1164 11BA; # (ìŸ; ìŸ; 썟; ìŸ; 썟; ) HANGUL SYLLABLE SSYAES +C360;C360;110A 1164 11BB;C360;110A 1164 11BB; # (ì ; ì ; 썠; ì ; 썠; ) HANGUL SYLLABLE SSYAESS +C361;C361;110A 1164 11BC;C361;110A 1164 11BC; # (ì¡; ì¡; 썡; ì¡; 썡; ) HANGUL SYLLABLE SSYAENG +C362;C362;110A 1164 11BD;C362;110A 1164 11BD; # (ì¢; ì¢; 썢; ì¢; 썢; ) HANGUL SYLLABLE SSYAEJ +C363;C363;110A 1164 11BE;C363;110A 1164 11BE; # (ì£; ì£; 썣; ì£; 썣; ) HANGUL SYLLABLE SSYAEC +C364;C364;110A 1164 11BF;C364;110A 1164 11BF; # (ì¤; ì¤; 썤; ì¤; 썤; ) HANGUL SYLLABLE SSYAEK +C365;C365;110A 1164 11C0;C365;110A 1164 11C0; # (ì¥; ì¥; 썥; ì¥; 썥; ) HANGUL SYLLABLE SSYAET +C366;C366;110A 1164 11C1;C366;110A 1164 11C1; # (ì¦; ì¦; á„Šá…¤á‡; ì¦; á„Šá…¤á‡; ) HANGUL SYLLABLE SSYAEP +C367;C367;110A 1164 11C2;C367;110A 1164 11C2; # (ì§; ì§; 썧; ì§; 썧; ) HANGUL SYLLABLE SSYAEH +C368;C368;110A 1165;C368;110A 1165; # (ì¨; ì¨; á„Šá…¥; ì¨; á„Šá…¥; ) HANGUL SYLLABLE SSEO +C369;C369;110A 1165 11A8;C369;110A 1165 11A8; # (ì©; ì©; 썩; ì©; 썩; ) HANGUL SYLLABLE SSEOG +C36A;C36A;110A 1165 11A9;C36A;110A 1165 11A9; # (ìª; ìª; 썪; ìª; 썪; ) HANGUL SYLLABLE SSEOGG +C36B;C36B;110A 1165 11AA;C36B;110A 1165 11AA; # (ì«; ì«; 썫; ì«; 썫; ) HANGUL SYLLABLE SSEOGS +C36C;C36C;110A 1165 11AB;C36C;110A 1165 11AB; # (ì¬; ì¬; 썬; ì¬; 썬; ) HANGUL SYLLABLE SSEON +C36D;C36D;110A 1165 11AC;C36D;110A 1165 11AC; # (ì­; ì­; 썭; ì­; 썭; ) HANGUL SYLLABLE SSEONJ +C36E;C36E;110A 1165 11AD;C36E;110A 1165 11AD; # (ì®; ì®; 썮; ì®; 썮; ) HANGUL SYLLABLE SSEONH +C36F;C36F;110A 1165 11AE;C36F;110A 1165 11AE; # (ì¯; ì¯; 썯; ì¯; 썯; ) HANGUL SYLLABLE SSEOD +C370;C370;110A 1165 11AF;C370;110A 1165 11AF; # (ì°; ì°; 썰; ì°; 썰; ) HANGUL SYLLABLE SSEOL +C371;C371;110A 1165 11B0;C371;110A 1165 11B0; # (ì±; ì±; 썱; ì±; 썱; ) HANGUL SYLLABLE SSEOLG +C372;C372;110A 1165 11B1;C372;110A 1165 11B1; # (ì²; ì²; 썲; ì²; 썲; ) HANGUL SYLLABLE SSEOLM +C373;C373;110A 1165 11B2;C373;110A 1165 11B2; # (ì³; ì³; 썳; ì³; 썳; ) HANGUL SYLLABLE SSEOLB +C374;C374;110A 1165 11B3;C374;110A 1165 11B3; # (ì´; ì´; 썴; ì´; 썴; ) HANGUL SYLLABLE SSEOLS +C375;C375;110A 1165 11B4;C375;110A 1165 11B4; # (ìµ; ìµ; 썵; ìµ; 썵; ) HANGUL SYLLABLE SSEOLT +C376;C376;110A 1165 11B5;C376;110A 1165 11B5; # (ì¶; ì¶; 썶; ì¶; 썶; ) HANGUL SYLLABLE SSEOLP +C377;C377;110A 1165 11B6;C377;110A 1165 11B6; # (ì·; ì·; 썷; ì·; 썷; ) HANGUL SYLLABLE SSEOLH +C378;C378;110A 1165 11B7;C378;110A 1165 11B7; # (ì¸; ì¸; 썸; ì¸; 썸; ) HANGUL SYLLABLE SSEOM +C379;C379;110A 1165 11B8;C379;110A 1165 11B8; # (ì¹; ì¹; 썹; ì¹; 썹; ) HANGUL SYLLABLE SSEOB +C37A;C37A;110A 1165 11B9;C37A;110A 1165 11B9; # (ìº; ìº; 썺; ìº; 썺; ) HANGUL SYLLABLE SSEOBS +C37B;C37B;110A 1165 11BA;C37B;110A 1165 11BA; # (ì»; ì»; 썻; ì»; 썻; ) HANGUL SYLLABLE SSEOS +C37C;C37C;110A 1165 11BB;C37C;110A 1165 11BB; # (ì¼; ì¼; 썼; ì¼; 썼; ) HANGUL SYLLABLE SSEOSS +C37D;C37D;110A 1165 11BC;C37D;110A 1165 11BC; # (ì½; ì½; 썽; ì½; 썽; ) HANGUL SYLLABLE SSEONG +C37E;C37E;110A 1165 11BD;C37E;110A 1165 11BD; # (ì¾; ì¾; 썾; ì¾; 썾; ) HANGUL SYLLABLE SSEOJ +C37F;C37F;110A 1165 11BE;C37F;110A 1165 11BE; # (ì¿; ì¿; 썿; ì¿; 썿; ) HANGUL SYLLABLE SSEOC +C380;C380;110A 1165 11BF;C380;110A 1165 11BF; # (쎀; 쎀; 쎀; 쎀; 쎀; ) HANGUL SYLLABLE SSEOK +C381;C381;110A 1165 11C0;C381;110A 1165 11C0; # (ìŽ; ìŽ; 쎁; ìŽ; 쎁; ) HANGUL SYLLABLE SSEOT +C382;C382;110A 1165 11C1;C382;110A 1165 11C1; # (쎂; 쎂; á„Šá…¥á‡; 쎂; á„Šá…¥á‡; ) HANGUL SYLLABLE SSEOP +C383;C383;110A 1165 11C2;C383;110A 1165 11C2; # (쎃; 쎃; 쎃; 쎃; 쎃; ) HANGUL SYLLABLE SSEOH +C384;C384;110A 1166;C384;110A 1166; # (쎄; 쎄; á„Šá…¦; 쎄; á„Šá…¦; ) HANGUL SYLLABLE SSE +C385;C385;110A 1166 11A8;C385;110A 1166 11A8; # (쎅; 쎅; 쎅; 쎅; 쎅; ) HANGUL SYLLABLE SSEG +C386;C386;110A 1166 11A9;C386;110A 1166 11A9; # (쎆; 쎆; 쎆; 쎆; 쎆; ) HANGUL SYLLABLE SSEGG +C387;C387;110A 1166 11AA;C387;110A 1166 11AA; # (쎇; 쎇; 쎇; 쎇; 쎇; ) HANGUL SYLLABLE SSEGS +C388;C388;110A 1166 11AB;C388;110A 1166 11AB; # (쎈; 쎈; 쎈; 쎈; 쎈; ) HANGUL SYLLABLE SSEN +C389;C389;110A 1166 11AC;C389;110A 1166 11AC; # (쎉; 쎉; 쎉; 쎉; 쎉; ) HANGUL SYLLABLE SSENJ +C38A;C38A;110A 1166 11AD;C38A;110A 1166 11AD; # (쎊; 쎊; 쎊; 쎊; 쎊; ) HANGUL SYLLABLE SSENH +C38B;C38B;110A 1166 11AE;C38B;110A 1166 11AE; # (쎋; 쎋; 쎋; 쎋; 쎋; ) HANGUL SYLLABLE SSED +C38C;C38C;110A 1166 11AF;C38C;110A 1166 11AF; # (쎌; 쎌; 쎌; 쎌; 쎌; ) HANGUL SYLLABLE SSEL +C38D;C38D;110A 1166 11B0;C38D;110A 1166 11B0; # (ìŽ; ìŽ; 쎍; ìŽ; 쎍; ) HANGUL SYLLABLE SSELG +C38E;C38E;110A 1166 11B1;C38E;110A 1166 11B1; # (쎎; 쎎; 쎎; 쎎; 쎎; ) HANGUL SYLLABLE SSELM +C38F;C38F;110A 1166 11B2;C38F;110A 1166 11B2; # (ìŽ; ìŽ; 쎏; ìŽ; 쎏; ) HANGUL SYLLABLE SSELB +C390;C390;110A 1166 11B3;C390;110A 1166 11B3; # (ìŽ; ìŽ; 쎐; ìŽ; 쎐; ) HANGUL SYLLABLE SSELS +C391;C391;110A 1166 11B4;C391;110A 1166 11B4; # (쎑; 쎑; 쎑; 쎑; 쎑; ) HANGUL SYLLABLE SSELT +C392;C392;110A 1166 11B5;C392;110A 1166 11B5; # (쎒; 쎒; 쎒; 쎒; 쎒; ) HANGUL SYLLABLE SSELP +C393;C393;110A 1166 11B6;C393;110A 1166 11B6; # (쎓; 쎓; 쎓; 쎓; 쎓; ) HANGUL SYLLABLE SSELH +C394;C394;110A 1166 11B7;C394;110A 1166 11B7; # (쎔; 쎔; 쎔; 쎔; 쎔; ) HANGUL SYLLABLE SSEM +C395;C395;110A 1166 11B8;C395;110A 1166 11B8; # (쎕; 쎕; 쎕; 쎕; 쎕; ) HANGUL SYLLABLE SSEB +C396;C396;110A 1166 11B9;C396;110A 1166 11B9; # (쎖; 쎖; 쎖; 쎖; 쎖; ) HANGUL SYLLABLE SSEBS +C397;C397;110A 1166 11BA;C397;110A 1166 11BA; # (쎗; 쎗; 쎗; 쎗; 쎗; ) HANGUL SYLLABLE SSES +C398;C398;110A 1166 11BB;C398;110A 1166 11BB; # (쎘; 쎘; 쎘; 쎘; 쎘; ) HANGUL SYLLABLE SSESS +C399;C399;110A 1166 11BC;C399;110A 1166 11BC; # (쎙; 쎙; 쎙; 쎙; 쎙; ) HANGUL SYLLABLE SSENG +C39A;C39A;110A 1166 11BD;C39A;110A 1166 11BD; # (쎚; 쎚; 쎚; 쎚; 쎚; ) HANGUL SYLLABLE SSEJ +C39B;C39B;110A 1166 11BE;C39B;110A 1166 11BE; # (쎛; 쎛; 쎛; 쎛; 쎛; ) HANGUL SYLLABLE SSEC +C39C;C39C;110A 1166 11BF;C39C;110A 1166 11BF; # (쎜; 쎜; 쎜; 쎜; 쎜; ) HANGUL SYLLABLE SSEK +C39D;C39D;110A 1166 11C0;C39D;110A 1166 11C0; # (ìŽ; ìŽ; 쎝; ìŽ; 쎝; ) HANGUL SYLLABLE SSET +C39E;C39E;110A 1166 11C1;C39E;110A 1166 11C1; # (쎞; 쎞; á„Šá…¦á‡; 쎞; á„Šá…¦á‡; ) HANGUL SYLLABLE SSEP +C39F;C39F;110A 1166 11C2;C39F;110A 1166 11C2; # (쎟; 쎟; 쎟; 쎟; 쎟; ) HANGUL SYLLABLE SSEH +C3A0;C3A0;110A 1167;C3A0;110A 1167; # (쎠; 쎠; á„Šá…§; 쎠; á„Šá…§; ) HANGUL SYLLABLE SSYEO +C3A1;C3A1;110A 1167 11A8;C3A1;110A 1167 11A8; # (쎡; 쎡; 쎡; 쎡; 쎡; ) HANGUL SYLLABLE SSYEOG +C3A2;C3A2;110A 1167 11A9;C3A2;110A 1167 11A9; # (쎢; 쎢; 쎢; 쎢; 쎢; ) HANGUL SYLLABLE SSYEOGG +C3A3;C3A3;110A 1167 11AA;C3A3;110A 1167 11AA; # (쎣; 쎣; 쎣; 쎣; 쎣; ) HANGUL SYLLABLE SSYEOGS +C3A4;C3A4;110A 1167 11AB;C3A4;110A 1167 11AB; # (쎤; 쎤; 쎤; 쎤; 쎤; ) HANGUL SYLLABLE SSYEON +C3A5;C3A5;110A 1167 11AC;C3A5;110A 1167 11AC; # (쎥; 쎥; 쎥; 쎥; 쎥; ) HANGUL SYLLABLE SSYEONJ +C3A6;C3A6;110A 1167 11AD;C3A6;110A 1167 11AD; # (쎦; 쎦; 쎦; 쎦; 쎦; ) HANGUL SYLLABLE SSYEONH +C3A7;C3A7;110A 1167 11AE;C3A7;110A 1167 11AE; # (쎧; 쎧; 쎧; 쎧; 쎧; ) HANGUL SYLLABLE SSYEOD +C3A8;C3A8;110A 1167 11AF;C3A8;110A 1167 11AF; # (쎨; 쎨; 쎨; 쎨; 쎨; ) HANGUL SYLLABLE SSYEOL +C3A9;C3A9;110A 1167 11B0;C3A9;110A 1167 11B0; # (쎩; 쎩; 쎩; 쎩; 쎩; ) HANGUL SYLLABLE SSYEOLG +C3AA;C3AA;110A 1167 11B1;C3AA;110A 1167 11B1; # (쎪; 쎪; 쎪; 쎪; 쎪; ) HANGUL SYLLABLE SSYEOLM +C3AB;C3AB;110A 1167 11B2;C3AB;110A 1167 11B2; # (쎫; 쎫; 쎫; 쎫; 쎫; ) HANGUL SYLLABLE SSYEOLB +C3AC;C3AC;110A 1167 11B3;C3AC;110A 1167 11B3; # (쎬; 쎬; 쎬; 쎬; 쎬; ) HANGUL SYLLABLE SSYEOLS +C3AD;C3AD;110A 1167 11B4;C3AD;110A 1167 11B4; # (쎭; 쎭; 쎭; 쎭; 쎭; ) HANGUL SYLLABLE SSYEOLT +C3AE;C3AE;110A 1167 11B5;C3AE;110A 1167 11B5; # (쎮; 쎮; 쎮; 쎮; 쎮; ) HANGUL SYLLABLE SSYEOLP +C3AF;C3AF;110A 1167 11B6;C3AF;110A 1167 11B6; # (쎯; 쎯; 쎯; 쎯; 쎯; ) HANGUL SYLLABLE SSYEOLH +C3B0;C3B0;110A 1167 11B7;C3B0;110A 1167 11B7; # (쎰; 쎰; 쎰; 쎰; 쎰; ) HANGUL SYLLABLE SSYEOM +C3B1;C3B1;110A 1167 11B8;C3B1;110A 1167 11B8; # (쎱; 쎱; 쎱; 쎱; 쎱; ) HANGUL SYLLABLE SSYEOB +C3B2;C3B2;110A 1167 11B9;C3B2;110A 1167 11B9; # (쎲; 쎲; 쎲; 쎲; 쎲; ) HANGUL SYLLABLE SSYEOBS +C3B3;C3B3;110A 1167 11BA;C3B3;110A 1167 11BA; # (쎳; 쎳; 쎳; 쎳; 쎳; ) HANGUL SYLLABLE SSYEOS +C3B4;C3B4;110A 1167 11BB;C3B4;110A 1167 11BB; # (쎴; 쎴; 쎴; 쎴; 쎴; ) HANGUL SYLLABLE SSYEOSS +C3B5;C3B5;110A 1167 11BC;C3B5;110A 1167 11BC; # (쎵; 쎵; 쎵; 쎵; 쎵; ) HANGUL SYLLABLE SSYEONG +C3B6;C3B6;110A 1167 11BD;C3B6;110A 1167 11BD; # (쎶; 쎶; 쎶; 쎶; 쎶; ) HANGUL SYLLABLE SSYEOJ +C3B7;C3B7;110A 1167 11BE;C3B7;110A 1167 11BE; # (쎷; 쎷; 쎷; 쎷; 쎷; ) HANGUL SYLLABLE SSYEOC +C3B8;C3B8;110A 1167 11BF;C3B8;110A 1167 11BF; # (쎸; 쎸; 쎸; 쎸; 쎸; ) HANGUL SYLLABLE SSYEOK +C3B9;C3B9;110A 1167 11C0;C3B9;110A 1167 11C0; # (쎹; 쎹; 쎹; 쎹; 쎹; ) HANGUL SYLLABLE SSYEOT +C3BA;C3BA;110A 1167 11C1;C3BA;110A 1167 11C1; # (쎺; 쎺; á„Šá…§á‡; 쎺; á„Šá…§á‡; ) HANGUL SYLLABLE SSYEOP +C3BB;C3BB;110A 1167 11C2;C3BB;110A 1167 11C2; # (쎻; 쎻; 쎻; 쎻; 쎻; ) HANGUL SYLLABLE SSYEOH +C3BC;C3BC;110A 1168;C3BC;110A 1168; # (쎼; 쎼; á„Šá…¨; 쎼; á„Šá…¨; ) HANGUL SYLLABLE SSYE +C3BD;C3BD;110A 1168 11A8;C3BD;110A 1168 11A8; # (쎽; 쎽; 쎽; 쎽; 쎽; ) HANGUL SYLLABLE SSYEG +C3BE;C3BE;110A 1168 11A9;C3BE;110A 1168 11A9; # (쎾; 쎾; 쎾; 쎾; 쎾; ) HANGUL SYLLABLE SSYEGG +C3BF;C3BF;110A 1168 11AA;C3BF;110A 1168 11AA; # (쎿; 쎿; 쎿; 쎿; 쎿; ) HANGUL SYLLABLE SSYEGS +C3C0;C3C0;110A 1168 11AB;C3C0;110A 1168 11AB; # (ì€; ì€; 쏀; ì€; 쏀; ) HANGUL SYLLABLE SSYEN +C3C1;C3C1;110A 1168 11AC;C3C1;110A 1168 11AC; # (ì; ì; 쏁; ì; 쏁; ) HANGUL SYLLABLE SSYENJ +C3C2;C3C2;110A 1168 11AD;C3C2;110A 1168 11AD; # (ì‚; ì‚; 쏂; ì‚; 쏂; ) HANGUL SYLLABLE SSYENH +C3C3;C3C3;110A 1168 11AE;C3C3;110A 1168 11AE; # (ìƒ; ìƒ; 쏃; ìƒ; 쏃; ) HANGUL SYLLABLE SSYED +C3C4;C3C4;110A 1168 11AF;C3C4;110A 1168 11AF; # (ì„; ì„; 쏄; ì„; 쏄; ) HANGUL SYLLABLE SSYEL +C3C5;C3C5;110A 1168 11B0;C3C5;110A 1168 11B0; # (ì…; ì…; 쏅; ì…; 쏅; ) HANGUL SYLLABLE SSYELG +C3C6;C3C6;110A 1168 11B1;C3C6;110A 1168 11B1; # (ì†; ì†; 쏆; ì†; 쏆; ) HANGUL SYLLABLE SSYELM +C3C7;C3C7;110A 1168 11B2;C3C7;110A 1168 11B2; # (ì‡; ì‡; 쏇; ì‡; 쏇; ) HANGUL SYLLABLE SSYELB +C3C8;C3C8;110A 1168 11B3;C3C8;110A 1168 11B3; # (ìˆ; ìˆ; 쏈; ìˆ; 쏈; ) HANGUL SYLLABLE SSYELS +C3C9;C3C9;110A 1168 11B4;C3C9;110A 1168 11B4; # (ì‰; ì‰; 쏉; ì‰; 쏉; ) HANGUL SYLLABLE SSYELT +C3CA;C3CA;110A 1168 11B5;C3CA;110A 1168 11B5; # (ìŠ; ìŠ; 쏊; ìŠ; 쏊; ) HANGUL SYLLABLE SSYELP +C3CB;C3CB;110A 1168 11B6;C3CB;110A 1168 11B6; # (ì‹; ì‹; 쏋; ì‹; 쏋; ) HANGUL SYLLABLE SSYELH +C3CC;C3CC;110A 1168 11B7;C3CC;110A 1168 11B7; # (ìŒ; ìŒ; 쏌; ìŒ; 쏌; ) HANGUL SYLLABLE SSYEM +C3CD;C3CD;110A 1168 11B8;C3CD;110A 1168 11B8; # (ì; ì; 쏍; ì; 쏍; ) HANGUL SYLLABLE SSYEB +C3CE;C3CE;110A 1168 11B9;C3CE;110A 1168 11B9; # (ìŽ; ìŽ; 쏎; ìŽ; 쏎; ) HANGUL SYLLABLE SSYEBS +C3CF;C3CF;110A 1168 11BA;C3CF;110A 1168 11BA; # (ì; ì; 쏏; ì; 쏏; ) HANGUL SYLLABLE SSYES +C3D0;C3D0;110A 1168 11BB;C3D0;110A 1168 11BB; # (ì; ì; 쏐; ì; 쏐; ) HANGUL SYLLABLE SSYESS +C3D1;C3D1;110A 1168 11BC;C3D1;110A 1168 11BC; # (ì‘; ì‘; 쏑; ì‘; 쏑; ) HANGUL SYLLABLE SSYENG +C3D2;C3D2;110A 1168 11BD;C3D2;110A 1168 11BD; # (ì’; ì’; 쏒; ì’; 쏒; ) HANGUL SYLLABLE SSYEJ +C3D3;C3D3;110A 1168 11BE;C3D3;110A 1168 11BE; # (ì“; ì“; 쏓; ì“; 쏓; ) HANGUL SYLLABLE SSYEC +C3D4;C3D4;110A 1168 11BF;C3D4;110A 1168 11BF; # (ì”; ì”; 쏔; ì”; 쏔; ) HANGUL SYLLABLE SSYEK +C3D5;C3D5;110A 1168 11C0;C3D5;110A 1168 11C0; # (ì•; ì•; 쏕; ì•; 쏕; ) HANGUL SYLLABLE SSYET +C3D6;C3D6;110A 1168 11C1;C3D6;110A 1168 11C1; # (ì–; ì–; á„Šá…¨á‡; ì–; á„Šá…¨á‡; ) HANGUL SYLLABLE SSYEP +C3D7;C3D7;110A 1168 11C2;C3D7;110A 1168 11C2; # (ì—; ì—; 쏗; ì—; 쏗; ) HANGUL SYLLABLE SSYEH +C3D8;C3D8;110A 1169;C3D8;110A 1169; # (ì˜; ì˜; á„Šá…©; ì˜; á„Šá…©; ) HANGUL SYLLABLE SSO +C3D9;C3D9;110A 1169 11A8;C3D9;110A 1169 11A8; # (ì™; ì™; 쏙; ì™; 쏙; ) HANGUL SYLLABLE SSOG +C3DA;C3DA;110A 1169 11A9;C3DA;110A 1169 11A9; # (ìš; ìš; 쏚; ìš; 쏚; ) HANGUL SYLLABLE SSOGG +C3DB;C3DB;110A 1169 11AA;C3DB;110A 1169 11AA; # (ì›; ì›; 쏛; ì›; 쏛; ) HANGUL SYLLABLE SSOGS +C3DC;C3DC;110A 1169 11AB;C3DC;110A 1169 11AB; # (ìœ; ìœ; 쏜; ìœ; 쏜; ) HANGUL SYLLABLE SSON +C3DD;C3DD;110A 1169 11AC;C3DD;110A 1169 11AC; # (ì; ì; 쏝; ì; 쏝; ) HANGUL SYLLABLE SSONJ +C3DE;C3DE;110A 1169 11AD;C3DE;110A 1169 11AD; # (ìž; ìž; 쏞; ìž; 쏞; ) HANGUL SYLLABLE SSONH +C3DF;C3DF;110A 1169 11AE;C3DF;110A 1169 11AE; # (ìŸ; ìŸ; 쏟; ìŸ; 쏟; ) HANGUL SYLLABLE SSOD +C3E0;C3E0;110A 1169 11AF;C3E0;110A 1169 11AF; # (ì ; ì ; 쏠; ì ; 쏠; ) HANGUL SYLLABLE SSOL +C3E1;C3E1;110A 1169 11B0;C3E1;110A 1169 11B0; # (ì¡; ì¡; 쏡; ì¡; 쏡; ) HANGUL SYLLABLE SSOLG +C3E2;C3E2;110A 1169 11B1;C3E2;110A 1169 11B1; # (ì¢; ì¢; 쏢; ì¢; 쏢; ) HANGUL SYLLABLE SSOLM +C3E3;C3E3;110A 1169 11B2;C3E3;110A 1169 11B2; # (ì£; ì£; 쏣; ì£; 쏣; ) HANGUL SYLLABLE SSOLB +C3E4;C3E4;110A 1169 11B3;C3E4;110A 1169 11B3; # (ì¤; ì¤; 쏤; ì¤; 쏤; ) HANGUL SYLLABLE SSOLS +C3E5;C3E5;110A 1169 11B4;C3E5;110A 1169 11B4; # (ì¥; ì¥; 쏥; ì¥; 쏥; ) HANGUL SYLLABLE SSOLT +C3E6;C3E6;110A 1169 11B5;C3E6;110A 1169 11B5; # (ì¦; ì¦; 쏦; ì¦; 쏦; ) HANGUL SYLLABLE SSOLP +C3E7;C3E7;110A 1169 11B6;C3E7;110A 1169 11B6; # (ì§; ì§; 쏧; ì§; 쏧; ) HANGUL SYLLABLE SSOLH +C3E8;C3E8;110A 1169 11B7;C3E8;110A 1169 11B7; # (ì¨; ì¨; 쏨; ì¨; 쏨; ) HANGUL SYLLABLE SSOM +C3E9;C3E9;110A 1169 11B8;C3E9;110A 1169 11B8; # (ì©; ì©; 쏩; ì©; 쏩; ) HANGUL SYLLABLE SSOB +C3EA;C3EA;110A 1169 11B9;C3EA;110A 1169 11B9; # (ìª; ìª; 쏪; ìª; 쏪; ) HANGUL SYLLABLE SSOBS +C3EB;C3EB;110A 1169 11BA;C3EB;110A 1169 11BA; # (ì«; ì«; 쏫; ì«; 쏫; ) HANGUL SYLLABLE SSOS +C3EC;C3EC;110A 1169 11BB;C3EC;110A 1169 11BB; # (ì¬; ì¬; 쏬; ì¬; 쏬; ) HANGUL SYLLABLE SSOSS +C3ED;C3ED;110A 1169 11BC;C3ED;110A 1169 11BC; # (ì­; ì­; 쏭; ì­; 쏭; ) HANGUL SYLLABLE SSONG +C3EE;C3EE;110A 1169 11BD;C3EE;110A 1169 11BD; # (ì®; ì®; 쏮; ì®; 쏮; ) HANGUL SYLLABLE SSOJ +C3EF;C3EF;110A 1169 11BE;C3EF;110A 1169 11BE; # (ì¯; ì¯; 쏯; ì¯; 쏯; ) HANGUL SYLLABLE SSOC +C3F0;C3F0;110A 1169 11BF;C3F0;110A 1169 11BF; # (ì°; ì°; 쏰; ì°; 쏰; ) HANGUL SYLLABLE SSOK +C3F1;C3F1;110A 1169 11C0;C3F1;110A 1169 11C0; # (ì±; ì±; 쏱; ì±; 쏱; ) HANGUL SYLLABLE SSOT +C3F2;C3F2;110A 1169 11C1;C3F2;110A 1169 11C1; # (ì²; ì²; á„Šá…©á‡; ì²; á„Šá…©á‡; ) HANGUL SYLLABLE SSOP +C3F3;C3F3;110A 1169 11C2;C3F3;110A 1169 11C2; # (ì³; ì³; 쏳; ì³; 쏳; ) HANGUL SYLLABLE SSOH +C3F4;C3F4;110A 116A;C3F4;110A 116A; # (ì´; ì´; á„Šá…ª; ì´; á„Šá…ª; ) HANGUL SYLLABLE SSWA +C3F5;C3F5;110A 116A 11A8;C3F5;110A 116A 11A8; # (ìµ; ìµ; 쏵; ìµ; 쏵; ) HANGUL SYLLABLE SSWAG +C3F6;C3F6;110A 116A 11A9;C3F6;110A 116A 11A9; # (ì¶; ì¶; 쏶; ì¶; 쏶; ) HANGUL SYLLABLE SSWAGG +C3F7;C3F7;110A 116A 11AA;C3F7;110A 116A 11AA; # (ì·; ì·; 쏷; ì·; 쏷; ) HANGUL SYLLABLE SSWAGS +C3F8;C3F8;110A 116A 11AB;C3F8;110A 116A 11AB; # (ì¸; ì¸; 쏸; ì¸; 쏸; ) HANGUL SYLLABLE SSWAN +C3F9;C3F9;110A 116A 11AC;C3F9;110A 116A 11AC; # (ì¹; ì¹; 쏹; ì¹; 쏹; ) HANGUL SYLLABLE SSWANJ +C3FA;C3FA;110A 116A 11AD;C3FA;110A 116A 11AD; # (ìº; ìº; 쏺; ìº; 쏺; ) HANGUL SYLLABLE SSWANH +C3FB;C3FB;110A 116A 11AE;C3FB;110A 116A 11AE; # (ì»; ì»; 쏻; ì»; 쏻; ) HANGUL SYLLABLE SSWAD +C3FC;C3FC;110A 116A 11AF;C3FC;110A 116A 11AF; # (ì¼; ì¼; 쏼; ì¼; 쏼; ) HANGUL SYLLABLE SSWAL +C3FD;C3FD;110A 116A 11B0;C3FD;110A 116A 11B0; # (ì½; ì½; 쏽; ì½; 쏽; ) HANGUL SYLLABLE SSWALG +C3FE;C3FE;110A 116A 11B1;C3FE;110A 116A 11B1; # (ì¾; ì¾; 쏾; ì¾; 쏾; ) HANGUL SYLLABLE SSWALM +C3FF;C3FF;110A 116A 11B2;C3FF;110A 116A 11B2; # (ì¿; ì¿; 쏿; ì¿; 쏿; ) HANGUL SYLLABLE SSWALB +C400;C400;110A 116A 11B3;C400;110A 116A 11B3; # (ì€; ì€; 쐀; ì€; 쐀; ) HANGUL SYLLABLE SSWALS +C401;C401;110A 116A 11B4;C401;110A 116A 11B4; # (ì; ì; 쐁; ì; 쐁; ) HANGUL SYLLABLE SSWALT +C402;C402;110A 116A 11B5;C402;110A 116A 11B5; # (ì‚; ì‚; 쐂; ì‚; 쐂; ) HANGUL SYLLABLE SSWALP +C403;C403;110A 116A 11B6;C403;110A 116A 11B6; # (ìƒ; ìƒ; 쐃; ìƒ; 쐃; ) HANGUL SYLLABLE SSWALH +C404;C404;110A 116A 11B7;C404;110A 116A 11B7; # (ì„; ì„; 쐄; ì„; 쐄; ) HANGUL SYLLABLE SSWAM +C405;C405;110A 116A 11B8;C405;110A 116A 11B8; # (ì…; ì…; 쐅; ì…; 쐅; ) HANGUL SYLLABLE SSWAB +C406;C406;110A 116A 11B9;C406;110A 116A 11B9; # (ì†; ì†; 쐆; ì†; 쐆; ) HANGUL SYLLABLE SSWABS +C407;C407;110A 116A 11BA;C407;110A 116A 11BA; # (ì‡; ì‡; 쐇; ì‡; 쐇; ) HANGUL SYLLABLE SSWAS +C408;C408;110A 116A 11BB;C408;110A 116A 11BB; # (ìˆ; ìˆ; 쐈; ìˆ; 쐈; ) HANGUL SYLLABLE SSWASS +C409;C409;110A 116A 11BC;C409;110A 116A 11BC; # (ì‰; ì‰; 쐉; ì‰; 쐉; ) HANGUL SYLLABLE SSWANG +C40A;C40A;110A 116A 11BD;C40A;110A 116A 11BD; # (ìŠ; ìŠ; 쐊; ìŠ; 쐊; ) HANGUL SYLLABLE SSWAJ +C40B;C40B;110A 116A 11BE;C40B;110A 116A 11BE; # (ì‹; ì‹; 쐋; ì‹; 쐋; ) HANGUL SYLLABLE SSWAC +C40C;C40C;110A 116A 11BF;C40C;110A 116A 11BF; # (ìŒ; ìŒ; 쐌; ìŒ; 쐌; ) HANGUL SYLLABLE SSWAK +C40D;C40D;110A 116A 11C0;C40D;110A 116A 11C0; # (ì; ì; 쐍; ì; 쐍; ) HANGUL SYLLABLE SSWAT +C40E;C40E;110A 116A 11C1;C40E;110A 116A 11C1; # (ìŽ; ìŽ; á„Šá…ªá‡; ìŽ; á„Šá…ªá‡; ) HANGUL SYLLABLE SSWAP +C40F;C40F;110A 116A 11C2;C40F;110A 116A 11C2; # (ì; ì; 쐏; ì; 쐏; ) HANGUL SYLLABLE SSWAH +C410;C410;110A 116B;C410;110A 116B; # (ì; ì; á„Šá…«; ì; á„Šá…«; ) HANGUL SYLLABLE SSWAE +C411;C411;110A 116B 11A8;C411;110A 116B 11A8; # (ì‘; ì‘; 쐑; ì‘; 쐑; ) HANGUL SYLLABLE SSWAEG +C412;C412;110A 116B 11A9;C412;110A 116B 11A9; # (ì’; ì’; 쐒; ì’; 쐒; ) HANGUL SYLLABLE SSWAEGG +C413;C413;110A 116B 11AA;C413;110A 116B 11AA; # (ì“; ì“; 쐓; ì“; 쐓; ) HANGUL SYLLABLE SSWAEGS +C414;C414;110A 116B 11AB;C414;110A 116B 11AB; # (ì”; ì”; 쐔; ì”; 쐔; ) HANGUL SYLLABLE SSWAEN +C415;C415;110A 116B 11AC;C415;110A 116B 11AC; # (ì•; ì•; 쐕; ì•; 쐕; ) HANGUL SYLLABLE SSWAENJ +C416;C416;110A 116B 11AD;C416;110A 116B 11AD; # (ì–; ì–; 쐖; ì–; 쐖; ) HANGUL SYLLABLE SSWAENH +C417;C417;110A 116B 11AE;C417;110A 116B 11AE; # (ì—; ì—; 쐗; ì—; 쐗; ) HANGUL SYLLABLE SSWAED +C418;C418;110A 116B 11AF;C418;110A 116B 11AF; # (ì˜; ì˜; 쐘; ì˜; 쐘; ) HANGUL SYLLABLE SSWAEL +C419;C419;110A 116B 11B0;C419;110A 116B 11B0; # (ì™; ì™; 쐙; ì™; 쐙; ) HANGUL SYLLABLE SSWAELG +C41A;C41A;110A 116B 11B1;C41A;110A 116B 11B1; # (ìš; ìš; 쐚; ìš; 쐚; ) HANGUL SYLLABLE SSWAELM +C41B;C41B;110A 116B 11B2;C41B;110A 116B 11B2; # (ì›; ì›; 쐛; ì›; 쐛; ) HANGUL SYLLABLE SSWAELB +C41C;C41C;110A 116B 11B3;C41C;110A 116B 11B3; # (ìœ; ìœ; 쐜; ìœ; 쐜; ) HANGUL SYLLABLE SSWAELS +C41D;C41D;110A 116B 11B4;C41D;110A 116B 11B4; # (ì; ì; 쐝; ì; 쐝; ) HANGUL SYLLABLE SSWAELT +C41E;C41E;110A 116B 11B5;C41E;110A 116B 11B5; # (ìž; ìž; 쐞; ìž; 쐞; ) HANGUL SYLLABLE SSWAELP +C41F;C41F;110A 116B 11B6;C41F;110A 116B 11B6; # (ìŸ; ìŸ; 쐟; ìŸ; 쐟; ) HANGUL SYLLABLE SSWAELH +C420;C420;110A 116B 11B7;C420;110A 116B 11B7; # (ì ; ì ; 쐠; ì ; 쐠; ) HANGUL SYLLABLE SSWAEM +C421;C421;110A 116B 11B8;C421;110A 116B 11B8; # (ì¡; ì¡; 쐡; ì¡; 쐡; ) HANGUL SYLLABLE SSWAEB +C422;C422;110A 116B 11B9;C422;110A 116B 11B9; # (ì¢; ì¢; 쐢; ì¢; 쐢; ) HANGUL SYLLABLE SSWAEBS +C423;C423;110A 116B 11BA;C423;110A 116B 11BA; # (ì£; ì£; 쐣; ì£; 쐣; ) HANGUL SYLLABLE SSWAES +C424;C424;110A 116B 11BB;C424;110A 116B 11BB; # (ì¤; ì¤; 쐤; ì¤; 쐤; ) HANGUL SYLLABLE SSWAESS +C425;C425;110A 116B 11BC;C425;110A 116B 11BC; # (ì¥; ì¥; 쐥; ì¥; 쐥; ) HANGUL SYLLABLE SSWAENG +C426;C426;110A 116B 11BD;C426;110A 116B 11BD; # (ì¦; ì¦; 쐦; ì¦; 쐦; ) HANGUL SYLLABLE SSWAEJ +C427;C427;110A 116B 11BE;C427;110A 116B 11BE; # (ì§; ì§; 쐧; ì§; 쐧; ) HANGUL SYLLABLE SSWAEC +C428;C428;110A 116B 11BF;C428;110A 116B 11BF; # (ì¨; ì¨; 쐨; ì¨; 쐨; ) HANGUL SYLLABLE SSWAEK +C429;C429;110A 116B 11C0;C429;110A 116B 11C0; # (ì©; ì©; 쐩; ì©; 쐩; ) HANGUL SYLLABLE SSWAET +C42A;C42A;110A 116B 11C1;C42A;110A 116B 11C1; # (ìª; ìª; á„Šá…«á‡; ìª; á„Šá…«á‡; ) HANGUL SYLLABLE SSWAEP +C42B;C42B;110A 116B 11C2;C42B;110A 116B 11C2; # (ì«; ì«; 쐫; ì«; 쐫; ) HANGUL SYLLABLE SSWAEH +C42C;C42C;110A 116C;C42C;110A 116C; # (ì¬; ì¬; á„Šá…¬; ì¬; á„Šá…¬; ) HANGUL SYLLABLE SSOE +C42D;C42D;110A 116C 11A8;C42D;110A 116C 11A8; # (ì­; ì­; 쐭; ì­; 쐭; ) HANGUL SYLLABLE SSOEG +C42E;C42E;110A 116C 11A9;C42E;110A 116C 11A9; # (ì®; ì®; 쐮; ì®; 쐮; ) HANGUL SYLLABLE SSOEGG +C42F;C42F;110A 116C 11AA;C42F;110A 116C 11AA; # (ì¯; ì¯; 쐯; ì¯; 쐯; ) HANGUL SYLLABLE SSOEGS +C430;C430;110A 116C 11AB;C430;110A 116C 11AB; # (ì°; ì°; 쐰; ì°; 쐰; ) HANGUL SYLLABLE SSOEN +C431;C431;110A 116C 11AC;C431;110A 116C 11AC; # (ì±; ì±; 쐱; ì±; 쐱; ) HANGUL SYLLABLE SSOENJ +C432;C432;110A 116C 11AD;C432;110A 116C 11AD; # (ì²; ì²; 쐲; ì²; 쐲; ) HANGUL SYLLABLE SSOENH +C433;C433;110A 116C 11AE;C433;110A 116C 11AE; # (ì³; ì³; 쐳; ì³; 쐳; ) HANGUL SYLLABLE SSOED +C434;C434;110A 116C 11AF;C434;110A 116C 11AF; # (ì´; ì´; 쐴; ì´; 쐴; ) HANGUL SYLLABLE SSOEL +C435;C435;110A 116C 11B0;C435;110A 116C 11B0; # (ìµ; ìµ; 쐵; ìµ; 쐵; ) HANGUL SYLLABLE SSOELG +C436;C436;110A 116C 11B1;C436;110A 116C 11B1; # (ì¶; ì¶; 쐶; ì¶; 쐶; ) HANGUL SYLLABLE SSOELM +C437;C437;110A 116C 11B2;C437;110A 116C 11B2; # (ì·; ì·; 쐷; ì·; 쐷; ) HANGUL SYLLABLE SSOELB +C438;C438;110A 116C 11B3;C438;110A 116C 11B3; # (ì¸; ì¸; 쐸; ì¸; 쐸; ) HANGUL SYLLABLE SSOELS +C439;C439;110A 116C 11B4;C439;110A 116C 11B4; # (ì¹; ì¹; 쐹; ì¹; 쐹; ) HANGUL SYLLABLE SSOELT +C43A;C43A;110A 116C 11B5;C43A;110A 116C 11B5; # (ìº; ìº; 쐺; ìº; 쐺; ) HANGUL SYLLABLE SSOELP +C43B;C43B;110A 116C 11B6;C43B;110A 116C 11B6; # (ì»; ì»; 쐻; ì»; 쐻; ) HANGUL SYLLABLE SSOELH +C43C;C43C;110A 116C 11B7;C43C;110A 116C 11B7; # (ì¼; ì¼; 쐼; ì¼; 쐼; ) HANGUL SYLLABLE SSOEM +C43D;C43D;110A 116C 11B8;C43D;110A 116C 11B8; # (ì½; ì½; 쐽; ì½; 쐽; ) HANGUL SYLLABLE SSOEB +C43E;C43E;110A 116C 11B9;C43E;110A 116C 11B9; # (ì¾; ì¾; 쐾; ì¾; 쐾; ) HANGUL SYLLABLE SSOEBS +C43F;C43F;110A 116C 11BA;C43F;110A 116C 11BA; # (ì¿; ì¿; 쐿; ì¿; 쐿; ) HANGUL SYLLABLE SSOES +C440;C440;110A 116C 11BB;C440;110A 116C 11BB; # (ì‘€; ì‘€; 쑀; ì‘€; 쑀; ) HANGUL SYLLABLE SSOESS +C441;C441;110A 116C 11BC;C441;110A 116C 11BC; # (ì‘; ì‘; 쑁; ì‘; 쑁; ) HANGUL SYLLABLE SSOENG +C442;C442;110A 116C 11BD;C442;110A 116C 11BD; # (ì‘‚; ì‘‚; 쑂; ì‘‚; 쑂; ) HANGUL SYLLABLE SSOEJ +C443;C443;110A 116C 11BE;C443;110A 116C 11BE; # (쑃; 쑃; 쑃; 쑃; 쑃; ) HANGUL SYLLABLE SSOEC +C444;C444;110A 116C 11BF;C444;110A 116C 11BF; # (ì‘„; ì‘„; 쑄; ì‘„; 쑄; ) HANGUL SYLLABLE SSOEK +C445;C445;110A 116C 11C0;C445;110A 116C 11C0; # (ì‘…; ì‘…; 쑅; ì‘…; 쑅; ) HANGUL SYLLABLE SSOET +C446;C446;110A 116C 11C1;C446;110A 116C 11C1; # (쑆; 쑆; á„Šá…¬á‡; 쑆; á„Šá…¬á‡; ) HANGUL SYLLABLE SSOEP +C447;C447;110A 116C 11C2;C447;110A 116C 11C2; # (쑇; 쑇; 쑇; 쑇; 쑇; ) HANGUL SYLLABLE SSOEH +C448;C448;110A 116D;C448;110A 116D; # (쑈; 쑈; á„Šá…­; 쑈; á„Šá…­; ) HANGUL SYLLABLE SSYO +C449;C449;110A 116D 11A8;C449;110A 116D 11A8; # (쑉; 쑉; 쑉; 쑉; 쑉; ) HANGUL SYLLABLE SSYOG +C44A;C44A;110A 116D 11A9;C44A;110A 116D 11A9; # (ì‘Š; ì‘Š; 쑊; ì‘Š; 쑊; ) HANGUL SYLLABLE SSYOGG +C44B;C44B;110A 116D 11AA;C44B;110A 116D 11AA; # (ì‘‹; ì‘‹; 쑋; ì‘‹; 쑋; ) HANGUL SYLLABLE SSYOGS +C44C;C44C;110A 116D 11AB;C44C;110A 116D 11AB; # (ì‘Œ; ì‘Œ; 쑌; ì‘Œ; 쑌; ) HANGUL SYLLABLE SSYON +C44D;C44D;110A 116D 11AC;C44D;110A 116D 11AC; # (ì‘; ì‘; 쑍; ì‘; 쑍; ) HANGUL SYLLABLE SSYONJ +C44E;C44E;110A 116D 11AD;C44E;110A 116D 11AD; # (ì‘Ž; ì‘Ž; 쑎; ì‘Ž; 쑎; ) HANGUL SYLLABLE SSYONH +C44F;C44F;110A 116D 11AE;C44F;110A 116D 11AE; # (ì‘; ì‘; 쑏; ì‘; 쑏; ) HANGUL SYLLABLE SSYOD +C450;C450;110A 116D 11AF;C450;110A 116D 11AF; # (ì‘; ì‘; 쑐; ì‘; 쑐; ) HANGUL SYLLABLE SSYOL +C451;C451;110A 116D 11B0;C451;110A 116D 11B0; # (ì‘‘; ì‘‘; 쑑; ì‘‘; 쑑; ) HANGUL SYLLABLE SSYOLG +C452;C452;110A 116D 11B1;C452;110A 116D 11B1; # (ì‘’; ì‘’; 쑒; ì‘’; 쑒; ) HANGUL SYLLABLE SSYOLM +C453;C453;110A 116D 11B2;C453;110A 116D 11B2; # (ì‘“; ì‘“; 쑓; ì‘“; 쑓; ) HANGUL SYLLABLE SSYOLB +C454;C454;110A 116D 11B3;C454;110A 116D 11B3; # (ì‘”; ì‘”; 쑔; ì‘”; 쑔; ) HANGUL SYLLABLE SSYOLS +C455;C455;110A 116D 11B4;C455;110A 116D 11B4; # (ì‘•; ì‘•; 쑕; ì‘•; 쑕; ) HANGUL SYLLABLE SSYOLT +C456;C456;110A 116D 11B5;C456;110A 116D 11B5; # (ì‘–; ì‘–; 쑖; ì‘–; 쑖; ) HANGUL SYLLABLE SSYOLP +C457;C457;110A 116D 11B6;C457;110A 116D 11B6; # (ì‘—; ì‘—; 쑗; ì‘—; 쑗; ) HANGUL SYLLABLE SSYOLH +C458;C458;110A 116D 11B7;C458;110A 116D 11B7; # (쑘; 쑘; 쑘; 쑘; 쑘; ) HANGUL SYLLABLE SSYOM +C459;C459;110A 116D 11B8;C459;110A 116D 11B8; # (ì‘™; ì‘™; 쑙; ì‘™; 쑙; ) HANGUL SYLLABLE SSYOB +C45A;C45A;110A 116D 11B9;C45A;110A 116D 11B9; # (ì‘š; ì‘š; 쑚; ì‘š; 쑚; ) HANGUL SYLLABLE SSYOBS +C45B;C45B;110A 116D 11BA;C45B;110A 116D 11BA; # (ì‘›; ì‘›; 쑛; ì‘›; 쑛; ) HANGUL SYLLABLE SSYOS +C45C;C45C;110A 116D 11BB;C45C;110A 116D 11BB; # (ì‘œ; ì‘œ; 쑜; ì‘œ; 쑜; ) HANGUL SYLLABLE SSYOSS +C45D;C45D;110A 116D 11BC;C45D;110A 116D 11BC; # (ì‘; ì‘; 쑝; ì‘; 쑝; ) HANGUL SYLLABLE SSYONG +C45E;C45E;110A 116D 11BD;C45E;110A 116D 11BD; # (ì‘ž; ì‘ž; 쑞; ì‘ž; 쑞; ) HANGUL SYLLABLE SSYOJ +C45F;C45F;110A 116D 11BE;C45F;110A 116D 11BE; # (ì‘Ÿ; ì‘Ÿ; 쑟; ì‘Ÿ; 쑟; ) HANGUL SYLLABLE SSYOC +C460;C460;110A 116D 11BF;C460;110A 116D 11BF; # (ì‘ ; ì‘ ; 쑠; ì‘ ; 쑠; ) HANGUL SYLLABLE SSYOK +C461;C461;110A 116D 11C0;C461;110A 116D 11C0; # (ì‘¡; ì‘¡; 쑡; ì‘¡; 쑡; ) HANGUL SYLLABLE SSYOT +C462;C462;110A 116D 11C1;C462;110A 116D 11C1; # (ì‘¢; ì‘¢; á„Šá…­á‡; ì‘¢; á„Šá…­á‡; ) HANGUL SYLLABLE SSYOP +C463;C463;110A 116D 11C2;C463;110A 116D 11C2; # (ì‘£; ì‘£; 쑣; ì‘£; 쑣; ) HANGUL SYLLABLE SSYOH +C464;C464;110A 116E;C464;110A 116E; # (쑤; 쑤; á„Šá…®; 쑤; á„Šá…®; ) HANGUL SYLLABLE SSU +C465;C465;110A 116E 11A8;C465;110A 116E 11A8; # (ì‘¥; ì‘¥; 쑥; ì‘¥; 쑥; ) HANGUL SYLLABLE SSUG +C466;C466;110A 116E 11A9;C466;110A 116E 11A9; # (쑦; 쑦; 쑦; 쑦; 쑦; ) HANGUL SYLLABLE SSUGG +C467;C467;110A 116E 11AA;C467;110A 116E 11AA; # (쑧; 쑧; 쑧; 쑧; 쑧; ) HANGUL SYLLABLE SSUGS +C468;C468;110A 116E 11AB;C468;110A 116E 11AB; # (쑨; 쑨; 쑨; 쑨; 쑨; ) HANGUL SYLLABLE SSUN +C469;C469;110A 116E 11AC;C469;110A 116E 11AC; # (ì‘©; ì‘©; 쑩; ì‘©; 쑩; ) HANGUL SYLLABLE SSUNJ +C46A;C46A;110A 116E 11AD;C46A;110A 116E 11AD; # (쑪; 쑪; 쑪; 쑪; 쑪; ) HANGUL SYLLABLE SSUNH +C46B;C46B;110A 116E 11AE;C46B;110A 116E 11AE; # (ì‘«; ì‘«; 쑫; ì‘«; 쑫; ) HANGUL SYLLABLE SSUD +C46C;C46C;110A 116E 11AF;C46C;110A 116E 11AF; # (쑬; 쑬; 쑬; 쑬; 쑬; ) HANGUL SYLLABLE SSUL +C46D;C46D;110A 116E 11B0;C46D;110A 116E 11B0; # (ì‘­; ì‘­; 쑭; ì‘­; 쑭; ) HANGUL SYLLABLE SSULG +C46E;C46E;110A 116E 11B1;C46E;110A 116E 11B1; # (ì‘®; ì‘®; 쑮; ì‘®; 쑮; ) HANGUL SYLLABLE SSULM +C46F;C46F;110A 116E 11B2;C46F;110A 116E 11B2; # (쑯; 쑯; 쑯; 쑯; 쑯; ) HANGUL SYLLABLE SSULB +C470;C470;110A 116E 11B3;C470;110A 116E 11B3; # (ì‘°; ì‘°; 쑰; ì‘°; 쑰; ) HANGUL SYLLABLE SSULS +C471;C471;110A 116E 11B4;C471;110A 116E 11B4; # (쑱; 쑱; 쑱; 쑱; 쑱; ) HANGUL SYLLABLE SSULT +C472;C472;110A 116E 11B5;C472;110A 116E 11B5; # (쑲; 쑲; 쑲; 쑲; 쑲; ) HANGUL SYLLABLE SSULP +C473;C473;110A 116E 11B6;C473;110A 116E 11B6; # (쑳; 쑳; 쑳; 쑳; 쑳; ) HANGUL SYLLABLE SSULH +C474;C474;110A 116E 11B7;C474;110A 116E 11B7; # (ì‘´; ì‘´; 쑴; ì‘´; 쑴; ) HANGUL SYLLABLE SSUM +C475;C475;110A 116E 11B8;C475;110A 116E 11B8; # (쑵; 쑵; 쑵; 쑵; 쑵; ) HANGUL SYLLABLE SSUB +C476;C476;110A 116E 11B9;C476;110A 116E 11B9; # (쑶; 쑶; 쑶; 쑶; 쑶; ) HANGUL SYLLABLE SSUBS +C477;C477;110A 116E 11BA;C477;110A 116E 11BA; # (ì‘·; ì‘·; 쑷; ì‘·; 쑷; ) HANGUL SYLLABLE SSUS +C478;C478;110A 116E 11BB;C478;110A 116E 11BB; # (쑸; 쑸; 쑸; 쑸; 쑸; ) HANGUL SYLLABLE SSUSS +C479;C479;110A 116E 11BC;C479;110A 116E 11BC; # (쑹; 쑹; 쑹; 쑹; 쑹; ) HANGUL SYLLABLE SSUNG +C47A;C47A;110A 116E 11BD;C47A;110A 116E 11BD; # (쑺; 쑺; 쑺; 쑺; 쑺; ) HANGUL SYLLABLE SSUJ +C47B;C47B;110A 116E 11BE;C47B;110A 116E 11BE; # (ì‘»; ì‘»; 쑻; ì‘»; 쑻; ) HANGUL SYLLABLE SSUC +C47C;C47C;110A 116E 11BF;C47C;110A 116E 11BF; # (쑼; 쑼; 쑼; 쑼; 쑼; ) HANGUL SYLLABLE SSUK +C47D;C47D;110A 116E 11C0;C47D;110A 116E 11C0; # (쑽; 쑽; 쑽; 쑽; 쑽; ) HANGUL SYLLABLE SSUT +C47E;C47E;110A 116E 11C1;C47E;110A 116E 11C1; # (쑾; 쑾; á„Šá…®á‡; 쑾; á„Šá…®á‡; ) HANGUL SYLLABLE SSUP +C47F;C47F;110A 116E 11C2;C47F;110A 116E 11C2; # (ì‘¿; ì‘¿; 쑿; ì‘¿; 쑿; ) HANGUL SYLLABLE SSUH +C480;C480;110A 116F;C480;110A 116F; # (ì’€; ì’€; á„Šá…¯; ì’€; á„Šá…¯; ) HANGUL SYLLABLE SSWEO +C481;C481;110A 116F 11A8;C481;110A 116F 11A8; # (ì’; ì’; 쒁; ì’; 쒁; ) HANGUL SYLLABLE SSWEOG +C482;C482;110A 116F 11A9;C482;110A 116F 11A9; # (ì’‚; ì’‚; 쒂; ì’‚; 쒂; ) HANGUL SYLLABLE SSWEOGG +C483;C483;110A 116F 11AA;C483;110A 116F 11AA; # (ì’ƒ; ì’ƒ; 쒃; ì’ƒ; 쒃; ) HANGUL SYLLABLE SSWEOGS +C484;C484;110A 116F 11AB;C484;110A 116F 11AB; # (ì’„; ì’„; 쒄; ì’„; 쒄; ) HANGUL SYLLABLE SSWEON +C485;C485;110A 116F 11AC;C485;110A 116F 11AC; # (ì’…; ì’…; 쒅; ì’…; 쒅; ) HANGUL SYLLABLE SSWEONJ +C486;C486;110A 116F 11AD;C486;110A 116F 11AD; # (ì’†; ì’†; 쒆; ì’†; 쒆; ) HANGUL SYLLABLE SSWEONH +C487;C487;110A 116F 11AE;C487;110A 116F 11AE; # (ì’‡; ì’‡; 쒇; ì’‡; 쒇; ) HANGUL SYLLABLE SSWEOD +C488;C488;110A 116F 11AF;C488;110A 116F 11AF; # (ì’ˆ; ì’ˆ; 쒈; ì’ˆ; 쒈; ) HANGUL SYLLABLE SSWEOL +C489;C489;110A 116F 11B0;C489;110A 116F 11B0; # (ì’‰; ì’‰; 쒉; ì’‰; 쒉; ) HANGUL SYLLABLE SSWEOLG +C48A;C48A;110A 116F 11B1;C48A;110A 116F 11B1; # (ì’Š; ì’Š; 쒊; ì’Š; 쒊; ) HANGUL SYLLABLE SSWEOLM +C48B;C48B;110A 116F 11B2;C48B;110A 116F 11B2; # (ì’‹; ì’‹; 쒋; ì’‹; 쒋; ) HANGUL SYLLABLE SSWEOLB +C48C;C48C;110A 116F 11B3;C48C;110A 116F 11B3; # (ì’Œ; ì’Œ; 쒌; ì’Œ; 쒌; ) HANGUL SYLLABLE SSWEOLS +C48D;C48D;110A 116F 11B4;C48D;110A 116F 11B4; # (ì’; ì’; 쒍; ì’; 쒍; ) HANGUL SYLLABLE SSWEOLT +C48E;C48E;110A 116F 11B5;C48E;110A 116F 11B5; # (ì’Ž; ì’Ž; 쒎; ì’Ž; 쒎; ) HANGUL SYLLABLE SSWEOLP +C48F;C48F;110A 116F 11B6;C48F;110A 116F 11B6; # (ì’; ì’; 쒏; ì’; 쒏; ) HANGUL SYLLABLE SSWEOLH +C490;C490;110A 116F 11B7;C490;110A 116F 11B7; # (ì’; ì’; 쒐; ì’; 쒐; ) HANGUL SYLLABLE SSWEOM +C491;C491;110A 116F 11B8;C491;110A 116F 11B8; # (ì’‘; ì’‘; 쒑; ì’‘; 쒑; ) HANGUL SYLLABLE SSWEOB +C492;C492;110A 116F 11B9;C492;110A 116F 11B9; # (ì’’; ì’’; 쒒; ì’’; 쒒; ) HANGUL SYLLABLE SSWEOBS +C493;C493;110A 116F 11BA;C493;110A 116F 11BA; # (ì’“; ì’“; 쒓; ì’“; 쒓; ) HANGUL SYLLABLE SSWEOS +C494;C494;110A 116F 11BB;C494;110A 116F 11BB; # (ì’”; ì’”; 쒔; ì’”; 쒔; ) HANGUL SYLLABLE SSWEOSS +C495;C495;110A 116F 11BC;C495;110A 116F 11BC; # (ì’•; ì’•; 쒕; ì’•; 쒕; ) HANGUL SYLLABLE SSWEONG +C496;C496;110A 116F 11BD;C496;110A 116F 11BD; # (ì’–; ì’–; 쒖; ì’–; 쒖; ) HANGUL SYLLABLE SSWEOJ +C497;C497;110A 116F 11BE;C497;110A 116F 11BE; # (ì’—; ì’—; 쒗; ì’—; 쒗; ) HANGUL SYLLABLE SSWEOC +C498;C498;110A 116F 11BF;C498;110A 116F 11BF; # (ì’˜; ì’˜; 쒘; ì’˜; 쒘; ) HANGUL SYLLABLE SSWEOK +C499;C499;110A 116F 11C0;C499;110A 116F 11C0; # (ì’™; ì’™; 쒙; ì’™; 쒙; ) HANGUL SYLLABLE SSWEOT +C49A;C49A;110A 116F 11C1;C49A;110A 116F 11C1; # (ì’š; ì’š; á„Šá…¯á‡; ì’š; á„Šá…¯á‡; ) HANGUL SYLLABLE SSWEOP +C49B;C49B;110A 116F 11C2;C49B;110A 116F 11C2; # (ì’›; ì’›; 쒛; ì’›; 쒛; ) HANGUL SYLLABLE SSWEOH +C49C;C49C;110A 1170;C49C;110A 1170; # (ì’œ; ì’œ; á„Šá…°; ì’œ; á„Šá…°; ) HANGUL SYLLABLE SSWE +C49D;C49D;110A 1170 11A8;C49D;110A 1170 11A8; # (ì’; ì’; 쒝; ì’; 쒝; ) HANGUL SYLLABLE SSWEG +C49E;C49E;110A 1170 11A9;C49E;110A 1170 11A9; # (ì’ž; ì’ž; 쒞; ì’ž; 쒞; ) HANGUL SYLLABLE SSWEGG +C49F;C49F;110A 1170 11AA;C49F;110A 1170 11AA; # (ì’Ÿ; ì’Ÿ; 쒟; ì’Ÿ; 쒟; ) HANGUL SYLLABLE SSWEGS +C4A0;C4A0;110A 1170 11AB;C4A0;110A 1170 11AB; # (ì’ ; ì’ ; 쒠; ì’ ; 쒠; ) HANGUL SYLLABLE SSWEN +C4A1;C4A1;110A 1170 11AC;C4A1;110A 1170 11AC; # (ì’¡; ì’¡; 쒡; ì’¡; 쒡; ) HANGUL SYLLABLE SSWENJ +C4A2;C4A2;110A 1170 11AD;C4A2;110A 1170 11AD; # (ì’¢; ì’¢; 쒢; ì’¢; 쒢; ) HANGUL SYLLABLE SSWENH +C4A3;C4A3;110A 1170 11AE;C4A3;110A 1170 11AE; # (ì’£; ì’£; 쒣; ì’£; 쒣; ) HANGUL SYLLABLE SSWED +C4A4;C4A4;110A 1170 11AF;C4A4;110A 1170 11AF; # (ì’¤; ì’¤; 쒤; ì’¤; 쒤; ) HANGUL SYLLABLE SSWEL +C4A5;C4A5;110A 1170 11B0;C4A5;110A 1170 11B0; # (ì’¥; ì’¥; 쒥; ì’¥; 쒥; ) HANGUL SYLLABLE SSWELG +C4A6;C4A6;110A 1170 11B1;C4A6;110A 1170 11B1; # (ì’¦; ì’¦; 쒦; ì’¦; 쒦; ) HANGUL SYLLABLE SSWELM +C4A7;C4A7;110A 1170 11B2;C4A7;110A 1170 11B2; # (ì’§; ì’§; 쒧; ì’§; 쒧; ) HANGUL SYLLABLE SSWELB +C4A8;C4A8;110A 1170 11B3;C4A8;110A 1170 11B3; # (ì’¨; ì’¨; 쒨; ì’¨; 쒨; ) HANGUL SYLLABLE SSWELS +C4A9;C4A9;110A 1170 11B4;C4A9;110A 1170 11B4; # (ì’©; ì’©; 쒩; ì’©; 쒩; ) HANGUL SYLLABLE SSWELT +C4AA;C4AA;110A 1170 11B5;C4AA;110A 1170 11B5; # (ì’ª; ì’ª; 쒪; ì’ª; 쒪; ) HANGUL SYLLABLE SSWELP +C4AB;C4AB;110A 1170 11B6;C4AB;110A 1170 11B6; # (ì’«; ì’«; 쒫; ì’«; 쒫; ) HANGUL SYLLABLE SSWELH +C4AC;C4AC;110A 1170 11B7;C4AC;110A 1170 11B7; # (ì’¬; ì’¬; 쒬; ì’¬; 쒬; ) HANGUL SYLLABLE SSWEM +C4AD;C4AD;110A 1170 11B8;C4AD;110A 1170 11B8; # (ì’­; ì’­; 쒭; ì’­; 쒭; ) HANGUL SYLLABLE SSWEB +C4AE;C4AE;110A 1170 11B9;C4AE;110A 1170 11B9; # (ì’®; ì’®; 쒮; ì’®; 쒮; ) HANGUL SYLLABLE SSWEBS +C4AF;C4AF;110A 1170 11BA;C4AF;110A 1170 11BA; # (ì’¯; ì’¯; 쒯; ì’¯; 쒯; ) HANGUL SYLLABLE SSWES +C4B0;C4B0;110A 1170 11BB;C4B0;110A 1170 11BB; # (ì’°; ì’°; 쒰; ì’°; 쒰; ) HANGUL SYLLABLE SSWESS +C4B1;C4B1;110A 1170 11BC;C4B1;110A 1170 11BC; # (ì’±; ì’±; 쒱; ì’±; 쒱; ) HANGUL SYLLABLE SSWENG +C4B2;C4B2;110A 1170 11BD;C4B2;110A 1170 11BD; # (ì’²; ì’²; 쒲; ì’²; 쒲; ) HANGUL SYLLABLE SSWEJ +C4B3;C4B3;110A 1170 11BE;C4B3;110A 1170 11BE; # (ì’³; ì’³; 쒳; ì’³; 쒳; ) HANGUL SYLLABLE SSWEC +C4B4;C4B4;110A 1170 11BF;C4B4;110A 1170 11BF; # (ì’´; ì’´; 쒴; ì’´; 쒴; ) HANGUL SYLLABLE SSWEK +C4B5;C4B5;110A 1170 11C0;C4B5;110A 1170 11C0; # (ì’µ; ì’µ; 쒵; ì’µ; 쒵; ) HANGUL SYLLABLE SSWET +C4B6;C4B6;110A 1170 11C1;C4B6;110A 1170 11C1; # (ì’¶; ì’¶; á„Šá…°á‡; ì’¶; á„Šá…°á‡; ) HANGUL SYLLABLE SSWEP +C4B7;C4B7;110A 1170 11C2;C4B7;110A 1170 11C2; # (ì’·; ì’·; 쒷; ì’·; 쒷; ) HANGUL SYLLABLE SSWEH +C4B8;C4B8;110A 1171;C4B8;110A 1171; # (ì’¸; ì’¸; á„Šá…±; ì’¸; á„Šá…±; ) HANGUL SYLLABLE SSWI +C4B9;C4B9;110A 1171 11A8;C4B9;110A 1171 11A8; # (ì’¹; ì’¹; 쒹; ì’¹; 쒹; ) HANGUL SYLLABLE SSWIG +C4BA;C4BA;110A 1171 11A9;C4BA;110A 1171 11A9; # (ì’º; ì’º; 쒺; ì’º; 쒺; ) HANGUL SYLLABLE SSWIGG +C4BB;C4BB;110A 1171 11AA;C4BB;110A 1171 11AA; # (ì’»; ì’»; 쒻; ì’»; 쒻; ) HANGUL SYLLABLE SSWIGS +C4BC;C4BC;110A 1171 11AB;C4BC;110A 1171 11AB; # (ì’¼; ì’¼; 쒼; ì’¼; 쒼; ) HANGUL SYLLABLE SSWIN +C4BD;C4BD;110A 1171 11AC;C4BD;110A 1171 11AC; # (ì’½; ì’½; 쒽; ì’½; 쒽; ) HANGUL SYLLABLE SSWINJ +C4BE;C4BE;110A 1171 11AD;C4BE;110A 1171 11AD; # (ì’¾; ì’¾; 쒾; ì’¾; 쒾; ) HANGUL SYLLABLE SSWINH +C4BF;C4BF;110A 1171 11AE;C4BF;110A 1171 11AE; # (ì’¿; ì’¿; 쒿; ì’¿; 쒿; ) HANGUL SYLLABLE SSWID +C4C0;C4C0;110A 1171 11AF;C4C0;110A 1171 11AF; # (ì“€; ì“€; 쓀; ì“€; 쓀; ) HANGUL SYLLABLE SSWIL +C4C1;C4C1;110A 1171 11B0;C4C1;110A 1171 11B0; # (ì“; ì“; 쓁; ì“; 쓁; ) HANGUL SYLLABLE SSWILG +C4C2;C4C2;110A 1171 11B1;C4C2;110A 1171 11B1; # (ì“‚; ì“‚; 쓂; ì“‚; 쓂; ) HANGUL SYLLABLE SSWILM +C4C3;C4C3;110A 1171 11B2;C4C3;110A 1171 11B2; # (쓃; 쓃; 쓃; 쓃; 쓃; ) HANGUL SYLLABLE SSWILB +C4C4;C4C4;110A 1171 11B3;C4C4;110A 1171 11B3; # (ì“„; ì“„; 쓄; ì“„; 쓄; ) HANGUL SYLLABLE SSWILS +C4C5;C4C5;110A 1171 11B4;C4C5;110A 1171 11B4; # (ì“…; ì“…; 쓅; ì“…; 쓅; ) HANGUL SYLLABLE SSWILT +C4C6;C4C6;110A 1171 11B5;C4C6;110A 1171 11B5; # (쓆; 쓆; 쓆; 쓆; 쓆; ) HANGUL SYLLABLE SSWILP +C4C7;C4C7;110A 1171 11B6;C4C7;110A 1171 11B6; # (쓇; 쓇; 쓇; 쓇; 쓇; ) HANGUL SYLLABLE SSWILH +C4C8;C4C8;110A 1171 11B7;C4C8;110A 1171 11B7; # (쓈; 쓈; 쓈; 쓈; 쓈; ) HANGUL SYLLABLE SSWIM +C4C9;C4C9;110A 1171 11B8;C4C9;110A 1171 11B8; # (쓉; 쓉; 쓉; 쓉; 쓉; ) HANGUL SYLLABLE SSWIB +C4CA;C4CA;110A 1171 11B9;C4CA;110A 1171 11B9; # (ì“Š; ì“Š; 쓊; ì“Š; 쓊; ) HANGUL SYLLABLE SSWIBS +C4CB;C4CB;110A 1171 11BA;C4CB;110A 1171 11BA; # (ì“‹; ì“‹; 쓋; ì“‹; 쓋; ) HANGUL SYLLABLE SSWIS +C4CC;C4CC;110A 1171 11BB;C4CC;110A 1171 11BB; # (ì“Œ; ì“Œ; 쓌; ì“Œ; 쓌; ) HANGUL SYLLABLE SSWISS +C4CD;C4CD;110A 1171 11BC;C4CD;110A 1171 11BC; # (ì“; ì“; 쓍; ì“; 쓍; ) HANGUL SYLLABLE SSWING +C4CE;C4CE;110A 1171 11BD;C4CE;110A 1171 11BD; # (ì“Ž; ì“Ž; 쓎; ì“Ž; 쓎; ) HANGUL SYLLABLE SSWIJ +C4CF;C4CF;110A 1171 11BE;C4CF;110A 1171 11BE; # (ì“; ì“; 쓏; ì“; 쓏; ) HANGUL SYLLABLE SSWIC +C4D0;C4D0;110A 1171 11BF;C4D0;110A 1171 11BF; # (ì“; ì“; 쓐; ì“; 쓐; ) HANGUL SYLLABLE SSWIK +C4D1;C4D1;110A 1171 11C0;C4D1;110A 1171 11C0; # (ì“‘; ì“‘; 쓑; ì“‘; 쓑; ) HANGUL SYLLABLE SSWIT +C4D2;C4D2;110A 1171 11C1;C4D2;110A 1171 11C1; # (ì“’; ì“’; á„Šá…±á‡; ì“’; á„Šá…±á‡; ) HANGUL SYLLABLE SSWIP +C4D3;C4D3;110A 1171 11C2;C4D3;110A 1171 11C2; # (ì““; ì““; 쓓; ì““; 쓓; ) HANGUL SYLLABLE SSWIH +C4D4;C4D4;110A 1172;C4D4;110A 1172; # (ì“”; ì“”; á„Šá…²; ì“”; á„Šá…²; ) HANGUL SYLLABLE SSYU +C4D5;C4D5;110A 1172 11A8;C4D5;110A 1172 11A8; # (ì“•; ì“•; 쓕; ì“•; 쓕; ) HANGUL SYLLABLE SSYUG +C4D6;C4D6;110A 1172 11A9;C4D6;110A 1172 11A9; # (ì“–; ì“–; 쓖; ì“–; 쓖; ) HANGUL SYLLABLE SSYUGG +C4D7;C4D7;110A 1172 11AA;C4D7;110A 1172 11AA; # (ì“—; ì“—; 쓗; ì“—; 쓗; ) HANGUL SYLLABLE SSYUGS +C4D8;C4D8;110A 1172 11AB;C4D8;110A 1172 11AB; # (쓘; 쓘; 쓘; 쓘; 쓘; ) HANGUL SYLLABLE SSYUN +C4D9;C4D9;110A 1172 11AC;C4D9;110A 1172 11AC; # (ì“™; ì“™; 쓙; ì“™; 쓙; ) HANGUL SYLLABLE SSYUNJ +C4DA;C4DA;110A 1172 11AD;C4DA;110A 1172 11AD; # (ì“š; ì“š; 쓚; ì“š; 쓚; ) HANGUL SYLLABLE SSYUNH +C4DB;C4DB;110A 1172 11AE;C4DB;110A 1172 11AE; # (ì“›; ì“›; 쓛; ì“›; 쓛; ) HANGUL SYLLABLE SSYUD +C4DC;C4DC;110A 1172 11AF;C4DC;110A 1172 11AF; # (ì“œ; ì“œ; 쓜; ì“œ; 쓜; ) HANGUL SYLLABLE SSYUL +C4DD;C4DD;110A 1172 11B0;C4DD;110A 1172 11B0; # (ì“; ì“; 쓝; ì“; 쓝; ) HANGUL SYLLABLE SSYULG +C4DE;C4DE;110A 1172 11B1;C4DE;110A 1172 11B1; # (ì“ž; ì“ž; 쓞; ì“ž; 쓞; ) HANGUL SYLLABLE SSYULM +C4DF;C4DF;110A 1172 11B2;C4DF;110A 1172 11B2; # (ì“Ÿ; ì“Ÿ; 쓟; ì“Ÿ; 쓟; ) HANGUL SYLLABLE SSYULB +C4E0;C4E0;110A 1172 11B3;C4E0;110A 1172 11B3; # (ì“ ; ì“ ; 쓠; ì“ ; 쓠; ) HANGUL SYLLABLE SSYULS +C4E1;C4E1;110A 1172 11B4;C4E1;110A 1172 11B4; # (ì“¡; ì“¡; 쓡; ì“¡; 쓡; ) HANGUL SYLLABLE SSYULT +C4E2;C4E2;110A 1172 11B5;C4E2;110A 1172 11B5; # (ì“¢; ì“¢; 쓢; ì“¢; 쓢; ) HANGUL SYLLABLE SSYULP +C4E3;C4E3;110A 1172 11B6;C4E3;110A 1172 11B6; # (ì“£; ì“£; 쓣; ì“£; 쓣; ) HANGUL SYLLABLE SSYULH +C4E4;C4E4;110A 1172 11B7;C4E4;110A 1172 11B7; # (쓤; 쓤; 쓤; 쓤; 쓤; ) HANGUL SYLLABLE SSYUM +C4E5;C4E5;110A 1172 11B8;C4E5;110A 1172 11B8; # (ì“¥; ì“¥; 쓥; ì“¥; 쓥; ) HANGUL SYLLABLE SSYUB +C4E6;C4E6;110A 1172 11B9;C4E6;110A 1172 11B9; # (쓦; 쓦; 쓦; 쓦; 쓦; ) HANGUL SYLLABLE SSYUBS +C4E7;C4E7;110A 1172 11BA;C4E7;110A 1172 11BA; # (쓧; 쓧; 쓧; 쓧; 쓧; ) HANGUL SYLLABLE SSYUS +C4E8;C4E8;110A 1172 11BB;C4E8;110A 1172 11BB; # (쓨; 쓨; 쓨; 쓨; 쓨; ) HANGUL SYLLABLE SSYUSS +C4E9;C4E9;110A 1172 11BC;C4E9;110A 1172 11BC; # (ì“©; ì“©; 쓩; ì“©; 쓩; ) HANGUL SYLLABLE SSYUNG +C4EA;C4EA;110A 1172 11BD;C4EA;110A 1172 11BD; # (쓪; 쓪; 쓪; 쓪; 쓪; ) HANGUL SYLLABLE SSYUJ +C4EB;C4EB;110A 1172 11BE;C4EB;110A 1172 11BE; # (ì“«; ì“«; 쓫; ì“«; 쓫; ) HANGUL SYLLABLE SSYUC +C4EC;C4EC;110A 1172 11BF;C4EC;110A 1172 11BF; # (쓬; 쓬; 쓬; 쓬; 쓬; ) HANGUL SYLLABLE SSYUK +C4ED;C4ED;110A 1172 11C0;C4ED;110A 1172 11C0; # (ì“­; ì“­; 쓭; ì“­; 쓭; ) HANGUL SYLLABLE SSYUT +C4EE;C4EE;110A 1172 11C1;C4EE;110A 1172 11C1; # (ì“®; ì“®; á„Šá…²á‡; ì“®; á„Šá…²á‡; ) HANGUL SYLLABLE SSYUP +C4EF;C4EF;110A 1172 11C2;C4EF;110A 1172 11C2; # (쓯; 쓯; 쓯; 쓯; 쓯; ) HANGUL SYLLABLE SSYUH +C4F0;C4F0;110A 1173;C4F0;110A 1173; # (ì“°; ì“°; á„Šá…³; ì“°; á„Šá…³; ) HANGUL SYLLABLE SSEU +C4F1;C4F1;110A 1173 11A8;C4F1;110A 1173 11A8; # (쓱; 쓱; 쓱; 쓱; 쓱; ) HANGUL SYLLABLE SSEUG +C4F2;C4F2;110A 1173 11A9;C4F2;110A 1173 11A9; # (쓲; 쓲; 쓲; 쓲; 쓲; ) HANGUL SYLLABLE SSEUGG +C4F3;C4F3;110A 1173 11AA;C4F3;110A 1173 11AA; # (쓳; 쓳; 쓳; 쓳; 쓳; ) HANGUL SYLLABLE SSEUGS +C4F4;C4F4;110A 1173 11AB;C4F4;110A 1173 11AB; # (ì“´; ì“´; 쓴; ì“´; 쓴; ) HANGUL SYLLABLE SSEUN +C4F5;C4F5;110A 1173 11AC;C4F5;110A 1173 11AC; # (쓵; 쓵; 쓵; 쓵; 쓵; ) HANGUL SYLLABLE SSEUNJ +C4F6;C4F6;110A 1173 11AD;C4F6;110A 1173 11AD; # (쓶; 쓶; 쓶; 쓶; 쓶; ) HANGUL SYLLABLE SSEUNH +C4F7;C4F7;110A 1173 11AE;C4F7;110A 1173 11AE; # (ì“·; ì“·; 쓷; ì“·; 쓷; ) HANGUL SYLLABLE SSEUD +C4F8;C4F8;110A 1173 11AF;C4F8;110A 1173 11AF; # (쓸; 쓸; 쓸; 쓸; 쓸; ) HANGUL SYLLABLE SSEUL +C4F9;C4F9;110A 1173 11B0;C4F9;110A 1173 11B0; # (쓹; 쓹; 쓹; 쓹; 쓹; ) HANGUL SYLLABLE SSEULG +C4FA;C4FA;110A 1173 11B1;C4FA;110A 1173 11B1; # (쓺; 쓺; 쓺; 쓺; 쓺; ) HANGUL SYLLABLE SSEULM +C4FB;C4FB;110A 1173 11B2;C4FB;110A 1173 11B2; # (ì“»; ì“»; 쓻; ì“»; 쓻; ) HANGUL SYLLABLE SSEULB +C4FC;C4FC;110A 1173 11B3;C4FC;110A 1173 11B3; # (쓼; 쓼; 쓼; 쓼; 쓼; ) HANGUL SYLLABLE SSEULS +C4FD;C4FD;110A 1173 11B4;C4FD;110A 1173 11B4; # (쓽; 쓽; 쓽; 쓽; 쓽; ) HANGUL SYLLABLE SSEULT +C4FE;C4FE;110A 1173 11B5;C4FE;110A 1173 11B5; # (쓾; 쓾; 쓾; 쓾; 쓾; ) HANGUL SYLLABLE SSEULP +C4FF;C4FF;110A 1173 11B6;C4FF;110A 1173 11B6; # (ì“¿; ì“¿; 쓿; ì“¿; 쓿; ) HANGUL SYLLABLE SSEULH +C500;C500;110A 1173 11B7;C500;110A 1173 11B7; # (씀; 씀; 씀; 씀; 씀; ) HANGUL SYLLABLE SSEUM +C501;C501;110A 1173 11B8;C501;110A 1173 11B8; # (ì”; ì”; 씁; ì”; 씁; ) HANGUL SYLLABLE SSEUB +C502;C502;110A 1173 11B9;C502;110A 1173 11B9; # (씂; 씂; 씂; 씂; 씂; ) HANGUL SYLLABLE SSEUBS +C503;C503;110A 1173 11BA;C503;110A 1173 11BA; # (씃; 씃; 씃; 씃; 씃; ) HANGUL SYLLABLE SSEUS +C504;C504;110A 1173 11BB;C504;110A 1173 11BB; # (씄; 씄; 씄; 씄; 씄; ) HANGUL SYLLABLE SSEUSS +C505;C505;110A 1173 11BC;C505;110A 1173 11BC; # (ì”…; ì”…; 씅; ì”…; 씅; ) HANGUL SYLLABLE SSEUNG +C506;C506;110A 1173 11BD;C506;110A 1173 11BD; # (씆; 씆; 씆; 씆; 씆; ) HANGUL SYLLABLE SSEUJ +C507;C507;110A 1173 11BE;C507;110A 1173 11BE; # (씇; 씇; 씇; 씇; 씇; ) HANGUL SYLLABLE SSEUC +C508;C508;110A 1173 11BF;C508;110A 1173 11BF; # (씈; 씈; 씈; 씈; 씈; ) HANGUL SYLLABLE SSEUK +C509;C509;110A 1173 11C0;C509;110A 1173 11C0; # (씉; 씉; 씉; 씉; 씉; ) HANGUL SYLLABLE SSEUT +C50A;C50A;110A 1173 11C1;C50A;110A 1173 11C1; # (씊; 씊; á„Šá…³á‡; 씊; á„Šá…³á‡; ) HANGUL SYLLABLE SSEUP +C50B;C50B;110A 1173 11C2;C50B;110A 1173 11C2; # (씋; 씋; 씋; 씋; 씋; ) HANGUL SYLLABLE SSEUH +C50C;C50C;110A 1174;C50C;110A 1174; # (씌; 씌; á„Šá…´; 씌; á„Šá…´; ) HANGUL SYLLABLE SSYI +C50D;C50D;110A 1174 11A8;C50D;110A 1174 11A8; # (ì”; ì”; 씍; ì”; 씍; ) HANGUL SYLLABLE SSYIG +C50E;C50E;110A 1174 11A9;C50E;110A 1174 11A9; # (씎; 씎; 씎; 씎; 씎; ) HANGUL SYLLABLE SSYIGG +C50F;C50F;110A 1174 11AA;C50F;110A 1174 11AA; # (ì”; ì”; 씏; ì”; 씏; ) HANGUL SYLLABLE SSYIGS +C510;C510;110A 1174 11AB;C510;110A 1174 11AB; # (ì”; ì”; 씐; ì”; 씐; ) HANGUL SYLLABLE SSYIN +C511;C511;110A 1174 11AC;C511;110A 1174 11AC; # (씑; 씑; 씑; 씑; 씑; ) HANGUL SYLLABLE SSYINJ +C512;C512;110A 1174 11AD;C512;110A 1174 11AD; # (ì”’; ì”’; 씒; ì”’; 씒; ) HANGUL SYLLABLE SSYINH +C513;C513;110A 1174 11AE;C513;110A 1174 11AE; # (씓; 씓; 씓; 씓; 씓; ) HANGUL SYLLABLE SSYID +C514;C514;110A 1174 11AF;C514;110A 1174 11AF; # (ì””; ì””; 씔; ì””; 씔; ) HANGUL SYLLABLE SSYIL +C515;C515;110A 1174 11B0;C515;110A 1174 11B0; # (씕; 씕; 씕; 씕; 씕; ) HANGUL SYLLABLE SSYILG +C516;C516;110A 1174 11B1;C516;110A 1174 11B1; # (ì”–; ì”–; 씖; ì”–; 씖; ) HANGUL SYLLABLE SSYILM +C517;C517;110A 1174 11B2;C517;110A 1174 11B2; # (ì”—; ì”—; 씗; ì”—; 씗; ) HANGUL SYLLABLE SSYILB +C518;C518;110A 1174 11B3;C518;110A 1174 11B3; # (씘; 씘; 씘; 씘; 씘; ) HANGUL SYLLABLE SSYILS +C519;C519;110A 1174 11B4;C519;110A 1174 11B4; # (ì”™; ì”™; 씙; ì”™; 씙; ) HANGUL SYLLABLE SSYILT +C51A;C51A;110A 1174 11B5;C51A;110A 1174 11B5; # (씚; 씚; 씚; 씚; 씚; ) HANGUL SYLLABLE SSYILP +C51B;C51B;110A 1174 11B6;C51B;110A 1174 11B6; # (ì”›; ì”›; 씛; ì”›; 씛; ) HANGUL SYLLABLE SSYILH +C51C;C51C;110A 1174 11B7;C51C;110A 1174 11B7; # (씜; 씜; 씜; 씜; 씜; ) HANGUL SYLLABLE SSYIM +C51D;C51D;110A 1174 11B8;C51D;110A 1174 11B8; # (ì”; ì”; 씝; ì”; 씝; ) HANGUL SYLLABLE SSYIB +C51E;C51E;110A 1174 11B9;C51E;110A 1174 11B9; # (씞; 씞; 씞; 씞; 씞; ) HANGUL SYLLABLE SSYIBS +C51F;C51F;110A 1174 11BA;C51F;110A 1174 11BA; # (씟; 씟; 씟; 씟; 씟; ) HANGUL SYLLABLE SSYIS +C520;C520;110A 1174 11BB;C520;110A 1174 11BB; # (ì” ; ì” ; 씠; ì” ; 씠; ) HANGUL SYLLABLE SSYISS +C521;C521;110A 1174 11BC;C521;110A 1174 11BC; # (씡; 씡; 씡; 씡; 씡; ) HANGUL SYLLABLE SSYING +C522;C522;110A 1174 11BD;C522;110A 1174 11BD; # (씢; 씢; 씢; 씢; 씢; ) HANGUL SYLLABLE SSYIJ +C523;C523;110A 1174 11BE;C523;110A 1174 11BE; # (씣; 씣; 씣; 씣; 씣; ) HANGUL SYLLABLE SSYIC +C524;C524;110A 1174 11BF;C524;110A 1174 11BF; # (씤; 씤; 씤; 씤; 씤; ) HANGUL SYLLABLE SSYIK +C525;C525;110A 1174 11C0;C525;110A 1174 11C0; # (씥; 씥; 씥; 씥; 씥; ) HANGUL SYLLABLE SSYIT +C526;C526;110A 1174 11C1;C526;110A 1174 11C1; # (씦; 씦; á„Šá…´á‡; 씦; á„Šá…´á‡; ) HANGUL SYLLABLE SSYIP +C527;C527;110A 1174 11C2;C527;110A 1174 11C2; # (씧; 씧; 씧; 씧; 씧; ) HANGUL SYLLABLE SSYIH +C528;C528;110A 1175;C528;110A 1175; # (씨; 씨; á„Šá…µ; 씨; á„Šá…µ; ) HANGUL SYLLABLE SSI +C529;C529;110A 1175 11A8;C529;110A 1175 11A8; # (씩; 씩; 씩; 씩; 씩; ) HANGUL SYLLABLE SSIG +C52A;C52A;110A 1175 11A9;C52A;110A 1175 11A9; # (씪; 씪; 씪; 씪; 씪; ) HANGUL SYLLABLE SSIGG +C52B;C52B;110A 1175 11AA;C52B;110A 1175 11AA; # (씫; 씫; 씫; 씫; 씫; ) HANGUL SYLLABLE SSIGS +C52C;C52C;110A 1175 11AB;C52C;110A 1175 11AB; # (씬; 씬; 씬; 씬; 씬; ) HANGUL SYLLABLE SSIN +C52D;C52D;110A 1175 11AC;C52D;110A 1175 11AC; # (ì”­; ì”­; 씭; ì”­; 씭; ) HANGUL SYLLABLE SSINJ +C52E;C52E;110A 1175 11AD;C52E;110A 1175 11AD; # (ì”®; ì”®; 씮; ì”®; 씮; ) HANGUL SYLLABLE SSINH +C52F;C52F;110A 1175 11AE;C52F;110A 1175 11AE; # (씯; 씯; 씯; 씯; 씯; ) HANGUL SYLLABLE SSID +C530;C530;110A 1175 11AF;C530;110A 1175 11AF; # (ì”°; ì”°; 씰; ì”°; 씰; ) HANGUL SYLLABLE SSIL +C531;C531;110A 1175 11B0;C531;110A 1175 11B0; # (ì”±; ì”±; 씱; ì”±; 씱; ) HANGUL SYLLABLE SSILG +C532;C532;110A 1175 11B1;C532;110A 1175 11B1; # (씲; 씲; 씲; 씲; 씲; ) HANGUL SYLLABLE SSILM +C533;C533;110A 1175 11B2;C533;110A 1175 11B2; # (씳; 씳; 씳; 씳; 씳; ) HANGUL SYLLABLE SSILB +C534;C534;110A 1175 11B3;C534;110A 1175 11B3; # (ì”´; ì”´; 씴; ì”´; 씴; ) HANGUL SYLLABLE SSILS +C535;C535;110A 1175 11B4;C535;110A 1175 11B4; # (씵; 씵; 씵; 씵; 씵; ) HANGUL SYLLABLE SSILT +C536;C536;110A 1175 11B5;C536;110A 1175 11B5; # (씶; 씶; 씶; 씶; 씶; ) HANGUL SYLLABLE SSILP +C537;C537;110A 1175 11B6;C537;110A 1175 11B6; # (ì”·; ì”·; 씷; ì”·; 씷; ) HANGUL SYLLABLE SSILH +C538;C538;110A 1175 11B7;C538;110A 1175 11B7; # (씸; 씸; 씸; 씸; 씸; ) HANGUL SYLLABLE SSIM +C539;C539;110A 1175 11B8;C539;110A 1175 11B8; # (씹; 씹; 씹; 씹; 씹; ) HANGUL SYLLABLE SSIB +C53A;C53A;110A 1175 11B9;C53A;110A 1175 11B9; # (씺; 씺; 씺; 씺; 씺; ) HANGUL SYLLABLE SSIBS +C53B;C53B;110A 1175 11BA;C53B;110A 1175 11BA; # (ì”»; ì”»; 씻; ì”»; 씻; ) HANGUL SYLLABLE SSIS +C53C;C53C;110A 1175 11BB;C53C;110A 1175 11BB; # (씼; 씼; 씼; 씼; 씼; ) HANGUL SYLLABLE SSISS +C53D;C53D;110A 1175 11BC;C53D;110A 1175 11BC; # (씽; 씽; 씽; 씽; 씽; ) HANGUL SYLLABLE SSING +C53E;C53E;110A 1175 11BD;C53E;110A 1175 11BD; # (씾; 씾; 씾; 씾; 씾; ) HANGUL SYLLABLE SSIJ +C53F;C53F;110A 1175 11BE;C53F;110A 1175 11BE; # (씿; 씿; 씿; 씿; 씿; ) HANGUL SYLLABLE SSIC +C540;C540;110A 1175 11BF;C540;110A 1175 11BF; # (ì•€; ì•€; 앀; ì•€; 앀; ) HANGUL SYLLABLE SSIK +C541;C541;110A 1175 11C0;C541;110A 1175 11C0; # (ì•; ì•; 앁; ì•; 앁; ) HANGUL SYLLABLE SSIT +C542;C542;110A 1175 11C1;C542;110A 1175 11C1; # (ì•‚; ì•‚; á„Šá…µá‡; ì•‚; á„Šá…µá‡; ) HANGUL SYLLABLE SSIP +C543;C543;110A 1175 11C2;C543;110A 1175 11C2; # (앃; 앃; 앃; 앃; 앃; ) HANGUL SYLLABLE SSIH +C544;C544;110B 1161;C544;110B 1161; # (ì•„; ì•„; á„‹á…¡; ì•„; á„‹á…¡; ) HANGUL SYLLABLE A +C545;C545;110B 1161 11A8;C545;110B 1161 11A8; # (ì•…; ì•…; 악; ì•…; 악; ) HANGUL SYLLABLE AG +C546;C546;110B 1161 11A9;C546;110B 1161 11A9; # (앆; 앆; 앆; 앆; 앆; ) HANGUL SYLLABLE AGG +C547;C547;110B 1161 11AA;C547;110B 1161 11AA; # (앇; 앇; 앇; 앇; 앇; ) HANGUL SYLLABLE AGS +C548;C548;110B 1161 11AB;C548;110B 1161 11AB; # (안; 안; 안; 안; 안; ) HANGUL SYLLABLE AN +C549;C549;110B 1161 11AC;C549;110B 1161 11AC; # (앉; 앉; 앉; 앉; 앉; ) HANGUL SYLLABLE ANJ +C54A;C54A;110B 1161 11AD;C54A;110B 1161 11AD; # (ì•Š; ì•Š; 않; ì•Š; 않; ) HANGUL SYLLABLE ANH +C54B;C54B;110B 1161 11AE;C54B;110B 1161 11AE; # (ì•‹; ì•‹; 앋; ì•‹; 앋; ) HANGUL SYLLABLE AD +C54C;C54C;110B 1161 11AF;C54C;110B 1161 11AF; # (ì•Œ; ì•Œ; 알; ì•Œ; 알; ) HANGUL SYLLABLE AL +C54D;C54D;110B 1161 11B0;C54D;110B 1161 11B0; # (ì•; ì•; 앍; ì•; 앍; ) HANGUL SYLLABLE ALG +C54E;C54E;110B 1161 11B1;C54E;110B 1161 11B1; # (ì•Ž; ì•Ž; 앎; ì•Ž; 앎; ) HANGUL SYLLABLE ALM +C54F;C54F;110B 1161 11B2;C54F;110B 1161 11B2; # (ì•; ì•; 앏; ì•; 앏; ) HANGUL SYLLABLE ALB +C550;C550;110B 1161 11B3;C550;110B 1161 11B3; # (ì•; ì•; 앐; ì•; 앐; ) HANGUL SYLLABLE ALS +C551;C551;110B 1161 11B4;C551;110B 1161 11B4; # (ì•‘; ì•‘; 앑; ì•‘; 앑; ) HANGUL SYLLABLE ALT +C552;C552;110B 1161 11B5;C552;110B 1161 11B5; # (ì•’; ì•’; 앒; ì•’; 앒; ) HANGUL SYLLABLE ALP +C553;C553;110B 1161 11B6;C553;110B 1161 11B6; # (ì•“; ì•“; 앓; ì•“; 앓; ) HANGUL SYLLABLE ALH +C554;C554;110B 1161 11B7;C554;110B 1161 11B7; # (ì•”; ì•”; 암; ì•”; 암; ) HANGUL SYLLABLE AM +C555;C555;110B 1161 11B8;C555;110B 1161 11B8; # (ì••; ì••; 압; ì••; 압; ) HANGUL SYLLABLE AB +C556;C556;110B 1161 11B9;C556;110B 1161 11B9; # (ì•–; ì•–; 앖; ì•–; 앖; ) HANGUL SYLLABLE ABS +C557;C557;110B 1161 11BA;C557;110B 1161 11BA; # (ì•—; ì•—; 앗; ì•—; 앗; ) HANGUL SYLLABLE AS +C558;C558;110B 1161 11BB;C558;110B 1161 11BB; # (았; 았; 았; 았; 았; ) HANGUL SYLLABLE ASS +C559;C559;110B 1161 11BC;C559;110B 1161 11BC; # (ì•™; ì•™; 앙; ì•™; 앙; ) HANGUL SYLLABLE ANG +C55A;C55A;110B 1161 11BD;C55A;110B 1161 11BD; # (ì•š; ì•š; 앚; ì•š; 앚; ) HANGUL SYLLABLE AJ +C55B;C55B;110B 1161 11BE;C55B;110B 1161 11BE; # (ì•›; ì•›; 앛; ì•›; 앛; ) HANGUL SYLLABLE AC +C55C;C55C;110B 1161 11BF;C55C;110B 1161 11BF; # (ì•œ; ì•œ; 앜; ì•œ; 앜; ) HANGUL SYLLABLE AK +C55D;C55D;110B 1161 11C0;C55D;110B 1161 11C0; # (ì•; ì•; 앝; ì•; 앝; ) HANGUL SYLLABLE AT +C55E;C55E;110B 1161 11C1;C55E;110B 1161 11C1; # (ì•ž; ì•ž; á„‹á…¡á‡; ì•ž; á„‹á…¡á‡; ) HANGUL SYLLABLE AP +C55F;C55F;110B 1161 11C2;C55F;110B 1161 11C2; # (ì•Ÿ; ì•Ÿ; 앟; ì•Ÿ; 앟; ) HANGUL SYLLABLE AH +C560;C560;110B 1162;C560;110B 1162; # (ì• ; ì• ; á„‹á…¢; ì• ; á„‹á…¢; ) HANGUL SYLLABLE AE +C561;C561;110B 1162 11A8;C561;110B 1162 11A8; # (ì•¡; ì•¡; 액; ì•¡; 액; ) HANGUL SYLLABLE AEG +C562;C562;110B 1162 11A9;C562;110B 1162 11A9; # (ì•¢; ì•¢; 앢; ì•¢; 앢; ) HANGUL SYLLABLE AEGG +C563;C563;110B 1162 11AA;C563;110B 1162 11AA; # (ì•£; ì•£; 앣; ì•£; 앣; ) HANGUL SYLLABLE AEGS +C564;C564;110B 1162 11AB;C564;110B 1162 11AB; # (앤; 앤; 앤; 앤; 앤; ) HANGUL SYLLABLE AEN +C565;C565;110B 1162 11AC;C565;110B 1162 11AC; # (ì•¥; ì•¥; 앥; ì•¥; 앥; ) HANGUL SYLLABLE AENJ +C566;C566;110B 1162 11AD;C566;110B 1162 11AD; # (앦; 앦; 앦; 앦; 앦; ) HANGUL SYLLABLE AENH +C567;C567;110B 1162 11AE;C567;110B 1162 11AE; # (앧; 앧; 앧; 앧; 앧; ) HANGUL SYLLABLE AED +C568;C568;110B 1162 11AF;C568;110B 1162 11AF; # (앨; 앨; 앨; 앨; 앨; ) HANGUL SYLLABLE AEL +C569;C569;110B 1162 11B0;C569;110B 1162 11B0; # (ì•©; ì•©; 앩; ì•©; 앩; ) HANGUL SYLLABLE AELG +C56A;C56A;110B 1162 11B1;C56A;110B 1162 11B1; # (앪; 앪; 앪; 앪; 앪; ) HANGUL SYLLABLE AELM +C56B;C56B;110B 1162 11B2;C56B;110B 1162 11B2; # (ì•«; ì•«; 앫; ì•«; 앫; ) HANGUL SYLLABLE AELB +C56C;C56C;110B 1162 11B3;C56C;110B 1162 11B3; # (앬; 앬; 앬; 앬; 앬; ) HANGUL SYLLABLE AELS +C56D;C56D;110B 1162 11B4;C56D;110B 1162 11B4; # (ì•­; ì•­; 앭; ì•­; 앭; ) HANGUL SYLLABLE AELT +C56E;C56E;110B 1162 11B5;C56E;110B 1162 11B5; # (ì•®; ì•®; 앮; ì•®; 앮; ) HANGUL SYLLABLE AELP +C56F;C56F;110B 1162 11B6;C56F;110B 1162 11B6; # (앯; 앯; 앯; 앯; 앯; ) HANGUL SYLLABLE AELH +C570;C570;110B 1162 11B7;C570;110B 1162 11B7; # (ì•°; ì•°; 앰; ì•°; 앰; ) HANGUL SYLLABLE AEM +C571;C571;110B 1162 11B8;C571;110B 1162 11B8; # (앱; 앱; 앱; 앱; 앱; ) HANGUL SYLLABLE AEB +C572;C572;110B 1162 11B9;C572;110B 1162 11B9; # (앲; 앲; 앲; 앲; 앲; ) HANGUL SYLLABLE AEBS +C573;C573;110B 1162 11BA;C573;110B 1162 11BA; # (앳; 앳; 앳; 앳; 앳; ) HANGUL SYLLABLE AES +C574;C574;110B 1162 11BB;C574;110B 1162 11BB; # (ì•´; ì•´; 앴; ì•´; 앴; ) HANGUL SYLLABLE AESS +C575;C575;110B 1162 11BC;C575;110B 1162 11BC; # (앵; 앵; 앵; 앵; 앵; ) HANGUL SYLLABLE AENG +C576;C576;110B 1162 11BD;C576;110B 1162 11BD; # (앶; 앶; 앶; 앶; 앶; ) HANGUL SYLLABLE AEJ +C577;C577;110B 1162 11BE;C577;110B 1162 11BE; # (ì•·; ì•·; 앷; ì•·; 앷; ) HANGUL SYLLABLE AEC +C578;C578;110B 1162 11BF;C578;110B 1162 11BF; # (앸; 앸; 앸; 앸; 앸; ) HANGUL SYLLABLE AEK +C579;C579;110B 1162 11C0;C579;110B 1162 11C0; # (앹; 앹; 앹; 앹; 앹; ) HANGUL SYLLABLE AET +C57A;C57A;110B 1162 11C1;C57A;110B 1162 11C1; # (앺; 앺; á„‹á…¢á‡; 앺; á„‹á…¢á‡; ) HANGUL SYLLABLE AEP +C57B;C57B;110B 1162 11C2;C57B;110B 1162 11C2; # (ì•»; ì•»; 앻; ì•»; 앻; ) HANGUL SYLLABLE AEH +C57C;C57C;110B 1163;C57C;110B 1163; # (야; 야; á„‹á…£; 야; á„‹á…£; ) HANGUL SYLLABLE YA +C57D;C57D;110B 1163 11A8;C57D;110B 1163 11A8; # (약; 약; 약; 약; 약; ) HANGUL SYLLABLE YAG +C57E;C57E;110B 1163 11A9;C57E;110B 1163 11A9; # (앾; 앾; 앾; 앾; 앾; ) HANGUL SYLLABLE YAGG +C57F;C57F;110B 1163 11AA;C57F;110B 1163 11AA; # (ì•¿; ì•¿; 앿; ì•¿; 앿; ) HANGUL SYLLABLE YAGS +C580;C580;110B 1163 11AB;C580;110B 1163 11AB; # (ì–€; ì–€; 얀; ì–€; 얀; ) HANGUL SYLLABLE YAN +C581;C581;110B 1163 11AC;C581;110B 1163 11AC; # (ì–; ì–; 얁; ì–; 얁; ) HANGUL SYLLABLE YANJ +C582;C582;110B 1163 11AD;C582;110B 1163 11AD; # (ì–‚; ì–‚; 얂; ì–‚; 얂; ) HANGUL SYLLABLE YANH +C583;C583;110B 1163 11AE;C583;110B 1163 11AE; # (ì–ƒ; ì–ƒ; 얃; ì–ƒ; 얃; ) HANGUL SYLLABLE YAD +C584;C584;110B 1163 11AF;C584;110B 1163 11AF; # (ì–„; ì–„; 얄; ì–„; 얄; ) HANGUL SYLLABLE YAL +C585;C585;110B 1163 11B0;C585;110B 1163 11B0; # (ì–…; ì–…; 얅; ì–…; 얅; ) HANGUL SYLLABLE YALG +C586;C586;110B 1163 11B1;C586;110B 1163 11B1; # (ì–†; ì–†; 얆; ì–†; 얆; ) HANGUL SYLLABLE YALM +C587;C587;110B 1163 11B2;C587;110B 1163 11B2; # (ì–‡; ì–‡; 얇; ì–‡; 얇; ) HANGUL SYLLABLE YALB +C588;C588;110B 1163 11B3;C588;110B 1163 11B3; # (ì–ˆ; ì–ˆ; 얈; ì–ˆ; 얈; ) HANGUL SYLLABLE YALS +C589;C589;110B 1163 11B4;C589;110B 1163 11B4; # (ì–‰; ì–‰; 얉; ì–‰; 얉; ) HANGUL SYLLABLE YALT +C58A;C58A;110B 1163 11B5;C58A;110B 1163 11B5; # (ì–Š; ì–Š; 얊; ì–Š; 얊; ) HANGUL SYLLABLE YALP +C58B;C58B;110B 1163 11B6;C58B;110B 1163 11B6; # (ì–‹; ì–‹; 얋; ì–‹; 얋; ) HANGUL SYLLABLE YALH +C58C;C58C;110B 1163 11B7;C58C;110B 1163 11B7; # (ì–Œ; ì–Œ; 얌; ì–Œ; 얌; ) HANGUL SYLLABLE YAM +C58D;C58D;110B 1163 11B8;C58D;110B 1163 11B8; # (ì–; ì–; 얍; ì–; 얍; ) HANGUL SYLLABLE YAB +C58E;C58E;110B 1163 11B9;C58E;110B 1163 11B9; # (ì–Ž; ì–Ž; 얎; ì–Ž; 얎; ) HANGUL SYLLABLE YABS +C58F;C58F;110B 1163 11BA;C58F;110B 1163 11BA; # (ì–; ì–; 얏; ì–; 얏; ) HANGUL SYLLABLE YAS +C590;C590;110B 1163 11BB;C590;110B 1163 11BB; # (ì–; ì–; 얐; ì–; 얐; ) HANGUL SYLLABLE YASS +C591;C591;110B 1163 11BC;C591;110B 1163 11BC; # (ì–‘; ì–‘; 양; ì–‘; 양; ) HANGUL SYLLABLE YANG +C592;C592;110B 1163 11BD;C592;110B 1163 11BD; # (ì–’; ì–’; 얒; ì–’; 얒; ) HANGUL SYLLABLE YAJ +C593;C593;110B 1163 11BE;C593;110B 1163 11BE; # (ì–“; ì–“; 얓; ì–“; 얓; ) HANGUL SYLLABLE YAC +C594;C594;110B 1163 11BF;C594;110B 1163 11BF; # (ì–”; ì–”; 얔; ì–”; 얔; ) HANGUL SYLLABLE YAK +C595;C595;110B 1163 11C0;C595;110B 1163 11C0; # (ì–•; ì–•; 얕; ì–•; 얕; ) HANGUL SYLLABLE YAT +C596;C596;110B 1163 11C1;C596;110B 1163 11C1; # (ì––; ì––; á„‹á…£á‡; ì––; á„‹á…£á‡; ) HANGUL SYLLABLE YAP +C597;C597;110B 1163 11C2;C597;110B 1163 11C2; # (ì–—; ì–—; 얗; ì–—; 얗; ) HANGUL SYLLABLE YAH +C598;C598;110B 1164;C598;110B 1164; # (ì–˜; ì–˜; á„‹á…¤; ì–˜; á„‹á…¤; ) HANGUL SYLLABLE YAE +C599;C599;110B 1164 11A8;C599;110B 1164 11A8; # (ì–™; ì–™; 얙; ì–™; 얙; ) HANGUL SYLLABLE YAEG +C59A;C59A;110B 1164 11A9;C59A;110B 1164 11A9; # (ì–š; ì–š; 얚; ì–š; 얚; ) HANGUL SYLLABLE YAEGG +C59B;C59B;110B 1164 11AA;C59B;110B 1164 11AA; # (ì–›; ì–›; 얛; ì–›; 얛; ) HANGUL SYLLABLE YAEGS +C59C;C59C;110B 1164 11AB;C59C;110B 1164 11AB; # (ì–œ; ì–œ; 얜; ì–œ; 얜; ) HANGUL SYLLABLE YAEN +C59D;C59D;110B 1164 11AC;C59D;110B 1164 11AC; # (ì–; ì–; 얝; ì–; 얝; ) HANGUL SYLLABLE YAENJ +C59E;C59E;110B 1164 11AD;C59E;110B 1164 11AD; # (ì–ž; ì–ž; 얞; ì–ž; 얞; ) HANGUL SYLLABLE YAENH +C59F;C59F;110B 1164 11AE;C59F;110B 1164 11AE; # (ì–Ÿ; ì–Ÿ; 얟; ì–Ÿ; 얟; ) HANGUL SYLLABLE YAED +C5A0;C5A0;110B 1164 11AF;C5A0;110B 1164 11AF; # (ì– ; ì– ; 얠; ì– ; 얠; ) HANGUL SYLLABLE YAEL +C5A1;C5A1;110B 1164 11B0;C5A1;110B 1164 11B0; # (ì–¡; ì–¡; 얡; ì–¡; 얡; ) HANGUL SYLLABLE YAELG +C5A2;C5A2;110B 1164 11B1;C5A2;110B 1164 11B1; # (ì–¢; ì–¢; 얢; ì–¢; 얢; ) HANGUL SYLLABLE YAELM +C5A3;C5A3;110B 1164 11B2;C5A3;110B 1164 11B2; # (ì–£; ì–£; 얣; ì–£; 얣; ) HANGUL SYLLABLE YAELB +C5A4;C5A4;110B 1164 11B3;C5A4;110B 1164 11B3; # (ì–¤; ì–¤; 얤; ì–¤; 얤; ) HANGUL SYLLABLE YAELS +C5A5;C5A5;110B 1164 11B4;C5A5;110B 1164 11B4; # (ì–¥; ì–¥; 얥; ì–¥; 얥; ) HANGUL SYLLABLE YAELT +C5A6;C5A6;110B 1164 11B5;C5A6;110B 1164 11B5; # (ì–¦; ì–¦; 얦; ì–¦; 얦; ) HANGUL SYLLABLE YAELP +C5A7;C5A7;110B 1164 11B6;C5A7;110B 1164 11B6; # (ì–§; ì–§; 얧; ì–§; 얧; ) HANGUL SYLLABLE YAELH +C5A8;C5A8;110B 1164 11B7;C5A8;110B 1164 11B7; # (ì–¨; ì–¨; 얨; ì–¨; 얨; ) HANGUL SYLLABLE YAEM +C5A9;C5A9;110B 1164 11B8;C5A9;110B 1164 11B8; # (ì–©; ì–©; 얩; ì–©; 얩; ) HANGUL SYLLABLE YAEB +C5AA;C5AA;110B 1164 11B9;C5AA;110B 1164 11B9; # (ì–ª; ì–ª; 얪; ì–ª; 얪; ) HANGUL SYLLABLE YAEBS +C5AB;C5AB;110B 1164 11BA;C5AB;110B 1164 11BA; # (ì–«; ì–«; 얫; ì–«; 얫; ) HANGUL SYLLABLE YAES +C5AC;C5AC;110B 1164 11BB;C5AC;110B 1164 11BB; # (ì–¬; ì–¬; 얬; ì–¬; 얬; ) HANGUL SYLLABLE YAESS +C5AD;C5AD;110B 1164 11BC;C5AD;110B 1164 11BC; # (ì–­; ì–­; 얭; ì–­; 얭; ) HANGUL SYLLABLE YAENG +C5AE;C5AE;110B 1164 11BD;C5AE;110B 1164 11BD; # (ì–®; ì–®; 얮; ì–®; 얮; ) HANGUL SYLLABLE YAEJ +C5AF;C5AF;110B 1164 11BE;C5AF;110B 1164 11BE; # (ì–¯; ì–¯; 얯; ì–¯; 얯; ) HANGUL SYLLABLE YAEC +C5B0;C5B0;110B 1164 11BF;C5B0;110B 1164 11BF; # (ì–°; ì–°; 얰; ì–°; 얰; ) HANGUL SYLLABLE YAEK +C5B1;C5B1;110B 1164 11C0;C5B1;110B 1164 11C0; # (ì–±; ì–±; 얱; ì–±; 얱; ) HANGUL SYLLABLE YAET +C5B2;C5B2;110B 1164 11C1;C5B2;110B 1164 11C1; # (ì–²; ì–²; á„‹á…¤á‡; ì–²; á„‹á…¤á‡; ) HANGUL SYLLABLE YAEP +C5B3;C5B3;110B 1164 11C2;C5B3;110B 1164 11C2; # (ì–³; ì–³; 얳; ì–³; 얳; ) HANGUL SYLLABLE YAEH +C5B4;C5B4;110B 1165;C5B4;110B 1165; # (ì–´; ì–´; á„‹á…¥; ì–´; á„‹á…¥; ) HANGUL SYLLABLE EO +C5B5;C5B5;110B 1165 11A8;C5B5;110B 1165 11A8; # (ì–µ; ì–µ; 억; ì–µ; 억; ) HANGUL SYLLABLE EOG +C5B6;C5B6;110B 1165 11A9;C5B6;110B 1165 11A9; # (ì–¶; ì–¶; 얶; ì–¶; 얶; ) HANGUL SYLLABLE EOGG +C5B7;C5B7;110B 1165 11AA;C5B7;110B 1165 11AA; # (ì–·; ì–·; 얷; ì–·; 얷; ) HANGUL SYLLABLE EOGS +C5B8;C5B8;110B 1165 11AB;C5B8;110B 1165 11AB; # (ì–¸; ì–¸; 언; ì–¸; 언; ) HANGUL SYLLABLE EON +C5B9;C5B9;110B 1165 11AC;C5B9;110B 1165 11AC; # (ì–¹; ì–¹; 얹; ì–¹; 얹; ) HANGUL SYLLABLE EONJ +C5BA;C5BA;110B 1165 11AD;C5BA;110B 1165 11AD; # (ì–º; ì–º; 얺; ì–º; 얺; ) HANGUL SYLLABLE EONH +C5BB;C5BB;110B 1165 11AE;C5BB;110B 1165 11AE; # (ì–»; ì–»; 얻; ì–»; 얻; ) HANGUL SYLLABLE EOD +C5BC;C5BC;110B 1165 11AF;C5BC;110B 1165 11AF; # (ì–¼; ì–¼; 얼; ì–¼; 얼; ) HANGUL SYLLABLE EOL +C5BD;C5BD;110B 1165 11B0;C5BD;110B 1165 11B0; # (ì–½; ì–½; 얽; ì–½; 얽; ) HANGUL SYLLABLE EOLG +C5BE;C5BE;110B 1165 11B1;C5BE;110B 1165 11B1; # (ì–¾; ì–¾; 얾; ì–¾; 얾; ) HANGUL SYLLABLE EOLM +C5BF;C5BF;110B 1165 11B2;C5BF;110B 1165 11B2; # (ì–¿; ì–¿; 얿; ì–¿; 얿; ) HANGUL SYLLABLE EOLB +C5C0;C5C0;110B 1165 11B3;C5C0;110B 1165 11B3; # (ì—€; ì—€; 엀; ì—€; 엀; ) HANGUL SYLLABLE EOLS +C5C1;C5C1;110B 1165 11B4;C5C1;110B 1165 11B4; # (ì—; ì—; 엁; ì—; 엁; ) HANGUL SYLLABLE EOLT +C5C2;C5C2;110B 1165 11B5;C5C2;110B 1165 11B5; # (ì—‚; ì—‚; 엂; ì—‚; 엂; ) HANGUL SYLLABLE EOLP +C5C3;C5C3;110B 1165 11B6;C5C3;110B 1165 11B6; # (ì—ƒ; ì—ƒ; 엃; ì—ƒ; 엃; ) HANGUL SYLLABLE EOLH +C5C4;C5C4;110B 1165 11B7;C5C4;110B 1165 11B7; # (ì—„; ì—„; 엄; ì—„; 엄; ) HANGUL SYLLABLE EOM +C5C5;C5C5;110B 1165 11B8;C5C5;110B 1165 11B8; # (ì—…; ì—…; 업; ì—…; 업; ) HANGUL SYLLABLE EOB +C5C6;C5C6;110B 1165 11B9;C5C6;110B 1165 11B9; # (ì—†; ì—†; 없; ì—†; 없; ) HANGUL SYLLABLE EOBS +C5C7;C5C7;110B 1165 11BA;C5C7;110B 1165 11BA; # (ì—‡; ì—‡; 엇; ì—‡; 엇; ) HANGUL SYLLABLE EOS +C5C8;C5C8;110B 1165 11BB;C5C8;110B 1165 11BB; # (ì—ˆ; ì—ˆ; 었; ì—ˆ; 었; ) HANGUL SYLLABLE EOSS +C5C9;C5C9;110B 1165 11BC;C5C9;110B 1165 11BC; # (ì—‰; ì—‰; 엉; ì—‰; 엉; ) HANGUL SYLLABLE EONG +C5CA;C5CA;110B 1165 11BD;C5CA;110B 1165 11BD; # (ì—Š; ì—Š; 엊; ì—Š; 엊; ) HANGUL SYLLABLE EOJ +C5CB;C5CB;110B 1165 11BE;C5CB;110B 1165 11BE; # (ì—‹; ì—‹; 엋; ì—‹; 엋; ) HANGUL SYLLABLE EOC +C5CC;C5CC;110B 1165 11BF;C5CC;110B 1165 11BF; # (ì—Œ; ì—Œ; 엌; ì—Œ; 엌; ) HANGUL SYLLABLE EOK +C5CD;C5CD;110B 1165 11C0;C5CD;110B 1165 11C0; # (ì—; ì—; 엍; ì—; 엍; ) HANGUL SYLLABLE EOT +C5CE;C5CE;110B 1165 11C1;C5CE;110B 1165 11C1; # (ì—Ž; ì—Ž; á„‹á…¥á‡; ì—Ž; á„‹á…¥á‡; ) HANGUL SYLLABLE EOP +C5CF;C5CF;110B 1165 11C2;C5CF;110B 1165 11C2; # (ì—; ì—; 엏; ì—; 엏; ) HANGUL SYLLABLE EOH +C5D0;C5D0;110B 1166;C5D0;110B 1166; # (ì—; ì—; á„‹á…¦; ì—; á„‹á…¦; ) HANGUL SYLLABLE E +C5D1;C5D1;110B 1166 11A8;C5D1;110B 1166 11A8; # (ì—‘; ì—‘; 엑; ì—‘; 엑; ) HANGUL SYLLABLE EG +C5D2;C5D2;110B 1166 11A9;C5D2;110B 1166 11A9; # (ì—’; ì—’; 엒; ì—’; 엒; ) HANGUL SYLLABLE EGG +C5D3;C5D3;110B 1166 11AA;C5D3;110B 1166 11AA; # (ì—“; ì—“; 엓; ì—“; 엓; ) HANGUL SYLLABLE EGS +C5D4;C5D4;110B 1166 11AB;C5D4;110B 1166 11AB; # (ì—”; ì—”; 엔; ì—”; 엔; ) HANGUL SYLLABLE EN +C5D5;C5D5;110B 1166 11AC;C5D5;110B 1166 11AC; # (ì—•; ì—•; 엕; ì—•; 엕; ) HANGUL SYLLABLE ENJ +C5D6;C5D6;110B 1166 11AD;C5D6;110B 1166 11AD; # (ì—–; ì—–; 엖; ì—–; 엖; ) HANGUL SYLLABLE ENH +C5D7;C5D7;110B 1166 11AE;C5D7;110B 1166 11AE; # (ì——; ì——; 엗; ì——; 엗; ) HANGUL SYLLABLE ED +C5D8;C5D8;110B 1166 11AF;C5D8;110B 1166 11AF; # (ì—˜; ì—˜; 엘; ì—˜; 엘; ) HANGUL SYLLABLE EL +C5D9;C5D9;110B 1166 11B0;C5D9;110B 1166 11B0; # (ì—™; ì—™; 엙; ì—™; 엙; ) HANGUL SYLLABLE ELG +C5DA;C5DA;110B 1166 11B1;C5DA;110B 1166 11B1; # (ì—š; ì—š; 엚; ì—š; 엚; ) HANGUL SYLLABLE ELM +C5DB;C5DB;110B 1166 11B2;C5DB;110B 1166 11B2; # (ì—›; ì—›; 엛; ì—›; 엛; ) HANGUL SYLLABLE ELB +C5DC;C5DC;110B 1166 11B3;C5DC;110B 1166 11B3; # (ì—œ; ì—œ; 엜; ì—œ; 엜; ) HANGUL SYLLABLE ELS +C5DD;C5DD;110B 1166 11B4;C5DD;110B 1166 11B4; # (ì—; ì—; 엝; ì—; 엝; ) HANGUL SYLLABLE ELT +C5DE;C5DE;110B 1166 11B5;C5DE;110B 1166 11B5; # (ì—ž; ì—ž; 엞; ì—ž; 엞; ) HANGUL SYLLABLE ELP +C5DF;C5DF;110B 1166 11B6;C5DF;110B 1166 11B6; # (ì—Ÿ; ì—Ÿ; 엟; ì—Ÿ; 엟; ) HANGUL SYLLABLE ELH +C5E0;C5E0;110B 1166 11B7;C5E0;110B 1166 11B7; # (ì— ; ì— ; 엠; ì— ; 엠; ) HANGUL SYLLABLE EM +C5E1;C5E1;110B 1166 11B8;C5E1;110B 1166 11B8; # (ì—¡; ì—¡; 엡; ì—¡; 엡; ) HANGUL SYLLABLE EB +C5E2;C5E2;110B 1166 11B9;C5E2;110B 1166 11B9; # (ì—¢; ì—¢; 엢; ì—¢; 엢; ) HANGUL SYLLABLE EBS +C5E3;C5E3;110B 1166 11BA;C5E3;110B 1166 11BA; # (ì—£; ì—£; 엣; ì—£; 엣; ) HANGUL SYLLABLE ES +C5E4;C5E4;110B 1166 11BB;C5E4;110B 1166 11BB; # (ì—¤; ì—¤; 엤; ì—¤; 엤; ) HANGUL SYLLABLE ESS +C5E5;C5E5;110B 1166 11BC;C5E5;110B 1166 11BC; # (ì—¥; ì—¥; 엥; ì—¥; 엥; ) HANGUL SYLLABLE ENG +C5E6;C5E6;110B 1166 11BD;C5E6;110B 1166 11BD; # (ì—¦; ì—¦; 엦; ì—¦; 엦; ) HANGUL SYLLABLE EJ +C5E7;C5E7;110B 1166 11BE;C5E7;110B 1166 11BE; # (ì—§; ì—§; 엧; ì—§; 엧; ) HANGUL SYLLABLE EC +C5E8;C5E8;110B 1166 11BF;C5E8;110B 1166 11BF; # (ì—¨; ì—¨; 엨; ì—¨; 엨; ) HANGUL SYLLABLE EK +C5E9;C5E9;110B 1166 11C0;C5E9;110B 1166 11C0; # (ì—©; ì—©; 엩; ì—©; 엩; ) HANGUL SYLLABLE ET +C5EA;C5EA;110B 1166 11C1;C5EA;110B 1166 11C1; # (ì—ª; ì—ª; á„‹á…¦á‡; ì—ª; á„‹á…¦á‡; ) HANGUL SYLLABLE EP +C5EB;C5EB;110B 1166 11C2;C5EB;110B 1166 11C2; # (ì—«; ì—«; 엫; ì—«; 엫; ) HANGUL SYLLABLE EH +C5EC;C5EC;110B 1167;C5EC;110B 1167; # (ì—¬; ì—¬; á„‹á…§; ì—¬; á„‹á…§; ) HANGUL SYLLABLE YEO +C5ED;C5ED;110B 1167 11A8;C5ED;110B 1167 11A8; # (ì—­; ì—­; 역; ì—­; 역; ) HANGUL SYLLABLE YEOG +C5EE;C5EE;110B 1167 11A9;C5EE;110B 1167 11A9; # (ì—®; ì—®; 엮; ì—®; 엮; ) HANGUL SYLLABLE YEOGG +C5EF;C5EF;110B 1167 11AA;C5EF;110B 1167 11AA; # (ì—¯; ì—¯; 엯; ì—¯; 엯; ) HANGUL SYLLABLE YEOGS +C5F0;C5F0;110B 1167 11AB;C5F0;110B 1167 11AB; # (ì—°; ì—°; 연; ì—°; 연; ) HANGUL SYLLABLE YEON +C5F1;C5F1;110B 1167 11AC;C5F1;110B 1167 11AC; # (ì—±; ì—±; 엱; ì—±; 엱; ) HANGUL SYLLABLE YEONJ +C5F2;C5F2;110B 1167 11AD;C5F2;110B 1167 11AD; # (ì—²; ì—²; 엲; ì—²; 엲; ) HANGUL SYLLABLE YEONH +C5F3;C5F3;110B 1167 11AE;C5F3;110B 1167 11AE; # (ì—³; ì—³; 엳; ì—³; 엳; ) HANGUL SYLLABLE YEOD +C5F4;C5F4;110B 1167 11AF;C5F4;110B 1167 11AF; # (ì—´; ì—´; 열; ì—´; 열; ) HANGUL SYLLABLE YEOL +C5F5;C5F5;110B 1167 11B0;C5F5;110B 1167 11B0; # (ì—µ; ì—µ; 엵; ì—µ; 엵; ) HANGUL SYLLABLE YEOLG +C5F6;C5F6;110B 1167 11B1;C5F6;110B 1167 11B1; # (ì—¶; ì—¶; 엶; ì—¶; 엶; ) HANGUL SYLLABLE YEOLM +C5F7;C5F7;110B 1167 11B2;C5F7;110B 1167 11B2; # (ì—·; ì—·; 엷; ì—·; 엷; ) HANGUL SYLLABLE YEOLB +C5F8;C5F8;110B 1167 11B3;C5F8;110B 1167 11B3; # (ì—¸; ì—¸; 엸; ì—¸; 엸; ) HANGUL SYLLABLE YEOLS +C5F9;C5F9;110B 1167 11B4;C5F9;110B 1167 11B4; # (ì—¹; ì—¹; 엹; ì—¹; 엹; ) HANGUL SYLLABLE YEOLT +C5FA;C5FA;110B 1167 11B5;C5FA;110B 1167 11B5; # (ì—º; ì—º; 엺; ì—º; 엺; ) HANGUL SYLLABLE YEOLP +C5FB;C5FB;110B 1167 11B6;C5FB;110B 1167 11B6; # (ì—»; ì—»; 엻; ì—»; 엻; ) HANGUL SYLLABLE YEOLH +C5FC;C5FC;110B 1167 11B7;C5FC;110B 1167 11B7; # (ì—¼; ì—¼; 염; ì—¼; 염; ) HANGUL SYLLABLE YEOM +C5FD;C5FD;110B 1167 11B8;C5FD;110B 1167 11B8; # (ì—½; ì—½; 엽; ì—½; 엽; ) HANGUL SYLLABLE YEOB +C5FE;C5FE;110B 1167 11B9;C5FE;110B 1167 11B9; # (ì—¾; ì—¾; 엾; ì—¾; 엾; ) HANGUL SYLLABLE YEOBS +C5FF;C5FF;110B 1167 11BA;C5FF;110B 1167 11BA; # (ì—¿; ì—¿; 엿; ì—¿; 엿; ) HANGUL SYLLABLE YEOS +C600;C600;110B 1167 11BB;C600;110B 1167 11BB; # (였; 였; 였; 였; 였; ) HANGUL SYLLABLE YEOSS +C601;C601;110B 1167 11BC;C601;110B 1167 11BC; # (ì˜; ì˜; 영; ì˜; 영; ) HANGUL SYLLABLE YEONG +C602;C602;110B 1167 11BD;C602;110B 1167 11BD; # (옂; 옂; 옂; 옂; 옂; ) HANGUL SYLLABLE YEOJ +C603;C603;110B 1167 11BE;C603;110B 1167 11BE; # (옃; 옃; 옃; 옃; 옃; ) HANGUL SYLLABLE YEOC +C604;C604;110B 1167 11BF;C604;110B 1167 11BF; # (옄; 옄; 옄; 옄; 옄; ) HANGUL SYLLABLE YEOK +C605;C605;110B 1167 11C0;C605;110B 1167 11C0; # (옅; 옅; 옅; 옅; 옅; ) HANGUL SYLLABLE YEOT +C606;C606;110B 1167 11C1;C606;110B 1167 11C1; # (옆; 옆; á„‹á…§á‡; 옆; á„‹á…§á‡; ) HANGUL SYLLABLE YEOP +C607;C607;110B 1167 11C2;C607;110B 1167 11C2; # (옇; 옇; 옇; 옇; 옇; ) HANGUL SYLLABLE YEOH +C608;C608;110B 1168;C608;110B 1168; # (예; 예; á„‹á…¨; 예; á„‹á…¨; ) HANGUL SYLLABLE YE +C609;C609;110B 1168 11A8;C609;110B 1168 11A8; # (옉; 옉; 옉; 옉; 옉; ) HANGUL SYLLABLE YEG +C60A;C60A;110B 1168 11A9;C60A;110B 1168 11A9; # (옊; 옊; 옊; 옊; 옊; ) HANGUL SYLLABLE YEGG +C60B;C60B;110B 1168 11AA;C60B;110B 1168 11AA; # (옋; 옋; 옋; 옋; 옋; ) HANGUL SYLLABLE YEGS +C60C;C60C;110B 1168 11AB;C60C;110B 1168 11AB; # (옌; 옌; 옌; 옌; 옌; ) HANGUL SYLLABLE YEN +C60D;C60D;110B 1168 11AC;C60D;110B 1168 11AC; # (ì˜; ì˜; 옍; ì˜; 옍; ) HANGUL SYLLABLE YENJ +C60E;C60E;110B 1168 11AD;C60E;110B 1168 11AD; # (옎; 옎; 옎; 옎; 옎; ) HANGUL SYLLABLE YENH +C60F;C60F;110B 1168 11AE;C60F;110B 1168 11AE; # (ì˜; ì˜; 옏; ì˜; 옏; ) HANGUL SYLLABLE YED +C610;C610;110B 1168 11AF;C610;110B 1168 11AF; # (ì˜; ì˜; 옐; ì˜; 옐; ) HANGUL SYLLABLE YEL +C611;C611;110B 1168 11B0;C611;110B 1168 11B0; # (옑; 옑; 옑; 옑; 옑; ) HANGUL SYLLABLE YELG +C612;C612;110B 1168 11B1;C612;110B 1168 11B1; # (옒; 옒; 옒; 옒; 옒; ) HANGUL SYLLABLE YELM +C613;C613;110B 1168 11B2;C613;110B 1168 11B2; # (옓; 옓; 옓; 옓; 옓; ) HANGUL SYLLABLE YELB +C614;C614;110B 1168 11B3;C614;110B 1168 11B3; # (옔; 옔; 옔; 옔; 옔; ) HANGUL SYLLABLE YELS +C615;C615;110B 1168 11B4;C615;110B 1168 11B4; # (옕; 옕; 옕; 옕; 옕; ) HANGUL SYLLABLE YELT +C616;C616;110B 1168 11B5;C616;110B 1168 11B5; # (옖; 옖; 옖; 옖; 옖; ) HANGUL SYLLABLE YELP +C617;C617;110B 1168 11B6;C617;110B 1168 11B6; # (옗; 옗; 옗; 옗; 옗; ) HANGUL SYLLABLE YELH +C618;C618;110B 1168 11B7;C618;110B 1168 11B7; # (옘; 옘; 옘; 옘; 옘; ) HANGUL SYLLABLE YEM +C619;C619;110B 1168 11B8;C619;110B 1168 11B8; # (옙; 옙; 옙; 옙; 옙; ) HANGUL SYLLABLE YEB +C61A;C61A;110B 1168 11B9;C61A;110B 1168 11B9; # (옚; 옚; 옚; 옚; 옚; ) HANGUL SYLLABLE YEBS +C61B;C61B;110B 1168 11BA;C61B;110B 1168 11BA; # (옛; 옛; 옛; 옛; 옛; ) HANGUL SYLLABLE YES +C61C;C61C;110B 1168 11BB;C61C;110B 1168 11BB; # (옜; 옜; 옜; 옜; 옜; ) HANGUL SYLLABLE YESS +C61D;C61D;110B 1168 11BC;C61D;110B 1168 11BC; # (ì˜; ì˜; 옝; ì˜; 옝; ) HANGUL SYLLABLE YENG +C61E;C61E;110B 1168 11BD;C61E;110B 1168 11BD; # (옞; 옞; 옞; 옞; 옞; ) HANGUL SYLLABLE YEJ +C61F;C61F;110B 1168 11BE;C61F;110B 1168 11BE; # (옟; 옟; 옟; 옟; 옟; ) HANGUL SYLLABLE YEC +C620;C620;110B 1168 11BF;C620;110B 1168 11BF; # (옠; 옠; 옠; 옠; 옠; ) HANGUL SYLLABLE YEK +C621;C621;110B 1168 11C0;C621;110B 1168 11C0; # (옡; 옡; 옡; 옡; 옡; ) HANGUL SYLLABLE YET +C622;C622;110B 1168 11C1;C622;110B 1168 11C1; # (옢; 옢; á„‹á…¨á‡; 옢; á„‹á…¨á‡; ) HANGUL SYLLABLE YEP +C623;C623;110B 1168 11C2;C623;110B 1168 11C2; # (옣; 옣; 옣; 옣; 옣; ) HANGUL SYLLABLE YEH +C624;C624;110B 1169;C624;110B 1169; # (오; 오; á„‹á…©; 오; á„‹á…©; ) HANGUL SYLLABLE O +C625;C625;110B 1169 11A8;C625;110B 1169 11A8; # (옥; 옥; 옥; 옥; 옥; ) HANGUL SYLLABLE OG +C626;C626;110B 1169 11A9;C626;110B 1169 11A9; # (옦; 옦; 옦; 옦; 옦; ) HANGUL SYLLABLE OGG +C627;C627;110B 1169 11AA;C627;110B 1169 11AA; # (옧; 옧; 옧; 옧; 옧; ) HANGUL SYLLABLE OGS +C628;C628;110B 1169 11AB;C628;110B 1169 11AB; # (온; 온; 온; 온; 온; ) HANGUL SYLLABLE ON +C629;C629;110B 1169 11AC;C629;110B 1169 11AC; # (옩; 옩; 옩; 옩; 옩; ) HANGUL SYLLABLE ONJ +C62A;C62A;110B 1169 11AD;C62A;110B 1169 11AD; # (옪; 옪; 옪; 옪; 옪; ) HANGUL SYLLABLE ONH +C62B;C62B;110B 1169 11AE;C62B;110B 1169 11AE; # (옫; 옫; 옫; 옫; 옫; ) HANGUL SYLLABLE OD +C62C;C62C;110B 1169 11AF;C62C;110B 1169 11AF; # (올; 올; 올; 올; 올; ) HANGUL SYLLABLE OL +C62D;C62D;110B 1169 11B0;C62D;110B 1169 11B0; # (옭; 옭; 옭; 옭; 옭; ) HANGUL SYLLABLE OLG +C62E;C62E;110B 1169 11B1;C62E;110B 1169 11B1; # (옮; 옮; 옮; 옮; 옮; ) HANGUL SYLLABLE OLM +C62F;C62F;110B 1169 11B2;C62F;110B 1169 11B2; # (옯; 옯; 옯; 옯; 옯; ) HANGUL SYLLABLE OLB +C630;C630;110B 1169 11B3;C630;110B 1169 11B3; # (옰; 옰; 옰; 옰; 옰; ) HANGUL SYLLABLE OLS +C631;C631;110B 1169 11B4;C631;110B 1169 11B4; # (옱; 옱; 옱; 옱; 옱; ) HANGUL SYLLABLE OLT +C632;C632;110B 1169 11B5;C632;110B 1169 11B5; # (옲; 옲; 옲; 옲; 옲; ) HANGUL SYLLABLE OLP +C633;C633;110B 1169 11B6;C633;110B 1169 11B6; # (옳; 옳; 옳; 옳; 옳; ) HANGUL SYLLABLE OLH +C634;C634;110B 1169 11B7;C634;110B 1169 11B7; # (옴; 옴; 옴; 옴; 옴; ) HANGUL SYLLABLE OM +C635;C635;110B 1169 11B8;C635;110B 1169 11B8; # (옵; 옵; 옵; 옵; 옵; ) HANGUL SYLLABLE OB +C636;C636;110B 1169 11B9;C636;110B 1169 11B9; # (옶; 옶; 옶; 옶; 옶; ) HANGUL SYLLABLE OBS +C637;C637;110B 1169 11BA;C637;110B 1169 11BA; # (옷; 옷; 옷; 옷; 옷; ) HANGUL SYLLABLE OS +C638;C638;110B 1169 11BB;C638;110B 1169 11BB; # (옸; 옸; 옸; 옸; 옸; ) HANGUL SYLLABLE OSS +C639;C639;110B 1169 11BC;C639;110B 1169 11BC; # (옹; 옹; 옹; 옹; 옹; ) HANGUL SYLLABLE ONG +C63A;C63A;110B 1169 11BD;C63A;110B 1169 11BD; # (옺; 옺; 옺; 옺; 옺; ) HANGUL SYLLABLE OJ +C63B;C63B;110B 1169 11BE;C63B;110B 1169 11BE; # (옻; 옻; 옻; 옻; 옻; ) HANGUL SYLLABLE OC +C63C;C63C;110B 1169 11BF;C63C;110B 1169 11BF; # (옼; 옼; 옼; 옼; 옼; ) HANGUL SYLLABLE OK +C63D;C63D;110B 1169 11C0;C63D;110B 1169 11C0; # (옽; 옽; 옽; 옽; 옽; ) HANGUL SYLLABLE OT +C63E;C63E;110B 1169 11C1;C63E;110B 1169 11C1; # (옾; 옾; á„‹á…©á‡; 옾; á„‹á…©á‡; ) HANGUL SYLLABLE OP +C63F;C63F;110B 1169 11C2;C63F;110B 1169 11C2; # (옿; 옿; 옿; 옿; 옿; ) HANGUL SYLLABLE OH +C640;C640;110B 116A;C640;110B 116A; # (와; 와; á„‹á…ª; 와; á„‹á…ª; ) HANGUL SYLLABLE WA +C641;C641;110B 116A 11A8;C641;110B 116A 11A8; # (ì™; ì™; 왁; ì™; 왁; ) HANGUL SYLLABLE WAG +C642;C642;110B 116A 11A9;C642;110B 116A 11A9; # (왂; 왂; 왂; 왂; 왂; ) HANGUL SYLLABLE WAGG +C643;C643;110B 116A 11AA;C643;110B 116A 11AA; # (왃; 왃; 왃; 왃; 왃; ) HANGUL SYLLABLE WAGS +C644;C644;110B 116A 11AB;C644;110B 116A 11AB; # (완; 완; 완; 완; 완; ) HANGUL SYLLABLE WAN +C645;C645;110B 116A 11AC;C645;110B 116A 11AC; # (ì™…; ì™…; 왅; ì™…; 왅; ) HANGUL SYLLABLE WANJ +C646;C646;110B 116A 11AD;C646;110B 116A 11AD; # (왆; 왆; 왆; 왆; 왆; ) HANGUL SYLLABLE WANH +C647;C647;110B 116A 11AE;C647;110B 116A 11AE; # (왇; 왇; 왇; 왇; 왇; ) HANGUL SYLLABLE WAD +C648;C648;110B 116A 11AF;C648;110B 116A 11AF; # (왈; 왈; 왈; 왈; 왈; ) HANGUL SYLLABLE WAL +C649;C649;110B 116A 11B0;C649;110B 116A 11B0; # (왉; 왉; 왉; 왉; 왉; ) HANGUL SYLLABLE WALG +C64A;C64A;110B 116A 11B1;C64A;110B 116A 11B1; # (왊; 왊; 왊; 왊; 왊; ) HANGUL SYLLABLE WALM +C64B;C64B;110B 116A 11B2;C64B;110B 116A 11B2; # (왋; 왋; 왋; 왋; 왋; ) HANGUL SYLLABLE WALB +C64C;C64C;110B 116A 11B3;C64C;110B 116A 11B3; # (왌; 왌; 왌; 왌; 왌; ) HANGUL SYLLABLE WALS +C64D;C64D;110B 116A 11B4;C64D;110B 116A 11B4; # (ì™; ì™; 왍; ì™; 왍; ) HANGUL SYLLABLE WALT +C64E;C64E;110B 116A 11B5;C64E;110B 116A 11B5; # (왎; 왎; 왎; 왎; 왎; ) HANGUL SYLLABLE WALP +C64F;C64F;110B 116A 11B6;C64F;110B 116A 11B6; # (ì™; ì™; 왏; ì™; 왏; ) HANGUL SYLLABLE WALH +C650;C650;110B 116A 11B7;C650;110B 116A 11B7; # (ì™; ì™; 왐; ì™; 왐; ) HANGUL SYLLABLE WAM +C651;C651;110B 116A 11B8;C651;110B 116A 11B8; # (왑; 왑; 왑; 왑; 왑; ) HANGUL SYLLABLE WAB +C652;C652;110B 116A 11B9;C652;110B 116A 11B9; # (ì™’; ì™’; 왒; ì™’; 왒; ) HANGUL SYLLABLE WABS +C653;C653;110B 116A 11BA;C653;110B 116A 11BA; # (왓; 왓; 왓; 왓; 왓; ) HANGUL SYLLABLE WAS +C654;C654;110B 116A 11BB;C654;110B 116A 11BB; # (ì™”; ì™”; 왔; ì™”; 왔; ) HANGUL SYLLABLE WASS +C655;C655;110B 116A 11BC;C655;110B 116A 11BC; # (왕; 왕; 왕; 왕; 왕; ) HANGUL SYLLABLE WANG +C656;C656;110B 116A 11BD;C656;110B 116A 11BD; # (ì™–; ì™–; 왖; ì™–; 왖; ) HANGUL SYLLABLE WAJ +C657;C657;110B 116A 11BE;C657;110B 116A 11BE; # (ì™—; ì™—; 왗; ì™—; 왗; ) HANGUL SYLLABLE WAC +C658;C658;110B 116A 11BF;C658;110B 116A 11BF; # (왘; 왘; 왘; 왘; 왘; ) HANGUL SYLLABLE WAK +C659;C659;110B 116A 11C0;C659;110B 116A 11C0; # (ì™™; ì™™; 왙; ì™™; 왙; ) HANGUL SYLLABLE WAT +C65A;C65A;110B 116A 11C1;C65A;110B 116A 11C1; # (왚; 왚; á„‹á…ªá‡; 왚; á„‹á…ªá‡; ) HANGUL SYLLABLE WAP +C65B;C65B;110B 116A 11C2;C65B;110B 116A 11C2; # (ì™›; ì™›; 왛; ì™›; 왛; ) HANGUL SYLLABLE WAH +C65C;C65C;110B 116B;C65C;110B 116B; # (왜; 왜; á„‹á…«; 왜; á„‹á…«; ) HANGUL SYLLABLE WAE +C65D;C65D;110B 116B 11A8;C65D;110B 116B 11A8; # (ì™; ì™; 왝; ì™; 왝; ) HANGUL SYLLABLE WAEG +C65E;C65E;110B 116B 11A9;C65E;110B 116B 11A9; # (왞; 왞; 왞; 왞; 왞; ) HANGUL SYLLABLE WAEGG +C65F;C65F;110B 116B 11AA;C65F;110B 116B 11AA; # (왟; 왟; 왟; 왟; 왟; ) HANGUL SYLLABLE WAEGS +C660;C660;110B 116B 11AB;C660;110B 116B 11AB; # (ì™ ; ì™ ; 왠; ì™ ; 왠; ) HANGUL SYLLABLE WAEN +C661;C661;110B 116B 11AC;C661;110B 116B 11AC; # (왡; 왡; 왡; 왡; 왡; ) HANGUL SYLLABLE WAENJ +C662;C662;110B 116B 11AD;C662;110B 116B 11AD; # (왢; 왢; 왢; 왢; 왢; ) HANGUL SYLLABLE WAENH +C663;C663;110B 116B 11AE;C663;110B 116B 11AE; # (왣; 왣; 왣; 왣; 왣; ) HANGUL SYLLABLE WAED +C664;C664;110B 116B 11AF;C664;110B 116B 11AF; # (왤; 왤; 왤; 왤; 왤; ) HANGUL SYLLABLE WAEL +C665;C665;110B 116B 11B0;C665;110B 116B 11B0; # (왥; 왥; 왥; 왥; 왥; ) HANGUL SYLLABLE WAELG +C666;C666;110B 116B 11B1;C666;110B 116B 11B1; # (왦; 왦; 왦; 왦; 왦; ) HANGUL SYLLABLE WAELM +C667;C667;110B 116B 11B2;C667;110B 116B 11B2; # (왧; 왧; 왧; 왧; 왧; ) HANGUL SYLLABLE WAELB +C668;C668;110B 116B 11B3;C668;110B 116B 11B3; # (왨; 왨; 왨; 왨; 왨; ) HANGUL SYLLABLE WAELS +C669;C669;110B 116B 11B4;C669;110B 116B 11B4; # (왩; 왩; 왩; 왩; 왩; ) HANGUL SYLLABLE WAELT +C66A;C66A;110B 116B 11B5;C66A;110B 116B 11B5; # (왪; 왪; 왪; 왪; 왪; ) HANGUL SYLLABLE WAELP +C66B;C66B;110B 116B 11B6;C66B;110B 116B 11B6; # (왫; 왫; 왫; 왫; 왫; ) HANGUL SYLLABLE WAELH +C66C;C66C;110B 116B 11B7;C66C;110B 116B 11B7; # (왬; 왬; 왬; 왬; 왬; ) HANGUL SYLLABLE WAEM +C66D;C66D;110B 116B 11B8;C66D;110B 116B 11B8; # (ì™­; ì™­; 왭; ì™­; 왭; ) HANGUL SYLLABLE WAEB +C66E;C66E;110B 116B 11B9;C66E;110B 116B 11B9; # (ì™®; ì™®; 왮; ì™®; 왮; ) HANGUL SYLLABLE WAEBS +C66F;C66F;110B 116B 11BA;C66F;110B 116B 11BA; # (왯; 왯; 왯; 왯; 왯; ) HANGUL SYLLABLE WAES +C670;C670;110B 116B 11BB;C670;110B 116B 11BB; # (ì™°; ì™°; 왰; ì™°; 왰; ) HANGUL SYLLABLE WAESS +C671;C671;110B 116B 11BC;C671;110B 116B 11BC; # (ì™±; ì™±; 왱; ì™±; 왱; ) HANGUL SYLLABLE WAENG +C672;C672;110B 116B 11BD;C672;110B 116B 11BD; # (왲; 왲; 왲; 왲; 왲; ) HANGUL SYLLABLE WAEJ +C673;C673;110B 116B 11BE;C673;110B 116B 11BE; # (왳; 왳; 왳; 왳; 왳; ) HANGUL SYLLABLE WAEC +C674;C674;110B 116B 11BF;C674;110B 116B 11BF; # (ì™´; ì™´; 왴; ì™´; 왴; ) HANGUL SYLLABLE WAEK +C675;C675;110B 116B 11C0;C675;110B 116B 11C0; # (왵; 왵; 왵; 왵; 왵; ) HANGUL SYLLABLE WAET +C676;C676;110B 116B 11C1;C676;110B 116B 11C1; # (왶; 왶; á„‹á…«á‡; 왶; á„‹á…«á‡; ) HANGUL SYLLABLE WAEP +C677;C677;110B 116B 11C2;C677;110B 116B 11C2; # (ì™·; ì™·; 왷; ì™·; 왷; ) HANGUL SYLLABLE WAEH +C678;C678;110B 116C;C678;110B 116C; # (외; 외; á„‹á…¬; 외; á„‹á…¬; ) HANGUL SYLLABLE OE +C679;C679;110B 116C 11A8;C679;110B 116C 11A8; # (왹; 왹; 왹; 왹; 왹; ) HANGUL SYLLABLE OEG +C67A;C67A;110B 116C 11A9;C67A;110B 116C 11A9; # (왺; 왺; 왺; 왺; 왺; ) HANGUL SYLLABLE OEGG +C67B;C67B;110B 116C 11AA;C67B;110B 116C 11AA; # (ì™»; ì™»; 왻; ì™»; 왻; ) HANGUL SYLLABLE OEGS +C67C;C67C;110B 116C 11AB;C67C;110B 116C 11AB; # (왼; 왼; 왼; 왼; 왼; ) HANGUL SYLLABLE OEN +C67D;C67D;110B 116C 11AC;C67D;110B 116C 11AC; # (왽; 왽; 왽; 왽; 왽; ) HANGUL SYLLABLE OENJ +C67E;C67E;110B 116C 11AD;C67E;110B 116C 11AD; # (왾; 왾; 왾; 왾; 왾; ) HANGUL SYLLABLE OENH +C67F;C67F;110B 116C 11AE;C67F;110B 116C 11AE; # (왿; 왿; 왿; 왿; 왿; ) HANGUL SYLLABLE OED +C680;C680;110B 116C 11AF;C680;110B 116C 11AF; # (욀; 욀; 욀; 욀; 욀; ) HANGUL SYLLABLE OEL +C681;C681;110B 116C 11B0;C681;110B 116C 11B0; # (ìš; ìš; 욁; ìš; 욁; ) HANGUL SYLLABLE OELG +C682;C682;110B 116C 11B1;C682;110B 116C 11B1; # (ìš‚; ìš‚; 욂; ìš‚; 욂; ) HANGUL SYLLABLE OELM +C683;C683;110B 116C 11B2;C683;110B 116C 11B2; # (욃; 욃; 욃; 욃; 욃; ) HANGUL SYLLABLE OELB +C684;C684;110B 116C 11B3;C684;110B 116C 11B3; # (ìš„; ìš„; 욄; ìš„; 욄; ) HANGUL SYLLABLE OELS +C685;C685;110B 116C 11B4;C685;110B 116C 11B4; # (ìš…; ìš…; 욅; ìš…; 욅; ) HANGUL SYLLABLE OELT +C686;C686;110B 116C 11B5;C686;110B 116C 11B5; # (욆; 욆; 욆; 욆; 욆; ) HANGUL SYLLABLE OELP +C687;C687;110B 116C 11B6;C687;110B 116C 11B6; # (욇; 욇; 욇; 욇; 욇; ) HANGUL SYLLABLE OELH +C688;C688;110B 116C 11B7;C688;110B 116C 11B7; # (욈; 욈; 욈; 욈; 욈; ) HANGUL SYLLABLE OEM +C689;C689;110B 116C 11B8;C689;110B 116C 11B8; # (욉; 욉; 욉; 욉; 욉; ) HANGUL SYLLABLE OEB +C68A;C68A;110B 116C 11B9;C68A;110B 116C 11B9; # (욊; 욊; 욊; 욊; 욊; ) HANGUL SYLLABLE OEBS +C68B;C68B;110B 116C 11BA;C68B;110B 116C 11BA; # (ìš‹; ìš‹; 욋; ìš‹; 욋; ) HANGUL SYLLABLE OES +C68C;C68C;110B 116C 11BB;C68C;110B 116C 11BB; # (욌; 욌; 욌; 욌; 욌; ) HANGUL SYLLABLE OESS +C68D;C68D;110B 116C 11BC;C68D;110B 116C 11BC; # (ìš; ìš; 욍; ìš; 욍; ) HANGUL SYLLABLE OENG +C68E;C68E;110B 116C 11BD;C68E;110B 116C 11BD; # (욎; 욎; 욎; 욎; 욎; ) HANGUL SYLLABLE OEJ +C68F;C68F;110B 116C 11BE;C68F;110B 116C 11BE; # (ìš; ìš; 욏; ìš; 욏; ) HANGUL SYLLABLE OEC +C690;C690;110B 116C 11BF;C690;110B 116C 11BF; # (ìš; ìš; 욐; ìš; 욐; ) HANGUL SYLLABLE OEK +C691;C691;110B 116C 11C0;C691;110B 116C 11C0; # (ìš‘; ìš‘; 욑; ìš‘; 욑; ) HANGUL SYLLABLE OET +C692;C692;110B 116C 11C1;C692;110B 116C 11C1; # (ìš’; ìš’; á„‹á…¬á‡; ìš’; á„‹á…¬á‡; ) HANGUL SYLLABLE OEP +C693;C693;110B 116C 11C2;C693;110B 116C 11C2; # (ìš“; ìš“; 욓; ìš“; 욓; ) HANGUL SYLLABLE OEH +C694;C694;110B 116D;C694;110B 116D; # (ìš”; ìš”; á„‹á…­; ìš”; á„‹á…­; ) HANGUL SYLLABLE YO +C695;C695;110B 116D 11A8;C695;110B 116D 11A8; # (ìš•; ìš•; 욕; ìš•; 욕; ) HANGUL SYLLABLE YOG +C696;C696;110B 116D 11A9;C696;110B 116D 11A9; # (ìš–; ìš–; 욖; ìš–; 욖; ) HANGUL SYLLABLE YOGG +C697;C697;110B 116D 11AA;C697;110B 116D 11AA; # (ìš—; ìš—; 욗; ìš—; 욗; ) HANGUL SYLLABLE YOGS +C698;C698;110B 116D 11AB;C698;110B 116D 11AB; # (욘; 욘; 욘; 욘; 욘; ) HANGUL SYLLABLE YON +C699;C699;110B 116D 11AC;C699;110B 116D 11AC; # (ìš™; ìš™; 욙; ìš™; 욙; ) HANGUL SYLLABLE YONJ +C69A;C69A;110B 116D 11AD;C69A;110B 116D 11AD; # (ìšš; ìšš; 욚; ìšš; 욚; ) HANGUL SYLLABLE YONH +C69B;C69B;110B 116D 11AE;C69B;110B 116D 11AE; # (ìš›; ìš›; 욛; ìš›; 욛; ) HANGUL SYLLABLE YOD +C69C;C69C;110B 116D 11AF;C69C;110B 116D 11AF; # (ìšœ; ìšœ; 욜; ìšœ; 욜; ) HANGUL SYLLABLE YOL +C69D;C69D;110B 116D 11B0;C69D;110B 116D 11B0; # (ìš; ìš; 욝; ìš; 욝; ) HANGUL SYLLABLE YOLG +C69E;C69E;110B 116D 11B1;C69E;110B 116D 11B1; # (ìšž; ìšž; 욞; ìšž; 욞; ) HANGUL SYLLABLE YOLM +C69F;C69F;110B 116D 11B2;C69F;110B 116D 11B2; # (욟; 욟; 욟; 욟; 욟; ) HANGUL SYLLABLE YOLB +C6A0;C6A0;110B 116D 11B3;C6A0;110B 116D 11B3; # (ìš ; ìš ; 욠; ìš ; 욠; ) HANGUL SYLLABLE YOLS +C6A1;C6A1;110B 116D 11B4;C6A1;110B 116D 11B4; # (ìš¡; ìš¡; 욡; ìš¡; 욡; ) HANGUL SYLLABLE YOLT +C6A2;C6A2;110B 116D 11B5;C6A2;110B 116D 11B5; # (욢; 욢; 욢; 욢; 욢; ) HANGUL SYLLABLE YOLP +C6A3;C6A3;110B 116D 11B6;C6A3;110B 116D 11B6; # (욣; 욣; 욣; 욣; 욣; ) HANGUL SYLLABLE YOLH +C6A4;C6A4;110B 116D 11B7;C6A4;110B 116D 11B7; # (욤; 욤; 욤; 욤; 욤; ) HANGUL SYLLABLE YOM +C6A5;C6A5;110B 116D 11B8;C6A5;110B 116D 11B8; # (욥; 욥; 욥; 욥; 욥; ) HANGUL SYLLABLE YOB +C6A6;C6A6;110B 116D 11B9;C6A6;110B 116D 11B9; # (욦; 욦; 욦; 욦; 욦; ) HANGUL SYLLABLE YOBS +C6A7;C6A7;110B 116D 11BA;C6A7;110B 116D 11BA; # (욧; 욧; 욧; 욧; 욧; ) HANGUL SYLLABLE YOS +C6A8;C6A8;110B 116D 11BB;C6A8;110B 116D 11BB; # (욨; 욨; 욨; 욨; 욨; ) HANGUL SYLLABLE YOSS +C6A9;C6A9;110B 116D 11BC;C6A9;110B 116D 11BC; # (ìš©; ìš©; 용; ìš©; 용; ) HANGUL SYLLABLE YONG +C6AA;C6AA;110B 116D 11BD;C6AA;110B 116D 11BD; # (욪; 욪; 욪; 욪; 욪; ) HANGUL SYLLABLE YOJ +C6AB;C6AB;110B 116D 11BE;C6AB;110B 116D 11BE; # (ìš«; ìš«; 욫; ìš«; 욫; ) HANGUL SYLLABLE YOC +C6AC;C6AC;110B 116D 11BF;C6AC;110B 116D 11BF; # (욬; 욬; 욬; 욬; 욬; ) HANGUL SYLLABLE YOK +C6AD;C6AD;110B 116D 11C0;C6AD;110B 116D 11C0; # (ìš­; ìš­; 욭; ìš­; 욭; ) HANGUL SYLLABLE YOT +C6AE;C6AE;110B 116D 11C1;C6AE;110B 116D 11C1; # (ìš®; ìš®; á„‹á…­á‡; ìš®; á„‹á…­á‡; ) HANGUL SYLLABLE YOP +C6AF;C6AF;110B 116D 11C2;C6AF;110B 116D 11C2; # (욯; 욯; 욯; 욯; 욯; ) HANGUL SYLLABLE YOH +C6B0;C6B0;110B 116E;C6B0;110B 116E; # (ìš°; ìš°; á„‹á…®; ìš°; á„‹á…®; ) HANGUL SYLLABLE U +C6B1;C6B1;110B 116E 11A8;C6B1;110B 116E 11A8; # (ìš±; ìš±; 욱; ìš±; 욱; ) HANGUL SYLLABLE UG +C6B2;C6B2;110B 116E 11A9;C6B2;110B 116E 11A9; # (ìš²; ìš²; 욲; ìš²; 욲; ) HANGUL SYLLABLE UGG +C6B3;C6B3;110B 116E 11AA;C6B3;110B 116E 11AA; # (ìš³; ìš³; 욳; ìš³; 욳; ) HANGUL SYLLABLE UGS +C6B4;C6B4;110B 116E 11AB;C6B4;110B 116E 11AB; # (ìš´; ìš´; 운; ìš´; 운; ) HANGUL SYLLABLE UN +C6B5;C6B5;110B 116E 11AC;C6B5;110B 116E 11AC; # (ìšµ; ìšµ; 욵; ìšµ; 욵; ) HANGUL SYLLABLE UNJ +C6B6;C6B6;110B 116E 11AD;C6B6;110B 116E 11AD; # (욶; 욶; 욶; 욶; 욶; ) HANGUL SYLLABLE UNH +C6B7;C6B7;110B 116E 11AE;C6B7;110B 116E 11AE; # (ìš·; ìš·; 욷; ìš·; 욷; ) HANGUL SYLLABLE UD +C6B8;C6B8;110B 116E 11AF;C6B8;110B 116E 11AF; # (울; 울; 울; 울; 울; ) HANGUL SYLLABLE UL +C6B9;C6B9;110B 116E 11B0;C6B9;110B 116E 11B0; # (ìš¹; ìš¹; 욹; ìš¹; 욹; ) HANGUL SYLLABLE ULG +C6BA;C6BA;110B 116E 11B1;C6BA;110B 116E 11B1; # (욺; 욺; 욺; 욺; 욺; ) HANGUL SYLLABLE ULM +C6BB;C6BB;110B 116E 11B2;C6BB;110B 116E 11B2; # (ìš»; ìš»; 욻; ìš»; 욻; ) HANGUL SYLLABLE ULB +C6BC;C6BC;110B 116E 11B3;C6BC;110B 116E 11B3; # (ìš¼; ìš¼; 욼; ìš¼; 욼; ) HANGUL SYLLABLE ULS +C6BD;C6BD;110B 116E 11B4;C6BD;110B 116E 11B4; # (ìš½; ìš½; 욽; ìš½; 욽; ) HANGUL SYLLABLE ULT +C6BE;C6BE;110B 116E 11B5;C6BE;110B 116E 11B5; # (ìš¾; ìš¾; 욾; ìš¾; 욾; ) HANGUL SYLLABLE ULP +C6BF;C6BF;110B 116E 11B6;C6BF;110B 116E 11B6; # (ìš¿; ìš¿; 욿; ìš¿; 욿; ) HANGUL SYLLABLE ULH +C6C0;C6C0;110B 116E 11B7;C6C0;110B 116E 11B7; # (움; 움; 움; 움; 움; ) HANGUL SYLLABLE UM +C6C1;C6C1;110B 116E 11B8;C6C1;110B 116E 11B8; # (ì›; ì›; 웁; ì›; 웁; ) HANGUL SYLLABLE UB +C6C2;C6C2;110B 116E 11B9;C6C2;110B 116E 11B9; # (웂; 웂; 웂; 웂; 웂; ) HANGUL SYLLABLE UBS +C6C3;C6C3;110B 116E 11BA;C6C3;110B 116E 11BA; # (웃; 웃; 웃; 웃; 웃; ) HANGUL SYLLABLE US +C6C4;C6C4;110B 116E 11BB;C6C4;110B 116E 11BB; # (웄; 웄; 웄; 웄; 웄; ) HANGUL SYLLABLE USS +C6C5;C6C5;110B 116E 11BC;C6C5;110B 116E 11BC; # (ì›…; ì›…; 웅; ì›…; 웅; ) HANGUL SYLLABLE UNG +C6C6;C6C6;110B 116E 11BD;C6C6;110B 116E 11BD; # (웆; 웆; 웆; 웆; 웆; ) HANGUL SYLLABLE UJ +C6C7;C6C7;110B 116E 11BE;C6C7;110B 116E 11BE; # (웇; 웇; 웇; 웇; 웇; ) HANGUL SYLLABLE UC +C6C8;C6C8;110B 116E 11BF;C6C8;110B 116E 11BF; # (웈; 웈; 웈; 웈; 웈; ) HANGUL SYLLABLE UK +C6C9;C6C9;110B 116E 11C0;C6C9;110B 116E 11C0; # (웉; 웉; 웉; 웉; 웉; ) HANGUL SYLLABLE UT +C6CA;C6CA;110B 116E 11C1;C6CA;110B 116E 11C1; # (웊; 웊; á„‹á…®á‡; 웊; á„‹á…®á‡; ) HANGUL SYLLABLE UP +C6CB;C6CB;110B 116E 11C2;C6CB;110B 116E 11C2; # (웋; 웋; 웋; 웋; 웋; ) HANGUL SYLLABLE UH +C6CC;C6CC;110B 116F;C6CC;110B 116F; # (워; 워; á„‹á…¯; 워; á„‹á…¯; ) HANGUL SYLLABLE WEO +C6CD;C6CD;110B 116F 11A8;C6CD;110B 116F 11A8; # (ì›; ì›; 웍; ì›; 웍; ) HANGUL SYLLABLE WEOG +C6CE;C6CE;110B 116F 11A9;C6CE;110B 116F 11A9; # (웎; 웎; 웎; 웎; 웎; ) HANGUL SYLLABLE WEOGG +C6CF;C6CF;110B 116F 11AA;C6CF;110B 116F 11AA; # (ì›; ì›; 웏; ì›; 웏; ) HANGUL SYLLABLE WEOGS +C6D0;C6D0;110B 116F 11AB;C6D0;110B 116F 11AB; # (ì›; ì›; 원; ì›; 원; ) HANGUL SYLLABLE WEON +C6D1;C6D1;110B 116F 11AC;C6D1;110B 116F 11AC; # (웑; 웑; 웑; 웑; 웑; ) HANGUL SYLLABLE WEONJ +C6D2;C6D2;110B 116F 11AD;C6D2;110B 116F 11AD; # (ì›’; ì›’; 웒; ì›’; 웒; ) HANGUL SYLLABLE WEONH +C6D3;C6D3;110B 116F 11AE;C6D3;110B 116F 11AE; # (웓; 웓; 웓; 웓; 웓; ) HANGUL SYLLABLE WEOD +C6D4;C6D4;110B 116F 11AF;C6D4;110B 116F 11AF; # (ì›”; ì›”; 월; ì›”; 월; ) HANGUL SYLLABLE WEOL +C6D5;C6D5;110B 116F 11B0;C6D5;110B 116F 11B0; # (웕; 웕; 웕; 웕; 웕; ) HANGUL SYLLABLE WEOLG +C6D6;C6D6;110B 116F 11B1;C6D6;110B 116F 11B1; # (ì›–; ì›–; 웖; ì›–; 웖; ) HANGUL SYLLABLE WEOLM +C6D7;C6D7;110B 116F 11B2;C6D7;110B 116F 11B2; # (ì›—; ì›—; 웗; ì›—; 웗; ) HANGUL SYLLABLE WEOLB +C6D8;C6D8;110B 116F 11B3;C6D8;110B 116F 11B3; # (웘; 웘; 웘; 웘; 웘; ) HANGUL SYLLABLE WEOLS +C6D9;C6D9;110B 116F 11B4;C6D9;110B 116F 11B4; # (ì›™; ì›™; 웙; ì›™; 웙; ) HANGUL SYLLABLE WEOLT +C6DA;C6DA;110B 116F 11B5;C6DA;110B 116F 11B5; # (웚; 웚; 웚; 웚; 웚; ) HANGUL SYLLABLE WEOLP +C6DB;C6DB;110B 116F 11B6;C6DB;110B 116F 11B6; # (ì››; ì››; 웛; ì››; 웛; ) HANGUL SYLLABLE WEOLH +C6DC;C6DC;110B 116F 11B7;C6DC;110B 116F 11B7; # (웜; 웜; 웜; 웜; 웜; ) HANGUL SYLLABLE WEOM +C6DD;C6DD;110B 116F 11B8;C6DD;110B 116F 11B8; # (ì›; ì›; 웝; ì›; 웝; ) HANGUL SYLLABLE WEOB +C6DE;C6DE;110B 116F 11B9;C6DE;110B 116F 11B9; # (웞; 웞; 웞; 웞; 웞; ) HANGUL SYLLABLE WEOBS +C6DF;C6DF;110B 116F 11BA;C6DF;110B 116F 11BA; # (웟; 웟; 웟; 웟; 웟; ) HANGUL SYLLABLE WEOS +C6E0;C6E0;110B 116F 11BB;C6E0;110B 116F 11BB; # (ì› ; ì› ; 웠; ì› ; 웠; ) HANGUL SYLLABLE WEOSS +C6E1;C6E1;110B 116F 11BC;C6E1;110B 116F 11BC; # (웡; 웡; 웡; 웡; 웡; ) HANGUL SYLLABLE WEONG +C6E2;C6E2;110B 116F 11BD;C6E2;110B 116F 11BD; # (웢; 웢; 웢; 웢; 웢; ) HANGUL SYLLABLE WEOJ +C6E3;C6E3;110B 116F 11BE;C6E3;110B 116F 11BE; # (웣; 웣; 웣; 웣; 웣; ) HANGUL SYLLABLE WEOC +C6E4;C6E4;110B 116F 11BF;C6E4;110B 116F 11BF; # (웤; 웤; 웤; 웤; 웤; ) HANGUL SYLLABLE WEOK +C6E5;C6E5;110B 116F 11C0;C6E5;110B 116F 11C0; # (웥; 웥; 웥; 웥; 웥; ) HANGUL SYLLABLE WEOT +C6E6;C6E6;110B 116F 11C1;C6E6;110B 116F 11C1; # (웦; 웦; á„‹á…¯á‡; 웦; á„‹á…¯á‡; ) HANGUL SYLLABLE WEOP +C6E7;C6E7;110B 116F 11C2;C6E7;110B 116F 11C2; # (웧; 웧; 웧; 웧; 웧; ) HANGUL SYLLABLE WEOH +C6E8;C6E8;110B 1170;C6E8;110B 1170; # (웨; 웨; á„‹á…°; 웨; á„‹á…°; ) HANGUL SYLLABLE WE +C6E9;C6E9;110B 1170 11A8;C6E9;110B 1170 11A8; # (웩; 웩; 웩; 웩; 웩; ) HANGUL SYLLABLE WEG +C6EA;C6EA;110B 1170 11A9;C6EA;110B 1170 11A9; # (웪; 웪; 웪; 웪; 웪; ) HANGUL SYLLABLE WEGG +C6EB;C6EB;110B 1170 11AA;C6EB;110B 1170 11AA; # (웫; 웫; 웫; 웫; 웫; ) HANGUL SYLLABLE WEGS +C6EC;C6EC;110B 1170 11AB;C6EC;110B 1170 11AB; # (웬; 웬; 웬; 웬; 웬; ) HANGUL SYLLABLE WEN +C6ED;C6ED;110B 1170 11AC;C6ED;110B 1170 11AC; # (ì›­; ì›­; 웭; ì›­; 웭; ) HANGUL SYLLABLE WENJ +C6EE;C6EE;110B 1170 11AD;C6EE;110B 1170 11AD; # (ì›®; ì›®; 웮; ì›®; 웮; ) HANGUL SYLLABLE WENH +C6EF;C6EF;110B 1170 11AE;C6EF;110B 1170 11AE; # (웯; 웯; 웯; 웯; 웯; ) HANGUL SYLLABLE WED +C6F0;C6F0;110B 1170 11AF;C6F0;110B 1170 11AF; # (ì›°; ì›°; 웰; ì›°; 웰; ) HANGUL SYLLABLE WEL +C6F1;C6F1;110B 1170 11B0;C6F1;110B 1170 11B0; # (ì›±; ì›±; 웱; ì›±; 웱; ) HANGUL SYLLABLE WELG +C6F2;C6F2;110B 1170 11B1;C6F2;110B 1170 11B1; # (웲; 웲; 웲; 웲; 웲; ) HANGUL SYLLABLE WELM +C6F3;C6F3;110B 1170 11B2;C6F3;110B 1170 11B2; # (웳; 웳; 웳; 웳; 웳; ) HANGUL SYLLABLE WELB +C6F4;C6F4;110B 1170 11B3;C6F4;110B 1170 11B3; # (ì›´; ì›´; 웴; ì›´; 웴; ) HANGUL SYLLABLE WELS +C6F5;C6F5;110B 1170 11B4;C6F5;110B 1170 11B4; # (웵; 웵; 웵; 웵; 웵; ) HANGUL SYLLABLE WELT +C6F6;C6F6;110B 1170 11B5;C6F6;110B 1170 11B5; # (웶; 웶; 웶; 웶; 웶; ) HANGUL SYLLABLE WELP +C6F7;C6F7;110B 1170 11B6;C6F7;110B 1170 11B6; # (ì›·; ì›·; 웷; ì›·; 웷; ) HANGUL SYLLABLE WELH +C6F8;C6F8;110B 1170 11B7;C6F8;110B 1170 11B7; # (웸; 웸; 웸; 웸; 웸; ) HANGUL SYLLABLE WEM +C6F9;C6F9;110B 1170 11B8;C6F9;110B 1170 11B8; # (웹; 웹; 웹; 웹; 웹; ) HANGUL SYLLABLE WEB +C6FA;C6FA;110B 1170 11B9;C6FA;110B 1170 11B9; # (웺; 웺; 웺; 웺; 웺; ) HANGUL SYLLABLE WEBS +C6FB;C6FB;110B 1170 11BA;C6FB;110B 1170 11BA; # (ì›»; ì›»; 웻; ì›»; 웻; ) HANGUL SYLLABLE WES +C6FC;C6FC;110B 1170 11BB;C6FC;110B 1170 11BB; # (웼; 웼; 웼; 웼; 웼; ) HANGUL SYLLABLE WESS +C6FD;C6FD;110B 1170 11BC;C6FD;110B 1170 11BC; # (웽; 웽; 웽; 웽; 웽; ) HANGUL SYLLABLE WENG +C6FE;C6FE;110B 1170 11BD;C6FE;110B 1170 11BD; # (웾; 웾; 웾; 웾; 웾; ) HANGUL SYLLABLE WEJ +C6FF;C6FF;110B 1170 11BE;C6FF;110B 1170 11BE; # (웿; 웿; 웿; 웿; 웿; ) HANGUL SYLLABLE WEC +C700;C700;110B 1170 11BF;C700;110B 1170 11BF; # (윀; 윀; 윀; 윀; 윀; ) HANGUL SYLLABLE WEK +C701;C701;110B 1170 11C0;C701;110B 1170 11C0; # (ìœ; ìœ; 윁; ìœ; 윁; ) HANGUL SYLLABLE WET +C702;C702;110B 1170 11C1;C702;110B 1170 11C1; # (윂; 윂; á„‹á…°á‡; 윂; á„‹á…°á‡; ) HANGUL SYLLABLE WEP +C703;C703;110B 1170 11C2;C703;110B 1170 11C2; # (윃; 윃; 윃; 윃; 윃; ) HANGUL SYLLABLE WEH +C704;C704;110B 1171;C704;110B 1171; # (위; 위; á„‹á…±; 위; á„‹á…±; ) HANGUL SYLLABLE WI +C705;C705;110B 1171 11A8;C705;110B 1171 11A8; # (윅; 윅; 윅; 윅; 윅; ) HANGUL SYLLABLE WIG +C706;C706;110B 1171 11A9;C706;110B 1171 11A9; # (윆; 윆; 윆; 윆; 윆; ) HANGUL SYLLABLE WIGG +C707;C707;110B 1171 11AA;C707;110B 1171 11AA; # (윇; 윇; 윇; 윇; 윇; ) HANGUL SYLLABLE WIGS +C708;C708;110B 1171 11AB;C708;110B 1171 11AB; # (윈; 윈; 윈; 윈; 윈; ) HANGUL SYLLABLE WIN +C709;C709;110B 1171 11AC;C709;110B 1171 11AC; # (윉; 윉; 윉; 윉; 윉; ) HANGUL SYLLABLE WINJ +C70A;C70A;110B 1171 11AD;C70A;110B 1171 11AD; # (윊; 윊; 윊; 윊; 윊; ) HANGUL SYLLABLE WINH +C70B;C70B;110B 1171 11AE;C70B;110B 1171 11AE; # (윋; 윋; 윋; 윋; 윋; ) HANGUL SYLLABLE WID +C70C;C70C;110B 1171 11AF;C70C;110B 1171 11AF; # (윌; 윌; 윌; 윌; 윌; ) HANGUL SYLLABLE WIL +C70D;C70D;110B 1171 11B0;C70D;110B 1171 11B0; # (ìœ; ìœ; 윍; ìœ; 윍; ) HANGUL SYLLABLE WILG +C70E;C70E;110B 1171 11B1;C70E;110B 1171 11B1; # (윎; 윎; 윎; 윎; 윎; ) HANGUL SYLLABLE WILM +C70F;C70F;110B 1171 11B2;C70F;110B 1171 11B2; # (ìœ; ìœ; 윏; ìœ; 윏; ) HANGUL SYLLABLE WILB +C710;C710;110B 1171 11B3;C710;110B 1171 11B3; # (ìœ; ìœ; 윐; ìœ; 윐; ) HANGUL SYLLABLE WILS +C711;C711;110B 1171 11B4;C711;110B 1171 11B4; # (윑; 윑; 윑; 윑; 윑; ) HANGUL SYLLABLE WILT +C712;C712;110B 1171 11B5;C712;110B 1171 11B5; # (윒; 윒; 윒; 윒; 윒; ) HANGUL SYLLABLE WILP +C713;C713;110B 1171 11B6;C713;110B 1171 11B6; # (윓; 윓; 윓; 윓; 윓; ) HANGUL SYLLABLE WILH +C714;C714;110B 1171 11B7;C714;110B 1171 11B7; # (윔; 윔; 윔; 윔; 윔; ) HANGUL SYLLABLE WIM +C715;C715;110B 1171 11B8;C715;110B 1171 11B8; # (윕; 윕; 윕; 윕; 윕; ) HANGUL SYLLABLE WIB +C716;C716;110B 1171 11B9;C716;110B 1171 11B9; # (윖; 윖; 윖; 윖; 윖; ) HANGUL SYLLABLE WIBS +C717;C717;110B 1171 11BA;C717;110B 1171 11BA; # (윗; 윗; 윗; 윗; 윗; ) HANGUL SYLLABLE WIS +C718;C718;110B 1171 11BB;C718;110B 1171 11BB; # (윘; 윘; 윘; 윘; 윘; ) HANGUL SYLLABLE WISS +C719;C719;110B 1171 11BC;C719;110B 1171 11BC; # (윙; 윙; 윙; 윙; 윙; ) HANGUL SYLLABLE WING +C71A;C71A;110B 1171 11BD;C71A;110B 1171 11BD; # (윚; 윚; 윚; 윚; 윚; ) HANGUL SYLLABLE WIJ +C71B;C71B;110B 1171 11BE;C71B;110B 1171 11BE; # (윛; 윛; 윛; 윛; 윛; ) HANGUL SYLLABLE WIC +C71C;C71C;110B 1171 11BF;C71C;110B 1171 11BF; # (윜; 윜; 윜; 윜; 윜; ) HANGUL SYLLABLE WIK +C71D;C71D;110B 1171 11C0;C71D;110B 1171 11C0; # (ìœ; ìœ; 윝; ìœ; 윝; ) HANGUL SYLLABLE WIT +C71E;C71E;110B 1171 11C1;C71E;110B 1171 11C1; # (윞; 윞; á„‹á…±á‡; 윞; á„‹á…±á‡; ) HANGUL SYLLABLE WIP +C71F;C71F;110B 1171 11C2;C71F;110B 1171 11C2; # (윟; 윟; 윟; 윟; 윟; ) HANGUL SYLLABLE WIH +C720;C720;110B 1172;C720;110B 1172; # (유; 유; á„‹á…²; 유; á„‹á…²; ) HANGUL SYLLABLE YU +C721;C721;110B 1172 11A8;C721;110B 1172 11A8; # (육; 육; 육; 육; 육; ) HANGUL SYLLABLE YUG +C722;C722;110B 1172 11A9;C722;110B 1172 11A9; # (윢; 윢; 윢; 윢; 윢; ) HANGUL SYLLABLE YUGG +C723;C723;110B 1172 11AA;C723;110B 1172 11AA; # (윣; 윣; 윣; 윣; 윣; ) HANGUL SYLLABLE YUGS +C724;C724;110B 1172 11AB;C724;110B 1172 11AB; # (윤; 윤; 윤; 윤; 윤; ) HANGUL SYLLABLE YUN +C725;C725;110B 1172 11AC;C725;110B 1172 11AC; # (윥; 윥; 윥; 윥; 윥; ) HANGUL SYLLABLE YUNJ +C726;C726;110B 1172 11AD;C726;110B 1172 11AD; # (윦; 윦; 윦; 윦; 윦; ) HANGUL SYLLABLE YUNH +C727;C727;110B 1172 11AE;C727;110B 1172 11AE; # (윧; 윧; 윧; 윧; 윧; ) HANGUL SYLLABLE YUD +C728;C728;110B 1172 11AF;C728;110B 1172 11AF; # (율; 율; 율; 율; 율; ) HANGUL SYLLABLE YUL +C729;C729;110B 1172 11B0;C729;110B 1172 11B0; # (윩; 윩; 윩; 윩; 윩; ) HANGUL SYLLABLE YULG +C72A;C72A;110B 1172 11B1;C72A;110B 1172 11B1; # (윪; 윪; 윪; 윪; 윪; ) HANGUL SYLLABLE YULM +C72B;C72B;110B 1172 11B2;C72B;110B 1172 11B2; # (윫; 윫; 윫; 윫; 윫; ) HANGUL SYLLABLE YULB +C72C;C72C;110B 1172 11B3;C72C;110B 1172 11B3; # (윬; 윬; 윬; 윬; 윬; ) HANGUL SYLLABLE YULS +C72D;C72D;110B 1172 11B4;C72D;110B 1172 11B4; # (윭; 윭; 윭; 윭; 윭; ) HANGUL SYLLABLE YULT +C72E;C72E;110B 1172 11B5;C72E;110B 1172 11B5; # (윮; 윮; 윮; 윮; 윮; ) HANGUL SYLLABLE YULP +C72F;C72F;110B 1172 11B6;C72F;110B 1172 11B6; # (윯; 윯; 윯; 윯; 윯; ) HANGUL SYLLABLE YULH +C730;C730;110B 1172 11B7;C730;110B 1172 11B7; # (윰; 윰; 윰; 윰; 윰; ) HANGUL SYLLABLE YUM +C731;C731;110B 1172 11B8;C731;110B 1172 11B8; # (윱; 윱; 윱; 윱; 윱; ) HANGUL SYLLABLE YUB +C732;C732;110B 1172 11B9;C732;110B 1172 11B9; # (윲; 윲; 윲; 윲; 윲; ) HANGUL SYLLABLE YUBS +C733;C733;110B 1172 11BA;C733;110B 1172 11BA; # (윳; 윳; 윳; 윳; 윳; ) HANGUL SYLLABLE YUS +C734;C734;110B 1172 11BB;C734;110B 1172 11BB; # (윴; 윴; 윴; 윴; 윴; ) HANGUL SYLLABLE YUSS +C735;C735;110B 1172 11BC;C735;110B 1172 11BC; # (융; 융; 융; 융; 융; ) HANGUL SYLLABLE YUNG +C736;C736;110B 1172 11BD;C736;110B 1172 11BD; # (윶; 윶; 윶; 윶; 윶; ) HANGUL SYLLABLE YUJ +C737;C737;110B 1172 11BE;C737;110B 1172 11BE; # (윷; 윷; 윷; 윷; 윷; ) HANGUL SYLLABLE YUC +C738;C738;110B 1172 11BF;C738;110B 1172 11BF; # (윸; 윸; 윸; 윸; 윸; ) HANGUL SYLLABLE YUK +C739;C739;110B 1172 11C0;C739;110B 1172 11C0; # (윹; 윹; 윹; 윹; 윹; ) HANGUL SYLLABLE YUT +C73A;C73A;110B 1172 11C1;C73A;110B 1172 11C1; # (윺; 윺; á„‹á…²á‡; 윺; á„‹á…²á‡; ) HANGUL SYLLABLE YUP +C73B;C73B;110B 1172 11C2;C73B;110B 1172 11C2; # (윻; 윻; 윻; 윻; 윻; ) HANGUL SYLLABLE YUH +C73C;C73C;110B 1173;C73C;110B 1173; # (으; 으; á„‹á…³; 으; á„‹á…³; ) HANGUL SYLLABLE EU +C73D;C73D;110B 1173 11A8;C73D;110B 1173 11A8; # (윽; 윽; 윽; 윽; 윽; ) HANGUL SYLLABLE EUG +C73E;C73E;110B 1173 11A9;C73E;110B 1173 11A9; # (윾; 윾; 윾; 윾; 윾; ) HANGUL SYLLABLE EUGG +C73F;C73F;110B 1173 11AA;C73F;110B 1173 11AA; # (윿; 윿; 윿; 윿; 윿; ) HANGUL SYLLABLE EUGS +C740;C740;110B 1173 11AB;C740;110B 1173 11AB; # (ì€; ì€; 은; ì€; 은; ) HANGUL SYLLABLE EUN +C741;C741;110B 1173 11AC;C741;110B 1173 11AC; # (ì; ì; 읁; ì; 읁; ) HANGUL SYLLABLE EUNJ +C742;C742;110B 1173 11AD;C742;110B 1173 11AD; # (ì‚; ì‚; 읂; ì‚; 읂; ) HANGUL SYLLABLE EUNH +C743;C743;110B 1173 11AE;C743;110B 1173 11AE; # (ìƒ; ìƒ; 읃; ìƒ; 읃; ) HANGUL SYLLABLE EUD +C744;C744;110B 1173 11AF;C744;110B 1173 11AF; # (ì„; ì„; 을; ì„; 을; ) HANGUL SYLLABLE EUL +C745;C745;110B 1173 11B0;C745;110B 1173 11B0; # (ì…; ì…; 읅; ì…; 읅; ) HANGUL SYLLABLE EULG +C746;C746;110B 1173 11B1;C746;110B 1173 11B1; # (ì†; ì†; 읆; ì†; 읆; ) HANGUL SYLLABLE EULM +C747;C747;110B 1173 11B2;C747;110B 1173 11B2; # (ì‡; ì‡; 읇; ì‡; 읇; ) HANGUL SYLLABLE EULB +C748;C748;110B 1173 11B3;C748;110B 1173 11B3; # (ìˆ; ìˆ; 읈; ìˆ; 읈; ) HANGUL SYLLABLE EULS +C749;C749;110B 1173 11B4;C749;110B 1173 11B4; # (ì‰; ì‰; 읉; ì‰; 읉; ) HANGUL SYLLABLE EULT +C74A;C74A;110B 1173 11B5;C74A;110B 1173 11B5; # (ìŠ; ìŠ; 읊; ìŠ; 읊; ) HANGUL SYLLABLE EULP +C74B;C74B;110B 1173 11B6;C74B;110B 1173 11B6; # (ì‹; ì‹; 읋; ì‹; 읋; ) HANGUL SYLLABLE EULH +C74C;C74C;110B 1173 11B7;C74C;110B 1173 11B7; # (ìŒ; ìŒ; 음; ìŒ; 음; ) HANGUL SYLLABLE EUM +C74D;C74D;110B 1173 11B8;C74D;110B 1173 11B8; # (ì; ì; 읍; ì; 읍; ) HANGUL SYLLABLE EUB +C74E;C74E;110B 1173 11B9;C74E;110B 1173 11B9; # (ìŽ; ìŽ; 읎; ìŽ; 읎; ) HANGUL SYLLABLE EUBS +C74F;C74F;110B 1173 11BA;C74F;110B 1173 11BA; # (ì; ì; 읏; ì; 읏; ) HANGUL SYLLABLE EUS +C750;C750;110B 1173 11BB;C750;110B 1173 11BB; # (ì; ì; 읐; ì; 읐; ) HANGUL SYLLABLE EUSS +C751;C751;110B 1173 11BC;C751;110B 1173 11BC; # (ì‘; ì‘; 응; ì‘; 응; ) HANGUL SYLLABLE EUNG +C752;C752;110B 1173 11BD;C752;110B 1173 11BD; # (ì’; ì’; 읒; ì’; 읒; ) HANGUL SYLLABLE EUJ +C753;C753;110B 1173 11BE;C753;110B 1173 11BE; # (ì“; ì“; 읓; ì“; 읓; ) HANGUL SYLLABLE EUC +C754;C754;110B 1173 11BF;C754;110B 1173 11BF; # (ì”; ì”; 읔; ì”; 읔; ) HANGUL SYLLABLE EUK +C755;C755;110B 1173 11C0;C755;110B 1173 11C0; # (ì•; ì•; 읕; ì•; 읕; ) HANGUL SYLLABLE EUT +C756;C756;110B 1173 11C1;C756;110B 1173 11C1; # (ì–; ì–; á„‹á…³á‡; ì–; á„‹á…³á‡; ) HANGUL SYLLABLE EUP +C757;C757;110B 1173 11C2;C757;110B 1173 11C2; # (ì—; ì—; 읗; ì—; 읗; ) HANGUL SYLLABLE EUH +C758;C758;110B 1174;C758;110B 1174; # (ì˜; ì˜; á„‹á…´; ì˜; á„‹á…´; ) HANGUL SYLLABLE YI +C759;C759;110B 1174 11A8;C759;110B 1174 11A8; # (ì™; ì™; 읙; ì™; 읙; ) HANGUL SYLLABLE YIG +C75A;C75A;110B 1174 11A9;C75A;110B 1174 11A9; # (ìš; ìš; 읚; ìš; 읚; ) HANGUL SYLLABLE YIGG +C75B;C75B;110B 1174 11AA;C75B;110B 1174 11AA; # (ì›; ì›; 읛; ì›; 읛; ) HANGUL SYLLABLE YIGS +C75C;C75C;110B 1174 11AB;C75C;110B 1174 11AB; # (ìœ; ìœ; 읜; ìœ; 읜; ) HANGUL SYLLABLE YIN +C75D;C75D;110B 1174 11AC;C75D;110B 1174 11AC; # (ì; ì; 읝; ì; 읝; ) HANGUL SYLLABLE YINJ +C75E;C75E;110B 1174 11AD;C75E;110B 1174 11AD; # (ìž; ìž; 읞; ìž; 읞; ) HANGUL SYLLABLE YINH +C75F;C75F;110B 1174 11AE;C75F;110B 1174 11AE; # (ìŸ; ìŸ; 읟; ìŸ; 읟; ) HANGUL SYLLABLE YID +C760;C760;110B 1174 11AF;C760;110B 1174 11AF; # (ì ; ì ; 읠; ì ; 읠; ) HANGUL SYLLABLE YIL +C761;C761;110B 1174 11B0;C761;110B 1174 11B0; # (ì¡; ì¡; 읡; ì¡; 읡; ) HANGUL SYLLABLE YILG +C762;C762;110B 1174 11B1;C762;110B 1174 11B1; # (ì¢; ì¢; 읢; ì¢; 읢; ) HANGUL SYLLABLE YILM +C763;C763;110B 1174 11B2;C763;110B 1174 11B2; # (ì£; ì£; 읣; ì£; 읣; ) HANGUL SYLLABLE YILB +C764;C764;110B 1174 11B3;C764;110B 1174 11B3; # (ì¤; ì¤; 읤; ì¤; 읤; ) HANGUL SYLLABLE YILS +C765;C765;110B 1174 11B4;C765;110B 1174 11B4; # (ì¥; ì¥; 읥; ì¥; 읥; ) HANGUL SYLLABLE YILT +C766;C766;110B 1174 11B5;C766;110B 1174 11B5; # (ì¦; ì¦; 읦; ì¦; 읦; ) HANGUL SYLLABLE YILP +C767;C767;110B 1174 11B6;C767;110B 1174 11B6; # (ì§; ì§; 읧; ì§; 읧; ) HANGUL SYLLABLE YILH +C768;C768;110B 1174 11B7;C768;110B 1174 11B7; # (ì¨; ì¨; 읨; ì¨; 읨; ) HANGUL SYLLABLE YIM +C769;C769;110B 1174 11B8;C769;110B 1174 11B8; # (ì©; ì©; 읩; ì©; 읩; ) HANGUL SYLLABLE YIB +C76A;C76A;110B 1174 11B9;C76A;110B 1174 11B9; # (ìª; ìª; 읪; ìª; 읪; ) HANGUL SYLLABLE YIBS +C76B;C76B;110B 1174 11BA;C76B;110B 1174 11BA; # (ì«; ì«; 읫; ì«; 읫; ) HANGUL SYLLABLE YIS +C76C;C76C;110B 1174 11BB;C76C;110B 1174 11BB; # (ì¬; ì¬; 읬; ì¬; 읬; ) HANGUL SYLLABLE YISS +C76D;C76D;110B 1174 11BC;C76D;110B 1174 11BC; # (ì­; ì­; 읭; ì­; 읭; ) HANGUL SYLLABLE YING +C76E;C76E;110B 1174 11BD;C76E;110B 1174 11BD; # (ì®; ì®; 읮; ì®; 읮; ) HANGUL SYLLABLE YIJ +C76F;C76F;110B 1174 11BE;C76F;110B 1174 11BE; # (ì¯; ì¯; 읯; ì¯; 읯; ) HANGUL SYLLABLE YIC +C770;C770;110B 1174 11BF;C770;110B 1174 11BF; # (ì°; ì°; 읰; ì°; 읰; ) HANGUL SYLLABLE YIK +C771;C771;110B 1174 11C0;C771;110B 1174 11C0; # (ì±; ì±; 읱; ì±; 읱; ) HANGUL SYLLABLE YIT +C772;C772;110B 1174 11C1;C772;110B 1174 11C1; # (ì²; ì²; á„‹á…´á‡; ì²; á„‹á…´á‡; ) HANGUL SYLLABLE YIP +C773;C773;110B 1174 11C2;C773;110B 1174 11C2; # (ì³; ì³; 읳; ì³; 읳; ) HANGUL SYLLABLE YIH +C774;C774;110B 1175;C774;110B 1175; # (ì´; ì´; á„‹á…µ; ì´; á„‹á…µ; ) HANGUL SYLLABLE I +C775;C775;110B 1175 11A8;C775;110B 1175 11A8; # (ìµ; ìµ; 익; ìµ; 익; ) HANGUL SYLLABLE IG +C776;C776;110B 1175 11A9;C776;110B 1175 11A9; # (ì¶; ì¶; 읶; ì¶; 읶; ) HANGUL SYLLABLE IGG +C777;C777;110B 1175 11AA;C777;110B 1175 11AA; # (ì·; ì·; 읷; ì·; 읷; ) HANGUL SYLLABLE IGS +C778;C778;110B 1175 11AB;C778;110B 1175 11AB; # (ì¸; ì¸; 인; ì¸; 인; ) HANGUL SYLLABLE IN +C779;C779;110B 1175 11AC;C779;110B 1175 11AC; # (ì¹; ì¹; 읹; ì¹; 읹; ) HANGUL SYLLABLE INJ +C77A;C77A;110B 1175 11AD;C77A;110B 1175 11AD; # (ìº; ìº; 읺; ìº; 읺; ) HANGUL SYLLABLE INH +C77B;C77B;110B 1175 11AE;C77B;110B 1175 11AE; # (ì»; ì»; 읻; ì»; 읻; ) HANGUL SYLLABLE ID +C77C;C77C;110B 1175 11AF;C77C;110B 1175 11AF; # (ì¼; ì¼; 일; ì¼; 일; ) HANGUL SYLLABLE IL +C77D;C77D;110B 1175 11B0;C77D;110B 1175 11B0; # (ì½; ì½; 읽; ì½; 읽; ) HANGUL SYLLABLE ILG +C77E;C77E;110B 1175 11B1;C77E;110B 1175 11B1; # (ì¾; ì¾; 읾; ì¾; 읾; ) HANGUL SYLLABLE ILM +C77F;C77F;110B 1175 11B2;C77F;110B 1175 11B2; # (ì¿; ì¿; 읿; ì¿; 읿; ) HANGUL SYLLABLE ILB +C780;C780;110B 1175 11B3;C780;110B 1175 11B3; # (잀; 잀; 잀; 잀; 잀; ) HANGUL SYLLABLE ILS +C781;C781;110B 1175 11B4;C781;110B 1175 11B4; # (ìž; ìž; 잁; ìž; 잁; ) HANGUL SYLLABLE ILT +C782;C782;110B 1175 11B5;C782;110B 1175 11B5; # (ìž‚; ìž‚; 잂; ìž‚; 잂; ) HANGUL SYLLABLE ILP +C783;C783;110B 1175 11B6;C783;110B 1175 11B6; # (잃; 잃; 잃; 잃; 잃; ) HANGUL SYLLABLE ILH +C784;C784;110B 1175 11B7;C784;110B 1175 11B7; # (ìž„; ìž„; 임; ìž„; 임; ) HANGUL SYLLABLE IM +C785;C785;110B 1175 11B8;C785;110B 1175 11B8; # (ìž…; ìž…; 입; ìž…; 입; ) HANGUL SYLLABLE IB +C786;C786;110B 1175 11B9;C786;110B 1175 11B9; # (잆; 잆; 잆; 잆; 잆; ) HANGUL SYLLABLE IBS +C787;C787;110B 1175 11BA;C787;110B 1175 11BA; # (잇; 잇; 잇; 잇; 잇; ) HANGUL SYLLABLE IS +C788;C788;110B 1175 11BB;C788;110B 1175 11BB; # (있; 있; 있; 있; 있; ) HANGUL SYLLABLE ISS +C789;C789;110B 1175 11BC;C789;110B 1175 11BC; # (잉; 잉; 잉; 잉; 잉; ) HANGUL SYLLABLE ING +C78A;C78A;110B 1175 11BD;C78A;110B 1175 11BD; # (잊; 잊; 잊; 잊; 잊; ) HANGUL SYLLABLE IJ +C78B;C78B;110B 1175 11BE;C78B;110B 1175 11BE; # (ìž‹; ìž‹; 잋; ìž‹; 잋; ) HANGUL SYLLABLE IC +C78C;C78C;110B 1175 11BF;C78C;110B 1175 11BF; # (잌; 잌; 잌; 잌; 잌; ) HANGUL SYLLABLE IK +C78D;C78D;110B 1175 11C0;C78D;110B 1175 11C0; # (ìž; ìž; 잍; ìž; 잍; ) HANGUL SYLLABLE IT +C78E;C78E;110B 1175 11C1;C78E;110B 1175 11C1; # (잎; 잎; á„‹á…µá‡; 잎; á„‹á…µá‡; ) HANGUL SYLLABLE IP +C78F;C78F;110B 1175 11C2;C78F;110B 1175 11C2; # (ìž; ìž; 잏; ìž; 잏; ) HANGUL SYLLABLE IH +C790;C790;110C 1161;C790;110C 1161; # (ìž; ìž; 자; ìž; 자; ) HANGUL SYLLABLE JA +C791;C791;110C 1161 11A8;C791;110C 1161 11A8; # (ìž‘; ìž‘; 작; ìž‘; 작; ) HANGUL SYLLABLE JAG +C792;C792;110C 1161 11A9;C792;110C 1161 11A9; # (ìž’; ìž’; 잒; ìž’; 잒; ) HANGUL SYLLABLE JAGG +C793;C793;110C 1161 11AA;C793;110C 1161 11AA; # (ìž“; ìž“; 잓; ìž“; 잓; ) HANGUL SYLLABLE JAGS +C794;C794;110C 1161 11AB;C794;110C 1161 11AB; # (ìž”; ìž”; 잔; ìž”; 잔; ) HANGUL SYLLABLE JAN +C795;C795;110C 1161 11AC;C795;110C 1161 11AC; # (ìž•; ìž•; 잕; ìž•; 잕; ) HANGUL SYLLABLE JANJ +C796;C796;110C 1161 11AD;C796;110C 1161 11AD; # (ìž–; ìž–; 잖; ìž–; 잖; ) HANGUL SYLLABLE JANH +C797;C797;110C 1161 11AE;C797;110C 1161 11AE; # (ìž—; ìž—; 잗; ìž—; 잗; ) HANGUL SYLLABLE JAD +C798;C798;110C 1161 11AF;C798;110C 1161 11AF; # (잘; 잘; 잘; 잘; 잘; ) HANGUL SYLLABLE JAL +C799;C799;110C 1161 11B0;C799;110C 1161 11B0; # (ìž™; ìž™; 잙; ìž™; 잙; ) HANGUL SYLLABLE JALG +C79A;C79A;110C 1161 11B1;C79A;110C 1161 11B1; # (ìžš; ìžš; 잚; ìžš; 잚; ) HANGUL SYLLABLE JALM +C79B;C79B;110C 1161 11B2;C79B;110C 1161 11B2; # (ìž›; ìž›; 잛; ìž›; 잛; ) HANGUL SYLLABLE JALB +C79C;C79C;110C 1161 11B3;C79C;110C 1161 11B3; # (ìžœ; ìžœ; 잜; ìžœ; 잜; ) HANGUL SYLLABLE JALS +C79D;C79D;110C 1161 11B4;C79D;110C 1161 11B4; # (ìž; ìž; 잝; ìž; 잝; ) HANGUL SYLLABLE JALT +C79E;C79E;110C 1161 11B5;C79E;110C 1161 11B5; # (ìžž; ìžž; 잞; ìžž; 잞; ) HANGUL SYLLABLE JALP +C79F;C79F;110C 1161 11B6;C79F;110C 1161 11B6; # (잟; 잟; 잟; 잟; 잟; ) HANGUL SYLLABLE JALH +C7A0;C7A0;110C 1161 11B7;C7A0;110C 1161 11B7; # (ìž ; ìž ; 잠; ìž ; 잠; ) HANGUL SYLLABLE JAM +C7A1;C7A1;110C 1161 11B8;C7A1;110C 1161 11B8; # (ìž¡; ìž¡; 잡; ìž¡; 잡; ) HANGUL SYLLABLE JAB +C7A2;C7A2;110C 1161 11B9;C7A2;110C 1161 11B9; # (잢; 잢; 잢; 잢; 잢; ) HANGUL SYLLABLE JABS +C7A3;C7A3;110C 1161 11BA;C7A3;110C 1161 11BA; # (잣; 잣; 잣; 잣; 잣; ) HANGUL SYLLABLE JAS +C7A4;C7A4;110C 1161 11BB;C7A4;110C 1161 11BB; # (잤; 잤; 잤; 잤; 잤; ) HANGUL SYLLABLE JASS +C7A5;C7A5;110C 1161 11BC;C7A5;110C 1161 11BC; # (장; 장; 장; 장; 장; ) HANGUL SYLLABLE JANG +C7A6;C7A6;110C 1161 11BD;C7A6;110C 1161 11BD; # (잦; 잦; 잦; 잦; 잦; ) HANGUL SYLLABLE JAJ +C7A7;C7A7;110C 1161 11BE;C7A7;110C 1161 11BE; # (잧; 잧; 잧; 잧; 잧; ) HANGUL SYLLABLE JAC +C7A8;C7A8;110C 1161 11BF;C7A8;110C 1161 11BF; # (잨; 잨; 잨; 잨; 잨; ) HANGUL SYLLABLE JAK +C7A9;C7A9;110C 1161 11C0;C7A9;110C 1161 11C0; # (ìž©; ìž©; 잩; ìž©; 잩; ) HANGUL SYLLABLE JAT +C7AA;C7AA;110C 1161 11C1;C7AA;110C 1161 11C1; # (잪; 잪; 자á‡; 잪; 자á‡; ) HANGUL SYLLABLE JAP +C7AB;C7AB;110C 1161 11C2;C7AB;110C 1161 11C2; # (ìž«; ìž«; 잫; ìž«; 잫; ) HANGUL SYLLABLE JAH +C7AC;C7AC;110C 1162;C7AC;110C 1162; # (재; 재; 재; 재; 재; ) HANGUL SYLLABLE JAE +C7AD;C7AD;110C 1162 11A8;C7AD;110C 1162 11A8; # (ìž­; ìž­; 잭; ìž­; 잭; ) HANGUL SYLLABLE JAEG +C7AE;C7AE;110C 1162 11A9;C7AE;110C 1162 11A9; # (ìž®; ìž®; 잮; ìž®; 잮; ) HANGUL SYLLABLE JAEGG +C7AF;C7AF;110C 1162 11AA;C7AF;110C 1162 11AA; # (잯; 잯; 잯; 잯; 잯; ) HANGUL SYLLABLE JAEGS +C7B0;C7B0;110C 1162 11AB;C7B0;110C 1162 11AB; # (ìž°; ìž°; 잰; ìž°; 잰; ) HANGUL SYLLABLE JAEN +C7B1;C7B1;110C 1162 11AC;C7B1;110C 1162 11AC; # (ìž±; ìž±; 잱; ìž±; 잱; ) HANGUL SYLLABLE JAENJ +C7B2;C7B2;110C 1162 11AD;C7B2;110C 1162 11AD; # (ìž²; ìž²; 잲; ìž²; 잲; ) HANGUL SYLLABLE JAENH +C7B3;C7B3;110C 1162 11AE;C7B3;110C 1162 11AE; # (ìž³; ìž³; 잳; ìž³; 잳; ) HANGUL SYLLABLE JAED +C7B4;C7B4;110C 1162 11AF;C7B4;110C 1162 11AF; # (ìž´; ìž´; 잴; ìž´; 잴; ) HANGUL SYLLABLE JAEL +C7B5;C7B5;110C 1162 11B0;C7B5;110C 1162 11B0; # (ìžµ; ìžµ; 잵; ìžµ; 잵; ) HANGUL SYLLABLE JAELG +C7B6;C7B6;110C 1162 11B1;C7B6;110C 1162 11B1; # (잶; 잶; 잶; 잶; 잶; ) HANGUL SYLLABLE JAELM +C7B7;C7B7;110C 1162 11B2;C7B7;110C 1162 11B2; # (ìž·; ìž·; 잷; ìž·; 잷; ) HANGUL SYLLABLE JAELB +C7B8;C7B8;110C 1162 11B3;C7B8;110C 1162 11B3; # (잸; 잸; 잸; 잸; 잸; ) HANGUL SYLLABLE JAELS +C7B9;C7B9;110C 1162 11B4;C7B9;110C 1162 11B4; # (ìž¹; ìž¹; 잹; ìž¹; 잹; ) HANGUL SYLLABLE JAELT +C7BA;C7BA;110C 1162 11B5;C7BA;110C 1162 11B5; # (잺; 잺; 잺; 잺; 잺; ) HANGUL SYLLABLE JAELP +C7BB;C7BB;110C 1162 11B6;C7BB;110C 1162 11B6; # (ìž»; ìž»; 잻; ìž»; 잻; ) HANGUL SYLLABLE JAELH +C7BC;C7BC;110C 1162 11B7;C7BC;110C 1162 11B7; # (ìž¼; ìž¼; 잼; ìž¼; 잼; ) HANGUL SYLLABLE JAEM +C7BD;C7BD;110C 1162 11B8;C7BD;110C 1162 11B8; # (ìž½; ìž½; 잽; ìž½; 잽; ) HANGUL SYLLABLE JAEB +C7BE;C7BE;110C 1162 11B9;C7BE;110C 1162 11B9; # (ìž¾; ìž¾; 잾; ìž¾; 잾; ) HANGUL SYLLABLE JAEBS +C7BF;C7BF;110C 1162 11BA;C7BF;110C 1162 11BA; # (ìž¿; ìž¿; 잿; ìž¿; 잿; ) HANGUL SYLLABLE JAES +C7C0;C7C0;110C 1162 11BB;C7C0;110C 1162 11BB; # (쟀; 쟀; 쟀; 쟀; 쟀; ) HANGUL SYLLABLE JAESS +C7C1;C7C1;110C 1162 11BC;C7C1;110C 1162 11BC; # (ìŸ; ìŸ; 쟁; ìŸ; 쟁; ) HANGUL SYLLABLE JAENG +C7C2;C7C2;110C 1162 11BD;C7C2;110C 1162 11BD; # (쟂; 쟂; 쟂; 쟂; 쟂; ) HANGUL SYLLABLE JAEJ +C7C3;C7C3;110C 1162 11BE;C7C3;110C 1162 11BE; # (쟃; 쟃; 쟃; 쟃; 쟃; ) HANGUL SYLLABLE JAEC +C7C4;C7C4;110C 1162 11BF;C7C4;110C 1162 11BF; # (쟄; 쟄; 쟄; 쟄; 쟄; ) HANGUL SYLLABLE JAEK +C7C5;C7C5;110C 1162 11C0;C7C5;110C 1162 11C0; # (쟅; 쟅; 쟅; 쟅; 쟅; ) HANGUL SYLLABLE JAET +C7C6;C7C6;110C 1162 11C1;C7C6;110C 1162 11C1; # (쟆; 쟆; 재á‡; 쟆; 재á‡; ) HANGUL SYLLABLE JAEP +C7C7;C7C7;110C 1162 11C2;C7C7;110C 1162 11C2; # (쟇; 쟇; 쟇; 쟇; 쟇; ) HANGUL SYLLABLE JAEH +C7C8;C7C8;110C 1163;C7C8;110C 1163; # (쟈; 쟈; 쟈; 쟈; 쟈; ) HANGUL SYLLABLE JYA +C7C9;C7C9;110C 1163 11A8;C7C9;110C 1163 11A8; # (쟉; 쟉; 쟉; 쟉; 쟉; ) HANGUL SYLLABLE JYAG +C7CA;C7CA;110C 1163 11A9;C7CA;110C 1163 11A9; # (쟊; 쟊; 쟊; 쟊; 쟊; ) HANGUL SYLLABLE JYAGG +C7CB;C7CB;110C 1163 11AA;C7CB;110C 1163 11AA; # (쟋; 쟋; 쟋; 쟋; 쟋; ) HANGUL SYLLABLE JYAGS +C7CC;C7CC;110C 1163 11AB;C7CC;110C 1163 11AB; # (쟌; 쟌; 쟌; 쟌; 쟌; ) HANGUL SYLLABLE JYAN +C7CD;C7CD;110C 1163 11AC;C7CD;110C 1163 11AC; # (ìŸ; ìŸ; 쟍; ìŸ; 쟍; ) HANGUL SYLLABLE JYANJ +C7CE;C7CE;110C 1163 11AD;C7CE;110C 1163 11AD; # (쟎; 쟎; 쟎; 쟎; 쟎; ) HANGUL SYLLABLE JYANH +C7CF;C7CF;110C 1163 11AE;C7CF;110C 1163 11AE; # (ìŸ; ìŸ; 쟏; ìŸ; 쟏; ) HANGUL SYLLABLE JYAD +C7D0;C7D0;110C 1163 11AF;C7D0;110C 1163 11AF; # (ìŸ; ìŸ; 쟐; ìŸ; 쟐; ) HANGUL SYLLABLE JYAL +C7D1;C7D1;110C 1163 11B0;C7D1;110C 1163 11B0; # (쟑; 쟑; 쟑; 쟑; 쟑; ) HANGUL SYLLABLE JYALG +C7D2;C7D2;110C 1163 11B1;C7D2;110C 1163 11B1; # (쟒; 쟒; 쟒; 쟒; 쟒; ) HANGUL SYLLABLE JYALM +C7D3;C7D3;110C 1163 11B2;C7D3;110C 1163 11B2; # (쟓; 쟓; 쟓; 쟓; 쟓; ) HANGUL SYLLABLE JYALB +C7D4;C7D4;110C 1163 11B3;C7D4;110C 1163 11B3; # (쟔; 쟔; 쟔; 쟔; 쟔; ) HANGUL SYLLABLE JYALS +C7D5;C7D5;110C 1163 11B4;C7D5;110C 1163 11B4; # (쟕; 쟕; 쟕; 쟕; 쟕; ) HANGUL SYLLABLE JYALT +C7D6;C7D6;110C 1163 11B5;C7D6;110C 1163 11B5; # (쟖; 쟖; 쟖; 쟖; 쟖; ) HANGUL SYLLABLE JYALP +C7D7;C7D7;110C 1163 11B6;C7D7;110C 1163 11B6; # (쟗; 쟗; 쟗; 쟗; 쟗; ) HANGUL SYLLABLE JYALH +C7D8;C7D8;110C 1163 11B7;C7D8;110C 1163 11B7; # (쟘; 쟘; 쟘; 쟘; 쟘; ) HANGUL SYLLABLE JYAM +C7D9;C7D9;110C 1163 11B8;C7D9;110C 1163 11B8; # (쟙; 쟙; 쟙; 쟙; 쟙; ) HANGUL SYLLABLE JYAB +C7DA;C7DA;110C 1163 11B9;C7DA;110C 1163 11B9; # (쟚; 쟚; 쟚; 쟚; 쟚; ) HANGUL SYLLABLE JYABS +C7DB;C7DB;110C 1163 11BA;C7DB;110C 1163 11BA; # (쟛; 쟛; 쟛; 쟛; 쟛; ) HANGUL SYLLABLE JYAS +C7DC;C7DC;110C 1163 11BB;C7DC;110C 1163 11BB; # (쟜; 쟜; 쟜; 쟜; 쟜; ) HANGUL SYLLABLE JYASS +C7DD;C7DD;110C 1163 11BC;C7DD;110C 1163 11BC; # (ìŸ; ìŸ; 쟝; ìŸ; 쟝; ) HANGUL SYLLABLE JYANG +C7DE;C7DE;110C 1163 11BD;C7DE;110C 1163 11BD; # (쟞; 쟞; 쟞; 쟞; 쟞; ) HANGUL SYLLABLE JYAJ +C7DF;C7DF;110C 1163 11BE;C7DF;110C 1163 11BE; # (쟟; 쟟; 쟟; 쟟; 쟟; ) HANGUL SYLLABLE JYAC +C7E0;C7E0;110C 1163 11BF;C7E0;110C 1163 11BF; # (쟠; 쟠; 쟠; 쟠; 쟠; ) HANGUL SYLLABLE JYAK +C7E1;C7E1;110C 1163 11C0;C7E1;110C 1163 11C0; # (쟡; 쟡; 쟡; 쟡; 쟡; ) HANGUL SYLLABLE JYAT +C7E2;C7E2;110C 1163 11C1;C7E2;110C 1163 11C1; # (쟢; 쟢; 쟈á‡; 쟢; 쟈á‡; ) HANGUL SYLLABLE JYAP +C7E3;C7E3;110C 1163 11C2;C7E3;110C 1163 11C2; # (쟣; 쟣; 쟣; 쟣; 쟣; ) HANGUL SYLLABLE JYAH +C7E4;C7E4;110C 1164;C7E4;110C 1164; # (쟤; 쟤; 쟤; 쟤; 쟤; ) HANGUL SYLLABLE JYAE +C7E5;C7E5;110C 1164 11A8;C7E5;110C 1164 11A8; # (쟥; 쟥; 쟥; 쟥; 쟥; ) HANGUL SYLLABLE JYAEG +C7E6;C7E6;110C 1164 11A9;C7E6;110C 1164 11A9; # (쟦; 쟦; 쟦; 쟦; 쟦; ) HANGUL SYLLABLE JYAEGG +C7E7;C7E7;110C 1164 11AA;C7E7;110C 1164 11AA; # (쟧; 쟧; 쟧; 쟧; 쟧; ) HANGUL SYLLABLE JYAEGS +C7E8;C7E8;110C 1164 11AB;C7E8;110C 1164 11AB; # (쟨; 쟨; 쟨; 쟨; 쟨; ) HANGUL SYLLABLE JYAEN +C7E9;C7E9;110C 1164 11AC;C7E9;110C 1164 11AC; # (쟩; 쟩; 쟩; 쟩; 쟩; ) HANGUL SYLLABLE JYAENJ +C7EA;C7EA;110C 1164 11AD;C7EA;110C 1164 11AD; # (쟪; 쟪; 쟪; 쟪; 쟪; ) HANGUL SYLLABLE JYAENH +C7EB;C7EB;110C 1164 11AE;C7EB;110C 1164 11AE; # (쟫; 쟫; 쟫; 쟫; 쟫; ) HANGUL SYLLABLE JYAED +C7EC;C7EC;110C 1164 11AF;C7EC;110C 1164 11AF; # (쟬; 쟬; 쟬; 쟬; 쟬; ) HANGUL SYLLABLE JYAEL +C7ED;C7ED;110C 1164 11B0;C7ED;110C 1164 11B0; # (쟭; 쟭; 쟭; 쟭; 쟭; ) HANGUL SYLLABLE JYAELG +C7EE;C7EE;110C 1164 11B1;C7EE;110C 1164 11B1; # (쟮; 쟮; 쟮; 쟮; 쟮; ) HANGUL SYLLABLE JYAELM +C7EF;C7EF;110C 1164 11B2;C7EF;110C 1164 11B2; # (쟯; 쟯; 쟯; 쟯; 쟯; ) HANGUL SYLLABLE JYAELB +C7F0;C7F0;110C 1164 11B3;C7F0;110C 1164 11B3; # (쟰; 쟰; 쟰; 쟰; 쟰; ) HANGUL SYLLABLE JYAELS +C7F1;C7F1;110C 1164 11B4;C7F1;110C 1164 11B4; # (쟱; 쟱; 쟱; 쟱; 쟱; ) HANGUL SYLLABLE JYAELT +C7F2;C7F2;110C 1164 11B5;C7F2;110C 1164 11B5; # (쟲; 쟲; 쟲; 쟲; 쟲; ) HANGUL SYLLABLE JYAELP +C7F3;C7F3;110C 1164 11B6;C7F3;110C 1164 11B6; # (쟳; 쟳; 쟳; 쟳; 쟳; ) HANGUL SYLLABLE JYAELH +C7F4;C7F4;110C 1164 11B7;C7F4;110C 1164 11B7; # (쟴; 쟴; 쟴; 쟴; 쟴; ) HANGUL SYLLABLE JYAEM +C7F5;C7F5;110C 1164 11B8;C7F5;110C 1164 11B8; # (쟵; 쟵; 쟵; 쟵; 쟵; ) HANGUL SYLLABLE JYAEB +C7F6;C7F6;110C 1164 11B9;C7F6;110C 1164 11B9; # (쟶; 쟶; 쟶; 쟶; 쟶; ) HANGUL SYLLABLE JYAEBS +C7F7;C7F7;110C 1164 11BA;C7F7;110C 1164 11BA; # (쟷; 쟷; 쟷; 쟷; 쟷; ) HANGUL SYLLABLE JYAES +C7F8;C7F8;110C 1164 11BB;C7F8;110C 1164 11BB; # (쟸; 쟸; 쟸; 쟸; 쟸; ) HANGUL SYLLABLE JYAESS +C7F9;C7F9;110C 1164 11BC;C7F9;110C 1164 11BC; # (쟹; 쟹; 쟹; 쟹; 쟹; ) HANGUL SYLLABLE JYAENG +C7FA;C7FA;110C 1164 11BD;C7FA;110C 1164 11BD; # (쟺; 쟺; 쟺; 쟺; 쟺; ) HANGUL SYLLABLE JYAEJ +C7FB;C7FB;110C 1164 11BE;C7FB;110C 1164 11BE; # (쟻; 쟻; 쟻; 쟻; 쟻; ) HANGUL SYLLABLE JYAEC +C7FC;C7FC;110C 1164 11BF;C7FC;110C 1164 11BF; # (쟼; 쟼; 쟼; 쟼; 쟼; ) HANGUL SYLLABLE JYAEK +C7FD;C7FD;110C 1164 11C0;C7FD;110C 1164 11C0; # (쟽; 쟽; 쟽; 쟽; 쟽; ) HANGUL SYLLABLE JYAET +C7FE;C7FE;110C 1164 11C1;C7FE;110C 1164 11C1; # (쟾; 쟾; 쟤á‡; 쟾; 쟤á‡; ) HANGUL SYLLABLE JYAEP +C7FF;C7FF;110C 1164 11C2;C7FF;110C 1164 11C2; # (쟿; 쟿; 쟿; 쟿; 쟿; ) HANGUL SYLLABLE JYAEH +C800;C800;110C 1165;C800;110C 1165; # (ì €; ì €; 저; ì €; 저; ) HANGUL SYLLABLE JEO +C801;C801;110C 1165 11A8;C801;110C 1165 11A8; # (ì ; ì ; 적; ì ; 적; ) HANGUL SYLLABLE JEOG +C802;C802;110C 1165 11A9;C802;110C 1165 11A9; # (ì ‚; ì ‚; 젂; ì ‚; 젂; ) HANGUL SYLLABLE JEOGG +C803;C803;110C 1165 11AA;C803;110C 1165 11AA; # (ì ƒ; ì ƒ; 젃; ì ƒ; 젃; ) HANGUL SYLLABLE JEOGS +C804;C804;110C 1165 11AB;C804;110C 1165 11AB; # (ì „; ì „; 전; ì „; 전; ) HANGUL SYLLABLE JEON +C805;C805;110C 1165 11AC;C805;110C 1165 11AC; # (ì …; ì …; 젅; ì …; 젅; ) HANGUL SYLLABLE JEONJ +C806;C806;110C 1165 11AD;C806;110C 1165 11AD; # (ì †; ì †; 젆; ì †; 젆; ) HANGUL SYLLABLE JEONH +C807;C807;110C 1165 11AE;C807;110C 1165 11AE; # (ì ‡; ì ‡; 젇; ì ‡; 젇; ) HANGUL SYLLABLE JEOD +C808;C808;110C 1165 11AF;C808;110C 1165 11AF; # (ì ˆ; ì ˆ; 절; ì ˆ; 절; ) HANGUL SYLLABLE JEOL +C809;C809;110C 1165 11B0;C809;110C 1165 11B0; # (ì ‰; ì ‰; 젉; ì ‰; 젉; ) HANGUL SYLLABLE JEOLG +C80A;C80A;110C 1165 11B1;C80A;110C 1165 11B1; # (ì Š; ì Š; 젊; ì Š; 젊; ) HANGUL SYLLABLE JEOLM +C80B;C80B;110C 1165 11B2;C80B;110C 1165 11B2; # (ì ‹; ì ‹; 젋; ì ‹; 젋; ) HANGUL SYLLABLE JEOLB +C80C;C80C;110C 1165 11B3;C80C;110C 1165 11B3; # (ì Œ; ì Œ; 젌; ì Œ; 젌; ) HANGUL SYLLABLE JEOLS +C80D;C80D;110C 1165 11B4;C80D;110C 1165 11B4; # (ì ; ì ; 젍; ì ; 젍; ) HANGUL SYLLABLE JEOLT +C80E;C80E;110C 1165 11B5;C80E;110C 1165 11B5; # (ì Ž; ì Ž; 젎; ì Ž; 젎; ) HANGUL SYLLABLE JEOLP +C80F;C80F;110C 1165 11B6;C80F;110C 1165 11B6; # (ì ; ì ; 젏; ì ; 젏; ) HANGUL SYLLABLE JEOLH +C810;C810;110C 1165 11B7;C810;110C 1165 11B7; # (ì ; ì ; 점; ì ; 점; ) HANGUL SYLLABLE JEOM +C811;C811;110C 1165 11B8;C811;110C 1165 11B8; # (ì ‘; ì ‘; 접; ì ‘; 접; ) HANGUL SYLLABLE JEOB +C812;C812;110C 1165 11B9;C812;110C 1165 11B9; # (ì ’; ì ’; 젒; ì ’; 젒; ) HANGUL SYLLABLE JEOBS +C813;C813;110C 1165 11BA;C813;110C 1165 11BA; # (ì “; ì “; 젓; ì “; 젓; ) HANGUL SYLLABLE JEOS +C814;C814;110C 1165 11BB;C814;110C 1165 11BB; # (ì ”; ì ”; 젔; ì ”; 젔; ) HANGUL SYLLABLE JEOSS +C815;C815;110C 1165 11BC;C815;110C 1165 11BC; # (ì •; ì •; 정; ì •; 정; ) HANGUL SYLLABLE JEONG +C816;C816;110C 1165 11BD;C816;110C 1165 11BD; # (ì –; ì –; 젖; ì –; 젖; ) HANGUL SYLLABLE JEOJ +C817;C817;110C 1165 11BE;C817;110C 1165 11BE; # (ì —; ì —; 젗; ì —; 젗; ) HANGUL SYLLABLE JEOC +C818;C818;110C 1165 11BF;C818;110C 1165 11BF; # (ì ˜; ì ˜; 젘; ì ˜; 젘; ) HANGUL SYLLABLE JEOK +C819;C819;110C 1165 11C0;C819;110C 1165 11C0; # (ì ™; ì ™; 젙; ì ™; 젙; ) HANGUL SYLLABLE JEOT +C81A;C81A;110C 1165 11C1;C81A;110C 1165 11C1; # (ì š; ì š; 저á‡; ì š; 저á‡; ) HANGUL SYLLABLE JEOP +C81B;C81B;110C 1165 11C2;C81B;110C 1165 11C2; # (ì ›; ì ›; 젛; ì ›; 젛; ) HANGUL SYLLABLE JEOH +C81C;C81C;110C 1166;C81C;110C 1166; # (ì œ; ì œ; 제; ì œ; 제; ) HANGUL SYLLABLE JE +C81D;C81D;110C 1166 11A8;C81D;110C 1166 11A8; # (ì ; ì ; 젝; ì ; 젝; ) HANGUL SYLLABLE JEG +C81E;C81E;110C 1166 11A9;C81E;110C 1166 11A9; # (ì ž; ì ž; 젞; ì ž; 젞; ) HANGUL SYLLABLE JEGG +C81F;C81F;110C 1166 11AA;C81F;110C 1166 11AA; # (ì Ÿ; ì Ÿ; 젟; ì Ÿ; 젟; ) HANGUL SYLLABLE JEGS +C820;C820;110C 1166 11AB;C820;110C 1166 11AB; # (ì  ; ì  ; 젠; ì  ; 젠; ) HANGUL SYLLABLE JEN +C821;C821;110C 1166 11AC;C821;110C 1166 11AC; # (ì ¡; ì ¡; 젡; ì ¡; 젡; ) HANGUL SYLLABLE JENJ +C822;C822;110C 1166 11AD;C822;110C 1166 11AD; # (ì ¢; ì ¢; 젢; ì ¢; 젢; ) HANGUL SYLLABLE JENH +C823;C823;110C 1166 11AE;C823;110C 1166 11AE; # (ì £; ì £; 젣; ì £; 젣; ) HANGUL SYLLABLE JED +C824;C824;110C 1166 11AF;C824;110C 1166 11AF; # (ì ¤; ì ¤; 젤; ì ¤; 젤; ) HANGUL SYLLABLE JEL +C825;C825;110C 1166 11B0;C825;110C 1166 11B0; # (ì ¥; ì ¥; 젥; ì ¥; 젥; ) HANGUL SYLLABLE JELG +C826;C826;110C 1166 11B1;C826;110C 1166 11B1; # (ì ¦; ì ¦; 젦; ì ¦; 젦; ) HANGUL SYLLABLE JELM +C827;C827;110C 1166 11B2;C827;110C 1166 11B2; # (ì §; ì §; 젧; ì §; 젧; ) HANGUL SYLLABLE JELB +C828;C828;110C 1166 11B3;C828;110C 1166 11B3; # (ì ¨; ì ¨; 젨; ì ¨; 젨; ) HANGUL SYLLABLE JELS +C829;C829;110C 1166 11B4;C829;110C 1166 11B4; # (ì ©; ì ©; 젩; ì ©; 젩; ) HANGUL SYLLABLE JELT +C82A;C82A;110C 1166 11B5;C82A;110C 1166 11B5; # (ì ª; ì ª; 젪; ì ª; 젪; ) HANGUL SYLLABLE JELP +C82B;C82B;110C 1166 11B6;C82B;110C 1166 11B6; # (ì «; ì «; 젫; ì «; 젫; ) HANGUL SYLLABLE JELH +C82C;C82C;110C 1166 11B7;C82C;110C 1166 11B7; # (ì ¬; ì ¬; 젬; ì ¬; 젬; ) HANGUL SYLLABLE JEM +C82D;C82D;110C 1166 11B8;C82D;110C 1166 11B8; # (ì ­; ì ­; 젭; ì ­; 젭; ) HANGUL SYLLABLE JEB +C82E;C82E;110C 1166 11B9;C82E;110C 1166 11B9; # (ì ®; ì ®; 젮; ì ®; 젮; ) HANGUL SYLLABLE JEBS +C82F;C82F;110C 1166 11BA;C82F;110C 1166 11BA; # (ì ¯; ì ¯; 젯; ì ¯; 젯; ) HANGUL SYLLABLE JES +C830;C830;110C 1166 11BB;C830;110C 1166 11BB; # (ì °; ì °; 젰; ì °; 젰; ) HANGUL SYLLABLE JESS +C831;C831;110C 1166 11BC;C831;110C 1166 11BC; # (ì ±; ì ±; 젱; ì ±; 젱; ) HANGUL SYLLABLE JENG +C832;C832;110C 1166 11BD;C832;110C 1166 11BD; # (ì ²; ì ²; 젲; ì ²; 젲; ) HANGUL SYLLABLE JEJ +C833;C833;110C 1166 11BE;C833;110C 1166 11BE; # (ì ³; ì ³; 젳; ì ³; 젳; ) HANGUL SYLLABLE JEC +C834;C834;110C 1166 11BF;C834;110C 1166 11BF; # (ì ´; ì ´; 젴; ì ´; 젴; ) HANGUL SYLLABLE JEK +C835;C835;110C 1166 11C0;C835;110C 1166 11C0; # (ì µ; ì µ; 젵; ì µ; 젵; ) HANGUL SYLLABLE JET +C836;C836;110C 1166 11C1;C836;110C 1166 11C1; # (ì ¶; ì ¶; 제á‡; ì ¶; 제á‡; ) HANGUL SYLLABLE JEP +C837;C837;110C 1166 11C2;C837;110C 1166 11C2; # (ì ·; ì ·; 젷; ì ·; 젷; ) HANGUL SYLLABLE JEH +C838;C838;110C 1167;C838;110C 1167; # (ì ¸; ì ¸; 져; ì ¸; 져; ) HANGUL SYLLABLE JYEO +C839;C839;110C 1167 11A8;C839;110C 1167 11A8; # (ì ¹; ì ¹; 젹; ì ¹; 젹; ) HANGUL SYLLABLE JYEOG +C83A;C83A;110C 1167 11A9;C83A;110C 1167 11A9; # (ì º; ì º; 젺; ì º; 젺; ) HANGUL SYLLABLE JYEOGG +C83B;C83B;110C 1167 11AA;C83B;110C 1167 11AA; # (ì »; ì »; 젻; ì »; 젻; ) HANGUL SYLLABLE JYEOGS +C83C;C83C;110C 1167 11AB;C83C;110C 1167 11AB; # (ì ¼; ì ¼; 젼; ì ¼; 젼; ) HANGUL SYLLABLE JYEON +C83D;C83D;110C 1167 11AC;C83D;110C 1167 11AC; # (ì ½; ì ½; 젽; ì ½; 젽; ) HANGUL SYLLABLE JYEONJ +C83E;C83E;110C 1167 11AD;C83E;110C 1167 11AD; # (ì ¾; ì ¾; 젾; ì ¾; 젾; ) HANGUL SYLLABLE JYEONH +C83F;C83F;110C 1167 11AE;C83F;110C 1167 11AE; # (ì ¿; ì ¿; 젿; ì ¿; 젿; ) HANGUL SYLLABLE JYEOD +C840;C840;110C 1167 11AF;C840;110C 1167 11AF; # (ì¡€; ì¡€; 졀; ì¡€; 졀; ) HANGUL SYLLABLE JYEOL +C841;C841;110C 1167 11B0;C841;110C 1167 11B0; # (ì¡; ì¡; 졁; ì¡; 졁; ) HANGUL SYLLABLE JYEOLG +C842;C842;110C 1167 11B1;C842;110C 1167 11B1; # (ì¡‚; ì¡‚; 졂; ì¡‚; 졂; ) HANGUL SYLLABLE JYEOLM +C843;C843;110C 1167 11B2;C843;110C 1167 11B2; # (졃; 졃; 졃; 졃; 졃; ) HANGUL SYLLABLE JYEOLB +C844;C844;110C 1167 11B3;C844;110C 1167 11B3; # (ì¡„; ì¡„; 졄; ì¡„; 졄; ) HANGUL SYLLABLE JYEOLS +C845;C845;110C 1167 11B4;C845;110C 1167 11B4; # (ì¡…; ì¡…; 졅; ì¡…; 졅; ) HANGUL SYLLABLE JYEOLT +C846;C846;110C 1167 11B5;C846;110C 1167 11B5; # (졆; 졆; 졆; 졆; 졆; ) HANGUL SYLLABLE JYEOLP +C847;C847;110C 1167 11B6;C847;110C 1167 11B6; # (졇; 졇; 졇; 졇; 졇; ) HANGUL SYLLABLE JYEOLH +C848;C848;110C 1167 11B7;C848;110C 1167 11B7; # (졈; 졈; 졈; 졈; 졈; ) HANGUL SYLLABLE JYEOM +C849;C849;110C 1167 11B8;C849;110C 1167 11B8; # (졉; 졉; 졉; 졉; 졉; ) HANGUL SYLLABLE JYEOB +C84A;C84A;110C 1167 11B9;C84A;110C 1167 11B9; # (ì¡Š; ì¡Š; 졊; ì¡Š; 졊; ) HANGUL SYLLABLE JYEOBS +C84B;C84B;110C 1167 11BA;C84B;110C 1167 11BA; # (ì¡‹; ì¡‹; 졋; ì¡‹; 졋; ) HANGUL SYLLABLE JYEOS +C84C;C84C;110C 1167 11BB;C84C;110C 1167 11BB; # (ì¡Œ; ì¡Œ; 졌; ì¡Œ; 졌; ) HANGUL SYLLABLE JYEOSS +C84D;C84D;110C 1167 11BC;C84D;110C 1167 11BC; # (ì¡; ì¡; 졍; ì¡; 졍; ) HANGUL SYLLABLE JYEONG +C84E;C84E;110C 1167 11BD;C84E;110C 1167 11BD; # (ì¡Ž; ì¡Ž; 졎; ì¡Ž; 졎; ) HANGUL SYLLABLE JYEOJ +C84F;C84F;110C 1167 11BE;C84F;110C 1167 11BE; # (ì¡; ì¡; 졏; ì¡; 졏; ) HANGUL SYLLABLE JYEOC +C850;C850;110C 1167 11BF;C850;110C 1167 11BF; # (ì¡; ì¡; 졐; ì¡; 졐; ) HANGUL SYLLABLE JYEOK +C851;C851;110C 1167 11C0;C851;110C 1167 11C0; # (ì¡‘; ì¡‘; 졑; ì¡‘; 졑; ) HANGUL SYLLABLE JYEOT +C852;C852;110C 1167 11C1;C852;110C 1167 11C1; # (ì¡’; ì¡’; 져á‡; ì¡’; 져á‡; ) HANGUL SYLLABLE JYEOP +C853;C853;110C 1167 11C2;C853;110C 1167 11C2; # (ì¡“; ì¡“; 졓; ì¡“; 졓; ) HANGUL SYLLABLE JYEOH +C854;C854;110C 1168;C854;110C 1168; # (ì¡”; ì¡”; 졔; ì¡”; 졔; ) HANGUL SYLLABLE JYE +C855;C855;110C 1168 11A8;C855;110C 1168 11A8; # (ì¡•; ì¡•; 졕; ì¡•; 졕; ) HANGUL SYLLABLE JYEG +C856;C856;110C 1168 11A9;C856;110C 1168 11A9; # (ì¡–; ì¡–; 졖; ì¡–; 졖; ) HANGUL SYLLABLE JYEGG +C857;C857;110C 1168 11AA;C857;110C 1168 11AA; # (ì¡—; ì¡—; 졗; ì¡—; 졗; ) HANGUL SYLLABLE JYEGS +C858;C858;110C 1168 11AB;C858;110C 1168 11AB; # (졘; 졘; 졘; 졘; 졘; ) HANGUL SYLLABLE JYEN +C859;C859;110C 1168 11AC;C859;110C 1168 11AC; # (ì¡™; ì¡™; 졙; ì¡™; 졙; ) HANGUL SYLLABLE JYENJ +C85A;C85A;110C 1168 11AD;C85A;110C 1168 11AD; # (ì¡š; ì¡š; 졚; ì¡š; 졚; ) HANGUL SYLLABLE JYENH +C85B;C85B;110C 1168 11AE;C85B;110C 1168 11AE; # (ì¡›; ì¡›; 졛; ì¡›; 졛; ) HANGUL SYLLABLE JYED +C85C;C85C;110C 1168 11AF;C85C;110C 1168 11AF; # (ì¡œ; ì¡œ; 졜; ì¡œ; 졜; ) HANGUL SYLLABLE JYEL +C85D;C85D;110C 1168 11B0;C85D;110C 1168 11B0; # (ì¡; ì¡; 졝; ì¡; 졝; ) HANGUL SYLLABLE JYELG +C85E;C85E;110C 1168 11B1;C85E;110C 1168 11B1; # (ì¡ž; ì¡ž; 졞; ì¡ž; 졞; ) HANGUL SYLLABLE JYELM +C85F;C85F;110C 1168 11B2;C85F;110C 1168 11B2; # (ì¡Ÿ; ì¡Ÿ; 졟; ì¡Ÿ; 졟; ) HANGUL SYLLABLE JYELB +C860;C860;110C 1168 11B3;C860;110C 1168 11B3; # (ì¡ ; ì¡ ; 졠; ì¡ ; 졠; ) HANGUL SYLLABLE JYELS +C861;C861;110C 1168 11B4;C861;110C 1168 11B4; # (ì¡¡; ì¡¡; 졡; ì¡¡; 졡; ) HANGUL SYLLABLE JYELT +C862;C862;110C 1168 11B5;C862;110C 1168 11B5; # (ì¡¢; ì¡¢; 졢; ì¡¢; 졢; ) HANGUL SYLLABLE JYELP +C863;C863;110C 1168 11B6;C863;110C 1168 11B6; # (ì¡£; ì¡£; 졣; ì¡£; 졣; ) HANGUL SYLLABLE JYELH +C864;C864;110C 1168 11B7;C864;110C 1168 11B7; # (졤; 졤; 졤; 졤; 졤; ) HANGUL SYLLABLE JYEM +C865;C865;110C 1168 11B8;C865;110C 1168 11B8; # (ì¡¥; ì¡¥; 졥; ì¡¥; 졥; ) HANGUL SYLLABLE JYEB +C866;C866;110C 1168 11B9;C866;110C 1168 11B9; # (졦; 졦; 졦; 졦; 졦; ) HANGUL SYLLABLE JYEBS +C867;C867;110C 1168 11BA;C867;110C 1168 11BA; # (졧; 졧; 졧; 졧; 졧; ) HANGUL SYLLABLE JYES +C868;C868;110C 1168 11BB;C868;110C 1168 11BB; # (졨; 졨; 졨; 졨; 졨; ) HANGUL SYLLABLE JYESS +C869;C869;110C 1168 11BC;C869;110C 1168 11BC; # (ì¡©; ì¡©; 졩; ì¡©; 졩; ) HANGUL SYLLABLE JYENG +C86A;C86A;110C 1168 11BD;C86A;110C 1168 11BD; # (졪; 졪; 졪; 졪; 졪; ) HANGUL SYLLABLE JYEJ +C86B;C86B;110C 1168 11BE;C86B;110C 1168 11BE; # (ì¡«; ì¡«; 졫; ì¡«; 졫; ) HANGUL SYLLABLE JYEC +C86C;C86C;110C 1168 11BF;C86C;110C 1168 11BF; # (졬; 졬; 졬; 졬; 졬; ) HANGUL SYLLABLE JYEK +C86D;C86D;110C 1168 11C0;C86D;110C 1168 11C0; # (ì¡­; ì¡­; 졭; ì¡­; 졭; ) HANGUL SYLLABLE JYET +C86E;C86E;110C 1168 11C1;C86E;110C 1168 11C1; # (ì¡®; ì¡®; 졔á‡; ì¡®; 졔á‡; ) HANGUL SYLLABLE JYEP +C86F;C86F;110C 1168 11C2;C86F;110C 1168 11C2; # (졯; 졯; 졯; 졯; 졯; ) HANGUL SYLLABLE JYEH +C870;C870;110C 1169;C870;110C 1169; # (ì¡°; ì¡°; 조; ì¡°; 조; ) HANGUL SYLLABLE JO +C871;C871;110C 1169 11A8;C871;110C 1169 11A8; # (족; 족; 족; 족; 족; ) HANGUL SYLLABLE JOG +C872;C872;110C 1169 11A9;C872;110C 1169 11A9; # (졲; 졲; 졲; 졲; 졲; ) HANGUL SYLLABLE JOGG +C873;C873;110C 1169 11AA;C873;110C 1169 11AA; # (졳; 졳; 졳; 졳; 졳; ) HANGUL SYLLABLE JOGS +C874;C874;110C 1169 11AB;C874;110C 1169 11AB; # (ì¡´; ì¡´; 존; ì¡´; 존; ) HANGUL SYLLABLE JON +C875;C875;110C 1169 11AC;C875;110C 1169 11AC; # (졵; 졵; 졵; 졵; 졵; ) HANGUL SYLLABLE JONJ +C876;C876;110C 1169 11AD;C876;110C 1169 11AD; # (졶; 졶; 졶; 졶; 졶; ) HANGUL SYLLABLE JONH +C877;C877;110C 1169 11AE;C877;110C 1169 11AE; # (ì¡·; ì¡·; 졷; ì¡·; 졷; ) HANGUL SYLLABLE JOD +C878;C878;110C 1169 11AF;C878;110C 1169 11AF; # (졸; 졸; 졸; 졸; 졸; ) HANGUL SYLLABLE JOL +C879;C879;110C 1169 11B0;C879;110C 1169 11B0; # (졹; 졹; 졹; 졹; 졹; ) HANGUL SYLLABLE JOLG +C87A;C87A;110C 1169 11B1;C87A;110C 1169 11B1; # (졺; 졺; 졺; 졺; 졺; ) HANGUL SYLLABLE JOLM +C87B;C87B;110C 1169 11B2;C87B;110C 1169 11B2; # (ì¡»; ì¡»; 졻; ì¡»; 졻; ) HANGUL SYLLABLE JOLB +C87C;C87C;110C 1169 11B3;C87C;110C 1169 11B3; # (졼; 졼; 졼; 졼; 졼; ) HANGUL SYLLABLE JOLS +C87D;C87D;110C 1169 11B4;C87D;110C 1169 11B4; # (졽; 졽; 졽; 졽; 졽; ) HANGUL SYLLABLE JOLT +C87E;C87E;110C 1169 11B5;C87E;110C 1169 11B5; # (졾; 졾; 졾; 졾; 졾; ) HANGUL SYLLABLE JOLP +C87F;C87F;110C 1169 11B6;C87F;110C 1169 11B6; # (ì¡¿; ì¡¿; 졿; ì¡¿; 졿; ) HANGUL SYLLABLE JOLH +C880;C880;110C 1169 11B7;C880;110C 1169 11B7; # (좀; 좀; 좀; 좀; 좀; ) HANGUL SYLLABLE JOM +C881;C881;110C 1169 11B8;C881;110C 1169 11B8; # (ì¢; ì¢; 좁; ì¢; 좁; ) HANGUL SYLLABLE JOB +C882;C882;110C 1169 11B9;C882;110C 1169 11B9; # (좂; 좂; 좂; 좂; 좂; ) HANGUL SYLLABLE JOBS +C883;C883;110C 1169 11BA;C883;110C 1169 11BA; # (좃; 좃; 좃; 좃; 좃; ) HANGUL SYLLABLE JOS +C884;C884;110C 1169 11BB;C884;110C 1169 11BB; # (좄; 좄; 좄; 좄; 좄; ) HANGUL SYLLABLE JOSS +C885;C885;110C 1169 11BC;C885;110C 1169 11BC; # (종; 종; 종; 종; 종; ) HANGUL SYLLABLE JONG +C886;C886;110C 1169 11BD;C886;110C 1169 11BD; # (좆; 좆; 좆; 좆; 좆; ) HANGUL SYLLABLE JOJ +C887;C887;110C 1169 11BE;C887;110C 1169 11BE; # (좇; 좇; 좇; 좇; 좇; ) HANGUL SYLLABLE JOC +C888;C888;110C 1169 11BF;C888;110C 1169 11BF; # (좈; 좈; 좈; 좈; 좈; ) HANGUL SYLLABLE JOK +C889;C889;110C 1169 11C0;C889;110C 1169 11C0; # (좉; 좉; 좉; 좉; 좉; ) HANGUL SYLLABLE JOT +C88A;C88A;110C 1169 11C1;C88A;110C 1169 11C1; # (좊; 좊; 조á‡; 좊; 조á‡; ) HANGUL SYLLABLE JOP +C88B;C88B;110C 1169 11C2;C88B;110C 1169 11C2; # (좋; 좋; 좋; 좋; 좋; ) HANGUL SYLLABLE JOH +C88C;C88C;110C 116A;C88C;110C 116A; # (좌; 좌; 좌; 좌; 좌; ) HANGUL SYLLABLE JWA +C88D;C88D;110C 116A 11A8;C88D;110C 116A 11A8; # (ì¢; ì¢; 좍; ì¢; 좍; ) HANGUL SYLLABLE JWAG +C88E;C88E;110C 116A 11A9;C88E;110C 116A 11A9; # (좎; 좎; 좎; 좎; 좎; ) HANGUL SYLLABLE JWAGG +C88F;C88F;110C 116A 11AA;C88F;110C 116A 11AA; # (ì¢; ì¢; 좏; ì¢; 좏; ) HANGUL SYLLABLE JWAGS +C890;C890;110C 116A 11AB;C890;110C 116A 11AB; # (ì¢; ì¢; 좐; ì¢; 좐; ) HANGUL SYLLABLE JWAN +C891;C891;110C 116A 11AC;C891;110C 116A 11AC; # (좑; 좑; 좑; 좑; 좑; ) HANGUL SYLLABLE JWANJ +C892;C892;110C 116A 11AD;C892;110C 116A 11AD; # (좒; 좒; 좒; 좒; 좒; ) HANGUL SYLLABLE JWANH +C893;C893;110C 116A 11AE;C893;110C 116A 11AE; # (좓; 좓; 좓; 좓; 좓; ) HANGUL SYLLABLE JWAD +C894;C894;110C 116A 11AF;C894;110C 116A 11AF; # (좔; 좔; 좔; 좔; 좔; ) HANGUL SYLLABLE JWAL +C895;C895;110C 116A 11B0;C895;110C 116A 11B0; # (좕; 좕; 좕; 좕; 좕; ) HANGUL SYLLABLE JWALG +C896;C896;110C 116A 11B1;C896;110C 116A 11B1; # (좖; 좖; 좖; 좖; 좖; ) HANGUL SYLLABLE JWALM +C897;C897;110C 116A 11B2;C897;110C 116A 11B2; # (좗; 좗; 좗; 좗; 좗; ) HANGUL SYLLABLE JWALB +C898;C898;110C 116A 11B3;C898;110C 116A 11B3; # (좘; 좘; 좘; 좘; 좘; ) HANGUL SYLLABLE JWALS +C899;C899;110C 116A 11B4;C899;110C 116A 11B4; # (좙; 좙; 좙; 좙; 좙; ) HANGUL SYLLABLE JWALT +C89A;C89A;110C 116A 11B5;C89A;110C 116A 11B5; # (좚; 좚; 좚; 좚; 좚; ) HANGUL SYLLABLE JWALP +C89B;C89B;110C 116A 11B6;C89B;110C 116A 11B6; # (좛; 좛; 좛; 좛; 좛; ) HANGUL SYLLABLE JWALH +C89C;C89C;110C 116A 11B7;C89C;110C 116A 11B7; # (좜; 좜; 좜; 좜; 좜; ) HANGUL SYLLABLE JWAM +C89D;C89D;110C 116A 11B8;C89D;110C 116A 11B8; # (ì¢; ì¢; 좝; ì¢; 좝; ) HANGUL SYLLABLE JWAB +C89E;C89E;110C 116A 11B9;C89E;110C 116A 11B9; # (좞; 좞; 좞; 좞; 좞; ) HANGUL SYLLABLE JWABS +C89F;C89F;110C 116A 11BA;C89F;110C 116A 11BA; # (좟; 좟; 좟; 좟; 좟; ) HANGUL SYLLABLE JWAS +C8A0;C8A0;110C 116A 11BB;C8A0;110C 116A 11BB; # (좠; 좠; 좠; 좠; 좠; ) HANGUL SYLLABLE JWASS +C8A1;C8A1;110C 116A 11BC;C8A1;110C 116A 11BC; # (좡; 좡; 좡; 좡; 좡; ) HANGUL SYLLABLE JWANG +C8A2;C8A2;110C 116A 11BD;C8A2;110C 116A 11BD; # (좢; 좢; 좢; 좢; 좢; ) HANGUL SYLLABLE JWAJ +C8A3;C8A3;110C 116A 11BE;C8A3;110C 116A 11BE; # (좣; 좣; 좣; 좣; 좣; ) HANGUL SYLLABLE JWAC +C8A4;C8A4;110C 116A 11BF;C8A4;110C 116A 11BF; # (좤; 좤; 좤; 좤; 좤; ) HANGUL SYLLABLE JWAK +C8A5;C8A5;110C 116A 11C0;C8A5;110C 116A 11C0; # (좥; 좥; 좥; 좥; 좥; ) HANGUL SYLLABLE JWAT +C8A6;C8A6;110C 116A 11C1;C8A6;110C 116A 11C1; # (좦; 좦; 좌á‡; 좦; 좌á‡; ) HANGUL SYLLABLE JWAP +C8A7;C8A7;110C 116A 11C2;C8A7;110C 116A 11C2; # (좧; 좧; 좧; 좧; 좧; ) HANGUL SYLLABLE JWAH +C8A8;C8A8;110C 116B;C8A8;110C 116B; # (좨; 좨; 좨; 좨; 좨; ) HANGUL SYLLABLE JWAE +C8A9;C8A9;110C 116B 11A8;C8A9;110C 116B 11A8; # (좩; 좩; 좩; 좩; 좩; ) HANGUL SYLLABLE JWAEG +C8AA;C8AA;110C 116B 11A9;C8AA;110C 116B 11A9; # (좪; 좪; 좪; 좪; 좪; ) HANGUL SYLLABLE JWAEGG +C8AB;C8AB;110C 116B 11AA;C8AB;110C 116B 11AA; # (좫; 좫; 좫; 좫; 좫; ) HANGUL SYLLABLE JWAEGS +C8AC;C8AC;110C 116B 11AB;C8AC;110C 116B 11AB; # (좬; 좬; 좬; 좬; 좬; ) HANGUL SYLLABLE JWAEN +C8AD;C8AD;110C 116B 11AC;C8AD;110C 116B 11AC; # (좭; 좭; 좭; 좭; 좭; ) HANGUL SYLLABLE JWAENJ +C8AE;C8AE;110C 116B 11AD;C8AE;110C 116B 11AD; # (좮; 좮; 좮; 좮; 좮; ) HANGUL SYLLABLE JWAENH +C8AF;C8AF;110C 116B 11AE;C8AF;110C 116B 11AE; # (좯; 좯; 좯; 좯; 좯; ) HANGUL SYLLABLE JWAED +C8B0;C8B0;110C 116B 11AF;C8B0;110C 116B 11AF; # (좰; 좰; 좰; 좰; 좰; ) HANGUL SYLLABLE JWAEL +C8B1;C8B1;110C 116B 11B0;C8B1;110C 116B 11B0; # (좱; 좱; 좱; 좱; 좱; ) HANGUL SYLLABLE JWAELG +C8B2;C8B2;110C 116B 11B1;C8B2;110C 116B 11B1; # (좲; 좲; 좲; 좲; 좲; ) HANGUL SYLLABLE JWAELM +C8B3;C8B3;110C 116B 11B2;C8B3;110C 116B 11B2; # (좳; 좳; 좳; 좳; 좳; ) HANGUL SYLLABLE JWAELB +C8B4;C8B4;110C 116B 11B3;C8B4;110C 116B 11B3; # (좴; 좴; 좴; 좴; 좴; ) HANGUL SYLLABLE JWAELS +C8B5;C8B5;110C 116B 11B4;C8B5;110C 116B 11B4; # (좵; 좵; 좵; 좵; 좵; ) HANGUL SYLLABLE JWAELT +C8B6;C8B6;110C 116B 11B5;C8B6;110C 116B 11B5; # (좶; 좶; 좶; 좶; 좶; ) HANGUL SYLLABLE JWAELP +C8B7;C8B7;110C 116B 11B6;C8B7;110C 116B 11B6; # (좷; 좷; 좷; 좷; 좷; ) HANGUL SYLLABLE JWAELH +C8B8;C8B8;110C 116B 11B7;C8B8;110C 116B 11B7; # (좸; 좸; 좸; 좸; 좸; ) HANGUL SYLLABLE JWAEM +C8B9;C8B9;110C 116B 11B8;C8B9;110C 116B 11B8; # (좹; 좹; 좹; 좹; 좹; ) HANGUL SYLLABLE JWAEB +C8BA;C8BA;110C 116B 11B9;C8BA;110C 116B 11B9; # (좺; 좺; 좺; 좺; 좺; ) HANGUL SYLLABLE JWAEBS +C8BB;C8BB;110C 116B 11BA;C8BB;110C 116B 11BA; # (좻; 좻; 좻; 좻; 좻; ) HANGUL SYLLABLE JWAES +C8BC;C8BC;110C 116B 11BB;C8BC;110C 116B 11BB; # (좼; 좼; 좼; 좼; 좼; ) HANGUL SYLLABLE JWAESS +C8BD;C8BD;110C 116B 11BC;C8BD;110C 116B 11BC; # (좽; 좽; 좽; 좽; 좽; ) HANGUL SYLLABLE JWAENG +C8BE;C8BE;110C 116B 11BD;C8BE;110C 116B 11BD; # (좾; 좾; 좾; 좾; 좾; ) HANGUL SYLLABLE JWAEJ +C8BF;C8BF;110C 116B 11BE;C8BF;110C 116B 11BE; # (좿; 좿; 좿; 좿; 좿; ) HANGUL SYLLABLE JWAEC +C8C0;C8C0;110C 116B 11BF;C8C0;110C 116B 11BF; # (죀; 죀; 죀; 죀; 죀; ) HANGUL SYLLABLE JWAEK +C8C1;C8C1;110C 116B 11C0;C8C1;110C 116B 11C0; # (ì£; ì£; 죁; ì£; 죁; ) HANGUL SYLLABLE JWAET +C8C2;C8C2;110C 116B 11C1;C8C2;110C 116B 11C1; # (죂; 죂; 좨á‡; 죂; 좨á‡; ) HANGUL SYLLABLE JWAEP +C8C3;C8C3;110C 116B 11C2;C8C3;110C 116B 11C2; # (죃; 죃; 죃; 죃; 죃; ) HANGUL SYLLABLE JWAEH +C8C4;C8C4;110C 116C;C8C4;110C 116C; # (죄; 죄; 죄; 죄; 죄; ) HANGUL SYLLABLE JOE +C8C5;C8C5;110C 116C 11A8;C8C5;110C 116C 11A8; # (죅; 죅; 죅; 죅; 죅; ) HANGUL SYLLABLE JOEG +C8C6;C8C6;110C 116C 11A9;C8C6;110C 116C 11A9; # (죆; 죆; 죆; 죆; 죆; ) HANGUL SYLLABLE JOEGG +C8C7;C8C7;110C 116C 11AA;C8C7;110C 116C 11AA; # (죇; 죇; 죇; 죇; 죇; ) HANGUL SYLLABLE JOEGS +C8C8;C8C8;110C 116C 11AB;C8C8;110C 116C 11AB; # (죈; 죈; 죈; 죈; 죈; ) HANGUL SYLLABLE JOEN +C8C9;C8C9;110C 116C 11AC;C8C9;110C 116C 11AC; # (죉; 죉; 죉; 죉; 죉; ) HANGUL SYLLABLE JOENJ +C8CA;C8CA;110C 116C 11AD;C8CA;110C 116C 11AD; # (죊; 죊; 죊; 죊; 죊; ) HANGUL SYLLABLE JOENH +C8CB;C8CB;110C 116C 11AE;C8CB;110C 116C 11AE; # (죋; 죋; 죋; 죋; 죋; ) HANGUL SYLLABLE JOED +C8CC;C8CC;110C 116C 11AF;C8CC;110C 116C 11AF; # (죌; 죌; 죌; 죌; 죌; ) HANGUL SYLLABLE JOEL +C8CD;C8CD;110C 116C 11B0;C8CD;110C 116C 11B0; # (ì£; ì£; 죍; ì£; 죍; ) HANGUL SYLLABLE JOELG +C8CE;C8CE;110C 116C 11B1;C8CE;110C 116C 11B1; # (죎; 죎; 죎; 죎; 죎; ) HANGUL SYLLABLE JOELM +C8CF;C8CF;110C 116C 11B2;C8CF;110C 116C 11B2; # (ì£; ì£; 죏; ì£; 죏; ) HANGUL SYLLABLE JOELB +C8D0;C8D0;110C 116C 11B3;C8D0;110C 116C 11B3; # (ì£; ì£; 죐; ì£; 죐; ) HANGUL SYLLABLE JOELS +C8D1;C8D1;110C 116C 11B4;C8D1;110C 116C 11B4; # (죑; 죑; 죑; 죑; 죑; ) HANGUL SYLLABLE JOELT +C8D2;C8D2;110C 116C 11B5;C8D2;110C 116C 11B5; # (죒; 죒; 죒; 죒; 죒; ) HANGUL SYLLABLE JOELP +C8D3;C8D3;110C 116C 11B6;C8D3;110C 116C 11B6; # (죓; 죓; 죓; 죓; 죓; ) HANGUL SYLLABLE JOELH +C8D4;C8D4;110C 116C 11B7;C8D4;110C 116C 11B7; # (죔; 죔; 죔; 죔; 죔; ) HANGUL SYLLABLE JOEM +C8D5;C8D5;110C 116C 11B8;C8D5;110C 116C 11B8; # (죕; 죕; 죕; 죕; 죕; ) HANGUL SYLLABLE JOEB +C8D6;C8D6;110C 116C 11B9;C8D6;110C 116C 11B9; # (죖; 죖; 죖; 죖; 죖; ) HANGUL SYLLABLE JOEBS +C8D7;C8D7;110C 116C 11BA;C8D7;110C 116C 11BA; # (죗; 죗; 죗; 죗; 죗; ) HANGUL SYLLABLE JOES +C8D8;C8D8;110C 116C 11BB;C8D8;110C 116C 11BB; # (죘; 죘; 죘; 죘; 죘; ) HANGUL SYLLABLE JOESS +C8D9;C8D9;110C 116C 11BC;C8D9;110C 116C 11BC; # (죙; 죙; 죙; 죙; 죙; ) HANGUL SYLLABLE JOENG +C8DA;C8DA;110C 116C 11BD;C8DA;110C 116C 11BD; # (죚; 죚; 죚; 죚; 죚; ) HANGUL SYLLABLE JOEJ +C8DB;C8DB;110C 116C 11BE;C8DB;110C 116C 11BE; # (죛; 죛; 죛; 죛; 죛; ) HANGUL SYLLABLE JOEC +C8DC;C8DC;110C 116C 11BF;C8DC;110C 116C 11BF; # (죜; 죜; 죜; 죜; 죜; ) HANGUL SYLLABLE JOEK +C8DD;C8DD;110C 116C 11C0;C8DD;110C 116C 11C0; # (ì£; ì£; 죝; ì£; 죝; ) HANGUL SYLLABLE JOET +C8DE;C8DE;110C 116C 11C1;C8DE;110C 116C 11C1; # (죞; 죞; 죄á‡; 죞; 죄á‡; ) HANGUL SYLLABLE JOEP +C8DF;C8DF;110C 116C 11C2;C8DF;110C 116C 11C2; # (죟; 죟; 죟; 죟; 죟; ) HANGUL SYLLABLE JOEH +C8E0;C8E0;110C 116D;C8E0;110C 116D; # (죠; 죠; 죠; 죠; 죠; ) HANGUL SYLLABLE JYO +C8E1;C8E1;110C 116D 11A8;C8E1;110C 116D 11A8; # (죡; 죡; 죡; 죡; 죡; ) HANGUL SYLLABLE JYOG +C8E2;C8E2;110C 116D 11A9;C8E2;110C 116D 11A9; # (죢; 죢; 죢; 죢; 죢; ) HANGUL SYLLABLE JYOGG +C8E3;C8E3;110C 116D 11AA;C8E3;110C 116D 11AA; # (죣; 죣; 죣; 죣; 죣; ) HANGUL SYLLABLE JYOGS +C8E4;C8E4;110C 116D 11AB;C8E4;110C 116D 11AB; # (죤; 죤; 죤; 죤; 죤; ) HANGUL SYLLABLE JYON +C8E5;C8E5;110C 116D 11AC;C8E5;110C 116D 11AC; # (죥; 죥; 죥; 죥; 죥; ) HANGUL SYLLABLE JYONJ +C8E6;C8E6;110C 116D 11AD;C8E6;110C 116D 11AD; # (죦; 죦; 죦; 죦; 죦; ) HANGUL SYLLABLE JYONH +C8E7;C8E7;110C 116D 11AE;C8E7;110C 116D 11AE; # (죧; 죧; 죧; 죧; 죧; ) HANGUL SYLLABLE JYOD +C8E8;C8E8;110C 116D 11AF;C8E8;110C 116D 11AF; # (죨; 죨; 죨; 죨; 죨; ) HANGUL SYLLABLE JYOL +C8E9;C8E9;110C 116D 11B0;C8E9;110C 116D 11B0; # (죩; 죩; 죩; 죩; 죩; ) HANGUL SYLLABLE JYOLG +C8EA;C8EA;110C 116D 11B1;C8EA;110C 116D 11B1; # (죪; 죪; 죪; 죪; 죪; ) HANGUL SYLLABLE JYOLM +C8EB;C8EB;110C 116D 11B2;C8EB;110C 116D 11B2; # (죫; 죫; 죫; 죫; 죫; ) HANGUL SYLLABLE JYOLB +C8EC;C8EC;110C 116D 11B3;C8EC;110C 116D 11B3; # (죬; 죬; 죬; 죬; 죬; ) HANGUL SYLLABLE JYOLS +C8ED;C8ED;110C 116D 11B4;C8ED;110C 116D 11B4; # (죭; 죭; 죭; 죭; 죭; ) HANGUL SYLLABLE JYOLT +C8EE;C8EE;110C 116D 11B5;C8EE;110C 116D 11B5; # (죮; 죮; 죮; 죮; 죮; ) HANGUL SYLLABLE JYOLP +C8EF;C8EF;110C 116D 11B6;C8EF;110C 116D 11B6; # (죯; 죯; 죯; 죯; 죯; ) HANGUL SYLLABLE JYOLH +C8F0;C8F0;110C 116D 11B7;C8F0;110C 116D 11B7; # (죰; 죰; 죰; 죰; 죰; ) HANGUL SYLLABLE JYOM +C8F1;C8F1;110C 116D 11B8;C8F1;110C 116D 11B8; # (죱; 죱; 죱; 죱; 죱; ) HANGUL SYLLABLE JYOB +C8F2;C8F2;110C 116D 11B9;C8F2;110C 116D 11B9; # (죲; 죲; 죲; 죲; 죲; ) HANGUL SYLLABLE JYOBS +C8F3;C8F3;110C 116D 11BA;C8F3;110C 116D 11BA; # (죳; 죳; 죳; 죳; 죳; ) HANGUL SYLLABLE JYOS +C8F4;C8F4;110C 116D 11BB;C8F4;110C 116D 11BB; # (죴; 죴; 죴; 죴; 죴; ) HANGUL SYLLABLE JYOSS +C8F5;C8F5;110C 116D 11BC;C8F5;110C 116D 11BC; # (죵; 죵; 죵; 죵; 죵; ) HANGUL SYLLABLE JYONG +C8F6;C8F6;110C 116D 11BD;C8F6;110C 116D 11BD; # (죶; 죶; 죶; 죶; 죶; ) HANGUL SYLLABLE JYOJ +C8F7;C8F7;110C 116D 11BE;C8F7;110C 116D 11BE; # (죷; 죷; 죷; 죷; 죷; ) HANGUL SYLLABLE JYOC +C8F8;C8F8;110C 116D 11BF;C8F8;110C 116D 11BF; # (죸; 죸; 죸; 죸; 죸; ) HANGUL SYLLABLE JYOK +C8F9;C8F9;110C 116D 11C0;C8F9;110C 116D 11C0; # (죹; 죹; 죹; 죹; 죹; ) HANGUL SYLLABLE JYOT +C8FA;C8FA;110C 116D 11C1;C8FA;110C 116D 11C1; # (죺; 죺; 죠á‡; 죺; 죠á‡; ) HANGUL SYLLABLE JYOP +C8FB;C8FB;110C 116D 11C2;C8FB;110C 116D 11C2; # (죻; 죻; 죻; 죻; 죻; ) HANGUL SYLLABLE JYOH +C8FC;C8FC;110C 116E;C8FC;110C 116E; # (주; 주; 주; 주; 주; ) HANGUL SYLLABLE JU +C8FD;C8FD;110C 116E 11A8;C8FD;110C 116E 11A8; # (죽; 죽; 죽; 죽; 죽; ) HANGUL SYLLABLE JUG +C8FE;C8FE;110C 116E 11A9;C8FE;110C 116E 11A9; # (죾; 죾; 죾; 죾; 죾; ) HANGUL SYLLABLE JUGG +C8FF;C8FF;110C 116E 11AA;C8FF;110C 116E 11AA; # (죿; 죿; 죿; 죿; 죿; ) HANGUL SYLLABLE JUGS +C900;C900;110C 116E 11AB;C900;110C 116E 11AB; # (준; 준; 준; 준; 준; ) HANGUL SYLLABLE JUN +C901;C901;110C 116E 11AC;C901;110C 116E 11AC; # (ì¤; ì¤; 줁; ì¤; 줁; ) HANGUL SYLLABLE JUNJ +C902;C902;110C 116E 11AD;C902;110C 116E 11AD; # (줂; 줂; 줂; 줂; 줂; ) HANGUL SYLLABLE JUNH +C903;C903;110C 116E 11AE;C903;110C 116E 11AE; # (줃; 줃; 줃; 줃; 줃; ) HANGUL SYLLABLE JUD +C904;C904;110C 116E 11AF;C904;110C 116E 11AF; # (줄; 줄; 줄; 줄; 줄; ) HANGUL SYLLABLE JUL +C905;C905;110C 116E 11B0;C905;110C 116E 11B0; # (줅; 줅; 줅; 줅; 줅; ) HANGUL SYLLABLE JULG +C906;C906;110C 116E 11B1;C906;110C 116E 11B1; # (줆; 줆; 줆; 줆; 줆; ) HANGUL SYLLABLE JULM +C907;C907;110C 116E 11B2;C907;110C 116E 11B2; # (줇; 줇; 줇; 줇; 줇; ) HANGUL SYLLABLE JULB +C908;C908;110C 116E 11B3;C908;110C 116E 11B3; # (줈; 줈; 줈; 줈; 줈; ) HANGUL SYLLABLE JULS +C909;C909;110C 116E 11B4;C909;110C 116E 11B4; # (줉; 줉; 줉; 줉; 줉; ) HANGUL SYLLABLE JULT +C90A;C90A;110C 116E 11B5;C90A;110C 116E 11B5; # (줊; 줊; 줊; 줊; 줊; ) HANGUL SYLLABLE JULP +C90B;C90B;110C 116E 11B6;C90B;110C 116E 11B6; # (줋; 줋; 줋; 줋; 줋; ) HANGUL SYLLABLE JULH +C90C;C90C;110C 116E 11B7;C90C;110C 116E 11B7; # (줌; 줌; 줌; 줌; 줌; ) HANGUL SYLLABLE JUM +C90D;C90D;110C 116E 11B8;C90D;110C 116E 11B8; # (ì¤; ì¤; 줍; ì¤; 줍; ) HANGUL SYLLABLE JUB +C90E;C90E;110C 116E 11B9;C90E;110C 116E 11B9; # (줎; 줎; 줎; 줎; 줎; ) HANGUL SYLLABLE JUBS +C90F;C90F;110C 116E 11BA;C90F;110C 116E 11BA; # (ì¤; ì¤; 줏; ì¤; 줏; ) HANGUL SYLLABLE JUS +C910;C910;110C 116E 11BB;C910;110C 116E 11BB; # (ì¤; ì¤; 줐; ì¤; 줐; ) HANGUL SYLLABLE JUSS +C911;C911;110C 116E 11BC;C911;110C 116E 11BC; # (중; 중; 중; 중; 중; ) HANGUL SYLLABLE JUNG +C912;C912;110C 116E 11BD;C912;110C 116E 11BD; # (줒; 줒; 줒; 줒; 줒; ) HANGUL SYLLABLE JUJ +C913;C913;110C 116E 11BE;C913;110C 116E 11BE; # (줓; 줓; 줓; 줓; 줓; ) HANGUL SYLLABLE JUC +C914;C914;110C 116E 11BF;C914;110C 116E 11BF; # (줔; 줔; 줔; 줔; 줔; ) HANGUL SYLLABLE JUK +C915;C915;110C 116E 11C0;C915;110C 116E 11C0; # (줕; 줕; 줕; 줕; 줕; ) HANGUL SYLLABLE JUT +C916;C916;110C 116E 11C1;C916;110C 116E 11C1; # (줖; 줖; 주á‡; 줖; 주á‡; ) HANGUL SYLLABLE JUP +C917;C917;110C 116E 11C2;C917;110C 116E 11C2; # (줗; 줗; 줗; 줗; 줗; ) HANGUL SYLLABLE JUH +C918;C918;110C 116F;C918;110C 116F; # (줘; 줘; 줘; 줘; 줘; ) HANGUL SYLLABLE JWEO +C919;C919;110C 116F 11A8;C919;110C 116F 11A8; # (줙; 줙; 줙; 줙; 줙; ) HANGUL SYLLABLE JWEOG +C91A;C91A;110C 116F 11A9;C91A;110C 116F 11A9; # (줚; 줚; 줚; 줚; 줚; ) HANGUL SYLLABLE JWEOGG +C91B;C91B;110C 116F 11AA;C91B;110C 116F 11AA; # (줛; 줛; 줛; 줛; 줛; ) HANGUL SYLLABLE JWEOGS +C91C;C91C;110C 116F 11AB;C91C;110C 116F 11AB; # (줜; 줜; 줜; 줜; 줜; ) HANGUL SYLLABLE JWEON +C91D;C91D;110C 116F 11AC;C91D;110C 116F 11AC; # (ì¤; ì¤; 줝; ì¤; 줝; ) HANGUL SYLLABLE JWEONJ +C91E;C91E;110C 116F 11AD;C91E;110C 116F 11AD; # (줞; 줞; 줞; 줞; 줞; ) HANGUL SYLLABLE JWEONH +C91F;C91F;110C 116F 11AE;C91F;110C 116F 11AE; # (줟; 줟; 줟; 줟; 줟; ) HANGUL SYLLABLE JWEOD +C920;C920;110C 116F 11AF;C920;110C 116F 11AF; # (줠; 줠; 줠; 줠; 줠; ) HANGUL SYLLABLE JWEOL +C921;C921;110C 116F 11B0;C921;110C 116F 11B0; # (줡; 줡; 줡; 줡; 줡; ) HANGUL SYLLABLE JWEOLG +C922;C922;110C 116F 11B1;C922;110C 116F 11B1; # (줢; 줢; 줢; 줢; 줢; ) HANGUL SYLLABLE JWEOLM +C923;C923;110C 116F 11B2;C923;110C 116F 11B2; # (줣; 줣; 줣; 줣; 줣; ) HANGUL SYLLABLE JWEOLB +C924;C924;110C 116F 11B3;C924;110C 116F 11B3; # (줤; 줤; 줤; 줤; 줤; ) HANGUL SYLLABLE JWEOLS +C925;C925;110C 116F 11B4;C925;110C 116F 11B4; # (줥; 줥; 줥; 줥; 줥; ) HANGUL SYLLABLE JWEOLT +C926;C926;110C 116F 11B5;C926;110C 116F 11B5; # (줦; 줦; 줦; 줦; 줦; ) HANGUL SYLLABLE JWEOLP +C927;C927;110C 116F 11B6;C927;110C 116F 11B6; # (줧; 줧; 줧; 줧; 줧; ) HANGUL SYLLABLE JWEOLH +C928;C928;110C 116F 11B7;C928;110C 116F 11B7; # (줨; 줨; 줨; 줨; 줨; ) HANGUL SYLLABLE JWEOM +C929;C929;110C 116F 11B8;C929;110C 116F 11B8; # (줩; 줩; 줩; 줩; 줩; ) HANGUL SYLLABLE JWEOB +C92A;C92A;110C 116F 11B9;C92A;110C 116F 11B9; # (줪; 줪; 줪; 줪; 줪; ) HANGUL SYLLABLE JWEOBS +C92B;C92B;110C 116F 11BA;C92B;110C 116F 11BA; # (줫; 줫; 줫; 줫; 줫; ) HANGUL SYLLABLE JWEOS +C92C;C92C;110C 116F 11BB;C92C;110C 116F 11BB; # (줬; 줬; 줬; 줬; 줬; ) HANGUL SYLLABLE JWEOSS +C92D;C92D;110C 116F 11BC;C92D;110C 116F 11BC; # (줭; 줭; 줭; 줭; 줭; ) HANGUL SYLLABLE JWEONG +C92E;C92E;110C 116F 11BD;C92E;110C 116F 11BD; # (줮; 줮; 줮; 줮; 줮; ) HANGUL SYLLABLE JWEOJ +C92F;C92F;110C 116F 11BE;C92F;110C 116F 11BE; # (줯; 줯; 줯; 줯; 줯; ) HANGUL SYLLABLE JWEOC +C930;C930;110C 116F 11BF;C930;110C 116F 11BF; # (줰; 줰; 줰; 줰; 줰; ) HANGUL SYLLABLE JWEOK +C931;C931;110C 116F 11C0;C931;110C 116F 11C0; # (줱; 줱; 줱; 줱; 줱; ) HANGUL SYLLABLE JWEOT +C932;C932;110C 116F 11C1;C932;110C 116F 11C1; # (줲; 줲; 줘á‡; 줲; 줘á‡; ) HANGUL SYLLABLE JWEOP +C933;C933;110C 116F 11C2;C933;110C 116F 11C2; # (줳; 줳; 줳; 줳; 줳; ) HANGUL SYLLABLE JWEOH +C934;C934;110C 1170;C934;110C 1170; # (줴; 줴; 줴; 줴; 줴; ) HANGUL SYLLABLE JWE +C935;C935;110C 1170 11A8;C935;110C 1170 11A8; # (줵; 줵; 줵; 줵; 줵; ) HANGUL SYLLABLE JWEG +C936;C936;110C 1170 11A9;C936;110C 1170 11A9; # (줶; 줶; 줶; 줶; 줶; ) HANGUL SYLLABLE JWEGG +C937;C937;110C 1170 11AA;C937;110C 1170 11AA; # (줷; 줷; 줷; 줷; 줷; ) HANGUL SYLLABLE JWEGS +C938;C938;110C 1170 11AB;C938;110C 1170 11AB; # (줸; 줸; 줸; 줸; 줸; ) HANGUL SYLLABLE JWEN +C939;C939;110C 1170 11AC;C939;110C 1170 11AC; # (줹; 줹; 줹; 줹; 줹; ) HANGUL SYLLABLE JWENJ +C93A;C93A;110C 1170 11AD;C93A;110C 1170 11AD; # (줺; 줺; 줺; 줺; 줺; ) HANGUL SYLLABLE JWENH +C93B;C93B;110C 1170 11AE;C93B;110C 1170 11AE; # (줻; 줻; 줻; 줻; 줻; ) HANGUL SYLLABLE JWED +C93C;C93C;110C 1170 11AF;C93C;110C 1170 11AF; # (줼; 줼; 줼; 줼; 줼; ) HANGUL SYLLABLE JWEL +C93D;C93D;110C 1170 11B0;C93D;110C 1170 11B0; # (줽; 줽; 줽; 줽; 줽; ) HANGUL SYLLABLE JWELG +C93E;C93E;110C 1170 11B1;C93E;110C 1170 11B1; # (줾; 줾; 줾; 줾; 줾; ) HANGUL SYLLABLE JWELM +C93F;C93F;110C 1170 11B2;C93F;110C 1170 11B2; # (줿; 줿; 줿; 줿; 줿; ) HANGUL SYLLABLE JWELB +C940;C940;110C 1170 11B3;C940;110C 1170 11B3; # (쥀; 쥀; 쥀; 쥀; 쥀; ) HANGUL SYLLABLE JWELS +C941;C941;110C 1170 11B4;C941;110C 1170 11B4; # (ì¥; ì¥; 쥁; ì¥; 쥁; ) HANGUL SYLLABLE JWELT +C942;C942;110C 1170 11B5;C942;110C 1170 11B5; # (쥂; 쥂; 쥂; 쥂; 쥂; ) HANGUL SYLLABLE JWELP +C943;C943;110C 1170 11B6;C943;110C 1170 11B6; # (쥃; 쥃; 쥃; 쥃; 쥃; ) HANGUL SYLLABLE JWELH +C944;C944;110C 1170 11B7;C944;110C 1170 11B7; # (쥄; 쥄; 쥄; 쥄; 쥄; ) HANGUL SYLLABLE JWEM +C945;C945;110C 1170 11B8;C945;110C 1170 11B8; # (쥅; 쥅; 쥅; 쥅; 쥅; ) HANGUL SYLLABLE JWEB +C946;C946;110C 1170 11B9;C946;110C 1170 11B9; # (쥆; 쥆; 쥆; 쥆; 쥆; ) HANGUL SYLLABLE JWEBS +C947;C947;110C 1170 11BA;C947;110C 1170 11BA; # (쥇; 쥇; 쥇; 쥇; 쥇; ) HANGUL SYLLABLE JWES +C948;C948;110C 1170 11BB;C948;110C 1170 11BB; # (쥈; 쥈; 쥈; 쥈; 쥈; ) HANGUL SYLLABLE JWESS +C949;C949;110C 1170 11BC;C949;110C 1170 11BC; # (쥉; 쥉; 쥉; 쥉; 쥉; ) HANGUL SYLLABLE JWENG +C94A;C94A;110C 1170 11BD;C94A;110C 1170 11BD; # (쥊; 쥊; 쥊; 쥊; 쥊; ) HANGUL SYLLABLE JWEJ +C94B;C94B;110C 1170 11BE;C94B;110C 1170 11BE; # (쥋; 쥋; 쥋; 쥋; 쥋; ) HANGUL SYLLABLE JWEC +C94C;C94C;110C 1170 11BF;C94C;110C 1170 11BF; # (쥌; 쥌; 쥌; 쥌; 쥌; ) HANGUL SYLLABLE JWEK +C94D;C94D;110C 1170 11C0;C94D;110C 1170 11C0; # (ì¥; ì¥; 쥍; ì¥; 쥍; ) HANGUL SYLLABLE JWET +C94E;C94E;110C 1170 11C1;C94E;110C 1170 11C1; # (쥎; 쥎; 줴á‡; 쥎; 줴á‡; ) HANGUL SYLLABLE JWEP +C94F;C94F;110C 1170 11C2;C94F;110C 1170 11C2; # (ì¥; ì¥; 쥏; ì¥; 쥏; ) HANGUL SYLLABLE JWEH +C950;C950;110C 1171;C950;110C 1171; # (ì¥; ì¥; 쥐; ì¥; 쥐; ) HANGUL SYLLABLE JWI +C951;C951;110C 1171 11A8;C951;110C 1171 11A8; # (쥑; 쥑; 쥑; 쥑; 쥑; ) HANGUL SYLLABLE JWIG +C952;C952;110C 1171 11A9;C952;110C 1171 11A9; # (쥒; 쥒; 쥒; 쥒; 쥒; ) HANGUL SYLLABLE JWIGG +C953;C953;110C 1171 11AA;C953;110C 1171 11AA; # (쥓; 쥓; 쥓; 쥓; 쥓; ) HANGUL SYLLABLE JWIGS +C954;C954;110C 1171 11AB;C954;110C 1171 11AB; # (쥔; 쥔; 쥔; 쥔; 쥔; ) HANGUL SYLLABLE JWIN +C955;C955;110C 1171 11AC;C955;110C 1171 11AC; # (쥕; 쥕; 쥕; 쥕; 쥕; ) HANGUL SYLLABLE JWINJ +C956;C956;110C 1171 11AD;C956;110C 1171 11AD; # (쥖; 쥖; 쥖; 쥖; 쥖; ) HANGUL SYLLABLE JWINH +C957;C957;110C 1171 11AE;C957;110C 1171 11AE; # (쥗; 쥗; 쥗; 쥗; 쥗; ) HANGUL SYLLABLE JWID +C958;C958;110C 1171 11AF;C958;110C 1171 11AF; # (쥘; 쥘; 쥘; 쥘; 쥘; ) HANGUL SYLLABLE JWIL +C959;C959;110C 1171 11B0;C959;110C 1171 11B0; # (쥙; 쥙; 쥙; 쥙; 쥙; ) HANGUL SYLLABLE JWILG +C95A;C95A;110C 1171 11B1;C95A;110C 1171 11B1; # (쥚; 쥚; 쥚; 쥚; 쥚; ) HANGUL SYLLABLE JWILM +C95B;C95B;110C 1171 11B2;C95B;110C 1171 11B2; # (쥛; 쥛; 쥛; 쥛; 쥛; ) HANGUL SYLLABLE JWILB +C95C;C95C;110C 1171 11B3;C95C;110C 1171 11B3; # (쥜; 쥜; 쥜; 쥜; 쥜; ) HANGUL SYLLABLE JWILS +C95D;C95D;110C 1171 11B4;C95D;110C 1171 11B4; # (ì¥; ì¥; 쥝; ì¥; 쥝; ) HANGUL SYLLABLE JWILT +C95E;C95E;110C 1171 11B5;C95E;110C 1171 11B5; # (쥞; 쥞; 쥞; 쥞; 쥞; ) HANGUL SYLLABLE JWILP +C95F;C95F;110C 1171 11B6;C95F;110C 1171 11B6; # (쥟; 쥟; 쥟; 쥟; 쥟; ) HANGUL SYLLABLE JWILH +C960;C960;110C 1171 11B7;C960;110C 1171 11B7; # (쥠; 쥠; 쥠; 쥠; 쥠; ) HANGUL SYLLABLE JWIM +C961;C961;110C 1171 11B8;C961;110C 1171 11B8; # (쥡; 쥡; 쥡; 쥡; 쥡; ) HANGUL SYLLABLE JWIB +C962;C962;110C 1171 11B9;C962;110C 1171 11B9; # (쥢; 쥢; 쥢; 쥢; 쥢; ) HANGUL SYLLABLE JWIBS +C963;C963;110C 1171 11BA;C963;110C 1171 11BA; # (쥣; 쥣; 쥣; 쥣; 쥣; ) HANGUL SYLLABLE JWIS +C964;C964;110C 1171 11BB;C964;110C 1171 11BB; # (쥤; 쥤; 쥤; 쥤; 쥤; ) HANGUL SYLLABLE JWISS +C965;C965;110C 1171 11BC;C965;110C 1171 11BC; # (쥥; 쥥; 쥥; 쥥; 쥥; ) HANGUL SYLLABLE JWING +C966;C966;110C 1171 11BD;C966;110C 1171 11BD; # (쥦; 쥦; 쥦; 쥦; 쥦; ) HANGUL SYLLABLE JWIJ +C967;C967;110C 1171 11BE;C967;110C 1171 11BE; # (쥧; 쥧; 쥧; 쥧; 쥧; ) HANGUL SYLLABLE JWIC +C968;C968;110C 1171 11BF;C968;110C 1171 11BF; # (쥨; 쥨; 쥨; 쥨; 쥨; ) HANGUL SYLLABLE JWIK +C969;C969;110C 1171 11C0;C969;110C 1171 11C0; # (쥩; 쥩; 쥩; 쥩; 쥩; ) HANGUL SYLLABLE JWIT +C96A;C96A;110C 1171 11C1;C96A;110C 1171 11C1; # (쥪; 쥪; 쥐á‡; 쥪; 쥐á‡; ) HANGUL SYLLABLE JWIP +C96B;C96B;110C 1171 11C2;C96B;110C 1171 11C2; # (쥫; 쥫; 쥫; 쥫; 쥫; ) HANGUL SYLLABLE JWIH +C96C;C96C;110C 1172;C96C;110C 1172; # (쥬; 쥬; 쥬; 쥬; 쥬; ) HANGUL SYLLABLE JYU +C96D;C96D;110C 1172 11A8;C96D;110C 1172 11A8; # (쥭; 쥭; 쥭; 쥭; 쥭; ) HANGUL SYLLABLE JYUG +C96E;C96E;110C 1172 11A9;C96E;110C 1172 11A9; # (쥮; 쥮; 쥮; 쥮; 쥮; ) HANGUL SYLLABLE JYUGG +C96F;C96F;110C 1172 11AA;C96F;110C 1172 11AA; # (쥯; 쥯; 쥯; 쥯; 쥯; ) HANGUL SYLLABLE JYUGS +C970;C970;110C 1172 11AB;C970;110C 1172 11AB; # (쥰; 쥰; 쥰; 쥰; 쥰; ) HANGUL SYLLABLE JYUN +C971;C971;110C 1172 11AC;C971;110C 1172 11AC; # (쥱; 쥱; 쥱; 쥱; 쥱; ) HANGUL SYLLABLE JYUNJ +C972;C972;110C 1172 11AD;C972;110C 1172 11AD; # (쥲; 쥲; 쥲; 쥲; 쥲; ) HANGUL SYLLABLE JYUNH +C973;C973;110C 1172 11AE;C973;110C 1172 11AE; # (쥳; 쥳; 쥳; 쥳; 쥳; ) HANGUL SYLLABLE JYUD +C974;C974;110C 1172 11AF;C974;110C 1172 11AF; # (쥴; 쥴; 쥴; 쥴; 쥴; ) HANGUL SYLLABLE JYUL +C975;C975;110C 1172 11B0;C975;110C 1172 11B0; # (쥵; 쥵; 쥵; 쥵; 쥵; ) HANGUL SYLLABLE JYULG +C976;C976;110C 1172 11B1;C976;110C 1172 11B1; # (쥶; 쥶; 쥶; 쥶; 쥶; ) HANGUL SYLLABLE JYULM +C977;C977;110C 1172 11B2;C977;110C 1172 11B2; # (쥷; 쥷; 쥷; 쥷; 쥷; ) HANGUL SYLLABLE JYULB +C978;C978;110C 1172 11B3;C978;110C 1172 11B3; # (쥸; 쥸; 쥸; 쥸; 쥸; ) HANGUL SYLLABLE JYULS +C979;C979;110C 1172 11B4;C979;110C 1172 11B4; # (쥹; 쥹; 쥹; 쥹; 쥹; ) HANGUL SYLLABLE JYULT +C97A;C97A;110C 1172 11B5;C97A;110C 1172 11B5; # (쥺; 쥺; 쥺; 쥺; 쥺; ) HANGUL SYLLABLE JYULP +C97B;C97B;110C 1172 11B6;C97B;110C 1172 11B6; # (쥻; 쥻; 쥻; 쥻; 쥻; ) HANGUL SYLLABLE JYULH +C97C;C97C;110C 1172 11B7;C97C;110C 1172 11B7; # (쥼; 쥼; 쥼; 쥼; 쥼; ) HANGUL SYLLABLE JYUM +C97D;C97D;110C 1172 11B8;C97D;110C 1172 11B8; # (쥽; 쥽; 쥽; 쥽; 쥽; ) HANGUL SYLLABLE JYUB +C97E;C97E;110C 1172 11B9;C97E;110C 1172 11B9; # (쥾; 쥾; 쥾; 쥾; 쥾; ) HANGUL SYLLABLE JYUBS +C97F;C97F;110C 1172 11BA;C97F;110C 1172 11BA; # (쥿; 쥿; 쥿; 쥿; 쥿; ) HANGUL SYLLABLE JYUS +C980;C980;110C 1172 11BB;C980;110C 1172 11BB; # (즀; 즀; 즀; 즀; 즀; ) HANGUL SYLLABLE JYUSS +C981;C981;110C 1172 11BC;C981;110C 1172 11BC; # (ì¦; ì¦; 즁; ì¦; 즁; ) HANGUL SYLLABLE JYUNG +C982;C982;110C 1172 11BD;C982;110C 1172 11BD; # (즂; 즂; 즂; 즂; 즂; ) HANGUL SYLLABLE JYUJ +C983;C983;110C 1172 11BE;C983;110C 1172 11BE; # (즃; 즃; 즃; 즃; 즃; ) HANGUL SYLLABLE JYUC +C984;C984;110C 1172 11BF;C984;110C 1172 11BF; # (즄; 즄; 즄; 즄; 즄; ) HANGUL SYLLABLE JYUK +C985;C985;110C 1172 11C0;C985;110C 1172 11C0; # (즅; 즅; 즅; 즅; 즅; ) HANGUL SYLLABLE JYUT +C986;C986;110C 1172 11C1;C986;110C 1172 11C1; # (즆; 즆; 쥬á‡; 즆; 쥬á‡; ) HANGUL SYLLABLE JYUP +C987;C987;110C 1172 11C2;C987;110C 1172 11C2; # (즇; 즇; 즇; 즇; 즇; ) HANGUL SYLLABLE JYUH +C988;C988;110C 1173;C988;110C 1173; # (즈; 즈; 즈; 즈; 즈; ) HANGUL SYLLABLE JEU +C989;C989;110C 1173 11A8;C989;110C 1173 11A8; # (즉; 즉; 즉; 즉; 즉; ) HANGUL SYLLABLE JEUG +C98A;C98A;110C 1173 11A9;C98A;110C 1173 11A9; # (즊; 즊; 즊; 즊; 즊; ) HANGUL SYLLABLE JEUGG +C98B;C98B;110C 1173 11AA;C98B;110C 1173 11AA; # (즋; 즋; 즋; 즋; 즋; ) HANGUL SYLLABLE JEUGS +C98C;C98C;110C 1173 11AB;C98C;110C 1173 11AB; # (즌; 즌; 즌; 즌; 즌; ) HANGUL SYLLABLE JEUN +C98D;C98D;110C 1173 11AC;C98D;110C 1173 11AC; # (ì¦; ì¦; 즍; ì¦; 즍; ) HANGUL SYLLABLE JEUNJ +C98E;C98E;110C 1173 11AD;C98E;110C 1173 11AD; # (즎; 즎; 즎; 즎; 즎; ) HANGUL SYLLABLE JEUNH +C98F;C98F;110C 1173 11AE;C98F;110C 1173 11AE; # (ì¦; ì¦; 즏; ì¦; 즏; ) HANGUL SYLLABLE JEUD +C990;C990;110C 1173 11AF;C990;110C 1173 11AF; # (ì¦; ì¦; 즐; ì¦; 즐; ) HANGUL SYLLABLE JEUL +C991;C991;110C 1173 11B0;C991;110C 1173 11B0; # (즑; 즑; 즑; 즑; 즑; ) HANGUL SYLLABLE JEULG +C992;C992;110C 1173 11B1;C992;110C 1173 11B1; # (즒; 즒; 즒; 즒; 즒; ) HANGUL SYLLABLE JEULM +C993;C993;110C 1173 11B2;C993;110C 1173 11B2; # (즓; 즓; 즓; 즓; 즓; ) HANGUL SYLLABLE JEULB +C994;C994;110C 1173 11B3;C994;110C 1173 11B3; # (즔; 즔; 즔; 즔; 즔; ) HANGUL SYLLABLE JEULS +C995;C995;110C 1173 11B4;C995;110C 1173 11B4; # (즕; 즕; 즕; 즕; 즕; ) HANGUL SYLLABLE JEULT +C996;C996;110C 1173 11B5;C996;110C 1173 11B5; # (즖; 즖; 즖; 즖; 즖; ) HANGUL SYLLABLE JEULP +C997;C997;110C 1173 11B6;C997;110C 1173 11B6; # (즗; 즗; 즗; 즗; 즗; ) HANGUL SYLLABLE JEULH +C998;C998;110C 1173 11B7;C998;110C 1173 11B7; # (즘; 즘; 즘; 즘; 즘; ) HANGUL SYLLABLE JEUM +C999;C999;110C 1173 11B8;C999;110C 1173 11B8; # (즙; 즙; 즙; 즙; 즙; ) HANGUL SYLLABLE JEUB +C99A;C99A;110C 1173 11B9;C99A;110C 1173 11B9; # (즚; 즚; 즚; 즚; 즚; ) HANGUL SYLLABLE JEUBS +C99B;C99B;110C 1173 11BA;C99B;110C 1173 11BA; # (즛; 즛; 즛; 즛; 즛; ) HANGUL SYLLABLE JEUS +C99C;C99C;110C 1173 11BB;C99C;110C 1173 11BB; # (즜; 즜; 즜; 즜; 즜; ) HANGUL SYLLABLE JEUSS +C99D;C99D;110C 1173 11BC;C99D;110C 1173 11BC; # (ì¦; ì¦; 증; ì¦; 증; ) HANGUL SYLLABLE JEUNG +C99E;C99E;110C 1173 11BD;C99E;110C 1173 11BD; # (즞; 즞; 즞; 즞; 즞; ) HANGUL SYLLABLE JEUJ +C99F;C99F;110C 1173 11BE;C99F;110C 1173 11BE; # (즟; 즟; 즟; 즟; 즟; ) HANGUL SYLLABLE JEUC +C9A0;C9A0;110C 1173 11BF;C9A0;110C 1173 11BF; # (즠; 즠; 즠; 즠; 즠; ) HANGUL SYLLABLE JEUK +C9A1;C9A1;110C 1173 11C0;C9A1;110C 1173 11C0; # (즡; 즡; 즡; 즡; 즡; ) HANGUL SYLLABLE JEUT +C9A2;C9A2;110C 1173 11C1;C9A2;110C 1173 11C1; # (즢; 즢; 즈á‡; 즢; 즈á‡; ) HANGUL SYLLABLE JEUP +C9A3;C9A3;110C 1173 11C2;C9A3;110C 1173 11C2; # (즣; 즣; 즣; 즣; 즣; ) HANGUL SYLLABLE JEUH +C9A4;C9A4;110C 1174;C9A4;110C 1174; # (즤; 즤; 즤; 즤; 즤; ) HANGUL SYLLABLE JYI +C9A5;C9A5;110C 1174 11A8;C9A5;110C 1174 11A8; # (즥; 즥; 즥; 즥; 즥; ) HANGUL SYLLABLE JYIG +C9A6;C9A6;110C 1174 11A9;C9A6;110C 1174 11A9; # (즦; 즦; 즦; 즦; 즦; ) HANGUL SYLLABLE JYIGG +C9A7;C9A7;110C 1174 11AA;C9A7;110C 1174 11AA; # (즧; 즧; 즧; 즧; 즧; ) HANGUL SYLLABLE JYIGS +C9A8;C9A8;110C 1174 11AB;C9A8;110C 1174 11AB; # (즨; 즨; 즨; 즨; 즨; ) HANGUL SYLLABLE JYIN +C9A9;C9A9;110C 1174 11AC;C9A9;110C 1174 11AC; # (즩; 즩; 즩; 즩; 즩; ) HANGUL SYLLABLE JYINJ +C9AA;C9AA;110C 1174 11AD;C9AA;110C 1174 11AD; # (즪; 즪; 즪; 즪; 즪; ) HANGUL SYLLABLE JYINH +C9AB;C9AB;110C 1174 11AE;C9AB;110C 1174 11AE; # (즫; 즫; 즫; 즫; 즫; ) HANGUL SYLLABLE JYID +C9AC;C9AC;110C 1174 11AF;C9AC;110C 1174 11AF; # (즬; 즬; 즬; 즬; 즬; ) HANGUL SYLLABLE JYIL +C9AD;C9AD;110C 1174 11B0;C9AD;110C 1174 11B0; # (즭; 즭; 즭; 즭; 즭; ) HANGUL SYLLABLE JYILG +C9AE;C9AE;110C 1174 11B1;C9AE;110C 1174 11B1; # (즮; 즮; 즮; 즮; 즮; ) HANGUL SYLLABLE JYILM +C9AF;C9AF;110C 1174 11B2;C9AF;110C 1174 11B2; # (즯; 즯; 즯; 즯; 즯; ) HANGUL SYLLABLE JYILB +C9B0;C9B0;110C 1174 11B3;C9B0;110C 1174 11B3; # (즰; 즰; 즰; 즰; 즰; ) HANGUL SYLLABLE JYILS +C9B1;C9B1;110C 1174 11B4;C9B1;110C 1174 11B4; # (즱; 즱; 즱; 즱; 즱; ) HANGUL SYLLABLE JYILT +C9B2;C9B2;110C 1174 11B5;C9B2;110C 1174 11B5; # (즲; 즲; 즲; 즲; 즲; ) HANGUL SYLLABLE JYILP +C9B3;C9B3;110C 1174 11B6;C9B3;110C 1174 11B6; # (즳; 즳; 즳; 즳; 즳; ) HANGUL SYLLABLE JYILH +C9B4;C9B4;110C 1174 11B7;C9B4;110C 1174 11B7; # (즴; 즴; 즴; 즴; 즴; ) HANGUL SYLLABLE JYIM +C9B5;C9B5;110C 1174 11B8;C9B5;110C 1174 11B8; # (즵; 즵; 즵; 즵; 즵; ) HANGUL SYLLABLE JYIB +C9B6;C9B6;110C 1174 11B9;C9B6;110C 1174 11B9; # (즶; 즶; 즶; 즶; 즶; ) HANGUL SYLLABLE JYIBS +C9B7;C9B7;110C 1174 11BA;C9B7;110C 1174 11BA; # (즷; 즷; 즷; 즷; 즷; ) HANGUL SYLLABLE JYIS +C9B8;C9B8;110C 1174 11BB;C9B8;110C 1174 11BB; # (즸; 즸; 즸; 즸; 즸; ) HANGUL SYLLABLE JYISS +C9B9;C9B9;110C 1174 11BC;C9B9;110C 1174 11BC; # (즹; 즹; 즹; 즹; 즹; ) HANGUL SYLLABLE JYING +C9BA;C9BA;110C 1174 11BD;C9BA;110C 1174 11BD; # (즺; 즺; 즺; 즺; 즺; ) HANGUL SYLLABLE JYIJ +C9BB;C9BB;110C 1174 11BE;C9BB;110C 1174 11BE; # (즻; 즻; 즻; 즻; 즻; ) HANGUL SYLLABLE JYIC +C9BC;C9BC;110C 1174 11BF;C9BC;110C 1174 11BF; # (즼; 즼; 즼; 즼; 즼; ) HANGUL SYLLABLE JYIK +C9BD;C9BD;110C 1174 11C0;C9BD;110C 1174 11C0; # (즽; 즽; 즽; 즽; 즽; ) HANGUL SYLLABLE JYIT +C9BE;C9BE;110C 1174 11C1;C9BE;110C 1174 11C1; # (즾; 즾; 즤á‡; 즾; 즤á‡; ) HANGUL SYLLABLE JYIP +C9BF;C9BF;110C 1174 11C2;C9BF;110C 1174 11C2; # (즿; 즿; 즿; 즿; 즿; ) HANGUL SYLLABLE JYIH +C9C0;C9C0;110C 1175;C9C0;110C 1175; # (지; 지; 지; 지; 지; ) HANGUL SYLLABLE JI +C9C1;C9C1;110C 1175 11A8;C9C1;110C 1175 11A8; # (ì§; ì§; 직; ì§; 직; ) HANGUL SYLLABLE JIG +C9C2;C9C2;110C 1175 11A9;C9C2;110C 1175 11A9; # (짂; 짂; 짂; 짂; 짂; ) HANGUL SYLLABLE JIGG +C9C3;C9C3;110C 1175 11AA;C9C3;110C 1175 11AA; # (짃; 짃; 짃; 짃; 짃; ) HANGUL SYLLABLE JIGS +C9C4;C9C4;110C 1175 11AB;C9C4;110C 1175 11AB; # (진; 진; 진; 진; 진; ) HANGUL SYLLABLE JIN +C9C5;C9C5;110C 1175 11AC;C9C5;110C 1175 11AC; # (짅; 짅; 짅; 짅; 짅; ) HANGUL SYLLABLE JINJ +C9C6;C9C6;110C 1175 11AD;C9C6;110C 1175 11AD; # (짆; 짆; 짆; 짆; 짆; ) HANGUL SYLLABLE JINH +C9C7;C9C7;110C 1175 11AE;C9C7;110C 1175 11AE; # (짇; 짇; 짇; 짇; 짇; ) HANGUL SYLLABLE JID +C9C8;C9C8;110C 1175 11AF;C9C8;110C 1175 11AF; # (질; 질; 질; 질; 질; ) HANGUL SYLLABLE JIL +C9C9;C9C9;110C 1175 11B0;C9C9;110C 1175 11B0; # (짉; 짉; 짉; 짉; 짉; ) HANGUL SYLLABLE JILG +C9CA;C9CA;110C 1175 11B1;C9CA;110C 1175 11B1; # (짊; 짊; 짊; 짊; 짊; ) HANGUL SYLLABLE JILM +C9CB;C9CB;110C 1175 11B2;C9CB;110C 1175 11B2; # (짋; 짋; 짋; 짋; 짋; ) HANGUL SYLLABLE JILB +C9CC;C9CC;110C 1175 11B3;C9CC;110C 1175 11B3; # (짌; 짌; 짌; 짌; 짌; ) HANGUL SYLLABLE JILS +C9CD;C9CD;110C 1175 11B4;C9CD;110C 1175 11B4; # (ì§; ì§; 짍; ì§; 짍; ) HANGUL SYLLABLE JILT +C9CE;C9CE;110C 1175 11B5;C9CE;110C 1175 11B5; # (짎; 짎; 짎; 짎; 짎; ) HANGUL SYLLABLE JILP +C9CF;C9CF;110C 1175 11B6;C9CF;110C 1175 11B6; # (ì§; ì§; 짏; ì§; 짏; ) HANGUL SYLLABLE JILH +C9D0;C9D0;110C 1175 11B7;C9D0;110C 1175 11B7; # (ì§; ì§; 짐; ì§; 짐; ) HANGUL SYLLABLE JIM +C9D1;C9D1;110C 1175 11B8;C9D1;110C 1175 11B8; # (집; 집; 집; 집; 집; ) HANGUL SYLLABLE JIB +C9D2;C9D2;110C 1175 11B9;C9D2;110C 1175 11B9; # (짒; 짒; 짒; 짒; 짒; ) HANGUL SYLLABLE JIBS +C9D3;C9D3;110C 1175 11BA;C9D3;110C 1175 11BA; # (짓; 짓; 짓; 짓; 짓; ) HANGUL SYLLABLE JIS +C9D4;C9D4;110C 1175 11BB;C9D4;110C 1175 11BB; # (짔; 짔; 짔; 짔; 짔; ) HANGUL SYLLABLE JISS +C9D5;C9D5;110C 1175 11BC;C9D5;110C 1175 11BC; # (징; 징; 징; 징; 징; ) HANGUL SYLLABLE JING +C9D6;C9D6;110C 1175 11BD;C9D6;110C 1175 11BD; # (짖; 짖; 짖; 짖; 짖; ) HANGUL SYLLABLE JIJ +C9D7;C9D7;110C 1175 11BE;C9D7;110C 1175 11BE; # (짗; 짗; 짗; 짗; 짗; ) HANGUL SYLLABLE JIC +C9D8;C9D8;110C 1175 11BF;C9D8;110C 1175 11BF; # (짘; 짘; 짘; 짘; 짘; ) HANGUL SYLLABLE JIK +C9D9;C9D9;110C 1175 11C0;C9D9;110C 1175 11C0; # (짙; 짙; 짙; 짙; 짙; ) HANGUL SYLLABLE JIT +C9DA;C9DA;110C 1175 11C1;C9DA;110C 1175 11C1; # (짚; 짚; 지á‡; 짚; 지á‡; ) HANGUL SYLLABLE JIP +C9DB;C9DB;110C 1175 11C2;C9DB;110C 1175 11C2; # (짛; 짛; 짛; 짛; 짛; ) HANGUL SYLLABLE JIH +C9DC;C9DC;110D 1161;C9DC;110D 1161; # (짜; 짜; á„á…¡; 짜; á„á…¡; ) HANGUL SYLLABLE JJA +C9DD;C9DD;110D 1161 11A8;C9DD;110D 1161 11A8; # (ì§; ì§; á„ᅡᆨ; ì§; á„ᅡᆨ; ) HANGUL SYLLABLE JJAG +C9DE;C9DE;110D 1161 11A9;C9DE;110D 1161 11A9; # (짞; 짞; á„ᅡᆩ; 짞; á„ᅡᆩ; ) HANGUL SYLLABLE JJAGG +C9DF;C9DF;110D 1161 11AA;C9DF;110D 1161 11AA; # (짟; 짟; á„ᅡᆪ; 짟; á„ᅡᆪ; ) HANGUL SYLLABLE JJAGS +C9E0;C9E0;110D 1161 11AB;C9E0;110D 1161 11AB; # (짠; 짠; á„ᅡᆫ; 짠; á„ᅡᆫ; ) HANGUL SYLLABLE JJAN +C9E1;C9E1;110D 1161 11AC;C9E1;110D 1161 11AC; # (짡; 짡; á„ᅡᆬ; 짡; á„ᅡᆬ; ) HANGUL SYLLABLE JJANJ +C9E2;C9E2;110D 1161 11AD;C9E2;110D 1161 11AD; # (짢; 짢; á„ᅡᆭ; 짢; á„ᅡᆭ; ) HANGUL SYLLABLE JJANH +C9E3;C9E3;110D 1161 11AE;C9E3;110D 1161 11AE; # (짣; 짣; á„ᅡᆮ; 짣; á„ᅡᆮ; ) HANGUL SYLLABLE JJAD +C9E4;C9E4;110D 1161 11AF;C9E4;110D 1161 11AF; # (짤; 짤; á„ᅡᆯ; 짤; á„ᅡᆯ; ) HANGUL SYLLABLE JJAL +C9E5;C9E5;110D 1161 11B0;C9E5;110D 1161 11B0; # (짥; 짥; á„ᅡᆰ; 짥; á„ᅡᆰ; ) HANGUL SYLLABLE JJALG +C9E6;C9E6;110D 1161 11B1;C9E6;110D 1161 11B1; # (짦; 짦; á„ᅡᆱ; 짦; á„ᅡᆱ; ) HANGUL SYLLABLE JJALM +C9E7;C9E7;110D 1161 11B2;C9E7;110D 1161 11B2; # (짧; 짧; á„ᅡᆲ; 짧; á„ᅡᆲ; ) HANGUL SYLLABLE JJALB +C9E8;C9E8;110D 1161 11B3;C9E8;110D 1161 11B3; # (짨; 짨; á„ᅡᆳ; 짨; á„ᅡᆳ; ) HANGUL SYLLABLE JJALS +C9E9;C9E9;110D 1161 11B4;C9E9;110D 1161 11B4; # (짩; 짩; á„ᅡᆴ; 짩; á„ᅡᆴ; ) HANGUL SYLLABLE JJALT +C9EA;C9EA;110D 1161 11B5;C9EA;110D 1161 11B5; # (짪; 짪; á„ᅡᆵ; 짪; á„ᅡᆵ; ) HANGUL SYLLABLE JJALP +C9EB;C9EB;110D 1161 11B6;C9EB;110D 1161 11B6; # (짫; 짫; á„ᅡᆶ; 짫; á„ᅡᆶ; ) HANGUL SYLLABLE JJALH +C9EC;C9EC;110D 1161 11B7;C9EC;110D 1161 11B7; # (짬; 짬; á„ᅡᆷ; 짬; á„ᅡᆷ; ) HANGUL SYLLABLE JJAM +C9ED;C9ED;110D 1161 11B8;C9ED;110D 1161 11B8; # (짭; 짭; á„ᅡᆸ; 짭; á„ᅡᆸ; ) HANGUL SYLLABLE JJAB +C9EE;C9EE;110D 1161 11B9;C9EE;110D 1161 11B9; # (짮; 짮; á„ᅡᆹ; 짮; á„ᅡᆹ; ) HANGUL SYLLABLE JJABS +C9EF;C9EF;110D 1161 11BA;C9EF;110D 1161 11BA; # (짯; 짯; á„ᅡᆺ; 짯; á„ᅡᆺ; ) HANGUL SYLLABLE JJAS +C9F0;C9F0;110D 1161 11BB;C9F0;110D 1161 11BB; # (짰; 짰; á„ᅡᆻ; 짰; á„ᅡᆻ; ) HANGUL SYLLABLE JJASS +C9F1;C9F1;110D 1161 11BC;C9F1;110D 1161 11BC; # (짱; 짱; á„ᅡᆼ; 짱; á„ᅡᆼ; ) HANGUL SYLLABLE JJANG +C9F2;C9F2;110D 1161 11BD;C9F2;110D 1161 11BD; # (짲; 짲; á„ᅡᆽ; 짲; á„ᅡᆽ; ) HANGUL SYLLABLE JJAJ +C9F3;C9F3;110D 1161 11BE;C9F3;110D 1161 11BE; # (짳; 짳; á„ᅡᆾ; 짳; á„ᅡᆾ; ) HANGUL SYLLABLE JJAC +C9F4;C9F4;110D 1161 11BF;C9F4;110D 1161 11BF; # (짴; 짴; á„ᅡᆿ; 짴; á„ᅡᆿ; ) HANGUL SYLLABLE JJAK +C9F5;C9F5;110D 1161 11C0;C9F5;110D 1161 11C0; # (짵; 짵; á„ᅡᇀ; 짵; á„ᅡᇀ; ) HANGUL SYLLABLE JJAT +C9F6;C9F6;110D 1161 11C1;C9F6;110D 1161 11C1; # (짶; 짶; á„á…¡á‡; 짶; á„á…¡á‡; ) HANGUL SYLLABLE JJAP +C9F7;C9F7;110D 1161 11C2;C9F7;110D 1161 11C2; # (짷; 짷; á„ᅡᇂ; 짷; á„ᅡᇂ; ) HANGUL SYLLABLE JJAH +C9F8;C9F8;110D 1162;C9F8;110D 1162; # (째; 째; á„á…¢; 째; á„á…¢; ) HANGUL SYLLABLE JJAE +C9F9;C9F9;110D 1162 11A8;C9F9;110D 1162 11A8; # (짹; 짹; á„ᅢᆨ; 짹; á„ᅢᆨ; ) HANGUL SYLLABLE JJAEG +C9FA;C9FA;110D 1162 11A9;C9FA;110D 1162 11A9; # (짺; 짺; á„ᅢᆩ; 짺; á„ᅢᆩ; ) HANGUL SYLLABLE JJAEGG +C9FB;C9FB;110D 1162 11AA;C9FB;110D 1162 11AA; # (짻; 짻; á„ᅢᆪ; 짻; á„ᅢᆪ; ) HANGUL SYLLABLE JJAEGS +C9FC;C9FC;110D 1162 11AB;C9FC;110D 1162 11AB; # (짼; 짼; á„ᅢᆫ; 짼; á„ᅢᆫ; ) HANGUL SYLLABLE JJAEN +C9FD;C9FD;110D 1162 11AC;C9FD;110D 1162 11AC; # (짽; 짽; á„ᅢᆬ; 짽; á„ᅢᆬ; ) HANGUL SYLLABLE JJAENJ +C9FE;C9FE;110D 1162 11AD;C9FE;110D 1162 11AD; # (짾; 짾; á„ᅢᆭ; 짾; á„ᅢᆭ; ) HANGUL SYLLABLE JJAENH +C9FF;C9FF;110D 1162 11AE;C9FF;110D 1162 11AE; # (짿; 짿; á„ᅢᆮ; 짿; á„ᅢᆮ; ) HANGUL SYLLABLE JJAED +CA00;CA00;110D 1162 11AF;CA00;110D 1162 11AF; # (쨀; 쨀; á„ᅢᆯ; 쨀; á„ᅢᆯ; ) HANGUL SYLLABLE JJAEL +CA01;CA01;110D 1162 11B0;CA01;110D 1162 11B0; # (ì¨; ì¨; á„ᅢᆰ; ì¨; á„ᅢᆰ; ) HANGUL SYLLABLE JJAELG +CA02;CA02;110D 1162 11B1;CA02;110D 1162 11B1; # (쨂; 쨂; á„ᅢᆱ; 쨂; á„ᅢᆱ; ) HANGUL SYLLABLE JJAELM +CA03;CA03;110D 1162 11B2;CA03;110D 1162 11B2; # (쨃; 쨃; á„ᅢᆲ; 쨃; á„ᅢᆲ; ) HANGUL SYLLABLE JJAELB +CA04;CA04;110D 1162 11B3;CA04;110D 1162 11B3; # (쨄; 쨄; á„ᅢᆳ; 쨄; á„ᅢᆳ; ) HANGUL SYLLABLE JJAELS +CA05;CA05;110D 1162 11B4;CA05;110D 1162 11B4; # (쨅; 쨅; á„ᅢᆴ; 쨅; á„ᅢᆴ; ) HANGUL SYLLABLE JJAELT +CA06;CA06;110D 1162 11B5;CA06;110D 1162 11B5; # (쨆; 쨆; á„ᅢᆵ; 쨆; á„ᅢᆵ; ) HANGUL SYLLABLE JJAELP +CA07;CA07;110D 1162 11B6;CA07;110D 1162 11B6; # (쨇; 쨇; á„ᅢᆶ; 쨇; á„ᅢᆶ; ) HANGUL SYLLABLE JJAELH +CA08;CA08;110D 1162 11B7;CA08;110D 1162 11B7; # (쨈; 쨈; á„ᅢᆷ; 쨈; á„ᅢᆷ; ) HANGUL SYLLABLE JJAEM +CA09;CA09;110D 1162 11B8;CA09;110D 1162 11B8; # (쨉; 쨉; á„ᅢᆸ; 쨉; á„ᅢᆸ; ) HANGUL SYLLABLE JJAEB +CA0A;CA0A;110D 1162 11B9;CA0A;110D 1162 11B9; # (쨊; 쨊; á„ᅢᆹ; 쨊; á„ᅢᆹ; ) HANGUL SYLLABLE JJAEBS +CA0B;CA0B;110D 1162 11BA;CA0B;110D 1162 11BA; # (쨋; 쨋; á„ᅢᆺ; 쨋; á„ᅢᆺ; ) HANGUL SYLLABLE JJAES +CA0C;CA0C;110D 1162 11BB;CA0C;110D 1162 11BB; # (쨌; 쨌; á„ᅢᆻ; 쨌; á„ᅢᆻ; ) HANGUL SYLLABLE JJAESS +CA0D;CA0D;110D 1162 11BC;CA0D;110D 1162 11BC; # (ì¨; ì¨; á„ᅢᆼ; ì¨; á„ᅢᆼ; ) HANGUL SYLLABLE JJAENG +CA0E;CA0E;110D 1162 11BD;CA0E;110D 1162 11BD; # (쨎; 쨎; á„ᅢᆽ; 쨎; á„ᅢᆽ; ) HANGUL SYLLABLE JJAEJ +CA0F;CA0F;110D 1162 11BE;CA0F;110D 1162 11BE; # (ì¨; ì¨; á„ᅢᆾ; ì¨; á„ᅢᆾ; ) HANGUL SYLLABLE JJAEC +CA10;CA10;110D 1162 11BF;CA10;110D 1162 11BF; # (ì¨; ì¨; á„ᅢᆿ; ì¨; á„ᅢᆿ; ) HANGUL SYLLABLE JJAEK +CA11;CA11;110D 1162 11C0;CA11;110D 1162 11C0; # (쨑; 쨑; á„ᅢᇀ; 쨑; á„ᅢᇀ; ) HANGUL SYLLABLE JJAET +CA12;CA12;110D 1162 11C1;CA12;110D 1162 11C1; # (쨒; 쨒; á„á…¢á‡; 쨒; á„á…¢á‡; ) HANGUL SYLLABLE JJAEP +CA13;CA13;110D 1162 11C2;CA13;110D 1162 11C2; # (쨓; 쨓; á„ᅢᇂ; 쨓; á„ᅢᇂ; ) HANGUL SYLLABLE JJAEH +CA14;CA14;110D 1163;CA14;110D 1163; # (쨔; 쨔; á„á…£; 쨔; á„á…£; ) HANGUL SYLLABLE JJYA +CA15;CA15;110D 1163 11A8;CA15;110D 1163 11A8; # (쨕; 쨕; á„ᅣᆨ; 쨕; á„ᅣᆨ; ) HANGUL SYLLABLE JJYAG +CA16;CA16;110D 1163 11A9;CA16;110D 1163 11A9; # (쨖; 쨖; á„ᅣᆩ; 쨖; á„ᅣᆩ; ) HANGUL SYLLABLE JJYAGG +CA17;CA17;110D 1163 11AA;CA17;110D 1163 11AA; # (쨗; 쨗; á„ᅣᆪ; 쨗; á„ᅣᆪ; ) HANGUL SYLLABLE JJYAGS +CA18;CA18;110D 1163 11AB;CA18;110D 1163 11AB; # (쨘; 쨘; á„ᅣᆫ; 쨘; á„ᅣᆫ; ) HANGUL SYLLABLE JJYAN +CA19;CA19;110D 1163 11AC;CA19;110D 1163 11AC; # (쨙; 쨙; á„ᅣᆬ; 쨙; á„ᅣᆬ; ) HANGUL SYLLABLE JJYANJ +CA1A;CA1A;110D 1163 11AD;CA1A;110D 1163 11AD; # (쨚; 쨚; á„ᅣᆭ; 쨚; á„ᅣᆭ; ) HANGUL SYLLABLE JJYANH +CA1B;CA1B;110D 1163 11AE;CA1B;110D 1163 11AE; # (쨛; 쨛; á„ᅣᆮ; 쨛; á„ᅣᆮ; ) HANGUL SYLLABLE JJYAD +CA1C;CA1C;110D 1163 11AF;CA1C;110D 1163 11AF; # (쨜; 쨜; á„ᅣᆯ; 쨜; á„ᅣᆯ; ) HANGUL SYLLABLE JJYAL +CA1D;CA1D;110D 1163 11B0;CA1D;110D 1163 11B0; # (ì¨; ì¨; á„ᅣᆰ; ì¨; á„ᅣᆰ; ) HANGUL SYLLABLE JJYALG +CA1E;CA1E;110D 1163 11B1;CA1E;110D 1163 11B1; # (쨞; 쨞; á„ᅣᆱ; 쨞; á„ᅣᆱ; ) HANGUL SYLLABLE JJYALM +CA1F;CA1F;110D 1163 11B2;CA1F;110D 1163 11B2; # (쨟; 쨟; á„ᅣᆲ; 쨟; á„ᅣᆲ; ) HANGUL SYLLABLE JJYALB +CA20;CA20;110D 1163 11B3;CA20;110D 1163 11B3; # (쨠; 쨠; á„ᅣᆳ; 쨠; á„ᅣᆳ; ) HANGUL SYLLABLE JJYALS +CA21;CA21;110D 1163 11B4;CA21;110D 1163 11B4; # (쨡; 쨡; á„ᅣᆴ; 쨡; á„ᅣᆴ; ) HANGUL SYLLABLE JJYALT +CA22;CA22;110D 1163 11B5;CA22;110D 1163 11B5; # (쨢; 쨢; á„ᅣᆵ; 쨢; á„ᅣᆵ; ) HANGUL SYLLABLE JJYALP +CA23;CA23;110D 1163 11B6;CA23;110D 1163 11B6; # (쨣; 쨣; á„ᅣᆶ; 쨣; á„ᅣᆶ; ) HANGUL SYLLABLE JJYALH +CA24;CA24;110D 1163 11B7;CA24;110D 1163 11B7; # (쨤; 쨤; á„ᅣᆷ; 쨤; á„ᅣᆷ; ) HANGUL SYLLABLE JJYAM +CA25;CA25;110D 1163 11B8;CA25;110D 1163 11B8; # (쨥; 쨥; á„ᅣᆸ; 쨥; á„ᅣᆸ; ) HANGUL SYLLABLE JJYAB +CA26;CA26;110D 1163 11B9;CA26;110D 1163 11B9; # (쨦; 쨦; á„ᅣᆹ; 쨦; á„ᅣᆹ; ) HANGUL SYLLABLE JJYABS +CA27;CA27;110D 1163 11BA;CA27;110D 1163 11BA; # (쨧; 쨧; á„ᅣᆺ; 쨧; á„ᅣᆺ; ) HANGUL SYLLABLE JJYAS +CA28;CA28;110D 1163 11BB;CA28;110D 1163 11BB; # (쨨; 쨨; á„ᅣᆻ; 쨨; á„ᅣᆻ; ) HANGUL SYLLABLE JJYASS +CA29;CA29;110D 1163 11BC;CA29;110D 1163 11BC; # (쨩; 쨩; á„ᅣᆼ; 쨩; á„ᅣᆼ; ) HANGUL SYLLABLE JJYANG +CA2A;CA2A;110D 1163 11BD;CA2A;110D 1163 11BD; # (쨪; 쨪; á„ᅣᆽ; 쨪; á„ᅣᆽ; ) HANGUL SYLLABLE JJYAJ +CA2B;CA2B;110D 1163 11BE;CA2B;110D 1163 11BE; # (쨫; 쨫; á„ᅣᆾ; 쨫; á„ᅣᆾ; ) HANGUL SYLLABLE JJYAC +CA2C;CA2C;110D 1163 11BF;CA2C;110D 1163 11BF; # (쨬; 쨬; á„ᅣᆿ; 쨬; á„ᅣᆿ; ) HANGUL SYLLABLE JJYAK +CA2D;CA2D;110D 1163 11C0;CA2D;110D 1163 11C0; # (쨭; 쨭; á„ᅣᇀ; 쨭; á„ᅣᇀ; ) HANGUL SYLLABLE JJYAT +CA2E;CA2E;110D 1163 11C1;CA2E;110D 1163 11C1; # (쨮; 쨮; á„á…£á‡; 쨮; á„á…£á‡; ) HANGUL SYLLABLE JJYAP +CA2F;CA2F;110D 1163 11C2;CA2F;110D 1163 11C2; # (쨯; 쨯; á„ᅣᇂ; 쨯; á„ᅣᇂ; ) HANGUL SYLLABLE JJYAH +CA30;CA30;110D 1164;CA30;110D 1164; # (쨰; 쨰; á„á…¤; 쨰; á„á…¤; ) HANGUL SYLLABLE JJYAE +CA31;CA31;110D 1164 11A8;CA31;110D 1164 11A8; # (쨱; 쨱; á„ᅤᆨ; 쨱; á„ᅤᆨ; ) HANGUL SYLLABLE JJYAEG +CA32;CA32;110D 1164 11A9;CA32;110D 1164 11A9; # (쨲; 쨲; á„ᅤᆩ; 쨲; á„ᅤᆩ; ) HANGUL SYLLABLE JJYAEGG +CA33;CA33;110D 1164 11AA;CA33;110D 1164 11AA; # (쨳; 쨳; á„ᅤᆪ; 쨳; á„ᅤᆪ; ) HANGUL SYLLABLE JJYAEGS +CA34;CA34;110D 1164 11AB;CA34;110D 1164 11AB; # (쨴; 쨴; á„ᅤᆫ; 쨴; á„ᅤᆫ; ) HANGUL SYLLABLE JJYAEN +CA35;CA35;110D 1164 11AC;CA35;110D 1164 11AC; # (쨵; 쨵; á„ᅤᆬ; 쨵; á„ᅤᆬ; ) HANGUL SYLLABLE JJYAENJ +CA36;CA36;110D 1164 11AD;CA36;110D 1164 11AD; # (쨶; 쨶; á„ᅤᆭ; 쨶; á„ᅤᆭ; ) HANGUL SYLLABLE JJYAENH +CA37;CA37;110D 1164 11AE;CA37;110D 1164 11AE; # (쨷; 쨷; á„ᅤᆮ; 쨷; á„ᅤᆮ; ) HANGUL SYLLABLE JJYAED +CA38;CA38;110D 1164 11AF;CA38;110D 1164 11AF; # (쨸; 쨸; á„ᅤᆯ; 쨸; á„ᅤᆯ; ) HANGUL SYLLABLE JJYAEL +CA39;CA39;110D 1164 11B0;CA39;110D 1164 11B0; # (쨹; 쨹; á„ᅤᆰ; 쨹; á„ᅤᆰ; ) HANGUL SYLLABLE JJYAELG +CA3A;CA3A;110D 1164 11B1;CA3A;110D 1164 11B1; # (쨺; 쨺; á„ᅤᆱ; 쨺; á„ᅤᆱ; ) HANGUL SYLLABLE JJYAELM +CA3B;CA3B;110D 1164 11B2;CA3B;110D 1164 11B2; # (쨻; 쨻; á„ᅤᆲ; 쨻; á„ᅤᆲ; ) HANGUL SYLLABLE JJYAELB +CA3C;CA3C;110D 1164 11B3;CA3C;110D 1164 11B3; # (쨼; 쨼; á„ᅤᆳ; 쨼; á„ᅤᆳ; ) HANGUL SYLLABLE JJYAELS +CA3D;CA3D;110D 1164 11B4;CA3D;110D 1164 11B4; # (쨽; 쨽; á„ᅤᆴ; 쨽; á„ᅤᆴ; ) HANGUL SYLLABLE JJYAELT +CA3E;CA3E;110D 1164 11B5;CA3E;110D 1164 11B5; # (쨾; 쨾; á„ᅤᆵ; 쨾; á„ᅤᆵ; ) HANGUL SYLLABLE JJYAELP +CA3F;CA3F;110D 1164 11B6;CA3F;110D 1164 11B6; # (쨿; 쨿; á„ᅤᆶ; 쨿; á„ᅤᆶ; ) HANGUL SYLLABLE JJYAELH +CA40;CA40;110D 1164 11B7;CA40;110D 1164 11B7; # (ì©€; ì©€; á„ᅤᆷ; ì©€; á„ᅤᆷ; ) HANGUL SYLLABLE JJYAEM +CA41;CA41;110D 1164 11B8;CA41;110D 1164 11B8; # (ì©; ì©; á„ᅤᆸ; ì©; á„ᅤᆸ; ) HANGUL SYLLABLE JJYAEB +CA42;CA42;110D 1164 11B9;CA42;110D 1164 11B9; # (ì©‚; ì©‚; á„ᅤᆹ; ì©‚; á„ᅤᆹ; ) HANGUL SYLLABLE JJYAEBS +CA43;CA43;110D 1164 11BA;CA43;110D 1164 11BA; # (쩃; 쩃; á„ᅤᆺ; 쩃; á„ᅤᆺ; ) HANGUL SYLLABLE JJYAES +CA44;CA44;110D 1164 11BB;CA44;110D 1164 11BB; # (ì©„; ì©„; á„ᅤᆻ; ì©„; á„ᅤᆻ; ) HANGUL SYLLABLE JJYAESS +CA45;CA45;110D 1164 11BC;CA45;110D 1164 11BC; # (ì©…; ì©…; á„ᅤᆼ; ì©…; á„ᅤᆼ; ) HANGUL SYLLABLE JJYAENG +CA46;CA46;110D 1164 11BD;CA46;110D 1164 11BD; # (쩆; 쩆; á„ᅤᆽ; 쩆; á„ᅤᆽ; ) HANGUL SYLLABLE JJYAEJ +CA47;CA47;110D 1164 11BE;CA47;110D 1164 11BE; # (쩇; 쩇; á„ᅤᆾ; 쩇; á„ᅤᆾ; ) HANGUL SYLLABLE JJYAEC +CA48;CA48;110D 1164 11BF;CA48;110D 1164 11BF; # (쩈; 쩈; á„ᅤᆿ; 쩈; á„ᅤᆿ; ) HANGUL SYLLABLE JJYAEK +CA49;CA49;110D 1164 11C0;CA49;110D 1164 11C0; # (쩉; 쩉; á„ᅤᇀ; 쩉; á„ᅤᇀ; ) HANGUL SYLLABLE JJYAET +CA4A;CA4A;110D 1164 11C1;CA4A;110D 1164 11C1; # (ì©Š; ì©Š; á„á…¤á‡; ì©Š; á„á…¤á‡; ) HANGUL SYLLABLE JJYAEP +CA4B;CA4B;110D 1164 11C2;CA4B;110D 1164 11C2; # (ì©‹; ì©‹; á„ᅤᇂ; ì©‹; á„ᅤᇂ; ) HANGUL SYLLABLE JJYAEH +CA4C;CA4C;110D 1165;CA4C;110D 1165; # (ì©Œ; ì©Œ; á„á…¥; ì©Œ; á„á…¥; ) HANGUL SYLLABLE JJEO +CA4D;CA4D;110D 1165 11A8;CA4D;110D 1165 11A8; # (ì©; ì©; á„ᅥᆨ; ì©; á„ᅥᆨ; ) HANGUL SYLLABLE JJEOG +CA4E;CA4E;110D 1165 11A9;CA4E;110D 1165 11A9; # (ì©Ž; ì©Ž; á„ᅥᆩ; ì©Ž; á„ᅥᆩ; ) HANGUL SYLLABLE JJEOGG +CA4F;CA4F;110D 1165 11AA;CA4F;110D 1165 11AA; # (ì©; ì©; á„ᅥᆪ; ì©; á„ᅥᆪ; ) HANGUL SYLLABLE JJEOGS +CA50;CA50;110D 1165 11AB;CA50;110D 1165 11AB; # (ì©; ì©; á„ᅥᆫ; ì©; á„ᅥᆫ; ) HANGUL SYLLABLE JJEON +CA51;CA51;110D 1165 11AC;CA51;110D 1165 11AC; # (ì©‘; ì©‘; á„ᅥᆬ; ì©‘; á„ᅥᆬ; ) HANGUL SYLLABLE JJEONJ +CA52;CA52;110D 1165 11AD;CA52;110D 1165 11AD; # (ì©’; ì©’; á„ᅥᆭ; ì©’; á„ᅥᆭ; ) HANGUL SYLLABLE JJEONH +CA53;CA53;110D 1165 11AE;CA53;110D 1165 11AE; # (ì©“; ì©“; á„ᅥᆮ; ì©“; á„ᅥᆮ; ) HANGUL SYLLABLE JJEOD +CA54;CA54;110D 1165 11AF;CA54;110D 1165 11AF; # (ì©”; ì©”; á„ᅥᆯ; ì©”; á„ᅥᆯ; ) HANGUL SYLLABLE JJEOL +CA55;CA55;110D 1165 11B0;CA55;110D 1165 11B0; # (ì©•; ì©•; á„ᅥᆰ; ì©•; á„ᅥᆰ; ) HANGUL SYLLABLE JJEOLG +CA56;CA56;110D 1165 11B1;CA56;110D 1165 11B1; # (ì©–; ì©–; á„ᅥᆱ; ì©–; á„ᅥᆱ; ) HANGUL SYLLABLE JJEOLM +CA57;CA57;110D 1165 11B2;CA57;110D 1165 11B2; # (ì©—; ì©—; á„ᅥᆲ; ì©—; á„ᅥᆲ; ) HANGUL SYLLABLE JJEOLB +CA58;CA58;110D 1165 11B3;CA58;110D 1165 11B3; # (쩘; 쩘; á„ᅥᆳ; 쩘; á„ᅥᆳ; ) HANGUL SYLLABLE JJEOLS +CA59;CA59;110D 1165 11B4;CA59;110D 1165 11B4; # (ì©™; ì©™; á„ᅥᆴ; ì©™; á„ᅥᆴ; ) HANGUL SYLLABLE JJEOLT +CA5A;CA5A;110D 1165 11B5;CA5A;110D 1165 11B5; # (ì©š; ì©š; á„ᅥᆵ; ì©š; á„ᅥᆵ; ) HANGUL SYLLABLE JJEOLP +CA5B;CA5B;110D 1165 11B6;CA5B;110D 1165 11B6; # (ì©›; ì©›; á„ᅥᆶ; ì©›; á„ᅥᆶ; ) HANGUL SYLLABLE JJEOLH +CA5C;CA5C;110D 1165 11B7;CA5C;110D 1165 11B7; # (ì©œ; ì©œ; á„ᅥᆷ; ì©œ; á„ᅥᆷ; ) HANGUL SYLLABLE JJEOM +CA5D;CA5D;110D 1165 11B8;CA5D;110D 1165 11B8; # (ì©; ì©; á„ᅥᆸ; ì©; á„ᅥᆸ; ) HANGUL SYLLABLE JJEOB +CA5E;CA5E;110D 1165 11B9;CA5E;110D 1165 11B9; # (ì©ž; ì©ž; á„ᅥᆹ; ì©ž; á„ᅥᆹ; ) HANGUL SYLLABLE JJEOBS +CA5F;CA5F;110D 1165 11BA;CA5F;110D 1165 11BA; # (ì©Ÿ; ì©Ÿ; á„ᅥᆺ; ì©Ÿ; á„ᅥᆺ; ) HANGUL SYLLABLE JJEOS +CA60;CA60;110D 1165 11BB;CA60;110D 1165 11BB; # (ì© ; ì© ; á„ᅥᆻ; ì© ; á„ᅥᆻ; ) HANGUL SYLLABLE JJEOSS +CA61;CA61;110D 1165 11BC;CA61;110D 1165 11BC; # (ì©¡; ì©¡; á„ᅥᆼ; ì©¡; á„ᅥᆼ; ) HANGUL SYLLABLE JJEONG +CA62;CA62;110D 1165 11BD;CA62;110D 1165 11BD; # (ì©¢; ì©¢; á„ᅥᆽ; ì©¢; á„ᅥᆽ; ) HANGUL SYLLABLE JJEOJ +CA63;CA63;110D 1165 11BE;CA63;110D 1165 11BE; # (ì©£; ì©£; á„ᅥᆾ; ì©£; á„ᅥᆾ; ) HANGUL SYLLABLE JJEOC +CA64;CA64;110D 1165 11BF;CA64;110D 1165 11BF; # (쩤; 쩤; á„ᅥᆿ; 쩤; á„ᅥᆿ; ) HANGUL SYLLABLE JJEOK +CA65;CA65;110D 1165 11C0;CA65;110D 1165 11C0; # (ì©¥; ì©¥; á„ᅥᇀ; ì©¥; á„ᅥᇀ; ) HANGUL SYLLABLE JJEOT +CA66;CA66;110D 1165 11C1;CA66;110D 1165 11C1; # (쩦; 쩦; á„á…¥á‡; 쩦; á„á…¥á‡; ) HANGUL SYLLABLE JJEOP +CA67;CA67;110D 1165 11C2;CA67;110D 1165 11C2; # (쩧; 쩧; á„ᅥᇂ; 쩧; á„ᅥᇂ; ) HANGUL SYLLABLE JJEOH +CA68;CA68;110D 1166;CA68;110D 1166; # (쩨; 쩨; á„á…¦; 쩨; á„á…¦; ) HANGUL SYLLABLE JJE +CA69;CA69;110D 1166 11A8;CA69;110D 1166 11A8; # (ì©©; ì©©; á„ᅦᆨ; ì©©; á„ᅦᆨ; ) HANGUL SYLLABLE JJEG +CA6A;CA6A;110D 1166 11A9;CA6A;110D 1166 11A9; # (쩪; 쩪; á„ᅦᆩ; 쩪; á„ᅦᆩ; ) HANGUL SYLLABLE JJEGG +CA6B;CA6B;110D 1166 11AA;CA6B;110D 1166 11AA; # (ì©«; ì©«; á„ᅦᆪ; ì©«; á„ᅦᆪ; ) HANGUL SYLLABLE JJEGS +CA6C;CA6C;110D 1166 11AB;CA6C;110D 1166 11AB; # (쩬; 쩬; á„ᅦᆫ; 쩬; á„ᅦᆫ; ) HANGUL SYLLABLE JJEN +CA6D;CA6D;110D 1166 11AC;CA6D;110D 1166 11AC; # (ì©­; ì©­; á„ᅦᆬ; ì©­; á„ᅦᆬ; ) HANGUL SYLLABLE JJENJ +CA6E;CA6E;110D 1166 11AD;CA6E;110D 1166 11AD; # (ì©®; ì©®; á„ᅦᆭ; ì©®; á„ᅦᆭ; ) HANGUL SYLLABLE JJENH +CA6F;CA6F;110D 1166 11AE;CA6F;110D 1166 11AE; # (쩯; 쩯; á„ᅦᆮ; 쩯; á„ᅦᆮ; ) HANGUL SYLLABLE JJED +CA70;CA70;110D 1166 11AF;CA70;110D 1166 11AF; # (ì©°; ì©°; á„ᅦᆯ; ì©°; á„ᅦᆯ; ) HANGUL SYLLABLE JJEL +CA71;CA71;110D 1166 11B0;CA71;110D 1166 11B0; # (쩱; 쩱; á„ᅦᆰ; 쩱; á„ᅦᆰ; ) HANGUL SYLLABLE JJELG +CA72;CA72;110D 1166 11B1;CA72;110D 1166 11B1; # (쩲; 쩲; á„ᅦᆱ; 쩲; á„ᅦᆱ; ) HANGUL SYLLABLE JJELM +CA73;CA73;110D 1166 11B2;CA73;110D 1166 11B2; # (쩳; 쩳; á„ᅦᆲ; 쩳; á„ᅦᆲ; ) HANGUL SYLLABLE JJELB +CA74;CA74;110D 1166 11B3;CA74;110D 1166 11B3; # (ì©´; ì©´; á„ᅦᆳ; ì©´; á„ᅦᆳ; ) HANGUL SYLLABLE JJELS +CA75;CA75;110D 1166 11B4;CA75;110D 1166 11B4; # (쩵; 쩵; á„ᅦᆴ; 쩵; á„ᅦᆴ; ) HANGUL SYLLABLE JJELT +CA76;CA76;110D 1166 11B5;CA76;110D 1166 11B5; # (쩶; 쩶; á„ᅦᆵ; 쩶; á„ᅦᆵ; ) HANGUL SYLLABLE JJELP +CA77;CA77;110D 1166 11B6;CA77;110D 1166 11B6; # (ì©·; ì©·; á„ᅦᆶ; ì©·; á„ᅦᆶ; ) HANGUL SYLLABLE JJELH +CA78;CA78;110D 1166 11B7;CA78;110D 1166 11B7; # (쩸; 쩸; á„ᅦᆷ; 쩸; á„ᅦᆷ; ) HANGUL SYLLABLE JJEM +CA79;CA79;110D 1166 11B8;CA79;110D 1166 11B8; # (쩹; 쩹; á„ᅦᆸ; 쩹; á„ᅦᆸ; ) HANGUL SYLLABLE JJEB +CA7A;CA7A;110D 1166 11B9;CA7A;110D 1166 11B9; # (쩺; 쩺; á„ᅦᆹ; 쩺; á„ᅦᆹ; ) HANGUL SYLLABLE JJEBS +CA7B;CA7B;110D 1166 11BA;CA7B;110D 1166 11BA; # (ì©»; ì©»; á„ᅦᆺ; ì©»; á„ᅦᆺ; ) HANGUL SYLLABLE JJES +CA7C;CA7C;110D 1166 11BB;CA7C;110D 1166 11BB; # (쩼; 쩼; á„ᅦᆻ; 쩼; á„ᅦᆻ; ) HANGUL SYLLABLE JJESS +CA7D;CA7D;110D 1166 11BC;CA7D;110D 1166 11BC; # (쩽; 쩽; á„ᅦᆼ; 쩽; á„ᅦᆼ; ) HANGUL SYLLABLE JJENG +CA7E;CA7E;110D 1166 11BD;CA7E;110D 1166 11BD; # (쩾; 쩾; á„ᅦᆽ; 쩾; á„ᅦᆽ; ) HANGUL SYLLABLE JJEJ +CA7F;CA7F;110D 1166 11BE;CA7F;110D 1166 11BE; # (ì©¿; ì©¿; á„ᅦᆾ; ì©¿; á„ᅦᆾ; ) HANGUL SYLLABLE JJEC +CA80;CA80;110D 1166 11BF;CA80;110D 1166 11BF; # (쪀; 쪀; á„ᅦᆿ; 쪀; á„ᅦᆿ; ) HANGUL SYLLABLE JJEK +CA81;CA81;110D 1166 11C0;CA81;110D 1166 11C0; # (ìª; ìª; á„ᅦᇀ; ìª; á„ᅦᇀ; ) HANGUL SYLLABLE JJET +CA82;CA82;110D 1166 11C1;CA82;110D 1166 11C1; # (쪂; 쪂; á„á…¦á‡; 쪂; á„á…¦á‡; ) HANGUL SYLLABLE JJEP +CA83;CA83;110D 1166 11C2;CA83;110D 1166 11C2; # (쪃; 쪃; á„ᅦᇂ; 쪃; á„ᅦᇂ; ) HANGUL SYLLABLE JJEH +CA84;CA84;110D 1167;CA84;110D 1167; # (쪄; 쪄; á„á…§; 쪄; á„á…§; ) HANGUL SYLLABLE JJYEO +CA85;CA85;110D 1167 11A8;CA85;110D 1167 11A8; # (쪅; 쪅; á„ᅧᆨ; 쪅; á„ᅧᆨ; ) HANGUL SYLLABLE JJYEOG +CA86;CA86;110D 1167 11A9;CA86;110D 1167 11A9; # (쪆; 쪆; á„ᅧᆩ; 쪆; á„ᅧᆩ; ) HANGUL SYLLABLE JJYEOGG +CA87;CA87;110D 1167 11AA;CA87;110D 1167 11AA; # (쪇; 쪇; á„ᅧᆪ; 쪇; á„ᅧᆪ; ) HANGUL SYLLABLE JJYEOGS +CA88;CA88;110D 1167 11AB;CA88;110D 1167 11AB; # (쪈; 쪈; á„ᅧᆫ; 쪈; á„ᅧᆫ; ) HANGUL SYLLABLE JJYEON +CA89;CA89;110D 1167 11AC;CA89;110D 1167 11AC; # (쪉; 쪉; á„ᅧᆬ; 쪉; á„ᅧᆬ; ) HANGUL SYLLABLE JJYEONJ +CA8A;CA8A;110D 1167 11AD;CA8A;110D 1167 11AD; # (쪊; 쪊; á„ᅧᆭ; 쪊; á„ᅧᆭ; ) HANGUL SYLLABLE JJYEONH +CA8B;CA8B;110D 1167 11AE;CA8B;110D 1167 11AE; # (쪋; 쪋; á„ᅧᆮ; 쪋; á„ᅧᆮ; ) HANGUL SYLLABLE JJYEOD +CA8C;CA8C;110D 1167 11AF;CA8C;110D 1167 11AF; # (쪌; 쪌; á„ᅧᆯ; 쪌; á„ᅧᆯ; ) HANGUL SYLLABLE JJYEOL +CA8D;CA8D;110D 1167 11B0;CA8D;110D 1167 11B0; # (ìª; ìª; á„ᅧᆰ; ìª; á„ᅧᆰ; ) HANGUL SYLLABLE JJYEOLG +CA8E;CA8E;110D 1167 11B1;CA8E;110D 1167 11B1; # (쪎; 쪎; á„ᅧᆱ; 쪎; á„ᅧᆱ; ) HANGUL SYLLABLE JJYEOLM +CA8F;CA8F;110D 1167 11B2;CA8F;110D 1167 11B2; # (ìª; ìª; á„ᅧᆲ; ìª; á„ᅧᆲ; ) HANGUL SYLLABLE JJYEOLB +CA90;CA90;110D 1167 11B3;CA90;110D 1167 11B3; # (ìª; ìª; á„ᅧᆳ; ìª; á„ᅧᆳ; ) HANGUL SYLLABLE JJYEOLS +CA91;CA91;110D 1167 11B4;CA91;110D 1167 11B4; # (쪑; 쪑; á„ᅧᆴ; 쪑; á„ᅧᆴ; ) HANGUL SYLLABLE JJYEOLT +CA92;CA92;110D 1167 11B5;CA92;110D 1167 11B5; # (쪒; 쪒; á„ᅧᆵ; 쪒; á„ᅧᆵ; ) HANGUL SYLLABLE JJYEOLP +CA93;CA93;110D 1167 11B6;CA93;110D 1167 11B6; # (쪓; 쪓; á„ᅧᆶ; 쪓; á„ᅧᆶ; ) HANGUL SYLLABLE JJYEOLH +CA94;CA94;110D 1167 11B7;CA94;110D 1167 11B7; # (쪔; 쪔; á„ᅧᆷ; 쪔; á„ᅧᆷ; ) HANGUL SYLLABLE JJYEOM +CA95;CA95;110D 1167 11B8;CA95;110D 1167 11B8; # (쪕; 쪕; á„ᅧᆸ; 쪕; á„ᅧᆸ; ) HANGUL SYLLABLE JJYEOB +CA96;CA96;110D 1167 11B9;CA96;110D 1167 11B9; # (쪖; 쪖; á„ᅧᆹ; 쪖; á„ᅧᆹ; ) HANGUL SYLLABLE JJYEOBS +CA97;CA97;110D 1167 11BA;CA97;110D 1167 11BA; # (쪗; 쪗; á„ᅧᆺ; 쪗; á„ᅧᆺ; ) HANGUL SYLLABLE JJYEOS +CA98;CA98;110D 1167 11BB;CA98;110D 1167 11BB; # (쪘; 쪘; á„ᅧᆻ; 쪘; á„ᅧᆻ; ) HANGUL SYLLABLE JJYEOSS +CA99;CA99;110D 1167 11BC;CA99;110D 1167 11BC; # (쪙; 쪙; á„ᅧᆼ; 쪙; á„ᅧᆼ; ) HANGUL SYLLABLE JJYEONG +CA9A;CA9A;110D 1167 11BD;CA9A;110D 1167 11BD; # (쪚; 쪚; á„ᅧᆽ; 쪚; á„ᅧᆽ; ) HANGUL SYLLABLE JJYEOJ +CA9B;CA9B;110D 1167 11BE;CA9B;110D 1167 11BE; # (쪛; 쪛; á„ᅧᆾ; 쪛; á„ᅧᆾ; ) HANGUL SYLLABLE JJYEOC +CA9C;CA9C;110D 1167 11BF;CA9C;110D 1167 11BF; # (쪜; 쪜; á„ᅧᆿ; 쪜; á„ᅧᆿ; ) HANGUL SYLLABLE JJYEOK +CA9D;CA9D;110D 1167 11C0;CA9D;110D 1167 11C0; # (ìª; ìª; á„ᅧᇀ; ìª; á„ᅧᇀ; ) HANGUL SYLLABLE JJYEOT +CA9E;CA9E;110D 1167 11C1;CA9E;110D 1167 11C1; # (쪞; 쪞; á„á…§á‡; 쪞; á„á…§á‡; ) HANGUL SYLLABLE JJYEOP +CA9F;CA9F;110D 1167 11C2;CA9F;110D 1167 11C2; # (쪟; 쪟; á„ᅧᇂ; 쪟; á„ᅧᇂ; ) HANGUL SYLLABLE JJYEOH +CAA0;CAA0;110D 1168;CAA0;110D 1168; # (쪠; 쪠; á„á…¨; 쪠; á„á…¨; ) HANGUL SYLLABLE JJYE +CAA1;CAA1;110D 1168 11A8;CAA1;110D 1168 11A8; # (쪡; 쪡; á„ᅨᆨ; 쪡; á„ᅨᆨ; ) HANGUL SYLLABLE JJYEG +CAA2;CAA2;110D 1168 11A9;CAA2;110D 1168 11A9; # (쪢; 쪢; á„ᅨᆩ; 쪢; á„ᅨᆩ; ) HANGUL SYLLABLE JJYEGG +CAA3;CAA3;110D 1168 11AA;CAA3;110D 1168 11AA; # (쪣; 쪣; á„ᅨᆪ; 쪣; á„ᅨᆪ; ) HANGUL SYLLABLE JJYEGS +CAA4;CAA4;110D 1168 11AB;CAA4;110D 1168 11AB; # (쪤; 쪤; á„ᅨᆫ; 쪤; á„ᅨᆫ; ) HANGUL SYLLABLE JJYEN +CAA5;CAA5;110D 1168 11AC;CAA5;110D 1168 11AC; # (쪥; 쪥; á„ᅨᆬ; 쪥; á„ᅨᆬ; ) HANGUL SYLLABLE JJYENJ +CAA6;CAA6;110D 1168 11AD;CAA6;110D 1168 11AD; # (쪦; 쪦; á„ᅨᆭ; 쪦; á„ᅨᆭ; ) HANGUL SYLLABLE JJYENH +CAA7;CAA7;110D 1168 11AE;CAA7;110D 1168 11AE; # (쪧; 쪧; á„ᅨᆮ; 쪧; á„ᅨᆮ; ) HANGUL SYLLABLE JJYED +CAA8;CAA8;110D 1168 11AF;CAA8;110D 1168 11AF; # (쪨; 쪨; á„ᅨᆯ; 쪨; á„ᅨᆯ; ) HANGUL SYLLABLE JJYEL +CAA9;CAA9;110D 1168 11B0;CAA9;110D 1168 11B0; # (쪩; 쪩; á„ᅨᆰ; 쪩; á„ᅨᆰ; ) HANGUL SYLLABLE JJYELG +CAAA;CAAA;110D 1168 11B1;CAAA;110D 1168 11B1; # (쪪; 쪪; á„ᅨᆱ; 쪪; á„ᅨᆱ; ) HANGUL SYLLABLE JJYELM +CAAB;CAAB;110D 1168 11B2;CAAB;110D 1168 11B2; # (쪫; 쪫; á„ᅨᆲ; 쪫; á„ᅨᆲ; ) HANGUL SYLLABLE JJYELB +CAAC;CAAC;110D 1168 11B3;CAAC;110D 1168 11B3; # (쪬; 쪬; á„ᅨᆳ; 쪬; á„ᅨᆳ; ) HANGUL SYLLABLE JJYELS +CAAD;CAAD;110D 1168 11B4;CAAD;110D 1168 11B4; # (쪭; 쪭; á„ᅨᆴ; 쪭; á„ᅨᆴ; ) HANGUL SYLLABLE JJYELT +CAAE;CAAE;110D 1168 11B5;CAAE;110D 1168 11B5; # (쪮; 쪮; á„ᅨᆵ; 쪮; á„ᅨᆵ; ) HANGUL SYLLABLE JJYELP +CAAF;CAAF;110D 1168 11B6;CAAF;110D 1168 11B6; # (쪯; 쪯; á„ᅨᆶ; 쪯; á„ᅨᆶ; ) HANGUL SYLLABLE JJYELH +CAB0;CAB0;110D 1168 11B7;CAB0;110D 1168 11B7; # (쪰; 쪰; á„ᅨᆷ; 쪰; á„ᅨᆷ; ) HANGUL SYLLABLE JJYEM +CAB1;CAB1;110D 1168 11B8;CAB1;110D 1168 11B8; # (쪱; 쪱; á„ᅨᆸ; 쪱; á„ᅨᆸ; ) HANGUL SYLLABLE JJYEB +CAB2;CAB2;110D 1168 11B9;CAB2;110D 1168 11B9; # (쪲; 쪲; á„ᅨᆹ; 쪲; á„ᅨᆹ; ) HANGUL SYLLABLE JJYEBS +CAB3;CAB3;110D 1168 11BA;CAB3;110D 1168 11BA; # (쪳; 쪳; á„ᅨᆺ; 쪳; á„ᅨᆺ; ) HANGUL SYLLABLE JJYES +CAB4;CAB4;110D 1168 11BB;CAB4;110D 1168 11BB; # (쪴; 쪴; á„ᅨᆻ; 쪴; á„ᅨᆻ; ) HANGUL SYLLABLE JJYESS +CAB5;CAB5;110D 1168 11BC;CAB5;110D 1168 11BC; # (쪵; 쪵; á„ᅨᆼ; 쪵; á„ᅨᆼ; ) HANGUL SYLLABLE JJYENG +CAB6;CAB6;110D 1168 11BD;CAB6;110D 1168 11BD; # (쪶; 쪶; á„ᅨᆽ; 쪶; á„ᅨᆽ; ) HANGUL SYLLABLE JJYEJ +CAB7;CAB7;110D 1168 11BE;CAB7;110D 1168 11BE; # (쪷; 쪷; á„ᅨᆾ; 쪷; á„ᅨᆾ; ) HANGUL SYLLABLE JJYEC +CAB8;CAB8;110D 1168 11BF;CAB8;110D 1168 11BF; # (쪸; 쪸; á„ᅨᆿ; 쪸; á„ᅨᆿ; ) HANGUL SYLLABLE JJYEK +CAB9;CAB9;110D 1168 11C0;CAB9;110D 1168 11C0; # (쪹; 쪹; á„ᅨᇀ; 쪹; á„ᅨᇀ; ) HANGUL SYLLABLE JJYET +CABA;CABA;110D 1168 11C1;CABA;110D 1168 11C1; # (쪺; 쪺; á„á…¨á‡; 쪺; á„á…¨á‡; ) HANGUL SYLLABLE JJYEP +CABB;CABB;110D 1168 11C2;CABB;110D 1168 11C2; # (쪻; 쪻; á„ᅨᇂ; 쪻; á„ᅨᇂ; ) HANGUL SYLLABLE JJYEH +CABC;CABC;110D 1169;CABC;110D 1169; # (쪼; 쪼; á„á…©; 쪼; á„á…©; ) HANGUL SYLLABLE JJO +CABD;CABD;110D 1169 11A8;CABD;110D 1169 11A8; # (쪽; 쪽; á„ᅩᆨ; 쪽; á„ᅩᆨ; ) HANGUL SYLLABLE JJOG +CABE;CABE;110D 1169 11A9;CABE;110D 1169 11A9; # (쪾; 쪾; á„ᅩᆩ; 쪾; á„ᅩᆩ; ) HANGUL SYLLABLE JJOGG +CABF;CABF;110D 1169 11AA;CABF;110D 1169 11AA; # (쪿; 쪿; á„ᅩᆪ; 쪿; á„ᅩᆪ; ) HANGUL SYLLABLE JJOGS +CAC0;CAC0;110D 1169 11AB;CAC0;110D 1169 11AB; # (ì«€; ì«€; á„ᅩᆫ; ì«€; á„ᅩᆫ; ) HANGUL SYLLABLE JJON +CAC1;CAC1;110D 1169 11AC;CAC1;110D 1169 11AC; # (ì«; ì«; á„ᅩᆬ; ì«; á„ᅩᆬ; ) HANGUL SYLLABLE JJONJ +CAC2;CAC2;110D 1169 11AD;CAC2;110D 1169 11AD; # (ì«‚; ì«‚; á„ᅩᆭ; ì«‚; á„ᅩᆭ; ) HANGUL SYLLABLE JJONH +CAC3;CAC3;110D 1169 11AE;CAC3;110D 1169 11AE; # (쫃; 쫃; á„ᅩᆮ; 쫃; á„ᅩᆮ; ) HANGUL SYLLABLE JJOD +CAC4;CAC4;110D 1169 11AF;CAC4;110D 1169 11AF; # (ì«„; ì«„; á„ᅩᆯ; ì«„; á„ᅩᆯ; ) HANGUL SYLLABLE JJOL +CAC5;CAC5;110D 1169 11B0;CAC5;110D 1169 11B0; # (ì«…; ì«…; á„ᅩᆰ; ì«…; á„ᅩᆰ; ) HANGUL SYLLABLE JJOLG +CAC6;CAC6;110D 1169 11B1;CAC6;110D 1169 11B1; # (쫆; 쫆; á„ᅩᆱ; 쫆; á„ᅩᆱ; ) HANGUL SYLLABLE JJOLM +CAC7;CAC7;110D 1169 11B2;CAC7;110D 1169 11B2; # (쫇; 쫇; á„ᅩᆲ; 쫇; á„ᅩᆲ; ) HANGUL SYLLABLE JJOLB +CAC8;CAC8;110D 1169 11B3;CAC8;110D 1169 11B3; # (쫈; 쫈; á„ᅩᆳ; 쫈; á„ᅩᆳ; ) HANGUL SYLLABLE JJOLS +CAC9;CAC9;110D 1169 11B4;CAC9;110D 1169 11B4; # (쫉; 쫉; á„ᅩᆴ; 쫉; á„ᅩᆴ; ) HANGUL SYLLABLE JJOLT +CACA;CACA;110D 1169 11B5;CACA;110D 1169 11B5; # (ì«Š; ì«Š; á„ᅩᆵ; ì«Š; á„ᅩᆵ; ) HANGUL SYLLABLE JJOLP +CACB;CACB;110D 1169 11B6;CACB;110D 1169 11B6; # (ì«‹; ì«‹; á„ᅩᆶ; ì«‹; á„ᅩᆶ; ) HANGUL SYLLABLE JJOLH +CACC;CACC;110D 1169 11B7;CACC;110D 1169 11B7; # (ì«Œ; ì«Œ; á„ᅩᆷ; ì«Œ; á„ᅩᆷ; ) HANGUL SYLLABLE JJOM +CACD;CACD;110D 1169 11B8;CACD;110D 1169 11B8; # (ì«; ì«; á„ᅩᆸ; ì«; á„ᅩᆸ; ) HANGUL SYLLABLE JJOB +CACE;CACE;110D 1169 11B9;CACE;110D 1169 11B9; # (ì«Ž; ì«Ž; á„ᅩᆹ; ì«Ž; á„ᅩᆹ; ) HANGUL SYLLABLE JJOBS +CACF;CACF;110D 1169 11BA;CACF;110D 1169 11BA; # (ì«; ì«; á„ᅩᆺ; ì«; á„ᅩᆺ; ) HANGUL SYLLABLE JJOS +CAD0;CAD0;110D 1169 11BB;CAD0;110D 1169 11BB; # (ì«; ì«; á„ᅩᆻ; ì«; á„ᅩᆻ; ) HANGUL SYLLABLE JJOSS +CAD1;CAD1;110D 1169 11BC;CAD1;110D 1169 11BC; # (ì«‘; ì«‘; á„ᅩᆼ; ì«‘; á„ᅩᆼ; ) HANGUL SYLLABLE JJONG +CAD2;CAD2;110D 1169 11BD;CAD2;110D 1169 11BD; # (ì«’; ì«’; á„ᅩᆽ; ì«’; á„ᅩᆽ; ) HANGUL SYLLABLE JJOJ +CAD3;CAD3;110D 1169 11BE;CAD3;110D 1169 11BE; # (ì«“; ì«“; á„ᅩᆾ; ì«“; á„ᅩᆾ; ) HANGUL SYLLABLE JJOC +CAD4;CAD4;110D 1169 11BF;CAD4;110D 1169 11BF; # (ì«”; ì«”; á„ᅩᆿ; ì«”; á„ᅩᆿ; ) HANGUL SYLLABLE JJOK +CAD5;CAD5;110D 1169 11C0;CAD5;110D 1169 11C0; # (ì«•; ì«•; á„ᅩᇀ; ì«•; á„ᅩᇀ; ) HANGUL SYLLABLE JJOT +CAD6;CAD6;110D 1169 11C1;CAD6;110D 1169 11C1; # (ì«–; ì«–; á„á…©á‡; ì«–; á„á…©á‡; ) HANGUL SYLLABLE JJOP +CAD7;CAD7;110D 1169 11C2;CAD7;110D 1169 11C2; # (ì«—; ì«—; á„ᅩᇂ; ì«—; á„ᅩᇂ; ) HANGUL SYLLABLE JJOH +CAD8;CAD8;110D 116A;CAD8;110D 116A; # (쫘; 쫘; á„á…ª; 쫘; á„á…ª; ) HANGUL SYLLABLE JJWA +CAD9;CAD9;110D 116A 11A8;CAD9;110D 116A 11A8; # (ì«™; ì«™; á„ᅪᆨ; ì«™; á„ᅪᆨ; ) HANGUL SYLLABLE JJWAG +CADA;CADA;110D 116A 11A9;CADA;110D 116A 11A9; # (ì«š; ì«š; á„ᅪᆩ; ì«š; á„ᅪᆩ; ) HANGUL SYLLABLE JJWAGG +CADB;CADB;110D 116A 11AA;CADB;110D 116A 11AA; # (ì«›; ì«›; á„ᅪᆪ; ì«›; á„ᅪᆪ; ) HANGUL SYLLABLE JJWAGS +CADC;CADC;110D 116A 11AB;CADC;110D 116A 11AB; # (ì«œ; ì«œ; á„ᅪᆫ; ì«œ; á„ᅪᆫ; ) HANGUL SYLLABLE JJWAN +CADD;CADD;110D 116A 11AC;CADD;110D 116A 11AC; # (ì«; ì«; á„ᅪᆬ; ì«; á„ᅪᆬ; ) HANGUL SYLLABLE JJWANJ +CADE;CADE;110D 116A 11AD;CADE;110D 116A 11AD; # (ì«ž; ì«ž; á„ᅪᆭ; ì«ž; á„ᅪᆭ; ) HANGUL SYLLABLE JJWANH +CADF;CADF;110D 116A 11AE;CADF;110D 116A 11AE; # (ì«Ÿ; ì«Ÿ; á„ᅪᆮ; ì«Ÿ; á„ᅪᆮ; ) HANGUL SYLLABLE JJWAD +CAE0;CAE0;110D 116A 11AF;CAE0;110D 116A 11AF; # (ì« ; ì« ; á„ᅪᆯ; ì« ; á„ᅪᆯ; ) HANGUL SYLLABLE JJWAL +CAE1;CAE1;110D 116A 11B0;CAE1;110D 116A 11B0; # (ì«¡; ì«¡; á„ᅪᆰ; ì«¡; á„ᅪᆰ; ) HANGUL SYLLABLE JJWALG +CAE2;CAE2;110D 116A 11B1;CAE2;110D 116A 11B1; # (ì«¢; ì«¢; á„ᅪᆱ; ì«¢; á„ᅪᆱ; ) HANGUL SYLLABLE JJWALM +CAE3;CAE3;110D 116A 11B2;CAE3;110D 116A 11B2; # (ì«£; ì«£; á„ᅪᆲ; ì«£; á„ᅪᆲ; ) HANGUL SYLLABLE JJWALB +CAE4;CAE4;110D 116A 11B3;CAE4;110D 116A 11B3; # (쫤; 쫤; á„ᅪᆳ; 쫤; á„ᅪᆳ; ) HANGUL SYLLABLE JJWALS +CAE5;CAE5;110D 116A 11B4;CAE5;110D 116A 11B4; # (ì«¥; ì«¥; á„ᅪᆴ; ì«¥; á„ᅪᆴ; ) HANGUL SYLLABLE JJWALT +CAE6;CAE6;110D 116A 11B5;CAE6;110D 116A 11B5; # (쫦; 쫦; á„ᅪᆵ; 쫦; á„ᅪᆵ; ) HANGUL SYLLABLE JJWALP +CAE7;CAE7;110D 116A 11B6;CAE7;110D 116A 11B6; # (쫧; 쫧; á„ᅪᆶ; 쫧; á„ᅪᆶ; ) HANGUL SYLLABLE JJWALH +CAE8;CAE8;110D 116A 11B7;CAE8;110D 116A 11B7; # (쫨; 쫨; á„ᅪᆷ; 쫨; á„ᅪᆷ; ) HANGUL SYLLABLE JJWAM +CAE9;CAE9;110D 116A 11B8;CAE9;110D 116A 11B8; # (ì«©; ì«©; á„ᅪᆸ; ì«©; á„ᅪᆸ; ) HANGUL SYLLABLE JJWAB +CAEA;CAEA;110D 116A 11B9;CAEA;110D 116A 11B9; # (쫪; 쫪; á„ᅪᆹ; 쫪; á„ᅪᆹ; ) HANGUL SYLLABLE JJWABS +CAEB;CAEB;110D 116A 11BA;CAEB;110D 116A 11BA; # (ì««; ì««; á„ᅪᆺ; ì««; á„ᅪᆺ; ) HANGUL SYLLABLE JJWAS +CAEC;CAEC;110D 116A 11BB;CAEC;110D 116A 11BB; # (쫬; 쫬; á„ᅪᆻ; 쫬; á„ᅪᆻ; ) HANGUL SYLLABLE JJWASS +CAED;CAED;110D 116A 11BC;CAED;110D 116A 11BC; # (ì«­; ì«­; á„ᅪᆼ; ì«­; á„ᅪᆼ; ) HANGUL SYLLABLE JJWANG +CAEE;CAEE;110D 116A 11BD;CAEE;110D 116A 11BD; # (ì«®; ì«®; á„ᅪᆽ; ì«®; á„ᅪᆽ; ) HANGUL SYLLABLE JJWAJ +CAEF;CAEF;110D 116A 11BE;CAEF;110D 116A 11BE; # (쫯; 쫯; á„ᅪᆾ; 쫯; á„ᅪᆾ; ) HANGUL SYLLABLE JJWAC +CAF0;CAF0;110D 116A 11BF;CAF0;110D 116A 11BF; # (ì«°; ì«°; á„ᅪᆿ; ì«°; á„ᅪᆿ; ) HANGUL SYLLABLE JJWAK +CAF1;CAF1;110D 116A 11C0;CAF1;110D 116A 11C0; # (쫱; 쫱; á„ᅪᇀ; 쫱; á„ᅪᇀ; ) HANGUL SYLLABLE JJWAT +CAF2;CAF2;110D 116A 11C1;CAF2;110D 116A 11C1; # (쫲; 쫲; á„á…ªá‡; 쫲; á„á…ªá‡; ) HANGUL SYLLABLE JJWAP +CAF3;CAF3;110D 116A 11C2;CAF3;110D 116A 11C2; # (쫳; 쫳; á„ᅪᇂ; 쫳; á„ᅪᇂ; ) HANGUL SYLLABLE JJWAH +CAF4;CAF4;110D 116B;CAF4;110D 116B; # (ì«´; ì«´; á„á…«; ì«´; á„á…«; ) HANGUL SYLLABLE JJWAE +CAF5;CAF5;110D 116B 11A8;CAF5;110D 116B 11A8; # (쫵; 쫵; á„ᅫᆨ; 쫵; á„ᅫᆨ; ) HANGUL SYLLABLE JJWAEG +CAF6;CAF6;110D 116B 11A9;CAF6;110D 116B 11A9; # (쫶; 쫶; á„ᅫᆩ; 쫶; á„ᅫᆩ; ) HANGUL SYLLABLE JJWAEGG +CAF7;CAF7;110D 116B 11AA;CAF7;110D 116B 11AA; # (ì«·; ì«·; á„ᅫᆪ; ì«·; á„ᅫᆪ; ) HANGUL SYLLABLE JJWAEGS +CAF8;CAF8;110D 116B 11AB;CAF8;110D 116B 11AB; # (쫸; 쫸; á„ᅫᆫ; 쫸; á„ᅫᆫ; ) HANGUL SYLLABLE JJWAEN +CAF9;CAF9;110D 116B 11AC;CAF9;110D 116B 11AC; # (쫹; 쫹; á„ᅫᆬ; 쫹; á„ᅫᆬ; ) HANGUL SYLLABLE JJWAENJ +CAFA;CAFA;110D 116B 11AD;CAFA;110D 116B 11AD; # (쫺; 쫺; á„ᅫᆭ; 쫺; á„ᅫᆭ; ) HANGUL SYLLABLE JJWAENH +CAFB;CAFB;110D 116B 11AE;CAFB;110D 116B 11AE; # (ì«»; ì«»; á„ᅫᆮ; ì«»; á„ᅫᆮ; ) HANGUL SYLLABLE JJWAED +CAFC;CAFC;110D 116B 11AF;CAFC;110D 116B 11AF; # (쫼; 쫼; á„ᅫᆯ; 쫼; á„ᅫᆯ; ) HANGUL SYLLABLE JJWAEL +CAFD;CAFD;110D 116B 11B0;CAFD;110D 116B 11B0; # (쫽; 쫽; á„ᅫᆰ; 쫽; á„ᅫᆰ; ) HANGUL SYLLABLE JJWAELG +CAFE;CAFE;110D 116B 11B1;CAFE;110D 116B 11B1; # (쫾; 쫾; á„ᅫᆱ; 쫾; á„ᅫᆱ; ) HANGUL SYLLABLE JJWAELM +CAFF;CAFF;110D 116B 11B2;CAFF;110D 116B 11B2; # (ì«¿; ì«¿; á„ᅫᆲ; ì«¿; á„ᅫᆲ; ) HANGUL SYLLABLE JJWAELB +CB00;CB00;110D 116B 11B3;CB00;110D 116B 11B3; # (쬀; 쬀; á„ᅫᆳ; 쬀; á„ᅫᆳ; ) HANGUL SYLLABLE JJWAELS +CB01;CB01;110D 116B 11B4;CB01;110D 116B 11B4; # (ì¬; ì¬; á„ᅫᆴ; ì¬; á„ᅫᆴ; ) HANGUL SYLLABLE JJWAELT +CB02;CB02;110D 116B 11B5;CB02;110D 116B 11B5; # (쬂; 쬂; á„ᅫᆵ; 쬂; á„ᅫᆵ; ) HANGUL SYLLABLE JJWAELP +CB03;CB03;110D 116B 11B6;CB03;110D 116B 11B6; # (쬃; 쬃; á„ᅫᆶ; 쬃; á„ᅫᆶ; ) HANGUL SYLLABLE JJWAELH +CB04;CB04;110D 116B 11B7;CB04;110D 116B 11B7; # (쬄; 쬄; á„ᅫᆷ; 쬄; á„ᅫᆷ; ) HANGUL SYLLABLE JJWAEM +CB05;CB05;110D 116B 11B8;CB05;110D 116B 11B8; # (쬅; 쬅; á„ᅫᆸ; 쬅; á„ᅫᆸ; ) HANGUL SYLLABLE JJWAEB +CB06;CB06;110D 116B 11B9;CB06;110D 116B 11B9; # (쬆; 쬆; á„ᅫᆹ; 쬆; á„ᅫᆹ; ) HANGUL SYLLABLE JJWAEBS +CB07;CB07;110D 116B 11BA;CB07;110D 116B 11BA; # (쬇; 쬇; á„ᅫᆺ; 쬇; á„ᅫᆺ; ) HANGUL SYLLABLE JJWAES +CB08;CB08;110D 116B 11BB;CB08;110D 116B 11BB; # (쬈; 쬈; á„ᅫᆻ; 쬈; á„ᅫᆻ; ) HANGUL SYLLABLE JJWAESS +CB09;CB09;110D 116B 11BC;CB09;110D 116B 11BC; # (쬉; 쬉; á„ᅫᆼ; 쬉; á„ᅫᆼ; ) HANGUL SYLLABLE JJWAENG +CB0A;CB0A;110D 116B 11BD;CB0A;110D 116B 11BD; # (쬊; 쬊; á„ᅫᆽ; 쬊; á„ᅫᆽ; ) HANGUL SYLLABLE JJWAEJ +CB0B;CB0B;110D 116B 11BE;CB0B;110D 116B 11BE; # (쬋; 쬋; á„ᅫᆾ; 쬋; á„ᅫᆾ; ) HANGUL SYLLABLE JJWAEC +CB0C;CB0C;110D 116B 11BF;CB0C;110D 116B 11BF; # (쬌; 쬌; á„ᅫᆿ; 쬌; á„ᅫᆿ; ) HANGUL SYLLABLE JJWAEK +CB0D;CB0D;110D 116B 11C0;CB0D;110D 116B 11C0; # (ì¬; ì¬; á„ᅫᇀ; ì¬; á„ᅫᇀ; ) HANGUL SYLLABLE JJWAET +CB0E;CB0E;110D 116B 11C1;CB0E;110D 116B 11C1; # (쬎; 쬎; á„á…«á‡; 쬎; á„á…«á‡; ) HANGUL SYLLABLE JJWAEP +CB0F;CB0F;110D 116B 11C2;CB0F;110D 116B 11C2; # (ì¬; ì¬; á„ᅫᇂ; ì¬; á„ᅫᇂ; ) HANGUL SYLLABLE JJWAEH +CB10;CB10;110D 116C;CB10;110D 116C; # (ì¬; ì¬; á„á…¬; ì¬; á„á…¬; ) HANGUL SYLLABLE JJOE +CB11;CB11;110D 116C 11A8;CB11;110D 116C 11A8; # (쬑; 쬑; á„ᅬᆨ; 쬑; á„ᅬᆨ; ) HANGUL SYLLABLE JJOEG +CB12;CB12;110D 116C 11A9;CB12;110D 116C 11A9; # (쬒; 쬒; á„ᅬᆩ; 쬒; á„ᅬᆩ; ) HANGUL SYLLABLE JJOEGG +CB13;CB13;110D 116C 11AA;CB13;110D 116C 11AA; # (쬓; 쬓; á„ᅬᆪ; 쬓; á„ᅬᆪ; ) HANGUL SYLLABLE JJOEGS +CB14;CB14;110D 116C 11AB;CB14;110D 116C 11AB; # (쬔; 쬔; á„ᅬᆫ; 쬔; á„ᅬᆫ; ) HANGUL SYLLABLE JJOEN +CB15;CB15;110D 116C 11AC;CB15;110D 116C 11AC; # (쬕; 쬕; á„ᅬᆬ; 쬕; á„ᅬᆬ; ) HANGUL SYLLABLE JJOENJ +CB16;CB16;110D 116C 11AD;CB16;110D 116C 11AD; # (쬖; 쬖; á„ᅬᆭ; 쬖; á„ᅬᆭ; ) HANGUL SYLLABLE JJOENH +CB17;CB17;110D 116C 11AE;CB17;110D 116C 11AE; # (쬗; 쬗; á„ᅬᆮ; 쬗; á„ᅬᆮ; ) HANGUL SYLLABLE JJOED +CB18;CB18;110D 116C 11AF;CB18;110D 116C 11AF; # (쬘; 쬘; á„ᅬᆯ; 쬘; á„ᅬᆯ; ) HANGUL SYLLABLE JJOEL +CB19;CB19;110D 116C 11B0;CB19;110D 116C 11B0; # (쬙; 쬙; á„ᅬᆰ; 쬙; á„ᅬᆰ; ) HANGUL SYLLABLE JJOELG +CB1A;CB1A;110D 116C 11B1;CB1A;110D 116C 11B1; # (쬚; 쬚; á„ᅬᆱ; 쬚; á„ᅬᆱ; ) HANGUL SYLLABLE JJOELM +CB1B;CB1B;110D 116C 11B2;CB1B;110D 116C 11B2; # (쬛; 쬛; á„ᅬᆲ; 쬛; á„ᅬᆲ; ) HANGUL SYLLABLE JJOELB +CB1C;CB1C;110D 116C 11B3;CB1C;110D 116C 11B3; # (쬜; 쬜; á„ᅬᆳ; 쬜; á„ᅬᆳ; ) HANGUL SYLLABLE JJOELS +CB1D;CB1D;110D 116C 11B4;CB1D;110D 116C 11B4; # (ì¬; ì¬; á„ᅬᆴ; ì¬; á„ᅬᆴ; ) HANGUL SYLLABLE JJOELT +CB1E;CB1E;110D 116C 11B5;CB1E;110D 116C 11B5; # (쬞; 쬞; á„ᅬᆵ; 쬞; á„ᅬᆵ; ) HANGUL SYLLABLE JJOELP +CB1F;CB1F;110D 116C 11B6;CB1F;110D 116C 11B6; # (쬟; 쬟; á„ᅬᆶ; 쬟; á„ᅬᆶ; ) HANGUL SYLLABLE JJOELH +CB20;CB20;110D 116C 11B7;CB20;110D 116C 11B7; # (쬠; 쬠; á„ᅬᆷ; 쬠; á„ᅬᆷ; ) HANGUL SYLLABLE JJOEM +CB21;CB21;110D 116C 11B8;CB21;110D 116C 11B8; # (쬡; 쬡; á„ᅬᆸ; 쬡; á„ᅬᆸ; ) HANGUL SYLLABLE JJOEB +CB22;CB22;110D 116C 11B9;CB22;110D 116C 11B9; # (쬢; 쬢; á„ᅬᆹ; 쬢; á„ᅬᆹ; ) HANGUL SYLLABLE JJOEBS +CB23;CB23;110D 116C 11BA;CB23;110D 116C 11BA; # (쬣; 쬣; á„ᅬᆺ; 쬣; á„ᅬᆺ; ) HANGUL SYLLABLE JJOES +CB24;CB24;110D 116C 11BB;CB24;110D 116C 11BB; # (쬤; 쬤; á„ᅬᆻ; 쬤; á„ᅬᆻ; ) HANGUL SYLLABLE JJOESS +CB25;CB25;110D 116C 11BC;CB25;110D 116C 11BC; # (쬥; 쬥; á„ᅬᆼ; 쬥; á„ᅬᆼ; ) HANGUL SYLLABLE JJOENG +CB26;CB26;110D 116C 11BD;CB26;110D 116C 11BD; # (쬦; 쬦; á„ᅬᆽ; 쬦; á„ᅬᆽ; ) HANGUL SYLLABLE JJOEJ +CB27;CB27;110D 116C 11BE;CB27;110D 116C 11BE; # (쬧; 쬧; á„ᅬᆾ; 쬧; á„ᅬᆾ; ) HANGUL SYLLABLE JJOEC +CB28;CB28;110D 116C 11BF;CB28;110D 116C 11BF; # (쬨; 쬨; á„ᅬᆿ; 쬨; á„ᅬᆿ; ) HANGUL SYLLABLE JJOEK +CB29;CB29;110D 116C 11C0;CB29;110D 116C 11C0; # (쬩; 쬩; á„ᅬᇀ; 쬩; á„ᅬᇀ; ) HANGUL SYLLABLE JJOET +CB2A;CB2A;110D 116C 11C1;CB2A;110D 116C 11C1; # (쬪; 쬪; á„á…¬á‡; 쬪; á„á…¬á‡; ) HANGUL SYLLABLE JJOEP +CB2B;CB2B;110D 116C 11C2;CB2B;110D 116C 11C2; # (쬫; 쬫; á„ᅬᇂ; 쬫; á„ᅬᇂ; ) HANGUL SYLLABLE JJOEH +CB2C;CB2C;110D 116D;CB2C;110D 116D; # (쬬; 쬬; á„á…­; 쬬; á„á…­; ) HANGUL SYLLABLE JJYO +CB2D;CB2D;110D 116D 11A8;CB2D;110D 116D 11A8; # (쬭; 쬭; á„ᅭᆨ; 쬭; á„ᅭᆨ; ) HANGUL SYLLABLE JJYOG +CB2E;CB2E;110D 116D 11A9;CB2E;110D 116D 11A9; # (쬮; 쬮; á„ᅭᆩ; 쬮; á„ᅭᆩ; ) HANGUL SYLLABLE JJYOGG +CB2F;CB2F;110D 116D 11AA;CB2F;110D 116D 11AA; # (쬯; 쬯; á„ᅭᆪ; 쬯; á„ᅭᆪ; ) HANGUL SYLLABLE JJYOGS +CB30;CB30;110D 116D 11AB;CB30;110D 116D 11AB; # (쬰; 쬰; á„ᅭᆫ; 쬰; á„ᅭᆫ; ) HANGUL SYLLABLE JJYON +CB31;CB31;110D 116D 11AC;CB31;110D 116D 11AC; # (쬱; 쬱; á„ᅭᆬ; 쬱; á„ᅭᆬ; ) HANGUL SYLLABLE JJYONJ +CB32;CB32;110D 116D 11AD;CB32;110D 116D 11AD; # (쬲; 쬲; á„ᅭᆭ; 쬲; á„ᅭᆭ; ) HANGUL SYLLABLE JJYONH +CB33;CB33;110D 116D 11AE;CB33;110D 116D 11AE; # (쬳; 쬳; á„ᅭᆮ; 쬳; á„ᅭᆮ; ) HANGUL SYLLABLE JJYOD +CB34;CB34;110D 116D 11AF;CB34;110D 116D 11AF; # (쬴; 쬴; á„ᅭᆯ; 쬴; á„ᅭᆯ; ) HANGUL SYLLABLE JJYOL +CB35;CB35;110D 116D 11B0;CB35;110D 116D 11B0; # (쬵; 쬵; á„ᅭᆰ; 쬵; á„ᅭᆰ; ) HANGUL SYLLABLE JJYOLG +CB36;CB36;110D 116D 11B1;CB36;110D 116D 11B1; # (쬶; 쬶; á„ᅭᆱ; 쬶; á„ᅭᆱ; ) HANGUL SYLLABLE JJYOLM +CB37;CB37;110D 116D 11B2;CB37;110D 116D 11B2; # (쬷; 쬷; á„ᅭᆲ; 쬷; á„ᅭᆲ; ) HANGUL SYLLABLE JJYOLB +CB38;CB38;110D 116D 11B3;CB38;110D 116D 11B3; # (쬸; 쬸; á„ᅭᆳ; 쬸; á„ᅭᆳ; ) HANGUL SYLLABLE JJYOLS +CB39;CB39;110D 116D 11B4;CB39;110D 116D 11B4; # (쬹; 쬹; á„ᅭᆴ; 쬹; á„ᅭᆴ; ) HANGUL SYLLABLE JJYOLT +CB3A;CB3A;110D 116D 11B5;CB3A;110D 116D 11B5; # (쬺; 쬺; á„ᅭᆵ; 쬺; á„ᅭᆵ; ) HANGUL SYLLABLE JJYOLP +CB3B;CB3B;110D 116D 11B6;CB3B;110D 116D 11B6; # (쬻; 쬻; á„ᅭᆶ; 쬻; á„ᅭᆶ; ) HANGUL SYLLABLE JJYOLH +CB3C;CB3C;110D 116D 11B7;CB3C;110D 116D 11B7; # (쬼; 쬼; á„ᅭᆷ; 쬼; á„ᅭᆷ; ) HANGUL SYLLABLE JJYOM +CB3D;CB3D;110D 116D 11B8;CB3D;110D 116D 11B8; # (쬽; 쬽; á„ᅭᆸ; 쬽; á„ᅭᆸ; ) HANGUL SYLLABLE JJYOB +CB3E;CB3E;110D 116D 11B9;CB3E;110D 116D 11B9; # (쬾; 쬾; á„ᅭᆹ; 쬾; á„ᅭᆹ; ) HANGUL SYLLABLE JJYOBS +CB3F;CB3F;110D 116D 11BA;CB3F;110D 116D 11BA; # (쬿; 쬿; á„ᅭᆺ; 쬿; á„ᅭᆺ; ) HANGUL SYLLABLE JJYOS +CB40;CB40;110D 116D 11BB;CB40;110D 116D 11BB; # (ì­€; ì­€; á„ᅭᆻ; ì­€; á„ᅭᆻ; ) HANGUL SYLLABLE JJYOSS +CB41;CB41;110D 116D 11BC;CB41;110D 116D 11BC; # (ì­; ì­; á„ᅭᆼ; ì­; á„ᅭᆼ; ) HANGUL SYLLABLE JJYONG +CB42;CB42;110D 116D 11BD;CB42;110D 116D 11BD; # (ì­‚; ì­‚; á„ᅭᆽ; ì­‚; á„ᅭᆽ; ) HANGUL SYLLABLE JJYOJ +CB43;CB43;110D 116D 11BE;CB43;110D 116D 11BE; # (ì­ƒ; ì­ƒ; á„ᅭᆾ; ì­ƒ; á„ᅭᆾ; ) HANGUL SYLLABLE JJYOC +CB44;CB44;110D 116D 11BF;CB44;110D 116D 11BF; # (ì­„; ì­„; á„ᅭᆿ; ì­„; á„ᅭᆿ; ) HANGUL SYLLABLE JJYOK +CB45;CB45;110D 116D 11C0;CB45;110D 116D 11C0; # (ì­…; ì­…; á„ᅭᇀ; ì­…; á„ᅭᇀ; ) HANGUL SYLLABLE JJYOT +CB46;CB46;110D 116D 11C1;CB46;110D 116D 11C1; # (ì­†; ì­†; á„á…­á‡; ì­†; á„á…­á‡; ) HANGUL SYLLABLE JJYOP +CB47;CB47;110D 116D 11C2;CB47;110D 116D 11C2; # (ì­‡; ì­‡; á„ᅭᇂ; ì­‡; á„ᅭᇂ; ) HANGUL SYLLABLE JJYOH +CB48;CB48;110D 116E;CB48;110D 116E; # (ì­ˆ; ì­ˆ; á„á…®; ì­ˆ; á„á…®; ) HANGUL SYLLABLE JJU +CB49;CB49;110D 116E 11A8;CB49;110D 116E 11A8; # (ì­‰; ì­‰; á„ᅮᆨ; ì­‰; á„ᅮᆨ; ) HANGUL SYLLABLE JJUG +CB4A;CB4A;110D 116E 11A9;CB4A;110D 116E 11A9; # (ì­Š; ì­Š; á„ᅮᆩ; ì­Š; á„ᅮᆩ; ) HANGUL SYLLABLE JJUGG +CB4B;CB4B;110D 116E 11AA;CB4B;110D 116E 11AA; # (ì­‹; ì­‹; á„ᅮᆪ; ì­‹; á„ᅮᆪ; ) HANGUL SYLLABLE JJUGS +CB4C;CB4C;110D 116E 11AB;CB4C;110D 116E 11AB; # (ì­Œ; ì­Œ; á„ᅮᆫ; ì­Œ; á„ᅮᆫ; ) HANGUL SYLLABLE JJUN +CB4D;CB4D;110D 116E 11AC;CB4D;110D 116E 11AC; # (ì­; ì­; á„ᅮᆬ; ì­; á„ᅮᆬ; ) HANGUL SYLLABLE JJUNJ +CB4E;CB4E;110D 116E 11AD;CB4E;110D 116E 11AD; # (ì­Ž; ì­Ž; á„ᅮᆭ; ì­Ž; á„ᅮᆭ; ) HANGUL SYLLABLE JJUNH +CB4F;CB4F;110D 116E 11AE;CB4F;110D 116E 11AE; # (ì­; ì­; á„ᅮᆮ; ì­; á„ᅮᆮ; ) HANGUL SYLLABLE JJUD +CB50;CB50;110D 116E 11AF;CB50;110D 116E 11AF; # (ì­; ì­; á„ᅮᆯ; ì­; á„ᅮᆯ; ) HANGUL SYLLABLE JJUL +CB51;CB51;110D 116E 11B0;CB51;110D 116E 11B0; # (ì­‘; ì­‘; á„ᅮᆰ; ì­‘; á„ᅮᆰ; ) HANGUL SYLLABLE JJULG +CB52;CB52;110D 116E 11B1;CB52;110D 116E 11B1; # (ì­’; ì­’; á„ᅮᆱ; ì­’; á„ᅮᆱ; ) HANGUL SYLLABLE JJULM +CB53;CB53;110D 116E 11B2;CB53;110D 116E 11B2; # (ì­“; ì­“; á„ᅮᆲ; ì­“; á„ᅮᆲ; ) HANGUL SYLLABLE JJULB +CB54;CB54;110D 116E 11B3;CB54;110D 116E 11B3; # (ì­”; ì­”; á„ᅮᆳ; ì­”; á„ᅮᆳ; ) HANGUL SYLLABLE JJULS +CB55;CB55;110D 116E 11B4;CB55;110D 116E 11B4; # (ì­•; ì­•; á„ᅮᆴ; ì­•; á„ᅮᆴ; ) HANGUL SYLLABLE JJULT +CB56;CB56;110D 116E 11B5;CB56;110D 116E 11B5; # (ì­–; ì­–; á„ᅮᆵ; ì­–; á„ᅮᆵ; ) HANGUL SYLLABLE JJULP +CB57;CB57;110D 116E 11B6;CB57;110D 116E 11B6; # (ì­—; ì­—; á„ᅮᆶ; ì­—; á„ᅮᆶ; ) HANGUL SYLLABLE JJULH +CB58;CB58;110D 116E 11B7;CB58;110D 116E 11B7; # (ì­˜; ì­˜; á„ᅮᆷ; ì­˜; á„ᅮᆷ; ) HANGUL SYLLABLE JJUM +CB59;CB59;110D 116E 11B8;CB59;110D 116E 11B8; # (ì­™; ì­™; á„ᅮᆸ; ì­™; á„ᅮᆸ; ) HANGUL SYLLABLE JJUB +CB5A;CB5A;110D 116E 11B9;CB5A;110D 116E 11B9; # (ì­š; ì­š; á„ᅮᆹ; ì­š; á„ᅮᆹ; ) HANGUL SYLLABLE JJUBS +CB5B;CB5B;110D 116E 11BA;CB5B;110D 116E 11BA; # (ì­›; ì­›; á„ᅮᆺ; ì­›; á„ᅮᆺ; ) HANGUL SYLLABLE JJUS +CB5C;CB5C;110D 116E 11BB;CB5C;110D 116E 11BB; # (ì­œ; ì­œ; á„ᅮᆻ; ì­œ; á„ᅮᆻ; ) HANGUL SYLLABLE JJUSS +CB5D;CB5D;110D 116E 11BC;CB5D;110D 116E 11BC; # (ì­; ì­; á„ᅮᆼ; ì­; á„ᅮᆼ; ) HANGUL SYLLABLE JJUNG +CB5E;CB5E;110D 116E 11BD;CB5E;110D 116E 11BD; # (ì­ž; ì­ž; á„ᅮᆽ; ì­ž; á„ᅮᆽ; ) HANGUL SYLLABLE JJUJ +CB5F;CB5F;110D 116E 11BE;CB5F;110D 116E 11BE; # (ì­Ÿ; ì­Ÿ; á„ᅮᆾ; ì­Ÿ; á„ᅮᆾ; ) HANGUL SYLLABLE JJUC +CB60;CB60;110D 116E 11BF;CB60;110D 116E 11BF; # (ì­ ; ì­ ; á„ᅮᆿ; ì­ ; á„ᅮᆿ; ) HANGUL SYLLABLE JJUK +CB61;CB61;110D 116E 11C0;CB61;110D 116E 11C0; # (ì­¡; ì­¡; á„ᅮᇀ; ì­¡; á„ᅮᇀ; ) HANGUL SYLLABLE JJUT +CB62;CB62;110D 116E 11C1;CB62;110D 116E 11C1; # (ì­¢; ì­¢; á„á…®á‡; ì­¢; á„á…®á‡; ) HANGUL SYLLABLE JJUP +CB63;CB63;110D 116E 11C2;CB63;110D 116E 11C2; # (ì­£; ì­£; á„ᅮᇂ; ì­£; á„ᅮᇂ; ) HANGUL SYLLABLE JJUH +CB64;CB64;110D 116F;CB64;110D 116F; # (ì­¤; ì­¤; á„á…¯; ì­¤; á„á…¯; ) HANGUL SYLLABLE JJWEO +CB65;CB65;110D 116F 11A8;CB65;110D 116F 11A8; # (ì­¥; ì­¥; á„ᅯᆨ; ì­¥; á„ᅯᆨ; ) HANGUL SYLLABLE JJWEOG +CB66;CB66;110D 116F 11A9;CB66;110D 116F 11A9; # (ì­¦; ì­¦; á„ᅯᆩ; ì­¦; á„ᅯᆩ; ) HANGUL SYLLABLE JJWEOGG +CB67;CB67;110D 116F 11AA;CB67;110D 116F 11AA; # (ì­§; ì­§; á„ᅯᆪ; ì­§; á„ᅯᆪ; ) HANGUL SYLLABLE JJWEOGS +CB68;CB68;110D 116F 11AB;CB68;110D 116F 11AB; # (ì­¨; ì­¨; á„ᅯᆫ; ì­¨; á„ᅯᆫ; ) HANGUL SYLLABLE JJWEON +CB69;CB69;110D 116F 11AC;CB69;110D 116F 11AC; # (ì­©; ì­©; á„ᅯᆬ; ì­©; á„ᅯᆬ; ) HANGUL SYLLABLE JJWEONJ +CB6A;CB6A;110D 116F 11AD;CB6A;110D 116F 11AD; # (ì­ª; ì­ª; á„ᅯᆭ; ì­ª; á„ᅯᆭ; ) HANGUL SYLLABLE JJWEONH +CB6B;CB6B;110D 116F 11AE;CB6B;110D 116F 11AE; # (ì­«; ì­«; á„ᅯᆮ; ì­«; á„ᅯᆮ; ) HANGUL SYLLABLE JJWEOD +CB6C;CB6C;110D 116F 11AF;CB6C;110D 116F 11AF; # (ì­¬; ì­¬; á„ᅯᆯ; ì­¬; á„ᅯᆯ; ) HANGUL SYLLABLE JJWEOL +CB6D;CB6D;110D 116F 11B0;CB6D;110D 116F 11B0; # (ì­­; ì­­; á„ᅯᆰ; ì­­; á„ᅯᆰ; ) HANGUL SYLLABLE JJWEOLG +CB6E;CB6E;110D 116F 11B1;CB6E;110D 116F 11B1; # (ì­®; ì­®; á„ᅯᆱ; ì­®; á„ᅯᆱ; ) HANGUL SYLLABLE JJWEOLM +CB6F;CB6F;110D 116F 11B2;CB6F;110D 116F 11B2; # (ì­¯; ì­¯; á„ᅯᆲ; ì­¯; á„ᅯᆲ; ) HANGUL SYLLABLE JJWEOLB +CB70;CB70;110D 116F 11B3;CB70;110D 116F 11B3; # (ì­°; ì­°; á„ᅯᆳ; ì­°; á„ᅯᆳ; ) HANGUL SYLLABLE JJWEOLS +CB71;CB71;110D 116F 11B4;CB71;110D 116F 11B4; # (ì­±; ì­±; á„ᅯᆴ; ì­±; á„ᅯᆴ; ) HANGUL SYLLABLE JJWEOLT +CB72;CB72;110D 116F 11B5;CB72;110D 116F 11B5; # (ì­²; ì­²; á„ᅯᆵ; ì­²; á„ᅯᆵ; ) HANGUL SYLLABLE JJWEOLP +CB73;CB73;110D 116F 11B6;CB73;110D 116F 11B6; # (ì­³; ì­³; á„ᅯᆶ; ì­³; á„ᅯᆶ; ) HANGUL SYLLABLE JJWEOLH +CB74;CB74;110D 116F 11B7;CB74;110D 116F 11B7; # (ì­´; ì­´; á„ᅯᆷ; ì­´; á„ᅯᆷ; ) HANGUL SYLLABLE JJWEOM +CB75;CB75;110D 116F 11B8;CB75;110D 116F 11B8; # (ì­µ; ì­µ; á„ᅯᆸ; ì­µ; á„ᅯᆸ; ) HANGUL SYLLABLE JJWEOB +CB76;CB76;110D 116F 11B9;CB76;110D 116F 11B9; # (ì­¶; ì­¶; á„ᅯᆹ; ì­¶; á„ᅯᆹ; ) HANGUL SYLLABLE JJWEOBS +CB77;CB77;110D 116F 11BA;CB77;110D 116F 11BA; # (ì­·; ì­·; á„ᅯᆺ; ì­·; á„ᅯᆺ; ) HANGUL SYLLABLE JJWEOS +CB78;CB78;110D 116F 11BB;CB78;110D 116F 11BB; # (ì­¸; ì­¸; á„ᅯᆻ; ì­¸; á„ᅯᆻ; ) HANGUL SYLLABLE JJWEOSS +CB79;CB79;110D 116F 11BC;CB79;110D 116F 11BC; # (ì­¹; ì­¹; á„ᅯᆼ; ì­¹; á„ᅯᆼ; ) HANGUL SYLLABLE JJWEONG +CB7A;CB7A;110D 116F 11BD;CB7A;110D 116F 11BD; # (ì­º; ì­º; á„ᅯᆽ; ì­º; á„ᅯᆽ; ) HANGUL SYLLABLE JJWEOJ +CB7B;CB7B;110D 116F 11BE;CB7B;110D 116F 11BE; # (ì­»; ì­»; á„ᅯᆾ; ì­»; á„ᅯᆾ; ) HANGUL SYLLABLE JJWEOC +CB7C;CB7C;110D 116F 11BF;CB7C;110D 116F 11BF; # (ì­¼; ì­¼; á„ᅯᆿ; ì­¼; á„ᅯᆿ; ) HANGUL SYLLABLE JJWEOK +CB7D;CB7D;110D 116F 11C0;CB7D;110D 116F 11C0; # (ì­½; ì­½; á„ᅯᇀ; ì­½; á„ᅯᇀ; ) HANGUL SYLLABLE JJWEOT +CB7E;CB7E;110D 116F 11C1;CB7E;110D 116F 11C1; # (ì­¾; ì­¾; á„á…¯á‡; ì­¾; á„á…¯á‡; ) HANGUL SYLLABLE JJWEOP +CB7F;CB7F;110D 116F 11C2;CB7F;110D 116F 11C2; # (ì­¿; ì­¿; á„ᅯᇂ; ì­¿; á„ᅯᇂ; ) HANGUL SYLLABLE JJWEOH +CB80;CB80;110D 1170;CB80;110D 1170; # (쮀; 쮀; á„á…°; 쮀; á„á…°; ) HANGUL SYLLABLE JJWE +CB81;CB81;110D 1170 11A8;CB81;110D 1170 11A8; # (ì®; ì®; á„ᅰᆨ; ì®; á„ᅰᆨ; ) HANGUL SYLLABLE JJWEG +CB82;CB82;110D 1170 11A9;CB82;110D 1170 11A9; # (쮂; 쮂; á„ᅰᆩ; 쮂; á„ᅰᆩ; ) HANGUL SYLLABLE JJWEGG +CB83;CB83;110D 1170 11AA;CB83;110D 1170 11AA; # (쮃; 쮃; á„ᅰᆪ; 쮃; á„ᅰᆪ; ) HANGUL SYLLABLE JJWEGS +CB84;CB84;110D 1170 11AB;CB84;110D 1170 11AB; # (쮄; 쮄; á„ᅰᆫ; 쮄; á„ᅰᆫ; ) HANGUL SYLLABLE JJWEN +CB85;CB85;110D 1170 11AC;CB85;110D 1170 11AC; # (ì®…; ì®…; á„ᅰᆬ; ì®…; á„ᅰᆬ; ) HANGUL SYLLABLE JJWENJ +CB86;CB86;110D 1170 11AD;CB86;110D 1170 11AD; # (쮆; 쮆; á„ᅰᆭ; 쮆; á„ᅰᆭ; ) HANGUL SYLLABLE JJWENH +CB87;CB87;110D 1170 11AE;CB87;110D 1170 11AE; # (쮇; 쮇; á„ᅰᆮ; 쮇; á„ᅰᆮ; ) HANGUL SYLLABLE JJWED +CB88;CB88;110D 1170 11AF;CB88;110D 1170 11AF; # (쮈; 쮈; á„ᅰᆯ; 쮈; á„ᅰᆯ; ) HANGUL SYLLABLE JJWEL +CB89;CB89;110D 1170 11B0;CB89;110D 1170 11B0; # (쮉; 쮉; á„ᅰᆰ; 쮉; á„ᅰᆰ; ) HANGUL SYLLABLE JJWELG +CB8A;CB8A;110D 1170 11B1;CB8A;110D 1170 11B1; # (쮊; 쮊; á„ᅰᆱ; 쮊; á„ᅰᆱ; ) HANGUL SYLLABLE JJWELM +CB8B;CB8B;110D 1170 11B2;CB8B;110D 1170 11B2; # (쮋; 쮋; á„ᅰᆲ; 쮋; á„ᅰᆲ; ) HANGUL SYLLABLE JJWELB +CB8C;CB8C;110D 1170 11B3;CB8C;110D 1170 11B3; # (쮌; 쮌; á„ᅰᆳ; 쮌; á„ᅰᆳ; ) HANGUL SYLLABLE JJWELS +CB8D;CB8D;110D 1170 11B4;CB8D;110D 1170 11B4; # (ì®; ì®; á„ᅰᆴ; ì®; á„ᅰᆴ; ) HANGUL SYLLABLE JJWELT +CB8E;CB8E;110D 1170 11B5;CB8E;110D 1170 11B5; # (쮎; 쮎; á„ᅰᆵ; 쮎; á„ᅰᆵ; ) HANGUL SYLLABLE JJWELP +CB8F;CB8F;110D 1170 11B6;CB8F;110D 1170 11B6; # (ì®; ì®; á„ᅰᆶ; ì®; á„ᅰᆶ; ) HANGUL SYLLABLE JJWELH +CB90;CB90;110D 1170 11B7;CB90;110D 1170 11B7; # (ì®; ì®; á„ᅰᆷ; ì®; á„ᅰᆷ; ) HANGUL SYLLABLE JJWEM +CB91;CB91;110D 1170 11B8;CB91;110D 1170 11B8; # (쮑; 쮑; á„ᅰᆸ; 쮑; á„ᅰᆸ; ) HANGUL SYLLABLE JJWEB +CB92;CB92;110D 1170 11B9;CB92;110D 1170 11B9; # (ì®’; ì®’; á„ᅰᆹ; ì®’; á„ᅰᆹ; ) HANGUL SYLLABLE JJWEBS +CB93;CB93;110D 1170 11BA;CB93;110D 1170 11BA; # (쮓; 쮓; á„ᅰᆺ; 쮓; á„ᅰᆺ; ) HANGUL SYLLABLE JJWES +CB94;CB94;110D 1170 11BB;CB94;110D 1170 11BB; # (ì®”; ì®”; á„ᅰᆻ; ì®”; á„ᅰᆻ; ) HANGUL SYLLABLE JJWESS +CB95;CB95;110D 1170 11BC;CB95;110D 1170 11BC; # (쮕; 쮕; á„ᅰᆼ; 쮕; á„ᅰᆼ; ) HANGUL SYLLABLE JJWENG +CB96;CB96;110D 1170 11BD;CB96;110D 1170 11BD; # (ì®–; ì®–; á„ᅰᆽ; ì®–; á„ᅰᆽ; ) HANGUL SYLLABLE JJWEJ +CB97;CB97;110D 1170 11BE;CB97;110D 1170 11BE; # (ì®—; ì®—; á„ᅰᆾ; ì®—; á„ᅰᆾ; ) HANGUL SYLLABLE JJWEC +CB98;CB98;110D 1170 11BF;CB98;110D 1170 11BF; # (쮘; 쮘; á„ᅰᆿ; 쮘; á„ᅰᆿ; ) HANGUL SYLLABLE JJWEK +CB99;CB99;110D 1170 11C0;CB99;110D 1170 11C0; # (ì®™; ì®™; á„ᅰᇀ; ì®™; á„ᅰᇀ; ) HANGUL SYLLABLE JJWET +CB9A;CB9A;110D 1170 11C1;CB9A;110D 1170 11C1; # (쮚; 쮚; á„á…°á‡; 쮚; á„á…°á‡; ) HANGUL SYLLABLE JJWEP +CB9B;CB9B;110D 1170 11C2;CB9B;110D 1170 11C2; # (ì®›; ì®›; á„ᅰᇂ; ì®›; á„ᅰᇂ; ) HANGUL SYLLABLE JJWEH +CB9C;CB9C;110D 1171;CB9C;110D 1171; # (쮜; 쮜; á„á…±; 쮜; á„á…±; ) HANGUL SYLLABLE JJWI +CB9D;CB9D;110D 1171 11A8;CB9D;110D 1171 11A8; # (ì®; ì®; á„ᅱᆨ; ì®; á„ᅱᆨ; ) HANGUL SYLLABLE JJWIG +CB9E;CB9E;110D 1171 11A9;CB9E;110D 1171 11A9; # (쮞; 쮞; á„ᅱᆩ; 쮞; á„ᅱᆩ; ) HANGUL SYLLABLE JJWIGG +CB9F;CB9F;110D 1171 11AA;CB9F;110D 1171 11AA; # (쮟; 쮟; á„ᅱᆪ; 쮟; á„ᅱᆪ; ) HANGUL SYLLABLE JJWIGS +CBA0;CBA0;110D 1171 11AB;CBA0;110D 1171 11AB; # (ì® ; ì® ; á„ᅱᆫ; ì® ; á„ᅱᆫ; ) HANGUL SYLLABLE JJWIN +CBA1;CBA1;110D 1171 11AC;CBA1;110D 1171 11AC; # (쮡; 쮡; á„ᅱᆬ; 쮡; á„ᅱᆬ; ) HANGUL SYLLABLE JJWINJ +CBA2;CBA2;110D 1171 11AD;CBA2;110D 1171 11AD; # (쮢; 쮢; á„ᅱᆭ; 쮢; á„ᅱᆭ; ) HANGUL SYLLABLE JJWINH +CBA3;CBA3;110D 1171 11AE;CBA3;110D 1171 11AE; # (쮣; 쮣; á„ᅱᆮ; 쮣; á„ᅱᆮ; ) HANGUL SYLLABLE JJWID +CBA4;CBA4;110D 1171 11AF;CBA4;110D 1171 11AF; # (쮤; 쮤; á„ᅱᆯ; 쮤; á„ᅱᆯ; ) HANGUL SYLLABLE JJWIL +CBA5;CBA5;110D 1171 11B0;CBA5;110D 1171 11B0; # (쮥; 쮥; á„ᅱᆰ; 쮥; á„ᅱᆰ; ) HANGUL SYLLABLE JJWILG +CBA6;CBA6;110D 1171 11B1;CBA6;110D 1171 11B1; # (쮦; 쮦; á„ᅱᆱ; 쮦; á„ᅱᆱ; ) HANGUL SYLLABLE JJWILM +CBA7;CBA7;110D 1171 11B2;CBA7;110D 1171 11B2; # (쮧; 쮧; á„ᅱᆲ; 쮧; á„ᅱᆲ; ) HANGUL SYLLABLE JJWILB +CBA8;CBA8;110D 1171 11B3;CBA8;110D 1171 11B3; # (쮨; 쮨; á„ᅱᆳ; 쮨; á„ᅱᆳ; ) HANGUL SYLLABLE JJWILS +CBA9;CBA9;110D 1171 11B4;CBA9;110D 1171 11B4; # (쮩; 쮩; á„ᅱᆴ; 쮩; á„ᅱᆴ; ) HANGUL SYLLABLE JJWILT +CBAA;CBAA;110D 1171 11B5;CBAA;110D 1171 11B5; # (쮪; 쮪; á„ᅱᆵ; 쮪; á„ᅱᆵ; ) HANGUL SYLLABLE JJWILP +CBAB;CBAB;110D 1171 11B6;CBAB;110D 1171 11B6; # (쮫; 쮫; á„ᅱᆶ; 쮫; á„ᅱᆶ; ) HANGUL SYLLABLE JJWILH +CBAC;CBAC;110D 1171 11B7;CBAC;110D 1171 11B7; # (쮬; 쮬; á„ᅱᆷ; 쮬; á„ᅱᆷ; ) HANGUL SYLLABLE JJWIM +CBAD;CBAD;110D 1171 11B8;CBAD;110D 1171 11B8; # (ì®­; ì®­; á„ᅱᆸ; ì®­; á„ᅱᆸ; ) HANGUL SYLLABLE JJWIB +CBAE;CBAE;110D 1171 11B9;CBAE;110D 1171 11B9; # (ì®®; ì®®; á„ᅱᆹ; ì®®; á„ᅱᆹ; ) HANGUL SYLLABLE JJWIBS +CBAF;CBAF;110D 1171 11BA;CBAF;110D 1171 11BA; # (쮯; 쮯; á„ᅱᆺ; 쮯; á„ᅱᆺ; ) HANGUL SYLLABLE JJWIS +CBB0;CBB0;110D 1171 11BB;CBB0;110D 1171 11BB; # (ì®°; ì®°; á„ᅱᆻ; ì®°; á„ᅱᆻ; ) HANGUL SYLLABLE JJWISS +CBB1;CBB1;110D 1171 11BC;CBB1;110D 1171 11BC; # (ì®±; ì®±; á„ᅱᆼ; ì®±; á„ᅱᆼ; ) HANGUL SYLLABLE JJWING +CBB2;CBB2;110D 1171 11BD;CBB2;110D 1171 11BD; # (쮲; 쮲; á„ᅱᆽ; 쮲; á„ᅱᆽ; ) HANGUL SYLLABLE JJWIJ +CBB3;CBB3;110D 1171 11BE;CBB3;110D 1171 11BE; # (쮳; 쮳; á„ᅱᆾ; 쮳; á„ᅱᆾ; ) HANGUL SYLLABLE JJWIC +CBB4;CBB4;110D 1171 11BF;CBB4;110D 1171 11BF; # (ì®´; ì®´; á„ᅱᆿ; ì®´; á„ᅱᆿ; ) HANGUL SYLLABLE JJWIK +CBB5;CBB5;110D 1171 11C0;CBB5;110D 1171 11C0; # (쮵; 쮵; á„ᅱᇀ; 쮵; á„ᅱᇀ; ) HANGUL SYLLABLE JJWIT +CBB6;CBB6;110D 1171 11C1;CBB6;110D 1171 11C1; # (쮶; 쮶; á„á…±á‡; 쮶; á„á…±á‡; ) HANGUL SYLLABLE JJWIP +CBB7;CBB7;110D 1171 11C2;CBB7;110D 1171 11C2; # (ì®·; ì®·; á„ᅱᇂ; ì®·; á„ᅱᇂ; ) HANGUL SYLLABLE JJWIH +CBB8;CBB8;110D 1172;CBB8;110D 1172; # (쮸; 쮸; á„á…²; 쮸; á„á…²; ) HANGUL SYLLABLE JJYU +CBB9;CBB9;110D 1172 11A8;CBB9;110D 1172 11A8; # (쮹; 쮹; á„ᅲᆨ; 쮹; á„ᅲᆨ; ) HANGUL SYLLABLE JJYUG +CBBA;CBBA;110D 1172 11A9;CBBA;110D 1172 11A9; # (쮺; 쮺; á„ᅲᆩ; 쮺; á„ᅲᆩ; ) HANGUL SYLLABLE JJYUGG +CBBB;CBBB;110D 1172 11AA;CBBB;110D 1172 11AA; # (ì®»; ì®»; á„ᅲᆪ; ì®»; á„ᅲᆪ; ) HANGUL SYLLABLE JJYUGS +CBBC;CBBC;110D 1172 11AB;CBBC;110D 1172 11AB; # (쮼; 쮼; á„ᅲᆫ; 쮼; á„ᅲᆫ; ) HANGUL SYLLABLE JJYUN +CBBD;CBBD;110D 1172 11AC;CBBD;110D 1172 11AC; # (쮽; 쮽; á„ᅲᆬ; 쮽; á„ᅲᆬ; ) HANGUL SYLLABLE JJYUNJ +CBBE;CBBE;110D 1172 11AD;CBBE;110D 1172 11AD; # (쮾; 쮾; á„ᅲᆭ; 쮾; á„ᅲᆭ; ) HANGUL SYLLABLE JJYUNH +CBBF;CBBF;110D 1172 11AE;CBBF;110D 1172 11AE; # (쮿; 쮿; á„ᅲᆮ; 쮿; á„ᅲᆮ; ) HANGUL SYLLABLE JJYUD +CBC0;CBC0;110D 1172 11AF;CBC0;110D 1172 11AF; # (쯀; 쯀; á„ᅲᆯ; 쯀; á„ᅲᆯ; ) HANGUL SYLLABLE JJYUL +CBC1;CBC1;110D 1172 11B0;CBC1;110D 1172 11B0; # (ì¯; ì¯; á„ᅲᆰ; ì¯; á„ᅲᆰ; ) HANGUL SYLLABLE JJYULG +CBC2;CBC2;110D 1172 11B1;CBC2;110D 1172 11B1; # (쯂; 쯂; á„ᅲᆱ; 쯂; á„ᅲᆱ; ) HANGUL SYLLABLE JJYULM +CBC3;CBC3;110D 1172 11B2;CBC3;110D 1172 11B2; # (쯃; 쯃; á„ᅲᆲ; 쯃; á„ᅲᆲ; ) HANGUL SYLLABLE JJYULB +CBC4;CBC4;110D 1172 11B3;CBC4;110D 1172 11B3; # (쯄; 쯄; á„ᅲᆳ; 쯄; á„ᅲᆳ; ) HANGUL SYLLABLE JJYULS +CBC5;CBC5;110D 1172 11B4;CBC5;110D 1172 11B4; # (쯅; 쯅; á„ᅲᆴ; 쯅; á„ᅲᆴ; ) HANGUL SYLLABLE JJYULT +CBC6;CBC6;110D 1172 11B5;CBC6;110D 1172 11B5; # (쯆; 쯆; á„ᅲᆵ; 쯆; á„ᅲᆵ; ) HANGUL SYLLABLE JJYULP +CBC7;CBC7;110D 1172 11B6;CBC7;110D 1172 11B6; # (쯇; 쯇; á„ᅲᆶ; 쯇; á„ᅲᆶ; ) HANGUL SYLLABLE JJYULH +CBC8;CBC8;110D 1172 11B7;CBC8;110D 1172 11B7; # (쯈; 쯈; á„ᅲᆷ; 쯈; á„ᅲᆷ; ) HANGUL SYLLABLE JJYUM +CBC9;CBC9;110D 1172 11B8;CBC9;110D 1172 11B8; # (쯉; 쯉; á„ᅲᆸ; 쯉; á„ᅲᆸ; ) HANGUL SYLLABLE JJYUB +CBCA;CBCA;110D 1172 11B9;CBCA;110D 1172 11B9; # (쯊; 쯊; á„ᅲᆹ; 쯊; á„ᅲᆹ; ) HANGUL SYLLABLE JJYUBS +CBCB;CBCB;110D 1172 11BA;CBCB;110D 1172 11BA; # (쯋; 쯋; á„ᅲᆺ; 쯋; á„ᅲᆺ; ) HANGUL SYLLABLE JJYUS +CBCC;CBCC;110D 1172 11BB;CBCC;110D 1172 11BB; # (쯌; 쯌; á„ᅲᆻ; 쯌; á„ᅲᆻ; ) HANGUL SYLLABLE JJYUSS +CBCD;CBCD;110D 1172 11BC;CBCD;110D 1172 11BC; # (ì¯; ì¯; á„ᅲᆼ; ì¯; á„ᅲᆼ; ) HANGUL SYLLABLE JJYUNG +CBCE;CBCE;110D 1172 11BD;CBCE;110D 1172 11BD; # (쯎; 쯎; á„ᅲᆽ; 쯎; á„ᅲᆽ; ) HANGUL SYLLABLE JJYUJ +CBCF;CBCF;110D 1172 11BE;CBCF;110D 1172 11BE; # (ì¯; ì¯; á„ᅲᆾ; ì¯; á„ᅲᆾ; ) HANGUL SYLLABLE JJYUC +CBD0;CBD0;110D 1172 11BF;CBD0;110D 1172 11BF; # (ì¯; ì¯; á„ᅲᆿ; ì¯; á„ᅲᆿ; ) HANGUL SYLLABLE JJYUK +CBD1;CBD1;110D 1172 11C0;CBD1;110D 1172 11C0; # (쯑; 쯑; á„ᅲᇀ; 쯑; á„ᅲᇀ; ) HANGUL SYLLABLE JJYUT +CBD2;CBD2;110D 1172 11C1;CBD2;110D 1172 11C1; # (쯒; 쯒; á„á…²á‡; 쯒; á„á…²á‡; ) HANGUL SYLLABLE JJYUP +CBD3;CBD3;110D 1172 11C2;CBD3;110D 1172 11C2; # (쯓; 쯓; á„ᅲᇂ; 쯓; á„ᅲᇂ; ) HANGUL SYLLABLE JJYUH +CBD4;CBD4;110D 1173;CBD4;110D 1173; # (쯔; 쯔; á„á…³; 쯔; á„á…³; ) HANGUL SYLLABLE JJEU +CBD5;CBD5;110D 1173 11A8;CBD5;110D 1173 11A8; # (쯕; 쯕; á„ᅳᆨ; 쯕; á„ᅳᆨ; ) HANGUL SYLLABLE JJEUG +CBD6;CBD6;110D 1173 11A9;CBD6;110D 1173 11A9; # (쯖; 쯖; á„ᅳᆩ; 쯖; á„ᅳᆩ; ) HANGUL SYLLABLE JJEUGG +CBD7;CBD7;110D 1173 11AA;CBD7;110D 1173 11AA; # (쯗; 쯗; á„ᅳᆪ; 쯗; á„ᅳᆪ; ) HANGUL SYLLABLE JJEUGS +CBD8;CBD8;110D 1173 11AB;CBD8;110D 1173 11AB; # (쯘; 쯘; á„ᅳᆫ; 쯘; á„ᅳᆫ; ) HANGUL SYLLABLE JJEUN +CBD9;CBD9;110D 1173 11AC;CBD9;110D 1173 11AC; # (쯙; 쯙; á„ᅳᆬ; 쯙; á„ᅳᆬ; ) HANGUL SYLLABLE JJEUNJ +CBDA;CBDA;110D 1173 11AD;CBDA;110D 1173 11AD; # (쯚; 쯚; á„ᅳᆭ; 쯚; á„ᅳᆭ; ) HANGUL SYLLABLE JJEUNH +CBDB;CBDB;110D 1173 11AE;CBDB;110D 1173 11AE; # (쯛; 쯛; á„ᅳᆮ; 쯛; á„ᅳᆮ; ) HANGUL SYLLABLE JJEUD +CBDC;CBDC;110D 1173 11AF;CBDC;110D 1173 11AF; # (쯜; 쯜; á„ᅳᆯ; 쯜; á„ᅳᆯ; ) HANGUL SYLLABLE JJEUL +CBDD;CBDD;110D 1173 11B0;CBDD;110D 1173 11B0; # (ì¯; ì¯; á„ᅳᆰ; ì¯; á„ᅳᆰ; ) HANGUL SYLLABLE JJEULG +CBDE;CBDE;110D 1173 11B1;CBDE;110D 1173 11B1; # (쯞; 쯞; á„ᅳᆱ; 쯞; á„ᅳᆱ; ) HANGUL SYLLABLE JJEULM +CBDF;CBDF;110D 1173 11B2;CBDF;110D 1173 11B2; # (쯟; 쯟; á„ᅳᆲ; 쯟; á„ᅳᆲ; ) HANGUL SYLLABLE JJEULB +CBE0;CBE0;110D 1173 11B3;CBE0;110D 1173 11B3; # (쯠; 쯠; á„ᅳᆳ; 쯠; á„ᅳᆳ; ) HANGUL SYLLABLE JJEULS +CBE1;CBE1;110D 1173 11B4;CBE1;110D 1173 11B4; # (쯡; 쯡; á„ᅳᆴ; 쯡; á„ᅳᆴ; ) HANGUL SYLLABLE JJEULT +CBE2;CBE2;110D 1173 11B5;CBE2;110D 1173 11B5; # (쯢; 쯢; á„ᅳᆵ; 쯢; á„ᅳᆵ; ) HANGUL SYLLABLE JJEULP +CBE3;CBE3;110D 1173 11B6;CBE3;110D 1173 11B6; # (쯣; 쯣; á„ᅳᆶ; 쯣; á„ᅳᆶ; ) HANGUL SYLLABLE JJEULH +CBE4;CBE4;110D 1173 11B7;CBE4;110D 1173 11B7; # (쯤; 쯤; á„ᅳᆷ; 쯤; á„ᅳᆷ; ) HANGUL SYLLABLE JJEUM +CBE5;CBE5;110D 1173 11B8;CBE5;110D 1173 11B8; # (쯥; 쯥; á„ᅳᆸ; 쯥; á„ᅳᆸ; ) HANGUL SYLLABLE JJEUB +CBE6;CBE6;110D 1173 11B9;CBE6;110D 1173 11B9; # (쯦; 쯦; á„ᅳᆹ; 쯦; á„ᅳᆹ; ) HANGUL SYLLABLE JJEUBS +CBE7;CBE7;110D 1173 11BA;CBE7;110D 1173 11BA; # (쯧; 쯧; á„ᅳᆺ; 쯧; á„ᅳᆺ; ) HANGUL SYLLABLE JJEUS +CBE8;CBE8;110D 1173 11BB;CBE8;110D 1173 11BB; # (쯨; 쯨; á„ᅳᆻ; 쯨; á„ᅳᆻ; ) HANGUL SYLLABLE JJEUSS +CBE9;CBE9;110D 1173 11BC;CBE9;110D 1173 11BC; # (쯩; 쯩; á„ᅳᆼ; 쯩; á„ᅳᆼ; ) HANGUL SYLLABLE JJEUNG +CBEA;CBEA;110D 1173 11BD;CBEA;110D 1173 11BD; # (쯪; 쯪; á„ᅳᆽ; 쯪; á„ᅳᆽ; ) HANGUL SYLLABLE JJEUJ +CBEB;CBEB;110D 1173 11BE;CBEB;110D 1173 11BE; # (쯫; 쯫; á„ᅳᆾ; 쯫; á„ᅳᆾ; ) HANGUL SYLLABLE JJEUC +CBEC;CBEC;110D 1173 11BF;CBEC;110D 1173 11BF; # (쯬; 쯬; á„ᅳᆿ; 쯬; á„ᅳᆿ; ) HANGUL SYLLABLE JJEUK +CBED;CBED;110D 1173 11C0;CBED;110D 1173 11C0; # (쯭; 쯭; á„ᅳᇀ; 쯭; á„ᅳᇀ; ) HANGUL SYLLABLE JJEUT +CBEE;CBEE;110D 1173 11C1;CBEE;110D 1173 11C1; # (쯮; 쯮; á„á…³á‡; 쯮; á„á…³á‡; ) HANGUL SYLLABLE JJEUP +CBEF;CBEF;110D 1173 11C2;CBEF;110D 1173 11C2; # (쯯; 쯯; á„ᅳᇂ; 쯯; á„ᅳᇂ; ) HANGUL SYLLABLE JJEUH +CBF0;CBF0;110D 1174;CBF0;110D 1174; # (쯰; 쯰; á„á…´; 쯰; á„á…´; ) HANGUL SYLLABLE JJYI +CBF1;CBF1;110D 1174 11A8;CBF1;110D 1174 11A8; # (쯱; 쯱; á„ᅴᆨ; 쯱; á„ᅴᆨ; ) HANGUL SYLLABLE JJYIG +CBF2;CBF2;110D 1174 11A9;CBF2;110D 1174 11A9; # (쯲; 쯲; á„ᅴᆩ; 쯲; á„ᅴᆩ; ) HANGUL SYLLABLE JJYIGG +CBF3;CBF3;110D 1174 11AA;CBF3;110D 1174 11AA; # (쯳; 쯳; á„ᅴᆪ; 쯳; á„ᅴᆪ; ) HANGUL SYLLABLE JJYIGS +CBF4;CBF4;110D 1174 11AB;CBF4;110D 1174 11AB; # (쯴; 쯴; á„ᅴᆫ; 쯴; á„ᅴᆫ; ) HANGUL SYLLABLE JJYIN +CBF5;CBF5;110D 1174 11AC;CBF5;110D 1174 11AC; # (쯵; 쯵; á„ᅴᆬ; 쯵; á„ᅴᆬ; ) HANGUL SYLLABLE JJYINJ +CBF6;CBF6;110D 1174 11AD;CBF6;110D 1174 11AD; # (쯶; 쯶; á„ᅴᆭ; 쯶; á„ᅴᆭ; ) HANGUL SYLLABLE JJYINH +CBF7;CBF7;110D 1174 11AE;CBF7;110D 1174 11AE; # (쯷; 쯷; á„ᅴᆮ; 쯷; á„ᅴᆮ; ) HANGUL SYLLABLE JJYID +CBF8;CBF8;110D 1174 11AF;CBF8;110D 1174 11AF; # (쯸; 쯸; á„ᅴᆯ; 쯸; á„ᅴᆯ; ) HANGUL SYLLABLE JJYIL +CBF9;CBF9;110D 1174 11B0;CBF9;110D 1174 11B0; # (쯹; 쯹; á„ᅴᆰ; 쯹; á„ᅴᆰ; ) HANGUL SYLLABLE JJYILG +CBFA;CBFA;110D 1174 11B1;CBFA;110D 1174 11B1; # (쯺; 쯺; á„ᅴᆱ; 쯺; á„ᅴᆱ; ) HANGUL SYLLABLE JJYILM +CBFB;CBFB;110D 1174 11B2;CBFB;110D 1174 11B2; # (쯻; 쯻; á„ᅴᆲ; 쯻; á„ᅴᆲ; ) HANGUL SYLLABLE JJYILB +CBFC;CBFC;110D 1174 11B3;CBFC;110D 1174 11B3; # (쯼; 쯼; á„ᅴᆳ; 쯼; á„ᅴᆳ; ) HANGUL SYLLABLE JJYILS +CBFD;CBFD;110D 1174 11B4;CBFD;110D 1174 11B4; # (쯽; 쯽; á„ᅴᆴ; 쯽; á„ᅴᆴ; ) HANGUL SYLLABLE JJYILT +CBFE;CBFE;110D 1174 11B5;CBFE;110D 1174 11B5; # (쯾; 쯾; á„ᅴᆵ; 쯾; á„ᅴᆵ; ) HANGUL SYLLABLE JJYILP +CBFF;CBFF;110D 1174 11B6;CBFF;110D 1174 11B6; # (쯿; 쯿; á„ᅴᆶ; 쯿; á„ᅴᆶ; ) HANGUL SYLLABLE JJYILH +CC00;CC00;110D 1174 11B7;CC00;110D 1174 11B7; # (ì°€; ì°€; á„ᅴᆷ; ì°€; á„ᅴᆷ; ) HANGUL SYLLABLE JJYIM +CC01;CC01;110D 1174 11B8;CC01;110D 1174 11B8; # (ì°; ì°; á„ᅴᆸ; ì°; á„ᅴᆸ; ) HANGUL SYLLABLE JJYIB +CC02;CC02;110D 1174 11B9;CC02;110D 1174 11B9; # (ì°‚; ì°‚; á„ᅴᆹ; ì°‚; á„ᅴᆹ; ) HANGUL SYLLABLE JJYIBS +CC03;CC03;110D 1174 11BA;CC03;110D 1174 11BA; # (ì°ƒ; ì°ƒ; á„ᅴᆺ; ì°ƒ; á„ᅴᆺ; ) HANGUL SYLLABLE JJYIS +CC04;CC04;110D 1174 11BB;CC04;110D 1174 11BB; # (ì°„; ì°„; á„ᅴᆻ; ì°„; á„ᅴᆻ; ) HANGUL SYLLABLE JJYISS +CC05;CC05;110D 1174 11BC;CC05;110D 1174 11BC; # (ì°…; ì°…; á„ᅴᆼ; ì°…; á„ᅴᆼ; ) HANGUL SYLLABLE JJYING +CC06;CC06;110D 1174 11BD;CC06;110D 1174 11BD; # (ì°†; ì°†; á„ᅴᆽ; ì°†; á„ᅴᆽ; ) HANGUL SYLLABLE JJYIJ +CC07;CC07;110D 1174 11BE;CC07;110D 1174 11BE; # (ì°‡; ì°‡; á„ᅴᆾ; ì°‡; á„ᅴᆾ; ) HANGUL SYLLABLE JJYIC +CC08;CC08;110D 1174 11BF;CC08;110D 1174 11BF; # (ì°ˆ; ì°ˆ; á„ᅴᆿ; ì°ˆ; á„ᅴᆿ; ) HANGUL SYLLABLE JJYIK +CC09;CC09;110D 1174 11C0;CC09;110D 1174 11C0; # (ì°‰; ì°‰; á„ᅴᇀ; ì°‰; á„ᅴᇀ; ) HANGUL SYLLABLE JJYIT +CC0A;CC0A;110D 1174 11C1;CC0A;110D 1174 11C1; # (ì°Š; ì°Š; á„á…´á‡; ì°Š; á„á…´á‡; ) HANGUL SYLLABLE JJYIP +CC0B;CC0B;110D 1174 11C2;CC0B;110D 1174 11C2; # (ì°‹; ì°‹; á„ᅴᇂ; ì°‹; á„ᅴᇂ; ) HANGUL SYLLABLE JJYIH +CC0C;CC0C;110D 1175;CC0C;110D 1175; # (ì°Œ; ì°Œ; á„á…µ; ì°Œ; á„á…µ; ) HANGUL SYLLABLE JJI +CC0D;CC0D;110D 1175 11A8;CC0D;110D 1175 11A8; # (ì°; ì°; á„ᅵᆨ; ì°; á„ᅵᆨ; ) HANGUL SYLLABLE JJIG +CC0E;CC0E;110D 1175 11A9;CC0E;110D 1175 11A9; # (ì°Ž; ì°Ž; á„ᅵᆩ; ì°Ž; á„ᅵᆩ; ) HANGUL SYLLABLE JJIGG +CC0F;CC0F;110D 1175 11AA;CC0F;110D 1175 11AA; # (ì°; ì°; á„ᅵᆪ; ì°; á„ᅵᆪ; ) HANGUL SYLLABLE JJIGS +CC10;CC10;110D 1175 11AB;CC10;110D 1175 11AB; # (ì°; ì°; á„ᅵᆫ; ì°; á„ᅵᆫ; ) HANGUL SYLLABLE JJIN +CC11;CC11;110D 1175 11AC;CC11;110D 1175 11AC; # (ì°‘; ì°‘; á„ᅵᆬ; ì°‘; á„ᅵᆬ; ) HANGUL SYLLABLE JJINJ +CC12;CC12;110D 1175 11AD;CC12;110D 1175 11AD; # (ì°’; ì°’; á„ᅵᆭ; ì°’; á„ᅵᆭ; ) HANGUL SYLLABLE JJINH +CC13;CC13;110D 1175 11AE;CC13;110D 1175 11AE; # (ì°“; ì°“; á„ᅵᆮ; ì°“; á„ᅵᆮ; ) HANGUL SYLLABLE JJID +CC14;CC14;110D 1175 11AF;CC14;110D 1175 11AF; # (ì°”; ì°”; á„ᅵᆯ; ì°”; á„ᅵᆯ; ) HANGUL SYLLABLE JJIL +CC15;CC15;110D 1175 11B0;CC15;110D 1175 11B0; # (ì°•; ì°•; á„ᅵᆰ; ì°•; á„ᅵᆰ; ) HANGUL SYLLABLE JJILG +CC16;CC16;110D 1175 11B1;CC16;110D 1175 11B1; # (ì°–; ì°–; á„ᅵᆱ; ì°–; á„ᅵᆱ; ) HANGUL SYLLABLE JJILM +CC17;CC17;110D 1175 11B2;CC17;110D 1175 11B2; # (ì°—; ì°—; á„ᅵᆲ; ì°—; á„ᅵᆲ; ) HANGUL SYLLABLE JJILB +CC18;CC18;110D 1175 11B3;CC18;110D 1175 11B3; # (ì°˜; ì°˜; á„ᅵᆳ; ì°˜; á„ᅵᆳ; ) HANGUL SYLLABLE JJILS +CC19;CC19;110D 1175 11B4;CC19;110D 1175 11B4; # (ì°™; ì°™; á„ᅵᆴ; ì°™; á„ᅵᆴ; ) HANGUL SYLLABLE JJILT +CC1A;CC1A;110D 1175 11B5;CC1A;110D 1175 11B5; # (ì°š; ì°š; á„ᅵᆵ; ì°š; á„ᅵᆵ; ) HANGUL SYLLABLE JJILP +CC1B;CC1B;110D 1175 11B6;CC1B;110D 1175 11B6; # (ì°›; ì°›; á„ᅵᆶ; ì°›; á„ᅵᆶ; ) HANGUL SYLLABLE JJILH +CC1C;CC1C;110D 1175 11B7;CC1C;110D 1175 11B7; # (ì°œ; ì°œ; á„ᅵᆷ; ì°œ; á„ᅵᆷ; ) HANGUL SYLLABLE JJIM +CC1D;CC1D;110D 1175 11B8;CC1D;110D 1175 11B8; # (ì°; ì°; á„ᅵᆸ; ì°; á„ᅵᆸ; ) HANGUL SYLLABLE JJIB +CC1E;CC1E;110D 1175 11B9;CC1E;110D 1175 11B9; # (ì°ž; ì°ž; á„ᅵᆹ; ì°ž; á„ᅵᆹ; ) HANGUL SYLLABLE JJIBS +CC1F;CC1F;110D 1175 11BA;CC1F;110D 1175 11BA; # (ì°Ÿ; ì°Ÿ; á„ᅵᆺ; ì°Ÿ; á„ᅵᆺ; ) HANGUL SYLLABLE JJIS +CC20;CC20;110D 1175 11BB;CC20;110D 1175 11BB; # (ì° ; ì° ; á„ᅵᆻ; ì° ; á„ᅵᆻ; ) HANGUL SYLLABLE JJISS +CC21;CC21;110D 1175 11BC;CC21;110D 1175 11BC; # (ì°¡; ì°¡; á„ᅵᆼ; ì°¡; á„ᅵᆼ; ) HANGUL SYLLABLE JJING +CC22;CC22;110D 1175 11BD;CC22;110D 1175 11BD; # (ì°¢; ì°¢; á„ᅵᆽ; ì°¢; á„ᅵᆽ; ) HANGUL SYLLABLE JJIJ +CC23;CC23;110D 1175 11BE;CC23;110D 1175 11BE; # (ì°£; ì°£; á„ᅵᆾ; ì°£; á„ᅵᆾ; ) HANGUL SYLLABLE JJIC +CC24;CC24;110D 1175 11BF;CC24;110D 1175 11BF; # (ì°¤; ì°¤; á„ᅵᆿ; ì°¤; á„ᅵᆿ; ) HANGUL SYLLABLE JJIK +CC25;CC25;110D 1175 11C0;CC25;110D 1175 11C0; # (ì°¥; ì°¥; á„ᅵᇀ; ì°¥; á„ᅵᇀ; ) HANGUL SYLLABLE JJIT +CC26;CC26;110D 1175 11C1;CC26;110D 1175 11C1; # (ì°¦; ì°¦; á„á…µá‡; ì°¦; á„á…µá‡; ) HANGUL SYLLABLE JJIP +CC27;CC27;110D 1175 11C2;CC27;110D 1175 11C2; # (ì°§; ì°§; á„ᅵᇂ; ì°§; á„ᅵᇂ; ) HANGUL SYLLABLE JJIH +CC28;CC28;110E 1161;CC28;110E 1161; # (ì°¨; ì°¨; á„Žá…¡; ì°¨; á„Žá…¡; ) HANGUL SYLLABLE CA +CC29;CC29;110E 1161 11A8;CC29;110E 1161 11A8; # (ì°©; ì°©; 착; ì°©; 착; ) HANGUL SYLLABLE CAG +CC2A;CC2A;110E 1161 11A9;CC2A;110E 1161 11A9; # (ì°ª; ì°ª; 찪; ì°ª; 찪; ) HANGUL SYLLABLE CAGG +CC2B;CC2B;110E 1161 11AA;CC2B;110E 1161 11AA; # (ì°«; ì°«; 찫; ì°«; 찫; ) HANGUL SYLLABLE CAGS +CC2C;CC2C;110E 1161 11AB;CC2C;110E 1161 11AB; # (ì°¬; ì°¬; 찬; ì°¬; 찬; ) HANGUL SYLLABLE CAN +CC2D;CC2D;110E 1161 11AC;CC2D;110E 1161 11AC; # (ì°­; ì°­; 찭; ì°­; 찭; ) HANGUL SYLLABLE CANJ +CC2E;CC2E;110E 1161 11AD;CC2E;110E 1161 11AD; # (ì°®; ì°®; 찮; ì°®; 찮; ) HANGUL SYLLABLE CANH +CC2F;CC2F;110E 1161 11AE;CC2F;110E 1161 11AE; # (ì°¯; ì°¯; 찯; ì°¯; 찯; ) HANGUL SYLLABLE CAD +CC30;CC30;110E 1161 11AF;CC30;110E 1161 11AF; # (ì°°; ì°°; 찰; ì°°; 찰; ) HANGUL SYLLABLE CAL +CC31;CC31;110E 1161 11B0;CC31;110E 1161 11B0; # (ì°±; ì°±; 찱; ì°±; 찱; ) HANGUL SYLLABLE CALG +CC32;CC32;110E 1161 11B1;CC32;110E 1161 11B1; # (ì°²; ì°²; 찲; ì°²; 찲; ) HANGUL SYLLABLE CALM +CC33;CC33;110E 1161 11B2;CC33;110E 1161 11B2; # (ì°³; ì°³; 찳; ì°³; 찳; ) HANGUL SYLLABLE CALB +CC34;CC34;110E 1161 11B3;CC34;110E 1161 11B3; # (ì°´; ì°´; 찴; ì°´; 찴; ) HANGUL SYLLABLE CALS +CC35;CC35;110E 1161 11B4;CC35;110E 1161 11B4; # (ì°µ; ì°µ; 찵; ì°µ; 찵; ) HANGUL SYLLABLE CALT +CC36;CC36;110E 1161 11B5;CC36;110E 1161 11B5; # (ì°¶; ì°¶; 찶; ì°¶; 찶; ) HANGUL SYLLABLE CALP +CC37;CC37;110E 1161 11B6;CC37;110E 1161 11B6; # (ì°·; ì°·; 찷; ì°·; 찷; ) HANGUL SYLLABLE CALH +CC38;CC38;110E 1161 11B7;CC38;110E 1161 11B7; # (ì°¸; ì°¸; 참; ì°¸; 참; ) HANGUL SYLLABLE CAM +CC39;CC39;110E 1161 11B8;CC39;110E 1161 11B8; # (ì°¹; ì°¹; 찹; ì°¹; 찹; ) HANGUL SYLLABLE CAB +CC3A;CC3A;110E 1161 11B9;CC3A;110E 1161 11B9; # (ì°º; ì°º; 찺; ì°º; 찺; ) HANGUL SYLLABLE CABS +CC3B;CC3B;110E 1161 11BA;CC3B;110E 1161 11BA; # (ì°»; ì°»; 찻; ì°»; 찻; ) HANGUL SYLLABLE CAS +CC3C;CC3C;110E 1161 11BB;CC3C;110E 1161 11BB; # (ì°¼; ì°¼; 찼; ì°¼; 찼; ) HANGUL SYLLABLE CASS +CC3D;CC3D;110E 1161 11BC;CC3D;110E 1161 11BC; # (ì°½; ì°½; 창; ì°½; 창; ) HANGUL SYLLABLE CANG +CC3E;CC3E;110E 1161 11BD;CC3E;110E 1161 11BD; # (ì°¾; ì°¾; 찾; ì°¾; 찾; ) HANGUL SYLLABLE CAJ +CC3F;CC3F;110E 1161 11BE;CC3F;110E 1161 11BE; # (ì°¿; ì°¿; 찿; ì°¿; 찿; ) HANGUL SYLLABLE CAC +CC40;CC40;110E 1161 11BF;CC40;110E 1161 11BF; # (ì±€; ì±€; 챀; ì±€; 챀; ) HANGUL SYLLABLE CAK +CC41;CC41;110E 1161 11C0;CC41;110E 1161 11C0; # (ì±; ì±; 챁; ì±; 챁; ) HANGUL SYLLABLE CAT +CC42;CC42;110E 1161 11C1;CC42;110E 1161 11C1; # (챂; 챂; á„Žá…¡á‡; 챂; á„Žá…¡á‡; ) HANGUL SYLLABLE CAP +CC43;CC43;110E 1161 11C2;CC43;110E 1161 11C2; # (챃; 챃; 챃; 챃; 챃; ) HANGUL SYLLABLE CAH +CC44;CC44;110E 1162;CC44;110E 1162; # (채; 채; á„Žá…¢; 채; á„Žá…¢; ) HANGUL SYLLABLE CAE +CC45;CC45;110E 1162 11A8;CC45;110E 1162 11A8; # (ì±…; ì±…; 책; ì±…; 책; ) HANGUL SYLLABLE CAEG +CC46;CC46;110E 1162 11A9;CC46;110E 1162 11A9; # (챆; 챆; 챆; 챆; 챆; ) HANGUL SYLLABLE CAEGG +CC47;CC47;110E 1162 11AA;CC47;110E 1162 11AA; # (챇; 챇; 챇; 챇; 챇; ) HANGUL SYLLABLE CAEGS +CC48;CC48;110E 1162 11AB;CC48;110E 1162 11AB; # (챈; 챈; 챈; 챈; 챈; ) HANGUL SYLLABLE CAEN +CC49;CC49;110E 1162 11AC;CC49;110E 1162 11AC; # (챉; 챉; 챉; 챉; 챉; ) HANGUL SYLLABLE CAENJ +CC4A;CC4A;110E 1162 11AD;CC4A;110E 1162 11AD; # (챊; 챊; 챊; 챊; 챊; ) HANGUL SYLLABLE CAENH +CC4B;CC4B;110E 1162 11AE;CC4B;110E 1162 11AE; # (챋; 챋; 챋; 챋; 챋; ) HANGUL SYLLABLE CAED +CC4C;CC4C;110E 1162 11AF;CC4C;110E 1162 11AF; # (챌; 챌; 챌; 챌; 챌; ) HANGUL SYLLABLE CAEL +CC4D;CC4D;110E 1162 11B0;CC4D;110E 1162 11B0; # (ì±; ì±; 챍; ì±; 챍; ) HANGUL SYLLABLE CAELG +CC4E;CC4E;110E 1162 11B1;CC4E;110E 1162 11B1; # (챎; 챎; 챎; 챎; 챎; ) HANGUL SYLLABLE CAELM +CC4F;CC4F;110E 1162 11B2;CC4F;110E 1162 11B2; # (ì±; ì±; 챏; ì±; 챏; ) HANGUL SYLLABLE CAELB +CC50;CC50;110E 1162 11B3;CC50;110E 1162 11B3; # (ì±; ì±; 챐; ì±; 챐; ) HANGUL SYLLABLE CAELS +CC51;CC51;110E 1162 11B4;CC51;110E 1162 11B4; # (챑; 챑; 챑; 챑; 챑; ) HANGUL SYLLABLE CAELT +CC52;CC52;110E 1162 11B5;CC52;110E 1162 11B5; # (ì±’; ì±’; 챒; ì±’; 챒; ) HANGUL SYLLABLE CAELP +CC53;CC53;110E 1162 11B6;CC53;110E 1162 11B6; # (챓; 챓; 챓; 챓; 챓; ) HANGUL SYLLABLE CAELH +CC54;CC54;110E 1162 11B7;CC54;110E 1162 11B7; # (ì±”; ì±”; 챔; ì±”; 챔; ) HANGUL SYLLABLE CAEM +CC55;CC55;110E 1162 11B8;CC55;110E 1162 11B8; # (챕; 챕; 챕; 챕; 챕; ) HANGUL SYLLABLE CAEB +CC56;CC56;110E 1162 11B9;CC56;110E 1162 11B9; # (ì±–; ì±–; 챖; ì±–; 챖; ) HANGUL SYLLABLE CAEBS +CC57;CC57;110E 1162 11BA;CC57;110E 1162 11BA; # (ì±—; ì±—; 챗; ì±—; 챗; ) HANGUL SYLLABLE CAES +CC58;CC58;110E 1162 11BB;CC58;110E 1162 11BB; # (챘; 챘; 챘; 챘; 챘; ) HANGUL SYLLABLE CAESS +CC59;CC59;110E 1162 11BC;CC59;110E 1162 11BC; # (ì±™; ì±™; 챙; ì±™; 챙; ) HANGUL SYLLABLE CAENG +CC5A;CC5A;110E 1162 11BD;CC5A;110E 1162 11BD; # (챚; 챚; 챚; 챚; 챚; ) HANGUL SYLLABLE CAEJ +CC5B;CC5B;110E 1162 11BE;CC5B;110E 1162 11BE; # (ì±›; ì±›; 챛; ì±›; 챛; ) HANGUL SYLLABLE CAEC +CC5C;CC5C;110E 1162 11BF;CC5C;110E 1162 11BF; # (챜; 챜; 챜; 챜; 챜; ) HANGUL SYLLABLE CAEK +CC5D;CC5D;110E 1162 11C0;CC5D;110E 1162 11C0; # (ì±; ì±; 챝; ì±; 챝; ) HANGUL SYLLABLE CAET +CC5E;CC5E;110E 1162 11C1;CC5E;110E 1162 11C1; # (챞; 챞; á„Žá…¢á‡; 챞; á„Žá…¢á‡; ) HANGUL SYLLABLE CAEP +CC5F;CC5F;110E 1162 11C2;CC5F;110E 1162 11C2; # (챟; 챟; 챟; 챟; 챟; ) HANGUL SYLLABLE CAEH +CC60;CC60;110E 1163;CC60;110E 1163; # (ì± ; ì± ; á„Žá…£; ì± ; á„Žá…£; ) HANGUL SYLLABLE CYA +CC61;CC61;110E 1163 11A8;CC61;110E 1163 11A8; # (챡; 챡; 챡; 챡; 챡; ) HANGUL SYLLABLE CYAG +CC62;CC62;110E 1163 11A9;CC62;110E 1163 11A9; # (ì±¢; ì±¢; 챢; ì±¢; 챢; ) HANGUL SYLLABLE CYAGG +CC63;CC63;110E 1163 11AA;CC63;110E 1163 11AA; # (ì±£; ì±£; 챣; ì±£; 챣; ) HANGUL SYLLABLE CYAGS +CC64;CC64;110E 1163 11AB;CC64;110E 1163 11AB; # (챤; 챤; 챤; 챤; 챤; ) HANGUL SYLLABLE CYAN +CC65;CC65;110E 1163 11AC;CC65;110E 1163 11AC; # (ì±¥; ì±¥; 챥; ì±¥; 챥; ) HANGUL SYLLABLE CYANJ +CC66;CC66;110E 1163 11AD;CC66;110E 1163 11AD; # (챦; 챦; 챦; 챦; 챦; ) HANGUL SYLLABLE CYANH +CC67;CC67;110E 1163 11AE;CC67;110E 1163 11AE; # (챧; 챧; 챧; 챧; 챧; ) HANGUL SYLLABLE CYAD +CC68;CC68;110E 1163 11AF;CC68;110E 1163 11AF; # (챨; 챨; 챨; 챨; 챨; ) HANGUL SYLLABLE CYAL +CC69;CC69;110E 1163 11B0;CC69;110E 1163 11B0; # (챩; 챩; 챩; 챩; 챩; ) HANGUL SYLLABLE CYALG +CC6A;CC6A;110E 1163 11B1;CC6A;110E 1163 11B1; # (챪; 챪; 챪; 챪; 챪; ) HANGUL SYLLABLE CYALM +CC6B;CC6B;110E 1163 11B2;CC6B;110E 1163 11B2; # (챫; 챫; 챫; 챫; 챫; ) HANGUL SYLLABLE CYALB +CC6C;CC6C;110E 1163 11B3;CC6C;110E 1163 11B3; # (챬; 챬; 챬; 챬; 챬; ) HANGUL SYLLABLE CYALS +CC6D;CC6D;110E 1163 11B4;CC6D;110E 1163 11B4; # (ì±­; ì±­; 챭; ì±­; 챭; ) HANGUL SYLLABLE CYALT +CC6E;CC6E;110E 1163 11B5;CC6E;110E 1163 11B5; # (ì±®; ì±®; 챮; ì±®; 챮; ) HANGUL SYLLABLE CYALP +CC6F;CC6F;110E 1163 11B6;CC6F;110E 1163 11B6; # (챯; 챯; 챯; 챯; 챯; ) HANGUL SYLLABLE CYALH +CC70;CC70;110E 1163 11B7;CC70;110E 1163 11B7; # (ì±°; ì±°; 챰; ì±°; 챰; ) HANGUL SYLLABLE CYAM +CC71;CC71;110E 1163 11B8;CC71;110E 1163 11B8; # (ì±±; ì±±; 챱; ì±±; 챱; ) HANGUL SYLLABLE CYAB +CC72;CC72;110E 1163 11B9;CC72;110E 1163 11B9; # (ì±²; ì±²; 챲; ì±²; 챲; ) HANGUL SYLLABLE CYABS +CC73;CC73;110E 1163 11BA;CC73;110E 1163 11BA; # (ì±³; ì±³; 챳; ì±³; 챳; ) HANGUL SYLLABLE CYAS +CC74;CC74;110E 1163 11BB;CC74;110E 1163 11BB; # (ì±´; ì±´; 챴; ì±´; 챴; ) HANGUL SYLLABLE CYASS +CC75;CC75;110E 1163 11BC;CC75;110E 1163 11BC; # (ì±µ; ì±µ; 챵; ì±µ; 챵; ) HANGUL SYLLABLE CYANG +CC76;CC76;110E 1163 11BD;CC76;110E 1163 11BD; # (챶; 챶; 챶; 챶; 챶; ) HANGUL SYLLABLE CYAJ +CC77;CC77;110E 1163 11BE;CC77;110E 1163 11BE; # (ì±·; ì±·; 챷; ì±·; 챷; ) HANGUL SYLLABLE CYAC +CC78;CC78;110E 1163 11BF;CC78;110E 1163 11BF; # (챸; 챸; 챸; 챸; 챸; ) HANGUL SYLLABLE CYAK +CC79;CC79;110E 1163 11C0;CC79;110E 1163 11C0; # (ì±¹; ì±¹; 챹; ì±¹; 챹; ) HANGUL SYLLABLE CYAT +CC7A;CC7A;110E 1163 11C1;CC7A;110E 1163 11C1; # (챺; 챺; á„Žá…£á‡; 챺; á„Žá…£á‡; ) HANGUL SYLLABLE CYAP +CC7B;CC7B;110E 1163 11C2;CC7B;110E 1163 11C2; # (ì±»; ì±»; 챻; ì±»; 챻; ) HANGUL SYLLABLE CYAH +CC7C;CC7C;110E 1164;CC7C;110E 1164; # (ì±¼; ì±¼; á„Žá…¤; ì±¼; á„Žá…¤; ) HANGUL SYLLABLE CYAE +CC7D;CC7D;110E 1164 11A8;CC7D;110E 1164 11A8; # (ì±½; ì±½; 챽; ì±½; 챽; ) HANGUL SYLLABLE CYAEG +CC7E;CC7E;110E 1164 11A9;CC7E;110E 1164 11A9; # (ì±¾; ì±¾; 챾; ì±¾; 챾; ) HANGUL SYLLABLE CYAEGG +CC7F;CC7F;110E 1164 11AA;CC7F;110E 1164 11AA; # (챿; 챿; 챿; 챿; 챿; ) HANGUL SYLLABLE CYAEGS +CC80;CC80;110E 1164 11AB;CC80;110E 1164 11AB; # (ì²€; ì²€; 첀; ì²€; 첀; ) HANGUL SYLLABLE CYAEN +CC81;CC81;110E 1164 11AC;CC81;110E 1164 11AC; # (ì²; ì²; 첁; ì²; 첁; ) HANGUL SYLLABLE CYAENJ +CC82;CC82;110E 1164 11AD;CC82;110E 1164 11AD; # (첂; 첂; 첂; 첂; 첂; ) HANGUL SYLLABLE CYAENH +CC83;CC83;110E 1164 11AE;CC83;110E 1164 11AE; # (첃; 첃; 첃; 첃; 첃; ) HANGUL SYLLABLE CYAED +CC84;CC84;110E 1164 11AF;CC84;110E 1164 11AF; # (첄; 첄; 첄; 첄; 첄; ) HANGUL SYLLABLE CYAEL +CC85;CC85;110E 1164 11B0;CC85;110E 1164 11B0; # (ì²…; ì²…; 첅; ì²…; 첅; ) HANGUL SYLLABLE CYAELG +CC86;CC86;110E 1164 11B1;CC86;110E 1164 11B1; # (첆; 첆; 첆; 첆; 첆; ) HANGUL SYLLABLE CYAELM +CC87;CC87;110E 1164 11B2;CC87;110E 1164 11B2; # (첇; 첇; 첇; 첇; 첇; ) HANGUL SYLLABLE CYAELB +CC88;CC88;110E 1164 11B3;CC88;110E 1164 11B3; # (첈; 첈; 첈; 첈; 첈; ) HANGUL SYLLABLE CYAELS +CC89;CC89;110E 1164 11B4;CC89;110E 1164 11B4; # (첉; 첉; 첉; 첉; 첉; ) HANGUL SYLLABLE CYAELT +CC8A;CC8A;110E 1164 11B5;CC8A;110E 1164 11B5; # (첊; 첊; 첊; 첊; 첊; ) HANGUL SYLLABLE CYAELP +CC8B;CC8B;110E 1164 11B6;CC8B;110E 1164 11B6; # (첋; 첋; 첋; 첋; 첋; ) HANGUL SYLLABLE CYAELH +CC8C;CC8C;110E 1164 11B7;CC8C;110E 1164 11B7; # (첌; 첌; 첌; 첌; 첌; ) HANGUL SYLLABLE CYAEM +CC8D;CC8D;110E 1164 11B8;CC8D;110E 1164 11B8; # (ì²; ì²; 첍; ì²; 첍; ) HANGUL SYLLABLE CYAEB +CC8E;CC8E;110E 1164 11B9;CC8E;110E 1164 11B9; # (첎; 첎; 첎; 첎; 첎; ) HANGUL SYLLABLE CYAEBS +CC8F;CC8F;110E 1164 11BA;CC8F;110E 1164 11BA; # (ì²; ì²; 첏; ì²; 첏; ) HANGUL SYLLABLE CYAES +CC90;CC90;110E 1164 11BB;CC90;110E 1164 11BB; # (ì²; ì²; 첐; ì²; 첐; ) HANGUL SYLLABLE CYAESS +CC91;CC91;110E 1164 11BC;CC91;110E 1164 11BC; # (첑; 첑; 첑; 첑; 첑; ) HANGUL SYLLABLE CYAENG +CC92;CC92;110E 1164 11BD;CC92;110E 1164 11BD; # (ì²’; ì²’; 첒; ì²’; 첒; ) HANGUL SYLLABLE CYAEJ +CC93;CC93;110E 1164 11BE;CC93;110E 1164 11BE; # (첓; 첓; 첓; 첓; 첓; ) HANGUL SYLLABLE CYAEC +CC94;CC94;110E 1164 11BF;CC94;110E 1164 11BF; # (ì²”; ì²”; 첔; ì²”; 첔; ) HANGUL SYLLABLE CYAEK +CC95;CC95;110E 1164 11C0;CC95;110E 1164 11C0; # (첕; 첕; 첕; 첕; 첕; ) HANGUL SYLLABLE CYAET +CC96;CC96;110E 1164 11C1;CC96;110E 1164 11C1; # (ì²–; ì²–; á„Žá…¤á‡; ì²–; á„Žá…¤á‡; ) HANGUL SYLLABLE CYAEP +CC97;CC97;110E 1164 11C2;CC97;110E 1164 11C2; # (ì²—; ì²—; 첗; ì²—; 첗; ) HANGUL SYLLABLE CYAEH +CC98;CC98;110E 1165;CC98;110E 1165; # (처; 처; á„Žá…¥; 처; á„Žá…¥; ) HANGUL SYLLABLE CEO +CC99;CC99;110E 1165 11A8;CC99;110E 1165 11A8; # (ì²™; ì²™; 척; ì²™; 척; ) HANGUL SYLLABLE CEOG +CC9A;CC9A;110E 1165 11A9;CC9A;110E 1165 11A9; # (첚; 첚; 첚; 첚; 첚; ) HANGUL SYLLABLE CEOGG +CC9B;CC9B;110E 1165 11AA;CC9B;110E 1165 11AA; # (ì²›; ì²›; 첛; ì²›; 첛; ) HANGUL SYLLABLE CEOGS +CC9C;CC9C;110E 1165 11AB;CC9C;110E 1165 11AB; # (천; 천; 천; 천; 천; ) HANGUL SYLLABLE CEON +CC9D;CC9D;110E 1165 11AC;CC9D;110E 1165 11AC; # (ì²; ì²; 첝; ì²; 첝; ) HANGUL SYLLABLE CEONJ +CC9E;CC9E;110E 1165 11AD;CC9E;110E 1165 11AD; # (첞; 첞; 첞; 첞; 첞; ) HANGUL SYLLABLE CEONH +CC9F;CC9F;110E 1165 11AE;CC9F;110E 1165 11AE; # (첟; 첟; 첟; 첟; 첟; ) HANGUL SYLLABLE CEOD +CCA0;CCA0;110E 1165 11AF;CCA0;110E 1165 11AF; # (ì² ; ì² ; 철; ì² ; 철; ) HANGUL SYLLABLE CEOL +CCA1;CCA1;110E 1165 11B0;CCA1;110E 1165 11B0; # (첡; 첡; 첡; 첡; 첡; ) HANGUL SYLLABLE CEOLG +CCA2;CCA2;110E 1165 11B1;CCA2;110E 1165 11B1; # (ì²¢; ì²¢; 첢; ì²¢; 첢; ) HANGUL SYLLABLE CEOLM +CCA3;CCA3;110E 1165 11B2;CCA3;110E 1165 11B2; # (ì²£; ì²£; 첣; ì²£; 첣; ) HANGUL SYLLABLE CEOLB +CCA4;CCA4;110E 1165 11B3;CCA4;110E 1165 11B3; # (첤; 첤; 첤; 첤; 첤; ) HANGUL SYLLABLE CEOLS +CCA5;CCA5;110E 1165 11B4;CCA5;110E 1165 11B4; # (ì²¥; ì²¥; 첥; ì²¥; 첥; ) HANGUL SYLLABLE CEOLT +CCA6;CCA6;110E 1165 11B5;CCA6;110E 1165 11B5; # (첦; 첦; 첦; 첦; 첦; ) HANGUL SYLLABLE CEOLP +CCA7;CCA7;110E 1165 11B6;CCA7;110E 1165 11B6; # (첧; 첧; 첧; 첧; 첧; ) HANGUL SYLLABLE CEOLH +CCA8;CCA8;110E 1165 11B7;CCA8;110E 1165 11B7; # (첨; 첨; 첨; 첨; 첨; ) HANGUL SYLLABLE CEOM +CCA9;CCA9;110E 1165 11B8;CCA9;110E 1165 11B8; # (첩; 첩; 첩; 첩; 첩; ) HANGUL SYLLABLE CEOB +CCAA;CCAA;110E 1165 11B9;CCAA;110E 1165 11B9; # (첪; 첪; 첪; 첪; 첪; ) HANGUL SYLLABLE CEOBS +CCAB;CCAB;110E 1165 11BA;CCAB;110E 1165 11BA; # (첫; 첫; 첫; 첫; 첫; ) HANGUL SYLLABLE CEOS +CCAC;CCAC;110E 1165 11BB;CCAC;110E 1165 11BB; # (첬; 첬; 첬; 첬; 첬; ) HANGUL SYLLABLE CEOSS +CCAD;CCAD;110E 1165 11BC;CCAD;110E 1165 11BC; # (ì²­; ì²­; 청; ì²­; 청; ) HANGUL SYLLABLE CEONG +CCAE;CCAE;110E 1165 11BD;CCAE;110E 1165 11BD; # (ì²®; ì²®; 첮; ì²®; 첮; ) HANGUL SYLLABLE CEOJ +CCAF;CCAF;110E 1165 11BE;CCAF;110E 1165 11BE; # (첯; 첯; 첯; 첯; 첯; ) HANGUL SYLLABLE CEOC +CCB0;CCB0;110E 1165 11BF;CCB0;110E 1165 11BF; # (ì²°; ì²°; 첰; ì²°; 첰; ) HANGUL SYLLABLE CEOK +CCB1;CCB1;110E 1165 11C0;CCB1;110E 1165 11C0; # (ì²±; ì²±; 첱; ì²±; 첱; ) HANGUL SYLLABLE CEOT +CCB2;CCB2;110E 1165 11C1;CCB2;110E 1165 11C1; # (ì²²; ì²²; á„Žá…¥á‡; ì²²; á„Žá…¥á‡; ) HANGUL SYLLABLE CEOP +CCB3;CCB3;110E 1165 11C2;CCB3;110E 1165 11C2; # (ì²³; ì²³; 첳; ì²³; 첳; ) HANGUL SYLLABLE CEOH +CCB4;CCB4;110E 1166;CCB4;110E 1166; # (ì²´; ì²´; á„Žá…¦; ì²´; á„Žá…¦; ) HANGUL SYLLABLE CE +CCB5;CCB5;110E 1166 11A8;CCB5;110E 1166 11A8; # (ì²µ; ì²µ; 첵; ì²µ; 첵; ) HANGUL SYLLABLE CEG +CCB6;CCB6;110E 1166 11A9;CCB6;110E 1166 11A9; # (첶; 첶; 첶; 첶; 첶; ) HANGUL SYLLABLE CEGG +CCB7;CCB7;110E 1166 11AA;CCB7;110E 1166 11AA; # (ì²·; ì²·; 첷; ì²·; 첷; ) HANGUL SYLLABLE CEGS +CCB8;CCB8;110E 1166 11AB;CCB8;110E 1166 11AB; # (첸; 첸; 첸; 첸; 첸; ) HANGUL SYLLABLE CEN +CCB9;CCB9;110E 1166 11AC;CCB9;110E 1166 11AC; # (ì²¹; ì²¹; 첹; ì²¹; 첹; ) HANGUL SYLLABLE CENJ +CCBA;CCBA;110E 1166 11AD;CCBA;110E 1166 11AD; # (첺; 첺; 첺; 첺; 첺; ) HANGUL SYLLABLE CENH +CCBB;CCBB;110E 1166 11AE;CCBB;110E 1166 11AE; # (ì²»; ì²»; 첻; ì²»; 첻; ) HANGUL SYLLABLE CED +CCBC;CCBC;110E 1166 11AF;CCBC;110E 1166 11AF; # (ì²¼; ì²¼; 첼; ì²¼; 첼; ) HANGUL SYLLABLE CEL +CCBD;CCBD;110E 1166 11B0;CCBD;110E 1166 11B0; # (ì²½; ì²½; 첽; ì²½; 첽; ) HANGUL SYLLABLE CELG +CCBE;CCBE;110E 1166 11B1;CCBE;110E 1166 11B1; # (ì²¾; ì²¾; 첾; ì²¾; 첾; ) HANGUL SYLLABLE CELM +CCBF;CCBF;110E 1166 11B2;CCBF;110E 1166 11B2; # (첿; 첿; 첿; 첿; 첿; ) HANGUL SYLLABLE CELB +CCC0;CCC0;110E 1166 11B3;CCC0;110E 1166 11B3; # (ì³€; ì³€; 쳀; ì³€; 쳀; ) HANGUL SYLLABLE CELS +CCC1;CCC1;110E 1166 11B4;CCC1;110E 1166 11B4; # (ì³; ì³; 쳁; ì³; 쳁; ) HANGUL SYLLABLE CELT +CCC2;CCC2;110E 1166 11B5;CCC2;110E 1166 11B5; # (쳂; 쳂; 쳂; 쳂; 쳂; ) HANGUL SYLLABLE CELP +CCC3;CCC3;110E 1166 11B6;CCC3;110E 1166 11B6; # (쳃; 쳃; 쳃; 쳃; 쳃; ) HANGUL SYLLABLE CELH +CCC4;CCC4;110E 1166 11B7;CCC4;110E 1166 11B7; # (쳄; 쳄; 쳄; 쳄; 쳄; ) HANGUL SYLLABLE CEM +CCC5;CCC5;110E 1166 11B8;CCC5;110E 1166 11B8; # (ì³…; ì³…; 쳅; ì³…; 쳅; ) HANGUL SYLLABLE CEB +CCC6;CCC6;110E 1166 11B9;CCC6;110E 1166 11B9; # (쳆; 쳆; 쳆; 쳆; 쳆; ) HANGUL SYLLABLE CEBS +CCC7;CCC7;110E 1166 11BA;CCC7;110E 1166 11BA; # (쳇; 쳇; 쳇; 쳇; 쳇; ) HANGUL SYLLABLE CES +CCC8;CCC8;110E 1166 11BB;CCC8;110E 1166 11BB; # (쳈; 쳈; 쳈; 쳈; 쳈; ) HANGUL SYLLABLE CESS +CCC9;CCC9;110E 1166 11BC;CCC9;110E 1166 11BC; # (쳉; 쳉; 쳉; 쳉; 쳉; ) HANGUL SYLLABLE CENG +CCCA;CCCA;110E 1166 11BD;CCCA;110E 1166 11BD; # (쳊; 쳊; 쳊; 쳊; 쳊; ) HANGUL SYLLABLE CEJ +CCCB;CCCB;110E 1166 11BE;CCCB;110E 1166 11BE; # (쳋; 쳋; 쳋; 쳋; 쳋; ) HANGUL SYLLABLE CEC +CCCC;CCCC;110E 1166 11BF;CCCC;110E 1166 11BF; # (쳌; 쳌; 쳌; 쳌; 쳌; ) HANGUL SYLLABLE CEK +CCCD;CCCD;110E 1166 11C0;CCCD;110E 1166 11C0; # (ì³; ì³; 쳍; ì³; 쳍; ) HANGUL SYLLABLE CET +CCCE;CCCE;110E 1166 11C1;CCCE;110E 1166 11C1; # (쳎; 쳎; á„Žá…¦á‡; 쳎; á„Žá…¦á‡; ) HANGUL SYLLABLE CEP +CCCF;CCCF;110E 1166 11C2;CCCF;110E 1166 11C2; # (ì³; ì³; 쳏; ì³; 쳏; ) HANGUL SYLLABLE CEH +CCD0;CCD0;110E 1167;CCD0;110E 1167; # (ì³; ì³; á„Žá…§; ì³; á„Žá…§; ) HANGUL SYLLABLE CYEO +CCD1;CCD1;110E 1167 11A8;CCD1;110E 1167 11A8; # (쳑; 쳑; 쳑; 쳑; 쳑; ) HANGUL SYLLABLE CYEOG +CCD2;CCD2;110E 1167 11A9;CCD2;110E 1167 11A9; # (ì³’; ì³’; 쳒; ì³’; 쳒; ) HANGUL SYLLABLE CYEOGG +CCD3;CCD3;110E 1167 11AA;CCD3;110E 1167 11AA; # (쳓; 쳓; 쳓; 쳓; 쳓; ) HANGUL SYLLABLE CYEOGS +CCD4;CCD4;110E 1167 11AB;CCD4;110E 1167 11AB; # (ì³”; ì³”; 쳔; ì³”; 쳔; ) HANGUL SYLLABLE CYEON +CCD5;CCD5;110E 1167 11AC;CCD5;110E 1167 11AC; # (쳕; 쳕; 쳕; 쳕; 쳕; ) HANGUL SYLLABLE CYEONJ +CCD6;CCD6;110E 1167 11AD;CCD6;110E 1167 11AD; # (ì³–; ì³–; 쳖; ì³–; 쳖; ) HANGUL SYLLABLE CYEONH +CCD7;CCD7;110E 1167 11AE;CCD7;110E 1167 11AE; # (ì³—; ì³—; 쳗; ì³—; 쳗; ) HANGUL SYLLABLE CYEOD +CCD8;CCD8;110E 1167 11AF;CCD8;110E 1167 11AF; # (쳘; 쳘; 쳘; 쳘; 쳘; ) HANGUL SYLLABLE CYEOL +CCD9;CCD9;110E 1167 11B0;CCD9;110E 1167 11B0; # (ì³™; ì³™; 쳙; ì³™; 쳙; ) HANGUL SYLLABLE CYEOLG +CCDA;CCDA;110E 1167 11B1;CCDA;110E 1167 11B1; # (쳚; 쳚; 쳚; 쳚; 쳚; ) HANGUL SYLLABLE CYEOLM +CCDB;CCDB;110E 1167 11B2;CCDB;110E 1167 11B2; # (ì³›; ì³›; 쳛; ì³›; 쳛; ) HANGUL SYLLABLE CYEOLB +CCDC;CCDC;110E 1167 11B3;CCDC;110E 1167 11B3; # (쳜; 쳜; 쳜; 쳜; 쳜; ) HANGUL SYLLABLE CYEOLS +CCDD;CCDD;110E 1167 11B4;CCDD;110E 1167 11B4; # (ì³; ì³; 쳝; ì³; 쳝; ) HANGUL SYLLABLE CYEOLT +CCDE;CCDE;110E 1167 11B5;CCDE;110E 1167 11B5; # (쳞; 쳞; 쳞; 쳞; 쳞; ) HANGUL SYLLABLE CYEOLP +CCDF;CCDF;110E 1167 11B6;CCDF;110E 1167 11B6; # (쳟; 쳟; 쳟; 쳟; 쳟; ) HANGUL SYLLABLE CYEOLH +CCE0;CCE0;110E 1167 11B7;CCE0;110E 1167 11B7; # (ì³ ; ì³ ; 쳠; ì³ ; 쳠; ) HANGUL SYLLABLE CYEOM +CCE1;CCE1;110E 1167 11B8;CCE1;110E 1167 11B8; # (쳡; 쳡; 쳡; 쳡; 쳡; ) HANGUL SYLLABLE CYEOB +CCE2;CCE2;110E 1167 11B9;CCE2;110E 1167 11B9; # (ì³¢; ì³¢; 쳢; ì³¢; 쳢; ) HANGUL SYLLABLE CYEOBS +CCE3;CCE3;110E 1167 11BA;CCE3;110E 1167 11BA; # (ì³£; ì³£; 쳣; ì³£; 쳣; ) HANGUL SYLLABLE CYEOS +CCE4;CCE4;110E 1167 11BB;CCE4;110E 1167 11BB; # (쳤; 쳤; 쳤; 쳤; 쳤; ) HANGUL SYLLABLE CYEOSS +CCE5;CCE5;110E 1167 11BC;CCE5;110E 1167 11BC; # (ì³¥; ì³¥; 쳥; ì³¥; 쳥; ) HANGUL SYLLABLE CYEONG +CCE6;CCE6;110E 1167 11BD;CCE6;110E 1167 11BD; # (쳦; 쳦; 쳦; 쳦; 쳦; ) HANGUL SYLLABLE CYEOJ +CCE7;CCE7;110E 1167 11BE;CCE7;110E 1167 11BE; # (쳧; 쳧; 쳧; 쳧; 쳧; ) HANGUL SYLLABLE CYEOC +CCE8;CCE8;110E 1167 11BF;CCE8;110E 1167 11BF; # (쳨; 쳨; 쳨; 쳨; 쳨; ) HANGUL SYLLABLE CYEOK +CCE9;CCE9;110E 1167 11C0;CCE9;110E 1167 11C0; # (쳩; 쳩; 쳩; 쳩; 쳩; ) HANGUL SYLLABLE CYEOT +CCEA;CCEA;110E 1167 11C1;CCEA;110E 1167 11C1; # (쳪; 쳪; á„Žá…§á‡; 쳪; á„Žá…§á‡; ) HANGUL SYLLABLE CYEOP +CCEB;CCEB;110E 1167 11C2;CCEB;110E 1167 11C2; # (쳫; 쳫; 쳫; 쳫; 쳫; ) HANGUL SYLLABLE CYEOH +CCEC;CCEC;110E 1168;CCEC;110E 1168; # (쳬; 쳬; á„Žá…¨; 쳬; á„Žá…¨; ) HANGUL SYLLABLE CYE +CCED;CCED;110E 1168 11A8;CCED;110E 1168 11A8; # (ì³­; ì³­; 쳭; ì³­; 쳭; ) HANGUL SYLLABLE CYEG +CCEE;CCEE;110E 1168 11A9;CCEE;110E 1168 11A9; # (ì³®; ì³®; 쳮; ì³®; 쳮; ) HANGUL SYLLABLE CYEGG +CCEF;CCEF;110E 1168 11AA;CCEF;110E 1168 11AA; # (쳯; 쳯; 쳯; 쳯; 쳯; ) HANGUL SYLLABLE CYEGS +CCF0;CCF0;110E 1168 11AB;CCF0;110E 1168 11AB; # (ì³°; ì³°; 쳰; ì³°; 쳰; ) HANGUL SYLLABLE CYEN +CCF1;CCF1;110E 1168 11AC;CCF1;110E 1168 11AC; # (ì³±; ì³±; 쳱; ì³±; 쳱; ) HANGUL SYLLABLE CYENJ +CCF2;CCF2;110E 1168 11AD;CCF2;110E 1168 11AD; # (ì³²; ì³²; 쳲; ì³²; 쳲; ) HANGUL SYLLABLE CYENH +CCF3;CCF3;110E 1168 11AE;CCF3;110E 1168 11AE; # (ì³³; ì³³; 쳳; ì³³; 쳳; ) HANGUL SYLLABLE CYED +CCF4;CCF4;110E 1168 11AF;CCF4;110E 1168 11AF; # (ì³´; ì³´; 쳴; ì³´; 쳴; ) HANGUL SYLLABLE CYEL +CCF5;CCF5;110E 1168 11B0;CCF5;110E 1168 11B0; # (ì³µ; ì³µ; 쳵; ì³µ; 쳵; ) HANGUL SYLLABLE CYELG +CCF6;CCF6;110E 1168 11B1;CCF6;110E 1168 11B1; # (쳶; 쳶; 쳶; 쳶; 쳶; ) HANGUL SYLLABLE CYELM +CCF7;CCF7;110E 1168 11B2;CCF7;110E 1168 11B2; # (ì³·; ì³·; 쳷; ì³·; 쳷; ) HANGUL SYLLABLE CYELB +CCF8;CCF8;110E 1168 11B3;CCF8;110E 1168 11B3; # (쳸; 쳸; 쳸; 쳸; 쳸; ) HANGUL SYLLABLE CYELS +CCF9;CCF9;110E 1168 11B4;CCF9;110E 1168 11B4; # (ì³¹; ì³¹; 쳹; ì³¹; 쳹; ) HANGUL SYLLABLE CYELT +CCFA;CCFA;110E 1168 11B5;CCFA;110E 1168 11B5; # (쳺; 쳺; 쳺; 쳺; 쳺; ) HANGUL SYLLABLE CYELP +CCFB;CCFB;110E 1168 11B6;CCFB;110E 1168 11B6; # (ì³»; ì³»; 쳻; ì³»; 쳻; ) HANGUL SYLLABLE CYELH +CCFC;CCFC;110E 1168 11B7;CCFC;110E 1168 11B7; # (ì³¼; ì³¼; 쳼; ì³¼; 쳼; ) HANGUL SYLLABLE CYEM +CCFD;CCFD;110E 1168 11B8;CCFD;110E 1168 11B8; # (ì³½; ì³½; 쳽; ì³½; 쳽; ) HANGUL SYLLABLE CYEB +CCFE;CCFE;110E 1168 11B9;CCFE;110E 1168 11B9; # (ì³¾; ì³¾; 쳾; ì³¾; 쳾; ) HANGUL SYLLABLE CYEBS +CCFF;CCFF;110E 1168 11BA;CCFF;110E 1168 11BA; # (쳿; 쳿; 쳿; 쳿; 쳿; ) HANGUL SYLLABLE CYES +CD00;CD00;110E 1168 11BB;CD00;110E 1168 11BB; # (ì´€; ì´€; 촀; ì´€; 촀; ) HANGUL SYLLABLE CYESS +CD01;CD01;110E 1168 11BC;CD01;110E 1168 11BC; # (ì´; ì´; 촁; ì´; 촁; ) HANGUL SYLLABLE CYENG +CD02;CD02;110E 1168 11BD;CD02;110E 1168 11BD; # (ì´‚; ì´‚; 촂; ì´‚; 촂; ) HANGUL SYLLABLE CYEJ +CD03;CD03;110E 1168 11BE;CD03;110E 1168 11BE; # (ì´ƒ; ì´ƒ; 촃; ì´ƒ; 촃; ) HANGUL SYLLABLE CYEC +CD04;CD04;110E 1168 11BF;CD04;110E 1168 11BF; # (ì´„; ì´„; 촄; ì´„; 촄; ) HANGUL SYLLABLE CYEK +CD05;CD05;110E 1168 11C0;CD05;110E 1168 11C0; # (ì´…; ì´…; 촅; ì´…; 촅; ) HANGUL SYLLABLE CYET +CD06;CD06;110E 1168 11C1;CD06;110E 1168 11C1; # (ì´†; ì´†; á„Žá…¨á‡; ì´†; á„Žá…¨á‡; ) HANGUL SYLLABLE CYEP +CD07;CD07;110E 1168 11C2;CD07;110E 1168 11C2; # (ì´‡; ì´‡; 촇; ì´‡; 촇; ) HANGUL SYLLABLE CYEH +CD08;CD08;110E 1169;CD08;110E 1169; # (ì´ˆ; ì´ˆ; á„Žá…©; ì´ˆ; á„Žá…©; ) HANGUL SYLLABLE CO +CD09;CD09;110E 1169 11A8;CD09;110E 1169 11A8; # (ì´‰; ì´‰; 촉; ì´‰; 촉; ) HANGUL SYLLABLE COG +CD0A;CD0A;110E 1169 11A9;CD0A;110E 1169 11A9; # (ì´Š; ì´Š; 촊; ì´Š; 촊; ) HANGUL SYLLABLE COGG +CD0B;CD0B;110E 1169 11AA;CD0B;110E 1169 11AA; # (ì´‹; ì´‹; 촋; ì´‹; 촋; ) HANGUL SYLLABLE COGS +CD0C;CD0C;110E 1169 11AB;CD0C;110E 1169 11AB; # (ì´Œ; ì´Œ; 촌; ì´Œ; 촌; ) HANGUL SYLLABLE CON +CD0D;CD0D;110E 1169 11AC;CD0D;110E 1169 11AC; # (ì´; ì´; 촍; ì´; 촍; ) HANGUL SYLLABLE CONJ +CD0E;CD0E;110E 1169 11AD;CD0E;110E 1169 11AD; # (ì´Ž; ì´Ž; 촎; ì´Ž; 촎; ) HANGUL SYLLABLE CONH +CD0F;CD0F;110E 1169 11AE;CD0F;110E 1169 11AE; # (ì´; ì´; 촏; ì´; 촏; ) HANGUL SYLLABLE COD +CD10;CD10;110E 1169 11AF;CD10;110E 1169 11AF; # (ì´; ì´; 촐; ì´; 촐; ) HANGUL SYLLABLE COL +CD11;CD11;110E 1169 11B0;CD11;110E 1169 11B0; # (ì´‘; ì´‘; 촑; ì´‘; 촑; ) HANGUL SYLLABLE COLG +CD12;CD12;110E 1169 11B1;CD12;110E 1169 11B1; # (ì´’; ì´’; 촒; ì´’; 촒; ) HANGUL SYLLABLE COLM +CD13;CD13;110E 1169 11B2;CD13;110E 1169 11B2; # (ì´“; ì´“; 촓; ì´“; 촓; ) HANGUL SYLLABLE COLB +CD14;CD14;110E 1169 11B3;CD14;110E 1169 11B3; # (ì´”; ì´”; 촔; ì´”; 촔; ) HANGUL SYLLABLE COLS +CD15;CD15;110E 1169 11B4;CD15;110E 1169 11B4; # (ì´•; ì´•; 촕; ì´•; 촕; ) HANGUL SYLLABLE COLT +CD16;CD16;110E 1169 11B5;CD16;110E 1169 11B5; # (ì´–; ì´–; 촖; ì´–; 촖; ) HANGUL SYLLABLE COLP +CD17;CD17;110E 1169 11B6;CD17;110E 1169 11B6; # (ì´—; ì´—; 촗; ì´—; 촗; ) HANGUL SYLLABLE COLH +CD18;CD18;110E 1169 11B7;CD18;110E 1169 11B7; # (ì´˜; ì´˜; 촘; ì´˜; 촘; ) HANGUL SYLLABLE COM +CD19;CD19;110E 1169 11B8;CD19;110E 1169 11B8; # (ì´™; ì´™; 촙; ì´™; 촙; ) HANGUL SYLLABLE COB +CD1A;CD1A;110E 1169 11B9;CD1A;110E 1169 11B9; # (ì´š; ì´š; 촚; ì´š; 촚; ) HANGUL SYLLABLE COBS +CD1B;CD1B;110E 1169 11BA;CD1B;110E 1169 11BA; # (ì´›; ì´›; 촛; ì´›; 촛; ) HANGUL SYLLABLE COS +CD1C;CD1C;110E 1169 11BB;CD1C;110E 1169 11BB; # (ì´œ; ì´œ; 촜; ì´œ; 촜; ) HANGUL SYLLABLE COSS +CD1D;CD1D;110E 1169 11BC;CD1D;110E 1169 11BC; # (ì´; ì´; 총; ì´; 총; ) HANGUL SYLLABLE CONG +CD1E;CD1E;110E 1169 11BD;CD1E;110E 1169 11BD; # (ì´ž; ì´ž; 촞; ì´ž; 촞; ) HANGUL SYLLABLE COJ +CD1F;CD1F;110E 1169 11BE;CD1F;110E 1169 11BE; # (ì´Ÿ; ì´Ÿ; 촟; ì´Ÿ; 촟; ) HANGUL SYLLABLE COC +CD20;CD20;110E 1169 11BF;CD20;110E 1169 11BF; # (ì´ ; ì´ ; 촠; ì´ ; 촠; ) HANGUL SYLLABLE COK +CD21;CD21;110E 1169 11C0;CD21;110E 1169 11C0; # (ì´¡; ì´¡; 촡; ì´¡; 촡; ) HANGUL SYLLABLE COT +CD22;CD22;110E 1169 11C1;CD22;110E 1169 11C1; # (ì´¢; ì´¢; á„Žá…©á‡; ì´¢; á„Žá…©á‡; ) HANGUL SYLLABLE COP +CD23;CD23;110E 1169 11C2;CD23;110E 1169 11C2; # (ì´£; ì´£; 촣; ì´£; 촣; ) HANGUL SYLLABLE COH +CD24;CD24;110E 116A;CD24;110E 116A; # (ì´¤; ì´¤; á„Žá…ª; ì´¤; á„Žá…ª; ) HANGUL SYLLABLE CWA +CD25;CD25;110E 116A 11A8;CD25;110E 116A 11A8; # (ì´¥; ì´¥; 촥; ì´¥; 촥; ) HANGUL SYLLABLE CWAG +CD26;CD26;110E 116A 11A9;CD26;110E 116A 11A9; # (ì´¦; ì´¦; 촦; ì´¦; 촦; ) HANGUL SYLLABLE CWAGG +CD27;CD27;110E 116A 11AA;CD27;110E 116A 11AA; # (ì´§; ì´§; 촧; ì´§; 촧; ) HANGUL SYLLABLE CWAGS +CD28;CD28;110E 116A 11AB;CD28;110E 116A 11AB; # (ì´¨; ì´¨; 촨; ì´¨; 촨; ) HANGUL SYLLABLE CWAN +CD29;CD29;110E 116A 11AC;CD29;110E 116A 11AC; # (ì´©; ì´©; 촩; ì´©; 촩; ) HANGUL SYLLABLE CWANJ +CD2A;CD2A;110E 116A 11AD;CD2A;110E 116A 11AD; # (ì´ª; ì´ª; 촪; ì´ª; 촪; ) HANGUL SYLLABLE CWANH +CD2B;CD2B;110E 116A 11AE;CD2B;110E 116A 11AE; # (ì´«; ì´«; 촫; ì´«; 촫; ) HANGUL SYLLABLE CWAD +CD2C;CD2C;110E 116A 11AF;CD2C;110E 116A 11AF; # (ì´¬; ì´¬; 촬; ì´¬; 촬; ) HANGUL SYLLABLE CWAL +CD2D;CD2D;110E 116A 11B0;CD2D;110E 116A 11B0; # (ì´­; ì´­; 촭; ì´­; 촭; ) HANGUL SYLLABLE CWALG +CD2E;CD2E;110E 116A 11B1;CD2E;110E 116A 11B1; # (ì´®; ì´®; 촮; ì´®; 촮; ) HANGUL SYLLABLE CWALM +CD2F;CD2F;110E 116A 11B2;CD2F;110E 116A 11B2; # (ì´¯; ì´¯; 촯; ì´¯; 촯; ) HANGUL SYLLABLE CWALB +CD30;CD30;110E 116A 11B3;CD30;110E 116A 11B3; # (ì´°; ì´°; 촰; ì´°; 촰; ) HANGUL SYLLABLE CWALS +CD31;CD31;110E 116A 11B4;CD31;110E 116A 11B4; # (ì´±; ì´±; 촱; ì´±; 촱; ) HANGUL SYLLABLE CWALT +CD32;CD32;110E 116A 11B5;CD32;110E 116A 11B5; # (ì´²; ì´²; 촲; ì´²; 촲; ) HANGUL SYLLABLE CWALP +CD33;CD33;110E 116A 11B6;CD33;110E 116A 11B6; # (ì´³; ì´³; 촳; ì´³; 촳; ) HANGUL SYLLABLE CWALH +CD34;CD34;110E 116A 11B7;CD34;110E 116A 11B7; # (ì´´; ì´´; 촴; ì´´; 촴; ) HANGUL SYLLABLE CWAM +CD35;CD35;110E 116A 11B8;CD35;110E 116A 11B8; # (ì´µ; ì´µ; 촵; ì´µ; 촵; ) HANGUL SYLLABLE CWAB +CD36;CD36;110E 116A 11B9;CD36;110E 116A 11B9; # (ì´¶; ì´¶; 촶; ì´¶; 촶; ) HANGUL SYLLABLE CWABS +CD37;CD37;110E 116A 11BA;CD37;110E 116A 11BA; # (ì´·; ì´·; 촷; ì´·; 촷; ) HANGUL SYLLABLE CWAS +CD38;CD38;110E 116A 11BB;CD38;110E 116A 11BB; # (ì´¸; ì´¸; 촸; ì´¸; 촸; ) HANGUL SYLLABLE CWASS +CD39;CD39;110E 116A 11BC;CD39;110E 116A 11BC; # (ì´¹; ì´¹; 촹; ì´¹; 촹; ) HANGUL SYLLABLE CWANG +CD3A;CD3A;110E 116A 11BD;CD3A;110E 116A 11BD; # (ì´º; ì´º; 촺; ì´º; 촺; ) HANGUL SYLLABLE CWAJ +CD3B;CD3B;110E 116A 11BE;CD3B;110E 116A 11BE; # (ì´»; ì´»; 촻; ì´»; 촻; ) HANGUL SYLLABLE CWAC +CD3C;CD3C;110E 116A 11BF;CD3C;110E 116A 11BF; # (ì´¼; ì´¼; 촼; ì´¼; 촼; ) HANGUL SYLLABLE CWAK +CD3D;CD3D;110E 116A 11C0;CD3D;110E 116A 11C0; # (ì´½; ì´½; 촽; ì´½; 촽; ) HANGUL SYLLABLE CWAT +CD3E;CD3E;110E 116A 11C1;CD3E;110E 116A 11C1; # (ì´¾; ì´¾; á„Žá…ªá‡; ì´¾; á„Žá…ªá‡; ) HANGUL SYLLABLE CWAP +CD3F;CD3F;110E 116A 11C2;CD3F;110E 116A 11C2; # (ì´¿; ì´¿; 촿; ì´¿; 촿; ) HANGUL SYLLABLE CWAH +CD40;CD40;110E 116B;CD40;110E 116B; # (ìµ€; ìµ€; á„Žá…«; ìµ€; á„Žá…«; ) HANGUL SYLLABLE CWAE +CD41;CD41;110E 116B 11A8;CD41;110E 116B 11A8; # (ìµ; ìµ; 쵁; ìµ; 쵁; ) HANGUL SYLLABLE CWAEG +CD42;CD42;110E 116B 11A9;CD42;110E 116B 11A9; # (쵂; 쵂; 쵂; 쵂; 쵂; ) HANGUL SYLLABLE CWAEGG +CD43;CD43;110E 116B 11AA;CD43;110E 116B 11AA; # (쵃; 쵃; 쵃; 쵃; 쵃; ) HANGUL SYLLABLE CWAEGS +CD44;CD44;110E 116B 11AB;CD44;110E 116B 11AB; # (쵄; 쵄; 쵄; 쵄; 쵄; ) HANGUL SYLLABLE CWAEN +CD45;CD45;110E 116B 11AC;CD45;110E 116B 11AC; # (ìµ…; ìµ…; 쵅; ìµ…; 쵅; ) HANGUL SYLLABLE CWAENJ +CD46;CD46;110E 116B 11AD;CD46;110E 116B 11AD; # (쵆; 쵆; 쵆; 쵆; 쵆; ) HANGUL SYLLABLE CWAENH +CD47;CD47;110E 116B 11AE;CD47;110E 116B 11AE; # (쵇; 쵇; 쵇; 쵇; 쵇; ) HANGUL SYLLABLE CWAED +CD48;CD48;110E 116B 11AF;CD48;110E 116B 11AF; # (쵈; 쵈; 쵈; 쵈; 쵈; ) HANGUL SYLLABLE CWAEL +CD49;CD49;110E 116B 11B0;CD49;110E 116B 11B0; # (쵉; 쵉; 쵉; 쵉; 쵉; ) HANGUL SYLLABLE CWAELG +CD4A;CD4A;110E 116B 11B1;CD4A;110E 116B 11B1; # (쵊; 쵊; 쵊; 쵊; 쵊; ) HANGUL SYLLABLE CWAELM +CD4B;CD4B;110E 116B 11B2;CD4B;110E 116B 11B2; # (쵋; 쵋; 쵋; 쵋; 쵋; ) HANGUL SYLLABLE CWAELB +CD4C;CD4C;110E 116B 11B3;CD4C;110E 116B 11B3; # (쵌; 쵌; 쵌; 쵌; 쵌; ) HANGUL SYLLABLE CWAELS +CD4D;CD4D;110E 116B 11B4;CD4D;110E 116B 11B4; # (ìµ; ìµ; 쵍; ìµ; 쵍; ) HANGUL SYLLABLE CWAELT +CD4E;CD4E;110E 116B 11B5;CD4E;110E 116B 11B5; # (쵎; 쵎; 쵎; 쵎; 쵎; ) HANGUL SYLLABLE CWAELP +CD4F;CD4F;110E 116B 11B6;CD4F;110E 116B 11B6; # (ìµ; ìµ; 쵏; ìµ; 쵏; ) HANGUL SYLLABLE CWAELH +CD50;CD50;110E 116B 11B7;CD50;110E 116B 11B7; # (ìµ; ìµ; 쵐; ìµ; 쵐; ) HANGUL SYLLABLE CWAEM +CD51;CD51;110E 116B 11B8;CD51;110E 116B 11B8; # (쵑; 쵑; 쵑; 쵑; 쵑; ) HANGUL SYLLABLE CWAEB +CD52;CD52;110E 116B 11B9;CD52;110E 116B 11B9; # (ìµ’; ìµ’; 쵒; ìµ’; 쵒; ) HANGUL SYLLABLE CWAEBS +CD53;CD53;110E 116B 11BA;CD53;110E 116B 11BA; # (쵓; 쵓; 쵓; 쵓; 쵓; ) HANGUL SYLLABLE CWAES +CD54;CD54;110E 116B 11BB;CD54;110E 116B 11BB; # (ìµ”; ìµ”; 쵔; ìµ”; 쵔; ) HANGUL SYLLABLE CWAESS +CD55;CD55;110E 116B 11BC;CD55;110E 116B 11BC; # (쵕; 쵕; 쵕; 쵕; 쵕; ) HANGUL SYLLABLE CWAENG +CD56;CD56;110E 116B 11BD;CD56;110E 116B 11BD; # (ìµ–; ìµ–; 쵖; ìµ–; 쵖; ) HANGUL SYLLABLE CWAEJ +CD57;CD57;110E 116B 11BE;CD57;110E 116B 11BE; # (ìµ—; ìµ—; 쵗; ìµ—; 쵗; ) HANGUL SYLLABLE CWAEC +CD58;CD58;110E 116B 11BF;CD58;110E 116B 11BF; # (쵘; 쵘; 쵘; 쵘; 쵘; ) HANGUL SYLLABLE CWAEK +CD59;CD59;110E 116B 11C0;CD59;110E 116B 11C0; # (ìµ™; ìµ™; 쵙; ìµ™; 쵙; ) HANGUL SYLLABLE CWAET +CD5A;CD5A;110E 116B 11C1;CD5A;110E 116B 11C1; # (쵚; 쵚; á„Žá…«á‡; 쵚; á„Žá…«á‡; ) HANGUL SYLLABLE CWAEP +CD5B;CD5B;110E 116B 11C2;CD5B;110E 116B 11C2; # (ìµ›; ìµ›; 쵛; ìµ›; 쵛; ) HANGUL SYLLABLE CWAEH +CD5C;CD5C;110E 116C;CD5C;110E 116C; # (최; 최; á„Žá…¬; 최; á„Žá…¬; ) HANGUL SYLLABLE COE +CD5D;CD5D;110E 116C 11A8;CD5D;110E 116C 11A8; # (ìµ; ìµ; 쵝; ìµ; 쵝; ) HANGUL SYLLABLE COEG +CD5E;CD5E;110E 116C 11A9;CD5E;110E 116C 11A9; # (쵞; 쵞; 쵞; 쵞; 쵞; ) HANGUL SYLLABLE COEGG +CD5F;CD5F;110E 116C 11AA;CD5F;110E 116C 11AA; # (쵟; 쵟; 쵟; 쵟; 쵟; ) HANGUL SYLLABLE COEGS +CD60;CD60;110E 116C 11AB;CD60;110E 116C 11AB; # (ìµ ; ìµ ; 쵠; ìµ ; 쵠; ) HANGUL SYLLABLE COEN +CD61;CD61;110E 116C 11AC;CD61;110E 116C 11AC; # (쵡; 쵡; 쵡; 쵡; 쵡; ) HANGUL SYLLABLE COENJ +CD62;CD62;110E 116C 11AD;CD62;110E 116C 11AD; # (ìµ¢; ìµ¢; 쵢; ìµ¢; 쵢; ) HANGUL SYLLABLE COENH +CD63;CD63;110E 116C 11AE;CD63;110E 116C 11AE; # (ìµ£; ìµ£; 쵣; ìµ£; 쵣; ) HANGUL SYLLABLE COED +CD64;CD64;110E 116C 11AF;CD64;110E 116C 11AF; # (쵤; 쵤; 쵤; 쵤; 쵤; ) HANGUL SYLLABLE COEL +CD65;CD65;110E 116C 11B0;CD65;110E 116C 11B0; # (ìµ¥; ìµ¥; 쵥; ìµ¥; 쵥; ) HANGUL SYLLABLE COELG +CD66;CD66;110E 116C 11B1;CD66;110E 116C 11B1; # (쵦; 쵦; 쵦; 쵦; 쵦; ) HANGUL SYLLABLE COELM +CD67;CD67;110E 116C 11B2;CD67;110E 116C 11B2; # (쵧; 쵧; 쵧; 쵧; 쵧; ) HANGUL SYLLABLE COELB +CD68;CD68;110E 116C 11B3;CD68;110E 116C 11B3; # (쵨; 쵨; 쵨; 쵨; 쵨; ) HANGUL SYLLABLE COELS +CD69;CD69;110E 116C 11B4;CD69;110E 116C 11B4; # (쵩; 쵩; 쵩; 쵩; 쵩; ) HANGUL SYLLABLE COELT +CD6A;CD6A;110E 116C 11B5;CD6A;110E 116C 11B5; # (쵪; 쵪; 쵪; 쵪; 쵪; ) HANGUL SYLLABLE COELP +CD6B;CD6B;110E 116C 11B6;CD6B;110E 116C 11B6; # (쵫; 쵫; 쵫; 쵫; 쵫; ) HANGUL SYLLABLE COELH +CD6C;CD6C;110E 116C 11B7;CD6C;110E 116C 11B7; # (쵬; 쵬; 쵬; 쵬; 쵬; ) HANGUL SYLLABLE COEM +CD6D;CD6D;110E 116C 11B8;CD6D;110E 116C 11B8; # (ìµ­; ìµ­; 쵭; ìµ­; 쵭; ) HANGUL SYLLABLE COEB +CD6E;CD6E;110E 116C 11B9;CD6E;110E 116C 11B9; # (ìµ®; ìµ®; 쵮; ìµ®; 쵮; ) HANGUL SYLLABLE COEBS +CD6F;CD6F;110E 116C 11BA;CD6F;110E 116C 11BA; # (쵯; 쵯; 쵯; 쵯; 쵯; ) HANGUL SYLLABLE COES +CD70;CD70;110E 116C 11BB;CD70;110E 116C 11BB; # (ìµ°; ìµ°; 쵰; ìµ°; 쵰; ) HANGUL SYLLABLE COESS +CD71;CD71;110E 116C 11BC;CD71;110E 116C 11BC; # (ìµ±; ìµ±; 쵱; ìµ±; 쵱; ) HANGUL SYLLABLE COENG +CD72;CD72;110E 116C 11BD;CD72;110E 116C 11BD; # (ìµ²; ìµ²; 쵲; ìµ²; 쵲; ) HANGUL SYLLABLE COEJ +CD73;CD73;110E 116C 11BE;CD73;110E 116C 11BE; # (ìµ³; ìµ³; 쵳; ìµ³; 쵳; ) HANGUL SYLLABLE COEC +CD74;CD74;110E 116C 11BF;CD74;110E 116C 11BF; # (ìµ´; ìµ´; 쵴; ìµ´; 쵴; ) HANGUL SYLLABLE COEK +CD75;CD75;110E 116C 11C0;CD75;110E 116C 11C0; # (ìµµ; ìµµ; 쵵; ìµµ; 쵵; ) HANGUL SYLLABLE COET +CD76;CD76;110E 116C 11C1;CD76;110E 116C 11C1; # (쵶; 쵶; á„Žá…¬á‡; 쵶; á„Žá…¬á‡; ) HANGUL SYLLABLE COEP +CD77;CD77;110E 116C 11C2;CD77;110E 116C 11C2; # (ìµ·; ìµ·; 쵷; ìµ·; 쵷; ) HANGUL SYLLABLE COEH +CD78;CD78;110E 116D;CD78;110E 116D; # (쵸; 쵸; á„Žá…­; 쵸; á„Žá…­; ) HANGUL SYLLABLE CYO +CD79;CD79;110E 116D 11A8;CD79;110E 116D 11A8; # (ìµ¹; ìµ¹; 쵹; ìµ¹; 쵹; ) HANGUL SYLLABLE CYOG +CD7A;CD7A;110E 116D 11A9;CD7A;110E 116D 11A9; # (쵺; 쵺; 쵺; 쵺; 쵺; ) HANGUL SYLLABLE CYOGG +CD7B;CD7B;110E 116D 11AA;CD7B;110E 116D 11AA; # (ìµ»; ìµ»; 쵻; ìµ»; 쵻; ) HANGUL SYLLABLE CYOGS +CD7C;CD7C;110E 116D 11AB;CD7C;110E 116D 11AB; # (ìµ¼; ìµ¼; 쵼; ìµ¼; 쵼; ) HANGUL SYLLABLE CYON +CD7D;CD7D;110E 116D 11AC;CD7D;110E 116D 11AC; # (ìµ½; ìµ½; 쵽; ìµ½; 쵽; ) HANGUL SYLLABLE CYONJ +CD7E;CD7E;110E 116D 11AD;CD7E;110E 116D 11AD; # (ìµ¾; ìµ¾; 쵾; ìµ¾; 쵾; ) HANGUL SYLLABLE CYONH +CD7F;CD7F;110E 116D 11AE;CD7F;110E 116D 11AE; # (쵿; 쵿; 쵿; 쵿; 쵿; ) HANGUL SYLLABLE CYOD +CD80;CD80;110E 116D 11AF;CD80;110E 116D 11AF; # (춀; 춀; 춀; 춀; 춀; ) HANGUL SYLLABLE CYOL +CD81;CD81;110E 116D 11B0;CD81;110E 116D 11B0; # (ì¶; ì¶; 춁; ì¶; 춁; ) HANGUL SYLLABLE CYOLG +CD82;CD82;110E 116D 11B1;CD82;110E 116D 11B1; # (춂; 춂; 춂; 춂; 춂; ) HANGUL SYLLABLE CYOLM +CD83;CD83;110E 116D 11B2;CD83;110E 116D 11B2; # (춃; 춃; 춃; 춃; 춃; ) HANGUL SYLLABLE CYOLB +CD84;CD84;110E 116D 11B3;CD84;110E 116D 11B3; # (춄; 춄; 춄; 춄; 춄; ) HANGUL SYLLABLE CYOLS +CD85;CD85;110E 116D 11B4;CD85;110E 116D 11B4; # (춅; 춅; 춅; 춅; 춅; ) HANGUL SYLLABLE CYOLT +CD86;CD86;110E 116D 11B5;CD86;110E 116D 11B5; # (춆; 춆; 춆; 춆; 춆; ) HANGUL SYLLABLE CYOLP +CD87;CD87;110E 116D 11B6;CD87;110E 116D 11B6; # (춇; 춇; 춇; 춇; 춇; ) HANGUL SYLLABLE CYOLH +CD88;CD88;110E 116D 11B7;CD88;110E 116D 11B7; # (춈; 춈; 춈; 춈; 춈; ) HANGUL SYLLABLE CYOM +CD89;CD89;110E 116D 11B8;CD89;110E 116D 11B8; # (춉; 춉; 춉; 춉; 춉; ) HANGUL SYLLABLE CYOB +CD8A;CD8A;110E 116D 11B9;CD8A;110E 116D 11B9; # (춊; 춊; 춊; 춊; 춊; ) HANGUL SYLLABLE CYOBS +CD8B;CD8B;110E 116D 11BA;CD8B;110E 116D 11BA; # (춋; 춋; 춋; 춋; 춋; ) HANGUL SYLLABLE CYOS +CD8C;CD8C;110E 116D 11BB;CD8C;110E 116D 11BB; # (춌; 춌; 춌; 춌; 춌; ) HANGUL SYLLABLE CYOSS +CD8D;CD8D;110E 116D 11BC;CD8D;110E 116D 11BC; # (ì¶; ì¶; 춍; ì¶; 춍; ) HANGUL SYLLABLE CYONG +CD8E;CD8E;110E 116D 11BD;CD8E;110E 116D 11BD; # (춎; 춎; 춎; 춎; 춎; ) HANGUL SYLLABLE CYOJ +CD8F;CD8F;110E 116D 11BE;CD8F;110E 116D 11BE; # (ì¶; ì¶; 춏; ì¶; 춏; ) HANGUL SYLLABLE CYOC +CD90;CD90;110E 116D 11BF;CD90;110E 116D 11BF; # (ì¶; ì¶; 춐; ì¶; 춐; ) HANGUL SYLLABLE CYOK +CD91;CD91;110E 116D 11C0;CD91;110E 116D 11C0; # (춑; 춑; 춑; 춑; 춑; ) HANGUL SYLLABLE CYOT +CD92;CD92;110E 116D 11C1;CD92;110E 116D 11C1; # (춒; 춒; á„Žá…­á‡; 춒; á„Žá…­á‡; ) HANGUL SYLLABLE CYOP +CD93;CD93;110E 116D 11C2;CD93;110E 116D 11C2; # (춓; 춓; 춓; 춓; 춓; ) HANGUL SYLLABLE CYOH +CD94;CD94;110E 116E;CD94;110E 116E; # (추; 추; á„Žá…®; 추; á„Žá…®; ) HANGUL SYLLABLE CU +CD95;CD95;110E 116E 11A8;CD95;110E 116E 11A8; # (축; 축; 축; 축; 축; ) HANGUL SYLLABLE CUG +CD96;CD96;110E 116E 11A9;CD96;110E 116E 11A9; # (춖; 춖; 춖; 춖; 춖; ) HANGUL SYLLABLE CUGG +CD97;CD97;110E 116E 11AA;CD97;110E 116E 11AA; # (춗; 춗; 춗; 춗; 춗; ) HANGUL SYLLABLE CUGS +CD98;CD98;110E 116E 11AB;CD98;110E 116E 11AB; # (춘; 춘; 춘; 춘; 춘; ) HANGUL SYLLABLE CUN +CD99;CD99;110E 116E 11AC;CD99;110E 116E 11AC; # (춙; 춙; 춙; 춙; 춙; ) HANGUL SYLLABLE CUNJ +CD9A;CD9A;110E 116E 11AD;CD9A;110E 116E 11AD; # (춚; 춚; 춚; 춚; 춚; ) HANGUL SYLLABLE CUNH +CD9B;CD9B;110E 116E 11AE;CD9B;110E 116E 11AE; # (춛; 춛; 춛; 춛; 춛; ) HANGUL SYLLABLE CUD +CD9C;CD9C;110E 116E 11AF;CD9C;110E 116E 11AF; # (출; 출; 출; 출; 출; ) HANGUL SYLLABLE CUL +CD9D;CD9D;110E 116E 11B0;CD9D;110E 116E 11B0; # (ì¶; ì¶; 춝; ì¶; 춝; ) HANGUL SYLLABLE CULG +CD9E;CD9E;110E 116E 11B1;CD9E;110E 116E 11B1; # (춞; 춞; 춞; 춞; 춞; ) HANGUL SYLLABLE CULM +CD9F;CD9F;110E 116E 11B2;CD9F;110E 116E 11B2; # (춟; 춟; 춟; 춟; 춟; ) HANGUL SYLLABLE CULB +CDA0;CDA0;110E 116E 11B3;CDA0;110E 116E 11B3; # (춠; 춠; 춠; 춠; 춠; ) HANGUL SYLLABLE CULS +CDA1;CDA1;110E 116E 11B4;CDA1;110E 116E 11B4; # (춡; 춡; 춡; 춡; 춡; ) HANGUL SYLLABLE CULT +CDA2;CDA2;110E 116E 11B5;CDA2;110E 116E 11B5; # (춢; 춢; 춢; 춢; 춢; ) HANGUL SYLLABLE CULP +CDA3;CDA3;110E 116E 11B6;CDA3;110E 116E 11B6; # (춣; 춣; 춣; 춣; 춣; ) HANGUL SYLLABLE CULH +CDA4;CDA4;110E 116E 11B7;CDA4;110E 116E 11B7; # (춤; 춤; 춤; 춤; 춤; ) HANGUL SYLLABLE CUM +CDA5;CDA5;110E 116E 11B8;CDA5;110E 116E 11B8; # (춥; 춥; 춥; 춥; 춥; ) HANGUL SYLLABLE CUB +CDA6;CDA6;110E 116E 11B9;CDA6;110E 116E 11B9; # (춦; 춦; 춦; 춦; 춦; ) HANGUL SYLLABLE CUBS +CDA7;CDA7;110E 116E 11BA;CDA7;110E 116E 11BA; # (춧; 춧; 춧; 춧; 춧; ) HANGUL SYLLABLE CUS +CDA8;CDA8;110E 116E 11BB;CDA8;110E 116E 11BB; # (춨; 춨; 춨; 춨; 춨; ) HANGUL SYLLABLE CUSS +CDA9;CDA9;110E 116E 11BC;CDA9;110E 116E 11BC; # (충; 충; 충; 충; 충; ) HANGUL SYLLABLE CUNG +CDAA;CDAA;110E 116E 11BD;CDAA;110E 116E 11BD; # (춪; 춪; 춪; 춪; 춪; ) HANGUL SYLLABLE CUJ +CDAB;CDAB;110E 116E 11BE;CDAB;110E 116E 11BE; # (춫; 춫; 춫; 춫; 춫; ) HANGUL SYLLABLE CUC +CDAC;CDAC;110E 116E 11BF;CDAC;110E 116E 11BF; # (춬; 춬; 춬; 춬; 춬; ) HANGUL SYLLABLE CUK +CDAD;CDAD;110E 116E 11C0;CDAD;110E 116E 11C0; # (춭; 춭; 춭; 춭; 춭; ) HANGUL SYLLABLE CUT +CDAE;CDAE;110E 116E 11C1;CDAE;110E 116E 11C1; # (춮; 춮; á„Žá…®á‡; 춮; á„Žá…®á‡; ) HANGUL SYLLABLE CUP +CDAF;CDAF;110E 116E 11C2;CDAF;110E 116E 11C2; # (춯; 춯; 춯; 춯; 춯; ) HANGUL SYLLABLE CUH +CDB0;CDB0;110E 116F;CDB0;110E 116F; # (춰; 춰; á„Žá…¯; 춰; á„Žá…¯; ) HANGUL SYLLABLE CWEO +CDB1;CDB1;110E 116F 11A8;CDB1;110E 116F 11A8; # (춱; 춱; 춱; 춱; 춱; ) HANGUL SYLLABLE CWEOG +CDB2;CDB2;110E 116F 11A9;CDB2;110E 116F 11A9; # (춲; 춲; 춲; 춲; 춲; ) HANGUL SYLLABLE CWEOGG +CDB3;CDB3;110E 116F 11AA;CDB3;110E 116F 11AA; # (춳; 춳; 춳; 춳; 춳; ) HANGUL SYLLABLE CWEOGS +CDB4;CDB4;110E 116F 11AB;CDB4;110E 116F 11AB; # (춴; 춴; 춴; 춴; 춴; ) HANGUL SYLLABLE CWEON +CDB5;CDB5;110E 116F 11AC;CDB5;110E 116F 11AC; # (춵; 춵; 춵; 춵; 춵; ) HANGUL SYLLABLE CWEONJ +CDB6;CDB6;110E 116F 11AD;CDB6;110E 116F 11AD; # (춶; 춶; 춶; 춶; 춶; ) HANGUL SYLLABLE CWEONH +CDB7;CDB7;110E 116F 11AE;CDB7;110E 116F 11AE; # (춷; 춷; 춷; 춷; 춷; ) HANGUL SYLLABLE CWEOD +CDB8;CDB8;110E 116F 11AF;CDB8;110E 116F 11AF; # (춸; 춸; 춸; 춸; 춸; ) HANGUL SYLLABLE CWEOL +CDB9;CDB9;110E 116F 11B0;CDB9;110E 116F 11B0; # (춹; 춹; 춹; 춹; 춹; ) HANGUL SYLLABLE CWEOLG +CDBA;CDBA;110E 116F 11B1;CDBA;110E 116F 11B1; # (춺; 춺; 춺; 춺; 춺; ) HANGUL SYLLABLE CWEOLM +CDBB;CDBB;110E 116F 11B2;CDBB;110E 116F 11B2; # (춻; 춻; 춻; 춻; 춻; ) HANGUL SYLLABLE CWEOLB +CDBC;CDBC;110E 116F 11B3;CDBC;110E 116F 11B3; # (춼; 춼; 춼; 춼; 춼; ) HANGUL SYLLABLE CWEOLS +CDBD;CDBD;110E 116F 11B4;CDBD;110E 116F 11B4; # (춽; 춽; 춽; 춽; 춽; ) HANGUL SYLLABLE CWEOLT +CDBE;CDBE;110E 116F 11B5;CDBE;110E 116F 11B5; # (춾; 춾; 춾; 춾; 춾; ) HANGUL SYLLABLE CWEOLP +CDBF;CDBF;110E 116F 11B6;CDBF;110E 116F 11B6; # (춿; 춿; 춿; 춿; 춿; ) HANGUL SYLLABLE CWEOLH +CDC0;CDC0;110E 116F 11B7;CDC0;110E 116F 11B7; # (ì·€; ì·€; 췀; ì·€; 췀; ) HANGUL SYLLABLE CWEOM +CDC1;CDC1;110E 116F 11B8;CDC1;110E 116F 11B8; # (ì·; ì·; 췁; ì·; 췁; ) HANGUL SYLLABLE CWEOB +CDC2;CDC2;110E 116F 11B9;CDC2;110E 116F 11B9; # (ì·‚; ì·‚; 췂; ì·‚; 췂; ) HANGUL SYLLABLE CWEOBS +CDC3;CDC3;110E 116F 11BA;CDC3;110E 116F 11BA; # (ì·ƒ; ì·ƒ; 췃; ì·ƒ; 췃; ) HANGUL SYLLABLE CWEOS +CDC4;CDC4;110E 116F 11BB;CDC4;110E 116F 11BB; # (ì·„; ì·„; 췄; ì·„; 췄; ) HANGUL SYLLABLE CWEOSS +CDC5;CDC5;110E 116F 11BC;CDC5;110E 116F 11BC; # (ì·…; ì·…; 췅; ì·…; 췅; ) HANGUL SYLLABLE CWEONG +CDC6;CDC6;110E 116F 11BD;CDC6;110E 116F 11BD; # (ì·†; ì·†; 췆; ì·†; 췆; ) HANGUL SYLLABLE CWEOJ +CDC7;CDC7;110E 116F 11BE;CDC7;110E 116F 11BE; # (ì·‡; ì·‡; 췇; ì·‡; 췇; ) HANGUL SYLLABLE CWEOC +CDC8;CDC8;110E 116F 11BF;CDC8;110E 116F 11BF; # (ì·ˆ; ì·ˆ; 췈; ì·ˆ; 췈; ) HANGUL SYLLABLE CWEOK +CDC9;CDC9;110E 116F 11C0;CDC9;110E 116F 11C0; # (ì·‰; ì·‰; 췉; ì·‰; 췉; ) HANGUL SYLLABLE CWEOT +CDCA;CDCA;110E 116F 11C1;CDCA;110E 116F 11C1; # (ì·Š; ì·Š; á„Žá…¯á‡; ì·Š; á„Žá…¯á‡; ) HANGUL SYLLABLE CWEOP +CDCB;CDCB;110E 116F 11C2;CDCB;110E 116F 11C2; # (ì·‹; ì·‹; 췋; ì·‹; 췋; ) HANGUL SYLLABLE CWEOH +CDCC;CDCC;110E 1170;CDCC;110E 1170; # (ì·Œ; ì·Œ; á„Žá…°; ì·Œ; á„Žá…°; ) HANGUL SYLLABLE CWE +CDCD;CDCD;110E 1170 11A8;CDCD;110E 1170 11A8; # (ì·; ì·; 췍; ì·; 췍; ) HANGUL SYLLABLE CWEG +CDCE;CDCE;110E 1170 11A9;CDCE;110E 1170 11A9; # (ì·Ž; ì·Ž; 췎; ì·Ž; 췎; ) HANGUL SYLLABLE CWEGG +CDCF;CDCF;110E 1170 11AA;CDCF;110E 1170 11AA; # (ì·; ì·; 췏; ì·; 췏; ) HANGUL SYLLABLE CWEGS +CDD0;CDD0;110E 1170 11AB;CDD0;110E 1170 11AB; # (ì·; ì·; 췐; ì·; 췐; ) HANGUL SYLLABLE CWEN +CDD1;CDD1;110E 1170 11AC;CDD1;110E 1170 11AC; # (ì·‘; ì·‘; 췑; ì·‘; 췑; ) HANGUL SYLLABLE CWENJ +CDD2;CDD2;110E 1170 11AD;CDD2;110E 1170 11AD; # (ì·’; ì·’; 췒; ì·’; 췒; ) HANGUL SYLLABLE CWENH +CDD3;CDD3;110E 1170 11AE;CDD3;110E 1170 11AE; # (ì·“; ì·“; 췓; ì·“; 췓; ) HANGUL SYLLABLE CWED +CDD4;CDD4;110E 1170 11AF;CDD4;110E 1170 11AF; # (ì·”; ì·”; 췔; ì·”; 췔; ) HANGUL SYLLABLE CWEL +CDD5;CDD5;110E 1170 11B0;CDD5;110E 1170 11B0; # (ì·•; ì·•; 췕; ì·•; 췕; ) HANGUL SYLLABLE CWELG +CDD6;CDD6;110E 1170 11B1;CDD6;110E 1170 11B1; # (ì·–; ì·–; 췖; ì·–; 췖; ) HANGUL SYLLABLE CWELM +CDD7;CDD7;110E 1170 11B2;CDD7;110E 1170 11B2; # (ì·—; ì·—; 췗; ì·—; 췗; ) HANGUL SYLLABLE CWELB +CDD8;CDD8;110E 1170 11B3;CDD8;110E 1170 11B3; # (ì·˜; ì·˜; 췘; ì·˜; 췘; ) HANGUL SYLLABLE CWELS +CDD9;CDD9;110E 1170 11B4;CDD9;110E 1170 11B4; # (ì·™; ì·™; 췙; ì·™; 췙; ) HANGUL SYLLABLE CWELT +CDDA;CDDA;110E 1170 11B5;CDDA;110E 1170 11B5; # (ì·š; ì·š; 췚; ì·š; 췚; ) HANGUL SYLLABLE CWELP +CDDB;CDDB;110E 1170 11B6;CDDB;110E 1170 11B6; # (ì·›; ì·›; 췛; ì·›; 췛; ) HANGUL SYLLABLE CWELH +CDDC;CDDC;110E 1170 11B7;CDDC;110E 1170 11B7; # (ì·œ; ì·œ; 췜; ì·œ; 췜; ) HANGUL SYLLABLE CWEM +CDDD;CDDD;110E 1170 11B8;CDDD;110E 1170 11B8; # (ì·; ì·; 췝; ì·; 췝; ) HANGUL SYLLABLE CWEB +CDDE;CDDE;110E 1170 11B9;CDDE;110E 1170 11B9; # (ì·ž; ì·ž; 췞; ì·ž; 췞; ) HANGUL SYLLABLE CWEBS +CDDF;CDDF;110E 1170 11BA;CDDF;110E 1170 11BA; # (ì·Ÿ; ì·Ÿ; 췟; ì·Ÿ; 췟; ) HANGUL SYLLABLE CWES +CDE0;CDE0;110E 1170 11BB;CDE0;110E 1170 11BB; # (ì· ; ì· ; 췠; ì· ; 췠; ) HANGUL SYLLABLE CWESS +CDE1;CDE1;110E 1170 11BC;CDE1;110E 1170 11BC; # (ì·¡; ì·¡; 췡; ì·¡; 췡; ) HANGUL SYLLABLE CWENG +CDE2;CDE2;110E 1170 11BD;CDE2;110E 1170 11BD; # (ì·¢; ì·¢; 췢; ì·¢; 췢; ) HANGUL SYLLABLE CWEJ +CDE3;CDE3;110E 1170 11BE;CDE3;110E 1170 11BE; # (ì·£; ì·£; 췣; ì·£; 췣; ) HANGUL SYLLABLE CWEC +CDE4;CDE4;110E 1170 11BF;CDE4;110E 1170 11BF; # (ì·¤; ì·¤; 췤; ì·¤; 췤; ) HANGUL SYLLABLE CWEK +CDE5;CDE5;110E 1170 11C0;CDE5;110E 1170 11C0; # (ì·¥; ì·¥; 췥; ì·¥; 췥; ) HANGUL SYLLABLE CWET +CDE6;CDE6;110E 1170 11C1;CDE6;110E 1170 11C1; # (ì·¦; ì·¦; á„Žá…°á‡; ì·¦; á„Žá…°á‡; ) HANGUL SYLLABLE CWEP +CDE7;CDE7;110E 1170 11C2;CDE7;110E 1170 11C2; # (ì·§; ì·§; 췧; ì·§; 췧; ) HANGUL SYLLABLE CWEH +CDE8;CDE8;110E 1171;CDE8;110E 1171; # (ì·¨; ì·¨; á„Žá…±; ì·¨; á„Žá…±; ) HANGUL SYLLABLE CWI +CDE9;CDE9;110E 1171 11A8;CDE9;110E 1171 11A8; # (ì·©; ì·©; 췩; ì·©; 췩; ) HANGUL SYLLABLE CWIG +CDEA;CDEA;110E 1171 11A9;CDEA;110E 1171 11A9; # (ì·ª; ì·ª; 췪; ì·ª; 췪; ) HANGUL SYLLABLE CWIGG +CDEB;CDEB;110E 1171 11AA;CDEB;110E 1171 11AA; # (ì·«; ì·«; 췫; ì·«; 췫; ) HANGUL SYLLABLE CWIGS +CDEC;CDEC;110E 1171 11AB;CDEC;110E 1171 11AB; # (ì·¬; ì·¬; 췬; ì·¬; 췬; ) HANGUL SYLLABLE CWIN +CDED;CDED;110E 1171 11AC;CDED;110E 1171 11AC; # (ì·­; ì·­; 췭; ì·­; 췭; ) HANGUL SYLLABLE CWINJ +CDEE;CDEE;110E 1171 11AD;CDEE;110E 1171 11AD; # (ì·®; ì·®; 췮; ì·®; 췮; ) HANGUL SYLLABLE CWINH +CDEF;CDEF;110E 1171 11AE;CDEF;110E 1171 11AE; # (ì·¯; ì·¯; 췯; ì·¯; 췯; ) HANGUL SYLLABLE CWID +CDF0;CDF0;110E 1171 11AF;CDF0;110E 1171 11AF; # (ì·°; ì·°; 췰; ì·°; 췰; ) HANGUL SYLLABLE CWIL +CDF1;CDF1;110E 1171 11B0;CDF1;110E 1171 11B0; # (ì·±; ì·±; 췱; ì·±; 췱; ) HANGUL SYLLABLE CWILG +CDF2;CDF2;110E 1171 11B1;CDF2;110E 1171 11B1; # (ì·²; ì·²; 췲; ì·²; 췲; ) HANGUL SYLLABLE CWILM +CDF3;CDF3;110E 1171 11B2;CDF3;110E 1171 11B2; # (ì·³; ì·³; 췳; ì·³; 췳; ) HANGUL SYLLABLE CWILB +CDF4;CDF4;110E 1171 11B3;CDF4;110E 1171 11B3; # (ì·´; ì·´; 췴; ì·´; 췴; ) HANGUL SYLLABLE CWILS +CDF5;CDF5;110E 1171 11B4;CDF5;110E 1171 11B4; # (ì·µ; ì·µ; 췵; ì·µ; 췵; ) HANGUL SYLLABLE CWILT +CDF6;CDF6;110E 1171 11B5;CDF6;110E 1171 11B5; # (ì·¶; ì·¶; 췶; ì·¶; 췶; ) HANGUL SYLLABLE CWILP +CDF7;CDF7;110E 1171 11B6;CDF7;110E 1171 11B6; # (ì··; ì··; 췷; ì··; 췷; ) HANGUL SYLLABLE CWILH +CDF8;CDF8;110E 1171 11B7;CDF8;110E 1171 11B7; # (ì·¸; ì·¸; 췸; ì·¸; 췸; ) HANGUL SYLLABLE CWIM +CDF9;CDF9;110E 1171 11B8;CDF9;110E 1171 11B8; # (ì·¹; ì·¹; 췹; ì·¹; 췹; ) HANGUL SYLLABLE CWIB +CDFA;CDFA;110E 1171 11B9;CDFA;110E 1171 11B9; # (ì·º; ì·º; 췺; ì·º; 췺; ) HANGUL SYLLABLE CWIBS +CDFB;CDFB;110E 1171 11BA;CDFB;110E 1171 11BA; # (ì·»; ì·»; 췻; ì·»; 췻; ) HANGUL SYLLABLE CWIS +CDFC;CDFC;110E 1171 11BB;CDFC;110E 1171 11BB; # (ì·¼; ì·¼; 췼; ì·¼; 췼; ) HANGUL SYLLABLE CWISS +CDFD;CDFD;110E 1171 11BC;CDFD;110E 1171 11BC; # (ì·½; ì·½; 췽; ì·½; 췽; ) HANGUL SYLLABLE CWING +CDFE;CDFE;110E 1171 11BD;CDFE;110E 1171 11BD; # (ì·¾; ì·¾; 췾; ì·¾; 췾; ) HANGUL SYLLABLE CWIJ +CDFF;CDFF;110E 1171 11BE;CDFF;110E 1171 11BE; # (ì·¿; ì·¿; 췿; ì·¿; 췿; ) HANGUL SYLLABLE CWIC +CE00;CE00;110E 1171 11BF;CE00;110E 1171 11BF; # (츀; 츀; 츀; 츀; 츀; ) HANGUL SYLLABLE CWIK +CE01;CE01;110E 1171 11C0;CE01;110E 1171 11C0; # (ì¸; ì¸; 츁; ì¸; 츁; ) HANGUL SYLLABLE CWIT +CE02;CE02;110E 1171 11C1;CE02;110E 1171 11C1; # (츂; 츂; á„Žá…±á‡; 츂; á„Žá…±á‡; ) HANGUL SYLLABLE CWIP +CE03;CE03;110E 1171 11C2;CE03;110E 1171 11C2; # (츃; 츃; 츃; 츃; 츃; ) HANGUL SYLLABLE CWIH +CE04;CE04;110E 1172;CE04;110E 1172; # (츄; 츄; á„Žá…²; 츄; á„Žá…²; ) HANGUL SYLLABLE CYU +CE05;CE05;110E 1172 11A8;CE05;110E 1172 11A8; # (츅; 츅; 츅; 츅; 츅; ) HANGUL SYLLABLE CYUG +CE06;CE06;110E 1172 11A9;CE06;110E 1172 11A9; # (츆; 츆; 츆; 츆; 츆; ) HANGUL SYLLABLE CYUGG +CE07;CE07;110E 1172 11AA;CE07;110E 1172 11AA; # (츇; 츇; 츇; 츇; 츇; ) HANGUL SYLLABLE CYUGS +CE08;CE08;110E 1172 11AB;CE08;110E 1172 11AB; # (츈; 츈; 츈; 츈; 츈; ) HANGUL SYLLABLE CYUN +CE09;CE09;110E 1172 11AC;CE09;110E 1172 11AC; # (츉; 츉; 츉; 츉; 츉; ) HANGUL SYLLABLE CYUNJ +CE0A;CE0A;110E 1172 11AD;CE0A;110E 1172 11AD; # (츊; 츊; 츊; 츊; 츊; ) HANGUL SYLLABLE CYUNH +CE0B;CE0B;110E 1172 11AE;CE0B;110E 1172 11AE; # (츋; 츋; 츋; 츋; 츋; ) HANGUL SYLLABLE CYUD +CE0C;CE0C;110E 1172 11AF;CE0C;110E 1172 11AF; # (츌; 츌; 츌; 츌; 츌; ) HANGUL SYLLABLE CYUL +CE0D;CE0D;110E 1172 11B0;CE0D;110E 1172 11B0; # (ì¸; ì¸; 츍; ì¸; 츍; ) HANGUL SYLLABLE CYULG +CE0E;CE0E;110E 1172 11B1;CE0E;110E 1172 11B1; # (츎; 츎; 츎; 츎; 츎; ) HANGUL SYLLABLE CYULM +CE0F;CE0F;110E 1172 11B2;CE0F;110E 1172 11B2; # (ì¸; ì¸; 츏; ì¸; 츏; ) HANGUL SYLLABLE CYULB +CE10;CE10;110E 1172 11B3;CE10;110E 1172 11B3; # (ì¸; ì¸; 츐; ì¸; 츐; ) HANGUL SYLLABLE CYULS +CE11;CE11;110E 1172 11B4;CE11;110E 1172 11B4; # (츑; 츑; 츑; 츑; 츑; ) HANGUL SYLLABLE CYULT +CE12;CE12;110E 1172 11B5;CE12;110E 1172 11B5; # (츒; 츒; 츒; 츒; 츒; ) HANGUL SYLLABLE CYULP +CE13;CE13;110E 1172 11B6;CE13;110E 1172 11B6; # (츓; 츓; 츓; 츓; 츓; ) HANGUL SYLLABLE CYULH +CE14;CE14;110E 1172 11B7;CE14;110E 1172 11B7; # (츔; 츔; 츔; 츔; 츔; ) HANGUL SYLLABLE CYUM +CE15;CE15;110E 1172 11B8;CE15;110E 1172 11B8; # (츕; 츕; 츕; 츕; 츕; ) HANGUL SYLLABLE CYUB +CE16;CE16;110E 1172 11B9;CE16;110E 1172 11B9; # (츖; 츖; 츖; 츖; 츖; ) HANGUL SYLLABLE CYUBS +CE17;CE17;110E 1172 11BA;CE17;110E 1172 11BA; # (츗; 츗; 츗; 츗; 츗; ) HANGUL SYLLABLE CYUS +CE18;CE18;110E 1172 11BB;CE18;110E 1172 11BB; # (츘; 츘; 츘; 츘; 츘; ) HANGUL SYLLABLE CYUSS +CE19;CE19;110E 1172 11BC;CE19;110E 1172 11BC; # (츙; 츙; 츙; 츙; 츙; ) HANGUL SYLLABLE CYUNG +CE1A;CE1A;110E 1172 11BD;CE1A;110E 1172 11BD; # (츚; 츚; 츚; 츚; 츚; ) HANGUL SYLLABLE CYUJ +CE1B;CE1B;110E 1172 11BE;CE1B;110E 1172 11BE; # (츛; 츛; 츛; 츛; 츛; ) HANGUL SYLLABLE CYUC +CE1C;CE1C;110E 1172 11BF;CE1C;110E 1172 11BF; # (츜; 츜; 츜; 츜; 츜; ) HANGUL SYLLABLE CYUK +CE1D;CE1D;110E 1172 11C0;CE1D;110E 1172 11C0; # (ì¸; ì¸; 츝; ì¸; 츝; ) HANGUL SYLLABLE CYUT +CE1E;CE1E;110E 1172 11C1;CE1E;110E 1172 11C1; # (츞; 츞; á„Žá…²á‡; 츞; á„Žá…²á‡; ) HANGUL SYLLABLE CYUP +CE1F;CE1F;110E 1172 11C2;CE1F;110E 1172 11C2; # (츟; 츟; 츟; 츟; 츟; ) HANGUL SYLLABLE CYUH +CE20;CE20;110E 1173;CE20;110E 1173; # (츠; 츠; á„Žá…³; 츠; á„Žá…³; ) HANGUL SYLLABLE CEU +CE21;CE21;110E 1173 11A8;CE21;110E 1173 11A8; # (측; 측; 측; 측; 측; ) HANGUL SYLLABLE CEUG +CE22;CE22;110E 1173 11A9;CE22;110E 1173 11A9; # (츢; 츢; 츢; 츢; 츢; ) HANGUL SYLLABLE CEUGG +CE23;CE23;110E 1173 11AA;CE23;110E 1173 11AA; # (츣; 츣; 츣; 츣; 츣; ) HANGUL SYLLABLE CEUGS +CE24;CE24;110E 1173 11AB;CE24;110E 1173 11AB; # (츤; 츤; 츤; 츤; 츤; ) HANGUL SYLLABLE CEUN +CE25;CE25;110E 1173 11AC;CE25;110E 1173 11AC; # (츥; 츥; 츥; 츥; 츥; ) HANGUL SYLLABLE CEUNJ +CE26;CE26;110E 1173 11AD;CE26;110E 1173 11AD; # (츦; 츦; 츦; 츦; 츦; ) HANGUL SYLLABLE CEUNH +CE27;CE27;110E 1173 11AE;CE27;110E 1173 11AE; # (츧; 츧; 츧; 츧; 츧; ) HANGUL SYLLABLE CEUD +CE28;CE28;110E 1173 11AF;CE28;110E 1173 11AF; # (츨; 츨; 츨; 츨; 츨; ) HANGUL SYLLABLE CEUL +CE29;CE29;110E 1173 11B0;CE29;110E 1173 11B0; # (츩; 츩; 츩; 츩; 츩; ) HANGUL SYLLABLE CEULG +CE2A;CE2A;110E 1173 11B1;CE2A;110E 1173 11B1; # (츪; 츪; 츪; 츪; 츪; ) HANGUL SYLLABLE CEULM +CE2B;CE2B;110E 1173 11B2;CE2B;110E 1173 11B2; # (츫; 츫; 츫; 츫; 츫; ) HANGUL SYLLABLE CEULB +CE2C;CE2C;110E 1173 11B3;CE2C;110E 1173 11B3; # (츬; 츬; 츬; 츬; 츬; ) HANGUL SYLLABLE CEULS +CE2D;CE2D;110E 1173 11B4;CE2D;110E 1173 11B4; # (츭; 츭; 츭; 츭; 츭; ) HANGUL SYLLABLE CEULT +CE2E;CE2E;110E 1173 11B5;CE2E;110E 1173 11B5; # (츮; 츮; 츮; 츮; 츮; ) HANGUL SYLLABLE CEULP +CE2F;CE2F;110E 1173 11B6;CE2F;110E 1173 11B6; # (츯; 츯; 츯; 츯; 츯; ) HANGUL SYLLABLE CEULH +CE30;CE30;110E 1173 11B7;CE30;110E 1173 11B7; # (츰; 츰; 츰; 츰; 츰; ) HANGUL SYLLABLE CEUM +CE31;CE31;110E 1173 11B8;CE31;110E 1173 11B8; # (츱; 츱; 츱; 츱; 츱; ) HANGUL SYLLABLE CEUB +CE32;CE32;110E 1173 11B9;CE32;110E 1173 11B9; # (츲; 츲; 츲; 츲; 츲; ) HANGUL SYLLABLE CEUBS +CE33;CE33;110E 1173 11BA;CE33;110E 1173 11BA; # (츳; 츳; 츳; 츳; 츳; ) HANGUL SYLLABLE CEUS +CE34;CE34;110E 1173 11BB;CE34;110E 1173 11BB; # (츴; 츴; 츴; 츴; 츴; ) HANGUL SYLLABLE CEUSS +CE35;CE35;110E 1173 11BC;CE35;110E 1173 11BC; # (층; 층; 층; 층; 층; ) HANGUL SYLLABLE CEUNG +CE36;CE36;110E 1173 11BD;CE36;110E 1173 11BD; # (츶; 츶; 츶; 츶; 츶; ) HANGUL SYLLABLE CEUJ +CE37;CE37;110E 1173 11BE;CE37;110E 1173 11BE; # (츷; 츷; 츷; 츷; 츷; ) HANGUL SYLLABLE CEUC +CE38;CE38;110E 1173 11BF;CE38;110E 1173 11BF; # (츸; 츸; 츸; 츸; 츸; ) HANGUL SYLLABLE CEUK +CE39;CE39;110E 1173 11C0;CE39;110E 1173 11C0; # (츹; 츹; 츹; 츹; 츹; ) HANGUL SYLLABLE CEUT +CE3A;CE3A;110E 1173 11C1;CE3A;110E 1173 11C1; # (츺; 츺; á„Žá…³á‡; 츺; á„Žá…³á‡; ) HANGUL SYLLABLE CEUP +CE3B;CE3B;110E 1173 11C2;CE3B;110E 1173 11C2; # (츻; 츻; 츻; 츻; 츻; ) HANGUL SYLLABLE CEUH +CE3C;CE3C;110E 1174;CE3C;110E 1174; # (츼; 츼; á„Žá…´; 츼; á„Žá…´; ) HANGUL SYLLABLE CYI +CE3D;CE3D;110E 1174 11A8;CE3D;110E 1174 11A8; # (츽; 츽; 츽; 츽; 츽; ) HANGUL SYLLABLE CYIG +CE3E;CE3E;110E 1174 11A9;CE3E;110E 1174 11A9; # (츾; 츾; 츾; 츾; 츾; ) HANGUL SYLLABLE CYIGG +CE3F;CE3F;110E 1174 11AA;CE3F;110E 1174 11AA; # (츿; 츿; 츿; 츿; 츿; ) HANGUL SYLLABLE CYIGS +CE40;CE40;110E 1174 11AB;CE40;110E 1174 11AB; # (ì¹€; ì¹€; 칀; ì¹€; 칀; ) HANGUL SYLLABLE CYIN +CE41;CE41;110E 1174 11AC;CE41;110E 1174 11AC; # (ì¹; ì¹; 칁; ì¹; 칁; ) HANGUL SYLLABLE CYINJ +CE42;CE42;110E 1174 11AD;CE42;110E 1174 11AD; # (칂; 칂; 칂; 칂; 칂; ) HANGUL SYLLABLE CYINH +CE43;CE43;110E 1174 11AE;CE43;110E 1174 11AE; # (칃; 칃; 칃; 칃; 칃; ) HANGUL SYLLABLE CYID +CE44;CE44;110E 1174 11AF;CE44;110E 1174 11AF; # (칄; 칄; 칄; 칄; 칄; ) HANGUL SYLLABLE CYIL +CE45;CE45;110E 1174 11B0;CE45;110E 1174 11B0; # (ì¹…; ì¹…; 칅; ì¹…; 칅; ) HANGUL SYLLABLE CYILG +CE46;CE46;110E 1174 11B1;CE46;110E 1174 11B1; # (칆; 칆; 칆; 칆; 칆; ) HANGUL SYLLABLE CYILM +CE47;CE47;110E 1174 11B2;CE47;110E 1174 11B2; # (칇; 칇; 칇; 칇; 칇; ) HANGUL SYLLABLE CYILB +CE48;CE48;110E 1174 11B3;CE48;110E 1174 11B3; # (칈; 칈; 칈; 칈; 칈; ) HANGUL SYLLABLE CYILS +CE49;CE49;110E 1174 11B4;CE49;110E 1174 11B4; # (칉; 칉; 칉; 칉; 칉; ) HANGUL SYLLABLE CYILT +CE4A;CE4A;110E 1174 11B5;CE4A;110E 1174 11B5; # (칊; 칊; 칊; 칊; 칊; ) HANGUL SYLLABLE CYILP +CE4B;CE4B;110E 1174 11B6;CE4B;110E 1174 11B6; # (칋; 칋; 칋; 칋; 칋; ) HANGUL SYLLABLE CYILH +CE4C;CE4C;110E 1174 11B7;CE4C;110E 1174 11B7; # (칌; 칌; 칌; 칌; 칌; ) HANGUL SYLLABLE CYIM +CE4D;CE4D;110E 1174 11B8;CE4D;110E 1174 11B8; # (ì¹; ì¹; 칍; ì¹; 칍; ) HANGUL SYLLABLE CYIB +CE4E;CE4E;110E 1174 11B9;CE4E;110E 1174 11B9; # (칎; 칎; 칎; 칎; 칎; ) HANGUL SYLLABLE CYIBS +CE4F;CE4F;110E 1174 11BA;CE4F;110E 1174 11BA; # (ì¹; ì¹; 칏; ì¹; 칏; ) HANGUL SYLLABLE CYIS +CE50;CE50;110E 1174 11BB;CE50;110E 1174 11BB; # (ì¹; ì¹; 칐; ì¹; 칐; ) HANGUL SYLLABLE CYISS +CE51;CE51;110E 1174 11BC;CE51;110E 1174 11BC; # (칑; 칑; 칑; 칑; 칑; ) HANGUL SYLLABLE CYING +CE52;CE52;110E 1174 11BD;CE52;110E 1174 11BD; # (ì¹’; ì¹’; 칒; ì¹’; 칒; ) HANGUL SYLLABLE CYIJ +CE53;CE53;110E 1174 11BE;CE53;110E 1174 11BE; # (칓; 칓; 칓; 칓; 칓; ) HANGUL SYLLABLE CYIC +CE54;CE54;110E 1174 11BF;CE54;110E 1174 11BF; # (ì¹”; ì¹”; 칔; ì¹”; 칔; ) HANGUL SYLLABLE CYIK +CE55;CE55;110E 1174 11C0;CE55;110E 1174 11C0; # (칕; 칕; 칕; 칕; 칕; ) HANGUL SYLLABLE CYIT +CE56;CE56;110E 1174 11C1;CE56;110E 1174 11C1; # (ì¹–; ì¹–; á„Žá…´á‡; ì¹–; á„Žá…´á‡; ) HANGUL SYLLABLE CYIP +CE57;CE57;110E 1174 11C2;CE57;110E 1174 11C2; # (ì¹—; ì¹—; 칗; ì¹—; 칗; ) HANGUL SYLLABLE CYIH +CE58;CE58;110E 1175;CE58;110E 1175; # (치; 치; á„Žá…µ; 치; á„Žá…µ; ) HANGUL SYLLABLE CI +CE59;CE59;110E 1175 11A8;CE59;110E 1175 11A8; # (ì¹™; ì¹™; 칙; ì¹™; 칙; ) HANGUL SYLLABLE CIG +CE5A;CE5A;110E 1175 11A9;CE5A;110E 1175 11A9; # (칚; 칚; 칚; 칚; 칚; ) HANGUL SYLLABLE CIGG +CE5B;CE5B;110E 1175 11AA;CE5B;110E 1175 11AA; # (ì¹›; ì¹›; 칛; ì¹›; 칛; ) HANGUL SYLLABLE CIGS +CE5C;CE5C;110E 1175 11AB;CE5C;110E 1175 11AB; # (친; 친; 친; 친; 친; ) HANGUL SYLLABLE CIN +CE5D;CE5D;110E 1175 11AC;CE5D;110E 1175 11AC; # (ì¹; ì¹; 칝; ì¹; 칝; ) HANGUL SYLLABLE CINJ +CE5E;CE5E;110E 1175 11AD;CE5E;110E 1175 11AD; # (칞; 칞; 칞; 칞; 칞; ) HANGUL SYLLABLE CINH +CE5F;CE5F;110E 1175 11AE;CE5F;110E 1175 11AE; # (칟; 칟; 칟; 칟; 칟; ) HANGUL SYLLABLE CID +CE60;CE60;110E 1175 11AF;CE60;110E 1175 11AF; # (ì¹ ; ì¹ ; 칠; ì¹ ; 칠; ) HANGUL SYLLABLE CIL +CE61;CE61;110E 1175 11B0;CE61;110E 1175 11B0; # (칡; 칡; 칡; 칡; 칡; ) HANGUL SYLLABLE CILG +CE62;CE62;110E 1175 11B1;CE62;110E 1175 11B1; # (ì¹¢; ì¹¢; 칢; ì¹¢; 칢; ) HANGUL SYLLABLE CILM +CE63;CE63;110E 1175 11B2;CE63;110E 1175 11B2; # (ì¹£; ì¹£; 칣; ì¹£; 칣; ) HANGUL SYLLABLE CILB +CE64;CE64;110E 1175 11B3;CE64;110E 1175 11B3; # (칤; 칤; 칤; 칤; 칤; ) HANGUL SYLLABLE CILS +CE65;CE65;110E 1175 11B4;CE65;110E 1175 11B4; # (ì¹¥; ì¹¥; 칥; ì¹¥; 칥; ) HANGUL SYLLABLE CILT +CE66;CE66;110E 1175 11B5;CE66;110E 1175 11B5; # (칦; 칦; 칦; 칦; 칦; ) HANGUL SYLLABLE CILP +CE67;CE67;110E 1175 11B6;CE67;110E 1175 11B6; # (칧; 칧; 칧; 칧; 칧; ) HANGUL SYLLABLE CILH +CE68;CE68;110E 1175 11B7;CE68;110E 1175 11B7; # (침; 침; 침; 침; 침; ) HANGUL SYLLABLE CIM +CE69;CE69;110E 1175 11B8;CE69;110E 1175 11B8; # (칩; 칩; 칩; 칩; 칩; ) HANGUL SYLLABLE CIB +CE6A;CE6A;110E 1175 11B9;CE6A;110E 1175 11B9; # (칪; 칪; 칪; 칪; 칪; ) HANGUL SYLLABLE CIBS +CE6B;CE6B;110E 1175 11BA;CE6B;110E 1175 11BA; # (칫; 칫; 칫; 칫; 칫; ) HANGUL SYLLABLE CIS +CE6C;CE6C;110E 1175 11BB;CE6C;110E 1175 11BB; # (칬; 칬; 칬; 칬; 칬; ) HANGUL SYLLABLE CISS +CE6D;CE6D;110E 1175 11BC;CE6D;110E 1175 11BC; # (ì¹­; ì¹­; 칭; ì¹­; 칭; ) HANGUL SYLLABLE CING +CE6E;CE6E;110E 1175 11BD;CE6E;110E 1175 11BD; # (ì¹®; ì¹®; 칮; ì¹®; 칮; ) HANGUL SYLLABLE CIJ +CE6F;CE6F;110E 1175 11BE;CE6F;110E 1175 11BE; # (칯; 칯; 칯; 칯; 칯; ) HANGUL SYLLABLE CIC +CE70;CE70;110E 1175 11BF;CE70;110E 1175 11BF; # (ì¹°; ì¹°; 칰; ì¹°; 칰; ) HANGUL SYLLABLE CIK +CE71;CE71;110E 1175 11C0;CE71;110E 1175 11C0; # (ì¹±; ì¹±; 칱; ì¹±; 칱; ) HANGUL SYLLABLE CIT +CE72;CE72;110E 1175 11C1;CE72;110E 1175 11C1; # (ì¹²; ì¹²; á„Žá…µá‡; ì¹²; á„Žá…µá‡; ) HANGUL SYLLABLE CIP +CE73;CE73;110E 1175 11C2;CE73;110E 1175 11C2; # (ì¹³; ì¹³; 칳; ì¹³; 칳; ) HANGUL SYLLABLE CIH +CE74;CE74;110F 1161;CE74;110F 1161; # (ì¹´; ì¹´; á„á…¡; ì¹´; á„á…¡; ) HANGUL SYLLABLE KA +CE75;CE75;110F 1161 11A8;CE75;110F 1161 11A8; # (ì¹µ; ì¹µ; á„ᅡᆨ; ì¹µ; á„ᅡᆨ; ) HANGUL SYLLABLE KAG +CE76;CE76;110F 1161 11A9;CE76;110F 1161 11A9; # (칶; 칶; á„ᅡᆩ; 칶; á„ᅡᆩ; ) HANGUL SYLLABLE KAGG +CE77;CE77;110F 1161 11AA;CE77;110F 1161 11AA; # (ì¹·; ì¹·; á„ᅡᆪ; ì¹·; á„ᅡᆪ; ) HANGUL SYLLABLE KAGS +CE78;CE78;110F 1161 11AB;CE78;110F 1161 11AB; # (칸; 칸; á„ᅡᆫ; 칸; á„ᅡᆫ; ) HANGUL SYLLABLE KAN +CE79;CE79;110F 1161 11AC;CE79;110F 1161 11AC; # (ì¹¹; ì¹¹; á„ᅡᆬ; ì¹¹; á„ᅡᆬ; ) HANGUL SYLLABLE KANJ +CE7A;CE7A;110F 1161 11AD;CE7A;110F 1161 11AD; # (칺; 칺; á„ᅡᆭ; 칺; á„ᅡᆭ; ) HANGUL SYLLABLE KANH +CE7B;CE7B;110F 1161 11AE;CE7B;110F 1161 11AE; # (ì¹»; ì¹»; á„ᅡᆮ; ì¹»; á„ᅡᆮ; ) HANGUL SYLLABLE KAD +CE7C;CE7C;110F 1161 11AF;CE7C;110F 1161 11AF; # (ì¹¼; ì¹¼; á„ᅡᆯ; ì¹¼; á„ᅡᆯ; ) HANGUL SYLLABLE KAL +CE7D;CE7D;110F 1161 11B0;CE7D;110F 1161 11B0; # (ì¹½; ì¹½; á„ᅡᆰ; ì¹½; á„ᅡᆰ; ) HANGUL SYLLABLE KALG +CE7E;CE7E;110F 1161 11B1;CE7E;110F 1161 11B1; # (ì¹¾; ì¹¾; á„ᅡᆱ; ì¹¾; á„ᅡᆱ; ) HANGUL SYLLABLE KALM +CE7F;CE7F;110F 1161 11B2;CE7F;110F 1161 11B2; # (칿; 칿; á„ᅡᆲ; 칿; á„ᅡᆲ; ) HANGUL SYLLABLE KALB +CE80;CE80;110F 1161 11B3;CE80;110F 1161 11B3; # (캀; 캀; á„ᅡᆳ; 캀; á„ᅡᆳ; ) HANGUL SYLLABLE KALS +CE81;CE81;110F 1161 11B4;CE81;110F 1161 11B4; # (ìº; ìº; á„ᅡᆴ; ìº; á„ᅡᆴ; ) HANGUL SYLLABLE KALT +CE82;CE82;110F 1161 11B5;CE82;110F 1161 11B5; # (캂; 캂; á„ᅡᆵ; 캂; á„ᅡᆵ; ) HANGUL SYLLABLE KALP +CE83;CE83;110F 1161 11B6;CE83;110F 1161 11B6; # (캃; 캃; á„ᅡᆶ; 캃; á„ᅡᆶ; ) HANGUL SYLLABLE KALH +CE84;CE84;110F 1161 11B7;CE84;110F 1161 11B7; # (캄; 캄; á„ᅡᆷ; 캄; á„ᅡᆷ; ) HANGUL SYLLABLE KAM +CE85;CE85;110F 1161 11B8;CE85;110F 1161 11B8; # (캅; 캅; á„ᅡᆸ; 캅; á„ᅡᆸ; ) HANGUL SYLLABLE KAB +CE86;CE86;110F 1161 11B9;CE86;110F 1161 11B9; # (캆; 캆; á„ᅡᆹ; 캆; á„ᅡᆹ; ) HANGUL SYLLABLE KABS +CE87;CE87;110F 1161 11BA;CE87;110F 1161 11BA; # (캇; 캇; á„ᅡᆺ; 캇; á„ᅡᆺ; ) HANGUL SYLLABLE KAS +CE88;CE88;110F 1161 11BB;CE88;110F 1161 11BB; # (캈; 캈; á„ᅡᆻ; 캈; á„ᅡᆻ; ) HANGUL SYLLABLE KASS +CE89;CE89;110F 1161 11BC;CE89;110F 1161 11BC; # (캉; 캉; á„ᅡᆼ; 캉; á„ᅡᆼ; ) HANGUL SYLLABLE KANG +CE8A;CE8A;110F 1161 11BD;CE8A;110F 1161 11BD; # (캊; 캊; á„ᅡᆽ; 캊; á„ᅡᆽ; ) HANGUL SYLLABLE KAJ +CE8B;CE8B;110F 1161 11BE;CE8B;110F 1161 11BE; # (캋; 캋; á„ᅡᆾ; 캋; á„ᅡᆾ; ) HANGUL SYLLABLE KAC +CE8C;CE8C;110F 1161 11BF;CE8C;110F 1161 11BF; # (캌; 캌; á„ᅡᆿ; 캌; á„ᅡᆿ; ) HANGUL SYLLABLE KAK +CE8D;CE8D;110F 1161 11C0;CE8D;110F 1161 11C0; # (ìº; ìº; á„ᅡᇀ; ìº; á„ᅡᇀ; ) HANGUL SYLLABLE KAT +CE8E;CE8E;110F 1161 11C1;CE8E;110F 1161 11C1; # (캎; 캎; á„á…¡á‡; 캎; á„á…¡á‡; ) HANGUL SYLLABLE KAP +CE8F;CE8F;110F 1161 11C2;CE8F;110F 1161 11C2; # (ìº; ìº; á„ᅡᇂ; ìº; á„ᅡᇂ; ) HANGUL SYLLABLE KAH +CE90;CE90;110F 1162;CE90;110F 1162; # (ìº; ìº; á„á…¢; ìº; á„á…¢; ) HANGUL SYLLABLE KAE +CE91;CE91;110F 1162 11A8;CE91;110F 1162 11A8; # (캑; 캑; á„ᅢᆨ; 캑; á„ᅢᆨ; ) HANGUL SYLLABLE KAEG +CE92;CE92;110F 1162 11A9;CE92;110F 1162 11A9; # (캒; 캒; á„ᅢᆩ; 캒; á„ᅢᆩ; ) HANGUL SYLLABLE KAEGG +CE93;CE93;110F 1162 11AA;CE93;110F 1162 11AA; # (캓; 캓; á„ᅢᆪ; 캓; á„ᅢᆪ; ) HANGUL SYLLABLE KAEGS +CE94;CE94;110F 1162 11AB;CE94;110F 1162 11AB; # (캔; 캔; á„ᅢᆫ; 캔; á„ᅢᆫ; ) HANGUL SYLLABLE KAEN +CE95;CE95;110F 1162 11AC;CE95;110F 1162 11AC; # (캕; 캕; á„ᅢᆬ; 캕; á„ᅢᆬ; ) HANGUL SYLLABLE KAENJ +CE96;CE96;110F 1162 11AD;CE96;110F 1162 11AD; # (캖; 캖; á„ᅢᆭ; 캖; á„ᅢᆭ; ) HANGUL SYLLABLE KAENH +CE97;CE97;110F 1162 11AE;CE97;110F 1162 11AE; # (캗; 캗; á„ᅢᆮ; 캗; á„ᅢᆮ; ) HANGUL SYLLABLE KAED +CE98;CE98;110F 1162 11AF;CE98;110F 1162 11AF; # (캘; 캘; á„ᅢᆯ; 캘; á„ᅢᆯ; ) HANGUL SYLLABLE KAEL +CE99;CE99;110F 1162 11B0;CE99;110F 1162 11B0; # (캙; 캙; á„ᅢᆰ; 캙; á„ᅢᆰ; ) HANGUL SYLLABLE KAELG +CE9A;CE9A;110F 1162 11B1;CE9A;110F 1162 11B1; # (캚; 캚; á„ᅢᆱ; 캚; á„ᅢᆱ; ) HANGUL SYLLABLE KAELM +CE9B;CE9B;110F 1162 11B2;CE9B;110F 1162 11B2; # (캛; 캛; á„ᅢᆲ; 캛; á„ᅢᆲ; ) HANGUL SYLLABLE KAELB +CE9C;CE9C;110F 1162 11B3;CE9C;110F 1162 11B3; # (캜; 캜; á„ᅢᆳ; 캜; á„ᅢᆳ; ) HANGUL SYLLABLE KAELS +CE9D;CE9D;110F 1162 11B4;CE9D;110F 1162 11B4; # (ìº; ìº; á„ᅢᆴ; ìº; á„ᅢᆴ; ) HANGUL SYLLABLE KAELT +CE9E;CE9E;110F 1162 11B5;CE9E;110F 1162 11B5; # (캞; 캞; á„ᅢᆵ; 캞; á„ᅢᆵ; ) HANGUL SYLLABLE KAELP +CE9F;CE9F;110F 1162 11B6;CE9F;110F 1162 11B6; # (캟; 캟; á„ᅢᆶ; 캟; á„ᅢᆶ; ) HANGUL SYLLABLE KAELH +CEA0;CEA0;110F 1162 11B7;CEA0;110F 1162 11B7; # (캠; 캠; á„ᅢᆷ; 캠; á„ᅢᆷ; ) HANGUL SYLLABLE KAEM +CEA1;CEA1;110F 1162 11B8;CEA1;110F 1162 11B8; # (캡; 캡; á„ᅢᆸ; 캡; á„ᅢᆸ; ) HANGUL SYLLABLE KAEB +CEA2;CEA2;110F 1162 11B9;CEA2;110F 1162 11B9; # (캢; 캢; á„ᅢᆹ; 캢; á„ᅢᆹ; ) HANGUL SYLLABLE KAEBS +CEA3;CEA3;110F 1162 11BA;CEA3;110F 1162 11BA; # (캣; 캣; á„ᅢᆺ; 캣; á„ᅢᆺ; ) HANGUL SYLLABLE KAES +CEA4;CEA4;110F 1162 11BB;CEA4;110F 1162 11BB; # (캤; 캤; á„ᅢᆻ; 캤; á„ᅢᆻ; ) HANGUL SYLLABLE KAESS +CEA5;CEA5;110F 1162 11BC;CEA5;110F 1162 11BC; # (캥; 캥; á„ᅢᆼ; 캥; á„ᅢᆼ; ) HANGUL SYLLABLE KAENG +CEA6;CEA6;110F 1162 11BD;CEA6;110F 1162 11BD; # (캦; 캦; á„ᅢᆽ; 캦; á„ᅢᆽ; ) HANGUL SYLLABLE KAEJ +CEA7;CEA7;110F 1162 11BE;CEA7;110F 1162 11BE; # (캧; 캧; á„ᅢᆾ; 캧; á„ᅢᆾ; ) HANGUL SYLLABLE KAEC +CEA8;CEA8;110F 1162 11BF;CEA8;110F 1162 11BF; # (캨; 캨; á„ᅢᆿ; 캨; á„ᅢᆿ; ) HANGUL SYLLABLE KAEK +CEA9;CEA9;110F 1162 11C0;CEA9;110F 1162 11C0; # (캩; 캩; á„ᅢᇀ; 캩; á„ᅢᇀ; ) HANGUL SYLLABLE KAET +CEAA;CEAA;110F 1162 11C1;CEAA;110F 1162 11C1; # (캪; 캪; á„á…¢á‡; 캪; á„á…¢á‡; ) HANGUL SYLLABLE KAEP +CEAB;CEAB;110F 1162 11C2;CEAB;110F 1162 11C2; # (캫; 캫; á„ᅢᇂ; 캫; á„ᅢᇂ; ) HANGUL SYLLABLE KAEH +CEAC;CEAC;110F 1163;CEAC;110F 1163; # (캬; 캬; á„á…£; 캬; á„á…£; ) HANGUL SYLLABLE KYA +CEAD;CEAD;110F 1163 11A8;CEAD;110F 1163 11A8; # (캭; 캭; á„ᅣᆨ; 캭; á„ᅣᆨ; ) HANGUL SYLLABLE KYAG +CEAE;CEAE;110F 1163 11A9;CEAE;110F 1163 11A9; # (캮; 캮; á„ᅣᆩ; 캮; á„ᅣᆩ; ) HANGUL SYLLABLE KYAGG +CEAF;CEAF;110F 1163 11AA;CEAF;110F 1163 11AA; # (캯; 캯; á„ᅣᆪ; 캯; á„ᅣᆪ; ) HANGUL SYLLABLE KYAGS +CEB0;CEB0;110F 1163 11AB;CEB0;110F 1163 11AB; # (캰; 캰; á„ᅣᆫ; 캰; á„ᅣᆫ; ) HANGUL SYLLABLE KYAN +CEB1;CEB1;110F 1163 11AC;CEB1;110F 1163 11AC; # (캱; 캱; á„ᅣᆬ; 캱; á„ᅣᆬ; ) HANGUL SYLLABLE KYANJ +CEB2;CEB2;110F 1163 11AD;CEB2;110F 1163 11AD; # (캲; 캲; á„ᅣᆭ; 캲; á„ᅣᆭ; ) HANGUL SYLLABLE KYANH +CEB3;CEB3;110F 1163 11AE;CEB3;110F 1163 11AE; # (캳; 캳; á„ᅣᆮ; 캳; á„ᅣᆮ; ) HANGUL SYLLABLE KYAD +CEB4;CEB4;110F 1163 11AF;CEB4;110F 1163 11AF; # (캴; 캴; á„ᅣᆯ; 캴; á„ᅣᆯ; ) HANGUL SYLLABLE KYAL +CEB5;CEB5;110F 1163 11B0;CEB5;110F 1163 11B0; # (캵; 캵; á„ᅣᆰ; 캵; á„ᅣᆰ; ) HANGUL SYLLABLE KYALG +CEB6;CEB6;110F 1163 11B1;CEB6;110F 1163 11B1; # (캶; 캶; á„ᅣᆱ; 캶; á„ᅣᆱ; ) HANGUL SYLLABLE KYALM +CEB7;CEB7;110F 1163 11B2;CEB7;110F 1163 11B2; # (캷; 캷; á„ᅣᆲ; 캷; á„ᅣᆲ; ) HANGUL SYLLABLE KYALB +CEB8;CEB8;110F 1163 11B3;CEB8;110F 1163 11B3; # (캸; 캸; á„ᅣᆳ; 캸; á„ᅣᆳ; ) HANGUL SYLLABLE KYALS +CEB9;CEB9;110F 1163 11B4;CEB9;110F 1163 11B4; # (캹; 캹; á„ᅣᆴ; 캹; á„ᅣᆴ; ) HANGUL SYLLABLE KYALT +CEBA;CEBA;110F 1163 11B5;CEBA;110F 1163 11B5; # (캺; 캺; á„ᅣᆵ; 캺; á„ᅣᆵ; ) HANGUL SYLLABLE KYALP +CEBB;CEBB;110F 1163 11B6;CEBB;110F 1163 11B6; # (캻; 캻; á„ᅣᆶ; 캻; á„ᅣᆶ; ) HANGUL SYLLABLE KYALH +CEBC;CEBC;110F 1163 11B7;CEBC;110F 1163 11B7; # (캼; 캼; á„ᅣᆷ; 캼; á„ᅣᆷ; ) HANGUL SYLLABLE KYAM +CEBD;CEBD;110F 1163 11B8;CEBD;110F 1163 11B8; # (캽; 캽; á„ᅣᆸ; 캽; á„ᅣᆸ; ) HANGUL SYLLABLE KYAB +CEBE;CEBE;110F 1163 11B9;CEBE;110F 1163 11B9; # (캾; 캾; á„ᅣᆹ; 캾; á„ᅣᆹ; ) HANGUL SYLLABLE KYABS +CEBF;CEBF;110F 1163 11BA;CEBF;110F 1163 11BA; # (캿; 캿; á„ᅣᆺ; 캿; á„ᅣᆺ; ) HANGUL SYLLABLE KYAS +CEC0;CEC0;110F 1163 11BB;CEC0;110F 1163 11BB; # (컀; 컀; á„ᅣᆻ; 컀; á„ᅣᆻ; ) HANGUL SYLLABLE KYASS +CEC1;CEC1;110F 1163 11BC;CEC1;110F 1163 11BC; # (ì»; ì»; á„ᅣᆼ; ì»; á„ᅣᆼ; ) HANGUL SYLLABLE KYANG +CEC2;CEC2;110F 1163 11BD;CEC2;110F 1163 11BD; # (컂; 컂; á„ᅣᆽ; 컂; á„ᅣᆽ; ) HANGUL SYLLABLE KYAJ +CEC3;CEC3;110F 1163 11BE;CEC3;110F 1163 11BE; # (컃; 컃; á„ᅣᆾ; 컃; á„ᅣᆾ; ) HANGUL SYLLABLE KYAC +CEC4;CEC4;110F 1163 11BF;CEC4;110F 1163 11BF; # (컄; 컄; á„ᅣᆿ; 컄; á„ᅣᆿ; ) HANGUL SYLLABLE KYAK +CEC5;CEC5;110F 1163 11C0;CEC5;110F 1163 11C0; # (ì»…; ì»…; á„ᅣᇀ; ì»…; á„ᅣᇀ; ) HANGUL SYLLABLE KYAT +CEC6;CEC6;110F 1163 11C1;CEC6;110F 1163 11C1; # (컆; 컆; á„á…£á‡; 컆; á„á…£á‡; ) HANGUL SYLLABLE KYAP +CEC7;CEC7;110F 1163 11C2;CEC7;110F 1163 11C2; # (컇; 컇; á„ᅣᇂ; 컇; á„ᅣᇂ; ) HANGUL SYLLABLE KYAH +CEC8;CEC8;110F 1164;CEC8;110F 1164; # (컈; 컈; á„á…¤; 컈; á„á…¤; ) HANGUL SYLLABLE KYAE +CEC9;CEC9;110F 1164 11A8;CEC9;110F 1164 11A8; # (컉; 컉; á„ᅤᆨ; 컉; á„ᅤᆨ; ) HANGUL SYLLABLE KYAEG +CECA;CECA;110F 1164 11A9;CECA;110F 1164 11A9; # (컊; 컊; á„ᅤᆩ; 컊; á„ᅤᆩ; ) HANGUL SYLLABLE KYAEGG +CECB;CECB;110F 1164 11AA;CECB;110F 1164 11AA; # (컋; 컋; á„ᅤᆪ; 컋; á„ᅤᆪ; ) HANGUL SYLLABLE KYAEGS +CECC;CECC;110F 1164 11AB;CECC;110F 1164 11AB; # (컌; 컌; á„ᅤᆫ; 컌; á„ᅤᆫ; ) HANGUL SYLLABLE KYAEN +CECD;CECD;110F 1164 11AC;CECD;110F 1164 11AC; # (ì»; ì»; á„ᅤᆬ; ì»; á„ᅤᆬ; ) HANGUL SYLLABLE KYAENJ +CECE;CECE;110F 1164 11AD;CECE;110F 1164 11AD; # (컎; 컎; á„ᅤᆭ; 컎; á„ᅤᆭ; ) HANGUL SYLLABLE KYAENH +CECF;CECF;110F 1164 11AE;CECF;110F 1164 11AE; # (ì»; ì»; á„ᅤᆮ; ì»; á„ᅤᆮ; ) HANGUL SYLLABLE KYAED +CED0;CED0;110F 1164 11AF;CED0;110F 1164 11AF; # (ì»; ì»; á„ᅤᆯ; ì»; á„ᅤᆯ; ) HANGUL SYLLABLE KYAEL +CED1;CED1;110F 1164 11B0;CED1;110F 1164 11B0; # (컑; 컑; á„ᅤᆰ; 컑; á„ᅤᆰ; ) HANGUL SYLLABLE KYAELG +CED2;CED2;110F 1164 11B1;CED2;110F 1164 11B1; # (ì»’; ì»’; á„ᅤᆱ; ì»’; á„ᅤᆱ; ) HANGUL SYLLABLE KYAELM +CED3;CED3;110F 1164 11B2;CED3;110F 1164 11B2; # (컓; 컓; á„ᅤᆲ; 컓; á„ᅤᆲ; ) HANGUL SYLLABLE KYAELB +CED4;CED4;110F 1164 11B3;CED4;110F 1164 11B3; # (ì»”; ì»”; á„ᅤᆳ; ì»”; á„ᅤᆳ; ) HANGUL SYLLABLE KYAELS +CED5;CED5;110F 1164 11B4;CED5;110F 1164 11B4; # (컕; 컕; á„ᅤᆴ; 컕; á„ᅤᆴ; ) HANGUL SYLLABLE KYAELT +CED6;CED6;110F 1164 11B5;CED6;110F 1164 11B5; # (ì»–; ì»–; á„ᅤᆵ; ì»–; á„ᅤᆵ; ) HANGUL SYLLABLE KYAELP +CED7;CED7;110F 1164 11B6;CED7;110F 1164 11B6; # (ì»—; ì»—; á„ᅤᆶ; ì»—; á„ᅤᆶ; ) HANGUL SYLLABLE KYAELH +CED8;CED8;110F 1164 11B7;CED8;110F 1164 11B7; # (컘; 컘; á„ᅤᆷ; 컘; á„ᅤᆷ; ) HANGUL SYLLABLE KYAEM +CED9;CED9;110F 1164 11B8;CED9;110F 1164 11B8; # (ì»™; ì»™; á„ᅤᆸ; ì»™; á„ᅤᆸ; ) HANGUL SYLLABLE KYAEB +CEDA;CEDA;110F 1164 11B9;CEDA;110F 1164 11B9; # (컚; 컚; á„ᅤᆹ; 컚; á„ᅤᆹ; ) HANGUL SYLLABLE KYAEBS +CEDB;CEDB;110F 1164 11BA;CEDB;110F 1164 11BA; # (ì»›; ì»›; á„ᅤᆺ; ì»›; á„ᅤᆺ; ) HANGUL SYLLABLE KYAES +CEDC;CEDC;110F 1164 11BB;CEDC;110F 1164 11BB; # (컜; 컜; á„ᅤᆻ; 컜; á„ᅤᆻ; ) HANGUL SYLLABLE KYAESS +CEDD;CEDD;110F 1164 11BC;CEDD;110F 1164 11BC; # (ì»; ì»; á„ᅤᆼ; ì»; á„ᅤᆼ; ) HANGUL SYLLABLE KYAENG +CEDE;CEDE;110F 1164 11BD;CEDE;110F 1164 11BD; # (컞; 컞; á„ᅤᆽ; 컞; á„ᅤᆽ; ) HANGUL SYLLABLE KYAEJ +CEDF;CEDF;110F 1164 11BE;CEDF;110F 1164 11BE; # (컟; 컟; á„ᅤᆾ; 컟; á„ᅤᆾ; ) HANGUL SYLLABLE KYAEC +CEE0;CEE0;110F 1164 11BF;CEE0;110F 1164 11BF; # (ì» ; ì» ; á„ᅤᆿ; ì» ; á„ᅤᆿ; ) HANGUL SYLLABLE KYAEK +CEE1;CEE1;110F 1164 11C0;CEE1;110F 1164 11C0; # (컡; 컡; á„ᅤᇀ; 컡; á„ᅤᇀ; ) HANGUL SYLLABLE KYAET +CEE2;CEE2;110F 1164 11C1;CEE2;110F 1164 11C1; # (컢; 컢; á„á…¤á‡; 컢; á„á…¤á‡; ) HANGUL SYLLABLE KYAEP +CEE3;CEE3;110F 1164 11C2;CEE3;110F 1164 11C2; # (컣; 컣; á„ᅤᇂ; 컣; á„ᅤᇂ; ) HANGUL SYLLABLE KYAEH +CEE4;CEE4;110F 1165;CEE4;110F 1165; # (커; 커; á„á…¥; 커; á„á…¥; ) HANGUL SYLLABLE KEO +CEE5;CEE5;110F 1165 11A8;CEE5;110F 1165 11A8; # (컥; 컥; á„ᅥᆨ; 컥; á„ᅥᆨ; ) HANGUL SYLLABLE KEOG +CEE6;CEE6;110F 1165 11A9;CEE6;110F 1165 11A9; # (컦; 컦; á„ᅥᆩ; 컦; á„ᅥᆩ; ) HANGUL SYLLABLE KEOGG +CEE7;CEE7;110F 1165 11AA;CEE7;110F 1165 11AA; # (컧; 컧; á„ᅥᆪ; 컧; á„ᅥᆪ; ) HANGUL SYLLABLE KEOGS +CEE8;CEE8;110F 1165 11AB;CEE8;110F 1165 11AB; # (컨; 컨; á„ᅥᆫ; 컨; á„ᅥᆫ; ) HANGUL SYLLABLE KEON +CEE9;CEE9;110F 1165 11AC;CEE9;110F 1165 11AC; # (컩; 컩; á„ᅥᆬ; 컩; á„ᅥᆬ; ) HANGUL SYLLABLE KEONJ +CEEA;CEEA;110F 1165 11AD;CEEA;110F 1165 11AD; # (컪; 컪; á„ᅥᆭ; 컪; á„ᅥᆭ; ) HANGUL SYLLABLE KEONH +CEEB;CEEB;110F 1165 11AE;CEEB;110F 1165 11AE; # (컫; 컫; á„ᅥᆮ; 컫; á„ᅥᆮ; ) HANGUL SYLLABLE KEOD +CEEC;CEEC;110F 1165 11AF;CEEC;110F 1165 11AF; # (컬; 컬; á„ᅥᆯ; 컬; á„ᅥᆯ; ) HANGUL SYLLABLE KEOL +CEED;CEED;110F 1165 11B0;CEED;110F 1165 11B0; # (ì»­; ì»­; á„ᅥᆰ; ì»­; á„ᅥᆰ; ) HANGUL SYLLABLE KEOLG +CEEE;CEEE;110F 1165 11B1;CEEE;110F 1165 11B1; # (ì»®; ì»®; á„ᅥᆱ; ì»®; á„ᅥᆱ; ) HANGUL SYLLABLE KEOLM +CEEF;CEEF;110F 1165 11B2;CEEF;110F 1165 11B2; # (컯; 컯; á„ᅥᆲ; 컯; á„ᅥᆲ; ) HANGUL SYLLABLE KEOLB +CEF0;CEF0;110F 1165 11B3;CEF0;110F 1165 11B3; # (ì»°; ì»°; á„ᅥᆳ; ì»°; á„ᅥᆳ; ) HANGUL SYLLABLE KEOLS +CEF1;CEF1;110F 1165 11B4;CEF1;110F 1165 11B4; # (ì»±; ì»±; á„ᅥᆴ; ì»±; á„ᅥᆴ; ) HANGUL SYLLABLE KEOLT +CEF2;CEF2;110F 1165 11B5;CEF2;110F 1165 11B5; # (컲; 컲; á„ᅥᆵ; 컲; á„ᅥᆵ; ) HANGUL SYLLABLE KEOLP +CEF3;CEF3;110F 1165 11B6;CEF3;110F 1165 11B6; # (컳; 컳; á„ᅥᆶ; 컳; á„ᅥᆶ; ) HANGUL SYLLABLE KEOLH +CEF4;CEF4;110F 1165 11B7;CEF4;110F 1165 11B7; # (ì»´; ì»´; á„ᅥᆷ; ì»´; á„ᅥᆷ; ) HANGUL SYLLABLE KEOM +CEF5;CEF5;110F 1165 11B8;CEF5;110F 1165 11B8; # (컵; 컵; á„ᅥᆸ; 컵; á„ᅥᆸ; ) HANGUL SYLLABLE KEOB +CEF6;CEF6;110F 1165 11B9;CEF6;110F 1165 11B9; # (컶; 컶; á„ᅥᆹ; 컶; á„ᅥᆹ; ) HANGUL SYLLABLE KEOBS +CEF7;CEF7;110F 1165 11BA;CEF7;110F 1165 11BA; # (ì»·; ì»·; á„ᅥᆺ; ì»·; á„ᅥᆺ; ) HANGUL SYLLABLE KEOS +CEF8;CEF8;110F 1165 11BB;CEF8;110F 1165 11BB; # (컸; 컸; á„ᅥᆻ; 컸; á„ᅥᆻ; ) HANGUL SYLLABLE KEOSS +CEF9;CEF9;110F 1165 11BC;CEF9;110F 1165 11BC; # (컹; 컹; á„ᅥᆼ; 컹; á„ᅥᆼ; ) HANGUL SYLLABLE KEONG +CEFA;CEFA;110F 1165 11BD;CEFA;110F 1165 11BD; # (컺; 컺; á„ᅥᆽ; 컺; á„ᅥᆽ; ) HANGUL SYLLABLE KEOJ +CEFB;CEFB;110F 1165 11BE;CEFB;110F 1165 11BE; # (ì»»; ì»»; á„ᅥᆾ; ì»»; á„ᅥᆾ; ) HANGUL SYLLABLE KEOC +CEFC;CEFC;110F 1165 11BF;CEFC;110F 1165 11BF; # (컼; 컼; á„ᅥᆿ; 컼; á„ᅥᆿ; ) HANGUL SYLLABLE KEOK +CEFD;CEFD;110F 1165 11C0;CEFD;110F 1165 11C0; # (컽; 컽; á„ᅥᇀ; 컽; á„ᅥᇀ; ) HANGUL SYLLABLE KEOT +CEFE;CEFE;110F 1165 11C1;CEFE;110F 1165 11C1; # (컾; 컾; á„á…¥á‡; 컾; á„á…¥á‡; ) HANGUL SYLLABLE KEOP +CEFF;CEFF;110F 1165 11C2;CEFF;110F 1165 11C2; # (컿; 컿; á„ᅥᇂ; 컿; á„ᅥᇂ; ) HANGUL SYLLABLE KEOH +CF00;CF00;110F 1166;CF00;110F 1166; # (ì¼€; ì¼€; á„á…¦; ì¼€; á„á…¦; ) HANGUL SYLLABLE KE +CF01;CF01;110F 1166 11A8;CF01;110F 1166 11A8; # (ì¼; ì¼; á„ᅦᆨ; ì¼; á„ᅦᆨ; ) HANGUL SYLLABLE KEG +CF02;CF02;110F 1166 11A9;CF02;110F 1166 11A9; # (켂; 켂; á„ᅦᆩ; 켂; á„ᅦᆩ; ) HANGUL SYLLABLE KEGG +CF03;CF03;110F 1166 11AA;CF03;110F 1166 11AA; # (켃; 켃; á„ᅦᆪ; 켃; á„ᅦᆪ; ) HANGUL SYLLABLE KEGS +CF04;CF04;110F 1166 11AB;CF04;110F 1166 11AB; # (켄; 켄; á„ᅦᆫ; 켄; á„ᅦᆫ; ) HANGUL SYLLABLE KEN +CF05;CF05;110F 1166 11AC;CF05;110F 1166 11AC; # (ì¼…; ì¼…; á„ᅦᆬ; ì¼…; á„ᅦᆬ; ) HANGUL SYLLABLE KENJ +CF06;CF06;110F 1166 11AD;CF06;110F 1166 11AD; # (켆; 켆; á„ᅦᆭ; 켆; á„ᅦᆭ; ) HANGUL SYLLABLE KENH +CF07;CF07;110F 1166 11AE;CF07;110F 1166 11AE; # (켇; 켇; á„ᅦᆮ; 켇; á„ᅦᆮ; ) HANGUL SYLLABLE KED +CF08;CF08;110F 1166 11AF;CF08;110F 1166 11AF; # (켈; 켈; á„ᅦᆯ; 켈; á„ᅦᆯ; ) HANGUL SYLLABLE KEL +CF09;CF09;110F 1166 11B0;CF09;110F 1166 11B0; # (켉; 켉; á„ᅦᆰ; 켉; á„ᅦᆰ; ) HANGUL SYLLABLE KELG +CF0A;CF0A;110F 1166 11B1;CF0A;110F 1166 11B1; # (켊; 켊; á„ᅦᆱ; 켊; á„ᅦᆱ; ) HANGUL SYLLABLE KELM +CF0B;CF0B;110F 1166 11B2;CF0B;110F 1166 11B2; # (켋; 켋; á„ᅦᆲ; 켋; á„ᅦᆲ; ) HANGUL SYLLABLE KELB +CF0C;CF0C;110F 1166 11B3;CF0C;110F 1166 11B3; # (켌; 켌; á„ᅦᆳ; 켌; á„ᅦᆳ; ) HANGUL SYLLABLE KELS +CF0D;CF0D;110F 1166 11B4;CF0D;110F 1166 11B4; # (ì¼; ì¼; á„ᅦᆴ; ì¼; á„ᅦᆴ; ) HANGUL SYLLABLE KELT +CF0E;CF0E;110F 1166 11B5;CF0E;110F 1166 11B5; # (켎; 켎; á„ᅦᆵ; 켎; á„ᅦᆵ; ) HANGUL SYLLABLE KELP +CF0F;CF0F;110F 1166 11B6;CF0F;110F 1166 11B6; # (ì¼; ì¼; á„ᅦᆶ; ì¼; á„ᅦᆶ; ) HANGUL SYLLABLE KELH +CF10;CF10;110F 1166 11B7;CF10;110F 1166 11B7; # (ì¼; ì¼; á„ᅦᆷ; ì¼; á„ᅦᆷ; ) HANGUL SYLLABLE KEM +CF11;CF11;110F 1166 11B8;CF11;110F 1166 11B8; # (켑; 켑; á„ᅦᆸ; 켑; á„ᅦᆸ; ) HANGUL SYLLABLE KEB +CF12;CF12;110F 1166 11B9;CF12;110F 1166 11B9; # (ì¼’; ì¼’; á„ᅦᆹ; ì¼’; á„ᅦᆹ; ) HANGUL SYLLABLE KEBS +CF13;CF13;110F 1166 11BA;CF13;110F 1166 11BA; # (켓; 켓; á„ᅦᆺ; 켓; á„ᅦᆺ; ) HANGUL SYLLABLE KES +CF14;CF14;110F 1166 11BB;CF14;110F 1166 11BB; # (ì¼”; ì¼”; á„ᅦᆻ; ì¼”; á„ᅦᆻ; ) HANGUL SYLLABLE KESS +CF15;CF15;110F 1166 11BC;CF15;110F 1166 11BC; # (켕; 켕; á„ᅦᆼ; 켕; á„ᅦᆼ; ) HANGUL SYLLABLE KENG +CF16;CF16;110F 1166 11BD;CF16;110F 1166 11BD; # (ì¼–; ì¼–; á„ᅦᆽ; ì¼–; á„ᅦᆽ; ) HANGUL SYLLABLE KEJ +CF17;CF17;110F 1166 11BE;CF17;110F 1166 11BE; # (ì¼—; ì¼—; á„ᅦᆾ; ì¼—; á„ᅦᆾ; ) HANGUL SYLLABLE KEC +CF18;CF18;110F 1166 11BF;CF18;110F 1166 11BF; # (켘; 켘; á„ᅦᆿ; 켘; á„ᅦᆿ; ) HANGUL SYLLABLE KEK +CF19;CF19;110F 1166 11C0;CF19;110F 1166 11C0; # (ì¼™; ì¼™; á„ᅦᇀ; ì¼™; á„ᅦᇀ; ) HANGUL SYLLABLE KET +CF1A;CF1A;110F 1166 11C1;CF1A;110F 1166 11C1; # (켚; 켚; á„á…¦á‡; 켚; á„á…¦á‡; ) HANGUL SYLLABLE KEP +CF1B;CF1B;110F 1166 11C2;CF1B;110F 1166 11C2; # (ì¼›; ì¼›; á„ᅦᇂ; ì¼›; á„ᅦᇂ; ) HANGUL SYLLABLE KEH +CF1C;CF1C;110F 1167;CF1C;110F 1167; # (켜; 켜; á„á…§; 켜; á„á…§; ) HANGUL SYLLABLE KYEO +CF1D;CF1D;110F 1167 11A8;CF1D;110F 1167 11A8; # (ì¼; ì¼; á„ᅧᆨ; ì¼; á„ᅧᆨ; ) HANGUL SYLLABLE KYEOG +CF1E;CF1E;110F 1167 11A9;CF1E;110F 1167 11A9; # (켞; 켞; á„ᅧᆩ; 켞; á„ᅧᆩ; ) HANGUL SYLLABLE KYEOGG +CF1F;CF1F;110F 1167 11AA;CF1F;110F 1167 11AA; # (켟; 켟; á„ᅧᆪ; 켟; á„ᅧᆪ; ) HANGUL SYLLABLE KYEOGS +CF20;CF20;110F 1167 11AB;CF20;110F 1167 11AB; # (ì¼ ; ì¼ ; á„ᅧᆫ; ì¼ ; á„ᅧᆫ; ) HANGUL SYLLABLE KYEON +CF21;CF21;110F 1167 11AC;CF21;110F 1167 11AC; # (켡; 켡; á„ᅧᆬ; 켡; á„ᅧᆬ; ) HANGUL SYLLABLE KYEONJ +CF22;CF22;110F 1167 11AD;CF22;110F 1167 11AD; # (ì¼¢; ì¼¢; á„ᅧᆭ; ì¼¢; á„ᅧᆭ; ) HANGUL SYLLABLE KYEONH +CF23;CF23;110F 1167 11AE;CF23;110F 1167 11AE; # (ì¼£; ì¼£; á„ᅧᆮ; ì¼£; á„ᅧᆮ; ) HANGUL SYLLABLE KYEOD +CF24;CF24;110F 1167 11AF;CF24;110F 1167 11AF; # (켤; 켤; á„ᅧᆯ; 켤; á„ᅧᆯ; ) HANGUL SYLLABLE KYEOL +CF25;CF25;110F 1167 11B0;CF25;110F 1167 11B0; # (ì¼¥; ì¼¥; á„ᅧᆰ; ì¼¥; á„ᅧᆰ; ) HANGUL SYLLABLE KYEOLG +CF26;CF26;110F 1167 11B1;CF26;110F 1167 11B1; # (켦; 켦; á„ᅧᆱ; 켦; á„ᅧᆱ; ) HANGUL SYLLABLE KYEOLM +CF27;CF27;110F 1167 11B2;CF27;110F 1167 11B2; # (켧; 켧; á„ᅧᆲ; 켧; á„ᅧᆲ; ) HANGUL SYLLABLE KYEOLB +CF28;CF28;110F 1167 11B3;CF28;110F 1167 11B3; # (켨; 켨; á„ᅧᆳ; 켨; á„ᅧᆳ; ) HANGUL SYLLABLE KYEOLS +CF29;CF29;110F 1167 11B4;CF29;110F 1167 11B4; # (켩; 켩; á„ᅧᆴ; 켩; á„ᅧᆴ; ) HANGUL SYLLABLE KYEOLT +CF2A;CF2A;110F 1167 11B5;CF2A;110F 1167 11B5; # (켪; 켪; á„ᅧᆵ; 켪; á„ᅧᆵ; ) HANGUL SYLLABLE KYEOLP +CF2B;CF2B;110F 1167 11B6;CF2B;110F 1167 11B6; # (켫; 켫; á„ᅧᆶ; 켫; á„ᅧᆶ; ) HANGUL SYLLABLE KYEOLH +CF2C;CF2C;110F 1167 11B7;CF2C;110F 1167 11B7; # (켬; 켬; á„ᅧᆷ; 켬; á„ᅧᆷ; ) HANGUL SYLLABLE KYEOM +CF2D;CF2D;110F 1167 11B8;CF2D;110F 1167 11B8; # (ì¼­; ì¼­; á„ᅧᆸ; ì¼­; á„ᅧᆸ; ) HANGUL SYLLABLE KYEOB +CF2E;CF2E;110F 1167 11B9;CF2E;110F 1167 11B9; # (ì¼®; ì¼®; á„ᅧᆹ; ì¼®; á„ᅧᆹ; ) HANGUL SYLLABLE KYEOBS +CF2F;CF2F;110F 1167 11BA;CF2F;110F 1167 11BA; # (켯; 켯; á„ᅧᆺ; 켯; á„ᅧᆺ; ) HANGUL SYLLABLE KYEOS +CF30;CF30;110F 1167 11BB;CF30;110F 1167 11BB; # (ì¼°; ì¼°; á„ᅧᆻ; ì¼°; á„ᅧᆻ; ) HANGUL SYLLABLE KYEOSS +CF31;CF31;110F 1167 11BC;CF31;110F 1167 11BC; # (ì¼±; ì¼±; á„ᅧᆼ; ì¼±; á„ᅧᆼ; ) HANGUL SYLLABLE KYEONG +CF32;CF32;110F 1167 11BD;CF32;110F 1167 11BD; # (ì¼²; ì¼²; á„ᅧᆽ; ì¼²; á„ᅧᆽ; ) HANGUL SYLLABLE KYEOJ +CF33;CF33;110F 1167 11BE;CF33;110F 1167 11BE; # (ì¼³; ì¼³; á„ᅧᆾ; ì¼³; á„ᅧᆾ; ) HANGUL SYLLABLE KYEOC +CF34;CF34;110F 1167 11BF;CF34;110F 1167 11BF; # (ì¼´; ì¼´; á„ᅧᆿ; ì¼´; á„ᅧᆿ; ) HANGUL SYLLABLE KYEOK +CF35;CF35;110F 1167 11C0;CF35;110F 1167 11C0; # (ì¼µ; ì¼µ; á„ᅧᇀ; ì¼µ; á„ᅧᇀ; ) HANGUL SYLLABLE KYEOT +CF36;CF36;110F 1167 11C1;CF36;110F 1167 11C1; # (켶; 켶; á„á…§á‡; 켶; á„á…§á‡; ) HANGUL SYLLABLE KYEOP +CF37;CF37;110F 1167 11C2;CF37;110F 1167 11C2; # (ì¼·; ì¼·; á„ᅧᇂ; ì¼·; á„ᅧᇂ; ) HANGUL SYLLABLE KYEOH +CF38;CF38;110F 1168;CF38;110F 1168; # (켸; 켸; á„á…¨; 켸; á„á…¨; ) HANGUL SYLLABLE KYE +CF39;CF39;110F 1168 11A8;CF39;110F 1168 11A8; # (ì¼¹; ì¼¹; á„ᅨᆨ; ì¼¹; á„ᅨᆨ; ) HANGUL SYLLABLE KYEG +CF3A;CF3A;110F 1168 11A9;CF3A;110F 1168 11A9; # (켺; 켺; á„ᅨᆩ; 켺; á„ᅨᆩ; ) HANGUL SYLLABLE KYEGG +CF3B;CF3B;110F 1168 11AA;CF3B;110F 1168 11AA; # (ì¼»; ì¼»; á„ᅨᆪ; ì¼»; á„ᅨᆪ; ) HANGUL SYLLABLE KYEGS +CF3C;CF3C;110F 1168 11AB;CF3C;110F 1168 11AB; # (ì¼¼; ì¼¼; á„ᅨᆫ; ì¼¼; á„ᅨᆫ; ) HANGUL SYLLABLE KYEN +CF3D;CF3D;110F 1168 11AC;CF3D;110F 1168 11AC; # (ì¼½; ì¼½; á„ᅨᆬ; ì¼½; á„ᅨᆬ; ) HANGUL SYLLABLE KYENJ +CF3E;CF3E;110F 1168 11AD;CF3E;110F 1168 11AD; # (ì¼¾; ì¼¾; á„ᅨᆭ; ì¼¾; á„ᅨᆭ; ) HANGUL SYLLABLE KYENH +CF3F;CF3F;110F 1168 11AE;CF3F;110F 1168 11AE; # (켿; 켿; á„ᅨᆮ; 켿; á„ᅨᆮ; ) HANGUL SYLLABLE KYED +CF40;CF40;110F 1168 11AF;CF40;110F 1168 11AF; # (ì½€; ì½€; á„ᅨᆯ; ì½€; á„ᅨᆯ; ) HANGUL SYLLABLE KYEL +CF41;CF41;110F 1168 11B0;CF41;110F 1168 11B0; # (ì½; ì½; á„ᅨᆰ; ì½; á„ᅨᆰ; ) HANGUL SYLLABLE KYELG +CF42;CF42;110F 1168 11B1;CF42;110F 1168 11B1; # (콂; 콂; á„ᅨᆱ; 콂; á„ᅨᆱ; ) HANGUL SYLLABLE KYELM +CF43;CF43;110F 1168 11B2;CF43;110F 1168 11B2; # (콃; 콃; á„ᅨᆲ; 콃; á„ᅨᆲ; ) HANGUL SYLLABLE KYELB +CF44;CF44;110F 1168 11B3;CF44;110F 1168 11B3; # (콄; 콄; á„ᅨᆳ; 콄; á„ᅨᆳ; ) HANGUL SYLLABLE KYELS +CF45;CF45;110F 1168 11B4;CF45;110F 1168 11B4; # (ì½…; ì½…; á„ᅨᆴ; ì½…; á„ᅨᆴ; ) HANGUL SYLLABLE KYELT +CF46;CF46;110F 1168 11B5;CF46;110F 1168 11B5; # (콆; 콆; á„ᅨᆵ; 콆; á„ᅨᆵ; ) HANGUL SYLLABLE KYELP +CF47;CF47;110F 1168 11B6;CF47;110F 1168 11B6; # (콇; 콇; á„ᅨᆶ; 콇; á„ᅨᆶ; ) HANGUL SYLLABLE KYELH +CF48;CF48;110F 1168 11B7;CF48;110F 1168 11B7; # (콈; 콈; á„ᅨᆷ; 콈; á„ᅨᆷ; ) HANGUL SYLLABLE KYEM +CF49;CF49;110F 1168 11B8;CF49;110F 1168 11B8; # (콉; 콉; á„ᅨᆸ; 콉; á„ᅨᆸ; ) HANGUL SYLLABLE KYEB +CF4A;CF4A;110F 1168 11B9;CF4A;110F 1168 11B9; # (콊; 콊; á„ᅨᆹ; 콊; á„ᅨᆹ; ) HANGUL SYLLABLE KYEBS +CF4B;CF4B;110F 1168 11BA;CF4B;110F 1168 11BA; # (콋; 콋; á„ᅨᆺ; 콋; á„ᅨᆺ; ) HANGUL SYLLABLE KYES +CF4C;CF4C;110F 1168 11BB;CF4C;110F 1168 11BB; # (콌; 콌; á„ᅨᆻ; 콌; á„ᅨᆻ; ) HANGUL SYLLABLE KYESS +CF4D;CF4D;110F 1168 11BC;CF4D;110F 1168 11BC; # (ì½; ì½; á„ᅨᆼ; ì½; á„ᅨᆼ; ) HANGUL SYLLABLE KYENG +CF4E;CF4E;110F 1168 11BD;CF4E;110F 1168 11BD; # (콎; 콎; á„ᅨᆽ; 콎; á„ᅨᆽ; ) HANGUL SYLLABLE KYEJ +CF4F;CF4F;110F 1168 11BE;CF4F;110F 1168 11BE; # (ì½; ì½; á„ᅨᆾ; ì½; á„ᅨᆾ; ) HANGUL SYLLABLE KYEC +CF50;CF50;110F 1168 11BF;CF50;110F 1168 11BF; # (ì½; ì½; á„ᅨᆿ; ì½; á„ᅨᆿ; ) HANGUL SYLLABLE KYEK +CF51;CF51;110F 1168 11C0;CF51;110F 1168 11C0; # (콑; 콑; á„ᅨᇀ; 콑; á„ᅨᇀ; ) HANGUL SYLLABLE KYET +CF52;CF52;110F 1168 11C1;CF52;110F 1168 11C1; # (ì½’; ì½’; á„á…¨á‡; ì½’; á„á…¨á‡; ) HANGUL SYLLABLE KYEP +CF53;CF53;110F 1168 11C2;CF53;110F 1168 11C2; # (콓; 콓; á„ᅨᇂ; 콓; á„ᅨᇂ; ) HANGUL SYLLABLE KYEH +CF54;CF54;110F 1169;CF54;110F 1169; # (ì½”; ì½”; á„á…©; ì½”; á„á…©; ) HANGUL SYLLABLE KO +CF55;CF55;110F 1169 11A8;CF55;110F 1169 11A8; # (콕; 콕; á„ᅩᆨ; 콕; á„ᅩᆨ; ) HANGUL SYLLABLE KOG +CF56;CF56;110F 1169 11A9;CF56;110F 1169 11A9; # (ì½–; ì½–; á„ᅩᆩ; ì½–; á„ᅩᆩ; ) HANGUL SYLLABLE KOGG +CF57;CF57;110F 1169 11AA;CF57;110F 1169 11AA; # (ì½—; ì½—; á„ᅩᆪ; ì½—; á„ᅩᆪ; ) HANGUL SYLLABLE KOGS +CF58;CF58;110F 1169 11AB;CF58;110F 1169 11AB; # (콘; 콘; á„ᅩᆫ; 콘; á„ᅩᆫ; ) HANGUL SYLLABLE KON +CF59;CF59;110F 1169 11AC;CF59;110F 1169 11AC; # (ì½™; ì½™; á„ᅩᆬ; ì½™; á„ᅩᆬ; ) HANGUL SYLLABLE KONJ +CF5A;CF5A;110F 1169 11AD;CF5A;110F 1169 11AD; # (콚; 콚; á„ᅩᆭ; 콚; á„ᅩᆭ; ) HANGUL SYLLABLE KONH +CF5B;CF5B;110F 1169 11AE;CF5B;110F 1169 11AE; # (ì½›; ì½›; á„ᅩᆮ; ì½›; á„ᅩᆮ; ) HANGUL SYLLABLE KOD +CF5C;CF5C;110F 1169 11AF;CF5C;110F 1169 11AF; # (콜; 콜; á„ᅩᆯ; 콜; á„ᅩᆯ; ) HANGUL SYLLABLE KOL +CF5D;CF5D;110F 1169 11B0;CF5D;110F 1169 11B0; # (ì½; ì½; á„ᅩᆰ; ì½; á„ᅩᆰ; ) HANGUL SYLLABLE KOLG +CF5E;CF5E;110F 1169 11B1;CF5E;110F 1169 11B1; # (콞; 콞; á„ᅩᆱ; 콞; á„ᅩᆱ; ) HANGUL SYLLABLE KOLM +CF5F;CF5F;110F 1169 11B2;CF5F;110F 1169 11B2; # (콟; 콟; á„ᅩᆲ; 콟; á„ᅩᆲ; ) HANGUL SYLLABLE KOLB +CF60;CF60;110F 1169 11B3;CF60;110F 1169 11B3; # (ì½ ; ì½ ; á„ᅩᆳ; ì½ ; á„ᅩᆳ; ) HANGUL SYLLABLE KOLS +CF61;CF61;110F 1169 11B4;CF61;110F 1169 11B4; # (콡; 콡; á„ᅩᆴ; 콡; á„ᅩᆴ; ) HANGUL SYLLABLE KOLT +CF62;CF62;110F 1169 11B5;CF62;110F 1169 11B5; # (ì½¢; ì½¢; á„ᅩᆵ; ì½¢; á„ᅩᆵ; ) HANGUL SYLLABLE KOLP +CF63;CF63;110F 1169 11B6;CF63;110F 1169 11B6; # (ì½£; ì½£; á„ᅩᆶ; ì½£; á„ᅩᆶ; ) HANGUL SYLLABLE KOLH +CF64;CF64;110F 1169 11B7;CF64;110F 1169 11B7; # (콤; 콤; á„ᅩᆷ; 콤; á„ᅩᆷ; ) HANGUL SYLLABLE KOM +CF65;CF65;110F 1169 11B8;CF65;110F 1169 11B8; # (ì½¥; ì½¥; á„ᅩᆸ; ì½¥; á„ᅩᆸ; ) HANGUL SYLLABLE KOB +CF66;CF66;110F 1169 11B9;CF66;110F 1169 11B9; # (콦; 콦; á„ᅩᆹ; 콦; á„ᅩᆹ; ) HANGUL SYLLABLE KOBS +CF67;CF67;110F 1169 11BA;CF67;110F 1169 11BA; # (콧; 콧; á„ᅩᆺ; 콧; á„ᅩᆺ; ) HANGUL SYLLABLE KOS +CF68;CF68;110F 1169 11BB;CF68;110F 1169 11BB; # (콨; 콨; á„ᅩᆻ; 콨; á„ᅩᆻ; ) HANGUL SYLLABLE KOSS +CF69;CF69;110F 1169 11BC;CF69;110F 1169 11BC; # (콩; 콩; á„ᅩᆼ; 콩; á„ᅩᆼ; ) HANGUL SYLLABLE KONG +CF6A;CF6A;110F 1169 11BD;CF6A;110F 1169 11BD; # (콪; 콪; á„ᅩᆽ; 콪; á„ᅩᆽ; ) HANGUL SYLLABLE KOJ +CF6B;CF6B;110F 1169 11BE;CF6B;110F 1169 11BE; # (콫; 콫; á„ᅩᆾ; 콫; á„ᅩᆾ; ) HANGUL SYLLABLE KOC +CF6C;CF6C;110F 1169 11BF;CF6C;110F 1169 11BF; # (콬; 콬; á„ᅩᆿ; 콬; á„ᅩᆿ; ) HANGUL SYLLABLE KOK +CF6D;CF6D;110F 1169 11C0;CF6D;110F 1169 11C0; # (ì½­; ì½­; á„ᅩᇀ; ì½­; á„ᅩᇀ; ) HANGUL SYLLABLE KOT +CF6E;CF6E;110F 1169 11C1;CF6E;110F 1169 11C1; # (ì½®; ì½®; á„á…©á‡; ì½®; á„á…©á‡; ) HANGUL SYLLABLE KOP +CF6F;CF6F;110F 1169 11C2;CF6F;110F 1169 11C2; # (콯; 콯; á„ᅩᇂ; 콯; á„ᅩᇂ; ) HANGUL SYLLABLE KOH +CF70;CF70;110F 116A;CF70;110F 116A; # (ì½°; ì½°; á„á…ª; ì½°; á„á…ª; ) HANGUL SYLLABLE KWA +CF71;CF71;110F 116A 11A8;CF71;110F 116A 11A8; # (ì½±; ì½±; á„ᅪᆨ; ì½±; á„ᅪᆨ; ) HANGUL SYLLABLE KWAG +CF72;CF72;110F 116A 11A9;CF72;110F 116A 11A9; # (ì½²; ì½²; á„ᅪᆩ; ì½²; á„ᅪᆩ; ) HANGUL SYLLABLE KWAGG +CF73;CF73;110F 116A 11AA;CF73;110F 116A 11AA; # (ì½³; ì½³; á„ᅪᆪ; ì½³; á„ᅪᆪ; ) HANGUL SYLLABLE KWAGS +CF74;CF74;110F 116A 11AB;CF74;110F 116A 11AB; # (ì½´; ì½´; á„ᅪᆫ; ì½´; á„ᅪᆫ; ) HANGUL SYLLABLE KWAN +CF75;CF75;110F 116A 11AC;CF75;110F 116A 11AC; # (ì½µ; ì½µ; á„ᅪᆬ; ì½µ; á„ᅪᆬ; ) HANGUL SYLLABLE KWANJ +CF76;CF76;110F 116A 11AD;CF76;110F 116A 11AD; # (콶; 콶; á„ᅪᆭ; 콶; á„ᅪᆭ; ) HANGUL SYLLABLE KWANH +CF77;CF77;110F 116A 11AE;CF77;110F 116A 11AE; # (ì½·; ì½·; á„ᅪᆮ; ì½·; á„ᅪᆮ; ) HANGUL SYLLABLE KWAD +CF78;CF78;110F 116A 11AF;CF78;110F 116A 11AF; # (콸; 콸; á„ᅪᆯ; 콸; á„ᅪᆯ; ) HANGUL SYLLABLE KWAL +CF79;CF79;110F 116A 11B0;CF79;110F 116A 11B0; # (ì½¹; ì½¹; á„ᅪᆰ; ì½¹; á„ᅪᆰ; ) HANGUL SYLLABLE KWALG +CF7A;CF7A;110F 116A 11B1;CF7A;110F 116A 11B1; # (콺; 콺; á„ᅪᆱ; 콺; á„ᅪᆱ; ) HANGUL SYLLABLE KWALM +CF7B;CF7B;110F 116A 11B2;CF7B;110F 116A 11B2; # (ì½»; ì½»; á„ᅪᆲ; ì½»; á„ᅪᆲ; ) HANGUL SYLLABLE KWALB +CF7C;CF7C;110F 116A 11B3;CF7C;110F 116A 11B3; # (ì½¼; ì½¼; á„ᅪᆳ; ì½¼; á„ᅪᆳ; ) HANGUL SYLLABLE KWALS +CF7D;CF7D;110F 116A 11B4;CF7D;110F 116A 11B4; # (ì½½; ì½½; á„ᅪᆴ; ì½½; á„ᅪᆴ; ) HANGUL SYLLABLE KWALT +CF7E;CF7E;110F 116A 11B5;CF7E;110F 116A 11B5; # (ì½¾; ì½¾; á„ᅪᆵ; ì½¾; á„ᅪᆵ; ) HANGUL SYLLABLE KWALP +CF7F;CF7F;110F 116A 11B6;CF7F;110F 116A 11B6; # (콿; 콿; á„ᅪᆶ; 콿; á„ᅪᆶ; ) HANGUL SYLLABLE KWALH +CF80;CF80;110F 116A 11B7;CF80;110F 116A 11B7; # (ì¾€; ì¾€; á„ᅪᆷ; ì¾€; á„ᅪᆷ; ) HANGUL SYLLABLE KWAM +CF81;CF81;110F 116A 11B8;CF81;110F 116A 11B8; # (ì¾; ì¾; á„ᅪᆸ; ì¾; á„ᅪᆸ; ) HANGUL SYLLABLE KWAB +CF82;CF82;110F 116A 11B9;CF82;110F 116A 11B9; # (쾂; 쾂; á„ᅪᆹ; 쾂; á„ᅪᆹ; ) HANGUL SYLLABLE KWABS +CF83;CF83;110F 116A 11BA;CF83;110F 116A 11BA; # (쾃; 쾃; á„ᅪᆺ; 쾃; á„ᅪᆺ; ) HANGUL SYLLABLE KWAS +CF84;CF84;110F 116A 11BB;CF84;110F 116A 11BB; # (쾄; 쾄; á„ᅪᆻ; 쾄; á„ᅪᆻ; ) HANGUL SYLLABLE KWASS +CF85;CF85;110F 116A 11BC;CF85;110F 116A 11BC; # (ì¾…; ì¾…; á„ᅪᆼ; ì¾…; á„ᅪᆼ; ) HANGUL SYLLABLE KWANG +CF86;CF86;110F 116A 11BD;CF86;110F 116A 11BD; # (쾆; 쾆; á„ᅪᆽ; 쾆; á„ᅪᆽ; ) HANGUL SYLLABLE KWAJ +CF87;CF87;110F 116A 11BE;CF87;110F 116A 11BE; # (쾇; 쾇; á„ᅪᆾ; 쾇; á„ᅪᆾ; ) HANGUL SYLLABLE KWAC +CF88;CF88;110F 116A 11BF;CF88;110F 116A 11BF; # (쾈; 쾈; á„ᅪᆿ; 쾈; á„ᅪᆿ; ) HANGUL SYLLABLE KWAK +CF89;CF89;110F 116A 11C0;CF89;110F 116A 11C0; # (쾉; 쾉; á„ᅪᇀ; 쾉; á„ᅪᇀ; ) HANGUL SYLLABLE KWAT +CF8A;CF8A;110F 116A 11C1;CF8A;110F 116A 11C1; # (쾊; 쾊; á„á…ªá‡; 쾊; á„á…ªá‡; ) HANGUL SYLLABLE KWAP +CF8B;CF8B;110F 116A 11C2;CF8B;110F 116A 11C2; # (쾋; 쾋; á„ᅪᇂ; 쾋; á„ᅪᇂ; ) HANGUL SYLLABLE KWAH +CF8C;CF8C;110F 116B;CF8C;110F 116B; # (쾌; 쾌; á„á…«; 쾌; á„á…«; ) HANGUL SYLLABLE KWAE +CF8D;CF8D;110F 116B 11A8;CF8D;110F 116B 11A8; # (ì¾; ì¾; á„ᅫᆨ; ì¾; á„ᅫᆨ; ) HANGUL SYLLABLE KWAEG +CF8E;CF8E;110F 116B 11A9;CF8E;110F 116B 11A9; # (쾎; 쾎; á„ᅫᆩ; 쾎; á„ᅫᆩ; ) HANGUL SYLLABLE KWAEGG +CF8F;CF8F;110F 116B 11AA;CF8F;110F 116B 11AA; # (ì¾; ì¾; á„ᅫᆪ; ì¾; á„ᅫᆪ; ) HANGUL SYLLABLE KWAEGS +CF90;CF90;110F 116B 11AB;CF90;110F 116B 11AB; # (ì¾; ì¾; á„ᅫᆫ; ì¾; á„ᅫᆫ; ) HANGUL SYLLABLE KWAEN +CF91;CF91;110F 116B 11AC;CF91;110F 116B 11AC; # (쾑; 쾑; á„ᅫᆬ; 쾑; á„ᅫᆬ; ) HANGUL SYLLABLE KWAENJ +CF92;CF92;110F 116B 11AD;CF92;110F 116B 11AD; # (ì¾’; ì¾’; á„ᅫᆭ; ì¾’; á„ᅫᆭ; ) HANGUL SYLLABLE KWAENH +CF93;CF93;110F 116B 11AE;CF93;110F 116B 11AE; # (쾓; 쾓; á„ᅫᆮ; 쾓; á„ᅫᆮ; ) HANGUL SYLLABLE KWAED +CF94;CF94;110F 116B 11AF;CF94;110F 116B 11AF; # (ì¾”; ì¾”; á„ᅫᆯ; ì¾”; á„ᅫᆯ; ) HANGUL SYLLABLE KWAEL +CF95;CF95;110F 116B 11B0;CF95;110F 116B 11B0; # (쾕; 쾕; á„ᅫᆰ; 쾕; á„ᅫᆰ; ) HANGUL SYLLABLE KWAELG +CF96;CF96;110F 116B 11B1;CF96;110F 116B 11B1; # (ì¾–; ì¾–; á„ᅫᆱ; ì¾–; á„ᅫᆱ; ) HANGUL SYLLABLE KWAELM +CF97;CF97;110F 116B 11B2;CF97;110F 116B 11B2; # (ì¾—; ì¾—; á„ᅫᆲ; ì¾—; á„ᅫᆲ; ) HANGUL SYLLABLE KWAELB +CF98;CF98;110F 116B 11B3;CF98;110F 116B 11B3; # (쾘; 쾘; á„ᅫᆳ; 쾘; á„ᅫᆳ; ) HANGUL SYLLABLE KWAELS +CF99;CF99;110F 116B 11B4;CF99;110F 116B 11B4; # (ì¾™; ì¾™; á„ᅫᆴ; ì¾™; á„ᅫᆴ; ) HANGUL SYLLABLE KWAELT +CF9A;CF9A;110F 116B 11B5;CF9A;110F 116B 11B5; # (쾚; 쾚; á„ᅫᆵ; 쾚; á„ᅫᆵ; ) HANGUL SYLLABLE KWAELP +CF9B;CF9B;110F 116B 11B6;CF9B;110F 116B 11B6; # (ì¾›; ì¾›; á„ᅫᆶ; ì¾›; á„ᅫᆶ; ) HANGUL SYLLABLE KWAELH +CF9C;CF9C;110F 116B 11B7;CF9C;110F 116B 11B7; # (쾜; 쾜; á„ᅫᆷ; 쾜; á„ᅫᆷ; ) HANGUL SYLLABLE KWAEM +CF9D;CF9D;110F 116B 11B8;CF9D;110F 116B 11B8; # (ì¾; ì¾; á„ᅫᆸ; ì¾; á„ᅫᆸ; ) HANGUL SYLLABLE KWAEB +CF9E;CF9E;110F 116B 11B9;CF9E;110F 116B 11B9; # (쾞; 쾞; á„ᅫᆹ; 쾞; á„ᅫᆹ; ) HANGUL SYLLABLE KWAEBS +CF9F;CF9F;110F 116B 11BA;CF9F;110F 116B 11BA; # (쾟; 쾟; á„ᅫᆺ; 쾟; á„ᅫᆺ; ) HANGUL SYLLABLE KWAES +CFA0;CFA0;110F 116B 11BB;CFA0;110F 116B 11BB; # (ì¾ ; ì¾ ; á„ᅫᆻ; ì¾ ; á„ᅫᆻ; ) HANGUL SYLLABLE KWAESS +CFA1;CFA1;110F 116B 11BC;CFA1;110F 116B 11BC; # (쾡; 쾡; á„ᅫᆼ; 쾡; á„ᅫᆼ; ) HANGUL SYLLABLE KWAENG +CFA2;CFA2;110F 116B 11BD;CFA2;110F 116B 11BD; # (ì¾¢; ì¾¢; á„ᅫᆽ; ì¾¢; á„ᅫᆽ; ) HANGUL SYLLABLE KWAEJ +CFA3;CFA3;110F 116B 11BE;CFA3;110F 116B 11BE; # (ì¾£; ì¾£; á„ᅫᆾ; ì¾£; á„ᅫᆾ; ) HANGUL SYLLABLE KWAEC +CFA4;CFA4;110F 116B 11BF;CFA4;110F 116B 11BF; # (쾤; 쾤; á„ᅫᆿ; 쾤; á„ᅫᆿ; ) HANGUL SYLLABLE KWAEK +CFA5;CFA5;110F 116B 11C0;CFA5;110F 116B 11C0; # (ì¾¥; ì¾¥; á„ᅫᇀ; ì¾¥; á„ᅫᇀ; ) HANGUL SYLLABLE KWAET +CFA6;CFA6;110F 116B 11C1;CFA6;110F 116B 11C1; # (쾦; 쾦; á„á…«á‡; 쾦; á„á…«á‡; ) HANGUL SYLLABLE KWAEP +CFA7;CFA7;110F 116B 11C2;CFA7;110F 116B 11C2; # (쾧; 쾧; á„ᅫᇂ; 쾧; á„ᅫᇂ; ) HANGUL SYLLABLE KWAEH +CFA8;CFA8;110F 116C;CFA8;110F 116C; # (쾨; 쾨; á„á…¬; 쾨; á„á…¬; ) HANGUL SYLLABLE KOE +CFA9;CFA9;110F 116C 11A8;CFA9;110F 116C 11A8; # (쾩; 쾩; á„ᅬᆨ; 쾩; á„ᅬᆨ; ) HANGUL SYLLABLE KOEG +CFAA;CFAA;110F 116C 11A9;CFAA;110F 116C 11A9; # (쾪; 쾪; á„ᅬᆩ; 쾪; á„ᅬᆩ; ) HANGUL SYLLABLE KOEGG +CFAB;CFAB;110F 116C 11AA;CFAB;110F 116C 11AA; # (쾫; 쾫; á„ᅬᆪ; 쾫; á„ᅬᆪ; ) HANGUL SYLLABLE KOEGS +CFAC;CFAC;110F 116C 11AB;CFAC;110F 116C 11AB; # (쾬; 쾬; á„ᅬᆫ; 쾬; á„ᅬᆫ; ) HANGUL SYLLABLE KOEN +CFAD;CFAD;110F 116C 11AC;CFAD;110F 116C 11AC; # (ì¾­; ì¾­; á„ᅬᆬ; ì¾­; á„ᅬᆬ; ) HANGUL SYLLABLE KOENJ +CFAE;CFAE;110F 116C 11AD;CFAE;110F 116C 11AD; # (ì¾®; ì¾®; á„ᅬᆭ; ì¾®; á„ᅬᆭ; ) HANGUL SYLLABLE KOENH +CFAF;CFAF;110F 116C 11AE;CFAF;110F 116C 11AE; # (쾯; 쾯; á„ᅬᆮ; 쾯; á„ᅬᆮ; ) HANGUL SYLLABLE KOED +CFB0;CFB0;110F 116C 11AF;CFB0;110F 116C 11AF; # (ì¾°; ì¾°; á„ᅬᆯ; ì¾°; á„ᅬᆯ; ) HANGUL SYLLABLE KOEL +CFB1;CFB1;110F 116C 11B0;CFB1;110F 116C 11B0; # (ì¾±; ì¾±; á„ᅬᆰ; ì¾±; á„ᅬᆰ; ) HANGUL SYLLABLE KOELG +CFB2;CFB2;110F 116C 11B1;CFB2;110F 116C 11B1; # (ì¾²; ì¾²; á„ᅬᆱ; ì¾²; á„ᅬᆱ; ) HANGUL SYLLABLE KOELM +CFB3;CFB3;110F 116C 11B2;CFB3;110F 116C 11B2; # (ì¾³; ì¾³; á„ᅬᆲ; ì¾³; á„ᅬᆲ; ) HANGUL SYLLABLE KOELB +CFB4;CFB4;110F 116C 11B3;CFB4;110F 116C 11B3; # (ì¾´; ì¾´; á„ᅬᆳ; ì¾´; á„ᅬᆳ; ) HANGUL SYLLABLE KOELS +CFB5;CFB5;110F 116C 11B4;CFB5;110F 116C 11B4; # (ì¾µ; ì¾µ; á„ᅬᆴ; ì¾µ; á„ᅬᆴ; ) HANGUL SYLLABLE KOELT +CFB6;CFB6;110F 116C 11B5;CFB6;110F 116C 11B5; # (쾶; 쾶; á„ᅬᆵ; 쾶; á„ᅬᆵ; ) HANGUL SYLLABLE KOELP +CFB7;CFB7;110F 116C 11B6;CFB7;110F 116C 11B6; # (ì¾·; ì¾·; á„ᅬᆶ; ì¾·; á„ᅬᆶ; ) HANGUL SYLLABLE KOELH +CFB8;CFB8;110F 116C 11B7;CFB8;110F 116C 11B7; # (쾸; 쾸; á„ᅬᆷ; 쾸; á„ᅬᆷ; ) HANGUL SYLLABLE KOEM +CFB9;CFB9;110F 116C 11B8;CFB9;110F 116C 11B8; # (ì¾¹; ì¾¹; á„ᅬᆸ; ì¾¹; á„ᅬᆸ; ) HANGUL SYLLABLE KOEB +CFBA;CFBA;110F 116C 11B9;CFBA;110F 116C 11B9; # (쾺; 쾺; á„ᅬᆹ; 쾺; á„ᅬᆹ; ) HANGUL SYLLABLE KOEBS +CFBB;CFBB;110F 116C 11BA;CFBB;110F 116C 11BA; # (ì¾»; ì¾»; á„ᅬᆺ; ì¾»; á„ᅬᆺ; ) HANGUL SYLLABLE KOES +CFBC;CFBC;110F 116C 11BB;CFBC;110F 116C 11BB; # (ì¾¼; ì¾¼; á„ᅬᆻ; ì¾¼; á„ᅬᆻ; ) HANGUL SYLLABLE KOESS +CFBD;CFBD;110F 116C 11BC;CFBD;110F 116C 11BC; # (ì¾½; ì¾½; á„ᅬᆼ; ì¾½; á„ᅬᆼ; ) HANGUL SYLLABLE KOENG +CFBE;CFBE;110F 116C 11BD;CFBE;110F 116C 11BD; # (ì¾¾; ì¾¾; á„ᅬᆽ; ì¾¾; á„ᅬᆽ; ) HANGUL SYLLABLE KOEJ +CFBF;CFBF;110F 116C 11BE;CFBF;110F 116C 11BE; # (쾿; 쾿; á„ᅬᆾ; 쾿; á„ᅬᆾ; ) HANGUL SYLLABLE KOEC +CFC0;CFC0;110F 116C 11BF;CFC0;110F 116C 11BF; # (ì¿€; ì¿€; á„ᅬᆿ; ì¿€; á„ᅬᆿ; ) HANGUL SYLLABLE KOEK +CFC1;CFC1;110F 116C 11C0;CFC1;110F 116C 11C0; # (ì¿; ì¿; á„ᅬᇀ; ì¿; á„ᅬᇀ; ) HANGUL SYLLABLE KOET +CFC2;CFC2;110F 116C 11C1;CFC2;110F 116C 11C1; # (ì¿‚; ì¿‚; á„á…¬á‡; ì¿‚; á„á…¬á‡; ) HANGUL SYLLABLE KOEP +CFC3;CFC3;110F 116C 11C2;CFC3;110F 116C 11C2; # (쿃; 쿃; á„ᅬᇂ; 쿃; á„ᅬᇂ; ) HANGUL SYLLABLE KOEH +CFC4;CFC4;110F 116D;CFC4;110F 116D; # (ì¿„; ì¿„; á„á…­; ì¿„; á„á…­; ) HANGUL SYLLABLE KYO +CFC5;CFC5;110F 116D 11A8;CFC5;110F 116D 11A8; # (ì¿…; ì¿…; á„ᅭᆨ; ì¿…; á„ᅭᆨ; ) HANGUL SYLLABLE KYOG +CFC6;CFC6;110F 116D 11A9;CFC6;110F 116D 11A9; # (쿆; 쿆; á„ᅭᆩ; 쿆; á„ᅭᆩ; ) HANGUL SYLLABLE KYOGG +CFC7;CFC7;110F 116D 11AA;CFC7;110F 116D 11AA; # (쿇; 쿇; á„ᅭᆪ; 쿇; á„ᅭᆪ; ) HANGUL SYLLABLE KYOGS +CFC8;CFC8;110F 116D 11AB;CFC8;110F 116D 11AB; # (쿈; 쿈; á„ᅭᆫ; 쿈; á„ᅭᆫ; ) HANGUL SYLLABLE KYON +CFC9;CFC9;110F 116D 11AC;CFC9;110F 116D 11AC; # (쿉; 쿉; á„ᅭᆬ; 쿉; á„ᅭᆬ; ) HANGUL SYLLABLE KYONJ +CFCA;CFCA;110F 116D 11AD;CFCA;110F 116D 11AD; # (ì¿Š; ì¿Š; á„ᅭᆭ; ì¿Š; á„ᅭᆭ; ) HANGUL SYLLABLE KYONH +CFCB;CFCB;110F 116D 11AE;CFCB;110F 116D 11AE; # (ì¿‹; ì¿‹; á„ᅭᆮ; ì¿‹; á„ᅭᆮ; ) HANGUL SYLLABLE KYOD +CFCC;CFCC;110F 116D 11AF;CFCC;110F 116D 11AF; # (ì¿Œ; ì¿Œ; á„ᅭᆯ; ì¿Œ; á„ᅭᆯ; ) HANGUL SYLLABLE KYOL +CFCD;CFCD;110F 116D 11B0;CFCD;110F 116D 11B0; # (ì¿; ì¿; á„ᅭᆰ; ì¿; á„ᅭᆰ; ) HANGUL SYLLABLE KYOLG +CFCE;CFCE;110F 116D 11B1;CFCE;110F 116D 11B1; # (ì¿Ž; ì¿Ž; á„ᅭᆱ; ì¿Ž; á„ᅭᆱ; ) HANGUL SYLLABLE KYOLM +CFCF;CFCF;110F 116D 11B2;CFCF;110F 116D 11B2; # (ì¿; ì¿; á„ᅭᆲ; ì¿; á„ᅭᆲ; ) HANGUL SYLLABLE KYOLB +CFD0;CFD0;110F 116D 11B3;CFD0;110F 116D 11B3; # (ì¿; ì¿; á„ᅭᆳ; ì¿; á„ᅭᆳ; ) HANGUL SYLLABLE KYOLS +CFD1;CFD1;110F 116D 11B4;CFD1;110F 116D 11B4; # (ì¿‘; ì¿‘; á„ᅭᆴ; ì¿‘; á„ᅭᆴ; ) HANGUL SYLLABLE KYOLT +CFD2;CFD2;110F 116D 11B5;CFD2;110F 116D 11B5; # (ì¿’; ì¿’; á„ᅭᆵ; ì¿’; á„ᅭᆵ; ) HANGUL SYLLABLE KYOLP +CFD3;CFD3;110F 116D 11B6;CFD3;110F 116D 11B6; # (ì¿“; ì¿“; á„ᅭᆶ; ì¿“; á„ᅭᆶ; ) HANGUL SYLLABLE KYOLH +CFD4;CFD4;110F 116D 11B7;CFD4;110F 116D 11B7; # (ì¿”; ì¿”; á„ᅭᆷ; ì¿”; á„ᅭᆷ; ) HANGUL SYLLABLE KYOM +CFD5;CFD5;110F 116D 11B8;CFD5;110F 116D 11B8; # (ì¿•; ì¿•; á„ᅭᆸ; ì¿•; á„ᅭᆸ; ) HANGUL SYLLABLE KYOB +CFD6;CFD6;110F 116D 11B9;CFD6;110F 116D 11B9; # (ì¿–; ì¿–; á„ᅭᆹ; ì¿–; á„ᅭᆹ; ) HANGUL SYLLABLE KYOBS +CFD7;CFD7;110F 116D 11BA;CFD7;110F 116D 11BA; # (ì¿—; ì¿—; á„ᅭᆺ; ì¿—; á„ᅭᆺ; ) HANGUL SYLLABLE KYOS +CFD8;CFD8;110F 116D 11BB;CFD8;110F 116D 11BB; # (쿘; 쿘; á„ᅭᆻ; 쿘; á„ᅭᆻ; ) HANGUL SYLLABLE KYOSS +CFD9;CFD9;110F 116D 11BC;CFD9;110F 116D 11BC; # (ì¿™; ì¿™; á„ᅭᆼ; ì¿™; á„ᅭᆼ; ) HANGUL SYLLABLE KYONG +CFDA;CFDA;110F 116D 11BD;CFDA;110F 116D 11BD; # (ì¿š; ì¿š; á„ᅭᆽ; ì¿š; á„ᅭᆽ; ) HANGUL SYLLABLE KYOJ +CFDB;CFDB;110F 116D 11BE;CFDB;110F 116D 11BE; # (ì¿›; ì¿›; á„ᅭᆾ; ì¿›; á„ᅭᆾ; ) HANGUL SYLLABLE KYOC +CFDC;CFDC;110F 116D 11BF;CFDC;110F 116D 11BF; # (ì¿œ; ì¿œ; á„ᅭᆿ; ì¿œ; á„ᅭᆿ; ) HANGUL SYLLABLE KYOK +CFDD;CFDD;110F 116D 11C0;CFDD;110F 116D 11C0; # (ì¿; ì¿; á„ᅭᇀ; ì¿; á„ᅭᇀ; ) HANGUL SYLLABLE KYOT +CFDE;CFDE;110F 116D 11C1;CFDE;110F 116D 11C1; # (ì¿ž; ì¿ž; á„á…­á‡; ì¿ž; á„á…­á‡; ) HANGUL SYLLABLE KYOP +CFDF;CFDF;110F 116D 11C2;CFDF;110F 116D 11C2; # (ì¿Ÿ; ì¿Ÿ; á„ᅭᇂ; ì¿Ÿ; á„ᅭᇂ; ) HANGUL SYLLABLE KYOH +CFE0;CFE0;110F 116E;CFE0;110F 116E; # (ì¿ ; ì¿ ; á„á…®; ì¿ ; á„á…®; ) HANGUL SYLLABLE KU +CFE1;CFE1;110F 116E 11A8;CFE1;110F 116E 11A8; # (ì¿¡; ì¿¡; á„ᅮᆨ; ì¿¡; á„ᅮᆨ; ) HANGUL SYLLABLE KUG +CFE2;CFE2;110F 116E 11A9;CFE2;110F 116E 11A9; # (ì¿¢; ì¿¢; á„ᅮᆩ; ì¿¢; á„ᅮᆩ; ) HANGUL SYLLABLE KUGG +CFE3;CFE3;110F 116E 11AA;CFE3;110F 116E 11AA; # (ì¿£; ì¿£; á„ᅮᆪ; ì¿£; á„ᅮᆪ; ) HANGUL SYLLABLE KUGS +CFE4;CFE4;110F 116E 11AB;CFE4;110F 116E 11AB; # (쿤; 쿤; á„ᅮᆫ; 쿤; á„ᅮᆫ; ) HANGUL SYLLABLE KUN +CFE5;CFE5;110F 116E 11AC;CFE5;110F 116E 11AC; # (ì¿¥; ì¿¥; á„ᅮᆬ; ì¿¥; á„ᅮᆬ; ) HANGUL SYLLABLE KUNJ +CFE6;CFE6;110F 116E 11AD;CFE6;110F 116E 11AD; # (쿦; 쿦; á„ᅮᆭ; 쿦; á„ᅮᆭ; ) HANGUL SYLLABLE KUNH +CFE7;CFE7;110F 116E 11AE;CFE7;110F 116E 11AE; # (쿧; 쿧; á„ᅮᆮ; 쿧; á„ᅮᆮ; ) HANGUL SYLLABLE KUD +CFE8;CFE8;110F 116E 11AF;CFE8;110F 116E 11AF; # (쿨; 쿨; á„ᅮᆯ; 쿨; á„ᅮᆯ; ) HANGUL SYLLABLE KUL +CFE9;CFE9;110F 116E 11B0;CFE9;110F 116E 11B0; # (ì¿©; ì¿©; á„ᅮᆰ; ì¿©; á„ᅮᆰ; ) HANGUL SYLLABLE KULG +CFEA;CFEA;110F 116E 11B1;CFEA;110F 116E 11B1; # (쿪; 쿪; á„ᅮᆱ; 쿪; á„ᅮᆱ; ) HANGUL SYLLABLE KULM +CFEB;CFEB;110F 116E 11B2;CFEB;110F 116E 11B2; # (ì¿«; ì¿«; á„ᅮᆲ; ì¿«; á„ᅮᆲ; ) HANGUL SYLLABLE KULB +CFEC;CFEC;110F 116E 11B3;CFEC;110F 116E 11B3; # (쿬; 쿬; á„ᅮᆳ; 쿬; á„ᅮᆳ; ) HANGUL SYLLABLE KULS +CFED;CFED;110F 116E 11B4;CFED;110F 116E 11B4; # (ì¿­; ì¿­; á„ᅮᆴ; ì¿­; á„ᅮᆴ; ) HANGUL SYLLABLE KULT +CFEE;CFEE;110F 116E 11B5;CFEE;110F 116E 11B5; # (ì¿®; ì¿®; á„ᅮᆵ; ì¿®; á„ᅮᆵ; ) HANGUL SYLLABLE KULP +CFEF;CFEF;110F 116E 11B6;CFEF;110F 116E 11B6; # (쿯; 쿯; á„ᅮᆶ; 쿯; á„ᅮᆶ; ) HANGUL SYLLABLE KULH +CFF0;CFF0;110F 116E 11B7;CFF0;110F 116E 11B7; # (ì¿°; ì¿°; á„ᅮᆷ; ì¿°; á„ᅮᆷ; ) HANGUL SYLLABLE KUM +CFF1;CFF1;110F 116E 11B8;CFF1;110F 116E 11B8; # (쿱; 쿱; á„ᅮᆸ; 쿱; á„ᅮᆸ; ) HANGUL SYLLABLE KUB +CFF2;CFF2;110F 116E 11B9;CFF2;110F 116E 11B9; # (쿲; 쿲; á„ᅮᆹ; 쿲; á„ᅮᆹ; ) HANGUL SYLLABLE KUBS +CFF3;CFF3;110F 116E 11BA;CFF3;110F 116E 11BA; # (쿳; 쿳; á„ᅮᆺ; 쿳; á„ᅮᆺ; ) HANGUL SYLLABLE KUS +CFF4;CFF4;110F 116E 11BB;CFF4;110F 116E 11BB; # (ì¿´; ì¿´; á„ᅮᆻ; ì¿´; á„ᅮᆻ; ) HANGUL SYLLABLE KUSS +CFF5;CFF5;110F 116E 11BC;CFF5;110F 116E 11BC; # (쿵; 쿵; á„ᅮᆼ; 쿵; á„ᅮᆼ; ) HANGUL SYLLABLE KUNG +CFF6;CFF6;110F 116E 11BD;CFF6;110F 116E 11BD; # (쿶; 쿶; á„ᅮᆽ; 쿶; á„ᅮᆽ; ) HANGUL SYLLABLE KUJ +CFF7;CFF7;110F 116E 11BE;CFF7;110F 116E 11BE; # (ì¿·; ì¿·; á„ᅮᆾ; ì¿·; á„ᅮᆾ; ) HANGUL SYLLABLE KUC +CFF8;CFF8;110F 116E 11BF;CFF8;110F 116E 11BF; # (쿸; 쿸; á„ᅮᆿ; 쿸; á„ᅮᆿ; ) HANGUL SYLLABLE KUK +CFF9;CFF9;110F 116E 11C0;CFF9;110F 116E 11C0; # (쿹; 쿹; á„ᅮᇀ; 쿹; á„ᅮᇀ; ) HANGUL SYLLABLE KUT +CFFA;CFFA;110F 116E 11C1;CFFA;110F 116E 11C1; # (쿺; 쿺; á„á…®á‡; 쿺; á„á…®á‡; ) HANGUL SYLLABLE KUP +CFFB;CFFB;110F 116E 11C2;CFFB;110F 116E 11C2; # (ì¿»; ì¿»; á„ᅮᇂ; ì¿»; á„ᅮᇂ; ) HANGUL SYLLABLE KUH +CFFC;CFFC;110F 116F;CFFC;110F 116F; # (쿼; 쿼; á„á…¯; 쿼; á„á…¯; ) HANGUL SYLLABLE KWEO +CFFD;CFFD;110F 116F 11A8;CFFD;110F 116F 11A8; # (쿽; 쿽; á„ᅯᆨ; 쿽; á„ᅯᆨ; ) HANGUL SYLLABLE KWEOG +CFFE;CFFE;110F 116F 11A9;CFFE;110F 116F 11A9; # (쿾; 쿾; á„ᅯᆩ; 쿾; á„ᅯᆩ; ) HANGUL SYLLABLE KWEOGG +CFFF;CFFF;110F 116F 11AA;CFFF;110F 116F 11AA; # (ì¿¿; ì¿¿; á„ᅯᆪ; ì¿¿; á„ᅯᆪ; ) HANGUL SYLLABLE KWEOGS +D000;D000;110F 116F 11AB;D000;110F 116F 11AB; # (퀀; 퀀; á„ᅯᆫ; 퀀; á„ᅯᆫ; ) HANGUL SYLLABLE KWEON +D001;D001;110F 116F 11AC;D001;110F 116F 11AC; # (í€; í€; á„ᅯᆬ; í€; á„ᅯᆬ; ) HANGUL SYLLABLE KWEONJ +D002;D002;110F 116F 11AD;D002;110F 116F 11AD; # (퀂; 퀂; á„ᅯᆭ; 퀂; á„ᅯᆭ; ) HANGUL SYLLABLE KWEONH +D003;D003;110F 116F 11AE;D003;110F 116F 11AE; # (퀃; 퀃; á„ᅯᆮ; 퀃; á„ᅯᆮ; ) HANGUL SYLLABLE KWEOD +D004;D004;110F 116F 11AF;D004;110F 116F 11AF; # (퀄; 퀄; á„ᅯᆯ; 퀄; á„ᅯᆯ; ) HANGUL SYLLABLE KWEOL +D005;D005;110F 116F 11B0;D005;110F 116F 11B0; # (퀅; 퀅; á„ᅯᆰ; 퀅; á„ᅯᆰ; ) HANGUL SYLLABLE KWEOLG +D006;D006;110F 116F 11B1;D006;110F 116F 11B1; # (퀆; 퀆; á„ᅯᆱ; 퀆; á„ᅯᆱ; ) HANGUL SYLLABLE KWEOLM +D007;D007;110F 116F 11B2;D007;110F 116F 11B2; # (퀇; 퀇; á„ᅯᆲ; 퀇; á„ᅯᆲ; ) HANGUL SYLLABLE KWEOLB +D008;D008;110F 116F 11B3;D008;110F 116F 11B3; # (퀈; 퀈; á„ᅯᆳ; 퀈; á„ᅯᆳ; ) HANGUL SYLLABLE KWEOLS +D009;D009;110F 116F 11B4;D009;110F 116F 11B4; # (퀉; 퀉; á„ᅯᆴ; 퀉; á„ᅯᆴ; ) HANGUL SYLLABLE KWEOLT +D00A;D00A;110F 116F 11B5;D00A;110F 116F 11B5; # (퀊; 퀊; á„ᅯᆵ; 퀊; á„ᅯᆵ; ) HANGUL SYLLABLE KWEOLP +D00B;D00B;110F 116F 11B6;D00B;110F 116F 11B6; # (퀋; 퀋; á„ᅯᆶ; 퀋; á„ᅯᆶ; ) HANGUL SYLLABLE KWEOLH +D00C;D00C;110F 116F 11B7;D00C;110F 116F 11B7; # (퀌; 퀌; á„ᅯᆷ; 퀌; á„ᅯᆷ; ) HANGUL SYLLABLE KWEOM +D00D;D00D;110F 116F 11B8;D00D;110F 116F 11B8; # (í€; í€; á„ᅯᆸ; í€; á„ᅯᆸ; ) HANGUL SYLLABLE KWEOB +D00E;D00E;110F 116F 11B9;D00E;110F 116F 11B9; # (퀎; 퀎; á„ᅯᆹ; 퀎; á„ᅯᆹ; ) HANGUL SYLLABLE KWEOBS +D00F;D00F;110F 116F 11BA;D00F;110F 116F 11BA; # (í€; í€; á„ᅯᆺ; í€; á„ᅯᆺ; ) HANGUL SYLLABLE KWEOS +D010;D010;110F 116F 11BB;D010;110F 116F 11BB; # (í€; í€; á„ᅯᆻ; í€; á„ᅯᆻ; ) HANGUL SYLLABLE KWEOSS +D011;D011;110F 116F 11BC;D011;110F 116F 11BC; # (퀑; 퀑; á„ᅯᆼ; 퀑; á„ᅯᆼ; ) HANGUL SYLLABLE KWEONG +D012;D012;110F 116F 11BD;D012;110F 116F 11BD; # (퀒; 퀒; á„ᅯᆽ; 퀒; á„ᅯᆽ; ) HANGUL SYLLABLE KWEOJ +D013;D013;110F 116F 11BE;D013;110F 116F 11BE; # (퀓; 퀓; á„ᅯᆾ; 퀓; á„ᅯᆾ; ) HANGUL SYLLABLE KWEOC +D014;D014;110F 116F 11BF;D014;110F 116F 11BF; # (퀔; 퀔; á„ᅯᆿ; 퀔; á„ᅯᆿ; ) HANGUL SYLLABLE KWEOK +D015;D015;110F 116F 11C0;D015;110F 116F 11C0; # (퀕; 퀕; á„ᅯᇀ; 퀕; á„ᅯᇀ; ) HANGUL SYLLABLE KWEOT +D016;D016;110F 116F 11C1;D016;110F 116F 11C1; # (퀖; 퀖; á„á…¯á‡; 퀖; á„á…¯á‡; ) HANGUL SYLLABLE KWEOP +D017;D017;110F 116F 11C2;D017;110F 116F 11C2; # (퀗; 퀗; á„ᅯᇂ; 퀗; á„ᅯᇂ; ) HANGUL SYLLABLE KWEOH +D018;D018;110F 1170;D018;110F 1170; # (퀘; 퀘; á„á…°; 퀘; á„á…°; ) HANGUL SYLLABLE KWE +D019;D019;110F 1170 11A8;D019;110F 1170 11A8; # (퀙; 퀙; á„ᅰᆨ; 퀙; á„ᅰᆨ; ) HANGUL SYLLABLE KWEG +D01A;D01A;110F 1170 11A9;D01A;110F 1170 11A9; # (퀚; 퀚; á„ᅰᆩ; 퀚; á„ᅰᆩ; ) HANGUL SYLLABLE KWEGG +D01B;D01B;110F 1170 11AA;D01B;110F 1170 11AA; # (퀛; 퀛; á„ᅰᆪ; 퀛; á„ᅰᆪ; ) HANGUL SYLLABLE KWEGS +D01C;D01C;110F 1170 11AB;D01C;110F 1170 11AB; # (퀜; 퀜; á„ᅰᆫ; 퀜; á„ᅰᆫ; ) HANGUL SYLLABLE KWEN +D01D;D01D;110F 1170 11AC;D01D;110F 1170 11AC; # (í€; í€; á„ᅰᆬ; í€; á„ᅰᆬ; ) HANGUL SYLLABLE KWENJ +D01E;D01E;110F 1170 11AD;D01E;110F 1170 11AD; # (퀞; 퀞; á„ᅰᆭ; 퀞; á„ᅰᆭ; ) HANGUL SYLLABLE KWENH +D01F;D01F;110F 1170 11AE;D01F;110F 1170 11AE; # (퀟; 퀟; á„ᅰᆮ; 퀟; á„ᅰᆮ; ) HANGUL SYLLABLE KWED +D020;D020;110F 1170 11AF;D020;110F 1170 11AF; # (퀠; 퀠; á„ᅰᆯ; 퀠; á„ᅰᆯ; ) HANGUL SYLLABLE KWEL +D021;D021;110F 1170 11B0;D021;110F 1170 11B0; # (퀡; 퀡; á„ᅰᆰ; 퀡; á„ᅰᆰ; ) HANGUL SYLLABLE KWELG +D022;D022;110F 1170 11B1;D022;110F 1170 11B1; # (퀢; 퀢; á„ᅰᆱ; 퀢; á„ᅰᆱ; ) HANGUL SYLLABLE KWELM +D023;D023;110F 1170 11B2;D023;110F 1170 11B2; # (퀣; 퀣; á„ᅰᆲ; 퀣; á„ᅰᆲ; ) HANGUL SYLLABLE KWELB +D024;D024;110F 1170 11B3;D024;110F 1170 11B3; # (퀤; 퀤; á„ᅰᆳ; 퀤; á„ᅰᆳ; ) HANGUL SYLLABLE KWELS +D025;D025;110F 1170 11B4;D025;110F 1170 11B4; # (퀥; 퀥; á„ᅰᆴ; 퀥; á„ᅰᆴ; ) HANGUL SYLLABLE KWELT +D026;D026;110F 1170 11B5;D026;110F 1170 11B5; # (퀦; 퀦; á„ᅰᆵ; 퀦; á„ᅰᆵ; ) HANGUL SYLLABLE KWELP +D027;D027;110F 1170 11B6;D027;110F 1170 11B6; # (퀧; 퀧; á„ᅰᆶ; 퀧; á„ᅰᆶ; ) HANGUL SYLLABLE KWELH +D028;D028;110F 1170 11B7;D028;110F 1170 11B7; # (퀨; 퀨; á„ᅰᆷ; 퀨; á„ᅰᆷ; ) HANGUL SYLLABLE KWEM +D029;D029;110F 1170 11B8;D029;110F 1170 11B8; # (퀩; 퀩; á„ᅰᆸ; 퀩; á„ᅰᆸ; ) HANGUL SYLLABLE KWEB +D02A;D02A;110F 1170 11B9;D02A;110F 1170 11B9; # (퀪; 퀪; á„ᅰᆹ; 퀪; á„ᅰᆹ; ) HANGUL SYLLABLE KWEBS +D02B;D02B;110F 1170 11BA;D02B;110F 1170 11BA; # (퀫; 퀫; á„ᅰᆺ; 퀫; á„ᅰᆺ; ) HANGUL SYLLABLE KWES +D02C;D02C;110F 1170 11BB;D02C;110F 1170 11BB; # (퀬; 퀬; á„ᅰᆻ; 퀬; á„ᅰᆻ; ) HANGUL SYLLABLE KWESS +D02D;D02D;110F 1170 11BC;D02D;110F 1170 11BC; # (퀭; 퀭; á„ᅰᆼ; 퀭; á„ᅰᆼ; ) HANGUL SYLLABLE KWENG +D02E;D02E;110F 1170 11BD;D02E;110F 1170 11BD; # (퀮; 퀮; á„ᅰᆽ; 퀮; á„ᅰᆽ; ) HANGUL SYLLABLE KWEJ +D02F;D02F;110F 1170 11BE;D02F;110F 1170 11BE; # (퀯; 퀯; á„ᅰᆾ; 퀯; á„ᅰᆾ; ) HANGUL SYLLABLE KWEC +D030;D030;110F 1170 11BF;D030;110F 1170 11BF; # (퀰; 퀰; á„ᅰᆿ; 퀰; á„ᅰᆿ; ) HANGUL SYLLABLE KWEK +D031;D031;110F 1170 11C0;D031;110F 1170 11C0; # (퀱; 퀱; á„ᅰᇀ; 퀱; á„ᅰᇀ; ) HANGUL SYLLABLE KWET +D032;D032;110F 1170 11C1;D032;110F 1170 11C1; # (퀲; 퀲; á„á…°á‡; 퀲; á„á…°á‡; ) HANGUL SYLLABLE KWEP +D033;D033;110F 1170 11C2;D033;110F 1170 11C2; # (퀳; 퀳; á„ᅰᇂ; 퀳; á„ᅰᇂ; ) HANGUL SYLLABLE KWEH +D034;D034;110F 1171;D034;110F 1171; # (퀴; 퀴; á„á…±; 퀴; á„á…±; ) HANGUL SYLLABLE KWI +D035;D035;110F 1171 11A8;D035;110F 1171 11A8; # (퀵; 퀵; á„ᅱᆨ; 퀵; á„ᅱᆨ; ) HANGUL SYLLABLE KWIG +D036;D036;110F 1171 11A9;D036;110F 1171 11A9; # (퀶; 퀶; á„ᅱᆩ; 퀶; á„ᅱᆩ; ) HANGUL SYLLABLE KWIGG +D037;D037;110F 1171 11AA;D037;110F 1171 11AA; # (퀷; 퀷; á„ᅱᆪ; 퀷; á„ᅱᆪ; ) HANGUL SYLLABLE KWIGS +D038;D038;110F 1171 11AB;D038;110F 1171 11AB; # (퀸; 퀸; á„ᅱᆫ; 퀸; á„ᅱᆫ; ) HANGUL SYLLABLE KWIN +D039;D039;110F 1171 11AC;D039;110F 1171 11AC; # (퀹; 퀹; á„ᅱᆬ; 퀹; á„ᅱᆬ; ) HANGUL SYLLABLE KWINJ +D03A;D03A;110F 1171 11AD;D03A;110F 1171 11AD; # (퀺; 퀺; á„ᅱᆭ; 퀺; á„ᅱᆭ; ) HANGUL SYLLABLE KWINH +D03B;D03B;110F 1171 11AE;D03B;110F 1171 11AE; # (퀻; 퀻; á„ᅱᆮ; 퀻; á„ᅱᆮ; ) HANGUL SYLLABLE KWID +D03C;D03C;110F 1171 11AF;D03C;110F 1171 11AF; # (퀼; 퀼; á„ᅱᆯ; 퀼; á„ᅱᆯ; ) HANGUL SYLLABLE KWIL +D03D;D03D;110F 1171 11B0;D03D;110F 1171 11B0; # (퀽; 퀽; á„ᅱᆰ; 퀽; á„ᅱᆰ; ) HANGUL SYLLABLE KWILG +D03E;D03E;110F 1171 11B1;D03E;110F 1171 11B1; # (퀾; 퀾; á„ᅱᆱ; 퀾; á„ᅱᆱ; ) HANGUL SYLLABLE KWILM +D03F;D03F;110F 1171 11B2;D03F;110F 1171 11B2; # (퀿; 퀿; á„ᅱᆲ; 퀿; á„ᅱᆲ; ) HANGUL SYLLABLE KWILB +D040;D040;110F 1171 11B3;D040;110F 1171 11B3; # (í€; í€; á„ᅱᆳ; í€; á„ᅱᆳ; ) HANGUL SYLLABLE KWILS +D041;D041;110F 1171 11B4;D041;110F 1171 11B4; # (í; í; á„ᅱᆴ; í; á„ᅱᆴ; ) HANGUL SYLLABLE KWILT +D042;D042;110F 1171 11B5;D042;110F 1171 11B5; # (í‚; í‚; á„ᅱᆵ; í‚; á„ᅱᆵ; ) HANGUL SYLLABLE KWILP +D043;D043;110F 1171 11B6;D043;110F 1171 11B6; # (íƒ; íƒ; á„ᅱᆶ; íƒ; á„ᅱᆶ; ) HANGUL SYLLABLE KWILH +D044;D044;110F 1171 11B7;D044;110F 1171 11B7; # (í„; í„; á„ᅱᆷ; í„; á„ᅱᆷ; ) HANGUL SYLLABLE KWIM +D045;D045;110F 1171 11B8;D045;110F 1171 11B8; # (í…; í…; á„ᅱᆸ; í…; á„ᅱᆸ; ) HANGUL SYLLABLE KWIB +D046;D046;110F 1171 11B9;D046;110F 1171 11B9; # (í†; í†; á„ᅱᆹ; í†; á„ᅱᆹ; ) HANGUL SYLLABLE KWIBS +D047;D047;110F 1171 11BA;D047;110F 1171 11BA; # (í‡; í‡; á„ᅱᆺ; í‡; á„ᅱᆺ; ) HANGUL SYLLABLE KWIS +D048;D048;110F 1171 11BB;D048;110F 1171 11BB; # (íˆ; íˆ; á„ᅱᆻ; íˆ; á„ᅱᆻ; ) HANGUL SYLLABLE KWISS +D049;D049;110F 1171 11BC;D049;110F 1171 11BC; # (í‰; í‰; á„ᅱᆼ; í‰; á„ᅱᆼ; ) HANGUL SYLLABLE KWING +D04A;D04A;110F 1171 11BD;D04A;110F 1171 11BD; # (íŠ; íŠ; á„ᅱᆽ; íŠ; á„ᅱᆽ; ) HANGUL SYLLABLE KWIJ +D04B;D04B;110F 1171 11BE;D04B;110F 1171 11BE; # (í‹; í‹; á„ᅱᆾ; í‹; á„ᅱᆾ; ) HANGUL SYLLABLE KWIC +D04C;D04C;110F 1171 11BF;D04C;110F 1171 11BF; # (íŒ; íŒ; á„ᅱᆿ; íŒ; á„ᅱᆿ; ) HANGUL SYLLABLE KWIK +D04D;D04D;110F 1171 11C0;D04D;110F 1171 11C0; # (í; í; á„ᅱᇀ; í; á„ᅱᇀ; ) HANGUL SYLLABLE KWIT +D04E;D04E;110F 1171 11C1;D04E;110F 1171 11C1; # (íŽ; íŽ; á„á…±á‡; íŽ; á„á…±á‡; ) HANGUL SYLLABLE KWIP +D04F;D04F;110F 1171 11C2;D04F;110F 1171 11C2; # (í; í; á„ᅱᇂ; í; á„ᅱᇂ; ) HANGUL SYLLABLE KWIH +D050;D050;110F 1172;D050;110F 1172; # (í; í; á„á…²; í; á„á…²; ) HANGUL SYLLABLE KYU +D051;D051;110F 1172 11A8;D051;110F 1172 11A8; # (í‘; í‘; á„ᅲᆨ; í‘; á„ᅲᆨ; ) HANGUL SYLLABLE KYUG +D052;D052;110F 1172 11A9;D052;110F 1172 11A9; # (í’; í’; á„ᅲᆩ; í’; á„ᅲᆩ; ) HANGUL SYLLABLE KYUGG +D053;D053;110F 1172 11AA;D053;110F 1172 11AA; # (í“; í“; á„ᅲᆪ; í“; á„ᅲᆪ; ) HANGUL SYLLABLE KYUGS +D054;D054;110F 1172 11AB;D054;110F 1172 11AB; # (í”; í”; á„ᅲᆫ; í”; á„ᅲᆫ; ) HANGUL SYLLABLE KYUN +D055;D055;110F 1172 11AC;D055;110F 1172 11AC; # (í•; í•; á„ᅲᆬ; í•; á„ᅲᆬ; ) HANGUL SYLLABLE KYUNJ +D056;D056;110F 1172 11AD;D056;110F 1172 11AD; # (í–; í–; á„ᅲᆭ; í–; á„ᅲᆭ; ) HANGUL SYLLABLE KYUNH +D057;D057;110F 1172 11AE;D057;110F 1172 11AE; # (í—; í—; á„ᅲᆮ; í—; á„ᅲᆮ; ) HANGUL SYLLABLE KYUD +D058;D058;110F 1172 11AF;D058;110F 1172 11AF; # (í˜; í˜; á„ᅲᆯ; í˜; á„ᅲᆯ; ) HANGUL SYLLABLE KYUL +D059;D059;110F 1172 11B0;D059;110F 1172 11B0; # (í™; í™; á„ᅲᆰ; í™; á„ᅲᆰ; ) HANGUL SYLLABLE KYULG +D05A;D05A;110F 1172 11B1;D05A;110F 1172 11B1; # (íš; íš; á„ᅲᆱ; íš; á„ᅲᆱ; ) HANGUL SYLLABLE KYULM +D05B;D05B;110F 1172 11B2;D05B;110F 1172 11B2; # (í›; í›; á„ᅲᆲ; í›; á„ᅲᆲ; ) HANGUL SYLLABLE KYULB +D05C;D05C;110F 1172 11B3;D05C;110F 1172 11B3; # (íœ; íœ; á„ᅲᆳ; íœ; á„ᅲᆳ; ) HANGUL SYLLABLE KYULS +D05D;D05D;110F 1172 11B4;D05D;110F 1172 11B4; # (í; í; á„ᅲᆴ; í; á„ᅲᆴ; ) HANGUL SYLLABLE KYULT +D05E;D05E;110F 1172 11B5;D05E;110F 1172 11B5; # (íž; íž; á„ᅲᆵ; íž; á„ᅲᆵ; ) HANGUL SYLLABLE KYULP +D05F;D05F;110F 1172 11B6;D05F;110F 1172 11B6; # (íŸ; íŸ; á„ᅲᆶ; íŸ; á„ᅲᆶ; ) HANGUL SYLLABLE KYULH +D060;D060;110F 1172 11B7;D060;110F 1172 11B7; # (í ; í ; á„ᅲᆷ; í ; á„ᅲᆷ; ) HANGUL SYLLABLE KYUM +D061;D061;110F 1172 11B8;D061;110F 1172 11B8; # (í¡; í¡; á„ᅲᆸ; í¡; á„ᅲᆸ; ) HANGUL SYLLABLE KYUB +D062;D062;110F 1172 11B9;D062;110F 1172 11B9; # (í¢; í¢; á„ᅲᆹ; í¢; á„ᅲᆹ; ) HANGUL SYLLABLE KYUBS +D063;D063;110F 1172 11BA;D063;110F 1172 11BA; # (í£; í£; á„ᅲᆺ; í£; á„ᅲᆺ; ) HANGUL SYLLABLE KYUS +D064;D064;110F 1172 11BB;D064;110F 1172 11BB; # (í¤; í¤; á„ᅲᆻ; í¤; á„ᅲᆻ; ) HANGUL SYLLABLE KYUSS +D065;D065;110F 1172 11BC;D065;110F 1172 11BC; # (í¥; í¥; á„ᅲᆼ; í¥; á„ᅲᆼ; ) HANGUL SYLLABLE KYUNG +D066;D066;110F 1172 11BD;D066;110F 1172 11BD; # (í¦; í¦; á„ᅲᆽ; í¦; á„ᅲᆽ; ) HANGUL SYLLABLE KYUJ +D067;D067;110F 1172 11BE;D067;110F 1172 11BE; # (í§; í§; á„ᅲᆾ; í§; á„ᅲᆾ; ) HANGUL SYLLABLE KYUC +D068;D068;110F 1172 11BF;D068;110F 1172 11BF; # (í¨; í¨; á„ᅲᆿ; í¨; á„ᅲᆿ; ) HANGUL SYLLABLE KYUK +D069;D069;110F 1172 11C0;D069;110F 1172 11C0; # (í©; í©; á„ᅲᇀ; í©; á„ᅲᇀ; ) HANGUL SYLLABLE KYUT +D06A;D06A;110F 1172 11C1;D06A;110F 1172 11C1; # (íª; íª; á„á…²á‡; íª; á„á…²á‡; ) HANGUL SYLLABLE KYUP +D06B;D06B;110F 1172 11C2;D06B;110F 1172 11C2; # (í«; í«; á„ᅲᇂ; í«; á„ᅲᇂ; ) HANGUL SYLLABLE KYUH +D06C;D06C;110F 1173;D06C;110F 1173; # (í¬; í¬; á„á…³; í¬; á„á…³; ) HANGUL SYLLABLE KEU +D06D;D06D;110F 1173 11A8;D06D;110F 1173 11A8; # (í­; í­; á„ᅳᆨ; í­; á„ᅳᆨ; ) HANGUL SYLLABLE KEUG +D06E;D06E;110F 1173 11A9;D06E;110F 1173 11A9; # (í®; í®; á„ᅳᆩ; í®; á„ᅳᆩ; ) HANGUL SYLLABLE KEUGG +D06F;D06F;110F 1173 11AA;D06F;110F 1173 11AA; # (í¯; í¯; á„ᅳᆪ; í¯; á„ᅳᆪ; ) HANGUL SYLLABLE KEUGS +D070;D070;110F 1173 11AB;D070;110F 1173 11AB; # (í°; í°; á„ᅳᆫ; í°; á„ᅳᆫ; ) HANGUL SYLLABLE KEUN +D071;D071;110F 1173 11AC;D071;110F 1173 11AC; # (í±; í±; á„ᅳᆬ; í±; á„ᅳᆬ; ) HANGUL SYLLABLE KEUNJ +D072;D072;110F 1173 11AD;D072;110F 1173 11AD; # (í²; í²; á„ᅳᆭ; í²; á„ᅳᆭ; ) HANGUL SYLLABLE KEUNH +D073;D073;110F 1173 11AE;D073;110F 1173 11AE; # (í³; í³; á„ᅳᆮ; í³; á„ᅳᆮ; ) HANGUL SYLLABLE KEUD +D074;D074;110F 1173 11AF;D074;110F 1173 11AF; # (í´; í´; á„ᅳᆯ; í´; á„ᅳᆯ; ) HANGUL SYLLABLE KEUL +D075;D075;110F 1173 11B0;D075;110F 1173 11B0; # (íµ; íµ; á„ᅳᆰ; íµ; á„ᅳᆰ; ) HANGUL SYLLABLE KEULG +D076;D076;110F 1173 11B1;D076;110F 1173 11B1; # (í¶; í¶; á„ᅳᆱ; í¶; á„ᅳᆱ; ) HANGUL SYLLABLE KEULM +D077;D077;110F 1173 11B2;D077;110F 1173 11B2; # (í·; í·; á„ᅳᆲ; í·; á„ᅳᆲ; ) HANGUL SYLLABLE KEULB +D078;D078;110F 1173 11B3;D078;110F 1173 11B3; # (í¸; í¸; á„ᅳᆳ; í¸; á„ᅳᆳ; ) HANGUL SYLLABLE KEULS +D079;D079;110F 1173 11B4;D079;110F 1173 11B4; # (í¹; í¹; á„ᅳᆴ; í¹; á„ᅳᆴ; ) HANGUL SYLLABLE KEULT +D07A;D07A;110F 1173 11B5;D07A;110F 1173 11B5; # (íº; íº; á„ᅳᆵ; íº; á„ᅳᆵ; ) HANGUL SYLLABLE KEULP +D07B;D07B;110F 1173 11B6;D07B;110F 1173 11B6; # (í»; í»; á„ᅳᆶ; í»; á„ᅳᆶ; ) HANGUL SYLLABLE KEULH +D07C;D07C;110F 1173 11B7;D07C;110F 1173 11B7; # (í¼; í¼; á„ᅳᆷ; í¼; á„ᅳᆷ; ) HANGUL SYLLABLE KEUM +D07D;D07D;110F 1173 11B8;D07D;110F 1173 11B8; # (í½; í½; á„ᅳᆸ; í½; á„ᅳᆸ; ) HANGUL SYLLABLE KEUB +D07E;D07E;110F 1173 11B9;D07E;110F 1173 11B9; # (í¾; í¾; á„ᅳᆹ; í¾; á„ᅳᆹ; ) HANGUL SYLLABLE KEUBS +D07F;D07F;110F 1173 11BA;D07F;110F 1173 11BA; # (í¿; í¿; á„ᅳᆺ; í¿; á„ᅳᆺ; ) HANGUL SYLLABLE KEUS +D080;D080;110F 1173 11BB;D080;110F 1173 11BB; # (í‚€; í‚€; á„ᅳᆻ; í‚€; á„ᅳᆻ; ) HANGUL SYLLABLE KEUSS +D081;D081;110F 1173 11BC;D081;110F 1173 11BC; # (í‚; í‚; á„ᅳᆼ; í‚; á„ᅳᆼ; ) HANGUL SYLLABLE KEUNG +D082;D082;110F 1173 11BD;D082;110F 1173 11BD; # (í‚‚; í‚‚; á„ᅳᆽ; í‚‚; á„ᅳᆽ; ) HANGUL SYLLABLE KEUJ +D083;D083;110F 1173 11BE;D083;110F 1173 11BE; # (킃; 킃; á„ᅳᆾ; 킃; á„ᅳᆾ; ) HANGUL SYLLABLE KEUC +D084;D084;110F 1173 11BF;D084;110F 1173 11BF; # (í‚„; í‚„; á„ᅳᆿ; í‚„; á„ᅳᆿ; ) HANGUL SYLLABLE KEUK +D085;D085;110F 1173 11C0;D085;110F 1173 11C0; # (í‚…; í‚…; á„ᅳᇀ; í‚…; á„ᅳᇀ; ) HANGUL SYLLABLE KEUT +D086;D086;110F 1173 11C1;D086;110F 1173 11C1; # (킆; 킆; á„á…³á‡; 킆; á„á…³á‡; ) HANGUL SYLLABLE KEUP +D087;D087;110F 1173 11C2;D087;110F 1173 11C2; # (킇; 킇; á„ᅳᇂ; 킇; á„ᅳᇂ; ) HANGUL SYLLABLE KEUH +D088;D088;110F 1174;D088;110F 1174; # (킈; 킈; á„á…´; 킈; á„á…´; ) HANGUL SYLLABLE KYI +D089;D089;110F 1174 11A8;D089;110F 1174 11A8; # (킉; 킉; á„ᅴᆨ; 킉; á„ᅴᆨ; ) HANGUL SYLLABLE KYIG +D08A;D08A;110F 1174 11A9;D08A;110F 1174 11A9; # (í‚Š; í‚Š; á„ᅴᆩ; í‚Š; á„ᅴᆩ; ) HANGUL SYLLABLE KYIGG +D08B;D08B;110F 1174 11AA;D08B;110F 1174 11AA; # (í‚‹; í‚‹; á„ᅴᆪ; í‚‹; á„ᅴᆪ; ) HANGUL SYLLABLE KYIGS +D08C;D08C;110F 1174 11AB;D08C;110F 1174 11AB; # (í‚Œ; í‚Œ; á„ᅴᆫ; í‚Œ; á„ᅴᆫ; ) HANGUL SYLLABLE KYIN +D08D;D08D;110F 1174 11AC;D08D;110F 1174 11AC; # (í‚; í‚; á„ᅴᆬ; í‚; á„ᅴᆬ; ) HANGUL SYLLABLE KYINJ +D08E;D08E;110F 1174 11AD;D08E;110F 1174 11AD; # (í‚Ž; í‚Ž; á„ᅴᆭ; í‚Ž; á„ᅴᆭ; ) HANGUL SYLLABLE KYINH +D08F;D08F;110F 1174 11AE;D08F;110F 1174 11AE; # (í‚; í‚; á„ᅴᆮ; í‚; á„ᅴᆮ; ) HANGUL SYLLABLE KYID +D090;D090;110F 1174 11AF;D090;110F 1174 11AF; # (í‚; í‚; á„ᅴᆯ; í‚; á„ᅴᆯ; ) HANGUL SYLLABLE KYIL +D091;D091;110F 1174 11B0;D091;110F 1174 11B0; # (í‚‘; í‚‘; á„ᅴᆰ; í‚‘; á„ᅴᆰ; ) HANGUL SYLLABLE KYILG +D092;D092;110F 1174 11B1;D092;110F 1174 11B1; # (í‚’; í‚’; á„ᅴᆱ; í‚’; á„ᅴᆱ; ) HANGUL SYLLABLE KYILM +D093;D093;110F 1174 11B2;D093;110F 1174 11B2; # (í‚“; í‚“; á„ᅴᆲ; í‚“; á„ᅴᆲ; ) HANGUL SYLLABLE KYILB +D094;D094;110F 1174 11B3;D094;110F 1174 11B3; # (í‚”; í‚”; á„ᅴᆳ; í‚”; á„ᅴᆳ; ) HANGUL SYLLABLE KYILS +D095;D095;110F 1174 11B4;D095;110F 1174 11B4; # (í‚•; í‚•; á„ᅴᆴ; í‚•; á„ᅴᆴ; ) HANGUL SYLLABLE KYILT +D096;D096;110F 1174 11B5;D096;110F 1174 11B5; # (í‚–; í‚–; á„ᅴᆵ; í‚–; á„ᅴᆵ; ) HANGUL SYLLABLE KYILP +D097;D097;110F 1174 11B6;D097;110F 1174 11B6; # (í‚—; í‚—; á„ᅴᆶ; í‚—; á„ᅴᆶ; ) HANGUL SYLLABLE KYILH +D098;D098;110F 1174 11B7;D098;110F 1174 11B7; # (킘; 킘; á„ᅴᆷ; 킘; á„ᅴᆷ; ) HANGUL SYLLABLE KYIM +D099;D099;110F 1174 11B8;D099;110F 1174 11B8; # (í‚™; í‚™; á„ᅴᆸ; í‚™; á„ᅴᆸ; ) HANGUL SYLLABLE KYIB +D09A;D09A;110F 1174 11B9;D09A;110F 1174 11B9; # (í‚š; í‚š; á„ᅴᆹ; í‚š; á„ᅴᆹ; ) HANGUL SYLLABLE KYIBS +D09B;D09B;110F 1174 11BA;D09B;110F 1174 11BA; # (í‚›; í‚›; á„ᅴᆺ; í‚›; á„ᅴᆺ; ) HANGUL SYLLABLE KYIS +D09C;D09C;110F 1174 11BB;D09C;110F 1174 11BB; # (í‚œ; í‚œ; á„ᅴᆻ; í‚œ; á„ᅴᆻ; ) HANGUL SYLLABLE KYISS +D09D;D09D;110F 1174 11BC;D09D;110F 1174 11BC; # (í‚; í‚; á„ᅴᆼ; í‚; á„ᅴᆼ; ) HANGUL SYLLABLE KYING +D09E;D09E;110F 1174 11BD;D09E;110F 1174 11BD; # (í‚ž; í‚ž; á„ᅴᆽ; í‚ž; á„ᅴᆽ; ) HANGUL SYLLABLE KYIJ +D09F;D09F;110F 1174 11BE;D09F;110F 1174 11BE; # (í‚Ÿ; í‚Ÿ; á„ᅴᆾ; í‚Ÿ; á„ᅴᆾ; ) HANGUL SYLLABLE KYIC +D0A0;D0A0;110F 1174 11BF;D0A0;110F 1174 11BF; # (í‚ ; í‚ ; á„ᅴᆿ; í‚ ; á„ᅴᆿ; ) HANGUL SYLLABLE KYIK +D0A1;D0A1;110F 1174 11C0;D0A1;110F 1174 11C0; # (í‚¡; í‚¡; á„ᅴᇀ; í‚¡; á„ᅴᇀ; ) HANGUL SYLLABLE KYIT +D0A2;D0A2;110F 1174 11C1;D0A2;110F 1174 11C1; # (í‚¢; í‚¢; á„á…´á‡; í‚¢; á„á…´á‡; ) HANGUL SYLLABLE KYIP +D0A3;D0A3;110F 1174 11C2;D0A3;110F 1174 11C2; # (í‚£; í‚£; á„ᅴᇂ; í‚£; á„ᅴᇂ; ) HANGUL SYLLABLE KYIH +D0A4;D0A4;110F 1175;D0A4;110F 1175; # (키; 키; á„á…µ; 키; á„á…µ; ) HANGUL SYLLABLE KI +D0A5;D0A5;110F 1175 11A8;D0A5;110F 1175 11A8; # (í‚¥; í‚¥; á„ᅵᆨ; í‚¥; á„ᅵᆨ; ) HANGUL SYLLABLE KIG +D0A6;D0A6;110F 1175 11A9;D0A6;110F 1175 11A9; # (킦; 킦; á„ᅵᆩ; 킦; á„ᅵᆩ; ) HANGUL SYLLABLE KIGG +D0A7;D0A7;110F 1175 11AA;D0A7;110F 1175 11AA; # (킧; 킧; á„ᅵᆪ; 킧; á„ᅵᆪ; ) HANGUL SYLLABLE KIGS +D0A8;D0A8;110F 1175 11AB;D0A8;110F 1175 11AB; # (킨; 킨; á„ᅵᆫ; 킨; á„ᅵᆫ; ) HANGUL SYLLABLE KIN +D0A9;D0A9;110F 1175 11AC;D0A9;110F 1175 11AC; # (í‚©; í‚©; á„ᅵᆬ; í‚©; á„ᅵᆬ; ) HANGUL SYLLABLE KINJ +D0AA;D0AA;110F 1175 11AD;D0AA;110F 1175 11AD; # (킪; 킪; á„ᅵᆭ; 킪; á„ᅵᆭ; ) HANGUL SYLLABLE KINH +D0AB;D0AB;110F 1175 11AE;D0AB;110F 1175 11AE; # (í‚«; í‚«; á„ᅵᆮ; í‚«; á„ᅵᆮ; ) HANGUL SYLLABLE KID +D0AC;D0AC;110F 1175 11AF;D0AC;110F 1175 11AF; # (킬; 킬; á„ᅵᆯ; 킬; á„ᅵᆯ; ) HANGUL SYLLABLE KIL +D0AD;D0AD;110F 1175 11B0;D0AD;110F 1175 11B0; # (í‚­; í‚­; á„ᅵᆰ; í‚­; á„ᅵᆰ; ) HANGUL SYLLABLE KILG +D0AE;D0AE;110F 1175 11B1;D0AE;110F 1175 11B1; # (í‚®; í‚®; á„ᅵᆱ; í‚®; á„ᅵᆱ; ) HANGUL SYLLABLE KILM +D0AF;D0AF;110F 1175 11B2;D0AF;110F 1175 11B2; # (킯; 킯; á„ᅵᆲ; 킯; á„ᅵᆲ; ) HANGUL SYLLABLE KILB +D0B0;D0B0;110F 1175 11B3;D0B0;110F 1175 11B3; # (í‚°; í‚°; á„ᅵᆳ; í‚°; á„ᅵᆳ; ) HANGUL SYLLABLE KILS +D0B1;D0B1;110F 1175 11B4;D0B1;110F 1175 11B4; # (킱; 킱; á„ᅵᆴ; 킱; á„ᅵᆴ; ) HANGUL SYLLABLE KILT +D0B2;D0B2;110F 1175 11B5;D0B2;110F 1175 11B5; # (킲; 킲; á„ᅵᆵ; 킲; á„ᅵᆵ; ) HANGUL SYLLABLE KILP +D0B3;D0B3;110F 1175 11B6;D0B3;110F 1175 11B6; # (킳; 킳; á„ᅵᆶ; 킳; á„ᅵᆶ; ) HANGUL SYLLABLE KILH +D0B4;D0B4;110F 1175 11B7;D0B4;110F 1175 11B7; # (í‚´; í‚´; á„ᅵᆷ; í‚´; á„ᅵᆷ; ) HANGUL SYLLABLE KIM +D0B5;D0B5;110F 1175 11B8;D0B5;110F 1175 11B8; # (킵; 킵; á„ᅵᆸ; 킵; á„ᅵᆸ; ) HANGUL SYLLABLE KIB +D0B6;D0B6;110F 1175 11B9;D0B6;110F 1175 11B9; # (킶; 킶; á„ᅵᆹ; 킶; á„ᅵᆹ; ) HANGUL SYLLABLE KIBS +D0B7;D0B7;110F 1175 11BA;D0B7;110F 1175 11BA; # (í‚·; í‚·; á„ᅵᆺ; í‚·; á„ᅵᆺ; ) HANGUL SYLLABLE KIS +D0B8;D0B8;110F 1175 11BB;D0B8;110F 1175 11BB; # (킸; 킸; á„ᅵᆻ; 킸; á„ᅵᆻ; ) HANGUL SYLLABLE KISS +D0B9;D0B9;110F 1175 11BC;D0B9;110F 1175 11BC; # (킹; 킹; á„ᅵᆼ; 킹; á„ᅵᆼ; ) HANGUL SYLLABLE KING +D0BA;D0BA;110F 1175 11BD;D0BA;110F 1175 11BD; # (킺; 킺; á„ᅵᆽ; 킺; á„ᅵᆽ; ) HANGUL SYLLABLE KIJ +D0BB;D0BB;110F 1175 11BE;D0BB;110F 1175 11BE; # (í‚»; í‚»; á„ᅵᆾ; í‚»; á„ᅵᆾ; ) HANGUL SYLLABLE KIC +D0BC;D0BC;110F 1175 11BF;D0BC;110F 1175 11BF; # (킼; 킼; á„ᅵᆿ; 킼; á„ᅵᆿ; ) HANGUL SYLLABLE KIK +D0BD;D0BD;110F 1175 11C0;D0BD;110F 1175 11C0; # (킽; 킽; á„ᅵᇀ; 킽; á„ᅵᇀ; ) HANGUL SYLLABLE KIT +D0BE;D0BE;110F 1175 11C1;D0BE;110F 1175 11C1; # (킾; 킾; á„á…µá‡; 킾; á„á…µá‡; ) HANGUL SYLLABLE KIP +D0BF;D0BF;110F 1175 11C2;D0BF;110F 1175 11C2; # (í‚¿; í‚¿; á„ᅵᇂ; í‚¿; á„ᅵᇂ; ) HANGUL SYLLABLE KIH +D0C0;D0C0;1110 1161;D0C0;1110 1161; # (타; 타; á„á…¡; 타; á„á…¡; ) HANGUL SYLLABLE TA +D0C1;D0C1;1110 1161 11A8;D0C1;1110 1161 11A8; # (íƒ; íƒ; á„ᅡᆨ; íƒ; á„ᅡᆨ; ) HANGUL SYLLABLE TAG +D0C2;D0C2;1110 1161 11A9;D0C2;1110 1161 11A9; # (탂; 탂; á„ᅡᆩ; 탂; á„ᅡᆩ; ) HANGUL SYLLABLE TAGG +D0C3;D0C3;1110 1161 11AA;D0C3;1110 1161 11AA; # (탃; 탃; á„ᅡᆪ; 탃; á„ᅡᆪ; ) HANGUL SYLLABLE TAGS +D0C4;D0C4;1110 1161 11AB;D0C4;1110 1161 11AB; # (탄; 탄; á„ᅡᆫ; 탄; á„ᅡᆫ; ) HANGUL SYLLABLE TAN +D0C5;D0C5;1110 1161 11AC;D0C5;1110 1161 11AC; # (탅; 탅; á„ᅡᆬ; 탅; á„ᅡᆬ; ) HANGUL SYLLABLE TANJ +D0C6;D0C6;1110 1161 11AD;D0C6;1110 1161 11AD; # (탆; 탆; á„ᅡᆭ; 탆; á„ᅡᆭ; ) HANGUL SYLLABLE TANH +D0C7;D0C7;1110 1161 11AE;D0C7;1110 1161 11AE; # (탇; 탇; á„ᅡᆮ; 탇; á„ᅡᆮ; ) HANGUL SYLLABLE TAD +D0C8;D0C8;1110 1161 11AF;D0C8;1110 1161 11AF; # (탈; 탈; á„ᅡᆯ; 탈; á„ᅡᆯ; ) HANGUL SYLLABLE TAL +D0C9;D0C9;1110 1161 11B0;D0C9;1110 1161 11B0; # (탉; 탉; á„ᅡᆰ; 탉; á„ᅡᆰ; ) HANGUL SYLLABLE TALG +D0CA;D0CA;1110 1161 11B1;D0CA;1110 1161 11B1; # (탊; 탊; á„ᅡᆱ; 탊; á„ᅡᆱ; ) HANGUL SYLLABLE TALM +D0CB;D0CB;1110 1161 11B2;D0CB;1110 1161 11B2; # (탋; 탋; á„ᅡᆲ; 탋; á„ᅡᆲ; ) HANGUL SYLLABLE TALB +D0CC;D0CC;1110 1161 11B3;D0CC;1110 1161 11B3; # (탌; 탌; á„ᅡᆳ; 탌; á„ᅡᆳ; ) HANGUL SYLLABLE TALS +D0CD;D0CD;1110 1161 11B4;D0CD;1110 1161 11B4; # (íƒ; íƒ; á„ᅡᆴ; íƒ; á„ᅡᆴ; ) HANGUL SYLLABLE TALT +D0CE;D0CE;1110 1161 11B5;D0CE;1110 1161 11B5; # (탎; 탎; á„ᅡᆵ; 탎; á„ᅡᆵ; ) HANGUL SYLLABLE TALP +D0CF;D0CF;1110 1161 11B6;D0CF;1110 1161 11B6; # (íƒ; íƒ; á„ᅡᆶ; íƒ; á„ᅡᆶ; ) HANGUL SYLLABLE TALH +D0D0;D0D0;1110 1161 11B7;D0D0;1110 1161 11B7; # (íƒ; íƒ; á„ᅡᆷ; íƒ; á„ᅡᆷ; ) HANGUL SYLLABLE TAM +D0D1;D0D1;1110 1161 11B8;D0D1;1110 1161 11B8; # (탑; 탑; á„ᅡᆸ; 탑; á„ᅡᆸ; ) HANGUL SYLLABLE TAB +D0D2;D0D2;1110 1161 11B9;D0D2;1110 1161 11B9; # (탒; 탒; á„ᅡᆹ; 탒; á„ᅡᆹ; ) HANGUL SYLLABLE TABS +D0D3;D0D3;1110 1161 11BA;D0D3;1110 1161 11BA; # (탓; 탓; á„ᅡᆺ; 탓; á„ᅡᆺ; ) HANGUL SYLLABLE TAS +D0D4;D0D4;1110 1161 11BB;D0D4;1110 1161 11BB; # (탔; 탔; á„ᅡᆻ; 탔; á„ᅡᆻ; ) HANGUL SYLLABLE TASS +D0D5;D0D5;1110 1161 11BC;D0D5;1110 1161 11BC; # (탕; 탕; á„ᅡᆼ; 탕; á„ᅡᆼ; ) HANGUL SYLLABLE TANG +D0D6;D0D6;1110 1161 11BD;D0D6;1110 1161 11BD; # (탖; 탖; á„ᅡᆽ; 탖; á„ᅡᆽ; ) HANGUL SYLLABLE TAJ +D0D7;D0D7;1110 1161 11BE;D0D7;1110 1161 11BE; # (탗; 탗; á„ᅡᆾ; 탗; á„ᅡᆾ; ) HANGUL SYLLABLE TAC +D0D8;D0D8;1110 1161 11BF;D0D8;1110 1161 11BF; # (탘; 탘; á„ᅡᆿ; 탘; á„ᅡᆿ; ) HANGUL SYLLABLE TAK +D0D9;D0D9;1110 1161 11C0;D0D9;1110 1161 11C0; # (탙; 탙; á„ᅡᇀ; 탙; á„ᅡᇀ; ) HANGUL SYLLABLE TAT +D0DA;D0DA;1110 1161 11C1;D0DA;1110 1161 11C1; # (탚; 탚; á„á…¡á‡; 탚; á„á…¡á‡; ) HANGUL SYLLABLE TAP +D0DB;D0DB;1110 1161 11C2;D0DB;1110 1161 11C2; # (탛; 탛; á„ᅡᇂ; 탛; á„ᅡᇂ; ) HANGUL SYLLABLE TAH +D0DC;D0DC;1110 1162;D0DC;1110 1162; # (태; 태; á„á…¢; 태; á„á…¢; ) HANGUL SYLLABLE TAE +D0DD;D0DD;1110 1162 11A8;D0DD;1110 1162 11A8; # (íƒ; íƒ; á„ᅢᆨ; íƒ; á„ᅢᆨ; ) HANGUL SYLLABLE TAEG +D0DE;D0DE;1110 1162 11A9;D0DE;1110 1162 11A9; # (탞; 탞; á„ᅢᆩ; 탞; á„ᅢᆩ; ) HANGUL SYLLABLE TAEGG +D0DF;D0DF;1110 1162 11AA;D0DF;1110 1162 11AA; # (탟; 탟; á„ᅢᆪ; 탟; á„ᅢᆪ; ) HANGUL SYLLABLE TAEGS +D0E0;D0E0;1110 1162 11AB;D0E0;1110 1162 11AB; # (탠; 탠; á„ᅢᆫ; 탠; á„ᅢᆫ; ) HANGUL SYLLABLE TAEN +D0E1;D0E1;1110 1162 11AC;D0E1;1110 1162 11AC; # (탡; 탡; á„ᅢᆬ; 탡; á„ᅢᆬ; ) HANGUL SYLLABLE TAENJ +D0E2;D0E2;1110 1162 11AD;D0E2;1110 1162 11AD; # (탢; 탢; á„ᅢᆭ; 탢; á„ᅢᆭ; ) HANGUL SYLLABLE TAENH +D0E3;D0E3;1110 1162 11AE;D0E3;1110 1162 11AE; # (탣; 탣; á„ᅢᆮ; 탣; á„ᅢᆮ; ) HANGUL SYLLABLE TAED +D0E4;D0E4;1110 1162 11AF;D0E4;1110 1162 11AF; # (탤; 탤; á„ᅢᆯ; 탤; á„ᅢᆯ; ) HANGUL SYLLABLE TAEL +D0E5;D0E5;1110 1162 11B0;D0E5;1110 1162 11B0; # (탥; 탥; á„ᅢᆰ; 탥; á„ᅢᆰ; ) HANGUL SYLLABLE TAELG +D0E6;D0E6;1110 1162 11B1;D0E6;1110 1162 11B1; # (탦; 탦; á„ᅢᆱ; 탦; á„ᅢᆱ; ) HANGUL SYLLABLE TAELM +D0E7;D0E7;1110 1162 11B2;D0E7;1110 1162 11B2; # (탧; 탧; á„ᅢᆲ; 탧; á„ᅢᆲ; ) HANGUL SYLLABLE TAELB +D0E8;D0E8;1110 1162 11B3;D0E8;1110 1162 11B3; # (탨; 탨; á„ᅢᆳ; 탨; á„ᅢᆳ; ) HANGUL SYLLABLE TAELS +D0E9;D0E9;1110 1162 11B4;D0E9;1110 1162 11B4; # (탩; 탩; á„ᅢᆴ; 탩; á„ᅢᆴ; ) HANGUL SYLLABLE TAELT +D0EA;D0EA;1110 1162 11B5;D0EA;1110 1162 11B5; # (탪; 탪; á„ᅢᆵ; 탪; á„ᅢᆵ; ) HANGUL SYLLABLE TAELP +D0EB;D0EB;1110 1162 11B6;D0EB;1110 1162 11B6; # (탫; 탫; á„ᅢᆶ; 탫; á„ᅢᆶ; ) HANGUL SYLLABLE TAELH +D0EC;D0EC;1110 1162 11B7;D0EC;1110 1162 11B7; # (탬; 탬; á„ᅢᆷ; 탬; á„ᅢᆷ; ) HANGUL SYLLABLE TAEM +D0ED;D0ED;1110 1162 11B8;D0ED;1110 1162 11B8; # (탭; 탭; á„ᅢᆸ; 탭; á„ᅢᆸ; ) HANGUL SYLLABLE TAEB +D0EE;D0EE;1110 1162 11B9;D0EE;1110 1162 11B9; # (탮; 탮; á„ᅢᆹ; 탮; á„ᅢᆹ; ) HANGUL SYLLABLE TAEBS +D0EF;D0EF;1110 1162 11BA;D0EF;1110 1162 11BA; # (탯; 탯; á„ᅢᆺ; 탯; á„ᅢᆺ; ) HANGUL SYLLABLE TAES +D0F0;D0F0;1110 1162 11BB;D0F0;1110 1162 11BB; # (탰; 탰; á„ᅢᆻ; 탰; á„ᅢᆻ; ) HANGUL SYLLABLE TAESS +D0F1;D0F1;1110 1162 11BC;D0F1;1110 1162 11BC; # (탱; 탱; á„ᅢᆼ; 탱; á„ᅢᆼ; ) HANGUL SYLLABLE TAENG +D0F2;D0F2;1110 1162 11BD;D0F2;1110 1162 11BD; # (탲; 탲; á„ᅢᆽ; 탲; á„ᅢᆽ; ) HANGUL SYLLABLE TAEJ +D0F3;D0F3;1110 1162 11BE;D0F3;1110 1162 11BE; # (탳; 탳; á„ᅢᆾ; 탳; á„ᅢᆾ; ) HANGUL SYLLABLE TAEC +D0F4;D0F4;1110 1162 11BF;D0F4;1110 1162 11BF; # (탴; 탴; á„ᅢᆿ; 탴; á„ᅢᆿ; ) HANGUL SYLLABLE TAEK +D0F5;D0F5;1110 1162 11C0;D0F5;1110 1162 11C0; # (탵; 탵; á„ᅢᇀ; 탵; á„ᅢᇀ; ) HANGUL SYLLABLE TAET +D0F6;D0F6;1110 1162 11C1;D0F6;1110 1162 11C1; # (탶; 탶; á„á…¢á‡; 탶; á„á…¢á‡; ) HANGUL SYLLABLE TAEP +D0F7;D0F7;1110 1162 11C2;D0F7;1110 1162 11C2; # (탷; 탷; á„ᅢᇂ; 탷; á„ᅢᇂ; ) HANGUL SYLLABLE TAEH +D0F8;D0F8;1110 1163;D0F8;1110 1163; # (탸; 탸; á„á…£; 탸; á„á…£; ) HANGUL SYLLABLE TYA +D0F9;D0F9;1110 1163 11A8;D0F9;1110 1163 11A8; # (탹; 탹; á„ᅣᆨ; 탹; á„ᅣᆨ; ) HANGUL SYLLABLE TYAG +D0FA;D0FA;1110 1163 11A9;D0FA;1110 1163 11A9; # (탺; 탺; á„ᅣᆩ; 탺; á„ᅣᆩ; ) HANGUL SYLLABLE TYAGG +D0FB;D0FB;1110 1163 11AA;D0FB;1110 1163 11AA; # (탻; 탻; á„ᅣᆪ; 탻; á„ᅣᆪ; ) HANGUL SYLLABLE TYAGS +D0FC;D0FC;1110 1163 11AB;D0FC;1110 1163 11AB; # (탼; 탼; á„ᅣᆫ; 탼; á„ᅣᆫ; ) HANGUL SYLLABLE TYAN +D0FD;D0FD;1110 1163 11AC;D0FD;1110 1163 11AC; # (탽; 탽; á„ᅣᆬ; 탽; á„ᅣᆬ; ) HANGUL SYLLABLE TYANJ +D0FE;D0FE;1110 1163 11AD;D0FE;1110 1163 11AD; # (탾; 탾; á„ᅣᆭ; 탾; á„ᅣᆭ; ) HANGUL SYLLABLE TYANH +D0FF;D0FF;1110 1163 11AE;D0FF;1110 1163 11AE; # (탿; 탿; á„ᅣᆮ; 탿; á„ᅣᆮ; ) HANGUL SYLLABLE TYAD +D100;D100;1110 1163 11AF;D100;1110 1163 11AF; # (í„€; í„€; á„ᅣᆯ; í„€; á„ᅣᆯ; ) HANGUL SYLLABLE TYAL +D101;D101;1110 1163 11B0;D101;1110 1163 11B0; # (í„; í„; á„ᅣᆰ; í„; á„ᅣᆰ; ) HANGUL SYLLABLE TYALG +D102;D102;1110 1163 11B1;D102;1110 1163 11B1; # (í„‚; í„‚; á„ᅣᆱ; í„‚; á„ᅣᆱ; ) HANGUL SYLLABLE TYALM +D103;D103;1110 1163 11B2;D103;1110 1163 11B2; # (턃; 턃; á„ᅣᆲ; 턃; á„ᅣᆲ; ) HANGUL SYLLABLE TYALB +D104;D104;1110 1163 11B3;D104;1110 1163 11B3; # (í„„; í„„; á„ᅣᆳ; í„„; á„ᅣᆳ; ) HANGUL SYLLABLE TYALS +D105;D105;1110 1163 11B4;D105;1110 1163 11B4; # (í„…; í„…; á„ᅣᆴ; í„…; á„ᅣᆴ; ) HANGUL SYLLABLE TYALT +D106;D106;1110 1163 11B5;D106;1110 1163 11B5; # (턆; 턆; á„ᅣᆵ; 턆; á„ᅣᆵ; ) HANGUL SYLLABLE TYALP +D107;D107;1110 1163 11B6;D107;1110 1163 11B6; # (턇; 턇; á„ᅣᆶ; 턇; á„ᅣᆶ; ) HANGUL SYLLABLE TYALH +D108;D108;1110 1163 11B7;D108;1110 1163 11B7; # (턈; 턈; á„ᅣᆷ; 턈; á„ᅣᆷ; ) HANGUL SYLLABLE TYAM +D109;D109;1110 1163 11B8;D109;1110 1163 11B8; # (턉; 턉; á„ᅣᆸ; 턉; á„ᅣᆸ; ) HANGUL SYLLABLE TYAB +D10A;D10A;1110 1163 11B9;D10A;1110 1163 11B9; # (í„Š; í„Š; á„ᅣᆹ; í„Š; á„ᅣᆹ; ) HANGUL SYLLABLE TYABS +D10B;D10B;1110 1163 11BA;D10B;1110 1163 11BA; # (í„‹; í„‹; á„ᅣᆺ; í„‹; á„ᅣᆺ; ) HANGUL SYLLABLE TYAS +D10C;D10C;1110 1163 11BB;D10C;1110 1163 11BB; # (í„Œ; í„Œ; á„ᅣᆻ; í„Œ; á„ᅣᆻ; ) HANGUL SYLLABLE TYASS +D10D;D10D;1110 1163 11BC;D10D;1110 1163 11BC; # (í„; í„; á„ᅣᆼ; í„; á„ᅣᆼ; ) HANGUL SYLLABLE TYANG +D10E;D10E;1110 1163 11BD;D10E;1110 1163 11BD; # (í„Ž; í„Ž; á„ᅣᆽ; í„Ž; á„ᅣᆽ; ) HANGUL SYLLABLE TYAJ +D10F;D10F;1110 1163 11BE;D10F;1110 1163 11BE; # (í„; í„; á„ᅣᆾ; í„; á„ᅣᆾ; ) HANGUL SYLLABLE TYAC +D110;D110;1110 1163 11BF;D110;1110 1163 11BF; # (í„; í„; á„ᅣᆿ; í„; á„ᅣᆿ; ) HANGUL SYLLABLE TYAK +D111;D111;1110 1163 11C0;D111;1110 1163 11C0; # (í„‘; í„‘; á„ᅣᇀ; í„‘; á„ᅣᇀ; ) HANGUL SYLLABLE TYAT +D112;D112;1110 1163 11C1;D112;1110 1163 11C1; # (í„’; í„’; á„á…£á‡; í„’; á„á…£á‡; ) HANGUL SYLLABLE TYAP +D113;D113;1110 1163 11C2;D113;1110 1163 11C2; # (í„“; í„“; á„ᅣᇂ; í„“; á„ᅣᇂ; ) HANGUL SYLLABLE TYAH +D114;D114;1110 1164;D114;1110 1164; # (í„”; í„”; á„á…¤; í„”; á„á…¤; ) HANGUL SYLLABLE TYAE +D115;D115;1110 1164 11A8;D115;1110 1164 11A8; # (í„•; í„•; á„ᅤᆨ; í„•; á„ᅤᆨ; ) HANGUL SYLLABLE TYAEG +D116;D116;1110 1164 11A9;D116;1110 1164 11A9; # (í„–; í„–; á„ᅤᆩ; í„–; á„ᅤᆩ; ) HANGUL SYLLABLE TYAEGG +D117;D117;1110 1164 11AA;D117;1110 1164 11AA; # (í„—; í„—; á„ᅤᆪ; í„—; á„ᅤᆪ; ) HANGUL SYLLABLE TYAEGS +D118;D118;1110 1164 11AB;D118;1110 1164 11AB; # (턘; 턘; á„ᅤᆫ; 턘; á„ᅤᆫ; ) HANGUL SYLLABLE TYAEN +D119;D119;1110 1164 11AC;D119;1110 1164 11AC; # (í„™; í„™; á„ᅤᆬ; í„™; á„ᅤᆬ; ) HANGUL SYLLABLE TYAENJ +D11A;D11A;1110 1164 11AD;D11A;1110 1164 11AD; # (í„š; í„š; á„ᅤᆭ; í„š; á„ᅤᆭ; ) HANGUL SYLLABLE TYAENH +D11B;D11B;1110 1164 11AE;D11B;1110 1164 11AE; # (í„›; í„›; á„ᅤᆮ; í„›; á„ᅤᆮ; ) HANGUL SYLLABLE TYAED +D11C;D11C;1110 1164 11AF;D11C;1110 1164 11AF; # (í„œ; í„œ; á„ᅤᆯ; í„œ; á„ᅤᆯ; ) HANGUL SYLLABLE TYAEL +D11D;D11D;1110 1164 11B0;D11D;1110 1164 11B0; # (í„; í„; á„ᅤᆰ; í„; á„ᅤᆰ; ) HANGUL SYLLABLE TYAELG +D11E;D11E;1110 1164 11B1;D11E;1110 1164 11B1; # (í„ž; í„ž; á„ᅤᆱ; í„ž; á„ᅤᆱ; ) HANGUL SYLLABLE TYAELM +D11F;D11F;1110 1164 11B2;D11F;1110 1164 11B2; # (í„Ÿ; í„Ÿ; á„ᅤᆲ; í„Ÿ; á„ᅤᆲ; ) HANGUL SYLLABLE TYAELB +D120;D120;1110 1164 11B3;D120;1110 1164 11B3; # (í„ ; í„ ; á„ᅤᆳ; í„ ; á„ᅤᆳ; ) HANGUL SYLLABLE TYAELS +D121;D121;1110 1164 11B4;D121;1110 1164 11B4; # (í„¡; í„¡; á„ᅤᆴ; í„¡; á„ᅤᆴ; ) HANGUL SYLLABLE TYAELT +D122;D122;1110 1164 11B5;D122;1110 1164 11B5; # (í„¢; í„¢; á„ᅤᆵ; í„¢; á„ᅤᆵ; ) HANGUL SYLLABLE TYAELP +D123;D123;1110 1164 11B6;D123;1110 1164 11B6; # (í„£; í„£; á„ᅤᆶ; í„£; á„ᅤᆶ; ) HANGUL SYLLABLE TYAELH +D124;D124;1110 1164 11B7;D124;1110 1164 11B7; # (턤; 턤; á„ᅤᆷ; 턤; á„ᅤᆷ; ) HANGUL SYLLABLE TYAEM +D125;D125;1110 1164 11B8;D125;1110 1164 11B8; # (í„¥; í„¥; á„ᅤᆸ; í„¥; á„ᅤᆸ; ) HANGUL SYLLABLE TYAEB +D126;D126;1110 1164 11B9;D126;1110 1164 11B9; # (턦; 턦; á„ᅤᆹ; 턦; á„ᅤᆹ; ) HANGUL SYLLABLE TYAEBS +D127;D127;1110 1164 11BA;D127;1110 1164 11BA; # (턧; 턧; á„ᅤᆺ; 턧; á„ᅤᆺ; ) HANGUL SYLLABLE TYAES +D128;D128;1110 1164 11BB;D128;1110 1164 11BB; # (턨; 턨; á„ᅤᆻ; 턨; á„ᅤᆻ; ) HANGUL SYLLABLE TYAESS +D129;D129;1110 1164 11BC;D129;1110 1164 11BC; # (í„©; í„©; á„ᅤᆼ; í„©; á„ᅤᆼ; ) HANGUL SYLLABLE TYAENG +D12A;D12A;1110 1164 11BD;D12A;1110 1164 11BD; # (턪; 턪; á„ᅤᆽ; 턪; á„ᅤᆽ; ) HANGUL SYLLABLE TYAEJ +D12B;D12B;1110 1164 11BE;D12B;1110 1164 11BE; # (í„«; í„«; á„ᅤᆾ; í„«; á„ᅤᆾ; ) HANGUL SYLLABLE TYAEC +D12C;D12C;1110 1164 11BF;D12C;1110 1164 11BF; # (턬; 턬; á„ᅤᆿ; 턬; á„ᅤᆿ; ) HANGUL SYLLABLE TYAEK +D12D;D12D;1110 1164 11C0;D12D;1110 1164 11C0; # (í„­; í„­; á„ᅤᇀ; í„­; á„ᅤᇀ; ) HANGUL SYLLABLE TYAET +D12E;D12E;1110 1164 11C1;D12E;1110 1164 11C1; # (í„®; í„®; á„á…¤á‡; í„®; á„á…¤á‡; ) HANGUL SYLLABLE TYAEP +D12F;D12F;1110 1164 11C2;D12F;1110 1164 11C2; # (턯; 턯; á„ᅤᇂ; 턯; á„ᅤᇂ; ) HANGUL SYLLABLE TYAEH +D130;D130;1110 1165;D130;1110 1165; # (í„°; í„°; á„á…¥; í„°; á„á…¥; ) HANGUL SYLLABLE TEO +D131;D131;1110 1165 11A8;D131;1110 1165 11A8; # (턱; 턱; á„ᅥᆨ; 턱; á„ᅥᆨ; ) HANGUL SYLLABLE TEOG +D132;D132;1110 1165 11A9;D132;1110 1165 11A9; # (턲; 턲; á„ᅥᆩ; 턲; á„ᅥᆩ; ) HANGUL SYLLABLE TEOGG +D133;D133;1110 1165 11AA;D133;1110 1165 11AA; # (턳; 턳; á„ᅥᆪ; 턳; á„ᅥᆪ; ) HANGUL SYLLABLE TEOGS +D134;D134;1110 1165 11AB;D134;1110 1165 11AB; # (í„´; í„´; á„ᅥᆫ; í„´; á„ᅥᆫ; ) HANGUL SYLLABLE TEON +D135;D135;1110 1165 11AC;D135;1110 1165 11AC; # (턵; 턵; á„ᅥᆬ; 턵; á„ᅥᆬ; ) HANGUL SYLLABLE TEONJ +D136;D136;1110 1165 11AD;D136;1110 1165 11AD; # (턶; 턶; á„ᅥᆭ; 턶; á„ᅥᆭ; ) HANGUL SYLLABLE TEONH +D137;D137;1110 1165 11AE;D137;1110 1165 11AE; # (í„·; í„·; á„ᅥᆮ; í„·; á„ᅥᆮ; ) HANGUL SYLLABLE TEOD +D138;D138;1110 1165 11AF;D138;1110 1165 11AF; # (털; 털; á„ᅥᆯ; 털; á„ᅥᆯ; ) HANGUL SYLLABLE TEOL +D139;D139;1110 1165 11B0;D139;1110 1165 11B0; # (턹; 턹; á„ᅥᆰ; 턹; á„ᅥᆰ; ) HANGUL SYLLABLE TEOLG +D13A;D13A;1110 1165 11B1;D13A;1110 1165 11B1; # (턺; 턺; á„ᅥᆱ; 턺; á„ᅥᆱ; ) HANGUL SYLLABLE TEOLM +D13B;D13B;1110 1165 11B2;D13B;1110 1165 11B2; # (í„»; í„»; á„ᅥᆲ; í„»; á„ᅥᆲ; ) HANGUL SYLLABLE TEOLB +D13C;D13C;1110 1165 11B3;D13C;1110 1165 11B3; # (턼; 턼; á„ᅥᆳ; 턼; á„ᅥᆳ; ) HANGUL SYLLABLE TEOLS +D13D;D13D;1110 1165 11B4;D13D;1110 1165 11B4; # (턽; 턽; á„ᅥᆴ; 턽; á„ᅥᆴ; ) HANGUL SYLLABLE TEOLT +D13E;D13E;1110 1165 11B5;D13E;1110 1165 11B5; # (턾; 턾; á„ᅥᆵ; 턾; á„ᅥᆵ; ) HANGUL SYLLABLE TEOLP +D13F;D13F;1110 1165 11B6;D13F;1110 1165 11B6; # (í„¿; í„¿; á„ᅥᆶ; í„¿; á„ᅥᆶ; ) HANGUL SYLLABLE TEOLH +D140;D140;1110 1165 11B7;D140;1110 1165 11B7; # (í…€; í…€; á„ᅥᆷ; í…€; á„ᅥᆷ; ) HANGUL SYLLABLE TEOM +D141;D141;1110 1165 11B8;D141;1110 1165 11B8; # (í…; í…; á„ᅥᆸ; í…; á„ᅥᆸ; ) HANGUL SYLLABLE TEOB +D142;D142;1110 1165 11B9;D142;1110 1165 11B9; # (í…‚; í…‚; á„ᅥᆹ; í…‚; á„ᅥᆹ; ) HANGUL SYLLABLE TEOBS +D143;D143;1110 1165 11BA;D143;1110 1165 11BA; # (í…ƒ; í…ƒ; á„ᅥᆺ; í…ƒ; á„ᅥᆺ; ) HANGUL SYLLABLE TEOS +D144;D144;1110 1165 11BB;D144;1110 1165 11BB; # (í…„; í…„; á„ᅥᆻ; í…„; á„ᅥᆻ; ) HANGUL SYLLABLE TEOSS +D145;D145;1110 1165 11BC;D145;1110 1165 11BC; # (í……; í……; á„ᅥᆼ; í……; á„ᅥᆼ; ) HANGUL SYLLABLE TEONG +D146;D146;1110 1165 11BD;D146;1110 1165 11BD; # (í…†; í…†; á„ᅥᆽ; í…†; á„ᅥᆽ; ) HANGUL SYLLABLE TEOJ +D147;D147;1110 1165 11BE;D147;1110 1165 11BE; # (í…‡; í…‡; á„ᅥᆾ; í…‡; á„ᅥᆾ; ) HANGUL SYLLABLE TEOC +D148;D148;1110 1165 11BF;D148;1110 1165 11BF; # (í…ˆ; í…ˆ; á„ᅥᆿ; í…ˆ; á„ᅥᆿ; ) HANGUL SYLLABLE TEOK +D149;D149;1110 1165 11C0;D149;1110 1165 11C0; # (í…‰; í…‰; á„ᅥᇀ; í…‰; á„ᅥᇀ; ) HANGUL SYLLABLE TEOT +D14A;D14A;1110 1165 11C1;D14A;1110 1165 11C1; # (í…Š; í…Š; á„á…¥á‡; í…Š; á„á…¥á‡; ) HANGUL SYLLABLE TEOP +D14B;D14B;1110 1165 11C2;D14B;1110 1165 11C2; # (í…‹; í…‹; á„ᅥᇂ; í…‹; á„ᅥᇂ; ) HANGUL SYLLABLE TEOH +D14C;D14C;1110 1166;D14C;1110 1166; # (í…Œ; í…Œ; á„á…¦; í…Œ; á„á…¦; ) HANGUL SYLLABLE TE +D14D;D14D;1110 1166 11A8;D14D;1110 1166 11A8; # (í…; í…; á„ᅦᆨ; í…; á„ᅦᆨ; ) HANGUL SYLLABLE TEG +D14E;D14E;1110 1166 11A9;D14E;1110 1166 11A9; # (í…Ž; í…Ž; á„ᅦᆩ; í…Ž; á„ᅦᆩ; ) HANGUL SYLLABLE TEGG +D14F;D14F;1110 1166 11AA;D14F;1110 1166 11AA; # (í…; í…; á„ᅦᆪ; í…; á„ᅦᆪ; ) HANGUL SYLLABLE TEGS +D150;D150;1110 1166 11AB;D150;1110 1166 11AB; # (í…; í…; á„ᅦᆫ; í…; á„ᅦᆫ; ) HANGUL SYLLABLE TEN +D151;D151;1110 1166 11AC;D151;1110 1166 11AC; # (í…‘; í…‘; á„ᅦᆬ; í…‘; á„ᅦᆬ; ) HANGUL SYLLABLE TENJ +D152;D152;1110 1166 11AD;D152;1110 1166 11AD; # (í…’; í…’; á„ᅦᆭ; í…’; á„ᅦᆭ; ) HANGUL SYLLABLE TENH +D153;D153;1110 1166 11AE;D153;1110 1166 11AE; # (í…“; í…“; á„ᅦᆮ; í…“; á„ᅦᆮ; ) HANGUL SYLLABLE TED +D154;D154;1110 1166 11AF;D154;1110 1166 11AF; # (í…”; í…”; á„ᅦᆯ; í…”; á„ᅦᆯ; ) HANGUL SYLLABLE TEL +D155;D155;1110 1166 11B0;D155;1110 1166 11B0; # (í…•; í…•; á„ᅦᆰ; í…•; á„ᅦᆰ; ) HANGUL SYLLABLE TELG +D156;D156;1110 1166 11B1;D156;1110 1166 11B1; # (í…–; í…–; á„ᅦᆱ; í…–; á„ᅦᆱ; ) HANGUL SYLLABLE TELM +D157;D157;1110 1166 11B2;D157;1110 1166 11B2; # (í…—; í…—; á„ᅦᆲ; í…—; á„ᅦᆲ; ) HANGUL SYLLABLE TELB +D158;D158;1110 1166 11B3;D158;1110 1166 11B3; # (í…˜; í…˜; á„ᅦᆳ; í…˜; á„ᅦᆳ; ) HANGUL SYLLABLE TELS +D159;D159;1110 1166 11B4;D159;1110 1166 11B4; # (í…™; í…™; á„ᅦᆴ; í…™; á„ᅦᆴ; ) HANGUL SYLLABLE TELT +D15A;D15A;1110 1166 11B5;D15A;1110 1166 11B5; # (í…š; í…š; á„ᅦᆵ; í…š; á„ᅦᆵ; ) HANGUL SYLLABLE TELP +D15B;D15B;1110 1166 11B6;D15B;1110 1166 11B6; # (í…›; í…›; á„ᅦᆶ; í…›; á„ᅦᆶ; ) HANGUL SYLLABLE TELH +D15C;D15C;1110 1166 11B7;D15C;1110 1166 11B7; # (í…œ; í…œ; á„ᅦᆷ; í…œ; á„ᅦᆷ; ) HANGUL SYLLABLE TEM +D15D;D15D;1110 1166 11B8;D15D;1110 1166 11B8; # (í…; í…; á„ᅦᆸ; í…; á„ᅦᆸ; ) HANGUL SYLLABLE TEB +D15E;D15E;1110 1166 11B9;D15E;1110 1166 11B9; # (í…ž; í…ž; á„ᅦᆹ; í…ž; á„ᅦᆹ; ) HANGUL SYLLABLE TEBS +D15F;D15F;1110 1166 11BA;D15F;1110 1166 11BA; # (í…Ÿ; í…Ÿ; á„ᅦᆺ; í…Ÿ; á„ᅦᆺ; ) HANGUL SYLLABLE TES +D160;D160;1110 1166 11BB;D160;1110 1166 11BB; # (í… ; í… ; á„ᅦᆻ; í… ; á„ᅦᆻ; ) HANGUL SYLLABLE TESS +D161;D161;1110 1166 11BC;D161;1110 1166 11BC; # (í…¡; í…¡; á„ᅦᆼ; í…¡; á„ᅦᆼ; ) HANGUL SYLLABLE TENG +D162;D162;1110 1166 11BD;D162;1110 1166 11BD; # (í…¢; í…¢; á„ᅦᆽ; í…¢; á„ᅦᆽ; ) HANGUL SYLLABLE TEJ +D163;D163;1110 1166 11BE;D163;1110 1166 11BE; # (í…£; í…£; á„ᅦᆾ; í…£; á„ᅦᆾ; ) HANGUL SYLLABLE TEC +D164;D164;1110 1166 11BF;D164;1110 1166 11BF; # (í…¤; í…¤; á„ᅦᆿ; í…¤; á„ᅦᆿ; ) HANGUL SYLLABLE TEK +D165;D165;1110 1166 11C0;D165;1110 1166 11C0; # (í…¥; í…¥; á„ᅦᇀ; í…¥; á„ᅦᇀ; ) HANGUL SYLLABLE TET +D166;D166;1110 1166 11C1;D166;1110 1166 11C1; # (í…¦; í…¦; á„á…¦á‡; í…¦; á„á…¦á‡; ) HANGUL SYLLABLE TEP +D167;D167;1110 1166 11C2;D167;1110 1166 11C2; # (í…§; í…§; á„ᅦᇂ; í…§; á„ᅦᇂ; ) HANGUL SYLLABLE TEH +D168;D168;1110 1167;D168;1110 1167; # (í…¨; í…¨; á„á…§; í…¨; á„á…§; ) HANGUL SYLLABLE TYEO +D169;D169;1110 1167 11A8;D169;1110 1167 11A8; # (í…©; í…©; á„ᅧᆨ; í…©; á„ᅧᆨ; ) HANGUL SYLLABLE TYEOG +D16A;D16A;1110 1167 11A9;D16A;1110 1167 11A9; # (í…ª; í…ª; á„ᅧᆩ; í…ª; á„ᅧᆩ; ) HANGUL SYLLABLE TYEOGG +D16B;D16B;1110 1167 11AA;D16B;1110 1167 11AA; # (í…«; í…«; á„ᅧᆪ; í…«; á„ᅧᆪ; ) HANGUL SYLLABLE TYEOGS +D16C;D16C;1110 1167 11AB;D16C;1110 1167 11AB; # (í…¬; í…¬; á„ᅧᆫ; í…¬; á„ᅧᆫ; ) HANGUL SYLLABLE TYEON +D16D;D16D;1110 1167 11AC;D16D;1110 1167 11AC; # (í…­; í…­; á„ᅧᆬ; í…­; á„ᅧᆬ; ) HANGUL SYLLABLE TYEONJ +D16E;D16E;1110 1167 11AD;D16E;1110 1167 11AD; # (í…®; í…®; á„ᅧᆭ; í…®; á„ᅧᆭ; ) HANGUL SYLLABLE TYEONH +D16F;D16F;1110 1167 11AE;D16F;1110 1167 11AE; # (í…¯; í…¯; á„ᅧᆮ; í…¯; á„ᅧᆮ; ) HANGUL SYLLABLE TYEOD +D170;D170;1110 1167 11AF;D170;1110 1167 11AF; # (í…°; í…°; á„ᅧᆯ; í…°; á„ᅧᆯ; ) HANGUL SYLLABLE TYEOL +D171;D171;1110 1167 11B0;D171;1110 1167 11B0; # (í…±; í…±; á„ᅧᆰ; í…±; á„ᅧᆰ; ) HANGUL SYLLABLE TYEOLG +D172;D172;1110 1167 11B1;D172;1110 1167 11B1; # (í…²; í…²; á„ᅧᆱ; í…²; á„ᅧᆱ; ) HANGUL SYLLABLE TYEOLM +D173;D173;1110 1167 11B2;D173;1110 1167 11B2; # (í…³; í…³; á„ᅧᆲ; í…³; á„ᅧᆲ; ) HANGUL SYLLABLE TYEOLB +D174;D174;1110 1167 11B3;D174;1110 1167 11B3; # (í…´; í…´; á„ᅧᆳ; í…´; á„ᅧᆳ; ) HANGUL SYLLABLE TYEOLS +D175;D175;1110 1167 11B4;D175;1110 1167 11B4; # (í…µ; í…µ; á„ᅧᆴ; í…µ; á„ᅧᆴ; ) HANGUL SYLLABLE TYEOLT +D176;D176;1110 1167 11B5;D176;1110 1167 11B5; # (í…¶; í…¶; á„ᅧᆵ; í…¶; á„ᅧᆵ; ) HANGUL SYLLABLE TYEOLP +D177;D177;1110 1167 11B6;D177;1110 1167 11B6; # (í…·; í…·; á„ᅧᆶ; í…·; á„ᅧᆶ; ) HANGUL SYLLABLE TYEOLH +D178;D178;1110 1167 11B7;D178;1110 1167 11B7; # (í…¸; í…¸; á„ᅧᆷ; í…¸; á„ᅧᆷ; ) HANGUL SYLLABLE TYEOM +D179;D179;1110 1167 11B8;D179;1110 1167 11B8; # (í…¹; í…¹; á„ᅧᆸ; í…¹; á„ᅧᆸ; ) HANGUL SYLLABLE TYEOB +D17A;D17A;1110 1167 11B9;D17A;1110 1167 11B9; # (í…º; í…º; á„ᅧᆹ; í…º; á„ᅧᆹ; ) HANGUL SYLLABLE TYEOBS +D17B;D17B;1110 1167 11BA;D17B;1110 1167 11BA; # (í…»; í…»; á„ᅧᆺ; í…»; á„ᅧᆺ; ) HANGUL SYLLABLE TYEOS +D17C;D17C;1110 1167 11BB;D17C;1110 1167 11BB; # (í…¼; í…¼; á„ᅧᆻ; í…¼; á„ᅧᆻ; ) HANGUL SYLLABLE TYEOSS +D17D;D17D;1110 1167 11BC;D17D;1110 1167 11BC; # (í…½; í…½; á„ᅧᆼ; í…½; á„ᅧᆼ; ) HANGUL SYLLABLE TYEONG +D17E;D17E;1110 1167 11BD;D17E;1110 1167 11BD; # (í…¾; í…¾; á„ᅧᆽ; í…¾; á„ᅧᆽ; ) HANGUL SYLLABLE TYEOJ +D17F;D17F;1110 1167 11BE;D17F;1110 1167 11BE; # (í…¿; í…¿; á„ᅧᆾ; í…¿; á„ᅧᆾ; ) HANGUL SYLLABLE TYEOC +D180;D180;1110 1167 11BF;D180;1110 1167 11BF; # (톀; 톀; á„ᅧᆿ; 톀; á„ᅧᆿ; ) HANGUL SYLLABLE TYEOK +D181;D181;1110 1167 11C0;D181;1110 1167 11C0; # (í†; í†; á„ᅧᇀ; í†; á„ᅧᇀ; ) HANGUL SYLLABLE TYEOT +D182;D182;1110 1167 11C1;D182;1110 1167 11C1; # (톂; 톂; á„á…§á‡; 톂; á„á…§á‡; ) HANGUL SYLLABLE TYEOP +D183;D183;1110 1167 11C2;D183;1110 1167 11C2; # (톃; 톃; á„ᅧᇂ; 톃; á„ᅧᇂ; ) HANGUL SYLLABLE TYEOH +D184;D184;1110 1168;D184;1110 1168; # (톄; 톄; á„á…¨; 톄; á„á…¨; ) HANGUL SYLLABLE TYE +D185;D185;1110 1168 11A8;D185;1110 1168 11A8; # (톅; 톅; á„ᅨᆨ; 톅; á„ᅨᆨ; ) HANGUL SYLLABLE TYEG +D186;D186;1110 1168 11A9;D186;1110 1168 11A9; # (톆; 톆; á„ᅨᆩ; 톆; á„ᅨᆩ; ) HANGUL SYLLABLE TYEGG +D187;D187;1110 1168 11AA;D187;1110 1168 11AA; # (톇; 톇; á„ᅨᆪ; 톇; á„ᅨᆪ; ) HANGUL SYLLABLE TYEGS +D188;D188;1110 1168 11AB;D188;1110 1168 11AB; # (톈; 톈; á„ᅨᆫ; 톈; á„ᅨᆫ; ) HANGUL SYLLABLE TYEN +D189;D189;1110 1168 11AC;D189;1110 1168 11AC; # (톉; 톉; á„ᅨᆬ; 톉; á„ᅨᆬ; ) HANGUL SYLLABLE TYENJ +D18A;D18A;1110 1168 11AD;D18A;1110 1168 11AD; # (톊; 톊; á„ᅨᆭ; 톊; á„ᅨᆭ; ) HANGUL SYLLABLE TYENH +D18B;D18B;1110 1168 11AE;D18B;1110 1168 11AE; # (톋; 톋; á„ᅨᆮ; 톋; á„ᅨᆮ; ) HANGUL SYLLABLE TYED +D18C;D18C;1110 1168 11AF;D18C;1110 1168 11AF; # (톌; 톌; á„ᅨᆯ; 톌; á„ᅨᆯ; ) HANGUL SYLLABLE TYEL +D18D;D18D;1110 1168 11B0;D18D;1110 1168 11B0; # (í†; í†; á„ᅨᆰ; í†; á„ᅨᆰ; ) HANGUL SYLLABLE TYELG +D18E;D18E;1110 1168 11B1;D18E;1110 1168 11B1; # (톎; 톎; á„ᅨᆱ; 톎; á„ᅨᆱ; ) HANGUL SYLLABLE TYELM +D18F;D18F;1110 1168 11B2;D18F;1110 1168 11B2; # (í†; í†; á„ᅨᆲ; í†; á„ᅨᆲ; ) HANGUL SYLLABLE TYELB +D190;D190;1110 1168 11B3;D190;1110 1168 11B3; # (í†; í†; á„ᅨᆳ; í†; á„ᅨᆳ; ) HANGUL SYLLABLE TYELS +D191;D191;1110 1168 11B4;D191;1110 1168 11B4; # (톑; 톑; á„ᅨᆴ; 톑; á„ᅨᆴ; ) HANGUL SYLLABLE TYELT +D192;D192;1110 1168 11B5;D192;1110 1168 11B5; # (톒; 톒; á„ᅨᆵ; 톒; á„ᅨᆵ; ) HANGUL SYLLABLE TYELP +D193;D193;1110 1168 11B6;D193;1110 1168 11B6; # (톓; 톓; á„ᅨᆶ; 톓; á„ᅨᆶ; ) HANGUL SYLLABLE TYELH +D194;D194;1110 1168 11B7;D194;1110 1168 11B7; # (톔; 톔; á„ᅨᆷ; 톔; á„ᅨᆷ; ) HANGUL SYLLABLE TYEM +D195;D195;1110 1168 11B8;D195;1110 1168 11B8; # (톕; 톕; á„ᅨᆸ; 톕; á„ᅨᆸ; ) HANGUL SYLLABLE TYEB +D196;D196;1110 1168 11B9;D196;1110 1168 11B9; # (톖; 톖; á„ᅨᆹ; 톖; á„ᅨᆹ; ) HANGUL SYLLABLE TYEBS +D197;D197;1110 1168 11BA;D197;1110 1168 11BA; # (톗; 톗; á„ᅨᆺ; 톗; á„ᅨᆺ; ) HANGUL SYLLABLE TYES +D198;D198;1110 1168 11BB;D198;1110 1168 11BB; # (톘; 톘; á„ᅨᆻ; 톘; á„ᅨᆻ; ) HANGUL SYLLABLE TYESS +D199;D199;1110 1168 11BC;D199;1110 1168 11BC; # (톙; 톙; á„ᅨᆼ; 톙; á„ᅨᆼ; ) HANGUL SYLLABLE TYENG +D19A;D19A;1110 1168 11BD;D19A;1110 1168 11BD; # (톚; 톚; á„ᅨᆽ; 톚; á„ᅨᆽ; ) HANGUL SYLLABLE TYEJ +D19B;D19B;1110 1168 11BE;D19B;1110 1168 11BE; # (톛; 톛; á„ᅨᆾ; 톛; á„ᅨᆾ; ) HANGUL SYLLABLE TYEC +D19C;D19C;1110 1168 11BF;D19C;1110 1168 11BF; # (톜; 톜; á„ᅨᆿ; 톜; á„ᅨᆿ; ) HANGUL SYLLABLE TYEK +D19D;D19D;1110 1168 11C0;D19D;1110 1168 11C0; # (í†; í†; á„ᅨᇀ; í†; á„ᅨᇀ; ) HANGUL SYLLABLE TYET +D19E;D19E;1110 1168 11C1;D19E;1110 1168 11C1; # (톞; 톞; á„á…¨á‡; 톞; á„á…¨á‡; ) HANGUL SYLLABLE TYEP +D19F;D19F;1110 1168 11C2;D19F;1110 1168 11C2; # (톟; 톟; á„ᅨᇂ; 톟; á„ᅨᇂ; ) HANGUL SYLLABLE TYEH +D1A0;D1A0;1110 1169;D1A0;1110 1169; # (토; 토; á„á…©; 토; á„á…©; ) HANGUL SYLLABLE TO +D1A1;D1A1;1110 1169 11A8;D1A1;1110 1169 11A8; # (톡; 톡; á„ᅩᆨ; 톡; á„ᅩᆨ; ) HANGUL SYLLABLE TOG +D1A2;D1A2;1110 1169 11A9;D1A2;1110 1169 11A9; # (톢; 톢; á„ᅩᆩ; 톢; á„ᅩᆩ; ) HANGUL SYLLABLE TOGG +D1A3;D1A3;1110 1169 11AA;D1A3;1110 1169 11AA; # (톣; 톣; á„ᅩᆪ; 톣; á„ᅩᆪ; ) HANGUL SYLLABLE TOGS +D1A4;D1A4;1110 1169 11AB;D1A4;1110 1169 11AB; # (톤; 톤; á„ᅩᆫ; 톤; á„ᅩᆫ; ) HANGUL SYLLABLE TON +D1A5;D1A5;1110 1169 11AC;D1A5;1110 1169 11AC; # (톥; 톥; á„ᅩᆬ; 톥; á„ᅩᆬ; ) HANGUL SYLLABLE TONJ +D1A6;D1A6;1110 1169 11AD;D1A6;1110 1169 11AD; # (톦; 톦; á„ᅩᆭ; 톦; á„ᅩᆭ; ) HANGUL SYLLABLE TONH +D1A7;D1A7;1110 1169 11AE;D1A7;1110 1169 11AE; # (톧; 톧; á„ᅩᆮ; 톧; á„ᅩᆮ; ) HANGUL SYLLABLE TOD +D1A8;D1A8;1110 1169 11AF;D1A8;1110 1169 11AF; # (톨; 톨; á„ᅩᆯ; 톨; á„ᅩᆯ; ) HANGUL SYLLABLE TOL +D1A9;D1A9;1110 1169 11B0;D1A9;1110 1169 11B0; # (톩; 톩; á„ᅩᆰ; 톩; á„ᅩᆰ; ) HANGUL SYLLABLE TOLG +D1AA;D1AA;1110 1169 11B1;D1AA;1110 1169 11B1; # (톪; 톪; á„ᅩᆱ; 톪; á„ᅩᆱ; ) HANGUL SYLLABLE TOLM +D1AB;D1AB;1110 1169 11B2;D1AB;1110 1169 11B2; # (톫; 톫; á„ᅩᆲ; 톫; á„ᅩᆲ; ) HANGUL SYLLABLE TOLB +D1AC;D1AC;1110 1169 11B3;D1AC;1110 1169 11B3; # (톬; 톬; á„ᅩᆳ; 톬; á„ᅩᆳ; ) HANGUL SYLLABLE TOLS +D1AD;D1AD;1110 1169 11B4;D1AD;1110 1169 11B4; # (톭; 톭; á„ᅩᆴ; 톭; á„ᅩᆴ; ) HANGUL SYLLABLE TOLT +D1AE;D1AE;1110 1169 11B5;D1AE;1110 1169 11B5; # (톮; 톮; á„ᅩᆵ; 톮; á„ᅩᆵ; ) HANGUL SYLLABLE TOLP +D1AF;D1AF;1110 1169 11B6;D1AF;1110 1169 11B6; # (톯; 톯; á„ᅩᆶ; 톯; á„ᅩᆶ; ) HANGUL SYLLABLE TOLH +D1B0;D1B0;1110 1169 11B7;D1B0;1110 1169 11B7; # (톰; 톰; á„ᅩᆷ; 톰; á„ᅩᆷ; ) HANGUL SYLLABLE TOM +D1B1;D1B1;1110 1169 11B8;D1B1;1110 1169 11B8; # (톱; 톱; á„ᅩᆸ; 톱; á„ᅩᆸ; ) HANGUL SYLLABLE TOB +D1B2;D1B2;1110 1169 11B9;D1B2;1110 1169 11B9; # (톲; 톲; á„ᅩᆹ; 톲; á„ᅩᆹ; ) HANGUL SYLLABLE TOBS +D1B3;D1B3;1110 1169 11BA;D1B3;1110 1169 11BA; # (톳; 톳; á„ᅩᆺ; 톳; á„ᅩᆺ; ) HANGUL SYLLABLE TOS +D1B4;D1B4;1110 1169 11BB;D1B4;1110 1169 11BB; # (톴; 톴; á„ᅩᆻ; 톴; á„ᅩᆻ; ) HANGUL SYLLABLE TOSS +D1B5;D1B5;1110 1169 11BC;D1B5;1110 1169 11BC; # (통; 통; á„ᅩᆼ; 통; á„ᅩᆼ; ) HANGUL SYLLABLE TONG +D1B6;D1B6;1110 1169 11BD;D1B6;1110 1169 11BD; # (톶; 톶; á„ᅩᆽ; 톶; á„ᅩᆽ; ) HANGUL SYLLABLE TOJ +D1B7;D1B7;1110 1169 11BE;D1B7;1110 1169 11BE; # (톷; 톷; á„ᅩᆾ; 톷; á„ᅩᆾ; ) HANGUL SYLLABLE TOC +D1B8;D1B8;1110 1169 11BF;D1B8;1110 1169 11BF; # (톸; 톸; á„ᅩᆿ; 톸; á„ᅩᆿ; ) HANGUL SYLLABLE TOK +D1B9;D1B9;1110 1169 11C0;D1B9;1110 1169 11C0; # (톹; 톹; á„ᅩᇀ; 톹; á„ᅩᇀ; ) HANGUL SYLLABLE TOT +D1BA;D1BA;1110 1169 11C1;D1BA;1110 1169 11C1; # (톺; 톺; á„á…©á‡; 톺; á„á…©á‡; ) HANGUL SYLLABLE TOP +D1BB;D1BB;1110 1169 11C2;D1BB;1110 1169 11C2; # (톻; 톻; á„ᅩᇂ; 톻; á„ᅩᇂ; ) HANGUL SYLLABLE TOH +D1BC;D1BC;1110 116A;D1BC;1110 116A; # (톼; 톼; á„á…ª; 톼; á„á…ª; ) HANGUL SYLLABLE TWA +D1BD;D1BD;1110 116A 11A8;D1BD;1110 116A 11A8; # (톽; 톽; á„ᅪᆨ; 톽; á„ᅪᆨ; ) HANGUL SYLLABLE TWAG +D1BE;D1BE;1110 116A 11A9;D1BE;1110 116A 11A9; # (톾; 톾; á„ᅪᆩ; 톾; á„ᅪᆩ; ) HANGUL SYLLABLE TWAGG +D1BF;D1BF;1110 116A 11AA;D1BF;1110 116A 11AA; # (톿; 톿; á„ᅪᆪ; 톿; á„ᅪᆪ; ) HANGUL SYLLABLE TWAGS +D1C0;D1C0;1110 116A 11AB;D1C0;1110 116A 11AB; # (퇀; 퇀; á„ᅪᆫ; 퇀; á„ᅪᆫ; ) HANGUL SYLLABLE TWAN +D1C1;D1C1;1110 116A 11AC;D1C1;1110 116A 11AC; # (í‡; í‡; á„ᅪᆬ; í‡; á„ᅪᆬ; ) HANGUL SYLLABLE TWANJ +D1C2;D1C2;1110 116A 11AD;D1C2;1110 116A 11AD; # (퇂; 퇂; á„ᅪᆭ; 퇂; á„ᅪᆭ; ) HANGUL SYLLABLE TWANH +D1C3;D1C3;1110 116A 11AE;D1C3;1110 116A 11AE; # (퇃; 퇃; á„ᅪᆮ; 퇃; á„ᅪᆮ; ) HANGUL SYLLABLE TWAD +D1C4;D1C4;1110 116A 11AF;D1C4;1110 116A 11AF; # (퇄; 퇄; á„ᅪᆯ; 퇄; á„ᅪᆯ; ) HANGUL SYLLABLE TWAL +D1C5;D1C5;1110 116A 11B0;D1C5;1110 116A 11B0; # (퇅; 퇅; á„ᅪᆰ; 퇅; á„ᅪᆰ; ) HANGUL SYLLABLE TWALG +D1C6;D1C6;1110 116A 11B1;D1C6;1110 116A 11B1; # (퇆; 퇆; á„ᅪᆱ; 퇆; á„ᅪᆱ; ) HANGUL SYLLABLE TWALM +D1C7;D1C7;1110 116A 11B2;D1C7;1110 116A 11B2; # (퇇; 퇇; á„ᅪᆲ; 퇇; á„ᅪᆲ; ) HANGUL SYLLABLE TWALB +D1C8;D1C8;1110 116A 11B3;D1C8;1110 116A 11B3; # (퇈; 퇈; á„ᅪᆳ; 퇈; á„ᅪᆳ; ) HANGUL SYLLABLE TWALS +D1C9;D1C9;1110 116A 11B4;D1C9;1110 116A 11B4; # (퇉; 퇉; á„ᅪᆴ; 퇉; á„ᅪᆴ; ) HANGUL SYLLABLE TWALT +D1CA;D1CA;1110 116A 11B5;D1CA;1110 116A 11B5; # (퇊; 퇊; á„ᅪᆵ; 퇊; á„ᅪᆵ; ) HANGUL SYLLABLE TWALP +D1CB;D1CB;1110 116A 11B6;D1CB;1110 116A 11B6; # (퇋; 퇋; á„ᅪᆶ; 퇋; á„ᅪᆶ; ) HANGUL SYLLABLE TWALH +D1CC;D1CC;1110 116A 11B7;D1CC;1110 116A 11B7; # (퇌; 퇌; á„ᅪᆷ; 퇌; á„ᅪᆷ; ) HANGUL SYLLABLE TWAM +D1CD;D1CD;1110 116A 11B8;D1CD;1110 116A 11B8; # (í‡; í‡; á„ᅪᆸ; í‡; á„ᅪᆸ; ) HANGUL SYLLABLE TWAB +D1CE;D1CE;1110 116A 11B9;D1CE;1110 116A 11B9; # (퇎; 퇎; á„ᅪᆹ; 퇎; á„ᅪᆹ; ) HANGUL SYLLABLE TWABS +D1CF;D1CF;1110 116A 11BA;D1CF;1110 116A 11BA; # (í‡; í‡; á„ᅪᆺ; í‡; á„ᅪᆺ; ) HANGUL SYLLABLE TWAS +D1D0;D1D0;1110 116A 11BB;D1D0;1110 116A 11BB; # (í‡; í‡; á„ᅪᆻ; í‡; á„ᅪᆻ; ) HANGUL SYLLABLE TWASS +D1D1;D1D1;1110 116A 11BC;D1D1;1110 116A 11BC; # (퇑; 퇑; á„ᅪᆼ; 퇑; á„ᅪᆼ; ) HANGUL SYLLABLE TWANG +D1D2;D1D2;1110 116A 11BD;D1D2;1110 116A 11BD; # (퇒; 퇒; á„ᅪᆽ; 퇒; á„ᅪᆽ; ) HANGUL SYLLABLE TWAJ +D1D3;D1D3;1110 116A 11BE;D1D3;1110 116A 11BE; # (퇓; 퇓; á„ᅪᆾ; 퇓; á„ᅪᆾ; ) HANGUL SYLLABLE TWAC +D1D4;D1D4;1110 116A 11BF;D1D4;1110 116A 11BF; # (퇔; 퇔; á„ᅪᆿ; 퇔; á„ᅪᆿ; ) HANGUL SYLLABLE TWAK +D1D5;D1D5;1110 116A 11C0;D1D5;1110 116A 11C0; # (퇕; 퇕; á„ᅪᇀ; 퇕; á„ᅪᇀ; ) HANGUL SYLLABLE TWAT +D1D6;D1D6;1110 116A 11C1;D1D6;1110 116A 11C1; # (퇖; 퇖; á„á…ªá‡; 퇖; á„á…ªá‡; ) HANGUL SYLLABLE TWAP +D1D7;D1D7;1110 116A 11C2;D1D7;1110 116A 11C2; # (퇗; 퇗; á„ᅪᇂ; 퇗; á„ᅪᇂ; ) HANGUL SYLLABLE TWAH +D1D8;D1D8;1110 116B;D1D8;1110 116B; # (퇘; 퇘; á„á…«; 퇘; á„á…«; ) HANGUL SYLLABLE TWAE +D1D9;D1D9;1110 116B 11A8;D1D9;1110 116B 11A8; # (퇙; 퇙; á„ᅫᆨ; 퇙; á„ᅫᆨ; ) HANGUL SYLLABLE TWAEG +D1DA;D1DA;1110 116B 11A9;D1DA;1110 116B 11A9; # (퇚; 퇚; á„ᅫᆩ; 퇚; á„ᅫᆩ; ) HANGUL SYLLABLE TWAEGG +D1DB;D1DB;1110 116B 11AA;D1DB;1110 116B 11AA; # (퇛; 퇛; á„ᅫᆪ; 퇛; á„ᅫᆪ; ) HANGUL SYLLABLE TWAEGS +D1DC;D1DC;1110 116B 11AB;D1DC;1110 116B 11AB; # (퇜; 퇜; á„ᅫᆫ; 퇜; á„ᅫᆫ; ) HANGUL SYLLABLE TWAEN +D1DD;D1DD;1110 116B 11AC;D1DD;1110 116B 11AC; # (í‡; í‡; á„ᅫᆬ; í‡; á„ᅫᆬ; ) HANGUL SYLLABLE TWAENJ +D1DE;D1DE;1110 116B 11AD;D1DE;1110 116B 11AD; # (퇞; 퇞; á„ᅫᆭ; 퇞; á„ᅫᆭ; ) HANGUL SYLLABLE TWAENH +D1DF;D1DF;1110 116B 11AE;D1DF;1110 116B 11AE; # (퇟; 퇟; á„ᅫᆮ; 퇟; á„ᅫᆮ; ) HANGUL SYLLABLE TWAED +D1E0;D1E0;1110 116B 11AF;D1E0;1110 116B 11AF; # (퇠; 퇠; á„ᅫᆯ; 퇠; á„ᅫᆯ; ) HANGUL SYLLABLE TWAEL +D1E1;D1E1;1110 116B 11B0;D1E1;1110 116B 11B0; # (퇡; 퇡; á„ᅫᆰ; 퇡; á„ᅫᆰ; ) HANGUL SYLLABLE TWAELG +D1E2;D1E2;1110 116B 11B1;D1E2;1110 116B 11B1; # (퇢; 퇢; á„ᅫᆱ; 퇢; á„ᅫᆱ; ) HANGUL SYLLABLE TWAELM +D1E3;D1E3;1110 116B 11B2;D1E3;1110 116B 11B2; # (퇣; 퇣; á„ᅫᆲ; 퇣; á„ᅫᆲ; ) HANGUL SYLLABLE TWAELB +D1E4;D1E4;1110 116B 11B3;D1E4;1110 116B 11B3; # (퇤; 퇤; á„ᅫᆳ; 퇤; á„ᅫᆳ; ) HANGUL SYLLABLE TWAELS +D1E5;D1E5;1110 116B 11B4;D1E5;1110 116B 11B4; # (퇥; 퇥; á„ᅫᆴ; 퇥; á„ᅫᆴ; ) HANGUL SYLLABLE TWAELT +D1E6;D1E6;1110 116B 11B5;D1E6;1110 116B 11B5; # (퇦; 퇦; á„ᅫᆵ; 퇦; á„ᅫᆵ; ) HANGUL SYLLABLE TWAELP +D1E7;D1E7;1110 116B 11B6;D1E7;1110 116B 11B6; # (퇧; 퇧; á„ᅫᆶ; 퇧; á„ᅫᆶ; ) HANGUL SYLLABLE TWAELH +D1E8;D1E8;1110 116B 11B7;D1E8;1110 116B 11B7; # (퇨; 퇨; á„ᅫᆷ; 퇨; á„ᅫᆷ; ) HANGUL SYLLABLE TWAEM +D1E9;D1E9;1110 116B 11B8;D1E9;1110 116B 11B8; # (퇩; 퇩; á„ᅫᆸ; 퇩; á„ᅫᆸ; ) HANGUL SYLLABLE TWAEB +D1EA;D1EA;1110 116B 11B9;D1EA;1110 116B 11B9; # (퇪; 퇪; á„ᅫᆹ; 퇪; á„ᅫᆹ; ) HANGUL SYLLABLE TWAEBS +D1EB;D1EB;1110 116B 11BA;D1EB;1110 116B 11BA; # (퇫; 퇫; á„ᅫᆺ; 퇫; á„ᅫᆺ; ) HANGUL SYLLABLE TWAES +D1EC;D1EC;1110 116B 11BB;D1EC;1110 116B 11BB; # (퇬; 퇬; á„ᅫᆻ; 퇬; á„ᅫᆻ; ) HANGUL SYLLABLE TWAESS +D1ED;D1ED;1110 116B 11BC;D1ED;1110 116B 11BC; # (퇭; 퇭; á„ᅫᆼ; 퇭; á„ᅫᆼ; ) HANGUL SYLLABLE TWAENG +D1EE;D1EE;1110 116B 11BD;D1EE;1110 116B 11BD; # (퇮; 퇮; á„ᅫᆽ; 퇮; á„ᅫᆽ; ) HANGUL SYLLABLE TWAEJ +D1EF;D1EF;1110 116B 11BE;D1EF;1110 116B 11BE; # (퇯; 퇯; á„ᅫᆾ; 퇯; á„ᅫᆾ; ) HANGUL SYLLABLE TWAEC +D1F0;D1F0;1110 116B 11BF;D1F0;1110 116B 11BF; # (퇰; 퇰; á„ᅫᆿ; 퇰; á„ᅫᆿ; ) HANGUL SYLLABLE TWAEK +D1F1;D1F1;1110 116B 11C0;D1F1;1110 116B 11C0; # (퇱; 퇱; á„ᅫᇀ; 퇱; á„ᅫᇀ; ) HANGUL SYLLABLE TWAET +D1F2;D1F2;1110 116B 11C1;D1F2;1110 116B 11C1; # (퇲; 퇲; á„á…«á‡; 퇲; á„á…«á‡; ) HANGUL SYLLABLE TWAEP +D1F3;D1F3;1110 116B 11C2;D1F3;1110 116B 11C2; # (퇳; 퇳; á„ᅫᇂ; 퇳; á„ᅫᇂ; ) HANGUL SYLLABLE TWAEH +D1F4;D1F4;1110 116C;D1F4;1110 116C; # (퇴; 퇴; á„á…¬; 퇴; á„á…¬; ) HANGUL SYLLABLE TOE +D1F5;D1F5;1110 116C 11A8;D1F5;1110 116C 11A8; # (퇵; 퇵; á„ᅬᆨ; 퇵; á„ᅬᆨ; ) HANGUL SYLLABLE TOEG +D1F6;D1F6;1110 116C 11A9;D1F6;1110 116C 11A9; # (퇶; 퇶; á„ᅬᆩ; 퇶; á„ᅬᆩ; ) HANGUL SYLLABLE TOEGG +D1F7;D1F7;1110 116C 11AA;D1F7;1110 116C 11AA; # (퇷; 퇷; á„ᅬᆪ; 퇷; á„ᅬᆪ; ) HANGUL SYLLABLE TOEGS +D1F8;D1F8;1110 116C 11AB;D1F8;1110 116C 11AB; # (퇸; 퇸; á„ᅬᆫ; 퇸; á„ᅬᆫ; ) HANGUL SYLLABLE TOEN +D1F9;D1F9;1110 116C 11AC;D1F9;1110 116C 11AC; # (퇹; 퇹; á„ᅬᆬ; 퇹; á„ᅬᆬ; ) HANGUL SYLLABLE TOENJ +D1FA;D1FA;1110 116C 11AD;D1FA;1110 116C 11AD; # (퇺; 퇺; á„ᅬᆭ; 퇺; á„ᅬᆭ; ) HANGUL SYLLABLE TOENH +D1FB;D1FB;1110 116C 11AE;D1FB;1110 116C 11AE; # (퇻; 퇻; á„ᅬᆮ; 퇻; á„ᅬᆮ; ) HANGUL SYLLABLE TOED +D1FC;D1FC;1110 116C 11AF;D1FC;1110 116C 11AF; # (퇼; 퇼; á„ᅬᆯ; 퇼; á„ᅬᆯ; ) HANGUL SYLLABLE TOEL +D1FD;D1FD;1110 116C 11B0;D1FD;1110 116C 11B0; # (퇽; 퇽; á„ᅬᆰ; 퇽; á„ᅬᆰ; ) HANGUL SYLLABLE TOELG +D1FE;D1FE;1110 116C 11B1;D1FE;1110 116C 11B1; # (퇾; 퇾; á„ᅬᆱ; 퇾; á„ᅬᆱ; ) HANGUL SYLLABLE TOELM +D1FF;D1FF;1110 116C 11B2;D1FF;1110 116C 11B2; # (퇿; 퇿; á„ᅬᆲ; 퇿; á„ᅬᆲ; ) HANGUL SYLLABLE TOELB +D200;D200;1110 116C 11B3;D200;1110 116C 11B3; # (툀; 툀; á„ᅬᆳ; 툀; á„ᅬᆳ; ) HANGUL SYLLABLE TOELS +D201;D201;1110 116C 11B4;D201;1110 116C 11B4; # (íˆ; íˆ; á„ᅬᆴ; íˆ; á„ᅬᆴ; ) HANGUL SYLLABLE TOELT +D202;D202;1110 116C 11B5;D202;1110 116C 11B5; # (툂; 툂; á„ᅬᆵ; 툂; á„ᅬᆵ; ) HANGUL SYLLABLE TOELP +D203;D203;1110 116C 11B6;D203;1110 116C 11B6; # (툃; 툃; á„ᅬᆶ; 툃; á„ᅬᆶ; ) HANGUL SYLLABLE TOELH +D204;D204;1110 116C 11B7;D204;1110 116C 11B7; # (툄; 툄; á„ᅬᆷ; 툄; á„ᅬᆷ; ) HANGUL SYLLABLE TOEM +D205;D205;1110 116C 11B8;D205;1110 116C 11B8; # (툅; 툅; á„ᅬᆸ; 툅; á„ᅬᆸ; ) HANGUL SYLLABLE TOEB +D206;D206;1110 116C 11B9;D206;1110 116C 11B9; # (툆; 툆; á„ᅬᆹ; 툆; á„ᅬᆹ; ) HANGUL SYLLABLE TOEBS +D207;D207;1110 116C 11BA;D207;1110 116C 11BA; # (툇; 툇; á„ᅬᆺ; 툇; á„ᅬᆺ; ) HANGUL SYLLABLE TOES +D208;D208;1110 116C 11BB;D208;1110 116C 11BB; # (툈; 툈; á„ᅬᆻ; 툈; á„ᅬᆻ; ) HANGUL SYLLABLE TOESS +D209;D209;1110 116C 11BC;D209;1110 116C 11BC; # (툉; 툉; á„ᅬᆼ; 툉; á„ᅬᆼ; ) HANGUL SYLLABLE TOENG +D20A;D20A;1110 116C 11BD;D20A;1110 116C 11BD; # (툊; 툊; á„ᅬᆽ; 툊; á„ᅬᆽ; ) HANGUL SYLLABLE TOEJ +D20B;D20B;1110 116C 11BE;D20B;1110 116C 11BE; # (툋; 툋; á„ᅬᆾ; 툋; á„ᅬᆾ; ) HANGUL SYLLABLE TOEC +D20C;D20C;1110 116C 11BF;D20C;1110 116C 11BF; # (툌; 툌; á„ᅬᆿ; 툌; á„ᅬᆿ; ) HANGUL SYLLABLE TOEK +D20D;D20D;1110 116C 11C0;D20D;1110 116C 11C0; # (íˆ; íˆ; á„ᅬᇀ; íˆ; á„ᅬᇀ; ) HANGUL SYLLABLE TOET +D20E;D20E;1110 116C 11C1;D20E;1110 116C 11C1; # (툎; 툎; á„á…¬á‡; 툎; á„á…¬á‡; ) HANGUL SYLLABLE TOEP +D20F;D20F;1110 116C 11C2;D20F;1110 116C 11C2; # (íˆ; íˆ; á„ᅬᇂ; íˆ; á„ᅬᇂ; ) HANGUL SYLLABLE TOEH +D210;D210;1110 116D;D210;1110 116D; # (íˆ; íˆ; á„á…­; íˆ; á„á…­; ) HANGUL SYLLABLE TYO +D211;D211;1110 116D 11A8;D211;1110 116D 11A8; # (툑; 툑; á„ᅭᆨ; 툑; á„ᅭᆨ; ) HANGUL SYLLABLE TYOG +D212;D212;1110 116D 11A9;D212;1110 116D 11A9; # (툒; 툒; á„ᅭᆩ; 툒; á„ᅭᆩ; ) HANGUL SYLLABLE TYOGG +D213;D213;1110 116D 11AA;D213;1110 116D 11AA; # (툓; 툓; á„ᅭᆪ; 툓; á„ᅭᆪ; ) HANGUL SYLLABLE TYOGS +D214;D214;1110 116D 11AB;D214;1110 116D 11AB; # (툔; 툔; á„ᅭᆫ; 툔; á„ᅭᆫ; ) HANGUL SYLLABLE TYON +D215;D215;1110 116D 11AC;D215;1110 116D 11AC; # (툕; 툕; á„ᅭᆬ; 툕; á„ᅭᆬ; ) HANGUL SYLLABLE TYONJ +D216;D216;1110 116D 11AD;D216;1110 116D 11AD; # (툖; 툖; á„ᅭᆭ; 툖; á„ᅭᆭ; ) HANGUL SYLLABLE TYONH +D217;D217;1110 116D 11AE;D217;1110 116D 11AE; # (툗; 툗; á„ᅭᆮ; 툗; á„ᅭᆮ; ) HANGUL SYLLABLE TYOD +D218;D218;1110 116D 11AF;D218;1110 116D 11AF; # (툘; 툘; á„ᅭᆯ; 툘; á„ᅭᆯ; ) HANGUL SYLLABLE TYOL +D219;D219;1110 116D 11B0;D219;1110 116D 11B0; # (툙; 툙; á„ᅭᆰ; 툙; á„ᅭᆰ; ) HANGUL SYLLABLE TYOLG +D21A;D21A;1110 116D 11B1;D21A;1110 116D 11B1; # (툚; 툚; á„ᅭᆱ; 툚; á„ᅭᆱ; ) HANGUL SYLLABLE TYOLM +D21B;D21B;1110 116D 11B2;D21B;1110 116D 11B2; # (툛; 툛; á„ᅭᆲ; 툛; á„ᅭᆲ; ) HANGUL SYLLABLE TYOLB +D21C;D21C;1110 116D 11B3;D21C;1110 116D 11B3; # (툜; 툜; á„ᅭᆳ; 툜; á„ᅭᆳ; ) HANGUL SYLLABLE TYOLS +D21D;D21D;1110 116D 11B4;D21D;1110 116D 11B4; # (íˆ; íˆ; á„ᅭᆴ; íˆ; á„ᅭᆴ; ) HANGUL SYLLABLE TYOLT +D21E;D21E;1110 116D 11B5;D21E;1110 116D 11B5; # (툞; 툞; á„ᅭᆵ; 툞; á„ᅭᆵ; ) HANGUL SYLLABLE TYOLP +D21F;D21F;1110 116D 11B6;D21F;1110 116D 11B6; # (툟; 툟; á„ᅭᆶ; 툟; á„ᅭᆶ; ) HANGUL SYLLABLE TYOLH +D220;D220;1110 116D 11B7;D220;1110 116D 11B7; # (툠; 툠; á„ᅭᆷ; 툠; á„ᅭᆷ; ) HANGUL SYLLABLE TYOM +D221;D221;1110 116D 11B8;D221;1110 116D 11B8; # (툡; 툡; á„ᅭᆸ; 툡; á„ᅭᆸ; ) HANGUL SYLLABLE TYOB +D222;D222;1110 116D 11B9;D222;1110 116D 11B9; # (툢; 툢; á„ᅭᆹ; 툢; á„ᅭᆹ; ) HANGUL SYLLABLE TYOBS +D223;D223;1110 116D 11BA;D223;1110 116D 11BA; # (툣; 툣; á„ᅭᆺ; 툣; á„ᅭᆺ; ) HANGUL SYLLABLE TYOS +D224;D224;1110 116D 11BB;D224;1110 116D 11BB; # (툤; 툤; á„ᅭᆻ; 툤; á„ᅭᆻ; ) HANGUL SYLLABLE TYOSS +D225;D225;1110 116D 11BC;D225;1110 116D 11BC; # (툥; 툥; á„ᅭᆼ; 툥; á„ᅭᆼ; ) HANGUL SYLLABLE TYONG +D226;D226;1110 116D 11BD;D226;1110 116D 11BD; # (툦; 툦; á„ᅭᆽ; 툦; á„ᅭᆽ; ) HANGUL SYLLABLE TYOJ +D227;D227;1110 116D 11BE;D227;1110 116D 11BE; # (툧; 툧; á„ᅭᆾ; 툧; á„ᅭᆾ; ) HANGUL SYLLABLE TYOC +D228;D228;1110 116D 11BF;D228;1110 116D 11BF; # (툨; 툨; á„ᅭᆿ; 툨; á„ᅭᆿ; ) HANGUL SYLLABLE TYOK +D229;D229;1110 116D 11C0;D229;1110 116D 11C0; # (툩; 툩; á„ᅭᇀ; 툩; á„ᅭᇀ; ) HANGUL SYLLABLE TYOT +D22A;D22A;1110 116D 11C1;D22A;1110 116D 11C1; # (툪; 툪; á„á…­á‡; 툪; á„á…­á‡; ) HANGUL SYLLABLE TYOP +D22B;D22B;1110 116D 11C2;D22B;1110 116D 11C2; # (툫; 툫; á„ᅭᇂ; 툫; á„ᅭᇂ; ) HANGUL SYLLABLE TYOH +D22C;D22C;1110 116E;D22C;1110 116E; # (투; 투; á„á…®; 투; á„á…®; ) HANGUL SYLLABLE TU +D22D;D22D;1110 116E 11A8;D22D;1110 116E 11A8; # (툭; 툭; á„ᅮᆨ; 툭; á„ᅮᆨ; ) HANGUL SYLLABLE TUG +D22E;D22E;1110 116E 11A9;D22E;1110 116E 11A9; # (툮; 툮; á„ᅮᆩ; 툮; á„ᅮᆩ; ) HANGUL SYLLABLE TUGG +D22F;D22F;1110 116E 11AA;D22F;1110 116E 11AA; # (툯; 툯; á„ᅮᆪ; 툯; á„ᅮᆪ; ) HANGUL SYLLABLE TUGS +D230;D230;1110 116E 11AB;D230;1110 116E 11AB; # (툰; 툰; á„ᅮᆫ; 툰; á„ᅮᆫ; ) HANGUL SYLLABLE TUN +D231;D231;1110 116E 11AC;D231;1110 116E 11AC; # (툱; 툱; á„ᅮᆬ; 툱; á„ᅮᆬ; ) HANGUL SYLLABLE TUNJ +D232;D232;1110 116E 11AD;D232;1110 116E 11AD; # (툲; 툲; á„ᅮᆭ; 툲; á„ᅮᆭ; ) HANGUL SYLLABLE TUNH +D233;D233;1110 116E 11AE;D233;1110 116E 11AE; # (툳; 툳; á„ᅮᆮ; 툳; á„ᅮᆮ; ) HANGUL SYLLABLE TUD +D234;D234;1110 116E 11AF;D234;1110 116E 11AF; # (툴; 툴; á„ᅮᆯ; 툴; á„ᅮᆯ; ) HANGUL SYLLABLE TUL +D235;D235;1110 116E 11B0;D235;1110 116E 11B0; # (툵; 툵; á„ᅮᆰ; 툵; á„ᅮᆰ; ) HANGUL SYLLABLE TULG +D236;D236;1110 116E 11B1;D236;1110 116E 11B1; # (툶; 툶; á„ᅮᆱ; 툶; á„ᅮᆱ; ) HANGUL SYLLABLE TULM +D237;D237;1110 116E 11B2;D237;1110 116E 11B2; # (툷; 툷; á„ᅮᆲ; 툷; á„ᅮᆲ; ) HANGUL SYLLABLE TULB +D238;D238;1110 116E 11B3;D238;1110 116E 11B3; # (툸; 툸; á„ᅮᆳ; 툸; á„ᅮᆳ; ) HANGUL SYLLABLE TULS +D239;D239;1110 116E 11B4;D239;1110 116E 11B4; # (툹; 툹; á„ᅮᆴ; 툹; á„ᅮᆴ; ) HANGUL SYLLABLE TULT +D23A;D23A;1110 116E 11B5;D23A;1110 116E 11B5; # (툺; 툺; á„ᅮᆵ; 툺; á„ᅮᆵ; ) HANGUL SYLLABLE TULP +D23B;D23B;1110 116E 11B6;D23B;1110 116E 11B6; # (툻; 툻; á„ᅮᆶ; 툻; á„ᅮᆶ; ) HANGUL SYLLABLE TULH +D23C;D23C;1110 116E 11B7;D23C;1110 116E 11B7; # (툼; 툼; á„ᅮᆷ; 툼; á„ᅮᆷ; ) HANGUL SYLLABLE TUM +D23D;D23D;1110 116E 11B8;D23D;1110 116E 11B8; # (툽; 툽; á„ᅮᆸ; 툽; á„ᅮᆸ; ) HANGUL SYLLABLE TUB +D23E;D23E;1110 116E 11B9;D23E;1110 116E 11B9; # (툾; 툾; á„ᅮᆹ; 툾; á„ᅮᆹ; ) HANGUL SYLLABLE TUBS +D23F;D23F;1110 116E 11BA;D23F;1110 116E 11BA; # (툿; 툿; á„ᅮᆺ; 툿; á„ᅮᆺ; ) HANGUL SYLLABLE TUS +D240;D240;1110 116E 11BB;D240;1110 116E 11BB; # (퉀; 퉀; á„ᅮᆻ; 퉀; á„ᅮᆻ; ) HANGUL SYLLABLE TUSS +D241;D241;1110 116E 11BC;D241;1110 116E 11BC; # (í‰; í‰; á„ᅮᆼ; í‰; á„ᅮᆼ; ) HANGUL SYLLABLE TUNG +D242;D242;1110 116E 11BD;D242;1110 116E 11BD; # (퉂; 퉂; á„ᅮᆽ; 퉂; á„ᅮᆽ; ) HANGUL SYLLABLE TUJ +D243;D243;1110 116E 11BE;D243;1110 116E 11BE; # (퉃; 퉃; á„ᅮᆾ; 퉃; á„ᅮᆾ; ) HANGUL SYLLABLE TUC +D244;D244;1110 116E 11BF;D244;1110 116E 11BF; # (퉄; 퉄; á„ᅮᆿ; 퉄; á„ᅮᆿ; ) HANGUL SYLLABLE TUK +D245;D245;1110 116E 11C0;D245;1110 116E 11C0; # (퉅; 퉅; á„ᅮᇀ; 퉅; á„ᅮᇀ; ) HANGUL SYLLABLE TUT +D246;D246;1110 116E 11C1;D246;1110 116E 11C1; # (퉆; 퉆; á„á…®á‡; 퉆; á„á…®á‡; ) HANGUL SYLLABLE TUP +D247;D247;1110 116E 11C2;D247;1110 116E 11C2; # (퉇; 퉇; á„ᅮᇂ; 퉇; á„ᅮᇂ; ) HANGUL SYLLABLE TUH +D248;D248;1110 116F;D248;1110 116F; # (퉈; 퉈; á„á…¯; 퉈; á„á…¯; ) HANGUL SYLLABLE TWEO +D249;D249;1110 116F 11A8;D249;1110 116F 11A8; # (퉉; 퉉; á„ᅯᆨ; 퉉; á„ᅯᆨ; ) HANGUL SYLLABLE TWEOG +D24A;D24A;1110 116F 11A9;D24A;1110 116F 11A9; # (퉊; 퉊; á„ᅯᆩ; 퉊; á„ᅯᆩ; ) HANGUL SYLLABLE TWEOGG +D24B;D24B;1110 116F 11AA;D24B;1110 116F 11AA; # (퉋; 퉋; á„ᅯᆪ; 퉋; á„ᅯᆪ; ) HANGUL SYLLABLE TWEOGS +D24C;D24C;1110 116F 11AB;D24C;1110 116F 11AB; # (퉌; 퉌; á„ᅯᆫ; 퉌; á„ᅯᆫ; ) HANGUL SYLLABLE TWEON +D24D;D24D;1110 116F 11AC;D24D;1110 116F 11AC; # (í‰; í‰; á„ᅯᆬ; í‰; á„ᅯᆬ; ) HANGUL SYLLABLE TWEONJ +D24E;D24E;1110 116F 11AD;D24E;1110 116F 11AD; # (퉎; 퉎; á„ᅯᆭ; 퉎; á„ᅯᆭ; ) HANGUL SYLLABLE TWEONH +D24F;D24F;1110 116F 11AE;D24F;1110 116F 11AE; # (í‰; í‰; á„ᅯᆮ; í‰; á„ᅯᆮ; ) HANGUL SYLLABLE TWEOD +D250;D250;1110 116F 11AF;D250;1110 116F 11AF; # (í‰; í‰; á„ᅯᆯ; í‰; á„ᅯᆯ; ) HANGUL SYLLABLE TWEOL +D251;D251;1110 116F 11B0;D251;1110 116F 11B0; # (퉑; 퉑; á„ᅯᆰ; 퉑; á„ᅯᆰ; ) HANGUL SYLLABLE TWEOLG +D252;D252;1110 116F 11B1;D252;1110 116F 11B1; # (퉒; 퉒; á„ᅯᆱ; 퉒; á„ᅯᆱ; ) HANGUL SYLLABLE TWEOLM +D253;D253;1110 116F 11B2;D253;1110 116F 11B2; # (퉓; 퉓; á„ᅯᆲ; 퉓; á„ᅯᆲ; ) HANGUL SYLLABLE TWEOLB +D254;D254;1110 116F 11B3;D254;1110 116F 11B3; # (퉔; 퉔; á„ᅯᆳ; 퉔; á„ᅯᆳ; ) HANGUL SYLLABLE TWEOLS +D255;D255;1110 116F 11B4;D255;1110 116F 11B4; # (퉕; 퉕; á„ᅯᆴ; 퉕; á„ᅯᆴ; ) HANGUL SYLLABLE TWEOLT +D256;D256;1110 116F 11B5;D256;1110 116F 11B5; # (퉖; 퉖; á„ᅯᆵ; 퉖; á„ᅯᆵ; ) HANGUL SYLLABLE TWEOLP +D257;D257;1110 116F 11B6;D257;1110 116F 11B6; # (퉗; 퉗; á„ᅯᆶ; 퉗; á„ᅯᆶ; ) HANGUL SYLLABLE TWEOLH +D258;D258;1110 116F 11B7;D258;1110 116F 11B7; # (퉘; 퉘; á„ᅯᆷ; 퉘; á„ᅯᆷ; ) HANGUL SYLLABLE TWEOM +D259;D259;1110 116F 11B8;D259;1110 116F 11B8; # (퉙; 퉙; á„ᅯᆸ; 퉙; á„ᅯᆸ; ) HANGUL SYLLABLE TWEOB +D25A;D25A;1110 116F 11B9;D25A;1110 116F 11B9; # (퉚; 퉚; á„ᅯᆹ; 퉚; á„ᅯᆹ; ) HANGUL SYLLABLE TWEOBS +D25B;D25B;1110 116F 11BA;D25B;1110 116F 11BA; # (퉛; 퉛; á„ᅯᆺ; 퉛; á„ᅯᆺ; ) HANGUL SYLLABLE TWEOS +D25C;D25C;1110 116F 11BB;D25C;1110 116F 11BB; # (퉜; 퉜; á„ᅯᆻ; 퉜; á„ᅯᆻ; ) HANGUL SYLLABLE TWEOSS +D25D;D25D;1110 116F 11BC;D25D;1110 116F 11BC; # (í‰; í‰; á„ᅯᆼ; í‰; á„ᅯᆼ; ) HANGUL SYLLABLE TWEONG +D25E;D25E;1110 116F 11BD;D25E;1110 116F 11BD; # (퉞; 퉞; á„ᅯᆽ; 퉞; á„ᅯᆽ; ) HANGUL SYLLABLE TWEOJ +D25F;D25F;1110 116F 11BE;D25F;1110 116F 11BE; # (퉟; 퉟; á„ᅯᆾ; 퉟; á„ᅯᆾ; ) HANGUL SYLLABLE TWEOC +D260;D260;1110 116F 11BF;D260;1110 116F 11BF; # (퉠; 퉠; á„ᅯᆿ; 퉠; á„ᅯᆿ; ) HANGUL SYLLABLE TWEOK +D261;D261;1110 116F 11C0;D261;1110 116F 11C0; # (퉡; 퉡; á„ᅯᇀ; 퉡; á„ᅯᇀ; ) HANGUL SYLLABLE TWEOT +D262;D262;1110 116F 11C1;D262;1110 116F 11C1; # (퉢; 퉢; á„á…¯á‡; 퉢; á„á…¯á‡; ) HANGUL SYLLABLE TWEOP +D263;D263;1110 116F 11C2;D263;1110 116F 11C2; # (퉣; 퉣; á„ᅯᇂ; 퉣; á„ᅯᇂ; ) HANGUL SYLLABLE TWEOH +D264;D264;1110 1170;D264;1110 1170; # (퉤; 퉤; á„á…°; 퉤; á„á…°; ) HANGUL SYLLABLE TWE +D265;D265;1110 1170 11A8;D265;1110 1170 11A8; # (퉥; 퉥; á„ᅰᆨ; 퉥; á„ᅰᆨ; ) HANGUL SYLLABLE TWEG +D266;D266;1110 1170 11A9;D266;1110 1170 11A9; # (퉦; 퉦; á„ᅰᆩ; 퉦; á„ᅰᆩ; ) HANGUL SYLLABLE TWEGG +D267;D267;1110 1170 11AA;D267;1110 1170 11AA; # (퉧; 퉧; á„ᅰᆪ; 퉧; á„ᅰᆪ; ) HANGUL SYLLABLE TWEGS +D268;D268;1110 1170 11AB;D268;1110 1170 11AB; # (퉨; 퉨; á„ᅰᆫ; 퉨; á„ᅰᆫ; ) HANGUL SYLLABLE TWEN +D269;D269;1110 1170 11AC;D269;1110 1170 11AC; # (퉩; 퉩; á„ᅰᆬ; 퉩; á„ᅰᆬ; ) HANGUL SYLLABLE TWENJ +D26A;D26A;1110 1170 11AD;D26A;1110 1170 11AD; # (퉪; 퉪; á„ᅰᆭ; 퉪; á„ᅰᆭ; ) HANGUL SYLLABLE TWENH +D26B;D26B;1110 1170 11AE;D26B;1110 1170 11AE; # (퉫; 퉫; á„ᅰᆮ; 퉫; á„ᅰᆮ; ) HANGUL SYLLABLE TWED +D26C;D26C;1110 1170 11AF;D26C;1110 1170 11AF; # (퉬; 퉬; á„ᅰᆯ; 퉬; á„ᅰᆯ; ) HANGUL SYLLABLE TWEL +D26D;D26D;1110 1170 11B0;D26D;1110 1170 11B0; # (퉭; 퉭; á„ᅰᆰ; 퉭; á„ᅰᆰ; ) HANGUL SYLLABLE TWELG +D26E;D26E;1110 1170 11B1;D26E;1110 1170 11B1; # (퉮; 퉮; á„ᅰᆱ; 퉮; á„ᅰᆱ; ) HANGUL SYLLABLE TWELM +D26F;D26F;1110 1170 11B2;D26F;1110 1170 11B2; # (퉯; 퉯; á„ᅰᆲ; 퉯; á„ᅰᆲ; ) HANGUL SYLLABLE TWELB +D270;D270;1110 1170 11B3;D270;1110 1170 11B3; # (퉰; 퉰; á„ᅰᆳ; 퉰; á„ᅰᆳ; ) HANGUL SYLLABLE TWELS +D271;D271;1110 1170 11B4;D271;1110 1170 11B4; # (퉱; 퉱; á„ᅰᆴ; 퉱; á„ᅰᆴ; ) HANGUL SYLLABLE TWELT +D272;D272;1110 1170 11B5;D272;1110 1170 11B5; # (퉲; 퉲; á„ᅰᆵ; 퉲; á„ᅰᆵ; ) HANGUL SYLLABLE TWELP +D273;D273;1110 1170 11B6;D273;1110 1170 11B6; # (퉳; 퉳; á„ᅰᆶ; 퉳; á„ᅰᆶ; ) HANGUL SYLLABLE TWELH +D274;D274;1110 1170 11B7;D274;1110 1170 11B7; # (퉴; 퉴; á„ᅰᆷ; 퉴; á„ᅰᆷ; ) HANGUL SYLLABLE TWEM +D275;D275;1110 1170 11B8;D275;1110 1170 11B8; # (퉵; 퉵; á„ᅰᆸ; 퉵; á„ᅰᆸ; ) HANGUL SYLLABLE TWEB +D276;D276;1110 1170 11B9;D276;1110 1170 11B9; # (퉶; 퉶; á„ᅰᆹ; 퉶; á„ᅰᆹ; ) HANGUL SYLLABLE TWEBS +D277;D277;1110 1170 11BA;D277;1110 1170 11BA; # (퉷; 퉷; á„ᅰᆺ; 퉷; á„ᅰᆺ; ) HANGUL SYLLABLE TWES +D278;D278;1110 1170 11BB;D278;1110 1170 11BB; # (퉸; 퉸; á„ᅰᆻ; 퉸; á„ᅰᆻ; ) HANGUL SYLLABLE TWESS +D279;D279;1110 1170 11BC;D279;1110 1170 11BC; # (퉹; 퉹; á„ᅰᆼ; 퉹; á„ᅰᆼ; ) HANGUL SYLLABLE TWENG +D27A;D27A;1110 1170 11BD;D27A;1110 1170 11BD; # (퉺; 퉺; á„ᅰᆽ; 퉺; á„ᅰᆽ; ) HANGUL SYLLABLE TWEJ +D27B;D27B;1110 1170 11BE;D27B;1110 1170 11BE; # (퉻; 퉻; á„ᅰᆾ; 퉻; á„ᅰᆾ; ) HANGUL SYLLABLE TWEC +D27C;D27C;1110 1170 11BF;D27C;1110 1170 11BF; # (퉼; 퉼; á„ᅰᆿ; 퉼; á„ᅰᆿ; ) HANGUL SYLLABLE TWEK +D27D;D27D;1110 1170 11C0;D27D;1110 1170 11C0; # (퉽; 퉽; á„ᅰᇀ; 퉽; á„ᅰᇀ; ) HANGUL SYLLABLE TWET +D27E;D27E;1110 1170 11C1;D27E;1110 1170 11C1; # (퉾; 퉾; á„á…°á‡; 퉾; á„á…°á‡; ) HANGUL SYLLABLE TWEP +D27F;D27F;1110 1170 11C2;D27F;1110 1170 11C2; # (퉿; 퉿; á„ᅰᇂ; 퉿; á„ᅰᇂ; ) HANGUL SYLLABLE TWEH +D280;D280;1110 1171;D280;1110 1171; # (튀; 튀; á„á…±; 튀; á„á…±; ) HANGUL SYLLABLE TWI +D281;D281;1110 1171 11A8;D281;1110 1171 11A8; # (íŠ; íŠ; á„ᅱᆨ; íŠ; á„ᅱᆨ; ) HANGUL SYLLABLE TWIG +D282;D282;1110 1171 11A9;D282;1110 1171 11A9; # (튂; 튂; á„ᅱᆩ; 튂; á„ᅱᆩ; ) HANGUL SYLLABLE TWIGG +D283;D283;1110 1171 11AA;D283;1110 1171 11AA; # (튃; 튃; á„ᅱᆪ; 튃; á„ᅱᆪ; ) HANGUL SYLLABLE TWIGS +D284;D284;1110 1171 11AB;D284;1110 1171 11AB; # (튄; 튄; á„ᅱᆫ; 튄; á„ᅱᆫ; ) HANGUL SYLLABLE TWIN +D285;D285;1110 1171 11AC;D285;1110 1171 11AC; # (튅; 튅; á„ᅱᆬ; 튅; á„ᅱᆬ; ) HANGUL SYLLABLE TWINJ +D286;D286;1110 1171 11AD;D286;1110 1171 11AD; # (튆; 튆; á„ᅱᆭ; 튆; á„ᅱᆭ; ) HANGUL SYLLABLE TWINH +D287;D287;1110 1171 11AE;D287;1110 1171 11AE; # (튇; 튇; á„ᅱᆮ; 튇; á„ᅱᆮ; ) HANGUL SYLLABLE TWID +D288;D288;1110 1171 11AF;D288;1110 1171 11AF; # (튈; 튈; á„ᅱᆯ; 튈; á„ᅱᆯ; ) HANGUL SYLLABLE TWIL +D289;D289;1110 1171 11B0;D289;1110 1171 11B0; # (튉; 튉; á„ᅱᆰ; 튉; á„ᅱᆰ; ) HANGUL SYLLABLE TWILG +D28A;D28A;1110 1171 11B1;D28A;1110 1171 11B1; # (튊; 튊; á„ᅱᆱ; 튊; á„ᅱᆱ; ) HANGUL SYLLABLE TWILM +D28B;D28B;1110 1171 11B2;D28B;1110 1171 11B2; # (튋; 튋; á„ᅱᆲ; 튋; á„ᅱᆲ; ) HANGUL SYLLABLE TWILB +D28C;D28C;1110 1171 11B3;D28C;1110 1171 11B3; # (튌; 튌; á„ᅱᆳ; 튌; á„ᅱᆳ; ) HANGUL SYLLABLE TWILS +D28D;D28D;1110 1171 11B4;D28D;1110 1171 11B4; # (íŠ; íŠ; á„ᅱᆴ; íŠ; á„ᅱᆴ; ) HANGUL SYLLABLE TWILT +D28E;D28E;1110 1171 11B5;D28E;1110 1171 11B5; # (튎; 튎; á„ᅱᆵ; 튎; á„ᅱᆵ; ) HANGUL SYLLABLE TWILP +D28F;D28F;1110 1171 11B6;D28F;1110 1171 11B6; # (íŠ; íŠ; á„ᅱᆶ; íŠ; á„ᅱᆶ; ) HANGUL SYLLABLE TWILH +D290;D290;1110 1171 11B7;D290;1110 1171 11B7; # (íŠ; íŠ; á„ᅱᆷ; íŠ; á„ᅱᆷ; ) HANGUL SYLLABLE TWIM +D291;D291;1110 1171 11B8;D291;1110 1171 11B8; # (튑; 튑; á„ᅱᆸ; 튑; á„ᅱᆸ; ) HANGUL SYLLABLE TWIB +D292;D292;1110 1171 11B9;D292;1110 1171 11B9; # (튒; 튒; á„ᅱᆹ; 튒; á„ᅱᆹ; ) HANGUL SYLLABLE TWIBS +D293;D293;1110 1171 11BA;D293;1110 1171 11BA; # (튓; 튓; á„ᅱᆺ; 튓; á„ᅱᆺ; ) HANGUL SYLLABLE TWIS +D294;D294;1110 1171 11BB;D294;1110 1171 11BB; # (튔; 튔; á„ᅱᆻ; 튔; á„ᅱᆻ; ) HANGUL SYLLABLE TWISS +D295;D295;1110 1171 11BC;D295;1110 1171 11BC; # (튕; 튕; á„ᅱᆼ; 튕; á„ᅱᆼ; ) HANGUL SYLLABLE TWING +D296;D296;1110 1171 11BD;D296;1110 1171 11BD; # (튖; 튖; á„ᅱᆽ; 튖; á„ᅱᆽ; ) HANGUL SYLLABLE TWIJ +D297;D297;1110 1171 11BE;D297;1110 1171 11BE; # (튗; 튗; á„ᅱᆾ; 튗; á„ᅱᆾ; ) HANGUL SYLLABLE TWIC +D298;D298;1110 1171 11BF;D298;1110 1171 11BF; # (튘; 튘; á„ᅱᆿ; 튘; á„ᅱᆿ; ) HANGUL SYLLABLE TWIK +D299;D299;1110 1171 11C0;D299;1110 1171 11C0; # (튙; 튙; á„ᅱᇀ; 튙; á„ᅱᇀ; ) HANGUL SYLLABLE TWIT +D29A;D29A;1110 1171 11C1;D29A;1110 1171 11C1; # (튚; 튚; á„á…±á‡; 튚; á„á…±á‡; ) HANGUL SYLLABLE TWIP +D29B;D29B;1110 1171 11C2;D29B;1110 1171 11C2; # (튛; 튛; á„ᅱᇂ; 튛; á„ᅱᇂ; ) HANGUL SYLLABLE TWIH +D29C;D29C;1110 1172;D29C;1110 1172; # (튜; 튜; á„á…²; 튜; á„á…²; ) HANGUL SYLLABLE TYU +D29D;D29D;1110 1172 11A8;D29D;1110 1172 11A8; # (íŠ; íŠ; á„ᅲᆨ; íŠ; á„ᅲᆨ; ) HANGUL SYLLABLE TYUG +D29E;D29E;1110 1172 11A9;D29E;1110 1172 11A9; # (튞; 튞; á„ᅲᆩ; 튞; á„ᅲᆩ; ) HANGUL SYLLABLE TYUGG +D29F;D29F;1110 1172 11AA;D29F;1110 1172 11AA; # (튟; 튟; á„ᅲᆪ; 튟; á„ᅲᆪ; ) HANGUL SYLLABLE TYUGS +D2A0;D2A0;1110 1172 11AB;D2A0;1110 1172 11AB; # (튠; 튠; á„ᅲᆫ; 튠; á„ᅲᆫ; ) HANGUL SYLLABLE TYUN +D2A1;D2A1;1110 1172 11AC;D2A1;1110 1172 11AC; # (튡; 튡; á„ᅲᆬ; 튡; á„ᅲᆬ; ) HANGUL SYLLABLE TYUNJ +D2A2;D2A2;1110 1172 11AD;D2A2;1110 1172 11AD; # (튢; 튢; á„ᅲᆭ; 튢; á„ᅲᆭ; ) HANGUL SYLLABLE TYUNH +D2A3;D2A3;1110 1172 11AE;D2A3;1110 1172 11AE; # (튣; 튣; á„ᅲᆮ; 튣; á„ᅲᆮ; ) HANGUL SYLLABLE TYUD +D2A4;D2A4;1110 1172 11AF;D2A4;1110 1172 11AF; # (튤; 튤; á„ᅲᆯ; 튤; á„ᅲᆯ; ) HANGUL SYLLABLE TYUL +D2A5;D2A5;1110 1172 11B0;D2A5;1110 1172 11B0; # (튥; 튥; á„ᅲᆰ; 튥; á„ᅲᆰ; ) HANGUL SYLLABLE TYULG +D2A6;D2A6;1110 1172 11B1;D2A6;1110 1172 11B1; # (튦; 튦; á„ᅲᆱ; 튦; á„ᅲᆱ; ) HANGUL SYLLABLE TYULM +D2A7;D2A7;1110 1172 11B2;D2A7;1110 1172 11B2; # (튧; 튧; á„ᅲᆲ; 튧; á„ᅲᆲ; ) HANGUL SYLLABLE TYULB +D2A8;D2A8;1110 1172 11B3;D2A8;1110 1172 11B3; # (튨; 튨; á„ᅲᆳ; 튨; á„ᅲᆳ; ) HANGUL SYLLABLE TYULS +D2A9;D2A9;1110 1172 11B4;D2A9;1110 1172 11B4; # (튩; 튩; á„ᅲᆴ; 튩; á„ᅲᆴ; ) HANGUL SYLLABLE TYULT +D2AA;D2AA;1110 1172 11B5;D2AA;1110 1172 11B5; # (튪; 튪; á„ᅲᆵ; 튪; á„ᅲᆵ; ) HANGUL SYLLABLE TYULP +D2AB;D2AB;1110 1172 11B6;D2AB;1110 1172 11B6; # (튫; 튫; á„ᅲᆶ; 튫; á„ᅲᆶ; ) HANGUL SYLLABLE TYULH +D2AC;D2AC;1110 1172 11B7;D2AC;1110 1172 11B7; # (튬; 튬; á„ᅲᆷ; 튬; á„ᅲᆷ; ) HANGUL SYLLABLE TYUM +D2AD;D2AD;1110 1172 11B8;D2AD;1110 1172 11B8; # (튭; 튭; á„ᅲᆸ; 튭; á„ᅲᆸ; ) HANGUL SYLLABLE TYUB +D2AE;D2AE;1110 1172 11B9;D2AE;1110 1172 11B9; # (튮; 튮; á„ᅲᆹ; 튮; á„ᅲᆹ; ) HANGUL SYLLABLE TYUBS +D2AF;D2AF;1110 1172 11BA;D2AF;1110 1172 11BA; # (튯; 튯; á„ᅲᆺ; 튯; á„ᅲᆺ; ) HANGUL SYLLABLE TYUS +D2B0;D2B0;1110 1172 11BB;D2B0;1110 1172 11BB; # (튰; 튰; á„ᅲᆻ; 튰; á„ᅲᆻ; ) HANGUL SYLLABLE TYUSS +D2B1;D2B1;1110 1172 11BC;D2B1;1110 1172 11BC; # (튱; 튱; á„ᅲᆼ; 튱; á„ᅲᆼ; ) HANGUL SYLLABLE TYUNG +D2B2;D2B2;1110 1172 11BD;D2B2;1110 1172 11BD; # (튲; 튲; á„ᅲᆽ; 튲; á„ᅲᆽ; ) HANGUL SYLLABLE TYUJ +D2B3;D2B3;1110 1172 11BE;D2B3;1110 1172 11BE; # (튳; 튳; á„ᅲᆾ; 튳; á„ᅲᆾ; ) HANGUL SYLLABLE TYUC +D2B4;D2B4;1110 1172 11BF;D2B4;1110 1172 11BF; # (튴; 튴; á„ᅲᆿ; 튴; á„ᅲᆿ; ) HANGUL SYLLABLE TYUK +D2B5;D2B5;1110 1172 11C0;D2B5;1110 1172 11C0; # (튵; 튵; á„ᅲᇀ; 튵; á„ᅲᇀ; ) HANGUL SYLLABLE TYUT +D2B6;D2B6;1110 1172 11C1;D2B6;1110 1172 11C1; # (튶; 튶; á„á…²á‡; 튶; á„á…²á‡; ) HANGUL SYLLABLE TYUP +D2B7;D2B7;1110 1172 11C2;D2B7;1110 1172 11C2; # (튷; 튷; á„ᅲᇂ; 튷; á„ᅲᇂ; ) HANGUL SYLLABLE TYUH +D2B8;D2B8;1110 1173;D2B8;1110 1173; # (트; 트; á„á…³; 트; á„á…³; ) HANGUL SYLLABLE TEU +D2B9;D2B9;1110 1173 11A8;D2B9;1110 1173 11A8; # (특; 특; á„ᅳᆨ; 특; á„ᅳᆨ; ) HANGUL SYLLABLE TEUG +D2BA;D2BA;1110 1173 11A9;D2BA;1110 1173 11A9; # (튺; 튺; á„ᅳᆩ; 튺; á„ᅳᆩ; ) HANGUL SYLLABLE TEUGG +D2BB;D2BB;1110 1173 11AA;D2BB;1110 1173 11AA; # (튻; 튻; á„ᅳᆪ; 튻; á„ᅳᆪ; ) HANGUL SYLLABLE TEUGS +D2BC;D2BC;1110 1173 11AB;D2BC;1110 1173 11AB; # (튼; 튼; á„ᅳᆫ; 튼; á„ᅳᆫ; ) HANGUL SYLLABLE TEUN +D2BD;D2BD;1110 1173 11AC;D2BD;1110 1173 11AC; # (튽; 튽; á„ᅳᆬ; 튽; á„ᅳᆬ; ) HANGUL SYLLABLE TEUNJ +D2BE;D2BE;1110 1173 11AD;D2BE;1110 1173 11AD; # (튾; 튾; á„ᅳᆭ; 튾; á„ᅳᆭ; ) HANGUL SYLLABLE TEUNH +D2BF;D2BF;1110 1173 11AE;D2BF;1110 1173 11AE; # (튿; 튿; á„ᅳᆮ; 튿; á„ᅳᆮ; ) HANGUL SYLLABLE TEUD +D2C0;D2C0;1110 1173 11AF;D2C0;1110 1173 11AF; # (í‹€; í‹€; á„ᅳᆯ; í‹€; á„ᅳᆯ; ) HANGUL SYLLABLE TEUL +D2C1;D2C1;1110 1173 11B0;D2C1;1110 1173 11B0; # (í‹; í‹; á„ᅳᆰ; í‹; á„ᅳᆰ; ) HANGUL SYLLABLE TEULG +D2C2;D2C2;1110 1173 11B1;D2C2;1110 1173 11B1; # (í‹‚; í‹‚; á„ᅳᆱ; í‹‚; á„ᅳᆱ; ) HANGUL SYLLABLE TEULM +D2C3;D2C3;1110 1173 11B2;D2C3;1110 1173 11B2; # (틃; 틃; á„ᅳᆲ; 틃; á„ᅳᆲ; ) HANGUL SYLLABLE TEULB +D2C4;D2C4;1110 1173 11B3;D2C4;1110 1173 11B3; # (í‹„; í‹„; á„ᅳᆳ; í‹„; á„ᅳᆳ; ) HANGUL SYLLABLE TEULS +D2C5;D2C5;1110 1173 11B4;D2C5;1110 1173 11B4; # (í‹…; í‹…; á„ᅳᆴ; í‹…; á„ᅳᆴ; ) HANGUL SYLLABLE TEULT +D2C6;D2C6;1110 1173 11B5;D2C6;1110 1173 11B5; # (틆; 틆; á„ᅳᆵ; 틆; á„ᅳᆵ; ) HANGUL SYLLABLE TEULP +D2C7;D2C7;1110 1173 11B6;D2C7;1110 1173 11B6; # (틇; 틇; á„ᅳᆶ; 틇; á„ᅳᆶ; ) HANGUL SYLLABLE TEULH +D2C8;D2C8;1110 1173 11B7;D2C8;1110 1173 11B7; # (틈; 틈; á„ᅳᆷ; 틈; á„ᅳᆷ; ) HANGUL SYLLABLE TEUM +D2C9;D2C9;1110 1173 11B8;D2C9;1110 1173 11B8; # (틉; 틉; á„ᅳᆸ; 틉; á„ᅳᆸ; ) HANGUL SYLLABLE TEUB +D2CA;D2CA;1110 1173 11B9;D2CA;1110 1173 11B9; # (í‹Š; í‹Š; á„ᅳᆹ; í‹Š; á„ᅳᆹ; ) HANGUL SYLLABLE TEUBS +D2CB;D2CB;1110 1173 11BA;D2CB;1110 1173 11BA; # (í‹‹; í‹‹; á„ᅳᆺ; í‹‹; á„ᅳᆺ; ) HANGUL SYLLABLE TEUS +D2CC;D2CC;1110 1173 11BB;D2CC;1110 1173 11BB; # (í‹Œ; í‹Œ; á„ᅳᆻ; í‹Œ; á„ᅳᆻ; ) HANGUL SYLLABLE TEUSS +D2CD;D2CD;1110 1173 11BC;D2CD;1110 1173 11BC; # (í‹; í‹; á„ᅳᆼ; í‹; á„ᅳᆼ; ) HANGUL SYLLABLE TEUNG +D2CE;D2CE;1110 1173 11BD;D2CE;1110 1173 11BD; # (í‹Ž; í‹Ž; á„ᅳᆽ; í‹Ž; á„ᅳᆽ; ) HANGUL SYLLABLE TEUJ +D2CF;D2CF;1110 1173 11BE;D2CF;1110 1173 11BE; # (í‹; í‹; á„ᅳᆾ; í‹; á„ᅳᆾ; ) HANGUL SYLLABLE TEUC +D2D0;D2D0;1110 1173 11BF;D2D0;1110 1173 11BF; # (í‹; í‹; á„ᅳᆿ; í‹; á„ᅳᆿ; ) HANGUL SYLLABLE TEUK +D2D1;D2D1;1110 1173 11C0;D2D1;1110 1173 11C0; # (í‹‘; í‹‘; á„ᅳᇀ; í‹‘; á„ᅳᇀ; ) HANGUL SYLLABLE TEUT +D2D2;D2D2;1110 1173 11C1;D2D2;1110 1173 11C1; # (í‹’; í‹’; á„á…³á‡; í‹’; á„á…³á‡; ) HANGUL SYLLABLE TEUP +D2D3;D2D3;1110 1173 11C2;D2D3;1110 1173 11C2; # (í‹“; í‹“; á„ᅳᇂ; í‹“; á„ᅳᇂ; ) HANGUL SYLLABLE TEUH +D2D4;D2D4;1110 1174;D2D4;1110 1174; # (í‹”; í‹”; á„á…´; í‹”; á„á…´; ) HANGUL SYLLABLE TYI +D2D5;D2D5;1110 1174 11A8;D2D5;1110 1174 11A8; # (í‹•; í‹•; á„ᅴᆨ; í‹•; á„ᅴᆨ; ) HANGUL SYLLABLE TYIG +D2D6;D2D6;1110 1174 11A9;D2D6;1110 1174 11A9; # (í‹–; í‹–; á„ᅴᆩ; í‹–; á„ᅴᆩ; ) HANGUL SYLLABLE TYIGG +D2D7;D2D7;1110 1174 11AA;D2D7;1110 1174 11AA; # (í‹—; í‹—; á„ᅴᆪ; í‹—; á„ᅴᆪ; ) HANGUL SYLLABLE TYIGS +D2D8;D2D8;1110 1174 11AB;D2D8;1110 1174 11AB; # (틘; 틘; á„ᅴᆫ; 틘; á„ᅴᆫ; ) HANGUL SYLLABLE TYIN +D2D9;D2D9;1110 1174 11AC;D2D9;1110 1174 11AC; # (í‹™; í‹™; á„ᅴᆬ; í‹™; á„ᅴᆬ; ) HANGUL SYLLABLE TYINJ +D2DA;D2DA;1110 1174 11AD;D2DA;1110 1174 11AD; # (í‹š; í‹š; á„ᅴᆭ; í‹š; á„ᅴᆭ; ) HANGUL SYLLABLE TYINH +D2DB;D2DB;1110 1174 11AE;D2DB;1110 1174 11AE; # (í‹›; í‹›; á„ᅴᆮ; í‹›; á„ᅴᆮ; ) HANGUL SYLLABLE TYID +D2DC;D2DC;1110 1174 11AF;D2DC;1110 1174 11AF; # (í‹œ; í‹œ; á„ᅴᆯ; í‹œ; á„ᅴᆯ; ) HANGUL SYLLABLE TYIL +D2DD;D2DD;1110 1174 11B0;D2DD;1110 1174 11B0; # (í‹; í‹; á„ᅴᆰ; í‹; á„ᅴᆰ; ) HANGUL SYLLABLE TYILG +D2DE;D2DE;1110 1174 11B1;D2DE;1110 1174 11B1; # (í‹ž; í‹ž; á„ᅴᆱ; í‹ž; á„ᅴᆱ; ) HANGUL SYLLABLE TYILM +D2DF;D2DF;1110 1174 11B2;D2DF;1110 1174 11B2; # (í‹Ÿ; í‹Ÿ; á„ᅴᆲ; í‹Ÿ; á„ᅴᆲ; ) HANGUL SYLLABLE TYILB +D2E0;D2E0;1110 1174 11B3;D2E0;1110 1174 11B3; # (í‹ ; í‹ ; á„ᅴᆳ; í‹ ; á„ᅴᆳ; ) HANGUL SYLLABLE TYILS +D2E1;D2E1;1110 1174 11B4;D2E1;1110 1174 11B4; # (í‹¡; í‹¡; á„ᅴᆴ; í‹¡; á„ᅴᆴ; ) HANGUL SYLLABLE TYILT +D2E2;D2E2;1110 1174 11B5;D2E2;1110 1174 11B5; # (í‹¢; í‹¢; á„ᅴᆵ; í‹¢; á„ᅴᆵ; ) HANGUL SYLLABLE TYILP +D2E3;D2E3;1110 1174 11B6;D2E3;1110 1174 11B6; # (í‹£; í‹£; á„ᅴᆶ; í‹£; á„ᅴᆶ; ) HANGUL SYLLABLE TYILH +D2E4;D2E4;1110 1174 11B7;D2E4;1110 1174 11B7; # (틤; 틤; á„ᅴᆷ; 틤; á„ᅴᆷ; ) HANGUL SYLLABLE TYIM +D2E5;D2E5;1110 1174 11B8;D2E5;1110 1174 11B8; # (í‹¥; í‹¥; á„ᅴᆸ; í‹¥; á„ᅴᆸ; ) HANGUL SYLLABLE TYIB +D2E6;D2E6;1110 1174 11B9;D2E6;1110 1174 11B9; # (틦; 틦; á„ᅴᆹ; 틦; á„ᅴᆹ; ) HANGUL SYLLABLE TYIBS +D2E7;D2E7;1110 1174 11BA;D2E7;1110 1174 11BA; # (틧; 틧; á„ᅴᆺ; 틧; á„ᅴᆺ; ) HANGUL SYLLABLE TYIS +D2E8;D2E8;1110 1174 11BB;D2E8;1110 1174 11BB; # (틨; 틨; á„ᅴᆻ; 틨; á„ᅴᆻ; ) HANGUL SYLLABLE TYISS +D2E9;D2E9;1110 1174 11BC;D2E9;1110 1174 11BC; # (í‹©; í‹©; á„ᅴᆼ; í‹©; á„ᅴᆼ; ) HANGUL SYLLABLE TYING +D2EA;D2EA;1110 1174 11BD;D2EA;1110 1174 11BD; # (틪; 틪; á„ᅴᆽ; 틪; á„ᅴᆽ; ) HANGUL SYLLABLE TYIJ +D2EB;D2EB;1110 1174 11BE;D2EB;1110 1174 11BE; # (í‹«; í‹«; á„ᅴᆾ; í‹«; á„ᅴᆾ; ) HANGUL SYLLABLE TYIC +D2EC;D2EC;1110 1174 11BF;D2EC;1110 1174 11BF; # (틬; 틬; á„ᅴᆿ; 틬; á„ᅴᆿ; ) HANGUL SYLLABLE TYIK +D2ED;D2ED;1110 1174 11C0;D2ED;1110 1174 11C0; # (í‹­; í‹­; á„ᅴᇀ; í‹­; á„ᅴᇀ; ) HANGUL SYLLABLE TYIT +D2EE;D2EE;1110 1174 11C1;D2EE;1110 1174 11C1; # (í‹®; í‹®; á„á…´á‡; í‹®; á„á…´á‡; ) HANGUL SYLLABLE TYIP +D2EF;D2EF;1110 1174 11C2;D2EF;1110 1174 11C2; # (틯; 틯; á„ᅴᇂ; 틯; á„ᅴᇂ; ) HANGUL SYLLABLE TYIH +D2F0;D2F0;1110 1175;D2F0;1110 1175; # (í‹°; í‹°; á„á…µ; í‹°; á„á…µ; ) HANGUL SYLLABLE TI +D2F1;D2F1;1110 1175 11A8;D2F1;1110 1175 11A8; # (틱; 틱; á„ᅵᆨ; 틱; á„ᅵᆨ; ) HANGUL SYLLABLE TIG +D2F2;D2F2;1110 1175 11A9;D2F2;1110 1175 11A9; # (틲; 틲; á„ᅵᆩ; 틲; á„ᅵᆩ; ) HANGUL SYLLABLE TIGG +D2F3;D2F3;1110 1175 11AA;D2F3;1110 1175 11AA; # (틳; 틳; á„ᅵᆪ; 틳; á„ᅵᆪ; ) HANGUL SYLLABLE TIGS +D2F4;D2F4;1110 1175 11AB;D2F4;1110 1175 11AB; # (í‹´; í‹´; á„ᅵᆫ; í‹´; á„ᅵᆫ; ) HANGUL SYLLABLE TIN +D2F5;D2F5;1110 1175 11AC;D2F5;1110 1175 11AC; # (틵; 틵; á„ᅵᆬ; 틵; á„ᅵᆬ; ) HANGUL SYLLABLE TINJ +D2F6;D2F6;1110 1175 11AD;D2F6;1110 1175 11AD; # (틶; 틶; á„ᅵᆭ; 틶; á„ᅵᆭ; ) HANGUL SYLLABLE TINH +D2F7;D2F7;1110 1175 11AE;D2F7;1110 1175 11AE; # (í‹·; í‹·; á„ᅵᆮ; í‹·; á„ᅵᆮ; ) HANGUL SYLLABLE TID +D2F8;D2F8;1110 1175 11AF;D2F8;1110 1175 11AF; # (틸; 틸; á„ᅵᆯ; 틸; á„ᅵᆯ; ) HANGUL SYLLABLE TIL +D2F9;D2F9;1110 1175 11B0;D2F9;1110 1175 11B0; # (틹; 틹; á„ᅵᆰ; 틹; á„ᅵᆰ; ) HANGUL SYLLABLE TILG +D2FA;D2FA;1110 1175 11B1;D2FA;1110 1175 11B1; # (틺; 틺; á„ᅵᆱ; 틺; á„ᅵᆱ; ) HANGUL SYLLABLE TILM +D2FB;D2FB;1110 1175 11B2;D2FB;1110 1175 11B2; # (í‹»; í‹»; á„ᅵᆲ; í‹»; á„ᅵᆲ; ) HANGUL SYLLABLE TILB +D2FC;D2FC;1110 1175 11B3;D2FC;1110 1175 11B3; # (틼; 틼; á„ᅵᆳ; 틼; á„ᅵᆳ; ) HANGUL SYLLABLE TILS +D2FD;D2FD;1110 1175 11B4;D2FD;1110 1175 11B4; # (틽; 틽; á„ᅵᆴ; 틽; á„ᅵᆴ; ) HANGUL SYLLABLE TILT +D2FE;D2FE;1110 1175 11B5;D2FE;1110 1175 11B5; # (틾; 틾; á„ᅵᆵ; 틾; á„ᅵᆵ; ) HANGUL SYLLABLE TILP +D2FF;D2FF;1110 1175 11B6;D2FF;1110 1175 11B6; # (í‹¿; í‹¿; á„ᅵᆶ; í‹¿; á„ᅵᆶ; ) HANGUL SYLLABLE TILH +D300;D300;1110 1175 11B7;D300;1110 1175 11B7; # (팀; 팀; á„ᅵᆷ; 팀; á„ᅵᆷ; ) HANGUL SYLLABLE TIM +D301;D301;1110 1175 11B8;D301;1110 1175 11B8; # (íŒ; íŒ; á„ᅵᆸ; íŒ; á„ᅵᆸ; ) HANGUL SYLLABLE TIB +D302;D302;1110 1175 11B9;D302;1110 1175 11B9; # (팂; 팂; á„ᅵᆹ; 팂; á„ᅵᆹ; ) HANGUL SYLLABLE TIBS +D303;D303;1110 1175 11BA;D303;1110 1175 11BA; # (팃; 팃; á„ᅵᆺ; 팃; á„ᅵᆺ; ) HANGUL SYLLABLE TIS +D304;D304;1110 1175 11BB;D304;1110 1175 11BB; # (팄; 팄; á„ᅵᆻ; 팄; á„ᅵᆻ; ) HANGUL SYLLABLE TISS +D305;D305;1110 1175 11BC;D305;1110 1175 11BC; # (팅; 팅; á„ᅵᆼ; 팅; á„ᅵᆼ; ) HANGUL SYLLABLE TING +D306;D306;1110 1175 11BD;D306;1110 1175 11BD; # (팆; 팆; á„ᅵᆽ; 팆; á„ᅵᆽ; ) HANGUL SYLLABLE TIJ +D307;D307;1110 1175 11BE;D307;1110 1175 11BE; # (팇; 팇; á„ᅵᆾ; 팇; á„ᅵᆾ; ) HANGUL SYLLABLE TIC +D308;D308;1110 1175 11BF;D308;1110 1175 11BF; # (팈; 팈; á„ᅵᆿ; 팈; á„ᅵᆿ; ) HANGUL SYLLABLE TIK +D309;D309;1110 1175 11C0;D309;1110 1175 11C0; # (팉; 팉; á„ᅵᇀ; 팉; á„ᅵᇀ; ) HANGUL SYLLABLE TIT +D30A;D30A;1110 1175 11C1;D30A;1110 1175 11C1; # (팊; 팊; á„á…µá‡; 팊; á„á…µá‡; ) HANGUL SYLLABLE TIP +D30B;D30B;1110 1175 11C2;D30B;1110 1175 11C2; # (팋; 팋; á„ᅵᇂ; 팋; á„ᅵᇂ; ) HANGUL SYLLABLE TIH +D30C;D30C;1111 1161;D30C;1111 1161; # (파; 파; á„‘á…¡; 파; á„‘á…¡; ) HANGUL SYLLABLE PA +D30D;D30D;1111 1161 11A8;D30D;1111 1161 11A8; # (íŒ; íŒ; 팍; íŒ; 팍; ) HANGUL SYLLABLE PAG +D30E;D30E;1111 1161 11A9;D30E;1111 1161 11A9; # (팎; 팎; 팎; 팎; 팎; ) HANGUL SYLLABLE PAGG +D30F;D30F;1111 1161 11AA;D30F;1111 1161 11AA; # (íŒ; íŒ; 팏; íŒ; 팏; ) HANGUL SYLLABLE PAGS +D310;D310;1111 1161 11AB;D310;1111 1161 11AB; # (íŒ; íŒ; 판; íŒ; 판; ) HANGUL SYLLABLE PAN +D311;D311;1111 1161 11AC;D311;1111 1161 11AC; # (팑; 팑; 팑; 팑; 팑; ) HANGUL SYLLABLE PANJ +D312;D312;1111 1161 11AD;D312;1111 1161 11AD; # (팒; 팒; 팒; 팒; 팒; ) HANGUL SYLLABLE PANH +D313;D313;1111 1161 11AE;D313;1111 1161 11AE; # (팓; 팓; 팓; 팓; 팓; ) HANGUL SYLLABLE PAD +D314;D314;1111 1161 11AF;D314;1111 1161 11AF; # (팔; 팔; 팔; 팔; 팔; ) HANGUL SYLLABLE PAL +D315;D315;1111 1161 11B0;D315;1111 1161 11B0; # (팕; 팕; 팕; 팕; 팕; ) HANGUL SYLLABLE PALG +D316;D316;1111 1161 11B1;D316;1111 1161 11B1; # (팖; 팖; 팖; 팖; 팖; ) HANGUL SYLLABLE PALM +D317;D317;1111 1161 11B2;D317;1111 1161 11B2; # (팗; 팗; 팗; 팗; 팗; ) HANGUL SYLLABLE PALB +D318;D318;1111 1161 11B3;D318;1111 1161 11B3; # (팘; 팘; 팘; 팘; 팘; ) HANGUL SYLLABLE PALS +D319;D319;1111 1161 11B4;D319;1111 1161 11B4; # (팙; 팙; 팙; 팙; 팙; ) HANGUL SYLLABLE PALT +D31A;D31A;1111 1161 11B5;D31A;1111 1161 11B5; # (팚; 팚; 팚; 팚; 팚; ) HANGUL SYLLABLE PALP +D31B;D31B;1111 1161 11B6;D31B;1111 1161 11B6; # (팛; 팛; 팛; 팛; 팛; ) HANGUL SYLLABLE PALH +D31C;D31C;1111 1161 11B7;D31C;1111 1161 11B7; # (팜; 팜; 팜; 팜; 팜; ) HANGUL SYLLABLE PAM +D31D;D31D;1111 1161 11B8;D31D;1111 1161 11B8; # (íŒ; íŒ; 팝; íŒ; 팝; ) HANGUL SYLLABLE PAB +D31E;D31E;1111 1161 11B9;D31E;1111 1161 11B9; # (팞; 팞; 팞; 팞; 팞; ) HANGUL SYLLABLE PABS +D31F;D31F;1111 1161 11BA;D31F;1111 1161 11BA; # (팟; 팟; 팟; 팟; 팟; ) HANGUL SYLLABLE PAS +D320;D320;1111 1161 11BB;D320;1111 1161 11BB; # (팠; 팠; 팠; 팠; 팠; ) HANGUL SYLLABLE PASS +D321;D321;1111 1161 11BC;D321;1111 1161 11BC; # (팡; 팡; 팡; 팡; 팡; ) HANGUL SYLLABLE PANG +D322;D322;1111 1161 11BD;D322;1111 1161 11BD; # (팢; 팢; 팢; 팢; 팢; ) HANGUL SYLLABLE PAJ +D323;D323;1111 1161 11BE;D323;1111 1161 11BE; # (팣; 팣; 팣; 팣; 팣; ) HANGUL SYLLABLE PAC +D324;D324;1111 1161 11BF;D324;1111 1161 11BF; # (팤; 팤; 팤; 팤; 팤; ) HANGUL SYLLABLE PAK +D325;D325;1111 1161 11C0;D325;1111 1161 11C0; # (팥; 팥; 팥; 팥; 팥; ) HANGUL SYLLABLE PAT +D326;D326;1111 1161 11C1;D326;1111 1161 11C1; # (팦; 팦; á„‘á…¡á‡; 팦; á„‘á…¡á‡; ) HANGUL SYLLABLE PAP +D327;D327;1111 1161 11C2;D327;1111 1161 11C2; # (팧; 팧; 팧; 팧; 팧; ) HANGUL SYLLABLE PAH +D328;D328;1111 1162;D328;1111 1162; # (패; 패; á„‘á…¢; 패; á„‘á…¢; ) HANGUL SYLLABLE PAE +D329;D329;1111 1162 11A8;D329;1111 1162 11A8; # (팩; 팩; 팩; 팩; 팩; ) HANGUL SYLLABLE PAEG +D32A;D32A;1111 1162 11A9;D32A;1111 1162 11A9; # (팪; 팪; 팪; 팪; 팪; ) HANGUL SYLLABLE PAEGG +D32B;D32B;1111 1162 11AA;D32B;1111 1162 11AA; # (팫; 팫; 팫; 팫; 팫; ) HANGUL SYLLABLE PAEGS +D32C;D32C;1111 1162 11AB;D32C;1111 1162 11AB; # (팬; 팬; 팬; 팬; 팬; ) HANGUL SYLLABLE PAEN +D32D;D32D;1111 1162 11AC;D32D;1111 1162 11AC; # (팭; 팭; 팭; 팭; 팭; ) HANGUL SYLLABLE PAENJ +D32E;D32E;1111 1162 11AD;D32E;1111 1162 11AD; # (팮; 팮; 팮; 팮; 팮; ) HANGUL SYLLABLE PAENH +D32F;D32F;1111 1162 11AE;D32F;1111 1162 11AE; # (팯; 팯; 팯; 팯; 팯; ) HANGUL SYLLABLE PAED +D330;D330;1111 1162 11AF;D330;1111 1162 11AF; # (팰; 팰; 팰; 팰; 팰; ) HANGUL SYLLABLE PAEL +D331;D331;1111 1162 11B0;D331;1111 1162 11B0; # (팱; 팱; 팱; 팱; 팱; ) HANGUL SYLLABLE PAELG +D332;D332;1111 1162 11B1;D332;1111 1162 11B1; # (팲; 팲; 팲; 팲; 팲; ) HANGUL SYLLABLE PAELM +D333;D333;1111 1162 11B2;D333;1111 1162 11B2; # (팳; 팳; 팳; 팳; 팳; ) HANGUL SYLLABLE PAELB +D334;D334;1111 1162 11B3;D334;1111 1162 11B3; # (팴; 팴; 팴; 팴; 팴; ) HANGUL SYLLABLE PAELS +D335;D335;1111 1162 11B4;D335;1111 1162 11B4; # (팵; 팵; 팵; 팵; 팵; ) HANGUL SYLLABLE PAELT +D336;D336;1111 1162 11B5;D336;1111 1162 11B5; # (팶; 팶; 팶; 팶; 팶; ) HANGUL SYLLABLE PAELP +D337;D337;1111 1162 11B6;D337;1111 1162 11B6; # (팷; 팷; 팷; 팷; 팷; ) HANGUL SYLLABLE PAELH +D338;D338;1111 1162 11B7;D338;1111 1162 11B7; # (팸; 팸; 팸; 팸; 팸; ) HANGUL SYLLABLE PAEM +D339;D339;1111 1162 11B8;D339;1111 1162 11B8; # (팹; 팹; 팹; 팹; 팹; ) HANGUL SYLLABLE PAEB +D33A;D33A;1111 1162 11B9;D33A;1111 1162 11B9; # (팺; 팺; 팺; 팺; 팺; ) HANGUL SYLLABLE PAEBS +D33B;D33B;1111 1162 11BA;D33B;1111 1162 11BA; # (팻; 팻; 팻; 팻; 팻; ) HANGUL SYLLABLE PAES +D33C;D33C;1111 1162 11BB;D33C;1111 1162 11BB; # (팼; 팼; 팼; 팼; 팼; ) HANGUL SYLLABLE PAESS +D33D;D33D;1111 1162 11BC;D33D;1111 1162 11BC; # (팽; 팽; 팽; 팽; 팽; ) HANGUL SYLLABLE PAENG +D33E;D33E;1111 1162 11BD;D33E;1111 1162 11BD; # (팾; 팾; 팾; 팾; 팾; ) HANGUL SYLLABLE PAEJ +D33F;D33F;1111 1162 11BE;D33F;1111 1162 11BE; # (팿; 팿; 팿; 팿; 팿; ) HANGUL SYLLABLE PAEC +D340;D340;1111 1162 11BF;D340;1111 1162 11BF; # (í€; í€; 퍀; í€; 퍀; ) HANGUL SYLLABLE PAEK +D341;D341;1111 1162 11C0;D341;1111 1162 11C0; # (í; í; 퍁; í; 퍁; ) HANGUL SYLLABLE PAET +D342;D342;1111 1162 11C1;D342;1111 1162 11C1; # (í‚; í‚; á„‘á…¢á‡; í‚; á„‘á…¢á‡; ) HANGUL SYLLABLE PAEP +D343;D343;1111 1162 11C2;D343;1111 1162 11C2; # (íƒ; íƒ; 퍃; íƒ; 퍃; ) HANGUL SYLLABLE PAEH +D344;D344;1111 1163;D344;1111 1163; # (í„; í„; á„‘á…£; í„; á„‘á…£; ) HANGUL SYLLABLE PYA +D345;D345;1111 1163 11A8;D345;1111 1163 11A8; # (í…; í…; 퍅; í…; 퍅; ) HANGUL SYLLABLE PYAG +D346;D346;1111 1163 11A9;D346;1111 1163 11A9; # (í†; í†; 퍆; í†; 퍆; ) HANGUL SYLLABLE PYAGG +D347;D347;1111 1163 11AA;D347;1111 1163 11AA; # (í‡; í‡; 퍇; í‡; 퍇; ) HANGUL SYLLABLE PYAGS +D348;D348;1111 1163 11AB;D348;1111 1163 11AB; # (íˆ; íˆ; 퍈; íˆ; 퍈; ) HANGUL SYLLABLE PYAN +D349;D349;1111 1163 11AC;D349;1111 1163 11AC; # (í‰; í‰; 퍉; í‰; 퍉; ) HANGUL SYLLABLE PYANJ +D34A;D34A;1111 1163 11AD;D34A;1111 1163 11AD; # (íŠ; íŠ; 퍊; íŠ; 퍊; ) HANGUL SYLLABLE PYANH +D34B;D34B;1111 1163 11AE;D34B;1111 1163 11AE; # (í‹; í‹; 퍋; í‹; 퍋; ) HANGUL SYLLABLE PYAD +D34C;D34C;1111 1163 11AF;D34C;1111 1163 11AF; # (íŒ; íŒ; 퍌; íŒ; 퍌; ) HANGUL SYLLABLE PYAL +D34D;D34D;1111 1163 11B0;D34D;1111 1163 11B0; # (í; í; 퍍; í; 퍍; ) HANGUL SYLLABLE PYALG +D34E;D34E;1111 1163 11B1;D34E;1111 1163 11B1; # (íŽ; íŽ; 퍎; íŽ; 퍎; ) HANGUL SYLLABLE PYALM +D34F;D34F;1111 1163 11B2;D34F;1111 1163 11B2; # (í; í; 퍏; í; 퍏; ) HANGUL SYLLABLE PYALB +D350;D350;1111 1163 11B3;D350;1111 1163 11B3; # (í; í; 퍐; í; 퍐; ) HANGUL SYLLABLE PYALS +D351;D351;1111 1163 11B4;D351;1111 1163 11B4; # (í‘; í‘; 퍑; í‘; 퍑; ) HANGUL SYLLABLE PYALT +D352;D352;1111 1163 11B5;D352;1111 1163 11B5; # (í’; í’; 퍒; í’; 퍒; ) HANGUL SYLLABLE PYALP +D353;D353;1111 1163 11B6;D353;1111 1163 11B6; # (í“; í“; 퍓; í“; 퍓; ) HANGUL SYLLABLE PYALH +D354;D354;1111 1163 11B7;D354;1111 1163 11B7; # (í”; í”; 퍔; í”; 퍔; ) HANGUL SYLLABLE PYAM +D355;D355;1111 1163 11B8;D355;1111 1163 11B8; # (í•; í•; 퍕; í•; 퍕; ) HANGUL SYLLABLE PYAB +D356;D356;1111 1163 11B9;D356;1111 1163 11B9; # (í–; í–; 퍖; í–; 퍖; ) HANGUL SYLLABLE PYABS +D357;D357;1111 1163 11BA;D357;1111 1163 11BA; # (í—; í—; 퍗; í—; 퍗; ) HANGUL SYLLABLE PYAS +D358;D358;1111 1163 11BB;D358;1111 1163 11BB; # (í˜; í˜; 퍘; í˜; 퍘; ) HANGUL SYLLABLE PYASS +D359;D359;1111 1163 11BC;D359;1111 1163 11BC; # (í™; í™; 퍙; í™; 퍙; ) HANGUL SYLLABLE PYANG +D35A;D35A;1111 1163 11BD;D35A;1111 1163 11BD; # (íš; íš; 퍚; íš; 퍚; ) HANGUL SYLLABLE PYAJ +D35B;D35B;1111 1163 11BE;D35B;1111 1163 11BE; # (í›; í›; 퍛; í›; 퍛; ) HANGUL SYLLABLE PYAC +D35C;D35C;1111 1163 11BF;D35C;1111 1163 11BF; # (íœ; íœ; 퍜; íœ; 퍜; ) HANGUL SYLLABLE PYAK +D35D;D35D;1111 1163 11C0;D35D;1111 1163 11C0; # (í; í; 퍝; í; 퍝; ) HANGUL SYLLABLE PYAT +D35E;D35E;1111 1163 11C1;D35E;1111 1163 11C1; # (íž; íž; á„‘á…£á‡; íž; á„‘á…£á‡; ) HANGUL SYLLABLE PYAP +D35F;D35F;1111 1163 11C2;D35F;1111 1163 11C2; # (íŸ; íŸ; 퍟; íŸ; 퍟; ) HANGUL SYLLABLE PYAH +D360;D360;1111 1164;D360;1111 1164; # (í ; í ; á„‘á…¤; í ; á„‘á…¤; ) HANGUL SYLLABLE PYAE +D361;D361;1111 1164 11A8;D361;1111 1164 11A8; # (í¡; í¡; 퍡; í¡; 퍡; ) HANGUL SYLLABLE PYAEG +D362;D362;1111 1164 11A9;D362;1111 1164 11A9; # (í¢; í¢; 퍢; í¢; 퍢; ) HANGUL SYLLABLE PYAEGG +D363;D363;1111 1164 11AA;D363;1111 1164 11AA; # (í£; í£; 퍣; í£; 퍣; ) HANGUL SYLLABLE PYAEGS +D364;D364;1111 1164 11AB;D364;1111 1164 11AB; # (í¤; í¤; 퍤; í¤; 퍤; ) HANGUL SYLLABLE PYAEN +D365;D365;1111 1164 11AC;D365;1111 1164 11AC; # (í¥; í¥; 퍥; í¥; 퍥; ) HANGUL SYLLABLE PYAENJ +D366;D366;1111 1164 11AD;D366;1111 1164 11AD; # (í¦; í¦; 퍦; í¦; 퍦; ) HANGUL SYLLABLE PYAENH +D367;D367;1111 1164 11AE;D367;1111 1164 11AE; # (í§; í§; 퍧; í§; 퍧; ) HANGUL SYLLABLE PYAED +D368;D368;1111 1164 11AF;D368;1111 1164 11AF; # (í¨; í¨; 퍨; í¨; 퍨; ) HANGUL SYLLABLE PYAEL +D369;D369;1111 1164 11B0;D369;1111 1164 11B0; # (í©; í©; 퍩; í©; 퍩; ) HANGUL SYLLABLE PYAELG +D36A;D36A;1111 1164 11B1;D36A;1111 1164 11B1; # (íª; íª; 퍪; íª; 퍪; ) HANGUL SYLLABLE PYAELM +D36B;D36B;1111 1164 11B2;D36B;1111 1164 11B2; # (í«; í«; 퍫; í«; 퍫; ) HANGUL SYLLABLE PYAELB +D36C;D36C;1111 1164 11B3;D36C;1111 1164 11B3; # (í¬; í¬; 퍬; í¬; 퍬; ) HANGUL SYLLABLE PYAELS +D36D;D36D;1111 1164 11B4;D36D;1111 1164 11B4; # (í­; í­; 퍭; í­; 퍭; ) HANGUL SYLLABLE PYAELT +D36E;D36E;1111 1164 11B5;D36E;1111 1164 11B5; # (í®; í®; 퍮; í®; 퍮; ) HANGUL SYLLABLE PYAELP +D36F;D36F;1111 1164 11B6;D36F;1111 1164 11B6; # (í¯; í¯; 퍯; í¯; 퍯; ) HANGUL SYLLABLE PYAELH +D370;D370;1111 1164 11B7;D370;1111 1164 11B7; # (í°; í°; 퍰; í°; 퍰; ) HANGUL SYLLABLE PYAEM +D371;D371;1111 1164 11B8;D371;1111 1164 11B8; # (í±; í±; 퍱; í±; 퍱; ) HANGUL SYLLABLE PYAEB +D372;D372;1111 1164 11B9;D372;1111 1164 11B9; # (í²; í²; 퍲; í²; 퍲; ) HANGUL SYLLABLE PYAEBS +D373;D373;1111 1164 11BA;D373;1111 1164 11BA; # (í³; í³; 퍳; í³; 퍳; ) HANGUL SYLLABLE PYAES +D374;D374;1111 1164 11BB;D374;1111 1164 11BB; # (í´; í´; 퍴; í´; 퍴; ) HANGUL SYLLABLE PYAESS +D375;D375;1111 1164 11BC;D375;1111 1164 11BC; # (íµ; íµ; 퍵; íµ; 퍵; ) HANGUL SYLLABLE PYAENG +D376;D376;1111 1164 11BD;D376;1111 1164 11BD; # (í¶; í¶; 퍶; í¶; 퍶; ) HANGUL SYLLABLE PYAEJ +D377;D377;1111 1164 11BE;D377;1111 1164 11BE; # (í·; í·; 퍷; í·; 퍷; ) HANGUL SYLLABLE PYAEC +D378;D378;1111 1164 11BF;D378;1111 1164 11BF; # (í¸; í¸; 퍸; í¸; 퍸; ) HANGUL SYLLABLE PYAEK +D379;D379;1111 1164 11C0;D379;1111 1164 11C0; # (í¹; í¹; 퍹; í¹; 퍹; ) HANGUL SYLLABLE PYAET +D37A;D37A;1111 1164 11C1;D37A;1111 1164 11C1; # (íº; íº; á„‘á…¤á‡; íº; á„‘á…¤á‡; ) HANGUL SYLLABLE PYAEP +D37B;D37B;1111 1164 11C2;D37B;1111 1164 11C2; # (í»; í»; 퍻; í»; 퍻; ) HANGUL SYLLABLE PYAEH +D37C;D37C;1111 1165;D37C;1111 1165; # (í¼; í¼; á„‘á…¥; í¼; á„‘á…¥; ) HANGUL SYLLABLE PEO +D37D;D37D;1111 1165 11A8;D37D;1111 1165 11A8; # (í½; í½; 퍽; í½; 퍽; ) HANGUL SYLLABLE PEOG +D37E;D37E;1111 1165 11A9;D37E;1111 1165 11A9; # (í¾; í¾; 퍾; í¾; 퍾; ) HANGUL SYLLABLE PEOGG +D37F;D37F;1111 1165 11AA;D37F;1111 1165 11AA; # (í¿; í¿; 퍿; í¿; 퍿; ) HANGUL SYLLABLE PEOGS +D380;D380;1111 1165 11AB;D380;1111 1165 11AB; # (펀; 펀; 펀; 펀; 펀; ) HANGUL SYLLABLE PEON +D381;D381;1111 1165 11AC;D381;1111 1165 11AC; # (íŽ; íŽ; 펁; íŽ; 펁; ) HANGUL SYLLABLE PEONJ +D382;D382;1111 1165 11AD;D382;1111 1165 11AD; # (펂; 펂; 펂; 펂; 펂; ) HANGUL SYLLABLE PEONH +D383;D383;1111 1165 11AE;D383;1111 1165 11AE; # (펃; 펃; 펃; 펃; 펃; ) HANGUL SYLLABLE PEOD +D384;D384;1111 1165 11AF;D384;1111 1165 11AF; # (펄; 펄; 펄; 펄; 펄; ) HANGUL SYLLABLE PEOL +D385;D385;1111 1165 11B0;D385;1111 1165 11B0; # (펅; 펅; 펅; 펅; 펅; ) HANGUL SYLLABLE PEOLG +D386;D386;1111 1165 11B1;D386;1111 1165 11B1; # (펆; 펆; 펆; 펆; 펆; ) HANGUL SYLLABLE PEOLM +D387;D387;1111 1165 11B2;D387;1111 1165 11B2; # (펇; 펇; 펇; 펇; 펇; ) HANGUL SYLLABLE PEOLB +D388;D388;1111 1165 11B3;D388;1111 1165 11B3; # (펈; 펈; 펈; 펈; 펈; ) HANGUL SYLLABLE PEOLS +D389;D389;1111 1165 11B4;D389;1111 1165 11B4; # (펉; 펉; 펉; 펉; 펉; ) HANGUL SYLLABLE PEOLT +D38A;D38A;1111 1165 11B5;D38A;1111 1165 11B5; # (펊; 펊; 펊; 펊; 펊; ) HANGUL SYLLABLE PEOLP +D38B;D38B;1111 1165 11B6;D38B;1111 1165 11B6; # (펋; 펋; 펋; 펋; 펋; ) HANGUL SYLLABLE PEOLH +D38C;D38C;1111 1165 11B7;D38C;1111 1165 11B7; # (펌; 펌; 펌; 펌; 펌; ) HANGUL SYLLABLE PEOM +D38D;D38D;1111 1165 11B8;D38D;1111 1165 11B8; # (íŽ; íŽ; 펍; íŽ; 펍; ) HANGUL SYLLABLE PEOB +D38E;D38E;1111 1165 11B9;D38E;1111 1165 11B9; # (펎; 펎; 펎; 펎; 펎; ) HANGUL SYLLABLE PEOBS +D38F;D38F;1111 1165 11BA;D38F;1111 1165 11BA; # (íŽ; íŽ; 펏; íŽ; 펏; ) HANGUL SYLLABLE PEOS +D390;D390;1111 1165 11BB;D390;1111 1165 11BB; # (íŽ; íŽ; 펐; íŽ; 펐; ) HANGUL SYLLABLE PEOSS +D391;D391;1111 1165 11BC;D391;1111 1165 11BC; # (펑; 펑; 펑; 펑; 펑; ) HANGUL SYLLABLE PEONG +D392;D392;1111 1165 11BD;D392;1111 1165 11BD; # (펒; 펒; 펒; 펒; 펒; ) HANGUL SYLLABLE PEOJ +D393;D393;1111 1165 11BE;D393;1111 1165 11BE; # (펓; 펓; 펓; 펓; 펓; ) HANGUL SYLLABLE PEOC +D394;D394;1111 1165 11BF;D394;1111 1165 11BF; # (펔; 펔; 펔; 펔; 펔; ) HANGUL SYLLABLE PEOK +D395;D395;1111 1165 11C0;D395;1111 1165 11C0; # (펕; 펕; 펕; 펕; 펕; ) HANGUL SYLLABLE PEOT +D396;D396;1111 1165 11C1;D396;1111 1165 11C1; # (펖; 펖; á„‘á…¥á‡; 펖; á„‘á…¥á‡; ) HANGUL SYLLABLE PEOP +D397;D397;1111 1165 11C2;D397;1111 1165 11C2; # (펗; 펗; 펗; 펗; 펗; ) HANGUL SYLLABLE PEOH +D398;D398;1111 1166;D398;1111 1166; # (페; 페; á„‘á…¦; 페; á„‘á…¦; ) HANGUL SYLLABLE PE +D399;D399;1111 1166 11A8;D399;1111 1166 11A8; # (펙; 펙; 펙; 펙; 펙; ) HANGUL SYLLABLE PEG +D39A;D39A;1111 1166 11A9;D39A;1111 1166 11A9; # (펚; 펚; 펚; 펚; 펚; ) HANGUL SYLLABLE PEGG +D39B;D39B;1111 1166 11AA;D39B;1111 1166 11AA; # (펛; 펛; 펛; 펛; 펛; ) HANGUL SYLLABLE PEGS +D39C;D39C;1111 1166 11AB;D39C;1111 1166 11AB; # (펜; 펜; 펜; 펜; 펜; ) HANGUL SYLLABLE PEN +D39D;D39D;1111 1166 11AC;D39D;1111 1166 11AC; # (íŽ; íŽ; 펝; íŽ; 펝; ) HANGUL SYLLABLE PENJ +D39E;D39E;1111 1166 11AD;D39E;1111 1166 11AD; # (펞; 펞; 펞; 펞; 펞; ) HANGUL SYLLABLE PENH +D39F;D39F;1111 1166 11AE;D39F;1111 1166 11AE; # (펟; 펟; 펟; 펟; 펟; ) HANGUL SYLLABLE PED +D3A0;D3A0;1111 1166 11AF;D3A0;1111 1166 11AF; # (펠; 펠; 펠; 펠; 펠; ) HANGUL SYLLABLE PEL +D3A1;D3A1;1111 1166 11B0;D3A1;1111 1166 11B0; # (펡; 펡; 펡; 펡; 펡; ) HANGUL SYLLABLE PELG +D3A2;D3A2;1111 1166 11B1;D3A2;1111 1166 11B1; # (펢; 펢; 펢; 펢; 펢; ) HANGUL SYLLABLE PELM +D3A3;D3A3;1111 1166 11B2;D3A3;1111 1166 11B2; # (펣; 펣; 펣; 펣; 펣; ) HANGUL SYLLABLE PELB +D3A4;D3A4;1111 1166 11B3;D3A4;1111 1166 11B3; # (펤; 펤; 펤; 펤; 펤; ) HANGUL SYLLABLE PELS +D3A5;D3A5;1111 1166 11B4;D3A5;1111 1166 11B4; # (펥; 펥; 펥; 펥; 펥; ) HANGUL SYLLABLE PELT +D3A6;D3A6;1111 1166 11B5;D3A6;1111 1166 11B5; # (펦; 펦; 펦; 펦; 펦; ) HANGUL SYLLABLE PELP +D3A7;D3A7;1111 1166 11B6;D3A7;1111 1166 11B6; # (펧; 펧; 펧; 펧; 펧; ) HANGUL SYLLABLE PELH +D3A8;D3A8;1111 1166 11B7;D3A8;1111 1166 11B7; # (펨; 펨; 펨; 펨; 펨; ) HANGUL SYLLABLE PEM +D3A9;D3A9;1111 1166 11B8;D3A9;1111 1166 11B8; # (펩; 펩; 펩; 펩; 펩; ) HANGUL SYLLABLE PEB +D3AA;D3AA;1111 1166 11B9;D3AA;1111 1166 11B9; # (펪; 펪; 펪; 펪; 펪; ) HANGUL SYLLABLE PEBS +D3AB;D3AB;1111 1166 11BA;D3AB;1111 1166 11BA; # (펫; 펫; 펫; 펫; 펫; ) HANGUL SYLLABLE PES +D3AC;D3AC;1111 1166 11BB;D3AC;1111 1166 11BB; # (펬; 펬; 펬; 펬; 펬; ) HANGUL SYLLABLE PESS +D3AD;D3AD;1111 1166 11BC;D3AD;1111 1166 11BC; # (펭; 펭; 펭; 펭; 펭; ) HANGUL SYLLABLE PENG +D3AE;D3AE;1111 1166 11BD;D3AE;1111 1166 11BD; # (펮; 펮; 펮; 펮; 펮; ) HANGUL SYLLABLE PEJ +D3AF;D3AF;1111 1166 11BE;D3AF;1111 1166 11BE; # (펯; 펯; 펯; 펯; 펯; ) HANGUL SYLLABLE PEC +D3B0;D3B0;1111 1166 11BF;D3B0;1111 1166 11BF; # (펰; 펰; 펰; 펰; 펰; ) HANGUL SYLLABLE PEK +D3B1;D3B1;1111 1166 11C0;D3B1;1111 1166 11C0; # (펱; 펱; 펱; 펱; 펱; ) HANGUL SYLLABLE PET +D3B2;D3B2;1111 1166 11C1;D3B2;1111 1166 11C1; # (펲; 펲; á„‘á…¦á‡; 펲; á„‘á…¦á‡; ) HANGUL SYLLABLE PEP +D3B3;D3B3;1111 1166 11C2;D3B3;1111 1166 11C2; # (펳; 펳; 펳; 펳; 펳; ) HANGUL SYLLABLE PEH +D3B4;D3B4;1111 1167;D3B4;1111 1167; # (펴; 펴; á„‘á…§; 펴; á„‘á…§; ) HANGUL SYLLABLE PYEO +D3B5;D3B5;1111 1167 11A8;D3B5;1111 1167 11A8; # (펵; 펵; 펵; 펵; 펵; ) HANGUL SYLLABLE PYEOG +D3B6;D3B6;1111 1167 11A9;D3B6;1111 1167 11A9; # (펶; 펶; 펶; 펶; 펶; ) HANGUL SYLLABLE PYEOGG +D3B7;D3B7;1111 1167 11AA;D3B7;1111 1167 11AA; # (펷; 펷; 펷; 펷; 펷; ) HANGUL SYLLABLE PYEOGS +D3B8;D3B8;1111 1167 11AB;D3B8;1111 1167 11AB; # (편; 편; 편; 편; 편; ) HANGUL SYLLABLE PYEON +D3B9;D3B9;1111 1167 11AC;D3B9;1111 1167 11AC; # (펹; 펹; 펹; 펹; 펹; ) HANGUL SYLLABLE PYEONJ +D3BA;D3BA;1111 1167 11AD;D3BA;1111 1167 11AD; # (펺; 펺; 펺; 펺; 펺; ) HANGUL SYLLABLE PYEONH +D3BB;D3BB;1111 1167 11AE;D3BB;1111 1167 11AE; # (펻; 펻; 펻; 펻; 펻; ) HANGUL SYLLABLE PYEOD +D3BC;D3BC;1111 1167 11AF;D3BC;1111 1167 11AF; # (펼; 펼; 펼; 펼; 펼; ) HANGUL SYLLABLE PYEOL +D3BD;D3BD;1111 1167 11B0;D3BD;1111 1167 11B0; # (펽; 펽; 펽; 펽; 펽; ) HANGUL SYLLABLE PYEOLG +D3BE;D3BE;1111 1167 11B1;D3BE;1111 1167 11B1; # (펾; 펾; 펾; 펾; 펾; ) HANGUL SYLLABLE PYEOLM +D3BF;D3BF;1111 1167 11B2;D3BF;1111 1167 11B2; # (펿; 펿; 펿; 펿; 펿; ) HANGUL SYLLABLE PYEOLB +D3C0;D3C0;1111 1167 11B3;D3C0;1111 1167 11B3; # (í€; í€; 폀; í€; 폀; ) HANGUL SYLLABLE PYEOLS +D3C1;D3C1;1111 1167 11B4;D3C1;1111 1167 11B4; # (í; í; 폁; í; 폁; ) HANGUL SYLLABLE PYEOLT +D3C2;D3C2;1111 1167 11B5;D3C2;1111 1167 11B5; # (í‚; í‚; 폂; í‚; 폂; ) HANGUL SYLLABLE PYEOLP +D3C3;D3C3;1111 1167 11B6;D3C3;1111 1167 11B6; # (íƒ; íƒ; 폃; íƒ; 폃; ) HANGUL SYLLABLE PYEOLH +D3C4;D3C4;1111 1167 11B7;D3C4;1111 1167 11B7; # (í„; í„; 폄; í„; 폄; ) HANGUL SYLLABLE PYEOM +D3C5;D3C5;1111 1167 11B8;D3C5;1111 1167 11B8; # (í…; í…; 폅; í…; 폅; ) HANGUL SYLLABLE PYEOB +D3C6;D3C6;1111 1167 11B9;D3C6;1111 1167 11B9; # (í†; í†; 폆; í†; 폆; ) HANGUL SYLLABLE PYEOBS +D3C7;D3C7;1111 1167 11BA;D3C7;1111 1167 11BA; # (í‡; í‡; 폇; í‡; 폇; ) HANGUL SYLLABLE PYEOS +D3C8;D3C8;1111 1167 11BB;D3C8;1111 1167 11BB; # (íˆ; íˆ; 폈; íˆ; 폈; ) HANGUL SYLLABLE PYEOSS +D3C9;D3C9;1111 1167 11BC;D3C9;1111 1167 11BC; # (í‰; í‰; 평; í‰; 평; ) HANGUL SYLLABLE PYEONG +D3CA;D3CA;1111 1167 11BD;D3CA;1111 1167 11BD; # (íŠ; íŠ; 폊; íŠ; 폊; ) HANGUL SYLLABLE PYEOJ +D3CB;D3CB;1111 1167 11BE;D3CB;1111 1167 11BE; # (í‹; í‹; 폋; í‹; 폋; ) HANGUL SYLLABLE PYEOC +D3CC;D3CC;1111 1167 11BF;D3CC;1111 1167 11BF; # (íŒ; íŒ; 폌; íŒ; 폌; ) HANGUL SYLLABLE PYEOK +D3CD;D3CD;1111 1167 11C0;D3CD;1111 1167 11C0; # (í; í; 폍; í; 폍; ) HANGUL SYLLABLE PYEOT +D3CE;D3CE;1111 1167 11C1;D3CE;1111 1167 11C1; # (íŽ; íŽ; á„‘á…§á‡; íŽ; á„‘á…§á‡; ) HANGUL SYLLABLE PYEOP +D3CF;D3CF;1111 1167 11C2;D3CF;1111 1167 11C2; # (í; í; 폏; í; 폏; ) HANGUL SYLLABLE PYEOH +D3D0;D3D0;1111 1168;D3D0;1111 1168; # (í; í; á„‘á…¨; í; á„‘á…¨; ) HANGUL SYLLABLE PYE +D3D1;D3D1;1111 1168 11A8;D3D1;1111 1168 11A8; # (í‘; í‘; 폑; í‘; 폑; ) HANGUL SYLLABLE PYEG +D3D2;D3D2;1111 1168 11A9;D3D2;1111 1168 11A9; # (í’; í’; 폒; í’; 폒; ) HANGUL SYLLABLE PYEGG +D3D3;D3D3;1111 1168 11AA;D3D3;1111 1168 11AA; # (í“; í“; 폓; í“; 폓; ) HANGUL SYLLABLE PYEGS +D3D4;D3D4;1111 1168 11AB;D3D4;1111 1168 11AB; # (í”; í”; 폔; í”; 폔; ) HANGUL SYLLABLE PYEN +D3D5;D3D5;1111 1168 11AC;D3D5;1111 1168 11AC; # (í•; í•; 폕; í•; 폕; ) HANGUL SYLLABLE PYENJ +D3D6;D3D6;1111 1168 11AD;D3D6;1111 1168 11AD; # (í–; í–; 폖; í–; 폖; ) HANGUL SYLLABLE PYENH +D3D7;D3D7;1111 1168 11AE;D3D7;1111 1168 11AE; # (í—; í—; 폗; í—; 폗; ) HANGUL SYLLABLE PYED +D3D8;D3D8;1111 1168 11AF;D3D8;1111 1168 11AF; # (í˜; í˜; 폘; í˜; 폘; ) HANGUL SYLLABLE PYEL +D3D9;D3D9;1111 1168 11B0;D3D9;1111 1168 11B0; # (í™; í™; 폙; í™; 폙; ) HANGUL SYLLABLE PYELG +D3DA;D3DA;1111 1168 11B1;D3DA;1111 1168 11B1; # (íš; íš; 폚; íš; 폚; ) HANGUL SYLLABLE PYELM +D3DB;D3DB;1111 1168 11B2;D3DB;1111 1168 11B2; # (í›; í›; 폛; í›; 폛; ) HANGUL SYLLABLE PYELB +D3DC;D3DC;1111 1168 11B3;D3DC;1111 1168 11B3; # (íœ; íœ; 폜; íœ; 폜; ) HANGUL SYLLABLE PYELS +D3DD;D3DD;1111 1168 11B4;D3DD;1111 1168 11B4; # (í; í; 폝; í; 폝; ) HANGUL SYLLABLE PYELT +D3DE;D3DE;1111 1168 11B5;D3DE;1111 1168 11B5; # (íž; íž; 폞; íž; 폞; ) HANGUL SYLLABLE PYELP +D3DF;D3DF;1111 1168 11B6;D3DF;1111 1168 11B6; # (íŸ; íŸ; 폟; íŸ; 폟; ) HANGUL SYLLABLE PYELH +D3E0;D3E0;1111 1168 11B7;D3E0;1111 1168 11B7; # (í ; í ; 폠; í ; 폠; ) HANGUL SYLLABLE PYEM +D3E1;D3E1;1111 1168 11B8;D3E1;1111 1168 11B8; # (í¡; í¡; 폡; í¡; 폡; ) HANGUL SYLLABLE PYEB +D3E2;D3E2;1111 1168 11B9;D3E2;1111 1168 11B9; # (í¢; í¢; 폢; í¢; 폢; ) HANGUL SYLLABLE PYEBS +D3E3;D3E3;1111 1168 11BA;D3E3;1111 1168 11BA; # (í£; í£; 폣; í£; 폣; ) HANGUL SYLLABLE PYES +D3E4;D3E4;1111 1168 11BB;D3E4;1111 1168 11BB; # (í¤; í¤; 폤; í¤; 폤; ) HANGUL SYLLABLE PYESS +D3E5;D3E5;1111 1168 11BC;D3E5;1111 1168 11BC; # (í¥; í¥; 폥; í¥; 폥; ) HANGUL SYLLABLE PYENG +D3E6;D3E6;1111 1168 11BD;D3E6;1111 1168 11BD; # (í¦; í¦; 폦; í¦; 폦; ) HANGUL SYLLABLE PYEJ +D3E7;D3E7;1111 1168 11BE;D3E7;1111 1168 11BE; # (í§; í§; 폧; í§; 폧; ) HANGUL SYLLABLE PYEC +D3E8;D3E8;1111 1168 11BF;D3E8;1111 1168 11BF; # (í¨; í¨; 폨; í¨; 폨; ) HANGUL SYLLABLE PYEK +D3E9;D3E9;1111 1168 11C0;D3E9;1111 1168 11C0; # (í©; í©; 폩; í©; 폩; ) HANGUL SYLLABLE PYET +D3EA;D3EA;1111 1168 11C1;D3EA;1111 1168 11C1; # (íª; íª; á„‘á…¨á‡; íª; á„‘á…¨á‡; ) HANGUL SYLLABLE PYEP +D3EB;D3EB;1111 1168 11C2;D3EB;1111 1168 11C2; # (í«; í«; 폫; í«; 폫; ) HANGUL SYLLABLE PYEH +D3EC;D3EC;1111 1169;D3EC;1111 1169; # (í¬; í¬; á„‘á…©; í¬; á„‘á…©; ) HANGUL SYLLABLE PO +D3ED;D3ED;1111 1169 11A8;D3ED;1111 1169 11A8; # (í­; í­; 폭; í­; 폭; ) HANGUL SYLLABLE POG +D3EE;D3EE;1111 1169 11A9;D3EE;1111 1169 11A9; # (í®; í®; 폮; í®; 폮; ) HANGUL SYLLABLE POGG +D3EF;D3EF;1111 1169 11AA;D3EF;1111 1169 11AA; # (í¯; í¯; 폯; í¯; 폯; ) HANGUL SYLLABLE POGS +D3F0;D3F0;1111 1169 11AB;D3F0;1111 1169 11AB; # (í°; í°; 폰; í°; 폰; ) HANGUL SYLLABLE PON +D3F1;D3F1;1111 1169 11AC;D3F1;1111 1169 11AC; # (í±; í±; 폱; í±; 폱; ) HANGUL SYLLABLE PONJ +D3F2;D3F2;1111 1169 11AD;D3F2;1111 1169 11AD; # (í²; í²; 폲; í²; 폲; ) HANGUL SYLLABLE PONH +D3F3;D3F3;1111 1169 11AE;D3F3;1111 1169 11AE; # (í³; í³; 폳; í³; 폳; ) HANGUL SYLLABLE POD +D3F4;D3F4;1111 1169 11AF;D3F4;1111 1169 11AF; # (í´; í´; 폴; í´; 폴; ) HANGUL SYLLABLE POL +D3F5;D3F5;1111 1169 11B0;D3F5;1111 1169 11B0; # (íµ; íµ; 폵; íµ; 폵; ) HANGUL SYLLABLE POLG +D3F6;D3F6;1111 1169 11B1;D3F6;1111 1169 11B1; # (í¶; í¶; 폶; í¶; 폶; ) HANGUL SYLLABLE POLM +D3F7;D3F7;1111 1169 11B2;D3F7;1111 1169 11B2; # (í·; í·; 폷; í·; 폷; ) HANGUL SYLLABLE POLB +D3F8;D3F8;1111 1169 11B3;D3F8;1111 1169 11B3; # (í¸; í¸; 폸; í¸; 폸; ) HANGUL SYLLABLE POLS +D3F9;D3F9;1111 1169 11B4;D3F9;1111 1169 11B4; # (í¹; í¹; 폹; í¹; 폹; ) HANGUL SYLLABLE POLT +D3FA;D3FA;1111 1169 11B5;D3FA;1111 1169 11B5; # (íº; íº; 폺; íº; 폺; ) HANGUL SYLLABLE POLP +D3FB;D3FB;1111 1169 11B6;D3FB;1111 1169 11B6; # (í»; í»; 폻; í»; 폻; ) HANGUL SYLLABLE POLH +D3FC;D3FC;1111 1169 11B7;D3FC;1111 1169 11B7; # (í¼; í¼; 폼; í¼; 폼; ) HANGUL SYLLABLE POM +D3FD;D3FD;1111 1169 11B8;D3FD;1111 1169 11B8; # (í½; í½; 폽; í½; 폽; ) HANGUL SYLLABLE POB +D3FE;D3FE;1111 1169 11B9;D3FE;1111 1169 11B9; # (í¾; í¾; 폾; í¾; 폾; ) HANGUL SYLLABLE POBS +D3FF;D3FF;1111 1169 11BA;D3FF;1111 1169 11BA; # (í¿; í¿; 폿; í¿; 폿; ) HANGUL SYLLABLE POS +D400;D400;1111 1169 11BB;D400;1111 1169 11BB; # (í€; í€; 퐀; í€; 퐀; ) HANGUL SYLLABLE POSS +D401;D401;1111 1169 11BC;D401;1111 1169 11BC; # (í; í; 퐁; í; 퐁; ) HANGUL SYLLABLE PONG +D402;D402;1111 1169 11BD;D402;1111 1169 11BD; # (í‚; í‚; 퐂; í‚; 퐂; ) HANGUL SYLLABLE POJ +D403;D403;1111 1169 11BE;D403;1111 1169 11BE; # (íƒ; íƒ; 퐃; íƒ; 퐃; ) HANGUL SYLLABLE POC +D404;D404;1111 1169 11BF;D404;1111 1169 11BF; # (í„; í„; 퐄; í„; 퐄; ) HANGUL SYLLABLE POK +D405;D405;1111 1169 11C0;D405;1111 1169 11C0; # (í…; í…; 퐅; í…; 퐅; ) HANGUL SYLLABLE POT +D406;D406;1111 1169 11C1;D406;1111 1169 11C1; # (í†; í†; á„‘á…©á‡; í†; á„‘á…©á‡; ) HANGUL SYLLABLE POP +D407;D407;1111 1169 11C2;D407;1111 1169 11C2; # (í‡; í‡; 퐇; í‡; 퐇; ) HANGUL SYLLABLE POH +D408;D408;1111 116A;D408;1111 116A; # (íˆ; íˆ; á„‘á…ª; íˆ; á„‘á…ª; ) HANGUL SYLLABLE PWA +D409;D409;1111 116A 11A8;D409;1111 116A 11A8; # (í‰; í‰; 퐉; í‰; 퐉; ) HANGUL SYLLABLE PWAG +D40A;D40A;1111 116A 11A9;D40A;1111 116A 11A9; # (íŠ; íŠ; 퐊; íŠ; 퐊; ) HANGUL SYLLABLE PWAGG +D40B;D40B;1111 116A 11AA;D40B;1111 116A 11AA; # (í‹; í‹; 퐋; í‹; 퐋; ) HANGUL SYLLABLE PWAGS +D40C;D40C;1111 116A 11AB;D40C;1111 116A 11AB; # (íŒ; íŒ; 퐌; íŒ; 퐌; ) HANGUL SYLLABLE PWAN +D40D;D40D;1111 116A 11AC;D40D;1111 116A 11AC; # (í; í; 퐍; í; 퐍; ) HANGUL SYLLABLE PWANJ +D40E;D40E;1111 116A 11AD;D40E;1111 116A 11AD; # (íŽ; íŽ; 퐎; íŽ; 퐎; ) HANGUL SYLLABLE PWANH +D40F;D40F;1111 116A 11AE;D40F;1111 116A 11AE; # (í; í; 퐏; í; 퐏; ) HANGUL SYLLABLE PWAD +D410;D410;1111 116A 11AF;D410;1111 116A 11AF; # (í; í; 퐐; í; 퐐; ) HANGUL SYLLABLE PWAL +D411;D411;1111 116A 11B0;D411;1111 116A 11B0; # (í‘; í‘; 퐑; í‘; 퐑; ) HANGUL SYLLABLE PWALG +D412;D412;1111 116A 11B1;D412;1111 116A 11B1; # (í’; í’; 퐒; í’; 퐒; ) HANGUL SYLLABLE PWALM +D413;D413;1111 116A 11B2;D413;1111 116A 11B2; # (í“; í“; 퐓; í“; 퐓; ) HANGUL SYLLABLE PWALB +D414;D414;1111 116A 11B3;D414;1111 116A 11B3; # (í”; í”; 퐔; í”; 퐔; ) HANGUL SYLLABLE PWALS +D415;D415;1111 116A 11B4;D415;1111 116A 11B4; # (í•; í•; 퐕; í•; 퐕; ) HANGUL SYLLABLE PWALT +D416;D416;1111 116A 11B5;D416;1111 116A 11B5; # (í–; í–; 퐖; í–; 퐖; ) HANGUL SYLLABLE PWALP +D417;D417;1111 116A 11B6;D417;1111 116A 11B6; # (í—; í—; 퐗; í—; 퐗; ) HANGUL SYLLABLE PWALH +D418;D418;1111 116A 11B7;D418;1111 116A 11B7; # (í˜; í˜; 퐘; í˜; 퐘; ) HANGUL SYLLABLE PWAM +D419;D419;1111 116A 11B8;D419;1111 116A 11B8; # (í™; í™; 퐙; í™; 퐙; ) HANGUL SYLLABLE PWAB +D41A;D41A;1111 116A 11B9;D41A;1111 116A 11B9; # (íš; íš; 퐚; íš; 퐚; ) HANGUL SYLLABLE PWABS +D41B;D41B;1111 116A 11BA;D41B;1111 116A 11BA; # (í›; í›; 퐛; í›; 퐛; ) HANGUL SYLLABLE PWAS +D41C;D41C;1111 116A 11BB;D41C;1111 116A 11BB; # (íœ; íœ; 퐜; íœ; 퐜; ) HANGUL SYLLABLE PWASS +D41D;D41D;1111 116A 11BC;D41D;1111 116A 11BC; # (í; í; 퐝; í; 퐝; ) HANGUL SYLLABLE PWANG +D41E;D41E;1111 116A 11BD;D41E;1111 116A 11BD; # (íž; íž; 퐞; íž; 퐞; ) HANGUL SYLLABLE PWAJ +D41F;D41F;1111 116A 11BE;D41F;1111 116A 11BE; # (íŸ; íŸ; 퐟; íŸ; 퐟; ) HANGUL SYLLABLE PWAC +D420;D420;1111 116A 11BF;D420;1111 116A 11BF; # (í ; í ; 퐠; í ; 퐠; ) HANGUL SYLLABLE PWAK +D421;D421;1111 116A 11C0;D421;1111 116A 11C0; # (í¡; í¡; 퐡; í¡; 퐡; ) HANGUL SYLLABLE PWAT +D422;D422;1111 116A 11C1;D422;1111 116A 11C1; # (í¢; í¢; á„‘á…ªá‡; í¢; á„‘á…ªá‡; ) HANGUL SYLLABLE PWAP +D423;D423;1111 116A 11C2;D423;1111 116A 11C2; # (í£; í£; 퐣; í£; 퐣; ) HANGUL SYLLABLE PWAH +D424;D424;1111 116B;D424;1111 116B; # (í¤; í¤; á„‘á…«; í¤; á„‘á…«; ) HANGUL SYLLABLE PWAE +D425;D425;1111 116B 11A8;D425;1111 116B 11A8; # (í¥; í¥; 퐥; í¥; 퐥; ) HANGUL SYLLABLE PWAEG +D426;D426;1111 116B 11A9;D426;1111 116B 11A9; # (í¦; í¦; 퐦; í¦; 퐦; ) HANGUL SYLLABLE PWAEGG +D427;D427;1111 116B 11AA;D427;1111 116B 11AA; # (í§; í§; 퐧; í§; 퐧; ) HANGUL SYLLABLE PWAEGS +D428;D428;1111 116B 11AB;D428;1111 116B 11AB; # (í¨; í¨; 퐨; í¨; 퐨; ) HANGUL SYLLABLE PWAEN +D429;D429;1111 116B 11AC;D429;1111 116B 11AC; # (í©; í©; 퐩; í©; 퐩; ) HANGUL SYLLABLE PWAENJ +D42A;D42A;1111 116B 11AD;D42A;1111 116B 11AD; # (íª; íª; 퐪; íª; 퐪; ) HANGUL SYLLABLE PWAENH +D42B;D42B;1111 116B 11AE;D42B;1111 116B 11AE; # (í«; í«; 퐫; í«; 퐫; ) HANGUL SYLLABLE PWAED +D42C;D42C;1111 116B 11AF;D42C;1111 116B 11AF; # (í¬; í¬; 퐬; í¬; 퐬; ) HANGUL SYLLABLE PWAEL +D42D;D42D;1111 116B 11B0;D42D;1111 116B 11B0; # (í­; í­; 퐭; í­; 퐭; ) HANGUL SYLLABLE PWAELG +D42E;D42E;1111 116B 11B1;D42E;1111 116B 11B1; # (í®; í®; 퐮; í®; 퐮; ) HANGUL SYLLABLE PWAELM +D42F;D42F;1111 116B 11B2;D42F;1111 116B 11B2; # (í¯; í¯; 퐯; í¯; 퐯; ) HANGUL SYLLABLE PWAELB +D430;D430;1111 116B 11B3;D430;1111 116B 11B3; # (í°; í°; 퐰; í°; 퐰; ) HANGUL SYLLABLE PWAELS +D431;D431;1111 116B 11B4;D431;1111 116B 11B4; # (í±; í±; 퐱; í±; 퐱; ) HANGUL SYLLABLE PWAELT +D432;D432;1111 116B 11B5;D432;1111 116B 11B5; # (í²; í²; 퐲; í²; 퐲; ) HANGUL SYLLABLE PWAELP +D433;D433;1111 116B 11B6;D433;1111 116B 11B6; # (í³; í³; 퐳; í³; 퐳; ) HANGUL SYLLABLE PWAELH +D434;D434;1111 116B 11B7;D434;1111 116B 11B7; # (í´; í´; 퐴; í´; 퐴; ) HANGUL SYLLABLE PWAEM +D435;D435;1111 116B 11B8;D435;1111 116B 11B8; # (íµ; íµ; 퐵; íµ; 퐵; ) HANGUL SYLLABLE PWAEB +D436;D436;1111 116B 11B9;D436;1111 116B 11B9; # (í¶; í¶; 퐶; í¶; 퐶; ) HANGUL SYLLABLE PWAEBS +D437;D437;1111 116B 11BA;D437;1111 116B 11BA; # (í·; í·; 퐷; í·; 퐷; ) HANGUL SYLLABLE PWAES +D438;D438;1111 116B 11BB;D438;1111 116B 11BB; # (í¸; í¸; 퐸; í¸; 퐸; ) HANGUL SYLLABLE PWAESS +D439;D439;1111 116B 11BC;D439;1111 116B 11BC; # (í¹; í¹; 퐹; í¹; 퐹; ) HANGUL SYLLABLE PWAENG +D43A;D43A;1111 116B 11BD;D43A;1111 116B 11BD; # (íº; íº; 퐺; íº; 퐺; ) HANGUL SYLLABLE PWAEJ +D43B;D43B;1111 116B 11BE;D43B;1111 116B 11BE; # (í»; í»; 퐻; í»; 퐻; ) HANGUL SYLLABLE PWAEC +D43C;D43C;1111 116B 11BF;D43C;1111 116B 11BF; # (í¼; í¼; 퐼; í¼; 퐼; ) HANGUL SYLLABLE PWAEK +D43D;D43D;1111 116B 11C0;D43D;1111 116B 11C0; # (í½; í½; 퐽; í½; 퐽; ) HANGUL SYLLABLE PWAET +D43E;D43E;1111 116B 11C1;D43E;1111 116B 11C1; # (í¾; í¾; á„‘á…«á‡; í¾; á„‘á…«á‡; ) HANGUL SYLLABLE PWAEP +D43F;D43F;1111 116B 11C2;D43F;1111 116B 11C2; # (í¿; í¿; 퐿; í¿; 퐿; ) HANGUL SYLLABLE PWAEH +D440;D440;1111 116C;D440;1111 116C; # (í‘€; í‘€; á„‘á…¬; í‘€; á„‘á…¬; ) HANGUL SYLLABLE POE +D441;D441;1111 116C 11A8;D441;1111 116C 11A8; # (í‘; í‘; 푁; í‘; 푁; ) HANGUL SYLLABLE POEG +D442;D442;1111 116C 11A9;D442;1111 116C 11A9; # (í‘‚; í‘‚; 푂; í‘‚; 푂; ) HANGUL SYLLABLE POEGG +D443;D443;1111 116C 11AA;D443;1111 116C 11AA; # (푃; 푃; 푃; 푃; 푃; ) HANGUL SYLLABLE POEGS +D444;D444;1111 116C 11AB;D444;1111 116C 11AB; # (í‘„; í‘„; 푄; í‘„; 푄; ) HANGUL SYLLABLE POEN +D445;D445;1111 116C 11AC;D445;1111 116C 11AC; # (í‘…; í‘…; 푅; í‘…; 푅; ) HANGUL SYLLABLE POENJ +D446;D446;1111 116C 11AD;D446;1111 116C 11AD; # (푆; 푆; 푆; 푆; 푆; ) HANGUL SYLLABLE POENH +D447;D447;1111 116C 11AE;D447;1111 116C 11AE; # (푇; 푇; 푇; 푇; 푇; ) HANGUL SYLLABLE POED +D448;D448;1111 116C 11AF;D448;1111 116C 11AF; # (푈; 푈; 푈; 푈; 푈; ) HANGUL SYLLABLE POEL +D449;D449;1111 116C 11B0;D449;1111 116C 11B0; # (푉; 푉; 푉; 푉; 푉; ) HANGUL SYLLABLE POELG +D44A;D44A;1111 116C 11B1;D44A;1111 116C 11B1; # (í‘Š; í‘Š; 푊; í‘Š; 푊; ) HANGUL SYLLABLE POELM +D44B;D44B;1111 116C 11B2;D44B;1111 116C 11B2; # (í‘‹; í‘‹; 푋; í‘‹; 푋; ) HANGUL SYLLABLE POELB +D44C;D44C;1111 116C 11B3;D44C;1111 116C 11B3; # (í‘Œ; í‘Œ; 푌; í‘Œ; 푌; ) HANGUL SYLLABLE POELS +D44D;D44D;1111 116C 11B4;D44D;1111 116C 11B4; # (í‘; í‘; 푍; í‘; 푍; ) HANGUL SYLLABLE POELT +D44E;D44E;1111 116C 11B5;D44E;1111 116C 11B5; # (í‘Ž; í‘Ž; 푎; í‘Ž; 푎; ) HANGUL SYLLABLE POELP +D44F;D44F;1111 116C 11B6;D44F;1111 116C 11B6; # (í‘; í‘; 푏; í‘; 푏; ) HANGUL SYLLABLE POELH +D450;D450;1111 116C 11B7;D450;1111 116C 11B7; # (í‘; í‘; 푐; í‘; 푐; ) HANGUL SYLLABLE POEM +D451;D451;1111 116C 11B8;D451;1111 116C 11B8; # (í‘‘; í‘‘; 푑; í‘‘; 푑; ) HANGUL SYLLABLE POEB +D452;D452;1111 116C 11B9;D452;1111 116C 11B9; # (í‘’; í‘’; 푒; í‘’; 푒; ) HANGUL SYLLABLE POEBS +D453;D453;1111 116C 11BA;D453;1111 116C 11BA; # (í‘“; í‘“; 푓; í‘“; 푓; ) HANGUL SYLLABLE POES +D454;D454;1111 116C 11BB;D454;1111 116C 11BB; # (í‘”; í‘”; 푔; í‘”; 푔; ) HANGUL SYLLABLE POESS +D455;D455;1111 116C 11BC;D455;1111 116C 11BC; # (í‘•; í‘•; 푕; í‘•; 푕; ) HANGUL SYLLABLE POENG +D456;D456;1111 116C 11BD;D456;1111 116C 11BD; # (í‘–; í‘–; 푖; í‘–; 푖; ) HANGUL SYLLABLE POEJ +D457;D457;1111 116C 11BE;D457;1111 116C 11BE; # (í‘—; í‘—; 푗; í‘—; 푗; ) HANGUL SYLLABLE POEC +D458;D458;1111 116C 11BF;D458;1111 116C 11BF; # (푘; 푘; 푘; 푘; 푘; ) HANGUL SYLLABLE POEK +D459;D459;1111 116C 11C0;D459;1111 116C 11C0; # (í‘™; í‘™; 푙; í‘™; 푙; ) HANGUL SYLLABLE POET +D45A;D45A;1111 116C 11C1;D45A;1111 116C 11C1; # (í‘š; í‘š; á„‘á…¬á‡; í‘š; á„‘á…¬á‡; ) HANGUL SYLLABLE POEP +D45B;D45B;1111 116C 11C2;D45B;1111 116C 11C2; # (í‘›; í‘›; 푛; í‘›; 푛; ) HANGUL SYLLABLE POEH +D45C;D45C;1111 116D;D45C;1111 116D; # (í‘œ; í‘œ; á„‘á…­; í‘œ; á„‘á…­; ) HANGUL SYLLABLE PYO +D45D;D45D;1111 116D 11A8;D45D;1111 116D 11A8; # (í‘; í‘; 푝; í‘; 푝; ) HANGUL SYLLABLE PYOG +D45E;D45E;1111 116D 11A9;D45E;1111 116D 11A9; # (í‘ž; í‘ž; 푞; í‘ž; 푞; ) HANGUL SYLLABLE PYOGG +D45F;D45F;1111 116D 11AA;D45F;1111 116D 11AA; # (í‘Ÿ; í‘Ÿ; 푟; í‘Ÿ; 푟; ) HANGUL SYLLABLE PYOGS +D460;D460;1111 116D 11AB;D460;1111 116D 11AB; # (í‘ ; í‘ ; 푠; í‘ ; 푠; ) HANGUL SYLLABLE PYON +D461;D461;1111 116D 11AC;D461;1111 116D 11AC; # (í‘¡; í‘¡; 푡; í‘¡; 푡; ) HANGUL SYLLABLE PYONJ +D462;D462;1111 116D 11AD;D462;1111 116D 11AD; # (í‘¢; í‘¢; 푢; í‘¢; 푢; ) HANGUL SYLLABLE PYONH +D463;D463;1111 116D 11AE;D463;1111 116D 11AE; # (í‘£; í‘£; 푣; í‘£; 푣; ) HANGUL SYLLABLE PYOD +D464;D464;1111 116D 11AF;D464;1111 116D 11AF; # (푤; 푤; 푤; 푤; 푤; ) HANGUL SYLLABLE PYOL +D465;D465;1111 116D 11B0;D465;1111 116D 11B0; # (í‘¥; í‘¥; 푥; í‘¥; 푥; ) HANGUL SYLLABLE PYOLG +D466;D466;1111 116D 11B1;D466;1111 116D 11B1; # (푦; 푦; 푦; 푦; 푦; ) HANGUL SYLLABLE PYOLM +D467;D467;1111 116D 11B2;D467;1111 116D 11B2; # (푧; 푧; 푧; 푧; 푧; ) HANGUL SYLLABLE PYOLB +D468;D468;1111 116D 11B3;D468;1111 116D 11B3; # (푨; 푨; 푨; 푨; 푨; ) HANGUL SYLLABLE PYOLS +D469;D469;1111 116D 11B4;D469;1111 116D 11B4; # (í‘©; í‘©; 푩; í‘©; 푩; ) HANGUL SYLLABLE PYOLT +D46A;D46A;1111 116D 11B5;D46A;1111 116D 11B5; # (푪; 푪; 푪; 푪; 푪; ) HANGUL SYLLABLE PYOLP +D46B;D46B;1111 116D 11B6;D46B;1111 116D 11B6; # (í‘«; í‘«; 푫; í‘«; 푫; ) HANGUL SYLLABLE PYOLH +D46C;D46C;1111 116D 11B7;D46C;1111 116D 11B7; # (푬; 푬; 푬; 푬; 푬; ) HANGUL SYLLABLE PYOM +D46D;D46D;1111 116D 11B8;D46D;1111 116D 11B8; # (í‘­; í‘­; 푭; í‘­; 푭; ) HANGUL SYLLABLE PYOB +D46E;D46E;1111 116D 11B9;D46E;1111 116D 11B9; # (í‘®; í‘®; 푮; í‘®; 푮; ) HANGUL SYLLABLE PYOBS +D46F;D46F;1111 116D 11BA;D46F;1111 116D 11BA; # (푯; 푯; 푯; 푯; 푯; ) HANGUL SYLLABLE PYOS +D470;D470;1111 116D 11BB;D470;1111 116D 11BB; # (í‘°; í‘°; 푰; í‘°; 푰; ) HANGUL SYLLABLE PYOSS +D471;D471;1111 116D 11BC;D471;1111 116D 11BC; # (푱; 푱; 푱; 푱; 푱; ) HANGUL SYLLABLE PYONG +D472;D472;1111 116D 11BD;D472;1111 116D 11BD; # (푲; 푲; 푲; 푲; 푲; ) HANGUL SYLLABLE PYOJ +D473;D473;1111 116D 11BE;D473;1111 116D 11BE; # (푳; 푳; 푳; 푳; 푳; ) HANGUL SYLLABLE PYOC +D474;D474;1111 116D 11BF;D474;1111 116D 11BF; # (í‘´; í‘´; 푴; í‘´; 푴; ) HANGUL SYLLABLE PYOK +D475;D475;1111 116D 11C0;D475;1111 116D 11C0; # (푵; 푵; 푵; 푵; 푵; ) HANGUL SYLLABLE PYOT +D476;D476;1111 116D 11C1;D476;1111 116D 11C1; # (푶; 푶; á„‘á…­á‡; 푶; á„‘á…­á‡; ) HANGUL SYLLABLE PYOP +D477;D477;1111 116D 11C2;D477;1111 116D 11C2; # (í‘·; í‘·; 푷; í‘·; 푷; ) HANGUL SYLLABLE PYOH +D478;D478;1111 116E;D478;1111 116E; # (푸; 푸; á„‘á…®; 푸; á„‘á…®; ) HANGUL SYLLABLE PU +D479;D479;1111 116E 11A8;D479;1111 116E 11A8; # (푹; 푹; 푹; 푹; 푹; ) HANGUL SYLLABLE PUG +D47A;D47A;1111 116E 11A9;D47A;1111 116E 11A9; # (푺; 푺; 푺; 푺; 푺; ) HANGUL SYLLABLE PUGG +D47B;D47B;1111 116E 11AA;D47B;1111 116E 11AA; # (í‘»; í‘»; 푻; í‘»; 푻; ) HANGUL SYLLABLE PUGS +D47C;D47C;1111 116E 11AB;D47C;1111 116E 11AB; # (푼; 푼; 푼; 푼; 푼; ) HANGUL SYLLABLE PUN +D47D;D47D;1111 116E 11AC;D47D;1111 116E 11AC; # (푽; 푽; 푽; 푽; 푽; ) HANGUL SYLLABLE PUNJ +D47E;D47E;1111 116E 11AD;D47E;1111 116E 11AD; # (푾; 푾; 푾; 푾; 푾; ) HANGUL SYLLABLE PUNH +D47F;D47F;1111 116E 11AE;D47F;1111 116E 11AE; # (í‘¿; í‘¿; 푿; í‘¿; 푿; ) HANGUL SYLLABLE PUD +D480;D480;1111 116E 11AF;D480;1111 116E 11AF; # (í’€; í’€; 풀; í’€; 풀; ) HANGUL SYLLABLE PUL +D481;D481;1111 116E 11B0;D481;1111 116E 11B0; # (í’; í’; 풁; í’; 풁; ) HANGUL SYLLABLE PULG +D482;D482;1111 116E 11B1;D482;1111 116E 11B1; # (í’‚; í’‚; 풂; í’‚; 풂; ) HANGUL SYLLABLE PULM +D483;D483;1111 116E 11B2;D483;1111 116E 11B2; # (í’ƒ; í’ƒ; 풃; í’ƒ; 풃; ) HANGUL SYLLABLE PULB +D484;D484;1111 116E 11B3;D484;1111 116E 11B3; # (í’„; í’„; 풄; í’„; 풄; ) HANGUL SYLLABLE PULS +D485;D485;1111 116E 11B4;D485;1111 116E 11B4; # (í’…; í’…; 풅; í’…; 풅; ) HANGUL SYLLABLE PULT +D486;D486;1111 116E 11B5;D486;1111 116E 11B5; # (í’†; í’†; 풆; í’†; 풆; ) HANGUL SYLLABLE PULP +D487;D487;1111 116E 11B6;D487;1111 116E 11B6; # (í’‡; í’‡; 풇; í’‡; 풇; ) HANGUL SYLLABLE PULH +D488;D488;1111 116E 11B7;D488;1111 116E 11B7; # (í’ˆ; í’ˆ; 품; í’ˆ; 품; ) HANGUL SYLLABLE PUM +D489;D489;1111 116E 11B8;D489;1111 116E 11B8; # (í’‰; í’‰; 풉; í’‰; 풉; ) HANGUL SYLLABLE PUB +D48A;D48A;1111 116E 11B9;D48A;1111 116E 11B9; # (í’Š; í’Š; 풊; í’Š; 풊; ) HANGUL SYLLABLE PUBS +D48B;D48B;1111 116E 11BA;D48B;1111 116E 11BA; # (í’‹; í’‹; 풋; í’‹; 풋; ) HANGUL SYLLABLE PUS +D48C;D48C;1111 116E 11BB;D48C;1111 116E 11BB; # (í’Œ; í’Œ; 풌; í’Œ; 풌; ) HANGUL SYLLABLE PUSS +D48D;D48D;1111 116E 11BC;D48D;1111 116E 11BC; # (í’; í’; 풍; í’; 풍; ) HANGUL SYLLABLE PUNG +D48E;D48E;1111 116E 11BD;D48E;1111 116E 11BD; # (í’Ž; í’Ž; 풎; í’Ž; 풎; ) HANGUL SYLLABLE PUJ +D48F;D48F;1111 116E 11BE;D48F;1111 116E 11BE; # (í’; í’; 풏; í’; 풏; ) HANGUL SYLLABLE PUC +D490;D490;1111 116E 11BF;D490;1111 116E 11BF; # (í’; í’; 풐; í’; 풐; ) HANGUL SYLLABLE PUK +D491;D491;1111 116E 11C0;D491;1111 116E 11C0; # (í’‘; í’‘; 풑; í’‘; 풑; ) HANGUL SYLLABLE PUT +D492;D492;1111 116E 11C1;D492;1111 116E 11C1; # (í’’; í’’; á„‘á…®á‡; í’’; á„‘á…®á‡; ) HANGUL SYLLABLE PUP +D493;D493;1111 116E 11C2;D493;1111 116E 11C2; # (í’“; í’“; 풓; í’“; 풓; ) HANGUL SYLLABLE PUH +D494;D494;1111 116F;D494;1111 116F; # (í’”; í’”; á„‘á…¯; í’”; á„‘á…¯; ) HANGUL SYLLABLE PWEO +D495;D495;1111 116F 11A8;D495;1111 116F 11A8; # (í’•; í’•; 풕; í’•; 풕; ) HANGUL SYLLABLE PWEOG +D496;D496;1111 116F 11A9;D496;1111 116F 11A9; # (í’–; í’–; 풖; í’–; 풖; ) HANGUL SYLLABLE PWEOGG +D497;D497;1111 116F 11AA;D497;1111 116F 11AA; # (í’—; í’—; 풗; í’—; 풗; ) HANGUL SYLLABLE PWEOGS +D498;D498;1111 116F 11AB;D498;1111 116F 11AB; # (í’˜; í’˜; 풘; í’˜; 풘; ) HANGUL SYLLABLE PWEON +D499;D499;1111 116F 11AC;D499;1111 116F 11AC; # (í’™; í’™; 풙; í’™; 풙; ) HANGUL SYLLABLE PWEONJ +D49A;D49A;1111 116F 11AD;D49A;1111 116F 11AD; # (í’š; í’š; 풚; í’š; 풚; ) HANGUL SYLLABLE PWEONH +D49B;D49B;1111 116F 11AE;D49B;1111 116F 11AE; # (í’›; í’›; 풛; í’›; 풛; ) HANGUL SYLLABLE PWEOD +D49C;D49C;1111 116F 11AF;D49C;1111 116F 11AF; # (í’œ; í’œ; 풜; í’œ; 풜; ) HANGUL SYLLABLE PWEOL +D49D;D49D;1111 116F 11B0;D49D;1111 116F 11B0; # (í’; í’; 풝; í’; 풝; ) HANGUL SYLLABLE PWEOLG +D49E;D49E;1111 116F 11B1;D49E;1111 116F 11B1; # (í’ž; í’ž; 풞; í’ž; 풞; ) HANGUL SYLLABLE PWEOLM +D49F;D49F;1111 116F 11B2;D49F;1111 116F 11B2; # (í’Ÿ; í’Ÿ; 풟; í’Ÿ; 풟; ) HANGUL SYLLABLE PWEOLB +D4A0;D4A0;1111 116F 11B3;D4A0;1111 116F 11B3; # (í’ ; í’ ; 풠; í’ ; 풠; ) HANGUL SYLLABLE PWEOLS +D4A1;D4A1;1111 116F 11B4;D4A1;1111 116F 11B4; # (í’¡; í’¡; 풡; í’¡; 풡; ) HANGUL SYLLABLE PWEOLT +D4A2;D4A2;1111 116F 11B5;D4A2;1111 116F 11B5; # (í’¢; í’¢; 풢; í’¢; 풢; ) HANGUL SYLLABLE PWEOLP +D4A3;D4A3;1111 116F 11B6;D4A3;1111 116F 11B6; # (í’£; í’£; 풣; í’£; 풣; ) HANGUL SYLLABLE PWEOLH +D4A4;D4A4;1111 116F 11B7;D4A4;1111 116F 11B7; # (í’¤; í’¤; 풤; í’¤; 풤; ) HANGUL SYLLABLE PWEOM +D4A5;D4A5;1111 116F 11B8;D4A5;1111 116F 11B8; # (í’¥; í’¥; 풥; í’¥; 풥; ) HANGUL SYLLABLE PWEOB +D4A6;D4A6;1111 116F 11B9;D4A6;1111 116F 11B9; # (í’¦; í’¦; 풦; í’¦; 풦; ) HANGUL SYLLABLE PWEOBS +D4A7;D4A7;1111 116F 11BA;D4A7;1111 116F 11BA; # (í’§; í’§; 풧; í’§; 풧; ) HANGUL SYLLABLE PWEOS +D4A8;D4A8;1111 116F 11BB;D4A8;1111 116F 11BB; # (í’¨; í’¨; 풨; í’¨; 풨; ) HANGUL SYLLABLE PWEOSS +D4A9;D4A9;1111 116F 11BC;D4A9;1111 116F 11BC; # (í’©; í’©; 풩; í’©; 풩; ) HANGUL SYLLABLE PWEONG +D4AA;D4AA;1111 116F 11BD;D4AA;1111 116F 11BD; # (í’ª; í’ª; 풪; í’ª; 풪; ) HANGUL SYLLABLE PWEOJ +D4AB;D4AB;1111 116F 11BE;D4AB;1111 116F 11BE; # (í’«; í’«; 풫; í’«; 풫; ) HANGUL SYLLABLE PWEOC +D4AC;D4AC;1111 116F 11BF;D4AC;1111 116F 11BF; # (í’¬; í’¬; 풬; í’¬; 풬; ) HANGUL SYLLABLE PWEOK +D4AD;D4AD;1111 116F 11C0;D4AD;1111 116F 11C0; # (í’­; í’­; 풭; í’­; 풭; ) HANGUL SYLLABLE PWEOT +D4AE;D4AE;1111 116F 11C1;D4AE;1111 116F 11C1; # (í’®; í’®; á„‘á…¯á‡; í’®; á„‘á…¯á‡; ) HANGUL SYLLABLE PWEOP +D4AF;D4AF;1111 116F 11C2;D4AF;1111 116F 11C2; # (í’¯; í’¯; 풯; í’¯; 풯; ) HANGUL SYLLABLE PWEOH +D4B0;D4B0;1111 1170;D4B0;1111 1170; # (í’°; í’°; á„‘á…°; í’°; á„‘á…°; ) HANGUL SYLLABLE PWE +D4B1;D4B1;1111 1170 11A8;D4B1;1111 1170 11A8; # (í’±; í’±; 풱; í’±; 풱; ) HANGUL SYLLABLE PWEG +D4B2;D4B2;1111 1170 11A9;D4B2;1111 1170 11A9; # (í’²; í’²; 풲; í’²; 풲; ) HANGUL SYLLABLE PWEGG +D4B3;D4B3;1111 1170 11AA;D4B3;1111 1170 11AA; # (í’³; í’³; 풳; í’³; 풳; ) HANGUL SYLLABLE PWEGS +D4B4;D4B4;1111 1170 11AB;D4B4;1111 1170 11AB; # (í’´; í’´; 풴; í’´; 풴; ) HANGUL SYLLABLE PWEN +D4B5;D4B5;1111 1170 11AC;D4B5;1111 1170 11AC; # (í’µ; í’µ; 풵; í’µ; 풵; ) HANGUL SYLLABLE PWENJ +D4B6;D4B6;1111 1170 11AD;D4B6;1111 1170 11AD; # (í’¶; í’¶; 풶; í’¶; 풶; ) HANGUL SYLLABLE PWENH +D4B7;D4B7;1111 1170 11AE;D4B7;1111 1170 11AE; # (í’·; í’·; 풷; í’·; 풷; ) HANGUL SYLLABLE PWED +D4B8;D4B8;1111 1170 11AF;D4B8;1111 1170 11AF; # (í’¸; í’¸; 풸; í’¸; 풸; ) HANGUL SYLLABLE PWEL +D4B9;D4B9;1111 1170 11B0;D4B9;1111 1170 11B0; # (í’¹; í’¹; 풹; í’¹; 풹; ) HANGUL SYLLABLE PWELG +D4BA;D4BA;1111 1170 11B1;D4BA;1111 1170 11B1; # (í’º; í’º; 풺; í’º; 풺; ) HANGUL SYLLABLE PWELM +D4BB;D4BB;1111 1170 11B2;D4BB;1111 1170 11B2; # (í’»; í’»; 풻; í’»; 풻; ) HANGUL SYLLABLE PWELB +D4BC;D4BC;1111 1170 11B3;D4BC;1111 1170 11B3; # (í’¼; í’¼; 풼; í’¼; 풼; ) HANGUL SYLLABLE PWELS +D4BD;D4BD;1111 1170 11B4;D4BD;1111 1170 11B4; # (í’½; í’½; 풽; í’½; 풽; ) HANGUL SYLLABLE PWELT +D4BE;D4BE;1111 1170 11B5;D4BE;1111 1170 11B5; # (í’¾; í’¾; 풾; í’¾; 풾; ) HANGUL SYLLABLE PWELP +D4BF;D4BF;1111 1170 11B6;D4BF;1111 1170 11B6; # (í’¿; í’¿; 풿; í’¿; 풿; ) HANGUL SYLLABLE PWELH +D4C0;D4C0;1111 1170 11B7;D4C0;1111 1170 11B7; # (í“€; í“€; 퓀; í“€; 퓀; ) HANGUL SYLLABLE PWEM +D4C1;D4C1;1111 1170 11B8;D4C1;1111 1170 11B8; # (í“; í“; 퓁; í“; 퓁; ) HANGUL SYLLABLE PWEB +D4C2;D4C2;1111 1170 11B9;D4C2;1111 1170 11B9; # (í“‚; í“‚; 퓂; í“‚; 퓂; ) HANGUL SYLLABLE PWEBS +D4C3;D4C3;1111 1170 11BA;D4C3;1111 1170 11BA; # (퓃; 퓃; 퓃; 퓃; 퓃; ) HANGUL SYLLABLE PWES +D4C4;D4C4;1111 1170 11BB;D4C4;1111 1170 11BB; # (í“„; í“„; 퓄; í“„; 퓄; ) HANGUL SYLLABLE PWESS +D4C5;D4C5;1111 1170 11BC;D4C5;1111 1170 11BC; # (í“…; í“…; 퓅; í“…; 퓅; ) HANGUL SYLLABLE PWENG +D4C6;D4C6;1111 1170 11BD;D4C6;1111 1170 11BD; # (퓆; 퓆; 퓆; 퓆; 퓆; ) HANGUL SYLLABLE PWEJ +D4C7;D4C7;1111 1170 11BE;D4C7;1111 1170 11BE; # (퓇; 퓇; 퓇; 퓇; 퓇; ) HANGUL SYLLABLE PWEC +D4C8;D4C8;1111 1170 11BF;D4C8;1111 1170 11BF; # (퓈; 퓈; 퓈; 퓈; 퓈; ) HANGUL SYLLABLE PWEK +D4C9;D4C9;1111 1170 11C0;D4C9;1111 1170 11C0; # (퓉; 퓉; 퓉; 퓉; 퓉; ) HANGUL SYLLABLE PWET +D4CA;D4CA;1111 1170 11C1;D4CA;1111 1170 11C1; # (í“Š; í“Š; á„‘á…°á‡; í“Š; á„‘á…°á‡; ) HANGUL SYLLABLE PWEP +D4CB;D4CB;1111 1170 11C2;D4CB;1111 1170 11C2; # (í“‹; í“‹; 퓋; í“‹; 퓋; ) HANGUL SYLLABLE PWEH +D4CC;D4CC;1111 1171;D4CC;1111 1171; # (í“Œ; í“Œ; á„‘á…±; í“Œ; á„‘á…±; ) HANGUL SYLLABLE PWI +D4CD;D4CD;1111 1171 11A8;D4CD;1111 1171 11A8; # (í“; í“; 퓍; í“; 퓍; ) HANGUL SYLLABLE PWIG +D4CE;D4CE;1111 1171 11A9;D4CE;1111 1171 11A9; # (í“Ž; í“Ž; 퓎; í“Ž; 퓎; ) HANGUL SYLLABLE PWIGG +D4CF;D4CF;1111 1171 11AA;D4CF;1111 1171 11AA; # (í“; í“; 퓏; í“; 퓏; ) HANGUL SYLLABLE PWIGS +D4D0;D4D0;1111 1171 11AB;D4D0;1111 1171 11AB; # (í“; í“; 퓐; í“; 퓐; ) HANGUL SYLLABLE PWIN +D4D1;D4D1;1111 1171 11AC;D4D1;1111 1171 11AC; # (í“‘; í“‘; 퓑; í“‘; 퓑; ) HANGUL SYLLABLE PWINJ +D4D2;D4D2;1111 1171 11AD;D4D2;1111 1171 11AD; # (í“’; í“’; 퓒; í“’; 퓒; ) HANGUL SYLLABLE PWINH +D4D3;D4D3;1111 1171 11AE;D4D3;1111 1171 11AE; # (í““; í““; 퓓; í““; 퓓; ) HANGUL SYLLABLE PWID +D4D4;D4D4;1111 1171 11AF;D4D4;1111 1171 11AF; # (í“”; í“”; 퓔; í“”; 퓔; ) HANGUL SYLLABLE PWIL +D4D5;D4D5;1111 1171 11B0;D4D5;1111 1171 11B0; # (í“•; í“•; 퓕; í“•; 퓕; ) HANGUL SYLLABLE PWILG +D4D6;D4D6;1111 1171 11B1;D4D6;1111 1171 11B1; # (í“–; í“–; 퓖; í“–; 퓖; ) HANGUL SYLLABLE PWILM +D4D7;D4D7;1111 1171 11B2;D4D7;1111 1171 11B2; # (í“—; í“—; 퓗; í“—; 퓗; ) HANGUL SYLLABLE PWILB +D4D8;D4D8;1111 1171 11B3;D4D8;1111 1171 11B3; # (퓘; 퓘; 퓘; 퓘; 퓘; ) HANGUL SYLLABLE PWILS +D4D9;D4D9;1111 1171 11B4;D4D9;1111 1171 11B4; # (í“™; í“™; 퓙; í“™; 퓙; ) HANGUL SYLLABLE PWILT +D4DA;D4DA;1111 1171 11B5;D4DA;1111 1171 11B5; # (í“š; í“š; 퓚; í“š; 퓚; ) HANGUL SYLLABLE PWILP +D4DB;D4DB;1111 1171 11B6;D4DB;1111 1171 11B6; # (í“›; í“›; 퓛; í“›; 퓛; ) HANGUL SYLLABLE PWILH +D4DC;D4DC;1111 1171 11B7;D4DC;1111 1171 11B7; # (í“œ; í“œ; 퓜; í“œ; 퓜; ) HANGUL SYLLABLE PWIM +D4DD;D4DD;1111 1171 11B8;D4DD;1111 1171 11B8; # (í“; í“; 퓝; í“; 퓝; ) HANGUL SYLLABLE PWIB +D4DE;D4DE;1111 1171 11B9;D4DE;1111 1171 11B9; # (í“ž; í“ž; 퓞; í“ž; 퓞; ) HANGUL SYLLABLE PWIBS +D4DF;D4DF;1111 1171 11BA;D4DF;1111 1171 11BA; # (í“Ÿ; í“Ÿ; 퓟; í“Ÿ; 퓟; ) HANGUL SYLLABLE PWIS +D4E0;D4E0;1111 1171 11BB;D4E0;1111 1171 11BB; # (í“ ; í“ ; 퓠; í“ ; 퓠; ) HANGUL SYLLABLE PWISS +D4E1;D4E1;1111 1171 11BC;D4E1;1111 1171 11BC; # (í“¡; í“¡; 퓡; í“¡; 퓡; ) HANGUL SYLLABLE PWING +D4E2;D4E2;1111 1171 11BD;D4E2;1111 1171 11BD; # (í“¢; í“¢; 퓢; í“¢; 퓢; ) HANGUL SYLLABLE PWIJ +D4E3;D4E3;1111 1171 11BE;D4E3;1111 1171 11BE; # (í“£; í“£; 퓣; í“£; 퓣; ) HANGUL SYLLABLE PWIC +D4E4;D4E4;1111 1171 11BF;D4E4;1111 1171 11BF; # (퓤; 퓤; 퓤; 퓤; 퓤; ) HANGUL SYLLABLE PWIK +D4E5;D4E5;1111 1171 11C0;D4E5;1111 1171 11C0; # (í“¥; í“¥; 퓥; í“¥; 퓥; ) HANGUL SYLLABLE PWIT +D4E6;D4E6;1111 1171 11C1;D4E6;1111 1171 11C1; # (퓦; 퓦; á„‘á…±á‡; 퓦; á„‘á…±á‡; ) HANGUL SYLLABLE PWIP +D4E7;D4E7;1111 1171 11C2;D4E7;1111 1171 11C2; # (퓧; 퓧; 퓧; 퓧; 퓧; ) HANGUL SYLLABLE PWIH +D4E8;D4E8;1111 1172;D4E8;1111 1172; # (퓨; 퓨; á„‘á…²; 퓨; á„‘á…²; ) HANGUL SYLLABLE PYU +D4E9;D4E9;1111 1172 11A8;D4E9;1111 1172 11A8; # (í“©; í“©; 퓩; í“©; 퓩; ) HANGUL SYLLABLE PYUG +D4EA;D4EA;1111 1172 11A9;D4EA;1111 1172 11A9; # (퓪; 퓪; 퓪; 퓪; 퓪; ) HANGUL SYLLABLE PYUGG +D4EB;D4EB;1111 1172 11AA;D4EB;1111 1172 11AA; # (í“«; í“«; 퓫; í“«; 퓫; ) HANGUL SYLLABLE PYUGS +D4EC;D4EC;1111 1172 11AB;D4EC;1111 1172 11AB; # (퓬; 퓬; 퓬; 퓬; 퓬; ) HANGUL SYLLABLE PYUN +D4ED;D4ED;1111 1172 11AC;D4ED;1111 1172 11AC; # (í“­; í“­; 퓭; í“­; 퓭; ) HANGUL SYLLABLE PYUNJ +D4EE;D4EE;1111 1172 11AD;D4EE;1111 1172 11AD; # (í“®; í“®; 퓮; í“®; 퓮; ) HANGUL SYLLABLE PYUNH +D4EF;D4EF;1111 1172 11AE;D4EF;1111 1172 11AE; # (퓯; 퓯; 퓯; 퓯; 퓯; ) HANGUL SYLLABLE PYUD +D4F0;D4F0;1111 1172 11AF;D4F0;1111 1172 11AF; # (í“°; í“°; 퓰; í“°; 퓰; ) HANGUL SYLLABLE PYUL +D4F1;D4F1;1111 1172 11B0;D4F1;1111 1172 11B0; # (퓱; 퓱; 퓱; 퓱; 퓱; ) HANGUL SYLLABLE PYULG +D4F2;D4F2;1111 1172 11B1;D4F2;1111 1172 11B1; # (퓲; 퓲; 퓲; 퓲; 퓲; ) HANGUL SYLLABLE PYULM +D4F3;D4F3;1111 1172 11B2;D4F3;1111 1172 11B2; # (퓳; 퓳; 퓳; 퓳; 퓳; ) HANGUL SYLLABLE PYULB +D4F4;D4F4;1111 1172 11B3;D4F4;1111 1172 11B3; # (í“´; í“´; 퓴; í“´; 퓴; ) HANGUL SYLLABLE PYULS +D4F5;D4F5;1111 1172 11B4;D4F5;1111 1172 11B4; # (퓵; 퓵; 퓵; 퓵; 퓵; ) HANGUL SYLLABLE PYULT +D4F6;D4F6;1111 1172 11B5;D4F6;1111 1172 11B5; # (퓶; 퓶; 퓶; 퓶; 퓶; ) HANGUL SYLLABLE PYULP +D4F7;D4F7;1111 1172 11B6;D4F7;1111 1172 11B6; # (í“·; í“·; 퓷; í“·; 퓷; ) HANGUL SYLLABLE PYULH +D4F8;D4F8;1111 1172 11B7;D4F8;1111 1172 11B7; # (퓸; 퓸; 퓸; 퓸; 퓸; ) HANGUL SYLLABLE PYUM +D4F9;D4F9;1111 1172 11B8;D4F9;1111 1172 11B8; # (퓹; 퓹; 퓹; 퓹; 퓹; ) HANGUL SYLLABLE PYUB +D4FA;D4FA;1111 1172 11B9;D4FA;1111 1172 11B9; # (퓺; 퓺; 퓺; 퓺; 퓺; ) HANGUL SYLLABLE PYUBS +D4FB;D4FB;1111 1172 11BA;D4FB;1111 1172 11BA; # (í“»; í“»; 퓻; í“»; 퓻; ) HANGUL SYLLABLE PYUS +D4FC;D4FC;1111 1172 11BB;D4FC;1111 1172 11BB; # (퓼; 퓼; 퓼; 퓼; 퓼; ) HANGUL SYLLABLE PYUSS +D4FD;D4FD;1111 1172 11BC;D4FD;1111 1172 11BC; # (퓽; 퓽; 퓽; 퓽; 퓽; ) HANGUL SYLLABLE PYUNG +D4FE;D4FE;1111 1172 11BD;D4FE;1111 1172 11BD; # (퓾; 퓾; 퓾; 퓾; 퓾; ) HANGUL SYLLABLE PYUJ +D4FF;D4FF;1111 1172 11BE;D4FF;1111 1172 11BE; # (í“¿; í“¿; 퓿; í“¿; 퓿; ) HANGUL SYLLABLE PYUC +D500;D500;1111 1172 11BF;D500;1111 1172 11BF; # (픀; 픀; 픀; 픀; 픀; ) HANGUL SYLLABLE PYUK +D501;D501;1111 1172 11C0;D501;1111 1172 11C0; # (í”; í”; 픁; í”; 픁; ) HANGUL SYLLABLE PYUT +D502;D502;1111 1172 11C1;D502;1111 1172 11C1; # (픂; 픂; á„‘á…²á‡; 픂; á„‘á…²á‡; ) HANGUL SYLLABLE PYUP +D503;D503;1111 1172 11C2;D503;1111 1172 11C2; # (픃; 픃; 픃; 픃; 픃; ) HANGUL SYLLABLE PYUH +D504;D504;1111 1173;D504;1111 1173; # (프; 프; á„‘á…³; 프; á„‘á…³; ) HANGUL SYLLABLE PEU +D505;D505;1111 1173 11A8;D505;1111 1173 11A8; # (í”…; í”…; 픅; í”…; 픅; ) HANGUL SYLLABLE PEUG +D506;D506;1111 1173 11A9;D506;1111 1173 11A9; # (픆; 픆; 픆; 픆; 픆; ) HANGUL SYLLABLE PEUGG +D507;D507;1111 1173 11AA;D507;1111 1173 11AA; # (픇; 픇; 픇; 픇; 픇; ) HANGUL SYLLABLE PEUGS +D508;D508;1111 1173 11AB;D508;1111 1173 11AB; # (픈; 픈; 픈; 픈; 픈; ) HANGUL SYLLABLE PEUN +D509;D509;1111 1173 11AC;D509;1111 1173 11AC; # (픉; 픉; 픉; 픉; 픉; ) HANGUL SYLLABLE PEUNJ +D50A;D50A;1111 1173 11AD;D50A;1111 1173 11AD; # (픊; 픊; 픊; 픊; 픊; ) HANGUL SYLLABLE PEUNH +D50B;D50B;1111 1173 11AE;D50B;1111 1173 11AE; # (픋; 픋; 픋; 픋; 픋; ) HANGUL SYLLABLE PEUD +D50C;D50C;1111 1173 11AF;D50C;1111 1173 11AF; # (플; 플; 플; 플; 플; ) HANGUL SYLLABLE PEUL +D50D;D50D;1111 1173 11B0;D50D;1111 1173 11B0; # (í”; í”; 픍; í”; 픍; ) HANGUL SYLLABLE PEULG +D50E;D50E;1111 1173 11B1;D50E;1111 1173 11B1; # (픎; 픎; 픎; 픎; 픎; ) HANGUL SYLLABLE PEULM +D50F;D50F;1111 1173 11B2;D50F;1111 1173 11B2; # (í”; í”; 픏; í”; 픏; ) HANGUL SYLLABLE PEULB +D510;D510;1111 1173 11B3;D510;1111 1173 11B3; # (í”; í”; 픐; í”; 픐; ) HANGUL SYLLABLE PEULS +D511;D511;1111 1173 11B4;D511;1111 1173 11B4; # (픑; 픑; 픑; 픑; 픑; ) HANGUL SYLLABLE PEULT +D512;D512;1111 1173 11B5;D512;1111 1173 11B5; # (í”’; í”’; 픒; í”’; 픒; ) HANGUL SYLLABLE PEULP +D513;D513;1111 1173 11B6;D513;1111 1173 11B6; # (픓; 픓; 픓; 픓; 픓; ) HANGUL SYLLABLE PEULH +D514;D514;1111 1173 11B7;D514;1111 1173 11B7; # (í””; í””; 픔; í””; 픔; ) HANGUL SYLLABLE PEUM +D515;D515;1111 1173 11B8;D515;1111 1173 11B8; # (픕; 픕; 픕; 픕; 픕; ) HANGUL SYLLABLE PEUB +D516;D516;1111 1173 11B9;D516;1111 1173 11B9; # (í”–; í”–; 픖; í”–; 픖; ) HANGUL SYLLABLE PEUBS +D517;D517;1111 1173 11BA;D517;1111 1173 11BA; # (í”—; í”—; 픗; í”—; 픗; ) HANGUL SYLLABLE PEUS +D518;D518;1111 1173 11BB;D518;1111 1173 11BB; # (픘; 픘; 픘; 픘; 픘; ) HANGUL SYLLABLE PEUSS +D519;D519;1111 1173 11BC;D519;1111 1173 11BC; # (í”™; í”™; 픙; í”™; 픙; ) HANGUL SYLLABLE PEUNG +D51A;D51A;1111 1173 11BD;D51A;1111 1173 11BD; # (픚; 픚; 픚; 픚; 픚; ) HANGUL SYLLABLE PEUJ +D51B;D51B;1111 1173 11BE;D51B;1111 1173 11BE; # (í”›; í”›; 픛; í”›; 픛; ) HANGUL SYLLABLE PEUC +D51C;D51C;1111 1173 11BF;D51C;1111 1173 11BF; # (픜; 픜; 픜; 픜; 픜; ) HANGUL SYLLABLE PEUK +D51D;D51D;1111 1173 11C0;D51D;1111 1173 11C0; # (í”; í”; 픝; í”; 픝; ) HANGUL SYLLABLE PEUT +D51E;D51E;1111 1173 11C1;D51E;1111 1173 11C1; # (픞; 픞; á„‘á…³á‡; 픞; á„‘á…³á‡; ) HANGUL SYLLABLE PEUP +D51F;D51F;1111 1173 11C2;D51F;1111 1173 11C2; # (픟; 픟; 픟; 픟; 픟; ) HANGUL SYLLABLE PEUH +D520;D520;1111 1174;D520;1111 1174; # (í” ; í” ; á„‘á…´; í” ; á„‘á…´; ) HANGUL SYLLABLE PYI +D521;D521;1111 1174 11A8;D521;1111 1174 11A8; # (픡; 픡; 픡; 픡; 픡; ) HANGUL SYLLABLE PYIG +D522;D522;1111 1174 11A9;D522;1111 1174 11A9; # (픢; 픢; 픢; 픢; 픢; ) HANGUL SYLLABLE PYIGG +D523;D523;1111 1174 11AA;D523;1111 1174 11AA; # (픣; 픣; 픣; 픣; 픣; ) HANGUL SYLLABLE PYIGS +D524;D524;1111 1174 11AB;D524;1111 1174 11AB; # (픤; 픤; 픤; 픤; 픤; ) HANGUL SYLLABLE PYIN +D525;D525;1111 1174 11AC;D525;1111 1174 11AC; # (픥; 픥; 픥; 픥; 픥; ) HANGUL SYLLABLE PYINJ +D526;D526;1111 1174 11AD;D526;1111 1174 11AD; # (픦; 픦; 픦; 픦; 픦; ) HANGUL SYLLABLE PYINH +D527;D527;1111 1174 11AE;D527;1111 1174 11AE; # (픧; 픧; 픧; 픧; 픧; ) HANGUL SYLLABLE PYID +D528;D528;1111 1174 11AF;D528;1111 1174 11AF; # (픨; 픨; 픨; 픨; 픨; ) HANGUL SYLLABLE PYIL +D529;D529;1111 1174 11B0;D529;1111 1174 11B0; # (픩; 픩; 픩; 픩; 픩; ) HANGUL SYLLABLE PYILG +D52A;D52A;1111 1174 11B1;D52A;1111 1174 11B1; # (픪; 픪; 픪; 픪; 픪; ) HANGUL SYLLABLE PYILM +D52B;D52B;1111 1174 11B2;D52B;1111 1174 11B2; # (픫; 픫; 픫; 픫; 픫; ) HANGUL SYLLABLE PYILB +D52C;D52C;1111 1174 11B3;D52C;1111 1174 11B3; # (픬; 픬; 픬; 픬; 픬; ) HANGUL SYLLABLE PYILS +D52D;D52D;1111 1174 11B4;D52D;1111 1174 11B4; # (í”­; í”­; 픭; í”­; 픭; ) HANGUL SYLLABLE PYILT +D52E;D52E;1111 1174 11B5;D52E;1111 1174 11B5; # (í”®; í”®; 픮; í”®; 픮; ) HANGUL SYLLABLE PYILP +D52F;D52F;1111 1174 11B6;D52F;1111 1174 11B6; # (픯; 픯; 픯; 픯; 픯; ) HANGUL SYLLABLE PYILH +D530;D530;1111 1174 11B7;D530;1111 1174 11B7; # (í”°; í”°; 픰; í”°; 픰; ) HANGUL SYLLABLE PYIM +D531;D531;1111 1174 11B8;D531;1111 1174 11B8; # (í”±; í”±; 픱; í”±; 픱; ) HANGUL SYLLABLE PYIB +D532;D532;1111 1174 11B9;D532;1111 1174 11B9; # (픲; 픲; 픲; 픲; 픲; ) HANGUL SYLLABLE PYIBS +D533;D533;1111 1174 11BA;D533;1111 1174 11BA; # (픳; 픳; 픳; 픳; 픳; ) HANGUL SYLLABLE PYIS +D534;D534;1111 1174 11BB;D534;1111 1174 11BB; # (í”´; í”´; 픴; í”´; 픴; ) HANGUL SYLLABLE PYISS +D535;D535;1111 1174 11BC;D535;1111 1174 11BC; # (픵; 픵; 픵; 픵; 픵; ) HANGUL SYLLABLE PYING +D536;D536;1111 1174 11BD;D536;1111 1174 11BD; # (픶; 픶; 픶; 픶; 픶; ) HANGUL SYLLABLE PYIJ +D537;D537;1111 1174 11BE;D537;1111 1174 11BE; # (í”·; í”·; 픷; í”·; 픷; ) HANGUL SYLLABLE PYIC +D538;D538;1111 1174 11BF;D538;1111 1174 11BF; # (픸; 픸; 픸; 픸; 픸; ) HANGUL SYLLABLE PYIK +D539;D539;1111 1174 11C0;D539;1111 1174 11C0; # (픹; 픹; 픹; 픹; 픹; ) HANGUL SYLLABLE PYIT +D53A;D53A;1111 1174 11C1;D53A;1111 1174 11C1; # (픺; 픺; á„‘á…´á‡; 픺; á„‘á…´á‡; ) HANGUL SYLLABLE PYIP +D53B;D53B;1111 1174 11C2;D53B;1111 1174 11C2; # (í”»; í”»; 픻; í”»; 픻; ) HANGUL SYLLABLE PYIH +D53C;D53C;1111 1175;D53C;1111 1175; # (피; 피; á„‘á…µ; 피; á„‘á…µ; ) HANGUL SYLLABLE PI +D53D;D53D;1111 1175 11A8;D53D;1111 1175 11A8; # (픽; 픽; 픽; 픽; 픽; ) HANGUL SYLLABLE PIG +D53E;D53E;1111 1175 11A9;D53E;1111 1175 11A9; # (픾; 픾; 픾; 픾; 픾; ) HANGUL SYLLABLE PIGG +D53F;D53F;1111 1175 11AA;D53F;1111 1175 11AA; # (픿; 픿; 픿; 픿; 픿; ) HANGUL SYLLABLE PIGS +D540;D540;1111 1175 11AB;D540;1111 1175 11AB; # (í•€; í•€; 핀; í•€; 핀; ) HANGUL SYLLABLE PIN +D541;D541;1111 1175 11AC;D541;1111 1175 11AC; # (í•; í•; 핁; í•; 핁; ) HANGUL SYLLABLE PINJ +D542;D542;1111 1175 11AD;D542;1111 1175 11AD; # (í•‚; í•‚; 핂; í•‚; 핂; ) HANGUL SYLLABLE PINH +D543;D543;1111 1175 11AE;D543;1111 1175 11AE; # (핃; 핃; 핃; 핃; 핃; ) HANGUL SYLLABLE PID +D544;D544;1111 1175 11AF;D544;1111 1175 11AF; # (í•„; í•„; 필; í•„; 필; ) HANGUL SYLLABLE PIL +D545;D545;1111 1175 11B0;D545;1111 1175 11B0; # (í•…; í•…; 핅; í•…; 핅; ) HANGUL SYLLABLE PILG +D546;D546;1111 1175 11B1;D546;1111 1175 11B1; # (핆; 핆; 핆; 핆; 핆; ) HANGUL SYLLABLE PILM +D547;D547;1111 1175 11B2;D547;1111 1175 11B2; # (핇; 핇; 핇; 핇; 핇; ) HANGUL SYLLABLE PILB +D548;D548;1111 1175 11B3;D548;1111 1175 11B3; # (핈; 핈; 핈; 핈; 핈; ) HANGUL SYLLABLE PILS +D549;D549;1111 1175 11B4;D549;1111 1175 11B4; # (핉; 핉; 핉; 핉; 핉; ) HANGUL SYLLABLE PILT +D54A;D54A;1111 1175 11B5;D54A;1111 1175 11B5; # (í•Š; í•Š; 핊; í•Š; 핊; ) HANGUL SYLLABLE PILP +D54B;D54B;1111 1175 11B6;D54B;1111 1175 11B6; # (í•‹; í•‹; 핋; í•‹; 핋; ) HANGUL SYLLABLE PILH +D54C;D54C;1111 1175 11B7;D54C;1111 1175 11B7; # (í•Œ; í•Œ; 핌; í•Œ; 핌; ) HANGUL SYLLABLE PIM +D54D;D54D;1111 1175 11B8;D54D;1111 1175 11B8; # (í•; í•; 핍; í•; 핍; ) HANGUL SYLLABLE PIB +D54E;D54E;1111 1175 11B9;D54E;1111 1175 11B9; # (í•Ž; í•Ž; 핎; í•Ž; 핎; ) HANGUL SYLLABLE PIBS +D54F;D54F;1111 1175 11BA;D54F;1111 1175 11BA; # (í•; í•; 핏; í•; 핏; ) HANGUL SYLLABLE PIS +D550;D550;1111 1175 11BB;D550;1111 1175 11BB; # (í•; í•; 핐; í•; 핐; ) HANGUL SYLLABLE PISS +D551;D551;1111 1175 11BC;D551;1111 1175 11BC; # (í•‘; í•‘; 핑; í•‘; 핑; ) HANGUL SYLLABLE PING +D552;D552;1111 1175 11BD;D552;1111 1175 11BD; # (í•’; í•’; 핒; í•’; 핒; ) HANGUL SYLLABLE PIJ +D553;D553;1111 1175 11BE;D553;1111 1175 11BE; # (í•“; í•“; 핓; í•“; 핓; ) HANGUL SYLLABLE PIC +D554;D554;1111 1175 11BF;D554;1111 1175 11BF; # (í•”; í•”; 핔; í•”; 핔; ) HANGUL SYLLABLE PIK +D555;D555;1111 1175 11C0;D555;1111 1175 11C0; # (í••; í••; 핕; í••; 핕; ) HANGUL SYLLABLE PIT +D556;D556;1111 1175 11C1;D556;1111 1175 11C1; # (í•–; í•–; á„‘á…µá‡; í•–; á„‘á…µá‡; ) HANGUL SYLLABLE PIP +D557;D557;1111 1175 11C2;D557;1111 1175 11C2; # (í•—; í•—; 핗; í•—; 핗; ) HANGUL SYLLABLE PIH +D558;D558;1112 1161;D558;1112 1161; # (하; 하; á„’á…¡; 하; á„’á…¡; ) HANGUL SYLLABLE HA +D559;D559;1112 1161 11A8;D559;1112 1161 11A8; # (í•™; í•™; 학; í•™; 학; ) HANGUL SYLLABLE HAG +D55A;D55A;1112 1161 11A9;D55A;1112 1161 11A9; # (í•š; í•š; 핚; í•š; 핚; ) HANGUL SYLLABLE HAGG +D55B;D55B;1112 1161 11AA;D55B;1112 1161 11AA; # (í•›; í•›; 핛; í•›; 핛; ) HANGUL SYLLABLE HAGS +D55C;D55C;1112 1161 11AB;D55C;1112 1161 11AB; # (í•œ; í•œ; 한; í•œ; 한; ) HANGUL SYLLABLE HAN +D55D;D55D;1112 1161 11AC;D55D;1112 1161 11AC; # (í•; í•; 핝; í•; 핝; ) HANGUL SYLLABLE HANJ +D55E;D55E;1112 1161 11AD;D55E;1112 1161 11AD; # (í•ž; í•ž; 핞; í•ž; 핞; ) HANGUL SYLLABLE HANH +D55F;D55F;1112 1161 11AE;D55F;1112 1161 11AE; # (í•Ÿ; í•Ÿ; 핟; í•Ÿ; 핟; ) HANGUL SYLLABLE HAD +D560;D560;1112 1161 11AF;D560;1112 1161 11AF; # (í• ; í• ; 할; í• ; 할; ) HANGUL SYLLABLE HAL +D561;D561;1112 1161 11B0;D561;1112 1161 11B0; # (í•¡; í•¡; 핡; í•¡; 핡; ) HANGUL SYLLABLE HALG +D562;D562;1112 1161 11B1;D562;1112 1161 11B1; # (í•¢; í•¢; 핢; í•¢; 핢; ) HANGUL SYLLABLE HALM +D563;D563;1112 1161 11B2;D563;1112 1161 11B2; # (í•£; í•£; 핣; í•£; 핣; ) HANGUL SYLLABLE HALB +D564;D564;1112 1161 11B3;D564;1112 1161 11B3; # (핤; 핤; 핤; 핤; 핤; ) HANGUL SYLLABLE HALS +D565;D565;1112 1161 11B4;D565;1112 1161 11B4; # (í•¥; í•¥; 핥; í•¥; 핥; ) HANGUL SYLLABLE HALT +D566;D566;1112 1161 11B5;D566;1112 1161 11B5; # (핦; 핦; 핦; 핦; 핦; ) HANGUL SYLLABLE HALP +D567;D567;1112 1161 11B6;D567;1112 1161 11B6; # (핧; 핧; 핧; 핧; 핧; ) HANGUL SYLLABLE HALH +D568;D568;1112 1161 11B7;D568;1112 1161 11B7; # (함; 함; 함; 함; 함; ) HANGUL SYLLABLE HAM +D569;D569;1112 1161 11B8;D569;1112 1161 11B8; # (í•©; í•©; 합; í•©; 합; ) HANGUL SYLLABLE HAB +D56A;D56A;1112 1161 11B9;D56A;1112 1161 11B9; # (핪; 핪; 핪; 핪; 핪; ) HANGUL SYLLABLE HABS +D56B;D56B;1112 1161 11BA;D56B;1112 1161 11BA; # (í•«; í•«; 핫; í•«; 핫; ) HANGUL SYLLABLE HAS +D56C;D56C;1112 1161 11BB;D56C;1112 1161 11BB; # (핬; 핬; 핬; 핬; 핬; ) HANGUL SYLLABLE HASS +D56D;D56D;1112 1161 11BC;D56D;1112 1161 11BC; # (í•­; í•­; 항; í•­; 항; ) HANGUL SYLLABLE HANG +D56E;D56E;1112 1161 11BD;D56E;1112 1161 11BD; # (í•®; í•®; 핮; í•®; 핮; ) HANGUL SYLLABLE HAJ +D56F;D56F;1112 1161 11BE;D56F;1112 1161 11BE; # (핯; 핯; 핯; 핯; 핯; ) HANGUL SYLLABLE HAC +D570;D570;1112 1161 11BF;D570;1112 1161 11BF; # (í•°; í•°; 핰; í•°; 핰; ) HANGUL SYLLABLE HAK +D571;D571;1112 1161 11C0;D571;1112 1161 11C0; # (핱; 핱; 핱; 핱; 핱; ) HANGUL SYLLABLE HAT +D572;D572;1112 1161 11C1;D572;1112 1161 11C1; # (핲; 핲; á„’á…¡á‡; 핲; á„’á…¡á‡; ) HANGUL SYLLABLE HAP +D573;D573;1112 1161 11C2;D573;1112 1161 11C2; # (핳; 핳; 핳; 핳; 핳; ) HANGUL SYLLABLE HAH +D574;D574;1112 1162;D574;1112 1162; # (í•´; í•´; á„’á…¢; í•´; á„’á…¢; ) HANGUL SYLLABLE HAE +D575;D575;1112 1162 11A8;D575;1112 1162 11A8; # (핵; 핵; 핵; 핵; 핵; ) HANGUL SYLLABLE HAEG +D576;D576;1112 1162 11A9;D576;1112 1162 11A9; # (핶; 핶; 핶; 핶; 핶; ) HANGUL SYLLABLE HAEGG +D577;D577;1112 1162 11AA;D577;1112 1162 11AA; # (í•·; í•·; 핷; í•·; 핷; ) HANGUL SYLLABLE HAEGS +D578;D578;1112 1162 11AB;D578;1112 1162 11AB; # (핸; 핸; 핸; 핸; 핸; ) HANGUL SYLLABLE HAEN +D579;D579;1112 1162 11AC;D579;1112 1162 11AC; # (핹; 핹; 핹; 핹; 핹; ) HANGUL SYLLABLE HAENJ +D57A;D57A;1112 1162 11AD;D57A;1112 1162 11AD; # (핺; 핺; 핺; 핺; 핺; ) HANGUL SYLLABLE HAENH +D57B;D57B;1112 1162 11AE;D57B;1112 1162 11AE; # (í•»; í•»; 핻; í•»; 핻; ) HANGUL SYLLABLE HAED +D57C;D57C;1112 1162 11AF;D57C;1112 1162 11AF; # (핼; 핼; 핼; 핼; 핼; ) HANGUL SYLLABLE HAEL +D57D;D57D;1112 1162 11B0;D57D;1112 1162 11B0; # (핽; 핽; 핽; 핽; 핽; ) HANGUL SYLLABLE HAELG +D57E;D57E;1112 1162 11B1;D57E;1112 1162 11B1; # (핾; 핾; 핾; 핾; 핾; ) HANGUL SYLLABLE HAELM +D57F;D57F;1112 1162 11B2;D57F;1112 1162 11B2; # (í•¿; í•¿; 핿; í•¿; 핿; ) HANGUL SYLLABLE HAELB +D580;D580;1112 1162 11B3;D580;1112 1162 11B3; # (í–€; í–€; 햀; í–€; 햀; ) HANGUL SYLLABLE HAELS +D581;D581;1112 1162 11B4;D581;1112 1162 11B4; # (í–; í–; 햁; í–; 햁; ) HANGUL SYLLABLE HAELT +D582;D582;1112 1162 11B5;D582;1112 1162 11B5; # (í–‚; í–‚; 햂; í–‚; 햂; ) HANGUL SYLLABLE HAELP +D583;D583;1112 1162 11B6;D583;1112 1162 11B6; # (í–ƒ; í–ƒ; 햃; í–ƒ; 햃; ) HANGUL SYLLABLE HAELH +D584;D584;1112 1162 11B7;D584;1112 1162 11B7; # (í–„; í–„; 햄; í–„; 햄; ) HANGUL SYLLABLE HAEM +D585;D585;1112 1162 11B8;D585;1112 1162 11B8; # (í–…; í–…; 햅; í–…; 햅; ) HANGUL SYLLABLE HAEB +D586;D586;1112 1162 11B9;D586;1112 1162 11B9; # (í–†; í–†; 햆; í–†; 햆; ) HANGUL SYLLABLE HAEBS +D587;D587;1112 1162 11BA;D587;1112 1162 11BA; # (í–‡; í–‡; 햇; í–‡; 햇; ) HANGUL SYLLABLE HAES +D588;D588;1112 1162 11BB;D588;1112 1162 11BB; # (í–ˆ; í–ˆ; 했; í–ˆ; 했; ) HANGUL SYLLABLE HAESS +D589;D589;1112 1162 11BC;D589;1112 1162 11BC; # (í–‰; í–‰; 행; í–‰; 행; ) HANGUL SYLLABLE HAENG +D58A;D58A;1112 1162 11BD;D58A;1112 1162 11BD; # (í–Š; í–Š; 햊; í–Š; 햊; ) HANGUL SYLLABLE HAEJ +D58B;D58B;1112 1162 11BE;D58B;1112 1162 11BE; # (í–‹; í–‹; 햋; í–‹; 햋; ) HANGUL SYLLABLE HAEC +D58C;D58C;1112 1162 11BF;D58C;1112 1162 11BF; # (í–Œ; í–Œ; 햌; í–Œ; 햌; ) HANGUL SYLLABLE HAEK +D58D;D58D;1112 1162 11C0;D58D;1112 1162 11C0; # (í–; í–; 햍; í–; 햍; ) HANGUL SYLLABLE HAET +D58E;D58E;1112 1162 11C1;D58E;1112 1162 11C1; # (í–Ž; í–Ž; á„’á…¢á‡; í–Ž; á„’á…¢á‡; ) HANGUL SYLLABLE HAEP +D58F;D58F;1112 1162 11C2;D58F;1112 1162 11C2; # (í–; í–; 햏; í–; 햏; ) HANGUL SYLLABLE HAEH +D590;D590;1112 1163;D590;1112 1163; # (í–; í–; á„’á…£; í–; á„’á…£; ) HANGUL SYLLABLE HYA +D591;D591;1112 1163 11A8;D591;1112 1163 11A8; # (í–‘; í–‘; 햑; í–‘; 햑; ) HANGUL SYLLABLE HYAG +D592;D592;1112 1163 11A9;D592;1112 1163 11A9; # (í–’; í–’; 햒; í–’; 햒; ) HANGUL SYLLABLE HYAGG +D593;D593;1112 1163 11AA;D593;1112 1163 11AA; # (í–“; í–“; 햓; í–“; 햓; ) HANGUL SYLLABLE HYAGS +D594;D594;1112 1163 11AB;D594;1112 1163 11AB; # (í–”; í–”; 햔; í–”; 햔; ) HANGUL SYLLABLE HYAN +D595;D595;1112 1163 11AC;D595;1112 1163 11AC; # (í–•; í–•; 햕; í–•; 햕; ) HANGUL SYLLABLE HYANJ +D596;D596;1112 1163 11AD;D596;1112 1163 11AD; # (í––; í––; 햖; í––; 햖; ) HANGUL SYLLABLE HYANH +D597;D597;1112 1163 11AE;D597;1112 1163 11AE; # (í–—; í–—; 햗; í–—; 햗; ) HANGUL SYLLABLE HYAD +D598;D598;1112 1163 11AF;D598;1112 1163 11AF; # (í–˜; í–˜; 햘; í–˜; 햘; ) HANGUL SYLLABLE HYAL +D599;D599;1112 1163 11B0;D599;1112 1163 11B0; # (í–™; í–™; 햙; í–™; 햙; ) HANGUL SYLLABLE HYALG +D59A;D59A;1112 1163 11B1;D59A;1112 1163 11B1; # (í–š; í–š; 햚; í–š; 햚; ) HANGUL SYLLABLE HYALM +D59B;D59B;1112 1163 11B2;D59B;1112 1163 11B2; # (í–›; í–›; 햛; í–›; 햛; ) HANGUL SYLLABLE HYALB +D59C;D59C;1112 1163 11B3;D59C;1112 1163 11B3; # (í–œ; í–œ; 햜; í–œ; 햜; ) HANGUL SYLLABLE HYALS +D59D;D59D;1112 1163 11B4;D59D;1112 1163 11B4; # (í–; í–; 햝; í–; 햝; ) HANGUL SYLLABLE HYALT +D59E;D59E;1112 1163 11B5;D59E;1112 1163 11B5; # (í–ž; í–ž; 햞; í–ž; 햞; ) HANGUL SYLLABLE HYALP +D59F;D59F;1112 1163 11B6;D59F;1112 1163 11B6; # (í–Ÿ; í–Ÿ; 햟; í–Ÿ; 햟; ) HANGUL SYLLABLE HYALH +D5A0;D5A0;1112 1163 11B7;D5A0;1112 1163 11B7; # (í– ; í– ; 햠; í– ; 햠; ) HANGUL SYLLABLE HYAM +D5A1;D5A1;1112 1163 11B8;D5A1;1112 1163 11B8; # (í–¡; í–¡; 햡; í–¡; 햡; ) HANGUL SYLLABLE HYAB +D5A2;D5A2;1112 1163 11B9;D5A2;1112 1163 11B9; # (í–¢; í–¢; 햢; í–¢; 햢; ) HANGUL SYLLABLE HYABS +D5A3;D5A3;1112 1163 11BA;D5A3;1112 1163 11BA; # (í–£; í–£; 햣; í–£; 햣; ) HANGUL SYLLABLE HYAS +D5A4;D5A4;1112 1163 11BB;D5A4;1112 1163 11BB; # (í–¤; í–¤; 햤; í–¤; 햤; ) HANGUL SYLLABLE HYASS +D5A5;D5A5;1112 1163 11BC;D5A5;1112 1163 11BC; # (í–¥; í–¥; 향; í–¥; 향; ) HANGUL SYLLABLE HYANG +D5A6;D5A6;1112 1163 11BD;D5A6;1112 1163 11BD; # (í–¦; í–¦; 햦; í–¦; 햦; ) HANGUL SYLLABLE HYAJ +D5A7;D5A7;1112 1163 11BE;D5A7;1112 1163 11BE; # (í–§; í–§; 햧; í–§; 햧; ) HANGUL SYLLABLE HYAC +D5A8;D5A8;1112 1163 11BF;D5A8;1112 1163 11BF; # (í–¨; í–¨; 햨; í–¨; 햨; ) HANGUL SYLLABLE HYAK +D5A9;D5A9;1112 1163 11C0;D5A9;1112 1163 11C0; # (í–©; í–©; 햩; í–©; 햩; ) HANGUL SYLLABLE HYAT +D5AA;D5AA;1112 1163 11C1;D5AA;1112 1163 11C1; # (í–ª; í–ª; á„’á…£á‡; í–ª; á„’á…£á‡; ) HANGUL SYLLABLE HYAP +D5AB;D5AB;1112 1163 11C2;D5AB;1112 1163 11C2; # (í–«; í–«; 햫; í–«; 햫; ) HANGUL SYLLABLE HYAH +D5AC;D5AC;1112 1164;D5AC;1112 1164; # (í–¬; í–¬; á„’á…¤; í–¬; á„’á…¤; ) HANGUL SYLLABLE HYAE +D5AD;D5AD;1112 1164 11A8;D5AD;1112 1164 11A8; # (í–­; í–­; 햭; í–­; 햭; ) HANGUL SYLLABLE HYAEG +D5AE;D5AE;1112 1164 11A9;D5AE;1112 1164 11A9; # (í–®; í–®; 햮; í–®; 햮; ) HANGUL SYLLABLE HYAEGG +D5AF;D5AF;1112 1164 11AA;D5AF;1112 1164 11AA; # (í–¯; í–¯; 햯; í–¯; 햯; ) HANGUL SYLLABLE HYAEGS +D5B0;D5B0;1112 1164 11AB;D5B0;1112 1164 11AB; # (í–°; í–°; 햰; í–°; 햰; ) HANGUL SYLLABLE HYAEN +D5B1;D5B1;1112 1164 11AC;D5B1;1112 1164 11AC; # (í–±; í–±; 햱; í–±; 햱; ) HANGUL SYLLABLE HYAENJ +D5B2;D5B2;1112 1164 11AD;D5B2;1112 1164 11AD; # (í–²; í–²; 햲; í–²; 햲; ) HANGUL SYLLABLE HYAENH +D5B3;D5B3;1112 1164 11AE;D5B3;1112 1164 11AE; # (í–³; í–³; 햳; í–³; 햳; ) HANGUL SYLLABLE HYAED +D5B4;D5B4;1112 1164 11AF;D5B4;1112 1164 11AF; # (í–´; í–´; 햴; í–´; 햴; ) HANGUL SYLLABLE HYAEL +D5B5;D5B5;1112 1164 11B0;D5B5;1112 1164 11B0; # (í–µ; í–µ; 햵; í–µ; 햵; ) HANGUL SYLLABLE HYAELG +D5B6;D5B6;1112 1164 11B1;D5B6;1112 1164 11B1; # (í–¶; í–¶; 햶; í–¶; 햶; ) HANGUL SYLLABLE HYAELM +D5B7;D5B7;1112 1164 11B2;D5B7;1112 1164 11B2; # (í–·; í–·; 햷; í–·; 햷; ) HANGUL SYLLABLE HYAELB +D5B8;D5B8;1112 1164 11B3;D5B8;1112 1164 11B3; # (í–¸; í–¸; 햸; í–¸; 햸; ) HANGUL SYLLABLE HYAELS +D5B9;D5B9;1112 1164 11B4;D5B9;1112 1164 11B4; # (í–¹; í–¹; 햹; í–¹; 햹; ) HANGUL SYLLABLE HYAELT +D5BA;D5BA;1112 1164 11B5;D5BA;1112 1164 11B5; # (í–º; í–º; 햺; í–º; 햺; ) HANGUL SYLLABLE HYAELP +D5BB;D5BB;1112 1164 11B6;D5BB;1112 1164 11B6; # (í–»; í–»; 햻; í–»; 햻; ) HANGUL SYLLABLE HYAELH +D5BC;D5BC;1112 1164 11B7;D5BC;1112 1164 11B7; # (í–¼; í–¼; 햼; í–¼; 햼; ) HANGUL SYLLABLE HYAEM +D5BD;D5BD;1112 1164 11B8;D5BD;1112 1164 11B8; # (í–½; í–½; 햽; í–½; 햽; ) HANGUL SYLLABLE HYAEB +D5BE;D5BE;1112 1164 11B9;D5BE;1112 1164 11B9; # (í–¾; í–¾; 햾; í–¾; 햾; ) HANGUL SYLLABLE HYAEBS +D5BF;D5BF;1112 1164 11BA;D5BF;1112 1164 11BA; # (í–¿; í–¿; 햿; í–¿; 햿; ) HANGUL SYLLABLE HYAES +D5C0;D5C0;1112 1164 11BB;D5C0;1112 1164 11BB; # (í—€; í—€; 헀; í—€; 헀; ) HANGUL SYLLABLE HYAESS +D5C1;D5C1;1112 1164 11BC;D5C1;1112 1164 11BC; # (í—; í—; 헁; í—; 헁; ) HANGUL SYLLABLE HYAENG +D5C2;D5C2;1112 1164 11BD;D5C2;1112 1164 11BD; # (í—‚; í—‚; 헂; í—‚; 헂; ) HANGUL SYLLABLE HYAEJ +D5C3;D5C3;1112 1164 11BE;D5C3;1112 1164 11BE; # (í—ƒ; í—ƒ; 헃; í—ƒ; 헃; ) HANGUL SYLLABLE HYAEC +D5C4;D5C4;1112 1164 11BF;D5C4;1112 1164 11BF; # (í—„; í—„; 헄; í—„; 헄; ) HANGUL SYLLABLE HYAEK +D5C5;D5C5;1112 1164 11C0;D5C5;1112 1164 11C0; # (í—…; í—…; 헅; í—…; 헅; ) HANGUL SYLLABLE HYAET +D5C6;D5C6;1112 1164 11C1;D5C6;1112 1164 11C1; # (í—†; í—†; á„’á…¤á‡; í—†; á„’á…¤á‡; ) HANGUL SYLLABLE HYAEP +D5C7;D5C7;1112 1164 11C2;D5C7;1112 1164 11C2; # (í—‡; í—‡; 헇; í—‡; 헇; ) HANGUL SYLLABLE HYAEH +D5C8;D5C8;1112 1165;D5C8;1112 1165; # (í—ˆ; í—ˆ; á„’á…¥; í—ˆ; á„’á…¥; ) HANGUL SYLLABLE HEO +D5C9;D5C9;1112 1165 11A8;D5C9;1112 1165 11A8; # (í—‰; í—‰; 헉; í—‰; 헉; ) HANGUL SYLLABLE HEOG +D5CA;D5CA;1112 1165 11A9;D5CA;1112 1165 11A9; # (í—Š; í—Š; 헊; í—Š; 헊; ) HANGUL SYLLABLE HEOGG +D5CB;D5CB;1112 1165 11AA;D5CB;1112 1165 11AA; # (í—‹; í—‹; 헋; í—‹; 헋; ) HANGUL SYLLABLE HEOGS +D5CC;D5CC;1112 1165 11AB;D5CC;1112 1165 11AB; # (í—Œ; í—Œ; 헌; í—Œ; 헌; ) HANGUL SYLLABLE HEON +D5CD;D5CD;1112 1165 11AC;D5CD;1112 1165 11AC; # (í—; í—; 헍; í—; 헍; ) HANGUL SYLLABLE HEONJ +D5CE;D5CE;1112 1165 11AD;D5CE;1112 1165 11AD; # (í—Ž; í—Ž; 헎; í—Ž; 헎; ) HANGUL SYLLABLE HEONH +D5CF;D5CF;1112 1165 11AE;D5CF;1112 1165 11AE; # (í—; í—; 헏; í—; 헏; ) HANGUL SYLLABLE HEOD +D5D0;D5D0;1112 1165 11AF;D5D0;1112 1165 11AF; # (í—; í—; 헐; í—; 헐; ) HANGUL SYLLABLE HEOL +D5D1;D5D1;1112 1165 11B0;D5D1;1112 1165 11B0; # (í—‘; í—‘; 헑; í—‘; 헑; ) HANGUL SYLLABLE HEOLG +D5D2;D5D2;1112 1165 11B1;D5D2;1112 1165 11B1; # (í—’; í—’; 헒; í—’; 헒; ) HANGUL SYLLABLE HEOLM +D5D3;D5D3;1112 1165 11B2;D5D3;1112 1165 11B2; # (í—“; í—“; 헓; í—“; 헓; ) HANGUL SYLLABLE HEOLB +D5D4;D5D4;1112 1165 11B3;D5D4;1112 1165 11B3; # (í—”; í—”; 헔; í—”; 헔; ) HANGUL SYLLABLE HEOLS +D5D5;D5D5;1112 1165 11B4;D5D5;1112 1165 11B4; # (í—•; í—•; 헕; í—•; 헕; ) HANGUL SYLLABLE HEOLT +D5D6;D5D6;1112 1165 11B5;D5D6;1112 1165 11B5; # (í—–; í—–; 헖; í—–; 헖; ) HANGUL SYLLABLE HEOLP +D5D7;D5D7;1112 1165 11B6;D5D7;1112 1165 11B6; # (í——; í——; 헗; í——; 헗; ) HANGUL SYLLABLE HEOLH +D5D8;D5D8;1112 1165 11B7;D5D8;1112 1165 11B7; # (í—˜; í—˜; 험; í—˜; 험; ) HANGUL SYLLABLE HEOM +D5D9;D5D9;1112 1165 11B8;D5D9;1112 1165 11B8; # (í—™; í—™; 헙; í—™; 헙; ) HANGUL SYLLABLE HEOB +D5DA;D5DA;1112 1165 11B9;D5DA;1112 1165 11B9; # (í—š; í—š; 헚; í—š; 헚; ) HANGUL SYLLABLE HEOBS +D5DB;D5DB;1112 1165 11BA;D5DB;1112 1165 11BA; # (í—›; í—›; 헛; í—›; 헛; ) HANGUL SYLLABLE HEOS +D5DC;D5DC;1112 1165 11BB;D5DC;1112 1165 11BB; # (í—œ; í—œ; 헜; í—œ; 헜; ) HANGUL SYLLABLE HEOSS +D5DD;D5DD;1112 1165 11BC;D5DD;1112 1165 11BC; # (í—; í—; 헝; í—; 헝; ) HANGUL SYLLABLE HEONG +D5DE;D5DE;1112 1165 11BD;D5DE;1112 1165 11BD; # (í—ž; í—ž; 헞; í—ž; 헞; ) HANGUL SYLLABLE HEOJ +D5DF;D5DF;1112 1165 11BE;D5DF;1112 1165 11BE; # (í—Ÿ; í—Ÿ; 헟; í—Ÿ; 헟; ) HANGUL SYLLABLE HEOC +D5E0;D5E0;1112 1165 11BF;D5E0;1112 1165 11BF; # (í— ; í— ; 헠; í— ; 헠; ) HANGUL SYLLABLE HEOK +D5E1;D5E1;1112 1165 11C0;D5E1;1112 1165 11C0; # (í—¡; í—¡; 헡; í—¡; 헡; ) HANGUL SYLLABLE HEOT +D5E2;D5E2;1112 1165 11C1;D5E2;1112 1165 11C1; # (í—¢; í—¢; á„’á…¥á‡; í—¢; á„’á…¥á‡; ) HANGUL SYLLABLE HEOP +D5E3;D5E3;1112 1165 11C2;D5E3;1112 1165 11C2; # (í—£; í—£; 헣; í—£; 헣; ) HANGUL SYLLABLE HEOH +D5E4;D5E4;1112 1166;D5E4;1112 1166; # (í—¤; í—¤; á„’á…¦; í—¤; á„’á…¦; ) HANGUL SYLLABLE HE +D5E5;D5E5;1112 1166 11A8;D5E5;1112 1166 11A8; # (í—¥; í—¥; 헥; í—¥; 헥; ) HANGUL SYLLABLE HEG +D5E6;D5E6;1112 1166 11A9;D5E6;1112 1166 11A9; # (í—¦; í—¦; 헦; í—¦; 헦; ) HANGUL SYLLABLE HEGG +D5E7;D5E7;1112 1166 11AA;D5E7;1112 1166 11AA; # (í—§; í—§; 헧; í—§; 헧; ) HANGUL SYLLABLE HEGS +D5E8;D5E8;1112 1166 11AB;D5E8;1112 1166 11AB; # (í—¨; í—¨; 헨; í—¨; 헨; ) HANGUL SYLLABLE HEN +D5E9;D5E9;1112 1166 11AC;D5E9;1112 1166 11AC; # (í—©; í—©; 헩; í—©; 헩; ) HANGUL SYLLABLE HENJ +D5EA;D5EA;1112 1166 11AD;D5EA;1112 1166 11AD; # (í—ª; í—ª; 헪; í—ª; 헪; ) HANGUL SYLLABLE HENH +D5EB;D5EB;1112 1166 11AE;D5EB;1112 1166 11AE; # (í—«; í—«; 헫; í—«; 헫; ) HANGUL SYLLABLE HED +D5EC;D5EC;1112 1166 11AF;D5EC;1112 1166 11AF; # (í—¬; í—¬; 헬; í—¬; 헬; ) HANGUL SYLLABLE HEL +D5ED;D5ED;1112 1166 11B0;D5ED;1112 1166 11B0; # (í—­; í—­; 헭; í—­; 헭; ) HANGUL SYLLABLE HELG +D5EE;D5EE;1112 1166 11B1;D5EE;1112 1166 11B1; # (í—®; í—®; 헮; í—®; 헮; ) HANGUL SYLLABLE HELM +D5EF;D5EF;1112 1166 11B2;D5EF;1112 1166 11B2; # (í—¯; í—¯; 헯; í—¯; 헯; ) HANGUL SYLLABLE HELB +D5F0;D5F0;1112 1166 11B3;D5F0;1112 1166 11B3; # (í—°; í—°; 헰; í—°; 헰; ) HANGUL SYLLABLE HELS +D5F1;D5F1;1112 1166 11B4;D5F1;1112 1166 11B4; # (í—±; í—±; 헱; í—±; 헱; ) HANGUL SYLLABLE HELT +D5F2;D5F2;1112 1166 11B5;D5F2;1112 1166 11B5; # (í—²; í—²; 헲; í—²; 헲; ) HANGUL SYLLABLE HELP +D5F3;D5F3;1112 1166 11B6;D5F3;1112 1166 11B6; # (í—³; í—³; 헳; í—³; 헳; ) HANGUL SYLLABLE HELH +D5F4;D5F4;1112 1166 11B7;D5F4;1112 1166 11B7; # (í—´; í—´; 헴; í—´; 헴; ) HANGUL SYLLABLE HEM +D5F5;D5F5;1112 1166 11B8;D5F5;1112 1166 11B8; # (í—µ; í—µ; 헵; í—µ; 헵; ) HANGUL SYLLABLE HEB +D5F6;D5F6;1112 1166 11B9;D5F6;1112 1166 11B9; # (í—¶; í—¶; 헶; í—¶; 헶; ) HANGUL SYLLABLE HEBS +D5F7;D5F7;1112 1166 11BA;D5F7;1112 1166 11BA; # (í—·; í—·; 헷; í—·; 헷; ) HANGUL SYLLABLE HES +D5F8;D5F8;1112 1166 11BB;D5F8;1112 1166 11BB; # (í—¸; í—¸; 헸; í—¸; 헸; ) HANGUL SYLLABLE HESS +D5F9;D5F9;1112 1166 11BC;D5F9;1112 1166 11BC; # (í—¹; í—¹; 헹; í—¹; 헹; ) HANGUL SYLLABLE HENG +D5FA;D5FA;1112 1166 11BD;D5FA;1112 1166 11BD; # (í—º; í—º; 헺; í—º; 헺; ) HANGUL SYLLABLE HEJ +D5FB;D5FB;1112 1166 11BE;D5FB;1112 1166 11BE; # (í—»; í—»; 헻; í—»; 헻; ) HANGUL SYLLABLE HEC +D5FC;D5FC;1112 1166 11BF;D5FC;1112 1166 11BF; # (í—¼; í—¼; 헼; í—¼; 헼; ) HANGUL SYLLABLE HEK +D5FD;D5FD;1112 1166 11C0;D5FD;1112 1166 11C0; # (í—½; í—½; 헽; í—½; 헽; ) HANGUL SYLLABLE HET +D5FE;D5FE;1112 1166 11C1;D5FE;1112 1166 11C1; # (í—¾; í—¾; á„’á…¦á‡; í—¾; á„’á…¦á‡; ) HANGUL SYLLABLE HEP +D5FF;D5FF;1112 1166 11C2;D5FF;1112 1166 11C2; # (í—¿; í—¿; 헿; í—¿; 헿; ) HANGUL SYLLABLE HEH +D600;D600;1112 1167;D600;1112 1167; # (혀; 혀; á„’á…§; 혀; á„’á…§; ) HANGUL SYLLABLE HYEO +D601;D601;1112 1167 11A8;D601;1112 1167 11A8; # (í˜; í˜; 혁; í˜; 혁; ) HANGUL SYLLABLE HYEOG +D602;D602;1112 1167 11A9;D602;1112 1167 11A9; # (혂; 혂; 혂; 혂; 혂; ) HANGUL SYLLABLE HYEOGG +D603;D603;1112 1167 11AA;D603;1112 1167 11AA; # (혃; 혃; 혃; 혃; 혃; ) HANGUL SYLLABLE HYEOGS +D604;D604;1112 1167 11AB;D604;1112 1167 11AB; # (현; 현; 현; 현; 현; ) HANGUL SYLLABLE HYEON +D605;D605;1112 1167 11AC;D605;1112 1167 11AC; # (혅; 혅; 혅; 혅; 혅; ) HANGUL SYLLABLE HYEONJ +D606;D606;1112 1167 11AD;D606;1112 1167 11AD; # (혆; 혆; 혆; 혆; 혆; ) HANGUL SYLLABLE HYEONH +D607;D607;1112 1167 11AE;D607;1112 1167 11AE; # (혇; 혇; 혇; 혇; 혇; ) HANGUL SYLLABLE HYEOD +D608;D608;1112 1167 11AF;D608;1112 1167 11AF; # (혈; 혈; 혈; 혈; 혈; ) HANGUL SYLLABLE HYEOL +D609;D609;1112 1167 11B0;D609;1112 1167 11B0; # (혉; 혉; 혉; 혉; 혉; ) HANGUL SYLLABLE HYEOLG +D60A;D60A;1112 1167 11B1;D60A;1112 1167 11B1; # (혊; 혊; 혊; 혊; 혊; ) HANGUL SYLLABLE HYEOLM +D60B;D60B;1112 1167 11B2;D60B;1112 1167 11B2; # (혋; 혋; 혋; 혋; 혋; ) HANGUL SYLLABLE HYEOLB +D60C;D60C;1112 1167 11B3;D60C;1112 1167 11B3; # (혌; 혌; 혌; 혌; 혌; ) HANGUL SYLLABLE HYEOLS +D60D;D60D;1112 1167 11B4;D60D;1112 1167 11B4; # (í˜; í˜; 혍; í˜; 혍; ) HANGUL SYLLABLE HYEOLT +D60E;D60E;1112 1167 11B5;D60E;1112 1167 11B5; # (혎; 혎; 혎; 혎; 혎; ) HANGUL SYLLABLE HYEOLP +D60F;D60F;1112 1167 11B6;D60F;1112 1167 11B6; # (í˜; í˜; 혏; í˜; 혏; ) HANGUL SYLLABLE HYEOLH +D610;D610;1112 1167 11B7;D610;1112 1167 11B7; # (í˜; í˜; 혐; í˜; 혐; ) HANGUL SYLLABLE HYEOM +D611;D611;1112 1167 11B8;D611;1112 1167 11B8; # (협; 협; 협; 협; 협; ) HANGUL SYLLABLE HYEOB +D612;D612;1112 1167 11B9;D612;1112 1167 11B9; # (혒; 혒; 혒; 혒; 혒; ) HANGUL SYLLABLE HYEOBS +D613;D613;1112 1167 11BA;D613;1112 1167 11BA; # (혓; 혓; 혓; 혓; 혓; ) HANGUL SYLLABLE HYEOS +D614;D614;1112 1167 11BB;D614;1112 1167 11BB; # (혔; 혔; 혔; 혔; 혔; ) HANGUL SYLLABLE HYEOSS +D615;D615;1112 1167 11BC;D615;1112 1167 11BC; # (형; 형; 형; 형; 형; ) HANGUL SYLLABLE HYEONG +D616;D616;1112 1167 11BD;D616;1112 1167 11BD; # (혖; 혖; 혖; 혖; 혖; ) HANGUL SYLLABLE HYEOJ +D617;D617;1112 1167 11BE;D617;1112 1167 11BE; # (혗; 혗; 혗; 혗; 혗; ) HANGUL SYLLABLE HYEOC +D618;D618;1112 1167 11BF;D618;1112 1167 11BF; # (혘; 혘; 혘; 혘; 혘; ) HANGUL SYLLABLE HYEOK +D619;D619;1112 1167 11C0;D619;1112 1167 11C0; # (혙; 혙; 혙; 혙; 혙; ) HANGUL SYLLABLE HYEOT +D61A;D61A;1112 1167 11C1;D61A;1112 1167 11C1; # (혚; 혚; á„’á…§á‡; 혚; á„’á…§á‡; ) HANGUL SYLLABLE HYEOP +D61B;D61B;1112 1167 11C2;D61B;1112 1167 11C2; # (혛; 혛; 혛; 혛; 혛; ) HANGUL SYLLABLE HYEOH +D61C;D61C;1112 1168;D61C;1112 1168; # (혜; 혜; á„’á…¨; 혜; á„’á…¨; ) HANGUL SYLLABLE HYE +D61D;D61D;1112 1168 11A8;D61D;1112 1168 11A8; # (í˜; í˜; 혝; í˜; 혝; ) HANGUL SYLLABLE HYEG +D61E;D61E;1112 1168 11A9;D61E;1112 1168 11A9; # (혞; 혞; 혞; 혞; 혞; ) HANGUL SYLLABLE HYEGG +D61F;D61F;1112 1168 11AA;D61F;1112 1168 11AA; # (혟; 혟; 혟; 혟; 혟; ) HANGUL SYLLABLE HYEGS +D620;D620;1112 1168 11AB;D620;1112 1168 11AB; # (혠; 혠; 혠; 혠; 혠; ) HANGUL SYLLABLE HYEN +D621;D621;1112 1168 11AC;D621;1112 1168 11AC; # (혡; 혡; 혡; 혡; 혡; ) HANGUL SYLLABLE HYENJ +D622;D622;1112 1168 11AD;D622;1112 1168 11AD; # (혢; 혢; 혢; 혢; 혢; ) HANGUL SYLLABLE HYENH +D623;D623;1112 1168 11AE;D623;1112 1168 11AE; # (혣; 혣; 혣; 혣; 혣; ) HANGUL SYLLABLE HYED +D624;D624;1112 1168 11AF;D624;1112 1168 11AF; # (혤; 혤; 혤; 혤; 혤; ) HANGUL SYLLABLE HYEL +D625;D625;1112 1168 11B0;D625;1112 1168 11B0; # (혥; 혥; 혥; 혥; 혥; ) HANGUL SYLLABLE HYELG +D626;D626;1112 1168 11B1;D626;1112 1168 11B1; # (혦; 혦; 혦; 혦; 혦; ) HANGUL SYLLABLE HYELM +D627;D627;1112 1168 11B2;D627;1112 1168 11B2; # (혧; 혧; 혧; 혧; 혧; ) HANGUL SYLLABLE HYELB +D628;D628;1112 1168 11B3;D628;1112 1168 11B3; # (혨; 혨; 혨; 혨; 혨; ) HANGUL SYLLABLE HYELS +D629;D629;1112 1168 11B4;D629;1112 1168 11B4; # (혩; 혩; 혩; 혩; 혩; ) HANGUL SYLLABLE HYELT +D62A;D62A;1112 1168 11B5;D62A;1112 1168 11B5; # (혪; 혪; 혪; 혪; 혪; ) HANGUL SYLLABLE HYELP +D62B;D62B;1112 1168 11B6;D62B;1112 1168 11B6; # (혫; 혫; 혫; 혫; 혫; ) HANGUL SYLLABLE HYELH +D62C;D62C;1112 1168 11B7;D62C;1112 1168 11B7; # (혬; 혬; 혬; 혬; 혬; ) HANGUL SYLLABLE HYEM +D62D;D62D;1112 1168 11B8;D62D;1112 1168 11B8; # (혭; 혭; 혭; 혭; 혭; ) HANGUL SYLLABLE HYEB +D62E;D62E;1112 1168 11B9;D62E;1112 1168 11B9; # (혮; 혮; 혮; 혮; 혮; ) HANGUL SYLLABLE HYEBS +D62F;D62F;1112 1168 11BA;D62F;1112 1168 11BA; # (혯; 혯; 혯; 혯; 혯; ) HANGUL SYLLABLE HYES +D630;D630;1112 1168 11BB;D630;1112 1168 11BB; # (혰; 혰; 혰; 혰; 혰; ) HANGUL SYLLABLE HYESS +D631;D631;1112 1168 11BC;D631;1112 1168 11BC; # (혱; 혱; 혱; 혱; 혱; ) HANGUL SYLLABLE HYENG +D632;D632;1112 1168 11BD;D632;1112 1168 11BD; # (혲; 혲; 혲; 혲; 혲; ) HANGUL SYLLABLE HYEJ +D633;D633;1112 1168 11BE;D633;1112 1168 11BE; # (혳; 혳; 혳; 혳; 혳; ) HANGUL SYLLABLE HYEC +D634;D634;1112 1168 11BF;D634;1112 1168 11BF; # (혴; 혴; 혴; 혴; 혴; ) HANGUL SYLLABLE HYEK +D635;D635;1112 1168 11C0;D635;1112 1168 11C0; # (혵; 혵; 혵; 혵; 혵; ) HANGUL SYLLABLE HYET +D636;D636;1112 1168 11C1;D636;1112 1168 11C1; # (혶; 혶; á„’á…¨á‡; 혶; á„’á…¨á‡; ) HANGUL SYLLABLE HYEP +D637;D637;1112 1168 11C2;D637;1112 1168 11C2; # (혷; 혷; 혷; 혷; 혷; ) HANGUL SYLLABLE HYEH +D638;D638;1112 1169;D638;1112 1169; # (호; 호; á„’á…©; 호; á„’á…©; ) HANGUL SYLLABLE HO +D639;D639;1112 1169 11A8;D639;1112 1169 11A8; # (혹; 혹; 혹; 혹; 혹; ) HANGUL SYLLABLE HOG +D63A;D63A;1112 1169 11A9;D63A;1112 1169 11A9; # (혺; 혺; 혺; 혺; 혺; ) HANGUL SYLLABLE HOGG +D63B;D63B;1112 1169 11AA;D63B;1112 1169 11AA; # (혻; 혻; 혻; 혻; 혻; ) HANGUL SYLLABLE HOGS +D63C;D63C;1112 1169 11AB;D63C;1112 1169 11AB; # (혼; 혼; 혼; 혼; 혼; ) HANGUL SYLLABLE HON +D63D;D63D;1112 1169 11AC;D63D;1112 1169 11AC; # (혽; 혽; 혽; 혽; 혽; ) HANGUL SYLLABLE HONJ +D63E;D63E;1112 1169 11AD;D63E;1112 1169 11AD; # (혾; 혾; 혾; 혾; 혾; ) HANGUL SYLLABLE HONH +D63F;D63F;1112 1169 11AE;D63F;1112 1169 11AE; # (혿; 혿; 혿; 혿; 혿; ) HANGUL SYLLABLE HOD +D640;D640;1112 1169 11AF;D640;1112 1169 11AF; # (홀; 홀; 홀; 홀; 홀; ) HANGUL SYLLABLE HOL +D641;D641;1112 1169 11B0;D641;1112 1169 11B0; # (í™; í™; 홁; í™; 홁; ) HANGUL SYLLABLE HOLG +D642;D642;1112 1169 11B1;D642;1112 1169 11B1; # (홂; 홂; 홂; 홂; 홂; ) HANGUL SYLLABLE HOLM +D643;D643;1112 1169 11B2;D643;1112 1169 11B2; # (홃; 홃; 홃; 홃; 홃; ) HANGUL SYLLABLE HOLB +D644;D644;1112 1169 11B3;D644;1112 1169 11B3; # (홄; 홄; 홄; 홄; 홄; ) HANGUL SYLLABLE HOLS +D645;D645;1112 1169 11B4;D645;1112 1169 11B4; # (í™…; í™…; 홅; í™…; 홅; ) HANGUL SYLLABLE HOLT +D646;D646;1112 1169 11B5;D646;1112 1169 11B5; # (홆; 홆; 홆; 홆; 홆; ) HANGUL SYLLABLE HOLP +D647;D647;1112 1169 11B6;D647;1112 1169 11B6; # (홇; 홇; 홇; 홇; 홇; ) HANGUL SYLLABLE HOLH +D648;D648;1112 1169 11B7;D648;1112 1169 11B7; # (홈; 홈; 홈; 홈; 홈; ) HANGUL SYLLABLE HOM +D649;D649;1112 1169 11B8;D649;1112 1169 11B8; # (홉; 홉; 홉; 홉; 홉; ) HANGUL SYLLABLE HOB +D64A;D64A;1112 1169 11B9;D64A;1112 1169 11B9; # (홊; 홊; 홊; 홊; 홊; ) HANGUL SYLLABLE HOBS +D64B;D64B;1112 1169 11BA;D64B;1112 1169 11BA; # (홋; 홋; 홋; 홋; 홋; ) HANGUL SYLLABLE HOS +D64C;D64C;1112 1169 11BB;D64C;1112 1169 11BB; # (홌; 홌; 홌; 홌; 홌; ) HANGUL SYLLABLE HOSS +D64D;D64D;1112 1169 11BC;D64D;1112 1169 11BC; # (í™; í™; 홍; í™; 홍; ) HANGUL SYLLABLE HONG +D64E;D64E;1112 1169 11BD;D64E;1112 1169 11BD; # (홎; 홎; 홎; 홎; 홎; ) HANGUL SYLLABLE HOJ +D64F;D64F;1112 1169 11BE;D64F;1112 1169 11BE; # (í™; í™; 홏; í™; 홏; ) HANGUL SYLLABLE HOC +D650;D650;1112 1169 11BF;D650;1112 1169 11BF; # (í™; í™; 홐; í™; 홐; ) HANGUL SYLLABLE HOK +D651;D651;1112 1169 11C0;D651;1112 1169 11C0; # (홑; 홑; 홑; 홑; 홑; ) HANGUL SYLLABLE HOT +D652;D652;1112 1169 11C1;D652;1112 1169 11C1; # (í™’; í™’; á„’á…©á‡; í™’; á„’á…©á‡; ) HANGUL SYLLABLE HOP +D653;D653;1112 1169 11C2;D653;1112 1169 11C2; # (홓; 홓; 홓; 홓; 홓; ) HANGUL SYLLABLE HOH +D654;D654;1112 116A;D654;1112 116A; # (í™”; í™”; á„’á…ª; í™”; á„’á…ª; ) HANGUL SYLLABLE HWA +D655;D655;1112 116A 11A8;D655;1112 116A 11A8; # (확; 확; 확; 확; 확; ) HANGUL SYLLABLE HWAG +D656;D656;1112 116A 11A9;D656;1112 116A 11A9; # (í™–; í™–; 홖; í™–; 홖; ) HANGUL SYLLABLE HWAGG +D657;D657;1112 116A 11AA;D657;1112 116A 11AA; # (í™—; í™—; 홗; í™—; 홗; ) HANGUL SYLLABLE HWAGS +D658;D658;1112 116A 11AB;D658;1112 116A 11AB; # (환; 환; 환; 환; 환; ) HANGUL SYLLABLE HWAN +D659;D659;1112 116A 11AC;D659;1112 116A 11AC; # (í™™; í™™; 홙; í™™; 홙; ) HANGUL SYLLABLE HWANJ +D65A;D65A;1112 116A 11AD;D65A;1112 116A 11AD; # (홚; 홚; 홚; 홚; 홚; ) HANGUL SYLLABLE HWANH +D65B;D65B;1112 116A 11AE;D65B;1112 116A 11AE; # (í™›; í™›; 홛; í™›; 홛; ) HANGUL SYLLABLE HWAD +D65C;D65C;1112 116A 11AF;D65C;1112 116A 11AF; # (활; 활; 활; 활; 활; ) HANGUL SYLLABLE HWAL +D65D;D65D;1112 116A 11B0;D65D;1112 116A 11B0; # (í™; í™; 홝; í™; 홝; ) HANGUL SYLLABLE HWALG +D65E;D65E;1112 116A 11B1;D65E;1112 116A 11B1; # (홞; 홞; 홞; 홞; 홞; ) HANGUL SYLLABLE HWALM +D65F;D65F;1112 116A 11B2;D65F;1112 116A 11B2; # (홟; 홟; 홟; 홟; 홟; ) HANGUL SYLLABLE HWALB +D660;D660;1112 116A 11B3;D660;1112 116A 11B3; # (í™ ; í™ ; 홠; í™ ; 홠; ) HANGUL SYLLABLE HWALS +D661;D661;1112 116A 11B4;D661;1112 116A 11B4; # (홡; 홡; 홡; 홡; 홡; ) HANGUL SYLLABLE HWALT +D662;D662;1112 116A 11B5;D662;1112 116A 11B5; # (홢; 홢; 홢; 홢; 홢; ) HANGUL SYLLABLE HWALP +D663;D663;1112 116A 11B6;D663;1112 116A 11B6; # (홣; 홣; 홣; 홣; 홣; ) HANGUL SYLLABLE HWALH +D664;D664;1112 116A 11B7;D664;1112 116A 11B7; # (홤; 홤; 홤; 홤; 홤; ) HANGUL SYLLABLE HWAM +D665;D665;1112 116A 11B8;D665;1112 116A 11B8; # (홥; 홥; 홥; 홥; 홥; ) HANGUL SYLLABLE HWAB +D666;D666;1112 116A 11B9;D666;1112 116A 11B9; # (홦; 홦; 홦; 홦; 홦; ) HANGUL SYLLABLE HWABS +D667;D667;1112 116A 11BA;D667;1112 116A 11BA; # (홧; 홧; 홧; 홧; 홧; ) HANGUL SYLLABLE HWAS +D668;D668;1112 116A 11BB;D668;1112 116A 11BB; # (홨; 홨; 홨; 홨; 홨; ) HANGUL SYLLABLE HWASS +D669;D669;1112 116A 11BC;D669;1112 116A 11BC; # (황; 황; 황; 황; 황; ) HANGUL SYLLABLE HWANG +D66A;D66A;1112 116A 11BD;D66A;1112 116A 11BD; # (홪; 홪; 홪; 홪; 홪; ) HANGUL SYLLABLE HWAJ +D66B;D66B;1112 116A 11BE;D66B;1112 116A 11BE; # (홫; 홫; 홫; 홫; 홫; ) HANGUL SYLLABLE HWAC +D66C;D66C;1112 116A 11BF;D66C;1112 116A 11BF; # (홬; 홬; 홬; 홬; 홬; ) HANGUL SYLLABLE HWAK +D66D;D66D;1112 116A 11C0;D66D;1112 116A 11C0; # (í™­; í™­; 홭; í™­; 홭; ) HANGUL SYLLABLE HWAT +D66E;D66E;1112 116A 11C1;D66E;1112 116A 11C1; # (í™®; í™®; á„’á…ªá‡; í™®; á„’á…ªá‡; ) HANGUL SYLLABLE HWAP +D66F;D66F;1112 116A 11C2;D66F;1112 116A 11C2; # (홯; 홯; 홯; 홯; 홯; ) HANGUL SYLLABLE HWAH +D670;D670;1112 116B;D670;1112 116B; # (í™°; í™°; á„’á…«; í™°; á„’á…«; ) HANGUL SYLLABLE HWAE +D671;D671;1112 116B 11A8;D671;1112 116B 11A8; # (í™±; í™±; 홱; í™±; 홱; ) HANGUL SYLLABLE HWAEG +D672;D672;1112 116B 11A9;D672;1112 116B 11A9; # (홲; 홲; 홲; 홲; 홲; ) HANGUL SYLLABLE HWAEGG +D673;D673;1112 116B 11AA;D673;1112 116B 11AA; # (홳; 홳; 홳; 홳; 홳; ) HANGUL SYLLABLE HWAEGS +D674;D674;1112 116B 11AB;D674;1112 116B 11AB; # (í™´; í™´; 홴; í™´; 홴; ) HANGUL SYLLABLE HWAEN +D675;D675;1112 116B 11AC;D675;1112 116B 11AC; # (홵; 홵; 홵; 홵; 홵; ) HANGUL SYLLABLE HWAENJ +D676;D676;1112 116B 11AD;D676;1112 116B 11AD; # (홶; 홶; 홶; 홶; 홶; ) HANGUL SYLLABLE HWAENH +D677;D677;1112 116B 11AE;D677;1112 116B 11AE; # (í™·; í™·; 홷; í™·; 홷; ) HANGUL SYLLABLE HWAED +D678;D678;1112 116B 11AF;D678;1112 116B 11AF; # (홸; 홸; 홸; 홸; 홸; ) HANGUL SYLLABLE HWAEL +D679;D679;1112 116B 11B0;D679;1112 116B 11B0; # (홹; 홹; 홹; 홹; 홹; ) HANGUL SYLLABLE HWAELG +D67A;D67A;1112 116B 11B1;D67A;1112 116B 11B1; # (홺; 홺; 홺; 홺; 홺; ) HANGUL SYLLABLE HWAELM +D67B;D67B;1112 116B 11B2;D67B;1112 116B 11B2; # (í™»; í™»; 홻; í™»; 홻; ) HANGUL SYLLABLE HWAELB +D67C;D67C;1112 116B 11B3;D67C;1112 116B 11B3; # (홼; 홼; 홼; 홼; 홼; ) HANGUL SYLLABLE HWAELS +D67D;D67D;1112 116B 11B4;D67D;1112 116B 11B4; # (홽; 홽; 홽; 홽; 홽; ) HANGUL SYLLABLE HWAELT +D67E;D67E;1112 116B 11B5;D67E;1112 116B 11B5; # (홾; 홾; 홾; 홾; 홾; ) HANGUL SYLLABLE HWAELP +D67F;D67F;1112 116B 11B6;D67F;1112 116B 11B6; # (홿; 홿; 홿; 홿; 홿; ) HANGUL SYLLABLE HWAELH +D680;D680;1112 116B 11B7;D680;1112 116B 11B7; # (횀; 횀; 횀; 횀; 횀; ) HANGUL SYLLABLE HWAEM +D681;D681;1112 116B 11B8;D681;1112 116B 11B8; # (íš; íš; 횁; íš; 횁; ) HANGUL SYLLABLE HWAEB +D682;D682;1112 116B 11B9;D682;1112 116B 11B9; # (íš‚; íš‚; 횂; íš‚; 횂; ) HANGUL SYLLABLE HWAEBS +D683;D683;1112 116B 11BA;D683;1112 116B 11BA; # (횃; 횃; 횃; 횃; 횃; ) HANGUL SYLLABLE HWAES +D684;D684;1112 116B 11BB;D684;1112 116B 11BB; # (íš„; íš„; 횄; íš„; 횄; ) HANGUL SYLLABLE HWAESS +D685;D685;1112 116B 11BC;D685;1112 116B 11BC; # (íš…; íš…; 횅; íš…; 횅; ) HANGUL SYLLABLE HWAENG +D686;D686;1112 116B 11BD;D686;1112 116B 11BD; # (횆; 횆; 횆; 횆; 횆; ) HANGUL SYLLABLE HWAEJ +D687;D687;1112 116B 11BE;D687;1112 116B 11BE; # (횇; 횇; 횇; 횇; 횇; ) HANGUL SYLLABLE HWAEC +D688;D688;1112 116B 11BF;D688;1112 116B 11BF; # (횈; 횈; 횈; 횈; 횈; ) HANGUL SYLLABLE HWAEK +D689;D689;1112 116B 11C0;D689;1112 116B 11C0; # (횉; 횉; 횉; 횉; 횉; ) HANGUL SYLLABLE HWAET +D68A;D68A;1112 116B 11C1;D68A;1112 116B 11C1; # (횊; 횊; á„’á…«á‡; 횊; á„’á…«á‡; ) HANGUL SYLLABLE HWAEP +D68B;D68B;1112 116B 11C2;D68B;1112 116B 11C2; # (íš‹; íš‹; 횋; íš‹; 횋; ) HANGUL SYLLABLE HWAEH +D68C;D68C;1112 116C;D68C;1112 116C; # (회; 회; á„’á…¬; 회; á„’á…¬; ) HANGUL SYLLABLE HOE +D68D;D68D;1112 116C 11A8;D68D;1112 116C 11A8; # (íš; íš; 획; íš; 획; ) HANGUL SYLLABLE HOEG +D68E;D68E;1112 116C 11A9;D68E;1112 116C 11A9; # (횎; 횎; 횎; 횎; 횎; ) HANGUL SYLLABLE HOEGG +D68F;D68F;1112 116C 11AA;D68F;1112 116C 11AA; # (íš; íš; 횏; íš; 횏; ) HANGUL SYLLABLE HOEGS +D690;D690;1112 116C 11AB;D690;1112 116C 11AB; # (íš; íš; 횐; íš; 횐; ) HANGUL SYLLABLE HOEN +D691;D691;1112 116C 11AC;D691;1112 116C 11AC; # (íš‘; íš‘; 횑; íš‘; 횑; ) HANGUL SYLLABLE HOENJ +D692;D692;1112 116C 11AD;D692;1112 116C 11AD; # (íš’; íš’; 횒; íš’; 횒; ) HANGUL SYLLABLE HOENH +D693;D693;1112 116C 11AE;D693;1112 116C 11AE; # (íš“; íš“; 횓; íš“; 횓; ) HANGUL SYLLABLE HOED +D694;D694;1112 116C 11AF;D694;1112 116C 11AF; # (íš”; íš”; 횔; íš”; 횔; ) HANGUL SYLLABLE HOEL +D695;D695;1112 116C 11B0;D695;1112 116C 11B0; # (íš•; íš•; 횕; íš•; 횕; ) HANGUL SYLLABLE HOELG +D696;D696;1112 116C 11B1;D696;1112 116C 11B1; # (íš–; íš–; 횖; íš–; 횖; ) HANGUL SYLLABLE HOELM +D697;D697;1112 116C 11B2;D697;1112 116C 11B2; # (íš—; íš—; 횗; íš—; 횗; ) HANGUL SYLLABLE HOELB +D698;D698;1112 116C 11B3;D698;1112 116C 11B3; # (횘; 횘; 횘; 횘; 횘; ) HANGUL SYLLABLE HOELS +D699;D699;1112 116C 11B4;D699;1112 116C 11B4; # (íš™; íš™; 횙; íš™; 횙; ) HANGUL SYLLABLE HOELT +D69A;D69A;1112 116C 11B5;D69A;1112 116C 11B5; # (íšš; íšš; 횚; íšš; 횚; ) HANGUL SYLLABLE HOELP +D69B;D69B;1112 116C 11B6;D69B;1112 116C 11B6; # (íš›; íš›; 횛; íš›; 횛; ) HANGUL SYLLABLE HOELH +D69C;D69C;1112 116C 11B7;D69C;1112 116C 11B7; # (íšœ; íšœ; 횜; íšœ; 횜; ) HANGUL SYLLABLE HOEM +D69D;D69D;1112 116C 11B8;D69D;1112 116C 11B8; # (íš; íš; 횝; íš; 횝; ) HANGUL SYLLABLE HOEB +D69E;D69E;1112 116C 11B9;D69E;1112 116C 11B9; # (íšž; íšž; 횞; íšž; 횞; ) HANGUL SYLLABLE HOEBS +D69F;D69F;1112 116C 11BA;D69F;1112 116C 11BA; # (횟; 횟; 횟; 횟; 횟; ) HANGUL SYLLABLE HOES +D6A0;D6A0;1112 116C 11BB;D6A0;1112 116C 11BB; # (íš ; íš ; 횠; íš ; 횠; ) HANGUL SYLLABLE HOESS +D6A1;D6A1;1112 116C 11BC;D6A1;1112 116C 11BC; # (íš¡; íš¡; 횡; íš¡; 횡; ) HANGUL SYLLABLE HOENG +D6A2;D6A2;1112 116C 11BD;D6A2;1112 116C 11BD; # (횢; 횢; 횢; 횢; 횢; ) HANGUL SYLLABLE HOEJ +D6A3;D6A3;1112 116C 11BE;D6A3;1112 116C 11BE; # (횣; 횣; 횣; 횣; 횣; ) HANGUL SYLLABLE HOEC +D6A4;D6A4;1112 116C 11BF;D6A4;1112 116C 11BF; # (횤; 횤; 횤; 횤; 횤; ) HANGUL SYLLABLE HOEK +D6A5;D6A5;1112 116C 11C0;D6A5;1112 116C 11C0; # (횥; 횥; 횥; 횥; 횥; ) HANGUL SYLLABLE HOET +D6A6;D6A6;1112 116C 11C1;D6A6;1112 116C 11C1; # (횦; 횦; á„’á…¬á‡; 횦; á„’á…¬á‡; ) HANGUL SYLLABLE HOEP +D6A7;D6A7;1112 116C 11C2;D6A7;1112 116C 11C2; # (횧; 횧; 횧; 횧; 횧; ) HANGUL SYLLABLE HOEH +D6A8;D6A8;1112 116D;D6A8;1112 116D; # (효; 효; á„’á…­; 효; á„’á…­; ) HANGUL SYLLABLE HYO +D6A9;D6A9;1112 116D 11A8;D6A9;1112 116D 11A8; # (íš©; íš©; 횩; íš©; 횩; ) HANGUL SYLLABLE HYOG +D6AA;D6AA;1112 116D 11A9;D6AA;1112 116D 11A9; # (횪; 횪; 횪; 횪; 횪; ) HANGUL SYLLABLE HYOGG +D6AB;D6AB;1112 116D 11AA;D6AB;1112 116D 11AA; # (íš«; íš«; 횫; íš«; 횫; ) HANGUL SYLLABLE HYOGS +D6AC;D6AC;1112 116D 11AB;D6AC;1112 116D 11AB; # (횬; 횬; 횬; 횬; 횬; ) HANGUL SYLLABLE HYON +D6AD;D6AD;1112 116D 11AC;D6AD;1112 116D 11AC; # (íš­; íš­; 횭; íš­; 횭; ) HANGUL SYLLABLE HYONJ +D6AE;D6AE;1112 116D 11AD;D6AE;1112 116D 11AD; # (íš®; íš®; 횮; íš®; 횮; ) HANGUL SYLLABLE HYONH +D6AF;D6AF;1112 116D 11AE;D6AF;1112 116D 11AE; # (횯; 횯; 횯; 횯; 횯; ) HANGUL SYLLABLE HYOD +D6B0;D6B0;1112 116D 11AF;D6B0;1112 116D 11AF; # (íš°; íš°; 횰; íš°; 횰; ) HANGUL SYLLABLE HYOL +D6B1;D6B1;1112 116D 11B0;D6B1;1112 116D 11B0; # (íš±; íš±; 횱; íš±; 횱; ) HANGUL SYLLABLE HYOLG +D6B2;D6B2;1112 116D 11B1;D6B2;1112 116D 11B1; # (íš²; íš²; 횲; íš²; 횲; ) HANGUL SYLLABLE HYOLM +D6B3;D6B3;1112 116D 11B2;D6B3;1112 116D 11B2; # (íš³; íš³; 횳; íš³; 횳; ) HANGUL SYLLABLE HYOLB +D6B4;D6B4;1112 116D 11B3;D6B4;1112 116D 11B3; # (íš´; íš´; 횴; íš´; 횴; ) HANGUL SYLLABLE HYOLS +D6B5;D6B5;1112 116D 11B4;D6B5;1112 116D 11B4; # (íšµ; íšµ; 횵; íšµ; 횵; ) HANGUL SYLLABLE HYOLT +D6B6;D6B6;1112 116D 11B5;D6B6;1112 116D 11B5; # (횶; 횶; 횶; 횶; 횶; ) HANGUL SYLLABLE HYOLP +D6B7;D6B7;1112 116D 11B6;D6B7;1112 116D 11B6; # (íš·; íš·; 횷; íš·; 횷; ) HANGUL SYLLABLE HYOLH +D6B8;D6B8;1112 116D 11B7;D6B8;1112 116D 11B7; # (횸; 횸; 횸; 횸; 횸; ) HANGUL SYLLABLE HYOM +D6B9;D6B9;1112 116D 11B8;D6B9;1112 116D 11B8; # (íš¹; íš¹; 횹; íš¹; 횹; ) HANGUL SYLLABLE HYOB +D6BA;D6BA;1112 116D 11B9;D6BA;1112 116D 11B9; # (횺; 횺; 횺; 횺; 횺; ) HANGUL SYLLABLE HYOBS +D6BB;D6BB;1112 116D 11BA;D6BB;1112 116D 11BA; # (íš»; íš»; 횻; íš»; 횻; ) HANGUL SYLLABLE HYOS +D6BC;D6BC;1112 116D 11BB;D6BC;1112 116D 11BB; # (íš¼; íš¼; 횼; íš¼; 횼; ) HANGUL SYLLABLE HYOSS +D6BD;D6BD;1112 116D 11BC;D6BD;1112 116D 11BC; # (íš½; íš½; 횽; íš½; 횽; ) HANGUL SYLLABLE HYONG +D6BE;D6BE;1112 116D 11BD;D6BE;1112 116D 11BD; # (íš¾; íš¾; 횾; íš¾; 횾; ) HANGUL SYLLABLE HYOJ +D6BF;D6BF;1112 116D 11BE;D6BF;1112 116D 11BE; # (íš¿; íš¿; 횿; íš¿; 횿; ) HANGUL SYLLABLE HYOC +D6C0;D6C0;1112 116D 11BF;D6C0;1112 116D 11BF; # (훀; 훀; 훀; 훀; 훀; ) HANGUL SYLLABLE HYOK +D6C1;D6C1;1112 116D 11C0;D6C1;1112 116D 11C0; # (í›; í›; 훁; í›; 훁; ) HANGUL SYLLABLE HYOT +D6C2;D6C2;1112 116D 11C1;D6C2;1112 116D 11C1; # (훂; 훂; á„’á…­á‡; 훂; á„’á…­á‡; ) HANGUL SYLLABLE HYOP +D6C3;D6C3;1112 116D 11C2;D6C3;1112 116D 11C2; # (훃; 훃; 훃; 훃; 훃; ) HANGUL SYLLABLE HYOH +D6C4;D6C4;1112 116E;D6C4;1112 116E; # (후; 후; á„’á…®; 후; á„’á…®; ) HANGUL SYLLABLE HU +D6C5;D6C5;1112 116E 11A8;D6C5;1112 116E 11A8; # (í›…; í›…; 훅; í›…; 훅; ) HANGUL SYLLABLE HUG +D6C6;D6C6;1112 116E 11A9;D6C6;1112 116E 11A9; # (훆; 훆; 훆; 훆; 훆; ) HANGUL SYLLABLE HUGG +D6C7;D6C7;1112 116E 11AA;D6C7;1112 116E 11AA; # (훇; 훇; 훇; 훇; 훇; ) HANGUL SYLLABLE HUGS +D6C8;D6C8;1112 116E 11AB;D6C8;1112 116E 11AB; # (훈; 훈; 훈; 훈; 훈; ) HANGUL SYLLABLE HUN +D6C9;D6C9;1112 116E 11AC;D6C9;1112 116E 11AC; # (훉; 훉; 훉; 훉; 훉; ) HANGUL SYLLABLE HUNJ +D6CA;D6CA;1112 116E 11AD;D6CA;1112 116E 11AD; # (훊; 훊; 훊; 훊; 훊; ) HANGUL SYLLABLE HUNH +D6CB;D6CB;1112 116E 11AE;D6CB;1112 116E 11AE; # (훋; 훋; 훋; 훋; 훋; ) HANGUL SYLLABLE HUD +D6CC;D6CC;1112 116E 11AF;D6CC;1112 116E 11AF; # (훌; 훌; 훌; 훌; 훌; ) HANGUL SYLLABLE HUL +D6CD;D6CD;1112 116E 11B0;D6CD;1112 116E 11B0; # (í›; í›; 훍; í›; 훍; ) HANGUL SYLLABLE HULG +D6CE;D6CE;1112 116E 11B1;D6CE;1112 116E 11B1; # (훎; 훎; 훎; 훎; 훎; ) HANGUL SYLLABLE HULM +D6CF;D6CF;1112 116E 11B2;D6CF;1112 116E 11B2; # (í›; í›; 훏; í›; 훏; ) HANGUL SYLLABLE HULB +D6D0;D6D0;1112 116E 11B3;D6D0;1112 116E 11B3; # (í›; í›; 훐; í›; 훐; ) HANGUL SYLLABLE HULS +D6D1;D6D1;1112 116E 11B4;D6D1;1112 116E 11B4; # (훑; 훑; 훑; 훑; 훑; ) HANGUL SYLLABLE HULT +D6D2;D6D2;1112 116E 11B5;D6D2;1112 116E 11B5; # (í›’; í›’; 훒; í›’; 훒; ) HANGUL SYLLABLE HULP +D6D3;D6D3;1112 116E 11B6;D6D3;1112 116E 11B6; # (훓; 훓; 훓; 훓; 훓; ) HANGUL SYLLABLE HULH +D6D4;D6D4;1112 116E 11B7;D6D4;1112 116E 11B7; # (í›”; í›”; 훔; í›”; 훔; ) HANGUL SYLLABLE HUM +D6D5;D6D5;1112 116E 11B8;D6D5;1112 116E 11B8; # (훕; 훕; 훕; 훕; 훕; ) HANGUL SYLLABLE HUB +D6D6;D6D6;1112 116E 11B9;D6D6;1112 116E 11B9; # (í›–; í›–; 훖; í›–; 훖; ) HANGUL SYLLABLE HUBS +D6D7;D6D7;1112 116E 11BA;D6D7;1112 116E 11BA; # (í›—; í›—; 훗; í›—; 훗; ) HANGUL SYLLABLE HUS +D6D8;D6D8;1112 116E 11BB;D6D8;1112 116E 11BB; # (훘; 훘; 훘; 훘; 훘; ) HANGUL SYLLABLE HUSS +D6D9;D6D9;1112 116E 11BC;D6D9;1112 116E 11BC; # (í›™; í›™; 훙; í›™; 훙; ) HANGUL SYLLABLE HUNG +D6DA;D6DA;1112 116E 11BD;D6DA;1112 116E 11BD; # (훚; 훚; 훚; 훚; 훚; ) HANGUL SYLLABLE HUJ +D6DB;D6DB;1112 116E 11BE;D6DB;1112 116E 11BE; # (í››; í››; 훛; í››; 훛; ) HANGUL SYLLABLE HUC +D6DC;D6DC;1112 116E 11BF;D6DC;1112 116E 11BF; # (훜; 훜; 훜; 훜; 훜; ) HANGUL SYLLABLE HUK +D6DD;D6DD;1112 116E 11C0;D6DD;1112 116E 11C0; # (í›; í›; 훝; í›; 훝; ) HANGUL SYLLABLE HUT +D6DE;D6DE;1112 116E 11C1;D6DE;1112 116E 11C1; # (훞; 훞; á„’á…®á‡; 훞; á„’á…®á‡; ) HANGUL SYLLABLE HUP +D6DF;D6DF;1112 116E 11C2;D6DF;1112 116E 11C2; # (훟; 훟; 훟; 훟; 훟; ) HANGUL SYLLABLE HUH +D6E0;D6E0;1112 116F;D6E0;1112 116F; # (í› ; í› ; á„’á…¯; í› ; á„’á…¯; ) HANGUL SYLLABLE HWEO +D6E1;D6E1;1112 116F 11A8;D6E1;1112 116F 11A8; # (훡; 훡; 훡; 훡; 훡; ) HANGUL SYLLABLE HWEOG +D6E2;D6E2;1112 116F 11A9;D6E2;1112 116F 11A9; # (훢; 훢; 훢; 훢; 훢; ) HANGUL SYLLABLE HWEOGG +D6E3;D6E3;1112 116F 11AA;D6E3;1112 116F 11AA; # (훣; 훣; 훣; 훣; 훣; ) HANGUL SYLLABLE HWEOGS +D6E4;D6E4;1112 116F 11AB;D6E4;1112 116F 11AB; # (훤; 훤; 훤; 훤; 훤; ) HANGUL SYLLABLE HWEON +D6E5;D6E5;1112 116F 11AC;D6E5;1112 116F 11AC; # (훥; 훥; 훥; 훥; 훥; ) HANGUL SYLLABLE HWEONJ +D6E6;D6E6;1112 116F 11AD;D6E6;1112 116F 11AD; # (훦; 훦; 훦; 훦; 훦; ) HANGUL SYLLABLE HWEONH +D6E7;D6E7;1112 116F 11AE;D6E7;1112 116F 11AE; # (훧; 훧; 훧; 훧; 훧; ) HANGUL SYLLABLE HWEOD +D6E8;D6E8;1112 116F 11AF;D6E8;1112 116F 11AF; # (훨; 훨; 훨; 훨; 훨; ) HANGUL SYLLABLE HWEOL +D6E9;D6E9;1112 116F 11B0;D6E9;1112 116F 11B0; # (훩; 훩; 훩; 훩; 훩; ) HANGUL SYLLABLE HWEOLG +D6EA;D6EA;1112 116F 11B1;D6EA;1112 116F 11B1; # (훪; 훪; 훪; 훪; 훪; ) HANGUL SYLLABLE HWEOLM +D6EB;D6EB;1112 116F 11B2;D6EB;1112 116F 11B2; # (훫; 훫; 훫; 훫; 훫; ) HANGUL SYLLABLE HWEOLB +D6EC;D6EC;1112 116F 11B3;D6EC;1112 116F 11B3; # (훬; 훬; 훬; 훬; 훬; ) HANGUL SYLLABLE HWEOLS +D6ED;D6ED;1112 116F 11B4;D6ED;1112 116F 11B4; # (í›­; í›­; 훭; í›­; 훭; ) HANGUL SYLLABLE HWEOLT +D6EE;D6EE;1112 116F 11B5;D6EE;1112 116F 11B5; # (í›®; í›®; 훮; í›®; 훮; ) HANGUL SYLLABLE HWEOLP +D6EF;D6EF;1112 116F 11B6;D6EF;1112 116F 11B6; # (훯; 훯; 훯; 훯; 훯; ) HANGUL SYLLABLE HWEOLH +D6F0;D6F0;1112 116F 11B7;D6F0;1112 116F 11B7; # (í›°; í›°; 훰; í›°; 훰; ) HANGUL SYLLABLE HWEOM +D6F1;D6F1;1112 116F 11B8;D6F1;1112 116F 11B8; # (í›±; í›±; 훱; í›±; 훱; ) HANGUL SYLLABLE HWEOB +D6F2;D6F2;1112 116F 11B9;D6F2;1112 116F 11B9; # (훲; 훲; 훲; 훲; 훲; ) HANGUL SYLLABLE HWEOBS +D6F3;D6F3;1112 116F 11BA;D6F3;1112 116F 11BA; # (훳; 훳; 훳; 훳; 훳; ) HANGUL SYLLABLE HWEOS +D6F4;D6F4;1112 116F 11BB;D6F4;1112 116F 11BB; # (í›´; í›´; 훴; í›´; 훴; ) HANGUL SYLLABLE HWEOSS +D6F5;D6F5;1112 116F 11BC;D6F5;1112 116F 11BC; # (훵; 훵; 훵; 훵; 훵; ) HANGUL SYLLABLE HWEONG +D6F6;D6F6;1112 116F 11BD;D6F6;1112 116F 11BD; # (훶; 훶; 훶; 훶; 훶; ) HANGUL SYLLABLE HWEOJ +D6F7;D6F7;1112 116F 11BE;D6F7;1112 116F 11BE; # (í›·; í›·; 훷; í›·; 훷; ) HANGUL SYLLABLE HWEOC +D6F8;D6F8;1112 116F 11BF;D6F8;1112 116F 11BF; # (훸; 훸; 훸; 훸; 훸; ) HANGUL SYLLABLE HWEOK +D6F9;D6F9;1112 116F 11C0;D6F9;1112 116F 11C0; # (훹; 훹; 훹; 훹; 훹; ) HANGUL SYLLABLE HWEOT +D6FA;D6FA;1112 116F 11C1;D6FA;1112 116F 11C1; # (훺; 훺; á„’á…¯á‡; 훺; á„’á…¯á‡; ) HANGUL SYLLABLE HWEOP +D6FB;D6FB;1112 116F 11C2;D6FB;1112 116F 11C2; # (í›»; í›»; 훻; í›»; 훻; ) HANGUL SYLLABLE HWEOH +D6FC;D6FC;1112 1170;D6FC;1112 1170; # (훼; 훼; á„’á…°; 훼; á„’á…°; ) HANGUL SYLLABLE HWE +D6FD;D6FD;1112 1170 11A8;D6FD;1112 1170 11A8; # (훽; 훽; 훽; 훽; 훽; ) HANGUL SYLLABLE HWEG +D6FE;D6FE;1112 1170 11A9;D6FE;1112 1170 11A9; # (훾; 훾; 훾; 훾; 훾; ) HANGUL SYLLABLE HWEGG +D6FF;D6FF;1112 1170 11AA;D6FF;1112 1170 11AA; # (훿; 훿; 훿; 훿; 훿; ) HANGUL SYLLABLE HWEGS +D700;D700;1112 1170 11AB;D700;1112 1170 11AB; # (휀; 휀; 휀; 휀; 휀; ) HANGUL SYLLABLE HWEN +D701;D701;1112 1170 11AC;D701;1112 1170 11AC; # (íœ; íœ; 휁; íœ; 휁; ) HANGUL SYLLABLE HWENJ +D702;D702;1112 1170 11AD;D702;1112 1170 11AD; # (휂; 휂; 휂; 휂; 휂; ) HANGUL SYLLABLE HWENH +D703;D703;1112 1170 11AE;D703;1112 1170 11AE; # (휃; 휃; 휃; 휃; 휃; ) HANGUL SYLLABLE HWED +D704;D704;1112 1170 11AF;D704;1112 1170 11AF; # (휄; 휄; 휄; 휄; 휄; ) HANGUL SYLLABLE HWEL +D705;D705;1112 1170 11B0;D705;1112 1170 11B0; # (휅; 휅; 휅; 휅; 휅; ) HANGUL SYLLABLE HWELG +D706;D706;1112 1170 11B1;D706;1112 1170 11B1; # (휆; 휆; 휆; 휆; 휆; ) HANGUL SYLLABLE HWELM +D707;D707;1112 1170 11B2;D707;1112 1170 11B2; # (휇; 휇; 휇; 휇; 휇; ) HANGUL SYLLABLE HWELB +D708;D708;1112 1170 11B3;D708;1112 1170 11B3; # (휈; 휈; 휈; 휈; 휈; ) HANGUL SYLLABLE HWELS +D709;D709;1112 1170 11B4;D709;1112 1170 11B4; # (휉; 휉; 휉; 휉; 휉; ) HANGUL SYLLABLE HWELT +D70A;D70A;1112 1170 11B5;D70A;1112 1170 11B5; # (휊; 휊; 휊; 휊; 휊; ) HANGUL SYLLABLE HWELP +D70B;D70B;1112 1170 11B6;D70B;1112 1170 11B6; # (휋; 휋; 휋; 휋; 휋; ) HANGUL SYLLABLE HWELH +D70C;D70C;1112 1170 11B7;D70C;1112 1170 11B7; # (휌; 휌; 휌; 휌; 휌; ) HANGUL SYLLABLE HWEM +D70D;D70D;1112 1170 11B8;D70D;1112 1170 11B8; # (íœ; íœ; 휍; íœ; 휍; ) HANGUL SYLLABLE HWEB +D70E;D70E;1112 1170 11B9;D70E;1112 1170 11B9; # (휎; 휎; 휎; 휎; 휎; ) HANGUL SYLLABLE HWEBS +D70F;D70F;1112 1170 11BA;D70F;1112 1170 11BA; # (íœ; íœ; 휏; íœ; 휏; ) HANGUL SYLLABLE HWES +D710;D710;1112 1170 11BB;D710;1112 1170 11BB; # (íœ; íœ; 휐; íœ; 휐; ) HANGUL SYLLABLE HWESS +D711;D711;1112 1170 11BC;D711;1112 1170 11BC; # (휑; 휑; 휑; 휑; 휑; ) HANGUL SYLLABLE HWENG +D712;D712;1112 1170 11BD;D712;1112 1170 11BD; # (휒; 휒; 휒; 휒; 휒; ) HANGUL SYLLABLE HWEJ +D713;D713;1112 1170 11BE;D713;1112 1170 11BE; # (휓; 휓; 휓; 휓; 휓; ) HANGUL SYLLABLE HWEC +D714;D714;1112 1170 11BF;D714;1112 1170 11BF; # (휔; 휔; 휔; 휔; 휔; ) HANGUL SYLLABLE HWEK +D715;D715;1112 1170 11C0;D715;1112 1170 11C0; # (휕; 휕; 휕; 휕; 휕; ) HANGUL SYLLABLE HWET +D716;D716;1112 1170 11C1;D716;1112 1170 11C1; # (휖; 휖; á„’á…°á‡; 휖; á„’á…°á‡; ) HANGUL SYLLABLE HWEP +D717;D717;1112 1170 11C2;D717;1112 1170 11C2; # (휗; 휗; 휗; 휗; 휗; ) HANGUL SYLLABLE HWEH +D718;D718;1112 1171;D718;1112 1171; # (휘; 휘; á„’á…±; 휘; á„’á…±; ) HANGUL SYLLABLE HWI +D719;D719;1112 1171 11A8;D719;1112 1171 11A8; # (휙; 휙; 휙; 휙; 휙; ) HANGUL SYLLABLE HWIG +D71A;D71A;1112 1171 11A9;D71A;1112 1171 11A9; # (휚; 휚; 휚; 휚; 휚; ) HANGUL SYLLABLE HWIGG +D71B;D71B;1112 1171 11AA;D71B;1112 1171 11AA; # (휛; 휛; 휛; 휛; 휛; ) HANGUL SYLLABLE HWIGS +D71C;D71C;1112 1171 11AB;D71C;1112 1171 11AB; # (휜; 휜; 휜; 휜; 휜; ) HANGUL SYLLABLE HWIN +D71D;D71D;1112 1171 11AC;D71D;1112 1171 11AC; # (íœ; íœ; 휝; íœ; 휝; ) HANGUL SYLLABLE HWINJ +D71E;D71E;1112 1171 11AD;D71E;1112 1171 11AD; # (휞; 휞; 휞; 휞; 휞; ) HANGUL SYLLABLE HWINH +D71F;D71F;1112 1171 11AE;D71F;1112 1171 11AE; # (휟; 휟; 휟; 휟; 휟; ) HANGUL SYLLABLE HWID +D720;D720;1112 1171 11AF;D720;1112 1171 11AF; # (휠; 휠; 휠; 휠; 휠; ) HANGUL SYLLABLE HWIL +D721;D721;1112 1171 11B0;D721;1112 1171 11B0; # (휡; 휡; 휡; 휡; 휡; ) HANGUL SYLLABLE HWILG +D722;D722;1112 1171 11B1;D722;1112 1171 11B1; # (휢; 휢; 휢; 휢; 휢; ) HANGUL SYLLABLE HWILM +D723;D723;1112 1171 11B2;D723;1112 1171 11B2; # (휣; 휣; 휣; 휣; 휣; ) HANGUL SYLLABLE HWILB +D724;D724;1112 1171 11B3;D724;1112 1171 11B3; # (휤; 휤; 휤; 휤; 휤; ) HANGUL SYLLABLE HWILS +D725;D725;1112 1171 11B4;D725;1112 1171 11B4; # (휥; 휥; 휥; 휥; 휥; ) HANGUL SYLLABLE HWILT +D726;D726;1112 1171 11B5;D726;1112 1171 11B5; # (휦; 휦; 휦; 휦; 휦; ) HANGUL SYLLABLE HWILP +D727;D727;1112 1171 11B6;D727;1112 1171 11B6; # (휧; 휧; 휧; 휧; 휧; ) HANGUL SYLLABLE HWILH +D728;D728;1112 1171 11B7;D728;1112 1171 11B7; # (휨; 휨; 휨; 휨; 휨; ) HANGUL SYLLABLE HWIM +D729;D729;1112 1171 11B8;D729;1112 1171 11B8; # (휩; 휩; 휩; 휩; 휩; ) HANGUL SYLLABLE HWIB +D72A;D72A;1112 1171 11B9;D72A;1112 1171 11B9; # (휪; 휪; 휪; 휪; 휪; ) HANGUL SYLLABLE HWIBS +D72B;D72B;1112 1171 11BA;D72B;1112 1171 11BA; # (휫; 휫; 휫; 휫; 휫; ) HANGUL SYLLABLE HWIS +D72C;D72C;1112 1171 11BB;D72C;1112 1171 11BB; # (휬; 휬; 휬; 휬; 휬; ) HANGUL SYLLABLE HWISS +D72D;D72D;1112 1171 11BC;D72D;1112 1171 11BC; # (휭; 휭; 휭; 휭; 휭; ) HANGUL SYLLABLE HWING +D72E;D72E;1112 1171 11BD;D72E;1112 1171 11BD; # (휮; 휮; 휮; 휮; 휮; ) HANGUL SYLLABLE HWIJ +D72F;D72F;1112 1171 11BE;D72F;1112 1171 11BE; # (휯; 휯; 휯; 휯; 휯; ) HANGUL SYLLABLE HWIC +D730;D730;1112 1171 11BF;D730;1112 1171 11BF; # (휰; 휰; 휰; 휰; 휰; ) HANGUL SYLLABLE HWIK +D731;D731;1112 1171 11C0;D731;1112 1171 11C0; # (휱; 휱; 휱; 휱; 휱; ) HANGUL SYLLABLE HWIT +D732;D732;1112 1171 11C1;D732;1112 1171 11C1; # (휲; 휲; á„’á…±á‡; 휲; á„’á…±á‡; ) HANGUL SYLLABLE HWIP +D733;D733;1112 1171 11C2;D733;1112 1171 11C2; # (휳; 휳; 휳; 휳; 휳; ) HANGUL SYLLABLE HWIH +D734;D734;1112 1172;D734;1112 1172; # (휴; 휴; á„’á…²; 휴; á„’á…²; ) HANGUL SYLLABLE HYU +D735;D735;1112 1172 11A8;D735;1112 1172 11A8; # (휵; 휵; 휵; 휵; 휵; ) HANGUL SYLLABLE HYUG +D736;D736;1112 1172 11A9;D736;1112 1172 11A9; # (휶; 휶; 휶; 휶; 휶; ) HANGUL SYLLABLE HYUGG +D737;D737;1112 1172 11AA;D737;1112 1172 11AA; # (휷; 휷; 휷; 휷; 휷; ) HANGUL SYLLABLE HYUGS +D738;D738;1112 1172 11AB;D738;1112 1172 11AB; # (휸; 휸; 휸; 휸; 휸; ) HANGUL SYLLABLE HYUN +D739;D739;1112 1172 11AC;D739;1112 1172 11AC; # (휹; 휹; 휹; 휹; 휹; ) HANGUL SYLLABLE HYUNJ +D73A;D73A;1112 1172 11AD;D73A;1112 1172 11AD; # (휺; 휺; 휺; 휺; 휺; ) HANGUL SYLLABLE HYUNH +D73B;D73B;1112 1172 11AE;D73B;1112 1172 11AE; # (휻; 휻; 휻; 휻; 휻; ) HANGUL SYLLABLE HYUD +D73C;D73C;1112 1172 11AF;D73C;1112 1172 11AF; # (휼; 휼; 휼; 휼; 휼; ) HANGUL SYLLABLE HYUL +D73D;D73D;1112 1172 11B0;D73D;1112 1172 11B0; # (휽; 휽; 휽; 휽; 휽; ) HANGUL SYLLABLE HYULG +D73E;D73E;1112 1172 11B1;D73E;1112 1172 11B1; # (휾; 휾; 휾; 휾; 휾; ) HANGUL SYLLABLE HYULM +D73F;D73F;1112 1172 11B2;D73F;1112 1172 11B2; # (휿; 휿; 휿; 휿; 휿; ) HANGUL SYLLABLE HYULB +D740;D740;1112 1172 11B3;D740;1112 1172 11B3; # (í€; í€; 흀; í€; 흀; ) HANGUL SYLLABLE HYULS +D741;D741;1112 1172 11B4;D741;1112 1172 11B4; # (í; í; 흁; í; 흁; ) HANGUL SYLLABLE HYULT +D742;D742;1112 1172 11B5;D742;1112 1172 11B5; # (í‚; í‚; 흂; í‚; 흂; ) HANGUL SYLLABLE HYULP +D743;D743;1112 1172 11B6;D743;1112 1172 11B6; # (íƒ; íƒ; 흃; íƒ; 흃; ) HANGUL SYLLABLE HYULH +D744;D744;1112 1172 11B7;D744;1112 1172 11B7; # (í„; í„; 흄; í„; 흄; ) HANGUL SYLLABLE HYUM +D745;D745;1112 1172 11B8;D745;1112 1172 11B8; # (í…; í…; 흅; í…; 흅; ) HANGUL SYLLABLE HYUB +D746;D746;1112 1172 11B9;D746;1112 1172 11B9; # (í†; í†; 흆; í†; 흆; ) HANGUL SYLLABLE HYUBS +D747;D747;1112 1172 11BA;D747;1112 1172 11BA; # (í‡; í‡; 흇; í‡; 흇; ) HANGUL SYLLABLE HYUS +D748;D748;1112 1172 11BB;D748;1112 1172 11BB; # (íˆ; íˆ; 흈; íˆ; 흈; ) HANGUL SYLLABLE HYUSS +D749;D749;1112 1172 11BC;D749;1112 1172 11BC; # (í‰; í‰; 흉; í‰; 흉; ) HANGUL SYLLABLE HYUNG +D74A;D74A;1112 1172 11BD;D74A;1112 1172 11BD; # (íŠ; íŠ; 흊; íŠ; 흊; ) HANGUL SYLLABLE HYUJ +D74B;D74B;1112 1172 11BE;D74B;1112 1172 11BE; # (í‹; í‹; 흋; í‹; 흋; ) HANGUL SYLLABLE HYUC +D74C;D74C;1112 1172 11BF;D74C;1112 1172 11BF; # (íŒ; íŒ; 흌; íŒ; 흌; ) HANGUL SYLLABLE HYUK +D74D;D74D;1112 1172 11C0;D74D;1112 1172 11C0; # (í; í; 흍; í; 흍; ) HANGUL SYLLABLE HYUT +D74E;D74E;1112 1172 11C1;D74E;1112 1172 11C1; # (íŽ; íŽ; á„’á…²á‡; íŽ; á„’á…²á‡; ) HANGUL SYLLABLE HYUP +D74F;D74F;1112 1172 11C2;D74F;1112 1172 11C2; # (í; í; 흏; í; 흏; ) HANGUL SYLLABLE HYUH +D750;D750;1112 1173;D750;1112 1173; # (í; í; á„’á…³; í; á„’á…³; ) HANGUL SYLLABLE HEU +D751;D751;1112 1173 11A8;D751;1112 1173 11A8; # (í‘; í‘; 흑; í‘; 흑; ) HANGUL SYLLABLE HEUG +D752;D752;1112 1173 11A9;D752;1112 1173 11A9; # (í’; í’; 흒; í’; 흒; ) HANGUL SYLLABLE HEUGG +D753;D753;1112 1173 11AA;D753;1112 1173 11AA; # (í“; í“; 흓; í“; 흓; ) HANGUL SYLLABLE HEUGS +D754;D754;1112 1173 11AB;D754;1112 1173 11AB; # (í”; í”; 흔; í”; 흔; ) HANGUL SYLLABLE HEUN +D755;D755;1112 1173 11AC;D755;1112 1173 11AC; # (í•; í•; 흕; í•; 흕; ) HANGUL SYLLABLE HEUNJ +D756;D756;1112 1173 11AD;D756;1112 1173 11AD; # (í–; í–; 흖; í–; 흖; ) HANGUL SYLLABLE HEUNH +D757;D757;1112 1173 11AE;D757;1112 1173 11AE; # (í—; í—; 흗; í—; 흗; ) HANGUL SYLLABLE HEUD +D758;D758;1112 1173 11AF;D758;1112 1173 11AF; # (í˜; í˜; 흘; í˜; 흘; ) HANGUL SYLLABLE HEUL +D759;D759;1112 1173 11B0;D759;1112 1173 11B0; # (í™; í™; 흙; í™; 흙; ) HANGUL SYLLABLE HEULG +D75A;D75A;1112 1173 11B1;D75A;1112 1173 11B1; # (íš; íš; 흚; íš; 흚; ) HANGUL SYLLABLE HEULM +D75B;D75B;1112 1173 11B2;D75B;1112 1173 11B2; # (í›; í›; 흛; í›; 흛; ) HANGUL SYLLABLE HEULB +D75C;D75C;1112 1173 11B3;D75C;1112 1173 11B3; # (íœ; íœ; 흜; íœ; 흜; ) HANGUL SYLLABLE HEULS +D75D;D75D;1112 1173 11B4;D75D;1112 1173 11B4; # (í; í; 흝; í; 흝; ) HANGUL SYLLABLE HEULT +D75E;D75E;1112 1173 11B5;D75E;1112 1173 11B5; # (íž; íž; 흞; íž; 흞; ) HANGUL SYLLABLE HEULP +D75F;D75F;1112 1173 11B6;D75F;1112 1173 11B6; # (íŸ; íŸ; 흟; íŸ; 흟; ) HANGUL SYLLABLE HEULH +D760;D760;1112 1173 11B7;D760;1112 1173 11B7; # (í ; í ; 흠; í ; 흠; ) HANGUL SYLLABLE HEUM +D761;D761;1112 1173 11B8;D761;1112 1173 11B8; # (í¡; í¡; 흡; í¡; 흡; ) HANGUL SYLLABLE HEUB +D762;D762;1112 1173 11B9;D762;1112 1173 11B9; # (í¢; í¢; 흢; í¢; 흢; ) HANGUL SYLLABLE HEUBS +D763;D763;1112 1173 11BA;D763;1112 1173 11BA; # (í£; í£; 흣; í£; 흣; ) HANGUL SYLLABLE HEUS +D764;D764;1112 1173 11BB;D764;1112 1173 11BB; # (í¤; í¤; 흤; í¤; 흤; ) HANGUL SYLLABLE HEUSS +D765;D765;1112 1173 11BC;D765;1112 1173 11BC; # (í¥; í¥; 흥; í¥; 흥; ) HANGUL SYLLABLE HEUNG +D766;D766;1112 1173 11BD;D766;1112 1173 11BD; # (í¦; í¦; 흦; í¦; 흦; ) HANGUL SYLLABLE HEUJ +D767;D767;1112 1173 11BE;D767;1112 1173 11BE; # (í§; í§; 흧; í§; 흧; ) HANGUL SYLLABLE HEUC +D768;D768;1112 1173 11BF;D768;1112 1173 11BF; # (í¨; í¨; 흨; í¨; 흨; ) HANGUL SYLLABLE HEUK +D769;D769;1112 1173 11C0;D769;1112 1173 11C0; # (í©; í©; 흩; í©; 흩; ) HANGUL SYLLABLE HEUT +D76A;D76A;1112 1173 11C1;D76A;1112 1173 11C1; # (íª; íª; á„’á…³á‡; íª; á„’á…³á‡; ) HANGUL SYLLABLE HEUP +D76B;D76B;1112 1173 11C2;D76B;1112 1173 11C2; # (í«; í«; 흫; í«; 흫; ) HANGUL SYLLABLE HEUH +D76C;D76C;1112 1174;D76C;1112 1174; # (í¬; í¬; á„’á…´; í¬; á„’á…´; ) HANGUL SYLLABLE HYI +D76D;D76D;1112 1174 11A8;D76D;1112 1174 11A8; # (í­; í­; 흭; í­; 흭; ) HANGUL SYLLABLE HYIG +D76E;D76E;1112 1174 11A9;D76E;1112 1174 11A9; # (í®; í®; 흮; í®; 흮; ) HANGUL SYLLABLE HYIGG +D76F;D76F;1112 1174 11AA;D76F;1112 1174 11AA; # (í¯; í¯; 흯; í¯; 흯; ) HANGUL SYLLABLE HYIGS +D770;D770;1112 1174 11AB;D770;1112 1174 11AB; # (í°; í°; 흰; í°; 흰; ) HANGUL SYLLABLE HYIN +D771;D771;1112 1174 11AC;D771;1112 1174 11AC; # (í±; í±; 흱; í±; 흱; ) HANGUL SYLLABLE HYINJ +D772;D772;1112 1174 11AD;D772;1112 1174 11AD; # (í²; í²; 흲; í²; 흲; ) HANGUL SYLLABLE HYINH +D773;D773;1112 1174 11AE;D773;1112 1174 11AE; # (í³; í³; 흳; í³; 흳; ) HANGUL SYLLABLE HYID +D774;D774;1112 1174 11AF;D774;1112 1174 11AF; # (í´; í´; 흴; í´; 흴; ) HANGUL SYLLABLE HYIL +D775;D775;1112 1174 11B0;D775;1112 1174 11B0; # (íµ; íµ; 흵; íµ; 흵; ) HANGUL SYLLABLE HYILG +D776;D776;1112 1174 11B1;D776;1112 1174 11B1; # (í¶; í¶; 흶; í¶; 흶; ) HANGUL SYLLABLE HYILM +D777;D777;1112 1174 11B2;D777;1112 1174 11B2; # (í·; í·; 흷; í·; 흷; ) HANGUL SYLLABLE HYILB +D778;D778;1112 1174 11B3;D778;1112 1174 11B3; # (í¸; í¸; 흸; í¸; 흸; ) HANGUL SYLLABLE HYILS +D779;D779;1112 1174 11B4;D779;1112 1174 11B4; # (í¹; í¹; 흹; í¹; 흹; ) HANGUL SYLLABLE HYILT +D77A;D77A;1112 1174 11B5;D77A;1112 1174 11B5; # (íº; íº; 흺; íº; 흺; ) HANGUL SYLLABLE HYILP +D77B;D77B;1112 1174 11B6;D77B;1112 1174 11B6; # (í»; í»; 흻; í»; 흻; ) HANGUL SYLLABLE HYILH +D77C;D77C;1112 1174 11B7;D77C;1112 1174 11B7; # (í¼; í¼; 흼; í¼; 흼; ) HANGUL SYLLABLE HYIM +D77D;D77D;1112 1174 11B8;D77D;1112 1174 11B8; # (í½; í½; 흽; í½; 흽; ) HANGUL SYLLABLE HYIB +D77E;D77E;1112 1174 11B9;D77E;1112 1174 11B9; # (í¾; í¾; 흾; í¾; 흾; ) HANGUL SYLLABLE HYIBS +D77F;D77F;1112 1174 11BA;D77F;1112 1174 11BA; # (í¿; í¿; 흿; í¿; 흿; ) HANGUL SYLLABLE HYIS +D780;D780;1112 1174 11BB;D780;1112 1174 11BB; # (힀; 힀; 힀; 힀; 힀; ) HANGUL SYLLABLE HYISS +D781;D781;1112 1174 11BC;D781;1112 1174 11BC; # (íž; íž; 힁; íž; 힁; ) HANGUL SYLLABLE HYING +D782;D782;1112 1174 11BD;D782;1112 1174 11BD; # (íž‚; íž‚; 힂; íž‚; 힂; ) HANGUL SYLLABLE HYIJ +D783;D783;1112 1174 11BE;D783;1112 1174 11BE; # (힃; 힃; 힃; 힃; 힃; ) HANGUL SYLLABLE HYIC +D784;D784;1112 1174 11BF;D784;1112 1174 11BF; # (íž„; íž„; 힄; íž„; 힄; ) HANGUL SYLLABLE HYIK +D785;D785;1112 1174 11C0;D785;1112 1174 11C0; # (íž…; íž…; 힅; íž…; 힅; ) HANGUL SYLLABLE HYIT +D786;D786;1112 1174 11C1;D786;1112 1174 11C1; # (힆; 힆; á„’á…´á‡; 힆; á„’á…´á‡; ) HANGUL SYLLABLE HYIP +D787;D787;1112 1174 11C2;D787;1112 1174 11C2; # (힇; 힇; 힇; 힇; 힇; ) HANGUL SYLLABLE HYIH +D788;D788;1112 1175;D788;1112 1175; # (히; 히; á„’á…µ; 히; á„’á…µ; ) HANGUL SYLLABLE HI +D789;D789;1112 1175 11A8;D789;1112 1175 11A8; # (힉; 힉; 힉; 힉; 힉; ) HANGUL SYLLABLE HIG +D78A;D78A;1112 1175 11A9;D78A;1112 1175 11A9; # (힊; 힊; 힊; 힊; 힊; ) HANGUL SYLLABLE HIGG +D78B;D78B;1112 1175 11AA;D78B;1112 1175 11AA; # (íž‹; íž‹; 힋; íž‹; 힋; ) HANGUL SYLLABLE HIGS +D78C;D78C;1112 1175 11AB;D78C;1112 1175 11AB; # (힌; 힌; 힌; 힌; 힌; ) HANGUL SYLLABLE HIN +D78D;D78D;1112 1175 11AC;D78D;1112 1175 11AC; # (íž; íž; 힍; íž; 힍; ) HANGUL SYLLABLE HINJ +D78E;D78E;1112 1175 11AD;D78E;1112 1175 11AD; # (힎; 힎; 힎; 힎; 힎; ) HANGUL SYLLABLE HINH +D78F;D78F;1112 1175 11AE;D78F;1112 1175 11AE; # (íž; íž; 힏; íž; 힏; ) HANGUL SYLLABLE HID +D790;D790;1112 1175 11AF;D790;1112 1175 11AF; # (íž; íž; 힐; íž; 힐; ) HANGUL SYLLABLE HIL +D791;D791;1112 1175 11B0;D791;1112 1175 11B0; # (íž‘; íž‘; 힑; íž‘; 힑; ) HANGUL SYLLABLE HILG +D792;D792;1112 1175 11B1;D792;1112 1175 11B1; # (íž’; íž’; 힒; íž’; 힒; ) HANGUL SYLLABLE HILM +D793;D793;1112 1175 11B2;D793;1112 1175 11B2; # (íž“; íž“; 힓; íž“; 힓; ) HANGUL SYLLABLE HILB +D794;D794;1112 1175 11B3;D794;1112 1175 11B3; # (íž”; íž”; 힔; íž”; 힔; ) HANGUL SYLLABLE HILS +D795;D795;1112 1175 11B4;D795;1112 1175 11B4; # (íž•; íž•; 힕; íž•; 힕; ) HANGUL SYLLABLE HILT +D796;D796;1112 1175 11B5;D796;1112 1175 11B5; # (íž–; íž–; 힖; íž–; 힖; ) HANGUL SYLLABLE HILP +D797;D797;1112 1175 11B6;D797;1112 1175 11B6; # (íž—; íž—; 힗; íž—; 힗; ) HANGUL SYLLABLE HILH +D798;D798;1112 1175 11B7;D798;1112 1175 11B7; # (힘; 힘; 힘; 힘; 힘; ) HANGUL SYLLABLE HIM +D799;D799;1112 1175 11B8;D799;1112 1175 11B8; # (íž™; íž™; 힙; íž™; 힙; ) HANGUL SYLLABLE HIB +D79A;D79A;1112 1175 11B9;D79A;1112 1175 11B9; # (ížš; ížš; 힚; ížš; 힚; ) HANGUL SYLLABLE HIBS +D79B;D79B;1112 1175 11BA;D79B;1112 1175 11BA; # (íž›; íž›; 힛; íž›; 힛; ) HANGUL SYLLABLE HIS +D79C;D79C;1112 1175 11BB;D79C;1112 1175 11BB; # (ížœ; ížœ; 힜; ížœ; 힜; ) HANGUL SYLLABLE HISS +D79D;D79D;1112 1175 11BC;D79D;1112 1175 11BC; # (íž; íž; 힝; íž; 힝; ) HANGUL SYLLABLE HING +D79E;D79E;1112 1175 11BD;D79E;1112 1175 11BD; # (ížž; ížž; 힞; ížž; 힞; ) HANGUL SYLLABLE HIJ +D79F;D79F;1112 1175 11BE;D79F;1112 1175 11BE; # (힟; 힟; 힟; 힟; 힟; ) HANGUL SYLLABLE HIC +D7A0;D7A0;1112 1175 11BF;D7A0;1112 1175 11BF; # (íž ; íž ; 힠; íž ; 힠; ) HANGUL SYLLABLE HIK +D7A1;D7A1;1112 1175 11C0;D7A1;1112 1175 11C0; # (íž¡; íž¡; 힡; íž¡; 힡; ) HANGUL SYLLABLE HIT +D7A2;D7A2;1112 1175 11C1;D7A2;1112 1175 11C1; # (힢; 힢; á„’á…µá‡; 힢; á„’á…µá‡; ) HANGUL SYLLABLE HIP +D7A3;D7A3;1112 1175 11C2;D7A3;1112 1175 11C2; # (힣; 힣; 힣; 힣; 힣; ) HANGUL SYLLABLE HIH +F900;8C48;8C48;8C48;8C48; # (豈; 豈; 豈; 豈; 豈; ) CJK COMPATIBILITY IDEOGRAPH-F900 +F901;66F4;66F4;66F4;66F4; # (ï¤; æ›´; æ›´; æ›´; æ›´; ) CJK COMPATIBILITY IDEOGRAPH-F901 +F902;8ECA;8ECA;8ECA;8ECA; # (車; 車; 車; 車; 車; ) CJK COMPATIBILITY IDEOGRAPH-F902 +F903;8CC8;8CC8;8CC8;8CC8; # (賈; 賈; 賈; 賈; 賈; ) CJK COMPATIBILITY IDEOGRAPH-F903 +F904;6ED1;6ED1;6ED1;6ED1; # (滑; 滑; 滑; 滑; 滑; ) CJK COMPATIBILITY IDEOGRAPH-F904 +F905;4E32;4E32;4E32;4E32; # (串; 串; 串; 串; 串; ) CJK COMPATIBILITY IDEOGRAPH-F905 +F906;53E5;53E5;53E5;53E5; # (句; å¥; å¥; å¥; å¥; ) CJK COMPATIBILITY IDEOGRAPH-F906 +F907;9F9C;9F9C;9F9C;9F9C; # (龜; 龜; 龜; 龜; 龜; ) CJK COMPATIBILITY IDEOGRAPH-F907 +F908;9F9C;9F9C;9F9C;9F9C; # (龜; 龜; 龜; 龜; 龜; ) CJK COMPATIBILITY IDEOGRAPH-F908 +F909;5951;5951;5951;5951; # (契; 契; 契; 契; 契; ) CJK COMPATIBILITY IDEOGRAPH-F909 +F90A;91D1;91D1;91D1;91D1; # (金; 金; 金; 金; 金; ) CJK COMPATIBILITY IDEOGRAPH-F90A +F90B;5587;5587;5587;5587; # (喇; å–‡; å–‡; å–‡; å–‡; ) CJK COMPATIBILITY IDEOGRAPH-F90B +F90C;5948;5948;5948;5948; # (奈; 奈; 奈; 奈; 奈; ) CJK COMPATIBILITY IDEOGRAPH-F90C +F90D;61F6;61F6;61F6;61F6; # (ï¤; 懶; 懶; 懶; 懶; ) CJK COMPATIBILITY IDEOGRAPH-F90D +F90E;7669;7669;7669;7669; # (癩; 癩; 癩; 癩; 癩; ) CJK COMPATIBILITY IDEOGRAPH-F90E +F90F;7F85;7F85;7F85;7F85; # (ï¤; ç¾…; ç¾…; ç¾…; ç¾…; ) CJK COMPATIBILITY IDEOGRAPH-F90F +F910;863F;863F;863F;863F; # (ï¤; 蘿; 蘿; 蘿; 蘿; ) CJK COMPATIBILITY IDEOGRAPH-F910 +F911;87BA;87BA;87BA;87BA; # (螺; 螺; 螺; 螺; 螺; ) CJK COMPATIBILITY IDEOGRAPH-F911 +F912;88F8;88F8;88F8;88F8; # (裸; 裸; 裸; 裸; 裸; ) CJK COMPATIBILITY IDEOGRAPH-F912 +F913;908F;908F;908F;908F; # (邏; é‚; é‚; é‚; é‚; ) CJK COMPATIBILITY IDEOGRAPH-F913 +F914;6A02;6A02;6A02;6A02; # (樂; 樂; 樂; 樂; 樂; ) CJK COMPATIBILITY IDEOGRAPH-F914 +F915;6D1B;6D1B;6D1B;6D1B; # (洛; æ´›; æ´›; æ´›; æ´›; ) CJK COMPATIBILITY IDEOGRAPH-F915 +F916;70D9;70D9;70D9;70D9; # (烙; 烙; 烙; 烙; 烙; ) CJK COMPATIBILITY IDEOGRAPH-F916 +F917;73DE;73DE;73DE;73DE; # (珞; çž; çž; çž; çž; ) CJK COMPATIBILITY IDEOGRAPH-F917 +F918;843D;843D;843D;843D; # (落; è½; è½; è½; è½; ) CJK COMPATIBILITY IDEOGRAPH-F918 +F919;916A;916A;916A;916A; # (酪; é…ª; é…ª; é…ª; é…ª; ) CJK COMPATIBILITY IDEOGRAPH-F919 +F91A;99F1;99F1;99F1;99F1; # (駱; 駱; 駱; 駱; 駱; ) CJK COMPATIBILITY IDEOGRAPH-F91A +F91B;4E82;4E82;4E82;4E82; # (亂; 亂; 亂; 亂; 亂; ) CJK COMPATIBILITY IDEOGRAPH-F91B +F91C;5375;5375;5375;5375; # (卵; åµ; åµ; åµ; åµ; ) CJK COMPATIBILITY IDEOGRAPH-F91C +F91D;6B04;6B04;6B04;6B04; # (ï¤; 欄; 欄; 欄; 欄; ) CJK COMPATIBILITY IDEOGRAPH-F91D +F91E;721B;721B;721B;721B; # (爛; 爛; 爛; 爛; 爛; ) CJK COMPATIBILITY IDEOGRAPH-F91E +F91F;862D;862D;862D;862D; # (蘭; 蘭; 蘭; 蘭; 蘭; ) CJK COMPATIBILITY IDEOGRAPH-F91F +F920;9E1E;9E1E;9E1E;9E1E; # (鸞; 鸞; 鸞; 鸞; 鸞; ) CJK COMPATIBILITY IDEOGRAPH-F920 +F921;5D50;5D50;5D50;5D50; # (嵐; åµ; åµ; åµ; åµ; ) CJK COMPATIBILITY IDEOGRAPH-F921 +F922;6FEB;6FEB;6FEB;6FEB; # (濫; æ¿«; æ¿«; æ¿«; æ¿«; ) CJK COMPATIBILITY IDEOGRAPH-F922 +F923;85CD;85CD;85CD;85CD; # (藍; è—; è—; è—; è—; ) CJK COMPATIBILITY IDEOGRAPH-F923 +F924;8964;8964;8964;8964; # (襤; 襤; 襤; 襤; 襤; ) CJK COMPATIBILITY IDEOGRAPH-F924 +F925;62C9;62C9;62C9;62C9; # (拉; 拉; 拉; 拉; 拉; ) CJK COMPATIBILITY IDEOGRAPH-F925 +F926;81D8;81D8;81D8;81D8; # (臘; 臘; 臘; 臘; 臘; ) CJK COMPATIBILITY IDEOGRAPH-F926 +F927;881F;881F;881F;881F; # (蠟; è Ÿ; è Ÿ; è Ÿ; è Ÿ; ) CJK COMPATIBILITY IDEOGRAPH-F927 +F928;5ECA;5ECA;5ECA;5ECA; # (廊; 廊; 廊; 廊; 廊; ) CJK COMPATIBILITY IDEOGRAPH-F928 +F929;6717;6717;6717;6717; # (朗; 朗; 朗; 朗; 朗; ) CJK COMPATIBILITY IDEOGRAPH-F929 +F92A;6D6A;6D6A;6D6A;6D6A; # (浪; 浪; 浪; 浪; 浪; ) CJK COMPATIBILITY IDEOGRAPH-F92A +F92B;72FC;72FC;72FC;72FC; # (狼; 狼; 狼; 狼; 狼; ) CJK COMPATIBILITY IDEOGRAPH-F92B +F92C;90CE;90CE;90CE;90CE; # (郎; 郎; 郎; 郎; 郎; ) CJK COMPATIBILITY IDEOGRAPH-F92C +F92D;4F86;4F86;4F86;4F86; # (來; 來; 來; 來; 來; ) CJK COMPATIBILITY IDEOGRAPH-F92D +F92E;51B7;51B7;51B7;51B7; # (冷; 冷; 冷; 冷; 冷; ) CJK COMPATIBILITY IDEOGRAPH-F92E +F92F;52DE;52DE;52DE;52DE; # (勞; å‹ž; å‹ž; å‹ž; å‹ž; ) CJK COMPATIBILITY IDEOGRAPH-F92F +F930;64C4;64C4;64C4;64C4; # (擄; æ“„; æ“„; æ“„; æ“„; ) CJK COMPATIBILITY IDEOGRAPH-F930 +F931;6AD3;6AD3;6AD3;6AD3; # (櫓; æ«“; æ«“; æ«“; æ«“; ) CJK COMPATIBILITY IDEOGRAPH-F931 +F932;7210;7210;7210;7210; # (爐; çˆ; çˆ; çˆ; çˆ; ) CJK COMPATIBILITY IDEOGRAPH-F932 +F933;76E7;76E7;76E7;76E7; # (盧; 盧; 盧; 盧; 盧; ) CJK COMPATIBILITY IDEOGRAPH-F933 +F934;8001;8001;8001;8001; # (老; è€; è€; è€; è€; ) CJK COMPATIBILITY IDEOGRAPH-F934 +F935;8606;8606;8606;8606; # (蘆; 蘆; 蘆; 蘆; 蘆; ) CJK COMPATIBILITY IDEOGRAPH-F935 +F936;865C;865C;865C;865C; # (虜; 虜; 虜; 虜; 虜; ) CJK COMPATIBILITY IDEOGRAPH-F936 +F937;8DEF;8DEF;8DEF;8DEF; # (路; è·¯; è·¯; è·¯; è·¯; ) CJK COMPATIBILITY IDEOGRAPH-F937 +F938;9732;9732;9732;9732; # (露; 露; 露; 露; 露; ) CJK COMPATIBILITY IDEOGRAPH-F938 +F939;9B6F;9B6F;9B6F;9B6F; # (魯; é­¯; é­¯; é­¯; é­¯; ) CJK COMPATIBILITY IDEOGRAPH-F939 +F93A;9DFA;9DFA;9DFA;9DFA; # (鷺; é·º; é·º; é·º; é·º; ) CJK COMPATIBILITY IDEOGRAPH-F93A +F93B;788C;788C;788C;788C; # (碌; 碌; 碌; 碌; 碌; ) CJK COMPATIBILITY IDEOGRAPH-F93B +F93C;797F;797F;797F;797F; # (祿; 祿; 祿; 祿; 祿; ) CJK COMPATIBILITY IDEOGRAPH-F93C +F93D;7DA0;7DA0;7DA0;7DA0; # (綠; 綠; 綠; 綠; 綠; ) CJK COMPATIBILITY IDEOGRAPH-F93D +F93E;83C9;83C9;83C9;83C9; # (菉; è‰; è‰; è‰; è‰; ) CJK COMPATIBILITY IDEOGRAPH-F93E +F93F;9304;9304;9304;9304; # (錄; 錄; 錄; 錄; 錄; ) CJK COMPATIBILITY IDEOGRAPH-F93F +F940;9E7F;9E7F;9E7F;9E7F; # (鹿; 鹿; 鹿; 鹿; 鹿; ) CJK COMPATIBILITY IDEOGRAPH-F940 +F941;8AD6;8AD6;8AD6;8AD6; # (ï¥; è«–; è«–; è«–; è«–; ) CJK COMPATIBILITY IDEOGRAPH-F941 +F942;58DF;58DF;58DF;58DF; # (壟; 壟; 壟; 壟; 壟; ) CJK COMPATIBILITY IDEOGRAPH-F942 +F943;5F04;5F04;5F04;5F04; # (弄; 弄; 弄; 弄; 弄; ) CJK COMPATIBILITY IDEOGRAPH-F943 +F944;7C60;7C60;7C60;7C60; # (籠; ç± ; ç± ; ç± ; ç± ; ) CJK COMPATIBILITY IDEOGRAPH-F944 +F945;807E;807E;807E;807E; # (聾; è¾; è¾; è¾; è¾; ) CJK COMPATIBILITY IDEOGRAPH-F945 +F946;7262;7262;7262;7262; # (牢; 牢; 牢; 牢; 牢; ) CJK COMPATIBILITY IDEOGRAPH-F946 +F947;78CA;78CA;78CA;78CA; # (磊; 磊; 磊; 磊; 磊; ) CJK COMPATIBILITY IDEOGRAPH-F947 +F948;8CC2;8CC2;8CC2;8CC2; # (賂; 賂; 賂; 賂; 賂; ) CJK COMPATIBILITY IDEOGRAPH-F948 +F949;96F7;96F7;96F7;96F7; # (雷; é›·; é›·; é›·; é›·; ) CJK COMPATIBILITY IDEOGRAPH-F949 +F94A;58D8;58D8;58D8;58D8; # (壘; 壘; 壘; 壘; 壘; ) CJK COMPATIBILITY IDEOGRAPH-F94A +F94B;5C62;5C62;5C62;5C62; # (屢; å±¢; å±¢; å±¢; å±¢; ) CJK COMPATIBILITY IDEOGRAPH-F94B +F94C;6A13;6A13;6A13;6A13; # (樓; 樓; 樓; 樓; 樓; ) CJK COMPATIBILITY IDEOGRAPH-F94C +F94D;6DDA;6DDA;6DDA;6DDA; # (ï¥; æ·š; æ·š; æ·š; æ·š; ) CJK COMPATIBILITY IDEOGRAPH-F94D +F94E;6F0F;6F0F;6F0F;6F0F; # (漏; æ¼; æ¼; æ¼; æ¼; ) CJK COMPATIBILITY IDEOGRAPH-F94E +F94F;7D2F;7D2F;7D2F;7D2F; # (ï¥; ç´¯; ç´¯; ç´¯; ç´¯; ) CJK COMPATIBILITY IDEOGRAPH-F94F +F950;7E37;7E37;7E37;7E37; # (ï¥; 縷; 縷; 縷; 縷; ) CJK COMPATIBILITY IDEOGRAPH-F950 +F951;964B;964B;964B;964B; # (陋; 陋; 陋; 陋; 陋; ) CJK COMPATIBILITY IDEOGRAPH-F951 +F952;52D2;52D2;52D2;52D2; # (勒; å‹’; å‹’; å‹’; å‹’; ) CJK COMPATIBILITY IDEOGRAPH-F952 +F953;808B;808B;808B;808B; # (肋; è‚‹; è‚‹; è‚‹; è‚‹; ) CJK COMPATIBILITY IDEOGRAPH-F953 +F954;51DC;51DC;51DC;51DC; # (凜; 凜; 凜; 凜; 凜; ) CJK COMPATIBILITY IDEOGRAPH-F954 +F955;51CC;51CC;51CC;51CC; # (凌; 凌; 凌; 凌; 凌; ) CJK COMPATIBILITY IDEOGRAPH-F955 +F956;7A1C;7A1C;7A1C;7A1C; # (稜; 稜; 稜; 稜; 稜; ) CJK COMPATIBILITY IDEOGRAPH-F956 +F957;7DBE;7DBE;7DBE;7DBE; # (綾; 綾; 綾; 綾; 綾; ) CJK COMPATIBILITY IDEOGRAPH-F957 +F958;83F1;83F1;83F1;83F1; # (菱; è±; è±; è±; è±; ) CJK COMPATIBILITY IDEOGRAPH-F958 +F959;9675;9675;9675;9675; # (陵; 陵; 陵; 陵; 陵; ) CJK COMPATIBILITY IDEOGRAPH-F959 +F95A;8B80;8B80;8B80;8B80; # (讀; 讀; 讀; 讀; 讀; ) CJK COMPATIBILITY IDEOGRAPH-F95A +F95B;62CF;62CF;62CF;62CF; # (拏; æ‹; æ‹; æ‹; æ‹; ) CJK COMPATIBILITY IDEOGRAPH-F95B +F95C;6A02;6A02;6A02;6A02; # (樂; 樂; 樂; 樂; 樂; ) CJK COMPATIBILITY IDEOGRAPH-F95C +F95D;8AFE;8AFE;8AFE;8AFE; # (ï¥; 諾; 諾; 諾; 諾; ) CJK COMPATIBILITY IDEOGRAPH-F95D +F95E;4E39;4E39;4E39;4E39; # (丹; 丹; 丹; 丹; 丹; ) CJK COMPATIBILITY IDEOGRAPH-F95E +F95F;5BE7;5BE7;5BE7;5BE7; # (寧; 寧; 寧; 寧; 寧; ) CJK COMPATIBILITY IDEOGRAPH-F95F +F960;6012;6012;6012;6012; # (怒; 怒; 怒; 怒; 怒; ) CJK COMPATIBILITY IDEOGRAPH-F960 +F961;7387;7387;7387;7387; # (率; 率; 率; 率; 率; ) CJK COMPATIBILITY IDEOGRAPH-F961 +F962;7570;7570;7570;7570; # (異; ç•°; ç•°; ç•°; ç•°; ) CJK COMPATIBILITY IDEOGRAPH-F962 +F963;5317;5317;5317;5317; # (北; 北; 北; 北; 北; ) CJK COMPATIBILITY IDEOGRAPH-F963 +F964;78FB;78FB;78FB;78FB; # (磻; 磻; 磻; 磻; 磻; ) CJK COMPATIBILITY IDEOGRAPH-F964 +F965;4FBF;4FBF;4FBF;4FBF; # (便; 便; 便; 便; 便; ) CJK COMPATIBILITY IDEOGRAPH-F965 +F966;5FA9;5FA9;5FA9;5FA9; # (復; 復; 復; 復; 復; ) CJK COMPATIBILITY IDEOGRAPH-F966 +F967;4E0D;4E0D;4E0D;4E0D; # (不; ä¸; ä¸; ä¸; ä¸; ) CJK COMPATIBILITY IDEOGRAPH-F967 +F968;6CCC;6CCC;6CCC;6CCC; # (泌; 泌; 泌; 泌; 泌; ) CJK COMPATIBILITY IDEOGRAPH-F968 +F969;6578;6578;6578;6578; # (數; 數; 數; 數; 數; ) CJK COMPATIBILITY IDEOGRAPH-F969 +F96A;7D22;7D22;7D22;7D22; # (索; ç´¢; ç´¢; ç´¢; ç´¢; ) CJK COMPATIBILITY IDEOGRAPH-F96A +F96B;53C3;53C3;53C3;53C3; # (參; åƒ; åƒ; åƒ; åƒ; ) CJK COMPATIBILITY IDEOGRAPH-F96B +F96C;585E;585E;585E;585E; # (塞; å¡ž; å¡ž; å¡ž; å¡ž; ) CJK COMPATIBILITY IDEOGRAPH-F96C +F96D;7701;7701;7701;7701; # (省; çœ; çœ; çœ; çœ; ) CJK COMPATIBILITY IDEOGRAPH-F96D +F96E;8449;8449;8449;8449; # (葉; 葉; 葉; 葉; 葉; ) CJK COMPATIBILITY IDEOGRAPH-F96E +F96F;8AAA;8AAA;8AAA;8AAA; # (說; 說; 說; 說; 說; ) CJK COMPATIBILITY IDEOGRAPH-F96F +F970;6BBA;6BBA;6BBA;6BBA; # (殺; 殺; 殺; 殺; 殺; ) CJK COMPATIBILITY IDEOGRAPH-F970 +F971;8FB0;8FB0;8FB0;8FB0; # (辰; è¾°; è¾°; è¾°; è¾°; ) CJK COMPATIBILITY IDEOGRAPH-F971 +F972;6C88;6C88;6C88;6C88; # (沈; 沈; 沈; 沈; 沈; ) CJK COMPATIBILITY IDEOGRAPH-F972 +F973;62FE;62FE;62FE;62FE; # (拾; 拾; 拾; 拾; 拾; ) CJK COMPATIBILITY IDEOGRAPH-F973 +F974;82E5;82E5;82E5;82E5; # (若; è‹¥; è‹¥; è‹¥; è‹¥; ) CJK COMPATIBILITY IDEOGRAPH-F974 +F975;63A0;63A0;63A0;63A0; # (掠; 掠; 掠; 掠; 掠; ) CJK COMPATIBILITY IDEOGRAPH-F975 +F976;7565;7565;7565;7565; # (略; ç•¥; ç•¥; ç•¥; ç•¥; ) CJK COMPATIBILITY IDEOGRAPH-F976 +F977;4EAE;4EAE;4EAE;4EAE; # (亮; 亮; 亮; 亮; 亮; ) CJK COMPATIBILITY IDEOGRAPH-F977 +F978;5169;5169;5169;5169; # (兩; å…©; å…©; å…©; å…©; ) CJK COMPATIBILITY IDEOGRAPH-F978 +F979;51C9;51C9;51C9;51C9; # (凉; 凉; 凉; 凉; 凉; ) CJK COMPATIBILITY IDEOGRAPH-F979 +F97A;6881;6881;6881;6881; # (梁; æ¢; æ¢; æ¢; æ¢; ) CJK COMPATIBILITY IDEOGRAPH-F97A +F97B;7CE7;7CE7;7CE7;7CE7; # (糧; 糧; 糧; 糧; 糧; ) CJK COMPATIBILITY IDEOGRAPH-F97B +F97C;826F;826F;826F;826F; # (良; 良; 良; 良; 良; ) CJK COMPATIBILITY IDEOGRAPH-F97C +F97D;8AD2;8AD2;8AD2;8AD2; # (諒; è«’; è«’; è«’; è«’; ) CJK COMPATIBILITY IDEOGRAPH-F97D +F97E;91CF;91CF;91CF;91CF; # (量; é‡; é‡; é‡; é‡; ) CJK COMPATIBILITY IDEOGRAPH-F97E +F97F;52F5;52F5;52F5;52F5; # (勵; 勵; 勵; 勵; 勵; ) CJK COMPATIBILITY IDEOGRAPH-F97F +F980;5442;5442;5442;5442; # (呂; å‘‚; å‘‚; å‘‚; å‘‚; ) CJK COMPATIBILITY IDEOGRAPH-F980 +F981;5973;5973;5973;5973; # (ï¦; 女; 女; 女; 女; ) CJK COMPATIBILITY IDEOGRAPH-F981 +F982;5EEC;5EEC;5EEC;5EEC; # (廬; 廬; 廬; 廬; 廬; ) CJK COMPATIBILITY IDEOGRAPH-F982 +F983;65C5;65C5;65C5;65C5; # (旅; æ—…; æ—…; æ—…; æ—…; ) CJK COMPATIBILITY IDEOGRAPH-F983 +F984;6FFE;6FFE;6FFE;6FFE; # (濾; 濾; 濾; 濾; 濾; ) CJK COMPATIBILITY IDEOGRAPH-F984 +F985;792A;792A;792A;792A; # (礪; 礪; 礪; 礪; 礪; ) CJK COMPATIBILITY IDEOGRAPH-F985 +F986;95AD;95AD;95AD;95AD; # (閭; é–­; é–­; é–­; é–­; ) CJK COMPATIBILITY IDEOGRAPH-F986 +F987;9A6A;9A6A;9A6A;9A6A; # (驪; 驪; 驪; 驪; 驪; ) CJK COMPATIBILITY IDEOGRAPH-F987 +F988;9E97;9E97;9E97;9E97; # (麗; 麗; 麗; 麗; 麗; ) CJK COMPATIBILITY IDEOGRAPH-F988 +F989;9ECE;9ECE;9ECE;9ECE; # (黎; 黎; 黎; 黎; 黎; ) CJK COMPATIBILITY IDEOGRAPH-F989 +F98A;529B;529B;529B;529B; # (力; 力; 力; 力; 力; ) CJK COMPATIBILITY IDEOGRAPH-F98A +F98B;66C6;66C6;66C6;66C6; # (曆; 曆; 曆; 曆; 曆; ) CJK COMPATIBILITY IDEOGRAPH-F98B +F98C;6B77;6B77;6B77;6B77; # (歷; æ­·; æ­·; æ­·; æ­·; ) CJK COMPATIBILITY IDEOGRAPH-F98C +F98D;8F62;8F62;8F62;8F62; # (ï¦; è½¢; è½¢; è½¢; è½¢; ) CJK COMPATIBILITY IDEOGRAPH-F98D +F98E;5E74;5E74;5E74;5E74; # (年; å¹´; å¹´; å¹´; å¹´; ) CJK COMPATIBILITY IDEOGRAPH-F98E +F98F;6190;6190;6190;6190; # (ï¦; æ†; æ†; æ†; æ†; ) CJK COMPATIBILITY IDEOGRAPH-F98F +F990;6200;6200;6200;6200; # (ï¦; 戀; 戀; 戀; 戀; ) CJK COMPATIBILITY IDEOGRAPH-F990 +F991;649A;649A;649A;649A; # (撚; æ’š; æ’š; æ’š; æ’š; ) CJK COMPATIBILITY IDEOGRAPH-F991 +F992;6F23;6F23;6F23;6F23; # (漣; æ¼£; æ¼£; æ¼£; æ¼£; ) CJK COMPATIBILITY IDEOGRAPH-F992 +F993;7149;7149;7149;7149; # (煉; ç…‰; ç…‰; ç…‰; ç…‰; ) CJK COMPATIBILITY IDEOGRAPH-F993 +F994;7489;7489;7489;7489; # (璉; ç’‰; ç’‰; ç’‰; ç’‰; ) CJK COMPATIBILITY IDEOGRAPH-F994 +F995;79CA;79CA;79CA;79CA; # (秊; 秊; 秊; 秊; 秊; ) CJK COMPATIBILITY IDEOGRAPH-F995 +F996;7DF4;7DF4;7DF4;7DF4; # (練; ç·´; ç·´; ç·´; ç·´; ) CJK COMPATIBILITY IDEOGRAPH-F996 +F997;806F;806F;806F;806F; # (聯; è¯; è¯; è¯; è¯; ) CJK COMPATIBILITY IDEOGRAPH-F997 +F998;8F26;8F26;8F26;8F26; # (輦; 輦; 輦; 輦; 輦; ) CJK COMPATIBILITY IDEOGRAPH-F998 +F999;84EE;84EE;84EE;84EE; # (蓮; è“®; è“®; è“®; è“®; ) CJK COMPATIBILITY IDEOGRAPH-F999 +F99A;9023;9023;9023;9023; # (連; 連; 連; 連; 連; ) CJK COMPATIBILITY IDEOGRAPH-F99A +F99B;934A;934A;934A;934A; # (鍊; éŠ; éŠ; éŠ; éŠ; ) CJK COMPATIBILITY IDEOGRAPH-F99B +F99C;5217;5217;5217;5217; # (列; 列; 列; 列; 列; ) CJK COMPATIBILITY IDEOGRAPH-F99C +F99D;52A3;52A3;52A3;52A3; # (ï¦; 劣; 劣; 劣; 劣; ) CJK COMPATIBILITY IDEOGRAPH-F99D +F99E;54BD;54BD;54BD;54BD; # (咽; å’½; å’½; å’½; å’½; ) CJK COMPATIBILITY IDEOGRAPH-F99E +F99F;70C8;70C8;70C8;70C8; # (烈; 烈; 烈; 烈; 烈; ) CJK COMPATIBILITY IDEOGRAPH-F99F +F9A0;88C2;88C2;88C2;88C2; # (裂; 裂; 裂; 裂; 裂; ) CJK COMPATIBILITY IDEOGRAPH-F9A0 +F9A1;8AAA;8AAA;8AAA;8AAA; # (說; 說; 說; 說; 說; ) CJK COMPATIBILITY IDEOGRAPH-F9A1 +F9A2;5EC9;5EC9;5EC9;5EC9; # (廉; 廉; 廉; 廉; 廉; ) CJK COMPATIBILITY IDEOGRAPH-F9A2 +F9A3;5FF5;5FF5;5FF5;5FF5; # (念; 念; 念; 念; 念; ) CJK COMPATIBILITY IDEOGRAPH-F9A3 +F9A4;637B;637B;637B;637B; # (捻; æ»; æ»; æ»; æ»; ) CJK COMPATIBILITY IDEOGRAPH-F9A4 +F9A5;6BAE;6BAE;6BAE;6BAE; # (殮; æ®®; æ®®; æ®®; æ®®; ) CJK COMPATIBILITY IDEOGRAPH-F9A5 +F9A6;7C3E;7C3E;7C3E;7C3E; # (簾; ç°¾; ç°¾; ç°¾; ç°¾; ) CJK COMPATIBILITY IDEOGRAPH-F9A6 +F9A7;7375;7375;7375;7375; # (獵; çµ; çµ; çµ; çµ; ) CJK COMPATIBILITY IDEOGRAPH-F9A7 +F9A8;4EE4;4EE4;4EE4;4EE4; # (令; 令; 令; 令; 令; ) CJK COMPATIBILITY IDEOGRAPH-F9A8 +F9A9;56F9;56F9;56F9;56F9; # (囹; 囹; 囹; 囹; 囹; ) CJK COMPATIBILITY IDEOGRAPH-F9A9 +F9AA;5BE7;5BE7;5BE7;5BE7; # (寧; 寧; 寧; 寧; 寧; ) CJK COMPATIBILITY IDEOGRAPH-F9AA +F9AB;5DBA;5DBA;5DBA;5DBA; # (嶺; 嶺; 嶺; 嶺; 嶺; ) CJK COMPATIBILITY IDEOGRAPH-F9AB +F9AC;601C;601C;601C;601C; # (怜; 怜; 怜; 怜; 怜; ) CJK COMPATIBILITY IDEOGRAPH-F9AC +F9AD;73B2;73B2;73B2;73B2; # (玲; 玲; 玲; 玲; 玲; ) CJK COMPATIBILITY IDEOGRAPH-F9AD +F9AE;7469;7469;7469;7469; # (瑩; ç‘©; ç‘©; ç‘©; ç‘©; ) CJK COMPATIBILITY IDEOGRAPH-F9AE +F9AF;7F9A;7F9A;7F9A;7F9A; # (羚; 羚; 羚; 羚; 羚; ) CJK COMPATIBILITY IDEOGRAPH-F9AF +F9B0;8046;8046;8046;8046; # (聆; è†; è†; è†; è†; ) CJK COMPATIBILITY IDEOGRAPH-F9B0 +F9B1;9234;9234;9234;9234; # (鈴; 鈴; 鈴; 鈴; 鈴; ) CJK COMPATIBILITY IDEOGRAPH-F9B1 +F9B2;96F6;96F6;96F6;96F6; # (零; 零; 零; 零; 零; ) CJK COMPATIBILITY IDEOGRAPH-F9B2 +F9B3;9748;9748;9748;9748; # (靈; éˆ; éˆ; éˆ; éˆ; ) CJK COMPATIBILITY IDEOGRAPH-F9B3 +F9B4;9818;9818;9818;9818; # (領; é ˜; é ˜; é ˜; é ˜; ) CJK COMPATIBILITY IDEOGRAPH-F9B4 +F9B5;4F8B;4F8B;4F8B;4F8B; # (例; 例; 例; 例; 例; ) CJK COMPATIBILITY IDEOGRAPH-F9B5 +F9B6;79AE;79AE;79AE;79AE; # (禮; 禮; 禮; 禮; 禮; ) CJK COMPATIBILITY IDEOGRAPH-F9B6 +F9B7;91B4;91B4;91B4;91B4; # (醴; 醴; 醴; 醴; 醴; ) CJK COMPATIBILITY IDEOGRAPH-F9B7 +F9B8;96B8;96B8;96B8;96B8; # (隸; 隸; 隸; 隸; 隸; ) CJK COMPATIBILITY IDEOGRAPH-F9B8 +F9B9;60E1;60E1;60E1;60E1; # (惡; 惡; 惡; 惡; 惡; ) CJK COMPATIBILITY IDEOGRAPH-F9B9 +F9BA;4E86;4E86;4E86;4E86; # (了; 了; 了; 了; 了; ) CJK COMPATIBILITY IDEOGRAPH-F9BA +F9BB;50DA;50DA;50DA;50DA; # (僚; 僚; 僚; 僚; 僚; ) CJK COMPATIBILITY IDEOGRAPH-F9BB +F9BC;5BEE;5BEE;5BEE;5BEE; # (寮; 寮; 寮; 寮; 寮; ) CJK COMPATIBILITY IDEOGRAPH-F9BC +F9BD;5C3F;5C3F;5C3F;5C3F; # (尿; å°¿; å°¿; å°¿; å°¿; ) CJK COMPATIBILITY IDEOGRAPH-F9BD +F9BE;6599;6599;6599;6599; # (料; æ–™; æ–™; æ–™; æ–™; ) CJK COMPATIBILITY IDEOGRAPH-F9BE +F9BF;6A02;6A02;6A02;6A02; # (樂; 樂; 樂; 樂; 樂; ) CJK COMPATIBILITY IDEOGRAPH-F9BF +F9C0;71CE;71CE;71CE;71CE; # (燎; 燎; 燎; 燎; 燎; ) CJK COMPATIBILITY IDEOGRAPH-F9C0 +F9C1;7642;7642;7642;7642; # (ï§; 療; 療; 療; 療; ) CJK COMPATIBILITY IDEOGRAPH-F9C1 +F9C2;84FC;84FC;84FC;84FC; # (蓼; 蓼; 蓼; 蓼; 蓼; ) CJK COMPATIBILITY IDEOGRAPH-F9C2 +F9C3;907C;907C;907C;907C; # (遼; é¼; é¼; é¼; é¼; ) CJK COMPATIBILITY IDEOGRAPH-F9C3 +F9C4;9F8D;9F8D;9F8D;9F8D; # (龍; é¾; é¾; é¾; é¾; ) CJK COMPATIBILITY IDEOGRAPH-F9C4 +F9C5;6688;6688;6688;6688; # (暈; 暈; 暈; 暈; 暈; ) CJK COMPATIBILITY IDEOGRAPH-F9C5 +F9C6;962E;962E;962E;962E; # (阮; 阮; 阮; 阮; 阮; ) CJK COMPATIBILITY IDEOGRAPH-F9C6 +F9C7;5289;5289;5289;5289; # (劉; 劉; 劉; 劉; 劉; ) CJK COMPATIBILITY IDEOGRAPH-F9C7 +F9C8;677B;677B;677B;677B; # (杻; æ»; æ»; æ»; æ»; ) CJK COMPATIBILITY IDEOGRAPH-F9C8 +F9C9;67F3;67F3;67F3;67F3; # (柳; 柳; 柳; 柳; 柳; ) CJK COMPATIBILITY IDEOGRAPH-F9C9 +F9CA;6D41;6D41;6D41;6D41; # (流; æµ; æµ; æµ; æµ; ) CJK COMPATIBILITY IDEOGRAPH-F9CA +F9CB;6E9C;6E9C;6E9C;6E9C; # (溜; 溜; 溜; 溜; 溜; ) CJK COMPATIBILITY IDEOGRAPH-F9CB +F9CC;7409;7409;7409;7409; # (琉; ç‰; ç‰; ç‰; ç‰; ) CJK COMPATIBILITY IDEOGRAPH-F9CC +F9CD;7559;7559;7559;7559; # (ï§; ç•™; ç•™; ç•™; ç•™; ) CJK COMPATIBILITY IDEOGRAPH-F9CD +F9CE;786B;786B;786B;786B; # (硫; ç¡«; ç¡«; ç¡«; ç¡«; ) CJK COMPATIBILITY IDEOGRAPH-F9CE +F9CF;7D10;7D10;7D10;7D10; # (ï§; ç´; ç´; ç´; ç´; ) CJK COMPATIBILITY IDEOGRAPH-F9CF +F9D0;985E;985E;985E;985E; # (ï§; é¡ž; é¡ž; é¡ž; é¡ž; ) CJK COMPATIBILITY IDEOGRAPH-F9D0 +F9D1;516D;516D;516D;516D; # (六; å…­; å…­; å…­; å…­; ) CJK COMPATIBILITY IDEOGRAPH-F9D1 +F9D2;622E;622E;622E;622E; # (戮; 戮; 戮; 戮; 戮; ) CJK COMPATIBILITY IDEOGRAPH-F9D2 +F9D3;9678;9678;9678;9678; # (陸; 陸; 陸; 陸; 陸; ) CJK COMPATIBILITY IDEOGRAPH-F9D3 +F9D4;502B;502B;502B;502B; # (倫; 倫; 倫; 倫; 倫; ) CJK COMPATIBILITY IDEOGRAPH-F9D4 +F9D5;5D19;5D19;5D19;5D19; # (崙; å´™; å´™; å´™; å´™; ) CJK COMPATIBILITY IDEOGRAPH-F9D5 +F9D6;6DEA;6DEA;6DEA;6DEA; # (淪; æ·ª; æ·ª; æ·ª; æ·ª; ) CJK COMPATIBILITY IDEOGRAPH-F9D6 +F9D7;8F2A;8F2A;8F2A;8F2A; # (輪; 輪; 輪; 輪; 輪; ) CJK COMPATIBILITY IDEOGRAPH-F9D7 +F9D8;5F8B;5F8B;5F8B;5F8B; # (律; 律; 律; 律; 律; ) CJK COMPATIBILITY IDEOGRAPH-F9D8 +F9D9;6144;6144;6144;6144; # (慄; æ…„; æ…„; æ…„; æ…„; ) CJK COMPATIBILITY IDEOGRAPH-F9D9 +F9DA;6817;6817;6817;6817; # (栗; æ —; æ —; æ —; æ —; ) CJK COMPATIBILITY IDEOGRAPH-F9DA +F9DB;7387;7387;7387;7387; # (率; 率; 率; 率; 率; ) CJK COMPATIBILITY IDEOGRAPH-F9DB +F9DC;9686;9686;9686;9686; # (隆; 隆; 隆; 隆; 隆; ) CJK COMPATIBILITY IDEOGRAPH-F9DC +F9DD;5229;5229;5229;5229; # (ï§; 利; 利; 利; 利; ) CJK COMPATIBILITY IDEOGRAPH-F9DD +F9DE;540F;540F;540F;540F; # (吏; å; å; å; å; ) CJK COMPATIBILITY IDEOGRAPH-F9DE +F9DF;5C65;5C65;5C65;5C65; # (履; å±¥; å±¥; å±¥; å±¥; ) CJK COMPATIBILITY IDEOGRAPH-F9DF +F9E0;6613;6613;6613;6613; # (易; 易; 易; 易; 易; ) CJK COMPATIBILITY IDEOGRAPH-F9E0 +F9E1;674E;674E;674E;674E; # (李; æŽ; æŽ; æŽ; æŽ; ) CJK COMPATIBILITY IDEOGRAPH-F9E1 +F9E2;68A8;68A8;68A8;68A8; # (梨; 梨; 梨; 梨; 梨; ) CJK COMPATIBILITY IDEOGRAPH-F9E2 +F9E3;6CE5;6CE5;6CE5;6CE5; # (泥; æ³¥; æ³¥; æ³¥; æ³¥; ) CJK COMPATIBILITY IDEOGRAPH-F9E3 +F9E4;7406;7406;7406;7406; # (理; ç†; ç†; ç†; ç†; ) CJK COMPATIBILITY IDEOGRAPH-F9E4 +F9E5;75E2;75E2;75E2;75E2; # (痢; ç—¢; ç—¢; ç—¢; ç—¢; ) CJK COMPATIBILITY IDEOGRAPH-F9E5 +F9E6;7F79;7F79;7F79;7F79; # (罹; ç½¹; ç½¹; ç½¹; ç½¹; ) CJK COMPATIBILITY IDEOGRAPH-F9E6 +F9E7;88CF;88CF;88CF;88CF; # (裏; è£; è£; è£; è£; ) CJK COMPATIBILITY IDEOGRAPH-F9E7 +F9E8;88E1;88E1;88E1;88E1; # (裡; 裡; 裡; 裡; 裡; ) CJK COMPATIBILITY IDEOGRAPH-F9E8 +F9E9;91CC;91CC;91CC;91CC; # (里; 里; 里; 里; 里; ) CJK COMPATIBILITY IDEOGRAPH-F9E9 +F9EA;96E2;96E2;96E2;96E2; # (離; 離; 離; 離; 離; ) CJK COMPATIBILITY IDEOGRAPH-F9EA +F9EB;533F;533F;533F;533F; # (匿; 匿; 匿; 匿; 匿; ) CJK COMPATIBILITY IDEOGRAPH-F9EB +F9EC;6EBA;6EBA;6EBA;6EBA; # (溺; 溺; 溺; 溺; 溺; ) CJK COMPATIBILITY IDEOGRAPH-F9EC +F9ED;541D;541D;541D;541D; # (吝; å; å; å; å; ) CJK COMPATIBILITY IDEOGRAPH-F9ED +F9EE;71D0;71D0;71D0;71D0; # (燐; ç‡; ç‡; ç‡; ç‡; ) CJK COMPATIBILITY IDEOGRAPH-F9EE +F9EF;7498;7498;7498;7498; # (璘; ç’˜; ç’˜; ç’˜; ç’˜; ) CJK COMPATIBILITY IDEOGRAPH-F9EF +F9F0;85FA;85FA;85FA;85FA; # (藺; è—º; è—º; è—º; è—º; ) CJK COMPATIBILITY IDEOGRAPH-F9F0 +F9F1;96A3;96A3;96A3;96A3; # (隣; 隣; 隣; 隣; 隣; ) CJK COMPATIBILITY IDEOGRAPH-F9F1 +F9F2;9C57;9C57;9C57;9C57; # (鱗; é±—; é±—; é±—; é±—; ) CJK COMPATIBILITY IDEOGRAPH-F9F2 +F9F3;9E9F;9E9F;9E9F;9E9F; # (麟; 麟; 麟; 麟; 麟; ) CJK COMPATIBILITY IDEOGRAPH-F9F3 +F9F4;6797;6797;6797;6797; # (林; æž—; æž—; æž—; æž—; ) CJK COMPATIBILITY IDEOGRAPH-F9F4 +F9F5;6DCB;6DCB;6DCB;6DCB; # (淋; æ·‹; æ·‹; æ·‹; æ·‹; ) CJK COMPATIBILITY IDEOGRAPH-F9F5 +F9F6;81E8;81E8;81E8;81E8; # (臨; 臨; 臨; 臨; 臨; ) CJK COMPATIBILITY IDEOGRAPH-F9F6 +F9F7;7ACB;7ACB;7ACB;7ACB; # (立; ç«‹; ç«‹; ç«‹; ç«‹; ) CJK COMPATIBILITY IDEOGRAPH-F9F7 +F9F8;7B20;7B20;7B20;7B20; # (笠; 笠; 笠; 笠; 笠; ) CJK COMPATIBILITY IDEOGRAPH-F9F8 +F9F9;7C92;7C92;7C92;7C92; # (粒; ç²’; ç²’; ç²’; ç²’; ) CJK COMPATIBILITY IDEOGRAPH-F9F9 +F9FA;72C0;72C0;72C0;72C0; # (狀; ç‹€; ç‹€; ç‹€; ç‹€; ) CJK COMPATIBILITY IDEOGRAPH-F9FA +F9FB;7099;7099;7099;7099; # (炙; ç‚™; ç‚™; ç‚™; ç‚™; ) CJK COMPATIBILITY IDEOGRAPH-F9FB +F9FC;8B58;8B58;8B58;8B58; # (識; è­˜; è­˜; è­˜; è­˜; ) CJK COMPATIBILITY IDEOGRAPH-F9FC +F9FD;4EC0;4EC0;4EC0;4EC0; # (什; 什; 什; 什; 什; ) CJK COMPATIBILITY IDEOGRAPH-F9FD +F9FE;8336;8336;8336;8336; # (茶; 茶; 茶; 茶; 茶; ) CJK COMPATIBILITY IDEOGRAPH-F9FE +F9FF;523A;523A;523A;523A; # (刺; 刺; 刺; 刺; 刺; ) CJK COMPATIBILITY IDEOGRAPH-F9FF +FA00;5207;5207;5207;5207; # (切; 切; 切; 切; 切; ) CJK COMPATIBILITY IDEOGRAPH-FA00 +FA01;5EA6;5EA6;5EA6;5EA6; # (ï¨; 度; 度; 度; 度; ) CJK COMPATIBILITY IDEOGRAPH-FA01 +FA02;62D3;62D3;62D3;62D3; # (拓; æ‹“; æ‹“; æ‹“; æ‹“; ) CJK COMPATIBILITY IDEOGRAPH-FA02 +FA03;7CD6;7CD6;7CD6;7CD6; # (糖; ç³–; ç³–; ç³–; ç³–; ) CJK COMPATIBILITY IDEOGRAPH-FA03 +FA04;5B85;5B85;5B85;5B85; # (宅; å®…; å®…; å®…; å®…; ) CJK COMPATIBILITY IDEOGRAPH-FA04 +FA05;6D1E;6D1E;6D1E;6D1E; # (洞; æ´ž; æ´ž; æ´ž; æ´ž; ) CJK COMPATIBILITY IDEOGRAPH-FA05 +FA06;66B4;66B4;66B4;66B4; # (暴; æš´; æš´; æš´; æš´; ) CJK COMPATIBILITY IDEOGRAPH-FA06 +FA07;8F3B;8F3B;8F3B;8F3B; # (輻; è¼»; è¼»; è¼»; è¼»; ) CJK COMPATIBILITY IDEOGRAPH-FA07 +FA08;884C;884C;884C;884C; # (行; è¡Œ; è¡Œ; è¡Œ; è¡Œ; ) CJK COMPATIBILITY IDEOGRAPH-FA08 +FA09;964D;964D;964D;964D; # (降; é™; é™; é™; é™; ) CJK COMPATIBILITY IDEOGRAPH-FA09 +FA0A;898B;898B;898B;898B; # (見; 見; 見; 見; 見; ) CJK COMPATIBILITY IDEOGRAPH-FA0A +FA0B;5ED3;5ED3;5ED3;5ED3; # (廓; 廓; 廓; 廓; 廓; ) CJK COMPATIBILITY IDEOGRAPH-FA0B +FA0C;5140;5140;5140;5140; # (兀; å…€; å…€; å…€; å…€; ) CJK COMPATIBILITY IDEOGRAPH-FA0C +FA0D;55C0;55C0;55C0;55C0; # (ï¨; å—€; å—€; å—€; å—€; ) CJK COMPATIBILITY IDEOGRAPH-FA0D +FA10;585A;585A;585A;585A; # (ï¨; å¡š; å¡š; å¡š; å¡š; ) CJK COMPATIBILITY IDEOGRAPH-FA10 +FA12;6674;6674;6674;6674; # (晴; æ™´; æ™´; æ™´; æ™´; ) CJK COMPATIBILITY IDEOGRAPH-FA12 +FA15;51DE;51DE;51DE;51DE; # (凞; 凞; 凞; 凞; 凞; ) CJK COMPATIBILITY IDEOGRAPH-FA15 +FA16;732A;732A;732A;732A; # (猪; 猪; 猪; 猪; 猪; ) CJK COMPATIBILITY IDEOGRAPH-FA16 +FA17;76CA;76CA;76CA;76CA; # (益; 益; 益; 益; 益; ) CJK COMPATIBILITY IDEOGRAPH-FA17 +FA18;793C;793C;793C;793C; # (礼; 礼; 礼; 礼; 礼; ) CJK COMPATIBILITY IDEOGRAPH-FA18 +FA19;795E;795E;795E;795E; # (神; 神; 神; 神; 神; ) CJK COMPATIBILITY IDEOGRAPH-FA19 +FA1A;7965;7965;7965;7965; # (祥; 祥; 祥; 祥; 祥; ) CJK COMPATIBILITY IDEOGRAPH-FA1A +FA1B;798F;798F;798F;798F; # (福; ç¦; ç¦; ç¦; ç¦; ) CJK COMPATIBILITY IDEOGRAPH-FA1B +FA1C;9756;9756;9756;9756; # (靖; é–; é–; é–; é–; ) CJK COMPATIBILITY IDEOGRAPH-FA1C +FA1D;7CBE;7CBE;7CBE;7CBE; # (ï¨; ç²¾; ç²¾; ç²¾; ç²¾; ) CJK COMPATIBILITY IDEOGRAPH-FA1D +FA1E;7FBD;7FBD;7FBD;7FBD; # (羽; ç¾½; ç¾½; ç¾½; ç¾½; ) CJK COMPATIBILITY IDEOGRAPH-FA1E +FA20;8612;8612;8612;8612; # (蘒; 蘒; 蘒; 蘒; 蘒; ) CJK COMPATIBILITY IDEOGRAPH-FA20 +FA22;8AF8;8AF8;8AF8;8AF8; # (諸; 諸; 諸; 諸; 諸; ) CJK COMPATIBILITY IDEOGRAPH-FA22 +FA25;9038;9038;9038;9038; # (逸; 逸; 逸; 逸; 逸; ) CJK COMPATIBILITY IDEOGRAPH-FA25 +FA26;90FD;90FD;90FD;90FD; # (都; 都; 都; 都; 都; ) CJK COMPATIBILITY IDEOGRAPH-FA26 +FA2A;98EF;98EF;98EF;98EF; # (飯; 飯; 飯; 飯; 飯; ) CJK COMPATIBILITY IDEOGRAPH-FA2A +FA2B;98FC;98FC;98FC;98FC; # (飼; 飼; 飼; 飼; 飼; ) CJK COMPATIBILITY IDEOGRAPH-FA2B +FA2C;9928;9928;9928;9928; # (館; 館; 館; 館; 館; ) CJK COMPATIBILITY IDEOGRAPH-FA2C +FA2D;9DB4;9DB4;9DB4;9DB4; # (鶴; 鶴; 鶴; 鶴; 鶴; ) CJK COMPATIBILITY IDEOGRAPH-FA2D +FA30;4FAE;4FAE;4FAE;4FAE; # (侮; ä¾®; ä¾®; ä¾®; ä¾®; ) CJK COMPATIBILITY IDEOGRAPH-FA30 +FA31;50E7;50E7;50E7;50E7; # (僧; 僧; 僧; 僧; 僧; ) CJK COMPATIBILITY IDEOGRAPH-FA31 +FA32;514D;514D;514D;514D; # (免; å…; å…; å…; å…; ) CJK COMPATIBILITY IDEOGRAPH-FA32 +FA33;52C9;52C9;52C9;52C9; # (勉; 勉; 勉; 勉; 勉; ) CJK COMPATIBILITY IDEOGRAPH-FA33 +FA34;52E4;52E4;52E4;52E4; # (勤; 勤; 勤; 勤; 勤; ) CJK COMPATIBILITY IDEOGRAPH-FA34 +FA35;5351;5351;5351;5351; # (卑; å‘; å‘; å‘; å‘; ) CJK COMPATIBILITY IDEOGRAPH-FA35 +FA36;559D;559D;559D;559D; # (喝; å–; å–; å–; å–; ) CJK COMPATIBILITY IDEOGRAPH-FA36 +FA37;5606;5606;5606;5606; # (嘆; 嘆; 嘆; 嘆; 嘆; ) CJK COMPATIBILITY IDEOGRAPH-FA37 +FA38;5668;5668;5668;5668; # (器; 器; 器; 器; 器; ) CJK COMPATIBILITY IDEOGRAPH-FA38 +FA39;5840;5840;5840;5840; # (塀; å¡€; å¡€; å¡€; å¡€; ) CJK COMPATIBILITY IDEOGRAPH-FA39 +FA3A;58A8;58A8;58A8;58A8; # (墨; 墨; 墨; 墨; 墨; ) CJK COMPATIBILITY IDEOGRAPH-FA3A +FA3B;5C64;5C64;5C64;5C64; # (層; 層; 層; 層; 層; ) CJK COMPATIBILITY IDEOGRAPH-FA3B +FA3C;5C6E;5C6E;5C6E;5C6E; # (屮; å±®; å±®; å±®; å±®; ) CJK COMPATIBILITY IDEOGRAPH-FA3C +FA3D;6094;6094;6094;6094; # (悔; æ‚”; æ‚”; æ‚”; æ‚”; ) CJK COMPATIBILITY IDEOGRAPH-FA3D +FA3E;6168;6168;6168;6168; # (慨; æ…¨; æ…¨; æ…¨; æ…¨; ) CJK COMPATIBILITY IDEOGRAPH-FA3E +FA3F;618E;618E;618E;618E; # (憎; 憎; 憎; 憎; 憎; ) CJK COMPATIBILITY IDEOGRAPH-FA3F +FA40;61F2;61F2;61F2;61F2; # (ï©€; 懲; 懲; 懲; 懲; ) CJK COMPATIBILITY IDEOGRAPH-FA40 +FA41;654F;654F;654F;654F; # (ï©; æ•; æ•; æ•; æ•; ) CJK COMPATIBILITY IDEOGRAPH-FA41 +FA42;65E2;65E2;65E2;65E2; # (ï©‚; æ—¢; æ—¢; æ—¢; æ—¢; ) CJK COMPATIBILITY IDEOGRAPH-FA42 +FA43;6691;6691;6691;6691; # (暑; æš‘; æš‘; æš‘; æš‘; ) CJK COMPATIBILITY IDEOGRAPH-FA43 +FA44;6885;6885;6885;6885; # (ï©„; 梅; 梅; 梅; 梅; ) CJK COMPATIBILITY IDEOGRAPH-FA44 +FA45;6D77;6D77;6D77;6D77; # (ï©…; æµ·; æµ·; æµ·; æµ·; ) CJK COMPATIBILITY IDEOGRAPH-FA45 +FA46;6E1A;6E1A;6E1A;6E1A; # (渚; 渚; 渚; 渚; 渚; ) CJK COMPATIBILITY IDEOGRAPH-FA46 +FA47;6F22;6F22;6F22;6F22; # (漢; æ¼¢; æ¼¢; æ¼¢; æ¼¢; ) CJK COMPATIBILITY IDEOGRAPH-FA47 +FA48;716E;716E;716E;716E; # (煮; ç…®; ç…®; ç…®; ç…®; ) CJK COMPATIBILITY IDEOGRAPH-FA48 +FA49;722B;722B;722B;722B; # (爫; 爫; 爫; 爫; 爫; ) CJK COMPATIBILITY IDEOGRAPH-FA49 +FA4A;7422;7422;7422;7422; # (ï©Š; ç¢; ç¢; ç¢; ç¢; ) CJK COMPATIBILITY IDEOGRAPH-FA4A +FA4B;7891;7891;7891;7891; # (ï©‹; 碑; 碑; 碑; 碑; ) CJK COMPATIBILITY IDEOGRAPH-FA4B +FA4C;793E;793E;793E;793E; # (ï©Œ; 社; 社; 社; 社; ) CJK COMPATIBILITY IDEOGRAPH-FA4C +FA4D;7949;7949;7949;7949; # (ï©; 祉; 祉; 祉; 祉; ) CJK COMPATIBILITY IDEOGRAPH-FA4D +FA4E;7948;7948;7948;7948; # (ï©Ž; 祈; 祈; 祈; 祈; ) CJK COMPATIBILITY IDEOGRAPH-FA4E +FA4F;7950;7950;7950;7950; # (ï©; ç¥; ç¥; ç¥; ç¥; ) CJK COMPATIBILITY IDEOGRAPH-FA4F +FA50;7956;7956;7956;7956; # (ï©; 祖; 祖; 祖; 祖; ) CJK COMPATIBILITY IDEOGRAPH-FA50 +FA51;795D;795D;795D;795D; # (ï©‘; ç¥; ç¥; ç¥; ç¥; ) CJK COMPATIBILITY IDEOGRAPH-FA51 +FA52;798D;798D;798D;798D; # (ï©’; ç¦; ç¦; ç¦; ç¦; ) CJK COMPATIBILITY IDEOGRAPH-FA52 +FA53;798E;798E;798E;798E; # (ï©“; 禎; 禎; 禎; 禎; ) CJK COMPATIBILITY IDEOGRAPH-FA53 +FA54;7A40;7A40;7A40;7A40; # (ï©”; ç©€; ç©€; ç©€; ç©€; ) CJK COMPATIBILITY IDEOGRAPH-FA54 +FA55;7A81;7A81;7A81;7A81; # (ï©•; çª; çª; çª; çª; ) CJK COMPATIBILITY IDEOGRAPH-FA55 +FA56;7BC0;7BC0;7BC0;7BC0; # (ï©–; 節; 節; 節; 節; ) CJK COMPATIBILITY IDEOGRAPH-FA56 +FA57;7DF4;7DF4;7DF4;7DF4; # (ï©—; ç·´; ç·´; ç·´; ç·´; ) CJK COMPATIBILITY IDEOGRAPH-FA57 +FA58;7E09;7E09;7E09;7E09; # (縉; 縉; 縉; 縉; 縉; ) CJK COMPATIBILITY IDEOGRAPH-FA58 +FA59;7E41;7E41;7E41;7E41; # (ï©™; ç¹; ç¹; ç¹; ç¹; ) CJK COMPATIBILITY IDEOGRAPH-FA59 +FA5A;7F72;7F72;7F72;7F72; # (ï©š; ç½²; ç½²; ç½²; ç½²; ) CJK COMPATIBILITY IDEOGRAPH-FA5A +FA5B;8005;8005;8005;8005; # (ï©›; 者; 者; 者; 者; ) CJK COMPATIBILITY IDEOGRAPH-FA5B +FA5C;81ED;81ED;81ED;81ED; # (ï©œ; 臭; 臭; 臭; 臭; ) CJK COMPATIBILITY IDEOGRAPH-FA5C +FA5D;8279;8279;8279;8279; # (ï©; 艹; 艹; 艹; 艹; ) CJK COMPATIBILITY IDEOGRAPH-FA5D +FA5E;8279;8279;8279;8279; # (ï©ž; 艹; 艹; 艹; 艹; ) CJK COMPATIBILITY IDEOGRAPH-FA5E +FA5F;8457;8457;8457;8457; # (ï©Ÿ; è‘—; è‘—; è‘—; è‘—; ) CJK COMPATIBILITY IDEOGRAPH-FA5F +FA60;8910;8910;8910;8910; # (ï© ; è¤; è¤; è¤; è¤; ) CJK COMPATIBILITY IDEOGRAPH-FA60 +FA61;8996;8996;8996;8996; # (ï©¡; 視; 視; 視; 視; ) CJK COMPATIBILITY IDEOGRAPH-FA61 +FA62;8B01;8B01;8B01;8B01; # (ï©¢; è¬; è¬; è¬; è¬; ) CJK COMPATIBILITY IDEOGRAPH-FA62 +FA63;8B39;8B39;8B39;8B39; # (ï©£; 謹; 謹; 謹; 謹; ) CJK COMPATIBILITY IDEOGRAPH-FA63 +FA64;8CD3;8CD3;8CD3;8CD3; # (賓; 賓; 賓; 賓; 賓; ) CJK COMPATIBILITY IDEOGRAPH-FA64 +FA65;8D08;8D08;8D08;8D08; # (ï©¥; è´ˆ; è´ˆ; è´ˆ; è´ˆ; ) CJK COMPATIBILITY IDEOGRAPH-FA65 +FA66;8FB6;8FB6;8FB6;8FB6; # (辶; 辶; 辶; 辶; 辶; ) CJK COMPATIBILITY IDEOGRAPH-FA66 +FA67;9038;9038;9038;9038; # (逸; 逸; 逸; 逸; 逸; ) CJK COMPATIBILITY IDEOGRAPH-FA67 +FA68;96E3;96E3;96E3;96E3; # (難; 難; 難; 難; 難; ) CJK COMPATIBILITY IDEOGRAPH-FA68 +FA69;97FF;97FF;97FF;97FF; # (ï©©; 響; 響; 響; 響; ) CJK COMPATIBILITY IDEOGRAPH-FA69 +FA6A;983B;983B;983B;983B; # (頻; é »; é »; é »; é »; ) CJK COMPATIBILITY IDEOGRAPH-FA6A +FB00;FB00;FB00;0066 0066;0066 0066; # (ff; ff; ff; ff; ff; ) LATIN SMALL LIGATURE FF +FB01;FB01;FB01;0066 0069;0066 0069; # (ï¬; ï¬; ï¬; fi; fi; ) LATIN SMALL LIGATURE FI +FB02;FB02;FB02;0066 006C;0066 006C; # (fl; fl; fl; fl; fl; ) LATIN SMALL LIGATURE FL +FB03;FB03;FB03;0066 0066 0069;0066 0066 0069; # (ffi; ffi; ffi; ffi; ffi; ) LATIN SMALL LIGATURE FFI +FB04;FB04;FB04;0066 0066 006C;0066 0066 006C; # (ffl; ffl; ffl; ffl; ffl; ) LATIN SMALL LIGATURE FFL +FB05;FB05;FB05;0073 0074;0073 0074; # (ſt; ſt; ſt; st; st; ) LATIN SMALL LIGATURE LONG S T +FB06;FB06;FB06;0073 0074;0073 0074; # (st; st; st; st; st; ) LATIN SMALL LIGATURE ST +FB13;FB13;FB13;0574 0576;0574 0576; # (ﬓ; ﬓ; ﬓ; Õ´Õ¶; Õ´Õ¶; ) ARMENIAN SMALL LIGATURE MEN NOW +FB14;FB14;FB14;0574 0565;0574 0565; # (ﬔ; ﬔ; ﬔ; Õ´Õ¥; Õ´Õ¥; ) ARMENIAN SMALL LIGATURE MEN ECH +FB15;FB15;FB15;0574 056B;0574 056B; # (ﬕ; ﬕ; ﬕ; Õ´Õ«; Õ´Õ«; ) ARMENIAN SMALL LIGATURE MEN INI +FB16;FB16;FB16;057E 0576;057E 0576; # (ﬖ; ﬖ; ﬖ; Õ¾Õ¶; Õ¾Õ¶; ) ARMENIAN SMALL LIGATURE VEW NOW +FB17;FB17;FB17;0574 056D;0574 056D; # (ﬗ; ﬗ; ﬗ; Õ´Õ­; Õ´Õ­; ) ARMENIAN SMALL LIGATURE MEN XEH +FB1D;05D9 05B4;05D9 05B4;05D9 05B4;05D9 05B4; # (ï¬; י◌ִ; י◌ִ; י◌ִ; י◌ִ; ) HEBREW LETTER YOD WITH HIRIQ +FB1F;05F2 05B7;05F2 05B7;05F2 05B7;05F2 05B7; # (ײַ; ײ◌ַ; ײ◌ַ; ײ◌ַ; ײ◌ַ; ) HEBREW LIGATURE YIDDISH YOD YOD PATAH +FB20;FB20;FB20;05E2;05E2; # (ﬠ; ﬠ; ﬠ; ×¢; ×¢; ) HEBREW LETTER ALTERNATIVE AYIN +FB21;FB21;FB21;05D0;05D0; # (ﬡ; ﬡ; ﬡ; ×; ×; ) HEBREW LETTER WIDE ALEF +FB22;FB22;FB22;05D3;05D3; # (ﬢ; ﬢ; ﬢ; ד; ד; ) HEBREW LETTER WIDE DALET +FB23;FB23;FB23;05D4;05D4; # (ﬣ; ﬣ; ﬣ; ×”; ×”; ) HEBREW LETTER WIDE HE +FB24;FB24;FB24;05DB;05DB; # (ﬤ; ﬤ; ﬤ; ×›; ×›; ) HEBREW LETTER WIDE KAF +FB25;FB25;FB25;05DC;05DC; # (ﬥ; ﬥ; ﬥ; ל; ל; ) HEBREW LETTER WIDE LAMED +FB26;FB26;FB26;05DD;05DD; # (ﬦ; ﬦ; ﬦ; ×; ×; ) HEBREW LETTER WIDE FINAL MEM +FB27;FB27;FB27;05E8;05E8; # (ﬧ; ﬧ; ﬧ; ר; ר; ) HEBREW LETTER WIDE RESH +FB28;FB28;FB28;05EA;05EA; # (ﬨ; ﬨ; ﬨ; ת; ת; ) HEBREW LETTER WIDE TAV +FB29;FB29;FB29;002B;002B; # (﬩; ﬩; ﬩; +; +; ) HEBREW LETTER ALTERNATIVE PLUS SIGN +FB2A;05E9 05C1;05E9 05C1;05E9 05C1;05E9 05C1; # (שׁ; ש◌×; ש◌×; ש◌×; ש◌×; ) HEBREW LETTER SHIN WITH SHIN DOT +FB2B;05E9 05C2;05E9 05C2;05E9 05C2;05E9 05C2; # (שׂ; ש◌ׂ; ש◌ׂ; ש◌ׂ; ש◌ׂ; ) HEBREW LETTER SHIN WITH SIN DOT +FB2C;05E9 05BC 05C1;05E9 05BC 05C1;05E9 05BC 05C1;05E9 05BC 05C1; # (שּׁ; ש◌ּ◌×; ש◌ּ◌×; ש◌ּ◌×; ש◌ּ◌×; ) HEBREW LETTER SHIN WITH DAGESH AND SHIN DOT +FB2D;05E9 05BC 05C2;05E9 05BC 05C2;05E9 05BC 05C2;05E9 05BC 05C2; # (שּׂ; ש◌ּ◌ׂ; ש◌ּ◌ׂ; ש◌ּ◌ׂ; ש◌ּ◌ׂ; ) HEBREW LETTER SHIN WITH DAGESH AND SIN DOT +FB2E;05D0 05B7;05D0 05B7;05D0 05B7;05D0 05B7; # (אַ; ×◌ַ; ×◌ַ; ×◌ַ; ×◌ַ; ) HEBREW LETTER ALEF WITH PATAH +FB2F;05D0 05B8;05D0 05B8;05D0 05B8;05D0 05B8; # (אָ; ×◌ָ; ×◌ָ; ×◌ָ; ×◌ָ; ) HEBREW LETTER ALEF WITH QAMATS +FB30;05D0 05BC;05D0 05BC;05D0 05BC;05D0 05BC; # (אּ; ×◌ּ; ×◌ּ; ×◌ּ; ×◌ּ; ) HEBREW LETTER ALEF WITH MAPIQ +FB31;05D1 05BC;05D1 05BC;05D1 05BC;05D1 05BC; # (בּ; ב◌ּ; ב◌ּ; ב◌ּ; ב◌ּ; ) HEBREW LETTER BET WITH DAGESH +FB32;05D2 05BC;05D2 05BC;05D2 05BC;05D2 05BC; # (גּ; ג◌ּ; ג◌ּ; ג◌ּ; ג◌ּ; ) HEBREW LETTER GIMEL WITH DAGESH +FB33;05D3 05BC;05D3 05BC;05D3 05BC;05D3 05BC; # (דּ; ד◌ּ; ד◌ּ; ד◌ּ; ד◌ּ; ) HEBREW LETTER DALET WITH DAGESH +FB34;05D4 05BC;05D4 05BC;05D4 05BC;05D4 05BC; # (הּ; ה◌ּ; ה◌ּ; ה◌ּ; ה◌ּ; ) HEBREW LETTER HE WITH MAPIQ +FB35;05D5 05BC;05D5 05BC;05D5 05BC;05D5 05BC; # (וּ; ו◌ּ; ו◌ּ; ו◌ּ; ו◌ּ; ) HEBREW LETTER VAV WITH DAGESH +FB36;05D6 05BC;05D6 05BC;05D6 05BC;05D6 05BC; # (זּ; ז◌ּ; ז◌ּ; ז◌ּ; ז◌ּ; ) HEBREW LETTER ZAYIN WITH DAGESH +FB38;05D8 05BC;05D8 05BC;05D8 05BC;05D8 05BC; # (טּ; ט◌ּ; ט◌ּ; ט◌ּ; ט◌ּ; ) HEBREW LETTER TET WITH DAGESH +FB39;05D9 05BC;05D9 05BC;05D9 05BC;05D9 05BC; # (יּ; י◌ּ; י◌ּ; י◌ּ; י◌ּ; ) HEBREW LETTER YOD WITH DAGESH +FB3A;05DA 05BC;05DA 05BC;05DA 05BC;05DA 05BC; # (ךּ; ך◌ּ; ך◌ּ; ך◌ּ; ך◌ּ; ) HEBREW LETTER FINAL KAF WITH DAGESH +FB3B;05DB 05BC;05DB 05BC;05DB 05BC;05DB 05BC; # (כּ; כ◌ּ; כ◌ּ; כ◌ּ; כ◌ּ; ) HEBREW LETTER KAF WITH DAGESH +FB3C;05DC 05BC;05DC 05BC;05DC 05BC;05DC 05BC; # (לּ; ל◌ּ; ל◌ּ; ל◌ּ; ל◌ּ; ) HEBREW LETTER LAMED WITH DAGESH +FB3E;05DE 05BC;05DE 05BC;05DE 05BC;05DE 05BC; # (מּ; מ◌ּ; מ◌ּ; מ◌ּ; מ◌ּ; ) HEBREW LETTER MEM WITH DAGESH +FB40;05E0 05BC;05E0 05BC;05E0 05BC;05E0 05BC; # (ï­€; נ◌ּ; נ◌ּ; נ◌ּ; נ◌ּ; ) HEBREW LETTER NUN WITH DAGESH +FB41;05E1 05BC;05E1 05BC;05E1 05BC;05E1 05BC; # (ï­; ס◌ּ; ס◌ּ; ס◌ּ; ס◌ּ; ) HEBREW LETTER SAMEKH WITH DAGESH +FB43;05E3 05BC;05E3 05BC;05E3 05BC;05E3 05BC; # (ï­ƒ; ף◌ּ; ף◌ּ; ף◌ּ; ף◌ּ; ) HEBREW LETTER FINAL PE WITH DAGESH +FB44;05E4 05BC;05E4 05BC;05E4 05BC;05E4 05BC; # (ï­„; פ◌ּ; פ◌ּ; פ◌ּ; פ◌ּ; ) HEBREW LETTER PE WITH DAGESH +FB46;05E6 05BC;05E6 05BC;05E6 05BC;05E6 05BC; # (ï­†; צ◌ּ; צ◌ּ; צ◌ּ; צ◌ּ; ) HEBREW LETTER TSADI WITH DAGESH +FB47;05E7 05BC;05E7 05BC;05E7 05BC;05E7 05BC; # (ï­‡; ק◌ּ; ק◌ּ; ק◌ּ; ק◌ּ; ) HEBREW LETTER QOF WITH DAGESH +FB48;05E8 05BC;05E8 05BC;05E8 05BC;05E8 05BC; # (ï­ˆ; ר◌ּ; ר◌ּ; ר◌ּ; ר◌ּ; ) HEBREW LETTER RESH WITH DAGESH +FB49;05E9 05BC;05E9 05BC;05E9 05BC;05E9 05BC; # (ï­‰; ש◌ּ; ש◌ּ; ש◌ּ; ש◌ּ; ) HEBREW LETTER SHIN WITH DAGESH +FB4A;05EA 05BC;05EA 05BC;05EA 05BC;05EA 05BC; # (ï­Š; ת◌ּ; ת◌ּ; ת◌ּ; ת◌ּ; ) HEBREW LETTER TAV WITH DAGESH +FB4B;05D5 05B9;05D5 05B9;05D5 05B9;05D5 05B9; # (ï­‹; ו◌ֹ; ו◌ֹ; ו◌ֹ; ו◌ֹ; ) HEBREW LETTER VAV WITH HOLAM +FB4C;05D1 05BF;05D1 05BF;05D1 05BF;05D1 05BF; # (ï­Œ; ב◌ֿ; ב◌ֿ; ב◌ֿ; ב◌ֿ; ) HEBREW LETTER BET WITH RAFE +FB4D;05DB 05BF;05DB 05BF;05DB 05BF;05DB 05BF; # (ï­; כ◌ֿ; כ◌ֿ; כ◌ֿ; כ◌ֿ; ) HEBREW LETTER KAF WITH RAFE +FB4E;05E4 05BF;05E4 05BF;05E4 05BF;05E4 05BF; # (ï­Ž; פ◌ֿ; פ◌ֿ; פ◌ֿ; פ◌ֿ; ) HEBREW LETTER PE WITH RAFE +FB4F;FB4F;FB4F;05D0 05DC;05D0 05DC; # (ï­; ï­; ï­; ×ל; ×ל; ) HEBREW LIGATURE ALEF LAMED +FB50;FB50;FB50;0671;0671; # (ï­; ï­; ï­; Ù±; Ù±; ) ARABIC LETTER ALEF WASLA ISOLATED FORM +FB51;FB51;FB51;0671;0671; # (ï­‘; ï­‘; ï­‘; Ù±; Ù±; ) ARABIC LETTER ALEF WASLA FINAL FORM +FB52;FB52;FB52;067B;067B; # (ï­’; ï­’; ï­’; Ù»; Ù»; ) ARABIC LETTER BEEH ISOLATED FORM +FB53;FB53;FB53;067B;067B; # (ï­“; ï­“; ï­“; Ù»; Ù»; ) ARABIC LETTER BEEH FINAL FORM +FB54;FB54;FB54;067B;067B; # (ï­”; ï­”; ï­”; Ù»; Ù»; ) ARABIC LETTER BEEH INITIAL FORM +FB55;FB55;FB55;067B;067B; # (ï­•; ï­•; ï­•; Ù»; Ù»; ) ARABIC LETTER BEEH MEDIAL FORM +FB56;FB56;FB56;067E;067E; # (ï­–; ï­–; ï­–; Ù¾; Ù¾; ) ARABIC LETTER PEH ISOLATED FORM +FB57;FB57;FB57;067E;067E; # (ï­—; ï­—; ï­—; Ù¾; Ù¾; ) ARABIC LETTER PEH FINAL FORM +FB58;FB58;FB58;067E;067E; # (ï­˜; ï­˜; ï­˜; Ù¾; Ù¾; ) ARABIC LETTER PEH INITIAL FORM +FB59;FB59;FB59;067E;067E; # (ï­™; ï­™; ï­™; Ù¾; Ù¾; ) ARABIC LETTER PEH MEDIAL FORM +FB5A;FB5A;FB5A;0680;0680; # (ï­š; ï­š; ï­š; Ú€; Ú€; ) ARABIC LETTER BEHEH ISOLATED FORM +FB5B;FB5B;FB5B;0680;0680; # (ï­›; ï­›; ï­›; Ú€; Ú€; ) ARABIC LETTER BEHEH FINAL FORM +FB5C;FB5C;FB5C;0680;0680; # (ï­œ; ï­œ; ï­œ; Ú€; Ú€; ) ARABIC LETTER BEHEH INITIAL FORM +FB5D;FB5D;FB5D;0680;0680; # (ï­; ï­; ï­; Ú€; Ú€; ) ARABIC LETTER BEHEH MEDIAL FORM +FB5E;FB5E;FB5E;067A;067A; # (ï­ž; ï­ž; ï­ž; Ùº; Ùº; ) ARABIC LETTER TTEHEH ISOLATED FORM +FB5F;FB5F;FB5F;067A;067A; # (ï­Ÿ; ï­Ÿ; ï­Ÿ; Ùº; Ùº; ) ARABIC LETTER TTEHEH FINAL FORM +FB60;FB60;FB60;067A;067A; # (ï­ ; ï­ ; ï­ ; Ùº; Ùº; ) ARABIC LETTER TTEHEH INITIAL FORM +FB61;FB61;FB61;067A;067A; # (ï­¡; ï­¡; ï­¡; Ùº; Ùº; ) ARABIC LETTER TTEHEH MEDIAL FORM +FB62;FB62;FB62;067F;067F; # (ï­¢; ï­¢; ï­¢; Ù¿; Ù¿; ) ARABIC LETTER TEHEH ISOLATED FORM +FB63;FB63;FB63;067F;067F; # (ï­£; ï­£; ï­£; Ù¿; Ù¿; ) ARABIC LETTER TEHEH FINAL FORM +FB64;FB64;FB64;067F;067F; # (ï­¤; ï­¤; ï­¤; Ù¿; Ù¿; ) ARABIC LETTER TEHEH INITIAL FORM +FB65;FB65;FB65;067F;067F; # (ï­¥; ï­¥; ï­¥; Ù¿; Ù¿; ) ARABIC LETTER TEHEH MEDIAL FORM +FB66;FB66;FB66;0679;0679; # (ï­¦; ï­¦; ï­¦; Ù¹; Ù¹; ) ARABIC LETTER TTEH ISOLATED FORM +FB67;FB67;FB67;0679;0679; # (ï­§; ï­§; ï­§; Ù¹; Ù¹; ) ARABIC LETTER TTEH FINAL FORM +FB68;FB68;FB68;0679;0679; # (ï­¨; ï­¨; ï­¨; Ù¹; Ù¹; ) ARABIC LETTER TTEH INITIAL FORM +FB69;FB69;FB69;0679;0679; # (ï­©; ï­©; ï­©; Ù¹; Ù¹; ) ARABIC LETTER TTEH MEDIAL FORM +FB6A;FB6A;FB6A;06A4;06A4; # (ï­ª; ï­ª; ï­ª; Ú¤; Ú¤; ) ARABIC LETTER VEH ISOLATED FORM +FB6B;FB6B;FB6B;06A4;06A4; # (ï­«; ï­«; ï­«; Ú¤; Ú¤; ) ARABIC LETTER VEH FINAL FORM +FB6C;FB6C;FB6C;06A4;06A4; # (ï­¬; ï­¬; ï­¬; Ú¤; Ú¤; ) ARABIC LETTER VEH INITIAL FORM +FB6D;FB6D;FB6D;06A4;06A4; # (ï­­; ï­­; ï­­; Ú¤; Ú¤; ) ARABIC LETTER VEH MEDIAL FORM +FB6E;FB6E;FB6E;06A6;06A6; # (ï­®; ï­®; ï­®; Ú¦; Ú¦; ) ARABIC LETTER PEHEH ISOLATED FORM +FB6F;FB6F;FB6F;06A6;06A6; # (ï­¯; ï­¯; ï­¯; Ú¦; Ú¦; ) ARABIC LETTER PEHEH FINAL FORM +FB70;FB70;FB70;06A6;06A6; # (ï­°; ï­°; ï­°; Ú¦; Ú¦; ) ARABIC LETTER PEHEH INITIAL FORM +FB71;FB71;FB71;06A6;06A6; # (ï­±; ï­±; ï­±; Ú¦; Ú¦; ) ARABIC LETTER PEHEH MEDIAL FORM +FB72;FB72;FB72;0684;0684; # (ï­²; ï­²; ï­²; Ú„; Ú„; ) ARABIC LETTER DYEH ISOLATED FORM +FB73;FB73;FB73;0684;0684; # (ï­³; ï­³; ï­³; Ú„; Ú„; ) ARABIC LETTER DYEH FINAL FORM +FB74;FB74;FB74;0684;0684; # (ï­´; ï­´; ï­´; Ú„; Ú„; ) ARABIC LETTER DYEH INITIAL FORM +FB75;FB75;FB75;0684;0684; # (ï­µ; ï­µ; ï­µ; Ú„; Ú„; ) ARABIC LETTER DYEH MEDIAL FORM +FB76;FB76;FB76;0683;0683; # (ï­¶; ï­¶; ï­¶; Úƒ; Úƒ; ) ARABIC LETTER NYEH ISOLATED FORM +FB77;FB77;FB77;0683;0683; # (ï­·; ï­·; ï­·; Úƒ; Úƒ; ) ARABIC LETTER NYEH FINAL FORM +FB78;FB78;FB78;0683;0683; # (ï­¸; ï­¸; ï­¸; Úƒ; Úƒ; ) ARABIC LETTER NYEH INITIAL FORM +FB79;FB79;FB79;0683;0683; # (ï­¹; ï­¹; ï­¹; Úƒ; Úƒ; ) ARABIC LETTER NYEH MEDIAL FORM +FB7A;FB7A;FB7A;0686;0686; # (ï­º; ï­º; ï­º; Ú†; Ú†; ) ARABIC LETTER TCHEH ISOLATED FORM +FB7B;FB7B;FB7B;0686;0686; # (ï­»; ï­»; ï­»; Ú†; Ú†; ) ARABIC LETTER TCHEH FINAL FORM +FB7C;FB7C;FB7C;0686;0686; # (ï­¼; ï­¼; ï­¼; Ú†; Ú†; ) ARABIC LETTER TCHEH INITIAL FORM +FB7D;FB7D;FB7D;0686;0686; # (ï­½; ï­½; ï­½; Ú†; Ú†; ) ARABIC LETTER TCHEH MEDIAL FORM +FB7E;FB7E;FB7E;0687;0687; # (ï­¾; ï­¾; ï­¾; Ú‡; Ú‡; ) ARABIC LETTER TCHEHEH ISOLATED FORM +FB7F;FB7F;FB7F;0687;0687; # (ï­¿; ï­¿; ï­¿; Ú‡; Ú‡; ) ARABIC LETTER TCHEHEH FINAL FORM +FB80;FB80;FB80;0687;0687; # (ﮀ; ﮀ; ﮀ; Ú‡; Ú‡; ) ARABIC LETTER TCHEHEH INITIAL FORM +FB81;FB81;FB81;0687;0687; # (ï®; ï®; ï®; Ú‡; Ú‡; ) ARABIC LETTER TCHEHEH MEDIAL FORM +FB82;FB82;FB82;068D;068D; # (ﮂ; ﮂ; ﮂ; Ú; Ú; ) ARABIC LETTER DDAHAL ISOLATED FORM +FB83;FB83;FB83;068D;068D; # (ﮃ; ﮃ; ﮃ; Ú; Ú; ) ARABIC LETTER DDAHAL FINAL FORM +FB84;FB84;FB84;068C;068C; # (ﮄ; ﮄ; ﮄ; ÚŒ; ÚŒ; ) ARABIC LETTER DAHAL ISOLATED FORM +FB85;FB85;FB85;068C;068C; # (ï®…; ï®…; ï®…; ÚŒ; ÚŒ; ) ARABIC LETTER DAHAL FINAL FORM +FB86;FB86;FB86;068E;068E; # (ﮆ; ﮆ; ﮆ; ÚŽ; ÚŽ; ) ARABIC LETTER DUL ISOLATED FORM +FB87;FB87;FB87;068E;068E; # (ﮇ; ﮇ; ﮇ; ÚŽ; ÚŽ; ) ARABIC LETTER DUL FINAL FORM +FB88;FB88;FB88;0688;0688; # (ﮈ; ﮈ; ﮈ; Úˆ; Úˆ; ) ARABIC LETTER DDAL ISOLATED FORM +FB89;FB89;FB89;0688;0688; # (ﮉ; ﮉ; ﮉ; Úˆ; Úˆ; ) ARABIC LETTER DDAL FINAL FORM +FB8A;FB8A;FB8A;0698;0698; # (ﮊ; ﮊ; ﮊ; Ú˜; Ú˜; ) ARABIC LETTER JEH ISOLATED FORM +FB8B;FB8B;FB8B;0698;0698; # (ﮋ; ﮋ; ﮋ; Ú˜; Ú˜; ) ARABIC LETTER JEH FINAL FORM +FB8C;FB8C;FB8C;0691;0691; # (ﮌ; ﮌ; ﮌ; Ú‘; Ú‘; ) ARABIC LETTER RREH ISOLATED FORM +FB8D;FB8D;FB8D;0691;0691; # (ï®; ï®; ï®; Ú‘; Ú‘; ) ARABIC LETTER RREH FINAL FORM +FB8E;FB8E;FB8E;06A9;06A9; # (ﮎ; ﮎ; ﮎ; Ú©; Ú©; ) ARABIC LETTER KEHEH ISOLATED FORM +FB8F;FB8F;FB8F;06A9;06A9; # (ï®; ï®; ï®; Ú©; Ú©; ) ARABIC LETTER KEHEH FINAL FORM +FB90;FB90;FB90;06A9;06A9; # (ï®; ï®; ï®; Ú©; Ú©; ) ARABIC LETTER KEHEH INITIAL FORM +FB91;FB91;FB91;06A9;06A9; # (ﮑ; ﮑ; ﮑ; Ú©; Ú©; ) ARABIC LETTER KEHEH MEDIAL FORM +FB92;FB92;FB92;06AF;06AF; # (ï®’; ï®’; ï®’; Ú¯; Ú¯; ) ARABIC LETTER GAF ISOLATED FORM +FB93;FB93;FB93;06AF;06AF; # (ﮓ; ﮓ; ﮓ; Ú¯; Ú¯; ) ARABIC LETTER GAF FINAL FORM +FB94;FB94;FB94;06AF;06AF; # (ï®”; ï®”; ï®”; Ú¯; Ú¯; ) ARABIC LETTER GAF INITIAL FORM +FB95;FB95;FB95;06AF;06AF; # (ﮕ; ﮕ; ﮕ; Ú¯; Ú¯; ) ARABIC LETTER GAF MEDIAL FORM +FB96;FB96;FB96;06B3;06B3; # (ï®–; ï®–; ï®–; Ú³; Ú³; ) ARABIC LETTER GUEH ISOLATED FORM +FB97;FB97;FB97;06B3;06B3; # (ï®—; ï®—; ï®—; Ú³; Ú³; ) ARABIC LETTER GUEH FINAL FORM +FB98;FB98;FB98;06B3;06B3; # (ﮘ; ﮘ; ﮘ; Ú³; Ú³; ) ARABIC LETTER GUEH INITIAL FORM +FB99;FB99;FB99;06B3;06B3; # (ï®™; ï®™; ï®™; Ú³; Ú³; ) ARABIC LETTER GUEH MEDIAL FORM +FB9A;FB9A;FB9A;06B1;06B1; # (ﮚ; ﮚ; ﮚ; Ú±; Ú±; ) ARABIC LETTER NGOEH ISOLATED FORM +FB9B;FB9B;FB9B;06B1;06B1; # (ï®›; ï®›; ï®›; Ú±; Ú±; ) ARABIC LETTER NGOEH FINAL FORM +FB9C;FB9C;FB9C;06B1;06B1; # (ﮜ; ﮜ; ﮜ; Ú±; Ú±; ) ARABIC LETTER NGOEH INITIAL FORM +FB9D;FB9D;FB9D;06B1;06B1; # (ï®; ï®; ï®; Ú±; Ú±; ) ARABIC LETTER NGOEH MEDIAL FORM +FB9E;FB9E;FB9E;06BA;06BA; # (ﮞ; ﮞ; ﮞ; Úº; Úº; ) ARABIC LETTER NOON GHUNNA ISOLATED FORM +FB9F;FB9F;FB9F;06BA;06BA; # (ﮟ; ﮟ; ﮟ; Úº; Úº; ) ARABIC LETTER NOON GHUNNA FINAL FORM +FBA0;FBA0;FBA0;06BB;06BB; # (ï® ; ï® ; ï® ; Ú»; Ú»; ) ARABIC LETTER RNOON ISOLATED FORM +FBA1;FBA1;FBA1;06BB;06BB; # (ﮡ; ﮡ; ﮡ; Ú»; Ú»; ) ARABIC LETTER RNOON FINAL FORM +FBA2;FBA2;FBA2;06BB;06BB; # (ﮢ; ﮢ; ﮢ; Ú»; Ú»; ) ARABIC LETTER RNOON INITIAL FORM +FBA3;FBA3;FBA3;06BB;06BB; # (ﮣ; ﮣ; ﮣ; Ú»; Ú»; ) ARABIC LETTER RNOON MEDIAL FORM +FBA4;FBA4;FBA4;06C0;06D5 0654; # (ﮤ; ﮤ; ﮤ; Û€; ە◌ٔ; ) ARABIC LETTER HEH WITH YEH ABOVE ISOLATED FORM +FBA5;FBA5;FBA5;06C0;06D5 0654; # (ﮥ; ﮥ; ﮥ; Û€; ە◌ٔ; ) ARABIC LETTER HEH WITH YEH ABOVE FINAL FORM +FBA6;FBA6;FBA6;06C1;06C1; # (ﮦ; ﮦ; ﮦ; Û; Û; ) ARABIC LETTER HEH GOAL ISOLATED FORM +FBA7;FBA7;FBA7;06C1;06C1; # (ﮧ; ﮧ; ﮧ; Û; Û; ) ARABIC LETTER HEH GOAL FINAL FORM +FBA8;FBA8;FBA8;06C1;06C1; # (ﮨ; ﮨ; ﮨ; Û; Û; ) ARABIC LETTER HEH GOAL INITIAL FORM +FBA9;FBA9;FBA9;06C1;06C1; # (ﮩ; ﮩ; ﮩ; Û; Û; ) ARABIC LETTER HEH GOAL MEDIAL FORM +FBAA;FBAA;FBAA;06BE;06BE; # (ﮪ; ﮪ; ﮪ; Ú¾; Ú¾; ) ARABIC LETTER HEH DOACHASHMEE ISOLATED FORM +FBAB;FBAB;FBAB;06BE;06BE; # (ﮫ; ﮫ; ﮫ; Ú¾; Ú¾; ) ARABIC LETTER HEH DOACHASHMEE FINAL FORM +FBAC;FBAC;FBAC;06BE;06BE; # (ﮬ; ﮬ; ﮬ; Ú¾; Ú¾; ) ARABIC LETTER HEH DOACHASHMEE INITIAL FORM +FBAD;FBAD;FBAD;06BE;06BE; # (ï®­; ï®­; ï®­; Ú¾; Ú¾; ) ARABIC LETTER HEH DOACHASHMEE MEDIAL FORM +FBAE;FBAE;FBAE;06D2;06D2; # (ï®®; ï®®; ï®®; Û’; Û’; ) ARABIC LETTER YEH BARREE ISOLATED FORM +FBAF;FBAF;FBAF;06D2;06D2; # (ﮯ; ﮯ; ﮯ; Û’; Û’; ) ARABIC LETTER YEH BARREE FINAL FORM +FBB0;FBB0;FBB0;06D3;06D2 0654; # (ï®°; ï®°; ï®°; Û“; ے◌ٔ; ) ARABIC LETTER YEH BARREE WITH HAMZA ABOVE ISOLATED FORM +FBB1;FBB1;FBB1;06D3;06D2 0654; # (ï®±; ï®±; ï®±; Û“; ے◌ٔ; ) ARABIC LETTER YEH BARREE WITH HAMZA ABOVE FINAL FORM +FBD3;FBD3;FBD3;06AD;06AD; # (ﯓ; ﯓ; ﯓ; Ú­; Ú­; ) ARABIC LETTER NG ISOLATED FORM +FBD4;FBD4;FBD4;06AD;06AD; # (ﯔ; ﯔ; ﯔ; Ú­; Ú­; ) ARABIC LETTER NG FINAL FORM +FBD5;FBD5;FBD5;06AD;06AD; # (ﯕ; ﯕ; ﯕ; Ú­; Ú­; ) ARABIC LETTER NG INITIAL FORM +FBD6;FBD6;FBD6;06AD;06AD; # (ﯖ; ﯖ; ﯖ; Ú­; Ú­; ) ARABIC LETTER NG MEDIAL FORM +FBD7;FBD7;FBD7;06C7;06C7; # (ﯗ; ﯗ; ﯗ; Û‡; Û‡; ) ARABIC LETTER U ISOLATED FORM +FBD8;FBD8;FBD8;06C7;06C7; # (ﯘ; ﯘ; ﯘ; Û‡; Û‡; ) ARABIC LETTER U FINAL FORM +FBD9;FBD9;FBD9;06C6;06C6; # (ﯙ; ﯙ; ﯙ; Û†; Û†; ) ARABIC LETTER OE ISOLATED FORM +FBDA;FBDA;FBDA;06C6;06C6; # (ﯚ; ﯚ; ﯚ; Û†; Û†; ) ARABIC LETTER OE FINAL FORM +FBDB;FBDB;FBDB;06C8;06C8; # (ﯛ; ﯛ; ﯛ; Ûˆ; Ûˆ; ) ARABIC LETTER YU ISOLATED FORM +FBDC;FBDC;FBDC;06C8;06C8; # (ﯜ; ﯜ; ﯜ; Ûˆ; Ûˆ; ) ARABIC LETTER YU FINAL FORM +FBDD;FBDD;FBDD;06C7 0674;06C7 0674; # (ï¯; ï¯; ï¯; Û‡Ù´; Û‡Ù´; ) ARABIC LETTER U WITH HAMZA ABOVE ISOLATED FORM +FBDE;FBDE;FBDE;06CB;06CB; # (ﯞ; ﯞ; ﯞ; Û‹; Û‹; ) ARABIC LETTER VE ISOLATED FORM +FBDF;FBDF;FBDF;06CB;06CB; # (ﯟ; ﯟ; ﯟ; Û‹; Û‹; ) ARABIC LETTER VE FINAL FORM +FBE0;FBE0;FBE0;06C5;06C5; # (ﯠ; ﯠ; ﯠ; Û…; Û…; ) ARABIC LETTER KIRGHIZ OE ISOLATED FORM +FBE1;FBE1;FBE1;06C5;06C5; # (ﯡ; ﯡ; ﯡ; Û…; Û…; ) ARABIC LETTER KIRGHIZ OE FINAL FORM +FBE2;FBE2;FBE2;06C9;06C9; # (ﯢ; ﯢ; ﯢ; Û‰; Û‰; ) ARABIC LETTER KIRGHIZ YU ISOLATED FORM +FBE3;FBE3;FBE3;06C9;06C9; # (ﯣ; ﯣ; ﯣ; Û‰; Û‰; ) ARABIC LETTER KIRGHIZ YU FINAL FORM +FBE4;FBE4;FBE4;06D0;06D0; # (ﯤ; ﯤ; ﯤ; Û; Û; ) ARABIC LETTER E ISOLATED FORM +FBE5;FBE5;FBE5;06D0;06D0; # (ﯥ; ﯥ; ﯥ; Û; Û; ) ARABIC LETTER E FINAL FORM +FBE6;FBE6;FBE6;06D0;06D0; # (ﯦ; ﯦ; ﯦ; Û; Û; ) ARABIC LETTER E INITIAL FORM +FBE7;FBE7;FBE7;06D0;06D0; # (ﯧ; ﯧ; ﯧ; Û; Û; ) ARABIC LETTER E MEDIAL FORM +FBE8;FBE8;FBE8;0649;0649; # (ﯨ; ﯨ; ﯨ; Ù‰; Ù‰; ) ARABIC LETTER UIGHUR KAZAKH KIRGHIZ ALEF MAKSURA INITIAL FORM +FBE9;FBE9;FBE9;0649;0649; # (ﯩ; ﯩ; ﯩ; Ù‰; Ù‰; ) ARABIC LETTER UIGHUR KAZAKH KIRGHIZ ALEF MAKSURA MEDIAL FORM +FBEA;FBEA;FBEA;0626 0627;064A 0654 0627; # (ﯪ; ﯪ; ﯪ; ئا; ي◌ٔا; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF ISOLATED FORM +FBEB;FBEB;FBEB;0626 0627;064A 0654 0627; # (ﯫ; ﯫ; ﯫ; ئا; ي◌ٔا; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF FINAL FORM +FBEC;FBEC;FBEC;0626 06D5;064A 0654 06D5; # (ﯬ; ﯬ; ﯬ; ئە; ي◌ٔە; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH AE ISOLATED FORM +FBED;FBED;FBED;0626 06D5;064A 0654 06D5; # (ﯭ; ﯭ; ﯭ; ئە; ي◌ٔە; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH AE FINAL FORM +FBEE;FBEE;FBEE;0626 0648;064A 0654 0648; # (ﯮ; ﯮ; ﯮ; ئو; ي◌ٔو; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH WAW ISOLATED FORM +FBEF;FBEF;FBEF;0626 0648;064A 0654 0648; # (ﯯ; ﯯ; ﯯ; ئو; ي◌ٔو; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH WAW FINAL FORM +FBF0;FBF0;FBF0;0626 06C7;064A 0654 06C7; # (ﯰ; ﯰ; ﯰ; ئۇ; ي◌ٔۇ; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH U ISOLATED FORM +FBF1;FBF1;FBF1;0626 06C7;064A 0654 06C7; # (ﯱ; ﯱ; ﯱ; ئۇ; ي◌ٔۇ; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH U FINAL FORM +FBF2;FBF2;FBF2;0626 06C6;064A 0654 06C6; # (ﯲ; ﯲ; ﯲ; ئۆ; ي◌ٔۆ; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH OE ISOLATED FORM +FBF3;FBF3;FBF3;0626 06C6;064A 0654 06C6; # (ﯳ; ﯳ; ﯳ; ئۆ; ي◌ٔۆ; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH OE FINAL FORM +FBF4;FBF4;FBF4;0626 06C8;064A 0654 06C8; # (ﯴ; ﯴ; ﯴ; ئۈ; ي◌ٔۈ; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YU ISOLATED FORM +FBF5;FBF5;FBF5;0626 06C8;064A 0654 06C8; # (ﯵ; ﯵ; ﯵ; ئۈ; ي◌ٔۈ; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YU FINAL FORM +FBF6;FBF6;FBF6;0626 06D0;064A 0654 06D0; # (ﯶ; ﯶ; ﯶ; ئÛ; ي◌ٔÛ; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E ISOLATED FORM +FBF7;FBF7;FBF7;0626 06D0;064A 0654 06D0; # (ﯷ; ﯷ; ﯷ; ئÛ; ي◌ٔÛ; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E FINAL FORM +FBF8;FBF8;FBF8;0626 06D0;064A 0654 06D0; # (ﯸ; ﯸ; ﯸ; ئÛ; ي◌ٔÛ; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E INITIAL FORM +FBF9;FBF9;FBF9;0626 0649;064A 0654 0649; # (ﯹ; ﯹ; ﯹ; ئى; ي◌ٔى; ) ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA ISOLATED FORM +FBFA;FBFA;FBFA;0626 0649;064A 0654 0649; # (ﯺ; ﯺ; ﯺ; ئى; ي◌ٔى; ) ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA FINAL FORM +FBFB;FBFB;FBFB;0626 0649;064A 0654 0649; # (ﯻ; ﯻ; ﯻ; ئى; ي◌ٔى; ) ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA INITIAL FORM +FBFC;FBFC;FBFC;06CC;06CC; # (ﯼ; ﯼ; ﯼ; ÛŒ; ÛŒ; ) ARABIC LETTER FARSI YEH ISOLATED FORM +FBFD;FBFD;FBFD;06CC;06CC; # (ﯽ; ﯽ; ﯽ; ÛŒ; ÛŒ; ) ARABIC LETTER FARSI YEH FINAL FORM +FBFE;FBFE;FBFE;06CC;06CC; # (ﯾ; ﯾ; ﯾ; ÛŒ; ÛŒ; ) ARABIC LETTER FARSI YEH INITIAL FORM +FBFF;FBFF;FBFF;06CC;06CC; # (ﯿ; ﯿ; ﯿ; ÛŒ; ÛŒ; ) ARABIC LETTER FARSI YEH MEDIAL FORM +FC00;FC00;FC00;0626 062C;064A 0654 062C; # (ï°€; ï°€; ï°€; ئج; ي◌ٔج; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH JEEM ISOLATED FORM +FC01;FC01;FC01;0626 062D;064A 0654 062D; # (ï°; ï°; ï°; ئح; ي◌ٔح; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HAH ISOLATED FORM +FC02;FC02;FC02;0626 0645;064A 0654 0645; # (ï°‚; ï°‚; ï°‚; ئم; ي◌ٔم; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM ISOLATED FORM +FC03;FC03;FC03;0626 0649;064A 0654 0649; # (ï°ƒ; ï°ƒ; ï°ƒ; ئى; ي◌ٔى; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF MAKSURA ISOLATED FORM +FC04;FC04;FC04;0626 064A;064A 0654 064A; # (ï°„; ï°„; ï°„; ئي; ي◌ٔي; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YEH ISOLATED FORM +FC05;FC05;FC05;0628 062C;0628 062C; # (ï°…; ï°…; ï°…; بج; بج; ) ARABIC LIGATURE BEH WITH JEEM ISOLATED FORM +FC06;FC06;FC06;0628 062D;0628 062D; # (ï°†; ï°†; ï°†; بح; بح; ) ARABIC LIGATURE BEH WITH HAH ISOLATED FORM +FC07;FC07;FC07;0628 062E;0628 062E; # (ï°‡; ï°‡; ï°‡; بخ; بخ; ) ARABIC LIGATURE BEH WITH KHAH ISOLATED FORM +FC08;FC08;FC08;0628 0645;0628 0645; # (ï°ˆ; ï°ˆ; ï°ˆ; بم; بم; ) ARABIC LIGATURE BEH WITH MEEM ISOLATED FORM +FC09;FC09;FC09;0628 0649;0628 0649; # (ï°‰; ï°‰; ï°‰; بى; بى; ) ARABIC LIGATURE BEH WITH ALEF MAKSURA ISOLATED FORM +FC0A;FC0A;FC0A;0628 064A;0628 064A; # (ï°Š; ï°Š; ï°Š; بي; بي; ) ARABIC LIGATURE BEH WITH YEH ISOLATED FORM +FC0B;FC0B;FC0B;062A 062C;062A 062C; # (ï°‹; ï°‹; ï°‹; تج; تج; ) ARABIC LIGATURE TEH WITH JEEM ISOLATED FORM +FC0C;FC0C;FC0C;062A 062D;062A 062D; # (ï°Œ; ï°Œ; ï°Œ; تح; تح; ) ARABIC LIGATURE TEH WITH HAH ISOLATED FORM +FC0D;FC0D;FC0D;062A 062E;062A 062E; # (ï°; ï°; ï°; تخ; تخ; ) ARABIC LIGATURE TEH WITH KHAH ISOLATED FORM +FC0E;FC0E;FC0E;062A 0645;062A 0645; # (ï°Ž; ï°Ž; ï°Ž; تم; تم; ) ARABIC LIGATURE TEH WITH MEEM ISOLATED FORM +FC0F;FC0F;FC0F;062A 0649;062A 0649; # (ï°; ï°; ï°; تى; تى; ) ARABIC LIGATURE TEH WITH ALEF MAKSURA ISOLATED FORM +FC10;FC10;FC10;062A 064A;062A 064A; # (ï°; ï°; ï°; تي; تي; ) ARABIC LIGATURE TEH WITH YEH ISOLATED FORM +FC11;FC11;FC11;062B 062C;062B 062C; # (ï°‘; ï°‘; ï°‘; ثج; ثج; ) ARABIC LIGATURE THEH WITH JEEM ISOLATED FORM +FC12;FC12;FC12;062B 0645;062B 0645; # (ï°’; ï°’; ï°’; ثم; ثم; ) ARABIC LIGATURE THEH WITH MEEM ISOLATED FORM +FC13;FC13;FC13;062B 0649;062B 0649; # (ï°“; ï°“; ï°“; ثى; ثى; ) ARABIC LIGATURE THEH WITH ALEF MAKSURA ISOLATED FORM +FC14;FC14;FC14;062B 064A;062B 064A; # (ï°”; ï°”; ï°”; ثي; ثي; ) ARABIC LIGATURE THEH WITH YEH ISOLATED FORM +FC15;FC15;FC15;062C 062D;062C 062D; # (ï°•; ï°•; ï°•; جح; جح; ) ARABIC LIGATURE JEEM WITH HAH ISOLATED FORM +FC16;FC16;FC16;062C 0645;062C 0645; # (ï°–; ï°–; ï°–; جم; جم; ) ARABIC LIGATURE JEEM WITH MEEM ISOLATED FORM +FC17;FC17;FC17;062D 062C;062D 062C; # (ï°—; ï°—; ï°—; حج; حج; ) ARABIC LIGATURE HAH WITH JEEM ISOLATED FORM +FC18;FC18;FC18;062D 0645;062D 0645; # (ï°˜; ï°˜; ï°˜; حم; حم; ) ARABIC LIGATURE HAH WITH MEEM ISOLATED FORM +FC19;FC19;FC19;062E 062C;062E 062C; # (ï°™; ï°™; ï°™; خج; خج; ) ARABIC LIGATURE KHAH WITH JEEM ISOLATED FORM +FC1A;FC1A;FC1A;062E 062D;062E 062D; # (ï°š; ï°š; ï°š; خح; خح; ) ARABIC LIGATURE KHAH WITH HAH ISOLATED FORM +FC1B;FC1B;FC1B;062E 0645;062E 0645; # (ï°›; ï°›; ï°›; خم; خم; ) ARABIC LIGATURE KHAH WITH MEEM ISOLATED FORM +FC1C;FC1C;FC1C;0633 062C;0633 062C; # (ï°œ; ï°œ; ï°œ; سج; سج; ) ARABIC LIGATURE SEEN WITH JEEM ISOLATED FORM +FC1D;FC1D;FC1D;0633 062D;0633 062D; # (ï°; ï°; ï°; سح; سح; ) ARABIC LIGATURE SEEN WITH HAH ISOLATED FORM +FC1E;FC1E;FC1E;0633 062E;0633 062E; # (ï°ž; ï°ž; ï°ž; سخ; سخ; ) ARABIC LIGATURE SEEN WITH KHAH ISOLATED FORM +FC1F;FC1F;FC1F;0633 0645;0633 0645; # (ï°Ÿ; ï°Ÿ; ï°Ÿ; سم; سم; ) ARABIC LIGATURE SEEN WITH MEEM ISOLATED FORM +FC20;FC20;FC20;0635 062D;0635 062D; # (ï° ; ï° ; ï° ; صح; صح; ) ARABIC LIGATURE SAD WITH HAH ISOLATED FORM +FC21;FC21;FC21;0635 0645;0635 0645; # (ï°¡; ï°¡; ï°¡; صم; صم; ) ARABIC LIGATURE SAD WITH MEEM ISOLATED FORM +FC22;FC22;FC22;0636 062C;0636 062C; # (ï°¢; ï°¢; ï°¢; ضج; ضج; ) ARABIC LIGATURE DAD WITH JEEM ISOLATED FORM +FC23;FC23;FC23;0636 062D;0636 062D; # (ï°£; ï°£; ï°£; ضح; ضح; ) ARABIC LIGATURE DAD WITH HAH ISOLATED FORM +FC24;FC24;FC24;0636 062E;0636 062E; # (ï°¤; ï°¤; ï°¤; ضخ; ضخ; ) ARABIC LIGATURE DAD WITH KHAH ISOLATED FORM +FC25;FC25;FC25;0636 0645;0636 0645; # (ï°¥; ï°¥; ï°¥; ضم; ضم; ) ARABIC LIGATURE DAD WITH MEEM ISOLATED FORM +FC26;FC26;FC26;0637 062D;0637 062D; # (ï°¦; ï°¦; ï°¦; طح; طح; ) ARABIC LIGATURE TAH WITH HAH ISOLATED FORM +FC27;FC27;FC27;0637 0645;0637 0645; # (ï°§; ï°§; ï°§; طم; طم; ) ARABIC LIGATURE TAH WITH MEEM ISOLATED FORM +FC28;FC28;FC28;0638 0645;0638 0645; # (ï°¨; ï°¨; ï°¨; ظم; ظم; ) ARABIC LIGATURE ZAH WITH MEEM ISOLATED FORM +FC29;FC29;FC29;0639 062C;0639 062C; # (ï°©; ï°©; ï°©; عج; عج; ) ARABIC LIGATURE AIN WITH JEEM ISOLATED FORM +FC2A;FC2A;FC2A;0639 0645;0639 0645; # (ï°ª; ï°ª; ï°ª; عم; عم; ) ARABIC LIGATURE AIN WITH MEEM ISOLATED FORM +FC2B;FC2B;FC2B;063A 062C;063A 062C; # (ï°«; ï°«; ï°«; غج; غج; ) ARABIC LIGATURE GHAIN WITH JEEM ISOLATED FORM +FC2C;FC2C;FC2C;063A 0645;063A 0645; # (ï°¬; ï°¬; ï°¬; غم; غم; ) ARABIC LIGATURE GHAIN WITH MEEM ISOLATED FORM +FC2D;FC2D;FC2D;0641 062C;0641 062C; # (ï°­; ï°­; ï°­; Ùج; Ùج; ) ARABIC LIGATURE FEH WITH JEEM ISOLATED FORM +FC2E;FC2E;FC2E;0641 062D;0641 062D; # (ï°®; ï°®; ï°®; ÙØ­; ÙØ­; ) ARABIC LIGATURE FEH WITH HAH ISOLATED FORM +FC2F;FC2F;FC2F;0641 062E;0641 062E; # (ï°¯; ï°¯; ï°¯; ÙØ®; ÙØ®; ) ARABIC LIGATURE FEH WITH KHAH ISOLATED FORM +FC30;FC30;FC30;0641 0645;0641 0645; # (ï°°; ï°°; ï°°; ÙÙ…; ÙÙ…; ) ARABIC LIGATURE FEH WITH MEEM ISOLATED FORM +FC31;FC31;FC31;0641 0649;0641 0649; # (ï°±; ï°±; ï°±; ÙÙ‰; ÙÙ‰; ) ARABIC LIGATURE FEH WITH ALEF MAKSURA ISOLATED FORM +FC32;FC32;FC32;0641 064A;0641 064A; # (ï°²; ï°²; ï°²; ÙÙŠ; ÙÙŠ; ) ARABIC LIGATURE FEH WITH YEH ISOLATED FORM +FC33;FC33;FC33;0642 062D;0642 062D; # (ï°³; ï°³; ï°³; قح; قح; ) ARABIC LIGATURE QAF WITH HAH ISOLATED FORM +FC34;FC34;FC34;0642 0645;0642 0645; # (ï°´; ï°´; ï°´; قم; قم; ) ARABIC LIGATURE QAF WITH MEEM ISOLATED FORM +FC35;FC35;FC35;0642 0649;0642 0649; # (ï°µ; ï°µ; ï°µ; قى; قى; ) ARABIC LIGATURE QAF WITH ALEF MAKSURA ISOLATED FORM +FC36;FC36;FC36;0642 064A;0642 064A; # (ï°¶; ï°¶; ï°¶; قي; قي; ) ARABIC LIGATURE QAF WITH YEH ISOLATED FORM +FC37;FC37;FC37;0643 0627;0643 0627; # (ï°·; ï°·; ï°·; كا; كا; ) ARABIC LIGATURE KAF WITH ALEF ISOLATED FORM +FC38;FC38;FC38;0643 062C;0643 062C; # (ï°¸; ï°¸; ï°¸; كج; كج; ) ARABIC LIGATURE KAF WITH JEEM ISOLATED FORM +FC39;FC39;FC39;0643 062D;0643 062D; # (ï°¹; ï°¹; ï°¹; كح; كح; ) ARABIC LIGATURE KAF WITH HAH ISOLATED FORM +FC3A;FC3A;FC3A;0643 062E;0643 062E; # (ï°º; ï°º; ï°º; كخ; كخ; ) ARABIC LIGATURE KAF WITH KHAH ISOLATED FORM +FC3B;FC3B;FC3B;0643 0644;0643 0644; # (ï°»; ï°»; ï°»; كل; كل; ) ARABIC LIGATURE KAF WITH LAM ISOLATED FORM +FC3C;FC3C;FC3C;0643 0645;0643 0645; # (ï°¼; ï°¼; ï°¼; كم; كم; ) ARABIC LIGATURE KAF WITH MEEM ISOLATED FORM +FC3D;FC3D;FC3D;0643 0649;0643 0649; # (ï°½; ï°½; ï°½; كى; كى; ) ARABIC LIGATURE KAF WITH ALEF MAKSURA ISOLATED FORM +FC3E;FC3E;FC3E;0643 064A;0643 064A; # (ï°¾; ï°¾; ï°¾; كي; كي; ) ARABIC LIGATURE KAF WITH YEH ISOLATED FORM +FC3F;FC3F;FC3F;0644 062C;0644 062C; # (ï°¿; ï°¿; ï°¿; لج; لج; ) ARABIC LIGATURE LAM WITH JEEM ISOLATED FORM +FC40;FC40;FC40;0644 062D;0644 062D; # (ï±€; ï±€; ï±€; لح; لح; ) ARABIC LIGATURE LAM WITH HAH ISOLATED FORM +FC41;FC41;FC41;0644 062E;0644 062E; # (ï±; ï±; ï±; لخ; لخ; ) ARABIC LIGATURE LAM WITH KHAH ISOLATED FORM +FC42;FC42;FC42;0644 0645;0644 0645; # (ﱂ; ﱂ; ﱂ; لم; لم; ) ARABIC LIGATURE LAM WITH MEEM ISOLATED FORM +FC43;FC43;FC43;0644 0649;0644 0649; # (ﱃ; ﱃ; ﱃ; لى; لى; ) ARABIC LIGATURE LAM WITH ALEF MAKSURA ISOLATED FORM +FC44;FC44;FC44;0644 064A;0644 064A; # (ﱄ; ﱄ; ﱄ; لي; لي; ) ARABIC LIGATURE LAM WITH YEH ISOLATED FORM +FC45;FC45;FC45;0645 062C;0645 062C; # (ï±…; ï±…; ï±…; مج; مج; ) ARABIC LIGATURE MEEM WITH JEEM ISOLATED FORM +FC46;FC46;FC46;0645 062D;0645 062D; # (ﱆ; ﱆ; ﱆ; مح; مح; ) ARABIC LIGATURE MEEM WITH HAH ISOLATED FORM +FC47;FC47;FC47;0645 062E;0645 062E; # (ﱇ; ﱇ; ﱇ; مخ; مخ; ) ARABIC LIGATURE MEEM WITH KHAH ISOLATED FORM +FC48;FC48;FC48;0645 0645;0645 0645; # (ﱈ; ﱈ; ﱈ; مم; مم; ) ARABIC LIGATURE MEEM WITH MEEM ISOLATED FORM +FC49;FC49;FC49;0645 0649;0645 0649; # (ﱉ; ﱉ; ﱉ; مى; مى; ) ARABIC LIGATURE MEEM WITH ALEF MAKSURA ISOLATED FORM +FC4A;FC4A;FC4A;0645 064A;0645 064A; # (ﱊ; ﱊ; ﱊ; مي; مي; ) ARABIC LIGATURE MEEM WITH YEH ISOLATED FORM +FC4B;FC4B;FC4B;0646 062C;0646 062C; # (ﱋ; ﱋ; ﱋ; نج; نج; ) ARABIC LIGATURE NOON WITH JEEM ISOLATED FORM +FC4C;FC4C;FC4C;0646 062D;0646 062D; # (ﱌ; ﱌ; ﱌ; نح; نح; ) ARABIC LIGATURE NOON WITH HAH ISOLATED FORM +FC4D;FC4D;FC4D;0646 062E;0646 062E; # (ï±; ï±; ï±; نخ; نخ; ) ARABIC LIGATURE NOON WITH KHAH ISOLATED FORM +FC4E;FC4E;FC4E;0646 0645;0646 0645; # (ﱎ; ﱎ; ﱎ; نم; نم; ) ARABIC LIGATURE NOON WITH MEEM ISOLATED FORM +FC4F;FC4F;FC4F;0646 0649;0646 0649; # (ï±; ï±; ï±; نى; نى; ) ARABIC LIGATURE NOON WITH ALEF MAKSURA ISOLATED FORM +FC50;FC50;FC50;0646 064A;0646 064A; # (ï±; ï±; ï±; ني; ني; ) ARABIC LIGATURE NOON WITH YEH ISOLATED FORM +FC51;FC51;FC51;0647 062C;0647 062C; # (ﱑ; ﱑ; ﱑ; هج; هج; ) ARABIC LIGATURE HEH WITH JEEM ISOLATED FORM +FC52;FC52;FC52;0647 0645;0647 0645; # (ï±’; ï±’; ï±’; هم; هم; ) ARABIC LIGATURE HEH WITH MEEM ISOLATED FORM +FC53;FC53;FC53;0647 0649;0647 0649; # (ﱓ; ﱓ; ﱓ; هى; هى; ) ARABIC LIGATURE HEH WITH ALEF MAKSURA ISOLATED FORM +FC54;FC54;FC54;0647 064A;0647 064A; # (ï±”; ï±”; ï±”; هي; هي; ) ARABIC LIGATURE HEH WITH YEH ISOLATED FORM +FC55;FC55;FC55;064A 062C;064A 062C; # (ﱕ; ﱕ; ﱕ; يج; يج; ) ARABIC LIGATURE YEH WITH JEEM ISOLATED FORM +FC56;FC56;FC56;064A 062D;064A 062D; # (ï±–; ï±–; ï±–; يح; يح; ) ARABIC LIGATURE YEH WITH HAH ISOLATED FORM +FC57;FC57;FC57;064A 062E;064A 062E; # (ï±—; ï±—; ï±—; يخ; يخ; ) ARABIC LIGATURE YEH WITH KHAH ISOLATED FORM +FC58;FC58;FC58;064A 0645;064A 0645; # (ﱘ; ﱘ; ﱘ; يم; يم; ) ARABIC LIGATURE YEH WITH MEEM ISOLATED FORM +FC59;FC59;FC59;064A 0649;064A 0649; # (ï±™; ï±™; ï±™; يى; يى; ) ARABIC LIGATURE YEH WITH ALEF MAKSURA ISOLATED FORM +FC5A;FC5A;FC5A;064A 064A;064A 064A; # (ﱚ; ﱚ; ﱚ; يي; يي; ) ARABIC LIGATURE YEH WITH YEH ISOLATED FORM +FC5B;FC5B;FC5B;0630 0670;0630 0670; # (ï±›; ï±›; ï±›; ذ◌ٰ; ذ◌ٰ; ) ARABIC LIGATURE THAL WITH SUPERSCRIPT ALEF ISOLATED FORM +FC5C;FC5C;FC5C;0631 0670;0631 0670; # (ﱜ; ﱜ; ﱜ; ر◌ٰ; ر◌ٰ; ) ARABIC LIGATURE REH WITH SUPERSCRIPT ALEF ISOLATED FORM +FC5D;FC5D;FC5D;0649 0670;0649 0670; # (ï±; ï±; ï±; ى◌ٰ; ى◌ٰ; ) ARABIC LIGATURE ALEF MAKSURA WITH SUPERSCRIPT ALEF ISOLATED FORM +FC5E;FC5E;FC5E;0020 064C 0651;0020 064C 0651; # (ﱞ; ﱞ; ﱞ; ◌ٌ◌ّ; ◌ٌ◌ّ; ) ARABIC LIGATURE SHADDA WITH DAMMATAN ISOLATED FORM +FC5F;FC5F;FC5F;0020 064D 0651;0020 064D 0651; # (ﱟ; ﱟ; ﱟ; â—ŒÙ◌ّ; â—ŒÙ◌ّ; ) ARABIC LIGATURE SHADDA WITH KASRATAN ISOLATED FORM +FC60;FC60;FC60;0020 064E 0651;0020 064E 0651; # (ï± ; ï± ; ï± ; ◌َ◌ّ; ◌َ◌ّ; ) ARABIC LIGATURE SHADDA WITH FATHA ISOLATED FORM +FC61;FC61;FC61;0020 064F 0651;0020 064F 0651; # (ﱡ; ﱡ; ﱡ; â—ŒÙ◌ّ; â—ŒÙ◌ّ; ) ARABIC LIGATURE SHADDA WITH DAMMA ISOLATED FORM +FC62;FC62;FC62;0020 0650 0651;0020 0650 0651; # (ï±¢; ï±¢; ï±¢; â—ŒÙ◌ّ; â—ŒÙ◌ّ; ) ARABIC LIGATURE SHADDA WITH KASRA ISOLATED FORM +FC63;FC63;FC63;0020 0651 0670;0020 0651 0670; # (ï±£; ï±£; ï±£; ◌ّ◌ٰ; ◌ّ◌ٰ; ) ARABIC LIGATURE SHADDA WITH SUPERSCRIPT ALEF ISOLATED FORM +FC64;FC64;FC64;0626 0631;064A 0654 0631; # (ﱤ; ﱤ; ﱤ; ئر; ي◌ٔر; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH REH FINAL FORM +FC65;FC65;FC65;0626 0632;064A 0654 0632; # (ï±¥; ï±¥; ï±¥; ئز; ي◌ٔز; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ZAIN FINAL FORM +FC66;FC66;FC66;0626 0645;064A 0654 0645; # (ﱦ; ﱦ; ﱦ; ئم; ي◌ٔم; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM FINAL FORM +FC67;FC67;FC67;0626 0646;064A 0654 0646; # (ﱧ; ﱧ; ﱧ; ئن; ي◌ٔن; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH NOON FINAL FORM +FC68;FC68;FC68;0626 0649;064A 0654 0649; # (ﱨ; ﱨ; ﱨ; ئى; ي◌ٔى; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF MAKSURA FINAL FORM +FC69;FC69;FC69;0626 064A;064A 0654 064A; # (ﱩ; ﱩ; ﱩ; ئي; ي◌ٔي; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YEH FINAL FORM +FC6A;FC6A;FC6A;0628 0631;0628 0631; # (ﱪ; ﱪ; ﱪ; بر; بر; ) ARABIC LIGATURE BEH WITH REH FINAL FORM +FC6B;FC6B;FC6B;0628 0632;0628 0632; # (ﱫ; ﱫ; ﱫ; بز; بز; ) ARABIC LIGATURE BEH WITH ZAIN FINAL FORM +FC6C;FC6C;FC6C;0628 0645;0628 0645; # (ﱬ; ﱬ; ﱬ; بم; بم; ) ARABIC LIGATURE BEH WITH MEEM FINAL FORM +FC6D;FC6D;FC6D;0628 0646;0628 0646; # (ï±­; ï±­; ï±­; بن; بن; ) ARABIC LIGATURE BEH WITH NOON FINAL FORM +FC6E;FC6E;FC6E;0628 0649;0628 0649; # (ï±®; ï±®; ï±®; بى; بى; ) ARABIC LIGATURE BEH WITH ALEF MAKSURA FINAL FORM +FC6F;FC6F;FC6F;0628 064A;0628 064A; # (ﱯ; ﱯ; ﱯ; بي; بي; ) ARABIC LIGATURE BEH WITH YEH FINAL FORM +FC70;FC70;FC70;062A 0631;062A 0631; # (ï±°; ï±°; ï±°; تر; تر; ) ARABIC LIGATURE TEH WITH REH FINAL FORM +FC71;FC71;FC71;062A 0632;062A 0632; # (ï±±; ï±±; ï±±; تز; تز; ) ARABIC LIGATURE TEH WITH ZAIN FINAL FORM +FC72;FC72;FC72;062A 0645;062A 0645; # (ï±²; ï±²; ï±²; تم; تم; ) ARABIC LIGATURE TEH WITH MEEM FINAL FORM +FC73;FC73;FC73;062A 0646;062A 0646; # (ï±³; ï±³; ï±³; تن; تن; ) ARABIC LIGATURE TEH WITH NOON FINAL FORM +FC74;FC74;FC74;062A 0649;062A 0649; # (ï±´; ï±´; ï±´; تى; تى; ) ARABIC LIGATURE TEH WITH ALEF MAKSURA FINAL FORM +FC75;FC75;FC75;062A 064A;062A 064A; # (ï±µ; ï±µ; ï±µ; تي; تي; ) ARABIC LIGATURE TEH WITH YEH FINAL FORM +FC76;FC76;FC76;062B 0631;062B 0631; # (ﱶ; ﱶ; ﱶ; ثر; ثر; ) ARABIC LIGATURE THEH WITH REH FINAL FORM +FC77;FC77;FC77;062B 0632;062B 0632; # (ï±·; ï±·; ï±·; ثز; ثز; ) ARABIC LIGATURE THEH WITH ZAIN FINAL FORM +FC78;FC78;FC78;062B 0645;062B 0645; # (ﱸ; ﱸ; ﱸ; ثم; ثم; ) ARABIC LIGATURE THEH WITH MEEM FINAL FORM +FC79;FC79;FC79;062B 0646;062B 0646; # (ï±¹; ï±¹; ï±¹; ثن; ثن; ) ARABIC LIGATURE THEH WITH NOON FINAL FORM +FC7A;FC7A;FC7A;062B 0649;062B 0649; # (ﱺ; ﱺ; ﱺ; ثى; ثى; ) ARABIC LIGATURE THEH WITH ALEF MAKSURA FINAL FORM +FC7B;FC7B;FC7B;062B 064A;062B 064A; # (ï±»; ï±»; ï±»; ثي; ثي; ) ARABIC LIGATURE THEH WITH YEH FINAL FORM +FC7C;FC7C;FC7C;0641 0649;0641 0649; # (ï±¼; ï±¼; ï±¼; ÙÙ‰; ÙÙ‰; ) ARABIC LIGATURE FEH WITH ALEF MAKSURA FINAL FORM +FC7D;FC7D;FC7D;0641 064A;0641 064A; # (ï±½; ï±½; ï±½; ÙÙŠ; ÙÙŠ; ) ARABIC LIGATURE FEH WITH YEH FINAL FORM +FC7E;FC7E;FC7E;0642 0649;0642 0649; # (ï±¾; ï±¾; ï±¾; قى; قى; ) ARABIC LIGATURE QAF WITH ALEF MAKSURA FINAL FORM +FC7F;FC7F;FC7F;0642 064A;0642 064A; # (ﱿ; ﱿ; ﱿ; قي; قي; ) ARABIC LIGATURE QAF WITH YEH FINAL FORM +FC80;FC80;FC80;0643 0627;0643 0627; # (ï²€; ï²€; ï²€; كا; كا; ) ARABIC LIGATURE KAF WITH ALEF FINAL FORM +FC81;FC81;FC81;0643 0644;0643 0644; # (ï²; ï²; ï²; كل; كل; ) ARABIC LIGATURE KAF WITH LAM FINAL FORM +FC82;FC82;FC82;0643 0645;0643 0645; # (ﲂ; ﲂ; ﲂ; كم; كم; ) ARABIC LIGATURE KAF WITH MEEM FINAL FORM +FC83;FC83;FC83;0643 0649;0643 0649; # (ﲃ; ﲃ; ﲃ; كى; كى; ) ARABIC LIGATURE KAF WITH ALEF MAKSURA FINAL FORM +FC84;FC84;FC84;0643 064A;0643 064A; # (ﲄ; ﲄ; ﲄ; كي; كي; ) ARABIC LIGATURE KAF WITH YEH FINAL FORM +FC85;FC85;FC85;0644 0645;0644 0645; # (ï²…; ï²…; ï²…; لم; لم; ) ARABIC LIGATURE LAM WITH MEEM FINAL FORM +FC86;FC86;FC86;0644 0649;0644 0649; # (ﲆ; ﲆ; ﲆ; لى; لى; ) ARABIC LIGATURE LAM WITH ALEF MAKSURA FINAL FORM +FC87;FC87;FC87;0644 064A;0644 064A; # (ﲇ; ﲇ; ﲇ; لي; لي; ) ARABIC LIGATURE LAM WITH YEH FINAL FORM +FC88;FC88;FC88;0645 0627;0645 0627; # (ﲈ; ﲈ; ﲈ; ما; ما; ) ARABIC LIGATURE MEEM WITH ALEF FINAL FORM +FC89;FC89;FC89;0645 0645;0645 0645; # (ﲉ; ﲉ; ﲉ; مم; مم; ) ARABIC LIGATURE MEEM WITH MEEM FINAL FORM +FC8A;FC8A;FC8A;0646 0631;0646 0631; # (ﲊ; ﲊ; ﲊ; نر; نر; ) ARABIC LIGATURE NOON WITH REH FINAL FORM +FC8B;FC8B;FC8B;0646 0632;0646 0632; # (ﲋ; ﲋ; ﲋ; نز; نز; ) ARABIC LIGATURE NOON WITH ZAIN FINAL FORM +FC8C;FC8C;FC8C;0646 0645;0646 0645; # (ﲌ; ﲌ; ﲌ; نم; نم; ) ARABIC LIGATURE NOON WITH MEEM FINAL FORM +FC8D;FC8D;FC8D;0646 0646;0646 0646; # (ï²; ï²; ï²; نن; نن; ) ARABIC LIGATURE NOON WITH NOON FINAL FORM +FC8E;FC8E;FC8E;0646 0649;0646 0649; # (ﲎ; ﲎ; ﲎ; نى; نى; ) ARABIC LIGATURE NOON WITH ALEF MAKSURA FINAL FORM +FC8F;FC8F;FC8F;0646 064A;0646 064A; # (ï²; ï²; ï²; ني; ني; ) ARABIC LIGATURE NOON WITH YEH FINAL FORM +FC90;FC90;FC90;0649 0670;0649 0670; # (ï²; ï²; ï²; ى◌ٰ; ى◌ٰ; ) ARABIC LIGATURE ALEF MAKSURA WITH SUPERSCRIPT ALEF FINAL FORM +FC91;FC91;FC91;064A 0631;064A 0631; # (ﲑ; ﲑ; ﲑ; ير; ير; ) ARABIC LIGATURE YEH WITH REH FINAL FORM +FC92;FC92;FC92;064A 0632;064A 0632; # (ï²’; ï²’; ï²’; يز; يز; ) ARABIC LIGATURE YEH WITH ZAIN FINAL FORM +FC93;FC93;FC93;064A 0645;064A 0645; # (ﲓ; ﲓ; ﲓ; يم; يم; ) ARABIC LIGATURE YEH WITH MEEM FINAL FORM +FC94;FC94;FC94;064A 0646;064A 0646; # (ï²”; ï²”; ï²”; ين; ين; ) ARABIC LIGATURE YEH WITH NOON FINAL FORM +FC95;FC95;FC95;064A 0649;064A 0649; # (ﲕ; ﲕ; ﲕ; يى; يى; ) ARABIC LIGATURE YEH WITH ALEF MAKSURA FINAL FORM +FC96;FC96;FC96;064A 064A;064A 064A; # (ï²–; ï²–; ï²–; يي; يي; ) ARABIC LIGATURE YEH WITH YEH FINAL FORM +FC97;FC97;FC97;0626 062C;064A 0654 062C; # (ï²—; ï²—; ï²—; ئج; ي◌ٔج; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH JEEM INITIAL FORM +FC98;FC98;FC98;0626 062D;064A 0654 062D; # (ﲘ; ﲘ; ﲘ; ئح; ي◌ٔح; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HAH INITIAL FORM +FC99;FC99;FC99;0626 062E;064A 0654 062E; # (ï²™; ï²™; ï²™; ئخ; ي◌ٔخ; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH KHAH INITIAL FORM +FC9A;FC9A;FC9A;0626 0645;064A 0654 0645; # (ﲚ; ﲚ; ﲚ; ئم; ي◌ٔم; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM INITIAL FORM +FC9B;FC9B;FC9B;0626 0647;064A 0654 0647; # (ï²›; ï²›; ï²›; ئه; ي◌ٔه; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HEH INITIAL FORM +FC9C;FC9C;FC9C;0628 062C;0628 062C; # (ﲜ; ﲜ; ﲜ; بج; بج; ) ARABIC LIGATURE BEH WITH JEEM INITIAL FORM +FC9D;FC9D;FC9D;0628 062D;0628 062D; # (ï²; ï²; ï²; بح; بح; ) ARABIC LIGATURE BEH WITH HAH INITIAL FORM +FC9E;FC9E;FC9E;0628 062E;0628 062E; # (ﲞ; ﲞ; ﲞ; بخ; بخ; ) ARABIC LIGATURE BEH WITH KHAH INITIAL FORM +FC9F;FC9F;FC9F;0628 0645;0628 0645; # (ﲟ; ﲟ; ﲟ; بم; بم; ) ARABIC LIGATURE BEH WITH MEEM INITIAL FORM +FCA0;FCA0;FCA0;0628 0647;0628 0647; # (ï² ; ï² ; ï² ; به; به; ) ARABIC LIGATURE BEH WITH HEH INITIAL FORM +FCA1;FCA1;FCA1;062A 062C;062A 062C; # (ﲡ; ﲡ; ﲡ; تج; تج; ) ARABIC LIGATURE TEH WITH JEEM INITIAL FORM +FCA2;FCA2;FCA2;062A 062D;062A 062D; # (ï²¢; ï²¢; ï²¢; تح; تح; ) ARABIC LIGATURE TEH WITH HAH INITIAL FORM +FCA3;FCA3;FCA3;062A 062E;062A 062E; # (ï²£; ï²£; ï²£; تخ; تخ; ) ARABIC LIGATURE TEH WITH KHAH INITIAL FORM +FCA4;FCA4;FCA4;062A 0645;062A 0645; # (ﲤ; ﲤ; ﲤ; تم; تم; ) ARABIC LIGATURE TEH WITH MEEM INITIAL FORM +FCA5;FCA5;FCA5;062A 0647;062A 0647; # (ï²¥; ï²¥; ï²¥; ته; ته; ) ARABIC LIGATURE TEH WITH HEH INITIAL FORM +FCA6;FCA6;FCA6;062B 0645;062B 0645; # (ﲦ; ﲦ; ﲦ; ثم; ثم; ) ARABIC LIGATURE THEH WITH MEEM INITIAL FORM +FCA7;FCA7;FCA7;062C 062D;062C 062D; # (ﲧ; ﲧ; ﲧ; جح; جح; ) ARABIC LIGATURE JEEM WITH HAH INITIAL FORM +FCA8;FCA8;FCA8;062C 0645;062C 0645; # (ﲨ; ﲨ; ﲨ; جم; جم; ) ARABIC LIGATURE JEEM WITH MEEM INITIAL FORM +FCA9;FCA9;FCA9;062D 062C;062D 062C; # (ﲩ; ﲩ; ﲩ; حج; حج; ) ARABIC LIGATURE HAH WITH JEEM INITIAL FORM +FCAA;FCAA;FCAA;062D 0645;062D 0645; # (ﲪ; ﲪ; ﲪ; حم; حم; ) ARABIC LIGATURE HAH WITH MEEM INITIAL FORM +FCAB;FCAB;FCAB;062E 062C;062E 062C; # (ﲫ; ﲫ; ﲫ; خج; خج; ) ARABIC LIGATURE KHAH WITH JEEM INITIAL FORM +FCAC;FCAC;FCAC;062E 0645;062E 0645; # (ﲬ; ﲬ; ﲬ; خم; خم; ) ARABIC LIGATURE KHAH WITH MEEM INITIAL FORM +FCAD;FCAD;FCAD;0633 062C;0633 062C; # (ï²­; ï²­; ï²­; سج; سج; ) ARABIC LIGATURE SEEN WITH JEEM INITIAL FORM +FCAE;FCAE;FCAE;0633 062D;0633 062D; # (ï²®; ï²®; ï²®; سح; سح; ) ARABIC LIGATURE SEEN WITH HAH INITIAL FORM +FCAF;FCAF;FCAF;0633 062E;0633 062E; # (ﲯ; ﲯ; ﲯ; سخ; سخ; ) ARABIC LIGATURE SEEN WITH KHAH INITIAL FORM +FCB0;FCB0;FCB0;0633 0645;0633 0645; # (ï²°; ï²°; ï²°; سم; سم; ) ARABIC LIGATURE SEEN WITH MEEM INITIAL FORM +FCB1;FCB1;FCB1;0635 062D;0635 062D; # (ï²±; ï²±; ï²±; صح; صح; ) ARABIC LIGATURE SAD WITH HAH INITIAL FORM +FCB2;FCB2;FCB2;0635 062E;0635 062E; # (ï²²; ï²²; ï²²; صخ; صخ; ) ARABIC LIGATURE SAD WITH KHAH INITIAL FORM +FCB3;FCB3;FCB3;0635 0645;0635 0645; # (ï²³; ï²³; ï²³; صم; صم; ) ARABIC LIGATURE SAD WITH MEEM INITIAL FORM +FCB4;FCB4;FCB4;0636 062C;0636 062C; # (ï²´; ï²´; ï²´; ضج; ضج; ) ARABIC LIGATURE DAD WITH JEEM INITIAL FORM +FCB5;FCB5;FCB5;0636 062D;0636 062D; # (ï²µ; ï²µ; ï²µ; ضح; ضح; ) ARABIC LIGATURE DAD WITH HAH INITIAL FORM +FCB6;FCB6;FCB6;0636 062E;0636 062E; # (ﲶ; ﲶ; ﲶ; ضخ; ضخ; ) ARABIC LIGATURE DAD WITH KHAH INITIAL FORM +FCB7;FCB7;FCB7;0636 0645;0636 0645; # (ï²·; ï²·; ï²·; ضم; ضم; ) ARABIC LIGATURE DAD WITH MEEM INITIAL FORM +FCB8;FCB8;FCB8;0637 062D;0637 062D; # (ﲸ; ﲸ; ﲸ; طح; طح; ) ARABIC LIGATURE TAH WITH HAH INITIAL FORM +FCB9;FCB9;FCB9;0638 0645;0638 0645; # (ï²¹; ï²¹; ï²¹; ظم; ظم; ) ARABIC LIGATURE ZAH WITH MEEM INITIAL FORM +FCBA;FCBA;FCBA;0639 062C;0639 062C; # (ﲺ; ﲺ; ﲺ; عج; عج; ) ARABIC LIGATURE AIN WITH JEEM INITIAL FORM +FCBB;FCBB;FCBB;0639 0645;0639 0645; # (ï²»; ï²»; ï²»; عم; عم; ) ARABIC LIGATURE AIN WITH MEEM INITIAL FORM +FCBC;FCBC;FCBC;063A 062C;063A 062C; # (ï²¼; ï²¼; ï²¼; غج; غج; ) ARABIC LIGATURE GHAIN WITH JEEM INITIAL FORM +FCBD;FCBD;FCBD;063A 0645;063A 0645; # (ï²½; ï²½; ï²½; غم; غم; ) ARABIC LIGATURE GHAIN WITH MEEM INITIAL FORM +FCBE;FCBE;FCBE;0641 062C;0641 062C; # (ï²¾; ï²¾; ï²¾; Ùج; Ùج; ) ARABIC LIGATURE FEH WITH JEEM INITIAL FORM +FCBF;FCBF;FCBF;0641 062D;0641 062D; # (ﲿ; ﲿ; ﲿ; ÙØ­; ÙØ­; ) ARABIC LIGATURE FEH WITH HAH INITIAL FORM +FCC0;FCC0;FCC0;0641 062E;0641 062E; # (ï³€; ï³€; ï³€; ÙØ®; ÙØ®; ) ARABIC LIGATURE FEH WITH KHAH INITIAL FORM +FCC1;FCC1;FCC1;0641 0645;0641 0645; # (ï³; ï³; ï³; ÙÙ…; ÙÙ…; ) ARABIC LIGATURE FEH WITH MEEM INITIAL FORM +FCC2;FCC2;FCC2;0642 062D;0642 062D; # (ﳂ; ﳂ; ﳂ; قح; قح; ) ARABIC LIGATURE QAF WITH HAH INITIAL FORM +FCC3;FCC3;FCC3;0642 0645;0642 0645; # (ﳃ; ﳃ; ﳃ; قم; قم; ) ARABIC LIGATURE QAF WITH MEEM INITIAL FORM +FCC4;FCC4;FCC4;0643 062C;0643 062C; # (ﳄ; ﳄ; ﳄ; كج; كج; ) ARABIC LIGATURE KAF WITH JEEM INITIAL FORM +FCC5;FCC5;FCC5;0643 062D;0643 062D; # (ï³…; ï³…; ï³…; كح; كح; ) ARABIC LIGATURE KAF WITH HAH INITIAL FORM +FCC6;FCC6;FCC6;0643 062E;0643 062E; # (ﳆ; ﳆ; ﳆ; كخ; كخ; ) ARABIC LIGATURE KAF WITH KHAH INITIAL FORM +FCC7;FCC7;FCC7;0643 0644;0643 0644; # (ﳇ; ﳇ; ﳇ; كل; كل; ) ARABIC LIGATURE KAF WITH LAM INITIAL FORM +FCC8;FCC8;FCC8;0643 0645;0643 0645; # (ﳈ; ﳈ; ﳈ; كم; كم; ) ARABIC LIGATURE KAF WITH MEEM INITIAL FORM +FCC9;FCC9;FCC9;0644 062C;0644 062C; # (ﳉ; ﳉ; ﳉ; لج; لج; ) ARABIC LIGATURE LAM WITH JEEM INITIAL FORM +FCCA;FCCA;FCCA;0644 062D;0644 062D; # (ﳊ; ﳊ; ﳊ; لح; لح; ) ARABIC LIGATURE LAM WITH HAH INITIAL FORM +FCCB;FCCB;FCCB;0644 062E;0644 062E; # (ﳋ; ﳋ; ﳋ; لخ; لخ; ) ARABIC LIGATURE LAM WITH KHAH INITIAL FORM +FCCC;FCCC;FCCC;0644 0645;0644 0645; # (ﳌ; ﳌ; ﳌ; لم; لم; ) ARABIC LIGATURE LAM WITH MEEM INITIAL FORM +FCCD;FCCD;FCCD;0644 0647;0644 0647; # (ï³; ï³; ï³; له; له; ) ARABIC LIGATURE LAM WITH HEH INITIAL FORM +FCCE;FCCE;FCCE;0645 062C;0645 062C; # (ﳎ; ﳎ; ﳎ; مج; مج; ) ARABIC LIGATURE MEEM WITH JEEM INITIAL FORM +FCCF;FCCF;FCCF;0645 062D;0645 062D; # (ï³; ï³; ï³; مح; مح; ) ARABIC LIGATURE MEEM WITH HAH INITIAL FORM +FCD0;FCD0;FCD0;0645 062E;0645 062E; # (ï³; ï³; ï³; مخ; مخ; ) ARABIC LIGATURE MEEM WITH KHAH INITIAL FORM +FCD1;FCD1;FCD1;0645 0645;0645 0645; # (ﳑ; ﳑ; ﳑ; مم; مم; ) ARABIC LIGATURE MEEM WITH MEEM INITIAL FORM +FCD2;FCD2;FCD2;0646 062C;0646 062C; # (ï³’; ï³’; ï³’; نج; نج; ) ARABIC LIGATURE NOON WITH JEEM INITIAL FORM +FCD3;FCD3;FCD3;0646 062D;0646 062D; # (ﳓ; ﳓ; ﳓ; نح; نح; ) ARABIC LIGATURE NOON WITH HAH INITIAL FORM +FCD4;FCD4;FCD4;0646 062E;0646 062E; # (ï³”; ï³”; ï³”; نخ; نخ; ) ARABIC LIGATURE NOON WITH KHAH INITIAL FORM +FCD5;FCD5;FCD5;0646 0645;0646 0645; # (ﳕ; ﳕ; ﳕ; نم; نم; ) ARABIC LIGATURE NOON WITH MEEM INITIAL FORM +FCD6;FCD6;FCD6;0646 0647;0646 0647; # (ï³–; ï³–; ï³–; نه; نه; ) ARABIC LIGATURE NOON WITH HEH INITIAL FORM +FCD7;FCD7;FCD7;0647 062C;0647 062C; # (ï³—; ï³—; ï³—; هج; هج; ) ARABIC LIGATURE HEH WITH JEEM INITIAL FORM +FCD8;FCD8;FCD8;0647 0645;0647 0645; # (ﳘ; ﳘ; ﳘ; هم; هم; ) ARABIC LIGATURE HEH WITH MEEM INITIAL FORM +FCD9;FCD9;FCD9;0647 0670;0647 0670; # (ï³™; ï³™; ï³™; ه◌ٰ; ه◌ٰ; ) ARABIC LIGATURE HEH WITH SUPERSCRIPT ALEF INITIAL FORM +FCDA;FCDA;FCDA;064A 062C;064A 062C; # (ﳚ; ﳚ; ﳚ; يج; يج; ) ARABIC LIGATURE YEH WITH JEEM INITIAL FORM +FCDB;FCDB;FCDB;064A 062D;064A 062D; # (ï³›; ï³›; ï³›; يح; يح; ) ARABIC LIGATURE YEH WITH HAH INITIAL FORM +FCDC;FCDC;FCDC;064A 062E;064A 062E; # (ﳜ; ﳜ; ﳜ; يخ; يخ; ) ARABIC LIGATURE YEH WITH KHAH INITIAL FORM +FCDD;FCDD;FCDD;064A 0645;064A 0645; # (ï³; ï³; ï³; يم; يم; ) ARABIC LIGATURE YEH WITH MEEM INITIAL FORM +FCDE;FCDE;FCDE;064A 0647;064A 0647; # (ﳞ; ﳞ; ﳞ; يه; يه; ) ARABIC LIGATURE YEH WITH HEH INITIAL FORM +FCDF;FCDF;FCDF;0626 0645;064A 0654 0645; # (ﳟ; ﳟ; ﳟ; ئم; ي◌ٔم; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM MEDIAL FORM +FCE0;FCE0;FCE0;0626 0647;064A 0654 0647; # (ï³ ; ï³ ; ï³ ; ئه; ي◌ٔه; ) ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HEH MEDIAL FORM +FCE1;FCE1;FCE1;0628 0645;0628 0645; # (ﳡ; ﳡ; ﳡ; بم; بم; ) ARABIC LIGATURE BEH WITH MEEM MEDIAL FORM +FCE2;FCE2;FCE2;0628 0647;0628 0647; # (ï³¢; ï³¢; ï³¢; به; به; ) ARABIC LIGATURE BEH WITH HEH MEDIAL FORM +FCE3;FCE3;FCE3;062A 0645;062A 0645; # (ï³£; ï³£; ï³£; تم; تم; ) ARABIC LIGATURE TEH WITH MEEM MEDIAL FORM +FCE4;FCE4;FCE4;062A 0647;062A 0647; # (ﳤ; ﳤ; ﳤ; ته; ته; ) ARABIC LIGATURE TEH WITH HEH MEDIAL FORM +FCE5;FCE5;FCE5;062B 0645;062B 0645; # (ï³¥; ï³¥; ï³¥; ثم; ثم; ) ARABIC LIGATURE THEH WITH MEEM MEDIAL FORM +FCE6;FCE6;FCE6;062B 0647;062B 0647; # (ﳦ; ﳦ; ﳦ; ثه; ثه; ) ARABIC LIGATURE THEH WITH HEH MEDIAL FORM +FCE7;FCE7;FCE7;0633 0645;0633 0645; # (ﳧ; ﳧ; ﳧ; سم; سم; ) ARABIC LIGATURE SEEN WITH MEEM MEDIAL FORM +FCE8;FCE8;FCE8;0633 0647;0633 0647; # (ﳨ; ﳨ; ﳨ; سه; سه; ) ARABIC LIGATURE SEEN WITH HEH MEDIAL FORM +FCE9;FCE9;FCE9;0634 0645;0634 0645; # (ﳩ; ﳩ; ﳩ; شم; شم; ) ARABIC LIGATURE SHEEN WITH MEEM MEDIAL FORM +FCEA;FCEA;FCEA;0634 0647;0634 0647; # (ﳪ; ﳪ; ﳪ; شه; شه; ) ARABIC LIGATURE SHEEN WITH HEH MEDIAL FORM +FCEB;FCEB;FCEB;0643 0644;0643 0644; # (ﳫ; ﳫ; ﳫ; كل; كل; ) ARABIC LIGATURE KAF WITH LAM MEDIAL FORM +FCEC;FCEC;FCEC;0643 0645;0643 0645; # (ﳬ; ﳬ; ﳬ; كم; كم; ) ARABIC LIGATURE KAF WITH MEEM MEDIAL FORM +FCED;FCED;FCED;0644 0645;0644 0645; # (ï³­; ï³­; ï³­; لم; لم; ) ARABIC LIGATURE LAM WITH MEEM MEDIAL FORM +FCEE;FCEE;FCEE;0646 0645;0646 0645; # (ï³®; ï³®; ï³®; نم; نم; ) ARABIC LIGATURE NOON WITH MEEM MEDIAL FORM +FCEF;FCEF;FCEF;0646 0647;0646 0647; # (ﳯ; ﳯ; ﳯ; نه; نه; ) ARABIC LIGATURE NOON WITH HEH MEDIAL FORM +FCF0;FCF0;FCF0;064A 0645;064A 0645; # (ï³°; ï³°; ï³°; يم; يم; ) ARABIC LIGATURE YEH WITH MEEM MEDIAL FORM +FCF1;FCF1;FCF1;064A 0647;064A 0647; # (ï³±; ï³±; ï³±; يه; يه; ) ARABIC LIGATURE YEH WITH HEH MEDIAL FORM +FCF2;FCF2;FCF2;0640 064E 0651;0640 064E 0651; # (ï³²; ï³²; ï³²; ـ◌َ◌ّ; ـ◌َ◌ّ; ) ARABIC LIGATURE SHADDA WITH FATHA MEDIAL FORM +FCF3;FCF3;FCF3;0640 064F 0651;0640 064F 0651; # (ï³³; ï³³; ï³³; ـ◌Ù◌ّ; ـ◌Ù◌ّ; ) ARABIC LIGATURE SHADDA WITH DAMMA MEDIAL FORM +FCF4;FCF4;FCF4;0640 0650 0651;0640 0650 0651; # (ï³´; ï³´; ï³´; ـ◌Ù◌ّ; ـ◌Ù◌ّ; ) ARABIC LIGATURE SHADDA WITH KASRA MEDIAL FORM +FCF5;FCF5;FCF5;0637 0649;0637 0649; # (ï³µ; ï³µ; ï³µ; طى; طى; ) ARABIC LIGATURE TAH WITH ALEF MAKSURA ISOLATED FORM +FCF6;FCF6;FCF6;0637 064A;0637 064A; # (ﳶ; ﳶ; ﳶ; طي; طي; ) ARABIC LIGATURE TAH WITH YEH ISOLATED FORM +FCF7;FCF7;FCF7;0639 0649;0639 0649; # (ï³·; ï³·; ï³·; عى; عى; ) ARABIC LIGATURE AIN WITH ALEF MAKSURA ISOLATED FORM +FCF8;FCF8;FCF8;0639 064A;0639 064A; # (ﳸ; ﳸ; ﳸ; عي; عي; ) ARABIC LIGATURE AIN WITH YEH ISOLATED FORM +FCF9;FCF9;FCF9;063A 0649;063A 0649; # (ï³¹; ï³¹; ï³¹; غى; غى; ) ARABIC LIGATURE GHAIN WITH ALEF MAKSURA ISOLATED FORM +FCFA;FCFA;FCFA;063A 064A;063A 064A; # (ﳺ; ﳺ; ﳺ; غي; غي; ) ARABIC LIGATURE GHAIN WITH YEH ISOLATED FORM +FCFB;FCFB;FCFB;0633 0649;0633 0649; # (ï³»; ï³»; ï³»; سى; سى; ) ARABIC LIGATURE SEEN WITH ALEF MAKSURA ISOLATED FORM +FCFC;FCFC;FCFC;0633 064A;0633 064A; # (ï³¼; ï³¼; ï³¼; سي; سي; ) ARABIC LIGATURE SEEN WITH YEH ISOLATED FORM +FCFD;FCFD;FCFD;0634 0649;0634 0649; # (ï³½; ï³½; ï³½; شى; شى; ) ARABIC LIGATURE SHEEN WITH ALEF MAKSURA ISOLATED FORM +FCFE;FCFE;FCFE;0634 064A;0634 064A; # (ï³¾; ï³¾; ï³¾; شي; شي; ) ARABIC LIGATURE SHEEN WITH YEH ISOLATED FORM +FCFF;FCFF;FCFF;062D 0649;062D 0649; # (ﳿ; ﳿ; ﳿ; حى; حى; ) ARABIC LIGATURE HAH WITH ALEF MAKSURA ISOLATED FORM +FD00;FD00;FD00;062D 064A;062D 064A; # (ï´€; ï´€; ï´€; حي; حي; ) ARABIC LIGATURE HAH WITH YEH ISOLATED FORM +FD01;FD01;FD01;062C 0649;062C 0649; # (ï´; ï´; ï´; جى; جى; ) ARABIC LIGATURE JEEM WITH ALEF MAKSURA ISOLATED FORM +FD02;FD02;FD02;062C 064A;062C 064A; # (ï´‚; ï´‚; ï´‚; جي; جي; ) ARABIC LIGATURE JEEM WITH YEH ISOLATED FORM +FD03;FD03;FD03;062E 0649;062E 0649; # (ï´ƒ; ï´ƒ; ï´ƒ; خى; خى; ) ARABIC LIGATURE KHAH WITH ALEF MAKSURA ISOLATED FORM +FD04;FD04;FD04;062E 064A;062E 064A; # (ï´„; ï´„; ï´„; خي; خي; ) ARABIC LIGATURE KHAH WITH YEH ISOLATED FORM +FD05;FD05;FD05;0635 0649;0635 0649; # (ï´…; ï´…; ï´…; صى; صى; ) ARABIC LIGATURE SAD WITH ALEF MAKSURA ISOLATED FORM +FD06;FD06;FD06;0635 064A;0635 064A; # (ï´†; ï´†; ï´†; صي; صي; ) ARABIC LIGATURE SAD WITH YEH ISOLATED FORM +FD07;FD07;FD07;0636 0649;0636 0649; # (ï´‡; ï´‡; ï´‡; ضى; ضى; ) ARABIC LIGATURE DAD WITH ALEF MAKSURA ISOLATED FORM +FD08;FD08;FD08;0636 064A;0636 064A; # (ï´ˆ; ï´ˆ; ï´ˆ; ضي; ضي; ) ARABIC LIGATURE DAD WITH YEH ISOLATED FORM +FD09;FD09;FD09;0634 062C;0634 062C; # (ï´‰; ï´‰; ï´‰; شج; شج; ) ARABIC LIGATURE SHEEN WITH JEEM ISOLATED FORM +FD0A;FD0A;FD0A;0634 062D;0634 062D; # (ï´Š; ï´Š; ï´Š; شح; شح; ) ARABIC LIGATURE SHEEN WITH HAH ISOLATED FORM +FD0B;FD0B;FD0B;0634 062E;0634 062E; # (ï´‹; ï´‹; ï´‹; شخ; شخ; ) ARABIC LIGATURE SHEEN WITH KHAH ISOLATED FORM +FD0C;FD0C;FD0C;0634 0645;0634 0645; # (ï´Œ; ï´Œ; ï´Œ; شم; شم; ) ARABIC LIGATURE SHEEN WITH MEEM ISOLATED FORM +FD0D;FD0D;FD0D;0634 0631;0634 0631; # (ï´; ï´; ï´; شر; شر; ) ARABIC LIGATURE SHEEN WITH REH ISOLATED FORM +FD0E;FD0E;FD0E;0633 0631;0633 0631; # (ï´Ž; ï´Ž; ï´Ž; سر; سر; ) ARABIC LIGATURE SEEN WITH REH ISOLATED FORM +FD0F;FD0F;FD0F;0635 0631;0635 0631; # (ï´; ï´; ï´; صر; صر; ) ARABIC LIGATURE SAD WITH REH ISOLATED FORM +FD10;FD10;FD10;0636 0631;0636 0631; # (ï´; ï´; ï´; ضر; ضر; ) ARABIC LIGATURE DAD WITH REH ISOLATED FORM +FD11;FD11;FD11;0637 0649;0637 0649; # (ï´‘; ï´‘; ï´‘; طى; طى; ) ARABIC LIGATURE TAH WITH ALEF MAKSURA FINAL FORM +FD12;FD12;FD12;0637 064A;0637 064A; # (ï´’; ï´’; ï´’; طي; طي; ) ARABIC LIGATURE TAH WITH YEH FINAL FORM +FD13;FD13;FD13;0639 0649;0639 0649; # (ï´“; ï´“; ï´“; عى; عى; ) ARABIC LIGATURE AIN WITH ALEF MAKSURA FINAL FORM +FD14;FD14;FD14;0639 064A;0639 064A; # (ï´”; ï´”; ï´”; عي; عي; ) ARABIC LIGATURE AIN WITH YEH FINAL FORM +FD15;FD15;FD15;063A 0649;063A 0649; # (ï´•; ï´•; ï´•; غى; غى; ) ARABIC LIGATURE GHAIN WITH ALEF MAKSURA FINAL FORM +FD16;FD16;FD16;063A 064A;063A 064A; # (ï´–; ï´–; ï´–; غي; غي; ) ARABIC LIGATURE GHAIN WITH YEH FINAL FORM +FD17;FD17;FD17;0633 0649;0633 0649; # (ï´—; ï´—; ï´—; سى; سى; ) ARABIC LIGATURE SEEN WITH ALEF MAKSURA FINAL FORM +FD18;FD18;FD18;0633 064A;0633 064A; # (ï´˜; ï´˜; ï´˜; سي; سي; ) ARABIC LIGATURE SEEN WITH YEH FINAL FORM +FD19;FD19;FD19;0634 0649;0634 0649; # (ï´™; ï´™; ï´™; شى; شى; ) ARABIC LIGATURE SHEEN WITH ALEF MAKSURA FINAL FORM +FD1A;FD1A;FD1A;0634 064A;0634 064A; # (ï´š; ï´š; ï´š; شي; شي; ) ARABIC LIGATURE SHEEN WITH YEH FINAL FORM +FD1B;FD1B;FD1B;062D 0649;062D 0649; # (ï´›; ï´›; ï´›; حى; حى; ) ARABIC LIGATURE HAH WITH ALEF MAKSURA FINAL FORM +FD1C;FD1C;FD1C;062D 064A;062D 064A; # (ï´œ; ï´œ; ï´œ; حي; حي; ) ARABIC LIGATURE HAH WITH YEH FINAL FORM +FD1D;FD1D;FD1D;062C 0649;062C 0649; # (ï´; ï´; ï´; جى; جى; ) ARABIC LIGATURE JEEM WITH ALEF MAKSURA FINAL FORM +FD1E;FD1E;FD1E;062C 064A;062C 064A; # (ï´ž; ï´ž; ï´ž; جي; جي; ) ARABIC LIGATURE JEEM WITH YEH FINAL FORM +FD1F;FD1F;FD1F;062E 0649;062E 0649; # (ï´Ÿ; ï´Ÿ; ï´Ÿ; خى; خى; ) ARABIC LIGATURE KHAH WITH ALEF MAKSURA FINAL FORM +FD20;FD20;FD20;062E 064A;062E 064A; # (ï´ ; ï´ ; ï´ ; خي; خي; ) ARABIC LIGATURE KHAH WITH YEH FINAL FORM +FD21;FD21;FD21;0635 0649;0635 0649; # (ï´¡; ï´¡; ï´¡; صى; صى; ) ARABIC LIGATURE SAD WITH ALEF MAKSURA FINAL FORM +FD22;FD22;FD22;0635 064A;0635 064A; # (ï´¢; ï´¢; ï´¢; صي; صي; ) ARABIC LIGATURE SAD WITH YEH FINAL FORM +FD23;FD23;FD23;0636 0649;0636 0649; # (ï´£; ï´£; ï´£; ضى; ضى; ) ARABIC LIGATURE DAD WITH ALEF MAKSURA FINAL FORM +FD24;FD24;FD24;0636 064A;0636 064A; # (ï´¤; ï´¤; ï´¤; ضي; ضي; ) ARABIC LIGATURE DAD WITH YEH FINAL FORM +FD25;FD25;FD25;0634 062C;0634 062C; # (ï´¥; ï´¥; ï´¥; شج; شج; ) ARABIC LIGATURE SHEEN WITH JEEM FINAL FORM +FD26;FD26;FD26;0634 062D;0634 062D; # (ï´¦; ï´¦; ï´¦; شح; شح; ) ARABIC LIGATURE SHEEN WITH HAH FINAL FORM +FD27;FD27;FD27;0634 062E;0634 062E; # (ï´§; ï´§; ï´§; شخ; شخ; ) ARABIC LIGATURE SHEEN WITH KHAH FINAL FORM +FD28;FD28;FD28;0634 0645;0634 0645; # (ï´¨; ï´¨; ï´¨; شم; شم; ) ARABIC LIGATURE SHEEN WITH MEEM FINAL FORM +FD29;FD29;FD29;0634 0631;0634 0631; # (ï´©; ï´©; ï´©; شر; شر; ) ARABIC LIGATURE SHEEN WITH REH FINAL FORM +FD2A;FD2A;FD2A;0633 0631;0633 0631; # (ï´ª; ï´ª; ï´ª; سر; سر; ) ARABIC LIGATURE SEEN WITH REH FINAL FORM +FD2B;FD2B;FD2B;0635 0631;0635 0631; # (ï´«; ï´«; ï´«; صر; صر; ) ARABIC LIGATURE SAD WITH REH FINAL FORM +FD2C;FD2C;FD2C;0636 0631;0636 0631; # (ï´¬; ï´¬; ï´¬; ضر; ضر; ) ARABIC LIGATURE DAD WITH REH FINAL FORM +FD2D;FD2D;FD2D;0634 062C;0634 062C; # (ï´­; ï´­; ï´­; شج; شج; ) ARABIC LIGATURE SHEEN WITH JEEM INITIAL FORM +FD2E;FD2E;FD2E;0634 062D;0634 062D; # (ï´®; ï´®; ï´®; شح; شح; ) ARABIC LIGATURE SHEEN WITH HAH INITIAL FORM +FD2F;FD2F;FD2F;0634 062E;0634 062E; # (ï´¯; ï´¯; ï´¯; شخ; شخ; ) ARABIC LIGATURE SHEEN WITH KHAH INITIAL FORM +FD30;FD30;FD30;0634 0645;0634 0645; # (ï´°; ï´°; ï´°; شم; شم; ) ARABIC LIGATURE SHEEN WITH MEEM INITIAL FORM +FD31;FD31;FD31;0633 0647;0633 0647; # (ï´±; ï´±; ï´±; سه; سه; ) ARABIC LIGATURE SEEN WITH HEH INITIAL FORM +FD32;FD32;FD32;0634 0647;0634 0647; # (ï´²; ï´²; ï´²; شه; شه; ) ARABIC LIGATURE SHEEN WITH HEH INITIAL FORM +FD33;FD33;FD33;0637 0645;0637 0645; # (ï´³; ï´³; ï´³; طم; طم; ) ARABIC LIGATURE TAH WITH MEEM INITIAL FORM +FD34;FD34;FD34;0633 062C;0633 062C; # (ï´´; ï´´; ï´´; سج; سج; ) ARABIC LIGATURE SEEN WITH JEEM MEDIAL FORM +FD35;FD35;FD35;0633 062D;0633 062D; # (ï´µ; ï´µ; ï´µ; سح; سح; ) ARABIC LIGATURE SEEN WITH HAH MEDIAL FORM +FD36;FD36;FD36;0633 062E;0633 062E; # (ï´¶; ï´¶; ï´¶; سخ; سخ; ) ARABIC LIGATURE SEEN WITH KHAH MEDIAL FORM +FD37;FD37;FD37;0634 062C;0634 062C; # (ï´·; ï´·; ï´·; شج; شج; ) ARABIC LIGATURE SHEEN WITH JEEM MEDIAL FORM +FD38;FD38;FD38;0634 062D;0634 062D; # (ï´¸; ï´¸; ï´¸; شح; شح; ) ARABIC LIGATURE SHEEN WITH HAH MEDIAL FORM +FD39;FD39;FD39;0634 062E;0634 062E; # (ï´¹; ï´¹; ï´¹; شخ; شخ; ) ARABIC LIGATURE SHEEN WITH KHAH MEDIAL FORM +FD3A;FD3A;FD3A;0637 0645;0637 0645; # (ï´º; ï´º; ï´º; طم; طم; ) ARABIC LIGATURE TAH WITH MEEM MEDIAL FORM +FD3B;FD3B;FD3B;0638 0645;0638 0645; # (ï´»; ï´»; ï´»; ظم; ظم; ) ARABIC LIGATURE ZAH WITH MEEM MEDIAL FORM +FD3C;FD3C;FD3C;0627 064B;0627 064B; # (ï´¼; ï´¼; ï´¼; ا◌ً; ا◌ً; ) ARABIC LIGATURE ALEF WITH FATHATAN FINAL FORM +FD3D;FD3D;FD3D;0627 064B;0627 064B; # (ï´½; ï´½; ï´½; ا◌ً; ا◌ً; ) ARABIC LIGATURE ALEF WITH FATHATAN ISOLATED FORM +FD50;FD50;FD50;062A 062C 0645;062A 062C 0645; # (ïµ; ïµ; ïµ; تجم; تجم; ) ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM +FD51;FD51;FD51;062A 062D 062C;062A 062D 062C; # (ﵑ; ﵑ; ﵑ; تحج; تحج; ) ARABIC LIGATURE TEH WITH HAH WITH JEEM FINAL FORM +FD52;FD52;FD52;062A 062D 062C;062A 062D 062C; # (ïµ’; ïµ’; ïµ’; تحج; تحج; ) ARABIC LIGATURE TEH WITH HAH WITH JEEM INITIAL FORM +FD53;FD53;FD53;062A 062D 0645;062A 062D 0645; # (ﵓ; ﵓ; ﵓ; تحم; تحم; ) ARABIC LIGATURE TEH WITH HAH WITH MEEM INITIAL FORM +FD54;FD54;FD54;062A 062E 0645;062A 062E 0645; # (ïµ”; ïµ”; ïµ”; تخم; تخم; ) ARABIC LIGATURE TEH WITH KHAH WITH MEEM INITIAL FORM +FD55;FD55;FD55;062A 0645 062C;062A 0645 062C; # (ﵕ; ﵕ; ﵕ; تمج; تمج; ) ARABIC LIGATURE TEH WITH MEEM WITH JEEM INITIAL FORM +FD56;FD56;FD56;062A 0645 062D;062A 0645 062D; # (ïµ–; ïµ–; ïµ–; تمح; تمح; ) ARABIC LIGATURE TEH WITH MEEM WITH HAH INITIAL FORM +FD57;FD57;FD57;062A 0645 062E;062A 0645 062E; # (ïµ—; ïµ—; ïµ—; تمخ; تمخ; ) ARABIC LIGATURE TEH WITH MEEM WITH KHAH INITIAL FORM +FD58;FD58;FD58;062C 0645 062D;062C 0645 062D; # (ﵘ; ﵘ; ﵘ; جمح; جمح; ) ARABIC LIGATURE JEEM WITH MEEM WITH HAH FINAL FORM +FD59;FD59;FD59;062C 0645 062D;062C 0645 062D; # (ïµ™; ïµ™; ïµ™; جمح; جمح; ) ARABIC LIGATURE JEEM WITH MEEM WITH HAH INITIAL FORM +FD5A;FD5A;FD5A;062D 0645 064A;062D 0645 064A; # (ﵚ; ﵚ; ﵚ; حمي; حمي; ) ARABIC LIGATURE HAH WITH MEEM WITH YEH FINAL FORM +FD5B;FD5B;FD5B;062D 0645 0649;062D 0645 0649; # (ïµ›; ïµ›; ïµ›; حمى; حمى; ) ARABIC LIGATURE HAH WITH MEEM WITH ALEF MAKSURA FINAL FORM +FD5C;FD5C;FD5C;0633 062D 062C;0633 062D 062C; # (ﵜ; ﵜ; ﵜ; سحج; سحج; ) ARABIC LIGATURE SEEN WITH HAH WITH JEEM INITIAL FORM +FD5D;FD5D;FD5D;0633 062C 062D;0633 062C 062D; # (ïµ; ïµ; ïµ; سجح; سجح; ) ARABIC LIGATURE SEEN WITH JEEM WITH HAH INITIAL FORM +FD5E;FD5E;FD5E;0633 062C 0649;0633 062C 0649; # (ﵞ; ﵞ; ﵞ; سجى; سجى; ) ARABIC LIGATURE SEEN WITH JEEM WITH ALEF MAKSURA FINAL FORM +FD5F;FD5F;FD5F;0633 0645 062D;0633 0645 062D; # (ﵟ; ﵟ; ﵟ; سمح; سمح; ) ARABIC LIGATURE SEEN WITH MEEM WITH HAH FINAL FORM +FD60;FD60;FD60;0633 0645 062D;0633 0645 062D; # (ïµ ; ïµ ; ïµ ; سمح; سمح; ) ARABIC LIGATURE SEEN WITH MEEM WITH HAH INITIAL FORM +FD61;FD61;FD61;0633 0645 062C;0633 0645 062C; # (ﵡ; ﵡ; ﵡ; سمج; سمج; ) ARABIC LIGATURE SEEN WITH MEEM WITH JEEM INITIAL FORM +FD62;FD62;FD62;0633 0645 0645;0633 0645 0645; # (ïµ¢; ïµ¢; ïµ¢; سمم; سمم; ) ARABIC LIGATURE SEEN WITH MEEM WITH MEEM FINAL FORM +FD63;FD63;FD63;0633 0645 0645;0633 0645 0645; # (ïµ£; ïµ£; ïµ£; سمم; سمم; ) ARABIC LIGATURE SEEN WITH MEEM WITH MEEM INITIAL FORM +FD64;FD64;FD64;0635 062D 062D;0635 062D 062D; # (ﵤ; ﵤ; ﵤ; صحح; صحح; ) ARABIC LIGATURE SAD WITH HAH WITH HAH FINAL FORM +FD65;FD65;FD65;0635 062D 062D;0635 062D 062D; # (ïµ¥; ïµ¥; ïµ¥; صحح; صحح; ) ARABIC LIGATURE SAD WITH HAH WITH HAH INITIAL FORM +FD66;FD66;FD66;0635 0645 0645;0635 0645 0645; # (ﵦ; ﵦ; ﵦ; صمم; صمم; ) ARABIC LIGATURE SAD WITH MEEM WITH MEEM FINAL FORM +FD67;FD67;FD67;0634 062D 0645;0634 062D 0645; # (ﵧ; ﵧ; ﵧ; شحم; شحم; ) ARABIC LIGATURE SHEEN WITH HAH WITH MEEM FINAL FORM +FD68;FD68;FD68;0634 062D 0645;0634 062D 0645; # (ﵨ; ﵨ; ﵨ; شحم; شحم; ) ARABIC LIGATURE SHEEN WITH HAH WITH MEEM INITIAL FORM +FD69;FD69;FD69;0634 062C 064A;0634 062C 064A; # (ﵩ; ﵩ; ﵩ; شجي; شجي; ) ARABIC LIGATURE SHEEN WITH JEEM WITH YEH FINAL FORM +FD6A;FD6A;FD6A;0634 0645 062E;0634 0645 062E; # (ﵪ; ﵪ; ﵪ; شمخ; شمخ; ) ARABIC LIGATURE SHEEN WITH MEEM WITH KHAH FINAL FORM +FD6B;FD6B;FD6B;0634 0645 062E;0634 0645 062E; # (ﵫ; ﵫ; ﵫ; شمخ; شمخ; ) ARABIC LIGATURE SHEEN WITH MEEM WITH KHAH INITIAL FORM +FD6C;FD6C;FD6C;0634 0645 0645;0634 0645 0645; # (ﵬ; ﵬ; ﵬ; شمم; شمم; ) ARABIC LIGATURE SHEEN WITH MEEM WITH MEEM FINAL FORM +FD6D;FD6D;FD6D;0634 0645 0645;0634 0645 0645; # (ïµ­; ïµ­; ïµ­; شمم; شمم; ) ARABIC LIGATURE SHEEN WITH MEEM WITH MEEM INITIAL FORM +FD6E;FD6E;FD6E;0636 062D 0649;0636 062D 0649; # (ïµ®; ïµ®; ïµ®; ضحى; ضحى; ) ARABIC LIGATURE DAD WITH HAH WITH ALEF MAKSURA FINAL FORM +FD6F;FD6F;FD6F;0636 062E 0645;0636 062E 0645; # (ﵯ; ﵯ; ﵯ; ضخم; ضخم; ) ARABIC LIGATURE DAD WITH KHAH WITH MEEM FINAL FORM +FD70;FD70;FD70;0636 062E 0645;0636 062E 0645; # (ïµ°; ïµ°; ïµ°; ضخم; ضخم; ) ARABIC LIGATURE DAD WITH KHAH WITH MEEM INITIAL FORM +FD71;FD71;FD71;0637 0645 062D;0637 0645 062D; # (ïµ±; ïµ±; ïµ±; طمح; طمح; ) ARABIC LIGATURE TAH WITH MEEM WITH HAH FINAL FORM +FD72;FD72;FD72;0637 0645 062D;0637 0645 062D; # (ïµ²; ïµ²; ïµ²; طمح; طمح; ) ARABIC LIGATURE TAH WITH MEEM WITH HAH INITIAL FORM +FD73;FD73;FD73;0637 0645 0645;0637 0645 0645; # (ïµ³; ïµ³; ïµ³; طمم; طمم; ) ARABIC LIGATURE TAH WITH MEEM WITH MEEM INITIAL FORM +FD74;FD74;FD74;0637 0645 064A;0637 0645 064A; # (ïµ´; ïµ´; ïµ´; طمي; طمي; ) ARABIC LIGATURE TAH WITH MEEM WITH YEH FINAL FORM +FD75;FD75;FD75;0639 062C 0645;0639 062C 0645; # (ïµµ; ïµµ; ïµµ; عجم; عجم; ) ARABIC LIGATURE AIN WITH JEEM WITH MEEM FINAL FORM +FD76;FD76;FD76;0639 0645 0645;0639 0645 0645; # (ﵶ; ﵶ; ﵶ; عمم; عمم; ) ARABIC LIGATURE AIN WITH MEEM WITH MEEM FINAL FORM +FD77;FD77;FD77;0639 0645 0645;0639 0645 0645; # (ïµ·; ïµ·; ïµ·; عمم; عمم; ) ARABIC LIGATURE AIN WITH MEEM WITH MEEM INITIAL FORM +FD78;FD78;FD78;0639 0645 0649;0639 0645 0649; # (ﵸ; ﵸ; ﵸ; عمى; عمى; ) ARABIC LIGATURE AIN WITH MEEM WITH ALEF MAKSURA FINAL FORM +FD79;FD79;FD79;063A 0645 0645;063A 0645 0645; # (ïµ¹; ïµ¹; ïµ¹; غمم; غمم; ) ARABIC LIGATURE GHAIN WITH MEEM WITH MEEM FINAL FORM +FD7A;FD7A;FD7A;063A 0645 064A;063A 0645 064A; # (ﵺ; ﵺ; ﵺ; غمي; غمي; ) ARABIC LIGATURE GHAIN WITH MEEM WITH YEH FINAL FORM +FD7B;FD7B;FD7B;063A 0645 0649;063A 0645 0649; # (ïµ»; ïµ»; ïµ»; غمى; غمى; ) ARABIC LIGATURE GHAIN WITH MEEM WITH ALEF MAKSURA FINAL FORM +FD7C;FD7C;FD7C;0641 062E 0645;0641 062E 0645; # (ïµ¼; ïµ¼; ïµ¼; Ùخم; Ùخم; ) ARABIC LIGATURE FEH WITH KHAH WITH MEEM FINAL FORM +FD7D;FD7D;FD7D;0641 062E 0645;0641 062E 0645; # (ïµ½; ïµ½; ïµ½; Ùخم; Ùخم; ) ARABIC LIGATURE FEH WITH KHAH WITH MEEM INITIAL FORM +FD7E;FD7E;FD7E;0642 0645 062D;0642 0645 062D; # (ïµ¾; ïµ¾; ïµ¾; قمح; قمح; ) ARABIC LIGATURE QAF WITH MEEM WITH HAH FINAL FORM +FD7F;FD7F;FD7F;0642 0645 0645;0642 0645 0645; # (ﵿ; ﵿ; ﵿ; قمم; قمم; ) ARABIC LIGATURE QAF WITH MEEM WITH MEEM FINAL FORM +FD80;FD80;FD80;0644 062D 0645;0644 062D 0645; # (ﶀ; ﶀ; ﶀ; لحم; لحم; ) ARABIC LIGATURE LAM WITH HAH WITH MEEM FINAL FORM +FD81;FD81;FD81;0644 062D 064A;0644 062D 064A; # (ï¶; ï¶; ï¶; لحي; لحي; ) ARABIC LIGATURE LAM WITH HAH WITH YEH FINAL FORM +FD82;FD82;FD82;0644 062D 0649;0644 062D 0649; # (ﶂ; ﶂ; ﶂ; لحى; لحى; ) ARABIC LIGATURE LAM WITH HAH WITH ALEF MAKSURA FINAL FORM +FD83;FD83;FD83;0644 062C 062C;0644 062C 062C; # (ﶃ; ﶃ; ﶃ; لجج; لجج; ) ARABIC LIGATURE LAM WITH JEEM WITH JEEM INITIAL FORM +FD84;FD84;FD84;0644 062C 062C;0644 062C 062C; # (ﶄ; ﶄ; ﶄ; لجج; لجج; ) ARABIC LIGATURE LAM WITH JEEM WITH JEEM FINAL FORM +FD85;FD85;FD85;0644 062E 0645;0644 062E 0645; # (ﶅ; ﶅ; ﶅ; لخم; لخم; ) ARABIC LIGATURE LAM WITH KHAH WITH MEEM FINAL FORM +FD86;FD86;FD86;0644 062E 0645;0644 062E 0645; # (ﶆ; ﶆ; ﶆ; لخم; لخم; ) ARABIC LIGATURE LAM WITH KHAH WITH MEEM INITIAL FORM +FD87;FD87;FD87;0644 0645 062D;0644 0645 062D; # (ﶇ; ﶇ; ﶇ; لمح; لمح; ) ARABIC LIGATURE LAM WITH MEEM WITH HAH FINAL FORM +FD88;FD88;FD88;0644 0645 062D;0644 0645 062D; # (ﶈ; ﶈ; ﶈ; لمح; لمح; ) ARABIC LIGATURE LAM WITH MEEM WITH HAH INITIAL FORM +FD89;FD89;FD89;0645 062D 062C;0645 062D 062C; # (ﶉ; ﶉ; ﶉ; محج; محج; ) ARABIC LIGATURE MEEM WITH HAH WITH JEEM INITIAL FORM +FD8A;FD8A;FD8A;0645 062D 0645;0645 062D 0645; # (ﶊ; ﶊ; ﶊ; محم; محم; ) ARABIC LIGATURE MEEM WITH HAH WITH MEEM INITIAL FORM +FD8B;FD8B;FD8B;0645 062D 064A;0645 062D 064A; # (ﶋ; ﶋ; ﶋ; محي; محي; ) ARABIC LIGATURE MEEM WITH HAH WITH YEH FINAL FORM +FD8C;FD8C;FD8C;0645 062C 062D;0645 062C 062D; # (ﶌ; ﶌ; ﶌ; مجح; مجح; ) ARABIC LIGATURE MEEM WITH JEEM WITH HAH INITIAL FORM +FD8D;FD8D;FD8D;0645 062C 0645;0645 062C 0645; # (ï¶; ï¶; ï¶; مجم; مجم; ) ARABIC LIGATURE MEEM WITH JEEM WITH MEEM INITIAL FORM +FD8E;FD8E;FD8E;0645 062E 062C;0645 062E 062C; # (ﶎ; ﶎ; ﶎ; مخج; مخج; ) ARABIC LIGATURE MEEM WITH KHAH WITH JEEM INITIAL FORM +FD8F;FD8F;FD8F;0645 062E 0645;0645 062E 0645; # (ï¶; ï¶; ï¶; مخم; مخم; ) ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM +FD92;FD92;FD92;0645 062C 062E;0645 062C 062E; # (ﶒ; ﶒ; ﶒ; مجخ; مجخ; ) ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM +FD93;FD93;FD93;0647 0645 062C;0647 0645 062C; # (ﶓ; ﶓ; ﶓ; همج; همج; ) ARABIC LIGATURE HEH WITH MEEM WITH JEEM INITIAL FORM +FD94;FD94;FD94;0647 0645 0645;0647 0645 0645; # (ﶔ; ﶔ; ﶔ; همم; همم; ) ARABIC LIGATURE HEH WITH MEEM WITH MEEM INITIAL FORM +FD95;FD95;FD95;0646 062D 0645;0646 062D 0645; # (ﶕ; ﶕ; ﶕ; نحم; نحم; ) ARABIC LIGATURE NOON WITH HAH WITH MEEM INITIAL FORM +FD96;FD96;FD96;0646 062D 0649;0646 062D 0649; # (ﶖ; ﶖ; ﶖ; نحى; نحى; ) ARABIC LIGATURE NOON WITH HAH WITH ALEF MAKSURA FINAL FORM +FD97;FD97;FD97;0646 062C 0645;0646 062C 0645; # (ﶗ; ﶗ; ﶗ; نجم; نجم; ) ARABIC LIGATURE NOON WITH JEEM WITH MEEM FINAL FORM +FD98;FD98;FD98;0646 062C 0645;0646 062C 0645; # (ﶘ; ﶘ; ﶘ; نجم; نجم; ) ARABIC LIGATURE NOON WITH JEEM WITH MEEM INITIAL FORM +FD99;FD99;FD99;0646 062C 0649;0646 062C 0649; # (ﶙ; ﶙ; ﶙ; نجى; نجى; ) ARABIC LIGATURE NOON WITH JEEM WITH ALEF MAKSURA FINAL FORM +FD9A;FD9A;FD9A;0646 0645 064A;0646 0645 064A; # (ﶚ; ﶚ; ﶚ; نمي; نمي; ) ARABIC LIGATURE NOON WITH MEEM WITH YEH FINAL FORM +FD9B;FD9B;FD9B;0646 0645 0649;0646 0645 0649; # (ﶛ; ﶛ; ﶛ; نمى; نمى; ) ARABIC LIGATURE NOON WITH MEEM WITH ALEF MAKSURA FINAL FORM +FD9C;FD9C;FD9C;064A 0645 0645;064A 0645 0645; # (ﶜ; ﶜ; ﶜ; يمم; يمم; ) ARABIC LIGATURE YEH WITH MEEM WITH MEEM FINAL FORM +FD9D;FD9D;FD9D;064A 0645 0645;064A 0645 0645; # (ï¶; ï¶; ï¶; يمم; يمم; ) ARABIC LIGATURE YEH WITH MEEM WITH MEEM INITIAL FORM +FD9E;FD9E;FD9E;0628 062E 064A;0628 062E 064A; # (ﶞ; ﶞ; ﶞ; بخي; بخي; ) ARABIC LIGATURE BEH WITH KHAH WITH YEH FINAL FORM +FD9F;FD9F;FD9F;062A 062C 064A;062A 062C 064A; # (ﶟ; ﶟ; ﶟ; تجي; تجي; ) ARABIC LIGATURE TEH WITH JEEM WITH YEH FINAL FORM +FDA0;FDA0;FDA0;062A 062C 0649;062A 062C 0649; # (ﶠ; ﶠ; ﶠ; تجى; تجى; ) ARABIC LIGATURE TEH WITH JEEM WITH ALEF MAKSURA FINAL FORM +FDA1;FDA1;FDA1;062A 062E 064A;062A 062E 064A; # (ﶡ; ﶡ; ﶡ; تخي; تخي; ) ARABIC LIGATURE TEH WITH KHAH WITH YEH FINAL FORM +FDA2;FDA2;FDA2;062A 062E 0649;062A 062E 0649; # (ﶢ; ﶢ; ﶢ; تخى; تخى; ) ARABIC LIGATURE TEH WITH KHAH WITH ALEF MAKSURA FINAL FORM +FDA3;FDA3;FDA3;062A 0645 064A;062A 0645 064A; # (ﶣ; ﶣ; ﶣ; تمي; تمي; ) ARABIC LIGATURE TEH WITH MEEM WITH YEH FINAL FORM +FDA4;FDA4;FDA4;062A 0645 0649;062A 0645 0649; # (ﶤ; ﶤ; ﶤ; تمى; تمى; ) ARABIC LIGATURE TEH WITH MEEM WITH ALEF MAKSURA FINAL FORM +FDA5;FDA5;FDA5;062C 0645 064A;062C 0645 064A; # (ﶥ; ﶥ; ﶥ; جمي; جمي; ) ARABIC LIGATURE JEEM WITH MEEM WITH YEH FINAL FORM +FDA6;FDA6;FDA6;062C 062D 0649;062C 062D 0649; # (ﶦ; ﶦ; ﶦ; جحى; جحى; ) ARABIC LIGATURE JEEM WITH HAH WITH ALEF MAKSURA FINAL FORM +FDA7;FDA7;FDA7;062C 0645 0649;062C 0645 0649; # (ﶧ; ﶧ; ﶧ; جمى; جمى; ) ARABIC LIGATURE JEEM WITH MEEM WITH ALEF MAKSURA FINAL FORM +FDA8;FDA8;FDA8;0633 062E 0649;0633 062E 0649; # (ﶨ; ﶨ; ﶨ; سخى; سخى; ) ARABIC LIGATURE SEEN WITH KHAH WITH ALEF MAKSURA FINAL FORM +FDA9;FDA9;FDA9;0635 062D 064A;0635 062D 064A; # (ﶩ; ﶩ; ﶩ; صحي; صحي; ) ARABIC LIGATURE SAD WITH HAH WITH YEH FINAL FORM +FDAA;FDAA;FDAA;0634 062D 064A;0634 062D 064A; # (ﶪ; ﶪ; ﶪ; شحي; شحي; ) ARABIC LIGATURE SHEEN WITH HAH WITH YEH FINAL FORM +FDAB;FDAB;FDAB;0636 062D 064A;0636 062D 064A; # (ﶫ; ﶫ; ﶫ; ضحي; ضحي; ) ARABIC LIGATURE DAD WITH HAH WITH YEH FINAL FORM +FDAC;FDAC;FDAC;0644 062C 064A;0644 062C 064A; # (ﶬ; ﶬ; ﶬ; لجي; لجي; ) ARABIC LIGATURE LAM WITH JEEM WITH YEH FINAL FORM +FDAD;FDAD;FDAD;0644 0645 064A;0644 0645 064A; # (ﶭ; ﶭ; ﶭ; لمي; لمي; ) ARABIC LIGATURE LAM WITH MEEM WITH YEH FINAL FORM +FDAE;FDAE;FDAE;064A 062D 064A;064A 062D 064A; # (ﶮ; ﶮ; ﶮ; يحي; يحي; ) ARABIC LIGATURE YEH WITH HAH WITH YEH FINAL FORM +FDAF;FDAF;FDAF;064A 062C 064A;064A 062C 064A; # (ﶯ; ﶯ; ﶯ; يجي; يجي; ) ARABIC LIGATURE YEH WITH JEEM WITH YEH FINAL FORM +FDB0;FDB0;FDB0;064A 0645 064A;064A 0645 064A; # (ﶰ; ﶰ; ﶰ; يمي; يمي; ) ARABIC LIGATURE YEH WITH MEEM WITH YEH FINAL FORM +FDB1;FDB1;FDB1;0645 0645 064A;0645 0645 064A; # (ﶱ; ﶱ; ﶱ; ممي; ممي; ) ARABIC LIGATURE MEEM WITH MEEM WITH YEH FINAL FORM +FDB2;FDB2;FDB2;0642 0645 064A;0642 0645 064A; # (ﶲ; ﶲ; ﶲ; قمي; قمي; ) ARABIC LIGATURE QAF WITH MEEM WITH YEH FINAL FORM +FDB3;FDB3;FDB3;0646 062D 064A;0646 062D 064A; # (ﶳ; ﶳ; ﶳ; نحي; نحي; ) ARABIC LIGATURE NOON WITH HAH WITH YEH FINAL FORM +FDB4;FDB4;FDB4;0642 0645 062D;0642 0645 062D; # (ﶴ; ﶴ; ﶴ; قمح; قمح; ) ARABIC LIGATURE QAF WITH MEEM WITH HAH INITIAL FORM +FDB5;FDB5;FDB5;0644 062D 0645;0644 062D 0645; # (ﶵ; ﶵ; ﶵ; لحم; لحم; ) ARABIC LIGATURE LAM WITH HAH WITH MEEM INITIAL FORM +FDB6;FDB6;FDB6;0639 0645 064A;0639 0645 064A; # (ﶶ; ﶶ; ﶶ; عمي; عمي; ) ARABIC LIGATURE AIN WITH MEEM WITH YEH FINAL FORM +FDB7;FDB7;FDB7;0643 0645 064A;0643 0645 064A; # (ﶷ; ﶷ; ﶷ; كمي; كمي; ) ARABIC LIGATURE KAF WITH MEEM WITH YEH FINAL FORM +FDB8;FDB8;FDB8;0646 062C 062D;0646 062C 062D; # (ﶸ; ﶸ; ﶸ; نجح; نجح; ) ARABIC LIGATURE NOON WITH JEEM WITH HAH INITIAL FORM +FDB9;FDB9;FDB9;0645 062E 064A;0645 062E 064A; # (ﶹ; ﶹ; ﶹ; مخي; مخي; ) ARABIC LIGATURE MEEM WITH KHAH WITH YEH FINAL FORM +FDBA;FDBA;FDBA;0644 062C 0645;0644 062C 0645; # (ﶺ; ﶺ; ﶺ; لجم; لجم; ) ARABIC LIGATURE LAM WITH JEEM WITH MEEM INITIAL FORM +FDBB;FDBB;FDBB;0643 0645 0645;0643 0645 0645; # (ﶻ; ﶻ; ﶻ; كمم; كمم; ) ARABIC LIGATURE KAF WITH MEEM WITH MEEM FINAL FORM +FDBC;FDBC;FDBC;0644 062C 0645;0644 062C 0645; # (ﶼ; ﶼ; ﶼ; لجم; لجم; ) ARABIC LIGATURE LAM WITH JEEM WITH MEEM FINAL FORM +FDBD;FDBD;FDBD;0646 062C 062D;0646 062C 062D; # (ﶽ; ﶽ; ﶽ; نجح; نجح; ) ARABIC LIGATURE NOON WITH JEEM WITH HAH FINAL FORM +FDBE;FDBE;FDBE;062C 062D 064A;062C 062D 064A; # (ﶾ; ﶾ; ﶾ; جحي; جحي; ) ARABIC LIGATURE JEEM WITH HAH WITH YEH FINAL FORM +FDBF;FDBF;FDBF;062D 062C 064A;062D 062C 064A; # (ﶿ; ﶿ; ﶿ; حجي; حجي; ) ARABIC LIGATURE HAH WITH JEEM WITH YEH FINAL FORM +FDC0;FDC0;FDC0;0645 062C 064A;0645 062C 064A; # (ï·€; ï·€; ï·€; مجي; مجي; ) ARABIC LIGATURE MEEM WITH JEEM WITH YEH FINAL FORM +FDC1;FDC1;FDC1;0641 0645 064A;0641 0645 064A; # (ï·; ï·; ï·; Ùمي; Ùمي; ) ARABIC LIGATURE FEH WITH MEEM WITH YEH FINAL FORM +FDC2;FDC2;FDC2;0628 062D 064A;0628 062D 064A; # (ï·‚; ï·‚; ï·‚; بحي; بحي; ) ARABIC LIGATURE BEH WITH HAH WITH YEH FINAL FORM +FDC3;FDC3;FDC3;0643 0645 0645;0643 0645 0645; # (ï·ƒ; ï·ƒ; ï·ƒ; كمم; كمم; ) ARABIC LIGATURE KAF WITH MEEM WITH MEEM INITIAL FORM +FDC4;FDC4;FDC4;0639 062C 0645;0639 062C 0645; # (ï·„; ï·„; ï·„; عجم; عجم; ) ARABIC LIGATURE AIN WITH JEEM WITH MEEM INITIAL FORM +FDC5;FDC5;FDC5;0635 0645 0645;0635 0645 0645; # (ï·…; ï·…; ï·…; صمم; صمم; ) ARABIC LIGATURE SAD WITH MEEM WITH MEEM INITIAL FORM +FDC6;FDC6;FDC6;0633 062E 064A;0633 062E 064A; # (ï·†; ï·†; ï·†; سخي; سخي; ) ARABIC LIGATURE SEEN WITH KHAH WITH YEH FINAL FORM +FDC7;FDC7;FDC7;0646 062C 064A;0646 062C 064A; # (ï·‡; ï·‡; ï·‡; نجي; نجي; ) ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM +FDF0;FDF0;FDF0;0635 0644 06D2;0635 0644 06D2; # (ï·°; ï·°; ï·°; صلے; صلے; ) ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM +FDF1;FDF1;FDF1;0642 0644 06D2;0642 0644 06D2; # (ï·±; ï·±; ï·±; قلے; قلے; ) ARABIC LIGATURE QALA USED AS KORANIC STOP SIGN ISOLATED FORM +FDF2;FDF2;FDF2;0627 0644 0644 0647;0627 0644 0644 0647; # (ï·²; ï·²; ï·²; الله; الله; ) ARABIC LIGATURE ALLAH ISOLATED FORM +FDF3;FDF3;FDF3;0627 0643 0628 0631;0627 0643 0628 0631; # (ï·³; ï·³; ï·³; اكبر; اكبر; ) ARABIC LIGATURE AKBAR ISOLATED FORM +FDF4;FDF4;FDF4;0645 062D 0645 062F;0645 062D 0645 062F; # (ï·´; ï·´; ï·´; محمد; محمد; ) ARABIC LIGATURE MOHAMMAD ISOLATED FORM +FDF5;FDF5;FDF5;0635 0644 0639 0645;0635 0644 0639 0645; # (ï·µ; ï·µ; ï·µ; صلعم; صلعم; ) ARABIC LIGATURE SALAM ISOLATED FORM +FDF6;FDF6;FDF6;0631 0633 0648 0644;0631 0633 0648 0644; # (ï·¶; ï·¶; ï·¶; رسول; رسول; ) ARABIC LIGATURE RASOUL ISOLATED FORM +FDF7;FDF7;FDF7;0639 0644 064A 0647;0639 0644 064A 0647; # (ï··; ï··; ï··; عليه; عليه; ) ARABIC LIGATURE ALAYHE ISOLATED FORM +FDF8;FDF8;FDF8;0648 0633 0644 0645;0648 0633 0644 0645; # (ï·¸; ï·¸; ï·¸; وسلم; وسلم; ) ARABIC LIGATURE WASALLAM ISOLATED FORM +FDF9;FDF9;FDF9;0635 0644 0649;0635 0644 0649; # (ï·¹; ï·¹; ï·¹; صلى; صلى; ) ARABIC LIGATURE SALLA ISOLATED FORM +FDFA;FDFA;FDFA;0635 0644 0649 0020 0627 0644 0644 0647 0020 0639 0644 064A 0647 0020 0648 0633 0644 0645;0635 0644 0649 0020 0627 0644 0644 0647 0020 0639 0644 064A 0647 0020 0648 0633 0644 0645; # (ï·º; ï·º; ï·º; صلى الله عليه وسلم; صلى الله عليه وسلم; ) ARABIC LIGATURE SALLALLAHOU ALAYHE WASALLAM +FDFB;FDFB;FDFB;062C 0644 0020 062C 0644 0627 0644 0647;062C 0644 0020 062C 0644 0627 0644 0647; # (ï·»; ï·»; ï·»; جل جلاله; جل جلاله; ) ARABIC LIGATURE JALLAJALALOUHOU +FDFC;FDFC;FDFC;0631 06CC 0627 0644;0631 06CC 0627 0644; # (ï·¼; ï·¼; ï·¼; ریال; ریال; ) RIAL SIGN +FE30;FE30;FE30;002E 002E;002E 002E; # (︰; ︰; ︰; ..; ..; ) PRESENTATION FORM FOR VERTICAL TWO DOT LEADER +FE31;FE31;FE31;2014;2014; # (︱; ︱; ︱; —; —; ) PRESENTATION FORM FOR VERTICAL EM DASH +FE32;FE32;FE32;2013;2013; # (︲; ︲; ︲; –; –; ) PRESENTATION FORM FOR VERTICAL EN DASH +FE33;FE33;FE33;005F;005F; # (︳; ︳; ︳; _; _; ) PRESENTATION FORM FOR VERTICAL LOW LINE +FE34;FE34;FE34;005F;005F; # (︴; ︴; ︴; _; _; ) PRESENTATION FORM FOR VERTICAL WAVY LOW LINE +FE35;FE35;FE35;0028;0028; # (︵; ︵; ︵; (; (; ) PRESENTATION FORM FOR VERTICAL LEFT PARENTHESIS +FE36;FE36;FE36;0029;0029; # (︶; ︶; ︶; ); ); ) PRESENTATION FORM FOR VERTICAL RIGHT PARENTHESIS +FE37;FE37;FE37;007B;007B; # (︷; ︷; ︷; {; {; ) PRESENTATION FORM FOR VERTICAL LEFT CURLY BRACKET +FE38;FE38;FE38;007D;007D; # (︸; ︸; ︸; }; }; ) PRESENTATION FORM FOR VERTICAL RIGHT CURLY BRACKET +FE39;FE39;FE39;3014;3014; # (︹; ︹; ︹; 〔; 〔; ) PRESENTATION FORM FOR VERTICAL LEFT TORTOISE SHELL BRACKET +FE3A;FE3A;FE3A;3015;3015; # (︺; ︺; ︺; 〕; 〕; ) PRESENTATION FORM FOR VERTICAL RIGHT TORTOISE SHELL BRACKET +FE3B;FE3B;FE3B;3010;3010; # (︻; ︻; ︻; ã€; ã€; ) PRESENTATION FORM FOR VERTICAL LEFT BLACK LENTICULAR BRACKET +FE3C;FE3C;FE3C;3011;3011; # (︼; ︼; ︼; 】; 】; ) PRESENTATION FORM FOR VERTICAL RIGHT BLACK LENTICULAR BRACKET +FE3D;FE3D;FE3D;300A;300A; # (︽; ︽; ︽; 《; 《; ) PRESENTATION FORM FOR VERTICAL LEFT DOUBLE ANGLE BRACKET +FE3E;FE3E;FE3E;300B;300B; # (︾; ︾; ︾; 》; 》; ) PRESENTATION FORM FOR VERTICAL RIGHT DOUBLE ANGLE BRACKET +FE3F;FE3F;FE3F;3008;3008; # (︿; ︿; ︿; 〈; 〈; ) PRESENTATION FORM FOR VERTICAL LEFT ANGLE BRACKET +FE40;FE40;FE40;3009;3009; # (ï¹€; ï¹€; ï¹€; 〉; 〉; ) PRESENTATION FORM FOR VERTICAL RIGHT ANGLE BRACKET +FE41;FE41;FE41;300C;300C; # (ï¹; ï¹; ï¹; 「; 「; ) PRESENTATION FORM FOR VERTICAL LEFT CORNER BRACKET +FE42;FE42;FE42;300D;300D; # (﹂; ﹂; ﹂; ã€; ã€; ) PRESENTATION FORM FOR VERTICAL RIGHT CORNER BRACKET +FE43;FE43;FE43;300E;300E; # (﹃; ﹃; ﹃; 『; 『; ) PRESENTATION FORM FOR VERTICAL LEFT WHITE CORNER BRACKET +FE44;FE44;FE44;300F;300F; # (﹄; ﹄; ﹄; ã€; ã€; ) PRESENTATION FORM FOR VERTICAL RIGHT WHITE CORNER BRACKET +FE47;FE47;FE47;005B;005B; # (﹇; ﹇; ﹇; [; [; ) PRESENTATION FORM FOR VERTICAL LEFT SQUARE BRACKET +FE48;FE48;FE48;005D;005D; # (﹈; ﹈; ﹈; ]; ]; ) PRESENTATION FORM FOR VERTICAL RIGHT SQUARE BRACKET +FE49;FE49;FE49;0020 0305;0020 0305; # (﹉; ﹉; ﹉; ◌̅; ◌̅; ) DASHED OVERLINE +FE4A;FE4A;FE4A;0020 0305;0020 0305; # (﹊; ﹊; ﹊; ◌̅; ◌̅; ) CENTRELINE OVERLINE +FE4B;FE4B;FE4B;0020 0305;0020 0305; # (﹋; ﹋; ﹋; ◌̅; ◌̅; ) WAVY OVERLINE +FE4C;FE4C;FE4C;0020 0305;0020 0305; # (﹌; ﹌; ﹌; ◌̅; ◌̅; ) DOUBLE WAVY OVERLINE +FE4D;FE4D;FE4D;005F;005F; # (ï¹; ï¹; ï¹; _; _; ) DASHED LOW LINE +FE4E;FE4E;FE4E;005F;005F; # (﹎; ﹎; ﹎; _; _; ) CENTRELINE LOW LINE +FE4F;FE4F;FE4F;005F;005F; # (ï¹; ï¹; ï¹; _; _; ) WAVY LOW LINE +FE50;FE50;FE50;002C;002C; # (ï¹; ï¹; ï¹; ,; ,; ) SMALL COMMA +FE51;FE51;FE51;3001;3001; # (﹑; ﹑; ﹑; ã€; ã€; ) SMALL IDEOGRAPHIC COMMA +FE52;FE52;FE52;002E;002E; # (ï¹’; ï¹’; ï¹’; .; .; ) SMALL FULL STOP +FE54;FE54;FE54;003B;003B; # (ï¹”; ï¹”; ï¹”; ;; ;; ) SMALL SEMICOLON +FE55;FE55;FE55;003A;003A; # (﹕; ﹕; ﹕; :; :; ) SMALL COLON +FE56;FE56;FE56;003F;003F; # (ï¹–; ï¹–; ï¹–; ?; ?; ) SMALL QUESTION MARK +FE57;FE57;FE57;0021;0021; # (ï¹—; ï¹—; ï¹—; !; !; ) SMALL EXCLAMATION MARK +FE58;FE58;FE58;2014;2014; # (﹘; ﹘; ﹘; —; —; ) SMALL EM DASH +FE59;FE59;FE59;0028;0028; # (ï¹™; ï¹™; ï¹™; (; (; ) SMALL LEFT PARENTHESIS +FE5A;FE5A;FE5A;0029;0029; # (﹚; ﹚; ﹚; ); ); ) SMALL RIGHT PARENTHESIS +FE5B;FE5B;FE5B;007B;007B; # (ï¹›; ï¹›; ï¹›; {; {; ) SMALL LEFT CURLY BRACKET +FE5C;FE5C;FE5C;007D;007D; # (﹜; ﹜; ﹜; }; }; ) SMALL RIGHT CURLY BRACKET +FE5D;FE5D;FE5D;3014;3014; # (ï¹; ï¹; ï¹; 〔; 〔; ) SMALL LEFT TORTOISE SHELL BRACKET +FE5E;FE5E;FE5E;3015;3015; # (﹞; ﹞; ﹞; 〕; 〕; ) SMALL RIGHT TORTOISE SHELL BRACKET +FE5F;FE5F;FE5F;0023;0023; # (﹟; ﹟; ﹟; #; #; ) SMALL NUMBER SIGN +FE60;FE60;FE60;0026;0026; # (ï¹ ; ï¹ ; ï¹ ; &; &; ) SMALL AMPERSAND +FE61;FE61;FE61;002A;002A; # (﹡; ﹡; ﹡; *; *; ) SMALL ASTERISK +FE62;FE62;FE62;002B;002B; # (ï¹¢; ï¹¢; ï¹¢; +; +; ) SMALL PLUS SIGN +FE63;FE63;FE63;002D;002D; # (ï¹£; ï¹£; ï¹£; -; -; ) SMALL HYPHEN-MINUS +FE64;FE64;FE64;003C;003C; # (﹤; ﹤; ﹤; <; <; ) SMALL LESS-THAN SIGN +FE65;FE65;FE65;003E;003E; # (ï¹¥; ï¹¥; ï¹¥; >; >; ) SMALL GREATER-THAN SIGN +FE66;FE66;FE66;003D;003D; # (﹦; ﹦; ﹦; =; =; ) SMALL EQUALS SIGN +FE68;FE68;FE68;005C;005C; # (﹨; ﹨; ﹨; \; \; ) SMALL REVERSE SOLIDUS +FE69;FE69;FE69;0024;0024; # (﹩; ﹩; ﹩; $; $; ) SMALL DOLLAR SIGN +FE6A;FE6A;FE6A;0025;0025; # (﹪; ﹪; ﹪; %; %; ) SMALL PERCENT SIGN +FE6B;FE6B;FE6B;0040;0040; # (﹫; ﹫; ﹫; @; @; ) SMALL COMMERCIAL AT +FE70;FE70;FE70;0020 064B;0020 064B; # (ï¹°; ï¹°; ï¹°; ◌ً; ◌ً; ) ARABIC FATHATAN ISOLATED FORM +FE71;FE71;FE71;0640 064B;0640 064B; # (ï¹±; ï¹±; ï¹±; ـ◌ً; ـ◌ً; ) ARABIC TATWEEL WITH FATHATAN ABOVE +FE72;FE72;FE72;0020 064C;0020 064C; # (ï¹²; ï¹²; ï¹²; ◌ٌ; ◌ٌ; ) ARABIC DAMMATAN ISOLATED FORM +FE74;FE74;FE74;0020 064D;0020 064D; # (ï¹´; ï¹´; ï¹´; â—ŒÙ; â—ŒÙ; ) ARABIC KASRATAN ISOLATED FORM +FE76;FE76;FE76;0020 064E;0020 064E; # (ﹶ; ﹶ; ﹶ; ◌َ; ◌َ; ) ARABIC FATHA ISOLATED FORM +FE77;FE77;FE77;0640 064E;0640 064E; # (ï¹·; ï¹·; ï¹·; ـ◌َ; ـ◌َ; ) ARABIC FATHA MEDIAL FORM +FE78;FE78;FE78;0020 064F;0020 064F; # (ﹸ; ﹸ; ﹸ; â—ŒÙ; â—ŒÙ; ) ARABIC DAMMA ISOLATED FORM +FE79;FE79;FE79;0640 064F;0640 064F; # (ï¹¹; ï¹¹; ï¹¹; ـ◌Ù; ـ◌Ù; ) ARABIC DAMMA MEDIAL FORM +FE7A;FE7A;FE7A;0020 0650;0020 0650; # (ﹺ; ﹺ; ﹺ; â—ŒÙ; â—ŒÙ; ) ARABIC KASRA ISOLATED FORM +FE7B;FE7B;FE7B;0640 0650;0640 0650; # (ï¹»; ï¹»; ï¹»; ـ◌Ù; ـ◌Ù; ) ARABIC KASRA MEDIAL FORM +FE7C;FE7C;FE7C;0020 0651;0020 0651; # (ï¹¼; ï¹¼; ï¹¼; ◌ّ; ◌ّ; ) ARABIC SHADDA ISOLATED FORM +FE7D;FE7D;FE7D;0640 0651;0640 0651; # (ï¹½; ï¹½; ï¹½; ـ◌ّ; ـ◌ّ; ) ARABIC SHADDA MEDIAL FORM +FE7E;FE7E;FE7E;0020 0652;0020 0652; # (ï¹¾; ï¹¾; ï¹¾; ◌ْ; ◌ْ; ) ARABIC SUKUN ISOLATED FORM +FE7F;FE7F;FE7F;0640 0652;0640 0652; # (ﹿ; ﹿ; ﹿ; ـ◌ْ; ـ◌ْ; ) ARABIC SUKUN MEDIAL FORM +FE80;FE80;FE80;0621;0621; # (ﺀ; ﺀ; ﺀ; Ø¡; Ø¡; ) ARABIC LETTER HAMZA ISOLATED FORM +FE81;FE81;FE81;0622;0627 0653; # (ïº; ïº; ïº; Ø¢; ا◌ٓ; ) ARABIC LETTER ALEF WITH MADDA ABOVE ISOLATED FORM +FE82;FE82;FE82;0622;0627 0653; # (ﺂ; ﺂ; ﺂ; Ø¢; ا◌ٓ; ) ARABIC LETTER ALEF WITH MADDA ABOVE FINAL FORM +FE83;FE83;FE83;0623;0627 0654; # (ﺃ; ﺃ; ﺃ; Ø£; ا◌ٔ; ) ARABIC LETTER ALEF WITH HAMZA ABOVE ISOLATED FORM +FE84;FE84;FE84;0623;0627 0654; # (ﺄ; ﺄ; ﺄ; Ø£; ا◌ٔ; ) ARABIC LETTER ALEF WITH HAMZA ABOVE FINAL FORM +FE85;FE85;FE85;0624;0648 0654; # (ﺅ; ﺅ; ﺅ; ؤ; و◌ٔ; ) ARABIC LETTER WAW WITH HAMZA ABOVE ISOLATED FORM +FE86;FE86;FE86;0624;0648 0654; # (ﺆ; ﺆ; ﺆ; ؤ; و◌ٔ; ) ARABIC LETTER WAW WITH HAMZA ABOVE FINAL FORM +FE87;FE87;FE87;0625;0627 0655; # (ﺇ; ﺇ; ﺇ; Ø¥; ا◌ٕ; ) ARABIC LETTER ALEF WITH HAMZA BELOW ISOLATED FORM +FE88;FE88;FE88;0625;0627 0655; # (ﺈ; ﺈ; ﺈ; Ø¥; ا◌ٕ; ) ARABIC LETTER ALEF WITH HAMZA BELOW FINAL FORM +FE89;FE89;FE89;0626;064A 0654; # (ﺉ; ﺉ; ﺉ; ئ; ي◌ٔ; ) ARABIC LETTER YEH WITH HAMZA ABOVE ISOLATED FORM +FE8A;FE8A;FE8A;0626;064A 0654; # (ﺊ; ﺊ; ﺊ; ئ; ي◌ٔ; ) ARABIC LETTER YEH WITH HAMZA ABOVE FINAL FORM +FE8B;FE8B;FE8B;0626;064A 0654; # (ﺋ; ﺋ; ﺋ; ئ; ي◌ٔ; ) ARABIC LETTER YEH WITH HAMZA ABOVE INITIAL FORM +FE8C;FE8C;FE8C;0626;064A 0654; # (ﺌ; ﺌ; ﺌ; ئ; ي◌ٔ; ) ARABIC LETTER YEH WITH HAMZA ABOVE MEDIAL FORM +FE8D;FE8D;FE8D;0627;0627; # (ïº; ïº; ïº; ا; ا; ) ARABIC LETTER ALEF ISOLATED FORM +FE8E;FE8E;FE8E;0627;0627; # (ﺎ; ﺎ; ﺎ; ا; ا; ) ARABIC LETTER ALEF FINAL FORM +FE8F;FE8F;FE8F;0628;0628; # (ïº; ïº; ïº; ب; ب; ) ARABIC LETTER BEH ISOLATED FORM +FE90;FE90;FE90;0628;0628; # (ïº; ïº; ïº; ب; ب; ) ARABIC LETTER BEH FINAL FORM +FE91;FE91;FE91;0628;0628; # (ﺑ; ﺑ; ﺑ; ب; ب; ) ARABIC LETTER BEH INITIAL FORM +FE92;FE92;FE92;0628;0628; # (ﺒ; ﺒ; ﺒ; ب; ب; ) ARABIC LETTER BEH MEDIAL FORM +FE93;FE93;FE93;0629;0629; # (ﺓ; ﺓ; ﺓ; Ø©; Ø©; ) ARABIC LETTER TEH MARBUTA ISOLATED FORM +FE94;FE94;FE94;0629;0629; # (ﺔ; ﺔ; ﺔ; Ø©; Ø©; ) ARABIC LETTER TEH MARBUTA FINAL FORM +FE95;FE95;FE95;062A;062A; # (ﺕ; ﺕ; ﺕ; ت; ت; ) ARABIC LETTER TEH ISOLATED FORM +FE96;FE96;FE96;062A;062A; # (ﺖ; ﺖ; ﺖ; ت; ت; ) ARABIC LETTER TEH FINAL FORM +FE97;FE97;FE97;062A;062A; # (ﺗ; ﺗ; ﺗ; ت; ت; ) ARABIC LETTER TEH INITIAL FORM +FE98;FE98;FE98;062A;062A; # (ﺘ; ﺘ; ﺘ; ت; ت; ) ARABIC LETTER TEH MEDIAL FORM +FE99;FE99;FE99;062B;062B; # (ﺙ; ﺙ; ﺙ; Ø«; Ø«; ) ARABIC LETTER THEH ISOLATED FORM +FE9A;FE9A;FE9A;062B;062B; # (ﺚ; ﺚ; ﺚ; Ø«; Ø«; ) ARABIC LETTER THEH FINAL FORM +FE9B;FE9B;FE9B;062B;062B; # (ﺛ; ﺛ; ﺛ; Ø«; Ø«; ) ARABIC LETTER THEH INITIAL FORM +FE9C;FE9C;FE9C;062B;062B; # (ﺜ; ﺜ; ﺜ; Ø«; Ø«; ) ARABIC LETTER THEH MEDIAL FORM +FE9D;FE9D;FE9D;062C;062C; # (ïº; ïº; ïº; ج; ج; ) ARABIC LETTER JEEM ISOLATED FORM +FE9E;FE9E;FE9E;062C;062C; # (ﺞ; ﺞ; ﺞ; ج; ج; ) ARABIC LETTER JEEM FINAL FORM +FE9F;FE9F;FE9F;062C;062C; # (ﺟ; ﺟ; ﺟ; ج; ج; ) ARABIC LETTER JEEM INITIAL FORM +FEA0;FEA0;FEA0;062C;062C; # (ﺠ; ﺠ; ﺠ; ج; ج; ) ARABIC LETTER JEEM MEDIAL FORM +FEA1;FEA1;FEA1;062D;062D; # (ﺡ; ﺡ; ﺡ; Ø­; Ø­; ) ARABIC LETTER HAH ISOLATED FORM +FEA2;FEA2;FEA2;062D;062D; # (ﺢ; ﺢ; ﺢ; Ø­; Ø­; ) ARABIC LETTER HAH FINAL FORM +FEA3;FEA3;FEA3;062D;062D; # (ﺣ; ﺣ; ﺣ; Ø­; Ø­; ) ARABIC LETTER HAH INITIAL FORM +FEA4;FEA4;FEA4;062D;062D; # (ﺤ; ﺤ; ﺤ; Ø­; Ø­; ) ARABIC LETTER HAH MEDIAL FORM +FEA5;FEA5;FEA5;062E;062E; # (ﺥ; ﺥ; ﺥ; Ø®; Ø®; ) ARABIC LETTER KHAH ISOLATED FORM +FEA6;FEA6;FEA6;062E;062E; # (ﺦ; ﺦ; ﺦ; Ø®; Ø®; ) ARABIC LETTER KHAH FINAL FORM +FEA7;FEA7;FEA7;062E;062E; # (ﺧ; ﺧ; ﺧ; Ø®; Ø®; ) ARABIC LETTER KHAH INITIAL FORM +FEA8;FEA8;FEA8;062E;062E; # (ﺨ; ﺨ; ﺨ; Ø®; Ø®; ) ARABIC LETTER KHAH MEDIAL FORM +FEA9;FEA9;FEA9;062F;062F; # (ﺩ; ﺩ; ﺩ; د; د; ) ARABIC LETTER DAL ISOLATED FORM +FEAA;FEAA;FEAA;062F;062F; # (ﺪ; ﺪ; ﺪ; د; د; ) ARABIC LETTER DAL FINAL FORM +FEAB;FEAB;FEAB;0630;0630; # (ﺫ; ﺫ; ﺫ; Ø°; Ø°; ) ARABIC LETTER THAL ISOLATED FORM +FEAC;FEAC;FEAC;0630;0630; # (ﺬ; ﺬ; ﺬ; Ø°; Ø°; ) ARABIC LETTER THAL FINAL FORM +FEAD;FEAD;FEAD;0631;0631; # (ﺭ; ﺭ; ﺭ; ر; ر; ) ARABIC LETTER REH ISOLATED FORM +FEAE;FEAE;FEAE;0631;0631; # (ﺮ; ﺮ; ﺮ; ر; ر; ) ARABIC LETTER REH FINAL FORM +FEAF;FEAF;FEAF;0632;0632; # (ﺯ; ﺯ; ﺯ; ز; ز; ) ARABIC LETTER ZAIN ISOLATED FORM +FEB0;FEB0;FEB0;0632;0632; # (ﺰ; ﺰ; ﺰ; ز; ز; ) ARABIC LETTER ZAIN FINAL FORM +FEB1;FEB1;FEB1;0633;0633; # (ﺱ; ﺱ; ﺱ; س; س; ) ARABIC LETTER SEEN ISOLATED FORM +FEB2;FEB2;FEB2;0633;0633; # (ﺲ; ﺲ; ﺲ; س; س; ) ARABIC LETTER SEEN FINAL FORM +FEB3;FEB3;FEB3;0633;0633; # (ﺳ; ﺳ; ﺳ; س; س; ) ARABIC LETTER SEEN INITIAL FORM +FEB4;FEB4;FEB4;0633;0633; # (ﺴ; ﺴ; ﺴ; س; س; ) ARABIC LETTER SEEN MEDIAL FORM +FEB5;FEB5;FEB5;0634;0634; # (ﺵ; ﺵ; ﺵ; Ø´; Ø´; ) ARABIC LETTER SHEEN ISOLATED FORM +FEB6;FEB6;FEB6;0634;0634; # (ﺶ; ﺶ; ﺶ; Ø´; Ø´; ) ARABIC LETTER SHEEN FINAL FORM +FEB7;FEB7;FEB7;0634;0634; # (ﺷ; ﺷ; ﺷ; Ø´; Ø´; ) ARABIC LETTER SHEEN INITIAL FORM +FEB8;FEB8;FEB8;0634;0634; # (ﺸ; ﺸ; ﺸ; Ø´; Ø´; ) ARABIC LETTER SHEEN MEDIAL FORM +FEB9;FEB9;FEB9;0635;0635; # (ﺹ; ﺹ; ﺹ; ص; ص; ) ARABIC LETTER SAD ISOLATED FORM +FEBA;FEBA;FEBA;0635;0635; # (ﺺ; ﺺ; ﺺ; ص; ص; ) ARABIC LETTER SAD FINAL FORM +FEBB;FEBB;FEBB;0635;0635; # (ﺻ; ﺻ; ﺻ; ص; ص; ) ARABIC LETTER SAD INITIAL FORM +FEBC;FEBC;FEBC;0635;0635; # (ﺼ; ﺼ; ﺼ; ص; ص; ) ARABIC LETTER SAD MEDIAL FORM +FEBD;FEBD;FEBD;0636;0636; # (ﺽ; ﺽ; ﺽ; ض; ض; ) ARABIC LETTER DAD ISOLATED FORM +FEBE;FEBE;FEBE;0636;0636; # (ﺾ; ﺾ; ﺾ; ض; ض; ) ARABIC LETTER DAD FINAL FORM +FEBF;FEBF;FEBF;0636;0636; # (ﺿ; ﺿ; ﺿ; ض; ض; ) ARABIC LETTER DAD INITIAL FORM +FEC0;FEC0;FEC0;0636;0636; # (ﻀ; ﻀ; ﻀ; ض; ض; ) ARABIC LETTER DAD MEDIAL FORM +FEC1;FEC1;FEC1;0637;0637; # (ï»; ï»; ï»; Ø·; Ø·; ) ARABIC LETTER TAH ISOLATED FORM +FEC2;FEC2;FEC2;0637;0637; # (ﻂ; ﻂ; ﻂ; Ø·; Ø·; ) ARABIC LETTER TAH FINAL FORM +FEC3;FEC3;FEC3;0637;0637; # (ﻃ; ﻃ; ﻃ; Ø·; Ø·; ) ARABIC LETTER TAH INITIAL FORM +FEC4;FEC4;FEC4;0637;0637; # (ﻄ; ﻄ; ﻄ; Ø·; Ø·; ) ARABIC LETTER TAH MEDIAL FORM +FEC5;FEC5;FEC5;0638;0638; # (ï»…; ï»…; ï»…; ظ; ظ; ) ARABIC LETTER ZAH ISOLATED FORM +FEC6;FEC6;FEC6;0638;0638; # (ﻆ; ﻆ; ﻆ; ظ; ظ; ) ARABIC LETTER ZAH FINAL FORM +FEC7;FEC7;FEC7;0638;0638; # (ﻇ; ﻇ; ﻇ; ظ; ظ; ) ARABIC LETTER ZAH INITIAL FORM +FEC8;FEC8;FEC8;0638;0638; # (ﻈ; ﻈ; ﻈ; ظ; ظ; ) ARABIC LETTER ZAH MEDIAL FORM +FEC9;FEC9;FEC9;0639;0639; # (ﻉ; ﻉ; ﻉ; ع; ع; ) ARABIC LETTER AIN ISOLATED FORM +FECA;FECA;FECA;0639;0639; # (ﻊ; ﻊ; ﻊ; ع; ع; ) ARABIC LETTER AIN FINAL FORM +FECB;FECB;FECB;0639;0639; # (ﻋ; ﻋ; ﻋ; ع; ع; ) ARABIC LETTER AIN INITIAL FORM +FECC;FECC;FECC;0639;0639; # (ﻌ; ﻌ; ﻌ; ع; ع; ) ARABIC LETTER AIN MEDIAL FORM +FECD;FECD;FECD;063A;063A; # (ï»; ï»; ï»; غ; غ; ) ARABIC LETTER GHAIN ISOLATED FORM +FECE;FECE;FECE;063A;063A; # (ﻎ; ﻎ; ﻎ; غ; غ; ) ARABIC LETTER GHAIN FINAL FORM +FECF;FECF;FECF;063A;063A; # (ï»; ï»; ï»; غ; غ; ) ARABIC LETTER GHAIN INITIAL FORM +FED0;FED0;FED0;063A;063A; # (ï»; ï»; ï»; غ; غ; ) ARABIC LETTER GHAIN MEDIAL FORM +FED1;FED1;FED1;0641;0641; # (ﻑ; ﻑ; ﻑ; Ù; Ù; ) ARABIC LETTER FEH ISOLATED FORM +FED2;FED2;FED2;0641;0641; # (ï»’; ï»’; ï»’; Ù; Ù; ) ARABIC LETTER FEH FINAL FORM +FED3;FED3;FED3;0641;0641; # (ﻓ; ﻓ; ﻓ; Ù; Ù; ) ARABIC LETTER FEH INITIAL FORM +FED4;FED4;FED4;0641;0641; # (ï»”; ï»”; ï»”; Ù; Ù; ) ARABIC LETTER FEH MEDIAL FORM +FED5;FED5;FED5;0642;0642; # (ﻕ; ﻕ; ﻕ; Ù‚; Ù‚; ) ARABIC LETTER QAF ISOLATED FORM +FED6;FED6;FED6;0642;0642; # (ï»–; ï»–; ï»–; Ù‚; Ù‚; ) ARABIC LETTER QAF FINAL FORM +FED7;FED7;FED7;0642;0642; # (ï»—; ï»—; ï»—; Ù‚; Ù‚; ) ARABIC LETTER QAF INITIAL FORM +FED8;FED8;FED8;0642;0642; # (ﻘ; ﻘ; ﻘ; Ù‚; Ù‚; ) ARABIC LETTER QAF MEDIAL FORM +FED9;FED9;FED9;0643;0643; # (ï»™; ï»™; ï»™; Ùƒ; Ùƒ; ) ARABIC LETTER KAF ISOLATED FORM +FEDA;FEDA;FEDA;0643;0643; # (ﻚ; ﻚ; ﻚ; Ùƒ; Ùƒ; ) ARABIC LETTER KAF FINAL FORM +FEDB;FEDB;FEDB;0643;0643; # (ï»›; ï»›; ï»›; Ùƒ; Ùƒ; ) ARABIC LETTER KAF INITIAL FORM +FEDC;FEDC;FEDC;0643;0643; # (ﻜ; ﻜ; ﻜ; Ùƒ; Ùƒ; ) ARABIC LETTER KAF MEDIAL FORM +FEDD;FEDD;FEDD;0644;0644; # (ï»; ï»; ï»; Ù„; Ù„; ) ARABIC LETTER LAM ISOLATED FORM +FEDE;FEDE;FEDE;0644;0644; # (ﻞ; ﻞ; ﻞ; Ù„; Ù„; ) ARABIC LETTER LAM FINAL FORM +FEDF;FEDF;FEDF;0644;0644; # (ﻟ; ﻟ; ﻟ; Ù„; Ù„; ) ARABIC LETTER LAM INITIAL FORM +FEE0;FEE0;FEE0;0644;0644; # (ï» ; ï» ; ï» ; Ù„; Ù„; ) ARABIC LETTER LAM MEDIAL FORM +FEE1;FEE1;FEE1;0645;0645; # (ﻡ; ﻡ; ﻡ; Ù…; Ù…; ) ARABIC LETTER MEEM ISOLATED FORM +FEE2;FEE2;FEE2;0645;0645; # (ﻢ; ﻢ; ﻢ; Ù…; Ù…; ) ARABIC LETTER MEEM FINAL FORM +FEE3;FEE3;FEE3;0645;0645; # (ﻣ; ﻣ; ﻣ; Ù…; Ù…; ) ARABIC LETTER MEEM INITIAL FORM +FEE4;FEE4;FEE4;0645;0645; # (ﻤ; ﻤ; ﻤ; Ù…; Ù…; ) ARABIC LETTER MEEM MEDIAL FORM +FEE5;FEE5;FEE5;0646;0646; # (ﻥ; ﻥ; ﻥ; Ù†; Ù†; ) ARABIC LETTER NOON ISOLATED FORM +FEE6;FEE6;FEE6;0646;0646; # (ﻦ; ﻦ; ﻦ; Ù†; Ù†; ) ARABIC LETTER NOON FINAL FORM +FEE7;FEE7;FEE7;0646;0646; # (ﻧ; ﻧ; ﻧ; Ù†; Ù†; ) ARABIC LETTER NOON INITIAL FORM +FEE8;FEE8;FEE8;0646;0646; # (ﻨ; ﻨ; ﻨ; Ù†; Ù†; ) ARABIC LETTER NOON MEDIAL FORM +FEE9;FEE9;FEE9;0647;0647; # (ﻩ; ﻩ; ﻩ; Ù‡; Ù‡; ) ARABIC LETTER HEH ISOLATED FORM +FEEA;FEEA;FEEA;0647;0647; # (ﻪ; ﻪ; ﻪ; Ù‡; Ù‡; ) ARABIC LETTER HEH FINAL FORM +FEEB;FEEB;FEEB;0647;0647; # (ﻫ; ﻫ; ﻫ; Ù‡; Ù‡; ) ARABIC LETTER HEH INITIAL FORM +FEEC;FEEC;FEEC;0647;0647; # (ﻬ; ﻬ; ﻬ; Ù‡; Ù‡; ) ARABIC LETTER HEH MEDIAL FORM +FEED;FEED;FEED;0648;0648; # (ï»­; ï»­; ï»­; Ùˆ; Ùˆ; ) ARABIC LETTER WAW ISOLATED FORM +FEEE;FEEE;FEEE;0648;0648; # (ï»®; ï»®; ï»®; Ùˆ; Ùˆ; ) ARABIC LETTER WAW FINAL FORM +FEEF;FEEF;FEEF;0649;0649; # (ﻯ; ﻯ; ﻯ; Ù‰; Ù‰; ) ARABIC LETTER ALEF MAKSURA ISOLATED FORM +FEF0;FEF0;FEF0;0649;0649; # (ï»°; ï»°; ï»°; Ù‰; Ù‰; ) ARABIC LETTER ALEF MAKSURA FINAL FORM +FEF1;FEF1;FEF1;064A;064A; # (ï»±; ï»±; ï»±; ÙŠ; ÙŠ; ) ARABIC LETTER YEH ISOLATED FORM +FEF2;FEF2;FEF2;064A;064A; # (ﻲ; ﻲ; ﻲ; ÙŠ; ÙŠ; ) ARABIC LETTER YEH FINAL FORM +FEF3;FEF3;FEF3;064A;064A; # (ﻳ; ﻳ; ﻳ; ÙŠ; ÙŠ; ) ARABIC LETTER YEH INITIAL FORM +FEF4;FEF4;FEF4;064A;064A; # (ï»´; ï»´; ï»´; ÙŠ; ÙŠ; ) ARABIC LETTER YEH MEDIAL FORM +FEF5;FEF5;FEF5;0644 0622;0644 0627 0653; # (ﻵ; ﻵ; ﻵ; لآ; لا◌ٓ; ) ARABIC LIGATURE LAM WITH ALEF WITH MADDA ABOVE ISOLATED FORM +FEF6;FEF6;FEF6;0644 0622;0644 0627 0653; # (ﻶ; ﻶ; ﻶ; لآ; لا◌ٓ; ) ARABIC LIGATURE LAM WITH ALEF WITH MADDA ABOVE FINAL FORM +FEF7;FEF7;FEF7;0644 0623;0644 0627 0654; # (ï»·; ï»·; ï»·; لأ; لا◌ٔ; ) ARABIC LIGATURE LAM WITH ALEF WITH HAMZA ABOVE ISOLATED FORM +FEF8;FEF8;FEF8;0644 0623;0644 0627 0654; # (ﻸ; ﻸ; ﻸ; لأ; لا◌ٔ; ) ARABIC LIGATURE LAM WITH ALEF WITH HAMZA ABOVE FINAL FORM +FEF9;FEF9;FEF9;0644 0625;0644 0627 0655; # (ﻹ; ﻹ; ﻹ; لإ; لا◌ٕ; ) ARABIC LIGATURE LAM WITH ALEF WITH HAMZA BELOW ISOLATED FORM +FEFA;FEFA;FEFA;0644 0625;0644 0627 0655; # (ﻺ; ﻺ; ﻺ; لإ; لا◌ٕ; ) ARABIC LIGATURE LAM WITH ALEF WITH HAMZA BELOW FINAL FORM +FEFB;FEFB;FEFB;0644 0627;0644 0627; # (ï»»; ï»»; ï»»; لا; لا; ) ARABIC LIGATURE LAM WITH ALEF ISOLATED FORM +FEFC;FEFC;FEFC;0644 0627;0644 0627; # (ﻼ; ﻼ; ﻼ; لا; لا; ) ARABIC LIGATURE LAM WITH ALEF FINAL FORM +FF01;FF01;FF01;0021;0021; # (ï¼; ï¼; ï¼; !; !; ) FULLWIDTH EXCLAMATION MARK +FF02;FF02;FF02;0022;0022; # ("; "; "; "; "; ) FULLWIDTH QUOTATION MARK +FF03;FF03;FF03;0023;0023; # (#; #; #; #; #; ) FULLWIDTH NUMBER SIGN +FF04;FF04;FF04;0024;0024; # ($; $; $; $; $; ) FULLWIDTH DOLLAR SIGN +FF05;FF05;FF05;0025;0025; # (ï¼…; ï¼…; ï¼…; %; %; ) FULLWIDTH PERCENT SIGN +FF06;FF06;FF06;0026;0026; # (&; &; &; &; &; ) FULLWIDTH AMPERSAND +FF07;FF07;FF07;0027;0027; # ('; '; '; '; '; ) FULLWIDTH APOSTROPHE +FF08;FF08;FF08;0028;0028; # ((; (; (; (; (; ) FULLWIDTH LEFT PARENTHESIS +FF09;FF09;FF09;0029;0029; # (); ); ); ); ); ) FULLWIDTH RIGHT PARENTHESIS +FF0A;FF0A;FF0A;002A;002A; # (*; *; *; *; *; ) FULLWIDTH ASTERISK +FF0B;FF0B;FF0B;002B;002B; # (+; +; +; +; +; ) FULLWIDTH PLUS SIGN +FF0C;FF0C;FF0C;002C;002C; # (,; ,; ,; ,; ,; ) FULLWIDTH COMMA +FF0D;FF0D;FF0D;002D;002D; # (ï¼; ï¼; ï¼; -; -; ) FULLWIDTH HYPHEN-MINUS +FF0E;FF0E;FF0E;002E;002E; # (.; .; .; .; .; ) FULLWIDTH FULL STOP +FF0F;FF0F;FF0F;002F;002F; # (ï¼; ï¼; ï¼; /; /; ) FULLWIDTH SOLIDUS +FF10;FF10;FF10;0030;0030; # (ï¼; ï¼; ï¼; 0; 0; ) FULLWIDTH DIGIT ZERO +FF11;FF11;FF11;0031;0031; # (1; 1; 1; 1; 1; ) FULLWIDTH DIGIT ONE +FF12;FF12;FF12;0032;0032; # (ï¼’; ï¼’; ï¼’; 2; 2; ) FULLWIDTH DIGIT TWO +FF13;FF13;FF13;0033;0033; # (3; 3; 3; 3; 3; ) FULLWIDTH DIGIT THREE +FF14;FF14;FF14;0034;0034; # (ï¼”; ï¼”; ï¼”; 4; 4; ) FULLWIDTH DIGIT FOUR +FF15;FF15;FF15;0035;0035; # (5; 5; 5; 5; 5; ) FULLWIDTH DIGIT FIVE +FF16;FF16;FF16;0036;0036; # (ï¼–; ï¼–; ï¼–; 6; 6; ) FULLWIDTH DIGIT SIX +FF17;FF17;FF17;0037;0037; # (ï¼—; ï¼—; ï¼—; 7; 7; ) FULLWIDTH DIGIT SEVEN +FF18;FF18;FF18;0038;0038; # (8; 8; 8; 8; 8; ) FULLWIDTH DIGIT EIGHT +FF19;FF19;FF19;0039;0039; # (ï¼™; ï¼™; ï¼™; 9; 9; ) FULLWIDTH DIGIT NINE +FF1A;FF1A;FF1A;003A;003A; # (:; :; :; :; :; ) FULLWIDTH COLON +FF1B;FF1B;FF1B;003B;003B; # (ï¼›; ï¼›; ï¼›; ;; ;; ) FULLWIDTH SEMICOLON +FF1C;FF1C;FF1C;003C;003C; # (<; <; <; <; <; ) FULLWIDTH LESS-THAN SIGN +FF1D;FF1D;FF1D;003D;003D; # (ï¼; ï¼; ï¼; =; =; ) FULLWIDTH EQUALS SIGN +FF1E;FF1E;FF1E;003E;003E; # (>; >; >; >; >; ) FULLWIDTH GREATER-THAN SIGN +FF1F;FF1F;FF1F;003F;003F; # (?; ?; ?; ?; ?; ) FULLWIDTH QUESTION MARK +FF20;FF20;FF20;0040;0040; # (ï¼ ; ï¼ ; ï¼ ; @; @; ) FULLWIDTH COMMERCIAL AT +FF21;FF21;FF21;0041;0041; # (A; A; A; A; A; ) FULLWIDTH LATIN CAPITAL LETTER A +FF22;FF22;FF22;0042;0042; # (ï¼¢; ï¼¢; ï¼¢; B; B; ) FULLWIDTH LATIN CAPITAL LETTER B +FF23;FF23;FF23;0043;0043; # (ï¼£; ï¼£; ï¼£; C; C; ) FULLWIDTH LATIN CAPITAL LETTER C +FF24;FF24;FF24;0044;0044; # (D; D; D; D; D; ) FULLWIDTH LATIN CAPITAL LETTER D +FF25;FF25;FF25;0045;0045; # (ï¼¥; ï¼¥; ï¼¥; E; E; ) FULLWIDTH LATIN CAPITAL LETTER E +FF26;FF26;FF26;0046;0046; # (F; F; F; F; F; ) FULLWIDTH LATIN CAPITAL LETTER F +FF27;FF27;FF27;0047;0047; # (G; G; G; G; G; ) FULLWIDTH LATIN CAPITAL LETTER G +FF28;FF28;FF28;0048;0048; # (H; H; H; H; H; ) FULLWIDTH LATIN CAPITAL LETTER H +FF29;FF29;FF29;0049;0049; # (I; I; I; I; I; ) FULLWIDTH LATIN CAPITAL LETTER I +FF2A;FF2A;FF2A;004A;004A; # (J; J; J; J; J; ) FULLWIDTH LATIN CAPITAL LETTER J +FF2B;FF2B;FF2B;004B;004B; # (K; K; K; K; K; ) FULLWIDTH LATIN CAPITAL LETTER K +FF2C;FF2C;FF2C;004C;004C; # (L; L; L; L; L; ) FULLWIDTH LATIN CAPITAL LETTER L +FF2D;FF2D;FF2D;004D;004D; # (ï¼­; ï¼­; ï¼­; M; M; ) FULLWIDTH LATIN CAPITAL LETTER M +FF2E;FF2E;FF2E;004E;004E; # (ï¼®; ï¼®; ï¼®; N; N; ) FULLWIDTH LATIN CAPITAL LETTER N +FF2F;FF2F;FF2F;004F;004F; # (O; O; O; O; O; ) FULLWIDTH LATIN CAPITAL LETTER O +FF30;FF30;FF30;0050;0050; # (ï¼°; ï¼°; ï¼°; P; P; ) FULLWIDTH LATIN CAPITAL LETTER P +FF31;FF31;FF31;0051;0051; # (ï¼±; ï¼±; ï¼±; Q; Q; ) FULLWIDTH LATIN CAPITAL LETTER Q +FF32;FF32;FF32;0052;0052; # (ï¼²; ï¼²; ï¼²; R; R; ) FULLWIDTH LATIN CAPITAL LETTER R +FF33;FF33;FF33;0053;0053; # (ï¼³; ï¼³; ï¼³; S; S; ) FULLWIDTH LATIN CAPITAL LETTER S +FF34;FF34;FF34;0054;0054; # (ï¼´; ï¼´; ï¼´; T; T; ) FULLWIDTH LATIN CAPITAL LETTER T +FF35;FF35;FF35;0055;0055; # (ï¼µ; ï¼µ; ï¼µ; U; U; ) FULLWIDTH LATIN CAPITAL LETTER U +FF36;FF36;FF36;0056;0056; # (V; V; V; V; V; ) FULLWIDTH LATIN CAPITAL LETTER V +FF37;FF37;FF37;0057;0057; # (ï¼·; ï¼·; ï¼·; W; W; ) FULLWIDTH LATIN CAPITAL LETTER W +FF38;FF38;FF38;0058;0058; # (X; X; X; X; X; ) FULLWIDTH LATIN CAPITAL LETTER X +FF39;FF39;FF39;0059;0059; # (ï¼¹; ï¼¹; ï¼¹; Y; Y; ) FULLWIDTH LATIN CAPITAL LETTER Y +FF3A;FF3A;FF3A;005A;005A; # (Z; Z; Z; Z; Z; ) FULLWIDTH LATIN CAPITAL LETTER Z +FF3B;FF3B;FF3B;005B;005B; # (ï¼»; ï¼»; ï¼»; [; [; ) FULLWIDTH LEFT SQUARE BRACKET +FF3C;FF3C;FF3C;005C;005C; # (ï¼¼; ï¼¼; ï¼¼; \; \; ) FULLWIDTH REVERSE SOLIDUS +FF3D;FF3D;FF3D;005D;005D; # (ï¼½; ï¼½; ï¼½; ]; ]; ) FULLWIDTH RIGHT SQUARE BRACKET +FF3E;FF3E;FF3E;005E;005E; # (ï¼¾; ï¼¾; ï¼¾; ^; ^; ) FULLWIDTH CIRCUMFLEX ACCENT +FF3F;FF3F;FF3F;005F;005F; # (_; _; _; _; _; ) FULLWIDTH LOW LINE +FF40;FF40;FF40;0060;0060; # (ï½€; ï½€; ï½€; `; `; ) FULLWIDTH GRAVE ACCENT +FF41;FF41;FF41;0061;0061; # (ï½; ï½; ï½; a; a; ) FULLWIDTH LATIN SMALL LETTER A +FF42;FF42;FF42;0062;0062; # (b; b; b; b; b; ) FULLWIDTH LATIN SMALL LETTER B +FF43;FF43;FF43;0063;0063; # (c; c; c; c; c; ) FULLWIDTH LATIN SMALL LETTER C +FF44;FF44;FF44;0064;0064; # (d; d; d; d; d; ) FULLWIDTH LATIN SMALL LETTER D +FF45;FF45;FF45;0065;0065; # (ï½…; ï½…; ï½…; e; e; ) FULLWIDTH LATIN SMALL LETTER E +FF46;FF46;FF46;0066;0066; # (f; f; f; f; f; ) FULLWIDTH LATIN SMALL LETTER F +FF47;FF47;FF47;0067;0067; # (g; g; g; g; g; ) FULLWIDTH LATIN SMALL LETTER G +FF48;FF48;FF48;0068;0068; # (h; h; h; h; h; ) FULLWIDTH LATIN SMALL LETTER H +FF49;FF49;FF49;0069;0069; # (i; i; i; i; i; ) FULLWIDTH LATIN SMALL LETTER I +FF4A;FF4A;FF4A;006A;006A; # (j; j; j; j; j; ) FULLWIDTH LATIN SMALL LETTER J +FF4B;FF4B;FF4B;006B;006B; # (k; k; k; k; k; ) FULLWIDTH LATIN SMALL LETTER K +FF4C;FF4C;FF4C;006C;006C; # (l; l; l; l; l; ) FULLWIDTH LATIN SMALL LETTER L +FF4D;FF4D;FF4D;006D;006D; # (ï½; ï½; ï½; m; m; ) FULLWIDTH LATIN SMALL LETTER M +FF4E;FF4E;FF4E;006E;006E; # (n; n; n; n; n; ) FULLWIDTH LATIN SMALL LETTER N +FF4F;FF4F;FF4F;006F;006F; # (ï½; ï½; ï½; o; o; ) FULLWIDTH LATIN SMALL LETTER O +FF50;FF50;FF50;0070;0070; # (ï½; ï½; ï½; p; p; ) FULLWIDTH LATIN SMALL LETTER P +FF51;FF51;FF51;0071;0071; # (q; q; q; q; q; ) FULLWIDTH LATIN SMALL LETTER Q +FF52;FF52;FF52;0072;0072; # (ï½’; ï½’; ï½’; r; r; ) FULLWIDTH LATIN SMALL LETTER R +FF53;FF53;FF53;0073;0073; # (s; s; s; s; s; ) FULLWIDTH LATIN SMALL LETTER S +FF54;FF54;FF54;0074;0074; # (ï½”; ï½”; ï½”; t; t; ) FULLWIDTH LATIN SMALL LETTER T +FF55;FF55;FF55;0075;0075; # (u; u; u; u; u; ) FULLWIDTH LATIN SMALL LETTER U +FF56;FF56;FF56;0076;0076; # (ï½–; ï½–; ï½–; v; v; ) FULLWIDTH LATIN SMALL LETTER V +FF57;FF57;FF57;0077;0077; # (ï½—; ï½—; ï½—; w; w; ) FULLWIDTH LATIN SMALL LETTER W +FF58;FF58;FF58;0078;0078; # (x; x; x; x; x; ) FULLWIDTH LATIN SMALL LETTER X +FF59;FF59;FF59;0079;0079; # (ï½™; ï½™; ï½™; y; y; ) FULLWIDTH LATIN SMALL LETTER Y +FF5A;FF5A;FF5A;007A;007A; # (z; z; z; z; z; ) FULLWIDTH LATIN SMALL LETTER Z +FF5B;FF5B;FF5B;007B;007B; # (ï½›; ï½›; ï½›; {; {; ) FULLWIDTH LEFT CURLY BRACKET +FF5C;FF5C;FF5C;007C;007C; # (|; |; |; |; |; ) FULLWIDTH VERTICAL LINE +FF5D;FF5D;FF5D;007D;007D; # (ï½; ï½; ï½; }; }; ) FULLWIDTH RIGHT CURLY BRACKET +FF5E;FF5E;FF5E;007E;007E; # (~; ~; ~; ~; ~; ) FULLWIDTH TILDE +FF5F;FF5F;FF5F;2985;2985; # (⦅; ⦅; ⦅; ⦅; ⦅; ) FULLWIDTH LEFT WHITE PARENTHESIS +FF60;FF60;FF60;2986;2986; # (ï½ ; ï½ ; ï½ ; ⦆; ⦆; ) FULLWIDTH RIGHT WHITE PARENTHESIS +FF61;FF61;FF61;3002;3002; # (。; 。; 。; 。; 。; ) HALFWIDTH IDEOGRAPHIC FULL STOP +FF62;FF62;FF62;300C;300C; # (ï½¢; ï½¢; ï½¢; 「; 「; ) HALFWIDTH LEFT CORNER BRACKET +FF63;FF63;FF63;300D;300D; # (ï½£; ï½£; ï½£; ã€; ã€; ) HALFWIDTH RIGHT CORNER BRACKET +FF64;FF64;FF64;3001;3001; # (、; 、; 、; ã€; ã€; ) HALFWIDTH IDEOGRAPHIC COMMA +FF65;FF65;FF65;30FB;30FB; # (ï½¥; ï½¥; ï½¥; ・; ・; ) HALFWIDTH KATAKANA MIDDLE DOT +FF66;FF66;FF66;30F2;30F2; # (ヲ; ヲ; ヲ; ヲ; ヲ; ) HALFWIDTH KATAKANA LETTER WO +FF67;FF67;FF67;30A1;30A1; # (ァ; ァ; ァ; ã‚¡; ã‚¡; ) HALFWIDTH KATAKANA LETTER SMALL A +FF68;FF68;FF68;30A3;30A3; # (ィ; ィ; ィ; ã‚£; ã‚£; ) HALFWIDTH KATAKANA LETTER SMALL I +FF69;FF69;FF69;30A5;30A5; # (ゥ; ゥ; ゥ; ã‚¥; ã‚¥; ) HALFWIDTH KATAKANA LETTER SMALL U +FF6A;FF6A;FF6A;30A7;30A7; # (ェ; ェ; ェ; ェ; ェ; ) HALFWIDTH KATAKANA LETTER SMALL E +FF6B;FF6B;FF6B;30A9;30A9; # (ォ; ォ; ォ; ã‚©; ã‚©; ) HALFWIDTH KATAKANA LETTER SMALL O +FF6C;FF6C;FF6C;30E3;30E3; # (ャ; ャ; ャ; ャ; ャ; ) HALFWIDTH KATAKANA LETTER SMALL YA +FF6D;FF6D;FF6D;30E5;30E5; # (ï½­; ï½­; ï½­; ュ; ュ; ) HALFWIDTH KATAKANA LETTER SMALL YU +FF6E;FF6E;FF6E;30E7;30E7; # (ï½®; ï½®; ï½®; ョ; ョ; ) HALFWIDTH KATAKANA LETTER SMALL YO +FF6F;FF6F;FF6F;30C3;30C3; # (ッ; ッ; ッ; ッ; ッ; ) HALFWIDTH KATAKANA LETTER SMALL TU +FF70;FF70;FF70;30FC;30FC; # (ï½°; ï½°; ï½°; ー; ー; ) HALFWIDTH KATAKANA-HIRAGANA PROLONGED SOUND MARK +FF71;FF71;FF71;30A2;30A2; # (ï½±; ï½±; ï½±; ã‚¢; ã‚¢; ) HALFWIDTH KATAKANA LETTER A +FF72;FF72;FF72;30A4;30A4; # (ï½²; ï½²; ï½²; イ; イ; ) HALFWIDTH KATAKANA LETTER I +FF73;FF73;FF73;30A6;30A6; # (ï½³; ï½³; ï½³; ウ; ウ; ) HALFWIDTH KATAKANA LETTER U +FF74;FF74;FF74;30A8;30A8; # (ï½´; ï½´; ï½´; エ; エ; ) HALFWIDTH KATAKANA LETTER E +FF75;FF75;FF75;30AA;30AA; # (ï½µ; ï½µ; ï½µ; オ; オ; ) HALFWIDTH KATAKANA LETTER O +FF76;FF76;FF76;30AB;30AB; # (カ; カ; カ; ã‚«; ã‚«; ) HALFWIDTH KATAKANA LETTER KA +FF77;FF77;FF77;30AD;30AD; # (ï½·; ï½·; ï½·; ã‚­; ã‚­; ) HALFWIDTH KATAKANA LETTER KI +FF78;FF78;FF78;30AF;30AF; # (ク; ク; ク; ク; ク; ) HALFWIDTH KATAKANA LETTER KU +FF79;FF79;FF79;30B1;30B1; # (ï½¹; ï½¹; ï½¹; ケ; ケ; ) HALFWIDTH KATAKANA LETTER KE +FF7A;FF7A;FF7A;30B3;30B3; # (コ; コ; コ; コ; コ; ) HALFWIDTH KATAKANA LETTER KO +FF7B;FF7B;FF7B;30B5;30B5; # (ï½»; ï½»; ï½»; サ; サ; ) HALFWIDTH KATAKANA LETTER SA +FF7C;FF7C;FF7C;30B7;30B7; # (ï½¼; ï½¼; ï½¼; ã‚·; ã‚·; ) HALFWIDTH KATAKANA LETTER SI +FF7D;FF7D;FF7D;30B9;30B9; # (ï½½; ï½½; ï½½; ス; ス; ) HALFWIDTH KATAKANA LETTER SU +FF7E;FF7E;FF7E;30BB;30BB; # (ï½¾; ï½¾; ï½¾; ã‚»; ã‚»; ) HALFWIDTH KATAKANA LETTER SE +FF7F;FF7F;FF7F;30BD;30BD; # (ソ; ソ; ソ; ソ; ソ; ) HALFWIDTH KATAKANA LETTER SO +FF80;FF80;FF80;30BF;30BF; # (ï¾€; ï¾€; ï¾€; ã‚¿; ã‚¿; ) HALFWIDTH KATAKANA LETTER TA +FF81;FF81;FF81;30C1;30C1; # (ï¾; ï¾; ï¾; ãƒ; ãƒ; ) HALFWIDTH KATAKANA LETTER TI +FF82;FF82;FF82;30C4;30C4; # (ツ; ツ; ツ; ツ; ツ; ) HALFWIDTH KATAKANA LETTER TU +FF83;FF83;FF83;30C6;30C6; # (テ; テ; テ; テ; テ; ) HALFWIDTH KATAKANA LETTER TE +FF84;FF84;FF84;30C8;30C8; # (ト; ト; ト; ト; ト; ) HALFWIDTH KATAKANA LETTER TO +FF85;FF85;FF85;30CA;30CA; # (ï¾…; ï¾…; ï¾…; ナ; ナ; ) HALFWIDTH KATAKANA LETTER NA +FF86;FF86;FF86;30CB;30CB; # (ニ; ニ; ニ; ニ; ニ; ) HALFWIDTH KATAKANA LETTER NI +FF87;FF87;FF87;30CC;30CC; # (ヌ; ヌ; ヌ; ヌ; ヌ; ) HALFWIDTH KATAKANA LETTER NU +FF88;FF88;FF88;30CD;30CD; # (ネ; ネ; ネ; ãƒ; ãƒ; ) HALFWIDTH KATAKANA LETTER NE +FF89;FF89;FF89;30CE;30CE; # (ノ; ノ; ノ; ノ; ノ; ) HALFWIDTH KATAKANA LETTER NO +FF8A;FF8A;FF8A;30CF;30CF; # (ハ; ハ; ハ; ãƒ; ãƒ; ) HALFWIDTH KATAKANA LETTER HA +FF8B;FF8B;FF8B;30D2;30D2; # (ヒ; ヒ; ヒ; ヒ; ヒ; ) HALFWIDTH KATAKANA LETTER HI +FF8C;FF8C;FF8C;30D5;30D5; # (フ; フ; フ; フ; フ; ) HALFWIDTH KATAKANA LETTER HU +FF8D;FF8D;FF8D;30D8;30D8; # (ï¾; ï¾; ï¾; ヘ; ヘ; ) HALFWIDTH KATAKANA LETTER HE +FF8E;FF8E;FF8E;30DB;30DB; # (ホ; ホ; ホ; ホ; ホ; ) HALFWIDTH KATAKANA LETTER HO +FF8F;FF8F;FF8F;30DE;30DE; # (ï¾; ï¾; ï¾; マ; マ; ) HALFWIDTH KATAKANA LETTER MA +FF90;FF90;FF90;30DF;30DF; # (ï¾; ï¾; ï¾; ミ; ミ; ) HALFWIDTH KATAKANA LETTER MI +FF91;FF91;FF91;30E0;30E0; # (ム; ム; ム; ム; ム; ) HALFWIDTH KATAKANA LETTER MU +FF92;FF92;FF92;30E1;30E1; # (ï¾’; ï¾’; ï¾’; メ; メ; ) HALFWIDTH KATAKANA LETTER ME +FF93;FF93;FF93;30E2;30E2; # (モ; モ; モ; モ; モ; ) HALFWIDTH KATAKANA LETTER MO +FF94;FF94;FF94;30E4;30E4; # (ï¾”; ï¾”; ï¾”; ヤ; ヤ; ) HALFWIDTH KATAKANA LETTER YA +FF95;FF95;FF95;30E6;30E6; # (ユ; ユ; ユ; ユ; ユ; ) HALFWIDTH KATAKANA LETTER YU +FF96;FF96;FF96;30E8;30E8; # (ï¾–; ï¾–; ï¾–; ヨ; ヨ; ) HALFWIDTH KATAKANA LETTER YO +FF97;FF97;FF97;30E9;30E9; # (ï¾—; ï¾—; ï¾—; ラ; ラ; ) HALFWIDTH KATAKANA LETTER RA +FF98;FF98;FF98;30EA;30EA; # (リ; リ; リ; リ; リ; ) HALFWIDTH KATAKANA LETTER RI +FF99;FF99;FF99;30EB;30EB; # (ï¾™; ï¾™; ï¾™; ル; ル; ) HALFWIDTH KATAKANA LETTER RU +FF9A;FF9A;FF9A;30EC;30EC; # (レ; レ; レ; レ; レ; ) HALFWIDTH KATAKANA LETTER RE +FF9B;FF9B;FF9B;30ED;30ED; # (ï¾›; ï¾›; ï¾›; ロ; ロ; ) HALFWIDTH KATAKANA LETTER RO +FF9C;FF9C;FF9C;30EF;30EF; # (ワ; ワ; ワ; ワ; ワ; ) HALFWIDTH KATAKANA LETTER WA +FF9D;FF9D;FF9D;30F3;30F3; # (ï¾; ï¾; ï¾; ン; ン; ) HALFWIDTH KATAKANA LETTER N +FF9E;FF9E;FF9E;3099;3099; # (゙; ゙; ゙; ◌゙; ◌゙; ) HALFWIDTH KATAKANA VOICED SOUND MARK +FF9F;FF9F;FF9F;309A;309A; # (゚; ゚; ゚; ◌゚; ◌゚; ) HALFWIDTH KATAKANA SEMI-VOICED SOUND MARK +FFA0;FFA0;FFA0;1160;1160; # (ï¾ ; ï¾ ; ï¾ ; á… ; á… ; ) HALFWIDTH HANGUL FILLER +FFA1;FFA1;FFA1;1100;1100; # (ᄀ; ᄀ; ᄀ; á„€; á„€; ) HALFWIDTH HANGUL LETTER KIYEOK +FFA2;FFA2;FFA2;1101;1101; # (ï¾¢; ï¾¢; ï¾¢; á„; á„; ) HALFWIDTH HANGUL LETTER SSANGKIYEOK +FFA3;FFA3;FFA3;11AA;11AA; # (ï¾£; ï¾£; ï¾£; ᆪ; ᆪ; ) HALFWIDTH HANGUL LETTER KIYEOK-SIOS +FFA4;FFA4;FFA4;1102;1102; # (ᄂ; ᄂ; ᄂ; á„‚; á„‚; ) HALFWIDTH HANGUL LETTER NIEUN +FFA5;FFA5;FFA5;11AC;11AC; # (ï¾¥; ï¾¥; ï¾¥; ᆬ; ᆬ; ) HALFWIDTH HANGUL LETTER NIEUN-CIEUC +FFA6;FFA6;FFA6;11AD;11AD; # (ᆭ; ᆭ; ᆭ; ᆭ; ᆭ; ) HALFWIDTH HANGUL LETTER NIEUN-HIEUH +FFA7;FFA7;FFA7;1103;1103; # (ᄃ; ᄃ; ᄃ; ᄃ; ᄃ; ) HALFWIDTH HANGUL LETTER TIKEUT +FFA8;FFA8;FFA8;1104;1104; # (ᄄ; ᄄ; ᄄ; á„„; á„„; ) HALFWIDTH HANGUL LETTER SSANGTIKEUT +FFA9;FFA9;FFA9;1105;1105; # (ᄅ; ᄅ; ᄅ; á„…; á„…; ) HALFWIDTH HANGUL LETTER RIEUL +FFAA;FFAA;FFAA;11B0;11B0; # (ᆰ; ᆰ; ᆰ; ᆰ; ᆰ; ) HALFWIDTH HANGUL LETTER RIEUL-KIYEOK +FFAB;FFAB;FFAB;11B1;11B1; # (ᆱ; ᆱ; ᆱ; ᆱ; ᆱ; ) HALFWIDTH HANGUL LETTER RIEUL-MIEUM +FFAC;FFAC;FFAC;11B2;11B2; # (ᆲ; ᆲ; ᆲ; ᆲ; ᆲ; ) HALFWIDTH HANGUL LETTER RIEUL-PIEUP +FFAD;FFAD;FFAD;11B3;11B3; # (ï¾­; ï¾­; ï¾­; ᆳ; ᆳ; ) HALFWIDTH HANGUL LETTER RIEUL-SIOS +FFAE;FFAE;FFAE;11B4;11B4; # (ï¾®; ï¾®; ï¾®; ᆴ; ᆴ; ) HALFWIDTH HANGUL LETTER RIEUL-THIEUTH +FFAF;FFAF;FFAF;11B5;11B5; # (ᆵ; ᆵ; ᆵ; ᆵ; ᆵ; ) HALFWIDTH HANGUL LETTER RIEUL-PHIEUPH +FFB0;FFB0;FFB0;111A;111A; # (ï¾°; ï¾°; ï¾°; á„š; á„š; ) HALFWIDTH HANGUL LETTER RIEUL-HIEUH +FFB1;FFB1;FFB1;1106;1106; # (ï¾±; ï¾±; ï¾±; ᄆ; ᄆ; ) HALFWIDTH HANGUL LETTER MIEUM +FFB2;FFB2;FFB2;1107;1107; # (ï¾²; ï¾²; ï¾²; ᄇ; ᄇ; ) HALFWIDTH HANGUL LETTER PIEUP +FFB3;FFB3;FFB3;1108;1108; # (ï¾³; ï¾³; ï¾³; ᄈ; ᄈ; ) HALFWIDTH HANGUL LETTER SSANGPIEUP +FFB4;FFB4;FFB4;1121;1121; # (ï¾´; ï¾´; ï¾´; á„¡; á„¡; ) HALFWIDTH HANGUL LETTER PIEUP-SIOS +FFB5;FFB5;FFB5;1109;1109; # (ï¾µ; ï¾µ; ï¾µ; ᄉ; ᄉ; ) HALFWIDTH HANGUL LETTER SIOS +FFB6;FFB6;FFB6;110A;110A; # (ᄊ; ᄊ; ᄊ; á„Š; á„Š; ) HALFWIDTH HANGUL LETTER SSANGSIOS +FFB7;FFB7;FFB7;110B;110B; # (ï¾·; ï¾·; ï¾·; á„‹; á„‹; ) HALFWIDTH HANGUL LETTER IEUNG +FFB8;FFB8;FFB8;110C;110C; # (ᄌ; ᄌ; ᄌ; á„Œ; á„Œ; ) HALFWIDTH HANGUL LETTER CIEUC +FFB9;FFB9;FFB9;110D;110D; # (ï¾¹; ï¾¹; ï¾¹; á„; á„; ) HALFWIDTH HANGUL LETTER SSANGCIEUC +FFBA;FFBA;FFBA;110E;110E; # (ᄎ; ᄎ; ᄎ; á„Ž; á„Ž; ) HALFWIDTH HANGUL LETTER CHIEUCH +FFBB;FFBB;FFBB;110F;110F; # (ï¾»; ï¾»; ï¾»; á„; á„; ) HALFWIDTH HANGUL LETTER KHIEUKH +FFBC;FFBC;FFBC;1110;1110; # (ï¾¼; ï¾¼; ï¾¼; á„; á„; ) HALFWIDTH HANGUL LETTER THIEUTH +FFBD;FFBD;FFBD;1111;1111; # (ï¾½; ï¾½; ï¾½; á„‘; á„‘; ) HALFWIDTH HANGUL LETTER PHIEUPH +FFBE;FFBE;FFBE;1112;1112; # (ï¾¾; ï¾¾; ï¾¾; á„’; á„’; ) HALFWIDTH HANGUL LETTER HIEUH +FFC2;FFC2;FFC2;1161;1161; # (ï¿‚; ï¿‚; ï¿‚; á…¡; á…¡; ) HALFWIDTH HANGUL LETTER A +FFC3;FFC3;FFC3;1162;1162; # (ᅢ; ᅢ; ᅢ; á…¢; á…¢; ) HALFWIDTH HANGUL LETTER AE +FFC4;FFC4;FFC4;1163;1163; # (ï¿„; ï¿„; ï¿„; á…£; á…£; ) HALFWIDTH HANGUL LETTER YA +FFC5;FFC5;FFC5;1164;1164; # (ï¿…; ï¿…; ï¿…; á…¤; á…¤; ) HALFWIDTH HANGUL LETTER YAE +FFC6;FFC6;FFC6;1165;1165; # (ᅥ; ᅥ; ᅥ; á…¥; á…¥; ) HALFWIDTH HANGUL LETTER EO +FFC7;FFC7;FFC7;1166;1166; # (ᅦ; ᅦ; ᅦ; á…¦; á…¦; ) HALFWIDTH HANGUL LETTER E +FFCA;FFCA;FFCA;1167;1167; # (ï¿Š; ï¿Š; ï¿Š; á…§; á…§; ) HALFWIDTH HANGUL LETTER YEO +FFCB;FFCB;FFCB;1168;1168; # (ï¿‹; ï¿‹; ï¿‹; á…¨; á…¨; ) HALFWIDTH HANGUL LETTER YE +FFCC;FFCC;FFCC;1169;1169; # (ï¿Œ; ï¿Œ; ï¿Œ; á…©; á…©; ) HALFWIDTH HANGUL LETTER O +FFCD;FFCD;FFCD;116A;116A; # (ï¿; ï¿; ï¿; á…ª; á…ª; ) HALFWIDTH HANGUL LETTER WA +FFCE;FFCE;FFCE;116B;116B; # (ï¿Ž; ï¿Ž; ï¿Ž; á…«; á…«; ) HALFWIDTH HANGUL LETTER WAE +FFCF;FFCF;FFCF;116C;116C; # (ï¿; ï¿; ï¿; á…¬; á…¬; ) HALFWIDTH HANGUL LETTER OE +FFD2;FFD2;FFD2;116D;116D; # (ï¿’; ï¿’; ï¿’; á…­; á…­; ) HALFWIDTH HANGUL LETTER YO +FFD3;FFD3;FFD3;116E;116E; # (ï¿“; ï¿“; ï¿“; á…®; á…®; ) HALFWIDTH HANGUL LETTER U +FFD4;FFD4;FFD4;116F;116F; # (ï¿”; ï¿”; ï¿”; á…¯; á…¯; ) HALFWIDTH HANGUL LETTER WEO +FFD5;FFD5;FFD5;1170;1170; # (ï¿•; ï¿•; ï¿•; á…°; á…°; ) HALFWIDTH HANGUL LETTER WE +FFD6;FFD6;FFD6;1171;1171; # (ï¿–; ï¿–; ï¿–; á…±; á…±; ) HALFWIDTH HANGUL LETTER WI +FFD7;FFD7;FFD7;1172;1172; # (ï¿—; ï¿—; ï¿—; á…²; á…²; ) HALFWIDTH HANGUL LETTER YU +FFDA;FFDA;FFDA;1173;1173; # (ï¿š; ï¿š; ï¿š; á…³; á…³; ) HALFWIDTH HANGUL LETTER EU +FFDB;FFDB;FFDB;1174;1174; # (ï¿›; ï¿›; ï¿›; á…´; á…´; ) HALFWIDTH HANGUL LETTER YI +FFDC;FFDC;FFDC;1175;1175; # (ï¿œ; ï¿œ; ï¿œ; á…µ; á…µ; ) HALFWIDTH HANGUL LETTER I +FFE0;FFE0;FFE0;00A2;00A2; # (ï¿ ; ï¿ ; ï¿ ; ¢; ¢; ) FULLWIDTH CENT SIGN +FFE1;FFE1;FFE1;00A3;00A3; # (ï¿¡; ï¿¡; ï¿¡; £; £; ) FULLWIDTH POUND SIGN +FFE2;FFE2;FFE2;00AC;00AC; # (ï¿¢; ï¿¢; ï¿¢; ¬; ¬; ) FULLWIDTH NOT SIGN +FFE3;FFE3;FFE3;0020 0304;0020 0304; # (ï¿£; ï¿£; ï¿£; ◌̄; ◌̄; ) FULLWIDTH MACRON +FFE4;FFE4;FFE4;00A6;00A6; # (¦; ¦; ¦; ¦; ¦; ) FULLWIDTH BROKEN BAR +FFE5;FFE5;FFE5;00A5;00A5; # (ï¿¥; ï¿¥; ï¿¥; Â¥; Â¥; ) FULLWIDTH YEN SIGN +FFE6;FFE6;FFE6;20A9;20A9; # (₩; ₩; ₩; â‚©; â‚©; ) FULLWIDTH WON SIGN +FFE8;FFE8;FFE8;2502;2502; # (│; │; │; │; │; ) HALFWIDTH FORMS LIGHT VERTICAL +FFE9;FFE9;FFE9;2190;2190; # (ï¿©; ï¿©; ï¿©; â†; â†; ) HALFWIDTH LEFTWARDS ARROW +FFEA;FFEA;FFEA;2191;2191; # (↑; ↑; ↑; ↑; ↑; ) HALFWIDTH UPWARDS ARROW +FFEB;FFEB;FFEB;2192;2192; # (ï¿«; ï¿«; ï¿«; →; →; ) HALFWIDTH RIGHTWARDS ARROW +FFEC;FFEC;FFEC;2193;2193; # (↓; ↓; ↓; ↓; ↓; ) HALFWIDTH DOWNWARDS ARROW +FFED;FFED;FFED;25A0;25A0; # (ï¿­; ï¿­; ï¿­; â– ; â– ; ) HALFWIDTH BLACK SQUARE +FFEE;FFEE;FFEE;25CB;25CB; # (ï¿®; ï¿®; ï¿®; â—‹; â—‹; ) HALFWIDTH WHITE CIRCLE +1D15E;1D157 1D165;1D157 1D165;1D157 1D165;1D157 1D165; # (ð…žð…ž; ð…—ð…—ð…¥ð…¥; ð…—ð…—ð…¥ð…¥; ð…—ð…—ð…¥ð…¥; ð…—ð…—ð…¥ð…¥; ) MUSICAL SYMBOL HALF NOTE +1D15F;1D158 1D165;1D158 1D165;1D158 1D165;1D158 1D165; # (ð…Ÿð…Ÿ; ð…˜ð…˜ð…¥ð…¥; ð…˜ð…˜ð…¥ð…¥; ð…˜ð…˜ð…¥ð…¥; ð…˜ð…˜ð…¥ð…¥; ) MUSICAL SYMBOL QUARTER NOTE +1D160;1D158 1D165 1D16E;1D158 1D165 1D16E;1D158 1D165 1D16E;1D158 1D165 1D16E; # (ð… ð… ; ð…˜ð…˜ð…¥ð…¥ð…®ð…®; ð…˜ð…˜ð…¥ð…¥ð…®ð…®; ð…˜ð…˜ð…¥ð…¥ð…®ð…®; ð…˜ð…˜ð…¥ð…¥ð…®ð…®; ) MUSICAL SYMBOL EIGHTH NOTE +1D161;1D158 1D165 1D16F;1D158 1D165 1D16F;1D158 1D165 1D16F;1D158 1D165 1D16F; # (ð…¡ð…¡; ð…˜ð…˜ð…¥ð…¥ð…¯ð…¯; ð…˜ð…˜ð…¥ð…¥ð…¯ð…¯; ð…˜ð…˜ð…¥ð…¥ð…¯ð…¯; ð…˜ð…˜ð…¥ð…¥ð…¯ð…¯; ) MUSICAL SYMBOL SIXTEENTH NOTE +1D162;1D158 1D165 1D170;1D158 1D165 1D170;1D158 1D165 1D170;1D158 1D165 1D170; # (ð…¢ð…¢; ð…˜ð…˜ð…¥ð…¥ð…°ð…°; ð…˜ð…˜ð…¥ð…¥ð…°ð…°; ð…˜ð…˜ð…¥ð…¥ð…°ð…°; ð…˜ð…˜ð…¥ð…¥ð…°ð…°; ) MUSICAL SYMBOL THIRTY-SECOND NOTE +1D163;1D158 1D165 1D171;1D158 1D165 1D171;1D158 1D165 1D171;1D158 1D165 1D171; # (ð…£ð…£; ð…˜ð…˜ð…¥ð…¥ð…±ð…±; ð…˜ð…˜ð…¥ð…¥ð…±ð…±; ð…˜ð…˜ð…¥ð…¥ð…±ð…±; ð…˜ð…˜ð…¥ð…¥ð…±ð…±; ) MUSICAL SYMBOL SIXTY-FOURTH NOTE +1D164;1D158 1D165 1D172;1D158 1D165 1D172;1D158 1D165 1D172;1D158 1D165 1D172; # (ð…¤ð…¤; ð…˜ð…˜ð…¥ð…¥ð…²ð…²; ð…˜ð…˜ð…¥ð…¥ð…²ð…²; ð…˜ð…˜ð…¥ð…¥ð…²ð…²; ð…˜ð…˜ð…¥ð…¥ð…²ð…²; ) MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE +1D1BB;1D1B9 1D165;1D1B9 1D165;1D1B9 1D165;1D1B9 1D165; # (ð†»ð†»; ð†¹ð†¹ð…¥ð…¥; ð†¹ð†¹ð…¥ð…¥; ð†¹ð†¹ð…¥ð…¥; ð†¹ð†¹ð…¥ð…¥; ) MUSICAL SYMBOL MINIMA +1D1BC;1D1BA 1D165;1D1BA 1D165;1D1BA 1D165;1D1BA 1D165; # (ð†¼ð†¼; ð†ºð†ºð…¥ð…¥; ð†ºð†ºð…¥ð…¥; ð†ºð†ºð…¥ð…¥; ð†ºð†ºð…¥ð…¥; ) MUSICAL SYMBOL MINIMA BLACK +1D1BD;1D1B9 1D165 1D16E;1D1B9 1D165 1D16E;1D1B9 1D165 1D16E;1D1B9 1D165 1D16E; # (ð†½ð†½; ð†¹ð†¹ð…¥ð…¥ð…®ð…®; ð†¹ð†¹ð…¥ð…¥ð…®ð…®; ð†¹ð†¹ð…¥ð…¥ð…®ð…®; ð†¹ð†¹ð…¥ð…¥ð…®ð…®; ) MUSICAL SYMBOL SEMIMINIMA WHITE +1D1BE;1D1BA 1D165 1D16E;1D1BA 1D165 1D16E;1D1BA 1D165 1D16E;1D1BA 1D165 1D16E; # (ð†¾ð†¾; ð†ºð†ºð…¥ð…¥ð…®ð…®; ð†ºð†ºð…¥ð…¥ð…®ð…®; ð†ºð†ºð…¥ð…¥ð…®ð…®; ð†ºð†ºð…¥ð…¥ð…®ð…®; ) MUSICAL SYMBOL SEMIMINIMA BLACK +1D1BF;1D1B9 1D165 1D16F;1D1B9 1D165 1D16F;1D1B9 1D165 1D16F;1D1B9 1D165 1D16F; # (ð†¿ð†¿; ð†¹ð†¹ð…¥ð…¥ð…¯ð…¯; ð†¹ð†¹ð…¥ð…¥ð…¯ð…¯; ð†¹ð†¹ð…¥ð…¥ð…¯ð…¯; ð†¹ð†¹ð…¥ð…¥ð…¯ð…¯; ) MUSICAL SYMBOL FUSA WHITE +1D1C0;1D1BA 1D165 1D16F;1D1BA 1D165 1D16F;1D1BA 1D165 1D16F;1D1BA 1D165 1D16F; # (ð‡€ð‡€; ð†ºð†ºð…¥ð…¥ð…¯ð…¯; ð†ºð†ºð…¥ð…¥ð…¯ð…¯; ð†ºð†ºð…¥ð…¥ð…¯ð…¯; ð†ºð†ºð…¥ð…¥ð…¯ð…¯; ) MUSICAL SYMBOL FUSA BLACK +1D400;1D400;1D400;0041;0041; # (ð€ð€; ð€ð€; ð€ð€; A; A; ) MATHEMATICAL BOLD CAPITAL A +1D401;1D401;1D401;0042;0042; # (ðð; ðð; ðð; B; B; ) MATHEMATICAL BOLD CAPITAL B +1D402;1D402;1D402;0043;0043; # (ð‚ð‚; ð‚ð‚; ð‚ð‚; C; C; ) MATHEMATICAL BOLD CAPITAL C +1D403;1D403;1D403;0044;0044; # (ðƒðƒ; ðƒðƒ; ðƒðƒ; D; D; ) MATHEMATICAL BOLD CAPITAL D +1D404;1D404;1D404;0045;0045; # (ð„ð„; ð„ð„; ð„ð„; E; E; ) MATHEMATICAL BOLD CAPITAL E +1D405;1D405;1D405;0046;0046; # (ð…ð…; ð…ð…; ð…ð…; F; F; ) MATHEMATICAL BOLD CAPITAL F +1D406;1D406;1D406;0047;0047; # (ð†ð†; ð†ð†; ð†ð†; G; G; ) MATHEMATICAL BOLD CAPITAL G +1D407;1D407;1D407;0048;0048; # (ð‡ð‡; ð‡ð‡; ð‡ð‡; H; H; ) MATHEMATICAL BOLD CAPITAL H +1D408;1D408;1D408;0049;0049; # (ðˆðˆ; ðˆðˆ; ðˆðˆ; I; I; ) MATHEMATICAL BOLD CAPITAL I +1D409;1D409;1D409;004A;004A; # (ð‰ð‰; ð‰ð‰; ð‰ð‰; J; J; ) MATHEMATICAL BOLD CAPITAL J +1D40A;1D40A;1D40A;004B;004B; # (ðŠðŠ; ðŠðŠ; ðŠðŠ; K; K; ) MATHEMATICAL BOLD CAPITAL K +1D40B;1D40B;1D40B;004C;004C; # (ð‹ð‹; ð‹ð‹; ð‹ð‹; L; L; ) MATHEMATICAL BOLD CAPITAL L +1D40C;1D40C;1D40C;004D;004D; # (ðŒðŒ; ðŒðŒ; ðŒðŒ; M; M; ) MATHEMATICAL BOLD CAPITAL M +1D40D;1D40D;1D40D;004E;004E; # (ðð; ðð; ðð; N; N; ) MATHEMATICAL BOLD CAPITAL N +1D40E;1D40E;1D40E;004F;004F; # (ðŽðŽ; ðŽðŽ; ðŽðŽ; O; O; ) MATHEMATICAL BOLD CAPITAL O +1D40F;1D40F;1D40F;0050;0050; # (ðð; ðð; ðð; P; P; ) MATHEMATICAL BOLD CAPITAL P +1D410;1D410;1D410;0051;0051; # (ðð; ðð; ðð; Q; Q; ) MATHEMATICAL BOLD CAPITAL Q +1D411;1D411;1D411;0052;0052; # (ð‘ð‘; ð‘ð‘; ð‘ð‘; R; R; ) MATHEMATICAL BOLD CAPITAL R +1D412;1D412;1D412;0053;0053; # (ð’ð’; ð’ð’; ð’ð’; S; S; ) MATHEMATICAL BOLD CAPITAL S +1D413;1D413;1D413;0054;0054; # (ð“ð“; ð“ð“; ð“ð“; T; T; ) MATHEMATICAL BOLD CAPITAL T +1D414;1D414;1D414;0055;0055; # (ð”ð”; ð”ð”; ð”ð”; U; U; ) MATHEMATICAL BOLD CAPITAL U +1D415;1D415;1D415;0056;0056; # (ð•ð•; ð•ð•; ð•ð•; V; V; ) MATHEMATICAL BOLD CAPITAL V +1D416;1D416;1D416;0057;0057; # (ð–ð–; ð–ð–; ð–ð–; W; W; ) MATHEMATICAL BOLD CAPITAL W +1D417;1D417;1D417;0058;0058; # (ð—ð—; ð—ð—; ð—ð—; X; X; ) MATHEMATICAL BOLD CAPITAL X +1D418;1D418;1D418;0059;0059; # (ð˜ð˜; ð˜ð˜; ð˜ð˜; Y; Y; ) MATHEMATICAL BOLD CAPITAL Y +1D419;1D419;1D419;005A;005A; # (ð™ð™; ð™ð™; ð™ð™; Z; Z; ) MATHEMATICAL BOLD CAPITAL Z +1D41A;1D41A;1D41A;0061;0061; # (ðšðš; ðšðš; ðšðš; a; a; ) MATHEMATICAL BOLD SMALL A +1D41B;1D41B;1D41B;0062;0062; # (ð›ð›; ð›ð›; ð›ð›; b; b; ) MATHEMATICAL BOLD SMALL B +1D41C;1D41C;1D41C;0063;0063; # (ðœðœ; ðœðœ; ðœðœ; c; c; ) MATHEMATICAL BOLD SMALL C +1D41D;1D41D;1D41D;0064;0064; # (ðð; ðð; ðð; d; d; ) MATHEMATICAL BOLD SMALL D +1D41E;1D41E;1D41E;0065;0065; # (ðžðž; ðžðž; ðžðž; e; e; ) MATHEMATICAL BOLD SMALL E +1D41F;1D41F;1D41F;0066;0066; # (ðŸðŸ; ðŸðŸ; ðŸðŸ; f; f; ) MATHEMATICAL BOLD SMALL F +1D420;1D420;1D420;0067;0067; # (ð ð ; ð ð ; ð ð ; g; g; ) MATHEMATICAL BOLD SMALL G +1D421;1D421;1D421;0068;0068; # (ð¡ð¡; ð¡ð¡; ð¡ð¡; h; h; ) MATHEMATICAL BOLD SMALL H +1D422;1D422;1D422;0069;0069; # (ð¢ð¢; ð¢ð¢; ð¢ð¢; i; i; ) MATHEMATICAL BOLD SMALL I +1D423;1D423;1D423;006A;006A; # (ð£ð£; ð£ð£; ð£ð£; j; j; ) MATHEMATICAL BOLD SMALL J +1D424;1D424;1D424;006B;006B; # (ð¤ð¤; ð¤ð¤; ð¤ð¤; k; k; ) MATHEMATICAL BOLD SMALL K +1D425;1D425;1D425;006C;006C; # (ð¥ð¥; ð¥ð¥; ð¥ð¥; l; l; ) MATHEMATICAL BOLD SMALL L +1D426;1D426;1D426;006D;006D; # (ð¦ð¦; ð¦ð¦; ð¦ð¦; m; m; ) MATHEMATICAL BOLD SMALL M +1D427;1D427;1D427;006E;006E; # (ð§ð§; ð§ð§; ð§ð§; n; n; ) MATHEMATICAL BOLD SMALL N +1D428;1D428;1D428;006F;006F; # (ð¨ð¨; ð¨ð¨; ð¨ð¨; o; o; ) MATHEMATICAL BOLD SMALL O +1D429;1D429;1D429;0070;0070; # (ð©ð©; ð©ð©; ð©ð©; p; p; ) MATHEMATICAL BOLD SMALL P +1D42A;1D42A;1D42A;0071;0071; # (ðªðª; ðªðª; ðªðª; q; q; ) MATHEMATICAL BOLD SMALL Q +1D42B;1D42B;1D42B;0072;0072; # (ð«ð«; ð«ð«; ð«ð«; r; r; ) MATHEMATICAL BOLD SMALL R +1D42C;1D42C;1D42C;0073;0073; # (ð¬ð¬; ð¬ð¬; ð¬ð¬; s; s; ) MATHEMATICAL BOLD SMALL S +1D42D;1D42D;1D42D;0074;0074; # (ð­ð­; ð­ð­; ð­ð­; t; t; ) MATHEMATICAL BOLD SMALL T +1D42E;1D42E;1D42E;0075;0075; # (ð®ð®; ð®ð®; ð®ð®; u; u; ) MATHEMATICAL BOLD SMALL U +1D42F;1D42F;1D42F;0076;0076; # (ð¯ð¯; ð¯ð¯; ð¯ð¯; v; v; ) MATHEMATICAL BOLD SMALL V +1D430;1D430;1D430;0077;0077; # (ð°ð°; ð°ð°; ð°ð°; w; w; ) MATHEMATICAL BOLD SMALL W +1D431;1D431;1D431;0078;0078; # (ð±ð±; ð±ð±; ð±ð±; x; x; ) MATHEMATICAL BOLD SMALL X +1D432;1D432;1D432;0079;0079; # (ð²ð²; ð²ð²; ð²ð²; y; y; ) MATHEMATICAL BOLD SMALL Y +1D433;1D433;1D433;007A;007A; # (ð³ð³; ð³ð³; ð³ð³; z; z; ) MATHEMATICAL BOLD SMALL Z +1D434;1D434;1D434;0041;0041; # (ð´ð´; ð´ð´; ð´ð´; A; A; ) MATHEMATICAL ITALIC CAPITAL A +1D435;1D435;1D435;0042;0042; # (ðµðµ; ðµðµ; ðµðµ; B; B; ) MATHEMATICAL ITALIC CAPITAL B +1D436;1D436;1D436;0043;0043; # (ð¶ð¶; ð¶ð¶; ð¶ð¶; C; C; ) MATHEMATICAL ITALIC CAPITAL C +1D437;1D437;1D437;0044;0044; # (ð·ð·; ð·ð·; ð·ð·; D; D; ) MATHEMATICAL ITALIC CAPITAL D +1D438;1D438;1D438;0045;0045; # (ð¸ð¸; ð¸ð¸; ð¸ð¸; E; E; ) MATHEMATICAL ITALIC CAPITAL E +1D439;1D439;1D439;0046;0046; # (ð¹ð¹; ð¹ð¹; ð¹ð¹; F; F; ) MATHEMATICAL ITALIC CAPITAL F +1D43A;1D43A;1D43A;0047;0047; # (ðºðº; ðºðº; ðºðº; G; G; ) MATHEMATICAL ITALIC CAPITAL G +1D43B;1D43B;1D43B;0048;0048; # (ð»ð»; ð»ð»; ð»ð»; H; H; ) MATHEMATICAL ITALIC CAPITAL H +1D43C;1D43C;1D43C;0049;0049; # (ð¼ð¼; ð¼ð¼; ð¼ð¼; I; I; ) MATHEMATICAL ITALIC CAPITAL I +1D43D;1D43D;1D43D;004A;004A; # (ð½ð½; ð½ð½; ð½ð½; J; J; ) MATHEMATICAL ITALIC CAPITAL J +1D43E;1D43E;1D43E;004B;004B; # (ð¾ð¾; ð¾ð¾; ð¾ð¾; K; K; ) MATHEMATICAL ITALIC CAPITAL K +1D43F;1D43F;1D43F;004C;004C; # (ð¿ð¿; ð¿ð¿; ð¿ð¿; L; L; ) MATHEMATICAL ITALIC CAPITAL L +1D440;1D440;1D440;004D;004D; # (ð‘€ð‘€; ð‘€ð‘€; ð‘€ð‘€; M; M; ) MATHEMATICAL ITALIC CAPITAL M +1D441;1D441;1D441;004E;004E; # (ð‘ð‘; ð‘ð‘; ð‘ð‘; N; N; ) MATHEMATICAL ITALIC CAPITAL N +1D442;1D442;1D442;004F;004F; # (ð‘‚ð‘‚; ð‘‚ð‘‚; ð‘‚ð‘‚; O; O; ) MATHEMATICAL ITALIC CAPITAL O +1D443;1D443;1D443;0050;0050; # (ð‘ƒð‘ƒ; ð‘ƒð‘ƒ; ð‘ƒð‘ƒ; P; P; ) MATHEMATICAL ITALIC CAPITAL P +1D444;1D444;1D444;0051;0051; # (ð‘„ð‘„; ð‘„ð‘„; ð‘„ð‘„; Q; Q; ) MATHEMATICAL ITALIC CAPITAL Q +1D445;1D445;1D445;0052;0052; # (ð‘…ð‘…; ð‘…ð‘…; ð‘…ð‘…; R; R; ) MATHEMATICAL ITALIC CAPITAL R +1D446;1D446;1D446;0053;0053; # (ð‘†ð‘†; ð‘†ð‘†; ð‘†ð‘†; S; S; ) MATHEMATICAL ITALIC CAPITAL S +1D447;1D447;1D447;0054;0054; # (ð‘‡ð‘‡; ð‘‡ð‘‡; ð‘‡ð‘‡; T; T; ) MATHEMATICAL ITALIC CAPITAL T +1D448;1D448;1D448;0055;0055; # (ð‘ˆð‘ˆ; ð‘ˆð‘ˆ; ð‘ˆð‘ˆ; U; U; ) MATHEMATICAL ITALIC CAPITAL U +1D449;1D449;1D449;0056;0056; # (ð‘‰ð‘‰; ð‘‰ð‘‰; ð‘‰ð‘‰; V; V; ) MATHEMATICAL ITALIC CAPITAL V +1D44A;1D44A;1D44A;0057;0057; # (ð‘Šð‘Š; ð‘Šð‘Š; ð‘Šð‘Š; W; W; ) MATHEMATICAL ITALIC CAPITAL W +1D44B;1D44B;1D44B;0058;0058; # (ð‘‹ð‘‹; ð‘‹ð‘‹; ð‘‹ð‘‹; X; X; ) MATHEMATICAL ITALIC CAPITAL X +1D44C;1D44C;1D44C;0059;0059; # (ð‘Œð‘Œ; ð‘Œð‘Œ; ð‘Œð‘Œ; Y; Y; ) MATHEMATICAL ITALIC CAPITAL Y +1D44D;1D44D;1D44D;005A;005A; # (ð‘ð‘; ð‘ð‘; ð‘ð‘; Z; Z; ) MATHEMATICAL ITALIC CAPITAL Z +1D44E;1D44E;1D44E;0061;0061; # (ð‘Žð‘Ž; ð‘Žð‘Ž; ð‘Žð‘Ž; a; a; ) MATHEMATICAL ITALIC SMALL A +1D44F;1D44F;1D44F;0062;0062; # (ð‘ð‘; ð‘ð‘; ð‘ð‘; b; b; ) MATHEMATICAL ITALIC SMALL B +1D450;1D450;1D450;0063;0063; # (ð‘ð‘; ð‘ð‘; ð‘ð‘; c; c; ) MATHEMATICAL ITALIC SMALL C +1D451;1D451;1D451;0064;0064; # (ð‘‘ð‘‘; ð‘‘ð‘‘; ð‘‘ð‘‘; d; d; ) MATHEMATICAL ITALIC SMALL D +1D452;1D452;1D452;0065;0065; # (ð‘’ð‘’; ð‘’ð‘’; ð‘’ð‘’; e; e; ) MATHEMATICAL ITALIC SMALL E +1D453;1D453;1D453;0066;0066; # (ð‘“ð‘“; ð‘“ð‘“; ð‘“ð‘“; f; f; ) MATHEMATICAL ITALIC SMALL F +1D454;1D454;1D454;0067;0067; # (ð‘”ð‘”; ð‘”ð‘”; ð‘”ð‘”; g; g; ) MATHEMATICAL ITALIC SMALL G +1D456;1D456;1D456;0069;0069; # (ð‘–ð‘–; ð‘–ð‘–; ð‘–ð‘–; i; i; ) MATHEMATICAL ITALIC SMALL I +1D457;1D457;1D457;006A;006A; # (ð‘—ð‘—; ð‘—ð‘—; ð‘—ð‘—; j; j; ) MATHEMATICAL ITALIC SMALL J +1D458;1D458;1D458;006B;006B; # (ð‘˜ð‘˜; ð‘˜ð‘˜; ð‘˜ð‘˜; k; k; ) MATHEMATICAL ITALIC SMALL K +1D459;1D459;1D459;006C;006C; # (ð‘™ð‘™; ð‘™ð‘™; ð‘™ð‘™; l; l; ) MATHEMATICAL ITALIC SMALL L +1D45A;1D45A;1D45A;006D;006D; # (ð‘šð‘š; ð‘šð‘š; ð‘šð‘š; m; m; ) MATHEMATICAL ITALIC SMALL M +1D45B;1D45B;1D45B;006E;006E; # (ð‘›ð‘›; ð‘›ð‘›; ð‘›ð‘›; n; n; ) MATHEMATICAL ITALIC SMALL N +1D45C;1D45C;1D45C;006F;006F; # (ð‘œð‘œ; ð‘œð‘œ; ð‘œð‘œ; o; o; ) MATHEMATICAL ITALIC SMALL O +1D45D;1D45D;1D45D;0070;0070; # (ð‘ð‘; ð‘ð‘; ð‘ð‘; p; p; ) MATHEMATICAL ITALIC SMALL P +1D45E;1D45E;1D45E;0071;0071; # (ð‘žð‘ž; ð‘žð‘ž; ð‘žð‘ž; q; q; ) MATHEMATICAL ITALIC SMALL Q +1D45F;1D45F;1D45F;0072;0072; # (ð‘Ÿð‘Ÿ; ð‘Ÿð‘Ÿ; ð‘Ÿð‘Ÿ; r; r; ) MATHEMATICAL ITALIC SMALL R +1D460;1D460;1D460;0073;0073; # (ð‘ ð‘ ; ð‘ ð‘ ; ð‘ ð‘ ; s; s; ) MATHEMATICAL ITALIC SMALL S +1D461;1D461;1D461;0074;0074; # (ð‘¡ð‘¡; ð‘¡ð‘¡; ð‘¡ð‘¡; t; t; ) MATHEMATICAL ITALIC SMALL T +1D462;1D462;1D462;0075;0075; # (ð‘¢ð‘¢; ð‘¢ð‘¢; ð‘¢ð‘¢; u; u; ) MATHEMATICAL ITALIC SMALL U +1D463;1D463;1D463;0076;0076; # (ð‘£ð‘£; ð‘£ð‘£; ð‘£ð‘£; v; v; ) MATHEMATICAL ITALIC SMALL V +1D464;1D464;1D464;0077;0077; # (ð‘¤ð‘¤; ð‘¤ð‘¤; ð‘¤ð‘¤; w; w; ) MATHEMATICAL ITALIC SMALL W +1D465;1D465;1D465;0078;0078; # (ð‘¥ð‘¥; ð‘¥ð‘¥; ð‘¥ð‘¥; x; x; ) MATHEMATICAL ITALIC SMALL X +1D466;1D466;1D466;0079;0079; # (ð‘¦ð‘¦; ð‘¦ð‘¦; ð‘¦ð‘¦; y; y; ) MATHEMATICAL ITALIC SMALL Y +1D467;1D467;1D467;007A;007A; # (ð‘§ð‘§; ð‘§ð‘§; ð‘§ð‘§; z; z; ) MATHEMATICAL ITALIC SMALL Z +1D468;1D468;1D468;0041;0041; # (ð‘¨ð‘¨; ð‘¨ð‘¨; ð‘¨ð‘¨; A; A; ) MATHEMATICAL BOLD ITALIC CAPITAL A +1D469;1D469;1D469;0042;0042; # (ð‘©ð‘©; ð‘©ð‘©; ð‘©ð‘©; B; B; ) MATHEMATICAL BOLD ITALIC CAPITAL B +1D46A;1D46A;1D46A;0043;0043; # (ð‘ªð‘ª; ð‘ªð‘ª; ð‘ªð‘ª; C; C; ) MATHEMATICAL BOLD ITALIC CAPITAL C +1D46B;1D46B;1D46B;0044;0044; # (ð‘«ð‘«; ð‘«ð‘«; ð‘«ð‘«; D; D; ) MATHEMATICAL BOLD ITALIC CAPITAL D +1D46C;1D46C;1D46C;0045;0045; # (ð‘¬ð‘¬; ð‘¬ð‘¬; ð‘¬ð‘¬; E; E; ) MATHEMATICAL BOLD ITALIC CAPITAL E +1D46D;1D46D;1D46D;0046;0046; # (ð‘­ð‘­; ð‘­ð‘­; ð‘­ð‘­; F; F; ) MATHEMATICAL BOLD ITALIC CAPITAL F +1D46E;1D46E;1D46E;0047;0047; # (ð‘®ð‘®; ð‘®ð‘®; ð‘®ð‘®; G; G; ) MATHEMATICAL BOLD ITALIC CAPITAL G +1D46F;1D46F;1D46F;0048;0048; # (ð‘¯ð‘¯; ð‘¯ð‘¯; ð‘¯ð‘¯; H; H; ) MATHEMATICAL BOLD ITALIC CAPITAL H +1D470;1D470;1D470;0049;0049; # (ð‘°ð‘°; ð‘°ð‘°; ð‘°ð‘°; I; I; ) MATHEMATICAL BOLD ITALIC CAPITAL I +1D471;1D471;1D471;004A;004A; # (ð‘±ð‘±; ð‘±ð‘±; ð‘±ð‘±; J; J; ) MATHEMATICAL BOLD ITALIC CAPITAL J +1D472;1D472;1D472;004B;004B; # (ð‘²ð‘²; ð‘²ð‘²; ð‘²ð‘²; K; K; ) MATHEMATICAL BOLD ITALIC CAPITAL K +1D473;1D473;1D473;004C;004C; # (ð‘³ð‘³; ð‘³ð‘³; ð‘³ð‘³; L; L; ) MATHEMATICAL BOLD ITALIC CAPITAL L +1D474;1D474;1D474;004D;004D; # (ð‘´ð‘´; ð‘´ð‘´; ð‘´ð‘´; M; M; ) MATHEMATICAL BOLD ITALIC CAPITAL M +1D475;1D475;1D475;004E;004E; # (ð‘µð‘µ; ð‘µð‘µ; ð‘µð‘µ; N; N; ) MATHEMATICAL BOLD ITALIC CAPITAL N +1D476;1D476;1D476;004F;004F; # (ð‘¶ð‘¶; ð‘¶ð‘¶; ð‘¶ð‘¶; O; O; ) MATHEMATICAL BOLD ITALIC CAPITAL O +1D477;1D477;1D477;0050;0050; # (ð‘·ð‘·; ð‘·ð‘·; ð‘·ð‘·; P; P; ) MATHEMATICAL BOLD ITALIC CAPITAL P +1D478;1D478;1D478;0051;0051; # (ð‘¸ð‘¸; ð‘¸ð‘¸; ð‘¸ð‘¸; Q; Q; ) MATHEMATICAL BOLD ITALIC CAPITAL Q +1D479;1D479;1D479;0052;0052; # (ð‘¹ð‘¹; ð‘¹ð‘¹; ð‘¹ð‘¹; R; R; ) MATHEMATICAL BOLD ITALIC CAPITAL R +1D47A;1D47A;1D47A;0053;0053; # (ð‘ºð‘º; ð‘ºð‘º; ð‘ºð‘º; S; S; ) MATHEMATICAL BOLD ITALIC CAPITAL S +1D47B;1D47B;1D47B;0054;0054; # (ð‘»ð‘»; ð‘»ð‘»; ð‘»ð‘»; T; T; ) MATHEMATICAL BOLD ITALIC CAPITAL T +1D47C;1D47C;1D47C;0055;0055; # (ð‘¼ð‘¼; ð‘¼ð‘¼; ð‘¼ð‘¼; U; U; ) MATHEMATICAL BOLD ITALIC CAPITAL U +1D47D;1D47D;1D47D;0056;0056; # (ð‘½ð‘½; ð‘½ð‘½; ð‘½ð‘½; V; V; ) MATHEMATICAL BOLD ITALIC CAPITAL V +1D47E;1D47E;1D47E;0057;0057; # (ð‘¾ð‘¾; ð‘¾ð‘¾; ð‘¾ð‘¾; W; W; ) MATHEMATICAL BOLD ITALIC CAPITAL W +1D47F;1D47F;1D47F;0058;0058; # (ð‘¿ð‘¿; ð‘¿ð‘¿; ð‘¿ð‘¿; X; X; ) MATHEMATICAL BOLD ITALIC CAPITAL X +1D480;1D480;1D480;0059;0059; # (ð’€ð’€; ð’€ð’€; ð’€ð’€; Y; Y; ) MATHEMATICAL BOLD ITALIC CAPITAL Y +1D481;1D481;1D481;005A;005A; # (ð’ð’; ð’ð’; ð’ð’; Z; Z; ) MATHEMATICAL BOLD ITALIC CAPITAL Z +1D482;1D482;1D482;0061;0061; # (ð’‚ð’‚; ð’‚ð’‚; ð’‚ð’‚; a; a; ) MATHEMATICAL BOLD ITALIC SMALL A +1D483;1D483;1D483;0062;0062; # (ð’ƒð’ƒ; ð’ƒð’ƒ; ð’ƒð’ƒ; b; b; ) MATHEMATICAL BOLD ITALIC SMALL B +1D484;1D484;1D484;0063;0063; # (ð’„ð’„; ð’„ð’„; ð’„ð’„; c; c; ) MATHEMATICAL BOLD ITALIC SMALL C +1D485;1D485;1D485;0064;0064; # (ð’…ð’…; ð’…ð’…; ð’…ð’…; d; d; ) MATHEMATICAL BOLD ITALIC SMALL D +1D486;1D486;1D486;0065;0065; # (ð’†ð’†; ð’†ð’†; ð’†ð’†; e; e; ) MATHEMATICAL BOLD ITALIC SMALL E +1D487;1D487;1D487;0066;0066; # (ð’‡ð’‡; ð’‡ð’‡; ð’‡ð’‡; f; f; ) MATHEMATICAL BOLD ITALIC SMALL F +1D488;1D488;1D488;0067;0067; # (ð’ˆð’ˆ; ð’ˆð’ˆ; ð’ˆð’ˆ; g; g; ) MATHEMATICAL BOLD ITALIC SMALL G +1D489;1D489;1D489;0068;0068; # (ð’‰ð’‰; ð’‰ð’‰; ð’‰ð’‰; h; h; ) MATHEMATICAL BOLD ITALIC SMALL H +1D48A;1D48A;1D48A;0069;0069; # (ð’Šð’Š; ð’Šð’Š; ð’Šð’Š; i; i; ) MATHEMATICAL BOLD ITALIC SMALL I +1D48B;1D48B;1D48B;006A;006A; # (ð’‹ð’‹; ð’‹ð’‹; ð’‹ð’‹; j; j; ) MATHEMATICAL BOLD ITALIC SMALL J +1D48C;1D48C;1D48C;006B;006B; # (ð’Œð’Œ; ð’Œð’Œ; ð’Œð’Œ; k; k; ) MATHEMATICAL BOLD ITALIC SMALL K +1D48D;1D48D;1D48D;006C;006C; # (ð’ð’; ð’ð’; ð’ð’; l; l; ) MATHEMATICAL BOLD ITALIC SMALL L +1D48E;1D48E;1D48E;006D;006D; # (ð’Žð’Ž; ð’Žð’Ž; ð’Žð’Ž; m; m; ) MATHEMATICAL BOLD ITALIC SMALL M +1D48F;1D48F;1D48F;006E;006E; # (ð’ð’; ð’ð’; ð’ð’; n; n; ) MATHEMATICAL BOLD ITALIC SMALL N +1D490;1D490;1D490;006F;006F; # (ð’ð’; ð’ð’; ð’ð’; o; o; ) MATHEMATICAL BOLD ITALIC SMALL O +1D491;1D491;1D491;0070;0070; # (ð’‘ð’‘; ð’‘ð’‘; ð’‘ð’‘; p; p; ) MATHEMATICAL BOLD ITALIC SMALL P +1D492;1D492;1D492;0071;0071; # (ð’’ð’’; ð’’ð’’; ð’’ð’’; q; q; ) MATHEMATICAL BOLD ITALIC SMALL Q +1D493;1D493;1D493;0072;0072; # (ð’“ð’“; ð’“ð’“; ð’“ð’“; r; r; ) MATHEMATICAL BOLD ITALIC SMALL R +1D494;1D494;1D494;0073;0073; # (ð’”ð’”; ð’”ð’”; ð’”ð’”; s; s; ) MATHEMATICAL BOLD ITALIC SMALL S +1D495;1D495;1D495;0074;0074; # (ð’•ð’•; ð’•ð’•; ð’•ð’•; t; t; ) MATHEMATICAL BOLD ITALIC SMALL T +1D496;1D496;1D496;0075;0075; # (ð’–ð’–; ð’–ð’–; ð’–ð’–; u; u; ) MATHEMATICAL BOLD ITALIC SMALL U +1D497;1D497;1D497;0076;0076; # (ð’—ð’—; ð’—ð’—; ð’—ð’—; v; v; ) MATHEMATICAL BOLD ITALIC SMALL V +1D498;1D498;1D498;0077;0077; # (ð’˜ð’˜; ð’˜ð’˜; ð’˜ð’˜; w; w; ) MATHEMATICAL BOLD ITALIC SMALL W +1D499;1D499;1D499;0078;0078; # (ð’™ð’™; ð’™ð’™; ð’™ð’™; x; x; ) MATHEMATICAL BOLD ITALIC SMALL X +1D49A;1D49A;1D49A;0079;0079; # (ð’šð’š; ð’šð’š; ð’šð’š; y; y; ) MATHEMATICAL BOLD ITALIC SMALL Y +1D49B;1D49B;1D49B;007A;007A; # (ð’›ð’›; ð’›ð’›; ð’›ð’›; z; z; ) MATHEMATICAL BOLD ITALIC SMALL Z +1D49C;1D49C;1D49C;0041;0041; # (ð’œð’œ; ð’œð’œ; ð’œð’œ; A; A; ) MATHEMATICAL SCRIPT CAPITAL A +1D49E;1D49E;1D49E;0043;0043; # (ð’žð’ž; ð’žð’ž; ð’žð’ž; C; C; ) MATHEMATICAL SCRIPT CAPITAL C +1D49F;1D49F;1D49F;0044;0044; # (ð’Ÿð’Ÿ; ð’Ÿð’Ÿ; ð’Ÿð’Ÿ; D; D; ) MATHEMATICAL SCRIPT CAPITAL D +1D4A2;1D4A2;1D4A2;0047;0047; # (ð’¢ð’¢; ð’¢ð’¢; ð’¢ð’¢; G; G; ) MATHEMATICAL SCRIPT CAPITAL G +1D4A5;1D4A5;1D4A5;004A;004A; # (ð’¥ð’¥; ð’¥ð’¥; ð’¥ð’¥; J; J; ) MATHEMATICAL SCRIPT CAPITAL J +1D4A6;1D4A6;1D4A6;004B;004B; # (ð’¦ð’¦; ð’¦ð’¦; ð’¦ð’¦; K; K; ) MATHEMATICAL SCRIPT CAPITAL K +1D4A9;1D4A9;1D4A9;004E;004E; # (ð’©ð’©; ð’©ð’©; ð’©ð’©; N; N; ) MATHEMATICAL SCRIPT CAPITAL N +1D4AA;1D4AA;1D4AA;004F;004F; # (ð’ªð’ª; ð’ªð’ª; ð’ªð’ª; O; O; ) MATHEMATICAL SCRIPT CAPITAL O +1D4AB;1D4AB;1D4AB;0050;0050; # (ð’«ð’«; ð’«ð’«; ð’«ð’«; P; P; ) MATHEMATICAL SCRIPT CAPITAL P +1D4AC;1D4AC;1D4AC;0051;0051; # (ð’¬ð’¬; ð’¬ð’¬; ð’¬ð’¬; Q; Q; ) MATHEMATICAL SCRIPT CAPITAL Q +1D4AE;1D4AE;1D4AE;0053;0053; # (ð’®ð’®; ð’®ð’®; ð’®ð’®; S; S; ) MATHEMATICAL SCRIPT CAPITAL S +1D4AF;1D4AF;1D4AF;0054;0054; # (ð’¯ð’¯; ð’¯ð’¯; ð’¯ð’¯; T; T; ) MATHEMATICAL SCRIPT CAPITAL T +1D4B0;1D4B0;1D4B0;0055;0055; # (ð’°ð’°; ð’°ð’°; ð’°ð’°; U; U; ) MATHEMATICAL SCRIPT CAPITAL U +1D4B1;1D4B1;1D4B1;0056;0056; # (ð’±ð’±; ð’±ð’±; ð’±ð’±; V; V; ) MATHEMATICAL SCRIPT CAPITAL V +1D4B2;1D4B2;1D4B2;0057;0057; # (ð’²ð’²; ð’²ð’²; ð’²ð’²; W; W; ) MATHEMATICAL SCRIPT CAPITAL W +1D4B3;1D4B3;1D4B3;0058;0058; # (ð’³ð’³; ð’³ð’³; ð’³ð’³; X; X; ) MATHEMATICAL SCRIPT CAPITAL X +1D4B4;1D4B4;1D4B4;0059;0059; # (ð’´ð’´; ð’´ð’´; ð’´ð’´; Y; Y; ) MATHEMATICAL SCRIPT CAPITAL Y +1D4B5;1D4B5;1D4B5;005A;005A; # (ð’µð’µ; ð’µð’µ; ð’µð’µ; Z; Z; ) MATHEMATICAL SCRIPT CAPITAL Z +1D4B6;1D4B6;1D4B6;0061;0061; # (ð’¶ð’¶; ð’¶ð’¶; ð’¶ð’¶; a; a; ) MATHEMATICAL SCRIPT SMALL A +1D4B7;1D4B7;1D4B7;0062;0062; # (ð’·ð’·; ð’·ð’·; ð’·ð’·; b; b; ) MATHEMATICAL SCRIPT SMALL B +1D4B8;1D4B8;1D4B8;0063;0063; # (ð’¸ð’¸; ð’¸ð’¸; ð’¸ð’¸; c; c; ) MATHEMATICAL SCRIPT SMALL C +1D4B9;1D4B9;1D4B9;0064;0064; # (ð’¹ð’¹; ð’¹ð’¹; ð’¹ð’¹; d; d; ) MATHEMATICAL SCRIPT SMALL D +1D4BB;1D4BB;1D4BB;0066;0066; # (ð’»ð’»; ð’»ð’»; ð’»ð’»; f; f; ) MATHEMATICAL SCRIPT SMALL F +1D4BD;1D4BD;1D4BD;0068;0068; # (ð’½ð’½; ð’½ð’½; ð’½ð’½; h; h; ) MATHEMATICAL SCRIPT SMALL H +1D4BE;1D4BE;1D4BE;0069;0069; # (ð’¾ð’¾; ð’¾ð’¾; ð’¾ð’¾; i; i; ) MATHEMATICAL SCRIPT SMALL I +1D4BF;1D4BF;1D4BF;006A;006A; # (ð’¿ð’¿; ð’¿ð’¿; ð’¿ð’¿; j; j; ) MATHEMATICAL SCRIPT SMALL J +1D4C0;1D4C0;1D4C0;006B;006B; # (ð“€ð“€; ð“€ð“€; ð“€ð“€; k; k; ) MATHEMATICAL SCRIPT SMALL K +1D4C1;1D4C1;1D4C1;006C;006C; # (ð“ð“; ð“ð“; ð“ð“; l; l; ) MATHEMATICAL SCRIPT SMALL L +1D4C2;1D4C2;1D4C2;006D;006D; # (ð“‚ð“‚; ð“‚ð“‚; ð“‚ð“‚; m; m; ) MATHEMATICAL SCRIPT SMALL M +1D4C3;1D4C3;1D4C3;006E;006E; # (ð“ƒð“ƒ; ð“ƒð“ƒ; ð“ƒð“ƒ; n; n; ) MATHEMATICAL SCRIPT SMALL N +1D4C5;1D4C5;1D4C5;0070;0070; # (ð“…ð“…; ð“…ð“…; ð“…ð“…; p; p; ) MATHEMATICAL SCRIPT SMALL P +1D4C6;1D4C6;1D4C6;0071;0071; # (ð“†ð“†; ð“†ð“†; ð“†ð“†; q; q; ) MATHEMATICAL SCRIPT SMALL Q +1D4C7;1D4C7;1D4C7;0072;0072; # (ð“‡ð“‡; ð“‡ð“‡; ð“‡ð“‡; r; r; ) MATHEMATICAL SCRIPT SMALL R +1D4C8;1D4C8;1D4C8;0073;0073; # (ð“ˆð“ˆ; ð“ˆð“ˆ; ð“ˆð“ˆ; s; s; ) MATHEMATICAL SCRIPT SMALL S +1D4C9;1D4C9;1D4C9;0074;0074; # (ð“‰ð“‰; ð“‰ð“‰; ð“‰ð“‰; t; t; ) MATHEMATICAL SCRIPT SMALL T +1D4CA;1D4CA;1D4CA;0075;0075; # (ð“Šð“Š; ð“Šð“Š; ð“Šð“Š; u; u; ) MATHEMATICAL SCRIPT SMALL U +1D4CB;1D4CB;1D4CB;0076;0076; # (ð“‹ð“‹; ð“‹ð“‹; ð“‹ð“‹; v; v; ) MATHEMATICAL SCRIPT SMALL V +1D4CC;1D4CC;1D4CC;0077;0077; # (ð“Œð“Œ; ð“Œð“Œ; ð“Œð“Œ; w; w; ) MATHEMATICAL SCRIPT SMALL W +1D4CD;1D4CD;1D4CD;0078;0078; # (ð“ð“; ð“ð“; ð“ð“; x; x; ) MATHEMATICAL SCRIPT SMALL X +1D4CE;1D4CE;1D4CE;0079;0079; # (ð“Žð“Ž; ð“Žð“Ž; ð“Žð“Ž; y; y; ) MATHEMATICAL SCRIPT SMALL Y +1D4CF;1D4CF;1D4CF;007A;007A; # (ð“ð“; ð“ð“; ð“ð“; z; z; ) MATHEMATICAL SCRIPT SMALL Z +1D4D0;1D4D0;1D4D0;0041;0041; # (ð“ð“; ð“ð“; ð“ð“; A; A; ) MATHEMATICAL BOLD SCRIPT CAPITAL A +1D4D1;1D4D1;1D4D1;0042;0042; # (ð“‘ð“‘; ð“‘ð“‘; ð“‘ð“‘; B; B; ) MATHEMATICAL BOLD SCRIPT CAPITAL B +1D4D2;1D4D2;1D4D2;0043;0043; # (ð“’ð“’; ð“’ð“’; ð“’ð“’; C; C; ) MATHEMATICAL BOLD SCRIPT CAPITAL C +1D4D3;1D4D3;1D4D3;0044;0044; # (ð““ð““; ð““ð““; ð““ð““; D; D; ) MATHEMATICAL BOLD SCRIPT CAPITAL D +1D4D4;1D4D4;1D4D4;0045;0045; # (ð“”ð“”; ð“”ð“”; ð“”ð“”; E; E; ) MATHEMATICAL BOLD SCRIPT CAPITAL E +1D4D5;1D4D5;1D4D5;0046;0046; # (ð“•ð“•; ð“•ð“•; ð“•ð“•; F; F; ) MATHEMATICAL BOLD SCRIPT CAPITAL F +1D4D6;1D4D6;1D4D6;0047;0047; # (ð“–ð“–; ð“–ð“–; ð“–ð“–; G; G; ) MATHEMATICAL BOLD SCRIPT CAPITAL G +1D4D7;1D4D7;1D4D7;0048;0048; # (ð“—ð“—; ð“—ð“—; ð“—ð“—; H; H; ) MATHEMATICAL BOLD SCRIPT CAPITAL H +1D4D8;1D4D8;1D4D8;0049;0049; # (ð“˜ð“˜; ð“˜ð“˜; ð“˜ð“˜; I; I; ) MATHEMATICAL BOLD SCRIPT CAPITAL I +1D4D9;1D4D9;1D4D9;004A;004A; # (ð“™ð“™; ð“™ð“™; ð“™ð“™; J; J; ) MATHEMATICAL BOLD SCRIPT CAPITAL J +1D4DA;1D4DA;1D4DA;004B;004B; # (ð“šð“š; ð“šð“š; ð“šð“š; K; K; ) MATHEMATICAL BOLD SCRIPT CAPITAL K +1D4DB;1D4DB;1D4DB;004C;004C; # (ð“›ð“›; ð“›ð“›; ð“›ð“›; L; L; ) MATHEMATICAL BOLD SCRIPT CAPITAL L +1D4DC;1D4DC;1D4DC;004D;004D; # (ð“œð“œ; ð“œð“œ; ð“œð“œ; M; M; ) MATHEMATICAL BOLD SCRIPT CAPITAL M +1D4DD;1D4DD;1D4DD;004E;004E; # (ð“ð“; ð“ð“; ð“ð“; N; N; ) MATHEMATICAL BOLD SCRIPT CAPITAL N +1D4DE;1D4DE;1D4DE;004F;004F; # (ð“žð“ž; ð“žð“ž; ð“žð“ž; O; O; ) MATHEMATICAL BOLD SCRIPT CAPITAL O +1D4DF;1D4DF;1D4DF;0050;0050; # (ð“Ÿð“Ÿ; ð“Ÿð“Ÿ; ð“Ÿð“Ÿ; P; P; ) MATHEMATICAL BOLD SCRIPT CAPITAL P +1D4E0;1D4E0;1D4E0;0051;0051; # (ð“ ð“ ; ð“ ð“ ; ð“ ð“ ; Q; Q; ) MATHEMATICAL BOLD SCRIPT CAPITAL Q +1D4E1;1D4E1;1D4E1;0052;0052; # (ð“¡ð“¡; ð“¡ð“¡; ð“¡ð“¡; R; R; ) MATHEMATICAL BOLD SCRIPT CAPITAL R +1D4E2;1D4E2;1D4E2;0053;0053; # (ð“¢ð“¢; ð“¢ð“¢; ð“¢ð“¢; S; S; ) MATHEMATICAL BOLD SCRIPT CAPITAL S +1D4E3;1D4E3;1D4E3;0054;0054; # (ð“£ð“£; ð“£ð“£; ð“£ð“£; T; T; ) MATHEMATICAL BOLD SCRIPT CAPITAL T +1D4E4;1D4E4;1D4E4;0055;0055; # (ð“¤ð“¤; ð“¤ð“¤; ð“¤ð“¤; U; U; ) MATHEMATICAL BOLD SCRIPT CAPITAL U +1D4E5;1D4E5;1D4E5;0056;0056; # (ð“¥ð“¥; ð“¥ð“¥; ð“¥ð“¥; V; V; ) MATHEMATICAL BOLD SCRIPT CAPITAL V +1D4E6;1D4E6;1D4E6;0057;0057; # (ð“¦ð“¦; ð“¦ð“¦; ð“¦ð“¦; W; W; ) MATHEMATICAL BOLD SCRIPT CAPITAL W +1D4E7;1D4E7;1D4E7;0058;0058; # (ð“§ð“§; ð“§ð“§; ð“§ð“§; X; X; ) MATHEMATICAL BOLD SCRIPT CAPITAL X +1D4E8;1D4E8;1D4E8;0059;0059; # (ð“¨ð“¨; ð“¨ð“¨; ð“¨ð“¨; Y; Y; ) MATHEMATICAL BOLD SCRIPT CAPITAL Y +1D4E9;1D4E9;1D4E9;005A;005A; # (ð“©ð“©; ð“©ð“©; ð“©ð“©; Z; Z; ) MATHEMATICAL BOLD SCRIPT CAPITAL Z +1D4EA;1D4EA;1D4EA;0061;0061; # (ð“ªð“ª; ð“ªð“ª; ð“ªð“ª; a; a; ) MATHEMATICAL BOLD SCRIPT SMALL A +1D4EB;1D4EB;1D4EB;0062;0062; # (ð“«ð“«; ð“«ð“«; ð“«ð“«; b; b; ) MATHEMATICAL BOLD SCRIPT SMALL B +1D4EC;1D4EC;1D4EC;0063;0063; # (ð“¬ð“¬; ð“¬ð“¬; ð“¬ð“¬; c; c; ) MATHEMATICAL BOLD SCRIPT SMALL C +1D4ED;1D4ED;1D4ED;0064;0064; # (ð“­ð“­; ð“­ð“­; ð“­ð“­; d; d; ) MATHEMATICAL BOLD SCRIPT SMALL D +1D4EE;1D4EE;1D4EE;0065;0065; # (ð“®ð“®; ð“®ð“®; ð“®ð“®; e; e; ) MATHEMATICAL BOLD SCRIPT SMALL E +1D4EF;1D4EF;1D4EF;0066;0066; # (ð“¯ð“¯; ð“¯ð“¯; ð“¯ð“¯; f; f; ) MATHEMATICAL BOLD SCRIPT SMALL F +1D4F0;1D4F0;1D4F0;0067;0067; # (ð“°ð“°; ð“°ð“°; ð“°ð“°; g; g; ) MATHEMATICAL BOLD SCRIPT SMALL G +1D4F1;1D4F1;1D4F1;0068;0068; # (ð“±ð“±; ð“±ð“±; ð“±ð“±; h; h; ) MATHEMATICAL BOLD SCRIPT SMALL H +1D4F2;1D4F2;1D4F2;0069;0069; # (ð“²ð“²; ð“²ð“²; ð“²ð“²; i; i; ) MATHEMATICAL BOLD SCRIPT SMALL I +1D4F3;1D4F3;1D4F3;006A;006A; # (ð“³ð“³; ð“³ð“³; ð“³ð“³; j; j; ) MATHEMATICAL BOLD SCRIPT SMALL J +1D4F4;1D4F4;1D4F4;006B;006B; # (ð“´ð“´; ð“´ð“´; ð“´ð“´; k; k; ) MATHEMATICAL BOLD SCRIPT SMALL K +1D4F5;1D4F5;1D4F5;006C;006C; # (ð“µð“µ; ð“µð“µ; ð“µð“µ; l; l; ) MATHEMATICAL BOLD SCRIPT SMALL L +1D4F6;1D4F6;1D4F6;006D;006D; # (ð“¶ð“¶; ð“¶ð“¶; ð“¶ð“¶; m; m; ) MATHEMATICAL BOLD SCRIPT SMALL M +1D4F7;1D4F7;1D4F7;006E;006E; # (ð“·ð“·; ð“·ð“·; ð“·ð“·; n; n; ) MATHEMATICAL BOLD SCRIPT SMALL N +1D4F8;1D4F8;1D4F8;006F;006F; # (ð“¸ð“¸; ð“¸ð“¸; ð“¸ð“¸; o; o; ) MATHEMATICAL BOLD SCRIPT SMALL O +1D4F9;1D4F9;1D4F9;0070;0070; # (ð“¹ð“¹; ð“¹ð“¹; ð“¹ð“¹; p; p; ) MATHEMATICAL BOLD SCRIPT SMALL P +1D4FA;1D4FA;1D4FA;0071;0071; # (ð“ºð“º; ð“ºð“º; ð“ºð“º; q; q; ) MATHEMATICAL BOLD SCRIPT SMALL Q +1D4FB;1D4FB;1D4FB;0072;0072; # (ð“»ð“»; ð“»ð“»; ð“»ð“»; r; r; ) MATHEMATICAL BOLD SCRIPT SMALL R +1D4FC;1D4FC;1D4FC;0073;0073; # (ð“¼ð“¼; ð“¼ð“¼; ð“¼ð“¼; s; s; ) MATHEMATICAL BOLD SCRIPT SMALL S +1D4FD;1D4FD;1D4FD;0074;0074; # (ð“½ð“½; ð“½ð“½; ð“½ð“½; t; t; ) MATHEMATICAL BOLD SCRIPT SMALL T +1D4FE;1D4FE;1D4FE;0075;0075; # (ð“¾ð“¾; ð“¾ð“¾; ð“¾ð“¾; u; u; ) MATHEMATICAL BOLD SCRIPT SMALL U +1D4FF;1D4FF;1D4FF;0076;0076; # (ð“¿ð“¿; ð“¿ð“¿; ð“¿ð“¿; v; v; ) MATHEMATICAL BOLD SCRIPT SMALL V +1D500;1D500;1D500;0077;0077; # (ð”€ð”€; ð”€ð”€; ð”€ð”€; w; w; ) MATHEMATICAL BOLD SCRIPT SMALL W +1D501;1D501;1D501;0078;0078; # (ð”ð”; ð”ð”; ð”ð”; x; x; ) MATHEMATICAL BOLD SCRIPT SMALL X +1D502;1D502;1D502;0079;0079; # (ð”‚ð”‚; ð”‚ð”‚; ð”‚ð”‚; y; y; ) MATHEMATICAL BOLD SCRIPT SMALL Y +1D503;1D503;1D503;007A;007A; # (ð”ƒð”ƒ; ð”ƒð”ƒ; ð”ƒð”ƒ; z; z; ) MATHEMATICAL BOLD SCRIPT SMALL Z +1D504;1D504;1D504;0041;0041; # (ð”„ð”„; ð”„ð”„; ð”„ð”„; A; A; ) MATHEMATICAL FRAKTUR CAPITAL A +1D505;1D505;1D505;0042;0042; # (ð”…ð”…; ð”…ð”…; ð”…ð”…; B; B; ) MATHEMATICAL FRAKTUR CAPITAL B +1D507;1D507;1D507;0044;0044; # (ð”‡ð”‡; ð”‡ð”‡; ð”‡ð”‡; D; D; ) MATHEMATICAL FRAKTUR CAPITAL D +1D508;1D508;1D508;0045;0045; # (ð”ˆð”ˆ; ð”ˆð”ˆ; ð”ˆð”ˆ; E; E; ) MATHEMATICAL FRAKTUR CAPITAL E +1D509;1D509;1D509;0046;0046; # (ð”‰ð”‰; ð”‰ð”‰; ð”‰ð”‰; F; F; ) MATHEMATICAL FRAKTUR CAPITAL F +1D50A;1D50A;1D50A;0047;0047; # (ð”Šð”Š; ð”Šð”Š; ð”Šð”Š; G; G; ) MATHEMATICAL FRAKTUR CAPITAL G +1D50D;1D50D;1D50D;004A;004A; # (ð”ð”; ð”ð”; ð”ð”; J; J; ) MATHEMATICAL FRAKTUR CAPITAL J +1D50E;1D50E;1D50E;004B;004B; # (ð”Žð”Ž; ð”Žð”Ž; ð”Žð”Ž; K; K; ) MATHEMATICAL FRAKTUR CAPITAL K +1D50F;1D50F;1D50F;004C;004C; # (ð”ð”; ð”ð”; ð”ð”; L; L; ) MATHEMATICAL FRAKTUR CAPITAL L +1D510;1D510;1D510;004D;004D; # (ð”ð”; ð”ð”; ð”ð”; M; M; ) MATHEMATICAL FRAKTUR CAPITAL M +1D511;1D511;1D511;004E;004E; # (ð”‘ð”‘; ð”‘ð”‘; ð”‘ð”‘; N; N; ) MATHEMATICAL FRAKTUR CAPITAL N +1D512;1D512;1D512;004F;004F; # (ð”’ð”’; ð”’ð”’; ð”’ð”’; O; O; ) MATHEMATICAL FRAKTUR CAPITAL O +1D513;1D513;1D513;0050;0050; # (ð”“ð”“; ð”“ð”“; ð”“ð”“; P; P; ) MATHEMATICAL FRAKTUR CAPITAL P +1D514;1D514;1D514;0051;0051; # (ð””ð””; ð””ð””; ð””ð””; Q; Q; ) MATHEMATICAL FRAKTUR CAPITAL Q +1D516;1D516;1D516;0053;0053; # (ð”–ð”–; ð”–ð”–; ð”–ð”–; S; S; ) MATHEMATICAL FRAKTUR CAPITAL S +1D517;1D517;1D517;0054;0054; # (ð”—ð”—; ð”—ð”—; ð”—ð”—; T; T; ) MATHEMATICAL FRAKTUR CAPITAL T +1D518;1D518;1D518;0055;0055; # (ð”˜ð”˜; ð”˜ð”˜; ð”˜ð”˜; U; U; ) MATHEMATICAL FRAKTUR CAPITAL U +1D519;1D519;1D519;0056;0056; # (ð”™ð”™; ð”™ð”™; ð”™ð”™; V; V; ) MATHEMATICAL FRAKTUR CAPITAL V +1D51A;1D51A;1D51A;0057;0057; # (ð”šð”š; ð”šð”š; ð”šð”š; W; W; ) MATHEMATICAL FRAKTUR CAPITAL W +1D51B;1D51B;1D51B;0058;0058; # (ð”›ð”›; ð”›ð”›; ð”›ð”›; X; X; ) MATHEMATICAL FRAKTUR CAPITAL X +1D51C;1D51C;1D51C;0059;0059; # (ð”œð”œ; ð”œð”œ; ð”œð”œ; Y; Y; ) MATHEMATICAL FRAKTUR CAPITAL Y +1D51E;1D51E;1D51E;0061;0061; # (ð”žð”ž; ð”žð”ž; ð”žð”ž; a; a; ) MATHEMATICAL FRAKTUR SMALL A +1D51F;1D51F;1D51F;0062;0062; # (ð”Ÿð”Ÿ; ð”Ÿð”Ÿ; ð”Ÿð”Ÿ; b; b; ) MATHEMATICAL FRAKTUR SMALL B +1D520;1D520;1D520;0063;0063; # (ð” ð” ; ð” ð” ; ð” ð” ; c; c; ) MATHEMATICAL FRAKTUR SMALL C +1D521;1D521;1D521;0064;0064; # (ð”¡ð”¡; ð”¡ð”¡; ð”¡ð”¡; d; d; ) MATHEMATICAL FRAKTUR SMALL D +1D522;1D522;1D522;0065;0065; # (ð”¢ð”¢; ð”¢ð”¢; ð”¢ð”¢; e; e; ) MATHEMATICAL FRAKTUR SMALL E +1D523;1D523;1D523;0066;0066; # (ð”£ð”£; ð”£ð”£; ð”£ð”£; f; f; ) MATHEMATICAL FRAKTUR SMALL F +1D524;1D524;1D524;0067;0067; # (ð”¤ð”¤; ð”¤ð”¤; ð”¤ð”¤; g; g; ) MATHEMATICAL FRAKTUR SMALL G +1D525;1D525;1D525;0068;0068; # (ð”¥ð”¥; ð”¥ð”¥; ð”¥ð”¥; h; h; ) MATHEMATICAL FRAKTUR SMALL H +1D526;1D526;1D526;0069;0069; # (ð”¦ð”¦; ð”¦ð”¦; ð”¦ð”¦; i; i; ) MATHEMATICAL FRAKTUR SMALL I +1D527;1D527;1D527;006A;006A; # (ð”§ð”§; ð”§ð”§; ð”§ð”§; j; j; ) MATHEMATICAL FRAKTUR SMALL J +1D528;1D528;1D528;006B;006B; # (ð”¨ð”¨; ð”¨ð”¨; ð”¨ð”¨; k; k; ) MATHEMATICAL FRAKTUR SMALL K +1D529;1D529;1D529;006C;006C; # (ð”©ð”©; ð”©ð”©; ð”©ð”©; l; l; ) MATHEMATICAL FRAKTUR SMALL L +1D52A;1D52A;1D52A;006D;006D; # (ð”ªð”ª; ð”ªð”ª; ð”ªð”ª; m; m; ) MATHEMATICAL FRAKTUR SMALL M +1D52B;1D52B;1D52B;006E;006E; # (ð”«ð”«; ð”«ð”«; ð”«ð”«; n; n; ) MATHEMATICAL FRAKTUR SMALL N +1D52C;1D52C;1D52C;006F;006F; # (ð”¬ð”¬; ð”¬ð”¬; ð”¬ð”¬; o; o; ) MATHEMATICAL FRAKTUR SMALL O +1D52D;1D52D;1D52D;0070;0070; # (ð”­ð”­; ð”­ð”­; ð”­ð”­; p; p; ) MATHEMATICAL FRAKTUR SMALL P +1D52E;1D52E;1D52E;0071;0071; # (ð”®ð”®; ð”®ð”®; ð”®ð”®; q; q; ) MATHEMATICAL FRAKTUR SMALL Q +1D52F;1D52F;1D52F;0072;0072; # (ð”¯ð”¯; ð”¯ð”¯; ð”¯ð”¯; r; r; ) MATHEMATICAL FRAKTUR SMALL R +1D530;1D530;1D530;0073;0073; # (ð”°ð”°; ð”°ð”°; ð”°ð”°; s; s; ) MATHEMATICAL FRAKTUR SMALL S +1D531;1D531;1D531;0074;0074; # (ð”±ð”±; ð”±ð”±; ð”±ð”±; t; t; ) MATHEMATICAL FRAKTUR SMALL T +1D532;1D532;1D532;0075;0075; # (ð”²ð”²; ð”²ð”²; ð”²ð”²; u; u; ) MATHEMATICAL FRAKTUR SMALL U +1D533;1D533;1D533;0076;0076; # (ð”³ð”³; ð”³ð”³; ð”³ð”³; v; v; ) MATHEMATICAL FRAKTUR SMALL V +1D534;1D534;1D534;0077;0077; # (ð”´ð”´; ð”´ð”´; ð”´ð”´; w; w; ) MATHEMATICAL FRAKTUR SMALL W +1D535;1D535;1D535;0078;0078; # (ð”µð”µ; ð”µð”µ; ð”µð”µ; x; x; ) MATHEMATICAL FRAKTUR SMALL X +1D536;1D536;1D536;0079;0079; # (ð”¶ð”¶; ð”¶ð”¶; ð”¶ð”¶; y; y; ) MATHEMATICAL FRAKTUR SMALL Y +1D537;1D537;1D537;007A;007A; # (ð”·ð”·; ð”·ð”·; ð”·ð”·; z; z; ) MATHEMATICAL FRAKTUR SMALL Z +1D538;1D538;1D538;0041;0041; # (ð”¸ð”¸; ð”¸ð”¸; ð”¸ð”¸; A; A; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL A +1D539;1D539;1D539;0042;0042; # (ð”¹ð”¹; ð”¹ð”¹; ð”¹ð”¹; B; B; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL B +1D53B;1D53B;1D53B;0044;0044; # (ð”»ð”»; ð”»ð”»; ð”»ð”»; D; D; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL D +1D53C;1D53C;1D53C;0045;0045; # (ð”¼ð”¼; ð”¼ð”¼; ð”¼ð”¼; E; E; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL E +1D53D;1D53D;1D53D;0046;0046; # (ð”½ð”½; ð”½ð”½; ð”½ð”½; F; F; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL F +1D53E;1D53E;1D53E;0047;0047; # (ð”¾ð”¾; ð”¾ð”¾; ð”¾ð”¾; G; G; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL G +1D540;1D540;1D540;0049;0049; # (ð•€ð•€; ð•€ð•€; ð•€ð•€; I; I; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL I +1D541;1D541;1D541;004A;004A; # (ð•ð•; ð•ð•; ð•ð•; J; J; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL J +1D542;1D542;1D542;004B;004B; # (ð•‚ð•‚; ð•‚ð•‚; ð•‚ð•‚; K; K; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL K +1D543;1D543;1D543;004C;004C; # (ð•ƒð•ƒ; ð•ƒð•ƒ; ð•ƒð•ƒ; L; L; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL L +1D544;1D544;1D544;004D;004D; # (ð•„ð•„; ð•„ð•„; ð•„ð•„; M; M; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL M +1D546;1D546;1D546;004F;004F; # (ð•†ð•†; ð•†ð•†; ð•†ð•†; O; O; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL O +1D54A;1D54A;1D54A;0053;0053; # (ð•Šð•Š; ð•Šð•Š; ð•Šð•Š; S; S; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL S +1D54B;1D54B;1D54B;0054;0054; # (ð•‹ð•‹; ð•‹ð•‹; ð•‹ð•‹; T; T; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL T +1D54C;1D54C;1D54C;0055;0055; # (ð•Œð•Œ; ð•Œð•Œ; ð•Œð•Œ; U; U; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL U +1D54D;1D54D;1D54D;0056;0056; # (ð•ð•; ð•ð•; ð•ð•; V; V; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL V +1D54E;1D54E;1D54E;0057;0057; # (ð•Žð•Ž; ð•Žð•Ž; ð•Žð•Ž; W; W; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL W +1D54F;1D54F;1D54F;0058;0058; # (ð•ð•; ð•ð•; ð•ð•; X; X; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL X +1D550;1D550;1D550;0059;0059; # (ð•ð•; ð•ð•; ð•ð•; Y; Y; ) MATHEMATICAL DOUBLE-STRUCK CAPITAL Y +1D552;1D552;1D552;0061;0061; # (ð•’ð•’; ð•’ð•’; ð•’ð•’; a; a; ) MATHEMATICAL DOUBLE-STRUCK SMALL A +1D553;1D553;1D553;0062;0062; # (ð•“ð•“; ð•“ð•“; ð•“ð•“; b; b; ) MATHEMATICAL DOUBLE-STRUCK SMALL B +1D554;1D554;1D554;0063;0063; # (ð•”ð•”; ð•”ð•”; ð•”ð•”; c; c; ) MATHEMATICAL DOUBLE-STRUCK SMALL C +1D555;1D555;1D555;0064;0064; # (ð••ð••; ð••ð••; ð••ð••; d; d; ) MATHEMATICAL DOUBLE-STRUCK SMALL D +1D556;1D556;1D556;0065;0065; # (ð•–ð•–; ð•–ð•–; ð•–ð•–; e; e; ) MATHEMATICAL DOUBLE-STRUCK SMALL E +1D557;1D557;1D557;0066;0066; # (ð•—ð•—; ð•—ð•—; ð•—ð•—; f; f; ) MATHEMATICAL DOUBLE-STRUCK SMALL F +1D558;1D558;1D558;0067;0067; # (ð•˜ð•˜; ð•˜ð•˜; ð•˜ð•˜; g; g; ) MATHEMATICAL DOUBLE-STRUCK SMALL G +1D559;1D559;1D559;0068;0068; # (ð•™ð•™; ð•™ð•™; ð•™ð•™; h; h; ) MATHEMATICAL DOUBLE-STRUCK SMALL H +1D55A;1D55A;1D55A;0069;0069; # (ð•šð•š; ð•šð•š; ð•šð•š; i; i; ) MATHEMATICAL DOUBLE-STRUCK SMALL I +1D55B;1D55B;1D55B;006A;006A; # (ð•›ð•›; ð•›ð•›; ð•›ð•›; j; j; ) MATHEMATICAL DOUBLE-STRUCK SMALL J +1D55C;1D55C;1D55C;006B;006B; # (ð•œð•œ; ð•œð•œ; ð•œð•œ; k; k; ) MATHEMATICAL DOUBLE-STRUCK SMALL K +1D55D;1D55D;1D55D;006C;006C; # (ð•ð•; ð•ð•; ð•ð•; l; l; ) MATHEMATICAL DOUBLE-STRUCK SMALL L +1D55E;1D55E;1D55E;006D;006D; # (ð•žð•ž; ð•žð•ž; ð•žð•ž; m; m; ) MATHEMATICAL DOUBLE-STRUCK SMALL M +1D55F;1D55F;1D55F;006E;006E; # (ð•Ÿð•Ÿ; ð•Ÿð•Ÿ; ð•Ÿð•Ÿ; n; n; ) MATHEMATICAL DOUBLE-STRUCK SMALL N +1D560;1D560;1D560;006F;006F; # (ð• ð• ; ð• ð• ; ð• ð• ; o; o; ) MATHEMATICAL DOUBLE-STRUCK SMALL O +1D561;1D561;1D561;0070;0070; # (ð•¡ð•¡; ð•¡ð•¡; ð•¡ð•¡; p; p; ) MATHEMATICAL DOUBLE-STRUCK SMALL P +1D562;1D562;1D562;0071;0071; # (ð•¢ð•¢; ð•¢ð•¢; ð•¢ð•¢; q; q; ) MATHEMATICAL DOUBLE-STRUCK SMALL Q +1D563;1D563;1D563;0072;0072; # (ð•£ð•£; ð•£ð•£; ð•£ð•£; r; r; ) MATHEMATICAL DOUBLE-STRUCK SMALL R +1D564;1D564;1D564;0073;0073; # (ð•¤ð•¤; ð•¤ð•¤; ð•¤ð•¤; s; s; ) MATHEMATICAL DOUBLE-STRUCK SMALL S +1D565;1D565;1D565;0074;0074; # (ð•¥ð•¥; ð•¥ð•¥; ð•¥ð•¥; t; t; ) MATHEMATICAL DOUBLE-STRUCK SMALL T +1D566;1D566;1D566;0075;0075; # (ð•¦ð•¦; ð•¦ð•¦; ð•¦ð•¦; u; u; ) MATHEMATICAL DOUBLE-STRUCK SMALL U +1D567;1D567;1D567;0076;0076; # (ð•§ð•§; ð•§ð•§; ð•§ð•§; v; v; ) MATHEMATICAL DOUBLE-STRUCK SMALL V +1D568;1D568;1D568;0077;0077; # (ð•¨ð•¨; ð•¨ð•¨; ð•¨ð•¨; w; w; ) MATHEMATICAL DOUBLE-STRUCK SMALL W +1D569;1D569;1D569;0078;0078; # (ð•©ð•©; ð•©ð•©; ð•©ð•©; x; x; ) MATHEMATICAL DOUBLE-STRUCK SMALL X +1D56A;1D56A;1D56A;0079;0079; # (ð•ªð•ª; ð•ªð•ª; ð•ªð•ª; y; y; ) MATHEMATICAL DOUBLE-STRUCK SMALL Y +1D56B;1D56B;1D56B;007A;007A; # (ð•«ð•«; ð•«ð•«; ð•«ð•«; z; z; ) MATHEMATICAL DOUBLE-STRUCK SMALL Z +1D56C;1D56C;1D56C;0041;0041; # (ð•¬ð•¬; ð•¬ð•¬; ð•¬ð•¬; A; A; ) MATHEMATICAL BOLD FRAKTUR CAPITAL A +1D56D;1D56D;1D56D;0042;0042; # (ð•­ð•­; ð•­ð•­; ð•­ð•­; B; B; ) MATHEMATICAL BOLD FRAKTUR CAPITAL B +1D56E;1D56E;1D56E;0043;0043; # (ð•®ð•®; ð•®ð•®; ð•®ð•®; C; C; ) MATHEMATICAL BOLD FRAKTUR CAPITAL C +1D56F;1D56F;1D56F;0044;0044; # (ð•¯ð•¯; ð•¯ð•¯; ð•¯ð•¯; D; D; ) MATHEMATICAL BOLD FRAKTUR CAPITAL D +1D570;1D570;1D570;0045;0045; # (ð•°ð•°; ð•°ð•°; ð•°ð•°; E; E; ) MATHEMATICAL BOLD FRAKTUR CAPITAL E +1D571;1D571;1D571;0046;0046; # (ð•±ð•±; ð•±ð•±; ð•±ð•±; F; F; ) MATHEMATICAL BOLD FRAKTUR CAPITAL F +1D572;1D572;1D572;0047;0047; # (ð•²ð•²; ð•²ð•²; ð•²ð•²; G; G; ) MATHEMATICAL BOLD FRAKTUR CAPITAL G +1D573;1D573;1D573;0048;0048; # (ð•³ð•³; ð•³ð•³; ð•³ð•³; H; H; ) MATHEMATICAL BOLD FRAKTUR CAPITAL H +1D574;1D574;1D574;0049;0049; # (ð•´ð•´; ð•´ð•´; ð•´ð•´; I; I; ) MATHEMATICAL BOLD FRAKTUR CAPITAL I +1D575;1D575;1D575;004A;004A; # (ð•µð•µ; ð•µð•µ; ð•µð•µ; J; J; ) MATHEMATICAL BOLD FRAKTUR CAPITAL J +1D576;1D576;1D576;004B;004B; # (ð•¶ð•¶; ð•¶ð•¶; ð•¶ð•¶; K; K; ) MATHEMATICAL BOLD FRAKTUR CAPITAL K +1D577;1D577;1D577;004C;004C; # (ð•·ð•·; ð•·ð•·; ð•·ð•·; L; L; ) MATHEMATICAL BOLD FRAKTUR CAPITAL L +1D578;1D578;1D578;004D;004D; # (ð•¸ð•¸; ð•¸ð•¸; ð•¸ð•¸; M; M; ) MATHEMATICAL BOLD FRAKTUR CAPITAL M +1D579;1D579;1D579;004E;004E; # (ð•¹ð•¹; ð•¹ð•¹; ð•¹ð•¹; N; N; ) MATHEMATICAL BOLD FRAKTUR CAPITAL N +1D57A;1D57A;1D57A;004F;004F; # (ð•ºð•º; ð•ºð•º; ð•ºð•º; O; O; ) MATHEMATICAL BOLD FRAKTUR CAPITAL O +1D57B;1D57B;1D57B;0050;0050; # (ð•»ð•»; ð•»ð•»; ð•»ð•»; P; P; ) MATHEMATICAL BOLD FRAKTUR CAPITAL P +1D57C;1D57C;1D57C;0051;0051; # (ð•¼ð•¼; ð•¼ð•¼; ð•¼ð•¼; Q; Q; ) MATHEMATICAL BOLD FRAKTUR CAPITAL Q +1D57D;1D57D;1D57D;0052;0052; # (ð•½ð•½; ð•½ð•½; ð•½ð•½; R; R; ) MATHEMATICAL BOLD FRAKTUR CAPITAL R +1D57E;1D57E;1D57E;0053;0053; # (ð•¾ð•¾; ð•¾ð•¾; ð•¾ð•¾; S; S; ) MATHEMATICAL BOLD FRAKTUR CAPITAL S +1D57F;1D57F;1D57F;0054;0054; # (ð•¿ð•¿; ð•¿ð•¿; ð•¿ð•¿; T; T; ) MATHEMATICAL BOLD FRAKTUR CAPITAL T +1D580;1D580;1D580;0055;0055; # (ð–€ð–€; ð–€ð–€; ð–€ð–€; U; U; ) MATHEMATICAL BOLD FRAKTUR CAPITAL U +1D581;1D581;1D581;0056;0056; # (ð–ð–; ð–ð–; ð–ð–; V; V; ) MATHEMATICAL BOLD FRAKTUR CAPITAL V +1D582;1D582;1D582;0057;0057; # (ð–‚ð–‚; ð–‚ð–‚; ð–‚ð–‚; W; W; ) MATHEMATICAL BOLD FRAKTUR CAPITAL W +1D583;1D583;1D583;0058;0058; # (ð–ƒð–ƒ; ð–ƒð–ƒ; ð–ƒð–ƒ; X; X; ) MATHEMATICAL BOLD FRAKTUR CAPITAL X +1D584;1D584;1D584;0059;0059; # (ð–„ð–„; ð–„ð–„; ð–„ð–„; Y; Y; ) MATHEMATICAL BOLD FRAKTUR CAPITAL Y +1D585;1D585;1D585;005A;005A; # (ð–…ð–…; ð–…ð–…; ð–…ð–…; Z; Z; ) MATHEMATICAL BOLD FRAKTUR CAPITAL Z +1D586;1D586;1D586;0061;0061; # (ð–†ð–†; ð–†ð–†; ð–†ð–†; a; a; ) MATHEMATICAL BOLD FRAKTUR SMALL A +1D587;1D587;1D587;0062;0062; # (ð–‡ð–‡; ð–‡ð–‡; ð–‡ð–‡; b; b; ) MATHEMATICAL BOLD FRAKTUR SMALL B +1D588;1D588;1D588;0063;0063; # (ð–ˆð–ˆ; ð–ˆð–ˆ; ð–ˆð–ˆ; c; c; ) MATHEMATICAL BOLD FRAKTUR SMALL C +1D589;1D589;1D589;0064;0064; # (ð–‰ð–‰; ð–‰ð–‰; ð–‰ð–‰; d; d; ) MATHEMATICAL BOLD FRAKTUR SMALL D +1D58A;1D58A;1D58A;0065;0065; # (ð–Šð–Š; ð–Šð–Š; ð–Šð–Š; e; e; ) MATHEMATICAL BOLD FRAKTUR SMALL E +1D58B;1D58B;1D58B;0066;0066; # (ð–‹ð–‹; ð–‹ð–‹; ð–‹ð–‹; f; f; ) MATHEMATICAL BOLD FRAKTUR SMALL F +1D58C;1D58C;1D58C;0067;0067; # (ð–Œð–Œ; ð–Œð–Œ; ð–Œð–Œ; g; g; ) MATHEMATICAL BOLD FRAKTUR SMALL G +1D58D;1D58D;1D58D;0068;0068; # (ð–ð–; ð–ð–; ð–ð–; h; h; ) MATHEMATICAL BOLD FRAKTUR SMALL H +1D58E;1D58E;1D58E;0069;0069; # (ð–Žð–Ž; ð–Žð–Ž; ð–Žð–Ž; i; i; ) MATHEMATICAL BOLD FRAKTUR SMALL I +1D58F;1D58F;1D58F;006A;006A; # (ð–ð–; ð–ð–; ð–ð–; j; j; ) MATHEMATICAL BOLD FRAKTUR SMALL J +1D590;1D590;1D590;006B;006B; # (ð–ð–; ð–ð–; ð–ð–; k; k; ) MATHEMATICAL BOLD FRAKTUR SMALL K +1D591;1D591;1D591;006C;006C; # (ð–‘ð–‘; ð–‘ð–‘; ð–‘ð–‘; l; l; ) MATHEMATICAL BOLD FRAKTUR SMALL L +1D592;1D592;1D592;006D;006D; # (ð–’ð–’; ð–’ð–’; ð–’ð–’; m; m; ) MATHEMATICAL BOLD FRAKTUR SMALL M +1D593;1D593;1D593;006E;006E; # (ð–“ð–“; ð–“ð–“; ð–“ð–“; n; n; ) MATHEMATICAL BOLD FRAKTUR SMALL N +1D594;1D594;1D594;006F;006F; # (ð–”ð–”; ð–”ð–”; ð–”ð–”; o; o; ) MATHEMATICAL BOLD FRAKTUR SMALL O +1D595;1D595;1D595;0070;0070; # (ð–•ð–•; ð–•ð–•; ð–•ð–•; p; p; ) MATHEMATICAL BOLD FRAKTUR SMALL P +1D596;1D596;1D596;0071;0071; # (ð––ð––; ð––ð––; ð––ð––; q; q; ) MATHEMATICAL BOLD FRAKTUR SMALL Q +1D597;1D597;1D597;0072;0072; # (ð–—ð–—; ð–—ð–—; ð–—ð–—; r; r; ) MATHEMATICAL BOLD FRAKTUR SMALL R +1D598;1D598;1D598;0073;0073; # (ð–˜ð–˜; ð–˜ð–˜; ð–˜ð–˜; s; s; ) MATHEMATICAL BOLD FRAKTUR SMALL S +1D599;1D599;1D599;0074;0074; # (ð–™ð–™; ð–™ð–™; ð–™ð–™; t; t; ) MATHEMATICAL BOLD FRAKTUR SMALL T +1D59A;1D59A;1D59A;0075;0075; # (ð–šð–š; ð–šð–š; ð–šð–š; u; u; ) MATHEMATICAL BOLD FRAKTUR SMALL U +1D59B;1D59B;1D59B;0076;0076; # (ð–›ð–›; ð–›ð–›; ð–›ð–›; v; v; ) MATHEMATICAL BOLD FRAKTUR SMALL V +1D59C;1D59C;1D59C;0077;0077; # (ð–œð–œ; ð–œð–œ; ð–œð–œ; w; w; ) MATHEMATICAL BOLD FRAKTUR SMALL W +1D59D;1D59D;1D59D;0078;0078; # (ð–ð–; ð–ð–; ð–ð–; x; x; ) MATHEMATICAL BOLD FRAKTUR SMALL X +1D59E;1D59E;1D59E;0079;0079; # (ð–žð–ž; ð–žð–ž; ð–žð–ž; y; y; ) MATHEMATICAL BOLD FRAKTUR SMALL Y +1D59F;1D59F;1D59F;007A;007A; # (ð–Ÿð–Ÿ; ð–Ÿð–Ÿ; ð–Ÿð–Ÿ; z; z; ) MATHEMATICAL BOLD FRAKTUR SMALL Z +1D5A0;1D5A0;1D5A0;0041;0041; # (ð– ð– ; ð– ð– ; ð– ð– ; A; A; ) MATHEMATICAL SANS-SERIF CAPITAL A +1D5A1;1D5A1;1D5A1;0042;0042; # (ð–¡ð–¡; ð–¡ð–¡; ð–¡ð–¡; B; B; ) MATHEMATICAL SANS-SERIF CAPITAL B +1D5A2;1D5A2;1D5A2;0043;0043; # (ð–¢ð–¢; ð–¢ð–¢; ð–¢ð–¢; C; C; ) MATHEMATICAL SANS-SERIF CAPITAL C +1D5A3;1D5A3;1D5A3;0044;0044; # (ð–£ð–£; ð–£ð–£; ð–£ð–£; D; D; ) MATHEMATICAL SANS-SERIF CAPITAL D +1D5A4;1D5A4;1D5A4;0045;0045; # (ð–¤ð–¤; ð–¤ð–¤; ð–¤ð–¤; E; E; ) MATHEMATICAL SANS-SERIF CAPITAL E +1D5A5;1D5A5;1D5A5;0046;0046; # (ð–¥ð–¥; ð–¥ð–¥; ð–¥ð–¥; F; F; ) MATHEMATICAL SANS-SERIF CAPITAL F +1D5A6;1D5A6;1D5A6;0047;0047; # (ð–¦ð–¦; ð–¦ð–¦; ð–¦ð–¦; G; G; ) MATHEMATICAL SANS-SERIF CAPITAL G +1D5A7;1D5A7;1D5A7;0048;0048; # (ð–§ð–§; ð–§ð–§; ð–§ð–§; H; H; ) MATHEMATICAL SANS-SERIF CAPITAL H +1D5A8;1D5A8;1D5A8;0049;0049; # (ð–¨ð–¨; ð–¨ð–¨; ð–¨ð–¨; I; I; ) MATHEMATICAL SANS-SERIF CAPITAL I +1D5A9;1D5A9;1D5A9;004A;004A; # (ð–©ð–©; ð–©ð–©; ð–©ð–©; J; J; ) MATHEMATICAL SANS-SERIF CAPITAL J +1D5AA;1D5AA;1D5AA;004B;004B; # (ð–ªð–ª; ð–ªð–ª; ð–ªð–ª; K; K; ) MATHEMATICAL SANS-SERIF CAPITAL K +1D5AB;1D5AB;1D5AB;004C;004C; # (ð–«ð–«; ð–«ð–«; ð–«ð–«; L; L; ) MATHEMATICAL SANS-SERIF CAPITAL L +1D5AC;1D5AC;1D5AC;004D;004D; # (ð–¬ð–¬; ð–¬ð–¬; ð–¬ð–¬; M; M; ) MATHEMATICAL SANS-SERIF CAPITAL M +1D5AD;1D5AD;1D5AD;004E;004E; # (ð–­ð–­; ð–­ð–­; ð–­ð–­; N; N; ) MATHEMATICAL SANS-SERIF CAPITAL N +1D5AE;1D5AE;1D5AE;004F;004F; # (ð–®ð–®; ð–®ð–®; ð–®ð–®; O; O; ) MATHEMATICAL SANS-SERIF CAPITAL O +1D5AF;1D5AF;1D5AF;0050;0050; # (ð–¯ð–¯; ð–¯ð–¯; ð–¯ð–¯; P; P; ) MATHEMATICAL SANS-SERIF CAPITAL P +1D5B0;1D5B0;1D5B0;0051;0051; # (ð–°ð–°; ð–°ð–°; ð–°ð–°; Q; Q; ) MATHEMATICAL SANS-SERIF CAPITAL Q +1D5B1;1D5B1;1D5B1;0052;0052; # (ð–±ð–±; ð–±ð–±; ð–±ð–±; R; R; ) MATHEMATICAL SANS-SERIF CAPITAL R +1D5B2;1D5B2;1D5B2;0053;0053; # (ð–²ð–²; ð–²ð–²; ð–²ð–²; S; S; ) MATHEMATICAL SANS-SERIF CAPITAL S +1D5B3;1D5B3;1D5B3;0054;0054; # (ð–³ð–³; ð–³ð–³; ð–³ð–³; T; T; ) MATHEMATICAL SANS-SERIF CAPITAL T +1D5B4;1D5B4;1D5B4;0055;0055; # (ð–´ð–´; ð–´ð–´; ð–´ð–´; U; U; ) MATHEMATICAL SANS-SERIF CAPITAL U +1D5B5;1D5B5;1D5B5;0056;0056; # (ð–µð–µ; ð–µð–µ; ð–µð–µ; V; V; ) MATHEMATICAL SANS-SERIF CAPITAL V +1D5B6;1D5B6;1D5B6;0057;0057; # (ð–¶ð–¶; ð–¶ð–¶; ð–¶ð–¶; W; W; ) MATHEMATICAL SANS-SERIF CAPITAL W +1D5B7;1D5B7;1D5B7;0058;0058; # (ð–·ð–·; ð–·ð–·; ð–·ð–·; X; X; ) MATHEMATICAL SANS-SERIF CAPITAL X +1D5B8;1D5B8;1D5B8;0059;0059; # (ð–¸ð–¸; ð–¸ð–¸; ð–¸ð–¸; Y; Y; ) MATHEMATICAL SANS-SERIF CAPITAL Y +1D5B9;1D5B9;1D5B9;005A;005A; # (ð–¹ð–¹; ð–¹ð–¹; ð–¹ð–¹; Z; Z; ) MATHEMATICAL SANS-SERIF CAPITAL Z +1D5BA;1D5BA;1D5BA;0061;0061; # (ð–ºð–º; ð–ºð–º; ð–ºð–º; a; a; ) MATHEMATICAL SANS-SERIF SMALL A +1D5BB;1D5BB;1D5BB;0062;0062; # (ð–»ð–»; ð–»ð–»; ð–»ð–»; b; b; ) MATHEMATICAL SANS-SERIF SMALL B +1D5BC;1D5BC;1D5BC;0063;0063; # (ð–¼ð–¼; ð–¼ð–¼; ð–¼ð–¼; c; c; ) MATHEMATICAL SANS-SERIF SMALL C +1D5BD;1D5BD;1D5BD;0064;0064; # (ð–½ð–½; ð–½ð–½; ð–½ð–½; d; d; ) MATHEMATICAL SANS-SERIF SMALL D +1D5BE;1D5BE;1D5BE;0065;0065; # (ð–¾ð–¾; ð–¾ð–¾; ð–¾ð–¾; e; e; ) MATHEMATICAL SANS-SERIF SMALL E +1D5BF;1D5BF;1D5BF;0066;0066; # (ð–¿ð–¿; ð–¿ð–¿; ð–¿ð–¿; f; f; ) MATHEMATICAL SANS-SERIF SMALL F +1D5C0;1D5C0;1D5C0;0067;0067; # (ð—€ð—€; ð—€ð—€; ð—€ð—€; g; g; ) MATHEMATICAL SANS-SERIF SMALL G +1D5C1;1D5C1;1D5C1;0068;0068; # (ð—ð—; ð—ð—; ð—ð—; h; h; ) MATHEMATICAL SANS-SERIF SMALL H +1D5C2;1D5C2;1D5C2;0069;0069; # (ð—‚ð—‚; ð—‚ð—‚; ð—‚ð—‚; i; i; ) MATHEMATICAL SANS-SERIF SMALL I +1D5C3;1D5C3;1D5C3;006A;006A; # (ð—ƒð—ƒ; ð—ƒð—ƒ; ð—ƒð—ƒ; j; j; ) MATHEMATICAL SANS-SERIF SMALL J +1D5C4;1D5C4;1D5C4;006B;006B; # (ð—„ð—„; ð—„ð—„; ð—„ð—„; k; k; ) MATHEMATICAL SANS-SERIF SMALL K +1D5C5;1D5C5;1D5C5;006C;006C; # (ð—…ð—…; ð—…ð—…; ð—…ð—…; l; l; ) MATHEMATICAL SANS-SERIF SMALL L +1D5C6;1D5C6;1D5C6;006D;006D; # (ð—†ð—†; ð—†ð—†; ð—†ð—†; m; m; ) MATHEMATICAL SANS-SERIF SMALL M +1D5C7;1D5C7;1D5C7;006E;006E; # (ð—‡ð—‡; ð—‡ð—‡; ð—‡ð—‡; n; n; ) MATHEMATICAL SANS-SERIF SMALL N +1D5C8;1D5C8;1D5C8;006F;006F; # (ð—ˆð—ˆ; ð—ˆð—ˆ; ð—ˆð—ˆ; o; o; ) MATHEMATICAL SANS-SERIF SMALL O +1D5C9;1D5C9;1D5C9;0070;0070; # (ð—‰ð—‰; ð—‰ð—‰; ð—‰ð—‰; p; p; ) MATHEMATICAL SANS-SERIF SMALL P +1D5CA;1D5CA;1D5CA;0071;0071; # (ð—Šð—Š; ð—Šð—Š; ð—Šð—Š; q; q; ) MATHEMATICAL SANS-SERIF SMALL Q +1D5CB;1D5CB;1D5CB;0072;0072; # (ð—‹ð—‹; ð—‹ð—‹; ð—‹ð—‹; r; r; ) MATHEMATICAL SANS-SERIF SMALL R +1D5CC;1D5CC;1D5CC;0073;0073; # (ð—Œð—Œ; ð—Œð—Œ; ð—Œð—Œ; s; s; ) MATHEMATICAL SANS-SERIF SMALL S +1D5CD;1D5CD;1D5CD;0074;0074; # (ð—ð—; ð—ð—; ð—ð—; t; t; ) MATHEMATICAL SANS-SERIF SMALL T +1D5CE;1D5CE;1D5CE;0075;0075; # (ð—Žð—Ž; ð—Žð—Ž; ð—Žð—Ž; u; u; ) MATHEMATICAL SANS-SERIF SMALL U +1D5CF;1D5CF;1D5CF;0076;0076; # (ð—ð—; ð—ð—; ð—ð—; v; v; ) MATHEMATICAL SANS-SERIF SMALL V +1D5D0;1D5D0;1D5D0;0077;0077; # (ð—ð—; ð—ð—; ð—ð—; w; w; ) MATHEMATICAL SANS-SERIF SMALL W +1D5D1;1D5D1;1D5D1;0078;0078; # (ð—‘ð—‘; ð—‘ð—‘; ð—‘ð—‘; x; x; ) MATHEMATICAL SANS-SERIF SMALL X +1D5D2;1D5D2;1D5D2;0079;0079; # (ð—’ð—’; ð—’ð—’; ð—’ð—’; y; y; ) MATHEMATICAL SANS-SERIF SMALL Y +1D5D3;1D5D3;1D5D3;007A;007A; # (ð—“ð—“; ð—“ð—“; ð—“ð—“; z; z; ) MATHEMATICAL SANS-SERIF SMALL Z +1D5D4;1D5D4;1D5D4;0041;0041; # (ð—”ð—”; ð—”ð—”; ð—”ð—”; A; A; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL A +1D5D5;1D5D5;1D5D5;0042;0042; # (ð—•ð—•; ð—•ð—•; ð—•ð—•; B; B; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL B +1D5D6;1D5D6;1D5D6;0043;0043; # (ð—–ð—–; ð—–ð—–; ð—–ð—–; C; C; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL C +1D5D7;1D5D7;1D5D7;0044;0044; # (ð——ð——; ð——ð——; ð——ð——; D; D; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL D +1D5D8;1D5D8;1D5D8;0045;0045; # (ð—˜ð—˜; ð—˜ð—˜; ð—˜ð—˜; E; E; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL E +1D5D9;1D5D9;1D5D9;0046;0046; # (ð—™ð—™; ð—™ð—™; ð—™ð—™; F; F; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL F +1D5DA;1D5DA;1D5DA;0047;0047; # (ð—šð—š; ð—šð—š; ð—šð—š; G; G; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL G +1D5DB;1D5DB;1D5DB;0048;0048; # (ð—›ð—›; ð—›ð—›; ð—›ð—›; H; H; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL H +1D5DC;1D5DC;1D5DC;0049;0049; # (ð—œð—œ; ð—œð—œ; ð—œð—œ; I; I; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL I +1D5DD;1D5DD;1D5DD;004A;004A; # (ð—ð—; ð—ð—; ð—ð—; J; J; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL J +1D5DE;1D5DE;1D5DE;004B;004B; # (ð—žð—ž; ð—žð—ž; ð—žð—ž; K; K; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL K +1D5DF;1D5DF;1D5DF;004C;004C; # (ð—Ÿð—Ÿ; ð—Ÿð—Ÿ; ð—Ÿð—Ÿ; L; L; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL L +1D5E0;1D5E0;1D5E0;004D;004D; # (ð— ð— ; ð— ð— ; ð— ð— ; M; M; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL M +1D5E1;1D5E1;1D5E1;004E;004E; # (ð—¡ð—¡; ð—¡ð—¡; ð—¡ð—¡; N; N; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL N +1D5E2;1D5E2;1D5E2;004F;004F; # (ð—¢ð—¢; ð—¢ð—¢; ð—¢ð—¢; O; O; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL O +1D5E3;1D5E3;1D5E3;0050;0050; # (ð—£ð—£; ð—£ð—£; ð—£ð—£; P; P; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL P +1D5E4;1D5E4;1D5E4;0051;0051; # (ð—¤ð—¤; ð—¤ð—¤; ð—¤ð—¤; Q; Q; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL Q +1D5E5;1D5E5;1D5E5;0052;0052; # (ð—¥ð—¥; ð—¥ð—¥; ð—¥ð—¥; R; R; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL R +1D5E6;1D5E6;1D5E6;0053;0053; # (ð—¦ð—¦; ð—¦ð—¦; ð—¦ð—¦; S; S; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL S +1D5E7;1D5E7;1D5E7;0054;0054; # (ð—§ð—§; ð—§ð—§; ð—§ð—§; T; T; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL T +1D5E8;1D5E8;1D5E8;0055;0055; # (ð—¨ð—¨; ð—¨ð—¨; ð—¨ð—¨; U; U; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL U +1D5E9;1D5E9;1D5E9;0056;0056; # (ð—©ð—©; ð—©ð—©; ð—©ð—©; V; V; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL V +1D5EA;1D5EA;1D5EA;0057;0057; # (ð—ªð—ª; ð—ªð—ª; ð—ªð—ª; W; W; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL W +1D5EB;1D5EB;1D5EB;0058;0058; # (ð—«ð—«; ð—«ð—«; ð—«ð—«; X; X; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL X +1D5EC;1D5EC;1D5EC;0059;0059; # (ð—¬ð—¬; ð—¬ð—¬; ð—¬ð—¬; Y; Y; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL Y +1D5ED;1D5ED;1D5ED;005A;005A; # (ð—­ð—­; ð—­ð—­; ð—­ð—­; Z; Z; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL Z +1D5EE;1D5EE;1D5EE;0061;0061; # (ð—®ð—®; ð—®ð—®; ð—®ð—®; a; a; ) MATHEMATICAL SANS-SERIF BOLD SMALL A +1D5EF;1D5EF;1D5EF;0062;0062; # (ð—¯ð—¯; ð—¯ð—¯; ð—¯ð—¯; b; b; ) MATHEMATICAL SANS-SERIF BOLD SMALL B +1D5F0;1D5F0;1D5F0;0063;0063; # (ð—°ð—°; ð—°ð—°; ð—°ð—°; c; c; ) MATHEMATICAL SANS-SERIF BOLD SMALL C +1D5F1;1D5F1;1D5F1;0064;0064; # (ð—±ð—±; ð—±ð—±; ð—±ð—±; d; d; ) MATHEMATICAL SANS-SERIF BOLD SMALL D +1D5F2;1D5F2;1D5F2;0065;0065; # (ð—²ð—²; ð—²ð—²; ð—²ð—²; e; e; ) MATHEMATICAL SANS-SERIF BOLD SMALL E +1D5F3;1D5F3;1D5F3;0066;0066; # (ð—³ð—³; ð—³ð—³; ð—³ð—³; f; f; ) MATHEMATICAL SANS-SERIF BOLD SMALL F +1D5F4;1D5F4;1D5F4;0067;0067; # (ð—´ð—´; ð—´ð—´; ð—´ð—´; g; g; ) MATHEMATICAL SANS-SERIF BOLD SMALL G +1D5F5;1D5F5;1D5F5;0068;0068; # (ð—µð—µ; ð—µð—µ; ð—µð—µ; h; h; ) MATHEMATICAL SANS-SERIF BOLD SMALL H +1D5F6;1D5F6;1D5F6;0069;0069; # (ð—¶ð—¶; ð—¶ð—¶; ð—¶ð—¶; i; i; ) MATHEMATICAL SANS-SERIF BOLD SMALL I +1D5F7;1D5F7;1D5F7;006A;006A; # (ð—·ð—·; ð—·ð—·; ð—·ð—·; j; j; ) MATHEMATICAL SANS-SERIF BOLD SMALL J +1D5F8;1D5F8;1D5F8;006B;006B; # (ð—¸ð—¸; ð—¸ð—¸; ð—¸ð—¸; k; k; ) MATHEMATICAL SANS-SERIF BOLD SMALL K +1D5F9;1D5F9;1D5F9;006C;006C; # (ð—¹ð—¹; ð—¹ð—¹; ð—¹ð—¹; l; l; ) MATHEMATICAL SANS-SERIF BOLD SMALL L +1D5FA;1D5FA;1D5FA;006D;006D; # (ð—ºð—º; ð—ºð—º; ð—ºð—º; m; m; ) MATHEMATICAL SANS-SERIF BOLD SMALL M +1D5FB;1D5FB;1D5FB;006E;006E; # (ð—»ð—»; ð—»ð—»; ð—»ð—»; n; n; ) MATHEMATICAL SANS-SERIF BOLD SMALL N +1D5FC;1D5FC;1D5FC;006F;006F; # (ð—¼ð—¼; ð—¼ð—¼; ð—¼ð—¼; o; o; ) MATHEMATICAL SANS-SERIF BOLD SMALL O +1D5FD;1D5FD;1D5FD;0070;0070; # (ð—½ð—½; ð—½ð—½; ð—½ð—½; p; p; ) MATHEMATICAL SANS-SERIF BOLD SMALL P +1D5FE;1D5FE;1D5FE;0071;0071; # (ð—¾ð—¾; ð—¾ð—¾; ð—¾ð—¾; q; q; ) MATHEMATICAL SANS-SERIF BOLD SMALL Q +1D5FF;1D5FF;1D5FF;0072;0072; # (ð—¿ð—¿; ð—¿ð—¿; ð—¿ð—¿; r; r; ) MATHEMATICAL SANS-SERIF BOLD SMALL R +1D600;1D600;1D600;0073;0073; # (ð˜€ð˜€; ð˜€ð˜€; ð˜€ð˜€; s; s; ) MATHEMATICAL SANS-SERIF BOLD SMALL S +1D601;1D601;1D601;0074;0074; # (ð˜ð˜; ð˜ð˜; ð˜ð˜; t; t; ) MATHEMATICAL SANS-SERIF BOLD SMALL T +1D602;1D602;1D602;0075;0075; # (ð˜‚ð˜‚; ð˜‚ð˜‚; ð˜‚ð˜‚; u; u; ) MATHEMATICAL SANS-SERIF BOLD SMALL U +1D603;1D603;1D603;0076;0076; # (ð˜ƒð˜ƒ; ð˜ƒð˜ƒ; ð˜ƒð˜ƒ; v; v; ) MATHEMATICAL SANS-SERIF BOLD SMALL V +1D604;1D604;1D604;0077;0077; # (ð˜„ð˜„; ð˜„ð˜„; ð˜„ð˜„; w; w; ) MATHEMATICAL SANS-SERIF BOLD SMALL W +1D605;1D605;1D605;0078;0078; # (ð˜…ð˜…; ð˜…ð˜…; ð˜…ð˜…; x; x; ) MATHEMATICAL SANS-SERIF BOLD SMALL X +1D606;1D606;1D606;0079;0079; # (ð˜†ð˜†; ð˜†ð˜†; ð˜†ð˜†; y; y; ) MATHEMATICAL SANS-SERIF BOLD SMALL Y +1D607;1D607;1D607;007A;007A; # (ð˜‡ð˜‡; ð˜‡ð˜‡; ð˜‡ð˜‡; z; z; ) MATHEMATICAL SANS-SERIF BOLD SMALL Z +1D608;1D608;1D608;0041;0041; # (ð˜ˆð˜ˆ; ð˜ˆð˜ˆ; ð˜ˆð˜ˆ; A; A; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL A +1D609;1D609;1D609;0042;0042; # (ð˜‰ð˜‰; ð˜‰ð˜‰; ð˜‰ð˜‰; B; B; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL B +1D60A;1D60A;1D60A;0043;0043; # (ð˜Šð˜Š; ð˜Šð˜Š; ð˜Šð˜Š; C; C; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL C +1D60B;1D60B;1D60B;0044;0044; # (ð˜‹ð˜‹; ð˜‹ð˜‹; ð˜‹ð˜‹; D; D; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL D +1D60C;1D60C;1D60C;0045;0045; # (ð˜Œð˜Œ; ð˜Œð˜Œ; ð˜Œð˜Œ; E; E; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL E +1D60D;1D60D;1D60D;0046;0046; # (ð˜ð˜; ð˜ð˜; ð˜ð˜; F; F; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL F +1D60E;1D60E;1D60E;0047;0047; # (ð˜Žð˜Ž; ð˜Žð˜Ž; ð˜Žð˜Ž; G; G; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL G +1D60F;1D60F;1D60F;0048;0048; # (ð˜ð˜; ð˜ð˜; ð˜ð˜; H; H; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL H +1D610;1D610;1D610;0049;0049; # (ð˜ð˜; ð˜ð˜; ð˜ð˜; I; I; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL I +1D611;1D611;1D611;004A;004A; # (ð˜‘ð˜‘; ð˜‘ð˜‘; ð˜‘ð˜‘; J; J; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL J +1D612;1D612;1D612;004B;004B; # (ð˜’ð˜’; ð˜’ð˜’; ð˜’ð˜’; K; K; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL K +1D613;1D613;1D613;004C;004C; # (ð˜“ð˜“; ð˜“ð˜“; ð˜“ð˜“; L; L; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL L +1D614;1D614;1D614;004D;004D; # (ð˜”ð˜”; ð˜”ð˜”; ð˜”ð˜”; M; M; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL M +1D615;1D615;1D615;004E;004E; # (ð˜•ð˜•; ð˜•ð˜•; ð˜•ð˜•; N; N; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL N +1D616;1D616;1D616;004F;004F; # (ð˜–ð˜–; ð˜–ð˜–; ð˜–ð˜–; O; O; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL O +1D617;1D617;1D617;0050;0050; # (ð˜—ð˜—; ð˜—ð˜—; ð˜—ð˜—; P; P; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL P +1D618;1D618;1D618;0051;0051; # (ð˜˜ð˜˜; ð˜˜ð˜˜; ð˜˜ð˜˜; Q; Q; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL Q +1D619;1D619;1D619;0052;0052; # (ð˜™ð˜™; ð˜™ð˜™; ð˜™ð˜™; R; R; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL R +1D61A;1D61A;1D61A;0053;0053; # (ð˜šð˜š; ð˜šð˜š; ð˜šð˜š; S; S; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL S +1D61B;1D61B;1D61B;0054;0054; # (ð˜›ð˜›; ð˜›ð˜›; ð˜›ð˜›; T; T; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL T +1D61C;1D61C;1D61C;0055;0055; # (ð˜œð˜œ; ð˜œð˜œ; ð˜œð˜œ; U; U; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL U +1D61D;1D61D;1D61D;0056;0056; # (ð˜ð˜; ð˜ð˜; ð˜ð˜; V; V; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL V +1D61E;1D61E;1D61E;0057;0057; # (ð˜žð˜ž; ð˜žð˜ž; ð˜žð˜ž; W; W; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL W +1D61F;1D61F;1D61F;0058;0058; # (ð˜Ÿð˜Ÿ; ð˜Ÿð˜Ÿ; ð˜Ÿð˜Ÿ; X; X; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL X +1D620;1D620;1D620;0059;0059; # (ð˜ ð˜ ; ð˜ ð˜ ; ð˜ ð˜ ; Y; Y; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL Y +1D621;1D621;1D621;005A;005A; # (ð˜¡ð˜¡; ð˜¡ð˜¡; ð˜¡ð˜¡; Z; Z; ) MATHEMATICAL SANS-SERIF ITALIC CAPITAL Z +1D622;1D622;1D622;0061;0061; # (ð˜¢ð˜¢; ð˜¢ð˜¢; ð˜¢ð˜¢; a; a; ) MATHEMATICAL SANS-SERIF ITALIC SMALL A +1D623;1D623;1D623;0062;0062; # (ð˜£ð˜£; ð˜£ð˜£; ð˜£ð˜£; b; b; ) MATHEMATICAL SANS-SERIF ITALIC SMALL B +1D624;1D624;1D624;0063;0063; # (ð˜¤ð˜¤; ð˜¤ð˜¤; ð˜¤ð˜¤; c; c; ) MATHEMATICAL SANS-SERIF ITALIC SMALL C +1D625;1D625;1D625;0064;0064; # (ð˜¥ð˜¥; ð˜¥ð˜¥; ð˜¥ð˜¥; d; d; ) MATHEMATICAL SANS-SERIF ITALIC SMALL D +1D626;1D626;1D626;0065;0065; # (ð˜¦ð˜¦; ð˜¦ð˜¦; ð˜¦ð˜¦; e; e; ) MATHEMATICAL SANS-SERIF ITALIC SMALL E +1D627;1D627;1D627;0066;0066; # (ð˜§ð˜§; ð˜§ð˜§; ð˜§ð˜§; f; f; ) MATHEMATICAL SANS-SERIF ITALIC SMALL F +1D628;1D628;1D628;0067;0067; # (ð˜¨ð˜¨; ð˜¨ð˜¨; ð˜¨ð˜¨; g; g; ) MATHEMATICAL SANS-SERIF ITALIC SMALL G +1D629;1D629;1D629;0068;0068; # (ð˜©ð˜©; ð˜©ð˜©; ð˜©ð˜©; h; h; ) MATHEMATICAL SANS-SERIF ITALIC SMALL H +1D62A;1D62A;1D62A;0069;0069; # (ð˜ªð˜ª; ð˜ªð˜ª; ð˜ªð˜ª; i; i; ) MATHEMATICAL SANS-SERIF ITALIC SMALL I +1D62B;1D62B;1D62B;006A;006A; # (ð˜«ð˜«; ð˜«ð˜«; ð˜«ð˜«; j; j; ) MATHEMATICAL SANS-SERIF ITALIC SMALL J +1D62C;1D62C;1D62C;006B;006B; # (ð˜¬ð˜¬; ð˜¬ð˜¬; ð˜¬ð˜¬; k; k; ) MATHEMATICAL SANS-SERIF ITALIC SMALL K +1D62D;1D62D;1D62D;006C;006C; # (ð˜­ð˜­; ð˜­ð˜­; ð˜­ð˜­; l; l; ) MATHEMATICAL SANS-SERIF ITALIC SMALL L +1D62E;1D62E;1D62E;006D;006D; # (ð˜®ð˜®; ð˜®ð˜®; ð˜®ð˜®; m; m; ) MATHEMATICAL SANS-SERIF ITALIC SMALL M +1D62F;1D62F;1D62F;006E;006E; # (ð˜¯ð˜¯; ð˜¯ð˜¯; ð˜¯ð˜¯; n; n; ) MATHEMATICAL SANS-SERIF ITALIC SMALL N +1D630;1D630;1D630;006F;006F; # (ð˜°ð˜°; ð˜°ð˜°; ð˜°ð˜°; o; o; ) MATHEMATICAL SANS-SERIF ITALIC SMALL O +1D631;1D631;1D631;0070;0070; # (ð˜±ð˜±; ð˜±ð˜±; ð˜±ð˜±; p; p; ) MATHEMATICAL SANS-SERIF ITALIC SMALL P +1D632;1D632;1D632;0071;0071; # (ð˜²ð˜²; ð˜²ð˜²; ð˜²ð˜²; q; q; ) MATHEMATICAL SANS-SERIF ITALIC SMALL Q +1D633;1D633;1D633;0072;0072; # (ð˜³ð˜³; ð˜³ð˜³; ð˜³ð˜³; r; r; ) MATHEMATICAL SANS-SERIF ITALIC SMALL R +1D634;1D634;1D634;0073;0073; # (ð˜´ð˜´; ð˜´ð˜´; ð˜´ð˜´; s; s; ) MATHEMATICAL SANS-SERIF ITALIC SMALL S +1D635;1D635;1D635;0074;0074; # (ð˜µð˜µ; ð˜µð˜µ; ð˜µð˜µ; t; t; ) MATHEMATICAL SANS-SERIF ITALIC SMALL T +1D636;1D636;1D636;0075;0075; # (ð˜¶ð˜¶; ð˜¶ð˜¶; ð˜¶ð˜¶; u; u; ) MATHEMATICAL SANS-SERIF ITALIC SMALL U +1D637;1D637;1D637;0076;0076; # (ð˜·ð˜·; ð˜·ð˜·; ð˜·ð˜·; v; v; ) MATHEMATICAL SANS-SERIF ITALIC SMALL V +1D638;1D638;1D638;0077;0077; # (ð˜¸ð˜¸; ð˜¸ð˜¸; ð˜¸ð˜¸; w; w; ) MATHEMATICAL SANS-SERIF ITALIC SMALL W +1D639;1D639;1D639;0078;0078; # (ð˜¹ð˜¹; ð˜¹ð˜¹; ð˜¹ð˜¹; x; x; ) MATHEMATICAL SANS-SERIF ITALIC SMALL X +1D63A;1D63A;1D63A;0079;0079; # (ð˜ºð˜º; ð˜ºð˜º; ð˜ºð˜º; y; y; ) MATHEMATICAL SANS-SERIF ITALIC SMALL Y +1D63B;1D63B;1D63B;007A;007A; # (ð˜»ð˜»; ð˜»ð˜»; ð˜»ð˜»; z; z; ) MATHEMATICAL SANS-SERIF ITALIC SMALL Z +1D63C;1D63C;1D63C;0041;0041; # (ð˜¼ð˜¼; ð˜¼ð˜¼; ð˜¼ð˜¼; A; A; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL A +1D63D;1D63D;1D63D;0042;0042; # (ð˜½ð˜½; ð˜½ð˜½; ð˜½ð˜½; B; B; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL B +1D63E;1D63E;1D63E;0043;0043; # (ð˜¾ð˜¾; ð˜¾ð˜¾; ð˜¾ð˜¾; C; C; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL C +1D63F;1D63F;1D63F;0044;0044; # (ð˜¿ð˜¿; ð˜¿ð˜¿; ð˜¿ð˜¿; D; D; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL D +1D640;1D640;1D640;0045;0045; # (ð™€ð™€; ð™€ð™€; ð™€ð™€; E; E; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL E +1D641;1D641;1D641;0046;0046; # (ð™ð™; ð™ð™; ð™ð™; F; F; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL F +1D642;1D642;1D642;0047;0047; # (ð™‚ð™‚; ð™‚ð™‚; ð™‚ð™‚; G; G; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL G +1D643;1D643;1D643;0048;0048; # (ð™ƒð™ƒ; ð™ƒð™ƒ; ð™ƒð™ƒ; H; H; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL H +1D644;1D644;1D644;0049;0049; # (ð™„ð™„; ð™„ð™„; ð™„ð™„; I; I; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL I +1D645;1D645;1D645;004A;004A; # (ð™…ð™…; ð™…ð™…; ð™…ð™…; J; J; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL J +1D646;1D646;1D646;004B;004B; # (ð™†ð™†; ð™†ð™†; ð™†ð™†; K; K; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL K +1D647;1D647;1D647;004C;004C; # (ð™‡ð™‡; ð™‡ð™‡; ð™‡ð™‡; L; L; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL L +1D648;1D648;1D648;004D;004D; # (ð™ˆð™ˆ; ð™ˆð™ˆ; ð™ˆð™ˆ; M; M; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL M +1D649;1D649;1D649;004E;004E; # (ð™‰ð™‰; ð™‰ð™‰; ð™‰ð™‰; N; N; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL N +1D64A;1D64A;1D64A;004F;004F; # (ð™Šð™Š; ð™Šð™Š; ð™Šð™Š; O; O; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL O +1D64B;1D64B;1D64B;0050;0050; # (ð™‹ð™‹; ð™‹ð™‹; ð™‹ð™‹; P; P; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL P +1D64C;1D64C;1D64C;0051;0051; # (ð™Œð™Œ; ð™Œð™Œ; ð™Œð™Œ; Q; Q; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Q +1D64D;1D64D;1D64D;0052;0052; # (ð™ð™; ð™ð™; ð™ð™; R; R; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL R +1D64E;1D64E;1D64E;0053;0053; # (ð™Žð™Ž; ð™Žð™Ž; ð™Žð™Ž; S; S; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL S +1D64F;1D64F;1D64F;0054;0054; # (ð™ð™; ð™ð™; ð™ð™; T; T; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL T +1D650;1D650;1D650;0055;0055; # (ð™ð™; ð™ð™; ð™ð™; U; U; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL U +1D651;1D651;1D651;0056;0056; # (ð™‘ð™‘; ð™‘ð™‘; ð™‘ð™‘; V; V; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL V +1D652;1D652;1D652;0057;0057; # (ð™’ð™’; ð™’ð™’; ð™’ð™’; W; W; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL W +1D653;1D653;1D653;0058;0058; # (ð™“ð™“; ð™“ð™“; ð™“ð™“; X; X; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL X +1D654;1D654;1D654;0059;0059; # (ð™”ð™”; ð™”ð™”; ð™”ð™”; Y; Y; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Y +1D655;1D655;1D655;005A;005A; # (ð™•ð™•; ð™•ð™•; ð™•ð™•; Z; Z; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Z +1D656;1D656;1D656;0061;0061; # (ð™–ð™–; ð™–ð™–; ð™–ð™–; a; a; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL A +1D657;1D657;1D657;0062;0062; # (ð™—ð™—; ð™—ð™—; ð™—ð™—; b; b; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL B +1D658;1D658;1D658;0063;0063; # (ð™˜ð™˜; ð™˜ð™˜; ð™˜ð™˜; c; c; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL C +1D659;1D659;1D659;0064;0064; # (ð™™ð™™; ð™™ð™™; ð™™ð™™; d; d; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL D +1D65A;1D65A;1D65A;0065;0065; # (ð™šð™š; ð™šð™š; ð™šð™š; e; e; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL E +1D65B;1D65B;1D65B;0066;0066; # (ð™›ð™›; ð™›ð™›; ð™›ð™›; f; f; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL F +1D65C;1D65C;1D65C;0067;0067; # (ð™œð™œ; ð™œð™œ; ð™œð™œ; g; g; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL G +1D65D;1D65D;1D65D;0068;0068; # (ð™ð™; ð™ð™; ð™ð™; h; h; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL H +1D65E;1D65E;1D65E;0069;0069; # (ð™žð™ž; ð™žð™ž; ð™žð™ž; i; i; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL I +1D65F;1D65F;1D65F;006A;006A; # (ð™Ÿð™Ÿ; ð™Ÿð™Ÿ; ð™Ÿð™Ÿ; j; j; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL J +1D660;1D660;1D660;006B;006B; # (ð™ ð™ ; ð™ ð™ ; ð™ ð™ ; k; k; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL K +1D661;1D661;1D661;006C;006C; # (ð™¡ð™¡; ð™¡ð™¡; ð™¡ð™¡; l; l; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL L +1D662;1D662;1D662;006D;006D; # (ð™¢ð™¢; ð™¢ð™¢; ð™¢ð™¢; m; m; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL M +1D663;1D663;1D663;006E;006E; # (ð™£ð™£; ð™£ð™£; ð™£ð™£; n; n; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL N +1D664;1D664;1D664;006F;006F; # (ð™¤ð™¤; ð™¤ð™¤; ð™¤ð™¤; o; o; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL O +1D665;1D665;1D665;0070;0070; # (ð™¥ð™¥; ð™¥ð™¥; ð™¥ð™¥; p; p; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL P +1D666;1D666;1D666;0071;0071; # (ð™¦ð™¦; ð™¦ð™¦; ð™¦ð™¦; q; q; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Q +1D667;1D667;1D667;0072;0072; # (ð™§ð™§; ð™§ð™§; ð™§ð™§; r; r; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL R +1D668;1D668;1D668;0073;0073; # (ð™¨ð™¨; ð™¨ð™¨; ð™¨ð™¨; s; s; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL S +1D669;1D669;1D669;0074;0074; # (ð™©ð™©; ð™©ð™©; ð™©ð™©; t; t; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL T +1D66A;1D66A;1D66A;0075;0075; # (ð™ªð™ª; ð™ªð™ª; ð™ªð™ª; u; u; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL U +1D66B;1D66B;1D66B;0076;0076; # (ð™«ð™«; ð™«ð™«; ð™«ð™«; v; v; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL V +1D66C;1D66C;1D66C;0077;0077; # (ð™¬ð™¬; ð™¬ð™¬; ð™¬ð™¬; w; w; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL W +1D66D;1D66D;1D66D;0078;0078; # (ð™­ð™­; ð™­ð™­; ð™­ð™­; x; x; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL X +1D66E;1D66E;1D66E;0079;0079; # (ð™®ð™®; ð™®ð™®; ð™®ð™®; y; y; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Y +1D66F;1D66F;1D66F;007A;007A; # (ð™¯ð™¯; ð™¯ð™¯; ð™¯ð™¯; z; z; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Z +1D670;1D670;1D670;0041;0041; # (ð™°ð™°; ð™°ð™°; ð™°ð™°; A; A; ) MATHEMATICAL MONOSPACE CAPITAL A +1D671;1D671;1D671;0042;0042; # (ð™±ð™±; ð™±ð™±; ð™±ð™±; B; B; ) MATHEMATICAL MONOSPACE CAPITAL B +1D672;1D672;1D672;0043;0043; # (ð™²ð™²; ð™²ð™²; ð™²ð™²; C; C; ) MATHEMATICAL MONOSPACE CAPITAL C +1D673;1D673;1D673;0044;0044; # (ð™³ð™³; ð™³ð™³; ð™³ð™³; D; D; ) MATHEMATICAL MONOSPACE CAPITAL D +1D674;1D674;1D674;0045;0045; # (ð™´ð™´; ð™´ð™´; ð™´ð™´; E; E; ) MATHEMATICAL MONOSPACE CAPITAL E +1D675;1D675;1D675;0046;0046; # (ð™µð™µ; ð™µð™µ; ð™µð™µ; F; F; ) MATHEMATICAL MONOSPACE CAPITAL F +1D676;1D676;1D676;0047;0047; # (ð™¶ð™¶; ð™¶ð™¶; ð™¶ð™¶; G; G; ) MATHEMATICAL MONOSPACE CAPITAL G +1D677;1D677;1D677;0048;0048; # (ð™·ð™·; ð™·ð™·; ð™·ð™·; H; H; ) MATHEMATICAL MONOSPACE CAPITAL H +1D678;1D678;1D678;0049;0049; # (ð™¸ð™¸; ð™¸ð™¸; ð™¸ð™¸; I; I; ) MATHEMATICAL MONOSPACE CAPITAL I +1D679;1D679;1D679;004A;004A; # (ð™¹ð™¹; ð™¹ð™¹; ð™¹ð™¹; J; J; ) MATHEMATICAL MONOSPACE CAPITAL J +1D67A;1D67A;1D67A;004B;004B; # (ð™ºð™º; ð™ºð™º; ð™ºð™º; K; K; ) MATHEMATICAL MONOSPACE CAPITAL K +1D67B;1D67B;1D67B;004C;004C; # (ð™»ð™»; ð™»ð™»; ð™»ð™»; L; L; ) MATHEMATICAL MONOSPACE CAPITAL L +1D67C;1D67C;1D67C;004D;004D; # (ð™¼ð™¼; ð™¼ð™¼; ð™¼ð™¼; M; M; ) MATHEMATICAL MONOSPACE CAPITAL M +1D67D;1D67D;1D67D;004E;004E; # (ð™½ð™½; ð™½ð™½; ð™½ð™½; N; N; ) MATHEMATICAL MONOSPACE CAPITAL N +1D67E;1D67E;1D67E;004F;004F; # (ð™¾ð™¾; ð™¾ð™¾; ð™¾ð™¾; O; O; ) MATHEMATICAL MONOSPACE CAPITAL O +1D67F;1D67F;1D67F;0050;0050; # (ð™¿ð™¿; ð™¿ð™¿; ð™¿ð™¿; P; P; ) MATHEMATICAL MONOSPACE CAPITAL P +1D680;1D680;1D680;0051;0051; # (ðš€ðš€; ðš€ðš€; ðš€ðš€; Q; Q; ) MATHEMATICAL MONOSPACE CAPITAL Q +1D681;1D681;1D681;0052;0052; # (ðšðš; ðšðš; ðšðš; R; R; ) MATHEMATICAL MONOSPACE CAPITAL R +1D682;1D682;1D682;0053;0053; # (ðš‚ðš‚; ðš‚ðš‚; ðš‚ðš‚; S; S; ) MATHEMATICAL MONOSPACE CAPITAL S +1D683;1D683;1D683;0054;0054; # (ðšƒðšƒ; ðšƒðšƒ; ðšƒðšƒ; T; T; ) MATHEMATICAL MONOSPACE CAPITAL T +1D684;1D684;1D684;0055;0055; # (ðš„ðš„; ðš„ðš„; ðš„ðš„; U; U; ) MATHEMATICAL MONOSPACE CAPITAL U +1D685;1D685;1D685;0056;0056; # (ðš…ðš…; ðš…ðš…; ðš…ðš…; V; V; ) MATHEMATICAL MONOSPACE CAPITAL V +1D686;1D686;1D686;0057;0057; # (ðš†ðš†; ðš†ðš†; ðš†ðš†; W; W; ) MATHEMATICAL MONOSPACE CAPITAL W +1D687;1D687;1D687;0058;0058; # (ðš‡ðš‡; ðš‡ðš‡; ðš‡ðš‡; X; X; ) MATHEMATICAL MONOSPACE CAPITAL X +1D688;1D688;1D688;0059;0059; # (ðšˆðšˆ; ðšˆðšˆ; ðšˆðšˆ; Y; Y; ) MATHEMATICAL MONOSPACE CAPITAL Y +1D689;1D689;1D689;005A;005A; # (ðš‰ðš‰; ðš‰ðš‰; ðš‰ðš‰; Z; Z; ) MATHEMATICAL MONOSPACE CAPITAL Z +1D68A;1D68A;1D68A;0061;0061; # (ðšŠðšŠ; ðšŠðšŠ; ðšŠðšŠ; a; a; ) MATHEMATICAL MONOSPACE SMALL A +1D68B;1D68B;1D68B;0062;0062; # (ðš‹ðš‹; ðš‹ðš‹; ðš‹ðš‹; b; b; ) MATHEMATICAL MONOSPACE SMALL B +1D68C;1D68C;1D68C;0063;0063; # (ðšŒðšŒ; ðšŒðšŒ; ðšŒðšŒ; c; c; ) MATHEMATICAL MONOSPACE SMALL C +1D68D;1D68D;1D68D;0064;0064; # (ðšðš; ðšðš; ðšðš; d; d; ) MATHEMATICAL MONOSPACE SMALL D +1D68E;1D68E;1D68E;0065;0065; # (ðšŽðšŽ; ðšŽðšŽ; ðšŽðšŽ; e; e; ) MATHEMATICAL MONOSPACE SMALL E +1D68F;1D68F;1D68F;0066;0066; # (ðšðš; ðšðš; ðšðš; f; f; ) MATHEMATICAL MONOSPACE SMALL F +1D690;1D690;1D690;0067;0067; # (ðšðš; ðšðš; ðšðš; g; g; ) MATHEMATICAL MONOSPACE SMALL G +1D691;1D691;1D691;0068;0068; # (ðš‘ðš‘; ðš‘ðš‘; ðš‘ðš‘; h; h; ) MATHEMATICAL MONOSPACE SMALL H +1D692;1D692;1D692;0069;0069; # (ðš’ðš’; ðš’ðš’; ðš’ðš’; i; i; ) MATHEMATICAL MONOSPACE SMALL I +1D693;1D693;1D693;006A;006A; # (ðš“ðš“; ðš“ðš“; ðš“ðš“; j; j; ) MATHEMATICAL MONOSPACE SMALL J +1D694;1D694;1D694;006B;006B; # (ðš”ðš”; ðš”ðš”; ðš”ðš”; k; k; ) MATHEMATICAL MONOSPACE SMALL K +1D695;1D695;1D695;006C;006C; # (ðš•ðš•; ðš•ðš•; ðš•ðš•; l; l; ) MATHEMATICAL MONOSPACE SMALL L +1D696;1D696;1D696;006D;006D; # (ðš–ðš–; ðš–ðš–; ðš–ðš–; m; m; ) MATHEMATICAL MONOSPACE SMALL M +1D697;1D697;1D697;006E;006E; # (ðš—ðš—; ðš—ðš—; ðš—ðš—; n; n; ) MATHEMATICAL MONOSPACE SMALL N +1D698;1D698;1D698;006F;006F; # (ðš˜ðš˜; ðš˜ðš˜; ðš˜ðš˜; o; o; ) MATHEMATICAL MONOSPACE SMALL O +1D699;1D699;1D699;0070;0070; # (ðš™ðš™; ðš™ðš™; ðš™ðš™; p; p; ) MATHEMATICAL MONOSPACE SMALL P +1D69A;1D69A;1D69A;0071;0071; # (ðššðšš; ðššðšš; ðššðšš; q; q; ) MATHEMATICAL MONOSPACE SMALL Q +1D69B;1D69B;1D69B;0072;0072; # (ðš›ðš›; ðš›ðš›; ðš›ðš›; r; r; ) MATHEMATICAL MONOSPACE SMALL R +1D69C;1D69C;1D69C;0073;0073; # (ðšœðšœ; ðšœðšœ; ðšœðšœ; s; s; ) MATHEMATICAL MONOSPACE SMALL S +1D69D;1D69D;1D69D;0074;0074; # (ðšðš; ðšðš; ðšðš; t; t; ) MATHEMATICAL MONOSPACE SMALL T +1D69E;1D69E;1D69E;0075;0075; # (ðšžðšž; ðšžðšž; ðšžðšž; u; u; ) MATHEMATICAL MONOSPACE SMALL U +1D69F;1D69F;1D69F;0076;0076; # (ðšŸðšŸ; ðšŸðšŸ; ðšŸðšŸ; v; v; ) MATHEMATICAL MONOSPACE SMALL V +1D6A0;1D6A0;1D6A0;0077;0077; # (ðš ðš ; ðš ðš ; ðš ðš ; w; w; ) MATHEMATICAL MONOSPACE SMALL W +1D6A1;1D6A1;1D6A1;0078;0078; # (ðš¡ðš¡; ðš¡ðš¡; ðš¡ðš¡; x; x; ) MATHEMATICAL MONOSPACE SMALL X +1D6A2;1D6A2;1D6A2;0079;0079; # (ðš¢ðš¢; ðš¢ðš¢; ðš¢ðš¢; y; y; ) MATHEMATICAL MONOSPACE SMALL Y +1D6A3;1D6A3;1D6A3;007A;007A; # (ðš£ðš£; ðš£ðš£; ðš£ðš£; z; z; ) MATHEMATICAL MONOSPACE SMALL Z +1D6A8;1D6A8;1D6A8;0391;0391; # (ðš¨ðš¨; ðš¨ðš¨; ðš¨ðš¨; Α; Α; ) MATHEMATICAL BOLD CAPITAL ALPHA +1D6A9;1D6A9;1D6A9;0392;0392; # (ðš©ðš©; ðš©ðš©; ðš©ðš©; Î’; Î’; ) MATHEMATICAL BOLD CAPITAL BETA +1D6AA;1D6AA;1D6AA;0393;0393; # (ðšªðšª; ðšªðšª; ðšªðšª; Γ; Γ; ) MATHEMATICAL BOLD CAPITAL GAMMA +1D6AB;1D6AB;1D6AB;0394;0394; # (ðš«ðš«; ðš«ðš«; ðš«ðš«; Δ; Δ; ) MATHEMATICAL BOLD CAPITAL DELTA +1D6AC;1D6AC;1D6AC;0395;0395; # (ðš¬ðš¬; ðš¬ðš¬; ðš¬ðš¬; Ε; Ε; ) MATHEMATICAL BOLD CAPITAL EPSILON +1D6AD;1D6AD;1D6AD;0396;0396; # (ðš­ðš­; ðš­ðš­; ðš­ðš­; Ζ; Ζ; ) MATHEMATICAL BOLD CAPITAL ZETA +1D6AE;1D6AE;1D6AE;0397;0397; # (ðš®ðš®; ðš®ðš®; ðš®ðš®; Η; Η; ) MATHEMATICAL BOLD CAPITAL ETA +1D6AF;1D6AF;1D6AF;0398;0398; # (ðš¯ðš¯; ðš¯ðš¯; ðš¯ðš¯; Θ; Θ; ) MATHEMATICAL BOLD CAPITAL THETA +1D6B0;1D6B0;1D6B0;0399;0399; # (ðš°ðš°; ðš°ðš°; ðš°ðš°; Ι; Ι; ) MATHEMATICAL BOLD CAPITAL IOTA +1D6B1;1D6B1;1D6B1;039A;039A; # (ðš±ðš±; ðš±ðš±; ðš±ðš±; Κ; Κ; ) MATHEMATICAL BOLD CAPITAL KAPPA +1D6B2;1D6B2;1D6B2;039B;039B; # (ðš²ðš²; ðš²ðš²; ðš²ðš²; Λ; Λ; ) MATHEMATICAL BOLD CAPITAL LAMDA +1D6B3;1D6B3;1D6B3;039C;039C; # (ðš³ðš³; ðš³ðš³; ðš³ðš³; Îœ; Îœ; ) MATHEMATICAL BOLD CAPITAL MU +1D6B4;1D6B4;1D6B4;039D;039D; # (ðš´ðš´; ðš´ðš´; ðš´ðš´; Î; Î; ) MATHEMATICAL BOLD CAPITAL NU +1D6B5;1D6B5;1D6B5;039E;039E; # (ðšµðšµ; ðšµðšµ; ðšµðšµ; Ξ; Ξ; ) MATHEMATICAL BOLD CAPITAL XI +1D6B6;1D6B6;1D6B6;039F;039F; # (ðš¶ðš¶; ðš¶ðš¶; ðš¶ðš¶; Ο; Ο; ) MATHEMATICAL BOLD CAPITAL OMICRON +1D6B7;1D6B7;1D6B7;03A0;03A0; # (ðš·ðš·; ðš·ðš·; ðš·ðš·; Π; Π; ) MATHEMATICAL BOLD CAPITAL PI +1D6B8;1D6B8;1D6B8;03A1;03A1; # (ðš¸ðš¸; ðš¸ðš¸; ðš¸ðš¸; Ρ; Ρ; ) MATHEMATICAL BOLD CAPITAL RHO +1D6B9;1D6B9;1D6B9;0398;0398; # (ðš¹ðš¹; ðš¹ðš¹; ðš¹ðš¹; Θ; Θ; ) MATHEMATICAL BOLD CAPITAL THETA SYMBOL +1D6BA;1D6BA;1D6BA;03A3;03A3; # (ðšºðšº; ðšºðšº; ðšºðšº; Σ; Σ; ) MATHEMATICAL BOLD CAPITAL SIGMA +1D6BB;1D6BB;1D6BB;03A4;03A4; # (ðš»ðš»; ðš»ðš»; ðš»ðš»; Τ; Τ; ) MATHEMATICAL BOLD CAPITAL TAU +1D6BC;1D6BC;1D6BC;03A5;03A5; # (ðš¼ðš¼; ðš¼ðš¼; ðš¼ðš¼; Î¥; Î¥; ) MATHEMATICAL BOLD CAPITAL UPSILON +1D6BD;1D6BD;1D6BD;03A6;03A6; # (ðš½ðš½; ðš½ðš½; ðš½ðš½; Φ; Φ; ) MATHEMATICAL BOLD CAPITAL PHI +1D6BE;1D6BE;1D6BE;03A7;03A7; # (ðš¾ðš¾; ðš¾ðš¾; ðš¾ðš¾; Χ; Χ; ) MATHEMATICAL BOLD CAPITAL CHI +1D6BF;1D6BF;1D6BF;03A8;03A8; # (ðš¿ðš¿; ðš¿ðš¿; ðš¿ðš¿; Ψ; Ψ; ) MATHEMATICAL BOLD CAPITAL PSI +1D6C0;1D6C0;1D6C0;03A9;03A9; # (ð›€ð›€; ð›€ð›€; ð›€ð›€; Ω; Ω; ) MATHEMATICAL BOLD CAPITAL OMEGA +1D6C1;1D6C1;1D6C1;2207;2207; # (ð›ð›; ð›ð›; ð›ð›; ∇; ∇; ) MATHEMATICAL BOLD NABLA +1D6C2;1D6C2;1D6C2;03B1;03B1; # (ð›‚ð›‚; ð›‚ð›‚; ð›‚ð›‚; α; α; ) MATHEMATICAL BOLD SMALL ALPHA +1D6C3;1D6C3;1D6C3;03B2;03B2; # (ð›ƒð›ƒ; ð›ƒð›ƒ; ð›ƒð›ƒ; β; β; ) MATHEMATICAL BOLD SMALL BETA +1D6C4;1D6C4;1D6C4;03B3;03B3; # (ð›„ð›„; ð›„ð›„; ð›„ð›„; γ; γ; ) MATHEMATICAL BOLD SMALL GAMMA +1D6C5;1D6C5;1D6C5;03B4;03B4; # (ð›…ð›…; ð›…ð›…; ð›…ð›…; δ; δ; ) MATHEMATICAL BOLD SMALL DELTA +1D6C6;1D6C6;1D6C6;03B5;03B5; # (ð›†ð›†; ð›†ð›†; ð›†ð›†; ε; ε; ) MATHEMATICAL BOLD SMALL EPSILON +1D6C7;1D6C7;1D6C7;03B6;03B6; # (ð›‡ð›‡; ð›‡ð›‡; ð›‡ð›‡; ζ; ζ; ) MATHEMATICAL BOLD SMALL ZETA +1D6C8;1D6C8;1D6C8;03B7;03B7; # (ð›ˆð›ˆ; ð›ˆð›ˆ; ð›ˆð›ˆ; η; η; ) MATHEMATICAL BOLD SMALL ETA +1D6C9;1D6C9;1D6C9;03B8;03B8; # (ð›‰ð›‰; ð›‰ð›‰; ð›‰ð›‰; θ; θ; ) MATHEMATICAL BOLD SMALL THETA +1D6CA;1D6CA;1D6CA;03B9;03B9; # (ð›Šð›Š; ð›Šð›Š; ð›Šð›Š; ι; ι; ) MATHEMATICAL BOLD SMALL IOTA +1D6CB;1D6CB;1D6CB;03BA;03BA; # (ð›‹ð›‹; ð›‹ð›‹; ð›‹ð›‹; κ; κ; ) MATHEMATICAL BOLD SMALL KAPPA +1D6CC;1D6CC;1D6CC;03BB;03BB; # (ð›Œð›Œ; ð›Œð›Œ; ð›Œð›Œ; λ; λ; ) MATHEMATICAL BOLD SMALL LAMDA +1D6CD;1D6CD;1D6CD;03BC;03BC; # (ð›ð›; ð›ð›; ð›ð›; μ; μ; ) MATHEMATICAL BOLD SMALL MU +1D6CE;1D6CE;1D6CE;03BD;03BD; # (ð›Žð›Ž; ð›Žð›Ž; ð›Žð›Ž; ν; ν; ) MATHEMATICAL BOLD SMALL NU +1D6CF;1D6CF;1D6CF;03BE;03BE; # (ð›ð›; ð›ð›; ð›ð›; ξ; ξ; ) MATHEMATICAL BOLD SMALL XI +1D6D0;1D6D0;1D6D0;03BF;03BF; # (ð›ð›; ð›ð›; ð›ð›; ο; ο; ) MATHEMATICAL BOLD SMALL OMICRON +1D6D1;1D6D1;1D6D1;03C0;03C0; # (ð›‘ð›‘; ð›‘ð›‘; ð›‘ð›‘; Ï€; Ï€; ) MATHEMATICAL BOLD SMALL PI +1D6D2;1D6D2;1D6D2;03C1;03C1; # (ð›’ð›’; ð›’ð›’; ð›’ð›’; Ï; Ï; ) MATHEMATICAL BOLD SMALL RHO +1D6D3;1D6D3;1D6D3;03C2;03C2; # (ð›“ð›“; ð›“ð›“; ð›“ð›“; Ï‚; Ï‚; ) MATHEMATICAL BOLD SMALL FINAL SIGMA +1D6D4;1D6D4;1D6D4;03C3;03C3; # (ð›”ð›”; ð›”ð›”; ð›”ð›”; σ; σ; ) MATHEMATICAL BOLD SMALL SIGMA +1D6D5;1D6D5;1D6D5;03C4;03C4; # (ð›•ð›•; ð›•ð›•; ð›•ð›•; Ï„; Ï„; ) MATHEMATICAL BOLD SMALL TAU +1D6D6;1D6D6;1D6D6;03C5;03C5; # (ð›–ð›–; ð›–ð›–; ð›–ð›–; Ï…; Ï…; ) MATHEMATICAL BOLD SMALL UPSILON +1D6D7;1D6D7;1D6D7;03C6;03C6; # (ð›—ð›—; ð›—ð›—; ð›—ð›—; φ; φ; ) MATHEMATICAL BOLD SMALL PHI +1D6D8;1D6D8;1D6D8;03C7;03C7; # (ð›˜ð›˜; ð›˜ð›˜; ð›˜ð›˜; χ; χ; ) MATHEMATICAL BOLD SMALL CHI +1D6D9;1D6D9;1D6D9;03C8;03C8; # (ð›™ð›™; ð›™ð›™; ð›™ð›™; ψ; ψ; ) MATHEMATICAL BOLD SMALL PSI +1D6DA;1D6DA;1D6DA;03C9;03C9; # (ð›šð›š; ð›šð›š; ð›šð›š; ω; ω; ) MATHEMATICAL BOLD SMALL OMEGA +1D6DB;1D6DB;1D6DB;2202;2202; # (ð››ð››; ð››ð››; ð››ð››; ∂; ∂; ) MATHEMATICAL BOLD PARTIAL DIFFERENTIAL +1D6DC;1D6DC;1D6DC;03B5;03B5; # (ð›œð›œ; ð›œð›œ; ð›œð›œ; ε; ε; ) MATHEMATICAL BOLD EPSILON SYMBOL +1D6DD;1D6DD;1D6DD;03B8;03B8; # (ð›ð›; ð›ð›; ð›ð›; θ; θ; ) MATHEMATICAL BOLD THETA SYMBOL +1D6DE;1D6DE;1D6DE;03BA;03BA; # (ð›žð›ž; ð›žð›ž; ð›žð›ž; κ; κ; ) MATHEMATICAL BOLD KAPPA SYMBOL +1D6DF;1D6DF;1D6DF;03C6;03C6; # (ð›Ÿð›Ÿ; ð›Ÿð›Ÿ; ð›Ÿð›Ÿ; φ; φ; ) MATHEMATICAL BOLD PHI SYMBOL +1D6E0;1D6E0;1D6E0;03C1;03C1; # (ð› ð› ; ð› ð› ; ð› ð› ; Ï; Ï; ) MATHEMATICAL BOLD RHO SYMBOL +1D6E1;1D6E1;1D6E1;03C0;03C0; # (ð›¡ð›¡; ð›¡ð›¡; ð›¡ð›¡; Ï€; Ï€; ) MATHEMATICAL BOLD PI SYMBOL +1D6E2;1D6E2;1D6E2;0391;0391; # (ð›¢ð›¢; ð›¢ð›¢; ð›¢ð›¢; Α; Α; ) MATHEMATICAL ITALIC CAPITAL ALPHA +1D6E3;1D6E3;1D6E3;0392;0392; # (ð›£ð›£; ð›£ð›£; ð›£ð›£; Î’; Î’; ) MATHEMATICAL ITALIC CAPITAL BETA +1D6E4;1D6E4;1D6E4;0393;0393; # (ð›¤ð›¤; ð›¤ð›¤; ð›¤ð›¤; Γ; Γ; ) MATHEMATICAL ITALIC CAPITAL GAMMA +1D6E5;1D6E5;1D6E5;0394;0394; # (ð›¥ð›¥; ð›¥ð›¥; ð›¥ð›¥; Δ; Δ; ) MATHEMATICAL ITALIC CAPITAL DELTA +1D6E6;1D6E6;1D6E6;0395;0395; # (ð›¦ð›¦; ð›¦ð›¦; ð›¦ð›¦; Ε; Ε; ) MATHEMATICAL ITALIC CAPITAL EPSILON +1D6E7;1D6E7;1D6E7;0396;0396; # (ð›§ð›§; ð›§ð›§; ð›§ð›§; Ζ; Ζ; ) MATHEMATICAL ITALIC CAPITAL ZETA +1D6E8;1D6E8;1D6E8;0397;0397; # (ð›¨ð›¨; ð›¨ð›¨; ð›¨ð›¨; Η; Η; ) MATHEMATICAL ITALIC CAPITAL ETA +1D6E9;1D6E9;1D6E9;0398;0398; # (ð›©ð›©; ð›©ð›©; ð›©ð›©; Θ; Θ; ) MATHEMATICAL ITALIC CAPITAL THETA +1D6EA;1D6EA;1D6EA;0399;0399; # (ð›ªð›ª; ð›ªð›ª; ð›ªð›ª; Ι; Ι; ) MATHEMATICAL ITALIC CAPITAL IOTA +1D6EB;1D6EB;1D6EB;039A;039A; # (ð›«ð›«; ð›«ð›«; ð›«ð›«; Κ; Κ; ) MATHEMATICAL ITALIC CAPITAL KAPPA +1D6EC;1D6EC;1D6EC;039B;039B; # (ð›¬ð›¬; ð›¬ð›¬; ð›¬ð›¬; Λ; Λ; ) MATHEMATICAL ITALIC CAPITAL LAMDA +1D6ED;1D6ED;1D6ED;039C;039C; # (ð›­ð›­; ð›­ð›­; ð›­ð›­; Îœ; Îœ; ) MATHEMATICAL ITALIC CAPITAL MU +1D6EE;1D6EE;1D6EE;039D;039D; # (ð›®ð›®; ð›®ð›®; ð›®ð›®; Î; Î; ) MATHEMATICAL ITALIC CAPITAL NU +1D6EF;1D6EF;1D6EF;039E;039E; # (ð›¯ð›¯; ð›¯ð›¯; ð›¯ð›¯; Ξ; Ξ; ) MATHEMATICAL ITALIC CAPITAL XI +1D6F0;1D6F0;1D6F0;039F;039F; # (ð›°ð›°; ð›°ð›°; ð›°ð›°; Ο; Ο; ) MATHEMATICAL ITALIC CAPITAL OMICRON +1D6F1;1D6F1;1D6F1;03A0;03A0; # (ð›±ð›±; ð›±ð›±; ð›±ð›±; Π; Π; ) MATHEMATICAL ITALIC CAPITAL PI +1D6F2;1D6F2;1D6F2;03A1;03A1; # (ð›²ð›²; ð›²ð›²; ð›²ð›²; Ρ; Ρ; ) MATHEMATICAL ITALIC CAPITAL RHO +1D6F3;1D6F3;1D6F3;0398;0398; # (ð›³ð›³; ð›³ð›³; ð›³ð›³; Θ; Θ; ) MATHEMATICAL ITALIC CAPITAL THETA SYMBOL +1D6F4;1D6F4;1D6F4;03A3;03A3; # (ð›´ð›´; ð›´ð›´; ð›´ð›´; Σ; Σ; ) MATHEMATICAL ITALIC CAPITAL SIGMA +1D6F5;1D6F5;1D6F5;03A4;03A4; # (ð›µð›µ; ð›µð›µ; ð›µð›µ; Τ; Τ; ) MATHEMATICAL ITALIC CAPITAL TAU +1D6F6;1D6F6;1D6F6;03A5;03A5; # (ð›¶ð›¶; ð›¶ð›¶; ð›¶ð›¶; Î¥; Î¥; ) MATHEMATICAL ITALIC CAPITAL UPSILON +1D6F7;1D6F7;1D6F7;03A6;03A6; # (ð›·ð›·; ð›·ð›·; ð›·ð›·; Φ; Φ; ) MATHEMATICAL ITALIC CAPITAL PHI +1D6F8;1D6F8;1D6F8;03A7;03A7; # (ð›¸ð›¸; ð›¸ð›¸; ð›¸ð›¸; Χ; Χ; ) MATHEMATICAL ITALIC CAPITAL CHI +1D6F9;1D6F9;1D6F9;03A8;03A8; # (ð›¹ð›¹; ð›¹ð›¹; ð›¹ð›¹; Ψ; Ψ; ) MATHEMATICAL ITALIC CAPITAL PSI +1D6FA;1D6FA;1D6FA;03A9;03A9; # (ð›ºð›º; ð›ºð›º; ð›ºð›º; Ω; Ω; ) MATHEMATICAL ITALIC CAPITAL OMEGA +1D6FB;1D6FB;1D6FB;2207;2207; # (ð›»ð›»; ð›»ð›»; ð›»ð›»; ∇; ∇; ) MATHEMATICAL ITALIC NABLA +1D6FC;1D6FC;1D6FC;03B1;03B1; # (ð›¼ð›¼; ð›¼ð›¼; ð›¼ð›¼; α; α; ) MATHEMATICAL ITALIC SMALL ALPHA +1D6FD;1D6FD;1D6FD;03B2;03B2; # (ð›½ð›½; ð›½ð›½; ð›½ð›½; β; β; ) MATHEMATICAL ITALIC SMALL BETA +1D6FE;1D6FE;1D6FE;03B3;03B3; # (ð›¾ð›¾; ð›¾ð›¾; ð›¾ð›¾; γ; γ; ) MATHEMATICAL ITALIC SMALL GAMMA +1D6FF;1D6FF;1D6FF;03B4;03B4; # (ð›¿ð›¿; ð›¿ð›¿; ð›¿ð›¿; δ; δ; ) MATHEMATICAL ITALIC SMALL DELTA +1D700;1D700;1D700;03B5;03B5; # (ðœ€ðœ€; ðœ€ðœ€; ðœ€ðœ€; ε; ε; ) MATHEMATICAL ITALIC SMALL EPSILON +1D701;1D701;1D701;03B6;03B6; # (ðœðœ; ðœðœ; ðœðœ; ζ; ζ; ) MATHEMATICAL ITALIC SMALL ZETA +1D702;1D702;1D702;03B7;03B7; # (ðœ‚ðœ‚; ðœ‚ðœ‚; ðœ‚ðœ‚; η; η; ) MATHEMATICAL ITALIC SMALL ETA +1D703;1D703;1D703;03B8;03B8; # (ðœƒðœƒ; ðœƒðœƒ; ðœƒðœƒ; θ; θ; ) MATHEMATICAL ITALIC SMALL THETA +1D704;1D704;1D704;03B9;03B9; # (ðœ„ðœ„; ðœ„ðœ„; ðœ„ðœ„; ι; ι; ) MATHEMATICAL ITALIC SMALL IOTA +1D705;1D705;1D705;03BA;03BA; # (ðœ…ðœ…; ðœ…ðœ…; ðœ…ðœ…; κ; κ; ) MATHEMATICAL ITALIC SMALL KAPPA +1D706;1D706;1D706;03BB;03BB; # (ðœ†ðœ†; ðœ†ðœ†; ðœ†ðœ†; λ; λ; ) MATHEMATICAL ITALIC SMALL LAMDA +1D707;1D707;1D707;03BC;03BC; # (ðœ‡ðœ‡; ðœ‡ðœ‡; ðœ‡ðœ‡; μ; μ; ) MATHEMATICAL ITALIC SMALL MU +1D708;1D708;1D708;03BD;03BD; # (ðœˆðœˆ; ðœˆðœˆ; ðœˆðœˆ; ν; ν; ) MATHEMATICAL ITALIC SMALL NU +1D709;1D709;1D709;03BE;03BE; # (ðœ‰ðœ‰; ðœ‰ðœ‰; ðœ‰ðœ‰; ξ; ξ; ) MATHEMATICAL ITALIC SMALL XI +1D70A;1D70A;1D70A;03BF;03BF; # (ðœŠðœŠ; ðœŠðœŠ; ðœŠðœŠ; ο; ο; ) MATHEMATICAL ITALIC SMALL OMICRON +1D70B;1D70B;1D70B;03C0;03C0; # (ðœ‹ðœ‹; ðœ‹ðœ‹; ðœ‹ðœ‹; Ï€; Ï€; ) MATHEMATICAL ITALIC SMALL PI +1D70C;1D70C;1D70C;03C1;03C1; # (ðœŒðœŒ; ðœŒðœŒ; ðœŒðœŒ; Ï; Ï; ) MATHEMATICAL ITALIC SMALL RHO +1D70D;1D70D;1D70D;03C2;03C2; # (ðœðœ; ðœðœ; ðœðœ; Ï‚; Ï‚; ) MATHEMATICAL ITALIC SMALL FINAL SIGMA +1D70E;1D70E;1D70E;03C3;03C3; # (ðœŽðœŽ; ðœŽðœŽ; ðœŽðœŽ; σ; σ; ) MATHEMATICAL ITALIC SMALL SIGMA +1D70F;1D70F;1D70F;03C4;03C4; # (ðœðœ; ðœðœ; ðœðœ; Ï„; Ï„; ) MATHEMATICAL ITALIC SMALL TAU +1D710;1D710;1D710;03C5;03C5; # (ðœðœ; ðœðœ; ðœðœ; Ï…; Ï…; ) MATHEMATICAL ITALIC SMALL UPSILON +1D711;1D711;1D711;03C6;03C6; # (ðœ‘ðœ‘; ðœ‘ðœ‘; ðœ‘ðœ‘; φ; φ; ) MATHEMATICAL ITALIC SMALL PHI +1D712;1D712;1D712;03C7;03C7; # (ðœ’ðœ’; ðœ’ðœ’; ðœ’ðœ’; χ; χ; ) MATHEMATICAL ITALIC SMALL CHI +1D713;1D713;1D713;03C8;03C8; # (ðœ“ðœ“; ðœ“ðœ“; ðœ“ðœ“; ψ; ψ; ) MATHEMATICAL ITALIC SMALL PSI +1D714;1D714;1D714;03C9;03C9; # (ðœ”ðœ”; ðœ”ðœ”; ðœ”ðœ”; ω; ω; ) MATHEMATICAL ITALIC SMALL OMEGA +1D715;1D715;1D715;2202;2202; # (ðœ•ðœ•; ðœ•ðœ•; ðœ•ðœ•; ∂; ∂; ) MATHEMATICAL ITALIC PARTIAL DIFFERENTIAL +1D716;1D716;1D716;03B5;03B5; # (ðœ–ðœ–; ðœ–ðœ–; ðœ–ðœ–; ε; ε; ) MATHEMATICAL ITALIC EPSILON SYMBOL +1D717;1D717;1D717;03B8;03B8; # (ðœ—ðœ—; ðœ—ðœ—; ðœ—ðœ—; θ; θ; ) MATHEMATICAL ITALIC THETA SYMBOL +1D718;1D718;1D718;03BA;03BA; # (ðœ˜ðœ˜; ðœ˜ðœ˜; ðœ˜ðœ˜; κ; κ; ) MATHEMATICAL ITALIC KAPPA SYMBOL +1D719;1D719;1D719;03C6;03C6; # (ðœ™ðœ™; ðœ™ðœ™; ðœ™ðœ™; φ; φ; ) MATHEMATICAL ITALIC PHI SYMBOL +1D71A;1D71A;1D71A;03C1;03C1; # (ðœšðœš; ðœšðœš; ðœšðœš; Ï; Ï; ) MATHEMATICAL ITALIC RHO SYMBOL +1D71B;1D71B;1D71B;03C0;03C0; # (ðœ›ðœ›; ðœ›ðœ›; ðœ›ðœ›; Ï€; Ï€; ) MATHEMATICAL ITALIC PI SYMBOL +1D71C;1D71C;1D71C;0391;0391; # (ðœœðœœ; ðœœðœœ; ðœœðœœ; Α; Α; ) MATHEMATICAL BOLD ITALIC CAPITAL ALPHA +1D71D;1D71D;1D71D;0392;0392; # (ðœðœ; ðœðœ; ðœðœ; Î’; Î’; ) MATHEMATICAL BOLD ITALIC CAPITAL BETA +1D71E;1D71E;1D71E;0393;0393; # (ðœžðœž; ðœžðœž; ðœžðœž; Γ; Γ; ) MATHEMATICAL BOLD ITALIC CAPITAL GAMMA +1D71F;1D71F;1D71F;0394;0394; # (ðœŸðœŸ; ðœŸðœŸ; ðœŸðœŸ; Δ; Δ; ) MATHEMATICAL BOLD ITALIC CAPITAL DELTA +1D720;1D720;1D720;0395;0395; # (ðœ ðœ ; ðœ ðœ ; ðœ ðœ ; Ε; Ε; ) MATHEMATICAL BOLD ITALIC CAPITAL EPSILON +1D721;1D721;1D721;0396;0396; # (ðœ¡ðœ¡; ðœ¡ðœ¡; ðœ¡ðœ¡; Ζ; Ζ; ) MATHEMATICAL BOLD ITALIC CAPITAL ZETA +1D722;1D722;1D722;0397;0397; # (ðœ¢ðœ¢; ðœ¢ðœ¢; ðœ¢ðœ¢; Η; Η; ) MATHEMATICAL BOLD ITALIC CAPITAL ETA +1D723;1D723;1D723;0398;0398; # (ðœ£ðœ£; ðœ£ðœ£; ðœ£ðœ£; Θ; Θ; ) MATHEMATICAL BOLD ITALIC CAPITAL THETA +1D724;1D724;1D724;0399;0399; # (ðœ¤ðœ¤; ðœ¤ðœ¤; ðœ¤ðœ¤; Ι; Ι; ) MATHEMATICAL BOLD ITALIC CAPITAL IOTA +1D725;1D725;1D725;039A;039A; # (ðœ¥ðœ¥; ðœ¥ðœ¥; ðœ¥ðœ¥; Κ; Κ; ) MATHEMATICAL BOLD ITALIC CAPITAL KAPPA +1D726;1D726;1D726;039B;039B; # (ðœ¦ðœ¦; ðœ¦ðœ¦; ðœ¦ðœ¦; Λ; Λ; ) MATHEMATICAL BOLD ITALIC CAPITAL LAMDA +1D727;1D727;1D727;039C;039C; # (ðœ§ðœ§; ðœ§ðœ§; ðœ§ðœ§; Îœ; Îœ; ) MATHEMATICAL BOLD ITALIC CAPITAL MU +1D728;1D728;1D728;039D;039D; # (ðœ¨ðœ¨; ðœ¨ðœ¨; ðœ¨ðœ¨; Î; Î; ) MATHEMATICAL BOLD ITALIC CAPITAL NU +1D729;1D729;1D729;039E;039E; # (ðœ©ðœ©; ðœ©ðœ©; ðœ©ðœ©; Ξ; Ξ; ) MATHEMATICAL BOLD ITALIC CAPITAL XI +1D72A;1D72A;1D72A;039F;039F; # (ðœªðœª; ðœªðœª; ðœªðœª; Ο; Ο; ) MATHEMATICAL BOLD ITALIC CAPITAL OMICRON +1D72B;1D72B;1D72B;03A0;03A0; # (ðœ«ðœ«; ðœ«ðœ«; ðœ«ðœ«; Π; Π; ) MATHEMATICAL BOLD ITALIC CAPITAL PI +1D72C;1D72C;1D72C;03A1;03A1; # (ðœ¬ðœ¬; ðœ¬ðœ¬; ðœ¬ðœ¬; Ρ; Ρ; ) MATHEMATICAL BOLD ITALIC CAPITAL RHO +1D72D;1D72D;1D72D;0398;0398; # (ðœ­ðœ­; ðœ­ðœ­; ðœ­ðœ­; Θ; Θ; ) MATHEMATICAL BOLD ITALIC CAPITAL THETA SYMBOL +1D72E;1D72E;1D72E;03A3;03A3; # (ðœ®ðœ®; ðœ®ðœ®; ðœ®ðœ®; Σ; Σ; ) MATHEMATICAL BOLD ITALIC CAPITAL SIGMA +1D72F;1D72F;1D72F;03A4;03A4; # (ðœ¯ðœ¯; ðœ¯ðœ¯; ðœ¯ðœ¯; Τ; Τ; ) MATHEMATICAL BOLD ITALIC CAPITAL TAU +1D730;1D730;1D730;03A5;03A5; # (ðœ°ðœ°; ðœ°ðœ°; ðœ°ðœ°; Î¥; Î¥; ) MATHEMATICAL BOLD ITALIC CAPITAL UPSILON +1D731;1D731;1D731;03A6;03A6; # (ðœ±ðœ±; ðœ±ðœ±; ðœ±ðœ±; Φ; Φ; ) MATHEMATICAL BOLD ITALIC CAPITAL PHI +1D732;1D732;1D732;03A7;03A7; # (ðœ²ðœ²; ðœ²ðœ²; ðœ²ðœ²; Χ; Χ; ) MATHEMATICAL BOLD ITALIC CAPITAL CHI +1D733;1D733;1D733;03A8;03A8; # (ðœ³ðœ³; ðœ³ðœ³; ðœ³ðœ³; Ψ; Ψ; ) MATHEMATICAL BOLD ITALIC CAPITAL PSI +1D734;1D734;1D734;03A9;03A9; # (ðœ´ðœ´; ðœ´ðœ´; ðœ´ðœ´; Ω; Ω; ) MATHEMATICAL BOLD ITALIC CAPITAL OMEGA +1D735;1D735;1D735;2207;2207; # (ðœµðœµ; ðœµðœµ; ðœµðœµ; ∇; ∇; ) MATHEMATICAL BOLD ITALIC NABLA +1D736;1D736;1D736;03B1;03B1; # (ðœ¶ðœ¶; ðœ¶ðœ¶; ðœ¶ðœ¶; α; α; ) MATHEMATICAL BOLD ITALIC SMALL ALPHA +1D737;1D737;1D737;03B2;03B2; # (ðœ·ðœ·; ðœ·ðœ·; ðœ·ðœ·; β; β; ) MATHEMATICAL BOLD ITALIC SMALL BETA +1D738;1D738;1D738;03B3;03B3; # (ðœ¸ðœ¸; ðœ¸ðœ¸; ðœ¸ðœ¸; γ; γ; ) MATHEMATICAL BOLD ITALIC SMALL GAMMA +1D739;1D739;1D739;03B4;03B4; # (ðœ¹ðœ¹; ðœ¹ðœ¹; ðœ¹ðœ¹; δ; δ; ) MATHEMATICAL BOLD ITALIC SMALL DELTA +1D73A;1D73A;1D73A;03B5;03B5; # (ðœºðœº; ðœºðœº; ðœºðœº; ε; ε; ) MATHEMATICAL BOLD ITALIC SMALL EPSILON +1D73B;1D73B;1D73B;03B6;03B6; # (ðœ»ðœ»; ðœ»ðœ»; ðœ»ðœ»; ζ; ζ; ) MATHEMATICAL BOLD ITALIC SMALL ZETA +1D73C;1D73C;1D73C;03B7;03B7; # (ðœ¼ðœ¼; ðœ¼ðœ¼; ðœ¼ðœ¼; η; η; ) MATHEMATICAL BOLD ITALIC SMALL ETA +1D73D;1D73D;1D73D;03B8;03B8; # (ðœ½ðœ½; ðœ½ðœ½; ðœ½ðœ½; θ; θ; ) MATHEMATICAL BOLD ITALIC SMALL THETA +1D73E;1D73E;1D73E;03B9;03B9; # (ðœ¾ðœ¾; ðœ¾ðœ¾; ðœ¾ðœ¾; ι; ι; ) MATHEMATICAL BOLD ITALIC SMALL IOTA +1D73F;1D73F;1D73F;03BA;03BA; # (ðœ¿ðœ¿; ðœ¿ðœ¿; ðœ¿ðœ¿; κ; κ; ) MATHEMATICAL BOLD ITALIC SMALL KAPPA +1D740;1D740;1D740;03BB;03BB; # (ð€ð€; ð€ð€; ð€ð€; λ; λ; ) MATHEMATICAL BOLD ITALIC SMALL LAMDA +1D741;1D741;1D741;03BC;03BC; # (ðð; ðð; ðð; μ; μ; ) MATHEMATICAL BOLD ITALIC SMALL MU +1D742;1D742;1D742;03BD;03BD; # (ð‚ð‚; ð‚ð‚; ð‚ð‚; ν; ν; ) MATHEMATICAL BOLD ITALIC SMALL NU +1D743;1D743;1D743;03BE;03BE; # (ðƒðƒ; ðƒðƒ; ðƒðƒ; ξ; ξ; ) MATHEMATICAL BOLD ITALIC SMALL XI +1D744;1D744;1D744;03BF;03BF; # (ð„ð„; ð„ð„; ð„ð„; ο; ο; ) MATHEMATICAL BOLD ITALIC SMALL OMICRON +1D745;1D745;1D745;03C0;03C0; # (ð…ð…; ð…ð…; ð…ð…; Ï€; Ï€; ) MATHEMATICAL BOLD ITALIC SMALL PI +1D746;1D746;1D746;03C1;03C1; # (ð†ð†; ð†ð†; ð†ð†; Ï; Ï; ) MATHEMATICAL BOLD ITALIC SMALL RHO +1D747;1D747;1D747;03C2;03C2; # (ð‡ð‡; ð‡ð‡; ð‡ð‡; Ï‚; Ï‚; ) MATHEMATICAL BOLD ITALIC SMALL FINAL SIGMA +1D748;1D748;1D748;03C3;03C3; # (ðˆðˆ; ðˆðˆ; ðˆðˆ; σ; σ; ) MATHEMATICAL BOLD ITALIC SMALL SIGMA +1D749;1D749;1D749;03C4;03C4; # (ð‰ð‰; ð‰ð‰; ð‰ð‰; Ï„; Ï„; ) MATHEMATICAL BOLD ITALIC SMALL TAU +1D74A;1D74A;1D74A;03C5;03C5; # (ðŠðŠ; ðŠðŠ; ðŠðŠ; Ï…; Ï…; ) MATHEMATICAL BOLD ITALIC SMALL UPSILON +1D74B;1D74B;1D74B;03C6;03C6; # (ð‹ð‹; ð‹ð‹; ð‹ð‹; φ; φ; ) MATHEMATICAL BOLD ITALIC SMALL PHI +1D74C;1D74C;1D74C;03C7;03C7; # (ðŒðŒ; ðŒðŒ; ðŒðŒ; χ; χ; ) MATHEMATICAL BOLD ITALIC SMALL CHI +1D74D;1D74D;1D74D;03C8;03C8; # (ðð; ðð; ðð; ψ; ψ; ) MATHEMATICAL BOLD ITALIC SMALL PSI +1D74E;1D74E;1D74E;03C9;03C9; # (ðŽðŽ; ðŽðŽ; ðŽðŽ; ω; ω; ) MATHEMATICAL BOLD ITALIC SMALL OMEGA +1D74F;1D74F;1D74F;2202;2202; # (ðð; ðð; ðð; ∂; ∂; ) MATHEMATICAL BOLD ITALIC PARTIAL DIFFERENTIAL +1D750;1D750;1D750;03B5;03B5; # (ðð; ðð; ðð; ε; ε; ) MATHEMATICAL BOLD ITALIC EPSILON SYMBOL +1D751;1D751;1D751;03B8;03B8; # (ð‘ð‘; ð‘ð‘; ð‘ð‘; θ; θ; ) MATHEMATICAL BOLD ITALIC THETA SYMBOL +1D752;1D752;1D752;03BA;03BA; # (ð’ð’; ð’ð’; ð’ð’; κ; κ; ) MATHEMATICAL BOLD ITALIC KAPPA SYMBOL +1D753;1D753;1D753;03C6;03C6; # (ð“ð“; ð“ð“; ð“ð“; φ; φ; ) MATHEMATICAL BOLD ITALIC PHI SYMBOL +1D754;1D754;1D754;03C1;03C1; # (ð”ð”; ð”ð”; ð”ð”; Ï; Ï; ) MATHEMATICAL BOLD ITALIC RHO SYMBOL +1D755;1D755;1D755;03C0;03C0; # (ð•ð•; ð•ð•; ð•ð•; Ï€; Ï€; ) MATHEMATICAL BOLD ITALIC PI SYMBOL +1D756;1D756;1D756;0391;0391; # (ð–ð–; ð–ð–; ð–ð–; Α; Α; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL ALPHA +1D757;1D757;1D757;0392;0392; # (ð—ð—; ð—ð—; ð—ð—; Î’; Î’; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL BETA +1D758;1D758;1D758;0393;0393; # (ð˜ð˜; ð˜ð˜; ð˜ð˜; Γ; Γ; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL GAMMA +1D759;1D759;1D759;0394;0394; # (ð™ð™; ð™ð™; ð™ð™; Δ; Δ; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL DELTA +1D75A;1D75A;1D75A;0395;0395; # (ðšðš; ðšðš; ðšðš; Ε; Ε; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL EPSILON +1D75B;1D75B;1D75B;0396;0396; # (ð›ð›; ð›ð›; ð›ð›; Ζ; Ζ; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL ZETA +1D75C;1D75C;1D75C;0397;0397; # (ðœðœ; ðœðœ; ðœðœ; Η; Η; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL ETA +1D75D;1D75D;1D75D;0398;0398; # (ðð; ðð; ðð; Θ; Θ; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL THETA +1D75E;1D75E;1D75E;0399;0399; # (ðžðž; ðžðž; ðžðž; Ι; Ι; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL IOTA +1D75F;1D75F;1D75F;039A;039A; # (ðŸðŸ; ðŸðŸ; ðŸðŸ; Κ; Κ; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL KAPPA +1D760;1D760;1D760;039B;039B; # (ð ð ; ð ð ; ð ð ; Λ; Λ; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL LAMDA +1D761;1D761;1D761;039C;039C; # (ð¡ð¡; ð¡ð¡; ð¡ð¡; Îœ; Îœ; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL MU +1D762;1D762;1D762;039D;039D; # (ð¢ð¢; ð¢ð¢; ð¢ð¢; Î; Î; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL NU +1D763;1D763;1D763;039E;039E; # (ð£ð£; ð£ð£; ð£ð£; Ξ; Ξ; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL XI +1D764;1D764;1D764;039F;039F; # (ð¤ð¤; ð¤ð¤; ð¤ð¤; Ο; Ο; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL OMICRON +1D765;1D765;1D765;03A0;03A0; # (ð¥ð¥; ð¥ð¥; ð¥ð¥; Π; Π; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL PI +1D766;1D766;1D766;03A1;03A1; # (ð¦ð¦; ð¦ð¦; ð¦ð¦; Ρ; Ρ; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL RHO +1D767;1D767;1D767;0398;0398; # (ð§ð§; ð§ð§; ð§ð§; Θ; Θ; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL THETA SYMBOL +1D768;1D768;1D768;03A3;03A3; # (ð¨ð¨; ð¨ð¨; ð¨ð¨; Σ; Σ; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL SIGMA +1D769;1D769;1D769;03A4;03A4; # (ð©ð©; ð©ð©; ð©ð©; Τ; Τ; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL TAU +1D76A;1D76A;1D76A;03A5;03A5; # (ðªðª; ðªðª; ðªðª; Î¥; Î¥; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL UPSILON +1D76B;1D76B;1D76B;03A6;03A6; # (ð«ð«; ð«ð«; ð«ð«; Φ; Φ; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL PHI +1D76C;1D76C;1D76C;03A7;03A7; # (ð¬ð¬; ð¬ð¬; ð¬ð¬; Χ; Χ; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL CHI +1D76D;1D76D;1D76D;03A8;03A8; # (ð­ð­; ð­ð­; ð­ð­; Ψ; Ψ; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL PSI +1D76E;1D76E;1D76E;03A9;03A9; # (ð®ð®; ð®ð®; ð®ð®; Ω; Ω; ) MATHEMATICAL SANS-SERIF BOLD CAPITAL OMEGA +1D76F;1D76F;1D76F;2207;2207; # (ð¯ð¯; ð¯ð¯; ð¯ð¯; ∇; ∇; ) MATHEMATICAL SANS-SERIF BOLD NABLA +1D770;1D770;1D770;03B1;03B1; # (ð°ð°; ð°ð°; ð°ð°; α; α; ) MATHEMATICAL SANS-SERIF BOLD SMALL ALPHA +1D771;1D771;1D771;03B2;03B2; # (ð±ð±; ð±ð±; ð±ð±; β; β; ) MATHEMATICAL SANS-SERIF BOLD SMALL BETA +1D772;1D772;1D772;03B3;03B3; # (ð²ð²; ð²ð²; ð²ð²; γ; γ; ) MATHEMATICAL SANS-SERIF BOLD SMALL GAMMA +1D773;1D773;1D773;03B4;03B4; # (ð³ð³; ð³ð³; ð³ð³; δ; δ; ) MATHEMATICAL SANS-SERIF BOLD SMALL DELTA +1D774;1D774;1D774;03B5;03B5; # (ð´ð´; ð´ð´; ð´ð´; ε; ε; ) MATHEMATICAL SANS-SERIF BOLD SMALL EPSILON +1D775;1D775;1D775;03B6;03B6; # (ðµðµ; ðµðµ; ðµðµ; ζ; ζ; ) MATHEMATICAL SANS-SERIF BOLD SMALL ZETA +1D776;1D776;1D776;03B7;03B7; # (ð¶ð¶; ð¶ð¶; ð¶ð¶; η; η; ) MATHEMATICAL SANS-SERIF BOLD SMALL ETA +1D777;1D777;1D777;03B8;03B8; # (ð·ð·; ð·ð·; ð·ð·; θ; θ; ) MATHEMATICAL SANS-SERIF BOLD SMALL THETA +1D778;1D778;1D778;03B9;03B9; # (ð¸ð¸; ð¸ð¸; ð¸ð¸; ι; ι; ) MATHEMATICAL SANS-SERIF BOLD SMALL IOTA +1D779;1D779;1D779;03BA;03BA; # (ð¹ð¹; ð¹ð¹; ð¹ð¹; κ; κ; ) MATHEMATICAL SANS-SERIF BOLD SMALL KAPPA +1D77A;1D77A;1D77A;03BB;03BB; # (ðºðº; ðºðº; ðºðº; λ; λ; ) MATHEMATICAL SANS-SERIF BOLD SMALL LAMDA +1D77B;1D77B;1D77B;03BC;03BC; # (ð»ð»; ð»ð»; ð»ð»; μ; μ; ) MATHEMATICAL SANS-SERIF BOLD SMALL MU +1D77C;1D77C;1D77C;03BD;03BD; # (ð¼ð¼; ð¼ð¼; ð¼ð¼; ν; ν; ) MATHEMATICAL SANS-SERIF BOLD SMALL NU +1D77D;1D77D;1D77D;03BE;03BE; # (ð½ð½; ð½ð½; ð½ð½; ξ; ξ; ) MATHEMATICAL SANS-SERIF BOLD SMALL XI +1D77E;1D77E;1D77E;03BF;03BF; # (ð¾ð¾; ð¾ð¾; ð¾ð¾; ο; ο; ) MATHEMATICAL SANS-SERIF BOLD SMALL OMICRON +1D77F;1D77F;1D77F;03C0;03C0; # (ð¿ð¿; ð¿ð¿; ð¿ð¿; Ï€; Ï€; ) MATHEMATICAL SANS-SERIF BOLD SMALL PI +1D780;1D780;1D780;03C1;03C1; # (ðž€ðž€; ðž€ðž€; ðž€ðž€; Ï; Ï; ) MATHEMATICAL SANS-SERIF BOLD SMALL RHO +1D781;1D781;1D781;03C2;03C2; # (ðžðž; ðžðž; ðžðž; Ï‚; Ï‚; ) MATHEMATICAL SANS-SERIF BOLD SMALL FINAL SIGMA +1D782;1D782;1D782;03C3;03C3; # (ðž‚ðž‚; ðž‚ðž‚; ðž‚ðž‚; σ; σ; ) MATHEMATICAL SANS-SERIF BOLD SMALL SIGMA +1D783;1D783;1D783;03C4;03C4; # (ðžƒðžƒ; ðžƒðžƒ; ðžƒðžƒ; Ï„; Ï„; ) MATHEMATICAL SANS-SERIF BOLD SMALL TAU +1D784;1D784;1D784;03C5;03C5; # (ðž„ðž„; ðž„ðž„; ðž„ðž„; Ï…; Ï…; ) MATHEMATICAL SANS-SERIF BOLD SMALL UPSILON +1D785;1D785;1D785;03C6;03C6; # (ðž…ðž…; ðž…ðž…; ðž…ðž…; φ; φ; ) MATHEMATICAL SANS-SERIF BOLD SMALL PHI +1D786;1D786;1D786;03C7;03C7; # (ðž†ðž†; ðž†ðž†; ðž†ðž†; χ; χ; ) MATHEMATICAL SANS-SERIF BOLD SMALL CHI +1D787;1D787;1D787;03C8;03C8; # (ðž‡ðž‡; ðž‡ðž‡; ðž‡ðž‡; ψ; ψ; ) MATHEMATICAL SANS-SERIF BOLD SMALL PSI +1D788;1D788;1D788;03C9;03C9; # (ðžˆðžˆ; ðžˆðžˆ; ðžˆðžˆ; ω; ω; ) MATHEMATICAL SANS-SERIF BOLD SMALL OMEGA +1D789;1D789;1D789;2202;2202; # (ðž‰ðž‰; ðž‰ðž‰; ðž‰ðž‰; ∂; ∂; ) MATHEMATICAL SANS-SERIF BOLD PARTIAL DIFFERENTIAL +1D78A;1D78A;1D78A;03B5;03B5; # (ðžŠðžŠ; ðžŠðžŠ; ðžŠðžŠ; ε; ε; ) MATHEMATICAL SANS-SERIF BOLD EPSILON SYMBOL +1D78B;1D78B;1D78B;03B8;03B8; # (ðž‹ðž‹; ðž‹ðž‹; ðž‹ðž‹; θ; θ; ) MATHEMATICAL SANS-SERIF BOLD THETA SYMBOL +1D78C;1D78C;1D78C;03BA;03BA; # (ðžŒðžŒ; ðžŒðžŒ; ðžŒðžŒ; κ; κ; ) MATHEMATICAL SANS-SERIF BOLD KAPPA SYMBOL +1D78D;1D78D;1D78D;03C6;03C6; # (ðžðž; ðžðž; ðžðž; φ; φ; ) MATHEMATICAL SANS-SERIF BOLD PHI SYMBOL +1D78E;1D78E;1D78E;03C1;03C1; # (ðžŽðžŽ; ðžŽðžŽ; ðžŽðžŽ; Ï; Ï; ) MATHEMATICAL SANS-SERIF BOLD RHO SYMBOL +1D78F;1D78F;1D78F;03C0;03C0; # (ðžðž; ðžðž; ðžðž; Ï€; Ï€; ) MATHEMATICAL SANS-SERIF BOLD PI SYMBOL +1D790;1D790;1D790;0391;0391; # (ðžðž; ðžðž; ðžðž; Α; Α; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ALPHA +1D791;1D791;1D791;0392;0392; # (ðž‘ðž‘; ðž‘ðž‘; ðž‘ðž‘; Î’; Î’; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL BETA +1D792;1D792;1D792;0393;0393; # (ðž’ðž’; ðž’ðž’; ðž’ðž’; Γ; Γ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL GAMMA +1D793;1D793;1D793;0394;0394; # (ðž“ðž“; ðž“ðž“; ðž“ðž“; Δ; Δ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL DELTA +1D794;1D794;1D794;0395;0395; # (ðž”ðž”; ðž”ðž”; ðž”ðž”; Ε; Ε; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL EPSILON +1D795;1D795;1D795;0396;0396; # (ðž•ðž•; ðž•ðž•; ðž•ðž•; Ζ; Ζ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ZETA +1D796;1D796;1D796;0397;0397; # (ðž–ðž–; ðž–ðž–; ðž–ðž–; Η; Η; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ETA +1D797;1D797;1D797;0398;0398; # (ðž—ðž—; ðž—ðž—; ðž—ðž—; Θ; Θ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL THETA +1D798;1D798;1D798;0399;0399; # (ðž˜ðž˜; ðž˜ðž˜; ðž˜ðž˜; Ι; Ι; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL IOTA +1D799;1D799;1D799;039A;039A; # (ðž™ðž™; ðž™ðž™; ðž™ðž™; Κ; Κ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL KAPPA +1D79A;1D79A;1D79A;039B;039B; # (ðžšðžš; ðžšðžš; ðžšðžš; Λ; Λ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL LAMDA +1D79B;1D79B;1D79B;039C;039C; # (ðž›ðž›; ðž›ðž›; ðž›ðž›; Îœ; Îœ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL MU +1D79C;1D79C;1D79C;039D;039D; # (ðžœðžœ; ðžœðžœ; ðžœðžœ; Î; Î; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL NU +1D79D;1D79D;1D79D;039E;039E; # (ðžðž; ðžðž; ðžðž; Ξ; Ξ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL XI +1D79E;1D79E;1D79E;039F;039F; # (ðžžðžž; ðžžðžž; ðžžðžž; Ο; Ο; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMICRON +1D79F;1D79F;1D79F;03A0;03A0; # (ðžŸðžŸ; ðžŸðžŸ; ðžŸðžŸ; Π; Π; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PI +1D7A0;1D7A0;1D7A0;03A1;03A1; # (ðž ðž ; ðž ðž ; ðž ðž ; Ρ; Ρ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL RHO +1D7A1;1D7A1;1D7A1;0398;0398; # (ðž¡ðž¡; ðž¡ðž¡; ðž¡ðž¡; Θ; Θ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL THETA SYMBOL +1D7A2;1D7A2;1D7A2;03A3;03A3; # (ðž¢ðž¢; ðž¢ðž¢; ðž¢ðž¢; Σ; Σ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL SIGMA +1D7A3;1D7A3;1D7A3;03A4;03A4; # (ðž£ðž£; ðž£ðž£; ðž£ðž£; Τ; Τ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL TAU +1D7A4;1D7A4;1D7A4;03A5;03A5; # (ðž¤ðž¤; ðž¤ðž¤; ðž¤ðž¤; Î¥; Î¥; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL UPSILON +1D7A5;1D7A5;1D7A5;03A6;03A6; # (ðž¥ðž¥; ðž¥ðž¥; ðž¥ðž¥; Φ; Φ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PHI +1D7A6;1D7A6;1D7A6;03A7;03A7; # (ðž¦ðž¦; ðž¦ðž¦; ðž¦ðž¦; Χ; Χ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL CHI +1D7A7;1D7A7;1D7A7;03A8;03A8; # (ðž§ðž§; ðž§ðž§; ðž§ðž§; Ψ; Ψ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PSI +1D7A8;1D7A8;1D7A8;03A9;03A9; # (ðž¨ðž¨; ðž¨ðž¨; ðž¨ðž¨; Ω; Ω; ) MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMEGA +1D7A9;1D7A9;1D7A9;2207;2207; # (ðž©ðž©; ðž©ðž©; ðž©ðž©; ∇; ∇; ) MATHEMATICAL SANS-SERIF BOLD ITALIC NABLA +1D7AA;1D7AA;1D7AA;03B1;03B1; # (ðžªðžª; ðžªðžª; ðžªðžª; α; α; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ALPHA +1D7AB;1D7AB;1D7AB;03B2;03B2; # (ðž«ðž«; ðž«ðž«; ðž«ðž«; β; β; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL BETA +1D7AC;1D7AC;1D7AC;03B3;03B3; # (ðž¬ðž¬; ðž¬ðž¬; ðž¬ðž¬; γ; γ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL GAMMA +1D7AD;1D7AD;1D7AD;03B4;03B4; # (ðž­ðž­; ðž­ðž­; ðž­ðž­; δ; δ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL DELTA +1D7AE;1D7AE;1D7AE;03B5;03B5; # (ðž®ðž®; ðž®ðž®; ðž®ðž®; ε; ε; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL EPSILON +1D7AF;1D7AF;1D7AF;03B6;03B6; # (ðž¯ðž¯; ðž¯ðž¯; ðž¯ðž¯; ζ; ζ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ZETA +1D7B0;1D7B0;1D7B0;03B7;03B7; # (ðž°ðž°; ðž°ðž°; ðž°ðž°; η; η; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ETA +1D7B1;1D7B1;1D7B1;03B8;03B8; # (ðž±ðž±; ðž±ðž±; ðž±ðž±; θ; θ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL THETA +1D7B2;1D7B2;1D7B2;03B9;03B9; # (ðž²ðž²; ðž²ðž²; ðž²ðž²; ι; ι; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL IOTA +1D7B3;1D7B3;1D7B3;03BA;03BA; # (ðž³ðž³; ðž³ðž³; ðž³ðž³; κ; κ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL KAPPA +1D7B4;1D7B4;1D7B4;03BB;03BB; # (ðž´ðž´; ðž´ðž´; ðž´ðž´; λ; λ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL LAMDA +1D7B5;1D7B5;1D7B5;03BC;03BC; # (ðžµðžµ; ðžµðžµ; ðžµðžµ; μ; μ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL MU +1D7B6;1D7B6;1D7B6;03BD;03BD; # (ðž¶ðž¶; ðž¶ðž¶; ðž¶ðž¶; ν; ν; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL NU +1D7B7;1D7B7;1D7B7;03BE;03BE; # (ðž·ðž·; ðž·ðž·; ðž·ðž·; ξ; ξ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL XI +1D7B8;1D7B8;1D7B8;03BF;03BF; # (ðž¸ðž¸; ðž¸ðž¸; ðž¸ðž¸; ο; ο; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMICRON +1D7B9;1D7B9;1D7B9;03C0;03C0; # (ðž¹ðž¹; ðž¹ðž¹; ðž¹ðž¹; Ï€; Ï€; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PI +1D7BA;1D7BA;1D7BA;03C1;03C1; # (ðžºðžº; ðžºðžº; ðžºðžº; Ï; Ï; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL RHO +1D7BB;1D7BB;1D7BB;03C2;03C2; # (ðž»ðž»; ðž»ðž»; ðž»ðž»; Ï‚; Ï‚; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL FINAL SIGMA +1D7BC;1D7BC;1D7BC;03C3;03C3; # (ðž¼ðž¼; ðž¼ðž¼; ðž¼ðž¼; σ; σ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL SIGMA +1D7BD;1D7BD;1D7BD;03C4;03C4; # (ðž½ðž½; ðž½ðž½; ðž½ðž½; Ï„; Ï„; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL TAU +1D7BE;1D7BE;1D7BE;03C5;03C5; # (ðž¾ðž¾; ðž¾ðž¾; ðž¾ðž¾; Ï…; Ï…; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL UPSILON +1D7BF;1D7BF;1D7BF;03C6;03C6; # (ðž¿ðž¿; ðž¿ðž¿; ðž¿ðž¿; φ; φ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PHI +1D7C0;1D7C0;1D7C0;03C7;03C7; # (ðŸ€ðŸ€; ðŸ€ðŸ€; ðŸ€ðŸ€; χ; χ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL CHI +1D7C1;1D7C1;1D7C1;03C8;03C8; # (ðŸðŸ; ðŸðŸ; ðŸðŸ; ψ; ψ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PSI +1D7C2;1D7C2;1D7C2;03C9;03C9; # (ðŸ‚ðŸ‚; ðŸ‚ðŸ‚; ðŸ‚ðŸ‚; ω; ω; ) MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMEGA +1D7C3;1D7C3;1D7C3;2202;2202; # (ðŸƒðŸƒ; ðŸƒðŸƒ; ðŸƒðŸƒ; ∂; ∂; ) MATHEMATICAL SANS-SERIF BOLD ITALIC PARTIAL DIFFERENTIAL +1D7C4;1D7C4;1D7C4;03B5;03B5; # (ðŸ„ðŸ„; ðŸ„ðŸ„; ðŸ„ðŸ„; ε; ε; ) MATHEMATICAL SANS-SERIF BOLD ITALIC EPSILON SYMBOL +1D7C5;1D7C5;1D7C5;03B8;03B8; # (ðŸ…ðŸ…; ðŸ…ðŸ…; ðŸ…ðŸ…; θ; θ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC THETA SYMBOL +1D7C6;1D7C6;1D7C6;03BA;03BA; # (ðŸ†ðŸ†; ðŸ†ðŸ†; ðŸ†ðŸ†; κ; κ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC KAPPA SYMBOL +1D7C7;1D7C7;1D7C7;03C6;03C6; # (ðŸ‡ðŸ‡; ðŸ‡ðŸ‡; ðŸ‡ðŸ‡; φ; φ; ) MATHEMATICAL SANS-SERIF BOLD ITALIC PHI SYMBOL +1D7C8;1D7C8;1D7C8;03C1;03C1; # (ðŸˆðŸˆ; ðŸˆðŸˆ; ðŸˆðŸˆ; Ï; Ï; ) MATHEMATICAL SANS-SERIF BOLD ITALIC RHO SYMBOL +1D7C9;1D7C9;1D7C9;03C0;03C0; # (ðŸ‰ðŸ‰; ðŸ‰ðŸ‰; ðŸ‰ðŸ‰; Ï€; Ï€; ) MATHEMATICAL SANS-SERIF BOLD ITALIC PI SYMBOL +1D7CE;1D7CE;1D7CE;0030;0030; # (ðŸŽðŸŽ; ðŸŽðŸŽ; ðŸŽðŸŽ; 0; 0; ) MATHEMATICAL BOLD DIGIT ZERO +1D7CF;1D7CF;1D7CF;0031;0031; # (ðŸðŸ; ðŸðŸ; ðŸðŸ; 1; 1; ) MATHEMATICAL BOLD DIGIT ONE +1D7D0;1D7D0;1D7D0;0032;0032; # (ðŸðŸ; ðŸðŸ; ðŸðŸ; 2; 2; ) MATHEMATICAL BOLD DIGIT TWO +1D7D1;1D7D1;1D7D1;0033;0033; # (ðŸ‘ðŸ‘; ðŸ‘ðŸ‘; ðŸ‘ðŸ‘; 3; 3; ) MATHEMATICAL BOLD DIGIT THREE +1D7D2;1D7D2;1D7D2;0034;0034; # (ðŸ’ðŸ’; ðŸ’ðŸ’; ðŸ’ðŸ’; 4; 4; ) MATHEMATICAL BOLD DIGIT FOUR +1D7D3;1D7D3;1D7D3;0035;0035; # (ðŸ“ðŸ“; ðŸ“ðŸ“; ðŸ“ðŸ“; 5; 5; ) MATHEMATICAL BOLD DIGIT FIVE +1D7D4;1D7D4;1D7D4;0036;0036; # (ðŸ”ðŸ”; ðŸ”ðŸ”; ðŸ”ðŸ”; 6; 6; ) MATHEMATICAL BOLD DIGIT SIX +1D7D5;1D7D5;1D7D5;0037;0037; # (ðŸ•ðŸ•; ðŸ•ðŸ•; ðŸ•ðŸ•; 7; 7; ) MATHEMATICAL BOLD DIGIT SEVEN +1D7D6;1D7D6;1D7D6;0038;0038; # (ðŸ–ðŸ–; ðŸ–ðŸ–; ðŸ–ðŸ–; 8; 8; ) MATHEMATICAL BOLD DIGIT EIGHT +1D7D7;1D7D7;1D7D7;0039;0039; # (ðŸ—ðŸ—; ðŸ—ðŸ—; ðŸ—ðŸ—; 9; 9; ) MATHEMATICAL BOLD DIGIT NINE +1D7D8;1D7D8;1D7D8;0030;0030; # (ðŸ˜ðŸ˜; ðŸ˜ðŸ˜; ðŸ˜ðŸ˜; 0; 0; ) MATHEMATICAL DOUBLE-STRUCK DIGIT ZERO +1D7D9;1D7D9;1D7D9;0031;0031; # (ðŸ™ðŸ™; ðŸ™ðŸ™; ðŸ™ðŸ™; 1; 1; ) MATHEMATICAL DOUBLE-STRUCK DIGIT ONE +1D7DA;1D7DA;1D7DA;0032;0032; # (ðŸšðŸš; ðŸšðŸš; ðŸšðŸš; 2; 2; ) MATHEMATICAL DOUBLE-STRUCK DIGIT TWO +1D7DB;1D7DB;1D7DB;0033;0033; # (ðŸ›ðŸ›; ðŸ›ðŸ›; ðŸ›ðŸ›; 3; 3; ) MATHEMATICAL DOUBLE-STRUCK DIGIT THREE +1D7DC;1D7DC;1D7DC;0034;0034; # (ðŸœðŸœ; ðŸœðŸœ; ðŸœðŸœ; 4; 4; ) MATHEMATICAL DOUBLE-STRUCK DIGIT FOUR +1D7DD;1D7DD;1D7DD;0035;0035; # (ðŸðŸ; ðŸðŸ; ðŸðŸ; 5; 5; ) MATHEMATICAL DOUBLE-STRUCK DIGIT FIVE +1D7DE;1D7DE;1D7DE;0036;0036; # (ðŸžðŸž; ðŸžðŸž; ðŸžðŸž; 6; 6; ) MATHEMATICAL DOUBLE-STRUCK DIGIT SIX +1D7DF;1D7DF;1D7DF;0037;0037; # (ðŸŸðŸŸ; ðŸŸðŸŸ; ðŸŸðŸŸ; 7; 7; ) MATHEMATICAL DOUBLE-STRUCK DIGIT SEVEN +1D7E0;1D7E0;1D7E0;0038;0038; # (ðŸ ðŸ ; ðŸ ðŸ ; ðŸ ðŸ ; 8; 8; ) MATHEMATICAL DOUBLE-STRUCK DIGIT EIGHT +1D7E1;1D7E1;1D7E1;0039;0039; # (ðŸ¡ðŸ¡; ðŸ¡ðŸ¡; ðŸ¡ðŸ¡; 9; 9; ) MATHEMATICAL DOUBLE-STRUCK DIGIT NINE +1D7E2;1D7E2;1D7E2;0030;0030; # (ðŸ¢ðŸ¢; ðŸ¢ðŸ¢; ðŸ¢ðŸ¢; 0; 0; ) MATHEMATICAL SANS-SERIF DIGIT ZERO +1D7E3;1D7E3;1D7E3;0031;0031; # (ðŸ£ðŸ£; ðŸ£ðŸ£; ðŸ£ðŸ£; 1; 1; ) MATHEMATICAL SANS-SERIF DIGIT ONE +1D7E4;1D7E4;1D7E4;0032;0032; # (ðŸ¤ðŸ¤; ðŸ¤ðŸ¤; ðŸ¤ðŸ¤; 2; 2; ) MATHEMATICAL SANS-SERIF DIGIT TWO +1D7E5;1D7E5;1D7E5;0033;0033; # (ðŸ¥ðŸ¥; ðŸ¥ðŸ¥; ðŸ¥ðŸ¥; 3; 3; ) MATHEMATICAL SANS-SERIF DIGIT THREE +1D7E6;1D7E6;1D7E6;0034;0034; # (ðŸ¦ðŸ¦; ðŸ¦ðŸ¦; ðŸ¦ðŸ¦; 4; 4; ) MATHEMATICAL SANS-SERIF DIGIT FOUR +1D7E7;1D7E7;1D7E7;0035;0035; # (ðŸ§ðŸ§; ðŸ§ðŸ§; ðŸ§ðŸ§; 5; 5; ) MATHEMATICAL SANS-SERIF DIGIT FIVE +1D7E8;1D7E8;1D7E8;0036;0036; # (ðŸ¨ðŸ¨; ðŸ¨ðŸ¨; ðŸ¨ðŸ¨; 6; 6; ) MATHEMATICAL SANS-SERIF DIGIT SIX +1D7E9;1D7E9;1D7E9;0037;0037; # (ðŸ©ðŸ©; ðŸ©ðŸ©; ðŸ©ðŸ©; 7; 7; ) MATHEMATICAL SANS-SERIF DIGIT SEVEN +1D7EA;1D7EA;1D7EA;0038;0038; # (ðŸªðŸª; ðŸªðŸª; ðŸªðŸª; 8; 8; ) MATHEMATICAL SANS-SERIF DIGIT EIGHT +1D7EB;1D7EB;1D7EB;0039;0039; # (ðŸ«ðŸ«; ðŸ«ðŸ«; ðŸ«ðŸ«; 9; 9; ) MATHEMATICAL SANS-SERIF DIGIT NINE +1D7EC;1D7EC;1D7EC;0030;0030; # (ðŸ¬ðŸ¬; ðŸ¬ðŸ¬; ðŸ¬ðŸ¬; 0; 0; ) MATHEMATICAL SANS-SERIF BOLD DIGIT ZERO +1D7ED;1D7ED;1D7ED;0031;0031; # (ðŸ­ðŸ­; ðŸ­ðŸ­; ðŸ­ðŸ­; 1; 1; ) MATHEMATICAL SANS-SERIF BOLD DIGIT ONE +1D7EE;1D7EE;1D7EE;0032;0032; # (ðŸ®ðŸ®; ðŸ®ðŸ®; ðŸ®ðŸ®; 2; 2; ) MATHEMATICAL SANS-SERIF BOLD DIGIT TWO +1D7EF;1D7EF;1D7EF;0033;0033; # (ðŸ¯ðŸ¯; ðŸ¯ðŸ¯; ðŸ¯ðŸ¯; 3; 3; ) MATHEMATICAL SANS-SERIF BOLD DIGIT THREE +1D7F0;1D7F0;1D7F0;0034;0034; # (ðŸ°ðŸ°; ðŸ°ðŸ°; ðŸ°ðŸ°; 4; 4; ) MATHEMATICAL SANS-SERIF BOLD DIGIT FOUR +1D7F1;1D7F1;1D7F1;0035;0035; # (ðŸ±ðŸ±; ðŸ±ðŸ±; ðŸ±ðŸ±; 5; 5; ) MATHEMATICAL SANS-SERIF BOLD DIGIT FIVE +1D7F2;1D7F2;1D7F2;0036;0036; # (ðŸ²ðŸ²; ðŸ²ðŸ²; ðŸ²ðŸ²; 6; 6; ) MATHEMATICAL SANS-SERIF BOLD DIGIT SIX +1D7F3;1D7F3;1D7F3;0037;0037; # (ðŸ³ðŸ³; ðŸ³ðŸ³; ðŸ³ðŸ³; 7; 7; ) MATHEMATICAL SANS-SERIF BOLD DIGIT SEVEN +1D7F4;1D7F4;1D7F4;0038;0038; # (ðŸ´ðŸ´; ðŸ´ðŸ´; ðŸ´ðŸ´; 8; 8; ) MATHEMATICAL SANS-SERIF BOLD DIGIT EIGHT +1D7F5;1D7F5;1D7F5;0039;0039; # (ðŸµðŸµ; ðŸµðŸµ; ðŸµðŸµ; 9; 9; ) MATHEMATICAL SANS-SERIF BOLD DIGIT NINE +1D7F6;1D7F6;1D7F6;0030;0030; # (ðŸ¶ðŸ¶; ðŸ¶ðŸ¶; ðŸ¶ðŸ¶; 0; 0; ) MATHEMATICAL MONOSPACE DIGIT ZERO +1D7F7;1D7F7;1D7F7;0031;0031; # (ðŸ·ðŸ·; ðŸ·ðŸ·; ðŸ·ðŸ·; 1; 1; ) MATHEMATICAL MONOSPACE DIGIT ONE +1D7F8;1D7F8;1D7F8;0032;0032; # (ðŸ¸ðŸ¸; ðŸ¸ðŸ¸; ðŸ¸ðŸ¸; 2; 2; ) MATHEMATICAL MONOSPACE DIGIT TWO +1D7F9;1D7F9;1D7F9;0033;0033; # (ðŸ¹ðŸ¹; ðŸ¹ðŸ¹; ðŸ¹ðŸ¹; 3; 3; ) MATHEMATICAL MONOSPACE DIGIT THREE +1D7FA;1D7FA;1D7FA;0034;0034; # (ðŸºðŸº; ðŸºðŸº; ðŸºðŸº; 4; 4; ) MATHEMATICAL MONOSPACE DIGIT FOUR +1D7FB;1D7FB;1D7FB;0035;0035; # (ðŸ»ðŸ»; ðŸ»ðŸ»; ðŸ»ðŸ»; 5; 5; ) MATHEMATICAL MONOSPACE DIGIT FIVE +1D7FC;1D7FC;1D7FC;0036;0036; # (ðŸ¼ðŸ¼; ðŸ¼ðŸ¼; ðŸ¼ðŸ¼; 6; 6; ) MATHEMATICAL MONOSPACE DIGIT SIX +1D7FD;1D7FD;1D7FD;0037;0037; # (ðŸ½ðŸ½; ðŸ½ðŸ½; ðŸ½ðŸ½; 7; 7; ) MATHEMATICAL MONOSPACE DIGIT SEVEN +1D7FE;1D7FE;1D7FE;0038;0038; # (ðŸ¾ðŸ¾; ðŸ¾ðŸ¾; ðŸ¾ðŸ¾; 8; 8; ) MATHEMATICAL MONOSPACE DIGIT EIGHT +1D7FF;1D7FF;1D7FF;0039;0039; # (ðŸ¿ðŸ¿; ðŸ¿ðŸ¿; ðŸ¿ðŸ¿; 9; 9; ) MATHEMATICAL MONOSPACE DIGIT NINE +2F800;4E3D;4E3D;4E3D;4E3D; # (丽丽; 丽; 丽; 丽; 丽; ) CJK COMPATIBILITY IDEOGRAPH-2F800 +2F801;4E38;4E38;4E38;4E38; # (ð¯ ð¯ ; 丸; 丸; 丸; 丸; ) CJK COMPATIBILITY IDEOGRAPH-2F801 +2F802;4E41;4E41;4E41;4E41; # (乁乁; ä¹; ä¹; ä¹; ä¹; ) CJK COMPATIBILITY IDEOGRAPH-2F802 +2F803;20122;20122;20122;20122; # (𠄢𠄢; 𠄢𠄢; 𠄢𠄢; 𠄢𠄢; 𠄢𠄢; ) CJK COMPATIBILITY IDEOGRAPH-2F803 +2F804;4F60;4F60;4F60;4F60; # (你你; ä½ ; ä½ ; ä½ ; ä½ ; ) CJK COMPATIBILITY IDEOGRAPH-2F804 +2F805;4FAE;4FAE;4FAE;4FAE; # (侮侮; ä¾®; ä¾®; ä¾®; ä¾®; ) CJK COMPATIBILITY IDEOGRAPH-2F805 +2F806;4FBB;4FBB;4FBB;4FBB; # (侻侻; ä¾»; ä¾»; ä¾»; ä¾»; ) CJK COMPATIBILITY IDEOGRAPH-2F806 +2F807;5002;5002;5002;5002; # (倂倂; 倂; 倂; 倂; 倂; ) CJK COMPATIBILITY IDEOGRAPH-2F807 +2F808;507A;507A;507A;507A; # (偺偺; åº; åº; åº; åº; ) CJK COMPATIBILITY IDEOGRAPH-2F808 +2F809;5099;5099;5099;5099; # (備備; å‚™; å‚™; å‚™; å‚™; ) CJK COMPATIBILITY IDEOGRAPH-2F809 +2F80A;50E7;50E7;50E7;50E7; # (僧僧; 僧; 僧; 僧; 僧; ) CJK COMPATIBILITY IDEOGRAPH-2F80A +2F80B;50CF;50CF;50CF;50CF; # (像像; åƒ; åƒ; åƒ; åƒ; ) CJK COMPATIBILITY IDEOGRAPH-2F80B +2F80C;349E;349E;349E;349E; # (㒞㒞; ã’ž; ã’ž; ã’ž; ã’ž; ) CJK COMPATIBILITY IDEOGRAPH-2F80C +2F80D;2063A;2063A;2063A;2063A; # (ð¯ ð¯ ; 𠘺𠘺; 𠘺𠘺; 𠘺𠘺; 𠘺𠘺; ) CJK COMPATIBILITY IDEOGRAPH-2F80D +2F80E;514D;514D;514D;514D; # (免免; å…; å…; å…; å…; ) CJK COMPATIBILITY IDEOGRAPH-2F80E +2F80F;5154;5154;5154;5154; # (ð¯ ð¯ ; å…”; å…”; å…”; å…”; ) CJK COMPATIBILITY IDEOGRAPH-2F80F +2F810;5164;5164;5164;5164; # (ð¯ ð¯ ; å…¤; å…¤; å…¤; å…¤; ) CJK COMPATIBILITY IDEOGRAPH-2F810 +2F811;5177;5177;5177;5177; # (具具; å…·; å…·; å…·; å…·; ) CJK COMPATIBILITY IDEOGRAPH-2F811 +2F812;2051C;2051C;2051C;2051C; # (𠔜𠔜; 𠔜𠔜; 𠔜𠔜; 𠔜𠔜; 𠔜𠔜; ) CJK COMPATIBILITY IDEOGRAPH-2F812 +2F813;34B9;34B9;34B9;34B9; # (㒹㒹; ã’¹; ã’¹; ã’¹; ã’¹; ) CJK COMPATIBILITY IDEOGRAPH-2F813 +2F814;5167;5167;5167;5167; # (內內; å…§; å…§; å…§; å…§; ) CJK COMPATIBILITY IDEOGRAPH-2F814 +2F815;518D;518D;518D;518D; # (再再; å†; å†; å†; å†; ) CJK COMPATIBILITY IDEOGRAPH-2F815 +2F816;2054B;2054B;2054B;2054B; # (𠕋𠕋; ð •‹ð •‹; ð •‹ð •‹; ð •‹ð •‹; ð •‹ð •‹; ) CJK COMPATIBILITY IDEOGRAPH-2F816 +2F817;5197;5197;5197;5197; # (冗冗; 冗; 冗; 冗; 冗; ) CJK COMPATIBILITY IDEOGRAPH-2F817 +2F818;51A4;51A4;51A4;51A4; # (冤冤; 冤; 冤; 冤; 冤; ) CJK COMPATIBILITY IDEOGRAPH-2F818 +2F819;4ECC;4ECC;4ECC;4ECC; # (仌仌; 仌; 仌; 仌; 仌; ) CJK COMPATIBILITY IDEOGRAPH-2F819 +2F81A;51AC;51AC;51AC;51AC; # (冬冬; 冬; 冬; 冬; 冬; ) CJK COMPATIBILITY IDEOGRAPH-2F81A +2F81B;51B5;51B5;51B5;51B5; # (况况; 况; 况; 况; 况; ) CJK COMPATIBILITY IDEOGRAPH-2F81B +2F81C;291DF;291DF;291DF;291DF; # (𩇟𩇟; 𩇟𩇟; 𩇟𩇟; 𩇟𩇟; 𩇟𩇟; ) CJK COMPATIBILITY IDEOGRAPH-2F81C +2F81D;51F5;51F5;51F5;51F5; # (ð¯ ð¯ ; 凵; 凵; 凵; 凵; ) CJK COMPATIBILITY IDEOGRAPH-2F81D +2F81E;5203;5203;5203;5203; # (刃刃; 刃; 刃; 刃; 刃; ) CJK COMPATIBILITY IDEOGRAPH-2F81E +2F81F;34DF;34DF;34DF;34DF; # (㓟㓟; ã“Ÿ; ã“Ÿ; ã“Ÿ; ã“Ÿ; ) CJK COMPATIBILITY IDEOGRAPH-2F81F +2F820;523B;523B;523B;523B; # (刻刻; 刻; 刻; 刻; 刻; ) CJK COMPATIBILITY IDEOGRAPH-2F820 +2F821;5246;5246;5246;5246; # (剆剆; 剆; 剆; 剆; 剆; ) CJK COMPATIBILITY IDEOGRAPH-2F821 +2F822;5272;5272;5272;5272; # (割割; 割; 割; 割; 割; ) CJK COMPATIBILITY IDEOGRAPH-2F822 +2F823;5277;5277;5277;5277; # (剷剷; 剷; 剷; 剷; 剷; ) CJK COMPATIBILITY IDEOGRAPH-2F823 +2F824;3515;3515;3515;3515; # (㔕㔕; 㔕; 㔕; 㔕; 㔕; ) CJK COMPATIBILITY IDEOGRAPH-2F824 +2F825;52C7;52C7;52C7;52C7; # (勇勇; 勇; 勇; 勇; 勇; ) CJK COMPATIBILITY IDEOGRAPH-2F825 +2F826;52C9;52C9;52C9;52C9; # (勉勉; 勉; 勉; 勉; 勉; ) CJK COMPATIBILITY IDEOGRAPH-2F826 +2F827;52E4;52E4;52E4;52E4; # (勤勤; 勤; 勤; 勤; 勤; ) CJK COMPATIBILITY IDEOGRAPH-2F827 +2F828;52FA;52FA;52FA;52FA; # (勺勺; 勺; 勺; 勺; 勺; ) CJK COMPATIBILITY IDEOGRAPH-2F828 +2F829;5305;5305;5305;5305; # (包包; 包; 包; 包; 包; ) CJK COMPATIBILITY IDEOGRAPH-2F829 +2F82A;5306;5306;5306;5306; # (匆匆; 匆; 匆; 匆; 匆; ) CJK COMPATIBILITY IDEOGRAPH-2F82A +2F82B;5317;5317;5317;5317; # (北北; 北; 北; 北; 北; ) CJK COMPATIBILITY IDEOGRAPH-2F82B +2F82C;5349;5349;5349;5349; # (卉卉; å‰; å‰; å‰; å‰; ) CJK COMPATIBILITY IDEOGRAPH-2F82C +2F82D;5351;5351;5351;5351; # (卑卑; å‘; å‘; å‘; å‘; ) CJK COMPATIBILITY IDEOGRAPH-2F82D +2F82E;535A;535A;535A;535A; # (博博; åš; åš; åš; åš; ) CJK COMPATIBILITY IDEOGRAPH-2F82E +2F82F;5373;5373;5373;5373; # (即即; å³; å³; å³; å³; ) CJK COMPATIBILITY IDEOGRAPH-2F82F +2F830;537D;537D;537D;537D; # (卽卽; å½; å½; å½; å½; ) CJK COMPATIBILITY IDEOGRAPH-2F830 +2F831;537F;537F;537F;537F; # (卿卿; å¿; å¿; å¿; å¿; ) CJK COMPATIBILITY IDEOGRAPH-2F831 +2F832;537F;537F;537F;537F; # (卿卿; å¿; å¿; å¿; å¿; ) CJK COMPATIBILITY IDEOGRAPH-2F832 +2F833;537F;537F;537F;537F; # (卿卿; å¿; å¿; å¿; å¿; ) CJK COMPATIBILITY IDEOGRAPH-2F833 +2F834;20A2C;20A2C;20A2C;20A2C; # (𠨬𠨬; 𠨬𠨬; 𠨬𠨬; 𠨬𠨬; 𠨬𠨬; ) CJK COMPATIBILITY IDEOGRAPH-2F834 +2F835;7070;7070;7070;7070; # (灰灰; ç°; ç°; ç°; ç°; ) CJK COMPATIBILITY IDEOGRAPH-2F835 +2F836;53CA;53CA;53CA;53CA; # (及及; åŠ; åŠ; åŠ; åŠ; ) CJK COMPATIBILITY IDEOGRAPH-2F836 +2F837;53DF;53DF;53DF;53DF; # (叟叟; åŸ; åŸ; åŸ; åŸ; ) CJK COMPATIBILITY IDEOGRAPH-2F837 +2F838;20B63;20B63;20B63;20B63; # (𠭣𠭣; 𠭣𠭣; 𠭣𠭣; 𠭣𠭣; 𠭣𠭣; ) CJK COMPATIBILITY IDEOGRAPH-2F838 +2F839;53EB;53EB;53EB;53EB; # (叫叫; å«; å«; å«; å«; ) CJK COMPATIBILITY IDEOGRAPH-2F839 +2F83A;53F1;53F1;53F1;53F1; # (叱叱; å±; å±; å±; å±; ) CJK COMPATIBILITY IDEOGRAPH-2F83A +2F83B;5406;5406;5406;5406; # (吆吆; å†; å†; å†; å†; ) CJK COMPATIBILITY IDEOGRAPH-2F83B +2F83C;549E;549E;549E;549E; # (咞咞; å’ž; å’ž; å’ž; å’ž; ) CJK COMPATIBILITY IDEOGRAPH-2F83C +2F83D;5438;5438;5438;5438; # (吸吸; å¸; å¸; å¸; å¸; ) CJK COMPATIBILITY IDEOGRAPH-2F83D +2F83E;5448;5448;5448;5448; # (呈呈; 呈; 呈; 呈; 呈; ) CJK COMPATIBILITY IDEOGRAPH-2F83E +2F83F;5468;5468;5468;5468; # (周周; 周; 周; 周; 周; ) CJK COMPATIBILITY IDEOGRAPH-2F83F +2F840;54A2;54A2;54A2;54A2; # (咢咢; å’¢; å’¢; å’¢; å’¢; ) CJK COMPATIBILITY IDEOGRAPH-2F840 +2F841;54F6;54F6;54F6;54F6; # (ð¯¡ð¯¡; 哶; 哶; 哶; 哶; ) CJK COMPATIBILITY IDEOGRAPH-2F841 +2F842;5510;5510;5510;5510; # (唐唐; å”; å”; å”; å”; ) CJK COMPATIBILITY IDEOGRAPH-2F842 +2F843;5553;5553;5553;5553; # (啓啓; å•“; å•“; å•“; å•“; ) CJK COMPATIBILITY IDEOGRAPH-2F843 +2F844;5563;5563;5563;5563; # (啣啣; å•£; å•£; å•£; å•£; ) CJK COMPATIBILITY IDEOGRAPH-2F844 +2F845;5584;5584;5584;5584; # (善善; å–„; å–„; å–„; å–„; ) CJK COMPATIBILITY IDEOGRAPH-2F845 +2F846;5584;5584;5584;5584; # (善善; å–„; å–„; å–„; å–„; ) CJK COMPATIBILITY IDEOGRAPH-2F846 +2F847;5599;5599;5599;5599; # (喙喙; å–™; å–™; å–™; å–™; ) CJK COMPATIBILITY IDEOGRAPH-2F847 +2F848;55AB;55AB;55AB;55AB; # (喫喫; å–«; å–«; å–«; å–«; ) CJK COMPATIBILITY IDEOGRAPH-2F848 +2F849;55B3;55B3;55B3;55B3; # (喳喳; å–³; å–³; å–³; å–³; ) CJK COMPATIBILITY IDEOGRAPH-2F849 +2F84A;55C2;55C2;55C2;55C2; # (嗂嗂; å—‚; å—‚; å—‚; å—‚; ) CJK COMPATIBILITY IDEOGRAPH-2F84A +2F84B;5716;5716;5716;5716; # (圖圖; 圖; 圖; 圖; 圖; ) CJK COMPATIBILITY IDEOGRAPH-2F84B +2F84C;5606;5606;5606;5606; # (嘆嘆; 嘆; 嘆; 嘆; 嘆; ) CJK COMPATIBILITY IDEOGRAPH-2F84C +2F84D;5717;5717;5717;5717; # (ð¯¡ð¯¡; 圗; 圗; 圗; 圗; ) CJK COMPATIBILITY IDEOGRAPH-2F84D +2F84E;5651;5651;5651;5651; # (噑噑; 噑; 噑; 噑; 噑; ) CJK COMPATIBILITY IDEOGRAPH-2F84E +2F84F;5674;5674;5674;5674; # (ð¯¡ð¯¡; å™´; å™´; å™´; å™´; ) CJK COMPATIBILITY IDEOGRAPH-2F84F +2F850;5207;5207;5207;5207; # (ð¯¡ð¯¡; 切; 切; 切; 切; ) CJK COMPATIBILITY IDEOGRAPH-2F850 +2F851;58EE;58EE;58EE;58EE; # (壮壮; 壮; 壮; 壮; 壮; ) CJK COMPATIBILITY IDEOGRAPH-2F851 +2F852;57CE;57CE;57CE;57CE; # (城城; 城; 城; 城; 城; ) CJK COMPATIBILITY IDEOGRAPH-2F852 +2F853;57F4;57F4;57F4;57F4; # (埴埴; 埴; 埴; 埴; 埴; ) CJK COMPATIBILITY IDEOGRAPH-2F853 +2F854;580D;580D;580D;580D; # (堍堍; å ; å ; å ; å ; ) CJK COMPATIBILITY IDEOGRAPH-2F854 +2F855;578B;578B;578B;578B; # (型型; åž‹; åž‹; åž‹; åž‹; ) CJK COMPATIBILITY IDEOGRAPH-2F855 +2F856;5832;5832;5832;5832; # (堲堲; å ²; å ²; å ²; å ²; ) CJK COMPATIBILITY IDEOGRAPH-2F856 +2F857;5831;5831;5831;5831; # (報報; å ±; å ±; å ±; å ±; ) CJK COMPATIBILITY IDEOGRAPH-2F857 +2F858;58AC;58AC;58AC;58AC; # (墬墬; 墬; 墬; 墬; 墬; ) CJK COMPATIBILITY IDEOGRAPH-2F858 +2F859;214E4;214E4;214E4;214E4; # (𡓤𡓤; 𡓤𡓤; 𡓤𡓤; 𡓤𡓤; 𡓤𡓤; ) CJK COMPATIBILITY IDEOGRAPH-2F859 +2F85A;58F2;58F2;58F2;58F2; # (売売; 売; 売; 売; 売; ) CJK COMPATIBILITY IDEOGRAPH-2F85A +2F85B;58F7;58F7;58F7;58F7; # (壷壷; 壷; 壷; 壷; 壷; ) CJK COMPATIBILITY IDEOGRAPH-2F85B +2F85C;5906;5906;5906;5906; # (夆夆; 夆; 夆; 夆; 夆; ) CJK COMPATIBILITY IDEOGRAPH-2F85C +2F85D;591A;591A;591A;591A; # (ð¯¡ð¯¡; 多; 多; 多; 多; ) CJK COMPATIBILITY IDEOGRAPH-2F85D +2F85E;5922;5922;5922;5922; # (夢夢; 夢; 夢; 夢; 夢; ) CJK COMPATIBILITY IDEOGRAPH-2F85E +2F85F;5962;5962;5962;5962; # (奢奢; 奢; 奢; 奢; 奢; ) CJK COMPATIBILITY IDEOGRAPH-2F85F +2F860;216A8;216A8;216A8;216A8; # (𡚨𡚨; 𡚨𡚨; 𡚨𡚨; 𡚨𡚨; 𡚨𡚨; ) CJK COMPATIBILITY IDEOGRAPH-2F860 +2F861;216EA;216EA;216EA;216EA; # (𡛪𡛪; 𡛪𡛪; 𡛪𡛪; 𡛪𡛪; 𡛪𡛪; ) CJK COMPATIBILITY IDEOGRAPH-2F861 +2F862;59EC;59EC;59EC;59EC; # (姬姬; 姬; 姬; 姬; 姬; ) CJK COMPATIBILITY IDEOGRAPH-2F862 +2F863;5A1B;5A1B;5A1B;5A1B; # (娛娛; 娛; 娛; 娛; 娛; ) CJK COMPATIBILITY IDEOGRAPH-2F863 +2F864;5A27;5A27;5A27;5A27; # (娧娧; 娧; 娧; 娧; 娧; ) CJK COMPATIBILITY IDEOGRAPH-2F864 +2F865;59D8;59D8;59D8;59D8; # (姘姘; 姘; 姘; 姘; 姘; ) CJK COMPATIBILITY IDEOGRAPH-2F865 +2F866;5A66;5A66;5A66;5A66; # (婦婦; 婦; 婦; 婦; 婦; ) CJK COMPATIBILITY IDEOGRAPH-2F866 +2F867;36EE;36EE;36EE;36EE; # (㛮㛮; ã›®; ã›®; ã›®; ã›®; ) CJK COMPATIBILITY IDEOGRAPH-2F867 +2F868;36FC;36FC;36FC;36FC; # (㛼㛼; 㛼; 㛼; 㛼; 㛼; ) CJK COMPATIBILITY IDEOGRAPH-2F868 +2F869;5B08;5B08;5B08;5B08; # (嬈嬈; 嬈; 嬈; 嬈; 嬈; ) CJK COMPATIBILITY IDEOGRAPH-2F869 +2F86A;5B3E;5B3E;5B3E;5B3E; # (嬾嬾; 嬾; 嬾; 嬾; 嬾; ) CJK COMPATIBILITY IDEOGRAPH-2F86A +2F86B;5B3E;5B3E;5B3E;5B3E; # (嬾嬾; 嬾; 嬾; 嬾; 嬾; ) CJK COMPATIBILITY IDEOGRAPH-2F86B +2F86C;219C8;219C8;219C8;219C8; # (𡧈𡧈; 𡧈𡧈; 𡧈𡧈; 𡧈𡧈; 𡧈𡧈; ) CJK COMPATIBILITY IDEOGRAPH-2F86C +2F86D;5BC3;5BC3;5BC3;5BC3; # (寃寃; 寃; 寃; 寃; 寃; ) CJK COMPATIBILITY IDEOGRAPH-2F86D +2F86E;5BD8;5BD8;5BD8;5BD8; # (寘寘; 寘; 寘; 寘; 寘; ) CJK COMPATIBILITY IDEOGRAPH-2F86E +2F86F;5BE7;5BE7;5BE7;5BE7; # (寧寧; 寧; 寧; 寧; 寧; ) CJK COMPATIBILITY IDEOGRAPH-2F86F +2F870;5BF3;5BF3;5BF3;5BF3; # (寳寳; 寳; 寳; 寳; 寳; ) CJK COMPATIBILITY IDEOGRAPH-2F870 +2F871;21B18;21B18;21B18;21B18; # (𡬘𡬘; 𡬘𡬘; 𡬘𡬘; 𡬘𡬘; 𡬘𡬘; ) CJK COMPATIBILITY IDEOGRAPH-2F871 +2F872;5BFF;5BFF;5BFF;5BFF; # (寿寿; 寿; 寿; 寿; 寿; ) CJK COMPATIBILITY IDEOGRAPH-2F872 +2F873;5C06;5C06;5C06;5C06; # (将将; å°†; å°†; å°†; å°†; ) CJK COMPATIBILITY IDEOGRAPH-2F873 +2F874;5F53;5F53;5F53;5F53; # (当当; 当; 当; 当; 当; ) CJK COMPATIBILITY IDEOGRAPH-2F874 +2F875;5C22;5C22;5C22;5C22; # (尢尢; å°¢; å°¢; å°¢; å°¢; ) CJK COMPATIBILITY IDEOGRAPH-2F875 +2F876;3781;3781;3781;3781; # (㞁㞁; ãž; ãž; ãž; ãž; ) CJK COMPATIBILITY IDEOGRAPH-2F876 +2F877;5C60;5C60;5C60;5C60; # (屠屠; å± ; å± ; å± ; å± ; ) CJK COMPATIBILITY IDEOGRAPH-2F877 +2F878;5C6E;5C6E;5C6E;5C6E; # (屮屮; å±®; å±®; å±®; å±®; ) CJK COMPATIBILITY IDEOGRAPH-2F878 +2F879;5CC0;5CC0;5CC0;5CC0; # (峀峀; å³€; å³€; å³€; å³€; ) CJK COMPATIBILITY IDEOGRAPH-2F879 +2F87A;5C8D;5C8D;5C8D;5C8D; # (岍岍; å²; å²; å²; å²; ) CJK COMPATIBILITY IDEOGRAPH-2F87A +2F87B;21DE4;21DE4;21DE4;21DE4; # (𡷤𡷤; 𡷤𡷤; 𡷤𡷤; 𡷤𡷤; 𡷤𡷤; ) CJK COMPATIBILITY IDEOGRAPH-2F87B +2F87C;5D43;5D43;5D43;5D43; # (嵃嵃; 嵃; 嵃; 嵃; 嵃; ) CJK COMPATIBILITY IDEOGRAPH-2F87C +2F87D;21DE6;21DE6;21DE6;21DE6; # (𡷦𡷦; 𡷦𡷦; 𡷦𡷦; 𡷦𡷦; 𡷦𡷦; ) CJK COMPATIBILITY IDEOGRAPH-2F87D +2F87E;5D6E;5D6E;5D6E;5D6E; # (嵮嵮; åµ®; åµ®; åµ®; åµ®; ) CJK COMPATIBILITY IDEOGRAPH-2F87E +2F87F;5D6B;5D6B;5D6B;5D6B; # (嵫嵫; 嵫; 嵫; 嵫; 嵫; ) CJK COMPATIBILITY IDEOGRAPH-2F87F +2F880;5D7C;5D7C;5D7C;5D7C; # (嵼嵼; åµ¼; åµ¼; åµ¼; åµ¼; ) CJK COMPATIBILITY IDEOGRAPH-2F880 +2F881;5DE1;5DE1;5DE1;5DE1; # (ð¯¢ð¯¢; å·¡; å·¡; å·¡; å·¡; ) CJK COMPATIBILITY IDEOGRAPH-2F881 +2F882;5DE2;5DE2;5DE2;5DE2; # (巢巢; å·¢; å·¢; å·¢; å·¢; ) CJK COMPATIBILITY IDEOGRAPH-2F882 +2F883;382F;382F;382F;382F; # (㠯㠯; ã ¯; ã ¯; ã ¯; ã ¯; ) CJK COMPATIBILITY IDEOGRAPH-2F883 +2F884;5DFD;5DFD;5DFD;5DFD; # (巽巽; å·½; å·½; å·½; å·½; ) CJK COMPATIBILITY IDEOGRAPH-2F884 +2F885;5E28;5E28;5E28;5E28; # (帨帨; 帨; 帨; 帨; 帨; ) CJK COMPATIBILITY IDEOGRAPH-2F885 +2F886;5E3D;5E3D;5E3D;5E3D; # (帽帽; 帽; 帽; 帽; 帽; ) CJK COMPATIBILITY IDEOGRAPH-2F886 +2F887;5E69;5E69;5E69;5E69; # (幩幩; 幩; 幩; 幩; 幩; ) CJK COMPATIBILITY IDEOGRAPH-2F887 +2F888;3862;3862;3862;3862; # (㡢㡢; ã¡¢; ã¡¢; ã¡¢; ã¡¢; ) CJK COMPATIBILITY IDEOGRAPH-2F888 +2F889;22183;22183;22183;22183; # (𢆃𢆃; 𢆃𢆃; 𢆃𢆃; 𢆃𢆃; 𢆃𢆃; ) CJK COMPATIBILITY IDEOGRAPH-2F889 +2F88A;387C;387C;387C;387C; # (㡼㡼; 㡼; 㡼; 㡼; 㡼; ) CJK COMPATIBILITY IDEOGRAPH-2F88A +2F88B;5EB0;5EB0;5EB0;5EB0; # (庰庰; 庰; 庰; 庰; 庰; ) CJK COMPATIBILITY IDEOGRAPH-2F88B +2F88C;5EB3;5EB3;5EB3;5EB3; # (庳庳; 庳; 庳; 庳; 庳; ) CJK COMPATIBILITY IDEOGRAPH-2F88C +2F88D;5EB6;5EB6;5EB6;5EB6; # (ð¯¢ð¯¢; 庶; 庶; 庶; 庶; ) CJK COMPATIBILITY IDEOGRAPH-2F88D +2F88E;5ECA;5ECA;5ECA;5ECA; # (廊廊; 廊; 廊; 廊; 廊; ) CJK COMPATIBILITY IDEOGRAPH-2F88E +2F88F;2A392;2A392;2A392;2A392; # (ð¯¢ð¯¢; 𪎒𪎒; 𪎒𪎒; 𪎒𪎒; 𪎒𪎒; ) CJK COMPATIBILITY IDEOGRAPH-2F88F +2F890;5EFE;5EFE;5EFE;5EFE; # (ð¯¢ð¯¢; 廾; 廾; 廾; 廾; ) CJK COMPATIBILITY IDEOGRAPH-2F890 +2F891;22331;22331;22331;22331; # (𢌱𢌱; 𢌱𢌱; 𢌱𢌱; 𢌱𢌱; 𢌱𢌱; ) CJK COMPATIBILITY IDEOGRAPH-2F891 +2F892;22331;22331;22331;22331; # (𢌱𢌱; 𢌱𢌱; 𢌱𢌱; 𢌱𢌱; 𢌱𢌱; ) CJK COMPATIBILITY IDEOGRAPH-2F892 +2F893;8201;8201;8201;8201; # (舁舁; èˆ; èˆ; èˆ; èˆ; ) CJK COMPATIBILITY IDEOGRAPH-2F893 +2F894;5F22;5F22;5F22;5F22; # (弢弢; å¼¢; å¼¢; å¼¢; å¼¢; ) CJK COMPATIBILITY IDEOGRAPH-2F894 +2F895;5F22;5F22;5F22;5F22; # (弢弢; å¼¢; å¼¢; å¼¢; å¼¢; ) CJK COMPATIBILITY IDEOGRAPH-2F895 +2F896;38C7;38C7;38C7;38C7; # (㣇㣇; 㣇; 㣇; 㣇; 㣇; ) CJK COMPATIBILITY IDEOGRAPH-2F896 +2F897;232B8;232B8;232B8;232B8; # (𣊸𣊸; 𣊸𣊸; 𣊸𣊸; 𣊸𣊸; 𣊸𣊸; ) CJK COMPATIBILITY IDEOGRAPH-2F897 +2F898;261DA;261DA;261DA;261DA; # (𦇚𦇚; 𦇚𦇚; 𦇚𦇚; 𦇚𦇚; 𦇚𦇚; ) CJK COMPATIBILITY IDEOGRAPH-2F898 +2F899;5F62;5F62;5F62;5F62; # (形形; å½¢; å½¢; å½¢; å½¢; ) CJK COMPATIBILITY IDEOGRAPH-2F899 +2F89A;5F6B;5F6B;5F6B;5F6B; # (彫彫; 彫; 彫; 彫; 彫; ) CJK COMPATIBILITY IDEOGRAPH-2F89A +2F89B;38E3;38E3;38E3;38E3; # (㣣㣣; 㣣; 㣣; 㣣; 㣣; ) CJK COMPATIBILITY IDEOGRAPH-2F89B +2F89C;5F9A;5F9A;5F9A;5F9A; # (徚徚; 徚; 徚; 徚; 徚; ) CJK COMPATIBILITY IDEOGRAPH-2F89C +2F89D;5FCD;5FCD;5FCD;5FCD; # (ð¯¢ð¯¢; å¿; å¿; å¿; å¿; ) CJK COMPATIBILITY IDEOGRAPH-2F89D +2F89E;5FD7;5FD7;5FD7;5FD7; # (志志; å¿—; å¿—; å¿—; å¿—; ) CJK COMPATIBILITY IDEOGRAPH-2F89E +2F89F;5FF9;5FF9;5FF9;5FF9; # (忹忹; 忹; 忹; 忹; 忹; ) CJK COMPATIBILITY IDEOGRAPH-2F89F +2F8A0;6081;6081;6081;6081; # (悁悁; æ‚; æ‚; æ‚; æ‚; ) CJK COMPATIBILITY IDEOGRAPH-2F8A0 +2F8A1;393A;393A;393A;393A; # (㤺㤺; 㤺; 㤺; 㤺; 㤺; ) CJK COMPATIBILITY IDEOGRAPH-2F8A1 +2F8A2;391C;391C;391C;391C; # (㤜㤜; 㤜; 㤜; 㤜; 㤜; ) CJK COMPATIBILITY IDEOGRAPH-2F8A2 +2F8A3;6094;6094;6094;6094; # (悔悔; æ‚”; æ‚”; æ‚”; æ‚”; ) CJK COMPATIBILITY IDEOGRAPH-2F8A3 +2F8A4;226D4;226D4;226D4;226D4; # (𢛔𢛔; 𢛔𢛔; 𢛔𢛔; 𢛔𢛔; 𢛔𢛔; ) CJK COMPATIBILITY IDEOGRAPH-2F8A4 +2F8A5;60C7;60C7;60C7;60C7; # (惇惇; 惇; 惇; 惇; 惇; ) CJK COMPATIBILITY IDEOGRAPH-2F8A5 +2F8A6;6148;6148;6148;6148; # (慈慈; æ…ˆ; æ…ˆ; æ…ˆ; æ…ˆ; ) CJK COMPATIBILITY IDEOGRAPH-2F8A6 +2F8A7;614C;614C;614C;614C; # (慌慌; æ…Œ; æ…Œ; æ…Œ; æ…Œ; ) CJK COMPATIBILITY IDEOGRAPH-2F8A7 +2F8A8;614E;614E;614E;614E; # (慎慎; æ…Ž; æ…Ž; æ…Ž; æ…Ž; ) CJK COMPATIBILITY IDEOGRAPH-2F8A8 +2F8A9;614C;614C;614C;614C; # (慌慌; æ…Œ; æ…Œ; æ…Œ; æ…Œ; ) CJK COMPATIBILITY IDEOGRAPH-2F8A9 +2F8AA;617A;617A;617A;617A; # (慺慺; æ…º; æ…º; æ…º; æ…º; ) CJK COMPATIBILITY IDEOGRAPH-2F8AA +2F8AB;618E;618E;618E;618E; # (憎憎; 憎; 憎; 憎; 憎; ) CJK COMPATIBILITY IDEOGRAPH-2F8AB +2F8AC;61B2;61B2;61B2;61B2; # (憲憲; 憲; 憲; 憲; 憲; ) CJK COMPATIBILITY IDEOGRAPH-2F8AC +2F8AD;61A4;61A4;61A4;61A4; # (憤憤; 憤; 憤; 憤; 憤; ) CJK COMPATIBILITY IDEOGRAPH-2F8AD +2F8AE;61AF;61AF;61AF;61AF; # (憯憯; 憯; 憯; 憯; 憯; ) CJK COMPATIBILITY IDEOGRAPH-2F8AE +2F8AF;61DE;61DE;61DE;61DE; # (懞懞; 懞; 懞; 懞; 懞; ) CJK COMPATIBILITY IDEOGRAPH-2F8AF +2F8B0;61F2;61F2;61F2;61F2; # (懲懲; 懲; 懲; 懲; 懲; ) CJK COMPATIBILITY IDEOGRAPH-2F8B0 +2F8B1;61F6;61F6;61F6;61F6; # (懶懶; 懶; 懶; 懶; 懶; ) CJK COMPATIBILITY IDEOGRAPH-2F8B1 +2F8B2;6210;6210;6210;6210; # (成成; æˆ; æˆ; æˆ; æˆ; ) CJK COMPATIBILITY IDEOGRAPH-2F8B2 +2F8B3;621B;621B;621B;621B; # (戛戛; 戛; 戛; 戛; 戛; ) CJK COMPATIBILITY IDEOGRAPH-2F8B3 +2F8B4;625D;625D;625D;625D; # (扝扝; æ‰; æ‰; æ‰; æ‰; ) CJK COMPATIBILITY IDEOGRAPH-2F8B4 +2F8B5;62B1;62B1;62B1;62B1; # (抱抱; 抱; 抱; 抱; 抱; ) CJK COMPATIBILITY IDEOGRAPH-2F8B5 +2F8B6;62D4;62D4;62D4;62D4; # (拔拔; æ‹”; æ‹”; æ‹”; æ‹”; ) CJK COMPATIBILITY IDEOGRAPH-2F8B6 +2F8B7;6350;6350;6350;6350; # (捐捐; æ; æ; æ; æ; ) CJK COMPATIBILITY IDEOGRAPH-2F8B7 +2F8B8;22B0C;22B0C;22B0C;22B0C; # (𢬌𢬌; 𢬌𢬌; 𢬌𢬌; 𢬌𢬌; 𢬌𢬌; ) CJK COMPATIBILITY IDEOGRAPH-2F8B8 +2F8B9;633D;633D;633D;633D; # (挽挽; 挽; 挽; 挽; 挽; ) CJK COMPATIBILITY IDEOGRAPH-2F8B9 +2F8BA;62FC;62FC;62FC;62FC; # (拼拼; 拼; 拼; 拼; 拼; ) CJK COMPATIBILITY IDEOGRAPH-2F8BA +2F8BB;6368;6368;6368;6368; # (捨捨; æ¨; æ¨; æ¨; æ¨; ) CJK COMPATIBILITY IDEOGRAPH-2F8BB +2F8BC;6383;6383;6383;6383; # (掃掃; 掃; 掃; 掃; 掃; ) CJK COMPATIBILITY IDEOGRAPH-2F8BC +2F8BD;63E4;63E4;63E4;63E4; # (揤揤; æ¤; æ¤; æ¤; æ¤; ) CJK COMPATIBILITY IDEOGRAPH-2F8BD +2F8BE;22BF1;22BF1;22BF1;22BF1; # (𢯱𢯱; 𢯱𢯱; 𢯱𢯱; 𢯱𢯱; 𢯱𢯱; ) CJK COMPATIBILITY IDEOGRAPH-2F8BE +2F8BF;6422;6422;6422;6422; # (搢搢; æ¢; æ¢; æ¢; æ¢; ) CJK COMPATIBILITY IDEOGRAPH-2F8BF +2F8C0;63C5;63C5;63C5;63C5; # (揅揅; æ…; æ…; æ…; æ…; ) CJK COMPATIBILITY IDEOGRAPH-2F8C0 +2F8C1;63A9;63A9;63A9;63A9; # (ð¯£ð¯£; 掩; 掩; 掩; 掩; ) CJK COMPATIBILITY IDEOGRAPH-2F8C1 +2F8C2;3A2E;3A2E;3A2E;3A2E; # (㨮㨮; 㨮; 㨮; 㨮; 㨮; ) CJK COMPATIBILITY IDEOGRAPH-2F8C2 +2F8C3;6469;6469;6469;6469; # (摩摩; æ‘©; æ‘©; æ‘©; æ‘©; ) CJK COMPATIBILITY IDEOGRAPH-2F8C3 +2F8C4;647E;647E;647E;647E; # (摾摾; 摾; 摾; 摾; 摾; ) CJK COMPATIBILITY IDEOGRAPH-2F8C4 +2F8C5;649D;649D;649D;649D; # (撝撝; æ’; æ’; æ’; æ’; ) CJK COMPATIBILITY IDEOGRAPH-2F8C5 +2F8C6;6477;6477;6477;6477; # (摷摷; æ‘·; æ‘·; æ‘·; æ‘·; ) CJK COMPATIBILITY IDEOGRAPH-2F8C6 +2F8C7;3A6C;3A6C;3A6C;3A6C; # (㩬㩬; 㩬; 㩬; 㩬; 㩬; ) CJK COMPATIBILITY IDEOGRAPH-2F8C7 +2F8C8;654F;654F;654F;654F; # (敏敏; æ•; æ•; æ•; æ•; ) CJK COMPATIBILITY IDEOGRAPH-2F8C8 +2F8C9;656C;656C;656C;656C; # (敬敬; 敬; 敬; 敬; 敬; ) CJK COMPATIBILITY IDEOGRAPH-2F8C9 +2F8CA;2300A;2300A;2300A;2300A; # (𣀊𣀊; 𣀊𣀊; 𣀊𣀊; 𣀊𣀊; 𣀊𣀊; ) CJK COMPATIBILITY IDEOGRAPH-2F8CA +2F8CB;65E3;65E3;65E3;65E3; # (旣旣; æ—£; æ—£; æ—£; æ—£; ) CJK COMPATIBILITY IDEOGRAPH-2F8CB +2F8CC;66F8;66F8;66F8;66F8; # (書書; 書; 書; 書; 書; ) CJK COMPATIBILITY IDEOGRAPH-2F8CC +2F8CD;6649;6649;6649;6649; # (ð¯£ð¯£; 晉; 晉; 晉; 晉; ) CJK COMPATIBILITY IDEOGRAPH-2F8CD +2F8CE;3B19;3B19;3B19;3B19; # (㬙㬙; 㬙; 㬙; 㬙; 㬙; ) CJK COMPATIBILITY IDEOGRAPH-2F8CE +2F8CF;6691;6691;6691;6691; # (ð¯£ð¯£; æš‘; æš‘; æš‘; æš‘; ) CJK COMPATIBILITY IDEOGRAPH-2F8CF +2F8D0;3B08;3B08;3B08;3B08; # (ð¯£ð¯£; 㬈; 㬈; 㬈; 㬈; ) CJK COMPATIBILITY IDEOGRAPH-2F8D0 +2F8D1;3AE4;3AE4;3AE4;3AE4; # (㫤㫤; 㫤; 㫤; 㫤; 㫤; ) CJK COMPATIBILITY IDEOGRAPH-2F8D1 +2F8D2;5192;5192;5192;5192; # (冒冒; 冒; 冒; 冒; 冒; ) CJK COMPATIBILITY IDEOGRAPH-2F8D2 +2F8D3;5195;5195;5195;5195; # (冕冕; 冕; 冕; 冕; 冕; ) CJK COMPATIBILITY IDEOGRAPH-2F8D3 +2F8D4;6700;6700;6700;6700; # (最最; 最; 最; 最; 最; ) CJK COMPATIBILITY IDEOGRAPH-2F8D4 +2F8D5;669C;669C;669C;669C; # (暜暜; æšœ; æšœ; æšœ; æšœ; ) CJK COMPATIBILITY IDEOGRAPH-2F8D5 +2F8D6;80AD;80AD;80AD;80AD; # (肭肭; è‚­; è‚­; è‚­; è‚­; ) CJK COMPATIBILITY IDEOGRAPH-2F8D6 +2F8D7;43D9;43D9;43D9;43D9; # (䏙䏙; ä™; ä™; ä™; ä™; ) CJK COMPATIBILITY IDEOGRAPH-2F8D7 +2F8D8;6717;6717;6717;6717; # (朗朗; 朗; 朗; 朗; 朗; ) CJK COMPATIBILITY IDEOGRAPH-2F8D8 +2F8D9;671B;671B;671B;671B; # (望望; 望; 望; 望; 望; ) CJK COMPATIBILITY IDEOGRAPH-2F8D9 +2F8DA;6721;6721;6721;6721; # (朡朡; 朡; 朡; 朡; 朡; ) CJK COMPATIBILITY IDEOGRAPH-2F8DA +2F8DB;675E;675E;675E;675E; # (杞杞; æž; æž; æž; æž; ) CJK COMPATIBILITY IDEOGRAPH-2F8DB +2F8DC;6753;6753;6753;6753; # (杓杓; æ“; æ“; æ“; æ“; ) CJK COMPATIBILITY IDEOGRAPH-2F8DC +2F8DD;233C3;233C3;233C3;233C3; # (ð¯£ð¯£; ð£ƒð£ƒ; ð£ƒð£ƒ; ð£ƒð£ƒ; ð£ƒð£ƒ; ) CJK COMPATIBILITY IDEOGRAPH-2F8DD +2F8DE;3B49;3B49;3B49;3B49; # (㭉㭉; ã­‰; ã­‰; ã­‰; ã­‰; ) CJK COMPATIBILITY IDEOGRAPH-2F8DE +2F8DF;67FA;67FA;67FA;67FA; # (柺柺; 柺; 柺; 柺; 柺; ) CJK COMPATIBILITY IDEOGRAPH-2F8DF +2F8E0;6785;6785;6785;6785; # (枅枅; æž…; æž…; æž…; æž…; ) CJK COMPATIBILITY IDEOGRAPH-2F8E0 +2F8E1;6852;6852;6852;6852; # (桒桒; æ¡’; æ¡’; æ¡’; æ¡’; ) CJK COMPATIBILITY IDEOGRAPH-2F8E1 +2F8E2;6885;6885;6885;6885; # (梅梅; 梅; 梅; 梅; 梅; ) CJK COMPATIBILITY IDEOGRAPH-2F8E2 +2F8E3;2346D;2346D;2346D;2346D; # (𣑭𣑭; 𣑭𣑭; 𣑭𣑭; 𣑭𣑭; 𣑭𣑭; ) CJK COMPATIBILITY IDEOGRAPH-2F8E3 +2F8E4;688E;688E;688E;688E; # (梎梎; 梎; 梎; 梎; 梎; ) CJK COMPATIBILITY IDEOGRAPH-2F8E4 +2F8E5;681F;681F;681F;681F; # (栟栟; æ Ÿ; æ Ÿ; æ Ÿ; æ Ÿ; ) CJK COMPATIBILITY IDEOGRAPH-2F8E5 +2F8E6;6914;6914;6914;6914; # (椔椔; 椔; 椔; 椔; 椔; ) CJK COMPATIBILITY IDEOGRAPH-2F8E6 +2F8E7;3B9D;3B9D;3B9D;3B9D; # (㮝㮝; ã®; ã®; ã®; ã®; ) CJK COMPATIBILITY IDEOGRAPH-2F8E7 +2F8E8;6942;6942;6942;6942; # (楂楂; 楂; 楂; 楂; 楂; ) CJK COMPATIBILITY IDEOGRAPH-2F8E8 +2F8E9;69A3;69A3;69A3;69A3; # (榣榣; 榣; 榣; 榣; 榣; ) CJK COMPATIBILITY IDEOGRAPH-2F8E9 +2F8EA;69EA;69EA;69EA;69EA; # (槪槪; 槪; 槪; 槪; 槪; ) CJK COMPATIBILITY IDEOGRAPH-2F8EA +2F8EB;6AA8;6AA8;6AA8;6AA8; # (檨檨; 檨; 檨; 檨; 檨; ) CJK COMPATIBILITY IDEOGRAPH-2F8EB +2F8EC;236A3;236A3;236A3;236A3; # (𣚣𣚣; 𣚣𣚣; 𣚣𣚣; 𣚣𣚣; 𣚣𣚣; ) CJK COMPATIBILITY IDEOGRAPH-2F8EC +2F8ED;6ADB;6ADB;6ADB;6ADB; # (櫛櫛; æ«›; æ«›; æ«›; æ«›; ) CJK COMPATIBILITY IDEOGRAPH-2F8ED +2F8EE;3C18;3C18;3C18;3C18; # (㰘㰘; ã°˜; ã°˜; ã°˜; ã°˜; ) CJK COMPATIBILITY IDEOGRAPH-2F8EE +2F8EF;6B21;6B21;6B21;6B21; # (次次; 次; 次; 次; 次; ) CJK COMPATIBILITY IDEOGRAPH-2F8EF +2F8F0;238A7;238A7;238A7;238A7; # (𣢧𣢧; 𣢧𣢧; 𣢧𣢧; 𣢧𣢧; 𣢧𣢧; ) CJK COMPATIBILITY IDEOGRAPH-2F8F0 +2F8F1;6B54;6B54;6B54;6B54; # (歔歔; æ­”; æ­”; æ­”; æ­”; ) CJK COMPATIBILITY IDEOGRAPH-2F8F1 +2F8F2;3C4E;3C4E;3C4E;3C4E; # (㱎㱎; 㱎; 㱎; 㱎; 㱎; ) CJK COMPATIBILITY IDEOGRAPH-2F8F2 +2F8F3;6B72;6B72;6B72;6B72; # (歲歲; æ­²; æ­²; æ­²; æ­²; ) CJK COMPATIBILITY IDEOGRAPH-2F8F3 +2F8F4;6B9F;6B9F;6B9F;6B9F; # (殟殟; 殟; 殟; 殟; 殟; ) CJK COMPATIBILITY IDEOGRAPH-2F8F4 +2F8F5;6BBA;6BBA;6BBA;6BBA; # (殺殺; 殺; 殺; 殺; 殺; ) CJK COMPATIBILITY IDEOGRAPH-2F8F5 +2F8F6;6BBB;6BBB;6BBB;6BBB; # (殻殻; æ®»; æ®»; æ®»; æ®»; ) CJK COMPATIBILITY IDEOGRAPH-2F8F6 +2F8F7;23A8D;23A8D;23A8D;23A8D; # (𣪍𣪍; ð£ªð£ª; ð£ªð£ª; ð£ªð£ª; ð£ªð£ª; ) CJK COMPATIBILITY IDEOGRAPH-2F8F7 +2F8F8;21D0B;21D0B;21D0B;21D0B; # (𡴋𡴋; ð¡´‹ð¡´‹; ð¡´‹ð¡´‹; ð¡´‹ð¡´‹; ð¡´‹ð¡´‹; ) CJK COMPATIBILITY IDEOGRAPH-2F8F8 +2F8F9;23AFA;23AFA;23AFA;23AFA; # (𣫺𣫺; 𣫺𣫺; 𣫺𣫺; 𣫺𣫺; 𣫺𣫺; ) CJK COMPATIBILITY IDEOGRAPH-2F8F9 +2F8FA;6C4E;6C4E;6C4E;6C4E; # (汎汎; 汎; 汎; 汎; 汎; ) CJK COMPATIBILITY IDEOGRAPH-2F8FA +2F8FB;23CBC;23CBC;23CBC;23CBC; # (𣲼𣲼; 𣲼𣲼; 𣲼𣲼; 𣲼𣲼; 𣲼𣲼; ) CJK COMPATIBILITY IDEOGRAPH-2F8FB +2F8FC;6CBF;6CBF;6CBF;6CBF; # (沿沿; 沿; 沿; 沿; 沿; ) CJK COMPATIBILITY IDEOGRAPH-2F8FC +2F8FD;6CCD;6CCD;6CCD;6CCD; # (泍泍; æ³; æ³; æ³; æ³; ) CJK COMPATIBILITY IDEOGRAPH-2F8FD +2F8FE;6C67;6C67;6C67;6C67; # (汧汧; 汧; 汧; 汧; 汧; ) CJK COMPATIBILITY IDEOGRAPH-2F8FE +2F8FF;6D16;6D16;6D16;6D16; # (洖洖; æ´–; æ´–; æ´–; æ´–; ) CJK COMPATIBILITY IDEOGRAPH-2F8FF +2F900;6D3E;6D3E;6D3E;6D3E; # (派派; æ´¾; æ´¾; æ´¾; æ´¾; ) CJK COMPATIBILITY IDEOGRAPH-2F900 +2F901;6D77;6D77;6D77;6D77; # (ð¯¤ð¯¤; æµ·; æµ·; æµ·; æµ·; ) CJK COMPATIBILITY IDEOGRAPH-2F901 +2F902;6D41;6D41;6D41;6D41; # (流流; æµ; æµ; æµ; æµ; ) CJK COMPATIBILITY IDEOGRAPH-2F902 +2F903;6D69;6D69;6D69;6D69; # (浩浩; 浩; 浩; 浩; 浩; ) CJK COMPATIBILITY IDEOGRAPH-2F903 +2F904;6D78;6D78;6D78;6D78; # (浸浸; 浸; 浸; 浸; 浸; ) CJK COMPATIBILITY IDEOGRAPH-2F904 +2F905;6D85;6D85;6D85;6D85; # (涅涅; 涅; 涅; 涅; 涅; ) CJK COMPATIBILITY IDEOGRAPH-2F905 +2F906;23D1E;23D1E;23D1E;23D1E; # (𣴞𣴞; 𣴞𣴞; 𣴞𣴞; 𣴞𣴞; 𣴞𣴞; ) CJK COMPATIBILITY IDEOGRAPH-2F906 +2F907;6D34;6D34;6D34;6D34; # (洴洴; æ´´; æ´´; æ´´; æ´´; ) CJK COMPATIBILITY IDEOGRAPH-2F907 +2F908;6E2F;6E2F;6E2F;6E2F; # (港港; 港; 港; 港; 港; ) CJK COMPATIBILITY IDEOGRAPH-2F908 +2F909;6E6E;6E6E;6E6E;6E6E; # (湮湮; æ¹®; æ¹®; æ¹®; æ¹®; ) CJK COMPATIBILITY IDEOGRAPH-2F909 +2F90A;3D33;3D33;3D33;3D33; # (㴳㴳; ã´³; ã´³; ã´³; ã´³; ) CJK COMPATIBILITY IDEOGRAPH-2F90A +2F90B;6ECB;6ECB;6ECB;6ECB; # (滋滋; 滋; 滋; 滋; 滋; ) CJK COMPATIBILITY IDEOGRAPH-2F90B +2F90C;6EC7;6EC7;6EC7;6EC7; # (滇滇; 滇; 滇; 滇; 滇; ) CJK COMPATIBILITY IDEOGRAPH-2F90C +2F90D;23ED1;23ED1;23ED1;23ED1; # (ð¯¤ð¯¤; 𣻑𣻑; 𣻑𣻑; 𣻑𣻑; 𣻑𣻑; ) CJK COMPATIBILITY IDEOGRAPH-2F90D +2F90E;6DF9;6DF9;6DF9;6DF9; # (淹淹; æ·¹; æ·¹; æ·¹; æ·¹; ) CJK COMPATIBILITY IDEOGRAPH-2F90E +2F90F;6F6E;6F6E;6F6E;6F6E; # (ð¯¤ð¯¤; æ½®; æ½®; æ½®; æ½®; ) CJK COMPATIBILITY IDEOGRAPH-2F90F +2F910;23F5E;23F5E;23F5E;23F5E; # (ð¯¤ð¯¤; 𣽞𣽞; 𣽞𣽞; 𣽞𣽞; 𣽞𣽞; ) CJK COMPATIBILITY IDEOGRAPH-2F910 +2F911;23F8E;23F8E;23F8E;23F8E; # (𣾎𣾎; 𣾎𣾎; 𣾎𣾎; 𣾎𣾎; 𣾎𣾎; ) CJK COMPATIBILITY IDEOGRAPH-2F911 +2F912;6FC6;6FC6;6FC6;6FC6; # (濆濆; 濆; 濆; 濆; 濆; ) CJK COMPATIBILITY IDEOGRAPH-2F912 +2F913;7039;7039;7039;7039; # (瀹瀹; 瀹; 瀹; 瀹; 瀹; ) CJK COMPATIBILITY IDEOGRAPH-2F913 +2F914;701E;701E;701E;701E; # (瀞瀞; 瀞; 瀞; 瀞; 瀞; ) CJK COMPATIBILITY IDEOGRAPH-2F914 +2F915;701B;701B;701B;701B; # (瀛瀛; 瀛; 瀛; 瀛; 瀛; ) CJK COMPATIBILITY IDEOGRAPH-2F915 +2F916;3D96;3D96;3D96;3D96; # (㶖㶖; 㶖; 㶖; 㶖; 㶖; ) CJK COMPATIBILITY IDEOGRAPH-2F916 +2F917;704A;704A;704A;704A; # (灊灊; çŠ; çŠ; çŠ; çŠ; ) CJK COMPATIBILITY IDEOGRAPH-2F917 +2F918;707D;707D;707D;707D; # (災災; ç½; ç½; ç½; ç½; ) CJK COMPATIBILITY IDEOGRAPH-2F918 +2F919;7077;7077;7077;7077; # (灷灷; ç·; ç·; ç·; ç·; ) CJK COMPATIBILITY IDEOGRAPH-2F919 +2F91A;70AD;70AD;70AD;70AD; # (炭炭; ç‚­; ç‚­; ç‚­; ç‚­; ) CJK COMPATIBILITY IDEOGRAPH-2F91A +2F91B;20525;20525;20525;20525; # (𠔥𠔥; 𠔥𠔥; 𠔥𠔥; 𠔥𠔥; 𠔥𠔥; ) CJK COMPATIBILITY IDEOGRAPH-2F91B +2F91C;7145;7145;7145;7145; # (煅煅; ç……; ç……; ç……; ç……; ) CJK COMPATIBILITY IDEOGRAPH-2F91C +2F91D;24263;24263;24263;24263; # (ð¯¤ð¯¤; 𤉣𤉣; 𤉣𤉣; 𤉣𤉣; 𤉣𤉣; ) CJK COMPATIBILITY IDEOGRAPH-2F91D +2F91E;719C;719C;719C;719C; # (熜熜; 熜; 熜; 熜; 熜; ) CJK COMPATIBILITY IDEOGRAPH-2F91E +2F91F;243AB;243AB;243AB;243AB; # (𤎫𤎫; 𤎫𤎫; 𤎫𤎫; 𤎫𤎫; 𤎫𤎫; ) CJK COMPATIBILITY IDEOGRAPH-2F91F +2F920;7228;7228;7228;7228; # (爨爨; 爨; 爨; 爨; 爨; ) CJK COMPATIBILITY IDEOGRAPH-2F920 +2F921;7235;7235;7235;7235; # (爵爵; 爵; 爵; 爵; 爵; ) CJK COMPATIBILITY IDEOGRAPH-2F921 +2F922;7250;7250;7250;7250; # (牐牐; ç‰; ç‰; ç‰; ç‰; ) CJK COMPATIBILITY IDEOGRAPH-2F922 +2F923;24608;24608;24608;24608; # (𤘈𤘈; 𤘈𤘈; 𤘈𤘈; 𤘈𤘈; 𤘈𤘈; ) CJK COMPATIBILITY IDEOGRAPH-2F923 +2F924;7280;7280;7280;7280; # (犀犀; 犀; 犀; 犀; 犀; ) CJK COMPATIBILITY IDEOGRAPH-2F924 +2F925;7295;7295;7295;7295; # (犕犕; 犕; 犕; 犕; 犕; ) CJK COMPATIBILITY IDEOGRAPH-2F925 +2F926;24735;24735;24735;24735; # (𤜵𤜵; 𤜵𤜵; 𤜵𤜵; 𤜵𤜵; 𤜵𤜵; ) CJK COMPATIBILITY IDEOGRAPH-2F926 +2F927;24814;24814;24814;24814; # (𤠔𤠔; 𤠔𤠔; 𤠔𤠔; 𤠔𤠔; 𤠔𤠔; ) CJK COMPATIBILITY IDEOGRAPH-2F927 +2F928;737A;737A;737A;737A; # (獺獺; çº; çº; çº; çº; ) CJK COMPATIBILITY IDEOGRAPH-2F928 +2F929;738B;738B;738B;738B; # (王王; 王; 王; 王; 王; ) CJK COMPATIBILITY IDEOGRAPH-2F929 +2F92A;3EAC;3EAC;3EAC;3EAC; # (㺬㺬; 㺬; 㺬; 㺬; 㺬; ) CJK COMPATIBILITY IDEOGRAPH-2F92A +2F92B;73A5;73A5;73A5;73A5; # (玥玥; 玥; 玥; 玥; 玥; ) CJK COMPATIBILITY IDEOGRAPH-2F92B +2F92C;3EB8;3EB8;3EB8;3EB8; # (㺸㺸; 㺸; 㺸; 㺸; 㺸; ) CJK COMPATIBILITY IDEOGRAPH-2F92C +2F92D;3EB8;3EB8;3EB8;3EB8; # (㺸㺸; 㺸; 㺸; 㺸; 㺸; ) CJK COMPATIBILITY IDEOGRAPH-2F92D +2F92E;7447;7447;7447;7447; # (瑇瑇; 瑇; 瑇; 瑇; 瑇; ) CJK COMPATIBILITY IDEOGRAPH-2F92E +2F92F;745C;745C;745C;745C; # (瑜瑜; ç‘œ; ç‘œ; ç‘œ; ç‘œ; ) CJK COMPATIBILITY IDEOGRAPH-2F92F +2F930;7471;7471;7471;7471; # (瑱瑱; 瑱; 瑱; 瑱; 瑱; ) CJK COMPATIBILITY IDEOGRAPH-2F930 +2F931;7485;7485;7485;7485; # (璅璅; ç’…; ç’…; ç’…; ç’…; ) CJK COMPATIBILITY IDEOGRAPH-2F931 +2F932;74CA;74CA;74CA;74CA; # (瓊瓊; ç“Š; ç“Š; ç“Š; ç“Š; ) CJK COMPATIBILITY IDEOGRAPH-2F932 +2F933;3F1B;3F1B;3F1B;3F1B; # (㼛㼛; ã¼›; ã¼›; ã¼›; ã¼›; ) CJK COMPATIBILITY IDEOGRAPH-2F933 +2F934;7524;7524;7524;7524; # (甤甤; 甤; 甤; 甤; 甤; ) CJK COMPATIBILITY IDEOGRAPH-2F934 +2F935;24C36;24C36;24C36;24C36; # (𤰶𤰶; 𤰶𤰶; 𤰶𤰶; 𤰶𤰶; 𤰶𤰶; ) CJK COMPATIBILITY IDEOGRAPH-2F935 +2F936;753E;753E;753E;753E; # (甾甾; 甾; 甾; 甾; 甾; ) CJK COMPATIBILITY IDEOGRAPH-2F936 +2F937;24C92;24C92;24C92;24C92; # (𤲒𤲒; 𤲒𤲒; 𤲒𤲒; 𤲒𤲒; 𤲒𤲒; ) CJK COMPATIBILITY IDEOGRAPH-2F937 +2F938;7570;7570;7570;7570; # (異異; ç•°; ç•°; ç•°; ç•°; ) CJK COMPATIBILITY IDEOGRAPH-2F938 +2F939;2219F;2219F;2219F;2219F; # (𢆟𢆟; 𢆟𢆟; 𢆟𢆟; 𢆟𢆟; 𢆟𢆟; ) CJK COMPATIBILITY IDEOGRAPH-2F939 +2F93A;7610;7610;7610;7610; # (瘐瘐; ç˜; ç˜; ç˜; ç˜; ) CJK COMPATIBILITY IDEOGRAPH-2F93A +2F93B;24FA1;24FA1;24FA1;24FA1; # (𤾡𤾡; 𤾡𤾡; 𤾡𤾡; 𤾡𤾡; 𤾡𤾡; ) CJK COMPATIBILITY IDEOGRAPH-2F93B +2F93C;24FB8;24FB8;24FB8;24FB8; # (𤾸𤾸; 𤾸𤾸; 𤾸𤾸; 𤾸𤾸; 𤾸𤾸; ) CJK COMPATIBILITY IDEOGRAPH-2F93C +2F93D;25044;25044;25044;25044; # (𥁄𥁄; ð¥„ð¥„; ð¥„ð¥„; ð¥„ð¥„; ð¥„ð¥„; ) CJK COMPATIBILITY IDEOGRAPH-2F93D +2F93E;3FFC;3FFC;3FFC;3FFC; # (㿼㿼; 㿼; 㿼; 㿼; 㿼; ) CJK COMPATIBILITY IDEOGRAPH-2F93E +2F93F;4008;4008;4008;4008; # (䀈䀈; 䀈; 䀈; 䀈; 䀈; ) CJK COMPATIBILITY IDEOGRAPH-2F93F +2F940;76F4;76F4;76F4;76F4; # (直直; ç›´; ç›´; ç›´; ç›´; ) CJK COMPATIBILITY IDEOGRAPH-2F940 +2F941;250F3;250F3;250F3;250F3; # (ð¯¥ð¯¥; 𥃳𥃳; 𥃳𥃳; 𥃳𥃳; 𥃳𥃳; ) CJK COMPATIBILITY IDEOGRAPH-2F941 +2F942;250F2;250F2;250F2;250F2; # (𥃲𥃲; 𥃲𥃲; 𥃲𥃲; 𥃲𥃲; 𥃲𥃲; ) CJK COMPATIBILITY IDEOGRAPH-2F942 +2F943;25119;25119;25119;25119; # (𥄙𥄙; 𥄙𥄙; 𥄙𥄙; 𥄙𥄙; 𥄙𥄙; ) CJK COMPATIBILITY IDEOGRAPH-2F943 +2F944;25133;25133;25133;25133; # (𥄳𥄳; 𥄳𥄳; 𥄳𥄳; 𥄳𥄳; 𥄳𥄳; ) CJK COMPATIBILITY IDEOGRAPH-2F944 +2F945;771E;771E;771E;771E; # (眞眞; 眞; 眞; 眞; 眞; ) CJK COMPATIBILITY IDEOGRAPH-2F945 +2F946;771F;771F;771F;771F; # (真真; 真; 真; 真; 真; ) CJK COMPATIBILITY IDEOGRAPH-2F946 +2F947;771F;771F;771F;771F; # (真真; 真; 真; 真; 真; ) CJK COMPATIBILITY IDEOGRAPH-2F947 +2F948;774A;774A;774A;774A; # (睊睊; çŠ; çŠ; çŠ; çŠ; ) CJK COMPATIBILITY IDEOGRAPH-2F948 +2F949;4039;4039;4039;4039; # (䀹䀹; 䀹; 䀹; 䀹; 䀹; ) CJK COMPATIBILITY IDEOGRAPH-2F949 +2F94A;778B;778B;778B;778B; # (瞋瞋; çž‹; çž‹; çž‹; çž‹; ) CJK COMPATIBILITY IDEOGRAPH-2F94A +2F94B;4046;4046;4046;4046; # (䁆䁆; ä†; ä†; ä†; ä†; ) CJK COMPATIBILITY IDEOGRAPH-2F94B +2F94C;4096;4096;4096;4096; # (䂖䂖; ä‚–; ä‚–; ä‚–; ä‚–; ) CJK COMPATIBILITY IDEOGRAPH-2F94C +2F94D;2541D;2541D;2541D;2541D; # (ð¯¥ð¯¥; ð¥ð¥; ð¥ð¥; ð¥ð¥; ð¥ð¥; ) CJK COMPATIBILITY IDEOGRAPH-2F94D +2F94E;784E;784E;784E;784E; # (硎硎; ç¡Ž; ç¡Ž; ç¡Ž; ç¡Ž; ) CJK COMPATIBILITY IDEOGRAPH-2F94E +2F94F;788C;788C;788C;788C; # (ð¯¥ð¯¥; 碌; 碌; 碌; 碌; ) CJK COMPATIBILITY IDEOGRAPH-2F94F +2F950;78CC;78CC;78CC;78CC; # (ð¯¥ð¯¥; 磌; 磌; 磌; 磌; ) CJK COMPATIBILITY IDEOGRAPH-2F950 +2F951;40E3;40E3;40E3;40E3; # (䃣䃣; 䃣; 䃣; 䃣; 䃣; ) CJK COMPATIBILITY IDEOGRAPH-2F951 +2F952;25626;25626;25626;25626; # (𥘦𥘦; 𥘦𥘦; 𥘦𥘦; 𥘦𥘦; 𥘦𥘦; ) CJK COMPATIBILITY IDEOGRAPH-2F952 +2F953;7956;7956;7956;7956; # (祖祖; 祖; 祖; 祖; 祖; ) CJK COMPATIBILITY IDEOGRAPH-2F953 +2F954;2569A;2569A;2569A;2569A; # (𥚚𥚚; 𥚚𥚚; 𥚚𥚚; 𥚚𥚚; 𥚚𥚚; ) CJK COMPATIBILITY IDEOGRAPH-2F954 +2F955;256C5;256C5;256C5;256C5; # (𥛅𥛅; 𥛅𥛅; 𥛅𥛅; 𥛅𥛅; 𥛅𥛅; ) CJK COMPATIBILITY IDEOGRAPH-2F955 +2F956;798F;798F;798F;798F; # (福福; ç¦; ç¦; ç¦; ç¦; ) CJK COMPATIBILITY IDEOGRAPH-2F956 +2F957;79EB;79EB;79EB;79EB; # (秫秫; 秫; 秫; 秫; 秫; ) CJK COMPATIBILITY IDEOGRAPH-2F957 +2F958;412F;412F;412F;412F; # (䄯䄯; 䄯; 䄯; 䄯; 䄯; ) CJK COMPATIBILITY IDEOGRAPH-2F958 +2F959;7A40;7A40;7A40;7A40; # (穀穀; ç©€; ç©€; ç©€; ç©€; ) CJK COMPATIBILITY IDEOGRAPH-2F959 +2F95A;7A4A;7A4A;7A4A;7A4A; # (穊穊; ç©Š; ç©Š; ç©Š; ç©Š; ) CJK COMPATIBILITY IDEOGRAPH-2F95A +2F95B;7A4F;7A4F;7A4F;7A4F; # (穏穏; ç©; ç©; ç©; ç©; ) CJK COMPATIBILITY IDEOGRAPH-2F95B +2F95C;2597C;2597C;2597C;2597C; # (𥥼𥥼; 𥥼𥥼; 𥥼𥥼; 𥥼𥥼; 𥥼𥥼; ) CJK COMPATIBILITY IDEOGRAPH-2F95C +2F95D;25AA7;25AA7;25AA7;25AA7; # (ð¯¥ð¯¥; 𥪧𥪧; 𥪧𥪧; 𥪧𥪧; 𥪧𥪧; ) CJK COMPATIBILITY IDEOGRAPH-2F95D +2F95E;25AA7;25AA7;25AA7;25AA7; # (𥪧𥪧; 𥪧𥪧; 𥪧𥪧; 𥪧𥪧; 𥪧𥪧; ) CJK COMPATIBILITY IDEOGRAPH-2F95E +2F95F;7AEE;7AEE;7AEE;7AEE; # (竮竮; ç«®; ç«®; ç«®; ç«®; ) CJK COMPATIBILITY IDEOGRAPH-2F95F +2F960;4202;4202;4202;4202; # (䈂䈂; 䈂; 䈂; 䈂; 䈂; ) CJK COMPATIBILITY IDEOGRAPH-2F960 +2F961;25BAB;25BAB;25BAB;25BAB; # (𥮫𥮫; 𥮫𥮫; 𥮫𥮫; 𥮫𥮫; 𥮫𥮫; ) CJK COMPATIBILITY IDEOGRAPH-2F961 +2F962;7BC6;7BC6;7BC6;7BC6; # (篆篆; 篆; 篆; 篆; 篆; ) CJK COMPATIBILITY IDEOGRAPH-2F962 +2F963;7BC9;7BC9;7BC9;7BC9; # (築築; 築; 築; 築; 築; ) CJK COMPATIBILITY IDEOGRAPH-2F963 +2F964;4227;4227;4227;4227; # (䈧䈧; 䈧; 䈧; 䈧; 䈧; ) CJK COMPATIBILITY IDEOGRAPH-2F964 +2F965;25C80;25C80;25C80;25C80; # (𥲀𥲀; 𥲀𥲀; 𥲀𥲀; 𥲀𥲀; 𥲀𥲀; ) CJK COMPATIBILITY IDEOGRAPH-2F965 +2F966;7CD2;7CD2;7CD2;7CD2; # (糒糒; ç³’; ç³’; ç³’; ç³’; ) CJK COMPATIBILITY IDEOGRAPH-2F966 +2F967;42A0;42A0;42A0;42A0; # (䊠䊠; 䊠; 䊠; 䊠; 䊠; ) CJK COMPATIBILITY IDEOGRAPH-2F967 +2F968;7CE8;7CE8;7CE8;7CE8; # (糨糨; 糨; 糨; 糨; 糨; ) CJK COMPATIBILITY IDEOGRAPH-2F968 +2F969;7CE3;7CE3;7CE3;7CE3; # (糣糣; ç³£; ç³£; ç³£; ç³£; ) CJK COMPATIBILITY IDEOGRAPH-2F969 +2F96A;7D00;7D00;7D00;7D00; # (紀紀; ç´€; ç´€; ç´€; ç´€; ) CJK COMPATIBILITY IDEOGRAPH-2F96A +2F96B;25F86;25F86;25F86;25F86; # (𥾆𥾆; 𥾆𥾆; 𥾆𥾆; 𥾆𥾆; 𥾆𥾆; ) CJK COMPATIBILITY IDEOGRAPH-2F96B +2F96C;7D63;7D63;7D63;7D63; # (絣絣; çµ£; çµ£; çµ£; çµ£; ) CJK COMPATIBILITY IDEOGRAPH-2F96C +2F96D;4301;4301;4301;4301; # (䌁䌁; äŒ; äŒ; äŒ; äŒ; ) CJK COMPATIBILITY IDEOGRAPH-2F96D +2F96E;7DC7;7DC7;7DC7;7DC7; # (緇緇; ç·‡; ç·‡; ç·‡; ç·‡; ) CJK COMPATIBILITY IDEOGRAPH-2F96E +2F96F;7E02;7E02;7E02;7E02; # (縂縂; 縂; 縂; 縂; 縂; ) CJK COMPATIBILITY IDEOGRAPH-2F96F +2F970;7E45;7E45;7E45;7E45; # (繅繅; ç¹…; ç¹…; ç¹…; ç¹…; ) CJK COMPATIBILITY IDEOGRAPH-2F970 +2F971;4334;4334;4334;4334; # (䌴䌴; 䌴; 䌴; 䌴; 䌴; ) CJK COMPATIBILITY IDEOGRAPH-2F971 +2F972;26228;26228;26228;26228; # (𦈨𦈨; 𦈨𦈨; 𦈨𦈨; 𦈨𦈨; 𦈨𦈨; ) CJK COMPATIBILITY IDEOGRAPH-2F972 +2F973;26247;26247;26247;26247; # (𦉇𦉇; 𦉇𦉇; 𦉇𦉇; 𦉇𦉇; 𦉇𦉇; ) CJK COMPATIBILITY IDEOGRAPH-2F973 +2F974;4359;4359;4359;4359; # (䍙䍙; ä™; ä™; ä™; ä™; ) CJK COMPATIBILITY IDEOGRAPH-2F974 +2F975;262D9;262D9;262D9;262D9; # (𦋙𦋙; 𦋙𦋙; 𦋙𦋙; 𦋙𦋙; 𦋙𦋙; ) CJK COMPATIBILITY IDEOGRAPH-2F975 +2F976;7F7A;7F7A;7F7A;7F7A; # (罺罺; 罺; 罺; 罺; 罺; ) CJK COMPATIBILITY IDEOGRAPH-2F976 +2F977;2633E;2633E;2633E;2633E; # (𦌾𦌾; 𦌾𦌾; 𦌾𦌾; 𦌾𦌾; 𦌾𦌾; ) CJK COMPATIBILITY IDEOGRAPH-2F977 +2F978;7F95;7F95;7F95;7F95; # (羕羕; 羕; 羕; 羕; 羕; ) CJK COMPATIBILITY IDEOGRAPH-2F978 +2F979;7FFA;7FFA;7FFA;7FFA; # (翺翺; 翺; 翺; 翺; 翺; ) CJK COMPATIBILITY IDEOGRAPH-2F979 +2F97A;8005;8005;8005;8005; # (者者; 者; 者; 者; 者; ) CJK COMPATIBILITY IDEOGRAPH-2F97A +2F97B;264DA;264DA;264DA;264DA; # (𦓚𦓚; 𦓚𦓚; 𦓚𦓚; 𦓚𦓚; 𦓚𦓚; ) CJK COMPATIBILITY IDEOGRAPH-2F97B +2F97C;26523;26523;26523;26523; # (𦔣𦔣; 𦔣𦔣; 𦔣𦔣; 𦔣𦔣; 𦔣𦔣; ) CJK COMPATIBILITY IDEOGRAPH-2F97C +2F97D;8060;8060;8060;8060; # (聠聠; è ; è ; è ; è ; ) CJK COMPATIBILITY IDEOGRAPH-2F97D +2F97E;265A8;265A8;265A8;265A8; # (𦖨𦖨; 𦖨𦖨; 𦖨𦖨; 𦖨𦖨; 𦖨𦖨; ) CJK COMPATIBILITY IDEOGRAPH-2F97E +2F97F;8070;8070;8070;8070; # (聰聰; è°; è°; è°; è°; ) CJK COMPATIBILITY IDEOGRAPH-2F97F +2F980;2335F;2335F;2335F;2335F; # (𣍟𣍟; ð£Ÿð£Ÿ; ð£Ÿð£Ÿ; ð£Ÿð£Ÿ; ð£Ÿð£Ÿ; ) CJK COMPATIBILITY IDEOGRAPH-2F980 +2F981;43D5;43D5;43D5;43D5; # (ð¯¦ð¯¦; ä•; ä•; ä•; ä•; ) CJK COMPATIBILITY IDEOGRAPH-2F981 +2F982;80B2;80B2;80B2;80B2; # (育育; 育; 育; 育; 育; ) CJK COMPATIBILITY IDEOGRAPH-2F982 +2F983;8103;8103;8103;8103; # (脃脃; 脃; 脃; 脃; 脃; ) CJK COMPATIBILITY IDEOGRAPH-2F983 +2F984;440B;440B;440B;440B; # (䐋䐋; ä‹; ä‹; ä‹; ä‹; ) CJK COMPATIBILITY IDEOGRAPH-2F984 +2F985;813E;813E;813E;813E; # (脾脾; 脾; 脾; 脾; 脾; ) CJK COMPATIBILITY IDEOGRAPH-2F985 +2F986;5AB5;5AB5;5AB5;5AB5; # (媵媵; 媵; 媵; 媵; 媵; ) CJK COMPATIBILITY IDEOGRAPH-2F986 +2F987;267A7;267A7;267A7;267A7; # (𦞧𦞧; 𦞧𦞧; 𦞧𦞧; 𦞧𦞧; 𦞧𦞧; ) CJK COMPATIBILITY IDEOGRAPH-2F987 +2F988;267B5;267B5;267B5;267B5; # (𦞵𦞵; 𦞵𦞵; 𦞵𦞵; 𦞵𦞵; 𦞵𦞵; ) CJK COMPATIBILITY IDEOGRAPH-2F988 +2F989;23393;23393;23393;23393; # (𣎓𣎓; 𣎓𣎓; 𣎓𣎓; 𣎓𣎓; 𣎓𣎓; ) CJK COMPATIBILITY IDEOGRAPH-2F989 +2F98A;2339C;2339C;2339C;2339C; # (𣎜𣎜; 𣎜𣎜; 𣎜𣎜; 𣎜𣎜; 𣎜𣎜; ) CJK COMPATIBILITY IDEOGRAPH-2F98A +2F98B;8201;8201;8201;8201; # (舁舁; èˆ; èˆ; èˆ; èˆ; ) CJK COMPATIBILITY IDEOGRAPH-2F98B +2F98C;8204;8204;8204;8204; # (舄舄; 舄; 舄; 舄; 舄; ) CJK COMPATIBILITY IDEOGRAPH-2F98C +2F98D;8F9E;8F9E;8F9E;8F9E; # (ð¯¦ð¯¦; 辞; 辞; 辞; 辞; ) CJK COMPATIBILITY IDEOGRAPH-2F98D +2F98E;446B;446B;446B;446B; # (䑫䑫; ä‘«; ä‘«; ä‘«; ä‘«; ) CJK COMPATIBILITY IDEOGRAPH-2F98E +2F98F;8291;8291;8291;8291; # (ð¯¦ð¯¦; 芑; 芑; 芑; 芑; ) CJK COMPATIBILITY IDEOGRAPH-2F98F +2F990;828B;828B;828B;828B; # (ð¯¦ð¯¦; 芋; 芋; 芋; 芋; ) CJK COMPATIBILITY IDEOGRAPH-2F990 +2F991;829D;829D;829D;829D; # (芝芝; èŠ; èŠ; èŠ; èŠ; ) CJK COMPATIBILITY IDEOGRAPH-2F991 +2F992;52B3;52B3;52B3;52B3; # (劳劳; 劳; 劳; 劳; 劳; ) CJK COMPATIBILITY IDEOGRAPH-2F992 +2F993;82B1;82B1;82B1;82B1; # (花花; 花; 花; 花; 花; ) CJK COMPATIBILITY IDEOGRAPH-2F993 +2F994;82B3;82B3;82B3;82B3; # (芳芳; 芳; 芳; 芳; 芳; ) CJK COMPATIBILITY IDEOGRAPH-2F994 +2F995;82BD;82BD;82BD;82BD; # (芽芽; 芽; 芽; 芽; 芽; ) CJK COMPATIBILITY IDEOGRAPH-2F995 +2F996;82E6;82E6;82E6;82E6; # (苦苦; 苦; 苦; 苦; 苦; ) CJK COMPATIBILITY IDEOGRAPH-2F996 +2F997;26B3C;26B3C;26B3C;26B3C; # (𦬼𦬼; 𦬼𦬼; 𦬼𦬼; 𦬼𦬼; 𦬼𦬼; ) CJK COMPATIBILITY IDEOGRAPH-2F997 +2F998;82E5;82E5;82E5;82E5; # (若若; è‹¥; è‹¥; è‹¥; è‹¥; ) CJK COMPATIBILITY IDEOGRAPH-2F998 +2F999;831D;831D;831D;831D; # (茝茝; èŒ; èŒ; èŒ; èŒ; ) CJK COMPATIBILITY IDEOGRAPH-2F999 +2F99A;8363;8363;8363;8363; # (荣荣; è£; è£; è£; è£; ) CJK COMPATIBILITY IDEOGRAPH-2F99A +2F99B;83AD;83AD;83AD;83AD; # (莭莭; 莭; 莭; 莭; 莭; ) CJK COMPATIBILITY IDEOGRAPH-2F99B +2F99C;8323;8323;8323;8323; # (茣茣; 茣; 茣; 茣; 茣; ) CJK COMPATIBILITY IDEOGRAPH-2F99C +2F99D;83BD;83BD;83BD;83BD; # (ð¯¦ð¯¦; 莽; 莽; 莽; 莽; ) CJK COMPATIBILITY IDEOGRAPH-2F99D +2F99E;83E7;83E7;83E7;83E7; # (菧菧; è§; è§; è§; è§; ) CJK COMPATIBILITY IDEOGRAPH-2F99E +2F99F;8457;8457;8457;8457; # (著著; è‘—; è‘—; è‘—; è‘—; ) CJK COMPATIBILITY IDEOGRAPH-2F99F +2F9A0;8353;8353;8353;8353; # (荓荓; è“; è“; è“; è“; ) CJK COMPATIBILITY IDEOGRAPH-2F9A0 +2F9A1;83CA;83CA;83CA;83CA; # (菊菊; èŠ; èŠ; èŠ; èŠ; ) CJK COMPATIBILITY IDEOGRAPH-2F9A1 +2F9A2;83CC;83CC;83CC;83CC; # (菌菌; èŒ; èŒ; èŒ; èŒ; ) CJK COMPATIBILITY IDEOGRAPH-2F9A2 +2F9A3;83DC;83DC;83DC;83DC; # (菜菜; èœ; èœ; èœ; èœ; ) CJK COMPATIBILITY IDEOGRAPH-2F9A3 +2F9A4;26C36;26C36;26C36;26C36; # (𦰶𦰶; 𦰶𦰶; 𦰶𦰶; 𦰶𦰶; 𦰶𦰶; ) CJK COMPATIBILITY IDEOGRAPH-2F9A4 +2F9A5;26D6B;26D6B;26D6B;26D6B; # (𦵫𦵫; 𦵫𦵫; 𦵫𦵫; 𦵫𦵫; 𦵫𦵫; ) CJK COMPATIBILITY IDEOGRAPH-2F9A5 +2F9A6;26CD5;26CD5;26CD5;26CD5; # (𦳕𦳕; 𦳕𦳕; 𦳕𦳕; 𦳕𦳕; 𦳕𦳕; ) CJK COMPATIBILITY IDEOGRAPH-2F9A6 +2F9A7;452B;452B;452B;452B; # (䔫䔫; 䔫; 䔫; 䔫; 䔫; ) CJK COMPATIBILITY IDEOGRAPH-2F9A7 +2F9A8;84F1;84F1;84F1;84F1; # (蓱蓱; 蓱; 蓱; 蓱; 蓱; ) CJK COMPATIBILITY IDEOGRAPH-2F9A8 +2F9A9;84F3;84F3;84F3;84F3; # (蓳蓳; 蓳; 蓳; 蓳; 蓳; ) CJK COMPATIBILITY IDEOGRAPH-2F9A9 +2F9AA;8516;8516;8516;8516; # (蔖蔖; è”–; è”–; è”–; è”–; ) CJK COMPATIBILITY IDEOGRAPH-2F9AA +2F9AB;273CA;273CA;273CA;273CA; # (𧏊𧏊; ð§Šð§Š; ð§Šð§Š; ð§Šð§Š; ð§Šð§Š; ) CJK COMPATIBILITY IDEOGRAPH-2F9AB +2F9AC;8564;8564;8564;8564; # (蕤蕤; 蕤; 蕤; 蕤; 蕤; ) CJK COMPATIBILITY IDEOGRAPH-2F9AC +2F9AD;26F2C;26F2C;26F2C;26F2C; # (𦼬𦼬; 𦼬𦼬; 𦼬𦼬; 𦼬𦼬; 𦼬𦼬; ) CJK COMPATIBILITY IDEOGRAPH-2F9AD +2F9AE;455D;455D;455D;455D; # (䕝䕝; ä•; ä•; ä•; ä•; ) CJK COMPATIBILITY IDEOGRAPH-2F9AE +2F9AF;4561;4561;4561;4561; # (䕡䕡; ä•¡; ä•¡; ä•¡; ä•¡; ) CJK COMPATIBILITY IDEOGRAPH-2F9AF +2F9B0;26FB1;26FB1;26FB1;26FB1; # (𦾱𦾱; 𦾱𦾱; 𦾱𦾱; 𦾱𦾱; 𦾱𦾱; ) CJK COMPATIBILITY IDEOGRAPH-2F9B0 +2F9B1;270D2;270D2;270D2;270D2; # (𧃒𧃒; 𧃒𧃒; 𧃒𧃒; 𧃒𧃒; 𧃒𧃒; ) CJK COMPATIBILITY IDEOGRAPH-2F9B1 +2F9B2;456B;456B;456B;456B; # (䕫䕫; ä•«; ä•«; ä•«; ä•«; ) CJK COMPATIBILITY IDEOGRAPH-2F9B2 +2F9B3;8650;8650;8650;8650; # (虐虐; è™; è™; è™; è™; ) CJK COMPATIBILITY IDEOGRAPH-2F9B3 +2F9B4;865C;865C;865C;865C; # (虜虜; 虜; 虜; 虜; 虜; ) CJK COMPATIBILITY IDEOGRAPH-2F9B4 +2F9B5;8667;8667;8667;8667; # (虧虧; 虧; 虧; 虧; 虧; ) CJK COMPATIBILITY IDEOGRAPH-2F9B5 +2F9B6;8669;8669;8669;8669; # (虩虩; 虩; 虩; 虩; 虩; ) CJK COMPATIBILITY IDEOGRAPH-2F9B6 +2F9B7;86A9;86A9;86A9;86A9; # (蚩蚩; èš©; èš©; èš©; èš©; ) CJK COMPATIBILITY IDEOGRAPH-2F9B7 +2F9B8;8688;8688;8688;8688; # (蚈蚈; 蚈; 蚈; 蚈; 蚈; ) CJK COMPATIBILITY IDEOGRAPH-2F9B8 +2F9B9;870E;870E;870E;870E; # (蜎蜎; 蜎; 蜎; 蜎; 蜎; ) CJK COMPATIBILITY IDEOGRAPH-2F9B9 +2F9BA;86E2;86E2;86E2;86E2; # (蛢蛢; 蛢; 蛢; 蛢; 蛢; ) CJK COMPATIBILITY IDEOGRAPH-2F9BA +2F9BB;8779;8779;8779;8779; # (蝹蝹; è¹; è¹; è¹; è¹; ) CJK COMPATIBILITY IDEOGRAPH-2F9BB +2F9BC;8728;8728;8728;8728; # (蜨蜨; 蜨; 蜨; 蜨; 蜨; ) CJK COMPATIBILITY IDEOGRAPH-2F9BC +2F9BD;876B;876B;876B;876B; # (蝫蝫; è«; è«; è«; è«; ) CJK COMPATIBILITY IDEOGRAPH-2F9BD +2F9BE;8786;8786;8786;8786; # (螆螆; 螆; 螆; 螆; 螆; ) CJK COMPATIBILITY IDEOGRAPH-2F9BE +2F9BF;45D7;45D7;45D7;45D7; # (䗗䗗; ä——; ä——; ä——; ä——; ) CJK COMPATIBILITY IDEOGRAPH-2F9BF +2F9C0;87E1;87E1;87E1;87E1; # (蟡蟡; 蟡; 蟡; 蟡; 蟡; ) CJK COMPATIBILITY IDEOGRAPH-2F9C0 +2F9C1;8801;8801;8801;8801; # (ð¯§ð¯§; è ; è ; è ; è ; ) CJK COMPATIBILITY IDEOGRAPH-2F9C1 +2F9C2;45F9;45F9;45F9;45F9; # (䗹䗹; ä—¹; ä—¹; ä—¹; ä—¹; ) CJK COMPATIBILITY IDEOGRAPH-2F9C2 +2F9C3;8860;8860;8860;8860; # (衠衠; è¡ ; è¡ ; è¡ ; è¡ ; ) CJK COMPATIBILITY IDEOGRAPH-2F9C3 +2F9C4;8863;8863;8863;8863; # (衣衣; è¡£; è¡£; è¡£; è¡£; ) CJK COMPATIBILITY IDEOGRAPH-2F9C4 +2F9C5;27667;27667;27667;27667; # (𧙧𧙧; 𧙧𧙧; 𧙧𧙧; 𧙧𧙧; 𧙧𧙧; ) CJK COMPATIBILITY IDEOGRAPH-2F9C5 +2F9C6;88D7;88D7;88D7;88D7; # (裗裗; 裗; 裗; 裗; 裗; ) CJK COMPATIBILITY IDEOGRAPH-2F9C6 +2F9C7;88DE;88DE;88DE;88DE; # (裞裞; 裞; 裞; 裞; 裞; ) CJK COMPATIBILITY IDEOGRAPH-2F9C7 +2F9C8;4635;4635;4635;4635; # (䘵䘵; 䘵; 䘵; 䘵; 䘵; ) CJK COMPATIBILITY IDEOGRAPH-2F9C8 +2F9C9;88FA;88FA;88FA;88FA; # (裺裺; 裺; 裺; 裺; 裺; ) CJK COMPATIBILITY IDEOGRAPH-2F9C9 +2F9CA;34BB;34BB;34BB;34BB; # (㒻㒻; ã’»; ã’»; ã’»; ã’»; ) CJK COMPATIBILITY IDEOGRAPH-2F9CA +2F9CB;278AE;278AE;278AE;278AE; # (𧢮𧢮; 𧢮𧢮; 𧢮𧢮; 𧢮𧢮; 𧢮𧢮; ) CJK COMPATIBILITY IDEOGRAPH-2F9CB +2F9CC;27966;27966;27966;27966; # (𧥦𧥦; 𧥦𧥦; 𧥦𧥦; 𧥦𧥦; 𧥦𧥦; ) CJK COMPATIBILITY IDEOGRAPH-2F9CC +2F9CD;46BE;46BE;46BE;46BE; # (ð¯§ð¯§; äš¾; äš¾; äš¾; äš¾; ) CJK COMPATIBILITY IDEOGRAPH-2F9CD +2F9CE;46C7;46C7;46C7;46C7; # (䛇䛇; 䛇; 䛇; 䛇; 䛇; ) CJK COMPATIBILITY IDEOGRAPH-2F9CE +2F9CF;8AA0;8AA0;8AA0;8AA0; # (ð¯§ð¯§; 誠; 誠; 誠; 誠; ) CJK COMPATIBILITY IDEOGRAPH-2F9CF +2F9D0;8AED;8AED;8AED;8AED; # (ð¯§ð¯§; è«­; è«­; è«­; è«­; ) CJK COMPATIBILITY IDEOGRAPH-2F9D0 +2F9D1;8B8A;8B8A;8B8A;8B8A; # (變變; 變; 變; 變; 變; ) CJK COMPATIBILITY IDEOGRAPH-2F9D1 +2F9D2;8C55;8C55;8C55;8C55; # (豕豕; 豕; 豕; 豕; 豕; ) CJK COMPATIBILITY IDEOGRAPH-2F9D2 +2F9D3;27CA8;27CA8;27CA8;27CA8; # (𧲨𧲨; 𧲨𧲨; 𧲨𧲨; 𧲨𧲨; 𧲨𧲨; ) CJK COMPATIBILITY IDEOGRAPH-2F9D3 +2F9D4;8CAB;8CAB;8CAB;8CAB; # (貫貫; 貫; 貫; 貫; 貫; ) CJK COMPATIBILITY IDEOGRAPH-2F9D4 +2F9D5;8CC1;8CC1;8CC1;8CC1; # (賁賁; è³; è³; è³; è³; ) CJK COMPATIBILITY IDEOGRAPH-2F9D5 +2F9D6;8D1B;8D1B;8D1B;8D1B; # (贛贛; è´›; è´›; è´›; è´›; ) CJK COMPATIBILITY IDEOGRAPH-2F9D6 +2F9D7;8D77;8D77;8D77;8D77; # (起起; èµ·; èµ·; èµ·; èµ·; ) CJK COMPATIBILITY IDEOGRAPH-2F9D7 +2F9D8;27F2F;27F2F;27F2F;27F2F; # (𧼯𧼯; 𧼯𧼯; 𧼯𧼯; 𧼯𧼯; 𧼯𧼯; ) CJK COMPATIBILITY IDEOGRAPH-2F9D8 +2F9D9;20804;20804;20804;20804; # (𠠄𠠄; ð  „ð  „; ð  „ð  „; ð  „ð  „; ð  „ð  „; ) CJK COMPATIBILITY IDEOGRAPH-2F9D9 +2F9DA;8DCB;8DCB;8DCB;8DCB; # (跋跋; è·‹; è·‹; è·‹; è·‹; ) CJK COMPATIBILITY IDEOGRAPH-2F9DA +2F9DB;8DBC;8DBC;8DBC;8DBC; # (趼趼; 趼; 趼; 趼; 趼; ) CJK COMPATIBILITY IDEOGRAPH-2F9DB +2F9DC;8DF0;8DF0;8DF0;8DF0; # (跰跰; è·°; è·°; è·°; è·°; ) CJK COMPATIBILITY IDEOGRAPH-2F9DC +2F9DD;208DE;208DE;208DE;208DE; # (ð¯§ð¯§; 𠣞𠣞; 𠣞𠣞; 𠣞𠣞; 𠣞𠣞; ) CJK COMPATIBILITY IDEOGRAPH-2F9DD +2F9DE;8ED4;8ED4;8ED4;8ED4; # (軔軔; è»”; è»”; è»”; è»”; ) CJK COMPATIBILITY IDEOGRAPH-2F9DE +2F9DF;8F38;8F38;8F38;8F38; # (輸輸; 輸; 輸; 輸; 輸; ) CJK COMPATIBILITY IDEOGRAPH-2F9DF +2F9E0;285D2;285D2;285D2;285D2; # (𨗒𨗒; 𨗒𨗒; 𨗒𨗒; 𨗒𨗒; 𨗒𨗒; ) CJK COMPATIBILITY IDEOGRAPH-2F9E0 +2F9E1;285ED;285ED;285ED;285ED; # (𨗭𨗭; 𨗭𨗭; 𨗭𨗭; 𨗭𨗭; 𨗭𨗭; ) CJK COMPATIBILITY IDEOGRAPH-2F9E1 +2F9E2;9094;9094;9094;9094; # (邔邔; é‚”; é‚”; é‚”; é‚”; ) CJK COMPATIBILITY IDEOGRAPH-2F9E2 +2F9E3;90F1;90F1;90F1;90F1; # (郱郱; 郱; 郱; 郱; 郱; ) CJK COMPATIBILITY IDEOGRAPH-2F9E3 +2F9E4;9111;9111;9111;9111; # (鄑鄑; é„‘; é„‘; é„‘; é„‘; ) CJK COMPATIBILITY IDEOGRAPH-2F9E4 +2F9E5;2872E;2872E;2872E;2872E; # (𨜮𨜮; 𨜮𨜮; 𨜮𨜮; 𨜮𨜮; 𨜮𨜮; ) CJK COMPATIBILITY IDEOGRAPH-2F9E5 +2F9E6;911B;911B;911B;911B; # (鄛鄛; é„›; é„›; é„›; é„›; ) CJK COMPATIBILITY IDEOGRAPH-2F9E6 +2F9E7;9238;9238;9238;9238; # (鈸鈸; 鈸; 鈸; 鈸; 鈸; ) CJK COMPATIBILITY IDEOGRAPH-2F9E7 +2F9E8;92D7;92D7;92D7;92D7; # (鋗鋗; é‹—; é‹—; é‹—; é‹—; ) CJK COMPATIBILITY IDEOGRAPH-2F9E8 +2F9E9;92D8;92D8;92D8;92D8; # (鋘鋘; 鋘; 鋘; 鋘; 鋘; ) CJK COMPATIBILITY IDEOGRAPH-2F9E9 +2F9EA;927C;927C;927C;927C; # (鉼鉼; 鉼; 鉼; 鉼; 鉼; ) CJK COMPATIBILITY IDEOGRAPH-2F9EA +2F9EB;93F9;93F9;93F9;93F9; # (鏹鏹; é¹; é¹; é¹; é¹; ) CJK COMPATIBILITY IDEOGRAPH-2F9EB +2F9EC;9415;9415;9415;9415; # (鐕鐕; é•; é•; é•; é•; ) CJK COMPATIBILITY IDEOGRAPH-2F9EC +2F9ED;28BFA;28BFA;28BFA;28BFA; # (𨯺𨯺; 𨯺𨯺; 𨯺𨯺; 𨯺𨯺; 𨯺𨯺; ) CJK COMPATIBILITY IDEOGRAPH-2F9ED +2F9EE;958B;958B;958B;958B; # (開開; é–‹; é–‹; é–‹; é–‹; ) CJK COMPATIBILITY IDEOGRAPH-2F9EE +2F9EF;4995;4995;4995;4995; # (䦕䦕; 䦕; 䦕; 䦕; 䦕; ) CJK COMPATIBILITY IDEOGRAPH-2F9EF +2F9F0;95B7;95B7;95B7;95B7; # (閷閷; é–·; é–·; é–·; é–·; ) CJK COMPATIBILITY IDEOGRAPH-2F9F0 +2F9F1;28D77;28D77;28D77;28D77; # (𨵷𨵷; 𨵷𨵷; 𨵷𨵷; 𨵷𨵷; 𨵷𨵷; ) CJK COMPATIBILITY IDEOGRAPH-2F9F1 +2F9F2;49E6;49E6;49E6;49E6; # (䧦䧦; 䧦; 䧦; 䧦; 䧦; ) CJK COMPATIBILITY IDEOGRAPH-2F9F2 +2F9F3;96C3;96C3;96C3;96C3; # (雃雃; 雃; 雃; 雃; 雃; ) CJK COMPATIBILITY IDEOGRAPH-2F9F3 +2F9F4;5DB2;5DB2;5DB2;5DB2; # (嶲嶲; 嶲; 嶲; 嶲; 嶲; ) CJK COMPATIBILITY IDEOGRAPH-2F9F4 +2F9F5;9723;9723;9723;9723; # (霣霣; 霣; 霣; 霣; 霣; ) CJK COMPATIBILITY IDEOGRAPH-2F9F5 +2F9F6;29145;29145;29145;29145; # (𩅅𩅅; ð©……ð©……; ð©……ð©……; ð©……ð©……; ð©……ð©……; ) CJK COMPATIBILITY IDEOGRAPH-2F9F6 +2F9F7;2921A;2921A;2921A;2921A; # (𩈚𩈚; 𩈚𩈚; 𩈚𩈚; 𩈚𩈚; 𩈚𩈚; ) CJK COMPATIBILITY IDEOGRAPH-2F9F7 +2F9F8;4A6E;4A6E;4A6E;4A6E; # (䩮䩮; ä©®; ä©®; ä©®; ä©®; ) CJK COMPATIBILITY IDEOGRAPH-2F9F8 +2F9F9;4A76;4A76;4A76;4A76; # (䩶䩶; 䩶; 䩶; 䩶; 䩶; ) CJK COMPATIBILITY IDEOGRAPH-2F9F9 +2F9FA;97E0;97E0;97E0;97E0; # (韠韠; 韠; 韠; 韠; 韠; ) CJK COMPATIBILITY IDEOGRAPH-2F9FA +2F9FB;2940A;2940A;2940A;2940A; # (𩐊𩐊; ð©Šð©Š; ð©Šð©Š; ð©Šð©Š; ð©Šð©Š; ) CJK COMPATIBILITY IDEOGRAPH-2F9FB +2F9FC;4AB2;4AB2;4AB2;4AB2; # (䪲䪲; 䪲; 䪲; 䪲; 䪲; ) CJK COMPATIBILITY IDEOGRAPH-2F9FC +2F9FD;29496;29496;29496;29496; # (𩒖𩒖; ð©’–ð©’–; ð©’–ð©’–; ð©’–ð©’–; ð©’–ð©’–; ) CJK COMPATIBILITY IDEOGRAPH-2F9FD +2F9FE;980B;980B;980B;980B; # (頋頋; é ‹; é ‹; é ‹; é ‹; ) CJK COMPATIBILITY IDEOGRAPH-2F9FE +2F9FF;980B;980B;980B;980B; # (頋頋; é ‹; é ‹; é ‹; é ‹; ) CJK COMPATIBILITY IDEOGRAPH-2F9FF +2FA00;9829;9829;9829;9829; # (頩頩; é ©; é ©; é ©; é ©; ) CJK COMPATIBILITY IDEOGRAPH-2FA00 +2FA01;295B6;295B6;295B6;295B6; # (ð¯¨ð¯¨; 𩖶𩖶; 𩖶𩖶; 𩖶𩖶; 𩖶𩖶; ) CJK COMPATIBILITY IDEOGRAPH-2FA01 +2FA02;98E2;98E2;98E2;98E2; # (飢飢; 飢; 飢; 飢; 飢; ) CJK COMPATIBILITY IDEOGRAPH-2FA02 +2FA03;4B33;4B33;4B33;4B33; # (䬳䬳; 䬳; 䬳; 䬳; 䬳; ) CJK COMPATIBILITY IDEOGRAPH-2FA03 +2FA04;9929;9929;9929;9929; # (餩餩; 餩; 餩; 餩; 餩; ) CJK COMPATIBILITY IDEOGRAPH-2FA04 +2FA05;99A7;99A7;99A7;99A7; # (馧馧; 馧; 馧; 馧; 馧; ) CJK COMPATIBILITY IDEOGRAPH-2FA05 +2FA06;99C2;99C2;99C2;99C2; # (駂駂; 駂; 駂; 駂; 駂; ) CJK COMPATIBILITY IDEOGRAPH-2FA06 +2FA07;99FE;99FE;99FE;99FE; # (駾駾; 駾; 駾; 駾; 駾; ) CJK COMPATIBILITY IDEOGRAPH-2FA07 +2FA08;4BCE;4BCE;4BCE;4BCE; # (䯎䯎; 䯎; 䯎; 䯎; 䯎; ) CJK COMPATIBILITY IDEOGRAPH-2FA08 +2FA09;29B30;29B30;29B30;29B30; # (𩬰𩬰; 𩬰𩬰; 𩬰𩬰; 𩬰𩬰; 𩬰𩬰; ) CJK COMPATIBILITY IDEOGRAPH-2FA09 +2FA0A;9B12;9B12;9B12;9B12; # (鬒鬒; 鬒; 鬒; 鬒; 鬒; ) CJK COMPATIBILITY IDEOGRAPH-2FA0A +2FA0B;9C40;9C40;9C40;9C40; # (鱀鱀; é±€; é±€; é±€; é±€; ) CJK COMPATIBILITY IDEOGRAPH-2FA0B +2FA0C;9CFD;9CFD;9CFD;9CFD; # (鳽鳽; é³½; é³½; é³½; é³½; ) CJK COMPATIBILITY IDEOGRAPH-2FA0C +2FA0D;4CCE;4CCE;4CCE;4CCE; # (ð¯¨ð¯¨; 䳎; 䳎; 䳎; 䳎; ) CJK COMPATIBILITY IDEOGRAPH-2FA0D +2FA0E;4CED;4CED;4CED;4CED; # (䳭䳭; ä³­; ä³­; ä³­; ä³­; ) CJK COMPATIBILITY IDEOGRAPH-2FA0E +2FA0F;9D67;9D67;9D67;9D67; # (ð¯¨ð¯¨; 鵧; 鵧; 鵧; 鵧; ) CJK COMPATIBILITY IDEOGRAPH-2FA0F +2FA10;2A0CE;2A0CE;2A0CE;2A0CE; # (ð¯¨ð¯¨; 𪃎𪃎; 𪃎𪃎; 𪃎𪃎; 𪃎𪃎; ) CJK COMPATIBILITY IDEOGRAPH-2FA10 +2FA11;4CF8;4CF8;4CF8;4CF8; # (䳸䳸; 䳸; 䳸; 䳸; 䳸; ) CJK COMPATIBILITY IDEOGRAPH-2FA11 +2FA12;2A105;2A105;2A105;2A105; # (𪄅𪄅; 𪄅𪄅; 𪄅𪄅; 𪄅𪄅; 𪄅𪄅; ) CJK COMPATIBILITY IDEOGRAPH-2FA12 +2FA13;2A20E;2A20E;2A20E;2A20E; # (𪈎𪈎; 𪈎𪈎; 𪈎𪈎; 𪈎𪈎; 𪈎𪈎; ) CJK COMPATIBILITY IDEOGRAPH-2FA13 +2FA14;2A291;2A291;2A291;2A291; # (𪊑𪊑; 𪊑𪊑; 𪊑𪊑; 𪊑𪊑; 𪊑𪊑; ) CJK COMPATIBILITY IDEOGRAPH-2FA14 +2FA15;9EBB;9EBB;9EBB;9EBB; # (麻麻; 麻; 麻; 麻; 麻; ) CJK COMPATIBILITY IDEOGRAPH-2FA15 +2FA16;4D56;4D56;4D56;4D56; # (䵖䵖; äµ–; äµ–; äµ–; äµ–; ) CJK COMPATIBILITY IDEOGRAPH-2FA16 +2FA17;9EF9;9EF9;9EF9;9EF9; # (黹黹; 黹; 黹; 黹; 黹; ) CJK COMPATIBILITY IDEOGRAPH-2FA17 +2FA18;9EFE;9EFE;9EFE;9EFE; # (黾黾; 黾; 黾; 黾; 黾; ) CJK COMPATIBILITY IDEOGRAPH-2FA18 +2FA19;9F05;9F05;9F05;9F05; # (鼅鼅; é¼…; é¼…; é¼…; é¼…; ) CJK COMPATIBILITY IDEOGRAPH-2FA19 +2FA1A;9F0F;9F0F;9F0F;9F0F; # (鼏鼏; é¼; é¼; é¼; é¼; ) CJK COMPATIBILITY IDEOGRAPH-2FA1A +2FA1B;9F16;9F16;9F16;9F16; # (鼖鼖; é¼–; é¼–; é¼–; é¼–; ) CJK COMPATIBILITY IDEOGRAPH-2FA1B +2FA1C;9F3B;9F3B;9F3B;9F3B; # (鼻鼻; é¼»; é¼»; é¼»; é¼»; ) CJK COMPATIBILITY IDEOGRAPH-2FA1C +2FA1D;2A600;2A600;2A600;2A600; # (ð¯¨ð¯¨; 𪘀𪘀; 𪘀𪘀; 𪘀𪘀; 𪘀𪘀; ) CJK COMPATIBILITY IDEOGRAPH-2FA1D +# +@Part2 # Canonical Order Test +# +0061 0315 0300 05AE 0300 0062;00E0 05AE 0300 0315 0062;0061 05AE 0300 0300 0315 0062;00E0 05AE 0300 0315 0062;0061 05AE 0300 0300 0315 0062; # (a◌̕◌̀◌֮◌̀b; à◌֮◌̀◌̕b; a◌֮◌̀◌̀◌̕b; à◌֮◌̀◌̕b; a◌֮◌̀◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING GRAVE ACCENT, LATIN SMALL LETTER B +0061 0300 0315 0300 05AE 0062;00E0 05AE 0300 0315 0062;0061 05AE 0300 0300 0315 0062;00E0 05AE 0300 0315 0062;0061 05AE 0300 0300 0315 0062; # (a◌̀◌̕◌̀◌֮b; à◌֮◌̀◌̕b; a◌֮◌̀◌̀◌̕b; à◌֮◌̀◌̕b; a◌֮◌̀◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING GRAVE ACCENT, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0301 0062;00E0 05AE 0301 0315 0062;0061 05AE 0300 0301 0315 0062;00E0 05AE 0301 0315 0062;0061 05AE 0300 0301 0315 0062; # (a◌̕◌̀◌֮◌Ìb; à◌֮◌Ì◌̕b; a◌֮◌̀◌Ì◌̕b; à◌֮◌Ì◌̕b; a◌֮◌̀◌Ì◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING ACUTE ACCENT, LATIN SMALL LETTER B +0061 0301 0315 0300 05AE 0062;00E1 05AE 0300 0315 0062;0061 05AE 0301 0300 0315 0062;00E1 05AE 0300 0315 0062;0061 05AE 0301 0300 0315 0062; # (aâ—ŒÌ◌̕◌̀◌֮b; á◌֮◌̀◌̕b; a◌֮◌Ì◌̀◌̕b; á◌֮◌̀◌̕b; a◌֮◌Ì◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING ACUTE ACCENT, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0302 0062;00E0 05AE 0302 0315 0062;0061 05AE 0300 0302 0315 0062;00E0 05AE 0302 0315 0062;0061 05AE 0300 0302 0315 0062; # (a◌̕◌̀◌֮◌̂b; à◌֮◌̂◌̕b; a◌֮◌̀◌̂◌̕b; à◌֮◌̂◌̕b; a◌֮◌̀◌̂◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING CIRCUMFLEX ACCENT, LATIN SMALL LETTER B +0061 0302 0315 0300 05AE 0062;1EA7 05AE 0315 0062;0061 05AE 0302 0300 0315 0062;1EA7 05AE 0315 0062;0061 05AE 0302 0300 0315 0062; # (a◌̂◌̕◌̀◌֮b; ầ◌֮◌̕b; a◌֮◌̂◌̀◌̕b; ầ◌֮◌̕b; a◌֮◌̂◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING CIRCUMFLEX ACCENT, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0303 0062;00E0 05AE 0303 0315 0062;0061 05AE 0300 0303 0315 0062;00E0 05AE 0303 0315 0062;0061 05AE 0300 0303 0315 0062; # (a◌̕◌̀◌֮◌̃b; à◌֮◌̃◌̕b; a◌֮◌̀◌̃◌̕b; à◌֮◌̃◌̕b; a◌֮◌̀◌̃◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING TILDE, LATIN SMALL LETTER B +0061 0303 0315 0300 05AE 0062;00E3 05AE 0300 0315 0062;0061 05AE 0303 0300 0315 0062;00E3 05AE 0300 0315 0062;0061 05AE 0303 0300 0315 0062; # (a◌̃◌̕◌̀◌֮b; ã◌֮◌̀◌̕b; a◌֮◌̃◌̀◌̕b; ã◌֮◌̀◌̕b; a◌֮◌̃◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING TILDE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0304 0062;00E0 05AE 0304 0315 0062;0061 05AE 0300 0304 0315 0062;00E0 05AE 0304 0315 0062;0061 05AE 0300 0304 0315 0062; # (a◌̕◌̀◌֮◌̄b; à◌֮◌̄◌̕b; a◌֮◌̀◌̄◌̕b; à◌֮◌̄◌̕b; a◌֮◌̀◌̄◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING MACRON, LATIN SMALL LETTER B +0061 0304 0315 0300 05AE 0062;0101 05AE 0300 0315 0062;0061 05AE 0304 0300 0315 0062;0101 05AE 0300 0315 0062;0061 05AE 0304 0300 0315 0062; # (a◌̄◌̕◌̀◌֮b; Ä◌֮◌̀◌̕b; a◌֮◌̄◌̀◌̕b; Ä◌֮◌̀◌̕b; a◌֮◌̄◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING MACRON, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0305 0062;00E0 05AE 0305 0315 0062;0061 05AE 0300 0305 0315 0062;00E0 05AE 0305 0315 0062;0061 05AE 0300 0305 0315 0062; # (a◌̕◌̀◌֮◌̅b; à◌֮◌̅◌̕b; a◌֮◌̀◌̅◌̕b; à◌֮◌̅◌̕b; a◌֮◌̀◌̅◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING OVERLINE, LATIN SMALL LETTER B +0061 0305 0315 0300 05AE 0062;0061 05AE 0305 0300 0315 0062;0061 05AE 0305 0300 0315 0062;0061 05AE 0305 0300 0315 0062;0061 05AE 0305 0300 0315 0062; # (a◌̅◌̕◌̀◌֮b; a◌֮◌̅◌̀◌̕b; a◌֮◌̅◌̀◌̕b; a◌֮◌̅◌̀◌̕b; a◌֮◌̅◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING OVERLINE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0306 0062;00E0 05AE 0306 0315 0062;0061 05AE 0300 0306 0315 0062;00E0 05AE 0306 0315 0062;0061 05AE 0300 0306 0315 0062; # (a◌̕◌̀◌֮◌̆b; à◌֮◌̆◌̕b; a◌֮◌̀◌̆◌̕b; à◌֮◌̆◌̕b; a◌֮◌̀◌̆◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING BREVE, LATIN SMALL LETTER B +0061 0306 0315 0300 05AE 0062;1EB1 05AE 0315 0062;0061 05AE 0306 0300 0315 0062;1EB1 05AE 0315 0062;0061 05AE 0306 0300 0315 0062; # (a◌̆◌̕◌̀◌֮b; ằ◌֮◌̕b; a◌֮◌̆◌̀◌̕b; ằ◌֮◌̕b; a◌֮◌̆◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING BREVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0307 0062;00E0 05AE 0307 0315 0062;0061 05AE 0300 0307 0315 0062;00E0 05AE 0307 0315 0062;0061 05AE 0300 0307 0315 0062; # (a◌̕◌̀◌֮◌̇b; à◌֮◌̇◌̕b; a◌֮◌̀◌̇◌̕b; à◌֮◌̇◌̕b; a◌֮◌̀◌̇◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING DOT ABOVE, LATIN SMALL LETTER B +0061 0307 0315 0300 05AE 0062;0227 05AE 0300 0315 0062;0061 05AE 0307 0300 0315 0062;0227 05AE 0300 0315 0062;0061 05AE 0307 0300 0315 0062; # (a◌̇◌̕◌̀◌֮b; ȧ◌֮◌̀◌̕b; a◌֮◌̇◌̀◌̕b; ȧ◌֮◌̀◌̕b; a◌֮◌̇◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING DOT ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0308 0062;00E0 05AE 0308 0315 0062;0061 05AE 0300 0308 0315 0062;00E0 05AE 0308 0315 0062;0061 05AE 0300 0308 0315 0062; # (a◌̕◌̀◌֮◌̈b; à◌֮◌̈◌̕b; a◌֮◌̀◌̈◌̕b; à◌֮◌̈◌̕b; a◌֮◌̀◌̈◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING DIAERESIS, LATIN SMALL LETTER B +0061 0308 0315 0300 05AE 0062;00E4 05AE 0300 0315 0062;0061 05AE 0308 0300 0315 0062;00E4 05AE 0300 0315 0062;0061 05AE 0308 0300 0315 0062; # (a◌̈◌̕◌̀◌֮b; ä◌֮◌̀◌̕b; a◌֮◌̈◌̀◌̕b; ä◌֮◌̀◌̕b; a◌֮◌̈◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING DIAERESIS, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0309 0062;00E0 05AE 0309 0315 0062;0061 05AE 0300 0309 0315 0062;00E0 05AE 0309 0315 0062;0061 05AE 0300 0309 0315 0062; # (a◌̕◌̀◌֮◌̉b; à◌֮◌̉◌̕b; a◌֮◌̀◌̉◌̕b; à◌֮◌̉◌̕b; a◌֮◌̀◌̉◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING HOOK ABOVE, LATIN SMALL LETTER B +0061 0309 0315 0300 05AE 0062;1EA3 05AE 0300 0315 0062;0061 05AE 0309 0300 0315 0062;1EA3 05AE 0300 0315 0062;0061 05AE 0309 0300 0315 0062; # (a◌̉◌̕◌̀◌֮b; ả◌֮◌̀◌̕b; a◌֮◌̉◌̀◌̕b; ả◌֮◌̀◌̕b; a◌֮◌̉◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING HOOK ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 030A 0062;00E0 05AE 030A 0315 0062;0061 05AE 0300 030A 0315 0062;00E0 05AE 030A 0315 0062;0061 05AE 0300 030A 0315 0062; # (a◌̕◌̀◌֮◌̊b; à◌֮◌̊◌̕b; a◌֮◌̀◌̊◌̕b; à◌֮◌̊◌̕b; a◌֮◌̀◌̊◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING RING ABOVE, LATIN SMALL LETTER B +0061 030A 0315 0300 05AE 0062;00E5 05AE 0300 0315 0062;0061 05AE 030A 0300 0315 0062;00E5 05AE 0300 0315 0062;0061 05AE 030A 0300 0315 0062; # (a◌̊◌̕◌̀◌֮b; å◌֮◌̀◌̕b; a◌֮◌̊◌̀◌̕b; å◌֮◌̀◌̕b; a◌֮◌̊◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING RING ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 030B 0062;00E0 05AE 030B 0315 0062;0061 05AE 0300 030B 0315 0062;00E0 05AE 030B 0315 0062;0061 05AE 0300 030B 0315 0062; # (a◌̕◌̀◌֮◌̋b; à◌֮◌̋◌̕b; a◌֮◌̀◌̋◌̕b; à◌֮◌̋◌̕b; a◌֮◌̀◌̋◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING DOUBLE ACUTE ACCENT, LATIN SMALL LETTER B +0061 030B 0315 0300 05AE 0062;0061 05AE 030B 0300 0315 0062;0061 05AE 030B 0300 0315 0062;0061 05AE 030B 0300 0315 0062;0061 05AE 030B 0300 0315 0062; # (a◌̋◌̕◌̀◌֮b; a◌֮◌̋◌̀◌̕b; a◌֮◌̋◌̀◌̕b; a◌֮◌̋◌̀◌̕b; a◌֮◌̋◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING DOUBLE ACUTE ACCENT, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 030C 0062;00E0 05AE 030C 0315 0062;0061 05AE 0300 030C 0315 0062;00E0 05AE 030C 0315 0062;0061 05AE 0300 030C 0315 0062; # (a◌̕◌̀◌֮◌̌b; à◌֮◌̌◌̕b; a◌֮◌̀◌̌◌̕b; à◌֮◌̌◌̕b; a◌֮◌̀◌̌◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING CARON, LATIN SMALL LETTER B +0061 030C 0315 0300 05AE 0062;01CE 05AE 0300 0315 0062;0061 05AE 030C 0300 0315 0062;01CE 05AE 0300 0315 0062;0061 05AE 030C 0300 0315 0062; # (a◌̌◌̕◌̀◌֮b; ǎ◌֮◌̀◌̕b; a◌֮◌̌◌̀◌̕b; ǎ◌֮◌̀◌̕b; a◌֮◌̌◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING CARON, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 030D 0062;00E0 05AE 030D 0315 0062;0061 05AE 0300 030D 0315 0062;00E0 05AE 030D 0315 0062;0061 05AE 0300 030D 0315 0062; # (a◌̕◌̀◌֮◌Ìb; à◌֮◌Ì◌̕b; a◌֮◌̀◌Ì◌̕b; à◌֮◌Ì◌̕b; a◌֮◌̀◌Ì◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING VERTICAL LINE ABOVE, LATIN SMALL LETTER B +0061 030D 0315 0300 05AE 0062;0061 05AE 030D 0300 0315 0062;0061 05AE 030D 0300 0315 0062;0061 05AE 030D 0300 0315 0062;0061 05AE 030D 0300 0315 0062; # (aâ—ŒÌ◌̕◌̀◌֮b; a◌֮◌Ì◌̀◌̕b; a◌֮◌Ì◌̀◌̕b; a◌֮◌Ì◌̀◌̕b; a◌֮◌Ì◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING VERTICAL LINE ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 030E 0062;00E0 05AE 030E 0315 0062;0061 05AE 0300 030E 0315 0062;00E0 05AE 030E 0315 0062;0061 05AE 0300 030E 0315 0062; # (a◌̕◌̀◌֮◌̎b; à◌֮◌̎◌̕b; a◌֮◌̀◌̎◌̕b; à◌֮◌̎◌̕b; a◌֮◌̀◌̎◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING DOUBLE VERTICAL LINE ABOVE, LATIN SMALL LETTER B +0061 030E 0315 0300 05AE 0062;0061 05AE 030E 0300 0315 0062;0061 05AE 030E 0300 0315 0062;0061 05AE 030E 0300 0315 0062;0061 05AE 030E 0300 0315 0062; # (a◌̎◌̕◌̀◌֮b; a◌֮◌̎◌̀◌̕b; a◌֮◌̎◌̀◌̕b; a◌֮◌̎◌̀◌̕b; a◌֮◌̎◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING DOUBLE VERTICAL LINE ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 030F 0062;00E0 05AE 030F 0315 0062;0061 05AE 0300 030F 0315 0062;00E0 05AE 030F 0315 0062;0061 05AE 0300 030F 0315 0062; # (a◌̕◌̀◌֮◌Ìb; à◌֮◌Ì◌̕b; a◌֮◌̀◌Ì◌̕b; à◌֮◌Ì◌̕b; a◌֮◌̀◌Ì◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING DOUBLE GRAVE ACCENT, LATIN SMALL LETTER B +0061 030F 0315 0300 05AE 0062;0201 05AE 0300 0315 0062;0061 05AE 030F 0300 0315 0062;0201 05AE 0300 0315 0062;0061 05AE 030F 0300 0315 0062; # (aâ—ŒÌ◌̕◌̀◌֮b; È◌֮◌̀◌̕b; a◌֮◌Ì◌̀◌̕b; È◌֮◌̀◌̕b; a◌֮◌Ì◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING DOUBLE GRAVE ACCENT, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0310 0062;00E0 05AE 0310 0315 0062;0061 05AE 0300 0310 0315 0062;00E0 05AE 0310 0315 0062;0061 05AE 0300 0310 0315 0062; # (a◌̕◌̀◌֮◌Ìb; à◌֮◌Ì◌̕b; a◌֮◌̀◌Ì◌̕b; à◌֮◌Ì◌̕b; a◌֮◌̀◌Ì◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING CANDRABINDU, LATIN SMALL LETTER B +0061 0310 0315 0300 05AE 0062;0061 05AE 0310 0300 0315 0062;0061 05AE 0310 0300 0315 0062;0061 05AE 0310 0300 0315 0062;0061 05AE 0310 0300 0315 0062; # (aâ—ŒÌ◌̕◌̀◌֮b; a◌֮◌Ì◌̀◌̕b; a◌֮◌Ì◌̀◌̕b; a◌֮◌Ì◌̀◌̕b; a◌֮◌Ì◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING CANDRABINDU, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0311 0062;00E0 05AE 0311 0315 0062;0061 05AE 0300 0311 0315 0062;00E0 05AE 0311 0315 0062;0061 05AE 0300 0311 0315 0062; # (a◌̕◌̀◌֮◌̑b; à◌֮◌̑◌̕b; a◌֮◌̀◌̑◌̕b; à◌֮◌̑◌̕b; a◌֮◌̀◌̑◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING INVERTED BREVE, LATIN SMALL LETTER B +0061 0311 0315 0300 05AE 0062;0203 05AE 0300 0315 0062;0061 05AE 0311 0300 0315 0062;0203 05AE 0300 0315 0062;0061 05AE 0311 0300 0315 0062; # (a◌̑◌̕◌̀◌֮b; ȃ◌֮◌̀◌̕b; a◌֮◌̑◌̀◌̕b; ȃ◌֮◌̀◌̕b; a◌֮◌̑◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING INVERTED BREVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0312 0062;00E0 05AE 0312 0315 0062;0061 05AE 0300 0312 0315 0062;00E0 05AE 0312 0315 0062;0061 05AE 0300 0312 0315 0062; # (a◌̕◌̀◌֮◌̒b; à◌֮◌̒◌̕b; a◌֮◌̀◌̒◌̕b; à◌֮◌̒◌̕b; a◌֮◌̀◌̒◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING TURNED COMMA ABOVE, LATIN SMALL LETTER B +0061 0312 0315 0300 05AE 0062;0061 05AE 0312 0300 0315 0062;0061 05AE 0312 0300 0315 0062;0061 05AE 0312 0300 0315 0062;0061 05AE 0312 0300 0315 0062; # (a◌̒◌̕◌̀◌֮b; a◌֮◌̒◌̀◌̕b; a◌֮◌̒◌̀◌̕b; a◌֮◌̒◌̀◌̕b; a◌֮◌̒◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING TURNED COMMA ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0313 0062;00E0 05AE 0313 0315 0062;0061 05AE 0300 0313 0315 0062;00E0 05AE 0313 0315 0062;0061 05AE 0300 0313 0315 0062; # (a◌̕◌̀◌֮◌̓b; à◌֮◌̓◌̕b; a◌֮◌̀◌̓◌̕b; à◌֮◌̓◌̕b; a◌֮◌̀◌̓◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING COMMA ABOVE, LATIN SMALL LETTER B +0061 0313 0315 0300 05AE 0062;0061 05AE 0313 0300 0315 0062;0061 05AE 0313 0300 0315 0062;0061 05AE 0313 0300 0315 0062;0061 05AE 0313 0300 0315 0062; # (a◌̓◌̕◌̀◌֮b; a◌֮◌̓◌̀◌̕b; a◌֮◌̓◌̀◌̕b; a◌֮◌̓◌̀◌̕b; a◌֮◌̓◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0314 0062;00E0 05AE 0314 0315 0062;0061 05AE 0300 0314 0315 0062;00E0 05AE 0314 0315 0062;0061 05AE 0300 0314 0315 0062; # (a◌̕◌̀◌֮◌̔b; à◌֮◌̔◌̕b; a◌֮◌̀◌̔◌̕b; à◌֮◌̔◌̕b; a◌֮◌̀◌̔◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING REVERSED COMMA ABOVE, LATIN SMALL LETTER B +0061 0314 0315 0300 05AE 0062;0061 05AE 0314 0300 0315 0062;0061 05AE 0314 0300 0315 0062;0061 05AE 0314 0300 0315 0062;0061 05AE 0314 0300 0315 0062; # (a◌̔◌̕◌̀◌֮b; a◌֮◌̔◌̀◌̕b; a◌֮◌̔◌̀◌̕b; a◌֮◌̔◌̀◌̕b; a◌֮◌̔◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING REVERSED COMMA ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 035F 0315 0300 0315 0062;00E0 0315 0315 035F 0062;0061 0300 0315 0315 035F 0062;00E0 0315 0315 035F 0062;0061 0300 0315 0315 035F 0062; # (a◌͟◌̕◌̀◌̕b; à◌̕◌̕◌͟b; a◌̀◌̕◌̕◌͟b; à◌̕◌̕◌͟b; a◌̀◌̕◌̕◌͟b; ) LATIN SMALL LETTER A, COMBINING DOUBLE MACRON BELOW, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, COMBINING COMMA ABOVE RIGHT, LATIN SMALL LETTER B +0061 0315 035F 0315 0300 0062;00E0 0315 0315 035F 0062;0061 0300 0315 0315 035F 0062;00E0 0315 0315 035F 0062;0061 0300 0315 0315 035F 0062; # (a◌̕◌͟◌̕◌̀b; à◌̕◌̕◌͟b; a◌̀◌̕◌̕◌͟b; à◌̕◌̕◌͟b; a◌̀◌̕◌̕◌͟b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING DOUBLE MACRON BELOW, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, LATIN SMALL LETTER B +0061 059A 0316 302A 0316 0062;0061 302A 0316 0316 059A 0062;0061 302A 0316 0316 059A 0062;0061 302A 0316 0316 059A 0062;0061 302A 0316 0316 059A 0062; # (a◌֚◌̖◌〪◌̖b; a◌〪◌̖◌̖◌֚b; a◌〪◌̖◌̖◌֚b; a◌〪◌̖◌̖◌֚b; a◌〪◌̖◌̖◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING GRAVE ACCENT BELOW, LATIN SMALL LETTER B +0061 0316 059A 0316 302A 0062;0061 302A 0316 0316 059A 0062;0061 302A 0316 0316 059A 0062;0061 302A 0316 0316 059A 0062;0061 302A 0316 0316 059A 0062; # (a◌̖◌֚◌̖◌〪b; a◌〪◌̖◌̖◌֚b; a◌〪◌̖◌̖◌֚b; a◌〪◌̖◌̖◌֚b; a◌〪◌̖◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING GRAVE ACCENT BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0317 0062;0061 302A 0316 0317 059A 0062;0061 302A 0316 0317 059A 0062;0061 302A 0316 0317 059A 0062;0061 302A 0316 0317 059A 0062; # (a◌֚◌̖◌〪◌̗b; a◌〪◌̖◌̗◌֚b; a◌〪◌̖◌̗◌֚b; a◌〪◌̖◌̗◌֚b; a◌〪◌̖◌̗◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING ACUTE ACCENT BELOW, LATIN SMALL LETTER B +0061 0317 059A 0316 302A 0062;0061 302A 0317 0316 059A 0062;0061 302A 0317 0316 059A 0062;0061 302A 0317 0316 059A 0062;0061 302A 0317 0316 059A 0062; # (a◌̗◌֚◌̖◌〪b; a◌〪◌̗◌̖◌֚b; a◌〪◌̗◌̖◌֚b; a◌〪◌̗◌̖◌֚b; a◌〪◌̗◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING ACUTE ACCENT BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0318 0062;0061 302A 0316 0318 059A 0062;0061 302A 0316 0318 059A 0062;0061 302A 0316 0318 059A 0062;0061 302A 0316 0318 059A 0062; # (a◌֚◌̖◌〪◌̘b; a◌〪◌̖◌̘◌֚b; a◌〪◌̖◌̘◌֚b; a◌〪◌̖◌̘◌֚b; a◌〪◌̖◌̘◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING LEFT TACK BELOW, LATIN SMALL LETTER B +0061 0318 059A 0316 302A 0062;0061 302A 0318 0316 059A 0062;0061 302A 0318 0316 059A 0062;0061 302A 0318 0316 059A 0062;0061 302A 0318 0316 059A 0062; # (a◌̘◌֚◌̖◌〪b; a◌〪◌̘◌̖◌֚b; a◌〪◌̘◌̖◌֚b; a◌〪◌̘◌̖◌֚b; a◌〪◌̘◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING LEFT TACK BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0319 0062;0061 302A 0316 0319 059A 0062;0061 302A 0316 0319 059A 0062;0061 302A 0316 0319 059A 0062;0061 302A 0316 0319 059A 0062; # (a◌֚◌̖◌〪◌̙b; a◌〪◌̖◌̙◌֚b; a◌〪◌̖◌̙◌֚b; a◌〪◌̖◌̙◌֚b; a◌〪◌̖◌̙◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING RIGHT TACK BELOW, LATIN SMALL LETTER B +0061 0319 059A 0316 302A 0062;0061 302A 0319 0316 059A 0062;0061 302A 0319 0316 059A 0062;0061 302A 0319 0316 059A 0062;0061 302A 0319 0316 059A 0062; # (a◌̙◌֚◌̖◌〪b; a◌〪◌̙◌̖◌֚b; a◌〪◌̙◌̖◌֚b; a◌〪◌̙◌̖◌֚b; a◌〪◌̙◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING RIGHT TACK BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 035F 0315 0300 031A 0062;00E0 0315 031A 035F 0062;0061 0300 0315 031A 035F 0062;00E0 0315 031A 035F 0062;0061 0300 0315 031A 035F 0062; # (a◌͟◌̕◌̀◌̚b; à◌̕◌̚◌͟b; a◌̀◌̕◌̚◌͟b; à◌̕◌̚◌͟b; a◌̀◌̕◌̚◌͟b; ) LATIN SMALL LETTER A, COMBINING DOUBLE MACRON BELOW, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, COMBINING LEFT ANGLE ABOVE, LATIN SMALL LETTER B +0061 031A 035F 0315 0300 0062;00E0 031A 0315 035F 0062;0061 0300 031A 0315 035F 0062;00E0 031A 0315 035F 0062;0061 0300 031A 0315 035F 0062; # (a◌̚◌͟◌̕◌̀b; à◌̚◌̕◌͟b; a◌̀◌̚◌̕◌͟b; à◌̚◌̕◌͟b; a◌̀◌̚◌̕◌͟b; ) LATIN SMALL LETTER A, COMBINING LEFT ANGLE ABOVE, COMBINING DOUBLE MACRON BELOW, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, LATIN SMALL LETTER B +0061 302A 031B 0321 031B 0062;0061 0321 031B 031B 302A 0062;0061 0321 031B 031B 302A 0062;0061 0321 031B 031B 302A 0062;0061 0321 031B 031B 302A 0062; # (a◌〪◌̛◌̡◌̛b; a◌̡◌̛◌̛◌〪b; a◌̡◌̛◌̛◌〪b; a◌̡◌̛◌̛◌〪b; a◌̡◌̛◌̛◌〪b; ) LATIN SMALL LETTER A, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, COMBINING HORN, LATIN SMALL LETTER B +0061 031B 302A 031B 0321 0062;0061 0321 031B 031B 302A 0062;0061 0321 031B 031B 302A 0062;0061 0321 031B 031B 302A 0062;0061 0321 031B 031B 302A 0062; # (a◌̛◌〪◌̛◌̡b; a◌̡◌̛◌̛◌〪b; a◌̡◌̛◌̛◌〪b; a◌̡◌̛◌̛◌〪b; a◌̡◌̛◌̛◌〪b; ) LATIN SMALL LETTER A, COMBINING HORN, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, LATIN SMALL LETTER B +0061 059A 0316 302A 031C 0062;0061 302A 0316 031C 059A 0062;0061 302A 0316 031C 059A 0062;0061 302A 0316 031C 059A 0062;0061 302A 0316 031C 059A 0062; # (a◌֚◌̖◌〪◌̜b; a◌〪◌̖◌̜◌֚b; a◌〪◌̖◌̜◌֚b; a◌〪◌̖◌̜◌֚b; a◌〪◌̖◌̜◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING LEFT HALF RING BELOW, LATIN SMALL LETTER B +0061 031C 059A 0316 302A 0062;0061 302A 031C 0316 059A 0062;0061 302A 031C 0316 059A 0062;0061 302A 031C 0316 059A 0062;0061 302A 031C 0316 059A 0062; # (a◌̜◌֚◌̖◌〪b; a◌〪◌̜◌̖◌֚b; a◌〪◌̜◌̖◌֚b; a◌〪◌̜◌̖◌֚b; a◌〪◌̜◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING LEFT HALF RING BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 031D 0062;0061 302A 0316 031D 059A 0062;0061 302A 0316 031D 059A 0062;0061 302A 0316 031D 059A 0062;0061 302A 0316 031D 059A 0062; # (a◌֚◌̖◌〪◌Ìb; a◌〪◌̖◌Ì◌֚b; a◌〪◌̖◌Ì◌֚b; a◌〪◌̖◌Ì◌֚b; a◌〪◌̖◌Ì◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING UP TACK BELOW, LATIN SMALL LETTER B +0061 031D 059A 0316 302A 0062;0061 302A 031D 0316 059A 0062;0061 302A 031D 0316 059A 0062;0061 302A 031D 0316 059A 0062;0061 302A 031D 0316 059A 0062; # (aâ—ŒÌ◌֚◌̖◌〪b; a◌〪◌Ì◌̖◌֚b; a◌〪◌Ì◌̖◌֚b; a◌〪◌Ì◌̖◌֚b; a◌〪◌Ì◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING UP TACK BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 031E 0062;0061 302A 0316 031E 059A 0062;0061 302A 0316 031E 059A 0062;0061 302A 0316 031E 059A 0062;0061 302A 0316 031E 059A 0062; # (a◌֚◌̖◌〪◌̞b; a◌〪◌̖◌̞◌֚b; a◌〪◌̖◌̞◌֚b; a◌〪◌̖◌̞◌֚b; a◌〪◌̖◌̞◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING DOWN TACK BELOW, LATIN SMALL LETTER B +0061 031E 059A 0316 302A 0062;0061 302A 031E 0316 059A 0062;0061 302A 031E 0316 059A 0062;0061 302A 031E 0316 059A 0062;0061 302A 031E 0316 059A 0062; # (a◌̞◌֚◌̖◌〪b; a◌〪◌̞◌̖◌֚b; a◌〪◌̞◌̖◌֚b; a◌〪◌̞◌̖◌֚b; a◌〪◌̞◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING DOWN TACK BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 031F 0062;0061 302A 0316 031F 059A 0062;0061 302A 0316 031F 059A 0062;0061 302A 0316 031F 059A 0062;0061 302A 0316 031F 059A 0062; # (a◌֚◌̖◌〪◌̟b; a◌〪◌̖◌̟◌֚b; a◌〪◌̖◌̟◌֚b; a◌〪◌̖◌̟◌֚b; a◌〪◌̖◌̟◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING PLUS SIGN BELOW, LATIN SMALL LETTER B +0061 031F 059A 0316 302A 0062;0061 302A 031F 0316 059A 0062;0061 302A 031F 0316 059A 0062;0061 302A 031F 0316 059A 0062;0061 302A 031F 0316 059A 0062; # (a◌̟◌֚◌̖◌〪b; a◌〪◌̟◌̖◌֚b; a◌〪◌̟◌̖◌֚b; a◌〪◌̟◌̖◌֚b; a◌〪◌̟◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING PLUS SIGN BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0320 0062;0061 302A 0316 0320 059A 0062;0061 302A 0316 0320 059A 0062;0061 302A 0316 0320 059A 0062;0061 302A 0316 0320 059A 0062; # (a◌֚◌̖◌〪◌̠b; a◌〪◌̖◌̠◌֚b; a◌〪◌̖◌̠◌֚b; a◌〪◌̖◌̠◌֚b; a◌〪◌̖◌̠◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING MINUS SIGN BELOW, LATIN SMALL LETTER B +0061 0320 059A 0316 302A 0062;0061 302A 0320 0316 059A 0062;0061 302A 0320 0316 059A 0062;0061 302A 0320 0316 059A 0062;0061 302A 0320 0316 059A 0062; # (a◌̠◌֚◌̖◌〪b; a◌〪◌̠◌̖◌֚b; a◌〪◌̠◌̖◌֚b; a◌〪◌̠◌̖◌֚b; a◌〪◌̠◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING MINUS SIGN BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 031B 0321 0F74 0321 0062;0061 0F74 0321 0321 031B 0062;0061 0F74 0321 0321 031B 0062;0061 0F74 0321 0321 031B 0062;0061 0F74 0321 0321 031B 0062; # (a◌̛◌̡◌ུ◌̡b; a◌ུ◌̡◌̡◌̛b; a◌ུ◌̡◌̡◌̛b; a◌ུ◌̡◌̡◌̛b; a◌ུ◌̡◌̡◌̛b; ) LATIN SMALL LETTER A, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, TIBETAN VOWEL SIGN U, COMBINING PALATALIZED HOOK BELOW, LATIN SMALL LETTER B +0061 0321 031B 0321 0F74 0062;0061 0F74 0321 0321 031B 0062;0061 0F74 0321 0321 031B 0062;0061 0F74 0321 0321 031B 0062;0061 0F74 0321 0321 031B 0062; # (a◌̡◌̛◌̡◌ུb; a◌ུ◌̡◌̡◌̛b; a◌ུ◌̡◌̡◌̛b; a◌ུ◌̡◌̡◌̛b; a◌ུ◌̡◌̡◌̛b; ) LATIN SMALL LETTER A, COMBINING PALATALIZED HOOK BELOW, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, TIBETAN VOWEL SIGN U, LATIN SMALL LETTER B +0061 031B 0321 0F74 0322 0062;0061 0F74 0321 0322 031B 0062;0061 0F74 0321 0322 031B 0062;0061 0F74 0321 0322 031B 0062;0061 0F74 0321 0322 031B 0062; # (a◌̛◌̡◌ུ◌̢b; a◌ུ◌̡◌̢◌̛b; a◌ུ◌̡◌̢◌̛b; a◌ུ◌̡◌̢◌̛b; a◌ུ◌̡◌̢◌̛b; ) LATIN SMALL LETTER A, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, TIBETAN VOWEL SIGN U, COMBINING RETROFLEX HOOK BELOW, LATIN SMALL LETTER B +0061 0322 031B 0321 0F74 0062;0061 0F74 0322 0321 031B 0062;0061 0F74 0322 0321 031B 0062;0061 0F74 0322 0321 031B 0062;0061 0F74 0322 0321 031B 0062; # (a◌̢◌̛◌̡◌ུb; a◌ུ◌̢◌̡◌̛b; a◌ུ◌̢◌̡◌̛b; a◌ུ◌̢◌̡◌̛b; a◌ུ◌̢◌̡◌̛b; ) LATIN SMALL LETTER A, COMBINING RETROFLEX HOOK BELOW, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, TIBETAN VOWEL SIGN U, LATIN SMALL LETTER B +0061 059A 0316 302A 0323 0062;0061 302A 0316 0323 059A 0062;0061 302A 0316 0323 059A 0062;0061 302A 0316 0323 059A 0062;0061 302A 0316 0323 059A 0062; # (a◌֚◌̖◌〪◌̣b; a◌〪◌̖◌̣◌֚b; a◌〪◌̖◌̣◌֚b; a◌〪◌̖◌̣◌֚b; a◌〪◌̖◌̣◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING DOT BELOW, LATIN SMALL LETTER B +0061 0323 059A 0316 302A 0062;1EA1 302A 0316 059A 0062;0061 302A 0323 0316 059A 0062;1EA1 302A 0316 059A 0062;0061 302A 0323 0316 059A 0062; # (a◌̣◌֚◌̖◌〪b; ạ◌〪◌̖◌֚b; a◌〪◌̣◌̖◌֚b; ạ◌〪◌̖◌֚b; a◌〪◌̣◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING DOT BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0324 0062;0061 302A 0316 0324 059A 0062;0061 302A 0316 0324 059A 0062;0061 302A 0316 0324 059A 0062;0061 302A 0316 0324 059A 0062; # (a◌֚◌̖◌〪◌̤b; a◌〪◌̖◌̤◌֚b; a◌〪◌̖◌̤◌֚b; a◌〪◌̖◌̤◌֚b; a◌〪◌̖◌̤◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING DIAERESIS BELOW, LATIN SMALL LETTER B +0061 0324 059A 0316 302A 0062;0061 302A 0324 0316 059A 0062;0061 302A 0324 0316 059A 0062;0061 302A 0324 0316 059A 0062;0061 302A 0324 0316 059A 0062; # (a◌̤◌֚◌̖◌〪b; a◌〪◌̤◌̖◌֚b; a◌〪◌̤◌̖◌֚b; a◌〪◌̤◌̖◌֚b; a◌〪◌̤◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING DIAERESIS BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0325 0062;0061 302A 0316 0325 059A 0062;0061 302A 0316 0325 059A 0062;0061 302A 0316 0325 059A 0062;0061 302A 0316 0325 059A 0062; # (a◌֚◌̖◌〪◌̥b; a◌〪◌̖◌̥◌֚b; a◌〪◌̖◌̥◌֚b; a◌〪◌̖◌̥◌֚b; a◌〪◌̖◌̥◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING RING BELOW, LATIN SMALL LETTER B +0061 0325 059A 0316 302A 0062;1E01 302A 0316 059A 0062;0061 302A 0325 0316 059A 0062;1E01 302A 0316 059A 0062;0061 302A 0325 0316 059A 0062; # (a◌̥◌֚◌̖◌〪b; á¸â—Œã€ªâ—ŒÌ–◌֚b; a◌〪◌̥◌̖◌֚b; á¸â—Œã€ªâ—ŒÌ–◌֚b; a◌〪◌̥◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING RING BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0326 0062;0061 302A 0316 0326 059A 0062;0061 302A 0316 0326 059A 0062;0061 302A 0316 0326 059A 0062;0061 302A 0316 0326 059A 0062; # (a◌֚◌̖◌〪◌̦b; a◌〪◌̖◌̦◌֚b; a◌〪◌̖◌̦◌֚b; a◌〪◌̖◌̦◌֚b; a◌〪◌̖◌̦◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING COMMA BELOW, LATIN SMALL LETTER B +0061 0326 059A 0316 302A 0062;0061 302A 0326 0316 059A 0062;0061 302A 0326 0316 059A 0062;0061 302A 0326 0316 059A 0062;0061 302A 0326 0316 059A 0062; # (a◌̦◌֚◌̖◌〪b; a◌〪◌̦◌̖◌֚b; a◌〪◌̦◌̖◌֚b; a◌〪◌̦◌̖◌֚b; a◌〪◌̦◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING COMMA BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 031B 0321 0F74 0327 0062;0061 0F74 0321 0327 031B 0062;0061 0F74 0321 0327 031B 0062;0061 0F74 0321 0327 031B 0062;0061 0F74 0321 0327 031B 0062; # (a◌̛◌̡◌ུ◌̧b; a◌ུ◌̡◌̧◌̛b; a◌ུ◌̡◌̧◌̛b; a◌ུ◌̡◌̧◌̛b; a◌ུ◌̡◌̧◌̛b; ) LATIN SMALL LETTER A, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, TIBETAN VOWEL SIGN U, COMBINING CEDILLA, LATIN SMALL LETTER B +0061 0327 031B 0321 0F74 0062;0061 0F74 0327 0321 031B 0062;0061 0F74 0327 0321 031B 0062;0061 0F74 0327 0321 031B 0062;0061 0F74 0327 0321 031B 0062; # (a◌̧◌̛◌̡◌ུb; a◌ུ◌̧◌̡◌̛b; a◌ུ◌̧◌̡◌̛b; a◌ུ◌̧◌̡◌̛b; a◌ུ◌̧◌̡◌̛b; ) LATIN SMALL LETTER A, COMBINING CEDILLA, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, TIBETAN VOWEL SIGN U, LATIN SMALL LETTER B +0061 031B 0321 0F74 0328 0062;0061 0F74 0321 0328 031B 0062;0061 0F74 0321 0328 031B 0062;0061 0F74 0321 0328 031B 0062;0061 0F74 0321 0328 031B 0062; # (a◌̛◌̡◌ུ◌̨b; a◌ུ◌̡◌̨◌̛b; a◌ུ◌̡◌̨◌̛b; a◌ུ◌̡◌̨◌̛b; a◌ུ◌̡◌̨◌̛b; ) LATIN SMALL LETTER A, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, TIBETAN VOWEL SIGN U, COMBINING OGONEK, LATIN SMALL LETTER B +0061 0328 031B 0321 0F74 0062;0105 0F74 0321 031B 0062;0061 0F74 0328 0321 031B 0062;0105 0F74 0321 031B 0062;0061 0F74 0328 0321 031B 0062; # (a◌̨◌̛◌̡◌ུb; ą◌ུ◌̡◌̛b; a◌ུ◌̨◌̡◌̛b; ą◌ུ◌̡◌̛b; a◌ུ◌̨◌̡◌̛b; ) LATIN SMALL LETTER A, COMBINING OGONEK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, TIBETAN VOWEL SIGN U, LATIN SMALL LETTER B +0061 059A 0316 302A 0329 0062;0061 302A 0316 0329 059A 0062;0061 302A 0316 0329 059A 0062;0061 302A 0316 0329 059A 0062;0061 302A 0316 0329 059A 0062; # (a◌֚◌̖◌〪◌̩b; a◌〪◌̖◌̩◌֚b; a◌〪◌̖◌̩◌֚b; a◌〪◌̖◌̩◌֚b; a◌〪◌̖◌̩◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING VERTICAL LINE BELOW, LATIN SMALL LETTER B +0061 0329 059A 0316 302A 0062;0061 302A 0329 0316 059A 0062;0061 302A 0329 0316 059A 0062;0061 302A 0329 0316 059A 0062;0061 302A 0329 0316 059A 0062; # (a◌̩◌֚◌̖◌〪b; a◌〪◌̩◌̖◌֚b; a◌〪◌̩◌̖◌֚b; a◌〪◌̩◌̖◌֚b; a◌〪◌̩◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING VERTICAL LINE BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 032A 0062;0061 302A 0316 032A 059A 0062;0061 302A 0316 032A 059A 0062;0061 302A 0316 032A 059A 0062;0061 302A 0316 032A 059A 0062; # (a◌֚◌̖◌〪◌̪b; a◌〪◌̖◌̪◌֚b; a◌〪◌̖◌̪◌֚b; a◌〪◌̖◌̪◌֚b; a◌〪◌̖◌̪◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING BRIDGE BELOW, LATIN SMALL LETTER B +0061 032A 059A 0316 302A 0062;0061 302A 032A 0316 059A 0062;0061 302A 032A 0316 059A 0062;0061 302A 032A 0316 059A 0062;0061 302A 032A 0316 059A 0062; # (a◌̪◌֚◌̖◌〪b; a◌〪◌̪◌̖◌֚b; a◌〪◌̪◌̖◌֚b; a◌〪◌̪◌̖◌֚b; a◌〪◌̪◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING BRIDGE BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 032B 0062;0061 302A 0316 032B 059A 0062;0061 302A 0316 032B 059A 0062;0061 302A 0316 032B 059A 0062;0061 302A 0316 032B 059A 0062; # (a◌֚◌̖◌〪◌̫b; a◌〪◌̖◌̫◌֚b; a◌〪◌̖◌̫◌֚b; a◌〪◌̖◌̫◌֚b; a◌〪◌̖◌̫◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING INVERTED DOUBLE ARCH BELOW, LATIN SMALL LETTER B +0061 032B 059A 0316 302A 0062;0061 302A 032B 0316 059A 0062;0061 302A 032B 0316 059A 0062;0061 302A 032B 0316 059A 0062;0061 302A 032B 0316 059A 0062; # (a◌̫◌֚◌̖◌〪b; a◌〪◌̫◌̖◌֚b; a◌〪◌̫◌̖◌֚b; a◌〪◌̫◌̖◌֚b; a◌〪◌̫◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING INVERTED DOUBLE ARCH BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 032C 0062;0061 302A 0316 032C 059A 0062;0061 302A 0316 032C 059A 0062;0061 302A 0316 032C 059A 0062;0061 302A 0316 032C 059A 0062; # (a◌֚◌̖◌〪◌̬b; a◌〪◌̖◌̬◌֚b; a◌〪◌̖◌̬◌֚b; a◌〪◌̖◌̬◌֚b; a◌〪◌̖◌̬◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING CARON BELOW, LATIN SMALL LETTER B +0061 032C 059A 0316 302A 0062;0061 302A 032C 0316 059A 0062;0061 302A 032C 0316 059A 0062;0061 302A 032C 0316 059A 0062;0061 302A 032C 0316 059A 0062; # (a◌̬◌֚◌̖◌〪b; a◌〪◌̬◌̖◌֚b; a◌〪◌̬◌̖◌֚b; a◌〪◌̬◌̖◌֚b; a◌〪◌̬◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING CARON BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 032D 0062;0061 302A 0316 032D 059A 0062;0061 302A 0316 032D 059A 0062;0061 302A 0316 032D 059A 0062;0061 302A 0316 032D 059A 0062; # (a◌֚◌̖◌〪◌̭b; a◌〪◌̖◌̭◌֚b; a◌〪◌̖◌̭◌֚b; a◌〪◌̖◌̭◌֚b; a◌〪◌̖◌̭◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING CIRCUMFLEX ACCENT BELOW, LATIN SMALL LETTER B +0061 032D 059A 0316 302A 0062;0061 302A 032D 0316 059A 0062;0061 302A 032D 0316 059A 0062;0061 302A 032D 0316 059A 0062;0061 302A 032D 0316 059A 0062; # (a◌̭◌֚◌̖◌〪b; a◌〪◌̭◌̖◌֚b; a◌〪◌̭◌̖◌֚b; a◌〪◌̭◌̖◌֚b; a◌〪◌̭◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING CIRCUMFLEX ACCENT BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 032E 0062;0061 302A 0316 032E 059A 0062;0061 302A 0316 032E 059A 0062;0061 302A 0316 032E 059A 0062;0061 302A 0316 032E 059A 0062; # (a◌֚◌̖◌〪◌̮b; a◌〪◌̖◌̮◌֚b; a◌〪◌̖◌̮◌֚b; a◌〪◌̖◌̮◌֚b; a◌〪◌̖◌̮◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING BREVE BELOW, LATIN SMALL LETTER B +0061 032E 059A 0316 302A 0062;0061 302A 032E 0316 059A 0062;0061 302A 032E 0316 059A 0062;0061 302A 032E 0316 059A 0062;0061 302A 032E 0316 059A 0062; # (a◌̮◌֚◌̖◌〪b; a◌〪◌̮◌̖◌֚b; a◌〪◌̮◌̖◌֚b; a◌〪◌̮◌̖◌֚b; a◌〪◌̮◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING BREVE BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 032F 0062;0061 302A 0316 032F 059A 0062;0061 302A 0316 032F 059A 0062;0061 302A 0316 032F 059A 0062;0061 302A 0316 032F 059A 0062; # (a◌֚◌̖◌〪◌̯b; a◌〪◌̖◌̯◌֚b; a◌〪◌̖◌̯◌֚b; a◌〪◌̖◌̯◌֚b; a◌〪◌̖◌̯◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING INVERTED BREVE BELOW, LATIN SMALL LETTER B +0061 032F 059A 0316 302A 0062;0061 302A 032F 0316 059A 0062;0061 302A 032F 0316 059A 0062;0061 302A 032F 0316 059A 0062;0061 302A 032F 0316 059A 0062; # (a◌̯◌֚◌̖◌〪b; a◌〪◌̯◌̖◌֚b; a◌〪◌̯◌̖◌֚b; a◌〪◌̯◌̖◌֚b; a◌〪◌̯◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING INVERTED BREVE BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0330 0062;0061 302A 0316 0330 059A 0062;0061 302A 0316 0330 059A 0062;0061 302A 0316 0330 059A 0062;0061 302A 0316 0330 059A 0062; # (a◌֚◌̖◌〪◌̰b; a◌〪◌̖◌̰◌֚b; a◌〪◌̖◌̰◌֚b; a◌〪◌̖◌̰◌֚b; a◌〪◌̖◌̰◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING TILDE BELOW, LATIN SMALL LETTER B +0061 0330 059A 0316 302A 0062;0061 302A 0330 0316 059A 0062;0061 302A 0330 0316 059A 0062;0061 302A 0330 0316 059A 0062;0061 302A 0330 0316 059A 0062; # (a◌̰◌֚◌̖◌〪b; a◌〪◌̰◌̖◌֚b; a◌〪◌̰◌̖◌֚b; a◌〪◌̰◌̖◌֚b; a◌〪◌̰◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING TILDE BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0331 0062;0061 302A 0316 0331 059A 0062;0061 302A 0316 0331 059A 0062;0061 302A 0316 0331 059A 0062;0061 302A 0316 0331 059A 0062; # (a◌֚◌̖◌〪◌̱b; a◌〪◌̖◌̱◌֚b; a◌〪◌̖◌̱◌֚b; a◌〪◌̖◌̱◌֚b; a◌〪◌̖◌̱◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING MACRON BELOW, LATIN SMALL LETTER B +0061 0331 059A 0316 302A 0062;0061 302A 0331 0316 059A 0062;0061 302A 0331 0316 059A 0062;0061 302A 0331 0316 059A 0062;0061 302A 0331 0316 059A 0062; # (a◌̱◌֚◌̖◌〪b; a◌〪◌̱◌̖◌֚b; a◌〪◌̱◌̖◌֚b; a◌〪◌̱◌̖◌֚b; a◌〪◌̱◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING MACRON BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0332 0062;0061 302A 0316 0332 059A 0062;0061 302A 0316 0332 059A 0062;0061 302A 0316 0332 059A 0062;0061 302A 0316 0332 059A 0062; # (a◌֚◌̖◌〪◌̲b; a◌〪◌̖◌̲◌֚b; a◌〪◌̖◌̲◌֚b; a◌〪◌̖◌̲◌֚b; a◌〪◌̖◌̲◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING LOW LINE, LATIN SMALL LETTER B +0061 0332 059A 0316 302A 0062;0061 302A 0332 0316 059A 0062;0061 302A 0332 0316 059A 0062;0061 302A 0332 0316 059A 0062;0061 302A 0332 0316 059A 0062; # (a◌̲◌֚◌̖◌〪b; a◌〪◌̲◌̖◌֚b; a◌〪◌̲◌̖◌֚b; a◌〪◌̲◌̖◌֚b; a◌〪◌̲◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING LOW LINE, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0333 0062;0061 302A 0316 0333 059A 0062;0061 302A 0316 0333 059A 0062;0061 302A 0316 0333 059A 0062;0061 302A 0316 0333 059A 0062; # (a◌֚◌̖◌〪◌̳b; a◌〪◌̖◌̳◌֚b; a◌〪◌̖◌̳◌֚b; a◌〪◌̖◌̳◌֚b; a◌〪◌̖◌̳◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING DOUBLE LOW LINE, LATIN SMALL LETTER B +0061 0333 059A 0316 302A 0062;0061 302A 0333 0316 059A 0062;0061 302A 0333 0316 059A 0062;0061 302A 0333 0316 059A 0062;0061 302A 0333 0316 059A 0062; # (a◌̳◌֚◌̖◌〪b; a◌〪◌̳◌̖◌֚b; a◌〪◌̳◌̖◌֚b; a◌〪◌̳◌̖◌֚b; a◌〪◌̳◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING DOUBLE LOW LINE, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 093C 0334 0334 0062;0061 0334 0334 093C 0062;0061 0334 0334 093C 0062;0061 0334 0334 093C 0062;0061 0334 0334 093C 0062; # (a◌़◌̴◌̴b; a◌̴◌̴◌़b; a◌̴◌̴◌़b; a◌̴◌̴◌़b; a◌̴◌̴◌़b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 0334 093C 0334 0062;0061 0334 0334 093C 0062;0061 0334 0334 093C 0062;0061 0334 0334 093C 0062;0061 0334 0334 093C 0062; # (a◌̴◌़◌̴b; a◌̴◌̴◌़b; a◌̴◌̴◌़b; a◌̴◌̴◌़b; a◌̴◌̴◌़b; ) LATIN SMALL LETTER A, COMBINING TILDE OVERLAY, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 093C 0334 0335 0062;0061 0334 0335 093C 0062;0061 0334 0335 093C 0062;0061 0334 0335 093C 0062;0061 0334 0335 093C 0062; # (a◌़◌̴◌̵b; a◌̴◌̵◌़b; a◌̴◌̵◌़b; a◌̴◌̵◌़b; a◌̴◌̵◌़b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, COMBINING SHORT STROKE OVERLAY, LATIN SMALL LETTER B +0061 0335 093C 0334 0062;0061 0335 0334 093C 0062;0061 0335 0334 093C 0062;0061 0335 0334 093C 0062;0061 0335 0334 093C 0062; # (a◌̵◌़◌̴b; a◌̵◌̴◌़b; a◌̵◌̴◌़b; a◌̵◌̴◌़b; a◌̵◌̴◌़b; ) LATIN SMALL LETTER A, COMBINING SHORT STROKE OVERLAY, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 093C 0334 0336 0062;0061 0334 0336 093C 0062;0061 0334 0336 093C 0062;0061 0334 0336 093C 0062;0061 0334 0336 093C 0062; # (a◌़◌̴◌̶b; a◌̴◌̶◌़b; a◌̴◌̶◌़b; a◌̴◌̶◌़b; a◌̴◌̶◌़b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, COMBINING LONG STROKE OVERLAY, LATIN SMALL LETTER B +0061 0336 093C 0334 0062;0061 0336 0334 093C 0062;0061 0336 0334 093C 0062;0061 0336 0334 093C 0062;0061 0336 0334 093C 0062; # (a◌̶◌़◌̴b; a◌̶◌̴◌़b; a◌̶◌̴◌़b; a◌̶◌̴◌़b; a◌̶◌̴◌़b; ) LATIN SMALL LETTER A, COMBINING LONG STROKE OVERLAY, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 093C 0334 0337 0062;0061 0334 0337 093C 0062;0061 0334 0337 093C 0062;0061 0334 0337 093C 0062;0061 0334 0337 093C 0062; # (a◌़◌̴◌̷b; a◌̴◌̷◌़b; a◌̴◌̷◌़b; a◌̴◌̷◌़b; a◌̴◌̷◌़b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, COMBINING SHORT SOLIDUS OVERLAY, LATIN SMALL LETTER B +0061 0337 093C 0334 0062;0061 0337 0334 093C 0062;0061 0337 0334 093C 0062;0061 0337 0334 093C 0062;0061 0337 0334 093C 0062; # (a◌̷◌़◌̴b; a◌̷◌̴◌़b; a◌̷◌̴◌़b; a◌̷◌̴◌़b; a◌̷◌̴◌़b; ) LATIN SMALL LETTER A, COMBINING SHORT SOLIDUS OVERLAY, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 093C 0334 0338 0062;0061 0334 0338 093C 0062;0061 0334 0338 093C 0062;0061 0334 0338 093C 0062;0061 0334 0338 093C 0062; # (a◌़◌̴◌̸b; a◌̴◌̸◌़b; a◌̴◌̸◌़b; a◌̴◌̸◌़b; a◌̴◌̸◌़b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, COMBINING LONG SOLIDUS OVERLAY, LATIN SMALL LETTER B +0061 0338 093C 0334 0062;0061 0338 0334 093C 0062;0061 0338 0334 093C 0062;0061 0338 0334 093C 0062;0061 0338 0334 093C 0062; # (a◌̸◌़◌̴b; a◌̸◌̴◌़b; a◌̸◌̴◌़b; a◌̸◌̴◌़b; a◌̸◌̴◌़b; ) LATIN SMALL LETTER A, COMBINING LONG SOLIDUS OVERLAY, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 059A 0316 302A 0339 0062;0061 302A 0316 0339 059A 0062;0061 302A 0316 0339 059A 0062;0061 302A 0316 0339 059A 0062;0061 302A 0316 0339 059A 0062; # (a◌֚◌̖◌〪◌̹b; a◌〪◌̖◌̹◌֚b; a◌〪◌̖◌̹◌֚b; a◌〪◌̖◌̹◌֚b; a◌〪◌̖◌̹◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING RIGHT HALF RING BELOW, LATIN SMALL LETTER B +0061 0339 059A 0316 302A 0062;0061 302A 0339 0316 059A 0062;0061 302A 0339 0316 059A 0062;0061 302A 0339 0316 059A 0062;0061 302A 0339 0316 059A 0062; # (a◌̹◌֚◌̖◌〪b; a◌〪◌̹◌̖◌֚b; a◌〪◌̹◌̖◌֚b; a◌〪◌̹◌̖◌֚b; a◌〪◌̹◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING RIGHT HALF RING BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 033A 0062;0061 302A 0316 033A 059A 0062;0061 302A 0316 033A 059A 0062;0061 302A 0316 033A 059A 0062;0061 302A 0316 033A 059A 0062; # (a◌֚◌̖◌〪◌̺b; a◌〪◌̖◌̺◌֚b; a◌〪◌̖◌̺◌֚b; a◌〪◌̖◌̺◌֚b; a◌〪◌̖◌̺◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING INVERTED BRIDGE BELOW, LATIN SMALL LETTER B +0061 033A 059A 0316 302A 0062;0061 302A 033A 0316 059A 0062;0061 302A 033A 0316 059A 0062;0061 302A 033A 0316 059A 0062;0061 302A 033A 0316 059A 0062; # (a◌̺◌֚◌̖◌〪b; a◌〪◌̺◌̖◌֚b; a◌〪◌̺◌̖◌֚b; a◌〪◌̺◌̖◌֚b; a◌〪◌̺◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING INVERTED BRIDGE BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 033B 0062;0061 302A 0316 033B 059A 0062;0061 302A 0316 033B 059A 0062;0061 302A 0316 033B 059A 0062;0061 302A 0316 033B 059A 0062; # (a◌֚◌̖◌〪◌̻b; a◌〪◌̖◌̻◌֚b; a◌〪◌̖◌̻◌֚b; a◌〪◌̖◌̻◌֚b; a◌〪◌̖◌̻◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING SQUARE BELOW, LATIN SMALL LETTER B +0061 033B 059A 0316 302A 0062;0061 302A 033B 0316 059A 0062;0061 302A 033B 0316 059A 0062;0061 302A 033B 0316 059A 0062;0061 302A 033B 0316 059A 0062; # (a◌̻◌֚◌̖◌〪b; a◌〪◌̻◌̖◌֚b; a◌〪◌̻◌̖◌֚b; a◌〪◌̻◌̖◌֚b; a◌〪◌̻◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING SQUARE BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 033C 0062;0061 302A 0316 033C 059A 0062;0061 302A 0316 033C 059A 0062;0061 302A 0316 033C 059A 0062;0061 302A 0316 033C 059A 0062; # (a◌֚◌̖◌〪◌̼b; a◌〪◌̖◌̼◌֚b; a◌〪◌̖◌̼◌֚b; a◌〪◌̖◌̼◌֚b; a◌〪◌̖◌̼◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING SEAGULL BELOW, LATIN SMALL LETTER B +0061 033C 059A 0316 302A 0062;0061 302A 033C 0316 059A 0062;0061 302A 033C 0316 059A 0062;0061 302A 033C 0316 059A 0062;0061 302A 033C 0316 059A 0062; # (a◌̼◌֚◌̖◌〪b; a◌〪◌̼◌̖◌֚b; a◌〪◌̼◌̖◌֚b; a◌〪◌̼◌̖◌֚b; a◌〪◌̼◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING SEAGULL BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 033D 0062;00E0 05AE 033D 0315 0062;0061 05AE 0300 033D 0315 0062;00E0 05AE 033D 0315 0062;0061 05AE 0300 033D 0315 0062; # (a◌̕◌̀◌֮◌̽b; à◌֮◌̽◌̕b; a◌֮◌̀◌̽◌̕b; à◌֮◌̽◌̕b; a◌֮◌̀◌̽◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING X ABOVE, LATIN SMALL LETTER B +0061 033D 0315 0300 05AE 0062;0061 05AE 033D 0300 0315 0062;0061 05AE 033D 0300 0315 0062;0061 05AE 033D 0300 0315 0062;0061 05AE 033D 0300 0315 0062; # (a◌̽◌̕◌̀◌֮b; a◌֮◌̽◌̀◌̕b; a◌֮◌̽◌̀◌̕b; a◌֮◌̽◌̀◌̕b; a◌֮◌̽◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING X ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 033E 0062;00E0 05AE 033E 0315 0062;0061 05AE 0300 033E 0315 0062;00E0 05AE 033E 0315 0062;0061 05AE 0300 033E 0315 0062; # (a◌̕◌̀◌֮◌̾b; à◌֮◌̾◌̕b; a◌֮◌̀◌̾◌̕b; à◌֮◌̾◌̕b; a◌֮◌̀◌̾◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING VERTICAL TILDE, LATIN SMALL LETTER B +0061 033E 0315 0300 05AE 0062;0061 05AE 033E 0300 0315 0062;0061 05AE 033E 0300 0315 0062;0061 05AE 033E 0300 0315 0062;0061 05AE 033E 0300 0315 0062; # (a◌̾◌̕◌̀◌֮b; a◌֮◌̾◌̀◌̕b; a◌֮◌̾◌̀◌̕b; a◌֮◌̾◌̀◌̕b; a◌֮◌̾◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING VERTICAL TILDE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 033F 0062;00E0 05AE 033F 0315 0062;0061 05AE 0300 033F 0315 0062;00E0 05AE 033F 0315 0062;0061 05AE 0300 033F 0315 0062; # (a◌̕◌̀◌֮◌̿b; à◌֮◌̿◌̕b; a◌֮◌̀◌̿◌̕b; à◌֮◌̿◌̕b; a◌֮◌̀◌̿◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING DOUBLE OVERLINE, LATIN SMALL LETTER B +0061 033F 0315 0300 05AE 0062;0061 05AE 033F 0300 0315 0062;0061 05AE 033F 0300 0315 0062;0061 05AE 033F 0300 0315 0062;0061 05AE 033F 0300 0315 0062; # (a◌̿◌̕◌̀◌֮b; a◌֮◌̿◌̀◌̕b; a◌֮◌̿◌̀◌̕b; a◌֮◌̿◌̀◌̕b; a◌֮◌̿◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING DOUBLE OVERLINE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0340 0062;00E0 05AE 0300 0315 0062;0061 05AE 0300 0300 0315 0062;00E0 05AE 0300 0315 0062;0061 05AE 0300 0300 0315 0062; # (a◌̕◌̀◌֮◌̀b; à◌֮◌̀◌̕b; a◌֮◌̀◌̀◌̕b; à◌֮◌̀◌̕b; a◌֮◌̀◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING GRAVE TONE MARK, LATIN SMALL LETTER B +0061 0340 0315 0300 05AE 0062;00E0 05AE 0300 0315 0062;0061 05AE 0300 0300 0315 0062;00E0 05AE 0300 0315 0062;0061 05AE 0300 0300 0315 0062; # (a◌̀◌̕◌̀◌֮b; à◌֮◌̀◌̕b; a◌֮◌̀◌̀◌̕b; à◌֮◌̀◌̕b; a◌֮◌̀◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING GRAVE TONE MARK, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0341 0062;00E0 05AE 0301 0315 0062;0061 05AE 0300 0301 0315 0062;00E0 05AE 0301 0315 0062;0061 05AE 0300 0301 0315 0062; # (a◌̕◌̀◌֮◌Íb; à◌֮◌Ì◌̕b; a◌֮◌̀◌Ì◌̕b; à◌֮◌Ì◌̕b; a◌֮◌̀◌Ì◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING ACUTE TONE MARK, LATIN SMALL LETTER B +0061 0341 0315 0300 05AE 0062;00E1 05AE 0300 0315 0062;0061 05AE 0301 0300 0315 0062;00E1 05AE 0300 0315 0062;0061 05AE 0301 0300 0315 0062; # (aâ—ŒÍ◌̕◌̀◌֮b; á◌֮◌̀◌̕b; a◌֮◌Ì◌̀◌̕b; á◌֮◌̀◌̕b; a◌֮◌Ì◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING ACUTE TONE MARK, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0342 0062;00E0 05AE 0342 0315 0062;0061 05AE 0300 0342 0315 0062;00E0 05AE 0342 0315 0062;0061 05AE 0300 0342 0315 0062; # (a◌̕◌̀◌֮◌͂b; à◌֮◌͂◌̕b; a◌֮◌̀◌͂◌̕b; à◌֮◌͂◌̕b; a◌֮◌̀◌͂◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING GREEK PERISPOMENI, LATIN SMALL LETTER B +0061 0342 0315 0300 05AE 0062;0061 05AE 0342 0300 0315 0062;0061 05AE 0342 0300 0315 0062;0061 05AE 0342 0300 0315 0062;0061 05AE 0342 0300 0315 0062; # (a◌͂◌̕◌̀◌֮b; a◌֮◌͂◌̀◌̕b; a◌֮◌͂◌̀◌̕b; a◌֮◌͂◌̀◌̕b; a◌֮◌͂◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING GREEK PERISPOMENI, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0343 0062;00E0 05AE 0313 0315 0062;0061 05AE 0300 0313 0315 0062;00E0 05AE 0313 0315 0062;0061 05AE 0300 0313 0315 0062; # (a◌̕◌̀◌֮◌̓b; à◌֮◌̓◌̕b; a◌֮◌̀◌̓◌̕b; à◌֮◌̓◌̕b; a◌֮◌̀◌̓◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING GREEK KORONIS, LATIN SMALL LETTER B +0061 0343 0315 0300 05AE 0062;0061 05AE 0313 0300 0315 0062;0061 05AE 0313 0300 0315 0062;0061 05AE 0313 0300 0315 0062;0061 05AE 0313 0300 0315 0062; # (a◌̓◌̕◌̀◌֮b; a◌֮◌̓◌̀◌̕b; a◌֮◌̓◌̀◌̕b; a◌֮◌̓◌̀◌̕b; a◌֮◌̓◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING GREEK KORONIS, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0344 0062;00E0 05AE 0308 0301 0315 0062;0061 05AE 0300 0308 0301 0315 0062;00E0 05AE 0308 0301 0315 0062;0061 05AE 0300 0308 0301 0315 0062; # (a◌̕◌̀◌֮◌̈́b; à◌֮◌̈◌Ì◌̕b; a◌֮◌̀◌̈◌Ì◌̕b; à◌֮◌̈◌Ì◌̕b; a◌֮◌̀◌̈◌Ì◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING GREEK DIALYTIKA TONOS, LATIN SMALL LETTER B +0061 0344 0315 0300 05AE 0062;00E4 05AE 0301 0300 0315 0062;0061 05AE 0308 0301 0300 0315 0062;00E4 05AE 0301 0300 0315 0062;0061 05AE 0308 0301 0300 0315 0062; # (a◌̈́◌̕◌̀◌֮b; ä◌֮◌Ì◌̀◌̕b; a◌֮◌̈◌Ì◌̀◌̕b; ä◌֮◌Ì◌̀◌̕b; a◌֮◌̈◌Ì◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING GREEK DIALYTIKA TONOS, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0345 035D 0345 0062;0061 035D 0345 0345 0062;0061 035D 0345 0345 0062;0061 035D 0345 0345 0062;0061 035D 0345 0345 0062; # (a◌ͅ◌Í◌ͅb; aâ—ŒÍ◌ͅ◌ͅb; aâ—ŒÍ◌ͅ◌ͅb; aâ—ŒÍ◌ͅ◌ͅb; aâ—ŒÍ◌ͅ◌ͅb; ) LATIN SMALL LETTER A, COMBINING GREEK YPOGEGRAMMENI, COMBINING DOUBLE BREVE, COMBINING GREEK YPOGEGRAMMENI, LATIN SMALL LETTER B +0061 0345 0345 035D 0062;0061 035D 0345 0345 0062;0061 035D 0345 0345 0062;0061 035D 0345 0345 0062;0061 035D 0345 0345 0062; # (a◌ͅ◌ͅ◌Íb; aâ—ŒÍ◌ͅ◌ͅb; aâ—ŒÍ◌ͅ◌ͅb; aâ—ŒÍ◌ͅ◌ͅb; aâ—ŒÍ◌ͅ◌ͅb; ) LATIN SMALL LETTER A, COMBINING GREEK YPOGEGRAMMENI, COMBINING GREEK YPOGEGRAMMENI, COMBINING DOUBLE BREVE, LATIN SMALL LETTER B +0061 0315 0300 05AE 0346 0062;00E0 05AE 0346 0315 0062;0061 05AE 0300 0346 0315 0062;00E0 05AE 0346 0315 0062;0061 05AE 0300 0346 0315 0062; # (a◌̕◌̀◌֮◌͆b; à◌֮◌͆◌̕b; a◌֮◌̀◌͆◌̕b; à◌֮◌͆◌̕b; a◌֮◌̀◌͆◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING BRIDGE ABOVE, LATIN SMALL LETTER B +0061 0346 0315 0300 05AE 0062;0061 05AE 0346 0300 0315 0062;0061 05AE 0346 0300 0315 0062;0061 05AE 0346 0300 0315 0062;0061 05AE 0346 0300 0315 0062; # (a◌͆◌̕◌̀◌֮b; a◌֮◌͆◌̀◌̕b; a◌֮◌͆◌̀◌̕b; a◌֮◌͆◌̀◌̕b; a◌֮◌͆◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING BRIDGE ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 0347 0062;0061 302A 0316 0347 059A 0062;0061 302A 0316 0347 059A 0062;0061 302A 0316 0347 059A 0062;0061 302A 0316 0347 059A 0062; # (a◌֚◌̖◌〪◌͇b; a◌〪◌̖◌͇◌֚b; a◌〪◌̖◌͇◌֚b; a◌〪◌̖◌͇◌֚b; a◌〪◌̖◌͇◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING EQUALS SIGN BELOW, LATIN SMALL LETTER B +0061 0347 059A 0316 302A 0062;0061 302A 0347 0316 059A 0062;0061 302A 0347 0316 059A 0062;0061 302A 0347 0316 059A 0062;0061 302A 0347 0316 059A 0062; # (a◌͇◌֚◌̖◌〪b; a◌〪◌͇◌̖◌֚b; a◌〪◌͇◌̖◌֚b; a◌〪◌͇◌̖◌֚b; a◌〪◌͇◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING EQUALS SIGN BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0348 0062;0061 302A 0316 0348 059A 0062;0061 302A 0316 0348 059A 0062;0061 302A 0316 0348 059A 0062;0061 302A 0316 0348 059A 0062; # (a◌֚◌̖◌〪◌͈b; a◌〪◌̖◌͈◌֚b; a◌〪◌̖◌͈◌֚b; a◌〪◌̖◌͈◌֚b; a◌〪◌̖◌͈◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING DOUBLE VERTICAL LINE BELOW, LATIN SMALL LETTER B +0061 0348 059A 0316 302A 0062;0061 302A 0348 0316 059A 0062;0061 302A 0348 0316 059A 0062;0061 302A 0348 0316 059A 0062;0061 302A 0348 0316 059A 0062; # (a◌͈◌֚◌̖◌〪b; a◌〪◌͈◌̖◌֚b; a◌〪◌͈◌̖◌֚b; a◌〪◌͈◌̖◌֚b; a◌〪◌͈◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING DOUBLE VERTICAL LINE BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0349 0062;0061 302A 0316 0349 059A 0062;0061 302A 0316 0349 059A 0062;0061 302A 0316 0349 059A 0062;0061 302A 0316 0349 059A 0062; # (a◌֚◌̖◌〪◌͉b; a◌〪◌̖◌͉◌֚b; a◌〪◌̖◌͉◌֚b; a◌〪◌̖◌͉◌֚b; a◌〪◌̖◌͉◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING LEFT ANGLE BELOW, LATIN SMALL LETTER B +0061 0349 059A 0316 302A 0062;0061 302A 0349 0316 059A 0062;0061 302A 0349 0316 059A 0062;0061 302A 0349 0316 059A 0062;0061 302A 0349 0316 059A 0062; # (a◌͉◌֚◌̖◌〪b; a◌〪◌͉◌̖◌֚b; a◌〪◌͉◌̖◌֚b; a◌〪◌͉◌̖◌֚b; a◌〪◌͉◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING LEFT ANGLE BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 034A 0062;00E0 05AE 034A 0315 0062;0061 05AE 0300 034A 0315 0062;00E0 05AE 034A 0315 0062;0061 05AE 0300 034A 0315 0062; # (a◌̕◌̀◌֮◌͊b; à◌֮◌͊◌̕b; a◌֮◌̀◌͊◌̕b; à◌֮◌͊◌̕b; a◌֮◌̀◌͊◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING NOT TILDE ABOVE, LATIN SMALL LETTER B +0061 034A 0315 0300 05AE 0062;0061 05AE 034A 0300 0315 0062;0061 05AE 034A 0300 0315 0062;0061 05AE 034A 0300 0315 0062;0061 05AE 034A 0300 0315 0062; # (a◌͊◌̕◌̀◌֮b; a◌֮◌͊◌̀◌̕b; a◌֮◌͊◌̀◌̕b; a◌֮◌͊◌̀◌̕b; a◌֮◌͊◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING NOT TILDE ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 034B 0062;00E0 05AE 034B 0315 0062;0061 05AE 0300 034B 0315 0062;00E0 05AE 034B 0315 0062;0061 05AE 0300 034B 0315 0062; # (a◌̕◌̀◌֮◌͋b; à◌֮◌͋◌̕b; a◌֮◌̀◌͋◌̕b; à◌֮◌͋◌̕b; a◌֮◌̀◌͋◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING HOMOTHETIC ABOVE, LATIN SMALL LETTER B +0061 034B 0315 0300 05AE 0062;0061 05AE 034B 0300 0315 0062;0061 05AE 034B 0300 0315 0062;0061 05AE 034B 0300 0315 0062;0061 05AE 034B 0300 0315 0062; # (a◌͋◌̕◌̀◌֮b; a◌֮◌͋◌̀◌̕b; a◌֮◌͋◌̀◌̕b; a◌֮◌͋◌̀◌̕b; a◌֮◌͋◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING HOMOTHETIC ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 034C 0062;00E0 05AE 034C 0315 0062;0061 05AE 0300 034C 0315 0062;00E0 05AE 034C 0315 0062;0061 05AE 0300 034C 0315 0062; # (a◌̕◌̀◌֮◌͌b; à◌֮◌͌◌̕b; a◌֮◌̀◌͌◌̕b; à◌֮◌͌◌̕b; a◌֮◌̀◌͌◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING ALMOST EQUAL TO ABOVE, LATIN SMALL LETTER B +0061 034C 0315 0300 05AE 0062;0061 05AE 034C 0300 0315 0062;0061 05AE 034C 0300 0315 0062;0061 05AE 034C 0300 0315 0062;0061 05AE 034C 0300 0315 0062; # (a◌͌◌̕◌̀◌֮b; a◌֮◌͌◌̀◌̕b; a◌֮◌͌◌̀◌̕b; a◌֮◌͌◌̀◌̕b; a◌֮◌͌◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING ALMOST EQUAL TO ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 034D 0062;0061 302A 0316 034D 059A 0062;0061 302A 0316 034D 059A 0062;0061 302A 0316 034D 059A 0062;0061 302A 0316 034D 059A 0062; # (a◌֚◌̖◌〪◌Íb; a◌〪◌̖◌Í◌֚b; a◌〪◌̖◌Í◌֚b; a◌〪◌̖◌Í◌֚b; a◌〪◌̖◌Í◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING LEFT RIGHT ARROW BELOW, LATIN SMALL LETTER B +0061 034D 059A 0316 302A 0062;0061 302A 034D 0316 059A 0062;0061 302A 034D 0316 059A 0062;0061 302A 034D 0316 059A 0062;0061 302A 034D 0316 059A 0062; # (aâ—ŒÍ◌֚◌̖◌〪b; a◌〪◌Í◌̖◌֚b; a◌〪◌Í◌̖◌֚b; a◌〪◌Í◌̖◌֚b; a◌〪◌Í◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING LEFT RIGHT ARROW BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 034E 0062;0061 302A 0316 034E 059A 0062;0061 302A 0316 034E 059A 0062;0061 302A 0316 034E 059A 0062;0061 302A 0316 034E 059A 0062; # (a◌֚◌̖◌〪◌͎b; a◌〪◌̖◌͎◌֚b; a◌〪◌̖◌͎◌֚b; a◌〪◌̖◌͎◌֚b; a◌〪◌̖◌͎◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING UPWARDS ARROW BELOW, LATIN SMALL LETTER B +0061 034E 059A 0316 302A 0062;0061 302A 034E 0316 059A 0062;0061 302A 034E 0316 059A 0062;0061 302A 034E 0316 059A 0062;0061 302A 034E 0316 059A 0062; # (a◌͎◌֚◌̖◌〪b; a◌〪◌͎◌̖◌֚b; a◌〪◌͎◌̖◌֚b; a◌〪◌͎◌̖◌֚b; a◌〪◌͎◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING UPWARDS ARROW BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 0350 0062;00E0 05AE 0350 0315 0062;0061 05AE 0300 0350 0315 0062;00E0 05AE 0350 0315 0062;0061 05AE 0300 0350 0315 0062; # (a◌̕◌̀◌֮◌Íb; à◌֮◌Í◌̕b; a◌֮◌̀◌Í◌̕b; à◌֮◌Í◌̕b; a◌֮◌̀◌Í◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING RIGHT ARROWHEAD ABOVE, LATIN SMALL LETTER B +0061 0350 0315 0300 05AE 0062;0061 05AE 0350 0300 0315 0062;0061 05AE 0350 0300 0315 0062;0061 05AE 0350 0300 0315 0062;0061 05AE 0350 0300 0315 0062; # (aâ—ŒÍ◌̕◌̀◌֮b; a◌֮◌Í◌̀◌̕b; a◌֮◌Í◌̀◌̕b; a◌֮◌Í◌̀◌̕b; a◌֮◌Í◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING RIGHT ARROWHEAD ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0351 0062;00E0 05AE 0351 0315 0062;0061 05AE 0300 0351 0315 0062;00E0 05AE 0351 0315 0062;0061 05AE 0300 0351 0315 0062; # (a◌̕◌̀◌֮◌͑b; à◌֮◌͑◌̕b; a◌֮◌̀◌͑◌̕b; à◌֮◌͑◌̕b; a◌֮◌̀◌͑◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LEFT HALF RING ABOVE, LATIN SMALL LETTER B +0061 0351 0315 0300 05AE 0062;0061 05AE 0351 0300 0315 0062;0061 05AE 0351 0300 0315 0062;0061 05AE 0351 0300 0315 0062;0061 05AE 0351 0300 0315 0062; # (a◌͑◌̕◌̀◌֮b; a◌֮◌͑◌̀◌̕b; a◌֮◌͑◌̀◌̕b; a◌֮◌͑◌̀◌̕b; a◌֮◌͑◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LEFT HALF RING ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0352 0062;00E0 05AE 0352 0315 0062;0061 05AE 0300 0352 0315 0062;00E0 05AE 0352 0315 0062;0061 05AE 0300 0352 0315 0062; # (a◌̕◌̀◌֮◌͒b; à◌֮◌͒◌̕b; a◌֮◌̀◌͒◌̕b; à◌֮◌͒◌̕b; a◌֮◌̀◌͒◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING FERMATA, LATIN SMALL LETTER B +0061 0352 0315 0300 05AE 0062;0061 05AE 0352 0300 0315 0062;0061 05AE 0352 0300 0315 0062;0061 05AE 0352 0300 0315 0062;0061 05AE 0352 0300 0315 0062; # (a◌͒◌̕◌̀◌֮b; a◌֮◌͒◌̀◌̕b; a◌֮◌͒◌̀◌̕b; a◌֮◌͒◌̀◌̕b; a◌֮◌͒◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING FERMATA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 0353 0062;0061 302A 0316 0353 059A 0062;0061 302A 0316 0353 059A 0062;0061 302A 0316 0353 059A 0062;0061 302A 0316 0353 059A 0062; # (a◌֚◌̖◌〪◌͓b; a◌〪◌̖◌͓◌֚b; a◌〪◌̖◌͓◌֚b; a◌〪◌̖◌͓◌֚b; a◌〪◌̖◌͓◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING X BELOW, LATIN SMALL LETTER B +0061 0353 059A 0316 302A 0062;0061 302A 0353 0316 059A 0062;0061 302A 0353 0316 059A 0062;0061 302A 0353 0316 059A 0062;0061 302A 0353 0316 059A 0062; # (a◌͓◌֚◌̖◌〪b; a◌〪◌͓◌̖◌֚b; a◌〪◌͓◌̖◌֚b; a◌〪◌͓◌̖◌֚b; a◌〪◌͓◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING X BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0354 0062;0061 302A 0316 0354 059A 0062;0061 302A 0316 0354 059A 0062;0061 302A 0316 0354 059A 0062;0061 302A 0316 0354 059A 0062; # (a◌֚◌̖◌〪◌͔b; a◌〪◌̖◌͔◌֚b; a◌〪◌̖◌͔◌֚b; a◌〪◌̖◌͔◌֚b; a◌〪◌̖◌͔◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING LEFT ARROWHEAD BELOW, LATIN SMALL LETTER B +0061 0354 059A 0316 302A 0062;0061 302A 0354 0316 059A 0062;0061 302A 0354 0316 059A 0062;0061 302A 0354 0316 059A 0062;0061 302A 0354 0316 059A 0062; # (a◌͔◌֚◌̖◌〪b; a◌〪◌͔◌̖◌֚b; a◌〪◌͔◌̖◌֚b; a◌〪◌͔◌̖◌֚b; a◌〪◌͔◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING LEFT ARROWHEAD BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0355 0062;0061 302A 0316 0355 059A 0062;0061 302A 0316 0355 059A 0062;0061 302A 0316 0355 059A 0062;0061 302A 0316 0355 059A 0062; # (a◌֚◌̖◌〪◌͕b; a◌〪◌̖◌͕◌֚b; a◌〪◌̖◌͕◌֚b; a◌〪◌̖◌͕◌֚b; a◌〪◌̖◌͕◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING RIGHT ARROWHEAD BELOW, LATIN SMALL LETTER B +0061 0355 059A 0316 302A 0062;0061 302A 0355 0316 059A 0062;0061 302A 0355 0316 059A 0062;0061 302A 0355 0316 059A 0062;0061 302A 0355 0316 059A 0062; # (a◌͕◌֚◌̖◌〪b; a◌〪◌͕◌̖◌֚b; a◌〪◌͕◌̖◌֚b; a◌〪◌͕◌̖◌֚b; a◌〪◌͕◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING RIGHT ARROWHEAD BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0356 0062;0061 302A 0316 0356 059A 0062;0061 302A 0316 0356 059A 0062;0061 302A 0316 0356 059A 0062;0061 302A 0316 0356 059A 0062; # (a◌֚◌̖◌〪◌͖b; a◌〪◌̖◌͖◌֚b; a◌〪◌̖◌͖◌֚b; a◌〪◌̖◌͖◌֚b; a◌〪◌̖◌͖◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING RIGHT ARROWHEAD AND UP ARROWHEAD BELOW, LATIN SMALL LETTER B +0061 0356 059A 0316 302A 0062;0061 302A 0356 0316 059A 0062;0061 302A 0356 0316 059A 0062;0061 302A 0356 0316 059A 0062;0061 302A 0356 0316 059A 0062; # (a◌͖◌֚◌̖◌〪b; a◌〪◌͖◌̖◌֚b; a◌〪◌͖◌̖◌֚b; a◌〪◌͖◌̖◌֚b; a◌〪◌͖◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING RIGHT ARROWHEAD AND UP ARROWHEAD BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 0357 0062;00E0 05AE 0357 0315 0062;0061 05AE 0300 0357 0315 0062;00E0 05AE 0357 0315 0062;0061 05AE 0300 0357 0315 0062; # (a◌̕◌̀◌֮◌͗b; à◌֮◌͗◌̕b; a◌֮◌̀◌͗◌̕b; à◌֮◌͗◌̕b; a◌֮◌̀◌͗◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING RIGHT HALF RING ABOVE, LATIN SMALL LETTER B +0061 0357 0315 0300 05AE 0062;0061 05AE 0357 0300 0315 0062;0061 05AE 0357 0300 0315 0062;0061 05AE 0357 0300 0315 0062;0061 05AE 0357 0300 0315 0062; # (a◌͗◌̕◌̀◌֮b; a◌֮◌͗◌̀◌̕b; a◌֮◌͗◌̀◌̕b; a◌֮◌͗◌̀◌̕b; a◌֮◌͗◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING RIGHT HALF RING ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0345 035D 035F 035D 0062;0061 035F 035D 035D 0345 0062;0061 035F 035D 035D 0345 0062;0061 035F 035D 035D 0345 0062;0061 035F 035D 035D 0345 0062; # (a◌ͅ◌Í◌͟◌Íb; a◌͟◌Íâ—ŒÍ◌ͅb; a◌͟◌Íâ—ŒÍ◌ͅb; a◌͟◌Íâ—ŒÍ◌ͅb; a◌͟◌Íâ—ŒÍ◌ͅb; ) LATIN SMALL LETTER A, COMBINING GREEK YPOGEGRAMMENI, COMBINING DOUBLE BREVE, COMBINING DOUBLE MACRON BELOW, COMBINING DOUBLE BREVE, LATIN SMALL LETTER B +0061 035D 0345 035D 035F 0062;0061 035F 035D 035D 0345 0062;0061 035F 035D 035D 0345 0062;0061 035F 035D 035D 0345 0062;0061 035F 035D 035D 0345 0062; # (aâ—ŒÍ◌ͅ◌Í◌͟b; a◌͟◌Íâ—ŒÍ◌ͅb; a◌͟◌Íâ—ŒÍ◌ͅb; a◌͟◌Íâ—ŒÍ◌ͅb; a◌͟◌Íâ—ŒÍ◌ͅb; ) LATIN SMALL LETTER A, COMBINING DOUBLE BREVE, COMBINING GREEK YPOGEGRAMMENI, COMBINING DOUBLE BREVE, COMBINING DOUBLE MACRON BELOW, LATIN SMALL LETTER B +0061 0345 035D 035F 035E 0062;0061 035F 035D 035E 0345 0062;0061 035F 035D 035E 0345 0062;0061 035F 035D 035E 0345 0062;0061 035F 035D 035E 0345 0062; # (a◌ͅ◌Í◌͟◌͞b; a◌͟◌Í◌͞◌ͅb; a◌͟◌Í◌͞◌ͅb; a◌͟◌Í◌͞◌ͅb; a◌͟◌Í◌͞◌ͅb; ) LATIN SMALL LETTER A, COMBINING GREEK YPOGEGRAMMENI, COMBINING DOUBLE BREVE, COMBINING DOUBLE MACRON BELOW, COMBINING DOUBLE MACRON, LATIN SMALL LETTER B +0061 035E 0345 035D 035F 0062;0061 035F 035E 035D 0345 0062;0061 035F 035E 035D 0345 0062;0061 035F 035E 035D 0345 0062;0061 035F 035E 035D 0345 0062; # (a◌͞◌ͅ◌Í◌͟b; a◌͟◌͞◌Í◌ͅb; a◌͟◌͞◌Í◌ͅb; a◌͟◌͞◌Í◌ͅb; a◌͟◌͞◌Í◌ͅb; ) LATIN SMALL LETTER A, COMBINING DOUBLE MACRON, COMBINING GREEK YPOGEGRAMMENI, COMBINING DOUBLE BREVE, COMBINING DOUBLE MACRON BELOW, LATIN SMALL LETTER B +0061 035D 035F 0315 035F 0062;0061 0315 035F 035F 035D 0062;0061 0315 035F 035F 035D 0062;0061 0315 035F 035F 035D 0062;0061 0315 035F 035F 035D 0062; # (aâ—ŒÍ◌͟◌̕◌͟b; a◌̕◌͟◌͟◌Íb; a◌̕◌͟◌͟◌Íb; a◌̕◌͟◌͟◌Íb; a◌̕◌͟◌͟◌Íb; ) LATIN SMALL LETTER A, COMBINING DOUBLE BREVE, COMBINING DOUBLE MACRON BELOW, COMBINING COMMA ABOVE RIGHT, COMBINING DOUBLE MACRON BELOW, LATIN SMALL LETTER B +0061 035F 035D 035F 0315 0062;0061 0315 035F 035F 035D 0062;0061 0315 035F 035F 035D 0062;0061 0315 035F 035F 035D 0062;0061 0315 035F 035F 035D 0062; # (a◌͟◌Í◌͟◌̕b; a◌̕◌͟◌͟◌Íb; a◌̕◌͟◌͟◌Íb; a◌̕◌͟◌͟◌Íb; a◌̕◌͟◌͟◌Íb; ) LATIN SMALL LETTER A, COMBINING DOUBLE MACRON BELOW, COMBINING DOUBLE BREVE, COMBINING DOUBLE MACRON BELOW, COMBINING COMMA ABOVE RIGHT, LATIN SMALL LETTER B +0061 0345 035D 035F 0360 0062;0061 035F 035D 0360 0345 0062;0061 035F 035D 0360 0345 0062;0061 035F 035D 0360 0345 0062;0061 035F 035D 0360 0345 0062; # (a◌ͅ◌Í◌͟◌͠b; a◌͟◌Í◌͠◌ͅb; a◌͟◌Í◌͠◌ͅb; a◌͟◌Í◌͠◌ͅb; a◌͟◌Í◌͠◌ͅb; ) LATIN SMALL LETTER A, COMBINING GREEK YPOGEGRAMMENI, COMBINING DOUBLE BREVE, COMBINING DOUBLE MACRON BELOW, COMBINING DOUBLE TILDE, LATIN SMALL LETTER B +0061 0360 0345 035D 035F 0062;0061 035F 0360 035D 0345 0062;0061 035F 0360 035D 0345 0062;0061 035F 0360 035D 0345 0062;0061 035F 0360 035D 0345 0062; # (a◌͠◌ͅ◌Í◌͟b; a◌͟◌͠◌Í◌ͅb; a◌͟◌͠◌Í◌ͅb; a◌͟◌͠◌Í◌ͅb; a◌͟◌͠◌Í◌ͅb; ) LATIN SMALL LETTER A, COMBINING DOUBLE TILDE, COMBINING GREEK YPOGEGRAMMENI, COMBINING DOUBLE BREVE, COMBINING DOUBLE MACRON BELOW, LATIN SMALL LETTER B +0061 0345 035D 035F 0361 0062;0061 035F 035D 0361 0345 0062;0061 035F 035D 0361 0345 0062;0061 035F 035D 0361 0345 0062;0061 035F 035D 0361 0345 0062; # (a◌ͅ◌Í◌͟◌͡b; a◌͟◌Í◌͡◌ͅb; a◌͟◌Í◌͡◌ͅb; a◌͟◌Í◌͡◌ͅb; a◌͟◌Í◌͡◌ͅb; ) LATIN SMALL LETTER A, COMBINING GREEK YPOGEGRAMMENI, COMBINING DOUBLE BREVE, COMBINING DOUBLE MACRON BELOW, COMBINING DOUBLE INVERTED BREVE, LATIN SMALL LETTER B +0061 0361 0345 035D 035F 0062;0061 035F 0361 035D 0345 0062;0061 035F 0361 035D 0345 0062;0061 035F 0361 035D 0345 0062;0061 035F 0361 035D 0345 0062; # (a◌͡◌ͅ◌Í◌͟b; a◌͟◌͡◌Í◌ͅb; a◌͟◌͡◌Í◌ͅb; a◌͟◌͡◌Í◌ͅb; a◌͟◌͡◌Í◌ͅb; ) LATIN SMALL LETTER A, COMBINING DOUBLE INVERTED BREVE, COMBINING GREEK YPOGEGRAMMENI, COMBINING DOUBLE BREVE, COMBINING DOUBLE MACRON BELOW, LATIN SMALL LETTER B +0061 035D 035F 0315 0362 0062;0061 0315 035F 0362 035D 0062;0061 0315 035F 0362 035D 0062;0061 0315 035F 0362 035D 0062;0061 0315 035F 0362 035D 0062; # (aâ—ŒÍ◌͟◌̕◌͢b; a◌̕◌͟◌͢◌Íb; a◌̕◌͟◌͢◌Íb; a◌̕◌͟◌͢◌Íb; a◌̕◌͟◌͢◌Íb; ) LATIN SMALL LETTER A, COMBINING DOUBLE BREVE, COMBINING DOUBLE MACRON BELOW, COMBINING COMMA ABOVE RIGHT, COMBINING DOUBLE RIGHTWARDS ARROW BELOW, LATIN SMALL LETTER B +0061 0362 035D 035F 0315 0062;0061 0315 0362 035F 035D 0062;0061 0315 0362 035F 035D 0062;0061 0315 0362 035F 035D 0062;0061 0315 0362 035F 035D 0062; # (a◌͢◌Í◌͟◌̕b; a◌̕◌͢◌͟◌Íb; a◌̕◌͢◌͟◌Íb; a◌̕◌͢◌͟◌Íb; a◌̕◌͢◌͟◌Íb; ) LATIN SMALL LETTER A, COMBINING DOUBLE RIGHTWARDS ARROW BELOW, COMBINING DOUBLE BREVE, COMBINING DOUBLE MACRON BELOW, COMBINING COMMA ABOVE RIGHT, LATIN SMALL LETTER B +0061 0315 0300 05AE 0363 0062;00E0 05AE 0363 0315 0062;0061 05AE 0300 0363 0315 0062;00E0 05AE 0363 0315 0062;0061 05AE 0300 0363 0315 0062; # (a◌̕◌̀◌֮◌ͣb; à◌֮◌ͣ◌̕b; a◌֮◌̀◌ͣ◌̕b; à◌֮◌ͣ◌̕b; a◌֮◌̀◌ͣ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LATIN SMALL LETTER A, LATIN SMALL LETTER B +0061 0363 0315 0300 05AE 0062;0061 05AE 0363 0300 0315 0062;0061 05AE 0363 0300 0315 0062;0061 05AE 0363 0300 0315 0062;0061 05AE 0363 0300 0315 0062; # (a◌ͣ◌̕◌̀◌֮b; a◌֮◌ͣ◌̀◌̕b; a◌֮◌ͣ◌̀◌̕b; a◌֮◌ͣ◌̀◌̕b; a◌֮◌ͣ◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0364 0062;00E0 05AE 0364 0315 0062;0061 05AE 0300 0364 0315 0062;00E0 05AE 0364 0315 0062;0061 05AE 0300 0364 0315 0062; # (a◌̕◌̀◌֮◌ͤb; à◌֮◌ͤ◌̕b; a◌֮◌̀◌ͤ◌̕b; à◌֮◌ͤ◌̕b; a◌֮◌̀◌ͤ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LATIN SMALL LETTER E, LATIN SMALL LETTER B +0061 0364 0315 0300 05AE 0062;0061 05AE 0364 0300 0315 0062;0061 05AE 0364 0300 0315 0062;0061 05AE 0364 0300 0315 0062;0061 05AE 0364 0300 0315 0062; # (a◌ͤ◌̕◌̀◌֮b; a◌֮◌ͤ◌̀◌̕b; a◌֮◌ͤ◌̀◌̕b; a◌֮◌ͤ◌̀◌̕b; a◌֮◌ͤ◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LATIN SMALL LETTER E, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0365 0062;00E0 05AE 0365 0315 0062;0061 05AE 0300 0365 0315 0062;00E0 05AE 0365 0315 0062;0061 05AE 0300 0365 0315 0062; # (a◌̕◌̀◌֮◌ͥb; à◌֮◌ͥ◌̕b; a◌֮◌̀◌ͥ◌̕b; à◌֮◌ͥ◌̕b; a◌֮◌̀◌ͥ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LATIN SMALL LETTER I, LATIN SMALL LETTER B +0061 0365 0315 0300 05AE 0062;0061 05AE 0365 0300 0315 0062;0061 05AE 0365 0300 0315 0062;0061 05AE 0365 0300 0315 0062;0061 05AE 0365 0300 0315 0062; # (a◌ͥ◌̕◌̀◌֮b; a◌֮◌ͥ◌̀◌̕b; a◌֮◌ͥ◌̀◌̕b; a◌֮◌ͥ◌̀◌̕b; a◌֮◌ͥ◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LATIN SMALL LETTER I, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0366 0062;00E0 05AE 0366 0315 0062;0061 05AE 0300 0366 0315 0062;00E0 05AE 0366 0315 0062;0061 05AE 0300 0366 0315 0062; # (a◌̕◌̀◌֮◌ͦb; à◌֮◌ͦ◌̕b; a◌֮◌̀◌ͦ◌̕b; à◌֮◌ͦ◌̕b; a◌֮◌̀◌ͦ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LATIN SMALL LETTER O, LATIN SMALL LETTER B +0061 0366 0315 0300 05AE 0062;0061 05AE 0366 0300 0315 0062;0061 05AE 0366 0300 0315 0062;0061 05AE 0366 0300 0315 0062;0061 05AE 0366 0300 0315 0062; # (a◌ͦ◌̕◌̀◌֮b; a◌֮◌ͦ◌̀◌̕b; a◌֮◌ͦ◌̀◌̕b; a◌֮◌ͦ◌̀◌̕b; a◌֮◌ͦ◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LATIN SMALL LETTER O, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0367 0062;00E0 05AE 0367 0315 0062;0061 05AE 0300 0367 0315 0062;00E0 05AE 0367 0315 0062;0061 05AE 0300 0367 0315 0062; # (a◌̕◌̀◌֮◌ͧb; à◌֮◌ͧ◌̕b; a◌֮◌̀◌ͧ◌̕b; à◌֮◌ͧ◌̕b; a◌֮◌̀◌ͧ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LATIN SMALL LETTER U, LATIN SMALL LETTER B +0061 0367 0315 0300 05AE 0062;0061 05AE 0367 0300 0315 0062;0061 05AE 0367 0300 0315 0062;0061 05AE 0367 0300 0315 0062;0061 05AE 0367 0300 0315 0062; # (a◌ͧ◌̕◌̀◌֮b; a◌֮◌ͧ◌̀◌̕b; a◌֮◌ͧ◌̀◌̕b; a◌֮◌ͧ◌̀◌̕b; a◌֮◌ͧ◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LATIN SMALL LETTER U, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0368 0062;00E0 05AE 0368 0315 0062;0061 05AE 0300 0368 0315 0062;00E0 05AE 0368 0315 0062;0061 05AE 0300 0368 0315 0062; # (a◌̕◌̀◌֮◌ͨb; à◌֮◌ͨ◌̕b; a◌֮◌̀◌ͨ◌̕b; à◌֮◌ͨ◌̕b; a◌֮◌̀◌ͨ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LATIN SMALL LETTER C, LATIN SMALL LETTER B +0061 0368 0315 0300 05AE 0062;0061 05AE 0368 0300 0315 0062;0061 05AE 0368 0300 0315 0062;0061 05AE 0368 0300 0315 0062;0061 05AE 0368 0300 0315 0062; # (a◌ͨ◌̕◌̀◌֮b; a◌֮◌ͨ◌̀◌̕b; a◌֮◌ͨ◌̀◌̕b; a◌֮◌ͨ◌̀◌̕b; a◌֮◌ͨ◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LATIN SMALL LETTER C, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0369 0062;00E0 05AE 0369 0315 0062;0061 05AE 0300 0369 0315 0062;00E0 05AE 0369 0315 0062;0061 05AE 0300 0369 0315 0062; # (a◌̕◌̀◌֮◌ͩb; à◌֮◌ͩ◌̕b; a◌֮◌̀◌ͩ◌̕b; à◌֮◌ͩ◌̕b; a◌֮◌̀◌ͩ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LATIN SMALL LETTER D, LATIN SMALL LETTER B +0061 0369 0315 0300 05AE 0062;0061 05AE 0369 0300 0315 0062;0061 05AE 0369 0300 0315 0062;0061 05AE 0369 0300 0315 0062;0061 05AE 0369 0300 0315 0062; # (a◌ͩ◌̕◌̀◌֮b; a◌֮◌ͩ◌̀◌̕b; a◌֮◌ͩ◌̀◌̕b; a◌֮◌ͩ◌̀◌̕b; a◌֮◌ͩ◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LATIN SMALL LETTER D, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 036A 0062;00E0 05AE 036A 0315 0062;0061 05AE 0300 036A 0315 0062;00E0 05AE 036A 0315 0062;0061 05AE 0300 036A 0315 0062; # (a◌̕◌̀◌֮◌ͪb; à◌֮◌ͪ◌̕b; a◌֮◌̀◌ͪ◌̕b; à◌֮◌ͪ◌̕b; a◌֮◌̀◌ͪ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LATIN SMALL LETTER H, LATIN SMALL LETTER B +0061 036A 0315 0300 05AE 0062;0061 05AE 036A 0300 0315 0062;0061 05AE 036A 0300 0315 0062;0061 05AE 036A 0300 0315 0062;0061 05AE 036A 0300 0315 0062; # (a◌ͪ◌̕◌̀◌֮b; a◌֮◌ͪ◌̀◌̕b; a◌֮◌ͪ◌̀◌̕b; a◌֮◌ͪ◌̀◌̕b; a◌֮◌ͪ◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LATIN SMALL LETTER H, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 036B 0062;00E0 05AE 036B 0315 0062;0061 05AE 0300 036B 0315 0062;00E0 05AE 036B 0315 0062;0061 05AE 0300 036B 0315 0062; # (a◌̕◌̀◌֮◌ͫb; à◌֮◌ͫ◌̕b; a◌֮◌̀◌ͫ◌̕b; à◌֮◌ͫ◌̕b; a◌֮◌̀◌ͫ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LATIN SMALL LETTER M, LATIN SMALL LETTER B +0061 036B 0315 0300 05AE 0062;0061 05AE 036B 0300 0315 0062;0061 05AE 036B 0300 0315 0062;0061 05AE 036B 0300 0315 0062;0061 05AE 036B 0300 0315 0062; # (a◌ͫ◌̕◌̀◌֮b; a◌֮◌ͫ◌̀◌̕b; a◌֮◌ͫ◌̀◌̕b; a◌֮◌ͫ◌̀◌̕b; a◌֮◌ͫ◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LATIN SMALL LETTER M, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 036C 0062;00E0 05AE 036C 0315 0062;0061 05AE 0300 036C 0315 0062;00E0 05AE 036C 0315 0062;0061 05AE 0300 036C 0315 0062; # (a◌̕◌̀◌֮◌ͬb; à◌֮◌ͬ◌̕b; a◌֮◌̀◌ͬ◌̕b; à◌֮◌ͬ◌̕b; a◌֮◌̀◌ͬ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LATIN SMALL LETTER R, LATIN SMALL LETTER B +0061 036C 0315 0300 05AE 0062;0061 05AE 036C 0300 0315 0062;0061 05AE 036C 0300 0315 0062;0061 05AE 036C 0300 0315 0062;0061 05AE 036C 0300 0315 0062; # (a◌ͬ◌̕◌̀◌֮b; a◌֮◌ͬ◌̀◌̕b; a◌֮◌ͬ◌̀◌̕b; a◌֮◌ͬ◌̀◌̕b; a◌֮◌ͬ◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LATIN SMALL LETTER R, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 036D 0062;00E0 05AE 036D 0315 0062;0061 05AE 0300 036D 0315 0062;00E0 05AE 036D 0315 0062;0061 05AE 0300 036D 0315 0062; # (a◌̕◌̀◌֮◌ͭb; à◌֮◌ͭ◌̕b; a◌֮◌̀◌ͭ◌̕b; à◌֮◌ͭ◌̕b; a◌֮◌̀◌ͭ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LATIN SMALL LETTER T, LATIN SMALL LETTER B +0061 036D 0315 0300 05AE 0062;0061 05AE 036D 0300 0315 0062;0061 05AE 036D 0300 0315 0062;0061 05AE 036D 0300 0315 0062;0061 05AE 036D 0300 0315 0062; # (a◌ͭ◌̕◌̀◌֮b; a◌֮◌ͭ◌̀◌̕b; a◌֮◌ͭ◌̀◌̕b; a◌֮◌ͭ◌̀◌̕b; a◌֮◌ͭ◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LATIN SMALL LETTER T, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 036E 0062;00E0 05AE 036E 0315 0062;0061 05AE 0300 036E 0315 0062;00E0 05AE 036E 0315 0062;0061 05AE 0300 036E 0315 0062; # (a◌̕◌̀◌֮◌ͮb; à◌֮◌ͮ◌̕b; a◌֮◌̀◌ͮ◌̕b; à◌֮◌ͮ◌̕b; a◌֮◌̀◌ͮ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LATIN SMALL LETTER V, LATIN SMALL LETTER B +0061 036E 0315 0300 05AE 0062;0061 05AE 036E 0300 0315 0062;0061 05AE 036E 0300 0315 0062;0061 05AE 036E 0300 0315 0062;0061 05AE 036E 0300 0315 0062; # (a◌ͮ◌̕◌̀◌֮b; a◌֮◌ͮ◌̀◌̕b; a◌֮◌ͮ◌̀◌̕b; a◌֮◌ͮ◌̀◌̕b; a◌֮◌ͮ◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LATIN SMALL LETTER V, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 036F 0062;00E0 05AE 036F 0315 0062;0061 05AE 0300 036F 0315 0062;00E0 05AE 036F 0315 0062;0061 05AE 0300 036F 0315 0062; # (a◌̕◌̀◌֮◌ͯb; à◌֮◌ͯ◌̕b; a◌֮◌̀◌ͯ◌̕b; à◌֮◌ͯ◌̕b; a◌֮◌̀◌ͯ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LATIN SMALL LETTER X, LATIN SMALL LETTER B +0061 036F 0315 0300 05AE 0062;0061 05AE 036F 0300 0315 0062;0061 05AE 036F 0300 0315 0062;0061 05AE 036F 0300 0315 0062;0061 05AE 036F 0300 0315 0062; # (a◌ͯ◌̕◌̀◌֮b; a◌֮◌ͯ◌̀◌̕b; a◌֮◌ͯ◌̀◌̕b; a◌֮◌ͯ◌̀◌̕b; a◌֮◌ͯ◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LATIN SMALL LETTER X, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0483 0062;00E0 05AE 0483 0315 0062;0061 05AE 0300 0483 0315 0062;00E0 05AE 0483 0315 0062;0061 05AE 0300 0483 0315 0062; # (a◌̕◌̀◌֮◌҃b; à◌֮◌҃◌̕b; a◌֮◌̀◌҃◌̕b; à◌֮◌҃◌̕b; a◌֮◌̀◌҃◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING CYRILLIC TITLO, LATIN SMALL LETTER B +0061 0483 0315 0300 05AE 0062;0061 05AE 0483 0300 0315 0062;0061 05AE 0483 0300 0315 0062;0061 05AE 0483 0300 0315 0062;0061 05AE 0483 0300 0315 0062; # (a◌҃◌̕◌̀◌֮b; a◌֮◌҃◌̀◌̕b; a◌֮◌҃◌̀◌̕b; a◌֮◌҃◌̀◌̕b; a◌֮◌҃◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING CYRILLIC TITLO, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0484 0062;00E0 05AE 0484 0315 0062;0061 05AE 0300 0484 0315 0062;00E0 05AE 0484 0315 0062;0061 05AE 0300 0484 0315 0062; # (a◌̕◌̀◌֮◌҄b; à◌֮◌҄◌̕b; a◌֮◌̀◌҄◌̕b; à◌֮◌҄◌̕b; a◌֮◌̀◌҄◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING CYRILLIC PALATALIZATION, LATIN SMALL LETTER B +0061 0484 0315 0300 05AE 0062;0061 05AE 0484 0300 0315 0062;0061 05AE 0484 0300 0315 0062;0061 05AE 0484 0300 0315 0062;0061 05AE 0484 0300 0315 0062; # (a◌҄◌̕◌̀◌֮b; a◌֮◌҄◌̀◌̕b; a◌֮◌҄◌̀◌̕b; a◌֮◌҄◌̀◌̕b; a◌֮◌҄◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING CYRILLIC PALATALIZATION, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0485 0062;00E0 05AE 0485 0315 0062;0061 05AE 0300 0485 0315 0062;00E0 05AE 0485 0315 0062;0061 05AE 0300 0485 0315 0062; # (a◌̕◌̀◌֮◌҅b; à◌֮◌҅◌̕b; a◌֮◌̀◌҅◌̕b; à◌֮◌҅◌̕b; a◌֮◌̀◌҅◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING CYRILLIC DASIA PNEUMATA, LATIN SMALL LETTER B +0061 0485 0315 0300 05AE 0062;0061 05AE 0485 0300 0315 0062;0061 05AE 0485 0300 0315 0062;0061 05AE 0485 0300 0315 0062;0061 05AE 0485 0300 0315 0062; # (a◌҅◌̕◌̀◌֮b; a◌֮◌҅◌̀◌̕b; a◌֮◌҅◌̀◌̕b; a◌֮◌҅◌̀◌̕b; a◌֮◌҅◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING CYRILLIC DASIA PNEUMATA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0486 0062;00E0 05AE 0486 0315 0062;0061 05AE 0300 0486 0315 0062;00E0 05AE 0486 0315 0062;0061 05AE 0300 0486 0315 0062; # (a◌̕◌̀◌֮◌҆b; à◌֮◌҆◌̕b; a◌֮◌̀◌҆◌̕b; à◌֮◌҆◌̕b; a◌֮◌̀◌҆◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING CYRILLIC PSILI PNEUMATA, LATIN SMALL LETTER B +0061 0486 0315 0300 05AE 0062;0061 05AE 0486 0300 0315 0062;0061 05AE 0486 0300 0315 0062;0061 05AE 0486 0300 0315 0062;0061 05AE 0486 0300 0315 0062; # (a◌҆◌̕◌̀◌֮b; a◌֮◌҆◌̀◌̕b; a◌֮◌҆◌̀◌̕b; a◌֮◌҆◌̀◌̕b; a◌֮◌҆◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING CYRILLIC PSILI PNEUMATA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 0591 0062;0061 302A 0316 0591 059A 0062;0061 302A 0316 0591 059A 0062;0061 302A 0316 0591 059A 0062;0061 302A 0316 0591 059A 0062; # (a◌֚◌̖◌〪◌֑b; a◌〪◌̖◌֑◌֚b; a◌〪◌̖◌֑◌֚b; a◌〪◌̖◌֑◌֚b; a◌〪◌̖◌֑◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, HEBREW ACCENT ETNAHTA, LATIN SMALL LETTER B +0061 0591 059A 0316 302A 0062;0061 302A 0591 0316 059A 0062;0061 302A 0591 0316 059A 0062;0061 302A 0591 0316 059A 0062;0061 302A 0591 0316 059A 0062; # (a◌֑◌֚◌̖◌〪b; a◌〪◌֑◌̖◌֚b; a◌〪◌֑◌̖◌֚b; a◌〪◌֑◌̖◌֚b; a◌〪◌֑◌̖◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT ETNAHTA, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 0592 0062;00E0 05AE 0592 0315 0062;0061 05AE 0300 0592 0315 0062;00E0 05AE 0592 0315 0062;0061 05AE 0300 0592 0315 0062; # (a◌̕◌̀◌֮◌֒b; à◌֮◌֒◌̕b; a◌֮◌̀◌֒◌̕b; à◌֮◌֒◌̕b; a◌֮◌̀◌֒◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT SEGOL, LATIN SMALL LETTER B +0061 0592 0315 0300 05AE 0062;0061 05AE 0592 0300 0315 0062;0061 05AE 0592 0300 0315 0062;0061 05AE 0592 0300 0315 0062;0061 05AE 0592 0300 0315 0062; # (a◌֒◌̕◌̀◌֮b; a◌֮◌֒◌̀◌̕b; a◌֮◌֒◌̀◌̕b; a◌֮◌֒◌̀◌̕b; a◌֮◌֒◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT SEGOL, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0593 0062;00E0 05AE 0593 0315 0062;0061 05AE 0300 0593 0315 0062;00E0 05AE 0593 0315 0062;0061 05AE 0300 0593 0315 0062; # (a◌̕◌̀◌֮◌֓b; à◌֮◌֓◌̕b; a◌֮◌̀◌֓◌̕b; à◌֮◌֓◌̕b; a◌֮◌̀◌֓◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT SHALSHELET, LATIN SMALL LETTER B +0061 0593 0315 0300 05AE 0062;0061 05AE 0593 0300 0315 0062;0061 05AE 0593 0300 0315 0062;0061 05AE 0593 0300 0315 0062;0061 05AE 0593 0300 0315 0062; # (a◌֓◌̕◌̀◌֮b; a◌֮◌֓◌̀◌̕b; a◌֮◌֓◌̀◌̕b; a◌֮◌֓◌̀◌̕b; a◌֮◌֓◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT SHALSHELET, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0594 0062;00E0 05AE 0594 0315 0062;0061 05AE 0300 0594 0315 0062;00E0 05AE 0594 0315 0062;0061 05AE 0300 0594 0315 0062; # (a◌̕◌̀◌֮◌֔b; à◌֮◌֔◌̕b; a◌֮◌̀◌֔◌̕b; à◌֮◌֔◌̕b; a◌֮◌̀◌֔◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT ZAQEF QATAN, LATIN SMALL LETTER B +0061 0594 0315 0300 05AE 0062;0061 05AE 0594 0300 0315 0062;0061 05AE 0594 0300 0315 0062;0061 05AE 0594 0300 0315 0062;0061 05AE 0594 0300 0315 0062; # (a◌֔◌̕◌̀◌֮b; a◌֮◌֔◌̀◌̕b; a◌֮◌֔◌̀◌̕b; a◌֮◌֔◌̀◌̕b; a◌֮◌֔◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT ZAQEF QATAN, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0595 0062;00E0 05AE 0595 0315 0062;0061 05AE 0300 0595 0315 0062;00E0 05AE 0595 0315 0062;0061 05AE 0300 0595 0315 0062; # (a◌̕◌̀◌֮◌֕b; à◌֮◌֕◌̕b; a◌֮◌̀◌֕◌̕b; à◌֮◌֕◌̕b; a◌֮◌̀◌֕◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT ZAQEF GADOL, LATIN SMALL LETTER B +0061 0595 0315 0300 05AE 0062;0061 05AE 0595 0300 0315 0062;0061 05AE 0595 0300 0315 0062;0061 05AE 0595 0300 0315 0062;0061 05AE 0595 0300 0315 0062; # (a◌֕◌̕◌̀◌֮b; a◌֮◌֕◌̀◌̕b; a◌֮◌֕◌̀◌̕b; a◌֮◌֕◌̀◌̕b; a◌֮◌֕◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT ZAQEF GADOL, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 0596 0062;0061 302A 0316 0596 059A 0062;0061 302A 0316 0596 059A 0062;0061 302A 0316 0596 059A 0062;0061 302A 0316 0596 059A 0062; # (a◌֚◌̖◌〪◌֖b; a◌〪◌̖◌֖◌֚b; a◌〪◌̖◌֖◌֚b; a◌〪◌̖◌֖◌֚b; a◌〪◌̖◌֖◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, HEBREW ACCENT TIPEHA, LATIN SMALL LETTER B +0061 0596 059A 0316 302A 0062;0061 302A 0596 0316 059A 0062;0061 302A 0596 0316 059A 0062;0061 302A 0596 0316 059A 0062;0061 302A 0596 0316 059A 0062; # (a◌֖◌֚◌̖◌〪b; a◌〪◌֖◌̖◌֚b; a◌〪◌֖◌̖◌֚b; a◌〪◌֖◌̖◌֚b; a◌〪◌֖◌̖◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT TIPEHA, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 0597 0062;00E0 05AE 0597 0315 0062;0061 05AE 0300 0597 0315 0062;00E0 05AE 0597 0315 0062;0061 05AE 0300 0597 0315 0062; # (a◌̕◌̀◌֮◌֗b; à◌֮◌֗◌̕b; a◌֮◌̀◌֗◌̕b; à◌֮◌֗◌̕b; a◌֮◌̀◌֗◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT REVIA, LATIN SMALL LETTER B +0061 0597 0315 0300 05AE 0062;0061 05AE 0597 0300 0315 0062;0061 05AE 0597 0300 0315 0062;0061 05AE 0597 0300 0315 0062;0061 05AE 0597 0300 0315 0062; # (a◌֗◌̕◌̀◌֮b; a◌֮◌֗◌̀◌̕b; a◌֮◌֗◌̀◌̕b; a◌֮◌֗◌̀◌̕b; a◌֮◌֗◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT REVIA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0598 0062;00E0 05AE 0598 0315 0062;0061 05AE 0300 0598 0315 0062;00E0 05AE 0598 0315 0062;0061 05AE 0300 0598 0315 0062; # (a◌̕◌̀◌֮◌֘b; à◌֮◌֘◌̕b; a◌֮◌̀◌֘◌̕b; à◌֮◌֘◌̕b; a◌֮◌̀◌֘◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT ZARQA, LATIN SMALL LETTER B +0061 0598 0315 0300 05AE 0062;0061 05AE 0598 0300 0315 0062;0061 05AE 0598 0300 0315 0062;0061 05AE 0598 0300 0315 0062;0061 05AE 0598 0300 0315 0062; # (a◌֘◌̕◌̀◌֮b; a◌֮◌֘◌̀◌̕b; a◌֮◌֘◌̀◌̕b; a◌֮◌֘◌̀◌̕b; a◌֮◌֘◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT ZARQA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0599 0062;00E0 05AE 0599 0315 0062;0061 05AE 0300 0599 0315 0062;00E0 05AE 0599 0315 0062;0061 05AE 0300 0599 0315 0062; # (a◌̕◌̀◌֮◌֙b; à◌֮◌֙◌̕b; a◌֮◌̀◌֙◌̕b; à◌֮◌֙◌̕b; a◌֮◌̀◌֙◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT PASHTA, LATIN SMALL LETTER B +0061 0599 0315 0300 05AE 0062;0061 05AE 0599 0300 0315 0062;0061 05AE 0599 0300 0315 0062;0061 05AE 0599 0300 0315 0062;0061 05AE 0599 0300 0315 0062; # (a◌֙◌̕◌̀◌֮b; a◌֮◌֙◌̀◌̕b; a◌֮◌֙◌̀◌̕b; a◌֮◌֙◌̀◌̕b; a◌֮◌֙◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT PASHTA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 302E 059A 0316 059A 0062;0061 0316 059A 059A 302E 0062;0061 0316 059A 059A 302E 0062;0061 0316 059A 059A 302E 0062;0061 0316 059A 059A 302E 0062; # (a◌〮◌֚◌̖◌֚b; a◌̖◌֚◌֚◌〮b; a◌̖◌֚◌֚◌〮b; a◌̖◌֚◌֚◌〮b; a◌̖◌֚◌֚◌〮b; ) LATIN SMALL LETTER A, HANGUL SINGLE DOT TONE MARK, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, HEBREW ACCENT YETIV, LATIN SMALL LETTER B +0061 059A 302E 059A 0316 0062;0061 0316 059A 059A 302E 0062;0061 0316 059A 059A 302E 0062;0061 0316 059A 059A 302E 0062;0061 0316 059A 059A 302E 0062; # (a◌֚◌〮◌֚◌̖b; a◌̖◌֚◌֚◌〮b; a◌̖◌֚◌֚◌〮b; a◌̖◌֚◌֚◌〮b; a◌̖◌֚◌֚◌〮b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, HANGUL SINGLE DOT TONE MARK, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, LATIN SMALL LETTER B +0061 059A 0316 302A 059B 0062;0061 302A 0316 059B 059A 0062;0061 302A 0316 059B 059A 0062;0061 302A 0316 059B 059A 0062;0061 302A 0316 059B 059A 0062; # (a◌֚◌̖◌〪◌֛b; a◌〪◌̖◌֛◌֚b; a◌〪◌̖◌֛◌֚b; a◌〪◌̖◌֛◌֚b; a◌〪◌̖◌֛◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, HEBREW ACCENT TEVIR, LATIN SMALL LETTER B +0061 059B 059A 0316 302A 0062;0061 302A 059B 0316 059A 0062;0061 302A 059B 0316 059A 0062;0061 302A 059B 0316 059A 0062;0061 302A 059B 0316 059A 0062; # (a◌֛◌֚◌̖◌〪b; a◌〪◌֛◌̖◌֚b; a◌〪◌֛◌̖◌֚b; a◌〪◌֛◌̖◌֚b; a◌〪◌֛◌̖◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT TEVIR, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 059C 0062;00E0 05AE 059C 0315 0062;0061 05AE 0300 059C 0315 0062;00E0 05AE 059C 0315 0062;0061 05AE 0300 059C 0315 0062; # (a◌̕◌̀◌֮◌֜b; à◌֮◌֜◌̕b; a◌֮◌̀◌֜◌̕b; à◌֮◌֜◌̕b; a◌֮◌̀◌֜◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT GERESH, LATIN SMALL LETTER B +0061 059C 0315 0300 05AE 0062;0061 05AE 059C 0300 0315 0062;0061 05AE 059C 0300 0315 0062;0061 05AE 059C 0300 0315 0062;0061 05AE 059C 0300 0315 0062; # (a◌֜◌̕◌̀◌֮b; a◌֮◌֜◌̀◌̕b; a◌֮◌֜◌̀◌̕b; a◌֮◌֜◌̀◌̕b; a◌֮◌֜◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT GERESH, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 059D 0062;00E0 05AE 059D 0315 0062;0061 05AE 0300 059D 0315 0062;00E0 05AE 059D 0315 0062;0061 05AE 0300 059D 0315 0062; # (a◌̕◌̀◌֮◌Öb; à◌֮◌Ö◌̕b; a◌֮◌̀◌Ö◌̕b; à◌֮◌Ö◌̕b; a◌֮◌̀◌Ö◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT GERESH MUQDAM, LATIN SMALL LETTER B +0061 059D 0315 0300 05AE 0062;0061 05AE 059D 0300 0315 0062;0061 05AE 059D 0300 0315 0062;0061 05AE 059D 0300 0315 0062;0061 05AE 059D 0300 0315 0062; # (aâ—ŒÖ◌̕◌̀◌֮b; a◌֮◌Ö◌̀◌̕b; a◌֮◌Ö◌̀◌̕b; a◌֮◌Ö◌̀◌̕b; a◌֮◌Ö◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT GERESH MUQDAM, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 059E 0062;00E0 05AE 059E 0315 0062;0061 05AE 0300 059E 0315 0062;00E0 05AE 059E 0315 0062;0061 05AE 0300 059E 0315 0062; # (a◌̕◌̀◌֮◌֞b; à◌֮◌֞◌̕b; a◌֮◌̀◌֞◌̕b; à◌֮◌֞◌̕b; a◌֮◌̀◌֞◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT GERSHAYIM, LATIN SMALL LETTER B +0061 059E 0315 0300 05AE 0062;0061 05AE 059E 0300 0315 0062;0061 05AE 059E 0300 0315 0062;0061 05AE 059E 0300 0315 0062;0061 05AE 059E 0300 0315 0062; # (a◌֞◌̕◌̀◌֮b; a◌֮◌֞◌̀◌̕b; a◌֮◌֞◌̀◌̕b; a◌֮◌֞◌̀◌̕b; a◌֮◌֞◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT GERSHAYIM, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 059F 0062;00E0 05AE 059F 0315 0062;0061 05AE 0300 059F 0315 0062;00E0 05AE 059F 0315 0062;0061 05AE 0300 059F 0315 0062; # (a◌̕◌̀◌֮◌֟b; à◌֮◌֟◌̕b; a◌֮◌̀◌֟◌̕b; à◌֮◌֟◌̕b; a◌֮◌̀◌֟◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT QARNEY PARA, LATIN SMALL LETTER B +0061 059F 0315 0300 05AE 0062;0061 05AE 059F 0300 0315 0062;0061 05AE 059F 0300 0315 0062;0061 05AE 059F 0300 0315 0062;0061 05AE 059F 0300 0315 0062; # (a◌֟◌̕◌̀◌֮b; a◌֮◌֟◌̀◌̕b; a◌֮◌֟◌̀◌̕b; a◌֮◌֟◌̀◌̕b; a◌֮◌֟◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT QARNEY PARA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 05A0 0062;00E0 05AE 05A0 0315 0062;0061 05AE 0300 05A0 0315 0062;00E0 05AE 05A0 0315 0062;0061 05AE 0300 05A0 0315 0062; # (a◌̕◌̀◌֮◌֠b; à◌֮◌֠◌̕b; a◌֮◌̀◌֠◌̕b; à◌֮◌֠◌̕b; a◌֮◌̀◌֠◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT TELISHA GEDOLA, LATIN SMALL LETTER B +0061 05A0 0315 0300 05AE 0062;0061 05AE 05A0 0300 0315 0062;0061 05AE 05A0 0300 0315 0062;0061 05AE 05A0 0300 0315 0062;0061 05AE 05A0 0300 0315 0062; # (a◌֠◌̕◌̀◌֮b; a◌֮◌֠◌̀◌̕b; a◌֮◌֠◌̀◌̕b; a◌֮◌֠◌̀◌̕b; a◌֮◌֠◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT TELISHA GEDOLA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 05A1 0062;00E0 05AE 05A1 0315 0062;0061 05AE 0300 05A1 0315 0062;00E0 05AE 05A1 0315 0062;0061 05AE 0300 05A1 0315 0062; # (a◌̕◌̀◌֮◌֡b; à◌֮◌֡◌̕b; a◌֮◌̀◌֡◌̕b; à◌֮◌֡◌̕b; a◌֮◌̀◌֡◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT PAZER, LATIN SMALL LETTER B +0061 05A1 0315 0300 05AE 0062;0061 05AE 05A1 0300 0315 0062;0061 05AE 05A1 0300 0315 0062;0061 05AE 05A1 0300 0315 0062;0061 05AE 05A1 0300 0315 0062; # (a◌֡◌̕◌̀◌֮b; a◌֮◌֡◌̀◌̕b; a◌֮◌֡◌̀◌̕b; a◌֮◌֡◌̀◌̕b; a◌֮◌֡◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT PAZER, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 05A3 0062;0061 302A 0316 05A3 059A 0062;0061 302A 0316 05A3 059A 0062;0061 302A 0316 05A3 059A 0062;0061 302A 0316 05A3 059A 0062; # (a◌֚◌̖◌〪◌֣b; a◌〪◌̖◌֣◌֚b; a◌〪◌̖◌֣◌֚b; a◌〪◌̖◌֣◌֚b; a◌〪◌̖◌֣◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, HEBREW ACCENT MUNAH, LATIN SMALL LETTER B +0061 05A3 059A 0316 302A 0062;0061 302A 05A3 0316 059A 0062;0061 302A 05A3 0316 059A 0062;0061 302A 05A3 0316 059A 0062;0061 302A 05A3 0316 059A 0062; # (a◌֣◌֚◌̖◌〪b; a◌〪◌֣◌̖◌֚b; a◌〪◌֣◌̖◌֚b; a◌〪◌֣◌̖◌֚b; a◌〪◌֣◌̖◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT MUNAH, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 05A4 0062;0061 302A 0316 05A4 059A 0062;0061 302A 0316 05A4 059A 0062;0061 302A 0316 05A4 059A 0062;0061 302A 0316 05A4 059A 0062; # (a◌֚◌̖◌〪◌֤b; a◌〪◌̖◌֤◌֚b; a◌〪◌̖◌֤◌֚b; a◌〪◌̖◌֤◌֚b; a◌〪◌̖◌֤◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, HEBREW ACCENT MAHAPAKH, LATIN SMALL LETTER B +0061 05A4 059A 0316 302A 0062;0061 302A 05A4 0316 059A 0062;0061 302A 05A4 0316 059A 0062;0061 302A 05A4 0316 059A 0062;0061 302A 05A4 0316 059A 0062; # (a◌֤◌֚◌̖◌〪b; a◌〪◌֤◌̖◌֚b; a◌〪◌֤◌̖◌֚b; a◌〪◌֤◌̖◌֚b; a◌〪◌֤◌̖◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT MAHAPAKH, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 05A5 0062;0061 302A 0316 05A5 059A 0062;0061 302A 0316 05A5 059A 0062;0061 302A 0316 05A5 059A 0062;0061 302A 0316 05A5 059A 0062; # (a◌֚◌̖◌〪◌֥b; a◌〪◌̖◌֥◌֚b; a◌〪◌̖◌֥◌֚b; a◌〪◌̖◌֥◌֚b; a◌〪◌̖◌֥◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, HEBREW ACCENT MERKHA, LATIN SMALL LETTER B +0061 05A5 059A 0316 302A 0062;0061 302A 05A5 0316 059A 0062;0061 302A 05A5 0316 059A 0062;0061 302A 05A5 0316 059A 0062;0061 302A 05A5 0316 059A 0062; # (a◌֥◌֚◌̖◌〪b; a◌〪◌֥◌̖◌֚b; a◌〪◌֥◌̖◌֚b; a◌〪◌֥◌̖◌֚b; a◌〪◌֥◌̖◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT MERKHA, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 05A6 0062;0061 302A 0316 05A6 059A 0062;0061 302A 0316 05A6 059A 0062;0061 302A 0316 05A6 059A 0062;0061 302A 0316 05A6 059A 0062; # (a◌֚◌̖◌〪◌֦b; a◌〪◌̖◌֦◌֚b; a◌〪◌̖◌֦◌֚b; a◌〪◌̖◌֦◌֚b; a◌〪◌̖◌֦◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, HEBREW ACCENT MERKHA KEFULA, LATIN SMALL LETTER B +0061 05A6 059A 0316 302A 0062;0061 302A 05A6 0316 059A 0062;0061 302A 05A6 0316 059A 0062;0061 302A 05A6 0316 059A 0062;0061 302A 05A6 0316 059A 0062; # (a◌֦◌֚◌̖◌〪b; a◌〪◌֦◌̖◌֚b; a◌〪◌֦◌̖◌֚b; a◌〪◌֦◌̖◌֚b; a◌〪◌֦◌̖◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT MERKHA KEFULA, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 05A7 0062;0061 302A 0316 05A7 059A 0062;0061 302A 0316 05A7 059A 0062;0061 302A 0316 05A7 059A 0062;0061 302A 0316 05A7 059A 0062; # (a◌֚◌̖◌〪◌֧b; a◌〪◌̖◌֧◌֚b; a◌〪◌̖◌֧◌֚b; a◌〪◌̖◌֧◌֚b; a◌〪◌̖◌֧◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, HEBREW ACCENT DARGA, LATIN SMALL LETTER B +0061 05A7 059A 0316 302A 0062;0061 302A 05A7 0316 059A 0062;0061 302A 05A7 0316 059A 0062;0061 302A 05A7 0316 059A 0062;0061 302A 05A7 0316 059A 0062; # (a◌֧◌֚◌̖◌〪b; a◌〪◌֧◌̖◌֚b; a◌〪◌֧◌̖◌֚b; a◌〪◌֧◌̖◌֚b; a◌〪◌֧◌̖◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT DARGA, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 05A8 0062;00E0 05AE 05A8 0315 0062;0061 05AE 0300 05A8 0315 0062;00E0 05AE 05A8 0315 0062;0061 05AE 0300 05A8 0315 0062; # (a◌̕◌̀◌֮◌֨b; à◌֮◌֨◌̕b; a◌֮◌̀◌֨◌̕b; à◌֮◌֨◌̕b; a◌֮◌̀◌֨◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT QADMA, LATIN SMALL LETTER B +0061 05A8 0315 0300 05AE 0062;0061 05AE 05A8 0300 0315 0062;0061 05AE 05A8 0300 0315 0062;0061 05AE 05A8 0300 0315 0062;0061 05AE 05A8 0300 0315 0062; # (a◌֨◌̕◌̀◌֮b; a◌֮◌֨◌̀◌̕b; a◌֮◌֨◌̀◌̕b; a◌֮◌֨◌̀◌̕b; a◌֮◌֨◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT QADMA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 05A9 0062;00E0 05AE 05A9 0315 0062;0061 05AE 0300 05A9 0315 0062;00E0 05AE 05A9 0315 0062;0061 05AE 0300 05A9 0315 0062; # (a◌̕◌̀◌֮◌֩b; à◌֮◌֩◌̕b; a◌֮◌̀◌֩◌̕b; à◌֮◌֩◌̕b; a◌֮◌̀◌֩◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT TELISHA QETANA, LATIN SMALL LETTER B +0061 05A9 0315 0300 05AE 0062;0061 05AE 05A9 0300 0315 0062;0061 05AE 05A9 0300 0315 0062;0061 05AE 05A9 0300 0315 0062;0061 05AE 05A9 0300 0315 0062; # (a◌֩◌̕◌̀◌֮b; a◌֮◌֩◌̀◌̕b; a◌֮◌֩◌̀◌̕b; a◌֮◌֩◌̀◌̕b; a◌֮◌֩◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT TELISHA QETANA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 05AA 0062;0061 302A 0316 05AA 059A 0062;0061 302A 0316 05AA 059A 0062;0061 302A 0316 05AA 059A 0062;0061 302A 0316 05AA 059A 0062; # (a◌֚◌̖◌〪◌֪b; a◌〪◌̖◌֪◌֚b; a◌〪◌̖◌֪◌֚b; a◌〪◌̖◌֪◌֚b; a◌〪◌̖◌֪◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, HEBREW ACCENT YERAH BEN YOMO, LATIN SMALL LETTER B +0061 05AA 059A 0316 302A 0062;0061 302A 05AA 0316 059A 0062;0061 302A 05AA 0316 059A 0062;0061 302A 05AA 0316 059A 0062;0061 302A 05AA 0316 059A 0062; # (a◌֪◌֚◌̖◌〪b; a◌〪◌֪◌̖◌֚b; a◌〪◌֪◌̖◌֚b; a◌〪◌֪◌̖◌֚b; a◌〪◌֪◌̖◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YERAH BEN YOMO, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 05AB 0062;00E0 05AE 05AB 0315 0062;0061 05AE 0300 05AB 0315 0062;00E0 05AE 05AB 0315 0062;0061 05AE 0300 05AB 0315 0062; # (a◌̕◌̀◌֮◌֫b; à◌֮◌֫◌̕b; a◌֮◌̀◌֫◌̕b; à◌֮◌֫◌̕b; a◌֮◌̀◌֫◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT OLE, LATIN SMALL LETTER B +0061 05AB 0315 0300 05AE 0062;0061 05AE 05AB 0300 0315 0062;0061 05AE 05AB 0300 0315 0062;0061 05AE 05AB 0300 0315 0062;0061 05AE 05AB 0300 0315 0062; # (a◌֫◌̕◌̀◌֮b; a◌֮◌֫◌̀◌̕b; a◌֮◌֫◌̀◌̕b; a◌֮◌֫◌̀◌̕b; a◌֮◌֫◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT OLE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 05AC 0062;00E0 05AE 05AC 0315 0062;0061 05AE 0300 05AC 0315 0062;00E0 05AE 05AC 0315 0062;0061 05AE 0300 05AC 0315 0062; # (a◌̕◌̀◌֮◌֬b; à◌֮◌֬◌̕b; a◌֮◌̀◌֬◌̕b; à◌֮◌֬◌̕b; a◌֮◌̀◌֬◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW ACCENT ILUY, LATIN SMALL LETTER B +0061 05AC 0315 0300 05AE 0062;0061 05AE 05AC 0300 0315 0062;0061 05AE 05AC 0300 0315 0062;0061 05AE 05AC 0300 0315 0062;0061 05AE 05AC 0300 0315 0062; # (a◌֬◌̕◌̀◌֮b; a◌֮◌֬◌̀◌̕b; a◌֮◌֬◌̀◌̕b; a◌֮◌֬◌̀◌̕b; a◌֮◌֬◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW ACCENT ILUY, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 302E 059A 0316 05AD 0062;0061 0316 059A 05AD 302E 0062;0061 0316 059A 05AD 302E 0062;0061 0316 059A 05AD 302E 0062;0061 0316 059A 05AD 302E 0062; # (a◌〮◌֚◌̖◌֭b; a◌̖◌֚◌֭◌〮b; a◌̖◌֚◌֭◌〮b; a◌̖◌֚◌֭◌〮b; a◌̖◌֚◌֭◌〮b; ) LATIN SMALL LETTER A, HANGUL SINGLE DOT TONE MARK, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, HEBREW ACCENT DEHI, LATIN SMALL LETTER B +0061 05AD 302E 059A 0316 0062;0061 0316 05AD 059A 302E 0062;0061 0316 05AD 059A 302E 0062;0061 0316 05AD 059A 302E 0062;0061 0316 05AD 059A 302E 0062; # (a◌֭◌〮◌֚◌̖b; a◌̖◌֭◌֚◌〮b; a◌̖◌֭◌֚◌〮b; a◌̖◌֭◌֚◌〮b; a◌̖◌֭◌֚◌〮b; ) LATIN SMALL LETTER A, HEBREW ACCENT DEHI, HANGUL SINGLE DOT TONE MARK, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, LATIN SMALL LETTER B +0061 0300 05AE 1D16D 05AE 0062;00E0 1D16D 05AE 05AE 0062;0061 1D16D 05AE 05AE 0300 0062;00E0 1D16D 05AE 05AE 0062;0061 1D16D 05AE 05AE 0300 0062; # (a◌̀◌֮ð…­ð…­â—ŒÖ®b; àð…­ð…­â—ŒÖ®â—ŒÖ®b; að…­ð…­â—ŒÖ®â—ŒÖ®â—ŒÌ€b; àð…­ð…­â—ŒÖ®â—ŒÖ®b; að…­ð…­â—ŒÖ®â—ŒÖ®â—ŒÌ€b; ) LATIN SMALL LETTER A, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING AUGMENTATION DOT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 05AE 0300 05AE 1D16D 0062;00E0 1D16D 05AE 05AE 0062;0061 1D16D 05AE 05AE 0300 0062;00E0 1D16D 05AE 05AE 0062;0061 1D16D 05AE 05AE 0300 0062; # (a◌֮◌̀◌֮ð…­ð…­b; àð…­ð…­â—ŒÖ®â—ŒÖ®b; að…­ð…­â—ŒÖ®â—ŒÖ®â—ŒÌ€b; àð…­ð…­â—ŒÖ®â—ŒÖ®b; að…­ð…­â—ŒÖ®â—ŒÖ®â—ŒÌ€b; ) LATIN SMALL LETTER A, HEBREW ACCENT ZINOR, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING AUGMENTATION DOT, LATIN SMALL LETTER B +0061 0315 0300 05AE 05AF 0062;00E0 05AE 05AF 0315 0062;0061 05AE 0300 05AF 0315 0062;00E0 05AE 05AF 0315 0062;0061 05AE 0300 05AF 0315 0062; # (a◌̕◌̀◌֮◌֯b; à◌֮◌֯◌̕b; a◌֮◌̀◌֯◌̕b; à◌֮◌֯◌̕b; a◌֮◌̀◌֯◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW MARK MASORA CIRCLE, LATIN SMALL LETTER B +0061 05AF 0315 0300 05AE 0062;0061 05AE 05AF 0300 0315 0062;0061 05AE 05AF 0300 0315 0062;0061 05AE 05AF 0300 0315 0062;0061 05AE 05AF 0300 0315 0062; # (a◌֯◌̕◌̀◌֮b; a◌֮◌֯◌̀◌̕b; a◌֮◌֯◌̀◌̕b; a◌֮◌֯◌̀◌̕b; a◌֮◌֯◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW MARK MASORA CIRCLE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 05B1 05B0 094D 05B0 0062;0061 094D 05B0 05B0 05B1 0062;0061 094D 05B0 05B0 05B1 0062;0061 094D 05B0 05B0 05B1 0062;0061 094D 05B0 05B0 05B1 0062; # (a◌ֱ◌ְ◌à¥â—ŒÖ°b; aâ—Œà¥â—ŒÖ°â—ŒÖ°â—ŒÖ±b; aâ—Œà¥â—ŒÖ°â—ŒÖ°â—ŒÖ±b; aâ—Œà¥â—ŒÖ°â—ŒÖ°â—ŒÖ±b; aâ—Œà¥â—ŒÖ°â—ŒÖ°â—ŒÖ±b; ) LATIN SMALL LETTER A, HEBREW POINT HATAF SEGOL, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, HEBREW POINT SHEVA, LATIN SMALL LETTER B +0061 05B0 05B1 05B0 094D 0062;0061 094D 05B0 05B0 05B1 0062;0061 094D 05B0 05B0 05B1 0062;0061 094D 05B0 05B0 05B1 0062;0061 094D 05B0 05B0 05B1 0062; # (a◌ְ◌ֱ◌ְ◌à¥b; aâ—Œà¥â—ŒÖ°â—ŒÖ°â—ŒÖ±b; aâ—Œà¥â—ŒÖ°â—ŒÖ°â—ŒÖ±b; aâ—Œà¥â—ŒÖ°â—ŒÖ°â—ŒÖ±b; aâ—Œà¥â—ŒÖ°â—ŒÖ°â—ŒÖ±b; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, HEBREW POINT HATAF SEGOL, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, LATIN SMALL LETTER B +0061 05B2 05B1 05B0 05B1 0062;0061 05B0 05B1 05B1 05B2 0062;0061 05B0 05B1 05B1 05B2 0062;0061 05B0 05B1 05B1 05B2 0062;0061 05B0 05B1 05B1 05B2 0062; # (a◌ֲ◌ֱ◌ְ◌ֱb; a◌ְ◌ֱ◌ֱ◌ֲb; a◌ְ◌ֱ◌ֱ◌ֲb; a◌ְ◌ֱ◌ֱ◌ֲb; a◌ְ◌ֱ◌ֱ◌ֲb; ) LATIN SMALL LETTER A, HEBREW POINT HATAF PATAH, HEBREW POINT HATAF SEGOL, HEBREW POINT SHEVA, HEBREW POINT HATAF SEGOL, LATIN SMALL LETTER B +0061 05B1 05B2 05B1 05B0 0062;0061 05B0 05B1 05B1 05B2 0062;0061 05B0 05B1 05B1 05B2 0062;0061 05B0 05B1 05B1 05B2 0062;0061 05B0 05B1 05B1 05B2 0062; # (a◌ֱ◌ֲ◌ֱ◌ְb; a◌ְ◌ֱ◌ֱ◌ֲb; a◌ְ◌ֱ◌ֱ◌ֲb; a◌ְ◌ֱ◌ֱ◌ֲb; a◌ְ◌ֱ◌ֱ◌ֲb; ) LATIN SMALL LETTER A, HEBREW POINT HATAF SEGOL, HEBREW POINT HATAF PATAH, HEBREW POINT HATAF SEGOL, HEBREW POINT SHEVA, LATIN SMALL LETTER B +0061 05B3 05B2 05B1 05B2 0062;0061 05B1 05B2 05B2 05B3 0062;0061 05B1 05B2 05B2 05B3 0062;0061 05B1 05B2 05B2 05B3 0062;0061 05B1 05B2 05B2 05B3 0062; # (a◌ֳ◌ֲ◌ֱ◌ֲb; a◌ֱ◌ֲ◌ֲ◌ֳb; a◌ֱ◌ֲ◌ֲ◌ֳb; a◌ֱ◌ֲ◌ֲ◌ֳb; a◌ֱ◌ֲ◌ֲ◌ֳb; ) LATIN SMALL LETTER A, HEBREW POINT HATAF QAMATS, HEBREW POINT HATAF PATAH, HEBREW POINT HATAF SEGOL, HEBREW POINT HATAF PATAH, LATIN SMALL LETTER B +0061 05B2 05B3 05B2 05B1 0062;0061 05B1 05B2 05B2 05B3 0062;0061 05B1 05B2 05B2 05B3 0062;0061 05B1 05B2 05B2 05B3 0062;0061 05B1 05B2 05B2 05B3 0062; # (a◌ֲ◌ֳ◌ֲ◌ֱb; a◌ֱ◌ֲ◌ֲ◌ֳb; a◌ֱ◌ֲ◌ֲ◌ֳb; a◌ֱ◌ֲ◌ֲ◌ֳb; a◌ֱ◌ֲ◌ֲ◌ֳb; ) LATIN SMALL LETTER A, HEBREW POINT HATAF PATAH, HEBREW POINT HATAF QAMATS, HEBREW POINT HATAF PATAH, HEBREW POINT HATAF SEGOL, LATIN SMALL LETTER B +0061 05B4 05B3 05B2 05B3 0062;0061 05B2 05B3 05B3 05B4 0062;0061 05B2 05B3 05B3 05B4 0062;0061 05B2 05B3 05B3 05B4 0062;0061 05B2 05B3 05B3 05B4 0062; # (a◌ִ◌ֳ◌ֲ◌ֳb; a◌ֲ◌ֳ◌ֳ◌ִb; a◌ֲ◌ֳ◌ֳ◌ִb; a◌ֲ◌ֳ◌ֳ◌ִb; a◌ֲ◌ֳ◌ֳ◌ִb; ) LATIN SMALL LETTER A, HEBREW POINT HIRIQ, HEBREW POINT HATAF QAMATS, HEBREW POINT HATAF PATAH, HEBREW POINT HATAF QAMATS, LATIN SMALL LETTER B +0061 05B3 05B4 05B3 05B2 0062;0061 05B2 05B3 05B3 05B4 0062;0061 05B2 05B3 05B3 05B4 0062;0061 05B2 05B3 05B3 05B4 0062;0061 05B2 05B3 05B3 05B4 0062; # (a◌ֳ◌ִ◌ֳ◌ֲb; a◌ֲ◌ֳ◌ֳ◌ִb; a◌ֲ◌ֳ◌ֳ◌ִb; a◌ֲ◌ֳ◌ֳ◌ִb; a◌ֲ◌ֳ◌ֳ◌ִb; ) LATIN SMALL LETTER A, HEBREW POINT HATAF QAMATS, HEBREW POINT HIRIQ, HEBREW POINT HATAF QAMATS, HEBREW POINT HATAF PATAH, LATIN SMALL LETTER B +0061 05B5 05B4 05B3 05B4 0062;0061 05B3 05B4 05B4 05B5 0062;0061 05B3 05B4 05B4 05B5 0062;0061 05B3 05B4 05B4 05B5 0062;0061 05B3 05B4 05B4 05B5 0062; # (a◌ֵ◌ִ◌ֳ◌ִb; a◌ֳ◌ִ◌ִ◌ֵb; a◌ֳ◌ִ◌ִ◌ֵb; a◌ֳ◌ִ◌ִ◌ֵb; a◌ֳ◌ִ◌ִ◌ֵb; ) LATIN SMALL LETTER A, HEBREW POINT TSERE, HEBREW POINT HIRIQ, HEBREW POINT HATAF QAMATS, HEBREW POINT HIRIQ, LATIN SMALL LETTER B +0061 05B4 05B5 05B4 05B3 0062;0061 05B3 05B4 05B4 05B5 0062;0061 05B3 05B4 05B4 05B5 0062;0061 05B3 05B4 05B4 05B5 0062;0061 05B3 05B4 05B4 05B5 0062; # (a◌ִ◌ֵ◌ִ◌ֳb; a◌ֳ◌ִ◌ִ◌ֵb; a◌ֳ◌ִ◌ִ◌ֵb; a◌ֳ◌ִ◌ִ◌ֵb; a◌ֳ◌ִ◌ִ◌ֵb; ) LATIN SMALL LETTER A, HEBREW POINT HIRIQ, HEBREW POINT TSERE, HEBREW POINT HIRIQ, HEBREW POINT HATAF QAMATS, LATIN SMALL LETTER B +0061 05B6 05B5 05B4 05B5 0062;0061 05B4 05B5 05B5 05B6 0062;0061 05B4 05B5 05B5 05B6 0062;0061 05B4 05B5 05B5 05B6 0062;0061 05B4 05B5 05B5 05B6 0062; # (a◌ֶ◌ֵ◌ִ◌ֵb; a◌ִ◌ֵ◌ֵ◌ֶb; a◌ִ◌ֵ◌ֵ◌ֶb; a◌ִ◌ֵ◌ֵ◌ֶb; a◌ִ◌ֵ◌ֵ◌ֶb; ) LATIN SMALL LETTER A, HEBREW POINT SEGOL, HEBREW POINT TSERE, HEBREW POINT HIRIQ, HEBREW POINT TSERE, LATIN SMALL LETTER B +0061 05B5 05B6 05B5 05B4 0062;0061 05B4 05B5 05B5 05B6 0062;0061 05B4 05B5 05B5 05B6 0062;0061 05B4 05B5 05B5 05B6 0062;0061 05B4 05B5 05B5 05B6 0062; # (a◌ֵ◌ֶ◌ֵ◌ִb; a◌ִ◌ֵ◌ֵ◌ֶb; a◌ִ◌ֵ◌ֵ◌ֶb; a◌ִ◌ֵ◌ֵ◌ֶb; a◌ִ◌ֵ◌ֵ◌ֶb; ) LATIN SMALL LETTER A, HEBREW POINT TSERE, HEBREW POINT SEGOL, HEBREW POINT TSERE, HEBREW POINT HIRIQ, LATIN SMALL LETTER B +0061 05B7 05B6 05B5 05B6 0062;0061 05B5 05B6 05B6 05B7 0062;0061 05B5 05B6 05B6 05B7 0062;0061 05B5 05B6 05B6 05B7 0062;0061 05B5 05B6 05B6 05B7 0062; # (a◌ַ◌ֶ◌ֵ◌ֶb; a◌ֵ◌ֶ◌ֶ◌ַb; a◌ֵ◌ֶ◌ֶ◌ַb; a◌ֵ◌ֶ◌ֶ◌ַb; a◌ֵ◌ֶ◌ֶ◌ַb; ) LATIN SMALL LETTER A, HEBREW POINT PATAH, HEBREW POINT SEGOL, HEBREW POINT TSERE, HEBREW POINT SEGOL, LATIN SMALL LETTER B +0061 05B6 05B7 05B6 05B5 0062;0061 05B5 05B6 05B6 05B7 0062;0061 05B5 05B6 05B6 05B7 0062;0061 05B5 05B6 05B6 05B7 0062;0061 05B5 05B6 05B6 05B7 0062; # (a◌ֶ◌ַ◌ֶ◌ֵb; a◌ֵ◌ֶ◌ֶ◌ַb; a◌ֵ◌ֶ◌ֶ◌ַb; a◌ֵ◌ֶ◌ֶ◌ַb; a◌ֵ◌ֶ◌ֶ◌ַb; ) LATIN SMALL LETTER A, HEBREW POINT SEGOL, HEBREW POINT PATAH, HEBREW POINT SEGOL, HEBREW POINT TSERE, LATIN SMALL LETTER B +0061 05B8 05B7 05B6 05B7 0062;0061 05B6 05B7 05B7 05B8 0062;0061 05B6 05B7 05B7 05B8 0062;0061 05B6 05B7 05B7 05B8 0062;0061 05B6 05B7 05B7 05B8 0062; # (a◌ָ◌ַ◌ֶ◌ַb; a◌ֶ◌ַ◌ַ◌ָb; a◌ֶ◌ַ◌ַ◌ָb; a◌ֶ◌ַ◌ַ◌ָb; a◌ֶ◌ַ◌ַ◌ָb; ) LATIN SMALL LETTER A, HEBREW POINT QAMATS, HEBREW POINT PATAH, HEBREW POINT SEGOL, HEBREW POINT PATAH, LATIN SMALL LETTER B +0061 05B7 05B8 05B7 05B6 0062;0061 05B6 05B7 05B7 05B8 0062;0061 05B6 05B7 05B7 05B8 0062;0061 05B6 05B7 05B7 05B8 0062;0061 05B6 05B7 05B7 05B8 0062; # (a◌ַ◌ָ◌ַ◌ֶb; a◌ֶ◌ַ◌ַ◌ָb; a◌ֶ◌ַ◌ַ◌ָb; a◌ֶ◌ַ◌ַ◌ָb; a◌ֶ◌ַ◌ַ◌ָb; ) LATIN SMALL LETTER A, HEBREW POINT PATAH, HEBREW POINT QAMATS, HEBREW POINT PATAH, HEBREW POINT SEGOL, LATIN SMALL LETTER B +0061 05B9 05B8 05B7 05B8 0062;0061 05B7 05B8 05B8 05B9 0062;0061 05B7 05B8 05B8 05B9 0062;0061 05B7 05B8 05B8 05B9 0062;0061 05B7 05B8 05B8 05B9 0062; # (a◌ֹ◌ָ◌ַ◌ָb; a◌ַ◌ָ◌ָ◌ֹb; a◌ַ◌ָ◌ָ◌ֹb; a◌ַ◌ָ◌ָ◌ֹb; a◌ַ◌ָ◌ָ◌ֹb; ) LATIN SMALL LETTER A, HEBREW POINT HOLAM, HEBREW POINT QAMATS, HEBREW POINT PATAH, HEBREW POINT QAMATS, LATIN SMALL LETTER B +0061 05B8 05B9 05B8 05B7 0062;0061 05B7 05B8 05B8 05B9 0062;0061 05B7 05B8 05B8 05B9 0062;0061 05B7 05B8 05B8 05B9 0062;0061 05B7 05B8 05B8 05B9 0062; # (a◌ָ◌ֹ◌ָ◌ַb; a◌ַ◌ָ◌ָ◌ֹb; a◌ַ◌ָ◌ָ◌ֹb; a◌ַ◌ָ◌ָ◌ֹb; a◌ַ◌ָ◌ָ◌ֹb; ) LATIN SMALL LETTER A, HEBREW POINT QAMATS, HEBREW POINT HOLAM, HEBREW POINT QAMATS, HEBREW POINT PATAH, LATIN SMALL LETTER B +0061 05BB 05B9 05B8 05B9 0062;0061 05B8 05B9 05B9 05BB 0062;0061 05B8 05B9 05B9 05BB 0062;0061 05B8 05B9 05B9 05BB 0062;0061 05B8 05B9 05B9 05BB 0062; # (a◌ֻ◌ֹ◌ָ◌ֹb; a◌ָ◌ֹ◌ֹ◌ֻb; a◌ָ◌ֹ◌ֹ◌ֻb; a◌ָ◌ֹ◌ֹ◌ֻb; a◌ָ◌ֹ◌ֹ◌ֻb; ) LATIN SMALL LETTER A, HEBREW POINT QUBUTS, HEBREW POINT HOLAM, HEBREW POINT QAMATS, HEBREW POINT HOLAM, LATIN SMALL LETTER B +0061 05B9 05BB 05B9 05B8 0062;0061 05B8 05B9 05B9 05BB 0062;0061 05B8 05B9 05B9 05BB 0062;0061 05B8 05B9 05B9 05BB 0062;0061 05B8 05B9 05B9 05BB 0062; # (a◌ֹ◌ֻ◌ֹ◌ָb; a◌ָ◌ֹ◌ֹ◌ֻb; a◌ָ◌ֹ◌ֹ◌ֻb; a◌ָ◌ֹ◌ֹ◌ֻb; a◌ָ◌ֹ◌ֹ◌ֻb; ) LATIN SMALL LETTER A, HEBREW POINT HOLAM, HEBREW POINT QUBUTS, HEBREW POINT HOLAM, HEBREW POINT QAMATS, LATIN SMALL LETTER B +0061 05BC 05BB 05B9 05BB 0062;0061 05B9 05BB 05BB 05BC 0062;0061 05B9 05BB 05BB 05BC 0062;0061 05B9 05BB 05BB 05BC 0062;0061 05B9 05BB 05BB 05BC 0062; # (a◌ּ◌ֻ◌ֹ◌ֻb; a◌ֹ◌ֻ◌ֻ◌ּb; a◌ֹ◌ֻ◌ֻ◌ּb; a◌ֹ◌ֻ◌ֻ◌ּb; a◌ֹ◌ֻ◌ֻ◌ּb; ) LATIN SMALL LETTER A, HEBREW POINT DAGESH OR MAPIQ, HEBREW POINT QUBUTS, HEBREW POINT HOLAM, HEBREW POINT QUBUTS, LATIN SMALL LETTER B +0061 05BB 05BC 05BB 05B9 0062;0061 05B9 05BB 05BB 05BC 0062;0061 05B9 05BB 05BB 05BC 0062;0061 05B9 05BB 05BB 05BC 0062;0061 05B9 05BB 05BB 05BC 0062; # (a◌ֻ◌ּ◌ֻ◌ֹb; a◌ֹ◌ֻ◌ֻ◌ּb; a◌ֹ◌ֻ◌ֻ◌ּb; a◌ֹ◌ֻ◌ֻ◌ּb; a◌ֹ◌ֻ◌ֻ◌ּb; ) LATIN SMALL LETTER A, HEBREW POINT QUBUTS, HEBREW POINT DAGESH OR MAPIQ, HEBREW POINT QUBUTS, HEBREW POINT HOLAM, LATIN SMALL LETTER B +0061 05BD 05BC 05BB 05BC 0062;0061 05BB 05BC 05BC 05BD 0062;0061 05BB 05BC 05BC 05BD 0062;0061 05BB 05BC 05BC 05BD 0062;0061 05BB 05BC 05BC 05BD 0062; # (a◌ֽ◌ּ◌ֻ◌ּb; a◌ֻ◌ּ◌ּ◌ֽb; a◌ֻ◌ּ◌ּ◌ֽb; a◌ֻ◌ּ◌ּ◌ֽb; a◌ֻ◌ּ◌ּ◌ֽb; ) LATIN SMALL LETTER A, HEBREW POINT METEG, HEBREW POINT DAGESH OR MAPIQ, HEBREW POINT QUBUTS, HEBREW POINT DAGESH OR MAPIQ, LATIN SMALL LETTER B +0061 05BC 05BD 05BC 05BB 0062;0061 05BB 05BC 05BC 05BD 0062;0061 05BB 05BC 05BC 05BD 0062;0061 05BB 05BC 05BC 05BD 0062;0061 05BB 05BC 05BC 05BD 0062; # (a◌ּ◌ֽ◌ּ◌ֻb; a◌ֻ◌ּ◌ּ◌ֽb; a◌ֻ◌ּ◌ּ◌ֽb; a◌ֻ◌ּ◌ּ◌ֽb; a◌ֻ◌ּ◌ּ◌ֽb; ) LATIN SMALL LETTER A, HEBREW POINT DAGESH OR MAPIQ, HEBREW POINT METEG, HEBREW POINT DAGESH OR MAPIQ, HEBREW POINT QUBUTS, LATIN SMALL LETTER B +0061 05BF 05BD 05BC 05BD 0062;0061 05BC 05BD 05BD 05BF 0062;0061 05BC 05BD 05BD 05BF 0062;0061 05BC 05BD 05BD 05BF 0062;0061 05BC 05BD 05BD 05BF 0062; # (a◌ֿ◌ֽ◌ּ◌ֽb; a◌ּ◌ֽ◌ֽ◌ֿb; a◌ּ◌ֽ◌ֽ◌ֿb; a◌ּ◌ֽ◌ֽ◌ֿb; a◌ּ◌ֽ◌ֽ◌ֿb; ) LATIN SMALL LETTER A, HEBREW POINT RAFE, HEBREW POINT METEG, HEBREW POINT DAGESH OR MAPIQ, HEBREW POINT METEG, LATIN SMALL LETTER B +0061 05BD 05BF 05BD 05BC 0062;0061 05BC 05BD 05BD 05BF 0062;0061 05BC 05BD 05BD 05BF 0062;0061 05BC 05BD 05BD 05BF 0062;0061 05BC 05BD 05BD 05BF 0062; # (a◌ֽ◌ֿ◌ֽ◌ּb; a◌ּ◌ֽ◌ֽ◌ֿb; a◌ּ◌ֽ◌ֽ◌ֿb; a◌ּ◌ֽ◌ֽ◌ֿb; a◌ּ◌ֽ◌ֽ◌ֿb; ) LATIN SMALL LETTER A, HEBREW POINT METEG, HEBREW POINT RAFE, HEBREW POINT METEG, HEBREW POINT DAGESH OR MAPIQ, LATIN SMALL LETTER B +0061 05C1 05BF 05BD 05BF 0062;0061 05BD 05BF 05BF 05C1 0062;0061 05BD 05BF 05BF 05C1 0062;0061 05BD 05BF 05BF 05C1 0062;0061 05BD 05BF 05BF 05C1 0062; # (aâ—Œ×◌ֿ◌ֽ◌ֿb; a◌ֽ◌ֿ◌ֿ◌×b; a◌ֽ◌ֿ◌ֿ◌×b; a◌ֽ◌ֿ◌ֿ◌×b; a◌ֽ◌ֿ◌ֿ◌×b; ) LATIN SMALL LETTER A, HEBREW POINT SHIN DOT, HEBREW POINT RAFE, HEBREW POINT METEG, HEBREW POINT RAFE, LATIN SMALL LETTER B +0061 05BF 05C1 05BF 05BD 0062;0061 05BD 05BF 05BF 05C1 0062;0061 05BD 05BF 05BF 05C1 0062;0061 05BD 05BF 05BF 05C1 0062;0061 05BD 05BF 05BF 05C1 0062; # (a◌ֿ◌×◌ֿ◌ֽb; a◌ֽ◌ֿ◌ֿ◌×b; a◌ֽ◌ֿ◌ֿ◌×b; a◌ֽ◌ֿ◌ֿ◌×b; a◌ֽ◌ֿ◌ֿ◌×b; ) LATIN SMALL LETTER A, HEBREW POINT RAFE, HEBREW POINT SHIN DOT, HEBREW POINT RAFE, HEBREW POINT METEG, LATIN SMALL LETTER B +0061 05C2 05C1 05BF 05C1 0062;0061 05BF 05C1 05C1 05C2 0062;0061 05BF 05C1 05C1 05C2 0062;0061 05BF 05C1 05C1 05C2 0062;0061 05BF 05C1 05C1 05C2 0062; # (a◌ׂ◌×◌ֿ◌×b; a◌ֿ◌×â—Œ×◌ׂb; a◌ֿ◌×â—Œ×◌ׂb; a◌ֿ◌×â—Œ×◌ׂb; a◌ֿ◌×â—Œ×◌ׂb; ) LATIN SMALL LETTER A, HEBREW POINT SIN DOT, HEBREW POINT SHIN DOT, HEBREW POINT RAFE, HEBREW POINT SHIN DOT, LATIN SMALL LETTER B +0061 05C1 05C2 05C1 05BF 0062;0061 05BF 05C1 05C1 05C2 0062;0061 05BF 05C1 05C1 05C2 0062;0061 05BF 05C1 05C1 05C2 0062;0061 05BF 05C1 05C1 05C2 0062; # (aâ—Œ×◌ׂ◌×◌ֿb; a◌ֿ◌×â—Œ×◌ׂb; a◌ֿ◌×â—Œ×◌ׂb; a◌ֿ◌×â—Œ×◌ׂb; a◌ֿ◌×â—Œ×◌ׂb; ) LATIN SMALL LETTER A, HEBREW POINT SHIN DOT, HEBREW POINT SIN DOT, HEBREW POINT SHIN DOT, HEBREW POINT RAFE, LATIN SMALL LETTER B +0061 FB1E 05C2 05C1 05C2 0062;0061 05C1 05C2 05C2 FB1E 0062;0061 05C1 05C2 05C2 FB1E 0062;0061 05C1 05C2 05C2 FB1E 0062;0061 05C1 05C2 05C2 FB1E 0062; # (a◌ﬞ◌ׂ◌×◌ׂb; aâ—Œ×◌ׂ◌ׂ◌ﬞb; aâ—Œ×◌ׂ◌ׂ◌ﬞb; aâ—Œ×◌ׂ◌ׂ◌ﬞb; aâ—Œ×◌ׂ◌ׂ◌ﬞb; ) LATIN SMALL LETTER A, HEBREW POINT JUDEO-SPANISH VARIKA, HEBREW POINT SIN DOT, HEBREW POINT SHIN DOT, HEBREW POINT SIN DOT, LATIN SMALL LETTER B +0061 05C2 FB1E 05C2 05C1 0062;0061 05C1 05C2 05C2 FB1E 0062;0061 05C1 05C2 05C2 FB1E 0062;0061 05C1 05C2 05C2 FB1E 0062;0061 05C1 05C2 05C2 FB1E 0062; # (a◌ׂ◌ﬞ◌ׂ◌×b; aâ—Œ×◌ׂ◌ׂ◌ﬞb; aâ—Œ×◌ׂ◌ׂ◌ﬞb; aâ—Œ×◌ׂ◌ׂ◌ﬞb; aâ—Œ×◌ׂ◌ׂ◌ﬞb; ) LATIN SMALL LETTER A, HEBREW POINT SIN DOT, HEBREW POINT JUDEO-SPANISH VARIKA, HEBREW POINT SIN DOT, HEBREW POINT SHIN DOT, LATIN SMALL LETTER B +0061 0315 0300 05AE 05C4 0062;00E0 05AE 05C4 0315 0062;0061 05AE 0300 05C4 0315 0062;00E0 05AE 05C4 0315 0062;0061 05AE 0300 05C4 0315 0062; # (a◌̕◌̀◌֮◌ׄb; à◌֮◌ׄ◌̕b; a◌֮◌̀◌ׄ◌̕b; à◌֮◌ׄ◌̕b; a◌֮◌̀◌ׄ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, HEBREW MARK UPPER DOT, LATIN SMALL LETTER B +0061 05C4 0315 0300 05AE 0062;0061 05AE 05C4 0300 0315 0062;0061 05AE 05C4 0300 0315 0062;0061 05AE 05C4 0300 0315 0062;0061 05AE 05C4 0300 0315 0062; # (a◌ׄ◌̕◌̀◌֮b; a◌֮◌ׄ◌̀◌̕b; a◌֮◌ׄ◌̀◌̕b; a◌֮◌ׄ◌̀◌̕b; a◌֮◌ׄ◌̀◌̕b; ) LATIN SMALL LETTER A, HEBREW MARK UPPER DOT, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0610 0062;00E0 05AE 0610 0315 0062;0061 05AE 0300 0610 0315 0062;00E0 05AE 0610 0315 0062;0061 05AE 0300 0610 0315 0062; # (a◌̕◌̀◌֮◌Øb; à◌֮◌Ø◌̕b; a◌֮◌̀◌Ø◌̕b; à◌֮◌Ø◌̕b; a◌֮◌̀◌Ø◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SIGN SALLALLAHOU ALAYHE WASSALLAM, LATIN SMALL LETTER B +0061 0610 0315 0300 05AE 0062;0061 05AE 0610 0300 0315 0062;0061 05AE 0610 0300 0315 0062;0061 05AE 0610 0300 0315 0062;0061 05AE 0610 0300 0315 0062; # (aâ—ŒØ◌̕◌̀◌֮b; a◌֮◌Ø◌̀◌̕b; a◌֮◌Ø◌̀◌̕b; a◌֮◌Ø◌̀◌̕b; a◌֮◌Ø◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SIGN SALLALLAHOU ALAYHE WASSALLAM, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0611 0062;00E0 05AE 0611 0315 0062;0061 05AE 0300 0611 0315 0062;00E0 05AE 0611 0315 0062;0061 05AE 0300 0611 0315 0062; # (a◌̕◌̀◌֮◌ؑb; à◌֮◌ؑ◌̕b; a◌֮◌̀◌ؑ◌̕b; à◌֮◌ؑ◌̕b; a◌֮◌̀◌ؑ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SIGN ALAYHE ASSALLAM, LATIN SMALL LETTER B +0061 0611 0315 0300 05AE 0062;0061 05AE 0611 0300 0315 0062;0061 05AE 0611 0300 0315 0062;0061 05AE 0611 0300 0315 0062;0061 05AE 0611 0300 0315 0062; # (a◌ؑ◌̕◌̀◌֮b; a◌֮◌ؑ◌̀◌̕b; a◌֮◌ؑ◌̀◌̕b; a◌֮◌ؑ◌̀◌̕b; a◌֮◌ؑ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SIGN ALAYHE ASSALLAM, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0612 0062;00E0 05AE 0612 0315 0062;0061 05AE 0300 0612 0315 0062;00E0 05AE 0612 0315 0062;0061 05AE 0300 0612 0315 0062; # (a◌̕◌̀◌֮◌ؒb; à◌֮◌ؒ◌̕b; a◌֮◌̀◌ؒ◌̕b; à◌֮◌ؒ◌̕b; a◌֮◌̀◌ؒ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SIGN RAHMATULLAH ALAYHE, LATIN SMALL LETTER B +0061 0612 0315 0300 05AE 0062;0061 05AE 0612 0300 0315 0062;0061 05AE 0612 0300 0315 0062;0061 05AE 0612 0300 0315 0062;0061 05AE 0612 0300 0315 0062; # (a◌ؒ◌̕◌̀◌֮b; a◌֮◌ؒ◌̀◌̕b; a◌֮◌ؒ◌̀◌̕b; a◌֮◌ؒ◌̀◌̕b; a◌֮◌ؒ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SIGN RAHMATULLAH ALAYHE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0613 0062;00E0 05AE 0613 0315 0062;0061 05AE 0300 0613 0315 0062;00E0 05AE 0613 0315 0062;0061 05AE 0300 0613 0315 0062; # (a◌̕◌̀◌֮◌ؓb; à◌֮◌ؓ◌̕b; a◌֮◌̀◌ؓ◌̕b; à◌֮◌ؓ◌̕b; a◌֮◌̀◌ؓ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SIGN RADI ALLAHOU ANHU, LATIN SMALL LETTER B +0061 0613 0315 0300 05AE 0062;0061 05AE 0613 0300 0315 0062;0061 05AE 0613 0300 0315 0062;0061 05AE 0613 0300 0315 0062;0061 05AE 0613 0300 0315 0062; # (a◌ؓ◌̕◌̀◌֮b; a◌֮◌ؓ◌̀◌̕b; a◌֮◌ؓ◌̀◌̕b; a◌֮◌ؓ◌̀◌̕b; a◌֮◌ؓ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SIGN RADI ALLAHOU ANHU, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0614 0062;00E0 05AE 0614 0315 0062;0061 05AE 0300 0614 0315 0062;00E0 05AE 0614 0315 0062;0061 05AE 0300 0614 0315 0062; # (a◌̕◌̀◌֮◌ؔb; à◌֮◌ؔ◌̕b; a◌֮◌̀◌ؔ◌̕b; à◌֮◌ؔ◌̕b; a◌֮◌̀◌ؔ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SIGN TAKHALLUS, LATIN SMALL LETTER B +0061 0614 0315 0300 05AE 0062;0061 05AE 0614 0300 0315 0062;0061 05AE 0614 0300 0315 0062;0061 05AE 0614 0300 0315 0062;0061 05AE 0614 0300 0315 0062; # (a◌ؔ◌̕◌̀◌֮b; a◌֮◌ؔ◌̀◌̕b; a◌֮◌ؔ◌̀◌̕b; a◌֮◌ؔ◌̀◌̕b; a◌֮◌ؔ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SIGN TAKHALLUS, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0615 0062;00E0 05AE 0615 0315 0062;0061 05AE 0300 0615 0315 0062;00E0 05AE 0615 0315 0062;0061 05AE 0300 0615 0315 0062; # (a◌̕◌̀◌֮◌ؕb; à◌֮◌ؕ◌̕b; a◌֮◌̀◌ؕ◌̕b; à◌֮◌ؕ◌̕b; a◌֮◌̀◌ؕ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SMALL HIGH TAH, LATIN SMALL LETTER B +0061 0615 0315 0300 05AE 0062;0061 05AE 0615 0300 0315 0062;0061 05AE 0615 0300 0315 0062;0061 05AE 0615 0300 0315 0062;0061 05AE 0615 0300 0315 0062; # (a◌ؕ◌̕◌̀◌֮b; a◌֮◌ؕ◌̀◌̕b; a◌֮◌ؕ◌̀◌̕b; a◌֮◌ؕ◌̀◌̕b; a◌֮◌ؕ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SMALL HIGH TAH, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 064C 064B FB1E 064B 0062;0061 FB1E 064B 064B 064C 0062;0061 FB1E 064B 064B 064C 0062;0061 FB1E 064B 064B 064C 0062;0061 FB1E 064B 064B 064C 0062; # (a◌ٌ◌ً◌ﬞ◌ًb; a◌ﬞ◌ً◌ً◌ٌb; a◌ﬞ◌ً◌ً◌ٌb; a◌ﬞ◌ً◌ً◌ٌb; a◌ﬞ◌ً◌ً◌ٌb; ) LATIN SMALL LETTER A, ARABIC DAMMATAN, ARABIC FATHATAN, HEBREW POINT JUDEO-SPANISH VARIKA, ARABIC FATHATAN, LATIN SMALL LETTER B +0061 064B 064C 064B FB1E 0062;0061 FB1E 064B 064B 064C 0062;0061 FB1E 064B 064B 064C 0062;0061 FB1E 064B 064B 064C 0062;0061 FB1E 064B 064B 064C 0062; # (a◌ً◌ٌ◌ً◌ﬞb; a◌ﬞ◌ً◌ً◌ٌb; a◌ﬞ◌ً◌ً◌ٌb; a◌ﬞ◌ً◌ً◌ٌb; a◌ﬞ◌ً◌ً◌ٌb; ) LATIN SMALL LETTER A, ARABIC FATHATAN, ARABIC DAMMATAN, ARABIC FATHATAN, HEBREW POINT JUDEO-SPANISH VARIKA, LATIN SMALL LETTER B +0061 064D 064C 064B 064C 0062;0061 064B 064C 064C 064D 0062;0061 064B 064C 064C 064D 0062;0061 064B 064C 064C 064D 0062;0061 064B 064C 064C 064D 0062; # (aâ—ŒÙ◌ٌ◌ً◌ٌb; a◌ً◌ٌ◌ٌ◌Ùb; a◌ً◌ٌ◌ٌ◌Ùb; a◌ً◌ٌ◌ٌ◌Ùb; a◌ً◌ٌ◌ٌ◌Ùb; ) LATIN SMALL LETTER A, ARABIC KASRATAN, ARABIC DAMMATAN, ARABIC FATHATAN, ARABIC DAMMATAN, LATIN SMALL LETTER B +0061 064C 064D 064C 064B 0062;0061 064B 064C 064C 064D 0062;0061 064B 064C 064C 064D 0062;0061 064B 064C 064C 064D 0062;0061 064B 064C 064C 064D 0062; # (a◌ٌ◌Ù◌ٌ◌ًb; a◌ً◌ٌ◌ٌ◌Ùb; a◌ً◌ٌ◌ٌ◌Ùb; a◌ً◌ٌ◌ٌ◌Ùb; a◌ً◌ٌ◌ٌ◌Ùb; ) LATIN SMALL LETTER A, ARABIC DAMMATAN, ARABIC KASRATAN, ARABIC DAMMATAN, ARABIC FATHATAN, LATIN SMALL LETTER B +0061 064E 064D 064C 064D 0062;0061 064C 064D 064D 064E 0062;0061 064C 064D 064D 064E 0062;0061 064C 064D 064D 064E 0062;0061 064C 064D 064D 064E 0062; # (a◌َ◌Ù◌ٌ◌Ùb; a◌ٌ◌Ùâ—ŒÙ◌َb; a◌ٌ◌Ùâ—ŒÙ◌َb; a◌ٌ◌Ùâ—ŒÙ◌َb; a◌ٌ◌Ùâ—ŒÙ◌َb; ) LATIN SMALL LETTER A, ARABIC FATHA, ARABIC KASRATAN, ARABIC DAMMATAN, ARABIC KASRATAN, LATIN SMALL LETTER B +0061 064D 064E 064D 064C 0062;0061 064C 064D 064D 064E 0062;0061 064C 064D 064D 064E 0062;0061 064C 064D 064D 064E 0062;0061 064C 064D 064D 064E 0062; # (aâ—ŒÙ◌َ◌Ù◌ٌb; a◌ٌ◌Ùâ—ŒÙ◌َb; a◌ٌ◌Ùâ—ŒÙ◌َb; a◌ٌ◌Ùâ—ŒÙ◌َb; a◌ٌ◌Ùâ—ŒÙ◌َb; ) LATIN SMALL LETTER A, ARABIC KASRATAN, ARABIC FATHA, ARABIC KASRATAN, ARABIC DAMMATAN, LATIN SMALL LETTER B +0061 064F 064E 064D 064E 0062;0061 064D 064E 064E 064F 0062;0061 064D 064E 064E 064F 0062;0061 064D 064E 064E 064F 0062;0061 064D 064E 064E 064F 0062; # (aâ—ŒÙ◌َ◌Ù◌َb; aâ—ŒÙ◌َ◌َ◌Ùb; aâ—ŒÙ◌َ◌َ◌Ùb; aâ—ŒÙ◌َ◌َ◌Ùb; aâ—ŒÙ◌َ◌َ◌Ùb; ) LATIN SMALL LETTER A, ARABIC DAMMA, ARABIC FATHA, ARABIC KASRATAN, ARABIC FATHA, LATIN SMALL LETTER B +0061 064E 064F 064E 064D 0062;0061 064D 064E 064E 064F 0062;0061 064D 064E 064E 064F 0062;0061 064D 064E 064E 064F 0062;0061 064D 064E 064E 064F 0062; # (a◌َ◌Ù◌َ◌Ùb; aâ—ŒÙ◌َ◌َ◌Ùb; aâ—ŒÙ◌َ◌َ◌Ùb; aâ—ŒÙ◌َ◌َ◌Ùb; aâ—ŒÙ◌َ◌َ◌Ùb; ) LATIN SMALL LETTER A, ARABIC FATHA, ARABIC DAMMA, ARABIC FATHA, ARABIC KASRATAN, LATIN SMALL LETTER B +0061 0650 064F 064E 064F 0062;0061 064E 064F 064F 0650 0062;0061 064E 064F 064F 0650 0062;0061 064E 064F 064F 0650 0062;0061 064E 064F 064F 0650 0062; # (aâ—ŒÙâ—ŒÙ◌َ◌Ùb; a◌َ◌Ùâ—ŒÙâ—ŒÙb; a◌َ◌Ùâ—ŒÙâ—ŒÙb; a◌َ◌Ùâ—ŒÙâ—ŒÙb; a◌َ◌Ùâ—ŒÙâ—ŒÙb; ) LATIN SMALL LETTER A, ARABIC KASRA, ARABIC DAMMA, ARABIC FATHA, ARABIC DAMMA, LATIN SMALL LETTER B +0061 064F 0650 064F 064E 0062;0061 064E 064F 064F 0650 0062;0061 064E 064F 064F 0650 0062;0061 064E 064F 064F 0650 0062;0061 064E 064F 064F 0650 0062; # (aâ—ŒÙâ—ŒÙâ—ŒÙ◌َb; a◌َ◌Ùâ—ŒÙâ—ŒÙb; a◌َ◌Ùâ—ŒÙâ—ŒÙb; a◌َ◌Ùâ—ŒÙâ—ŒÙb; a◌َ◌Ùâ—ŒÙâ—ŒÙb; ) LATIN SMALL LETTER A, ARABIC DAMMA, ARABIC KASRA, ARABIC DAMMA, ARABIC FATHA, LATIN SMALL LETTER B +0061 0651 0650 064F 0650 0062;0061 064F 0650 0650 0651 0062;0061 064F 0650 0650 0651 0062;0061 064F 0650 0650 0651 0062;0061 064F 0650 0650 0651 0062; # (a◌ّ◌Ùâ—ŒÙâ—ŒÙb; aâ—ŒÙâ—ŒÙâ—ŒÙ◌ّb; aâ—ŒÙâ—ŒÙâ—ŒÙ◌ّb; aâ—ŒÙâ—ŒÙâ—ŒÙ◌ّb; aâ—ŒÙâ—ŒÙâ—ŒÙ◌ّb; ) LATIN SMALL LETTER A, ARABIC SHADDA, ARABIC KASRA, ARABIC DAMMA, ARABIC KASRA, LATIN SMALL LETTER B +0061 0650 0651 0650 064F 0062;0061 064F 0650 0650 0651 0062;0061 064F 0650 0650 0651 0062;0061 064F 0650 0650 0651 0062;0061 064F 0650 0650 0651 0062; # (aâ—ŒÙ◌ّ◌Ùâ—ŒÙb; aâ—ŒÙâ—ŒÙâ—ŒÙ◌ّb; aâ—ŒÙâ—ŒÙâ—ŒÙ◌ّb; aâ—ŒÙâ—ŒÙâ—ŒÙ◌ّb; aâ—ŒÙâ—ŒÙâ—ŒÙ◌ّb; ) LATIN SMALL LETTER A, ARABIC KASRA, ARABIC SHADDA, ARABIC KASRA, ARABIC DAMMA, LATIN SMALL LETTER B +0061 0652 0651 0650 0651 0062;0061 0650 0651 0651 0652 0062;0061 0650 0651 0651 0652 0062;0061 0650 0651 0651 0652 0062;0061 0650 0651 0651 0652 0062; # (a◌ْ◌ّ◌Ù◌ّb; aâ—ŒÙ◌ّ◌ّ◌ْb; aâ—ŒÙ◌ّ◌ّ◌ْb; aâ—ŒÙ◌ّ◌ّ◌ْb; aâ—ŒÙ◌ّ◌ّ◌ْb; ) LATIN SMALL LETTER A, ARABIC SUKUN, ARABIC SHADDA, ARABIC KASRA, ARABIC SHADDA, LATIN SMALL LETTER B +0061 0651 0652 0651 0650 0062;0061 0650 0651 0651 0652 0062;0061 0650 0651 0651 0652 0062;0061 0650 0651 0651 0652 0062;0061 0650 0651 0651 0652 0062; # (a◌ّ◌ْ◌ّ◌Ùb; aâ—ŒÙ◌ّ◌ّ◌ْb; aâ—ŒÙ◌ّ◌ّ◌ْb; aâ—ŒÙ◌ّ◌ّ◌ْb; aâ—ŒÙ◌ّ◌ّ◌ْb; ) LATIN SMALL LETTER A, ARABIC SHADDA, ARABIC SUKUN, ARABIC SHADDA, ARABIC KASRA, LATIN SMALL LETTER B +0061 0670 0652 0651 0652 0062;0061 0651 0652 0652 0670 0062;0061 0651 0652 0652 0670 0062;0061 0651 0652 0652 0670 0062;0061 0651 0652 0652 0670 0062; # (a◌ٰ◌ْ◌ّ◌ْb; a◌ّ◌ْ◌ْ◌ٰb; a◌ّ◌ْ◌ْ◌ٰb; a◌ّ◌ْ◌ْ◌ٰb; a◌ّ◌ْ◌ْ◌ٰb; ) LATIN SMALL LETTER A, ARABIC LETTER SUPERSCRIPT ALEF, ARABIC SUKUN, ARABIC SHADDA, ARABIC SUKUN, LATIN SMALL LETTER B +0061 0652 0670 0652 0651 0062;0061 0651 0652 0652 0670 0062;0061 0651 0652 0652 0670 0062;0061 0651 0652 0652 0670 0062;0061 0651 0652 0652 0670 0062; # (a◌ْ◌ٰ◌ْ◌ّb; a◌ّ◌ْ◌ْ◌ٰb; a◌ّ◌ْ◌ْ◌ٰb; a◌ّ◌ْ◌ْ◌ٰb; a◌ّ◌ْ◌ْ◌ٰb; ) LATIN SMALL LETTER A, ARABIC SUKUN, ARABIC LETTER SUPERSCRIPT ALEF, ARABIC SUKUN, ARABIC SHADDA, LATIN SMALL LETTER B +0061 0315 0300 05AE 0653 0062;00E0 05AE 0653 0315 0062;0061 05AE 0300 0653 0315 0062;00E0 05AE 0653 0315 0062;0061 05AE 0300 0653 0315 0062; # (a◌̕◌̀◌֮◌ٓb; à◌֮◌ٓ◌̕b; a◌֮◌̀◌ٓ◌̕b; à◌֮◌ٓ◌̕b; a◌֮◌̀◌ٓ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC MADDAH ABOVE, LATIN SMALL LETTER B +0061 0653 0315 0300 05AE 0062;0061 05AE 0653 0300 0315 0062;0061 05AE 0653 0300 0315 0062;0061 05AE 0653 0300 0315 0062;0061 05AE 0653 0300 0315 0062; # (a◌ٓ◌̕◌̀◌֮b; a◌֮◌ٓ◌̀◌̕b; a◌֮◌ٓ◌̀◌̕b; a◌֮◌ٓ◌̀◌̕b; a◌֮◌ٓ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC MADDAH ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0654 0062;00E0 05AE 0654 0315 0062;0061 05AE 0300 0654 0315 0062;00E0 05AE 0654 0315 0062;0061 05AE 0300 0654 0315 0062; # (a◌̕◌̀◌֮◌ٔb; à◌֮◌ٔ◌̕b; a◌֮◌̀◌ٔ◌̕b; à◌֮◌ٔ◌̕b; a◌֮◌̀◌ٔ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC HAMZA ABOVE, LATIN SMALL LETTER B +0061 0654 0315 0300 05AE 0062;0061 05AE 0654 0300 0315 0062;0061 05AE 0654 0300 0315 0062;0061 05AE 0654 0300 0315 0062;0061 05AE 0654 0300 0315 0062; # (a◌ٔ◌̕◌̀◌֮b; a◌֮◌ٔ◌̀◌̕b; a◌֮◌ٔ◌̀◌̕b; a◌֮◌ٔ◌̀◌̕b; a◌֮◌ٔ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC HAMZA ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 0655 0062;0061 302A 0316 0655 059A 0062;0061 302A 0316 0655 059A 0062;0061 302A 0316 0655 059A 0062;0061 302A 0316 0655 059A 0062; # (a◌֚◌̖◌〪◌ٕb; a◌〪◌̖◌ٕ◌֚b; a◌〪◌̖◌ٕ◌֚b; a◌〪◌̖◌ٕ◌֚b; a◌〪◌̖◌ٕ◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, ARABIC HAMZA BELOW, LATIN SMALL LETTER B +0061 0655 059A 0316 302A 0062;0061 302A 0655 0316 059A 0062;0061 302A 0655 0316 059A 0062;0061 302A 0655 0316 059A 0062;0061 302A 0655 0316 059A 0062; # (a◌ٕ◌֚◌̖◌〪b; a◌〪◌ٕ◌̖◌֚b; a◌〪◌ٕ◌̖◌֚b; a◌〪◌ٕ◌̖◌֚b; a◌〪◌ٕ◌̖◌֚b; ) LATIN SMALL LETTER A, ARABIC HAMZA BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0656 0062;0061 302A 0316 0656 059A 0062;0061 302A 0316 0656 059A 0062;0061 302A 0316 0656 059A 0062;0061 302A 0316 0656 059A 0062; # (a◌֚◌̖◌〪◌ٖb; a◌〪◌̖◌ٖ◌֚b; a◌〪◌̖◌ٖ◌֚b; a◌〪◌̖◌ٖ◌֚b; a◌〪◌̖◌ٖ◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, ARABIC SUBSCRIPT ALEF, LATIN SMALL LETTER B +0061 0656 059A 0316 302A 0062;0061 302A 0656 0316 059A 0062;0061 302A 0656 0316 059A 0062;0061 302A 0656 0316 059A 0062;0061 302A 0656 0316 059A 0062; # (a◌ٖ◌֚◌̖◌〪b; a◌〪◌ٖ◌̖◌֚b; a◌〪◌ٖ◌̖◌֚b; a◌〪◌ٖ◌̖◌֚b; a◌〪◌ٖ◌̖◌֚b; ) LATIN SMALL LETTER A, ARABIC SUBSCRIPT ALEF, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 0657 0062;00E0 05AE 0657 0315 0062;0061 05AE 0300 0657 0315 0062;00E0 05AE 0657 0315 0062;0061 05AE 0300 0657 0315 0062; # (a◌̕◌̀◌֮◌ٗb; à◌֮◌ٗ◌̕b; a◌֮◌̀◌ٗ◌̕b; à◌֮◌ٗ◌̕b; a◌֮◌̀◌ٗ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC INVERTED DAMMA, LATIN SMALL LETTER B +0061 0657 0315 0300 05AE 0062;0061 05AE 0657 0300 0315 0062;0061 05AE 0657 0300 0315 0062;0061 05AE 0657 0300 0315 0062;0061 05AE 0657 0300 0315 0062; # (a◌ٗ◌̕◌̀◌֮b; a◌֮◌ٗ◌̀◌̕b; a◌֮◌ٗ◌̀◌̕b; a◌֮◌ٗ◌̀◌̕b; a◌֮◌ٗ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC INVERTED DAMMA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0658 0062;00E0 05AE 0658 0315 0062;0061 05AE 0300 0658 0315 0062;00E0 05AE 0658 0315 0062;0061 05AE 0300 0658 0315 0062; # (a◌̕◌̀◌֮◌٘b; à◌֮◌٘◌̕b; a◌֮◌̀◌٘◌̕b; à◌֮◌٘◌̕b; a◌֮◌̀◌٘◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC MARK NOON GHUNNA, LATIN SMALL LETTER B +0061 0658 0315 0300 05AE 0062;0061 05AE 0658 0300 0315 0062;0061 05AE 0658 0300 0315 0062;0061 05AE 0658 0300 0315 0062;0061 05AE 0658 0300 0315 0062; # (a◌٘◌̕◌̀◌֮b; a◌֮◌٘◌̀◌̕b; a◌֮◌٘◌̀◌̕b; a◌֮◌٘◌̀◌̕b; a◌֮◌٘◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC MARK NOON GHUNNA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0711 0670 0652 0670 0062;0061 0652 0670 0670 0711 0062;0061 0652 0670 0670 0711 0062;0061 0652 0670 0670 0711 0062;0061 0652 0670 0670 0711 0062; # (a◌ܑ◌ٰ◌ْ◌ٰb; a◌ْ◌ٰ◌ٰ◌ܑb; a◌ْ◌ٰ◌ٰ◌ܑb; a◌ْ◌ٰ◌ٰ◌ܑb; a◌ْ◌ٰ◌ٰ◌ܑb; ) LATIN SMALL LETTER A, SYRIAC LETTER SUPERSCRIPT ALAPH, ARABIC LETTER SUPERSCRIPT ALEF, ARABIC SUKUN, ARABIC LETTER SUPERSCRIPT ALEF, LATIN SMALL LETTER B +0061 0670 0711 0670 0652 0062;0061 0652 0670 0670 0711 0062;0061 0652 0670 0670 0711 0062;0061 0652 0670 0670 0711 0062;0061 0652 0670 0670 0711 0062; # (a◌ٰ◌ܑ◌ٰ◌ْb; a◌ْ◌ٰ◌ٰ◌ܑb; a◌ْ◌ٰ◌ٰ◌ܑb; a◌ْ◌ٰ◌ٰ◌ܑb; a◌ْ◌ٰ◌ٰ◌ܑb; ) LATIN SMALL LETTER A, ARABIC LETTER SUPERSCRIPT ALEF, SYRIAC LETTER SUPERSCRIPT ALAPH, ARABIC LETTER SUPERSCRIPT ALEF, ARABIC SUKUN, LATIN SMALL LETTER B +0061 0315 0300 05AE 06D6 0062;00E0 05AE 06D6 0315 0062;0061 05AE 0300 06D6 0315 0062;00E0 05AE 06D6 0315 0062;0061 05AE 0300 06D6 0315 0062; # (a◌̕◌̀◌֮◌ۖb; à◌֮◌ۖ◌̕b; a◌֮◌̀◌ۖ◌̕b; à◌֮◌ۖ◌̕b; a◌֮◌̀◌ۖ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SMALL HIGH LIGATURE SAD WITH LAM WITH ALEF MAKSURA, LATIN SMALL LETTER B +0061 06D6 0315 0300 05AE 0062;0061 05AE 06D6 0300 0315 0062;0061 05AE 06D6 0300 0315 0062;0061 05AE 06D6 0300 0315 0062;0061 05AE 06D6 0300 0315 0062; # (a◌ۖ◌̕◌̀◌֮b; a◌֮◌ۖ◌̀◌̕b; a◌֮◌ۖ◌̀◌̕b; a◌֮◌ۖ◌̀◌̕b; a◌֮◌ۖ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SMALL HIGH LIGATURE SAD WITH LAM WITH ALEF MAKSURA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 06D7 0062;00E0 05AE 06D7 0315 0062;0061 05AE 0300 06D7 0315 0062;00E0 05AE 06D7 0315 0062;0061 05AE 0300 06D7 0315 0062; # (a◌̕◌̀◌֮◌ۗb; à◌֮◌ۗ◌̕b; a◌֮◌̀◌ۗ◌̕b; à◌֮◌ۗ◌̕b; a◌֮◌̀◌ۗ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SMALL HIGH LIGATURE QAF WITH LAM WITH ALEF MAKSURA, LATIN SMALL LETTER B +0061 06D7 0315 0300 05AE 0062;0061 05AE 06D7 0300 0315 0062;0061 05AE 06D7 0300 0315 0062;0061 05AE 06D7 0300 0315 0062;0061 05AE 06D7 0300 0315 0062; # (a◌ۗ◌̕◌̀◌֮b; a◌֮◌ۗ◌̀◌̕b; a◌֮◌ۗ◌̀◌̕b; a◌֮◌ۗ◌̀◌̕b; a◌֮◌ۗ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SMALL HIGH LIGATURE QAF WITH LAM WITH ALEF MAKSURA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 06D8 0062;00E0 05AE 06D8 0315 0062;0061 05AE 0300 06D8 0315 0062;00E0 05AE 06D8 0315 0062;0061 05AE 0300 06D8 0315 0062; # (a◌̕◌̀◌֮◌ۘb; à◌֮◌ۘ◌̕b; a◌֮◌̀◌ۘ◌̕b; à◌֮◌ۘ◌̕b; a◌֮◌̀◌ۘ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SMALL HIGH MEEM INITIAL FORM, LATIN SMALL LETTER B +0061 06D8 0315 0300 05AE 0062;0061 05AE 06D8 0300 0315 0062;0061 05AE 06D8 0300 0315 0062;0061 05AE 06D8 0300 0315 0062;0061 05AE 06D8 0300 0315 0062; # (a◌ۘ◌̕◌̀◌֮b; a◌֮◌ۘ◌̀◌̕b; a◌֮◌ۘ◌̀◌̕b; a◌֮◌ۘ◌̀◌̕b; a◌֮◌ۘ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SMALL HIGH MEEM INITIAL FORM, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 06D9 0062;00E0 05AE 06D9 0315 0062;0061 05AE 0300 06D9 0315 0062;00E0 05AE 06D9 0315 0062;0061 05AE 0300 06D9 0315 0062; # (a◌̕◌̀◌֮◌ۙb; à◌֮◌ۙ◌̕b; a◌֮◌̀◌ۙ◌̕b; à◌֮◌ۙ◌̕b; a◌֮◌̀◌ۙ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SMALL HIGH LAM ALEF, LATIN SMALL LETTER B +0061 06D9 0315 0300 05AE 0062;0061 05AE 06D9 0300 0315 0062;0061 05AE 06D9 0300 0315 0062;0061 05AE 06D9 0300 0315 0062;0061 05AE 06D9 0300 0315 0062; # (a◌ۙ◌̕◌̀◌֮b; a◌֮◌ۙ◌̀◌̕b; a◌֮◌ۙ◌̀◌̕b; a◌֮◌ۙ◌̀◌̕b; a◌֮◌ۙ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SMALL HIGH LAM ALEF, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 06DA 0062;00E0 05AE 06DA 0315 0062;0061 05AE 0300 06DA 0315 0062;00E0 05AE 06DA 0315 0062;0061 05AE 0300 06DA 0315 0062; # (a◌̕◌̀◌֮◌ۚb; à◌֮◌ۚ◌̕b; a◌֮◌̀◌ۚ◌̕b; à◌֮◌ۚ◌̕b; a◌֮◌̀◌ۚ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SMALL HIGH JEEM, LATIN SMALL LETTER B +0061 06DA 0315 0300 05AE 0062;0061 05AE 06DA 0300 0315 0062;0061 05AE 06DA 0300 0315 0062;0061 05AE 06DA 0300 0315 0062;0061 05AE 06DA 0300 0315 0062; # (a◌ۚ◌̕◌̀◌֮b; a◌֮◌ۚ◌̀◌̕b; a◌֮◌ۚ◌̀◌̕b; a◌֮◌ۚ◌̀◌̕b; a◌֮◌ۚ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SMALL HIGH JEEM, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 06DB 0062;00E0 05AE 06DB 0315 0062;0061 05AE 0300 06DB 0315 0062;00E0 05AE 06DB 0315 0062;0061 05AE 0300 06DB 0315 0062; # (a◌̕◌̀◌֮◌ۛb; à◌֮◌ۛ◌̕b; a◌֮◌̀◌ۛ◌̕b; à◌֮◌ۛ◌̕b; a◌֮◌̀◌ۛ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SMALL HIGH THREE DOTS, LATIN SMALL LETTER B +0061 06DB 0315 0300 05AE 0062;0061 05AE 06DB 0300 0315 0062;0061 05AE 06DB 0300 0315 0062;0061 05AE 06DB 0300 0315 0062;0061 05AE 06DB 0300 0315 0062; # (a◌ۛ◌̕◌̀◌֮b; a◌֮◌ۛ◌̀◌̕b; a◌֮◌ۛ◌̀◌̕b; a◌֮◌ۛ◌̀◌̕b; a◌֮◌ۛ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SMALL HIGH THREE DOTS, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 06DC 0062;00E0 05AE 06DC 0315 0062;0061 05AE 0300 06DC 0315 0062;00E0 05AE 06DC 0315 0062;0061 05AE 0300 06DC 0315 0062; # (a◌̕◌̀◌֮◌ۜb; à◌֮◌ۜ◌̕b; a◌֮◌̀◌ۜ◌̕b; à◌֮◌ۜ◌̕b; a◌֮◌̀◌ۜ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SMALL HIGH SEEN, LATIN SMALL LETTER B +0061 06DC 0315 0300 05AE 0062;0061 05AE 06DC 0300 0315 0062;0061 05AE 06DC 0300 0315 0062;0061 05AE 06DC 0300 0315 0062;0061 05AE 06DC 0300 0315 0062; # (a◌ۜ◌̕◌̀◌֮b; a◌֮◌ۜ◌̀◌̕b; a◌֮◌ۜ◌̀◌̕b; a◌֮◌ۜ◌̀◌̕b; a◌֮◌ۜ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SMALL HIGH SEEN, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 06DF 0062;00E0 05AE 06DF 0315 0062;0061 05AE 0300 06DF 0315 0062;00E0 05AE 06DF 0315 0062;0061 05AE 0300 06DF 0315 0062; # (a◌̕◌̀◌֮◌۟b; à◌֮◌۟◌̕b; a◌֮◌̀◌۟◌̕b; à◌֮◌۟◌̕b; a◌֮◌̀◌۟◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SMALL HIGH ROUNDED ZERO, LATIN SMALL LETTER B +0061 06DF 0315 0300 05AE 0062;0061 05AE 06DF 0300 0315 0062;0061 05AE 06DF 0300 0315 0062;0061 05AE 06DF 0300 0315 0062;0061 05AE 06DF 0300 0315 0062; # (a◌۟◌̕◌̀◌֮b; a◌֮◌۟◌̀◌̕b; a◌֮◌۟◌̀◌̕b; a◌֮◌۟◌̀◌̕b; a◌֮◌۟◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SMALL HIGH ROUNDED ZERO, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 06E0 0062;00E0 05AE 06E0 0315 0062;0061 05AE 0300 06E0 0315 0062;00E0 05AE 06E0 0315 0062;0061 05AE 0300 06E0 0315 0062; # (a◌̕◌̀◌֮◌۠b; à◌֮◌۠◌̕b; a◌֮◌̀◌۠◌̕b; à◌֮◌۠◌̕b; a◌֮◌̀◌۠◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SMALL HIGH UPRIGHT RECTANGULAR ZERO, LATIN SMALL LETTER B +0061 06E0 0315 0300 05AE 0062;0061 05AE 06E0 0300 0315 0062;0061 05AE 06E0 0300 0315 0062;0061 05AE 06E0 0300 0315 0062;0061 05AE 06E0 0300 0315 0062; # (a◌۠◌̕◌̀◌֮b; a◌֮◌۠◌̀◌̕b; a◌֮◌۠◌̀◌̕b; a◌֮◌۠◌̀◌̕b; a◌֮◌۠◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SMALL HIGH UPRIGHT RECTANGULAR ZERO, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 06E1 0062;00E0 05AE 06E1 0315 0062;0061 05AE 0300 06E1 0315 0062;00E0 05AE 06E1 0315 0062;0061 05AE 0300 06E1 0315 0062; # (a◌̕◌̀◌֮◌ۡb; à◌֮◌ۡ◌̕b; a◌֮◌̀◌ۡ◌̕b; à◌֮◌ۡ◌̕b; a◌֮◌̀◌ۡ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SMALL HIGH DOTLESS HEAD OF KHAH, LATIN SMALL LETTER B +0061 06E1 0315 0300 05AE 0062;0061 05AE 06E1 0300 0315 0062;0061 05AE 06E1 0300 0315 0062;0061 05AE 06E1 0300 0315 0062;0061 05AE 06E1 0300 0315 0062; # (a◌ۡ◌̕◌̀◌֮b; a◌֮◌ۡ◌̀◌̕b; a◌֮◌ۡ◌̀◌̕b; a◌֮◌ۡ◌̀◌̕b; a◌֮◌ۡ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SMALL HIGH DOTLESS HEAD OF KHAH, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 06E2 0062;00E0 05AE 06E2 0315 0062;0061 05AE 0300 06E2 0315 0062;00E0 05AE 06E2 0315 0062;0061 05AE 0300 06E2 0315 0062; # (a◌̕◌̀◌֮◌ۢb; à◌֮◌ۢ◌̕b; a◌֮◌̀◌ۢ◌̕b; à◌֮◌ۢ◌̕b; a◌֮◌̀◌ۢ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SMALL HIGH MEEM ISOLATED FORM, LATIN SMALL LETTER B +0061 06E2 0315 0300 05AE 0062;0061 05AE 06E2 0300 0315 0062;0061 05AE 06E2 0300 0315 0062;0061 05AE 06E2 0300 0315 0062;0061 05AE 06E2 0300 0315 0062; # (a◌ۢ◌̕◌̀◌֮b; a◌֮◌ۢ◌̀◌̕b; a◌֮◌ۢ◌̀◌̕b; a◌֮◌ۢ◌̀◌̕b; a◌֮◌ۢ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SMALL HIGH MEEM ISOLATED FORM, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 06E3 0062;0061 302A 0316 06E3 059A 0062;0061 302A 0316 06E3 059A 0062;0061 302A 0316 06E3 059A 0062;0061 302A 0316 06E3 059A 0062; # (a◌֚◌̖◌〪◌ۣb; a◌〪◌̖◌ۣ◌֚b; a◌〪◌̖◌ۣ◌֚b; a◌〪◌̖◌ۣ◌֚b; a◌〪◌̖◌ۣ◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, ARABIC SMALL LOW SEEN, LATIN SMALL LETTER B +0061 06E3 059A 0316 302A 0062;0061 302A 06E3 0316 059A 0062;0061 302A 06E3 0316 059A 0062;0061 302A 06E3 0316 059A 0062;0061 302A 06E3 0316 059A 0062; # (a◌ۣ◌֚◌̖◌〪b; a◌〪◌ۣ◌̖◌֚b; a◌〪◌ۣ◌̖◌֚b; a◌〪◌ۣ◌̖◌֚b; a◌〪◌ۣ◌̖◌֚b; ) LATIN SMALL LETTER A, ARABIC SMALL LOW SEEN, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 06E4 0062;00E0 05AE 06E4 0315 0062;0061 05AE 0300 06E4 0315 0062;00E0 05AE 06E4 0315 0062;0061 05AE 0300 06E4 0315 0062; # (a◌̕◌̀◌֮◌ۤb; à◌֮◌ۤ◌̕b; a◌֮◌̀◌ۤ◌̕b; à◌֮◌ۤ◌̕b; a◌֮◌̀◌ۤ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SMALL HIGH MADDA, LATIN SMALL LETTER B +0061 06E4 0315 0300 05AE 0062;0061 05AE 06E4 0300 0315 0062;0061 05AE 06E4 0300 0315 0062;0061 05AE 06E4 0300 0315 0062;0061 05AE 06E4 0300 0315 0062; # (a◌ۤ◌̕◌̀◌֮b; a◌֮◌ۤ◌̀◌̕b; a◌֮◌ۤ◌̀◌̕b; a◌֮◌ۤ◌̀◌̕b; a◌֮◌ۤ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SMALL HIGH MADDA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 06E7 0062;00E0 05AE 06E7 0315 0062;0061 05AE 0300 06E7 0315 0062;00E0 05AE 06E7 0315 0062;0061 05AE 0300 06E7 0315 0062; # (a◌̕◌̀◌֮◌ۧb; à◌֮◌ۧ◌̕b; a◌֮◌̀◌ۧ◌̕b; à◌֮◌ۧ◌̕b; a◌֮◌̀◌ۧ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SMALL HIGH YEH, LATIN SMALL LETTER B +0061 06E7 0315 0300 05AE 0062;0061 05AE 06E7 0300 0315 0062;0061 05AE 06E7 0300 0315 0062;0061 05AE 06E7 0300 0315 0062;0061 05AE 06E7 0300 0315 0062; # (a◌ۧ◌̕◌̀◌֮b; a◌֮◌ۧ◌̀◌̕b; a◌֮◌ۧ◌̀◌̕b; a◌֮◌ۧ◌̀◌̕b; a◌֮◌ۧ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SMALL HIGH YEH, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 06E8 0062;00E0 05AE 06E8 0315 0062;0061 05AE 0300 06E8 0315 0062;00E0 05AE 06E8 0315 0062;0061 05AE 0300 06E8 0315 0062; # (a◌̕◌̀◌֮◌ۨb; à◌֮◌ۨ◌̕b; a◌֮◌̀◌ۨ◌̕b; à◌֮◌ۨ◌̕b; a◌֮◌̀◌ۨ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC SMALL HIGH NOON, LATIN SMALL LETTER B +0061 06E8 0315 0300 05AE 0062;0061 05AE 06E8 0300 0315 0062;0061 05AE 06E8 0300 0315 0062;0061 05AE 06E8 0300 0315 0062;0061 05AE 06E8 0300 0315 0062; # (a◌ۨ◌̕◌̀◌֮b; a◌֮◌ۨ◌̀◌̕b; a◌֮◌ۨ◌̀◌̕b; a◌֮◌ۨ◌̀◌̕b; a◌֮◌ۨ◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC SMALL HIGH NOON, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 06EA 0062;0061 302A 0316 06EA 059A 0062;0061 302A 0316 06EA 059A 0062;0061 302A 0316 06EA 059A 0062;0061 302A 0316 06EA 059A 0062; # (a◌֚◌̖◌〪◌۪b; a◌〪◌̖◌۪◌֚b; a◌〪◌̖◌۪◌֚b; a◌〪◌̖◌۪◌֚b; a◌〪◌̖◌۪◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, ARABIC EMPTY CENTRE LOW STOP, LATIN SMALL LETTER B +0061 06EA 059A 0316 302A 0062;0061 302A 06EA 0316 059A 0062;0061 302A 06EA 0316 059A 0062;0061 302A 06EA 0316 059A 0062;0061 302A 06EA 0316 059A 0062; # (a◌۪◌֚◌̖◌〪b; a◌〪◌۪◌̖◌֚b; a◌〪◌۪◌̖◌֚b; a◌〪◌۪◌̖◌֚b; a◌〪◌۪◌̖◌֚b; ) LATIN SMALL LETTER A, ARABIC EMPTY CENTRE LOW STOP, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 06EB 0062;00E0 05AE 06EB 0315 0062;0061 05AE 0300 06EB 0315 0062;00E0 05AE 06EB 0315 0062;0061 05AE 0300 06EB 0315 0062; # (a◌̕◌̀◌֮◌۫b; à◌֮◌۫◌̕b; a◌֮◌̀◌۫◌̕b; à◌֮◌۫◌̕b; a◌֮◌̀◌۫◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC EMPTY CENTRE HIGH STOP, LATIN SMALL LETTER B +0061 06EB 0315 0300 05AE 0062;0061 05AE 06EB 0300 0315 0062;0061 05AE 06EB 0300 0315 0062;0061 05AE 06EB 0300 0315 0062;0061 05AE 06EB 0300 0315 0062; # (a◌۫◌̕◌̀◌֮b; a◌֮◌۫◌̀◌̕b; a◌֮◌۫◌̀◌̕b; a◌֮◌۫◌̀◌̕b; a◌֮◌۫◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC EMPTY CENTRE HIGH STOP, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 06EC 0062;00E0 05AE 06EC 0315 0062;0061 05AE 0300 06EC 0315 0062;00E0 05AE 06EC 0315 0062;0061 05AE 0300 06EC 0315 0062; # (a◌̕◌̀◌֮◌۬b; à◌֮◌۬◌̕b; a◌֮◌̀◌۬◌̕b; à◌֮◌۬◌̕b; a◌֮◌̀◌۬◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, ARABIC ROUNDED HIGH STOP WITH FILLED CENTRE, LATIN SMALL LETTER B +0061 06EC 0315 0300 05AE 0062;0061 05AE 06EC 0300 0315 0062;0061 05AE 06EC 0300 0315 0062;0061 05AE 06EC 0300 0315 0062;0061 05AE 06EC 0300 0315 0062; # (a◌۬◌̕◌̀◌֮b; a◌֮◌۬◌̀◌̕b; a◌֮◌۬◌̀◌̕b; a◌֮◌۬◌̀◌̕b; a◌֮◌۬◌̀◌̕b; ) LATIN SMALL LETTER A, ARABIC ROUNDED HIGH STOP WITH FILLED CENTRE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 06ED 0062;0061 302A 0316 06ED 059A 0062;0061 302A 0316 06ED 059A 0062;0061 302A 0316 06ED 059A 0062;0061 302A 0316 06ED 059A 0062; # (a◌֚◌̖◌〪◌ۭb; a◌〪◌̖◌ۭ◌֚b; a◌〪◌̖◌ۭ◌֚b; a◌〪◌̖◌ۭ◌֚b; a◌〪◌̖◌ۭ◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, ARABIC SMALL LOW MEEM, LATIN SMALL LETTER B +0061 06ED 059A 0316 302A 0062;0061 302A 06ED 0316 059A 0062;0061 302A 06ED 0316 059A 0062;0061 302A 06ED 0316 059A 0062;0061 302A 06ED 0316 059A 0062; # (a◌ۭ◌֚◌̖◌〪b; a◌〪◌ۭ◌̖◌֚b; a◌〪◌ۭ◌̖◌֚b; a◌〪◌ۭ◌̖◌֚b; a◌〪◌ۭ◌̖◌֚b; ) LATIN SMALL LETTER A, ARABIC SMALL LOW MEEM, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0C55 0711 0670 0711 0062;0061 0670 0711 0711 0C55 0062;0061 0670 0711 0711 0C55 0062;0061 0670 0711 0711 0C55 0062;0061 0670 0711 0711 0C55 0062; # (a◌ౕ◌ܑ◌ٰ◌ܑb; a◌ٰ◌ܑ◌ܑ◌ౕb; a◌ٰ◌ܑ◌ܑ◌ౕb; a◌ٰ◌ܑ◌ܑ◌ౕb; a◌ٰ◌ܑ◌ܑ◌ౕb; ) LATIN SMALL LETTER A, TELUGU LENGTH MARK, SYRIAC LETTER SUPERSCRIPT ALAPH, ARABIC LETTER SUPERSCRIPT ALEF, SYRIAC LETTER SUPERSCRIPT ALAPH, LATIN SMALL LETTER B +0061 0711 0C55 0711 0670 0062;0061 0670 0711 0711 0C55 0062;0061 0670 0711 0711 0C55 0062;0061 0670 0711 0711 0C55 0062;0061 0670 0711 0711 0C55 0062; # (a◌ܑ◌ౕ◌ܑ◌ٰb; a◌ٰ◌ܑ◌ܑ◌ౕb; a◌ٰ◌ܑ◌ܑ◌ౕb; a◌ٰ◌ܑ◌ܑ◌ౕb; a◌ٰ◌ܑ◌ܑ◌ౕb; ) LATIN SMALL LETTER A, SYRIAC LETTER SUPERSCRIPT ALAPH, TELUGU LENGTH MARK, SYRIAC LETTER SUPERSCRIPT ALAPH, ARABIC LETTER SUPERSCRIPT ALEF, LATIN SMALL LETTER B +0061 0315 0300 05AE 0730 0062;00E0 05AE 0730 0315 0062;0061 05AE 0300 0730 0315 0062;00E0 05AE 0730 0315 0062;0061 05AE 0300 0730 0315 0062; # (a◌̕◌̀◌֮◌ܰb; à◌֮◌ܰ◌̕b; a◌֮◌̀◌ܰ◌̕b; à◌֮◌ܰ◌̕b; a◌֮◌̀◌ܰ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, SYRIAC PTHAHA ABOVE, LATIN SMALL LETTER B +0061 0730 0315 0300 05AE 0062;0061 05AE 0730 0300 0315 0062;0061 05AE 0730 0300 0315 0062;0061 05AE 0730 0300 0315 0062;0061 05AE 0730 0300 0315 0062; # (a◌ܰ◌̕◌̀◌֮b; a◌֮◌ܰ◌̀◌̕b; a◌֮◌ܰ◌̀◌̕b; a◌֮◌ܰ◌̀◌̕b; a◌֮◌ܰ◌̀◌̕b; ) LATIN SMALL LETTER A, SYRIAC PTHAHA ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 0731 0062;0061 302A 0316 0731 059A 0062;0061 302A 0316 0731 059A 0062;0061 302A 0316 0731 059A 0062;0061 302A 0316 0731 059A 0062; # (a◌֚◌̖◌〪◌ܱb; a◌〪◌̖◌ܱ◌֚b; a◌〪◌̖◌ܱ◌֚b; a◌〪◌̖◌ܱ◌֚b; a◌〪◌̖◌ܱ◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, SYRIAC PTHAHA BELOW, LATIN SMALL LETTER B +0061 0731 059A 0316 302A 0062;0061 302A 0731 0316 059A 0062;0061 302A 0731 0316 059A 0062;0061 302A 0731 0316 059A 0062;0061 302A 0731 0316 059A 0062; # (a◌ܱ◌֚◌̖◌〪b; a◌〪◌ܱ◌̖◌֚b; a◌〪◌ܱ◌̖◌֚b; a◌〪◌ܱ◌̖◌֚b; a◌〪◌ܱ◌̖◌֚b; ) LATIN SMALL LETTER A, SYRIAC PTHAHA BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 0732 0062;00E0 05AE 0732 0315 0062;0061 05AE 0300 0732 0315 0062;00E0 05AE 0732 0315 0062;0061 05AE 0300 0732 0315 0062; # (a◌̕◌̀◌֮◌ܲb; à◌֮◌ܲ◌̕b; a◌֮◌̀◌ܲ◌̕b; à◌֮◌ܲ◌̕b; a◌֮◌̀◌ܲ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, SYRIAC PTHAHA DOTTED, LATIN SMALL LETTER B +0061 0732 0315 0300 05AE 0062;0061 05AE 0732 0300 0315 0062;0061 05AE 0732 0300 0315 0062;0061 05AE 0732 0300 0315 0062;0061 05AE 0732 0300 0315 0062; # (a◌ܲ◌̕◌̀◌֮b; a◌֮◌ܲ◌̀◌̕b; a◌֮◌ܲ◌̀◌̕b; a◌֮◌ܲ◌̀◌̕b; a◌֮◌ܲ◌̀◌̕b; ) LATIN SMALL LETTER A, SYRIAC PTHAHA DOTTED, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0733 0062;00E0 05AE 0733 0315 0062;0061 05AE 0300 0733 0315 0062;00E0 05AE 0733 0315 0062;0061 05AE 0300 0733 0315 0062; # (a◌̕◌̀◌֮◌ܳb; à◌֮◌ܳ◌̕b; a◌֮◌̀◌ܳ◌̕b; à◌֮◌ܳ◌̕b; a◌֮◌̀◌ܳ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, SYRIAC ZQAPHA ABOVE, LATIN SMALL LETTER B +0061 0733 0315 0300 05AE 0062;0061 05AE 0733 0300 0315 0062;0061 05AE 0733 0300 0315 0062;0061 05AE 0733 0300 0315 0062;0061 05AE 0733 0300 0315 0062; # (a◌ܳ◌̕◌̀◌֮b; a◌֮◌ܳ◌̀◌̕b; a◌֮◌ܳ◌̀◌̕b; a◌֮◌ܳ◌̀◌̕b; a◌֮◌ܳ◌̀◌̕b; ) LATIN SMALL LETTER A, SYRIAC ZQAPHA ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 0734 0062;0061 302A 0316 0734 059A 0062;0061 302A 0316 0734 059A 0062;0061 302A 0316 0734 059A 0062;0061 302A 0316 0734 059A 0062; # (a◌֚◌̖◌〪◌ܴb; a◌〪◌̖◌ܴ◌֚b; a◌〪◌̖◌ܴ◌֚b; a◌〪◌̖◌ܴ◌֚b; a◌〪◌̖◌ܴ◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, SYRIAC ZQAPHA BELOW, LATIN SMALL LETTER B +0061 0734 059A 0316 302A 0062;0061 302A 0734 0316 059A 0062;0061 302A 0734 0316 059A 0062;0061 302A 0734 0316 059A 0062;0061 302A 0734 0316 059A 0062; # (a◌ܴ◌֚◌̖◌〪b; a◌〪◌ܴ◌̖◌֚b; a◌〪◌ܴ◌̖◌֚b; a◌〪◌ܴ◌̖◌֚b; a◌〪◌ܴ◌̖◌֚b; ) LATIN SMALL LETTER A, SYRIAC ZQAPHA BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 0735 0062;00E0 05AE 0735 0315 0062;0061 05AE 0300 0735 0315 0062;00E0 05AE 0735 0315 0062;0061 05AE 0300 0735 0315 0062; # (a◌̕◌̀◌֮◌ܵb; à◌֮◌ܵ◌̕b; a◌֮◌̀◌ܵ◌̕b; à◌֮◌ܵ◌̕b; a◌֮◌̀◌ܵ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, SYRIAC ZQAPHA DOTTED, LATIN SMALL LETTER B +0061 0735 0315 0300 05AE 0062;0061 05AE 0735 0300 0315 0062;0061 05AE 0735 0300 0315 0062;0061 05AE 0735 0300 0315 0062;0061 05AE 0735 0300 0315 0062; # (a◌ܵ◌̕◌̀◌֮b; a◌֮◌ܵ◌̀◌̕b; a◌֮◌ܵ◌̀◌̕b; a◌֮◌ܵ◌̀◌̕b; a◌֮◌ܵ◌̀◌̕b; ) LATIN SMALL LETTER A, SYRIAC ZQAPHA DOTTED, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0736 0062;00E0 05AE 0736 0315 0062;0061 05AE 0300 0736 0315 0062;00E0 05AE 0736 0315 0062;0061 05AE 0300 0736 0315 0062; # (a◌̕◌̀◌֮◌ܶb; à◌֮◌ܶ◌̕b; a◌֮◌̀◌ܶ◌̕b; à◌֮◌ܶ◌̕b; a◌֮◌̀◌ܶ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, SYRIAC RBASA ABOVE, LATIN SMALL LETTER B +0061 0736 0315 0300 05AE 0062;0061 05AE 0736 0300 0315 0062;0061 05AE 0736 0300 0315 0062;0061 05AE 0736 0300 0315 0062;0061 05AE 0736 0300 0315 0062; # (a◌ܶ◌̕◌̀◌֮b; a◌֮◌ܶ◌̀◌̕b; a◌֮◌ܶ◌̀◌̕b; a◌֮◌ܶ◌̀◌̕b; a◌֮◌ܶ◌̀◌̕b; ) LATIN SMALL LETTER A, SYRIAC RBASA ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 0737 0062;0061 302A 0316 0737 059A 0062;0061 302A 0316 0737 059A 0062;0061 302A 0316 0737 059A 0062;0061 302A 0316 0737 059A 0062; # (a◌֚◌̖◌〪◌ܷb; a◌〪◌̖◌ܷ◌֚b; a◌〪◌̖◌ܷ◌֚b; a◌〪◌̖◌ܷ◌֚b; a◌〪◌̖◌ܷ◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, SYRIAC RBASA BELOW, LATIN SMALL LETTER B +0061 0737 059A 0316 302A 0062;0061 302A 0737 0316 059A 0062;0061 302A 0737 0316 059A 0062;0061 302A 0737 0316 059A 0062;0061 302A 0737 0316 059A 0062; # (a◌ܷ◌֚◌̖◌〪b; a◌〪◌ܷ◌̖◌֚b; a◌〪◌ܷ◌̖◌֚b; a◌〪◌ܷ◌̖◌֚b; a◌〪◌ܷ◌̖◌֚b; ) LATIN SMALL LETTER A, SYRIAC RBASA BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0738 0062;0061 302A 0316 0738 059A 0062;0061 302A 0316 0738 059A 0062;0061 302A 0316 0738 059A 0062;0061 302A 0316 0738 059A 0062; # (a◌֚◌̖◌〪◌ܸb; a◌〪◌̖◌ܸ◌֚b; a◌〪◌̖◌ܸ◌֚b; a◌〪◌̖◌ܸ◌֚b; a◌〪◌̖◌ܸ◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, SYRIAC DOTTED ZLAMA HORIZONTAL, LATIN SMALL LETTER B +0061 0738 059A 0316 302A 0062;0061 302A 0738 0316 059A 0062;0061 302A 0738 0316 059A 0062;0061 302A 0738 0316 059A 0062;0061 302A 0738 0316 059A 0062; # (a◌ܸ◌֚◌̖◌〪b; a◌〪◌ܸ◌̖◌֚b; a◌〪◌ܸ◌̖◌֚b; a◌〪◌ܸ◌̖◌֚b; a◌〪◌ܸ◌̖◌֚b; ) LATIN SMALL LETTER A, SYRIAC DOTTED ZLAMA HORIZONTAL, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0739 0062;0061 302A 0316 0739 059A 0062;0061 302A 0316 0739 059A 0062;0061 302A 0316 0739 059A 0062;0061 302A 0316 0739 059A 0062; # (a◌֚◌̖◌〪◌ܹb; a◌〪◌̖◌ܹ◌֚b; a◌〪◌̖◌ܹ◌֚b; a◌〪◌̖◌ܹ◌֚b; a◌〪◌̖◌ܹ◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, SYRIAC DOTTED ZLAMA ANGULAR, LATIN SMALL LETTER B +0061 0739 059A 0316 302A 0062;0061 302A 0739 0316 059A 0062;0061 302A 0739 0316 059A 0062;0061 302A 0739 0316 059A 0062;0061 302A 0739 0316 059A 0062; # (a◌ܹ◌֚◌̖◌〪b; a◌〪◌ܹ◌̖◌֚b; a◌〪◌ܹ◌̖◌֚b; a◌〪◌ܹ◌̖◌֚b; a◌〪◌ܹ◌̖◌֚b; ) LATIN SMALL LETTER A, SYRIAC DOTTED ZLAMA ANGULAR, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 073A 0062;00E0 05AE 073A 0315 0062;0061 05AE 0300 073A 0315 0062;00E0 05AE 073A 0315 0062;0061 05AE 0300 073A 0315 0062; # (a◌̕◌̀◌֮◌ܺb; à◌֮◌ܺ◌̕b; a◌֮◌̀◌ܺ◌̕b; à◌֮◌ܺ◌̕b; a◌֮◌̀◌ܺ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, SYRIAC HBASA ABOVE, LATIN SMALL LETTER B +0061 073A 0315 0300 05AE 0062;0061 05AE 073A 0300 0315 0062;0061 05AE 073A 0300 0315 0062;0061 05AE 073A 0300 0315 0062;0061 05AE 073A 0300 0315 0062; # (a◌ܺ◌̕◌̀◌֮b; a◌֮◌ܺ◌̀◌̕b; a◌֮◌ܺ◌̀◌̕b; a◌֮◌ܺ◌̀◌̕b; a◌֮◌ܺ◌̀◌̕b; ) LATIN SMALL LETTER A, SYRIAC HBASA ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 073B 0062;0061 302A 0316 073B 059A 0062;0061 302A 0316 073B 059A 0062;0061 302A 0316 073B 059A 0062;0061 302A 0316 073B 059A 0062; # (a◌֚◌̖◌〪◌ܻb; a◌〪◌̖◌ܻ◌֚b; a◌〪◌̖◌ܻ◌֚b; a◌〪◌̖◌ܻ◌֚b; a◌〪◌̖◌ܻ◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, SYRIAC HBASA BELOW, LATIN SMALL LETTER B +0061 073B 059A 0316 302A 0062;0061 302A 073B 0316 059A 0062;0061 302A 073B 0316 059A 0062;0061 302A 073B 0316 059A 0062;0061 302A 073B 0316 059A 0062; # (a◌ܻ◌֚◌̖◌〪b; a◌〪◌ܻ◌̖◌֚b; a◌〪◌ܻ◌̖◌֚b; a◌〪◌ܻ◌̖◌֚b; a◌〪◌ܻ◌̖◌֚b; ) LATIN SMALL LETTER A, SYRIAC HBASA BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 073C 0062;0061 302A 0316 073C 059A 0062;0061 302A 0316 073C 059A 0062;0061 302A 0316 073C 059A 0062;0061 302A 0316 073C 059A 0062; # (a◌֚◌̖◌〪◌ܼb; a◌〪◌̖◌ܼ◌֚b; a◌〪◌̖◌ܼ◌֚b; a◌〪◌̖◌ܼ◌֚b; a◌〪◌̖◌ܼ◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, SYRIAC HBASA-ESASA DOTTED, LATIN SMALL LETTER B +0061 073C 059A 0316 302A 0062;0061 302A 073C 0316 059A 0062;0061 302A 073C 0316 059A 0062;0061 302A 073C 0316 059A 0062;0061 302A 073C 0316 059A 0062; # (a◌ܼ◌֚◌̖◌〪b; a◌〪◌ܼ◌̖◌֚b; a◌〪◌ܼ◌̖◌֚b; a◌〪◌ܼ◌̖◌֚b; a◌〪◌ܼ◌̖◌֚b; ) LATIN SMALL LETTER A, SYRIAC HBASA-ESASA DOTTED, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 073D 0062;00E0 05AE 073D 0315 0062;0061 05AE 0300 073D 0315 0062;00E0 05AE 073D 0315 0062;0061 05AE 0300 073D 0315 0062; # (a◌̕◌̀◌֮◌ܽb; à◌֮◌ܽ◌̕b; a◌֮◌̀◌ܽ◌̕b; à◌֮◌ܽ◌̕b; a◌֮◌̀◌ܽ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, SYRIAC ESASA ABOVE, LATIN SMALL LETTER B +0061 073D 0315 0300 05AE 0062;0061 05AE 073D 0300 0315 0062;0061 05AE 073D 0300 0315 0062;0061 05AE 073D 0300 0315 0062;0061 05AE 073D 0300 0315 0062; # (a◌ܽ◌̕◌̀◌֮b; a◌֮◌ܽ◌̀◌̕b; a◌֮◌ܽ◌̀◌̕b; a◌֮◌ܽ◌̀◌̕b; a◌֮◌ܽ◌̀◌̕b; ) LATIN SMALL LETTER A, SYRIAC ESASA ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 073E 0062;0061 302A 0316 073E 059A 0062;0061 302A 0316 073E 059A 0062;0061 302A 0316 073E 059A 0062;0061 302A 0316 073E 059A 0062; # (a◌֚◌̖◌〪◌ܾb; a◌〪◌̖◌ܾ◌֚b; a◌〪◌̖◌ܾ◌֚b; a◌〪◌̖◌ܾ◌֚b; a◌〪◌̖◌ܾ◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, SYRIAC ESASA BELOW, LATIN SMALL LETTER B +0061 073E 059A 0316 302A 0062;0061 302A 073E 0316 059A 0062;0061 302A 073E 0316 059A 0062;0061 302A 073E 0316 059A 0062;0061 302A 073E 0316 059A 0062; # (a◌ܾ◌֚◌̖◌〪b; a◌〪◌ܾ◌̖◌֚b; a◌〪◌ܾ◌̖◌֚b; a◌〪◌ܾ◌̖◌֚b; a◌〪◌ܾ◌̖◌֚b; ) LATIN SMALL LETTER A, SYRIAC ESASA BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 073F 0062;00E0 05AE 073F 0315 0062;0061 05AE 0300 073F 0315 0062;00E0 05AE 073F 0315 0062;0061 05AE 0300 073F 0315 0062; # (a◌̕◌̀◌֮◌ܿb; à◌֮◌ܿ◌̕b; a◌֮◌̀◌ܿ◌̕b; à◌֮◌ܿ◌̕b; a◌֮◌̀◌ܿ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, SYRIAC RWAHA, LATIN SMALL LETTER B +0061 073F 0315 0300 05AE 0062;0061 05AE 073F 0300 0315 0062;0061 05AE 073F 0300 0315 0062;0061 05AE 073F 0300 0315 0062;0061 05AE 073F 0300 0315 0062; # (a◌ܿ◌̕◌̀◌֮b; a◌֮◌ܿ◌̀◌̕b; a◌֮◌ܿ◌̀◌̕b; a◌֮◌ܿ◌̀◌̕b; a◌֮◌ܿ◌̀◌̕b; ) LATIN SMALL LETTER A, SYRIAC RWAHA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0740 0062;00E0 05AE 0740 0315 0062;0061 05AE 0300 0740 0315 0062;00E0 05AE 0740 0315 0062;0061 05AE 0300 0740 0315 0062; # (a◌̕◌̀◌֮◌݀b; à◌֮◌݀◌̕b; a◌֮◌̀◌݀◌̕b; à◌֮◌݀◌̕b; a◌֮◌̀◌݀◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, SYRIAC FEMININE DOT, LATIN SMALL LETTER B +0061 0740 0315 0300 05AE 0062;0061 05AE 0740 0300 0315 0062;0061 05AE 0740 0300 0315 0062;0061 05AE 0740 0300 0315 0062;0061 05AE 0740 0300 0315 0062; # (a◌݀◌̕◌̀◌֮b; a◌֮◌݀◌̀◌̕b; a◌֮◌݀◌̀◌̕b; a◌֮◌݀◌̀◌̕b; a◌֮◌݀◌̀◌̕b; ) LATIN SMALL LETTER A, SYRIAC FEMININE DOT, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0741 0062;00E0 05AE 0741 0315 0062;0061 05AE 0300 0741 0315 0062;00E0 05AE 0741 0315 0062;0061 05AE 0300 0741 0315 0062; # (a◌̕◌̀◌֮◌Ýb; à◌֮◌Ý◌̕b; a◌֮◌̀◌Ý◌̕b; à◌֮◌Ý◌̕b; a◌֮◌̀◌Ý◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, SYRIAC QUSHSHAYA, LATIN SMALL LETTER B +0061 0741 0315 0300 05AE 0062;0061 05AE 0741 0300 0315 0062;0061 05AE 0741 0300 0315 0062;0061 05AE 0741 0300 0315 0062;0061 05AE 0741 0300 0315 0062; # (aâ—ŒÝ◌̕◌̀◌֮b; a◌֮◌Ý◌̀◌̕b; a◌֮◌Ý◌̀◌̕b; a◌֮◌Ý◌̀◌̕b; a◌֮◌Ý◌̀◌̕b; ) LATIN SMALL LETTER A, SYRIAC QUSHSHAYA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 0742 0062;0061 302A 0316 0742 059A 0062;0061 302A 0316 0742 059A 0062;0061 302A 0316 0742 059A 0062;0061 302A 0316 0742 059A 0062; # (a◌֚◌̖◌〪◌݂b; a◌〪◌̖◌݂◌֚b; a◌〪◌̖◌݂◌֚b; a◌〪◌̖◌݂◌֚b; a◌〪◌̖◌݂◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, SYRIAC RUKKAKHA, LATIN SMALL LETTER B +0061 0742 059A 0316 302A 0062;0061 302A 0742 0316 059A 0062;0061 302A 0742 0316 059A 0062;0061 302A 0742 0316 059A 0062;0061 302A 0742 0316 059A 0062; # (a◌݂◌֚◌̖◌〪b; a◌〪◌݂◌̖◌֚b; a◌〪◌݂◌̖◌֚b; a◌〪◌݂◌̖◌֚b; a◌〪◌݂◌̖◌֚b; ) LATIN SMALL LETTER A, SYRIAC RUKKAKHA, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 0743 0062;00E0 05AE 0743 0315 0062;0061 05AE 0300 0743 0315 0062;00E0 05AE 0743 0315 0062;0061 05AE 0300 0743 0315 0062; # (a◌̕◌̀◌֮◌݃b; à◌֮◌݃◌̕b; a◌֮◌̀◌݃◌̕b; à◌֮◌݃◌̕b; a◌֮◌̀◌݃◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, SYRIAC TWO VERTICAL DOTS ABOVE, LATIN SMALL LETTER B +0061 0743 0315 0300 05AE 0062;0061 05AE 0743 0300 0315 0062;0061 05AE 0743 0300 0315 0062;0061 05AE 0743 0300 0315 0062;0061 05AE 0743 0300 0315 0062; # (a◌݃◌̕◌̀◌֮b; a◌֮◌݃◌̀◌̕b; a◌֮◌݃◌̀◌̕b; a◌֮◌݃◌̀◌̕b; a◌֮◌݃◌̀◌̕b; ) LATIN SMALL LETTER A, SYRIAC TWO VERTICAL DOTS ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 0744 0062;0061 302A 0316 0744 059A 0062;0061 302A 0316 0744 059A 0062;0061 302A 0316 0744 059A 0062;0061 302A 0316 0744 059A 0062; # (a◌֚◌̖◌〪◌݄b; a◌〪◌̖◌݄◌֚b; a◌〪◌̖◌݄◌֚b; a◌〪◌̖◌݄◌֚b; a◌〪◌̖◌݄◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, SYRIAC TWO VERTICAL DOTS BELOW, LATIN SMALL LETTER B +0061 0744 059A 0316 302A 0062;0061 302A 0744 0316 059A 0062;0061 302A 0744 0316 059A 0062;0061 302A 0744 0316 059A 0062;0061 302A 0744 0316 059A 0062; # (a◌݄◌֚◌̖◌〪b; a◌〪◌݄◌̖◌֚b; a◌〪◌݄◌̖◌֚b; a◌〪◌݄◌̖◌֚b; a◌〪◌݄◌̖◌֚b; ) LATIN SMALL LETTER A, SYRIAC TWO VERTICAL DOTS BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 0745 0062;00E0 05AE 0745 0315 0062;0061 05AE 0300 0745 0315 0062;00E0 05AE 0745 0315 0062;0061 05AE 0300 0745 0315 0062; # (a◌̕◌̀◌֮◌݅b; à◌֮◌݅◌̕b; a◌֮◌̀◌݅◌̕b; à◌֮◌݅◌̕b; a◌֮◌̀◌݅◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, SYRIAC THREE DOTS ABOVE, LATIN SMALL LETTER B +0061 0745 0315 0300 05AE 0062;0061 05AE 0745 0300 0315 0062;0061 05AE 0745 0300 0315 0062;0061 05AE 0745 0300 0315 0062;0061 05AE 0745 0300 0315 0062; # (a◌݅◌̕◌̀◌֮b; a◌֮◌݅◌̀◌̕b; a◌֮◌݅◌̀◌̕b; a◌֮◌݅◌̀◌̕b; a◌֮◌݅◌̀◌̕b; ) LATIN SMALL LETTER A, SYRIAC THREE DOTS ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 0746 0062;0061 302A 0316 0746 059A 0062;0061 302A 0316 0746 059A 0062;0061 302A 0316 0746 059A 0062;0061 302A 0316 0746 059A 0062; # (a◌֚◌̖◌〪◌݆b; a◌〪◌̖◌݆◌֚b; a◌〪◌̖◌݆◌֚b; a◌〪◌̖◌݆◌֚b; a◌〪◌̖◌݆◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, SYRIAC THREE DOTS BELOW, LATIN SMALL LETTER B +0061 0746 059A 0316 302A 0062;0061 302A 0746 0316 059A 0062;0061 302A 0746 0316 059A 0062;0061 302A 0746 0316 059A 0062;0061 302A 0746 0316 059A 0062; # (a◌݆◌֚◌̖◌〪b; a◌〪◌݆◌̖◌֚b; a◌〪◌݆◌̖◌֚b; a◌〪◌݆◌̖◌֚b; a◌〪◌݆◌̖◌֚b; ) LATIN SMALL LETTER A, SYRIAC THREE DOTS BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 0747 0062;00E0 05AE 0747 0315 0062;0061 05AE 0300 0747 0315 0062;00E0 05AE 0747 0315 0062;0061 05AE 0300 0747 0315 0062; # (a◌̕◌̀◌֮◌݇b; à◌֮◌݇◌̕b; a◌֮◌̀◌݇◌̕b; à◌֮◌݇◌̕b; a◌֮◌̀◌݇◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, SYRIAC OBLIQUE LINE ABOVE, LATIN SMALL LETTER B +0061 0747 0315 0300 05AE 0062;0061 05AE 0747 0300 0315 0062;0061 05AE 0747 0300 0315 0062;0061 05AE 0747 0300 0315 0062;0061 05AE 0747 0300 0315 0062; # (a◌݇◌̕◌̀◌֮b; a◌֮◌݇◌̀◌̕b; a◌֮◌݇◌̀◌̕b; a◌֮◌݇◌̀◌̕b; a◌֮◌݇◌̀◌̕b; ) LATIN SMALL LETTER A, SYRIAC OBLIQUE LINE ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 0748 0062;0061 302A 0316 0748 059A 0062;0061 302A 0316 0748 059A 0062;0061 302A 0316 0748 059A 0062;0061 302A 0316 0748 059A 0062; # (a◌֚◌̖◌〪◌݈b; a◌〪◌̖◌݈◌֚b; a◌〪◌̖◌݈◌֚b; a◌〪◌̖◌݈◌֚b; a◌〪◌̖◌݈◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, SYRIAC OBLIQUE LINE BELOW, LATIN SMALL LETTER B +0061 0748 059A 0316 302A 0062;0061 302A 0748 0316 059A 0062;0061 302A 0748 0316 059A 0062;0061 302A 0748 0316 059A 0062;0061 302A 0748 0316 059A 0062; # (a◌݈◌֚◌̖◌〪b; a◌〪◌݈◌̖◌֚b; a◌〪◌݈◌̖◌֚b; a◌〪◌݈◌̖◌֚b; a◌〪◌݈◌̖◌֚b; ) LATIN SMALL LETTER A, SYRIAC OBLIQUE LINE BELOW, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 0749 0062;00E0 05AE 0749 0315 0062;0061 05AE 0300 0749 0315 0062;00E0 05AE 0749 0315 0062;0061 05AE 0300 0749 0315 0062; # (a◌̕◌̀◌֮◌݉b; à◌֮◌݉◌̕b; a◌֮◌̀◌݉◌̕b; à◌֮◌݉◌̕b; a◌֮◌̀◌݉◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, SYRIAC MUSIC, LATIN SMALL LETTER B +0061 0749 0315 0300 05AE 0062;0061 05AE 0749 0300 0315 0062;0061 05AE 0749 0300 0315 0062;0061 05AE 0749 0300 0315 0062;0061 05AE 0749 0300 0315 0062; # (a◌݉◌̕◌̀◌֮b; a◌֮◌݉◌̀◌̕b; a◌֮◌݉◌̀◌̕b; a◌֮◌݉◌̀◌̕b; a◌֮◌݉◌̀◌̕b; ) LATIN SMALL LETTER A, SYRIAC MUSIC, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 074A 0062;00E0 05AE 074A 0315 0062;0061 05AE 0300 074A 0315 0062;00E0 05AE 074A 0315 0062;0061 05AE 0300 074A 0315 0062; # (a◌̕◌̀◌֮◌݊b; à◌֮◌݊◌̕b; a◌֮◌̀◌݊◌̕b; à◌֮◌݊◌̕b; a◌֮◌̀◌݊◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, SYRIAC BARREKH, LATIN SMALL LETTER B +0061 074A 0315 0300 05AE 0062;0061 05AE 074A 0300 0315 0062;0061 05AE 074A 0300 0315 0062;0061 05AE 074A 0300 0315 0062;0061 05AE 074A 0300 0315 0062; # (a◌݊◌̕◌̀◌֮b; a◌֮◌݊◌̀◌̕b; a◌֮◌݊◌̀◌̕b; a◌֮◌݊◌̀◌̕b; a◌֮◌݊◌̀◌̕b; ) LATIN SMALL LETTER A, SYRIAC BARREKH, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 3099 093C 0334 093C 0062;0061 0334 093C 093C 3099 0062;0061 0334 093C 093C 3099 0062;0061 0334 093C 093C 3099 0062;0061 0334 093C 093C 3099 0062; # (a◌゙◌़◌̴◌़b; a◌̴◌़◌़◌゙b; a◌̴◌़◌़◌゙b; a◌̴◌़◌़◌゙b; a◌̴◌़◌़◌゙b; ) LATIN SMALL LETTER A, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, DEVANAGARI SIGN NUKTA, LATIN SMALL LETTER B +0061 093C 3099 093C 0334 0062;0061 0334 093C 093C 3099 0062;0061 0334 093C 093C 3099 0062;0061 0334 093C 093C 3099 0062;0061 0334 093C 093C 3099 0062; # (a◌़◌゙◌़◌̴b; a◌̴◌़◌़◌゙b; a◌̴◌़◌़◌゙b; a◌̴◌़◌़◌゙b; a◌̴◌़◌़◌゙b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 05B0 094D 3099 094D 0062;0061 3099 094D 094D 05B0 0062;0061 3099 094D 094D 05B0 0062;0061 3099 094D 094D 05B0 0062;0061 3099 094D 094D 05B0 0062; # (a◌ְ◌à¥â—Œã‚™â—Œà¥b; a◌゙◌à¥â—Œà¥â—ŒÖ°b; a◌゙◌à¥â—Œà¥â—ŒÖ°b; a◌゙◌à¥â—Œà¥â—ŒÖ°b; a◌゙◌à¥â—Œà¥â—ŒÖ°b; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN VIRAMA, LATIN SMALL LETTER B +0061 094D 05B0 094D 3099 0062;0061 3099 094D 094D 05B0 0062;0061 3099 094D 094D 05B0 0062;0061 3099 094D 094D 05B0 0062;0061 3099 094D 094D 05B0 0062; # (aâ—Œà¥â—ŒÖ°â—Œà¥â—Œã‚™b; a◌゙◌à¥â—Œà¥â—ŒÖ°b; a◌゙◌à¥â—Œà¥â—ŒÖ°b; a◌゙◌à¥â—Œà¥â—ŒÖ°b; a◌゙◌à¥â—Œà¥â—ŒÖ°b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN VIRAMA, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 0951 0062;00E0 05AE 0951 0315 0062;0061 05AE 0300 0951 0315 0062;00E0 05AE 0951 0315 0062;0061 05AE 0300 0951 0315 0062; # (a◌̕◌̀◌֮◌॑b; à◌֮◌॑◌̕b; a◌֮◌̀◌॑◌̕b; à◌֮◌॑◌̕b; a◌֮◌̀◌॑◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, DEVANAGARI STRESS SIGN UDATTA, LATIN SMALL LETTER B +0061 0951 0315 0300 05AE 0062;0061 05AE 0951 0300 0315 0062;0061 05AE 0951 0300 0315 0062;0061 05AE 0951 0300 0315 0062;0061 05AE 0951 0300 0315 0062; # (a◌॑◌̕◌̀◌֮b; a◌֮◌॑◌̀◌̕b; a◌֮◌॑◌̀◌̕b; a◌֮◌॑◌̀◌̕b; a◌֮◌॑◌̀◌̕b; ) LATIN SMALL LETTER A, DEVANAGARI STRESS SIGN UDATTA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 0952 0062;0061 302A 0316 0952 059A 0062;0061 302A 0316 0952 059A 0062;0061 302A 0316 0952 059A 0062;0061 302A 0316 0952 059A 0062; # (a◌֚◌̖◌〪◌॒b; a◌〪◌̖◌॒◌֚b; a◌〪◌̖◌॒◌֚b; a◌〪◌̖◌॒◌֚b; a◌〪◌̖◌॒◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, DEVANAGARI STRESS SIGN ANUDATTA, LATIN SMALL LETTER B +0061 0952 059A 0316 302A 0062;0061 302A 0952 0316 059A 0062;0061 302A 0952 0316 059A 0062;0061 302A 0952 0316 059A 0062;0061 302A 0952 0316 059A 0062; # (a◌॒◌֚◌̖◌〪b; a◌〪◌॒◌̖◌֚b; a◌〪◌॒◌̖◌֚b; a◌〪◌॒◌̖◌֚b; a◌〪◌॒◌̖◌֚b; ) LATIN SMALL LETTER A, DEVANAGARI STRESS SIGN ANUDATTA, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 0953 0062;00E0 05AE 0953 0315 0062;0061 05AE 0300 0953 0315 0062;00E0 05AE 0953 0315 0062;0061 05AE 0300 0953 0315 0062; # (a◌̕◌̀◌֮◌॓b; à◌֮◌॓◌̕b; a◌֮◌̀◌॓◌̕b; à◌֮◌॓◌̕b; a◌֮◌̀◌॓◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, DEVANAGARI GRAVE ACCENT, LATIN SMALL LETTER B +0061 0953 0315 0300 05AE 0062;0061 05AE 0953 0300 0315 0062;0061 05AE 0953 0300 0315 0062;0061 05AE 0953 0300 0315 0062;0061 05AE 0953 0300 0315 0062; # (a◌॓◌̕◌̀◌֮b; a◌֮◌॓◌̀◌̕b; a◌֮◌॓◌̀◌̕b; a◌֮◌॓◌̀◌̕b; a◌֮◌॓◌̀◌̕b; ) LATIN SMALL LETTER A, DEVANAGARI GRAVE ACCENT, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0954 0062;00E0 05AE 0954 0315 0062;0061 05AE 0300 0954 0315 0062;00E0 05AE 0954 0315 0062;0061 05AE 0300 0954 0315 0062; # (a◌̕◌̀◌֮◌॔b; à◌֮◌॔◌̕b; a◌֮◌̀◌॔◌̕b; à◌֮◌॔◌̕b; a◌֮◌̀◌॔◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, DEVANAGARI ACUTE ACCENT, LATIN SMALL LETTER B +0061 0954 0315 0300 05AE 0062;0061 05AE 0954 0300 0315 0062;0061 05AE 0954 0300 0315 0062;0061 05AE 0954 0300 0315 0062;0061 05AE 0954 0300 0315 0062; # (a◌॔◌̕◌̀◌֮b; a◌֮◌॔◌̀◌̕b; a◌֮◌॔◌̀◌̕b; a◌֮◌॔◌̀◌̕b; a◌֮◌॔◌̀◌̕b; ) LATIN SMALL LETTER A, DEVANAGARI ACUTE ACCENT, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 3099 093C 0334 09BC 0062;0061 0334 093C 09BC 3099 0062;0061 0334 093C 09BC 3099 0062;0061 0334 093C 09BC 3099 0062;0061 0334 093C 09BC 3099 0062; # (a◌゙◌़◌̴◌়b; a◌̴◌़◌়◌゙b; a◌̴◌़◌়◌゙b; a◌̴◌़◌়◌゙b; a◌̴◌़◌়◌゙b; ) LATIN SMALL LETTER A, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, BENGALI SIGN NUKTA, LATIN SMALL LETTER B +0061 09BC 3099 093C 0334 0062;0061 0334 09BC 093C 3099 0062;0061 0334 09BC 093C 3099 0062;0061 0334 09BC 093C 3099 0062;0061 0334 09BC 093C 3099 0062; # (a◌়◌゙◌़◌̴b; a◌̴◌়◌़◌゙b; a◌̴◌়◌़◌゙b; a◌̴◌়◌़◌゙b; a◌̴◌়◌़◌゙b; ) LATIN SMALL LETTER A, BENGALI SIGN NUKTA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 05B0 094D 3099 09CD 0062;0061 3099 094D 09CD 05B0 0062;0061 3099 094D 09CD 05B0 0062;0061 3099 094D 09CD 05B0 0062;0061 3099 094D 09CD 05B0 0062; # (a◌ְ◌à¥â—Œã‚™â—Œà§b; a◌゙◌à¥â—Œà§â—ŒÖ°b; a◌゙◌à¥â—Œà§â—ŒÖ°b; a◌゙◌à¥â—Œà§â—ŒÖ°b; a◌゙◌à¥â—Œà§â—ŒÖ°b; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, BENGALI SIGN VIRAMA, LATIN SMALL LETTER B +0061 09CD 05B0 094D 3099 0062;0061 3099 09CD 094D 05B0 0062;0061 3099 09CD 094D 05B0 0062;0061 3099 09CD 094D 05B0 0062;0061 3099 09CD 094D 05B0 0062; # (aâ—Œà§â—ŒÖ°â—Œà¥â—Œã‚™b; a◌゙◌à§â—Œà¥â—ŒÖ°b; a◌゙◌à§â—Œà¥â—ŒÖ°b; a◌゙◌à§â—Œà¥â—ŒÖ°b; a◌゙◌à§â—Œà¥â—ŒÖ°b; ) LATIN SMALL LETTER A, BENGALI SIGN VIRAMA, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 3099 093C 0334 0A3C 0062;0061 0334 093C 0A3C 3099 0062;0061 0334 093C 0A3C 3099 0062;0061 0334 093C 0A3C 3099 0062;0061 0334 093C 0A3C 3099 0062; # (a◌゙◌़◌̴◌਼b; a◌̴◌़◌਼◌゙b; a◌̴◌़◌਼◌゙b; a◌̴◌़◌਼◌゙b; a◌̴◌़◌਼◌゙b; ) LATIN SMALL LETTER A, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, GURMUKHI SIGN NUKTA, LATIN SMALL LETTER B +0061 0A3C 3099 093C 0334 0062;0061 0334 0A3C 093C 3099 0062;0061 0334 0A3C 093C 3099 0062;0061 0334 0A3C 093C 3099 0062;0061 0334 0A3C 093C 3099 0062; # (a◌਼◌゙◌़◌̴b; a◌̴◌਼◌़◌゙b; a◌̴◌਼◌़◌゙b; a◌̴◌਼◌़◌゙b; a◌̴◌਼◌़◌゙b; ) LATIN SMALL LETTER A, GURMUKHI SIGN NUKTA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 05B0 094D 3099 0A4D 0062;0061 3099 094D 0A4D 05B0 0062;0061 3099 094D 0A4D 05B0 0062;0061 3099 094D 0A4D 05B0 0062;0061 3099 094D 0A4D 05B0 0062; # (a◌ְ◌à¥â—Œã‚™â—Œà©b; a◌゙◌à¥â—Œà©â—ŒÖ°b; a◌゙◌à¥â—Œà©â—ŒÖ°b; a◌゙◌à¥â—Œà©â—ŒÖ°b; a◌゙◌à¥â—Œà©â—ŒÖ°b; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, GURMUKHI SIGN VIRAMA, LATIN SMALL LETTER B +0061 0A4D 05B0 094D 3099 0062;0061 3099 0A4D 094D 05B0 0062;0061 3099 0A4D 094D 05B0 0062;0061 3099 0A4D 094D 05B0 0062;0061 3099 0A4D 094D 05B0 0062; # (aâ—Œà©â—ŒÖ°â—Œà¥â—Œã‚™b; a◌゙◌à©â—Œà¥â—ŒÖ°b; a◌゙◌à©â—Œà¥â—ŒÖ°b; a◌゙◌à©â—Œà¥â—ŒÖ°b; a◌゙◌à©â—Œà¥â—ŒÖ°b; ) LATIN SMALL LETTER A, GURMUKHI SIGN VIRAMA, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 3099 093C 0334 0ABC 0062;0061 0334 093C 0ABC 3099 0062;0061 0334 093C 0ABC 3099 0062;0061 0334 093C 0ABC 3099 0062;0061 0334 093C 0ABC 3099 0062; # (a◌゙◌़◌̴◌઼b; a◌̴◌़◌઼◌゙b; a◌̴◌़◌઼◌゙b; a◌̴◌़◌઼◌゙b; a◌̴◌़◌઼◌゙b; ) LATIN SMALL LETTER A, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, GUJARATI SIGN NUKTA, LATIN SMALL LETTER B +0061 0ABC 3099 093C 0334 0062;0061 0334 0ABC 093C 3099 0062;0061 0334 0ABC 093C 3099 0062;0061 0334 0ABC 093C 3099 0062;0061 0334 0ABC 093C 3099 0062; # (a◌઼◌゙◌़◌̴b; a◌̴◌઼◌़◌゙b; a◌̴◌઼◌़◌゙b; a◌̴◌઼◌़◌゙b; a◌̴◌઼◌़◌゙b; ) LATIN SMALL LETTER A, GUJARATI SIGN NUKTA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 05B0 094D 3099 0ACD 0062;0061 3099 094D 0ACD 05B0 0062;0061 3099 094D 0ACD 05B0 0062;0061 3099 094D 0ACD 05B0 0062;0061 3099 094D 0ACD 05B0 0062; # (a◌ְ◌à¥â—Œã‚™â—Œà«b; a◌゙◌à¥â—Œà«â—ŒÖ°b; a◌゙◌à¥â—Œà«â—ŒÖ°b; a◌゙◌à¥â—Œà«â—ŒÖ°b; a◌゙◌à¥â—Œà«â—ŒÖ°b; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, GUJARATI SIGN VIRAMA, LATIN SMALL LETTER B +0061 0ACD 05B0 094D 3099 0062;0061 3099 0ACD 094D 05B0 0062;0061 3099 0ACD 094D 05B0 0062;0061 3099 0ACD 094D 05B0 0062;0061 3099 0ACD 094D 05B0 0062; # (aâ—Œà«â—ŒÖ°â—Œà¥â—Œã‚™b; a◌゙◌à«â—Œà¥â—ŒÖ°b; a◌゙◌à«â—Œà¥â—ŒÖ°b; a◌゙◌à«â—Œà¥â—ŒÖ°b; a◌゙◌à«â—Œà¥â—ŒÖ°b; ) LATIN SMALL LETTER A, GUJARATI SIGN VIRAMA, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 3099 093C 0334 0B3C 0062;0061 0334 093C 0B3C 3099 0062;0061 0334 093C 0B3C 3099 0062;0061 0334 093C 0B3C 3099 0062;0061 0334 093C 0B3C 3099 0062; # (a◌゙◌़◌̴◌଼b; a◌̴◌़◌଼◌゙b; a◌̴◌़◌଼◌゙b; a◌̴◌़◌଼◌゙b; a◌̴◌़◌଼◌゙b; ) LATIN SMALL LETTER A, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, ORIYA SIGN NUKTA, LATIN SMALL LETTER B +0061 0B3C 3099 093C 0334 0062;0061 0334 0B3C 093C 3099 0062;0061 0334 0B3C 093C 3099 0062;0061 0334 0B3C 093C 3099 0062;0061 0334 0B3C 093C 3099 0062; # (a◌଼◌゙◌़◌̴b; a◌̴◌଼◌़◌゙b; a◌̴◌଼◌़◌゙b; a◌̴◌଼◌़◌゙b; a◌̴◌଼◌़◌゙b; ) LATIN SMALL LETTER A, ORIYA SIGN NUKTA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 05B0 094D 3099 0B4D 0062;0061 3099 094D 0B4D 05B0 0062;0061 3099 094D 0B4D 05B0 0062;0061 3099 094D 0B4D 05B0 0062;0061 3099 094D 0B4D 05B0 0062; # (a◌ְ◌à¥â—Œã‚™â—Œà­b; a◌゙◌à¥â—Œà­â—ŒÖ°b; a◌゙◌à¥â—Œà­â—ŒÖ°b; a◌゙◌à¥â—Œà­â—ŒÖ°b; a◌゙◌à¥â—Œà­â—ŒÖ°b; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, ORIYA SIGN VIRAMA, LATIN SMALL LETTER B +0061 0B4D 05B0 094D 3099 0062;0061 3099 0B4D 094D 05B0 0062;0061 3099 0B4D 094D 05B0 0062;0061 3099 0B4D 094D 05B0 0062;0061 3099 0B4D 094D 05B0 0062; # (aâ—Œà­â—ŒÖ°â—Œà¥â—Œã‚™b; a◌゙◌à­â—Œà¥â—ŒÖ°b; a◌゙◌à­â—Œà¥â—ŒÖ°b; a◌゙◌à­â—Œà¥â—ŒÖ°b; a◌゙◌à­â—Œà¥â—ŒÖ°b; ) LATIN SMALL LETTER A, ORIYA SIGN VIRAMA, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 05B0 094D 3099 0BCD 0062;0061 3099 094D 0BCD 05B0 0062;0061 3099 094D 0BCD 05B0 0062;0061 3099 094D 0BCD 05B0 0062;0061 3099 094D 0BCD 05B0 0062; # (a◌ְ◌à¥â—Œã‚™â—Œà¯b; a◌゙◌à¥â—Œà¯â—ŒÖ°b; a◌゙◌à¥â—Œà¯â—ŒÖ°b; a◌゙◌à¥â—Œà¯â—ŒÖ°b; a◌゙◌à¥â—Œà¯â—ŒÖ°b; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, TAMIL SIGN VIRAMA, LATIN SMALL LETTER B +0061 0BCD 05B0 094D 3099 0062;0061 3099 0BCD 094D 05B0 0062;0061 3099 0BCD 094D 05B0 0062;0061 3099 0BCD 094D 05B0 0062;0061 3099 0BCD 094D 05B0 0062; # (aâ—Œà¯â—ŒÖ°â—Œà¥â—Œã‚™b; a◌゙◌à¯â—Œà¥â—ŒÖ°b; a◌゙◌à¯â—Œà¥â—ŒÖ°b; a◌゙◌à¯â—Œà¥â—ŒÖ°b; a◌゙◌à¯â—Œà¥â—ŒÖ°b; ) LATIN SMALL LETTER A, TAMIL SIGN VIRAMA, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 05B0 094D 3099 0C4D 0062;0061 3099 094D 0C4D 05B0 0062;0061 3099 094D 0C4D 05B0 0062;0061 3099 094D 0C4D 05B0 0062;0061 3099 094D 0C4D 05B0 0062; # (a◌ְ◌à¥â—Œã‚™â—Œà±b; a◌゙◌à¥â—Œà±â—ŒÖ°b; a◌゙◌à¥â—Œà±â—ŒÖ°b; a◌゙◌à¥â—Œà±â—ŒÖ°b; a◌゙◌à¥â—Œà±â—ŒÖ°b; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, TELUGU SIGN VIRAMA, LATIN SMALL LETTER B +0061 0C4D 05B0 094D 3099 0062;0061 3099 0C4D 094D 05B0 0062;0061 3099 0C4D 094D 05B0 0062;0061 3099 0C4D 094D 05B0 0062;0061 3099 0C4D 094D 05B0 0062; # (aâ—Œà±â—ŒÖ°â—Œà¥â—Œã‚™b; a◌゙◌à±â—Œà¥â—ŒÖ°b; a◌゙◌à±â—Œà¥â—ŒÖ°b; a◌゙◌à±â—Œà¥â—ŒÖ°b; a◌゙◌à±â—Œà¥â—ŒÖ°b; ) LATIN SMALL LETTER A, TELUGU SIGN VIRAMA, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 0C56 0C55 0711 0C55 0062;0061 0711 0C55 0C55 0C56 0062;0061 0711 0C55 0C55 0C56 0062;0061 0711 0C55 0C55 0C56 0062;0061 0711 0C55 0C55 0C56 0062; # (a◌ౖ◌ౕ◌ܑ◌ౕb; a◌ܑ◌ౕ◌ౕ◌ౖb; a◌ܑ◌ౕ◌ౕ◌ౖb; a◌ܑ◌ౕ◌ౕ◌ౖb; a◌ܑ◌ౕ◌ౕ◌ౖb; ) LATIN SMALL LETTER A, TELUGU AI LENGTH MARK, TELUGU LENGTH MARK, SYRIAC LETTER SUPERSCRIPT ALAPH, TELUGU LENGTH MARK, LATIN SMALL LETTER B +0061 0C55 0C56 0C55 0711 0062;0061 0711 0C55 0C55 0C56 0062;0061 0711 0C55 0C55 0C56 0062;0061 0711 0C55 0C55 0C56 0062;0061 0711 0C55 0C55 0C56 0062; # (a◌ౕ◌ౖ◌ౕ◌ܑb; a◌ܑ◌ౕ◌ౕ◌ౖb; a◌ܑ◌ౕ◌ౕ◌ౖb; a◌ܑ◌ౕ◌ౕ◌ౖb; a◌ܑ◌ౕ◌ౕ◌ౖb; ) LATIN SMALL LETTER A, TELUGU LENGTH MARK, TELUGU AI LENGTH MARK, TELUGU LENGTH MARK, SYRIAC LETTER SUPERSCRIPT ALAPH, LATIN SMALL LETTER B +0061 0E38 0C56 0C55 0C56 0062;0061 0C55 0C56 0C56 0E38 0062;0061 0C55 0C56 0C56 0E38 0062;0061 0C55 0C56 0C56 0E38 0062;0061 0C55 0C56 0C56 0E38 0062; # (a◌ุ◌ౖ◌ౕ◌ౖb; a◌ౕ◌ౖ◌ౖ◌ุb; a◌ౕ◌ౖ◌ౖ◌ุb; a◌ౕ◌ౖ◌ౖ◌ุb; a◌ౕ◌ౖ◌ౖ◌ุb; ) LATIN SMALL LETTER A, THAI CHARACTER SARA U, TELUGU AI LENGTH MARK, TELUGU LENGTH MARK, TELUGU AI LENGTH MARK, LATIN SMALL LETTER B +0061 0C56 0E38 0C56 0C55 0062;0061 0C55 0C56 0C56 0E38 0062;0061 0C55 0C56 0C56 0E38 0062;0061 0C55 0C56 0C56 0E38 0062;0061 0C55 0C56 0C56 0E38 0062; # (a◌ౖ◌ุ◌ౖ◌ౕb; a◌ౕ◌ౖ◌ౖ◌ุb; a◌ౕ◌ౖ◌ౖ◌ุb; a◌ౕ◌ౖ◌ౖ◌ุb; a◌ౕ◌ౖ◌ౖ◌ุb; ) LATIN SMALL LETTER A, TELUGU AI LENGTH MARK, THAI CHARACTER SARA U, TELUGU AI LENGTH MARK, TELUGU LENGTH MARK, LATIN SMALL LETTER B +0061 3099 093C 0334 0CBC 0062;0061 0334 093C 0CBC 3099 0062;0061 0334 093C 0CBC 3099 0062;0061 0334 093C 0CBC 3099 0062;0061 0334 093C 0CBC 3099 0062; # (a◌゙◌़◌̴◌಼b; a◌̴◌़◌಼◌゙b; a◌̴◌़◌಼◌゙b; a◌̴◌़◌಼◌゙b; a◌̴◌़◌಼◌゙b; ) LATIN SMALL LETTER A, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, KANNADA SIGN NUKTA, LATIN SMALL LETTER B +0061 0CBC 3099 093C 0334 0062;0061 0334 0CBC 093C 3099 0062;0061 0334 0CBC 093C 3099 0062;0061 0334 0CBC 093C 3099 0062;0061 0334 0CBC 093C 3099 0062; # (a◌಼◌゙◌़◌̴b; a◌̴◌಼◌़◌゙b; a◌̴◌಼◌़◌゙b; a◌̴◌಼◌़◌゙b; a◌̴◌಼◌़◌゙b; ) LATIN SMALL LETTER A, KANNADA SIGN NUKTA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 05B0 094D 3099 0CCD 0062;0061 3099 094D 0CCD 05B0 0062;0061 3099 094D 0CCD 05B0 0062;0061 3099 094D 0CCD 05B0 0062;0061 3099 094D 0CCD 05B0 0062; # (a◌ְ◌à¥â—Œã‚™â—Œà³b; a◌゙◌à¥â—Œà³â—ŒÖ°b; a◌゙◌à¥â—Œà³â—ŒÖ°b; a◌゙◌à¥â—Œà³â—ŒÖ°b; a◌゙◌à¥â—Œà³â—ŒÖ°b; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, KANNADA SIGN VIRAMA, LATIN SMALL LETTER B +0061 0CCD 05B0 094D 3099 0062;0061 3099 0CCD 094D 05B0 0062;0061 3099 0CCD 094D 05B0 0062;0061 3099 0CCD 094D 05B0 0062;0061 3099 0CCD 094D 05B0 0062; # (aâ—Œà³â—ŒÖ°â—Œà¥â—Œã‚™b; a◌゙◌à³â—Œà¥â—ŒÖ°b; a◌゙◌à³â—Œà¥â—ŒÖ°b; a◌゙◌à³â—Œà¥â—ŒÖ°b; a◌゙◌à³â—Œà¥â—ŒÖ°b; ) LATIN SMALL LETTER A, KANNADA SIGN VIRAMA, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 05B0 094D 3099 0D4D 0062;0061 3099 094D 0D4D 05B0 0062;0061 3099 094D 0D4D 05B0 0062;0061 3099 094D 0D4D 05B0 0062;0061 3099 094D 0D4D 05B0 0062; # (a◌ְ◌à¥â—Œã‚™â—Œàµb; a◌゙◌à¥â—Œàµâ—ŒÖ°b; a◌゙◌à¥â—Œàµâ—ŒÖ°b; a◌゙◌à¥â—Œàµâ—ŒÖ°b; a◌゙◌à¥â—Œàµâ—ŒÖ°b; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, MALAYALAM SIGN VIRAMA, LATIN SMALL LETTER B +0061 0D4D 05B0 094D 3099 0062;0061 3099 0D4D 094D 05B0 0062;0061 3099 0D4D 094D 05B0 0062;0061 3099 0D4D 094D 05B0 0062;0061 3099 0D4D 094D 05B0 0062; # (aâ—Œàµâ—ŒÖ°â—Œà¥â—Œã‚™b; a◌゙◌àµâ—Œà¥â—ŒÖ°b; a◌゙◌àµâ—Œà¥â—ŒÖ°b; a◌゙◌àµâ—Œà¥â—ŒÖ°b; a◌゙◌àµâ—Œà¥â—ŒÖ°b; ) LATIN SMALL LETTER A, MALAYALAM SIGN VIRAMA, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 05B0 094D 3099 0DCA 0062;0061 3099 094D 0DCA 05B0 0062;0061 3099 094D 0DCA 05B0 0062;0061 3099 094D 0DCA 05B0 0062;0061 3099 094D 0DCA 05B0 0062; # (a◌ְ◌à¥â—Œã‚™â—Œà·Šb; a◌゙◌à¥â—Œà·Šâ—ŒÖ°b; a◌゙◌à¥â—Œà·Šâ—ŒÖ°b; a◌゙◌à¥â—Œà·Šâ—ŒÖ°b; a◌゙◌à¥â—Œà·Šâ—ŒÖ°b; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, SINHALA SIGN AL-LAKUNA, LATIN SMALL LETTER B +0061 0DCA 05B0 094D 3099 0062;0061 3099 0DCA 094D 05B0 0062;0061 3099 0DCA 094D 05B0 0062;0061 3099 0DCA 094D 05B0 0062;0061 3099 0DCA 094D 05B0 0062; # (a◌්◌ְ◌à¥â—Œã‚™b; a◌゙◌්◌à¥â—ŒÖ°b; a◌゙◌්◌à¥â—ŒÖ°b; a◌゙◌්◌à¥â—ŒÖ°b; a◌゙◌්◌à¥â—ŒÖ°b; ) LATIN SMALL LETTER A, SINHALA SIGN AL-LAKUNA, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 0E48 0E38 0C56 0E38 0062;0061 0C56 0E38 0E38 0E48 0062;0061 0C56 0E38 0E38 0E48 0062;0061 0C56 0E38 0E38 0E48 0062;0061 0C56 0E38 0E38 0E48 0062; # (a◌่◌ุ◌ౖ◌ุb; a◌ౖ◌ุ◌ุ◌่b; a◌ౖ◌ุ◌ุ◌่b; a◌ౖ◌ุ◌ุ◌่b; a◌ౖ◌ุ◌ุ◌่b; ) LATIN SMALL LETTER A, THAI CHARACTER MAI EK, THAI CHARACTER SARA U, TELUGU AI LENGTH MARK, THAI CHARACTER SARA U, LATIN SMALL LETTER B +0061 0E38 0E48 0E38 0C56 0062;0061 0C56 0E38 0E38 0E48 0062;0061 0C56 0E38 0E38 0E48 0062;0061 0C56 0E38 0E38 0E48 0062;0061 0C56 0E38 0E38 0E48 0062; # (a◌ุ◌่◌ุ◌ౖb; a◌ౖ◌ุ◌ุ◌่b; a◌ౖ◌ุ◌ุ◌่b; a◌ౖ◌ุ◌ุ◌่b; a◌ౖ◌ุ◌ุ◌่b; ) LATIN SMALL LETTER A, THAI CHARACTER SARA U, THAI CHARACTER MAI EK, THAI CHARACTER SARA U, TELUGU AI LENGTH MARK, LATIN SMALL LETTER B +0061 0E48 0E38 0C56 0E39 0062;0061 0C56 0E38 0E39 0E48 0062;0061 0C56 0E38 0E39 0E48 0062;0061 0C56 0E38 0E39 0E48 0062;0061 0C56 0E38 0E39 0E48 0062; # (a◌่◌ุ◌ౖ◌ูb; a◌ౖ◌ุ◌ู◌่b; a◌ౖ◌ุ◌ู◌่b; a◌ౖ◌ุ◌ู◌่b; a◌ౖ◌ุ◌ู◌่b; ) LATIN SMALL LETTER A, THAI CHARACTER MAI EK, THAI CHARACTER SARA U, TELUGU AI LENGTH MARK, THAI CHARACTER SARA UU, LATIN SMALL LETTER B +0061 0E39 0E48 0E38 0C56 0062;0061 0C56 0E39 0E38 0E48 0062;0061 0C56 0E39 0E38 0E48 0062;0061 0C56 0E39 0E38 0E48 0062;0061 0C56 0E39 0E38 0E48 0062; # (a◌ู◌่◌ุ◌ౖb; a◌ౖ◌ู◌ุ◌่b; a◌ౖ◌ู◌ุ◌่b; a◌ౖ◌ู◌ุ◌่b; a◌ౖ◌ู◌ุ◌่b; ) LATIN SMALL LETTER A, THAI CHARACTER SARA UU, THAI CHARACTER MAI EK, THAI CHARACTER SARA U, TELUGU AI LENGTH MARK, LATIN SMALL LETTER B +0061 05B0 094D 3099 0E3A 0062;0061 3099 094D 0E3A 05B0 0062;0061 3099 094D 0E3A 05B0 0062;0061 3099 094D 0E3A 05B0 0062;0061 3099 094D 0E3A 05B0 0062; # (a◌ְ◌à¥â—Œã‚™â—Œà¸ºb; a◌゙◌à¥â—Œà¸ºâ—ŒÖ°b; a◌゙◌à¥â—Œà¸ºâ—ŒÖ°b; a◌゙◌à¥â—Œà¸ºâ—ŒÖ°b; a◌゙◌à¥â—Œà¸ºâ—ŒÖ°b; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, THAI CHARACTER PHINTHU, LATIN SMALL LETTER B +0061 0E3A 05B0 094D 3099 0062;0061 3099 0E3A 094D 05B0 0062;0061 3099 0E3A 094D 05B0 0062;0061 3099 0E3A 094D 05B0 0062;0061 3099 0E3A 094D 05B0 0062; # (a◌ฺ◌ְ◌à¥â—Œã‚™b; a◌゙◌ฺ◌à¥â—ŒÖ°b; a◌゙◌ฺ◌à¥â—ŒÖ°b; a◌゙◌ฺ◌à¥â—ŒÖ°b; a◌゙◌ฺ◌à¥â—ŒÖ°b; ) LATIN SMALL LETTER A, THAI CHARACTER PHINTHU, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 0EB8 0E48 0E38 0E48 0062;0061 0E38 0E48 0E48 0EB8 0062;0061 0E38 0E48 0E48 0EB8 0062;0061 0E38 0E48 0E48 0EB8 0062;0061 0E38 0E48 0E48 0EB8 0062; # (a◌ຸ◌่◌ุ◌่b; a◌ุ◌่◌่◌ຸb; a◌ุ◌่◌่◌ຸb; a◌ุ◌่◌่◌ຸb; a◌ุ◌่◌่◌ຸb; ) LATIN SMALL LETTER A, LAO VOWEL SIGN U, THAI CHARACTER MAI EK, THAI CHARACTER SARA U, THAI CHARACTER MAI EK, LATIN SMALL LETTER B +0061 0E48 0EB8 0E48 0E38 0062;0061 0E38 0E48 0E48 0EB8 0062;0061 0E38 0E48 0E48 0EB8 0062;0061 0E38 0E48 0E48 0EB8 0062;0061 0E38 0E48 0E48 0EB8 0062; # (a◌่◌ຸ◌่◌ุb; a◌ุ◌่◌่◌ຸb; a◌ุ◌่◌่◌ຸb; a◌ุ◌่◌่◌ຸb; a◌ุ◌่◌่◌ຸb; ) LATIN SMALL LETTER A, THAI CHARACTER MAI EK, LAO VOWEL SIGN U, THAI CHARACTER MAI EK, THAI CHARACTER SARA U, LATIN SMALL LETTER B +0061 0EB8 0E48 0E38 0E49 0062;0061 0E38 0E48 0E49 0EB8 0062;0061 0E38 0E48 0E49 0EB8 0062;0061 0E38 0E48 0E49 0EB8 0062;0061 0E38 0E48 0E49 0EB8 0062; # (a◌ຸ◌่◌ุ◌้b; a◌ุ◌่◌้◌ຸb; a◌ุ◌่◌้◌ຸb; a◌ุ◌่◌้◌ຸb; a◌ุ◌่◌้◌ຸb; ) LATIN SMALL LETTER A, LAO VOWEL SIGN U, THAI CHARACTER MAI EK, THAI CHARACTER SARA U, THAI CHARACTER MAI THO, LATIN SMALL LETTER B +0061 0E49 0EB8 0E48 0E38 0062;0061 0E38 0E49 0E48 0EB8 0062;0061 0E38 0E49 0E48 0EB8 0062;0061 0E38 0E49 0E48 0EB8 0062;0061 0E38 0E49 0E48 0EB8 0062; # (a◌้◌ຸ◌่◌ุb; a◌ุ◌้◌่◌ຸb; a◌ุ◌้◌่◌ຸb; a◌ุ◌้◌่◌ຸb; a◌ุ◌้◌่◌ຸb; ) LATIN SMALL LETTER A, THAI CHARACTER MAI THO, LAO VOWEL SIGN U, THAI CHARACTER MAI EK, THAI CHARACTER SARA U, LATIN SMALL LETTER B +0061 0EB8 0E48 0E38 0E4A 0062;0061 0E38 0E48 0E4A 0EB8 0062;0061 0E38 0E48 0E4A 0EB8 0062;0061 0E38 0E48 0E4A 0EB8 0062;0061 0E38 0E48 0E4A 0EB8 0062; # (a◌ຸ◌่◌ุ◌๊b; a◌ุ◌่◌๊◌ຸb; a◌ุ◌่◌๊◌ຸb; a◌ุ◌่◌๊◌ຸb; a◌ุ◌่◌๊◌ຸb; ) LATIN SMALL LETTER A, LAO VOWEL SIGN U, THAI CHARACTER MAI EK, THAI CHARACTER SARA U, THAI CHARACTER MAI TRI, LATIN SMALL LETTER B +0061 0E4A 0EB8 0E48 0E38 0062;0061 0E38 0E4A 0E48 0EB8 0062;0061 0E38 0E4A 0E48 0EB8 0062;0061 0E38 0E4A 0E48 0EB8 0062;0061 0E38 0E4A 0E48 0EB8 0062; # (a◌๊◌ຸ◌่◌ุb; a◌ุ◌๊◌่◌ຸb; a◌ุ◌๊◌่◌ຸb; a◌ุ◌๊◌่◌ຸb; a◌ุ◌๊◌่◌ຸb; ) LATIN SMALL LETTER A, THAI CHARACTER MAI TRI, LAO VOWEL SIGN U, THAI CHARACTER MAI EK, THAI CHARACTER SARA U, LATIN SMALL LETTER B +0061 0EB8 0E48 0E38 0E4B 0062;0061 0E38 0E48 0E4B 0EB8 0062;0061 0E38 0E48 0E4B 0EB8 0062;0061 0E38 0E48 0E4B 0EB8 0062;0061 0E38 0E48 0E4B 0EB8 0062; # (a◌ຸ◌่◌ุ◌๋b; a◌ุ◌่◌๋◌ຸb; a◌ุ◌่◌๋◌ຸb; a◌ุ◌่◌๋◌ຸb; a◌ุ◌่◌๋◌ຸb; ) LATIN SMALL LETTER A, LAO VOWEL SIGN U, THAI CHARACTER MAI EK, THAI CHARACTER SARA U, THAI CHARACTER MAI CHATTAWA, LATIN SMALL LETTER B +0061 0E4B 0EB8 0E48 0E38 0062;0061 0E38 0E4B 0E48 0EB8 0062;0061 0E38 0E4B 0E48 0EB8 0062;0061 0E38 0E4B 0E48 0EB8 0062;0061 0E38 0E4B 0E48 0EB8 0062; # (a◌๋◌ຸ◌่◌ุb; a◌ุ◌๋◌่◌ຸb; a◌ุ◌๋◌่◌ຸb; a◌ุ◌๋◌่◌ຸb; a◌ุ◌๋◌่◌ຸb; ) LATIN SMALL LETTER A, THAI CHARACTER MAI CHATTAWA, LAO VOWEL SIGN U, THAI CHARACTER MAI EK, THAI CHARACTER SARA U, LATIN SMALL LETTER B +0061 0EC8 0EB8 0E48 0EB8 0062;0061 0E48 0EB8 0EB8 0EC8 0062;0061 0E48 0EB8 0EB8 0EC8 0062;0061 0E48 0EB8 0EB8 0EC8 0062;0061 0E48 0EB8 0EB8 0EC8 0062; # (a◌່◌ຸ◌่◌ຸb; a◌่◌ຸ◌ຸ◌່b; a◌่◌ຸ◌ຸ◌່b; a◌่◌ຸ◌ຸ◌່b; a◌่◌ຸ◌ຸ◌່b; ) LATIN SMALL LETTER A, LAO TONE MAI EK, LAO VOWEL SIGN U, THAI CHARACTER MAI EK, LAO VOWEL SIGN U, LATIN SMALL LETTER B +0061 0EB8 0EC8 0EB8 0E48 0062;0061 0E48 0EB8 0EB8 0EC8 0062;0061 0E48 0EB8 0EB8 0EC8 0062;0061 0E48 0EB8 0EB8 0EC8 0062;0061 0E48 0EB8 0EB8 0EC8 0062; # (a◌ຸ◌່◌ຸ◌่b; a◌่◌ຸ◌ຸ◌່b; a◌่◌ຸ◌ຸ◌່b; a◌่◌ຸ◌ຸ◌່b; a◌่◌ຸ◌ຸ◌່b; ) LATIN SMALL LETTER A, LAO VOWEL SIGN U, LAO TONE MAI EK, LAO VOWEL SIGN U, THAI CHARACTER MAI EK, LATIN SMALL LETTER B +0061 0EC8 0EB8 0E48 0EB9 0062;0061 0E48 0EB8 0EB9 0EC8 0062;0061 0E48 0EB8 0EB9 0EC8 0062;0061 0E48 0EB8 0EB9 0EC8 0062;0061 0E48 0EB8 0EB9 0EC8 0062; # (a◌່◌ຸ◌่◌ູb; a◌่◌ຸ◌ູ◌່b; a◌่◌ຸ◌ູ◌່b; a◌่◌ຸ◌ູ◌່b; a◌่◌ຸ◌ູ◌່b; ) LATIN SMALL LETTER A, LAO TONE MAI EK, LAO VOWEL SIGN U, THAI CHARACTER MAI EK, LAO VOWEL SIGN UU, LATIN SMALL LETTER B +0061 0EB9 0EC8 0EB8 0E48 0062;0061 0E48 0EB9 0EB8 0EC8 0062;0061 0E48 0EB9 0EB8 0EC8 0062;0061 0E48 0EB9 0EB8 0EC8 0062;0061 0E48 0EB9 0EB8 0EC8 0062; # (a◌ູ◌່◌ຸ◌่b; a◌่◌ູ◌ຸ◌່b; a◌่◌ູ◌ຸ◌່b; a◌่◌ູ◌ຸ◌່b; a◌่◌ູ◌ຸ◌່b; ) LATIN SMALL LETTER A, LAO VOWEL SIGN UU, LAO TONE MAI EK, LAO VOWEL SIGN U, THAI CHARACTER MAI EK, LATIN SMALL LETTER B +0061 0F71 0EC8 0EB8 0EC8 0062;0061 0EB8 0EC8 0EC8 0F71 0062;0061 0EB8 0EC8 0EC8 0F71 0062;0061 0EB8 0EC8 0EC8 0F71 0062;0061 0EB8 0EC8 0EC8 0F71 0062; # (a◌ཱ◌່◌ຸ◌່b; a◌ຸ◌່◌່◌ཱb; a◌ຸ◌່◌່◌ཱb; a◌ຸ◌່◌່◌ཱb; a◌ຸ◌່◌່◌ཱb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN AA, LAO TONE MAI EK, LAO VOWEL SIGN U, LAO TONE MAI EK, LATIN SMALL LETTER B +0061 0EC8 0F71 0EC8 0EB8 0062;0061 0EB8 0EC8 0EC8 0F71 0062;0061 0EB8 0EC8 0EC8 0F71 0062;0061 0EB8 0EC8 0EC8 0F71 0062;0061 0EB8 0EC8 0EC8 0F71 0062; # (a◌່◌ཱ◌່◌ຸb; a◌ຸ◌່◌່◌ཱb; a◌ຸ◌່◌່◌ཱb; a◌ຸ◌່◌່◌ཱb; a◌ຸ◌່◌່◌ཱb; ) LATIN SMALL LETTER A, LAO TONE MAI EK, TIBETAN VOWEL SIGN AA, LAO TONE MAI EK, LAO VOWEL SIGN U, LATIN SMALL LETTER B +0061 0F71 0EC8 0EB8 0EC9 0062;0061 0EB8 0EC8 0EC9 0F71 0062;0061 0EB8 0EC8 0EC9 0F71 0062;0061 0EB8 0EC8 0EC9 0F71 0062;0061 0EB8 0EC8 0EC9 0F71 0062; # (a◌ཱ◌່◌ຸ◌້b; a◌ຸ◌່◌້◌ཱb; a◌ຸ◌່◌້◌ཱb; a◌ຸ◌່◌້◌ཱb; a◌ຸ◌່◌້◌ཱb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN AA, LAO TONE MAI EK, LAO VOWEL SIGN U, LAO TONE MAI THO, LATIN SMALL LETTER B +0061 0EC9 0F71 0EC8 0EB8 0062;0061 0EB8 0EC9 0EC8 0F71 0062;0061 0EB8 0EC9 0EC8 0F71 0062;0061 0EB8 0EC9 0EC8 0F71 0062;0061 0EB8 0EC9 0EC8 0F71 0062; # (a◌້◌ཱ◌່◌ຸb; a◌ຸ◌້◌່◌ཱb; a◌ຸ◌້◌່◌ཱb; a◌ຸ◌້◌່◌ཱb; a◌ຸ◌້◌່◌ཱb; ) LATIN SMALL LETTER A, LAO TONE MAI THO, TIBETAN VOWEL SIGN AA, LAO TONE MAI EK, LAO VOWEL SIGN U, LATIN SMALL LETTER B +0061 0F71 0EC8 0EB8 0ECA 0062;0061 0EB8 0EC8 0ECA 0F71 0062;0061 0EB8 0EC8 0ECA 0F71 0062;0061 0EB8 0EC8 0ECA 0F71 0062;0061 0EB8 0EC8 0ECA 0F71 0062; # (a◌ཱ◌່◌ຸ◌໊b; a◌ຸ◌່◌໊◌ཱb; a◌ຸ◌່◌໊◌ཱb; a◌ຸ◌່◌໊◌ཱb; a◌ຸ◌່◌໊◌ཱb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN AA, LAO TONE MAI EK, LAO VOWEL SIGN U, LAO TONE MAI TI, LATIN SMALL LETTER B +0061 0ECA 0F71 0EC8 0EB8 0062;0061 0EB8 0ECA 0EC8 0F71 0062;0061 0EB8 0ECA 0EC8 0F71 0062;0061 0EB8 0ECA 0EC8 0F71 0062;0061 0EB8 0ECA 0EC8 0F71 0062; # (a◌໊◌ཱ◌່◌ຸb; a◌ຸ◌໊◌່◌ཱb; a◌ຸ◌໊◌່◌ཱb; a◌ຸ◌໊◌່◌ཱb; a◌ຸ◌໊◌່◌ཱb; ) LATIN SMALL LETTER A, LAO TONE MAI TI, TIBETAN VOWEL SIGN AA, LAO TONE MAI EK, LAO VOWEL SIGN U, LATIN SMALL LETTER B +0061 0F71 0EC8 0EB8 0ECB 0062;0061 0EB8 0EC8 0ECB 0F71 0062;0061 0EB8 0EC8 0ECB 0F71 0062;0061 0EB8 0EC8 0ECB 0F71 0062;0061 0EB8 0EC8 0ECB 0F71 0062; # (a◌ཱ◌່◌ຸ◌໋b; a◌ຸ◌່◌໋◌ཱb; a◌ຸ◌່◌໋◌ཱb; a◌ຸ◌່◌໋◌ཱb; a◌ຸ◌່◌໋◌ཱb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN AA, LAO TONE MAI EK, LAO VOWEL SIGN U, LAO TONE MAI CATAWA, LATIN SMALL LETTER B +0061 0ECB 0F71 0EC8 0EB8 0062;0061 0EB8 0ECB 0EC8 0F71 0062;0061 0EB8 0ECB 0EC8 0F71 0062;0061 0EB8 0ECB 0EC8 0F71 0062;0061 0EB8 0ECB 0EC8 0F71 0062; # (a◌໋◌ཱ◌່◌ຸb; a◌ຸ◌໋◌່◌ཱb; a◌ຸ◌໋◌່◌ཱb; a◌ຸ◌໋◌່◌ཱb; a◌ຸ◌໋◌່◌ཱb; ) LATIN SMALL LETTER A, LAO TONE MAI CATAWA, TIBETAN VOWEL SIGN AA, LAO TONE MAI EK, LAO VOWEL SIGN U, LATIN SMALL LETTER B +0061 059A 0316 302A 0F18 0062;0061 302A 0316 0F18 059A 0062;0061 302A 0316 0F18 059A 0062;0061 302A 0316 0F18 059A 0062;0061 302A 0316 0F18 059A 0062; # (a◌֚◌̖◌〪◌༘b; a◌〪◌̖◌༘◌֚b; a◌〪◌̖◌༘◌֚b; a◌〪◌̖◌༘◌֚b; a◌〪◌̖◌༘◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, TIBETAN ASTROLOGICAL SIGN -KHYUD PA, LATIN SMALL LETTER B +0061 0F18 059A 0316 302A 0062;0061 302A 0F18 0316 059A 0062;0061 302A 0F18 0316 059A 0062;0061 302A 0F18 0316 059A 0062;0061 302A 0F18 0316 059A 0062; # (a◌༘◌֚◌̖◌〪b; a◌〪◌༘◌̖◌֚b; a◌〪◌༘◌̖◌֚b; a◌〪◌༘◌̖◌֚b; a◌〪◌༘◌̖◌֚b; ) LATIN SMALL LETTER A, TIBETAN ASTROLOGICAL SIGN -KHYUD PA, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0F19 0062;0061 302A 0316 0F19 059A 0062;0061 302A 0316 0F19 059A 0062;0061 302A 0316 0F19 059A 0062;0061 302A 0316 0F19 059A 0062; # (a◌֚◌̖◌〪◌༙b; a◌〪◌̖◌༙◌֚b; a◌〪◌̖◌༙◌֚b; a◌〪◌̖◌༙◌֚b; a◌〪◌̖◌༙◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, TIBETAN ASTROLOGICAL SIGN SDONG TSHUGS, LATIN SMALL LETTER B +0061 0F19 059A 0316 302A 0062;0061 302A 0F19 0316 059A 0062;0061 302A 0F19 0316 059A 0062;0061 302A 0F19 0316 059A 0062;0061 302A 0F19 0316 059A 0062; # (a◌༙◌֚◌̖◌〪b; a◌〪◌༙◌̖◌֚b; a◌〪◌༙◌̖◌֚b; a◌〪◌༙◌̖◌֚b; a◌〪◌༙◌̖◌֚b; ) LATIN SMALL LETTER A, TIBETAN ASTROLOGICAL SIGN SDONG TSHUGS, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0F35 0062;0061 302A 0316 0F35 059A 0062;0061 302A 0316 0F35 059A 0062;0061 302A 0316 0F35 059A 0062;0061 302A 0316 0F35 059A 0062; # (a◌֚◌̖◌〪◌༵b; a◌〪◌̖◌༵◌֚b; a◌〪◌̖◌༵◌֚b; a◌〪◌̖◌༵◌֚b; a◌〪◌̖◌༵◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, TIBETAN MARK NGAS BZUNG NYI ZLA, LATIN SMALL LETTER B +0061 0F35 059A 0316 302A 0062;0061 302A 0F35 0316 059A 0062;0061 302A 0F35 0316 059A 0062;0061 302A 0F35 0316 059A 0062;0061 302A 0F35 0316 059A 0062; # (a◌༵◌֚◌̖◌〪b; a◌〪◌༵◌̖◌֚b; a◌〪◌༵◌̖◌֚b; a◌〪◌༵◌̖◌֚b; a◌〪◌༵◌̖◌֚b; ) LATIN SMALL LETTER A, TIBETAN MARK NGAS BZUNG NYI ZLA, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 0F37 0062;0061 302A 0316 0F37 059A 0062;0061 302A 0316 0F37 059A 0062;0061 302A 0316 0F37 059A 0062;0061 302A 0316 0F37 059A 0062; # (a◌֚◌̖◌〪◌༷b; a◌〪◌̖◌༷◌֚b; a◌〪◌̖◌༷◌֚b; a◌〪◌̖◌༷◌֚b; a◌〪◌̖◌༷◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, TIBETAN MARK NGAS BZUNG SGOR RTAGS, LATIN SMALL LETTER B +0061 0F37 059A 0316 302A 0062;0061 302A 0F37 0316 059A 0062;0061 302A 0F37 0316 059A 0062;0061 302A 0F37 0316 059A 0062;0061 302A 0F37 0316 059A 0062; # (a◌༷◌֚◌̖◌〪b; a◌〪◌༷◌̖◌֚b; a◌〪◌༷◌̖◌֚b; a◌〪◌༷◌̖◌֚b; a◌〪◌༷◌̖◌֚b; ) LATIN SMALL LETTER A, TIBETAN MARK NGAS BZUNG SGOR RTAGS, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 302A 031B 0321 0F39 0062;0061 0321 031B 0F39 302A 0062;0061 0321 031B 0F39 302A 0062;0061 0321 031B 0F39 302A 0062;0061 0321 031B 0F39 302A 0062; # (a◌〪◌̛◌̡◌༹b; a◌̡◌̛◌༹◌〪b; a◌̡◌̛◌༹◌〪b; a◌̡◌̛◌༹◌〪b; a◌̡◌̛◌༹◌〪b; ) LATIN SMALL LETTER A, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, TIBETAN MARK TSA -PHRU, LATIN SMALL LETTER B +0061 0F39 302A 031B 0321 0062;0061 0321 0F39 031B 302A 0062;0061 0321 0F39 031B 302A 0062;0061 0321 0F39 031B 302A 0062;0061 0321 0F39 031B 302A 0062; # (a◌༹◌〪◌̛◌̡b; a◌̡◌༹◌̛◌〪b; a◌̡◌༹◌̛◌〪b; a◌̡◌༹◌̛◌〪b; a◌̡◌༹◌̛◌〪b; ) LATIN SMALL LETTER A, TIBETAN MARK TSA -PHRU, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, LATIN SMALL LETTER B +0061 0F72 0F71 0EC8 0F71 0062;0061 0EC8 0F71 0F71 0F72 0062;0061 0EC8 0F71 0F71 0F72 0062;0061 0EC8 0F71 0F71 0F72 0062;0061 0EC8 0F71 0F71 0F72 0062; # (a◌ི◌ཱ◌່◌ཱb; a◌່◌ཱ◌ཱ◌ིb; a◌່◌ཱ◌ཱ◌ིb; a◌່◌ཱ◌ཱ◌ིb; a◌່◌ཱ◌ཱ◌ིb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN I, TIBETAN VOWEL SIGN AA, LAO TONE MAI EK, TIBETAN VOWEL SIGN AA, LATIN SMALL LETTER B +0061 0F71 0F72 0F71 0EC8 0062;0061 0EC8 0F71 0F71 0F72 0062;0061 0EC8 0F71 0F71 0F72 0062;0061 0EC8 0F71 0F71 0F72 0062;0061 0EC8 0F71 0F71 0F72 0062; # (a◌ཱ◌ི◌ཱ◌່b; a◌່◌ཱ◌ཱ◌ིb; a◌່◌ཱ◌ཱ◌ིb; a◌່◌ཱ◌ཱ◌ིb; a◌່◌ཱ◌ཱ◌ིb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN AA, TIBETAN VOWEL SIGN I, TIBETAN VOWEL SIGN AA, LAO TONE MAI EK, LATIN SMALL LETTER B +0061 0F74 0F72 0F71 0F72 0062;0061 0F71 0F72 0F72 0F74 0062;0061 0F71 0F72 0F72 0F74 0062;0061 0F71 0F72 0F72 0F74 0062;0061 0F71 0F72 0F72 0F74 0062; # (a◌ུ◌ི◌ཱ◌ིb; a◌ཱ◌ི◌ི◌ུb; a◌ཱ◌ི◌ི◌ུb; a◌ཱ◌ི◌ི◌ུb; a◌ཱ◌ི◌ི◌ུb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN U, TIBETAN VOWEL SIGN I, TIBETAN VOWEL SIGN AA, TIBETAN VOWEL SIGN I, LATIN SMALL LETTER B +0061 0F72 0F74 0F72 0F71 0062;0061 0F71 0F72 0F72 0F74 0062;0061 0F71 0F72 0F72 0F74 0062;0061 0F71 0F72 0F72 0F74 0062;0061 0F71 0F72 0F72 0F74 0062; # (a◌ི◌ུ◌ི◌ཱb; a◌ཱ◌ི◌ི◌ུb; a◌ཱ◌ི◌ི◌ུb; a◌ཱ◌ི◌ི◌ུb; a◌ཱ◌ི◌ི◌ུb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN I, TIBETAN VOWEL SIGN U, TIBETAN VOWEL SIGN I, TIBETAN VOWEL SIGN AA, LATIN SMALL LETTER B +0061 0321 0F74 0F72 0F74 0062;0061 0F72 0F74 0F74 0321 0062;0061 0F72 0F74 0F74 0321 0062;0061 0F72 0F74 0F74 0321 0062;0061 0F72 0F74 0F74 0321 0062; # (a◌̡◌ུ◌ི◌ུb; a◌ི◌ུ◌ུ◌̡b; a◌ི◌ུ◌ུ◌̡b; a◌ི◌ུ◌ུ◌̡b; a◌ི◌ུ◌ུ◌̡b; ) LATIN SMALL LETTER A, COMBINING PALATALIZED HOOK BELOW, TIBETAN VOWEL SIGN U, TIBETAN VOWEL SIGN I, TIBETAN VOWEL SIGN U, LATIN SMALL LETTER B +0061 0F74 0321 0F74 0F72 0062;0061 0F72 0F74 0F74 0321 0062;0061 0F72 0F74 0F74 0321 0062;0061 0F72 0F74 0F74 0321 0062;0061 0F72 0F74 0F74 0321 0062; # (a◌ུ◌̡◌ུ◌ིb; a◌ི◌ུ◌ུ◌̡b; a◌ི◌ུ◌ུ◌̡b; a◌ི◌ུ◌ུ◌̡b; a◌ི◌ུ◌ུ◌̡b; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN U, COMBINING PALATALIZED HOOK BELOW, TIBETAN VOWEL SIGN U, TIBETAN VOWEL SIGN I, LATIN SMALL LETTER B +0061 0F74 0F72 0F71 0F7A 0062;0061 0F71 0F72 0F7A 0F74 0062;0061 0F71 0F72 0F7A 0F74 0062;0061 0F71 0F72 0F7A 0F74 0062;0061 0F71 0F72 0F7A 0F74 0062; # (a◌ུ◌ི◌ཱ◌ེb; a◌ཱ◌ི◌ེ◌ུb; a◌ཱ◌ི◌ེ◌ུb; a◌ཱ◌ི◌ེ◌ུb; a◌ཱ◌ི◌ེ◌ུb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN U, TIBETAN VOWEL SIGN I, TIBETAN VOWEL SIGN AA, TIBETAN VOWEL SIGN E, LATIN SMALL LETTER B +0061 0F7A 0F74 0F72 0F71 0062;0061 0F71 0F7A 0F72 0F74 0062;0061 0F71 0F7A 0F72 0F74 0062;0061 0F71 0F7A 0F72 0F74 0062;0061 0F71 0F7A 0F72 0F74 0062; # (a◌ེ◌ུ◌ི◌ཱb; a◌ཱ◌ེ◌ི◌ུb; a◌ཱ◌ེ◌ི◌ུb; a◌ཱ◌ེ◌ི◌ུb; a◌ཱ◌ེ◌ི◌ུb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN E, TIBETAN VOWEL SIGN U, TIBETAN VOWEL SIGN I, TIBETAN VOWEL SIGN AA, LATIN SMALL LETTER B +0061 0F74 0F72 0F71 0F7B 0062;0061 0F71 0F72 0F7B 0F74 0062;0061 0F71 0F72 0F7B 0F74 0062;0061 0F71 0F72 0F7B 0F74 0062;0061 0F71 0F72 0F7B 0F74 0062; # (a◌ུ◌ི◌ཱ◌ཻb; a◌ཱ◌ི◌ཻ◌ུb; a◌ཱ◌ི◌ཻ◌ུb; a◌ཱ◌ི◌ཻ◌ུb; a◌ཱ◌ི◌ཻ◌ུb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN U, TIBETAN VOWEL SIGN I, TIBETAN VOWEL SIGN AA, TIBETAN VOWEL SIGN EE, LATIN SMALL LETTER B +0061 0F7B 0F74 0F72 0F71 0062;0061 0F71 0F7B 0F72 0F74 0062;0061 0F71 0F7B 0F72 0F74 0062;0061 0F71 0F7B 0F72 0F74 0062;0061 0F71 0F7B 0F72 0F74 0062; # (a◌ཻ◌ུ◌ི◌ཱb; a◌ཱ◌ཻ◌ི◌ུb; a◌ཱ◌ཻ◌ི◌ུb; a◌ཱ◌ཻ◌ི◌ུb; a◌ཱ◌ཻ◌ི◌ུb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN EE, TIBETAN VOWEL SIGN U, TIBETAN VOWEL SIGN I, TIBETAN VOWEL SIGN AA, LATIN SMALL LETTER B +0061 0F74 0F72 0F71 0F7C 0062;0061 0F71 0F72 0F7C 0F74 0062;0061 0F71 0F72 0F7C 0F74 0062;0061 0F71 0F72 0F7C 0F74 0062;0061 0F71 0F72 0F7C 0F74 0062; # (a◌ུ◌ི◌ཱ◌ོb; a◌ཱ◌ི◌ོ◌ུb; a◌ཱ◌ི◌ོ◌ུb; a◌ཱ◌ི◌ོ◌ུb; a◌ཱ◌ི◌ོ◌ུb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN U, TIBETAN VOWEL SIGN I, TIBETAN VOWEL SIGN AA, TIBETAN VOWEL SIGN O, LATIN SMALL LETTER B +0061 0F7C 0F74 0F72 0F71 0062;0061 0F71 0F7C 0F72 0F74 0062;0061 0F71 0F7C 0F72 0F74 0062;0061 0F71 0F7C 0F72 0F74 0062;0061 0F71 0F7C 0F72 0F74 0062; # (a◌ོ◌ུ◌ི◌ཱb; a◌ཱ◌ོ◌ི◌ུb; a◌ཱ◌ོ◌ི◌ུb; a◌ཱ◌ོ◌ི◌ུb; a◌ཱ◌ོ◌ི◌ུb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN O, TIBETAN VOWEL SIGN U, TIBETAN VOWEL SIGN I, TIBETAN VOWEL SIGN AA, LATIN SMALL LETTER B +0061 0F74 0F72 0F71 0F7D 0062;0061 0F71 0F72 0F7D 0F74 0062;0061 0F71 0F72 0F7D 0F74 0062;0061 0F71 0F72 0F7D 0F74 0062;0061 0F71 0F72 0F7D 0F74 0062; # (a◌ུ◌ི◌ཱ◌ཽb; a◌ཱ◌ི◌ཽ◌ུb; a◌ཱ◌ི◌ཽ◌ུb; a◌ཱ◌ི◌ཽ◌ུb; a◌ཱ◌ི◌ཽ◌ུb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN U, TIBETAN VOWEL SIGN I, TIBETAN VOWEL SIGN AA, TIBETAN VOWEL SIGN OO, LATIN SMALL LETTER B +0061 0F7D 0F74 0F72 0F71 0062;0061 0F71 0F7D 0F72 0F74 0062;0061 0F71 0F7D 0F72 0F74 0062;0061 0F71 0F7D 0F72 0F74 0062;0061 0F71 0F7D 0F72 0F74 0062; # (a◌ཽ◌ུ◌ི◌ཱb; a◌ཱ◌ཽ◌ི◌ུb; a◌ཱ◌ཽ◌ི◌ུb; a◌ཱ◌ཽ◌ི◌ུb; a◌ཱ◌ཽ◌ི◌ུb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN OO, TIBETAN VOWEL SIGN U, TIBETAN VOWEL SIGN I, TIBETAN VOWEL SIGN AA, LATIN SMALL LETTER B +0061 0F74 0F72 0F71 0F80 0062;0061 0F71 0F72 0F80 0F74 0062;0061 0F71 0F72 0F80 0F74 0062;0061 0F71 0F72 0F80 0F74 0062;0061 0F71 0F72 0F80 0F74 0062; # (a◌ུ◌ི◌ཱ◌ྀb; a◌ཱ◌ི◌ྀ◌ུb; a◌ཱ◌ི◌ྀ◌ུb; a◌ཱ◌ི◌ྀ◌ུb; a◌ཱ◌ི◌ྀ◌ུb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN U, TIBETAN VOWEL SIGN I, TIBETAN VOWEL SIGN AA, TIBETAN VOWEL SIGN REVERSED I, LATIN SMALL LETTER B +0061 0F80 0F74 0F72 0F71 0062;0061 0F71 0F80 0F72 0F74 0062;0061 0F71 0F80 0F72 0F74 0062;0061 0F71 0F80 0F72 0F74 0062;0061 0F71 0F80 0F72 0F74 0062; # (a◌ྀ◌ུ◌ི◌ཱb; a◌ཱ◌ྀ◌ི◌ུb; a◌ཱ◌ྀ◌ི◌ུb; a◌ཱ◌ྀ◌ི◌ུb; a◌ཱ◌ྀ◌ི◌ུb; ) LATIN SMALL LETTER A, TIBETAN VOWEL SIGN REVERSED I, TIBETAN VOWEL SIGN U, TIBETAN VOWEL SIGN I, TIBETAN VOWEL SIGN AA, LATIN SMALL LETTER B +0061 0315 0300 05AE 0F82 0062;00E0 05AE 0F82 0315 0062;0061 05AE 0300 0F82 0315 0062;00E0 05AE 0F82 0315 0062;0061 05AE 0300 0F82 0315 0062; # (a◌̕◌̀◌֮◌ྂb; à◌֮◌ྂ◌̕b; a◌֮◌̀◌ྂ◌̕b; à◌֮◌ྂ◌̕b; a◌֮◌̀◌ྂ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, TIBETAN SIGN NYI ZLA NAA DA, LATIN SMALL LETTER B +0061 0F82 0315 0300 05AE 0062;0061 05AE 0F82 0300 0315 0062;0061 05AE 0F82 0300 0315 0062;0061 05AE 0F82 0300 0315 0062;0061 05AE 0F82 0300 0315 0062; # (a◌ྂ◌̕◌̀◌֮b; a◌֮◌ྂ◌̀◌̕b; a◌֮◌ྂ◌̀◌̕b; a◌֮◌ྂ◌̀◌̕b; a◌֮◌ྂ◌̀◌̕b; ) LATIN SMALL LETTER A, TIBETAN SIGN NYI ZLA NAA DA, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0F83 0062;00E0 05AE 0F83 0315 0062;0061 05AE 0300 0F83 0315 0062;00E0 05AE 0F83 0315 0062;0061 05AE 0300 0F83 0315 0062; # (a◌̕◌̀◌֮◌ྃb; à◌֮◌ྃ◌̕b; a◌֮◌̀◌ྃ◌̕b; à◌֮◌ྃ◌̕b; a◌֮◌̀◌ྃ◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, TIBETAN SIGN SNA LDAN, LATIN SMALL LETTER B +0061 0F83 0315 0300 05AE 0062;0061 05AE 0F83 0300 0315 0062;0061 05AE 0F83 0300 0315 0062;0061 05AE 0F83 0300 0315 0062;0061 05AE 0F83 0300 0315 0062; # (a◌ྃ◌̕◌̀◌֮b; a◌֮◌ྃ◌̀◌̕b; a◌֮◌ྃ◌̀◌̕b; a◌֮◌ྃ◌̀◌̕b; a◌֮◌ྃ◌̀◌̕b; ) LATIN SMALL LETTER A, TIBETAN SIGN SNA LDAN, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 05B0 094D 3099 0F84 0062;0061 3099 094D 0F84 05B0 0062;0061 3099 094D 0F84 05B0 0062;0061 3099 094D 0F84 05B0 0062;0061 3099 094D 0F84 05B0 0062; # (a◌ְ◌à¥â—Œã‚™â—Œà¾„b; a◌゙◌à¥â—Œà¾„◌ְb; a◌゙◌à¥â—Œà¾„◌ְb; a◌゙◌à¥â—Œà¾„◌ְb; a◌゙◌à¥â—Œà¾„◌ְb; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, TIBETAN MARK HALANTA, LATIN SMALL LETTER B +0061 0F84 05B0 094D 3099 0062;0061 3099 0F84 094D 05B0 0062;0061 3099 0F84 094D 05B0 0062;0061 3099 0F84 094D 05B0 0062;0061 3099 0F84 094D 05B0 0062; # (a◌྄◌ְ◌à¥â—Œã‚™b; a◌゙◌྄◌à¥â—ŒÖ°b; a◌゙◌྄◌à¥â—ŒÖ°b; a◌゙◌྄◌à¥â—ŒÖ°b; a◌゙◌྄◌à¥â—ŒÖ°b; ) LATIN SMALL LETTER A, TIBETAN MARK HALANTA, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 0F86 0062;00E0 05AE 0F86 0315 0062;0061 05AE 0300 0F86 0315 0062;00E0 05AE 0F86 0315 0062;0061 05AE 0300 0F86 0315 0062; # (a◌̕◌̀◌֮◌྆b; à◌֮◌྆◌̕b; a◌֮◌̀◌྆◌̕b; à◌֮◌྆◌̕b; a◌֮◌̀◌྆◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, TIBETAN SIGN LCI RTAGS, LATIN SMALL LETTER B +0061 0F86 0315 0300 05AE 0062;0061 05AE 0F86 0300 0315 0062;0061 05AE 0F86 0300 0315 0062;0061 05AE 0F86 0300 0315 0062;0061 05AE 0F86 0300 0315 0062; # (a◌྆◌̕◌̀◌֮b; a◌֮◌྆◌̀◌̕b; a◌֮◌྆◌̀◌̕b; a◌֮◌྆◌̀◌̕b; a◌֮◌྆◌̀◌̕b; ) LATIN SMALL LETTER A, TIBETAN SIGN LCI RTAGS, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 0F87 0062;00E0 05AE 0F87 0315 0062;0061 05AE 0300 0F87 0315 0062;00E0 05AE 0F87 0315 0062;0061 05AE 0300 0F87 0315 0062; # (a◌̕◌̀◌֮◌྇b; à◌֮◌྇◌̕b; a◌֮◌̀◌྇◌̕b; à◌֮◌྇◌̕b; a◌֮◌̀◌྇◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, TIBETAN SIGN YANG RTAGS, LATIN SMALL LETTER B +0061 0F87 0315 0300 05AE 0062;0061 05AE 0F87 0300 0315 0062;0061 05AE 0F87 0300 0315 0062;0061 05AE 0F87 0300 0315 0062;0061 05AE 0F87 0300 0315 0062; # (a◌྇◌̕◌̀◌֮b; a◌֮◌྇◌̀◌̕b; a◌֮◌྇◌̀◌̕b; a◌֮◌྇◌̀◌̕b; a◌֮◌྇◌̀◌̕b; ) LATIN SMALL LETTER A, TIBETAN SIGN YANG RTAGS, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 0FC6 0062;0061 302A 0316 0FC6 059A 0062;0061 302A 0316 0FC6 059A 0062;0061 302A 0316 0FC6 059A 0062;0061 302A 0316 0FC6 059A 0062; # (a◌֚◌̖◌〪◌࿆b; a◌〪◌̖◌࿆◌֚b; a◌〪◌̖◌࿆◌֚b; a◌〪◌̖◌࿆◌֚b; a◌〪◌̖◌࿆◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, TIBETAN SYMBOL PADMA GDAN, LATIN SMALL LETTER B +0061 0FC6 059A 0316 302A 0062;0061 302A 0FC6 0316 059A 0062;0061 302A 0FC6 0316 059A 0062;0061 302A 0FC6 0316 059A 0062;0061 302A 0FC6 0316 059A 0062; # (a◌࿆◌֚◌̖◌〪b; a◌〪◌࿆◌̖◌֚b; a◌〪◌࿆◌̖◌֚b; a◌〪◌࿆◌̖◌֚b; a◌〪◌࿆◌̖◌֚b; ) LATIN SMALL LETTER A, TIBETAN SYMBOL PADMA GDAN, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 3099 093C 0334 1037 0062;0061 0334 093C 1037 3099 0062;0061 0334 093C 1037 3099 0062;0061 0334 093C 1037 3099 0062;0061 0334 093C 1037 3099 0062; # (a◌゙◌़◌̴◌့b; a◌̴◌़◌့◌゙b; a◌̴◌़◌့◌゙b; a◌̴◌़◌့◌゙b; a◌̴◌़◌့◌゙b; ) LATIN SMALL LETTER A, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, MYANMAR SIGN DOT BELOW, LATIN SMALL LETTER B +0061 1037 3099 093C 0334 0062;0061 0334 1037 093C 3099 0062;0061 0334 1037 093C 3099 0062;0061 0334 1037 093C 3099 0062;0061 0334 1037 093C 3099 0062; # (a◌့◌゙◌़◌̴b; a◌̴◌့◌़◌゙b; a◌̴◌့◌़◌゙b; a◌̴◌့◌़◌゙b; a◌̴◌့◌़◌゙b; ) LATIN SMALL LETTER A, MYANMAR SIGN DOT BELOW, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 05B0 094D 3099 1039 0062;0061 3099 094D 1039 05B0 0062;0061 3099 094D 1039 05B0 0062;0061 3099 094D 1039 05B0 0062;0061 3099 094D 1039 05B0 0062; # (a◌ְ◌à¥â—Œã‚™â—Œá€¹b; a◌゙◌à¥â—Œá€¹â—ŒÖ°b; a◌゙◌à¥â—Œá€¹â—ŒÖ°b; a◌゙◌à¥â—Œá€¹â—ŒÖ°b; a◌゙◌à¥â—Œá€¹â—ŒÖ°b; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, MYANMAR SIGN VIRAMA, LATIN SMALL LETTER B +0061 1039 05B0 094D 3099 0062;0061 3099 1039 094D 05B0 0062;0061 3099 1039 094D 05B0 0062;0061 3099 1039 094D 05B0 0062;0061 3099 1039 094D 05B0 0062; # (a◌္◌ְ◌à¥â—Œã‚™b; a◌゙◌္◌à¥â—ŒÖ°b; a◌゙◌္◌à¥â—ŒÖ°b; a◌゙◌္◌à¥â—ŒÖ°b; a◌゙◌္◌à¥â—ŒÖ°b; ) LATIN SMALL LETTER A, MYANMAR SIGN VIRAMA, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 05B0 094D 3099 1714 0062;0061 3099 094D 1714 05B0 0062;0061 3099 094D 1714 05B0 0062;0061 3099 094D 1714 05B0 0062;0061 3099 094D 1714 05B0 0062; # (a◌ְ◌à¥â—Œã‚™â—Œáœ”b; a◌゙◌à¥â—Œáœ”◌ְb; a◌゙◌à¥â—Œáœ”◌ְb; a◌゙◌à¥â—Œáœ”◌ְb; a◌゙◌à¥â—Œáœ”◌ְb; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, TAGALOG SIGN VIRAMA, LATIN SMALL LETTER B +0061 1714 05B0 094D 3099 0062;0061 3099 1714 094D 05B0 0062;0061 3099 1714 094D 05B0 0062;0061 3099 1714 094D 05B0 0062;0061 3099 1714 094D 05B0 0062; # (a◌᜔◌ְ◌à¥â—Œã‚™b; a◌゙◌᜔◌à¥â—ŒÖ°b; a◌゙◌᜔◌à¥â—ŒÖ°b; a◌゙◌᜔◌à¥â—ŒÖ°b; a◌゙◌᜔◌à¥â—ŒÖ°b; ) LATIN SMALL LETTER A, TAGALOG SIGN VIRAMA, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 05B0 094D 3099 1734 0062;0061 3099 094D 1734 05B0 0062;0061 3099 094D 1734 05B0 0062;0061 3099 094D 1734 05B0 0062;0061 3099 094D 1734 05B0 0062; # (a◌ְ◌à¥â—Œã‚™â—Œáœ´b; a◌゙◌à¥â—Œáœ´â—ŒÖ°b; a◌゙◌à¥â—Œáœ´â—ŒÖ°b; a◌゙◌à¥â—Œáœ´â—ŒÖ°b; a◌゙◌à¥â—Œáœ´â—ŒÖ°b; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, HANUNOO SIGN PAMUDPOD, LATIN SMALL LETTER B +0061 1734 05B0 094D 3099 0062;0061 3099 1734 094D 05B0 0062;0061 3099 1734 094D 05B0 0062;0061 3099 1734 094D 05B0 0062;0061 3099 1734 094D 05B0 0062; # (a◌᜴◌ְ◌à¥â—Œã‚™b; a◌゙◌᜴◌à¥â—ŒÖ°b; a◌゙◌᜴◌à¥â—ŒÖ°b; a◌゙◌᜴◌à¥â—ŒÖ°b; a◌゙◌᜴◌à¥â—ŒÖ°b; ) LATIN SMALL LETTER A, HANUNOO SIGN PAMUDPOD, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 05B0 094D 3099 17D2 0062;0061 3099 094D 17D2 05B0 0062;0061 3099 094D 17D2 05B0 0062;0061 3099 094D 17D2 05B0 0062;0061 3099 094D 17D2 05B0 0062; # (a◌ְ◌à¥â—Œã‚™â—ŒáŸ’b; a◌゙◌à¥â—ŒáŸ’◌ְb; a◌゙◌à¥â—ŒáŸ’◌ְb; a◌゙◌à¥â—ŒáŸ’◌ְb; a◌゙◌à¥â—ŒáŸ’◌ְb; ) LATIN SMALL LETTER A, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, KHMER SIGN COENG, LATIN SMALL LETTER B +0061 17D2 05B0 094D 3099 0062;0061 3099 17D2 094D 05B0 0062;0061 3099 17D2 094D 05B0 0062;0061 3099 17D2 094D 05B0 0062;0061 3099 17D2 094D 05B0 0062; # (a◌្◌ְ◌à¥â—Œã‚™b; a◌゙◌្◌à¥â—ŒÖ°b; a◌゙◌្◌à¥â—ŒÖ°b; a◌゙◌្◌à¥â—ŒÖ°b; a◌゙◌្◌à¥â—ŒÖ°b; ) LATIN SMALL LETTER A, KHMER SIGN COENG, HEBREW POINT SHEVA, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 17DD 0062;00E0 05AE 17DD 0315 0062;0061 05AE 0300 17DD 0315 0062;00E0 05AE 17DD 0315 0062;0061 05AE 0300 17DD 0315 0062; # (a◌̕◌̀◌֮◌áŸb; à◌֮◌áŸâ—ŒÌ•b; a◌֮◌̀◌áŸâ—ŒÌ•b; à◌֮◌áŸâ—ŒÌ•b; a◌֮◌̀◌áŸâ—ŒÌ•b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, KHMER SIGN ATTHACAN, LATIN SMALL LETTER B +0061 17DD 0315 0300 05AE 0062;0061 05AE 17DD 0300 0315 0062;0061 05AE 17DD 0300 0315 0062;0061 05AE 17DD 0300 0315 0062;0061 05AE 17DD 0300 0315 0062; # (aâ—ŒáŸâ—ŒÌ•â—ŒÌ€â—ŒÖ®b; a◌֮◌áŸâ—ŒÌ€â—ŒÌ•b; a◌֮◌áŸâ—ŒÌ€â—ŒÌ•b; a◌֮◌áŸâ—ŒÌ€â—ŒÌ•b; a◌֮◌áŸâ—ŒÌ€â—ŒÌ•b; ) LATIN SMALL LETTER A, KHMER SIGN ATTHACAN, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0300 05AE 1D16D 18A9 0062;00E0 1D16D 05AE 18A9 0062;0061 1D16D 05AE 18A9 0300 0062;00E0 1D16D 05AE 18A9 0062;0061 1D16D 05AE 18A9 0300 0062; # (a◌̀◌֮ð…­ð…­â—Œá¢©b; àð…­ð…­â—ŒÖ®â—Œá¢©b; að…­ð…­â—ŒÖ®â—Œá¢©â—ŒÌ€b; àð…­ð…­â—ŒÖ®â—Œá¢©b; að…­ð…­â—ŒÖ®â—Œá¢©â—ŒÌ€b; ) LATIN SMALL LETTER A, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING AUGMENTATION DOT, MONGOLIAN LETTER ALI GALI DAGALGA, LATIN SMALL LETTER B +0061 18A9 0300 05AE 1D16D 0062;00E0 1D16D 18A9 05AE 0062;0061 1D16D 18A9 05AE 0300 0062;00E0 1D16D 18A9 05AE 0062;0061 1D16D 18A9 05AE 0300 0062; # (a◌ᢩ◌̀◌֮ð…­ð…­b; àð…­ð…­â—Œá¢©â—ŒÖ®b; að…­ð…­â—Œá¢©â—ŒÖ®â—ŒÌ€b; àð…­ð…­â—Œá¢©â—ŒÖ®b; að…­ð…­â—Œá¢©â—ŒÖ®â—ŒÌ€b; ) LATIN SMALL LETTER A, MONGOLIAN LETTER ALI GALI DAGALGA, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING AUGMENTATION DOT, LATIN SMALL LETTER B +0061 302E 059A 0316 1939 0062;0061 0316 059A 1939 302E 0062;0061 0316 059A 1939 302E 0062;0061 0316 059A 1939 302E 0062;0061 0316 059A 1939 302E 0062; # (a◌〮◌֚◌̖◌᤹b; a◌̖◌֚◌᤹◌〮b; a◌̖◌֚◌᤹◌〮b; a◌̖◌֚◌᤹◌〮b; a◌̖◌֚◌᤹◌〮b; ) LATIN SMALL LETTER A, HANGUL SINGLE DOT TONE MARK, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, LIMBU SIGN MUKPHRENG, LATIN SMALL LETTER B +0061 1939 302E 059A 0316 0062;0061 0316 1939 059A 302E 0062;0061 0316 1939 059A 302E 0062;0061 0316 1939 059A 302E 0062;0061 0316 1939 059A 302E 0062; # (a◌᤹◌〮◌֚◌̖b; a◌̖◌᤹◌֚◌〮b; a◌̖◌᤹◌֚◌〮b; a◌̖◌᤹◌֚◌〮b; a◌̖◌᤹◌֚◌〮b; ) LATIN SMALL LETTER A, LIMBU SIGN MUKPHRENG, HANGUL SINGLE DOT TONE MARK, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, LATIN SMALL LETTER B +0061 0315 0300 05AE 193A 0062;00E0 05AE 193A 0315 0062;0061 05AE 0300 193A 0315 0062;00E0 05AE 193A 0315 0062;0061 05AE 0300 193A 0315 0062; # (a◌̕◌̀◌֮◌᤺b; à◌֮◌᤺◌̕b; a◌֮◌̀◌᤺◌̕b; à◌֮◌᤺◌̕b; a◌֮◌̀◌᤺◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LIMBU SIGN KEMPHRENG, LATIN SMALL LETTER B +0061 193A 0315 0300 05AE 0062;0061 05AE 193A 0300 0315 0062;0061 05AE 193A 0300 0315 0062;0061 05AE 193A 0300 0315 0062;0061 05AE 193A 0300 0315 0062; # (a◌᤺◌̕◌̀◌֮b; a◌֮◌᤺◌̀◌̕b; a◌֮◌᤺◌̀◌̕b; a◌֮◌᤺◌̀◌̕b; a◌֮◌᤺◌̀◌̕b; ) LATIN SMALL LETTER A, LIMBU SIGN KEMPHRENG, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 193B 0062;0061 302A 0316 193B 059A 0062;0061 302A 0316 193B 059A 0062;0061 302A 0316 193B 059A 0062;0061 302A 0316 193B 059A 0062; # (a◌֚◌̖◌〪◌᤻b; a◌〪◌̖◌᤻◌֚b; a◌〪◌̖◌᤻◌֚b; a◌〪◌̖◌᤻◌֚b; a◌〪◌̖◌᤻◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LIMBU SIGN SA-I, LATIN SMALL LETTER B +0061 193B 059A 0316 302A 0062;0061 302A 193B 0316 059A 0062;0061 302A 193B 0316 059A 0062;0061 302A 193B 0316 059A 0062;0061 302A 193B 0316 059A 0062; # (a◌᤻◌֚◌̖◌〪b; a◌〪◌᤻◌̖◌֚b; a◌〪◌᤻◌̖◌֚b; a◌〪◌᤻◌̖◌֚b; a◌〪◌᤻◌̖◌֚b; ) LATIN SMALL LETTER A, LIMBU SIGN SA-I, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 20D0 0062;00E0 05AE 20D0 0315 0062;0061 05AE 0300 20D0 0315 0062;00E0 05AE 20D0 0315 0062;0061 05AE 0300 20D0 0315 0062; # (a◌̕◌̀◌֮◌âƒb; à◌֮◌âƒâ—ŒÌ•b; a◌֮◌̀◌âƒâ—ŒÌ•b; à◌֮◌âƒâ—ŒÌ•b; a◌֮◌̀◌âƒâ—ŒÌ•b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LEFT HARPOON ABOVE, LATIN SMALL LETTER B +0061 20D0 0315 0300 05AE 0062;0061 05AE 20D0 0300 0315 0062;0061 05AE 20D0 0300 0315 0062;0061 05AE 20D0 0300 0315 0062;0061 05AE 20D0 0300 0315 0062; # (aâ—Œâƒâ—ŒÌ•â—ŒÌ€â—ŒÖ®b; a◌֮◌âƒâ—ŒÌ€â—ŒÌ•b; a◌֮◌âƒâ—ŒÌ€â—ŒÌ•b; a◌֮◌âƒâ—ŒÌ€â—ŒÌ•b; a◌֮◌âƒâ—ŒÌ€â—ŒÌ•b; ) LATIN SMALL LETTER A, COMBINING LEFT HARPOON ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 20D1 0062;00E0 05AE 20D1 0315 0062;0061 05AE 0300 20D1 0315 0062;00E0 05AE 20D1 0315 0062;0061 05AE 0300 20D1 0315 0062; # (a◌̕◌̀◌֮◌⃑b; à◌֮◌⃑◌̕b; a◌֮◌̀◌⃑◌̕b; à◌֮◌⃑◌̕b; a◌֮◌̀◌⃑◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING RIGHT HARPOON ABOVE, LATIN SMALL LETTER B +0061 20D1 0315 0300 05AE 0062;0061 05AE 20D1 0300 0315 0062;0061 05AE 20D1 0300 0315 0062;0061 05AE 20D1 0300 0315 0062;0061 05AE 20D1 0300 0315 0062; # (a◌⃑◌̕◌̀◌֮b; a◌֮◌⃑◌̀◌̕b; a◌֮◌⃑◌̀◌̕b; a◌֮◌⃑◌̀◌̕b; a◌֮◌⃑◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING RIGHT HARPOON ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 093C 0334 20D2 0062;0061 0334 20D2 093C 0062;0061 0334 20D2 093C 0062;0061 0334 20D2 093C 0062;0061 0334 20D2 093C 0062; # (a◌़◌̴◌⃒b; a◌̴◌⃒◌़b; a◌̴◌⃒◌़b; a◌̴◌⃒◌़b; a◌̴◌⃒◌़b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, COMBINING LONG VERTICAL LINE OVERLAY, LATIN SMALL LETTER B +0061 20D2 093C 0334 0062;0061 20D2 0334 093C 0062;0061 20D2 0334 093C 0062;0061 20D2 0334 093C 0062;0061 20D2 0334 093C 0062; # (a◌⃒◌़◌̴b; a◌⃒◌̴◌़b; a◌⃒◌̴◌़b; a◌⃒◌̴◌़b; a◌⃒◌̴◌़b; ) LATIN SMALL LETTER A, COMBINING LONG VERTICAL LINE OVERLAY, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 093C 0334 20D3 0062;0061 0334 20D3 093C 0062;0061 0334 20D3 093C 0062;0061 0334 20D3 093C 0062;0061 0334 20D3 093C 0062; # (a◌़◌̴◌⃓b; a◌̴◌⃓◌़b; a◌̴◌⃓◌़b; a◌̴◌⃓◌़b; a◌̴◌⃓◌़b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, COMBINING SHORT VERTICAL LINE OVERLAY, LATIN SMALL LETTER B +0061 20D3 093C 0334 0062;0061 20D3 0334 093C 0062;0061 20D3 0334 093C 0062;0061 20D3 0334 093C 0062;0061 20D3 0334 093C 0062; # (a◌⃓◌़◌̴b; a◌⃓◌̴◌़b; a◌⃓◌̴◌़b; a◌⃓◌̴◌़b; a◌⃓◌̴◌़b; ) LATIN SMALL LETTER A, COMBINING SHORT VERTICAL LINE OVERLAY, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 0315 0300 05AE 20D4 0062;00E0 05AE 20D4 0315 0062;0061 05AE 0300 20D4 0315 0062;00E0 05AE 20D4 0315 0062;0061 05AE 0300 20D4 0315 0062; # (a◌̕◌̀◌֮◌⃔b; à◌֮◌⃔◌̕b; a◌֮◌̀◌⃔◌̕b; à◌֮◌⃔◌̕b; a◌֮◌̀◌⃔◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING ANTICLOCKWISE ARROW ABOVE, LATIN SMALL LETTER B +0061 20D4 0315 0300 05AE 0062;0061 05AE 20D4 0300 0315 0062;0061 05AE 20D4 0300 0315 0062;0061 05AE 20D4 0300 0315 0062;0061 05AE 20D4 0300 0315 0062; # (a◌⃔◌̕◌̀◌֮b; a◌֮◌⃔◌̀◌̕b; a◌֮◌⃔◌̀◌̕b; a◌֮◌⃔◌̀◌̕b; a◌֮◌⃔◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING ANTICLOCKWISE ARROW ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 20D5 0062;00E0 05AE 20D5 0315 0062;0061 05AE 0300 20D5 0315 0062;00E0 05AE 20D5 0315 0062;0061 05AE 0300 20D5 0315 0062; # (a◌̕◌̀◌֮◌⃕b; à◌֮◌⃕◌̕b; a◌֮◌̀◌⃕◌̕b; à◌֮◌⃕◌̕b; a◌֮◌̀◌⃕◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING CLOCKWISE ARROW ABOVE, LATIN SMALL LETTER B +0061 20D5 0315 0300 05AE 0062;0061 05AE 20D5 0300 0315 0062;0061 05AE 20D5 0300 0315 0062;0061 05AE 20D5 0300 0315 0062;0061 05AE 20D5 0300 0315 0062; # (a◌⃕◌̕◌̀◌֮b; a◌֮◌⃕◌̀◌̕b; a◌֮◌⃕◌̀◌̕b; a◌֮◌⃕◌̀◌̕b; a◌֮◌⃕◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING CLOCKWISE ARROW ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 20D6 0062;00E0 05AE 20D6 0315 0062;0061 05AE 0300 20D6 0315 0062;00E0 05AE 20D6 0315 0062;0061 05AE 0300 20D6 0315 0062; # (a◌̕◌̀◌֮◌⃖b; à◌֮◌⃖◌̕b; a◌֮◌̀◌⃖◌̕b; à◌֮◌⃖◌̕b; a◌֮◌̀◌⃖◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LEFT ARROW ABOVE, LATIN SMALL LETTER B +0061 20D6 0315 0300 05AE 0062;0061 05AE 20D6 0300 0315 0062;0061 05AE 20D6 0300 0315 0062;0061 05AE 20D6 0300 0315 0062;0061 05AE 20D6 0300 0315 0062; # (a◌⃖◌̕◌̀◌֮b; a◌֮◌⃖◌̀◌̕b; a◌֮◌⃖◌̀◌̕b; a◌֮◌⃖◌̀◌̕b; a◌֮◌⃖◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LEFT ARROW ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 20D7 0062;00E0 05AE 20D7 0315 0062;0061 05AE 0300 20D7 0315 0062;00E0 05AE 20D7 0315 0062;0061 05AE 0300 20D7 0315 0062; # (a◌̕◌̀◌֮◌⃗b; à◌֮◌⃗◌̕b; a◌֮◌̀◌⃗◌̕b; à◌֮◌⃗◌̕b; a◌֮◌̀◌⃗◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING RIGHT ARROW ABOVE, LATIN SMALL LETTER B +0061 20D7 0315 0300 05AE 0062;0061 05AE 20D7 0300 0315 0062;0061 05AE 20D7 0300 0315 0062;0061 05AE 20D7 0300 0315 0062;0061 05AE 20D7 0300 0315 0062; # (a◌⃗◌̕◌̀◌֮b; a◌֮◌⃗◌̀◌̕b; a◌֮◌⃗◌̀◌̕b; a◌֮◌⃗◌̀◌̕b; a◌֮◌⃗◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING RIGHT ARROW ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 093C 0334 20D8 0062;0061 0334 20D8 093C 0062;0061 0334 20D8 093C 0062;0061 0334 20D8 093C 0062;0061 0334 20D8 093C 0062; # (a◌़◌̴◌⃘b; a◌̴◌⃘◌़b; a◌̴◌⃘◌़b; a◌̴◌⃘◌़b; a◌̴◌⃘◌़b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, COMBINING RING OVERLAY, LATIN SMALL LETTER B +0061 20D8 093C 0334 0062;0061 20D8 0334 093C 0062;0061 20D8 0334 093C 0062;0061 20D8 0334 093C 0062;0061 20D8 0334 093C 0062; # (a◌⃘◌़◌̴b; a◌⃘◌̴◌़b; a◌⃘◌̴◌़b; a◌⃘◌̴◌़b; a◌⃘◌̴◌़b; ) LATIN SMALL LETTER A, COMBINING RING OVERLAY, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 093C 0334 20D9 0062;0061 0334 20D9 093C 0062;0061 0334 20D9 093C 0062;0061 0334 20D9 093C 0062;0061 0334 20D9 093C 0062; # (a◌़◌̴◌⃙b; a◌̴◌⃙◌़b; a◌̴◌⃙◌़b; a◌̴◌⃙◌़b; a◌̴◌⃙◌़b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, COMBINING CLOCKWISE RING OVERLAY, LATIN SMALL LETTER B +0061 20D9 093C 0334 0062;0061 20D9 0334 093C 0062;0061 20D9 0334 093C 0062;0061 20D9 0334 093C 0062;0061 20D9 0334 093C 0062; # (a◌⃙◌़◌̴b; a◌⃙◌̴◌़b; a◌⃙◌̴◌़b; a◌⃙◌̴◌़b; a◌⃙◌̴◌़b; ) LATIN SMALL LETTER A, COMBINING CLOCKWISE RING OVERLAY, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 093C 0334 20DA 0062;0061 0334 20DA 093C 0062;0061 0334 20DA 093C 0062;0061 0334 20DA 093C 0062;0061 0334 20DA 093C 0062; # (a◌़◌̴◌⃚b; a◌̴◌⃚◌़b; a◌̴◌⃚◌़b; a◌̴◌⃚◌़b; a◌̴◌⃚◌़b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, COMBINING ANTICLOCKWISE RING OVERLAY, LATIN SMALL LETTER B +0061 20DA 093C 0334 0062;0061 20DA 0334 093C 0062;0061 20DA 0334 093C 0062;0061 20DA 0334 093C 0062;0061 20DA 0334 093C 0062; # (a◌⃚◌़◌̴b; a◌⃚◌̴◌़b; a◌⃚◌̴◌़b; a◌⃚◌̴◌़b; a◌⃚◌̴◌़b; ) LATIN SMALL LETTER A, COMBINING ANTICLOCKWISE RING OVERLAY, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 0315 0300 05AE 20DB 0062;00E0 05AE 20DB 0315 0062;0061 05AE 0300 20DB 0315 0062;00E0 05AE 20DB 0315 0062;0061 05AE 0300 20DB 0315 0062; # (a◌̕◌̀◌֮◌⃛b; à◌֮◌⃛◌̕b; a◌֮◌̀◌⃛◌̕b; à◌֮◌⃛◌̕b; a◌֮◌̀◌⃛◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING THREE DOTS ABOVE, LATIN SMALL LETTER B +0061 20DB 0315 0300 05AE 0062;0061 05AE 20DB 0300 0315 0062;0061 05AE 20DB 0300 0315 0062;0061 05AE 20DB 0300 0315 0062;0061 05AE 20DB 0300 0315 0062; # (a◌⃛◌̕◌̀◌֮b; a◌֮◌⃛◌̀◌̕b; a◌֮◌⃛◌̀◌̕b; a◌֮◌⃛◌̀◌̕b; a◌֮◌⃛◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING THREE DOTS ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 20DC 0062;00E0 05AE 20DC 0315 0062;0061 05AE 0300 20DC 0315 0062;00E0 05AE 20DC 0315 0062;0061 05AE 0300 20DC 0315 0062; # (a◌̕◌̀◌֮◌⃜b; à◌֮◌⃜◌̕b; a◌֮◌̀◌⃜◌̕b; à◌֮◌⃜◌̕b; a◌֮◌̀◌⃜◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING FOUR DOTS ABOVE, LATIN SMALL LETTER B +0061 20DC 0315 0300 05AE 0062;0061 05AE 20DC 0300 0315 0062;0061 05AE 20DC 0300 0315 0062;0061 05AE 20DC 0300 0315 0062;0061 05AE 20DC 0300 0315 0062; # (a◌⃜◌̕◌̀◌֮b; a◌֮◌⃜◌̀◌̕b; a◌֮◌⃜◌̀◌̕b; a◌֮◌⃜◌̀◌̕b; a◌֮◌⃜◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING FOUR DOTS ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 20E1 0062;00E0 05AE 20E1 0315 0062;0061 05AE 0300 20E1 0315 0062;00E0 05AE 20E1 0315 0062;0061 05AE 0300 20E1 0315 0062; # (a◌̕◌̀◌֮◌⃡b; à◌֮◌⃡◌̕b; a◌֮◌̀◌⃡◌̕b; à◌֮◌⃡◌̕b; a◌֮◌̀◌⃡◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LEFT RIGHT ARROW ABOVE, LATIN SMALL LETTER B +0061 20E1 0315 0300 05AE 0062;0061 05AE 20E1 0300 0315 0062;0061 05AE 20E1 0300 0315 0062;0061 05AE 20E1 0300 0315 0062;0061 05AE 20E1 0300 0315 0062; # (a◌⃡◌̕◌̀◌֮b; a◌֮◌⃡◌̀◌̕b; a◌֮◌⃡◌̀◌̕b; a◌֮◌⃡◌̀◌̕b; a◌֮◌⃡◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LEFT RIGHT ARROW ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 093C 0334 20E5 0062;0061 0334 20E5 093C 0062;0061 0334 20E5 093C 0062;0061 0334 20E5 093C 0062;0061 0334 20E5 093C 0062; # (a◌़◌̴◌⃥b; a◌̴◌⃥◌़b; a◌̴◌⃥◌़b; a◌̴◌⃥◌़b; a◌̴◌⃥◌़b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, COMBINING REVERSE SOLIDUS OVERLAY, LATIN SMALL LETTER B +0061 20E5 093C 0334 0062;0061 20E5 0334 093C 0062;0061 20E5 0334 093C 0062;0061 20E5 0334 093C 0062;0061 20E5 0334 093C 0062; # (a◌⃥◌़◌̴b; a◌⃥◌̴◌़b; a◌⃥◌̴◌़b; a◌⃥◌̴◌़b; a◌⃥◌̴◌़b; ) LATIN SMALL LETTER A, COMBINING REVERSE SOLIDUS OVERLAY, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 093C 0334 20E6 0062;0061 0334 20E6 093C 0062;0061 0334 20E6 093C 0062;0061 0334 20E6 093C 0062;0061 0334 20E6 093C 0062; # (a◌़◌̴◌⃦b; a◌̴◌⃦◌़b; a◌̴◌⃦◌़b; a◌̴◌⃦◌़b; a◌̴◌⃦◌़b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, COMBINING DOUBLE VERTICAL STROKE OVERLAY, LATIN SMALL LETTER B +0061 20E6 093C 0334 0062;0061 20E6 0334 093C 0062;0061 20E6 0334 093C 0062;0061 20E6 0334 093C 0062;0061 20E6 0334 093C 0062; # (a◌⃦◌़◌̴b; a◌⃦◌̴◌़b; a◌⃦◌̴◌़b; a◌⃦◌̴◌़b; a◌⃦◌̴◌़b; ) LATIN SMALL LETTER A, COMBINING DOUBLE VERTICAL STROKE OVERLAY, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 0315 0300 05AE 20E7 0062;00E0 05AE 20E7 0315 0062;0061 05AE 0300 20E7 0315 0062;00E0 05AE 20E7 0315 0062;0061 05AE 0300 20E7 0315 0062; # (a◌̕◌̀◌֮◌⃧b; à◌֮◌⃧◌̕b; a◌֮◌̀◌⃧◌̕b; à◌֮◌⃧◌̕b; a◌֮◌̀◌⃧◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING ANNUITY SYMBOL, LATIN SMALL LETTER B +0061 20E7 0315 0300 05AE 0062;0061 05AE 20E7 0300 0315 0062;0061 05AE 20E7 0300 0315 0062;0061 05AE 20E7 0300 0315 0062;0061 05AE 20E7 0300 0315 0062; # (a◌⃧◌̕◌̀◌֮b; a◌֮◌⃧◌̀◌̕b; a◌֮◌⃧◌̀◌̕b; a◌֮◌⃧◌̀◌̕b; a◌֮◌⃧◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING ANNUITY SYMBOL, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 20E8 0062;0061 302A 0316 20E8 059A 0062;0061 302A 0316 20E8 059A 0062;0061 302A 0316 20E8 059A 0062;0061 302A 0316 20E8 059A 0062; # (a◌֚◌̖◌〪◌⃨b; a◌〪◌̖◌⃨◌֚b; a◌〪◌̖◌⃨◌֚b; a◌〪◌̖◌⃨◌֚b; a◌〪◌̖◌⃨◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING TRIPLE UNDERDOT, LATIN SMALL LETTER B +0061 20E8 059A 0316 302A 0062;0061 302A 20E8 0316 059A 0062;0061 302A 20E8 0316 059A 0062;0061 302A 20E8 0316 059A 0062;0061 302A 20E8 0316 059A 0062; # (a◌⃨◌֚◌̖◌〪b; a◌〪◌⃨◌̖◌֚b; a◌〪◌⃨◌̖◌֚b; a◌〪◌⃨◌̖◌֚b; a◌〪◌⃨◌̖◌֚b; ) LATIN SMALL LETTER A, COMBINING TRIPLE UNDERDOT, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 20E9 0062;00E0 05AE 20E9 0315 0062;0061 05AE 0300 20E9 0315 0062;00E0 05AE 20E9 0315 0062;0061 05AE 0300 20E9 0315 0062; # (a◌̕◌̀◌֮◌⃩b; à◌֮◌⃩◌̕b; a◌֮◌̀◌⃩◌̕b; à◌֮◌⃩◌̕b; a◌֮◌̀◌⃩◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING WIDE BRIDGE ABOVE, LATIN SMALL LETTER B +0061 20E9 0315 0300 05AE 0062;0061 05AE 20E9 0300 0315 0062;0061 05AE 20E9 0300 0315 0062;0061 05AE 20E9 0300 0315 0062;0061 05AE 20E9 0300 0315 0062; # (a◌⃩◌̕◌̀◌֮b; a◌֮◌⃩◌̀◌̕b; a◌֮◌⃩◌̀◌̕b; a◌֮◌⃩◌̀◌̕b; a◌֮◌⃩◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING WIDE BRIDGE ABOVE, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 093C 0334 20EA 0062;0061 0334 20EA 093C 0062;0061 0334 20EA 093C 0062;0061 0334 20EA 093C 0062;0061 0334 20EA 093C 0062; # (a◌़◌̴◌⃪b; a◌̴◌⃪◌़b; a◌̴◌⃪◌़b; a◌̴◌⃪◌़b; a◌̴◌⃪◌़b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, COMBINING LEFTWARDS ARROW OVERLAY, LATIN SMALL LETTER B +0061 20EA 093C 0334 0062;0061 20EA 0334 093C 0062;0061 20EA 0334 093C 0062;0061 20EA 0334 093C 0062;0061 20EA 0334 093C 0062; # (a◌⃪◌़◌̴b; a◌⃪◌̴◌़b; a◌⃪◌̴◌़b; a◌⃪◌̴◌़b; a◌⃪◌̴◌़b; ) LATIN SMALL LETTER A, COMBINING LEFTWARDS ARROW OVERLAY, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 0316 302A 031B 302A 0062;0061 031B 302A 302A 0316 0062;0061 031B 302A 302A 0316 0062;0061 031B 302A 302A 0316 0062;0061 031B 302A 302A 0316 0062; # (a◌̖◌〪◌̛◌〪b; a◌̛◌〪◌〪◌̖b; a◌̛◌〪◌〪◌̖b; a◌̛◌〪◌〪◌̖b; a◌̛◌〪◌〪◌̖b; ) LATIN SMALL LETTER A, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 302A 0316 302A 031B 0062;0061 031B 302A 302A 0316 0062;0061 031B 302A 302A 0316 0062;0061 031B 302A 302A 0316 0062;0061 031B 302A 302A 0316 0062; # (a◌〪◌̖◌〪◌̛b; a◌̛◌〪◌〪◌̖b; a◌̛◌〪◌〪◌̖b; a◌̛◌〪◌〪◌̖b; a◌̛◌〪◌〪◌̖b; ) LATIN SMALL LETTER A, IDEOGRAPHIC LEVEL TONE MARK, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, LATIN SMALL LETTER B +0061 0300 05AE 1D16D 302B 0062;00E0 1D16D 05AE 302B 0062;0061 1D16D 05AE 302B 0300 0062;00E0 1D16D 05AE 302B 0062;0061 1D16D 05AE 302B 0300 0062; # (a◌̀◌֮ð…­ð…­â—Œã€«b; àð…­ð…­â—ŒÖ®â—Œã€«b; að…­ð…­â—ŒÖ®â—Œã€«â—ŒÌ€b; àð…­ð…­â—ŒÖ®â—Œã€«b; að…­ð…­â—ŒÖ®â—Œã€«â—ŒÌ€b; ) LATIN SMALL LETTER A, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING AUGMENTATION DOT, IDEOGRAPHIC RISING TONE MARK, LATIN SMALL LETTER B +0061 302B 0300 05AE 1D16D 0062;00E0 1D16D 302B 05AE 0062;0061 1D16D 302B 05AE 0300 0062;00E0 1D16D 302B 05AE 0062;0061 1D16D 302B 05AE 0300 0062; # (a◌〫◌̀◌֮ð…­ð…­b; àð…­ð…­â—Œã€«â—ŒÖ®b; að…­ð…­â—Œã€«â—ŒÖ®â—ŒÌ€b; àð…­ð…­â—Œã€«â—ŒÖ®b; að…­ð…­â—Œã€«â—ŒÖ®â—ŒÌ€b; ) LATIN SMALL LETTER A, IDEOGRAPHIC RISING TONE MARK, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING AUGMENTATION DOT, LATIN SMALL LETTER B +0061 035F 0315 0300 302C 0062;00E0 0315 302C 035F 0062;0061 0300 0315 302C 035F 0062;00E0 0315 302C 035F 0062;0061 0300 0315 302C 035F 0062; # (a◌͟◌̕◌̀◌〬b; à◌̕◌〬◌͟b; a◌̀◌̕◌〬◌͟b; à◌̕◌〬◌͟b; a◌̀◌̕◌〬◌͟b; ) LATIN SMALL LETTER A, COMBINING DOUBLE MACRON BELOW, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, IDEOGRAPHIC DEPARTING TONE MARK, LATIN SMALL LETTER B +0061 302C 035F 0315 0300 0062;00E0 302C 0315 035F 0062;0061 0300 302C 0315 035F 0062;00E0 302C 0315 035F 0062;0061 0300 302C 0315 035F 0062; # (a◌〬◌͟◌̕◌̀b; à◌〬◌̕◌͟b; a◌̀◌〬◌̕◌͟b; à◌〬◌̕◌͟b; a◌̀◌〬◌̕◌͟b; ) LATIN SMALL LETTER A, IDEOGRAPHIC DEPARTING TONE MARK, COMBINING DOUBLE MACRON BELOW, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, LATIN SMALL LETTER B +0061 302E 059A 0316 302D 0062;0061 0316 059A 302D 302E 0062;0061 0316 059A 302D 302E 0062;0061 0316 059A 302D 302E 0062;0061 0316 059A 302D 302E 0062; # (a◌〮◌֚◌̖◌〭b; a◌̖◌֚◌〭◌〮b; a◌̖◌֚◌〭◌〮b; a◌̖◌֚◌〭◌〮b; a◌̖◌֚◌〭◌〮b; ) LATIN SMALL LETTER A, HANGUL SINGLE DOT TONE MARK, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC ENTERING TONE MARK, LATIN SMALL LETTER B +0061 302D 302E 059A 0316 0062;0061 0316 302D 059A 302E 0062;0061 0316 302D 059A 302E 0062;0061 0316 302D 059A 302E 0062;0061 0316 302D 059A 302E 0062; # (a◌〭◌〮◌֚◌̖b; a◌̖◌〭◌֚◌〮b; a◌̖◌〭◌֚◌〮b; a◌̖◌〭◌֚◌〮b; a◌̖◌〭◌֚◌〮b; ) LATIN SMALL LETTER A, IDEOGRAPHIC ENTERING TONE MARK, HANGUL SINGLE DOT TONE MARK, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, LATIN SMALL LETTER B +0061 1D16D 302E 059A 302E 0062;0061 059A 302E 302E 1D16D 0062;0061 059A 302E 302E 1D16D 0062;0061 059A 302E 302E 1D16D 0062;0061 059A 302E 302E 1D16D 0062; # (að…­ð…­â—Œã€®â—ŒÖšâ—Œã€®b; a◌֚◌〮◌〮ð…­ð…­b; a◌֚◌〮◌〮ð…­ð…­b; a◌֚◌〮◌〮ð…­ð…­b; a◌֚◌〮◌〮ð…­ð…­b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING AUGMENTATION DOT, HANGUL SINGLE DOT TONE MARK, HEBREW ACCENT YETIV, HANGUL SINGLE DOT TONE MARK, LATIN SMALL LETTER B +0061 302E 1D16D 302E 059A 0062;0061 059A 302E 302E 1D16D 0062;0061 059A 302E 302E 1D16D 0062;0061 059A 302E 302E 1D16D 0062;0061 059A 302E 302E 1D16D 0062; # (a◌〮ð…­ð…­â—Œã€®â—ŒÖšb; a◌֚◌〮◌〮ð…­ð…­b; a◌֚◌〮◌〮ð…­ð…­b; a◌֚◌〮◌〮ð…­ð…­b; a◌֚◌〮◌〮ð…­ð…­b; ) LATIN SMALL LETTER A, HANGUL SINGLE DOT TONE MARK, MUSICAL SYMBOL COMBINING AUGMENTATION DOT, HANGUL SINGLE DOT TONE MARK, HEBREW ACCENT YETIV, LATIN SMALL LETTER B +0061 1D16D 302E 059A 302F 0062;0061 059A 302E 302F 1D16D 0062;0061 059A 302E 302F 1D16D 0062;0061 059A 302E 302F 1D16D 0062;0061 059A 302E 302F 1D16D 0062; # (að…­ð…­â—Œã€®â—ŒÖšâ—Œã€¯b; a◌֚◌〮◌〯ð…­ð…­b; a◌֚◌〮◌〯ð…­ð…­b; a◌֚◌〮◌〯ð…­ð…­b; a◌֚◌〮◌〯ð…­ð…­b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING AUGMENTATION DOT, HANGUL SINGLE DOT TONE MARK, HEBREW ACCENT YETIV, HANGUL DOUBLE DOT TONE MARK, LATIN SMALL LETTER B +0061 302F 1D16D 302E 059A 0062;0061 059A 302F 302E 1D16D 0062;0061 059A 302F 302E 1D16D 0062;0061 059A 302F 302E 1D16D 0062;0061 059A 302F 302E 1D16D 0062; # (a◌〯ð…­ð…­â—Œã€®â—ŒÖšb; a◌֚◌〯◌〮ð…­ð…­b; a◌֚◌〯◌〮ð…­ð…­b; a◌֚◌〯◌〮ð…­ð…­b; a◌֚◌〯◌〮ð…­ð…­b; ) LATIN SMALL LETTER A, HANGUL DOUBLE DOT TONE MARK, MUSICAL SYMBOL COMBINING AUGMENTATION DOT, HANGUL SINGLE DOT TONE MARK, HEBREW ACCENT YETIV, LATIN SMALL LETTER B +0061 094D 3099 093C 3099 0062;0061 093C 3099 3099 094D 0062;0061 093C 3099 3099 094D 0062;0061 093C 3099 3099 094D 0062;0061 093C 3099 3099 094D 0062; # (aâ—Œà¥â—Œã‚™â—Œà¤¼â—Œã‚™b; a◌़◌゙◌゙◌à¥b; a◌़◌゙◌゙◌à¥b; a◌़◌゙◌゙◌à¥b; a◌़◌゙◌゙◌à¥b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, LATIN SMALL LETTER B +0061 3099 094D 3099 093C 0062;0061 093C 3099 3099 094D 0062;0061 093C 3099 3099 094D 0062;0061 093C 3099 3099 094D 0062;0061 093C 3099 3099 094D 0062; # (a◌゙◌à¥â—Œã‚™â—Œà¤¼b; a◌़◌゙◌゙◌à¥b; a◌़◌゙◌゙◌à¥b; a◌़◌゙◌゙◌à¥b; a◌़◌゙◌゙◌à¥b; ) LATIN SMALL LETTER A, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, LATIN SMALL LETTER B +0061 094D 3099 093C 309A 0062;0061 093C 3099 309A 094D 0062;0061 093C 3099 309A 094D 0062;0061 093C 3099 309A 094D 0062;0061 093C 3099 309A 094D 0062; # (aâ—Œà¥â—Œã‚™â—Œà¤¼â—Œã‚šb; a◌़◌゙◌゚◌à¥b; a◌़◌゙◌゚◌à¥b; a◌़◌゙◌゚◌à¥b; a◌़◌゙◌゚◌à¥b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, COMBINING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK, LATIN SMALL LETTER B +0061 309A 094D 3099 093C 0062;0061 093C 309A 3099 094D 0062;0061 093C 309A 3099 094D 0062;0061 093C 309A 3099 094D 0062;0061 093C 309A 3099 094D 0062; # (a◌゚◌à¥â—Œã‚™â—Œà¤¼b; a◌़◌゚◌゙◌à¥b; a◌़◌゚◌゙◌à¥b; a◌़◌゚◌゙◌à¥b; a◌़◌゚◌゙◌à¥b; ) LATIN SMALL LETTER A, COMBINING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK, DEVANAGARI SIGN VIRAMA, COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK, DEVANAGARI SIGN NUKTA, LATIN SMALL LETTER B +0061 064B FB1E 05C2 FB1E 0062;0061 05C2 FB1E FB1E 064B 0062;0061 05C2 FB1E FB1E 064B 0062;0061 05C2 FB1E FB1E 064B 0062;0061 05C2 FB1E FB1E 064B 0062; # (a◌ً◌ﬞ◌ׂ◌ﬞb; a◌ׂ◌ﬞ◌ﬞ◌ًb; a◌ׂ◌ﬞ◌ﬞ◌ًb; a◌ׂ◌ﬞ◌ﬞ◌ًb; a◌ׂ◌ﬞ◌ﬞ◌ًb; ) LATIN SMALL LETTER A, ARABIC FATHATAN, HEBREW POINT JUDEO-SPANISH VARIKA, HEBREW POINT SIN DOT, HEBREW POINT JUDEO-SPANISH VARIKA, LATIN SMALL LETTER B +0061 FB1E 064B FB1E 05C2 0062;0061 05C2 FB1E FB1E 064B 0062;0061 05C2 FB1E FB1E 064B 0062;0061 05C2 FB1E FB1E 064B 0062;0061 05C2 FB1E FB1E 064B 0062; # (a◌ﬞ◌ً◌ﬞ◌ׂb; a◌ׂ◌ﬞ◌ﬞ◌ًb; a◌ׂ◌ﬞ◌ﬞ◌ًb; a◌ׂ◌ﬞ◌ﬞ◌ًb; a◌ׂ◌ﬞ◌ﬞ◌ًb; ) LATIN SMALL LETTER A, HEBREW POINT JUDEO-SPANISH VARIKA, ARABIC FATHATAN, HEBREW POINT JUDEO-SPANISH VARIKA, HEBREW POINT SIN DOT, LATIN SMALL LETTER B +0061 0315 0300 05AE FE20 0062;00E0 05AE FE20 0315 0062;0061 05AE 0300 FE20 0315 0062;00E0 05AE FE20 0315 0062;0061 05AE 0300 FE20 0315 0062; # (a◌̕◌̀◌֮◌︠b; à◌֮◌︠◌̕b; a◌֮◌̀◌︠◌̕b; à◌֮◌︠◌̕b; a◌֮◌̀◌︠◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LIGATURE LEFT HALF, LATIN SMALL LETTER B +0061 FE20 0315 0300 05AE 0062;0061 05AE FE20 0300 0315 0062;0061 05AE FE20 0300 0315 0062;0061 05AE FE20 0300 0315 0062;0061 05AE FE20 0300 0315 0062; # (a◌︠◌̕◌̀◌֮b; a◌֮◌︠◌̀◌̕b; a◌֮◌︠◌̀◌̕b; a◌֮◌︠◌̀◌̕b; a◌֮◌︠◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LIGATURE LEFT HALF, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE FE21 0062;00E0 05AE FE21 0315 0062;0061 05AE 0300 FE21 0315 0062;00E0 05AE FE21 0315 0062;0061 05AE 0300 FE21 0315 0062; # (a◌̕◌̀◌֮◌︡b; à◌֮◌︡◌̕b; a◌֮◌̀◌︡◌̕b; à◌֮◌︡◌̕b; a◌֮◌̀◌︡◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING LIGATURE RIGHT HALF, LATIN SMALL LETTER B +0061 FE21 0315 0300 05AE 0062;0061 05AE FE21 0300 0315 0062;0061 05AE FE21 0300 0315 0062;0061 05AE FE21 0300 0315 0062;0061 05AE FE21 0300 0315 0062; # (a◌︡◌̕◌̀◌֮b; a◌֮◌︡◌̀◌̕b; a◌֮◌︡◌̀◌̕b; a◌֮◌︡◌̀◌̕b; a◌֮◌︡◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING LIGATURE RIGHT HALF, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE FE22 0062;00E0 05AE FE22 0315 0062;0061 05AE 0300 FE22 0315 0062;00E0 05AE FE22 0315 0062;0061 05AE 0300 FE22 0315 0062; # (a◌̕◌̀◌֮◌︢b; à◌֮◌︢◌̕b; a◌֮◌̀◌︢◌̕b; à◌֮◌︢◌̕b; a◌֮◌̀◌︢◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING DOUBLE TILDE LEFT HALF, LATIN SMALL LETTER B +0061 FE22 0315 0300 05AE 0062;0061 05AE FE22 0300 0315 0062;0061 05AE FE22 0300 0315 0062;0061 05AE FE22 0300 0315 0062;0061 05AE FE22 0300 0315 0062; # (a◌︢◌̕◌̀◌֮b; a◌֮◌︢◌̀◌̕b; a◌֮◌︢◌̀◌̕b; a◌֮◌︢◌̀◌̕b; a◌֮◌︢◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING DOUBLE TILDE LEFT HALF, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE FE23 0062;00E0 05AE FE23 0315 0062;0061 05AE 0300 FE23 0315 0062;00E0 05AE FE23 0315 0062;0061 05AE 0300 FE23 0315 0062; # (a◌̕◌̀◌֮◌︣b; à◌֮◌︣◌̕b; a◌֮◌̀◌︣◌̕b; à◌֮◌︣◌̕b; a◌֮◌̀◌︣◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, COMBINING DOUBLE TILDE RIGHT HALF, LATIN SMALL LETTER B +0061 FE23 0315 0300 05AE 0062;0061 05AE FE23 0300 0315 0062;0061 05AE FE23 0300 0315 0062;0061 05AE FE23 0300 0315 0062;0061 05AE FE23 0300 0315 0062; # (a◌︣◌̕◌̀◌֮b; a◌֮◌︣◌̀◌̕b; a◌֮◌︣◌̀◌̕b; a◌֮◌︣◌̀◌̕b; a◌֮◌︣◌̀◌̕b; ) LATIN SMALL LETTER A, COMBINING DOUBLE TILDE RIGHT HALF, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 302A 031B 0321 1D165 0062;0061 0321 031B 1D165 302A 0062;0061 0321 031B 1D165 302A 0062;0061 0321 031B 1D165 302A 0062;0061 0321 031B 1D165 302A 0062; # (a◌〪◌̛◌̡ð…¥ð…¥b; a◌̡◌̛ð…¥ð…¥â—Œã€ªb; a◌̡◌̛ð…¥ð…¥â—Œã€ªb; a◌̡◌̛ð…¥ð…¥â—Œã€ªb; a◌̡◌̛ð…¥ð…¥â—Œã€ªb; ) LATIN SMALL LETTER A, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, MUSICAL SYMBOL COMBINING STEM, LATIN SMALL LETTER B +0061 1D165 302A 031B 0321 0062;0061 0321 1D165 031B 302A 0062;0061 0321 1D165 031B 302A 0062;0061 0321 1D165 031B 302A 0062;0061 0321 1D165 031B 302A 0062; # (að…¥ð…¥â—Œã€ªâ—ŒÌ›â—ŒÌ¡b; a◌̡ð…¥ð…¥â—ŒÌ›â—Œã€ªb; a◌̡ð…¥ð…¥â—ŒÌ›â—Œã€ªb; a◌̡ð…¥ð…¥â—ŒÌ›â—Œã€ªb; a◌̡ð…¥ð…¥â—ŒÌ›â—Œã€ªb; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING STEM, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, LATIN SMALL LETTER B +0061 302A 031B 0321 1D166 0062;0061 0321 031B 1D166 302A 0062;0061 0321 031B 1D166 302A 0062;0061 0321 031B 1D166 302A 0062;0061 0321 031B 1D166 302A 0062; # (a◌〪◌̛◌̡ð…¦ð…¦b; a◌̡◌̛ð…¦ð…¦â—Œã€ªb; a◌̡◌̛ð…¦ð…¦â—Œã€ªb; a◌̡◌̛ð…¦ð…¦â—Œã€ªb; a◌̡◌̛ð…¦ð…¦â—Œã€ªb; ) LATIN SMALL LETTER A, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, MUSICAL SYMBOL COMBINING SPRECHGESANG STEM, LATIN SMALL LETTER B +0061 1D166 302A 031B 0321 0062;0061 0321 1D166 031B 302A 0062;0061 0321 1D166 031B 302A 0062;0061 0321 1D166 031B 302A 0062;0061 0321 1D166 031B 302A 0062; # (að…¦ð…¦â—Œã€ªâ—ŒÌ›â—ŒÌ¡b; a◌̡ð…¦ð…¦â—ŒÌ›â—Œã€ªb; a◌̡ð…¦ð…¦â—ŒÌ›â—Œã€ªb; a◌̡ð…¦ð…¦â—ŒÌ›â—Œã€ªb; a◌̡ð…¦ð…¦â—ŒÌ›â—Œã€ªb; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING SPRECHGESANG STEM, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, LATIN SMALL LETTER B +0061 093C 0334 1D167 0062;0061 0334 1D167 093C 0062;0061 0334 1D167 093C 0062;0061 0334 1D167 093C 0062;0061 0334 1D167 093C 0062; # (a◌़◌̴◌ð…§â—Œð…§b; a◌̴◌ð…§â—Œð…§â—Œà¤¼b; a◌̴◌ð…§â—Œð…§â—Œà¤¼b; a◌̴◌ð…§â—Œð…§â—Œà¤¼b; a◌̴◌ð…§â—Œð…§â—Œà¤¼b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, MUSICAL SYMBOL COMBINING TREMOLO-1, LATIN SMALL LETTER B +0061 1D167 093C 0334 0062;0061 1D167 0334 093C 0062;0061 1D167 0334 093C 0062;0061 1D167 0334 093C 0062;0061 1D167 0334 093C 0062; # (aâ—Œð…§â—Œð…§â—Œà¤¼â—ŒÌ´b; aâ—Œð…§â—Œð…§â—ŒÌ´â—Œà¤¼b; aâ—Œð…§â—Œð…§â—ŒÌ´â—Œà¤¼b; aâ—Œð…§â—Œð…§â—ŒÌ´â—Œà¤¼b; aâ—Œð…§â—Œð…§â—ŒÌ´â—Œà¤¼b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING TREMOLO-1, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 093C 0334 1D168 0062;0061 0334 1D168 093C 0062;0061 0334 1D168 093C 0062;0061 0334 1D168 093C 0062;0061 0334 1D168 093C 0062; # (a◌़◌̴◌ð…¨â—Œð…¨b; a◌̴◌ð…¨â—Œð…¨â—Œà¤¼b; a◌̴◌ð…¨â—Œð…¨â—Œà¤¼b; a◌̴◌ð…¨â—Œð…¨â—Œà¤¼b; a◌̴◌ð…¨â—Œð…¨â—Œà¤¼b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, MUSICAL SYMBOL COMBINING TREMOLO-2, LATIN SMALL LETTER B +0061 1D168 093C 0334 0062;0061 1D168 0334 093C 0062;0061 1D168 0334 093C 0062;0061 1D168 0334 093C 0062;0061 1D168 0334 093C 0062; # (aâ—Œð…¨â—Œð…¨â—Œà¤¼â—ŒÌ´b; aâ—Œð…¨â—Œð…¨â—ŒÌ´â—Œà¤¼b; aâ—Œð…¨â—Œð…¨â—ŒÌ´â—Œà¤¼b; aâ—Œð…¨â—Œð…¨â—ŒÌ´â—Œà¤¼b; aâ—Œð…¨â—Œð…¨â—ŒÌ´â—Œà¤¼b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING TREMOLO-2, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 093C 0334 1D169 0062;0061 0334 1D169 093C 0062;0061 0334 1D169 093C 0062;0061 0334 1D169 093C 0062;0061 0334 1D169 093C 0062; # (a◌़◌̴◌ð…©â—Œð…©b; a◌̴◌ð…©â—Œð…©â—Œà¤¼b; a◌̴◌ð…©â—Œð…©â—Œà¤¼b; a◌̴◌ð…©â—Œð…©â—Œà¤¼b; a◌̴◌ð…©â—Œð…©â—Œà¤¼b; ) LATIN SMALL LETTER A, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, MUSICAL SYMBOL COMBINING TREMOLO-3, LATIN SMALL LETTER B +0061 1D169 093C 0334 0062;0061 1D169 0334 093C 0062;0061 1D169 0334 093C 0062;0061 1D169 0334 093C 0062;0061 1D169 0334 093C 0062; # (aâ—Œð…©â—Œð…©â—Œà¤¼â—ŒÌ´b; aâ—Œð…©â—Œð…©â—ŒÌ´â—Œà¤¼b; aâ—Œð…©â—Œð…©â—ŒÌ´â—Œà¤¼b; aâ—Œð…©â—Œð…©â—ŒÌ´â—Œà¤¼b; aâ—Œð…©â—Œð…©â—ŒÌ´â—Œà¤¼b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING TREMOLO-3, DEVANAGARI SIGN NUKTA, COMBINING TILDE OVERLAY, LATIN SMALL LETTER B +0061 05AE 1D16D 302E 1D16D 0062;0061 302E 1D16D 1D16D 05AE 0062;0061 302E 1D16D 1D16D 05AE 0062;0061 302E 1D16D 1D16D 05AE 0062;0061 302E 1D16D 1D16D 05AE 0062; # (a◌֮ð…­ð…­â—Œã€®ð…­ð…­b; a◌〮ð…­ð…­ð…­ð…­â—ŒÖ®b; a◌〮ð…­ð…­ð…­ð…­â—ŒÖ®b; a◌〮ð…­ð…­ð…­ð…­â—ŒÖ®b; a◌〮ð…­ð…­ð…­ð…­â—ŒÖ®b; ) LATIN SMALL LETTER A, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING AUGMENTATION DOT, HANGUL SINGLE DOT TONE MARK, MUSICAL SYMBOL COMBINING AUGMENTATION DOT, LATIN SMALL LETTER B +0061 1D16D 05AE 1D16D 302E 0062;0061 302E 1D16D 1D16D 05AE 0062;0061 302E 1D16D 1D16D 05AE 0062;0061 302E 1D16D 1D16D 05AE 0062;0061 302E 1D16D 1D16D 05AE 0062; # (að…­ð…­â—ŒÖ®ð…­ð…­â—Œã€®b; a◌〮ð…­ð…­ð…­ð…­â—ŒÖ®b; a◌〮ð…­ð…­ð…­ð…­â—ŒÖ®b; a◌〮ð…­ð…­ð…­ð…­â—ŒÖ®b; a◌〮ð…­ð…­ð…­ð…­â—ŒÖ®b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING AUGMENTATION DOT, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING AUGMENTATION DOT, HANGUL SINGLE DOT TONE MARK, LATIN SMALL LETTER B +0061 302A 031B 0321 1D16E 0062;0061 0321 031B 1D16E 302A 0062;0061 0321 031B 1D16E 302A 0062;0061 0321 031B 1D16E 302A 0062;0061 0321 031B 1D16E 302A 0062; # (a◌〪◌̛◌̡ð…®ð…®b; a◌̡◌̛ð…®ð…®â—Œã€ªb; a◌̡◌̛ð…®ð…®â—Œã€ªb; a◌̡◌̛ð…®ð…®â—Œã€ªb; a◌̡◌̛ð…®ð…®â—Œã€ªb; ) LATIN SMALL LETTER A, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, MUSICAL SYMBOL COMBINING FLAG-1, LATIN SMALL LETTER B +0061 1D16E 302A 031B 0321 0062;0061 0321 1D16E 031B 302A 0062;0061 0321 1D16E 031B 302A 0062;0061 0321 1D16E 031B 302A 0062;0061 0321 1D16E 031B 302A 0062; # (að…®ð…®â—Œã€ªâ—ŒÌ›â—ŒÌ¡b; a◌̡ð…®ð…®â—ŒÌ›â—Œã€ªb; a◌̡ð…®ð…®â—ŒÌ›â—Œã€ªb; a◌̡ð…®ð…®â—ŒÌ›â—Œã€ªb; a◌̡ð…®ð…®â—ŒÌ›â—Œã€ªb; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING FLAG-1, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, LATIN SMALL LETTER B +0061 302A 031B 0321 1D16F 0062;0061 0321 031B 1D16F 302A 0062;0061 0321 031B 1D16F 302A 0062;0061 0321 031B 1D16F 302A 0062;0061 0321 031B 1D16F 302A 0062; # (a◌〪◌̛◌̡ð…¯ð…¯b; a◌̡◌̛ð…¯ð…¯â—Œã€ªb; a◌̡◌̛ð…¯ð…¯â—Œã€ªb; a◌̡◌̛ð…¯ð…¯â—Œã€ªb; a◌̡◌̛ð…¯ð…¯â—Œã€ªb; ) LATIN SMALL LETTER A, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, MUSICAL SYMBOL COMBINING FLAG-2, LATIN SMALL LETTER B +0061 1D16F 302A 031B 0321 0062;0061 0321 1D16F 031B 302A 0062;0061 0321 1D16F 031B 302A 0062;0061 0321 1D16F 031B 302A 0062;0061 0321 1D16F 031B 302A 0062; # (að…¯ð…¯â—Œã€ªâ—ŒÌ›â—ŒÌ¡b; a◌̡ð…¯ð…¯â—ŒÌ›â—Œã€ªb; a◌̡ð…¯ð…¯â—ŒÌ›â—Œã€ªb; a◌̡ð…¯ð…¯â—ŒÌ›â—Œã€ªb; a◌̡ð…¯ð…¯â—ŒÌ›â—Œã€ªb; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING FLAG-2, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, LATIN SMALL LETTER B +0061 302A 031B 0321 1D170 0062;0061 0321 031B 1D170 302A 0062;0061 0321 031B 1D170 302A 0062;0061 0321 031B 1D170 302A 0062;0061 0321 031B 1D170 302A 0062; # (a◌〪◌̛◌̡ð…°ð…°b; a◌̡◌̛ð…°ð…°â—Œã€ªb; a◌̡◌̛ð…°ð…°â—Œã€ªb; a◌̡◌̛ð…°ð…°â—Œã€ªb; a◌̡◌̛ð…°ð…°â—Œã€ªb; ) LATIN SMALL LETTER A, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, MUSICAL SYMBOL COMBINING FLAG-3, LATIN SMALL LETTER B +0061 1D170 302A 031B 0321 0062;0061 0321 1D170 031B 302A 0062;0061 0321 1D170 031B 302A 0062;0061 0321 1D170 031B 302A 0062;0061 0321 1D170 031B 302A 0062; # (að…°ð…°â—Œã€ªâ—ŒÌ›â—ŒÌ¡b; a◌̡ð…°ð…°â—ŒÌ›â—Œã€ªb; a◌̡ð…°ð…°â—ŒÌ›â—Œã€ªb; a◌̡ð…°ð…°â—ŒÌ›â—Œã€ªb; a◌̡ð…°ð…°â—ŒÌ›â—Œã€ªb; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING FLAG-3, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, LATIN SMALL LETTER B +0061 302A 031B 0321 1D171 0062;0061 0321 031B 1D171 302A 0062;0061 0321 031B 1D171 302A 0062;0061 0321 031B 1D171 302A 0062;0061 0321 031B 1D171 302A 0062; # (a◌〪◌̛◌̡ð…±ð…±b; a◌̡◌̛ð…±ð…±â—Œã€ªb; a◌̡◌̛ð…±ð…±â—Œã€ªb; a◌̡◌̛ð…±ð…±â—Œã€ªb; a◌̡◌̛ð…±ð…±â—Œã€ªb; ) LATIN SMALL LETTER A, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, MUSICAL SYMBOL COMBINING FLAG-4, LATIN SMALL LETTER B +0061 1D171 302A 031B 0321 0062;0061 0321 1D171 031B 302A 0062;0061 0321 1D171 031B 302A 0062;0061 0321 1D171 031B 302A 0062;0061 0321 1D171 031B 302A 0062; # (að…±ð…±â—Œã€ªâ—ŒÌ›â—ŒÌ¡b; a◌̡ð…±ð…±â—ŒÌ›â—Œã€ªb; a◌̡ð…±ð…±â—ŒÌ›â—Œã€ªb; a◌̡ð…±ð…±â—ŒÌ›â—Œã€ªb; a◌̡ð…±ð…±â—ŒÌ›â—Œã€ªb; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING FLAG-4, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, LATIN SMALL LETTER B +0061 302A 031B 0321 1D172 0062;0061 0321 031B 1D172 302A 0062;0061 0321 031B 1D172 302A 0062;0061 0321 031B 1D172 302A 0062;0061 0321 031B 1D172 302A 0062; # (a◌〪◌̛◌̡ð…²ð…²b; a◌̡◌̛ð…²ð…²â—Œã€ªb; a◌̡◌̛ð…²ð…²â—Œã€ªb; a◌̡◌̛ð…²ð…²â—Œã€ªb; a◌̡◌̛ð…²ð…²â—Œã€ªb; ) LATIN SMALL LETTER A, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, MUSICAL SYMBOL COMBINING FLAG-5, LATIN SMALL LETTER B +0061 1D172 302A 031B 0321 0062;0061 0321 1D172 031B 302A 0062;0061 0321 1D172 031B 302A 0062;0061 0321 1D172 031B 302A 0062;0061 0321 1D172 031B 302A 0062; # (að…²ð…²â—Œã€ªâ—ŒÌ›â—ŒÌ¡b; a◌̡ð…²ð…²â—ŒÌ›â—Œã€ªb; a◌̡ð…²ð…²â—ŒÌ›â—Œã€ªb; a◌̡ð…²ð…²â—ŒÌ›â—Œã€ªb; a◌̡ð…²ð…²â—ŒÌ›â—Œã€ªb; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING FLAG-5, IDEOGRAPHIC LEVEL TONE MARK, COMBINING HORN, COMBINING PALATALIZED HOOK BELOW, LATIN SMALL LETTER B +0061 059A 0316 302A 1D17B 0062;0061 302A 0316 1D17B 059A 0062;0061 302A 0316 1D17B 059A 0062;0061 302A 0316 1D17B 059A 0062;0061 302A 0316 1D17B 059A 0062; # (a◌֚◌̖◌〪◌ð…»â—Œð…»b; a◌〪◌̖◌ð…»â—Œð…»â—ŒÖšb; a◌〪◌̖◌ð…»â—Œð…»â—ŒÖšb; a◌〪◌̖◌ð…»â—Œð…»â—ŒÖšb; a◌〪◌̖◌ð…»â—Œð…»â—ŒÖšb; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, MUSICAL SYMBOL COMBINING ACCENT, LATIN SMALL LETTER B +0061 1D17B 059A 0316 302A 0062;0061 302A 1D17B 0316 059A 0062;0061 302A 1D17B 0316 059A 0062;0061 302A 1D17B 0316 059A 0062;0061 302A 1D17B 0316 059A 0062; # (aâ—Œð…»â—Œð…»â—ŒÖšâ—ŒÌ–◌〪b; a◌〪◌ð…»â—Œð…»â—ŒÌ–◌֚b; a◌〪◌ð…»â—Œð…»â—ŒÌ–◌֚b; a◌〪◌ð…»â—Œð…»â—ŒÌ–◌֚b; a◌〪◌ð…»â—Œð…»â—ŒÌ–◌֚b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING ACCENT, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 1D17C 0062;0061 302A 0316 1D17C 059A 0062;0061 302A 0316 1D17C 059A 0062;0061 302A 0316 1D17C 059A 0062;0061 302A 0316 1D17C 059A 0062; # (a◌֚◌̖◌〪◌ð…¼â—Œð…¼b; a◌〪◌̖◌ð…¼â—Œð…¼â—ŒÖšb; a◌〪◌̖◌ð…¼â—Œð…¼â—ŒÖšb; a◌〪◌̖◌ð…¼â—Œð…¼â—ŒÖšb; a◌〪◌̖◌ð…¼â—Œð…¼â—ŒÖšb; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, MUSICAL SYMBOL COMBINING STACCATO, LATIN SMALL LETTER B +0061 1D17C 059A 0316 302A 0062;0061 302A 1D17C 0316 059A 0062;0061 302A 1D17C 0316 059A 0062;0061 302A 1D17C 0316 059A 0062;0061 302A 1D17C 0316 059A 0062; # (aâ—Œð…¼â—Œð…¼â—ŒÖšâ—ŒÌ–◌〪b; a◌〪◌ð…¼â—Œð…¼â—ŒÌ–◌֚b; a◌〪◌ð…¼â—Œð…¼â—ŒÌ–◌֚b; a◌〪◌ð…¼â—Œð…¼â—ŒÌ–◌֚b; a◌〪◌ð…¼â—Œð…¼â—ŒÌ–◌֚b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING STACCATO, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 1D17D 0062;0061 302A 0316 1D17D 059A 0062;0061 302A 0316 1D17D 059A 0062;0061 302A 0316 1D17D 059A 0062;0061 302A 0316 1D17D 059A 0062; # (a◌֚◌̖◌〪◌ð…½â—Œð…½b; a◌〪◌̖◌ð…½â—Œð…½â—ŒÖšb; a◌〪◌̖◌ð…½â—Œð…½â—ŒÖšb; a◌〪◌̖◌ð…½â—Œð…½â—ŒÖšb; a◌〪◌̖◌ð…½â—Œð…½â—ŒÖšb; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, MUSICAL SYMBOL COMBINING TENUTO, LATIN SMALL LETTER B +0061 1D17D 059A 0316 302A 0062;0061 302A 1D17D 0316 059A 0062;0061 302A 1D17D 0316 059A 0062;0061 302A 1D17D 0316 059A 0062;0061 302A 1D17D 0316 059A 0062; # (aâ—Œð…½â—Œð…½â—ŒÖšâ—ŒÌ–◌〪b; a◌〪◌ð…½â—Œð…½â—ŒÌ–◌֚b; a◌〪◌ð…½â—Œð…½â—ŒÌ–◌֚b; a◌〪◌ð…½â—Œð…½â—ŒÌ–◌֚b; a◌〪◌ð…½â—Œð…½â—ŒÌ–◌֚b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING TENUTO, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 1D17E 0062;0061 302A 0316 1D17E 059A 0062;0061 302A 0316 1D17E 059A 0062;0061 302A 0316 1D17E 059A 0062;0061 302A 0316 1D17E 059A 0062; # (a◌֚◌̖◌〪◌ð…¾â—Œð…¾b; a◌〪◌̖◌ð…¾â—Œð…¾â—ŒÖšb; a◌〪◌̖◌ð…¾â—Œð…¾â—ŒÖšb; a◌〪◌̖◌ð…¾â—Œð…¾â—ŒÖšb; a◌〪◌̖◌ð…¾â—Œð…¾â—ŒÖšb; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, MUSICAL SYMBOL COMBINING STACCATISSIMO, LATIN SMALL LETTER B +0061 1D17E 059A 0316 302A 0062;0061 302A 1D17E 0316 059A 0062;0061 302A 1D17E 0316 059A 0062;0061 302A 1D17E 0316 059A 0062;0061 302A 1D17E 0316 059A 0062; # (aâ—Œð…¾â—Œð…¾â—ŒÖšâ—ŒÌ–◌〪b; a◌〪◌ð…¾â—Œð…¾â—ŒÌ–◌֚b; a◌〪◌ð…¾â—Œð…¾â—ŒÌ–◌֚b; a◌〪◌ð…¾â—Œð…¾â—ŒÌ–◌֚b; a◌〪◌ð…¾â—Œð…¾â—ŒÌ–◌֚b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING STACCATISSIMO, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 1D17F 0062;0061 302A 0316 1D17F 059A 0062;0061 302A 0316 1D17F 059A 0062;0061 302A 0316 1D17F 059A 0062;0061 302A 0316 1D17F 059A 0062; # (a◌֚◌̖◌〪◌ð…¿â—Œð…¿b; a◌〪◌̖◌ð…¿â—Œð…¿â—ŒÖšb; a◌〪◌̖◌ð…¿â—Œð…¿â—ŒÖšb; a◌〪◌̖◌ð…¿â—Œð…¿â—ŒÖšb; a◌〪◌̖◌ð…¿â—Œð…¿â—ŒÖšb; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, MUSICAL SYMBOL COMBINING MARCATO, LATIN SMALL LETTER B +0061 1D17F 059A 0316 302A 0062;0061 302A 1D17F 0316 059A 0062;0061 302A 1D17F 0316 059A 0062;0061 302A 1D17F 0316 059A 0062;0061 302A 1D17F 0316 059A 0062; # (aâ—Œð…¿â—Œð…¿â—ŒÖšâ—ŒÌ–◌〪b; a◌〪◌ð…¿â—Œð…¿â—ŒÌ–◌֚b; a◌〪◌ð…¿â—Œð…¿â—ŒÌ–◌֚b; a◌〪◌ð…¿â—Œð…¿â—ŒÌ–◌֚b; a◌〪◌ð…¿â—Œð…¿â—ŒÌ–◌֚b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING MARCATO, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 1D180 0062;0061 302A 0316 1D180 059A 0062;0061 302A 0316 1D180 059A 0062;0061 302A 0316 1D180 059A 0062;0061 302A 0316 1D180 059A 0062; # (a◌֚◌̖◌〪◌ð†€â—Œð†€b; a◌〪◌̖◌ð†€â—Œð†€â—ŒÖšb; a◌〪◌̖◌ð†€â—Œð†€â—ŒÖšb; a◌〪◌̖◌ð†€â—Œð†€â—ŒÖšb; a◌〪◌̖◌ð†€â—Œð†€â—ŒÖšb; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, MUSICAL SYMBOL COMBINING MARCATO-STACCATO, LATIN SMALL LETTER B +0061 1D180 059A 0316 302A 0062;0061 302A 1D180 0316 059A 0062;0061 302A 1D180 0316 059A 0062;0061 302A 1D180 0316 059A 0062;0061 302A 1D180 0316 059A 0062; # (aâ—Œð†€â—Œð†€â—ŒÖšâ—ŒÌ–◌〪b; a◌〪◌ð†€â—Œð†€â—ŒÌ–◌֚b; a◌〪◌ð†€â—Œð†€â—ŒÌ–◌֚b; a◌〪◌ð†€â—Œð†€â—ŒÌ–◌֚b; a◌〪◌ð†€â—Œð†€â—ŒÌ–◌֚b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING MARCATO-STACCATO, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 1D181 0062;0061 302A 0316 1D181 059A 0062;0061 302A 0316 1D181 059A 0062;0061 302A 0316 1D181 059A 0062;0061 302A 0316 1D181 059A 0062; # (a◌֚◌̖◌〪◌ð†â—Œð†b; a◌〪◌̖◌ð†â—Œð†â—ŒÖšb; a◌〪◌̖◌ð†â—Œð†â—ŒÖšb; a◌〪◌̖◌ð†â—Œð†â—ŒÖšb; a◌〪◌̖◌ð†â—Œð†â—ŒÖšb; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, MUSICAL SYMBOL COMBINING ACCENT-STACCATO, LATIN SMALL LETTER B +0061 1D181 059A 0316 302A 0062;0061 302A 1D181 0316 059A 0062;0061 302A 1D181 0316 059A 0062;0061 302A 1D181 0316 059A 0062;0061 302A 1D181 0316 059A 0062; # (aâ—Œð†â—Œð†â—ŒÖšâ—ŒÌ–◌〪b; a◌〪◌ð†â—Œð†â—ŒÌ–◌֚b; a◌〪◌ð†â—Œð†â—ŒÌ–◌֚b; a◌〪◌ð†â—Œð†â—ŒÌ–◌֚b; a◌〪◌ð†â—Œð†â—ŒÌ–◌֚b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING ACCENT-STACCATO, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 1D182 0062;0061 302A 0316 1D182 059A 0062;0061 302A 0316 1D182 059A 0062;0061 302A 0316 1D182 059A 0062;0061 302A 0316 1D182 059A 0062; # (a◌֚◌̖◌〪◌ð†‚â—Œð†‚b; a◌〪◌̖◌ð†‚â—Œð†‚◌֚b; a◌〪◌̖◌ð†‚â—Œð†‚◌֚b; a◌〪◌̖◌ð†‚â—Œð†‚◌֚b; a◌〪◌̖◌ð†‚â—Œð†‚◌֚b; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, MUSICAL SYMBOL COMBINING LOURE, LATIN SMALL LETTER B +0061 1D182 059A 0316 302A 0062;0061 302A 1D182 0316 059A 0062;0061 302A 1D182 0316 059A 0062;0061 302A 1D182 0316 059A 0062;0061 302A 1D182 0316 059A 0062; # (aâ—Œð†‚â—Œð†‚◌֚◌̖◌〪b; a◌〪◌ð†‚â—Œð†‚◌̖◌֚b; a◌〪◌ð†‚â—Œð†‚◌̖◌֚b; a◌〪◌ð†‚â—Œð†‚◌̖◌֚b; a◌〪◌ð†‚â—Œð†‚◌̖◌֚b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING LOURE, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 1D185 0062;00E0 05AE 1D185 0315 0062;0061 05AE 0300 1D185 0315 0062;00E0 05AE 1D185 0315 0062;0061 05AE 0300 1D185 0315 0062; # (a◌̕◌̀◌֮◌ð†…â—Œð†…b; à◌֮◌ð†…â—Œð†…◌̕b; a◌֮◌̀◌ð†…â—Œð†…◌̕b; à◌֮◌ð†…â—Œð†…◌̕b; a◌֮◌̀◌ð†…â—Œð†…◌̕b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING DOIT, LATIN SMALL LETTER B +0061 1D185 0315 0300 05AE 0062;0061 05AE 1D185 0300 0315 0062;0061 05AE 1D185 0300 0315 0062;0061 05AE 1D185 0300 0315 0062;0061 05AE 1D185 0300 0315 0062; # (aâ—Œð†…â—Œð†…◌̕◌̀◌֮b; a◌֮◌ð†…â—Œð†…◌̀◌̕b; a◌֮◌ð†…â—Œð†…◌̀◌̕b; a◌֮◌ð†…â—Œð†…◌̀◌̕b; a◌֮◌ð†…â—Œð†…◌̀◌̕b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING DOIT, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 1D186 0062;00E0 05AE 1D186 0315 0062;0061 05AE 0300 1D186 0315 0062;00E0 05AE 1D186 0315 0062;0061 05AE 0300 1D186 0315 0062; # (a◌̕◌̀◌֮◌ð††â—Œð††b; à◌֮◌ð††â—Œð††â—ŒÌ•b; a◌֮◌̀◌ð††â—Œð††â—ŒÌ•b; à◌֮◌ð††â—Œð††â—ŒÌ•b; a◌֮◌̀◌ð††â—Œð††â—ŒÌ•b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING RIP, LATIN SMALL LETTER B +0061 1D186 0315 0300 05AE 0062;0061 05AE 1D186 0300 0315 0062;0061 05AE 1D186 0300 0315 0062;0061 05AE 1D186 0300 0315 0062;0061 05AE 1D186 0300 0315 0062; # (aâ—Œð††â—Œð††â—ŒÌ•â—ŒÌ€â—ŒÖ®b; a◌֮◌ð††â—Œð††â—ŒÌ€â—ŒÌ•b; a◌֮◌ð††â—Œð††â—ŒÌ€â—ŒÌ•b; a◌֮◌ð††â—Œð††â—ŒÌ€â—ŒÌ•b; a◌֮◌ð††â—Œð††â—ŒÌ€â—ŒÌ•b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING RIP, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 1D187 0062;00E0 05AE 1D187 0315 0062;0061 05AE 0300 1D187 0315 0062;00E0 05AE 1D187 0315 0062;0061 05AE 0300 1D187 0315 0062; # (a◌̕◌̀◌֮◌ð†‡â—Œð†‡b; à◌֮◌ð†‡â—Œð†‡â—ŒÌ•b; a◌֮◌̀◌ð†‡â—Œð†‡â—ŒÌ•b; à◌֮◌ð†‡â—Œð†‡â—ŒÌ•b; a◌֮◌̀◌ð†‡â—Œð†‡â—ŒÌ•b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING FLIP, LATIN SMALL LETTER B +0061 1D187 0315 0300 05AE 0062;0061 05AE 1D187 0300 0315 0062;0061 05AE 1D187 0300 0315 0062;0061 05AE 1D187 0300 0315 0062;0061 05AE 1D187 0300 0315 0062; # (aâ—Œð†‡â—Œð†‡â—ŒÌ•â—ŒÌ€â—ŒÖ®b; a◌֮◌ð†‡â—Œð†‡â—ŒÌ€â—ŒÌ•b; a◌֮◌ð†‡â—Œð†‡â—ŒÌ€â—ŒÌ•b; a◌֮◌ð†‡â—Œð†‡â—ŒÌ€â—ŒÌ•b; a◌֮◌ð†‡â—Œð†‡â—ŒÌ€â—ŒÌ•b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING FLIP, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 1D188 0062;00E0 05AE 1D188 0315 0062;0061 05AE 0300 1D188 0315 0062;00E0 05AE 1D188 0315 0062;0061 05AE 0300 1D188 0315 0062; # (a◌̕◌̀◌֮◌ð†ˆâ—Œð†ˆb; à◌֮◌ð†ˆâ—Œð†ˆâ—ŒÌ•b; a◌֮◌̀◌ð†ˆâ—Œð†ˆâ—ŒÌ•b; à◌֮◌ð†ˆâ—Œð†ˆâ—ŒÌ•b; a◌֮◌̀◌ð†ˆâ—Œð†ˆâ—ŒÌ•b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING SMEAR, LATIN SMALL LETTER B +0061 1D188 0315 0300 05AE 0062;0061 05AE 1D188 0300 0315 0062;0061 05AE 1D188 0300 0315 0062;0061 05AE 1D188 0300 0315 0062;0061 05AE 1D188 0300 0315 0062; # (aâ—Œð†ˆâ—Œð†ˆâ—ŒÌ•â—ŒÌ€â—ŒÖ®b; a◌֮◌ð†ˆâ—Œð†ˆâ—ŒÌ€â—ŒÌ•b; a◌֮◌ð†ˆâ—Œð†ˆâ—ŒÌ€â—ŒÌ•b; a◌֮◌ð†ˆâ—Œð†ˆâ—ŒÌ€â—ŒÌ•b; a◌֮◌ð†ˆâ—Œð†ˆâ—ŒÌ€â—ŒÌ•b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING SMEAR, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 1D189 0062;00E0 05AE 1D189 0315 0062;0061 05AE 0300 1D189 0315 0062;00E0 05AE 1D189 0315 0062;0061 05AE 0300 1D189 0315 0062; # (a◌̕◌̀◌֮◌ð†‰â—Œð†‰b; à◌֮◌ð†‰â—Œð†‰â—ŒÌ•b; a◌֮◌̀◌ð†‰â—Œð†‰â—ŒÌ•b; à◌֮◌ð†‰â—Œð†‰â—ŒÌ•b; a◌֮◌̀◌ð†‰â—Œð†‰â—ŒÌ•b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING BEND, LATIN SMALL LETTER B +0061 1D189 0315 0300 05AE 0062;0061 05AE 1D189 0300 0315 0062;0061 05AE 1D189 0300 0315 0062;0061 05AE 1D189 0300 0315 0062;0061 05AE 1D189 0300 0315 0062; # (aâ—Œð†‰â—Œð†‰â—ŒÌ•â—ŒÌ€â—ŒÖ®b; a◌֮◌ð†‰â—Œð†‰â—ŒÌ€â—ŒÌ•b; a◌֮◌ð†‰â—Œð†‰â—ŒÌ€â—ŒÌ•b; a◌֮◌ð†‰â—Œð†‰â—ŒÌ€â—ŒÌ•b; a◌֮◌ð†‰â—Œð†‰â—ŒÌ€â—ŒÌ•b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING BEND, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 059A 0316 302A 1D18A 0062;0061 302A 0316 1D18A 059A 0062;0061 302A 0316 1D18A 059A 0062;0061 302A 0316 1D18A 059A 0062;0061 302A 0316 1D18A 059A 0062; # (a◌֚◌̖◌〪◌ð†Šâ—Œð†Šb; a◌〪◌̖◌ð†Šâ—Œð†Šâ—ŒÖšb; a◌〪◌̖◌ð†Šâ—Œð†Šâ—ŒÖšb; a◌〪◌̖◌ð†Šâ—Œð†Šâ—ŒÖšb; a◌〪◌̖◌ð†Šâ—Œð†Šâ—ŒÖšb; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, MUSICAL SYMBOL COMBINING DOUBLE TONGUE, LATIN SMALL LETTER B +0061 1D18A 059A 0316 302A 0062;0061 302A 1D18A 0316 059A 0062;0061 302A 1D18A 0316 059A 0062;0061 302A 1D18A 0316 059A 0062;0061 302A 1D18A 0316 059A 0062; # (aâ—Œð†Šâ—Œð†Šâ—ŒÖšâ—ŒÌ–◌〪b; a◌〪◌ð†Šâ—Œð†Šâ—ŒÌ–◌֚b; a◌〪◌ð†Šâ—Œð†Šâ—ŒÌ–◌֚b; a◌〪◌ð†Šâ—Œð†Šâ—ŒÌ–◌֚b; a◌〪◌ð†Šâ—Œð†Šâ—ŒÌ–◌֚b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING DOUBLE TONGUE, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 059A 0316 302A 1D18B 0062;0061 302A 0316 1D18B 059A 0062;0061 302A 0316 1D18B 059A 0062;0061 302A 0316 1D18B 059A 0062;0061 302A 0316 1D18B 059A 0062; # (a◌֚◌̖◌〪◌ð†‹â—Œð†‹b; a◌〪◌̖◌ð†‹â—Œð†‹â—ŒÖšb; a◌〪◌̖◌ð†‹â—Œð†‹â—ŒÖšb; a◌〪◌̖◌ð†‹â—Œð†‹â—ŒÖšb; a◌〪◌̖◌ð†‹â—Œð†‹â—ŒÖšb; ) LATIN SMALL LETTER A, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, MUSICAL SYMBOL COMBINING TRIPLE TONGUE, LATIN SMALL LETTER B +0061 1D18B 059A 0316 302A 0062;0061 302A 1D18B 0316 059A 0062;0061 302A 1D18B 0316 059A 0062;0061 302A 1D18B 0316 059A 0062;0061 302A 1D18B 0316 059A 0062; # (aâ—Œð†‹â—Œð†‹â—ŒÖšâ—ŒÌ–◌〪b; a◌〪◌ð†‹â—Œð†‹â—ŒÌ–◌֚b; a◌〪◌ð†‹â—Œð†‹â—ŒÌ–◌֚b; a◌〪◌ð†‹â—Œð†‹â—ŒÌ–◌֚b; a◌〪◌ð†‹â—Œð†‹â—ŒÌ–◌֚b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING TRIPLE TONGUE, HEBREW ACCENT YETIV, COMBINING GRAVE ACCENT BELOW, IDEOGRAPHIC LEVEL TONE MARK, LATIN SMALL LETTER B +0061 0315 0300 05AE 1D1AA 0062;00E0 05AE 1D1AA 0315 0062;0061 05AE 0300 1D1AA 0315 0062;00E0 05AE 1D1AA 0315 0062;0061 05AE 0300 1D1AA 0315 0062; # (a◌̕◌̀◌֮◌ð†ªâ—Œð†ªb; à◌֮◌ð†ªâ—Œð†ªâ—ŒÌ•b; a◌֮◌̀◌ð†ªâ—Œð†ªâ—ŒÌ•b; à◌֮◌ð†ªâ—Œð†ªâ—ŒÌ•b; a◌֮◌̀◌ð†ªâ—Œð†ªâ—ŒÌ•b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING DOWN BOW, LATIN SMALL LETTER B +0061 1D1AA 0315 0300 05AE 0062;0061 05AE 1D1AA 0300 0315 0062;0061 05AE 1D1AA 0300 0315 0062;0061 05AE 1D1AA 0300 0315 0062;0061 05AE 1D1AA 0300 0315 0062; # (aâ—Œð†ªâ—Œð†ªâ—ŒÌ•â—ŒÌ€â—ŒÖ®b; a◌֮◌ð†ªâ—Œð†ªâ—ŒÌ€â—ŒÌ•b; a◌֮◌ð†ªâ—Œð†ªâ—ŒÌ€â—ŒÌ•b; a◌֮◌ð†ªâ—Œð†ªâ—ŒÌ€â—ŒÌ•b; a◌֮◌ð†ªâ—Œð†ªâ—ŒÌ€â—ŒÌ•b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING DOWN BOW, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 1D1AB 0062;00E0 05AE 1D1AB 0315 0062;0061 05AE 0300 1D1AB 0315 0062;00E0 05AE 1D1AB 0315 0062;0061 05AE 0300 1D1AB 0315 0062; # (a◌̕◌̀◌֮◌ð†«â—Œð†«b; à◌֮◌ð†«â—Œð†«â—ŒÌ•b; a◌֮◌̀◌ð†«â—Œð†«â—ŒÌ•b; à◌֮◌ð†«â—Œð†«â—ŒÌ•b; a◌֮◌̀◌ð†«â—Œð†«â—ŒÌ•b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING UP BOW, LATIN SMALL LETTER B +0061 1D1AB 0315 0300 05AE 0062;0061 05AE 1D1AB 0300 0315 0062;0061 05AE 1D1AB 0300 0315 0062;0061 05AE 1D1AB 0300 0315 0062;0061 05AE 1D1AB 0300 0315 0062; # (aâ—Œð†«â—Œð†«â—ŒÌ•â—ŒÌ€â—ŒÖ®b; a◌֮◌ð†«â—Œð†«â—ŒÌ€â—ŒÌ•b; a◌֮◌ð†«â—Œð†«â—ŒÌ€â—ŒÌ•b; a◌֮◌ð†«â—Œð†«â—ŒÌ€â—ŒÌ•b; a◌֮◌ð†«â—Œð†«â—ŒÌ€â—ŒÌ•b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING UP BOW, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 1D1AC 0062;00E0 05AE 1D1AC 0315 0062;0061 05AE 0300 1D1AC 0315 0062;00E0 05AE 1D1AC 0315 0062;0061 05AE 0300 1D1AC 0315 0062; # (a◌̕◌̀◌֮◌ð†¬â—Œð†¬b; à◌֮◌ð†¬â—Œð†¬â—ŒÌ•b; a◌֮◌̀◌ð†¬â—Œð†¬â—ŒÌ•b; à◌֮◌ð†¬â—Œð†¬â—ŒÌ•b; a◌֮◌̀◌ð†¬â—Œð†¬â—ŒÌ•b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING HARMONIC, LATIN SMALL LETTER B +0061 1D1AC 0315 0300 05AE 0062;0061 05AE 1D1AC 0300 0315 0062;0061 05AE 1D1AC 0300 0315 0062;0061 05AE 1D1AC 0300 0315 0062;0061 05AE 1D1AC 0300 0315 0062; # (aâ—Œð†¬â—Œð†¬â—ŒÌ•â—ŒÌ€â—ŒÖ®b; a◌֮◌ð†¬â—Œð†¬â—ŒÌ€â—ŒÌ•b; a◌֮◌ð†¬â—Œð†¬â—ŒÌ€â—ŒÌ•b; a◌֮◌ð†¬â—Œð†¬â—ŒÌ€â—ŒÌ•b; a◌֮◌ð†¬â—Œð†¬â—ŒÌ€â—ŒÌ•b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING HARMONIC, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +0061 0315 0300 05AE 1D1AD 0062;00E0 05AE 1D1AD 0315 0062;0061 05AE 0300 1D1AD 0315 0062;00E0 05AE 1D1AD 0315 0062;0061 05AE 0300 1D1AD 0315 0062; # (a◌̕◌̀◌֮◌ð†­â—Œð†­b; à◌֮◌ð†­â—Œð†­â—ŒÌ•b; a◌֮◌̀◌ð†­â—Œð†­â—ŒÌ•b; à◌֮◌ð†­â—Œð†­â—ŒÌ•b; a◌֮◌̀◌ð†­â—Œð†­â—ŒÌ•b; ) LATIN SMALL LETTER A, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, MUSICAL SYMBOL COMBINING SNAP PIZZICATO, LATIN SMALL LETTER B +0061 1D1AD 0315 0300 05AE 0062;0061 05AE 1D1AD 0300 0315 0062;0061 05AE 1D1AD 0300 0315 0062;0061 05AE 1D1AD 0300 0315 0062;0061 05AE 1D1AD 0300 0315 0062; # (aâ—Œð†­â—Œð†­â—ŒÌ•â—ŒÌ€â—ŒÖ®b; a◌֮◌ð†­â—Œð†­â—ŒÌ€â—ŒÌ•b; a◌֮◌ð†­â—Œð†­â—ŒÌ€â—ŒÌ•b; a◌֮◌ð†­â—Œð†­â—ŒÌ€â—ŒÌ•b; a◌֮◌ð†­â—Œð†­â—ŒÌ€â—ŒÌ•b; ) LATIN SMALL LETTER A, MUSICAL SYMBOL COMBINING SNAP PIZZICATO, COMBINING COMMA ABOVE RIGHT, COMBINING GRAVE ACCENT, HEBREW ACCENT ZINOR, LATIN SMALL LETTER B +# +# END OF FILE diff --git a/source4/heimdal/lib/wind/UnicodeData.py b/source4/heimdal/lib/wind/UnicodeData.py new file mode 100644 index 0000000000..fcb9f1dc9e --- /dev/null +++ b/source4/heimdal/lib/wind/UnicodeData.py @@ -0,0 +1,57 @@ +#!/usr/local/bin/python +# -*- coding: iso-8859-1 -*- + +# $Id: UnicodeData.py 22551 2008-02-01 16:22:22Z lha $ + +# Copyright (c) 2004 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import re +import string + +def read(filename): + """return a dict of unicode characters""" + ud = open(filename, 'r') + ret = {} + while True: + l = ud.readline() + if not l: + break + l = re.sub('#.*$', '', l) + if l == "\n": + continue + f = l.split(';') + key = int(f[0], 0x10) + if key in ret: + raise Exception('Duplicate key in UnicodeData') + ret[key] = f[1:] + ud.close() + return ret diff --git a/source4/heimdal/lib/wind/UnicodeData.txt b/source4/heimdal/lib/wind/UnicodeData.txt new file mode 100644 index 0000000000..3710e17294 --- /dev/null +++ b/source4/heimdal/lib/wind/UnicodeData.txt @@ -0,0 +1,15100 @@ +0000;;Cc;0;BN;;;;;N;NULL;;;; +0001;;Cc;0;BN;;;;;N;START OF HEADING;;;; +0002;;Cc;0;BN;;;;;N;START OF TEXT;;;; +0003;;Cc;0;BN;;;;;N;END OF TEXT;;;; +0004;;Cc;0;BN;;;;;N;END OF TRANSMISSION;;;; +0005;;Cc;0;BN;;;;;N;ENQUIRY;;;; +0006;;Cc;0;BN;;;;;N;ACKNOWLEDGE;;;; +0007;;Cc;0;BN;;;;;N;BELL;;;; +0008;;Cc;0;BN;;;;;N;BACKSPACE;;;; +0009;;Cc;0;S;;;;;N;CHARACTER TABULATION;;;; +000A;;Cc;0;B;;;;;N;LINE FEED (LF);;;; +000B;;Cc;0;S;;;;;N;LINE TABULATION;;;; +000C;;Cc;0;WS;;;;;N;FORM FEED (FF);;;; +000D;;Cc;0;B;;;;;N;CARRIAGE RETURN (CR);;;; +000E;;Cc;0;BN;;;;;N;SHIFT OUT;;;; +000F;;Cc;0;BN;;;;;N;SHIFT IN;;;; +0010;;Cc;0;BN;;;;;N;DATA LINK ESCAPE;;;; +0011;;Cc;0;BN;;;;;N;DEVICE CONTROL ONE;;;; +0012;;Cc;0;BN;;;;;N;DEVICE CONTROL TWO;;;; +0013;;Cc;0;BN;;;;;N;DEVICE CONTROL THREE;;;; +0014;;Cc;0;BN;;;;;N;DEVICE CONTROL FOUR;;;; +0015;;Cc;0;BN;;;;;N;NEGATIVE ACKNOWLEDGE;;;; +0016;;Cc;0;BN;;;;;N;SYNCHRONOUS IDLE;;;; +0017;;Cc;0;BN;;;;;N;END OF TRANSMISSION BLOCK;;;; +0018;;Cc;0;BN;;;;;N;CANCEL;;;; +0019;;Cc;0;BN;;;;;N;END OF MEDIUM;;;; +001A;;Cc;0;BN;;;;;N;SUBSTITUTE;;;; +001B;;Cc;0;BN;;;;;N;ESCAPE;;;; +001C;;Cc;0;B;;;;;N;INFORMATION SEPARATOR FOUR;;;; +001D;;Cc;0;B;;;;;N;INFORMATION SEPARATOR THREE;;;; +001E;;Cc;0;B;;;;;N;INFORMATION SEPARATOR TWO;;;; +001F;;Cc;0;S;;;;;N;INFORMATION SEPARATOR ONE;;;; +0020;SPACE;Zs;0;WS;;;;;N;;;;; +0021;EXCLAMATION MARK;Po;0;ON;;;;;N;;;;; +0022;QUOTATION MARK;Po;0;ON;;;;;N;;;;; +0023;NUMBER SIGN;Po;0;ET;;;;;N;;;;; +0024;DOLLAR SIGN;Sc;0;ET;;;;;N;;;;; +0025;PERCENT SIGN;Po;0;ET;;;;;N;;;;; +0026;AMPERSAND;Po;0;ON;;;;;N;;;;; +0027;APOSTROPHE;Po;0;ON;;;;;N;APOSTROPHE-QUOTE;;;; +0028;LEFT PARENTHESIS;Ps;0;ON;;;;;Y;OPENING PARENTHESIS;;;; +0029;RIGHT PARENTHESIS;Pe;0;ON;;;;;Y;CLOSING PARENTHESIS;;;; +002A;ASTERISK;Po;0;ON;;;;;N;;;;; +002B;PLUS SIGN;Sm;0;ES;;;;;N;;;;; +002C;COMMA;Po;0;CS;;;;;N;;;;; +002D;HYPHEN-MINUS;Pd;0;ES;;;;;N;;;;; +002E;FULL STOP;Po;0;CS;;;;;N;PERIOD;;;; +002F;SOLIDUS;Po;0;CS;;;;;N;SLASH;;;; +0030;DIGIT ZERO;Nd;0;EN;;0;0;0;N;;;;; +0031;DIGIT ONE;Nd;0;EN;;1;1;1;N;;;;; +0032;DIGIT TWO;Nd;0;EN;;2;2;2;N;;;;; +0033;DIGIT THREE;Nd;0;EN;;3;3;3;N;;;;; +0034;DIGIT FOUR;Nd;0;EN;;4;4;4;N;;;;; +0035;DIGIT FIVE;Nd;0;EN;;5;5;5;N;;;;; +0036;DIGIT SIX;Nd;0;EN;;6;6;6;N;;;;; +0037;DIGIT SEVEN;Nd;0;EN;;7;7;7;N;;;;; +0038;DIGIT EIGHT;Nd;0;EN;;8;8;8;N;;;;; +0039;DIGIT NINE;Nd;0;EN;;9;9;9;N;;;;; +003A;COLON;Po;0;CS;;;;;N;;;;; +003B;SEMICOLON;Po;0;ON;;;;;N;;;;; +003C;LESS-THAN SIGN;Sm;0;ON;;;;;Y;;;;; +003D;EQUALS SIGN;Sm;0;ON;;;;;N;;;;; +003E;GREATER-THAN SIGN;Sm;0;ON;;;;;Y;;;;; +003F;QUESTION MARK;Po;0;ON;;;;;N;;;;; +0040;COMMERCIAL AT;Po;0;ON;;;;;N;;;;; +0041;LATIN CAPITAL LETTER A;Lu;0;L;;;;;N;;;;0061; +0042;LATIN CAPITAL LETTER B;Lu;0;L;;;;;N;;;;0062; +0043;LATIN CAPITAL LETTER C;Lu;0;L;;;;;N;;;;0063; +0044;LATIN CAPITAL LETTER D;Lu;0;L;;;;;N;;;;0064; +0045;LATIN CAPITAL LETTER E;Lu;0;L;;;;;N;;;;0065; +0046;LATIN CAPITAL LETTER F;Lu;0;L;;;;;N;;;;0066; +0047;LATIN CAPITAL LETTER G;Lu;0;L;;;;;N;;;;0067; +0048;LATIN CAPITAL LETTER H;Lu;0;L;;;;;N;;;;0068; +0049;LATIN CAPITAL LETTER I;Lu;0;L;;;;;N;;;;0069; +004A;LATIN CAPITAL LETTER J;Lu;0;L;;;;;N;;;;006A; +004B;LATIN CAPITAL LETTER K;Lu;0;L;;;;;N;;;;006B; +004C;LATIN CAPITAL LETTER L;Lu;0;L;;;;;N;;;;006C; +004D;LATIN CAPITAL LETTER M;Lu;0;L;;;;;N;;;;006D; +004E;LATIN CAPITAL LETTER N;Lu;0;L;;;;;N;;;;006E; +004F;LATIN CAPITAL LETTER O;Lu;0;L;;;;;N;;;;006F; +0050;LATIN CAPITAL LETTER P;Lu;0;L;;;;;N;;;;0070; +0051;LATIN CAPITAL LETTER Q;Lu;0;L;;;;;N;;;;0071; +0052;LATIN CAPITAL LETTER R;Lu;0;L;;;;;N;;;;0072; +0053;LATIN CAPITAL LETTER S;Lu;0;L;;;;;N;;;;0073; +0054;LATIN CAPITAL LETTER T;Lu;0;L;;;;;N;;;;0074; +0055;LATIN CAPITAL LETTER U;Lu;0;L;;;;;N;;;;0075; +0056;LATIN CAPITAL LETTER V;Lu;0;L;;;;;N;;;;0076; +0057;LATIN CAPITAL LETTER W;Lu;0;L;;;;;N;;;;0077; +0058;LATIN CAPITAL LETTER X;Lu;0;L;;;;;N;;;;0078; +0059;LATIN CAPITAL LETTER Y;Lu;0;L;;;;;N;;;;0079; +005A;LATIN CAPITAL LETTER Z;Lu;0;L;;;;;N;;;;007A; +005B;LEFT SQUARE BRACKET;Ps;0;ON;;;;;Y;OPENING SQUARE BRACKET;;;; +005C;REVERSE SOLIDUS;Po;0;ON;;;;;N;BACKSLASH;;;; +005D;RIGHT SQUARE BRACKET;Pe;0;ON;;;;;Y;CLOSING SQUARE BRACKET;;;; +005E;CIRCUMFLEX ACCENT;Sk;0;ON;;;;;N;SPACING CIRCUMFLEX;;;; +005F;LOW LINE;Pc;0;ON;;;;;N;SPACING UNDERSCORE;;;; +0060;GRAVE ACCENT;Sk;0;ON;;;;;N;SPACING GRAVE;;;; +0061;LATIN SMALL LETTER A;Ll;0;L;;;;;N;;;0041;;0041 +0062;LATIN SMALL LETTER B;Ll;0;L;;;;;N;;;0042;;0042 +0063;LATIN SMALL LETTER C;Ll;0;L;;;;;N;;;0043;;0043 +0064;LATIN SMALL LETTER D;Ll;0;L;;;;;N;;;0044;;0044 +0065;LATIN SMALL LETTER E;Ll;0;L;;;;;N;;;0045;;0045 +0066;LATIN SMALL LETTER F;Ll;0;L;;;;;N;;;0046;;0046 +0067;LATIN SMALL LETTER G;Ll;0;L;;;;;N;;;0047;;0047 +0068;LATIN SMALL LETTER H;Ll;0;L;;;;;N;;;0048;;0048 +0069;LATIN SMALL LETTER I;Ll;0;L;;;;;N;;;0049;;0049 +006A;LATIN SMALL LETTER J;Ll;0;L;;;;;N;;;004A;;004A +006B;LATIN SMALL LETTER K;Ll;0;L;;;;;N;;;004B;;004B +006C;LATIN SMALL LETTER L;Ll;0;L;;;;;N;;;004C;;004C +006D;LATIN SMALL LETTER M;Ll;0;L;;;;;N;;;004D;;004D +006E;LATIN SMALL LETTER N;Ll;0;L;;;;;N;;;004E;;004E +006F;LATIN SMALL LETTER O;Ll;0;L;;;;;N;;;004F;;004F +0070;LATIN SMALL LETTER P;Ll;0;L;;;;;N;;;0050;;0050 +0071;LATIN SMALL LETTER Q;Ll;0;L;;;;;N;;;0051;;0051 +0072;LATIN SMALL LETTER R;Ll;0;L;;;;;N;;;0052;;0052 +0073;LATIN SMALL LETTER S;Ll;0;L;;;;;N;;;0053;;0053 +0074;LATIN SMALL LETTER T;Ll;0;L;;;;;N;;;0054;;0054 +0075;LATIN SMALL LETTER U;Ll;0;L;;;;;N;;;0055;;0055 +0076;LATIN SMALL LETTER V;Ll;0;L;;;;;N;;;0056;;0056 +0077;LATIN SMALL LETTER W;Ll;0;L;;;;;N;;;0057;;0057 +0078;LATIN SMALL LETTER X;Ll;0;L;;;;;N;;;0058;;0058 +0079;LATIN SMALL LETTER Y;Ll;0;L;;;;;N;;;0059;;0059 +007A;LATIN SMALL LETTER Z;Ll;0;L;;;;;N;;;005A;;005A +007B;LEFT CURLY BRACKET;Ps;0;ON;;;;;Y;OPENING CURLY BRACKET;;;; +007C;VERTICAL LINE;Sm;0;ON;;;;;N;VERTICAL BAR;;;; +007D;RIGHT CURLY BRACKET;Pe;0;ON;;;;;Y;CLOSING CURLY BRACKET;;;; +007E;TILDE;Sm;0;ON;;;;;N;;;;; +007F;;Cc;0;BN;;;;;N;DELETE;;;; +0080;;Cc;0;BN;;;;;N;;;;; +0081;;Cc;0;BN;;;;;N;;;;; +0082;;Cc;0;BN;;;;;N;BREAK PERMITTED HERE;;;; +0083;;Cc;0;BN;;;;;N;NO BREAK HERE;;;; +0084;;Cc;0;BN;;;;;N;;;;; +0085;;Cc;0;B;;;;;N;NEXT LINE (NEL);;;; +0086;;Cc;0;BN;;;;;N;START OF SELECTED AREA;;;; +0087;;Cc;0;BN;;;;;N;END OF SELECTED AREA;;;; +0088;;Cc;0;BN;;;;;N;CHARACTER TABULATION SET;;;; +0089;;Cc;0;BN;;;;;N;CHARACTER TABULATION WITH JUSTIFICATION;;;; +008A;;Cc;0;BN;;;;;N;LINE TABULATION SET;;;; +008B;;Cc;0;BN;;;;;N;PARTIAL LINE FORWARD;;;; +008C;;Cc;0;BN;;;;;N;PARTIAL LINE BACKWARD;;;; +008D;;Cc;0;BN;;;;;N;REVERSE LINE FEED;;;; +008E;;Cc;0;BN;;;;;N;SINGLE SHIFT TWO;;;; +008F;;Cc;0;BN;;;;;N;SINGLE SHIFT THREE;;;; +0090;;Cc;0;BN;;;;;N;DEVICE CONTROL STRING;;;; +0091;;Cc;0;BN;;;;;N;PRIVATE USE ONE;;;; +0092;;Cc;0;BN;;;;;N;PRIVATE USE TWO;;;; +0093;;Cc;0;BN;;;;;N;SET TRANSMIT STATE;;;; +0094;;Cc;0;BN;;;;;N;CANCEL CHARACTER;;;; +0095;;Cc;0;BN;;;;;N;MESSAGE WAITING;;;; +0096;;Cc;0;BN;;;;;N;START OF GUARDED AREA;;;; +0097;;Cc;0;BN;;;;;N;END OF GUARDED AREA;;;; +0098;;Cc;0;BN;;;;;N;START OF STRING;;;; +0099;;Cc;0;BN;;;;;N;;;;; +009A;;Cc;0;BN;;;;;N;SINGLE CHARACTER INTRODUCER;;;; +009B;;Cc;0;BN;;;;;N;CONTROL SEQUENCE INTRODUCER;;;; +009C;;Cc;0;BN;;;;;N;STRING TERMINATOR;;;; +009D;;Cc;0;BN;;;;;N;OPERATING SYSTEM COMMAND;;;; +009E;;Cc;0;BN;;;;;N;PRIVACY MESSAGE;;;; +009F;;Cc;0;BN;;;;;N;APPLICATION PROGRAM COMMAND;;;; +00A0;NO-BREAK SPACE;Zs;0;CS; 0020;;;;N;NON-BREAKING SPACE;;;; +00A1;INVERTED EXCLAMATION MARK;Po;0;ON;;;;;N;;;;; +00A2;CENT SIGN;Sc;0;ET;;;;;N;;;;; +00A3;POUND SIGN;Sc;0;ET;;;;;N;;;;; +00A4;CURRENCY SIGN;Sc;0;ET;;;;;N;;;;; +00A5;YEN SIGN;Sc;0;ET;;;;;N;;;;; +00A6;BROKEN BAR;So;0;ON;;;;;N;BROKEN VERTICAL BAR;;;; +00A7;SECTION SIGN;So;0;ON;;;;;N;;;;; +00A8;DIAERESIS;Sk;0;ON; 0020 0308;;;;N;SPACING DIAERESIS;;;; +00A9;COPYRIGHT SIGN;So;0;ON;;;;;N;;;;; +00AA;FEMININE ORDINAL INDICATOR;Ll;0;L; 0061;;;;N;;;;; +00AB;LEFT-POINTING DOUBLE ANGLE QUOTATION MARK;Pi;0;ON;;;;;Y;LEFT POINTING GUILLEMET;*;;; +00AC;NOT SIGN;Sm;0;ON;;;;;N;;;;; +00AD;SOFT HYPHEN;Cf;0;BN;;;;;N;;;;; +00AE;REGISTERED SIGN;So;0;ON;;;;;N;REGISTERED TRADE MARK SIGN;;;; +00AF;MACRON;Sk;0;ON; 0020 0304;;;;N;SPACING MACRON;;;; +00B0;DEGREE SIGN;So;0;ET;;;;;N;;;;; +00B1;PLUS-MINUS SIGN;Sm;0;ET;;;;;N;PLUS-OR-MINUS SIGN;;;; +00B2;SUPERSCRIPT TWO;No;0;EN; 0032;;2;2;N;SUPERSCRIPT DIGIT TWO;;;; +00B3;SUPERSCRIPT THREE;No;0;EN; 0033;;3;3;N;SUPERSCRIPT DIGIT THREE;;;; +00B4;ACUTE ACCENT;Sk;0;ON; 0020 0301;;;;N;SPACING ACUTE;;;; +00B5;MICRO SIGN;Ll;0;L; 03BC;;;;N;;;039C;;039C +00B6;PILCROW SIGN;So;0;ON;;;;;N;PARAGRAPH SIGN;;;; +00B7;MIDDLE DOT;Po;0;ON;;;;;N;;;;; +00B8;CEDILLA;Sk;0;ON; 0020 0327;;;;N;SPACING CEDILLA;;;; +00B9;SUPERSCRIPT ONE;No;0;EN; 0031;;1;1;N;SUPERSCRIPT DIGIT ONE;;;; +00BA;MASCULINE ORDINAL INDICATOR;Ll;0;L; 006F;;;;N;;;;; +00BB;RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK;Pf;0;ON;;;;;Y;RIGHT POINTING GUILLEMET;*;;; +00BC;VULGAR FRACTION ONE QUARTER;No;0;ON; 0031 2044 0034;;;1/4;N;FRACTION ONE QUARTER;;;; +00BD;VULGAR FRACTION ONE HALF;No;0;ON; 0031 2044 0032;;;1/2;N;FRACTION ONE HALF;;;; +00BE;VULGAR FRACTION THREE QUARTERS;No;0;ON; 0033 2044 0034;;;3/4;N;FRACTION THREE QUARTERS;;;; +00BF;INVERTED QUESTION MARK;Po;0;ON;;;;;N;;;;; +00C0;LATIN CAPITAL LETTER A WITH GRAVE;Lu;0;L;0041 0300;;;;N;LATIN CAPITAL LETTER A GRAVE;;;00E0; +00C1;LATIN CAPITAL LETTER A WITH ACUTE;Lu;0;L;0041 0301;;;;N;LATIN CAPITAL LETTER A ACUTE;;;00E1; +00C2;LATIN CAPITAL LETTER A WITH CIRCUMFLEX;Lu;0;L;0041 0302;;;;N;LATIN CAPITAL LETTER A CIRCUMFLEX;;;00E2; +00C3;LATIN CAPITAL LETTER A WITH TILDE;Lu;0;L;0041 0303;;;;N;LATIN CAPITAL LETTER A TILDE;;;00E3; +00C4;LATIN CAPITAL LETTER A WITH DIAERESIS;Lu;0;L;0041 0308;;;;N;LATIN CAPITAL LETTER A DIAERESIS;;;00E4; +00C5;LATIN CAPITAL LETTER A WITH RING ABOVE;Lu;0;L;0041 030A;;;;N;LATIN CAPITAL LETTER A RING;;;00E5; +00C6;LATIN CAPITAL LETTER AE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER A E;ash *;;00E6; +00C7;LATIN CAPITAL LETTER C WITH CEDILLA;Lu;0;L;0043 0327;;;;N;LATIN CAPITAL LETTER C CEDILLA;;;00E7; +00C8;LATIN CAPITAL LETTER E WITH GRAVE;Lu;0;L;0045 0300;;;;N;LATIN CAPITAL LETTER E GRAVE;;;00E8; +00C9;LATIN CAPITAL LETTER E WITH ACUTE;Lu;0;L;0045 0301;;;;N;LATIN CAPITAL LETTER E ACUTE;;;00E9; +00CA;LATIN CAPITAL LETTER E WITH CIRCUMFLEX;Lu;0;L;0045 0302;;;;N;LATIN CAPITAL LETTER E CIRCUMFLEX;;;00EA; +00CB;LATIN CAPITAL LETTER E WITH DIAERESIS;Lu;0;L;0045 0308;;;;N;LATIN CAPITAL LETTER E DIAERESIS;;;00EB; +00CC;LATIN CAPITAL LETTER I WITH GRAVE;Lu;0;L;0049 0300;;;;N;LATIN CAPITAL LETTER I GRAVE;;;00EC; +00CD;LATIN CAPITAL LETTER I WITH ACUTE;Lu;0;L;0049 0301;;;;N;LATIN CAPITAL LETTER I ACUTE;;;00ED; +00CE;LATIN CAPITAL LETTER I WITH CIRCUMFLEX;Lu;0;L;0049 0302;;;;N;LATIN CAPITAL LETTER I CIRCUMFLEX;;;00EE; +00CF;LATIN CAPITAL LETTER I WITH DIAERESIS;Lu;0;L;0049 0308;;;;N;LATIN CAPITAL LETTER I DIAERESIS;;;00EF; +00D0;LATIN CAPITAL LETTER ETH;Lu;0;L;;;;;N;;Icelandic;;00F0; +00D1;LATIN CAPITAL LETTER N WITH TILDE;Lu;0;L;004E 0303;;;;N;LATIN CAPITAL LETTER N TILDE;;;00F1; +00D2;LATIN CAPITAL LETTER O WITH GRAVE;Lu;0;L;004F 0300;;;;N;LATIN CAPITAL LETTER O GRAVE;;;00F2; +00D3;LATIN CAPITAL LETTER O WITH ACUTE;Lu;0;L;004F 0301;;;;N;LATIN CAPITAL LETTER O ACUTE;;;00F3; +00D4;LATIN CAPITAL LETTER O WITH CIRCUMFLEX;Lu;0;L;004F 0302;;;;N;LATIN CAPITAL LETTER O CIRCUMFLEX;;;00F4; +00D5;LATIN CAPITAL LETTER O WITH TILDE;Lu;0;L;004F 0303;;;;N;LATIN CAPITAL LETTER O TILDE;;;00F5; +00D6;LATIN CAPITAL LETTER O WITH DIAERESIS;Lu;0;L;004F 0308;;;;N;LATIN CAPITAL LETTER O DIAERESIS;;;00F6; +00D7;MULTIPLICATION SIGN;Sm;0;ON;;;;;N;;;;; +00D8;LATIN CAPITAL LETTER O WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER O SLASH;;;00F8; +00D9;LATIN CAPITAL LETTER U WITH GRAVE;Lu;0;L;0055 0300;;;;N;LATIN CAPITAL LETTER U GRAVE;;;00F9; +00DA;LATIN CAPITAL LETTER U WITH ACUTE;Lu;0;L;0055 0301;;;;N;LATIN CAPITAL LETTER U ACUTE;;;00FA; +00DB;LATIN CAPITAL LETTER U WITH CIRCUMFLEX;Lu;0;L;0055 0302;;;;N;LATIN CAPITAL LETTER U CIRCUMFLEX;;;00FB; +00DC;LATIN CAPITAL LETTER U WITH DIAERESIS;Lu;0;L;0055 0308;;;;N;LATIN CAPITAL LETTER U DIAERESIS;;;00FC; +00DD;LATIN CAPITAL LETTER Y WITH ACUTE;Lu;0;L;0059 0301;;;;N;LATIN CAPITAL LETTER Y ACUTE;;;00FD; +00DE;LATIN CAPITAL LETTER THORN;Lu;0;L;;;;;N;;Icelandic;;00FE; +00DF;LATIN SMALL LETTER SHARP S;Ll;0;L;;;;;N;;German;;; +00E0;LATIN SMALL LETTER A WITH GRAVE;Ll;0;L;0061 0300;;;;N;LATIN SMALL LETTER A GRAVE;;00C0;;00C0 +00E1;LATIN SMALL LETTER A WITH ACUTE;Ll;0;L;0061 0301;;;;N;LATIN SMALL LETTER A ACUTE;;00C1;;00C1 +00E2;LATIN SMALL LETTER A WITH CIRCUMFLEX;Ll;0;L;0061 0302;;;;N;LATIN SMALL LETTER A CIRCUMFLEX;;00C2;;00C2 +00E3;LATIN SMALL LETTER A WITH TILDE;Ll;0;L;0061 0303;;;;N;LATIN SMALL LETTER A TILDE;;00C3;;00C3 +00E4;LATIN SMALL LETTER A WITH DIAERESIS;Ll;0;L;0061 0308;;;;N;LATIN SMALL LETTER A DIAERESIS;;00C4;;00C4 +00E5;LATIN SMALL LETTER A WITH RING ABOVE;Ll;0;L;0061 030A;;;;N;LATIN SMALL LETTER A RING;;00C5;;00C5 +00E6;LATIN SMALL LETTER AE;Ll;0;L;;;;;N;LATIN SMALL LETTER A E;ash *;00C6;;00C6 +00E7;LATIN SMALL LETTER C WITH CEDILLA;Ll;0;L;0063 0327;;;;N;LATIN SMALL LETTER C CEDILLA;;00C7;;00C7 +00E8;LATIN SMALL LETTER E WITH GRAVE;Ll;0;L;0065 0300;;;;N;LATIN SMALL LETTER E GRAVE;;00C8;;00C8 +00E9;LATIN SMALL LETTER E WITH ACUTE;Ll;0;L;0065 0301;;;;N;LATIN SMALL LETTER E ACUTE;;00C9;;00C9 +00EA;LATIN SMALL LETTER E WITH CIRCUMFLEX;Ll;0;L;0065 0302;;;;N;LATIN SMALL LETTER E CIRCUMFLEX;;00CA;;00CA +00EB;LATIN SMALL LETTER E WITH DIAERESIS;Ll;0;L;0065 0308;;;;N;LATIN SMALL LETTER E DIAERESIS;;00CB;;00CB +00EC;LATIN SMALL LETTER I WITH GRAVE;Ll;0;L;0069 0300;;;;N;LATIN SMALL LETTER I GRAVE;;00CC;;00CC +00ED;LATIN SMALL LETTER I WITH ACUTE;Ll;0;L;0069 0301;;;;N;LATIN SMALL LETTER I ACUTE;;00CD;;00CD +00EE;LATIN SMALL LETTER I WITH CIRCUMFLEX;Ll;0;L;0069 0302;;;;N;LATIN SMALL LETTER I CIRCUMFLEX;;00CE;;00CE +00EF;LATIN SMALL LETTER I WITH DIAERESIS;Ll;0;L;0069 0308;;;;N;LATIN SMALL LETTER I DIAERESIS;;00CF;;00CF +00F0;LATIN SMALL LETTER ETH;Ll;0;L;;;;;N;;Icelandic;00D0;;00D0 +00F1;LATIN SMALL LETTER N WITH TILDE;Ll;0;L;006E 0303;;;;N;LATIN SMALL LETTER N TILDE;;00D1;;00D1 +00F2;LATIN SMALL LETTER O WITH GRAVE;Ll;0;L;006F 0300;;;;N;LATIN SMALL LETTER O GRAVE;;00D2;;00D2 +00F3;LATIN SMALL LETTER O WITH ACUTE;Ll;0;L;006F 0301;;;;N;LATIN SMALL LETTER O ACUTE;;00D3;;00D3 +00F4;LATIN SMALL LETTER O WITH CIRCUMFLEX;Ll;0;L;006F 0302;;;;N;LATIN SMALL LETTER O CIRCUMFLEX;;00D4;;00D4 +00F5;LATIN SMALL LETTER O WITH TILDE;Ll;0;L;006F 0303;;;;N;LATIN SMALL LETTER O TILDE;;00D5;;00D5 +00F6;LATIN SMALL LETTER O WITH DIAERESIS;Ll;0;L;006F 0308;;;;N;LATIN SMALL LETTER O DIAERESIS;;00D6;;00D6 +00F7;DIVISION SIGN;Sm;0;ON;;;;;N;;;;; +00F8;LATIN SMALL LETTER O WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER O SLASH;;00D8;;00D8 +00F9;LATIN SMALL LETTER U WITH GRAVE;Ll;0;L;0075 0300;;;;N;LATIN SMALL LETTER U GRAVE;;00D9;;00D9 +00FA;LATIN SMALL LETTER U WITH ACUTE;Ll;0;L;0075 0301;;;;N;LATIN SMALL LETTER U ACUTE;;00DA;;00DA +00FB;LATIN SMALL LETTER U WITH CIRCUMFLEX;Ll;0;L;0075 0302;;;;N;LATIN SMALL LETTER U CIRCUMFLEX;;00DB;;00DB +00FC;LATIN SMALL LETTER U WITH DIAERESIS;Ll;0;L;0075 0308;;;;N;LATIN SMALL LETTER U DIAERESIS;;00DC;;00DC +00FD;LATIN SMALL LETTER Y WITH ACUTE;Ll;0;L;0079 0301;;;;N;LATIN SMALL LETTER Y ACUTE;;00DD;;00DD +00FE;LATIN SMALL LETTER THORN;Ll;0;L;;;;;N;;Icelandic;00DE;;00DE +00FF;LATIN SMALL LETTER Y WITH DIAERESIS;Ll;0;L;0079 0308;;;;N;LATIN SMALL LETTER Y DIAERESIS;;0178;;0178 +0100;LATIN CAPITAL LETTER A WITH MACRON;Lu;0;L;0041 0304;;;;N;LATIN CAPITAL LETTER A MACRON;;;0101; +0101;LATIN SMALL LETTER A WITH MACRON;Ll;0;L;0061 0304;;;;N;LATIN SMALL LETTER A MACRON;;0100;;0100 +0102;LATIN CAPITAL LETTER A WITH BREVE;Lu;0;L;0041 0306;;;;N;LATIN CAPITAL LETTER A BREVE;;;0103; +0103;LATIN SMALL LETTER A WITH BREVE;Ll;0;L;0061 0306;;;;N;LATIN SMALL LETTER A BREVE;;0102;;0102 +0104;LATIN CAPITAL LETTER A WITH OGONEK;Lu;0;L;0041 0328;;;;N;LATIN CAPITAL LETTER A OGONEK;;;0105; +0105;LATIN SMALL LETTER A WITH OGONEK;Ll;0;L;0061 0328;;;;N;LATIN SMALL LETTER A OGONEK;;0104;;0104 +0106;LATIN CAPITAL LETTER C WITH ACUTE;Lu;0;L;0043 0301;;;;N;LATIN CAPITAL LETTER C ACUTE;;;0107; +0107;LATIN SMALL LETTER C WITH ACUTE;Ll;0;L;0063 0301;;;;N;LATIN SMALL LETTER C ACUTE;;0106;;0106 +0108;LATIN CAPITAL LETTER C WITH CIRCUMFLEX;Lu;0;L;0043 0302;;;;N;LATIN CAPITAL LETTER C CIRCUMFLEX;;;0109; +0109;LATIN SMALL LETTER C WITH CIRCUMFLEX;Ll;0;L;0063 0302;;;;N;LATIN SMALL LETTER C CIRCUMFLEX;;0108;;0108 +010A;LATIN CAPITAL LETTER C WITH DOT ABOVE;Lu;0;L;0043 0307;;;;N;LATIN CAPITAL LETTER C DOT;;;010B; +010B;LATIN SMALL LETTER C WITH DOT ABOVE;Ll;0;L;0063 0307;;;;N;LATIN SMALL LETTER C DOT;;010A;;010A +010C;LATIN CAPITAL LETTER C WITH CARON;Lu;0;L;0043 030C;;;;N;LATIN CAPITAL LETTER C HACEK;;;010D; +010D;LATIN SMALL LETTER C WITH CARON;Ll;0;L;0063 030C;;;;N;LATIN SMALL LETTER C HACEK;;010C;;010C +010E;LATIN CAPITAL LETTER D WITH CARON;Lu;0;L;0044 030C;;;;N;LATIN CAPITAL LETTER D HACEK;;;010F; +010F;LATIN SMALL LETTER D WITH CARON;Ll;0;L;0064 030C;;;;N;LATIN SMALL LETTER D HACEK;;010E;;010E +0110;LATIN CAPITAL LETTER D WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER D BAR;;;0111; +0111;LATIN SMALL LETTER D WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER D BAR;;0110;;0110 +0112;LATIN CAPITAL LETTER E WITH MACRON;Lu;0;L;0045 0304;;;;N;LATIN CAPITAL LETTER E MACRON;;;0113; +0113;LATIN SMALL LETTER E WITH MACRON;Ll;0;L;0065 0304;;;;N;LATIN SMALL LETTER E MACRON;;0112;;0112 +0114;LATIN CAPITAL LETTER E WITH BREVE;Lu;0;L;0045 0306;;;;N;LATIN CAPITAL LETTER E BREVE;;;0115; +0115;LATIN SMALL LETTER E WITH BREVE;Ll;0;L;0065 0306;;;;N;LATIN SMALL LETTER E BREVE;;0114;;0114 +0116;LATIN CAPITAL LETTER E WITH DOT ABOVE;Lu;0;L;0045 0307;;;;N;LATIN CAPITAL LETTER E DOT;;;0117; +0117;LATIN SMALL LETTER E WITH DOT ABOVE;Ll;0;L;0065 0307;;;;N;LATIN SMALL LETTER E DOT;;0116;;0116 +0118;LATIN CAPITAL LETTER E WITH OGONEK;Lu;0;L;0045 0328;;;;N;LATIN CAPITAL LETTER E OGONEK;;;0119; +0119;LATIN SMALL LETTER E WITH OGONEK;Ll;0;L;0065 0328;;;;N;LATIN SMALL LETTER E OGONEK;;0118;;0118 +011A;LATIN CAPITAL LETTER E WITH CARON;Lu;0;L;0045 030C;;;;N;LATIN CAPITAL LETTER E HACEK;;;011B; +011B;LATIN SMALL LETTER E WITH CARON;Ll;0;L;0065 030C;;;;N;LATIN SMALL LETTER E HACEK;;011A;;011A +011C;LATIN CAPITAL LETTER G WITH CIRCUMFLEX;Lu;0;L;0047 0302;;;;N;LATIN CAPITAL LETTER G CIRCUMFLEX;;;011D; +011D;LATIN SMALL LETTER G WITH CIRCUMFLEX;Ll;0;L;0067 0302;;;;N;LATIN SMALL LETTER G CIRCUMFLEX;;011C;;011C +011E;LATIN CAPITAL LETTER G WITH BREVE;Lu;0;L;0047 0306;;;;N;LATIN CAPITAL LETTER G BREVE;;;011F; +011F;LATIN SMALL LETTER G WITH BREVE;Ll;0;L;0067 0306;;;;N;LATIN SMALL LETTER G BREVE;;011E;;011E +0120;LATIN CAPITAL LETTER G WITH DOT ABOVE;Lu;0;L;0047 0307;;;;N;LATIN CAPITAL LETTER G DOT;;;0121; +0121;LATIN SMALL LETTER G WITH DOT ABOVE;Ll;0;L;0067 0307;;;;N;LATIN SMALL LETTER G DOT;;0120;;0120 +0122;LATIN CAPITAL LETTER G WITH CEDILLA;Lu;0;L;0047 0327;;;;N;LATIN CAPITAL LETTER G CEDILLA;;;0123; +0123;LATIN SMALL LETTER G WITH CEDILLA;Ll;0;L;0067 0327;;;;N;LATIN SMALL LETTER G CEDILLA;;0122;;0122 +0124;LATIN CAPITAL LETTER H WITH CIRCUMFLEX;Lu;0;L;0048 0302;;;;N;LATIN CAPITAL LETTER H CIRCUMFLEX;;;0125; +0125;LATIN SMALL LETTER H WITH CIRCUMFLEX;Ll;0;L;0068 0302;;;;N;LATIN SMALL LETTER H CIRCUMFLEX;;0124;;0124 +0126;LATIN CAPITAL LETTER H WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER H BAR;;;0127; +0127;LATIN SMALL LETTER H WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER H BAR;;0126;;0126 +0128;LATIN CAPITAL LETTER I WITH TILDE;Lu;0;L;0049 0303;;;;N;LATIN CAPITAL LETTER I TILDE;;;0129; +0129;LATIN SMALL LETTER I WITH TILDE;Ll;0;L;0069 0303;;;;N;LATIN SMALL LETTER I TILDE;;0128;;0128 +012A;LATIN CAPITAL LETTER I WITH MACRON;Lu;0;L;0049 0304;;;;N;LATIN CAPITAL LETTER I MACRON;;;012B; +012B;LATIN SMALL LETTER I WITH MACRON;Ll;0;L;0069 0304;;;;N;LATIN SMALL LETTER I MACRON;;012A;;012A +012C;LATIN CAPITAL LETTER I WITH BREVE;Lu;0;L;0049 0306;;;;N;LATIN CAPITAL LETTER I BREVE;;;012D; +012D;LATIN SMALL LETTER I WITH BREVE;Ll;0;L;0069 0306;;;;N;LATIN SMALL LETTER I BREVE;;012C;;012C +012E;LATIN CAPITAL LETTER I WITH OGONEK;Lu;0;L;0049 0328;;;;N;LATIN CAPITAL LETTER I OGONEK;;;012F; +012F;LATIN SMALL LETTER I WITH OGONEK;Ll;0;L;0069 0328;;;;N;LATIN SMALL LETTER I OGONEK;;012E;;012E +0130;LATIN CAPITAL LETTER I WITH DOT ABOVE;Lu;0;L;0049 0307;;;;N;LATIN CAPITAL LETTER I DOT;;;0069; +0131;LATIN SMALL LETTER DOTLESS I;Ll;0;L;;;;;N;;;0049;;0049 +0132;LATIN CAPITAL LIGATURE IJ;Lu;0;L; 0049 004A;;;;N;LATIN CAPITAL LETTER I J;;;0133; +0133;LATIN SMALL LIGATURE IJ;Ll;0;L; 0069 006A;;;;N;LATIN SMALL LETTER I J;;0132;;0132 +0134;LATIN CAPITAL LETTER J WITH CIRCUMFLEX;Lu;0;L;004A 0302;;;;N;LATIN CAPITAL LETTER J CIRCUMFLEX;;;0135; +0135;LATIN SMALL LETTER J WITH CIRCUMFLEX;Ll;0;L;006A 0302;;;;N;LATIN SMALL LETTER J CIRCUMFLEX;;0134;;0134 +0136;LATIN CAPITAL LETTER K WITH CEDILLA;Lu;0;L;004B 0327;;;;N;LATIN CAPITAL LETTER K CEDILLA;;;0137; +0137;LATIN SMALL LETTER K WITH CEDILLA;Ll;0;L;006B 0327;;;;N;LATIN SMALL LETTER K CEDILLA;;0136;;0136 +0138;LATIN SMALL LETTER KRA;Ll;0;L;;;;;N;;Greenlandic;;; +0139;LATIN CAPITAL LETTER L WITH ACUTE;Lu;0;L;004C 0301;;;;N;LATIN CAPITAL LETTER L ACUTE;;;013A; +013A;LATIN SMALL LETTER L WITH ACUTE;Ll;0;L;006C 0301;;;;N;LATIN SMALL LETTER L ACUTE;;0139;;0139 +013B;LATIN CAPITAL LETTER L WITH CEDILLA;Lu;0;L;004C 0327;;;;N;LATIN CAPITAL LETTER L CEDILLA;;;013C; +013C;LATIN SMALL LETTER L WITH CEDILLA;Ll;0;L;006C 0327;;;;N;LATIN SMALL LETTER L CEDILLA;;013B;;013B +013D;LATIN CAPITAL LETTER L WITH CARON;Lu;0;L;004C 030C;;;;N;LATIN CAPITAL LETTER L HACEK;;;013E; +013E;LATIN SMALL LETTER L WITH CARON;Ll;0;L;006C 030C;;;;N;LATIN SMALL LETTER L HACEK;;013D;;013D +013F;LATIN CAPITAL LETTER L WITH MIDDLE DOT;Lu;0;L; 004C 00B7;;;;N;;;;0140; +0140;LATIN SMALL LETTER L WITH MIDDLE DOT;Ll;0;L; 006C 00B7;;;;N;;;013F;;013F +0141;LATIN CAPITAL LETTER L WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER L SLASH;;;0142; +0142;LATIN SMALL LETTER L WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER L SLASH;;0141;;0141 +0143;LATIN CAPITAL LETTER N WITH ACUTE;Lu;0;L;004E 0301;;;;N;LATIN CAPITAL LETTER N ACUTE;;;0144; +0144;LATIN SMALL LETTER N WITH ACUTE;Ll;0;L;006E 0301;;;;N;LATIN SMALL LETTER N ACUTE;;0143;;0143 +0145;LATIN CAPITAL LETTER N WITH CEDILLA;Lu;0;L;004E 0327;;;;N;LATIN CAPITAL LETTER N CEDILLA;;;0146; +0146;LATIN SMALL LETTER N WITH CEDILLA;Ll;0;L;006E 0327;;;;N;LATIN SMALL LETTER N CEDILLA;;0145;;0145 +0147;LATIN CAPITAL LETTER N WITH CARON;Lu;0;L;004E 030C;;;;N;LATIN CAPITAL LETTER N HACEK;;;0148; +0148;LATIN SMALL LETTER N WITH CARON;Ll;0;L;006E 030C;;;;N;LATIN SMALL LETTER N HACEK;;0147;;0147 +0149;LATIN SMALL LETTER N PRECEDED BY APOSTROPHE;Ll;0;L; 02BC 006E;;;;N;LATIN SMALL LETTER APOSTROPHE N;;;; +014A;LATIN CAPITAL LETTER ENG;Lu;0;L;;;;;N;;Sami;;014B; +014B;LATIN SMALL LETTER ENG;Ll;0;L;;;;;N;;Sami;014A;;014A +014C;LATIN CAPITAL LETTER O WITH MACRON;Lu;0;L;004F 0304;;;;N;LATIN CAPITAL LETTER O MACRON;;;014D; +014D;LATIN SMALL LETTER O WITH MACRON;Ll;0;L;006F 0304;;;;N;LATIN SMALL LETTER O MACRON;;014C;;014C +014E;LATIN CAPITAL LETTER O WITH BREVE;Lu;0;L;004F 0306;;;;N;LATIN CAPITAL LETTER O BREVE;;;014F; +014F;LATIN SMALL LETTER O WITH BREVE;Ll;0;L;006F 0306;;;;N;LATIN SMALL LETTER O BREVE;;014E;;014E +0150;LATIN CAPITAL LETTER O WITH DOUBLE ACUTE;Lu;0;L;004F 030B;;;;N;LATIN CAPITAL LETTER O DOUBLE ACUTE;;;0151; +0151;LATIN SMALL LETTER O WITH DOUBLE ACUTE;Ll;0;L;006F 030B;;;;N;LATIN SMALL LETTER O DOUBLE ACUTE;;0150;;0150 +0152;LATIN CAPITAL LIGATURE OE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER O E;;;0153; +0153;LATIN SMALL LIGATURE OE;Ll;0;L;;;;;N;LATIN SMALL LETTER O E;;0152;;0152 +0154;LATIN CAPITAL LETTER R WITH ACUTE;Lu;0;L;0052 0301;;;;N;LATIN CAPITAL LETTER R ACUTE;;;0155; +0155;LATIN SMALL LETTER R WITH ACUTE;Ll;0;L;0072 0301;;;;N;LATIN SMALL LETTER R ACUTE;;0154;;0154 +0156;LATIN CAPITAL LETTER R WITH CEDILLA;Lu;0;L;0052 0327;;;;N;LATIN CAPITAL LETTER R CEDILLA;;;0157; +0157;LATIN SMALL LETTER R WITH CEDILLA;Ll;0;L;0072 0327;;;;N;LATIN SMALL LETTER R CEDILLA;;0156;;0156 +0158;LATIN CAPITAL LETTER R WITH CARON;Lu;0;L;0052 030C;;;;N;LATIN CAPITAL LETTER R HACEK;;;0159; +0159;LATIN SMALL LETTER R WITH CARON;Ll;0;L;0072 030C;;;;N;LATIN SMALL LETTER R HACEK;;0158;;0158 +015A;LATIN CAPITAL LETTER S WITH ACUTE;Lu;0;L;0053 0301;;;;N;LATIN CAPITAL LETTER S ACUTE;;;015B; +015B;LATIN SMALL LETTER S WITH ACUTE;Ll;0;L;0073 0301;;;;N;LATIN SMALL LETTER S ACUTE;;015A;;015A +015C;LATIN CAPITAL LETTER S WITH CIRCUMFLEX;Lu;0;L;0053 0302;;;;N;LATIN CAPITAL LETTER S CIRCUMFLEX;;;015D; +015D;LATIN SMALL LETTER S WITH CIRCUMFLEX;Ll;0;L;0073 0302;;;;N;LATIN SMALL LETTER S CIRCUMFLEX;;015C;;015C +015E;LATIN CAPITAL LETTER S WITH CEDILLA;Lu;0;L;0053 0327;;;;N;LATIN CAPITAL LETTER S CEDILLA;*;;015F; +015F;LATIN SMALL LETTER S WITH CEDILLA;Ll;0;L;0073 0327;;;;N;LATIN SMALL LETTER S CEDILLA;*;015E;;015E +0160;LATIN CAPITAL LETTER S WITH CARON;Lu;0;L;0053 030C;;;;N;LATIN CAPITAL LETTER S HACEK;;;0161; +0161;LATIN SMALL LETTER S WITH CARON;Ll;0;L;0073 030C;;;;N;LATIN SMALL LETTER S HACEK;;0160;;0160 +0162;LATIN CAPITAL LETTER T WITH CEDILLA;Lu;0;L;0054 0327;;;;N;LATIN CAPITAL LETTER T CEDILLA;*;;0163; +0163;LATIN SMALL LETTER T WITH CEDILLA;Ll;0;L;0074 0327;;;;N;LATIN SMALL LETTER T CEDILLA;*;0162;;0162 +0164;LATIN CAPITAL LETTER T WITH CARON;Lu;0;L;0054 030C;;;;N;LATIN CAPITAL LETTER T HACEK;;;0165; +0165;LATIN SMALL LETTER T WITH CARON;Ll;0;L;0074 030C;;;;N;LATIN SMALL LETTER T HACEK;;0164;;0164 +0166;LATIN CAPITAL LETTER T WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER T BAR;;;0167; +0167;LATIN SMALL LETTER T WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER T BAR;;0166;;0166 +0168;LATIN CAPITAL LETTER U WITH TILDE;Lu;0;L;0055 0303;;;;N;LATIN CAPITAL LETTER U TILDE;;;0169; +0169;LATIN SMALL LETTER U WITH TILDE;Ll;0;L;0075 0303;;;;N;LATIN SMALL LETTER U TILDE;;0168;;0168 +016A;LATIN CAPITAL LETTER U WITH MACRON;Lu;0;L;0055 0304;;;;N;LATIN CAPITAL LETTER U MACRON;;;016B; +016B;LATIN SMALL LETTER U WITH MACRON;Ll;0;L;0075 0304;;;;N;LATIN SMALL LETTER U MACRON;;016A;;016A +016C;LATIN CAPITAL LETTER U WITH BREVE;Lu;0;L;0055 0306;;;;N;LATIN CAPITAL LETTER U BREVE;;;016D; +016D;LATIN SMALL LETTER U WITH BREVE;Ll;0;L;0075 0306;;;;N;LATIN SMALL LETTER U BREVE;;016C;;016C +016E;LATIN CAPITAL LETTER U WITH RING ABOVE;Lu;0;L;0055 030A;;;;N;LATIN CAPITAL LETTER U RING;;;016F; +016F;LATIN SMALL LETTER U WITH RING ABOVE;Ll;0;L;0075 030A;;;;N;LATIN SMALL LETTER U RING;;016E;;016E +0170;LATIN CAPITAL LETTER U WITH DOUBLE ACUTE;Lu;0;L;0055 030B;;;;N;LATIN CAPITAL LETTER U DOUBLE ACUTE;;;0171; +0171;LATIN SMALL LETTER U WITH DOUBLE ACUTE;Ll;0;L;0075 030B;;;;N;LATIN SMALL LETTER U DOUBLE ACUTE;;0170;;0170 +0172;LATIN CAPITAL LETTER U WITH OGONEK;Lu;0;L;0055 0328;;;;N;LATIN CAPITAL LETTER U OGONEK;;;0173; +0173;LATIN SMALL LETTER U WITH OGONEK;Ll;0;L;0075 0328;;;;N;LATIN SMALL LETTER U OGONEK;;0172;;0172 +0174;LATIN CAPITAL LETTER W WITH CIRCUMFLEX;Lu;0;L;0057 0302;;;;N;LATIN CAPITAL LETTER W CIRCUMFLEX;;;0175; +0175;LATIN SMALL LETTER W WITH CIRCUMFLEX;Ll;0;L;0077 0302;;;;N;LATIN SMALL LETTER W CIRCUMFLEX;;0174;;0174 +0176;LATIN CAPITAL LETTER Y WITH CIRCUMFLEX;Lu;0;L;0059 0302;;;;N;LATIN CAPITAL LETTER Y CIRCUMFLEX;;;0177; +0177;LATIN SMALL LETTER Y WITH CIRCUMFLEX;Ll;0;L;0079 0302;;;;N;LATIN SMALL LETTER Y CIRCUMFLEX;;0176;;0176 +0178;LATIN CAPITAL LETTER Y WITH DIAERESIS;Lu;0;L;0059 0308;;;;N;LATIN CAPITAL LETTER Y DIAERESIS;;;00FF; +0179;LATIN CAPITAL LETTER Z WITH ACUTE;Lu;0;L;005A 0301;;;;N;LATIN CAPITAL LETTER Z ACUTE;;;017A; +017A;LATIN SMALL LETTER Z WITH ACUTE;Ll;0;L;007A 0301;;;;N;LATIN SMALL LETTER Z ACUTE;;0179;;0179 +017B;LATIN CAPITAL LETTER Z WITH DOT ABOVE;Lu;0;L;005A 0307;;;;N;LATIN CAPITAL LETTER Z DOT;;;017C; +017C;LATIN SMALL LETTER Z WITH DOT ABOVE;Ll;0;L;007A 0307;;;;N;LATIN SMALL LETTER Z DOT;;017B;;017B +017D;LATIN CAPITAL LETTER Z WITH CARON;Lu;0;L;005A 030C;;;;N;LATIN CAPITAL LETTER Z HACEK;;;017E; +017E;LATIN SMALL LETTER Z WITH CARON;Ll;0;L;007A 030C;;;;N;LATIN SMALL LETTER Z HACEK;;017D;;017D +017F;LATIN SMALL LETTER LONG S;Ll;0;L; 0073;;;;N;;;0053;;0053 +0180;LATIN SMALL LETTER B WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER B BAR;;;; +0181;LATIN CAPITAL LETTER B WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER B HOOK;;;0253; +0182;LATIN CAPITAL LETTER B WITH TOPBAR;Lu;0;L;;;;;N;LATIN CAPITAL LETTER B TOPBAR;;;0183; +0183;LATIN SMALL LETTER B WITH TOPBAR;Ll;0;L;;;;;N;LATIN SMALL LETTER B TOPBAR;;0182;;0182 +0184;LATIN CAPITAL LETTER TONE SIX;Lu;0;L;;;;;N;;;;0185; +0185;LATIN SMALL LETTER TONE SIX;Ll;0;L;;;;;N;;;0184;;0184 +0186;LATIN CAPITAL LETTER OPEN O;Lu;0;L;;;;;N;;;;0254; +0187;LATIN CAPITAL LETTER C WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER C HOOK;;;0188; +0188;LATIN SMALL LETTER C WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER C HOOK;;0187;;0187 +0189;LATIN CAPITAL LETTER AFRICAN D;Lu;0;L;;;;;N;;*;;0256; +018A;LATIN CAPITAL LETTER D WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER D HOOK;;;0257; +018B;LATIN CAPITAL LETTER D WITH TOPBAR;Lu;0;L;;;;;N;LATIN CAPITAL LETTER D TOPBAR;;;018C; +018C;LATIN SMALL LETTER D WITH TOPBAR;Ll;0;L;;;;;N;LATIN SMALL LETTER D TOPBAR;;018B;;018B +018D;LATIN SMALL LETTER TURNED DELTA;Ll;0;L;;;;;N;;;;; +018E;LATIN CAPITAL LETTER REVERSED E;Lu;0;L;;;;;N;LATIN CAPITAL LETTER TURNED E;;;01DD; +018F;LATIN CAPITAL LETTER SCHWA;Lu;0;L;;;;;N;;;;0259; +0190;LATIN CAPITAL LETTER OPEN E;Lu;0;L;;;;;N;LATIN CAPITAL LETTER EPSILON;;;025B; +0191;LATIN CAPITAL LETTER F WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER F HOOK;;;0192; +0192;LATIN SMALL LETTER F WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER SCRIPT F;;0191;;0191 +0193;LATIN CAPITAL LETTER G WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER G HOOK;;;0260; +0194;LATIN CAPITAL LETTER GAMMA;Lu;0;L;;;;;N;;;;0263; +0195;LATIN SMALL LETTER HV;Ll;0;L;;;;;N;LATIN SMALL LETTER H V;hwair;01F6;;01F6 +0196;LATIN CAPITAL LETTER IOTA;Lu;0;L;;;;;N;;;;0269; +0197;LATIN CAPITAL LETTER I WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER BARRED I;;;0268; +0198;LATIN CAPITAL LETTER K WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER K HOOK;;;0199; +0199;LATIN SMALL LETTER K WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER K HOOK;;0198;;0198 +019A;LATIN SMALL LETTER L WITH BAR;Ll;0;L;;;;;N;LATIN SMALL LETTER BARRED L;;;; +019B;LATIN SMALL LETTER LAMBDA WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER BARRED LAMBDA;;;; +019C;LATIN CAPITAL LETTER TURNED M;Lu;0;L;;;;;N;;;;026F; +019D;LATIN CAPITAL LETTER N WITH LEFT HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER N HOOK;;;0272; +019E;LATIN SMALL LETTER N WITH LONG RIGHT LEG;Ll;0;L;;;;;N;;;0220;;0220 +019F;LATIN CAPITAL LETTER O WITH MIDDLE TILDE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER BARRED O;*;;0275; +01A0;LATIN CAPITAL LETTER O WITH HORN;Lu;0;L;004F 031B;;;;N;LATIN CAPITAL LETTER O HORN;;;01A1; +01A1;LATIN SMALL LETTER O WITH HORN;Ll;0;L;006F 031B;;;;N;LATIN SMALL LETTER O HORN;;01A0;;01A0 +01A2;LATIN CAPITAL LETTER OI;Lu;0;L;;;;;N;LATIN CAPITAL LETTER O I;gha;;01A3; +01A3;LATIN SMALL LETTER OI;Ll;0;L;;;;;N;LATIN SMALL LETTER O I;gha;01A2;;01A2 +01A4;LATIN CAPITAL LETTER P WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER P HOOK;;;01A5; +01A5;LATIN SMALL LETTER P WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER P HOOK;;01A4;;01A4 +01A6;LATIN LETTER YR;Lu;0;L;;;;;N;LATIN LETTER Y R;*;;0280; +01A7;LATIN CAPITAL LETTER TONE TWO;Lu;0;L;;;;;N;;;;01A8; +01A8;LATIN SMALL LETTER TONE TWO;Ll;0;L;;;;;N;;;01A7;;01A7 +01A9;LATIN CAPITAL LETTER ESH;Lu;0;L;;;;;N;;;;0283; +01AA;LATIN LETTER REVERSED ESH LOOP;Ll;0;L;;;;;N;;;;; +01AB;LATIN SMALL LETTER T WITH PALATAL HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER T PALATAL HOOK;;;; +01AC;LATIN CAPITAL LETTER T WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER T HOOK;;;01AD; +01AD;LATIN SMALL LETTER T WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER T HOOK;;01AC;;01AC +01AE;LATIN CAPITAL LETTER T WITH RETROFLEX HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER T RETROFLEX HOOK;;;0288; +01AF;LATIN CAPITAL LETTER U WITH HORN;Lu;0;L;0055 031B;;;;N;LATIN CAPITAL LETTER U HORN;;;01B0; +01B0;LATIN SMALL LETTER U WITH HORN;Ll;0;L;0075 031B;;;;N;LATIN SMALL LETTER U HORN;;01AF;;01AF +01B1;LATIN CAPITAL LETTER UPSILON;Lu;0;L;;;;;N;;;;028A; +01B2;LATIN CAPITAL LETTER V WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER SCRIPT V;;;028B; +01B3;LATIN CAPITAL LETTER Y WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER Y HOOK;;;01B4; +01B4;LATIN SMALL LETTER Y WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER Y HOOK;;01B3;;01B3 +01B5;LATIN CAPITAL LETTER Z WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER Z BAR;;;01B6; +01B6;LATIN SMALL LETTER Z WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER Z BAR;;01B5;;01B5 +01B7;LATIN CAPITAL LETTER EZH;Lu;0;L;;;;;N;LATIN CAPITAL LETTER YOGH;;;0292; +01B8;LATIN CAPITAL LETTER EZH REVERSED;Lu;0;L;;;;;N;LATIN CAPITAL LETTER REVERSED YOGH;;;01B9; +01B9;LATIN SMALL LETTER EZH REVERSED;Ll;0;L;;;;;N;LATIN SMALL LETTER REVERSED YOGH;;01B8;;01B8 +01BA;LATIN SMALL LETTER EZH WITH TAIL;Ll;0;L;;;;;N;LATIN SMALL LETTER YOGH WITH TAIL;;;; +01BB;LATIN LETTER TWO WITH STROKE;Lo;0;L;;;;;N;LATIN LETTER TWO BAR;;;; +01BC;LATIN CAPITAL LETTER TONE FIVE;Lu;0;L;;;;;N;;;;01BD; +01BD;LATIN SMALL LETTER TONE FIVE;Ll;0;L;;;;;N;;;01BC;;01BC +01BE;LATIN LETTER INVERTED GLOTTAL STOP WITH STROKE;Ll;0;L;;;;;N;LATIN LETTER INVERTED GLOTTAL STOP BAR;;;; +01BF;LATIN LETTER WYNN;Ll;0;L;;;;;N;;;01F7;;01F7 +01C0;LATIN LETTER DENTAL CLICK;Lo;0;L;;;;;N;LATIN LETTER PIPE;;;; +01C1;LATIN LETTER LATERAL CLICK;Lo;0;L;;;;;N;LATIN LETTER DOUBLE PIPE;;;; +01C2;LATIN LETTER ALVEOLAR CLICK;Lo;0;L;;;;;N;LATIN LETTER PIPE DOUBLE BAR;;;; +01C3;LATIN LETTER RETROFLEX CLICK;Lo;0;L;;;;;N;LATIN LETTER EXCLAMATION MARK;;;; +01C4;LATIN CAPITAL LETTER DZ WITH CARON;Lu;0;L; 0044 017D;;;;N;LATIN CAPITAL LETTER D Z HACEK;;;01C6;01C5 +01C5;LATIN CAPITAL LETTER D WITH SMALL LETTER Z WITH CARON;Lt;0;L; 0044 017E;;;;N;LATIN LETTER CAPITAL D SMALL Z HACEK;;01C4;01C6;01C5 +01C6;LATIN SMALL LETTER DZ WITH CARON;Ll;0;L; 0064 017E;;;;N;LATIN SMALL LETTER D Z HACEK;;01C4;;01C5 +01C7;LATIN CAPITAL LETTER LJ;Lu;0;L; 004C 004A;;;;N;LATIN CAPITAL LETTER L J;;;01C9;01C8 +01C8;LATIN CAPITAL LETTER L WITH SMALL LETTER J;Lt;0;L; 004C 006A;;;;N;LATIN LETTER CAPITAL L SMALL J;;01C7;01C9;01C8 +01C9;LATIN SMALL LETTER LJ;Ll;0;L; 006C 006A;;;;N;LATIN SMALL LETTER L J;;01C7;;01C8 +01CA;LATIN CAPITAL LETTER NJ;Lu;0;L; 004E 004A;;;;N;LATIN CAPITAL LETTER N J;;;01CC;01CB +01CB;LATIN CAPITAL LETTER N WITH SMALL LETTER J;Lt;0;L; 004E 006A;;;;N;LATIN LETTER CAPITAL N SMALL J;;01CA;01CC;01CB +01CC;LATIN SMALL LETTER NJ;Ll;0;L; 006E 006A;;;;N;LATIN SMALL LETTER N J;;01CA;;01CB +01CD;LATIN CAPITAL LETTER A WITH CARON;Lu;0;L;0041 030C;;;;N;LATIN CAPITAL LETTER A HACEK;;;01CE; +01CE;LATIN SMALL LETTER A WITH CARON;Ll;0;L;0061 030C;;;;N;LATIN SMALL LETTER A HACEK;;01CD;;01CD +01CF;LATIN CAPITAL LETTER I WITH CARON;Lu;0;L;0049 030C;;;;N;LATIN CAPITAL LETTER I HACEK;;;01D0; +01D0;LATIN SMALL LETTER I WITH CARON;Ll;0;L;0069 030C;;;;N;LATIN SMALL LETTER I HACEK;;01CF;;01CF +01D1;LATIN CAPITAL LETTER O WITH CARON;Lu;0;L;004F 030C;;;;N;LATIN CAPITAL LETTER O HACEK;;;01D2; +01D2;LATIN SMALL LETTER O WITH CARON;Ll;0;L;006F 030C;;;;N;LATIN SMALL LETTER O HACEK;;01D1;;01D1 +01D3;LATIN CAPITAL LETTER U WITH CARON;Lu;0;L;0055 030C;;;;N;LATIN CAPITAL LETTER U HACEK;;;01D4; +01D4;LATIN SMALL LETTER U WITH CARON;Ll;0;L;0075 030C;;;;N;LATIN SMALL LETTER U HACEK;;01D3;;01D3 +01D5;LATIN CAPITAL LETTER U WITH DIAERESIS AND MACRON;Lu;0;L;00DC 0304;;;;N;LATIN CAPITAL LETTER U DIAERESIS MACRON;;;01D6; +01D6;LATIN SMALL LETTER U WITH DIAERESIS AND MACRON;Ll;0;L;00FC 0304;;;;N;LATIN SMALL LETTER U DIAERESIS MACRON;;01D5;;01D5 +01D7;LATIN CAPITAL LETTER U WITH DIAERESIS AND ACUTE;Lu;0;L;00DC 0301;;;;N;LATIN CAPITAL LETTER U DIAERESIS ACUTE;;;01D8; +01D8;LATIN SMALL LETTER U WITH DIAERESIS AND ACUTE;Ll;0;L;00FC 0301;;;;N;LATIN SMALL LETTER U DIAERESIS ACUTE;;01D7;;01D7 +01D9;LATIN CAPITAL LETTER U WITH DIAERESIS AND CARON;Lu;0;L;00DC 030C;;;;N;LATIN CAPITAL LETTER U DIAERESIS HACEK;;;01DA; +01DA;LATIN SMALL LETTER U WITH DIAERESIS AND CARON;Ll;0;L;00FC 030C;;;;N;LATIN SMALL LETTER U DIAERESIS HACEK;;01D9;;01D9 +01DB;LATIN CAPITAL LETTER U WITH DIAERESIS AND GRAVE;Lu;0;L;00DC 0300;;;;N;LATIN CAPITAL LETTER U DIAERESIS GRAVE;;;01DC; +01DC;LATIN SMALL LETTER U WITH DIAERESIS AND GRAVE;Ll;0;L;00FC 0300;;;;N;LATIN SMALL LETTER U DIAERESIS GRAVE;;01DB;;01DB +01DD;LATIN SMALL LETTER TURNED E;Ll;0;L;;;;;N;;;018E;;018E +01DE;LATIN CAPITAL LETTER A WITH DIAERESIS AND MACRON;Lu;0;L;00C4 0304;;;;N;LATIN CAPITAL LETTER A DIAERESIS MACRON;;;01DF; +01DF;LATIN SMALL LETTER A WITH DIAERESIS AND MACRON;Ll;0;L;00E4 0304;;;;N;LATIN SMALL LETTER A DIAERESIS MACRON;;01DE;;01DE +01E0;LATIN CAPITAL LETTER A WITH DOT ABOVE AND MACRON;Lu;0;L;0226 0304;;;;N;LATIN CAPITAL LETTER A DOT MACRON;;;01E1; +01E1;LATIN SMALL LETTER A WITH DOT ABOVE AND MACRON;Ll;0;L;0227 0304;;;;N;LATIN SMALL LETTER A DOT MACRON;;01E0;;01E0 +01E2;LATIN CAPITAL LETTER AE WITH MACRON;Lu;0;L;00C6 0304;;;;N;LATIN CAPITAL LETTER A E MACRON;ash *;;01E3; +01E3;LATIN SMALL LETTER AE WITH MACRON;Ll;0;L;00E6 0304;;;;N;LATIN SMALL LETTER A E MACRON;ash *;01E2;;01E2 +01E4;LATIN CAPITAL LETTER G WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER G BAR;;;01E5; +01E5;LATIN SMALL LETTER G WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER G BAR;;01E4;;01E4 +01E6;LATIN CAPITAL LETTER G WITH CARON;Lu;0;L;0047 030C;;;;N;LATIN CAPITAL LETTER G HACEK;;;01E7; +01E7;LATIN SMALL LETTER G WITH CARON;Ll;0;L;0067 030C;;;;N;LATIN SMALL LETTER G HACEK;;01E6;;01E6 +01E8;LATIN CAPITAL LETTER K WITH CARON;Lu;0;L;004B 030C;;;;N;LATIN CAPITAL LETTER K HACEK;;;01E9; +01E9;LATIN SMALL LETTER K WITH CARON;Ll;0;L;006B 030C;;;;N;LATIN SMALL LETTER K HACEK;;01E8;;01E8 +01EA;LATIN CAPITAL LETTER O WITH OGONEK;Lu;0;L;004F 0328;;;;N;LATIN CAPITAL LETTER O OGONEK;;;01EB; +01EB;LATIN SMALL LETTER O WITH OGONEK;Ll;0;L;006F 0328;;;;N;LATIN SMALL LETTER O OGONEK;;01EA;;01EA +01EC;LATIN CAPITAL LETTER O WITH OGONEK AND MACRON;Lu;0;L;01EA 0304;;;;N;LATIN CAPITAL LETTER O OGONEK MACRON;;;01ED; +01ED;LATIN SMALL LETTER O WITH OGONEK AND MACRON;Ll;0;L;01EB 0304;;;;N;LATIN SMALL LETTER O OGONEK MACRON;;01EC;;01EC +01EE;LATIN CAPITAL LETTER EZH WITH CARON;Lu;0;L;01B7 030C;;;;N;LATIN CAPITAL LETTER YOGH HACEK;;;01EF; +01EF;LATIN SMALL LETTER EZH WITH CARON;Ll;0;L;0292 030C;;;;N;LATIN SMALL LETTER YOGH HACEK;;01EE;;01EE +01F0;LATIN SMALL LETTER J WITH CARON;Ll;0;L;006A 030C;;;;N;LATIN SMALL LETTER J HACEK;;;; +01F1;LATIN CAPITAL LETTER DZ;Lu;0;L; 0044 005A;;;;N;;;;01F3;01F2 +01F2;LATIN CAPITAL LETTER D WITH SMALL LETTER Z;Lt;0;L; 0044 007A;;;;N;;;01F1;01F3;01F2 +01F3;LATIN SMALL LETTER DZ;Ll;0;L; 0064 007A;;;;N;;;01F1;;01F2 +01F4;LATIN CAPITAL LETTER G WITH ACUTE;Lu;0;L;0047 0301;;;;N;;;;01F5; +01F5;LATIN SMALL LETTER G WITH ACUTE;Ll;0;L;0067 0301;;;;N;;;01F4;;01F4 +01F6;LATIN CAPITAL LETTER HWAIR;Lu;0;L;;;;;N;;;;0195; +01F7;LATIN CAPITAL LETTER WYNN;Lu;0;L;;;;;N;;;;01BF; +01F8;LATIN CAPITAL LETTER N WITH GRAVE;Lu;0;L;004E 0300;;;;N;;;;01F9; +01F9;LATIN SMALL LETTER N WITH GRAVE;Ll;0;L;006E 0300;;;;N;;;01F8;;01F8 +01FA;LATIN CAPITAL LETTER A WITH RING ABOVE AND ACUTE;Lu;0;L;00C5 0301;;;;N;;;;01FB; +01FB;LATIN SMALL LETTER A WITH RING ABOVE AND ACUTE;Ll;0;L;00E5 0301;;;;N;;;01FA;;01FA +01FC;LATIN CAPITAL LETTER AE WITH ACUTE;Lu;0;L;00C6 0301;;;;N;;ash *;;01FD; +01FD;LATIN SMALL LETTER AE WITH ACUTE;Ll;0;L;00E6 0301;;;;N;;ash *;01FC;;01FC +01FE;LATIN CAPITAL LETTER O WITH STROKE AND ACUTE;Lu;0;L;00D8 0301;;;;N;;;;01FF; +01FF;LATIN SMALL LETTER O WITH STROKE AND ACUTE;Ll;0;L;00F8 0301;;;;N;;;01FE;;01FE +0200;LATIN CAPITAL LETTER A WITH DOUBLE GRAVE;Lu;0;L;0041 030F;;;;N;;;;0201; +0201;LATIN SMALL LETTER A WITH DOUBLE GRAVE;Ll;0;L;0061 030F;;;;N;;;0200;;0200 +0202;LATIN CAPITAL LETTER A WITH INVERTED BREVE;Lu;0;L;0041 0311;;;;N;;;;0203; +0203;LATIN SMALL LETTER A WITH INVERTED BREVE;Ll;0;L;0061 0311;;;;N;;;0202;;0202 +0204;LATIN CAPITAL LETTER E WITH DOUBLE GRAVE;Lu;0;L;0045 030F;;;;N;;;;0205; +0205;LATIN SMALL LETTER E WITH DOUBLE GRAVE;Ll;0;L;0065 030F;;;;N;;;0204;;0204 +0206;LATIN CAPITAL LETTER E WITH INVERTED BREVE;Lu;0;L;0045 0311;;;;N;;;;0207; +0207;LATIN SMALL LETTER E WITH INVERTED BREVE;Ll;0;L;0065 0311;;;;N;;;0206;;0206 +0208;LATIN CAPITAL LETTER I WITH DOUBLE GRAVE;Lu;0;L;0049 030F;;;;N;;;;0209; +0209;LATIN SMALL LETTER I WITH DOUBLE GRAVE;Ll;0;L;0069 030F;;;;N;;;0208;;0208 +020A;LATIN CAPITAL LETTER I WITH INVERTED BREVE;Lu;0;L;0049 0311;;;;N;;;;020B; +020B;LATIN SMALL LETTER I WITH INVERTED BREVE;Ll;0;L;0069 0311;;;;N;;;020A;;020A +020C;LATIN CAPITAL LETTER O WITH DOUBLE GRAVE;Lu;0;L;004F 030F;;;;N;;;;020D; +020D;LATIN SMALL LETTER O WITH DOUBLE GRAVE;Ll;0;L;006F 030F;;;;N;;;020C;;020C +020E;LATIN CAPITAL LETTER O WITH INVERTED BREVE;Lu;0;L;004F 0311;;;;N;;;;020F; +020F;LATIN SMALL LETTER O WITH INVERTED BREVE;Ll;0;L;006F 0311;;;;N;;;020E;;020E +0210;LATIN CAPITAL LETTER R WITH DOUBLE GRAVE;Lu;0;L;0052 030F;;;;N;;;;0211; +0211;LATIN SMALL LETTER R WITH DOUBLE GRAVE;Ll;0;L;0072 030F;;;;N;;;0210;;0210 +0212;LATIN CAPITAL LETTER R WITH INVERTED BREVE;Lu;0;L;0052 0311;;;;N;;;;0213; +0213;LATIN SMALL LETTER R WITH INVERTED BREVE;Ll;0;L;0072 0311;;;;N;;;0212;;0212 +0214;LATIN CAPITAL LETTER U WITH DOUBLE GRAVE;Lu;0;L;0055 030F;;;;N;;;;0215; +0215;LATIN SMALL LETTER U WITH DOUBLE GRAVE;Ll;0;L;0075 030F;;;;N;;;0214;;0214 +0216;LATIN CAPITAL LETTER U WITH INVERTED BREVE;Lu;0;L;0055 0311;;;;N;;;;0217; +0217;LATIN SMALL LETTER U WITH INVERTED BREVE;Ll;0;L;0075 0311;;;;N;;;0216;;0216 +0218;LATIN CAPITAL LETTER S WITH COMMA BELOW;Lu;0;L;0053 0326;;;;N;;*;;0219; +0219;LATIN SMALL LETTER S WITH COMMA BELOW;Ll;0;L;0073 0326;;;;N;;*;0218;;0218 +021A;LATIN CAPITAL LETTER T WITH COMMA BELOW;Lu;0;L;0054 0326;;;;N;;*;;021B; +021B;LATIN SMALL LETTER T WITH COMMA BELOW;Ll;0;L;0074 0326;;;;N;;*;021A;;021A +021C;LATIN CAPITAL LETTER YOGH;Lu;0;L;;;;;N;;;;021D; +021D;LATIN SMALL LETTER YOGH;Ll;0;L;;;;;N;;;021C;;021C +021E;LATIN CAPITAL LETTER H WITH CARON;Lu;0;L;0048 030C;;;;N;;;;021F; +021F;LATIN SMALL LETTER H WITH CARON;Ll;0;L;0068 030C;;;;N;;;021E;;021E +0220;LATIN CAPITAL LETTER N WITH LONG RIGHT LEG;Lu;0;L;;;;;N;;;;019E; +0221;LATIN SMALL LETTER D WITH CURL;Ll;0;L;;;;;N;;;;; +0222;LATIN CAPITAL LETTER OU;Lu;0;L;;;;;N;;;;0223; +0223;LATIN SMALL LETTER OU;Ll;0;L;;;;;N;;;0222;;0222 +0224;LATIN CAPITAL LETTER Z WITH HOOK;Lu;0;L;;;;;N;;;;0225; +0225;LATIN SMALL LETTER Z WITH HOOK;Ll;0;L;;;;;N;;;0224;;0224 +0226;LATIN CAPITAL LETTER A WITH DOT ABOVE;Lu;0;L;0041 0307;;;;N;;;;0227; +0227;LATIN SMALL LETTER A WITH DOT ABOVE;Ll;0;L;0061 0307;;;;N;;;0226;;0226 +0228;LATIN CAPITAL LETTER E WITH CEDILLA;Lu;0;L;0045 0327;;;;N;;;;0229; +0229;LATIN SMALL LETTER E WITH CEDILLA;Ll;0;L;0065 0327;;;;N;;;0228;;0228 +022A;LATIN CAPITAL LETTER O WITH DIAERESIS AND MACRON;Lu;0;L;00D6 0304;;;;N;;;;022B; +022B;LATIN SMALL LETTER O WITH DIAERESIS AND MACRON;Ll;0;L;00F6 0304;;;;N;;;022A;;022A +022C;LATIN CAPITAL LETTER O WITH TILDE AND MACRON;Lu;0;L;00D5 0304;;;;N;;;;022D; +022D;LATIN SMALL LETTER O WITH TILDE AND MACRON;Ll;0;L;00F5 0304;;;;N;;;022C;;022C +022E;LATIN CAPITAL LETTER O WITH DOT ABOVE;Lu;0;L;004F 0307;;;;N;;;;022F; +022F;LATIN SMALL LETTER O WITH DOT ABOVE;Ll;0;L;006F 0307;;;;N;;;022E;;022E +0230;LATIN CAPITAL LETTER O WITH DOT ABOVE AND MACRON;Lu;0;L;022E 0304;;;;N;;;;0231; +0231;LATIN SMALL LETTER O WITH DOT ABOVE AND MACRON;Ll;0;L;022F 0304;;;;N;;;0230;;0230 +0232;LATIN CAPITAL LETTER Y WITH MACRON;Lu;0;L;0059 0304;;;;N;;;;0233; +0233;LATIN SMALL LETTER Y WITH MACRON;Ll;0;L;0079 0304;;;;N;;;0232;;0232 +0234;LATIN SMALL LETTER L WITH CURL;Ll;0;L;;;;;N;;;;; +0235;LATIN SMALL LETTER N WITH CURL;Ll;0;L;;;;;N;;;;; +0236;LATIN SMALL LETTER T WITH CURL;Ll;0;L;;;;;N;;;;; +0250;LATIN SMALL LETTER TURNED A;Ll;0;L;;;;;N;;;;; +0251;LATIN SMALL LETTER ALPHA;Ll;0;L;;;;;N;LATIN SMALL LETTER SCRIPT A;;;; +0252;LATIN SMALL LETTER TURNED ALPHA;Ll;0;L;;;;;N;LATIN SMALL LETTER TURNED SCRIPT A;;;; +0253;LATIN SMALL LETTER B WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER B HOOK;;0181;;0181 +0254;LATIN SMALL LETTER OPEN O;Ll;0;L;;;;;N;;;0186;;0186 +0255;LATIN SMALL LETTER C WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER C CURL;;;; +0256;LATIN SMALL LETTER D WITH TAIL;Ll;0;L;;;;;N;LATIN SMALL LETTER D RETROFLEX HOOK;;0189;;0189 +0257;LATIN SMALL LETTER D WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER D HOOK;;018A;;018A +0258;LATIN SMALL LETTER REVERSED E;Ll;0;L;;;;;N;;;;; +0259;LATIN SMALL LETTER SCHWA;Ll;0;L;;;;;N;;;018F;;018F +025A;LATIN SMALL LETTER SCHWA WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER SCHWA HOOK;;;; +025B;LATIN SMALL LETTER OPEN E;Ll;0;L;;;;;N;LATIN SMALL LETTER EPSILON;;0190;;0190 +025C;LATIN SMALL LETTER REVERSED OPEN E;Ll;0;L;;;;;N;LATIN SMALL LETTER REVERSED EPSILON;;;; +025D;LATIN SMALL LETTER REVERSED OPEN E WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER REVERSED EPSILON HOOK;;;; +025E;LATIN SMALL LETTER CLOSED REVERSED OPEN E;Ll;0;L;;;;;N;LATIN SMALL LETTER CLOSED REVERSED EPSILON;;;; +025F;LATIN SMALL LETTER DOTLESS J WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER DOTLESS J BAR;;;; +0260;LATIN SMALL LETTER G WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER G HOOK;;0193;;0193 +0261;LATIN SMALL LETTER SCRIPT G;Ll;0;L;;;;;N;;;;; +0262;LATIN LETTER SMALL CAPITAL G;Ll;0;L;;;;;N;;;;; +0263;LATIN SMALL LETTER GAMMA;Ll;0;L;;;;;N;;;0194;;0194 +0264;LATIN SMALL LETTER RAMS HORN;Ll;0;L;;;;;N;LATIN SMALL LETTER BABY GAMMA;;;; +0265;LATIN SMALL LETTER TURNED H;Ll;0;L;;;;;N;;;;; +0266;LATIN SMALL LETTER H WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER H HOOK;;;; +0267;LATIN SMALL LETTER HENG WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER HENG HOOK;;;; +0268;LATIN SMALL LETTER I WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER BARRED I;;0197;;0197 +0269;LATIN SMALL LETTER IOTA;Ll;0;L;;;;;N;;;0196;;0196 +026A;LATIN LETTER SMALL CAPITAL I;Ll;0;L;;;;;N;;;;; +026B;LATIN SMALL LETTER L WITH MIDDLE TILDE;Ll;0;L;;;;;N;;;;; +026C;LATIN SMALL LETTER L WITH BELT;Ll;0;L;;;;;N;LATIN SMALL LETTER L BELT;;;; +026D;LATIN SMALL LETTER L WITH RETROFLEX HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER L RETROFLEX HOOK;;;; +026E;LATIN SMALL LETTER LEZH;Ll;0;L;;;;;N;LATIN SMALL LETTER L YOGH;;;; +026F;LATIN SMALL LETTER TURNED M;Ll;0;L;;;;;N;;;019C;;019C +0270;LATIN SMALL LETTER TURNED M WITH LONG LEG;Ll;0;L;;;;;N;;;;; +0271;LATIN SMALL LETTER M WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER M HOOK;;;; +0272;LATIN SMALL LETTER N WITH LEFT HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER N HOOK;;019D;;019D +0273;LATIN SMALL LETTER N WITH RETROFLEX HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER N RETROFLEX HOOK;;;; +0274;LATIN LETTER SMALL CAPITAL N;Ll;0;L;;;;;N;;;;; +0275;LATIN SMALL LETTER BARRED O;Ll;0;L;;;;;N;;;019F;;019F +0276;LATIN LETTER SMALL CAPITAL OE;Ll;0;L;;;;;N;LATIN LETTER SMALL CAPITAL O E;;;; +0277;LATIN SMALL LETTER CLOSED OMEGA;Ll;0;L;;;;;N;;;;; +0278;LATIN SMALL LETTER PHI;Ll;0;L;;;;;N;;;;; +0279;LATIN SMALL LETTER TURNED R;Ll;0;L;;;;;N;;;;; +027A;LATIN SMALL LETTER TURNED R WITH LONG LEG;Ll;0;L;;;;;N;;;;; +027B;LATIN SMALL LETTER TURNED R WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER TURNED R HOOK;;;; +027C;LATIN SMALL LETTER R WITH LONG LEG;Ll;0;L;;;;;N;;;;; +027D;LATIN SMALL LETTER R WITH TAIL;Ll;0;L;;;;;N;LATIN SMALL LETTER R HOOK;;;; +027E;LATIN SMALL LETTER R WITH FISHHOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER FISHHOOK R;;;; +027F;LATIN SMALL LETTER REVERSED R WITH FISHHOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER REVERSED FISHHOOK R;;;; +0280;LATIN LETTER SMALL CAPITAL R;Ll;0;L;;;;;N;;*;01A6;;01A6 +0281;LATIN LETTER SMALL CAPITAL INVERTED R;Ll;0;L;;;;;N;;;;; +0282;LATIN SMALL LETTER S WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER S HOOK;;;; +0283;LATIN SMALL LETTER ESH;Ll;0;L;;;;;N;;;01A9;;01A9 +0284;LATIN SMALL LETTER DOTLESS J WITH STROKE AND HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER DOTLESS J BAR HOOK;;;; +0285;LATIN SMALL LETTER SQUAT REVERSED ESH;Ll;0;L;;;;;N;;;;; +0286;LATIN SMALL LETTER ESH WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER ESH CURL;;;; +0287;LATIN SMALL LETTER TURNED T;Ll;0;L;;;;;N;;;;; +0288;LATIN SMALL LETTER T WITH RETROFLEX HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER T RETROFLEX HOOK;;01AE;;01AE +0289;LATIN SMALL LETTER U BAR;Ll;0;L;;;;;N;;;;; +028A;LATIN SMALL LETTER UPSILON;Ll;0;L;;;;;N;;;01B1;;01B1 +028B;LATIN SMALL LETTER V WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER SCRIPT V;;01B2;;01B2 +028C;LATIN SMALL LETTER TURNED V;Ll;0;L;;;;;N;;;;; +028D;LATIN SMALL LETTER TURNED W;Ll;0;L;;;;;N;;;;; +028E;LATIN SMALL LETTER TURNED Y;Ll;0;L;;;;;N;;;;; +028F;LATIN LETTER SMALL CAPITAL Y;Ll;0;L;;;;;N;;;;; +0290;LATIN SMALL LETTER Z WITH RETROFLEX HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER Z RETROFLEX HOOK;;;; +0291;LATIN SMALL LETTER Z WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER Z CURL;;;; +0292;LATIN SMALL LETTER EZH;Ll;0;L;;;;;N;LATIN SMALL LETTER YOGH;;01B7;;01B7 +0293;LATIN SMALL LETTER EZH WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER YOGH CURL;;;; +0294;LATIN LETTER GLOTTAL STOP;Ll;0;L;;;;;N;;;;; +0295;LATIN LETTER PHARYNGEAL VOICED FRICATIVE;Ll;0;L;;;;;N;LATIN LETTER REVERSED GLOTTAL STOP;;;; +0296;LATIN LETTER INVERTED GLOTTAL STOP;Ll;0;L;;;;;N;;;;; +0297;LATIN LETTER STRETCHED C;Ll;0;L;;;;;N;;;;; +0298;LATIN LETTER BILABIAL CLICK;Ll;0;L;;;;;N;LATIN LETTER BULLSEYE;;;; +0299;LATIN LETTER SMALL CAPITAL B;Ll;0;L;;;;;N;;;;; +029A;LATIN SMALL LETTER CLOSED OPEN E;Ll;0;L;;;;;N;LATIN SMALL LETTER CLOSED EPSILON;;;; +029B;LATIN LETTER SMALL CAPITAL G WITH HOOK;Ll;0;L;;;;;N;LATIN LETTER SMALL CAPITAL G HOOK;;;; +029C;LATIN LETTER SMALL CAPITAL H;Ll;0;L;;;;;N;;;;; +029D;LATIN SMALL LETTER J WITH CROSSED-TAIL;Ll;0;L;;;;;N;LATIN SMALL LETTER CROSSED-TAIL J;;;; +029E;LATIN SMALL LETTER TURNED K;Ll;0;L;;;;;N;;;;; +029F;LATIN LETTER SMALL CAPITAL L;Ll;0;L;;;;;N;;;;; +02A0;LATIN SMALL LETTER Q WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER Q HOOK;;;; +02A1;LATIN LETTER GLOTTAL STOP WITH STROKE;Ll;0;L;;;;;N;LATIN LETTER GLOTTAL STOP BAR;;;; +02A2;LATIN LETTER REVERSED GLOTTAL STOP WITH STROKE;Ll;0;L;;;;;N;LATIN LETTER REVERSED GLOTTAL STOP BAR;;;; +02A3;LATIN SMALL LETTER DZ DIGRAPH;Ll;0;L;;;;;N;LATIN SMALL LETTER D Z;;;; +02A4;LATIN SMALL LETTER DEZH DIGRAPH;Ll;0;L;;;;;N;LATIN SMALL LETTER D YOGH;;;; +02A5;LATIN SMALL LETTER DZ DIGRAPH WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER D Z CURL;;;; +02A6;LATIN SMALL LETTER TS DIGRAPH;Ll;0;L;;;;;N;LATIN SMALL LETTER T S;;;; +02A7;LATIN SMALL LETTER TESH DIGRAPH;Ll;0;L;;;;;N;LATIN SMALL LETTER T ESH;;;; +02A8;LATIN SMALL LETTER TC DIGRAPH WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER T C CURL;;;; +02A9;LATIN SMALL LETTER FENG DIGRAPH;Ll;0;L;;;;;N;;;;; +02AA;LATIN SMALL LETTER LS DIGRAPH;Ll;0;L;;;;;N;;;;; +02AB;LATIN SMALL LETTER LZ DIGRAPH;Ll;0;L;;;;;N;;;;; +02AC;LATIN LETTER BILABIAL PERCUSSIVE;Ll;0;L;;;;;N;;;;; +02AD;LATIN LETTER BIDENTAL PERCUSSIVE;Ll;0;L;;;;;N;;;;; +02AE;LATIN SMALL LETTER TURNED H WITH FISHHOOK;Ll;0;L;;;;;N;;;;; +02AF;LATIN SMALL LETTER TURNED H WITH FISHHOOK AND TAIL;Ll;0;L;;;;;N;;;;; +02B0;MODIFIER LETTER SMALL H;Lm;0;L; 0068;;;;N;;;;; +02B1;MODIFIER LETTER SMALL H WITH HOOK;Lm;0;L; 0266;;;;N;MODIFIER LETTER SMALL H HOOK;;;; +02B2;MODIFIER LETTER SMALL J;Lm;0;L; 006A;;;;N;;;;; +02B3;MODIFIER LETTER SMALL R;Lm;0;L; 0072;;;;N;;;;; +02B4;MODIFIER LETTER SMALL TURNED R;Lm;0;L; 0279;;;;N;;;;; +02B5;MODIFIER LETTER SMALL TURNED R WITH HOOK;Lm;0;L; 027B;;;;N;MODIFIER LETTER SMALL TURNED R HOOK;;;; +02B6;MODIFIER LETTER SMALL CAPITAL INVERTED R;Lm;0;L; 0281;;;;N;;;;; +02B7;MODIFIER LETTER SMALL W;Lm;0;L; 0077;;;;N;;;;; +02B8;MODIFIER LETTER SMALL Y;Lm;0;L; 0079;;;;N;;;;; +02B9;MODIFIER LETTER PRIME;Lm;0;ON;;;;;N;;;;; +02BA;MODIFIER LETTER DOUBLE PRIME;Lm;0;ON;;;;;N;;;;; +02BB;MODIFIER LETTER TURNED COMMA;Lm;0;L;;;;;N;;;;; +02BC;MODIFIER LETTER APOSTROPHE;Lm;0;L;;;;;N;;;;; +02BD;MODIFIER LETTER REVERSED COMMA;Lm;0;L;;;;;N;;;;; +02BE;MODIFIER LETTER RIGHT HALF RING;Lm;0;L;;;;;N;;;;; +02BF;MODIFIER LETTER LEFT HALF RING;Lm;0;L;;;;;N;;;;; +02C0;MODIFIER LETTER GLOTTAL STOP;Lm;0;L;;;;;N;;;;; +02C1;MODIFIER LETTER REVERSED GLOTTAL STOP;Lm;0;L;;;;;N;;;;; +02C2;MODIFIER LETTER LEFT ARROWHEAD;Sk;0;ON;;;;;N;;;;; +02C3;MODIFIER LETTER RIGHT ARROWHEAD;Sk;0;ON;;;;;N;;;;; +02C4;MODIFIER LETTER UP ARROWHEAD;Sk;0;ON;;;;;N;;;;; +02C5;MODIFIER LETTER DOWN ARROWHEAD;Sk;0;ON;;;;;N;;;;; +02C6;MODIFIER LETTER CIRCUMFLEX ACCENT;Lm;0;ON;;;;;N;MODIFIER LETTER CIRCUMFLEX;;;; +02C7;CARON;Lm;0;ON;;;;;N;MODIFIER LETTER HACEK;Mandarin Chinese third tone;;; +02C8;MODIFIER LETTER VERTICAL LINE;Lm;0;ON;;;;;N;;;;; +02C9;MODIFIER LETTER MACRON;Lm;0;ON;;;;;N;;Mandarin Chinese first tone;;; +02CA;MODIFIER LETTER ACUTE ACCENT;Lm;0;ON;;;;;N;MODIFIER LETTER ACUTE;Mandarin Chinese second tone;;; +02CB;MODIFIER LETTER GRAVE ACCENT;Lm;0;ON;;;;;N;MODIFIER LETTER GRAVE;Mandarin Chinese fourth tone;;; +02CC;MODIFIER LETTER LOW VERTICAL LINE;Lm;0;ON;;;;;N;;;;; +02CD;MODIFIER LETTER LOW MACRON;Lm;0;ON;;;;;N;;;;; +02CE;MODIFIER LETTER LOW GRAVE ACCENT;Lm;0;ON;;;;;N;MODIFIER LETTER LOW GRAVE;;;; +02CF;MODIFIER LETTER LOW ACUTE ACCENT;Lm;0;ON;;;;;N;MODIFIER LETTER LOW ACUTE;;;; +02D0;MODIFIER LETTER TRIANGULAR COLON;Lm;0;L;;;;;N;;;;; +02D1;MODIFIER LETTER HALF TRIANGULAR COLON;Lm;0;L;;;;;N;;;;; +02D2;MODIFIER LETTER CENTRED RIGHT HALF RING;Sk;0;ON;;;;;N;MODIFIER LETTER CENTERED RIGHT HALF RING;;;; +02D3;MODIFIER LETTER CENTRED LEFT HALF RING;Sk;0;ON;;;;;N;MODIFIER LETTER CENTERED LEFT HALF RING;;;; +02D4;MODIFIER LETTER UP TACK;Sk;0;ON;;;;;N;;;;; +02D5;MODIFIER LETTER DOWN TACK;Sk;0;ON;;;;;N;;;;; +02D6;MODIFIER LETTER PLUS SIGN;Sk;0;ON;;;;;N;;;;; +02D7;MODIFIER LETTER MINUS SIGN;Sk;0;ON;;;;;N;;;;; +02D8;BREVE;Sk;0;ON; 0020 0306;;;;N;SPACING BREVE;;;; +02D9;DOT ABOVE;Sk;0;ON; 0020 0307;;;;N;SPACING DOT ABOVE;Mandarin Chinese light tone;;; +02DA;RING ABOVE;Sk;0;ON; 0020 030A;;;;N;SPACING RING ABOVE;;;; +02DB;OGONEK;Sk;0;ON; 0020 0328;;;;N;SPACING OGONEK;;;; +02DC;SMALL TILDE;Sk;0;ON; 0020 0303;;;;N;SPACING TILDE;;;; +02DD;DOUBLE ACUTE ACCENT;Sk;0;ON; 0020 030B;;;;N;SPACING DOUBLE ACUTE;;;; +02DE;MODIFIER LETTER RHOTIC HOOK;Sk;0;ON;;;;;N;;;;; +02DF;MODIFIER LETTER CROSS ACCENT;Sk;0;ON;;;;;N;;;;; +02E0;MODIFIER LETTER SMALL GAMMA;Lm;0;L; 0263;;;;N;;;;; +02E1;MODIFIER LETTER SMALL L;Lm;0;L; 006C;;;;N;;;;; +02E2;MODIFIER LETTER SMALL S;Lm;0;L; 0073;;;;N;;;;; +02E3;MODIFIER LETTER SMALL X;Lm;0;L; 0078;;;;N;;;;; +02E4;MODIFIER LETTER SMALL REVERSED GLOTTAL STOP;Lm;0;L; 0295;;;;N;;;;; +02E5;MODIFIER LETTER EXTRA-HIGH TONE BAR;Sk;0;ON;;;;;N;;;;; +02E6;MODIFIER LETTER HIGH TONE BAR;Sk;0;ON;;;;;N;;;;; +02E7;MODIFIER LETTER MID TONE BAR;Sk;0;ON;;;;;N;;;;; +02E8;MODIFIER LETTER LOW TONE BAR;Sk;0;ON;;;;;N;;;;; +02E9;MODIFIER LETTER EXTRA-LOW TONE BAR;Sk;0;ON;;;;;N;;;;; +02EA;MODIFIER LETTER YIN DEPARTING TONE MARK;Sk;0;ON;;;;;N;;;;; +02EB;MODIFIER LETTER YANG DEPARTING TONE MARK;Sk;0;ON;;;;;N;;;;; +02EC;MODIFIER LETTER VOICING;Sk;0;ON;;;;;N;;;;; +02ED;MODIFIER LETTER UNASPIRATED;Sk;0;ON;;;;;N;;;;; +02EE;MODIFIER LETTER DOUBLE APOSTROPHE;Lm;0;L;;;;;N;;;;; +02EF;MODIFIER LETTER LOW DOWN ARROWHEAD;Sk;0;ON;;;;;N;;;;; +02F0;MODIFIER LETTER LOW UP ARROWHEAD;Sk;0;ON;;;;;N;;;;; +02F1;MODIFIER LETTER LOW LEFT ARROWHEAD;Sk;0;ON;;;;;N;;;;; +02F2;MODIFIER LETTER LOW RIGHT ARROWHEAD;Sk;0;ON;;;;;N;;;;; +02F3;MODIFIER LETTER LOW RING;Sk;0;ON;;;;;N;;;;; +02F4;MODIFIER LETTER MIDDLE GRAVE ACCENT;Sk;0;ON;;;;;N;;;;; +02F5;MODIFIER LETTER MIDDLE DOUBLE GRAVE ACCENT;Sk;0;ON;;;;;N;;;;; +02F6;MODIFIER LETTER MIDDLE DOUBLE ACUTE ACCENT;Sk;0;ON;;;;;N;;;;; +02F7;MODIFIER LETTER LOW TILDE;Sk;0;ON;;;;;N;;;;; +02F8;MODIFIER LETTER RAISED COLON;Sk;0;ON;;;;;N;;;;; +02F9;MODIFIER LETTER BEGIN HIGH TONE;Sk;0;ON;;;;;N;;;;; +02FA;MODIFIER LETTER END HIGH TONE;Sk;0;ON;;;;;N;;;;; +02FB;MODIFIER LETTER BEGIN LOW TONE;Sk;0;ON;;;;;N;;;;; +02FC;MODIFIER LETTER END LOW TONE;Sk;0;ON;;;;;N;;;;; +02FD;MODIFIER LETTER SHELF;Sk;0;ON;;;;;N;;;;; +02FE;MODIFIER LETTER OPEN SHELF;Sk;0;ON;;;;;N;;;;; +02FF;MODIFIER LETTER LOW LEFT ARROW;Sk;0;ON;;;;;N;;;;; +0300;COMBINING GRAVE ACCENT;Mn;230;NSM;;;;;N;NON-SPACING GRAVE;Varia;;; +0301;COMBINING ACUTE ACCENT;Mn;230;NSM;;;;;N;NON-SPACING ACUTE;Oxia, Tonos;;; +0302;COMBINING CIRCUMFLEX ACCENT;Mn;230;NSM;;;;;N;NON-SPACING CIRCUMFLEX;;;; +0303;COMBINING TILDE;Mn;230;NSM;;;;;N;NON-SPACING TILDE;;;; +0304;COMBINING MACRON;Mn;230;NSM;;;;;N;NON-SPACING MACRON;;;; +0305;COMBINING OVERLINE;Mn;230;NSM;;;;;N;NON-SPACING OVERSCORE;;;; +0306;COMBINING BREVE;Mn;230;NSM;;;;;N;NON-SPACING BREVE;Vrachy;;; +0307;COMBINING DOT ABOVE;Mn;230;NSM;;;;;N;NON-SPACING DOT ABOVE;;;; +0308;COMBINING DIAERESIS;Mn;230;NSM;;;;;N;NON-SPACING DIAERESIS;Dialytika;;; +0309;COMBINING HOOK ABOVE;Mn;230;NSM;;;;;N;NON-SPACING HOOK ABOVE;;;; +030A;COMBINING RING ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RING ABOVE;;;; +030B;COMBINING DOUBLE ACUTE ACCENT;Mn;230;NSM;;;;;N;NON-SPACING DOUBLE ACUTE;;;; +030C;COMBINING CARON;Mn;230;NSM;;;;;N;NON-SPACING HACEK;;;; +030D;COMBINING VERTICAL LINE ABOVE;Mn;230;NSM;;;;;N;NON-SPACING VERTICAL LINE ABOVE;;;; +030E;COMBINING DOUBLE VERTICAL LINE ABOVE;Mn;230;NSM;;;;;N;NON-SPACING DOUBLE VERTICAL LINE ABOVE;;;; +030F;COMBINING DOUBLE GRAVE ACCENT;Mn;230;NSM;;;;;N;NON-SPACING DOUBLE GRAVE;;;; +0310;COMBINING CANDRABINDU;Mn;230;NSM;;;;;N;NON-SPACING CANDRABINDU;;;; +0311;COMBINING INVERTED BREVE;Mn;230;NSM;;;;;N;NON-SPACING INVERTED BREVE;;;; +0312;COMBINING TURNED COMMA ABOVE;Mn;230;NSM;;;;;N;NON-SPACING TURNED COMMA ABOVE;;;; +0313;COMBINING COMMA ABOVE;Mn;230;NSM;;;;;N;NON-SPACING COMMA ABOVE;Psili;;; +0314;COMBINING REVERSED COMMA ABOVE;Mn;230;NSM;;;;;N;NON-SPACING REVERSED COMMA ABOVE;Dasia;;; +0315;COMBINING COMMA ABOVE RIGHT;Mn;232;NSM;;;;;N;NON-SPACING COMMA ABOVE RIGHT;;;; +0316;COMBINING GRAVE ACCENT BELOW;Mn;220;NSM;;;;;N;NON-SPACING GRAVE BELOW;;;; +0317;COMBINING ACUTE ACCENT BELOW;Mn;220;NSM;;;;;N;NON-SPACING ACUTE BELOW;;;; +0318;COMBINING LEFT TACK BELOW;Mn;220;NSM;;;;;N;NON-SPACING LEFT TACK BELOW;;;; +0319;COMBINING RIGHT TACK BELOW;Mn;220;NSM;;;;;N;NON-SPACING RIGHT TACK BELOW;;;; +031A;COMBINING LEFT ANGLE ABOVE;Mn;232;NSM;;;;;N;NON-SPACING LEFT ANGLE ABOVE;;;; +031B;COMBINING HORN;Mn;216;NSM;;;;;N;NON-SPACING HORN;;;; +031C;COMBINING LEFT HALF RING BELOW;Mn;220;NSM;;;;;N;NON-SPACING LEFT HALF RING BELOW;;;; +031D;COMBINING UP TACK BELOW;Mn;220;NSM;;;;;N;NON-SPACING UP TACK BELOW;;;; +031E;COMBINING DOWN TACK BELOW;Mn;220;NSM;;;;;N;NON-SPACING DOWN TACK BELOW;;;; +031F;COMBINING PLUS SIGN BELOW;Mn;220;NSM;;;;;N;NON-SPACING PLUS SIGN BELOW;;;; +0320;COMBINING MINUS SIGN BELOW;Mn;220;NSM;;;;;N;NON-SPACING MINUS SIGN BELOW;;;; +0321;COMBINING PALATALIZED HOOK BELOW;Mn;202;NSM;;;;;N;NON-SPACING PALATALIZED HOOK BELOW;;;; +0322;COMBINING RETROFLEX HOOK BELOW;Mn;202;NSM;;;;;N;NON-SPACING RETROFLEX HOOK BELOW;;;; +0323;COMBINING DOT BELOW;Mn;220;NSM;;;;;N;NON-SPACING DOT BELOW;;;; +0324;COMBINING DIAERESIS BELOW;Mn;220;NSM;;;;;N;NON-SPACING DOUBLE DOT BELOW;;;; +0325;COMBINING RING BELOW;Mn;220;NSM;;;;;N;NON-SPACING RING BELOW;;;; +0326;COMBINING COMMA BELOW;Mn;220;NSM;;;;;N;NON-SPACING COMMA BELOW;;;; +0327;COMBINING CEDILLA;Mn;202;NSM;;;;;N;NON-SPACING CEDILLA;;;; +0328;COMBINING OGONEK;Mn;202;NSM;;;;;N;NON-SPACING OGONEK;;;; +0329;COMBINING VERTICAL LINE BELOW;Mn;220;NSM;;;;;N;NON-SPACING VERTICAL LINE BELOW;;;; +032A;COMBINING BRIDGE BELOW;Mn;220;NSM;;;;;N;NON-SPACING BRIDGE BELOW;;;; +032B;COMBINING INVERTED DOUBLE ARCH BELOW;Mn;220;NSM;;;;;N;NON-SPACING INVERTED DOUBLE ARCH BELOW;;;; +032C;COMBINING CARON BELOW;Mn;220;NSM;;;;;N;NON-SPACING HACEK BELOW;;;; +032D;COMBINING CIRCUMFLEX ACCENT BELOW;Mn;220;NSM;;;;;N;NON-SPACING CIRCUMFLEX BELOW;;;; +032E;COMBINING BREVE BELOW;Mn;220;NSM;;;;;N;NON-SPACING BREVE BELOW;;;; +032F;COMBINING INVERTED BREVE BELOW;Mn;220;NSM;;;;;N;NON-SPACING INVERTED BREVE BELOW;;;; +0330;COMBINING TILDE BELOW;Mn;220;NSM;;;;;N;NON-SPACING TILDE BELOW;;;; +0331;COMBINING MACRON BELOW;Mn;220;NSM;;;;;N;NON-SPACING MACRON BELOW;;;; +0332;COMBINING LOW LINE;Mn;220;NSM;;;;;N;NON-SPACING UNDERSCORE;;;; +0333;COMBINING DOUBLE LOW LINE;Mn;220;NSM;;;;;N;NON-SPACING DOUBLE UNDERSCORE;;;; +0334;COMBINING TILDE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING TILDE OVERLAY;;;; +0335;COMBINING SHORT STROKE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING SHORT BAR OVERLAY;;;; +0336;COMBINING LONG STROKE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG BAR OVERLAY;;;; +0337;COMBINING SHORT SOLIDUS OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING SHORT SLASH OVERLAY;;;; +0338;COMBINING LONG SOLIDUS OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG SLASH OVERLAY;;;; +0339;COMBINING RIGHT HALF RING BELOW;Mn;220;NSM;;;;;N;NON-SPACING RIGHT HALF RING BELOW;;;; +033A;COMBINING INVERTED BRIDGE BELOW;Mn;220;NSM;;;;;N;NON-SPACING INVERTED BRIDGE BELOW;;;; +033B;COMBINING SQUARE BELOW;Mn;220;NSM;;;;;N;NON-SPACING SQUARE BELOW;;;; +033C;COMBINING SEAGULL BELOW;Mn;220;NSM;;;;;N;NON-SPACING SEAGULL BELOW;;;; +033D;COMBINING X ABOVE;Mn;230;NSM;;;;;N;NON-SPACING X ABOVE;;;; +033E;COMBINING VERTICAL TILDE;Mn;230;NSM;;;;;N;NON-SPACING VERTICAL TILDE;;;; +033F;COMBINING DOUBLE OVERLINE;Mn;230;NSM;;;;;N;NON-SPACING DOUBLE OVERSCORE;;;; +0340;COMBINING GRAVE TONE MARK;Mn;230;NSM;0300;;;;N;NON-SPACING GRAVE TONE MARK;Vietnamese;;; +0341;COMBINING ACUTE TONE MARK;Mn;230;NSM;0301;;;;N;NON-SPACING ACUTE TONE MARK;Vietnamese;;; +0342;COMBINING GREEK PERISPOMENI;Mn;230;NSM;;;;;N;;;;; +0343;COMBINING GREEK KORONIS;Mn;230;NSM;0313;;;;N;;;;; +0344;COMBINING GREEK DIALYTIKA TONOS;Mn;230;NSM;0308 0301;;;;N;GREEK NON-SPACING DIAERESIS TONOS;;;; +0345;COMBINING GREEK YPOGEGRAMMENI;Mn;240;NSM;;;;;N;GREEK NON-SPACING IOTA BELOW;;0399;;0399 +0346;COMBINING BRIDGE ABOVE;Mn;230;NSM;;;;;N;;;;; +0347;COMBINING EQUALS SIGN BELOW;Mn;220;NSM;;;;;N;;;;; +0348;COMBINING DOUBLE VERTICAL LINE BELOW;Mn;220;NSM;;;;;N;;;;; +0349;COMBINING LEFT ANGLE BELOW;Mn;220;NSM;;;;;N;;;;; +034A;COMBINING NOT TILDE ABOVE;Mn;230;NSM;;;;;N;;;;; +034B;COMBINING HOMOTHETIC ABOVE;Mn;230;NSM;;;;;N;;;;; +034C;COMBINING ALMOST EQUAL TO ABOVE;Mn;230;NSM;;;;;N;;;;; +034D;COMBINING LEFT RIGHT ARROW BELOW;Mn;220;NSM;;;;;N;;;;; +034E;COMBINING UPWARDS ARROW BELOW;Mn;220;NSM;;;;;N;;;;; +034F;COMBINING GRAPHEME JOINER;Mn;0;NSM;;;;;N;;;;; +0350;COMBINING RIGHT ARROWHEAD ABOVE;Mn;230;NSM;;;;;N;;;;; +0351;COMBINING LEFT HALF RING ABOVE;Mn;230;NSM;;;;;N;;;;; +0352;COMBINING FERMATA;Mn;230;NSM;;;;;N;;;;; +0353;COMBINING X BELOW;Mn;220;NSM;;;;;N;;;;; +0354;COMBINING LEFT ARROWHEAD BELOW;Mn;220;NSM;;;;;N;;;;; +0355;COMBINING RIGHT ARROWHEAD BELOW;Mn;220;NSM;;;;;N;;;;; +0356;COMBINING RIGHT ARROWHEAD AND UP ARROWHEAD BELOW;Mn;220;NSM;;;;;N;;;;; +0357;COMBINING RIGHT HALF RING ABOVE;Mn;230;NSM;;;;;N;;;;; +035D;COMBINING DOUBLE BREVE;Mn;234;NSM;;;;;N;;;;; +035E;COMBINING DOUBLE MACRON;Mn;234;NSM;;;;;N;;;;; +035F;COMBINING DOUBLE MACRON BELOW;Mn;233;NSM;;;;;N;;;;; +0360;COMBINING DOUBLE TILDE;Mn;234;NSM;;;;;N;;;;; +0361;COMBINING DOUBLE INVERTED BREVE;Mn;234;NSM;;;;;N;;;;; +0362;COMBINING DOUBLE RIGHTWARDS ARROW BELOW;Mn;233;NSM;;;;;N;;;;; +0363;COMBINING LATIN SMALL LETTER A;Mn;230;NSM;;;;;N;;;;; +0364;COMBINING LATIN SMALL LETTER E;Mn;230;NSM;;;;;N;;;;; +0365;COMBINING LATIN SMALL LETTER I;Mn;230;NSM;;;;;N;;;;; +0366;COMBINING LATIN SMALL LETTER O;Mn;230;NSM;;;;;N;;;;; +0367;COMBINING LATIN SMALL LETTER U;Mn;230;NSM;;;;;N;;;;; +0368;COMBINING LATIN SMALL LETTER C;Mn;230;NSM;;;;;N;;;;; +0369;COMBINING LATIN SMALL LETTER D;Mn;230;NSM;;;;;N;;;;; +036A;COMBINING LATIN SMALL LETTER H;Mn;230;NSM;;;;;N;;;;; +036B;COMBINING LATIN SMALL LETTER M;Mn;230;NSM;;;;;N;;;;; +036C;COMBINING LATIN SMALL LETTER R;Mn;230;NSM;;;;;N;;;;; +036D;COMBINING LATIN SMALL LETTER T;Mn;230;NSM;;;;;N;;;;; +036E;COMBINING LATIN SMALL LETTER V;Mn;230;NSM;;;;;N;;;;; +036F;COMBINING LATIN SMALL LETTER X;Mn;230;NSM;;;;;N;;;;; +0374;GREEK NUMERAL SIGN;Sk;0;ON;02B9;;;;N;GREEK UPPER NUMERAL SIGN;Dexia keraia;;; +0375;GREEK LOWER NUMERAL SIGN;Sk;0;ON;;;;;N;;Aristeri keraia;;; +037A;GREEK YPOGEGRAMMENI;Lm;0;L; 0020 0345;;;;N;GREEK SPACING IOTA BELOW;;;; +037E;GREEK QUESTION MARK;Po;0;ON;003B;;;;N;;Erotimatiko;;; +0384;GREEK TONOS;Sk;0;ON; 0020 0301;;;;N;GREEK SPACING TONOS;;;; +0385;GREEK DIALYTIKA TONOS;Sk;0;ON;00A8 0301;;;;N;GREEK SPACING DIAERESIS TONOS;;;; +0386;GREEK CAPITAL LETTER ALPHA WITH TONOS;Lu;0;L;0391 0301;;;;N;GREEK CAPITAL LETTER ALPHA TONOS;;;03AC; +0387;GREEK ANO TELEIA;Po;0;ON;00B7;;;;N;;;;; +0388;GREEK CAPITAL LETTER EPSILON WITH TONOS;Lu;0;L;0395 0301;;;;N;GREEK CAPITAL LETTER EPSILON TONOS;;;03AD; +0389;GREEK CAPITAL LETTER ETA WITH TONOS;Lu;0;L;0397 0301;;;;N;GREEK CAPITAL LETTER ETA TONOS;;;03AE; +038A;GREEK CAPITAL LETTER IOTA WITH TONOS;Lu;0;L;0399 0301;;;;N;GREEK CAPITAL LETTER IOTA TONOS;;;03AF; +038C;GREEK CAPITAL LETTER OMICRON WITH TONOS;Lu;0;L;039F 0301;;;;N;GREEK CAPITAL LETTER OMICRON TONOS;;;03CC; +038E;GREEK CAPITAL LETTER UPSILON WITH TONOS;Lu;0;L;03A5 0301;;;;N;GREEK CAPITAL LETTER UPSILON TONOS;;;03CD; +038F;GREEK CAPITAL LETTER OMEGA WITH TONOS;Lu;0;L;03A9 0301;;;;N;GREEK CAPITAL LETTER OMEGA TONOS;;;03CE; +0390;GREEK SMALL LETTER IOTA WITH DIALYTIKA AND TONOS;Ll;0;L;03CA 0301;;;;N;GREEK SMALL LETTER IOTA DIAERESIS TONOS;;;; +0391;GREEK CAPITAL LETTER ALPHA;Lu;0;L;;;;;N;;;;03B1; +0392;GREEK CAPITAL LETTER BETA;Lu;0;L;;;;;N;;;;03B2; +0393;GREEK CAPITAL LETTER GAMMA;Lu;0;L;;;;;N;;;;03B3; +0394;GREEK CAPITAL LETTER DELTA;Lu;0;L;;;;;N;;;;03B4; +0395;GREEK CAPITAL LETTER EPSILON;Lu;0;L;;;;;N;;;;03B5; +0396;GREEK CAPITAL LETTER ZETA;Lu;0;L;;;;;N;;;;03B6; +0397;GREEK CAPITAL LETTER ETA;Lu;0;L;;;;;N;;;;03B7; +0398;GREEK CAPITAL LETTER THETA;Lu;0;L;;;;;N;;;;03B8; +0399;GREEK CAPITAL LETTER IOTA;Lu;0;L;;;;;N;;;;03B9; +039A;GREEK CAPITAL LETTER KAPPA;Lu;0;L;;;;;N;;;;03BA; +039B;GREEK CAPITAL LETTER LAMDA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER LAMBDA;;;03BB; +039C;GREEK CAPITAL LETTER MU;Lu;0;L;;;;;N;;;;03BC; +039D;GREEK CAPITAL LETTER NU;Lu;0;L;;;;;N;;;;03BD; +039E;GREEK CAPITAL LETTER XI;Lu;0;L;;;;;N;;;;03BE; +039F;GREEK CAPITAL LETTER OMICRON;Lu;0;L;;;;;N;;;;03BF; +03A0;GREEK CAPITAL LETTER PI;Lu;0;L;;;;;N;;;;03C0; +03A1;GREEK CAPITAL LETTER RHO;Lu;0;L;;;;;N;;;;03C1; +03A3;GREEK CAPITAL LETTER SIGMA;Lu;0;L;;;;;N;;;;03C3; +03A4;GREEK CAPITAL LETTER TAU;Lu;0;L;;;;;N;;;;03C4; +03A5;GREEK CAPITAL LETTER UPSILON;Lu;0;L;;;;;N;;;;03C5; +03A6;GREEK CAPITAL LETTER PHI;Lu;0;L;;;;;N;;;;03C6; +03A7;GREEK CAPITAL LETTER CHI;Lu;0;L;;;;;N;;;;03C7; +03A8;GREEK CAPITAL LETTER PSI;Lu;0;L;;;;;N;;;;03C8; +03A9;GREEK CAPITAL LETTER OMEGA;Lu;0;L;;;;;N;;;;03C9; +03AA;GREEK CAPITAL LETTER IOTA WITH DIALYTIKA;Lu;0;L;0399 0308;;;;N;GREEK CAPITAL LETTER IOTA DIAERESIS;;;03CA; +03AB;GREEK CAPITAL LETTER UPSILON WITH DIALYTIKA;Lu;0;L;03A5 0308;;;;N;GREEK CAPITAL LETTER UPSILON DIAERESIS;;;03CB; +03AC;GREEK SMALL LETTER ALPHA WITH TONOS;Ll;0;L;03B1 0301;;;;N;GREEK SMALL LETTER ALPHA TONOS;;0386;;0386 +03AD;GREEK SMALL LETTER EPSILON WITH TONOS;Ll;0;L;03B5 0301;;;;N;GREEK SMALL LETTER EPSILON TONOS;;0388;;0388 +03AE;GREEK SMALL LETTER ETA WITH TONOS;Ll;0;L;03B7 0301;;;;N;GREEK SMALL LETTER ETA TONOS;;0389;;0389 +03AF;GREEK SMALL LETTER IOTA WITH TONOS;Ll;0;L;03B9 0301;;;;N;GREEK SMALL LETTER IOTA TONOS;;038A;;038A +03B0;GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND TONOS;Ll;0;L;03CB 0301;;;;N;GREEK SMALL LETTER UPSILON DIAERESIS TONOS;;;; +03B1;GREEK SMALL LETTER ALPHA;Ll;0;L;;;;;N;;;0391;;0391 +03B2;GREEK SMALL LETTER BETA;Ll;0;L;;;;;N;;;0392;;0392 +03B3;GREEK SMALL LETTER GAMMA;Ll;0;L;;;;;N;;;0393;;0393 +03B4;GREEK SMALL LETTER DELTA;Ll;0;L;;;;;N;;;0394;;0394 +03B5;GREEK SMALL LETTER EPSILON;Ll;0;L;;;;;N;;;0395;;0395 +03B6;GREEK SMALL LETTER ZETA;Ll;0;L;;;;;N;;;0396;;0396 +03B7;GREEK SMALL LETTER ETA;Ll;0;L;;;;;N;;;0397;;0397 +03B8;GREEK SMALL LETTER THETA;Ll;0;L;;;;;N;;;0398;;0398 +03B9;GREEK SMALL LETTER IOTA;Ll;0;L;;;;;N;;;0399;;0399 +03BA;GREEK SMALL LETTER KAPPA;Ll;0;L;;;;;N;;;039A;;039A +03BB;GREEK SMALL LETTER LAMDA;Ll;0;L;;;;;N;GREEK SMALL LETTER LAMBDA;;039B;;039B +03BC;GREEK SMALL LETTER MU;Ll;0;L;;;;;N;;;039C;;039C +03BD;GREEK SMALL LETTER NU;Ll;0;L;;;;;N;;;039D;;039D +03BE;GREEK SMALL LETTER XI;Ll;0;L;;;;;N;;;039E;;039E +03BF;GREEK SMALL LETTER OMICRON;Ll;0;L;;;;;N;;;039F;;039F +03C0;GREEK SMALL LETTER PI;Ll;0;L;;;;;N;;;03A0;;03A0 +03C1;GREEK SMALL LETTER RHO;Ll;0;L;;;;;N;;;03A1;;03A1 +03C2;GREEK SMALL LETTER FINAL SIGMA;Ll;0;L;;;;;N;;;03A3;;03A3 +03C3;GREEK SMALL LETTER SIGMA;Ll;0;L;;;;;N;;;03A3;;03A3 +03C4;GREEK SMALL LETTER TAU;Ll;0;L;;;;;N;;;03A4;;03A4 +03C5;GREEK SMALL LETTER UPSILON;Ll;0;L;;;;;N;;;03A5;;03A5 +03C6;GREEK SMALL LETTER PHI;Ll;0;L;;;;;N;;;03A6;;03A6 +03C7;GREEK SMALL LETTER CHI;Ll;0;L;;;;;N;;;03A7;;03A7 +03C8;GREEK SMALL LETTER PSI;Ll;0;L;;;;;N;;;03A8;;03A8 +03C9;GREEK SMALL LETTER OMEGA;Ll;0;L;;;;;N;;;03A9;;03A9 +03CA;GREEK SMALL LETTER IOTA WITH DIALYTIKA;Ll;0;L;03B9 0308;;;;N;GREEK SMALL LETTER IOTA DIAERESIS;;03AA;;03AA +03CB;GREEK SMALL LETTER UPSILON WITH DIALYTIKA;Ll;0;L;03C5 0308;;;;N;GREEK SMALL LETTER UPSILON DIAERESIS;;03AB;;03AB +03CC;GREEK SMALL LETTER OMICRON WITH TONOS;Ll;0;L;03BF 0301;;;;N;GREEK SMALL LETTER OMICRON TONOS;;038C;;038C +03CD;GREEK SMALL LETTER UPSILON WITH TONOS;Ll;0;L;03C5 0301;;;;N;GREEK SMALL LETTER UPSILON TONOS;;038E;;038E +03CE;GREEK SMALL LETTER OMEGA WITH TONOS;Ll;0;L;03C9 0301;;;;N;GREEK SMALL LETTER OMEGA TONOS;;038F;;038F +03D0;GREEK BETA SYMBOL;Ll;0;L; 03B2;;;;N;GREEK SMALL LETTER CURLED BETA;;0392;;0392 +03D1;GREEK THETA SYMBOL;Ll;0;L; 03B8;;;;N;GREEK SMALL LETTER SCRIPT THETA;;0398;;0398 +03D2;GREEK UPSILON WITH HOOK SYMBOL;Lu;0;L; 03A5;;;;N;GREEK CAPITAL LETTER UPSILON HOOK;;;; +03D3;GREEK UPSILON WITH ACUTE AND HOOK SYMBOL;Lu;0;L;03D2 0301;;;;N;GREEK CAPITAL LETTER UPSILON HOOK TONOS;;;; +03D4;GREEK UPSILON WITH DIAERESIS AND HOOK SYMBOL;Lu;0;L;03D2 0308;;;;N;GREEK CAPITAL LETTER UPSILON HOOK DIAERESIS;;;; +03D5;GREEK PHI SYMBOL;Ll;0;L; 03C6;;;;N;GREEK SMALL LETTER SCRIPT PHI;;03A6;;03A6 +03D6;GREEK PI SYMBOL;Ll;0;L; 03C0;;;;N;GREEK SMALL LETTER OMEGA PI;;03A0;;03A0 +03D7;GREEK KAI SYMBOL;Ll;0;L;;;;;N;;;;; +03D8;GREEK LETTER ARCHAIC KOPPA;Lu;0;L;;;;;N;;*;;03D9; +03D9;GREEK SMALL LETTER ARCHAIC KOPPA;Ll;0;L;;;;;N;;*;03D8;;03D8 +03DA;GREEK LETTER STIGMA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER STIGMA;;;03DB; +03DB;GREEK SMALL LETTER STIGMA;Ll;0;L;;;;;N;;;03DA;;03DA +03DC;GREEK LETTER DIGAMMA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER DIGAMMA;;;03DD; +03DD;GREEK SMALL LETTER DIGAMMA;Ll;0;L;;;;;N;;;03DC;;03DC +03DE;GREEK LETTER KOPPA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER KOPPA;;;03DF; +03DF;GREEK SMALL LETTER KOPPA;Ll;0;L;;;;;N;;;03DE;;03DE +03E0;GREEK LETTER SAMPI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER SAMPI;;;03E1; +03E1;GREEK SMALL LETTER SAMPI;Ll;0;L;;;;;N;;;03E0;;03E0 +03E2;COPTIC CAPITAL LETTER SHEI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER SHEI;;;03E3; +03E3;COPTIC SMALL LETTER SHEI;Ll;0;L;;;;;N;GREEK SMALL LETTER SHEI;;03E2;;03E2 +03E4;COPTIC CAPITAL LETTER FEI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER FEI;;;03E5; +03E5;COPTIC SMALL LETTER FEI;Ll;0;L;;;;;N;GREEK SMALL LETTER FEI;;03E4;;03E4 +03E6;COPTIC CAPITAL LETTER KHEI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER KHEI;;;03E7; +03E7;COPTIC SMALL LETTER KHEI;Ll;0;L;;;;;N;GREEK SMALL LETTER KHEI;;03E6;;03E6 +03E8;COPTIC CAPITAL LETTER HORI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER HORI;;;03E9; +03E9;COPTIC SMALL LETTER HORI;Ll;0;L;;;;;N;GREEK SMALL LETTER HORI;;03E8;;03E8 +03EA;COPTIC CAPITAL LETTER GANGIA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER GANGIA;;;03EB; +03EB;COPTIC SMALL LETTER GANGIA;Ll;0;L;;;;;N;GREEK SMALL LETTER GANGIA;;03EA;;03EA +03EC;COPTIC CAPITAL LETTER SHIMA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER SHIMA;;;03ED; +03ED;COPTIC SMALL LETTER SHIMA;Ll;0;L;;;;;N;GREEK SMALL LETTER SHIMA;;03EC;;03EC +03EE;COPTIC CAPITAL LETTER DEI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER DEI;;;03EF; +03EF;COPTIC SMALL LETTER DEI;Ll;0;L;;;;;N;GREEK SMALL LETTER DEI;;03EE;;03EE +03F0;GREEK KAPPA SYMBOL;Ll;0;L; 03BA;;;;N;GREEK SMALL LETTER SCRIPT KAPPA;;039A;;039A +03F1;GREEK RHO SYMBOL;Ll;0;L; 03C1;;;;N;GREEK SMALL LETTER TAILED RHO;;03A1;;03A1 +03F2;GREEK LUNATE SIGMA SYMBOL;Ll;0;L; 03C2;;;;N;GREEK SMALL LETTER LUNATE SIGMA;;03F9;;03F9 +03F3;GREEK LETTER YOT;Ll;0;L;;;;;N;;;;; +03F4;GREEK CAPITAL THETA SYMBOL;Lu;0;L; 0398;;;;N;;;;03B8; +03F5;GREEK LUNATE EPSILON SYMBOL;Ll;0;L; 03B5;;;;N;;;0395;;0395 +03F6;GREEK REVERSED LUNATE EPSILON SYMBOL;Sm;0;ON;;;;;N;;;;; +03F7;GREEK CAPITAL LETTER SHO;Lu;0;L;;;;;N;;;;03F8; +03F8;GREEK SMALL LETTER SHO;Ll;0;L;;;;;N;;;03F7;;03F7 +03F9;GREEK CAPITAL LUNATE SIGMA SYMBOL;Lu;0;L; 03A3;;;;N;;;;03F2; +03FA;GREEK CAPITAL LETTER SAN;Lu;0;L;;;;;N;;;;03FB; +03FB;GREEK SMALL LETTER SAN;Ll;0;L;;;;;N;;;03FA;;03FA +0400;CYRILLIC CAPITAL LETTER IE WITH GRAVE;Lu;0;L;0415 0300;;;;N;;;;0450; +0401;CYRILLIC CAPITAL LETTER IO;Lu;0;L;0415 0308;;;;N;;;;0451; +0402;CYRILLIC CAPITAL LETTER DJE;Lu;0;L;;;;;N;;Serbocroatian;;0452; +0403;CYRILLIC CAPITAL LETTER GJE;Lu;0;L;0413 0301;;;;N;;;;0453; +0404;CYRILLIC CAPITAL LETTER UKRAINIAN IE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER E;;;0454; +0405;CYRILLIC CAPITAL LETTER DZE;Lu;0;L;;;;;N;;;;0455; +0406;CYRILLIC CAPITAL LETTER BYELORUSSIAN-UKRAINIAN I;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER I;;;0456; +0407;CYRILLIC CAPITAL LETTER YI;Lu;0;L;0406 0308;;;;N;;Ukrainian;;0457; +0408;CYRILLIC CAPITAL LETTER JE;Lu;0;L;;;;;N;;;;0458; +0409;CYRILLIC CAPITAL LETTER LJE;Lu;0;L;;;;;N;;;;0459; +040A;CYRILLIC CAPITAL LETTER NJE;Lu;0;L;;;;;N;;;;045A; +040B;CYRILLIC CAPITAL LETTER TSHE;Lu;0;L;;;;;N;;Serbocroatian;;045B; +040C;CYRILLIC CAPITAL LETTER KJE;Lu;0;L;041A 0301;;;;N;;;;045C; +040D;CYRILLIC CAPITAL LETTER I WITH GRAVE;Lu;0;L;0418 0300;;;;N;;;;045D; +040E;CYRILLIC CAPITAL LETTER SHORT U;Lu;0;L;0423 0306;;;;N;;Byelorussian;;045E; +040F;CYRILLIC CAPITAL LETTER DZHE;Lu;0;L;;;;;N;;;;045F; +0410;CYRILLIC CAPITAL LETTER A;Lu;0;L;;;;;N;;;;0430; +0411;CYRILLIC CAPITAL LETTER BE;Lu;0;L;;;;;N;;;;0431; +0412;CYRILLIC CAPITAL LETTER VE;Lu;0;L;;;;;N;;;;0432; +0413;CYRILLIC CAPITAL LETTER GHE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER GE;;;0433; +0414;CYRILLIC CAPITAL LETTER DE;Lu;0;L;;;;;N;;;;0434; +0415;CYRILLIC CAPITAL LETTER IE;Lu;0;L;;;;;N;;;;0435; +0416;CYRILLIC CAPITAL LETTER ZHE;Lu;0;L;;;;;N;;;;0436; +0417;CYRILLIC CAPITAL LETTER ZE;Lu;0;L;;;;;N;;;;0437; +0418;CYRILLIC CAPITAL LETTER I;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER II;;;0438; +0419;CYRILLIC CAPITAL LETTER SHORT I;Lu;0;L;0418 0306;;;;N;CYRILLIC CAPITAL LETTER SHORT II;;;0439; +041A;CYRILLIC CAPITAL LETTER KA;Lu;0;L;;;;;N;;;;043A; +041B;CYRILLIC CAPITAL LETTER EL;Lu;0;L;;;;;N;;;;043B; +041C;CYRILLIC CAPITAL LETTER EM;Lu;0;L;;;;;N;;;;043C; +041D;CYRILLIC CAPITAL LETTER EN;Lu;0;L;;;;;N;;;;043D; +041E;CYRILLIC CAPITAL LETTER O;Lu;0;L;;;;;N;;;;043E; +041F;CYRILLIC CAPITAL LETTER PE;Lu;0;L;;;;;N;;;;043F; +0420;CYRILLIC CAPITAL LETTER ER;Lu;0;L;;;;;N;;;;0440; +0421;CYRILLIC CAPITAL LETTER ES;Lu;0;L;;;;;N;;;;0441; +0422;CYRILLIC CAPITAL LETTER TE;Lu;0;L;;;;;N;;;;0442; +0423;CYRILLIC CAPITAL LETTER U;Lu;0;L;;;;;N;;;;0443; +0424;CYRILLIC CAPITAL LETTER EF;Lu;0;L;;;;;N;;;;0444; +0425;CYRILLIC CAPITAL LETTER HA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KHA;;;0445; +0426;CYRILLIC CAPITAL LETTER TSE;Lu;0;L;;;;;N;;;;0446; +0427;CYRILLIC CAPITAL LETTER CHE;Lu;0;L;;;;;N;;;;0447; +0428;CYRILLIC CAPITAL LETTER SHA;Lu;0;L;;;;;N;;;;0448; +0429;CYRILLIC CAPITAL LETTER SHCHA;Lu;0;L;;;;;N;;;;0449; +042A;CYRILLIC CAPITAL LETTER HARD SIGN;Lu;0;L;;;;;N;;;;044A; +042B;CYRILLIC CAPITAL LETTER YERU;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER YERI;;;044B; +042C;CYRILLIC CAPITAL LETTER SOFT SIGN;Lu;0;L;;;;;N;;;;044C; +042D;CYRILLIC CAPITAL LETTER E;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER REVERSED E;;;044D; +042E;CYRILLIC CAPITAL LETTER YU;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER IU;;;044E; +042F;CYRILLIC CAPITAL LETTER YA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER IA;;;044F; +0430;CYRILLIC SMALL LETTER A;Ll;0;L;;;;;N;;;0410;;0410 +0431;CYRILLIC SMALL LETTER BE;Ll;0;L;;;;;N;;;0411;;0411 +0432;CYRILLIC SMALL LETTER VE;Ll;0;L;;;;;N;;;0412;;0412 +0433;CYRILLIC SMALL LETTER GHE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER GE;;0413;;0413 +0434;CYRILLIC SMALL LETTER DE;Ll;0;L;;;;;N;;;0414;;0414 +0435;CYRILLIC SMALL LETTER IE;Ll;0;L;;;;;N;;;0415;;0415 +0436;CYRILLIC SMALL LETTER ZHE;Ll;0;L;;;;;N;;;0416;;0416 +0437;CYRILLIC SMALL LETTER ZE;Ll;0;L;;;;;N;;;0417;;0417 +0438;CYRILLIC SMALL LETTER I;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER II;;0418;;0418 +0439;CYRILLIC SMALL LETTER SHORT I;Ll;0;L;0438 0306;;;;N;CYRILLIC SMALL LETTER SHORT II;;0419;;0419 +043A;CYRILLIC SMALL LETTER KA;Ll;0;L;;;;;N;;;041A;;041A +043B;CYRILLIC SMALL LETTER EL;Ll;0;L;;;;;N;;;041B;;041B +043C;CYRILLIC SMALL LETTER EM;Ll;0;L;;;;;N;;;041C;;041C +043D;CYRILLIC SMALL LETTER EN;Ll;0;L;;;;;N;;;041D;;041D +043E;CYRILLIC SMALL LETTER O;Ll;0;L;;;;;N;;;041E;;041E +043F;CYRILLIC SMALL LETTER PE;Ll;0;L;;;;;N;;;041F;;041F +0440;CYRILLIC SMALL LETTER ER;Ll;0;L;;;;;N;;;0420;;0420 +0441;CYRILLIC SMALL LETTER ES;Ll;0;L;;;;;N;;;0421;;0421 +0442;CYRILLIC SMALL LETTER TE;Ll;0;L;;;;;N;;;0422;;0422 +0443;CYRILLIC SMALL LETTER U;Ll;0;L;;;;;N;;;0423;;0423 +0444;CYRILLIC SMALL LETTER EF;Ll;0;L;;;;;N;;;0424;;0424 +0445;CYRILLIC SMALL LETTER HA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KHA;;0425;;0425 +0446;CYRILLIC SMALL LETTER TSE;Ll;0;L;;;;;N;;;0426;;0426 +0447;CYRILLIC SMALL LETTER CHE;Ll;0;L;;;;;N;;;0427;;0427 +0448;CYRILLIC SMALL LETTER SHA;Ll;0;L;;;;;N;;;0428;;0428 +0449;CYRILLIC SMALL LETTER SHCHA;Ll;0;L;;;;;N;;;0429;;0429 +044A;CYRILLIC SMALL LETTER HARD SIGN;Ll;0;L;;;;;N;;;042A;;042A +044B;CYRILLIC SMALL LETTER YERU;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER YERI;;042B;;042B +044C;CYRILLIC SMALL LETTER SOFT SIGN;Ll;0;L;;;;;N;;;042C;;042C +044D;CYRILLIC SMALL LETTER E;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER REVERSED E;;042D;;042D +044E;CYRILLIC SMALL LETTER YU;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER IU;;042E;;042E +044F;CYRILLIC SMALL LETTER YA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER IA;;042F;;042F +0450;CYRILLIC SMALL LETTER IE WITH GRAVE;Ll;0;L;0435 0300;;;;N;;;0400;;0400 +0451;CYRILLIC SMALL LETTER IO;Ll;0;L;0435 0308;;;;N;;;0401;;0401 +0452;CYRILLIC SMALL LETTER DJE;Ll;0;L;;;;;N;;Serbocroatian;0402;;0402 +0453;CYRILLIC SMALL LETTER GJE;Ll;0;L;0433 0301;;;;N;;;0403;;0403 +0454;CYRILLIC SMALL LETTER UKRAINIAN IE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER E;;0404;;0404 +0455;CYRILLIC SMALL LETTER DZE;Ll;0;L;;;;;N;;;0405;;0405 +0456;CYRILLIC SMALL LETTER BYELORUSSIAN-UKRAINIAN I;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER I;;0406;;0406 +0457;CYRILLIC SMALL LETTER YI;Ll;0;L;0456 0308;;;;N;;Ukrainian;0407;;0407 +0458;CYRILLIC SMALL LETTER JE;Ll;0;L;;;;;N;;;0408;;0408 +0459;CYRILLIC SMALL LETTER LJE;Ll;0;L;;;;;N;;;0409;;0409 +045A;CYRILLIC SMALL LETTER NJE;Ll;0;L;;;;;N;;;040A;;040A +045B;CYRILLIC SMALL LETTER TSHE;Ll;0;L;;;;;N;;Serbocroatian;040B;;040B +045C;CYRILLIC SMALL LETTER KJE;Ll;0;L;043A 0301;;;;N;;;040C;;040C +045D;CYRILLIC SMALL LETTER I WITH GRAVE;Ll;0;L;0438 0300;;;;N;;;040D;;040D +045E;CYRILLIC SMALL LETTER SHORT U;Ll;0;L;0443 0306;;;;N;;Byelorussian;040E;;040E +045F;CYRILLIC SMALL LETTER DZHE;Ll;0;L;;;;;N;;;040F;;040F +0460;CYRILLIC CAPITAL LETTER OMEGA;Lu;0;L;;;;;N;;;;0461; +0461;CYRILLIC SMALL LETTER OMEGA;Ll;0;L;;;;;N;;;0460;;0460 +0462;CYRILLIC CAPITAL LETTER YAT;Lu;0;L;;;;;N;;;;0463; +0463;CYRILLIC SMALL LETTER YAT;Ll;0;L;;;;;N;;;0462;;0462 +0464;CYRILLIC CAPITAL LETTER IOTIFIED E;Lu;0;L;;;;;N;;;;0465; +0465;CYRILLIC SMALL LETTER IOTIFIED E;Ll;0;L;;;;;N;;;0464;;0464 +0466;CYRILLIC CAPITAL LETTER LITTLE YUS;Lu;0;L;;;;;N;;;;0467; +0467;CYRILLIC SMALL LETTER LITTLE YUS;Ll;0;L;;;;;N;;;0466;;0466 +0468;CYRILLIC CAPITAL LETTER IOTIFIED LITTLE YUS;Lu;0;L;;;;;N;;;;0469; +0469;CYRILLIC SMALL LETTER IOTIFIED LITTLE YUS;Ll;0;L;;;;;N;;;0468;;0468 +046A;CYRILLIC CAPITAL LETTER BIG YUS;Lu;0;L;;;;;N;;;;046B; +046B;CYRILLIC SMALL LETTER BIG YUS;Ll;0;L;;;;;N;;;046A;;046A +046C;CYRILLIC CAPITAL LETTER IOTIFIED BIG YUS;Lu;0;L;;;;;N;;;;046D; +046D;CYRILLIC SMALL LETTER IOTIFIED BIG YUS;Ll;0;L;;;;;N;;;046C;;046C +046E;CYRILLIC CAPITAL LETTER KSI;Lu;0;L;;;;;N;;;;046F; +046F;CYRILLIC SMALL LETTER KSI;Ll;0;L;;;;;N;;;046E;;046E +0470;CYRILLIC CAPITAL LETTER PSI;Lu;0;L;;;;;N;;;;0471; +0471;CYRILLIC SMALL LETTER PSI;Ll;0;L;;;;;N;;;0470;;0470 +0472;CYRILLIC CAPITAL LETTER FITA;Lu;0;L;;;;;N;;;;0473; +0473;CYRILLIC SMALL LETTER FITA;Ll;0;L;;;;;N;;;0472;;0472 +0474;CYRILLIC CAPITAL LETTER IZHITSA;Lu;0;L;;;;;N;;;;0475; +0475;CYRILLIC SMALL LETTER IZHITSA;Ll;0;L;;;;;N;;;0474;;0474 +0476;CYRILLIC CAPITAL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT;Lu;0;L;0474 030F;;;;N;CYRILLIC CAPITAL LETTER IZHITSA DOUBLE GRAVE;;;0477; +0477;CYRILLIC SMALL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT;Ll;0;L;0475 030F;;;;N;CYRILLIC SMALL LETTER IZHITSA DOUBLE GRAVE;;0476;;0476 +0478;CYRILLIC CAPITAL LETTER UK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER UK DIGRAPH;;;0479; +0479;CYRILLIC SMALL LETTER UK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER UK DIGRAPH;;0478;;0478 +047A;CYRILLIC CAPITAL LETTER ROUND OMEGA;Lu;0;L;;;;;N;;;;047B; +047B;CYRILLIC SMALL LETTER ROUND OMEGA;Ll;0;L;;;;;N;;;047A;;047A +047C;CYRILLIC CAPITAL LETTER OMEGA WITH TITLO;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER OMEGA TITLO;;;047D; +047D;CYRILLIC SMALL LETTER OMEGA WITH TITLO;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER OMEGA TITLO;;047C;;047C +047E;CYRILLIC CAPITAL LETTER OT;Lu;0;L;;;;;N;;;;047F; +047F;CYRILLIC SMALL LETTER OT;Ll;0;L;;;;;N;;;047E;;047E +0480;CYRILLIC CAPITAL LETTER KOPPA;Lu;0;L;;;;;N;;;;0481; +0481;CYRILLIC SMALL LETTER KOPPA;Ll;0;L;;;;;N;;;0480;;0480 +0482;CYRILLIC THOUSANDS SIGN;So;0;L;;;;;N;;;;; +0483;COMBINING CYRILLIC TITLO;Mn;230;NSM;;;;;N;CYRILLIC NON-SPACING TITLO;;;; +0484;COMBINING CYRILLIC PALATALIZATION;Mn;230;NSM;;;;;N;CYRILLIC NON-SPACING PALATALIZATION;;;; +0485;COMBINING CYRILLIC DASIA PNEUMATA;Mn;230;NSM;;;;;N;CYRILLIC NON-SPACING DASIA PNEUMATA;;;; +0486;COMBINING CYRILLIC PSILI PNEUMATA;Mn;230;NSM;;;;;N;CYRILLIC NON-SPACING PSILI PNEUMATA;;;; +0488;COMBINING CYRILLIC HUNDRED THOUSANDS SIGN;Me;0;NSM;;;;;N;;;;; +0489;COMBINING CYRILLIC MILLIONS SIGN;Me;0;NSM;;;;;N;;;;; +048A;CYRILLIC CAPITAL LETTER SHORT I WITH TAIL;Lu;0;L;;;;;N;;;;048B; +048B;CYRILLIC SMALL LETTER SHORT I WITH TAIL;Ll;0;L;;;;;N;;;048A;;048A +048C;CYRILLIC CAPITAL LETTER SEMISOFT SIGN;Lu;0;L;;;;;N;;;;048D; +048D;CYRILLIC SMALL LETTER SEMISOFT SIGN;Ll;0;L;;;;;N;;;048C;;048C +048E;CYRILLIC CAPITAL LETTER ER WITH TICK;Lu;0;L;;;;;N;;;;048F; +048F;CYRILLIC SMALL LETTER ER WITH TICK;Ll;0;L;;;;;N;;;048E;;048E +0490;CYRILLIC CAPITAL LETTER GHE WITH UPTURN;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER GE WITH UPTURN;;;0491; +0491;CYRILLIC SMALL LETTER GHE WITH UPTURN;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER GE WITH UPTURN;;0490;;0490 +0492;CYRILLIC CAPITAL LETTER GHE WITH STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER GE BAR;;;0493; +0493;CYRILLIC SMALL LETTER GHE WITH STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER GE BAR;;0492;;0492 +0494;CYRILLIC CAPITAL LETTER GHE WITH MIDDLE HOOK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER GE HOOK;;;0495; +0495;CYRILLIC SMALL LETTER GHE WITH MIDDLE HOOK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER GE HOOK;;0494;;0494 +0496;CYRILLIC CAPITAL LETTER ZHE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER ZHE WITH RIGHT DESCENDER;;;0497; +0497;CYRILLIC SMALL LETTER ZHE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER ZHE WITH RIGHT DESCENDER;;0496;;0496 +0498;CYRILLIC CAPITAL LETTER ZE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER ZE CEDILLA;;;0499; +0499;CYRILLIC SMALL LETTER ZE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER ZE CEDILLA;;0498;;0498 +049A;CYRILLIC CAPITAL LETTER KA WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KA WITH RIGHT DESCENDER;;;049B; +049B;CYRILLIC SMALL LETTER KA WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KA WITH RIGHT DESCENDER;;049A;;049A +049C;CYRILLIC CAPITAL LETTER KA WITH VERTICAL STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KA VERTICAL BAR;;;049D; +049D;CYRILLIC SMALL LETTER KA WITH VERTICAL STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KA VERTICAL BAR;;049C;;049C +049E;CYRILLIC CAPITAL LETTER KA WITH STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KA BAR;;;049F; +049F;CYRILLIC SMALL LETTER KA WITH STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KA BAR;;049E;;049E +04A0;CYRILLIC CAPITAL LETTER BASHKIR KA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER REVERSED GE KA;;;04A1; +04A1;CYRILLIC SMALL LETTER BASHKIR KA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER REVERSED GE KA;;04A0;;04A0 +04A2;CYRILLIC CAPITAL LETTER EN WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER EN WITH RIGHT DESCENDER;;;04A3; +04A3;CYRILLIC SMALL LETTER EN WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER EN WITH RIGHT DESCENDER;;04A2;;04A2 +04A4;CYRILLIC CAPITAL LIGATURE EN GHE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER EN GE;;;04A5; +04A5;CYRILLIC SMALL LIGATURE EN GHE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER EN GE;;04A4;;04A4 +04A6;CYRILLIC CAPITAL LETTER PE WITH MIDDLE HOOK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER PE HOOK;Abkhasian;;04A7; +04A7;CYRILLIC SMALL LETTER PE WITH MIDDLE HOOK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER PE HOOK;Abkhasian;04A6;;04A6 +04A8;CYRILLIC CAPITAL LETTER ABKHASIAN HA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER O HOOK;;;04A9; +04A9;CYRILLIC SMALL LETTER ABKHASIAN HA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER O HOOK;;04A8;;04A8 +04AA;CYRILLIC CAPITAL LETTER ES WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER ES CEDILLA;;;04AB; +04AB;CYRILLIC SMALL LETTER ES WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER ES CEDILLA;;04AA;;04AA +04AC;CYRILLIC CAPITAL LETTER TE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER TE WITH RIGHT DESCENDER;;;04AD; +04AD;CYRILLIC SMALL LETTER TE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER TE WITH RIGHT DESCENDER;;04AC;;04AC +04AE;CYRILLIC CAPITAL LETTER STRAIGHT U;Lu;0;L;;;;;N;;;;04AF; +04AF;CYRILLIC SMALL LETTER STRAIGHT U;Ll;0;L;;;;;N;;;04AE;;04AE +04B0;CYRILLIC CAPITAL LETTER STRAIGHT U WITH STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER STRAIGHT U BAR;;;04B1; +04B1;CYRILLIC SMALL LETTER STRAIGHT U WITH STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER STRAIGHT U BAR;;04B0;;04B0 +04B2;CYRILLIC CAPITAL LETTER HA WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KHA WITH RIGHT DESCENDER;;;04B3; +04B3;CYRILLIC SMALL LETTER HA WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KHA WITH RIGHT DESCENDER;;04B2;;04B2 +04B4;CYRILLIC CAPITAL LIGATURE TE TSE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER TE TSE;Abkhasian;;04B5; +04B5;CYRILLIC SMALL LIGATURE TE TSE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER TE TSE;Abkhasian;04B4;;04B4 +04B6;CYRILLIC CAPITAL LETTER CHE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER CHE WITH RIGHT DESCENDER;;;04B7; +04B7;CYRILLIC SMALL LETTER CHE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER CHE WITH RIGHT DESCENDER;;04B6;;04B6 +04B8;CYRILLIC CAPITAL LETTER CHE WITH VERTICAL STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER CHE VERTICAL BAR;;;04B9; +04B9;CYRILLIC SMALL LETTER CHE WITH VERTICAL STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER CHE VERTICAL BAR;;04B8;;04B8 +04BA;CYRILLIC CAPITAL LETTER SHHA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER H;;;04BB; +04BB;CYRILLIC SMALL LETTER SHHA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER H;;04BA;;04BA +04BC;CYRILLIC CAPITAL LETTER ABKHASIAN CHE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER IE HOOK;;;04BD; +04BD;CYRILLIC SMALL LETTER ABKHASIAN CHE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER IE HOOK;;04BC;;04BC +04BE;CYRILLIC CAPITAL LETTER ABKHASIAN CHE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER IE HOOK OGONEK;;;04BF; +04BF;CYRILLIC SMALL LETTER ABKHASIAN CHE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER IE HOOK OGONEK;;04BE;;04BE +04C0;CYRILLIC LETTER PALOCHKA;Lu;0;L;;;;;N;CYRILLIC LETTER I;;;; +04C1;CYRILLIC CAPITAL LETTER ZHE WITH BREVE;Lu;0;L;0416 0306;;;;N;CYRILLIC CAPITAL LETTER SHORT ZHE;;;04C2; +04C2;CYRILLIC SMALL LETTER ZHE WITH BREVE;Ll;0;L;0436 0306;;;;N;CYRILLIC SMALL LETTER SHORT ZHE;;04C1;;04C1 +04C3;CYRILLIC CAPITAL LETTER KA WITH HOOK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KA HOOK;;;04C4; +04C4;CYRILLIC SMALL LETTER KA WITH HOOK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KA HOOK;;04C3;;04C3 +04C5;CYRILLIC CAPITAL LETTER EL WITH TAIL;Lu;0;L;;;;;N;;;;04C6; +04C6;CYRILLIC SMALL LETTER EL WITH TAIL;Ll;0;L;;;;;N;;;04C5;;04C5 +04C7;CYRILLIC CAPITAL LETTER EN WITH HOOK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER EN HOOK;;;04C8; +04C8;CYRILLIC SMALL LETTER EN WITH HOOK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER EN HOOK;;04C7;;04C7 +04C9;CYRILLIC CAPITAL LETTER EN WITH TAIL;Lu;0;L;;;;;N;;;;04CA; +04CA;CYRILLIC SMALL LETTER EN WITH TAIL;Ll;0;L;;;;;N;;;04C9;;04C9 +04CB;CYRILLIC CAPITAL LETTER KHAKASSIAN CHE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER CHE WITH LEFT DESCENDER;;;04CC; +04CC;CYRILLIC SMALL LETTER KHAKASSIAN CHE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER CHE WITH LEFT DESCENDER;;04CB;;04CB +04CD;CYRILLIC CAPITAL LETTER EM WITH TAIL;Lu;0;L;;;;;N;;;;04CE; +04CE;CYRILLIC SMALL LETTER EM WITH TAIL;Ll;0;L;;;;;N;;;04CD;;04CD +04D0;CYRILLIC CAPITAL LETTER A WITH BREVE;Lu;0;L;0410 0306;;;;N;;;;04D1; +04D1;CYRILLIC SMALL LETTER A WITH BREVE;Ll;0;L;0430 0306;;;;N;;;04D0;;04D0 +04D2;CYRILLIC CAPITAL LETTER A WITH DIAERESIS;Lu;0;L;0410 0308;;;;N;;;;04D3; +04D3;CYRILLIC SMALL LETTER A WITH DIAERESIS;Ll;0;L;0430 0308;;;;N;;;04D2;;04D2 +04D4;CYRILLIC CAPITAL LIGATURE A IE;Lu;0;L;;;;;N;;;;04D5; +04D5;CYRILLIC SMALL LIGATURE A IE;Ll;0;L;;;;;N;;;04D4;;04D4 +04D6;CYRILLIC CAPITAL LETTER IE WITH BREVE;Lu;0;L;0415 0306;;;;N;;;;04D7; +04D7;CYRILLIC SMALL LETTER IE WITH BREVE;Ll;0;L;0435 0306;;;;N;;;04D6;;04D6 +04D8;CYRILLIC CAPITAL LETTER SCHWA;Lu;0;L;;;;;N;;;;04D9; +04D9;CYRILLIC SMALL LETTER SCHWA;Ll;0;L;;;;;N;;;04D8;;04D8 +04DA;CYRILLIC CAPITAL LETTER SCHWA WITH DIAERESIS;Lu;0;L;04D8 0308;;;;N;;;;04DB; +04DB;CYRILLIC SMALL LETTER SCHWA WITH DIAERESIS;Ll;0;L;04D9 0308;;;;N;;;04DA;;04DA +04DC;CYRILLIC CAPITAL LETTER ZHE WITH DIAERESIS;Lu;0;L;0416 0308;;;;N;;;;04DD; +04DD;CYRILLIC SMALL LETTER ZHE WITH DIAERESIS;Ll;0;L;0436 0308;;;;N;;;04DC;;04DC +04DE;CYRILLIC CAPITAL LETTER ZE WITH DIAERESIS;Lu;0;L;0417 0308;;;;N;;;;04DF; +04DF;CYRILLIC SMALL LETTER ZE WITH DIAERESIS;Ll;0;L;0437 0308;;;;N;;;04DE;;04DE +04E0;CYRILLIC CAPITAL LETTER ABKHASIAN DZE;Lu;0;L;;;;;N;;;;04E1; +04E1;CYRILLIC SMALL LETTER ABKHASIAN DZE;Ll;0;L;;;;;N;;;04E0;;04E0 +04E2;CYRILLIC CAPITAL LETTER I WITH MACRON;Lu;0;L;0418 0304;;;;N;;;;04E3; +04E3;CYRILLIC SMALL LETTER I WITH MACRON;Ll;0;L;0438 0304;;;;N;;;04E2;;04E2 +04E4;CYRILLIC CAPITAL LETTER I WITH DIAERESIS;Lu;0;L;0418 0308;;;;N;;;;04E5; +04E5;CYRILLIC SMALL LETTER I WITH DIAERESIS;Ll;0;L;0438 0308;;;;N;;;04E4;;04E4 +04E6;CYRILLIC CAPITAL LETTER O WITH DIAERESIS;Lu;0;L;041E 0308;;;;N;;;;04E7; +04E7;CYRILLIC SMALL LETTER O WITH DIAERESIS;Ll;0;L;043E 0308;;;;N;;;04E6;;04E6 +04E8;CYRILLIC CAPITAL LETTER BARRED O;Lu;0;L;;;;;N;;;;04E9; +04E9;CYRILLIC SMALL LETTER BARRED O;Ll;0;L;;;;;N;;;04E8;;04E8 +04EA;CYRILLIC CAPITAL LETTER BARRED O WITH DIAERESIS;Lu;0;L;04E8 0308;;;;N;;;;04EB; +04EB;CYRILLIC SMALL LETTER BARRED O WITH DIAERESIS;Ll;0;L;04E9 0308;;;;N;;;04EA;;04EA +04EC;CYRILLIC CAPITAL LETTER E WITH DIAERESIS;Lu;0;L;042D 0308;;;;N;;;;04ED; +04ED;CYRILLIC SMALL LETTER E WITH DIAERESIS;Ll;0;L;044D 0308;;;;N;;;04EC;;04EC +04EE;CYRILLIC CAPITAL LETTER U WITH MACRON;Lu;0;L;0423 0304;;;;N;;;;04EF; +04EF;CYRILLIC SMALL LETTER U WITH MACRON;Ll;0;L;0443 0304;;;;N;;;04EE;;04EE +04F0;CYRILLIC CAPITAL LETTER U WITH DIAERESIS;Lu;0;L;0423 0308;;;;N;;;;04F1; +04F1;CYRILLIC SMALL LETTER U WITH DIAERESIS;Ll;0;L;0443 0308;;;;N;;;04F0;;04F0 +04F2;CYRILLIC CAPITAL LETTER U WITH DOUBLE ACUTE;Lu;0;L;0423 030B;;;;N;;;;04F3; +04F3;CYRILLIC SMALL LETTER U WITH DOUBLE ACUTE;Ll;0;L;0443 030B;;;;N;;;04F2;;04F2 +04F4;CYRILLIC CAPITAL LETTER CHE WITH DIAERESIS;Lu;0;L;0427 0308;;;;N;;;;04F5; +04F5;CYRILLIC SMALL LETTER CHE WITH DIAERESIS;Ll;0;L;0447 0308;;;;N;;;04F4;;04F4 +04F8;CYRILLIC CAPITAL LETTER YERU WITH DIAERESIS;Lu;0;L;042B 0308;;;;N;;;;04F9; +04F9;CYRILLIC SMALL LETTER YERU WITH DIAERESIS;Ll;0;L;044B 0308;;;;N;;;04F8;;04F8 +0500;CYRILLIC CAPITAL LETTER KOMI DE;Lu;0;L;;;;;N;;;;0501; +0501;CYRILLIC SMALL LETTER KOMI DE;Ll;0;L;;;;;N;;;0500;;0500 +0502;CYRILLIC CAPITAL LETTER KOMI DJE;Lu;0;L;;;;;N;;;;0503; +0503;CYRILLIC SMALL LETTER KOMI DJE;Ll;0;L;;;;;N;;;0502;;0502 +0504;CYRILLIC CAPITAL LETTER KOMI ZJE;Lu;0;L;;;;;N;;;;0505; +0505;CYRILLIC SMALL LETTER KOMI ZJE;Ll;0;L;;;;;N;;;0504;;0504 +0506;CYRILLIC CAPITAL LETTER KOMI DZJE;Lu;0;L;;;;;N;;;;0507; +0507;CYRILLIC SMALL LETTER KOMI DZJE;Ll;0;L;;;;;N;;;0506;;0506 +0508;CYRILLIC CAPITAL LETTER KOMI LJE;Lu;0;L;;;;;N;;;;0509; +0509;CYRILLIC SMALL LETTER KOMI LJE;Ll;0;L;;;;;N;;;0508;;0508 +050A;CYRILLIC CAPITAL LETTER KOMI NJE;Lu;0;L;;;;;N;;;;050B; +050B;CYRILLIC SMALL LETTER KOMI NJE;Ll;0;L;;;;;N;;;050A;;050A +050C;CYRILLIC CAPITAL LETTER KOMI SJE;Lu;0;L;;;;;N;;;;050D; +050D;CYRILLIC SMALL LETTER KOMI SJE;Ll;0;L;;;;;N;;;050C;;050C +050E;CYRILLIC CAPITAL LETTER KOMI TJE;Lu;0;L;;;;;N;;;;050F; +050F;CYRILLIC SMALL LETTER KOMI TJE;Ll;0;L;;;;;N;;;050E;;050E +0531;ARMENIAN CAPITAL LETTER AYB;Lu;0;L;;;;;N;;;;0561; +0532;ARMENIAN CAPITAL LETTER BEN;Lu;0;L;;;;;N;;;;0562; +0533;ARMENIAN CAPITAL LETTER GIM;Lu;0;L;;;;;N;;;;0563; +0534;ARMENIAN CAPITAL LETTER DA;Lu;0;L;;;;;N;;;;0564; +0535;ARMENIAN CAPITAL LETTER ECH;Lu;0;L;;;;;N;;;;0565; +0536;ARMENIAN CAPITAL LETTER ZA;Lu;0;L;;;;;N;;;;0566; +0537;ARMENIAN CAPITAL LETTER EH;Lu;0;L;;;;;N;;;;0567; +0538;ARMENIAN CAPITAL LETTER ET;Lu;0;L;;;;;N;;;;0568; +0539;ARMENIAN CAPITAL LETTER TO;Lu;0;L;;;;;N;;;;0569; +053A;ARMENIAN CAPITAL LETTER ZHE;Lu;0;L;;;;;N;;;;056A; +053B;ARMENIAN CAPITAL LETTER INI;Lu;0;L;;;;;N;;;;056B; +053C;ARMENIAN CAPITAL LETTER LIWN;Lu;0;L;;;;;N;;;;056C; +053D;ARMENIAN CAPITAL LETTER XEH;Lu;0;L;;;;;N;;;;056D; +053E;ARMENIAN CAPITAL LETTER CA;Lu;0;L;;;;;N;;;;056E; +053F;ARMENIAN CAPITAL LETTER KEN;Lu;0;L;;;;;N;;;;056F; +0540;ARMENIAN CAPITAL LETTER HO;Lu;0;L;;;;;N;;;;0570; +0541;ARMENIAN CAPITAL LETTER JA;Lu;0;L;;;;;N;;;;0571; +0542;ARMENIAN CAPITAL LETTER GHAD;Lu;0;L;;;;;N;ARMENIAN CAPITAL LETTER LAD;;;0572; +0543;ARMENIAN CAPITAL LETTER CHEH;Lu;0;L;;;;;N;;;;0573; +0544;ARMENIAN CAPITAL LETTER MEN;Lu;0;L;;;;;N;;;;0574; +0545;ARMENIAN CAPITAL LETTER YI;Lu;0;L;;;;;N;;;;0575; +0546;ARMENIAN CAPITAL LETTER NOW;Lu;0;L;;;;;N;;;;0576; +0547;ARMENIAN CAPITAL LETTER SHA;Lu;0;L;;;;;N;;;;0577; +0548;ARMENIAN CAPITAL LETTER VO;Lu;0;L;;;;;N;;;;0578; +0549;ARMENIAN CAPITAL LETTER CHA;Lu;0;L;;;;;N;;;;0579; +054A;ARMENIAN CAPITAL LETTER PEH;Lu;0;L;;;;;N;;;;057A; +054B;ARMENIAN CAPITAL LETTER JHEH;Lu;0;L;;;;;N;;;;057B; +054C;ARMENIAN CAPITAL LETTER RA;Lu;0;L;;;;;N;;;;057C; +054D;ARMENIAN CAPITAL LETTER SEH;Lu;0;L;;;;;N;;;;057D; +054E;ARMENIAN CAPITAL LETTER VEW;Lu;0;L;;;;;N;;;;057E; +054F;ARMENIAN CAPITAL LETTER TIWN;Lu;0;L;;;;;N;;;;057F; +0550;ARMENIAN CAPITAL LETTER REH;Lu;0;L;;;;;N;;;;0580; +0551;ARMENIAN CAPITAL LETTER CO;Lu;0;L;;;;;N;;;;0581; +0552;ARMENIAN CAPITAL LETTER YIWN;Lu;0;L;;;;;N;;;;0582; +0553;ARMENIAN CAPITAL LETTER PIWR;Lu;0;L;;;;;N;;;;0583; +0554;ARMENIAN CAPITAL LETTER KEH;Lu;0;L;;;;;N;;;;0584; +0555;ARMENIAN CAPITAL LETTER OH;Lu;0;L;;;;;N;;;;0585; +0556;ARMENIAN CAPITAL LETTER FEH;Lu;0;L;;;;;N;;;;0586; +0559;ARMENIAN MODIFIER LETTER LEFT HALF RING;Lm;0;L;;;;;N;;;;; +055A;ARMENIAN APOSTROPHE;Po;0;L;;;;;N;ARMENIAN MODIFIER LETTER RIGHT HALF RING;;;; +055B;ARMENIAN EMPHASIS MARK;Po;0;L;;;;;N;;;;; +055C;ARMENIAN EXCLAMATION MARK;Po;0;L;;;;;N;;;;; +055D;ARMENIAN COMMA;Po;0;L;;;;;N;;;;; +055E;ARMENIAN QUESTION MARK;Po;0;L;;;;;N;;;;; +055F;ARMENIAN ABBREVIATION MARK;Po;0;L;;;;;N;;;;; +0561;ARMENIAN SMALL LETTER AYB;Ll;0;L;;;;;N;;;0531;;0531 +0562;ARMENIAN SMALL LETTER BEN;Ll;0;L;;;;;N;;;0532;;0532 +0563;ARMENIAN SMALL LETTER GIM;Ll;0;L;;;;;N;;;0533;;0533 +0564;ARMENIAN SMALL LETTER DA;Ll;0;L;;;;;N;;;0534;;0534 +0565;ARMENIAN SMALL LETTER ECH;Ll;0;L;;;;;N;;;0535;;0535 +0566;ARMENIAN SMALL LETTER ZA;Ll;0;L;;;;;N;;;0536;;0536 +0567;ARMENIAN SMALL LETTER EH;Ll;0;L;;;;;N;;;0537;;0537 +0568;ARMENIAN SMALL LETTER ET;Ll;0;L;;;;;N;;;0538;;0538 +0569;ARMENIAN SMALL LETTER TO;Ll;0;L;;;;;N;;;0539;;0539 +056A;ARMENIAN SMALL LETTER ZHE;Ll;0;L;;;;;N;;;053A;;053A +056B;ARMENIAN SMALL LETTER INI;Ll;0;L;;;;;N;;;053B;;053B +056C;ARMENIAN SMALL LETTER LIWN;Ll;0;L;;;;;N;;;053C;;053C +056D;ARMENIAN SMALL LETTER XEH;Ll;0;L;;;;;N;;;053D;;053D +056E;ARMENIAN SMALL LETTER CA;Ll;0;L;;;;;N;;;053E;;053E +056F;ARMENIAN SMALL LETTER KEN;Ll;0;L;;;;;N;;;053F;;053F +0570;ARMENIAN SMALL LETTER HO;Ll;0;L;;;;;N;;;0540;;0540 +0571;ARMENIAN SMALL LETTER JA;Ll;0;L;;;;;N;;;0541;;0541 +0572;ARMENIAN SMALL LETTER GHAD;Ll;0;L;;;;;N;ARMENIAN SMALL LETTER LAD;;0542;;0542 +0573;ARMENIAN SMALL LETTER CHEH;Ll;0;L;;;;;N;;;0543;;0543 +0574;ARMENIAN SMALL LETTER MEN;Ll;0;L;;;;;N;;;0544;;0544 +0575;ARMENIAN SMALL LETTER YI;Ll;0;L;;;;;N;;;0545;;0545 +0576;ARMENIAN SMALL LETTER NOW;Ll;0;L;;;;;N;;;0546;;0546 +0577;ARMENIAN SMALL LETTER SHA;Ll;0;L;;;;;N;;;0547;;0547 +0578;ARMENIAN SMALL LETTER VO;Ll;0;L;;;;;N;;;0548;;0548 +0579;ARMENIAN SMALL LETTER CHA;Ll;0;L;;;;;N;;;0549;;0549 +057A;ARMENIAN SMALL LETTER PEH;Ll;0;L;;;;;N;;;054A;;054A +057B;ARMENIAN SMALL LETTER JHEH;Ll;0;L;;;;;N;;;054B;;054B +057C;ARMENIAN SMALL LETTER RA;Ll;0;L;;;;;N;;;054C;;054C +057D;ARMENIAN SMALL LETTER SEH;Ll;0;L;;;;;N;;;054D;;054D +057E;ARMENIAN SMALL LETTER VEW;Ll;0;L;;;;;N;;;054E;;054E +057F;ARMENIAN SMALL LETTER TIWN;Ll;0;L;;;;;N;;;054F;;054F +0580;ARMENIAN SMALL LETTER REH;Ll;0;L;;;;;N;;;0550;;0550 +0581;ARMENIAN SMALL LETTER CO;Ll;0;L;;;;;N;;;0551;;0551 +0582;ARMENIAN SMALL LETTER YIWN;Ll;0;L;;;;;N;;;0552;;0552 +0583;ARMENIAN SMALL LETTER PIWR;Ll;0;L;;;;;N;;;0553;;0553 +0584;ARMENIAN SMALL LETTER KEH;Ll;0;L;;;;;N;;;0554;;0554 +0585;ARMENIAN SMALL LETTER OH;Ll;0;L;;;;;N;;;0555;;0555 +0586;ARMENIAN SMALL LETTER FEH;Ll;0;L;;;;;N;;;0556;;0556 +0587;ARMENIAN SMALL LIGATURE ECH YIWN;Ll;0;L; 0565 0582;;;;N;;;;; +0589;ARMENIAN FULL STOP;Po;0;L;;;;;N;ARMENIAN PERIOD;;;; +058A;ARMENIAN HYPHEN;Pd;0;ON;;;;;N;;;;; +0591;HEBREW ACCENT ETNAHTA;Mn;220;NSM;;;;;N;;;;; +0592;HEBREW ACCENT SEGOL;Mn;230;NSM;;;;;N;;;;; +0593;HEBREW ACCENT SHALSHELET;Mn;230;NSM;;;;;N;;;;; +0594;HEBREW ACCENT ZAQEF QATAN;Mn;230;NSM;;;;;N;;;;; +0595;HEBREW ACCENT ZAQEF GADOL;Mn;230;NSM;;;;;N;;;;; +0596;HEBREW ACCENT TIPEHA;Mn;220;NSM;;;;;N;;*;;; +0597;HEBREW ACCENT REVIA;Mn;230;NSM;;;;;N;;;;; +0598;HEBREW ACCENT ZARQA;Mn;230;NSM;;;;;N;;*;;; +0599;HEBREW ACCENT PASHTA;Mn;230;NSM;;;;;N;;;;; +059A;HEBREW ACCENT YETIV;Mn;222;NSM;;;;;N;;;;; +059B;HEBREW ACCENT TEVIR;Mn;220;NSM;;;;;N;;;;; +059C;HEBREW ACCENT GERESH;Mn;230;NSM;;;;;N;;;;; +059D;HEBREW ACCENT GERESH MUQDAM;Mn;230;NSM;;;;;N;;;;; +059E;HEBREW ACCENT GERSHAYIM;Mn;230;NSM;;;;;N;;;;; +059F;HEBREW ACCENT QARNEY PARA;Mn;230;NSM;;;;;N;;;;; +05A0;HEBREW ACCENT TELISHA GEDOLA;Mn;230;NSM;;;;;N;;;;; +05A1;HEBREW ACCENT PAZER;Mn;230;NSM;;;;;N;;;;; +05A3;HEBREW ACCENT MUNAH;Mn;220;NSM;;;;;N;;;;; +05A4;HEBREW ACCENT MAHAPAKH;Mn;220;NSM;;;;;N;;;;; +05A5;HEBREW ACCENT MERKHA;Mn;220;NSM;;;;;N;;*;;; +05A6;HEBREW ACCENT MERKHA KEFULA;Mn;220;NSM;;;;;N;;;;; +05A7;HEBREW ACCENT DARGA;Mn;220;NSM;;;;;N;;;;; +05A8;HEBREW ACCENT QADMA;Mn;230;NSM;;;;;N;;*;;; +05A9;HEBREW ACCENT TELISHA QETANA;Mn;230;NSM;;;;;N;;;;; +05AA;HEBREW ACCENT YERAH BEN YOMO;Mn;220;NSM;;;;;N;;*;;; +05AB;HEBREW ACCENT OLE;Mn;230;NSM;;;;;N;;;;; +05AC;HEBREW ACCENT ILUY;Mn;230;NSM;;;;;N;;;;; +05AD;HEBREW ACCENT DEHI;Mn;222;NSM;;;;;N;;;;; +05AE;HEBREW ACCENT ZINOR;Mn;228;NSM;;;;;N;;;;; +05AF;HEBREW MARK MASORA CIRCLE;Mn;230;NSM;;;;;N;;;;; +05B0;HEBREW POINT SHEVA;Mn;10;NSM;;;;;N;;;;; +05B1;HEBREW POINT HATAF SEGOL;Mn;11;NSM;;;;;N;;;;; +05B2;HEBREW POINT HATAF PATAH;Mn;12;NSM;;;;;N;;;;; +05B3;HEBREW POINT HATAF QAMATS;Mn;13;NSM;;;;;N;;;;; +05B4;HEBREW POINT HIRIQ;Mn;14;NSM;;;;;N;;;;; +05B5;HEBREW POINT TSERE;Mn;15;NSM;;;;;N;;;;; +05B6;HEBREW POINT SEGOL;Mn;16;NSM;;;;;N;;;;; +05B7;HEBREW POINT PATAH;Mn;17;NSM;;;;;N;;;;; +05B8;HEBREW POINT QAMATS;Mn;18;NSM;;;;;N;;;;; +05B9;HEBREW POINT HOLAM;Mn;19;NSM;;;;;N;;;;; +05BB;HEBREW POINT QUBUTS;Mn;20;NSM;;;;;N;;;;; +05BC;HEBREW POINT DAGESH OR MAPIQ;Mn;21;NSM;;;;;N;HEBREW POINT DAGESH;or shuruq;;; +05BD;HEBREW POINT METEG;Mn;22;NSM;;;;;N;;*;;; +05BE;HEBREW PUNCTUATION MAQAF;Po;0;R;;;;;N;;;;; +05BF;HEBREW POINT RAFE;Mn;23;NSM;;;;;N;;;;; +05C0;HEBREW PUNCTUATION PASEQ;Po;0;R;;;;;N;HEBREW POINT PASEQ;*;;; +05C1;HEBREW POINT SHIN DOT;Mn;24;NSM;;;;;N;;;;; +05C2;HEBREW POINT SIN DOT;Mn;25;NSM;;;;;N;;;;; +05C3;HEBREW PUNCTUATION SOF PASUQ;Po;0;R;;;;;N;;*;;; +05C4;HEBREW MARK UPPER DOT;Mn;230;NSM;;;;;N;;;;; +05D0;HEBREW LETTER ALEF;Lo;0;R;;;;;N;;;;; +05D1;HEBREW LETTER BET;Lo;0;R;;;;;N;;;;; +05D2;HEBREW LETTER GIMEL;Lo;0;R;;;;;N;;;;; +05D3;HEBREW LETTER DALET;Lo;0;R;;;;;N;;;;; +05D4;HEBREW LETTER HE;Lo;0;R;;;;;N;;;;; +05D5;HEBREW LETTER VAV;Lo;0;R;;;;;N;;;;; +05D6;HEBREW LETTER ZAYIN;Lo;0;R;;;;;N;;;;; +05D7;HEBREW LETTER HET;Lo;0;R;;;;;N;;;;; +05D8;HEBREW LETTER TET;Lo;0;R;;;;;N;;;;; +05D9;HEBREW LETTER YOD;Lo;0;R;;;;;N;;;;; +05DA;HEBREW LETTER FINAL KAF;Lo;0;R;;;;;N;;;;; +05DB;HEBREW LETTER KAF;Lo;0;R;;;;;N;;;;; +05DC;HEBREW LETTER LAMED;Lo;0;R;;;;;N;;;;; +05DD;HEBREW LETTER FINAL MEM;Lo;0;R;;;;;N;;;;; +05DE;HEBREW LETTER MEM;Lo;0;R;;;;;N;;;;; +05DF;HEBREW LETTER FINAL NUN;Lo;0;R;;;;;N;;;;; +05E0;HEBREW LETTER NUN;Lo;0;R;;;;;N;;;;; +05E1;HEBREW LETTER SAMEKH;Lo;0;R;;;;;N;;;;; +05E2;HEBREW LETTER AYIN;Lo;0;R;;;;;N;;;;; +05E3;HEBREW LETTER FINAL PE;Lo;0;R;;;;;N;;;;; +05E4;HEBREW LETTER PE;Lo;0;R;;;;;N;;;;; +05E5;HEBREW LETTER FINAL TSADI;Lo;0;R;;;;;N;;;;; +05E6;HEBREW LETTER TSADI;Lo;0;R;;;;;N;;;;; +05E7;HEBREW LETTER QOF;Lo;0;R;;;;;N;;;;; +05E8;HEBREW LETTER RESH;Lo;0;R;;;;;N;;;;; +05E9;HEBREW LETTER SHIN;Lo;0;R;;;;;N;;;;; +05EA;HEBREW LETTER TAV;Lo;0;R;;;;;N;;;;; +05F0;HEBREW LIGATURE YIDDISH DOUBLE VAV;Lo;0;R;;;;;N;HEBREW LETTER DOUBLE VAV;;;; +05F1;HEBREW LIGATURE YIDDISH VAV YOD;Lo;0;R;;;;;N;HEBREW LETTER VAV YOD;;;; +05F2;HEBREW LIGATURE YIDDISH DOUBLE YOD;Lo;0;R;;;;;N;HEBREW LETTER DOUBLE YOD;;;; +05F3;HEBREW PUNCTUATION GERESH;Po;0;R;;;;;N;;;;; +05F4;HEBREW PUNCTUATION GERSHAYIM;Po;0;R;;;;;N;;;;; +0600;ARABIC NUMBER SIGN;Cf;0;AL;;;;;N;;;;; +0601;ARABIC SIGN SANAH;Cf;0;AL;;;;;N;;;;; +0602;ARABIC FOOTNOTE MARKER;Cf;0;AL;;;;;N;;;;; +0603;ARABIC SIGN SAFHA;Cf;0;AL;;;;;N;;;;; +060C;ARABIC COMMA;Po;0;CS;;;;;N;;;;; +060D;ARABIC DATE SEPARATOR;Po;0;AL;;;;;N;;;;; +060E;ARABIC POETIC VERSE SIGN;So;0;ON;;;;;N;;;;; +060F;ARABIC SIGN MISRA;So;0;ON;;;;;N;;;;; +0610;ARABIC SIGN SALLALLAHOU ALAYHE WASSALLAM;Mn;230;NSM;;;;;N;;;;; +0611;ARABIC SIGN ALAYHE ASSALLAM;Mn;230;NSM;;;;;N;;;;; +0612;ARABIC SIGN RAHMATULLAH ALAYHE;Mn;230;NSM;;;;;N;;;;; +0613;ARABIC SIGN RADI ALLAHOU ANHU;Mn;230;NSM;;;;;N;;;;; +0614;ARABIC SIGN TAKHALLUS;Mn;230;NSM;;;;;N;;;;; +0615;ARABIC SMALL HIGH TAH;Mn;230;NSM;;;;;N;;;;; +061B;ARABIC SEMICOLON;Po;0;AL;;;;;N;;;;; +061F;ARABIC QUESTION MARK;Po;0;AL;;;;;N;;;;; +0621;ARABIC LETTER HAMZA;Lo;0;AL;;;;;N;ARABIC LETTER HAMZAH;;;; +0622;ARABIC LETTER ALEF WITH MADDA ABOVE;Lo;0;AL;0627 0653;;;;N;ARABIC LETTER MADDAH ON ALEF;;;; +0623;ARABIC LETTER ALEF WITH HAMZA ABOVE;Lo;0;AL;0627 0654;;;;N;ARABIC LETTER HAMZAH ON ALEF;;;; +0624;ARABIC LETTER WAW WITH HAMZA ABOVE;Lo;0;AL;0648 0654;;;;N;ARABIC LETTER HAMZAH ON WAW;;;; +0625;ARABIC LETTER ALEF WITH HAMZA BELOW;Lo;0;AL;0627 0655;;;;N;ARABIC LETTER HAMZAH UNDER ALEF;;;; +0626;ARABIC LETTER YEH WITH HAMZA ABOVE;Lo;0;AL;064A 0654;;;;N;ARABIC LETTER HAMZAH ON YA;;;; +0627;ARABIC LETTER ALEF;Lo;0;AL;;;;;N;;;;; +0628;ARABIC LETTER BEH;Lo;0;AL;;;;;N;ARABIC LETTER BAA;;;; +0629;ARABIC LETTER TEH MARBUTA;Lo;0;AL;;;;;N;ARABIC LETTER TAA MARBUTAH;;;; +062A;ARABIC LETTER TEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA;;;; +062B;ARABIC LETTER THEH;Lo;0;AL;;;;;N;ARABIC LETTER THAA;;;; +062C;ARABIC LETTER JEEM;Lo;0;AL;;;;;N;;;;; +062D;ARABIC LETTER HAH;Lo;0;AL;;;;;N;ARABIC LETTER HAA;;;; +062E;ARABIC LETTER KHAH;Lo;0;AL;;;;;N;ARABIC LETTER KHAA;;;; +062F;ARABIC LETTER DAL;Lo;0;AL;;;;;N;;;;; +0630;ARABIC LETTER THAL;Lo;0;AL;;;;;N;;;;; +0631;ARABIC LETTER REH;Lo;0;AL;;;;;N;ARABIC LETTER RA;;;; +0632;ARABIC LETTER ZAIN;Lo;0;AL;;;;;N;;;;; +0633;ARABIC LETTER SEEN;Lo;0;AL;;;;;N;;;;; +0634;ARABIC LETTER SHEEN;Lo;0;AL;;;;;N;;;;; +0635;ARABIC LETTER SAD;Lo;0;AL;;;;;N;;;;; +0636;ARABIC LETTER DAD;Lo;0;AL;;;;;N;;;;; +0637;ARABIC LETTER TAH;Lo;0;AL;;;;;N;;;;; +0638;ARABIC LETTER ZAH;Lo;0;AL;;;;;N;ARABIC LETTER DHAH;;;; +0639;ARABIC LETTER AIN;Lo;0;AL;;;;;N;;;;; +063A;ARABIC LETTER GHAIN;Lo;0;AL;;;;;N;;;;; +0640;ARABIC TATWEEL;Lm;0;AL;;;;;N;;;;; +0641;ARABIC LETTER FEH;Lo;0;AL;;;;;N;ARABIC LETTER FA;;;; +0642;ARABIC LETTER QAF;Lo;0;AL;;;;;N;;;;; +0643;ARABIC LETTER KAF;Lo;0;AL;;;;;N;ARABIC LETTER CAF;;;; +0644;ARABIC LETTER LAM;Lo;0;AL;;;;;N;;;;; +0645;ARABIC LETTER MEEM;Lo;0;AL;;;;;N;;;;; +0646;ARABIC LETTER NOON;Lo;0;AL;;;;;N;;;;; +0647;ARABIC LETTER HEH;Lo;0;AL;;;;;N;ARABIC LETTER HA;;;; +0648;ARABIC LETTER WAW;Lo;0;AL;;;;;N;;;;; +0649;ARABIC LETTER ALEF MAKSURA;Lo;0;AL;;;;;N;ARABIC LETTER ALEF MAQSURAH;;;; +064A;ARABIC LETTER YEH;Lo;0;AL;;;;;N;ARABIC LETTER YA;;;; +064B;ARABIC FATHATAN;Mn;27;NSM;;;;;N;;;;; +064C;ARABIC DAMMATAN;Mn;28;NSM;;;;;N;;;;; +064D;ARABIC KASRATAN;Mn;29;NSM;;;;;N;;;;; +064E;ARABIC FATHA;Mn;30;NSM;;;;;N;ARABIC FATHAH;;;; +064F;ARABIC DAMMA;Mn;31;NSM;;;;;N;ARABIC DAMMAH;;;; +0650;ARABIC KASRA;Mn;32;NSM;;;;;N;ARABIC KASRAH;;;; +0651;ARABIC SHADDA;Mn;33;NSM;;;;;N;ARABIC SHADDAH;;;; +0652;ARABIC SUKUN;Mn;34;NSM;;;;;N;;;;; +0653;ARABIC MADDAH ABOVE;Mn;230;NSM;;;;;N;;;;; +0654;ARABIC HAMZA ABOVE;Mn;230;NSM;;;;;N;;;;; +0655;ARABIC HAMZA BELOW;Mn;220;NSM;;;;;N;;;;; +0656;ARABIC SUBSCRIPT ALEF;Mn;220;NSM;;;;;N;;;;; +0657;ARABIC INVERTED DAMMA;Mn;230;NSM;;;;;N;;;;; +0658;ARABIC MARK NOON GHUNNA;Mn;230;NSM;;;;;N;;;;; +0660;ARABIC-INDIC DIGIT ZERO;Nd;0;AN;;0;0;0;N;;;;; +0661;ARABIC-INDIC DIGIT ONE;Nd;0;AN;;1;1;1;N;;;;; +0662;ARABIC-INDIC DIGIT TWO;Nd;0;AN;;2;2;2;N;;;;; +0663;ARABIC-INDIC DIGIT THREE;Nd;0;AN;;3;3;3;N;;;;; +0664;ARABIC-INDIC DIGIT FOUR;Nd;0;AN;;4;4;4;N;;;;; +0665;ARABIC-INDIC DIGIT FIVE;Nd;0;AN;;5;5;5;N;;;;; +0666;ARABIC-INDIC DIGIT SIX;Nd;0;AN;;6;6;6;N;;;;; +0667;ARABIC-INDIC DIGIT SEVEN;Nd;0;AN;;7;7;7;N;;;;; +0668;ARABIC-INDIC DIGIT EIGHT;Nd;0;AN;;8;8;8;N;;;;; +0669;ARABIC-INDIC DIGIT NINE;Nd;0;AN;;9;9;9;N;;;;; +066A;ARABIC PERCENT SIGN;Po;0;ET;;;;;N;;;;; +066B;ARABIC DECIMAL SEPARATOR;Po;0;AN;;;;;N;;;;; +066C;ARABIC THOUSANDS SEPARATOR;Po;0;AN;;;;;N;;;;; +066D;ARABIC FIVE POINTED STAR;Po;0;AL;;;;;N;;;;; +066E;ARABIC LETTER DOTLESS BEH;Lo;0;AL;;;;;N;;;;; +066F;ARABIC LETTER DOTLESS QAF;Lo;0;AL;;;;;N;;;;; +0670;ARABIC LETTER SUPERSCRIPT ALEF;Mn;35;NSM;;;;;N;ARABIC ALEF ABOVE;;;; +0671;ARABIC LETTER ALEF WASLA;Lo;0;AL;;;;;N;ARABIC LETTER HAMZAT WASL ON ALEF;;;; +0672;ARABIC LETTER ALEF WITH WAVY HAMZA ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER WAVY HAMZAH ON ALEF;;;; +0673;ARABIC LETTER ALEF WITH WAVY HAMZA BELOW;Lo;0;AL;;;;;N;ARABIC LETTER WAVY HAMZAH UNDER ALEF;;;; +0674;ARABIC LETTER HIGH HAMZA;Lo;0;AL;;;;;N;ARABIC LETTER HIGH HAMZAH;;;; +0675;ARABIC LETTER HIGH HAMZA ALEF;Lo;0;AL; 0627 0674;;;;N;ARABIC LETTER HIGH HAMZAH ALEF;;;; +0676;ARABIC LETTER HIGH HAMZA WAW;Lo;0;AL; 0648 0674;;;;N;ARABIC LETTER HIGH HAMZAH WAW;;;; +0677;ARABIC LETTER U WITH HAMZA ABOVE;Lo;0;AL; 06C7 0674;;;;N;ARABIC LETTER HIGH HAMZAH WAW WITH DAMMAH;;;; +0678;ARABIC LETTER HIGH HAMZA YEH;Lo;0;AL; 064A 0674;;;;N;ARABIC LETTER HIGH HAMZAH YA;;;; +0679;ARABIC LETTER TTEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH SMALL TAH;;;; +067A;ARABIC LETTER TTEHEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH TWO DOTS VERTICAL ABOVE;;;; +067B;ARABIC LETTER BEEH;Lo;0;AL;;;;;N;ARABIC LETTER BAA WITH TWO DOTS VERTICAL BELOW;;;; +067C;ARABIC LETTER TEH WITH RING;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH RING;;;; +067D;ARABIC LETTER TEH WITH THREE DOTS ABOVE DOWNWARDS;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH THREE DOTS ABOVE DOWNWARD;;;; +067E;ARABIC LETTER PEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH THREE DOTS BELOW;;;; +067F;ARABIC LETTER TEHEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH FOUR DOTS ABOVE;;;; +0680;ARABIC LETTER BEHEH;Lo;0;AL;;;;;N;ARABIC LETTER BAA WITH FOUR DOTS BELOW;;;; +0681;ARABIC LETTER HAH WITH HAMZA ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER HAMZAH ON HAA;;;; +0682;ARABIC LETTER HAH WITH TWO DOTS VERTICAL ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH TWO DOTS VERTICAL ABOVE;;;; +0683;ARABIC LETTER NYEH;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH MIDDLE TWO DOTS;;;; +0684;ARABIC LETTER DYEH;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH MIDDLE TWO DOTS VERTICAL;;;; +0685;ARABIC LETTER HAH WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH THREE DOTS ABOVE;;;; +0686;ARABIC LETTER TCHEH;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH MIDDLE THREE DOTS DOWNWARD;;;; +0687;ARABIC LETTER TCHEHEH;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH MIDDLE FOUR DOTS;;;; +0688;ARABIC LETTER DDAL;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH SMALL TAH;;;; +0689;ARABIC LETTER DAL WITH RING;Lo;0;AL;;;;;N;;;;; +068A;ARABIC LETTER DAL WITH DOT BELOW;Lo;0;AL;;;;;N;;;;; +068B;ARABIC LETTER DAL WITH DOT BELOW AND SMALL TAH;Lo;0;AL;;;;;N;;;;; +068C;ARABIC LETTER DAHAL;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH TWO DOTS ABOVE;;;; +068D;ARABIC LETTER DDAHAL;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH TWO DOTS BELOW;;;; +068E;ARABIC LETTER DUL;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH THREE DOTS ABOVE;;;; +068F;ARABIC LETTER DAL WITH THREE DOTS ABOVE DOWNWARDS;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH THREE DOTS ABOVE DOWNWARD;;;; +0690;ARABIC LETTER DAL WITH FOUR DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +0691;ARABIC LETTER RREH;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH SMALL TAH;;;; +0692;ARABIC LETTER REH WITH SMALL V;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH SMALL V;;;; +0693;ARABIC LETTER REH WITH RING;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH RING;;;; +0694;ARABIC LETTER REH WITH DOT BELOW;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH DOT BELOW;;;; +0695;ARABIC LETTER REH WITH SMALL V BELOW;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH SMALL V BELOW;;;; +0696;ARABIC LETTER REH WITH DOT BELOW AND DOT ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH DOT BELOW AND DOT ABOVE;;;; +0697;ARABIC LETTER REH WITH TWO DOTS ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH TWO DOTS ABOVE;;;; +0698;ARABIC LETTER JEH;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH THREE DOTS ABOVE;;;; +0699;ARABIC LETTER REH WITH FOUR DOTS ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH FOUR DOTS ABOVE;;;; +069A;ARABIC LETTER SEEN WITH DOT BELOW AND DOT ABOVE;Lo;0;AL;;;;;N;;;;; +069B;ARABIC LETTER SEEN WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;;;;; +069C;ARABIC LETTER SEEN WITH THREE DOTS BELOW AND THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +069D;ARABIC LETTER SAD WITH TWO DOTS BELOW;Lo;0;AL;;;;;N;;;;; +069E;ARABIC LETTER SAD WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +069F;ARABIC LETTER TAH WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +06A0;ARABIC LETTER AIN WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +06A1;ARABIC LETTER DOTLESS FEH;Lo;0;AL;;;;;N;ARABIC LETTER DOTLESS FA;;;; +06A2;ARABIC LETTER FEH WITH DOT MOVED BELOW;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH DOT MOVED BELOW;;;; +06A3;ARABIC LETTER FEH WITH DOT BELOW;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH DOT BELOW;;;; +06A4;ARABIC LETTER VEH;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH THREE DOTS ABOVE;;;; +06A5;ARABIC LETTER FEH WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH THREE DOTS BELOW;;;; +06A6;ARABIC LETTER PEHEH;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH FOUR DOTS ABOVE;;;; +06A7;ARABIC LETTER QAF WITH DOT ABOVE;Lo;0;AL;;;;;N;;;;; +06A8;ARABIC LETTER QAF WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +06A9;ARABIC LETTER KEHEH;Lo;0;AL;;;;;N;ARABIC LETTER OPEN CAF;;;; +06AA;ARABIC LETTER SWASH KAF;Lo;0;AL;;;;;N;ARABIC LETTER SWASH CAF;;;; +06AB;ARABIC LETTER KAF WITH RING;Lo;0;AL;;;;;N;ARABIC LETTER CAF WITH RING;;;; +06AC;ARABIC LETTER KAF WITH DOT ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER CAF WITH DOT ABOVE;;;; +06AD;ARABIC LETTER NG;Lo;0;AL;;;;;N;ARABIC LETTER CAF WITH THREE DOTS ABOVE;;;; +06AE;ARABIC LETTER KAF WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;ARABIC LETTER CAF WITH THREE DOTS BELOW;;;; +06AF;ARABIC LETTER GAF;Lo;0;AL;;;;;N;;*;;; +06B0;ARABIC LETTER GAF WITH RING;Lo;0;AL;;;;;N;;;;; +06B1;ARABIC LETTER NGOEH;Lo;0;AL;;;;;N;ARABIC LETTER GAF WITH TWO DOTS ABOVE;;;; +06B2;ARABIC LETTER GAF WITH TWO DOTS BELOW;Lo;0;AL;;;;;N;;;;; +06B3;ARABIC LETTER GUEH;Lo;0;AL;;;;;N;ARABIC LETTER GAF WITH TWO DOTS VERTICAL BELOW;;;; +06B4;ARABIC LETTER GAF WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +06B5;ARABIC LETTER LAM WITH SMALL V;Lo;0;AL;;;;;N;;;;; +06B6;ARABIC LETTER LAM WITH DOT ABOVE;Lo;0;AL;;;;;N;;;;; +06B7;ARABIC LETTER LAM WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +06B8;ARABIC LETTER LAM WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;;;;; +06B9;ARABIC LETTER NOON WITH DOT BELOW;Lo;0;AL;;;;;N;;;;; +06BA;ARABIC LETTER NOON GHUNNA;Lo;0;AL;;;;;N;ARABIC LETTER DOTLESS NOON;;;; +06BB;ARABIC LETTER RNOON;Lo;0;AL;;;;;N;ARABIC LETTER DOTLESS NOON WITH SMALL TAH;;;; +06BC;ARABIC LETTER NOON WITH RING;Lo;0;AL;;;;;N;;;;; +06BD;ARABIC LETTER NOON WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +06BE;ARABIC LETTER HEH DOACHASHMEE;Lo;0;AL;;;;;N;ARABIC LETTER KNOTTED HA;;;; +06BF;ARABIC LETTER TCHEH WITH DOT ABOVE;Lo;0;AL;;;;;N;;;;; +06C0;ARABIC LETTER HEH WITH YEH ABOVE;Lo;0;AL;06D5 0654;;;;N;ARABIC LETTER HAMZAH ON HA;;;; +06C1;ARABIC LETTER HEH GOAL;Lo;0;AL;;;;;N;ARABIC LETTER HA GOAL;;;; +06C2;ARABIC LETTER HEH GOAL WITH HAMZA ABOVE;Lo;0;AL;06C1 0654;;;;N;ARABIC LETTER HAMZAH ON HA GOAL;;;; +06C3;ARABIC LETTER TEH MARBUTA GOAL;Lo;0;AL;;;;;N;ARABIC LETTER TAA MARBUTAH GOAL;;;; +06C4;ARABIC LETTER WAW WITH RING;Lo;0;AL;;;;;N;;;;; +06C5;ARABIC LETTER KIRGHIZ OE;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH BAR;;;; +06C6;ARABIC LETTER OE;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH SMALL V;;;; +06C7;ARABIC LETTER U;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH DAMMAH;;;; +06C8;ARABIC LETTER YU;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH ALEF ABOVE;;;; +06C9;ARABIC LETTER KIRGHIZ YU;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH INVERTED SMALL V;;;; +06CA;ARABIC LETTER WAW WITH TWO DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +06CB;ARABIC LETTER VE;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH THREE DOTS ABOVE;;;; +06CC;ARABIC LETTER FARSI YEH;Lo;0;AL;;;;;N;ARABIC LETTER DOTLESS YA;;;; +06CD;ARABIC LETTER YEH WITH TAIL;Lo;0;AL;;;;;N;ARABIC LETTER YA WITH TAIL;;;; +06CE;ARABIC LETTER YEH WITH SMALL V;Lo;0;AL;;;;;N;ARABIC LETTER YA WITH SMALL V;;;; +06CF;ARABIC LETTER WAW WITH DOT ABOVE;Lo;0;AL;;;;;N;;;;; +06D0;ARABIC LETTER E;Lo;0;AL;;;;;N;ARABIC LETTER YA WITH TWO DOTS VERTICAL BELOW;*;;; +06D1;ARABIC LETTER YEH WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;ARABIC LETTER YA WITH THREE DOTS BELOW;;;; +06D2;ARABIC LETTER YEH BARREE;Lo;0;AL;;;;;N;ARABIC LETTER YA BARREE;;;; +06D3;ARABIC LETTER YEH BARREE WITH HAMZA ABOVE;Lo;0;AL;06D2 0654;;;;N;ARABIC LETTER HAMZAH ON YA BARREE;;;; +06D4;ARABIC FULL STOP;Po;0;AL;;;;;N;ARABIC PERIOD;;;; +06D5;ARABIC LETTER AE;Lo;0;AL;;;;;N;;;;; +06D6;ARABIC SMALL HIGH LIGATURE SAD WITH LAM WITH ALEF MAKSURA;Mn;230;NSM;;;;;N;;;;; +06D7;ARABIC SMALL HIGH LIGATURE QAF WITH LAM WITH ALEF MAKSURA;Mn;230;NSM;;;;;N;;;;; +06D8;ARABIC SMALL HIGH MEEM INITIAL FORM;Mn;230;NSM;;;;;N;;;;; +06D9;ARABIC SMALL HIGH LAM ALEF;Mn;230;NSM;;;;;N;;;;; +06DA;ARABIC SMALL HIGH JEEM;Mn;230;NSM;;;;;N;;;;; +06DB;ARABIC SMALL HIGH THREE DOTS;Mn;230;NSM;;;;;N;;;;; +06DC;ARABIC SMALL HIGH SEEN;Mn;230;NSM;;;;;N;;;;; +06DD;ARABIC END OF AYAH;Cf;0;AL;;;;;N;;;;; +06DE;ARABIC START OF RUB EL HIZB;Me;0;NSM;;;;;N;;;;; +06DF;ARABIC SMALL HIGH ROUNDED ZERO;Mn;230;NSM;;;;;N;;;;; +06E0;ARABIC SMALL HIGH UPRIGHT RECTANGULAR ZERO;Mn;230;NSM;;;;;N;;;;; +06E1;ARABIC SMALL HIGH DOTLESS HEAD OF KHAH;Mn;230;NSM;;;;;N;;;;; +06E2;ARABIC SMALL HIGH MEEM ISOLATED FORM;Mn;230;NSM;;;;;N;;;;; +06E3;ARABIC SMALL LOW SEEN;Mn;220;NSM;;;;;N;;;;; +06E4;ARABIC SMALL HIGH MADDA;Mn;230;NSM;;;;;N;;;;; +06E5;ARABIC SMALL WAW;Lm;0;AL;;;;;N;;;;; +06E6;ARABIC SMALL YEH;Lm;0;AL;;;;;N;;;;; +06E7;ARABIC SMALL HIGH YEH;Mn;230;NSM;;;;;N;;;;; +06E8;ARABIC SMALL HIGH NOON;Mn;230;NSM;;;;;N;;;;; +06E9;ARABIC PLACE OF SAJDAH;So;0;ON;;;;;N;;;;; +06EA;ARABIC EMPTY CENTRE LOW STOP;Mn;220;NSM;;;;;N;;;;; +06EB;ARABIC EMPTY CENTRE HIGH STOP;Mn;230;NSM;;;;;N;;;;; +06EC;ARABIC ROUNDED HIGH STOP WITH FILLED CENTRE;Mn;230;NSM;;;;;N;;;;; +06ED;ARABIC SMALL LOW MEEM;Mn;220;NSM;;;;;N;;;;; +06EE;ARABIC LETTER DAL WITH INVERTED V;Lo;0;AL;;;;;N;;;;; +06EF;ARABIC LETTER REH WITH INVERTED V;Lo;0;AL;;;;;N;;;;; +06F0;EXTENDED ARABIC-INDIC DIGIT ZERO;Nd;0;EN;;0;0;0;N;EASTERN ARABIC-INDIC DIGIT ZERO;;;; +06F1;EXTENDED ARABIC-INDIC DIGIT ONE;Nd;0;EN;;1;1;1;N;EASTERN ARABIC-INDIC DIGIT ONE;;;; +06F2;EXTENDED ARABIC-INDIC DIGIT TWO;Nd;0;EN;;2;2;2;N;EASTERN ARABIC-INDIC DIGIT TWO;;;; +06F3;EXTENDED ARABIC-INDIC DIGIT THREE;Nd;0;EN;;3;3;3;N;EASTERN ARABIC-INDIC DIGIT THREE;;;; +06F4;EXTENDED ARABIC-INDIC DIGIT FOUR;Nd;0;EN;;4;4;4;N;EASTERN ARABIC-INDIC DIGIT FOUR;;;; +06F5;EXTENDED ARABIC-INDIC DIGIT FIVE;Nd;0;EN;;5;5;5;N;EASTERN ARABIC-INDIC DIGIT FIVE;;;; +06F6;EXTENDED ARABIC-INDIC DIGIT SIX;Nd;0;EN;;6;6;6;N;EASTERN ARABIC-INDIC DIGIT SIX;;;; +06F7;EXTENDED ARABIC-INDIC DIGIT SEVEN;Nd;0;EN;;7;7;7;N;EASTERN ARABIC-INDIC DIGIT SEVEN;;;; +06F8;EXTENDED ARABIC-INDIC DIGIT EIGHT;Nd;0;EN;;8;8;8;N;EASTERN ARABIC-INDIC DIGIT EIGHT;;;; +06F9;EXTENDED ARABIC-INDIC DIGIT NINE;Nd;0;EN;;9;9;9;N;EASTERN ARABIC-INDIC DIGIT NINE;;;; +06FA;ARABIC LETTER SHEEN WITH DOT BELOW;Lo;0;AL;;;;;N;;;;; +06FB;ARABIC LETTER DAD WITH DOT BELOW;Lo;0;AL;;;;;N;;;;; +06FC;ARABIC LETTER GHAIN WITH DOT BELOW;Lo;0;AL;;;;;N;;;;; +06FD;ARABIC SIGN SINDHI AMPERSAND;So;0;AL;;;;;N;;;;; +06FE;ARABIC SIGN SINDHI POSTPOSITION MEN;So;0;AL;;;;;N;;;;; +06FF;ARABIC LETTER HEH WITH INVERTED V;Lo;0;AL;;;;;N;;;;; +0700;SYRIAC END OF PARAGRAPH;Po;0;AL;;;;;N;;;;; +0701;SYRIAC SUPRALINEAR FULL STOP;Po;0;AL;;;;;N;;;;; +0702;SYRIAC SUBLINEAR FULL STOP;Po;0;AL;;;;;N;;;;; +0703;SYRIAC SUPRALINEAR COLON;Po;0;AL;;;;;N;;;;; +0704;SYRIAC SUBLINEAR COLON;Po;0;AL;;;;;N;;;;; +0705;SYRIAC HORIZONTAL COLON;Po;0;AL;;;;;N;;;;; +0706;SYRIAC COLON SKEWED LEFT;Po;0;AL;;;;;N;;;;; +0707;SYRIAC COLON SKEWED RIGHT;Po;0;AL;;;;;N;;;;; +0708;SYRIAC SUPRALINEAR COLON SKEWED LEFT;Po;0;AL;;;;;N;;;;; +0709;SYRIAC SUBLINEAR COLON SKEWED RIGHT;Po;0;AL;;;;;N;;;;; +070A;SYRIAC CONTRACTION;Po;0;AL;;;;;N;;;;; +070B;SYRIAC HARKLEAN OBELUS;Po;0;AL;;;;;N;;;;; +070C;SYRIAC HARKLEAN METOBELUS;Po;0;AL;;;;;N;;;;; +070D;SYRIAC HARKLEAN ASTERISCUS;Po;0;AL;;;;;N;;;;; +070F;SYRIAC ABBREVIATION MARK;Cf;0;BN;;;;;N;;;;; +0710;SYRIAC LETTER ALAPH;Lo;0;AL;;;;;N;;;;; +0711;SYRIAC LETTER SUPERSCRIPT ALAPH;Mn;36;NSM;;;;;N;;;;; +0712;SYRIAC LETTER BETH;Lo;0;AL;;;;;N;;;;; +0713;SYRIAC LETTER GAMAL;Lo;0;AL;;;;;N;;;;; +0714;SYRIAC LETTER GAMAL GARSHUNI;Lo;0;AL;;;;;N;;;;; +0715;SYRIAC LETTER DALATH;Lo;0;AL;;;;;N;;;;; +0716;SYRIAC LETTER DOTLESS DALATH RISH;Lo;0;AL;;;;;N;;;;; +0717;SYRIAC LETTER HE;Lo;0;AL;;;;;N;;;;; +0718;SYRIAC LETTER WAW;Lo;0;AL;;;;;N;;;;; +0719;SYRIAC LETTER ZAIN;Lo;0;AL;;;;;N;;;;; +071A;SYRIAC LETTER HETH;Lo;0;AL;;;;;N;;;;; +071B;SYRIAC LETTER TETH;Lo;0;AL;;;;;N;;;;; +071C;SYRIAC LETTER TETH GARSHUNI;Lo;0;AL;;;;;N;;;;; +071D;SYRIAC LETTER YUDH;Lo;0;AL;;;;;N;;;;; +071E;SYRIAC LETTER YUDH HE;Lo;0;AL;;;;;N;;;;; +071F;SYRIAC LETTER KAPH;Lo;0;AL;;;;;N;;;;; +0720;SYRIAC LETTER LAMADH;Lo;0;AL;;;;;N;;;;; +0721;SYRIAC LETTER MIM;Lo;0;AL;;;;;N;;;;; +0722;SYRIAC LETTER NUN;Lo;0;AL;;;;;N;;;;; +0723;SYRIAC LETTER SEMKATH;Lo;0;AL;;;;;N;;;;; +0724;SYRIAC LETTER FINAL SEMKATH;Lo;0;AL;;;;;N;;;;; +0725;SYRIAC LETTER E;Lo;0;AL;;;;;N;;;;; +0726;SYRIAC LETTER PE;Lo;0;AL;;;;;N;;;;; +0727;SYRIAC LETTER REVERSED PE;Lo;0;AL;;;;;N;;;;; +0728;SYRIAC LETTER SADHE;Lo;0;AL;;;;;N;;;;; +0729;SYRIAC LETTER QAPH;Lo;0;AL;;;;;N;;;;; +072A;SYRIAC LETTER RISH;Lo;0;AL;;;;;N;;;;; +072B;SYRIAC LETTER SHIN;Lo;0;AL;;;;;N;;;;; +072C;SYRIAC LETTER TAW;Lo;0;AL;;;;;N;;;;; +072D;SYRIAC LETTER PERSIAN BHETH;Lo;0;AL;;;;;N;;;;; +072E;SYRIAC LETTER PERSIAN GHAMAL;Lo;0;AL;;;;;N;;;;; +072F;SYRIAC LETTER PERSIAN DHALATH;Lo;0;AL;;;;;N;;;;; +0730;SYRIAC PTHAHA ABOVE;Mn;230;NSM;;;;;N;;;;; +0731;SYRIAC PTHAHA BELOW;Mn;220;NSM;;;;;N;;;;; +0732;SYRIAC PTHAHA DOTTED;Mn;230;NSM;;;;;N;;;;; +0733;SYRIAC ZQAPHA ABOVE;Mn;230;NSM;;;;;N;;;;; +0734;SYRIAC ZQAPHA BELOW;Mn;220;NSM;;;;;N;;;;; +0735;SYRIAC ZQAPHA DOTTED;Mn;230;NSM;;;;;N;;;;; +0736;SYRIAC RBASA ABOVE;Mn;230;NSM;;;;;N;;;;; +0737;SYRIAC RBASA BELOW;Mn;220;NSM;;;;;N;;;;; +0738;SYRIAC DOTTED ZLAMA HORIZONTAL;Mn;220;NSM;;;;;N;;;;; +0739;SYRIAC DOTTED ZLAMA ANGULAR;Mn;220;NSM;;;;;N;;;;; +073A;SYRIAC HBASA ABOVE;Mn;230;NSM;;;;;N;;;;; +073B;SYRIAC HBASA BELOW;Mn;220;NSM;;;;;N;;;;; +073C;SYRIAC HBASA-ESASA DOTTED;Mn;220;NSM;;;;;N;;;;; +073D;SYRIAC ESASA ABOVE;Mn;230;NSM;;;;;N;;;;; +073E;SYRIAC ESASA BELOW;Mn;220;NSM;;;;;N;;;;; +073F;SYRIAC RWAHA;Mn;230;NSM;;;;;N;;;;; +0740;SYRIAC FEMININE DOT;Mn;230;NSM;;;;;N;;;;; +0741;SYRIAC QUSHSHAYA;Mn;230;NSM;;;;;N;;;;; +0742;SYRIAC RUKKAKHA;Mn;220;NSM;;;;;N;;;;; +0743;SYRIAC TWO VERTICAL DOTS ABOVE;Mn;230;NSM;;;;;N;;;;; +0744;SYRIAC TWO VERTICAL DOTS BELOW;Mn;220;NSM;;;;;N;;;;; +0745;SYRIAC THREE DOTS ABOVE;Mn;230;NSM;;;;;N;;;;; +0746;SYRIAC THREE DOTS BELOW;Mn;220;NSM;;;;;N;;;;; +0747;SYRIAC OBLIQUE LINE ABOVE;Mn;230;NSM;;;;;N;;;;; +0748;SYRIAC OBLIQUE LINE BELOW;Mn;220;NSM;;;;;N;;;;; +0749;SYRIAC MUSIC;Mn;230;NSM;;;;;N;;;;; +074A;SYRIAC BARREKH;Mn;230;NSM;;;;;N;;;;; +074D;SYRIAC LETTER SOGDIAN ZHAIN;Lo;0;AL;;;;;N;;;;; +074E;SYRIAC LETTER SOGDIAN KHAPH;Lo;0;AL;;;;;N;;;;; +074F;SYRIAC LETTER SOGDIAN FE;Lo;0;AL;;;;;N;;;;; +0780;THAANA LETTER HAA;Lo;0;AL;;;;;N;;;;; +0781;THAANA LETTER SHAVIYANI;Lo;0;AL;;;;;N;;;;; +0782;THAANA LETTER NOONU;Lo;0;AL;;;;;N;;;;; +0783;THAANA LETTER RAA;Lo;0;AL;;;;;N;;;;; +0784;THAANA LETTER BAA;Lo;0;AL;;;;;N;;;;; +0785;THAANA LETTER LHAVIYANI;Lo;0;AL;;;;;N;;;;; +0786;THAANA LETTER KAAFU;Lo;0;AL;;;;;N;;;;; +0787;THAANA LETTER ALIFU;Lo;0;AL;;;;;N;;;;; +0788;THAANA LETTER VAAVU;Lo;0;AL;;;;;N;;;;; +0789;THAANA LETTER MEEMU;Lo;0;AL;;;;;N;;;;; +078A;THAANA LETTER FAAFU;Lo;0;AL;;;;;N;;;;; +078B;THAANA LETTER DHAALU;Lo;0;AL;;;;;N;;;;; +078C;THAANA LETTER THAA;Lo;0;AL;;;;;N;;;;; +078D;THAANA LETTER LAAMU;Lo;0;AL;;;;;N;;;;; +078E;THAANA LETTER GAAFU;Lo;0;AL;;;;;N;;;;; +078F;THAANA LETTER GNAVIYANI;Lo;0;AL;;;;;N;;;;; +0790;THAANA LETTER SEENU;Lo;0;AL;;;;;N;;;;; +0791;THAANA LETTER DAVIYANI;Lo;0;AL;;;;;N;;;;; +0792;THAANA LETTER ZAVIYANI;Lo;0;AL;;;;;N;;;;; +0793;THAANA LETTER TAVIYANI;Lo;0;AL;;;;;N;;;;; +0794;THAANA LETTER YAA;Lo;0;AL;;;;;N;;;;; +0795;THAANA LETTER PAVIYANI;Lo;0;AL;;;;;N;;;;; +0796;THAANA LETTER JAVIYANI;Lo;0;AL;;;;;N;;;;; +0797;THAANA LETTER CHAVIYANI;Lo;0;AL;;;;;N;;;;; +0798;THAANA LETTER TTAA;Lo;0;AL;;;;;N;;;;; +0799;THAANA LETTER HHAA;Lo;0;AL;;;;;N;;;;; +079A;THAANA LETTER KHAA;Lo;0;AL;;;;;N;;;;; +079B;THAANA LETTER THAALU;Lo;0;AL;;;;;N;;;;; +079C;THAANA LETTER ZAA;Lo;0;AL;;;;;N;;;;; +079D;THAANA LETTER SHEENU;Lo;0;AL;;;;;N;;;;; +079E;THAANA LETTER SAADHU;Lo;0;AL;;;;;N;;;;; +079F;THAANA LETTER DAADHU;Lo;0;AL;;;;;N;;;;; +07A0;THAANA LETTER TO;Lo;0;AL;;;;;N;;;;; +07A1;THAANA LETTER ZO;Lo;0;AL;;;;;N;;;;; +07A2;THAANA LETTER AINU;Lo;0;AL;;;;;N;;;;; +07A3;THAANA LETTER GHAINU;Lo;0;AL;;;;;N;;;;; +07A4;THAANA LETTER QAAFU;Lo;0;AL;;;;;N;;;;; +07A5;THAANA LETTER WAAVU;Lo;0;AL;;;;;N;;;;; +07A6;THAANA ABAFILI;Mn;0;NSM;;;;;N;;;;; +07A7;THAANA AABAAFILI;Mn;0;NSM;;;;;N;;;;; +07A8;THAANA IBIFILI;Mn;0;NSM;;;;;N;;;;; +07A9;THAANA EEBEEFILI;Mn;0;NSM;;;;;N;;;;; +07AA;THAANA UBUFILI;Mn;0;NSM;;;;;N;;;;; +07AB;THAANA OOBOOFILI;Mn;0;NSM;;;;;N;;;;; +07AC;THAANA EBEFILI;Mn;0;NSM;;;;;N;;;;; +07AD;THAANA EYBEYFILI;Mn;0;NSM;;;;;N;;;;; +07AE;THAANA OBOFILI;Mn;0;NSM;;;;;N;;;;; +07AF;THAANA OABOAFILI;Mn;0;NSM;;;;;N;;;;; +07B0;THAANA SUKUN;Mn;0;NSM;;;;;N;;;;; +07B1;THAANA LETTER NAA;Lo;0;AL;;;;;N;;;;; +0901;DEVANAGARI SIGN CANDRABINDU;Mn;0;NSM;;;;;N;;;;; +0902;DEVANAGARI SIGN ANUSVARA;Mn;0;NSM;;;;;N;;;;; +0903;DEVANAGARI SIGN VISARGA;Mc;0;L;;;;;N;;;;; +0904;DEVANAGARI LETTER SHORT A;Lo;0;L;;;;;N;;;;; +0905;DEVANAGARI LETTER A;Lo;0;L;;;;;N;;;;; +0906;DEVANAGARI LETTER AA;Lo;0;L;;;;;N;;;;; +0907;DEVANAGARI LETTER I;Lo;0;L;;;;;N;;;;; +0908;DEVANAGARI LETTER II;Lo;0;L;;;;;N;;;;; +0909;DEVANAGARI LETTER U;Lo;0;L;;;;;N;;;;; +090A;DEVANAGARI LETTER UU;Lo;0;L;;;;;N;;;;; +090B;DEVANAGARI LETTER VOCALIC R;Lo;0;L;;;;;N;;;;; +090C;DEVANAGARI LETTER VOCALIC L;Lo;0;L;;;;;N;;;;; +090D;DEVANAGARI LETTER CANDRA E;Lo;0;L;;;;;N;;;;; +090E;DEVANAGARI LETTER SHORT E;Lo;0;L;;;;;N;;;;; +090F;DEVANAGARI LETTER E;Lo;0;L;;;;;N;;;;; +0910;DEVANAGARI LETTER AI;Lo;0;L;;;;;N;;;;; +0911;DEVANAGARI LETTER CANDRA O;Lo;0;L;;;;;N;;;;; +0912;DEVANAGARI LETTER SHORT O;Lo;0;L;;;;;N;;;;; +0913;DEVANAGARI LETTER O;Lo;0;L;;;;;N;;;;; +0914;DEVANAGARI LETTER AU;Lo;0;L;;;;;N;;;;; +0915;DEVANAGARI LETTER KA;Lo;0;L;;;;;N;;;;; +0916;DEVANAGARI LETTER KHA;Lo;0;L;;;;;N;;;;; +0917;DEVANAGARI LETTER GA;Lo;0;L;;;;;N;;;;; +0918;DEVANAGARI LETTER GHA;Lo;0;L;;;;;N;;;;; +0919;DEVANAGARI LETTER NGA;Lo;0;L;;;;;N;;;;; +091A;DEVANAGARI LETTER CA;Lo;0;L;;;;;N;;;;; +091B;DEVANAGARI LETTER CHA;Lo;0;L;;;;;N;;;;; +091C;DEVANAGARI LETTER JA;Lo;0;L;;;;;N;;;;; +091D;DEVANAGARI LETTER JHA;Lo;0;L;;;;;N;;;;; +091E;DEVANAGARI LETTER NYA;Lo;0;L;;;;;N;;;;; +091F;DEVANAGARI LETTER TTA;Lo;0;L;;;;;N;;;;; +0920;DEVANAGARI LETTER TTHA;Lo;0;L;;;;;N;;;;; +0921;DEVANAGARI LETTER DDA;Lo;0;L;;;;;N;;;;; +0922;DEVANAGARI LETTER DDHA;Lo;0;L;;;;;N;;;;; +0923;DEVANAGARI LETTER NNA;Lo;0;L;;;;;N;;;;; +0924;DEVANAGARI LETTER TA;Lo;0;L;;;;;N;;;;; +0925;DEVANAGARI LETTER THA;Lo;0;L;;;;;N;;;;; +0926;DEVANAGARI LETTER DA;Lo;0;L;;;;;N;;;;; +0927;DEVANAGARI LETTER DHA;Lo;0;L;;;;;N;;;;; +0928;DEVANAGARI LETTER NA;Lo;0;L;;;;;N;;;;; +0929;DEVANAGARI LETTER NNNA;Lo;0;L;0928 093C;;;;N;;;;; +092A;DEVANAGARI LETTER PA;Lo;0;L;;;;;N;;;;; +092B;DEVANAGARI LETTER PHA;Lo;0;L;;;;;N;;;;; +092C;DEVANAGARI LETTER BA;Lo;0;L;;;;;N;;;;; +092D;DEVANAGARI LETTER BHA;Lo;0;L;;;;;N;;;;; +092E;DEVANAGARI LETTER MA;Lo;0;L;;;;;N;;;;; +092F;DEVANAGARI LETTER YA;Lo;0;L;;;;;N;;;;; +0930;DEVANAGARI LETTER RA;Lo;0;L;;;;;N;;;;; +0931;DEVANAGARI LETTER RRA;Lo;0;L;0930 093C;;;;N;;;;; +0932;DEVANAGARI LETTER LA;Lo;0;L;;;;;N;;;;; +0933;DEVANAGARI LETTER LLA;Lo;0;L;;;;;N;;;;; +0934;DEVANAGARI LETTER LLLA;Lo;0;L;0933 093C;;;;N;;;;; +0935;DEVANAGARI LETTER VA;Lo;0;L;;;;;N;;;;; +0936;DEVANAGARI LETTER SHA;Lo;0;L;;;;;N;;;;; +0937;DEVANAGARI LETTER SSA;Lo;0;L;;;;;N;;;;; +0938;DEVANAGARI LETTER SA;Lo;0;L;;;;;N;;;;; +0939;DEVANAGARI LETTER HA;Lo;0;L;;;;;N;;;;; +093C;DEVANAGARI SIGN NUKTA;Mn;7;NSM;;;;;N;;;;; +093D;DEVANAGARI SIGN AVAGRAHA;Lo;0;L;;;;;N;;;;; +093E;DEVANAGARI VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +093F;DEVANAGARI VOWEL SIGN I;Mc;0;L;;;;;N;;;;; +0940;DEVANAGARI VOWEL SIGN II;Mc;0;L;;;;;N;;;;; +0941;DEVANAGARI VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +0942;DEVANAGARI VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;; +0943;DEVANAGARI VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;; +0944;DEVANAGARI VOWEL SIGN VOCALIC RR;Mn;0;NSM;;;;;N;;;;; +0945;DEVANAGARI VOWEL SIGN CANDRA E;Mn;0;NSM;;;;;N;;;;; +0946;DEVANAGARI VOWEL SIGN SHORT E;Mn;0;NSM;;;;;N;;;;; +0947;DEVANAGARI VOWEL SIGN E;Mn;0;NSM;;;;;N;;;;; +0948;DEVANAGARI VOWEL SIGN AI;Mn;0;NSM;;;;;N;;;;; +0949;DEVANAGARI VOWEL SIGN CANDRA O;Mc;0;L;;;;;N;;;;; +094A;DEVANAGARI VOWEL SIGN SHORT O;Mc;0;L;;;;;N;;;;; +094B;DEVANAGARI VOWEL SIGN O;Mc;0;L;;;;;N;;;;; +094C;DEVANAGARI VOWEL SIGN AU;Mc;0;L;;;;;N;;;;; +094D;DEVANAGARI SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +0950;DEVANAGARI OM;Lo;0;L;;;;;N;;;;; +0951;DEVANAGARI STRESS SIGN UDATTA;Mn;230;NSM;;;;;N;;;;; +0952;DEVANAGARI STRESS SIGN ANUDATTA;Mn;220;NSM;;;;;N;;;;; +0953;DEVANAGARI GRAVE ACCENT;Mn;230;NSM;;;;;N;;;;; +0954;DEVANAGARI ACUTE ACCENT;Mn;230;NSM;;;;;N;;;;; +0958;DEVANAGARI LETTER QA;Lo;0;L;0915 093C;;;;N;;;;; +0959;DEVANAGARI LETTER KHHA;Lo;0;L;0916 093C;;;;N;;;;; +095A;DEVANAGARI LETTER GHHA;Lo;0;L;0917 093C;;;;N;;;;; +095B;DEVANAGARI LETTER ZA;Lo;0;L;091C 093C;;;;N;;;;; +095C;DEVANAGARI LETTER DDDHA;Lo;0;L;0921 093C;;;;N;;;;; +095D;DEVANAGARI LETTER RHA;Lo;0;L;0922 093C;;;;N;;;;; +095E;DEVANAGARI LETTER FA;Lo;0;L;092B 093C;;;;N;;;;; +095F;DEVANAGARI LETTER YYA;Lo;0;L;092F 093C;;;;N;;;;; +0960;DEVANAGARI LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;; +0961;DEVANAGARI LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;; +0962;DEVANAGARI VOWEL SIGN VOCALIC L;Mn;0;NSM;;;;;N;;;;; +0963;DEVANAGARI VOWEL SIGN VOCALIC LL;Mn;0;NSM;;;;;N;;;;; +0964;DEVANAGARI DANDA;Po;0;L;;;;;N;;;;; +0965;DEVANAGARI DOUBLE DANDA;Po;0;L;;;;;N;;;;; +0966;DEVANAGARI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0967;DEVANAGARI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0968;DEVANAGARI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0969;DEVANAGARI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +096A;DEVANAGARI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +096B;DEVANAGARI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +096C;DEVANAGARI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +096D;DEVANAGARI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +096E;DEVANAGARI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +096F;DEVANAGARI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0970;DEVANAGARI ABBREVIATION SIGN;Po;0;L;;;;;N;;;;; +0981;BENGALI SIGN CANDRABINDU;Mn;0;NSM;;;;;N;;;;; +0982;BENGALI SIGN ANUSVARA;Mc;0;L;;;;;N;;;;; +0983;BENGALI SIGN VISARGA;Mc;0;L;;;;;N;;;;; +0985;BENGALI LETTER A;Lo;0;L;;;;;N;;;;; +0986;BENGALI LETTER AA;Lo;0;L;;;;;N;;;;; +0987;BENGALI LETTER I;Lo;0;L;;;;;N;;;;; +0988;BENGALI LETTER II;Lo;0;L;;;;;N;;;;; +0989;BENGALI LETTER U;Lo;0;L;;;;;N;;;;; +098A;BENGALI LETTER UU;Lo;0;L;;;;;N;;;;; +098B;BENGALI LETTER VOCALIC R;Lo;0;L;;;;;N;;;;; +098C;BENGALI LETTER VOCALIC L;Lo;0;L;;;;;N;;;;; +098F;BENGALI LETTER E;Lo;0;L;;;;;N;;;;; +0990;BENGALI LETTER AI;Lo;0;L;;;;;N;;;;; +0993;BENGALI LETTER O;Lo;0;L;;;;;N;;;;; +0994;BENGALI LETTER AU;Lo;0;L;;;;;N;;;;; +0995;BENGALI LETTER KA;Lo;0;L;;;;;N;;;;; +0996;BENGALI LETTER KHA;Lo;0;L;;;;;N;;;;; +0997;BENGALI LETTER GA;Lo;0;L;;;;;N;;;;; +0998;BENGALI LETTER GHA;Lo;0;L;;;;;N;;;;; +0999;BENGALI LETTER NGA;Lo;0;L;;;;;N;;;;; +099A;BENGALI LETTER CA;Lo;0;L;;;;;N;;;;; +099B;BENGALI LETTER CHA;Lo;0;L;;;;;N;;;;; +099C;BENGALI LETTER JA;Lo;0;L;;;;;N;;;;; +099D;BENGALI LETTER JHA;Lo;0;L;;;;;N;;;;; +099E;BENGALI LETTER NYA;Lo;0;L;;;;;N;;;;; +099F;BENGALI LETTER TTA;Lo;0;L;;;;;N;;;;; +09A0;BENGALI LETTER TTHA;Lo;0;L;;;;;N;;;;; +09A1;BENGALI LETTER DDA;Lo;0;L;;;;;N;;;;; +09A2;BENGALI LETTER DDHA;Lo;0;L;;;;;N;;;;; +09A3;BENGALI LETTER NNA;Lo;0;L;;;;;N;;;;; +09A4;BENGALI LETTER TA;Lo;0;L;;;;;N;;;;; +09A5;BENGALI LETTER THA;Lo;0;L;;;;;N;;;;; +09A6;BENGALI LETTER DA;Lo;0;L;;;;;N;;;;; +09A7;BENGALI LETTER DHA;Lo;0;L;;;;;N;;;;; +09A8;BENGALI LETTER NA;Lo;0;L;;;;;N;;;;; +09AA;BENGALI LETTER PA;Lo;0;L;;;;;N;;;;; +09AB;BENGALI LETTER PHA;Lo;0;L;;;;;N;;;;; +09AC;BENGALI LETTER BA;Lo;0;L;;;;;N;;;;; +09AD;BENGALI LETTER BHA;Lo;0;L;;;;;N;;;;; +09AE;BENGALI LETTER MA;Lo;0;L;;;;;N;;;;; +09AF;BENGALI LETTER YA;Lo;0;L;;;;;N;;;;; +09B0;BENGALI LETTER RA;Lo;0;L;;;;;N;;;;; +09B2;BENGALI LETTER LA;Lo;0;L;;;;;N;;;;; +09B6;BENGALI LETTER SHA;Lo;0;L;;;;;N;;;;; +09B7;BENGALI LETTER SSA;Lo;0;L;;;;;N;;;;; +09B8;BENGALI LETTER SA;Lo;0;L;;;;;N;;;;; +09B9;BENGALI LETTER HA;Lo;0;L;;;;;N;;;;; +09BC;BENGALI SIGN NUKTA;Mn;7;NSM;;;;;N;;;;; +09BD;BENGALI SIGN AVAGRAHA;Lo;0;L;;;;;N;;;;; +09BE;BENGALI VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +09BF;BENGALI VOWEL SIGN I;Mc;0;L;;;;;N;;;;; +09C0;BENGALI VOWEL SIGN II;Mc;0;L;;;;;N;;;;; +09C1;BENGALI VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +09C2;BENGALI VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;; +09C3;BENGALI VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;; +09C4;BENGALI VOWEL SIGN VOCALIC RR;Mn;0;NSM;;;;;N;;;;; +09C7;BENGALI VOWEL SIGN E;Mc;0;L;;;;;N;;;;; +09C8;BENGALI VOWEL SIGN AI;Mc;0;L;;;;;N;;;;; +09CB;BENGALI VOWEL SIGN O;Mc;0;L;09C7 09BE;;;;N;;;;; +09CC;BENGALI VOWEL SIGN AU;Mc;0;L;09C7 09D7;;;;N;;;;; +09CD;BENGALI SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +09D7;BENGALI AU LENGTH MARK;Mc;0;L;;;;;N;;;;; +09DC;BENGALI LETTER RRA;Lo;0;L;09A1 09BC;;;;N;;;;; +09DD;BENGALI LETTER RHA;Lo;0;L;09A2 09BC;;;;N;;;;; +09DF;BENGALI LETTER YYA;Lo;0;L;09AF 09BC;;;;N;;;;; +09E0;BENGALI LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;; +09E1;BENGALI LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;; +09E2;BENGALI VOWEL SIGN VOCALIC L;Mn;0;NSM;;;;;N;;;;; +09E3;BENGALI VOWEL SIGN VOCALIC LL;Mn;0;NSM;;;;;N;;;;; +09E6;BENGALI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +09E7;BENGALI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +09E8;BENGALI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +09E9;BENGALI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +09EA;BENGALI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +09EB;BENGALI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +09EC;BENGALI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +09ED;BENGALI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +09EE;BENGALI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +09EF;BENGALI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +09F0;BENGALI LETTER RA WITH MIDDLE DIAGONAL;Lo;0;L;;;;;N;;Assamese;;; +09F1;BENGALI LETTER RA WITH LOWER DIAGONAL;Lo;0;L;;;;;N;BENGALI LETTER VA WITH LOWER DIAGONAL;Assamese;;; +09F2;BENGALI RUPEE MARK;Sc;0;ET;;;;;N;;;;; +09F3;BENGALI RUPEE SIGN;Sc;0;ET;;;;;N;;;;; +09F4;BENGALI CURRENCY NUMERATOR ONE;No;0;L;;;;1;N;;;;; +09F5;BENGALI CURRENCY NUMERATOR TWO;No;0;L;;;;2;N;;;;; +09F6;BENGALI CURRENCY NUMERATOR THREE;No;0;L;;;;3;N;;;;; +09F7;BENGALI CURRENCY NUMERATOR FOUR;No;0;L;;;;4;N;;;;; +09F8;BENGALI CURRENCY NUMERATOR ONE LESS THAN THE DENOMINATOR;No;0;L;;;;;N;;;;; +09F9;BENGALI CURRENCY DENOMINATOR SIXTEEN;No;0;L;;;;16;N;;;;; +09FA;BENGALI ISSHAR;So;0;L;;;;;N;;;;; +0A01;GURMUKHI SIGN ADAK BINDI;Mn;0;NSM;;;;;N;;;;; +0A02;GURMUKHI SIGN BINDI;Mn;0;NSM;;;;;N;;;;; +0A03;GURMUKHI SIGN VISARGA;Mc;0;L;;;;;N;;;;; +0A05;GURMUKHI LETTER A;Lo;0;L;;;;;N;;;;; +0A06;GURMUKHI LETTER AA;Lo;0;L;;;;;N;;;;; +0A07;GURMUKHI LETTER I;Lo;0;L;;;;;N;;;;; +0A08;GURMUKHI LETTER II;Lo;0;L;;;;;N;;;;; +0A09;GURMUKHI LETTER U;Lo;0;L;;;;;N;;;;; +0A0A;GURMUKHI LETTER UU;Lo;0;L;;;;;N;;;;; +0A0F;GURMUKHI LETTER EE;Lo;0;L;;;;;N;;;;; +0A10;GURMUKHI LETTER AI;Lo;0;L;;;;;N;;;;; +0A13;GURMUKHI LETTER OO;Lo;0;L;;;;;N;;;;; +0A14;GURMUKHI LETTER AU;Lo;0;L;;;;;N;;;;; +0A15;GURMUKHI LETTER KA;Lo;0;L;;;;;N;;;;; +0A16;GURMUKHI LETTER KHA;Lo;0;L;;;;;N;;;;; +0A17;GURMUKHI LETTER GA;Lo;0;L;;;;;N;;;;; +0A18;GURMUKHI LETTER GHA;Lo;0;L;;;;;N;;;;; +0A19;GURMUKHI LETTER NGA;Lo;0;L;;;;;N;;;;; +0A1A;GURMUKHI LETTER CA;Lo;0;L;;;;;N;;;;; +0A1B;GURMUKHI LETTER CHA;Lo;0;L;;;;;N;;;;; +0A1C;GURMUKHI LETTER JA;Lo;0;L;;;;;N;;;;; +0A1D;GURMUKHI LETTER JHA;Lo;0;L;;;;;N;;;;; +0A1E;GURMUKHI LETTER NYA;Lo;0;L;;;;;N;;;;; +0A1F;GURMUKHI LETTER TTA;Lo;0;L;;;;;N;;;;; +0A20;GURMUKHI LETTER TTHA;Lo;0;L;;;;;N;;;;; +0A21;GURMUKHI LETTER DDA;Lo;0;L;;;;;N;;;;; +0A22;GURMUKHI LETTER DDHA;Lo;0;L;;;;;N;;;;; +0A23;GURMUKHI LETTER NNA;Lo;0;L;;;;;N;;;;; +0A24;GURMUKHI LETTER TA;Lo;0;L;;;;;N;;;;; +0A25;GURMUKHI LETTER THA;Lo;0;L;;;;;N;;;;; +0A26;GURMUKHI LETTER DA;Lo;0;L;;;;;N;;;;; +0A27;GURMUKHI LETTER DHA;Lo;0;L;;;;;N;;;;; +0A28;GURMUKHI LETTER NA;Lo;0;L;;;;;N;;;;; +0A2A;GURMUKHI LETTER PA;Lo;0;L;;;;;N;;;;; +0A2B;GURMUKHI LETTER PHA;Lo;0;L;;;;;N;;;;; +0A2C;GURMUKHI LETTER BA;Lo;0;L;;;;;N;;;;; +0A2D;GURMUKHI LETTER BHA;Lo;0;L;;;;;N;;;;; +0A2E;GURMUKHI LETTER MA;Lo;0;L;;;;;N;;;;; +0A2F;GURMUKHI LETTER YA;Lo;0;L;;;;;N;;;;; +0A30;GURMUKHI LETTER RA;Lo;0;L;;;;;N;;;;; +0A32;GURMUKHI LETTER LA;Lo;0;L;;;;;N;;;;; +0A33;GURMUKHI LETTER LLA;Lo;0;L;0A32 0A3C;;;;N;;;;; +0A35;GURMUKHI LETTER VA;Lo;0;L;;;;;N;;;;; +0A36;GURMUKHI LETTER SHA;Lo;0;L;0A38 0A3C;;;;N;;;;; +0A38;GURMUKHI LETTER SA;Lo;0;L;;;;;N;;;;; +0A39;GURMUKHI LETTER HA;Lo;0;L;;;;;N;;;;; +0A3C;GURMUKHI SIGN NUKTA;Mn;7;NSM;;;;;N;;;;; +0A3E;GURMUKHI VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +0A3F;GURMUKHI VOWEL SIGN I;Mc;0;L;;;;;N;;;;; +0A40;GURMUKHI VOWEL SIGN II;Mc;0;L;;;;;N;;;;; +0A41;GURMUKHI VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +0A42;GURMUKHI VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;; +0A47;GURMUKHI VOWEL SIGN EE;Mn;0;NSM;;;;;N;;;;; +0A48;GURMUKHI VOWEL SIGN AI;Mn;0;NSM;;;;;N;;;;; +0A4B;GURMUKHI VOWEL SIGN OO;Mn;0;NSM;;;;;N;;;;; +0A4C;GURMUKHI VOWEL SIGN AU;Mn;0;NSM;;;;;N;;;;; +0A4D;GURMUKHI SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +0A59;GURMUKHI LETTER KHHA;Lo;0;L;0A16 0A3C;;;;N;;;;; +0A5A;GURMUKHI LETTER GHHA;Lo;0;L;0A17 0A3C;;;;N;;;;; +0A5B;GURMUKHI LETTER ZA;Lo;0;L;0A1C 0A3C;;;;N;;;;; +0A5C;GURMUKHI LETTER RRA;Lo;0;L;;;;;N;;;;; +0A5E;GURMUKHI LETTER FA;Lo;0;L;0A2B 0A3C;;;;N;;;;; +0A66;GURMUKHI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0A67;GURMUKHI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0A68;GURMUKHI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0A69;GURMUKHI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0A6A;GURMUKHI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0A6B;GURMUKHI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0A6C;GURMUKHI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0A6D;GURMUKHI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0A6E;GURMUKHI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0A6F;GURMUKHI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0A70;GURMUKHI TIPPI;Mn;0;NSM;;;;;N;;;;; +0A71;GURMUKHI ADDAK;Mn;0;NSM;;;;;N;;;;; +0A72;GURMUKHI IRI;Lo;0;L;;;;;N;;;;; +0A73;GURMUKHI URA;Lo;0;L;;;;;N;;;;; +0A74;GURMUKHI EK ONKAR;Lo;0;L;;;;;N;;;;; +0A81;GUJARATI SIGN CANDRABINDU;Mn;0;NSM;;;;;N;;;;; +0A82;GUJARATI SIGN ANUSVARA;Mn;0;NSM;;;;;N;;;;; +0A83;GUJARATI SIGN VISARGA;Mc;0;L;;;;;N;;;;; +0A85;GUJARATI LETTER A;Lo;0;L;;;;;N;;;;; +0A86;GUJARATI LETTER AA;Lo;0;L;;;;;N;;;;; +0A87;GUJARATI LETTER I;Lo;0;L;;;;;N;;;;; +0A88;GUJARATI LETTER II;Lo;0;L;;;;;N;;;;; +0A89;GUJARATI LETTER U;Lo;0;L;;;;;N;;;;; +0A8A;GUJARATI LETTER UU;Lo;0;L;;;;;N;;;;; +0A8B;GUJARATI LETTER VOCALIC R;Lo;0;L;;;;;N;;;;; +0A8C;GUJARATI LETTER VOCALIC L;Lo;0;L;;;;;N;;;;; +0A8D;GUJARATI VOWEL CANDRA E;Lo;0;L;;;;;N;;;;; +0A8F;GUJARATI LETTER E;Lo;0;L;;;;;N;;;;; +0A90;GUJARATI LETTER AI;Lo;0;L;;;;;N;;;;; +0A91;GUJARATI VOWEL CANDRA O;Lo;0;L;;;;;N;;;;; +0A93;GUJARATI LETTER O;Lo;0;L;;;;;N;;;;; +0A94;GUJARATI LETTER AU;Lo;0;L;;;;;N;;;;; +0A95;GUJARATI LETTER KA;Lo;0;L;;;;;N;;;;; +0A96;GUJARATI LETTER KHA;Lo;0;L;;;;;N;;;;; +0A97;GUJARATI LETTER GA;Lo;0;L;;;;;N;;;;; +0A98;GUJARATI LETTER GHA;Lo;0;L;;;;;N;;;;; +0A99;GUJARATI LETTER NGA;Lo;0;L;;;;;N;;;;; +0A9A;GUJARATI LETTER CA;Lo;0;L;;;;;N;;;;; +0A9B;GUJARATI LETTER CHA;Lo;0;L;;;;;N;;;;; +0A9C;GUJARATI LETTER JA;Lo;0;L;;;;;N;;;;; +0A9D;GUJARATI LETTER JHA;Lo;0;L;;;;;N;;;;; +0A9E;GUJARATI LETTER NYA;Lo;0;L;;;;;N;;;;; +0A9F;GUJARATI LETTER TTA;Lo;0;L;;;;;N;;;;; +0AA0;GUJARATI LETTER TTHA;Lo;0;L;;;;;N;;;;; +0AA1;GUJARATI LETTER DDA;Lo;0;L;;;;;N;;;;; +0AA2;GUJARATI LETTER DDHA;Lo;0;L;;;;;N;;;;; +0AA3;GUJARATI LETTER NNA;Lo;0;L;;;;;N;;;;; +0AA4;GUJARATI LETTER TA;Lo;0;L;;;;;N;;;;; +0AA5;GUJARATI LETTER THA;Lo;0;L;;;;;N;;;;; +0AA6;GUJARATI LETTER DA;Lo;0;L;;;;;N;;;;; +0AA7;GUJARATI LETTER DHA;Lo;0;L;;;;;N;;;;; +0AA8;GUJARATI LETTER NA;Lo;0;L;;;;;N;;;;; +0AAA;GUJARATI LETTER PA;Lo;0;L;;;;;N;;;;; +0AAB;GUJARATI LETTER PHA;Lo;0;L;;;;;N;;;;; +0AAC;GUJARATI LETTER BA;Lo;0;L;;;;;N;;;;; +0AAD;GUJARATI LETTER BHA;Lo;0;L;;;;;N;;;;; +0AAE;GUJARATI LETTER MA;Lo;0;L;;;;;N;;;;; +0AAF;GUJARATI LETTER YA;Lo;0;L;;;;;N;;;;; +0AB0;GUJARATI LETTER RA;Lo;0;L;;;;;N;;;;; +0AB2;GUJARATI LETTER LA;Lo;0;L;;;;;N;;;;; +0AB3;GUJARATI LETTER LLA;Lo;0;L;;;;;N;;;;; +0AB5;GUJARATI LETTER VA;Lo;0;L;;;;;N;;;;; +0AB6;GUJARATI LETTER SHA;Lo;0;L;;;;;N;;;;; +0AB7;GUJARATI LETTER SSA;Lo;0;L;;;;;N;;;;; +0AB8;GUJARATI LETTER SA;Lo;0;L;;;;;N;;;;; +0AB9;GUJARATI LETTER HA;Lo;0;L;;;;;N;;;;; +0ABC;GUJARATI SIGN NUKTA;Mn;7;NSM;;;;;N;;;;; +0ABD;GUJARATI SIGN AVAGRAHA;Lo;0;L;;;;;N;;;;; +0ABE;GUJARATI VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +0ABF;GUJARATI VOWEL SIGN I;Mc;0;L;;;;;N;;;;; +0AC0;GUJARATI VOWEL SIGN II;Mc;0;L;;;;;N;;;;; +0AC1;GUJARATI VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +0AC2;GUJARATI VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;; +0AC3;GUJARATI VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;; +0AC4;GUJARATI VOWEL SIGN VOCALIC RR;Mn;0;NSM;;;;;N;;;;; +0AC5;GUJARATI VOWEL SIGN CANDRA E;Mn;0;NSM;;;;;N;;;;; +0AC7;GUJARATI VOWEL SIGN E;Mn;0;NSM;;;;;N;;;;; +0AC8;GUJARATI VOWEL SIGN AI;Mn;0;NSM;;;;;N;;;;; +0AC9;GUJARATI VOWEL SIGN CANDRA O;Mc;0;L;;;;;N;;;;; +0ACB;GUJARATI VOWEL SIGN O;Mc;0;L;;;;;N;;;;; +0ACC;GUJARATI VOWEL SIGN AU;Mc;0;L;;;;;N;;;;; +0ACD;GUJARATI SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +0AD0;GUJARATI OM;Lo;0;L;;;;;N;;;;; +0AE0;GUJARATI LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;; +0AE1;GUJARATI LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;; +0AE2;GUJARATI VOWEL SIGN VOCALIC L;Mn;0;NSM;;;;;N;;;;; +0AE3;GUJARATI VOWEL SIGN VOCALIC LL;Mn;0;NSM;;;;;N;;;;; +0AE6;GUJARATI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0AE7;GUJARATI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0AE8;GUJARATI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0AE9;GUJARATI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0AEA;GUJARATI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0AEB;GUJARATI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0AEC;GUJARATI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0AED;GUJARATI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0AEE;GUJARATI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0AEF;GUJARATI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0AF1;GUJARATI RUPEE SIGN;Sc;0;ET;;;;;N;;;;; +0B01;ORIYA SIGN CANDRABINDU;Mn;0;NSM;;;;;N;;;;; +0B02;ORIYA SIGN ANUSVARA;Mc;0;L;;;;;N;;;;; +0B03;ORIYA SIGN VISARGA;Mc;0;L;;;;;N;;;;; +0B05;ORIYA LETTER A;Lo;0;L;;;;;N;;;;; +0B06;ORIYA LETTER AA;Lo;0;L;;;;;N;;;;; +0B07;ORIYA LETTER I;Lo;0;L;;;;;N;;;;; +0B08;ORIYA LETTER II;Lo;0;L;;;;;N;;;;; +0B09;ORIYA LETTER U;Lo;0;L;;;;;N;;;;; +0B0A;ORIYA LETTER UU;Lo;0;L;;;;;N;;;;; +0B0B;ORIYA LETTER VOCALIC R;Lo;0;L;;;;;N;;;;; +0B0C;ORIYA LETTER VOCALIC L;Lo;0;L;;;;;N;;;;; +0B0F;ORIYA LETTER E;Lo;0;L;;;;;N;;;;; +0B10;ORIYA LETTER AI;Lo;0;L;;;;;N;;;;; +0B13;ORIYA LETTER O;Lo;0;L;;;;;N;;;;; +0B14;ORIYA LETTER AU;Lo;0;L;;;;;N;;;;; +0B15;ORIYA LETTER KA;Lo;0;L;;;;;N;;;;; +0B16;ORIYA LETTER KHA;Lo;0;L;;;;;N;;;;; +0B17;ORIYA LETTER GA;Lo;0;L;;;;;N;;;;; +0B18;ORIYA LETTER GHA;Lo;0;L;;;;;N;;;;; +0B19;ORIYA LETTER NGA;Lo;0;L;;;;;N;;;;; +0B1A;ORIYA LETTER CA;Lo;0;L;;;;;N;;;;; +0B1B;ORIYA LETTER CHA;Lo;0;L;;;;;N;;;;; +0B1C;ORIYA LETTER JA;Lo;0;L;;;;;N;;;;; +0B1D;ORIYA LETTER JHA;Lo;0;L;;;;;N;;;;; +0B1E;ORIYA LETTER NYA;Lo;0;L;;;;;N;;;;; +0B1F;ORIYA LETTER TTA;Lo;0;L;;;;;N;;;;; +0B20;ORIYA LETTER TTHA;Lo;0;L;;;;;N;;;;; +0B21;ORIYA LETTER DDA;Lo;0;L;;;;;N;;;;; +0B22;ORIYA LETTER DDHA;Lo;0;L;;;;;N;;;;; +0B23;ORIYA LETTER NNA;Lo;0;L;;;;;N;;;;; +0B24;ORIYA LETTER TA;Lo;0;L;;;;;N;;;;; +0B25;ORIYA LETTER THA;Lo;0;L;;;;;N;;;;; +0B26;ORIYA LETTER DA;Lo;0;L;;;;;N;;;;; +0B27;ORIYA LETTER DHA;Lo;0;L;;;;;N;;;;; +0B28;ORIYA LETTER NA;Lo;0;L;;;;;N;;;;; +0B2A;ORIYA LETTER PA;Lo;0;L;;;;;N;;;;; +0B2B;ORIYA LETTER PHA;Lo;0;L;;;;;N;;;;; +0B2C;ORIYA LETTER BA;Lo;0;L;;;;;N;;;;; +0B2D;ORIYA LETTER BHA;Lo;0;L;;;;;N;;;;; +0B2E;ORIYA LETTER MA;Lo;0;L;;;;;N;;;;; +0B2F;ORIYA LETTER YA;Lo;0;L;;;;;N;;;;; +0B30;ORIYA LETTER RA;Lo;0;L;;;;;N;;;;; +0B32;ORIYA LETTER LA;Lo;0;L;;;;;N;;;;; +0B33;ORIYA LETTER LLA;Lo;0;L;;;;;N;;;;; +0B35;ORIYA LETTER VA;Lo;0;L;;;;;N;;;;; +0B36;ORIYA LETTER SHA;Lo;0;L;;;;;N;;;;; +0B37;ORIYA LETTER SSA;Lo;0;L;;;;;N;;;;; +0B38;ORIYA LETTER SA;Lo;0;L;;;;;N;;;;; +0B39;ORIYA LETTER HA;Lo;0;L;;;;;N;;;;; +0B3C;ORIYA SIGN NUKTA;Mn;7;NSM;;;;;N;;;;; +0B3D;ORIYA SIGN AVAGRAHA;Lo;0;L;;;;;N;;;;; +0B3E;ORIYA VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +0B3F;ORIYA VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +0B40;ORIYA VOWEL SIGN II;Mc;0;L;;;;;N;;;;; +0B41;ORIYA VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +0B42;ORIYA VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;; +0B43;ORIYA VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;; +0B47;ORIYA VOWEL SIGN E;Mc;0;L;;;;;N;;;;; +0B48;ORIYA VOWEL SIGN AI;Mc;0;L;0B47 0B56;;;;N;;;;; +0B4B;ORIYA VOWEL SIGN O;Mc;0;L;0B47 0B3E;;;;N;;;;; +0B4C;ORIYA VOWEL SIGN AU;Mc;0;L;0B47 0B57;;;;N;;;;; +0B4D;ORIYA SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +0B56;ORIYA AI LENGTH MARK;Mn;0;NSM;;;;;N;;;;; +0B57;ORIYA AU LENGTH MARK;Mc;0;L;;;;;N;;;;; +0B5C;ORIYA LETTER RRA;Lo;0;L;0B21 0B3C;;;;N;;;;; +0B5D;ORIYA LETTER RHA;Lo;0;L;0B22 0B3C;;;;N;;;;; +0B5F;ORIYA LETTER YYA;Lo;0;L;;;;;N;;;;; +0B60;ORIYA LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;; +0B61;ORIYA LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;; +0B66;ORIYA DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0B67;ORIYA DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0B68;ORIYA DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0B69;ORIYA DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0B6A;ORIYA DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0B6B;ORIYA DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0B6C;ORIYA DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0B6D;ORIYA DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0B6E;ORIYA DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0B6F;ORIYA DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0B70;ORIYA ISSHAR;So;0;L;;;;;N;;;;; +0B71;ORIYA LETTER WA;Lo;0;L;;;;;N;;;;; +0B82;TAMIL SIGN ANUSVARA;Mn;0;NSM;;;;;N;;;;; +0B83;TAMIL SIGN VISARGA;Lo;0;L;;;;;N;;;;; +0B85;TAMIL LETTER A;Lo;0;L;;;;;N;;;;; +0B86;TAMIL LETTER AA;Lo;0;L;;;;;N;;;;; +0B87;TAMIL LETTER I;Lo;0;L;;;;;N;;;;; +0B88;TAMIL LETTER II;Lo;0;L;;;;;N;;;;; +0B89;TAMIL LETTER U;Lo;0;L;;;;;N;;;;; +0B8A;TAMIL LETTER UU;Lo;0;L;;;;;N;;;;; +0B8E;TAMIL LETTER E;Lo;0;L;;;;;N;;;;; +0B8F;TAMIL LETTER EE;Lo;0;L;;;;;N;;;;; +0B90;TAMIL LETTER AI;Lo;0;L;;;;;N;;;;; +0B92;TAMIL LETTER O;Lo;0;L;;;;;N;;;;; +0B93;TAMIL LETTER OO;Lo;0;L;;;;;N;;;;; +0B94;TAMIL LETTER AU;Lo;0;L;0B92 0BD7;;;;N;;;;; +0B95;TAMIL LETTER KA;Lo;0;L;;;;;N;;;;; +0B99;TAMIL LETTER NGA;Lo;0;L;;;;;N;;;;; +0B9A;TAMIL LETTER CA;Lo;0;L;;;;;N;;;;; +0B9C;TAMIL LETTER JA;Lo;0;L;;;;;N;;;;; +0B9E;TAMIL LETTER NYA;Lo;0;L;;;;;N;;;;; +0B9F;TAMIL LETTER TTA;Lo;0;L;;;;;N;;;;; +0BA3;TAMIL LETTER NNA;Lo;0;L;;;;;N;;;;; +0BA4;TAMIL LETTER TA;Lo;0;L;;;;;N;;;;; +0BA8;TAMIL LETTER NA;Lo;0;L;;;;;N;;;;; +0BA9;TAMIL LETTER NNNA;Lo;0;L;;;;;N;;;;; +0BAA;TAMIL LETTER PA;Lo;0;L;;;;;N;;;;; +0BAE;TAMIL LETTER MA;Lo;0;L;;;;;N;;;;; +0BAF;TAMIL LETTER YA;Lo;0;L;;;;;N;;;;; +0BB0;TAMIL LETTER RA;Lo;0;L;;;;;N;;;;; +0BB1;TAMIL LETTER RRA;Lo;0;L;;;;;N;;;;; +0BB2;TAMIL LETTER LA;Lo;0;L;;;;;N;;;;; +0BB3;TAMIL LETTER LLA;Lo;0;L;;;;;N;;;;; +0BB4;TAMIL LETTER LLLA;Lo;0;L;;;;;N;;;;; +0BB5;TAMIL LETTER VA;Lo;0;L;;;;;N;;;;; +0BB7;TAMIL LETTER SSA;Lo;0;L;;;;;N;;;;; +0BB8;TAMIL LETTER SA;Lo;0;L;;;;;N;;;;; +0BB9;TAMIL LETTER HA;Lo;0;L;;;;;N;;;;; +0BBE;TAMIL VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +0BBF;TAMIL VOWEL SIGN I;Mc;0;L;;;;;N;;;;; +0BC0;TAMIL VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;; +0BC1;TAMIL VOWEL SIGN U;Mc;0;L;;;;;N;;;;; +0BC2;TAMIL VOWEL SIGN UU;Mc;0;L;;;;;N;;;;; +0BC6;TAMIL VOWEL SIGN E;Mc;0;L;;;;;N;;;;; +0BC7;TAMIL VOWEL SIGN EE;Mc;0;L;;;;;N;;;;; +0BC8;TAMIL VOWEL SIGN AI;Mc;0;L;;;;;N;;;;; +0BCA;TAMIL VOWEL SIGN O;Mc;0;L;0BC6 0BBE;;;;N;;;;; +0BCB;TAMIL VOWEL SIGN OO;Mc;0;L;0BC7 0BBE;;;;N;;;;; +0BCC;TAMIL VOWEL SIGN AU;Mc;0;L;0BC6 0BD7;;;;N;;;;; +0BCD;TAMIL SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +0BD7;TAMIL AU LENGTH MARK;Mc;0;L;;;;;N;;;;; +0BE7;TAMIL DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0BE8;TAMIL DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0BE9;TAMIL DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0BEA;TAMIL DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0BEB;TAMIL DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0BEC;TAMIL DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0BED;TAMIL DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0BEE;TAMIL DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0BEF;TAMIL DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0BF0;TAMIL NUMBER TEN;No;0;L;;;;10;N;;;;; +0BF1;TAMIL NUMBER ONE HUNDRED;No;0;L;;;;100;N;;;;; +0BF2;TAMIL NUMBER ONE THOUSAND;No;0;L;;;;1000;N;;;;; +0BF3;TAMIL DAY SIGN;So;0;ON;;;;;N;;Naal;;; +0BF4;TAMIL MONTH SIGN;So;0;ON;;;;;N;;Maatham;;; +0BF5;TAMIL YEAR SIGN;So;0;ON;;;;;N;;Varudam;;; +0BF6;TAMIL DEBIT SIGN;So;0;ON;;;;;N;;Patru;;; +0BF7;TAMIL CREDIT SIGN;So;0;ON;;;;;N;;Varavu;;; +0BF8;TAMIL AS ABOVE SIGN;So;0;ON;;;;;N;;Merpadi;;; +0BF9;TAMIL RUPEE SIGN;Sc;0;ET;;;;;N;;Rupai;;; +0BFA;TAMIL NUMBER SIGN;So;0;ON;;;;;N;;Enn;;; +0C01;TELUGU SIGN CANDRABINDU;Mc;0;L;;;;;N;;;;; +0C02;TELUGU SIGN ANUSVARA;Mc;0;L;;;;;N;;;;; +0C03;TELUGU SIGN VISARGA;Mc;0;L;;;;;N;;;;; +0C05;TELUGU LETTER A;Lo;0;L;;;;;N;;;;; +0C06;TELUGU LETTER AA;Lo;0;L;;;;;N;;;;; +0C07;TELUGU LETTER I;Lo;0;L;;;;;N;;;;; +0C08;TELUGU LETTER II;Lo;0;L;;;;;N;;;;; +0C09;TELUGU LETTER U;Lo;0;L;;;;;N;;;;; +0C0A;TELUGU LETTER UU;Lo;0;L;;;;;N;;;;; +0C0B;TELUGU LETTER VOCALIC R;Lo;0;L;;;;;N;;;;; +0C0C;TELUGU LETTER VOCALIC L;Lo;0;L;;;;;N;;;;; +0C0E;TELUGU LETTER E;Lo;0;L;;;;;N;;;;; +0C0F;TELUGU LETTER EE;Lo;0;L;;;;;N;;;;; +0C10;TELUGU LETTER AI;Lo;0;L;;;;;N;;;;; +0C12;TELUGU LETTER O;Lo;0;L;;;;;N;;;;; +0C13;TELUGU LETTER OO;Lo;0;L;;;;;N;;;;; +0C14;TELUGU LETTER AU;Lo;0;L;;;;;N;;;;; +0C15;TELUGU LETTER KA;Lo;0;L;;;;;N;;;;; +0C16;TELUGU LETTER KHA;Lo;0;L;;;;;N;;;;; +0C17;TELUGU LETTER GA;Lo;0;L;;;;;N;;;;; +0C18;TELUGU LETTER GHA;Lo;0;L;;;;;N;;;;; +0C19;TELUGU LETTER NGA;Lo;0;L;;;;;N;;;;; +0C1A;TELUGU LETTER CA;Lo;0;L;;;;;N;;;;; +0C1B;TELUGU LETTER CHA;Lo;0;L;;;;;N;;;;; +0C1C;TELUGU LETTER JA;Lo;0;L;;;;;N;;;;; +0C1D;TELUGU LETTER JHA;Lo;0;L;;;;;N;;;;; +0C1E;TELUGU LETTER NYA;Lo;0;L;;;;;N;;;;; +0C1F;TELUGU LETTER TTA;Lo;0;L;;;;;N;;;;; +0C20;TELUGU LETTER TTHA;Lo;0;L;;;;;N;;;;; +0C21;TELUGU LETTER DDA;Lo;0;L;;;;;N;;;;; +0C22;TELUGU LETTER DDHA;Lo;0;L;;;;;N;;;;; +0C23;TELUGU LETTER NNA;Lo;0;L;;;;;N;;;;; +0C24;TELUGU LETTER TA;Lo;0;L;;;;;N;;;;; +0C25;TELUGU LETTER THA;Lo;0;L;;;;;N;;;;; +0C26;TELUGU LETTER DA;Lo;0;L;;;;;N;;;;; +0C27;TELUGU LETTER DHA;Lo;0;L;;;;;N;;;;; +0C28;TELUGU LETTER NA;Lo;0;L;;;;;N;;;;; +0C2A;TELUGU LETTER PA;Lo;0;L;;;;;N;;;;; +0C2B;TELUGU LETTER PHA;Lo;0;L;;;;;N;;;;; +0C2C;TELUGU LETTER BA;Lo;0;L;;;;;N;;;;; +0C2D;TELUGU LETTER BHA;Lo;0;L;;;;;N;;;;; +0C2E;TELUGU LETTER MA;Lo;0;L;;;;;N;;;;; +0C2F;TELUGU LETTER YA;Lo;0;L;;;;;N;;;;; +0C30;TELUGU LETTER RA;Lo;0;L;;;;;N;;;;; +0C31;TELUGU LETTER RRA;Lo;0;L;;;;;N;;;;; +0C32;TELUGU LETTER LA;Lo;0;L;;;;;N;;;;; +0C33;TELUGU LETTER LLA;Lo;0;L;;;;;N;;;;; +0C35;TELUGU LETTER VA;Lo;0;L;;;;;N;;;;; +0C36;TELUGU LETTER SHA;Lo;0;L;;;;;N;;;;; +0C37;TELUGU LETTER SSA;Lo;0;L;;;;;N;;;;; +0C38;TELUGU LETTER SA;Lo;0;L;;;;;N;;;;; +0C39;TELUGU LETTER HA;Lo;0;L;;;;;N;;;;; +0C3E;TELUGU VOWEL SIGN AA;Mn;0;NSM;;;;;N;;;;; +0C3F;TELUGU VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +0C40;TELUGU VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;; +0C41;TELUGU VOWEL SIGN U;Mc;0;L;;;;;N;;;;; +0C42;TELUGU VOWEL SIGN UU;Mc;0;L;;;;;N;;;;; +0C43;TELUGU VOWEL SIGN VOCALIC R;Mc;0;L;;;;;N;;;;; +0C44;TELUGU VOWEL SIGN VOCALIC RR;Mc;0;L;;;;;N;;;;; +0C46;TELUGU VOWEL SIGN E;Mn;0;NSM;;;;;N;;;;; +0C47;TELUGU VOWEL SIGN EE;Mn;0;NSM;;;;;N;;;;; +0C48;TELUGU VOWEL SIGN AI;Mn;0;NSM;0C46 0C56;;;;N;;;;; +0C4A;TELUGU VOWEL SIGN O;Mn;0;NSM;;;;;N;;;;; +0C4B;TELUGU VOWEL SIGN OO;Mn;0;NSM;;;;;N;;;;; +0C4C;TELUGU VOWEL SIGN AU;Mn;0;NSM;;;;;N;;;;; +0C4D;TELUGU SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +0C55;TELUGU LENGTH MARK;Mn;84;NSM;;;;;N;;;;; +0C56;TELUGU AI LENGTH MARK;Mn;91;NSM;;;;;N;;;;; +0C60;TELUGU LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;; +0C61;TELUGU LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;; +0C66;TELUGU DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0C67;TELUGU DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0C68;TELUGU DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0C69;TELUGU DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0C6A;TELUGU DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0C6B;TELUGU DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0C6C;TELUGU DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0C6D;TELUGU DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0C6E;TELUGU DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0C6F;TELUGU DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0C82;KANNADA SIGN ANUSVARA;Mc;0;L;;;;;N;;;;; +0C83;KANNADA SIGN VISARGA;Mc;0;L;;;;;N;;;;; +0C85;KANNADA LETTER A;Lo;0;L;;;;;N;;;;; +0C86;KANNADA LETTER AA;Lo;0;L;;;;;N;;;;; +0C87;KANNADA LETTER I;Lo;0;L;;;;;N;;;;; +0C88;KANNADA LETTER II;Lo;0;L;;;;;N;;;;; +0C89;KANNADA LETTER U;Lo;0;L;;;;;N;;;;; +0C8A;KANNADA LETTER UU;Lo;0;L;;;;;N;;;;; +0C8B;KANNADA LETTER VOCALIC R;Lo;0;L;;;;;N;;;;; +0C8C;KANNADA LETTER VOCALIC L;Lo;0;L;;;;;N;;;;; +0C8E;KANNADA LETTER E;Lo;0;L;;;;;N;;;;; +0C8F;KANNADA LETTER EE;Lo;0;L;;;;;N;;;;; +0C90;KANNADA LETTER AI;Lo;0;L;;;;;N;;;;; +0C92;KANNADA LETTER O;Lo;0;L;;;;;N;;;;; +0C93;KANNADA LETTER OO;Lo;0;L;;;;;N;;;;; +0C94;KANNADA LETTER AU;Lo;0;L;;;;;N;;;;; +0C95;KANNADA LETTER KA;Lo;0;L;;;;;N;;;;; +0C96;KANNADA LETTER KHA;Lo;0;L;;;;;N;;;;; +0C97;KANNADA LETTER GA;Lo;0;L;;;;;N;;;;; +0C98;KANNADA LETTER GHA;Lo;0;L;;;;;N;;;;; +0C99;KANNADA LETTER NGA;Lo;0;L;;;;;N;;;;; +0C9A;KANNADA LETTER CA;Lo;0;L;;;;;N;;;;; +0C9B;KANNADA LETTER CHA;Lo;0;L;;;;;N;;;;; +0C9C;KANNADA LETTER JA;Lo;0;L;;;;;N;;;;; +0C9D;KANNADA LETTER JHA;Lo;0;L;;;;;N;;;;; +0C9E;KANNADA LETTER NYA;Lo;0;L;;;;;N;;;;; +0C9F;KANNADA LETTER TTA;Lo;0;L;;;;;N;;;;; +0CA0;KANNADA LETTER TTHA;Lo;0;L;;;;;N;;;;; +0CA1;KANNADA LETTER DDA;Lo;0;L;;;;;N;;;;; +0CA2;KANNADA LETTER DDHA;Lo;0;L;;;;;N;;;;; +0CA3;KANNADA LETTER NNA;Lo;0;L;;;;;N;;;;; +0CA4;KANNADA LETTER TA;Lo;0;L;;;;;N;;;;; +0CA5;KANNADA LETTER THA;Lo;0;L;;;;;N;;;;; +0CA6;KANNADA LETTER DA;Lo;0;L;;;;;N;;;;; +0CA7;KANNADA LETTER DHA;Lo;0;L;;;;;N;;;;; +0CA8;KANNADA LETTER NA;Lo;0;L;;;;;N;;;;; +0CAA;KANNADA LETTER PA;Lo;0;L;;;;;N;;;;; +0CAB;KANNADA LETTER PHA;Lo;0;L;;;;;N;;;;; +0CAC;KANNADA LETTER BA;Lo;0;L;;;;;N;;;;; +0CAD;KANNADA LETTER BHA;Lo;0;L;;;;;N;;;;; +0CAE;KANNADA LETTER MA;Lo;0;L;;;;;N;;;;; +0CAF;KANNADA LETTER YA;Lo;0;L;;;;;N;;;;; +0CB0;KANNADA LETTER RA;Lo;0;L;;;;;N;;;;; +0CB1;KANNADA LETTER RRA;Lo;0;L;;;;;N;;;;; +0CB2;KANNADA LETTER LA;Lo;0;L;;;;;N;;;;; +0CB3;KANNADA LETTER LLA;Lo;0;L;;;;;N;;;;; +0CB5;KANNADA LETTER VA;Lo;0;L;;;;;N;;;;; +0CB6;KANNADA LETTER SHA;Lo;0;L;;;;;N;;;;; +0CB7;KANNADA LETTER SSA;Lo;0;L;;;;;N;;;;; +0CB8;KANNADA LETTER SA;Lo;0;L;;;;;N;;;;; +0CB9;KANNADA LETTER HA;Lo;0;L;;;;;N;;;;; +0CBC;KANNADA SIGN NUKTA;Mn;7;NSM;;;;;N;;;;; +0CBD;KANNADA SIGN AVAGRAHA;Lo;0;L;;;;;N;;;;; +0CBE;KANNADA VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +0CBF;KANNADA VOWEL SIGN I;Mn;0;L;;;;;N;;;;; +0CC0;KANNADA VOWEL SIGN II;Mc;0;L;0CBF 0CD5;;;;N;;;;; +0CC1;KANNADA VOWEL SIGN U;Mc;0;L;;;;;N;;;;; +0CC2;KANNADA VOWEL SIGN UU;Mc;0;L;;;;;N;;;;; +0CC3;KANNADA VOWEL SIGN VOCALIC R;Mc;0;L;;;;;N;;;;; +0CC4;KANNADA VOWEL SIGN VOCALIC RR;Mc;0;L;;;;;N;;;;; +0CC6;KANNADA VOWEL SIGN E;Mn;0;L;;;;;N;;;;; +0CC7;KANNADA VOWEL SIGN EE;Mc;0;L;0CC6 0CD5;;;;N;;;;; +0CC8;KANNADA VOWEL SIGN AI;Mc;0;L;0CC6 0CD6;;;;N;;;;; +0CCA;KANNADA VOWEL SIGN O;Mc;0;L;0CC6 0CC2;;;;N;;;;; +0CCB;KANNADA VOWEL SIGN OO;Mc;0;L;0CCA 0CD5;;;;N;;;;; +0CCC;KANNADA VOWEL SIGN AU;Mn;0;NSM;;;;;N;;;;; +0CCD;KANNADA SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +0CD5;KANNADA LENGTH MARK;Mc;0;L;;;;;N;;;;; +0CD6;KANNADA AI LENGTH MARK;Mc;0;L;;;;;N;;;;; +0CDE;KANNADA LETTER FA;Lo;0;L;;;;;N;;;;; +0CE0;KANNADA LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;; +0CE1;KANNADA LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;; +0CE6;KANNADA DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0CE7;KANNADA DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0CE8;KANNADA DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0CE9;KANNADA DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0CEA;KANNADA DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0CEB;KANNADA DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0CEC;KANNADA DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0CED;KANNADA DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0CEE;KANNADA DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0CEF;KANNADA DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0D02;MALAYALAM SIGN ANUSVARA;Mc;0;L;;;;;N;;;;; +0D03;MALAYALAM SIGN VISARGA;Mc;0;L;;;;;N;;;;; +0D05;MALAYALAM LETTER A;Lo;0;L;;;;;N;;;;; +0D06;MALAYALAM LETTER AA;Lo;0;L;;;;;N;;;;; +0D07;MALAYALAM LETTER I;Lo;0;L;;;;;N;;;;; +0D08;MALAYALAM LETTER II;Lo;0;L;;;;;N;;;;; +0D09;MALAYALAM LETTER U;Lo;0;L;;;;;N;;;;; +0D0A;MALAYALAM LETTER UU;Lo;0;L;;;;;N;;;;; +0D0B;MALAYALAM LETTER VOCALIC R;Lo;0;L;;;;;N;;;;; +0D0C;MALAYALAM LETTER VOCALIC L;Lo;0;L;;;;;N;;;;; +0D0E;MALAYALAM LETTER E;Lo;0;L;;;;;N;;;;; +0D0F;MALAYALAM LETTER EE;Lo;0;L;;;;;N;;;;; +0D10;MALAYALAM LETTER AI;Lo;0;L;;;;;N;;;;; +0D12;MALAYALAM LETTER O;Lo;0;L;;;;;N;;;;; +0D13;MALAYALAM LETTER OO;Lo;0;L;;;;;N;;;;; +0D14;MALAYALAM LETTER AU;Lo;0;L;;;;;N;;;;; +0D15;MALAYALAM LETTER KA;Lo;0;L;;;;;N;;;;; +0D16;MALAYALAM LETTER KHA;Lo;0;L;;;;;N;;;;; +0D17;MALAYALAM LETTER GA;Lo;0;L;;;;;N;;;;; +0D18;MALAYALAM LETTER GHA;Lo;0;L;;;;;N;;;;; +0D19;MALAYALAM LETTER NGA;Lo;0;L;;;;;N;;;;; +0D1A;MALAYALAM LETTER CA;Lo;0;L;;;;;N;;;;; +0D1B;MALAYALAM LETTER CHA;Lo;0;L;;;;;N;;;;; +0D1C;MALAYALAM LETTER JA;Lo;0;L;;;;;N;;;;; +0D1D;MALAYALAM LETTER JHA;Lo;0;L;;;;;N;;;;; +0D1E;MALAYALAM LETTER NYA;Lo;0;L;;;;;N;;;;; +0D1F;MALAYALAM LETTER TTA;Lo;0;L;;;;;N;;;;; +0D20;MALAYALAM LETTER TTHA;Lo;0;L;;;;;N;;;;; +0D21;MALAYALAM LETTER DDA;Lo;0;L;;;;;N;;;;; +0D22;MALAYALAM LETTER DDHA;Lo;0;L;;;;;N;;;;; +0D23;MALAYALAM LETTER NNA;Lo;0;L;;;;;N;;;;; +0D24;MALAYALAM LETTER TA;Lo;0;L;;;;;N;;;;; +0D25;MALAYALAM LETTER THA;Lo;0;L;;;;;N;;;;; +0D26;MALAYALAM LETTER DA;Lo;0;L;;;;;N;;;;; +0D27;MALAYALAM LETTER DHA;Lo;0;L;;;;;N;;;;; +0D28;MALAYALAM LETTER NA;Lo;0;L;;;;;N;;;;; +0D2A;MALAYALAM LETTER PA;Lo;0;L;;;;;N;;;;; +0D2B;MALAYALAM LETTER PHA;Lo;0;L;;;;;N;;;;; +0D2C;MALAYALAM LETTER BA;Lo;0;L;;;;;N;;;;; +0D2D;MALAYALAM LETTER BHA;Lo;0;L;;;;;N;;;;; +0D2E;MALAYALAM LETTER MA;Lo;0;L;;;;;N;;;;; +0D2F;MALAYALAM LETTER YA;Lo;0;L;;;;;N;;;;; +0D30;MALAYALAM LETTER RA;Lo;0;L;;;;;N;;;;; +0D31;MALAYALAM LETTER RRA;Lo;0;L;;;;;N;;;;; +0D32;MALAYALAM LETTER LA;Lo;0;L;;;;;N;;;;; +0D33;MALAYALAM LETTER LLA;Lo;0;L;;;;;N;;;;; +0D34;MALAYALAM LETTER LLLA;Lo;0;L;;;;;N;;;;; +0D35;MALAYALAM LETTER VA;Lo;0;L;;;;;N;;;;; +0D36;MALAYALAM LETTER SHA;Lo;0;L;;;;;N;;;;; +0D37;MALAYALAM LETTER SSA;Lo;0;L;;;;;N;;;;; +0D38;MALAYALAM LETTER SA;Lo;0;L;;;;;N;;;;; +0D39;MALAYALAM LETTER HA;Lo;0;L;;;;;N;;;;; +0D3E;MALAYALAM VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +0D3F;MALAYALAM VOWEL SIGN I;Mc;0;L;;;;;N;;;;; +0D40;MALAYALAM VOWEL SIGN II;Mc;0;L;;;;;N;;;;; +0D41;MALAYALAM VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +0D42;MALAYALAM VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;; +0D43;MALAYALAM VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;; +0D46;MALAYALAM VOWEL SIGN E;Mc;0;L;;;;;N;;;;; +0D47;MALAYALAM VOWEL SIGN EE;Mc;0;L;;;;;N;;;;; +0D48;MALAYALAM VOWEL SIGN AI;Mc;0;L;;;;;N;;;;; +0D4A;MALAYALAM VOWEL SIGN O;Mc;0;L;0D46 0D3E;;;;N;;;;; +0D4B;MALAYALAM VOWEL SIGN OO;Mc;0;L;0D47 0D3E;;;;N;;;;; +0D4C;MALAYALAM VOWEL SIGN AU;Mc;0;L;0D46 0D57;;;;N;;;;; +0D4D;MALAYALAM SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +0D57;MALAYALAM AU LENGTH MARK;Mc;0;L;;;;;N;;;;; +0D60;MALAYALAM LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;; +0D61;MALAYALAM LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;; +0D66;MALAYALAM DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0D67;MALAYALAM DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0D68;MALAYALAM DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0D69;MALAYALAM DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0D6A;MALAYALAM DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0D6B;MALAYALAM DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0D6C;MALAYALAM DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0D6D;MALAYALAM DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0D6E;MALAYALAM DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0D6F;MALAYALAM DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0D82;SINHALA SIGN ANUSVARAYA;Mc;0;L;;;;;N;;;;; +0D83;SINHALA SIGN VISARGAYA;Mc;0;L;;;;;N;;;;; +0D85;SINHALA LETTER AYANNA;Lo;0;L;;;;;N;;;;; +0D86;SINHALA LETTER AAYANNA;Lo;0;L;;;;;N;;;;; +0D87;SINHALA LETTER AEYANNA;Lo;0;L;;;;;N;;;;; +0D88;SINHALA LETTER AEEYANNA;Lo;0;L;;;;;N;;;;; +0D89;SINHALA LETTER IYANNA;Lo;0;L;;;;;N;;;;; +0D8A;SINHALA LETTER IIYANNA;Lo;0;L;;;;;N;;;;; +0D8B;SINHALA LETTER UYANNA;Lo;0;L;;;;;N;;;;; +0D8C;SINHALA LETTER UUYANNA;Lo;0;L;;;;;N;;;;; +0D8D;SINHALA LETTER IRUYANNA;Lo;0;L;;;;;N;;;;; +0D8E;SINHALA LETTER IRUUYANNA;Lo;0;L;;;;;N;;;;; +0D8F;SINHALA LETTER ILUYANNA;Lo;0;L;;;;;N;;;;; +0D90;SINHALA LETTER ILUUYANNA;Lo;0;L;;;;;N;;;;; +0D91;SINHALA LETTER EYANNA;Lo;0;L;;;;;N;;;;; +0D92;SINHALA LETTER EEYANNA;Lo;0;L;;;;;N;;;;; +0D93;SINHALA LETTER AIYANNA;Lo;0;L;;;;;N;;;;; +0D94;SINHALA LETTER OYANNA;Lo;0;L;;;;;N;;;;; +0D95;SINHALA LETTER OOYANNA;Lo;0;L;;;;;N;;;;; +0D96;SINHALA LETTER AUYANNA;Lo;0;L;;;;;N;;;;; +0D9A;SINHALA LETTER ALPAPRAANA KAYANNA;Lo;0;L;;;;;N;;;;; +0D9B;SINHALA LETTER MAHAAPRAANA KAYANNA;Lo;0;L;;;;;N;;;;; +0D9C;SINHALA LETTER ALPAPRAANA GAYANNA;Lo;0;L;;;;;N;;;;; +0D9D;SINHALA LETTER MAHAAPRAANA GAYANNA;Lo;0;L;;;;;N;;;;; +0D9E;SINHALA LETTER KANTAJA NAASIKYAYA;Lo;0;L;;;;;N;;;;; +0D9F;SINHALA LETTER SANYAKA GAYANNA;Lo;0;L;;;;;N;;;;; +0DA0;SINHALA LETTER ALPAPRAANA CAYANNA;Lo;0;L;;;;;N;;;;; +0DA1;SINHALA LETTER MAHAAPRAANA CAYANNA;Lo;0;L;;;;;N;;;;; +0DA2;SINHALA LETTER ALPAPRAANA JAYANNA;Lo;0;L;;;;;N;;;;; +0DA3;SINHALA LETTER MAHAAPRAANA JAYANNA;Lo;0;L;;;;;N;;;;; +0DA4;SINHALA LETTER TAALUJA NAASIKYAYA;Lo;0;L;;;;;N;;;;; +0DA5;SINHALA LETTER TAALUJA SANYOOGA NAAKSIKYAYA;Lo;0;L;;;;;N;;;;; +0DA6;SINHALA LETTER SANYAKA JAYANNA;Lo;0;L;;;;;N;;;;; +0DA7;SINHALA LETTER ALPAPRAANA TTAYANNA;Lo;0;L;;;;;N;;;;; +0DA8;SINHALA LETTER MAHAAPRAANA TTAYANNA;Lo;0;L;;;;;N;;;;; +0DA9;SINHALA LETTER ALPAPRAANA DDAYANNA;Lo;0;L;;;;;N;;;;; +0DAA;SINHALA LETTER MAHAAPRAANA DDAYANNA;Lo;0;L;;;;;N;;;;; +0DAB;SINHALA LETTER MUURDHAJA NAYANNA;Lo;0;L;;;;;N;;;;; +0DAC;SINHALA LETTER SANYAKA DDAYANNA;Lo;0;L;;;;;N;;;;; +0DAD;SINHALA LETTER ALPAPRAANA TAYANNA;Lo;0;L;;;;;N;;;;; +0DAE;SINHALA LETTER MAHAAPRAANA TAYANNA;Lo;0;L;;;;;N;;;;; +0DAF;SINHALA LETTER ALPAPRAANA DAYANNA;Lo;0;L;;;;;N;;;;; +0DB0;SINHALA LETTER MAHAAPRAANA DAYANNA;Lo;0;L;;;;;N;;;;; +0DB1;SINHALA LETTER DANTAJA NAYANNA;Lo;0;L;;;;;N;;;;; +0DB3;SINHALA LETTER SANYAKA DAYANNA;Lo;0;L;;;;;N;;;;; +0DB4;SINHALA LETTER ALPAPRAANA PAYANNA;Lo;0;L;;;;;N;;;;; +0DB5;SINHALA LETTER MAHAAPRAANA PAYANNA;Lo;0;L;;;;;N;;;;; +0DB6;SINHALA LETTER ALPAPRAANA BAYANNA;Lo;0;L;;;;;N;;;;; +0DB7;SINHALA LETTER MAHAAPRAANA BAYANNA;Lo;0;L;;;;;N;;;;; +0DB8;SINHALA LETTER MAYANNA;Lo;0;L;;;;;N;;;;; +0DB9;SINHALA LETTER AMBA BAYANNA;Lo;0;L;;;;;N;;;;; +0DBA;SINHALA LETTER YAYANNA;Lo;0;L;;;;;N;;;;; +0DBB;SINHALA LETTER RAYANNA;Lo;0;L;;;;;N;;;;; +0DBD;SINHALA LETTER DANTAJA LAYANNA;Lo;0;L;;;;;N;;;;; +0DC0;SINHALA LETTER VAYANNA;Lo;0;L;;;;;N;;;;; +0DC1;SINHALA LETTER TAALUJA SAYANNA;Lo;0;L;;;;;N;;;;; +0DC2;SINHALA LETTER MUURDHAJA SAYANNA;Lo;0;L;;;;;N;;;;; +0DC3;SINHALA LETTER DANTAJA SAYANNA;Lo;0;L;;;;;N;;;;; +0DC4;SINHALA LETTER HAYANNA;Lo;0;L;;;;;N;;;;; +0DC5;SINHALA LETTER MUURDHAJA LAYANNA;Lo;0;L;;;;;N;;;;; +0DC6;SINHALA LETTER FAYANNA;Lo;0;L;;;;;N;;;;; +0DCA;SINHALA SIGN AL-LAKUNA;Mn;9;NSM;;;;;N;;;;; +0DCF;SINHALA VOWEL SIGN AELA-PILLA;Mc;0;L;;;;;N;;;;; +0DD0;SINHALA VOWEL SIGN KETTI AEDA-PILLA;Mc;0;L;;;;;N;;;;; +0DD1;SINHALA VOWEL SIGN DIGA AEDA-PILLA;Mc;0;L;;;;;N;;;;; +0DD2;SINHALA VOWEL SIGN KETTI IS-PILLA;Mn;0;NSM;;;;;N;;;;; +0DD3;SINHALA VOWEL SIGN DIGA IS-PILLA;Mn;0;NSM;;;;;N;;;;; +0DD4;SINHALA VOWEL SIGN KETTI PAA-PILLA;Mn;0;NSM;;;;;N;;;;; +0DD6;SINHALA VOWEL SIGN DIGA PAA-PILLA;Mn;0;NSM;;;;;N;;;;; +0DD8;SINHALA VOWEL SIGN GAETTA-PILLA;Mc;0;L;;;;;N;;;;; +0DD9;SINHALA VOWEL SIGN KOMBUVA;Mc;0;L;;;;;N;;;;; +0DDA;SINHALA VOWEL SIGN DIGA KOMBUVA;Mc;0;L;0DD9 0DCA;;;;N;;;;; +0DDB;SINHALA VOWEL SIGN KOMBU DEKA;Mc;0;L;;;;;N;;;;; +0DDC;SINHALA VOWEL SIGN KOMBUVA HAA AELA-PILLA;Mc;0;L;0DD9 0DCF;;;;N;;;;; +0DDD;SINHALA VOWEL SIGN KOMBUVA HAA DIGA AELA-PILLA;Mc;0;L;0DDC 0DCA;;;;N;;;;; +0DDE;SINHALA VOWEL SIGN KOMBUVA HAA GAYANUKITTA;Mc;0;L;0DD9 0DDF;;;;N;;;;; +0DDF;SINHALA VOWEL SIGN GAYANUKITTA;Mc;0;L;;;;;N;;;;; +0DF2;SINHALA VOWEL SIGN DIGA GAETTA-PILLA;Mc;0;L;;;;;N;;;;; +0DF3;SINHALA VOWEL SIGN DIGA GAYANUKITTA;Mc;0;L;;;;;N;;;;; +0DF4;SINHALA PUNCTUATION KUNDDALIYA;Po;0;L;;;;;N;;;;; +0E01;THAI CHARACTER KO KAI;Lo;0;L;;;;;N;THAI LETTER KO KAI;;;; +0E02;THAI CHARACTER KHO KHAI;Lo;0;L;;;;;N;THAI LETTER KHO KHAI;;;; +0E03;THAI CHARACTER KHO KHUAT;Lo;0;L;;;;;N;THAI LETTER KHO KHUAT;;;; +0E04;THAI CHARACTER KHO KHWAI;Lo;0;L;;;;;N;THAI LETTER KHO KHWAI;;;; +0E05;THAI CHARACTER KHO KHON;Lo;0;L;;;;;N;THAI LETTER KHO KHON;;;; +0E06;THAI CHARACTER KHO RAKHANG;Lo;0;L;;;;;N;THAI LETTER KHO RAKHANG;;;; +0E07;THAI CHARACTER NGO NGU;Lo;0;L;;;;;N;THAI LETTER NGO NGU;;;; +0E08;THAI CHARACTER CHO CHAN;Lo;0;L;;;;;N;THAI LETTER CHO CHAN;;;; +0E09;THAI CHARACTER CHO CHING;Lo;0;L;;;;;N;THAI LETTER CHO CHING;;;; +0E0A;THAI CHARACTER CHO CHANG;Lo;0;L;;;;;N;THAI LETTER CHO CHANG;;;; +0E0B;THAI CHARACTER SO SO;Lo;0;L;;;;;N;THAI LETTER SO SO;;;; +0E0C;THAI CHARACTER CHO CHOE;Lo;0;L;;;;;N;THAI LETTER CHO CHOE;;;; +0E0D;THAI CHARACTER YO YING;Lo;0;L;;;;;N;THAI LETTER YO YING;;;; +0E0E;THAI CHARACTER DO CHADA;Lo;0;L;;;;;N;THAI LETTER DO CHADA;;;; +0E0F;THAI CHARACTER TO PATAK;Lo;0;L;;;;;N;THAI LETTER TO PATAK;;;; +0E10;THAI CHARACTER THO THAN;Lo;0;L;;;;;N;THAI LETTER THO THAN;;;; +0E11;THAI CHARACTER THO NANGMONTHO;Lo;0;L;;;;;N;THAI LETTER THO NANGMONTHO;;;; +0E12;THAI CHARACTER THO PHUTHAO;Lo;0;L;;;;;N;THAI LETTER THO PHUTHAO;;;; +0E13;THAI CHARACTER NO NEN;Lo;0;L;;;;;N;THAI LETTER NO NEN;;;; +0E14;THAI CHARACTER DO DEK;Lo;0;L;;;;;N;THAI LETTER DO DEK;;;; +0E15;THAI CHARACTER TO TAO;Lo;0;L;;;;;N;THAI LETTER TO TAO;;;; +0E16;THAI CHARACTER THO THUNG;Lo;0;L;;;;;N;THAI LETTER THO THUNG;;;; +0E17;THAI CHARACTER THO THAHAN;Lo;0;L;;;;;N;THAI LETTER THO THAHAN;;;; +0E18;THAI CHARACTER THO THONG;Lo;0;L;;;;;N;THAI LETTER THO THONG;;;; +0E19;THAI CHARACTER NO NU;Lo;0;L;;;;;N;THAI LETTER NO NU;;;; +0E1A;THAI CHARACTER BO BAIMAI;Lo;0;L;;;;;N;THAI LETTER BO BAIMAI;;;; +0E1B;THAI CHARACTER PO PLA;Lo;0;L;;;;;N;THAI LETTER PO PLA;;;; +0E1C;THAI CHARACTER PHO PHUNG;Lo;0;L;;;;;N;THAI LETTER PHO PHUNG;;;; +0E1D;THAI CHARACTER FO FA;Lo;0;L;;;;;N;THAI LETTER FO FA;;;; +0E1E;THAI CHARACTER PHO PHAN;Lo;0;L;;;;;N;THAI LETTER PHO PHAN;;;; +0E1F;THAI CHARACTER FO FAN;Lo;0;L;;;;;N;THAI LETTER FO FAN;;;; +0E20;THAI CHARACTER PHO SAMPHAO;Lo;0;L;;;;;N;THAI LETTER PHO SAMPHAO;;;; +0E21;THAI CHARACTER MO MA;Lo;0;L;;;;;N;THAI LETTER MO MA;;;; +0E22;THAI CHARACTER YO YAK;Lo;0;L;;;;;N;THAI LETTER YO YAK;;;; +0E23;THAI CHARACTER RO RUA;Lo;0;L;;;;;N;THAI LETTER RO RUA;;;; +0E24;THAI CHARACTER RU;Lo;0;L;;;;;N;THAI LETTER RU;;;; +0E25;THAI CHARACTER LO LING;Lo;0;L;;;;;N;THAI LETTER LO LING;;;; +0E26;THAI CHARACTER LU;Lo;0;L;;;;;N;THAI LETTER LU;;;; +0E27;THAI CHARACTER WO WAEN;Lo;0;L;;;;;N;THAI LETTER WO WAEN;;;; +0E28;THAI CHARACTER SO SALA;Lo;0;L;;;;;N;THAI LETTER SO SALA;;;; +0E29;THAI CHARACTER SO RUSI;Lo;0;L;;;;;N;THAI LETTER SO RUSI;;;; +0E2A;THAI CHARACTER SO SUA;Lo;0;L;;;;;N;THAI LETTER SO SUA;;;; +0E2B;THAI CHARACTER HO HIP;Lo;0;L;;;;;N;THAI LETTER HO HIP;;;; +0E2C;THAI CHARACTER LO CHULA;Lo;0;L;;;;;N;THAI LETTER LO CHULA;;;; +0E2D;THAI CHARACTER O ANG;Lo;0;L;;;;;N;THAI LETTER O ANG;;;; +0E2E;THAI CHARACTER HO NOKHUK;Lo;0;L;;;;;N;THAI LETTER HO NOK HUK;;;; +0E2F;THAI CHARACTER PAIYANNOI;Lo;0;L;;;;;N;THAI PAI YAN NOI;paiyan noi;;; +0E30;THAI CHARACTER SARA A;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA A;;;; +0E31;THAI CHARACTER MAI HAN-AKAT;Mn;0;NSM;;;;;N;THAI VOWEL SIGN MAI HAN-AKAT;;;; +0E32;THAI CHARACTER SARA AA;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA AA;;;; +0E33;THAI CHARACTER SARA AM;Lo;0;L; 0E4D 0E32;;;;N;THAI VOWEL SIGN SARA AM;;;; +0E34;THAI CHARACTER SARA I;Mn;0;NSM;;;;;N;THAI VOWEL SIGN SARA I;;;; +0E35;THAI CHARACTER SARA II;Mn;0;NSM;;;;;N;THAI VOWEL SIGN SARA II;;;; +0E36;THAI CHARACTER SARA UE;Mn;0;NSM;;;;;N;THAI VOWEL SIGN SARA UE;;;; +0E37;THAI CHARACTER SARA UEE;Mn;0;NSM;;;;;N;THAI VOWEL SIGN SARA UEE;sara uue;;; +0E38;THAI CHARACTER SARA U;Mn;103;NSM;;;;;N;THAI VOWEL SIGN SARA U;;;; +0E39;THAI CHARACTER SARA UU;Mn;103;NSM;;;;;N;THAI VOWEL SIGN SARA UU;;;; +0E3A;THAI CHARACTER PHINTHU;Mn;9;NSM;;;;;N;THAI VOWEL SIGN PHINTHU;;;; +0E3F;THAI CURRENCY SYMBOL BAHT;Sc;0;ET;;;;;N;THAI BAHT SIGN;;;; +0E40;THAI CHARACTER SARA E;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA E;;;; +0E41;THAI CHARACTER SARA AE;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA AE;;;; +0E42;THAI CHARACTER SARA O;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA O;;;; +0E43;THAI CHARACTER SARA AI MAIMUAN;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA MAI MUAN;sara ai mai muan;;; +0E44;THAI CHARACTER SARA AI MAIMALAI;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA MAI MALAI;sara ai mai malai;;; +0E45;THAI CHARACTER LAKKHANGYAO;Lo;0;L;;;;;N;THAI LAK KHANG YAO;lakkhang yao;;; +0E46;THAI CHARACTER MAIYAMOK;Lm;0;L;;;;;N;THAI MAI YAMOK;mai yamok;;; +0E47;THAI CHARACTER MAITAIKHU;Mn;0;NSM;;;;;N;THAI VOWEL SIGN MAI TAI KHU;mai taikhu;;; +0E48;THAI CHARACTER MAI EK;Mn;107;NSM;;;;;N;THAI TONE MAI EK;;;; +0E49;THAI CHARACTER MAI THO;Mn;107;NSM;;;;;N;THAI TONE MAI THO;;;; +0E4A;THAI CHARACTER MAI TRI;Mn;107;NSM;;;;;N;THAI TONE MAI TRI;;;; +0E4B;THAI CHARACTER MAI CHATTAWA;Mn;107;NSM;;;;;N;THAI TONE MAI CHATTAWA;;;; +0E4C;THAI CHARACTER THANTHAKHAT;Mn;0;NSM;;;;;N;THAI THANTHAKHAT;;;; +0E4D;THAI CHARACTER NIKHAHIT;Mn;0;NSM;;;;;N;THAI NIKKHAHIT;nikkhahit;;; +0E4E;THAI CHARACTER YAMAKKAN;Mn;0;NSM;;;;;N;THAI YAMAKKAN;;;; +0E4F;THAI CHARACTER FONGMAN;Po;0;L;;;;;N;THAI FONGMAN;;;; +0E50;THAI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0E51;THAI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0E52;THAI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0E53;THAI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0E54;THAI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0E55;THAI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0E56;THAI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0E57;THAI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0E58;THAI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0E59;THAI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0E5A;THAI CHARACTER ANGKHANKHU;Po;0;L;;;;;N;THAI ANGKHANKHU;;;; +0E5B;THAI CHARACTER KHOMUT;Po;0;L;;;;;N;THAI KHOMUT;;;; +0E81;LAO LETTER KO;Lo;0;L;;;;;N;;;;; +0E82;LAO LETTER KHO SUNG;Lo;0;L;;;;;N;;;;; +0E84;LAO LETTER KHO TAM;Lo;0;L;;;;;N;;;;; +0E87;LAO LETTER NGO;Lo;0;L;;;;;N;;;;; +0E88;LAO LETTER CO;Lo;0;L;;;;;N;;;;; +0E8A;LAO LETTER SO TAM;Lo;0;L;;;;;N;;;;; +0E8D;LAO LETTER NYO;Lo;0;L;;;;;N;;;;; +0E94;LAO LETTER DO;Lo;0;L;;;;;N;;;;; +0E95;LAO LETTER TO;Lo;0;L;;;;;N;;;;; +0E96;LAO LETTER THO SUNG;Lo;0;L;;;;;N;;;;; +0E97;LAO LETTER THO TAM;Lo;0;L;;;;;N;;;;; +0E99;LAO LETTER NO;Lo;0;L;;;;;N;;;;; +0E9A;LAO LETTER BO;Lo;0;L;;;;;N;;;;; +0E9B;LAO LETTER PO;Lo;0;L;;;;;N;;;;; +0E9C;LAO LETTER PHO SUNG;Lo;0;L;;;;;N;;;;; +0E9D;LAO LETTER FO TAM;Lo;0;L;;;;;N;;;;; +0E9E;LAO LETTER PHO TAM;Lo;0;L;;;;;N;;;;; +0E9F;LAO LETTER FO SUNG;Lo;0;L;;;;;N;;;;; +0EA1;LAO LETTER MO;Lo;0;L;;;;;N;;;;; +0EA2;LAO LETTER YO;Lo;0;L;;;;;N;;;;; +0EA3;LAO LETTER LO LING;Lo;0;L;;;;;N;;;;; +0EA5;LAO LETTER LO LOOT;Lo;0;L;;;;;N;;;;; +0EA7;LAO LETTER WO;Lo;0;L;;;;;N;;;;; +0EAA;LAO LETTER SO SUNG;Lo;0;L;;;;;N;;;;; +0EAB;LAO LETTER HO SUNG;Lo;0;L;;;;;N;;;;; +0EAD;LAO LETTER O;Lo;0;L;;;;;N;;;;; +0EAE;LAO LETTER HO TAM;Lo;0;L;;;;;N;;;;; +0EAF;LAO ELLIPSIS;Lo;0;L;;;;;N;;;;; +0EB0;LAO VOWEL SIGN A;Lo;0;L;;;;;N;;;;; +0EB1;LAO VOWEL SIGN MAI KAN;Mn;0;NSM;;;;;N;;;;; +0EB2;LAO VOWEL SIGN AA;Lo;0;L;;;;;N;;;;; +0EB3;LAO VOWEL SIGN AM;Lo;0;L; 0ECD 0EB2;;;;N;;;;; +0EB4;LAO VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +0EB5;LAO VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;; +0EB6;LAO VOWEL SIGN Y;Mn;0;NSM;;;;;N;;;;; +0EB7;LAO VOWEL SIGN YY;Mn;0;NSM;;;;;N;;;;; +0EB8;LAO VOWEL SIGN U;Mn;118;NSM;;;;;N;;;;; +0EB9;LAO VOWEL SIGN UU;Mn;118;NSM;;;;;N;;;;; +0EBB;LAO VOWEL SIGN MAI KON;Mn;0;NSM;;;;;N;;;;; +0EBC;LAO SEMIVOWEL SIGN LO;Mn;0;NSM;;;;;N;;;;; +0EBD;LAO SEMIVOWEL SIGN NYO;Lo;0;L;;;;;N;;;;; +0EC0;LAO VOWEL SIGN E;Lo;0;L;;;;;N;;;;; +0EC1;LAO VOWEL SIGN EI;Lo;0;L;;;;;N;;;;; +0EC2;LAO VOWEL SIGN O;Lo;0;L;;;;;N;;;;; +0EC3;LAO VOWEL SIGN AY;Lo;0;L;;;;;N;;;;; +0EC4;LAO VOWEL SIGN AI;Lo;0;L;;;;;N;;;;; +0EC6;LAO KO LA;Lm;0;L;;;;;N;;;;; +0EC8;LAO TONE MAI EK;Mn;122;NSM;;;;;N;;;;; +0EC9;LAO TONE MAI THO;Mn;122;NSM;;;;;N;;;;; +0ECA;LAO TONE MAI TI;Mn;122;NSM;;;;;N;;;;; +0ECB;LAO TONE MAI CATAWA;Mn;122;NSM;;;;;N;;;;; +0ECC;LAO CANCELLATION MARK;Mn;0;NSM;;;;;N;;;;; +0ECD;LAO NIGGAHITA;Mn;0;NSM;;;;;N;;;;; +0ED0;LAO DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0ED1;LAO DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0ED2;LAO DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0ED3;LAO DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0ED4;LAO DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0ED5;LAO DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0ED6;LAO DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0ED7;LAO DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0ED8;LAO DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0ED9;LAO DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0EDC;LAO HO NO;Lo;0;L; 0EAB 0E99;;;;N;;;;; +0EDD;LAO HO MO;Lo;0;L; 0EAB 0EA1;;;;N;;;;; +0F00;TIBETAN SYLLABLE OM;Lo;0;L;;;;;N;;;;; +0F01;TIBETAN MARK GTER YIG MGO TRUNCATED A;So;0;L;;;;;N;;ter yik go a thung;;; +0F02;TIBETAN MARK GTER YIG MGO -UM RNAM BCAD MA;So;0;L;;;;;N;;ter yik go wum nam chey ma;;; +0F03;TIBETAN MARK GTER YIG MGO -UM GTER TSHEG MA;So;0;L;;;;;N;;ter yik go wum ter tsek ma;;; +0F04;TIBETAN MARK INITIAL YIG MGO MDUN MA;Po;0;L;;;;;N;TIBETAN SINGLE ORNAMENT;yik go dun ma;;; +0F05;TIBETAN MARK CLOSING YIG MGO SGAB MA;Po;0;L;;;;;N;;yik go kab ma;;; +0F06;TIBETAN MARK CARET YIG MGO PHUR SHAD MA;Po;0;L;;;;;N;;yik go pur shey ma;;; +0F07;TIBETAN MARK YIG MGO TSHEG SHAD MA;Po;0;L;;;;;N;;yik go tsek shey ma;;; +0F08;TIBETAN MARK SBRUL SHAD;Po;0;L;;;;;N;TIBETAN RGYANSHAD;drul shey;;; +0F09;TIBETAN MARK BSKUR YIG MGO;Po;0;L;;;;;N;;kur yik go;;; +0F0A;TIBETAN MARK BKA- SHOG YIG MGO;Po;0;L;;;;;N;;ka sho yik go;;; +0F0B;TIBETAN MARK INTERSYLLABIC TSHEG;Po;0;L;;;;;N;TIBETAN TSEG;tsek;;; +0F0C;TIBETAN MARK DELIMITER TSHEG BSTAR;Po;0;L; 0F0B;;;;N;;tsek tar;;; +0F0D;TIBETAN MARK SHAD;Po;0;L;;;;;N;TIBETAN SHAD;shey;;; +0F0E;TIBETAN MARK NYIS SHAD;Po;0;L;;;;;N;TIBETAN DOUBLE SHAD;nyi shey;;; +0F0F;TIBETAN MARK TSHEG SHAD;Po;0;L;;;;;N;;tsek shey;;; +0F10;TIBETAN MARK NYIS TSHEG SHAD;Po;0;L;;;;;N;;nyi tsek shey;;; +0F11;TIBETAN MARK RIN CHEN SPUNGS SHAD;Po;0;L;;;;;N;TIBETAN RINCHANPHUNGSHAD;rinchen pung shey;;; +0F12;TIBETAN MARK RGYA GRAM SHAD;Po;0;L;;;;;N;;gya tram shey;;; +0F13;TIBETAN MARK CARET -DZUD RTAGS ME LONG CAN;So;0;L;;;;;N;;dzu ta me long chen;;; +0F14;TIBETAN MARK GTER TSHEG;So;0;L;;;;;N;TIBETAN COMMA;ter tsek;;; +0F15;TIBETAN LOGOTYPE SIGN CHAD RTAGS;So;0;L;;;;;N;;che ta;;; +0F16;TIBETAN LOGOTYPE SIGN LHAG RTAGS;So;0;L;;;;;N;;hlak ta;;; +0F17;TIBETAN ASTROLOGICAL SIGN SGRA GCAN -CHAR RTAGS;So;0;L;;;;;N;;trachen char ta;;; +0F18;TIBETAN ASTROLOGICAL SIGN -KHYUD PA;Mn;220;NSM;;;;;N;;kyu pa;;; +0F19;TIBETAN ASTROLOGICAL SIGN SDONG TSHUGS;Mn;220;NSM;;;;;N;;dong tsu;;; +0F1A;TIBETAN SIGN RDEL DKAR GCIG;So;0;L;;;;;N;;deka chig;;; +0F1B;TIBETAN SIGN RDEL DKAR GNYIS;So;0;L;;;;;N;;deka nyi;;; +0F1C;TIBETAN SIGN RDEL DKAR GSUM;So;0;L;;;;;N;;deka sum;;; +0F1D;TIBETAN SIGN RDEL NAG GCIG;So;0;L;;;;;N;;dena chig;;; +0F1E;TIBETAN SIGN RDEL NAG GNYIS;So;0;L;;;;;N;;dena nyi;;; +0F1F;TIBETAN SIGN RDEL DKAR RDEL NAG;So;0;L;;;;;N;;deka dena;;; +0F20;TIBETAN DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0F21;TIBETAN DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0F22;TIBETAN DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0F23;TIBETAN DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0F24;TIBETAN DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0F25;TIBETAN DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0F26;TIBETAN DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0F27;TIBETAN DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0F28;TIBETAN DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0F29;TIBETAN DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0F2A;TIBETAN DIGIT HALF ONE;No;0;L;;;;1/2;N;;;;; +0F2B;TIBETAN DIGIT HALF TWO;No;0;L;;;;3/2;N;;;;; +0F2C;TIBETAN DIGIT HALF THREE;No;0;L;;;;5/2;N;;;;; +0F2D;TIBETAN DIGIT HALF FOUR;No;0;L;;;;7/2;N;;;;; +0F2E;TIBETAN DIGIT HALF FIVE;No;0;L;;;;9/2;N;;;;; +0F2F;TIBETAN DIGIT HALF SIX;No;0;L;;;;11/2;N;;;;; +0F30;TIBETAN DIGIT HALF SEVEN;No;0;L;;;;13/2;N;;;;; +0F31;TIBETAN DIGIT HALF EIGHT;No;0;L;;;;15/2;N;;;;; +0F32;TIBETAN DIGIT HALF NINE;No;0;L;;;;17/2;N;;;;; +0F33;TIBETAN DIGIT HALF ZERO;No;0;L;;;;-1/2;N;;;;; +0F34;TIBETAN MARK BSDUS RTAGS;So;0;L;;;;;N;;du ta;;; +0F35;TIBETAN MARK NGAS BZUNG NYI ZLA;Mn;220;NSM;;;;;N;TIBETAN HONORIFIC UNDER RING;nge zung nyi da;;; +0F36;TIBETAN MARK CARET -DZUD RTAGS BZHI MIG CAN;So;0;L;;;;;N;;dzu ta shi mig chen;;; +0F37;TIBETAN MARK NGAS BZUNG SGOR RTAGS;Mn;220;NSM;;;;;N;TIBETAN UNDER RING;nge zung gor ta;;; +0F38;TIBETAN MARK CHE MGO;So;0;L;;;;;N;;che go;;; +0F39;TIBETAN MARK TSA -PHRU;Mn;216;NSM;;;;;N;TIBETAN LENITION MARK;tsa tru;;; +0F3A;TIBETAN MARK GUG RTAGS GYON;Ps;0;ON;;;;;N;;gug ta yun;;; +0F3B;TIBETAN MARK GUG RTAGS GYAS;Pe;0;ON;;;;;N;;gug ta ye;;; +0F3C;TIBETAN MARK ANG KHANG GYON;Ps;0;ON;;;;;N;TIBETAN LEFT BRACE;ang kang yun;;; +0F3D;TIBETAN MARK ANG KHANG GYAS;Pe;0;ON;;;;;N;TIBETAN RIGHT BRACE;ang kang ye;;; +0F3E;TIBETAN SIGN YAR TSHES;Mc;0;L;;;;;N;;yar tse;;; +0F3F;TIBETAN SIGN MAR TSHES;Mc;0;L;;;;;N;;mar tse;;; +0F40;TIBETAN LETTER KA;Lo;0;L;;;;;N;;;;; +0F41;TIBETAN LETTER KHA;Lo;0;L;;;;;N;;;;; +0F42;TIBETAN LETTER GA;Lo;0;L;;;;;N;;;;; +0F43;TIBETAN LETTER GHA;Lo;0;L;0F42 0FB7;;;;N;;;;; +0F44;TIBETAN LETTER NGA;Lo;0;L;;;;;N;;;;; +0F45;TIBETAN LETTER CA;Lo;0;L;;;;;N;;;;; +0F46;TIBETAN LETTER CHA;Lo;0;L;;;;;N;;;;; +0F47;TIBETAN LETTER JA;Lo;0;L;;;;;N;;;;; +0F49;TIBETAN LETTER NYA;Lo;0;L;;;;;N;;;;; +0F4A;TIBETAN LETTER TTA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED TA;;;; +0F4B;TIBETAN LETTER TTHA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED THA;;;; +0F4C;TIBETAN LETTER DDA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED DA;;;; +0F4D;TIBETAN LETTER DDHA;Lo;0;L;0F4C 0FB7;;;;N;;;;; +0F4E;TIBETAN LETTER NNA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED NA;;;; +0F4F;TIBETAN LETTER TA;Lo;0;L;;;;;N;;;;; +0F50;TIBETAN LETTER THA;Lo;0;L;;;;;N;;;;; +0F51;TIBETAN LETTER DA;Lo;0;L;;;;;N;;;;; +0F52;TIBETAN LETTER DHA;Lo;0;L;0F51 0FB7;;;;N;;;;; +0F53;TIBETAN LETTER NA;Lo;0;L;;;;;N;;;;; +0F54;TIBETAN LETTER PA;Lo;0;L;;;;;N;;;;; +0F55;TIBETAN LETTER PHA;Lo;0;L;;;;;N;;;;; +0F56;TIBETAN LETTER BA;Lo;0;L;;;;;N;;;;; +0F57;TIBETAN LETTER BHA;Lo;0;L;0F56 0FB7;;;;N;;;;; +0F58;TIBETAN LETTER MA;Lo;0;L;;;;;N;;;;; +0F59;TIBETAN LETTER TSA;Lo;0;L;;;;;N;;;;; +0F5A;TIBETAN LETTER TSHA;Lo;0;L;;;;;N;;;;; +0F5B;TIBETAN LETTER DZA;Lo;0;L;;;;;N;;;;; +0F5C;TIBETAN LETTER DZHA;Lo;0;L;0F5B 0FB7;;;;N;;;;; +0F5D;TIBETAN LETTER WA;Lo;0;L;;;;;N;;;;; +0F5E;TIBETAN LETTER ZHA;Lo;0;L;;;;;N;;;;; +0F5F;TIBETAN LETTER ZA;Lo;0;L;;;;;N;;;;; +0F60;TIBETAN LETTER -A;Lo;0;L;;;;;N;TIBETAN LETTER AA;;;; +0F61;TIBETAN LETTER YA;Lo;0;L;;;;;N;;;;; +0F62;TIBETAN LETTER RA;Lo;0;L;;;;;N;;*;;; +0F63;TIBETAN LETTER LA;Lo;0;L;;;;;N;;;;; +0F64;TIBETAN LETTER SHA;Lo;0;L;;;;;N;;;;; +0F65;TIBETAN LETTER SSA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED SHA;;;; +0F66;TIBETAN LETTER SA;Lo;0;L;;;;;N;;;;; +0F67;TIBETAN LETTER HA;Lo;0;L;;;;;N;;;;; +0F68;TIBETAN LETTER A;Lo;0;L;;;;;N;;;;; +0F69;TIBETAN LETTER KSSA;Lo;0;L;0F40 0FB5;;;;N;;;;; +0F6A;TIBETAN LETTER FIXED-FORM RA;Lo;0;L;;;;;N;;*;;; +0F71;TIBETAN VOWEL SIGN AA;Mn;129;NSM;;;;;N;;;;; +0F72;TIBETAN VOWEL SIGN I;Mn;130;NSM;;;;;N;;;;; +0F73;TIBETAN VOWEL SIGN II;Mn;0;NSM;0F71 0F72;;;;N;;;;; +0F74;TIBETAN VOWEL SIGN U;Mn;132;NSM;;;;;N;;;;; +0F75;TIBETAN VOWEL SIGN UU;Mn;0;NSM;0F71 0F74;;;;N;;;;; +0F76;TIBETAN VOWEL SIGN VOCALIC R;Mn;0;NSM;0FB2 0F80;;;;N;;;;; +0F77;TIBETAN VOWEL SIGN VOCALIC RR;Mn;0;NSM; 0FB2 0F81;;;;N;;;;; +0F78;TIBETAN VOWEL SIGN VOCALIC L;Mn;0;NSM;0FB3 0F80;;;;N;;;;; +0F79;TIBETAN VOWEL SIGN VOCALIC LL;Mn;0;NSM; 0FB3 0F81;;;;N;;;;; +0F7A;TIBETAN VOWEL SIGN E;Mn;130;NSM;;;;;N;;;;; +0F7B;TIBETAN VOWEL SIGN EE;Mn;130;NSM;;;;;N;TIBETAN VOWEL SIGN AI;;;; +0F7C;TIBETAN VOWEL SIGN O;Mn;130;NSM;;;;;N;;;;; +0F7D;TIBETAN VOWEL SIGN OO;Mn;130;NSM;;;;;N;TIBETAN VOWEL SIGN AU;;;; +0F7E;TIBETAN SIGN RJES SU NGA RO;Mn;0;NSM;;;;;N;TIBETAN ANUSVARA;je su nga ro;;; +0F7F;TIBETAN SIGN RNAM BCAD;Mc;0;L;;;;;N;TIBETAN VISARGA;nam chey;;; +0F80;TIBETAN VOWEL SIGN REVERSED I;Mn;130;NSM;;;;;N;TIBETAN VOWEL SIGN SHORT I;;;; +0F81;TIBETAN VOWEL SIGN REVERSED II;Mn;0;NSM;0F71 0F80;;;;N;;;;; +0F82;TIBETAN SIGN NYI ZLA NAA DA;Mn;230;NSM;;;;;N;TIBETAN CANDRABINDU WITH ORNAMENT;nyi da na da;;; +0F83;TIBETAN SIGN SNA LDAN;Mn;230;NSM;;;;;N;TIBETAN CANDRABINDU;nan de;;; +0F84;TIBETAN MARK HALANTA;Mn;9;NSM;;;;;N;TIBETAN VIRAMA;;;; +0F85;TIBETAN MARK PALUTA;Po;0;L;;;;;N;TIBETAN CHUCHENYIGE;;;; +0F86;TIBETAN SIGN LCI RTAGS;Mn;230;NSM;;;;;N;;ji ta;;; +0F87;TIBETAN SIGN YANG RTAGS;Mn;230;NSM;;;;;N;;yang ta;;; +0F88;TIBETAN SIGN LCE TSA CAN;Lo;0;L;;;;;N;;che tsa chen;;; +0F89;TIBETAN SIGN MCHU CAN;Lo;0;L;;;;;N;;chu chen;;; +0F8A;TIBETAN SIGN GRU CAN RGYINGS;Lo;0;L;;;;;N;;tru chen ging;;; +0F8B;TIBETAN SIGN GRU MED RGYINGS;Lo;0;L;;;;;N;;tru me ging;;; +0F90;TIBETAN SUBJOINED LETTER KA;Mn;0;NSM;;;;;N;;;;; +0F91;TIBETAN SUBJOINED LETTER KHA;Mn;0;NSM;;;;;N;;;;; +0F92;TIBETAN SUBJOINED LETTER GA;Mn;0;NSM;;;;;N;;;;; +0F93;TIBETAN SUBJOINED LETTER GHA;Mn;0;NSM;0F92 0FB7;;;;N;;;;; +0F94;TIBETAN SUBJOINED LETTER NGA;Mn;0;NSM;;;;;N;;;;; +0F95;TIBETAN SUBJOINED LETTER CA;Mn;0;NSM;;;;;N;;;;; +0F96;TIBETAN SUBJOINED LETTER CHA;Mn;0;NSM;;;;;N;;;;; +0F97;TIBETAN SUBJOINED LETTER JA;Mn;0;NSM;;;;;N;;;;; +0F99;TIBETAN SUBJOINED LETTER NYA;Mn;0;NSM;;;;;N;;;;; +0F9A;TIBETAN SUBJOINED LETTER TTA;Mn;0;NSM;;;;;N;;;;; +0F9B;TIBETAN SUBJOINED LETTER TTHA;Mn;0;NSM;;;;;N;;;;; +0F9C;TIBETAN SUBJOINED LETTER DDA;Mn;0;NSM;;;;;N;;;;; +0F9D;TIBETAN SUBJOINED LETTER DDHA;Mn;0;NSM;0F9C 0FB7;;;;N;;;;; +0F9E;TIBETAN SUBJOINED LETTER NNA;Mn;0;NSM;;;;;N;;;;; +0F9F;TIBETAN SUBJOINED LETTER TA;Mn;0;NSM;;;;;N;;;;; +0FA0;TIBETAN SUBJOINED LETTER THA;Mn;0;NSM;;;;;N;;;;; +0FA1;TIBETAN SUBJOINED LETTER DA;Mn;0;NSM;;;;;N;;;;; +0FA2;TIBETAN SUBJOINED LETTER DHA;Mn;0;NSM;0FA1 0FB7;;;;N;;;;; +0FA3;TIBETAN SUBJOINED LETTER NA;Mn;0;NSM;;;;;N;;;;; +0FA4;TIBETAN SUBJOINED LETTER PA;Mn;0;NSM;;;;;N;;;;; +0FA5;TIBETAN SUBJOINED LETTER PHA;Mn;0;NSM;;;;;N;;;;; +0FA6;TIBETAN SUBJOINED LETTER BA;Mn;0;NSM;;;;;N;;;;; +0FA7;TIBETAN SUBJOINED LETTER BHA;Mn;0;NSM;0FA6 0FB7;;;;N;;;;; +0FA8;TIBETAN SUBJOINED LETTER MA;Mn;0;NSM;;;;;N;;;;; +0FA9;TIBETAN SUBJOINED LETTER TSA;Mn;0;NSM;;;;;N;;;;; +0FAA;TIBETAN SUBJOINED LETTER TSHA;Mn;0;NSM;;;;;N;;;;; +0FAB;TIBETAN SUBJOINED LETTER DZA;Mn;0;NSM;;;;;N;;;;; +0FAC;TIBETAN SUBJOINED LETTER DZHA;Mn;0;NSM;0FAB 0FB7;;;;N;;;;; +0FAD;TIBETAN SUBJOINED LETTER WA;Mn;0;NSM;;;;;N;;*;;; +0FAE;TIBETAN SUBJOINED LETTER ZHA;Mn;0;NSM;;;;;N;;;;; +0FAF;TIBETAN SUBJOINED LETTER ZA;Mn;0;NSM;;;;;N;;;;; +0FB0;TIBETAN SUBJOINED LETTER -A;Mn;0;NSM;;;;;N;;;;; +0FB1;TIBETAN SUBJOINED LETTER YA;Mn;0;NSM;;;;;N;;*;;; +0FB2;TIBETAN SUBJOINED LETTER RA;Mn;0;NSM;;;;;N;;*;;; +0FB3;TIBETAN SUBJOINED LETTER LA;Mn;0;NSM;;;;;N;;;;; +0FB4;TIBETAN SUBJOINED LETTER SHA;Mn;0;NSM;;;;;N;;;;; +0FB5;TIBETAN SUBJOINED LETTER SSA;Mn;0;NSM;;;;;N;;;;; +0FB6;TIBETAN SUBJOINED LETTER SA;Mn;0;NSM;;;;;N;;;;; +0FB7;TIBETAN SUBJOINED LETTER HA;Mn;0;NSM;;;;;N;;;;; +0FB8;TIBETAN SUBJOINED LETTER A;Mn;0;NSM;;;;;N;;;;; +0FB9;TIBETAN SUBJOINED LETTER KSSA;Mn;0;NSM;0F90 0FB5;;;;N;;;;; +0FBA;TIBETAN SUBJOINED LETTER FIXED-FORM WA;Mn;0;NSM;;;;;N;;*;;; +0FBB;TIBETAN SUBJOINED LETTER FIXED-FORM YA;Mn;0;NSM;;;;;N;;*;;; +0FBC;TIBETAN SUBJOINED LETTER FIXED-FORM RA;Mn;0;NSM;;;;;N;;*;;; +0FBE;TIBETAN KU RU KHA;So;0;L;;;;;N;;kuruka;;; +0FBF;TIBETAN KU RU KHA BZHI MIG CAN;So;0;L;;;;;N;;kuruka shi mik chen;;; +0FC0;TIBETAN CANTILLATION SIGN HEAVY BEAT;So;0;L;;;;;N;;;;; +0FC1;TIBETAN CANTILLATION SIGN LIGHT BEAT;So;0;L;;;;;N;;;;; +0FC2;TIBETAN CANTILLATION SIGN CANG TE-U;So;0;L;;;;;N;;chang tyu;;; +0FC3;TIBETAN CANTILLATION SIGN SBUB -CHAL;So;0;L;;;;;N;;bub chey;;; +0FC4;TIBETAN SYMBOL DRIL BU;So;0;L;;;;;N;;drilbu;;; +0FC5;TIBETAN SYMBOL RDO RJE;So;0;L;;;;;N;;dorje;;; +0FC6;TIBETAN SYMBOL PADMA GDAN;Mn;220;NSM;;;;;N;;pema den;;; +0FC7;TIBETAN SYMBOL RDO RJE RGYA GRAM;So;0;L;;;;;N;;dorje gya dram;;; +0FC8;TIBETAN SYMBOL PHUR PA;So;0;L;;;;;N;;phurba;;; +0FC9;TIBETAN SYMBOL NOR BU;So;0;L;;;;;N;;norbu;;; +0FCA;TIBETAN SYMBOL NOR BU NYIS -KHYIL;So;0;L;;;;;N;;norbu nyi khyi;;; +0FCB;TIBETAN SYMBOL NOR BU GSUM -KHYIL;So;0;L;;;;;N;;norbu sum khyi;;; +0FCC;TIBETAN SYMBOL NOR BU BZHI -KHYIL;So;0;L;;;;;N;;norbu shi khyi;;; +0FCF;TIBETAN SIGN RDEL NAG GSUM;So;0;L;;;;;N;;dena sum;;; +1000;MYANMAR LETTER KA;Lo;0;L;;;;;N;;;;; +1001;MYANMAR LETTER KHA;Lo;0;L;;;;;N;;;;; +1002;MYANMAR LETTER GA;Lo;0;L;;;;;N;;;;; +1003;MYANMAR LETTER GHA;Lo;0;L;;;;;N;;;;; +1004;MYANMAR LETTER NGA;Lo;0;L;;;;;N;;;;; +1005;MYANMAR LETTER CA;Lo;0;L;;;;;N;;;;; +1006;MYANMAR LETTER CHA;Lo;0;L;;;;;N;;;;; +1007;MYANMAR LETTER JA;Lo;0;L;;;;;N;;;;; +1008;MYANMAR LETTER JHA;Lo;0;L;;;;;N;;;;; +1009;MYANMAR LETTER NYA;Lo;0;L;;;;;N;;;;; +100A;MYANMAR LETTER NNYA;Lo;0;L;;;;;N;;;;; +100B;MYANMAR LETTER TTA;Lo;0;L;;;;;N;;;;; +100C;MYANMAR LETTER TTHA;Lo;0;L;;;;;N;;;;; +100D;MYANMAR LETTER DDA;Lo;0;L;;;;;N;;;;; +100E;MYANMAR LETTER DDHA;Lo;0;L;;;;;N;;;;; +100F;MYANMAR LETTER NNA;Lo;0;L;;;;;N;;;;; +1010;MYANMAR LETTER TA;Lo;0;L;;;;;N;;;;; +1011;MYANMAR LETTER THA;Lo;0;L;;;;;N;;;;; +1012;MYANMAR LETTER DA;Lo;0;L;;;;;N;;;;; +1013;MYANMAR LETTER DHA;Lo;0;L;;;;;N;;;;; +1014;MYANMAR LETTER NA;Lo;0;L;;;;;N;;;;; +1015;MYANMAR LETTER PA;Lo;0;L;;;;;N;;;;; +1016;MYANMAR LETTER PHA;Lo;0;L;;;;;N;;;;; +1017;MYANMAR LETTER BA;Lo;0;L;;;;;N;;;;; +1018;MYANMAR LETTER BHA;Lo;0;L;;;;;N;;;;; +1019;MYANMAR LETTER MA;Lo;0;L;;;;;N;;;;; +101A;MYANMAR LETTER YA;Lo;0;L;;;;;N;;;;; +101B;MYANMAR LETTER RA;Lo;0;L;;;;;N;;;;; +101C;MYANMAR LETTER LA;Lo;0;L;;;;;N;;;;; +101D;MYANMAR LETTER WA;Lo;0;L;;;;;N;;;;; +101E;MYANMAR LETTER SA;Lo;0;L;;;;;N;;;;; +101F;MYANMAR LETTER HA;Lo;0;L;;;;;N;;;;; +1020;MYANMAR LETTER LLA;Lo;0;L;;;;;N;;;;; +1021;MYANMAR LETTER A;Lo;0;L;;;;;N;;;;; +1023;MYANMAR LETTER I;Lo;0;L;;;;;N;;;;; +1024;MYANMAR LETTER II;Lo;0;L;;;;;N;;;;; +1025;MYANMAR LETTER U;Lo;0;L;;;;;N;;;;; +1026;MYANMAR LETTER UU;Lo;0;L;1025 102E;;;;N;;;;; +1027;MYANMAR LETTER E;Lo;0;L;;;;;N;;;;; +1029;MYANMAR LETTER O;Lo;0;L;;;;;N;;;;; +102A;MYANMAR LETTER AU;Lo;0;L;;;;;N;;;;; +102C;MYANMAR VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +102D;MYANMAR VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +102E;MYANMAR VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;; +102F;MYANMAR VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +1030;MYANMAR VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;; +1031;MYANMAR VOWEL SIGN E;Mc;0;L;;;;;N;;;;; +1032;MYANMAR VOWEL SIGN AI;Mn;0;NSM;;;;;N;;;;; +1036;MYANMAR SIGN ANUSVARA;Mn;0;NSM;;;;;N;;;;; +1037;MYANMAR SIGN DOT BELOW;Mn;7;NSM;;;;;N;;;;; +1038;MYANMAR SIGN VISARGA;Mc;0;L;;;;;N;;;;; +1039;MYANMAR SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +1040;MYANMAR DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +1041;MYANMAR DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +1042;MYANMAR DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +1043;MYANMAR DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +1044;MYANMAR DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +1045;MYANMAR DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +1046;MYANMAR DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +1047;MYANMAR DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +1048;MYANMAR DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +1049;MYANMAR DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +104A;MYANMAR SIGN LITTLE SECTION;Po;0;L;;;;;N;;;;; +104B;MYANMAR SIGN SECTION;Po;0;L;;;;;N;;;;; +104C;MYANMAR SYMBOL LOCATIVE;Po;0;L;;;;;N;;;;; +104D;MYANMAR SYMBOL COMPLETED;Po;0;L;;;;;N;;;;; +104E;MYANMAR SYMBOL AFOREMENTIONED;Po;0;L;;;;;N;;;;; +104F;MYANMAR SYMBOL GENITIVE;Po;0;L;;;;;N;;;;; +1050;MYANMAR LETTER SHA;Lo;0;L;;;;;N;;;;; +1051;MYANMAR LETTER SSA;Lo;0;L;;;;;N;;;;; +1052;MYANMAR LETTER VOCALIC R;Lo;0;L;;;;;N;;;;; +1053;MYANMAR LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;; +1054;MYANMAR LETTER VOCALIC L;Lo;0;L;;;;;N;;;;; +1055;MYANMAR LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;; +1056;MYANMAR VOWEL SIGN VOCALIC R;Mc;0;L;;;;;N;;;;; +1057;MYANMAR VOWEL SIGN VOCALIC RR;Mc;0;L;;;;;N;;;;; +1058;MYANMAR VOWEL SIGN VOCALIC L;Mn;0;NSM;;;;;N;;;;; +1059;MYANMAR VOWEL SIGN VOCALIC LL;Mn;0;NSM;;;;;N;;;;; +10A0;GEORGIAN CAPITAL LETTER AN;Lu;0;L;;;;;N;;Khutsuri;;; +10A1;GEORGIAN CAPITAL LETTER BAN;Lu;0;L;;;;;N;;Khutsuri;;; +10A2;GEORGIAN CAPITAL LETTER GAN;Lu;0;L;;;;;N;;Khutsuri;;; +10A3;GEORGIAN CAPITAL LETTER DON;Lu;0;L;;;;;N;;Khutsuri;;; +10A4;GEORGIAN CAPITAL LETTER EN;Lu;0;L;;;;;N;;Khutsuri;;; +10A5;GEORGIAN CAPITAL LETTER VIN;Lu;0;L;;;;;N;;Khutsuri;;; +10A6;GEORGIAN CAPITAL LETTER ZEN;Lu;0;L;;;;;N;;Khutsuri;;; +10A7;GEORGIAN CAPITAL LETTER TAN;Lu;0;L;;;;;N;;Khutsuri;;; +10A8;GEORGIAN CAPITAL LETTER IN;Lu;0;L;;;;;N;;Khutsuri;;; +10A9;GEORGIAN CAPITAL LETTER KAN;Lu;0;L;;;;;N;;Khutsuri;;; +10AA;GEORGIAN CAPITAL LETTER LAS;Lu;0;L;;;;;N;;Khutsuri;;; +10AB;GEORGIAN CAPITAL LETTER MAN;Lu;0;L;;;;;N;;Khutsuri;;; +10AC;GEORGIAN CAPITAL LETTER NAR;Lu;0;L;;;;;N;;Khutsuri;;; +10AD;GEORGIAN CAPITAL LETTER ON;Lu;0;L;;;;;N;;Khutsuri;;; +10AE;GEORGIAN CAPITAL LETTER PAR;Lu;0;L;;;;;N;;Khutsuri;;; +10AF;GEORGIAN CAPITAL LETTER ZHAR;Lu;0;L;;;;;N;;Khutsuri;;; +10B0;GEORGIAN CAPITAL LETTER RAE;Lu;0;L;;;;;N;;Khutsuri;;; +10B1;GEORGIAN CAPITAL LETTER SAN;Lu;0;L;;;;;N;;Khutsuri;;; +10B2;GEORGIAN CAPITAL LETTER TAR;Lu;0;L;;;;;N;;Khutsuri;;; +10B3;GEORGIAN CAPITAL LETTER UN;Lu;0;L;;;;;N;;Khutsuri;;; +10B4;GEORGIAN CAPITAL LETTER PHAR;Lu;0;L;;;;;N;;Khutsuri;;; +10B5;GEORGIAN CAPITAL LETTER KHAR;Lu;0;L;;;;;N;;Khutsuri;;; +10B6;GEORGIAN CAPITAL LETTER GHAN;Lu;0;L;;;;;N;;Khutsuri;;; +10B7;GEORGIAN CAPITAL LETTER QAR;Lu;0;L;;;;;N;;Khutsuri;;; +10B8;GEORGIAN CAPITAL LETTER SHIN;Lu;0;L;;;;;N;;Khutsuri;;; +10B9;GEORGIAN CAPITAL LETTER CHIN;Lu;0;L;;;;;N;;Khutsuri;;; +10BA;GEORGIAN CAPITAL LETTER CAN;Lu;0;L;;;;;N;;Khutsuri;;; +10BB;GEORGIAN CAPITAL LETTER JIL;Lu;0;L;;;;;N;;Khutsuri;;; +10BC;GEORGIAN CAPITAL LETTER CIL;Lu;0;L;;;;;N;;Khutsuri;;; +10BD;GEORGIAN CAPITAL LETTER CHAR;Lu;0;L;;;;;N;;Khutsuri;;; +10BE;GEORGIAN CAPITAL LETTER XAN;Lu;0;L;;;;;N;;Khutsuri;;; +10BF;GEORGIAN CAPITAL LETTER JHAN;Lu;0;L;;;;;N;;Khutsuri;;; +10C0;GEORGIAN CAPITAL LETTER HAE;Lu;0;L;;;;;N;;Khutsuri;;; +10C1;GEORGIAN CAPITAL LETTER HE;Lu;0;L;;;;;N;;Khutsuri;;; +10C2;GEORGIAN CAPITAL LETTER HIE;Lu;0;L;;;;;N;;Khutsuri;;; +10C3;GEORGIAN CAPITAL LETTER WE;Lu;0;L;;;;;N;;Khutsuri;;; +10C4;GEORGIAN CAPITAL LETTER HAR;Lu;0;L;;;;;N;;Khutsuri;;; +10C5;GEORGIAN CAPITAL LETTER HOE;Lu;0;L;;;;;N;;Khutsuri;;; +10D0;GEORGIAN LETTER AN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER AN;;;; +10D1;GEORGIAN LETTER BAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER BAN;;;; +10D2;GEORGIAN LETTER GAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER GAN;;;; +10D3;GEORGIAN LETTER DON;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER DON;;;; +10D4;GEORGIAN LETTER EN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER EN;;;; +10D5;GEORGIAN LETTER VIN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER VIN;;;; +10D6;GEORGIAN LETTER ZEN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER ZEN;;;; +10D7;GEORGIAN LETTER TAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER TAN;;;; +10D8;GEORGIAN LETTER IN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER IN;;;; +10D9;GEORGIAN LETTER KAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER KAN;;;; +10DA;GEORGIAN LETTER LAS;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER LAS;;;; +10DB;GEORGIAN LETTER MAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER MAN;;;; +10DC;GEORGIAN LETTER NAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER NAR;;;; +10DD;GEORGIAN LETTER ON;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER ON;;;; +10DE;GEORGIAN LETTER PAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER PAR;;;; +10DF;GEORGIAN LETTER ZHAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER ZHAR;;;; +10E0;GEORGIAN LETTER RAE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER RAE;;;; +10E1;GEORGIAN LETTER SAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER SAN;;;; +10E2;GEORGIAN LETTER TAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER TAR;;;; +10E3;GEORGIAN LETTER UN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER UN;;;; +10E4;GEORGIAN LETTER PHAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER PHAR;;;; +10E5;GEORGIAN LETTER KHAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER KHAR;;;; +10E6;GEORGIAN LETTER GHAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER GHAN;;;; +10E7;GEORGIAN LETTER QAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER QAR;;;; +10E8;GEORGIAN LETTER SHIN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER SHIN;;;; +10E9;GEORGIAN LETTER CHIN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER CHIN;;;; +10EA;GEORGIAN LETTER CAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER CAN;;;; +10EB;GEORGIAN LETTER JIL;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER JIL;;;; +10EC;GEORGIAN LETTER CIL;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER CIL;;;; +10ED;GEORGIAN LETTER CHAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER CHAR;;;; +10EE;GEORGIAN LETTER XAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER XAN;;;; +10EF;GEORGIAN LETTER JHAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER JHAN;;;; +10F0;GEORGIAN LETTER HAE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HAE;;;; +10F1;GEORGIAN LETTER HE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HE;;;; +10F2;GEORGIAN LETTER HIE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HIE;;;; +10F3;GEORGIAN LETTER WE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER WE;;;; +10F4;GEORGIAN LETTER HAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HAR;;;; +10F5;GEORGIAN LETTER HOE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HOE;;;; +10F6;GEORGIAN LETTER FI;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER FI;;;; +10F7;GEORGIAN LETTER YN;Lo;0;L;;;;;N;;;;; +10F8;GEORGIAN LETTER ELIFI;Lo;0;L;;;;;N;;;;; +10FB;GEORGIAN PARAGRAPH SEPARATOR;Po;0;L;;;;;N;;;;; +1100;HANGUL CHOSEONG KIYEOK;Lo;0;L;;;;;N;;g *;;; +1101;HANGUL CHOSEONG SSANGKIYEOK;Lo;0;L;;;;;N;;gg *;;; +1102;HANGUL CHOSEONG NIEUN;Lo;0;L;;;;;N;;n *;;; +1103;HANGUL CHOSEONG TIKEUT;Lo;0;L;;;;;N;;d *;;; +1104;HANGUL CHOSEONG SSANGTIKEUT;Lo;0;L;;;;;N;;dd *;;; +1105;HANGUL CHOSEONG RIEUL;Lo;0;L;;;;;N;;r *;;; +1106;HANGUL CHOSEONG MIEUM;Lo;0;L;;;;;N;;m *;;; +1107;HANGUL CHOSEONG PIEUP;Lo;0;L;;;;;N;;b *;;; +1108;HANGUL CHOSEONG SSANGPIEUP;Lo;0;L;;;;;N;;bb *;;; +1109;HANGUL CHOSEONG SIOS;Lo;0;L;;;;;N;;s *;;; +110A;HANGUL CHOSEONG SSANGSIOS;Lo;0;L;;;;;N;;ss *;;; +110B;HANGUL CHOSEONG IEUNG;Lo;0;L;;;;;N;;;;; +110C;HANGUL CHOSEONG CIEUC;Lo;0;L;;;;;N;;j *;;; +110D;HANGUL CHOSEONG SSANGCIEUC;Lo;0;L;;;;;N;;jj *;;; +110E;HANGUL CHOSEONG CHIEUCH;Lo;0;L;;;;;N;;c *;;; +110F;HANGUL CHOSEONG KHIEUKH;Lo;0;L;;;;;N;;k *;;; +1110;HANGUL CHOSEONG THIEUTH;Lo;0;L;;;;;N;;t *;;; +1111;HANGUL CHOSEONG PHIEUPH;Lo;0;L;;;;;N;;p *;;; +1112;HANGUL CHOSEONG HIEUH;Lo;0;L;;;;;N;;h *;;; +1113;HANGUL CHOSEONG NIEUN-KIYEOK;Lo;0;L;;;;;N;;;;; +1114;HANGUL CHOSEONG SSANGNIEUN;Lo;0;L;;;;;N;;;;; +1115;HANGUL CHOSEONG NIEUN-TIKEUT;Lo;0;L;;;;;N;;;;; +1116;HANGUL CHOSEONG NIEUN-PIEUP;Lo;0;L;;;;;N;;;;; +1117;HANGUL CHOSEONG TIKEUT-KIYEOK;Lo;0;L;;;;;N;;;;; +1118;HANGUL CHOSEONG RIEUL-NIEUN;Lo;0;L;;;;;N;;;;; +1119;HANGUL CHOSEONG SSANGRIEUL;Lo;0;L;;;;;N;;;;; +111A;HANGUL CHOSEONG RIEUL-HIEUH;Lo;0;L;;;;;N;;;;; +111B;HANGUL CHOSEONG KAPYEOUNRIEUL;Lo;0;L;;;;;N;;;;; +111C;HANGUL CHOSEONG MIEUM-PIEUP;Lo;0;L;;;;;N;;;;; +111D;HANGUL CHOSEONG KAPYEOUNMIEUM;Lo;0;L;;;;;N;;;;; +111E;HANGUL CHOSEONG PIEUP-KIYEOK;Lo;0;L;;;;;N;;;;; +111F;HANGUL CHOSEONG PIEUP-NIEUN;Lo;0;L;;;;;N;;;;; +1120;HANGUL CHOSEONG PIEUP-TIKEUT;Lo;0;L;;;;;N;;;;; +1121;HANGUL CHOSEONG PIEUP-SIOS;Lo;0;L;;;;;N;;;;; +1122;HANGUL CHOSEONG PIEUP-SIOS-KIYEOK;Lo;0;L;;;;;N;;;;; +1123;HANGUL CHOSEONG PIEUP-SIOS-TIKEUT;Lo;0;L;;;;;N;;;;; +1124;HANGUL CHOSEONG PIEUP-SIOS-PIEUP;Lo;0;L;;;;;N;;;;; +1125;HANGUL CHOSEONG PIEUP-SSANGSIOS;Lo;0;L;;;;;N;;;;; +1126;HANGUL CHOSEONG PIEUP-SIOS-CIEUC;Lo;0;L;;;;;N;;;;; +1127;HANGUL CHOSEONG PIEUP-CIEUC;Lo;0;L;;;;;N;;;;; +1128;HANGUL CHOSEONG PIEUP-CHIEUCH;Lo;0;L;;;;;N;;;;; +1129;HANGUL CHOSEONG PIEUP-THIEUTH;Lo;0;L;;;;;N;;;;; +112A;HANGUL CHOSEONG PIEUP-PHIEUPH;Lo;0;L;;;;;N;;;;; +112B;HANGUL CHOSEONG KAPYEOUNPIEUP;Lo;0;L;;;;;N;;;;; +112C;HANGUL CHOSEONG KAPYEOUNSSANGPIEUP;Lo;0;L;;;;;N;;;;; +112D;HANGUL CHOSEONG SIOS-KIYEOK;Lo;0;L;;;;;N;;;;; +112E;HANGUL CHOSEONG SIOS-NIEUN;Lo;0;L;;;;;N;;;;; +112F;HANGUL CHOSEONG SIOS-TIKEUT;Lo;0;L;;;;;N;;;;; +1130;HANGUL CHOSEONG SIOS-RIEUL;Lo;0;L;;;;;N;;;;; +1131;HANGUL CHOSEONG SIOS-MIEUM;Lo;0;L;;;;;N;;;;; +1132;HANGUL CHOSEONG SIOS-PIEUP;Lo;0;L;;;;;N;;;;; +1133;HANGUL CHOSEONG SIOS-PIEUP-KIYEOK;Lo;0;L;;;;;N;;;;; +1134;HANGUL CHOSEONG SIOS-SSANGSIOS;Lo;0;L;;;;;N;;;;; +1135;HANGUL CHOSEONG SIOS-IEUNG;Lo;0;L;;;;;N;;;;; +1136;HANGUL CHOSEONG SIOS-CIEUC;Lo;0;L;;;;;N;;;;; +1137;HANGUL CHOSEONG SIOS-CHIEUCH;Lo;0;L;;;;;N;;;;; +1138;HANGUL CHOSEONG SIOS-KHIEUKH;Lo;0;L;;;;;N;;;;; +1139;HANGUL CHOSEONG SIOS-THIEUTH;Lo;0;L;;;;;N;;;;; +113A;HANGUL CHOSEONG SIOS-PHIEUPH;Lo;0;L;;;;;N;;;;; +113B;HANGUL CHOSEONG SIOS-HIEUH;Lo;0;L;;;;;N;;;;; +113C;HANGUL CHOSEONG CHITUEUMSIOS;Lo;0;L;;;;;N;;;;; +113D;HANGUL CHOSEONG CHITUEUMSSANGSIOS;Lo;0;L;;;;;N;;;;; +113E;HANGUL CHOSEONG CEONGCHIEUMSIOS;Lo;0;L;;;;;N;;;;; +113F;HANGUL CHOSEONG CEONGCHIEUMSSANGSIOS;Lo;0;L;;;;;N;;;;; +1140;HANGUL CHOSEONG PANSIOS;Lo;0;L;;;;;N;;;;; +1141;HANGUL CHOSEONG IEUNG-KIYEOK;Lo;0;L;;;;;N;;;;; +1142;HANGUL CHOSEONG IEUNG-TIKEUT;Lo;0;L;;;;;N;;;;; +1143;HANGUL CHOSEONG IEUNG-MIEUM;Lo;0;L;;;;;N;;;;; +1144;HANGUL CHOSEONG IEUNG-PIEUP;Lo;0;L;;;;;N;;;;; +1145;HANGUL CHOSEONG IEUNG-SIOS;Lo;0;L;;;;;N;;;;; +1146;HANGUL CHOSEONG IEUNG-PANSIOS;Lo;0;L;;;;;N;;;;; +1147;HANGUL CHOSEONG SSANGIEUNG;Lo;0;L;;;;;N;;;;; +1148;HANGUL CHOSEONG IEUNG-CIEUC;Lo;0;L;;;;;N;;;;; +1149;HANGUL CHOSEONG IEUNG-CHIEUCH;Lo;0;L;;;;;N;;;;; +114A;HANGUL CHOSEONG IEUNG-THIEUTH;Lo;0;L;;;;;N;;;;; +114B;HANGUL CHOSEONG IEUNG-PHIEUPH;Lo;0;L;;;;;N;;;;; +114C;HANGUL CHOSEONG YESIEUNG;Lo;0;L;;;;;N;;;;; +114D;HANGUL CHOSEONG CIEUC-IEUNG;Lo;0;L;;;;;N;;;;; +114E;HANGUL CHOSEONG CHITUEUMCIEUC;Lo;0;L;;;;;N;;;;; +114F;HANGUL CHOSEONG CHITUEUMSSANGCIEUC;Lo;0;L;;;;;N;;;;; +1150;HANGUL CHOSEONG CEONGCHIEUMCIEUC;Lo;0;L;;;;;N;;;;; +1151;HANGUL CHOSEONG CEONGCHIEUMSSANGCIEUC;Lo;0;L;;;;;N;;;;; +1152;HANGUL CHOSEONG CHIEUCH-KHIEUKH;Lo;0;L;;;;;N;;;;; +1153;HANGUL CHOSEONG CHIEUCH-HIEUH;Lo;0;L;;;;;N;;;;; +1154;HANGUL CHOSEONG CHITUEUMCHIEUCH;Lo;0;L;;;;;N;;;;; +1155;HANGUL CHOSEONG CEONGCHIEUMCHIEUCH;Lo;0;L;;;;;N;;;;; +1156;HANGUL CHOSEONG PHIEUPH-PIEUP;Lo;0;L;;;;;N;;;;; +1157;HANGUL CHOSEONG KAPYEOUNPHIEUPH;Lo;0;L;;;;;N;;;;; +1158;HANGUL CHOSEONG SSANGHIEUH;Lo;0;L;;;;;N;;;;; +1159;HANGUL CHOSEONG YEORINHIEUH;Lo;0;L;;;;;N;;;;; +115F;HANGUL CHOSEONG FILLER;Lo;0;L;;;;;N;;;;; +1160;HANGUL JUNGSEONG FILLER;Lo;0;L;;;;;N;;;;; +1161;HANGUL JUNGSEONG A;Lo;0;L;;;;;N;;;;; +1162;HANGUL JUNGSEONG AE;Lo;0;L;;;;;N;;;;; +1163;HANGUL JUNGSEONG YA;Lo;0;L;;;;;N;;;;; +1164;HANGUL JUNGSEONG YAE;Lo;0;L;;;;;N;;;;; +1165;HANGUL JUNGSEONG EO;Lo;0;L;;;;;N;;;;; +1166;HANGUL JUNGSEONG E;Lo;0;L;;;;;N;;;;; +1167;HANGUL JUNGSEONG YEO;Lo;0;L;;;;;N;;;;; +1168;HANGUL JUNGSEONG YE;Lo;0;L;;;;;N;;;;; +1169;HANGUL JUNGSEONG O;Lo;0;L;;;;;N;;;;; +116A;HANGUL JUNGSEONG WA;Lo;0;L;;;;;N;;;;; +116B;HANGUL JUNGSEONG WAE;Lo;0;L;;;;;N;;;;; +116C;HANGUL JUNGSEONG OE;Lo;0;L;;;;;N;;;;; +116D;HANGUL JUNGSEONG YO;Lo;0;L;;;;;N;;;;; +116E;HANGUL JUNGSEONG U;Lo;0;L;;;;;N;;;;; +116F;HANGUL JUNGSEONG WEO;Lo;0;L;;;;;N;;;;; +1170;HANGUL JUNGSEONG WE;Lo;0;L;;;;;N;;;;; +1171;HANGUL JUNGSEONG WI;Lo;0;L;;;;;N;;;;; +1172;HANGUL JUNGSEONG YU;Lo;0;L;;;;;N;;;;; +1173;HANGUL JUNGSEONG EU;Lo;0;L;;;;;N;;;;; +1174;HANGUL JUNGSEONG YI;Lo;0;L;;;;;N;;;;; +1175;HANGUL JUNGSEONG I;Lo;0;L;;;;;N;;;;; +1176;HANGUL JUNGSEONG A-O;Lo;0;L;;;;;N;;;;; +1177;HANGUL JUNGSEONG A-U;Lo;0;L;;;;;N;;;;; +1178;HANGUL JUNGSEONG YA-O;Lo;0;L;;;;;N;;;;; +1179;HANGUL JUNGSEONG YA-YO;Lo;0;L;;;;;N;;;;; +117A;HANGUL JUNGSEONG EO-O;Lo;0;L;;;;;N;;;;; +117B;HANGUL JUNGSEONG EO-U;Lo;0;L;;;;;N;;;;; +117C;HANGUL JUNGSEONG EO-EU;Lo;0;L;;;;;N;;;;; +117D;HANGUL JUNGSEONG YEO-O;Lo;0;L;;;;;N;;;;; +117E;HANGUL JUNGSEONG YEO-U;Lo;0;L;;;;;N;;;;; +117F;HANGUL JUNGSEONG O-EO;Lo;0;L;;;;;N;;;;; +1180;HANGUL JUNGSEONG O-E;Lo;0;L;;;;;N;;;;; +1181;HANGUL JUNGSEONG O-YE;Lo;0;L;;;;;N;;;;; +1182;HANGUL JUNGSEONG O-O;Lo;0;L;;;;;N;;;;; +1183;HANGUL JUNGSEONG O-U;Lo;0;L;;;;;N;;;;; +1184;HANGUL JUNGSEONG YO-YA;Lo;0;L;;;;;N;;;;; +1185;HANGUL JUNGSEONG YO-YAE;Lo;0;L;;;;;N;;;;; +1186;HANGUL JUNGSEONG YO-YEO;Lo;0;L;;;;;N;;;;; +1187;HANGUL JUNGSEONG YO-O;Lo;0;L;;;;;N;;;;; +1188;HANGUL JUNGSEONG YO-I;Lo;0;L;;;;;N;;;;; +1189;HANGUL JUNGSEONG U-A;Lo;0;L;;;;;N;;;;; +118A;HANGUL JUNGSEONG U-AE;Lo;0;L;;;;;N;;;;; +118B;HANGUL JUNGSEONG U-EO-EU;Lo;0;L;;;;;N;;;;; +118C;HANGUL JUNGSEONG U-YE;Lo;0;L;;;;;N;;;;; +118D;HANGUL JUNGSEONG U-U;Lo;0;L;;;;;N;;;;; +118E;HANGUL JUNGSEONG YU-A;Lo;0;L;;;;;N;;;;; +118F;HANGUL JUNGSEONG YU-EO;Lo;0;L;;;;;N;;;;; +1190;HANGUL JUNGSEONG YU-E;Lo;0;L;;;;;N;;;;; +1191;HANGUL JUNGSEONG YU-YEO;Lo;0;L;;;;;N;;;;; +1192;HANGUL JUNGSEONG YU-YE;Lo;0;L;;;;;N;;;;; +1193;HANGUL JUNGSEONG YU-U;Lo;0;L;;;;;N;;;;; +1194;HANGUL JUNGSEONG YU-I;Lo;0;L;;;;;N;;;;; +1195;HANGUL JUNGSEONG EU-U;Lo;0;L;;;;;N;;;;; +1196;HANGUL JUNGSEONG EU-EU;Lo;0;L;;;;;N;;;;; +1197;HANGUL JUNGSEONG YI-U;Lo;0;L;;;;;N;;;;; +1198;HANGUL JUNGSEONG I-A;Lo;0;L;;;;;N;;;;; +1199;HANGUL JUNGSEONG I-YA;Lo;0;L;;;;;N;;;;; +119A;HANGUL JUNGSEONG I-O;Lo;0;L;;;;;N;;;;; +119B;HANGUL JUNGSEONG I-U;Lo;0;L;;;;;N;;;;; +119C;HANGUL JUNGSEONG I-EU;Lo;0;L;;;;;N;;;;; +119D;HANGUL JUNGSEONG I-ARAEA;Lo;0;L;;;;;N;;;;; +119E;HANGUL JUNGSEONG ARAEA;Lo;0;L;;;;;N;;;;; +119F;HANGUL JUNGSEONG ARAEA-EO;Lo;0;L;;;;;N;;;;; +11A0;HANGUL JUNGSEONG ARAEA-U;Lo;0;L;;;;;N;;;;; +11A1;HANGUL JUNGSEONG ARAEA-I;Lo;0;L;;;;;N;;;;; +11A2;HANGUL JUNGSEONG SSANGARAEA;Lo;0;L;;;;;N;;;;; +11A8;HANGUL JONGSEONG KIYEOK;Lo;0;L;;;;;N;;g *;;; +11A9;HANGUL JONGSEONG SSANGKIYEOK;Lo;0;L;;;;;N;;gg *;;; +11AA;HANGUL JONGSEONG KIYEOK-SIOS;Lo;0;L;;;;;N;;gs *;;; +11AB;HANGUL JONGSEONG NIEUN;Lo;0;L;;;;;N;;n *;;; +11AC;HANGUL JONGSEONG NIEUN-CIEUC;Lo;0;L;;;;;N;;nj *;;; +11AD;HANGUL JONGSEONG NIEUN-HIEUH;Lo;0;L;;;;;N;;nh *;;; +11AE;HANGUL JONGSEONG TIKEUT;Lo;0;L;;;;;N;;d *;;; +11AF;HANGUL JONGSEONG RIEUL;Lo;0;L;;;;;N;;l *;;; +11B0;HANGUL JONGSEONG RIEUL-KIYEOK;Lo;0;L;;;;;N;;lg *;;; +11B1;HANGUL JONGSEONG RIEUL-MIEUM;Lo;0;L;;;;;N;;lm *;;; +11B2;HANGUL JONGSEONG RIEUL-PIEUP;Lo;0;L;;;;;N;;lb *;;; +11B3;HANGUL JONGSEONG RIEUL-SIOS;Lo;0;L;;;;;N;;ls *;;; +11B4;HANGUL JONGSEONG RIEUL-THIEUTH;Lo;0;L;;;;;N;;lt *;;; +11B5;HANGUL JONGSEONG RIEUL-PHIEUPH;Lo;0;L;;;;;N;;lp *;;; +11B6;HANGUL JONGSEONG RIEUL-HIEUH;Lo;0;L;;;;;N;;lh *;;; +11B7;HANGUL JONGSEONG MIEUM;Lo;0;L;;;;;N;;m *;;; +11B8;HANGUL JONGSEONG PIEUP;Lo;0;L;;;;;N;;b *;;; +11B9;HANGUL JONGSEONG PIEUP-SIOS;Lo;0;L;;;;;N;;bs *;;; +11BA;HANGUL JONGSEONG SIOS;Lo;0;L;;;;;N;;s *;;; +11BB;HANGUL JONGSEONG SSANGSIOS;Lo;0;L;;;;;N;;ss *;;; +11BC;HANGUL JONGSEONG IEUNG;Lo;0;L;;;;;N;;ng *;;; +11BD;HANGUL JONGSEONG CIEUC;Lo;0;L;;;;;N;;j *;;; +11BE;HANGUL JONGSEONG CHIEUCH;Lo;0;L;;;;;N;;c *;;; +11BF;HANGUL JONGSEONG KHIEUKH;Lo;0;L;;;;;N;;k *;;; +11C0;HANGUL JONGSEONG THIEUTH;Lo;0;L;;;;;N;;t *;;; +11C1;HANGUL JONGSEONG PHIEUPH;Lo;0;L;;;;;N;;p *;;; +11C2;HANGUL JONGSEONG HIEUH;Lo;0;L;;;;;N;;h *;;; +11C3;HANGUL JONGSEONG KIYEOK-RIEUL;Lo;0;L;;;;;N;;;;; +11C4;HANGUL JONGSEONG KIYEOK-SIOS-KIYEOK;Lo;0;L;;;;;N;;;;; +11C5;HANGUL JONGSEONG NIEUN-KIYEOK;Lo;0;L;;;;;N;;;;; +11C6;HANGUL JONGSEONG NIEUN-TIKEUT;Lo;0;L;;;;;N;;;;; +11C7;HANGUL JONGSEONG NIEUN-SIOS;Lo;0;L;;;;;N;;;;; +11C8;HANGUL JONGSEONG NIEUN-PANSIOS;Lo;0;L;;;;;N;;;;; +11C9;HANGUL JONGSEONG NIEUN-THIEUTH;Lo;0;L;;;;;N;;;;; +11CA;HANGUL JONGSEONG TIKEUT-KIYEOK;Lo;0;L;;;;;N;;;;; +11CB;HANGUL JONGSEONG TIKEUT-RIEUL;Lo;0;L;;;;;N;;;;; +11CC;HANGUL JONGSEONG RIEUL-KIYEOK-SIOS;Lo;0;L;;;;;N;;;;; +11CD;HANGUL JONGSEONG RIEUL-NIEUN;Lo;0;L;;;;;N;;;;; +11CE;HANGUL JONGSEONG RIEUL-TIKEUT;Lo;0;L;;;;;N;;;;; +11CF;HANGUL JONGSEONG RIEUL-TIKEUT-HIEUH;Lo;0;L;;;;;N;;;;; +11D0;HANGUL JONGSEONG SSANGRIEUL;Lo;0;L;;;;;N;;;;; +11D1;HANGUL JONGSEONG RIEUL-MIEUM-KIYEOK;Lo;0;L;;;;;N;;;;; +11D2;HANGUL JONGSEONG RIEUL-MIEUM-SIOS;Lo;0;L;;;;;N;;;;; +11D3;HANGUL JONGSEONG RIEUL-PIEUP-SIOS;Lo;0;L;;;;;N;;;;; +11D4;HANGUL JONGSEONG RIEUL-PIEUP-HIEUH;Lo;0;L;;;;;N;;;;; +11D5;HANGUL JONGSEONG RIEUL-KAPYEOUNPIEUP;Lo;0;L;;;;;N;;;;; +11D6;HANGUL JONGSEONG RIEUL-SSANGSIOS;Lo;0;L;;;;;N;;;;; +11D7;HANGUL JONGSEONG RIEUL-PANSIOS;Lo;0;L;;;;;N;;;;; +11D8;HANGUL JONGSEONG RIEUL-KHIEUKH;Lo;0;L;;;;;N;;;;; +11D9;HANGUL JONGSEONG RIEUL-YEORINHIEUH;Lo;0;L;;;;;N;;;;; +11DA;HANGUL JONGSEONG MIEUM-KIYEOK;Lo;0;L;;;;;N;;;;; +11DB;HANGUL JONGSEONG MIEUM-RIEUL;Lo;0;L;;;;;N;;;;; +11DC;HANGUL JONGSEONG MIEUM-PIEUP;Lo;0;L;;;;;N;;;;; +11DD;HANGUL JONGSEONG MIEUM-SIOS;Lo;0;L;;;;;N;;;;; +11DE;HANGUL JONGSEONG MIEUM-SSANGSIOS;Lo;0;L;;;;;N;;;;; +11DF;HANGUL JONGSEONG MIEUM-PANSIOS;Lo;0;L;;;;;N;;;;; +11E0;HANGUL JONGSEONG MIEUM-CHIEUCH;Lo;0;L;;;;;N;;;;; +11E1;HANGUL JONGSEONG MIEUM-HIEUH;Lo;0;L;;;;;N;;;;; +11E2;HANGUL JONGSEONG KAPYEOUNMIEUM;Lo;0;L;;;;;N;;;;; +11E3;HANGUL JONGSEONG PIEUP-RIEUL;Lo;0;L;;;;;N;;;;; +11E4;HANGUL JONGSEONG PIEUP-PHIEUPH;Lo;0;L;;;;;N;;;;; +11E5;HANGUL JONGSEONG PIEUP-HIEUH;Lo;0;L;;;;;N;;;;; +11E6;HANGUL JONGSEONG KAPYEOUNPIEUP;Lo;0;L;;;;;N;;;;; +11E7;HANGUL JONGSEONG SIOS-KIYEOK;Lo;0;L;;;;;N;;;;; +11E8;HANGUL JONGSEONG SIOS-TIKEUT;Lo;0;L;;;;;N;;;;; +11E9;HANGUL JONGSEONG SIOS-RIEUL;Lo;0;L;;;;;N;;;;; +11EA;HANGUL JONGSEONG SIOS-PIEUP;Lo;0;L;;;;;N;;;;; +11EB;HANGUL JONGSEONG PANSIOS;Lo;0;L;;;;;N;;;;; +11EC;HANGUL JONGSEONG IEUNG-KIYEOK;Lo;0;L;;;;;N;;;;; +11ED;HANGUL JONGSEONG IEUNG-SSANGKIYEOK;Lo;0;L;;;;;N;;;;; +11EE;HANGUL JONGSEONG SSANGIEUNG;Lo;0;L;;;;;N;;;;; +11EF;HANGUL JONGSEONG IEUNG-KHIEUKH;Lo;0;L;;;;;N;;;;; +11F0;HANGUL JONGSEONG YESIEUNG;Lo;0;L;;;;;N;;;;; +11F1;HANGUL JONGSEONG YESIEUNG-SIOS;Lo;0;L;;;;;N;;;;; +11F2;HANGUL JONGSEONG YESIEUNG-PANSIOS;Lo;0;L;;;;;N;;;;; +11F3;HANGUL JONGSEONG PHIEUPH-PIEUP;Lo;0;L;;;;;N;;;;; +11F4;HANGUL JONGSEONG KAPYEOUNPHIEUPH;Lo;0;L;;;;;N;;;;; +11F5;HANGUL JONGSEONG HIEUH-NIEUN;Lo;0;L;;;;;N;;;;; +11F6;HANGUL JONGSEONG HIEUH-RIEUL;Lo;0;L;;;;;N;;;;; +11F7;HANGUL JONGSEONG HIEUH-MIEUM;Lo;0;L;;;;;N;;;;; +11F8;HANGUL JONGSEONG HIEUH-PIEUP;Lo;0;L;;;;;N;;;;; +11F9;HANGUL JONGSEONG YEORINHIEUH;Lo;0;L;;;;;N;;;;; +1200;ETHIOPIC SYLLABLE HA;Lo;0;L;;;;;N;;;;; +1201;ETHIOPIC SYLLABLE HU;Lo;0;L;;;;;N;;;;; +1202;ETHIOPIC SYLLABLE HI;Lo;0;L;;;;;N;;;;; +1203;ETHIOPIC SYLLABLE HAA;Lo;0;L;;;;;N;;;;; +1204;ETHIOPIC SYLLABLE HEE;Lo;0;L;;;;;N;;;;; +1205;ETHIOPIC SYLLABLE HE;Lo;0;L;;;;;N;;;;; +1206;ETHIOPIC SYLLABLE HO;Lo;0;L;;;;;N;;;;; +1208;ETHIOPIC SYLLABLE LA;Lo;0;L;;;;;N;;;;; +1209;ETHIOPIC SYLLABLE LU;Lo;0;L;;;;;N;;;;; +120A;ETHIOPIC SYLLABLE LI;Lo;0;L;;;;;N;;;;; +120B;ETHIOPIC SYLLABLE LAA;Lo;0;L;;;;;N;;;;; +120C;ETHIOPIC SYLLABLE LEE;Lo;0;L;;;;;N;;;;; +120D;ETHIOPIC SYLLABLE LE;Lo;0;L;;;;;N;;;;; +120E;ETHIOPIC SYLLABLE LO;Lo;0;L;;;;;N;;;;; +120F;ETHIOPIC SYLLABLE LWA;Lo;0;L;;;;;N;;;;; +1210;ETHIOPIC SYLLABLE HHA;Lo;0;L;;;;;N;;;;; +1211;ETHIOPIC SYLLABLE HHU;Lo;0;L;;;;;N;;;;; +1212;ETHIOPIC SYLLABLE HHI;Lo;0;L;;;;;N;;;;; +1213;ETHIOPIC SYLLABLE HHAA;Lo;0;L;;;;;N;;;;; +1214;ETHIOPIC SYLLABLE HHEE;Lo;0;L;;;;;N;;;;; +1215;ETHIOPIC SYLLABLE HHE;Lo;0;L;;;;;N;;;;; +1216;ETHIOPIC SYLLABLE HHO;Lo;0;L;;;;;N;;;;; +1217;ETHIOPIC SYLLABLE HHWA;Lo;0;L;;;;;N;;;;; +1218;ETHIOPIC SYLLABLE MA;Lo;0;L;;;;;N;;;;; +1219;ETHIOPIC SYLLABLE MU;Lo;0;L;;;;;N;;;;; +121A;ETHIOPIC SYLLABLE MI;Lo;0;L;;;;;N;;;;; +121B;ETHIOPIC SYLLABLE MAA;Lo;0;L;;;;;N;;;;; +121C;ETHIOPIC SYLLABLE MEE;Lo;0;L;;;;;N;;;;; +121D;ETHIOPIC SYLLABLE ME;Lo;0;L;;;;;N;;;;; +121E;ETHIOPIC SYLLABLE MO;Lo;0;L;;;;;N;;;;; +121F;ETHIOPIC SYLLABLE MWA;Lo;0;L;;;;;N;;;;; +1220;ETHIOPIC SYLLABLE SZA;Lo;0;L;;;;;N;;;;; +1221;ETHIOPIC SYLLABLE SZU;Lo;0;L;;;;;N;;;;; +1222;ETHIOPIC SYLLABLE SZI;Lo;0;L;;;;;N;;;;; +1223;ETHIOPIC SYLLABLE SZAA;Lo;0;L;;;;;N;;;;; +1224;ETHIOPIC SYLLABLE SZEE;Lo;0;L;;;;;N;;;;; +1225;ETHIOPIC SYLLABLE SZE;Lo;0;L;;;;;N;;;;; +1226;ETHIOPIC SYLLABLE SZO;Lo;0;L;;;;;N;;;;; +1227;ETHIOPIC SYLLABLE SZWA;Lo;0;L;;;;;N;;;;; +1228;ETHIOPIC SYLLABLE RA;Lo;0;L;;;;;N;;;;; +1229;ETHIOPIC SYLLABLE RU;Lo;0;L;;;;;N;;;;; +122A;ETHIOPIC SYLLABLE RI;Lo;0;L;;;;;N;;;;; +122B;ETHIOPIC SYLLABLE RAA;Lo;0;L;;;;;N;;;;; +122C;ETHIOPIC SYLLABLE REE;Lo;0;L;;;;;N;;;;; +122D;ETHIOPIC SYLLABLE RE;Lo;0;L;;;;;N;;;;; +122E;ETHIOPIC SYLLABLE RO;Lo;0;L;;;;;N;;;;; +122F;ETHIOPIC SYLLABLE RWA;Lo;0;L;;;;;N;;;;; +1230;ETHIOPIC SYLLABLE SA;Lo;0;L;;;;;N;;;;; +1231;ETHIOPIC SYLLABLE SU;Lo;0;L;;;;;N;;;;; +1232;ETHIOPIC SYLLABLE SI;Lo;0;L;;;;;N;;;;; +1233;ETHIOPIC SYLLABLE SAA;Lo;0;L;;;;;N;;;;; +1234;ETHIOPIC SYLLABLE SEE;Lo;0;L;;;;;N;;;;; +1235;ETHIOPIC SYLLABLE SE;Lo;0;L;;;;;N;;;;; +1236;ETHIOPIC SYLLABLE SO;Lo;0;L;;;;;N;;;;; +1237;ETHIOPIC SYLLABLE SWA;Lo;0;L;;;;;N;;;;; +1238;ETHIOPIC SYLLABLE SHA;Lo;0;L;;;;;N;;;;; +1239;ETHIOPIC SYLLABLE SHU;Lo;0;L;;;;;N;;;;; +123A;ETHIOPIC SYLLABLE SHI;Lo;0;L;;;;;N;;;;; +123B;ETHIOPIC SYLLABLE SHAA;Lo;0;L;;;;;N;;;;; +123C;ETHIOPIC SYLLABLE SHEE;Lo;0;L;;;;;N;;;;; +123D;ETHIOPIC SYLLABLE SHE;Lo;0;L;;;;;N;;;;; +123E;ETHIOPIC SYLLABLE SHO;Lo;0;L;;;;;N;;;;; +123F;ETHIOPIC SYLLABLE SHWA;Lo;0;L;;;;;N;;;;; +1240;ETHIOPIC SYLLABLE QA;Lo;0;L;;;;;N;;;;; +1241;ETHIOPIC SYLLABLE QU;Lo;0;L;;;;;N;;;;; +1242;ETHIOPIC SYLLABLE QI;Lo;0;L;;;;;N;;;;; +1243;ETHIOPIC SYLLABLE QAA;Lo;0;L;;;;;N;;;;; +1244;ETHIOPIC SYLLABLE QEE;Lo;0;L;;;;;N;;;;; +1245;ETHIOPIC SYLLABLE QE;Lo;0;L;;;;;N;;;;; +1246;ETHIOPIC SYLLABLE QO;Lo;0;L;;;;;N;;;;; +1248;ETHIOPIC SYLLABLE QWA;Lo;0;L;;;;;N;;;;; +124A;ETHIOPIC SYLLABLE QWI;Lo;0;L;;;;;N;;;;; +124B;ETHIOPIC SYLLABLE QWAA;Lo;0;L;;;;;N;;;;; +124C;ETHIOPIC SYLLABLE QWEE;Lo;0;L;;;;;N;;;;; +124D;ETHIOPIC SYLLABLE QWE;Lo;0;L;;;;;N;;;;; +1250;ETHIOPIC SYLLABLE QHA;Lo;0;L;;;;;N;;;;; +1251;ETHIOPIC SYLLABLE QHU;Lo;0;L;;;;;N;;;;; +1252;ETHIOPIC SYLLABLE QHI;Lo;0;L;;;;;N;;;;; +1253;ETHIOPIC SYLLABLE QHAA;Lo;0;L;;;;;N;;;;; +1254;ETHIOPIC SYLLABLE QHEE;Lo;0;L;;;;;N;;;;; +1255;ETHIOPIC SYLLABLE QHE;Lo;0;L;;;;;N;;;;; +1256;ETHIOPIC SYLLABLE QHO;Lo;0;L;;;;;N;;;;; +1258;ETHIOPIC SYLLABLE QHWA;Lo;0;L;;;;;N;;;;; +125A;ETHIOPIC SYLLABLE QHWI;Lo;0;L;;;;;N;;;;; +125B;ETHIOPIC SYLLABLE QHWAA;Lo;0;L;;;;;N;;;;; +125C;ETHIOPIC SYLLABLE QHWEE;Lo;0;L;;;;;N;;;;; +125D;ETHIOPIC SYLLABLE QHWE;Lo;0;L;;;;;N;;;;; +1260;ETHIOPIC SYLLABLE BA;Lo;0;L;;;;;N;;;;; +1261;ETHIOPIC SYLLABLE BU;Lo;0;L;;;;;N;;;;; +1262;ETHIOPIC SYLLABLE BI;Lo;0;L;;;;;N;;;;; +1263;ETHIOPIC SYLLABLE BAA;Lo;0;L;;;;;N;;;;; +1264;ETHIOPIC SYLLABLE BEE;Lo;0;L;;;;;N;;;;; +1265;ETHIOPIC SYLLABLE BE;Lo;0;L;;;;;N;;;;; +1266;ETHIOPIC SYLLABLE BO;Lo;0;L;;;;;N;;;;; +1267;ETHIOPIC SYLLABLE BWA;Lo;0;L;;;;;N;;;;; +1268;ETHIOPIC SYLLABLE VA;Lo;0;L;;;;;N;;;;; +1269;ETHIOPIC SYLLABLE VU;Lo;0;L;;;;;N;;;;; +126A;ETHIOPIC SYLLABLE VI;Lo;0;L;;;;;N;;;;; +126B;ETHIOPIC SYLLABLE VAA;Lo;0;L;;;;;N;;;;; +126C;ETHIOPIC SYLLABLE VEE;Lo;0;L;;;;;N;;;;; +126D;ETHIOPIC SYLLABLE VE;Lo;0;L;;;;;N;;;;; +126E;ETHIOPIC SYLLABLE VO;Lo;0;L;;;;;N;;;;; +126F;ETHIOPIC SYLLABLE VWA;Lo;0;L;;;;;N;;;;; +1270;ETHIOPIC SYLLABLE TA;Lo;0;L;;;;;N;;;;; +1271;ETHIOPIC SYLLABLE TU;Lo;0;L;;;;;N;;;;; +1272;ETHIOPIC SYLLABLE TI;Lo;0;L;;;;;N;;;;; +1273;ETHIOPIC SYLLABLE TAA;Lo;0;L;;;;;N;;;;; +1274;ETHIOPIC SYLLABLE TEE;Lo;0;L;;;;;N;;;;; +1275;ETHIOPIC SYLLABLE TE;Lo;0;L;;;;;N;;;;; +1276;ETHIOPIC SYLLABLE TO;Lo;0;L;;;;;N;;;;; +1277;ETHIOPIC SYLLABLE TWA;Lo;0;L;;;;;N;;;;; +1278;ETHIOPIC SYLLABLE CA;Lo;0;L;;;;;N;;;;; +1279;ETHIOPIC SYLLABLE CU;Lo;0;L;;;;;N;;;;; +127A;ETHIOPIC SYLLABLE CI;Lo;0;L;;;;;N;;;;; +127B;ETHIOPIC SYLLABLE CAA;Lo;0;L;;;;;N;;;;; +127C;ETHIOPIC SYLLABLE CEE;Lo;0;L;;;;;N;;;;; +127D;ETHIOPIC SYLLABLE CE;Lo;0;L;;;;;N;;;;; +127E;ETHIOPIC SYLLABLE CO;Lo;0;L;;;;;N;;;;; +127F;ETHIOPIC SYLLABLE CWA;Lo;0;L;;;;;N;;;;; +1280;ETHIOPIC SYLLABLE XA;Lo;0;L;;;;;N;;;;; +1281;ETHIOPIC SYLLABLE XU;Lo;0;L;;;;;N;;;;; +1282;ETHIOPIC SYLLABLE XI;Lo;0;L;;;;;N;;;;; +1283;ETHIOPIC SYLLABLE XAA;Lo;0;L;;;;;N;;;;; +1284;ETHIOPIC SYLLABLE XEE;Lo;0;L;;;;;N;;;;; +1285;ETHIOPIC SYLLABLE XE;Lo;0;L;;;;;N;;;;; +1286;ETHIOPIC SYLLABLE XO;Lo;0;L;;;;;N;;;;; +1288;ETHIOPIC SYLLABLE XWA;Lo;0;L;;;;;N;;;;; +128A;ETHIOPIC SYLLABLE XWI;Lo;0;L;;;;;N;;;;; +128B;ETHIOPIC SYLLABLE XWAA;Lo;0;L;;;;;N;;;;; +128C;ETHIOPIC SYLLABLE XWEE;Lo;0;L;;;;;N;;;;; +128D;ETHIOPIC SYLLABLE XWE;Lo;0;L;;;;;N;;;;; +1290;ETHIOPIC SYLLABLE NA;Lo;0;L;;;;;N;;;;; +1291;ETHIOPIC SYLLABLE NU;Lo;0;L;;;;;N;;;;; +1292;ETHIOPIC SYLLABLE NI;Lo;0;L;;;;;N;;;;; +1293;ETHIOPIC SYLLABLE NAA;Lo;0;L;;;;;N;;;;; +1294;ETHIOPIC SYLLABLE NEE;Lo;0;L;;;;;N;;;;; +1295;ETHIOPIC SYLLABLE NE;Lo;0;L;;;;;N;;;;; +1296;ETHIOPIC SYLLABLE NO;Lo;0;L;;;;;N;;;;; +1297;ETHIOPIC SYLLABLE NWA;Lo;0;L;;;;;N;;;;; +1298;ETHIOPIC SYLLABLE NYA;Lo;0;L;;;;;N;;;;; +1299;ETHIOPIC SYLLABLE NYU;Lo;0;L;;;;;N;;;;; +129A;ETHIOPIC SYLLABLE NYI;Lo;0;L;;;;;N;;;;; +129B;ETHIOPIC SYLLABLE NYAA;Lo;0;L;;;;;N;;;;; +129C;ETHIOPIC SYLLABLE NYEE;Lo;0;L;;;;;N;;;;; +129D;ETHIOPIC SYLLABLE NYE;Lo;0;L;;;;;N;;;;; +129E;ETHIOPIC SYLLABLE NYO;Lo;0;L;;;;;N;;;;; +129F;ETHIOPIC SYLLABLE NYWA;Lo;0;L;;;;;N;;;;; +12A0;ETHIOPIC SYLLABLE GLOTTAL A;Lo;0;L;;;;;N;;;;; +12A1;ETHIOPIC SYLLABLE GLOTTAL U;Lo;0;L;;;;;N;;;;; +12A2;ETHIOPIC SYLLABLE GLOTTAL I;Lo;0;L;;;;;N;;;;; +12A3;ETHIOPIC SYLLABLE GLOTTAL AA;Lo;0;L;;;;;N;;;;; +12A4;ETHIOPIC SYLLABLE GLOTTAL EE;Lo;0;L;;;;;N;;;;; +12A5;ETHIOPIC SYLLABLE GLOTTAL E;Lo;0;L;;;;;N;;;;; +12A6;ETHIOPIC SYLLABLE GLOTTAL O;Lo;0;L;;;;;N;;;;; +12A7;ETHIOPIC SYLLABLE GLOTTAL WA;Lo;0;L;;;;;N;;;;; +12A8;ETHIOPIC SYLLABLE KA;Lo;0;L;;;;;N;;;;; +12A9;ETHIOPIC SYLLABLE KU;Lo;0;L;;;;;N;;;;; +12AA;ETHIOPIC SYLLABLE KI;Lo;0;L;;;;;N;;;;; +12AB;ETHIOPIC SYLLABLE KAA;Lo;0;L;;;;;N;;;;; +12AC;ETHIOPIC SYLLABLE KEE;Lo;0;L;;;;;N;;;;; +12AD;ETHIOPIC SYLLABLE KE;Lo;0;L;;;;;N;;;;; +12AE;ETHIOPIC SYLLABLE KO;Lo;0;L;;;;;N;;;;; +12B0;ETHIOPIC SYLLABLE KWA;Lo;0;L;;;;;N;;;;; +12B2;ETHIOPIC SYLLABLE KWI;Lo;0;L;;;;;N;;;;; +12B3;ETHIOPIC SYLLABLE KWAA;Lo;0;L;;;;;N;;;;; +12B4;ETHIOPIC SYLLABLE KWEE;Lo;0;L;;;;;N;;;;; +12B5;ETHIOPIC SYLLABLE KWE;Lo;0;L;;;;;N;;;;; +12B8;ETHIOPIC SYLLABLE KXA;Lo;0;L;;;;;N;;;;; +12B9;ETHIOPIC SYLLABLE KXU;Lo;0;L;;;;;N;;;;; +12BA;ETHIOPIC SYLLABLE KXI;Lo;0;L;;;;;N;;;;; +12BB;ETHIOPIC SYLLABLE KXAA;Lo;0;L;;;;;N;;;;; +12BC;ETHIOPIC SYLLABLE KXEE;Lo;0;L;;;;;N;;;;; +12BD;ETHIOPIC SYLLABLE KXE;Lo;0;L;;;;;N;;;;; +12BE;ETHIOPIC SYLLABLE KXO;Lo;0;L;;;;;N;;;;; +12C0;ETHIOPIC SYLLABLE KXWA;Lo;0;L;;;;;N;;;;; +12C2;ETHIOPIC SYLLABLE KXWI;Lo;0;L;;;;;N;;;;; +12C3;ETHIOPIC SYLLABLE KXWAA;Lo;0;L;;;;;N;;;;; +12C4;ETHIOPIC SYLLABLE KXWEE;Lo;0;L;;;;;N;;;;; +12C5;ETHIOPIC SYLLABLE KXWE;Lo;0;L;;;;;N;;;;; +12C8;ETHIOPIC SYLLABLE WA;Lo;0;L;;;;;N;;;;; +12C9;ETHIOPIC SYLLABLE WU;Lo;0;L;;;;;N;;;;; +12CA;ETHIOPIC SYLLABLE WI;Lo;0;L;;;;;N;;;;; +12CB;ETHIOPIC SYLLABLE WAA;Lo;0;L;;;;;N;;;;; +12CC;ETHIOPIC SYLLABLE WEE;Lo;0;L;;;;;N;;;;; +12CD;ETHIOPIC SYLLABLE WE;Lo;0;L;;;;;N;;;;; +12CE;ETHIOPIC SYLLABLE WO;Lo;0;L;;;;;N;;;;; +12D0;ETHIOPIC SYLLABLE PHARYNGEAL A;Lo;0;L;;;;;N;;;;; +12D1;ETHIOPIC SYLLABLE PHARYNGEAL U;Lo;0;L;;;;;N;;;;; +12D2;ETHIOPIC SYLLABLE PHARYNGEAL I;Lo;0;L;;;;;N;;;;; +12D3;ETHIOPIC SYLLABLE PHARYNGEAL AA;Lo;0;L;;;;;N;;;;; +12D4;ETHIOPIC SYLLABLE PHARYNGEAL EE;Lo;0;L;;;;;N;;;;; +12D5;ETHIOPIC SYLLABLE PHARYNGEAL E;Lo;0;L;;;;;N;;;;; +12D6;ETHIOPIC SYLLABLE PHARYNGEAL O;Lo;0;L;;;;;N;;;;; +12D8;ETHIOPIC SYLLABLE ZA;Lo;0;L;;;;;N;;;;; +12D9;ETHIOPIC SYLLABLE ZU;Lo;0;L;;;;;N;;;;; +12DA;ETHIOPIC SYLLABLE ZI;Lo;0;L;;;;;N;;;;; +12DB;ETHIOPIC SYLLABLE ZAA;Lo;0;L;;;;;N;;;;; +12DC;ETHIOPIC SYLLABLE ZEE;Lo;0;L;;;;;N;;;;; +12DD;ETHIOPIC SYLLABLE ZE;Lo;0;L;;;;;N;;;;; +12DE;ETHIOPIC SYLLABLE ZO;Lo;0;L;;;;;N;;;;; +12DF;ETHIOPIC SYLLABLE ZWA;Lo;0;L;;;;;N;;;;; +12E0;ETHIOPIC SYLLABLE ZHA;Lo;0;L;;;;;N;;;;; +12E1;ETHIOPIC SYLLABLE ZHU;Lo;0;L;;;;;N;;;;; +12E2;ETHIOPIC SYLLABLE ZHI;Lo;0;L;;;;;N;;;;; +12E3;ETHIOPIC SYLLABLE ZHAA;Lo;0;L;;;;;N;;;;; +12E4;ETHIOPIC SYLLABLE ZHEE;Lo;0;L;;;;;N;;;;; +12E5;ETHIOPIC SYLLABLE ZHE;Lo;0;L;;;;;N;;;;; +12E6;ETHIOPIC SYLLABLE ZHO;Lo;0;L;;;;;N;;;;; +12E7;ETHIOPIC SYLLABLE ZHWA;Lo;0;L;;;;;N;;;;; +12E8;ETHIOPIC SYLLABLE YA;Lo;0;L;;;;;N;;;;; +12E9;ETHIOPIC SYLLABLE YU;Lo;0;L;;;;;N;;;;; +12EA;ETHIOPIC SYLLABLE YI;Lo;0;L;;;;;N;;;;; +12EB;ETHIOPIC SYLLABLE YAA;Lo;0;L;;;;;N;;;;; +12EC;ETHIOPIC SYLLABLE YEE;Lo;0;L;;;;;N;;;;; +12ED;ETHIOPIC SYLLABLE YE;Lo;0;L;;;;;N;;;;; +12EE;ETHIOPIC SYLLABLE YO;Lo;0;L;;;;;N;;;;; +12F0;ETHIOPIC SYLLABLE DA;Lo;0;L;;;;;N;;;;; +12F1;ETHIOPIC SYLLABLE DU;Lo;0;L;;;;;N;;;;; +12F2;ETHIOPIC SYLLABLE DI;Lo;0;L;;;;;N;;;;; +12F3;ETHIOPIC SYLLABLE DAA;Lo;0;L;;;;;N;;;;; +12F4;ETHIOPIC SYLLABLE DEE;Lo;0;L;;;;;N;;;;; +12F5;ETHIOPIC SYLLABLE DE;Lo;0;L;;;;;N;;;;; +12F6;ETHIOPIC SYLLABLE DO;Lo;0;L;;;;;N;;;;; +12F7;ETHIOPIC SYLLABLE DWA;Lo;0;L;;;;;N;;;;; +12F8;ETHIOPIC SYLLABLE DDA;Lo;0;L;;;;;N;;;;; +12F9;ETHIOPIC SYLLABLE DDU;Lo;0;L;;;;;N;;;;; +12FA;ETHIOPIC SYLLABLE DDI;Lo;0;L;;;;;N;;;;; +12FB;ETHIOPIC SYLLABLE DDAA;Lo;0;L;;;;;N;;;;; +12FC;ETHIOPIC SYLLABLE DDEE;Lo;0;L;;;;;N;;;;; +12FD;ETHIOPIC SYLLABLE DDE;Lo;0;L;;;;;N;;;;; +12FE;ETHIOPIC SYLLABLE DDO;Lo;0;L;;;;;N;;;;; +12FF;ETHIOPIC SYLLABLE DDWA;Lo;0;L;;;;;N;;;;; +1300;ETHIOPIC SYLLABLE JA;Lo;0;L;;;;;N;;;;; +1301;ETHIOPIC SYLLABLE JU;Lo;0;L;;;;;N;;;;; +1302;ETHIOPIC SYLLABLE JI;Lo;0;L;;;;;N;;;;; +1303;ETHIOPIC SYLLABLE JAA;Lo;0;L;;;;;N;;;;; +1304;ETHIOPIC SYLLABLE JEE;Lo;0;L;;;;;N;;;;; +1305;ETHIOPIC SYLLABLE JE;Lo;0;L;;;;;N;;;;; +1306;ETHIOPIC SYLLABLE JO;Lo;0;L;;;;;N;;;;; +1307;ETHIOPIC SYLLABLE JWA;Lo;0;L;;;;;N;;;;; +1308;ETHIOPIC SYLLABLE GA;Lo;0;L;;;;;N;;;;; +1309;ETHIOPIC SYLLABLE GU;Lo;0;L;;;;;N;;;;; +130A;ETHIOPIC SYLLABLE GI;Lo;0;L;;;;;N;;;;; +130B;ETHIOPIC SYLLABLE GAA;Lo;0;L;;;;;N;;;;; +130C;ETHIOPIC SYLLABLE GEE;Lo;0;L;;;;;N;;;;; +130D;ETHIOPIC SYLLABLE GE;Lo;0;L;;;;;N;;;;; +130E;ETHIOPIC SYLLABLE GO;Lo;0;L;;;;;N;;;;; +1310;ETHIOPIC SYLLABLE GWA;Lo;0;L;;;;;N;;;;; +1312;ETHIOPIC SYLLABLE GWI;Lo;0;L;;;;;N;;;;; +1313;ETHIOPIC SYLLABLE GWAA;Lo;0;L;;;;;N;;;;; +1314;ETHIOPIC SYLLABLE GWEE;Lo;0;L;;;;;N;;;;; +1315;ETHIOPIC SYLLABLE GWE;Lo;0;L;;;;;N;;;;; +1318;ETHIOPIC SYLLABLE GGA;Lo;0;L;;;;;N;;;;; +1319;ETHIOPIC SYLLABLE GGU;Lo;0;L;;;;;N;;;;; +131A;ETHIOPIC SYLLABLE GGI;Lo;0;L;;;;;N;;;;; +131B;ETHIOPIC SYLLABLE GGAA;Lo;0;L;;;;;N;;;;; +131C;ETHIOPIC SYLLABLE GGEE;Lo;0;L;;;;;N;;;;; +131D;ETHIOPIC SYLLABLE GGE;Lo;0;L;;;;;N;;;;; +131E;ETHIOPIC SYLLABLE GGO;Lo;0;L;;;;;N;;;;; +1320;ETHIOPIC SYLLABLE THA;Lo;0;L;;;;;N;;;;; +1321;ETHIOPIC SYLLABLE THU;Lo;0;L;;;;;N;;;;; +1322;ETHIOPIC SYLLABLE THI;Lo;0;L;;;;;N;;;;; +1323;ETHIOPIC SYLLABLE THAA;Lo;0;L;;;;;N;;;;; +1324;ETHIOPIC SYLLABLE THEE;Lo;0;L;;;;;N;;;;; +1325;ETHIOPIC SYLLABLE THE;Lo;0;L;;;;;N;;;;; +1326;ETHIOPIC SYLLABLE THO;Lo;0;L;;;;;N;;;;; +1327;ETHIOPIC SYLLABLE THWA;Lo;0;L;;;;;N;;;;; +1328;ETHIOPIC SYLLABLE CHA;Lo;0;L;;;;;N;;;;; +1329;ETHIOPIC SYLLABLE CHU;Lo;0;L;;;;;N;;;;; +132A;ETHIOPIC SYLLABLE CHI;Lo;0;L;;;;;N;;;;; +132B;ETHIOPIC SYLLABLE CHAA;Lo;0;L;;;;;N;;;;; +132C;ETHIOPIC SYLLABLE CHEE;Lo;0;L;;;;;N;;;;; +132D;ETHIOPIC SYLLABLE CHE;Lo;0;L;;;;;N;;;;; +132E;ETHIOPIC SYLLABLE CHO;Lo;0;L;;;;;N;;;;; +132F;ETHIOPIC SYLLABLE CHWA;Lo;0;L;;;;;N;;;;; +1330;ETHIOPIC SYLLABLE PHA;Lo;0;L;;;;;N;;;;; +1331;ETHIOPIC SYLLABLE PHU;Lo;0;L;;;;;N;;;;; +1332;ETHIOPIC SYLLABLE PHI;Lo;0;L;;;;;N;;;;; +1333;ETHIOPIC SYLLABLE PHAA;Lo;0;L;;;;;N;;;;; +1334;ETHIOPIC SYLLABLE PHEE;Lo;0;L;;;;;N;;;;; +1335;ETHIOPIC SYLLABLE PHE;Lo;0;L;;;;;N;;;;; +1336;ETHIOPIC SYLLABLE PHO;Lo;0;L;;;;;N;;;;; +1337;ETHIOPIC SYLLABLE PHWA;Lo;0;L;;;;;N;;;;; +1338;ETHIOPIC SYLLABLE TSA;Lo;0;L;;;;;N;;;;; +1339;ETHIOPIC SYLLABLE TSU;Lo;0;L;;;;;N;;;;; +133A;ETHIOPIC SYLLABLE TSI;Lo;0;L;;;;;N;;;;; +133B;ETHIOPIC SYLLABLE TSAA;Lo;0;L;;;;;N;;;;; +133C;ETHIOPIC SYLLABLE TSEE;Lo;0;L;;;;;N;;;;; +133D;ETHIOPIC SYLLABLE TSE;Lo;0;L;;;;;N;;;;; +133E;ETHIOPIC SYLLABLE TSO;Lo;0;L;;;;;N;;;;; +133F;ETHIOPIC SYLLABLE TSWA;Lo;0;L;;;;;N;;;;; +1340;ETHIOPIC SYLLABLE TZA;Lo;0;L;;;;;N;;;;; +1341;ETHIOPIC SYLLABLE TZU;Lo;0;L;;;;;N;;;;; +1342;ETHIOPIC SYLLABLE TZI;Lo;0;L;;;;;N;;;;; +1343;ETHIOPIC SYLLABLE TZAA;Lo;0;L;;;;;N;;;;; +1344;ETHIOPIC SYLLABLE TZEE;Lo;0;L;;;;;N;;;;; +1345;ETHIOPIC SYLLABLE TZE;Lo;0;L;;;;;N;;;;; +1346;ETHIOPIC SYLLABLE TZO;Lo;0;L;;;;;N;;;;; +1348;ETHIOPIC SYLLABLE FA;Lo;0;L;;;;;N;;;;; +1349;ETHIOPIC SYLLABLE FU;Lo;0;L;;;;;N;;;;; +134A;ETHIOPIC SYLLABLE FI;Lo;0;L;;;;;N;;;;; +134B;ETHIOPIC SYLLABLE FAA;Lo;0;L;;;;;N;;;;; +134C;ETHIOPIC SYLLABLE FEE;Lo;0;L;;;;;N;;;;; +134D;ETHIOPIC SYLLABLE FE;Lo;0;L;;;;;N;;;;; +134E;ETHIOPIC SYLLABLE FO;Lo;0;L;;;;;N;;;;; +134F;ETHIOPIC SYLLABLE FWA;Lo;0;L;;;;;N;;;;; +1350;ETHIOPIC SYLLABLE PA;Lo;0;L;;;;;N;;;;; +1351;ETHIOPIC SYLLABLE PU;Lo;0;L;;;;;N;;;;; +1352;ETHIOPIC SYLLABLE PI;Lo;0;L;;;;;N;;;;; +1353;ETHIOPIC SYLLABLE PAA;Lo;0;L;;;;;N;;;;; +1354;ETHIOPIC SYLLABLE PEE;Lo;0;L;;;;;N;;;;; +1355;ETHIOPIC SYLLABLE PE;Lo;0;L;;;;;N;;;;; +1356;ETHIOPIC SYLLABLE PO;Lo;0;L;;;;;N;;;;; +1357;ETHIOPIC SYLLABLE PWA;Lo;0;L;;;;;N;;;;; +1358;ETHIOPIC SYLLABLE RYA;Lo;0;L;;;;;N;;;;; +1359;ETHIOPIC SYLLABLE MYA;Lo;0;L;;;;;N;;;;; +135A;ETHIOPIC SYLLABLE FYA;Lo;0;L;;;;;N;;;;; +1361;ETHIOPIC WORDSPACE;Po;0;L;;;;;N;;;;; +1362;ETHIOPIC FULL STOP;Po;0;L;;;;;N;;;;; +1363;ETHIOPIC COMMA;Po;0;L;;;;;N;;;;; +1364;ETHIOPIC SEMICOLON;Po;0;L;;;;;N;;;;; +1365;ETHIOPIC COLON;Po;0;L;;;;;N;;;;; +1366;ETHIOPIC PREFACE COLON;Po;0;L;;;;;N;;;;; +1367;ETHIOPIC QUESTION MARK;Po;0;L;;;;;N;;;;; +1368;ETHIOPIC PARAGRAPH SEPARATOR;Po;0;L;;;;;N;;;;; +1369;ETHIOPIC DIGIT ONE;Nd;0;L;;;1;1;N;;;;; +136A;ETHIOPIC DIGIT TWO;Nd;0;L;;;2;2;N;;;;; +136B;ETHIOPIC DIGIT THREE;Nd;0;L;;;3;3;N;;;;; +136C;ETHIOPIC DIGIT FOUR;Nd;0;L;;;4;4;N;;;;; +136D;ETHIOPIC DIGIT FIVE;Nd;0;L;;;5;5;N;;;;; +136E;ETHIOPIC DIGIT SIX;Nd;0;L;;;6;6;N;;;;; +136F;ETHIOPIC DIGIT SEVEN;Nd;0;L;;;7;7;N;;;;; +1370;ETHIOPIC DIGIT EIGHT;Nd;0;L;;;8;8;N;;;;; +1371;ETHIOPIC DIGIT NINE;Nd;0;L;;;9;9;N;;;;; +1372;ETHIOPIC NUMBER TEN;No;0;L;;;;10;N;;;;; +1373;ETHIOPIC NUMBER TWENTY;No;0;L;;;;20;N;;;;; +1374;ETHIOPIC NUMBER THIRTY;No;0;L;;;;30;N;;;;; +1375;ETHIOPIC NUMBER FORTY;No;0;L;;;;40;N;;;;; +1376;ETHIOPIC NUMBER FIFTY;No;0;L;;;;50;N;;;;; +1377;ETHIOPIC NUMBER SIXTY;No;0;L;;;;60;N;;;;; +1378;ETHIOPIC NUMBER SEVENTY;No;0;L;;;;70;N;;;;; +1379;ETHIOPIC NUMBER EIGHTY;No;0;L;;;;80;N;;;;; +137A;ETHIOPIC NUMBER NINETY;No;0;L;;;;90;N;;;;; +137B;ETHIOPIC NUMBER HUNDRED;No;0;L;;;;100;N;;;;; +137C;ETHIOPIC NUMBER TEN THOUSAND;No;0;L;;;;10000;N;;;;; +13A0;CHEROKEE LETTER A;Lo;0;L;;;;;N;;;;; +13A1;CHEROKEE LETTER E;Lo;0;L;;;;;N;;;;; +13A2;CHEROKEE LETTER I;Lo;0;L;;;;;N;;;;; +13A3;CHEROKEE LETTER O;Lo;0;L;;;;;N;;;;; +13A4;CHEROKEE LETTER U;Lo;0;L;;;;;N;;;;; +13A5;CHEROKEE LETTER V;Lo;0;L;;;;;N;;;;; +13A6;CHEROKEE LETTER GA;Lo;0;L;;;;;N;;;;; +13A7;CHEROKEE LETTER KA;Lo;0;L;;;;;N;;;;; +13A8;CHEROKEE LETTER GE;Lo;0;L;;;;;N;;;;; +13A9;CHEROKEE LETTER GI;Lo;0;L;;;;;N;;;;; +13AA;CHEROKEE LETTER GO;Lo;0;L;;;;;N;;;;; +13AB;CHEROKEE LETTER GU;Lo;0;L;;;;;N;;;;; +13AC;CHEROKEE LETTER GV;Lo;0;L;;;;;N;;;;; +13AD;CHEROKEE LETTER HA;Lo;0;L;;;;;N;;;;; +13AE;CHEROKEE LETTER HE;Lo;0;L;;;;;N;;;;; +13AF;CHEROKEE LETTER HI;Lo;0;L;;;;;N;;;;; +13B0;CHEROKEE LETTER HO;Lo;0;L;;;;;N;;;;; +13B1;CHEROKEE LETTER HU;Lo;0;L;;;;;N;;;;; +13B2;CHEROKEE LETTER HV;Lo;0;L;;;;;N;;;;; +13B3;CHEROKEE LETTER LA;Lo;0;L;;;;;N;;;;; +13B4;CHEROKEE LETTER LE;Lo;0;L;;;;;N;;;;; +13B5;CHEROKEE LETTER LI;Lo;0;L;;;;;N;;;;; +13B6;CHEROKEE LETTER LO;Lo;0;L;;;;;N;;;;; +13B7;CHEROKEE LETTER LU;Lo;0;L;;;;;N;;;;; +13B8;CHEROKEE LETTER LV;Lo;0;L;;;;;N;;;;; +13B9;CHEROKEE LETTER MA;Lo;0;L;;;;;N;;;;; +13BA;CHEROKEE LETTER ME;Lo;0;L;;;;;N;;;;; +13BB;CHEROKEE LETTER MI;Lo;0;L;;;;;N;;;;; +13BC;CHEROKEE LETTER MO;Lo;0;L;;;;;N;;;;; +13BD;CHEROKEE LETTER MU;Lo;0;L;;;;;N;;;;; +13BE;CHEROKEE LETTER NA;Lo;0;L;;;;;N;;;;; +13BF;CHEROKEE LETTER HNA;Lo;0;L;;;;;N;;;;; +13C0;CHEROKEE LETTER NAH;Lo;0;L;;;;;N;;;;; +13C1;CHEROKEE LETTER NE;Lo;0;L;;;;;N;;;;; +13C2;CHEROKEE LETTER NI;Lo;0;L;;;;;N;;;;; +13C3;CHEROKEE LETTER NO;Lo;0;L;;;;;N;;;;; +13C4;CHEROKEE LETTER NU;Lo;0;L;;;;;N;;;;; +13C5;CHEROKEE LETTER NV;Lo;0;L;;;;;N;;;;; +13C6;CHEROKEE LETTER QUA;Lo;0;L;;;;;N;;;;; +13C7;CHEROKEE LETTER QUE;Lo;0;L;;;;;N;;;;; +13C8;CHEROKEE LETTER QUI;Lo;0;L;;;;;N;;;;; +13C9;CHEROKEE LETTER QUO;Lo;0;L;;;;;N;;;;; +13CA;CHEROKEE LETTER QUU;Lo;0;L;;;;;N;;;;; +13CB;CHEROKEE LETTER QUV;Lo;0;L;;;;;N;;;;; +13CC;CHEROKEE LETTER SA;Lo;0;L;;;;;N;;;;; +13CD;CHEROKEE LETTER S;Lo;0;L;;;;;N;;;;; +13CE;CHEROKEE LETTER SE;Lo;0;L;;;;;N;;;;; +13CF;CHEROKEE LETTER SI;Lo;0;L;;;;;N;;;;; +13D0;CHEROKEE LETTER SO;Lo;0;L;;;;;N;;;;; +13D1;CHEROKEE LETTER SU;Lo;0;L;;;;;N;;;;; +13D2;CHEROKEE LETTER SV;Lo;0;L;;;;;N;;;;; +13D3;CHEROKEE LETTER DA;Lo;0;L;;;;;N;;;;; +13D4;CHEROKEE LETTER TA;Lo;0;L;;;;;N;;;;; +13D5;CHEROKEE LETTER DE;Lo;0;L;;;;;N;;;;; +13D6;CHEROKEE LETTER TE;Lo;0;L;;;;;N;;;;; +13D7;CHEROKEE LETTER DI;Lo;0;L;;;;;N;;;;; +13D8;CHEROKEE LETTER TI;Lo;0;L;;;;;N;;;;; +13D9;CHEROKEE LETTER DO;Lo;0;L;;;;;N;;;;; +13DA;CHEROKEE LETTER DU;Lo;0;L;;;;;N;;;;; +13DB;CHEROKEE LETTER DV;Lo;0;L;;;;;N;;;;; +13DC;CHEROKEE LETTER DLA;Lo;0;L;;;;;N;;;;; +13DD;CHEROKEE LETTER TLA;Lo;0;L;;;;;N;;;;; +13DE;CHEROKEE LETTER TLE;Lo;0;L;;;;;N;;;;; +13DF;CHEROKEE LETTER TLI;Lo;0;L;;;;;N;;;;; +13E0;CHEROKEE LETTER TLO;Lo;0;L;;;;;N;;;;; +13E1;CHEROKEE LETTER TLU;Lo;0;L;;;;;N;;;;; +13E2;CHEROKEE LETTER TLV;Lo;0;L;;;;;N;;;;; +13E3;CHEROKEE LETTER TSA;Lo;0;L;;;;;N;;;;; +13E4;CHEROKEE LETTER TSE;Lo;0;L;;;;;N;;;;; +13E5;CHEROKEE LETTER TSI;Lo;0;L;;;;;N;;;;; +13E6;CHEROKEE LETTER TSO;Lo;0;L;;;;;N;;;;; +13E7;CHEROKEE LETTER TSU;Lo;0;L;;;;;N;;;;; +13E8;CHEROKEE LETTER TSV;Lo;0;L;;;;;N;;;;; +13E9;CHEROKEE LETTER WA;Lo;0;L;;;;;N;;;;; +13EA;CHEROKEE LETTER WE;Lo;0;L;;;;;N;;;;; +13EB;CHEROKEE LETTER WI;Lo;0;L;;;;;N;;;;; +13EC;CHEROKEE LETTER WO;Lo;0;L;;;;;N;;;;; +13ED;CHEROKEE LETTER WU;Lo;0;L;;;;;N;;;;; +13EE;CHEROKEE LETTER WV;Lo;0;L;;;;;N;;;;; +13EF;CHEROKEE LETTER YA;Lo;0;L;;;;;N;;;;; +13F0;CHEROKEE LETTER YE;Lo;0;L;;;;;N;;;;; +13F1;CHEROKEE LETTER YI;Lo;0;L;;;;;N;;;;; +13F2;CHEROKEE LETTER YO;Lo;0;L;;;;;N;;;;; +13F3;CHEROKEE LETTER YU;Lo;0;L;;;;;N;;;;; +13F4;CHEROKEE LETTER YV;Lo;0;L;;;;;N;;;;; +1401;CANADIAN SYLLABICS E;Lo;0;L;;;;;N;;;;; +1402;CANADIAN SYLLABICS AAI;Lo;0;L;;;;;N;;;;; +1403;CANADIAN SYLLABICS I;Lo;0;L;;;;;N;;;;; +1404;CANADIAN SYLLABICS II;Lo;0;L;;;;;N;;;;; +1405;CANADIAN SYLLABICS O;Lo;0;L;;;;;N;;;;; +1406;CANADIAN SYLLABICS OO;Lo;0;L;;;;;N;;;;; +1407;CANADIAN SYLLABICS Y-CREE OO;Lo;0;L;;;;;N;;;;; +1408;CANADIAN SYLLABICS CARRIER EE;Lo;0;L;;;;;N;;;;; +1409;CANADIAN SYLLABICS CARRIER I;Lo;0;L;;;;;N;;;;; +140A;CANADIAN SYLLABICS A;Lo;0;L;;;;;N;;;;; +140B;CANADIAN SYLLABICS AA;Lo;0;L;;;;;N;;;;; +140C;CANADIAN SYLLABICS WE;Lo;0;L;;;;;N;;;;; +140D;CANADIAN SYLLABICS WEST-CREE WE;Lo;0;L;;;;;N;;;;; +140E;CANADIAN SYLLABICS WI;Lo;0;L;;;;;N;;;;; +140F;CANADIAN SYLLABICS WEST-CREE WI;Lo;0;L;;;;;N;;;;; +1410;CANADIAN SYLLABICS WII;Lo;0;L;;;;;N;;;;; +1411;CANADIAN SYLLABICS WEST-CREE WII;Lo;0;L;;;;;N;;;;; +1412;CANADIAN SYLLABICS WO;Lo;0;L;;;;;N;;;;; +1413;CANADIAN SYLLABICS WEST-CREE WO;Lo;0;L;;;;;N;;;;; +1414;CANADIAN SYLLABICS WOO;Lo;0;L;;;;;N;;;;; +1415;CANADIAN SYLLABICS WEST-CREE WOO;Lo;0;L;;;;;N;;;;; +1416;CANADIAN SYLLABICS NASKAPI WOO;Lo;0;L;;;;;N;;;;; +1417;CANADIAN SYLLABICS WA;Lo;0;L;;;;;N;;;;; +1418;CANADIAN SYLLABICS WEST-CREE WA;Lo;0;L;;;;;N;;;;; +1419;CANADIAN SYLLABICS WAA;Lo;0;L;;;;;N;;;;; +141A;CANADIAN SYLLABICS WEST-CREE WAA;Lo;0;L;;;;;N;;;;; +141B;CANADIAN SYLLABICS NASKAPI WAA;Lo;0;L;;;;;N;;;;; +141C;CANADIAN SYLLABICS AI;Lo;0;L;;;;;N;;;;; +141D;CANADIAN SYLLABICS Y-CREE W;Lo;0;L;;;;;N;;;;; +141E;CANADIAN SYLLABICS GLOTTAL STOP;Lo;0;L;;;;;N;;;;; +141F;CANADIAN SYLLABICS FINAL ACUTE;Lo;0;L;;;;;N;;;;; +1420;CANADIAN SYLLABICS FINAL GRAVE;Lo;0;L;;;;;N;;;;; +1421;CANADIAN SYLLABICS FINAL BOTTOM HALF RING;Lo;0;L;;;;;N;;;;; +1422;CANADIAN SYLLABICS FINAL TOP HALF RING;Lo;0;L;;;;;N;;;;; +1423;CANADIAN SYLLABICS FINAL RIGHT HALF RING;Lo;0;L;;;;;N;;;;; +1424;CANADIAN SYLLABICS FINAL RING;Lo;0;L;;;;;N;;;;; +1425;CANADIAN SYLLABICS FINAL DOUBLE ACUTE;Lo;0;L;;;;;N;;;;; +1426;CANADIAN SYLLABICS FINAL DOUBLE SHORT VERTICAL STROKES;Lo;0;L;;;;;N;;;;; +1427;CANADIAN SYLLABICS FINAL MIDDLE DOT;Lo;0;L;;;;;N;;;;; +1428;CANADIAN SYLLABICS FINAL SHORT HORIZONTAL STROKE;Lo;0;L;;;;;N;;;;; +1429;CANADIAN SYLLABICS FINAL PLUS;Lo;0;L;;;;;N;;;;; +142A;CANADIAN SYLLABICS FINAL DOWN TACK;Lo;0;L;;;;;N;;;;; +142B;CANADIAN SYLLABICS EN;Lo;0;L;;;;;N;;;;; +142C;CANADIAN SYLLABICS IN;Lo;0;L;;;;;N;;;;; +142D;CANADIAN SYLLABICS ON;Lo;0;L;;;;;N;;;;; +142E;CANADIAN SYLLABICS AN;Lo;0;L;;;;;N;;;;; +142F;CANADIAN SYLLABICS PE;Lo;0;L;;;;;N;;;;; +1430;CANADIAN SYLLABICS PAAI;Lo;0;L;;;;;N;;;;; +1431;CANADIAN SYLLABICS PI;Lo;0;L;;;;;N;;;;; +1432;CANADIAN SYLLABICS PII;Lo;0;L;;;;;N;;;;; +1433;CANADIAN SYLLABICS PO;Lo;0;L;;;;;N;;;;; +1434;CANADIAN SYLLABICS POO;Lo;0;L;;;;;N;;;;; +1435;CANADIAN SYLLABICS Y-CREE POO;Lo;0;L;;;;;N;;;;; +1436;CANADIAN SYLLABICS CARRIER HEE;Lo;0;L;;;;;N;;;;; +1437;CANADIAN SYLLABICS CARRIER HI;Lo;0;L;;;;;N;;;;; +1438;CANADIAN SYLLABICS PA;Lo;0;L;;;;;N;;;;; +1439;CANADIAN SYLLABICS PAA;Lo;0;L;;;;;N;;;;; +143A;CANADIAN SYLLABICS PWE;Lo;0;L;;;;;N;;;;; +143B;CANADIAN SYLLABICS WEST-CREE PWE;Lo;0;L;;;;;N;;;;; +143C;CANADIAN SYLLABICS PWI;Lo;0;L;;;;;N;;;;; +143D;CANADIAN SYLLABICS WEST-CREE PWI;Lo;0;L;;;;;N;;;;; +143E;CANADIAN SYLLABICS PWII;Lo;0;L;;;;;N;;;;; +143F;CANADIAN SYLLABICS WEST-CREE PWII;Lo;0;L;;;;;N;;;;; +1440;CANADIAN SYLLABICS PWO;Lo;0;L;;;;;N;;;;; +1441;CANADIAN SYLLABICS WEST-CREE PWO;Lo;0;L;;;;;N;;;;; +1442;CANADIAN SYLLABICS PWOO;Lo;0;L;;;;;N;;;;; +1443;CANADIAN SYLLABICS WEST-CREE PWOO;Lo;0;L;;;;;N;;;;; +1444;CANADIAN SYLLABICS PWA;Lo;0;L;;;;;N;;;;; +1445;CANADIAN SYLLABICS WEST-CREE PWA;Lo;0;L;;;;;N;;;;; +1446;CANADIAN SYLLABICS PWAA;Lo;0;L;;;;;N;;;;; +1447;CANADIAN SYLLABICS WEST-CREE PWAA;Lo;0;L;;;;;N;;;;; +1448;CANADIAN SYLLABICS Y-CREE PWAA;Lo;0;L;;;;;N;;;;; +1449;CANADIAN SYLLABICS P;Lo;0;L;;;;;N;;;;; +144A;CANADIAN SYLLABICS WEST-CREE P;Lo;0;L;;;;;N;;;;; +144B;CANADIAN SYLLABICS CARRIER H;Lo;0;L;;;;;N;;;;; +144C;CANADIAN SYLLABICS TE;Lo;0;L;;;;;N;;;;; +144D;CANADIAN SYLLABICS TAAI;Lo;0;L;;;;;N;;;;; +144E;CANADIAN SYLLABICS TI;Lo;0;L;;;;;N;;;;; +144F;CANADIAN SYLLABICS TII;Lo;0;L;;;;;N;;;;; +1450;CANADIAN SYLLABICS TO;Lo;0;L;;;;;N;;;;; +1451;CANADIAN SYLLABICS TOO;Lo;0;L;;;;;N;;;;; +1452;CANADIAN SYLLABICS Y-CREE TOO;Lo;0;L;;;;;N;;;;; +1453;CANADIAN SYLLABICS CARRIER DEE;Lo;0;L;;;;;N;;;;; +1454;CANADIAN SYLLABICS CARRIER DI;Lo;0;L;;;;;N;;;;; +1455;CANADIAN SYLLABICS TA;Lo;0;L;;;;;N;;;;; +1456;CANADIAN SYLLABICS TAA;Lo;0;L;;;;;N;;;;; +1457;CANADIAN SYLLABICS TWE;Lo;0;L;;;;;N;;;;; +1458;CANADIAN SYLLABICS WEST-CREE TWE;Lo;0;L;;;;;N;;;;; +1459;CANADIAN SYLLABICS TWI;Lo;0;L;;;;;N;;;;; +145A;CANADIAN SYLLABICS WEST-CREE TWI;Lo;0;L;;;;;N;;;;; +145B;CANADIAN SYLLABICS TWII;Lo;0;L;;;;;N;;;;; +145C;CANADIAN SYLLABICS WEST-CREE TWII;Lo;0;L;;;;;N;;;;; +145D;CANADIAN SYLLABICS TWO;Lo;0;L;;;;;N;;;;; +145E;CANADIAN SYLLABICS WEST-CREE TWO;Lo;0;L;;;;;N;;;;; +145F;CANADIAN SYLLABICS TWOO;Lo;0;L;;;;;N;;;;; +1460;CANADIAN SYLLABICS WEST-CREE TWOO;Lo;0;L;;;;;N;;;;; +1461;CANADIAN SYLLABICS TWA;Lo;0;L;;;;;N;;;;; +1462;CANADIAN SYLLABICS WEST-CREE TWA;Lo;0;L;;;;;N;;;;; +1463;CANADIAN SYLLABICS TWAA;Lo;0;L;;;;;N;;;;; +1464;CANADIAN SYLLABICS WEST-CREE TWAA;Lo;0;L;;;;;N;;;;; +1465;CANADIAN SYLLABICS NASKAPI TWAA;Lo;0;L;;;;;N;;;;; +1466;CANADIAN SYLLABICS T;Lo;0;L;;;;;N;;;;; +1467;CANADIAN SYLLABICS TTE;Lo;0;L;;;;;N;;;;; +1468;CANADIAN SYLLABICS TTI;Lo;0;L;;;;;N;;;;; +1469;CANADIAN SYLLABICS TTO;Lo;0;L;;;;;N;;;;; +146A;CANADIAN SYLLABICS TTA;Lo;0;L;;;;;N;;;;; +146B;CANADIAN SYLLABICS KE;Lo;0;L;;;;;N;;;;; +146C;CANADIAN SYLLABICS KAAI;Lo;0;L;;;;;N;;;;; +146D;CANADIAN SYLLABICS KI;Lo;0;L;;;;;N;;;;; +146E;CANADIAN SYLLABICS KII;Lo;0;L;;;;;N;;;;; +146F;CANADIAN SYLLABICS KO;Lo;0;L;;;;;N;;;;; +1470;CANADIAN SYLLABICS KOO;Lo;0;L;;;;;N;;;;; +1471;CANADIAN SYLLABICS Y-CREE KOO;Lo;0;L;;;;;N;;;;; +1472;CANADIAN SYLLABICS KA;Lo;0;L;;;;;N;;;;; +1473;CANADIAN SYLLABICS KAA;Lo;0;L;;;;;N;;;;; +1474;CANADIAN SYLLABICS KWE;Lo;0;L;;;;;N;;;;; +1475;CANADIAN SYLLABICS WEST-CREE KWE;Lo;0;L;;;;;N;;;;; +1476;CANADIAN SYLLABICS KWI;Lo;0;L;;;;;N;;;;; +1477;CANADIAN SYLLABICS WEST-CREE KWI;Lo;0;L;;;;;N;;;;; +1478;CANADIAN SYLLABICS KWII;Lo;0;L;;;;;N;;;;; +1479;CANADIAN SYLLABICS WEST-CREE KWII;Lo;0;L;;;;;N;;;;; +147A;CANADIAN SYLLABICS KWO;Lo;0;L;;;;;N;;;;; +147B;CANADIAN SYLLABICS WEST-CREE KWO;Lo;0;L;;;;;N;;;;; +147C;CANADIAN SYLLABICS KWOO;Lo;0;L;;;;;N;;;;; +147D;CANADIAN SYLLABICS WEST-CREE KWOO;Lo;0;L;;;;;N;;;;; +147E;CANADIAN SYLLABICS KWA;Lo;0;L;;;;;N;;;;; +147F;CANADIAN SYLLABICS WEST-CREE KWA;Lo;0;L;;;;;N;;;;; +1480;CANADIAN SYLLABICS KWAA;Lo;0;L;;;;;N;;;;; +1481;CANADIAN SYLLABICS WEST-CREE KWAA;Lo;0;L;;;;;N;;;;; +1482;CANADIAN SYLLABICS NASKAPI KWAA;Lo;0;L;;;;;N;;;;; +1483;CANADIAN SYLLABICS K;Lo;0;L;;;;;N;;;;; +1484;CANADIAN SYLLABICS KW;Lo;0;L;;;;;N;;;;; +1485;CANADIAN SYLLABICS SOUTH-SLAVEY KEH;Lo;0;L;;;;;N;;;;; +1486;CANADIAN SYLLABICS SOUTH-SLAVEY KIH;Lo;0;L;;;;;N;;;;; +1487;CANADIAN SYLLABICS SOUTH-SLAVEY KOH;Lo;0;L;;;;;N;;;;; +1488;CANADIAN SYLLABICS SOUTH-SLAVEY KAH;Lo;0;L;;;;;N;;;;; +1489;CANADIAN SYLLABICS CE;Lo;0;L;;;;;N;;;;; +148A;CANADIAN SYLLABICS CAAI;Lo;0;L;;;;;N;;;;; +148B;CANADIAN SYLLABICS CI;Lo;0;L;;;;;N;;;;; +148C;CANADIAN SYLLABICS CII;Lo;0;L;;;;;N;;;;; +148D;CANADIAN SYLLABICS CO;Lo;0;L;;;;;N;;;;; +148E;CANADIAN SYLLABICS COO;Lo;0;L;;;;;N;;;;; +148F;CANADIAN SYLLABICS Y-CREE COO;Lo;0;L;;;;;N;;;;; +1490;CANADIAN SYLLABICS CA;Lo;0;L;;;;;N;;;;; +1491;CANADIAN SYLLABICS CAA;Lo;0;L;;;;;N;;;;; +1492;CANADIAN SYLLABICS CWE;Lo;0;L;;;;;N;;;;; +1493;CANADIAN SYLLABICS WEST-CREE CWE;Lo;0;L;;;;;N;;;;; +1494;CANADIAN SYLLABICS CWI;Lo;0;L;;;;;N;;;;; +1495;CANADIAN SYLLABICS WEST-CREE CWI;Lo;0;L;;;;;N;;;;; +1496;CANADIAN SYLLABICS CWII;Lo;0;L;;;;;N;;;;; +1497;CANADIAN SYLLABICS WEST-CREE CWII;Lo;0;L;;;;;N;;;;; +1498;CANADIAN SYLLABICS CWO;Lo;0;L;;;;;N;;;;; +1499;CANADIAN SYLLABICS WEST-CREE CWO;Lo;0;L;;;;;N;;;;; +149A;CANADIAN SYLLABICS CWOO;Lo;0;L;;;;;N;;;;; +149B;CANADIAN SYLLABICS WEST-CREE CWOO;Lo;0;L;;;;;N;;;;; +149C;CANADIAN SYLLABICS CWA;Lo;0;L;;;;;N;;;;; +149D;CANADIAN SYLLABICS WEST-CREE CWA;Lo;0;L;;;;;N;;;;; +149E;CANADIAN SYLLABICS CWAA;Lo;0;L;;;;;N;;;;; +149F;CANADIAN SYLLABICS WEST-CREE CWAA;Lo;0;L;;;;;N;;;;; +14A0;CANADIAN SYLLABICS NASKAPI CWAA;Lo;0;L;;;;;N;;;;; +14A1;CANADIAN SYLLABICS C;Lo;0;L;;;;;N;;;;; +14A2;CANADIAN SYLLABICS SAYISI TH;Lo;0;L;;;;;N;;;;; +14A3;CANADIAN SYLLABICS ME;Lo;0;L;;;;;N;;;;; +14A4;CANADIAN SYLLABICS MAAI;Lo;0;L;;;;;N;;;;; +14A5;CANADIAN SYLLABICS MI;Lo;0;L;;;;;N;;;;; +14A6;CANADIAN SYLLABICS MII;Lo;0;L;;;;;N;;;;; +14A7;CANADIAN SYLLABICS MO;Lo;0;L;;;;;N;;;;; +14A8;CANADIAN SYLLABICS MOO;Lo;0;L;;;;;N;;;;; +14A9;CANADIAN SYLLABICS Y-CREE MOO;Lo;0;L;;;;;N;;;;; +14AA;CANADIAN SYLLABICS MA;Lo;0;L;;;;;N;;;;; +14AB;CANADIAN SYLLABICS MAA;Lo;0;L;;;;;N;;;;; +14AC;CANADIAN SYLLABICS MWE;Lo;0;L;;;;;N;;;;; +14AD;CANADIAN SYLLABICS WEST-CREE MWE;Lo;0;L;;;;;N;;;;; +14AE;CANADIAN SYLLABICS MWI;Lo;0;L;;;;;N;;;;; +14AF;CANADIAN SYLLABICS WEST-CREE MWI;Lo;0;L;;;;;N;;;;; +14B0;CANADIAN SYLLABICS MWII;Lo;0;L;;;;;N;;;;; +14B1;CANADIAN SYLLABICS WEST-CREE MWII;Lo;0;L;;;;;N;;;;; +14B2;CANADIAN SYLLABICS MWO;Lo;0;L;;;;;N;;;;; +14B3;CANADIAN SYLLABICS WEST-CREE MWO;Lo;0;L;;;;;N;;;;; +14B4;CANADIAN SYLLABICS MWOO;Lo;0;L;;;;;N;;;;; +14B5;CANADIAN SYLLABICS WEST-CREE MWOO;Lo;0;L;;;;;N;;;;; +14B6;CANADIAN SYLLABICS MWA;Lo;0;L;;;;;N;;;;; +14B7;CANADIAN SYLLABICS WEST-CREE MWA;Lo;0;L;;;;;N;;;;; +14B8;CANADIAN SYLLABICS MWAA;Lo;0;L;;;;;N;;;;; +14B9;CANADIAN SYLLABICS WEST-CREE MWAA;Lo;0;L;;;;;N;;;;; +14BA;CANADIAN SYLLABICS NASKAPI MWAA;Lo;0;L;;;;;N;;;;; +14BB;CANADIAN SYLLABICS M;Lo;0;L;;;;;N;;;;; +14BC;CANADIAN SYLLABICS WEST-CREE M;Lo;0;L;;;;;N;;;;; +14BD;CANADIAN SYLLABICS MH;Lo;0;L;;;;;N;;;;; +14BE;CANADIAN SYLLABICS ATHAPASCAN M;Lo;0;L;;;;;N;;;;; +14BF;CANADIAN SYLLABICS SAYISI M;Lo;0;L;;;;;N;;;;; +14C0;CANADIAN SYLLABICS NE;Lo;0;L;;;;;N;;;;; +14C1;CANADIAN SYLLABICS NAAI;Lo;0;L;;;;;N;;;;; +14C2;CANADIAN SYLLABICS NI;Lo;0;L;;;;;N;;;;; +14C3;CANADIAN SYLLABICS NII;Lo;0;L;;;;;N;;;;; +14C4;CANADIAN SYLLABICS NO;Lo;0;L;;;;;N;;;;; +14C5;CANADIAN SYLLABICS NOO;Lo;0;L;;;;;N;;;;; +14C6;CANADIAN SYLLABICS Y-CREE NOO;Lo;0;L;;;;;N;;;;; +14C7;CANADIAN SYLLABICS NA;Lo;0;L;;;;;N;;;;; +14C8;CANADIAN SYLLABICS NAA;Lo;0;L;;;;;N;;;;; +14C9;CANADIAN SYLLABICS NWE;Lo;0;L;;;;;N;;;;; +14CA;CANADIAN SYLLABICS WEST-CREE NWE;Lo;0;L;;;;;N;;;;; +14CB;CANADIAN SYLLABICS NWA;Lo;0;L;;;;;N;;;;; +14CC;CANADIAN SYLLABICS WEST-CREE NWA;Lo;0;L;;;;;N;;;;; +14CD;CANADIAN SYLLABICS NWAA;Lo;0;L;;;;;N;;;;; +14CE;CANADIAN SYLLABICS WEST-CREE NWAA;Lo;0;L;;;;;N;;;;; +14CF;CANADIAN SYLLABICS NASKAPI NWAA;Lo;0;L;;;;;N;;;;; +14D0;CANADIAN SYLLABICS N;Lo;0;L;;;;;N;;;;; +14D1;CANADIAN SYLLABICS CARRIER NG;Lo;0;L;;;;;N;;;;; +14D2;CANADIAN SYLLABICS NH;Lo;0;L;;;;;N;;;;; +14D3;CANADIAN SYLLABICS LE;Lo;0;L;;;;;N;;;;; +14D4;CANADIAN SYLLABICS LAAI;Lo;0;L;;;;;N;;;;; +14D5;CANADIAN SYLLABICS LI;Lo;0;L;;;;;N;;;;; +14D6;CANADIAN SYLLABICS LII;Lo;0;L;;;;;N;;;;; +14D7;CANADIAN SYLLABICS LO;Lo;0;L;;;;;N;;;;; +14D8;CANADIAN SYLLABICS LOO;Lo;0;L;;;;;N;;;;; +14D9;CANADIAN SYLLABICS Y-CREE LOO;Lo;0;L;;;;;N;;;;; +14DA;CANADIAN SYLLABICS LA;Lo;0;L;;;;;N;;;;; +14DB;CANADIAN SYLLABICS LAA;Lo;0;L;;;;;N;;;;; +14DC;CANADIAN SYLLABICS LWE;Lo;0;L;;;;;N;;;;; +14DD;CANADIAN SYLLABICS WEST-CREE LWE;Lo;0;L;;;;;N;;;;; +14DE;CANADIAN SYLLABICS LWI;Lo;0;L;;;;;N;;;;; +14DF;CANADIAN SYLLABICS WEST-CREE LWI;Lo;0;L;;;;;N;;;;; +14E0;CANADIAN SYLLABICS LWII;Lo;0;L;;;;;N;;;;; +14E1;CANADIAN SYLLABICS WEST-CREE LWII;Lo;0;L;;;;;N;;;;; +14E2;CANADIAN SYLLABICS LWO;Lo;0;L;;;;;N;;;;; +14E3;CANADIAN SYLLABICS WEST-CREE LWO;Lo;0;L;;;;;N;;;;; +14E4;CANADIAN SYLLABICS LWOO;Lo;0;L;;;;;N;;;;; +14E5;CANADIAN SYLLABICS WEST-CREE LWOO;Lo;0;L;;;;;N;;;;; +14E6;CANADIAN SYLLABICS LWA;Lo;0;L;;;;;N;;;;; +14E7;CANADIAN SYLLABICS WEST-CREE LWA;Lo;0;L;;;;;N;;;;; +14E8;CANADIAN SYLLABICS LWAA;Lo;0;L;;;;;N;;;;; +14E9;CANADIAN SYLLABICS WEST-CREE LWAA;Lo;0;L;;;;;N;;;;; +14EA;CANADIAN SYLLABICS L;Lo;0;L;;;;;N;;;;; +14EB;CANADIAN SYLLABICS WEST-CREE L;Lo;0;L;;;;;N;;;;; +14EC;CANADIAN SYLLABICS MEDIAL L;Lo;0;L;;;;;N;;;;; +14ED;CANADIAN SYLLABICS SE;Lo;0;L;;;;;N;;;;; +14EE;CANADIAN SYLLABICS SAAI;Lo;0;L;;;;;N;;;;; +14EF;CANADIAN SYLLABICS SI;Lo;0;L;;;;;N;;;;; +14F0;CANADIAN SYLLABICS SII;Lo;0;L;;;;;N;;;;; +14F1;CANADIAN SYLLABICS SO;Lo;0;L;;;;;N;;;;; +14F2;CANADIAN SYLLABICS SOO;Lo;0;L;;;;;N;;;;; +14F3;CANADIAN SYLLABICS Y-CREE SOO;Lo;0;L;;;;;N;;;;; +14F4;CANADIAN SYLLABICS SA;Lo;0;L;;;;;N;;;;; +14F5;CANADIAN SYLLABICS SAA;Lo;0;L;;;;;N;;;;; +14F6;CANADIAN SYLLABICS SWE;Lo;0;L;;;;;N;;;;; +14F7;CANADIAN SYLLABICS WEST-CREE SWE;Lo;0;L;;;;;N;;;;; +14F8;CANADIAN SYLLABICS SWI;Lo;0;L;;;;;N;;;;; +14F9;CANADIAN SYLLABICS WEST-CREE SWI;Lo;0;L;;;;;N;;;;; +14FA;CANADIAN SYLLABICS SWII;Lo;0;L;;;;;N;;;;; +14FB;CANADIAN SYLLABICS WEST-CREE SWII;Lo;0;L;;;;;N;;;;; +14FC;CANADIAN SYLLABICS SWO;Lo;0;L;;;;;N;;;;; +14FD;CANADIAN SYLLABICS WEST-CREE SWO;Lo;0;L;;;;;N;;;;; +14FE;CANADIAN SYLLABICS SWOO;Lo;0;L;;;;;N;;;;; +14FF;CANADIAN SYLLABICS WEST-CREE SWOO;Lo;0;L;;;;;N;;;;; +1500;CANADIAN SYLLABICS SWA;Lo;0;L;;;;;N;;;;; +1501;CANADIAN SYLLABICS WEST-CREE SWA;Lo;0;L;;;;;N;;;;; +1502;CANADIAN SYLLABICS SWAA;Lo;0;L;;;;;N;;;;; +1503;CANADIAN SYLLABICS WEST-CREE SWAA;Lo;0;L;;;;;N;;;;; +1504;CANADIAN SYLLABICS NASKAPI SWAA;Lo;0;L;;;;;N;;;;; +1505;CANADIAN SYLLABICS S;Lo;0;L;;;;;N;;;;; +1506;CANADIAN SYLLABICS ATHAPASCAN S;Lo;0;L;;;;;N;;;;; +1507;CANADIAN SYLLABICS SW;Lo;0;L;;;;;N;;;;; +1508;CANADIAN SYLLABICS BLACKFOOT S;Lo;0;L;;;;;N;;;;; +1509;CANADIAN SYLLABICS MOOSE-CREE SK;Lo;0;L;;;;;N;;;;; +150A;CANADIAN SYLLABICS NASKAPI SKW;Lo;0;L;;;;;N;;;;; +150B;CANADIAN SYLLABICS NASKAPI S-W;Lo;0;L;;;;;N;;;;; +150C;CANADIAN SYLLABICS NASKAPI SPWA;Lo;0;L;;;;;N;;;;; +150D;CANADIAN SYLLABICS NASKAPI STWA;Lo;0;L;;;;;N;;;;; +150E;CANADIAN SYLLABICS NASKAPI SKWA;Lo;0;L;;;;;N;;;;; +150F;CANADIAN SYLLABICS NASKAPI SCWA;Lo;0;L;;;;;N;;;;; +1510;CANADIAN SYLLABICS SHE;Lo;0;L;;;;;N;;;;; +1511;CANADIAN SYLLABICS SHI;Lo;0;L;;;;;N;;;;; +1512;CANADIAN SYLLABICS SHII;Lo;0;L;;;;;N;;;;; +1513;CANADIAN SYLLABICS SHO;Lo;0;L;;;;;N;;;;; +1514;CANADIAN SYLLABICS SHOO;Lo;0;L;;;;;N;;;;; +1515;CANADIAN SYLLABICS SHA;Lo;0;L;;;;;N;;;;; +1516;CANADIAN SYLLABICS SHAA;Lo;0;L;;;;;N;;;;; +1517;CANADIAN SYLLABICS SHWE;Lo;0;L;;;;;N;;;;; +1518;CANADIAN SYLLABICS WEST-CREE SHWE;Lo;0;L;;;;;N;;;;; +1519;CANADIAN SYLLABICS SHWI;Lo;0;L;;;;;N;;;;; +151A;CANADIAN SYLLABICS WEST-CREE SHWI;Lo;0;L;;;;;N;;;;; +151B;CANADIAN SYLLABICS SHWII;Lo;0;L;;;;;N;;;;; +151C;CANADIAN SYLLABICS WEST-CREE SHWII;Lo;0;L;;;;;N;;;;; +151D;CANADIAN SYLLABICS SHWO;Lo;0;L;;;;;N;;;;; +151E;CANADIAN SYLLABICS WEST-CREE SHWO;Lo;0;L;;;;;N;;;;; +151F;CANADIAN SYLLABICS SHWOO;Lo;0;L;;;;;N;;;;; +1520;CANADIAN SYLLABICS WEST-CREE SHWOO;Lo;0;L;;;;;N;;;;; +1521;CANADIAN SYLLABICS SHWA;Lo;0;L;;;;;N;;;;; +1522;CANADIAN SYLLABICS WEST-CREE SHWA;Lo;0;L;;;;;N;;;;; +1523;CANADIAN SYLLABICS SHWAA;Lo;0;L;;;;;N;;;;; +1524;CANADIAN SYLLABICS WEST-CREE SHWAA;Lo;0;L;;;;;N;;;;; +1525;CANADIAN SYLLABICS SH;Lo;0;L;;;;;N;;;;; +1526;CANADIAN SYLLABICS YE;Lo;0;L;;;;;N;;;;; +1527;CANADIAN SYLLABICS YAAI;Lo;0;L;;;;;N;;;;; +1528;CANADIAN SYLLABICS YI;Lo;0;L;;;;;N;;;;; +1529;CANADIAN SYLLABICS YII;Lo;0;L;;;;;N;;;;; +152A;CANADIAN SYLLABICS YO;Lo;0;L;;;;;N;;;;; +152B;CANADIAN SYLLABICS YOO;Lo;0;L;;;;;N;;;;; +152C;CANADIAN SYLLABICS Y-CREE YOO;Lo;0;L;;;;;N;;;;; +152D;CANADIAN SYLLABICS YA;Lo;0;L;;;;;N;;;;; +152E;CANADIAN SYLLABICS YAA;Lo;0;L;;;;;N;;;;; +152F;CANADIAN SYLLABICS YWE;Lo;0;L;;;;;N;;;;; +1530;CANADIAN SYLLABICS WEST-CREE YWE;Lo;0;L;;;;;N;;;;; +1531;CANADIAN SYLLABICS YWI;Lo;0;L;;;;;N;;;;; +1532;CANADIAN SYLLABICS WEST-CREE YWI;Lo;0;L;;;;;N;;;;; +1533;CANADIAN SYLLABICS YWII;Lo;0;L;;;;;N;;;;; +1534;CANADIAN SYLLABICS WEST-CREE YWII;Lo;0;L;;;;;N;;;;; +1535;CANADIAN SYLLABICS YWO;Lo;0;L;;;;;N;;;;; +1536;CANADIAN SYLLABICS WEST-CREE YWO;Lo;0;L;;;;;N;;;;; +1537;CANADIAN SYLLABICS YWOO;Lo;0;L;;;;;N;;;;; +1538;CANADIAN SYLLABICS WEST-CREE YWOO;Lo;0;L;;;;;N;;;;; +1539;CANADIAN SYLLABICS YWA;Lo;0;L;;;;;N;;;;; +153A;CANADIAN SYLLABICS WEST-CREE YWA;Lo;0;L;;;;;N;;;;; +153B;CANADIAN SYLLABICS YWAA;Lo;0;L;;;;;N;;;;; +153C;CANADIAN SYLLABICS WEST-CREE YWAA;Lo;0;L;;;;;N;;;;; +153D;CANADIAN SYLLABICS NASKAPI YWAA;Lo;0;L;;;;;N;;;;; +153E;CANADIAN SYLLABICS Y;Lo;0;L;;;;;N;;;;; +153F;CANADIAN SYLLABICS BIBLE-CREE Y;Lo;0;L;;;;;N;;;;; +1540;CANADIAN SYLLABICS WEST-CREE Y;Lo;0;L;;;;;N;;;;; +1541;CANADIAN SYLLABICS SAYISI YI;Lo;0;L;;;;;N;;;;; +1542;CANADIAN SYLLABICS RE;Lo;0;L;;;;;N;;;;; +1543;CANADIAN SYLLABICS R-CREE RE;Lo;0;L;;;;;N;;;;; +1544;CANADIAN SYLLABICS WEST-CREE LE;Lo;0;L;;;;;N;;;;; +1545;CANADIAN SYLLABICS RAAI;Lo;0;L;;;;;N;;;;; +1546;CANADIAN SYLLABICS RI;Lo;0;L;;;;;N;;;;; +1547;CANADIAN SYLLABICS RII;Lo;0;L;;;;;N;;;;; +1548;CANADIAN SYLLABICS RO;Lo;0;L;;;;;N;;;;; +1549;CANADIAN SYLLABICS ROO;Lo;0;L;;;;;N;;;;; +154A;CANADIAN SYLLABICS WEST-CREE LO;Lo;0;L;;;;;N;;;;; +154B;CANADIAN SYLLABICS RA;Lo;0;L;;;;;N;;;;; +154C;CANADIAN SYLLABICS RAA;Lo;0;L;;;;;N;;;;; +154D;CANADIAN SYLLABICS WEST-CREE LA;Lo;0;L;;;;;N;;;;; +154E;CANADIAN SYLLABICS RWAA;Lo;0;L;;;;;N;;;;; +154F;CANADIAN SYLLABICS WEST-CREE RWAA;Lo;0;L;;;;;N;;;;; +1550;CANADIAN SYLLABICS R;Lo;0;L;;;;;N;;;;; +1551;CANADIAN SYLLABICS WEST-CREE R;Lo;0;L;;;;;N;;;;; +1552;CANADIAN SYLLABICS MEDIAL R;Lo;0;L;;;;;N;;;;; +1553;CANADIAN SYLLABICS FE;Lo;0;L;;;;;N;;;;; +1554;CANADIAN SYLLABICS FAAI;Lo;0;L;;;;;N;;;;; +1555;CANADIAN SYLLABICS FI;Lo;0;L;;;;;N;;;;; +1556;CANADIAN SYLLABICS FII;Lo;0;L;;;;;N;;;;; +1557;CANADIAN SYLLABICS FO;Lo;0;L;;;;;N;;;;; +1558;CANADIAN SYLLABICS FOO;Lo;0;L;;;;;N;;;;; +1559;CANADIAN SYLLABICS FA;Lo;0;L;;;;;N;;;;; +155A;CANADIAN SYLLABICS FAA;Lo;0;L;;;;;N;;;;; +155B;CANADIAN SYLLABICS FWAA;Lo;0;L;;;;;N;;;;; +155C;CANADIAN SYLLABICS WEST-CREE FWAA;Lo;0;L;;;;;N;;;;; +155D;CANADIAN SYLLABICS F;Lo;0;L;;;;;N;;;;; +155E;CANADIAN SYLLABICS THE;Lo;0;L;;;;;N;;;;; +155F;CANADIAN SYLLABICS N-CREE THE;Lo;0;L;;;;;N;;;;; +1560;CANADIAN SYLLABICS THI;Lo;0;L;;;;;N;;;;; +1561;CANADIAN SYLLABICS N-CREE THI;Lo;0;L;;;;;N;;;;; +1562;CANADIAN SYLLABICS THII;Lo;0;L;;;;;N;;;;; +1563;CANADIAN SYLLABICS N-CREE THII;Lo;0;L;;;;;N;;;;; +1564;CANADIAN SYLLABICS THO;Lo;0;L;;;;;N;;;;; +1565;CANADIAN SYLLABICS THOO;Lo;0;L;;;;;N;;;;; +1566;CANADIAN SYLLABICS THA;Lo;0;L;;;;;N;;;;; +1567;CANADIAN SYLLABICS THAA;Lo;0;L;;;;;N;;;;; +1568;CANADIAN SYLLABICS THWAA;Lo;0;L;;;;;N;;;;; +1569;CANADIAN SYLLABICS WEST-CREE THWAA;Lo;0;L;;;;;N;;;;; +156A;CANADIAN SYLLABICS TH;Lo;0;L;;;;;N;;;;; +156B;CANADIAN SYLLABICS TTHE;Lo;0;L;;;;;N;;;;; +156C;CANADIAN SYLLABICS TTHI;Lo;0;L;;;;;N;;;;; +156D;CANADIAN SYLLABICS TTHO;Lo;0;L;;;;;N;;;;; +156E;CANADIAN SYLLABICS TTHA;Lo;0;L;;;;;N;;;;; +156F;CANADIAN SYLLABICS TTH;Lo;0;L;;;;;N;;;;; +1570;CANADIAN SYLLABICS TYE;Lo;0;L;;;;;N;;;;; +1571;CANADIAN SYLLABICS TYI;Lo;0;L;;;;;N;;;;; +1572;CANADIAN SYLLABICS TYO;Lo;0;L;;;;;N;;;;; +1573;CANADIAN SYLLABICS TYA;Lo;0;L;;;;;N;;;;; +1574;CANADIAN SYLLABICS NUNAVIK HE;Lo;0;L;;;;;N;;;;; +1575;CANADIAN SYLLABICS NUNAVIK HI;Lo;0;L;;;;;N;;;;; +1576;CANADIAN SYLLABICS NUNAVIK HII;Lo;0;L;;;;;N;;;;; +1577;CANADIAN SYLLABICS NUNAVIK HO;Lo;0;L;;;;;N;;;;; +1578;CANADIAN SYLLABICS NUNAVIK HOO;Lo;0;L;;;;;N;;;;; +1579;CANADIAN SYLLABICS NUNAVIK HA;Lo;0;L;;;;;N;;;;; +157A;CANADIAN SYLLABICS NUNAVIK HAA;Lo;0;L;;;;;N;;;;; +157B;CANADIAN SYLLABICS NUNAVIK H;Lo;0;L;;;;;N;;;;; +157C;CANADIAN SYLLABICS NUNAVUT H;Lo;0;L;;;;;N;;;;; +157D;CANADIAN SYLLABICS HK;Lo;0;L;;;;;N;;;;; +157E;CANADIAN SYLLABICS QAAI;Lo;0;L;;;;;N;;;;; +157F;CANADIAN SYLLABICS QI;Lo;0;L;;;;;N;;;;; +1580;CANADIAN SYLLABICS QII;Lo;0;L;;;;;N;;;;; +1581;CANADIAN SYLLABICS QO;Lo;0;L;;;;;N;;;;; +1582;CANADIAN SYLLABICS QOO;Lo;0;L;;;;;N;;;;; +1583;CANADIAN SYLLABICS QA;Lo;0;L;;;;;N;;;;; +1584;CANADIAN SYLLABICS QAA;Lo;0;L;;;;;N;;;;; +1585;CANADIAN SYLLABICS Q;Lo;0;L;;;;;N;;;;; +1586;CANADIAN SYLLABICS TLHE;Lo;0;L;;;;;N;;;;; +1587;CANADIAN SYLLABICS TLHI;Lo;0;L;;;;;N;;;;; +1588;CANADIAN SYLLABICS TLHO;Lo;0;L;;;;;N;;;;; +1589;CANADIAN SYLLABICS TLHA;Lo;0;L;;;;;N;;;;; +158A;CANADIAN SYLLABICS WEST-CREE RE;Lo;0;L;;;;;N;;;;; +158B;CANADIAN SYLLABICS WEST-CREE RI;Lo;0;L;;;;;N;;;;; +158C;CANADIAN SYLLABICS WEST-CREE RO;Lo;0;L;;;;;N;;;;; +158D;CANADIAN SYLLABICS WEST-CREE RA;Lo;0;L;;;;;N;;;;; +158E;CANADIAN SYLLABICS NGAAI;Lo;0;L;;;;;N;;;;; +158F;CANADIAN SYLLABICS NGI;Lo;0;L;;;;;N;;;;; +1590;CANADIAN SYLLABICS NGII;Lo;0;L;;;;;N;;;;; +1591;CANADIAN SYLLABICS NGO;Lo;0;L;;;;;N;;;;; +1592;CANADIAN SYLLABICS NGOO;Lo;0;L;;;;;N;;;;; +1593;CANADIAN SYLLABICS NGA;Lo;0;L;;;;;N;;;;; +1594;CANADIAN SYLLABICS NGAA;Lo;0;L;;;;;N;;;;; +1595;CANADIAN SYLLABICS NG;Lo;0;L;;;;;N;;;;; +1596;CANADIAN SYLLABICS NNG;Lo;0;L;;;;;N;;;;; +1597;CANADIAN SYLLABICS SAYISI SHE;Lo;0;L;;;;;N;;;;; +1598;CANADIAN SYLLABICS SAYISI SHI;Lo;0;L;;;;;N;;;;; +1599;CANADIAN SYLLABICS SAYISI SHO;Lo;0;L;;;;;N;;;;; +159A;CANADIAN SYLLABICS SAYISI SHA;Lo;0;L;;;;;N;;;;; +159B;CANADIAN SYLLABICS WOODS-CREE THE;Lo;0;L;;;;;N;;;;; +159C;CANADIAN SYLLABICS WOODS-CREE THI;Lo;0;L;;;;;N;;;;; +159D;CANADIAN SYLLABICS WOODS-CREE THO;Lo;0;L;;;;;N;;;;; +159E;CANADIAN SYLLABICS WOODS-CREE THA;Lo;0;L;;;;;N;;;;; +159F;CANADIAN SYLLABICS WOODS-CREE TH;Lo;0;L;;;;;N;;;;; +15A0;CANADIAN SYLLABICS LHI;Lo;0;L;;;;;N;;;;; +15A1;CANADIAN SYLLABICS LHII;Lo;0;L;;;;;N;;;;; +15A2;CANADIAN SYLLABICS LHO;Lo;0;L;;;;;N;;;;; +15A3;CANADIAN SYLLABICS LHOO;Lo;0;L;;;;;N;;;;; +15A4;CANADIAN SYLLABICS LHA;Lo;0;L;;;;;N;;;;; +15A5;CANADIAN SYLLABICS LHAA;Lo;0;L;;;;;N;;;;; +15A6;CANADIAN SYLLABICS LH;Lo;0;L;;;;;N;;;;; +15A7;CANADIAN SYLLABICS TH-CREE THE;Lo;0;L;;;;;N;;;;; +15A8;CANADIAN SYLLABICS TH-CREE THI;Lo;0;L;;;;;N;;;;; +15A9;CANADIAN SYLLABICS TH-CREE THII;Lo;0;L;;;;;N;;;;; +15AA;CANADIAN SYLLABICS TH-CREE THO;Lo;0;L;;;;;N;;;;; +15AB;CANADIAN SYLLABICS TH-CREE THOO;Lo;0;L;;;;;N;;;;; +15AC;CANADIAN SYLLABICS TH-CREE THA;Lo;0;L;;;;;N;;;;; +15AD;CANADIAN SYLLABICS TH-CREE THAA;Lo;0;L;;;;;N;;;;; +15AE;CANADIAN SYLLABICS TH-CREE TH;Lo;0;L;;;;;N;;;;; +15AF;CANADIAN SYLLABICS AIVILIK B;Lo;0;L;;;;;N;;;;; +15B0;CANADIAN SYLLABICS BLACKFOOT E;Lo;0;L;;;;;N;;;;; +15B1;CANADIAN SYLLABICS BLACKFOOT I;Lo;0;L;;;;;N;;;;; +15B2;CANADIAN SYLLABICS BLACKFOOT O;Lo;0;L;;;;;N;;;;; +15B3;CANADIAN SYLLABICS BLACKFOOT A;Lo;0;L;;;;;N;;;;; +15B4;CANADIAN SYLLABICS BLACKFOOT WE;Lo;0;L;;;;;N;;;;; +15B5;CANADIAN SYLLABICS BLACKFOOT WI;Lo;0;L;;;;;N;;;;; +15B6;CANADIAN SYLLABICS BLACKFOOT WO;Lo;0;L;;;;;N;;;;; +15B7;CANADIAN SYLLABICS BLACKFOOT WA;Lo;0;L;;;;;N;;;;; +15B8;CANADIAN SYLLABICS BLACKFOOT NE;Lo;0;L;;;;;N;;;;; +15B9;CANADIAN SYLLABICS BLACKFOOT NI;Lo;0;L;;;;;N;;;;; +15BA;CANADIAN SYLLABICS BLACKFOOT NO;Lo;0;L;;;;;N;;;;; +15BB;CANADIAN SYLLABICS BLACKFOOT NA;Lo;0;L;;;;;N;;;;; +15BC;CANADIAN SYLLABICS BLACKFOOT KE;Lo;0;L;;;;;N;;;;; +15BD;CANADIAN SYLLABICS BLACKFOOT KI;Lo;0;L;;;;;N;;;;; +15BE;CANADIAN SYLLABICS BLACKFOOT KO;Lo;0;L;;;;;N;;;;; +15BF;CANADIAN SYLLABICS BLACKFOOT KA;Lo;0;L;;;;;N;;;;; +15C0;CANADIAN SYLLABICS SAYISI HE;Lo;0;L;;;;;N;;;;; +15C1;CANADIAN SYLLABICS SAYISI HI;Lo;0;L;;;;;N;;;;; +15C2;CANADIAN SYLLABICS SAYISI HO;Lo;0;L;;;;;N;;;;; +15C3;CANADIAN SYLLABICS SAYISI HA;Lo;0;L;;;;;N;;;;; +15C4;CANADIAN SYLLABICS CARRIER GHU;Lo;0;L;;;;;N;;;;; +15C5;CANADIAN SYLLABICS CARRIER GHO;Lo;0;L;;;;;N;;;;; +15C6;CANADIAN SYLLABICS CARRIER GHE;Lo;0;L;;;;;N;;;;; +15C7;CANADIAN SYLLABICS CARRIER GHEE;Lo;0;L;;;;;N;;;;; +15C8;CANADIAN SYLLABICS CARRIER GHI;Lo;0;L;;;;;N;;;;; +15C9;CANADIAN SYLLABICS CARRIER GHA;Lo;0;L;;;;;N;;;;; +15CA;CANADIAN SYLLABICS CARRIER RU;Lo;0;L;;;;;N;;;;; +15CB;CANADIAN SYLLABICS CARRIER RO;Lo;0;L;;;;;N;;;;; +15CC;CANADIAN SYLLABICS CARRIER RE;Lo;0;L;;;;;N;;;;; +15CD;CANADIAN SYLLABICS CARRIER REE;Lo;0;L;;;;;N;;;;; +15CE;CANADIAN SYLLABICS CARRIER RI;Lo;0;L;;;;;N;;;;; +15CF;CANADIAN SYLLABICS CARRIER RA;Lo;0;L;;;;;N;;;;; +15D0;CANADIAN SYLLABICS CARRIER WU;Lo;0;L;;;;;N;;;;; +15D1;CANADIAN SYLLABICS CARRIER WO;Lo;0;L;;;;;N;;;;; +15D2;CANADIAN SYLLABICS CARRIER WE;Lo;0;L;;;;;N;;;;; +15D3;CANADIAN SYLLABICS CARRIER WEE;Lo;0;L;;;;;N;;;;; +15D4;CANADIAN SYLLABICS CARRIER WI;Lo;0;L;;;;;N;;;;; +15D5;CANADIAN SYLLABICS CARRIER WA;Lo;0;L;;;;;N;;;;; +15D6;CANADIAN SYLLABICS CARRIER HWU;Lo;0;L;;;;;N;;;;; +15D7;CANADIAN SYLLABICS CARRIER HWO;Lo;0;L;;;;;N;;;;; +15D8;CANADIAN SYLLABICS CARRIER HWE;Lo;0;L;;;;;N;;;;; +15D9;CANADIAN SYLLABICS CARRIER HWEE;Lo;0;L;;;;;N;;;;; +15DA;CANADIAN SYLLABICS CARRIER HWI;Lo;0;L;;;;;N;;;;; +15DB;CANADIAN SYLLABICS CARRIER HWA;Lo;0;L;;;;;N;;;;; +15DC;CANADIAN SYLLABICS CARRIER THU;Lo;0;L;;;;;N;;;;; +15DD;CANADIAN SYLLABICS CARRIER THO;Lo;0;L;;;;;N;;;;; +15DE;CANADIAN SYLLABICS CARRIER THE;Lo;0;L;;;;;N;;;;; +15DF;CANADIAN SYLLABICS CARRIER THEE;Lo;0;L;;;;;N;;;;; +15E0;CANADIAN SYLLABICS CARRIER THI;Lo;0;L;;;;;N;;;;; +15E1;CANADIAN SYLLABICS CARRIER THA;Lo;0;L;;;;;N;;;;; +15E2;CANADIAN SYLLABICS CARRIER TTU;Lo;0;L;;;;;N;;;;; +15E3;CANADIAN SYLLABICS CARRIER TTO;Lo;0;L;;;;;N;;;;; +15E4;CANADIAN SYLLABICS CARRIER TTE;Lo;0;L;;;;;N;;;;; +15E5;CANADIAN SYLLABICS CARRIER TTEE;Lo;0;L;;;;;N;;;;; +15E6;CANADIAN SYLLABICS CARRIER TTI;Lo;0;L;;;;;N;;;;; +15E7;CANADIAN SYLLABICS CARRIER TTA;Lo;0;L;;;;;N;;;;; +15E8;CANADIAN SYLLABICS CARRIER PU;Lo;0;L;;;;;N;;;;; +15E9;CANADIAN SYLLABICS CARRIER PO;Lo;0;L;;;;;N;;;;; +15EA;CANADIAN SYLLABICS CARRIER PE;Lo;0;L;;;;;N;;;;; +15EB;CANADIAN SYLLABICS CARRIER PEE;Lo;0;L;;;;;N;;;;; +15EC;CANADIAN SYLLABICS CARRIER PI;Lo;0;L;;;;;N;;;;; +15ED;CANADIAN SYLLABICS CARRIER PA;Lo;0;L;;;;;N;;;;; +15EE;CANADIAN SYLLABICS CARRIER P;Lo;0;L;;;;;N;;;;; +15EF;CANADIAN SYLLABICS CARRIER GU;Lo;0;L;;;;;N;;;;; +15F0;CANADIAN SYLLABICS CARRIER GO;Lo;0;L;;;;;N;;;;; +15F1;CANADIAN SYLLABICS CARRIER GE;Lo;0;L;;;;;N;;;;; +15F2;CANADIAN SYLLABICS CARRIER GEE;Lo;0;L;;;;;N;;;;; +15F3;CANADIAN SYLLABICS CARRIER GI;Lo;0;L;;;;;N;;;;; +15F4;CANADIAN SYLLABICS CARRIER GA;Lo;0;L;;;;;N;;;;; +15F5;CANADIAN SYLLABICS CARRIER KHU;Lo;0;L;;;;;N;;;;; +15F6;CANADIAN SYLLABICS CARRIER KHO;Lo;0;L;;;;;N;;;;; +15F7;CANADIAN SYLLABICS CARRIER KHE;Lo;0;L;;;;;N;;;;; +15F8;CANADIAN SYLLABICS CARRIER KHEE;Lo;0;L;;;;;N;;;;; +15F9;CANADIAN SYLLABICS CARRIER KHI;Lo;0;L;;;;;N;;;;; +15FA;CANADIAN SYLLABICS CARRIER KHA;Lo;0;L;;;;;N;;;;; +15FB;CANADIAN SYLLABICS CARRIER KKU;Lo;0;L;;;;;N;;;;; +15FC;CANADIAN SYLLABICS CARRIER KKO;Lo;0;L;;;;;N;;;;; +15FD;CANADIAN SYLLABICS CARRIER KKE;Lo;0;L;;;;;N;;;;; +15FE;CANADIAN SYLLABICS CARRIER KKEE;Lo;0;L;;;;;N;;;;; +15FF;CANADIAN SYLLABICS CARRIER KKI;Lo;0;L;;;;;N;;;;; +1600;CANADIAN SYLLABICS CARRIER KKA;Lo;0;L;;;;;N;;;;; +1601;CANADIAN SYLLABICS CARRIER KK;Lo;0;L;;;;;N;;;;; +1602;CANADIAN SYLLABICS CARRIER NU;Lo;0;L;;;;;N;;;;; +1603;CANADIAN SYLLABICS CARRIER NO;Lo;0;L;;;;;N;;;;; +1604;CANADIAN SYLLABICS CARRIER NE;Lo;0;L;;;;;N;;;;; +1605;CANADIAN SYLLABICS CARRIER NEE;Lo;0;L;;;;;N;;;;; +1606;CANADIAN SYLLABICS CARRIER NI;Lo;0;L;;;;;N;;;;; +1607;CANADIAN SYLLABICS CARRIER NA;Lo;0;L;;;;;N;;;;; +1608;CANADIAN SYLLABICS CARRIER MU;Lo;0;L;;;;;N;;;;; +1609;CANADIAN SYLLABICS CARRIER MO;Lo;0;L;;;;;N;;;;; +160A;CANADIAN SYLLABICS CARRIER ME;Lo;0;L;;;;;N;;;;; +160B;CANADIAN SYLLABICS CARRIER MEE;Lo;0;L;;;;;N;;;;; +160C;CANADIAN SYLLABICS CARRIER MI;Lo;0;L;;;;;N;;;;; +160D;CANADIAN SYLLABICS CARRIER MA;Lo;0;L;;;;;N;;;;; +160E;CANADIAN SYLLABICS CARRIER YU;Lo;0;L;;;;;N;;;;; +160F;CANADIAN SYLLABICS CARRIER YO;Lo;0;L;;;;;N;;;;; +1610;CANADIAN SYLLABICS CARRIER YE;Lo;0;L;;;;;N;;;;; +1611;CANADIAN SYLLABICS CARRIER YEE;Lo;0;L;;;;;N;;;;; +1612;CANADIAN SYLLABICS CARRIER YI;Lo;0;L;;;;;N;;;;; +1613;CANADIAN SYLLABICS CARRIER YA;Lo;0;L;;;;;N;;;;; +1614;CANADIAN SYLLABICS CARRIER JU;Lo;0;L;;;;;N;;;;; +1615;CANADIAN SYLLABICS SAYISI JU;Lo;0;L;;;;;N;;;;; +1616;CANADIAN SYLLABICS CARRIER JO;Lo;0;L;;;;;N;;;;; +1617;CANADIAN SYLLABICS CARRIER JE;Lo;0;L;;;;;N;;;;; +1618;CANADIAN SYLLABICS CARRIER JEE;Lo;0;L;;;;;N;;;;; +1619;CANADIAN SYLLABICS CARRIER JI;Lo;0;L;;;;;N;;;;; +161A;CANADIAN SYLLABICS SAYISI JI;Lo;0;L;;;;;N;;;;; +161B;CANADIAN SYLLABICS CARRIER JA;Lo;0;L;;;;;N;;;;; +161C;CANADIAN SYLLABICS CARRIER JJU;Lo;0;L;;;;;N;;;;; +161D;CANADIAN SYLLABICS CARRIER JJO;Lo;0;L;;;;;N;;;;; +161E;CANADIAN SYLLABICS CARRIER JJE;Lo;0;L;;;;;N;;;;; +161F;CANADIAN SYLLABICS CARRIER JJEE;Lo;0;L;;;;;N;;;;; +1620;CANADIAN SYLLABICS CARRIER JJI;Lo;0;L;;;;;N;;;;; +1621;CANADIAN SYLLABICS CARRIER JJA;Lo;0;L;;;;;N;;;;; +1622;CANADIAN SYLLABICS CARRIER LU;Lo;0;L;;;;;N;;;;; +1623;CANADIAN SYLLABICS CARRIER LO;Lo;0;L;;;;;N;;;;; +1624;CANADIAN SYLLABICS CARRIER LE;Lo;0;L;;;;;N;;;;; +1625;CANADIAN SYLLABICS CARRIER LEE;Lo;0;L;;;;;N;;;;; +1626;CANADIAN SYLLABICS CARRIER LI;Lo;0;L;;;;;N;;;;; +1627;CANADIAN SYLLABICS CARRIER LA;Lo;0;L;;;;;N;;;;; +1628;CANADIAN SYLLABICS CARRIER DLU;Lo;0;L;;;;;N;;;;; +1629;CANADIAN SYLLABICS CARRIER DLO;Lo;0;L;;;;;N;;;;; +162A;CANADIAN SYLLABICS CARRIER DLE;Lo;0;L;;;;;N;;;;; +162B;CANADIAN SYLLABICS CARRIER DLEE;Lo;0;L;;;;;N;;;;; +162C;CANADIAN SYLLABICS CARRIER DLI;Lo;0;L;;;;;N;;;;; +162D;CANADIAN SYLLABICS CARRIER DLA;Lo;0;L;;;;;N;;;;; +162E;CANADIAN SYLLABICS CARRIER LHU;Lo;0;L;;;;;N;;;;; +162F;CANADIAN SYLLABICS CARRIER LHO;Lo;0;L;;;;;N;;;;; +1630;CANADIAN SYLLABICS CARRIER LHE;Lo;0;L;;;;;N;;;;; +1631;CANADIAN SYLLABICS CARRIER LHEE;Lo;0;L;;;;;N;;;;; +1632;CANADIAN SYLLABICS CARRIER LHI;Lo;0;L;;;;;N;;;;; +1633;CANADIAN SYLLABICS CARRIER LHA;Lo;0;L;;;;;N;;;;; +1634;CANADIAN SYLLABICS CARRIER TLHU;Lo;0;L;;;;;N;;;;; +1635;CANADIAN SYLLABICS CARRIER TLHO;Lo;0;L;;;;;N;;;;; +1636;CANADIAN SYLLABICS CARRIER TLHE;Lo;0;L;;;;;N;;;;; +1637;CANADIAN SYLLABICS CARRIER TLHEE;Lo;0;L;;;;;N;;;;; +1638;CANADIAN SYLLABICS CARRIER TLHI;Lo;0;L;;;;;N;;;;; +1639;CANADIAN SYLLABICS CARRIER TLHA;Lo;0;L;;;;;N;;;;; +163A;CANADIAN SYLLABICS CARRIER TLU;Lo;0;L;;;;;N;;;;; +163B;CANADIAN SYLLABICS CARRIER TLO;Lo;0;L;;;;;N;;;;; +163C;CANADIAN SYLLABICS CARRIER TLE;Lo;0;L;;;;;N;;;;; +163D;CANADIAN SYLLABICS CARRIER TLEE;Lo;0;L;;;;;N;;;;; +163E;CANADIAN SYLLABICS CARRIER TLI;Lo;0;L;;;;;N;;;;; +163F;CANADIAN SYLLABICS CARRIER TLA;Lo;0;L;;;;;N;;;;; +1640;CANADIAN SYLLABICS CARRIER ZU;Lo;0;L;;;;;N;;;;; +1641;CANADIAN SYLLABICS CARRIER ZO;Lo;0;L;;;;;N;;;;; +1642;CANADIAN SYLLABICS CARRIER ZE;Lo;0;L;;;;;N;;;;; +1643;CANADIAN SYLLABICS CARRIER ZEE;Lo;0;L;;;;;N;;;;; +1644;CANADIAN SYLLABICS CARRIER ZI;Lo;0;L;;;;;N;;;;; +1645;CANADIAN SYLLABICS CARRIER ZA;Lo;0;L;;;;;N;;;;; +1646;CANADIAN SYLLABICS CARRIER Z;Lo;0;L;;;;;N;;;;; +1647;CANADIAN SYLLABICS CARRIER INITIAL Z;Lo;0;L;;;;;N;;;;; +1648;CANADIAN SYLLABICS CARRIER DZU;Lo;0;L;;;;;N;;;;; +1649;CANADIAN SYLLABICS CARRIER DZO;Lo;0;L;;;;;N;;;;; +164A;CANADIAN SYLLABICS CARRIER DZE;Lo;0;L;;;;;N;;;;; +164B;CANADIAN SYLLABICS CARRIER DZEE;Lo;0;L;;;;;N;;;;; +164C;CANADIAN SYLLABICS CARRIER DZI;Lo;0;L;;;;;N;;;;; +164D;CANADIAN SYLLABICS CARRIER DZA;Lo;0;L;;;;;N;;;;; +164E;CANADIAN SYLLABICS CARRIER SU;Lo;0;L;;;;;N;;;;; +164F;CANADIAN SYLLABICS CARRIER SO;Lo;0;L;;;;;N;;;;; +1650;CANADIAN SYLLABICS CARRIER SE;Lo;0;L;;;;;N;;;;; +1651;CANADIAN SYLLABICS CARRIER SEE;Lo;0;L;;;;;N;;;;; +1652;CANADIAN SYLLABICS CARRIER SI;Lo;0;L;;;;;N;;;;; +1653;CANADIAN SYLLABICS CARRIER SA;Lo;0;L;;;;;N;;;;; +1654;CANADIAN SYLLABICS CARRIER SHU;Lo;0;L;;;;;N;;;;; +1655;CANADIAN SYLLABICS CARRIER SHO;Lo;0;L;;;;;N;;;;; +1656;CANADIAN SYLLABICS CARRIER SHE;Lo;0;L;;;;;N;;;;; +1657;CANADIAN SYLLABICS CARRIER SHEE;Lo;0;L;;;;;N;;;;; +1658;CANADIAN SYLLABICS CARRIER SHI;Lo;0;L;;;;;N;;;;; +1659;CANADIAN SYLLABICS CARRIER SHA;Lo;0;L;;;;;N;;;;; +165A;CANADIAN SYLLABICS CARRIER SH;Lo;0;L;;;;;N;;;;; +165B;CANADIAN SYLLABICS CARRIER TSU;Lo;0;L;;;;;N;;;;; +165C;CANADIAN SYLLABICS CARRIER TSO;Lo;0;L;;;;;N;;;;; +165D;CANADIAN SYLLABICS CARRIER TSE;Lo;0;L;;;;;N;;;;; +165E;CANADIAN SYLLABICS CARRIER TSEE;Lo;0;L;;;;;N;;;;; +165F;CANADIAN SYLLABICS CARRIER TSI;Lo;0;L;;;;;N;;;;; +1660;CANADIAN SYLLABICS CARRIER TSA;Lo;0;L;;;;;N;;;;; +1661;CANADIAN SYLLABICS CARRIER CHU;Lo;0;L;;;;;N;;;;; +1662;CANADIAN SYLLABICS CARRIER CHO;Lo;0;L;;;;;N;;;;; +1663;CANADIAN SYLLABICS CARRIER CHE;Lo;0;L;;;;;N;;;;; +1664;CANADIAN SYLLABICS CARRIER CHEE;Lo;0;L;;;;;N;;;;; +1665;CANADIAN SYLLABICS CARRIER CHI;Lo;0;L;;;;;N;;;;; +1666;CANADIAN SYLLABICS CARRIER CHA;Lo;0;L;;;;;N;;;;; +1667;CANADIAN SYLLABICS CARRIER TTSU;Lo;0;L;;;;;N;;;;; +1668;CANADIAN SYLLABICS CARRIER TTSO;Lo;0;L;;;;;N;;;;; +1669;CANADIAN SYLLABICS CARRIER TTSE;Lo;0;L;;;;;N;;;;; +166A;CANADIAN SYLLABICS CARRIER TTSEE;Lo;0;L;;;;;N;;;;; +166B;CANADIAN SYLLABICS CARRIER TTSI;Lo;0;L;;;;;N;;;;; +166C;CANADIAN SYLLABICS CARRIER TTSA;Lo;0;L;;;;;N;;;;; +166D;CANADIAN SYLLABICS CHI SIGN;Po;0;L;;;;;N;;;;; +166E;CANADIAN SYLLABICS FULL STOP;Po;0;L;;;;;N;;;;; +166F;CANADIAN SYLLABICS QAI;Lo;0;L;;;;;N;;;;; +1670;CANADIAN SYLLABICS NGAI;Lo;0;L;;;;;N;;;;; +1671;CANADIAN SYLLABICS NNGI;Lo;0;L;;;;;N;;;;; +1672;CANADIAN SYLLABICS NNGII;Lo;0;L;;;;;N;;;;; +1673;CANADIAN SYLLABICS NNGO;Lo;0;L;;;;;N;;;;; +1674;CANADIAN SYLLABICS NNGOO;Lo;0;L;;;;;N;;;;; +1675;CANADIAN SYLLABICS NNGA;Lo;0;L;;;;;N;;;;; +1676;CANADIAN SYLLABICS NNGAA;Lo;0;L;;;;;N;;;;; +1680;OGHAM SPACE MARK;Zs;0;WS;;;;;N;;;;; +1681;OGHAM LETTER BEITH;Lo;0;L;;;;;N;;;;; +1682;OGHAM LETTER LUIS;Lo;0;L;;;;;N;;;;; +1683;OGHAM LETTER FEARN;Lo;0;L;;;;;N;;;;; +1684;OGHAM LETTER SAIL;Lo;0;L;;;;;N;;;;; +1685;OGHAM LETTER NION;Lo;0;L;;;;;N;;;;; +1686;OGHAM LETTER UATH;Lo;0;L;;;;;N;;;;; +1687;OGHAM LETTER DAIR;Lo;0;L;;;;;N;;;;; +1688;OGHAM LETTER TINNE;Lo;0;L;;;;;N;;;;; +1689;OGHAM LETTER COLL;Lo;0;L;;;;;N;;;;; +168A;OGHAM LETTER CEIRT;Lo;0;L;;;;;N;;;;; +168B;OGHAM LETTER MUIN;Lo;0;L;;;;;N;;;;; +168C;OGHAM LETTER GORT;Lo;0;L;;;;;N;;;;; +168D;OGHAM LETTER NGEADAL;Lo;0;L;;;;;N;;;;; +168E;OGHAM LETTER STRAIF;Lo;0;L;;;;;N;;;;; +168F;OGHAM LETTER RUIS;Lo;0;L;;;;;N;;;;; +1690;OGHAM LETTER AILM;Lo;0;L;;;;;N;;;;; +1691;OGHAM LETTER ONN;Lo;0;L;;;;;N;;;;; +1692;OGHAM LETTER UR;Lo;0;L;;;;;N;;;;; +1693;OGHAM LETTER EADHADH;Lo;0;L;;;;;N;;;;; +1694;OGHAM LETTER IODHADH;Lo;0;L;;;;;N;;;;; +1695;OGHAM LETTER EABHADH;Lo;0;L;;;;;N;;;;; +1696;OGHAM LETTER OR;Lo;0;L;;;;;N;;;;; +1697;OGHAM LETTER UILLEANN;Lo;0;L;;;;;N;;;;; +1698;OGHAM LETTER IFIN;Lo;0;L;;;;;N;;;;; +1699;OGHAM LETTER EAMHANCHOLL;Lo;0;L;;;;;N;;;;; +169A;OGHAM LETTER PEITH;Lo;0;L;;;;;N;;;;; +169B;OGHAM FEATHER MARK;Ps;0;ON;;;;;N;;;;; +169C;OGHAM REVERSED FEATHER MARK;Pe;0;ON;;;;;N;;;;; +16A0;RUNIC LETTER FEHU FEOH FE F;Lo;0;L;;;;;N;;;;; +16A1;RUNIC LETTER V;Lo;0;L;;;;;N;;;;; +16A2;RUNIC LETTER URUZ UR U;Lo;0;L;;;;;N;;;;; +16A3;RUNIC LETTER YR;Lo;0;L;;;;;N;;;;; +16A4;RUNIC LETTER Y;Lo;0;L;;;;;N;;;;; +16A5;RUNIC LETTER W;Lo;0;L;;;;;N;;;;; +16A6;RUNIC LETTER THURISAZ THURS THORN;Lo;0;L;;;;;N;;;;; +16A7;RUNIC LETTER ETH;Lo;0;L;;;;;N;;;;; +16A8;RUNIC LETTER ANSUZ A;Lo;0;L;;;;;N;;;;; +16A9;RUNIC LETTER OS O;Lo;0;L;;;;;N;;;;; +16AA;RUNIC LETTER AC A;Lo;0;L;;;;;N;;;;; +16AB;RUNIC LETTER AESC;Lo;0;L;;;;;N;;;;; +16AC;RUNIC LETTER LONG-BRANCH-OSS O;Lo;0;L;;;;;N;;;;; +16AD;RUNIC LETTER SHORT-TWIG-OSS O;Lo;0;L;;;;;N;;;;; +16AE;RUNIC LETTER O;Lo;0;L;;;;;N;;;;; +16AF;RUNIC LETTER OE;Lo;0;L;;;;;N;;;;; +16B0;RUNIC LETTER ON;Lo;0;L;;;;;N;;;;; +16B1;RUNIC LETTER RAIDO RAD REID R;Lo;0;L;;;;;N;;;;; +16B2;RUNIC LETTER KAUNA;Lo;0;L;;;;;N;;;;; +16B3;RUNIC LETTER CEN;Lo;0;L;;;;;N;;;;; +16B4;RUNIC LETTER KAUN K;Lo;0;L;;;;;N;;;;; +16B5;RUNIC LETTER G;Lo;0;L;;;;;N;;;;; +16B6;RUNIC LETTER ENG;Lo;0;L;;;;;N;;;;; +16B7;RUNIC LETTER GEBO GYFU G;Lo;0;L;;;;;N;;;;; +16B8;RUNIC LETTER GAR;Lo;0;L;;;;;N;;;;; +16B9;RUNIC LETTER WUNJO WYNN W;Lo;0;L;;;;;N;;;;; +16BA;RUNIC LETTER HAGLAZ H;Lo;0;L;;;;;N;;;;; +16BB;RUNIC LETTER HAEGL H;Lo;0;L;;;;;N;;;;; +16BC;RUNIC LETTER LONG-BRANCH-HAGALL H;Lo;0;L;;;;;N;;;;; +16BD;RUNIC LETTER SHORT-TWIG-HAGALL H;Lo;0;L;;;;;N;;;;; +16BE;RUNIC LETTER NAUDIZ NYD NAUD N;Lo;0;L;;;;;N;;;;; +16BF;RUNIC LETTER SHORT-TWIG-NAUD N;Lo;0;L;;;;;N;;;;; +16C0;RUNIC LETTER DOTTED-N;Lo;0;L;;;;;N;;;;; +16C1;RUNIC LETTER ISAZ IS ISS I;Lo;0;L;;;;;N;;;;; +16C2;RUNIC LETTER E;Lo;0;L;;;;;N;;;;; +16C3;RUNIC LETTER JERAN J;Lo;0;L;;;;;N;;;;; +16C4;RUNIC LETTER GER;Lo;0;L;;;;;N;;;;; +16C5;RUNIC LETTER LONG-BRANCH-AR AE;Lo;0;L;;;;;N;;;;; +16C6;RUNIC LETTER SHORT-TWIG-AR A;Lo;0;L;;;;;N;;;;; +16C7;RUNIC LETTER IWAZ EOH;Lo;0;L;;;;;N;;;;; +16C8;RUNIC LETTER PERTHO PEORTH P;Lo;0;L;;;;;N;;;;; +16C9;RUNIC LETTER ALGIZ EOLHX;Lo;0;L;;;;;N;;;;; +16CA;RUNIC LETTER SOWILO S;Lo;0;L;;;;;N;;;;; +16CB;RUNIC LETTER SIGEL LONG-BRANCH-SOL S;Lo;0;L;;;;;N;;;;; +16CC;RUNIC LETTER SHORT-TWIG-SOL S;Lo;0;L;;;;;N;;;;; +16CD;RUNIC LETTER C;Lo;0;L;;;;;N;;;;; +16CE;RUNIC LETTER Z;Lo;0;L;;;;;N;;;;; +16CF;RUNIC LETTER TIWAZ TIR TYR T;Lo;0;L;;;;;N;;;;; +16D0;RUNIC LETTER SHORT-TWIG-TYR T;Lo;0;L;;;;;N;;;;; +16D1;RUNIC LETTER D;Lo;0;L;;;;;N;;;;; +16D2;RUNIC LETTER BERKANAN BEORC BJARKAN B;Lo;0;L;;;;;N;;;;; +16D3;RUNIC LETTER SHORT-TWIG-BJARKAN B;Lo;0;L;;;;;N;;;;; +16D4;RUNIC LETTER DOTTED-P;Lo;0;L;;;;;N;;;;; +16D5;RUNIC LETTER OPEN-P;Lo;0;L;;;;;N;;;;; +16D6;RUNIC LETTER EHWAZ EH E;Lo;0;L;;;;;N;;;;; +16D7;RUNIC LETTER MANNAZ MAN M;Lo;0;L;;;;;N;;;;; +16D8;RUNIC LETTER LONG-BRANCH-MADR M;Lo;0;L;;;;;N;;;;; +16D9;RUNIC LETTER SHORT-TWIG-MADR M;Lo;0;L;;;;;N;;;;; +16DA;RUNIC LETTER LAUKAZ LAGU LOGR L;Lo;0;L;;;;;N;;;;; +16DB;RUNIC LETTER DOTTED-L;Lo;0;L;;;;;N;;;;; +16DC;RUNIC LETTER INGWAZ;Lo;0;L;;;;;N;;;;; +16DD;RUNIC LETTER ING;Lo;0;L;;;;;N;;;;; +16DE;RUNIC LETTER DAGAZ DAEG D;Lo;0;L;;;;;N;;;;; +16DF;RUNIC LETTER OTHALAN ETHEL O;Lo;0;L;;;;;N;;;;; +16E0;RUNIC LETTER EAR;Lo;0;L;;;;;N;;;;; +16E1;RUNIC LETTER IOR;Lo;0;L;;;;;N;;;;; +16E2;RUNIC LETTER CWEORTH;Lo;0;L;;;;;N;;;;; +16E3;RUNIC LETTER CALC;Lo;0;L;;;;;N;;;;; +16E4;RUNIC LETTER CEALC;Lo;0;L;;;;;N;;;;; +16E5;RUNIC LETTER STAN;Lo;0;L;;;;;N;;;;; +16E6;RUNIC LETTER LONG-BRANCH-YR;Lo;0;L;;;;;N;;;;; +16E7;RUNIC LETTER SHORT-TWIG-YR;Lo;0;L;;;;;N;;;;; +16E8;RUNIC LETTER ICELANDIC-YR;Lo;0;L;;;;;N;;;;; +16E9;RUNIC LETTER Q;Lo;0;L;;;;;N;;;;; +16EA;RUNIC LETTER X;Lo;0;L;;;;;N;;;;; +16EB;RUNIC SINGLE PUNCTUATION;Po;0;L;;;;;N;;;;; +16EC;RUNIC MULTIPLE PUNCTUATION;Po;0;L;;;;;N;;;;; +16ED;RUNIC CROSS PUNCTUATION;Po;0;L;;;;;N;;;;; +16EE;RUNIC ARLAUG SYMBOL;Nl;0;L;;;;17;N;;golden number 17;;; +16EF;RUNIC TVIMADUR SYMBOL;Nl;0;L;;;;18;N;;golden number 18;;; +16F0;RUNIC BELGTHOR SYMBOL;Nl;0;L;;;;19;N;;golden number 19;;; +1700;TAGALOG LETTER A;Lo;0;L;;;;;N;;;;; +1701;TAGALOG LETTER I;Lo;0;L;;;;;N;;;;; +1702;TAGALOG LETTER U;Lo;0;L;;;;;N;;;;; +1703;TAGALOG LETTER KA;Lo;0;L;;;;;N;;;;; +1704;TAGALOG LETTER GA;Lo;0;L;;;;;N;;;;; +1705;TAGALOG LETTER NGA;Lo;0;L;;;;;N;;;;; +1706;TAGALOG LETTER TA;Lo;0;L;;;;;N;;;;; +1707;TAGALOG LETTER DA;Lo;0;L;;;;;N;;;;; +1708;TAGALOG LETTER NA;Lo;0;L;;;;;N;;;;; +1709;TAGALOG LETTER PA;Lo;0;L;;;;;N;;;;; +170A;TAGALOG LETTER BA;Lo;0;L;;;;;N;;;;; +170B;TAGALOG LETTER MA;Lo;0;L;;;;;N;;;;; +170C;TAGALOG LETTER YA;Lo;0;L;;;;;N;;;;; +170E;TAGALOG LETTER LA;Lo;0;L;;;;;N;;;;; +170F;TAGALOG LETTER WA;Lo;0;L;;;;;N;;;;; +1710;TAGALOG LETTER SA;Lo;0;L;;;;;N;;;;; +1711;TAGALOG LETTER HA;Lo;0;L;;;;;N;;;;; +1712;TAGALOG VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +1713;TAGALOG VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +1714;TAGALOG SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +1720;HANUNOO LETTER A;Lo;0;L;;;;;N;;;;; +1721;HANUNOO LETTER I;Lo;0;L;;;;;N;;;;; +1722;HANUNOO LETTER U;Lo;0;L;;;;;N;;;;; +1723;HANUNOO LETTER KA;Lo;0;L;;;;;N;;;;; +1724;HANUNOO LETTER GA;Lo;0;L;;;;;N;;;;; +1725;HANUNOO LETTER NGA;Lo;0;L;;;;;N;;;;; +1726;HANUNOO LETTER TA;Lo;0;L;;;;;N;;;;; +1727;HANUNOO LETTER DA;Lo;0;L;;;;;N;;;;; +1728;HANUNOO LETTER NA;Lo;0;L;;;;;N;;;;; +1729;HANUNOO LETTER PA;Lo;0;L;;;;;N;;;;; +172A;HANUNOO LETTER BA;Lo;0;L;;;;;N;;;;; +172B;HANUNOO LETTER MA;Lo;0;L;;;;;N;;;;; +172C;HANUNOO LETTER YA;Lo;0;L;;;;;N;;;;; +172D;HANUNOO LETTER RA;Lo;0;L;;;;;N;;;;; +172E;HANUNOO LETTER LA;Lo;0;L;;;;;N;;;;; +172F;HANUNOO LETTER WA;Lo;0;L;;;;;N;;;;; +1730;HANUNOO LETTER SA;Lo;0;L;;;;;N;;;;; +1731;HANUNOO LETTER HA;Lo;0;L;;;;;N;;;;; +1732;HANUNOO VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +1733;HANUNOO VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +1734;HANUNOO SIGN PAMUDPOD;Mn;9;NSM;;;;;N;;;;; +1735;PHILIPPINE SINGLE PUNCTUATION;Po;0;L;;;;;N;;;;; +1736;PHILIPPINE DOUBLE PUNCTUATION;Po;0;L;;;;;N;;;;; +1740;BUHID LETTER A;Lo;0;L;;;;;N;;;;; +1741;BUHID LETTER I;Lo;0;L;;;;;N;;;;; +1742;BUHID LETTER U;Lo;0;L;;;;;N;;;;; +1743;BUHID LETTER KA;Lo;0;L;;;;;N;;;;; +1744;BUHID LETTER GA;Lo;0;L;;;;;N;;;;; +1745;BUHID LETTER NGA;Lo;0;L;;;;;N;;;;; +1746;BUHID LETTER TA;Lo;0;L;;;;;N;;;;; +1747;BUHID LETTER DA;Lo;0;L;;;;;N;;;;; +1748;BUHID LETTER NA;Lo;0;L;;;;;N;;;;; +1749;BUHID LETTER PA;Lo;0;L;;;;;N;;;;; +174A;BUHID LETTER BA;Lo;0;L;;;;;N;;;;; +174B;BUHID LETTER MA;Lo;0;L;;;;;N;;;;; +174C;BUHID LETTER YA;Lo;0;L;;;;;N;;;;; +174D;BUHID LETTER RA;Lo;0;L;;;;;N;;;;; +174E;BUHID LETTER LA;Lo;0;L;;;;;N;;;;; +174F;BUHID LETTER WA;Lo;0;L;;;;;N;;;;; +1750;BUHID LETTER SA;Lo;0;L;;;;;N;;;;; +1751;BUHID LETTER HA;Lo;0;L;;;;;N;;;;; +1752;BUHID VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +1753;BUHID VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +1760;TAGBANWA LETTER A;Lo;0;L;;;;;N;;;;; +1761;TAGBANWA LETTER I;Lo;0;L;;;;;N;;;;; +1762;TAGBANWA LETTER U;Lo;0;L;;;;;N;;;;; +1763;TAGBANWA LETTER KA;Lo;0;L;;;;;N;;;;; +1764;TAGBANWA LETTER GA;Lo;0;L;;;;;N;;;;; +1765;TAGBANWA LETTER NGA;Lo;0;L;;;;;N;;;;; +1766;TAGBANWA LETTER TA;Lo;0;L;;;;;N;;;;; +1767;TAGBANWA LETTER DA;Lo;0;L;;;;;N;;;;; +1768;TAGBANWA LETTER NA;Lo;0;L;;;;;N;;;;; +1769;TAGBANWA LETTER PA;Lo;0;L;;;;;N;;;;; +176A;TAGBANWA LETTER BA;Lo;0;L;;;;;N;;;;; +176B;TAGBANWA LETTER MA;Lo;0;L;;;;;N;;;;; +176C;TAGBANWA LETTER YA;Lo;0;L;;;;;N;;;;; +176E;TAGBANWA LETTER LA;Lo;0;L;;;;;N;;;;; +176F;TAGBANWA LETTER WA;Lo;0;L;;;;;N;;;;; +1770;TAGBANWA LETTER SA;Lo;0;L;;;;;N;;;;; +1772;TAGBANWA VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +1773;TAGBANWA VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +1780;KHMER LETTER KA;Lo;0;L;;;;;N;;;;; +1781;KHMER LETTER KHA;Lo;0;L;;;;;N;;;;; +1782;KHMER LETTER KO;Lo;0;L;;;;;N;;;;; +1783;KHMER LETTER KHO;Lo;0;L;;;;;N;;;;; +1784;KHMER LETTER NGO;Lo;0;L;;;;;N;;;;; +1785;KHMER LETTER CA;Lo;0;L;;;;;N;;;;; +1786;KHMER LETTER CHA;Lo;0;L;;;;;N;;;;; +1787;KHMER LETTER CO;Lo;0;L;;;;;N;;;;; +1788;KHMER LETTER CHO;Lo;0;L;;;;;N;;;;; +1789;KHMER LETTER NYO;Lo;0;L;;;;;N;;;;; +178A;KHMER LETTER DA;Lo;0;L;;;;;N;;;;; +178B;KHMER LETTER TTHA;Lo;0;L;;;;;N;;;;; +178C;KHMER LETTER DO;Lo;0;L;;;;;N;;;;; +178D;KHMER LETTER TTHO;Lo;0;L;;;;;N;;;;; +178E;KHMER LETTER NNO;Lo;0;L;;;;;N;;;;; +178F;KHMER LETTER TA;Lo;0;L;;;;;N;;;;; +1790;KHMER LETTER THA;Lo;0;L;;;;;N;;;;; +1791;KHMER LETTER TO;Lo;0;L;;;;;N;;;;; +1792;KHMER LETTER THO;Lo;0;L;;;;;N;;;;; +1793;KHMER LETTER NO;Lo;0;L;;;;;N;;;;; +1794;KHMER LETTER BA;Lo;0;L;;;;;N;;;;; +1795;KHMER LETTER PHA;Lo;0;L;;;;;N;;;;; +1796;KHMER LETTER PO;Lo;0;L;;;;;N;;;;; +1797;KHMER LETTER PHO;Lo;0;L;;;;;N;;;;; +1798;KHMER LETTER MO;Lo;0;L;;;;;N;;;;; +1799;KHMER LETTER YO;Lo;0;L;;;;;N;;;;; +179A;KHMER LETTER RO;Lo;0;L;;;;;N;;;;; +179B;KHMER LETTER LO;Lo;0;L;;;;;N;;;;; +179C;KHMER LETTER VO;Lo;0;L;;;;;N;;;;; +179D;KHMER LETTER SHA;Lo;0;L;;;;;N;;;;; +179E;KHMER LETTER SSO;Lo;0;L;;;;;N;;;;; +179F;KHMER LETTER SA;Lo;0;L;;;;;N;;;;; +17A0;KHMER LETTER HA;Lo;0;L;;;;;N;;;;; +17A1;KHMER LETTER LA;Lo;0;L;;;;;N;;;;; +17A2;KHMER LETTER QA;Lo;0;L;;;;;N;;;;; +17A3;KHMER INDEPENDENT VOWEL QAQ;Lo;0;L;;;;;N;;*;;; +17A4;KHMER INDEPENDENT VOWEL QAA;Lo;0;L;;;;;N;;*;;; +17A5;KHMER INDEPENDENT VOWEL QI;Lo;0;L;;;;;N;;;;; +17A6;KHMER INDEPENDENT VOWEL QII;Lo;0;L;;;;;N;;;;; +17A7;KHMER INDEPENDENT VOWEL QU;Lo;0;L;;;;;N;;;;; +17A8;KHMER INDEPENDENT VOWEL QUK;Lo;0;L;;;;;N;;;;; +17A9;KHMER INDEPENDENT VOWEL QUU;Lo;0;L;;;;;N;;;;; +17AA;KHMER INDEPENDENT VOWEL QUUV;Lo;0;L;;;;;N;;;;; +17AB;KHMER INDEPENDENT VOWEL RY;Lo;0;L;;;;;N;;;;; +17AC;KHMER INDEPENDENT VOWEL RYY;Lo;0;L;;;;;N;;;;; +17AD;KHMER INDEPENDENT VOWEL LY;Lo;0;L;;;;;N;;;;; +17AE;KHMER INDEPENDENT VOWEL LYY;Lo;0;L;;;;;N;;;;; +17AF;KHMER INDEPENDENT VOWEL QE;Lo;0;L;;;;;N;;;;; +17B0;KHMER INDEPENDENT VOWEL QAI;Lo;0;L;;;;;N;;;;; +17B1;KHMER INDEPENDENT VOWEL QOO TYPE ONE;Lo;0;L;;;;;N;;;;; +17B2;KHMER INDEPENDENT VOWEL QOO TYPE TWO;Lo;0;L;;;;;N;;;;; +17B3;KHMER INDEPENDENT VOWEL QAU;Lo;0;L;;;;;N;;;;; +17B4;KHMER VOWEL INHERENT AQ;Cf;0;L;;;;;N;;*;;; +17B5;KHMER VOWEL INHERENT AA;Cf;0;L;;;;;N;;*;;; +17B6;KHMER VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +17B7;KHMER VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +17B8;KHMER VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;; +17B9;KHMER VOWEL SIGN Y;Mn;0;NSM;;;;;N;;;;; +17BA;KHMER VOWEL SIGN YY;Mn;0;NSM;;;;;N;;;;; +17BB;KHMER VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +17BC;KHMER VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;; +17BD;KHMER VOWEL SIGN UA;Mn;0;NSM;;;;;N;;;;; +17BE;KHMER VOWEL SIGN OE;Mc;0;L;;;;;N;;;;; +17BF;KHMER VOWEL SIGN YA;Mc;0;L;;;;;N;;;;; +17C0;KHMER VOWEL SIGN IE;Mc;0;L;;;;;N;;;;; +17C1;KHMER VOWEL SIGN E;Mc;0;L;;;;;N;;;;; +17C2;KHMER VOWEL SIGN AE;Mc;0;L;;;;;N;;;;; +17C3;KHMER VOWEL SIGN AI;Mc;0;L;;;;;N;;;;; +17C4;KHMER VOWEL SIGN OO;Mc;0;L;;;;;N;;;;; +17C5;KHMER VOWEL SIGN AU;Mc;0;L;;;;;N;;;;; +17C6;KHMER SIGN NIKAHIT;Mn;0;NSM;;;;;N;;;;; +17C7;KHMER SIGN REAHMUK;Mc;0;L;;;;;N;;;;; +17C8;KHMER SIGN YUUKALEAPINTU;Mc;0;L;;;;;N;;;;; +17C9;KHMER SIGN MUUSIKATOAN;Mn;0;NSM;;;;;N;;;;; +17CA;KHMER SIGN TRIISAP;Mn;0;NSM;;;;;N;;;;; +17CB;KHMER SIGN BANTOC;Mn;0;NSM;;;;;N;;;;; +17CC;KHMER SIGN ROBAT;Mn;0;NSM;;;;;N;;;;; +17CD;KHMER SIGN TOANDAKHIAT;Mn;0;NSM;;;;;N;;;;; +17CE;KHMER SIGN KAKABAT;Mn;0;NSM;;;;;N;;;;; +17CF;KHMER SIGN AHSDA;Mn;0;NSM;;;;;N;;;;; +17D0;KHMER SIGN SAMYOK SANNYA;Mn;0;NSM;;;;;N;;;;; +17D1;KHMER SIGN VIRIAM;Mn;0;NSM;;;;;N;;;;; +17D2;KHMER SIGN COENG;Mn;9;NSM;;;;;N;;;;; +17D3;KHMER SIGN BATHAMASAT;Mn;0;NSM;;;;;N;;*;;; +17D4;KHMER SIGN KHAN;Po;0;L;;;;;N;;;;; +17D5;KHMER SIGN BARIYOOSAN;Po;0;L;;;;;N;;;;; +17D6;KHMER SIGN CAMNUC PII KUUH;Po;0;L;;;;;N;;;;; +17D7;KHMER SIGN LEK TOO;Lm;0;L;;;;;N;;;;; +17D8;KHMER SIGN BEYYAL;Po;0;L;;;;;N;;*;;; +17D9;KHMER SIGN PHNAEK MUAN;Po;0;L;;;;;N;;;;; +17DA;KHMER SIGN KOOMUUT;Po;0;L;;;;;N;;;;; +17DB;KHMER CURRENCY SYMBOL RIEL;Sc;0;ET;;;;;N;;;;; +17DC;KHMER SIGN AVAKRAHASANYA;Lo;0;L;;;;;N;;;;; +17DD;KHMER SIGN ATTHACAN;Mn;230;NSM;;;;;N;;;;; +17E0;KHMER DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +17E1;KHMER DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +17E2;KHMER DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +17E3;KHMER DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +17E4;KHMER DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +17E5;KHMER DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +17E6;KHMER DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +17E7;KHMER DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +17E8;KHMER DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +17E9;KHMER DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +17F0;KHMER SYMBOL LEK ATTAK SON;No;0;ON;;;;0;N;;;;; +17F1;KHMER SYMBOL LEK ATTAK MUOY;No;0;ON;;;;1;N;;;;; +17F2;KHMER SYMBOL LEK ATTAK PII;No;0;ON;;;;2;N;;;;; +17F3;KHMER SYMBOL LEK ATTAK BEI;No;0;ON;;;;3;N;;;;; +17F4;KHMER SYMBOL LEK ATTAK BUON;No;0;ON;;;;4;N;;;;; +17F5;KHMER SYMBOL LEK ATTAK PRAM;No;0;ON;;;;5;N;;;;; +17F6;KHMER SYMBOL LEK ATTAK PRAM-MUOY;No;0;ON;;;;6;N;;;;; +17F7;KHMER SYMBOL LEK ATTAK PRAM-PII;No;0;ON;;;;7;N;;;;; +17F8;KHMER SYMBOL LEK ATTAK PRAM-BEI;No;0;ON;;;;8;N;;;;; +17F9;KHMER SYMBOL LEK ATTAK PRAM-BUON;No;0;ON;;;;9;N;;;;; +1800;MONGOLIAN BIRGA;Po;0;ON;;;;;N;;;;; +1801;MONGOLIAN ELLIPSIS;Po;0;ON;;;;;N;;;;; +1802;MONGOLIAN COMMA;Po;0;ON;;;;;N;;;;; +1803;MONGOLIAN FULL STOP;Po;0;ON;;;;;N;;;;; +1804;MONGOLIAN COLON;Po;0;ON;;;;;N;;;;; +1805;MONGOLIAN FOUR DOTS;Po;0;ON;;;;;N;;;;; +1806;MONGOLIAN TODO SOFT HYPHEN;Pd;0;ON;;;;;N;;;;; +1807;MONGOLIAN SIBE SYLLABLE BOUNDARY MARKER;Po;0;ON;;;;;N;;;;; +1808;MONGOLIAN MANCHU COMMA;Po;0;ON;;;;;N;;;;; +1809;MONGOLIAN MANCHU FULL STOP;Po;0;ON;;;;;N;;;;; +180A;MONGOLIAN NIRUGU;Po;0;ON;;;;;N;;;;; +180B;MONGOLIAN FREE VARIATION SELECTOR ONE;Mn;0;NSM;;;;;N;;;;; +180C;MONGOLIAN FREE VARIATION SELECTOR TWO;Mn;0;NSM;;;;;N;;;;; +180D;MONGOLIAN FREE VARIATION SELECTOR THREE;Mn;0;NSM;;;;;N;;;;; +180E;MONGOLIAN VOWEL SEPARATOR;Zs;0;WS;;;;;N;;;;; +1810;MONGOLIAN DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +1811;MONGOLIAN DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +1812;MONGOLIAN DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +1813;MONGOLIAN DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +1814;MONGOLIAN DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +1815;MONGOLIAN DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +1816;MONGOLIAN DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +1817;MONGOLIAN DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +1818;MONGOLIAN DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +1819;MONGOLIAN DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +1820;MONGOLIAN LETTER A;Lo;0;L;;;;;N;;;;; +1821;MONGOLIAN LETTER E;Lo;0;L;;;;;N;;;;; +1822;MONGOLIAN LETTER I;Lo;0;L;;;;;N;;;;; +1823;MONGOLIAN LETTER O;Lo;0;L;;;;;N;;;;; +1824;MONGOLIAN LETTER U;Lo;0;L;;;;;N;;;;; +1825;MONGOLIAN LETTER OE;Lo;0;L;;;;;N;;;;; +1826;MONGOLIAN LETTER UE;Lo;0;L;;;;;N;;;;; +1827;MONGOLIAN LETTER EE;Lo;0;L;;;;;N;;;;; +1828;MONGOLIAN LETTER NA;Lo;0;L;;;;;N;;;;; +1829;MONGOLIAN LETTER ANG;Lo;0;L;;;;;N;;;;; +182A;MONGOLIAN LETTER BA;Lo;0;L;;;;;N;;;;; +182B;MONGOLIAN LETTER PA;Lo;0;L;;;;;N;;;;; +182C;MONGOLIAN LETTER QA;Lo;0;L;;;;;N;;;;; +182D;MONGOLIAN LETTER GA;Lo;0;L;;;;;N;;;;; +182E;MONGOLIAN LETTER MA;Lo;0;L;;;;;N;;;;; +182F;MONGOLIAN LETTER LA;Lo;0;L;;;;;N;;;;; +1830;MONGOLIAN LETTER SA;Lo;0;L;;;;;N;;;;; +1831;MONGOLIAN LETTER SHA;Lo;0;L;;;;;N;;;;; +1832;MONGOLIAN LETTER TA;Lo;0;L;;;;;N;;;;; +1833;MONGOLIAN LETTER DA;Lo;0;L;;;;;N;;;;; +1834;MONGOLIAN LETTER CHA;Lo;0;L;;;;;N;;;;; +1835;MONGOLIAN LETTER JA;Lo;0;L;;;;;N;;;;; +1836;MONGOLIAN LETTER YA;Lo;0;L;;;;;N;;;;; +1837;MONGOLIAN LETTER RA;Lo;0;L;;;;;N;;;;; +1838;MONGOLIAN LETTER WA;Lo;0;L;;;;;N;;;;; +1839;MONGOLIAN LETTER FA;Lo;0;L;;;;;N;;;;; +183A;MONGOLIAN LETTER KA;Lo;0;L;;;;;N;;;;; +183B;MONGOLIAN LETTER KHA;Lo;0;L;;;;;N;;;;; +183C;MONGOLIAN LETTER TSA;Lo;0;L;;;;;N;;;;; +183D;MONGOLIAN LETTER ZA;Lo;0;L;;;;;N;;;;; +183E;MONGOLIAN LETTER HAA;Lo;0;L;;;;;N;;;;; +183F;MONGOLIAN LETTER ZRA;Lo;0;L;;;;;N;;;;; +1840;MONGOLIAN LETTER LHA;Lo;0;L;;;;;N;;;;; +1841;MONGOLIAN LETTER ZHI;Lo;0;L;;;;;N;;;;; +1842;MONGOLIAN LETTER CHI;Lo;0;L;;;;;N;;;;; +1843;MONGOLIAN LETTER TODO LONG VOWEL SIGN;Lm;0;L;;;;;N;;;;; +1844;MONGOLIAN LETTER TODO E;Lo;0;L;;;;;N;;;;; +1845;MONGOLIAN LETTER TODO I;Lo;0;L;;;;;N;;;;; +1846;MONGOLIAN LETTER TODO O;Lo;0;L;;;;;N;;;;; +1847;MONGOLIAN LETTER TODO U;Lo;0;L;;;;;N;;;;; +1848;MONGOLIAN LETTER TODO OE;Lo;0;L;;;;;N;;;;; +1849;MONGOLIAN LETTER TODO UE;Lo;0;L;;;;;N;;;;; +184A;MONGOLIAN LETTER TODO ANG;Lo;0;L;;;;;N;;;;; +184B;MONGOLIAN LETTER TODO BA;Lo;0;L;;;;;N;;;;; +184C;MONGOLIAN LETTER TODO PA;Lo;0;L;;;;;N;;;;; +184D;MONGOLIAN LETTER TODO QA;Lo;0;L;;;;;N;;;;; +184E;MONGOLIAN LETTER TODO GA;Lo;0;L;;;;;N;;;;; +184F;MONGOLIAN LETTER TODO MA;Lo;0;L;;;;;N;;;;; +1850;MONGOLIAN LETTER TODO TA;Lo;0;L;;;;;N;;;;; +1851;MONGOLIAN LETTER TODO DA;Lo;0;L;;;;;N;;;;; +1852;MONGOLIAN LETTER TODO CHA;Lo;0;L;;;;;N;;;;; +1853;MONGOLIAN LETTER TODO JA;Lo;0;L;;;;;N;;;;; +1854;MONGOLIAN LETTER TODO TSA;Lo;0;L;;;;;N;;;;; +1855;MONGOLIAN LETTER TODO YA;Lo;0;L;;;;;N;;;;; +1856;MONGOLIAN LETTER TODO WA;Lo;0;L;;;;;N;;;;; +1857;MONGOLIAN LETTER TODO KA;Lo;0;L;;;;;N;;;;; +1858;MONGOLIAN LETTER TODO GAA;Lo;0;L;;;;;N;;;;; +1859;MONGOLIAN LETTER TODO HAA;Lo;0;L;;;;;N;;;;; +185A;MONGOLIAN LETTER TODO JIA;Lo;0;L;;;;;N;;;;; +185B;MONGOLIAN LETTER TODO NIA;Lo;0;L;;;;;N;;;;; +185C;MONGOLIAN LETTER TODO DZA;Lo;0;L;;;;;N;;;;; +185D;MONGOLIAN LETTER SIBE E;Lo;0;L;;;;;N;;;;; +185E;MONGOLIAN LETTER SIBE I;Lo;0;L;;;;;N;;;;; +185F;MONGOLIAN LETTER SIBE IY;Lo;0;L;;;;;N;;;;; +1860;MONGOLIAN LETTER SIBE UE;Lo;0;L;;;;;N;;;;; +1861;MONGOLIAN LETTER SIBE U;Lo;0;L;;;;;N;;;;; +1862;MONGOLIAN LETTER SIBE ANG;Lo;0;L;;;;;N;;;;; +1863;MONGOLIAN LETTER SIBE KA;Lo;0;L;;;;;N;;;;; +1864;MONGOLIAN LETTER SIBE GA;Lo;0;L;;;;;N;;;;; +1865;MONGOLIAN LETTER SIBE HA;Lo;0;L;;;;;N;;;;; +1866;MONGOLIAN LETTER SIBE PA;Lo;0;L;;;;;N;;;;; +1867;MONGOLIAN LETTER SIBE SHA;Lo;0;L;;;;;N;;;;; +1868;MONGOLIAN LETTER SIBE TA;Lo;0;L;;;;;N;;;;; +1869;MONGOLIAN LETTER SIBE DA;Lo;0;L;;;;;N;;;;; +186A;MONGOLIAN LETTER SIBE JA;Lo;0;L;;;;;N;;;;; +186B;MONGOLIAN LETTER SIBE FA;Lo;0;L;;;;;N;;;;; +186C;MONGOLIAN LETTER SIBE GAA;Lo;0;L;;;;;N;;;;; +186D;MONGOLIAN LETTER SIBE HAA;Lo;0;L;;;;;N;;;;; +186E;MONGOLIAN LETTER SIBE TSA;Lo;0;L;;;;;N;;;;; +186F;MONGOLIAN LETTER SIBE ZA;Lo;0;L;;;;;N;;;;; +1870;MONGOLIAN LETTER SIBE RAA;Lo;0;L;;;;;N;;;;; +1871;MONGOLIAN LETTER SIBE CHA;Lo;0;L;;;;;N;;;;; +1872;MONGOLIAN LETTER SIBE ZHA;Lo;0;L;;;;;N;;;;; +1873;MONGOLIAN LETTER MANCHU I;Lo;0;L;;;;;N;;;;; +1874;MONGOLIAN LETTER MANCHU KA;Lo;0;L;;;;;N;;;;; +1875;MONGOLIAN LETTER MANCHU RA;Lo;0;L;;;;;N;;;;; +1876;MONGOLIAN LETTER MANCHU FA;Lo;0;L;;;;;N;;;;; +1877;MONGOLIAN LETTER MANCHU ZHA;Lo;0;L;;;;;N;;;;; +1880;MONGOLIAN LETTER ALI GALI ANUSVARA ONE;Lo;0;L;;;;;N;;;;; +1881;MONGOLIAN LETTER ALI GALI VISARGA ONE;Lo;0;L;;;;;N;;;;; +1882;MONGOLIAN LETTER ALI GALI DAMARU;Lo;0;L;;;;;N;;;;; +1883;MONGOLIAN LETTER ALI GALI UBADAMA;Lo;0;L;;;;;N;;;;; +1884;MONGOLIAN LETTER ALI GALI INVERTED UBADAMA;Lo;0;L;;;;;N;;;;; +1885;MONGOLIAN LETTER ALI GALI BALUDA;Lo;0;L;;;;;N;;;;; +1886;MONGOLIAN LETTER ALI GALI THREE BALUDA;Lo;0;L;;;;;N;;;;; +1887;MONGOLIAN LETTER ALI GALI A;Lo;0;L;;;;;N;;;;; +1888;MONGOLIAN LETTER ALI GALI I;Lo;0;L;;;;;N;;;;; +1889;MONGOLIAN LETTER ALI GALI KA;Lo;0;L;;;;;N;;;;; +188A;MONGOLIAN LETTER ALI GALI NGA;Lo;0;L;;;;;N;;;;; +188B;MONGOLIAN LETTER ALI GALI CA;Lo;0;L;;;;;N;;;;; +188C;MONGOLIAN LETTER ALI GALI TTA;Lo;0;L;;;;;N;;;;; +188D;MONGOLIAN LETTER ALI GALI TTHA;Lo;0;L;;;;;N;;;;; +188E;MONGOLIAN LETTER ALI GALI DDA;Lo;0;L;;;;;N;;;;; +188F;MONGOLIAN LETTER ALI GALI NNA;Lo;0;L;;;;;N;;;;; +1890;MONGOLIAN LETTER ALI GALI TA;Lo;0;L;;;;;N;;;;; +1891;MONGOLIAN LETTER ALI GALI DA;Lo;0;L;;;;;N;;;;; +1892;MONGOLIAN LETTER ALI GALI PA;Lo;0;L;;;;;N;;;;; +1893;MONGOLIAN LETTER ALI GALI PHA;Lo;0;L;;;;;N;;;;; +1894;MONGOLIAN LETTER ALI GALI SSA;Lo;0;L;;;;;N;;;;; +1895;MONGOLIAN LETTER ALI GALI ZHA;Lo;0;L;;;;;N;;;;; +1896;MONGOLIAN LETTER ALI GALI ZA;Lo;0;L;;;;;N;;;;; +1897;MONGOLIAN LETTER ALI GALI AH;Lo;0;L;;;;;N;;;;; +1898;MONGOLIAN LETTER TODO ALI GALI TA;Lo;0;L;;;;;N;;;;; +1899;MONGOLIAN LETTER TODO ALI GALI ZHA;Lo;0;L;;;;;N;;;;; +189A;MONGOLIAN LETTER MANCHU ALI GALI GHA;Lo;0;L;;;;;N;;;;; +189B;MONGOLIAN LETTER MANCHU ALI GALI NGA;Lo;0;L;;;;;N;;;;; +189C;MONGOLIAN LETTER MANCHU ALI GALI CA;Lo;0;L;;;;;N;;;;; +189D;MONGOLIAN LETTER MANCHU ALI GALI JHA;Lo;0;L;;;;;N;;;;; +189E;MONGOLIAN LETTER MANCHU ALI GALI TTA;Lo;0;L;;;;;N;;;;; +189F;MONGOLIAN LETTER MANCHU ALI GALI DDHA;Lo;0;L;;;;;N;;;;; +18A0;MONGOLIAN LETTER MANCHU ALI GALI TA;Lo;0;L;;;;;N;;;;; +18A1;MONGOLIAN LETTER MANCHU ALI GALI DHA;Lo;0;L;;;;;N;;;;; +18A2;MONGOLIAN LETTER MANCHU ALI GALI SSA;Lo;0;L;;;;;N;;;;; +18A3;MONGOLIAN LETTER MANCHU ALI GALI CYA;Lo;0;L;;;;;N;;;;; +18A4;MONGOLIAN LETTER MANCHU ALI GALI ZHA;Lo;0;L;;;;;N;;;;; +18A5;MONGOLIAN LETTER MANCHU ALI GALI ZA;Lo;0;L;;;;;N;;;;; +18A6;MONGOLIAN LETTER ALI GALI HALF U;Lo;0;L;;;;;N;;;;; +18A7;MONGOLIAN LETTER ALI GALI HALF YA;Lo;0;L;;;;;N;;;;; +18A8;MONGOLIAN LETTER MANCHU ALI GALI BHA;Lo;0;L;;;;;N;;;;; +18A9;MONGOLIAN LETTER ALI GALI DAGALGA;Mn;228;NSM;;;;;N;;;;; +1900;LIMBU VOWEL-CARRIER LETTER;Lo;0;L;;;;;N;;;;; +1901;LIMBU LETTER KA;Lo;0;L;;;;;N;;;;; +1902;LIMBU LETTER KHA;Lo;0;L;;;;;N;;;;; +1903;LIMBU LETTER GA;Lo;0;L;;;;;N;;;;; +1904;LIMBU LETTER GHA;Lo;0;L;;;;;N;;;;; +1905;LIMBU LETTER NGA;Lo;0;L;;;;;N;;;;; +1906;LIMBU LETTER CA;Lo;0;L;;;;;N;;;;; +1907;LIMBU LETTER CHA;Lo;0;L;;;;;N;;;;; +1908;LIMBU LETTER JA;Lo;0;L;;;;;N;;;;; +1909;LIMBU LETTER JHA;Lo;0;L;;;;;N;;;;; +190A;LIMBU LETTER YAN;Lo;0;L;;;;;N;;;;; +190B;LIMBU LETTER TA;Lo;0;L;;;;;N;;;;; +190C;LIMBU LETTER THA;Lo;0;L;;;;;N;;;;; +190D;LIMBU LETTER DA;Lo;0;L;;;;;N;;;;; +190E;LIMBU LETTER DHA;Lo;0;L;;;;;N;;;;; +190F;LIMBU LETTER NA;Lo;0;L;;;;;N;;;;; +1910;LIMBU LETTER PA;Lo;0;L;;;;;N;;;;; +1911;LIMBU LETTER PHA;Lo;0;L;;;;;N;;;;; +1912;LIMBU LETTER BA;Lo;0;L;;;;;N;;;;; +1913;LIMBU LETTER BHA;Lo;0;L;;;;;N;;;;; +1914;LIMBU LETTER MA;Lo;0;L;;;;;N;;;;; +1915;LIMBU LETTER YA;Lo;0;L;;;;;N;;;;; +1916;LIMBU LETTER RA;Lo;0;L;;;;;N;;;;; +1917;LIMBU LETTER LA;Lo;0;L;;;;;N;;;;; +1918;LIMBU LETTER WA;Lo;0;L;;;;;N;;;;; +1919;LIMBU LETTER SHA;Lo;0;L;;;;;N;;;;; +191A;LIMBU LETTER SSA;Lo;0;L;;;;;N;;;;; +191B;LIMBU LETTER SA;Lo;0;L;;;;;N;;;;; +191C;LIMBU LETTER HA;Lo;0;L;;;;;N;;;;; +1920;LIMBU VOWEL SIGN A;Mn;0;NSM;;;;;N;;;;; +1921;LIMBU VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +1922;LIMBU VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +1923;LIMBU VOWEL SIGN EE;Mc;0;L;;;;;N;;;;; +1924;LIMBU VOWEL SIGN AI;Mc;0;L;;;;;N;;;;; +1925;LIMBU VOWEL SIGN OO;Mc;0;L;;;;;N;;;;; +1926;LIMBU VOWEL SIGN AU;Mc;0;L;;;;;N;;;;; +1927;LIMBU VOWEL SIGN E;Mn;0;NSM;;;;;N;;;;; +1928;LIMBU VOWEL SIGN O;Mn;0;NSM;;;;;N;;;;; +1929;LIMBU SUBJOINED LETTER YA;Mc;0;NSM;;;;;N;;;;; +192A;LIMBU SUBJOINED LETTER RA;Mc;0;NSM;;;;;N;;;;; +192B;LIMBU SUBJOINED LETTER WA;Mc;0;NSM;;;;;N;;;;; +1930;LIMBU SMALL LETTER KA;Mc;0;L;;;;;N;;;;; +1931;LIMBU SMALL LETTER NGA;Mc;0;L;;;;;N;;;;; +1932;LIMBU SMALL LETTER ANUSVARA;Mn;0;NSM;;;;;N;;;;; +1933;LIMBU SMALL LETTER TA;Mc;0;L;;;;;N;;;;; +1934;LIMBU SMALL LETTER NA;Mc;0;L;;;;;N;;;;; +1935;LIMBU SMALL LETTER PA;Mc;0;L;;;;;N;;;;; +1936;LIMBU SMALL LETTER MA;Mc;0;L;;;;;N;;;;; +1937;LIMBU SMALL LETTER RA;Mc;0;L;;;;;N;;;;; +1938;LIMBU SMALL LETTER LA;Mc;0;L;;;;;N;;;;; +1939;LIMBU SIGN MUKPHRENG;Mn;222;NSM;;;;;N;;;;; +193A;LIMBU SIGN KEMPHRENG;Mn;230;NSM;;;;;N;;;;; +193B;LIMBU SIGN SA-I;Mn;220;NSM;;;;;N;;;;; +1940;LIMBU SIGN LOO;So;0;ON;;;;;N;;;;; +1944;LIMBU EXCLAMATION MARK;Po;0;ON;;;;;N;;;;; +1945;LIMBU QUESTION MARK;Po;0;ON;;;;;N;;;;; +1946;LIMBU DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +1947;LIMBU DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +1948;LIMBU DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +1949;LIMBU DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +194A;LIMBU DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +194B;LIMBU DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +194C;LIMBU DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +194D;LIMBU DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +194E;LIMBU DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +194F;LIMBU DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +1950;TAI LE LETTER KA;Lo;0;L;;;;;N;;;;; +1951;TAI LE LETTER XA;Lo;0;L;;;;;N;;;;; +1952;TAI LE LETTER NGA;Lo;0;L;;;;;N;;;;; +1953;TAI LE LETTER TSA;Lo;0;L;;;;;N;;;;; +1954;TAI LE LETTER SA;Lo;0;L;;;;;N;;;;; +1955;TAI LE LETTER YA;Lo;0;L;;;;;N;;;;; +1956;TAI LE LETTER TA;Lo;0;L;;;;;N;;;;; +1957;TAI LE LETTER THA;Lo;0;L;;;;;N;;;;; +1958;TAI LE LETTER LA;Lo;0;L;;;;;N;;;;; +1959;TAI LE LETTER PA;Lo;0;L;;;;;N;;;;; +195A;TAI LE LETTER PHA;Lo;0;L;;;;;N;;;;; +195B;TAI LE LETTER MA;Lo;0;L;;;;;N;;;;; +195C;TAI LE LETTER FA;Lo;0;L;;;;;N;;;;; +195D;TAI LE LETTER VA;Lo;0;L;;;;;N;;;;; +195E;TAI LE LETTER HA;Lo;0;L;;;;;N;;;;; +195F;TAI LE LETTER QA;Lo;0;L;;;;;N;;;;; +1960;TAI LE LETTER KHA;Lo;0;L;;;;;N;;;;; +1961;TAI LE LETTER TSHA;Lo;0;L;;;;;N;;;;; +1962;TAI LE LETTER NA;Lo;0;L;;;;;N;;;;; +1963;TAI LE LETTER A;Lo;0;L;;;;;N;;;;; +1964;TAI LE LETTER I;Lo;0;L;;;;;N;;;;; +1965;TAI LE LETTER EE;Lo;0;L;;;;;N;;;;; +1966;TAI LE LETTER EH;Lo;0;L;;;;;N;;;;; +1967;TAI LE LETTER U;Lo;0;L;;;;;N;;;;; +1968;TAI LE LETTER OO;Lo;0;L;;;;;N;;;;; +1969;TAI LE LETTER O;Lo;0;L;;;;;N;;;;; +196A;TAI LE LETTER UE;Lo;0;L;;;;;N;;;;; +196B;TAI LE LETTER E;Lo;0;L;;;;;N;;;;; +196C;TAI LE LETTER AUE;Lo;0;L;;;;;N;;;;; +196D;TAI LE LETTER AI;Lo;0;L;;;;;N;;;;; +1970;TAI LE LETTER TONE-2;Lo;0;L;;;;;N;;;;; +1971;TAI LE LETTER TONE-3;Lo;0;L;;;;;N;;;;; +1972;TAI LE LETTER TONE-4;Lo;0;L;;;;;N;;;;; +1973;TAI LE LETTER TONE-5;Lo;0;L;;;;;N;;;;; +1974;TAI LE LETTER TONE-6;Lo;0;L;;;;;N;;;;; +19E0;KHMER SYMBOL PATHAMASAT;So;0;ON;;;;;N;;;;; +19E1;KHMER SYMBOL MUOY KOET;So;0;ON;;;;;N;;;;; +19E2;KHMER SYMBOL PII KOET;So;0;ON;;;;;N;;;;; +19E3;KHMER SYMBOL BEI KOET;So;0;ON;;;;;N;;;;; +19E4;KHMER SYMBOL BUON KOET;So;0;ON;;;;;N;;;;; +19E5;KHMER SYMBOL PRAM KOET;So;0;ON;;;;;N;;;;; +19E6;KHMER SYMBOL PRAM-MUOY KOET;So;0;ON;;;;;N;;;;; +19E7;KHMER SYMBOL PRAM-PII KOET;So;0;ON;;;;;N;;;;; +19E8;KHMER SYMBOL PRAM-BEI KOET;So;0;ON;;;;;N;;;;; +19E9;KHMER SYMBOL PRAM-BUON KOET;So;0;ON;;;;;N;;;;; +19EA;KHMER SYMBOL DAP KOET;So;0;ON;;;;;N;;;;; +19EB;KHMER SYMBOL DAP-MUOY KOET;So;0;ON;;;;;N;;;;; +19EC;KHMER SYMBOL DAP-PII KOET;So;0;ON;;;;;N;;;;; +19ED;KHMER SYMBOL DAP-BEI KOET;So;0;ON;;;;;N;;;;; +19EE;KHMER SYMBOL DAP-BUON KOET;So;0;ON;;;;;N;;;;; +19EF;KHMER SYMBOL DAP-PRAM KOET;So;0;ON;;;;;N;;;;; +19F0;KHMER SYMBOL TUTEYASAT;So;0;ON;;;;;N;;;;; +19F1;KHMER SYMBOL MUOY ROC;So;0;ON;;;;;N;;;;; +19F2;KHMER SYMBOL PII ROC;So;0;ON;;;;;N;;;;; +19F3;KHMER SYMBOL BEI ROC;So;0;ON;;;;;N;;;;; +19F4;KHMER SYMBOL BUON ROC;So;0;ON;;;;;N;;;;; +19F5;KHMER SYMBOL PRAM ROC;So;0;ON;;;;;N;;;;; +19F6;KHMER SYMBOL PRAM-MUOY ROC;So;0;ON;;;;;N;;;;; +19F7;KHMER SYMBOL PRAM-PII ROC;So;0;ON;;;;;N;;;;; +19F8;KHMER SYMBOL PRAM-BEI ROC;So;0;ON;;;;;N;;;;; +19F9;KHMER SYMBOL PRAM-BUON ROC;So;0;ON;;;;;N;;;;; +19FA;KHMER SYMBOL DAP ROC;So;0;ON;;;;;N;;;;; +19FB;KHMER SYMBOL DAP-MUOY ROC;So;0;ON;;;;;N;;;;; +19FC;KHMER SYMBOL DAP-PII ROC;So;0;ON;;;;;N;;;;; +19FD;KHMER SYMBOL DAP-BEI ROC;So;0;ON;;;;;N;;;;; +19FE;KHMER SYMBOL DAP-BUON ROC;So;0;ON;;;;;N;;;;; +19FF;KHMER SYMBOL DAP-PRAM ROC;So;0;ON;;;;;N;;;;; +1D00;LATIN LETTER SMALL CAPITAL A;Ll;0;L;;;;;N;;;;; +1D01;LATIN LETTER SMALL CAPITAL AE;Ll;0;L;;;;;N;;;;; +1D02;LATIN SMALL LETTER TURNED AE;Ll;0;L;;;;;N;;;;; +1D03;LATIN LETTER SMALL CAPITAL BARRED B;Ll;0;L;;;;;N;;;;; +1D04;LATIN LETTER SMALL CAPITAL C;Ll;0;L;;;;;N;;;;; +1D05;LATIN LETTER SMALL CAPITAL D;Ll;0;L;;;;;N;;;;; +1D06;LATIN LETTER SMALL CAPITAL ETH;Ll;0;L;;;;;N;;;;; +1D07;LATIN LETTER SMALL CAPITAL E;Ll;0;L;;;;;N;;;;; +1D08;LATIN SMALL LETTER TURNED OPEN E;Ll;0;L;;;;;N;;;;; +1D09;LATIN SMALL LETTER TURNED I;Ll;0;L;;;;;N;;;;; +1D0A;LATIN LETTER SMALL CAPITAL J;Ll;0;L;;;;;N;;;;; +1D0B;LATIN LETTER SMALL CAPITAL K;Ll;0;L;;;;;N;;;;; +1D0C;LATIN LETTER SMALL CAPITAL L WITH STROKE;Ll;0;L;;;;;N;;;;; +1D0D;LATIN LETTER SMALL CAPITAL M;Ll;0;L;;;;;N;;;;; +1D0E;LATIN LETTER SMALL CAPITAL REVERSED N;Ll;0;L;;;;;N;;;;; +1D0F;LATIN LETTER SMALL CAPITAL O;Ll;0;L;;;;;N;;;;; +1D10;LATIN LETTER SMALL CAPITAL OPEN O;Ll;0;L;;;;;N;;;;; +1D11;LATIN SMALL LETTER SIDEWAYS O;Ll;0;L;;;;;N;;;;; +1D12;LATIN SMALL LETTER SIDEWAYS OPEN O;Ll;0;L;;;;;N;;;;; +1D13;LATIN SMALL LETTER SIDEWAYS O WITH STROKE;Ll;0;L;;;;;N;;;;; +1D14;LATIN SMALL LETTER TURNED OE;Ll;0;L;;;;;N;;;;; +1D15;LATIN LETTER SMALL CAPITAL OU;Ll;0;L;;;;;N;;;;; +1D16;LATIN SMALL LETTER TOP HALF O;Ll;0;L;;;;;N;;;;; +1D17;LATIN SMALL LETTER BOTTOM HALF O;Ll;0;L;;;;;N;;;;; +1D18;LATIN LETTER SMALL CAPITAL P;Ll;0;L;;;;;N;;;;; +1D19;LATIN LETTER SMALL CAPITAL REVERSED R;Ll;0;L;;;;;N;;;;; +1D1A;LATIN LETTER SMALL CAPITAL TURNED R;Ll;0;L;;;;;N;;;;; +1D1B;LATIN LETTER SMALL CAPITAL T;Ll;0;L;;;;;N;;;;; +1D1C;LATIN LETTER SMALL CAPITAL U;Ll;0;L;;;;;N;;;;; +1D1D;LATIN SMALL LETTER SIDEWAYS U;Ll;0;L;;;;;N;;;;; +1D1E;LATIN SMALL LETTER SIDEWAYS DIAERESIZED U;Ll;0;L;;;;;N;;;;; +1D1F;LATIN SMALL LETTER SIDEWAYS TURNED M;Ll;0;L;;;;;N;;;;; +1D20;LATIN LETTER SMALL CAPITAL V;Ll;0;L;;;;;N;;;;; +1D21;LATIN LETTER SMALL CAPITAL W;Ll;0;L;;;;;N;;;;; +1D22;LATIN LETTER SMALL CAPITAL Z;Ll;0;L;;;;;N;;;;; +1D23;LATIN LETTER SMALL CAPITAL EZH;Ll;0;L;;;;;N;;;;; +1D24;LATIN LETTER VOICED LARYNGEAL SPIRANT;Ll;0;L;;;;;N;;;;; +1D25;LATIN LETTER AIN;Ll;0;L;;;;;N;;;;; +1D26;GREEK LETTER SMALL CAPITAL GAMMA;Ll;0;L;;;;;N;;;;; +1D27;GREEK LETTER SMALL CAPITAL LAMDA;Ll;0;L;;;;;N;;;;; +1D28;GREEK LETTER SMALL CAPITAL PI;Ll;0;L;;;;;N;;;;; +1D29;GREEK LETTER SMALL CAPITAL RHO;Ll;0;L;;;;;N;;;;; +1D2A;GREEK LETTER SMALL CAPITAL PSI;Ll;0;L;;;;;N;;;;; +1D2B;CYRILLIC LETTER SMALL CAPITAL EL;Ll;0;L;;;;;N;;;;; +1D2C;MODIFIER LETTER CAPITAL A;Lm;0;L; 0041;;;;N;;;;; +1D2D;MODIFIER LETTER CAPITAL AE;Lm;0;L; 00C6;;;;N;;;;; +1D2E;MODIFIER LETTER CAPITAL B;Lm;0;L; 0042;;;;N;;;;; +1D2F;MODIFIER LETTER CAPITAL BARRED B;Lm;0;L;;;;;N;;;;; +1D30;MODIFIER LETTER CAPITAL D;Lm;0;L; 0044;;;;N;;;;; +1D31;MODIFIER LETTER CAPITAL E;Lm;0;L; 0045;;;;N;;;;; +1D32;MODIFIER LETTER CAPITAL REVERSED E;Lm;0;L; 018E;;;;N;;;;; +1D33;MODIFIER LETTER CAPITAL G;Lm;0;L; 0047;;;;N;;;;; +1D34;MODIFIER LETTER CAPITAL H;Lm;0;L; 0048;;;;N;;;;; +1D35;MODIFIER LETTER CAPITAL I;Lm;0;L; 0049;;;;N;;;;; +1D36;MODIFIER LETTER CAPITAL J;Lm;0;L; 004A;;;;N;;;;; +1D37;MODIFIER LETTER CAPITAL K;Lm;0;L; 004B;;;;N;;;;; +1D38;MODIFIER LETTER CAPITAL L;Lm;0;L; 004C;;;;N;;;;; +1D39;MODIFIER LETTER CAPITAL M;Lm;0;L; 004D;;;;N;;;;; +1D3A;MODIFIER LETTER CAPITAL N;Lm;0;L; 004E;;;;N;;;;; +1D3B;MODIFIER LETTER CAPITAL REVERSED N;Lm;0;L;;;;;N;;;;; +1D3C;MODIFIER LETTER CAPITAL O;Lm;0;L; 004F;;;;N;;;;; +1D3D;MODIFIER LETTER CAPITAL OU;Lm;0;L; 0222;;;;N;;;;; +1D3E;MODIFIER LETTER CAPITAL P;Lm;0;L; 0050;;;;N;;;;; +1D3F;MODIFIER LETTER CAPITAL R;Lm;0;L; 0052;;;;N;;;;; +1D40;MODIFIER LETTER CAPITAL T;Lm;0;L; 0054;;;;N;;;;; +1D41;MODIFIER LETTER CAPITAL U;Lm;0;L; 0055;;;;N;;;;; +1D42;MODIFIER LETTER CAPITAL W;Lm;0;L; 0057;;;;N;;;;; +1D43;MODIFIER LETTER SMALL A;Lm;0;L; 0061;;;;N;;;;; +1D44;MODIFIER LETTER SMALL TURNED A;Lm;0;L; 0250;;;;N;;;;; +1D45;MODIFIER LETTER SMALL ALPHA;Lm;0;L; 0251;;;;N;;;;; +1D46;MODIFIER LETTER SMALL TURNED AE;Lm;0;L; 1D02;;;;N;;;;; +1D47;MODIFIER LETTER SMALL B;Lm;0;L; 0062;;;;N;;;;; +1D48;MODIFIER LETTER SMALL D;Lm;0;L; 0064;;;;N;;;;; +1D49;MODIFIER LETTER SMALL E;Lm;0;L; 0065;;;;N;;;;; +1D4A;MODIFIER LETTER SMALL SCHWA;Lm;0;L; 0259;;;;N;;;;; +1D4B;MODIFIER LETTER SMALL OPEN E;Lm;0;L; 025B;;;;N;;;;; +1D4C;MODIFIER LETTER SMALL TURNED OPEN E;Lm;0;L; 025C;;;;N;;;;; +1D4D;MODIFIER LETTER SMALL G;Lm;0;L; 0067;;;;N;;;;; +1D4E;MODIFIER LETTER SMALL TURNED I;Lm;0;L;;;;;N;;;;; +1D4F;MODIFIER LETTER SMALL K;Lm;0;L; 006B;;;;N;;;;; +1D50;MODIFIER LETTER SMALL M;Lm;0;L; 006D;;;;N;;;;; +1D51;MODIFIER LETTER SMALL ENG;Lm;0;L; 014B;;;;N;;;;; +1D52;MODIFIER LETTER SMALL O;Lm;0;L; 006F;;;;N;;;;; +1D53;MODIFIER LETTER SMALL OPEN O;Lm;0;L; 0254;;;;N;;;;; +1D54;MODIFIER LETTER SMALL TOP HALF O;Lm;0;L; 1D16;;;;N;;;;; +1D55;MODIFIER LETTER SMALL BOTTOM HALF O;Lm;0;L; 1D17;;;;N;;;;; +1D56;MODIFIER LETTER SMALL P;Lm;0;L; 0070;;;;N;;;;; +1D57;MODIFIER LETTER SMALL T;Lm;0;L; 0074;;;;N;;;;; +1D58;MODIFIER LETTER SMALL U;Lm;0;L; 0075;;;;N;;;;; +1D59;MODIFIER LETTER SMALL SIDEWAYS U;Lm;0;L; 1D1D;;;;N;;;;; +1D5A;MODIFIER LETTER SMALL TURNED M;Lm;0;L; 026F;;;;N;;;;; +1D5B;MODIFIER LETTER SMALL V;Lm;0;L; 0076;;;;N;;;;; +1D5C;MODIFIER LETTER SMALL AIN;Lm;0;L; 1D25;;;;N;;;;; +1D5D;MODIFIER LETTER SMALL BETA;Lm;0;L; 03B2;;;;N;;;;; +1D5E;MODIFIER LETTER SMALL GREEK GAMMA;Lm;0;L; 03B3;;;;N;;;;; +1D5F;MODIFIER LETTER SMALL DELTA;Lm;0;L; 03B4;;;;N;;;;; +1D60;MODIFIER LETTER SMALL GREEK PHI;Lm;0;L; 03C6;;;;N;;;;; +1D61;MODIFIER LETTER SMALL CHI;Lm;0;L; 03C7;;;;N;;;;; +1D62;LATIN SUBSCRIPT SMALL LETTER I;Ll;0;L; 0069;;;;N;;;;; +1D63;LATIN SUBSCRIPT SMALL LETTER R;Ll;0;L; 0072;;;;N;;;;; +1D64;LATIN SUBSCRIPT SMALL LETTER U;Ll;0;L; 0075;;;;N;;;;; +1D65;LATIN SUBSCRIPT SMALL LETTER V;Ll;0;L; 0076;;;;N;;;;; +1D66;GREEK SUBSCRIPT SMALL LETTER BETA;Ll;0;L; 03B2;;;;N;;;;; +1D67;GREEK SUBSCRIPT SMALL LETTER GAMMA;Ll;0;L; 03B3;;;;N;;;;; +1D68;GREEK SUBSCRIPT SMALL LETTER RHO;Ll;0;L; 03C1;;;;N;;;;; +1D69;GREEK SUBSCRIPT SMALL LETTER PHI;Ll;0;L; 03C6;;;;N;;;;; +1D6A;GREEK SUBSCRIPT SMALL LETTER CHI;Ll;0;L; 03C7;;;;N;;;;; +1D6B;LATIN SMALL LETTER UE;Ll;0;L;;;;;N;;;;; +1E00;LATIN CAPITAL LETTER A WITH RING BELOW;Lu;0;L;0041 0325;;;;N;;;;1E01; +1E01;LATIN SMALL LETTER A WITH RING BELOW;Ll;0;L;0061 0325;;;;N;;;1E00;;1E00 +1E02;LATIN CAPITAL LETTER B WITH DOT ABOVE;Lu;0;L;0042 0307;;;;N;;;;1E03; +1E03;LATIN SMALL LETTER B WITH DOT ABOVE;Ll;0;L;0062 0307;;;;N;;;1E02;;1E02 +1E04;LATIN CAPITAL LETTER B WITH DOT BELOW;Lu;0;L;0042 0323;;;;N;;;;1E05; +1E05;LATIN SMALL LETTER B WITH DOT BELOW;Ll;0;L;0062 0323;;;;N;;;1E04;;1E04 +1E06;LATIN CAPITAL LETTER B WITH LINE BELOW;Lu;0;L;0042 0331;;;;N;;;;1E07; +1E07;LATIN SMALL LETTER B WITH LINE BELOW;Ll;0;L;0062 0331;;;;N;;;1E06;;1E06 +1E08;LATIN CAPITAL LETTER C WITH CEDILLA AND ACUTE;Lu;0;L;00C7 0301;;;;N;;;;1E09; +1E09;LATIN SMALL LETTER C WITH CEDILLA AND ACUTE;Ll;0;L;00E7 0301;;;;N;;;1E08;;1E08 +1E0A;LATIN CAPITAL LETTER D WITH DOT ABOVE;Lu;0;L;0044 0307;;;;N;;;;1E0B; +1E0B;LATIN SMALL LETTER D WITH DOT ABOVE;Ll;0;L;0064 0307;;;;N;;;1E0A;;1E0A +1E0C;LATIN CAPITAL LETTER D WITH DOT BELOW;Lu;0;L;0044 0323;;;;N;;;;1E0D; +1E0D;LATIN SMALL LETTER D WITH DOT BELOW;Ll;0;L;0064 0323;;;;N;;;1E0C;;1E0C +1E0E;LATIN CAPITAL LETTER D WITH LINE BELOW;Lu;0;L;0044 0331;;;;N;;;;1E0F; +1E0F;LATIN SMALL LETTER D WITH LINE BELOW;Ll;0;L;0064 0331;;;;N;;;1E0E;;1E0E +1E10;LATIN CAPITAL LETTER D WITH CEDILLA;Lu;0;L;0044 0327;;;;N;;;;1E11; +1E11;LATIN SMALL LETTER D WITH CEDILLA;Ll;0;L;0064 0327;;;;N;;;1E10;;1E10 +1E12;LATIN CAPITAL LETTER D WITH CIRCUMFLEX BELOW;Lu;0;L;0044 032D;;;;N;;;;1E13; +1E13;LATIN SMALL LETTER D WITH CIRCUMFLEX BELOW;Ll;0;L;0064 032D;;;;N;;;1E12;;1E12 +1E14;LATIN CAPITAL LETTER E WITH MACRON AND GRAVE;Lu;0;L;0112 0300;;;;N;;;;1E15; +1E15;LATIN SMALL LETTER E WITH MACRON AND GRAVE;Ll;0;L;0113 0300;;;;N;;;1E14;;1E14 +1E16;LATIN CAPITAL LETTER E WITH MACRON AND ACUTE;Lu;0;L;0112 0301;;;;N;;;;1E17; +1E17;LATIN SMALL LETTER E WITH MACRON AND ACUTE;Ll;0;L;0113 0301;;;;N;;;1E16;;1E16 +1E18;LATIN CAPITAL LETTER E WITH CIRCUMFLEX BELOW;Lu;0;L;0045 032D;;;;N;;;;1E19; +1E19;LATIN SMALL LETTER E WITH CIRCUMFLEX BELOW;Ll;0;L;0065 032D;;;;N;;;1E18;;1E18 +1E1A;LATIN CAPITAL LETTER E WITH TILDE BELOW;Lu;0;L;0045 0330;;;;N;;;;1E1B; +1E1B;LATIN SMALL LETTER E WITH TILDE BELOW;Ll;0;L;0065 0330;;;;N;;;1E1A;;1E1A +1E1C;LATIN CAPITAL LETTER E WITH CEDILLA AND BREVE;Lu;0;L;0228 0306;;;;N;;;;1E1D; +1E1D;LATIN SMALL LETTER E WITH CEDILLA AND BREVE;Ll;0;L;0229 0306;;;;N;;;1E1C;;1E1C +1E1E;LATIN CAPITAL LETTER F WITH DOT ABOVE;Lu;0;L;0046 0307;;;;N;;;;1E1F; +1E1F;LATIN SMALL LETTER F WITH DOT ABOVE;Ll;0;L;0066 0307;;;;N;;;1E1E;;1E1E +1E20;LATIN CAPITAL LETTER G WITH MACRON;Lu;0;L;0047 0304;;;;N;;;;1E21; +1E21;LATIN SMALL LETTER G WITH MACRON;Ll;0;L;0067 0304;;;;N;;;1E20;;1E20 +1E22;LATIN CAPITAL LETTER H WITH DOT ABOVE;Lu;0;L;0048 0307;;;;N;;;;1E23; +1E23;LATIN SMALL LETTER H WITH DOT ABOVE;Ll;0;L;0068 0307;;;;N;;;1E22;;1E22 +1E24;LATIN CAPITAL LETTER H WITH DOT BELOW;Lu;0;L;0048 0323;;;;N;;;;1E25; +1E25;LATIN SMALL LETTER H WITH DOT BELOW;Ll;0;L;0068 0323;;;;N;;;1E24;;1E24 +1E26;LATIN CAPITAL LETTER H WITH DIAERESIS;Lu;0;L;0048 0308;;;;N;;;;1E27; +1E27;LATIN SMALL LETTER H WITH DIAERESIS;Ll;0;L;0068 0308;;;;N;;;1E26;;1E26 +1E28;LATIN CAPITAL LETTER H WITH CEDILLA;Lu;0;L;0048 0327;;;;N;;;;1E29; +1E29;LATIN SMALL LETTER H WITH CEDILLA;Ll;0;L;0068 0327;;;;N;;;1E28;;1E28 +1E2A;LATIN CAPITAL LETTER H WITH BREVE BELOW;Lu;0;L;0048 032E;;;;N;;;;1E2B; +1E2B;LATIN SMALL LETTER H WITH BREVE BELOW;Ll;0;L;0068 032E;;;;N;;;1E2A;;1E2A +1E2C;LATIN CAPITAL LETTER I WITH TILDE BELOW;Lu;0;L;0049 0330;;;;N;;;;1E2D; +1E2D;LATIN SMALL LETTER I WITH TILDE BELOW;Ll;0;L;0069 0330;;;;N;;;1E2C;;1E2C +1E2E;LATIN CAPITAL LETTER I WITH DIAERESIS AND ACUTE;Lu;0;L;00CF 0301;;;;N;;;;1E2F; +1E2F;LATIN SMALL LETTER I WITH DIAERESIS AND ACUTE;Ll;0;L;00EF 0301;;;;N;;;1E2E;;1E2E +1E30;LATIN CAPITAL LETTER K WITH ACUTE;Lu;0;L;004B 0301;;;;N;;;;1E31; +1E31;LATIN SMALL LETTER K WITH ACUTE;Ll;0;L;006B 0301;;;;N;;;1E30;;1E30 +1E32;LATIN CAPITAL LETTER K WITH DOT BELOW;Lu;0;L;004B 0323;;;;N;;;;1E33; +1E33;LATIN SMALL LETTER K WITH DOT BELOW;Ll;0;L;006B 0323;;;;N;;;1E32;;1E32 +1E34;LATIN CAPITAL LETTER K WITH LINE BELOW;Lu;0;L;004B 0331;;;;N;;;;1E35; +1E35;LATIN SMALL LETTER K WITH LINE BELOW;Ll;0;L;006B 0331;;;;N;;;1E34;;1E34 +1E36;LATIN CAPITAL LETTER L WITH DOT BELOW;Lu;0;L;004C 0323;;;;N;;;;1E37; +1E37;LATIN SMALL LETTER L WITH DOT BELOW;Ll;0;L;006C 0323;;;;N;;;1E36;;1E36 +1E38;LATIN CAPITAL LETTER L WITH DOT BELOW AND MACRON;Lu;0;L;1E36 0304;;;;N;;;;1E39; +1E39;LATIN SMALL LETTER L WITH DOT BELOW AND MACRON;Ll;0;L;1E37 0304;;;;N;;;1E38;;1E38 +1E3A;LATIN CAPITAL LETTER L WITH LINE BELOW;Lu;0;L;004C 0331;;;;N;;;;1E3B; +1E3B;LATIN SMALL LETTER L WITH LINE BELOW;Ll;0;L;006C 0331;;;;N;;;1E3A;;1E3A +1E3C;LATIN CAPITAL LETTER L WITH CIRCUMFLEX BELOW;Lu;0;L;004C 032D;;;;N;;;;1E3D; +1E3D;LATIN SMALL LETTER L WITH CIRCUMFLEX BELOW;Ll;0;L;006C 032D;;;;N;;;1E3C;;1E3C +1E3E;LATIN CAPITAL LETTER M WITH ACUTE;Lu;0;L;004D 0301;;;;N;;;;1E3F; +1E3F;LATIN SMALL LETTER M WITH ACUTE;Ll;0;L;006D 0301;;;;N;;;1E3E;;1E3E +1E40;LATIN CAPITAL LETTER M WITH DOT ABOVE;Lu;0;L;004D 0307;;;;N;;;;1E41; +1E41;LATIN SMALL LETTER M WITH DOT ABOVE;Ll;0;L;006D 0307;;;;N;;;1E40;;1E40 +1E42;LATIN CAPITAL LETTER M WITH DOT BELOW;Lu;0;L;004D 0323;;;;N;;;;1E43; +1E43;LATIN SMALL LETTER M WITH DOT BELOW;Ll;0;L;006D 0323;;;;N;;;1E42;;1E42 +1E44;LATIN CAPITAL LETTER N WITH DOT ABOVE;Lu;0;L;004E 0307;;;;N;;;;1E45; +1E45;LATIN SMALL LETTER N WITH DOT ABOVE;Ll;0;L;006E 0307;;;;N;;;1E44;;1E44 +1E46;LATIN CAPITAL LETTER N WITH DOT BELOW;Lu;0;L;004E 0323;;;;N;;;;1E47; +1E47;LATIN SMALL LETTER N WITH DOT BELOW;Ll;0;L;006E 0323;;;;N;;;1E46;;1E46 +1E48;LATIN CAPITAL LETTER N WITH LINE BELOW;Lu;0;L;004E 0331;;;;N;;;;1E49; +1E49;LATIN SMALL LETTER N WITH LINE BELOW;Ll;0;L;006E 0331;;;;N;;;1E48;;1E48 +1E4A;LATIN CAPITAL LETTER N WITH CIRCUMFLEX BELOW;Lu;0;L;004E 032D;;;;N;;;;1E4B; +1E4B;LATIN SMALL LETTER N WITH CIRCUMFLEX BELOW;Ll;0;L;006E 032D;;;;N;;;1E4A;;1E4A +1E4C;LATIN CAPITAL LETTER O WITH TILDE AND ACUTE;Lu;0;L;00D5 0301;;;;N;;;;1E4D; +1E4D;LATIN SMALL LETTER O WITH TILDE AND ACUTE;Ll;0;L;00F5 0301;;;;N;;;1E4C;;1E4C +1E4E;LATIN CAPITAL LETTER O WITH TILDE AND DIAERESIS;Lu;0;L;00D5 0308;;;;N;;;;1E4F; +1E4F;LATIN SMALL LETTER O WITH TILDE AND DIAERESIS;Ll;0;L;00F5 0308;;;;N;;;1E4E;;1E4E +1E50;LATIN CAPITAL LETTER O WITH MACRON AND GRAVE;Lu;0;L;014C 0300;;;;N;;;;1E51; +1E51;LATIN SMALL LETTER O WITH MACRON AND GRAVE;Ll;0;L;014D 0300;;;;N;;;1E50;;1E50 +1E52;LATIN CAPITAL LETTER O WITH MACRON AND ACUTE;Lu;0;L;014C 0301;;;;N;;;;1E53; +1E53;LATIN SMALL LETTER O WITH MACRON AND ACUTE;Ll;0;L;014D 0301;;;;N;;;1E52;;1E52 +1E54;LATIN CAPITAL LETTER P WITH ACUTE;Lu;0;L;0050 0301;;;;N;;;;1E55; +1E55;LATIN SMALL LETTER P WITH ACUTE;Ll;0;L;0070 0301;;;;N;;;1E54;;1E54 +1E56;LATIN CAPITAL LETTER P WITH DOT ABOVE;Lu;0;L;0050 0307;;;;N;;;;1E57; +1E57;LATIN SMALL LETTER P WITH DOT ABOVE;Ll;0;L;0070 0307;;;;N;;;1E56;;1E56 +1E58;LATIN CAPITAL LETTER R WITH DOT ABOVE;Lu;0;L;0052 0307;;;;N;;;;1E59; +1E59;LATIN SMALL LETTER R WITH DOT ABOVE;Ll;0;L;0072 0307;;;;N;;;1E58;;1E58 +1E5A;LATIN CAPITAL LETTER R WITH DOT BELOW;Lu;0;L;0052 0323;;;;N;;;;1E5B; +1E5B;LATIN SMALL LETTER R WITH DOT BELOW;Ll;0;L;0072 0323;;;;N;;;1E5A;;1E5A +1E5C;LATIN CAPITAL LETTER R WITH DOT BELOW AND MACRON;Lu;0;L;1E5A 0304;;;;N;;;;1E5D; +1E5D;LATIN SMALL LETTER R WITH DOT BELOW AND MACRON;Ll;0;L;1E5B 0304;;;;N;;;1E5C;;1E5C +1E5E;LATIN CAPITAL LETTER R WITH LINE BELOW;Lu;0;L;0052 0331;;;;N;;;;1E5F; +1E5F;LATIN SMALL LETTER R WITH LINE BELOW;Ll;0;L;0072 0331;;;;N;;;1E5E;;1E5E +1E60;LATIN CAPITAL LETTER S WITH DOT ABOVE;Lu;0;L;0053 0307;;;;N;;;;1E61; +1E61;LATIN SMALL LETTER S WITH DOT ABOVE;Ll;0;L;0073 0307;;;;N;;;1E60;;1E60 +1E62;LATIN CAPITAL LETTER S WITH DOT BELOW;Lu;0;L;0053 0323;;;;N;;;;1E63; +1E63;LATIN SMALL LETTER S WITH DOT BELOW;Ll;0;L;0073 0323;;;;N;;;1E62;;1E62 +1E64;LATIN CAPITAL LETTER S WITH ACUTE AND DOT ABOVE;Lu;0;L;015A 0307;;;;N;;;;1E65; +1E65;LATIN SMALL LETTER S WITH ACUTE AND DOT ABOVE;Ll;0;L;015B 0307;;;;N;;;1E64;;1E64 +1E66;LATIN CAPITAL LETTER S WITH CARON AND DOT ABOVE;Lu;0;L;0160 0307;;;;N;;;;1E67; +1E67;LATIN SMALL LETTER S WITH CARON AND DOT ABOVE;Ll;0;L;0161 0307;;;;N;;;1E66;;1E66 +1E68;LATIN CAPITAL LETTER S WITH DOT BELOW AND DOT ABOVE;Lu;0;L;1E62 0307;;;;N;;;;1E69; +1E69;LATIN SMALL LETTER S WITH DOT BELOW AND DOT ABOVE;Ll;0;L;1E63 0307;;;;N;;;1E68;;1E68 +1E6A;LATIN CAPITAL LETTER T WITH DOT ABOVE;Lu;0;L;0054 0307;;;;N;;;;1E6B; +1E6B;LATIN SMALL LETTER T WITH DOT ABOVE;Ll;0;L;0074 0307;;;;N;;;1E6A;;1E6A +1E6C;LATIN CAPITAL LETTER T WITH DOT BELOW;Lu;0;L;0054 0323;;;;N;;;;1E6D; +1E6D;LATIN SMALL LETTER T WITH DOT BELOW;Ll;0;L;0074 0323;;;;N;;;1E6C;;1E6C +1E6E;LATIN CAPITAL LETTER T WITH LINE BELOW;Lu;0;L;0054 0331;;;;N;;;;1E6F; +1E6F;LATIN SMALL LETTER T WITH LINE BELOW;Ll;0;L;0074 0331;;;;N;;;1E6E;;1E6E +1E70;LATIN CAPITAL LETTER T WITH CIRCUMFLEX BELOW;Lu;0;L;0054 032D;;;;N;;;;1E71; +1E71;LATIN SMALL LETTER T WITH CIRCUMFLEX BELOW;Ll;0;L;0074 032D;;;;N;;;1E70;;1E70 +1E72;LATIN CAPITAL LETTER U WITH DIAERESIS BELOW;Lu;0;L;0055 0324;;;;N;;;;1E73; +1E73;LATIN SMALL LETTER U WITH DIAERESIS BELOW;Ll;0;L;0075 0324;;;;N;;;1E72;;1E72 +1E74;LATIN CAPITAL LETTER U WITH TILDE BELOW;Lu;0;L;0055 0330;;;;N;;;;1E75; +1E75;LATIN SMALL LETTER U WITH TILDE BELOW;Ll;0;L;0075 0330;;;;N;;;1E74;;1E74 +1E76;LATIN CAPITAL LETTER U WITH CIRCUMFLEX BELOW;Lu;0;L;0055 032D;;;;N;;;;1E77; +1E77;LATIN SMALL LETTER U WITH CIRCUMFLEX BELOW;Ll;0;L;0075 032D;;;;N;;;1E76;;1E76 +1E78;LATIN CAPITAL LETTER U WITH TILDE AND ACUTE;Lu;0;L;0168 0301;;;;N;;;;1E79; +1E79;LATIN SMALL LETTER U WITH TILDE AND ACUTE;Ll;0;L;0169 0301;;;;N;;;1E78;;1E78 +1E7A;LATIN CAPITAL LETTER U WITH MACRON AND DIAERESIS;Lu;0;L;016A 0308;;;;N;;;;1E7B; +1E7B;LATIN SMALL LETTER U WITH MACRON AND DIAERESIS;Ll;0;L;016B 0308;;;;N;;;1E7A;;1E7A +1E7C;LATIN CAPITAL LETTER V WITH TILDE;Lu;0;L;0056 0303;;;;N;;;;1E7D; +1E7D;LATIN SMALL LETTER V WITH TILDE;Ll;0;L;0076 0303;;;;N;;;1E7C;;1E7C +1E7E;LATIN CAPITAL LETTER V WITH DOT BELOW;Lu;0;L;0056 0323;;;;N;;;;1E7F; +1E7F;LATIN SMALL LETTER V WITH DOT BELOW;Ll;0;L;0076 0323;;;;N;;;1E7E;;1E7E +1E80;LATIN CAPITAL LETTER W WITH GRAVE;Lu;0;L;0057 0300;;;;N;;;;1E81; +1E81;LATIN SMALL LETTER W WITH GRAVE;Ll;0;L;0077 0300;;;;N;;;1E80;;1E80 +1E82;LATIN CAPITAL LETTER W WITH ACUTE;Lu;0;L;0057 0301;;;;N;;;;1E83; +1E83;LATIN SMALL LETTER W WITH ACUTE;Ll;0;L;0077 0301;;;;N;;;1E82;;1E82 +1E84;LATIN CAPITAL LETTER W WITH DIAERESIS;Lu;0;L;0057 0308;;;;N;;;;1E85; +1E85;LATIN SMALL LETTER W WITH DIAERESIS;Ll;0;L;0077 0308;;;;N;;;1E84;;1E84 +1E86;LATIN CAPITAL LETTER W WITH DOT ABOVE;Lu;0;L;0057 0307;;;;N;;;;1E87; +1E87;LATIN SMALL LETTER W WITH DOT ABOVE;Ll;0;L;0077 0307;;;;N;;;1E86;;1E86 +1E88;LATIN CAPITAL LETTER W WITH DOT BELOW;Lu;0;L;0057 0323;;;;N;;;;1E89; +1E89;LATIN SMALL LETTER W WITH DOT BELOW;Ll;0;L;0077 0323;;;;N;;;1E88;;1E88 +1E8A;LATIN CAPITAL LETTER X WITH DOT ABOVE;Lu;0;L;0058 0307;;;;N;;;;1E8B; +1E8B;LATIN SMALL LETTER X WITH DOT ABOVE;Ll;0;L;0078 0307;;;;N;;;1E8A;;1E8A +1E8C;LATIN CAPITAL LETTER X WITH DIAERESIS;Lu;0;L;0058 0308;;;;N;;;;1E8D; +1E8D;LATIN SMALL LETTER X WITH DIAERESIS;Ll;0;L;0078 0308;;;;N;;;1E8C;;1E8C +1E8E;LATIN CAPITAL LETTER Y WITH DOT ABOVE;Lu;0;L;0059 0307;;;;N;;;;1E8F; +1E8F;LATIN SMALL LETTER Y WITH DOT ABOVE;Ll;0;L;0079 0307;;;;N;;;1E8E;;1E8E +1E90;LATIN CAPITAL LETTER Z WITH CIRCUMFLEX;Lu;0;L;005A 0302;;;;N;;;;1E91; +1E91;LATIN SMALL LETTER Z WITH CIRCUMFLEX;Ll;0;L;007A 0302;;;;N;;;1E90;;1E90 +1E92;LATIN CAPITAL LETTER Z WITH DOT BELOW;Lu;0;L;005A 0323;;;;N;;;;1E93; +1E93;LATIN SMALL LETTER Z WITH DOT BELOW;Ll;0;L;007A 0323;;;;N;;;1E92;;1E92 +1E94;LATIN CAPITAL LETTER Z WITH LINE BELOW;Lu;0;L;005A 0331;;;;N;;;;1E95; +1E95;LATIN SMALL LETTER Z WITH LINE BELOW;Ll;0;L;007A 0331;;;;N;;;1E94;;1E94 +1E96;LATIN SMALL LETTER H WITH LINE BELOW;Ll;0;L;0068 0331;;;;N;;;;; +1E97;LATIN SMALL LETTER T WITH DIAERESIS;Ll;0;L;0074 0308;;;;N;;;;; +1E98;LATIN SMALL LETTER W WITH RING ABOVE;Ll;0;L;0077 030A;;;;N;;;;; +1E99;LATIN SMALL LETTER Y WITH RING ABOVE;Ll;0;L;0079 030A;;;;N;;;;; +1E9A;LATIN SMALL LETTER A WITH RIGHT HALF RING;Ll;0;L; 0061 02BE;;;;N;;;;; +1E9B;LATIN SMALL LETTER LONG S WITH DOT ABOVE;Ll;0;L;017F 0307;;;;N;;;1E60;;1E60 +1EA0;LATIN CAPITAL LETTER A WITH DOT BELOW;Lu;0;L;0041 0323;;;;N;;;;1EA1; +1EA1;LATIN SMALL LETTER A WITH DOT BELOW;Ll;0;L;0061 0323;;;;N;;;1EA0;;1EA0 +1EA2;LATIN CAPITAL LETTER A WITH HOOK ABOVE;Lu;0;L;0041 0309;;;;N;;;;1EA3; +1EA3;LATIN SMALL LETTER A WITH HOOK ABOVE;Ll;0;L;0061 0309;;;;N;;;1EA2;;1EA2 +1EA4;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND ACUTE;Lu;0;L;00C2 0301;;;;N;;;;1EA5; +1EA5;LATIN SMALL LETTER A WITH CIRCUMFLEX AND ACUTE;Ll;0;L;00E2 0301;;;;N;;;1EA4;;1EA4 +1EA6;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND GRAVE;Lu;0;L;00C2 0300;;;;N;;;;1EA7; +1EA7;LATIN SMALL LETTER A WITH CIRCUMFLEX AND GRAVE;Ll;0;L;00E2 0300;;;;N;;;1EA6;;1EA6 +1EA8;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND HOOK ABOVE;Lu;0;L;00C2 0309;;;;N;;;;1EA9; +1EA9;LATIN SMALL LETTER A WITH CIRCUMFLEX AND HOOK ABOVE;Ll;0;L;00E2 0309;;;;N;;;1EA8;;1EA8 +1EAA;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND TILDE;Lu;0;L;00C2 0303;;;;N;;;;1EAB; +1EAB;LATIN SMALL LETTER A WITH CIRCUMFLEX AND TILDE;Ll;0;L;00E2 0303;;;;N;;;1EAA;;1EAA +1EAC;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND DOT BELOW;Lu;0;L;1EA0 0302;;;;N;;;;1EAD; +1EAD;LATIN SMALL LETTER A WITH CIRCUMFLEX AND DOT BELOW;Ll;0;L;1EA1 0302;;;;N;;;1EAC;;1EAC +1EAE;LATIN CAPITAL LETTER A WITH BREVE AND ACUTE;Lu;0;L;0102 0301;;;;N;;;;1EAF; +1EAF;LATIN SMALL LETTER A WITH BREVE AND ACUTE;Ll;0;L;0103 0301;;;;N;;;1EAE;;1EAE +1EB0;LATIN CAPITAL LETTER A WITH BREVE AND GRAVE;Lu;0;L;0102 0300;;;;N;;;;1EB1; +1EB1;LATIN SMALL LETTER A WITH BREVE AND GRAVE;Ll;0;L;0103 0300;;;;N;;;1EB0;;1EB0 +1EB2;LATIN CAPITAL LETTER A WITH BREVE AND HOOK ABOVE;Lu;0;L;0102 0309;;;;N;;;;1EB3; +1EB3;LATIN SMALL LETTER A WITH BREVE AND HOOK ABOVE;Ll;0;L;0103 0309;;;;N;;;1EB2;;1EB2 +1EB4;LATIN CAPITAL LETTER A WITH BREVE AND TILDE;Lu;0;L;0102 0303;;;;N;;;;1EB5; +1EB5;LATIN SMALL LETTER A WITH BREVE AND TILDE;Ll;0;L;0103 0303;;;;N;;;1EB4;;1EB4 +1EB6;LATIN CAPITAL LETTER A WITH BREVE AND DOT BELOW;Lu;0;L;1EA0 0306;;;;N;;;;1EB7; +1EB7;LATIN SMALL LETTER A WITH BREVE AND DOT BELOW;Ll;0;L;1EA1 0306;;;;N;;;1EB6;;1EB6 +1EB8;LATIN CAPITAL LETTER E WITH DOT BELOW;Lu;0;L;0045 0323;;;;N;;;;1EB9; +1EB9;LATIN SMALL LETTER E WITH DOT BELOW;Ll;0;L;0065 0323;;;;N;;;1EB8;;1EB8 +1EBA;LATIN CAPITAL LETTER E WITH HOOK ABOVE;Lu;0;L;0045 0309;;;;N;;;;1EBB; +1EBB;LATIN SMALL LETTER E WITH HOOK ABOVE;Ll;0;L;0065 0309;;;;N;;;1EBA;;1EBA +1EBC;LATIN CAPITAL LETTER E WITH TILDE;Lu;0;L;0045 0303;;;;N;;;;1EBD; +1EBD;LATIN SMALL LETTER E WITH TILDE;Ll;0;L;0065 0303;;;;N;;;1EBC;;1EBC +1EBE;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND ACUTE;Lu;0;L;00CA 0301;;;;N;;;;1EBF; +1EBF;LATIN SMALL LETTER E WITH CIRCUMFLEX AND ACUTE;Ll;0;L;00EA 0301;;;;N;;;1EBE;;1EBE +1EC0;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND GRAVE;Lu;0;L;00CA 0300;;;;N;;;;1EC1; +1EC1;LATIN SMALL LETTER E WITH CIRCUMFLEX AND GRAVE;Ll;0;L;00EA 0300;;;;N;;;1EC0;;1EC0 +1EC2;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND HOOK ABOVE;Lu;0;L;00CA 0309;;;;N;;;;1EC3; +1EC3;LATIN SMALL LETTER E WITH CIRCUMFLEX AND HOOK ABOVE;Ll;0;L;00EA 0309;;;;N;;;1EC2;;1EC2 +1EC4;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND TILDE;Lu;0;L;00CA 0303;;;;N;;;;1EC5; +1EC5;LATIN SMALL LETTER E WITH CIRCUMFLEX AND TILDE;Ll;0;L;00EA 0303;;;;N;;;1EC4;;1EC4 +1EC6;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND DOT BELOW;Lu;0;L;1EB8 0302;;;;N;;;;1EC7; +1EC7;LATIN SMALL LETTER E WITH CIRCUMFLEX AND DOT BELOW;Ll;0;L;1EB9 0302;;;;N;;;1EC6;;1EC6 +1EC8;LATIN CAPITAL LETTER I WITH HOOK ABOVE;Lu;0;L;0049 0309;;;;N;;;;1EC9; +1EC9;LATIN SMALL LETTER I WITH HOOK ABOVE;Ll;0;L;0069 0309;;;;N;;;1EC8;;1EC8 +1ECA;LATIN CAPITAL LETTER I WITH DOT BELOW;Lu;0;L;0049 0323;;;;N;;;;1ECB; +1ECB;LATIN SMALL LETTER I WITH DOT BELOW;Ll;0;L;0069 0323;;;;N;;;1ECA;;1ECA +1ECC;LATIN CAPITAL LETTER O WITH DOT BELOW;Lu;0;L;004F 0323;;;;N;;;;1ECD; +1ECD;LATIN SMALL LETTER O WITH DOT BELOW;Ll;0;L;006F 0323;;;;N;;;1ECC;;1ECC +1ECE;LATIN CAPITAL LETTER O WITH HOOK ABOVE;Lu;0;L;004F 0309;;;;N;;;;1ECF; +1ECF;LATIN SMALL LETTER O WITH HOOK ABOVE;Ll;0;L;006F 0309;;;;N;;;1ECE;;1ECE +1ED0;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND ACUTE;Lu;0;L;00D4 0301;;;;N;;;;1ED1; +1ED1;LATIN SMALL LETTER O WITH CIRCUMFLEX AND ACUTE;Ll;0;L;00F4 0301;;;;N;;;1ED0;;1ED0 +1ED2;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND GRAVE;Lu;0;L;00D4 0300;;;;N;;;;1ED3; +1ED3;LATIN SMALL LETTER O WITH CIRCUMFLEX AND GRAVE;Ll;0;L;00F4 0300;;;;N;;;1ED2;;1ED2 +1ED4;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND HOOK ABOVE;Lu;0;L;00D4 0309;;;;N;;;;1ED5; +1ED5;LATIN SMALL LETTER O WITH CIRCUMFLEX AND HOOK ABOVE;Ll;0;L;00F4 0309;;;;N;;;1ED4;;1ED4 +1ED6;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND TILDE;Lu;0;L;00D4 0303;;;;N;;;;1ED7; +1ED7;LATIN SMALL LETTER O WITH CIRCUMFLEX AND TILDE;Ll;0;L;00F4 0303;;;;N;;;1ED6;;1ED6 +1ED8;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND DOT BELOW;Lu;0;L;1ECC 0302;;;;N;;;;1ED9; +1ED9;LATIN SMALL LETTER O WITH CIRCUMFLEX AND DOT BELOW;Ll;0;L;1ECD 0302;;;;N;;;1ED8;;1ED8 +1EDA;LATIN CAPITAL LETTER O WITH HORN AND ACUTE;Lu;0;L;01A0 0301;;;;N;;;;1EDB; +1EDB;LATIN SMALL LETTER O WITH HORN AND ACUTE;Ll;0;L;01A1 0301;;;;N;;;1EDA;;1EDA +1EDC;LATIN CAPITAL LETTER O WITH HORN AND GRAVE;Lu;0;L;01A0 0300;;;;N;;;;1EDD; +1EDD;LATIN SMALL LETTER O WITH HORN AND GRAVE;Ll;0;L;01A1 0300;;;;N;;;1EDC;;1EDC +1EDE;LATIN CAPITAL LETTER O WITH HORN AND HOOK ABOVE;Lu;0;L;01A0 0309;;;;N;;;;1EDF; +1EDF;LATIN SMALL LETTER O WITH HORN AND HOOK ABOVE;Ll;0;L;01A1 0309;;;;N;;;1EDE;;1EDE +1EE0;LATIN CAPITAL LETTER O WITH HORN AND TILDE;Lu;0;L;01A0 0303;;;;N;;;;1EE1; +1EE1;LATIN SMALL LETTER O WITH HORN AND TILDE;Ll;0;L;01A1 0303;;;;N;;;1EE0;;1EE0 +1EE2;LATIN CAPITAL LETTER O WITH HORN AND DOT BELOW;Lu;0;L;01A0 0323;;;;N;;;;1EE3; +1EE3;LATIN SMALL LETTER O WITH HORN AND DOT BELOW;Ll;0;L;01A1 0323;;;;N;;;1EE2;;1EE2 +1EE4;LATIN CAPITAL LETTER U WITH DOT BELOW;Lu;0;L;0055 0323;;;;N;;;;1EE5; +1EE5;LATIN SMALL LETTER U WITH DOT BELOW;Ll;0;L;0075 0323;;;;N;;;1EE4;;1EE4 +1EE6;LATIN CAPITAL LETTER U WITH HOOK ABOVE;Lu;0;L;0055 0309;;;;N;;;;1EE7; +1EE7;LATIN SMALL LETTER U WITH HOOK ABOVE;Ll;0;L;0075 0309;;;;N;;;1EE6;;1EE6 +1EE8;LATIN CAPITAL LETTER U WITH HORN AND ACUTE;Lu;0;L;01AF 0301;;;;N;;;;1EE9; +1EE9;LATIN SMALL LETTER U WITH HORN AND ACUTE;Ll;0;L;01B0 0301;;;;N;;;1EE8;;1EE8 +1EEA;LATIN CAPITAL LETTER U WITH HORN AND GRAVE;Lu;0;L;01AF 0300;;;;N;;;;1EEB; +1EEB;LATIN SMALL LETTER U WITH HORN AND GRAVE;Ll;0;L;01B0 0300;;;;N;;;1EEA;;1EEA +1EEC;LATIN CAPITAL LETTER U WITH HORN AND HOOK ABOVE;Lu;0;L;01AF 0309;;;;N;;;;1EED; +1EED;LATIN SMALL LETTER U WITH HORN AND HOOK ABOVE;Ll;0;L;01B0 0309;;;;N;;;1EEC;;1EEC +1EEE;LATIN CAPITAL LETTER U WITH HORN AND TILDE;Lu;0;L;01AF 0303;;;;N;;;;1EEF; +1EEF;LATIN SMALL LETTER U WITH HORN AND TILDE;Ll;0;L;01B0 0303;;;;N;;;1EEE;;1EEE +1EF0;LATIN CAPITAL LETTER U WITH HORN AND DOT BELOW;Lu;0;L;01AF 0323;;;;N;;;;1EF1; +1EF1;LATIN SMALL LETTER U WITH HORN AND DOT BELOW;Ll;0;L;01B0 0323;;;;N;;;1EF0;;1EF0 +1EF2;LATIN CAPITAL LETTER Y WITH GRAVE;Lu;0;L;0059 0300;;;;N;;;;1EF3; +1EF3;LATIN SMALL LETTER Y WITH GRAVE;Ll;0;L;0079 0300;;;;N;;;1EF2;;1EF2 +1EF4;LATIN CAPITAL LETTER Y WITH DOT BELOW;Lu;0;L;0059 0323;;;;N;;;;1EF5; +1EF5;LATIN SMALL LETTER Y WITH DOT BELOW;Ll;0;L;0079 0323;;;;N;;;1EF4;;1EF4 +1EF6;LATIN CAPITAL LETTER Y WITH HOOK ABOVE;Lu;0;L;0059 0309;;;;N;;;;1EF7; +1EF7;LATIN SMALL LETTER Y WITH HOOK ABOVE;Ll;0;L;0079 0309;;;;N;;;1EF6;;1EF6 +1EF8;LATIN CAPITAL LETTER Y WITH TILDE;Lu;0;L;0059 0303;;;;N;;;;1EF9; +1EF9;LATIN SMALL LETTER Y WITH TILDE;Ll;0;L;0079 0303;;;;N;;;1EF8;;1EF8 +1F00;GREEK SMALL LETTER ALPHA WITH PSILI;Ll;0;L;03B1 0313;;;;N;;;1F08;;1F08 +1F01;GREEK SMALL LETTER ALPHA WITH DASIA;Ll;0;L;03B1 0314;;;;N;;;1F09;;1F09 +1F02;GREEK SMALL LETTER ALPHA WITH PSILI AND VARIA;Ll;0;L;1F00 0300;;;;N;;;1F0A;;1F0A +1F03;GREEK SMALL LETTER ALPHA WITH DASIA AND VARIA;Ll;0;L;1F01 0300;;;;N;;;1F0B;;1F0B +1F04;GREEK SMALL LETTER ALPHA WITH PSILI AND OXIA;Ll;0;L;1F00 0301;;;;N;;;1F0C;;1F0C +1F05;GREEK SMALL LETTER ALPHA WITH DASIA AND OXIA;Ll;0;L;1F01 0301;;;;N;;;1F0D;;1F0D +1F06;GREEK SMALL LETTER ALPHA WITH PSILI AND PERISPOMENI;Ll;0;L;1F00 0342;;;;N;;;1F0E;;1F0E +1F07;GREEK SMALL LETTER ALPHA WITH DASIA AND PERISPOMENI;Ll;0;L;1F01 0342;;;;N;;;1F0F;;1F0F +1F08;GREEK CAPITAL LETTER ALPHA WITH PSILI;Lu;0;L;0391 0313;;;;N;;;;1F00; +1F09;GREEK CAPITAL LETTER ALPHA WITH DASIA;Lu;0;L;0391 0314;;;;N;;;;1F01; +1F0A;GREEK CAPITAL LETTER ALPHA WITH PSILI AND VARIA;Lu;0;L;1F08 0300;;;;N;;;;1F02; +1F0B;GREEK CAPITAL LETTER ALPHA WITH DASIA AND VARIA;Lu;0;L;1F09 0300;;;;N;;;;1F03; +1F0C;GREEK CAPITAL LETTER ALPHA WITH PSILI AND OXIA;Lu;0;L;1F08 0301;;;;N;;;;1F04; +1F0D;GREEK CAPITAL LETTER ALPHA WITH DASIA AND OXIA;Lu;0;L;1F09 0301;;;;N;;;;1F05; +1F0E;GREEK CAPITAL LETTER ALPHA WITH PSILI AND PERISPOMENI;Lu;0;L;1F08 0342;;;;N;;;;1F06; +1F0F;GREEK CAPITAL LETTER ALPHA WITH DASIA AND PERISPOMENI;Lu;0;L;1F09 0342;;;;N;;;;1F07; +1F10;GREEK SMALL LETTER EPSILON WITH PSILI;Ll;0;L;03B5 0313;;;;N;;;1F18;;1F18 +1F11;GREEK SMALL LETTER EPSILON WITH DASIA;Ll;0;L;03B5 0314;;;;N;;;1F19;;1F19 +1F12;GREEK SMALL LETTER EPSILON WITH PSILI AND VARIA;Ll;0;L;1F10 0300;;;;N;;;1F1A;;1F1A +1F13;GREEK SMALL LETTER EPSILON WITH DASIA AND VARIA;Ll;0;L;1F11 0300;;;;N;;;1F1B;;1F1B +1F14;GREEK SMALL LETTER EPSILON WITH PSILI AND OXIA;Ll;0;L;1F10 0301;;;;N;;;1F1C;;1F1C +1F15;GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA;Ll;0;L;1F11 0301;;;;N;;;1F1D;;1F1D +1F18;GREEK CAPITAL LETTER EPSILON WITH PSILI;Lu;0;L;0395 0313;;;;N;;;;1F10; +1F19;GREEK CAPITAL LETTER EPSILON WITH DASIA;Lu;0;L;0395 0314;;;;N;;;;1F11; +1F1A;GREEK CAPITAL LETTER EPSILON WITH PSILI AND VARIA;Lu;0;L;1F18 0300;;;;N;;;;1F12; +1F1B;GREEK CAPITAL LETTER EPSILON WITH DASIA AND VARIA;Lu;0;L;1F19 0300;;;;N;;;;1F13; +1F1C;GREEK CAPITAL LETTER EPSILON WITH PSILI AND OXIA;Lu;0;L;1F18 0301;;;;N;;;;1F14; +1F1D;GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA;Lu;0;L;1F19 0301;;;;N;;;;1F15; +1F20;GREEK SMALL LETTER ETA WITH PSILI;Ll;0;L;03B7 0313;;;;N;;;1F28;;1F28 +1F21;GREEK SMALL LETTER ETA WITH DASIA;Ll;0;L;03B7 0314;;;;N;;;1F29;;1F29 +1F22;GREEK SMALL LETTER ETA WITH PSILI AND VARIA;Ll;0;L;1F20 0300;;;;N;;;1F2A;;1F2A +1F23;GREEK SMALL LETTER ETA WITH DASIA AND VARIA;Ll;0;L;1F21 0300;;;;N;;;1F2B;;1F2B +1F24;GREEK SMALL LETTER ETA WITH PSILI AND OXIA;Ll;0;L;1F20 0301;;;;N;;;1F2C;;1F2C +1F25;GREEK SMALL LETTER ETA WITH DASIA AND OXIA;Ll;0;L;1F21 0301;;;;N;;;1F2D;;1F2D +1F26;GREEK SMALL LETTER ETA WITH PSILI AND PERISPOMENI;Ll;0;L;1F20 0342;;;;N;;;1F2E;;1F2E +1F27;GREEK SMALL LETTER ETA WITH DASIA AND PERISPOMENI;Ll;0;L;1F21 0342;;;;N;;;1F2F;;1F2F +1F28;GREEK CAPITAL LETTER ETA WITH PSILI;Lu;0;L;0397 0313;;;;N;;;;1F20; +1F29;GREEK CAPITAL LETTER ETA WITH DASIA;Lu;0;L;0397 0314;;;;N;;;;1F21; +1F2A;GREEK CAPITAL LETTER ETA WITH PSILI AND VARIA;Lu;0;L;1F28 0300;;;;N;;;;1F22; +1F2B;GREEK CAPITAL LETTER ETA WITH DASIA AND VARIA;Lu;0;L;1F29 0300;;;;N;;;;1F23; +1F2C;GREEK CAPITAL LETTER ETA WITH PSILI AND OXIA;Lu;0;L;1F28 0301;;;;N;;;;1F24; +1F2D;GREEK CAPITAL LETTER ETA WITH DASIA AND OXIA;Lu;0;L;1F29 0301;;;;N;;;;1F25; +1F2E;GREEK CAPITAL LETTER ETA WITH PSILI AND PERISPOMENI;Lu;0;L;1F28 0342;;;;N;;;;1F26; +1F2F;GREEK CAPITAL LETTER ETA WITH DASIA AND PERISPOMENI;Lu;0;L;1F29 0342;;;;N;;;;1F27; +1F30;GREEK SMALL LETTER IOTA WITH PSILI;Ll;0;L;03B9 0313;;;;N;;;1F38;;1F38 +1F31;GREEK SMALL LETTER IOTA WITH DASIA;Ll;0;L;03B9 0314;;;;N;;;1F39;;1F39 +1F32;GREEK SMALL LETTER IOTA WITH PSILI AND VARIA;Ll;0;L;1F30 0300;;;;N;;;1F3A;;1F3A +1F33;GREEK SMALL LETTER IOTA WITH DASIA AND VARIA;Ll;0;L;1F31 0300;;;;N;;;1F3B;;1F3B +1F34;GREEK SMALL LETTER IOTA WITH PSILI AND OXIA;Ll;0;L;1F30 0301;;;;N;;;1F3C;;1F3C +1F35;GREEK SMALL LETTER IOTA WITH DASIA AND OXIA;Ll;0;L;1F31 0301;;;;N;;;1F3D;;1F3D +1F36;GREEK SMALL LETTER IOTA WITH PSILI AND PERISPOMENI;Ll;0;L;1F30 0342;;;;N;;;1F3E;;1F3E +1F37;GREEK SMALL LETTER IOTA WITH DASIA AND PERISPOMENI;Ll;0;L;1F31 0342;;;;N;;;1F3F;;1F3F +1F38;GREEK CAPITAL LETTER IOTA WITH PSILI;Lu;0;L;0399 0313;;;;N;;;;1F30; +1F39;GREEK CAPITAL LETTER IOTA WITH DASIA;Lu;0;L;0399 0314;;;;N;;;;1F31; +1F3A;GREEK CAPITAL LETTER IOTA WITH PSILI AND VARIA;Lu;0;L;1F38 0300;;;;N;;;;1F32; +1F3B;GREEK CAPITAL LETTER IOTA WITH DASIA AND VARIA;Lu;0;L;1F39 0300;;;;N;;;;1F33; +1F3C;GREEK CAPITAL LETTER IOTA WITH PSILI AND OXIA;Lu;0;L;1F38 0301;;;;N;;;;1F34; +1F3D;GREEK CAPITAL LETTER IOTA WITH DASIA AND OXIA;Lu;0;L;1F39 0301;;;;N;;;;1F35; +1F3E;GREEK CAPITAL LETTER IOTA WITH PSILI AND PERISPOMENI;Lu;0;L;1F38 0342;;;;N;;;;1F36; +1F3F;GREEK CAPITAL LETTER IOTA WITH DASIA AND PERISPOMENI;Lu;0;L;1F39 0342;;;;N;;;;1F37; +1F40;GREEK SMALL LETTER OMICRON WITH PSILI;Ll;0;L;03BF 0313;;;;N;;;1F48;;1F48 +1F41;GREEK SMALL LETTER OMICRON WITH DASIA;Ll;0;L;03BF 0314;;;;N;;;1F49;;1F49 +1F42;GREEK SMALL LETTER OMICRON WITH PSILI AND VARIA;Ll;0;L;1F40 0300;;;;N;;;1F4A;;1F4A +1F43;GREEK SMALL LETTER OMICRON WITH DASIA AND VARIA;Ll;0;L;1F41 0300;;;;N;;;1F4B;;1F4B +1F44;GREEK SMALL LETTER OMICRON WITH PSILI AND OXIA;Ll;0;L;1F40 0301;;;;N;;;1F4C;;1F4C +1F45;GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA;Ll;0;L;1F41 0301;;;;N;;;1F4D;;1F4D +1F48;GREEK CAPITAL LETTER OMICRON WITH PSILI;Lu;0;L;039F 0313;;;;N;;;;1F40; +1F49;GREEK CAPITAL LETTER OMICRON WITH DASIA;Lu;0;L;039F 0314;;;;N;;;;1F41; +1F4A;GREEK CAPITAL LETTER OMICRON WITH PSILI AND VARIA;Lu;0;L;1F48 0300;;;;N;;;;1F42; +1F4B;GREEK CAPITAL LETTER OMICRON WITH DASIA AND VARIA;Lu;0;L;1F49 0300;;;;N;;;;1F43; +1F4C;GREEK CAPITAL LETTER OMICRON WITH PSILI AND OXIA;Lu;0;L;1F48 0301;;;;N;;;;1F44; +1F4D;GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA;Lu;0;L;1F49 0301;;;;N;;;;1F45; +1F50;GREEK SMALL LETTER UPSILON WITH PSILI;Ll;0;L;03C5 0313;;;;N;;;;; +1F51;GREEK SMALL LETTER UPSILON WITH DASIA;Ll;0;L;03C5 0314;;;;N;;;1F59;;1F59 +1F52;GREEK SMALL LETTER UPSILON WITH PSILI AND VARIA;Ll;0;L;1F50 0300;;;;N;;;;; +1F53;GREEK SMALL LETTER UPSILON WITH DASIA AND VARIA;Ll;0;L;1F51 0300;;;;N;;;1F5B;;1F5B +1F54;GREEK SMALL LETTER UPSILON WITH PSILI AND OXIA;Ll;0;L;1F50 0301;;;;N;;;;; +1F55;GREEK SMALL LETTER UPSILON WITH DASIA AND OXIA;Ll;0;L;1F51 0301;;;;N;;;1F5D;;1F5D +1F56;GREEK SMALL LETTER UPSILON WITH PSILI AND PERISPOMENI;Ll;0;L;1F50 0342;;;;N;;;;; +1F57;GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI;Ll;0;L;1F51 0342;;;;N;;;1F5F;;1F5F +1F59;GREEK CAPITAL LETTER UPSILON WITH DASIA;Lu;0;L;03A5 0314;;;;N;;;;1F51; +1F5B;GREEK CAPITAL LETTER UPSILON WITH DASIA AND VARIA;Lu;0;L;1F59 0300;;;;N;;;;1F53; +1F5D;GREEK CAPITAL LETTER UPSILON WITH DASIA AND OXIA;Lu;0;L;1F59 0301;;;;N;;;;1F55; +1F5F;GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI;Lu;0;L;1F59 0342;;;;N;;;;1F57; +1F60;GREEK SMALL LETTER OMEGA WITH PSILI;Ll;0;L;03C9 0313;;;;N;;;1F68;;1F68 +1F61;GREEK SMALL LETTER OMEGA WITH DASIA;Ll;0;L;03C9 0314;;;;N;;;1F69;;1F69 +1F62;GREEK SMALL LETTER OMEGA WITH PSILI AND VARIA;Ll;0;L;1F60 0300;;;;N;;;1F6A;;1F6A +1F63;GREEK SMALL LETTER OMEGA WITH DASIA AND VARIA;Ll;0;L;1F61 0300;;;;N;;;1F6B;;1F6B +1F64;GREEK SMALL LETTER OMEGA WITH PSILI AND OXIA;Ll;0;L;1F60 0301;;;;N;;;1F6C;;1F6C +1F65;GREEK SMALL LETTER OMEGA WITH DASIA AND OXIA;Ll;0;L;1F61 0301;;;;N;;;1F6D;;1F6D +1F66;GREEK SMALL LETTER OMEGA WITH PSILI AND PERISPOMENI;Ll;0;L;1F60 0342;;;;N;;;1F6E;;1F6E +1F67;GREEK SMALL LETTER OMEGA WITH DASIA AND PERISPOMENI;Ll;0;L;1F61 0342;;;;N;;;1F6F;;1F6F +1F68;GREEK CAPITAL LETTER OMEGA WITH PSILI;Lu;0;L;03A9 0313;;;;N;;;;1F60; +1F69;GREEK CAPITAL LETTER OMEGA WITH DASIA;Lu;0;L;03A9 0314;;;;N;;;;1F61; +1F6A;GREEK CAPITAL LETTER OMEGA WITH PSILI AND VARIA;Lu;0;L;1F68 0300;;;;N;;;;1F62; +1F6B;GREEK CAPITAL LETTER OMEGA WITH DASIA AND VARIA;Lu;0;L;1F69 0300;;;;N;;;;1F63; +1F6C;GREEK CAPITAL LETTER OMEGA WITH PSILI AND OXIA;Lu;0;L;1F68 0301;;;;N;;;;1F64; +1F6D;GREEK CAPITAL LETTER OMEGA WITH DASIA AND OXIA;Lu;0;L;1F69 0301;;;;N;;;;1F65; +1F6E;GREEK CAPITAL LETTER OMEGA WITH PSILI AND PERISPOMENI;Lu;0;L;1F68 0342;;;;N;;;;1F66; +1F6F;GREEK CAPITAL LETTER OMEGA WITH DASIA AND PERISPOMENI;Lu;0;L;1F69 0342;;;;N;;;;1F67; +1F70;GREEK SMALL LETTER ALPHA WITH VARIA;Ll;0;L;03B1 0300;;;;N;;;1FBA;;1FBA +1F71;GREEK SMALL LETTER ALPHA WITH OXIA;Ll;0;L;03AC;;;;N;;;1FBB;;1FBB +1F72;GREEK SMALL LETTER EPSILON WITH VARIA;Ll;0;L;03B5 0300;;;;N;;;1FC8;;1FC8 +1F73;GREEK SMALL LETTER EPSILON WITH OXIA;Ll;0;L;03AD;;;;N;;;1FC9;;1FC9 +1F74;GREEK SMALL LETTER ETA WITH VARIA;Ll;0;L;03B7 0300;;;;N;;;1FCA;;1FCA +1F75;GREEK SMALL LETTER ETA WITH OXIA;Ll;0;L;03AE;;;;N;;;1FCB;;1FCB +1F76;GREEK SMALL LETTER IOTA WITH VARIA;Ll;0;L;03B9 0300;;;;N;;;1FDA;;1FDA +1F77;GREEK SMALL LETTER IOTA WITH OXIA;Ll;0;L;03AF;;;;N;;;1FDB;;1FDB +1F78;GREEK SMALL LETTER OMICRON WITH VARIA;Ll;0;L;03BF 0300;;;;N;;;1FF8;;1FF8 +1F79;GREEK SMALL LETTER OMICRON WITH OXIA;Ll;0;L;03CC;;;;N;;;1FF9;;1FF9 +1F7A;GREEK SMALL LETTER UPSILON WITH VARIA;Ll;0;L;03C5 0300;;;;N;;;1FEA;;1FEA +1F7B;GREEK SMALL LETTER UPSILON WITH OXIA;Ll;0;L;03CD;;;;N;;;1FEB;;1FEB +1F7C;GREEK SMALL LETTER OMEGA WITH VARIA;Ll;0;L;03C9 0300;;;;N;;;1FFA;;1FFA +1F7D;GREEK SMALL LETTER OMEGA WITH OXIA;Ll;0;L;03CE;;;;N;;;1FFB;;1FFB +1F80;GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI;Ll;0;L;1F00 0345;;;;N;;;1F88;;1F88 +1F81;GREEK SMALL LETTER ALPHA WITH DASIA AND YPOGEGRAMMENI;Ll;0;L;1F01 0345;;;;N;;;1F89;;1F89 +1F82;GREEK SMALL LETTER ALPHA WITH PSILI AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F02 0345;;;;N;;;1F8A;;1F8A +1F83;GREEK SMALL LETTER ALPHA WITH DASIA AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F03 0345;;;;N;;;1F8B;;1F8B +1F84;GREEK SMALL LETTER ALPHA WITH PSILI AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F04 0345;;;;N;;;1F8C;;1F8C +1F85;GREEK SMALL LETTER ALPHA WITH DASIA AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F05 0345;;;;N;;;1F8D;;1F8D +1F86;GREEK SMALL LETTER ALPHA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F06 0345;;;;N;;;1F8E;;1F8E +1F87;GREEK SMALL LETTER ALPHA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F07 0345;;;;N;;;1F8F;;1F8F +1F88;GREEK CAPITAL LETTER ALPHA WITH PSILI AND PROSGEGRAMMENI;Lt;0;L;1F08 0345;;;;N;;;;1F80; +1F89;GREEK CAPITAL LETTER ALPHA WITH DASIA AND PROSGEGRAMMENI;Lt;0;L;1F09 0345;;;;N;;;;1F81; +1F8A;GREEK CAPITAL LETTER ALPHA WITH PSILI AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F0A 0345;;;;N;;;;1F82; +1F8B;GREEK CAPITAL LETTER ALPHA WITH DASIA AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F0B 0345;;;;N;;;;1F83; +1F8C;GREEK CAPITAL LETTER ALPHA WITH PSILI AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F0C 0345;;;;N;;;;1F84; +1F8D;GREEK CAPITAL LETTER ALPHA WITH DASIA AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F0D 0345;;;;N;;;;1F85; +1F8E;GREEK CAPITAL LETTER ALPHA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F0E 0345;;;;N;;;;1F86; +1F8F;GREEK CAPITAL LETTER ALPHA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F0F 0345;;;;N;;;;1F87; +1F90;GREEK SMALL LETTER ETA WITH PSILI AND YPOGEGRAMMENI;Ll;0;L;1F20 0345;;;;N;;;1F98;;1F98 +1F91;GREEK SMALL LETTER ETA WITH DASIA AND YPOGEGRAMMENI;Ll;0;L;1F21 0345;;;;N;;;1F99;;1F99 +1F92;GREEK SMALL LETTER ETA WITH PSILI AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F22 0345;;;;N;;;1F9A;;1F9A +1F93;GREEK SMALL LETTER ETA WITH DASIA AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F23 0345;;;;N;;;1F9B;;1F9B +1F94;GREEK SMALL LETTER ETA WITH PSILI AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F24 0345;;;;N;;;1F9C;;1F9C +1F95;GREEK SMALL LETTER ETA WITH DASIA AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F25 0345;;;;N;;;1F9D;;1F9D +1F96;GREEK SMALL LETTER ETA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F26 0345;;;;N;;;1F9E;;1F9E +1F97;GREEK SMALL LETTER ETA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F27 0345;;;;N;;;1F9F;;1F9F +1F98;GREEK CAPITAL LETTER ETA WITH PSILI AND PROSGEGRAMMENI;Lt;0;L;1F28 0345;;;;N;;;;1F90; +1F99;GREEK CAPITAL LETTER ETA WITH DASIA AND PROSGEGRAMMENI;Lt;0;L;1F29 0345;;;;N;;;;1F91; +1F9A;GREEK CAPITAL LETTER ETA WITH PSILI AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F2A 0345;;;;N;;;;1F92; +1F9B;GREEK CAPITAL LETTER ETA WITH DASIA AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F2B 0345;;;;N;;;;1F93; +1F9C;GREEK CAPITAL LETTER ETA WITH PSILI AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F2C 0345;;;;N;;;;1F94; +1F9D;GREEK CAPITAL LETTER ETA WITH DASIA AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F2D 0345;;;;N;;;;1F95; +1F9E;GREEK CAPITAL LETTER ETA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F2E 0345;;;;N;;;;1F96; +1F9F;GREEK CAPITAL LETTER ETA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F2F 0345;;;;N;;;;1F97; +1FA0;GREEK SMALL LETTER OMEGA WITH PSILI AND YPOGEGRAMMENI;Ll;0;L;1F60 0345;;;;N;;;1FA8;;1FA8 +1FA1;GREEK SMALL LETTER OMEGA WITH DASIA AND YPOGEGRAMMENI;Ll;0;L;1F61 0345;;;;N;;;1FA9;;1FA9 +1FA2;GREEK SMALL LETTER OMEGA WITH PSILI AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F62 0345;;;;N;;;1FAA;;1FAA +1FA3;GREEK SMALL LETTER OMEGA WITH DASIA AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F63 0345;;;;N;;;1FAB;;1FAB +1FA4;GREEK SMALL LETTER OMEGA WITH PSILI AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F64 0345;;;;N;;;1FAC;;1FAC +1FA5;GREEK SMALL LETTER OMEGA WITH DASIA AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F65 0345;;;;N;;;1FAD;;1FAD +1FA6;GREEK SMALL LETTER OMEGA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F66 0345;;;;N;;;1FAE;;1FAE +1FA7;GREEK SMALL LETTER OMEGA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F67 0345;;;;N;;;1FAF;;1FAF +1FA8;GREEK CAPITAL LETTER OMEGA WITH PSILI AND PROSGEGRAMMENI;Lt;0;L;1F68 0345;;;;N;;;;1FA0; +1FA9;GREEK CAPITAL LETTER OMEGA WITH DASIA AND PROSGEGRAMMENI;Lt;0;L;1F69 0345;;;;N;;;;1FA1; +1FAA;GREEK CAPITAL LETTER OMEGA WITH PSILI AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F6A 0345;;;;N;;;;1FA2; +1FAB;GREEK CAPITAL LETTER OMEGA WITH DASIA AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F6B 0345;;;;N;;;;1FA3; +1FAC;GREEK CAPITAL LETTER OMEGA WITH PSILI AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F6C 0345;;;;N;;;;1FA4; +1FAD;GREEK CAPITAL LETTER OMEGA WITH DASIA AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F6D 0345;;;;N;;;;1FA5; +1FAE;GREEK CAPITAL LETTER OMEGA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F6E 0345;;;;N;;;;1FA6; +1FAF;GREEK CAPITAL LETTER OMEGA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F6F 0345;;;;N;;;;1FA7; +1FB0;GREEK SMALL LETTER ALPHA WITH VRACHY;Ll;0;L;03B1 0306;;;;N;;;1FB8;;1FB8 +1FB1;GREEK SMALL LETTER ALPHA WITH MACRON;Ll;0;L;03B1 0304;;;;N;;;1FB9;;1FB9 +1FB2;GREEK SMALL LETTER ALPHA WITH VARIA AND YPOGEGRAMMENI;Ll;0;L;1F70 0345;;;;N;;;;; +1FB3;GREEK SMALL LETTER ALPHA WITH YPOGEGRAMMENI;Ll;0;L;03B1 0345;;;;N;;;1FBC;;1FBC +1FB4;GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI;Ll;0;L;03AC 0345;;;;N;;;;; +1FB6;GREEK SMALL LETTER ALPHA WITH PERISPOMENI;Ll;0;L;03B1 0342;;;;N;;;;; +1FB7;GREEK SMALL LETTER ALPHA WITH PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1FB6 0345;;;;N;;;;; +1FB8;GREEK CAPITAL LETTER ALPHA WITH VRACHY;Lu;0;L;0391 0306;;;;N;;;;1FB0; +1FB9;GREEK CAPITAL LETTER ALPHA WITH MACRON;Lu;0;L;0391 0304;;;;N;;;;1FB1; +1FBA;GREEK CAPITAL LETTER ALPHA WITH VARIA;Lu;0;L;0391 0300;;;;N;;;;1F70; +1FBB;GREEK CAPITAL LETTER ALPHA WITH OXIA;Lu;0;L;0386;;;;N;;;;1F71; +1FBC;GREEK CAPITAL LETTER ALPHA WITH PROSGEGRAMMENI;Lt;0;L;0391 0345;;;;N;;;;1FB3; +1FBD;GREEK KORONIS;Sk;0;ON; 0020 0313;;;;N;;;;; +1FBE;GREEK PROSGEGRAMMENI;Ll;0;L;03B9;;;;N;;;0399;;0399 +1FBF;GREEK PSILI;Sk;0;ON; 0020 0313;;;;N;;;;; +1FC0;GREEK PERISPOMENI;Sk;0;ON; 0020 0342;;;;N;;;;; +1FC1;GREEK DIALYTIKA AND PERISPOMENI;Sk;0;ON;00A8 0342;;;;N;;;;; +1FC2;GREEK SMALL LETTER ETA WITH VARIA AND YPOGEGRAMMENI;Ll;0;L;1F74 0345;;;;N;;;;; +1FC3;GREEK SMALL LETTER ETA WITH YPOGEGRAMMENI;Ll;0;L;03B7 0345;;;;N;;;1FCC;;1FCC +1FC4;GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI;Ll;0;L;03AE 0345;;;;N;;;;; +1FC6;GREEK SMALL LETTER ETA WITH PERISPOMENI;Ll;0;L;03B7 0342;;;;N;;;;; +1FC7;GREEK SMALL LETTER ETA WITH PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1FC6 0345;;;;N;;;;; +1FC8;GREEK CAPITAL LETTER EPSILON WITH VARIA;Lu;0;L;0395 0300;;;;N;;;;1F72; +1FC9;GREEK CAPITAL LETTER EPSILON WITH OXIA;Lu;0;L;0388;;;;N;;;;1F73; +1FCA;GREEK CAPITAL LETTER ETA WITH VARIA;Lu;0;L;0397 0300;;;;N;;;;1F74; +1FCB;GREEK CAPITAL LETTER ETA WITH OXIA;Lu;0;L;0389;;;;N;;;;1F75; +1FCC;GREEK CAPITAL LETTER ETA WITH PROSGEGRAMMENI;Lt;0;L;0397 0345;;;;N;;;;1FC3; +1FCD;GREEK PSILI AND VARIA;Sk;0;ON;1FBF 0300;;;;N;;;;; +1FCE;GREEK PSILI AND OXIA;Sk;0;ON;1FBF 0301;;;;N;;;;; +1FCF;GREEK PSILI AND PERISPOMENI;Sk;0;ON;1FBF 0342;;;;N;;;;; +1FD0;GREEK SMALL LETTER IOTA WITH VRACHY;Ll;0;L;03B9 0306;;;;N;;;1FD8;;1FD8 +1FD1;GREEK SMALL LETTER IOTA WITH MACRON;Ll;0;L;03B9 0304;;;;N;;;1FD9;;1FD9 +1FD2;GREEK SMALL LETTER IOTA WITH DIALYTIKA AND VARIA;Ll;0;L;03CA 0300;;;;N;;;;; +1FD3;GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA;Ll;0;L;0390;;;;N;;;;; +1FD6;GREEK SMALL LETTER IOTA WITH PERISPOMENI;Ll;0;L;03B9 0342;;;;N;;;;; +1FD7;GREEK SMALL LETTER IOTA WITH DIALYTIKA AND PERISPOMENI;Ll;0;L;03CA 0342;;;;N;;;;; +1FD8;GREEK CAPITAL LETTER IOTA WITH VRACHY;Lu;0;L;0399 0306;;;;N;;;;1FD0; +1FD9;GREEK CAPITAL LETTER IOTA WITH MACRON;Lu;0;L;0399 0304;;;;N;;;;1FD1; +1FDA;GREEK CAPITAL LETTER IOTA WITH VARIA;Lu;0;L;0399 0300;;;;N;;;;1F76; +1FDB;GREEK CAPITAL LETTER IOTA WITH OXIA;Lu;0;L;038A;;;;N;;;;1F77; +1FDD;GREEK DASIA AND VARIA;Sk;0;ON;1FFE 0300;;;;N;;;;; +1FDE;GREEK DASIA AND OXIA;Sk;0;ON;1FFE 0301;;;;N;;;;; +1FDF;GREEK DASIA AND PERISPOMENI;Sk;0;ON;1FFE 0342;;;;N;;;;; +1FE0;GREEK SMALL LETTER UPSILON WITH VRACHY;Ll;0;L;03C5 0306;;;;N;;;1FE8;;1FE8 +1FE1;GREEK SMALL LETTER UPSILON WITH MACRON;Ll;0;L;03C5 0304;;;;N;;;1FE9;;1FE9 +1FE2;GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND VARIA;Ll;0;L;03CB 0300;;;;N;;;;; +1FE3;GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND OXIA;Ll;0;L;03B0;;;;N;;;;; +1FE4;GREEK SMALL LETTER RHO WITH PSILI;Ll;0;L;03C1 0313;;;;N;;;;; +1FE5;GREEK SMALL LETTER RHO WITH DASIA;Ll;0;L;03C1 0314;;;;N;;;1FEC;;1FEC +1FE6;GREEK SMALL LETTER UPSILON WITH PERISPOMENI;Ll;0;L;03C5 0342;;;;N;;;;; +1FE7;GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND PERISPOMENI;Ll;0;L;03CB 0342;;;;N;;;;; +1FE8;GREEK CAPITAL LETTER UPSILON WITH VRACHY;Lu;0;L;03A5 0306;;;;N;;;;1FE0; +1FE9;GREEK CAPITAL LETTER UPSILON WITH MACRON;Lu;0;L;03A5 0304;;;;N;;;;1FE1; +1FEA;GREEK CAPITAL LETTER UPSILON WITH VARIA;Lu;0;L;03A5 0300;;;;N;;;;1F7A; +1FEB;GREEK CAPITAL LETTER UPSILON WITH OXIA;Lu;0;L;038E;;;;N;;;;1F7B; +1FEC;GREEK CAPITAL LETTER RHO WITH DASIA;Lu;0;L;03A1 0314;;;;N;;;;1FE5; +1FED;GREEK DIALYTIKA AND VARIA;Sk;0;ON;00A8 0300;;;;N;;;;; +1FEE;GREEK DIALYTIKA AND OXIA;Sk;0;ON;0385;;;;N;;;;; +1FEF;GREEK VARIA;Sk;0;ON;0060;;;;N;;;;; +1FF2;GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI;Ll;0;L;1F7C 0345;;;;N;;;;; +1FF3;GREEK SMALL LETTER OMEGA WITH YPOGEGRAMMENI;Ll;0;L;03C9 0345;;;;N;;;1FFC;;1FFC +1FF4;GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI;Ll;0;L;03CE 0345;;;;N;;;;; +1FF6;GREEK SMALL LETTER OMEGA WITH PERISPOMENI;Ll;0;L;03C9 0342;;;;N;;;;; +1FF7;GREEK SMALL LETTER OMEGA WITH PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1FF6 0345;;;;N;;;;; +1FF8;GREEK CAPITAL LETTER OMICRON WITH VARIA;Lu;0;L;039F 0300;;;;N;;;;1F78; +1FF9;GREEK CAPITAL LETTER OMICRON WITH OXIA;Lu;0;L;038C;;;;N;;;;1F79; +1FFA;GREEK CAPITAL LETTER OMEGA WITH VARIA;Lu;0;L;03A9 0300;;;;N;;;;1F7C; +1FFB;GREEK CAPITAL LETTER OMEGA WITH OXIA;Lu;0;L;038F;;;;N;;;;1F7D; +1FFC;GREEK CAPITAL LETTER OMEGA WITH PROSGEGRAMMENI;Lt;0;L;03A9 0345;;;;N;;;;1FF3; +1FFD;GREEK OXIA;Sk;0;ON;00B4;;;;N;;;;; +1FFE;GREEK DASIA;Sk;0;ON; 0020 0314;;;;N;;;;; +2000;EN QUAD;Zs;0;WS;2002;;;;N;;;;; +2001;EM QUAD;Zs;0;WS;2003;;;;N;;;;; +2002;EN SPACE;Zs;0;WS; 0020;;;;N;;;;; +2003;EM SPACE;Zs;0;WS; 0020;;;;N;;;;; +2004;THREE-PER-EM SPACE;Zs;0;WS; 0020;;;;N;;;;; +2005;FOUR-PER-EM SPACE;Zs;0;WS; 0020;;;;N;;;;; +2006;SIX-PER-EM SPACE;Zs;0;WS; 0020;;;;N;;;;; +2007;FIGURE SPACE;Zs;0;WS; 0020;;;;N;;;;; +2008;PUNCTUATION SPACE;Zs;0;WS; 0020;;;;N;;;;; +2009;THIN SPACE;Zs;0;WS; 0020;;;;N;;;;; +200A;HAIR SPACE;Zs;0;WS; 0020;;;;N;;;;; +200B;ZERO WIDTH SPACE;Cf;0;BN;;;;;N;;;;; +200C;ZERO WIDTH NON-JOINER;Cf;0;BN;;;;;N;;;;; +200D;ZERO WIDTH JOINER;Cf;0;BN;;;;;N;;;;; +200E;LEFT-TO-RIGHT MARK;Cf;0;L;;;;;N;;;;; +200F;RIGHT-TO-LEFT MARK;Cf;0;R;;;;;N;;;;; +2010;HYPHEN;Pd;0;ON;;;;;N;;;;; +2011;NON-BREAKING HYPHEN;Pd;0;ON; 2010;;;;N;;;;; +2012;FIGURE DASH;Pd;0;ON;;;;;N;;;;; +2013;EN DASH;Pd;0;ON;;;;;N;;;;; +2014;EM DASH;Pd;0;ON;;;;;N;;;;; +2015;HORIZONTAL BAR;Pd;0;ON;;;;;N;QUOTATION DASH;;;; +2016;DOUBLE VERTICAL LINE;Po;0;ON;;;;;N;DOUBLE VERTICAL BAR;;;; +2017;DOUBLE LOW LINE;Po;0;ON; 0020 0333;;;;N;SPACING DOUBLE UNDERSCORE;;;; +2018;LEFT SINGLE QUOTATION MARK;Pi;0;ON;;;;;N;SINGLE TURNED COMMA QUOTATION MARK;;;; +2019;RIGHT SINGLE QUOTATION MARK;Pf;0;ON;;;;;N;SINGLE COMMA QUOTATION MARK;;;; +201A;SINGLE LOW-9 QUOTATION MARK;Ps;0;ON;;;;;N;LOW SINGLE COMMA QUOTATION MARK;;;; +201B;SINGLE HIGH-REVERSED-9 QUOTATION MARK;Pi;0;ON;;;;;N;SINGLE REVERSED COMMA QUOTATION MARK;;;; +201C;LEFT DOUBLE QUOTATION MARK;Pi;0;ON;;;;;N;DOUBLE TURNED COMMA QUOTATION MARK;;;; +201D;RIGHT DOUBLE QUOTATION MARK;Pf;0;ON;;;;;N;DOUBLE COMMA QUOTATION MARK;;;; +201E;DOUBLE LOW-9 QUOTATION MARK;Ps;0;ON;;;;;N;LOW DOUBLE COMMA QUOTATION MARK;;;; +201F;DOUBLE HIGH-REVERSED-9 QUOTATION MARK;Pi;0;ON;;;;;N;DOUBLE REVERSED COMMA QUOTATION MARK;;;; +2020;DAGGER;Po;0;ON;;;;;N;;;;; +2021;DOUBLE DAGGER;Po;0;ON;;;;;N;;;;; +2022;BULLET;Po;0;ON;;;;;N;;;;; +2023;TRIANGULAR BULLET;Po;0;ON;;;;;N;;;;; +2024;ONE DOT LEADER;Po;0;ON; 002E;;;;N;;;;; +2025;TWO DOT LEADER;Po;0;ON; 002E 002E;;;;N;;;;; +2026;HORIZONTAL ELLIPSIS;Po;0;ON; 002E 002E 002E;;;;N;;;;; +2027;HYPHENATION POINT;Po;0;ON;;;;;N;;;;; +2028;LINE SEPARATOR;Zl;0;WS;;;;;N;;;;; +2029;PARAGRAPH SEPARATOR;Zp;0;B;;;;;N;;;;; +202A;LEFT-TO-RIGHT EMBEDDING;Cf;0;LRE;;;;;N;;;;; +202B;RIGHT-TO-LEFT EMBEDDING;Cf;0;RLE;;;;;N;;;;; +202C;POP DIRECTIONAL FORMATTING;Cf;0;PDF;;;;;N;;;;; +202D;LEFT-TO-RIGHT OVERRIDE;Cf;0;LRO;;;;;N;;;;; +202E;RIGHT-TO-LEFT OVERRIDE;Cf;0;RLO;;;;;N;;;;; +202F;NARROW NO-BREAK SPACE;Zs;0;WS; 0020;;;;N;;;;; +2030;PER MILLE SIGN;Po;0;ET;;;;;N;;;;; +2031;PER TEN THOUSAND SIGN;Po;0;ET;;;;;N;;;;; +2032;PRIME;Po;0;ET;;;;;N;;;;; +2033;DOUBLE PRIME;Po;0;ET; 2032 2032;;;;N;;;;; +2034;TRIPLE PRIME;Po;0;ET; 2032 2032 2032;;;;N;;;;; +2035;REVERSED PRIME;Po;0;ON;;;;;N;;;;; +2036;REVERSED DOUBLE PRIME;Po;0;ON; 2035 2035;;;;N;;;;; +2037;REVERSED TRIPLE PRIME;Po;0;ON; 2035 2035 2035;;;;N;;;;; +2038;CARET;Po;0;ON;;;;;N;;;;; +2039;SINGLE LEFT-POINTING ANGLE QUOTATION MARK;Pi;0;ON;;;;;Y;LEFT POINTING SINGLE GUILLEMET;;;; +203A;SINGLE RIGHT-POINTING ANGLE QUOTATION MARK;Pf;0;ON;;;;;Y;RIGHT POINTING SINGLE GUILLEMET;;;; +203B;REFERENCE MARK;Po;0;ON;;;;;N;;;;; +203C;DOUBLE EXCLAMATION MARK;Po;0;ON; 0021 0021;;;;N;;;;; +203D;INTERROBANG;Po;0;ON;;;;;N;;;;; +203E;OVERLINE;Po;0;ON; 0020 0305;;;;N;SPACING OVERSCORE;;;; +203F;UNDERTIE;Pc;0;ON;;;;;N;;Enotikon;;; +2040;CHARACTER TIE;Pc;0;ON;;;;;N;;;;; +2041;CARET INSERTION POINT;Po;0;ON;;;;;N;;;;; +2042;ASTERISM;Po;0;ON;;;;;N;;;;; +2043;HYPHEN BULLET;Po;0;ON;;;;;N;;;;; +2044;FRACTION SLASH;Sm;0;CS;;;;;N;;;;; +2045;LEFT SQUARE BRACKET WITH QUILL;Ps;0;ON;;;;;Y;;;;; +2046;RIGHT SQUARE BRACKET WITH QUILL;Pe;0;ON;;;;;Y;;;;; +2047;DOUBLE QUESTION MARK;Po;0;ON; 003F 003F;;;;N;;;;; +2048;QUESTION EXCLAMATION MARK;Po;0;ON; 003F 0021;;;;N;;;;; +2049;EXCLAMATION QUESTION MARK;Po;0;ON; 0021 003F;;;;N;;;;; +204A;TIRONIAN SIGN ET;Po;0;ON;;;;;N;;;;; +204B;REVERSED PILCROW SIGN;Po;0;ON;;;;;N;;;;; +204C;BLACK LEFTWARDS BULLET;Po;0;ON;;;;;N;;;;; +204D;BLACK RIGHTWARDS BULLET;Po;0;ON;;;;;N;;;;; +204E;LOW ASTERISK;Po;0;ON;;;;;N;;;;; +204F;REVERSED SEMICOLON;Po;0;ON;;;;;N;;;;; +2050;CLOSE UP;Po;0;ON;;;;;N;;;;; +2051;TWO ASTERISKS ALIGNED VERTICALLY;Po;0;ON;;;;;N;;;;; +2052;COMMERCIAL MINUS SIGN;Sm;0;ON;;;;;N;;;;; +2053;SWUNG DASH;Po;0;ON;;;;;N;;;;; +2054;INVERTED UNDERTIE;Pc;0;ON;;;;;N;;;;; +2057;QUADRUPLE PRIME;Po;0;ON; 2032 2032 2032 2032;;;;N;;;;; +205F;MEDIUM MATHEMATICAL SPACE;Zs;0;WS; 0020;;;;N;;;;; +2060;WORD JOINER;Cf;0;BN;;;;;N;;;;; +2061;FUNCTION APPLICATION;Cf;0;BN;;;;;N;;;;; +2062;INVISIBLE TIMES;Cf;0;BN;;;;;N;;;;; +2063;INVISIBLE SEPARATOR;Cf;0;BN;;;;;N;;;;; +206A;INHIBIT SYMMETRIC SWAPPING;Cf;0;BN;;;;;N;;;;; +206B;ACTIVATE SYMMETRIC SWAPPING;Cf;0;BN;;;;;N;;;;; +206C;INHIBIT ARABIC FORM SHAPING;Cf;0;BN;;;;;N;;;;; +206D;ACTIVATE ARABIC FORM SHAPING;Cf;0;BN;;;;;N;;;;; +206E;NATIONAL DIGIT SHAPES;Cf;0;BN;;;;;N;;;;; +206F;NOMINAL DIGIT SHAPES;Cf;0;BN;;;;;N;;;;; +2070;SUPERSCRIPT ZERO;No;0;EN; 0030;;0;0;N;SUPERSCRIPT DIGIT ZERO;;;; +2071;SUPERSCRIPT LATIN SMALL LETTER I;Ll;0;L; 0069;;;;N;;;;; +2074;SUPERSCRIPT FOUR;No;0;EN; 0034;;4;4;N;SUPERSCRIPT DIGIT FOUR;;;; +2075;SUPERSCRIPT FIVE;No;0;EN; 0035;;5;5;N;SUPERSCRIPT DIGIT FIVE;;;; +2076;SUPERSCRIPT SIX;No;0;EN; 0036;;6;6;N;SUPERSCRIPT DIGIT SIX;;;; +2077;SUPERSCRIPT SEVEN;No;0;EN; 0037;;7;7;N;SUPERSCRIPT DIGIT SEVEN;;;; +2078;SUPERSCRIPT EIGHT;No;0;EN; 0038;;8;8;N;SUPERSCRIPT DIGIT EIGHT;;;; +2079;SUPERSCRIPT NINE;No;0;EN; 0039;;9;9;N;SUPERSCRIPT DIGIT NINE;;;; +207A;SUPERSCRIPT PLUS SIGN;Sm;0;ET; 002B;;;;N;;;;; +207B;SUPERSCRIPT MINUS;Sm;0;ET; 2212;;;;N;SUPERSCRIPT HYPHEN-MINUS;;;; +207C;SUPERSCRIPT EQUALS SIGN;Sm;0;ON; 003D;;;;N;;;;; +207D;SUPERSCRIPT LEFT PARENTHESIS;Ps;0;ON; 0028;;;;Y;SUPERSCRIPT OPENING PARENTHESIS;;;; +207E;SUPERSCRIPT RIGHT PARENTHESIS;Pe;0;ON; 0029;;;;Y;SUPERSCRIPT CLOSING PARENTHESIS;;;; +207F;SUPERSCRIPT LATIN SMALL LETTER N;Ll;0;L; 006E;;;;N;;;;; +2080;SUBSCRIPT ZERO;No;0;EN; 0030;;0;0;N;SUBSCRIPT DIGIT ZERO;;;; +2081;SUBSCRIPT ONE;No;0;EN; 0031;;1;1;N;SUBSCRIPT DIGIT ONE;;;; +2082;SUBSCRIPT TWO;No;0;EN; 0032;;2;2;N;SUBSCRIPT DIGIT TWO;;;; +2083;SUBSCRIPT THREE;No;0;EN; 0033;;3;3;N;SUBSCRIPT DIGIT THREE;;;; +2084;SUBSCRIPT FOUR;No;0;EN; 0034;;4;4;N;SUBSCRIPT DIGIT FOUR;;;; +2085;SUBSCRIPT FIVE;No;0;EN; 0035;;5;5;N;SUBSCRIPT DIGIT FIVE;;;; +2086;SUBSCRIPT SIX;No;0;EN; 0036;;6;6;N;SUBSCRIPT DIGIT SIX;;;; +2087;SUBSCRIPT SEVEN;No;0;EN; 0037;;7;7;N;SUBSCRIPT DIGIT SEVEN;;;; +2088;SUBSCRIPT EIGHT;No;0;EN; 0038;;8;8;N;SUBSCRIPT DIGIT EIGHT;;;; +2089;SUBSCRIPT NINE;No;0;EN; 0039;;9;9;N;SUBSCRIPT DIGIT NINE;;;; +208A;SUBSCRIPT PLUS SIGN;Sm;0;ET; 002B;;;;N;;;;; +208B;SUBSCRIPT MINUS;Sm;0;ET; 2212;;;;N;SUBSCRIPT HYPHEN-MINUS;;;; +208C;SUBSCRIPT EQUALS SIGN;Sm;0;ON; 003D;;;;N;;;;; +208D;SUBSCRIPT LEFT PARENTHESIS;Ps;0;ON; 0028;;;;Y;SUBSCRIPT OPENING PARENTHESIS;;;; +208E;SUBSCRIPT RIGHT PARENTHESIS;Pe;0;ON; 0029;;;;Y;SUBSCRIPT CLOSING PARENTHESIS;;;; +20A0;EURO-CURRENCY SIGN;Sc;0;ET;;;;;N;;;;; +20A1;COLON SIGN;Sc;0;ET;;;;;N;;;;; +20A2;CRUZEIRO SIGN;Sc;0;ET;;;;;N;;;;; +20A3;FRENCH FRANC SIGN;Sc;0;ET;;;;;N;;;;; +20A4;LIRA SIGN;Sc;0;ET;;;;;N;;;;; +20A5;MILL SIGN;Sc;0;ET;;;;;N;;;;; +20A6;NAIRA SIGN;Sc;0;ET;;;;;N;;;;; +20A7;PESETA SIGN;Sc;0;ET;;;;;N;;;;; +20A8;RUPEE SIGN;Sc;0;ET; 0052 0073;;;;N;;;;; +20A9;WON SIGN;Sc;0;ET;;;;;N;;;;; +20AA;NEW SHEQEL SIGN;Sc;0;ET;;;;;N;;;;; +20AB;DONG SIGN;Sc;0;ET;;;;;N;;;;; +20AC;EURO SIGN;Sc;0;ET;;;;;N;;;;; +20AD;KIP SIGN;Sc;0;ET;;;;;N;;;;; +20AE;TUGRIK SIGN;Sc;0;ET;;;;;N;;;;; +20AF;DRACHMA SIGN;Sc;0;ET;;;;;N;;;;; +20B0;GERMAN PENNY SIGN;Sc;0;ET;;;;;N;;;;; +20B1;PESO SIGN;Sc;0;ET;;;;;N;;;;; +20D0;COMBINING LEFT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT HARPOON ABOVE;;;; +20D1;COMBINING RIGHT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RIGHT HARPOON ABOVE;;;; +20D2;COMBINING LONG VERTICAL LINE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG VERTICAL BAR OVERLAY;;;; +20D3;COMBINING SHORT VERTICAL LINE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING SHORT VERTICAL BAR OVERLAY;;;; +20D4;COMBINING ANTICLOCKWISE ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING ANTICLOCKWISE ARROW ABOVE;;;; +20D5;COMBINING CLOCKWISE ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING CLOCKWISE ARROW ABOVE;;;; +20D6;COMBINING LEFT ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT ARROW ABOVE;;;; +20D7;COMBINING RIGHT ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RIGHT ARROW ABOVE;;;; +20D8;COMBINING RING OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING RING OVERLAY;;;; +20D9;COMBINING CLOCKWISE RING OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING CLOCKWISE RING OVERLAY;;;; +20DA;COMBINING ANTICLOCKWISE RING OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING ANTICLOCKWISE RING OVERLAY;;;; +20DB;COMBINING THREE DOTS ABOVE;Mn;230;NSM;;;;;N;NON-SPACING THREE DOTS ABOVE;;;; +20DC;COMBINING FOUR DOTS ABOVE;Mn;230;NSM;;;;;N;NON-SPACING FOUR DOTS ABOVE;;;; +20DD;COMBINING ENCLOSING CIRCLE;Me;0;NSM;;;;;N;ENCLOSING CIRCLE;;;; +20DE;COMBINING ENCLOSING SQUARE;Me;0;NSM;;;;;N;ENCLOSING SQUARE;;;; +20DF;COMBINING ENCLOSING DIAMOND;Me;0;NSM;;;;;N;ENCLOSING DIAMOND;;;; +20E0;COMBINING ENCLOSING CIRCLE BACKSLASH;Me;0;NSM;;;;;N;ENCLOSING CIRCLE SLASH;;;; +20E1;COMBINING LEFT RIGHT ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT RIGHT ARROW ABOVE;;;; +20E2;COMBINING ENCLOSING SCREEN;Me;0;NSM;;;;;N;;;;; +20E3;COMBINING ENCLOSING KEYCAP;Me;0;NSM;;;;;N;;;;; +20E4;COMBINING ENCLOSING UPWARD POINTING TRIANGLE;Me;0;NSM;;;;;N;;;;; +20E5;COMBINING REVERSE SOLIDUS OVERLAY;Mn;1;NSM;;;;;N;;;;; +20E6;COMBINING DOUBLE VERTICAL STROKE OVERLAY;Mn;1;NSM;;;;;N;;;;; +20E7;COMBINING ANNUITY SYMBOL;Mn;230;NSM;;;;;N;;;;; +20E8;COMBINING TRIPLE UNDERDOT;Mn;220;NSM;;;;;N;;;;; +20E9;COMBINING WIDE BRIDGE ABOVE;Mn;230;NSM;;;;;N;;;;; +20EA;COMBINING LEFTWARDS ARROW OVERLAY;Mn;1;NSM;;;;;N;;;;; +2100;ACCOUNT OF;So;0;ON; 0061 002F 0063;;;;N;;;;; +2101;ADDRESSED TO THE SUBJECT;So;0;ON; 0061 002F 0073;;;;N;;;;; +2102;DOUBLE-STRUCK CAPITAL C;Lu;0;L; 0043;;;;N;DOUBLE-STRUCK C;;;; +2103;DEGREE CELSIUS;So;0;ON; 00B0 0043;;;;N;DEGREES CENTIGRADE;;;; +2104;CENTRE LINE SYMBOL;So;0;ON;;;;;N;C L SYMBOL;;;; +2105;CARE OF;So;0;ON; 0063 002F 006F;;;;N;;;;; +2106;CADA UNA;So;0;ON; 0063 002F 0075;;;;N;;;;; +2107;EULER CONSTANT;Lu;0;L; 0190;;;;N;EULERS;;;; +2108;SCRUPLE;So;0;ON;;;;;N;;;;; +2109;DEGREE FAHRENHEIT;So;0;ON; 00B0 0046;;;;N;DEGREES FAHRENHEIT;;;; +210A;SCRIPT SMALL G;Ll;0;L; 0067;;;;N;;;;; +210B;SCRIPT CAPITAL H;Lu;0;L; 0048;;;;N;SCRIPT H;;;; +210C;BLACK-LETTER CAPITAL H;Lu;0;L; 0048;;;;N;BLACK-LETTER H;;;; +210D;DOUBLE-STRUCK CAPITAL H;Lu;0;L; 0048;;;;N;DOUBLE-STRUCK H;;;; +210E;PLANCK CONSTANT;Ll;0;L; 0068;;;;N;;;;; +210F;PLANCK CONSTANT OVER TWO PI;Ll;0;L; 0127;;;;N;PLANCK CONSTANT OVER 2 PI;;;; +2110;SCRIPT CAPITAL I;Lu;0;L; 0049;;;;N;SCRIPT I;;;; +2111;BLACK-LETTER CAPITAL I;Lu;0;L; 0049;;;;N;BLACK-LETTER I;;;; +2112;SCRIPT CAPITAL L;Lu;0;L; 004C;;;;N;SCRIPT L;;;; +2113;SCRIPT SMALL L;Ll;0;L; 006C;;;;N;;;;; +2114;L B BAR SYMBOL;So;0;ON;;;;;N;;;;; +2115;DOUBLE-STRUCK CAPITAL N;Lu;0;L; 004E;;;;N;DOUBLE-STRUCK N;;;; +2116;NUMERO SIGN;So;0;ON; 004E 006F;;;;N;NUMERO;;;; +2117;SOUND RECORDING COPYRIGHT;So;0;ON;;;;;N;;;;; +2118;SCRIPT CAPITAL P;So;0;ON;;;;;N;SCRIPT P;;;; +2119;DOUBLE-STRUCK CAPITAL P;Lu;0;L; 0050;;;;N;DOUBLE-STRUCK P;;;; +211A;DOUBLE-STRUCK CAPITAL Q;Lu;0;L; 0051;;;;N;DOUBLE-STRUCK Q;;;; +211B;SCRIPT CAPITAL R;Lu;0;L; 0052;;;;N;SCRIPT R;;;; +211C;BLACK-LETTER CAPITAL R;Lu;0;L; 0052;;;;N;BLACK-LETTER R;;;; +211D;DOUBLE-STRUCK CAPITAL R;Lu;0;L; 0052;;;;N;DOUBLE-STRUCK R;;;; +211E;PRESCRIPTION TAKE;So;0;ON;;;;;N;;;;; +211F;RESPONSE;So;0;ON;;;;;N;;;;; +2120;SERVICE MARK;So;0;ON; 0053 004D;;;;N;;;;; +2121;TELEPHONE SIGN;So;0;ON; 0054 0045 004C;;;;N;T E L SYMBOL;;;; +2122;TRADE MARK SIGN;So;0;ON; 0054 004D;;;;N;TRADEMARK;;;; +2123;VERSICLE;So;0;ON;;;;;N;;;;; +2124;DOUBLE-STRUCK CAPITAL Z;Lu;0;L; 005A;;;;N;DOUBLE-STRUCK Z;;;; +2125;OUNCE SIGN;So;0;ON;;;;;N;OUNCE;;;; +2126;OHM SIGN;Lu;0;L;03A9;;;;N;OHM;;;03C9; +2127;INVERTED OHM SIGN;So;0;ON;;;;;N;MHO;;;; +2128;BLACK-LETTER CAPITAL Z;Lu;0;L; 005A;;;;N;BLACK-LETTER Z;;;; +2129;TURNED GREEK SMALL LETTER IOTA;So;0;ON;;;;;N;;;;; +212A;KELVIN SIGN;Lu;0;L;004B;;;;N;DEGREES KELVIN;;;006B; +212B;ANGSTROM SIGN;Lu;0;L;00C5;;;;N;ANGSTROM UNIT;;;00E5; +212C;SCRIPT CAPITAL B;Lu;0;L; 0042;;;;N;SCRIPT B;;;; +212D;BLACK-LETTER CAPITAL C;Lu;0;L; 0043;;;;N;BLACK-LETTER C;;;; +212E;ESTIMATED SYMBOL;So;0;ET;;;;;N;;;;; +212F;SCRIPT SMALL E;Ll;0;L; 0065;;;;N;;;;; +2130;SCRIPT CAPITAL E;Lu;0;L; 0045;;;;N;SCRIPT E;;;; +2131;SCRIPT CAPITAL F;Lu;0;L; 0046;;;;N;SCRIPT F;;;; +2132;TURNED CAPITAL F;So;0;ON;;;;;N;TURNED F;;;; +2133;SCRIPT CAPITAL M;Lu;0;L; 004D;;;;N;SCRIPT M;;;; +2134;SCRIPT SMALL O;Ll;0;L; 006F;;;;N;;;;; +2135;ALEF SYMBOL;Lo;0;L; 05D0;;;;N;FIRST TRANSFINITE CARDINAL;;;; +2136;BET SYMBOL;Lo;0;L; 05D1;;;;N;SECOND TRANSFINITE CARDINAL;;;; +2137;GIMEL SYMBOL;Lo;0;L; 05D2;;;;N;THIRD TRANSFINITE CARDINAL;;;; +2138;DALET SYMBOL;Lo;0;L; 05D3;;;;N;FOURTH TRANSFINITE CARDINAL;;;; +2139;INFORMATION SOURCE;Ll;0;L; 0069;;;;N;;;;; +213A;ROTATED CAPITAL Q;So;0;ON;;;;;N;;;;; +213B;FACSIMILE SIGN;So;0;ON; 0046 0041 0058;;;;N;;;;; +213D;DOUBLE-STRUCK SMALL GAMMA;Ll;0;L; 03B3;;;;N;;;;; +213E;DOUBLE-STRUCK CAPITAL GAMMA;Lu;0;L; 0393;;;;N;;;;; +213F;DOUBLE-STRUCK CAPITAL PI;Lu;0;L; 03A0;;;;N;;;;; +2140;DOUBLE-STRUCK N-ARY SUMMATION;Sm;0;ON; 2211;;;;Y;;;;; +2141;TURNED SANS-SERIF CAPITAL G;Sm;0;ON;;;;;N;;;;; +2142;TURNED SANS-SERIF CAPITAL L;Sm;0;ON;;;;;N;;;;; +2143;REVERSED SANS-SERIF CAPITAL L;Sm;0;ON;;;;;N;;;;; +2144;TURNED SANS-SERIF CAPITAL Y;Sm;0;ON;;;;;N;;;;; +2145;DOUBLE-STRUCK ITALIC CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +2146;DOUBLE-STRUCK ITALIC SMALL D;Ll;0;L; 0064;;;;N;;;;; +2147;DOUBLE-STRUCK ITALIC SMALL E;Ll;0;L; 0065;;;;N;;;;; +2148;DOUBLE-STRUCK ITALIC SMALL I;Ll;0;L; 0069;;;;N;;;;; +2149;DOUBLE-STRUCK ITALIC SMALL J;Ll;0;L; 006A;;;;N;;;;; +214A;PROPERTY LINE;So;0;ON;;;;;N;;;;; +214B;TURNED AMPERSAND;Sm;0;ON;;;;;N;;;;; +2153;VULGAR FRACTION ONE THIRD;No;0;ON; 0031 2044 0033;;;1/3;N;FRACTION ONE THIRD;;;; +2154;VULGAR FRACTION TWO THIRDS;No;0;ON; 0032 2044 0033;;;2/3;N;FRACTION TWO THIRDS;;;; +2155;VULGAR FRACTION ONE FIFTH;No;0;ON; 0031 2044 0035;;;1/5;N;FRACTION ONE FIFTH;;;; +2156;VULGAR FRACTION TWO FIFTHS;No;0;ON; 0032 2044 0035;;;2/5;N;FRACTION TWO FIFTHS;;;; +2157;VULGAR FRACTION THREE FIFTHS;No;0;ON; 0033 2044 0035;;;3/5;N;FRACTION THREE FIFTHS;;;; +2158;VULGAR FRACTION FOUR FIFTHS;No;0;ON; 0034 2044 0035;;;4/5;N;FRACTION FOUR FIFTHS;;;; +2159;VULGAR FRACTION ONE SIXTH;No;0;ON; 0031 2044 0036;;;1/6;N;FRACTION ONE SIXTH;;;; +215A;VULGAR FRACTION FIVE SIXTHS;No;0;ON; 0035 2044 0036;;;5/6;N;FRACTION FIVE SIXTHS;;;; +215B;VULGAR FRACTION ONE EIGHTH;No;0;ON; 0031 2044 0038;;;1/8;N;FRACTION ONE EIGHTH;;;; +215C;VULGAR FRACTION THREE EIGHTHS;No;0;ON; 0033 2044 0038;;;3/8;N;FRACTION THREE EIGHTHS;;;; +215D;VULGAR FRACTION FIVE EIGHTHS;No;0;ON; 0035 2044 0038;;;5/8;N;FRACTION FIVE EIGHTHS;;;; +215E;VULGAR FRACTION SEVEN EIGHTHS;No;0;ON; 0037 2044 0038;;;7/8;N;FRACTION SEVEN EIGHTHS;;;; +215F;FRACTION NUMERATOR ONE;No;0;ON; 0031 2044;;;1;N;;;;; +2160;ROMAN NUMERAL ONE;Nl;0;L; 0049;;;1;N;;;;2170; +2161;ROMAN NUMERAL TWO;Nl;0;L; 0049 0049;;;2;N;;;;2171; +2162;ROMAN NUMERAL THREE;Nl;0;L; 0049 0049 0049;;;3;N;;;;2172; +2163;ROMAN NUMERAL FOUR;Nl;0;L; 0049 0056;;;4;N;;;;2173; +2164;ROMAN NUMERAL FIVE;Nl;0;L; 0056;;;5;N;;;;2174; +2165;ROMAN NUMERAL SIX;Nl;0;L; 0056 0049;;;6;N;;;;2175; +2166;ROMAN NUMERAL SEVEN;Nl;0;L; 0056 0049 0049;;;7;N;;;;2176; +2167;ROMAN NUMERAL EIGHT;Nl;0;L; 0056 0049 0049 0049;;;8;N;;;;2177; +2168;ROMAN NUMERAL NINE;Nl;0;L; 0049 0058;;;9;N;;;;2178; +2169;ROMAN NUMERAL TEN;Nl;0;L; 0058;;;10;N;;;;2179; +216A;ROMAN NUMERAL ELEVEN;Nl;0;L; 0058 0049;;;11;N;;;;217A; +216B;ROMAN NUMERAL TWELVE;Nl;0;L; 0058 0049 0049;;;12;N;;;;217B; +216C;ROMAN NUMERAL FIFTY;Nl;0;L; 004C;;;50;N;;;;217C; +216D;ROMAN NUMERAL ONE HUNDRED;Nl;0;L; 0043;;;100;N;;;;217D; +216E;ROMAN NUMERAL FIVE HUNDRED;Nl;0;L; 0044;;;500;N;;;;217E; +216F;ROMAN NUMERAL ONE THOUSAND;Nl;0;L; 004D;;;1000;N;;;;217F; +2170;SMALL ROMAN NUMERAL ONE;Nl;0;L; 0069;;;1;N;;;2160;;2160 +2171;SMALL ROMAN NUMERAL TWO;Nl;0;L; 0069 0069;;;2;N;;;2161;;2161 +2172;SMALL ROMAN NUMERAL THREE;Nl;0;L; 0069 0069 0069;;;3;N;;;2162;;2162 +2173;SMALL ROMAN NUMERAL FOUR;Nl;0;L; 0069 0076;;;4;N;;;2163;;2163 +2174;SMALL ROMAN NUMERAL FIVE;Nl;0;L; 0076;;;5;N;;;2164;;2164 +2175;SMALL ROMAN NUMERAL SIX;Nl;0;L; 0076 0069;;;6;N;;;2165;;2165 +2176;SMALL ROMAN NUMERAL SEVEN;Nl;0;L; 0076 0069 0069;;;7;N;;;2166;;2166 +2177;SMALL ROMAN NUMERAL EIGHT;Nl;0;L; 0076 0069 0069 0069;;;8;N;;;2167;;2167 +2178;SMALL ROMAN NUMERAL NINE;Nl;0;L; 0069 0078;;;9;N;;;2168;;2168 +2179;SMALL ROMAN NUMERAL TEN;Nl;0;L; 0078;;;10;N;;;2169;;2169 +217A;SMALL ROMAN NUMERAL ELEVEN;Nl;0;L; 0078 0069;;;11;N;;;216A;;216A +217B;SMALL ROMAN NUMERAL TWELVE;Nl;0;L; 0078 0069 0069;;;12;N;;;216B;;216B +217C;SMALL ROMAN NUMERAL FIFTY;Nl;0;L; 006C;;;50;N;;;216C;;216C +217D;SMALL ROMAN NUMERAL ONE HUNDRED;Nl;0;L; 0063;;;100;N;;;216D;;216D +217E;SMALL ROMAN NUMERAL FIVE HUNDRED;Nl;0;L; 0064;;;500;N;;;216E;;216E +217F;SMALL ROMAN NUMERAL ONE THOUSAND;Nl;0;L; 006D;;;1000;N;;;216F;;216F +2180;ROMAN NUMERAL ONE THOUSAND C D;Nl;0;L;;;;1000;N;;;;; +2181;ROMAN NUMERAL FIVE THOUSAND;Nl;0;L;;;;5000;N;;;;; +2182;ROMAN NUMERAL TEN THOUSAND;Nl;0;L;;;;10000;N;;;;; +2183;ROMAN NUMERAL REVERSED ONE HUNDRED;Nl;0;L;;;;;N;;;;; +2190;LEFTWARDS ARROW;Sm;0;ON;;;;;N;LEFT ARROW;;;; +2191;UPWARDS ARROW;Sm;0;ON;;;;;N;UP ARROW;;;; +2192;RIGHTWARDS ARROW;Sm;0;ON;;;;;N;RIGHT ARROW;;;; +2193;DOWNWARDS ARROW;Sm;0;ON;;;;;N;DOWN ARROW;;;; +2194;LEFT RIGHT ARROW;Sm;0;ON;;;;;N;;;;; +2195;UP DOWN ARROW;So;0;ON;;;;;N;;;;; +2196;NORTH WEST ARROW;So;0;ON;;;;;N;UPPER LEFT ARROW;;;; +2197;NORTH EAST ARROW;So;0;ON;;;;;N;UPPER RIGHT ARROW;;;; +2198;SOUTH EAST ARROW;So;0;ON;;;;;N;LOWER RIGHT ARROW;;;; +2199;SOUTH WEST ARROW;So;0;ON;;;;;N;LOWER LEFT ARROW;;;; +219A;LEFTWARDS ARROW WITH STROKE;Sm;0;ON;2190 0338;;;;N;LEFT ARROW WITH STROKE;;;; +219B;RIGHTWARDS ARROW WITH STROKE;Sm;0;ON;2192 0338;;;;N;RIGHT ARROW WITH STROKE;;;; +219C;LEFTWARDS WAVE ARROW;So;0;ON;;;;;N;LEFT WAVE ARROW;;;; +219D;RIGHTWARDS WAVE ARROW;So;0;ON;;;;;N;RIGHT WAVE ARROW;;;; +219E;LEFTWARDS TWO HEADED ARROW;So;0;ON;;;;;N;LEFT TWO HEADED ARROW;;;; +219F;UPWARDS TWO HEADED ARROW;So;0;ON;;;;;N;UP TWO HEADED ARROW;;;; +21A0;RIGHTWARDS TWO HEADED ARROW;Sm;0;ON;;;;;N;RIGHT TWO HEADED ARROW;;;; +21A1;DOWNWARDS TWO HEADED ARROW;So;0;ON;;;;;N;DOWN TWO HEADED ARROW;;;; +21A2;LEFTWARDS ARROW WITH TAIL;So;0;ON;;;;;N;LEFT ARROW WITH TAIL;;;; +21A3;RIGHTWARDS ARROW WITH TAIL;Sm;0;ON;;;;;N;RIGHT ARROW WITH TAIL;;;; +21A4;LEFTWARDS ARROW FROM BAR;So;0;ON;;;;;N;LEFT ARROW FROM BAR;;;; +21A5;UPWARDS ARROW FROM BAR;So;0;ON;;;;;N;UP ARROW FROM BAR;;;; +21A6;RIGHTWARDS ARROW FROM BAR;Sm;0;ON;;;;;N;RIGHT ARROW FROM BAR;;;; +21A7;DOWNWARDS ARROW FROM BAR;So;0;ON;;;;;N;DOWN ARROW FROM BAR;;;; +21A8;UP DOWN ARROW WITH BASE;So;0;ON;;;;;N;;;;; +21A9;LEFTWARDS ARROW WITH HOOK;So;0;ON;;;;;N;LEFT ARROW WITH HOOK;;;; +21AA;RIGHTWARDS ARROW WITH HOOK;So;0;ON;;;;;N;RIGHT ARROW WITH HOOK;;;; +21AB;LEFTWARDS ARROW WITH LOOP;So;0;ON;;;;;N;LEFT ARROW WITH LOOP;;;; +21AC;RIGHTWARDS ARROW WITH LOOP;So;0;ON;;;;;N;RIGHT ARROW WITH LOOP;;;; +21AD;LEFT RIGHT WAVE ARROW;So;0;ON;;;;;N;;;;; +21AE;LEFT RIGHT ARROW WITH STROKE;Sm;0;ON;2194 0338;;;;N;;;;; +21AF;DOWNWARDS ZIGZAG ARROW;So;0;ON;;;;;N;DOWN ZIGZAG ARROW;;;; +21B0;UPWARDS ARROW WITH TIP LEFTWARDS;So;0;ON;;;;;N;UP ARROW WITH TIP LEFT;;;; +21B1;UPWARDS ARROW WITH TIP RIGHTWARDS;So;0;ON;;;;;N;UP ARROW WITH TIP RIGHT;;;; +21B2;DOWNWARDS ARROW WITH TIP LEFTWARDS;So;0;ON;;;;;N;DOWN ARROW WITH TIP LEFT;;;; +21B3;DOWNWARDS ARROW WITH TIP RIGHTWARDS;So;0;ON;;;;;N;DOWN ARROW WITH TIP RIGHT;;;; +21B4;RIGHTWARDS ARROW WITH CORNER DOWNWARDS;So;0;ON;;;;;N;RIGHT ARROW WITH CORNER DOWN;;;; +21B5;DOWNWARDS ARROW WITH CORNER LEFTWARDS;So;0;ON;;;;;N;DOWN ARROW WITH CORNER LEFT;;;; +21B6;ANTICLOCKWISE TOP SEMICIRCLE ARROW;So;0;ON;;;;;N;;;;; +21B7;CLOCKWISE TOP SEMICIRCLE ARROW;So;0;ON;;;;;N;;;;; +21B8;NORTH WEST ARROW TO LONG BAR;So;0;ON;;;;;N;UPPER LEFT ARROW TO LONG BAR;;;; +21B9;LEFTWARDS ARROW TO BAR OVER RIGHTWARDS ARROW TO BAR;So;0;ON;;;;;N;LEFT ARROW TO BAR OVER RIGHT ARROW TO BAR;;;; +21BA;ANTICLOCKWISE OPEN CIRCLE ARROW;So;0;ON;;;;;N;;;;; +21BB;CLOCKWISE OPEN CIRCLE ARROW;So;0;ON;;;;;N;;;;; +21BC;LEFTWARDS HARPOON WITH BARB UPWARDS;So;0;ON;;;;;N;LEFT HARPOON WITH BARB UP;;;; +21BD;LEFTWARDS HARPOON WITH BARB DOWNWARDS;So;0;ON;;;;;N;LEFT HARPOON WITH BARB DOWN;;;; +21BE;UPWARDS HARPOON WITH BARB RIGHTWARDS;So;0;ON;;;;;N;UP HARPOON WITH BARB RIGHT;;;; +21BF;UPWARDS HARPOON WITH BARB LEFTWARDS;So;0;ON;;;;;N;UP HARPOON WITH BARB LEFT;;;; +21C0;RIGHTWARDS HARPOON WITH BARB UPWARDS;So;0;ON;;;;;N;RIGHT HARPOON WITH BARB UP;;;; +21C1;RIGHTWARDS HARPOON WITH BARB DOWNWARDS;So;0;ON;;;;;N;RIGHT HARPOON WITH BARB DOWN;;;; +21C2;DOWNWARDS HARPOON WITH BARB RIGHTWARDS;So;0;ON;;;;;N;DOWN HARPOON WITH BARB RIGHT;;;; +21C3;DOWNWARDS HARPOON WITH BARB LEFTWARDS;So;0;ON;;;;;N;DOWN HARPOON WITH BARB LEFT;;;; +21C4;RIGHTWARDS ARROW OVER LEFTWARDS ARROW;So;0;ON;;;;;N;RIGHT ARROW OVER LEFT ARROW;;;; +21C5;UPWARDS ARROW LEFTWARDS OF DOWNWARDS ARROW;So;0;ON;;;;;N;UP ARROW LEFT OF DOWN ARROW;;;; +21C6;LEFTWARDS ARROW OVER RIGHTWARDS ARROW;So;0;ON;;;;;N;LEFT ARROW OVER RIGHT ARROW;;;; +21C7;LEFTWARDS PAIRED ARROWS;So;0;ON;;;;;N;LEFT PAIRED ARROWS;;;; +21C8;UPWARDS PAIRED ARROWS;So;0;ON;;;;;N;UP PAIRED ARROWS;;;; +21C9;RIGHTWARDS PAIRED ARROWS;So;0;ON;;;;;N;RIGHT PAIRED ARROWS;;;; +21CA;DOWNWARDS PAIRED ARROWS;So;0;ON;;;;;N;DOWN PAIRED ARROWS;;;; +21CB;LEFTWARDS HARPOON OVER RIGHTWARDS HARPOON;So;0;ON;;;;;N;LEFT HARPOON OVER RIGHT HARPOON;;;; +21CC;RIGHTWARDS HARPOON OVER LEFTWARDS HARPOON;So;0;ON;;;;;N;RIGHT HARPOON OVER LEFT HARPOON;;;; +21CD;LEFTWARDS DOUBLE ARROW WITH STROKE;So;0;ON;21D0 0338;;;;N;LEFT DOUBLE ARROW WITH STROKE;;;; +21CE;LEFT RIGHT DOUBLE ARROW WITH STROKE;Sm;0;ON;21D4 0338;;;;N;;;;; +21CF;RIGHTWARDS DOUBLE ARROW WITH STROKE;Sm;0;ON;21D2 0338;;;;N;RIGHT DOUBLE ARROW WITH STROKE;;;; +21D0;LEFTWARDS DOUBLE ARROW;So;0;ON;;;;;N;LEFT DOUBLE ARROW;;;; +21D1;UPWARDS DOUBLE ARROW;So;0;ON;;;;;N;UP DOUBLE ARROW;;;; +21D2;RIGHTWARDS DOUBLE ARROW;Sm;0;ON;;;;;N;RIGHT DOUBLE ARROW;;;; +21D3;DOWNWARDS DOUBLE ARROW;So;0;ON;;;;;N;DOWN DOUBLE ARROW;;;; +21D4;LEFT RIGHT DOUBLE ARROW;Sm;0;ON;;;;;N;;;;; +21D5;UP DOWN DOUBLE ARROW;So;0;ON;;;;;N;;;;; +21D6;NORTH WEST DOUBLE ARROW;So;0;ON;;;;;N;UPPER LEFT DOUBLE ARROW;;;; +21D7;NORTH EAST DOUBLE ARROW;So;0;ON;;;;;N;UPPER RIGHT DOUBLE ARROW;;;; +21D8;SOUTH EAST DOUBLE ARROW;So;0;ON;;;;;N;LOWER RIGHT DOUBLE ARROW;;;; +21D9;SOUTH WEST DOUBLE ARROW;So;0;ON;;;;;N;LOWER LEFT DOUBLE ARROW;;;; +21DA;LEFTWARDS TRIPLE ARROW;So;0;ON;;;;;N;LEFT TRIPLE ARROW;;;; +21DB;RIGHTWARDS TRIPLE ARROW;So;0;ON;;;;;N;RIGHT TRIPLE ARROW;;;; +21DC;LEFTWARDS SQUIGGLE ARROW;So;0;ON;;;;;N;LEFT SQUIGGLE ARROW;;;; +21DD;RIGHTWARDS SQUIGGLE ARROW;So;0;ON;;;;;N;RIGHT SQUIGGLE ARROW;;;; +21DE;UPWARDS ARROW WITH DOUBLE STROKE;So;0;ON;;;;;N;UP ARROW WITH DOUBLE STROKE;;;; +21DF;DOWNWARDS ARROW WITH DOUBLE STROKE;So;0;ON;;;;;N;DOWN ARROW WITH DOUBLE STROKE;;;; +21E0;LEFTWARDS DASHED ARROW;So;0;ON;;;;;N;LEFT DASHED ARROW;;;; +21E1;UPWARDS DASHED ARROW;So;0;ON;;;;;N;UP DASHED ARROW;;;; +21E2;RIGHTWARDS DASHED ARROW;So;0;ON;;;;;N;RIGHT DASHED ARROW;;;; +21E3;DOWNWARDS DASHED ARROW;So;0;ON;;;;;N;DOWN DASHED ARROW;;;; +21E4;LEFTWARDS ARROW TO BAR;So;0;ON;;;;;N;LEFT ARROW TO BAR;;;; +21E5;RIGHTWARDS ARROW TO BAR;So;0;ON;;;;;N;RIGHT ARROW TO BAR;;;; +21E6;LEFTWARDS WHITE ARROW;So;0;ON;;;;;N;WHITE LEFT ARROW;;;; +21E7;UPWARDS WHITE ARROW;So;0;ON;;;;;N;WHITE UP ARROW;;;; +21E8;RIGHTWARDS WHITE ARROW;So;0;ON;;;;;N;WHITE RIGHT ARROW;;;; +21E9;DOWNWARDS WHITE ARROW;So;0;ON;;;;;N;WHITE DOWN ARROW;;;; +21EA;UPWARDS WHITE ARROW FROM BAR;So;0;ON;;;;;N;WHITE UP ARROW FROM BAR;;;; +21EB;UPWARDS WHITE ARROW ON PEDESTAL;So;0;ON;;;;;N;;;;; +21EC;UPWARDS WHITE ARROW ON PEDESTAL WITH HORIZONTAL BAR;So;0;ON;;;;;N;;;;; +21ED;UPWARDS WHITE ARROW ON PEDESTAL WITH VERTICAL BAR;So;0;ON;;;;;N;;;;; +21EE;UPWARDS WHITE DOUBLE ARROW;So;0;ON;;;;;N;;;;; +21EF;UPWARDS WHITE DOUBLE ARROW ON PEDESTAL;So;0;ON;;;;;N;;;;; +21F0;RIGHTWARDS WHITE ARROW FROM WALL;So;0;ON;;;;;N;;;;; +21F1;NORTH WEST ARROW TO CORNER;So;0;ON;;;;;N;;;;; +21F2;SOUTH EAST ARROW TO CORNER;So;0;ON;;;;;N;;;;; +21F3;UP DOWN WHITE ARROW;So;0;ON;;;;;N;;;;; +21F4;RIGHT ARROW WITH SMALL CIRCLE;Sm;0;ON;;;;;N;;;;; +21F5;DOWNWARDS ARROW LEFTWARDS OF UPWARDS ARROW;Sm;0;ON;;;;;N;;;;; +21F6;THREE RIGHTWARDS ARROWS;Sm;0;ON;;;;;N;;;;; +21F7;LEFTWARDS ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +21F8;RIGHTWARDS ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +21F9;LEFT RIGHT ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +21FA;LEFTWARDS ARROW WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +21FB;RIGHTWARDS ARROW WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +21FC;LEFT RIGHT ARROW WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +21FD;LEFTWARDS OPEN-HEADED ARROW;Sm;0;ON;;;;;N;;;;; +21FE;RIGHTWARDS OPEN-HEADED ARROW;Sm;0;ON;;;;;N;;;;; +21FF;LEFT RIGHT OPEN-HEADED ARROW;Sm;0;ON;;;;;N;;;;; +2200;FOR ALL;Sm;0;ON;;;;;N;;;;; +2201;COMPLEMENT;Sm;0;ON;;;;;Y;;;;; +2202;PARTIAL DIFFERENTIAL;Sm;0;ON;;;;;Y;;;;; +2203;THERE EXISTS;Sm;0;ON;;;;;Y;;;;; +2204;THERE DOES NOT EXIST;Sm;0;ON;2203 0338;;;;Y;;;;; +2205;EMPTY SET;Sm;0;ON;;;;;N;;;;; +2206;INCREMENT;Sm;0;ON;;;;;N;;;;; +2207;NABLA;Sm;0;ON;;;;;N;;;;; +2208;ELEMENT OF;Sm;0;ON;;;;;Y;;;;; +2209;NOT AN ELEMENT OF;Sm;0;ON;2208 0338;;;;Y;;;;; +220A;SMALL ELEMENT OF;Sm;0;ON;;;;;Y;;;;; +220B;CONTAINS AS MEMBER;Sm;0;ON;;;;;Y;;;;; +220C;DOES NOT CONTAIN AS MEMBER;Sm;0;ON;220B 0338;;;;Y;;;;; +220D;SMALL CONTAINS AS MEMBER;Sm;0;ON;;;;;Y;;;;; +220E;END OF PROOF;Sm;0;ON;;;;;N;;;;; +220F;N-ARY PRODUCT;Sm;0;ON;;;;;N;;;;; +2210;N-ARY COPRODUCT;Sm;0;ON;;;;;N;;;;; +2211;N-ARY SUMMATION;Sm;0;ON;;;;;Y;;;;; +2212;MINUS SIGN;Sm;0;ET;;;;;N;;;;; +2213;MINUS-OR-PLUS SIGN;Sm;0;ET;;;;;N;;;;; +2214;DOT PLUS;Sm;0;ON;;;;;N;;;;; +2215;DIVISION SLASH;Sm;0;ON;;;;;Y;;;;; +2216;SET MINUS;Sm;0;ON;;;;;Y;;;;; +2217;ASTERISK OPERATOR;Sm;0;ON;;;;;N;;;;; +2218;RING OPERATOR;Sm;0;ON;;;;;N;;;;; +2219;BULLET OPERATOR;Sm;0;ON;;;;;N;;;;; +221A;SQUARE ROOT;Sm;0;ON;;;;;Y;;;;; +221B;CUBE ROOT;Sm;0;ON;;;;;Y;;;;; +221C;FOURTH ROOT;Sm;0;ON;;;;;Y;;;;; +221D;PROPORTIONAL TO;Sm;0;ON;;;;;Y;;;;; +221E;INFINITY;Sm;0;ON;;;;;N;;;;; +221F;RIGHT ANGLE;Sm;0;ON;;;;;Y;;;;; +2220;ANGLE;Sm;0;ON;;;;;Y;;;;; +2221;MEASURED ANGLE;Sm;0;ON;;;;;Y;;;;; +2222;SPHERICAL ANGLE;Sm;0;ON;;;;;Y;;;;; +2223;DIVIDES;Sm;0;ON;;;;;N;;;;; +2224;DOES NOT DIVIDE;Sm;0;ON;2223 0338;;;;Y;;;;; +2225;PARALLEL TO;Sm;0;ON;;;;;N;;;;; +2226;NOT PARALLEL TO;Sm;0;ON;2225 0338;;;;Y;;;;; +2227;LOGICAL AND;Sm;0;ON;;;;;N;;;;; +2228;LOGICAL OR;Sm;0;ON;;;;;N;;;;; +2229;INTERSECTION;Sm;0;ON;;;;;N;;;;; +222A;UNION;Sm;0;ON;;;;;N;;;;; +222B;INTEGRAL;Sm;0;ON;;;;;Y;;;;; +222C;DOUBLE INTEGRAL;Sm;0;ON; 222B 222B;;;;Y;;;;; +222D;TRIPLE INTEGRAL;Sm;0;ON; 222B 222B 222B;;;;Y;;;;; +222E;CONTOUR INTEGRAL;Sm;0;ON;;;;;Y;;;;; +222F;SURFACE INTEGRAL;Sm;0;ON; 222E 222E;;;;Y;;;;; +2230;VOLUME INTEGRAL;Sm;0;ON; 222E 222E 222E;;;;Y;;;;; +2231;CLOCKWISE INTEGRAL;Sm;0;ON;;;;;Y;;;;; +2232;CLOCKWISE CONTOUR INTEGRAL;Sm;0;ON;;;;;Y;;;;; +2233;ANTICLOCKWISE CONTOUR INTEGRAL;Sm;0;ON;;;;;Y;;;;; +2234;THEREFORE;Sm;0;ON;;;;;N;;;;; +2235;BECAUSE;Sm;0;ON;;;;;N;;;;; +2236;RATIO;Sm;0;ON;;;;;N;;;;; +2237;PROPORTION;Sm;0;ON;;;;;N;;;;; +2238;DOT MINUS;Sm;0;ON;;;;;N;;;;; +2239;EXCESS;Sm;0;ON;;;;;Y;;;;; +223A;GEOMETRIC PROPORTION;Sm;0;ON;;;;;N;;;;; +223B;HOMOTHETIC;Sm;0;ON;;;;;Y;;;;; +223C;TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;; +223D;REVERSED TILDE;Sm;0;ON;;;;;Y;;lazy S;;; +223E;INVERTED LAZY S;Sm;0;ON;;;;;Y;;;;; +223F;SINE WAVE;Sm;0;ON;;;;;Y;;;;; +2240;WREATH PRODUCT;Sm;0;ON;;;;;Y;;;;; +2241;NOT TILDE;Sm;0;ON;223C 0338;;;;Y;;;;; +2242;MINUS TILDE;Sm;0;ON;;;;;Y;;;;; +2243;ASYMPTOTICALLY EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2244;NOT ASYMPTOTICALLY EQUAL TO;Sm;0;ON;2243 0338;;;;Y;;;;; +2245;APPROXIMATELY EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2246;APPROXIMATELY BUT NOT ACTUALLY EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2247;NEITHER APPROXIMATELY NOR ACTUALLY EQUAL TO;Sm;0;ON;2245 0338;;;;Y;;;;; +2248;ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2249;NOT ALMOST EQUAL TO;Sm;0;ON;2248 0338;;;;Y;;;;; +224A;ALMOST EQUAL OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +224B;TRIPLE TILDE;Sm;0;ON;;;;;Y;;;;; +224C;ALL EQUAL TO;Sm;0;ON;;;;;Y;;;;; +224D;EQUIVALENT TO;Sm;0;ON;;;;;N;;;;; +224E;GEOMETRICALLY EQUIVALENT TO;Sm;0;ON;;;;;N;;;;; +224F;DIFFERENCE BETWEEN;Sm;0;ON;;;;;N;;;;; +2250;APPROACHES THE LIMIT;Sm;0;ON;;;;;N;;;;; +2251;GEOMETRICALLY EQUAL TO;Sm;0;ON;;;;;N;;;;; +2252;APPROXIMATELY EQUAL TO OR THE IMAGE OF;Sm;0;ON;;;;;Y;;;;; +2253;IMAGE OF OR APPROXIMATELY EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2254;COLON EQUALS;Sm;0;ON;;;;;Y;COLON EQUAL;;;; +2255;EQUALS COLON;Sm;0;ON;;;;;Y;EQUAL COLON;;;; +2256;RING IN EQUAL TO;Sm;0;ON;;;;;N;;;;; +2257;RING EQUAL TO;Sm;0;ON;;;;;N;;;;; +2258;CORRESPONDS TO;Sm;0;ON;;;;;N;;;;; +2259;ESTIMATES;Sm;0;ON;;;;;N;;;;; +225A;EQUIANGULAR TO;Sm;0;ON;;;;;N;;;;; +225B;STAR EQUALS;Sm;0;ON;;;;;N;;;;; +225C;DELTA EQUAL TO;Sm;0;ON;;;;;N;;;;; +225D;EQUAL TO BY DEFINITION;Sm;0;ON;;;;;N;;;;; +225E;MEASURED BY;Sm;0;ON;;;;;N;;;;; +225F;QUESTIONED EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2260;NOT EQUAL TO;Sm;0;ON;003D 0338;;;;Y;;;;; +2261;IDENTICAL TO;Sm;0;ON;;;;;N;;;;; +2262;NOT IDENTICAL TO;Sm;0;ON;2261 0338;;;;Y;;;;; +2263;STRICTLY EQUIVALENT TO;Sm;0;ON;;;;;N;;;;; +2264;LESS-THAN OR EQUAL TO;Sm;0;ON;;;;;Y;LESS THAN OR EQUAL TO;;;; +2265;GREATER-THAN OR EQUAL TO;Sm;0;ON;;;;;Y;GREATER THAN OR EQUAL TO;;;; +2266;LESS-THAN OVER EQUAL TO;Sm;0;ON;;;;;Y;LESS THAN OVER EQUAL TO;;;; +2267;GREATER-THAN OVER EQUAL TO;Sm;0;ON;;;;;Y;GREATER THAN OVER EQUAL TO;;;; +2268;LESS-THAN BUT NOT EQUAL TO;Sm;0;ON;;;;;Y;LESS THAN BUT NOT EQUAL TO;;;; +2269;GREATER-THAN BUT NOT EQUAL TO;Sm;0;ON;;;;;Y;GREATER THAN BUT NOT EQUAL TO;;;; +226A;MUCH LESS-THAN;Sm;0;ON;;;;;Y;MUCH LESS THAN;;;; +226B;MUCH GREATER-THAN;Sm;0;ON;;;;;Y;MUCH GREATER THAN;;;; +226C;BETWEEN;Sm;0;ON;;;;;N;;;;; +226D;NOT EQUIVALENT TO;Sm;0;ON;224D 0338;;;;N;;;;; +226E;NOT LESS-THAN;Sm;0;ON;003C 0338;;;;Y;NOT LESS THAN;;;; +226F;NOT GREATER-THAN;Sm;0;ON;003E 0338;;;;Y;NOT GREATER THAN;;;; +2270;NEITHER LESS-THAN NOR EQUAL TO;Sm;0;ON;2264 0338;;;;Y;NEITHER LESS THAN NOR EQUAL TO;;;; +2271;NEITHER GREATER-THAN NOR EQUAL TO;Sm;0;ON;2265 0338;;;;Y;NEITHER GREATER THAN NOR EQUAL TO;;;; +2272;LESS-THAN OR EQUIVALENT TO;Sm;0;ON;;;;;Y;LESS THAN OR EQUIVALENT TO;;;; +2273;GREATER-THAN OR EQUIVALENT TO;Sm;0;ON;;;;;Y;GREATER THAN OR EQUIVALENT TO;;;; +2274;NEITHER LESS-THAN NOR EQUIVALENT TO;Sm;0;ON;2272 0338;;;;Y;NEITHER LESS THAN NOR EQUIVALENT TO;;;; +2275;NEITHER GREATER-THAN NOR EQUIVALENT TO;Sm;0;ON;2273 0338;;;;Y;NEITHER GREATER THAN NOR EQUIVALENT TO;;;; +2276;LESS-THAN OR GREATER-THAN;Sm;0;ON;;;;;Y;LESS THAN OR GREATER THAN;;;; +2277;GREATER-THAN OR LESS-THAN;Sm;0;ON;;;;;Y;GREATER THAN OR LESS THAN;;;; +2278;NEITHER LESS-THAN NOR GREATER-THAN;Sm;0;ON;2276 0338;;;;Y;NEITHER LESS THAN NOR GREATER THAN;;;; +2279;NEITHER GREATER-THAN NOR LESS-THAN;Sm;0;ON;2277 0338;;;;Y;NEITHER GREATER THAN NOR LESS THAN;;;; +227A;PRECEDES;Sm;0;ON;;;;;Y;;;;; +227B;SUCCEEDS;Sm;0;ON;;;;;Y;;;;; +227C;PRECEDES OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +227D;SUCCEEDS OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +227E;PRECEDES OR EQUIVALENT TO;Sm;0;ON;;;;;Y;;;;; +227F;SUCCEEDS OR EQUIVALENT TO;Sm;0;ON;;;;;Y;;;;; +2280;DOES NOT PRECEDE;Sm;0;ON;227A 0338;;;;Y;;;;; +2281;DOES NOT SUCCEED;Sm;0;ON;227B 0338;;;;Y;;;;; +2282;SUBSET OF;Sm;0;ON;;;;;Y;;;;; +2283;SUPERSET OF;Sm;0;ON;;;;;Y;;;;; +2284;NOT A SUBSET OF;Sm;0;ON;2282 0338;;;;Y;;;;; +2285;NOT A SUPERSET OF;Sm;0;ON;2283 0338;;;;Y;;;;; +2286;SUBSET OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2287;SUPERSET OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2288;NEITHER A SUBSET OF NOR EQUAL TO;Sm;0;ON;2286 0338;;;;Y;;;;; +2289;NEITHER A SUPERSET OF NOR EQUAL TO;Sm;0;ON;2287 0338;;;;Y;;;;; +228A;SUBSET OF WITH NOT EQUAL TO;Sm;0;ON;;;;;Y;SUBSET OF OR NOT EQUAL TO;;;; +228B;SUPERSET OF WITH NOT EQUAL TO;Sm;0;ON;;;;;Y;SUPERSET OF OR NOT EQUAL TO;;;; +228C;MULTISET;Sm;0;ON;;;;;Y;;;;; +228D;MULTISET MULTIPLICATION;Sm;0;ON;;;;;N;;;;; +228E;MULTISET UNION;Sm;0;ON;;;;;N;;;;; +228F;SQUARE IMAGE OF;Sm;0;ON;;;;;Y;;;;; +2290;SQUARE ORIGINAL OF;Sm;0;ON;;;;;Y;;;;; +2291;SQUARE IMAGE OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2292;SQUARE ORIGINAL OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2293;SQUARE CAP;Sm;0;ON;;;;;N;;;;; +2294;SQUARE CUP;Sm;0;ON;;;;;N;;;;; +2295;CIRCLED PLUS;Sm;0;ON;;;;;N;;;;; +2296;CIRCLED MINUS;Sm;0;ON;;;;;N;;;;; +2297;CIRCLED TIMES;Sm;0;ON;;;;;N;;;;; +2298;CIRCLED DIVISION SLASH;Sm;0;ON;;;;;Y;;;;; +2299;CIRCLED DOT OPERATOR;Sm;0;ON;;;;;N;;;;; +229A;CIRCLED RING OPERATOR;Sm;0;ON;;;;;N;;;;; +229B;CIRCLED ASTERISK OPERATOR;Sm;0;ON;;;;;N;;;;; +229C;CIRCLED EQUALS;Sm;0;ON;;;;;N;;;;; +229D;CIRCLED DASH;Sm;0;ON;;;;;N;;;;; +229E;SQUARED PLUS;Sm;0;ON;;;;;N;;;;; +229F;SQUARED MINUS;Sm;0;ON;;;;;N;;;;; +22A0;SQUARED TIMES;Sm;0;ON;;;;;N;;;;; +22A1;SQUARED DOT OPERATOR;Sm;0;ON;;;;;N;;;;; +22A2;RIGHT TACK;Sm;0;ON;;;;;Y;;;;; +22A3;LEFT TACK;Sm;0;ON;;;;;Y;;;;; +22A4;DOWN TACK;Sm;0;ON;;;;;N;;;;; +22A5;UP TACK;Sm;0;ON;;;;;N;;;;; +22A6;ASSERTION;Sm;0;ON;;;;;Y;;;;; +22A7;MODELS;Sm;0;ON;;;;;Y;;;;; +22A8;TRUE;Sm;0;ON;;;;;Y;;;;; +22A9;FORCES;Sm;0;ON;;;;;Y;;;;; +22AA;TRIPLE VERTICAL BAR RIGHT TURNSTILE;Sm;0;ON;;;;;Y;;;;; +22AB;DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE;Sm;0;ON;;;;;Y;;;;; +22AC;DOES NOT PROVE;Sm;0;ON;22A2 0338;;;;Y;;;;; +22AD;NOT TRUE;Sm;0;ON;22A8 0338;;;;Y;;;;; +22AE;DOES NOT FORCE;Sm;0;ON;22A9 0338;;;;Y;;;;; +22AF;NEGATED DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE;Sm;0;ON;22AB 0338;;;;Y;;;;; +22B0;PRECEDES UNDER RELATION;Sm;0;ON;;;;;Y;;;;; +22B1;SUCCEEDS UNDER RELATION;Sm;0;ON;;;;;Y;;;;; +22B2;NORMAL SUBGROUP OF;Sm;0;ON;;;;;Y;;;;; +22B3;CONTAINS AS NORMAL SUBGROUP;Sm;0;ON;;;;;Y;;;;; +22B4;NORMAL SUBGROUP OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +22B5;CONTAINS AS NORMAL SUBGROUP OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +22B6;ORIGINAL OF;Sm;0;ON;;;;;Y;;;;; +22B7;IMAGE OF;Sm;0;ON;;;;;Y;;;;; +22B8;MULTIMAP;Sm;0;ON;;;;;Y;;;;; +22B9;HERMITIAN CONJUGATE MATRIX;Sm;0;ON;;;;;N;;;;; +22BA;INTERCALATE;Sm;0;ON;;;;;N;;;;; +22BB;XOR;Sm;0;ON;;;;;N;;;;; +22BC;NAND;Sm;0;ON;;;;;N;;;;; +22BD;NOR;Sm;0;ON;;;;;N;;;;; +22BE;RIGHT ANGLE WITH ARC;Sm;0;ON;;;;;Y;;;;; +22BF;RIGHT TRIANGLE;Sm;0;ON;;;;;Y;;;;; +22C0;N-ARY LOGICAL AND;Sm;0;ON;;;;;N;;;;; +22C1;N-ARY LOGICAL OR;Sm;0;ON;;;;;N;;;;; +22C2;N-ARY INTERSECTION;Sm;0;ON;;;;;N;;;;; +22C3;N-ARY UNION;Sm;0;ON;;;;;N;;;;; +22C4;DIAMOND OPERATOR;Sm;0;ON;;;;;N;;;;; +22C5;DOT OPERATOR;Sm;0;ON;;;;;N;;;;; +22C6;STAR OPERATOR;Sm;0;ON;;;;;N;;;;; +22C7;DIVISION TIMES;Sm;0;ON;;;;;N;;;;; +22C8;BOWTIE;Sm;0;ON;;;;;N;;;;; +22C9;LEFT NORMAL FACTOR SEMIDIRECT PRODUCT;Sm;0;ON;;;;;Y;;;;; +22CA;RIGHT NORMAL FACTOR SEMIDIRECT PRODUCT;Sm;0;ON;;;;;Y;;;;; +22CB;LEFT SEMIDIRECT PRODUCT;Sm;0;ON;;;;;Y;;;;; +22CC;RIGHT SEMIDIRECT PRODUCT;Sm;0;ON;;;;;Y;;;;; +22CD;REVERSED TILDE EQUALS;Sm;0;ON;;;;;Y;;;;; +22CE;CURLY LOGICAL OR;Sm;0;ON;;;;;N;;;;; +22CF;CURLY LOGICAL AND;Sm;0;ON;;;;;N;;;;; +22D0;DOUBLE SUBSET;Sm;0;ON;;;;;Y;;;;; +22D1;DOUBLE SUPERSET;Sm;0;ON;;;;;Y;;;;; +22D2;DOUBLE INTERSECTION;Sm;0;ON;;;;;N;;;;; +22D3;DOUBLE UNION;Sm;0;ON;;;;;N;;;;; +22D4;PITCHFORK;Sm;0;ON;;;;;N;;;;; +22D5;EQUAL AND PARALLEL TO;Sm;0;ON;;;;;N;;;;; +22D6;LESS-THAN WITH DOT;Sm;0;ON;;;;;Y;LESS THAN WITH DOT;;;; +22D7;GREATER-THAN WITH DOT;Sm;0;ON;;;;;Y;GREATER THAN WITH DOT;;;; +22D8;VERY MUCH LESS-THAN;Sm;0;ON;;;;;Y;VERY MUCH LESS THAN;;;; +22D9;VERY MUCH GREATER-THAN;Sm;0;ON;;;;;Y;VERY MUCH GREATER THAN;;;; +22DA;LESS-THAN EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;LESS THAN EQUAL TO OR GREATER THAN;;;; +22DB;GREATER-THAN EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;GREATER THAN EQUAL TO OR LESS THAN;;;; +22DC;EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;EQUAL TO OR LESS THAN;;;; +22DD;EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;EQUAL TO OR GREATER THAN;;;; +22DE;EQUAL TO OR PRECEDES;Sm;0;ON;;;;;Y;;;;; +22DF;EQUAL TO OR SUCCEEDS;Sm;0;ON;;;;;Y;;;;; +22E0;DOES NOT PRECEDE OR EQUAL;Sm;0;ON;227C 0338;;;;Y;;;;; +22E1;DOES NOT SUCCEED OR EQUAL;Sm;0;ON;227D 0338;;;;Y;;;;; +22E2;NOT SQUARE IMAGE OF OR EQUAL TO;Sm;0;ON;2291 0338;;;;Y;;;;; +22E3;NOT SQUARE ORIGINAL OF OR EQUAL TO;Sm;0;ON;2292 0338;;;;Y;;;;; +22E4;SQUARE IMAGE OF OR NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +22E5;SQUARE ORIGINAL OF OR NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +22E6;LESS-THAN BUT NOT EQUIVALENT TO;Sm;0;ON;;;;;Y;LESS THAN BUT NOT EQUIVALENT TO;;;; +22E7;GREATER-THAN BUT NOT EQUIVALENT TO;Sm;0;ON;;;;;Y;GREATER THAN BUT NOT EQUIVALENT TO;;;; +22E8;PRECEDES BUT NOT EQUIVALENT TO;Sm;0;ON;;;;;Y;;;;; +22E9;SUCCEEDS BUT NOT EQUIVALENT TO;Sm;0;ON;;;;;Y;;;;; +22EA;NOT NORMAL SUBGROUP OF;Sm;0;ON;22B2 0338;;;;Y;;;;; +22EB;DOES NOT CONTAIN AS NORMAL SUBGROUP;Sm;0;ON;22B3 0338;;;;Y;;;;; +22EC;NOT NORMAL SUBGROUP OF OR EQUAL TO;Sm;0;ON;22B4 0338;;;;Y;;;;; +22ED;DOES NOT CONTAIN AS NORMAL SUBGROUP OR EQUAL;Sm;0;ON;22B5 0338;;;;Y;;;;; +22EE;VERTICAL ELLIPSIS;Sm;0;ON;;;;;N;;;;; +22EF;MIDLINE HORIZONTAL ELLIPSIS;Sm;0;ON;;;;;N;;;;; +22F0;UP RIGHT DIAGONAL ELLIPSIS;Sm;0;ON;;;;;Y;;;;; +22F1;DOWN RIGHT DIAGONAL ELLIPSIS;Sm;0;ON;;;;;Y;;;;; +22F2;ELEMENT OF WITH LONG HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;; +22F3;ELEMENT OF WITH VERTICAL BAR AT END OF HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;; +22F4;SMALL ELEMENT OF WITH VERTICAL BAR AT END OF HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;; +22F5;ELEMENT OF WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;; +22F6;ELEMENT OF WITH OVERBAR;Sm;0;ON;;;;;Y;;;;; +22F7;SMALL ELEMENT OF WITH OVERBAR;Sm;0;ON;;;;;Y;;;;; +22F8;ELEMENT OF WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;; +22F9;ELEMENT OF WITH TWO HORIZONTAL STROKES;Sm;0;ON;;;;;Y;;;;; +22FA;CONTAINS WITH LONG HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;; +22FB;CONTAINS WITH VERTICAL BAR AT END OF HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;; +22FC;SMALL CONTAINS WITH VERTICAL BAR AT END OF HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;; +22FD;CONTAINS WITH OVERBAR;Sm;0;ON;;;;;Y;;;;; +22FE;SMALL CONTAINS WITH OVERBAR;Sm;0;ON;;;;;Y;;;;; +22FF;Z NOTATION BAG MEMBERSHIP;Sm;0;ON;;;;;Y;;;;; +2300;DIAMETER SIGN;So;0;ON;;;;;N;;;;; +2301;ELECTRIC ARROW;So;0;ON;;;;;N;;;;; +2302;HOUSE;So;0;ON;;;;;N;;;;; +2303;UP ARROWHEAD;So;0;ON;;;;;N;;;;; +2304;DOWN ARROWHEAD;So;0;ON;;;;;N;;;;; +2305;PROJECTIVE;So;0;ON;;;;;N;;;;; +2306;PERSPECTIVE;So;0;ON;;;;;N;;;;; +2307;WAVY LINE;So;0;ON;;;;;N;;;;; +2308;LEFT CEILING;Sm;0;ON;;;;;Y;;;;; +2309;RIGHT CEILING;Sm;0;ON;;;;;Y;;;;; +230A;LEFT FLOOR;Sm;0;ON;;;;;Y;;;;; +230B;RIGHT FLOOR;Sm;0;ON;;;;;Y;;;;; +230C;BOTTOM RIGHT CROP;So;0;ON;;;;;N;;;;; +230D;BOTTOM LEFT CROP;So;0;ON;;;;;N;;;;; +230E;TOP RIGHT CROP;So;0;ON;;;;;N;;;;; +230F;TOP LEFT CROP;So;0;ON;;;;;N;;;;; +2310;REVERSED NOT SIGN;So;0;ON;;;;;N;;;;; +2311;SQUARE LOZENGE;So;0;ON;;;;;N;;;;; +2312;ARC;So;0;ON;;;;;N;;;;; +2313;SEGMENT;So;0;ON;;;;;N;;;;; +2314;SECTOR;So;0;ON;;;;;N;;;;; +2315;TELEPHONE RECORDER;So;0;ON;;;;;N;;;;; +2316;POSITION INDICATOR;So;0;ON;;;;;N;;;;; +2317;VIEWDATA SQUARE;So;0;ON;;;;;N;;;;; +2318;PLACE OF INTEREST SIGN;So;0;ON;;;;;N;COMMAND KEY;;;; +2319;TURNED NOT SIGN;So;0;ON;;;;;N;;;;; +231A;WATCH;So;0;ON;;;;;N;;;;; +231B;HOURGLASS;So;0;ON;;;;;N;;;;; +231C;TOP LEFT CORNER;So;0;ON;;;;;N;;;;; +231D;TOP RIGHT CORNER;So;0;ON;;;;;N;;;;; +231E;BOTTOM LEFT CORNER;So;0;ON;;;;;N;;;;; +231F;BOTTOM RIGHT CORNER;So;0;ON;;;;;N;;;;; +2320;TOP HALF INTEGRAL;Sm;0;ON;;;;;Y;;;;; +2321;BOTTOM HALF INTEGRAL;Sm;0;ON;;;;;Y;;;;; +2322;FROWN;So;0;ON;;;;;N;;;;; +2323;SMILE;So;0;ON;;;;;N;;;;; +2324;UP ARROWHEAD BETWEEN TWO HORIZONTAL BARS;So;0;ON;;;;;N;ENTER KEY;;;; +2325;OPTION KEY;So;0;ON;;;;;N;;;;; +2326;ERASE TO THE RIGHT;So;0;ON;;;;;N;DELETE TO THE RIGHT KEY;;;; +2327;X IN A RECTANGLE BOX;So;0;ON;;;;;N;CLEAR KEY;;;; +2328;KEYBOARD;So;0;ON;;;;;N;;;;; +2329;LEFT-POINTING ANGLE BRACKET;Ps;0;ON;3008;;;;Y;BRA;;;; +232A;RIGHT-POINTING ANGLE BRACKET;Pe;0;ON;3009;;;;Y;KET;;;; +232B;ERASE TO THE LEFT;So;0;ON;;;;;N;DELETE TO THE LEFT KEY;;;; +232C;BENZENE RING;So;0;ON;;;;;N;;;;; +232D;CYLINDRICITY;So;0;ON;;;;;N;;;;; +232E;ALL AROUND-PROFILE;So;0;ON;;;;;N;;;;; +232F;SYMMETRY;So;0;ON;;;;;N;;;;; +2330;TOTAL RUNOUT;So;0;ON;;;;;N;;;;; +2331;DIMENSION ORIGIN;So;0;ON;;;;;N;;;;; +2332;CONICAL TAPER;So;0;ON;;;;;N;;;;; +2333;SLOPE;So;0;ON;;;;;N;;;;; +2334;COUNTERBORE;So;0;ON;;;;;N;;;;; +2335;COUNTERSINK;So;0;ON;;;;;N;;;;; +2336;APL FUNCTIONAL SYMBOL I-BEAM;So;0;L;;;;;N;;;;; +2337;APL FUNCTIONAL SYMBOL SQUISH QUAD;So;0;L;;;;;N;;;;; +2338;APL FUNCTIONAL SYMBOL QUAD EQUAL;So;0;L;;;;;N;;;;; +2339;APL FUNCTIONAL SYMBOL QUAD DIVIDE;So;0;L;;;;;N;;;;; +233A;APL FUNCTIONAL SYMBOL QUAD DIAMOND;So;0;L;;;;;N;;;;; +233B;APL FUNCTIONAL SYMBOL QUAD JOT;So;0;L;;;;;N;;;;; +233C;APL FUNCTIONAL SYMBOL QUAD CIRCLE;So;0;L;;;;;N;;;;; +233D;APL FUNCTIONAL SYMBOL CIRCLE STILE;So;0;L;;;;;N;;;;; +233E;APL FUNCTIONAL SYMBOL CIRCLE JOT;So;0;L;;;;;N;;;;; +233F;APL FUNCTIONAL SYMBOL SLASH BAR;So;0;L;;;;;N;;;;; +2340;APL FUNCTIONAL SYMBOL BACKSLASH BAR;So;0;L;;;;;N;;;;; +2341;APL FUNCTIONAL SYMBOL QUAD SLASH;So;0;L;;;;;N;;;;; +2342;APL FUNCTIONAL SYMBOL QUAD BACKSLASH;So;0;L;;;;;N;;;;; +2343;APL FUNCTIONAL SYMBOL QUAD LESS-THAN;So;0;L;;;;;N;;;;; +2344;APL FUNCTIONAL SYMBOL QUAD GREATER-THAN;So;0;L;;;;;N;;;;; +2345;APL FUNCTIONAL SYMBOL LEFTWARDS VANE;So;0;L;;;;;N;;;;; +2346;APL FUNCTIONAL SYMBOL RIGHTWARDS VANE;So;0;L;;;;;N;;;;; +2347;APL FUNCTIONAL SYMBOL QUAD LEFTWARDS ARROW;So;0;L;;;;;N;;;;; +2348;APL FUNCTIONAL SYMBOL QUAD RIGHTWARDS ARROW;So;0;L;;;;;N;;;;; +2349;APL FUNCTIONAL SYMBOL CIRCLE BACKSLASH;So;0;L;;;;;N;;;;; +234A;APL FUNCTIONAL SYMBOL DOWN TACK UNDERBAR;So;0;L;;;;;N;;*;;; +234B;APL FUNCTIONAL SYMBOL DELTA STILE;So;0;L;;;;;N;;;;; +234C;APL FUNCTIONAL SYMBOL QUAD DOWN CARET;So;0;L;;;;;N;;;;; +234D;APL FUNCTIONAL SYMBOL QUAD DELTA;So;0;L;;;;;N;;;;; +234E;APL FUNCTIONAL SYMBOL DOWN TACK JOT;So;0;L;;;;;N;;*;;; +234F;APL FUNCTIONAL SYMBOL UPWARDS VANE;So;0;L;;;;;N;;;;; +2350;APL FUNCTIONAL SYMBOL QUAD UPWARDS ARROW;So;0;L;;;;;N;;;;; +2351;APL FUNCTIONAL SYMBOL UP TACK OVERBAR;So;0;L;;;;;N;;*;;; +2352;APL FUNCTIONAL SYMBOL DEL STILE;So;0;L;;;;;N;;;;; +2353;APL FUNCTIONAL SYMBOL QUAD UP CARET;So;0;L;;;;;N;;;;; +2354;APL FUNCTIONAL SYMBOL QUAD DEL;So;0;L;;;;;N;;;;; +2355;APL FUNCTIONAL SYMBOL UP TACK JOT;So;0;L;;;;;N;;*;;; +2356;APL FUNCTIONAL SYMBOL DOWNWARDS VANE;So;0;L;;;;;N;;;;; +2357;APL FUNCTIONAL SYMBOL QUAD DOWNWARDS ARROW;So;0;L;;;;;N;;;;; +2358;APL FUNCTIONAL SYMBOL QUOTE UNDERBAR;So;0;L;;;;;N;;;;; +2359;APL FUNCTIONAL SYMBOL DELTA UNDERBAR;So;0;L;;;;;N;;;;; +235A;APL FUNCTIONAL SYMBOL DIAMOND UNDERBAR;So;0;L;;;;;N;;;;; +235B;APL FUNCTIONAL SYMBOL JOT UNDERBAR;So;0;L;;;;;N;;;;; +235C;APL FUNCTIONAL SYMBOL CIRCLE UNDERBAR;So;0;L;;;;;N;;;;; +235D;APL FUNCTIONAL SYMBOL UP SHOE JOT;So;0;L;;;;;N;;;;; +235E;APL FUNCTIONAL SYMBOL QUOTE QUAD;So;0;L;;;;;N;;;;; +235F;APL FUNCTIONAL SYMBOL CIRCLE STAR;So;0;L;;;;;N;;;;; +2360;APL FUNCTIONAL SYMBOL QUAD COLON;So;0;L;;;;;N;;;;; +2361;APL FUNCTIONAL SYMBOL UP TACK DIAERESIS;So;0;L;;;;;N;;*;;; +2362;APL FUNCTIONAL SYMBOL DEL DIAERESIS;So;0;L;;;;;N;;;;; +2363;APL FUNCTIONAL SYMBOL STAR DIAERESIS;So;0;L;;;;;N;;;;; +2364;APL FUNCTIONAL SYMBOL JOT DIAERESIS;So;0;L;;;;;N;;;;; +2365;APL FUNCTIONAL SYMBOL CIRCLE DIAERESIS;So;0;L;;;;;N;;;;; +2366;APL FUNCTIONAL SYMBOL DOWN SHOE STILE;So;0;L;;;;;N;;;;; +2367;APL FUNCTIONAL SYMBOL LEFT SHOE STILE;So;0;L;;;;;N;;;;; +2368;APL FUNCTIONAL SYMBOL TILDE DIAERESIS;So;0;L;;;;;N;;;;; +2369;APL FUNCTIONAL SYMBOL GREATER-THAN DIAERESIS;So;0;L;;;;;N;;;;; +236A;APL FUNCTIONAL SYMBOL COMMA BAR;So;0;L;;;;;N;;;;; +236B;APL FUNCTIONAL SYMBOL DEL TILDE;So;0;L;;;;;N;;;;; +236C;APL FUNCTIONAL SYMBOL ZILDE;So;0;L;;;;;N;;;;; +236D;APL FUNCTIONAL SYMBOL STILE TILDE;So;0;L;;;;;N;;;;; +236E;APL FUNCTIONAL SYMBOL SEMICOLON UNDERBAR;So;0;L;;;;;N;;;;; +236F;APL FUNCTIONAL SYMBOL QUAD NOT EQUAL;So;0;L;;;;;N;;;;; +2370;APL FUNCTIONAL SYMBOL QUAD QUESTION;So;0;L;;;;;N;;;;; +2371;APL FUNCTIONAL SYMBOL DOWN CARET TILDE;So;0;L;;;;;N;;;;; +2372;APL FUNCTIONAL SYMBOL UP CARET TILDE;So;0;L;;;;;N;;;;; +2373;APL FUNCTIONAL SYMBOL IOTA;So;0;L;;;;;N;;;;; +2374;APL FUNCTIONAL SYMBOL RHO;So;0;L;;;;;N;;;;; +2375;APL FUNCTIONAL SYMBOL OMEGA;So;0;L;;;;;N;;;;; +2376;APL FUNCTIONAL SYMBOL ALPHA UNDERBAR;So;0;L;;;;;N;;;;; +2377;APL FUNCTIONAL SYMBOL EPSILON UNDERBAR;So;0;L;;;;;N;;;;; +2378;APL FUNCTIONAL SYMBOL IOTA UNDERBAR;So;0;L;;;;;N;;;;; +2379;APL FUNCTIONAL SYMBOL OMEGA UNDERBAR;So;0;L;;;;;N;;;;; +237A;APL FUNCTIONAL SYMBOL ALPHA;So;0;L;;;;;N;;;;; +237B;NOT CHECK MARK;So;0;ON;;;;;N;;;;; +237C;RIGHT ANGLE WITH DOWNWARDS ZIGZAG ARROW;Sm;0;ON;;;;;N;;;;; +237D;SHOULDERED OPEN BOX;So;0;ON;;;;;N;;;;; +237E;BELL SYMBOL;So;0;ON;;;;;N;;;;; +237F;VERTICAL LINE WITH MIDDLE DOT;So;0;ON;;;;;N;;;;; +2380;INSERTION SYMBOL;So;0;ON;;;;;N;;;;; +2381;CONTINUOUS UNDERLINE SYMBOL;So;0;ON;;;;;N;;;;; +2382;DISCONTINUOUS UNDERLINE SYMBOL;So;0;ON;;;;;N;;;;; +2383;EMPHASIS SYMBOL;So;0;ON;;;;;N;;;;; +2384;COMPOSITION SYMBOL;So;0;ON;;;;;N;;;;; +2385;WHITE SQUARE WITH CENTRE VERTICAL LINE;So;0;ON;;;;;N;;;;; +2386;ENTER SYMBOL;So;0;ON;;;;;N;;;;; +2387;ALTERNATIVE KEY SYMBOL;So;0;ON;;;;;N;;;;; +2388;HELM SYMBOL;So;0;ON;;;;;N;;;;; +2389;CIRCLED HORIZONTAL BAR WITH NOTCH;So;0;ON;;;;;N;;pause;;; +238A;CIRCLED TRIANGLE DOWN;So;0;ON;;;;;N;;break;;; +238B;BROKEN CIRCLE WITH NORTHWEST ARROW;So;0;ON;;;;;N;;escape;;; +238C;UNDO SYMBOL;So;0;ON;;;;;N;;;;; +238D;MONOSTABLE SYMBOL;So;0;ON;;;;;N;;;;; +238E;HYSTERESIS SYMBOL;So;0;ON;;;;;N;;;;; +238F;OPEN-CIRCUIT-OUTPUT H-TYPE SYMBOL;So;0;ON;;;;;N;;;;; +2390;OPEN-CIRCUIT-OUTPUT L-TYPE SYMBOL;So;0;ON;;;;;N;;;;; +2391;PASSIVE-PULL-DOWN-OUTPUT SYMBOL;So;0;ON;;;;;N;;;;; +2392;PASSIVE-PULL-UP-OUTPUT SYMBOL;So;0;ON;;;;;N;;;;; +2393;DIRECT CURRENT SYMBOL FORM TWO;So;0;ON;;;;;N;;;;; +2394;SOFTWARE-FUNCTION SYMBOL;So;0;ON;;;;;N;;;;; +2395;APL FUNCTIONAL SYMBOL QUAD;So;0;L;;;;;N;;;;; +2396;DECIMAL SEPARATOR KEY SYMBOL;So;0;ON;;;;;N;;;;; +2397;PREVIOUS PAGE;So;0;ON;;;;;N;;;;; +2398;NEXT PAGE;So;0;ON;;;;;N;;;;; +2399;PRINT SCREEN SYMBOL;So;0;ON;;;;;N;;;;; +239A;CLEAR SCREEN SYMBOL;So;0;ON;;;;;N;;;;; +239B;LEFT PARENTHESIS UPPER HOOK;Sm;0;ON;;;;;N;;;;; +239C;LEFT PARENTHESIS EXTENSION;Sm;0;ON;;;;;N;;;;; +239D;LEFT PARENTHESIS LOWER HOOK;Sm;0;ON;;;;;N;;;;; +239E;RIGHT PARENTHESIS UPPER HOOK;Sm;0;ON;;;;;N;;;;; +239F;RIGHT PARENTHESIS EXTENSION;Sm;0;ON;;;;;N;;;;; +23A0;RIGHT PARENTHESIS LOWER HOOK;Sm;0;ON;;;;;N;;;;; +23A1;LEFT SQUARE BRACKET UPPER CORNER;Sm;0;ON;;;;;N;;;;; +23A2;LEFT SQUARE BRACKET EXTENSION;Sm;0;ON;;;;;N;;;;; +23A3;LEFT SQUARE BRACKET LOWER CORNER;Sm;0;ON;;;;;N;;;;; +23A4;RIGHT SQUARE BRACKET UPPER CORNER;Sm;0;ON;;;;;N;;;;; +23A5;RIGHT SQUARE BRACKET EXTENSION;Sm;0;ON;;;;;N;;;;; +23A6;RIGHT SQUARE BRACKET LOWER CORNER;Sm;0;ON;;;;;N;;;;; +23A7;LEFT CURLY BRACKET UPPER HOOK;Sm;0;ON;;;;;N;;;;; +23A8;LEFT CURLY BRACKET MIDDLE PIECE;Sm;0;ON;;;;;N;;;;; +23A9;LEFT CURLY BRACKET LOWER HOOK;Sm;0;ON;;;;;N;;;;; +23AA;CURLY BRACKET EXTENSION;Sm;0;ON;;;;;N;;;;; +23AB;RIGHT CURLY BRACKET UPPER HOOK;Sm;0;ON;;;;;N;;;;; +23AC;RIGHT CURLY BRACKET MIDDLE PIECE;Sm;0;ON;;;;;N;;;;; +23AD;RIGHT CURLY BRACKET LOWER HOOK;Sm;0;ON;;;;;N;;;;; +23AE;INTEGRAL EXTENSION;Sm;0;ON;;;;;N;;;;; +23AF;HORIZONTAL LINE EXTENSION;Sm;0;ON;;;;;N;;;;; +23B0;UPPER LEFT OR LOWER RIGHT CURLY BRACKET SECTION;Sm;0;ON;;;;;N;;;;; +23B1;UPPER RIGHT OR LOWER LEFT CURLY BRACKET SECTION;Sm;0;ON;;;;;N;;;;; +23B2;SUMMATION TOP;Sm;0;ON;;;;;N;;;;; +23B3;SUMMATION BOTTOM;Sm;0;ON;;;;;N;;;;; +23B4;TOP SQUARE BRACKET;Ps;0;ON;;;;;N;;;;; +23B5;BOTTOM SQUARE BRACKET;Pe;0;ON;;;;;N;;;;; +23B6;BOTTOM SQUARE BRACKET OVER TOP SQUARE BRACKET;Po;0;ON;;;;;N;;;;; +23B7;RADICAL SYMBOL BOTTOM;So;0;ON;;;;;N;;;;; +23B8;LEFT VERTICAL BOX LINE;So;0;ON;;;;;N;;;;; +23B9;RIGHT VERTICAL BOX LINE;So;0;ON;;;;;N;;;;; +23BA;HORIZONTAL SCAN LINE-1;So;0;ON;;;;;N;;;;; +23BB;HORIZONTAL SCAN LINE-3;So;0;ON;;;;;N;;;;; +23BC;HORIZONTAL SCAN LINE-7;So;0;ON;;;;;N;;;;; +23BD;HORIZONTAL SCAN LINE-9;So;0;ON;;;;;N;;;;; +23BE;DENTISTRY SYMBOL LIGHT VERTICAL AND TOP RIGHT;So;0;ON;;;;;N;;;;; +23BF;DENTISTRY SYMBOL LIGHT VERTICAL AND BOTTOM RIGHT;So;0;ON;;;;;N;;;;; +23C0;DENTISTRY SYMBOL LIGHT VERTICAL WITH CIRCLE;So;0;ON;;;;;N;;;;; +23C1;DENTISTRY SYMBOL LIGHT DOWN AND HORIZONTAL WITH CIRCLE;So;0;ON;;;;;N;;;;; +23C2;DENTISTRY SYMBOL LIGHT UP AND HORIZONTAL WITH CIRCLE;So;0;ON;;;;;N;;;;; +23C3;DENTISTRY SYMBOL LIGHT VERTICAL WITH TRIANGLE;So;0;ON;;;;;N;;;;; +23C4;DENTISTRY SYMBOL LIGHT DOWN AND HORIZONTAL WITH TRIANGLE;So;0;ON;;;;;N;;;;; +23C5;DENTISTRY SYMBOL LIGHT UP AND HORIZONTAL WITH TRIANGLE;So;0;ON;;;;;N;;;;; +23C6;DENTISTRY SYMBOL LIGHT VERTICAL AND WAVE;So;0;ON;;;;;N;;;;; +23C7;DENTISTRY SYMBOL LIGHT DOWN AND HORIZONTAL WITH WAVE;So;0;ON;;;;;N;;;;; +23C8;DENTISTRY SYMBOL LIGHT UP AND HORIZONTAL WITH WAVE;So;0;ON;;;;;N;;;;; +23C9;DENTISTRY SYMBOL LIGHT DOWN AND HORIZONTAL;So;0;ON;;;;;N;;;;; +23CA;DENTISTRY SYMBOL LIGHT UP AND HORIZONTAL;So;0;ON;;;;;N;;;;; +23CB;DENTISTRY SYMBOL LIGHT VERTICAL AND TOP LEFT;So;0;ON;;;;;N;;;;; +23CC;DENTISTRY SYMBOL LIGHT VERTICAL AND BOTTOM LEFT;So;0;ON;;;;;N;;;;; +23CD;SQUARE FOOT;So;0;ON;;;;;N;;;;; +23CE;RETURN SYMBOL;So;0;ON;;;;;N;;;;; +23CF;EJECT SYMBOL;So;0;ON;;;;;N;;;;; +23D0;VERTICAL LINE EXTENSION;So;0;ON;;;;;N;;;;; +2400;SYMBOL FOR NULL;So;0;ON;;;;;N;GRAPHIC FOR NULL;;;; +2401;SYMBOL FOR START OF HEADING;So;0;ON;;;;;N;GRAPHIC FOR START OF HEADING;;;; +2402;SYMBOL FOR START OF TEXT;So;0;ON;;;;;N;GRAPHIC FOR START OF TEXT;;;; +2403;SYMBOL FOR END OF TEXT;So;0;ON;;;;;N;GRAPHIC FOR END OF TEXT;;;; +2404;SYMBOL FOR END OF TRANSMISSION;So;0;ON;;;;;N;GRAPHIC FOR END OF TRANSMISSION;;;; +2405;SYMBOL FOR ENQUIRY;So;0;ON;;;;;N;GRAPHIC FOR ENQUIRY;;;; +2406;SYMBOL FOR ACKNOWLEDGE;So;0;ON;;;;;N;GRAPHIC FOR ACKNOWLEDGE;;;; +2407;SYMBOL FOR BELL;So;0;ON;;;;;N;GRAPHIC FOR BELL;;;; +2408;SYMBOL FOR BACKSPACE;So;0;ON;;;;;N;GRAPHIC FOR BACKSPACE;;;; +2409;SYMBOL FOR HORIZONTAL TABULATION;So;0;ON;;;;;N;GRAPHIC FOR HORIZONTAL TABULATION;;;; +240A;SYMBOL FOR LINE FEED;So;0;ON;;;;;N;GRAPHIC FOR LINE FEED;;;; +240B;SYMBOL FOR VERTICAL TABULATION;So;0;ON;;;;;N;GRAPHIC FOR VERTICAL TABULATION;;;; +240C;SYMBOL FOR FORM FEED;So;0;ON;;;;;N;GRAPHIC FOR FORM FEED;;;; +240D;SYMBOL FOR CARRIAGE RETURN;So;0;ON;;;;;N;GRAPHIC FOR CARRIAGE RETURN;;;; +240E;SYMBOL FOR SHIFT OUT;So;0;ON;;;;;N;GRAPHIC FOR SHIFT OUT;;;; +240F;SYMBOL FOR SHIFT IN;So;0;ON;;;;;N;GRAPHIC FOR SHIFT IN;;;; +2410;SYMBOL FOR DATA LINK ESCAPE;So;0;ON;;;;;N;GRAPHIC FOR DATA LINK ESCAPE;;;; +2411;SYMBOL FOR DEVICE CONTROL ONE;So;0;ON;;;;;N;GRAPHIC FOR DEVICE CONTROL ONE;;;; +2412;SYMBOL FOR DEVICE CONTROL TWO;So;0;ON;;;;;N;GRAPHIC FOR DEVICE CONTROL TWO;;;; +2413;SYMBOL FOR DEVICE CONTROL THREE;So;0;ON;;;;;N;GRAPHIC FOR DEVICE CONTROL THREE;;;; +2414;SYMBOL FOR DEVICE CONTROL FOUR;So;0;ON;;;;;N;GRAPHIC FOR DEVICE CONTROL FOUR;;;; +2415;SYMBOL FOR NEGATIVE ACKNOWLEDGE;So;0;ON;;;;;N;GRAPHIC FOR NEGATIVE ACKNOWLEDGE;;;; +2416;SYMBOL FOR SYNCHRONOUS IDLE;So;0;ON;;;;;N;GRAPHIC FOR SYNCHRONOUS IDLE;;;; +2417;SYMBOL FOR END OF TRANSMISSION BLOCK;So;0;ON;;;;;N;GRAPHIC FOR END OF TRANSMISSION BLOCK;;;; +2418;SYMBOL FOR CANCEL;So;0;ON;;;;;N;GRAPHIC FOR CANCEL;;;; +2419;SYMBOL FOR END OF MEDIUM;So;0;ON;;;;;N;GRAPHIC FOR END OF MEDIUM;;;; +241A;SYMBOL FOR SUBSTITUTE;So;0;ON;;;;;N;GRAPHIC FOR SUBSTITUTE;;;; +241B;SYMBOL FOR ESCAPE;So;0;ON;;;;;N;GRAPHIC FOR ESCAPE;;;; +241C;SYMBOL FOR FILE SEPARATOR;So;0;ON;;;;;N;GRAPHIC FOR FILE SEPARATOR;;;; +241D;SYMBOL FOR GROUP SEPARATOR;So;0;ON;;;;;N;GRAPHIC FOR GROUP SEPARATOR;;;; +241E;SYMBOL FOR RECORD SEPARATOR;So;0;ON;;;;;N;GRAPHIC FOR RECORD SEPARATOR;;;; +241F;SYMBOL FOR UNIT SEPARATOR;So;0;ON;;;;;N;GRAPHIC FOR UNIT SEPARATOR;;;; +2420;SYMBOL FOR SPACE;So;0;ON;;;;;N;GRAPHIC FOR SPACE;;;; +2421;SYMBOL FOR DELETE;So;0;ON;;;;;N;GRAPHIC FOR DELETE;;;; +2422;BLANK SYMBOL;So;0;ON;;;;;N;BLANK;;;; +2423;OPEN BOX;So;0;ON;;;;;N;;;;; +2424;SYMBOL FOR NEWLINE;So;0;ON;;;;;N;GRAPHIC FOR NEWLINE;;;; +2425;SYMBOL FOR DELETE FORM TWO;So;0;ON;;;;;N;;;;; +2426;SYMBOL FOR SUBSTITUTE FORM TWO;So;0;ON;;;;;N;;;;; +2440;OCR HOOK;So;0;ON;;;;;N;;;;; +2441;OCR CHAIR;So;0;ON;;;;;N;;;;; +2442;OCR FORK;So;0;ON;;;;;N;;;;; +2443;OCR INVERTED FORK;So;0;ON;;;;;N;;;;; +2444;OCR BELT BUCKLE;So;0;ON;;;;;N;;;;; +2445;OCR BOW TIE;So;0;ON;;;;;N;;;;; +2446;OCR BRANCH BANK IDENTIFICATION;So;0;ON;;;;;N;;;;; +2447;OCR AMOUNT OF CHECK;So;0;ON;;;;;N;;;;; +2448;OCR DASH;So;0;ON;;;;;N;;;;; +2449;OCR CUSTOMER ACCOUNT NUMBER;So;0;ON;;;;;N;;;;; +244A;OCR DOUBLE BACKSLASH;So;0;ON;;;;;N;;;;; +2460;CIRCLED DIGIT ONE;No;0;ON; 0031;;1;1;N;;;;; +2461;CIRCLED DIGIT TWO;No;0;ON; 0032;;2;2;N;;;;; +2462;CIRCLED DIGIT THREE;No;0;ON; 0033;;3;3;N;;;;; +2463;CIRCLED DIGIT FOUR;No;0;ON; 0034;;4;4;N;;;;; +2464;CIRCLED DIGIT FIVE;No;0;ON; 0035;;5;5;N;;;;; +2465;CIRCLED DIGIT SIX;No;0;ON; 0036;;6;6;N;;;;; +2466;CIRCLED DIGIT SEVEN;No;0;ON; 0037;;7;7;N;;;;; +2467;CIRCLED DIGIT EIGHT;No;0;ON; 0038;;8;8;N;;;;; +2468;CIRCLED DIGIT NINE;No;0;ON; 0039;;9;9;N;;;;; +2469;CIRCLED NUMBER TEN;No;0;ON; 0031 0030;;;10;N;;;;; +246A;CIRCLED NUMBER ELEVEN;No;0;ON; 0031 0031;;;11;N;;;;; +246B;CIRCLED NUMBER TWELVE;No;0;ON; 0031 0032;;;12;N;;;;; +246C;CIRCLED NUMBER THIRTEEN;No;0;ON; 0031 0033;;;13;N;;;;; +246D;CIRCLED NUMBER FOURTEEN;No;0;ON; 0031 0034;;;14;N;;;;; +246E;CIRCLED NUMBER FIFTEEN;No;0;ON; 0031 0035;;;15;N;;;;; +246F;CIRCLED NUMBER SIXTEEN;No;0;ON; 0031 0036;;;16;N;;;;; +2470;CIRCLED NUMBER SEVENTEEN;No;0;ON; 0031 0037;;;17;N;;;;; +2471;CIRCLED NUMBER EIGHTEEN;No;0;ON; 0031 0038;;;18;N;;;;; +2472;CIRCLED NUMBER NINETEEN;No;0;ON; 0031 0039;;;19;N;;;;; +2473;CIRCLED NUMBER TWENTY;No;0;ON; 0032 0030;;;20;N;;;;; +2474;PARENTHESIZED DIGIT ONE;No;0;ON; 0028 0031 0029;;1;1;N;;;;; +2475;PARENTHESIZED DIGIT TWO;No;0;ON; 0028 0032 0029;;2;2;N;;;;; +2476;PARENTHESIZED DIGIT THREE;No;0;ON; 0028 0033 0029;;3;3;N;;;;; +2477;PARENTHESIZED DIGIT FOUR;No;0;ON; 0028 0034 0029;;4;4;N;;;;; +2478;PARENTHESIZED DIGIT FIVE;No;0;ON; 0028 0035 0029;;5;5;N;;;;; +2479;PARENTHESIZED DIGIT SIX;No;0;ON; 0028 0036 0029;;6;6;N;;;;; +247A;PARENTHESIZED DIGIT SEVEN;No;0;ON; 0028 0037 0029;;7;7;N;;;;; +247B;PARENTHESIZED DIGIT EIGHT;No;0;ON; 0028 0038 0029;;8;8;N;;;;; +247C;PARENTHESIZED DIGIT NINE;No;0;ON; 0028 0039 0029;;9;9;N;;;;; +247D;PARENTHESIZED NUMBER TEN;No;0;ON; 0028 0031 0030 0029;;;10;N;;;;; +247E;PARENTHESIZED NUMBER ELEVEN;No;0;ON; 0028 0031 0031 0029;;;11;N;;;;; +247F;PARENTHESIZED NUMBER TWELVE;No;0;ON; 0028 0031 0032 0029;;;12;N;;;;; +2480;PARENTHESIZED NUMBER THIRTEEN;No;0;ON; 0028 0031 0033 0029;;;13;N;;;;; +2481;PARENTHESIZED NUMBER FOURTEEN;No;0;ON; 0028 0031 0034 0029;;;14;N;;;;; +2482;PARENTHESIZED NUMBER FIFTEEN;No;0;ON; 0028 0031 0035 0029;;;15;N;;;;; +2483;PARENTHESIZED NUMBER SIXTEEN;No;0;ON; 0028 0031 0036 0029;;;16;N;;;;; +2484;PARENTHESIZED NUMBER SEVENTEEN;No;0;ON; 0028 0031 0037 0029;;;17;N;;;;; +2485;PARENTHESIZED NUMBER EIGHTEEN;No;0;ON; 0028 0031 0038 0029;;;18;N;;;;; +2486;PARENTHESIZED NUMBER NINETEEN;No;0;ON; 0028 0031 0039 0029;;;19;N;;;;; +2487;PARENTHESIZED NUMBER TWENTY;No;0;ON; 0028 0032 0030 0029;;;20;N;;;;; +2488;DIGIT ONE FULL STOP;No;0;EN; 0031 002E;;1;1;N;DIGIT ONE PERIOD;;;; +2489;DIGIT TWO FULL STOP;No;0;EN; 0032 002E;;2;2;N;DIGIT TWO PERIOD;;;; +248A;DIGIT THREE FULL STOP;No;0;EN; 0033 002E;;3;3;N;DIGIT THREE PERIOD;;;; +248B;DIGIT FOUR FULL STOP;No;0;EN; 0034 002E;;4;4;N;DIGIT FOUR PERIOD;;;; +248C;DIGIT FIVE FULL STOP;No;0;EN; 0035 002E;;5;5;N;DIGIT FIVE PERIOD;;;; +248D;DIGIT SIX FULL STOP;No;0;EN; 0036 002E;;6;6;N;DIGIT SIX PERIOD;;;; +248E;DIGIT SEVEN FULL STOP;No;0;EN; 0037 002E;;7;7;N;DIGIT SEVEN PERIOD;;;; +248F;DIGIT EIGHT FULL STOP;No;0;EN; 0038 002E;;8;8;N;DIGIT EIGHT PERIOD;;;; +2490;DIGIT NINE FULL STOP;No;0;EN; 0039 002E;;9;9;N;DIGIT NINE PERIOD;;;; +2491;NUMBER TEN FULL STOP;No;0;EN; 0031 0030 002E;;;10;N;NUMBER TEN PERIOD;;;; +2492;NUMBER ELEVEN FULL STOP;No;0;EN; 0031 0031 002E;;;11;N;NUMBER ELEVEN PERIOD;;;; +2493;NUMBER TWELVE FULL STOP;No;0;EN; 0031 0032 002E;;;12;N;NUMBER TWELVE PERIOD;;;; +2494;NUMBER THIRTEEN FULL STOP;No;0;EN; 0031 0033 002E;;;13;N;NUMBER THIRTEEN PERIOD;;;; +2495;NUMBER FOURTEEN FULL STOP;No;0;EN; 0031 0034 002E;;;14;N;NUMBER FOURTEEN PERIOD;;;; +2496;NUMBER FIFTEEN FULL STOP;No;0;EN; 0031 0035 002E;;;15;N;NUMBER FIFTEEN PERIOD;;;; +2497;NUMBER SIXTEEN FULL STOP;No;0;EN; 0031 0036 002E;;;16;N;NUMBER SIXTEEN PERIOD;;;; +2498;NUMBER SEVENTEEN FULL STOP;No;0;EN; 0031 0037 002E;;;17;N;NUMBER SEVENTEEN PERIOD;;;; +2499;NUMBER EIGHTEEN FULL STOP;No;0;EN; 0031 0038 002E;;;18;N;NUMBER EIGHTEEN PERIOD;;;; +249A;NUMBER NINETEEN FULL STOP;No;0;EN; 0031 0039 002E;;;19;N;NUMBER NINETEEN PERIOD;;;; +249B;NUMBER TWENTY FULL STOP;No;0;EN; 0032 0030 002E;;;20;N;NUMBER TWENTY PERIOD;;;; +249C;PARENTHESIZED LATIN SMALL LETTER A;So;0;L; 0028 0061 0029;;;;N;;;;; +249D;PARENTHESIZED LATIN SMALL LETTER B;So;0;L; 0028 0062 0029;;;;N;;;;; +249E;PARENTHESIZED LATIN SMALL LETTER C;So;0;L; 0028 0063 0029;;;;N;;;;; +249F;PARENTHESIZED LATIN SMALL LETTER D;So;0;L; 0028 0064 0029;;;;N;;;;; +24A0;PARENTHESIZED LATIN SMALL LETTER E;So;0;L; 0028 0065 0029;;;;N;;;;; +24A1;PARENTHESIZED LATIN SMALL LETTER F;So;0;L; 0028 0066 0029;;;;N;;;;; +24A2;PARENTHESIZED LATIN SMALL LETTER G;So;0;L; 0028 0067 0029;;;;N;;;;; +24A3;PARENTHESIZED LATIN SMALL LETTER H;So;0;L; 0028 0068 0029;;;;N;;;;; +24A4;PARENTHESIZED LATIN SMALL LETTER I;So;0;L; 0028 0069 0029;;;;N;;;;; +24A5;PARENTHESIZED LATIN SMALL LETTER J;So;0;L; 0028 006A 0029;;;;N;;;;; +24A6;PARENTHESIZED LATIN SMALL LETTER K;So;0;L; 0028 006B 0029;;;;N;;;;; +24A7;PARENTHESIZED LATIN SMALL LETTER L;So;0;L; 0028 006C 0029;;;;N;;;;; +24A8;PARENTHESIZED LATIN SMALL LETTER M;So;0;L; 0028 006D 0029;;;;N;;;;; +24A9;PARENTHESIZED LATIN SMALL LETTER N;So;0;L; 0028 006E 0029;;;;N;;;;; +24AA;PARENTHESIZED LATIN SMALL LETTER O;So;0;L; 0028 006F 0029;;;;N;;;;; +24AB;PARENTHESIZED LATIN SMALL LETTER P;So;0;L; 0028 0070 0029;;;;N;;;;; +24AC;PARENTHESIZED LATIN SMALL LETTER Q;So;0;L; 0028 0071 0029;;;;N;;;;; +24AD;PARENTHESIZED LATIN SMALL LETTER R;So;0;L; 0028 0072 0029;;;;N;;;;; +24AE;PARENTHESIZED LATIN SMALL LETTER S;So;0;L; 0028 0073 0029;;;;N;;;;; +24AF;PARENTHESIZED LATIN SMALL LETTER T;So;0;L; 0028 0074 0029;;;;N;;;;; +24B0;PARENTHESIZED LATIN SMALL LETTER U;So;0;L; 0028 0075 0029;;;;N;;;;; +24B1;PARENTHESIZED LATIN SMALL LETTER V;So;0;L; 0028 0076 0029;;;;N;;;;; +24B2;PARENTHESIZED LATIN SMALL LETTER W;So;0;L; 0028 0077 0029;;;;N;;;;; +24B3;PARENTHESIZED LATIN SMALL LETTER X;So;0;L; 0028 0078 0029;;;;N;;;;; +24B4;PARENTHESIZED LATIN SMALL LETTER Y;So;0;L; 0028 0079 0029;;;;N;;;;; +24B5;PARENTHESIZED LATIN SMALL LETTER Z;So;0;L; 0028 007A 0029;;;;N;;;;; +24B6;CIRCLED LATIN CAPITAL LETTER A;So;0;L; 0041;;;;N;;;;24D0; +24B7;CIRCLED LATIN CAPITAL LETTER B;So;0;L; 0042;;;;N;;;;24D1; +24B8;CIRCLED LATIN CAPITAL LETTER C;So;0;L; 0043;;;;N;;;;24D2; +24B9;CIRCLED LATIN CAPITAL LETTER D;So;0;L; 0044;;;;N;;;;24D3; +24BA;CIRCLED LATIN CAPITAL LETTER E;So;0;L; 0045;;;;N;;;;24D4; +24BB;CIRCLED LATIN CAPITAL LETTER F;So;0;L; 0046;;;;N;;;;24D5; +24BC;CIRCLED LATIN CAPITAL LETTER G;So;0;L; 0047;;;;N;;;;24D6; +24BD;CIRCLED LATIN CAPITAL LETTER H;So;0;L; 0048;;;;N;;;;24D7; +24BE;CIRCLED LATIN CAPITAL LETTER I;So;0;L; 0049;;;;N;;;;24D8; +24BF;CIRCLED LATIN CAPITAL LETTER J;So;0;L; 004A;;;;N;;;;24D9; +24C0;CIRCLED LATIN CAPITAL LETTER K;So;0;L; 004B;;;;N;;;;24DA; +24C1;CIRCLED LATIN CAPITAL LETTER L;So;0;L; 004C;;;;N;;;;24DB; +24C2;CIRCLED LATIN CAPITAL LETTER M;So;0;L; 004D;;;;N;;;;24DC; +24C3;CIRCLED LATIN CAPITAL LETTER N;So;0;L; 004E;;;;N;;;;24DD; +24C4;CIRCLED LATIN CAPITAL LETTER O;So;0;L; 004F;;;;N;;;;24DE; +24C5;CIRCLED LATIN CAPITAL LETTER P;So;0;L; 0050;;;;N;;;;24DF; +24C6;CIRCLED LATIN CAPITAL LETTER Q;So;0;L; 0051;;;;N;;;;24E0; +24C7;CIRCLED LATIN CAPITAL LETTER R;So;0;L; 0052;;;;N;;;;24E1; +24C8;CIRCLED LATIN CAPITAL LETTER S;So;0;L; 0053;;;;N;;;;24E2; +24C9;CIRCLED LATIN CAPITAL LETTER T;So;0;L; 0054;;;;N;;;;24E3; +24CA;CIRCLED LATIN CAPITAL LETTER U;So;0;L; 0055;;;;N;;;;24E4; +24CB;CIRCLED LATIN CAPITAL LETTER V;So;0;L; 0056;;;;N;;;;24E5; +24CC;CIRCLED LATIN CAPITAL LETTER W;So;0;L; 0057;;;;N;;;;24E6; +24CD;CIRCLED LATIN CAPITAL LETTER X;So;0;L; 0058;;;;N;;;;24E7; +24CE;CIRCLED LATIN CAPITAL LETTER Y;So;0;L; 0059;;;;N;;;;24E8; +24CF;CIRCLED LATIN CAPITAL LETTER Z;So;0;L; 005A;;;;N;;;;24E9; +24D0;CIRCLED LATIN SMALL LETTER A;So;0;L; 0061;;;;N;;;24B6;;24B6 +24D1;CIRCLED LATIN SMALL LETTER B;So;0;L; 0062;;;;N;;;24B7;;24B7 +24D2;CIRCLED LATIN SMALL LETTER C;So;0;L; 0063;;;;N;;;24B8;;24B8 +24D3;CIRCLED LATIN SMALL LETTER D;So;0;L; 0064;;;;N;;;24B9;;24B9 +24D4;CIRCLED LATIN SMALL LETTER E;So;0;L; 0065;;;;N;;;24BA;;24BA +24D5;CIRCLED LATIN SMALL LETTER F;So;0;L; 0066;;;;N;;;24BB;;24BB +24D6;CIRCLED LATIN SMALL LETTER G;So;0;L; 0067;;;;N;;;24BC;;24BC +24D7;CIRCLED LATIN SMALL LETTER H;So;0;L; 0068;;;;N;;;24BD;;24BD +24D8;CIRCLED LATIN SMALL LETTER I;So;0;L; 0069;;;;N;;;24BE;;24BE +24D9;CIRCLED LATIN SMALL LETTER J;So;0;L; 006A;;;;N;;;24BF;;24BF +24DA;CIRCLED LATIN SMALL LETTER K;So;0;L; 006B;;;;N;;;24C0;;24C0 +24DB;CIRCLED LATIN SMALL LETTER L;So;0;L; 006C;;;;N;;;24C1;;24C1 +24DC;CIRCLED LATIN SMALL LETTER M;So;0;L; 006D;;;;N;;;24C2;;24C2 +24DD;CIRCLED LATIN SMALL LETTER N;So;0;L; 006E;;;;N;;;24C3;;24C3 +24DE;CIRCLED LATIN SMALL LETTER O;So;0;L; 006F;;;;N;;;24C4;;24C4 +24DF;CIRCLED LATIN SMALL LETTER P;So;0;L; 0070;;;;N;;;24C5;;24C5 +24E0;CIRCLED LATIN SMALL LETTER Q;So;0;L; 0071;;;;N;;;24C6;;24C6 +24E1;CIRCLED LATIN SMALL LETTER R;So;0;L; 0072;;;;N;;;24C7;;24C7 +24E2;CIRCLED LATIN SMALL LETTER S;So;0;L; 0073;;;;N;;;24C8;;24C8 +24E3;CIRCLED LATIN SMALL LETTER T;So;0;L; 0074;;;;N;;;24C9;;24C9 +24E4;CIRCLED LATIN SMALL LETTER U;So;0;L; 0075;;;;N;;;24CA;;24CA +24E5;CIRCLED LATIN SMALL LETTER V;So;0;L; 0076;;;;N;;;24CB;;24CB +24E6;CIRCLED LATIN SMALL LETTER W;So;0;L; 0077;;;;N;;;24CC;;24CC +24E7;CIRCLED LATIN SMALL LETTER X;So;0;L; 0078;;;;N;;;24CD;;24CD +24E8;CIRCLED LATIN SMALL LETTER Y;So;0;L; 0079;;;;N;;;24CE;;24CE +24E9;CIRCLED LATIN SMALL LETTER Z;So;0;L; 007A;;;;N;;;24CF;;24CF +24EA;CIRCLED DIGIT ZERO;No;0;ON; 0030;;0;0;N;;;;; +24EB;NEGATIVE CIRCLED NUMBER ELEVEN;No;0;ON;;;;11;N;;;;; +24EC;NEGATIVE CIRCLED NUMBER TWELVE;No;0;ON;;;;12;N;;;;; +24ED;NEGATIVE CIRCLED NUMBER THIRTEEN;No;0;ON;;;;13;N;;;;; +24EE;NEGATIVE CIRCLED NUMBER FOURTEEN;No;0;ON;;;;14;N;;;;; +24EF;NEGATIVE CIRCLED NUMBER FIFTEEN;No;0;ON;;;;15;N;;;;; +24F0;NEGATIVE CIRCLED NUMBER SIXTEEN;No;0;ON;;;;16;N;;;;; +24F1;NEGATIVE CIRCLED NUMBER SEVENTEEN;No;0;ON;;;;17;N;;;;; +24F2;NEGATIVE CIRCLED NUMBER EIGHTEEN;No;0;ON;;;;18;N;;;;; +24F3;NEGATIVE CIRCLED NUMBER NINETEEN;No;0;ON;;;;19;N;;;;; +24F4;NEGATIVE CIRCLED NUMBER TWENTY;No;0;ON;;;;20;N;;;;; +24F5;DOUBLE CIRCLED DIGIT ONE;No;0;ON;;;1;1;N;;;;; +24F6;DOUBLE CIRCLED DIGIT TWO;No;0;ON;;;2;2;N;;;;; +24F7;DOUBLE CIRCLED DIGIT THREE;No;0;ON;;;3;3;N;;;;; +24F8;DOUBLE CIRCLED DIGIT FOUR;No;0;ON;;;4;4;N;;;;; +24F9;DOUBLE CIRCLED DIGIT FIVE;No;0;ON;;;5;5;N;;;;; +24FA;DOUBLE CIRCLED DIGIT SIX;No;0;ON;;;6;6;N;;;;; +24FB;DOUBLE CIRCLED DIGIT SEVEN;No;0;ON;;;7;7;N;;;;; +24FC;DOUBLE CIRCLED DIGIT EIGHT;No;0;ON;;;8;8;N;;;;; +24FD;DOUBLE CIRCLED DIGIT NINE;No;0;ON;;;9;9;N;;;;; +24FE;DOUBLE CIRCLED NUMBER TEN;No;0;ON;;;;10;N;;;;; +24FF;NEGATIVE CIRCLED DIGIT ZERO;No;0;ON;;;0;0;N;;;;; +2500;BOX DRAWINGS LIGHT HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT HORIZONTAL;;;; +2501;BOX DRAWINGS HEAVY HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY HORIZONTAL;;;; +2502;BOX DRAWINGS LIGHT VERTICAL;So;0;ON;;;;;N;FORMS LIGHT VERTICAL;;;; +2503;BOX DRAWINGS HEAVY VERTICAL;So;0;ON;;;;;N;FORMS HEAVY VERTICAL;;;; +2504;BOX DRAWINGS LIGHT TRIPLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT TRIPLE DASH HORIZONTAL;;;; +2505;BOX DRAWINGS HEAVY TRIPLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY TRIPLE DASH HORIZONTAL;;;; +2506;BOX DRAWINGS LIGHT TRIPLE DASH VERTICAL;So;0;ON;;;;;N;FORMS LIGHT TRIPLE DASH VERTICAL;;;; +2507;BOX DRAWINGS HEAVY TRIPLE DASH VERTICAL;So;0;ON;;;;;N;FORMS HEAVY TRIPLE DASH VERTICAL;;;; +2508;BOX DRAWINGS LIGHT QUADRUPLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT QUADRUPLE DASH HORIZONTAL;;;; +2509;BOX DRAWINGS HEAVY QUADRUPLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY QUADRUPLE DASH HORIZONTAL;;;; +250A;BOX DRAWINGS LIGHT QUADRUPLE DASH VERTICAL;So;0;ON;;;;;N;FORMS LIGHT QUADRUPLE DASH VERTICAL;;;; +250B;BOX DRAWINGS HEAVY QUADRUPLE DASH VERTICAL;So;0;ON;;;;;N;FORMS HEAVY QUADRUPLE DASH VERTICAL;;;; +250C;BOX DRAWINGS LIGHT DOWN AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT DOWN AND RIGHT;;;; +250D;BOX DRAWINGS DOWN LIGHT AND RIGHT HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND RIGHT HEAVY;;;; +250E;BOX DRAWINGS DOWN HEAVY AND RIGHT LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND RIGHT LIGHT;;;; +250F;BOX DRAWINGS HEAVY DOWN AND RIGHT;So;0;ON;;;;;N;FORMS HEAVY DOWN AND RIGHT;;;; +2510;BOX DRAWINGS LIGHT DOWN AND LEFT;So;0;ON;;;;;N;FORMS LIGHT DOWN AND LEFT;;;; +2511;BOX DRAWINGS DOWN LIGHT AND LEFT HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND LEFT HEAVY;;;; +2512;BOX DRAWINGS DOWN HEAVY AND LEFT LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND LEFT LIGHT;;;; +2513;BOX DRAWINGS HEAVY DOWN AND LEFT;So;0;ON;;;;;N;FORMS HEAVY DOWN AND LEFT;;;; +2514;BOX DRAWINGS LIGHT UP AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT UP AND RIGHT;;;; +2515;BOX DRAWINGS UP LIGHT AND RIGHT HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND RIGHT HEAVY;;;; +2516;BOX DRAWINGS UP HEAVY AND RIGHT LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND RIGHT LIGHT;;;; +2517;BOX DRAWINGS HEAVY UP AND RIGHT;So;0;ON;;;;;N;FORMS HEAVY UP AND RIGHT;;;; +2518;BOX DRAWINGS LIGHT UP AND LEFT;So;0;ON;;;;;N;FORMS LIGHT UP AND LEFT;;;; +2519;BOX DRAWINGS UP LIGHT AND LEFT HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND LEFT HEAVY;;;; +251A;BOX DRAWINGS UP HEAVY AND LEFT LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND LEFT LIGHT;;;; +251B;BOX DRAWINGS HEAVY UP AND LEFT;So;0;ON;;;;;N;FORMS HEAVY UP AND LEFT;;;; +251C;BOX DRAWINGS LIGHT VERTICAL AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT VERTICAL AND RIGHT;;;; +251D;BOX DRAWINGS VERTICAL LIGHT AND RIGHT HEAVY;So;0;ON;;;;;N;FORMS VERTICAL LIGHT AND RIGHT HEAVY;;;; +251E;BOX DRAWINGS UP HEAVY AND RIGHT DOWN LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND RIGHT DOWN LIGHT;;;; +251F;BOX DRAWINGS DOWN HEAVY AND RIGHT UP LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND RIGHT UP LIGHT;;;; +2520;BOX DRAWINGS VERTICAL HEAVY AND RIGHT LIGHT;So;0;ON;;;;;N;FORMS VERTICAL HEAVY AND RIGHT LIGHT;;;; +2521;BOX DRAWINGS DOWN LIGHT AND RIGHT UP HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND RIGHT UP HEAVY;;;; +2522;BOX DRAWINGS UP LIGHT AND RIGHT DOWN HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND RIGHT DOWN HEAVY;;;; +2523;BOX DRAWINGS HEAVY VERTICAL AND RIGHT;So;0;ON;;;;;N;FORMS HEAVY VERTICAL AND RIGHT;;;; +2524;BOX DRAWINGS LIGHT VERTICAL AND LEFT;So;0;ON;;;;;N;FORMS LIGHT VERTICAL AND LEFT;;;; +2525;BOX DRAWINGS VERTICAL LIGHT AND LEFT HEAVY;So;0;ON;;;;;N;FORMS VERTICAL LIGHT AND LEFT HEAVY;;;; +2526;BOX DRAWINGS UP HEAVY AND LEFT DOWN LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND LEFT DOWN LIGHT;;;; +2527;BOX DRAWINGS DOWN HEAVY AND LEFT UP LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND LEFT UP LIGHT;;;; +2528;BOX DRAWINGS VERTICAL HEAVY AND LEFT LIGHT;So;0;ON;;;;;N;FORMS VERTICAL HEAVY AND LEFT LIGHT;;;; +2529;BOX DRAWINGS DOWN LIGHT AND LEFT UP HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND LEFT UP HEAVY;;;; +252A;BOX DRAWINGS UP LIGHT AND LEFT DOWN HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND LEFT DOWN HEAVY;;;; +252B;BOX DRAWINGS HEAVY VERTICAL AND LEFT;So;0;ON;;;;;N;FORMS HEAVY VERTICAL AND LEFT;;;; +252C;BOX DRAWINGS LIGHT DOWN AND HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT DOWN AND HORIZONTAL;;;; +252D;BOX DRAWINGS LEFT HEAVY AND RIGHT DOWN LIGHT;So;0;ON;;;;;N;FORMS LEFT HEAVY AND RIGHT DOWN LIGHT;;;; +252E;BOX DRAWINGS RIGHT HEAVY AND LEFT DOWN LIGHT;So;0;ON;;;;;N;FORMS RIGHT HEAVY AND LEFT DOWN LIGHT;;;; +252F;BOX DRAWINGS DOWN LIGHT AND HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND HORIZONTAL HEAVY;;;; +2530;BOX DRAWINGS DOWN HEAVY AND HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND HORIZONTAL LIGHT;;;; +2531;BOX DRAWINGS RIGHT LIGHT AND LEFT DOWN HEAVY;So;0;ON;;;;;N;FORMS RIGHT LIGHT AND LEFT DOWN HEAVY;;;; +2532;BOX DRAWINGS LEFT LIGHT AND RIGHT DOWN HEAVY;So;0;ON;;;;;N;FORMS LEFT LIGHT AND RIGHT DOWN HEAVY;;;; +2533;BOX DRAWINGS HEAVY DOWN AND HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY DOWN AND HORIZONTAL;;;; +2534;BOX DRAWINGS LIGHT UP AND HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT UP AND HORIZONTAL;;;; +2535;BOX DRAWINGS LEFT HEAVY AND RIGHT UP LIGHT;So;0;ON;;;;;N;FORMS LEFT HEAVY AND RIGHT UP LIGHT;;;; +2536;BOX DRAWINGS RIGHT HEAVY AND LEFT UP LIGHT;So;0;ON;;;;;N;FORMS RIGHT HEAVY AND LEFT UP LIGHT;;;; +2537;BOX DRAWINGS UP LIGHT AND HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND HORIZONTAL HEAVY;;;; +2538;BOX DRAWINGS UP HEAVY AND HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND HORIZONTAL LIGHT;;;; +2539;BOX DRAWINGS RIGHT LIGHT AND LEFT UP HEAVY;So;0;ON;;;;;N;FORMS RIGHT LIGHT AND LEFT UP HEAVY;;;; +253A;BOX DRAWINGS LEFT LIGHT AND RIGHT UP HEAVY;So;0;ON;;;;;N;FORMS LEFT LIGHT AND RIGHT UP HEAVY;;;; +253B;BOX DRAWINGS HEAVY UP AND HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY UP AND HORIZONTAL;;;; +253C;BOX DRAWINGS LIGHT VERTICAL AND HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT VERTICAL AND HORIZONTAL;;;; +253D;BOX DRAWINGS LEFT HEAVY AND RIGHT VERTICAL LIGHT;So;0;ON;;;;;N;FORMS LEFT HEAVY AND RIGHT VERTICAL LIGHT;;;; +253E;BOX DRAWINGS RIGHT HEAVY AND LEFT VERTICAL LIGHT;So;0;ON;;;;;N;FORMS RIGHT HEAVY AND LEFT VERTICAL LIGHT;;;; +253F;BOX DRAWINGS VERTICAL LIGHT AND HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS VERTICAL LIGHT AND HORIZONTAL HEAVY;;;; +2540;BOX DRAWINGS UP HEAVY AND DOWN HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND DOWN HORIZONTAL LIGHT;;;; +2541;BOX DRAWINGS DOWN HEAVY AND UP HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND UP HORIZONTAL LIGHT;;;; +2542;BOX DRAWINGS VERTICAL HEAVY AND HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS VERTICAL HEAVY AND HORIZONTAL LIGHT;;;; +2543;BOX DRAWINGS LEFT UP HEAVY AND RIGHT DOWN LIGHT;So;0;ON;;;;;N;FORMS LEFT UP HEAVY AND RIGHT DOWN LIGHT;;;; +2544;BOX DRAWINGS RIGHT UP HEAVY AND LEFT DOWN LIGHT;So;0;ON;;;;;N;FORMS RIGHT UP HEAVY AND LEFT DOWN LIGHT;;;; +2545;BOX DRAWINGS LEFT DOWN HEAVY AND RIGHT UP LIGHT;So;0;ON;;;;;N;FORMS LEFT DOWN HEAVY AND RIGHT UP LIGHT;;;; +2546;BOX DRAWINGS RIGHT DOWN HEAVY AND LEFT UP LIGHT;So;0;ON;;;;;N;FORMS RIGHT DOWN HEAVY AND LEFT UP LIGHT;;;; +2547;BOX DRAWINGS DOWN LIGHT AND UP HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND UP HORIZONTAL HEAVY;;;; +2548;BOX DRAWINGS UP LIGHT AND DOWN HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND DOWN HORIZONTAL HEAVY;;;; +2549;BOX DRAWINGS RIGHT LIGHT AND LEFT VERTICAL HEAVY;So;0;ON;;;;;N;FORMS RIGHT LIGHT AND LEFT VERTICAL HEAVY;;;; +254A;BOX DRAWINGS LEFT LIGHT AND RIGHT VERTICAL HEAVY;So;0;ON;;;;;N;FORMS LEFT LIGHT AND RIGHT VERTICAL HEAVY;;;; +254B;BOX DRAWINGS HEAVY VERTICAL AND HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY VERTICAL AND HORIZONTAL;;;; +254C;BOX DRAWINGS LIGHT DOUBLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT DOUBLE DASH HORIZONTAL;;;; +254D;BOX DRAWINGS HEAVY DOUBLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY DOUBLE DASH HORIZONTAL;;;; +254E;BOX DRAWINGS LIGHT DOUBLE DASH VERTICAL;So;0;ON;;;;;N;FORMS LIGHT DOUBLE DASH VERTICAL;;;; +254F;BOX DRAWINGS HEAVY DOUBLE DASH VERTICAL;So;0;ON;;;;;N;FORMS HEAVY DOUBLE DASH VERTICAL;;;; +2550;BOX DRAWINGS DOUBLE HORIZONTAL;So;0;ON;;;;;N;FORMS DOUBLE HORIZONTAL;;;; +2551;BOX DRAWINGS DOUBLE VERTICAL;So;0;ON;;;;;N;FORMS DOUBLE VERTICAL;;;; +2552;BOX DRAWINGS DOWN SINGLE AND RIGHT DOUBLE;So;0;ON;;;;;N;FORMS DOWN SINGLE AND RIGHT DOUBLE;;;; +2553;BOX DRAWINGS DOWN DOUBLE AND RIGHT SINGLE;So;0;ON;;;;;N;FORMS DOWN DOUBLE AND RIGHT SINGLE;;;; +2554;BOX DRAWINGS DOUBLE DOWN AND RIGHT;So;0;ON;;;;;N;FORMS DOUBLE DOWN AND RIGHT;;;; +2555;BOX DRAWINGS DOWN SINGLE AND LEFT DOUBLE;So;0;ON;;;;;N;FORMS DOWN SINGLE AND LEFT DOUBLE;;;; +2556;BOX DRAWINGS DOWN DOUBLE AND LEFT SINGLE;So;0;ON;;;;;N;FORMS DOWN DOUBLE AND LEFT SINGLE;;;; +2557;BOX DRAWINGS DOUBLE DOWN AND LEFT;So;0;ON;;;;;N;FORMS DOUBLE DOWN AND LEFT;;;; +2558;BOX DRAWINGS UP SINGLE AND RIGHT DOUBLE;So;0;ON;;;;;N;FORMS UP SINGLE AND RIGHT DOUBLE;;;; +2559;BOX DRAWINGS UP DOUBLE AND RIGHT SINGLE;So;0;ON;;;;;N;FORMS UP DOUBLE AND RIGHT SINGLE;;;; +255A;BOX DRAWINGS DOUBLE UP AND RIGHT;So;0;ON;;;;;N;FORMS DOUBLE UP AND RIGHT;;;; +255B;BOX DRAWINGS UP SINGLE AND LEFT DOUBLE;So;0;ON;;;;;N;FORMS UP SINGLE AND LEFT DOUBLE;;;; +255C;BOX DRAWINGS UP DOUBLE AND LEFT SINGLE;So;0;ON;;;;;N;FORMS UP DOUBLE AND LEFT SINGLE;;;; +255D;BOX DRAWINGS DOUBLE UP AND LEFT;So;0;ON;;;;;N;FORMS DOUBLE UP AND LEFT;;;; +255E;BOX DRAWINGS VERTICAL SINGLE AND RIGHT DOUBLE;So;0;ON;;;;;N;FORMS VERTICAL SINGLE AND RIGHT DOUBLE;;;; +255F;BOX DRAWINGS VERTICAL DOUBLE AND RIGHT SINGLE;So;0;ON;;;;;N;FORMS VERTICAL DOUBLE AND RIGHT SINGLE;;;; +2560;BOX DRAWINGS DOUBLE VERTICAL AND RIGHT;So;0;ON;;;;;N;FORMS DOUBLE VERTICAL AND RIGHT;;;; +2561;BOX DRAWINGS VERTICAL SINGLE AND LEFT DOUBLE;So;0;ON;;;;;N;FORMS VERTICAL SINGLE AND LEFT DOUBLE;;;; +2562;BOX DRAWINGS VERTICAL DOUBLE AND LEFT SINGLE;So;0;ON;;;;;N;FORMS VERTICAL DOUBLE AND LEFT SINGLE;;;; +2563;BOX DRAWINGS DOUBLE VERTICAL AND LEFT;So;0;ON;;;;;N;FORMS DOUBLE VERTICAL AND LEFT;;;; +2564;BOX DRAWINGS DOWN SINGLE AND HORIZONTAL DOUBLE;So;0;ON;;;;;N;FORMS DOWN SINGLE AND HORIZONTAL DOUBLE;;;; +2565;BOX DRAWINGS DOWN DOUBLE AND HORIZONTAL SINGLE;So;0;ON;;;;;N;FORMS DOWN DOUBLE AND HORIZONTAL SINGLE;;;; +2566;BOX DRAWINGS DOUBLE DOWN AND HORIZONTAL;So;0;ON;;;;;N;FORMS DOUBLE DOWN AND HORIZONTAL;;;; +2567;BOX DRAWINGS UP SINGLE AND HORIZONTAL DOUBLE;So;0;ON;;;;;N;FORMS UP SINGLE AND HORIZONTAL DOUBLE;;;; +2568;BOX DRAWINGS UP DOUBLE AND HORIZONTAL SINGLE;So;0;ON;;;;;N;FORMS UP DOUBLE AND HORIZONTAL SINGLE;;;; +2569;BOX DRAWINGS DOUBLE UP AND HORIZONTAL;So;0;ON;;;;;N;FORMS DOUBLE UP AND HORIZONTAL;;;; +256A;BOX DRAWINGS VERTICAL SINGLE AND HORIZONTAL DOUBLE;So;0;ON;;;;;N;FORMS VERTICAL SINGLE AND HORIZONTAL DOUBLE;;;; +256B;BOX DRAWINGS VERTICAL DOUBLE AND HORIZONTAL SINGLE;So;0;ON;;;;;N;FORMS VERTICAL DOUBLE AND HORIZONTAL SINGLE;;;; +256C;BOX DRAWINGS DOUBLE VERTICAL AND HORIZONTAL;So;0;ON;;;;;N;FORMS DOUBLE VERTICAL AND HORIZONTAL;;;; +256D;BOX DRAWINGS LIGHT ARC DOWN AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT ARC DOWN AND RIGHT;;;; +256E;BOX DRAWINGS LIGHT ARC DOWN AND LEFT;So;0;ON;;;;;N;FORMS LIGHT ARC DOWN AND LEFT;;;; +256F;BOX DRAWINGS LIGHT ARC UP AND LEFT;So;0;ON;;;;;N;FORMS LIGHT ARC UP AND LEFT;;;; +2570;BOX DRAWINGS LIGHT ARC UP AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT ARC UP AND RIGHT;;;; +2571;BOX DRAWINGS LIGHT DIAGONAL UPPER RIGHT TO LOWER LEFT;So;0;ON;;;;;N;FORMS LIGHT DIAGONAL UPPER RIGHT TO LOWER LEFT;;;; +2572;BOX DRAWINGS LIGHT DIAGONAL UPPER LEFT TO LOWER RIGHT;So;0;ON;;;;;N;FORMS LIGHT DIAGONAL UPPER LEFT TO LOWER RIGHT;;;; +2573;BOX DRAWINGS LIGHT DIAGONAL CROSS;So;0;ON;;;;;N;FORMS LIGHT DIAGONAL CROSS;;;; +2574;BOX DRAWINGS LIGHT LEFT;So;0;ON;;;;;N;FORMS LIGHT LEFT;;;; +2575;BOX DRAWINGS LIGHT UP;So;0;ON;;;;;N;FORMS LIGHT UP;;;; +2576;BOX DRAWINGS LIGHT RIGHT;So;0;ON;;;;;N;FORMS LIGHT RIGHT;;;; +2577;BOX DRAWINGS LIGHT DOWN;So;0;ON;;;;;N;FORMS LIGHT DOWN;;;; +2578;BOX DRAWINGS HEAVY LEFT;So;0;ON;;;;;N;FORMS HEAVY LEFT;;;; +2579;BOX DRAWINGS HEAVY UP;So;0;ON;;;;;N;FORMS HEAVY UP;;;; +257A;BOX DRAWINGS HEAVY RIGHT;So;0;ON;;;;;N;FORMS HEAVY RIGHT;;;; +257B;BOX DRAWINGS HEAVY DOWN;So;0;ON;;;;;N;FORMS HEAVY DOWN;;;; +257C;BOX DRAWINGS LIGHT LEFT AND HEAVY RIGHT;So;0;ON;;;;;N;FORMS LIGHT LEFT AND HEAVY RIGHT;;;; +257D;BOX DRAWINGS LIGHT UP AND HEAVY DOWN;So;0;ON;;;;;N;FORMS LIGHT UP AND HEAVY DOWN;;;; +257E;BOX DRAWINGS HEAVY LEFT AND LIGHT RIGHT;So;0;ON;;;;;N;FORMS HEAVY LEFT AND LIGHT RIGHT;;;; +257F;BOX DRAWINGS HEAVY UP AND LIGHT DOWN;So;0;ON;;;;;N;FORMS HEAVY UP AND LIGHT DOWN;;;; +2580;UPPER HALF BLOCK;So;0;ON;;;;;N;;;;; +2581;LOWER ONE EIGHTH BLOCK;So;0;ON;;;;;N;;;;; +2582;LOWER ONE QUARTER BLOCK;So;0;ON;;;;;N;;;;; +2583;LOWER THREE EIGHTHS BLOCK;So;0;ON;;;;;N;;;;; +2584;LOWER HALF BLOCK;So;0;ON;;;;;N;;;;; +2585;LOWER FIVE EIGHTHS BLOCK;So;0;ON;;;;;N;;;;; +2586;LOWER THREE QUARTERS BLOCK;So;0;ON;;;;;N;LOWER THREE QUARTER BLOCK;;;; +2587;LOWER SEVEN EIGHTHS BLOCK;So;0;ON;;;;;N;;;;; +2588;FULL BLOCK;So;0;ON;;;;;N;;;;; +2589;LEFT SEVEN EIGHTHS BLOCK;So;0;ON;;;;;N;;;;; +258A;LEFT THREE QUARTERS BLOCK;So;0;ON;;;;;N;LEFT THREE QUARTER BLOCK;;;; +258B;LEFT FIVE EIGHTHS BLOCK;So;0;ON;;;;;N;;;;; +258C;LEFT HALF BLOCK;So;0;ON;;;;;N;;;;; +258D;LEFT THREE EIGHTHS BLOCK;So;0;ON;;;;;N;;;;; +258E;LEFT ONE QUARTER BLOCK;So;0;ON;;;;;N;;;;; +258F;LEFT ONE EIGHTH BLOCK;So;0;ON;;;;;N;;;;; +2590;RIGHT HALF BLOCK;So;0;ON;;;;;N;;;;; +2591;LIGHT SHADE;So;0;ON;;;;;N;;;;; +2592;MEDIUM SHADE;So;0;ON;;;;;N;;;;; +2593;DARK SHADE;So;0;ON;;;;;N;;;;; +2594;UPPER ONE EIGHTH BLOCK;So;0;ON;;;;;N;;;;; +2595;RIGHT ONE EIGHTH BLOCK;So;0;ON;;;;;N;;;;; +2596;QUADRANT LOWER LEFT;So;0;ON;;;;;N;;;;; +2597;QUADRANT LOWER RIGHT;So;0;ON;;;;;N;;;;; +2598;QUADRANT UPPER LEFT;So;0;ON;;;;;N;;;;; +2599;QUADRANT UPPER LEFT AND LOWER LEFT AND LOWER RIGHT;So;0;ON;;;;;N;;;;; +259A;QUADRANT UPPER LEFT AND LOWER RIGHT;So;0;ON;;;;;N;;;;; +259B;QUADRANT UPPER LEFT AND UPPER RIGHT AND LOWER LEFT;So;0;ON;;;;;N;;;;; +259C;QUADRANT UPPER LEFT AND UPPER RIGHT AND LOWER RIGHT;So;0;ON;;;;;N;;;;; +259D;QUADRANT UPPER RIGHT;So;0;ON;;;;;N;;;;; +259E;QUADRANT UPPER RIGHT AND LOWER LEFT;So;0;ON;;;;;N;;;;; +259F;QUADRANT UPPER RIGHT AND LOWER LEFT AND LOWER RIGHT;So;0;ON;;;;;N;;;;; +25A0;BLACK SQUARE;So;0;ON;;;;;N;;;;; +25A1;WHITE SQUARE;So;0;ON;;;;;N;;;;; +25A2;WHITE SQUARE WITH ROUNDED CORNERS;So;0;ON;;;;;N;;;;; +25A3;WHITE SQUARE CONTAINING BLACK SMALL SQUARE;So;0;ON;;;;;N;;;;; +25A4;SQUARE WITH HORIZONTAL FILL;So;0;ON;;;;;N;;;;; +25A5;SQUARE WITH VERTICAL FILL;So;0;ON;;;;;N;;;;; +25A6;SQUARE WITH ORTHOGONAL CROSSHATCH FILL;So;0;ON;;;;;N;;;;; +25A7;SQUARE WITH UPPER LEFT TO LOWER RIGHT FILL;So;0;ON;;;;;N;;;;; +25A8;SQUARE WITH UPPER RIGHT TO LOWER LEFT FILL;So;0;ON;;;;;N;;;;; +25A9;SQUARE WITH DIAGONAL CROSSHATCH FILL;So;0;ON;;;;;N;;;;; +25AA;BLACK SMALL SQUARE;So;0;ON;;;;;N;;;;; +25AB;WHITE SMALL SQUARE;So;0;ON;;;;;N;;;;; +25AC;BLACK RECTANGLE;So;0;ON;;;;;N;;;;; +25AD;WHITE RECTANGLE;So;0;ON;;;;;N;;;;; +25AE;BLACK VERTICAL RECTANGLE;So;0;ON;;;;;N;;;;; +25AF;WHITE VERTICAL RECTANGLE;So;0;ON;;;;;N;;;;; +25B0;BLACK PARALLELOGRAM;So;0;ON;;;;;N;;;;; +25B1;WHITE PARALLELOGRAM;So;0;ON;;;;;N;;;;; +25B2;BLACK UP-POINTING TRIANGLE;So;0;ON;;;;;N;BLACK UP POINTING TRIANGLE;;;; +25B3;WHITE UP-POINTING TRIANGLE;So;0;ON;;;;;N;WHITE UP POINTING TRIANGLE;;;; +25B4;BLACK UP-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;BLACK UP POINTING SMALL TRIANGLE;;;; +25B5;WHITE UP-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;WHITE UP POINTING SMALL TRIANGLE;;;; +25B6;BLACK RIGHT-POINTING TRIANGLE;So;0;ON;;;;;N;BLACK RIGHT POINTING TRIANGLE;;;; +25B7;WHITE RIGHT-POINTING TRIANGLE;Sm;0;ON;;;;;N;WHITE RIGHT POINTING TRIANGLE;;;; +25B8;BLACK RIGHT-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;BLACK RIGHT POINTING SMALL TRIANGLE;;;; +25B9;WHITE RIGHT-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;WHITE RIGHT POINTING SMALL TRIANGLE;;;; +25BA;BLACK RIGHT-POINTING POINTER;So;0;ON;;;;;N;BLACK RIGHT POINTING POINTER;;;; +25BB;WHITE RIGHT-POINTING POINTER;So;0;ON;;;;;N;WHITE RIGHT POINTING POINTER;;;; +25BC;BLACK DOWN-POINTING TRIANGLE;So;0;ON;;;;;N;BLACK DOWN POINTING TRIANGLE;;;; +25BD;WHITE DOWN-POINTING TRIANGLE;So;0;ON;;;;;N;WHITE DOWN POINTING TRIANGLE;;;; +25BE;BLACK DOWN-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;BLACK DOWN POINTING SMALL TRIANGLE;;;; +25BF;WHITE DOWN-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;WHITE DOWN POINTING SMALL TRIANGLE;;;; +25C0;BLACK LEFT-POINTING TRIANGLE;So;0;ON;;;;;N;BLACK LEFT POINTING TRIANGLE;;;; +25C1;WHITE LEFT-POINTING TRIANGLE;Sm;0;ON;;;;;N;WHITE LEFT POINTING TRIANGLE;;;; +25C2;BLACK LEFT-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;BLACK LEFT POINTING SMALL TRIANGLE;;;; +25C3;WHITE LEFT-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;WHITE LEFT POINTING SMALL TRIANGLE;;;; +25C4;BLACK LEFT-POINTING POINTER;So;0;ON;;;;;N;BLACK LEFT POINTING POINTER;;;; +25C5;WHITE LEFT-POINTING POINTER;So;0;ON;;;;;N;WHITE LEFT POINTING POINTER;;;; +25C6;BLACK DIAMOND;So;0;ON;;;;;N;;;;; +25C7;WHITE DIAMOND;So;0;ON;;;;;N;;;;; +25C8;WHITE DIAMOND CONTAINING BLACK SMALL DIAMOND;So;0;ON;;;;;N;;;;; +25C9;FISHEYE;So;0;ON;;;;;N;;;;; +25CA;LOZENGE;So;0;ON;;;;;N;;;;; +25CB;WHITE CIRCLE;So;0;ON;;;;;N;;;;; +25CC;DOTTED CIRCLE;So;0;ON;;;;;N;;;;; +25CD;CIRCLE WITH VERTICAL FILL;So;0;ON;;;;;N;;;;; +25CE;BULLSEYE;So;0;ON;;;;;N;;;;; +25CF;BLACK CIRCLE;So;0;ON;;;;;N;;;;; +25D0;CIRCLE WITH LEFT HALF BLACK;So;0;ON;;;;;N;;;;; +25D1;CIRCLE WITH RIGHT HALF BLACK;So;0;ON;;;;;N;;;;; +25D2;CIRCLE WITH LOWER HALF BLACK;So;0;ON;;;;;N;;;;; +25D3;CIRCLE WITH UPPER HALF BLACK;So;0;ON;;;;;N;;;;; +25D4;CIRCLE WITH UPPER RIGHT QUADRANT BLACK;So;0;ON;;;;;N;;;;; +25D5;CIRCLE WITH ALL BUT UPPER LEFT QUADRANT BLACK;So;0;ON;;;;;N;;;;; +25D6;LEFT HALF BLACK CIRCLE;So;0;ON;;;;;N;;;;; +25D7;RIGHT HALF BLACK CIRCLE;So;0;ON;;;;;N;;;;; +25D8;INVERSE BULLET;So;0;ON;;;;;N;;;;; +25D9;INVERSE WHITE CIRCLE;So;0;ON;;;;;N;;;;; +25DA;UPPER HALF INVERSE WHITE CIRCLE;So;0;ON;;;;;N;;;;; +25DB;LOWER HALF INVERSE WHITE CIRCLE;So;0;ON;;;;;N;;;;; +25DC;UPPER LEFT QUADRANT CIRCULAR ARC;So;0;ON;;;;;N;;;;; +25DD;UPPER RIGHT QUADRANT CIRCULAR ARC;So;0;ON;;;;;N;;;;; +25DE;LOWER RIGHT QUADRANT CIRCULAR ARC;So;0;ON;;;;;N;;;;; +25DF;LOWER LEFT QUADRANT CIRCULAR ARC;So;0;ON;;;;;N;;;;; +25E0;UPPER HALF CIRCLE;So;0;ON;;;;;N;;;;; +25E1;LOWER HALF CIRCLE;So;0;ON;;;;;N;;;;; +25E2;BLACK LOWER RIGHT TRIANGLE;So;0;ON;;;;;N;;;;; +25E3;BLACK LOWER LEFT TRIANGLE;So;0;ON;;;;;N;;;;; +25E4;BLACK UPPER LEFT TRIANGLE;So;0;ON;;;;;N;;;;; +25E5;BLACK UPPER RIGHT TRIANGLE;So;0;ON;;;;;N;;;;; +25E6;WHITE BULLET;So;0;ON;;;;;N;;;;; +25E7;SQUARE WITH LEFT HALF BLACK;So;0;ON;;;;;N;;;;; +25E8;SQUARE WITH RIGHT HALF BLACK;So;0;ON;;;;;N;;;;; +25E9;SQUARE WITH UPPER LEFT DIAGONAL HALF BLACK;So;0;ON;;;;;N;;;;; +25EA;SQUARE WITH LOWER RIGHT DIAGONAL HALF BLACK;So;0;ON;;;;;N;;;;; +25EB;WHITE SQUARE WITH VERTICAL BISECTING LINE;So;0;ON;;;;;N;;;;; +25EC;WHITE UP-POINTING TRIANGLE WITH DOT;So;0;ON;;;;;N;WHITE UP POINTING TRIANGLE WITH DOT;;;; +25ED;UP-POINTING TRIANGLE WITH LEFT HALF BLACK;So;0;ON;;;;;N;UP POINTING TRIANGLE WITH LEFT HALF BLACK;;;; +25EE;UP-POINTING TRIANGLE WITH RIGHT HALF BLACK;So;0;ON;;;;;N;UP POINTING TRIANGLE WITH RIGHT HALF BLACK;;;; +25EF;LARGE CIRCLE;So;0;ON;;;;;N;;;;; +25F0;WHITE SQUARE WITH UPPER LEFT QUADRANT;So;0;ON;;;;;N;;;;; +25F1;WHITE SQUARE WITH LOWER LEFT QUADRANT;So;0;ON;;;;;N;;;;; +25F2;WHITE SQUARE WITH LOWER RIGHT QUADRANT;So;0;ON;;;;;N;;;;; +25F3;WHITE SQUARE WITH UPPER RIGHT QUADRANT;So;0;ON;;;;;N;;;;; +25F4;WHITE CIRCLE WITH UPPER LEFT QUADRANT;So;0;ON;;;;;N;;;;; +25F5;WHITE CIRCLE WITH LOWER LEFT QUADRANT;So;0;ON;;;;;N;;;;; +25F6;WHITE CIRCLE WITH LOWER RIGHT QUADRANT;So;0;ON;;;;;N;;;;; +25F7;WHITE CIRCLE WITH UPPER RIGHT QUADRANT;So;0;ON;;;;;N;;;;; +25F8;UPPER LEFT TRIANGLE;Sm;0;ON;;;;;N;;;;; +25F9;UPPER RIGHT TRIANGLE;Sm;0;ON;;;;;N;;;;; +25FA;LOWER LEFT TRIANGLE;Sm;0;ON;;;;;N;;;;; +25FB;WHITE MEDIUM SQUARE;Sm;0;ON;;;;;N;;;;; +25FC;BLACK MEDIUM SQUARE;Sm;0;ON;;;;;N;;;;; +25FD;WHITE MEDIUM SMALL SQUARE;Sm;0;ON;;;;;N;;;;; +25FE;BLACK MEDIUM SMALL SQUARE;Sm;0;ON;;;;;N;;;;; +25FF;LOWER RIGHT TRIANGLE;Sm;0;ON;;;;;N;;;;; +2600;BLACK SUN WITH RAYS;So;0;ON;;;;;N;;;;; +2601;CLOUD;So;0;ON;;;;;N;;;;; +2602;UMBRELLA;So;0;ON;;;;;N;;;;; +2603;SNOWMAN;So;0;ON;;;;;N;;;;; +2604;COMET;So;0;ON;;;;;N;;;;; +2605;BLACK STAR;So;0;ON;;;;;N;;;;; +2606;WHITE STAR;So;0;ON;;;;;N;;;;; +2607;LIGHTNING;So;0;ON;;;;;N;;;;; +2608;THUNDERSTORM;So;0;ON;;;;;N;;;;; +2609;SUN;So;0;ON;;;;;N;;;;; +260A;ASCENDING NODE;So;0;ON;;;;;N;;;;; +260B;DESCENDING NODE;So;0;ON;;;;;N;;;;; +260C;CONJUNCTION;So;0;ON;;;;;N;;;;; +260D;OPPOSITION;So;0;ON;;;;;N;;;;; +260E;BLACK TELEPHONE;So;0;ON;;;;;N;;;;; +260F;WHITE TELEPHONE;So;0;ON;;;;;N;;;;; +2610;BALLOT BOX;So;0;ON;;;;;N;;;;; +2611;BALLOT BOX WITH CHECK;So;0;ON;;;;;N;;;;; +2612;BALLOT BOX WITH X;So;0;ON;;;;;N;;;;; +2613;SALTIRE;So;0;ON;;;;;N;;;;; +2614;UMBRELLA WITH RAIN DROPS;So;0;ON;;;;;N;;;;; +2615;HOT BEVERAGE;So;0;ON;;;;;N;;;;; +2616;WHITE SHOGI PIECE;So;0;ON;;;;;N;;;;; +2617;BLACK SHOGI PIECE;So;0;ON;;;;;N;;;;; +2619;REVERSED ROTATED FLORAL HEART BULLET;So;0;ON;;;;;N;;;;; +261A;BLACK LEFT POINTING INDEX;So;0;ON;;;;;N;;;;; +261B;BLACK RIGHT POINTING INDEX;So;0;ON;;;;;N;;;;; +261C;WHITE LEFT POINTING INDEX;So;0;ON;;;;;N;;;;; +261D;WHITE UP POINTING INDEX;So;0;ON;;;;;N;;;;; +261E;WHITE RIGHT POINTING INDEX;So;0;ON;;;;;N;;;;; +261F;WHITE DOWN POINTING INDEX;So;0;ON;;;;;N;;;;; +2620;SKULL AND CROSSBONES;So;0;ON;;;;;N;;;;; +2621;CAUTION SIGN;So;0;ON;;;;;N;;;;; +2622;RADIOACTIVE SIGN;So;0;ON;;;;;N;;;;; +2623;BIOHAZARD SIGN;So;0;ON;;;;;N;;;;; +2624;CADUCEUS;So;0;ON;;;;;N;;;;; +2625;ANKH;So;0;ON;;;;;N;;;;; +2626;ORTHODOX CROSS;So;0;ON;;;;;N;;;;; +2627;CHI RHO;So;0;ON;;;;;N;;;;; +2628;CROSS OF LORRAINE;So;0;ON;;;;;N;;;;; +2629;CROSS OF JERUSALEM;So;0;ON;;;;;N;;;;; +262A;STAR AND CRESCENT;So;0;ON;;;;;N;;;;; +262B;FARSI SYMBOL;So;0;ON;;;;;N;SYMBOL OF IRAN;;;; +262C;ADI SHAKTI;So;0;ON;;;;;N;;;;; +262D;HAMMER AND SICKLE;So;0;ON;;;;;N;;;;; +262E;PEACE SYMBOL;So;0;ON;;;;;N;;;;; +262F;YIN YANG;So;0;ON;;;;;N;;;;; +2630;TRIGRAM FOR HEAVEN;So;0;ON;;;;;N;;;;; +2631;TRIGRAM FOR LAKE;So;0;ON;;;;;N;;;;; +2632;TRIGRAM FOR FIRE;So;0;ON;;;;;N;;;;; +2633;TRIGRAM FOR THUNDER;So;0;ON;;;;;N;;;;; +2634;TRIGRAM FOR WIND;So;0;ON;;;;;N;;;;; +2635;TRIGRAM FOR WATER;So;0;ON;;;;;N;;;;; +2636;TRIGRAM FOR MOUNTAIN;So;0;ON;;;;;N;;;;; +2637;TRIGRAM FOR EARTH;So;0;ON;;;;;N;;;;; +2638;WHEEL OF DHARMA;So;0;ON;;;;;N;;;;; +2639;WHITE FROWNING FACE;So;0;ON;;;;;N;;;;; +263A;WHITE SMILING FACE;So;0;ON;;;;;N;;;;; +263B;BLACK SMILING FACE;So;0;ON;;;;;N;;;;; +263C;WHITE SUN WITH RAYS;So;0;ON;;;;;N;;;;; +263D;FIRST QUARTER MOON;So;0;ON;;;;;N;;;;; +263E;LAST QUARTER MOON;So;0;ON;;;;;N;;;;; +263F;MERCURY;So;0;ON;;;;;N;;;;; +2640;FEMALE SIGN;So;0;ON;;;;;N;;;;; +2641;EARTH;So;0;ON;;;;;N;;;;; +2642;MALE SIGN;So;0;ON;;;;;N;;;;; +2643;JUPITER;So;0;ON;;;;;N;;;;; +2644;SATURN;So;0;ON;;;;;N;;;;; +2645;URANUS;So;0;ON;;;;;N;;;;; +2646;NEPTUNE;So;0;ON;;;;;N;;;;; +2647;PLUTO;So;0;ON;;;;;N;;;;; +2648;ARIES;So;0;ON;;;;;N;;;;; +2649;TAURUS;So;0;ON;;;;;N;;;;; +264A;GEMINI;So;0;ON;;;;;N;;;;; +264B;CANCER;So;0;ON;;;;;N;;;;; +264C;LEO;So;0;ON;;;;;N;;;;; +264D;VIRGO;So;0;ON;;;;;N;;;;; +264E;LIBRA;So;0;ON;;;;;N;;;;; +264F;SCORPIUS;So;0;ON;;;;;N;;;;; +2650;SAGITTARIUS;So;0;ON;;;;;N;;;;; +2651;CAPRICORN;So;0;ON;;;;;N;;;;; +2652;AQUARIUS;So;0;ON;;;;;N;;;;; +2653;PISCES;So;0;ON;;;;;N;;;;; +2654;WHITE CHESS KING;So;0;ON;;;;;N;;;;; +2655;WHITE CHESS QUEEN;So;0;ON;;;;;N;;;;; +2656;WHITE CHESS ROOK;So;0;ON;;;;;N;;;;; +2657;WHITE CHESS BISHOP;So;0;ON;;;;;N;;;;; +2658;WHITE CHESS KNIGHT;So;0;ON;;;;;N;;;;; +2659;WHITE CHESS PAWN;So;0;ON;;;;;N;;;;; +265A;BLACK CHESS KING;So;0;ON;;;;;N;;;;; +265B;BLACK CHESS QUEEN;So;0;ON;;;;;N;;;;; +265C;BLACK CHESS ROOK;So;0;ON;;;;;N;;;;; +265D;BLACK CHESS BISHOP;So;0;ON;;;;;N;;;;; +265E;BLACK CHESS KNIGHT;So;0;ON;;;;;N;;;;; +265F;BLACK CHESS PAWN;So;0;ON;;;;;N;;;;; +2660;BLACK SPADE SUIT;So;0;ON;;;;;N;;;;; +2661;WHITE HEART SUIT;So;0;ON;;;;;N;;;;; +2662;WHITE DIAMOND SUIT;So;0;ON;;;;;N;;;;; +2663;BLACK CLUB SUIT;So;0;ON;;;;;N;;;;; +2664;WHITE SPADE SUIT;So;0;ON;;;;;N;;;;; +2665;BLACK HEART SUIT;So;0;ON;;;;;N;;;;; +2666;BLACK DIAMOND SUIT;So;0;ON;;;;;N;;;;; +2667;WHITE CLUB SUIT;So;0;ON;;;;;N;;;;; +2668;HOT SPRINGS;So;0;ON;;;;;N;;;;; +2669;QUARTER NOTE;So;0;ON;;;;;N;;;;; +266A;EIGHTH NOTE;So;0;ON;;;;;N;;;;; +266B;BEAMED EIGHTH NOTES;So;0;ON;;;;;N;BARRED EIGHTH NOTES;;;; +266C;BEAMED SIXTEENTH NOTES;So;0;ON;;;;;N;BARRED SIXTEENTH NOTES;;;; +266D;MUSIC FLAT SIGN;So;0;ON;;;;;N;FLAT;;;; +266E;MUSIC NATURAL SIGN;So;0;ON;;;;;N;NATURAL;;;; +266F;MUSIC SHARP SIGN;Sm;0;ON;;;;;N;SHARP;;;; +2670;WEST SYRIAC CROSS;So;0;ON;;;;;N;;;;; +2671;EAST SYRIAC CROSS;So;0;ON;;;;;N;;;;; +2672;UNIVERSAL RECYCLING SYMBOL;So;0;ON;;;;;N;;;;; +2673;RECYCLING SYMBOL FOR TYPE-1 PLASTICS;So;0;ON;;;;;N;;pete;;; +2674;RECYCLING SYMBOL FOR TYPE-2 PLASTICS;So;0;ON;;;;;N;;hdpe;;; +2675;RECYCLING SYMBOL FOR TYPE-3 PLASTICS;So;0;ON;;;;;N;;pvc;;; +2676;RECYCLING SYMBOL FOR TYPE-4 PLASTICS;So;0;ON;;;;;N;;ldpe;;; +2677;RECYCLING SYMBOL FOR TYPE-5 PLASTICS;So;0;ON;;;;;N;;pp;;; +2678;RECYCLING SYMBOL FOR TYPE-6 PLASTICS;So;0;ON;;;;;N;;ps;;; +2679;RECYCLING SYMBOL FOR TYPE-7 PLASTICS;So;0;ON;;;;;N;;other;;; +267A;RECYCLING SYMBOL FOR GENERIC MATERIALS;So;0;ON;;;;;N;;;;; +267B;BLACK UNIVERSAL RECYCLING SYMBOL;So;0;ON;;;;;N;;;;; +267C;RECYCLED PAPER SYMBOL;So;0;ON;;;;;N;;;;; +267D;PARTIALLY-RECYCLED PAPER SYMBOL;So;0;ON;;;;;N;;;;; +2680;DIE FACE-1;So;0;ON;;;;;N;;;;; +2681;DIE FACE-2;So;0;ON;;;;;N;;;;; +2682;DIE FACE-3;So;0;ON;;;;;N;;;;; +2683;DIE FACE-4;So;0;ON;;;;;N;;;;; +2684;DIE FACE-5;So;0;ON;;;;;N;;;;; +2685;DIE FACE-6;So;0;ON;;;;;N;;;;; +2686;WHITE CIRCLE WITH DOT RIGHT;So;0;ON;;;;;N;;;;; +2687;WHITE CIRCLE WITH TWO DOTS;So;0;ON;;;;;N;;;;; +2688;BLACK CIRCLE WITH WHITE DOT RIGHT;So;0;ON;;;;;N;;;;; +2689;BLACK CIRCLE WITH TWO WHITE DOTS;So;0;ON;;;;;N;;;;; +268A;MONOGRAM FOR YANG;So;0;ON;;;;;N;;;;; +268B;MONOGRAM FOR YIN;So;0;ON;;;;;N;;;;; +268C;DIGRAM FOR GREATER YANG;So;0;ON;;;;;N;;;;; +268D;DIGRAM FOR LESSER YIN;So;0;ON;;;;;N;;;;; +268E;DIGRAM FOR LESSER YANG;So;0;ON;;;;;N;;;;; +268F;DIGRAM FOR GREATER YIN;So;0;ON;;;;;N;;;;; +2690;WHITE FLAG;So;0;ON;;;;;N;;;;; +2691;BLACK FLAG;So;0;ON;;;;;N;;;;; +26A0;WARNING SIGN;So;0;ON;;;;;N;;;;; +26A1;HIGH VOLTAGE SIGN;So;0;ON;;;;;N;;;;; +2701;UPPER BLADE SCISSORS;So;0;ON;;;;;N;;;;; +2702;BLACK SCISSORS;So;0;ON;;;;;N;;;;; +2703;LOWER BLADE SCISSORS;So;0;ON;;;;;N;;;;; +2704;WHITE SCISSORS;So;0;ON;;;;;N;;;;; +2706;TELEPHONE LOCATION SIGN;So;0;ON;;;;;N;;;;; +2707;TAPE DRIVE;So;0;ON;;;;;N;;;;; +2708;AIRPLANE;So;0;ON;;;;;N;;;;; +2709;ENVELOPE;So;0;ON;;;;;N;;;;; +270C;VICTORY HAND;So;0;ON;;;;;N;;;;; +270D;WRITING HAND;So;0;ON;;;;;N;;;;; +270E;LOWER RIGHT PENCIL;So;0;ON;;;;;N;;;;; +270F;PENCIL;So;0;ON;;;;;N;;;;; +2710;UPPER RIGHT PENCIL;So;0;ON;;;;;N;;;;; +2711;WHITE NIB;So;0;ON;;;;;N;;;;; +2712;BLACK NIB;So;0;ON;;;;;N;;;;; +2713;CHECK MARK;So;0;ON;;;;;N;;;;; +2714;HEAVY CHECK MARK;So;0;ON;;;;;N;;;;; +2715;MULTIPLICATION X;So;0;ON;;;;;N;;;;; +2716;HEAVY MULTIPLICATION X;So;0;ON;;;;;N;;;;; +2717;BALLOT X;So;0;ON;;;;;N;;;;; +2718;HEAVY BALLOT X;So;0;ON;;;;;N;;;;; +2719;OUTLINED GREEK CROSS;So;0;ON;;;;;N;;;;; +271A;HEAVY GREEK CROSS;So;0;ON;;;;;N;;;;; +271B;OPEN CENTRE CROSS;So;0;ON;;;;;N;OPEN CENTER CROSS;;;; +271C;HEAVY OPEN CENTRE CROSS;So;0;ON;;;;;N;HEAVY OPEN CENTER CROSS;;;; +271D;LATIN CROSS;So;0;ON;;;;;N;;;;; +271E;SHADOWED WHITE LATIN CROSS;So;0;ON;;;;;N;;;;; +271F;OUTLINED LATIN CROSS;So;0;ON;;;;;N;;;;; +2720;MALTESE CROSS;So;0;ON;;;;;N;;;;; +2721;STAR OF DAVID;So;0;ON;;;;;N;;;;; +2722;FOUR TEARDROP-SPOKED ASTERISK;So;0;ON;;;;;N;;;;; +2723;FOUR BALLOON-SPOKED ASTERISK;So;0;ON;;;;;N;;;;; +2724;HEAVY FOUR BALLOON-SPOKED ASTERISK;So;0;ON;;;;;N;;;;; +2725;FOUR CLUB-SPOKED ASTERISK;So;0;ON;;;;;N;;;;; +2726;BLACK FOUR POINTED STAR;So;0;ON;;;;;N;;;;; +2727;WHITE FOUR POINTED STAR;So;0;ON;;;;;N;;;;; +2729;STRESS OUTLINED WHITE STAR;So;0;ON;;;;;N;;;;; +272A;CIRCLED WHITE STAR;So;0;ON;;;;;N;;;;; +272B;OPEN CENTRE BLACK STAR;So;0;ON;;;;;N;OPEN CENTER BLACK STAR;;;; +272C;BLACK CENTRE WHITE STAR;So;0;ON;;;;;N;BLACK CENTER WHITE STAR;;;; +272D;OUTLINED BLACK STAR;So;0;ON;;;;;N;;;;; +272E;HEAVY OUTLINED BLACK STAR;So;0;ON;;;;;N;;;;; +272F;PINWHEEL STAR;So;0;ON;;;;;N;;;;; +2730;SHADOWED WHITE STAR;So;0;ON;;;;;N;;;;; +2731;HEAVY ASTERISK;So;0;ON;;;;;N;;;;; +2732;OPEN CENTRE ASTERISK;So;0;ON;;;;;N;OPEN CENTER ASTERISK;;;; +2733;EIGHT SPOKED ASTERISK;So;0;ON;;;;;N;;;;; +2734;EIGHT POINTED BLACK STAR;So;0;ON;;;;;N;;;;; +2735;EIGHT POINTED PINWHEEL STAR;So;0;ON;;;;;N;;;;; +2736;SIX POINTED BLACK STAR;So;0;ON;;;;;N;;;;; +2737;EIGHT POINTED RECTILINEAR BLACK STAR;So;0;ON;;;;;N;;;;; +2738;HEAVY EIGHT POINTED RECTILINEAR BLACK STAR;So;0;ON;;;;;N;;;;; +2739;TWELVE POINTED BLACK STAR;So;0;ON;;;;;N;;;;; +273A;SIXTEEN POINTED ASTERISK;So;0;ON;;;;;N;;;;; +273B;TEARDROP-SPOKED ASTERISK;So;0;ON;;;;;N;;;;; +273C;OPEN CENTRE TEARDROP-SPOKED ASTERISK;So;0;ON;;;;;N;OPEN CENTER TEARDROP-SPOKED ASTERISK;;;; +273D;HEAVY TEARDROP-SPOKED ASTERISK;So;0;ON;;;;;N;;;;; +273E;SIX PETALLED BLACK AND WHITE FLORETTE;So;0;ON;;;;;N;;;;; +273F;BLACK FLORETTE;So;0;ON;;;;;N;;;;; +2740;WHITE FLORETTE;So;0;ON;;;;;N;;;;; +2741;EIGHT PETALLED OUTLINED BLACK FLORETTE;So;0;ON;;;;;N;;;;; +2742;CIRCLED OPEN CENTRE EIGHT POINTED STAR;So;0;ON;;;;;N;CIRCLED OPEN CENTER EIGHT POINTED STAR;;;; +2743;HEAVY TEARDROP-SPOKED PINWHEEL ASTERISK;So;0;ON;;;;;N;;;;; +2744;SNOWFLAKE;So;0;ON;;;;;N;;;;; +2745;TIGHT TRIFOLIATE SNOWFLAKE;So;0;ON;;;;;N;;;;; +2746;HEAVY CHEVRON SNOWFLAKE;So;0;ON;;;;;N;;;;; +2747;SPARKLE;So;0;ON;;;;;N;;;;; +2748;HEAVY SPARKLE;So;0;ON;;;;;N;;;;; +2749;BALLOON-SPOKED ASTERISK;So;0;ON;;;;;N;;;;; +274A;EIGHT TEARDROP-SPOKED PROPELLER ASTERISK;So;0;ON;;;;;N;;;;; +274B;HEAVY EIGHT TEARDROP-SPOKED PROPELLER ASTERISK;So;0;ON;;;;;N;;;;; +274D;SHADOWED WHITE CIRCLE;So;0;ON;;;;;N;;;;; +274F;LOWER RIGHT DROP-SHADOWED WHITE SQUARE;So;0;ON;;;;;N;;;;; +2750;UPPER RIGHT DROP-SHADOWED WHITE SQUARE;So;0;ON;;;;;N;;;;; +2751;LOWER RIGHT SHADOWED WHITE SQUARE;So;0;ON;;;;;N;;;;; +2752;UPPER RIGHT SHADOWED WHITE SQUARE;So;0;ON;;;;;N;;;;; +2756;BLACK DIAMOND MINUS WHITE X;So;0;ON;;;;;N;;;;; +2758;LIGHT VERTICAL BAR;So;0;ON;;;;;N;;;;; +2759;MEDIUM VERTICAL BAR;So;0;ON;;;;;N;;;;; +275A;HEAVY VERTICAL BAR;So;0;ON;;;;;N;;;;; +275B;HEAVY SINGLE TURNED COMMA QUOTATION MARK ORNAMENT;So;0;ON;;;;;N;;;;; +275C;HEAVY SINGLE COMMA QUOTATION MARK ORNAMENT;So;0;ON;;;;;N;;;;; +275D;HEAVY DOUBLE TURNED COMMA QUOTATION MARK ORNAMENT;So;0;ON;;;;;N;;;;; +275E;HEAVY DOUBLE COMMA QUOTATION MARK ORNAMENT;So;0;ON;;;;;N;;;;; +2761;CURVED STEM PARAGRAPH SIGN ORNAMENT;So;0;ON;;;;;N;;;;; +2762;HEAVY EXCLAMATION MARK ORNAMENT;So;0;ON;;;;;N;;;;; +2763;HEAVY HEART EXCLAMATION MARK ORNAMENT;So;0;ON;;;;;N;;;;; +2764;HEAVY BLACK HEART;So;0;ON;;;;;N;;;;; +2765;ROTATED HEAVY BLACK HEART BULLET;So;0;ON;;;;;N;;;;; +2766;FLORAL HEART;So;0;ON;;;;;N;;;;; +2767;ROTATED FLORAL HEART BULLET;So;0;ON;;;;;N;;;;; +2768;MEDIUM LEFT PARENTHESIS ORNAMENT;Ps;0;ON;;;;;Y;;;;; +2769;MEDIUM RIGHT PARENTHESIS ORNAMENT;Pe;0;ON;;;;;Y;;;;; +276A;MEDIUM FLATTENED LEFT PARENTHESIS ORNAMENT;Ps;0;ON;;;;;Y;;;;; +276B;MEDIUM FLATTENED RIGHT PARENTHESIS ORNAMENT;Pe;0;ON;;;;;Y;;;;; +276C;MEDIUM LEFT-POINTING ANGLE BRACKET ORNAMENT;Ps;0;ON;;;;;Y;;;;; +276D;MEDIUM RIGHT-POINTING ANGLE BRACKET ORNAMENT;Pe;0;ON;;;;;Y;;;;; +276E;HEAVY LEFT-POINTING ANGLE QUOTATION MARK ORNAMENT;Ps;0;ON;;;;;Y;;;;; +276F;HEAVY RIGHT-POINTING ANGLE QUOTATION MARK ORNAMENT;Pe;0;ON;;;;;Y;;;;; +2770;HEAVY LEFT-POINTING ANGLE BRACKET ORNAMENT;Ps;0;ON;;;;;Y;;;;; +2771;HEAVY RIGHT-POINTING ANGLE BRACKET ORNAMENT;Pe;0;ON;;;;;Y;;;;; +2772;LIGHT LEFT TORTOISE SHELL BRACKET ORNAMENT;Ps;0;ON;;;;;Y;;;;; +2773;LIGHT RIGHT TORTOISE SHELL BRACKET ORNAMENT;Pe;0;ON;;;;;Y;;;;; +2774;MEDIUM LEFT CURLY BRACKET ORNAMENT;Ps;0;ON;;;;;Y;;;;; +2775;MEDIUM RIGHT CURLY BRACKET ORNAMENT;Pe;0;ON;;;;;Y;;;;; +2776;DINGBAT NEGATIVE CIRCLED DIGIT ONE;No;0;ON;;;1;1;N;INVERSE CIRCLED DIGIT ONE;;;; +2777;DINGBAT NEGATIVE CIRCLED DIGIT TWO;No;0;ON;;;2;2;N;INVERSE CIRCLED DIGIT TWO;;;; +2778;DINGBAT NEGATIVE CIRCLED DIGIT THREE;No;0;ON;;;3;3;N;INVERSE CIRCLED DIGIT THREE;;;; +2779;DINGBAT NEGATIVE CIRCLED DIGIT FOUR;No;0;ON;;;4;4;N;INVERSE CIRCLED DIGIT FOUR;;;; +277A;DINGBAT NEGATIVE CIRCLED DIGIT FIVE;No;0;ON;;;5;5;N;INVERSE CIRCLED DIGIT FIVE;;;; +277B;DINGBAT NEGATIVE CIRCLED DIGIT SIX;No;0;ON;;;6;6;N;INVERSE CIRCLED DIGIT SIX;;;; +277C;DINGBAT NEGATIVE CIRCLED DIGIT SEVEN;No;0;ON;;;7;7;N;INVERSE CIRCLED DIGIT SEVEN;;;; +277D;DINGBAT NEGATIVE CIRCLED DIGIT EIGHT;No;0;ON;;;8;8;N;INVERSE CIRCLED DIGIT EIGHT;;;; +277E;DINGBAT NEGATIVE CIRCLED DIGIT NINE;No;0;ON;;;9;9;N;INVERSE CIRCLED DIGIT NINE;;;; +277F;DINGBAT NEGATIVE CIRCLED NUMBER TEN;No;0;ON;;;;10;N;INVERSE CIRCLED NUMBER TEN;;;; +2780;DINGBAT CIRCLED SANS-SERIF DIGIT ONE;No;0;ON;;;1;1;N;CIRCLED SANS-SERIF DIGIT ONE;;;; +2781;DINGBAT CIRCLED SANS-SERIF DIGIT TWO;No;0;ON;;;2;2;N;CIRCLED SANS-SERIF DIGIT TWO;;;; +2782;DINGBAT CIRCLED SANS-SERIF DIGIT THREE;No;0;ON;;;3;3;N;CIRCLED SANS-SERIF DIGIT THREE;;;; +2783;DINGBAT CIRCLED SANS-SERIF DIGIT FOUR;No;0;ON;;;4;4;N;CIRCLED SANS-SERIF DIGIT FOUR;;;; +2784;DINGBAT CIRCLED SANS-SERIF DIGIT FIVE;No;0;ON;;;5;5;N;CIRCLED SANS-SERIF DIGIT FIVE;;;; +2785;DINGBAT CIRCLED SANS-SERIF DIGIT SIX;No;0;ON;;;6;6;N;CIRCLED SANS-SERIF DIGIT SIX;;;; +2786;DINGBAT CIRCLED SANS-SERIF DIGIT SEVEN;No;0;ON;;;7;7;N;CIRCLED SANS-SERIF DIGIT SEVEN;;;; +2787;DINGBAT CIRCLED SANS-SERIF DIGIT EIGHT;No;0;ON;;;8;8;N;CIRCLED SANS-SERIF DIGIT EIGHT;;;; +2788;DINGBAT CIRCLED SANS-SERIF DIGIT NINE;No;0;ON;;;9;9;N;CIRCLED SANS-SERIF DIGIT NINE;;;; +2789;DINGBAT CIRCLED SANS-SERIF NUMBER TEN;No;0;ON;;;;10;N;CIRCLED SANS-SERIF NUMBER TEN;;;; +278A;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT ONE;No;0;ON;;;1;1;N;INVERSE CIRCLED SANS-SERIF DIGIT ONE;;;; +278B;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT TWO;No;0;ON;;;2;2;N;INVERSE CIRCLED SANS-SERIF DIGIT TWO;;;; +278C;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT THREE;No;0;ON;;;3;3;N;INVERSE CIRCLED SANS-SERIF DIGIT THREE;;;; +278D;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT FOUR;No;0;ON;;;4;4;N;INVERSE CIRCLED SANS-SERIF DIGIT FOUR;;;; +278E;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT FIVE;No;0;ON;;;5;5;N;INVERSE CIRCLED SANS-SERIF DIGIT FIVE;;;; +278F;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT SIX;No;0;ON;;;6;6;N;INVERSE CIRCLED SANS-SERIF DIGIT SIX;;;; +2790;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT SEVEN;No;0;ON;;;7;7;N;INVERSE CIRCLED SANS-SERIF DIGIT SEVEN;;;; +2791;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT EIGHT;No;0;ON;;;8;8;N;INVERSE CIRCLED SANS-SERIF DIGIT EIGHT;;;; +2792;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT NINE;No;0;ON;;;9;9;N;INVERSE CIRCLED SANS-SERIF DIGIT NINE;;;; +2793;DINGBAT NEGATIVE CIRCLED SANS-SERIF NUMBER TEN;No;0;ON;;;;10;N;INVERSE CIRCLED SANS-SERIF NUMBER TEN;;;; +2794;HEAVY WIDE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY WIDE-HEADED RIGHT ARROW;;;; +2798;HEAVY SOUTH EAST ARROW;So;0;ON;;;;;N;HEAVY LOWER RIGHT ARROW;;;; +2799;HEAVY RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY RIGHT ARROW;;;; +279A;HEAVY NORTH EAST ARROW;So;0;ON;;;;;N;HEAVY UPPER RIGHT ARROW;;;; +279B;DRAFTING POINT RIGHTWARDS ARROW;So;0;ON;;;;;N;DRAFTING POINT RIGHT ARROW;;;; +279C;HEAVY ROUND-TIPPED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY ROUND-TIPPED RIGHT ARROW;;;; +279D;TRIANGLE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;TRIANGLE-HEADED RIGHT ARROW;;;; +279E;HEAVY TRIANGLE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY TRIANGLE-HEADED RIGHT ARROW;;;; +279F;DASHED TRIANGLE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;DASHED TRIANGLE-HEADED RIGHT ARROW;;;; +27A0;HEAVY DASHED TRIANGLE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY DASHED TRIANGLE-HEADED RIGHT ARROW;;;; +27A1;BLACK RIGHTWARDS ARROW;So;0;ON;;;;;N;BLACK RIGHT ARROW;;;; +27A2;THREE-D TOP-LIGHTED RIGHTWARDS ARROWHEAD;So;0;ON;;;;;N;THREE-D TOP-LIGHTED RIGHT ARROWHEAD;;;; +27A3;THREE-D BOTTOM-LIGHTED RIGHTWARDS ARROWHEAD;So;0;ON;;;;;N;THREE-D BOTTOM-LIGHTED RIGHT ARROWHEAD;;;; +27A4;BLACK RIGHTWARDS ARROWHEAD;So;0;ON;;;;;N;BLACK RIGHT ARROWHEAD;;;; +27A5;HEAVY BLACK CURVED DOWNWARDS AND RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY BLACK CURVED DOWN AND RIGHT ARROW;;;; +27A6;HEAVY BLACK CURVED UPWARDS AND RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY BLACK CURVED UP AND RIGHT ARROW;;;; +27A7;SQUAT BLACK RIGHTWARDS ARROW;So;0;ON;;;;;N;SQUAT BLACK RIGHT ARROW;;;; +27A8;HEAVY CONCAVE-POINTED BLACK RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY CONCAVE-POINTED BLACK RIGHT ARROW;;;; +27A9;RIGHT-SHADED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;RIGHT-SHADED WHITE RIGHT ARROW;;;; +27AA;LEFT-SHADED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;LEFT-SHADED WHITE RIGHT ARROW;;;; +27AB;BACK-TILTED SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;BACK-TILTED SHADOWED WHITE RIGHT ARROW;;;; +27AC;FRONT-TILTED SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;FRONT-TILTED SHADOWED WHITE RIGHT ARROW;;;; +27AD;HEAVY LOWER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY LOWER RIGHT-SHADOWED WHITE RIGHT ARROW;;;; +27AE;HEAVY UPPER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY UPPER RIGHT-SHADOWED WHITE RIGHT ARROW;;;; +27AF;NOTCHED LOWER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;NOTCHED LOWER RIGHT-SHADOWED WHITE RIGHT ARROW;;;; +27B1;NOTCHED UPPER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;NOTCHED UPPER RIGHT-SHADOWED WHITE RIGHT ARROW;;;; +27B2;CIRCLED HEAVY WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;CIRCLED HEAVY WHITE RIGHT ARROW;;;; +27B3;WHITE-FEATHERED RIGHTWARDS ARROW;So;0;ON;;;;;N;WHITE-FEATHERED RIGHT ARROW;;;; +27B4;BLACK-FEATHERED SOUTH EAST ARROW;So;0;ON;;;;;N;BLACK-FEATHERED LOWER RIGHT ARROW;;;; +27B5;BLACK-FEATHERED RIGHTWARDS ARROW;So;0;ON;;;;;N;BLACK-FEATHERED RIGHT ARROW;;;; +27B6;BLACK-FEATHERED NORTH EAST ARROW;So;0;ON;;;;;N;BLACK-FEATHERED UPPER RIGHT ARROW;;;; +27B7;HEAVY BLACK-FEATHERED SOUTH EAST ARROW;So;0;ON;;;;;N;HEAVY BLACK-FEATHERED LOWER RIGHT ARROW;;;; +27B8;HEAVY BLACK-FEATHERED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY BLACK-FEATHERED RIGHT ARROW;;;; +27B9;HEAVY BLACK-FEATHERED NORTH EAST ARROW;So;0;ON;;;;;N;HEAVY BLACK-FEATHERED UPPER RIGHT ARROW;;;; +27BA;TEARDROP-BARBED RIGHTWARDS ARROW;So;0;ON;;;;;N;TEARDROP-BARBED RIGHT ARROW;;;; +27BB;HEAVY TEARDROP-SHANKED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY TEARDROP-SHANKED RIGHT ARROW;;;; +27BC;WEDGE-TAILED RIGHTWARDS ARROW;So;0;ON;;;;;N;WEDGE-TAILED RIGHT ARROW;;;; +27BD;HEAVY WEDGE-TAILED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY WEDGE-TAILED RIGHT ARROW;;;; +27BE;OPEN-OUTLINED RIGHTWARDS ARROW;So;0;ON;;;;;N;OPEN-OUTLINED RIGHT ARROW;;;; +27D0;WHITE DIAMOND WITH CENTRED DOT;Sm;0;ON;;;;;N;;;;; +27D1;AND WITH DOT;Sm;0;ON;;;;;N;;;;; +27D2;ELEMENT OF OPENING UPWARDS;Sm;0;ON;;;;;N;;;;; +27D3;LOWER RIGHT CORNER WITH DOT;Sm;0;ON;;;;;Y;;;;; +27D4;UPPER LEFT CORNER WITH DOT;Sm;0;ON;;;;;Y;;;;; +27D5;LEFT OUTER JOIN;Sm;0;ON;;;;;Y;;;;; +27D6;RIGHT OUTER JOIN;Sm;0;ON;;;;;Y;;;;; +27D7;FULL OUTER JOIN;Sm;0;ON;;;;;N;;;;; +27D8;LARGE UP TACK;Sm;0;ON;;;;;N;;;;; +27D9;LARGE DOWN TACK;Sm;0;ON;;;;;N;;;;; +27DA;LEFT AND RIGHT DOUBLE TURNSTILE;Sm;0;ON;;;;;N;;;;; +27DB;LEFT AND RIGHT TACK;Sm;0;ON;;;;;N;;;;; +27DC;LEFT MULTIMAP;Sm;0;ON;;;;;Y;;;;; +27DD;LONG RIGHT TACK;Sm;0;ON;;;;;Y;;;;; +27DE;LONG LEFT TACK;Sm;0;ON;;;;;Y;;;;; +27DF;UP TACK WITH CIRCLE ABOVE;Sm;0;ON;;;;;N;;;;; +27E0;LOZENGE DIVIDED BY HORIZONTAL RULE;Sm;0;ON;;;;;N;;;;; +27E1;WHITE CONCAVE-SIDED DIAMOND;Sm;0;ON;;;;;N;;;;; +27E2;WHITE CONCAVE-SIDED DIAMOND WITH LEFTWARDS TICK;Sm;0;ON;;;;;Y;;;;; +27E3;WHITE CONCAVE-SIDED DIAMOND WITH RIGHTWARDS TICK;Sm;0;ON;;;;;Y;;;;; +27E4;WHITE SQUARE WITH LEFTWARDS TICK;Sm;0;ON;;;;;Y;;;;; +27E5;WHITE SQUARE WITH RIGHTWARDS TICK;Sm;0;ON;;;;;Y;;;;; +27E6;MATHEMATICAL LEFT WHITE SQUARE BRACKET;Ps;0;ON;;;;;Y;;;;; +27E7;MATHEMATICAL RIGHT WHITE SQUARE BRACKET;Pe;0;ON;;;;;Y;;;;; +27E8;MATHEMATICAL LEFT ANGLE BRACKET;Ps;0;ON;;;;;Y;;;;; +27E9;MATHEMATICAL RIGHT ANGLE BRACKET;Pe;0;ON;;;;;Y;;;;; +27EA;MATHEMATICAL LEFT DOUBLE ANGLE BRACKET;Ps;0;ON;;;;;Y;;;;; +27EB;MATHEMATICAL RIGHT DOUBLE ANGLE BRACKET;Pe;0;ON;;;;;Y;;;;; +27F0;UPWARDS QUADRUPLE ARROW;Sm;0;ON;;;;;N;;;;; +27F1;DOWNWARDS QUADRUPLE ARROW;Sm;0;ON;;;;;N;;;;; +27F2;ANTICLOCKWISE GAPPED CIRCLE ARROW;Sm;0;ON;;;;;N;;;;; +27F3;CLOCKWISE GAPPED CIRCLE ARROW;Sm;0;ON;;;;;N;;;;; +27F4;RIGHT ARROW WITH CIRCLED PLUS;Sm;0;ON;;;;;N;;;;; +27F5;LONG LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +27F6;LONG RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +27F7;LONG LEFT RIGHT ARROW;Sm;0;ON;;;;;N;;;;; +27F8;LONG LEFTWARDS DOUBLE ARROW;Sm;0;ON;;;;;N;;;;; +27F9;LONG RIGHTWARDS DOUBLE ARROW;Sm;0;ON;;;;;N;;;;; +27FA;LONG LEFT RIGHT DOUBLE ARROW;Sm;0;ON;;;;;N;;;;; +27FB;LONG LEFTWARDS ARROW FROM BAR;Sm;0;ON;;;;;N;;;;; +27FC;LONG RIGHTWARDS ARROW FROM BAR;Sm;0;ON;;;;;N;;;;; +27FD;LONG LEFTWARDS DOUBLE ARROW FROM BAR;Sm;0;ON;;;;;N;;;;; +27FE;LONG RIGHTWARDS DOUBLE ARROW FROM BAR;Sm;0;ON;;;;;N;;;;; +27FF;LONG RIGHTWARDS SQUIGGLE ARROW;Sm;0;ON;;;;;N;;;;; +2800;BRAILLE PATTERN BLANK;So;0;L;;;;;N;;;;; +2801;BRAILLE PATTERN DOTS-1;So;0;L;;;;;N;;;;; +2802;BRAILLE PATTERN DOTS-2;So;0;L;;;;;N;;;;; +2803;BRAILLE PATTERN DOTS-12;So;0;L;;;;;N;;;;; +2804;BRAILLE PATTERN DOTS-3;So;0;L;;;;;N;;;;; +2805;BRAILLE PATTERN DOTS-13;So;0;L;;;;;N;;;;; +2806;BRAILLE PATTERN DOTS-23;So;0;L;;;;;N;;;;; +2807;BRAILLE PATTERN DOTS-123;So;0;L;;;;;N;;;;; +2808;BRAILLE PATTERN DOTS-4;So;0;L;;;;;N;;;;; +2809;BRAILLE PATTERN DOTS-14;So;0;L;;;;;N;;;;; +280A;BRAILLE PATTERN DOTS-24;So;0;L;;;;;N;;;;; +280B;BRAILLE PATTERN DOTS-124;So;0;L;;;;;N;;;;; +280C;BRAILLE PATTERN DOTS-34;So;0;L;;;;;N;;;;; +280D;BRAILLE PATTERN DOTS-134;So;0;L;;;;;N;;;;; +280E;BRAILLE PATTERN DOTS-234;So;0;L;;;;;N;;;;; +280F;BRAILLE PATTERN DOTS-1234;So;0;L;;;;;N;;;;; +2810;BRAILLE PATTERN DOTS-5;So;0;L;;;;;N;;;;; +2811;BRAILLE PATTERN DOTS-15;So;0;L;;;;;N;;;;; +2812;BRAILLE PATTERN DOTS-25;So;0;L;;;;;N;;;;; +2813;BRAILLE PATTERN DOTS-125;So;0;L;;;;;N;;;;; +2814;BRAILLE PATTERN DOTS-35;So;0;L;;;;;N;;;;; +2815;BRAILLE PATTERN DOTS-135;So;0;L;;;;;N;;;;; +2816;BRAILLE PATTERN DOTS-235;So;0;L;;;;;N;;;;; +2817;BRAILLE PATTERN DOTS-1235;So;0;L;;;;;N;;;;; +2818;BRAILLE PATTERN DOTS-45;So;0;L;;;;;N;;;;; +2819;BRAILLE PATTERN DOTS-145;So;0;L;;;;;N;;;;; +281A;BRAILLE PATTERN DOTS-245;So;0;L;;;;;N;;;;; +281B;BRAILLE PATTERN DOTS-1245;So;0;L;;;;;N;;;;; +281C;BRAILLE PATTERN DOTS-345;So;0;L;;;;;N;;;;; +281D;BRAILLE PATTERN DOTS-1345;So;0;L;;;;;N;;;;; +281E;BRAILLE PATTERN DOTS-2345;So;0;L;;;;;N;;;;; +281F;BRAILLE PATTERN DOTS-12345;So;0;L;;;;;N;;;;; +2820;BRAILLE PATTERN DOTS-6;So;0;L;;;;;N;;;;; +2821;BRAILLE PATTERN DOTS-16;So;0;L;;;;;N;;;;; +2822;BRAILLE PATTERN DOTS-26;So;0;L;;;;;N;;;;; +2823;BRAILLE PATTERN DOTS-126;So;0;L;;;;;N;;;;; +2824;BRAILLE PATTERN DOTS-36;So;0;L;;;;;N;;;;; +2825;BRAILLE PATTERN DOTS-136;So;0;L;;;;;N;;;;; +2826;BRAILLE PATTERN DOTS-236;So;0;L;;;;;N;;;;; +2827;BRAILLE PATTERN DOTS-1236;So;0;L;;;;;N;;;;; +2828;BRAILLE PATTERN DOTS-46;So;0;L;;;;;N;;;;; +2829;BRAILLE PATTERN DOTS-146;So;0;L;;;;;N;;;;; +282A;BRAILLE PATTERN DOTS-246;So;0;L;;;;;N;;;;; +282B;BRAILLE PATTERN DOTS-1246;So;0;L;;;;;N;;;;; +282C;BRAILLE PATTERN DOTS-346;So;0;L;;;;;N;;;;; +282D;BRAILLE PATTERN DOTS-1346;So;0;L;;;;;N;;;;; +282E;BRAILLE PATTERN DOTS-2346;So;0;L;;;;;N;;;;; +282F;BRAILLE PATTERN DOTS-12346;So;0;L;;;;;N;;;;; +2830;BRAILLE PATTERN DOTS-56;So;0;L;;;;;N;;;;; +2831;BRAILLE PATTERN DOTS-156;So;0;L;;;;;N;;;;; +2832;BRAILLE PATTERN DOTS-256;So;0;L;;;;;N;;;;; +2833;BRAILLE PATTERN DOTS-1256;So;0;L;;;;;N;;;;; +2834;BRAILLE PATTERN DOTS-356;So;0;L;;;;;N;;;;; +2835;BRAILLE PATTERN DOTS-1356;So;0;L;;;;;N;;;;; +2836;BRAILLE PATTERN DOTS-2356;So;0;L;;;;;N;;;;; +2837;BRAILLE PATTERN DOTS-12356;So;0;L;;;;;N;;;;; +2838;BRAILLE PATTERN DOTS-456;So;0;L;;;;;N;;;;; +2839;BRAILLE PATTERN DOTS-1456;So;0;L;;;;;N;;;;; +283A;BRAILLE PATTERN DOTS-2456;So;0;L;;;;;N;;;;; +283B;BRAILLE PATTERN DOTS-12456;So;0;L;;;;;N;;;;; +283C;BRAILLE PATTERN DOTS-3456;So;0;L;;;;;N;;;;; +283D;BRAILLE PATTERN DOTS-13456;So;0;L;;;;;N;;;;; +283E;BRAILLE PATTERN DOTS-23456;So;0;L;;;;;N;;;;; +283F;BRAILLE PATTERN DOTS-123456;So;0;L;;;;;N;;;;; +2840;BRAILLE PATTERN DOTS-7;So;0;L;;;;;N;;;;; +2841;BRAILLE PATTERN DOTS-17;So;0;L;;;;;N;;;;; +2842;BRAILLE PATTERN DOTS-27;So;0;L;;;;;N;;;;; +2843;BRAILLE PATTERN DOTS-127;So;0;L;;;;;N;;;;; +2844;BRAILLE PATTERN DOTS-37;So;0;L;;;;;N;;;;; +2845;BRAILLE PATTERN DOTS-137;So;0;L;;;;;N;;;;; +2846;BRAILLE PATTERN DOTS-237;So;0;L;;;;;N;;;;; +2847;BRAILLE PATTERN DOTS-1237;So;0;L;;;;;N;;;;; +2848;BRAILLE PATTERN DOTS-47;So;0;L;;;;;N;;;;; +2849;BRAILLE PATTERN DOTS-147;So;0;L;;;;;N;;;;; +284A;BRAILLE PATTERN DOTS-247;So;0;L;;;;;N;;;;; +284B;BRAILLE PATTERN DOTS-1247;So;0;L;;;;;N;;;;; +284C;BRAILLE PATTERN DOTS-347;So;0;L;;;;;N;;;;; +284D;BRAILLE PATTERN DOTS-1347;So;0;L;;;;;N;;;;; +284E;BRAILLE PATTERN DOTS-2347;So;0;L;;;;;N;;;;; +284F;BRAILLE PATTERN DOTS-12347;So;0;L;;;;;N;;;;; +2850;BRAILLE PATTERN DOTS-57;So;0;L;;;;;N;;;;; +2851;BRAILLE PATTERN DOTS-157;So;0;L;;;;;N;;;;; +2852;BRAILLE PATTERN DOTS-257;So;0;L;;;;;N;;;;; +2853;BRAILLE PATTERN DOTS-1257;So;0;L;;;;;N;;;;; +2854;BRAILLE PATTERN DOTS-357;So;0;L;;;;;N;;;;; +2855;BRAILLE PATTERN DOTS-1357;So;0;L;;;;;N;;;;; +2856;BRAILLE PATTERN DOTS-2357;So;0;L;;;;;N;;;;; +2857;BRAILLE PATTERN DOTS-12357;So;0;L;;;;;N;;;;; +2858;BRAILLE PATTERN DOTS-457;So;0;L;;;;;N;;;;; +2859;BRAILLE PATTERN DOTS-1457;So;0;L;;;;;N;;;;; +285A;BRAILLE PATTERN DOTS-2457;So;0;L;;;;;N;;;;; +285B;BRAILLE PATTERN DOTS-12457;So;0;L;;;;;N;;;;; +285C;BRAILLE PATTERN DOTS-3457;So;0;L;;;;;N;;;;; +285D;BRAILLE PATTERN DOTS-13457;So;0;L;;;;;N;;;;; +285E;BRAILLE PATTERN DOTS-23457;So;0;L;;;;;N;;;;; +285F;BRAILLE PATTERN DOTS-123457;So;0;L;;;;;N;;;;; +2860;BRAILLE PATTERN DOTS-67;So;0;L;;;;;N;;;;; +2861;BRAILLE PATTERN DOTS-167;So;0;L;;;;;N;;;;; +2862;BRAILLE PATTERN DOTS-267;So;0;L;;;;;N;;;;; +2863;BRAILLE PATTERN DOTS-1267;So;0;L;;;;;N;;;;; +2864;BRAILLE PATTERN DOTS-367;So;0;L;;;;;N;;;;; +2865;BRAILLE PATTERN DOTS-1367;So;0;L;;;;;N;;;;; +2866;BRAILLE PATTERN DOTS-2367;So;0;L;;;;;N;;;;; +2867;BRAILLE PATTERN DOTS-12367;So;0;L;;;;;N;;;;; +2868;BRAILLE PATTERN DOTS-467;So;0;L;;;;;N;;;;; +2869;BRAILLE PATTERN DOTS-1467;So;0;L;;;;;N;;;;; +286A;BRAILLE PATTERN DOTS-2467;So;0;L;;;;;N;;;;; +286B;BRAILLE PATTERN DOTS-12467;So;0;L;;;;;N;;;;; +286C;BRAILLE PATTERN DOTS-3467;So;0;L;;;;;N;;;;; +286D;BRAILLE PATTERN DOTS-13467;So;0;L;;;;;N;;;;; +286E;BRAILLE PATTERN DOTS-23467;So;0;L;;;;;N;;;;; +286F;BRAILLE PATTERN DOTS-123467;So;0;L;;;;;N;;;;; +2870;BRAILLE PATTERN DOTS-567;So;0;L;;;;;N;;;;; +2871;BRAILLE PATTERN DOTS-1567;So;0;L;;;;;N;;;;; +2872;BRAILLE PATTERN DOTS-2567;So;0;L;;;;;N;;;;; +2873;BRAILLE PATTERN DOTS-12567;So;0;L;;;;;N;;;;; +2874;BRAILLE PATTERN DOTS-3567;So;0;L;;;;;N;;;;; +2875;BRAILLE PATTERN DOTS-13567;So;0;L;;;;;N;;;;; +2876;BRAILLE PATTERN DOTS-23567;So;0;L;;;;;N;;;;; +2877;BRAILLE PATTERN DOTS-123567;So;0;L;;;;;N;;;;; +2878;BRAILLE PATTERN DOTS-4567;So;0;L;;;;;N;;;;; +2879;BRAILLE PATTERN DOTS-14567;So;0;L;;;;;N;;;;; +287A;BRAILLE PATTERN DOTS-24567;So;0;L;;;;;N;;;;; +287B;BRAILLE PATTERN DOTS-124567;So;0;L;;;;;N;;;;; +287C;BRAILLE PATTERN DOTS-34567;So;0;L;;;;;N;;;;; +287D;BRAILLE PATTERN DOTS-134567;So;0;L;;;;;N;;;;; +287E;BRAILLE PATTERN DOTS-234567;So;0;L;;;;;N;;;;; +287F;BRAILLE PATTERN DOTS-1234567;So;0;L;;;;;N;;;;; +2880;BRAILLE PATTERN DOTS-8;So;0;L;;;;;N;;;;; +2881;BRAILLE PATTERN DOTS-18;So;0;L;;;;;N;;;;; +2882;BRAILLE PATTERN DOTS-28;So;0;L;;;;;N;;;;; +2883;BRAILLE PATTERN DOTS-128;So;0;L;;;;;N;;;;; +2884;BRAILLE PATTERN DOTS-38;So;0;L;;;;;N;;;;; +2885;BRAILLE PATTERN DOTS-138;So;0;L;;;;;N;;;;; +2886;BRAILLE PATTERN DOTS-238;So;0;L;;;;;N;;;;; +2887;BRAILLE PATTERN DOTS-1238;So;0;L;;;;;N;;;;; +2888;BRAILLE PATTERN DOTS-48;So;0;L;;;;;N;;;;; +2889;BRAILLE PATTERN DOTS-148;So;0;L;;;;;N;;;;; +288A;BRAILLE PATTERN DOTS-248;So;0;L;;;;;N;;;;; +288B;BRAILLE PATTERN DOTS-1248;So;0;L;;;;;N;;;;; +288C;BRAILLE PATTERN DOTS-348;So;0;L;;;;;N;;;;; +288D;BRAILLE PATTERN DOTS-1348;So;0;L;;;;;N;;;;; +288E;BRAILLE PATTERN DOTS-2348;So;0;L;;;;;N;;;;; +288F;BRAILLE PATTERN DOTS-12348;So;0;L;;;;;N;;;;; +2890;BRAILLE PATTERN DOTS-58;So;0;L;;;;;N;;;;; +2891;BRAILLE PATTERN DOTS-158;So;0;L;;;;;N;;;;; +2892;BRAILLE PATTERN DOTS-258;So;0;L;;;;;N;;;;; +2893;BRAILLE PATTERN DOTS-1258;So;0;L;;;;;N;;;;; +2894;BRAILLE PATTERN DOTS-358;So;0;L;;;;;N;;;;; +2895;BRAILLE PATTERN DOTS-1358;So;0;L;;;;;N;;;;; +2896;BRAILLE PATTERN DOTS-2358;So;0;L;;;;;N;;;;; +2897;BRAILLE PATTERN DOTS-12358;So;0;L;;;;;N;;;;; +2898;BRAILLE PATTERN DOTS-458;So;0;L;;;;;N;;;;; +2899;BRAILLE PATTERN DOTS-1458;So;0;L;;;;;N;;;;; +289A;BRAILLE PATTERN DOTS-2458;So;0;L;;;;;N;;;;; +289B;BRAILLE PATTERN DOTS-12458;So;0;L;;;;;N;;;;; +289C;BRAILLE PATTERN DOTS-3458;So;0;L;;;;;N;;;;; +289D;BRAILLE PATTERN DOTS-13458;So;0;L;;;;;N;;;;; +289E;BRAILLE PATTERN DOTS-23458;So;0;L;;;;;N;;;;; +289F;BRAILLE PATTERN DOTS-123458;So;0;L;;;;;N;;;;; +28A0;BRAILLE PATTERN DOTS-68;So;0;L;;;;;N;;;;; +28A1;BRAILLE PATTERN DOTS-168;So;0;L;;;;;N;;;;; +28A2;BRAILLE PATTERN DOTS-268;So;0;L;;;;;N;;;;; +28A3;BRAILLE PATTERN DOTS-1268;So;0;L;;;;;N;;;;; +28A4;BRAILLE PATTERN DOTS-368;So;0;L;;;;;N;;;;; +28A5;BRAILLE PATTERN DOTS-1368;So;0;L;;;;;N;;;;; +28A6;BRAILLE PATTERN DOTS-2368;So;0;L;;;;;N;;;;; +28A7;BRAILLE PATTERN DOTS-12368;So;0;L;;;;;N;;;;; +28A8;BRAILLE PATTERN DOTS-468;So;0;L;;;;;N;;;;; +28A9;BRAILLE PATTERN DOTS-1468;So;0;L;;;;;N;;;;; +28AA;BRAILLE PATTERN DOTS-2468;So;0;L;;;;;N;;;;; +28AB;BRAILLE PATTERN DOTS-12468;So;0;L;;;;;N;;;;; +28AC;BRAILLE PATTERN DOTS-3468;So;0;L;;;;;N;;;;; +28AD;BRAILLE PATTERN DOTS-13468;So;0;L;;;;;N;;;;; +28AE;BRAILLE PATTERN DOTS-23468;So;0;L;;;;;N;;;;; +28AF;BRAILLE PATTERN DOTS-123468;So;0;L;;;;;N;;;;; +28B0;BRAILLE PATTERN DOTS-568;So;0;L;;;;;N;;;;; +28B1;BRAILLE PATTERN DOTS-1568;So;0;L;;;;;N;;;;; +28B2;BRAILLE PATTERN DOTS-2568;So;0;L;;;;;N;;;;; +28B3;BRAILLE PATTERN DOTS-12568;So;0;L;;;;;N;;;;; +28B4;BRAILLE PATTERN DOTS-3568;So;0;L;;;;;N;;;;; +28B5;BRAILLE PATTERN DOTS-13568;So;0;L;;;;;N;;;;; +28B6;BRAILLE PATTERN DOTS-23568;So;0;L;;;;;N;;;;; +28B7;BRAILLE PATTERN DOTS-123568;So;0;L;;;;;N;;;;; +28B8;BRAILLE PATTERN DOTS-4568;So;0;L;;;;;N;;;;; +28B9;BRAILLE PATTERN DOTS-14568;So;0;L;;;;;N;;;;; +28BA;BRAILLE PATTERN DOTS-24568;So;0;L;;;;;N;;;;; +28BB;BRAILLE PATTERN DOTS-124568;So;0;L;;;;;N;;;;; +28BC;BRAILLE PATTERN DOTS-34568;So;0;L;;;;;N;;;;; +28BD;BRAILLE PATTERN DOTS-134568;So;0;L;;;;;N;;;;; +28BE;BRAILLE PATTERN DOTS-234568;So;0;L;;;;;N;;;;; +28BF;BRAILLE PATTERN DOTS-1234568;So;0;L;;;;;N;;;;; +28C0;BRAILLE PATTERN DOTS-78;So;0;L;;;;;N;;;;; +28C1;BRAILLE PATTERN DOTS-178;So;0;L;;;;;N;;;;; +28C2;BRAILLE PATTERN DOTS-278;So;0;L;;;;;N;;;;; +28C3;BRAILLE PATTERN DOTS-1278;So;0;L;;;;;N;;;;; +28C4;BRAILLE PATTERN DOTS-378;So;0;L;;;;;N;;;;; +28C5;BRAILLE PATTERN DOTS-1378;So;0;L;;;;;N;;;;; +28C6;BRAILLE PATTERN DOTS-2378;So;0;L;;;;;N;;;;; +28C7;BRAILLE PATTERN DOTS-12378;So;0;L;;;;;N;;;;; +28C8;BRAILLE PATTERN DOTS-478;So;0;L;;;;;N;;;;; +28C9;BRAILLE PATTERN DOTS-1478;So;0;L;;;;;N;;;;; +28CA;BRAILLE PATTERN DOTS-2478;So;0;L;;;;;N;;;;; +28CB;BRAILLE PATTERN DOTS-12478;So;0;L;;;;;N;;;;; +28CC;BRAILLE PATTERN DOTS-3478;So;0;L;;;;;N;;;;; +28CD;BRAILLE PATTERN DOTS-13478;So;0;L;;;;;N;;;;; +28CE;BRAILLE PATTERN DOTS-23478;So;0;L;;;;;N;;;;; +28CF;BRAILLE PATTERN DOTS-123478;So;0;L;;;;;N;;;;; +28D0;BRAILLE PATTERN DOTS-578;So;0;L;;;;;N;;;;; +28D1;BRAILLE PATTERN DOTS-1578;So;0;L;;;;;N;;;;; +28D2;BRAILLE PATTERN DOTS-2578;So;0;L;;;;;N;;;;; +28D3;BRAILLE PATTERN DOTS-12578;So;0;L;;;;;N;;;;; +28D4;BRAILLE PATTERN DOTS-3578;So;0;L;;;;;N;;;;; +28D5;BRAILLE PATTERN DOTS-13578;So;0;L;;;;;N;;;;; +28D6;BRAILLE PATTERN DOTS-23578;So;0;L;;;;;N;;;;; +28D7;BRAILLE PATTERN DOTS-123578;So;0;L;;;;;N;;;;; +28D8;BRAILLE PATTERN DOTS-4578;So;0;L;;;;;N;;;;; +28D9;BRAILLE PATTERN DOTS-14578;So;0;L;;;;;N;;;;; +28DA;BRAILLE PATTERN DOTS-24578;So;0;L;;;;;N;;;;; +28DB;BRAILLE PATTERN DOTS-124578;So;0;L;;;;;N;;;;; +28DC;BRAILLE PATTERN DOTS-34578;So;0;L;;;;;N;;;;; +28DD;BRAILLE PATTERN DOTS-134578;So;0;L;;;;;N;;;;; +28DE;BRAILLE PATTERN DOTS-234578;So;0;L;;;;;N;;;;; +28DF;BRAILLE PATTERN DOTS-1234578;So;0;L;;;;;N;;;;; +28E0;BRAILLE PATTERN DOTS-678;So;0;L;;;;;N;;;;; +28E1;BRAILLE PATTERN DOTS-1678;So;0;L;;;;;N;;;;; +28E2;BRAILLE PATTERN DOTS-2678;So;0;L;;;;;N;;;;; +28E3;BRAILLE PATTERN DOTS-12678;So;0;L;;;;;N;;;;; +28E4;BRAILLE PATTERN DOTS-3678;So;0;L;;;;;N;;;;; +28E5;BRAILLE PATTERN DOTS-13678;So;0;L;;;;;N;;;;; +28E6;BRAILLE PATTERN DOTS-23678;So;0;L;;;;;N;;;;; +28E7;BRAILLE PATTERN DOTS-123678;So;0;L;;;;;N;;;;; +28E8;BRAILLE PATTERN DOTS-4678;So;0;L;;;;;N;;;;; +28E9;BRAILLE PATTERN DOTS-14678;So;0;L;;;;;N;;;;; +28EA;BRAILLE PATTERN DOTS-24678;So;0;L;;;;;N;;;;; +28EB;BRAILLE PATTERN DOTS-124678;So;0;L;;;;;N;;;;; +28EC;BRAILLE PATTERN DOTS-34678;So;0;L;;;;;N;;;;; +28ED;BRAILLE PATTERN DOTS-134678;So;0;L;;;;;N;;;;; +28EE;BRAILLE PATTERN DOTS-234678;So;0;L;;;;;N;;;;; +28EF;BRAILLE PATTERN DOTS-1234678;So;0;L;;;;;N;;;;; +28F0;BRAILLE PATTERN DOTS-5678;So;0;L;;;;;N;;;;; +28F1;BRAILLE PATTERN DOTS-15678;So;0;L;;;;;N;;;;; +28F2;BRAILLE PATTERN DOTS-25678;So;0;L;;;;;N;;;;; +28F3;BRAILLE PATTERN DOTS-125678;So;0;L;;;;;N;;;;; +28F4;BRAILLE PATTERN DOTS-35678;So;0;L;;;;;N;;;;; +28F5;BRAILLE PATTERN DOTS-135678;So;0;L;;;;;N;;;;; +28F6;BRAILLE PATTERN DOTS-235678;So;0;L;;;;;N;;;;; +28F7;BRAILLE PATTERN DOTS-1235678;So;0;L;;;;;N;;;;; +28F8;BRAILLE PATTERN DOTS-45678;So;0;L;;;;;N;;;;; +28F9;BRAILLE PATTERN DOTS-145678;So;0;L;;;;;N;;;;; +28FA;BRAILLE PATTERN DOTS-245678;So;0;L;;;;;N;;;;; +28FB;BRAILLE PATTERN DOTS-1245678;So;0;L;;;;;N;;;;; +28FC;BRAILLE PATTERN DOTS-345678;So;0;L;;;;;N;;;;; +28FD;BRAILLE PATTERN DOTS-1345678;So;0;L;;;;;N;;;;; +28FE;BRAILLE PATTERN DOTS-2345678;So;0;L;;;;;N;;;;; +28FF;BRAILLE PATTERN DOTS-12345678;So;0;L;;;;;N;;;;; +2900;RIGHTWARDS TWO-HEADED ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2901;RIGHTWARDS TWO-HEADED ARROW WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2902;LEFTWARDS DOUBLE ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2903;RIGHTWARDS DOUBLE ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2904;LEFT RIGHT DOUBLE ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2905;RIGHTWARDS TWO-HEADED ARROW FROM BAR;Sm;0;ON;;;;;N;;;;; +2906;LEFTWARDS DOUBLE ARROW FROM BAR;Sm;0;ON;;;;;N;;;;; +2907;RIGHTWARDS DOUBLE ARROW FROM BAR;Sm;0;ON;;;;;N;;;;; +2908;DOWNWARDS ARROW WITH HORIZONTAL STROKE;Sm;0;ON;;;;;N;;;;; +2909;UPWARDS ARROW WITH HORIZONTAL STROKE;Sm;0;ON;;;;;N;;;;; +290A;UPWARDS TRIPLE ARROW;Sm;0;ON;;;;;N;;;;; +290B;DOWNWARDS TRIPLE ARROW;Sm;0;ON;;;;;N;;;;; +290C;LEFTWARDS DOUBLE DASH ARROW;Sm;0;ON;;;;;N;;;;; +290D;RIGHTWARDS DOUBLE DASH ARROW;Sm;0;ON;;;;;N;;;;; +290E;LEFTWARDS TRIPLE DASH ARROW;Sm;0;ON;;;;;N;;;;; +290F;RIGHTWARDS TRIPLE DASH ARROW;Sm;0;ON;;;;;N;;;;; +2910;RIGHTWARDS TWO-HEADED TRIPLE DASH ARROW;Sm;0;ON;;;;;N;;;;; +2911;RIGHTWARDS ARROW WITH DOTTED STEM;Sm;0;ON;;;;;N;;;;; +2912;UPWARDS ARROW TO BAR;Sm;0;ON;;;;;N;;;;; +2913;DOWNWARDS ARROW TO BAR;Sm;0;ON;;;;;N;;;;; +2914;RIGHTWARDS ARROW WITH TAIL WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2915;RIGHTWARDS ARROW WITH TAIL WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2916;RIGHTWARDS TWO-HEADED ARROW WITH TAIL;Sm;0;ON;;;;;N;;;;; +2917;RIGHTWARDS TWO-HEADED ARROW WITH TAIL WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2918;RIGHTWARDS TWO-HEADED ARROW WITH TAIL WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2919;LEFTWARDS ARROW-TAIL;Sm;0;ON;;;;;N;;;;; +291A;RIGHTWARDS ARROW-TAIL;Sm;0;ON;;;;;N;;;;; +291B;LEFTWARDS DOUBLE ARROW-TAIL;Sm;0;ON;;;;;N;;;;; +291C;RIGHTWARDS DOUBLE ARROW-TAIL;Sm;0;ON;;;;;N;;;;; +291D;LEFTWARDS ARROW TO BLACK DIAMOND;Sm;0;ON;;;;;N;;;;; +291E;RIGHTWARDS ARROW TO BLACK DIAMOND;Sm;0;ON;;;;;N;;;;; +291F;LEFTWARDS ARROW FROM BAR TO BLACK DIAMOND;Sm;0;ON;;;;;N;;;;; +2920;RIGHTWARDS ARROW FROM BAR TO BLACK DIAMOND;Sm;0;ON;;;;;N;;;;; +2921;NORTH WEST AND SOUTH EAST ARROW;Sm;0;ON;;;;;N;;;;; +2922;NORTH EAST AND SOUTH WEST ARROW;Sm;0;ON;;;;;N;;;;; +2923;NORTH WEST ARROW WITH HOOK;Sm;0;ON;;;;;N;;;;; +2924;NORTH EAST ARROW WITH HOOK;Sm;0;ON;;;;;N;;;;; +2925;SOUTH EAST ARROW WITH HOOK;Sm;0;ON;;;;;N;;;;; +2926;SOUTH WEST ARROW WITH HOOK;Sm;0;ON;;;;;N;;;;; +2927;NORTH WEST ARROW AND NORTH EAST ARROW;Sm;0;ON;;;;;N;;;;; +2928;NORTH EAST ARROW AND SOUTH EAST ARROW;Sm;0;ON;;;;;N;;;;; +2929;SOUTH EAST ARROW AND SOUTH WEST ARROW;Sm;0;ON;;;;;N;;;;; +292A;SOUTH WEST ARROW AND NORTH WEST ARROW;Sm;0;ON;;;;;N;;;;; +292B;RISING DIAGONAL CROSSING FALLING DIAGONAL;Sm;0;ON;;;;;N;;;;; +292C;FALLING DIAGONAL CROSSING RISING DIAGONAL;Sm;0;ON;;;;;N;;;;; +292D;SOUTH EAST ARROW CROSSING NORTH EAST ARROW;Sm;0;ON;;;;;N;;;;; +292E;NORTH EAST ARROW CROSSING SOUTH EAST ARROW;Sm;0;ON;;;;;N;;;;; +292F;FALLING DIAGONAL CROSSING NORTH EAST ARROW;Sm;0;ON;;;;;N;;;;; +2930;RISING DIAGONAL CROSSING SOUTH EAST ARROW;Sm;0;ON;;;;;N;;;;; +2931;NORTH EAST ARROW CROSSING NORTH WEST ARROW;Sm;0;ON;;;;;N;;;;; +2932;NORTH WEST ARROW CROSSING NORTH EAST ARROW;Sm;0;ON;;;;;N;;;;; +2933;WAVE ARROW POINTING DIRECTLY RIGHT;Sm;0;ON;;;;;N;;;;; +2934;ARROW POINTING RIGHTWARDS THEN CURVING UPWARDS;Sm;0;ON;;;;;N;;;;; +2935;ARROW POINTING RIGHTWARDS THEN CURVING DOWNWARDS;Sm;0;ON;;;;;N;;;;; +2936;ARROW POINTING DOWNWARDS THEN CURVING LEFTWARDS;Sm;0;ON;;;;;N;;;;; +2937;ARROW POINTING DOWNWARDS THEN CURVING RIGHTWARDS;Sm;0;ON;;;;;N;;;;; +2938;RIGHT-SIDE ARC CLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;; +2939;LEFT-SIDE ARC ANTICLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;; +293A;TOP ARC ANTICLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;; +293B;BOTTOM ARC ANTICLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;; +293C;TOP ARC CLOCKWISE ARROW WITH MINUS;Sm;0;ON;;;;;N;;;;; +293D;TOP ARC ANTICLOCKWISE ARROW WITH PLUS;Sm;0;ON;;;;;N;;;;; +293E;LOWER RIGHT SEMICIRCULAR CLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;; +293F;LOWER LEFT SEMICIRCULAR ANTICLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;; +2940;ANTICLOCKWISE CLOSED CIRCLE ARROW;Sm;0;ON;;;;;N;;;;; +2941;CLOCKWISE CLOSED CIRCLE ARROW;Sm;0;ON;;;;;N;;;;; +2942;RIGHTWARDS ARROW ABOVE SHORT LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +2943;LEFTWARDS ARROW ABOVE SHORT RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +2944;SHORT RIGHTWARDS ARROW ABOVE LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +2945;RIGHTWARDS ARROW WITH PLUS BELOW;Sm;0;ON;;;;;N;;;;; +2946;LEFTWARDS ARROW WITH PLUS BELOW;Sm;0;ON;;;;;N;;;;; +2947;RIGHTWARDS ARROW THROUGH X;Sm;0;ON;;;;;N;;;;; +2948;LEFT RIGHT ARROW THROUGH SMALL CIRCLE;Sm;0;ON;;;;;N;;;;; +2949;UPWARDS TWO-HEADED ARROW FROM SMALL CIRCLE;Sm;0;ON;;;;;N;;;;; +294A;LEFT BARB UP RIGHT BARB DOWN HARPOON;Sm;0;ON;;;;;N;;;;; +294B;LEFT BARB DOWN RIGHT BARB UP HARPOON;Sm;0;ON;;;;;N;;;;; +294C;UP BARB RIGHT DOWN BARB LEFT HARPOON;Sm;0;ON;;;;;N;;;;; +294D;UP BARB LEFT DOWN BARB RIGHT HARPOON;Sm;0;ON;;;;;N;;;;; +294E;LEFT BARB UP RIGHT BARB UP HARPOON;Sm;0;ON;;;;;N;;;;; +294F;UP BARB RIGHT DOWN BARB RIGHT HARPOON;Sm;0;ON;;;;;N;;;;; +2950;LEFT BARB DOWN RIGHT BARB DOWN HARPOON;Sm;0;ON;;;;;N;;;;; +2951;UP BARB LEFT DOWN BARB LEFT HARPOON;Sm;0;ON;;;;;N;;;;; +2952;LEFTWARDS HARPOON WITH BARB UP TO BAR;Sm;0;ON;;;;;N;;;;; +2953;RIGHTWARDS HARPOON WITH BARB UP TO BAR;Sm;0;ON;;;;;N;;;;; +2954;UPWARDS HARPOON WITH BARB RIGHT TO BAR;Sm;0;ON;;;;;N;;;;; +2955;DOWNWARDS HARPOON WITH BARB RIGHT TO BAR;Sm;0;ON;;;;;N;;;;; +2956;LEFTWARDS HARPOON WITH BARB DOWN TO BAR;Sm;0;ON;;;;;N;;;;; +2957;RIGHTWARDS HARPOON WITH BARB DOWN TO BAR;Sm;0;ON;;;;;N;;;;; +2958;UPWARDS HARPOON WITH BARB LEFT TO BAR;Sm;0;ON;;;;;N;;;;; +2959;DOWNWARDS HARPOON WITH BARB LEFT TO BAR;Sm;0;ON;;;;;N;;;;; +295A;LEFTWARDS HARPOON WITH BARB UP FROM BAR;Sm;0;ON;;;;;N;;;;; +295B;RIGHTWARDS HARPOON WITH BARB UP FROM BAR;Sm;0;ON;;;;;N;;;;; +295C;UPWARDS HARPOON WITH BARB RIGHT FROM BAR;Sm;0;ON;;;;;N;;;;; +295D;DOWNWARDS HARPOON WITH BARB RIGHT FROM BAR;Sm;0;ON;;;;;N;;;;; +295E;LEFTWARDS HARPOON WITH BARB DOWN FROM BAR;Sm;0;ON;;;;;N;;;;; +295F;RIGHTWARDS HARPOON WITH BARB DOWN FROM BAR;Sm;0;ON;;;;;N;;;;; +2960;UPWARDS HARPOON WITH BARB LEFT FROM BAR;Sm;0;ON;;;;;N;;;;; +2961;DOWNWARDS HARPOON WITH BARB LEFT FROM BAR;Sm;0;ON;;;;;N;;;;; +2962;LEFTWARDS HARPOON WITH BARB UP ABOVE LEFTWARDS HARPOON WITH BARB DOWN;Sm;0;ON;;;;;N;;;;; +2963;UPWARDS HARPOON WITH BARB LEFT BESIDE UPWARDS HARPOON WITH BARB RIGHT;Sm;0;ON;;;;;N;;;;; +2964;RIGHTWARDS HARPOON WITH BARB UP ABOVE RIGHTWARDS HARPOON WITH BARB DOWN;Sm;0;ON;;;;;N;;;;; +2965;DOWNWARDS HARPOON WITH BARB LEFT BESIDE DOWNWARDS HARPOON WITH BARB RIGHT;Sm;0;ON;;;;;N;;;;; +2966;LEFTWARDS HARPOON WITH BARB UP ABOVE RIGHTWARDS HARPOON WITH BARB UP;Sm;0;ON;;;;;N;;;;; +2967;LEFTWARDS HARPOON WITH BARB DOWN ABOVE RIGHTWARDS HARPOON WITH BARB DOWN;Sm;0;ON;;;;;N;;;;; +2968;RIGHTWARDS HARPOON WITH BARB UP ABOVE LEFTWARDS HARPOON WITH BARB UP;Sm;0;ON;;;;;N;;;;; +2969;RIGHTWARDS HARPOON WITH BARB DOWN ABOVE LEFTWARDS HARPOON WITH BARB DOWN;Sm;0;ON;;;;;N;;;;; +296A;LEFTWARDS HARPOON WITH BARB UP ABOVE LONG DASH;Sm;0;ON;;;;;N;;;;; +296B;LEFTWARDS HARPOON WITH BARB DOWN BELOW LONG DASH;Sm;0;ON;;;;;N;;;;; +296C;RIGHTWARDS HARPOON WITH BARB UP ABOVE LONG DASH;Sm;0;ON;;;;;N;;;;; +296D;RIGHTWARDS HARPOON WITH BARB DOWN BELOW LONG DASH;Sm;0;ON;;;;;N;;;;; +296E;UPWARDS HARPOON WITH BARB LEFT BESIDE DOWNWARDS HARPOON WITH BARB RIGHT;Sm;0;ON;;;;;N;;;;; +296F;DOWNWARDS HARPOON WITH BARB LEFT BESIDE UPWARDS HARPOON WITH BARB RIGHT;Sm;0;ON;;;;;N;;;;; +2970;RIGHT DOUBLE ARROW WITH ROUNDED HEAD;Sm;0;ON;;;;;N;;;;; +2971;EQUALS SIGN ABOVE RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +2972;TILDE OPERATOR ABOVE RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +2973;LEFTWARDS ARROW ABOVE TILDE OPERATOR;Sm;0;ON;;;;;N;;;;; +2974;RIGHTWARDS ARROW ABOVE TILDE OPERATOR;Sm;0;ON;;;;;N;;;;; +2975;RIGHTWARDS ARROW ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;N;;;;; +2976;LESS-THAN ABOVE LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +2977;LEFTWARDS ARROW THROUGH LESS-THAN;Sm;0;ON;;;;;N;;;;; +2978;GREATER-THAN ABOVE RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +2979;SUBSET ABOVE RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +297A;LEFTWARDS ARROW THROUGH SUBSET;Sm;0;ON;;;;;N;;;;; +297B;SUPERSET ABOVE LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +297C;LEFT FISH TAIL;Sm;0;ON;;;;;N;;;;; +297D;RIGHT FISH TAIL;Sm;0;ON;;;;;N;;;;; +297E;UP FISH TAIL;Sm;0;ON;;;;;N;;;;; +297F;DOWN FISH TAIL;Sm;0;ON;;;;;N;;;;; +2980;TRIPLE VERTICAL BAR DELIMITER;Sm;0;ON;;;;;N;;;;; +2981;Z NOTATION SPOT;Sm;0;ON;;;;;N;;;;; +2982;Z NOTATION TYPE COLON;Sm;0;ON;;;;;N;;;;; +2983;LEFT WHITE CURLY BRACKET;Ps;0;ON;;;;;Y;;;;; +2984;RIGHT WHITE CURLY BRACKET;Pe;0;ON;;;;;Y;;;;; +2985;LEFT WHITE PARENTHESIS;Ps;0;ON;;;;;Y;;;;; +2986;RIGHT WHITE PARENTHESIS;Pe;0;ON;;;;;Y;;;;; +2987;Z NOTATION LEFT IMAGE BRACKET;Ps;0;ON;;;;;Y;;;;; +2988;Z NOTATION RIGHT IMAGE BRACKET;Pe;0;ON;;;;;Y;;;;; +2989;Z NOTATION LEFT BINDING BRACKET;Ps;0;ON;;;;;Y;;;;; +298A;Z NOTATION RIGHT BINDING BRACKET;Pe;0;ON;;;;;Y;;;;; +298B;LEFT SQUARE BRACKET WITH UNDERBAR;Ps;0;ON;;;;;Y;;;;; +298C;RIGHT SQUARE BRACKET WITH UNDERBAR;Pe;0;ON;;;;;Y;;;;; +298D;LEFT SQUARE BRACKET WITH TICK IN TOP CORNER;Ps;0;ON;;;;;Y;;;;; +298E;RIGHT SQUARE BRACKET WITH TICK IN BOTTOM CORNER;Pe;0;ON;;;;;Y;;;;; +298F;LEFT SQUARE BRACKET WITH TICK IN BOTTOM CORNER;Ps;0;ON;;;;;Y;;;;; +2990;RIGHT SQUARE BRACKET WITH TICK IN TOP CORNER;Pe;0;ON;;;;;Y;;;;; +2991;LEFT ANGLE BRACKET WITH DOT;Ps;0;ON;;;;;Y;;;;; +2992;RIGHT ANGLE BRACKET WITH DOT;Pe;0;ON;;;;;Y;;;;; +2993;LEFT ARC LESS-THAN BRACKET;Ps;0;ON;;;;;Y;;;;; +2994;RIGHT ARC GREATER-THAN BRACKET;Pe;0;ON;;;;;Y;;;;; +2995;DOUBLE LEFT ARC GREATER-THAN BRACKET;Ps;0;ON;;;;;Y;;;;; +2996;DOUBLE RIGHT ARC LESS-THAN BRACKET;Pe;0;ON;;;;;Y;;;;; +2997;LEFT BLACK TORTOISE SHELL BRACKET;Ps;0;ON;;;;;Y;;;;; +2998;RIGHT BLACK TORTOISE SHELL BRACKET;Pe;0;ON;;;;;Y;;;;; +2999;DOTTED FENCE;Sm;0;ON;;;;;N;;;;; +299A;VERTICAL ZIGZAG LINE;Sm;0;ON;;;;;N;;;;; +299B;MEASURED ANGLE OPENING LEFT;Sm;0;ON;;;;;Y;;;;; +299C;RIGHT ANGLE VARIANT WITH SQUARE;Sm;0;ON;;;;;Y;;;;; +299D;MEASURED RIGHT ANGLE WITH DOT;Sm;0;ON;;;;;Y;;;;; +299E;ANGLE WITH S INSIDE;Sm;0;ON;;;;;Y;;;;; +299F;ACUTE ANGLE;Sm;0;ON;;;;;Y;;;;; +29A0;SPHERICAL ANGLE OPENING LEFT;Sm;0;ON;;;;;Y;;;;; +29A1;SPHERICAL ANGLE OPENING UP;Sm;0;ON;;;;;Y;;;;; +29A2;TURNED ANGLE;Sm;0;ON;;;;;Y;;;;; +29A3;REVERSED ANGLE;Sm;0;ON;;;;;Y;;;;; +29A4;ANGLE WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;; +29A5;REVERSED ANGLE WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;; +29A6;OBLIQUE ANGLE OPENING UP;Sm;0;ON;;;;;Y;;;;; +29A7;OBLIQUE ANGLE OPENING DOWN;Sm;0;ON;;;;;Y;;;;; +29A8;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING UP AND RIGHT;Sm;0;ON;;;;;Y;;;;; +29A9;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING UP AND LEFT;Sm;0;ON;;;;;Y;;;;; +29AA;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING DOWN AND RIGHT;Sm;0;ON;;;;;Y;;;;; +29AB;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING DOWN AND LEFT;Sm;0;ON;;;;;Y;;;;; +29AC;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING RIGHT AND UP;Sm;0;ON;;;;;Y;;;;; +29AD;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING LEFT AND UP;Sm;0;ON;;;;;Y;;;;; +29AE;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING RIGHT AND DOWN;Sm;0;ON;;;;;Y;;;;; +29AF;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING LEFT AND DOWN;Sm;0;ON;;;;;Y;;;;; +29B0;REVERSED EMPTY SET;Sm;0;ON;;;;;N;;;;; +29B1;EMPTY SET WITH OVERBAR;Sm;0;ON;;;;;N;;;;; +29B2;EMPTY SET WITH SMALL CIRCLE ABOVE;Sm;0;ON;;;;;N;;;;; +29B3;EMPTY SET WITH RIGHT ARROW ABOVE;Sm;0;ON;;;;;N;;;;; +29B4;EMPTY SET WITH LEFT ARROW ABOVE;Sm;0;ON;;;;;N;;;;; +29B5;CIRCLE WITH HORIZONTAL BAR;Sm;0;ON;;;;;N;;;;; +29B6;CIRCLED VERTICAL BAR;Sm;0;ON;;;;;N;;;;; +29B7;CIRCLED PARALLEL;Sm;0;ON;;;;;N;;;;; +29B8;CIRCLED REVERSE SOLIDUS;Sm;0;ON;;;;;Y;;;;; +29B9;CIRCLED PERPENDICULAR;Sm;0;ON;;;;;N;;;;; +29BA;CIRCLE DIVIDED BY HORIZONTAL BAR AND TOP HALF DIVIDED BY VERTICAL BAR;Sm;0;ON;;;;;N;;;;; +29BB;CIRCLE WITH SUPERIMPOSED X;Sm;0;ON;;;;;N;;;;; +29BC;CIRCLED ANTICLOCKWISE-ROTATED DIVISION SIGN;Sm;0;ON;;;;;N;;;;; +29BD;UP ARROW THROUGH CIRCLE;Sm;0;ON;;;;;N;;;;; +29BE;CIRCLED WHITE BULLET;Sm;0;ON;;;;;N;;;;; +29BF;CIRCLED BULLET;Sm;0;ON;;;;;N;;;;; +29C0;CIRCLED LESS-THAN;Sm;0;ON;;;;;Y;;;;; +29C1;CIRCLED GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +29C2;CIRCLE WITH SMALL CIRCLE TO THE RIGHT;Sm;0;ON;;;;;Y;;;;; +29C3;CIRCLE WITH TWO HORIZONTAL STROKES TO THE RIGHT;Sm;0;ON;;;;;Y;;;;; +29C4;SQUARED RISING DIAGONAL SLASH;Sm;0;ON;;;;;Y;;;;; +29C5;SQUARED FALLING DIAGONAL SLASH;Sm;0;ON;;;;;Y;;;;; +29C6;SQUARED ASTERISK;Sm;0;ON;;;;;N;;;;; +29C7;SQUARED SMALL CIRCLE;Sm;0;ON;;;;;N;;;;; +29C8;SQUARED SQUARE;Sm;0;ON;;;;;N;;;;; +29C9;TWO JOINED SQUARES;Sm;0;ON;;;;;Y;;;;; +29CA;TRIANGLE WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;; +29CB;TRIANGLE WITH UNDERBAR;Sm;0;ON;;;;;N;;;;; +29CC;S IN TRIANGLE;Sm;0;ON;;;;;N;;;;; +29CD;TRIANGLE WITH SERIFS AT BOTTOM;Sm;0;ON;;;;;N;;;;; +29CE;RIGHT TRIANGLE ABOVE LEFT TRIANGLE;Sm;0;ON;;;;;Y;;;;; +29CF;LEFT TRIANGLE BESIDE VERTICAL BAR;Sm;0;ON;;;;;Y;;;;; +29D0;VERTICAL BAR BESIDE RIGHT TRIANGLE;Sm;0;ON;;;;;Y;;;;; +29D1;BOWTIE WITH LEFT HALF BLACK;Sm;0;ON;;;;;Y;;;;; +29D2;BOWTIE WITH RIGHT HALF BLACK;Sm;0;ON;;;;;Y;;;;; +29D3;BLACK BOWTIE;Sm;0;ON;;;;;N;;;;; +29D4;TIMES WITH LEFT HALF BLACK;Sm;0;ON;;;;;Y;;;;; +29D5;TIMES WITH RIGHT HALF BLACK;Sm;0;ON;;;;;Y;;;;; +29D6;WHITE HOURGLASS;Sm;0;ON;;;;;N;;;;; +29D7;BLACK HOURGLASS;Sm;0;ON;;;;;N;;;;; +29D8;LEFT WIGGLY FENCE;Ps;0;ON;;;;;Y;;;;; +29D9;RIGHT WIGGLY FENCE;Pe;0;ON;;;;;Y;;;;; +29DA;LEFT DOUBLE WIGGLY FENCE;Ps;0;ON;;;;;Y;;;;; +29DB;RIGHT DOUBLE WIGGLY FENCE;Pe;0;ON;;;;;Y;;;;; +29DC;INCOMPLETE INFINITY;Sm;0;ON;;;;;Y;;;;; +29DD;TIE OVER INFINITY;Sm;0;ON;;;;;N;;;;; +29DE;INFINITY NEGATED WITH VERTICAL BAR;Sm;0;ON;;;;;N;;;;; +29DF;DOUBLE-ENDED MULTIMAP;Sm;0;ON;;;;;N;;;;; +29E0;SQUARE WITH CONTOURED OUTLINE;Sm;0;ON;;;;;N;;;;; +29E1;INCREASES AS;Sm;0;ON;;;;;Y;;;;; +29E2;SHUFFLE PRODUCT;Sm;0;ON;;;;;N;;;;; +29E3;EQUALS SIGN AND SLANTED PARALLEL;Sm;0;ON;;;;;Y;;;;; +29E4;EQUALS SIGN AND SLANTED PARALLEL WITH TILDE ABOVE;Sm;0;ON;;;;;Y;;;;; +29E5;IDENTICAL TO AND SLANTED PARALLEL;Sm;0;ON;;;;;Y;;;;; +29E6;GLEICH STARK;Sm;0;ON;;;;;N;;;;; +29E7;THERMODYNAMIC;Sm;0;ON;;;;;N;;;;; +29E8;DOWN-POINTING TRIANGLE WITH LEFT HALF BLACK;Sm;0;ON;;;;;Y;;;;; +29E9;DOWN-POINTING TRIANGLE WITH RIGHT HALF BLACK;Sm;0;ON;;;;;Y;;;;; +29EA;BLACK DIAMOND WITH DOWN ARROW;Sm;0;ON;;;;;N;;;;; +29EB;BLACK LOZENGE;Sm;0;ON;;;;;N;;;;; +29EC;WHITE CIRCLE WITH DOWN ARROW;Sm;0;ON;;;;;N;;;;; +29ED;BLACK CIRCLE WITH DOWN ARROW;Sm;0;ON;;;;;N;;;;; +29EE;ERROR-BARRED WHITE SQUARE;Sm;0;ON;;;;;N;;;;; +29EF;ERROR-BARRED BLACK SQUARE;Sm;0;ON;;;;;N;;;;; +29F0;ERROR-BARRED WHITE DIAMOND;Sm;0;ON;;;;;N;;;;; +29F1;ERROR-BARRED BLACK DIAMOND;Sm;0;ON;;;;;N;;;;; +29F2;ERROR-BARRED WHITE CIRCLE;Sm;0;ON;;;;;N;;;;; +29F3;ERROR-BARRED BLACK CIRCLE;Sm;0;ON;;;;;N;;;;; +29F4;RULE-DELAYED;Sm;0;ON;;;;;Y;;;;; +29F5;REVERSE SOLIDUS OPERATOR;Sm;0;ON;;;;;Y;;;;; +29F6;SOLIDUS WITH OVERBAR;Sm;0;ON;;;;;Y;;;;; +29F7;REVERSE SOLIDUS WITH HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;; +29F8;BIG SOLIDUS;Sm;0;ON;;;;;Y;;;;; +29F9;BIG REVERSE SOLIDUS;Sm;0;ON;;;;;Y;;;;; +29FA;DOUBLE PLUS;Sm;0;ON;;;;;N;;;;; +29FB;TRIPLE PLUS;Sm;0;ON;;;;;N;;;;; +29FC;LEFT-POINTING CURVED ANGLE BRACKET;Ps;0;ON;;;;;Y;;;;; +29FD;RIGHT-POINTING CURVED ANGLE BRACKET;Pe;0;ON;;;;;Y;;;;; +29FE;TINY;Sm;0;ON;;;;;N;;;;; +29FF;MINY;Sm;0;ON;;;;;N;;;;; +2A00;N-ARY CIRCLED DOT OPERATOR;Sm;0;ON;;;;;N;;;;; +2A01;N-ARY CIRCLED PLUS OPERATOR;Sm;0;ON;;;;;N;;;;; +2A02;N-ARY CIRCLED TIMES OPERATOR;Sm;0;ON;;;;;N;;;;; +2A03;N-ARY UNION OPERATOR WITH DOT;Sm;0;ON;;;;;N;;;;; +2A04;N-ARY UNION OPERATOR WITH PLUS;Sm;0;ON;;;;;N;;;;; +2A05;N-ARY SQUARE INTERSECTION OPERATOR;Sm;0;ON;;;;;N;;;;; +2A06;N-ARY SQUARE UNION OPERATOR;Sm;0;ON;;;;;N;;;;; +2A07;TWO LOGICAL AND OPERATOR;Sm;0;ON;;;;;N;;;;; +2A08;TWO LOGICAL OR OPERATOR;Sm;0;ON;;;;;N;;;;; +2A09;N-ARY TIMES OPERATOR;Sm;0;ON;;;;;N;;;;; +2A0A;MODULO TWO SUM;Sm;0;ON;;;;;Y;;;;; +2A0B;SUMMATION WITH INTEGRAL;Sm;0;ON;;;;;Y;;;;; +2A0C;QUADRUPLE INTEGRAL OPERATOR;Sm;0;ON; 222B 222B 222B 222B;;;;Y;;;;; +2A0D;FINITE PART INTEGRAL;Sm;0;ON;;;;;Y;;;;; +2A0E;INTEGRAL WITH DOUBLE STROKE;Sm;0;ON;;;;;Y;;;;; +2A0F;INTEGRAL AVERAGE WITH SLASH;Sm;0;ON;;;;;Y;;;;; +2A10;CIRCULATION FUNCTION;Sm;0;ON;;;;;Y;;;;; +2A11;ANTICLOCKWISE INTEGRATION;Sm;0;ON;;;;;Y;;;;; +2A12;LINE INTEGRATION WITH RECTANGULAR PATH AROUND POLE;Sm;0;ON;;;;;Y;;;;; +2A13;LINE INTEGRATION WITH SEMICIRCULAR PATH AROUND POLE;Sm;0;ON;;;;;Y;;;;; +2A14;LINE INTEGRATION NOT INCLUDING THE POLE;Sm;0;ON;;;;;Y;;;;; +2A15;INTEGRAL AROUND A POINT OPERATOR;Sm;0;ON;;;;;Y;;;;; +2A16;QUATERNION INTEGRAL OPERATOR;Sm;0;ON;;;;;Y;;;;; +2A17;INTEGRAL WITH LEFTWARDS ARROW WITH HOOK;Sm;0;ON;;;;;Y;;;;; +2A18;INTEGRAL WITH TIMES SIGN;Sm;0;ON;;;;;Y;;;;; +2A19;INTEGRAL WITH INTERSECTION;Sm;0;ON;;;;;Y;;;;; +2A1A;INTEGRAL WITH UNION;Sm;0;ON;;;;;Y;;;;; +2A1B;INTEGRAL WITH OVERBAR;Sm;0;ON;;;;;Y;;;;; +2A1C;INTEGRAL WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;; +2A1D;JOIN;Sm;0;ON;;;;;N;;;;; +2A1E;LARGE LEFT TRIANGLE OPERATOR;Sm;0;ON;;;;;Y;;;;; +2A1F;Z NOTATION SCHEMA COMPOSITION;Sm;0;ON;;;;;Y;;;;; +2A20;Z NOTATION SCHEMA PIPING;Sm;0;ON;;;;;Y;;;;; +2A21;Z NOTATION SCHEMA PROJECTION;Sm;0;ON;;;;;Y;;;;; +2A22;PLUS SIGN WITH SMALL CIRCLE ABOVE;Sm;0;ON;;;;;N;;;;; +2A23;PLUS SIGN WITH CIRCUMFLEX ACCENT ABOVE;Sm;0;ON;;;;;N;;;;; +2A24;PLUS SIGN WITH TILDE ABOVE;Sm;0;ON;;;;;Y;;;;; +2A25;PLUS SIGN WITH DOT BELOW;Sm;0;ON;;;;;N;;;;; +2A26;PLUS SIGN WITH TILDE BELOW;Sm;0;ON;;;;;Y;;;;; +2A27;PLUS SIGN WITH SUBSCRIPT TWO;Sm;0;ON;;;;;N;;;;; +2A28;PLUS SIGN WITH BLACK TRIANGLE;Sm;0;ON;;;;;N;;;;; +2A29;MINUS SIGN WITH COMMA ABOVE;Sm;0;ON;;;;;Y;;;;; +2A2A;MINUS SIGN WITH DOT BELOW;Sm;0;ON;;;;;N;;;;; +2A2B;MINUS SIGN WITH FALLING DOTS;Sm;0;ON;;;;;Y;;;;; +2A2C;MINUS SIGN WITH RISING DOTS;Sm;0;ON;;;;;Y;;;;; +2A2D;PLUS SIGN IN LEFT HALF CIRCLE;Sm;0;ON;;;;;Y;;;;; +2A2E;PLUS SIGN IN RIGHT HALF CIRCLE;Sm;0;ON;;;;;Y;;;;; +2A2F;VECTOR OR CROSS PRODUCT;Sm;0;ON;;;;;N;;;;; +2A30;MULTIPLICATION SIGN WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;; +2A31;MULTIPLICATION SIGN WITH UNDERBAR;Sm;0;ON;;;;;N;;;;; +2A32;SEMIDIRECT PRODUCT WITH BOTTOM CLOSED;Sm;0;ON;;;;;N;;;;; +2A33;SMASH PRODUCT;Sm;0;ON;;;;;N;;;;; +2A34;MULTIPLICATION SIGN IN LEFT HALF CIRCLE;Sm;0;ON;;;;;Y;;;;; +2A35;MULTIPLICATION SIGN IN RIGHT HALF CIRCLE;Sm;0;ON;;;;;Y;;;;; +2A36;CIRCLED MULTIPLICATION SIGN WITH CIRCUMFLEX ACCENT;Sm;0;ON;;;;;N;;;;; +2A37;MULTIPLICATION SIGN IN DOUBLE CIRCLE;Sm;0;ON;;;;;N;;;;; +2A38;CIRCLED DIVISION SIGN;Sm;0;ON;;;;;N;;;;; +2A39;PLUS SIGN IN TRIANGLE;Sm;0;ON;;;;;N;;;;; +2A3A;MINUS SIGN IN TRIANGLE;Sm;0;ON;;;;;N;;;;; +2A3B;MULTIPLICATION SIGN IN TRIANGLE;Sm;0;ON;;;;;N;;;;; +2A3C;INTERIOR PRODUCT;Sm;0;ON;;;;;Y;;;;; +2A3D;RIGHTHAND INTERIOR PRODUCT;Sm;0;ON;;;;;Y;;;;; +2A3E;Z NOTATION RELATIONAL COMPOSITION;Sm;0;ON;;;;;Y;;;;; +2A3F;AMALGAMATION OR COPRODUCT;Sm;0;ON;;;;;N;;;;; +2A40;INTERSECTION WITH DOT;Sm;0;ON;;;;;N;;;;; +2A41;UNION WITH MINUS SIGN;Sm;0;ON;;;;;N;;;;; +2A42;UNION WITH OVERBAR;Sm;0;ON;;;;;N;;;;; +2A43;INTERSECTION WITH OVERBAR;Sm;0;ON;;;;;N;;;;; +2A44;INTERSECTION WITH LOGICAL AND;Sm;0;ON;;;;;N;;;;; +2A45;UNION WITH LOGICAL OR;Sm;0;ON;;;;;N;;;;; +2A46;UNION ABOVE INTERSECTION;Sm;0;ON;;;;;N;;;;; +2A47;INTERSECTION ABOVE UNION;Sm;0;ON;;;;;N;;;;; +2A48;UNION ABOVE BAR ABOVE INTERSECTION;Sm;0;ON;;;;;N;;;;; +2A49;INTERSECTION ABOVE BAR ABOVE UNION;Sm;0;ON;;;;;N;;;;; +2A4A;UNION BESIDE AND JOINED WITH UNION;Sm;0;ON;;;;;N;;;;; +2A4B;INTERSECTION BESIDE AND JOINED WITH INTERSECTION;Sm;0;ON;;;;;N;;;;; +2A4C;CLOSED UNION WITH SERIFS;Sm;0;ON;;;;;N;;;;; +2A4D;CLOSED INTERSECTION WITH SERIFS;Sm;0;ON;;;;;N;;;;; +2A4E;DOUBLE SQUARE INTERSECTION;Sm;0;ON;;;;;N;;;;; +2A4F;DOUBLE SQUARE UNION;Sm;0;ON;;;;;N;;;;; +2A50;CLOSED UNION WITH SERIFS AND SMASH PRODUCT;Sm;0;ON;;;;;N;;;;; +2A51;LOGICAL AND WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;; +2A52;LOGICAL OR WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;; +2A53;DOUBLE LOGICAL AND;Sm;0;ON;;;;;N;;;;; +2A54;DOUBLE LOGICAL OR;Sm;0;ON;;;;;N;;;;; +2A55;TWO INTERSECTING LOGICAL AND;Sm;0;ON;;;;;N;;;;; +2A56;TWO INTERSECTING LOGICAL OR;Sm;0;ON;;;;;N;;;;; +2A57;SLOPING LARGE OR;Sm;0;ON;;;;;Y;;;;; +2A58;SLOPING LARGE AND;Sm;0;ON;;;;;Y;;;;; +2A59;LOGICAL OR OVERLAPPING LOGICAL AND;Sm;0;ON;;;;;N;;;;; +2A5A;LOGICAL AND WITH MIDDLE STEM;Sm;0;ON;;;;;N;;;;; +2A5B;LOGICAL OR WITH MIDDLE STEM;Sm;0;ON;;;;;N;;;;; +2A5C;LOGICAL AND WITH HORIZONTAL DASH;Sm;0;ON;;;;;N;;;;; +2A5D;LOGICAL OR WITH HORIZONTAL DASH;Sm;0;ON;;;;;N;;;;; +2A5E;LOGICAL AND WITH DOUBLE OVERBAR;Sm;0;ON;;;;;N;;;;; +2A5F;LOGICAL AND WITH UNDERBAR;Sm;0;ON;;;;;N;;;;; +2A60;LOGICAL AND WITH DOUBLE UNDERBAR;Sm;0;ON;;;;;N;;;;; +2A61;SMALL VEE WITH UNDERBAR;Sm;0;ON;;;;;N;;;;; +2A62;LOGICAL OR WITH DOUBLE OVERBAR;Sm;0;ON;;;;;N;;;;; +2A63;LOGICAL OR WITH DOUBLE UNDERBAR;Sm;0;ON;;;;;N;;;;; +2A64;Z NOTATION DOMAIN ANTIRESTRICTION;Sm;0;ON;;;;;Y;;;;; +2A65;Z NOTATION RANGE ANTIRESTRICTION;Sm;0;ON;;;;;Y;;;;; +2A66;EQUALS SIGN WITH DOT BELOW;Sm;0;ON;;;;;N;;;;; +2A67;IDENTICAL WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;; +2A68;TRIPLE HORIZONTAL BAR WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2A69;TRIPLE HORIZONTAL BAR WITH TRIPLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2A6A;TILDE OPERATOR WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;; +2A6B;TILDE OPERATOR WITH RISING DOTS;Sm;0;ON;;;;;Y;;;;; +2A6C;SIMILAR MINUS SIMILAR;Sm;0;ON;;;;;Y;;;;; +2A6D;CONGRUENT WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;; +2A6E;EQUALS WITH ASTERISK;Sm;0;ON;;;;;N;;;;; +2A6F;ALMOST EQUAL TO WITH CIRCUMFLEX ACCENT;Sm;0;ON;;;;;Y;;;;; +2A70;APPROXIMATELY EQUAL OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2A71;EQUALS SIGN ABOVE PLUS SIGN;Sm;0;ON;;;;;N;;;;; +2A72;PLUS SIGN ABOVE EQUALS SIGN;Sm;0;ON;;;;;N;;;;; +2A73;EQUALS SIGN ABOVE TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;; +2A74;DOUBLE COLON EQUAL;Sm;0;ON; 003A 003A 003D;;;;Y;;;;; +2A75;TWO CONSECUTIVE EQUALS SIGNS;Sm;0;ON; 003D 003D;;;;N;;;;; +2A76;THREE CONSECUTIVE EQUALS SIGNS;Sm;0;ON; 003D 003D 003D;;;;N;;;;; +2A77;EQUALS SIGN WITH TWO DOTS ABOVE AND TWO DOTS BELOW;Sm;0;ON;;;;;N;;;;; +2A78;EQUIVALENT WITH FOUR DOTS ABOVE;Sm;0;ON;;;;;N;;;;; +2A79;LESS-THAN WITH CIRCLE INSIDE;Sm;0;ON;;;;;Y;;;;; +2A7A;GREATER-THAN WITH CIRCLE INSIDE;Sm;0;ON;;;;;Y;;;;; +2A7B;LESS-THAN WITH QUESTION MARK ABOVE;Sm;0;ON;;;;;Y;;;;; +2A7C;GREATER-THAN WITH QUESTION MARK ABOVE;Sm;0;ON;;;;;Y;;;;; +2A7D;LESS-THAN OR SLANTED EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2A7E;GREATER-THAN OR SLANTED EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2A7F;LESS-THAN OR SLANTED EQUAL TO WITH DOT INSIDE;Sm;0;ON;;;;;Y;;;;; +2A80;GREATER-THAN OR SLANTED EQUAL TO WITH DOT INSIDE;Sm;0;ON;;;;;Y;;;;; +2A81;LESS-THAN OR SLANTED EQUAL TO WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;; +2A82;GREATER-THAN OR SLANTED EQUAL TO WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;; +2A83;LESS-THAN OR SLANTED EQUAL TO WITH DOT ABOVE RIGHT;Sm;0;ON;;;;;Y;;;;; +2A84;GREATER-THAN OR SLANTED EQUAL TO WITH DOT ABOVE LEFT;Sm;0;ON;;;;;Y;;;;; +2A85;LESS-THAN OR APPROXIMATE;Sm;0;ON;;;;;Y;;;;; +2A86;GREATER-THAN OR APPROXIMATE;Sm;0;ON;;;;;Y;;;;; +2A87;LESS-THAN AND SINGLE-LINE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2A88;GREATER-THAN AND SINGLE-LINE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2A89;LESS-THAN AND NOT APPROXIMATE;Sm;0;ON;;;;;Y;;;;; +2A8A;GREATER-THAN AND NOT APPROXIMATE;Sm;0;ON;;;;;Y;;;;; +2A8B;LESS-THAN ABOVE DOUBLE-LINE EQUAL ABOVE GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +2A8C;GREATER-THAN ABOVE DOUBLE-LINE EQUAL ABOVE LESS-THAN;Sm;0;ON;;;;;Y;;;;; +2A8D;LESS-THAN ABOVE SIMILAR OR EQUAL;Sm;0;ON;;;;;Y;;;;; +2A8E;GREATER-THAN ABOVE SIMILAR OR EQUAL;Sm;0;ON;;;;;Y;;;;; +2A8F;LESS-THAN ABOVE SIMILAR ABOVE GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +2A90;GREATER-THAN ABOVE SIMILAR ABOVE LESS-THAN;Sm;0;ON;;;;;Y;;;;; +2A91;LESS-THAN ABOVE GREATER-THAN ABOVE DOUBLE-LINE EQUAL;Sm;0;ON;;;;;Y;;;;; +2A92;GREATER-THAN ABOVE LESS-THAN ABOVE DOUBLE-LINE EQUAL;Sm;0;ON;;;;;Y;;;;; +2A93;LESS-THAN ABOVE SLANTED EQUAL ABOVE GREATER-THAN ABOVE SLANTED EQUAL;Sm;0;ON;;;;;Y;;;;; +2A94;GREATER-THAN ABOVE SLANTED EQUAL ABOVE LESS-THAN ABOVE SLANTED EQUAL;Sm;0;ON;;;;;Y;;;;; +2A95;SLANTED EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;;;;; +2A96;SLANTED EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +2A97;SLANTED EQUAL TO OR LESS-THAN WITH DOT INSIDE;Sm;0;ON;;;;;Y;;;;; +2A98;SLANTED EQUAL TO OR GREATER-THAN WITH DOT INSIDE;Sm;0;ON;;;;;Y;;;;; +2A99;DOUBLE-LINE EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;;;;; +2A9A;DOUBLE-LINE EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +2A9B;DOUBLE-LINE SLANTED EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;;;;; +2A9C;DOUBLE-LINE SLANTED EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +2A9D;SIMILAR OR LESS-THAN;Sm;0;ON;;;;;Y;;;;; +2A9E;SIMILAR OR GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +2A9F;SIMILAR ABOVE LESS-THAN ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;; +2AA0;SIMILAR ABOVE GREATER-THAN ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;; +2AA1;DOUBLE NESTED LESS-THAN;Sm;0;ON;;;;;Y;;;;; +2AA2;DOUBLE NESTED GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +2AA3;DOUBLE NESTED LESS-THAN WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;; +2AA4;GREATER-THAN OVERLAPPING LESS-THAN;Sm;0;ON;;;;;N;;;;; +2AA5;GREATER-THAN BESIDE LESS-THAN;Sm;0;ON;;;;;N;;;;; +2AA6;LESS-THAN CLOSED BY CURVE;Sm;0;ON;;;;;Y;;;;; +2AA7;GREATER-THAN CLOSED BY CURVE;Sm;0;ON;;;;;Y;;;;; +2AA8;LESS-THAN CLOSED BY CURVE ABOVE SLANTED EQUAL;Sm;0;ON;;;;;Y;;;;; +2AA9;GREATER-THAN CLOSED BY CURVE ABOVE SLANTED EQUAL;Sm;0;ON;;;;;Y;;;;; +2AAA;SMALLER THAN;Sm;0;ON;;;;;Y;;;;; +2AAB;LARGER THAN;Sm;0;ON;;;;;Y;;;;; +2AAC;SMALLER THAN OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AAD;LARGER THAN OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AAE;EQUALS SIGN WITH BUMPY ABOVE;Sm;0;ON;;;;;N;;;;; +2AAF;PRECEDES ABOVE SINGLE-LINE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;; +2AB0;SUCCEEDS ABOVE SINGLE-LINE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;; +2AB1;PRECEDES ABOVE SINGLE-LINE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AB2;SUCCEEDS ABOVE SINGLE-LINE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AB3;PRECEDES ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;; +2AB4;SUCCEEDS ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;; +2AB5;PRECEDES ABOVE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AB6;SUCCEEDS ABOVE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AB7;PRECEDES ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AB8;SUCCEEDS ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AB9;PRECEDES ABOVE NOT ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2ABA;SUCCEEDS ABOVE NOT ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2ABB;DOUBLE PRECEDES;Sm;0;ON;;;;;Y;;;;; +2ABC;DOUBLE SUCCEEDS;Sm;0;ON;;;;;Y;;;;; +2ABD;SUBSET WITH DOT;Sm;0;ON;;;;;Y;;;;; +2ABE;SUPERSET WITH DOT;Sm;0;ON;;;;;Y;;;;; +2ABF;SUBSET WITH PLUS SIGN BELOW;Sm;0;ON;;;;;Y;;;;; +2AC0;SUPERSET WITH PLUS SIGN BELOW;Sm;0;ON;;;;;Y;;;;; +2AC1;SUBSET WITH MULTIPLICATION SIGN BELOW;Sm;0;ON;;;;;Y;;;;; +2AC2;SUPERSET WITH MULTIPLICATION SIGN BELOW;Sm;0;ON;;;;;Y;;;;; +2AC3;SUBSET OF OR EQUAL TO WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;; +2AC4;SUPERSET OF OR EQUAL TO WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;; +2AC5;SUBSET OF ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;; +2AC6;SUPERSET OF ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;; +2AC7;SUBSET OF ABOVE TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;; +2AC8;SUPERSET OF ABOVE TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;; +2AC9;SUBSET OF ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2ACA;SUPERSET OF ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2ACB;SUBSET OF ABOVE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2ACC;SUPERSET OF ABOVE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2ACD;SQUARE LEFT OPEN BOX OPERATOR;Sm;0;ON;;;;;Y;;;;; +2ACE;SQUARE RIGHT OPEN BOX OPERATOR;Sm;0;ON;;;;;Y;;;;; +2ACF;CLOSED SUBSET;Sm;0;ON;;;;;Y;;;;; +2AD0;CLOSED SUPERSET;Sm;0;ON;;;;;Y;;;;; +2AD1;CLOSED SUBSET OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AD2;CLOSED SUPERSET OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AD3;SUBSET ABOVE SUPERSET;Sm;0;ON;;;;;Y;;;;; +2AD4;SUPERSET ABOVE SUBSET;Sm;0;ON;;;;;Y;;;;; +2AD5;SUBSET ABOVE SUBSET;Sm;0;ON;;;;;Y;;;;; +2AD6;SUPERSET ABOVE SUPERSET;Sm;0;ON;;;;;Y;;;;; +2AD7;SUPERSET BESIDE SUBSET;Sm;0;ON;;;;;N;;;;; +2AD8;SUPERSET BESIDE AND JOINED BY DASH WITH SUBSET;Sm;0;ON;;;;;N;;;;; +2AD9;ELEMENT OF OPENING DOWNWARDS;Sm;0;ON;;;;;N;;;;; +2ADA;PITCHFORK WITH TEE TOP;Sm;0;ON;;;;;N;;;;; +2ADB;TRANSVERSAL INTERSECTION;Sm;0;ON;;;;;N;;;;; +2ADC;FORKING;Sm;0;ON;2ADD 0338;;;;Y;;not independent;;; +2ADD;NONFORKING;Sm;0;ON;;;;;N;;independent;;; +2ADE;SHORT LEFT TACK;Sm;0;ON;;;;;Y;;;;; +2ADF;SHORT DOWN TACK;Sm;0;ON;;;;;N;;;;; +2AE0;SHORT UP TACK;Sm;0;ON;;;;;N;;;;; +2AE1;PERPENDICULAR WITH S;Sm;0;ON;;;;;N;;;;; +2AE2;VERTICAL BAR TRIPLE RIGHT TURNSTILE;Sm;0;ON;;;;;Y;;;;; +2AE3;DOUBLE VERTICAL BAR LEFT TURNSTILE;Sm;0;ON;;;;;Y;;;;; +2AE4;VERTICAL BAR DOUBLE LEFT TURNSTILE;Sm;0;ON;;;;;Y;;;;; +2AE5;DOUBLE VERTICAL BAR DOUBLE LEFT TURNSTILE;Sm;0;ON;;;;;Y;;;;; +2AE6;LONG DASH FROM LEFT MEMBER OF DOUBLE VERTICAL;Sm;0;ON;;;;;Y;;;;; +2AE7;SHORT DOWN TACK WITH OVERBAR;Sm;0;ON;;;;;N;;;;; +2AE8;SHORT UP TACK WITH UNDERBAR;Sm;0;ON;;;;;N;;;;; +2AE9;SHORT UP TACK ABOVE SHORT DOWN TACK;Sm;0;ON;;;;;N;;;;; +2AEA;DOUBLE DOWN TACK;Sm;0;ON;;;;;N;;;;; +2AEB;DOUBLE UP TACK;Sm;0;ON;;;;;N;;;;; +2AEC;DOUBLE STROKE NOT SIGN;Sm;0;ON;;;;;Y;;;;; +2AED;REVERSED DOUBLE STROKE NOT SIGN;Sm;0;ON;;;;;Y;;;;; +2AEE;DOES NOT DIVIDE WITH REVERSED NEGATION SLASH;Sm;0;ON;;;;;Y;;;;; +2AEF;VERTICAL LINE WITH CIRCLE ABOVE;Sm;0;ON;;;;;N;;;;; +2AF0;VERTICAL LINE WITH CIRCLE BELOW;Sm;0;ON;;;;;N;;;;; +2AF1;DOWN TACK WITH CIRCLE BELOW;Sm;0;ON;;;;;N;;;;; +2AF2;PARALLEL WITH HORIZONTAL STROKE;Sm;0;ON;;;;;N;;;;; +2AF3;PARALLEL WITH TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;; +2AF4;TRIPLE VERTICAL BAR BINARY RELATION;Sm;0;ON;;;;;N;;;;; +2AF5;TRIPLE VERTICAL BAR WITH HORIZONTAL STROKE;Sm;0;ON;;;;;N;;;;; +2AF6;TRIPLE COLON OPERATOR;Sm;0;ON;;;;;N;;;;; +2AF7;TRIPLE NESTED LESS-THAN;Sm;0;ON;;;;;Y;;;;; +2AF8;TRIPLE NESTED GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +2AF9;DOUBLE-LINE SLANTED LESS-THAN OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AFA;DOUBLE-LINE SLANTED GREATER-THAN OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AFB;TRIPLE SOLIDUS BINARY RELATION;Sm;0;ON;;;;;Y;;;;; +2AFC;LARGE TRIPLE VERTICAL BAR OPERATOR;Sm;0;ON;;;;;N;;;;; +2AFD;DOUBLE SOLIDUS OPERATOR;Sm;0;ON;;;;;Y;;;;; +2AFE;WHITE VERTICAL BAR;Sm;0;ON;;;;;N;;;;; +2AFF;N-ARY WHITE VERTICAL BAR;Sm;0;ON;;;;;N;;;;; +2B00;NORTH EAST WHITE ARROW;So;0;ON;;;;;N;;;;; +2B01;NORTH WEST WHITE ARROW;So;0;ON;;;;;N;;;;; +2B02;SOUTH EAST WHITE ARROW;So;0;ON;;;;;N;;;;; +2B03;SOUTH WEST WHITE ARROW;So;0;ON;;;;;N;;;;; +2B04;LEFT RIGHT WHITE ARROW;So;0;ON;;;;;N;;;;; +2B05;LEFTWARDS BLACK ARROW;So;0;ON;;;;;N;;;;; +2B06;UPWARDS BLACK ARROW;So;0;ON;;;;;N;;;;; +2B07;DOWNWARDS BLACK ARROW;So;0;ON;;;;;N;;;;; +2B08;NORTH EAST BLACK ARROW;So;0;ON;;;;;N;;;;; +2B09;NORTH WEST BLACK ARROW;So;0;ON;;;;;N;;;;; +2B0A;SOUTH EAST BLACK ARROW;So;0;ON;;;;;N;;;;; +2B0B;SOUTH WEST BLACK ARROW;So;0;ON;;;;;N;;;;; +2B0C;LEFT RIGHT BLACK ARROW;So;0;ON;;;;;N;;;;; +2B0D;UP DOWN BLACK ARROW;So;0;ON;;;;;N;;;;; +2E80;CJK RADICAL REPEAT;So;0;ON;;;;;N;;;;; +2E81;CJK RADICAL CLIFF;So;0;ON;;;;;N;;;;; +2E82;CJK RADICAL SECOND ONE;So;0;ON;;;;;N;;;;; +2E83;CJK RADICAL SECOND TWO;So;0;ON;;;;;N;;;;; +2E84;CJK RADICAL SECOND THREE;So;0;ON;;;;;N;;;;; +2E85;CJK RADICAL PERSON;So;0;ON;;;;;N;;;;; +2E86;CJK RADICAL BOX;So;0;ON;;;;;N;;;;; +2E87;CJK RADICAL TABLE;So;0;ON;;;;;N;;;;; +2E88;CJK RADICAL KNIFE ONE;So;0;ON;;;;;N;;;;; +2E89;CJK RADICAL KNIFE TWO;So;0;ON;;;;;N;;;;; +2E8A;CJK RADICAL DIVINATION;So;0;ON;;;;;N;;;;; +2E8B;CJK RADICAL SEAL;So;0;ON;;;;;N;;;;; +2E8C;CJK RADICAL SMALL ONE;So;0;ON;;;;;N;;;;; +2E8D;CJK RADICAL SMALL TWO;So;0;ON;;;;;N;;;;; +2E8E;CJK RADICAL LAME ONE;So;0;ON;;;;;N;;;;; +2E8F;CJK RADICAL LAME TWO;So;0;ON;;;;;N;;;;; +2E90;CJK RADICAL LAME THREE;So;0;ON;;;;;N;;;;; +2E91;CJK RADICAL LAME FOUR;So;0;ON;;;;;N;;;;; +2E92;CJK RADICAL SNAKE;So;0;ON;;;;;N;;;;; +2E93;CJK RADICAL THREAD;So;0;ON;;;;;N;;;;; +2E94;CJK RADICAL SNOUT ONE;So;0;ON;;;;;N;;;;; +2E95;CJK RADICAL SNOUT TWO;So;0;ON;;;;;N;;;;; +2E96;CJK RADICAL HEART ONE;So;0;ON;;;;;N;;;;; +2E97;CJK RADICAL HEART TWO;So;0;ON;;;;;N;;;;; +2E98;CJK RADICAL HAND;So;0;ON;;;;;N;;;;; +2E99;CJK RADICAL RAP;So;0;ON;;;;;N;;;;; +2E9B;CJK RADICAL CHOKE;So;0;ON;;;;;N;;;;; +2E9C;CJK RADICAL SUN;So;0;ON;;;;;N;;;;; +2E9D;CJK RADICAL MOON;So;0;ON;;;;;N;;;;; +2E9E;CJK RADICAL DEATH;So;0;ON;;;;;N;;;;; +2E9F;CJK RADICAL MOTHER;So;0;ON; 6BCD;;;;N;;;;; +2EA0;CJK RADICAL CIVILIAN;So;0;ON;;;;;N;;;;; +2EA1;CJK RADICAL WATER ONE;So;0;ON;;;;;N;;;;; +2EA2;CJK RADICAL WATER TWO;So;0;ON;;;;;N;;;;; +2EA3;CJK RADICAL FIRE;So;0;ON;;;;;N;;;;; +2EA4;CJK RADICAL PAW ONE;So;0;ON;;;;;N;;;;; +2EA5;CJK RADICAL PAW TWO;So;0;ON;;;;;N;;;;; +2EA6;CJK RADICAL SIMPLIFIED HALF TREE TRUNK;So;0;ON;;;;;N;;;;; +2EA7;CJK RADICAL COW;So;0;ON;;;;;N;;;;; +2EA8;CJK RADICAL DOG;So;0;ON;;;;;N;;;;; +2EA9;CJK RADICAL JADE;So;0;ON;;;;;N;;;;; +2EAA;CJK RADICAL BOLT OF CLOTH;So;0;ON;;;;;N;;;;; +2EAB;CJK RADICAL EYE;So;0;ON;;;;;N;;;;; +2EAC;CJK RADICAL SPIRIT ONE;So;0;ON;;;;;N;;;;; +2EAD;CJK RADICAL SPIRIT TWO;So;0;ON;;;;;N;;;;; +2EAE;CJK RADICAL BAMBOO;So;0;ON;;;;;N;;;;; +2EAF;CJK RADICAL SILK;So;0;ON;;;;;N;;;;; +2EB0;CJK RADICAL C-SIMPLIFIED SILK;So;0;ON;;;;;N;;;;; +2EB1;CJK RADICAL NET ONE;So;0;ON;;;;;N;;;;; +2EB2;CJK RADICAL NET TWO;So;0;ON;;;;;N;;;;; +2EB3;CJK RADICAL NET THREE;So;0;ON;;;;;N;;;;; +2EB4;CJK RADICAL NET FOUR;So;0;ON;;;;;N;;;;; +2EB5;CJK RADICAL MESH;So;0;ON;;;;;N;;;;; +2EB6;CJK RADICAL SHEEP;So;0;ON;;;;;N;;;;; +2EB7;CJK RADICAL RAM;So;0;ON;;;;;N;;;;; +2EB8;CJK RADICAL EWE;So;0;ON;;;;;N;;;;; +2EB9;CJK RADICAL OLD;So;0;ON;;;;;N;;;;; +2EBA;CJK RADICAL BRUSH ONE;So;0;ON;;;;;N;;;;; +2EBB;CJK RADICAL BRUSH TWO;So;0;ON;;;;;N;;;;; +2EBC;CJK RADICAL MEAT;So;0;ON;;;;;N;;;;; +2EBD;CJK RADICAL MORTAR;So;0;ON;;;;;N;;;;; +2EBE;CJK RADICAL GRASS ONE;So;0;ON;;;;;N;;;;; +2EBF;CJK RADICAL GRASS TWO;So;0;ON;;;;;N;;;;; +2EC0;CJK RADICAL GRASS THREE;So;0;ON;;;;;N;;;;; +2EC1;CJK RADICAL TIGER;So;0;ON;;;;;N;;;;; +2EC2;CJK RADICAL CLOTHES;So;0;ON;;;;;N;;;;; +2EC3;CJK RADICAL WEST ONE;So;0;ON;;;;;N;;;;; +2EC4;CJK RADICAL WEST TWO;So;0;ON;;;;;N;;;;; +2EC5;CJK RADICAL C-SIMPLIFIED SEE;So;0;ON;;;;;N;;;;; +2EC6;CJK RADICAL SIMPLIFIED HORN;So;0;ON;;;;;N;;;;; +2EC7;CJK RADICAL HORN;So;0;ON;;;;;N;;;;; +2EC8;CJK RADICAL C-SIMPLIFIED SPEECH;So;0;ON;;;;;N;;;;; +2EC9;CJK RADICAL C-SIMPLIFIED SHELL;So;0;ON;;;;;N;;;;; +2ECA;CJK RADICAL FOOT;So;0;ON;;;;;N;;;;; +2ECB;CJK RADICAL C-SIMPLIFIED CART;So;0;ON;;;;;N;;;;; +2ECC;CJK RADICAL SIMPLIFIED WALK;So;0;ON;;;;;N;;;;; +2ECD;CJK RADICAL WALK ONE;So;0;ON;;;;;N;;;;; +2ECE;CJK RADICAL WALK TWO;So;0;ON;;;;;N;;;;; +2ECF;CJK RADICAL CITY;So;0;ON;;;;;N;;;;; +2ED0;CJK RADICAL C-SIMPLIFIED GOLD;So;0;ON;;;;;N;;;;; +2ED1;CJK RADICAL LONG ONE;So;0;ON;;;;;N;;;;; +2ED2;CJK RADICAL LONG TWO;So;0;ON;;;;;N;;;;; +2ED3;CJK RADICAL C-SIMPLIFIED LONG;So;0;ON;;;;;N;;;;; +2ED4;CJK RADICAL C-SIMPLIFIED GATE;So;0;ON;;;;;N;;;;; +2ED5;CJK RADICAL MOUND ONE;So;0;ON;;;;;N;;;;; +2ED6;CJK RADICAL MOUND TWO;So;0;ON;;;;;N;;;;; +2ED7;CJK RADICAL RAIN;So;0;ON;;;;;N;;;;; +2ED8;CJK RADICAL BLUE;So;0;ON;;;;;N;;;;; +2ED9;CJK RADICAL C-SIMPLIFIED TANNED LEATHER;So;0;ON;;;;;N;;;;; +2EDA;CJK RADICAL C-SIMPLIFIED LEAF;So;0;ON;;;;;N;;;;; +2EDB;CJK RADICAL C-SIMPLIFIED WIND;So;0;ON;;;;;N;;;;; +2EDC;CJK RADICAL C-SIMPLIFIED FLY;So;0;ON;;;;;N;;;;; +2EDD;CJK RADICAL EAT ONE;So;0;ON;;;;;N;;;;; +2EDE;CJK RADICAL EAT TWO;So;0;ON;;;;;N;;;;; +2EDF;CJK RADICAL EAT THREE;So;0;ON;;;;;N;;;;; +2EE0;CJK RADICAL C-SIMPLIFIED EAT;So;0;ON;;;;;N;;;;; +2EE1;CJK RADICAL HEAD;So;0;ON;;;;;N;;;;; +2EE2;CJK RADICAL C-SIMPLIFIED HORSE;So;0;ON;;;;;N;;;;; +2EE3;CJK RADICAL BONE;So;0;ON;;;;;N;;;;; +2EE4;CJK RADICAL GHOST;So;0;ON;;;;;N;;;;; +2EE5;CJK RADICAL C-SIMPLIFIED FISH;So;0;ON;;;;;N;;;;; +2EE6;CJK RADICAL C-SIMPLIFIED BIRD;So;0;ON;;;;;N;;;;; +2EE7;CJK RADICAL C-SIMPLIFIED SALT;So;0;ON;;;;;N;;;;; +2EE8;CJK RADICAL SIMPLIFIED WHEAT;So;0;ON;;;;;N;;;;; +2EE9;CJK RADICAL SIMPLIFIED YELLOW;So;0;ON;;;;;N;;;;; +2EEA;CJK RADICAL C-SIMPLIFIED FROG;So;0;ON;;;;;N;;;;; +2EEB;CJK RADICAL J-SIMPLIFIED EVEN;So;0;ON;;;;;N;;;;; +2EEC;CJK RADICAL C-SIMPLIFIED EVEN;So;0;ON;;;;;N;;;;; +2EED;CJK RADICAL J-SIMPLIFIED TOOTH;So;0;ON;;;;;N;;;;; +2EEE;CJK RADICAL C-SIMPLIFIED TOOTH;So;0;ON;;;;;N;;;;; +2EEF;CJK RADICAL J-SIMPLIFIED DRAGON;So;0;ON;;;;;N;;;;; +2EF0;CJK RADICAL C-SIMPLIFIED DRAGON;So;0;ON;;;;;N;;;;; +2EF1;CJK RADICAL TURTLE;So;0;ON;;;;;N;;;;; +2EF2;CJK RADICAL J-SIMPLIFIED TURTLE;So;0;ON;;;;;N;;;;; +2EF3;CJK RADICAL C-SIMPLIFIED TURTLE;So;0;ON; 9F9F;;;;N;;;;; +2F00;KANGXI RADICAL ONE;So;0;ON; 4E00;;;;N;;;;; +2F01;KANGXI RADICAL LINE;So;0;ON; 4E28;;;;N;;;;; +2F02;KANGXI RADICAL DOT;So;0;ON; 4E36;;;;N;;;;; +2F03;KANGXI RADICAL SLASH;So;0;ON; 4E3F;;;;N;;;;; +2F04;KANGXI RADICAL SECOND;So;0;ON; 4E59;;;;N;;;;; +2F05;KANGXI RADICAL HOOK;So;0;ON; 4E85;;;;N;;;;; +2F06;KANGXI RADICAL TWO;So;0;ON; 4E8C;;;;N;;;;; +2F07;KANGXI RADICAL LID;So;0;ON; 4EA0;;;;N;;;;; +2F08;KANGXI RADICAL MAN;So;0;ON; 4EBA;;;;N;;;;; +2F09;KANGXI RADICAL LEGS;So;0;ON; 513F;;;;N;;;;; +2F0A;KANGXI RADICAL ENTER;So;0;ON; 5165;;;;N;;;;; +2F0B;KANGXI RADICAL EIGHT;So;0;ON; 516B;;;;N;;;;; +2F0C;KANGXI RADICAL DOWN BOX;So;0;ON; 5182;;;;N;;;;; +2F0D;KANGXI RADICAL COVER;So;0;ON; 5196;;;;N;;;;; +2F0E;KANGXI RADICAL ICE;So;0;ON; 51AB;;;;N;;;;; +2F0F;KANGXI RADICAL TABLE;So;0;ON; 51E0;;;;N;;;;; +2F10;KANGXI RADICAL OPEN BOX;So;0;ON; 51F5;;;;N;;;;; +2F11;KANGXI RADICAL KNIFE;So;0;ON; 5200;;;;N;;;;; +2F12;KANGXI RADICAL POWER;So;0;ON; 529B;;;;N;;;;; +2F13;KANGXI RADICAL WRAP;So;0;ON; 52F9;;;;N;;;;; +2F14;KANGXI RADICAL SPOON;So;0;ON; 5315;;;;N;;;;; +2F15;KANGXI RADICAL RIGHT OPEN BOX;So;0;ON; 531A;;;;N;;;;; +2F16;KANGXI RADICAL HIDING ENCLOSURE;So;0;ON; 5338;;;;N;;;;; +2F17;KANGXI RADICAL TEN;So;0;ON; 5341;;;;N;;;;; +2F18;KANGXI RADICAL DIVINATION;So;0;ON; 535C;;;;N;;;;; +2F19;KANGXI RADICAL SEAL;So;0;ON; 5369;;;;N;;;;; +2F1A;KANGXI RADICAL CLIFF;So;0;ON; 5382;;;;N;;;;; +2F1B;KANGXI RADICAL PRIVATE;So;0;ON; 53B6;;;;N;;;;; +2F1C;KANGXI RADICAL AGAIN;So;0;ON; 53C8;;;;N;;;;; +2F1D;KANGXI RADICAL MOUTH;So;0;ON; 53E3;;;;N;;;;; +2F1E;KANGXI RADICAL ENCLOSURE;So;0;ON; 56D7;;;;N;;;;; +2F1F;KANGXI RADICAL EARTH;So;0;ON; 571F;;;;N;;;;; +2F20;KANGXI RADICAL SCHOLAR;So;0;ON; 58EB;;;;N;;;;; +2F21;KANGXI RADICAL GO;So;0;ON; 5902;;;;N;;;;; +2F22;KANGXI RADICAL GO SLOWLY;So;0;ON; 590A;;;;N;;;;; +2F23;KANGXI RADICAL EVENING;So;0;ON; 5915;;;;N;;;;; +2F24;KANGXI RADICAL BIG;So;0;ON; 5927;;;;N;;;;; +2F25;KANGXI RADICAL WOMAN;So;0;ON; 5973;;;;N;;;;; +2F26;KANGXI RADICAL CHILD;So;0;ON; 5B50;;;;N;;;;; +2F27;KANGXI RADICAL ROOF;So;0;ON; 5B80;;;;N;;;;; +2F28;KANGXI RADICAL INCH;So;0;ON; 5BF8;;;;N;;;;; +2F29;KANGXI RADICAL SMALL;So;0;ON; 5C0F;;;;N;;;;; +2F2A;KANGXI RADICAL LAME;So;0;ON; 5C22;;;;N;;;;; +2F2B;KANGXI RADICAL CORPSE;So;0;ON; 5C38;;;;N;;;;; +2F2C;KANGXI RADICAL SPROUT;So;0;ON; 5C6E;;;;N;;;;; +2F2D;KANGXI RADICAL MOUNTAIN;So;0;ON; 5C71;;;;N;;;;; +2F2E;KANGXI RADICAL RIVER;So;0;ON; 5DDB;;;;N;;;;; +2F2F;KANGXI RADICAL WORK;So;0;ON; 5DE5;;;;N;;;;; +2F30;KANGXI RADICAL ONESELF;So;0;ON; 5DF1;;;;N;;;;; +2F31;KANGXI RADICAL TURBAN;So;0;ON; 5DFE;;;;N;;;;; +2F32;KANGXI RADICAL DRY;So;0;ON; 5E72;;;;N;;;;; +2F33;KANGXI RADICAL SHORT THREAD;So;0;ON; 5E7A;;;;N;;;;; +2F34;KANGXI RADICAL DOTTED CLIFF;So;0;ON; 5E7F;;;;N;;;;; +2F35;KANGXI RADICAL LONG STRIDE;So;0;ON; 5EF4;;;;N;;;;; +2F36;KANGXI RADICAL TWO HANDS;So;0;ON; 5EFE;;;;N;;;;; +2F37;KANGXI RADICAL SHOOT;So;0;ON; 5F0B;;;;N;;;;; +2F38;KANGXI RADICAL BOW;So;0;ON; 5F13;;;;N;;;;; +2F39;KANGXI RADICAL SNOUT;So;0;ON; 5F50;;;;N;;;;; +2F3A;KANGXI RADICAL BRISTLE;So;0;ON; 5F61;;;;N;;;;; +2F3B;KANGXI RADICAL STEP;So;0;ON; 5F73;;;;N;;;;; +2F3C;KANGXI RADICAL HEART;So;0;ON; 5FC3;;;;N;;;;; +2F3D;KANGXI RADICAL HALBERD;So;0;ON; 6208;;;;N;;;;; +2F3E;KANGXI RADICAL DOOR;So;0;ON; 6236;;;;N;;;;; +2F3F;KANGXI RADICAL HAND;So;0;ON; 624B;;;;N;;;;; +2F40;KANGXI RADICAL BRANCH;So;0;ON; 652F;;;;N;;;;; +2F41;KANGXI RADICAL RAP;So;0;ON; 6534;;;;N;;;;; +2F42;KANGXI RADICAL SCRIPT;So;0;ON; 6587;;;;N;;;;; +2F43;KANGXI RADICAL DIPPER;So;0;ON; 6597;;;;N;;;;; +2F44;KANGXI RADICAL AXE;So;0;ON; 65A4;;;;N;;;;; +2F45;KANGXI RADICAL SQUARE;So;0;ON; 65B9;;;;N;;;;; +2F46;KANGXI RADICAL NOT;So;0;ON; 65E0;;;;N;;;;; +2F47;KANGXI RADICAL SUN;So;0;ON; 65E5;;;;N;;;;; +2F48;KANGXI RADICAL SAY;So;0;ON; 66F0;;;;N;;;;; +2F49;KANGXI RADICAL MOON;So;0;ON; 6708;;;;N;;;;; +2F4A;KANGXI RADICAL TREE;So;0;ON; 6728;;;;N;;;;; +2F4B;KANGXI RADICAL LACK;So;0;ON; 6B20;;;;N;;;;; +2F4C;KANGXI RADICAL STOP;So;0;ON; 6B62;;;;N;;;;; +2F4D;KANGXI RADICAL DEATH;So;0;ON; 6B79;;;;N;;;;; +2F4E;KANGXI RADICAL WEAPON;So;0;ON; 6BB3;;;;N;;;;; +2F4F;KANGXI RADICAL DO NOT;So;0;ON; 6BCB;;;;N;;;;; +2F50;KANGXI RADICAL COMPARE;So;0;ON; 6BD4;;;;N;;;;; +2F51;KANGXI RADICAL FUR;So;0;ON; 6BDB;;;;N;;;;; +2F52;KANGXI RADICAL CLAN;So;0;ON; 6C0F;;;;N;;;;; +2F53;KANGXI RADICAL STEAM;So;0;ON; 6C14;;;;N;;;;; +2F54;KANGXI RADICAL WATER;So;0;ON; 6C34;;;;N;;;;; +2F55;KANGXI RADICAL FIRE;So;0;ON; 706B;;;;N;;;;; +2F56;KANGXI RADICAL CLAW;So;0;ON; 722A;;;;N;;;;; +2F57;KANGXI RADICAL FATHER;So;0;ON; 7236;;;;N;;;;; +2F58;KANGXI RADICAL DOUBLE X;So;0;ON; 723B;;;;N;;;;; +2F59;KANGXI RADICAL HALF TREE TRUNK;So;0;ON; 723F;;;;N;;;;; +2F5A;KANGXI RADICAL SLICE;So;0;ON; 7247;;;;N;;;;; +2F5B;KANGXI RADICAL FANG;So;0;ON; 7259;;;;N;;;;; +2F5C;KANGXI RADICAL COW;So;0;ON; 725B;;;;N;;;;; +2F5D;KANGXI RADICAL DOG;So;0;ON; 72AC;;;;N;;;;; +2F5E;KANGXI RADICAL PROFOUND;So;0;ON; 7384;;;;N;;;;; +2F5F;KANGXI RADICAL JADE;So;0;ON; 7389;;;;N;;;;; +2F60;KANGXI RADICAL MELON;So;0;ON; 74DC;;;;N;;;;; +2F61;KANGXI RADICAL TILE;So;0;ON; 74E6;;;;N;;;;; +2F62;KANGXI RADICAL SWEET;So;0;ON; 7518;;;;N;;;;; +2F63;KANGXI RADICAL LIFE;So;0;ON; 751F;;;;N;;;;; +2F64;KANGXI RADICAL USE;So;0;ON; 7528;;;;N;;;;; +2F65;KANGXI RADICAL FIELD;So;0;ON; 7530;;;;N;;;;; +2F66;KANGXI RADICAL BOLT OF CLOTH;So;0;ON; 758B;;;;N;;;;; +2F67;KANGXI RADICAL SICKNESS;So;0;ON; 7592;;;;N;;;;; +2F68;KANGXI RADICAL DOTTED TENT;So;0;ON; 7676;;;;N;;;;; +2F69;KANGXI RADICAL WHITE;So;0;ON; 767D;;;;N;;;;; +2F6A;KANGXI RADICAL SKIN;So;0;ON; 76AE;;;;N;;;;; +2F6B;KANGXI RADICAL DISH;So;0;ON; 76BF;;;;N;;;;; +2F6C;KANGXI RADICAL EYE;So;0;ON; 76EE;;;;N;;;;; +2F6D;KANGXI RADICAL SPEAR;So;0;ON; 77DB;;;;N;;;;; +2F6E;KANGXI RADICAL ARROW;So;0;ON; 77E2;;;;N;;;;; +2F6F;KANGXI RADICAL STONE;So;0;ON; 77F3;;;;N;;;;; +2F70;KANGXI RADICAL SPIRIT;So;0;ON; 793A;;;;N;;;;; +2F71;KANGXI RADICAL TRACK;So;0;ON; 79B8;;;;N;;;;; +2F72;KANGXI RADICAL GRAIN;So;0;ON; 79BE;;;;N;;;;; +2F73;KANGXI RADICAL CAVE;So;0;ON; 7A74;;;;N;;;;; +2F74;KANGXI RADICAL STAND;So;0;ON; 7ACB;;;;N;;;;; +2F75;KANGXI RADICAL BAMBOO;So;0;ON; 7AF9;;;;N;;;;; +2F76;KANGXI RADICAL RICE;So;0;ON; 7C73;;;;N;;;;; +2F77;KANGXI RADICAL SILK;So;0;ON; 7CF8;;;;N;;;;; +2F78;KANGXI RADICAL JAR;So;0;ON; 7F36;;;;N;;;;; +2F79;KANGXI RADICAL NET;So;0;ON; 7F51;;;;N;;;;; +2F7A;KANGXI RADICAL SHEEP;So;0;ON; 7F8A;;;;N;;;;; +2F7B;KANGXI RADICAL FEATHER;So;0;ON; 7FBD;;;;N;;;;; +2F7C;KANGXI RADICAL OLD;So;0;ON; 8001;;;;N;;;;; +2F7D;KANGXI RADICAL AND;So;0;ON; 800C;;;;N;;;;; +2F7E;KANGXI RADICAL PLOW;So;0;ON; 8012;;;;N;;;;; +2F7F;KANGXI RADICAL EAR;So;0;ON; 8033;;;;N;;;;; +2F80;KANGXI RADICAL BRUSH;So;0;ON; 807F;;;;N;;;;; +2F81;KANGXI RADICAL MEAT;So;0;ON; 8089;;;;N;;;;; +2F82;KANGXI RADICAL MINISTER;So;0;ON; 81E3;;;;N;;;;; +2F83;KANGXI RADICAL SELF;So;0;ON; 81EA;;;;N;;;;; +2F84;KANGXI RADICAL ARRIVE;So;0;ON; 81F3;;;;N;;;;; +2F85;KANGXI RADICAL MORTAR;So;0;ON; 81FC;;;;N;;;;; +2F86;KANGXI RADICAL TONGUE;So;0;ON; 820C;;;;N;;;;; +2F87;KANGXI RADICAL OPPOSE;So;0;ON; 821B;;;;N;;;;; +2F88;KANGXI RADICAL BOAT;So;0;ON; 821F;;;;N;;;;; +2F89;KANGXI RADICAL STOPPING;So;0;ON; 826E;;;;N;;;;; +2F8A;KANGXI RADICAL COLOR;So;0;ON; 8272;;;;N;;;;; +2F8B;KANGXI RADICAL GRASS;So;0;ON; 8278;;;;N;;;;; +2F8C;KANGXI RADICAL TIGER;So;0;ON; 864D;;;;N;;;;; +2F8D;KANGXI RADICAL INSECT;So;0;ON; 866B;;;;N;;;;; +2F8E;KANGXI RADICAL BLOOD;So;0;ON; 8840;;;;N;;;;; +2F8F;KANGXI RADICAL WALK ENCLOSURE;So;0;ON; 884C;;;;N;;;;; +2F90;KANGXI RADICAL CLOTHES;So;0;ON; 8863;;;;N;;;;; +2F91;KANGXI RADICAL WEST;So;0;ON; 897E;;;;N;;;;; +2F92;KANGXI RADICAL SEE;So;0;ON; 898B;;;;N;;;;; +2F93;KANGXI RADICAL HORN;So;0;ON; 89D2;;;;N;;;;; +2F94;KANGXI RADICAL SPEECH;So;0;ON; 8A00;;;;N;;;;; +2F95;KANGXI RADICAL VALLEY;So;0;ON; 8C37;;;;N;;;;; +2F96;KANGXI RADICAL BEAN;So;0;ON; 8C46;;;;N;;;;; +2F97;KANGXI RADICAL PIG;So;0;ON; 8C55;;;;N;;;;; +2F98;KANGXI RADICAL BADGER;So;0;ON; 8C78;;;;N;;;;; +2F99;KANGXI RADICAL SHELL;So;0;ON; 8C9D;;;;N;;;;; +2F9A;KANGXI RADICAL RED;So;0;ON; 8D64;;;;N;;;;; +2F9B;KANGXI RADICAL RUN;So;0;ON; 8D70;;;;N;;;;; +2F9C;KANGXI RADICAL FOOT;So;0;ON; 8DB3;;;;N;;;;; +2F9D;KANGXI RADICAL BODY;So;0;ON; 8EAB;;;;N;;;;; +2F9E;KANGXI RADICAL CART;So;0;ON; 8ECA;;;;N;;;;; +2F9F;KANGXI RADICAL BITTER;So;0;ON; 8F9B;;;;N;;;;; +2FA0;KANGXI RADICAL MORNING;So;0;ON; 8FB0;;;;N;;;;; +2FA1;KANGXI RADICAL WALK;So;0;ON; 8FB5;;;;N;;;;; +2FA2;KANGXI RADICAL CITY;So;0;ON; 9091;;;;N;;;;; +2FA3;KANGXI RADICAL WINE;So;0;ON; 9149;;;;N;;;;; +2FA4;KANGXI RADICAL DISTINGUISH;So;0;ON; 91C6;;;;N;;;;; +2FA5;KANGXI RADICAL VILLAGE;So;0;ON; 91CC;;;;N;;;;; +2FA6;KANGXI RADICAL GOLD;So;0;ON; 91D1;;;;N;;;;; +2FA7;KANGXI RADICAL LONG;So;0;ON; 9577;;;;N;;;;; +2FA8;KANGXI RADICAL GATE;So;0;ON; 9580;;;;N;;;;; +2FA9;KANGXI RADICAL MOUND;So;0;ON; 961C;;;;N;;;;; +2FAA;KANGXI RADICAL SLAVE;So;0;ON; 96B6;;;;N;;;;; +2FAB;KANGXI RADICAL SHORT TAILED BIRD;So;0;ON; 96B9;;;;N;;;;; +2FAC;KANGXI RADICAL RAIN;So;0;ON; 96E8;;;;N;;;;; +2FAD;KANGXI RADICAL BLUE;So;0;ON; 9751;;;;N;;;;; +2FAE;KANGXI RADICAL WRONG;So;0;ON; 975E;;;;N;;;;; +2FAF;KANGXI RADICAL FACE;So;0;ON; 9762;;;;N;;;;; +2FB0;KANGXI RADICAL LEATHER;So;0;ON; 9769;;;;N;;;;; +2FB1;KANGXI RADICAL TANNED LEATHER;So;0;ON; 97CB;;;;N;;;;; +2FB2;KANGXI RADICAL LEEK;So;0;ON; 97ED;;;;N;;;;; +2FB3;KANGXI RADICAL SOUND;So;0;ON; 97F3;;;;N;;;;; +2FB4;KANGXI RADICAL LEAF;So;0;ON; 9801;;;;N;;;;; +2FB5;KANGXI RADICAL WIND;So;0;ON; 98A8;;;;N;;;;; +2FB6;KANGXI RADICAL FLY;So;0;ON; 98DB;;;;N;;;;; +2FB7;KANGXI RADICAL EAT;So;0;ON; 98DF;;;;N;;;;; +2FB8;KANGXI RADICAL HEAD;So;0;ON; 9996;;;;N;;;;; +2FB9;KANGXI RADICAL FRAGRANT;So;0;ON; 9999;;;;N;;;;; +2FBA;KANGXI RADICAL HORSE;So;0;ON; 99AC;;;;N;;;;; +2FBB;KANGXI RADICAL BONE;So;0;ON; 9AA8;;;;N;;;;; +2FBC;KANGXI RADICAL TALL;So;0;ON; 9AD8;;;;N;;;;; +2FBD;KANGXI RADICAL HAIR;So;0;ON; 9ADF;;;;N;;;;; +2FBE;KANGXI RADICAL FIGHT;So;0;ON; 9B25;;;;N;;;;; +2FBF;KANGXI RADICAL SACRIFICIAL WINE;So;0;ON; 9B2F;;;;N;;;;; +2FC0;KANGXI RADICAL CAULDRON;So;0;ON; 9B32;;;;N;;;;; +2FC1;KANGXI RADICAL GHOST;So;0;ON; 9B3C;;;;N;;;;; +2FC2;KANGXI RADICAL FISH;So;0;ON; 9B5A;;;;N;;;;; +2FC3;KANGXI RADICAL BIRD;So;0;ON; 9CE5;;;;N;;;;; +2FC4;KANGXI RADICAL SALT;So;0;ON; 9E75;;;;N;;;;; +2FC5;KANGXI RADICAL DEER;So;0;ON; 9E7F;;;;N;;;;; +2FC6;KANGXI RADICAL WHEAT;So;0;ON; 9EA5;;;;N;;;;; +2FC7;KANGXI RADICAL HEMP;So;0;ON; 9EBB;;;;N;;;;; +2FC8;KANGXI RADICAL YELLOW;So;0;ON; 9EC3;;;;N;;;;; +2FC9;KANGXI RADICAL MILLET;So;0;ON; 9ECD;;;;N;;;;; +2FCA;KANGXI RADICAL BLACK;So;0;ON; 9ED1;;;;N;;;;; +2FCB;KANGXI RADICAL EMBROIDERY;So;0;ON; 9EF9;;;;N;;;;; +2FCC;KANGXI RADICAL FROG;So;0;ON; 9EFD;;;;N;;;;; +2FCD;KANGXI RADICAL TRIPOD;So;0;ON; 9F0E;;;;N;;;;; +2FCE;KANGXI RADICAL DRUM;So;0;ON; 9F13;;;;N;;;;; +2FCF;KANGXI RADICAL RAT;So;0;ON; 9F20;;;;N;;;;; +2FD0;KANGXI RADICAL NOSE;So;0;ON; 9F3B;;;;N;;;;; +2FD1;KANGXI RADICAL EVEN;So;0;ON; 9F4A;;;;N;;;;; +2FD2;KANGXI RADICAL TOOTH;So;0;ON; 9F52;;;;N;;;;; +2FD3;KANGXI RADICAL DRAGON;So;0;ON; 9F8D;;;;N;;;;; +2FD4;KANGXI RADICAL TURTLE;So;0;ON; 9F9C;;;;N;;;;; +2FD5;KANGXI RADICAL FLUTE;So;0;ON; 9FA0;;;;N;;;;; +2FF0;IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO RIGHT;So;0;ON;;;;;N;;;;; +2FF1;IDEOGRAPHIC DESCRIPTION CHARACTER ABOVE TO BELOW;So;0;ON;;;;;N;;;;; +2FF2;IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO MIDDLE AND RIGHT;So;0;ON;;;;;N;;;;; +2FF3;IDEOGRAPHIC DESCRIPTION CHARACTER ABOVE TO MIDDLE AND BELOW;So;0;ON;;;;;N;;;;; +2FF4;IDEOGRAPHIC DESCRIPTION CHARACTER FULL SURROUND;So;0;ON;;;;;N;;;;; +2FF5;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM ABOVE;So;0;ON;;;;;N;;;;; +2FF6;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM BELOW;So;0;ON;;;;;N;;;;; +2FF7;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM LEFT;So;0;ON;;;;;N;;;;; +2FF8;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM UPPER LEFT;So;0;ON;;;;;N;;;;; +2FF9;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM UPPER RIGHT;So;0;ON;;;;;N;;;;; +2FFA;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM LOWER LEFT;So;0;ON;;;;;N;;;;; +2FFB;IDEOGRAPHIC DESCRIPTION CHARACTER OVERLAID;So;0;ON;;;;;N;;;;; +3000;IDEOGRAPHIC SPACE;Zs;0;WS; 0020;;;;N;;;;; +3001;IDEOGRAPHIC COMMA;Po;0;ON;;;;;N;;;;; +3002;IDEOGRAPHIC FULL STOP;Po;0;ON;;;;;N;IDEOGRAPHIC PERIOD;;;; +3003;DITTO MARK;Po;0;ON;;;;;N;;;;; +3004;JAPANESE INDUSTRIAL STANDARD SYMBOL;So;0;ON;;;;;N;;;;; +3005;IDEOGRAPHIC ITERATION MARK;Lm;0;L;;;;;N;;;;; +3006;IDEOGRAPHIC CLOSING MARK;Lo;0;L;;;;;N;;;;; +3007;IDEOGRAPHIC NUMBER ZERO;Nl;0;L;;;;0;N;;;;; +3008;LEFT ANGLE BRACKET;Ps;0;ON;;;;;Y;OPENING ANGLE BRACKET;;;; +3009;RIGHT ANGLE BRACKET;Pe;0;ON;;;;;Y;CLOSING ANGLE BRACKET;;;; +300A;LEFT DOUBLE ANGLE BRACKET;Ps;0;ON;;;;;Y;OPENING DOUBLE ANGLE BRACKET;;;; +300B;RIGHT DOUBLE ANGLE BRACKET;Pe;0;ON;;;;;Y;CLOSING DOUBLE ANGLE BRACKET;;;; +300C;LEFT CORNER BRACKET;Ps;0;ON;;;;;Y;OPENING CORNER BRACKET;;;; +300D;RIGHT CORNER BRACKET;Pe;0;ON;;;;;Y;CLOSING CORNER BRACKET;;;; +300E;LEFT WHITE CORNER BRACKET;Ps;0;ON;;;;;Y;OPENING WHITE CORNER BRACKET;;;; +300F;RIGHT WHITE CORNER BRACKET;Pe;0;ON;;;;;Y;CLOSING WHITE CORNER BRACKET;;;; +3010;LEFT BLACK LENTICULAR BRACKET;Ps;0;ON;;;;;Y;OPENING BLACK LENTICULAR BRACKET;;;; +3011;RIGHT BLACK LENTICULAR BRACKET;Pe;0;ON;;;;;Y;CLOSING BLACK LENTICULAR BRACKET;;;; +3012;POSTAL MARK;So;0;ON;;;;;N;;;;; +3013;GETA MARK;So;0;ON;;;;;N;;;;; +3014;LEFT TORTOISE SHELL BRACKET;Ps;0;ON;;;;;Y;OPENING TORTOISE SHELL BRACKET;;;; +3015;RIGHT TORTOISE SHELL BRACKET;Pe;0;ON;;;;;Y;CLOSING TORTOISE SHELL BRACKET;;;; +3016;LEFT WHITE LENTICULAR BRACKET;Ps;0;ON;;;;;Y;OPENING WHITE LENTICULAR BRACKET;;;; +3017;RIGHT WHITE LENTICULAR BRACKET;Pe;0;ON;;;;;Y;CLOSING WHITE LENTICULAR BRACKET;;;; +3018;LEFT WHITE TORTOISE SHELL BRACKET;Ps;0;ON;;;;;Y;OPENING WHITE TORTOISE SHELL BRACKET;;;; +3019;RIGHT WHITE TORTOISE SHELL BRACKET;Pe;0;ON;;;;;Y;CLOSING WHITE TORTOISE SHELL BRACKET;;;; +301A;LEFT WHITE SQUARE BRACKET;Ps;0;ON;;;;;Y;OPENING WHITE SQUARE BRACKET;;;; +301B;RIGHT WHITE SQUARE BRACKET;Pe;0;ON;;;;;Y;CLOSING WHITE SQUARE BRACKET;;;; +301C;WAVE DASH;Pd;0;ON;;;;;N;;;;; +301D;REVERSED DOUBLE PRIME QUOTATION MARK;Ps;0;ON;;;;;N;;;;; +301E;DOUBLE PRIME QUOTATION MARK;Pe;0;ON;;;;;N;;;;; +301F;LOW DOUBLE PRIME QUOTATION MARK;Pe;0;ON;;;;;N;;;;; +3020;POSTAL MARK FACE;So;0;ON;;;;;N;;;;; +3021;HANGZHOU NUMERAL ONE;Nl;0;L;;;;1;N;;;;; +3022;HANGZHOU NUMERAL TWO;Nl;0;L;;;;2;N;;;;; +3023;HANGZHOU NUMERAL THREE;Nl;0;L;;;;3;N;;;;; +3024;HANGZHOU NUMERAL FOUR;Nl;0;L;;;;4;N;;;;; +3025;HANGZHOU NUMERAL FIVE;Nl;0;L;;;;5;N;;;;; +3026;HANGZHOU NUMERAL SIX;Nl;0;L;;;;6;N;;;;; +3027;HANGZHOU NUMERAL SEVEN;Nl;0;L;;;;7;N;;;;; +3028;HANGZHOU NUMERAL EIGHT;Nl;0;L;;;;8;N;;;;; +3029;HANGZHOU NUMERAL NINE;Nl;0;L;;;;9;N;;;;; +302A;IDEOGRAPHIC LEVEL TONE MARK;Mn;218;NSM;;;;;N;;;;; +302B;IDEOGRAPHIC RISING TONE MARK;Mn;228;NSM;;;;;N;;;;; +302C;IDEOGRAPHIC DEPARTING TONE MARK;Mn;232;NSM;;;;;N;;;;; +302D;IDEOGRAPHIC ENTERING TONE MARK;Mn;222;NSM;;;;;N;;;;; +302E;HANGUL SINGLE DOT TONE MARK;Mn;224;NSM;;;;;N;;;;; +302F;HANGUL DOUBLE DOT TONE MARK;Mn;224;NSM;;;;;N;;;;; +3030;WAVY DASH;Pd;0;ON;;;;;N;;;;; +3031;VERTICAL KANA REPEAT MARK;Lm;0;L;;;;;N;;;;; +3032;VERTICAL KANA REPEAT WITH VOICED SOUND MARK;Lm;0;L;;;;;N;;;;; +3033;VERTICAL KANA REPEAT MARK UPPER HALF;Lm;0;L;;;;;N;;;;; +3034;VERTICAL KANA REPEAT WITH VOICED SOUND MARK UPPER HALF;Lm;0;L;;;;;N;;;;; +3035;VERTICAL KANA REPEAT MARK LOWER HALF;Lm;0;L;;;;;N;;;;; +3036;CIRCLED POSTAL MARK;So;0;ON; 3012;;;;N;;;;; +3037;IDEOGRAPHIC TELEGRAPH LINE FEED SEPARATOR SYMBOL;So;0;ON;;;;;N;;;;; +3038;HANGZHOU NUMERAL TEN;Nl;0;L; 5341;;;10;N;;;;; +3039;HANGZHOU NUMERAL TWENTY;Nl;0;L; 5344;;;20;N;;;;; +303A;HANGZHOU NUMERAL THIRTY;Nl;0;L; 5345;;;30;N;;;;; +303B;VERTICAL IDEOGRAPHIC ITERATION MARK;Lm;0;L;;;;;N;;;;; +303C;MASU MARK;Lo;0;L;;;;;N;;;;; +303D;PART ALTERNATION MARK;Po;0;ON;;;;;N;;;;; +303E;IDEOGRAPHIC VARIATION INDICATOR;So;0;ON;;;;;N;;;;; +303F;IDEOGRAPHIC HALF FILL SPACE;So;0;ON;;;;;N;;;;; +3041;HIRAGANA LETTER SMALL A;Lo;0;L;;;;;N;;;;; +3042;HIRAGANA LETTER A;Lo;0;L;;;;;N;;;;; +3043;HIRAGANA LETTER SMALL I;Lo;0;L;;;;;N;;;;; +3044;HIRAGANA LETTER I;Lo;0;L;;;;;N;;;;; +3045;HIRAGANA LETTER SMALL U;Lo;0;L;;;;;N;;;;; +3046;HIRAGANA LETTER U;Lo;0;L;;;;;N;;;;; +3047;HIRAGANA LETTER SMALL E;Lo;0;L;;;;;N;;;;; +3048;HIRAGANA LETTER E;Lo;0;L;;;;;N;;;;; +3049;HIRAGANA LETTER SMALL O;Lo;0;L;;;;;N;;;;; +304A;HIRAGANA LETTER O;Lo;0;L;;;;;N;;;;; +304B;HIRAGANA LETTER KA;Lo;0;L;;;;;N;;;;; +304C;HIRAGANA LETTER GA;Lo;0;L;304B 3099;;;;N;;;;; +304D;HIRAGANA LETTER KI;Lo;0;L;;;;;N;;;;; +304E;HIRAGANA LETTER GI;Lo;0;L;304D 3099;;;;N;;;;; +304F;HIRAGANA LETTER KU;Lo;0;L;;;;;N;;;;; +3050;HIRAGANA LETTER GU;Lo;0;L;304F 3099;;;;N;;;;; +3051;HIRAGANA LETTER KE;Lo;0;L;;;;;N;;;;; +3052;HIRAGANA LETTER GE;Lo;0;L;3051 3099;;;;N;;;;; +3053;HIRAGANA LETTER KO;Lo;0;L;;;;;N;;;;; +3054;HIRAGANA LETTER GO;Lo;0;L;3053 3099;;;;N;;;;; +3055;HIRAGANA LETTER SA;Lo;0;L;;;;;N;;;;; +3056;HIRAGANA LETTER ZA;Lo;0;L;3055 3099;;;;N;;;;; +3057;HIRAGANA LETTER SI;Lo;0;L;;;;;N;;;;; +3058;HIRAGANA LETTER ZI;Lo;0;L;3057 3099;;;;N;;;;; +3059;HIRAGANA LETTER SU;Lo;0;L;;;;;N;;;;; +305A;HIRAGANA LETTER ZU;Lo;0;L;3059 3099;;;;N;;;;; +305B;HIRAGANA LETTER SE;Lo;0;L;;;;;N;;;;; +305C;HIRAGANA LETTER ZE;Lo;0;L;305B 3099;;;;N;;;;; +305D;HIRAGANA LETTER SO;Lo;0;L;;;;;N;;;;; +305E;HIRAGANA LETTER ZO;Lo;0;L;305D 3099;;;;N;;;;; +305F;HIRAGANA LETTER TA;Lo;0;L;;;;;N;;;;; +3060;HIRAGANA LETTER DA;Lo;0;L;305F 3099;;;;N;;;;; +3061;HIRAGANA LETTER TI;Lo;0;L;;;;;N;;;;; +3062;HIRAGANA LETTER DI;Lo;0;L;3061 3099;;;;N;;;;; +3063;HIRAGANA LETTER SMALL TU;Lo;0;L;;;;;N;;;;; +3064;HIRAGANA LETTER TU;Lo;0;L;;;;;N;;;;; +3065;HIRAGANA LETTER DU;Lo;0;L;3064 3099;;;;N;;;;; +3066;HIRAGANA LETTER TE;Lo;0;L;;;;;N;;;;; +3067;HIRAGANA LETTER DE;Lo;0;L;3066 3099;;;;N;;;;; +3068;HIRAGANA LETTER TO;Lo;0;L;;;;;N;;;;; +3069;HIRAGANA LETTER DO;Lo;0;L;3068 3099;;;;N;;;;; +306A;HIRAGANA LETTER NA;Lo;0;L;;;;;N;;;;; +306B;HIRAGANA LETTER NI;Lo;0;L;;;;;N;;;;; +306C;HIRAGANA LETTER NU;Lo;0;L;;;;;N;;;;; +306D;HIRAGANA LETTER NE;Lo;0;L;;;;;N;;;;; +306E;HIRAGANA LETTER NO;Lo;0;L;;;;;N;;;;; +306F;HIRAGANA LETTER HA;Lo;0;L;;;;;N;;;;; +3070;HIRAGANA LETTER BA;Lo;0;L;306F 3099;;;;N;;;;; +3071;HIRAGANA LETTER PA;Lo;0;L;306F 309A;;;;N;;;;; +3072;HIRAGANA LETTER HI;Lo;0;L;;;;;N;;;;; +3073;HIRAGANA LETTER BI;Lo;0;L;3072 3099;;;;N;;;;; +3074;HIRAGANA LETTER PI;Lo;0;L;3072 309A;;;;N;;;;; +3075;HIRAGANA LETTER HU;Lo;0;L;;;;;N;;;;; +3076;HIRAGANA LETTER BU;Lo;0;L;3075 3099;;;;N;;;;; +3077;HIRAGANA LETTER PU;Lo;0;L;3075 309A;;;;N;;;;; +3078;HIRAGANA LETTER HE;Lo;0;L;;;;;N;;;;; +3079;HIRAGANA LETTER BE;Lo;0;L;3078 3099;;;;N;;;;; +307A;HIRAGANA LETTER PE;Lo;0;L;3078 309A;;;;N;;;;; +307B;HIRAGANA LETTER HO;Lo;0;L;;;;;N;;;;; +307C;HIRAGANA LETTER BO;Lo;0;L;307B 3099;;;;N;;;;; +307D;HIRAGANA LETTER PO;Lo;0;L;307B 309A;;;;N;;;;; +307E;HIRAGANA LETTER MA;Lo;0;L;;;;;N;;;;; +307F;HIRAGANA LETTER MI;Lo;0;L;;;;;N;;;;; +3080;HIRAGANA LETTER MU;Lo;0;L;;;;;N;;;;; +3081;HIRAGANA LETTER ME;Lo;0;L;;;;;N;;;;; +3082;HIRAGANA LETTER MO;Lo;0;L;;;;;N;;;;; +3083;HIRAGANA LETTER SMALL YA;Lo;0;L;;;;;N;;;;; +3084;HIRAGANA LETTER YA;Lo;0;L;;;;;N;;;;; +3085;HIRAGANA LETTER SMALL YU;Lo;0;L;;;;;N;;;;; +3086;HIRAGANA LETTER YU;Lo;0;L;;;;;N;;;;; +3087;HIRAGANA LETTER SMALL YO;Lo;0;L;;;;;N;;;;; +3088;HIRAGANA LETTER YO;Lo;0;L;;;;;N;;;;; +3089;HIRAGANA LETTER RA;Lo;0;L;;;;;N;;;;; +308A;HIRAGANA LETTER RI;Lo;0;L;;;;;N;;;;; +308B;HIRAGANA LETTER RU;Lo;0;L;;;;;N;;;;; +308C;HIRAGANA LETTER RE;Lo;0;L;;;;;N;;;;; +308D;HIRAGANA LETTER RO;Lo;0;L;;;;;N;;;;; +308E;HIRAGANA LETTER SMALL WA;Lo;0;L;;;;;N;;;;; +308F;HIRAGANA LETTER WA;Lo;0;L;;;;;N;;;;; +3090;HIRAGANA LETTER WI;Lo;0;L;;;;;N;;;;; +3091;HIRAGANA LETTER WE;Lo;0;L;;;;;N;;;;; +3092;HIRAGANA LETTER WO;Lo;0;L;;;;;N;;;;; +3093;HIRAGANA LETTER N;Lo;0;L;;;;;N;;;;; +3094;HIRAGANA LETTER VU;Lo;0;L;3046 3099;;;;N;;;;; +3095;HIRAGANA LETTER SMALL KA;Lo;0;L;;;;;N;;;;; +3096;HIRAGANA LETTER SMALL KE;Lo;0;L;;;;;N;;;;; +3099;COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK;Mn;8;NSM;;;;;N;NON-SPACING KATAKANA-HIRAGANA VOICED SOUND MARK;;;; +309A;COMBINING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK;Mn;8;NSM;;;;;N;NON-SPACING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK;;;; +309B;KATAKANA-HIRAGANA VOICED SOUND MARK;Sk;0;ON; 0020 3099;;;;N;;;;; +309C;KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK;Sk;0;ON; 0020 309A;;;;N;;;;; +309D;HIRAGANA ITERATION MARK;Lm;0;L;;;;;N;;;;; +309E;HIRAGANA VOICED ITERATION MARK;Lm;0;L;309D 3099;;;;N;;;;; +309F;HIRAGANA DIGRAPH YORI;Lo;0;L; 3088 308A;;;;N;;;;; +30A0;KATAKANA-HIRAGANA DOUBLE HYPHEN;Pd;0;ON;;;;;N;;;;; +30A1;KATAKANA LETTER SMALL A;Lo;0;L;;;;;N;;;;; +30A2;KATAKANA LETTER A;Lo;0;L;;;;;N;;;;; +30A3;KATAKANA LETTER SMALL I;Lo;0;L;;;;;N;;;;; +30A4;KATAKANA LETTER I;Lo;0;L;;;;;N;;;;; +30A5;KATAKANA LETTER SMALL U;Lo;0;L;;;;;N;;;;; +30A6;KATAKANA LETTER U;Lo;0;L;;;;;N;;;;; +30A7;KATAKANA LETTER SMALL E;Lo;0;L;;;;;N;;;;; +30A8;KATAKANA LETTER E;Lo;0;L;;;;;N;;;;; +30A9;KATAKANA LETTER SMALL O;Lo;0;L;;;;;N;;;;; +30AA;KATAKANA LETTER O;Lo;0;L;;;;;N;;;;; +30AB;KATAKANA LETTER KA;Lo;0;L;;;;;N;;;;; +30AC;KATAKANA LETTER GA;Lo;0;L;30AB 3099;;;;N;;;;; +30AD;KATAKANA LETTER KI;Lo;0;L;;;;;N;;;;; +30AE;KATAKANA LETTER GI;Lo;0;L;30AD 3099;;;;N;;;;; +30AF;KATAKANA LETTER KU;Lo;0;L;;;;;N;;;;; +30B0;KATAKANA LETTER GU;Lo;0;L;30AF 3099;;;;N;;;;; +30B1;KATAKANA LETTER KE;Lo;0;L;;;;;N;;;;; +30B2;KATAKANA LETTER GE;Lo;0;L;30B1 3099;;;;N;;;;; +30B3;KATAKANA LETTER KO;Lo;0;L;;;;;N;;;;; +30B4;KATAKANA LETTER GO;Lo;0;L;30B3 3099;;;;N;;;;; +30B5;KATAKANA LETTER SA;Lo;0;L;;;;;N;;;;; +30B6;KATAKANA LETTER ZA;Lo;0;L;30B5 3099;;;;N;;;;; +30B7;KATAKANA LETTER SI;Lo;0;L;;;;;N;;;;; +30B8;KATAKANA LETTER ZI;Lo;0;L;30B7 3099;;;;N;;;;; +30B9;KATAKANA LETTER SU;Lo;0;L;;;;;N;;;;; +30BA;KATAKANA LETTER ZU;Lo;0;L;30B9 3099;;;;N;;;;; +30BB;KATAKANA LETTER SE;Lo;0;L;;;;;N;;;;; +30BC;KATAKANA LETTER ZE;Lo;0;L;30BB 3099;;;;N;;;;; +30BD;KATAKANA LETTER SO;Lo;0;L;;;;;N;;;;; +30BE;KATAKANA LETTER ZO;Lo;0;L;30BD 3099;;;;N;;;;; +30BF;KATAKANA LETTER TA;Lo;0;L;;;;;N;;;;; +30C0;KATAKANA LETTER DA;Lo;0;L;30BF 3099;;;;N;;;;; +30C1;KATAKANA LETTER TI;Lo;0;L;;;;;N;;;;; +30C2;KATAKANA LETTER DI;Lo;0;L;30C1 3099;;;;N;;;;; +30C3;KATAKANA LETTER SMALL TU;Lo;0;L;;;;;N;;;;; +30C4;KATAKANA LETTER TU;Lo;0;L;;;;;N;;;;; +30C5;KATAKANA LETTER DU;Lo;0;L;30C4 3099;;;;N;;;;; +30C6;KATAKANA LETTER TE;Lo;0;L;;;;;N;;;;; +30C7;KATAKANA LETTER DE;Lo;0;L;30C6 3099;;;;N;;;;; +30C8;KATAKANA LETTER TO;Lo;0;L;;;;;N;;;;; +30C9;KATAKANA LETTER DO;Lo;0;L;30C8 3099;;;;N;;;;; +30CA;KATAKANA LETTER NA;Lo;0;L;;;;;N;;;;; +30CB;KATAKANA LETTER NI;Lo;0;L;;;;;N;;;;; +30CC;KATAKANA LETTER NU;Lo;0;L;;;;;N;;;;; +30CD;KATAKANA LETTER NE;Lo;0;L;;;;;N;;;;; +30CE;KATAKANA LETTER NO;Lo;0;L;;;;;N;;;;; +30CF;KATAKANA LETTER HA;Lo;0;L;;;;;N;;;;; +30D0;KATAKANA LETTER BA;Lo;0;L;30CF 3099;;;;N;;;;; +30D1;KATAKANA LETTER PA;Lo;0;L;30CF 309A;;;;N;;;;; +30D2;KATAKANA LETTER HI;Lo;0;L;;;;;N;;;;; +30D3;KATAKANA LETTER BI;Lo;0;L;30D2 3099;;;;N;;;;; +30D4;KATAKANA LETTER PI;Lo;0;L;30D2 309A;;;;N;;;;; +30D5;KATAKANA LETTER HU;Lo;0;L;;;;;N;;;;; +30D6;KATAKANA LETTER BU;Lo;0;L;30D5 3099;;;;N;;;;; +30D7;KATAKANA LETTER PU;Lo;0;L;30D5 309A;;;;N;;;;; +30D8;KATAKANA LETTER HE;Lo;0;L;;;;;N;;;;; +30D9;KATAKANA LETTER BE;Lo;0;L;30D8 3099;;;;N;;;;; +30DA;KATAKANA LETTER PE;Lo;0;L;30D8 309A;;;;N;;;;; +30DB;KATAKANA LETTER HO;Lo;0;L;;;;;N;;;;; +30DC;KATAKANA LETTER BO;Lo;0;L;30DB 3099;;;;N;;;;; +30DD;KATAKANA LETTER PO;Lo;0;L;30DB 309A;;;;N;;;;; +30DE;KATAKANA LETTER MA;Lo;0;L;;;;;N;;;;; +30DF;KATAKANA LETTER MI;Lo;0;L;;;;;N;;;;; +30E0;KATAKANA LETTER MU;Lo;0;L;;;;;N;;;;; +30E1;KATAKANA LETTER ME;Lo;0;L;;;;;N;;;;; +30E2;KATAKANA LETTER MO;Lo;0;L;;;;;N;;;;; +30E3;KATAKANA LETTER SMALL YA;Lo;0;L;;;;;N;;;;; +30E4;KATAKANA LETTER YA;Lo;0;L;;;;;N;;;;; +30E5;KATAKANA LETTER SMALL YU;Lo;0;L;;;;;N;;;;; +30E6;KATAKANA LETTER YU;Lo;0;L;;;;;N;;;;; +30E7;KATAKANA LETTER SMALL YO;Lo;0;L;;;;;N;;;;; +30E8;KATAKANA LETTER YO;Lo;0;L;;;;;N;;;;; +30E9;KATAKANA LETTER RA;Lo;0;L;;;;;N;;;;; +30EA;KATAKANA LETTER RI;Lo;0;L;;;;;N;;;;; +30EB;KATAKANA LETTER RU;Lo;0;L;;;;;N;;;;; +30EC;KATAKANA LETTER RE;Lo;0;L;;;;;N;;;;; +30ED;KATAKANA LETTER RO;Lo;0;L;;;;;N;;;;; +30EE;KATAKANA LETTER SMALL WA;Lo;0;L;;;;;N;;;;; +30EF;KATAKANA LETTER WA;Lo;0;L;;;;;N;;;;; +30F0;KATAKANA LETTER WI;Lo;0;L;;;;;N;;;;; +30F1;KATAKANA LETTER WE;Lo;0;L;;;;;N;;;;; +30F2;KATAKANA LETTER WO;Lo;0;L;;;;;N;;;;; +30F3;KATAKANA LETTER N;Lo;0;L;;;;;N;;;;; +30F4;KATAKANA LETTER VU;Lo;0;L;30A6 3099;;;;N;;;;; +30F5;KATAKANA LETTER SMALL KA;Lo;0;L;;;;;N;;;;; +30F6;KATAKANA LETTER SMALL KE;Lo;0;L;;;;;N;;;;; +30F7;KATAKANA LETTER VA;Lo;0;L;30EF 3099;;;;N;;;;; +30F8;KATAKANA LETTER VI;Lo;0;L;30F0 3099;;;;N;;;;; +30F9;KATAKANA LETTER VE;Lo;0;L;30F1 3099;;;;N;;;;; +30FA;KATAKANA LETTER VO;Lo;0;L;30F2 3099;;;;N;;;;; +30FB;KATAKANA MIDDLE DOT;Pc;0;ON;;;;;N;;;;; +30FC;KATAKANA-HIRAGANA PROLONGED SOUND MARK;Lm;0;L;;;;;N;;;;; +30FD;KATAKANA ITERATION MARK;Lm;0;L;;;;;N;;;;; +30FE;KATAKANA VOICED ITERATION MARK;Lm;0;L;30FD 3099;;;;N;;;;; +30FF;KATAKANA DIGRAPH KOTO;Lo;0;L; 30B3 30C8;;;;N;;;;; +3105;BOPOMOFO LETTER B;Lo;0;L;;;;;N;;;;; +3106;BOPOMOFO LETTER P;Lo;0;L;;;;;N;;;;; +3107;BOPOMOFO LETTER M;Lo;0;L;;;;;N;;;;; +3108;BOPOMOFO LETTER F;Lo;0;L;;;;;N;;;;; +3109;BOPOMOFO LETTER D;Lo;0;L;;;;;N;;;;; +310A;BOPOMOFO LETTER T;Lo;0;L;;;;;N;;;;; +310B;BOPOMOFO LETTER N;Lo;0;L;;;;;N;;;;; +310C;BOPOMOFO LETTER L;Lo;0;L;;;;;N;;;;; +310D;BOPOMOFO LETTER G;Lo;0;L;;;;;N;;;;; +310E;BOPOMOFO LETTER K;Lo;0;L;;;;;N;;;;; +310F;BOPOMOFO LETTER H;Lo;0;L;;;;;N;;;;; +3110;BOPOMOFO LETTER J;Lo;0;L;;;;;N;;;;; +3111;BOPOMOFO LETTER Q;Lo;0;L;;;;;N;;;;; +3112;BOPOMOFO LETTER X;Lo;0;L;;;;;N;;;;; +3113;BOPOMOFO LETTER ZH;Lo;0;L;;;;;N;;;;; +3114;BOPOMOFO LETTER CH;Lo;0;L;;;;;N;;;;; +3115;BOPOMOFO LETTER SH;Lo;0;L;;;;;N;;;;; +3116;BOPOMOFO LETTER R;Lo;0;L;;;;;N;;;;; +3117;BOPOMOFO LETTER Z;Lo;0;L;;;;;N;;;;; +3118;BOPOMOFO LETTER C;Lo;0;L;;;;;N;;;;; +3119;BOPOMOFO LETTER S;Lo;0;L;;;;;N;;;;; +311A;BOPOMOFO LETTER A;Lo;0;L;;;;;N;;;;; +311B;BOPOMOFO LETTER O;Lo;0;L;;;;;N;;;;; +311C;BOPOMOFO LETTER E;Lo;0;L;;;;;N;;;;; +311D;BOPOMOFO LETTER EH;Lo;0;L;;;;;N;;;;; +311E;BOPOMOFO LETTER AI;Lo;0;L;;;;;N;;;;; +311F;BOPOMOFO LETTER EI;Lo;0;L;;;;;N;;;;; +3120;BOPOMOFO LETTER AU;Lo;0;L;;;;;N;;;;; +3121;BOPOMOFO LETTER OU;Lo;0;L;;;;;N;;;;; +3122;BOPOMOFO LETTER AN;Lo;0;L;;;;;N;;;;; +3123;BOPOMOFO LETTER EN;Lo;0;L;;;;;N;;;;; +3124;BOPOMOFO LETTER ANG;Lo;0;L;;;;;N;;;;; +3125;BOPOMOFO LETTER ENG;Lo;0;L;;;;;N;;;;; +3126;BOPOMOFO LETTER ER;Lo;0;L;;;;;N;;;;; +3127;BOPOMOFO LETTER I;Lo;0;L;;;;;N;;;;; +3128;BOPOMOFO LETTER U;Lo;0;L;;;;;N;;;;; +3129;BOPOMOFO LETTER IU;Lo;0;L;;;;;N;;;;; +312A;BOPOMOFO LETTER V;Lo;0;L;;;;;N;;;;; +312B;BOPOMOFO LETTER NG;Lo;0;L;;;;;N;;;;; +312C;BOPOMOFO LETTER GN;Lo;0;L;;;;;N;;;;; +3131;HANGUL LETTER KIYEOK;Lo;0;L; 1100;;;;N;HANGUL LETTER GIYEOG;;;; +3132;HANGUL LETTER SSANGKIYEOK;Lo;0;L; 1101;;;;N;HANGUL LETTER SSANG GIYEOG;;;; +3133;HANGUL LETTER KIYEOK-SIOS;Lo;0;L; 11AA;;;;N;HANGUL LETTER GIYEOG SIOS;;;; +3134;HANGUL LETTER NIEUN;Lo;0;L; 1102;;;;N;;;;; +3135;HANGUL LETTER NIEUN-CIEUC;Lo;0;L; 11AC;;;;N;HANGUL LETTER NIEUN JIEUJ;;;; +3136;HANGUL LETTER NIEUN-HIEUH;Lo;0;L; 11AD;;;;N;HANGUL LETTER NIEUN HIEUH;;;; +3137;HANGUL LETTER TIKEUT;Lo;0;L; 1103;;;;N;HANGUL LETTER DIGEUD;;;; +3138;HANGUL LETTER SSANGTIKEUT;Lo;0;L; 1104;;;;N;HANGUL LETTER SSANG DIGEUD;;;; +3139;HANGUL LETTER RIEUL;Lo;0;L; 1105;;;;N;HANGUL LETTER LIEUL;;;; +313A;HANGUL LETTER RIEUL-KIYEOK;Lo;0;L; 11B0;;;;N;HANGUL LETTER LIEUL GIYEOG;;;; +313B;HANGUL LETTER RIEUL-MIEUM;Lo;0;L; 11B1;;;;N;HANGUL LETTER LIEUL MIEUM;;;; +313C;HANGUL LETTER RIEUL-PIEUP;Lo;0;L; 11B2;;;;N;HANGUL LETTER LIEUL BIEUB;;;; +313D;HANGUL LETTER RIEUL-SIOS;Lo;0;L; 11B3;;;;N;HANGUL LETTER LIEUL SIOS;;;; +313E;HANGUL LETTER RIEUL-THIEUTH;Lo;0;L; 11B4;;;;N;HANGUL LETTER LIEUL TIEUT;;;; +313F;HANGUL LETTER RIEUL-PHIEUPH;Lo;0;L; 11B5;;;;N;HANGUL LETTER LIEUL PIEUP;;;; +3140;HANGUL LETTER RIEUL-HIEUH;Lo;0;L; 111A;;;;N;HANGUL LETTER LIEUL HIEUH;;;; +3141;HANGUL LETTER MIEUM;Lo;0;L; 1106;;;;N;;;;; +3142;HANGUL LETTER PIEUP;Lo;0;L; 1107;;;;N;HANGUL LETTER BIEUB;;;; +3143;HANGUL LETTER SSANGPIEUP;Lo;0;L; 1108;;;;N;HANGUL LETTER SSANG BIEUB;;;; +3144;HANGUL LETTER PIEUP-SIOS;Lo;0;L; 1121;;;;N;HANGUL LETTER BIEUB SIOS;;;; +3145;HANGUL LETTER SIOS;Lo;0;L; 1109;;;;N;;;;; +3146;HANGUL LETTER SSANGSIOS;Lo;0;L; 110A;;;;N;HANGUL LETTER SSANG SIOS;;;; +3147;HANGUL LETTER IEUNG;Lo;0;L; 110B;;;;N;;;;; +3148;HANGUL LETTER CIEUC;Lo;0;L; 110C;;;;N;HANGUL LETTER JIEUJ;;;; +3149;HANGUL LETTER SSANGCIEUC;Lo;0;L; 110D;;;;N;HANGUL LETTER SSANG JIEUJ;;;; +314A;HANGUL LETTER CHIEUCH;Lo;0;L; 110E;;;;N;HANGUL LETTER CIEUC;;;; +314B;HANGUL LETTER KHIEUKH;Lo;0;L; 110F;;;;N;HANGUL LETTER KIYEOK;;;; +314C;HANGUL LETTER THIEUTH;Lo;0;L; 1110;;;;N;HANGUL LETTER TIEUT;;;; +314D;HANGUL LETTER PHIEUPH;Lo;0;L; 1111;;;;N;HANGUL LETTER PIEUP;;;; +314E;HANGUL LETTER HIEUH;Lo;0;L; 1112;;;;N;;;;; +314F;HANGUL LETTER A;Lo;0;L; 1161;;;;N;;;;; +3150;HANGUL LETTER AE;Lo;0;L; 1162;;;;N;;;;; +3151;HANGUL LETTER YA;Lo;0;L; 1163;;;;N;;;;; +3152;HANGUL LETTER YAE;Lo;0;L; 1164;;;;N;;;;; +3153;HANGUL LETTER EO;Lo;0;L; 1165;;;;N;;;;; +3154;HANGUL LETTER E;Lo;0;L; 1166;;;;N;;;;; +3155;HANGUL LETTER YEO;Lo;0;L; 1167;;;;N;;;;; +3156;HANGUL LETTER YE;Lo;0;L; 1168;;;;N;;;;; +3157;HANGUL LETTER O;Lo;0;L; 1169;;;;N;;;;; +3158;HANGUL LETTER WA;Lo;0;L; 116A;;;;N;;;;; +3159;HANGUL LETTER WAE;Lo;0;L; 116B;;;;N;;;;; +315A;HANGUL LETTER OE;Lo;0;L; 116C;;;;N;;;;; +315B;HANGUL LETTER YO;Lo;0;L; 116D;;;;N;;;;; +315C;HANGUL LETTER U;Lo;0;L; 116E;;;;N;;;;; +315D;HANGUL LETTER WEO;Lo;0;L; 116F;;;;N;;;;; +315E;HANGUL LETTER WE;Lo;0;L; 1170;;;;N;;;;; +315F;HANGUL LETTER WI;Lo;0;L; 1171;;;;N;;;;; +3160;HANGUL LETTER YU;Lo;0;L; 1172;;;;N;;;;; +3161;HANGUL LETTER EU;Lo;0;L; 1173;;;;N;;;;; +3162;HANGUL LETTER YI;Lo;0;L; 1174;;;;N;;;;; +3163;HANGUL LETTER I;Lo;0;L; 1175;;;;N;;;;; +3164;HANGUL FILLER;Lo;0;L; 1160;;;;N;HANGUL CAE OM;;;; +3165;HANGUL LETTER SSANGNIEUN;Lo;0;L; 1114;;;;N;HANGUL LETTER SSANG NIEUN;;;; +3166;HANGUL LETTER NIEUN-TIKEUT;Lo;0;L; 1115;;;;N;HANGUL LETTER NIEUN DIGEUD;;;; +3167;HANGUL LETTER NIEUN-SIOS;Lo;0;L; 11C7;;;;N;HANGUL LETTER NIEUN SIOS;;;; +3168;HANGUL LETTER NIEUN-PANSIOS;Lo;0;L; 11C8;;;;N;HANGUL LETTER NIEUN BAN CHI EUM;;;; +3169;HANGUL LETTER RIEUL-KIYEOK-SIOS;Lo;0;L; 11CC;;;;N;HANGUL LETTER LIEUL GIYEOG SIOS;;;; +316A;HANGUL LETTER RIEUL-TIKEUT;Lo;0;L; 11CE;;;;N;HANGUL LETTER LIEUL DIGEUD;;;; +316B;HANGUL LETTER RIEUL-PIEUP-SIOS;Lo;0;L; 11D3;;;;N;HANGUL LETTER LIEUL BIEUB SIOS;;;; +316C;HANGUL LETTER RIEUL-PANSIOS;Lo;0;L; 11D7;;;;N;HANGUL LETTER LIEUL BAN CHI EUM;;;; +316D;HANGUL LETTER RIEUL-YEORINHIEUH;Lo;0;L; 11D9;;;;N;HANGUL LETTER LIEUL YEOLIN HIEUH;;;; +316E;HANGUL LETTER MIEUM-PIEUP;Lo;0;L; 111C;;;;N;HANGUL LETTER MIEUM BIEUB;;;; +316F;HANGUL LETTER MIEUM-SIOS;Lo;0;L; 11DD;;;;N;HANGUL LETTER MIEUM SIOS;;;; +3170;HANGUL LETTER MIEUM-PANSIOS;Lo;0;L; 11DF;;;;N;HANGUL LETTER BIEUB BAN CHI EUM;;;; +3171;HANGUL LETTER KAPYEOUNMIEUM;Lo;0;L; 111D;;;;N;HANGUL LETTER MIEUM SUN GYEONG EUM;;;; +3172;HANGUL LETTER PIEUP-KIYEOK;Lo;0;L; 111E;;;;N;HANGUL LETTER BIEUB GIYEOG;;;; +3173;HANGUL LETTER PIEUP-TIKEUT;Lo;0;L; 1120;;;;N;HANGUL LETTER BIEUB DIGEUD;;;; +3174;HANGUL LETTER PIEUP-SIOS-KIYEOK;Lo;0;L; 1122;;;;N;HANGUL LETTER BIEUB SIOS GIYEOG;;;; +3175;HANGUL LETTER PIEUP-SIOS-TIKEUT;Lo;0;L; 1123;;;;N;HANGUL LETTER BIEUB SIOS DIGEUD;;;; +3176;HANGUL LETTER PIEUP-CIEUC;Lo;0;L; 1127;;;;N;HANGUL LETTER BIEUB JIEUJ;;;; +3177;HANGUL LETTER PIEUP-THIEUTH;Lo;0;L; 1129;;;;N;HANGUL LETTER BIEUB TIEUT;;;; +3178;HANGUL LETTER KAPYEOUNPIEUP;Lo;0;L; 112B;;;;N;HANGUL LETTER BIEUB SUN GYEONG EUM;;;; +3179;HANGUL LETTER KAPYEOUNSSANGPIEUP;Lo;0;L; 112C;;;;N;HANGUL LETTER SSANG BIEUB SUN GYEONG EUM;;;; +317A;HANGUL LETTER SIOS-KIYEOK;Lo;0;L; 112D;;;;N;HANGUL LETTER SIOS GIYEOG;;;; +317B;HANGUL LETTER SIOS-NIEUN;Lo;0;L; 112E;;;;N;HANGUL LETTER SIOS NIEUN;;;; +317C;HANGUL LETTER SIOS-TIKEUT;Lo;0;L; 112F;;;;N;HANGUL LETTER SIOS DIGEUD;;;; +317D;HANGUL LETTER SIOS-PIEUP;Lo;0;L; 1132;;;;N;HANGUL LETTER SIOS BIEUB;;;; +317E;HANGUL LETTER SIOS-CIEUC;Lo;0;L; 1136;;;;N;HANGUL LETTER SIOS JIEUJ;;;; +317F;HANGUL LETTER PANSIOS;Lo;0;L; 1140;;;;N;HANGUL LETTER BAN CHI EUM;;;; +3180;HANGUL LETTER SSANGIEUNG;Lo;0;L; 1147;;;;N;HANGUL LETTER SSANG IEUNG;;;; +3181;HANGUL LETTER YESIEUNG;Lo;0;L; 114C;;;;N;HANGUL LETTER NGIEUNG;;;; +3182;HANGUL LETTER YESIEUNG-SIOS;Lo;0;L; 11F1;;;;N;HANGUL LETTER NGIEUNG SIOS;;;; +3183;HANGUL LETTER YESIEUNG-PANSIOS;Lo;0;L; 11F2;;;;N;HANGUL LETTER NGIEUNG BAN CHI EUM;;;; +3184;HANGUL LETTER KAPYEOUNPHIEUPH;Lo;0;L; 1157;;;;N;HANGUL LETTER PIEUP SUN GYEONG EUM;;;; +3185;HANGUL LETTER SSANGHIEUH;Lo;0;L; 1158;;;;N;HANGUL LETTER SSANG HIEUH;;;; +3186;HANGUL LETTER YEORINHIEUH;Lo;0;L; 1159;;;;N;HANGUL LETTER YEOLIN HIEUH;;;; +3187;HANGUL LETTER YO-YA;Lo;0;L; 1184;;;;N;HANGUL LETTER YOYA;;;; +3188;HANGUL LETTER YO-YAE;Lo;0;L; 1185;;;;N;HANGUL LETTER YOYAE;;;; +3189;HANGUL LETTER YO-I;Lo;0;L; 1188;;;;N;HANGUL LETTER YOI;;;; +318A;HANGUL LETTER YU-YEO;Lo;0;L; 1191;;;;N;HANGUL LETTER YUYEO;;;; +318B;HANGUL LETTER YU-YE;Lo;0;L; 1192;;;;N;HANGUL LETTER YUYE;;;; +318C;HANGUL LETTER YU-I;Lo;0;L; 1194;;;;N;HANGUL LETTER YUI;;;; +318D;HANGUL LETTER ARAEA;Lo;0;L; 119E;;;;N;HANGUL LETTER ALAE A;;;; +318E;HANGUL LETTER ARAEAE;Lo;0;L; 11A1;;;;N;HANGUL LETTER ALAE AE;;;; +3190;IDEOGRAPHIC ANNOTATION LINKING MARK;So;0;L;;;;;N;KANBUN TATETEN;Kanbun Tateten;;; +3191;IDEOGRAPHIC ANNOTATION REVERSE MARK;So;0;L;;;;;N;KAERITEN RE;Kaeriten;;; +3192;IDEOGRAPHIC ANNOTATION ONE MARK;No;0;L; 4E00;;;1;N;KAERITEN ITI;Kaeriten;;; +3193;IDEOGRAPHIC ANNOTATION TWO MARK;No;0;L; 4E8C;;;2;N;KAERITEN NI;Kaeriten;;; +3194;IDEOGRAPHIC ANNOTATION THREE MARK;No;0;L; 4E09;;;3;N;KAERITEN SAN;Kaeriten;;; +3195;IDEOGRAPHIC ANNOTATION FOUR MARK;No;0;L; 56DB;;;4;N;KAERITEN SI;Kaeriten;;; +3196;IDEOGRAPHIC ANNOTATION TOP MARK;So;0;L; 4E0A;;;;N;KAERITEN ZYOU;Kaeriten;;; +3197;IDEOGRAPHIC ANNOTATION MIDDLE MARK;So;0;L; 4E2D;;;;N;KAERITEN TYUU;Kaeriten;;; +3198;IDEOGRAPHIC ANNOTATION BOTTOM MARK;So;0;L; 4E0B;;;;N;KAERITEN GE;Kaeriten;;; +3199;IDEOGRAPHIC ANNOTATION FIRST MARK;So;0;L; 7532;;;;N;KAERITEN KOU;Kaeriten;;; +319A;IDEOGRAPHIC ANNOTATION SECOND MARK;So;0;L; 4E59;;;;N;KAERITEN OTU;Kaeriten;;; +319B;IDEOGRAPHIC ANNOTATION THIRD MARK;So;0;L; 4E19;;;;N;KAERITEN HEI;Kaeriten;;; +319C;IDEOGRAPHIC ANNOTATION FOURTH MARK;So;0;L; 4E01;;;;N;KAERITEN TEI;Kaeriten;;; +319D;IDEOGRAPHIC ANNOTATION HEAVEN MARK;So;0;L; 5929;;;;N;KAERITEN TEN;Kaeriten;;; +319E;IDEOGRAPHIC ANNOTATION EARTH MARK;So;0;L; 5730;;;;N;KAERITEN TI;Kaeriten;;; +319F;IDEOGRAPHIC ANNOTATION MAN MARK;So;0;L; 4EBA;;;;N;KAERITEN ZIN;Kaeriten;;; +31A0;BOPOMOFO LETTER BU;Lo;0;L;;;;;N;;;;; +31A1;BOPOMOFO LETTER ZI;Lo;0;L;;;;;N;;;;; +31A2;BOPOMOFO LETTER JI;Lo;0;L;;;;;N;;;;; +31A3;BOPOMOFO LETTER GU;Lo;0;L;;;;;N;;;;; +31A4;BOPOMOFO LETTER EE;Lo;0;L;;;;;N;;;;; +31A5;BOPOMOFO LETTER ENN;Lo;0;L;;;;;N;;;;; +31A6;BOPOMOFO LETTER OO;Lo;0;L;;;;;N;;;;; +31A7;BOPOMOFO LETTER ONN;Lo;0;L;;;;;N;;;;; +31A8;BOPOMOFO LETTER IR;Lo;0;L;;;;;N;;;;; +31A9;BOPOMOFO LETTER ANN;Lo;0;L;;;;;N;;;;; +31AA;BOPOMOFO LETTER INN;Lo;0;L;;;;;N;;;;; +31AB;BOPOMOFO LETTER UNN;Lo;0;L;;;;;N;;;;; +31AC;BOPOMOFO LETTER IM;Lo;0;L;;;;;N;;;;; +31AD;BOPOMOFO LETTER NGG;Lo;0;L;;;;;N;;;;; +31AE;BOPOMOFO LETTER AINN;Lo;0;L;;;;;N;;;;; +31AF;BOPOMOFO LETTER AUNN;Lo;0;L;;;;;N;;;;; +31B0;BOPOMOFO LETTER AM;Lo;0;L;;;;;N;;;;; +31B1;BOPOMOFO LETTER OM;Lo;0;L;;;;;N;;;;; +31B2;BOPOMOFO LETTER ONG;Lo;0;L;;;;;N;;;;; +31B3;BOPOMOFO LETTER INNN;Lo;0;L;;;;;N;;;;; +31B4;BOPOMOFO FINAL LETTER P;Lo;0;L;;;;;N;;;;; +31B5;BOPOMOFO FINAL LETTER T;Lo;0;L;;;;;N;;;;; +31B6;BOPOMOFO FINAL LETTER K;Lo;0;L;;;;;N;;;;; +31B7;BOPOMOFO FINAL LETTER H;Lo;0;L;;;;;N;;;;; +31F0;KATAKANA LETTER SMALL KU;Lo;0;L;;;;;N;;;;; +31F1;KATAKANA LETTER SMALL SI;Lo;0;L;;;;;N;;;;; +31F2;KATAKANA LETTER SMALL SU;Lo;0;L;;;;;N;;;;; +31F3;KATAKANA LETTER SMALL TO;Lo;0;L;;;;;N;;;;; +31F4;KATAKANA LETTER SMALL NU;Lo;0;L;;;;;N;;;;; +31F5;KATAKANA LETTER SMALL HA;Lo;0;L;;;;;N;;;;; +31F6;KATAKANA LETTER SMALL HI;Lo;0;L;;;;;N;;;;; +31F7;KATAKANA LETTER SMALL HU;Lo;0;L;;;;;N;;;;; +31F8;KATAKANA LETTER SMALL HE;Lo;0;L;;;;;N;;;;; +31F9;KATAKANA LETTER SMALL HO;Lo;0;L;;;;;N;;;;; +31FA;KATAKANA LETTER SMALL MU;Lo;0;L;;;;;N;;;;; +31FB;KATAKANA LETTER SMALL RA;Lo;0;L;;;;;N;;;;; +31FC;KATAKANA LETTER SMALL RI;Lo;0;L;;;;;N;;;;; +31FD;KATAKANA LETTER SMALL RU;Lo;0;L;;;;;N;;;;; +31FE;KATAKANA LETTER SMALL RE;Lo;0;L;;;;;N;;;;; +31FF;KATAKANA LETTER SMALL RO;Lo;0;L;;;;;N;;;;; +3200;PARENTHESIZED HANGUL KIYEOK;So;0;L; 0028 1100 0029;;;;N;PARENTHESIZED HANGUL GIYEOG;;;; +3201;PARENTHESIZED HANGUL NIEUN;So;0;L; 0028 1102 0029;;;;N;;;;; +3202;PARENTHESIZED HANGUL TIKEUT;So;0;L; 0028 1103 0029;;;;N;PARENTHESIZED HANGUL DIGEUD;;;; +3203;PARENTHESIZED HANGUL RIEUL;So;0;L; 0028 1105 0029;;;;N;PARENTHESIZED HANGUL LIEUL;;;; +3204;PARENTHESIZED HANGUL MIEUM;So;0;L; 0028 1106 0029;;;;N;;;;; +3205;PARENTHESIZED HANGUL PIEUP;So;0;L; 0028 1107 0029;;;;N;PARENTHESIZED HANGUL BIEUB;;;; +3206;PARENTHESIZED HANGUL SIOS;So;0;L; 0028 1109 0029;;;;N;;;;; +3207;PARENTHESIZED HANGUL IEUNG;So;0;L; 0028 110B 0029;;;;N;;;;; +3208;PARENTHESIZED HANGUL CIEUC;So;0;L; 0028 110C 0029;;;;N;PARENTHESIZED HANGUL JIEUJ;;;; +3209;PARENTHESIZED HANGUL CHIEUCH;So;0;L; 0028 110E 0029;;;;N;PARENTHESIZED HANGUL CIEUC;;;; +320A;PARENTHESIZED HANGUL KHIEUKH;So;0;L; 0028 110F 0029;;;;N;PARENTHESIZED HANGUL KIYEOK;;;; +320B;PARENTHESIZED HANGUL THIEUTH;So;0;L; 0028 1110 0029;;;;N;PARENTHESIZED HANGUL TIEUT;;;; +320C;PARENTHESIZED HANGUL PHIEUPH;So;0;L; 0028 1111 0029;;;;N;PARENTHESIZED HANGUL PIEUP;;;; +320D;PARENTHESIZED HANGUL HIEUH;So;0;L; 0028 1112 0029;;;;N;;;;; +320E;PARENTHESIZED HANGUL KIYEOK A;So;0;L; 0028 1100 1161 0029;;;;N;PARENTHESIZED HANGUL GA;;;; +320F;PARENTHESIZED HANGUL NIEUN A;So;0;L; 0028 1102 1161 0029;;;;N;PARENTHESIZED HANGUL NA;;;; +3210;PARENTHESIZED HANGUL TIKEUT A;So;0;L; 0028 1103 1161 0029;;;;N;PARENTHESIZED HANGUL DA;;;; +3211;PARENTHESIZED HANGUL RIEUL A;So;0;L; 0028 1105 1161 0029;;;;N;PARENTHESIZED HANGUL LA;;;; +3212;PARENTHESIZED HANGUL MIEUM A;So;0;L; 0028 1106 1161 0029;;;;N;PARENTHESIZED HANGUL MA;;;; +3213;PARENTHESIZED HANGUL PIEUP A;So;0;L; 0028 1107 1161 0029;;;;N;PARENTHESIZED HANGUL BA;;;; +3214;PARENTHESIZED HANGUL SIOS A;So;0;L; 0028 1109 1161 0029;;;;N;PARENTHESIZED HANGUL SA;;;; +3215;PARENTHESIZED HANGUL IEUNG A;So;0;L; 0028 110B 1161 0029;;;;N;PARENTHESIZED HANGUL A;;;; +3216;PARENTHESIZED HANGUL CIEUC A;So;0;L; 0028 110C 1161 0029;;;;N;PARENTHESIZED HANGUL JA;;;; +3217;PARENTHESIZED HANGUL CHIEUCH A;So;0;L; 0028 110E 1161 0029;;;;N;PARENTHESIZED HANGUL CA;;;; +3218;PARENTHESIZED HANGUL KHIEUKH A;So;0;L; 0028 110F 1161 0029;;;;N;PARENTHESIZED HANGUL KA;;;; +3219;PARENTHESIZED HANGUL THIEUTH A;So;0;L; 0028 1110 1161 0029;;;;N;PARENTHESIZED HANGUL TA;;;; +321A;PARENTHESIZED HANGUL PHIEUPH A;So;0;L; 0028 1111 1161 0029;;;;N;PARENTHESIZED HANGUL PA;;;; +321B;PARENTHESIZED HANGUL HIEUH A;So;0;L; 0028 1112 1161 0029;;;;N;PARENTHESIZED HANGUL HA;;;; +321C;PARENTHESIZED HANGUL CIEUC U;So;0;L; 0028 110C 116E 0029;;;;N;PARENTHESIZED HANGUL JU;;;; +321D;PARENTHESIZED KOREAN CHARACTER OJEON;So;0;ON; 0028 110B 1169 110C 1165 11AB 0029;;;;N;;;;; +321E;PARENTHESIZED KOREAN CHARACTER O HU;So;0;ON; 0028 110B 1169 1112 116E 0029;;;;N;;;;; +3220;PARENTHESIZED IDEOGRAPH ONE;No;0;L; 0028 4E00 0029;;;1;N;;;;; +3221;PARENTHESIZED IDEOGRAPH TWO;No;0;L; 0028 4E8C 0029;;;2;N;;;;; +3222;PARENTHESIZED IDEOGRAPH THREE;No;0;L; 0028 4E09 0029;;;3;N;;;;; +3223;PARENTHESIZED IDEOGRAPH FOUR;No;0;L; 0028 56DB 0029;;;4;N;;;;; +3224;PARENTHESIZED IDEOGRAPH FIVE;No;0;L; 0028 4E94 0029;;;5;N;;;;; +3225;PARENTHESIZED IDEOGRAPH SIX;No;0;L; 0028 516D 0029;;;6;N;;;;; +3226;PARENTHESIZED IDEOGRAPH SEVEN;No;0;L; 0028 4E03 0029;;;7;N;;;;; +3227;PARENTHESIZED IDEOGRAPH EIGHT;No;0;L; 0028 516B 0029;;;8;N;;;;; +3228;PARENTHESIZED IDEOGRAPH NINE;No;0;L; 0028 4E5D 0029;;;9;N;;;;; +3229;PARENTHESIZED IDEOGRAPH TEN;No;0;L; 0028 5341 0029;;;10;N;;;;; +322A;PARENTHESIZED IDEOGRAPH MOON;So;0;L; 0028 6708 0029;;;;N;;;;; +322B;PARENTHESIZED IDEOGRAPH FIRE;So;0;L; 0028 706B 0029;;;;N;;;;; +322C;PARENTHESIZED IDEOGRAPH WATER;So;0;L; 0028 6C34 0029;;;;N;;;;; +322D;PARENTHESIZED IDEOGRAPH WOOD;So;0;L; 0028 6728 0029;;;;N;;;;; +322E;PARENTHESIZED IDEOGRAPH METAL;So;0;L; 0028 91D1 0029;;;;N;;;;; +322F;PARENTHESIZED IDEOGRAPH EARTH;So;0;L; 0028 571F 0029;;;;N;;;;; +3230;PARENTHESIZED IDEOGRAPH SUN;So;0;L; 0028 65E5 0029;;;;N;;;;; +3231;PARENTHESIZED IDEOGRAPH STOCK;So;0;L; 0028 682A 0029;;;;N;;;;; +3232;PARENTHESIZED IDEOGRAPH HAVE;So;0;L; 0028 6709 0029;;;;N;;;;; +3233;PARENTHESIZED IDEOGRAPH SOCIETY;So;0;L; 0028 793E 0029;;;;N;;;;; +3234;PARENTHESIZED IDEOGRAPH NAME;So;0;L; 0028 540D 0029;;;;N;;;;; +3235;PARENTHESIZED IDEOGRAPH SPECIAL;So;0;L; 0028 7279 0029;;;;N;;;;; +3236;PARENTHESIZED IDEOGRAPH FINANCIAL;So;0;L; 0028 8CA1 0029;;;;N;;;;; +3237;PARENTHESIZED IDEOGRAPH CONGRATULATION;So;0;L; 0028 795D 0029;;;;N;;;;; +3238;PARENTHESIZED IDEOGRAPH LABOR;So;0;L; 0028 52B4 0029;;;;N;;;;; +3239;PARENTHESIZED IDEOGRAPH REPRESENT;So;0;L; 0028 4EE3 0029;;;;N;;;;; +323A;PARENTHESIZED IDEOGRAPH CALL;So;0;L; 0028 547C 0029;;;;N;;;;; +323B;PARENTHESIZED IDEOGRAPH STUDY;So;0;L; 0028 5B66 0029;;;;N;;;;; +323C;PARENTHESIZED IDEOGRAPH SUPERVISE;So;0;L; 0028 76E3 0029;;;;N;;;;; +323D;PARENTHESIZED IDEOGRAPH ENTERPRISE;So;0;L; 0028 4F01 0029;;;;N;;;;; +323E;PARENTHESIZED IDEOGRAPH RESOURCE;So;0;L; 0028 8CC7 0029;;;;N;;;;; +323F;PARENTHESIZED IDEOGRAPH ALLIANCE;So;0;L; 0028 5354 0029;;;;N;;;;; +3240;PARENTHESIZED IDEOGRAPH FESTIVAL;So;0;L; 0028 796D 0029;;;;N;;;;; +3241;PARENTHESIZED IDEOGRAPH REST;So;0;L; 0028 4F11 0029;;;;N;;;;; +3242;PARENTHESIZED IDEOGRAPH SELF;So;0;L; 0028 81EA 0029;;;;N;;;;; +3243;PARENTHESIZED IDEOGRAPH REACH;So;0;L; 0028 81F3 0029;;;;N;;;;; +3250;PARTNERSHIP SIGN;So;0;ON; 0050 0054 0045;;;;N;;;;; +3251;CIRCLED NUMBER TWENTY ONE;No;0;ON; 0032 0031;;;21;N;;;;; +3252;CIRCLED NUMBER TWENTY TWO;No;0;ON; 0032 0032;;;22;N;;;;; +3253;CIRCLED NUMBER TWENTY THREE;No;0;ON; 0032 0033;;;23;N;;;;; +3254;CIRCLED NUMBER TWENTY FOUR;No;0;ON; 0032 0034;;;24;N;;;;; +3255;CIRCLED NUMBER TWENTY FIVE;No;0;ON; 0032 0035;;;25;N;;;;; +3256;CIRCLED NUMBER TWENTY SIX;No;0;ON; 0032 0036;;;26;N;;;;; +3257;CIRCLED NUMBER TWENTY SEVEN;No;0;ON; 0032 0037;;;27;N;;;;; +3258;CIRCLED NUMBER TWENTY EIGHT;No;0;ON; 0032 0038;;;28;N;;;;; +3259;CIRCLED NUMBER TWENTY NINE;No;0;ON; 0032 0039;;;29;N;;;;; +325A;CIRCLED NUMBER THIRTY;No;0;ON; 0033 0030;;;30;N;;;;; +325B;CIRCLED NUMBER THIRTY ONE;No;0;ON; 0033 0031;;;31;N;;;;; +325C;CIRCLED NUMBER THIRTY TWO;No;0;ON; 0033 0032;;;32;N;;;;; +325D;CIRCLED NUMBER THIRTY THREE;No;0;ON; 0033 0033;;;33;N;;;;; +325E;CIRCLED NUMBER THIRTY FOUR;No;0;ON; 0033 0034;;;34;N;;;;; +325F;CIRCLED NUMBER THIRTY FIVE;No;0;ON; 0033 0035;;;35;N;;;;; +3260;CIRCLED HANGUL KIYEOK;So;0;L; 1100;;;;N;CIRCLED HANGUL GIYEOG;;;; +3261;CIRCLED HANGUL NIEUN;So;0;L; 1102;;;;N;;;;; +3262;CIRCLED HANGUL TIKEUT;So;0;L; 1103;;;;N;CIRCLED HANGUL DIGEUD;;;; +3263;CIRCLED HANGUL RIEUL;So;0;L; 1105;;;;N;CIRCLED HANGUL LIEUL;;;; +3264;CIRCLED HANGUL MIEUM;So;0;L; 1106;;;;N;;;;; +3265;CIRCLED HANGUL PIEUP;So;0;L; 1107;;;;N;CIRCLED HANGUL BIEUB;;;; +3266;CIRCLED HANGUL SIOS;So;0;L; 1109;;;;N;;;;; +3267;CIRCLED HANGUL IEUNG;So;0;L; 110B;;;;N;;;;; +3268;CIRCLED HANGUL CIEUC;So;0;L; 110C;;;;N;CIRCLED HANGUL JIEUJ;;;; +3269;CIRCLED HANGUL CHIEUCH;So;0;L; 110E;;;;N;CIRCLED HANGUL CIEUC;;;; +326A;CIRCLED HANGUL KHIEUKH;So;0;L; 110F;;;;N;CIRCLED HANGUL KIYEOK;;;; +326B;CIRCLED HANGUL THIEUTH;So;0;L; 1110;;;;N;CIRCLED HANGUL TIEUT;;;; +326C;CIRCLED HANGUL PHIEUPH;So;0;L; 1111;;;;N;CIRCLED HANGUL PIEUP;;;; +326D;CIRCLED HANGUL HIEUH;So;0;L; 1112;;;;N;;;;; +326E;CIRCLED HANGUL KIYEOK A;So;0;L; 1100 1161;;;;N;CIRCLED HANGUL GA;;;; +326F;CIRCLED HANGUL NIEUN A;So;0;L; 1102 1161;;;;N;CIRCLED HANGUL NA;;;; +3270;CIRCLED HANGUL TIKEUT A;So;0;L; 1103 1161;;;;N;CIRCLED HANGUL DA;;;; +3271;CIRCLED HANGUL RIEUL A;So;0;L; 1105 1161;;;;N;CIRCLED HANGUL LA;;;; +3272;CIRCLED HANGUL MIEUM A;So;0;L; 1106 1161;;;;N;CIRCLED HANGUL MA;;;; +3273;CIRCLED HANGUL PIEUP A;So;0;L; 1107 1161;;;;N;CIRCLED HANGUL BA;;;; +3274;CIRCLED HANGUL SIOS A;So;0;L; 1109 1161;;;;N;CIRCLED HANGUL SA;;;; +3275;CIRCLED HANGUL IEUNG A;So;0;L; 110B 1161;;;;N;CIRCLED HANGUL A;;;; +3276;CIRCLED HANGUL CIEUC A;So;0;L; 110C 1161;;;;N;CIRCLED HANGUL JA;;;; +3277;CIRCLED HANGUL CHIEUCH A;So;0;L; 110E 1161;;;;N;CIRCLED HANGUL CA;;;; +3278;CIRCLED HANGUL KHIEUKH A;So;0;L; 110F 1161;;;;N;CIRCLED HANGUL KA;;;; +3279;CIRCLED HANGUL THIEUTH A;So;0;L; 1110 1161;;;;N;CIRCLED HANGUL TA;;;; +327A;CIRCLED HANGUL PHIEUPH A;So;0;L; 1111 1161;;;;N;CIRCLED HANGUL PA;;;; +327B;CIRCLED HANGUL HIEUH A;So;0;L; 1112 1161;;;;N;CIRCLED HANGUL HA;;;; +327C;CIRCLED KOREAN CHARACTER CHAMKO;So;0;ON; 110E 1161 11B7 1100 1169;;;;N;;;;; +327D;CIRCLED KOREAN CHARACTER JUEUI;So;0;ON; 110C 116E 110B 1174;;;;N;;;;; +327F;KOREAN STANDARD SYMBOL;So;0;L;;;;;N;;;;; +3280;CIRCLED IDEOGRAPH ONE;No;0;L; 4E00;;;1;N;;;;; +3281;CIRCLED IDEOGRAPH TWO;No;0;L; 4E8C;;;2;N;;;;; +3282;CIRCLED IDEOGRAPH THREE;No;0;L; 4E09;;;3;N;;;;; +3283;CIRCLED IDEOGRAPH FOUR;No;0;L; 56DB;;;4;N;;;;; +3284;CIRCLED IDEOGRAPH FIVE;No;0;L; 4E94;;;5;N;;;;; +3285;CIRCLED IDEOGRAPH SIX;No;0;L; 516D;;;6;N;;;;; +3286;CIRCLED IDEOGRAPH SEVEN;No;0;L; 4E03;;;7;N;;;;; +3287;CIRCLED IDEOGRAPH EIGHT;No;0;L; 516B;;;8;N;;;;; +3288;CIRCLED IDEOGRAPH NINE;No;0;L; 4E5D;;;9;N;;;;; +3289;CIRCLED IDEOGRAPH TEN;No;0;L; 5341;;;10;N;;;;; +328A;CIRCLED IDEOGRAPH MOON;So;0;L; 6708;;;;N;;;;; +328B;CIRCLED IDEOGRAPH FIRE;So;0;L; 706B;;;;N;;;;; +328C;CIRCLED IDEOGRAPH WATER;So;0;L; 6C34;;;;N;;;;; +328D;CIRCLED IDEOGRAPH WOOD;So;0;L; 6728;;;;N;;;;; +328E;CIRCLED IDEOGRAPH METAL;So;0;L; 91D1;;;;N;;;;; +328F;CIRCLED IDEOGRAPH EARTH;So;0;L; 571F;;;;N;;;;; +3290;CIRCLED IDEOGRAPH SUN;So;0;L; 65E5;;;;N;;;;; +3291;CIRCLED IDEOGRAPH STOCK;So;0;L; 682A;;;;N;;;;; +3292;CIRCLED IDEOGRAPH HAVE;So;0;L; 6709;;;;N;;;;; +3293;CIRCLED IDEOGRAPH SOCIETY;So;0;L; 793E;;;;N;;;;; +3294;CIRCLED IDEOGRAPH NAME;So;0;L; 540D;;;;N;;;;; +3295;CIRCLED IDEOGRAPH SPECIAL;So;0;L; 7279;;;;N;;;;; +3296;CIRCLED IDEOGRAPH FINANCIAL;So;0;L; 8CA1;;;;N;;;;; +3297;CIRCLED IDEOGRAPH CONGRATULATION;So;0;L; 795D;;;;N;;;;; +3298;CIRCLED IDEOGRAPH LABOR;So;0;L; 52B4;;;;N;;;;; +3299;CIRCLED IDEOGRAPH SECRET;So;0;L; 79D8;;;;N;;;;; +329A;CIRCLED IDEOGRAPH MALE;So;0;L; 7537;;;;N;;;;; +329B;CIRCLED IDEOGRAPH FEMALE;So;0;L; 5973;;;;N;;;;; +329C;CIRCLED IDEOGRAPH SUITABLE;So;0;L; 9069;;;;N;;;;; +329D;CIRCLED IDEOGRAPH EXCELLENT;So;0;L; 512A;;;;N;;;;; +329E;CIRCLED IDEOGRAPH PRINT;So;0;L; 5370;;;;N;;;;; +329F;CIRCLED IDEOGRAPH ATTENTION;So;0;L; 6CE8;;;;N;;;;; +32A0;CIRCLED IDEOGRAPH ITEM;So;0;L; 9805;;;;N;;;;; +32A1;CIRCLED IDEOGRAPH REST;So;0;L; 4F11;;;;N;;;;; +32A2;CIRCLED IDEOGRAPH COPY;So;0;L; 5199;;;;N;;;;; +32A3;CIRCLED IDEOGRAPH CORRECT;So;0;L; 6B63;;;;N;;;;; +32A4;CIRCLED IDEOGRAPH HIGH;So;0;L; 4E0A;;;;N;;;;; +32A5;CIRCLED IDEOGRAPH CENTRE;So;0;L; 4E2D;;;;N;CIRCLED IDEOGRAPH CENTER;;;; +32A6;CIRCLED IDEOGRAPH LOW;So;0;L; 4E0B;;;;N;;;;; +32A7;CIRCLED IDEOGRAPH LEFT;So;0;L; 5DE6;;;;N;;;;; +32A8;CIRCLED IDEOGRAPH RIGHT;So;0;L; 53F3;;;;N;;;;; +32A9;CIRCLED IDEOGRAPH MEDICINE;So;0;L; 533B;;;;N;;;;; +32AA;CIRCLED IDEOGRAPH RELIGION;So;0;L; 5B97;;;;N;;;;; +32AB;CIRCLED IDEOGRAPH STUDY;So;0;L; 5B66;;;;N;;;;; +32AC;CIRCLED IDEOGRAPH SUPERVISE;So;0;L; 76E3;;;;N;;;;; +32AD;CIRCLED IDEOGRAPH ENTERPRISE;So;0;L; 4F01;;;;N;;;;; +32AE;CIRCLED IDEOGRAPH RESOURCE;So;0;L; 8CC7;;;;N;;;;; +32AF;CIRCLED IDEOGRAPH ALLIANCE;So;0;L; 5354;;;;N;;;;; +32B0;CIRCLED IDEOGRAPH NIGHT;So;0;L; 591C;;;;N;;;;; +32B1;CIRCLED NUMBER THIRTY SIX;No;0;ON; 0033 0036;;;36;N;;;;; +32B2;CIRCLED NUMBER THIRTY SEVEN;No;0;ON; 0033 0037;;;37;N;;;;; +32B3;CIRCLED NUMBER THIRTY EIGHT;No;0;ON; 0033 0038;;;38;N;;;;; +32B4;CIRCLED NUMBER THIRTY NINE;No;0;ON; 0033 0039;;;39;N;;;;; +32B5;CIRCLED NUMBER FORTY;No;0;ON; 0034 0030;;;40;N;;;;; +32B6;CIRCLED NUMBER FORTY ONE;No;0;ON; 0034 0031;;;41;N;;;;; +32B7;CIRCLED NUMBER FORTY TWO;No;0;ON; 0034 0032;;;42;N;;;;; +32B8;CIRCLED NUMBER FORTY THREE;No;0;ON; 0034 0033;;;43;N;;;;; +32B9;CIRCLED NUMBER FORTY FOUR;No;0;ON; 0034 0034;;;44;N;;;;; +32BA;CIRCLED NUMBER FORTY FIVE;No;0;ON; 0034 0035;;;45;N;;;;; +32BB;CIRCLED NUMBER FORTY SIX;No;0;ON; 0034 0036;;;46;N;;;;; +32BC;CIRCLED NUMBER FORTY SEVEN;No;0;ON; 0034 0037;;;47;N;;;;; +32BD;CIRCLED NUMBER FORTY EIGHT;No;0;ON; 0034 0038;;;48;N;;;;; +32BE;CIRCLED NUMBER FORTY NINE;No;0;ON; 0034 0039;;;49;N;;;;; +32BF;CIRCLED NUMBER FIFTY;No;0;ON; 0035 0030;;;50;N;;;;; +32C0;IDEOGRAPHIC TELEGRAPH SYMBOL FOR JANUARY;So;0;L; 0031 6708;;;;N;;;;; +32C1;IDEOGRAPHIC TELEGRAPH SYMBOL FOR FEBRUARY;So;0;L; 0032 6708;;;;N;;;;; +32C2;IDEOGRAPHIC TELEGRAPH SYMBOL FOR MARCH;So;0;L; 0033 6708;;;;N;;;;; +32C3;IDEOGRAPHIC TELEGRAPH SYMBOL FOR APRIL;So;0;L; 0034 6708;;;;N;;;;; +32C4;IDEOGRAPHIC TELEGRAPH SYMBOL FOR MAY;So;0;L; 0035 6708;;;;N;;;;; +32C5;IDEOGRAPHIC TELEGRAPH SYMBOL FOR JUNE;So;0;L; 0036 6708;;;;N;;;;; +32C6;IDEOGRAPHIC TELEGRAPH SYMBOL FOR JULY;So;0;L; 0037 6708;;;;N;;;;; +32C7;IDEOGRAPHIC TELEGRAPH SYMBOL FOR AUGUST;So;0;L; 0038 6708;;;;N;;;;; +32C8;IDEOGRAPHIC TELEGRAPH SYMBOL FOR SEPTEMBER;So;0;L; 0039 6708;;;;N;;;;; +32C9;IDEOGRAPHIC TELEGRAPH SYMBOL FOR OCTOBER;So;0;L; 0031 0030 6708;;;;N;;;;; +32CA;IDEOGRAPHIC TELEGRAPH SYMBOL FOR NOVEMBER;So;0;L; 0031 0031 6708;;;;N;;;;; +32CB;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DECEMBER;So;0;L; 0031 0032 6708;;;;N;;;;; +32CC;SQUARE HG;So;0;ON; 0048 0067;;;;N;;;;; +32CD;SQUARE ERG;So;0;ON; 0065 0072 0067;;;;N;;;;; +32CE;SQUARE EV;So;0;ON; 0065 0056;;;;N;;;;; +32CF;LIMITED LIABILITY SIGN;So;0;ON; 004C 0054 0044;;;;N;;;;; +32D0;CIRCLED KATAKANA A;So;0;L; 30A2;;;;N;;;;; +32D1;CIRCLED KATAKANA I;So;0;L; 30A4;;;;N;;;;; +32D2;CIRCLED KATAKANA U;So;0;L; 30A6;;;;N;;;;; +32D3;CIRCLED KATAKANA E;So;0;L; 30A8;;;;N;;;;; +32D4;CIRCLED KATAKANA O;So;0;L; 30AA;;;;N;;;;; +32D5;CIRCLED KATAKANA KA;So;0;L; 30AB;;;;N;;;;; +32D6;CIRCLED KATAKANA KI;So;0;L; 30AD;;;;N;;;;; +32D7;CIRCLED KATAKANA KU;So;0;L; 30AF;;;;N;;;;; +32D8;CIRCLED KATAKANA KE;So;0;L; 30B1;;;;N;;;;; +32D9;CIRCLED KATAKANA KO;So;0;L; 30B3;;;;N;;;;; +32DA;CIRCLED KATAKANA SA;So;0;L; 30B5;;;;N;;;;; +32DB;CIRCLED KATAKANA SI;So;0;L; 30B7;;;;N;;;;; +32DC;CIRCLED KATAKANA SU;So;0;L; 30B9;;;;N;;;;; +32DD;CIRCLED KATAKANA SE;So;0;L; 30BB;;;;N;;;;; +32DE;CIRCLED KATAKANA SO;So;0;L; 30BD;;;;N;;;;; +32DF;CIRCLED KATAKANA TA;So;0;L; 30BF;;;;N;;;;; +32E0;CIRCLED KATAKANA TI;So;0;L; 30C1;;;;N;;;;; +32E1;CIRCLED KATAKANA TU;So;0;L; 30C4;;;;N;;;;; +32E2;CIRCLED KATAKANA TE;So;0;L; 30C6;;;;N;;;;; +32E3;CIRCLED KATAKANA TO;So;0;L; 30C8;;;;N;;;;; +32E4;CIRCLED KATAKANA NA;So;0;L; 30CA;;;;N;;;;; +32E5;CIRCLED KATAKANA NI;So;0;L; 30CB;;;;N;;;;; +32E6;CIRCLED KATAKANA NU;So;0;L; 30CC;;;;N;;;;; +32E7;CIRCLED KATAKANA NE;So;0;L; 30CD;;;;N;;;;; +32E8;CIRCLED KATAKANA NO;So;0;L; 30CE;;;;N;;;;; +32E9;CIRCLED KATAKANA HA;So;0;L; 30CF;;;;N;;;;; +32EA;CIRCLED KATAKANA HI;So;0;L; 30D2;;;;N;;;;; +32EB;CIRCLED KATAKANA HU;So;0;L; 30D5;;;;N;;;;; +32EC;CIRCLED KATAKANA HE;So;0;L; 30D8;;;;N;;;;; +32ED;CIRCLED KATAKANA HO;So;0;L; 30DB;;;;N;;;;; +32EE;CIRCLED KATAKANA MA;So;0;L; 30DE;;;;N;;;;; +32EF;CIRCLED KATAKANA MI;So;0;L; 30DF;;;;N;;;;; +32F0;CIRCLED KATAKANA MU;So;0;L; 30E0;;;;N;;;;; +32F1;CIRCLED KATAKANA ME;So;0;L; 30E1;;;;N;;;;; +32F2;CIRCLED KATAKANA MO;So;0;L; 30E2;;;;N;;;;; +32F3;CIRCLED KATAKANA YA;So;0;L; 30E4;;;;N;;;;; +32F4;CIRCLED KATAKANA YU;So;0;L; 30E6;;;;N;;;;; +32F5;CIRCLED KATAKANA YO;So;0;L; 30E8;;;;N;;;;; +32F6;CIRCLED KATAKANA RA;So;0;L; 30E9;;;;N;;;;; +32F7;CIRCLED KATAKANA RI;So;0;L; 30EA;;;;N;;;;; +32F8;CIRCLED KATAKANA RU;So;0;L; 30EB;;;;N;;;;; +32F9;CIRCLED KATAKANA RE;So;0;L; 30EC;;;;N;;;;; +32FA;CIRCLED KATAKANA RO;So;0;L; 30ED;;;;N;;;;; +32FB;CIRCLED KATAKANA WA;So;0;L; 30EF;;;;N;;;;; +32FC;CIRCLED KATAKANA WI;So;0;L; 30F0;;;;N;;;;; +32FD;CIRCLED KATAKANA WE;So;0;L; 30F1;;;;N;;;;; +32FE;CIRCLED KATAKANA WO;So;0;L; 30F2;;;;N;;;;; +3300;SQUARE APAATO;So;0;L; 30A2 30D1 30FC 30C8;;;;N;SQUARED APAATO;;;; +3301;SQUARE ARUHUA;So;0;L; 30A2 30EB 30D5 30A1;;;;N;SQUARED ARUHUA;;;; +3302;SQUARE ANPEA;So;0;L; 30A2 30F3 30DA 30A2;;;;N;SQUARED ANPEA;;;; +3303;SQUARE AARU;So;0;L; 30A2 30FC 30EB;;;;N;SQUARED AARU;;;; +3304;SQUARE ININGU;So;0;L; 30A4 30CB 30F3 30B0;;;;N;SQUARED ININGU;;;; +3305;SQUARE INTI;So;0;L; 30A4 30F3 30C1;;;;N;SQUARED INTI;;;; +3306;SQUARE UON;So;0;L; 30A6 30A9 30F3;;;;N;SQUARED UON;;;; +3307;SQUARE ESUKUUDO;So;0;L; 30A8 30B9 30AF 30FC 30C9;;;;N;SQUARED ESUKUUDO;;;; +3308;SQUARE EEKAA;So;0;L; 30A8 30FC 30AB 30FC;;;;N;SQUARED EEKAA;;;; +3309;SQUARE ONSU;So;0;L; 30AA 30F3 30B9;;;;N;SQUARED ONSU;;;; +330A;SQUARE OOMU;So;0;L; 30AA 30FC 30E0;;;;N;SQUARED OOMU;;;; +330B;SQUARE KAIRI;So;0;L; 30AB 30A4 30EA;;;;N;SQUARED KAIRI;;;; +330C;SQUARE KARATTO;So;0;L; 30AB 30E9 30C3 30C8;;;;N;SQUARED KARATTO;;;; +330D;SQUARE KARORII;So;0;L; 30AB 30ED 30EA 30FC;;;;N;SQUARED KARORII;;;; +330E;SQUARE GARON;So;0;L; 30AC 30ED 30F3;;;;N;SQUARED GARON;;;; +330F;SQUARE GANMA;So;0;L; 30AC 30F3 30DE;;;;N;SQUARED GANMA;;;; +3310;SQUARE GIGA;So;0;L; 30AE 30AC;;;;N;SQUARED GIGA;;;; +3311;SQUARE GINII;So;0;L; 30AE 30CB 30FC;;;;N;SQUARED GINII;;;; +3312;SQUARE KYURII;So;0;L; 30AD 30E5 30EA 30FC;;;;N;SQUARED KYURII;;;; +3313;SQUARE GIRUDAA;So;0;L; 30AE 30EB 30C0 30FC;;;;N;SQUARED GIRUDAA;;;; +3314;SQUARE KIRO;So;0;L; 30AD 30ED;;;;N;SQUARED KIRO;;;; +3315;SQUARE KIROGURAMU;So;0;L; 30AD 30ED 30B0 30E9 30E0;;;;N;SQUARED KIROGURAMU;;;; +3316;SQUARE KIROMEETORU;So;0;L; 30AD 30ED 30E1 30FC 30C8 30EB;;;;N;SQUARED KIROMEETORU;;;; +3317;SQUARE KIROWATTO;So;0;L; 30AD 30ED 30EF 30C3 30C8;;;;N;SQUARED KIROWATTO;;;; +3318;SQUARE GURAMU;So;0;L; 30B0 30E9 30E0;;;;N;SQUARED GURAMU;;;; +3319;SQUARE GURAMUTON;So;0;L; 30B0 30E9 30E0 30C8 30F3;;;;N;SQUARED GURAMUTON;;;; +331A;SQUARE KURUZEIRO;So;0;L; 30AF 30EB 30BC 30A4 30ED;;;;N;SQUARED KURUZEIRO;;;; +331B;SQUARE KUROONE;So;0;L; 30AF 30ED 30FC 30CD;;;;N;SQUARED KUROONE;;;; +331C;SQUARE KEESU;So;0;L; 30B1 30FC 30B9;;;;N;SQUARED KEESU;;;; +331D;SQUARE KORUNA;So;0;L; 30B3 30EB 30CA;;;;N;SQUARED KORUNA;;;; +331E;SQUARE KOOPO;So;0;L; 30B3 30FC 30DD;;;;N;SQUARED KOOPO;;;; +331F;SQUARE SAIKURU;So;0;L; 30B5 30A4 30AF 30EB;;;;N;SQUARED SAIKURU;;;; +3320;SQUARE SANTIIMU;So;0;L; 30B5 30F3 30C1 30FC 30E0;;;;N;SQUARED SANTIIMU;;;; +3321;SQUARE SIRINGU;So;0;L; 30B7 30EA 30F3 30B0;;;;N;SQUARED SIRINGU;;;; +3322;SQUARE SENTI;So;0;L; 30BB 30F3 30C1;;;;N;SQUARED SENTI;;;; +3323;SQUARE SENTO;So;0;L; 30BB 30F3 30C8;;;;N;SQUARED SENTO;;;; +3324;SQUARE DAASU;So;0;L; 30C0 30FC 30B9;;;;N;SQUARED DAASU;;;; +3325;SQUARE DESI;So;0;L; 30C7 30B7;;;;N;SQUARED DESI;;;; +3326;SQUARE DORU;So;0;L; 30C9 30EB;;;;N;SQUARED DORU;;;; +3327;SQUARE TON;So;0;L; 30C8 30F3;;;;N;SQUARED TON;;;; +3328;SQUARE NANO;So;0;L; 30CA 30CE;;;;N;SQUARED NANO;;;; +3329;SQUARE NOTTO;So;0;L; 30CE 30C3 30C8;;;;N;SQUARED NOTTO;;;; +332A;SQUARE HAITU;So;0;L; 30CF 30A4 30C4;;;;N;SQUARED HAITU;;;; +332B;SQUARE PAASENTO;So;0;L; 30D1 30FC 30BB 30F3 30C8;;;;N;SQUARED PAASENTO;;;; +332C;SQUARE PAATU;So;0;L; 30D1 30FC 30C4;;;;N;SQUARED PAATU;;;; +332D;SQUARE BAARERU;So;0;L; 30D0 30FC 30EC 30EB;;;;N;SQUARED BAARERU;;;; +332E;SQUARE PIASUTORU;So;0;L; 30D4 30A2 30B9 30C8 30EB;;;;N;SQUARED PIASUTORU;;;; +332F;SQUARE PIKURU;So;0;L; 30D4 30AF 30EB;;;;N;SQUARED PIKURU;;;; +3330;SQUARE PIKO;So;0;L; 30D4 30B3;;;;N;SQUARED PIKO;;;; +3331;SQUARE BIRU;So;0;L; 30D3 30EB;;;;N;SQUARED BIRU;;;; +3332;SQUARE HUARADDO;So;0;L; 30D5 30A1 30E9 30C3 30C9;;;;N;SQUARED HUARADDO;;;; +3333;SQUARE HUIITO;So;0;L; 30D5 30A3 30FC 30C8;;;;N;SQUARED HUIITO;;;; +3334;SQUARE BUSSYERU;So;0;L; 30D6 30C3 30B7 30A7 30EB;;;;N;SQUARED BUSSYERU;;;; +3335;SQUARE HURAN;So;0;L; 30D5 30E9 30F3;;;;N;SQUARED HURAN;;;; +3336;SQUARE HEKUTAARU;So;0;L; 30D8 30AF 30BF 30FC 30EB;;;;N;SQUARED HEKUTAARU;;;; +3337;SQUARE PESO;So;0;L; 30DA 30BD;;;;N;SQUARED PESO;;;; +3338;SQUARE PENIHI;So;0;L; 30DA 30CB 30D2;;;;N;SQUARED PENIHI;;;; +3339;SQUARE HERUTU;So;0;L; 30D8 30EB 30C4;;;;N;SQUARED HERUTU;;;; +333A;SQUARE PENSU;So;0;L; 30DA 30F3 30B9;;;;N;SQUARED PENSU;;;; +333B;SQUARE PEEZI;So;0;L; 30DA 30FC 30B8;;;;N;SQUARED PEEZI;;;; +333C;SQUARE BEETA;So;0;L; 30D9 30FC 30BF;;;;N;SQUARED BEETA;;;; +333D;SQUARE POINTO;So;0;L; 30DD 30A4 30F3 30C8;;;;N;SQUARED POINTO;;;; +333E;SQUARE BORUTO;So;0;L; 30DC 30EB 30C8;;;;N;SQUARED BORUTO;;;; +333F;SQUARE HON;So;0;L; 30DB 30F3;;;;N;SQUARED HON;;;; +3340;SQUARE PONDO;So;0;L; 30DD 30F3 30C9;;;;N;SQUARED PONDO;;;; +3341;SQUARE HOORU;So;0;L; 30DB 30FC 30EB;;;;N;SQUARED HOORU;;;; +3342;SQUARE HOON;So;0;L; 30DB 30FC 30F3;;;;N;SQUARED HOON;;;; +3343;SQUARE MAIKURO;So;0;L; 30DE 30A4 30AF 30ED;;;;N;SQUARED MAIKURO;;;; +3344;SQUARE MAIRU;So;0;L; 30DE 30A4 30EB;;;;N;SQUARED MAIRU;;;; +3345;SQUARE MAHHA;So;0;L; 30DE 30C3 30CF;;;;N;SQUARED MAHHA;;;; +3346;SQUARE MARUKU;So;0;L; 30DE 30EB 30AF;;;;N;SQUARED MARUKU;;;; +3347;SQUARE MANSYON;So;0;L; 30DE 30F3 30B7 30E7 30F3;;;;N;SQUARED MANSYON;;;; +3348;SQUARE MIKURON;So;0;L; 30DF 30AF 30ED 30F3;;;;N;SQUARED MIKURON;;;; +3349;SQUARE MIRI;So;0;L; 30DF 30EA;;;;N;SQUARED MIRI;;;; +334A;SQUARE MIRIBAARU;So;0;L; 30DF 30EA 30D0 30FC 30EB;;;;N;SQUARED MIRIBAARU;;;; +334B;SQUARE MEGA;So;0;L; 30E1 30AC;;;;N;SQUARED MEGA;;;; +334C;SQUARE MEGATON;So;0;L; 30E1 30AC 30C8 30F3;;;;N;SQUARED MEGATON;;;; +334D;SQUARE MEETORU;So;0;L; 30E1 30FC 30C8 30EB;;;;N;SQUARED MEETORU;;;; +334E;SQUARE YAADO;So;0;L; 30E4 30FC 30C9;;;;N;SQUARED YAADO;;;; +334F;SQUARE YAARU;So;0;L; 30E4 30FC 30EB;;;;N;SQUARED YAARU;;;; +3350;SQUARE YUAN;So;0;L; 30E6 30A2 30F3;;;;N;SQUARED YUAN;;;; +3351;SQUARE RITTORU;So;0;L; 30EA 30C3 30C8 30EB;;;;N;SQUARED RITTORU;;;; +3352;SQUARE RIRA;So;0;L; 30EA 30E9;;;;N;SQUARED RIRA;;;; +3353;SQUARE RUPII;So;0;L; 30EB 30D4 30FC;;;;N;SQUARED RUPII;;;; +3354;SQUARE RUUBURU;So;0;L; 30EB 30FC 30D6 30EB;;;;N;SQUARED RUUBURU;;;; +3355;SQUARE REMU;So;0;L; 30EC 30E0;;;;N;SQUARED REMU;;;; +3356;SQUARE RENTOGEN;So;0;L; 30EC 30F3 30C8 30B2 30F3;;;;N;SQUARED RENTOGEN;;;; +3357;SQUARE WATTO;So;0;L; 30EF 30C3 30C8;;;;N;SQUARED WATTO;;;; +3358;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ZERO;So;0;L; 0030 70B9;;;;N;;;;; +3359;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ONE;So;0;L; 0031 70B9;;;;N;;;;; +335A;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWO;So;0;L; 0032 70B9;;;;N;;;;; +335B;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR THREE;So;0;L; 0033 70B9;;;;N;;;;; +335C;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FOUR;So;0;L; 0034 70B9;;;;N;;;;; +335D;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FIVE;So;0;L; 0035 70B9;;;;N;;;;; +335E;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SIX;So;0;L; 0036 70B9;;;;N;;;;; +335F;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SEVEN;So;0;L; 0037 70B9;;;;N;;;;; +3360;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR EIGHT;So;0;L; 0038 70B9;;;;N;;;;; +3361;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR NINE;So;0;L; 0039 70B9;;;;N;;;;; +3362;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TEN;So;0;L; 0031 0030 70B9;;;;N;;;;; +3363;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ELEVEN;So;0;L; 0031 0031 70B9;;;;N;;;;; +3364;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWELVE;So;0;L; 0031 0032 70B9;;;;N;;;;; +3365;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR THIRTEEN;So;0;L; 0031 0033 70B9;;;;N;;;;; +3366;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FOURTEEN;So;0;L; 0031 0034 70B9;;;;N;;;;; +3367;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FIFTEEN;So;0;L; 0031 0035 70B9;;;;N;;;;; +3368;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SIXTEEN;So;0;L; 0031 0036 70B9;;;;N;;;;; +3369;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SEVENTEEN;So;0;L; 0031 0037 70B9;;;;N;;;;; +336A;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR EIGHTEEN;So;0;L; 0031 0038 70B9;;;;N;;;;; +336B;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR NINETEEN;So;0;L; 0031 0039 70B9;;;;N;;;;; +336C;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY;So;0;L; 0032 0030 70B9;;;;N;;;;; +336D;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-ONE;So;0;L; 0032 0031 70B9;;;;N;;;;; +336E;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-TWO;So;0;L; 0032 0032 70B9;;;;N;;;;; +336F;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-THREE;So;0;L; 0032 0033 70B9;;;;N;;;;; +3370;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-FOUR;So;0;L; 0032 0034 70B9;;;;N;;;;; +3371;SQUARE HPA;So;0;L; 0068 0050 0061;;;;N;;;;; +3372;SQUARE DA;So;0;L; 0064 0061;;;;N;;;;; +3373;SQUARE AU;So;0;L; 0041 0055;;;;N;;;;; +3374;SQUARE BAR;So;0;L; 0062 0061 0072;;;;N;;;;; +3375;SQUARE OV;So;0;L; 006F 0056;;;;N;;;;; +3376;SQUARE PC;So;0;L; 0070 0063;;;;N;;;;; +3377;SQUARE DM;So;0;ON; 0064 006D;;;;N;;;;; +3378;SQUARE DM SQUARED;So;0;ON; 0064 006D 00B2;;;;N;;;;; +3379;SQUARE DM CUBED;So;0;ON; 0064 006D 00B3;;;;N;;;;; +337A;SQUARE IU;So;0;ON; 0049 0055;;;;N;;;;; +337B;SQUARE ERA NAME HEISEI;So;0;L; 5E73 6210;;;;N;SQUARED TWO IDEOGRAPHS ERA NAME HEISEI;;;; +337C;SQUARE ERA NAME SYOUWA;So;0;L; 662D 548C;;;;N;SQUARED TWO IDEOGRAPHS ERA NAME SYOUWA;;;; +337D;SQUARE ERA NAME TAISYOU;So;0;L; 5927 6B63;;;;N;SQUARED TWO IDEOGRAPHS ERA NAME TAISYOU;;;; +337E;SQUARE ERA NAME MEIZI;So;0;L; 660E 6CBB;;;;N;SQUARED TWO IDEOGRAPHS ERA NAME MEIZI;;;; +337F;SQUARE CORPORATION;So;0;L; 682A 5F0F 4F1A 793E;;;;N;SQUARED FOUR IDEOGRAPHS CORPORATION;;;; +3380;SQUARE PA AMPS;So;0;L; 0070 0041;;;;N;SQUARED PA AMPS;;;; +3381;SQUARE NA;So;0;L; 006E 0041;;;;N;SQUARED NA;;;; +3382;SQUARE MU A;So;0;L; 03BC 0041;;;;N;SQUARED MU A;;;; +3383;SQUARE MA;So;0;L; 006D 0041;;;;N;SQUARED MA;;;; +3384;SQUARE KA;So;0;L; 006B 0041;;;;N;SQUARED KA;;;; +3385;SQUARE KB;So;0;L; 004B 0042;;;;N;SQUARED KB;;;; +3386;SQUARE MB;So;0;L; 004D 0042;;;;N;SQUARED MB;;;; +3387;SQUARE GB;So;0;L; 0047 0042;;;;N;SQUARED GB;;;; +3388;SQUARE CAL;So;0;L; 0063 0061 006C;;;;N;SQUARED CAL;;;; +3389;SQUARE KCAL;So;0;L; 006B 0063 0061 006C;;;;N;SQUARED KCAL;;;; +338A;SQUARE PF;So;0;L; 0070 0046;;;;N;SQUARED PF;;;; +338B;SQUARE NF;So;0;L; 006E 0046;;;;N;SQUARED NF;;;; +338C;SQUARE MU F;So;0;L; 03BC 0046;;;;N;SQUARED MU F;;;; +338D;SQUARE MU G;So;0;L; 03BC 0067;;;;N;SQUARED MU G;;;; +338E;SQUARE MG;So;0;L; 006D 0067;;;;N;SQUARED MG;;;; +338F;SQUARE KG;So;0;L; 006B 0067;;;;N;SQUARED KG;;;; +3390;SQUARE HZ;So;0;L; 0048 007A;;;;N;SQUARED HZ;;;; +3391;SQUARE KHZ;So;0;L; 006B 0048 007A;;;;N;SQUARED KHZ;;;; +3392;SQUARE MHZ;So;0;L; 004D 0048 007A;;;;N;SQUARED MHZ;;;; +3393;SQUARE GHZ;So;0;L; 0047 0048 007A;;;;N;SQUARED GHZ;;;; +3394;SQUARE THZ;So;0;L; 0054 0048 007A;;;;N;SQUARED THZ;;;; +3395;SQUARE MU L;So;0;L; 03BC 2113;;;;N;SQUARED MU L;;;; +3396;SQUARE ML;So;0;L; 006D 2113;;;;N;SQUARED ML;;;; +3397;SQUARE DL;So;0;L; 0064 2113;;;;N;SQUARED DL;;;; +3398;SQUARE KL;So;0;L; 006B 2113;;;;N;SQUARED KL;;;; +3399;SQUARE FM;So;0;L; 0066 006D;;;;N;SQUARED FM;;;; +339A;SQUARE NM;So;0;L; 006E 006D;;;;N;SQUARED NM;;;; +339B;SQUARE MU M;So;0;L; 03BC 006D;;;;N;SQUARED MU M;;;; +339C;SQUARE MM;So;0;L; 006D 006D;;;;N;SQUARED MM;;;; +339D;SQUARE CM;So;0;L; 0063 006D;;;;N;SQUARED CM;;;; +339E;SQUARE KM;So;0;L; 006B 006D;;;;N;SQUARED KM;;;; +339F;SQUARE MM SQUARED;So;0;L; 006D 006D 00B2;;;;N;SQUARED MM SQUARED;;;; +33A0;SQUARE CM SQUARED;So;0;L; 0063 006D 00B2;;;;N;SQUARED CM SQUARED;;;; +33A1;SQUARE M SQUARED;So;0;L; 006D 00B2;;;;N;SQUARED M SQUARED;;;; +33A2;SQUARE KM SQUARED;So;0;L; 006B 006D 00B2;;;;N;SQUARED KM SQUARED;;;; +33A3;SQUARE MM CUBED;So;0;L; 006D 006D 00B3;;;;N;SQUARED MM CUBED;;;; +33A4;SQUARE CM CUBED;So;0;L; 0063 006D 00B3;;;;N;SQUARED CM CUBED;;;; +33A5;SQUARE M CUBED;So;0;L; 006D 00B3;;;;N;SQUARED M CUBED;;;; +33A6;SQUARE KM CUBED;So;0;L; 006B 006D 00B3;;;;N;SQUARED KM CUBED;;;; +33A7;SQUARE M OVER S;So;0;L; 006D 2215 0073;;;;N;SQUARED M OVER S;;;; +33A8;SQUARE M OVER S SQUARED;So;0;L; 006D 2215 0073 00B2;;;;N;SQUARED M OVER S SQUARED;;;; +33A9;SQUARE PA;So;0;L; 0050 0061;;;;N;SQUARED PA;;;; +33AA;SQUARE KPA;So;0;L; 006B 0050 0061;;;;N;SQUARED KPA;;;; +33AB;SQUARE MPA;So;0;L; 004D 0050 0061;;;;N;SQUARED MPA;;;; +33AC;SQUARE GPA;So;0;L; 0047 0050 0061;;;;N;SQUARED GPA;;;; +33AD;SQUARE RAD;So;0;L; 0072 0061 0064;;;;N;SQUARED RAD;;;; +33AE;SQUARE RAD OVER S;So;0;L; 0072 0061 0064 2215 0073;;;;N;SQUARED RAD OVER S;;;; +33AF;SQUARE RAD OVER S SQUARED;So;0;L; 0072 0061 0064 2215 0073 00B2;;;;N;SQUARED RAD OVER S SQUARED;;;; +33B0;SQUARE PS;So;0;L; 0070 0073;;;;N;SQUARED PS;;;; +33B1;SQUARE NS;So;0;L; 006E 0073;;;;N;SQUARED NS;;;; +33B2;SQUARE MU S;So;0;L; 03BC 0073;;;;N;SQUARED MU S;;;; +33B3;SQUARE MS;So;0;L; 006D 0073;;;;N;SQUARED MS;;;; +33B4;SQUARE PV;So;0;L; 0070 0056;;;;N;SQUARED PV;;;; +33B5;SQUARE NV;So;0;L; 006E 0056;;;;N;SQUARED NV;;;; +33B6;SQUARE MU V;So;0;L; 03BC 0056;;;;N;SQUARED MU V;;;; +33B7;SQUARE MV;So;0;L; 006D 0056;;;;N;SQUARED MV;;;; +33B8;SQUARE KV;So;0;L; 006B 0056;;;;N;SQUARED KV;;;; +33B9;SQUARE MV MEGA;So;0;L; 004D 0056;;;;N;SQUARED MV MEGA;;;; +33BA;SQUARE PW;So;0;L; 0070 0057;;;;N;SQUARED PW;;;; +33BB;SQUARE NW;So;0;L; 006E 0057;;;;N;SQUARED NW;;;; +33BC;SQUARE MU W;So;0;L; 03BC 0057;;;;N;SQUARED MU W;;;; +33BD;SQUARE MW;So;0;L; 006D 0057;;;;N;SQUARED MW;;;; +33BE;SQUARE KW;So;0;L; 006B 0057;;;;N;SQUARED KW;;;; +33BF;SQUARE MW MEGA;So;0;L; 004D 0057;;;;N;SQUARED MW MEGA;;;; +33C0;SQUARE K OHM;So;0;L; 006B 03A9;;;;N;SQUARED K OHM;;;; +33C1;SQUARE M OHM;So;0;L; 004D 03A9;;;;N;SQUARED M OHM;;;; +33C2;SQUARE AM;So;0;L; 0061 002E 006D 002E;;;;N;SQUARED AM;;;; +33C3;SQUARE BQ;So;0;L; 0042 0071;;;;N;SQUARED BQ;;;; +33C4;SQUARE CC;So;0;L; 0063 0063;;;;N;SQUARED CC;;;; +33C5;SQUARE CD;So;0;L; 0063 0064;;;;N;SQUARED CD;;;; +33C6;SQUARE C OVER KG;So;0;L; 0043 2215 006B 0067;;;;N;SQUARED C OVER KG;;;; +33C7;SQUARE CO;So;0;L; 0043 006F 002E;;;;N;SQUARED CO;;;; +33C8;SQUARE DB;So;0;L; 0064 0042;;;;N;SQUARED DB;;;; +33C9;SQUARE GY;So;0;L; 0047 0079;;;;N;SQUARED GY;;;; +33CA;SQUARE HA;So;0;L; 0068 0061;;;;N;SQUARED HA;;;; +33CB;SQUARE HP;So;0;L; 0048 0050;;;;N;SQUARED HP;;;; +33CC;SQUARE IN;So;0;L; 0069 006E;;;;N;SQUARED IN;;;; +33CD;SQUARE KK;So;0;L; 004B 004B;;;;N;SQUARED KK;;;; +33CE;SQUARE KM CAPITAL;So;0;L; 004B 004D;;;;N;SQUARED KM CAPITAL;;;; +33CF;SQUARE KT;So;0;L; 006B 0074;;;;N;SQUARED KT;;;; +33D0;SQUARE LM;So;0;L; 006C 006D;;;;N;SQUARED LM;;;; +33D1;SQUARE LN;So;0;L; 006C 006E;;;;N;SQUARED LN;;;; +33D2;SQUARE LOG;So;0;L; 006C 006F 0067;;;;N;SQUARED LOG;;;; +33D3;SQUARE LX;So;0;L; 006C 0078;;;;N;SQUARED LX;;;; +33D4;SQUARE MB SMALL;So;0;L; 006D 0062;;;;N;SQUARED MB SMALL;;;; +33D5;SQUARE MIL;So;0;L; 006D 0069 006C;;;;N;SQUARED MIL;;;; +33D6;SQUARE MOL;So;0;L; 006D 006F 006C;;;;N;SQUARED MOL;;;; +33D7;SQUARE PH;So;0;L; 0050 0048;;;;N;SQUARED PH;;;; +33D8;SQUARE PM;So;0;L; 0070 002E 006D 002E;;;;N;SQUARED PM;;;; +33D9;SQUARE PPM;So;0;L; 0050 0050 004D;;;;N;SQUARED PPM;;;; +33DA;SQUARE PR;So;0;L; 0050 0052;;;;N;SQUARED PR;;;; +33DB;SQUARE SR;So;0;L; 0073 0072;;;;N;SQUARED SR;;;; +33DC;SQUARE SV;So;0;L; 0053 0076;;;;N;SQUARED SV;;;; +33DD;SQUARE WB;So;0;L; 0057 0062;;;;N;SQUARED WB;;;; +33DE;SQUARE V OVER M;So;0;ON; 0056 2215 006D;;;;N;;;;; +33DF;SQUARE A OVER M;So;0;ON; 0041 2215 006D;;;;N;;;;; +33E0;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY ONE;So;0;L; 0031 65E5;;;;N;;;;; +33E1;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWO;So;0;L; 0032 65E5;;;;N;;;;; +33E2;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THREE;So;0;L; 0033 65E5;;;;N;;;;; +33E3;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FOUR;So;0;L; 0034 65E5;;;;N;;;;; +33E4;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FIVE;So;0;L; 0035 65E5;;;;N;;;;; +33E5;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SIX;So;0;L; 0036 65E5;;;;N;;;;; +33E6;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SEVEN;So;0;L; 0037 65E5;;;;N;;;;; +33E7;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY EIGHT;So;0;L; 0038 65E5;;;;N;;;;; +33E8;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY NINE;So;0;L; 0039 65E5;;;;N;;;;; +33E9;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TEN;So;0;L; 0031 0030 65E5;;;;N;;;;; +33EA;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY ELEVEN;So;0;L; 0031 0031 65E5;;;;N;;;;; +33EB;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWELVE;So;0;L; 0031 0032 65E5;;;;N;;;;; +33EC;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTEEN;So;0;L; 0031 0033 65E5;;;;N;;;;; +33ED;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FOURTEEN;So;0;L; 0031 0034 65E5;;;;N;;;;; +33EE;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FIFTEEN;So;0;L; 0031 0035 65E5;;;;N;;;;; +33EF;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SIXTEEN;So;0;L; 0031 0036 65E5;;;;N;;;;; +33F0;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SEVENTEEN;So;0;L; 0031 0037 65E5;;;;N;;;;; +33F1;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY EIGHTEEN;So;0;L; 0031 0038 65E5;;;;N;;;;; +33F2;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY NINETEEN;So;0;L; 0031 0039 65E5;;;;N;;;;; +33F3;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY;So;0;L; 0032 0030 65E5;;;;N;;;;; +33F4;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-ONE;So;0;L; 0032 0031 65E5;;;;N;;;;; +33F5;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-TWO;So;0;L; 0032 0032 65E5;;;;N;;;;; +33F6;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-THREE;So;0;L; 0032 0033 65E5;;;;N;;;;; +33F7;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-FOUR;So;0;L; 0032 0034 65E5;;;;N;;;;; +33F8;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-FIVE;So;0;L; 0032 0035 65E5;;;;N;;;;; +33F9;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-SIX;So;0;L; 0032 0036 65E5;;;;N;;;;; +33FA;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-SEVEN;So;0;L; 0032 0037 65E5;;;;N;;;;; +33FB;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-EIGHT;So;0;L; 0032 0038 65E5;;;;N;;;;; +33FC;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-NINE;So;0;L; 0032 0039 65E5;;;;N;;;;; +33FD;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTY;So;0;L; 0033 0030 65E5;;;;N;;;;; +33FE;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTY-ONE;So;0;L; 0033 0031 65E5;;;;N;;;;; +33FF;SQUARE GAL;So;0;ON; 0067 0061 006C;;;;N;;;;; +3400;;Lo;0;L;;;;;N;;;;; +4DB5;;Lo;0;L;;;;;N;;;;; +4DC0;HEXAGRAM FOR THE CREATIVE HEAVEN;So;0;ON;;;;;N;;;;; +4DC1;HEXAGRAM FOR THE RECEPTIVE EARTH;So;0;ON;;;;;N;;;;; +4DC2;HEXAGRAM FOR DIFFICULTY AT THE BEGINNING;So;0;ON;;;;;N;;;;; +4DC3;HEXAGRAM FOR YOUTHFUL FOLLY;So;0;ON;;;;;N;;;;; +4DC4;HEXAGRAM FOR WAITING;So;0;ON;;;;;N;;;;; +4DC5;HEXAGRAM FOR CONFLICT;So;0;ON;;;;;N;;;;; +4DC6;HEXAGRAM FOR THE ARMY;So;0;ON;;;;;N;;;;; +4DC7;HEXAGRAM FOR HOLDING TOGETHER;So;0;ON;;;;;N;;;;; +4DC8;HEXAGRAM FOR SMALL TAMING;So;0;ON;;;;;N;;;;; +4DC9;HEXAGRAM FOR TREADING;So;0;ON;;;;;N;;;;; +4DCA;HEXAGRAM FOR PEACE;So;0;ON;;;;;N;;;;; +4DCB;HEXAGRAM FOR STANDSTILL;So;0;ON;;;;;N;;;;; +4DCC;HEXAGRAM FOR FELLOWSHIP;So;0;ON;;;;;N;;;;; +4DCD;HEXAGRAM FOR GREAT POSSESSION;So;0;ON;;;;;N;;;;; +4DCE;HEXAGRAM FOR MODESTY;So;0;ON;;;;;N;;;;; +4DCF;HEXAGRAM FOR ENTHUSIASM;So;0;ON;;;;;N;;;;; +4DD0;HEXAGRAM FOR FOLLOWING;So;0;ON;;;;;N;;;;; +4DD1;HEXAGRAM FOR WORK ON THE DECAYED;So;0;ON;;;;;N;;;;; +4DD2;HEXAGRAM FOR APPROACH;So;0;ON;;;;;N;;;;; +4DD3;HEXAGRAM FOR CONTEMPLATION;So;0;ON;;;;;N;;;;; +4DD4;HEXAGRAM FOR BITING THROUGH;So;0;ON;;;;;N;;;;; +4DD5;HEXAGRAM FOR GRACE;So;0;ON;;;;;N;;;;; +4DD6;HEXAGRAM FOR SPLITTING APART;So;0;ON;;;;;N;;;;; +4DD7;HEXAGRAM FOR RETURN;So;0;ON;;;;;N;;;;; +4DD8;HEXAGRAM FOR INNOCENCE;So;0;ON;;;;;N;;;;; +4DD9;HEXAGRAM FOR GREAT TAMING;So;0;ON;;;;;N;;;;; +4DDA;HEXAGRAM FOR MOUTH CORNERS;So;0;ON;;;;;N;;;;; +4DDB;HEXAGRAM FOR GREAT PREPONDERANCE;So;0;ON;;;;;N;;;;; +4DDC;HEXAGRAM FOR THE ABYSMAL WATER;So;0;ON;;;;;N;;;;; +4DDD;HEXAGRAM FOR THE CLINGING FIRE;So;0;ON;;;;;N;;;;; +4DDE;HEXAGRAM FOR INFLUENCE;So;0;ON;;;;;N;;;;; +4DDF;HEXAGRAM FOR DURATION;So;0;ON;;;;;N;;;;; +4DE0;HEXAGRAM FOR RETREAT;So;0;ON;;;;;N;;;;; +4DE1;HEXAGRAM FOR GREAT POWER;So;0;ON;;;;;N;;;;; +4DE2;HEXAGRAM FOR PROGRESS;So;0;ON;;;;;N;;;;; +4DE3;HEXAGRAM FOR DARKENING OF THE LIGHT;So;0;ON;;;;;N;;;;; +4DE4;HEXAGRAM FOR THE FAMILY;So;0;ON;;;;;N;;;;; +4DE5;HEXAGRAM FOR OPPOSITION;So;0;ON;;;;;N;;;;; +4DE6;HEXAGRAM FOR OBSTRUCTION;So;0;ON;;;;;N;;;;; +4DE7;HEXAGRAM FOR DELIVERANCE;So;0;ON;;;;;N;;;;; +4DE8;HEXAGRAM FOR DECREASE;So;0;ON;;;;;N;;;;; +4DE9;HEXAGRAM FOR INCREASE;So;0;ON;;;;;N;;;;; +4DEA;HEXAGRAM FOR BREAKTHROUGH;So;0;ON;;;;;N;;;;; +4DEB;HEXAGRAM FOR COMING TO MEET;So;0;ON;;;;;N;;;;; +4DEC;HEXAGRAM FOR GATHERING TOGETHER;So;0;ON;;;;;N;;;;; +4DED;HEXAGRAM FOR PUSHING UPWARD;So;0;ON;;;;;N;;;;; +4DEE;HEXAGRAM FOR OPPRESSION;So;0;ON;;;;;N;;;;; +4DEF;HEXAGRAM FOR THE WELL;So;0;ON;;;;;N;;;;; +4DF0;HEXAGRAM FOR REVOLUTION;So;0;ON;;;;;N;;;;; +4DF1;HEXAGRAM FOR THE CAULDRON;So;0;ON;;;;;N;;;;; +4DF2;HEXAGRAM FOR THE AROUSING THUNDER;So;0;ON;;;;;N;;;;; +4DF3;HEXAGRAM FOR THE KEEPING STILL MOUNTAIN;So;0;ON;;;;;N;;;;; +4DF4;HEXAGRAM FOR DEVELOPMENT;So;0;ON;;;;;N;;;;; +4DF5;HEXAGRAM FOR THE MARRYING MAIDEN;So;0;ON;;;;;N;;;;; +4DF6;HEXAGRAM FOR ABUNDANCE;So;0;ON;;;;;N;;;;; +4DF7;HEXAGRAM FOR THE WANDERER;So;0;ON;;;;;N;;;;; +4DF8;HEXAGRAM FOR THE GENTLE WIND;So;0;ON;;;;;N;;;;; +4DF9;HEXAGRAM FOR THE JOYOUS LAKE;So;0;ON;;;;;N;;;;; +4DFA;HEXAGRAM FOR DISPERSION;So;0;ON;;;;;N;;;;; +4DFB;HEXAGRAM FOR LIMITATION;So;0;ON;;;;;N;;;;; +4DFC;HEXAGRAM FOR INNER TRUTH;So;0;ON;;;;;N;;;;; +4DFD;HEXAGRAM FOR SMALL PREPONDERANCE;So;0;ON;;;;;N;;;;; +4DFE;HEXAGRAM FOR AFTER COMPLETION;So;0;ON;;;;;N;;;;; +4DFF;HEXAGRAM FOR BEFORE COMPLETION;So;0;ON;;;;;N;;;;; +4E00;;Lo;0;L;;;;;N;;;;; +9FA5;;Lo;0;L;;;;;N;;;;; +A000;YI SYLLABLE IT;Lo;0;L;;;;;N;;;;; +A001;YI SYLLABLE IX;Lo;0;L;;;;;N;;;;; +A002;YI SYLLABLE I;Lo;0;L;;;;;N;;;;; +A003;YI SYLLABLE IP;Lo;0;L;;;;;N;;;;; +A004;YI SYLLABLE IET;Lo;0;L;;;;;N;;;;; +A005;YI SYLLABLE IEX;Lo;0;L;;;;;N;;;;; +A006;YI SYLLABLE IE;Lo;0;L;;;;;N;;;;; +A007;YI SYLLABLE IEP;Lo;0;L;;;;;N;;;;; +A008;YI SYLLABLE AT;Lo;0;L;;;;;N;;;;; +A009;YI SYLLABLE AX;Lo;0;L;;;;;N;;;;; +A00A;YI SYLLABLE A;Lo;0;L;;;;;N;;;;; +A00B;YI SYLLABLE AP;Lo;0;L;;;;;N;;;;; +A00C;YI SYLLABLE UOX;Lo;0;L;;;;;N;;;;; +A00D;YI SYLLABLE UO;Lo;0;L;;;;;N;;;;; +A00E;YI SYLLABLE UOP;Lo;0;L;;;;;N;;;;; +A00F;YI SYLLABLE OT;Lo;0;L;;;;;N;;;;; +A010;YI SYLLABLE OX;Lo;0;L;;;;;N;;;;; +A011;YI SYLLABLE O;Lo;0;L;;;;;N;;;;; +A012;YI SYLLABLE OP;Lo;0;L;;;;;N;;;;; +A013;YI SYLLABLE EX;Lo;0;L;;;;;N;;;;; +A014;YI SYLLABLE E;Lo;0;L;;;;;N;;;;; +A015;YI SYLLABLE WU;Lo;0;L;;;;;N;;;;; +A016;YI SYLLABLE BIT;Lo;0;L;;;;;N;;;;; +A017;YI SYLLABLE BIX;Lo;0;L;;;;;N;;;;; +A018;YI SYLLABLE BI;Lo;0;L;;;;;N;;;;; +A019;YI SYLLABLE BIP;Lo;0;L;;;;;N;;;;; +A01A;YI SYLLABLE BIET;Lo;0;L;;;;;N;;;;; +A01B;YI SYLLABLE BIEX;Lo;0;L;;;;;N;;;;; +A01C;YI SYLLABLE BIE;Lo;0;L;;;;;N;;;;; +A01D;YI SYLLABLE BIEP;Lo;0;L;;;;;N;;;;; +A01E;YI SYLLABLE BAT;Lo;0;L;;;;;N;;;;; +A01F;YI SYLLABLE BAX;Lo;0;L;;;;;N;;;;; +A020;YI SYLLABLE BA;Lo;0;L;;;;;N;;;;; +A021;YI SYLLABLE BAP;Lo;0;L;;;;;N;;;;; +A022;YI SYLLABLE BUOX;Lo;0;L;;;;;N;;;;; +A023;YI SYLLABLE BUO;Lo;0;L;;;;;N;;;;; +A024;YI SYLLABLE BUOP;Lo;0;L;;;;;N;;;;; +A025;YI SYLLABLE BOT;Lo;0;L;;;;;N;;;;; +A026;YI SYLLABLE BOX;Lo;0;L;;;;;N;;;;; +A027;YI SYLLABLE BO;Lo;0;L;;;;;N;;;;; +A028;YI SYLLABLE BOP;Lo;0;L;;;;;N;;;;; +A029;YI SYLLABLE BEX;Lo;0;L;;;;;N;;;;; +A02A;YI SYLLABLE BE;Lo;0;L;;;;;N;;;;; +A02B;YI SYLLABLE BEP;Lo;0;L;;;;;N;;;;; +A02C;YI SYLLABLE BUT;Lo;0;L;;;;;N;;;;; +A02D;YI SYLLABLE BUX;Lo;0;L;;;;;N;;;;; +A02E;YI SYLLABLE BU;Lo;0;L;;;;;N;;;;; +A02F;YI SYLLABLE BUP;Lo;0;L;;;;;N;;;;; +A030;YI SYLLABLE BURX;Lo;0;L;;;;;N;;;;; +A031;YI SYLLABLE BUR;Lo;0;L;;;;;N;;;;; +A032;YI SYLLABLE BYT;Lo;0;L;;;;;N;;;;; +A033;YI SYLLABLE BYX;Lo;0;L;;;;;N;;;;; +A034;YI SYLLABLE BY;Lo;0;L;;;;;N;;;;; +A035;YI SYLLABLE BYP;Lo;0;L;;;;;N;;;;; +A036;YI SYLLABLE BYRX;Lo;0;L;;;;;N;;;;; +A037;YI SYLLABLE BYR;Lo;0;L;;;;;N;;;;; +A038;YI SYLLABLE PIT;Lo;0;L;;;;;N;;;;; +A039;YI SYLLABLE PIX;Lo;0;L;;;;;N;;;;; +A03A;YI SYLLABLE PI;Lo;0;L;;;;;N;;;;; +A03B;YI SYLLABLE PIP;Lo;0;L;;;;;N;;;;; +A03C;YI SYLLABLE PIEX;Lo;0;L;;;;;N;;;;; +A03D;YI SYLLABLE PIE;Lo;0;L;;;;;N;;;;; +A03E;YI SYLLABLE PIEP;Lo;0;L;;;;;N;;;;; +A03F;YI SYLLABLE PAT;Lo;0;L;;;;;N;;;;; +A040;YI SYLLABLE PAX;Lo;0;L;;;;;N;;;;; +A041;YI SYLLABLE PA;Lo;0;L;;;;;N;;;;; +A042;YI SYLLABLE PAP;Lo;0;L;;;;;N;;;;; +A043;YI SYLLABLE PUOX;Lo;0;L;;;;;N;;;;; +A044;YI SYLLABLE PUO;Lo;0;L;;;;;N;;;;; +A045;YI SYLLABLE PUOP;Lo;0;L;;;;;N;;;;; +A046;YI SYLLABLE POT;Lo;0;L;;;;;N;;;;; +A047;YI SYLLABLE POX;Lo;0;L;;;;;N;;;;; +A048;YI SYLLABLE PO;Lo;0;L;;;;;N;;;;; +A049;YI SYLLABLE POP;Lo;0;L;;;;;N;;;;; +A04A;YI SYLLABLE PUT;Lo;0;L;;;;;N;;;;; +A04B;YI SYLLABLE PUX;Lo;0;L;;;;;N;;;;; +A04C;YI SYLLABLE PU;Lo;0;L;;;;;N;;;;; +A04D;YI SYLLABLE PUP;Lo;0;L;;;;;N;;;;; +A04E;YI SYLLABLE PURX;Lo;0;L;;;;;N;;;;; +A04F;YI SYLLABLE PUR;Lo;0;L;;;;;N;;;;; +A050;YI SYLLABLE PYT;Lo;0;L;;;;;N;;;;; +A051;YI SYLLABLE PYX;Lo;0;L;;;;;N;;;;; +A052;YI SYLLABLE PY;Lo;0;L;;;;;N;;;;; +A053;YI SYLLABLE PYP;Lo;0;L;;;;;N;;;;; +A054;YI SYLLABLE PYRX;Lo;0;L;;;;;N;;;;; +A055;YI SYLLABLE PYR;Lo;0;L;;;;;N;;;;; +A056;YI SYLLABLE BBIT;Lo;0;L;;;;;N;;;;; +A057;YI SYLLABLE BBIX;Lo;0;L;;;;;N;;;;; +A058;YI SYLLABLE BBI;Lo;0;L;;;;;N;;;;; +A059;YI SYLLABLE BBIP;Lo;0;L;;;;;N;;;;; +A05A;YI SYLLABLE BBIET;Lo;0;L;;;;;N;;;;; +A05B;YI SYLLABLE BBIEX;Lo;0;L;;;;;N;;;;; +A05C;YI SYLLABLE BBIE;Lo;0;L;;;;;N;;;;; +A05D;YI SYLLABLE BBIEP;Lo;0;L;;;;;N;;;;; +A05E;YI SYLLABLE BBAT;Lo;0;L;;;;;N;;;;; +A05F;YI SYLLABLE BBAX;Lo;0;L;;;;;N;;;;; +A060;YI SYLLABLE BBA;Lo;0;L;;;;;N;;;;; +A061;YI SYLLABLE BBAP;Lo;0;L;;;;;N;;;;; +A062;YI SYLLABLE BBUOX;Lo;0;L;;;;;N;;;;; +A063;YI SYLLABLE BBUO;Lo;0;L;;;;;N;;;;; +A064;YI SYLLABLE BBUOP;Lo;0;L;;;;;N;;;;; +A065;YI SYLLABLE BBOT;Lo;0;L;;;;;N;;;;; +A066;YI SYLLABLE BBOX;Lo;0;L;;;;;N;;;;; +A067;YI SYLLABLE BBO;Lo;0;L;;;;;N;;;;; +A068;YI SYLLABLE BBOP;Lo;0;L;;;;;N;;;;; +A069;YI SYLLABLE BBEX;Lo;0;L;;;;;N;;;;; +A06A;YI SYLLABLE BBE;Lo;0;L;;;;;N;;;;; +A06B;YI SYLLABLE BBEP;Lo;0;L;;;;;N;;;;; +A06C;YI SYLLABLE BBUT;Lo;0;L;;;;;N;;;;; +A06D;YI SYLLABLE BBUX;Lo;0;L;;;;;N;;;;; +A06E;YI SYLLABLE BBU;Lo;0;L;;;;;N;;;;; +A06F;YI SYLLABLE BBUP;Lo;0;L;;;;;N;;;;; +A070;YI SYLLABLE BBURX;Lo;0;L;;;;;N;;;;; +A071;YI SYLLABLE BBUR;Lo;0;L;;;;;N;;;;; +A072;YI SYLLABLE BBYT;Lo;0;L;;;;;N;;;;; +A073;YI SYLLABLE BBYX;Lo;0;L;;;;;N;;;;; +A074;YI SYLLABLE BBY;Lo;0;L;;;;;N;;;;; +A075;YI SYLLABLE BBYP;Lo;0;L;;;;;N;;;;; +A076;YI SYLLABLE NBIT;Lo;0;L;;;;;N;;;;; +A077;YI SYLLABLE NBIX;Lo;0;L;;;;;N;;;;; +A078;YI SYLLABLE NBI;Lo;0;L;;;;;N;;;;; +A079;YI SYLLABLE NBIP;Lo;0;L;;;;;N;;;;; +A07A;YI SYLLABLE NBIEX;Lo;0;L;;;;;N;;;;; +A07B;YI SYLLABLE NBIE;Lo;0;L;;;;;N;;;;; +A07C;YI SYLLABLE NBIEP;Lo;0;L;;;;;N;;;;; +A07D;YI SYLLABLE NBAT;Lo;0;L;;;;;N;;;;; +A07E;YI SYLLABLE NBAX;Lo;0;L;;;;;N;;;;; +A07F;YI SYLLABLE NBA;Lo;0;L;;;;;N;;;;; +A080;YI SYLLABLE NBAP;Lo;0;L;;;;;N;;;;; +A081;YI SYLLABLE NBOT;Lo;0;L;;;;;N;;;;; +A082;YI SYLLABLE NBOX;Lo;0;L;;;;;N;;;;; +A083;YI SYLLABLE NBO;Lo;0;L;;;;;N;;;;; +A084;YI SYLLABLE NBOP;Lo;0;L;;;;;N;;;;; +A085;YI SYLLABLE NBUT;Lo;0;L;;;;;N;;;;; +A086;YI SYLLABLE NBUX;Lo;0;L;;;;;N;;;;; +A087;YI SYLLABLE NBU;Lo;0;L;;;;;N;;;;; +A088;YI SYLLABLE NBUP;Lo;0;L;;;;;N;;;;; +A089;YI SYLLABLE NBURX;Lo;0;L;;;;;N;;;;; +A08A;YI SYLLABLE NBUR;Lo;0;L;;;;;N;;;;; +A08B;YI SYLLABLE NBYT;Lo;0;L;;;;;N;;;;; +A08C;YI SYLLABLE NBYX;Lo;0;L;;;;;N;;;;; +A08D;YI SYLLABLE NBY;Lo;0;L;;;;;N;;;;; +A08E;YI SYLLABLE NBYP;Lo;0;L;;;;;N;;;;; +A08F;YI SYLLABLE NBYRX;Lo;0;L;;;;;N;;;;; +A090;YI SYLLABLE NBYR;Lo;0;L;;;;;N;;;;; +A091;YI SYLLABLE HMIT;Lo;0;L;;;;;N;;;;; +A092;YI SYLLABLE HMIX;Lo;0;L;;;;;N;;;;; +A093;YI SYLLABLE HMI;Lo;0;L;;;;;N;;;;; +A094;YI SYLLABLE HMIP;Lo;0;L;;;;;N;;;;; +A095;YI SYLLABLE HMIEX;Lo;0;L;;;;;N;;;;; +A096;YI SYLLABLE HMIE;Lo;0;L;;;;;N;;;;; +A097;YI SYLLABLE HMIEP;Lo;0;L;;;;;N;;;;; +A098;YI SYLLABLE HMAT;Lo;0;L;;;;;N;;;;; +A099;YI SYLLABLE HMAX;Lo;0;L;;;;;N;;;;; +A09A;YI SYLLABLE HMA;Lo;0;L;;;;;N;;;;; +A09B;YI SYLLABLE HMAP;Lo;0;L;;;;;N;;;;; +A09C;YI SYLLABLE HMUOX;Lo;0;L;;;;;N;;;;; +A09D;YI SYLLABLE HMUO;Lo;0;L;;;;;N;;;;; +A09E;YI SYLLABLE HMUOP;Lo;0;L;;;;;N;;;;; +A09F;YI SYLLABLE HMOT;Lo;0;L;;;;;N;;;;; +A0A0;YI SYLLABLE HMOX;Lo;0;L;;;;;N;;;;; +A0A1;YI SYLLABLE HMO;Lo;0;L;;;;;N;;;;; +A0A2;YI SYLLABLE HMOP;Lo;0;L;;;;;N;;;;; +A0A3;YI SYLLABLE HMUT;Lo;0;L;;;;;N;;;;; +A0A4;YI SYLLABLE HMUX;Lo;0;L;;;;;N;;;;; +A0A5;YI SYLLABLE HMU;Lo;0;L;;;;;N;;;;; +A0A6;YI SYLLABLE HMUP;Lo;0;L;;;;;N;;;;; +A0A7;YI SYLLABLE HMURX;Lo;0;L;;;;;N;;;;; +A0A8;YI SYLLABLE HMUR;Lo;0;L;;;;;N;;;;; +A0A9;YI SYLLABLE HMYX;Lo;0;L;;;;;N;;;;; +A0AA;YI SYLLABLE HMY;Lo;0;L;;;;;N;;;;; +A0AB;YI SYLLABLE HMYP;Lo;0;L;;;;;N;;;;; +A0AC;YI SYLLABLE HMYRX;Lo;0;L;;;;;N;;;;; +A0AD;YI SYLLABLE HMYR;Lo;0;L;;;;;N;;;;; +A0AE;YI SYLLABLE MIT;Lo;0;L;;;;;N;;;;; +A0AF;YI SYLLABLE MIX;Lo;0;L;;;;;N;;;;; +A0B0;YI SYLLABLE MI;Lo;0;L;;;;;N;;;;; +A0B1;YI SYLLABLE MIP;Lo;0;L;;;;;N;;;;; +A0B2;YI SYLLABLE MIEX;Lo;0;L;;;;;N;;;;; +A0B3;YI SYLLABLE MIE;Lo;0;L;;;;;N;;;;; +A0B4;YI SYLLABLE MIEP;Lo;0;L;;;;;N;;;;; +A0B5;YI SYLLABLE MAT;Lo;0;L;;;;;N;;;;; +A0B6;YI SYLLABLE MAX;Lo;0;L;;;;;N;;;;; +A0B7;YI SYLLABLE MA;Lo;0;L;;;;;N;;;;; +A0B8;YI SYLLABLE MAP;Lo;0;L;;;;;N;;;;; +A0B9;YI SYLLABLE MUOT;Lo;0;L;;;;;N;;;;; +A0BA;YI SYLLABLE MUOX;Lo;0;L;;;;;N;;;;; +A0BB;YI SYLLABLE MUO;Lo;0;L;;;;;N;;;;; +A0BC;YI SYLLABLE MUOP;Lo;0;L;;;;;N;;;;; +A0BD;YI SYLLABLE MOT;Lo;0;L;;;;;N;;;;; +A0BE;YI SYLLABLE MOX;Lo;0;L;;;;;N;;;;; +A0BF;YI SYLLABLE MO;Lo;0;L;;;;;N;;;;; +A0C0;YI SYLLABLE MOP;Lo;0;L;;;;;N;;;;; +A0C1;YI SYLLABLE MEX;Lo;0;L;;;;;N;;;;; +A0C2;YI SYLLABLE ME;Lo;0;L;;;;;N;;;;; +A0C3;YI SYLLABLE MUT;Lo;0;L;;;;;N;;;;; +A0C4;YI SYLLABLE MUX;Lo;0;L;;;;;N;;;;; +A0C5;YI SYLLABLE MU;Lo;0;L;;;;;N;;;;; +A0C6;YI SYLLABLE MUP;Lo;0;L;;;;;N;;;;; +A0C7;YI SYLLABLE MURX;Lo;0;L;;;;;N;;;;; +A0C8;YI SYLLABLE MUR;Lo;0;L;;;;;N;;;;; +A0C9;YI SYLLABLE MYT;Lo;0;L;;;;;N;;;;; +A0CA;YI SYLLABLE MYX;Lo;0;L;;;;;N;;;;; +A0CB;YI SYLLABLE MY;Lo;0;L;;;;;N;;;;; +A0CC;YI SYLLABLE MYP;Lo;0;L;;;;;N;;;;; +A0CD;YI SYLLABLE FIT;Lo;0;L;;;;;N;;;;; +A0CE;YI SYLLABLE FIX;Lo;0;L;;;;;N;;;;; +A0CF;YI SYLLABLE FI;Lo;0;L;;;;;N;;;;; +A0D0;YI SYLLABLE FIP;Lo;0;L;;;;;N;;;;; +A0D1;YI SYLLABLE FAT;Lo;0;L;;;;;N;;;;; +A0D2;YI SYLLABLE FAX;Lo;0;L;;;;;N;;;;; +A0D3;YI SYLLABLE FA;Lo;0;L;;;;;N;;;;; +A0D4;YI SYLLABLE FAP;Lo;0;L;;;;;N;;;;; +A0D5;YI SYLLABLE FOX;Lo;0;L;;;;;N;;;;; +A0D6;YI SYLLABLE FO;Lo;0;L;;;;;N;;;;; +A0D7;YI SYLLABLE FOP;Lo;0;L;;;;;N;;;;; +A0D8;YI SYLLABLE FUT;Lo;0;L;;;;;N;;;;; +A0D9;YI SYLLABLE FUX;Lo;0;L;;;;;N;;;;; +A0DA;YI SYLLABLE FU;Lo;0;L;;;;;N;;;;; +A0DB;YI SYLLABLE FUP;Lo;0;L;;;;;N;;;;; +A0DC;YI SYLLABLE FURX;Lo;0;L;;;;;N;;;;; +A0DD;YI SYLLABLE FUR;Lo;0;L;;;;;N;;;;; +A0DE;YI SYLLABLE FYT;Lo;0;L;;;;;N;;;;; +A0DF;YI SYLLABLE FYX;Lo;0;L;;;;;N;;;;; +A0E0;YI SYLLABLE FY;Lo;0;L;;;;;N;;;;; +A0E1;YI SYLLABLE FYP;Lo;0;L;;;;;N;;;;; +A0E2;YI SYLLABLE VIT;Lo;0;L;;;;;N;;;;; +A0E3;YI SYLLABLE VIX;Lo;0;L;;;;;N;;;;; +A0E4;YI SYLLABLE VI;Lo;0;L;;;;;N;;;;; +A0E5;YI SYLLABLE VIP;Lo;0;L;;;;;N;;;;; +A0E6;YI SYLLABLE VIET;Lo;0;L;;;;;N;;;;; +A0E7;YI SYLLABLE VIEX;Lo;0;L;;;;;N;;;;; +A0E8;YI SYLLABLE VIE;Lo;0;L;;;;;N;;;;; +A0E9;YI SYLLABLE VIEP;Lo;0;L;;;;;N;;;;; +A0EA;YI SYLLABLE VAT;Lo;0;L;;;;;N;;;;; +A0EB;YI SYLLABLE VAX;Lo;0;L;;;;;N;;;;; +A0EC;YI SYLLABLE VA;Lo;0;L;;;;;N;;;;; +A0ED;YI SYLLABLE VAP;Lo;0;L;;;;;N;;;;; +A0EE;YI SYLLABLE VOT;Lo;0;L;;;;;N;;;;; +A0EF;YI SYLLABLE VOX;Lo;0;L;;;;;N;;;;; +A0F0;YI SYLLABLE VO;Lo;0;L;;;;;N;;;;; +A0F1;YI SYLLABLE VOP;Lo;0;L;;;;;N;;;;; +A0F2;YI SYLLABLE VEX;Lo;0;L;;;;;N;;;;; +A0F3;YI SYLLABLE VEP;Lo;0;L;;;;;N;;;;; +A0F4;YI SYLLABLE VUT;Lo;0;L;;;;;N;;;;; +A0F5;YI SYLLABLE VUX;Lo;0;L;;;;;N;;;;; +A0F6;YI SYLLABLE VU;Lo;0;L;;;;;N;;;;; +A0F7;YI SYLLABLE VUP;Lo;0;L;;;;;N;;;;; +A0F8;YI SYLLABLE VURX;Lo;0;L;;;;;N;;;;; +A0F9;YI SYLLABLE VUR;Lo;0;L;;;;;N;;;;; +A0FA;YI SYLLABLE VYT;Lo;0;L;;;;;N;;;;; +A0FB;YI SYLLABLE VYX;Lo;0;L;;;;;N;;;;; +A0FC;YI SYLLABLE VY;Lo;0;L;;;;;N;;;;; +A0FD;YI SYLLABLE VYP;Lo;0;L;;;;;N;;;;; +A0FE;YI SYLLABLE VYRX;Lo;0;L;;;;;N;;;;; +A0FF;YI SYLLABLE VYR;Lo;0;L;;;;;N;;;;; +A100;YI SYLLABLE DIT;Lo;0;L;;;;;N;;;;; +A101;YI SYLLABLE DIX;Lo;0;L;;;;;N;;;;; +A102;YI SYLLABLE DI;Lo;0;L;;;;;N;;;;; +A103;YI SYLLABLE DIP;Lo;0;L;;;;;N;;;;; +A104;YI SYLLABLE DIEX;Lo;0;L;;;;;N;;;;; +A105;YI SYLLABLE DIE;Lo;0;L;;;;;N;;;;; +A106;YI SYLLABLE DIEP;Lo;0;L;;;;;N;;;;; +A107;YI SYLLABLE DAT;Lo;0;L;;;;;N;;;;; +A108;YI SYLLABLE DAX;Lo;0;L;;;;;N;;;;; +A109;YI SYLLABLE DA;Lo;0;L;;;;;N;;;;; +A10A;YI SYLLABLE DAP;Lo;0;L;;;;;N;;;;; +A10B;YI SYLLABLE DUOX;Lo;0;L;;;;;N;;;;; +A10C;YI SYLLABLE DUO;Lo;0;L;;;;;N;;;;; +A10D;YI SYLLABLE DOT;Lo;0;L;;;;;N;;;;; +A10E;YI SYLLABLE DOX;Lo;0;L;;;;;N;;;;; +A10F;YI SYLLABLE DO;Lo;0;L;;;;;N;;;;; +A110;YI SYLLABLE DOP;Lo;0;L;;;;;N;;;;; +A111;YI SYLLABLE DEX;Lo;0;L;;;;;N;;;;; +A112;YI SYLLABLE DE;Lo;0;L;;;;;N;;;;; +A113;YI SYLLABLE DEP;Lo;0;L;;;;;N;;;;; +A114;YI SYLLABLE DUT;Lo;0;L;;;;;N;;;;; +A115;YI SYLLABLE DUX;Lo;0;L;;;;;N;;;;; +A116;YI SYLLABLE DU;Lo;0;L;;;;;N;;;;; +A117;YI SYLLABLE DUP;Lo;0;L;;;;;N;;;;; +A118;YI SYLLABLE DURX;Lo;0;L;;;;;N;;;;; +A119;YI SYLLABLE DUR;Lo;0;L;;;;;N;;;;; +A11A;YI SYLLABLE TIT;Lo;0;L;;;;;N;;;;; +A11B;YI SYLLABLE TIX;Lo;0;L;;;;;N;;;;; +A11C;YI SYLLABLE TI;Lo;0;L;;;;;N;;;;; +A11D;YI SYLLABLE TIP;Lo;0;L;;;;;N;;;;; +A11E;YI SYLLABLE TIEX;Lo;0;L;;;;;N;;;;; +A11F;YI SYLLABLE TIE;Lo;0;L;;;;;N;;;;; +A120;YI SYLLABLE TIEP;Lo;0;L;;;;;N;;;;; +A121;YI SYLLABLE TAT;Lo;0;L;;;;;N;;;;; +A122;YI SYLLABLE TAX;Lo;0;L;;;;;N;;;;; +A123;YI SYLLABLE TA;Lo;0;L;;;;;N;;;;; +A124;YI SYLLABLE TAP;Lo;0;L;;;;;N;;;;; +A125;YI SYLLABLE TUOT;Lo;0;L;;;;;N;;;;; +A126;YI SYLLABLE TUOX;Lo;0;L;;;;;N;;;;; +A127;YI SYLLABLE TUO;Lo;0;L;;;;;N;;;;; +A128;YI SYLLABLE TUOP;Lo;0;L;;;;;N;;;;; +A129;YI SYLLABLE TOT;Lo;0;L;;;;;N;;;;; +A12A;YI SYLLABLE TOX;Lo;0;L;;;;;N;;;;; +A12B;YI SYLLABLE TO;Lo;0;L;;;;;N;;;;; +A12C;YI SYLLABLE TOP;Lo;0;L;;;;;N;;;;; +A12D;YI SYLLABLE TEX;Lo;0;L;;;;;N;;;;; +A12E;YI SYLLABLE TE;Lo;0;L;;;;;N;;;;; +A12F;YI SYLLABLE TEP;Lo;0;L;;;;;N;;;;; +A130;YI SYLLABLE TUT;Lo;0;L;;;;;N;;;;; +A131;YI SYLLABLE TUX;Lo;0;L;;;;;N;;;;; +A132;YI SYLLABLE TU;Lo;0;L;;;;;N;;;;; +A133;YI SYLLABLE TUP;Lo;0;L;;;;;N;;;;; +A134;YI SYLLABLE TURX;Lo;0;L;;;;;N;;;;; +A135;YI SYLLABLE TUR;Lo;0;L;;;;;N;;;;; +A136;YI SYLLABLE DDIT;Lo;0;L;;;;;N;;;;; +A137;YI SYLLABLE DDIX;Lo;0;L;;;;;N;;;;; +A138;YI SYLLABLE DDI;Lo;0;L;;;;;N;;;;; +A139;YI SYLLABLE DDIP;Lo;0;L;;;;;N;;;;; +A13A;YI SYLLABLE DDIEX;Lo;0;L;;;;;N;;;;; +A13B;YI SYLLABLE DDIE;Lo;0;L;;;;;N;;;;; +A13C;YI SYLLABLE DDIEP;Lo;0;L;;;;;N;;;;; +A13D;YI SYLLABLE DDAT;Lo;0;L;;;;;N;;;;; +A13E;YI SYLLABLE DDAX;Lo;0;L;;;;;N;;;;; +A13F;YI SYLLABLE DDA;Lo;0;L;;;;;N;;;;; +A140;YI SYLLABLE DDAP;Lo;0;L;;;;;N;;;;; +A141;YI SYLLABLE DDUOX;Lo;0;L;;;;;N;;;;; +A142;YI SYLLABLE DDUO;Lo;0;L;;;;;N;;;;; +A143;YI SYLLABLE DDUOP;Lo;0;L;;;;;N;;;;; +A144;YI SYLLABLE DDOT;Lo;0;L;;;;;N;;;;; +A145;YI SYLLABLE DDOX;Lo;0;L;;;;;N;;;;; +A146;YI SYLLABLE DDO;Lo;0;L;;;;;N;;;;; +A147;YI SYLLABLE DDOP;Lo;0;L;;;;;N;;;;; +A148;YI SYLLABLE DDEX;Lo;0;L;;;;;N;;;;; +A149;YI SYLLABLE DDE;Lo;0;L;;;;;N;;;;; +A14A;YI SYLLABLE DDEP;Lo;0;L;;;;;N;;;;; +A14B;YI SYLLABLE DDUT;Lo;0;L;;;;;N;;;;; +A14C;YI SYLLABLE DDUX;Lo;0;L;;;;;N;;;;; +A14D;YI SYLLABLE DDU;Lo;0;L;;;;;N;;;;; +A14E;YI SYLLABLE DDUP;Lo;0;L;;;;;N;;;;; +A14F;YI SYLLABLE DDURX;Lo;0;L;;;;;N;;;;; +A150;YI SYLLABLE DDUR;Lo;0;L;;;;;N;;;;; +A151;YI SYLLABLE NDIT;Lo;0;L;;;;;N;;;;; +A152;YI SYLLABLE NDIX;Lo;0;L;;;;;N;;;;; +A153;YI SYLLABLE NDI;Lo;0;L;;;;;N;;;;; +A154;YI SYLLABLE NDIP;Lo;0;L;;;;;N;;;;; +A155;YI SYLLABLE NDIEX;Lo;0;L;;;;;N;;;;; +A156;YI SYLLABLE NDIE;Lo;0;L;;;;;N;;;;; +A157;YI SYLLABLE NDAT;Lo;0;L;;;;;N;;;;; +A158;YI SYLLABLE NDAX;Lo;0;L;;;;;N;;;;; +A159;YI SYLLABLE NDA;Lo;0;L;;;;;N;;;;; +A15A;YI SYLLABLE NDAP;Lo;0;L;;;;;N;;;;; +A15B;YI SYLLABLE NDOT;Lo;0;L;;;;;N;;;;; +A15C;YI SYLLABLE NDOX;Lo;0;L;;;;;N;;;;; +A15D;YI SYLLABLE NDO;Lo;0;L;;;;;N;;;;; +A15E;YI SYLLABLE NDOP;Lo;0;L;;;;;N;;;;; +A15F;YI SYLLABLE NDEX;Lo;0;L;;;;;N;;;;; +A160;YI SYLLABLE NDE;Lo;0;L;;;;;N;;;;; +A161;YI SYLLABLE NDEP;Lo;0;L;;;;;N;;;;; +A162;YI SYLLABLE NDUT;Lo;0;L;;;;;N;;;;; +A163;YI SYLLABLE NDUX;Lo;0;L;;;;;N;;;;; +A164;YI SYLLABLE NDU;Lo;0;L;;;;;N;;;;; +A165;YI SYLLABLE NDUP;Lo;0;L;;;;;N;;;;; +A166;YI SYLLABLE NDURX;Lo;0;L;;;;;N;;;;; +A167;YI SYLLABLE NDUR;Lo;0;L;;;;;N;;;;; +A168;YI SYLLABLE HNIT;Lo;0;L;;;;;N;;;;; +A169;YI SYLLABLE HNIX;Lo;0;L;;;;;N;;;;; +A16A;YI SYLLABLE HNI;Lo;0;L;;;;;N;;;;; +A16B;YI SYLLABLE HNIP;Lo;0;L;;;;;N;;;;; +A16C;YI SYLLABLE HNIET;Lo;0;L;;;;;N;;;;; +A16D;YI SYLLABLE HNIEX;Lo;0;L;;;;;N;;;;; +A16E;YI SYLLABLE HNIE;Lo;0;L;;;;;N;;;;; +A16F;YI SYLLABLE HNIEP;Lo;0;L;;;;;N;;;;; +A170;YI SYLLABLE HNAT;Lo;0;L;;;;;N;;;;; +A171;YI SYLLABLE HNAX;Lo;0;L;;;;;N;;;;; +A172;YI SYLLABLE HNA;Lo;0;L;;;;;N;;;;; +A173;YI SYLLABLE HNAP;Lo;0;L;;;;;N;;;;; +A174;YI SYLLABLE HNUOX;Lo;0;L;;;;;N;;;;; +A175;YI SYLLABLE HNUO;Lo;0;L;;;;;N;;;;; +A176;YI SYLLABLE HNOT;Lo;0;L;;;;;N;;;;; +A177;YI SYLLABLE HNOX;Lo;0;L;;;;;N;;;;; +A178;YI SYLLABLE HNOP;Lo;0;L;;;;;N;;;;; +A179;YI SYLLABLE HNEX;Lo;0;L;;;;;N;;;;; +A17A;YI SYLLABLE HNE;Lo;0;L;;;;;N;;;;; +A17B;YI SYLLABLE HNEP;Lo;0;L;;;;;N;;;;; +A17C;YI SYLLABLE HNUT;Lo;0;L;;;;;N;;;;; +A17D;YI SYLLABLE NIT;Lo;0;L;;;;;N;;;;; +A17E;YI SYLLABLE NIX;Lo;0;L;;;;;N;;;;; +A17F;YI SYLLABLE NI;Lo;0;L;;;;;N;;;;; +A180;YI SYLLABLE NIP;Lo;0;L;;;;;N;;;;; +A181;YI SYLLABLE NIEX;Lo;0;L;;;;;N;;;;; +A182;YI SYLLABLE NIE;Lo;0;L;;;;;N;;;;; +A183;YI SYLLABLE NIEP;Lo;0;L;;;;;N;;;;; +A184;YI SYLLABLE NAX;Lo;0;L;;;;;N;;;;; +A185;YI SYLLABLE NA;Lo;0;L;;;;;N;;;;; +A186;YI SYLLABLE NAP;Lo;0;L;;;;;N;;;;; +A187;YI SYLLABLE NUOX;Lo;0;L;;;;;N;;;;; +A188;YI SYLLABLE NUO;Lo;0;L;;;;;N;;;;; +A189;YI SYLLABLE NUOP;Lo;0;L;;;;;N;;;;; +A18A;YI SYLLABLE NOT;Lo;0;L;;;;;N;;;;; +A18B;YI SYLLABLE NOX;Lo;0;L;;;;;N;;;;; +A18C;YI SYLLABLE NO;Lo;0;L;;;;;N;;;;; +A18D;YI SYLLABLE NOP;Lo;0;L;;;;;N;;;;; +A18E;YI SYLLABLE NEX;Lo;0;L;;;;;N;;;;; +A18F;YI SYLLABLE NE;Lo;0;L;;;;;N;;;;; +A190;YI SYLLABLE NEP;Lo;0;L;;;;;N;;;;; +A191;YI SYLLABLE NUT;Lo;0;L;;;;;N;;;;; +A192;YI SYLLABLE NUX;Lo;0;L;;;;;N;;;;; +A193;YI SYLLABLE NU;Lo;0;L;;;;;N;;;;; +A194;YI SYLLABLE NUP;Lo;0;L;;;;;N;;;;; +A195;YI SYLLABLE NURX;Lo;0;L;;;;;N;;;;; +A196;YI SYLLABLE NUR;Lo;0;L;;;;;N;;;;; +A197;YI SYLLABLE HLIT;Lo;0;L;;;;;N;;;;; +A198;YI SYLLABLE HLIX;Lo;0;L;;;;;N;;;;; +A199;YI SYLLABLE HLI;Lo;0;L;;;;;N;;;;; +A19A;YI SYLLABLE HLIP;Lo;0;L;;;;;N;;;;; +A19B;YI SYLLABLE HLIEX;Lo;0;L;;;;;N;;;;; +A19C;YI SYLLABLE HLIE;Lo;0;L;;;;;N;;;;; +A19D;YI SYLLABLE HLIEP;Lo;0;L;;;;;N;;;;; +A19E;YI SYLLABLE HLAT;Lo;0;L;;;;;N;;;;; +A19F;YI SYLLABLE HLAX;Lo;0;L;;;;;N;;;;; +A1A0;YI SYLLABLE HLA;Lo;0;L;;;;;N;;;;; +A1A1;YI SYLLABLE HLAP;Lo;0;L;;;;;N;;;;; +A1A2;YI SYLLABLE HLUOX;Lo;0;L;;;;;N;;;;; +A1A3;YI SYLLABLE HLUO;Lo;0;L;;;;;N;;;;; +A1A4;YI SYLLABLE HLUOP;Lo;0;L;;;;;N;;;;; +A1A5;YI SYLLABLE HLOX;Lo;0;L;;;;;N;;;;; +A1A6;YI SYLLABLE HLO;Lo;0;L;;;;;N;;;;; +A1A7;YI SYLLABLE HLOP;Lo;0;L;;;;;N;;;;; +A1A8;YI SYLLABLE HLEX;Lo;0;L;;;;;N;;;;; +A1A9;YI SYLLABLE HLE;Lo;0;L;;;;;N;;;;; +A1AA;YI SYLLABLE HLEP;Lo;0;L;;;;;N;;;;; +A1AB;YI SYLLABLE HLUT;Lo;0;L;;;;;N;;;;; +A1AC;YI SYLLABLE HLUX;Lo;0;L;;;;;N;;;;; +A1AD;YI SYLLABLE HLU;Lo;0;L;;;;;N;;;;; +A1AE;YI SYLLABLE HLUP;Lo;0;L;;;;;N;;;;; +A1AF;YI SYLLABLE HLURX;Lo;0;L;;;;;N;;;;; +A1B0;YI SYLLABLE HLUR;Lo;0;L;;;;;N;;;;; +A1B1;YI SYLLABLE HLYT;Lo;0;L;;;;;N;;;;; +A1B2;YI SYLLABLE HLYX;Lo;0;L;;;;;N;;;;; +A1B3;YI SYLLABLE HLY;Lo;0;L;;;;;N;;;;; +A1B4;YI SYLLABLE HLYP;Lo;0;L;;;;;N;;;;; +A1B5;YI SYLLABLE HLYRX;Lo;0;L;;;;;N;;;;; +A1B6;YI SYLLABLE HLYR;Lo;0;L;;;;;N;;;;; +A1B7;YI SYLLABLE LIT;Lo;0;L;;;;;N;;;;; +A1B8;YI SYLLABLE LIX;Lo;0;L;;;;;N;;;;; +A1B9;YI SYLLABLE LI;Lo;0;L;;;;;N;;;;; +A1BA;YI SYLLABLE LIP;Lo;0;L;;;;;N;;;;; +A1BB;YI SYLLABLE LIET;Lo;0;L;;;;;N;;;;; +A1BC;YI SYLLABLE LIEX;Lo;0;L;;;;;N;;;;; +A1BD;YI SYLLABLE LIE;Lo;0;L;;;;;N;;;;; +A1BE;YI SYLLABLE LIEP;Lo;0;L;;;;;N;;;;; +A1BF;YI SYLLABLE LAT;Lo;0;L;;;;;N;;;;; +A1C0;YI SYLLABLE LAX;Lo;0;L;;;;;N;;;;; +A1C1;YI SYLLABLE LA;Lo;0;L;;;;;N;;;;; +A1C2;YI SYLLABLE LAP;Lo;0;L;;;;;N;;;;; +A1C3;YI SYLLABLE LUOT;Lo;0;L;;;;;N;;;;; +A1C4;YI SYLLABLE LUOX;Lo;0;L;;;;;N;;;;; +A1C5;YI SYLLABLE LUO;Lo;0;L;;;;;N;;;;; +A1C6;YI SYLLABLE LUOP;Lo;0;L;;;;;N;;;;; +A1C7;YI SYLLABLE LOT;Lo;0;L;;;;;N;;;;; +A1C8;YI SYLLABLE LOX;Lo;0;L;;;;;N;;;;; +A1C9;YI SYLLABLE LO;Lo;0;L;;;;;N;;;;; +A1CA;YI SYLLABLE LOP;Lo;0;L;;;;;N;;;;; +A1CB;YI SYLLABLE LEX;Lo;0;L;;;;;N;;;;; +A1CC;YI SYLLABLE LE;Lo;0;L;;;;;N;;;;; +A1CD;YI SYLLABLE LEP;Lo;0;L;;;;;N;;;;; +A1CE;YI SYLLABLE LUT;Lo;0;L;;;;;N;;;;; +A1CF;YI SYLLABLE LUX;Lo;0;L;;;;;N;;;;; +A1D0;YI SYLLABLE LU;Lo;0;L;;;;;N;;;;; +A1D1;YI SYLLABLE LUP;Lo;0;L;;;;;N;;;;; +A1D2;YI SYLLABLE LURX;Lo;0;L;;;;;N;;;;; +A1D3;YI SYLLABLE LUR;Lo;0;L;;;;;N;;;;; +A1D4;YI SYLLABLE LYT;Lo;0;L;;;;;N;;;;; +A1D5;YI SYLLABLE LYX;Lo;0;L;;;;;N;;;;; +A1D6;YI SYLLABLE LY;Lo;0;L;;;;;N;;;;; +A1D7;YI SYLLABLE LYP;Lo;0;L;;;;;N;;;;; +A1D8;YI SYLLABLE LYRX;Lo;0;L;;;;;N;;;;; +A1D9;YI SYLLABLE LYR;Lo;0;L;;;;;N;;;;; +A1DA;YI SYLLABLE GIT;Lo;0;L;;;;;N;;;;; +A1DB;YI SYLLABLE GIX;Lo;0;L;;;;;N;;;;; +A1DC;YI SYLLABLE GI;Lo;0;L;;;;;N;;;;; +A1DD;YI SYLLABLE GIP;Lo;0;L;;;;;N;;;;; +A1DE;YI SYLLABLE GIET;Lo;0;L;;;;;N;;;;; +A1DF;YI SYLLABLE GIEX;Lo;0;L;;;;;N;;;;; +A1E0;YI SYLLABLE GIE;Lo;0;L;;;;;N;;;;; +A1E1;YI SYLLABLE GIEP;Lo;0;L;;;;;N;;;;; +A1E2;YI SYLLABLE GAT;Lo;0;L;;;;;N;;;;; +A1E3;YI SYLLABLE GAX;Lo;0;L;;;;;N;;;;; +A1E4;YI SYLLABLE GA;Lo;0;L;;;;;N;;;;; +A1E5;YI SYLLABLE GAP;Lo;0;L;;;;;N;;;;; +A1E6;YI SYLLABLE GUOT;Lo;0;L;;;;;N;;;;; +A1E7;YI SYLLABLE GUOX;Lo;0;L;;;;;N;;;;; +A1E8;YI SYLLABLE GUO;Lo;0;L;;;;;N;;;;; +A1E9;YI SYLLABLE GUOP;Lo;0;L;;;;;N;;;;; +A1EA;YI SYLLABLE GOT;Lo;0;L;;;;;N;;;;; +A1EB;YI SYLLABLE GOX;Lo;0;L;;;;;N;;;;; +A1EC;YI SYLLABLE GO;Lo;0;L;;;;;N;;;;; +A1ED;YI SYLLABLE GOP;Lo;0;L;;;;;N;;;;; +A1EE;YI SYLLABLE GET;Lo;0;L;;;;;N;;;;; +A1EF;YI SYLLABLE GEX;Lo;0;L;;;;;N;;;;; +A1F0;YI SYLLABLE GE;Lo;0;L;;;;;N;;;;; +A1F1;YI SYLLABLE GEP;Lo;0;L;;;;;N;;;;; +A1F2;YI SYLLABLE GUT;Lo;0;L;;;;;N;;;;; +A1F3;YI SYLLABLE GUX;Lo;0;L;;;;;N;;;;; +A1F4;YI SYLLABLE GU;Lo;0;L;;;;;N;;;;; +A1F5;YI SYLLABLE GUP;Lo;0;L;;;;;N;;;;; +A1F6;YI SYLLABLE GURX;Lo;0;L;;;;;N;;;;; +A1F7;YI SYLLABLE GUR;Lo;0;L;;;;;N;;;;; +A1F8;YI SYLLABLE KIT;Lo;0;L;;;;;N;;;;; +A1F9;YI SYLLABLE KIX;Lo;0;L;;;;;N;;;;; +A1FA;YI SYLLABLE KI;Lo;0;L;;;;;N;;;;; +A1FB;YI SYLLABLE KIP;Lo;0;L;;;;;N;;;;; +A1FC;YI SYLLABLE KIEX;Lo;0;L;;;;;N;;;;; +A1FD;YI SYLLABLE KIE;Lo;0;L;;;;;N;;;;; +A1FE;YI SYLLABLE KIEP;Lo;0;L;;;;;N;;;;; +A1FF;YI SYLLABLE KAT;Lo;0;L;;;;;N;;;;; +A200;YI SYLLABLE KAX;Lo;0;L;;;;;N;;;;; +A201;YI SYLLABLE KA;Lo;0;L;;;;;N;;;;; +A202;YI SYLLABLE KAP;Lo;0;L;;;;;N;;;;; +A203;YI SYLLABLE KUOX;Lo;0;L;;;;;N;;;;; +A204;YI SYLLABLE KUO;Lo;0;L;;;;;N;;;;; +A205;YI SYLLABLE KUOP;Lo;0;L;;;;;N;;;;; +A206;YI SYLLABLE KOT;Lo;0;L;;;;;N;;;;; +A207;YI SYLLABLE KOX;Lo;0;L;;;;;N;;;;; +A208;YI SYLLABLE KO;Lo;0;L;;;;;N;;;;; +A209;YI SYLLABLE KOP;Lo;0;L;;;;;N;;;;; +A20A;YI SYLLABLE KET;Lo;0;L;;;;;N;;;;; +A20B;YI SYLLABLE KEX;Lo;0;L;;;;;N;;;;; +A20C;YI SYLLABLE KE;Lo;0;L;;;;;N;;;;; +A20D;YI SYLLABLE KEP;Lo;0;L;;;;;N;;;;; +A20E;YI SYLLABLE KUT;Lo;0;L;;;;;N;;;;; +A20F;YI SYLLABLE KUX;Lo;0;L;;;;;N;;;;; +A210;YI SYLLABLE KU;Lo;0;L;;;;;N;;;;; +A211;YI SYLLABLE KUP;Lo;0;L;;;;;N;;;;; +A212;YI SYLLABLE KURX;Lo;0;L;;;;;N;;;;; +A213;YI SYLLABLE KUR;Lo;0;L;;;;;N;;;;; +A214;YI SYLLABLE GGIT;Lo;0;L;;;;;N;;;;; +A215;YI SYLLABLE GGIX;Lo;0;L;;;;;N;;;;; +A216;YI SYLLABLE GGI;Lo;0;L;;;;;N;;;;; +A217;YI SYLLABLE GGIEX;Lo;0;L;;;;;N;;;;; +A218;YI SYLLABLE GGIE;Lo;0;L;;;;;N;;;;; +A219;YI SYLLABLE GGIEP;Lo;0;L;;;;;N;;;;; +A21A;YI SYLLABLE GGAT;Lo;0;L;;;;;N;;;;; +A21B;YI SYLLABLE GGAX;Lo;0;L;;;;;N;;;;; +A21C;YI SYLLABLE GGA;Lo;0;L;;;;;N;;;;; +A21D;YI SYLLABLE GGAP;Lo;0;L;;;;;N;;;;; +A21E;YI SYLLABLE GGUOT;Lo;0;L;;;;;N;;;;; +A21F;YI SYLLABLE GGUOX;Lo;0;L;;;;;N;;;;; +A220;YI SYLLABLE GGUO;Lo;0;L;;;;;N;;;;; +A221;YI SYLLABLE GGUOP;Lo;0;L;;;;;N;;;;; +A222;YI SYLLABLE GGOT;Lo;0;L;;;;;N;;;;; +A223;YI SYLLABLE GGOX;Lo;0;L;;;;;N;;;;; +A224;YI SYLLABLE GGO;Lo;0;L;;;;;N;;;;; +A225;YI SYLLABLE GGOP;Lo;0;L;;;;;N;;;;; +A226;YI SYLLABLE GGET;Lo;0;L;;;;;N;;;;; +A227;YI SYLLABLE GGEX;Lo;0;L;;;;;N;;;;; +A228;YI SYLLABLE GGE;Lo;0;L;;;;;N;;;;; +A229;YI SYLLABLE GGEP;Lo;0;L;;;;;N;;;;; +A22A;YI SYLLABLE GGUT;Lo;0;L;;;;;N;;;;; +A22B;YI SYLLABLE GGUX;Lo;0;L;;;;;N;;;;; +A22C;YI SYLLABLE GGU;Lo;0;L;;;;;N;;;;; +A22D;YI SYLLABLE GGUP;Lo;0;L;;;;;N;;;;; +A22E;YI SYLLABLE GGURX;Lo;0;L;;;;;N;;;;; +A22F;YI SYLLABLE GGUR;Lo;0;L;;;;;N;;;;; +A230;YI SYLLABLE MGIEX;Lo;0;L;;;;;N;;;;; +A231;YI SYLLABLE MGIE;Lo;0;L;;;;;N;;;;; +A232;YI SYLLABLE MGAT;Lo;0;L;;;;;N;;;;; +A233;YI SYLLABLE MGAX;Lo;0;L;;;;;N;;;;; +A234;YI SYLLABLE MGA;Lo;0;L;;;;;N;;;;; +A235;YI SYLLABLE MGAP;Lo;0;L;;;;;N;;;;; +A236;YI SYLLABLE MGUOX;Lo;0;L;;;;;N;;;;; +A237;YI SYLLABLE MGUO;Lo;0;L;;;;;N;;;;; +A238;YI SYLLABLE MGUOP;Lo;0;L;;;;;N;;;;; +A239;YI SYLLABLE MGOT;Lo;0;L;;;;;N;;;;; +A23A;YI SYLLABLE MGOX;Lo;0;L;;;;;N;;;;; +A23B;YI SYLLABLE MGO;Lo;0;L;;;;;N;;;;; +A23C;YI SYLLABLE MGOP;Lo;0;L;;;;;N;;;;; +A23D;YI SYLLABLE MGEX;Lo;0;L;;;;;N;;;;; +A23E;YI SYLLABLE MGE;Lo;0;L;;;;;N;;;;; +A23F;YI SYLLABLE MGEP;Lo;0;L;;;;;N;;;;; +A240;YI SYLLABLE MGUT;Lo;0;L;;;;;N;;;;; +A241;YI SYLLABLE MGUX;Lo;0;L;;;;;N;;;;; +A242;YI SYLLABLE MGU;Lo;0;L;;;;;N;;;;; +A243;YI SYLLABLE MGUP;Lo;0;L;;;;;N;;;;; +A244;YI SYLLABLE MGURX;Lo;0;L;;;;;N;;;;; +A245;YI SYLLABLE MGUR;Lo;0;L;;;;;N;;;;; +A246;YI SYLLABLE HXIT;Lo;0;L;;;;;N;;;;; +A247;YI SYLLABLE HXIX;Lo;0;L;;;;;N;;;;; +A248;YI SYLLABLE HXI;Lo;0;L;;;;;N;;;;; +A249;YI SYLLABLE HXIP;Lo;0;L;;;;;N;;;;; +A24A;YI SYLLABLE HXIET;Lo;0;L;;;;;N;;;;; +A24B;YI SYLLABLE HXIEX;Lo;0;L;;;;;N;;;;; +A24C;YI SYLLABLE HXIE;Lo;0;L;;;;;N;;;;; +A24D;YI SYLLABLE HXIEP;Lo;0;L;;;;;N;;;;; +A24E;YI SYLLABLE HXAT;Lo;0;L;;;;;N;;;;; +A24F;YI SYLLABLE HXAX;Lo;0;L;;;;;N;;;;; +A250;YI SYLLABLE HXA;Lo;0;L;;;;;N;;;;; +A251;YI SYLLABLE HXAP;Lo;0;L;;;;;N;;;;; +A252;YI SYLLABLE HXUOT;Lo;0;L;;;;;N;;;;; +A253;YI SYLLABLE HXUOX;Lo;0;L;;;;;N;;;;; +A254;YI SYLLABLE HXUO;Lo;0;L;;;;;N;;;;; +A255;YI SYLLABLE HXUOP;Lo;0;L;;;;;N;;;;; +A256;YI SYLLABLE HXOT;Lo;0;L;;;;;N;;;;; +A257;YI SYLLABLE HXOX;Lo;0;L;;;;;N;;;;; +A258;YI SYLLABLE HXO;Lo;0;L;;;;;N;;;;; +A259;YI SYLLABLE HXOP;Lo;0;L;;;;;N;;;;; +A25A;YI SYLLABLE HXEX;Lo;0;L;;;;;N;;;;; +A25B;YI SYLLABLE HXE;Lo;0;L;;;;;N;;;;; +A25C;YI SYLLABLE HXEP;Lo;0;L;;;;;N;;;;; +A25D;YI SYLLABLE NGIEX;Lo;0;L;;;;;N;;;;; +A25E;YI SYLLABLE NGIE;Lo;0;L;;;;;N;;;;; +A25F;YI SYLLABLE NGIEP;Lo;0;L;;;;;N;;;;; +A260;YI SYLLABLE NGAT;Lo;0;L;;;;;N;;;;; +A261;YI SYLLABLE NGAX;Lo;0;L;;;;;N;;;;; +A262;YI SYLLABLE NGA;Lo;0;L;;;;;N;;;;; +A263;YI SYLLABLE NGAP;Lo;0;L;;;;;N;;;;; +A264;YI SYLLABLE NGUOT;Lo;0;L;;;;;N;;;;; +A265;YI SYLLABLE NGUOX;Lo;0;L;;;;;N;;;;; +A266;YI SYLLABLE NGUO;Lo;0;L;;;;;N;;;;; +A267;YI SYLLABLE NGOT;Lo;0;L;;;;;N;;;;; +A268;YI SYLLABLE NGOX;Lo;0;L;;;;;N;;;;; +A269;YI SYLLABLE NGO;Lo;0;L;;;;;N;;;;; +A26A;YI SYLLABLE NGOP;Lo;0;L;;;;;N;;;;; +A26B;YI SYLLABLE NGEX;Lo;0;L;;;;;N;;;;; +A26C;YI SYLLABLE NGE;Lo;0;L;;;;;N;;;;; +A26D;YI SYLLABLE NGEP;Lo;0;L;;;;;N;;;;; +A26E;YI SYLLABLE HIT;Lo;0;L;;;;;N;;;;; +A26F;YI SYLLABLE HIEX;Lo;0;L;;;;;N;;;;; +A270;YI SYLLABLE HIE;Lo;0;L;;;;;N;;;;; +A271;YI SYLLABLE HAT;Lo;0;L;;;;;N;;;;; +A272;YI SYLLABLE HAX;Lo;0;L;;;;;N;;;;; +A273;YI SYLLABLE HA;Lo;0;L;;;;;N;;;;; +A274;YI SYLLABLE HAP;Lo;0;L;;;;;N;;;;; +A275;YI SYLLABLE HUOT;Lo;0;L;;;;;N;;;;; +A276;YI SYLLABLE HUOX;Lo;0;L;;;;;N;;;;; +A277;YI SYLLABLE HUO;Lo;0;L;;;;;N;;;;; +A278;YI SYLLABLE HUOP;Lo;0;L;;;;;N;;;;; +A279;YI SYLLABLE HOT;Lo;0;L;;;;;N;;;;; +A27A;YI SYLLABLE HOX;Lo;0;L;;;;;N;;;;; +A27B;YI SYLLABLE HO;Lo;0;L;;;;;N;;;;; +A27C;YI SYLLABLE HOP;Lo;0;L;;;;;N;;;;; +A27D;YI SYLLABLE HEX;Lo;0;L;;;;;N;;;;; +A27E;YI SYLLABLE HE;Lo;0;L;;;;;N;;;;; +A27F;YI SYLLABLE HEP;Lo;0;L;;;;;N;;;;; +A280;YI SYLLABLE WAT;Lo;0;L;;;;;N;;;;; +A281;YI SYLLABLE WAX;Lo;0;L;;;;;N;;;;; +A282;YI SYLLABLE WA;Lo;0;L;;;;;N;;;;; +A283;YI SYLLABLE WAP;Lo;0;L;;;;;N;;;;; +A284;YI SYLLABLE WUOX;Lo;0;L;;;;;N;;;;; +A285;YI SYLLABLE WUO;Lo;0;L;;;;;N;;;;; +A286;YI SYLLABLE WUOP;Lo;0;L;;;;;N;;;;; +A287;YI SYLLABLE WOX;Lo;0;L;;;;;N;;;;; +A288;YI SYLLABLE WO;Lo;0;L;;;;;N;;;;; +A289;YI SYLLABLE WOP;Lo;0;L;;;;;N;;;;; +A28A;YI SYLLABLE WEX;Lo;0;L;;;;;N;;;;; +A28B;YI SYLLABLE WE;Lo;0;L;;;;;N;;;;; +A28C;YI SYLLABLE WEP;Lo;0;L;;;;;N;;;;; +A28D;YI SYLLABLE ZIT;Lo;0;L;;;;;N;;;;; +A28E;YI SYLLABLE ZIX;Lo;0;L;;;;;N;;;;; +A28F;YI SYLLABLE ZI;Lo;0;L;;;;;N;;;;; +A290;YI SYLLABLE ZIP;Lo;0;L;;;;;N;;;;; +A291;YI SYLLABLE ZIEX;Lo;0;L;;;;;N;;;;; +A292;YI SYLLABLE ZIE;Lo;0;L;;;;;N;;;;; +A293;YI SYLLABLE ZIEP;Lo;0;L;;;;;N;;;;; +A294;YI SYLLABLE ZAT;Lo;0;L;;;;;N;;;;; +A295;YI SYLLABLE ZAX;Lo;0;L;;;;;N;;;;; +A296;YI SYLLABLE ZA;Lo;0;L;;;;;N;;;;; +A297;YI SYLLABLE ZAP;Lo;0;L;;;;;N;;;;; +A298;YI SYLLABLE ZUOX;Lo;0;L;;;;;N;;;;; +A299;YI SYLLABLE ZUO;Lo;0;L;;;;;N;;;;; +A29A;YI SYLLABLE ZUOP;Lo;0;L;;;;;N;;;;; +A29B;YI SYLLABLE ZOT;Lo;0;L;;;;;N;;;;; +A29C;YI SYLLABLE ZOX;Lo;0;L;;;;;N;;;;; +A29D;YI SYLLABLE ZO;Lo;0;L;;;;;N;;;;; +A29E;YI SYLLABLE ZOP;Lo;0;L;;;;;N;;;;; +A29F;YI SYLLABLE ZEX;Lo;0;L;;;;;N;;;;; +A2A0;YI SYLLABLE ZE;Lo;0;L;;;;;N;;;;; +A2A1;YI SYLLABLE ZEP;Lo;0;L;;;;;N;;;;; +A2A2;YI SYLLABLE ZUT;Lo;0;L;;;;;N;;;;; +A2A3;YI SYLLABLE ZUX;Lo;0;L;;;;;N;;;;; +A2A4;YI SYLLABLE ZU;Lo;0;L;;;;;N;;;;; +A2A5;YI SYLLABLE ZUP;Lo;0;L;;;;;N;;;;; +A2A6;YI SYLLABLE ZURX;Lo;0;L;;;;;N;;;;; +A2A7;YI SYLLABLE ZUR;Lo;0;L;;;;;N;;;;; +A2A8;YI SYLLABLE ZYT;Lo;0;L;;;;;N;;;;; +A2A9;YI SYLLABLE ZYX;Lo;0;L;;;;;N;;;;; +A2AA;YI SYLLABLE ZY;Lo;0;L;;;;;N;;;;; +A2AB;YI SYLLABLE ZYP;Lo;0;L;;;;;N;;;;; +A2AC;YI SYLLABLE ZYRX;Lo;0;L;;;;;N;;;;; +A2AD;YI SYLLABLE ZYR;Lo;0;L;;;;;N;;;;; +A2AE;YI SYLLABLE CIT;Lo;0;L;;;;;N;;;;; +A2AF;YI SYLLABLE CIX;Lo;0;L;;;;;N;;;;; +A2B0;YI SYLLABLE CI;Lo;0;L;;;;;N;;;;; +A2B1;YI SYLLABLE CIP;Lo;0;L;;;;;N;;;;; +A2B2;YI SYLLABLE CIET;Lo;0;L;;;;;N;;;;; +A2B3;YI SYLLABLE CIEX;Lo;0;L;;;;;N;;;;; +A2B4;YI SYLLABLE CIE;Lo;0;L;;;;;N;;;;; +A2B5;YI SYLLABLE CIEP;Lo;0;L;;;;;N;;;;; +A2B6;YI SYLLABLE CAT;Lo;0;L;;;;;N;;;;; +A2B7;YI SYLLABLE CAX;Lo;0;L;;;;;N;;;;; +A2B8;YI SYLLABLE CA;Lo;0;L;;;;;N;;;;; +A2B9;YI SYLLABLE CAP;Lo;0;L;;;;;N;;;;; +A2BA;YI SYLLABLE CUOX;Lo;0;L;;;;;N;;;;; +A2BB;YI SYLLABLE CUO;Lo;0;L;;;;;N;;;;; +A2BC;YI SYLLABLE CUOP;Lo;0;L;;;;;N;;;;; +A2BD;YI SYLLABLE COT;Lo;0;L;;;;;N;;;;; +A2BE;YI SYLLABLE COX;Lo;0;L;;;;;N;;;;; +A2BF;YI SYLLABLE CO;Lo;0;L;;;;;N;;;;; +A2C0;YI SYLLABLE COP;Lo;0;L;;;;;N;;;;; +A2C1;YI SYLLABLE CEX;Lo;0;L;;;;;N;;;;; +A2C2;YI SYLLABLE CE;Lo;0;L;;;;;N;;;;; +A2C3;YI SYLLABLE CEP;Lo;0;L;;;;;N;;;;; +A2C4;YI SYLLABLE CUT;Lo;0;L;;;;;N;;;;; +A2C5;YI SYLLABLE CUX;Lo;0;L;;;;;N;;;;; +A2C6;YI SYLLABLE CU;Lo;0;L;;;;;N;;;;; +A2C7;YI SYLLABLE CUP;Lo;0;L;;;;;N;;;;; +A2C8;YI SYLLABLE CURX;Lo;0;L;;;;;N;;;;; +A2C9;YI SYLLABLE CUR;Lo;0;L;;;;;N;;;;; +A2CA;YI SYLLABLE CYT;Lo;0;L;;;;;N;;;;; +A2CB;YI SYLLABLE CYX;Lo;0;L;;;;;N;;;;; +A2CC;YI SYLLABLE CY;Lo;0;L;;;;;N;;;;; +A2CD;YI SYLLABLE CYP;Lo;0;L;;;;;N;;;;; +A2CE;YI SYLLABLE CYRX;Lo;0;L;;;;;N;;;;; +A2CF;YI SYLLABLE CYR;Lo;0;L;;;;;N;;;;; +A2D0;YI SYLLABLE ZZIT;Lo;0;L;;;;;N;;;;; +A2D1;YI SYLLABLE ZZIX;Lo;0;L;;;;;N;;;;; +A2D2;YI SYLLABLE ZZI;Lo;0;L;;;;;N;;;;; +A2D3;YI SYLLABLE ZZIP;Lo;0;L;;;;;N;;;;; +A2D4;YI SYLLABLE ZZIET;Lo;0;L;;;;;N;;;;; +A2D5;YI SYLLABLE ZZIEX;Lo;0;L;;;;;N;;;;; +A2D6;YI SYLLABLE ZZIE;Lo;0;L;;;;;N;;;;; +A2D7;YI SYLLABLE ZZIEP;Lo;0;L;;;;;N;;;;; +A2D8;YI SYLLABLE ZZAT;Lo;0;L;;;;;N;;;;; +A2D9;YI SYLLABLE ZZAX;Lo;0;L;;;;;N;;;;; +A2DA;YI SYLLABLE ZZA;Lo;0;L;;;;;N;;;;; +A2DB;YI SYLLABLE ZZAP;Lo;0;L;;;;;N;;;;; +A2DC;YI SYLLABLE ZZOX;Lo;0;L;;;;;N;;;;; +A2DD;YI SYLLABLE ZZO;Lo;0;L;;;;;N;;;;; +A2DE;YI SYLLABLE ZZOP;Lo;0;L;;;;;N;;;;; +A2DF;YI SYLLABLE ZZEX;Lo;0;L;;;;;N;;;;; +A2E0;YI SYLLABLE ZZE;Lo;0;L;;;;;N;;;;; +A2E1;YI SYLLABLE ZZEP;Lo;0;L;;;;;N;;;;; +A2E2;YI SYLLABLE ZZUX;Lo;0;L;;;;;N;;;;; +A2E3;YI SYLLABLE ZZU;Lo;0;L;;;;;N;;;;; +A2E4;YI SYLLABLE ZZUP;Lo;0;L;;;;;N;;;;; +A2E5;YI SYLLABLE ZZURX;Lo;0;L;;;;;N;;;;; +A2E6;YI SYLLABLE ZZUR;Lo;0;L;;;;;N;;;;; +A2E7;YI SYLLABLE ZZYT;Lo;0;L;;;;;N;;;;; +A2E8;YI SYLLABLE ZZYX;Lo;0;L;;;;;N;;;;; +A2E9;YI SYLLABLE ZZY;Lo;0;L;;;;;N;;;;; +A2EA;YI SYLLABLE ZZYP;Lo;0;L;;;;;N;;;;; +A2EB;YI SYLLABLE ZZYRX;Lo;0;L;;;;;N;;;;; +A2EC;YI SYLLABLE ZZYR;Lo;0;L;;;;;N;;;;; +A2ED;YI SYLLABLE NZIT;Lo;0;L;;;;;N;;;;; +A2EE;YI SYLLABLE NZIX;Lo;0;L;;;;;N;;;;; +A2EF;YI SYLLABLE NZI;Lo;0;L;;;;;N;;;;; +A2F0;YI SYLLABLE NZIP;Lo;0;L;;;;;N;;;;; +A2F1;YI SYLLABLE NZIEX;Lo;0;L;;;;;N;;;;; +A2F2;YI SYLLABLE NZIE;Lo;0;L;;;;;N;;;;; +A2F3;YI SYLLABLE NZIEP;Lo;0;L;;;;;N;;;;; +A2F4;YI SYLLABLE NZAT;Lo;0;L;;;;;N;;;;; +A2F5;YI SYLLABLE NZAX;Lo;0;L;;;;;N;;;;; +A2F6;YI SYLLABLE NZA;Lo;0;L;;;;;N;;;;; +A2F7;YI SYLLABLE NZAP;Lo;0;L;;;;;N;;;;; +A2F8;YI SYLLABLE NZUOX;Lo;0;L;;;;;N;;;;; +A2F9;YI SYLLABLE NZUO;Lo;0;L;;;;;N;;;;; +A2FA;YI SYLLABLE NZOX;Lo;0;L;;;;;N;;;;; +A2FB;YI SYLLABLE NZOP;Lo;0;L;;;;;N;;;;; +A2FC;YI SYLLABLE NZEX;Lo;0;L;;;;;N;;;;; +A2FD;YI SYLLABLE NZE;Lo;0;L;;;;;N;;;;; +A2FE;YI SYLLABLE NZUX;Lo;0;L;;;;;N;;;;; +A2FF;YI SYLLABLE NZU;Lo;0;L;;;;;N;;;;; +A300;YI SYLLABLE NZUP;Lo;0;L;;;;;N;;;;; +A301;YI SYLLABLE NZURX;Lo;0;L;;;;;N;;;;; +A302;YI SYLLABLE NZUR;Lo;0;L;;;;;N;;;;; +A303;YI SYLLABLE NZYT;Lo;0;L;;;;;N;;;;; +A304;YI SYLLABLE NZYX;Lo;0;L;;;;;N;;;;; +A305;YI SYLLABLE NZY;Lo;0;L;;;;;N;;;;; +A306;YI SYLLABLE NZYP;Lo;0;L;;;;;N;;;;; +A307;YI SYLLABLE NZYRX;Lo;0;L;;;;;N;;;;; +A308;YI SYLLABLE NZYR;Lo;0;L;;;;;N;;;;; +A309;YI SYLLABLE SIT;Lo;0;L;;;;;N;;;;; +A30A;YI SYLLABLE SIX;Lo;0;L;;;;;N;;;;; +A30B;YI SYLLABLE SI;Lo;0;L;;;;;N;;;;; +A30C;YI SYLLABLE SIP;Lo;0;L;;;;;N;;;;; +A30D;YI SYLLABLE SIEX;Lo;0;L;;;;;N;;;;; +A30E;YI SYLLABLE SIE;Lo;0;L;;;;;N;;;;; +A30F;YI SYLLABLE SIEP;Lo;0;L;;;;;N;;;;; +A310;YI SYLLABLE SAT;Lo;0;L;;;;;N;;;;; +A311;YI SYLLABLE SAX;Lo;0;L;;;;;N;;;;; +A312;YI SYLLABLE SA;Lo;0;L;;;;;N;;;;; +A313;YI SYLLABLE SAP;Lo;0;L;;;;;N;;;;; +A314;YI SYLLABLE SUOX;Lo;0;L;;;;;N;;;;; +A315;YI SYLLABLE SUO;Lo;0;L;;;;;N;;;;; +A316;YI SYLLABLE SUOP;Lo;0;L;;;;;N;;;;; +A317;YI SYLLABLE SOT;Lo;0;L;;;;;N;;;;; +A318;YI SYLLABLE SOX;Lo;0;L;;;;;N;;;;; +A319;YI SYLLABLE SO;Lo;0;L;;;;;N;;;;; +A31A;YI SYLLABLE SOP;Lo;0;L;;;;;N;;;;; +A31B;YI SYLLABLE SEX;Lo;0;L;;;;;N;;;;; +A31C;YI SYLLABLE SE;Lo;0;L;;;;;N;;;;; +A31D;YI SYLLABLE SEP;Lo;0;L;;;;;N;;;;; +A31E;YI SYLLABLE SUT;Lo;0;L;;;;;N;;;;; +A31F;YI SYLLABLE SUX;Lo;0;L;;;;;N;;;;; +A320;YI SYLLABLE SU;Lo;0;L;;;;;N;;;;; +A321;YI SYLLABLE SUP;Lo;0;L;;;;;N;;;;; +A322;YI SYLLABLE SURX;Lo;0;L;;;;;N;;;;; +A323;YI SYLLABLE SUR;Lo;0;L;;;;;N;;;;; +A324;YI SYLLABLE SYT;Lo;0;L;;;;;N;;;;; +A325;YI SYLLABLE SYX;Lo;0;L;;;;;N;;;;; +A326;YI SYLLABLE SY;Lo;0;L;;;;;N;;;;; +A327;YI SYLLABLE SYP;Lo;0;L;;;;;N;;;;; +A328;YI SYLLABLE SYRX;Lo;0;L;;;;;N;;;;; +A329;YI SYLLABLE SYR;Lo;0;L;;;;;N;;;;; +A32A;YI SYLLABLE SSIT;Lo;0;L;;;;;N;;;;; +A32B;YI SYLLABLE SSIX;Lo;0;L;;;;;N;;;;; +A32C;YI SYLLABLE SSI;Lo;0;L;;;;;N;;;;; +A32D;YI SYLLABLE SSIP;Lo;0;L;;;;;N;;;;; +A32E;YI SYLLABLE SSIEX;Lo;0;L;;;;;N;;;;; +A32F;YI SYLLABLE SSIE;Lo;0;L;;;;;N;;;;; +A330;YI SYLLABLE SSIEP;Lo;0;L;;;;;N;;;;; +A331;YI SYLLABLE SSAT;Lo;0;L;;;;;N;;;;; +A332;YI SYLLABLE SSAX;Lo;0;L;;;;;N;;;;; +A333;YI SYLLABLE SSA;Lo;0;L;;;;;N;;;;; +A334;YI SYLLABLE SSAP;Lo;0;L;;;;;N;;;;; +A335;YI SYLLABLE SSOT;Lo;0;L;;;;;N;;;;; +A336;YI SYLLABLE SSOX;Lo;0;L;;;;;N;;;;; +A337;YI SYLLABLE SSO;Lo;0;L;;;;;N;;;;; +A338;YI SYLLABLE SSOP;Lo;0;L;;;;;N;;;;; +A339;YI SYLLABLE SSEX;Lo;0;L;;;;;N;;;;; +A33A;YI SYLLABLE SSE;Lo;0;L;;;;;N;;;;; +A33B;YI SYLLABLE SSEP;Lo;0;L;;;;;N;;;;; +A33C;YI SYLLABLE SSUT;Lo;0;L;;;;;N;;;;; +A33D;YI SYLLABLE SSUX;Lo;0;L;;;;;N;;;;; +A33E;YI SYLLABLE SSU;Lo;0;L;;;;;N;;;;; +A33F;YI SYLLABLE SSUP;Lo;0;L;;;;;N;;;;; +A340;YI SYLLABLE SSYT;Lo;0;L;;;;;N;;;;; +A341;YI SYLLABLE SSYX;Lo;0;L;;;;;N;;;;; +A342;YI SYLLABLE SSY;Lo;0;L;;;;;N;;;;; +A343;YI SYLLABLE SSYP;Lo;0;L;;;;;N;;;;; +A344;YI SYLLABLE SSYRX;Lo;0;L;;;;;N;;;;; +A345;YI SYLLABLE SSYR;Lo;0;L;;;;;N;;;;; +A346;YI SYLLABLE ZHAT;Lo;0;L;;;;;N;;;;; +A347;YI SYLLABLE ZHAX;Lo;0;L;;;;;N;;;;; +A348;YI SYLLABLE ZHA;Lo;0;L;;;;;N;;;;; +A349;YI SYLLABLE ZHAP;Lo;0;L;;;;;N;;;;; +A34A;YI SYLLABLE ZHUOX;Lo;0;L;;;;;N;;;;; +A34B;YI SYLLABLE ZHUO;Lo;0;L;;;;;N;;;;; +A34C;YI SYLLABLE ZHUOP;Lo;0;L;;;;;N;;;;; +A34D;YI SYLLABLE ZHOT;Lo;0;L;;;;;N;;;;; +A34E;YI SYLLABLE ZHOX;Lo;0;L;;;;;N;;;;; +A34F;YI SYLLABLE ZHO;Lo;0;L;;;;;N;;;;; +A350;YI SYLLABLE ZHOP;Lo;0;L;;;;;N;;;;; +A351;YI SYLLABLE ZHET;Lo;0;L;;;;;N;;;;; +A352;YI SYLLABLE ZHEX;Lo;0;L;;;;;N;;;;; +A353;YI SYLLABLE ZHE;Lo;0;L;;;;;N;;;;; +A354;YI SYLLABLE ZHEP;Lo;0;L;;;;;N;;;;; +A355;YI SYLLABLE ZHUT;Lo;0;L;;;;;N;;;;; +A356;YI SYLLABLE ZHUX;Lo;0;L;;;;;N;;;;; +A357;YI SYLLABLE ZHU;Lo;0;L;;;;;N;;;;; +A358;YI SYLLABLE ZHUP;Lo;0;L;;;;;N;;;;; +A359;YI SYLLABLE ZHURX;Lo;0;L;;;;;N;;;;; +A35A;YI SYLLABLE ZHUR;Lo;0;L;;;;;N;;;;; +A35B;YI SYLLABLE ZHYT;Lo;0;L;;;;;N;;;;; +A35C;YI SYLLABLE ZHYX;Lo;0;L;;;;;N;;;;; +A35D;YI SYLLABLE ZHY;Lo;0;L;;;;;N;;;;; +A35E;YI SYLLABLE ZHYP;Lo;0;L;;;;;N;;;;; +A35F;YI SYLLABLE ZHYRX;Lo;0;L;;;;;N;;;;; +A360;YI SYLLABLE ZHYR;Lo;0;L;;;;;N;;;;; +A361;YI SYLLABLE CHAT;Lo;0;L;;;;;N;;;;; +A362;YI SYLLABLE CHAX;Lo;0;L;;;;;N;;;;; +A363;YI SYLLABLE CHA;Lo;0;L;;;;;N;;;;; +A364;YI SYLLABLE CHAP;Lo;0;L;;;;;N;;;;; +A365;YI SYLLABLE CHUOT;Lo;0;L;;;;;N;;;;; +A366;YI SYLLABLE CHUOX;Lo;0;L;;;;;N;;;;; +A367;YI SYLLABLE CHUO;Lo;0;L;;;;;N;;;;; +A368;YI SYLLABLE CHUOP;Lo;0;L;;;;;N;;;;; +A369;YI SYLLABLE CHOT;Lo;0;L;;;;;N;;;;; +A36A;YI SYLLABLE CHOX;Lo;0;L;;;;;N;;;;; +A36B;YI SYLLABLE CHO;Lo;0;L;;;;;N;;;;; +A36C;YI SYLLABLE CHOP;Lo;0;L;;;;;N;;;;; +A36D;YI SYLLABLE CHET;Lo;0;L;;;;;N;;;;; +A36E;YI SYLLABLE CHEX;Lo;0;L;;;;;N;;;;; +A36F;YI SYLLABLE CHE;Lo;0;L;;;;;N;;;;; +A370;YI SYLLABLE CHEP;Lo;0;L;;;;;N;;;;; +A371;YI SYLLABLE CHUX;Lo;0;L;;;;;N;;;;; +A372;YI SYLLABLE CHU;Lo;0;L;;;;;N;;;;; +A373;YI SYLLABLE CHUP;Lo;0;L;;;;;N;;;;; +A374;YI SYLLABLE CHURX;Lo;0;L;;;;;N;;;;; +A375;YI SYLLABLE CHUR;Lo;0;L;;;;;N;;;;; +A376;YI SYLLABLE CHYT;Lo;0;L;;;;;N;;;;; +A377;YI SYLLABLE CHYX;Lo;0;L;;;;;N;;;;; +A378;YI SYLLABLE CHY;Lo;0;L;;;;;N;;;;; +A379;YI SYLLABLE CHYP;Lo;0;L;;;;;N;;;;; +A37A;YI SYLLABLE CHYRX;Lo;0;L;;;;;N;;;;; +A37B;YI SYLLABLE CHYR;Lo;0;L;;;;;N;;;;; +A37C;YI SYLLABLE RRAX;Lo;0;L;;;;;N;;;;; +A37D;YI SYLLABLE RRA;Lo;0;L;;;;;N;;;;; +A37E;YI SYLLABLE RRUOX;Lo;0;L;;;;;N;;;;; +A37F;YI SYLLABLE RRUO;Lo;0;L;;;;;N;;;;; +A380;YI SYLLABLE RROT;Lo;0;L;;;;;N;;;;; +A381;YI SYLLABLE RROX;Lo;0;L;;;;;N;;;;; +A382;YI SYLLABLE RRO;Lo;0;L;;;;;N;;;;; +A383;YI SYLLABLE RROP;Lo;0;L;;;;;N;;;;; +A384;YI SYLLABLE RRET;Lo;0;L;;;;;N;;;;; +A385;YI SYLLABLE RREX;Lo;0;L;;;;;N;;;;; +A386;YI SYLLABLE RRE;Lo;0;L;;;;;N;;;;; +A387;YI SYLLABLE RREP;Lo;0;L;;;;;N;;;;; +A388;YI SYLLABLE RRUT;Lo;0;L;;;;;N;;;;; +A389;YI SYLLABLE RRUX;Lo;0;L;;;;;N;;;;; +A38A;YI SYLLABLE RRU;Lo;0;L;;;;;N;;;;; +A38B;YI SYLLABLE RRUP;Lo;0;L;;;;;N;;;;; +A38C;YI SYLLABLE RRURX;Lo;0;L;;;;;N;;;;; +A38D;YI SYLLABLE RRUR;Lo;0;L;;;;;N;;;;; +A38E;YI SYLLABLE RRYT;Lo;0;L;;;;;N;;;;; +A38F;YI SYLLABLE RRYX;Lo;0;L;;;;;N;;;;; +A390;YI SYLLABLE RRY;Lo;0;L;;;;;N;;;;; +A391;YI SYLLABLE RRYP;Lo;0;L;;;;;N;;;;; +A392;YI SYLLABLE RRYRX;Lo;0;L;;;;;N;;;;; +A393;YI SYLLABLE RRYR;Lo;0;L;;;;;N;;;;; +A394;YI SYLLABLE NRAT;Lo;0;L;;;;;N;;;;; +A395;YI SYLLABLE NRAX;Lo;0;L;;;;;N;;;;; +A396;YI SYLLABLE NRA;Lo;0;L;;;;;N;;;;; +A397;YI SYLLABLE NRAP;Lo;0;L;;;;;N;;;;; +A398;YI SYLLABLE NROX;Lo;0;L;;;;;N;;;;; +A399;YI SYLLABLE NRO;Lo;0;L;;;;;N;;;;; +A39A;YI SYLLABLE NROP;Lo;0;L;;;;;N;;;;; +A39B;YI SYLLABLE NRET;Lo;0;L;;;;;N;;;;; +A39C;YI SYLLABLE NREX;Lo;0;L;;;;;N;;;;; +A39D;YI SYLLABLE NRE;Lo;0;L;;;;;N;;;;; +A39E;YI SYLLABLE NREP;Lo;0;L;;;;;N;;;;; +A39F;YI SYLLABLE NRUT;Lo;0;L;;;;;N;;;;; +A3A0;YI SYLLABLE NRUX;Lo;0;L;;;;;N;;;;; +A3A1;YI SYLLABLE NRU;Lo;0;L;;;;;N;;;;; +A3A2;YI SYLLABLE NRUP;Lo;0;L;;;;;N;;;;; +A3A3;YI SYLLABLE NRURX;Lo;0;L;;;;;N;;;;; +A3A4;YI SYLLABLE NRUR;Lo;0;L;;;;;N;;;;; +A3A5;YI SYLLABLE NRYT;Lo;0;L;;;;;N;;;;; +A3A6;YI SYLLABLE NRYX;Lo;0;L;;;;;N;;;;; +A3A7;YI SYLLABLE NRY;Lo;0;L;;;;;N;;;;; +A3A8;YI SYLLABLE NRYP;Lo;0;L;;;;;N;;;;; +A3A9;YI SYLLABLE NRYRX;Lo;0;L;;;;;N;;;;; +A3AA;YI SYLLABLE NRYR;Lo;0;L;;;;;N;;;;; +A3AB;YI SYLLABLE SHAT;Lo;0;L;;;;;N;;;;; +A3AC;YI SYLLABLE SHAX;Lo;0;L;;;;;N;;;;; +A3AD;YI SYLLABLE SHA;Lo;0;L;;;;;N;;;;; +A3AE;YI SYLLABLE SHAP;Lo;0;L;;;;;N;;;;; +A3AF;YI SYLLABLE SHUOX;Lo;0;L;;;;;N;;;;; +A3B0;YI SYLLABLE SHUO;Lo;0;L;;;;;N;;;;; +A3B1;YI SYLLABLE SHUOP;Lo;0;L;;;;;N;;;;; +A3B2;YI SYLLABLE SHOT;Lo;0;L;;;;;N;;;;; +A3B3;YI SYLLABLE SHOX;Lo;0;L;;;;;N;;;;; +A3B4;YI SYLLABLE SHO;Lo;0;L;;;;;N;;;;; +A3B5;YI SYLLABLE SHOP;Lo;0;L;;;;;N;;;;; +A3B6;YI SYLLABLE SHET;Lo;0;L;;;;;N;;;;; +A3B7;YI SYLLABLE SHEX;Lo;0;L;;;;;N;;;;; +A3B8;YI SYLLABLE SHE;Lo;0;L;;;;;N;;;;; +A3B9;YI SYLLABLE SHEP;Lo;0;L;;;;;N;;;;; +A3BA;YI SYLLABLE SHUT;Lo;0;L;;;;;N;;;;; +A3BB;YI SYLLABLE SHUX;Lo;0;L;;;;;N;;;;; +A3BC;YI SYLLABLE SHU;Lo;0;L;;;;;N;;;;; +A3BD;YI SYLLABLE SHUP;Lo;0;L;;;;;N;;;;; +A3BE;YI SYLLABLE SHURX;Lo;0;L;;;;;N;;;;; +A3BF;YI SYLLABLE SHUR;Lo;0;L;;;;;N;;;;; +A3C0;YI SYLLABLE SHYT;Lo;0;L;;;;;N;;;;; +A3C1;YI SYLLABLE SHYX;Lo;0;L;;;;;N;;;;; +A3C2;YI SYLLABLE SHY;Lo;0;L;;;;;N;;;;; +A3C3;YI SYLLABLE SHYP;Lo;0;L;;;;;N;;;;; +A3C4;YI SYLLABLE SHYRX;Lo;0;L;;;;;N;;;;; +A3C5;YI SYLLABLE SHYR;Lo;0;L;;;;;N;;;;; +A3C6;YI SYLLABLE RAT;Lo;0;L;;;;;N;;;;; +A3C7;YI SYLLABLE RAX;Lo;0;L;;;;;N;;;;; +A3C8;YI SYLLABLE RA;Lo;0;L;;;;;N;;;;; +A3C9;YI SYLLABLE RAP;Lo;0;L;;;;;N;;;;; +A3CA;YI SYLLABLE RUOX;Lo;0;L;;;;;N;;;;; +A3CB;YI SYLLABLE RUO;Lo;0;L;;;;;N;;;;; +A3CC;YI SYLLABLE RUOP;Lo;0;L;;;;;N;;;;; +A3CD;YI SYLLABLE ROT;Lo;0;L;;;;;N;;;;; +A3CE;YI SYLLABLE ROX;Lo;0;L;;;;;N;;;;; +A3CF;YI SYLLABLE RO;Lo;0;L;;;;;N;;;;; +A3D0;YI SYLLABLE ROP;Lo;0;L;;;;;N;;;;; +A3D1;YI SYLLABLE REX;Lo;0;L;;;;;N;;;;; +A3D2;YI SYLLABLE RE;Lo;0;L;;;;;N;;;;; +A3D3;YI SYLLABLE REP;Lo;0;L;;;;;N;;;;; +A3D4;YI SYLLABLE RUT;Lo;0;L;;;;;N;;;;; +A3D5;YI SYLLABLE RUX;Lo;0;L;;;;;N;;;;; +A3D6;YI SYLLABLE RU;Lo;0;L;;;;;N;;;;; +A3D7;YI SYLLABLE RUP;Lo;0;L;;;;;N;;;;; +A3D8;YI SYLLABLE RURX;Lo;0;L;;;;;N;;;;; +A3D9;YI SYLLABLE RUR;Lo;0;L;;;;;N;;;;; +A3DA;YI SYLLABLE RYT;Lo;0;L;;;;;N;;;;; +A3DB;YI SYLLABLE RYX;Lo;0;L;;;;;N;;;;; +A3DC;YI SYLLABLE RY;Lo;0;L;;;;;N;;;;; +A3DD;YI SYLLABLE RYP;Lo;0;L;;;;;N;;;;; +A3DE;YI SYLLABLE RYRX;Lo;0;L;;;;;N;;;;; +A3DF;YI SYLLABLE RYR;Lo;0;L;;;;;N;;;;; +A3E0;YI SYLLABLE JIT;Lo;0;L;;;;;N;;;;; +A3E1;YI SYLLABLE JIX;Lo;0;L;;;;;N;;;;; +A3E2;YI SYLLABLE JI;Lo;0;L;;;;;N;;;;; +A3E3;YI SYLLABLE JIP;Lo;0;L;;;;;N;;;;; +A3E4;YI SYLLABLE JIET;Lo;0;L;;;;;N;;;;; +A3E5;YI SYLLABLE JIEX;Lo;0;L;;;;;N;;;;; +A3E6;YI SYLLABLE JIE;Lo;0;L;;;;;N;;;;; +A3E7;YI SYLLABLE JIEP;Lo;0;L;;;;;N;;;;; +A3E8;YI SYLLABLE JUOT;Lo;0;L;;;;;N;;;;; +A3E9;YI SYLLABLE JUOX;Lo;0;L;;;;;N;;;;; +A3EA;YI SYLLABLE JUO;Lo;0;L;;;;;N;;;;; +A3EB;YI SYLLABLE JUOP;Lo;0;L;;;;;N;;;;; +A3EC;YI SYLLABLE JOT;Lo;0;L;;;;;N;;;;; +A3ED;YI SYLLABLE JOX;Lo;0;L;;;;;N;;;;; +A3EE;YI SYLLABLE JO;Lo;0;L;;;;;N;;;;; +A3EF;YI SYLLABLE JOP;Lo;0;L;;;;;N;;;;; +A3F0;YI SYLLABLE JUT;Lo;0;L;;;;;N;;;;; +A3F1;YI SYLLABLE JUX;Lo;0;L;;;;;N;;;;; +A3F2;YI SYLLABLE JU;Lo;0;L;;;;;N;;;;; +A3F3;YI SYLLABLE JUP;Lo;0;L;;;;;N;;;;; +A3F4;YI SYLLABLE JURX;Lo;0;L;;;;;N;;;;; +A3F5;YI SYLLABLE JUR;Lo;0;L;;;;;N;;;;; +A3F6;YI SYLLABLE JYT;Lo;0;L;;;;;N;;;;; +A3F7;YI SYLLABLE JYX;Lo;0;L;;;;;N;;;;; +A3F8;YI SYLLABLE JY;Lo;0;L;;;;;N;;;;; +A3F9;YI SYLLABLE JYP;Lo;0;L;;;;;N;;;;; +A3FA;YI SYLLABLE JYRX;Lo;0;L;;;;;N;;;;; +A3FB;YI SYLLABLE JYR;Lo;0;L;;;;;N;;;;; +A3FC;YI SYLLABLE QIT;Lo;0;L;;;;;N;;;;; +A3FD;YI SYLLABLE QIX;Lo;0;L;;;;;N;;;;; +A3FE;YI SYLLABLE QI;Lo;0;L;;;;;N;;;;; +A3FF;YI SYLLABLE QIP;Lo;0;L;;;;;N;;;;; +A400;YI SYLLABLE QIET;Lo;0;L;;;;;N;;;;; +A401;YI SYLLABLE QIEX;Lo;0;L;;;;;N;;;;; +A402;YI SYLLABLE QIE;Lo;0;L;;;;;N;;;;; +A403;YI SYLLABLE QIEP;Lo;0;L;;;;;N;;;;; +A404;YI SYLLABLE QUOT;Lo;0;L;;;;;N;;;;; +A405;YI SYLLABLE QUOX;Lo;0;L;;;;;N;;;;; +A406;YI SYLLABLE QUO;Lo;0;L;;;;;N;;;;; +A407;YI SYLLABLE QUOP;Lo;0;L;;;;;N;;;;; +A408;YI SYLLABLE QOT;Lo;0;L;;;;;N;;;;; +A409;YI SYLLABLE QOX;Lo;0;L;;;;;N;;;;; +A40A;YI SYLLABLE QO;Lo;0;L;;;;;N;;;;; +A40B;YI SYLLABLE QOP;Lo;0;L;;;;;N;;;;; +A40C;YI SYLLABLE QUT;Lo;0;L;;;;;N;;;;; +A40D;YI SYLLABLE QUX;Lo;0;L;;;;;N;;;;; +A40E;YI SYLLABLE QU;Lo;0;L;;;;;N;;;;; +A40F;YI SYLLABLE QUP;Lo;0;L;;;;;N;;;;; +A410;YI SYLLABLE QURX;Lo;0;L;;;;;N;;;;; +A411;YI SYLLABLE QUR;Lo;0;L;;;;;N;;;;; +A412;YI SYLLABLE QYT;Lo;0;L;;;;;N;;;;; +A413;YI SYLLABLE QYX;Lo;0;L;;;;;N;;;;; +A414;YI SYLLABLE QY;Lo;0;L;;;;;N;;;;; +A415;YI SYLLABLE QYP;Lo;0;L;;;;;N;;;;; +A416;YI SYLLABLE QYRX;Lo;0;L;;;;;N;;;;; +A417;YI SYLLABLE QYR;Lo;0;L;;;;;N;;;;; +A418;YI SYLLABLE JJIT;Lo;0;L;;;;;N;;;;; +A419;YI SYLLABLE JJIX;Lo;0;L;;;;;N;;;;; +A41A;YI SYLLABLE JJI;Lo;0;L;;;;;N;;;;; +A41B;YI SYLLABLE JJIP;Lo;0;L;;;;;N;;;;; +A41C;YI SYLLABLE JJIET;Lo;0;L;;;;;N;;;;; +A41D;YI SYLLABLE JJIEX;Lo;0;L;;;;;N;;;;; +A41E;YI SYLLABLE JJIE;Lo;0;L;;;;;N;;;;; +A41F;YI SYLLABLE JJIEP;Lo;0;L;;;;;N;;;;; +A420;YI SYLLABLE JJUOX;Lo;0;L;;;;;N;;;;; +A421;YI SYLLABLE JJUO;Lo;0;L;;;;;N;;;;; +A422;YI SYLLABLE JJUOP;Lo;0;L;;;;;N;;;;; +A423;YI SYLLABLE JJOT;Lo;0;L;;;;;N;;;;; +A424;YI SYLLABLE JJOX;Lo;0;L;;;;;N;;;;; +A425;YI SYLLABLE JJO;Lo;0;L;;;;;N;;;;; +A426;YI SYLLABLE JJOP;Lo;0;L;;;;;N;;;;; +A427;YI SYLLABLE JJUT;Lo;0;L;;;;;N;;;;; +A428;YI SYLLABLE JJUX;Lo;0;L;;;;;N;;;;; +A429;YI SYLLABLE JJU;Lo;0;L;;;;;N;;;;; +A42A;YI SYLLABLE JJUP;Lo;0;L;;;;;N;;;;; +A42B;YI SYLLABLE JJURX;Lo;0;L;;;;;N;;;;; +A42C;YI SYLLABLE JJUR;Lo;0;L;;;;;N;;;;; +A42D;YI SYLLABLE JJYT;Lo;0;L;;;;;N;;;;; +A42E;YI SYLLABLE JJYX;Lo;0;L;;;;;N;;;;; +A42F;YI SYLLABLE JJY;Lo;0;L;;;;;N;;;;; +A430;YI SYLLABLE JJYP;Lo;0;L;;;;;N;;;;; +A431;YI SYLLABLE NJIT;Lo;0;L;;;;;N;;;;; +A432;YI SYLLABLE NJIX;Lo;0;L;;;;;N;;;;; +A433;YI SYLLABLE NJI;Lo;0;L;;;;;N;;;;; +A434;YI SYLLABLE NJIP;Lo;0;L;;;;;N;;;;; +A435;YI SYLLABLE NJIET;Lo;0;L;;;;;N;;;;; +A436;YI SYLLABLE NJIEX;Lo;0;L;;;;;N;;;;; +A437;YI SYLLABLE NJIE;Lo;0;L;;;;;N;;;;; +A438;YI SYLLABLE NJIEP;Lo;0;L;;;;;N;;;;; +A439;YI SYLLABLE NJUOX;Lo;0;L;;;;;N;;;;; +A43A;YI SYLLABLE NJUO;Lo;0;L;;;;;N;;;;; +A43B;YI SYLLABLE NJOT;Lo;0;L;;;;;N;;;;; +A43C;YI SYLLABLE NJOX;Lo;0;L;;;;;N;;;;; +A43D;YI SYLLABLE NJO;Lo;0;L;;;;;N;;;;; +A43E;YI SYLLABLE NJOP;Lo;0;L;;;;;N;;;;; +A43F;YI SYLLABLE NJUX;Lo;0;L;;;;;N;;;;; +A440;YI SYLLABLE NJU;Lo;0;L;;;;;N;;;;; +A441;YI SYLLABLE NJUP;Lo;0;L;;;;;N;;;;; +A442;YI SYLLABLE NJURX;Lo;0;L;;;;;N;;;;; +A443;YI SYLLABLE NJUR;Lo;0;L;;;;;N;;;;; +A444;YI SYLLABLE NJYT;Lo;0;L;;;;;N;;;;; +A445;YI SYLLABLE NJYX;Lo;0;L;;;;;N;;;;; +A446;YI SYLLABLE NJY;Lo;0;L;;;;;N;;;;; +A447;YI SYLLABLE NJYP;Lo;0;L;;;;;N;;;;; +A448;YI SYLLABLE NJYRX;Lo;0;L;;;;;N;;;;; +A449;YI SYLLABLE NJYR;Lo;0;L;;;;;N;;;;; +A44A;YI SYLLABLE NYIT;Lo;0;L;;;;;N;;;;; +A44B;YI SYLLABLE NYIX;Lo;0;L;;;;;N;;;;; +A44C;YI SYLLABLE NYI;Lo;0;L;;;;;N;;;;; +A44D;YI SYLLABLE NYIP;Lo;0;L;;;;;N;;;;; +A44E;YI SYLLABLE NYIET;Lo;0;L;;;;;N;;;;; +A44F;YI SYLLABLE NYIEX;Lo;0;L;;;;;N;;;;; +A450;YI SYLLABLE NYIE;Lo;0;L;;;;;N;;;;; +A451;YI SYLLABLE NYIEP;Lo;0;L;;;;;N;;;;; +A452;YI SYLLABLE NYUOX;Lo;0;L;;;;;N;;;;; +A453;YI SYLLABLE NYUO;Lo;0;L;;;;;N;;;;; +A454;YI SYLLABLE NYUOP;Lo;0;L;;;;;N;;;;; +A455;YI SYLLABLE NYOT;Lo;0;L;;;;;N;;;;; +A456;YI SYLLABLE NYOX;Lo;0;L;;;;;N;;;;; +A457;YI SYLLABLE NYO;Lo;0;L;;;;;N;;;;; +A458;YI SYLLABLE NYOP;Lo;0;L;;;;;N;;;;; +A459;YI SYLLABLE NYUT;Lo;0;L;;;;;N;;;;; +A45A;YI SYLLABLE NYUX;Lo;0;L;;;;;N;;;;; +A45B;YI SYLLABLE NYU;Lo;0;L;;;;;N;;;;; +A45C;YI SYLLABLE NYUP;Lo;0;L;;;;;N;;;;; +A45D;YI SYLLABLE XIT;Lo;0;L;;;;;N;;;;; +A45E;YI SYLLABLE XIX;Lo;0;L;;;;;N;;;;; +A45F;YI SYLLABLE XI;Lo;0;L;;;;;N;;;;; +A460;YI SYLLABLE XIP;Lo;0;L;;;;;N;;;;; +A461;YI SYLLABLE XIET;Lo;0;L;;;;;N;;;;; +A462;YI SYLLABLE XIEX;Lo;0;L;;;;;N;;;;; +A463;YI SYLLABLE XIE;Lo;0;L;;;;;N;;;;; +A464;YI SYLLABLE XIEP;Lo;0;L;;;;;N;;;;; +A465;YI SYLLABLE XUOX;Lo;0;L;;;;;N;;;;; +A466;YI SYLLABLE XUO;Lo;0;L;;;;;N;;;;; +A467;YI SYLLABLE XOT;Lo;0;L;;;;;N;;;;; +A468;YI SYLLABLE XOX;Lo;0;L;;;;;N;;;;; +A469;YI SYLLABLE XO;Lo;0;L;;;;;N;;;;; +A46A;YI SYLLABLE XOP;Lo;0;L;;;;;N;;;;; +A46B;YI SYLLABLE XYT;Lo;0;L;;;;;N;;;;; +A46C;YI SYLLABLE XYX;Lo;0;L;;;;;N;;;;; +A46D;YI SYLLABLE XY;Lo;0;L;;;;;N;;;;; +A46E;YI SYLLABLE XYP;Lo;0;L;;;;;N;;;;; +A46F;YI SYLLABLE XYRX;Lo;0;L;;;;;N;;;;; +A470;YI SYLLABLE XYR;Lo;0;L;;;;;N;;;;; +A471;YI SYLLABLE YIT;Lo;0;L;;;;;N;;;;; +A472;YI SYLLABLE YIX;Lo;0;L;;;;;N;;;;; +A473;YI SYLLABLE YI;Lo;0;L;;;;;N;;;;; +A474;YI SYLLABLE YIP;Lo;0;L;;;;;N;;;;; +A475;YI SYLLABLE YIET;Lo;0;L;;;;;N;;;;; +A476;YI SYLLABLE YIEX;Lo;0;L;;;;;N;;;;; +A477;YI SYLLABLE YIE;Lo;0;L;;;;;N;;;;; +A478;YI SYLLABLE YIEP;Lo;0;L;;;;;N;;;;; +A479;YI SYLLABLE YUOT;Lo;0;L;;;;;N;;;;; +A47A;YI SYLLABLE YUOX;Lo;0;L;;;;;N;;;;; +A47B;YI SYLLABLE YUO;Lo;0;L;;;;;N;;;;; +A47C;YI SYLLABLE YUOP;Lo;0;L;;;;;N;;;;; +A47D;YI SYLLABLE YOT;Lo;0;L;;;;;N;;;;; +A47E;YI SYLLABLE YOX;Lo;0;L;;;;;N;;;;; +A47F;YI SYLLABLE YO;Lo;0;L;;;;;N;;;;; +A480;YI SYLLABLE YOP;Lo;0;L;;;;;N;;;;; +A481;YI SYLLABLE YUT;Lo;0;L;;;;;N;;;;; +A482;YI SYLLABLE YUX;Lo;0;L;;;;;N;;;;; +A483;YI SYLLABLE YU;Lo;0;L;;;;;N;;;;; +A484;YI SYLLABLE YUP;Lo;0;L;;;;;N;;;;; +A485;YI SYLLABLE YURX;Lo;0;L;;;;;N;;;;; +A486;YI SYLLABLE YUR;Lo;0;L;;;;;N;;;;; +A487;YI SYLLABLE YYT;Lo;0;L;;;;;N;;;;; +A488;YI SYLLABLE YYX;Lo;0;L;;;;;N;;;;; +A489;YI SYLLABLE YY;Lo;0;L;;;;;N;;;;; +A48A;YI SYLLABLE YYP;Lo;0;L;;;;;N;;;;; +A48B;YI SYLLABLE YYRX;Lo;0;L;;;;;N;;;;; +A48C;YI SYLLABLE YYR;Lo;0;L;;;;;N;;;;; +A490;YI RADICAL QOT;So;0;ON;;;;;N;;;;; +A491;YI RADICAL LI;So;0;ON;;;;;N;;;;; +A492;YI RADICAL KIT;So;0;ON;;;;;N;;;;; +A493;YI RADICAL NYIP;So;0;ON;;;;;N;;;;; +A494;YI RADICAL CYP;So;0;ON;;;;;N;;;;; +A495;YI RADICAL SSI;So;0;ON;;;;;N;;;;; +A496;YI RADICAL GGOP;So;0;ON;;;;;N;;;;; +A497;YI RADICAL GEP;So;0;ON;;;;;N;;;;; +A498;YI RADICAL MI;So;0;ON;;;;;N;;;;; +A499;YI RADICAL HXIT;So;0;ON;;;;;N;;;;; +A49A;YI RADICAL LYR;So;0;ON;;;;;N;;;;; +A49B;YI RADICAL BBUT;So;0;ON;;;;;N;;;;; +A49C;YI RADICAL MOP;So;0;ON;;;;;N;;;;; +A49D;YI RADICAL YO;So;0;ON;;;;;N;;;;; +A49E;YI RADICAL PUT;So;0;ON;;;;;N;;;;; +A49F;YI RADICAL HXUO;So;0;ON;;;;;N;;;;; +A4A0;YI RADICAL TAT;So;0;ON;;;;;N;;;;; +A4A1;YI RADICAL GA;So;0;ON;;;;;N;;;;; +A4A2;YI RADICAL ZUP;So;0;ON;;;;;N;;;;; +A4A3;YI RADICAL CYT;So;0;ON;;;;;N;;;;; +A4A4;YI RADICAL DDUR;So;0;ON;;;;;N;;;;; +A4A5;YI RADICAL BUR;So;0;ON;;;;;N;;;;; +A4A6;YI RADICAL GGUO;So;0;ON;;;;;N;;;;; +A4A7;YI RADICAL NYOP;So;0;ON;;;;;N;;;;; +A4A8;YI RADICAL TU;So;0;ON;;;;;N;;;;; +A4A9;YI RADICAL OP;So;0;ON;;;;;N;;;;; +A4AA;YI RADICAL JJUT;So;0;ON;;;;;N;;;;; +A4AB;YI RADICAL ZOT;So;0;ON;;;;;N;;;;; +A4AC;YI RADICAL PYT;So;0;ON;;;;;N;;;;; +A4AD;YI RADICAL HMO;So;0;ON;;;;;N;;;;; +A4AE;YI RADICAL YIT;So;0;ON;;;;;N;;;;; +A4AF;YI RADICAL VUR;So;0;ON;;;;;N;;;;; +A4B0;YI RADICAL SHY;So;0;ON;;;;;N;;;;; +A4B1;YI RADICAL VEP;So;0;ON;;;;;N;;;;; +A4B2;YI RADICAL ZA;So;0;ON;;;;;N;;;;; +A4B3;YI RADICAL JO;So;0;ON;;;;;N;;;;; +A4B4;YI RADICAL NZUP;So;0;ON;;;;;N;;;;; +A4B5;YI RADICAL JJY;So;0;ON;;;;;N;;;;; +A4B6;YI RADICAL GOT;So;0;ON;;;;;N;;;;; +A4B7;YI RADICAL JJIE;So;0;ON;;;;;N;;;;; +A4B8;YI RADICAL WO;So;0;ON;;;;;N;;;;; +A4B9;YI RADICAL DU;So;0;ON;;;;;N;;;;; +A4BA;YI RADICAL SHUR;So;0;ON;;;;;N;;;;; +A4BB;YI RADICAL LIE;So;0;ON;;;;;N;;;;; +A4BC;YI RADICAL CY;So;0;ON;;;;;N;;;;; +A4BD;YI RADICAL CUOP;So;0;ON;;;;;N;;;;; +A4BE;YI RADICAL CIP;So;0;ON;;;;;N;;;;; +A4BF;YI RADICAL HXOP;So;0;ON;;;;;N;;;;; +A4C0;YI RADICAL SHAT;So;0;ON;;;;;N;;;;; +A4C1;YI RADICAL ZUR;So;0;ON;;;;;N;;;;; +A4C2;YI RADICAL SHOP;So;0;ON;;;;;N;;;;; +A4C3;YI RADICAL CHE;So;0;ON;;;;;N;;;;; +A4C4;YI RADICAL ZZIET;So;0;ON;;;;;N;;;;; +A4C5;YI RADICAL NBIE;So;0;ON;;;;;N;;;;; +A4C6;YI RADICAL KE;So;0;ON;;;;;N;;;;; +AC00;;Lo;0;L;;;;;N;;;;; +D7A3;;Lo;0;L;;;;;N;;;;; +D800;;Cs;0;L;;;;;N;;;;; +DB7F;;Cs;0;L;;;;;N;;;;; +DB80;;Cs;0;L;;;;;N;;;;; +DBFF;;Cs;0;L;;;;;N;;;;; +DC00;;Cs;0;L;;;;;N;;;;; +DFFF;;Cs;0;L;;;;;N;;;;; +E000;;Co;0;L;;;;;N;;;;; +F8FF;;Co;0;L;;;;;N;;;;; +F900;CJK COMPATIBILITY IDEOGRAPH-F900;Lo;0;L;8C48;;;;N;;;;; +F901;CJK COMPATIBILITY IDEOGRAPH-F901;Lo;0;L;66F4;;;;N;;;;; +F902;CJK COMPATIBILITY IDEOGRAPH-F902;Lo;0;L;8ECA;;;;N;;;;; +F903;CJK COMPATIBILITY IDEOGRAPH-F903;Lo;0;L;8CC8;;;;N;;;;; +F904;CJK COMPATIBILITY IDEOGRAPH-F904;Lo;0;L;6ED1;;;;N;;;;; +F905;CJK COMPATIBILITY IDEOGRAPH-F905;Lo;0;L;4E32;;;;N;;;;; +F906;CJK COMPATIBILITY IDEOGRAPH-F906;Lo;0;L;53E5;;;;N;;;;; +F907;CJK COMPATIBILITY IDEOGRAPH-F907;Lo;0;L;9F9C;;;;N;;;;; +F908;CJK COMPATIBILITY IDEOGRAPH-F908;Lo;0;L;9F9C;;;;N;;;;; +F909;CJK COMPATIBILITY IDEOGRAPH-F909;Lo;0;L;5951;;;;N;;;;; +F90A;CJK COMPATIBILITY IDEOGRAPH-F90A;Lo;0;L;91D1;;;;N;;;;; +F90B;CJK COMPATIBILITY IDEOGRAPH-F90B;Lo;0;L;5587;;;;N;;;;; +F90C;CJK COMPATIBILITY IDEOGRAPH-F90C;Lo;0;L;5948;;;;N;;;;; +F90D;CJK COMPATIBILITY IDEOGRAPH-F90D;Lo;0;L;61F6;;;;N;;;;; +F90E;CJK COMPATIBILITY IDEOGRAPH-F90E;Lo;0;L;7669;;;;N;;;;; +F90F;CJK COMPATIBILITY IDEOGRAPH-F90F;Lo;0;L;7F85;;;;N;;;;; +F910;CJK COMPATIBILITY IDEOGRAPH-F910;Lo;0;L;863F;;;;N;;;;; +F911;CJK COMPATIBILITY IDEOGRAPH-F911;Lo;0;L;87BA;;;;N;;;;; +F912;CJK COMPATIBILITY IDEOGRAPH-F912;Lo;0;L;88F8;;;;N;;;;; +F913;CJK COMPATIBILITY IDEOGRAPH-F913;Lo;0;L;908F;;;;N;;;;; +F914;CJK COMPATIBILITY IDEOGRAPH-F914;Lo;0;L;6A02;;;;N;;;;; +F915;CJK COMPATIBILITY IDEOGRAPH-F915;Lo;0;L;6D1B;;;;N;;;;; +F916;CJK COMPATIBILITY IDEOGRAPH-F916;Lo;0;L;70D9;;;;N;;;;; +F917;CJK COMPATIBILITY IDEOGRAPH-F917;Lo;0;L;73DE;;;;N;;;;; +F918;CJK COMPATIBILITY IDEOGRAPH-F918;Lo;0;L;843D;;;;N;;;;; +F919;CJK COMPATIBILITY IDEOGRAPH-F919;Lo;0;L;916A;;;;N;;;;; +F91A;CJK COMPATIBILITY IDEOGRAPH-F91A;Lo;0;L;99F1;;;;N;;;;; +F91B;CJK COMPATIBILITY IDEOGRAPH-F91B;Lo;0;L;4E82;;;;N;;;;; +F91C;CJK COMPATIBILITY IDEOGRAPH-F91C;Lo;0;L;5375;;;;N;;;;; +F91D;CJK COMPATIBILITY IDEOGRAPH-F91D;Lo;0;L;6B04;;;;N;;;;; +F91E;CJK COMPATIBILITY IDEOGRAPH-F91E;Lo;0;L;721B;;;;N;;;;; +F91F;CJK COMPATIBILITY IDEOGRAPH-F91F;Lo;0;L;862D;;;;N;;;;; +F920;CJK COMPATIBILITY IDEOGRAPH-F920;Lo;0;L;9E1E;;;;N;;;;; +F921;CJK COMPATIBILITY IDEOGRAPH-F921;Lo;0;L;5D50;;;;N;;;;; +F922;CJK COMPATIBILITY IDEOGRAPH-F922;Lo;0;L;6FEB;;;;N;;;;; +F923;CJK COMPATIBILITY IDEOGRAPH-F923;Lo;0;L;85CD;;;;N;;;;; +F924;CJK COMPATIBILITY IDEOGRAPH-F924;Lo;0;L;8964;;;;N;;;;; +F925;CJK COMPATIBILITY IDEOGRAPH-F925;Lo;0;L;62C9;;;;N;;;;; +F926;CJK COMPATIBILITY IDEOGRAPH-F926;Lo;0;L;81D8;;;;N;;;;; +F927;CJK COMPATIBILITY IDEOGRAPH-F927;Lo;0;L;881F;;;;N;;;;; +F928;CJK COMPATIBILITY IDEOGRAPH-F928;Lo;0;L;5ECA;;;;N;;;;; +F929;CJK COMPATIBILITY IDEOGRAPH-F929;Lo;0;L;6717;;;;N;;;;; +F92A;CJK COMPATIBILITY IDEOGRAPH-F92A;Lo;0;L;6D6A;;;;N;;;;; +F92B;CJK COMPATIBILITY IDEOGRAPH-F92B;Lo;0;L;72FC;;;;N;;;;; +F92C;CJK COMPATIBILITY IDEOGRAPH-F92C;Lo;0;L;90CE;;;;N;;;;; +F92D;CJK COMPATIBILITY IDEOGRAPH-F92D;Lo;0;L;4F86;;;;N;;;;; +F92E;CJK COMPATIBILITY IDEOGRAPH-F92E;Lo;0;L;51B7;;;;N;;;;; +F92F;CJK COMPATIBILITY IDEOGRAPH-F92F;Lo;0;L;52DE;;;;N;;;;; +F930;CJK COMPATIBILITY IDEOGRAPH-F930;Lo;0;L;64C4;;;;N;;;;; +F931;CJK COMPATIBILITY IDEOGRAPH-F931;Lo;0;L;6AD3;;;;N;;;;; +F932;CJK COMPATIBILITY IDEOGRAPH-F932;Lo;0;L;7210;;;;N;;;;; +F933;CJK COMPATIBILITY IDEOGRAPH-F933;Lo;0;L;76E7;;;;N;;;;; +F934;CJK COMPATIBILITY IDEOGRAPH-F934;Lo;0;L;8001;;;;N;;;;; +F935;CJK COMPATIBILITY IDEOGRAPH-F935;Lo;0;L;8606;;;;N;;;;; +F936;CJK COMPATIBILITY IDEOGRAPH-F936;Lo;0;L;865C;;;;N;;;;; +F937;CJK COMPATIBILITY IDEOGRAPH-F937;Lo;0;L;8DEF;;;;N;;;;; +F938;CJK COMPATIBILITY IDEOGRAPH-F938;Lo;0;L;9732;;;;N;;;;; +F939;CJK COMPATIBILITY IDEOGRAPH-F939;Lo;0;L;9B6F;;;;N;;;;; +F93A;CJK COMPATIBILITY IDEOGRAPH-F93A;Lo;0;L;9DFA;;;;N;;;;; +F93B;CJK COMPATIBILITY IDEOGRAPH-F93B;Lo;0;L;788C;;;;N;;;;; +F93C;CJK COMPATIBILITY IDEOGRAPH-F93C;Lo;0;L;797F;;;;N;;;;; +F93D;CJK COMPATIBILITY IDEOGRAPH-F93D;Lo;0;L;7DA0;;;;N;;;;; +F93E;CJK COMPATIBILITY IDEOGRAPH-F93E;Lo;0;L;83C9;;;;N;;;;; +F93F;CJK COMPATIBILITY IDEOGRAPH-F93F;Lo;0;L;9304;;;;N;;;;; +F940;CJK COMPATIBILITY IDEOGRAPH-F940;Lo;0;L;9E7F;;;;N;;;;; +F941;CJK COMPATIBILITY IDEOGRAPH-F941;Lo;0;L;8AD6;;;;N;;;;; +F942;CJK COMPATIBILITY IDEOGRAPH-F942;Lo;0;L;58DF;;;;N;;;;; +F943;CJK COMPATIBILITY IDEOGRAPH-F943;Lo;0;L;5F04;;;;N;;;;; +F944;CJK COMPATIBILITY IDEOGRAPH-F944;Lo;0;L;7C60;;;;N;;;;; +F945;CJK COMPATIBILITY IDEOGRAPH-F945;Lo;0;L;807E;;;;N;;;;; +F946;CJK COMPATIBILITY IDEOGRAPH-F946;Lo;0;L;7262;;;;N;;;;; +F947;CJK COMPATIBILITY IDEOGRAPH-F947;Lo;0;L;78CA;;;;N;;;;; +F948;CJK COMPATIBILITY IDEOGRAPH-F948;Lo;0;L;8CC2;;;;N;;;;; +F949;CJK COMPATIBILITY IDEOGRAPH-F949;Lo;0;L;96F7;;;;N;;;;; +F94A;CJK COMPATIBILITY IDEOGRAPH-F94A;Lo;0;L;58D8;;;;N;;;;; +F94B;CJK COMPATIBILITY IDEOGRAPH-F94B;Lo;0;L;5C62;;;;N;;;;; +F94C;CJK COMPATIBILITY IDEOGRAPH-F94C;Lo;0;L;6A13;;;;N;;;;; +F94D;CJK COMPATIBILITY IDEOGRAPH-F94D;Lo;0;L;6DDA;;;;N;;;;; +F94E;CJK COMPATIBILITY IDEOGRAPH-F94E;Lo;0;L;6F0F;;;;N;;;;; +F94F;CJK COMPATIBILITY IDEOGRAPH-F94F;Lo;0;L;7D2F;;;;N;;;;; +F950;CJK COMPATIBILITY IDEOGRAPH-F950;Lo;0;L;7E37;;;;N;;;;; +F951;CJK COMPATIBILITY IDEOGRAPH-F951;Lo;0;L;964B;;;;N;;;;; +F952;CJK COMPATIBILITY IDEOGRAPH-F952;Lo;0;L;52D2;;;;N;;;;; +F953;CJK COMPATIBILITY IDEOGRAPH-F953;Lo;0;L;808B;;;;N;;;;; +F954;CJK COMPATIBILITY IDEOGRAPH-F954;Lo;0;L;51DC;;;;N;;;;; +F955;CJK COMPATIBILITY IDEOGRAPH-F955;Lo;0;L;51CC;;;;N;;;;; +F956;CJK COMPATIBILITY IDEOGRAPH-F956;Lo;0;L;7A1C;;;;N;;;;; +F957;CJK COMPATIBILITY IDEOGRAPH-F957;Lo;0;L;7DBE;;;;N;;;;; +F958;CJK COMPATIBILITY IDEOGRAPH-F958;Lo;0;L;83F1;;;;N;;;;; +F959;CJK COMPATIBILITY IDEOGRAPH-F959;Lo;0;L;9675;;;;N;;;;; +F95A;CJK COMPATIBILITY IDEOGRAPH-F95A;Lo;0;L;8B80;;;;N;;;;; +F95B;CJK COMPATIBILITY IDEOGRAPH-F95B;Lo;0;L;62CF;;;;N;;;;; +F95C;CJK COMPATIBILITY IDEOGRAPH-F95C;Lo;0;L;6A02;;;;N;;;;; +F95D;CJK COMPATIBILITY IDEOGRAPH-F95D;Lo;0;L;8AFE;;;;N;;;;; +F95E;CJK COMPATIBILITY IDEOGRAPH-F95E;Lo;0;L;4E39;;;;N;;;;; +F95F;CJK COMPATIBILITY IDEOGRAPH-F95F;Lo;0;L;5BE7;;;;N;;;;; +F960;CJK COMPATIBILITY IDEOGRAPH-F960;Lo;0;L;6012;;;;N;;;;; +F961;CJK COMPATIBILITY IDEOGRAPH-F961;Lo;0;L;7387;;;;N;;;;; +F962;CJK COMPATIBILITY IDEOGRAPH-F962;Lo;0;L;7570;;;;N;;;;; +F963;CJK COMPATIBILITY IDEOGRAPH-F963;Lo;0;L;5317;;;;N;;;;; +F964;CJK COMPATIBILITY IDEOGRAPH-F964;Lo;0;L;78FB;;;;N;;;;; +F965;CJK COMPATIBILITY IDEOGRAPH-F965;Lo;0;L;4FBF;;;;N;;;;; +F966;CJK COMPATIBILITY IDEOGRAPH-F966;Lo;0;L;5FA9;;;;N;;;;; +F967;CJK COMPATIBILITY IDEOGRAPH-F967;Lo;0;L;4E0D;;;;N;;;;; +F968;CJK COMPATIBILITY IDEOGRAPH-F968;Lo;0;L;6CCC;;;;N;;;;; +F969;CJK COMPATIBILITY IDEOGRAPH-F969;Lo;0;L;6578;;;;N;;;;; +F96A;CJK COMPATIBILITY IDEOGRAPH-F96A;Lo;0;L;7D22;;;;N;;;;; +F96B;CJK COMPATIBILITY IDEOGRAPH-F96B;Lo;0;L;53C3;;;;N;;;;; +F96C;CJK COMPATIBILITY IDEOGRAPH-F96C;Lo;0;L;585E;;;;N;;;;; +F96D;CJK COMPATIBILITY IDEOGRAPH-F96D;Lo;0;L;7701;;;;N;;;;; +F96E;CJK COMPATIBILITY IDEOGRAPH-F96E;Lo;0;L;8449;;;;N;;;;; +F96F;CJK COMPATIBILITY IDEOGRAPH-F96F;Lo;0;L;8AAA;;;;N;;;;; +F970;CJK COMPATIBILITY IDEOGRAPH-F970;Lo;0;L;6BBA;;;;N;;;;; +F971;CJK COMPATIBILITY IDEOGRAPH-F971;Lo;0;L;8FB0;;;;N;;;;; +F972;CJK COMPATIBILITY IDEOGRAPH-F972;Lo;0;L;6C88;;;;N;;;;; +F973;CJK COMPATIBILITY IDEOGRAPH-F973;Lo;0;L;62FE;;;;N;;;;; +F974;CJK COMPATIBILITY IDEOGRAPH-F974;Lo;0;L;82E5;;;;N;;;;; +F975;CJK COMPATIBILITY IDEOGRAPH-F975;Lo;0;L;63A0;;;;N;;;;; +F976;CJK COMPATIBILITY IDEOGRAPH-F976;Lo;0;L;7565;;;;N;;;;; +F977;CJK COMPATIBILITY IDEOGRAPH-F977;Lo;0;L;4EAE;;;;N;;;;; +F978;CJK COMPATIBILITY IDEOGRAPH-F978;Lo;0;L;5169;;;;N;;;;; +F979;CJK COMPATIBILITY IDEOGRAPH-F979;Lo;0;L;51C9;;;;N;;;;; +F97A;CJK COMPATIBILITY IDEOGRAPH-F97A;Lo;0;L;6881;;;;N;;;;; +F97B;CJK COMPATIBILITY IDEOGRAPH-F97B;Lo;0;L;7CE7;;;;N;;;;; +F97C;CJK COMPATIBILITY IDEOGRAPH-F97C;Lo;0;L;826F;;;;N;;;;; +F97D;CJK COMPATIBILITY IDEOGRAPH-F97D;Lo;0;L;8AD2;;;;N;;;;; +F97E;CJK COMPATIBILITY IDEOGRAPH-F97E;Lo;0;L;91CF;;;;N;;;;; +F97F;CJK COMPATIBILITY IDEOGRAPH-F97F;Lo;0;L;52F5;;;;N;;;;; +F980;CJK COMPATIBILITY IDEOGRAPH-F980;Lo;0;L;5442;;;;N;;;;; +F981;CJK COMPATIBILITY IDEOGRAPH-F981;Lo;0;L;5973;;;;N;;;;; +F982;CJK COMPATIBILITY IDEOGRAPH-F982;Lo;0;L;5EEC;;;;N;;;;; +F983;CJK COMPATIBILITY IDEOGRAPH-F983;Lo;0;L;65C5;;;;N;;;;; +F984;CJK COMPATIBILITY IDEOGRAPH-F984;Lo;0;L;6FFE;;;;N;;;;; +F985;CJK COMPATIBILITY IDEOGRAPH-F985;Lo;0;L;792A;;;;N;;;;; +F986;CJK COMPATIBILITY IDEOGRAPH-F986;Lo;0;L;95AD;;;;N;;;;; +F987;CJK COMPATIBILITY IDEOGRAPH-F987;Lo;0;L;9A6A;;;;N;;;;; +F988;CJK COMPATIBILITY IDEOGRAPH-F988;Lo;0;L;9E97;;;;N;;;;; +F989;CJK COMPATIBILITY IDEOGRAPH-F989;Lo;0;L;9ECE;;;;N;;;;; +F98A;CJK COMPATIBILITY IDEOGRAPH-F98A;Lo;0;L;529B;;;;N;;;;; +F98B;CJK COMPATIBILITY IDEOGRAPH-F98B;Lo;0;L;66C6;;;;N;;;;; +F98C;CJK COMPATIBILITY IDEOGRAPH-F98C;Lo;0;L;6B77;;;;N;;;;; +F98D;CJK COMPATIBILITY IDEOGRAPH-F98D;Lo;0;L;8F62;;;;N;;;;; +F98E;CJK COMPATIBILITY IDEOGRAPH-F98E;Lo;0;L;5E74;;;;N;;;;; +F98F;CJK COMPATIBILITY IDEOGRAPH-F98F;Lo;0;L;6190;;;;N;;;;; +F990;CJK COMPATIBILITY IDEOGRAPH-F990;Lo;0;L;6200;;;;N;;;;; +F991;CJK COMPATIBILITY IDEOGRAPH-F991;Lo;0;L;649A;;;;N;;;;; +F992;CJK COMPATIBILITY IDEOGRAPH-F992;Lo;0;L;6F23;;;;N;;;;; +F993;CJK COMPATIBILITY IDEOGRAPH-F993;Lo;0;L;7149;;;;N;;;;; +F994;CJK COMPATIBILITY IDEOGRAPH-F994;Lo;0;L;7489;;;;N;;;;; +F995;CJK COMPATIBILITY IDEOGRAPH-F995;Lo;0;L;79CA;;;;N;;;;; +F996;CJK COMPATIBILITY IDEOGRAPH-F996;Lo;0;L;7DF4;;;;N;;;;; +F997;CJK COMPATIBILITY IDEOGRAPH-F997;Lo;0;L;806F;;;;N;;;;; +F998;CJK COMPATIBILITY IDEOGRAPH-F998;Lo;0;L;8F26;;;;N;;;;; +F999;CJK COMPATIBILITY IDEOGRAPH-F999;Lo;0;L;84EE;;;;N;;;;; +F99A;CJK COMPATIBILITY IDEOGRAPH-F99A;Lo;0;L;9023;;;;N;;;;; +F99B;CJK COMPATIBILITY IDEOGRAPH-F99B;Lo;0;L;934A;;;;N;;;;; +F99C;CJK COMPATIBILITY IDEOGRAPH-F99C;Lo;0;L;5217;;;;N;;;;; +F99D;CJK COMPATIBILITY IDEOGRAPH-F99D;Lo;0;L;52A3;;;;N;;;;; +F99E;CJK COMPATIBILITY IDEOGRAPH-F99E;Lo;0;L;54BD;;;;N;;;;; +F99F;CJK COMPATIBILITY IDEOGRAPH-F99F;Lo;0;L;70C8;;;;N;;;;; +F9A0;CJK COMPATIBILITY IDEOGRAPH-F9A0;Lo;0;L;88C2;;;;N;;;;; +F9A1;CJK COMPATIBILITY IDEOGRAPH-F9A1;Lo;0;L;8AAA;;;;N;;;;; +F9A2;CJK COMPATIBILITY IDEOGRAPH-F9A2;Lo;0;L;5EC9;;;;N;;;;; +F9A3;CJK COMPATIBILITY IDEOGRAPH-F9A3;Lo;0;L;5FF5;;;;N;;;;; +F9A4;CJK COMPATIBILITY IDEOGRAPH-F9A4;Lo;0;L;637B;;;;N;;;;; +F9A5;CJK COMPATIBILITY IDEOGRAPH-F9A5;Lo;0;L;6BAE;;;;N;;;;; +F9A6;CJK COMPATIBILITY IDEOGRAPH-F9A6;Lo;0;L;7C3E;;;;N;;;;; +F9A7;CJK COMPATIBILITY IDEOGRAPH-F9A7;Lo;0;L;7375;;;;N;;;;; +F9A8;CJK COMPATIBILITY IDEOGRAPH-F9A8;Lo;0;L;4EE4;;;;N;;;;; +F9A9;CJK COMPATIBILITY IDEOGRAPH-F9A9;Lo;0;L;56F9;;;;N;;;;; +F9AA;CJK COMPATIBILITY IDEOGRAPH-F9AA;Lo;0;L;5BE7;;;;N;;;;; +F9AB;CJK COMPATIBILITY IDEOGRAPH-F9AB;Lo;0;L;5DBA;;;;N;;;;; +F9AC;CJK COMPATIBILITY IDEOGRAPH-F9AC;Lo;0;L;601C;;;;N;;;;; +F9AD;CJK COMPATIBILITY IDEOGRAPH-F9AD;Lo;0;L;73B2;;;;N;;;;; +F9AE;CJK COMPATIBILITY IDEOGRAPH-F9AE;Lo;0;L;7469;;;;N;;;;; +F9AF;CJK COMPATIBILITY IDEOGRAPH-F9AF;Lo;0;L;7F9A;;;;N;;;;; +F9B0;CJK COMPATIBILITY IDEOGRAPH-F9B0;Lo;0;L;8046;;;;N;;;;; +F9B1;CJK COMPATIBILITY IDEOGRAPH-F9B1;Lo;0;L;9234;;;;N;;;;; +F9B2;CJK COMPATIBILITY IDEOGRAPH-F9B2;Lo;0;L;96F6;;;;N;;;;; +F9B3;CJK COMPATIBILITY IDEOGRAPH-F9B3;Lo;0;L;9748;;;;N;;;;; +F9B4;CJK COMPATIBILITY IDEOGRAPH-F9B4;Lo;0;L;9818;;;;N;;;;; +F9B5;CJK COMPATIBILITY IDEOGRAPH-F9B5;Lo;0;L;4F8B;;;;N;;;;; +F9B6;CJK COMPATIBILITY IDEOGRAPH-F9B6;Lo;0;L;79AE;;;;N;;;;; +F9B7;CJK COMPATIBILITY IDEOGRAPH-F9B7;Lo;0;L;91B4;;;;N;;;;; +F9B8;CJK COMPATIBILITY IDEOGRAPH-F9B8;Lo;0;L;96B8;;;;N;;;;; +F9B9;CJK COMPATIBILITY IDEOGRAPH-F9B9;Lo;0;L;60E1;;;;N;;;;; +F9BA;CJK COMPATIBILITY IDEOGRAPH-F9BA;Lo;0;L;4E86;;;;N;;;;; +F9BB;CJK COMPATIBILITY IDEOGRAPH-F9BB;Lo;0;L;50DA;;;;N;;;;; +F9BC;CJK COMPATIBILITY IDEOGRAPH-F9BC;Lo;0;L;5BEE;;;;N;;;;; +F9BD;CJK COMPATIBILITY IDEOGRAPH-F9BD;Lo;0;L;5C3F;;;;N;;;;; +F9BE;CJK COMPATIBILITY IDEOGRAPH-F9BE;Lo;0;L;6599;;;;N;;;;; +F9BF;CJK COMPATIBILITY IDEOGRAPH-F9BF;Lo;0;L;6A02;;;;N;;;;; +F9C0;CJK COMPATIBILITY IDEOGRAPH-F9C0;Lo;0;L;71CE;;;;N;;;;; +F9C1;CJK COMPATIBILITY IDEOGRAPH-F9C1;Lo;0;L;7642;;;;N;;;;; +F9C2;CJK COMPATIBILITY IDEOGRAPH-F9C2;Lo;0;L;84FC;;;;N;;;;; +F9C3;CJK COMPATIBILITY IDEOGRAPH-F9C3;Lo;0;L;907C;;;;N;;;;; +F9C4;CJK COMPATIBILITY IDEOGRAPH-F9C4;Lo;0;L;9F8D;;;;N;;;;; +F9C5;CJK COMPATIBILITY IDEOGRAPH-F9C5;Lo;0;L;6688;;;;N;;;;; +F9C6;CJK COMPATIBILITY IDEOGRAPH-F9C6;Lo;0;L;962E;;;;N;;;;; +F9C7;CJK COMPATIBILITY IDEOGRAPH-F9C7;Lo;0;L;5289;;;;N;;;;; +F9C8;CJK COMPATIBILITY IDEOGRAPH-F9C8;Lo;0;L;677B;;;;N;;;;; +F9C9;CJK COMPATIBILITY IDEOGRAPH-F9C9;Lo;0;L;67F3;;;;N;;;;; +F9CA;CJK COMPATIBILITY IDEOGRAPH-F9CA;Lo;0;L;6D41;;;;N;;;;; +F9CB;CJK COMPATIBILITY IDEOGRAPH-F9CB;Lo;0;L;6E9C;;;;N;;;;; +F9CC;CJK COMPATIBILITY IDEOGRAPH-F9CC;Lo;0;L;7409;;;;N;;;;; +F9CD;CJK COMPATIBILITY IDEOGRAPH-F9CD;Lo;0;L;7559;;;;N;;;;; +F9CE;CJK COMPATIBILITY IDEOGRAPH-F9CE;Lo;0;L;786B;;;;N;;;;; +F9CF;CJK COMPATIBILITY IDEOGRAPH-F9CF;Lo;0;L;7D10;;;;N;;;;; +F9D0;CJK COMPATIBILITY IDEOGRAPH-F9D0;Lo;0;L;985E;;;;N;;;;; +F9D1;CJK COMPATIBILITY IDEOGRAPH-F9D1;Lo;0;L;516D;;;;N;;;;; +F9D2;CJK COMPATIBILITY IDEOGRAPH-F9D2;Lo;0;L;622E;;;;N;;;;; +F9D3;CJK COMPATIBILITY IDEOGRAPH-F9D3;Lo;0;L;9678;;;;N;;;;; +F9D4;CJK COMPATIBILITY IDEOGRAPH-F9D4;Lo;0;L;502B;;;;N;;;;; +F9D5;CJK COMPATIBILITY IDEOGRAPH-F9D5;Lo;0;L;5D19;;;;N;;;;; +F9D6;CJK COMPATIBILITY IDEOGRAPH-F9D6;Lo;0;L;6DEA;;;;N;;;;; +F9D7;CJK COMPATIBILITY IDEOGRAPH-F9D7;Lo;0;L;8F2A;;;;N;;;;; +F9D8;CJK COMPATIBILITY IDEOGRAPH-F9D8;Lo;0;L;5F8B;;;;N;;;;; +F9D9;CJK COMPATIBILITY IDEOGRAPH-F9D9;Lo;0;L;6144;;;;N;;;;; +F9DA;CJK COMPATIBILITY IDEOGRAPH-F9DA;Lo;0;L;6817;;;;N;;;;; +F9DB;CJK COMPATIBILITY IDEOGRAPH-F9DB;Lo;0;L;7387;;;;N;;;;; +F9DC;CJK COMPATIBILITY IDEOGRAPH-F9DC;Lo;0;L;9686;;;;N;;;;; +F9DD;CJK COMPATIBILITY IDEOGRAPH-F9DD;Lo;0;L;5229;;;;N;;;;; +F9DE;CJK COMPATIBILITY IDEOGRAPH-F9DE;Lo;0;L;540F;;;;N;;;;; +F9DF;CJK COMPATIBILITY IDEOGRAPH-F9DF;Lo;0;L;5C65;;;;N;;;;; +F9E0;CJK COMPATIBILITY IDEOGRAPH-F9E0;Lo;0;L;6613;;;;N;;;;; +F9E1;CJK COMPATIBILITY IDEOGRAPH-F9E1;Lo;0;L;674E;;;;N;;;;; +F9E2;CJK COMPATIBILITY IDEOGRAPH-F9E2;Lo;0;L;68A8;;;;N;;;;; +F9E3;CJK COMPATIBILITY IDEOGRAPH-F9E3;Lo;0;L;6CE5;;;;N;;;;; +F9E4;CJK COMPATIBILITY IDEOGRAPH-F9E4;Lo;0;L;7406;;;;N;;;;; +F9E5;CJK COMPATIBILITY IDEOGRAPH-F9E5;Lo;0;L;75E2;;;;N;;;;; +F9E6;CJK COMPATIBILITY IDEOGRAPH-F9E6;Lo;0;L;7F79;;;;N;;;;; +F9E7;CJK COMPATIBILITY IDEOGRAPH-F9E7;Lo;0;L;88CF;;;;N;;;;; +F9E8;CJK COMPATIBILITY IDEOGRAPH-F9E8;Lo;0;L;88E1;;;;N;;;;; +F9E9;CJK COMPATIBILITY IDEOGRAPH-F9E9;Lo;0;L;91CC;;;;N;;;;; +F9EA;CJK COMPATIBILITY IDEOGRAPH-F9EA;Lo;0;L;96E2;;;;N;;;;; +F9EB;CJK COMPATIBILITY IDEOGRAPH-F9EB;Lo;0;L;533F;;;;N;;;;; +F9EC;CJK COMPATIBILITY IDEOGRAPH-F9EC;Lo;0;L;6EBA;;;;N;;;;; +F9ED;CJK COMPATIBILITY IDEOGRAPH-F9ED;Lo;0;L;541D;;;;N;;;;; +F9EE;CJK COMPATIBILITY IDEOGRAPH-F9EE;Lo;0;L;71D0;;;;N;;;;; +F9EF;CJK COMPATIBILITY IDEOGRAPH-F9EF;Lo;0;L;7498;;;;N;;;;; +F9F0;CJK COMPATIBILITY IDEOGRAPH-F9F0;Lo;0;L;85FA;;;;N;;;;; +F9F1;CJK COMPATIBILITY IDEOGRAPH-F9F1;Lo;0;L;96A3;;;;N;;;;; +F9F2;CJK COMPATIBILITY IDEOGRAPH-F9F2;Lo;0;L;9C57;;;;N;;;;; +F9F3;CJK COMPATIBILITY IDEOGRAPH-F9F3;Lo;0;L;9E9F;;;;N;;;;; +F9F4;CJK COMPATIBILITY IDEOGRAPH-F9F4;Lo;0;L;6797;;;;N;;;;; +F9F5;CJK COMPATIBILITY IDEOGRAPH-F9F5;Lo;0;L;6DCB;;;;N;;;;; +F9F6;CJK COMPATIBILITY IDEOGRAPH-F9F6;Lo;0;L;81E8;;;;N;;;;; +F9F7;CJK COMPATIBILITY IDEOGRAPH-F9F7;Lo;0;L;7ACB;;;;N;;;;; +F9F8;CJK COMPATIBILITY IDEOGRAPH-F9F8;Lo;0;L;7B20;;;;N;;;;; +F9F9;CJK COMPATIBILITY IDEOGRAPH-F9F9;Lo;0;L;7C92;;;;N;;;;; +F9FA;CJK COMPATIBILITY IDEOGRAPH-F9FA;Lo;0;L;72C0;;;;N;;;;; +F9FB;CJK COMPATIBILITY IDEOGRAPH-F9FB;Lo;0;L;7099;;;;N;;;;; +F9FC;CJK COMPATIBILITY IDEOGRAPH-F9FC;Lo;0;L;8B58;;;;N;;;;; +F9FD;CJK COMPATIBILITY IDEOGRAPH-F9FD;Lo;0;L;4EC0;;;;N;;;;; +F9FE;CJK COMPATIBILITY IDEOGRAPH-F9FE;Lo;0;L;8336;;;;N;;;;; +F9FF;CJK COMPATIBILITY IDEOGRAPH-F9FF;Lo;0;L;523A;;;;N;;;;; +FA00;CJK COMPATIBILITY IDEOGRAPH-FA00;Lo;0;L;5207;;;;N;;;;; +FA01;CJK COMPATIBILITY IDEOGRAPH-FA01;Lo;0;L;5EA6;;;;N;;;;; +FA02;CJK COMPATIBILITY IDEOGRAPH-FA02;Lo;0;L;62D3;;;;N;;;;; +FA03;CJK COMPATIBILITY IDEOGRAPH-FA03;Lo;0;L;7CD6;;;;N;;;;; +FA04;CJK COMPATIBILITY IDEOGRAPH-FA04;Lo;0;L;5B85;;;;N;;;;; +FA05;CJK COMPATIBILITY IDEOGRAPH-FA05;Lo;0;L;6D1E;;;;N;;;;; +FA06;CJK COMPATIBILITY IDEOGRAPH-FA06;Lo;0;L;66B4;;;;N;;;;; +FA07;CJK COMPATIBILITY IDEOGRAPH-FA07;Lo;0;L;8F3B;;;;N;;;;; +FA08;CJK COMPATIBILITY IDEOGRAPH-FA08;Lo;0;L;884C;;;;N;;;;; +FA09;CJK COMPATIBILITY IDEOGRAPH-FA09;Lo;0;L;964D;;;;N;;;;; +FA0A;CJK COMPATIBILITY IDEOGRAPH-FA0A;Lo;0;L;898B;;;;N;;;;; +FA0B;CJK COMPATIBILITY IDEOGRAPH-FA0B;Lo;0;L;5ED3;;;;N;;;;; +FA0C;CJK COMPATIBILITY IDEOGRAPH-FA0C;Lo;0;L;5140;;;;N;;;;; +FA0D;CJK COMPATIBILITY IDEOGRAPH-FA0D;Lo;0;L;55C0;;;;N;;;;; +FA0E;CJK COMPATIBILITY IDEOGRAPH-FA0E;Lo;0;L;;;;;N;;;;; +FA0F;CJK COMPATIBILITY IDEOGRAPH-FA0F;Lo;0;L;;;;;N;;;;; +FA10;CJK COMPATIBILITY IDEOGRAPH-FA10;Lo;0;L;585A;;;;N;;;;; +FA11;CJK COMPATIBILITY IDEOGRAPH-FA11;Lo;0;L;;;;;N;;;;; +FA12;CJK COMPATIBILITY IDEOGRAPH-FA12;Lo;0;L;6674;;;;N;;;;; +FA13;CJK COMPATIBILITY IDEOGRAPH-FA13;Lo;0;L;;;;;N;;;;; +FA14;CJK COMPATIBILITY IDEOGRAPH-FA14;Lo;0;L;;;;;N;;;;; +FA15;CJK COMPATIBILITY IDEOGRAPH-FA15;Lo;0;L;51DE;;;;N;;;;; +FA16;CJK COMPATIBILITY IDEOGRAPH-FA16;Lo;0;L;732A;;;;N;;;;; +FA17;CJK COMPATIBILITY IDEOGRAPH-FA17;Lo;0;L;76CA;;;;N;;;;; +FA18;CJK COMPATIBILITY IDEOGRAPH-FA18;Lo;0;L;793C;;;;N;;;;; +FA19;CJK COMPATIBILITY IDEOGRAPH-FA19;Lo;0;L;795E;;;;N;;;;; +FA1A;CJK COMPATIBILITY IDEOGRAPH-FA1A;Lo;0;L;7965;;;;N;;;;; +FA1B;CJK COMPATIBILITY IDEOGRAPH-FA1B;Lo;0;L;798F;;;;N;;;;; +FA1C;CJK COMPATIBILITY IDEOGRAPH-FA1C;Lo;0;L;9756;;;;N;;;;; +FA1D;CJK COMPATIBILITY IDEOGRAPH-FA1D;Lo;0;L;7CBE;;;;N;;;;; +FA1E;CJK COMPATIBILITY IDEOGRAPH-FA1E;Lo;0;L;7FBD;;;;N;;;;; +FA1F;CJK COMPATIBILITY IDEOGRAPH-FA1F;Lo;0;L;;;;;N;;*;;; +FA20;CJK COMPATIBILITY IDEOGRAPH-FA20;Lo;0;L;8612;;;;N;;;;; +FA21;CJK COMPATIBILITY IDEOGRAPH-FA21;Lo;0;L;;;;;N;;;;; +FA22;CJK COMPATIBILITY IDEOGRAPH-FA22;Lo;0;L;8AF8;;;;N;;;;; +FA23;CJK COMPATIBILITY IDEOGRAPH-FA23;Lo;0;L;;;;;N;;*;;; +FA24;CJK COMPATIBILITY IDEOGRAPH-FA24;Lo;0;L;;;;;N;;;;; +FA25;CJK COMPATIBILITY IDEOGRAPH-FA25;Lo;0;L;9038;;;;N;;;;; +FA26;CJK COMPATIBILITY IDEOGRAPH-FA26;Lo;0;L;90FD;;;;N;;;;; +FA27;CJK COMPATIBILITY IDEOGRAPH-FA27;Lo;0;L;;;;;N;;;;; +FA28;CJK COMPATIBILITY IDEOGRAPH-FA28;Lo;0;L;;;;;N;;;;; +FA29;CJK COMPATIBILITY IDEOGRAPH-FA29;Lo;0;L;;;;;N;;;;; +FA2A;CJK COMPATIBILITY IDEOGRAPH-FA2A;Lo;0;L;98EF;;;;N;;;;; +FA2B;CJK COMPATIBILITY IDEOGRAPH-FA2B;Lo;0;L;98FC;;;;N;;;;; +FA2C;CJK COMPATIBILITY IDEOGRAPH-FA2C;Lo;0;L;9928;;;;N;;;;; +FA2D;CJK COMPATIBILITY IDEOGRAPH-FA2D;Lo;0;L;9DB4;;;;N;;;;; +FA30;CJK COMPATIBILITY IDEOGRAPH-FA30;Lo;0;L;4FAE;;;;N;;;;; +FA31;CJK COMPATIBILITY IDEOGRAPH-FA31;Lo;0;L;50E7;;;;N;;;;; +FA32;CJK COMPATIBILITY IDEOGRAPH-FA32;Lo;0;L;514D;;;;N;;;;; +FA33;CJK COMPATIBILITY IDEOGRAPH-FA33;Lo;0;L;52C9;;;;N;;;;; +FA34;CJK COMPATIBILITY IDEOGRAPH-FA34;Lo;0;L;52E4;;;;N;;;;; +FA35;CJK COMPATIBILITY IDEOGRAPH-FA35;Lo;0;L;5351;;;;N;;;;; +FA36;CJK COMPATIBILITY IDEOGRAPH-FA36;Lo;0;L;559D;;;;N;;;;; +FA37;CJK COMPATIBILITY IDEOGRAPH-FA37;Lo;0;L;5606;;;;N;;;;; +FA38;CJK COMPATIBILITY IDEOGRAPH-FA38;Lo;0;L;5668;;;;N;;;;; +FA39;CJK COMPATIBILITY IDEOGRAPH-FA39;Lo;0;L;5840;;;;N;;;;; +FA3A;CJK COMPATIBILITY IDEOGRAPH-FA3A;Lo;0;L;58A8;;;;N;;;;; +FA3B;CJK COMPATIBILITY IDEOGRAPH-FA3B;Lo;0;L;5C64;;;;N;;;;; +FA3C;CJK COMPATIBILITY IDEOGRAPH-FA3C;Lo;0;L;5C6E;;;;N;;;;; +FA3D;CJK COMPATIBILITY IDEOGRAPH-FA3D;Lo;0;L;6094;;;;N;;;;; +FA3E;CJK COMPATIBILITY IDEOGRAPH-FA3E;Lo;0;L;6168;;;;N;;;;; +FA3F;CJK COMPATIBILITY IDEOGRAPH-FA3F;Lo;0;L;618E;;;;N;;;;; +FA40;CJK COMPATIBILITY IDEOGRAPH-FA40;Lo;0;L;61F2;;;;N;;;;; +FA41;CJK COMPATIBILITY IDEOGRAPH-FA41;Lo;0;L;654F;;;;N;;;;; +FA42;CJK COMPATIBILITY IDEOGRAPH-FA42;Lo;0;L;65E2;;;;N;;;;; +FA43;CJK COMPATIBILITY IDEOGRAPH-FA43;Lo;0;L;6691;;;;N;;;;; +FA44;CJK COMPATIBILITY IDEOGRAPH-FA44;Lo;0;L;6885;;;;N;;;;; +FA45;CJK COMPATIBILITY IDEOGRAPH-FA45;Lo;0;L;6D77;;;;N;;;;; +FA46;CJK COMPATIBILITY IDEOGRAPH-FA46;Lo;0;L;6E1A;;;;N;;;;; +FA47;CJK COMPATIBILITY IDEOGRAPH-FA47;Lo;0;L;6F22;;;;N;;;;; +FA48;CJK COMPATIBILITY IDEOGRAPH-FA48;Lo;0;L;716E;;;;N;;;;; +FA49;CJK COMPATIBILITY IDEOGRAPH-FA49;Lo;0;L;722B;;;;N;;;;; +FA4A;CJK COMPATIBILITY IDEOGRAPH-FA4A;Lo;0;L;7422;;;;N;;;;; +FA4B;CJK COMPATIBILITY IDEOGRAPH-FA4B;Lo;0;L;7891;;;;N;;;;; +FA4C;CJK COMPATIBILITY IDEOGRAPH-FA4C;Lo;0;L;793E;;;;N;;;;; +FA4D;CJK COMPATIBILITY IDEOGRAPH-FA4D;Lo;0;L;7949;;;;N;;;;; +FA4E;CJK COMPATIBILITY IDEOGRAPH-FA4E;Lo;0;L;7948;;;;N;;;;; +FA4F;CJK COMPATIBILITY IDEOGRAPH-FA4F;Lo;0;L;7950;;;;N;;;;; +FA50;CJK COMPATIBILITY IDEOGRAPH-FA50;Lo;0;L;7956;;;;N;;;;; +FA51;CJK COMPATIBILITY IDEOGRAPH-FA51;Lo;0;L;795D;;;;N;;;;; +FA52;CJK COMPATIBILITY IDEOGRAPH-FA52;Lo;0;L;798D;;;;N;;;;; +FA53;CJK COMPATIBILITY IDEOGRAPH-FA53;Lo;0;L;798E;;;;N;;;;; +FA54;CJK COMPATIBILITY IDEOGRAPH-FA54;Lo;0;L;7A40;;;;N;;;;; +FA55;CJK COMPATIBILITY IDEOGRAPH-FA55;Lo;0;L;7A81;;;;N;;;;; +FA56;CJK COMPATIBILITY IDEOGRAPH-FA56;Lo;0;L;7BC0;;;;N;;;;; +FA57;CJK COMPATIBILITY IDEOGRAPH-FA57;Lo;0;L;7DF4;;;;N;;;;; +FA58;CJK COMPATIBILITY IDEOGRAPH-FA58;Lo;0;L;7E09;;;;N;;;;; +FA59;CJK COMPATIBILITY IDEOGRAPH-FA59;Lo;0;L;7E41;;;;N;;;;; +FA5A;CJK COMPATIBILITY IDEOGRAPH-FA5A;Lo;0;L;7F72;;;;N;;;;; +FA5B;CJK COMPATIBILITY IDEOGRAPH-FA5B;Lo;0;L;8005;;;;N;;;;; +FA5C;CJK COMPATIBILITY IDEOGRAPH-FA5C;Lo;0;L;81ED;;;;N;;;;; +FA5D;CJK COMPATIBILITY IDEOGRAPH-FA5D;Lo;0;L;8279;;;;N;;;;; +FA5E;CJK COMPATIBILITY IDEOGRAPH-FA5E;Lo;0;L;8279;;;;N;;;;; +FA5F;CJK COMPATIBILITY IDEOGRAPH-FA5F;Lo;0;L;8457;;;;N;;;;; +FA60;CJK COMPATIBILITY IDEOGRAPH-FA60;Lo;0;L;8910;;;;N;;;;; +FA61;CJK COMPATIBILITY IDEOGRAPH-FA61;Lo;0;L;8996;;;;N;;;;; +FA62;CJK COMPATIBILITY IDEOGRAPH-FA62;Lo;0;L;8B01;;;;N;;;;; +FA63;CJK COMPATIBILITY IDEOGRAPH-FA63;Lo;0;L;8B39;;;;N;;;;; +FA64;CJK COMPATIBILITY IDEOGRAPH-FA64;Lo;0;L;8CD3;;;;N;;;;; +FA65;CJK COMPATIBILITY IDEOGRAPH-FA65;Lo;0;L;8D08;;;;N;;;;; +FA66;CJK COMPATIBILITY IDEOGRAPH-FA66;Lo;0;L;8FB6;;;;N;;;;; +FA67;CJK COMPATIBILITY IDEOGRAPH-FA67;Lo;0;L;9038;;;;N;;;;; +FA68;CJK COMPATIBILITY IDEOGRAPH-FA68;Lo;0;L;96E3;;;;N;;;;; +FA69;CJK COMPATIBILITY IDEOGRAPH-FA69;Lo;0;L;97FF;;;;N;;;;; +FA6A;CJK COMPATIBILITY IDEOGRAPH-FA6A;Lo;0;L;983B;;;;N;;;;; +FB00;LATIN SMALL LIGATURE FF;Ll;0;L; 0066 0066;;;;N;;;;; +FB01;LATIN SMALL LIGATURE FI;Ll;0;L; 0066 0069;;;;N;;;;; +FB02;LATIN SMALL LIGATURE FL;Ll;0;L; 0066 006C;;;;N;;;;; +FB03;LATIN SMALL LIGATURE FFI;Ll;0;L; 0066 0066 0069;;;;N;;;;; +FB04;LATIN SMALL LIGATURE FFL;Ll;0;L; 0066 0066 006C;;;;N;;;;; +FB05;LATIN SMALL LIGATURE LONG S T;Ll;0;L; 017F 0074;;;;N;;;;; +FB06;LATIN SMALL LIGATURE ST;Ll;0;L; 0073 0074;;;;N;;;;; +FB13;ARMENIAN SMALL LIGATURE MEN NOW;Ll;0;L; 0574 0576;;;;N;;;;; +FB14;ARMENIAN SMALL LIGATURE MEN ECH;Ll;0;L; 0574 0565;;;;N;;;;; +FB15;ARMENIAN SMALL LIGATURE MEN INI;Ll;0;L; 0574 056B;;;;N;;;;; +FB16;ARMENIAN SMALL LIGATURE VEW NOW;Ll;0;L; 057E 0576;;;;N;;;;; +FB17;ARMENIAN SMALL LIGATURE MEN XEH;Ll;0;L; 0574 056D;;;;N;;;;; +FB1D;HEBREW LETTER YOD WITH HIRIQ;Lo;0;R;05D9 05B4;;;;N;;;;; +FB1E;HEBREW POINT JUDEO-SPANISH VARIKA;Mn;26;NSM;;;;;N;HEBREW POINT VARIKA;;;; +FB1F;HEBREW LIGATURE YIDDISH YOD YOD PATAH;Lo;0;R;05F2 05B7;;;;N;;;;; +FB20;HEBREW LETTER ALTERNATIVE AYIN;Lo;0;R; 05E2;;;;N;;;;; +FB21;HEBREW LETTER WIDE ALEF;Lo;0;R; 05D0;;;;N;;;;; +FB22;HEBREW LETTER WIDE DALET;Lo;0;R; 05D3;;;;N;;;;; +FB23;HEBREW LETTER WIDE HE;Lo;0;R; 05D4;;;;N;;;;; +FB24;HEBREW LETTER WIDE KAF;Lo;0;R; 05DB;;;;N;;;;; +FB25;HEBREW LETTER WIDE LAMED;Lo;0;R; 05DC;;;;N;;;;; +FB26;HEBREW LETTER WIDE FINAL MEM;Lo;0;R; 05DD;;;;N;;;;; +FB27;HEBREW LETTER WIDE RESH;Lo;0;R; 05E8;;;;N;;;;; +FB28;HEBREW LETTER WIDE TAV;Lo;0;R; 05EA;;;;N;;;;; +FB29;HEBREW LETTER ALTERNATIVE PLUS SIGN;Sm;0;ET; 002B;;;;N;;;;; +FB2A;HEBREW LETTER SHIN WITH SHIN DOT;Lo;0;R;05E9 05C1;;;;N;;;;; +FB2B;HEBREW LETTER SHIN WITH SIN DOT;Lo;0;R;05E9 05C2;;;;N;;;;; +FB2C;HEBREW LETTER SHIN WITH DAGESH AND SHIN DOT;Lo;0;R;FB49 05C1;;;;N;;;;; +FB2D;HEBREW LETTER SHIN WITH DAGESH AND SIN DOT;Lo;0;R;FB49 05C2;;;;N;;;;; +FB2E;HEBREW LETTER ALEF WITH PATAH;Lo;0;R;05D0 05B7;;;;N;;;;; +FB2F;HEBREW LETTER ALEF WITH QAMATS;Lo;0;R;05D0 05B8;;;;N;;;;; +FB30;HEBREW LETTER ALEF WITH MAPIQ;Lo;0;R;05D0 05BC;;;;N;;;;; +FB31;HEBREW LETTER BET WITH DAGESH;Lo;0;R;05D1 05BC;;;;N;;;;; +FB32;HEBREW LETTER GIMEL WITH DAGESH;Lo;0;R;05D2 05BC;;;;N;;;;; +FB33;HEBREW LETTER DALET WITH DAGESH;Lo;0;R;05D3 05BC;;;;N;;;;; +FB34;HEBREW LETTER HE WITH MAPIQ;Lo;0;R;05D4 05BC;;;;N;;;;; +FB35;HEBREW LETTER VAV WITH DAGESH;Lo;0;R;05D5 05BC;;;;N;;;;; +FB36;HEBREW LETTER ZAYIN WITH DAGESH;Lo;0;R;05D6 05BC;;;;N;;;;; +FB38;HEBREW LETTER TET WITH DAGESH;Lo;0;R;05D8 05BC;;;;N;;;;; +FB39;HEBREW LETTER YOD WITH DAGESH;Lo;0;R;05D9 05BC;;;;N;;;;; +FB3A;HEBREW LETTER FINAL KAF WITH DAGESH;Lo;0;R;05DA 05BC;;;;N;;;;; +FB3B;HEBREW LETTER KAF WITH DAGESH;Lo;0;R;05DB 05BC;;;;N;;;;; +FB3C;HEBREW LETTER LAMED WITH DAGESH;Lo;0;R;05DC 05BC;;;;N;;;;; +FB3E;HEBREW LETTER MEM WITH DAGESH;Lo;0;R;05DE 05BC;;;;N;;;;; +FB40;HEBREW LETTER NUN WITH DAGESH;Lo;0;R;05E0 05BC;;;;N;;;;; +FB41;HEBREW LETTER SAMEKH WITH DAGESH;Lo;0;R;05E1 05BC;;;;N;;;;; +FB43;HEBREW LETTER FINAL PE WITH DAGESH;Lo;0;R;05E3 05BC;;;;N;;;;; +FB44;HEBREW LETTER PE WITH DAGESH;Lo;0;R;05E4 05BC;;;;N;;;;; +FB46;HEBREW LETTER TSADI WITH DAGESH;Lo;0;R;05E6 05BC;;;;N;;;;; +FB47;HEBREW LETTER QOF WITH DAGESH;Lo;0;R;05E7 05BC;;;;N;;;;; +FB48;HEBREW LETTER RESH WITH DAGESH;Lo;0;R;05E8 05BC;;;;N;;;;; +FB49;HEBREW LETTER SHIN WITH DAGESH;Lo;0;R;05E9 05BC;;;;N;;;;; +FB4A;HEBREW LETTER TAV WITH DAGESH;Lo;0;R;05EA 05BC;;;;N;;;;; +FB4B;HEBREW LETTER VAV WITH HOLAM;Lo;0;R;05D5 05B9;;;;N;;;;; +FB4C;HEBREW LETTER BET WITH RAFE;Lo;0;R;05D1 05BF;;;;N;;;;; +FB4D;HEBREW LETTER KAF WITH RAFE;Lo;0;R;05DB 05BF;;;;N;;;;; +FB4E;HEBREW LETTER PE WITH RAFE;Lo;0;R;05E4 05BF;;;;N;;;;; +FB4F;HEBREW LIGATURE ALEF LAMED;Lo;0;R; 05D0 05DC;;;;N;;;;; +FB50;ARABIC LETTER ALEF WASLA ISOLATED FORM;Lo;0;AL; 0671;;;;N;;;;; +FB51;ARABIC LETTER ALEF WASLA FINAL FORM;Lo;0;AL; 0671;;;;N;;;;; +FB52;ARABIC LETTER BEEH ISOLATED FORM;Lo;0;AL; 067B;;;;N;;;;; +FB53;ARABIC LETTER BEEH FINAL FORM;Lo;0;AL; 067B;;;;N;;;;; +FB54;ARABIC LETTER BEEH INITIAL FORM;Lo;0;AL; 067B;;;;N;;;;; +FB55;ARABIC LETTER BEEH MEDIAL FORM;Lo;0;AL; 067B;;;;N;;;;; +FB56;ARABIC LETTER PEH ISOLATED FORM;Lo;0;AL; 067E;;;;N;;;;; +FB57;ARABIC LETTER PEH FINAL FORM;Lo;0;AL; 067E;;;;N;;;;; +FB58;ARABIC LETTER PEH INITIAL FORM;Lo;0;AL; 067E;;;;N;;;;; +FB59;ARABIC LETTER PEH MEDIAL FORM;Lo;0;AL; 067E;;;;N;;;;; +FB5A;ARABIC LETTER BEHEH ISOLATED FORM;Lo;0;AL; 0680;;;;N;;;;; +FB5B;ARABIC LETTER BEHEH FINAL FORM;Lo;0;AL; 0680;;;;N;;;;; +FB5C;ARABIC LETTER BEHEH INITIAL FORM;Lo;0;AL; 0680;;;;N;;;;; +FB5D;ARABIC LETTER BEHEH MEDIAL FORM;Lo;0;AL; 0680;;;;N;;;;; +FB5E;ARABIC LETTER TTEHEH ISOLATED FORM;Lo;0;AL; 067A;;;;N;;;;; +FB5F;ARABIC LETTER TTEHEH FINAL FORM;Lo;0;AL; 067A;;;;N;;;;; +FB60;ARABIC LETTER TTEHEH INITIAL FORM;Lo;0;AL; 067A;;;;N;;;;; +FB61;ARABIC LETTER TTEHEH MEDIAL FORM;Lo;0;AL; 067A;;;;N;;;;; +FB62;ARABIC LETTER TEHEH ISOLATED FORM;Lo;0;AL; 067F;;;;N;;;;; +FB63;ARABIC LETTER TEHEH FINAL FORM;Lo;0;AL; 067F;;;;N;;;;; +FB64;ARABIC LETTER TEHEH INITIAL FORM;Lo;0;AL; 067F;;;;N;;;;; +FB65;ARABIC LETTER TEHEH MEDIAL FORM;Lo;0;AL; 067F;;;;N;;;;; +FB66;ARABIC LETTER TTEH ISOLATED FORM;Lo;0;AL; 0679;;;;N;;;;; +FB67;ARABIC LETTER TTEH FINAL FORM;Lo;0;AL; 0679;;;;N;;;;; +FB68;ARABIC LETTER TTEH INITIAL FORM;Lo;0;AL; 0679;;;;N;;;;; +FB69;ARABIC LETTER TTEH MEDIAL FORM;Lo;0;AL; 0679;;;;N;;;;; +FB6A;ARABIC LETTER VEH ISOLATED FORM;Lo;0;AL; 06A4;;;;N;;;;; +FB6B;ARABIC LETTER VEH FINAL FORM;Lo;0;AL; 06A4;;;;N;;;;; +FB6C;ARABIC LETTER VEH INITIAL FORM;Lo;0;AL; 06A4;;;;N;;;;; +FB6D;ARABIC LETTER VEH MEDIAL FORM;Lo;0;AL; 06A4;;;;N;;;;; +FB6E;ARABIC LETTER PEHEH ISOLATED FORM;Lo;0;AL; 06A6;;;;N;;;;; +FB6F;ARABIC LETTER PEHEH FINAL FORM;Lo;0;AL; 06A6;;;;N;;;;; +FB70;ARABIC LETTER PEHEH INITIAL FORM;Lo;0;AL; 06A6;;;;N;;;;; +FB71;ARABIC LETTER PEHEH MEDIAL FORM;Lo;0;AL; 06A6;;;;N;;;;; +FB72;ARABIC LETTER DYEH ISOLATED FORM;Lo;0;AL; 0684;;;;N;;;;; +FB73;ARABIC LETTER DYEH FINAL FORM;Lo;0;AL; 0684;;;;N;;;;; +FB74;ARABIC LETTER DYEH INITIAL FORM;Lo;0;AL; 0684;;;;N;;;;; +FB75;ARABIC LETTER DYEH MEDIAL FORM;Lo;0;AL; 0684;;;;N;;;;; +FB76;ARABIC LETTER NYEH ISOLATED FORM;Lo;0;AL; 0683;;;;N;;;;; +FB77;ARABIC LETTER NYEH FINAL FORM;Lo;0;AL; 0683;;;;N;;;;; +FB78;ARABIC LETTER NYEH INITIAL FORM;Lo;0;AL; 0683;;;;N;;;;; +FB79;ARABIC LETTER NYEH MEDIAL FORM;Lo;0;AL; 0683;;;;N;;;;; +FB7A;ARABIC LETTER TCHEH ISOLATED FORM;Lo;0;AL; 0686;;;;N;;;;; +FB7B;ARABIC LETTER TCHEH FINAL FORM;Lo;0;AL; 0686;;;;N;;;;; +FB7C;ARABIC LETTER TCHEH INITIAL FORM;Lo;0;AL; 0686;;;;N;;;;; +FB7D;ARABIC LETTER TCHEH MEDIAL FORM;Lo;0;AL; 0686;;;;N;;;;; +FB7E;ARABIC LETTER TCHEHEH ISOLATED FORM;Lo;0;AL; 0687;;;;N;;;;; +FB7F;ARABIC LETTER TCHEHEH FINAL FORM;Lo;0;AL; 0687;;;;N;;;;; +FB80;ARABIC LETTER TCHEHEH INITIAL FORM;Lo;0;AL; 0687;;;;N;;;;; +FB81;ARABIC LETTER TCHEHEH MEDIAL FORM;Lo;0;AL; 0687;;;;N;;;;; +FB82;ARABIC LETTER DDAHAL ISOLATED FORM;Lo;0;AL; 068D;;;;N;;;;; +FB83;ARABIC LETTER DDAHAL FINAL FORM;Lo;0;AL; 068D;;;;N;;;;; +FB84;ARABIC LETTER DAHAL ISOLATED FORM;Lo;0;AL; 068C;;;;N;;;;; +FB85;ARABIC LETTER DAHAL FINAL FORM;Lo;0;AL; 068C;;;;N;;;;; +FB86;ARABIC LETTER DUL ISOLATED FORM;Lo;0;AL; 068E;;;;N;;;;; +FB87;ARABIC LETTER DUL FINAL FORM;Lo;0;AL; 068E;;;;N;;;;; +FB88;ARABIC LETTER DDAL ISOLATED FORM;Lo;0;AL; 0688;;;;N;;;;; +FB89;ARABIC LETTER DDAL FINAL FORM;Lo;0;AL; 0688;;;;N;;;;; +FB8A;ARABIC LETTER JEH ISOLATED FORM;Lo;0;AL; 0698;;;;N;;;;; +FB8B;ARABIC LETTER JEH FINAL FORM;Lo;0;AL; 0698;;;;N;;;;; +FB8C;ARABIC LETTER RREH ISOLATED FORM;Lo;0;AL; 0691;;;;N;;;;; +FB8D;ARABIC LETTER RREH FINAL FORM;Lo;0;AL; 0691;;;;N;;;;; +FB8E;ARABIC LETTER KEHEH ISOLATED FORM;Lo;0;AL; 06A9;;;;N;;;;; +FB8F;ARABIC LETTER KEHEH FINAL FORM;Lo;0;AL; 06A9;;;;N;;;;; +FB90;ARABIC LETTER KEHEH INITIAL FORM;Lo;0;AL; 06A9;;;;N;;;;; +FB91;ARABIC LETTER KEHEH MEDIAL FORM;Lo;0;AL; 06A9;;;;N;;;;; +FB92;ARABIC LETTER GAF ISOLATED FORM;Lo;0;AL; 06AF;;;;N;;;;; +FB93;ARABIC LETTER GAF FINAL FORM;Lo;0;AL; 06AF;;;;N;;;;; +FB94;ARABIC LETTER GAF INITIAL FORM;Lo;0;AL; 06AF;;;;N;;;;; +FB95;ARABIC LETTER GAF MEDIAL FORM;Lo;0;AL; 06AF;;;;N;;;;; +FB96;ARABIC LETTER GUEH ISOLATED FORM;Lo;0;AL; 06B3;;;;N;;;;; +FB97;ARABIC LETTER GUEH FINAL FORM;Lo;0;AL; 06B3;;;;N;;;;; +FB98;ARABIC LETTER GUEH INITIAL FORM;Lo;0;AL; 06B3;;;;N;;;;; +FB99;ARABIC LETTER GUEH MEDIAL FORM;Lo;0;AL; 06B3;;;;N;;;;; +FB9A;ARABIC LETTER NGOEH ISOLATED FORM;Lo;0;AL; 06B1;;;;N;;;;; +FB9B;ARABIC LETTER NGOEH FINAL FORM;Lo;0;AL; 06B1;;;;N;;;;; +FB9C;ARABIC LETTER NGOEH INITIAL FORM;Lo;0;AL; 06B1;;;;N;;;;; +FB9D;ARABIC LETTER NGOEH MEDIAL FORM;Lo;0;AL; 06B1;;;;N;;;;; +FB9E;ARABIC LETTER NOON GHUNNA ISOLATED FORM;Lo;0;AL; 06BA;;;;N;;;;; +FB9F;ARABIC LETTER NOON GHUNNA FINAL FORM;Lo;0;AL; 06BA;;;;N;;;;; +FBA0;ARABIC LETTER RNOON ISOLATED FORM;Lo;0;AL; 06BB;;;;N;;;;; +FBA1;ARABIC LETTER RNOON FINAL FORM;Lo;0;AL; 06BB;;;;N;;;;; +FBA2;ARABIC LETTER RNOON INITIAL FORM;Lo;0;AL; 06BB;;;;N;;;;; +FBA3;ARABIC LETTER RNOON MEDIAL FORM;Lo;0;AL; 06BB;;;;N;;;;; +FBA4;ARABIC LETTER HEH WITH YEH ABOVE ISOLATED FORM;Lo;0;AL; 06C0;;;;N;;;;; +FBA5;ARABIC LETTER HEH WITH YEH ABOVE FINAL FORM;Lo;0;AL; 06C0;;;;N;;;;; +FBA6;ARABIC LETTER HEH GOAL ISOLATED FORM;Lo;0;AL; 06C1;;;;N;;;;; +FBA7;ARABIC LETTER HEH GOAL FINAL FORM;Lo;0;AL; 06C1;;;;N;;;;; +FBA8;ARABIC LETTER HEH GOAL INITIAL FORM;Lo;0;AL; 06C1;;;;N;;;;; +FBA9;ARABIC LETTER HEH GOAL MEDIAL FORM;Lo;0;AL; 06C1;;;;N;;;;; +FBAA;ARABIC LETTER HEH DOACHASHMEE ISOLATED FORM;Lo;0;AL; 06BE;;;;N;;;;; +FBAB;ARABIC LETTER HEH DOACHASHMEE FINAL FORM;Lo;0;AL; 06BE;;;;N;;;;; +FBAC;ARABIC LETTER HEH DOACHASHMEE INITIAL FORM;Lo;0;AL; 06BE;;;;N;;;;; +FBAD;ARABIC LETTER HEH DOACHASHMEE MEDIAL FORM;Lo;0;AL; 06BE;;;;N;;;;; +FBAE;ARABIC LETTER YEH BARREE ISOLATED FORM;Lo;0;AL; 06D2;;;;N;;;;; +FBAF;ARABIC LETTER YEH BARREE FINAL FORM;Lo;0;AL; 06D2;;;;N;;;;; +FBB0;ARABIC LETTER YEH BARREE WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL; 06D3;;;;N;;;;; +FBB1;ARABIC LETTER YEH BARREE WITH HAMZA ABOVE FINAL FORM;Lo;0;AL; 06D3;;;;N;;;;; +FBD3;ARABIC LETTER NG ISOLATED FORM;Lo;0;AL; 06AD;;;;N;;;;; +FBD4;ARABIC LETTER NG FINAL FORM;Lo;0;AL; 06AD;;;;N;;;;; +FBD5;ARABIC LETTER NG INITIAL FORM;Lo;0;AL; 06AD;;;;N;;;;; +FBD6;ARABIC LETTER NG MEDIAL FORM;Lo;0;AL; 06AD;;;;N;;;;; +FBD7;ARABIC LETTER U ISOLATED FORM;Lo;0;AL; 06C7;;;;N;;;;; +FBD8;ARABIC LETTER U FINAL FORM;Lo;0;AL; 06C7;;;;N;;;;; +FBD9;ARABIC LETTER OE ISOLATED FORM;Lo;0;AL; 06C6;;;;N;;;;; +FBDA;ARABIC LETTER OE FINAL FORM;Lo;0;AL; 06C6;;;;N;;;;; +FBDB;ARABIC LETTER YU ISOLATED FORM;Lo;0;AL; 06C8;;;;N;;;;; +FBDC;ARABIC LETTER YU FINAL FORM;Lo;0;AL; 06C8;;;;N;;;;; +FBDD;ARABIC LETTER U WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL; 0677;;;;N;;;;; +FBDE;ARABIC LETTER VE ISOLATED FORM;Lo;0;AL; 06CB;;;;N;;;;; +FBDF;ARABIC LETTER VE FINAL FORM;Lo;0;AL; 06CB;;;;N;;;;; +FBE0;ARABIC LETTER KIRGHIZ OE ISOLATED FORM;Lo;0;AL; 06C5;;;;N;;;;; +FBE1;ARABIC LETTER KIRGHIZ OE FINAL FORM;Lo;0;AL; 06C5;;;;N;;;;; +FBE2;ARABIC LETTER KIRGHIZ YU ISOLATED FORM;Lo;0;AL; 06C9;;;;N;;;;; +FBE3;ARABIC LETTER KIRGHIZ YU FINAL FORM;Lo;0;AL; 06C9;;;;N;;;;; +FBE4;ARABIC LETTER E ISOLATED FORM;Lo;0;AL; 06D0;;;;N;;;;; +FBE5;ARABIC LETTER E FINAL FORM;Lo;0;AL; 06D0;;;;N;;;;; +FBE6;ARABIC LETTER E INITIAL FORM;Lo;0;AL; 06D0;;;;N;;;;; +FBE7;ARABIC LETTER E MEDIAL FORM;Lo;0;AL; 06D0;;;;N;;;;; +FBE8;ARABIC LETTER UIGHUR KAZAKH KIRGHIZ ALEF MAKSURA INITIAL FORM;Lo;0;AL; 0649;;;;N;;;;; +FBE9;ARABIC LETTER UIGHUR KAZAKH KIRGHIZ ALEF MAKSURA MEDIAL FORM;Lo;0;AL; 0649;;;;N;;;;; +FBEA;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF ISOLATED FORM;Lo;0;AL; 0626 0627;;;;N;;;;; +FBEB;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF FINAL FORM;Lo;0;AL; 0626 0627;;;;N;;;;; +FBEC;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH AE ISOLATED FORM;Lo;0;AL; 0626 06D5;;;;N;;;;; +FBED;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH AE FINAL FORM;Lo;0;AL; 0626 06D5;;;;N;;;;; +FBEE;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH WAW ISOLATED FORM;Lo;0;AL; 0626 0648;;;;N;;;;; +FBEF;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH WAW FINAL FORM;Lo;0;AL; 0626 0648;;;;N;;;;; +FBF0;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH U ISOLATED FORM;Lo;0;AL; 0626 06C7;;;;N;;;;; +FBF1;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH U FINAL FORM;Lo;0;AL; 0626 06C7;;;;N;;;;; +FBF2;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH OE ISOLATED FORM;Lo;0;AL; 0626 06C6;;;;N;;;;; +FBF3;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH OE FINAL FORM;Lo;0;AL; 0626 06C6;;;;N;;;;; +FBF4;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YU ISOLATED FORM;Lo;0;AL; 0626 06C8;;;;N;;;;; +FBF5;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YU FINAL FORM;Lo;0;AL; 0626 06C8;;;;N;;;;; +FBF6;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E ISOLATED FORM;Lo;0;AL; 0626 06D0;;;;N;;;;; +FBF7;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E FINAL FORM;Lo;0;AL; 0626 06D0;;;;N;;;;; +FBF8;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E INITIAL FORM;Lo;0;AL; 0626 06D0;;;;N;;;;; +FBF9;ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0626 0649;;;;N;;;;; +FBFA;ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0626 0649;;;;N;;;;; +FBFB;ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA INITIAL FORM;Lo;0;AL; 0626 0649;;;;N;;;;; +FBFC;ARABIC LETTER FARSI YEH ISOLATED FORM;Lo;0;AL; 06CC;;;;N;;;;; +FBFD;ARABIC LETTER FARSI YEH FINAL FORM;Lo;0;AL; 06CC;;;;N;;;;; +FBFE;ARABIC LETTER FARSI YEH INITIAL FORM;Lo;0;AL; 06CC;;;;N;;;;; +FBFF;ARABIC LETTER FARSI YEH MEDIAL FORM;Lo;0;AL; 06CC;;;;N;;;;; +FC00;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH JEEM ISOLATED FORM;Lo;0;AL; 0626 062C;;;;N;;;;; +FC01;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HAH ISOLATED FORM;Lo;0;AL; 0626 062D;;;;N;;;;; +FC02;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM ISOLATED FORM;Lo;0;AL; 0626 0645;;;;N;;;;; +FC03;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0626 0649;;;;N;;;;; +FC04;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YEH ISOLATED FORM;Lo;0;AL; 0626 064A;;;;N;;;;; +FC05;ARABIC LIGATURE BEH WITH JEEM ISOLATED FORM;Lo;0;AL; 0628 062C;;;;N;;;;; +FC06;ARABIC LIGATURE BEH WITH HAH ISOLATED FORM;Lo;0;AL; 0628 062D;;;;N;;;;; +FC07;ARABIC LIGATURE BEH WITH KHAH ISOLATED FORM;Lo;0;AL; 0628 062E;;;;N;;;;; +FC08;ARABIC LIGATURE BEH WITH MEEM ISOLATED FORM;Lo;0;AL; 0628 0645;;;;N;;;;; +FC09;ARABIC LIGATURE BEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0628 0649;;;;N;;;;; +FC0A;ARABIC LIGATURE BEH WITH YEH ISOLATED FORM;Lo;0;AL; 0628 064A;;;;N;;;;; +FC0B;ARABIC LIGATURE TEH WITH JEEM ISOLATED FORM;Lo;0;AL; 062A 062C;;;;N;;;;; +FC0C;ARABIC LIGATURE TEH WITH HAH ISOLATED FORM;Lo;0;AL; 062A 062D;;;;N;;;;; +FC0D;ARABIC LIGATURE TEH WITH KHAH ISOLATED FORM;Lo;0;AL; 062A 062E;;;;N;;;;; +FC0E;ARABIC LIGATURE TEH WITH MEEM ISOLATED FORM;Lo;0;AL; 062A 0645;;;;N;;;;; +FC0F;ARABIC LIGATURE TEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 062A 0649;;;;N;;;;; +FC10;ARABIC LIGATURE TEH WITH YEH ISOLATED FORM;Lo;0;AL; 062A 064A;;;;N;;;;; +FC11;ARABIC LIGATURE THEH WITH JEEM ISOLATED FORM;Lo;0;AL; 062B 062C;;;;N;;;;; +FC12;ARABIC LIGATURE THEH WITH MEEM ISOLATED FORM;Lo;0;AL; 062B 0645;;;;N;;;;; +FC13;ARABIC LIGATURE THEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 062B 0649;;;;N;;;;; +FC14;ARABIC LIGATURE THEH WITH YEH ISOLATED FORM;Lo;0;AL; 062B 064A;;;;N;;;;; +FC15;ARABIC LIGATURE JEEM WITH HAH ISOLATED FORM;Lo;0;AL; 062C 062D;;;;N;;;;; +FC16;ARABIC LIGATURE JEEM WITH MEEM ISOLATED FORM;Lo;0;AL; 062C 0645;;;;N;;;;; +FC17;ARABIC LIGATURE HAH WITH JEEM ISOLATED FORM;Lo;0;AL; 062D 062C;;;;N;;;;; +FC18;ARABIC LIGATURE HAH WITH MEEM ISOLATED FORM;Lo;0;AL; 062D 0645;;;;N;;;;; +FC19;ARABIC LIGATURE KHAH WITH JEEM ISOLATED FORM;Lo;0;AL; 062E 062C;;;;N;;;;; +FC1A;ARABIC LIGATURE KHAH WITH HAH ISOLATED FORM;Lo;0;AL; 062E 062D;;;;N;;;;; +FC1B;ARABIC LIGATURE KHAH WITH MEEM ISOLATED FORM;Lo;0;AL; 062E 0645;;;;N;;;;; +FC1C;ARABIC LIGATURE SEEN WITH JEEM ISOLATED FORM;Lo;0;AL; 0633 062C;;;;N;;;;; +FC1D;ARABIC LIGATURE SEEN WITH HAH ISOLATED FORM;Lo;0;AL; 0633 062D;;;;N;;;;; +FC1E;ARABIC LIGATURE SEEN WITH KHAH ISOLATED FORM;Lo;0;AL; 0633 062E;;;;N;;;;; +FC1F;ARABIC LIGATURE SEEN WITH MEEM ISOLATED FORM;Lo;0;AL; 0633 0645;;;;N;;;;; +FC20;ARABIC LIGATURE SAD WITH HAH ISOLATED FORM;Lo;0;AL; 0635 062D;;;;N;;;;; +FC21;ARABIC LIGATURE SAD WITH MEEM ISOLATED FORM;Lo;0;AL; 0635 0645;;;;N;;;;; +FC22;ARABIC LIGATURE DAD WITH JEEM ISOLATED FORM;Lo;0;AL; 0636 062C;;;;N;;;;; +FC23;ARABIC LIGATURE DAD WITH HAH ISOLATED FORM;Lo;0;AL; 0636 062D;;;;N;;;;; +FC24;ARABIC LIGATURE DAD WITH KHAH ISOLATED FORM;Lo;0;AL; 0636 062E;;;;N;;;;; +FC25;ARABIC LIGATURE DAD WITH MEEM ISOLATED FORM;Lo;0;AL; 0636 0645;;;;N;;;;; +FC26;ARABIC LIGATURE TAH WITH HAH ISOLATED FORM;Lo;0;AL; 0637 062D;;;;N;;;;; +FC27;ARABIC LIGATURE TAH WITH MEEM ISOLATED FORM;Lo;0;AL; 0637 0645;;;;N;;;;; +FC28;ARABIC LIGATURE ZAH WITH MEEM ISOLATED FORM;Lo;0;AL; 0638 0645;;;;N;;;;; +FC29;ARABIC LIGATURE AIN WITH JEEM ISOLATED FORM;Lo;0;AL; 0639 062C;;;;N;;;;; +FC2A;ARABIC LIGATURE AIN WITH MEEM ISOLATED FORM;Lo;0;AL; 0639 0645;;;;N;;;;; +FC2B;ARABIC LIGATURE GHAIN WITH JEEM ISOLATED FORM;Lo;0;AL; 063A 062C;;;;N;;;;; +FC2C;ARABIC LIGATURE GHAIN WITH MEEM ISOLATED FORM;Lo;0;AL; 063A 0645;;;;N;;;;; +FC2D;ARABIC LIGATURE FEH WITH JEEM ISOLATED FORM;Lo;0;AL; 0641 062C;;;;N;;;;; +FC2E;ARABIC LIGATURE FEH WITH HAH ISOLATED FORM;Lo;0;AL; 0641 062D;;;;N;;;;; +FC2F;ARABIC LIGATURE FEH WITH KHAH ISOLATED FORM;Lo;0;AL; 0641 062E;;;;N;;;;; +FC30;ARABIC LIGATURE FEH WITH MEEM ISOLATED FORM;Lo;0;AL; 0641 0645;;;;N;;;;; +FC31;ARABIC LIGATURE FEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0641 0649;;;;N;;;;; +FC32;ARABIC LIGATURE FEH WITH YEH ISOLATED FORM;Lo;0;AL; 0641 064A;;;;N;;;;; +FC33;ARABIC LIGATURE QAF WITH HAH ISOLATED FORM;Lo;0;AL; 0642 062D;;;;N;;;;; +FC34;ARABIC LIGATURE QAF WITH MEEM ISOLATED FORM;Lo;0;AL; 0642 0645;;;;N;;;;; +FC35;ARABIC LIGATURE QAF WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0642 0649;;;;N;;;;; +FC36;ARABIC LIGATURE QAF WITH YEH ISOLATED FORM;Lo;0;AL; 0642 064A;;;;N;;;;; +FC37;ARABIC LIGATURE KAF WITH ALEF ISOLATED FORM;Lo;0;AL; 0643 0627;;;;N;;;;; +FC38;ARABIC LIGATURE KAF WITH JEEM ISOLATED FORM;Lo;0;AL; 0643 062C;;;;N;;;;; +FC39;ARABIC LIGATURE KAF WITH HAH ISOLATED FORM;Lo;0;AL; 0643 062D;;;;N;;;;; +FC3A;ARABIC LIGATURE KAF WITH KHAH ISOLATED FORM;Lo;0;AL; 0643 062E;;;;N;;;;; +FC3B;ARABIC LIGATURE KAF WITH LAM ISOLATED FORM;Lo;0;AL; 0643 0644;;;;N;;;;; +FC3C;ARABIC LIGATURE KAF WITH MEEM ISOLATED FORM;Lo;0;AL; 0643 0645;;;;N;;;;; +FC3D;ARABIC LIGATURE KAF WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0643 0649;;;;N;;;;; +FC3E;ARABIC LIGATURE KAF WITH YEH ISOLATED FORM;Lo;0;AL; 0643 064A;;;;N;;;;; +FC3F;ARABIC LIGATURE LAM WITH JEEM ISOLATED FORM;Lo;0;AL; 0644 062C;;;;N;;;;; +FC40;ARABIC LIGATURE LAM WITH HAH ISOLATED FORM;Lo;0;AL; 0644 062D;;;;N;;;;; +FC41;ARABIC LIGATURE LAM WITH KHAH ISOLATED FORM;Lo;0;AL; 0644 062E;;;;N;;;;; +FC42;ARABIC LIGATURE LAM WITH MEEM ISOLATED FORM;Lo;0;AL; 0644 0645;;;;N;;;;; +FC43;ARABIC LIGATURE LAM WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0644 0649;;;;N;;;;; +FC44;ARABIC LIGATURE LAM WITH YEH ISOLATED FORM;Lo;0;AL; 0644 064A;;;;N;;;;; +FC45;ARABIC LIGATURE MEEM WITH JEEM ISOLATED FORM;Lo;0;AL; 0645 062C;;;;N;;;;; +FC46;ARABIC LIGATURE MEEM WITH HAH ISOLATED FORM;Lo;0;AL; 0645 062D;;;;N;;;;; +FC47;ARABIC LIGATURE MEEM WITH KHAH ISOLATED FORM;Lo;0;AL; 0645 062E;;;;N;;;;; +FC48;ARABIC LIGATURE MEEM WITH MEEM ISOLATED FORM;Lo;0;AL; 0645 0645;;;;N;;;;; +FC49;ARABIC LIGATURE MEEM WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0645 0649;;;;N;;;;; +FC4A;ARABIC LIGATURE MEEM WITH YEH ISOLATED FORM;Lo;0;AL; 0645 064A;;;;N;;;;; +FC4B;ARABIC LIGATURE NOON WITH JEEM ISOLATED FORM;Lo;0;AL; 0646 062C;;;;N;;;;; +FC4C;ARABIC LIGATURE NOON WITH HAH ISOLATED FORM;Lo;0;AL; 0646 062D;;;;N;;;;; +FC4D;ARABIC LIGATURE NOON WITH KHAH ISOLATED FORM;Lo;0;AL; 0646 062E;;;;N;;;;; +FC4E;ARABIC LIGATURE NOON WITH MEEM ISOLATED FORM;Lo;0;AL; 0646 0645;;;;N;;;;; +FC4F;ARABIC LIGATURE NOON WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0646 0649;;;;N;;;;; +FC50;ARABIC LIGATURE NOON WITH YEH ISOLATED FORM;Lo;0;AL; 0646 064A;;;;N;;;;; +FC51;ARABIC LIGATURE HEH WITH JEEM ISOLATED FORM;Lo;0;AL; 0647 062C;;;;N;;;;; +FC52;ARABIC LIGATURE HEH WITH MEEM ISOLATED FORM;Lo;0;AL; 0647 0645;;;;N;;;;; +FC53;ARABIC LIGATURE HEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0647 0649;;;;N;;;;; +FC54;ARABIC LIGATURE HEH WITH YEH ISOLATED FORM;Lo;0;AL; 0647 064A;;;;N;;;;; +FC55;ARABIC LIGATURE YEH WITH JEEM ISOLATED FORM;Lo;0;AL; 064A 062C;;;;N;;;;; +FC56;ARABIC LIGATURE YEH WITH HAH ISOLATED FORM;Lo;0;AL; 064A 062D;;;;N;;;;; +FC57;ARABIC LIGATURE YEH WITH KHAH ISOLATED FORM;Lo;0;AL; 064A 062E;;;;N;;;;; +FC58;ARABIC LIGATURE YEH WITH MEEM ISOLATED FORM;Lo;0;AL; 064A 0645;;;;N;;;;; +FC59;ARABIC LIGATURE YEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 064A 0649;;;;N;;;;; +FC5A;ARABIC LIGATURE YEH WITH YEH ISOLATED FORM;Lo;0;AL; 064A 064A;;;;N;;;;; +FC5B;ARABIC LIGATURE THAL WITH SUPERSCRIPT ALEF ISOLATED FORM;Lo;0;AL; 0630 0670;;;;N;;;;; +FC5C;ARABIC LIGATURE REH WITH SUPERSCRIPT ALEF ISOLATED FORM;Lo;0;AL; 0631 0670;;;;N;;;;; +FC5D;ARABIC LIGATURE ALEF MAKSURA WITH SUPERSCRIPT ALEF ISOLATED FORM;Lo;0;AL; 0649 0670;;;;N;;;;; +FC5E;ARABIC LIGATURE SHADDA WITH DAMMATAN ISOLATED FORM;Lo;0;AL; 0020 064C 0651;;;;N;;;;; +FC5F;ARABIC LIGATURE SHADDA WITH KASRATAN ISOLATED FORM;Lo;0;AL; 0020 064D 0651;;;;N;;;;; +FC60;ARABIC LIGATURE SHADDA WITH FATHA ISOLATED FORM;Lo;0;AL; 0020 064E 0651;;;;N;;;;; +FC61;ARABIC LIGATURE SHADDA WITH DAMMA ISOLATED FORM;Lo;0;AL; 0020 064F 0651;;;;N;;;;; +FC62;ARABIC LIGATURE SHADDA WITH KASRA ISOLATED FORM;Lo;0;AL; 0020 0650 0651;;;;N;;;;; +FC63;ARABIC LIGATURE SHADDA WITH SUPERSCRIPT ALEF ISOLATED FORM;Lo;0;AL; 0020 0651 0670;;;;N;;;;; +FC64;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH REH FINAL FORM;Lo;0;AL; 0626 0631;;;;N;;;;; +FC65;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ZAIN FINAL FORM;Lo;0;AL; 0626 0632;;;;N;;;;; +FC66;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM FINAL FORM;Lo;0;AL; 0626 0645;;;;N;;;;; +FC67;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH NOON FINAL FORM;Lo;0;AL; 0626 0646;;;;N;;;;; +FC68;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0626 0649;;;;N;;;;; +FC69;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YEH FINAL FORM;Lo;0;AL; 0626 064A;;;;N;;;;; +FC6A;ARABIC LIGATURE BEH WITH REH FINAL FORM;Lo;0;AL; 0628 0631;;;;N;;;;; +FC6B;ARABIC LIGATURE BEH WITH ZAIN FINAL FORM;Lo;0;AL; 0628 0632;;;;N;;;;; +FC6C;ARABIC LIGATURE BEH WITH MEEM FINAL FORM;Lo;0;AL; 0628 0645;;;;N;;;;; +FC6D;ARABIC LIGATURE BEH WITH NOON FINAL FORM;Lo;0;AL; 0628 0646;;;;N;;;;; +FC6E;ARABIC LIGATURE BEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0628 0649;;;;N;;;;; +FC6F;ARABIC LIGATURE BEH WITH YEH FINAL FORM;Lo;0;AL; 0628 064A;;;;N;;;;; +FC70;ARABIC LIGATURE TEH WITH REH FINAL FORM;Lo;0;AL; 062A 0631;;;;N;;;;; +FC71;ARABIC LIGATURE TEH WITH ZAIN FINAL FORM;Lo;0;AL; 062A 0632;;;;N;;;;; +FC72;ARABIC LIGATURE TEH WITH MEEM FINAL FORM;Lo;0;AL; 062A 0645;;;;N;;;;; +FC73;ARABIC LIGATURE TEH WITH NOON FINAL FORM;Lo;0;AL; 062A 0646;;;;N;;;;; +FC74;ARABIC LIGATURE TEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062A 0649;;;;N;;;;; +FC75;ARABIC LIGATURE TEH WITH YEH FINAL FORM;Lo;0;AL; 062A 064A;;;;N;;;;; +FC76;ARABIC LIGATURE THEH WITH REH FINAL FORM;Lo;0;AL; 062B 0631;;;;N;;;;; +FC77;ARABIC LIGATURE THEH WITH ZAIN FINAL FORM;Lo;0;AL; 062B 0632;;;;N;;;;; +FC78;ARABIC LIGATURE THEH WITH MEEM FINAL FORM;Lo;0;AL; 062B 0645;;;;N;;;;; +FC79;ARABIC LIGATURE THEH WITH NOON FINAL FORM;Lo;0;AL; 062B 0646;;;;N;;;;; +FC7A;ARABIC LIGATURE THEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062B 0649;;;;N;;;;; +FC7B;ARABIC LIGATURE THEH WITH YEH FINAL FORM;Lo;0;AL; 062B 064A;;;;N;;;;; +FC7C;ARABIC LIGATURE FEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0641 0649;;;;N;;;;; +FC7D;ARABIC LIGATURE FEH WITH YEH FINAL FORM;Lo;0;AL; 0641 064A;;;;N;;;;; +FC7E;ARABIC LIGATURE QAF WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0642 0649;;;;N;;;;; +FC7F;ARABIC LIGATURE QAF WITH YEH FINAL FORM;Lo;0;AL; 0642 064A;;;;N;;;;; +FC80;ARABIC LIGATURE KAF WITH ALEF FINAL FORM;Lo;0;AL; 0643 0627;;;;N;;;;; +FC81;ARABIC LIGATURE KAF WITH LAM FINAL FORM;Lo;0;AL; 0643 0644;;;;N;;;;; +FC82;ARABIC LIGATURE KAF WITH MEEM FINAL FORM;Lo;0;AL; 0643 0645;;;;N;;;;; +FC83;ARABIC LIGATURE KAF WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0643 0649;;;;N;;;;; +FC84;ARABIC LIGATURE KAF WITH YEH FINAL FORM;Lo;0;AL; 0643 064A;;;;N;;;;; +FC85;ARABIC LIGATURE LAM WITH MEEM FINAL FORM;Lo;0;AL; 0644 0645;;;;N;;;;; +FC86;ARABIC LIGATURE LAM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0644 0649;;;;N;;;;; +FC87;ARABIC LIGATURE LAM WITH YEH FINAL FORM;Lo;0;AL; 0644 064A;;;;N;;;;; +FC88;ARABIC LIGATURE MEEM WITH ALEF FINAL FORM;Lo;0;AL; 0645 0627;;;;N;;;;; +FC89;ARABIC LIGATURE MEEM WITH MEEM FINAL FORM;Lo;0;AL; 0645 0645;;;;N;;;;; +FC8A;ARABIC LIGATURE NOON WITH REH FINAL FORM;Lo;0;AL; 0646 0631;;;;N;;;;; +FC8B;ARABIC LIGATURE NOON WITH ZAIN FINAL FORM;Lo;0;AL; 0646 0632;;;;N;;;;; +FC8C;ARABIC LIGATURE NOON WITH MEEM FINAL FORM;Lo;0;AL; 0646 0645;;;;N;;;;; +FC8D;ARABIC LIGATURE NOON WITH NOON FINAL FORM;Lo;0;AL; 0646 0646;;;;N;;;;; +FC8E;ARABIC LIGATURE NOON WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0646 0649;;;;N;;;;; +FC8F;ARABIC LIGATURE NOON WITH YEH FINAL FORM;Lo;0;AL; 0646 064A;;;;N;;;;; +FC90;ARABIC LIGATURE ALEF MAKSURA WITH SUPERSCRIPT ALEF FINAL FORM;Lo;0;AL; 0649 0670;;;;N;;;;; +FC91;ARABIC LIGATURE YEH WITH REH FINAL FORM;Lo;0;AL; 064A 0631;;;;N;;;;; +FC92;ARABIC LIGATURE YEH WITH ZAIN FINAL FORM;Lo;0;AL; 064A 0632;;;;N;;;;; +FC93;ARABIC LIGATURE YEH WITH MEEM FINAL FORM;Lo;0;AL; 064A 0645;;;;N;;;;; +FC94;ARABIC LIGATURE YEH WITH NOON FINAL FORM;Lo;0;AL; 064A 0646;;;;N;;;;; +FC95;ARABIC LIGATURE YEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 064A 0649;;;;N;;;;; +FC96;ARABIC LIGATURE YEH WITH YEH FINAL FORM;Lo;0;AL; 064A 064A;;;;N;;;;; +FC97;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH JEEM INITIAL FORM;Lo;0;AL; 0626 062C;;;;N;;;;; +FC98;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HAH INITIAL FORM;Lo;0;AL; 0626 062D;;;;N;;;;; +FC99;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH KHAH INITIAL FORM;Lo;0;AL; 0626 062E;;;;N;;;;; +FC9A;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM INITIAL FORM;Lo;0;AL; 0626 0645;;;;N;;;;; +FC9B;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HEH INITIAL FORM;Lo;0;AL; 0626 0647;;;;N;;;;; +FC9C;ARABIC LIGATURE BEH WITH JEEM INITIAL FORM;Lo;0;AL; 0628 062C;;;;N;;;;; +FC9D;ARABIC LIGATURE BEH WITH HAH INITIAL FORM;Lo;0;AL; 0628 062D;;;;N;;;;; +FC9E;ARABIC LIGATURE BEH WITH KHAH INITIAL FORM;Lo;0;AL; 0628 062E;;;;N;;;;; +FC9F;ARABIC LIGATURE BEH WITH MEEM INITIAL FORM;Lo;0;AL; 0628 0645;;;;N;;;;; +FCA0;ARABIC LIGATURE BEH WITH HEH INITIAL FORM;Lo;0;AL; 0628 0647;;;;N;;;;; +FCA1;ARABIC LIGATURE TEH WITH JEEM INITIAL FORM;Lo;0;AL; 062A 062C;;;;N;;;;; +FCA2;ARABIC LIGATURE TEH WITH HAH INITIAL FORM;Lo;0;AL; 062A 062D;;;;N;;;;; +FCA3;ARABIC LIGATURE TEH WITH KHAH INITIAL FORM;Lo;0;AL; 062A 062E;;;;N;;;;; +FCA4;ARABIC LIGATURE TEH WITH MEEM INITIAL FORM;Lo;0;AL; 062A 0645;;;;N;;;;; +FCA5;ARABIC LIGATURE TEH WITH HEH INITIAL FORM;Lo;0;AL; 062A 0647;;;;N;;;;; +FCA6;ARABIC LIGATURE THEH WITH MEEM INITIAL FORM;Lo;0;AL; 062B 0645;;;;N;;;;; +FCA7;ARABIC LIGATURE JEEM WITH HAH INITIAL FORM;Lo;0;AL; 062C 062D;;;;N;;;;; +FCA8;ARABIC LIGATURE JEEM WITH MEEM INITIAL FORM;Lo;0;AL; 062C 0645;;;;N;;;;; +FCA9;ARABIC LIGATURE HAH WITH JEEM INITIAL FORM;Lo;0;AL; 062D 062C;;;;N;;;;; +FCAA;ARABIC LIGATURE HAH WITH MEEM INITIAL FORM;Lo;0;AL; 062D 0645;;;;N;;;;; +FCAB;ARABIC LIGATURE KHAH WITH JEEM INITIAL FORM;Lo;0;AL; 062E 062C;;;;N;;;;; +FCAC;ARABIC LIGATURE KHAH WITH MEEM INITIAL FORM;Lo;0;AL; 062E 0645;;;;N;;;;; +FCAD;ARABIC LIGATURE SEEN WITH JEEM INITIAL FORM;Lo;0;AL; 0633 062C;;;;N;;;;; +FCAE;ARABIC LIGATURE SEEN WITH HAH INITIAL FORM;Lo;0;AL; 0633 062D;;;;N;;;;; +FCAF;ARABIC LIGATURE SEEN WITH KHAH INITIAL FORM;Lo;0;AL; 0633 062E;;;;N;;;;; +FCB0;ARABIC LIGATURE SEEN WITH MEEM INITIAL FORM;Lo;0;AL; 0633 0645;;;;N;;;;; +FCB1;ARABIC LIGATURE SAD WITH HAH INITIAL FORM;Lo;0;AL; 0635 062D;;;;N;;;;; +FCB2;ARABIC LIGATURE SAD WITH KHAH INITIAL FORM;Lo;0;AL; 0635 062E;;;;N;;;;; +FCB3;ARABIC LIGATURE SAD WITH MEEM INITIAL FORM;Lo;0;AL; 0635 0645;;;;N;;;;; +FCB4;ARABIC LIGATURE DAD WITH JEEM INITIAL FORM;Lo;0;AL; 0636 062C;;;;N;;;;; +FCB5;ARABIC LIGATURE DAD WITH HAH INITIAL FORM;Lo;0;AL; 0636 062D;;;;N;;;;; +FCB6;ARABIC LIGATURE DAD WITH KHAH INITIAL FORM;Lo;0;AL; 0636 062E;;;;N;;;;; +FCB7;ARABIC LIGATURE DAD WITH MEEM INITIAL FORM;Lo;0;AL; 0636 0645;;;;N;;;;; +FCB8;ARABIC LIGATURE TAH WITH HAH INITIAL FORM;Lo;0;AL; 0637 062D;;;;N;;;;; +FCB9;ARABIC LIGATURE ZAH WITH MEEM INITIAL FORM;Lo;0;AL; 0638 0645;;;;N;;;;; +FCBA;ARABIC LIGATURE AIN WITH JEEM INITIAL FORM;Lo;0;AL; 0639 062C;;;;N;;;;; +FCBB;ARABIC LIGATURE AIN WITH MEEM INITIAL FORM;Lo;0;AL; 0639 0645;;;;N;;;;; +FCBC;ARABIC LIGATURE GHAIN WITH JEEM INITIAL FORM;Lo;0;AL; 063A 062C;;;;N;;;;; +FCBD;ARABIC LIGATURE GHAIN WITH MEEM INITIAL FORM;Lo;0;AL; 063A 0645;;;;N;;;;; +FCBE;ARABIC LIGATURE FEH WITH JEEM INITIAL FORM;Lo;0;AL; 0641 062C;;;;N;;;;; +FCBF;ARABIC LIGATURE FEH WITH HAH INITIAL FORM;Lo;0;AL; 0641 062D;;;;N;;;;; +FCC0;ARABIC LIGATURE FEH WITH KHAH INITIAL FORM;Lo;0;AL; 0641 062E;;;;N;;;;; +FCC1;ARABIC LIGATURE FEH WITH MEEM INITIAL FORM;Lo;0;AL; 0641 0645;;;;N;;;;; +FCC2;ARABIC LIGATURE QAF WITH HAH INITIAL FORM;Lo;0;AL; 0642 062D;;;;N;;;;; +FCC3;ARABIC LIGATURE QAF WITH MEEM INITIAL FORM;Lo;0;AL; 0642 0645;;;;N;;;;; +FCC4;ARABIC LIGATURE KAF WITH JEEM INITIAL FORM;Lo;0;AL; 0643 062C;;;;N;;;;; +FCC5;ARABIC LIGATURE KAF WITH HAH INITIAL FORM;Lo;0;AL; 0643 062D;;;;N;;;;; +FCC6;ARABIC LIGATURE KAF WITH KHAH INITIAL FORM;Lo;0;AL; 0643 062E;;;;N;;;;; +FCC7;ARABIC LIGATURE KAF WITH LAM INITIAL FORM;Lo;0;AL; 0643 0644;;;;N;;;;; +FCC8;ARABIC LIGATURE KAF WITH MEEM INITIAL FORM;Lo;0;AL; 0643 0645;;;;N;;;;; +FCC9;ARABIC LIGATURE LAM WITH JEEM INITIAL FORM;Lo;0;AL; 0644 062C;;;;N;;;;; +FCCA;ARABIC LIGATURE LAM WITH HAH INITIAL FORM;Lo;0;AL; 0644 062D;;;;N;;;;; +FCCB;ARABIC LIGATURE LAM WITH KHAH INITIAL FORM;Lo;0;AL; 0644 062E;;;;N;;;;; +FCCC;ARABIC LIGATURE LAM WITH MEEM INITIAL FORM;Lo;0;AL; 0644 0645;;;;N;;;;; +FCCD;ARABIC LIGATURE LAM WITH HEH INITIAL FORM;Lo;0;AL; 0644 0647;;;;N;;;;; +FCCE;ARABIC LIGATURE MEEM WITH JEEM INITIAL FORM;Lo;0;AL; 0645 062C;;;;N;;;;; +FCCF;ARABIC LIGATURE MEEM WITH HAH INITIAL FORM;Lo;0;AL; 0645 062D;;;;N;;;;; +FCD0;ARABIC LIGATURE MEEM WITH KHAH INITIAL FORM;Lo;0;AL; 0645 062E;;;;N;;;;; +FCD1;ARABIC LIGATURE MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0645 0645;;;;N;;;;; +FCD2;ARABIC LIGATURE NOON WITH JEEM INITIAL FORM;Lo;0;AL; 0646 062C;;;;N;;;;; +FCD3;ARABIC LIGATURE NOON WITH HAH INITIAL FORM;Lo;0;AL; 0646 062D;;;;N;;;;; +FCD4;ARABIC LIGATURE NOON WITH KHAH INITIAL FORM;Lo;0;AL; 0646 062E;;;;N;;;;; +FCD5;ARABIC LIGATURE NOON WITH MEEM INITIAL FORM;Lo;0;AL; 0646 0645;;;;N;;;;; +FCD6;ARABIC LIGATURE NOON WITH HEH INITIAL FORM;Lo;0;AL; 0646 0647;;;;N;;;;; +FCD7;ARABIC LIGATURE HEH WITH JEEM INITIAL FORM;Lo;0;AL; 0647 062C;;;;N;;;;; +FCD8;ARABIC LIGATURE HEH WITH MEEM INITIAL FORM;Lo;0;AL; 0647 0645;;;;N;;;;; +FCD9;ARABIC LIGATURE HEH WITH SUPERSCRIPT ALEF INITIAL FORM;Lo;0;AL; 0647 0670;;;;N;;;;; +FCDA;ARABIC LIGATURE YEH WITH JEEM INITIAL FORM;Lo;0;AL; 064A 062C;;;;N;;;;; +FCDB;ARABIC LIGATURE YEH WITH HAH INITIAL FORM;Lo;0;AL; 064A 062D;;;;N;;;;; +FCDC;ARABIC LIGATURE YEH WITH KHAH INITIAL FORM;Lo;0;AL; 064A 062E;;;;N;;;;; +FCDD;ARABIC LIGATURE YEH WITH MEEM INITIAL FORM;Lo;0;AL; 064A 0645;;;;N;;;;; +FCDE;ARABIC LIGATURE YEH WITH HEH INITIAL FORM;Lo;0;AL; 064A 0647;;;;N;;;;; +FCDF;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM MEDIAL FORM;Lo;0;AL; 0626 0645;;;;N;;;;; +FCE0;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HEH MEDIAL FORM;Lo;0;AL; 0626 0647;;;;N;;;;; +FCE1;ARABIC LIGATURE BEH WITH MEEM MEDIAL FORM;Lo;0;AL; 0628 0645;;;;N;;;;; +FCE2;ARABIC LIGATURE BEH WITH HEH MEDIAL FORM;Lo;0;AL; 0628 0647;;;;N;;;;; +FCE3;ARABIC LIGATURE TEH WITH MEEM MEDIAL FORM;Lo;0;AL; 062A 0645;;;;N;;;;; +FCE4;ARABIC LIGATURE TEH WITH HEH MEDIAL FORM;Lo;0;AL; 062A 0647;;;;N;;;;; +FCE5;ARABIC LIGATURE THEH WITH MEEM MEDIAL FORM;Lo;0;AL; 062B 0645;;;;N;;;;; +FCE6;ARABIC LIGATURE THEH WITH HEH MEDIAL FORM;Lo;0;AL; 062B 0647;;;;N;;;;; +FCE7;ARABIC LIGATURE SEEN WITH MEEM MEDIAL FORM;Lo;0;AL; 0633 0645;;;;N;;;;; +FCE8;ARABIC LIGATURE SEEN WITH HEH MEDIAL FORM;Lo;0;AL; 0633 0647;;;;N;;;;; +FCE9;ARABIC LIGATURE SHEEN WITH MEEM MEDIAL FORM;Lo;0;AL; 0634 0645;;;;N;;;;; +FCEA;ARABIC LIGATURE SHEEN WITH HEH MEDIAL FORM;Lo;0;AL; 0634 0647;;;;N;;;;; +FCEB;ARABIC LIGATURE KAF WITH LAM MEDIAL FORM;Lo;0;AL; 0643 0644;;;;N;;;;; +FCEC;ARABIC LIGATURE KAF WITH MEEM MEDIAL FORM;Lo;0;AL; 0643 0645;;;;N;;;;; +FCED;ARABIC LIGATURE LAM WITH MEEM MEDIAL FORM;Lo;0;AL; 0644 0645;;;;N;;;;; +FCEE;ARABIC LIGATURE NOON WITH MEEM MEDIAL FORM;Lo;0;AL; 0646 0645;;;;N;;;;; +FCEF;ARABIC LIGATURE NOON WITH HEH MEDIAL FORM;Lo;0;AL; 0646 0647;;;;N;;;;; +FCF0;ARABIC LIGATURE YEH WITH MEEM MEDIAL FORM;Lo;0;AL; 064A 0645;;;;N;;;;; +FCF1;ARABIC LIGATURE YEH WITH HEH MEDIAL FORM;Lo;0;AL; 064A 0647;;;;N;;;;; +FCF2;ARABIC LIGATURE SHADDA WITH FATHA MEDIAL FORM;Lo;0;AL; 0640 064E 0651;;;;N;;;;; +FCF3;ARABIC LIGATURE SHADDA WITH DAMMA MEDIAL FORM;Lo;0;AL; 0640 064F 0651;;;;N;;;;; +FCF4;ARABIC LIGATURE SHADDA WITH KASRA MEDIAL FORM;Lo;0;AL; 0640 0650 0651;;;;N;;;;; +FCF5;ARABIC LIGATURE TAH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0637 0649;;;;N;;;;; +FCF6;ARABIC LIGATURE TAH WITH YEH ISOLATED FORM;Lo;0;AL; 0637 064A;;;;N;;;;; +FCF7;ARABIC LIGATURE AIN WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0639 0649;;;;N;;;;; +FCF8;ARABIC LIGATURE AIN WITH YEH ISOLATED FORM;Lo;0;AL; 0639 064A;;;;N;;;;; +FCF9;ARABIC LIGATURE GHAIN WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 063A 0649;;;;N;;;;; +FCFA;ARABIC LIGATURE GHAIN WITH YEH ISOLATED FORM;Lo;0;AL; 063A 064A;;;;N;;;;; +FCFB;ARABIC LIGATURE SEEN WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0633 0649;;;;N;;;;; +FCFC;ARABIC LIGATURE SEEN WITH YEH ISOLATED FORM;Lo;0;AL; 0633 064A;;;;N;;;;; +FCFD;ARABIC LIGATURE SHEEN WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0634 0649;;;;N;;;;; +FCFE;ARABIC LIGATURE SHEEN WITH YEH ISOLATED FORM;Lo;0;AL; 0634 064A;;;;N;;;;; +FCFF;ARABIC LIGATURE HAH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 062D 0649;;;;N;;;;; +FD00;ARABIC LIGATURE HAH WITH YEH ISOLATED FORM;Lo;0;AL; 062D 064A;;;;N;;;;; +FD01;ARABIC LIGATURE JEEM WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 062C 0649;;;;N;;;;; +FD02;ARABIC LIGATURE JEEM WITH YEH ISOLATED FORM;Lo;0;AL; 062C 064A;;;;N;;;;; +FD03;ARABIC LIGATURE KHAH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 062E 0649;;;;N;;;;; +FD04;ARABIC LIGATURE KHAH WITH YEH ISOLATED FORM;Lo;0;AL; 062E 064A;;;;N;;;;; +FD05;ARABIC LIGATURE SAD WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0635 0649;;;;N;;;;; +FD06;ARABIC LIGATURE SAD WITH YEH ISOLATED FORM;Lo;0;AL; 0635 064A;;;;N;;;;; +FD07;ARABIC LIGATURE DAD WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0636 0649;;;;N;;;;; +FD08;ARABIC LIGATURE DAD WITH YEH ISOLATED FORM;Lo;0;AL; 0636 064A;;;;N;;;;; +FD09;ARABIC LIGATURE SHEEN WITH JEEM ISOLATED FORM;Lo;0;AL; 0634 062C;;;;N;;;;; +FD0A;ARABIC LIGATURE SHEEN WITH HAH ISOLATED FORM;Lo;0;AL; 0634 062D;;;;N;;;;; +FD0B;ARABIC LIGATURE SHEEN WITH KHAH ISOLATED FORM;Lo;0;AL; 0634 062E;;;;N;;;;; +FD0C;ARABIC LIGATURE SHEEN WITH MEEM ISOLATED FORM;Lo;0;AL; 0634 0645;;;;N;;;;; +FD0D;ARABIC LIGATURE SHEEN WITH REH ISOLATED FORM;Lo;0;AL; 0634 0631;;;;N;;;;; +FD0E;ARABIC LIGATURE SEEN WITH REH ISOLATED FORM;Lo;0;AL; 0633 0631;;;;N;;;;; +FD0F;ARABIC LIGATURE SAD WITH REH ISOLATED FORM;Lo;0;AL; 0635 0631;;;;N;;;;; +FD10;ARABIC LIGATURE DAD WITH REH ISOLATED FORM;Lo;0;AL; 0636 0631;;;;N;;;;; +FD11;ARABIC LIGATURE TAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0637 0649;;;;N;;;;; +FD12;ARABIC LIGATURE TAH WITH YEH FINAL FORM;Lo;0;AL; 0637 064A;;;;N;;;;; +FD13;ARABIC LIGATURE AIN WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0639 0649;;;;N;;;;; +FD14;ARABIC LIGATURE AIN WITH YEH FINAL FORM;Lo;0;AL; 0639 064A;;;;N;;;;; +FD15;ARABIC LIGATURE GHAIN WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 063A 0649;;;;N;;;;; +FD16;ARABIC LIGATURE GHAIN WITH YEH FINAL FORM;Lo;0;AL; 063A 064A;;;;N;;;;; +FD17;ARABIC LIGATURE SEEN WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0633 0649;;;;N;;;;; +FD18;ARABIC LIGATURE SEEN WITH YEH FINAL FORM;Lo;0;AL; 0633 064A;;;;N;;;;; +FD19;ARABIC LIGATURE SHEEN WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0634 0649;;;;N;;;;; +FD1A;ARABIC LIGATURE SHEEN WITH YEH FINAL FORM;Lo;0;AL; 0634 064A;;;;N;;;;; +FD1B;ARABIC LIGATURE HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062D 0649;;;;N;;;;; +FD1C;ARABIC LIGATURE HAH WITH YEH FINAL FORM;Lo;0;AL; 062D 064A;;;;N;;;;; +FD1D;ARABIC LIGATURE JEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062C 0649;;;;N;;;;; +FD1E;ARABIC LIGATURE JEEM WITH YEH FINAL FORM;Lo;0;AL; 062C 064A;;;;N;;;;; +FD1F;ARABIC LIGATURE KHAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062E 0649;;;;N;;;;; +FD20;ARABIC LIGATURE KHAH WITH YEH FINAL FORM;Lo;0;AL; 062E 064A;;;;N;;;;; +FD21;ARABIC LIGATURE SAD WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0635 0649;;;;N;;;;; +FD22;ARABIC LIGATURE SAD WITH YEH FINAL FORM;Lo;0;AL; 0635 064A;;;;N;;;;; +FD23;ARABIC LIGATURE DAD WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0636 0649;;;;N;;;;; +FD24;ARABIC LIGATURE DAD WITH YEH FINAL FORM;Lo;0;AL; 0636 064A;;;;N;;;;; +FD25;ARABIC LIGATURE SHEEN WITH JEEM FINAL FORM;Lo;0;AL; 0634 062C;;;;N;;;;; +FD26;ARABIC LIGATURE SHEEN WITH HAH FINAL FORM;Lo;0;AL; 0634 062D;;;;N;;;;; +FD27;ARABIC LIGATURE SHEEN WITH KHAH FINAL FORM;Lo;0;AL; 0634 062E;;;;N;;;;; +FD28;ARABIC LIGATURE SHEEN WITH MEEM FINAL FORM;Lo;0;AL; 0634 0645;;;;N;;;;; +FD29;ARABIC LIGATURE SHEEN WITH REH FINAL FORM;Lo;0;AL; 0634 0631;;;;N;;;;; +FD2A;ARABIC LIGATURE SEEN WITH REH FINAL FORM;Lo;0;AL; 0633 0631;;;;N;;;;; +FD2B;ARABIC LIGATURE SAD WITH REH FINAL FORM;Lo;0;AL; 0635 0631;;;;N;;;;; +FD2C;ARABIC LIGATURE DAD WITH REH FINAL FORM;Lo;0;AL; 0636 0631;;;;N;;;;; +FD2D;ARABIC LIGATURE SHEEN WITH JEEM INITIAL FORM;Lo;0;AL; 0634 062C;;;;N;;;;; +FD2E;ARABIC LIGATURE SHEEN WITH HAH INITIAL FORM;Lo;0;AL; 0634 062D;;;;N;;;;; +FD2F;ARABIC LIGATURE SHEEN WITH KHAH INITIAL FORM;Lo;0;AL; 0634 062E;;;;N;;;;; +FD30;ARABIC LIGATURE SHEEN WITH MEEM INITIAL FORM;Lo;0;AL; 0634 0645;;;;N;;;;; +FD31;ARABIC LIGATURE SEEN WITH HEH INITIAL FORM;Lo;0;AL; 0633 0647;;;;N;;;;; +FD32;ARABIC LIGATURE SHEEN WITH HEH INITIAL FORM;Lo;0;AL; 0634 0647;;;;N;;;;; +FD33;ARABIC LIGATURE TAH WITH MEEM INITIAL FORM;Lo;0;AL; 0637 0645;;;;N;;;;; +FD34;ARABIC LIGATURE SEEN WITH JEEM MEDIAL FORM;Lo;0;AL; 0633 062C;;;;N;;;;; +FD35;ARABIC LIGATURE SEEN WITH HAH MEDIAL FORM;Lo;0;AL; 0633 062D;;;;N;;;;; +FD36;ARABIC LIGATURE SEEN WITH KHAH MEDIAL FORM;Lo;0;AL; 0633 062E;;;;N;;;;; +FD37;ARABIC LIGATURE SHEEN WITH JEEM MEDIAL FORM;Lo;0;AL; 0634 062C;;;;N;;;;; +FD38;ARABIC LIGATURE SHEEN WITH HAH MEDIAL FORM;Lo;0;AL; 0634 062D;;;;N;;;;; +FD39;ARABIC LIGATURE SHEEN WITH KHAH MEDIAL FORM;Lo;0;AL; 0634 062E;;;;N;;;;; +FD3A;ARABIC LIGATURE TAH WITH MEEM MEDIAL FORM;Lo;0;AL; 0637 0645;;;;N;;;;; +FD3B;ARABIC LIGATURE ZAH WITH MEEM MEDIAL FORM;Lo;0;AL; 0638 0645;;;;N;;;;; +FD3C;ARABIC LIGATURE ALEF WITH FATHATAN FINAL FORM;Lo;0;AL; 0627 064B;;;;N;;;;; +FD3D;ARABIC LIGATURE ALEF WITH FATHATAN ISOLATED FORM;Lo;0;AL; 0627 064B;;;;N;;;;; +FD3E;ORNATE LEFT PARENTHESIS;Ps;0;ON;;;;;N;;;;; +FD3F;ORNATE RIGHT PARENTHESIS;Pe;0;ON;;;;;N;;;;; +FD50;ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL; 062A 062C 0645;;;;N;;;;; +FD51;ARABIC LIGATURE TEH WITH HAH WITH JEEM FINAL FORM;Lo;0;AL; 062A 062D 062C;;;;N;;;;; +FD52;ARABIC LIGATURE TEH WITH HAH WITH JEEM INITIAL FORM;Lo;0;AL; 062A 062D 062C;;;;N;;;;; +FD53;ARABIC LIGATURE TEH WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL; 062A 062D 0645;;;;N;;;;; +FD54;ARABIC LIGATURE TEH WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL; 062A 062E 0645;;;;N;;;;; +FD55;ARABIC LIGATURE TEH WITH MEEM WITH JEEM INITIAL FORM;Lo;0;AL; 062A 0645 062C;;;;N;;;;; +FD56;ARABIC LIGATURE TEH WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL; 062A 0645 062D;;;;N;;;;; +FD57;ARABIC LIGATURE TEH WITH MEEM WITH KHAH INITIAL FORM;Lo;0;AL; 062A 0645 062E;;;;N;;;;; +FD58;ARABIC LIGATURE JEEM WITH MEEM WITH HAH FINAL FORM;Lo;0;AL; 062C 0645 062D;;;;N;;;;; +FD59;ARABIC LIGATURE JEEM WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL; 062C 0645 062D;;;;N;;;;; +FD5A;ARABIC LIGATURE HAH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 062D 0645 064A;;;;N;;;;; +FD5B;ARABIC LIGATURE HAH WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062D 0645 0649;;;;N;;;;; +FD5C;ARABIC LIGATURE SEEN WITH HAH WITH JEEM INITIAL FORM;Lo;0;AL; 0633 062D 062C;;;;N;;;;; +FD5D;ARABIC LIGATURE SEEN WITH JEEM WITH HAH INITIAL FORM;Lo;0;AL; 0633 062C 062D;;;;N;;;;; +FD5E;ARABIC LIGATURE SEEN WITH JEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0633 062C 0649;;;;N;;;;; +FD5F;ARABIC LIGATURE SEEN WITH MEEM WITH HAH FINAL FORM;Lo;0;AL; 0633 0645 062D;;;;N;;;;; +FD60;ARABIC LIGATURE SEEN WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL; 0633 0645 062D;;;;N;;;;; +FD61;ARABIC LIGATURE SEEN WITH MEEM WITH JEEM INITIAL FORM;Lo;0;AL; 0633 0645 062C;;;;N;;;;; +FD62;ARABIC LIGATURE SEEN WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL; 0633 0645 0645;;;;N;;;;; +FD63;ARABIC LIGATURE SEEN WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0633 0645 0645;;;;N;;;;; +FD64;ARABIC LIGATURE SAD WITH HAH WITH HAH FINAL FORM;Lo;0;AL; 0635 062D 062D;;;;N;;;;; +FD65;ARABIC LIGATURE SAD WITH HAH WITH HAH INITIAL FORM;Lo;0;AL; 0635 062D 062D;;;;N;;;;; +FD66;ARABIC LIGATURE SAD WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL; 0635 0645 0645;;;;N;;;;; +FD67;ARABIC LIGATURE SHEEN WITH HAH WITH MEEM FINAL FORM;Lo;0;AL; 0634 062D 0645;;;;N;;;;; +FD68;ARABIC LIGATURE SHEEN WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL; 0634 062D 0645;;;;N;;;;; +FD69;ARABIC LIGATURE SHEEN WITH JEEM WITH YEH FINAL FORM;Lo;0;AL; 0634 062C 064A;;;;N;;;;; +FD6A;ARABIC LIGATURE SHEEN WITH MEEM WITH KHAH FINAL FORM;Lo;0;AL; 0634 0645 062E;;;;N;;;;; +FD6B;ARABIC LIGATURE SHEEN WITH MEEM WITH KHAH INITIAL FORM;Lo;0;AL; 0634 0645 062E;;;;N;;;;; +FD6C;ARABIC LIGATURE SHEEN WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL; 0634 0645 0645;;;;N;;;;; +FD6D;ARABIC LIGATURE SHEEN WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0634 0645 0645;;;;N;;;;; +FD6E;ARABIC LIGATURE DAD WITH HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0636 062D 0649;;;;N;;;;; +FD6F;ARABIC LIGATURE DAD WITH KHAH WITH MEEM FINAL FORM;Lo;0;AL; 0636 062E 0645;;;;N;;;;; +FD70;ARABIC LIGATURE DAD WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL; 0636 062E 0645;;;;N;;;;; +FD71;ARABIC LIGATURE TAH WITH MEEM WITH HAH FINAL FORM;Lo;0;AL; 0637 0645 062D;;;;N;;;;; +FD72;ARABIC LIGATURE TAH WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL; 0637 0645 062D;;;;N;;;;; +FD73;ARABIC LIGATURE TAH WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0637 0645 0645;;;;N;;;;; +FD74;ARABIC LIGATURE TAH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 0637 0645 064A;;;;N;;;;; +FD75;ARABIC LIGATURE AIN WITH JEEM WITH MEEM FINAL FORM;Lo;0;AL; 0639 062C 0645;;;;N;;;;; +FD76;ARABIC LIGATURE AIN WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL; 0639 0645 0645;;;;N;;;;; +FD77;ARABIC LIGATURE AIN WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0639 0645 0645;;;;N;;;;; +FD78;ARABIC LIGATURE AIN WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0639 0645 0649;;;;N;;;;; +FD79;ARABIC LIGATURE GHAIN WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL; 063A 0645 0645;;;;N;;;;; +FD7A;ARABIC LIGATURE GHAIN WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 063A 0645 064A;;;;N;;;;; +FD7B;ARABIC LIGATURE GHAIN WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 063A 0645 0649;;;;N;;;;; +FD7C;ARABIC LIGATURE FEH WITH KHAH WITH MEEM FINAL FORM;Lo;0;AL; 0641 062E 0645;;;;N;;;;; +FD7D;ARABIC LIGATURE FEH WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL; 0641 062E 0645;;;;N;;;;; +FD7E;ARABIC LIGATURE QAF WITH MEEM WITH HAH FINAL FORM;Lo;0;AL; 0642 0645 062D;;;;N;;;;; +FD7F;ARABIC LIGATURE QAF WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL; 0642 0645 0645;;;;N;;;;; +FD80;ARABIC LIGATURE LAM WITH HAH WITH MEEM FINAL FORM;Lo;0;AL; 0644 062D 0645;;;;N;;;;; +FD81;ARABIC LIGATURE LAM WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 0644 062D 064A;;;;N;;;;; +FD82;ARABIC LIGATURE LAM WITH HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0644 062D 0649;;;;N;;;;; +FD83;ARABIC LIGATURE LAM WITH JEEM WITH JEEM INITIAL FORM;Lo;0;AL; 0644 062C 062C;;;;N;;;;; +FD84;ARABIC LIGATURE LAM WITH JEEM WITH JEEM FINAL FORM;Lo;0;AL; 0644 062C 062C;;;;N;;;;; +FD85;ARABIC LIGATURE LAM WITH KHAH WITH MEEM FINAL FORM;Lo;0;AL; 0644 062E 0645;;;;N;;;;; +FD86;ARABIC LIGATURE LAM WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL; 0644 062E 0645;;;;N;;;;; +FD87;ARABIC LIGATURE LAM WITH MEEM WITH HAH FINAL FORM;Lo;0;AL; 0644 0645 062D;;;;N;;;;; +FD88;ARABIC LIGATURE LAM WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL; 0644 0645 062D;;;;N;;;;; +FD89;ARABIC LIGATURE MEEM WITH HAH WITH JEEM INITIAL FORM;Lo;0;AL; 0645 062D 062C;;;;N;;;;; +FD8A;ARABIC LIGATURE MEEM WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL; 0645 062D 0645;;;;N;;;;; +FD8B;ARABIC LIGATURE MEEM WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 0645 062D 064A;;;;N;;;;; +FD8C;ARABIC LIGATURE MEEM WITH JEEM WITH HAH INITIAL FORM;Lo;0;AL; 0645 062C 062D;;;;N;;;;; +FD8D;ARABIC LIGATURE MEEM WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0645 062C 0645;;;;N;;;;; +FD8E;ARABIC LIGATURE MEEM WITH KHAH WITH JEEM INITIAL FORM;Lo;0;AL; 0645 062E 062C;;;;N;;;;; +FD8F;ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL; 0645 062E 0645;;;;N;;;;; +FD92;ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM;Lo;0;AL; 0645 062C 062E;;;;N;;;;; +FD93;ARABIC LIGATURE HEH WITH MEEM WITH JEEM INITIAL FORM;Lo;0;AL; 0647 0645 062C;;;;N;;;;; +FD94;ARABIC LIGATURE HEH WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0647 0645 0645;;;;N;;;;; +FD95;ARABIC LIGATURE NOON WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL; 0646 062D 0645;;;;N;;;;; +FD96;ARABIC LIGATURE NOON WITH HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0646 062D 0649;;;;N;;;;; +FD97;ARABIC LIGATURE NOON WITH JEEM WITH MEEM FINAL FORM;Lo;0;AL; 0646 062C 0645;;;;N;;;;; +FD98;ARABIC LIGATURE NOON WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0646 062C 0645;;;;N;;;;; +FD99;ARABIC LIGATURE NOON WITH JEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0646 062C 0649;;;;N;;;;; +FD9A;ARABIC LIGATURE NOON WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 0646 0645 064A;;;;N;;;;; +FD9B;ARABIC LIGATURE NOON WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0646 0645 0649;;;;N;;;;; +FD9C;ARABIC LIGATURE YEH WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL; 064A 0645 0645;;;;N;;;;; +FD9D;ARABIC LIGATURE YEH WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 064A 0645 0645;;;;N;;;;; +FD9E;ARABIC LIGATURE BEH WITH KHAH WITH YEH FINAL FORM;Lo;0;AL; 0628 062E 064A;;;;N;;;;; +FD9F;ARABIC LIGATURE TEH WITH JEEM WITH YEH FINAL FORM;Lo;0;AL; 062A 062C 064A;;;;N;;;;; +FDA0;ARABIC LIGATURE TEH WITH JEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062A 062C 0649;;;;N;;;;; +FDA1;ARABIC LIGATURE TEH WITH KHAH WITH YEH FINAL FORM;Lo;0;AL; 062A 062E 064A;;;;N;;;;; +FDA2;ARABIC LIGATURE TEH WITH KHAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062A 062E 0649;;;;N;;;;; +FDA3;ARABIC LIGATURE TEH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 062A 0645 064A;;;;N;;;;; +FDA4;ARABIC LIGATURE TEH WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062A 0645 0649;;;;N;;;;; +FDA5;ARABIC LIGATURE JEEM WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 062C 0645 064A;;;;N;;;;; +FDA6;ARABIC LIGATURE JEEM WITH HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062C 062D 0649;;;;N;;;;; +FDA7;ARABIC LIGATURE JEEM WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062C 0645 0649;;;;N;;;;; +FDA8;ARABIC LIGATURE SEEN WITH KHAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0633 062E 0649;;;;N;;;;; +FDA9;ARABIC LIGATURE SAD WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 0635 062D 064A;;;;N;;;;; +FDAA;ARABIC LIGATURE SHEEN WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 0634 062D 064A;;;;N;;;;; +FDAB;ARABIC LIGATURE DAD WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 0636 062D 064A;;;;N;;;;; +FDAC;ARABIC LIGATURE LAM WITH JEEM WITH YEH FINAL FORM;Lo;0;AL; 0644 062C 064A;;;;N;;;;; +FDAD;ARABIC LIGATURE LAM WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 0644 0645 064A;;;;N;;;;; +FDAE;ARABIC LIGATURE YEH WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 064A 062D 064A;;;;N;;;;; +FDAF;ARABIC LIGATURE YEH WITH JEEM WITH YEH FINAL FORM;Lo;0;AL; 064A 062C 064A;;;;N;;;;; +FDB0;ARABIC LIGATURE YEH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 064A 0645 064A;;;;N;;;;; +FDB1;ARABIC LIGATURE MEEM WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 0645 0645 064A;;;;N;;;;; +FDB2;ARABIC LIGATURE QAF WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 0642 0645 064A;;;;N;;;;; +FDB3;ARABIC LIGATURE NOON WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 0646 062D 064A;;;;N;;;;; +FDB4;ARABIC LIGATURE QAF WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL; 0642 0645 062D;;;;N;;;;; +FDB5;ARABIC LIGATURE LAM WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL; 0644 062D 0645;;;;N;;;;; +FDB6;ARABIC LIGATURE AIN WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 0639 0645 064A;;;;N;;;;; +FDB7;ARABIC LIGATURE KAF WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 0643 0645 064A;;;;N;;;;; +FDB8;ARABIC LIGATURE NOON WITH JEEM WITH HAH INITIAL FORM;Lo;0;AL; 0646 062C 062D;;;;N;;;;; +FDB9;ARABIC LIGATURE MEEM WITH KHAH WITH YEH FINAL FORM;Lo;0;AL; 0645 062E 064A;;;;N;;;;; +FDBA;ARABIC LIGATURE LAM WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0644 062C 0645;;;;N;;;;; +FDBB;ARABIC LIGATURE KAF WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL; 0643 0645 0645;;;;N;;;;; +FDBC;ARABIC LIGATURE LAM WITH JEEM WITH MEEM FINAL FORM;Lo;0;AL; 0644 062C 0645;;;;N;;;;; +FDBD;ARABIC LIGATURE NOON WITH JEEM WITH HAH FINAL FORM;Lo;0;AL; 0646 062C 062D;;;;N;;;;; +FDBE;ARABIC LIGATURE JEEM WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 062C 062D 064A;;;;N;;;;; +FDBF;ARABIC LIGATURE HAH WITH JEEM WITH YEH FINAL FORM;Lo;0;AL; 062D 062C 064A;;;;N;;;;; +FDC0;ARABIC LIGATURE MEEM WITH JEEM WITH YEH FINAL FORM;Lo;0;AL; 0645 062C 064A;;;;N;;;;; +FDC1;ARABIC LIGATURE FEH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 0641 0645 064A;;;;N;;;;; +FDC2;ARABIC LIGATURE BEH WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 0628 062D 064A;;;;N;;;;; +FDC3;ARABIC LIGATURE KAF WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0643 0645 0645;;;;N;;;;; +FDC4;ARABIC LIGATURE AIN WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0639 062C 0645;;;;N;;;;; +FDC5;ARABIC LIGATURE SAD WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0635 0645 0645;;;;N;;;;; +FDC6;ARABIC LIGATURE SEEN WITH KHAH WITH YEH FINAL FORM;Lo;0;AL; 0633 062E 064A;;;;N;;;;; +FDC7;ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM;Lo;0;AL; 0646 062C 064A;;;;N;;;;; +FDF0;ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM;Lo;0;AL; 0635 0644 06D2;;;;N;;;;; +FDF1;ARABIC LIGATURE QALA USED AS KORANIC STOP SIGN ISOLATED FORM;Lo;0;AL; 0642 0644 06D2;;;;N;;;;; +FDF2;ARABIC LIGATURE ALLAH ISOLATED FORM;Lo;0;AL; 0627 0644 0644 0647;;;;N;;;;; +FDF3;ARABIC LIGATURE AKBAR ISOLATED FORM;Lo;0;AL; 0627 0643 0628 0631;;;;N;;;;; +FDF4;ARABIC LIGATURE MOHAMMAD ISOLATED FORM;Lo;0;AL; 0645 062D 0645 062F;;;;N;;;;; +FDF5;ARABIC LIGATURE SALAM ISOLATED FORM;Lo;0;AL; 0635 0644 0639 0645;;;;N;;;;; +FDF6;ARABIC LIGATURE RASOUL ISOLATED FORM;Lo;0;AL; 0631 0633 0648 0644;;;;N;;;;; +FDF7;ARABIC LIGATURE ALAYHE ISOLATED FORM;Lo;0;AL; 0639 0644 064A 0647;;;;N;;;;; +FDF8;ARABIC LIGATURE WASALLAM ISOLATED FORM;Lo;0;AL; 0648 0633 0644 0645;;;;N;;;;; +FDF9;ARABIC LIGATURE SALLA ISOLATED FORM;Lo;0;AL; 0635 0644 0649;;;;N;;;;; +FDFA;ARABIC LIGATURE SALLALLAHOU ALAYHE WASALLAM;Lo;0;AL; 0635 0644 0649 0020 0627 0644 0644 0647 0020 0639 0644 064A 0647 0020 0648 0633 0644 0645;;;;N;ARABIC LETTER SALLALLAHOU ALAYHE WASALLAM;;;; +FDFB;ARABIC LIGATURE JALLAJALALOUHOU;Lo;0;AL; 062C 0644 0020 062C 0644 0627 0644 0647;;;;N;ARABIC LETTER JALLAJALALOUHOU;;;; +FDFC;RIAL SIGN;Sc;0;AL; 0631 06CC 0627 0644;;;;N;;;;; +FDFD;ARABIC LIGATURE BISMILLAH AR-RAHMAN AR-RAHEEM;So;0;ON;;;;;N;;;;; +FE00;VARIATION SELECTOR-1;Mn;0;NSM;;;;;N;;;;; +FE01;VARIATION SELECTOR-2;Mn;0;NSM;;;;;N;;;;; +FE02;VARIATION SELECTOR-3;Mn;0;NSM;;;;;N;;;;; +FE03;VARIATION SELECTOR-4;Mn;0;NSM;;;;;N;;;;; +FE04;VARIATION SELECTOR-5;Mn;0;NSM;;;;;N;;;;; +FE05;VARIATION SELECTOR-6;Mn;0;NSM;;;;;N;;;;; +FE06;VARIATION SELECTOR-7;Mn;0;NSM;;;;;N;;;;; +FE07;VARIATION SELECTOR-8;Mn;0;NSM;;;;;N;;;;; +FE08;VARIATION SELECTOR-9;Mn;0;NSM;;;;;N;;;;; +FE09;VARIATION SELECTOR-10;Mn;0;NSM;;;;;N;;;;; +FE0A;VARIATION SELECTOR-11;Mn;0;NSM;;;;;N;;;;; +FE0B;VARIATION SELECTOR-12;Mn;0;NSM;;;;;N;;;;; +FE0C;VARIATION SELECTOR-13;Mn;0;NSM;;;;;N;;;;; +FE0D;VARIATION SELECTOR-14;Mn;0;NSM;;;;;N;;;;; +FE0E;VARIATION SELECTOR-15;Mn;0;NSM;;;;;N;;;;; +FE0F;VARIATION SELECTOR-16;Mn;0;NSM;;;;;N;;;;; +FE20;COMBINING LIGATURE LEFT HALF;Mn;230;NSM;;;;;N;;;;; +FE21;COMBINING LIGATURE RIGHT HALF;Mn;230;NSM;;;;;N;;;;; +FE22;COMBINING DOUBLE TILDE LEFT HALF;Mn;230;NSM;;;;;N;;;;; +FE23;COMBINING DOUBLE TILDE RIGHT HALF;Mn;230;NSM;;;;;N;;;;; +FE30;PRESENTATION FORM FOR VERTICAL TWO DOT LEADER;Po;0;ON; 2025;;;;N;GLYPH FOR VERTICAL TWO DOT LEADER;;;; +FE31;PRESENTATION FORM FOR VERTICAL EM DASH;Pd;0;ON; 2014;;;;N;GLYPH FOR VERTICAL EM DASH;;;; +FE32;PRESENTATION FORM FOR VERTICAL EN DASH;Pd;0;ON; 2013;;;;N;GLYPH FOR VERTICAL EN DASH;;;; +FE33;PRESENTATION FORM FOR VERTICAL LOW LINE;Pc;0;ON; 005F;;;;N;GLYPH FOR VERTICAL SPACING UNDERSCORE;;;; +FE34;PRESENTATION FORM FOR VERTICAL WAVY LOW LINE;Pc;0;ON; 005F;;;;N;GLYPH FOR VERTICAL SPACING WAVY UNDERSCORE;;;; +FE35;PRESENTATION FORM FOR VERTICAL LEFT PARENTHESIS;Ps;0;ON; 0028;;;;N;GLYPH FOR VERTICAL OPENING PARENTHESIS;;;; +FE36;PRESENTATION FORM FOR VERTICAL RIGHT PARENTHESIS;Pe;0;ON; 0029;;;;N;GLYPH FOR VERTICAL CLOSING PARENTHESIS;;;; +FE37;PRESENTATION FORM FOR VERTICAL LEFT CURLY BRACKET;Ps;0;ON; 007B;;;;N;GLYPH FOR VERTICAL OPENING CURLY BRACKET;;;; +FE38;PRESENTATION FORM FOR VERTICAL RIGHT CURLY BRACKET;Pe;0;ON; 007D;;;;N;GLYPH FOR VERTICAL CLOSING CURLY BRACKET;;;; +FE39;PRESENTATION FORM FOR VERTICAL LEFT TORTOISE SHELL BRACKET;Ps;0;ON; 3014;;;;N;GLYPH FOR VERTICAL OPENING TORTOISE SHELL BRACKET;;;; +FE3A;PRESENTATION FORM FOR VERTICAL RIGHT TORTOISE SHELL BRACKET;Pe;0;ON; 3015;;;;N;GLYPH FOR VERTICAL CLOSING TORTOISE SHELL BRACKET;;;; +FE3B;PRESENTATION FORM FOR VERTICAL LEFT BLACK LENTICULAR BRACKET;Ps;0;ON; 3010;;;;N;GLYPH FOR VERTICAL OPENING BLACK LENTICULAR BRACKET;;;; +FE3C;PRESENTATION FORM FOR VERTICAL RIGHT BLACK LENTICULAR BRACKET;Pe;0;ON; 3011;;;;N;GLYPH FOR VERTICAL CLOSING BLACK LENTICULAR BRACKET;;;; +FE3D;PRESENTATION FORM FOR VERTICAL LEFT DOUBLE ANGLE BRACKET;Ps;0;ON; 300A;;;;N;GLYPH FOR VERTICAL OPENING DOUBLE ANGLE BRACKET;;;; +FE3E;PRESENTATION FORM FOR VERTICAL RIGHT DOUBLE ANGLE BRACKET;Pe;0;ON; 300B;;;;N;GLYPH FOR VERTICAL CLOSING DOUBLE ANGLE BRACKET;;;; +FE3F;PRESENTATION FORM FOR VERTICAL LEFT ANGLE BRACKET;Ps;0;ON; 3008;;;;N;GLYPH FOR VERTICAL OPENING ANGLE BRACKET;;;; +FE40;PRESENTATION FORM FOR VERTICAL RIGHT ANGLE BRACKET;Pe;0;ON; 3009;;;;N;GLYPH FOR VERTICAL CLOSING ANGLE BRACKET;;;; +FE41;PRESENTATION FORM FOR VERTICAL LEFT CORNER BRACKET;Ps;0;ON; 300C;;;;N;GLYPH FOR VERTICAL OPENING CORNER BRACKET;;;; +FE42;PRESENTATION FORM FOR VERTICAL RIGHT CORNER BRACKET;Pe;0;ON; 300D;;;;N;GLYPH FOR VERTICAL CLOSING CORNER BRACKET;;;; +FE43;PRESENTATION FORM FOR VERTICAL LEFT WHITE CORNER BRACKET;Ps;0;ON; 300E;;;;N;GLYPH FOR VERTICAL OPENING WHITE CORNER BRACKET;;;; +FE44;PRESENTATION FORM FOR VERTICAL RIGHT WHITE CORNER BRACKET;Pe;0;ON; 300F;;;;N;GLYPH FOR VERTICAL CLOSING WHITE CORNER BRACKET;;;; +FE45;SESAME DOT;Po;0;ON;;;;;N;;;;; +FE46;WHITE SESAME DOT;Po;0;ON;;;;;N;;;;; +FE47;PRESENTATION FORM FOR VERTICAL LEFT SQUARE BRACKET;Ps;0;ON; 005B;;;;N;;;;; +FE48;PRESENTATION FORM FOR VERTICAL RIGHT SQUARE BRACKET;Pe;0;ON; 005D;;;;N;;;;; +FE49;DASHED OVERLINE;Po;0;ON; 203E;;;;N;SPACING DASHED OVERSCORE;;;; +FE4A;CENTRELINE OVERLINE;Po;0;ON; 203E;;;;N;SPACING CENTERLINE OVERSCORE;;;; +FE4B;WAVY OVERLINE;Po;0;ON; 203E;;;;N;SPACING WAVY OVERSCORE;;;; +FE4C;DOUBLE WAVY OVERLINE;Po;0;ON; 203E;;;;N;SPACING DOUBLE WAVY OVERSCORE;;;; +FE4D;DASHED LOW LINE;Pc;0;ON; 005F;;;;N;SPACING DASHED UNDERSCORE;;;; +FE4E;CENTRELINE LOW LINE;Pc;0;ON; 005F;;;;N;SPACING CENTERLINE UNDERSCORE;;;; +FE4F;WAVY LOW LINE;Pc;0;ON; 005F;;;;N;SPACING WAVY UNDERSCORE;;;; +FE50;SMALL COMMA;Po;0;CS; 002C;;;;N;;;;; +FE51;SMALL IDEOGRAPHIC COMMA;Po;0;ON; 3001;;;;N;;;;; +FE52;SMALL FULL STOP;Po;0;CS; 002E;;;;N;SMALL PERIOD;;;; +FE54;SMALL SEMICOLON;Po;0;ON; 003B;;;;N;;;;; +FE55;SMALL COLON;Po;0;CS; 003A;;;;N;;;;; +FE56;SMALL QUESTION MARK;Po;0;ON; 003F;;;;N;;;;; +FE57;SMALL EXCLAMATION MARK;Po;0;ON; 0021;;;;N;;;;; +FE58;SMALL EM DASH;Pd;0;ON; 2014;;;;N;;;;; +FE59;SMALL LEFT PARENTHESIS;Ps;0;ON; 0028;;;;N;SMALL OPENING PARENTHESIS;;;; +FE5A;SMALL RIGHT PARENTHESIS;Pe;0;ON; 0029;;;;N;SMALL CLOSING PARENTHESIS;;;; +FE5B;SMALL LEFT CURLY BRACKET;Ps;0;ON; 007B;;;;N;SMALL OPENING CURLY BRACKET;;;; +FE5C;SMALL RIGHT CURLY BRACKET;Pe;0;ON; 007D;;;;N;SMALL CLOSING CURLY BRACKET;;;; +FE5D;SMALL LEFT TORTOISE SHELL BRACKET;Ps;0;ON; 3014;;;;N;SMALL OPENING TORTOISE SHELL BRACKET;;;; +FE5E;SMALL RIGHT TORTOISE SHELL BRACKET;Pe;0;ON; 3015;;;;N;SMALL CLOSING TORTOISE SHELL BRACKET;;;; +FE5F;SMALL NUMBER SIGN;Po;0;ET; 0023;;;;N;;;;; +FE60;SMALL AMPERSAND;Po;0;ON; 0026;;;;N;;;;; +FE61;SMALL ASTERISK;Po;0;ON; 002A;;;;N;;;;; +FE62;SMALL PLUS SIGN;Sm;0;ET; 002B;;;;N;;;;; +FE63;SMALL HYPHEN-MINUS;Pd;0;ET; 002D;;;;N;;;;; +FE64;SMALL LESS-THAN SIGN;Sm;0;ON; 003C;;;;N;;;;; +FE65;SMALL GREATER-THAN SIGN;Sm;0;ON; 003E;;;;N;;;;; +FE66;SMALL EQUALS SIGN;Sm;0;ON; 003D;;;;N;;;;; +FE68;SMALL REVERSE SOLIDUS;Po;0;ON; 005C;;;;N;SMALL BACKSLASH;;;; +FE69;SMALL DOLLAR SIGN;Sc;0;ET; 0024;;;;N;;;;; +FE6A;SMALL PERCENT SIGN;Po;0;ET; 0025;;;;N;;;;; +FE6B;SMALL COMMERCIAL AT;Po;0;ON; 0040;;;;N;;;;; +FE70;ARABIC FATHATAN ISOLATED FORM;Lo;0;AL; 0020 064B;;;;N;ARABIC SPACING FATHATAN;;;; +FE71;ARABIC TATWEEL WITH FATHATAN ABOVE;Lo;0;AL; 0640 064B;;;;N;ARABIC FATHATAN ON TATWEEL;;;; +FE72;ARABIC DAMMATAN ISOLATED FORM;Lo;0;AL; 0020 064C;;;;N;ARABIC SPACING DAMMATAN;;;; +FE73;ARABIC TAIL FRAGMENT;Lo;0;AL;;;;;N;;;;; +FE74;ARABIC KASRATAN ISOLATED FORM;Lo;0;AL; 0020 064D;;;;N;ARABIC SPACING KASRATAN;;;; +FE76;ARABIC FATHA ISOLATED FORM;Lo;0;AL; 0020 064E;;;;N;ARABIC SPACING FATHAH;;;; +FE77;ARABIC FATHA MEDIAL FORM;Lo;0;AL; 0640 064E;;;;N;ARABIC FATHAH ON TATWEEL;;;; +FE78;ARABIC DAMMA ISOLATED FORM;Lo;0;AL; 0020 064F;;;;N;ARABIC SPACING DAMMAH;;;; +FE79;ARABIC DAMMA MEDIAL FORM;Lo;0;AL; 0640 064F;;;;N;ARABIC DAMMAH ON TATWEEL;;;; +FE7A;ARABIC KASRA ISOLATED FORM;Lo;0;AL; 0020 0650;;;;N;ARABIC SPACING KASRAH;;;; +FE7B;ARABIC KASRA MEDIAL FORM;Lo;0;AL; 0640 0650;;;;N;ARABIC KASRAH ON TATWEEL;;;; +FE7C;ARABIC SHADDA ISOLATED FORM;Lo;0;AL; 0020 0651;;;;N;ARABIC SPACING SHADDAH;;;; +FE7D;ARABIC SHADDA MEDIAL FORM;Lo;0;AL; 0640 0651;;;;N;ARABIC SHADDAH ON TATWEEL;;;; +FE7E;ARABIC SUKUN ISOLATED FORM;Lo;0;AL; 0020 0652;;;;N;ARABIC SPACING SUKUN;;;; +FE7F;ARABIC SUKUN MEDIAL FORM;Lo;0;AL; 0640 0652;;;;N;ARABIC SUKUN ON TATWEEL;;;; +FE80;ARABIC LETTER HAMZA ISOLATED FORM;Lo;0;AL; 0621;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH;;;; +FE81;ARABIC LETTER ALEF WITH MADDA ABOVE ISOLATED FORM;Lo;0;AL; 0622;;;;N;GLYPH FOR ISOLATE ARABIC MADDAH ON ALEF;;;; +FE82;ARABIC LETTER ALEF WITH MADDA ABOVE FINAL FORM;Lo;0;AL; 0622;;;;N;GLYPH FOR FINAL ARABIC MADDAH ON ALEF;;;; +FE83;ARABIC LETTER ALEF WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL; 0623;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH ON ALEF;;;; +FE84;ARABIC LETTER ALEF WITH HAMZA ABOVE FINAL FORM;Lo;0;AL; 0623;;;;N;GLYPH FOR FINAL ARABIC HAMZAH ON ALEF;;;; +FE85;ARABIC LETTER WAW WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL; 0624;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH ON WAW;;;; +FE86;ARABIC LETTER WAW WITH HAMZA ABOVE FINAL FORM;Lo;0;AL; 0624;;;;N;GLYPH FOR FINAL ARABIC HAMZAH ON WAW;;;; +FE87;ARABIC LETTER ALEF WITH HAMZA BELOW ISOLATED FORM;Lo;0;AL; 0625;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH UNDER ALEF;;;; +FE88;ARABIC LETTER ALEF WITH HAMZA BELOW FINAL FORM;Lo;0;AL; 0625;;;;N;GLYPH FOR FINAL ARABIC HAMZAH UNDER ALEF;;;; +FE89;ARABIC LETTER YEH WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL; 0626;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH ON YA;;;; +FE8A;ARABIC LETTER YEH WITH HAMZA ABOVE FINAL FORM;Lo;0;AL; 0626;;;;N;GLYPH FOR FINAL ARABIC HAMZAH ON YA;;;; +FE8B;ARABIC LETTER YEH WITH HAMZA ABOVE INITIAL FORM;Lo;0;AL; 0626;;;;N;GLYPH FOR INITIAL ARABIC HAMZAH ON YA;;;; +FE8C;ARABIC LETTER YEH WITH HAMZA ABOVE MEDIAL FORM;Lo;0;AL; 0626;;;;N;GLYPH FOR MEDIAL ARABIC HAMZAH ON YA;;;; +FE8D;ARABIC LETTER ALEF ISOLATED FORM;Lo;0;AL; 0627;;;;N;GLYPH FOR ISOLATE ARABIC ALEF;;;; +FE8E;ARABIC LETTER ALEF FINAL FORM;Lo;0;AL; 0627;;;;N;GLYPH FOR FINAL ARABIC ALEF;;;; +FE8F;ARABIC LETTER BEH ISOLATED FORM;Lo;0;AL; 0628;;;;N;GLYPH FOR ISOLATE ARABIC BAA;;;; +FE90;ARABIC LETTER BEH FINAL FORM;Lo;0;AL; 0628;;;;N;GLYPH FOR FINAL ARABIC BAA;;;; +FE91;ARABIC LETTER BEH INITIAL FORM;Lo;0;AL; 0628;;;;N;GLYPH FOR INITIAL ARABIC BAA;;;; +FE92;ARABIC LETTER BEH MEDIAL FORM;Lo;0;AL; 0628;;;;N;GLYPH FOR MEDIAL ARABIC BAA;;;; +FE93;ARABIC LETTER TEH MARBUTA ISOLATED FORM;Lo;0;AL; 0629;;;;N;GLYPH FOR ISOLATE ARABIC TAA MARBUTAH;;;; +FE94;ARABIC LETTER TEH MARBUTA FINAL FORM;Lo;0;AL; 0629;;;;N;GLYPH FOR FINAL ARABIC TAA MARBUTAH;;;; +FE95;ARABIC LETTER TEH ISOLATED FORM;Lo;0;AL; 062A;;;;N;GLYPH FOR ISOLATE ARABIC TAA;;;; +FE96;ARABIC LETTER TEH FINAL FORM;Lo;0;AL; 062A;;;;N;GLYPH FOR FINAL ARABIC TAA;;;; +FE97;ARABIC LETTER TEH INITIAL FORM;Lo;0;AL; 062A;;;;N;GLYPH FOR INITIAL ARABIC TAA;;;; +FE98;ARABIC LETTER TEH MEDIAL FORM;Lo;0;AL; 062A;;;;N;GLYPH FOR MEDIAL ARABIC TAA;;;; +FE99;ARABIC LETTER THEH ISOLATED FORM;Lo;0;AL; 062B;;;;N;GLYPH FOR ISOLATE ARABIC THAA;;;; +FE9A;ARABIC LETTER THEH FINAL FORM;Lo;0;AL; 062B;;;;N;GLYPH FOR FINAL ARABIC THAA;;;; +FE9B;ARABIC LETTER THEH INITIAL FORM;Lo;0;AL; 062B;;;;N;GLYPH FOR INITIAL ARABIC THAA;;;; +FE9C;ARABIC LETTER THEH MEDIAL FORM;Lo;0;AL; 062B;;;;N;GLYPH FOR MEDIAL ARABIC THAA;;;; +FE9D;ARABIC LETTER JEEM ISOLATED FORM;Lo;0;AL; 062C;;;;N;GLYPH FOR ISOLATE ARABIC JEEM;;;; +FE9E;ARABIC LETTER JEEM FINAL FORM;Lo;0;AL; 062C;;;;N;GLYPH FOR FINAL ARABIC JEEM;;;; +FE9F;ARABIC LETTER JEEM INITIAL FORM;Lo;0;AL; 062C;;;;N;GLYPH FOR INITIAL ARABIC JEEM;;;; +FEA0;ARABIC LETTER JEEM MEDIAL FORM;Lo;0;AL; 062C;;;;N;GLYPH FOR MEDIAL ARABIC JEEM;;;; +FEA1;ARABIC LETTER HAH ISOLATED FORM;Lo;0;AL; 062D;;;;N;GLYPH FOR ISOLATE ARABIC HAA;;;; +FEA2;ARABIC LETTER HAH FINAL FORM;Lo;0;AL; 062D;;;;N;GLYPH FOR FINAL ARABIC HAA;;;; +FEA3;ARABIC LETTER HAH INITIAL FORM;Lo;0;AL; 062D;;;;N;GLYPH FOR INITIAL ARABIC HAA;;;; +FEA4;ARABIC LETTER HAH MEDIAL FORM;Lo;0;AL; 062D;;;;N;GLYPH FOR MEDIAL ARABIC HAA;;;; +FEA5;ARABIC LETTER KHAH ISOLATED FORM;Lo;0;AL; 062E;;;;N;GLYPH FOR ISOLATE ARABIC KHAA;;;; +FEA6;ARABIC LETTER KHAH FINAL FORM;Lo;0;AL; 062E;;;;N;GLYPH FOR FINAL ARABIC KHAA;;;; +FEA7;ARABIC LETTER KHAH INITIAL FORM;Lo;0;AL; 062E;;;;N;GLYPH FOR INITIAL ARABIC KHAA;;;; +FEA8;ARABIC LETTER KHAH MEDIAL FORM;Lo;0;AL; 062E;;;;N;GLYPH FOR MEDIAL ARABIC KHAA;;;; +FEA9;ARABIC LETTER DAL ISOLATED FORM;Lo;0;AL; 062F;;;;N;GLYPH FOR ISOLATE ARABIC DAL;;;; +FEAA;ARABIC LETTER DAL FINAL FORM;Lo;0;AL; 062F;;;;N;GLYPH FOR FINAL ARABIC DAL;;;; +FEAB;ARABIC LETTER THAL ISOLATED FORM;Lo;0;AL; 0630;;;;N;GLYPH FOR ISOLATE ARABIC THAL;;;; +FEAC;ARABIC LETTER THAL FINAL FORM;Lo;0;AL; 0630;;;;N;GLYPH FOR FINAL ARABIC THAL;;;; +FEAD;ARABIC LETTER REH ISOLATED FORM;Lo;0;AL; 0631;;;;N;GLYPH FOR ISOLATE ARABIC RA;;;; +FEAE;ARABIC LETTER REH FINAL FORM;Lo;0;AL; 0631;;;;N;GLYPH FOR FINAL ARABIC RA;;;; +FEAF;ARABIC LETTER ZAIN ISOLATED FORM;Lo;0;AL; 0632;;;;N;GLYPH FOR ISOLATE ARABIC ZAIN;;;; +FEB0;ARABIC LETTER ZAIN FINAL FORM;Lo;0;AL; 0632;;;;N;GLYPH FOR FINAL ARABIC ZAIN;;;; +FEB1;ARABIC LETTER SEEN ISOLATED FORM;Lo;0;AL; 0633;;;;N;GLYPH FOR ISOLATE ARABIC SEEN;;;; +FEB2;ARABIC LETTER SEEN FINAL FORM;Lo;0;AL; 0633;;;;N;GLYPH FOR FINAL ARABIC SEEN;;;; +FEB3;ARABIC LETTER SEEN INITIAL FORM;Lo;0;AL; 0633;;;;N;GLYPH FOR INITIAL ARABIC SEEN;;;; +FEB4;ARABIC LETTER SEEN MEDIAL FORM;Lo;0;AL; 0633;;;;N;GLYPH FOR MEDIAL ARABIC SEEN;;;; +FEB5;ARABIC LETTER SHEEN ISOLATED FORM;Lo;0;AL; 0634;;;;N;GLYPH FOR ISOLATE ARABIC SHEEN;;;; +FEB6;ARABIC LETTER SHEEN FINAL FORM;Lo;0;AL; 0634;;;;N;GLYPH FOR FINAL ARABIC SHEEN;;;; +FEB7;ARABIC LETTER SHEEN INITIAL FORM;Lo;0;AL; 0634;;;;N;GLYPH FOR INITIAL ARABIC SHEEN;;;; +FEB8;ARABIC LETTER SHEEN MEDIAL FORM;Lo;0;AL; 0634;;;;N;GLYPH FOR MEDIAL ARABIC SHEEN;;;; +FEB9;ARABIC LETTER SAD ISOLATED FORM;Lo;0;AL; 0635;;;;N;GLYPH FOR ISOLATE ARABIC SAD;;;; +FEBA;ARABIC LETTER SAD FINAL FORM;Lo;0;AL; 0635;;;;N;GLYPH FOR FINAL ARABIC SAD;;;; +FEBB;ARABIC LETTER SAD INITIAL FORM;Lo;0;AL; 0635;;;;N;GLYPH FOR INITIAL ARABIC SAD;;;; +FEBC;ARABIC LETTER SAD MEDIAL FORM;Lo;0;AL; 0635;;;;N;GLYPH FOR MEDIAL ARABIC SAD;;;; +FEBD;ARABIC LETTER DAD ISOLATED FORM;Lo;0;AL; 0636;;;;N;GLYPH FOR ISOLATE ARABIC DAD;;;; +FEBE;ARABIC LETTER DAD FINAL FORM;Lo;0;AL; 0636;;;;N;GLYPH FOR FINAL ARABIC DAD;;;; +FEBF;ARABIC LETTER DAD INITIAL FORM;Lo;0;AL; 0636;;;;N;GLYPH FOR INITIAL ARABIC DAD;;;; +FEC0;ARABIC LETTER DAD MEDIAL FORM;Lo;0;AL; 0636;;;;N;GLYPH FOR MEDIAL ARABIC DAD;;;; +FEC1;ARABIC LETTER TAH ISOLATED FORM;Lo;0;AL; 0637;;;;N;GLYPH FOR ISOLATE ARABIC TAH;;;; +FEC2;ARABIC LETTER TAH FINAL FORM;Lo;0;AL; 0637;;;;N;GLYPH FOR FINAL ARABIC TAH;;;; +FEC3;ARABIC LETTER TAH INITIAL FORM;Lo;0;AL; 0637;;;;N;GLYPH FOR INITIAL ARABIC TAH;;;; +FEC4;ARABIC LETTER TAH MEDIAL FORM;Lo;0;AL; 0637;;;;N;GLYPH FOR MEDIAL ARABIC TAH;;;; +FEC5;ARABIC LETTER ZAH ISOLATED FORM;Lo;0;AL; 0638;;;;N;GLYPH FOR ISOLATE ARABIC DHAH;;;; +FEC6;ARABIC LETTER ZAH FINAL FORM;Lo;0;AL; 0638;;;;N;GLYPH FOR FINAL ARABIC DHAH;;;; +FEC7;ARABIC LETTER ZAH INITIAL FORM;Lo;0;AL; 0638;;;;N;GLYPH FOR INITIAL ARABIC DHAH;;;; +FEC8;ARABIC LETTER ZAH MEDIAL FORM;Lo;0;AL; 0638;;;;N;GLYPH FOR MEDIAL ARABIC DHAH;;;; +FEC9;ARABIC LETTER AIN ISOLATED FORM;Lo;0;AL; 0639;;;;N;GLYPH FOR ISOLATE ARABIC AIN;;;; +FECA;ARABIC LETTER AIN FINAL FORM;Lo;0;AL; 0639;;;;N;GLYPH FOR FINAL ARABIC AIN;;;; +FECB;ARABIC LETTER AIN INITIAL FORM;Lo;0;AL; 0639;;;;N;GLYPH FOR INITIAL ARABIC AIN;;;; +FECC;ARABIC LETTER AIN MEDIAL FORM;Lo;0;AL; 0639;;;;N;GLYPH FOR MEDIAL ARABIC AIN;;;; +FECD;ARABIC LETTER GHAIN ISOLATED FORM;Lo;0;AL; 063A;;;;N;GLYPH FOR ISOLATE ARABIC GHAIN;;;; +FECE;ARABIC LETTER GHAIN FINAL FORM;Lo;0;AL; 063A;;;;N;GLYPH FOR FINAL ARABIC GHAIN;;;; +FECF;ARABIC LETTER GHAIN INITIAL FORM;Lo;0;AL; 063A;;;;N;GLYPH FOR INITIAL ARABIC GHAIN;;;; +FED0;ARABIC LETTER GHAIN MEDIAL FORM;Lo;0;AL; 063A;;;;N;GLYPH FOR MEDIAL ARABIC GHAIN;;;; +FED1;ARABIC LETTER FEH ISOLATED FORM;Lo;0;AL; 0641;;;;N;GLYPH FOR ISOLATE ARABIC FA;;;; +FED2;ARABIC LETTER FEH FINAL FORM;Lo;0;AL; 0641;;;;N;GLYPH FOR FINAL ARABIC FA;;;; +FED3;ARABIC LETTER FEH INITIAL FORM;Lo;0;AL; 0641;;;;N;GLYPH FOR INITIAL ARABIC FA;;;; +FED4;ARABIC LETTER FEH MEDIAL FORM;Lo;0;AL; 0641;;;;N;GLYPH FOR MEDIAL ARABIC FA;;;; +FED5;ARABIC LETTER QAF ISOLATED FORM;Lo;0;AL; 0642;;;;N;GLYPH FOR ISOLATE ARABIC QAF;;;; +FED6;ARABIC LETTER QAF FINAL FORM;Lo;0;AL; 0642;;;;N;GLYPH FOR FINAL ARABIC QAF;;;; +FED7;ARABIC LETTER QAF INITIAL FORM;Lo;0;AL; 0642;;;;N;GLYPH FOR INITIAL ARABIC QAF;;;; +FED8;ARABIC LETTER QAF MEDIAL FORM;Lo;0;AL; 0642;;;;N;GLYPH FOR MEDIAL ARABIC QAF;;;; +FED9;ARABIC LETTER KAF ISOLATED FORM;Lo;0;AL; 0643;;;;N;GLYPH FOR ISOLATE ARABIC CAF;;;; +FEDA;ARABIC LETTER KAF FINAL FORM;Lo;0;AL; 0643;;;;N;GLYPH FOR FINAL ARABIC CAF;;;; +FEDB;ARABIC LETTER KAF INITIAL FORM;Lo;0;AL; 0643;;;;N;GLYPH FOR INITIAL ARABIC CAF;;;; +FEDC;ARABIC LETTER KAF MEDIAL FORM;Lo;0;AL; 0643;;;;N;GLYPH FOR MEDIAL ARABIC CAF;;;; +FEDD;ARABIC LETTER LAM ISOLATED FORM;Lo;0;AL; 0644;;;;N;GLYPH FOR ISOLATE ARABIC LAM;;;; +FEDE;ARABIC LETTER LAM FINAL FORM;Lo;0;AL; 0644;;;;N;GLYPH FOR FINAL ARABIC LAM;;;; +FEDF;ARABIC LETTER LAM INITIAL FORM;Lo;0;AL; 0644;;;;N;GLYPH FOR INITIAL ARABIC LAM;;;; +FEE0;ARABIC LETTER LAM MEDIAL FORM;Lo;0;AL; 0644;;;;N;GLYPH FOR MEDIAL ARABIC LAM;;;; +FEE1;ARABIC LETTER MEEM ISOLATED FORM;Lo;0;AL; 0645;;;;N;GLYPH FOR ISOLATE ARABIC MEEM;;;; +FEE2;ARABIC LETTER MEEM FINAL FORM;Lo;0;AL; 0645;;;;N;GLYPH FOR FINAL ARABIC MEEM;;;; +FEE3;ARABIC LETTER MEEM INITIAL FORM;Lo;0;AL; 0645;;;;N;GLYPH FOR INITIAL ARABIC MEEM;;;; +FEE4;ARABIC LETTER MEEM MEDIAL FORM;Lo;0;AL; 0645;;;;N;GLYPH FOR MEDIAL ARABIC MEEM;;;; +FEE5;ARABIC LETTER NOON ISOLATED FORM;Lo;0;AL; 0646;;;;N;GLYPH FOR ISOLATE ARABIC NOON;;;; +FEE6;ARABIC LETTER NOON FINAL FORM;Lo;0;AL; 0646;;;;N;GLYPH FOR FINAL ARABIC NOON;;;; +FEE7;ARABIC LETTER NOON INITIAL FORM;Lo;0;AL; 0646;;;;N;GLYPH FOR INITIAL ARABIC NOON;;;; +FEE8;ARABIC LETTER NOON MEDIAL FORM;Lo;0;AL; 0646;;;;N;GLYPH FOR MEDIAL ARABIC NOON;;;; +FEE9;ARABIC LETTER HEH ISOLATED FORM;Lo;0;AL; 0647;;;;N;GLYPH FOR ISOLATE ARABIC HA;;;; +FEEA;ARABIC LETTER HEH FINAL FORM;Lo;0;AL; 0647;;;;N;GLYPH FOR FINAL ARABIC HA;;;; +FEEB;ARABIC LETTER HEH INITIAL FORM;Lo;0;AL; 0647;;;;N;GLYPH FOR INITIAL ARABIC HA;;;; +FEEC;ARABIC LETTER HEH MEDIAL FORM;Lo;0;AL; 0647;;;;N;GLYPH FOR MEDIAL ARABIC HA;;;; +FEED;ARABIC LETTER WAW ISOLATED FORM;Lo;0;AL; 0648;;;;N;GLYPH FOR ISOLATE ARABIC WAW;;;; +FEEE;ARABIC LETTER WAW FINAL FORM;Lo;0;AL; 0648;;;;N;GLYPH FOR FINAL ARABIC WAW;;;; +FEEF;ARABIC LETTER ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0649;;;;N;GLYPH FOR ISOLATE ARABIC ALEF MAQSURAH;;;; +FEF0;ARABIC LETTER ALEF MAKSURA FINAL FORM;Lo;0;AL; 0649;;;;N;GLYPH FOR FINAL ARABIC ALEF MAQSURAH;;;; +FEF1;ARABIC LETTER YEH ISOLATED FORM;Lo;0;AL; 064A;;;;N;GLYPH FOR ISOLATE ARABIC YA;;;; +FEF2;ARABIC LETTER YEH FINAL FORM;Lo;0;AL; 064A;;;;N;GLYPH FOR FINAL ARABIC YA;;;; +FEF3;ARABIC LETTER YEH INITIAL FORM;Lo;0;AL; 064A;;;;N;GLYPH FOR INITIAL ARABIC YA;;;; +FEF4;ARABIC LETTER YEH MEDIAL FORM;Lo;0;AL; 064A;;;;N;GLYPH FOR MEDIAL ARABIC YA;;;; +FEF5;ARABIC LIGATURE LAM WITH ALEF WITH MADDA ABOVE ISOLATED FORM;Lo;0;AL; 0644 0622;;;;N;GLYPH FOR ISOLATE ARABIC MADDAH ON LIGATURE LAM ALEF;;;; +FEF6;ARABIC LIGATURE LAM WITH ALEF WITH MADDA ABOVE FINAL FORM;Lo;0;AL; 0644 0622;;;;N;GLYPH FOR FINAL ARABIC MADDAH ON LIGATURE LAM ALEF;;;; +FEF7;ARABIC LIGATURE LAM WITH ALEF WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL; 0644 0623;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH ON LIGATURE LAM ALEF;;;; +FEF8;ARABIC LIGATURE LAM WITH ALEF WITH HAMZA ABOVE FINAL FORM;Lo;0;AL; 0644 0623;;;;N;GLYPH FOR FINAL ARABIC HAMZAH ON LIGATURE LAM ALEF;;;; +FEF9;ARABIC LIGATURE LAM WITH ALEF WITH HAMZA BELOW ISOLATED FORM;Lo;0;AL; 0644 0625;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH UNDER LIGATURE LAM ALEF;;;; +FEFA;ARABIC LIGATURE LAM WITH ALEF WITH HAMZA BELOW FINAL FORM;Lo;0;AL; 0644 0625;;;;N;GLYPH FOR FINAL ARABIC HAMZAH UNDER LIGATURE LAM ALEF;;;; +FEFB;ARABIC LIGATURE LAM WITH ALEF ISOLATED FORM;Lo;0;AL; 0644 0627;;;;N;GLYPH FOR ISOLATE ARABIC LIGATURE LAM ALEF;;;; +FEFC;ARABIC LIGATURE LAM WITH ALEF FINAL FORM;Lo;0;AL; 0644 0627;;;;N;GLYPH FOR FINAL ARABIC LIGATURE LAM ALEF;;;; +FEFF;ZERO WIDTH NO-BREAK SPACE;Cf;0;BN;;;;;N;BYTE ORDER MARK;;;; +FF01;FULLWIDTH EXCLAMATION MARK;Po;0;ON; 0021;;;;N;;;;; +FF02;FULLWIDTH QUOTATION MARK;Po;0;ON; 0022;;;;N;;;;; +FF03;FULLWIDTH NUMBER SIGN;Po;0;ET; 0023;;;;N;;;;; +FF04;FULLWIDTH DOLLAR SIGN;Sc;0;ET; 0024;;;;N;;;;; +FF05;FULLWIDTH PERCENT SIGN;Po;0;ET; 0025;;;;N;;;;; +FF06;FULLWIDTH AMPERSAND;Po;0;ON; 0026;;;;N;;;;; +FF07;FULLWIDTH APOSTROPHE;Po;0;ON; 0027;;;;N;;;;; +FF08;FULLWIDTH LEFT PARENTHESIS;Ps;0;ON; 0028;;;;Y;FULLWIDTH OPENING PARENTHESIS;;;; +FF09;FULLWIDTH RIGHT PARENTHESIS;Pe;0;ON; 0029;;;;Y;FULLWIDTH CLOSING PARENTHESIS;;;; +FF0A;FULLWIDTH ASTERISK;Po;0;ON; 002A;;;;N;;;;; +FF0B;FULLWIDTH PLUS SIGN;Sm;0;ET; 002B;;;;N;;;;; +FF0C;FULLWIDTH COMMA;Po;0;CS; 002C;;;;N;;;;; +FF0D;FULLWIDTH HYPHEN-MINUS;Pd;0;ET; 002D;;;;N;;;;; +FF0E;FULLWIDTH FULL STOP;Po;0;CS; 002E;;;;N;FULLWIDTH PERIOD;;;; +FF0F;FULLWIDTH SOLIDUS;Po;0;ES; 002F;;;;N;FULLWIDTH SLASH;;;; +FF10;FULLWIDTH DIGIT ZERO;Nd;0;EN; 0030;0;0;0;N;;;;; +FF11;FULLWIDTH DIGIT ONE;Nd;0;EN; 0031;1;1;1;N;;;;; +FF12;FULLWIDTH DIGIT TWO;Nd;0;EN; 0032;2;2;2;N;;;;; +FF13;FULLWIDTH DIGIT THREE;Nd;0;EN; 0033;3;3;3;N;;;;; +FF14;FULLWIDTH DIGIT FOUR;Nd;0;EN; 0034;4;4;4;N;;;;; +FF15;FULLWIDTH DIGIT FIVE;Nd;0;EN; 0035;5;5;5;N;;;;; +FF16;FULLWIDTH DIGIT SIX;Nd;0;EN; 0036;6;6;6;N;;;;; +FF17;FULLWIDTH DIGIT SEVEN;Nd;0;EN; 0037;7;7;7;N;;;;; +FF18;FULLWIDTH DIGIT EIGHT;Nd;0;EN; 0038;8;8;8;N;;;;; +FF19;FULLWIDTH DIGIT NINE;Nd;0;EN; 0039;9;9;9;N;;;;; +FF1A;FULLWIDTH COLON;Po;0;CS; 003A;;;;N;;;;; +FF1B;FULLWIDTH SEMICOLON;Po;0;ON; 003B;;;;N;;;;; +FF1C;FULLWIDTH LESS-THAN SIGN;Sm;0;ON; 003C;;;;Y;;;;; +FF1D;FULLWIDTH EQUALS SIGN;Sm;0;ON; 003D;;;;N;;;;; +FF1E;FULLWIDTH GREATER-THAN SIGN;Sm;0;ON; 003E;;;;Y;;;;; +FF1F;FULLWIDTH QUESTION MARK;Po;0;ON; 003F;;;;N;;;;; +FF20;FULLWIDTH COMMERCIAL AT;Po;0;ON; 0040;;;;N;;;;; +FF21;FULLWIDTH LATIN CAPITAL LETTER A;Lu;0;L; 0041;;;;N;;;;FF41; +FF22;FULLWIDTH LATIN CAPITAL LETTER B;Lu;0;L; 0042;;;;N;;;;FF42; +FF23;FULLWIDTH LATIN CAPITAL LETTER C;Lu;0;L; 0043;;;;N;;;;FF43; +FF24;FULLWIDTH LATIN CAPITAL LETTER D;Lu;0;L; 0044;;;;N;;;;FF44; +FF25;FULLWIDTH LATIN CAPITAL LETTER E;Lu;0;L; 0045;;;;N;;;;FF45; +FF26;FULLWIDTH LATIN CAPITAL LETTER F;Lu;0;L; 0046;;;;N;;;;FF46; +FF27;FULLWIDTH LATIN CAPITAL LETTER G;Lu;0;L; 0047;;;;N;;;;FF47; +FF28;FULLWIDTH LATIN CAPITAL LETTER H;Lu;0;L; 0048;;;;N;;;;FF48; +FF29;FULLWIDTH LATIN CAPITAL LETTER I;Lu;0;L; 0049;;;;N;;;;FF49; +FF2A;FULLWIDTH LATIN CAPITAL LETTER J;Lu;0;L; 004A;;;;N;;;;FF4A; +FF2B;FULLWIDTH LATIN CAPITAL LETTER K;Lu;0;L; 004B;;;;N;;;;FF4B; +FF2C;FULLWIDTH LATIN CAPITAL LETTER L;Lu;0;L; 004C;;;;N;;;;FF4C; +FF2D;FULLWIDTH LATIN CAPITAL LETTER M;Lu;0;L; 004D;;;;N;;;;FF4D; +FF2E;FULLWIDTH LATIN CAPITAL LETTER N;Lu;0;L; 004E;;;;N;;;;FF4E; +FF2F;FULLWIDTH LATIN CAPITAL LETTER O;Lu;0;L; 004F;;;;N;;;;FF4F; +FF30;FULLWIDTH LATIN CAPITAL LETTER P;Lu;0;L; 0050;;;;N;;;;FF50; +FF31;FULLWIDTH LATIN CAPITAL LETTER Q;Lu;0;L; 0051;;;;N;;;;FF51; +FF32;FULLWIDTH LATIN CAPITAL LETTER R;Lu;0;L; 0052;;;;N;;;;FF52; +FF33;FULLWIDTH LATIN CAPITAL LETTER S;Lu;0;L; 0053;;;;N;;;;FF53; +FF34;FULLWIDTH LATIN CAPITAL LETTER T;Lu;0;L; 0054;;;;N;;;;FF54; +FF35;FULLWIDTH LATIN CAPITAL LETTER U;Lu;0;L; 0055;;;;N;;;;FF55; +FF36;FULLWIDTH LATIN CAPITAL LETTER V;Lu;0;L; 0056;;;;N;;;;FF56; +FF37;FULLWIDTH LATIN CAPITAL LETTER W;Lu;0;L; 0057;;;;N;;;;FF57; +FF38;FULLWIDTH LATIN CAPITAL LETTER X;Lu;0;L; 0058;;;;N;;;;FF58; +FF39;FULLWIDTH LATIN CAPITAL LETTER Y;Lu;0;L; 0059;;;;N;;;;FF59; +FF3A;FULLWIDTH LATIN CAPITAL LETTER Z;Lu;0;L; 005A;;;;N;;;;FF5A; +FF3B;FULLWIDTH LEFT SQUARE BRACKET;Ps;0;ON; 005B;;;;Y;FULLWIDTH OPENING SQUARE BRACKET;;;; +FF3C;FULLWIDTH REVERSE SOLIDUS;Po;0;ON; 005C;;;;N;FULLWIDTH BACKSLASH;;;; +FF3D;FULLWIDTH RIGHT SQUARE BRACKET;Pe;0;ON; 005D;;;;Y;FULLWIDTH CLOSING SQUARE BRACKET;;;; +FF3E;FULLWIDTH CIRCUMFLEX ACCENT;Sk;0;ON; 005E;;;;N;FULLWIDTH SPACING CIRCUMFLEX;;;; +FF3F;FULLWIDTH LOW LINE;Pc;0;ON; 005F;;;;N;FULLWIDTH SPACING UNDERSCORE;;;; +FF40;FULLWIDTH GRAVE ACCENT;Sk;0;ON; 0060;;;;N;FULLWIDTH SPACING GRAVE;;;; +FF41;FULLWIDTH LATIN SMALL LETTER A;Ll;0;L; 0061;;;;N;;;FF21;;FF21 +FF42;FULLWIDTH LATIN SMALL LETTER B;Ll;0;L; 0062;;;;N;;;FF22;;FF22 +FF43;FULLWIDTH LATIN SMALL LETTER C;Ll;0;L; 0063;;;;N;;;FF23;;FF23 +FF44;FULLWIDTH LATIN SMALL LETTER D;Ll;0;L; 0064;;;;N;;;FF24;;FF24 +FF45;FULLWIDTH LATIN SMALL LETTER E;Ll;0;L; 0065;;;;N;;;FF25;;FF25 +FF46;FULLWIDTH LATIN SMALL LETTER F;Ll;0;L; 0066;;;;N;;;FF26;;FF26 +FF47;FULLWIDTH LATIN SMALL LETTER G;Ll;0;L; 0067;;;;N;;;FF27;;FF27 +FF48;FULLWIDTH LATIN SMALL LETTER H;Ll;0;L; 0068;;;;N;;;FF28;;FF28 +FF49;FULLWIDTH LATIN SMALL LETTER I;Ll;0;L; 0069;;;;N;;;FF29;;FF29 +FF4A;FULLWIDTH LATIN SMALL LETTER J;Ll;0;L; 006A;;;;N;;;FF2A;;FF2A +FF4B;FULLWIDTH LATIN SMALL LETTER K;Ll;0;L; 006B;;;;N;;;FF2B;;FF2B +FF4C;FULLWIDTH LATIN SMALL LETTER L;Ll;0;L; 006C;;;;N;;;FF2C;;FF2C +FF4D;FULLWIDTH LATIN SMALL LETTER M;Ll;0;L; 006D;;;;N;;;FF2D;;FF2D +FF4E;FULLWIDTH LATIN SMALL LETTER N;Ll;0;L; 006E;;;;N;;;FF2E;;FF2E +FF4F;FULLWIDTH LATIN SMALL LETTER O;Ll;0;L; 006F;;;;N;;;FF2F;;FF2F +FF50;FULLWIDTH LATIN SMALL LETTER P;Ll;0;L; 0070;;;;N;;;FF30;;FF30 +FF51;FULLWIDTH LATIN SMALL LETTER Q;Ll;0;L; 0071;;;;N;;;FF31;;FF31 +FF52;FULLWIDTH LATIN SMALL LETTER R;Ll;0;L; 0072;;;;N;;;FF32;;FF32 +FF53;FULLWIDTH LATIN SMALL LETTER S;Ll;0;L; 0073;;;;N;;;FF33;;FF33 +FF54;FULLWIDTH LATIN SMALL LETTER T;Ll;0;L; 0074;;;;N;;;FF34;;FF34 +FF55;FULLWIDTH LATIN SMALL LETTER U;Ll;0;L; 0075;;;;N;;;FF35;;FF35 +FF56;FULLWIDTH LATIN SMALL LETTER V;Ll;0;L; 0076;;;;N;;;FF36;;FF36 +FF57;FULLWIDTH LATIN SMALL LETTER W;Ll;0;L; 0077;;;;N;;;FF37;;FF37 +FF58;FULLWIDTH LATIN SMALL LETTER X;Ll;0;L; 0078;;;;N;;;FF38;;FF38 +FF59;FULLWIDTH LATIN SMALL LETTER Y;Ll;0;L; 0079;;;;N;;;FF39;;FF39 +FF5A;FULLWIDTH LATIN SMALL LETTER Z;Ll;0;L; 007A;;;;N;;;FF3A;;FF3A +FF5B;FULLWIDTH LEFT CURLY BRACKET;Ps;0;ON; 007B;;;;Y;FULLWIDTH OPENING CURLY BRACKET;;;; +FF5C;FULLWIDTH VERTICAL LINE;Sm;0;ON; 007C;;;;N;FULLWIDTH VERTICAL BAR;;;; +FF5D;FULLWIDTH RIGHT CURLY BRACKET;Pe;0;ON; 007D;;;;Y;FULLWIDTH CLOSING CURLY BRACKET;;;; +FF5E;FULLWIDTH TILDE;Sm;0;ON; 007E;;;;N;FULLWIDTH SPACING TILDE;;;; +FF5F;FULLWIDTH LEFT WHITE PARENTHESIS;Ps;0;ON; 2985;;;;Y;;*;;; +FF60;FULLWIDTH RIGHT WHITE PARENTHESIS;Pe;0;ON; 2986;;;;Y;;*;;; +FF61;HALFWIDTH IDEOGRAPHIC FULL STOP;Po;0;ON; 3002;;;;N;HALFWIDTH IDEOGRAPHIC PERIOD;;;; +FF62;HALFWIDTH LEFT CORNER BRACKET;Ps;0;ON; 300C;;;;Y;HALFWIDTH OPENING CORNER BRACKET;;;; +FF63;HALFWIDTH RIGHT CORNER BRACKET;Pe;0;ON; 300D;;;;Y;HALFWIDTH CLOSING CORNER BRACKET;;;; +FF64;HALFWIDTH IDEOGRAPHIC COMMA;Po;0;ON; 3001;;;;N;;;;; +FF65;HALFWIDTH KATAKANA MIDDLE DOT;Pc;0;ON; 30FB;;;;N;;;;; +FF66;HALFWIDTH KATAKANA LETTER WO;Lo;0;L; 30F2;;;;N;;;;; +FF67;HALFWIDTH KATAKANA LETTER SMALL A;Lo;0;L; 30A1;;;;N;;;;; +FF68;HALFWIDTH KATAKANA LETTER SMALL I;Lo;0;L; 30A3;;;;N;;;;; +FF69;HALFWIDTH KATAKANA LETTER SMALL U;Lo;0;L; 30A5;;;;N;;;;; +FF6A;HALFWIDTH KATAKANA LETTER SMALL E;Lo;0;L; 30A7;;;;N;;;;; +FF6B;HALFWIDTH KATAKANA LETTER SMALL O;Lo;0;L; 30A9;;;;N;;;;; +FF6C;HALFWIDTH KATAKANA LETTER SMALL YA;Lo;0;L; 30E3;;;;N;;;;; +FF6D;HALFWIDTH KATAKANA LETTER SMALL YU;Lo;0;L; 30E5;;;;N;;;;; +FF6E;HALFWIDTH KATAKANA LETTER SMALL YO;Lo;0;L; 30E7;;;;N;;;;; +FF6F;HALFWIDTH KATAKANA LETTER SMALL TU;Lo;0;L; 30C3;;;;N;;;;; +FF70;HALFWIDTH KATAKANA-HIRAGANA PROLONGED SOUND MARK;Lm;0;L; 30FC;;;;N;;;;; +FF71;HALFWIDTH KATAKANA LETTER A;Lo;0;L; 30A2;;;;N;;;;; +FF72;HALFWIDTH KATAKANA LETTER I;Lo;0;L; 30A4;;;;N;;;;; +FF73;HALFWIDTH KATAKANA LETTER U;Lo;0;L; 30A6;;;;N;;;;; +FF74;HALFWIDTH KATAKANA LETTER E;Lo;0;L; 30A8;;;;N;;;;; +FF75;HALFWIDTH KATAKANA LETTER O;Lo;0;L; 30AA;;;;N;;;;; +FF76;HALFWIDTH KATAKANA LETTER KA;Lo;0;L; 30AB;;;;N;;;;; +FF77;HALFWIDTH KATAKANA LETTER KI;Lo;0;L; 30AD;;;;N;;;;; +FF78;HALFWIDTH KATAKANA LETTER KU;Lo;0;L; 30AF;;;;N;;;;; +FF79;HALFWIDTH KATAKANA LETTER KE;Lo;0;L; 30B1;;;;N;;;;; +FF7A;HALFWIDTH KATAKANA LETTER KO;Lo;0;L; 30B3;;;;N;;;;; +FF7B;HALFWIDTH KATAKANA LETTER SA;Lo;0;L; 30B5;;;;N;;;;; +FF7C;HALFWIDTH KATAKANA LETTER SI;Lo;0;L; 30B7;;;;N;;;;; +FF7D;HALFWIDTH KATAKANA LETTER SU;Lo;0;L; 30B9;;;;N;;;;; +FF7E;HALFWIDTH KATAKANA LETTER SE;Lo;0;L; 30BB;;;;N;;;;; +FF7F;HALFWIDTH KATAKANA LETTER SO;Lo;0;L; 30BD;;;;N;;;;; +FF80;HALFWIDTH KATAKANA LETTER TA;Lo;0;L; 30BF;;;;N;;;;; +FF81;HALFWIDTH KATAKANA LETTER TI;Lo;0;L; 30C1;;;;N;;;;; +FF82;HALFWIDTH KATAKANA LETTER TU;Lo;0;L; 30C4;;;;N;;;;; +FF83;HALFWIDTH KATAKANA LETTER TE;Lo;0;L; 30C6;;;;N;;;;; +FF84;HALFWIDTH KATAKANA LETTER TO;Lo;0;L; 30C8;;;;N;;;;; +FF85;HALFWIDTH KATAKANA LETTER NA;Lo;0;L; 30CA;;;;N;;;;; +FF86;HALFWIDTH KATAKANA LETTER NI;Lo;0;L; 30CB;;;;N;;;;; +FF87;HALFWIDTH KATAKANA LETTER NU;Lo;0;L; 30CC;;;;N;;;;; +FF88;HALFWIDTH KATAKANA LETTER NE;Lo;0;L; 30CD;;;;N;;;;; +FF89;HALFWIDTH KATAKANA LETTER NO;Lo;0;L; 30CE;;;;N;;;;; +FF8A;HALFWIDTH KATAKANA LETTER HA;Lo;0;L; 30CF;;;;N;;;;; +FF8B;HALFWIDTH KATAKANA LETTER HI;Lo;0;L; 30D2;;;;N;;;;; +FF8C;HALFWIDTH KATAKANA LETTER HU;Lo;0;L; 30D5;;;;N;;;;; +FF8D;HALFWIDTH KATAKANA LETTER HE;Lo;0;L; 30D8;;;;N;;;;; +FF8E;HALFWIDTH KATAKANA LETTER HO;Lo;0;L; 30DB;;;;N;;;;; +FF8F;HALFWIDTH KATAKANA LETTER MA;Lo;0;L; 30DE;;;;N;;;;; +FF90;HALFWIDTH KATAKANA LETTER MI;Lo;0;L; 30DF;;;;N;;;;; +FF91;HALFWIDTH KATAKANA LETTER MU;Lo;0;L; 30E0;;;;N;;;;; +FF92;HALFWIDTH KATAKANA LETTER ME;Lo;0;L; 30E1;;;;N;;;;; +FF93;HALFWIDTH KATAKANA LETTER MO;Lo;0;L; 30E2;;;;N;;;;; +FF94;HALFWIDTH KATAKANA LETTER YA;Lo;0;L; 30E4;;;;N;;;;; +FF95;HALFWIDTH KATAKANA LETTER YU;Lo;0;L; 30E6;;;;N;;;;; +FF96;HALFWIDTH KATAKANA LETTER YO;Lo;0;L; 30E8;;;;N;;;;; +FF97;HALFWIDTH KATAKANA LETTER RA;Lo;0;L; 30E9;;;;N;;;;; +FF98;HALFWIDTH KATAKANA LETTER RI;Lo;0;L; 30EA;;;;N;;;;; +FF99;HALFWIDTH KATAKANA LETTER RU;Lo;0;L; 30EB;;;;N;;;;; +FF9A;HALFWIDTH KATAKANA LETTER RE;Lo;0;L; 30EC;;;;N;;;;; +FF9B;HALFWIDTH KATAKANA LETTER RO;Lo;0;L; 30ED;;;;N;;;;; +FF9C;HALFWIDTH KATAKANA LETTER WA;Lo;0;L; 30EF;;;;N;;;;; +FF9D;HALFWIDTH KATAKANA LETTER N;Lo;0;L; 30F3;;;;N;;;;; +FF9E;HALFWIDTH KATAKANA VOICED SOUND MARK;Lm;0;L; 3099;;;;N;;halfwidth katakana-hiragana voiced sound mark;;; +FF9F;HALFWIDTH KATAKANA SEMI-VOICED SOUND MARK;Lm;0;L; 309A;;;;N;;halfwidth katakana-hiragana semi-voiced sound mark;;; +FFA0;HALFWIDTH HANGUL FILLER;Lo;0;L; 3164;;;;N;HALFWIDTH HANGUL CAE OM;;;; +FFA1;HALFWIDTH HANGUL LETTER KIYEOK;Lo;0;L; 3131;;;;N;HALFWIDTH HANGUL LETTER GIYEOG;;;; +FFA2;HALFWIDTH HANGUL LETTER SSANGKIYEOK;Lo;0;L; 3132;;;;N;HALFWIDTH HANGUL LETTER SSANG GIYEOG;;;; +FFA3;HALFWIDTH HANGUL LETTER KIYEOK-SIOS;Lo;0;L; 3133;;;;N;HALFWIDTH HANGUL LETTER GIYEOG SIOS;;;; +FFA4;HALFWIDTH HANGUL LETTER NIEUN;Lo;0;L; 3134;;;;N;;;;; +FFA5;HALFWIDTH HANGUL LETTER NIEUN-CIEUC;Lo;0;L; 3135;;;;N;HALFWIDTH HANGUL LETTER NIEUN JIEUJ;;;; +FFA6;HALFWIDTH HANGUL LETTER NIEUN-HIEUH;Lo;0;L; 3136;;;;N;HALFWIDTH HANGUL LETTER NIEUN HIEUH;;;; +FFA7;HALFWIDTH HANGUL LETTER TIKEUT;Lo;0;L; 3137;;;;N;HALFWIDTH HANGUL LETTER DIGEUD;;;; +FFA8;HALFWIDTH HANGUL LETTER SSANGTIKEUT;Lo;0;L; 3138;;;;N;HALFWIDTH HANGUL LETTER SSANG DIGEUD;;;; +FFA9;HALFWIDTH HANGUL LETTER RIEUL;Lo;0;L; 3139;;;;N;HALFWIDTH HANGUL LETTER LIEUL;;;; +FFAA;HALFWIDTH HANGUL LETTER RIEUL-KIYEOK;Lo;0;L; 313A;;;;N;HALFWIDTH HANGUL LETTER LIEUL GIYEOG;;;; +FFAB;HALFWIDTH HANGUL LETTER RIEUL-MIEUM;Lo;0;L; 313B;;;;N;HALFWIDTH HANGUL LETTER LIEUL MIEUM;;;; +FFAC;HALFWIDTH HANGUL LETTER RIEUL-PIEUP;Lo;0;L; 313C;;;;N;HALFWIDTH HANGUL LETTER LIEUL BIEUB;;;; +FFAD;HALFWIDTH HANGUL LETTER RIEUL-SIOS;Lo;0;L; 313D;;;;N;HALFWIDTH HANGUL LETTER LIEUL SIOS;;;; +FFAE;HALFWIDTH HANGUL LETTER RIEUL-THIEUTH;Lo;0;L; 313E;;;;N;HALFWIDTH HANGUL LETTER LIEUL TIEUT;;;; +FFAF;HALFWIDTH HANGUL LETTER RIEUL-PHIEUPH;Lo;0;L; 313F;;;;N;HALFWIDTH HANGUL LETTER LIEUL PIEUP;;;; +FFB0;HALFWIDTH HANGUL LETTER RIEUL-HIEUH;Lo;0;L; 3140;;;;N;HALFWIDTH HANGUL LETTER LIEUL HIEUH;;;; +FFB1;HALFWIDTH HANGUL LETTER MIEUM;Lo;0;L; 3141;;;;N;;;;; +FFB2;HALFWIDTH HANGUL LETTER PIEUP;Lo;0;L; 3142;;;;N;HALFWIDTH HANGUL LETTER BIEUB;;;; +FFB3;HALFWIDTH HANGUL LETTER SSANGPIEUP;Lo;0;L; 3143;;;;N;HALFWIDTH HANGUL LETTER SSANG BIEUB;;;; +FFB4;HALFWIDTH HANGUL LETTER PIEUP-SIOS;Lo;0;L; 3144;;;;N;HALFWIDTH HANGUL LETTER BIEUB SIOS;;;; +FFB5;HALFWIDTH HANGUL LETTER SIOS;Lo;0;L; 3145;;;;N;;;;; +FFB6;HALFWIDTH HANGUL LETTER SSANGSIOS;Lo;0;L; 3146;;;;N;HALFWIDTH HANGUL LETTER SSANG SIOS;;;; +FFB7;HALFWIDTH HANGUL LETTER IEUNG;Lo;0;L; 3147;;;;N;;;;; +FFB8;HALFWIDTH HANGUL LETTER CIEUC;Lo;0;L; 3148;;;;N;HALFWIDTH HANGUL LETTER JIEUJ;;;; +FFB9;HALFWIDTH HANGUL LETTER SSANGCIEUC;Lo;0;L; 3149;;;;N;HALFWIDTH HANGUL LETTER SSANG JIEUJ;;;; +FFBA;HALFWIDTH HANGUL LETTER CHIEUCH;Lo;0;L; 314A;;;;N;HALFWIDTH HANGUL LETTER CIEUC;;;; +FFBB;HALFWIDTH HANGUL LETTER KHIEUKH;Lo;0;L; 314B;;;;N;HALFWIDTH HANGUL LETTER KIYEOK;;;; +FFBC;HALFWIDTH HANGUL LETTER THIEUTH;Lo;0;L; 314C;;;;N;HALFWIDTH HANGUL LETTER TIEUT;;;; +FFBD;HALFWIDTH HANGUL LETTER PHIEUPH;Lo;0;L; 314D;;;;N;HALFWIDTH HANGUL LETTER PIEUP;;;; +FFBE;HALFWIDTH HANGUL LETTER HIEUH;Lo;0;L; 314E;;;;N;;;;; +FFC2;HALFWIDTH HANGUL LETTER A;Lo;0;L; 314F;;;;N;;;;; +FFC3;HALFWIDTH HANGUL LETTER AE;Lo;0;L; 3150;;;;N;;;;; +FFC4;HALFWIDTH HANGUL LETTER YA;Lo;0;L; 3151;;;;N;;;;; +FFC5;HALFWIDTH HANGUL LETTER YAE;Lo;0;L; 3152;;;;N;;;;; +FFC6;HALFWIDTH HANGUL LETTER EO;Lo;0;L; 3153;;;;N;;;;; +FFC7;HALFWIDTH HANGUL LETTER E;Lo;0;L; 3154;;;;N;;;;; +FFCA;HALFWIDTH HANGUL LETTER YEO;Lo;0;L; 3155;;;;N;;;;; +FFCB;HALFWIDTH HANGUL LETTER YE;Lo;0;L; 3156;;;;N;;;;; +FFCC;HALFWIDTH HANGUL LETTER O;Lo;0;L; 3157;;;;N;;;;; +FFCD;HALFWIDTH HANGUL LETTER WA;Lo;0;L; 3158;;;;N;;;;; +FFCE;HALFWIDTH HANGUL LETTER WAE;Lo;0;L; 3159;;;;N;;;;; +FFCF;HALFWIDTH HANGUL LETTER OE;Lo;0;L; 315A;;;;N;;;;; +FFD2;HALFWIDTH HANGUL LETTER YO;Lo;0;L; 315B;;;;N;;;;; +FFD3;HALFWIDTH HANGUL LETTER U;Lo;0;L; 315C;;;;N;;;;; +FFD4;HALFWIDTH HANGUL LETTER WEO;Lo;0;L; 315D;;;;N;;;;; +FFD5;HALFWIDTH HANGUL LETTER WE;Lo;0;L; 315E;;;;N;;;;; +FFD6;HALFWIDTH HANGUL LETTER WI;Lo;0;L; 315F;;;;N;;;;; +FFD7;HALFWIDTH HANGUL LETTER YU;Lo;0;L; 3160;;;;N;;;;; +FFDA;HALFWIDTH HANGUL LETTER EU;Lo;0;L; 3161;;;;N;;;;; +FFDB;HALFWIDTH HANGUL LETTER YI;Lo;0;L; 3162;;;;N;;;;; +FFDC;HALFWIDTH HANGUL LETTER I;Lo;0;L; 3163;;;;N;;;;; +FFE0;FULLWIDTH CENT SIGN;Sc;0;ET; 00A2;;;;N;;;;; +FFE1;FULLWIDTH POUND SIGN;Sc;0;ET; 00A3;;;;N;;;;; +FFE2;FULLWIDTH NOT SIGN;Sm;0;ON; 00AC;;;;N;;;;; +FFE3;FULLWIDTH MACRON;Sk;0;ON; 00AF;;;;N;FULLWIDTH SPACING MACRON;*;;; +FFE4;FULLWIDTH BROKEN BAR;So;0;ON; 00A6;;;;N;FULLWIDTH BROKEN VERTICAL BAR;;;; +FFE5;FULLWIDTH YEN SIGN;Sc;0;ET; 00A5;;;;N;;;;; +FFE6;FULLWIDTH WON SIGN;Sc;0;ET; 20A9;;;;N;;;;; +FFE8;HALFWIDTH FORMS LIGHT VERTICAL;So;0;ON; 2502;;;;N;;;;; +FFE9;HALFWIDTH LEFTWARDS ARROW;Sm;0;ON; 2190;;;;N;;;;; +FFEA;HALFWIDTH UPWARDS ARROW;Sm;0;ON; 2191;;;;N;;;;; +FFEB;HALFWIDTH RIGHTWARDS ARROW;Sm;0;ON; 2192;;;;N;;;;; +FFEC;HALFWIDTH DOWNWARDS ARROW;Sm;0;ON; 2193;;;;N;;;;; +FFED;HALFWIDTH BLACK SQUARE;So;0;ON; 25A0;;;;N;;;;; +FFEE;HALFWIDTH WHITE CIRCLE;So;0;ON; 25CB;;;;N;;;;; +FFF9;INTERLINEAR ANNOTATION ANCHOR;Cf;0;ON;;;;;N;;;;; +FFFA;INTERLINEAR ANNOTATION SEPARATOR;Cf;0;ON;;;;;N;;;;; +FFFB;INTERLINEAR ANNOTATION TERMINATOR;Cf;0;ON;;;;;N;;;;; +FFFC;OBJECT REPLACEMENT CHARACTER;So;0;ON;;;;;N;;;;; +FFFD;REPLACEMENT CHARACTER;So;0;ON;;;;;N;;;;; +10000;LINEAR B SYLLABLE B008 A;Lo;0;L;;;;;N;;;;; +10001;LINEAR B SYLLABLE B038 E;Lo;0;L;;;;;N;;;;; +10002;LINEAR B SYLLABLE B028 I;Lo;0;L;;;;;N;;;;; +10003;LINEAR B SYLLABLE B061 O;Lo;0;L;;;;;N;;;;; +10004;LINEAR B SYLLABLE B010 U;Lo;0;L;;;;;N;;;;; +10005;LINEAR B SYLLABLE B001 DA;Lo;0;L;;;;;N;;;;; +10006;LINEAR B SYLLABLE B045 DE;Lo;0;L;;;;;N;;;;; +10007;LINEAR B SYLLABLE B007 DI;Lo;0;L;;;;;N;;;;; +10008;LINEAR B SYLLABLE B014 DO;Lo;0;L;;;;;N;;;;; +10009;LINEAR B SYLLABLE B051 DU;Lo;0;L;;;;;N;;;;; +1000A;LINEAR B SYLLABLE B057 JA;Lo;0;L;;;;;N;;;;; +1000B;LINEAR B SYLLABLE B046 JE;Lo;0;L;;;;;N;;;;; +1000D;LINEAR B SYLLABLE B036 JO;Lo;0;L;;;;;N;;;;; +1000E;LINEAR B SYLLABLE B065 JU;Lo;0;L;;;;;N;;;;; +1000F;LINEAR B SYLLABLE B077 KA;Lo;0;L;;;;;N;;;;; +10010;LINEAR B SYLLABLE B044 KE;Lo;0;L;;;;;N;;;;; +10011;LINEAR B SYLLABLE B067 KI;Lo;0;L;;;;;N;;;;; +10012;LINEAR B SYLLABLE B070 KO;Lo;0;L;;;;;N;;;;; +10013;LINEAR B SYLLABLE B081 KU;Lo;0;L;;;;;N;;;;; +10014;LINEAR B SYLLABLE B080 MA;Lo;0;L;;;;;N;;;;; +10015;LINEAR B SYLLABLE B013 ME;Lo;0;L;;;;;N;;;;; +10016;LINEAR B SYLLABLE B073 MI;Lo;0;L;;;;;N;;;;; +10017;LINEAR B SYLLABLE B015 MO;Lo;0;L;;;;;N;;;;; +10018;LINEAR B SYLLABLE B023 MU;Lo;0;L;;;;;N;;;;; +10019;LINEAR B SYLLABLE B006 NA;Lo;0;L;;;;;N;;;;; +1001A;LINEAR B SYLLABLE B024 NE;Lo;0;L;;;;;N;;;;; +1001B;LINEAR B SYLLABLE B030 NI;Lo;0;L;;;;;N;;;;; +1001C;LINEAR B SYLLABLE B052 NO;Lo;0;L;;;;;N;;;;; +1001D;LINEAR B SYLLABLE B055 NU;Lo;0;L;;;;;N;;;;; +1001E;LINEAR B SYLLABLE B003 PA;Lo;0;L;;;;;N;;;;; +1001F;LINEAR B SYLLABLE B072 PE;Lo;0;L;;;;;N;;;;; +10020;LINEAR B SYLLABLE B039 PI;Lo;0;L;;;;;N;;;;; +10021;LINEAR B SYLLABLE B011 PO;Lo;0;L;;;;;N;;;;; +10022;LINEAR B SYLLABLE B050 PU;Lo;0;L;;;;;N;;;;; +10023;LINEAR B SYLLABLE B016 QA;Lo;0;L;;;;;N;;;;; +10024;LINEAR B SYLLABLE B078 QE;Lo;0;L;;;;;N;;;;; +10025;LINEAR B SYLLABLE B021 QI;Lo;0;L;;;;;N;;;;; +10026;LINEAR B SYLLABLE B032 QO;Lo;0;L;;;;;N;;;;; +10028;LINEAR B SYLLABLE B060 RA;Lo;0;L;;;;;N;;;;; +10029;LINEAR B SYLLABLE B027 RE;Lo;0;L;;;;;N;;;;; +1002A;LINEAR B SYLLABLE B053 RI;Lo;0;L;;;;;N;;;;; +1002B;LINEAR B SYLLABLE B002 RO;Lo;0;L;;;;;N;;;;; +1002C;LINEAR B SYLLABLE B026 RU;Lo;0;L;;;;;N;;;;; +1002D;LINEAR B SYLLABLE B031 SA;Lo;0;L;;;;;N;;;;; +1002E;LINEAR B SYLLABLE B009 SE;Lo;0;L;;;;;N;;;;; +1002F;LINEAR B SYLLABLE B041 SI;Lo;0;L;;;;;N;;;;; +10030;LINEAR B SYLLABLE B012 SO;Lo;0;L;;;;;N;;;;; +10031;LINEAR B SYLLABLE B058 SU;Lo;0;L;;;;;N;;;;; +10032;LINEAR B SYLLABLE B059 TA;Lo;0;L;;;;;N;;;;; +10033;LINEAR B SYLLABLE B004 TE;Lo;0;L;;;;;N;;;;; +10034;LINEAR B SYLLABLE B037 TI;Lo;0;L;;;;;N;;;;; +10035;LINEAR B SYLLABLE B005 TO;Lo;0;L;;;;;N;;;;; +10036;LINEAR B SYLLABLE B069 TU;Lo;0;L;;;;;N;;;;; +10037;LINEAR B SYLLABLE B054 WA;Lo;0;L;;;;;N;;;;; +10038;LINEAR B SYLLABLE B075 WE;Lo;0;L;;;;;N;;;;; +10039;LINEAR B SYLLABLE B040 WI;Lo;0;L;;;;;N;;;;; +1003A;LINEAR B SYLLABLE B042 WO;Lo;0;L;;;;;N;;;;; +1003C;LINEAR B SYLLABLE B017 ZA;Lo;0;L;;;;;N;;;;; +1003D;LINEAR B SYLLABLE B074 ZE;Lo;0;L;;;;;N;;;;; +1003F;LINEAR B SYLLABLE B020 ZO;Lo;0;L;;;;;N;;;;; +10040;LINEAR B SYLLABLE B025 A2;Lo;0;L;;;;;N;;;;; +10041;LINEAR B SYLLABLE B043 A3;Lo;0;L;;;;;N;;;;; +10042;LINEAR B SYLLABLE B085 AU;Lo;0;L;;;;;N;;;;; +10043;LINEAR B SYLLABLE B071 DWE;Lo;0;L;;;;;N;;;;; +10044;LINEAR B SYLLABLE B090 DWO;Lo;0;L;;;;;N;;;;; +10045;LINEAR B SYLLABLE B048 NWA;Lo;0;L;;;;;N;;;;; +10046;LINEAR B SYLLABLE B029 PU2;Lo;0;L;;;;;N;;;;; +10047;LINEAR B SYLLABLE B062 PTE;Lo;0;L;;;;;N;;;;; +10048;LINEAR B SYLLABLE B076 RA2;Lo;0;L;;;;;N;;;;; +10049;LINEAR B SYLLABLE B033 RA3;Lo;0;L;;;;;N;;;;; +1004A;LINEAR B SYLLABLE B068 RO2;Lo;0;L;;;;;N;;;;; +1004B;LINEAR B SYLLABLE B066 TA2;Lo;0;L;;;;;N;;;;; +1004C;LINEAR B SYLLABLE B087 TWE;Lo;0;L;;;;;N;;;;; +1004D;LINEAR B SYLLABLE B091 TWO;Lo;0;L;;;;;N;;;;; +10050;LINEAR B SYMBOL B018;Lo;0;L;;;;;N;;;;; +10051;LINEAR B SYMBOL B019;Lo;0;L;;;;;N;;;;; +10052;LINEAR B SYMBOL B022;Lo;0;L;;;;;N;;;;; +10053;LINEAR B SYMBOL B034;Lo;0;L;;;;;N;;;;; +10054;LINEAR B SYMBOL B047;Lo;0;L;;;;;N;;;;; +10055;LINEAR B SYMBOL B049;Lo;0;L;;;;;N;;;;; +10056;LINEAR B SYMBOL B056;Lo;0;L;;;;;N;;;;; +10057;LINEAR B SYMBOL B063;Lo;0;L;;;;;N;;;;; +10058;LINEAR B SYMBOL B064;Lo;0;L;;;;;N;;;;; +10059;LINEAR B SYMBOL B079;Lo;0;L;;;;;N;;;;; +1005A;LINEAR B SYMBOL B082;Lo;0;L;;;;;N;;;;; +1005B;LINEAR B SYMBOL B083;Lo;0;L;;;;;N;;;;; +1005C;LINEAR B SYMBOL B086;Lo;0;L;;;;;N;;;;; +1005D;LINEAR B SYMBOL B089;Lo;0;L;;;;;N;;;;; +10080;LINEAR B IDEOGRAM B100 MAN;Lo;0;L;;;;;N;;;;; +10081;LINEAR B IDEOGRAM B102 WOMAN;Lo;0;L;;;;;N;;;;; +10082;LINEAR B IDEOGRAM B104 DEER;Lo;0;L;;;;;N;;;;; +10083;LINEAR B IDEOGRAM B105 EQUID;Lo;0;L;;;;;N;;;;; +10084;LINEAR B IDEOGRAM B105F MARE;Lo;0;L;;;;;N;;;;; +10085;LINEAR B IDEOGRAM B105M STALLION;Lo;0;L;;;;;N;;;;; +10086;LINEAR B IDEOGRAM B106F EWE;Lo;0;L;;;;;N;;;;; +10087;LINEAR B IDEOGRAM B106M RAM;Lo;0;L;;;;;N;;;;; +10088;LINEAR B IDEOGRAM B107F SHE-GOAT;Lo;0;L;;;;;N;;;;; +10089;LINEAR B IDEOGRAM B107M HE-GOAT;Lo;0;L;;;;;N;;;;; +1008A;LINEAR B IDEOGRAM B108F SOW;Lo;0;L;;;;;N;;;;; +1008B;LINEAR B IDEOGRAM B108M BOAR;Lo;0;L;;;;;N;;;;; +1008C;LINEAR B IDEOGRAM B109F COW;Lo;0;L;;;;;N;;;;; +1008D;LINEAR B IDEOGRAM B109M BULL;Lo;0;L;;;;;N;;;;; +1008E;LINEAR B IDEOGRAM B120 WHEAT;Lo;0;L;;;;;N;;;;; +1008F;LINEAR B IDEOGRAM B121 BARLEY;Lo;0;L;;;;;N;;;;; +10090;LINEAR B IDEOGRAM B122 OLIVE;Lo;0;L;;;;;N;;;;; +10091;LINEAR B IDEOGRAM B123 SPICE;Lo;0;L;;;;;N;;;;; +10092;LINEAR B IDEOGRAM B125 CYPERUS;Lo;0;L;;;;;N;;;;; +10093;LINEAR B MONOGRAM B127 KAPO;Lo;0;L;;;;;N;;;;; +10094;LINEAR B MONOGRAM B128 KANAKO;Lo;0;L;;;;;N;;;;; +10095;LINEAR B IDEOGRAM B130 OIL;Lo;0;L;;;;;N;;;;; +10096;LINEAR B IDEOGRAM B131 WINE;Lo;0;L;;;;;N;;;;; +10097;LINEAR B IDEOGRAM B132;Lo;0;L;;;;;N;;;;; +10098;LINEAR B MONOGRAM B133 AREPA;Lo;0;L;;;;;N;;;;; +10099;LINEAR B MONOGRAM B135 MERI;Lo;0;L;;;;;N;;;;; +1009A;LINEAR B IDEOGRAM B140 BRONZE;Lo;0;L;;;;;N;;;;; +1009B;LINEAR B IDEOGRAM B141 GOLD;Lo;0;L;;;;;N;;;;; +1009C;LINEAR B IDEOGRAM B142;Lo;0;L;;;;;N;;;;; +1009D;LINEAR B IDEOGRAM B145 WOOL;Lo;0;L;;;;;N;;;;; +1009E;LINEAR B IDEOGRAM B146;Lo;0;L;;;;;N;;;;; +1009F;LINEAR B IDEOGRAM B150;Lo;0;L;;;;;N;;;;; +100A0;LINEAR B IDEOGRAM B151 HORN;Lo;0;L;;;;;N;;;;; +100A1;LINEAR B IDEOGRAM B152;Lo;0;L;;;;;N;;;;; +100A2;LINEAR B IDEOGRAM B153;Lo;0;L;;;;;N;;;;; +100A3;LINEAR B IDEOGRAM B154;Lo;0;L;;;;;N;;;;; +100A4;LINEAR B MONOGRAM B156 TURO2;Lo;0;L;;;;;N;;;;; +100A5;LINEAR B IDEOGRAM B157;Lo;0;L;;;;;N;;;;; +100A6;LINEAR B IDEOGRAM B158;Lo;0;L;;;;;N;;;;; +100A7;LINEAR B IDEOGRAM B159 CLOTH;Lo;0;L;;;;;N;;;;; +100A8;LINEAR B IDEOGRAM B160;Lo;0;L;;;;;N;;;;; +100A9;LINEAR B IDEOGRAM B161;Lo;0;L;;;;;N;;;;; +100AA;LINEAR B IDEOGRAM B162 GARMENT;Lo;0;L;;;;;N;;;;; +100AB;LINEAR B IDEOGRAM B163 ARMOUR;Lo;0;L;;;;;N;;;;; +100AC;LINEAR B IDEOGRAM B164;Lo;0;L;;;;;N;;;;; +100AD;LINEAR B IDEOGRAM B165;Lo;0;L;;;;;N;;;;; +100AE;LINEAR B IDEOGRAM B166;Lo;0;L;;;;;N;;;;; +100AF;LINEAR B IDEOGRAM B167;Lo;0;L;;;;;N;;;;; +100B0;LINEAR B IDEOGRAM B168;Lo;0;L;;;;;N;;;;; +100B1;LINEAR B IDEOGRAM B169;Lo;0;L;;;;;N;;;;; +100B2;LINEAR B IDEOGRAM B170;Lo;0;L;;;;;N;;;;; +100B3;LINEAR B IDEOGRAM B171;Lo;0;L;;;;;N;;;;; +100B4;LINEAR B IDEOGRAM B172;Lo;0;L;;;;;N;;;;; +100B5;LINEAR B IDEOGRAM B173 MONTH;Lo;0;L;;;;;N;;;;; +100B6;LINEAR B IDEOGRAM B174;Lo;0;L;;;;;N;;;;; +100B7;LINEAR B IDEOGRAM B176 TREE;Lo;0;L;;;;;N;;;;; +100B8;LINEAR B IDEOGRAM B177;Lo;0;L;;;;;N;;;;; +100B9;LINEAR B IDEOGRAM B178;Lo;0;L;;;;;N;;;;; +100BA;LINEAR B IDEOGRAM B179;Lo;0;L;;;;;N;;;;; +100BB;LINEAR B IDEOGRAM B180;Lo;0;L;;;;;N;;;;; +100BC;LINEAR B IDEOGRAM B181;Lo;0;L;;;;;N;;;;; +100BD;LINEAR B IDEOGRAM B182;Lo;0;L;;;;;N;;;;; +100BE;LINEAR B IDEOGRAM B183;Lo;0;L;;;;;N;;;;; +100BF;LINEAR B IDEOGRAM B184;Lo;0;L;;;;;N;;;;; +100C0;LINEAR B IDEOGRAM B185;Lo;0;L;;;;;N;;;;; +100C1;LINEAR B IDEOGRAM B189;Lo;0;L;;;;;N;;;;; +100C2;LINEAR B IDEOGRAM B190;Lo;0;L;;;;;N;;;;; +100C3;LINEAR B IDEOGRAM B191 HELMET;Lo;0;L;;;;;N;;;;; +100C4;LINEAR B IDEOGRAM B220 FOOTSTOOL;Lo;0;L;;;;;N;;;;; +100C5;LINEAR B IDEOGRAM B225 BATHTUB;Lo;0;L;;;;;N;;;;; +100C6;LINEAR B IDEOGRAM B230 SPEAR;Lo;0;L;;;;;N;;;;; +100C7;LINEAR B IDEOGRAM B231 ARROW;Lo;0;L;;;;;N;;;;; +100C8;LINEAR B IDEOGRAM B232;Lo;0;L;;;;;N;;;;; +100C9;LINEAR B IDEOGRAM B233 SWORD;Lo;0;L;;;;;N;;pug;;; +100CA;LINEAR B IDEOGRAM B234;Lo;0;L;;;;;N;;;;; +100CB;LINEAR B IDEOGRAM B236;Lo;0;L;;;;;N;;gup;;; +100CC;LINEAR B IDEOGRAM B240 WHEELED CHARIOT;Lo;0;L;;;;;N;;;;; +100CD;LINEAR B IDEOGRAM B241 CHARIOT;Lo;0;L;;;;;N;;;;; +100CE;LINEAR B IDEOGRAM B242 CHARIOT FRAME;Lo;0;L;;;;;N;;;;; +100CF;LINEAR B IDEOGRAM B243 WHEEL;Lo;0;L;;;;;N;;;;; +100D0;LINEAR B IDEOGRAM B245;Lo;0;L;;;;;N;;;;; +100D1;LINEAR B IDEOGRAM B246;Lo;0;L;;;;;N;;;;; +100D2;LINEAR B MONOGRAM B247 DIPTE;Lo;0;L;;;;;N;;;;; +100D3;LINEAR B IDEOGRAM B248;Lo;0;L;;;;;N;;;;; +100D4;LINEAR B IDEOGRAM B249;Lo;0;L;;;;;N;;;;; +100D5;LINEAR B IDEOGRAM B251;Lo;0;L;;;;;N;;;;; +100D6;LINEAR B IDEOGRAM B252;Lo;0;L;;;;;N;;;;; +100D7;LINEAR B IDEOGRAM B253;Lo;0;L;;;;;N;;;;; +100D8;LINEAR B IDEOGRAM B254 DART;Lo;0;L;;;;;N;;;;; +100D9;LINEAR B IDEOGRAM B255;Lo;0;L;;;;;N;;;;; +100DA;LINEAR B IDEOGRAM B256;Lo;0;L;;;;;N;;;;; +100DB;LINEAR B IDEOGRAM B257;Lo;0;L;;;;;N;;;;; +100DC;LINEAR B IDEOGRAM B258;Lo;0;L;;;;;N;;;;; +100DD;LINEAR B IDEOGRAM B259;Lo;0;L;;;;;N;;;;; +100DE;LINEAR B IDEOGRAM VESSEL B155;Lo;0;L;;;;;N;;;;; +100DF;LINEAR B IDEOGRAM VESSEL B200;Lo;0;L;;;;;N;;;;; +100E0;LINEAR B IDEOGRAM VESSEL B201;Lo;0;L;;;;;N;;;;; +100E1;LINEAR B IDEOGRAM VESSEL B202;Lo;0;L;;;;;N;;;;; +100E2;LINEAR B IDEOGRAM VESSEL B203;Lo;0;L;;;;;N;;;;; +100E3;LINEAR B IDEOGRAM VESSEL B204;Lo;0;L;;;;;N;;;;; +100E4;LINEAR B IDEOGRAM VESSEL B205;Lo;0;L;;;;;N;;;;; +100E5;LINEAR B IDEOGRAM VESSEL B206;Lo;0;L;;;;;N;;;;; +100E6;LINEAR B IDEOGRAM VESSEL B207;Lo;0;L;;;;;N;;;;; +100E7;LINEAR B IDEOGRAM VESSEL B208;Lo;0;L;;;;;N;;;;; +100E8;LINEAR B IDEOGRAM VESSEL B209;Lo;0;L;;;;;N;;;;; +100E9;LINEAR B IDEOGRAM VESSEL B210;Lo;0;L;;;;;N;;;;; +100EA;LINEAR B IDEOGRAM VESSEL B211;Lo;0;L;;;;;N;;;;; +100EB;LINEAR B IDEOGRAM VESSEL B212;Lo;0;L;;;;;N;;;;; +100EC;LINEAR B IDEOGRAM VESSEL B213;Lo;0;L;;;;;N;;;;; +100ED;LINEAR B IDEOGRAM VESSEL B214;Lo;0;L;;;;;N;;;;; +100EE;LINEAR B IDEOGRAM VESSEL B215;Lo;0;L;;;;;N;;;;; +100EF;LINEAR B IDEOGRAM VESSEL B216;Lo;0;L;;;;;N;;;;; +100F0;LINEAR B IDEOGRAM VESSEL B217;Lo;0;L;;;;;N;;;;; +100F1;LINEAR B IDEOGRAM VESSEL B218;Lo;0;L;;;;;N;;;;; +100F2;LINEAR B IDEOGRAM VESSEL B219;Lo;0;L;;;;;N;;;;; +100F3;LINEAR B IDEOGRAM VESSEL B221;Lo;0;L;;;;;N;;;;; +100F4;LINEAR B IDEOGRAM VESSEL B222;Lo;0;L;;;;;N;;;;; +100F5;LINEAR B IDEOGRAM VESSEL B226;Lo;0;L;;;;;N;;;;; +100F6;LINEAR B IDEOGRAM VESSEL B227;Lo;0;L;;;;;N;;;;; +100F7;LINEAR B IDEOGRAM VESSEL B228;Lo;0;L;;;;;N;;;;; +100F8;LINEAR B IDEOGRAM VESSEL B229;Lo;0;L;;;;;N;;;;; +100F9;LINEAR B IDEOGRAM VESSEL B250;Lo;0;L;;;;;N;;;;; +100FA;LINEAR B IDEOGRAM VESSEL B305;Lo;0;L;;;;;N;;;;; +10100;AEGEAN WORD SEPARATOR LINE;Po;0;L;;;;;N;;;;; +10101;AEGEAN WORD SEPARATOR DOT;Po;0;ON;;;;;N;;;;; +10102;AEGEAN CHECK MARK;So;0;L;;;;;N;;;;; +10107;AEGEAN NUMBER ONE;No;0;L;;;;1;N;;;;; +10108;AEGEAN NUMBER TWO;No;0;L;;;;2;N;;;;; +10109;AEGEAN NUMBER THREE;No;0;L;;;;3;N;;;;; +1010A;AEGEAN NUMBER FOUR;No;0;L;;;;4;N;;;;; +1010B;AEGEAN NUMBER FIVE;No;0;L;;;;5;N;;;;; +1010C;AEGEAN NUMBER SIX;No;0;L;;;;6;N;;;;; +1010D;AEGEAN NUMBER SEVEN;No;0;L;;;;7;N;;;;; +1010E;AEGEAN NUMBER EIGHT;No;0;L;;;;8;N;;;;; +1010F;AEGEAN NUMBER NINE;No;0;L;;;;9;N;;;;; +10110;AEGEAN NUMBER TEN;No;0;L;;;;10;N;;;;; +10111;AEGEAN NUMBER TWENTY;No;0;L;;;;20;N;;;;; +10112;AEGEAN NUMBER THIRTY;No;0;L;;;;30;N;;;;; +10113;AEGEAN NUMBER FORTY;No;0;L;;;;40;N;;;;; +10114;AEGEAN NUMBER FIFTY;No;0;L;;;;50;N;;;;; +10115;AEGEAN NUMBER SIXTY;No;0;L;;;;60;N;;;;; +10116;AEGEAN NUMBER SEVENTY;No;0;L;;;;70;N;;;;; +10117;AEGEAN NUMBER EIGHTY;No;0;L;;;;80;N;;;;; +10118;AEGEAN NUMBER NINETY;No;0;L;;;;90;N;;;;; +10119;AEGEAN NUMBER ONE HUNDRED;No;0;L;;;;100;N;;;;; +1011A;AEGEAN NUMBER TWO HUNDRED;No;0;L;;;;200;N;;;;; +1011B;AEGEAN NUMBER THREE HUNDRED;No;0;L;;;;300;N;;;;; +1011C;AEGEAN NUMBER FOUR HUNDRED;No;0;L;;;;400;N;;;;; +1011D;AEGEAN NUMBER FIVE HUNDRED;No;0;L;;;;500;N;;;;; +1011E;AEGEAN NUMBER SIX HUNDRED;No;0;L;;;;600;N;;;;; +1011F;AEGEAN NUMBER SEVEN HUNDRED;No;0;L;;;;700;N;;;;; +10120;AEGEAN NUMBER EIGHT HUNDRED;No;0;L;;;;800;N;;;;; +10121;AEGEAN NUMBER NINE HUNDRED;No;0;L;;;;900;N;;;;; +10122;AEGEAN NUMBER ONE THOUSAND;No;0;L;;;;1000;N;;;;; +10123;AEGEAN NUMBER TWO THOUSAND;No;0;L;;;;2000;N;;;;; +10124;AEGEAN NUMBER THREE THOUSAND;No;0;L;;;;3000;N;;;;; +10125;AEGEAN NUMBER FOUR THOUSAND;No;0;L;;;;4000;N;;;;; +10126;AEGEAN NUMBER FIVE THOUSAND;No;0;L;;;;5000;N;;;;; +10127;AEGEAN NUMBER SIX THOUSAND;No;0;L;;;;6000;N;;;;; +10128;AEGEAN NUMBER SEVEN THOUSAND;No;0;L;;;;7000;N;;;;; +10129;AEGEAN NUMBER EIGHT THOUSAND;No;0;L;;;;8000;N;;;;; +1012A;AEGEAN NUMBER NINE THOUSAND;No;0;L;;;;9000;N;;;;; +1012B;AEGEAN NUMBER TEN THOUSAND;No;0;L;;;;10000;N;;;;; +1012C;AEGEAN NUMBER TWENTY THOUSAND;No;0;L;;;;20000;N;;;;; +1012D;AEGEAN NUMBER THIRTY THOUSAND;No;0;L;;;;30000;N;;;;; +1012E;AEGEAN NUMBER FORTY THOUSAND;No;0;L;;;;40000;N;;;;; +1012F;AEGEAN NUMBER FIFTY THOUSAND;No;0;L;;;;50000;N;;;;; +10130;AEGEAN NUMBER SIXTY THOUSAND;No;0;L;;;;60000;N;;;;; +10131;AEGEAN NUMBER SEVENTY THOUSAND;No;0;L;;;;70000;N;;;;; +10132;AEGEAN NUMBER EIGHTY THOUSAND;No;0;L;;;;80000;N;;;;; +10133;AEGEAN NUMBER NINETY THOUSAND;No;0;L;;;;90000;N;;;;; +10137;AEGEAN WEIGHT BASE UNIT;So;0;L;;;;;N;;;;; +10138;AEGEAN WEIGHT FIRST SUBUNIT;So;0;L;;;;;N;;;;; +10139;AEGEAN WEIGHT SECOND SUBUNIT;So;0;L;;;;;N;;;;; +1013A;AEGEAN WEIGHT THIRD SUBUNIT;So;0;L;;;;;N;;;;; +1013B;AEGEAN WEIGHT FOURTH SUBUNIT;So;0;L;;;;;N;;;;; +1013C;AEGEAN DRY MEASURE FIRST SUBUNIT;So;0;L;;;;;N;;;;; +1013D;AEGEAN LIQUID MEASURE FIRST SUBUNIT;So;0;L;;;;;N;;;;; +1013E;AEGEAN MEASURE SECOND SUBUNIT;So;0;L;;;;;N;;;;; +1013F;AEGEAN MEASURE THIRD SUBUNIT;So;0;L;;;;;N;;;;; +10300;OLD ITALIC LETTER A;Lo;0;L;;;;;N;;;;; +10301;OLD ITALIC LETTER BE;Lo;0;L;;;;;N;;;;; +10302;OLD ITALIC LETTER KE;Lo;0;L;;;;;N;;;;; +10303;OLD ITALIC LETTER DE;Lo;0;L;;;;;N;;;;; +10304;OLD ITALIC LETTER E;Lo;0;L;;;;;N;;;;; +10305;OLD ITALIC LETTER VE;Lo;0;L;;;;;N;;;;; +10306;OLD ITALIC LETTER ZE;Lo;0;L;;;;;N;;;;; +10307;OLD ITALIC LETTER HE;Lo;0;L;;;;;N;;;;; +10308;OLD ITALIC LETTER THE;Lo;0;L;;;;;N;;;;; +10309;OLD ITALIC LETTER I;Lo;0;L;;;;;N;;;;; +1030A;OLD ITALIC LETTER KA;Lo;0;L;;;;;N;;;;; +1030B;OLD ITALIC LETTER EL;Lo;0;L;;;;;N;;;;; +1030C;OLD ITALIC LETTER EM;Lo;0;L;;;;;N;;;;; +1030D;OLD ITALIC LETTER EN;Lo;0;L;;;;;N;;;;; +1030E;OLD ITALIC LETTER ESH;Lo;0;L;;;;;N;;;;; +1030F;OLD ITALIC LETTER O;Lo;0;L;;;;;N;;Faliscan;;; +10310;OLD ITALIC LETTER PE;Lo;0;L;;;;;N;;;;; +10311;OLD ITALIC LETTER SHE;Lo;0;L;;;;;N;;;;; +10312;OLD ITALIC LETTER KU;Lo;0;L;;;;;N;;;;; +10313;OLD ITALIC LETTER ER;Lo;0;L;;;;;N;;;;; +10314;OLD ITALIC LETTER ES;Lo;0;L;;;;;N;;;;; +10315;OLD ITALIC LETTER TE;Lo;0;L;;;;;N;;;;; +10316;OLD ITALIC LETTER U;Lo;0;L;;;;;N;;;;; +10317;OLD ITALIC LETTER EKS;Lo;0;L;;;;;N;;Faliscan;;; +10318;OLD ITALIC LETTER PHE;Lo;0;L;;;;;N;;;;; +10319;OLD ITALIC LETTER KHE;Lo;0;L;;;;;N;;;;; +1031A;OLD ITALIC LETTER EF;Lo;0;L;;;;;N;;;;; +1031B;OLD ITALIC LETTER ERS;Lo;0;L;;;;;N;;Umbrian;;; +1031C;OLD ITALIC LETTER CHE;Lo;0;L;;;;;N;;Umbrian;;; +1031D;OLD ITALIC LETTER II;Lo;0;L;;;;;N;;Oscan;;; +1031E;OLD ITALIC LETTER UU;Lo;0;L;;;;;N;;Oscan;;; +10320;OLD ITALIC NUMERAL ONE;No;0;L;;;;1;N;;;;; +10321;OLD ITALIC NUMERAL FIVE;No;0;L;;;;5;N;;;;; +10322;OLD ITALIC NUMERAL TEN;No;0;L;;;;10;N;;;;; +10323;OLD ITALIC NUMERAL FIFTY;No;0;L;;;;50;N;;;;; +10330;GOTHIC LETTER AHSA;Lo;0;L;;;;;N;;;;; +10331;GOTHIC LETTER BAIRKAN;Lo;0;L;;;;;N;;;;; +10332;GOTHIC LETTER GIBA;Lo;0;L;;;;;N;;;;; +10333;GOTHIC LETTER DAGS;Lo;0;L;;;;;N;;;;; +10334;GOTHIC LETTER AIHVUS;Lo;0;L;;;;;N;;;;; +10335;GOTHIC LETTER QAIRTHRA;Lo;0;L;;;;;N;;;;; +10336;GOTHIC LETTER IUJA;Lo;0;L;;;;;N;;;;; +10337;GOTHIC LETTER HAGL;Lo;0;L;;;;;N;;;;; +10338;GOTHIC LETTER THIUTH;Lo;0;L;;;;;N;;;;; +10339;GOTHIC LETTER EIS;Lo;0;L;;;;;N;;;;; +1033A;GOTHIC LETTER KUSMA;Lo;0;L;;;;;N;;;;; +1033B;GOTHIC LETTER LAGUS;Lo;0;L;;;;;N;;;;; +1033C;GOTHIC LETTER MANNA;Lo;0;L;;;;;N;;;;; +1033D;GOTHIC LETTER NAUTHS;Lo;0;L;;;;;N;;;;; +1033E;GOTHIC LETTER JER;Lo;0;L;;;;;N;;;;; +1033F;GOTHIC LETTER URUS;Lo;0;L;;;;;N;;;;; +10340;GOTHIC LETTER PAIRTHRA;Lo;0;L;;;;;N;;;;; +10341;GOTHIC LETTER NINETY;Lo;0;L;;;;;N;;;;; +10342;GOTHIC LETTER RAIDA;Lo;0;L;;;;;N;;;;; +10343;GOTHIC LETTER SAUIL;Lo;0;L;;;;;N;;;;; +10344;GOTHIC LETTER TEIWS;Lo;0;L;;;;;N;;;;; +10345;GOTHIC LETTER WINJA;Lo;0;L;;;;;N;;;;; +10346;GOTHIC LETTER FAIHU;Lo;0;L;;;;;N;;;;; +10347;GOTHIC LETTER IGGWS;Lo;0;L;;;;;N;;;;; +10348;GOTHIC LETTER HWAIR;Lo;0;L;;;;;N;;;;; +10349;GOTHIC LETTER OTHAL;Lo;0;L;;;;;N;;;;; +1034A;GOTHIC LETTER NINE HUNDRED;Nl;0;L;;;;;N;;;;; +10380;UGARITIC LETTER ALPA;Lo;0;L;;;;;N;;;;; +10381;UGARITIC LETTER BETA;Lo;0;L;;;;;N;;;;; +10382;UGARITIC LETTER GAMLA;Lo;0;L;;;;;N;;;;; +10383;UGARITIC LETTER KHA;Lo;0;L;;;;;N;;;;; +10384;UGARITIC LETTER DELTA;Lo;0;L;;;;;N;;;;; +10385;UGARITIC LETTER HO;Lo;0;L;;;;;N;;;;; +10386;UGARITIC LETTER WO;Lo;0;L;;;;;N;;;;; +10387;UGARITIC LETTER ZETA;Lo;0;L;;;;;N;;;;; +10388;UGARITIC LETTER HOTA;Lo;0;L;;;;;N;;;;; +10389;UGARITIC LETTER TET;Lo;0;L;;;;;N;;;;; +1038A;UGARITIC LETTER YOD;Lo;0;L;;;;;N;;;;; +1038B;UGARITIC LETTER KAF;Lo;0;L;;;;;N;;;;; +1038C;UGARITIC LETTER SHIN;Lo;0;L;;;;;N;;;;; +1038D;UGARITIC LETTER LAMDA;Lo;0;L;;;;;N;;;;; +1038E;UGARITIC LETTER MEM;Lo;0;L;;;;;N;;;;; +1038F;UGARITIC LETTER DHAL;Lo;0;L;;;;;N;;;;; +10390;UGARITIC LETTER NUN;Lo;0;L;;;;;N;;;;; +10391;UGARITIC LETTER ZU;Lo;0;L;;;;;N;;;;; +10392;UGARITIC LETTER SAMKA;Lo;0;L;;;;;N;;;;; +10393;UGARITIC LETTER AIN;Lo;0;L;;;;;N;;;;; +10394;UGARITIC LETTER PU;Lo;0;L;;;;;N;;;;; +10395;UGARITIC LETTER SADE;Lo;0;L;;;;;N;;;;; +10396;UGARITIC LETTER QOPA;Lo;0;L;;;;;N;;;;; +10397;UGARITIC LETTER RASHA;Lo;0;L;;;;;N;;;;; +10398;UGARITIC LETTER THANNA;Lo;0;L;;;;;N;;;;; +10399;UGARITIC LETTER GHAIN;Lo;0;L;;;;;N;;;;; +1039A;UGARITIC LETTER TO;Lo;0;L;;;;;N;;;;; +1039B;UGARITIC LETTER I;Lo;0;L;;;;;N;;;;; +1039C;UGARITIC LETTER U;Lo;0;L;;;;;N;;;;; +1039D;UGARITIC LETTER SSU;Lo;0;L;;;;;N;;;;; +1039F;UGARITIC WORD DIVIDER;Po;0;L;;;;;N;;;;; +10400;DESERET CAPITAL LETTER LONG I;Lu;0;L;;;;;N;;;;10428; +10401;DESERET CAPITAL LETTER LONG E;Lu;0;L;;;;;N;;;;10429; +10402;DESERET CAPITAL LETTER LONG A;Lu;0;L;;;;;N;;;;1042A; +10403;DESERET CAPITAL LETTER LONG AH;Lu;0;L;;;;;N;;;;1042B; +10404;DESERET CAPITAL LETTER LONG O;Lu;0;L;;;;;N;;;;1042C; +10405;DESERET CAPITAL LETTER LONG OO;Lu;0;L;;;;;N;;;;1042D; +10406;DESERET CAPITAL LETTER SHORT I;Lu;0;L;;;;;N;;;;1042E; +10407;DESERET CAPITAL LETTER SHORT E;Lu;0;L;;;;;N;;;;1042F; +10408;DESERET CAPITAL LETTER SHORT A;Lu;0;L;;;;;N;;;;10430; +10409;DESERET CAPITAL LETTER SHORT AH;Lu;0;L;;;;;N;;;;10431; +1040A;DESERET CAPITAL LETTER SHORT O;Lu;0;L;;;;;N;;;;10432; +1040B;DESERET CAPITAL LETTER SHORT OO;Lu;0;L;;;;;N;;;;10433; +1040C;DESERET CAPITAL LETTER AY;Lu;0;L;;;;;N;;;;10434; +1040D;DESERET CAPITAL LETTER OW;Lu;0;L;;;;;N;;;;10435; +1040E;DESERET CAPITAL LETTER WU;Lu;0;L;;;;;N;;;;10436; +1040F;DESERET CAPITAL LETTER YEE;Lu;0;L;;;;;N;;;;10437; +10410;DESERET CAPITAL LETTER H;Lu;0;L;;;;;N;;;;10438; +10411;DESERET CAPITAL LETTER PEE;Lu;0;L;;;;;N;;;;10439; +10412;DESERET CAPITAL LETTER BEE;Lu;0;L;;;;;N;;;;1043A; +10413;DESERET CAPITAL LETTER TEE;Lu;0;L;;;;;N;;;;1043B; +10414;DESERET CAPITAL LETTER DEE;Lu;0;L;;;;;N;;;;1043C; +10415;DESERET CAPITAL LETTER CHEE;Lu;0;L;;;;;N;;;;1043D; +10416;DESERET CAPITAL LETTER JEE;Lu;0;L;;;;;N;;;;1043E; +10417;DESERET CAPITAL LETTER KAY;Lu;0;L;;;;;N;;;;1043F; +10418;DESERET CAPITAL LETTER GAY;Lu;0;L;;;;;N;;;;10440; +10419;DESERET CAPITAL LETTER EF;Lu;0;L;;;;;N;;;;10441; +1041A;DESERET CAPITAL LETTER VEE;Lu;0;L;;;;;N;;;;10442; +1041B;DESERET CAPITAL LETTER ETH;Lu;0;L;;;;;N;;;;10443; +1041C;DESERET CAPITAL LETTER THEE;Lu;0;L;;;;;N;;;;10444; +1041D;DESERET CAPITAL LETTER ES;Lu;0;L;;;;;N;;;;10445; +1041E;DESERET CAPITAL LETTER ZEE;Lu;0;L;;;;;N;;;;10446; +1041F;DESERET CAPITAL LETTER ESH;Lu;0;L;;;;;N;;;;10447; +10420;DESERET CAPITAL LETTER ZHEE;Lu;0;L;;;;;N;;;;10448; +10421;DESERET CAPITAL LETTER ER;Lu;0;L;;;;;N;;;;10449; +10422;DESERET CAPITAL LETTER EL;Lu;0;L;;;;;N;;;;1044A; +10423;DESERET CAPITAL LETTER EM;Lu;0;L;;;;;N;;;;1044B; +10424;DESERET CAPITAL LETTER EN;Lu;0;L;;;;;N;;;;1044C; +10425;DESERET CAPITAL LETTER ENG;Lu;0;L;;;;;N;;;;1044D; +10426;DESERET CAPITAL LETTER OI;Lu;0;L;;;;;N;;;;1044E; +10427;DESERET CAPITAL LETTER EW;Lu;0;L;;;;;N;;;;1044F; +10428;DESERET SMALL LETTER LONG I;Ll;0;L;;;;;N;;;10400;;10400 +10429;DESERET SMALL LETTER LONG E;Ll;0;L;;;;;N;;;10401;;10401 +1042A;DESERET SMALL LETTER LONG A;Ll;0;L;;;;;N;;;10402;;10402 +1042B;DESERET SMALL LETTER LONG AH;Ll;0;L;;;;;N;;;10403;;10403 +1042C;DESERET SMALL LETTER LONG O;Ll;0;L;;;;;N;;;10404;;10404 +1042D;DESERET SMALL LETTER LONG OO;Ll;0;L;;;;;N;;;10405;;10405 +1042E;DESERET SMALL LETTER SHORT I;Ll;0;L;;;;;N;;;10406;;10406 +1042F;DESERET SMALL LETTER SHORT E;Ll;0;L;;;;;N;;;10407;;10407 +10430;DESERET SMALL LETTER SHORT A;Ll;0;L;;;;;N;;;10408;;10408 +10431;DESERET SMALL LETTER SHORT AH;Ll;0;L;;;;;N;;;10409;;10409 +10432;DESERET SMALL LETTER SHORT O;Ll;0;L;;;;;N;;;1040A;;1040A +10433;DESERET SMALL LETTER SHORT OO;Ll;0;L;;;;;N;;;1040B;;1040B +10434;DESERET SMALL LETTER AY;Ll;0;L;;;;;N;;;1040C;;1040C +10435;DESERET SMALL LETTER OW;Ll;0;L;;;;;N;;;1040D;;1040D +10436;DESERET SMALL LETTER WU;Ll;0;L;;;;;N;;;1040E;;1040E +10437;DESERET SMALL LETTER YEE;Ll;0;L;;;;;N;;;1040F;;1040F +10438;DESERET SMALL LETTER H;Ll;0;L;;;;;N;;;10410;;10410 +10439;DESERET SMALL LETTER PEE;Ll;0;L;;;;;N;;;10411;;10411 +1043A;DESERET SMALL LETTER BEE;Ll;0;L;;;;;N;;;10412;;10412 +1043B;DESERET SMALL LETTER TEE;Ll;0;L;;;;;N;;;10413;;10413 +1043C;DESERET SMALL LETTER DEE;Ll;0;L;;;;;N;;;10414;;10414 +1043D;DESERET SMALL LETTER CHEE;Ll;0;L;;;;;N;;;10415;;10415 +1043E;DESERET SMALL LETTER JEE;Ll;0;L;;;;;N;;;10416;;10416 +1043F;DESERET SMALL LETTER KAY;Ll;0;L;;;;;N;;;10417;;10417 +10440;DESERET SMALL LETTER GAY;Ll;0;L;;;;;N;;;10418;;10418 +10441;DESERET SMALL LETTER EF;Ll;0;L;;;;;N;;;10419;;10419 +10442;DESERET SMALL LETTER VEE;Ll;0;L;;;;;N;;;1041A;;1041A +10443;DESERET SMALL LETTER ETH;Ll;0;L;;;;;N;;;1041B;;1041B +10444;DESERET SMALL LETTER THEE;Ll;0;L;;;;;N;;;1041C;;1041C +10445;DESERET SMALL LETTER ES;Ll;0;L;;;;;N;;;1041D;;1041D +10446;DESERET SMALL LETTER ZEE;Ll;0;L;;;;;N;;;1041E;;1041E +10447;DESERET SMALL LETTER ESH;Ll;0;L;;;;;N;;;1041F;;1041F +10448;DESERET SMALL LETTER ZHEE;Ll;0;L;;;;;N;;;10420;;10420 +10449;DESERET SMALL LETTER ER;Ll;0;L;;;;;N;;;10421;;10421 +1044A;DESERET SMALL LETTER EL;Ll;0;L;;;;;N;;;10422;;10422 +1044B;DESERET SMALL LETTER EM;Ll;0;L;;;;;N;;;10423;;10423 +1044C;DESERET SMALL LETTER EN;Ll;0;L;;;;;N;;;10424;;10424 +1044D;DESERET SMALL LETTER ENG;Ll;0;L;;;;;N;;;10425;;10425 +1044E;DESERET SMALL LETTER OI;Ll;0;L;;;;;N;;;10426;;10426 +1044F;DESERET SMALL LETTER EW;Ll;0;L;;;;;N;;;10427;;10427 +10450;SHAVIAN LETTER PEEP;Lo;0;L;;;;;N;;;;; +10451;SHAVIAN LETTER TOT;Lo;0;L;;;;;N;;;;; +10452;SHAVIAN LETTER KICK;Lo;0;L;;;;;N;;;;; +10453;SHAVIAN LETTER FEE;Lo;0;L;;;;;N;;;;; +10454;SHAVIAN LETTER THIGH;Lo;0;L;;;;;N;;;;; +10455;SHAVIAN LETTER SO;Lo;0;L;;;;;N;;;;; +10456;SHAVIAN LETTER SURE;Lo;0;L;;;;;N;;;;; +10457;SHAVIAN LETTER CHURCH;Lo;0;L;;;;;N;;;;; +10458;SHAVIAN LETTER YEA;Lo;0;L;;;;;N;;;;; +10459;SHAVIAN LETTER HUNG;Lo;0;L;;;;;N;;;;; +1045A;SHAVIAN LETTER BIB;Lo;0;L;;;;;N;;;;; +1045B;SHAVIAN LETTER DEAD;Lo;0;L;;;;;N;;;;; +1045C;SHAVIAN LETTER GAG;Lo;0;L;;;;;N;;;;; +1045D;SHAVIAN LETTER VOW;Lo;0;L;;;;;N;;;;; +1045E;SHAVIAN LETTER THEY;Lo;0;L;;;;;N;;;;; +1045F;SHAVIAN LETTER ZOO;Lo;0;L;;;;;N;;;;; +10460;SHAVIAN LETTER MEASURE;Lo;0;L;;;;;N;;;;; +10461;SHAVIAN LETTER JUDGE;Lo;0;L;;;;;N;;;;; +10462;SHAVIAN LETTER WOE;Lo;0;L;;;;;N;;;;; +10463;SHAVIAN LETTER HA-HA;Lo;0;L;;;;;N;;;;; +10464;SHAVIAN LETTER LOLL;Lo;0;L;;;;;N;;;;; +10465;SHAVIAN LETTER MIME;Lo;0;L;;;;;N;;;;; +10466;SHAVIAN LETTER IF;Lo;0;L;;;;;N;;;;; +10467;SHAVIAN LETTER EGG;Lo;0;L;;;;;N;;;;; +10468;SHAVIAN LETTER ASH;Lo;0;L;;;;;N;;;;; +10469;SHAVIAN LETTER ADO;Lo;0;L;;;;;N;;;;; +1046A;SHAVIAN LETTER ON;Lo;0;L;;;;;N;;;;; +1046B;SHAVIAN LETTER WOOL;Lo;0;L;;;;;N;;;;; +1046C;SHAVIAN LETTER OUT;Lo;0;L;;;;;N;;;;; +1046D;SHAVIAN LETTER AH;Lo;0;L;;;;;N;;;;; +1046E;SHAVIAN LETTER ROAR;Lo;0;L;;;;;N;;;;; +1046F;SHAVIAN LETTER NUN;Lo;0;L;;;;;N;;;;; +10470;SHAVIAN LETTER EAT;Lo;0;L;;;;;N;;;;; +10471;SHAVIAN LETTER AGE;Lo;0;L;;;;;N;;;;; +10472;SHAVIAN LETTER ICE;Lo;0;L;;;;;N;;;;; +10473;SHAVIAN LETTER UP;Lo;0;L;;;;;N;;;;; +10474;SHAVIAN LETTER OAK;Lo;0;L;;;;;N;;;;; +10475;SHAVIAN LETTER OOZE;Lo;0;L;;;;;N;;;;; +10476;SHAVIAN LETTER OIL;Lo;0;L;;;;;N;;;;; +10477;SHAVIAN LETTER AWE;Lo;0;L;;;;;N;;;;; +10478;SHAVIAN LETTER ARE;Lo;0;L;;;;;N;;;;; +10479;SHAVIAN LETTER OR;Lo;0;L;;;;;N;;;;; +1047A;SHAVIAN LETTER AIR;Lo;0;L;;;;;N;;;;; +1047B;SHAVIAN LETTER ERR;Lo;0;L;;;;;N;;;;; +1047C;SHAVIAN LETTER ARRAY;Lo;0;L;;;;;N;;;;; +1047D;SHAVIAN LETTER EAR;Lo;0;L;;;;;N;;;;; +1047E;SHAVIAN LETTER IAN;Lo;0;L;;;;;N;;;;; +1047F;SHAVIAN LETTER YEW;Lo;0;L;;;;;N;;;;; +10480;OSMANYA LETTER ALEF;Lo;0;L;;;;;N;;;;; +10481;OSMANYA LETTER BA;Lo;0;L;;;;;N;;;;; +10482;OSMANYA LETTER TA;Lo;0;L;;;;;N;;;;; +10483;OSMANYA LETTER JA;Lo;0;L;;;;;N;;;;; +10484;OSMANYA LETTER XA;Lo;0;L;;;;;N;;;;; +10485;OSMANYA LETTER KHA;Lo;0;L;;;;;N;;;;; +10486;OSMANYA LETTER DEEL;Lo;0;L;;;;;N;;;;; +10487;OSMANYA LETTER RA;Lo;0;L;;;;;N;;;;; +10488;OSMANYA LETTER SA;Lo;0;L;;;;;N;;;;; +10489;OSMANYA LETTER SHIIN;Lo;0;L;;;;;N;;;;; +1048A;OSMANYA LETTER DHA;Lo;0;L;;;;;N;;;;; +1048B;OSMANYA LETTER CAYN;Lo;0;L;;;;;N;;;;; +1048C;OSMANYA LETTER GA;Lo;0;L;;;;;N;;;;; +1048D;OSMANYA LETTER FA;Lo;0;L;;;;;N;;;;; +1048E;OSMANYA LETTER QAAF;Lo;0;L;;;;;N;;;;; +1048F;OSMANYA LETTER KAAF;Lo;0;L;;;;;N;;;;; +10490;OSMANYA LETTER LAAN;Lo;0;L;;;;;N;;;;; +10491;OSMANYA LETTER MIIN;Lo;0;L;;;;;N;;;;; +10492;OSMANYA LETTER NUUN;Lo;0;L;;;;;N;;;;; +10493;OSMANYA LETTER WAW;Lo;0;L;;;;;N;;;;; +10494;OSMANYA LETTER HA;Lo;0;L;;;;;N;;;;; +10495;OSMANYA LETTER YA;Lo;0;L;;;;;N;;;;; +10496;OSMANYA LETTER A;Lo;0;L;;;;;N;;;;; +10497;OSMANYA LETTER E;Lo;0;L;;;;;N;;;;; +10498;OSMANYA LETTER I;Lo;0;L;;;;;N;;;;; +10499;OSMANYA LETTER O;Lo;0;L;;;;;N;;;;; +1049A;OSMANYA LETTER U;Lo;0;L;;;;;N;;;;; +1049B;OSMANYA LETTER AA;Lo;0;L;;;;;N;;;;; +1049C;OSMANYA LETTER EE;Lo;0;L;;;;;N;;;;; +1049D;OSMANYA LETTER OO;Lo;0;L;;;;;N;;;;; +104A0;OSMANYA DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +104A1;OSMANYA DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +104A2;OSMANYA DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +104A3;OSMANYA DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +104A4;OSMANYA DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +104A5;OSMANYA DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +104A6;OSMANYA DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +104A7;OSMANYA DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +104A8;OSMANYA DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +104A9;OSMANYA DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +10800;CYPRIOT SYLLABLE A;Lo;0;R;;;;;N;;;;; +10801;CYPRIOT SYLLABLE E;Lo;0;R;;;;;N;;;;; +10802;CYPRIOT SYLLABLE I;Lo;0;R;;;;;N;;;;; +10803;CYPRIOT SYLLABLE O;Lo;0;R;;;;;N;;;;; +10804;CYPRIOT SYLLABLE U;Lo;0;R;;;;;N;;;;; +10805;CYPRIOT SYLLABLE JA;Lo;0;R;;;;;N;;;;; +10808;CYPRIOT SYLLABLE JO;Lo;0;R;;;;;N;;;;; +1080A;CYPRIOT SYLLABLE KA;Lo;0;R;;;;;N;;;;; +1080B;CYPRIOT SYLLABLE KE;Lo;0;R;;;;;N;;;;; +1080C;CYPRIOT SYLLABLE KI;Lo;0;R;;;;;N;;;;; +1080D;CYPRIOT SYLLABLE KO;Lo;0;R;;;;;N;;;;; +1080E;CYPRIOT SYLLABLE KU;Lo;0;R;;;;;N;;;;; +1080F;CYPRIOT SYLLABLE LA;Lo;0;R;;;;;N;;;;; +10810;CYPRIOT SYLLABLE LE;Lo;0;R;;;;;N;;;;; +10811;CYPRIOT SYLLABLE LI;Lo;0;R;;;;;N;;;;; +10812;CYPRIOT SYLLABLE LO;Lo;0;R;;;;;N;;;;; +10813;CYPRIOT SYLLABLE LU;Lo;0;R;;;;;N;;;;; +10814;CYPRIOT SYLLABLE MA;Lo;0;R;;;;;N;;;;; +10815;CYPRIOT SYLLABLE ME;Lo;0;R;;;;;N;;;;; +10816;CYPRIOT SYLLABLE MI;Lo;0;R;;;;;N;;;;; +10817;CYPRIOT SYLLABLE MO;Lo;0;R;;;;;N;;;;; +10818;CYPRIOT SYLLABLE MU;Lo;0;R;;;;;N;;;;; +10819;CYPRIOT SYLLABLE NA;Lo;0;R;;;;;N;;;;; +1081A;CYPRIOT SYLLABLE NE;Lo;0;R;;;;;N;;;;; +1081B;CYPRIOT SYLLABLE NI;Lo;0;R;;;;;N;;;;; +1081C;CYPRIOT SYLLABLE NO;Lo;0;R;;;;;N;;;;; +1081D;CYPRIOT SYLLABLE NU;Lo;0;R;;;;;N;;;;; +1081E;CYPRIOT SYLLABLE PA;Lo;0;R;;;;;N;;;;; +1081F;CYPRIOT SYLLABLE PE;Lo;0;R;;;;;N;;;;; +10820;CYPRIOT SYLLABLE PI;Lo;0;R;;;;;N;;;;; +10821;CYPRIOT SYLLABLE PO;Lo;0;R;;;;;N;;;;; +10822;CYPRIOT SYLLABLE PU;Lo;0;R;;;;;N;;;;; +10823;CYPRIOT SYLLABLE RA;Lo;0;R;;;;;N;;;;; +10824;CYPRIOT SYLLABLE RE;Lo;0;R;;;;;N;;;;; +10825;CYPRIOT SYLLABLE RI;Lo;0;R;;;;;N;;;;; +10826;CYPRIOT SYLLABLE RO;Lo;0;R;;;;;N;;;;; +10827;CYPRIOT SYLLABLE RU;Lo;0;R;;;;;N;;;;; +10828;CYPRIOT SYLLABLE SA;Lo;0;R;;;;;N;;;;; +10829;CYPRIOT SYLLABLE SE;Lo;0;R;;;;;N;;;;; +1082A;CYPRIOT SYLLABLE SI;Lo;0;R;;;;;N;;;;; +1082B;CYPRIOT SYLLABLE SO;Lo;0;R;;;;;N;;;;; +1082C;CYPRIOT SYLLABLE SU;Lo;0;R;;;;;N;;;;; +1082D;CYPRIOT SYLLABLE TA;Lo;0;R;;;;;N;;;;; +1082E;CYPRIOT SYLLABLE TE;Lo;0;R;;;;;N;;;;; +1082F;CYPRIOT SYLLABLE TI;Lo;0;R;;;;;N;;;;; +10830;CYPRIOT SYLLABLE TO;Lo;0;R;;;;;N;;;;; +10831;CYPRIOT SYLLABLE TU;Lo;0;R;;;;;N;;;;; +10832;CYPRIOT SYLLABLE WA;Lo;0;R;;;;;N;;;;; +10833;CYPRIOT SYLLABLE WE;Lo;0;R;;;;;N;;;;; +10834;CYPRIOT SYLLABLE WI;Lo;0;R;;;;;N;;;;; +10835;CYPRIOT SYLLABLE WO;Lo;0;R;;;;;N;;;;; +10837;CYPRIOT SYLLABLE XA;Lo;0;R;;;;;N;;;;; +10838;CYPRIOT SYLLABLE XE;Lo;0;R;;;;;N;;;;; +1083C;CYPRIOT SYLLABLE ZA;Lo;0;R;;;;;N;;;;; +1083F;CYPRIOT SYLLABLE ZO;Lo;0;R;;;;;N;;;;; +1D000;BYZANTINE MUSICAL SYMBOL PSILI;So;0;L;;;;;N;;;;; +1D001;BYZANTINE MUSICAL SYMBOL DASEIA;So;0;L;;;;;N;;;;; +1D002;BYZANTINE MUSICAL SYMBOL PERISPOMENI;So;0;L;;;;;N;;;;; +1D003;BYZANTINE MUSICAL SYMBOL OXEIA EKFONITIKON;So;0;L;;;;;N;;;;; +1D004;BYZANTINE MUSICAL SYMBOL OXEIA DIPLI;So;0;L;;;;;N;;;;; +1D005;BYZANTINE MUSICAL SYMBOL VAREIA EKFONITIKON;So;0;L;;;;;N;;;;; +1D006;BYZANTINE MUSICAL SYMBOL VAREIA DIPLI;So;0;L;;;;;N;;;;; +1D007;BYZANTINE MUSICAL SYMBOL KATHISTI;So;0;L;;;;;N;;;;; +1D008;BYZANTINE MUSICAL SYMBOL SYRMATIKI;So;0;L;;;;;N;;;;; +1D009;BYZANTINE MUSICAL SYMBOL PARAKLITIKI;So;0;L;;;;;N;;;;; +1D00A;BYZANTINE MUSICAL SYMBOL YPOKRISIS;So;0;L;;;;;N;;;;; +1D00B;BYZANTINE MUSICAL SYMBOL YPOKRISIS DIPLI;So;0;L;;;;;N;;;;; +1D00C;BYZANTINE MUSICAL SYMBOL KREMASTI;So;0;L;;;;;N;;;;; +1D00D;BYZANTINE MUSICAL SYMBOL APESO EKFONITIKON;So;0;L;;;;;N;;;;; +1D00E;BYZANTINE MUSICAL SYMBOL EXO EKFONITIKON;So;0;L;;;;;N;;;;; +1D00F;BYZANTINE MUSICAL SYMBOL TELEIA;So;0;L;;;;;N;;;;; +1D010;BYZANTINE MUSICAL SYMBOL KENTIMATA;So;0;L;;;;;N;;;;; +1D011;BYZANTINE MUSICAL SYMBOL APOSTROFOS;So;0;L;;;;;N;;;;; +1D012;BYZANTINE MUSICAL SYMBOL APOSTROFOS DIPLI;So;0;L;;;;;N;;;;; +1D013;BYZANTINE MUSICAL SYMBOL SYNEVMA;So;0;L;;;;;N;;;;; +1D014;BYZANTINE MUSICAL SYMBOL THITA;So;0;L;;;;;N;;;;; +1D015;BYZANTINE MUSICAL SYMBOL OLIGON ARCHAION;So;0;L;;;;;N;;;;; +1D016;BYZANTINE MUSICAL SYMBOL GORGON ARCHAION;So;0;L;;;;;N;;;;; +1D017;BYZANTINE MUSICAL SYMBOL PSILON;So;0;L;;;;;N;;;;; +1D018;BYZANTINE MUSICAL SYMBOL CHAMILON;So;0;L;;;;;N;;;;; +1D019;BYZANTINE MUSICAL SYMBOL VATHY;So;0;L;;;;;N;;;;; +1D01A;BYZANTINE MUSICAL SYMBOL ISON ARCHAION;So;0;L;;;;;N;;;;; +1D01B;BYZANTINE MUSICAL SYMBOL KENTIMA ARCHAION;So;0;L;;;;;N;;;;; +1D01C;BYZANTINE MUSICAL SYMBOL KENTIMATA ARCHAION;So;0;L;;;;;N;;;;; +1D01D;BYZANTINE MUSICAL SYMBOL SAXIMATA;So;0;L;;;;;N;;;;; +1D01E;BYZANTINE MUSICAL SYMBOL PARICHON;So;0;L;;;;;N;;;;; +1D01F;BYZANTINE MUSICAL SYMBOL STAVROS APODEXIA;So;0;L;;;;;N;;;;; +1D020;BYZANTINE MUSICAL SYMBOL OXEIAI ARCHAION;So;0;L;;;;;N;;;;; +1D021;BYZANTINE MUSICAL SYMBOL VAREIAI ARCHAION;So;0;L;;;;;N;;;;; +1D022;BYZANTINE MUSICAL SYMBOL APODERMA ARCHAION;So;0;L;;;;;N;;;;; +1D023;BYZANTINE MUSICAL SYMBOL APOTHEMA;So;0;L;;;;;N;;;;; +1D024;BYZANTINE MUSICAL SYMBOL KLASMA;So;0;L;;;;;N;;;;; +1D025;BYZANTINE MUSICAL SYMBOL REVMA;So;0;L;;;;;N;;;;; +1D026;BYZANTINE MUSICAL SYMBOL PIASMA ARCHAION;So;0;L;;;;;N;;;;; +1D027;BYZANTINE MUSICAL SYMBOL TINAGMA;So;0;L;;;;;N;;;;; +1D028;BYZANTINE MUSICAL SYMBOL ANATRICHISMA;So;0;L;;;;;N;;;;; +1D029;BYZANTINE MUSICAL SYMBOL SEISMA;So;0;L;;;;;N;;;;; +1D02A;BYZANTINE MUSICAL SYMBOL SYNAGMA ARCHAION;So;0;L;;;;;N;;;;; +1D02B;BYZANTINE MUSICAL SYMBOL SYNAGMA META STAVROU;So;0;L;;;;;N;;;;; +1D02C;BYZANTINE MUSICAL SYMBOL OYRANISMA ARCHAION;So;0;L;;;;;N;;;;; +1D02D;BYZANTINE MUSICAL SYMBOL THEMA;So;0;L;;;;;N;;;;; +1D02E;BYZANTINE MUSICAL SYMBOL LEMOI;So;0;L;;;;;N;;;;; +1D02F;BYZANTINE MUSICAL SYMBOL DYO;So;0;L;;;;;N;;;;; +1D030;BYZANTINE MUSICAL SYMBOL TRIA;So;0;L;;;;;N;;;;; +1D031;BYZANTINE MUSICAL SYMBOL TESSERA;So;0;L;;;;;N;;;;; +1D032;BYZANTINE MUSICAL SYMBOL KRATIMATA;So;0;L;;;;;N;;;;; +1D033;BYZANTINE MUSICAL SYMBOL APESO EXO NEO;So;0;L;;;;;N;;;;; +1D034;BYZANTINE MUSICAL SYMBOL FTHORA ARCHAION;So;0;L;;;;;N;;;;; +1D035;BYZANTINE MUSICAL SYMBOL IMIFTHORA;So;0;L;;;;;N;;;;; +1D036;BYZANTINE MUSICAL SYMBOL TROMIKON ARCHAION;So;0;L;;;;;N;;;;; +1D037;BYZANTINE MUSICAL SYMBOL KATAVA TROMIKON;So;0;L;;;;;N;;;;; +1D038;BYZANTINE MUSICAL SYMBOL PELASTON;So;0;L;;;;;N;;;;; +1D039;BYZANTINE MUSICAL SYMBOL PSIFISTON;So;0;L;;;;;N;;;;; +1D03A;BYZANTINE MUSICAL SYMBOL KONTEVMA;So;0;L;;;;;N;;;;; +1D03B;BYZANTINE MUSICAL SYMBOL CHOREVMA ARCHAION;So;0;L;;;;;N;;;;; +1D03C;BYZANTINE MUSICAL SYMBOL RAPISMA;So;0;L;;;;;N;;;;; +1D03D;BYZANTINE MUSICAL SYMBOL PARAKALESMA ARCHAION;So;0;L;;;;;N;;;;; +1D03E;BYZANTINE MUSICAL SYMBOL PARAKLITIKI ARCHAION;So;0;L;;;;;N;;;;; +1D03F;BYZANTINE MUSICAL SYMBOL ICHADIN;So;0;L;;;;;N;;;;; +1D040;BYZANTINE MUSICAL SYMBOL NANA;So;0;L;;;;;N;;;;; +1D041;BYZANTINE MUSICAL SYMBOL PETASMA;So;0;L;;;;;N;;;;; +1D042;BYZANTINE MUSICAL SYMBOL KONTEVMA ALLO;So;0;L;;;;;N;;;;; +1D043;BYZANTINE MUSICAL SYMBOL TROMIKON ALLO;So;0;L;;;;;N;;;;; +1D044;BYZANTINE MUSICAL SYMBOL STRAGGISMATA;So;0;L;;;;;N;;;;; +1D045;BYZANTINE MUSICAL SYMBOL GRONTHISMATA;So;0;L;;;;;N;;;;; +1D046;BYZANTINE MUSICAL SYMBOL ISON NEO;So;0;L;;;;;N;;;;; +1D047;BYZANTINE MUSICAL SYMBOL OLIGON NEO;So;0;L;;;;;N;;;;; +1D048;BYZANTINE MUSICAL SYMBOL OXEIA NEO;So;0;L;;;;;N;;;;; +1D049;BYZANTINE MUSICAL SYMBOL PETASTI;So;0;L;;;;;N;;;;; +1D04A;BYZANTINE MUSICAL SYMBOL KOUFISMA;So;0;L;;;;;N;;;;; +1D04B;BYZANTINE MUSICAL SYMBOL PETASTOKOUFISMA;So;0;L;;;;;N;;;;; +1D04C;BYZANTINE MUSICAL SYMBOL KRATIMOKOUFISMA;So;0;L;;;;;N;;;;; +1D04D;BYZANTINE MUSICAL SYMBOL PELASTON NEO;So;0;L;;;;;N;;;;; +1D04E;BYZANTINE MUSICAL SYMBOL KENTIMATA NEO ANO;So;0;L;;;;;N;;;;; +1D04F;BYZANTINE MUSICAL SYMBOL KENTIMA NEO ANO;So;0;L;;;;;N;;;;; +1D050;BYZANTINE MUSICAL SYMBOL YPSILI;So;0;L;;;;;N;;;;; +1D051;BYZANTINE MUSICAL SYMBOL APOSTROFOS NEO;So;0;L;;;;;N;;;;; +1D052;BYZANTINE MUSICAL SYMBOL APOSTROFOI SYNDESMOS NEO;So;0;L;;;;;N;;;;; +1D053;BYZANTINE MUSICAL SYMBOL YPORROI;So;0;L;;;;;N;;;;; +1D054;BYZANTINE MUSICAL SYMBOL KRATIMOYPORROON;So;0;L;;;;;N;;;;; +1D055;BYZANTINE MUSICAL SYMBOL ELAFRON;So;0;L;;;;;N;;;;; +1D056;BYZANTINE MUSICAL SYMBOL CHAMILI;So;0;L;;;;;N;;;;; +1D057;BYZANTINE MUSICAL SYMBOL MIKRON ISON;So;0;L;;;;;N;;;;; +1D058;BYZANTINE MUSICAL SYMBOL VAREIA NEO;So;0;L;;;;;N;;;;; +1D059;BYZANTINE MUSICAL SYMBOL PIASMA NEO;So;0;L;;;;;N;;;;; +1D05A;BYZANTINE MUSICAL SYMBOL PSIFISTON NEO;So;0;L;;;;;N;;;;; +1D05B;BYZANTINE MUSICAL SYMBOL OMALON;So;0;L;;;;;N;;;;; +1D05C;BYZANTINE MUSICAL SYMBOL ANTIKENOMA;So;0;L;;;;;N;;;;; +1D05D;BYZANTINE MUSICAL SYMBOL LYGISMA;So;0;L;;;;;N;;;;; +1D05E;BYZANTINE MUSICAL SYMBOL PARAKLITIKI NEO;So;0;L;;;;;N;;;;; +1D05F;BYZANTINE MUSICAL SYMBOL PARAKALESMA NEO;So;0;L;;;;;N;;;;; +1D060;BYZANTINE MUSICAL SYMBOL ETERON PARAKALESMA;So;0;L;;;;;N;;;;; +1D061;BYZANTINE MUSICAL SYMBOL KYLISMA;So;0;L;;;;;N;;;;; +1D062;BYZANTINE MUSICAL SYMBOL ANTIKENOKYLISMA;So;0;L;;;;;N;;;;; +1D063;BYZANTINE MUSICAL SYMBOL TROMIKON NEO;So;0;L;;;;;N;;;;; +1D064;BYZANTINE MUSICAL SYMBOL EKSTREPTON;So;0;L;;;;;N;;;;; +1D065;BYZANTINE MUSICAL SYMBOL SYNAGMA NEO;So;0;L;;;;;N;;;;; +1D066;BYZANTINE MUSICAL SYMBOL SYRMA;So;0;L;;;;;N;;;;; +1D067;BYZANTINE MUSICAL SYMBOL CHOREVMA NEO;So;0;L;;;;;N;;;;; +1D068;BYZANTINE MUSICAL SYMBOL EPEGERMA;So;0;L;;;;;N;;;;; +1D069;BYZANTINE MUSICAL SYMBOL SEISMA NEO;So;0;L;;;;;N;;;;; +1D06A;BYZANTINE MUSICAL SYMBOL XIRON KLASMA;So;0;L;;;;;N;;;;; +1D06B;BYZANTINE MUSICAL SYMBOL TROMIKOPSIFISTON;So;0;L;;;;;N;;;;; +1D06C;BYZANTINE MUSICAL SYMBOL PSIFISTOLYGISMA;So;0;L;;;;;N;;;;; +1D06D;BYZANTINE MUSICAL SYMBOL TROMIKOLYGISMA;So;0;L;;;;;N;;;;; +1D06E;BYZANTINE MUSICAL SYMBOL TROMIKOPARAKALESMA;So;0;L;;;;;N;;;;; +1D06F;BYZANTINE MUSICAL SYMBOL PSIFISTOPARAKALESMA;So;0;L;;;;;N;;;;; +1D070;BYZANTINE MUSICAL SYMBOL TROMIKOSYNAGMA;So;0;L;;;;;N;;;;; +1D071;BYZANTINE MUSICAL SYMBOL PSIFISTOSYNAGMA;So;0;L;;;;;N;;;;; +1D072;BYZANTINE MUSICAL SYMBOL GORGOSYNTHETON;So;0;L;;;;;N;;;;; +1D073;BYZANTINE MUSICAL SYMBOL ARGOSYNTHETON;So;0;L;;;;;N;;;;; +1D074;BYZANTINE MUSICAL SYMBOL ETERON ARGOSYNTHETON;So;0;L;;;;;N;;;;; +1D075;BYZANTINE MUSICAL SYMBOL OYRANISMA NEO;So;0;L;;;;;N;;;;; +1D076;BYZANTINE MUSICAL SYMBOL THEMATISMOS ESO;So;0;L;;;;;N;;;;; +1D077;BYZANTINE MUSICAL SYMBOL THEMATISMOS EXO;So;0;L;;;;;N;;;;; +1D078;BYZANTINE MUSICAL SYMBOL THEMA APLOUN;So;0;L;;;;;N;;;;; +1D079;BYZANTINE MUSICAL SYMBOL THES KAI APOTHES;So;0;L;;;;;N;;;;; +1D07A;BYZANTINE MUSICAL SYMBOL KATAVASMA;So;0;L;;;;;N;;;;; +1D07B;BYZANTINE MUSICAL SYMBOL ENDOFONON;So;0;L;;;;;N;;;;; +1D07C;BYZANTINE MUSICAL SYMBOL YFEN KATO;So;0;L;;;;;N;;;;; +1D07D;BYZANTINE MUSICAL SYMBOL YFEN ANO;So;0;L;;;;;N;;;;; +1D07E;BYZANTINE MUSICAL SYMBOL STAVROS;So;0;L;;;;;N;;;;; +1D07F;BYZANTINE MUSICAL SYMBOL KLASMA ANO;So;0;L;;;;;N;;;;; +1D080;BYZANTINE MUSICAL SYMBOL DIPLI ARCHAION;So;0;L;;;;;N;;;;; +1D081;BYZANTINE MUSICAL SYMBOL KRATIMA ARCHAION;So;0;L;;;;;N;;;;; +1D082;BYZANTINE MUSICAL SYMBOL KRATIMA ALLO;So;0;L;;;;;N;;;;; +1D083;BYZANTINE MUSICAL SYMBOL KRATIMA NEO;So;0;L;;;;;N;;;;; +1D084;BYZANTINE MUSICAL SYMBOL APODERMA NEO;So;0;L;;;;;N;;;;; +1D085;BYZANTINE MUSICAL SYMBOL APLI;So;0;L;;;;;N;;;;; +1D086;BYZANTINE MUSICAL SYMBOL DIPLI;So;0;L;;;;;N;;;;; +1D087;BYZANTINE MUSICAL SYMBOL TRIPLI;So;0;L;;;;;N;;;;; +1D088;BYZANTINE MUSICAL SYMBOL TETRAPLI;So;0;L;;;;;N;;;;; +1D089;BYZANTINE MUSICAL SYMBOL KORONIS;So;0;L;;;;;N;;;;; +1D08A;BYZANTINE MUSICAL SYMBOL LEIMMA ENOS CHRONOU;So;0;L;;;;;N;;;;; +1D08B;BYZANTINE MUSICAL SYMBOL LEIMMA DYO CHRONON;So;0;L;;;;;N;;;;; +1D08C;BYZANTINE MUSICAL SYMBOL LEIMMA TRION CHRONON;So;0;L;;;;;N;;;;; +1D08D;BYZANTINE MUSICAL SYMBOL LEIMMA TESSARON CHRONON;So;0;L;;;;;N;;;;; +1D08E;BYZANTINE MUSICAL SYMBOL LEIMMA IMISEOS CHRONOU;So;0;L;;;;;N;;;;; +1D08F;BYZANTINE MUSICAL SYMBOL GORGON NEO ANO;So;0;L;;;;;N;;;;; +1D090;BYZANTINE MUSICAL SYMBOL GORGON PARESTIGMENON ARISTERA;So;0;L;;;;;N;;;;; +1D091;BYZANTINE MUSICAL SYMBOL GORGON PARESTIGMENON DEXIA;So;0;L;;;;;N;;;;; +1D092;BYZANTINE MUSICAL SYMBOL DIGORGON;So;0;L;;;;;N;;;;; +1D093;BYZANTINE MUSICAL SYMBOL DIGORGON PARESTIGMENON ARISTERA KATO;So;0;L;;;;;N;;;;; +1D094;BYZANTINE MUSICAL SYMBOL DIGORGON PARESTIGMENON ARISTERA ANO;So;0;L;;;;;N;;;;; +1D095;BYZANTINE MUSICAL SYMBOL DIGORGON PARESTIGMENON DEXIA;So;0;L;;;;;N;;;;; +1D096;BYZANTINE MUSICAL SYMBOL TRIGORGON;So;0;L;;;;;N;;;;; +1D097;BYZANTINE MUSICAL SYMBOL ARGON;So;0;L;;;;;N;;;;; +1D098;BYZANTINE MUSICAL SYMBOL IMIDIARGON;So;0;L;;;;;N;;;;; +1D099;BYZANTINE MUSICAL SYMBOL DIARGON;So;0;L;;;;;N;;;;; +1D09A;BYZANTINE MUSICAL SYMBOL AGOGI POLI ARGI;So;0;L;;;;;N;;;;; +1D09B;BYZANTINE MUSICAL SYMBOL AGOGI ARGOTERI;So;0;L;;;;;N;;;;; +1D09C;BYZANTINE MUSICAL SYMBOL AGOGI ARGI;So;0;L;;;;;N;;;;; +1D09D;BYZANTINE MUSICAL SYMBOL AGOGI METRIA;So;0;L;;;;;N;;;;; +1D09E;BYZANTINE MUSICAL SYMBOL AGOGI MESI;So;0;L;;;;;N;;;;; +1D09F;BYZANTINE MUSICAL SYMBOL AGOGI GORGI;So;0;L;;;;;N;;;;; +1D0A0;BYZANTINE MUSICAL SYMBOL AGOGI GORGOTERI;So;0;L;;;;;N;;;;; +1D0A1;BYZANTINE MUSICAL SYMBOL AGOGI POLI GORGI;So;0;L;;;;;N;;;;; +1D0A2;BYZANTINE MUSICAL SYMBOL MARTYRIA PROTOS ICHOS;So;0;L;;;;;N;;;;; +1D0A3;BYZANTINE MUSICAL SYMBOL MARTYRIA ALLI PROTOS ICHOS;So;0;L;;;;;N;;;;; +1D0A4;BYZANTINE MUSICAL SYMBOL MARTYRIA DEYTEROS ICHOS;So;0;L;;;;;N;;;;; +1D0A5;BYZANTINE MUSICAL SYMBOL MARTYRIA ALLI DEYTEROS ICHOS;So;0;L;;;;;N;;;;; +1D0A6;BYZANTINE MUSICAL SYMBOL MARTYRIA TRITOS ICHOS;So;0;L;;;;;N;;;;; +1D0A7;BYZANTINE MUSICAL SYMBOL MARTYRIA TRIFONIAS;So;0;L;;;;;N;;;;; +1D0A8;BYZANTINE MUSICAL SYMBOL MARTYRIA TETARTOS ICHOS;So;0;L;;;;;N;;;;; +1D0A9;BYZANTINE MUSICAL SYMBOL MARTYRIA TETARTOS LEGETOS ICHOS;So;0;L;;;;;N;;;;; +1D0AA;BYZANTINE MUSICAL SYMBOL MARTYRIA LEGETOS ICHOS;So;0;L;;;;;N;;;;; +1D0AB;BYZANTINE MUSICAL SYMBOL MARTYRIA PLAGIOS ICHOS;So;0;L;;;;;N;;;;; +1D0AC;BYZANTINE MUSICAL SYMBOL ISAKIA TELOUS ICHIMATOS;So;0;L;;;;;N;;;;; +1D0AD;BYZANTINE MUSICAL SYMBOL APOSTROFOI TELOUS ICHIMATOS;So;0;L;;;;;N;;;;; +1D0AE;BYZANTINE MUSICAL SYMBOL FANEROSIS TETRAFONIAS;So;0;L;;;;;N;;;;; +1D0AF;BYZANTINE MUSICAL SYMBOL FANEROSIS MONOFONIAS;So;0;L;;;;;N;;;;; +1D0B0;BYZANTINE MUSICAL SYMBOL FANEROSIS DIFONIAS;So;0;L;;;;;N;;;;; +1D0B1;BYZANTINE MUSICAL SYMBOL MARTYRIA VARYS ICHOS;So;0;L;;;;;N;;;;; +1D0B2;BYZANTINE MUSICAL SYMBOL MARTYRIA PROTOVARYS ICHOS;So;0;L;;;;;N;;;;; +1D0B3;BYZANTINE MUSICAL SYMBOL MARTYRIA PLAGIOS TETARTOS ICHOS;So;0;L;;;;;N;;;;; +1D0B4;BYZANTINE MUSICAL SYMBOL GORTHMIKON N APLOUN;So;0;L;;;;;N;;;;; +1D0B5;BYZANTINE MUSICAL SYMBOL GORTHMIKON N DIPLOUN;So;0;L;;;;;N;;;;; +1D0B6;BYZANTINE MUSICAL SYMBOL ENARXIS KAI FTHORA VOU;So;0;L;;;;;N;;;;; +1D0B7;BYZANTINE MUSICAL SYMBOL IMIFONON;So;0;L;;;;;N;;;;; +1D0B8;BYZANTINE MUSICAL SYMBOL IMIFTHORON;So;0;L;;;;;N;;;;; +1D0B9;BYZANTINE MUSICAL SYMBOL FTHORA ARCHAION DEYTEROU ICHOU;So;0;L;;;;;N;;;;; +1D0BA;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI PA;So;0;L;;;;;N;;;;; +1D0BB;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI NANA;So;0;L;;;;;N;;;;; +1D0BC;BYZANTINE MUSICAL SYMBOL FTHORA NAOS ICHOS;So;0;L;;;;;N;;;;; +1D0BD;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI DI;So;0;L;;;;;N;;;;; +1D0BE;BYZANTINE MUSICAL SYMBOL FTHORA SKLIRON DIATONON DI;So;0;L;;;;;N;;;;; +1D0BF;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI KE;So;0;L;;;;;N;;;;; +1D0C0;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI ZO;So;0;L;;;;;N;;;;; +1D0C1;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI NI KATO;So;0;L;;;;;N;;;;; +1D0C2;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI NI ANO;So;0;L;;;;;N;;;;; +1D0C3;BYZANTINE MUSICAL SYMBOL FTHORA MALAKON CHROMA DIFONIAS;So;0;L;;;;;N;;;;; +1D0C4;BYZANTINE MUSICAL SYMBOL FTHORA MALAKON CHROMA MONOFONIAS;So;0;L;;;;;N;;;;; +1D0C5;BYZANTINE MUSICAL SYMBOL FHTORA SKLIRON CHROMA VASIS;So;0;L;;;;;N;;;;; +1D0C6;BYZANTINE MUSICAL SYMBOL FTHORA SKLIRON CHROMA SYNAFI;So;0;L;;;;;N;;;;; +1D0C7;BYZANTINE MUSICAL SYMBOL FTHORA NENANO;So;0;L;;;;;N;;;;; +1D0C8;BYZANTINE MUSICAL SYMBOL CHROA ZYGOS;So;0;L;;;;;N;;;;; +1D0C9;BYZANTINE MUSICAL SYMBOL CHROA KLITON;So;0;L;;;;;N;;;;; +1D0CA;BYZANTINE MUSICAL SYMBOL CHROA SPATHI;So;0;L;;;;;N;;;;; +1D0CB;BYZANTINE MUSICAL SYMBOL FTHORA I YFESIS TETARTIMORION;So;0;L;;;;;N;;;;; +1D0CC;BYZANTINE MUSICAL SYMBOL FTHORA ENARMONIOS ANTIFONIA;So;0;L;;;;;N;;;;; +1D0CD;BYZANTINE MUSICAL SYMBOL YFESIS TRITIMORION;So;0;L;;;;;N;;;;; +1D0CE;BYZANTINE MUSICAL SYMBOL DIESIS TRITIMORION;So;0;L;;;;;N;;;;; +1D0CF;BYZANTINE MUSICAL SYMBOL DIESIS TETARTIMORION;So;0;L;;;;;N;;;;; +1D0D0;BYZANTINE MUSICAL SYMBOL DIESIS APLI DYO DODEKATA;So;0;L;;;;;N;;;;; +1D0D1;BYZANTINE MUSICAL SYMBOL DIESIS MONOGRAMMOS TESSERA DODEKATA;So;0;L;;;;;N;;;;; +1D0D2;BYZANTINE MUSICAL SYMBOL DIESIS DIGRAMMOS EX DODEKATA;So;0;L;;;;;N;;;;; +1D0D3;BYZANTINE MUSICAL SYMBOL DIESIS TRIGRAMMOS OKTO DODEKATA;So;0;L;;;;;N;;;;; +1D0D4;BYZANTINE MUSICAL SYMBOL YFESIS APLI DYO DODEKATA;So;0;L;;;;;N;;;;; +1D0D5;BYZANTINE MUSICAL SYMBOL YFESIS MONOGRAMMOS TESSERA DODEKATA;So;0;L;;;;;N;;;;; +1D0D6;BYZANTINE MUSICAL SYMBOL YFESIS DIGRAMMOS EX DODEKATA;So;0;L;;;;;N;;;;; +1D0D7;BYZANTINE MUSICAL SYMBOL YFESIS TRIGRAMMOS OKTO DODEKATA;So;0;L;;;;;N;;;;; +1D0D8;BYZANTINE MUSICAL SYMBOL GENIKI DIESIS;So;0;L;;;;;N;;;;; +1D0D9;BYZANTINE MUSICAL SYMBOL GENIKI YFESIS;So;0;L;;;;;N;;;;; +1D0DA;BYZANTINE MUSICAL SYMBOL DIASTOLI APLI MIKRI;So;0;L;;;;;N;;;;; +1D0DB;BYZANTINE MUSICAL SYMBOL DIASTOLI APLI MEGALI;So;0;L;;;;;N;;;;; +1D0DC;BYZANTINE MUSICAL SYMBOL DIASTOLI DIPLI;So;0;L;;;;;N;;;;; +1D0DD;BYZANTINE MUSICAL SYMBOL DIASTOLI THESEOS;So;0;L;;;;;N;;;;; +1D0DE;BYZANTINE MUSICAL SYMBOL SIMANSIS THESEOS;So;0;L;;;;;N;;;;; +1D0DF;BYZANTINE MUSICAL SYMBOL SIMANSIS THESEOS DISIMOU;So;0;L;;;;;N;;;;; +1D0E0;BYZANTINE MUSICAL SYMBOL SIMANSIS THESEOS TRISIMOU;So;0;L;;;;;N;;;;; +1D0E1;BYZANTINE MUSICAL SYMBOL SIMANSIS THESEOS TETRASIMOU;So;0;L;;;;;N;;;;; +1D0E2;BYZANTINE MUSICAL SYMBOL SIMANSIS ARSEOS;So;0;L;;;;;N;;;;; +1D0E3;BYZANTINE MUSICAL SYMBOL SIMANSIS ARSEOS DISIMOU;So;0;L;;;;;N;;;;; +1D0E4;BYZANTINE MUSICAL SYMBOL SIMANSIS ARSEOS TRISIMOU;So;0;L;;;;;N;;;;; +1D0E5;BYZANTINE MUSICAL SYMBOL SIMANSIS ARSEOS TETRASIMOU;So;0;L;;;;;N;;;;; +1D0E6;BYZANTINE MUSICAL SYMBOL DIGRAMMA GG;So;0;L;;;;;N;;;;; +1D0E7;BYZANTINE MUSICAL SYMBOL DIFTOGGOS OU;So;0;L;;;;;N;;;;; +1D0E8;BYZANTINE MUSICAL SYMBOL STIGMA;So;0;L;;;;;N;;;;; +1D0E9;BYZANTINE MUSICAL SYMBOL ARKTIKO PA;So;0;L;;;;;N;;;;; +1D0EA;BYZANTINE MUSICAL SYMBOL ARKTIKO VOU;So;0;L;;;;;N;;;;; +1D0EB;BYZANTINE MUSICAL SYMBOL ARKTIKO GA;So;0;L;;;;;N;;;;; +1D0EC;BYZANTINE MUSICAL SYMBOL ARKTIKO DI;So;0;L;;;;;N;;;;; +1D0ED;BYZANTINE MUSICAL SYMBOL ARKTIKO KE;So;0;L;;;;;N;;;;; +1D0EE;BYZANTINE MUSICAL SYMBOL ARKTIKO ZO;So;0;L;;;;;N;;;;; +1D0EF;BYZANTINE MUSICAL SYMBOL ARKTIKO NI;So;0;L;;;;;N;;;;; +1D0F0;BYZANTINE MUSICAL SYMBOL KENTIMATA NEO MESO;So;0;L;;;;;N;;;;; +1D0F1;BYZANTINE MUSICAL SYMBOL KENTIMA NEO MESO;So;0;L;;;;;N;;;;; +1D0F2;BYZANTINE MUSICAL SYMBOL KENTIMATA NEO KATO;So;0;L;;;;;N;;;;; +1D0F3;BYZANTINE MUSICAL SYMBOL KENTIMA NEO KATO;So;0;L;;;;;N;;;;; +1D0F4;BYZANTINE MUSICAL SYMBOL KLASMA KATO;So;0;L;;;;;N;;;;; +1D0F5;BYZANTINE MUSICAL SYMBOL GORGON NEO KATO;So;0;L;;;;;N;;;;; +1D100;MUSICAL SYMBOL SINGLE BARLINE;So;0;L;;;;;N;;;;; +1D101;MUSICAL SYMBOL DOUBLE BARLINE;So;0;L;;;;;N;;;;; +1D102;MUSICAL SYMBOL FINAL BARLINE;So;0;L;;;;;N;;;;; +1D103;MUSICAL SYMBOL REVERSE FINAL BARLINE;So;0;L;;;;;N;;;;; +1D104;MUSICAL SYMBOL DASHED BARLINE;So;0;L;;;;;N;;;;; +1D105;MUSICAL SYMBOL SHORT BARLINE;So;0;L;;;;;N;;;;; +1D106;MUSICAL SYMBOL LEFT REPEAT SIGN;So;0;L;;;;;N;;;;; +1D107;MUSICAL SYMBOL RIGHT REPEAT SIGN;So;0;L;;;;;N;;;;; +1D108;MUSICAL SYMBOL REPEAT DOTS;So;0;L;;;;;N;;;;; +1D109;MUSICAL SYMBOL DAL SEGNO;So;0;L;;;;;N;;;;; +1D10A;MUSICAL SYMBOL DA CAPO;So;0;L;;;;;N;;;;; +1D10B;MUSICAL SYMBOL SEGNO;So;0;L;;;;;N;;;;; +1D10C;MUSICAL SYMBOL CODA;So;0;L;;;;;N;;;;; +1D10D;MUSICAL SYMBOL REPEATED FIGURE-1;So;0;L;;;;;N;;;;; +1D10E;MUSICAL SYMBOL REPEATED FIGURE-2;So;0;L;;;;;N;;;;; +1D10F;MUSICAL SYMBOL REPEATED FIGURE-3;So;0;L;;;;;N;;;;; +1D110;MUSICAL SYMBOL FERMATA;So;0;L;;;;;N;;;;; +1D111;MUSICAL SYMBOL FERMATA BELOW;So;0;L;;;;;N;;;;; +1D112;MUSICAL SYMBOL BREATH MARK;So;0;L;;;;;N;;;;; +1D113;MUSICAL SYMBOL CAESURA;So;0;L;;;;;N;;;;; +1D114;MUSICAL SYMBOL BRACE;So;0;L;;;;;N;;;;; +1D115;MUSICAL SYMBOL BRACKET;So;0;L;;;;;N;;;;; +1D116;MUSICAL SYMBOL ONE-LINE STAFF;So;0;L;;;;;N;;;;; +1D117;MUSICAL SYMBOL TWO-LINE STAFF;So;0;L;;;;;N;;;;; +1D118;MUSICAL SYMBOL THREE-LINE STAFF;So;0;L;;;;;N;;;;; +1D119;MUSICAL SYMBOL FOUR-LINE STAFF;So;0;L;;;;;N;;;;; +1D11A;MUSICAL SYMBOL FIVE-LINE STAFF;So;0;L;;;;;N;;;;; +1D11B;MUSICAL SYMBOL SIX-LINE STAFF;So;0;L;;;;;N;;;;; +1D11C;MUSICAL SYMBOL SIX-STRING FRETBOARD;So;0;L;;;;;N;;;;; +1D11D;MUSICAL SYMBOL FOUR-STRING FRETBOARD;So;0;L;;;;;N;;;;; +1D11E;MUSICAL SYMBOL G CLEF;So;0;L;;;;;N;;;;; +1D11F;MUSICAL SYMBOL G CLEF OTTAVA ALTA;So;0;L;;;;;N;;;;; +1D120;MUSICAL SYMBOL G CLEF OTTAVA BASSA;So;0;L;;;;;N;;;;; +1D121;MUSICAL SYMBOL C CLEF;So;0;L;;;;;N;;;;; +1D122;MUSICAL SYMBOL F CLEF;So;0;L;;;;;N;;;;; +1D123;MUSICAL SYMBOL F CLEF OTTAVA ALTA;So;0;L;;;;;N;;;;; +1D124;MUSICAL SYMBOL F CLEF OTTAVA BASSA;So;0;L;;;;;N;;;;; +1D125;MUSICAL SYMBOL DRUM CLEF-1;So;0;L;;;;;N;;;;; +1D126;MUSICAL SYMBOL DRUM CLEF-2;So;0;L;;;;;N;;;;; +1D12A;MUSICAL SYMBOL DOUBLE SHARP;So;0;L;;;;;N;;;;; +1D12B;MUSICAL SYMBOL DOUBLE FLAT;So;0;L;;;;;N;;;;; +1D12C;MUSICAL SYMBOL FLAT UP;So;0;L;;;;;N;;;;; +1D12D;MUSICAL SYMBOL FLAT DOWN;So;0;L;;;;;N;;;;; +1D12E;MUSICAL SYMBOL NATURAL UP;So;0;L;;;;;N;;;;; +1D12F;MUSICAL SYMBOL NATURAL DOWN;So;0;L;;;;;N;;;;; +1D130;MUSICAL SYMBOL SHARP UP;So;0;L;;;;;N;;;;; +1D131;MUSICAL SYMBOL SHARP DOWN;So;0;L;;;;;N;;;;; +1D132;MUSICAL SYMBOL QUARTER TONE SHARP;So;0;L;;;;;N;;;;; +1D133;MUSICAL SYMBOL QUARTER TONE FLAT;So;0;L;;;;;N;;;;; +1D134;MUSICAL SYMBOL COMMON TIME;So;0;L;;;;;N;;;;; +1D135;MUSICAL SYMBOL CUT TIME;So;0;L;;;;;N;;;;; +1D136;MUSICAL SYMBOL OTTAVA ALTA;So;0;L;;;;;N;;;;; +1D137;MUSICAL SYMBOL OTTAVA BASSA;So;0;L;;;;;N;;;;; +1D138;MUSICAL SYMBOL QUINDICESIMA ALTA;So;0;L;;;;;N;;;;; +1D139;MUSICAL SYMBOL QUINDICESIMA BASSA;So;0;L;;;;;N;;;;; +1D13A;MUSICAL SYMBOL MULTI REST;So;0;L;;;;;N;;;;; +1D13B;MUSICAL SYMBOL WHOLE REST;So;0;L;;;;;N;;;;; +1D13C;MUSICAL SYMBOL HALF REST;So;0;L;;;;;N;;;;; +1D13D;MUSICAL SYMBOL QUARTER REST;So;0;L;;;;;N;;;;; +1D13E;MUSICAL SYMBOL EIGHTH REST;So;0;L;;;;;N;;;;; +1D13F;MUSICAL SYMBOL SIXTEENTH REST;So;0;L;;;;;N;;;;; +1D140;MUSICAL SYMBOL THIRTY-SECOND REST;So;0;L;;;;;N;;;;; +1D141;MUSICAL SYMBOL SIXTY-FOURTH REST;So;0;L;;;;;N;;;;; +1D142;MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH REST;So;0;L;;;;;N;;;;; +1D143;MUSICAL SYMBOL X NOTEHEAD;So;0;L;;;;;N;;;;; +1D144;MUSICAL SYMBOL PLUS NOTEHEAD;So;0;L;;;;;N;;;;; +1D145;MUSICAL SYMBOL CIRCLE X NOTEHEAD;So;0;L;;;;;N;;;;; +1D146;MUSICAL SYMBOL SQUARE NOTEHEAD WHITE;So;0;L;;;;;N;;;;; +1D147;MUSICAL SYMBOL SQUARE NOTEHEAD BLACK;So;0;L;;;;;N;;;;; +1D148;MUSICAL SYMBOL TRIANGLE NOTEHEAD UP WHITE;So;0;L;;;;;N;;;;; +1D149;MUSICAL SYMBOL TRIANGLE NOTEHEAD UP BLACK;So;0;L;;;;;N;;;;; +1D14A;MUSICAL SYMBOL TRIANGLE NOTEHEAD LEFT WHITE;So;0;L;;;;;N;;;;; +1D14B;MUSICAL SYMBOL TRIANGLE NOTEHEAD LEFT BLACK;So;0;L;;;;;N;;;;; +1D14C;MUSICAL SYMBOL TRIANGLE NOTEHEAD RIGHT WHITE;So;0;L;;;;;N;;;;; +1D14D;MUSICAL SYMBOL TRIANGLE NOTEHEAD RIGHT BLACK;So;0;L;;;;;N;;;;; +1D14E;MUSICAL SYMBOL TRIANGLE NOTEHEAD DOWN WHITE;So;0;L;;;;;N;;;;; +1D14F;MUSICAL SYMBOL TRIANGLE NOTEHEAD DOWN BLACK;So;0;L;;;;;N;;;;; +1D150;MUSICAL SYMBOL TRIANGLE NOTEHEAD UP RIGHT WHITE;So;0;L;;;;;N;;;;; +1D151;MUSICAL SYMBOL TRIANGLE NOTEHEAD UP RIGHT BLACK;So;0;L;;;;;N;;;;; +1D152;MUSICAL SYMBOL MOON NOTEHEAD WHITE;So;0;L;;;;;N;;;;; +1D153;MUSICAL SYMBOL MOON NOTEHEAD BLACK;So;0;L;;;;;N;;;;; +1D154;MUSICAL SYMBOL TRIANGLE-ROUND NOTEHEAD DOWN WHITE;So;0;L;;;;;N;;;;; +1D155;MUSICAL SYMBOL TRIANGLE-ROUND NOTEHEAD DOWN BLACK;So;0;L;;;;;N;;;;; +1D156;MUSICAL SYMBOL PARENTHESIS NOTEHEAD;So;0;L;;;;;N;;;;; +1D157;MUSICAL SYMBOL VOID NOTEHEAD;So;0;L;;;;;N;;;;; +1D158;MUSICAL SYMBOL NOTEHEAD BLACK;So;0;L;;;;;N;;;;; +1D159;MUSICAL SYMBOL NULL NOTEHEAD;So;0;L;;;;;N;;;;; +1D15A;MUSICAL SYMBOL CLUSTER NOTEHEAD WHITE;So;0;L;;;;;N;;;;; +1D15B;MUSICAL SYMBOL CLUSTER NOTEHEAD BLACK;So;0;L;;;;;N;;;;; +1D15C;MUSICAL SYMBOL BREVE;So;0;L;;;;;N;;;;; +1D15D;MUSICAL SYMBOL WHOLE NOTE;So;0;L;;;;;N;;;;; +1D15E;MUSICAL SYMBOL HALF NOTE;So;0;L;1D157 1D165;;;;N;;;;; +1D15F;MUSICAL SYMBOL QUARTER NOTE;So;0;L;1D158 1D165;;;;N;;;;; +1D160;MUSICAL SYMBOL EIGHTH NOTE;So;0;L;1D15F 1D16E;;;;N;;;;; +1D161;MUSICAL SYMBOL SIXTEENTH NOTE;So;0;L;1D15F 1D16F;;;;N;;;;; +1D162;MUSICAL SYMBOL THIRTY-SECOND NOTE;So;0;L;1D15F 1D170;;;;N;;;;; +1D163;MUSICAL SYMBOL SIXTY-FOURTH NOTE;So;0;L;1D15F 1D171;;;;N;;;;; +1D164;MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE;So;0;L;1D15F 1D172;;;;N;;;;; +1D165;MUSICAL SYMBOL COMBINING STEM;Mc;216;L;;;;;N;;;;; +1D166;MUSICAL SYMBOL COMBINING SPRECHGESANG STEM;Mc;216;L;;;;;N;;;;; +1D167;MUSICAL SYMBOL COMBINING TREMOLO-1;Mn;1;NSM;;;;;N;;;;; +1D168;MUSICAL SYMBOL COMBINING TREMOLO-2;Mn;1;NSM;;;;;N;;;;; +1D169;MUSICAL SYMBOL COMBINING TREMOLO-3;Mn;1;NSM;;;;;N;;;;; +1D16A;MUSICAL SYMBOL FINGERED TREMOLO-1;So;0;L;;;;;N;;;;; +1D16B;MUSICAL SYMBOL FINGERED TREMOLO-2;So;0;L;;;;;N;;;;; +1D16C;MUSICAL SYMBOL FINGERED TREMOLO-3;So;0;L;;;;;N;;;;; +1D16D;MUSICAL SYMBOL COMBINING AUGMENTATION DOT;Mc;226;L;;;;;N;;;;; +1D16E;MUSICAL SYMBOL COMBINING FLAG-1;Mc;216;L;;;;;N;;;;; +1D16F;MUSICAL SYMBOL COMBINING FLAG-2;Mc;216;L;;;;;N;;;;; +1D170;MUSICAL SYMBOL COMBINING FLAG-3;Mc;216;L;;;;;N;;;;; +1D171;MUSICAL SYMBOL COMBINING FLAG-4;Mc;216;L;;;;;N;;;;; +1D172;MUSICAL SYMBOL COMBINING FLAG-5;Mc;216;L;;;;;N;;;;; +1D173;MUSICAL SYMBOL BEGIN BEAM;Cf;0;BN;;;;;N;;;;; +1D174;MUSICAL SYMBOL END BEAM;Cf;0;BN;;;;;N;;;;; +1D175;MUSICAL SYMBOL BEGIN TIE;Cf;0;BN;;;;;N;;;;; +1D176;MUSICAL SYMBOL END TIE;Cf;0;BN;;;;;N;;;;; +1D177;MUSICAL SYMBOL BEGIN SLUR;Cf;0;BN;;;;;N;;;;; +1D178;MUSICAL SYMBOL END SLUR;Cf;0;BN;;;;;N;;;;; +1D179;MUSICAL SYMBOL BEGIN PHRASE;Cf;0;BN;;;;;N;;;;; +1D17A;MUSICAL SYMBOL END PHRASE;Cf;0;BN;;;;;N;;;;; +1D17B;MUSICAL SYMBOL COMBINING ACCENT;Mn;220;NSM;;;;;N;;;;; +1D17C;MUSICAL SYMBOL COMBINING STACCATO;Mn;220;NSM;;;;;N;;;;; +1D17D;MUSICAL SYMBOL COMBINING TENUTO;Mn;220;NSM;;;;;N;;;;; +1D17E;MUSICAL SYMBOL COMBINING STACCATISSIMO;Mn;220;NSM;;;;;N;;;;; +1D17F;MUSICAL SYMBOL COMBINING MARCATO;Mn;220;NSM;;;;;N;;;;; +1D180;MUSICAL SYMBOL COMBINING MARCATO-STACCATO;Mn;220;NSM;;;;;N;;;;; +1D181;MUSICAL SYMBOL COMBINING ACCENT-STACCATO;Mn;220;NSM;;;;;N;;;;; +1D182;MUSICAL SYMBOL COMBINING LOURE;Mn;220;NSM;;;;;N;;;;; +1D183;MUSICAL SYMBOL ARPEGGIATO UP;So;0;L;;;;;N;;;;; +1D184;MUSICAL SYMBOL ARPEGGIATO DOWN;So;0;L;;;;;N;;;;; +1D185;MUSICAL SYMBOL COMBINING DOIT;Mn;230;NSM;;;;;N;;;;; +1D186;MUSICAL SYMBOL COMBINING RIP;Mn;230;NSM;;;;;N;;;;; +1D187;MUSICAL SYMBOL COMBINING FLIP;Mn;230;NSM;;;;;N;;;;; +1D188;MUSICAL SYMBOL COMBINING SMEAR;Mn;230;NSM;;;;;N;;;;; +1D189;MUSICAL SYMBOL COMBINING BEND;Mn;230;NSM;;;;;N;;;;; +1D18A;MUSICAL SYMBOL COMBINING DOUBLE TONGUE;Mn;220;NSM;;;;;N;;;;; +1D18B;MUSICAL SYMBOL COMBINING TRIPLE TONGUE;Mn;220;NSM;;;;;N;;;;; +1D18C;MUSICAL SYMBOL RINFORZANDO;So;0;L;;;;;N;;;;; +1D18D;MUSICAL SYMBOL SUBITO;So;0;L;;;;;N;;;;; +1D18E;MUSICAL SYMBOL Z;So;0;L;;;;;N;;;;; +1D18F;MUSICAL SYMBOL PIANO;So;0;L;;;;;N;;;;; +1D190;MUSICAL SYMBOL MEZZO;So;0;L;;;;;N;;;;; +1D191;MUSICAL SYMBOL FORTE;So;0;L;;;;;N;;;;; +1D192;MUSICAL SYMBOL CRESCENDO;So;0;L;;;;;N;;;;; +1D193;MUSICAL SYMBOL DECRESCENDO;So;0;L;;;;;N;;;;; +1D194;MUSICAL SYMBOL GRACE NOTE SLASH;So;0;L;;;;;N;;;;; +1D195;MUSICAL SYMBOL GRACE NOTE NO SLASH;So;0;L;;;;;N;;;;; +1D196;MUSICAL SYMBOL TR;So;0;L;;;;;N;;;;; +1D197;MUSICAL SYMBOL TURN;So;0;L;;;;;N;;;;; +1D198;MUSICAL SYMBOL INVERTED TURN;So;0;L;;;;;N;;;;; +1D199;MUSICAL SYMBOL TURN SLASH;So;0;L;;;;;N;;;;; +1D19A;MUSICAL SYMBOL TURN UP;So;0;L;;;;;N;;;;; +1D19B;MUSICAL SYMBOL ORNAMENT STROKE-1;So;0;L;;;;;N;;;;; +1D19C;MUSICAL SYMBOL ORNAMENT STROKE-2;So;0;L;;;;;N;;;;; +1D19D;MUSICAL SYMBOL ORNAMENT STROKE-3;So;0;L;;;;;N;;;;; +1D19E;MUSICAL SYMBOL ORNAMENT STROKE-4;So;0;L;;;;;N;;;;; +1D19F;MUSICAL SYMBOL ORNAMENT STROKE-5;So;0;L;;;;;N;;;;; +1D1A0;MUSICAL SYMBOL ORNAMENT STROKE-6;So;0;L;;;;;N;;;;; +1D1A1;MUSICAL SYMBOL ORNAMENT STROKE-7;So;0;L;;;;;N;;;;; +1D1A2;MUSICAL SYMBOL ORNAMENT STROKE-8;So;0;L;;;;;N;;;;; +1D1A3;MUSICAL SYMBOL ORNAMENT STROKE-9;So;0;L;;;;;N;;;;; +1D1A4;MUSICAL SYMBOL ORNAMENT STROKE-10;So;0;L;;;;;N;;;;; +1D1A5;MUSICAL SYMBOL ORNAMENT STROKE-11;So;0;L;;;;;N;;;;; +1D1A6;MUSICAL SYMBOL HAUPTSTIMME;So;0;L;;;;;N;;;;; +1D1A7;MUSICAL SYMBOL NEBENSTIMME;So;0;L;;;;;N;;;;; +1D1A8;MUSICAL SYMBOL END OF STIMME;So;0;L;;;;;N;;;;; +1D1A9;MUSICAL SYMBOL DEGREE SLASH;So;0;L;;;;;N;;;;; +1D1AA;MUSICAL SYMBOL COMBINING DOWN BOW;Mn;230;NSM;;;;;N;;;;; +1D1AB;MUSICAL SYMBOL COMBINING UP BOW;Mn;230;NSM;;;;;N;;;;; +1D1AC;MUSICAL SYMBOL COMBINING HARMONIC;Mn;230;NSM;;;;;N;;;;; +1D1AD;MUSICAL SYMBOL COMBINING SNAP PIZZICATO;Mn;230;NSM;;;;;N;;;;; +1D1AE;MUSICAL SYMBOL PEDAL MARK;So;0;L;;;;;N;;;;; +1D1AF;MUSICAL SYMBOL PEDAL UP MARK;So;0;L;;;;;N;;;;; +1D1B0;MUSICAL SYMBOL HALF PEDAL MARK;So;0;L;;;;;N;;;;; +1D1B1;MUSICAL SYMBOL GLISSANDO UP;So;0;L;;;;;N;;;;; +1D1B2;MUSICAL SYMBOL GLISSANDO DOWN;So;0;L;;;;;N;;;;; +1D1B3;MUSICAL SYMBOL WITH FINGERNAILS;So;0;L;;;;;N;;;;; +1D1B4;MUSICAL SYMBOL DAMP;So;0;L;;;;;N;;;;; +1D1B5;MUSICAL SYMBOL DAMP ALL;So;0;L;;;;;N;;;;; +1D1B6;MUSICAL SYMBOL MAXIMA;So;0;L;;;;;N;;;;; +1D1B7;MUSICAL SYMBOL LONGA;So;0;L;;;;;N;;;;; +1D1B8;MUSICAL SYMBOL BREVIS;So;0;L;;;;;N;;;;; +1D1B9;MUSICAL SYMBOL SEMIBREVIS WHITE;So;0;L;;;;;N;;;;; +1D1BA;MUSICAL SYMBOL SEMIBREVIS BLACK;So;0;L;;;;;N;;;;; +1D1BB;MUSICAL SYMBOL MINIMA;So;0;L;1D1B9 1D165;;;;N;;;;; +1D1BC;MUSICAL SYMBOL MINIMA BLACK;So;0;L;1D1BA 1D165;;;;N;;;;; +1D1BD;MUSICAL SYMBOL SEMIMINIMA WHITE;So;0;L;1D1BB 1D16E;;;;N;;;;; +1D1BE;MUSICAL SYMBOL SEMIMINIMA BLACK;So;0;L;1D1BC 1D16E;;;;N;;;;; +1D1BF;MUSICAL SYMBOL FUSA WHITE;So;0;L;1D1BB 1D16F;;;;N;;;;; +1D1C0;MUSICAL SYMBOL FUSA BLACK;So;0;L;1D1BC 1D16F;;;;N;;;;; +1D1C1;MUSICAL SYMBOL LONGA PERFECTA REST;So;0;L;;;;;N;;;;; +1D1C2;MUSICAL SYMBOL LONGA IMPERFECTA REST;So;0;L;;;;;N;;;;; +1D1C3;MUSICAL SYMBOL BREVIS REST;So;0;L;;;;;N;;;;; +1D1C4;MUSICAL SYMBOL SEMIBREVIS REST;So;0;L;;;;;N;;;;; +1D1C5;MUSICAL SYMBOL MINIMA REST;So;0;L;;;;;N;;;;; +1D1C6;MUSICAL SYMBOL SEMIMINIMA REST;So;0;L;;;;;N;;;;; +1D1C7;MUSICAL SYMBOL TEMPUS PERFECTUM CUM PROLATIONE PERFECTA;So;0;L;;;;;N;;;;; +1D1C8;MUSICAL SYMBOL TEMPUS PERFECTUM CUM PROLATIONE IMPERFECTA;So;0;L;;;;;N;;;;; +1D1C9;MUSICAL SYMBOL TEMPUS PERFECTUM CUM PROLATIONE PERFECTA DIMINUTION-1;So;0;L;;;;;N;;;;; +1D1CA;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE PERFECTA;So;0;L;;;;;N;;;;; +1D1CB;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE IMPERFECTA;So;0;L;;;;;N;;;;; +1D1CC;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE IMPERFECTA DIMINUTION-1;So;0;L;;;;;N;;;;; +1D1CD;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE IMPERFECTA DIMINUTION-2;So;0;L;;;;;N;;;;; +1D1CE;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE IMPERFECTA DIMINUTION-3;So;0;L;;;;;N;;;;; +1D1CF;MUSICAL SYMBOL CROIX;So;0;L;;;;;N;;;;; +1D1D0;MUSICAL SYMBOL GREGORIAN C CLEF;So;0;L;;;;;N;;;;; +1D1D1;MUSICAL SYMBOL GREGORIAN F CLEF;So;0;L;;;;;N;;;;; +1D1D2;MUSICAL SYMBOL SQUARE B;So;0;L;;;;;N;;;;; +1D1D3;MUSICAL SYMBOL VIRGA;So;0;L;;;;;N;;;;; +1D1D4;MUSICAL SYMBOL PODATUS;So;0;L;;;;;N;;;;; +1D1D5;MUSICAL SYMBOL CLIVIS;So;0;L;;;;;N;;;;; +1D1D6;MUSICAL SYMBOL SCANDICUS;So;0;L;;;;;N;;;;; +1D1D7;MUSICAL SYMBOL CLIMACUS;So;0;L;;;;;N;;;;; +1D1D8;MUSICAL SYMBOL TORCULUS;So;0;L;;;;;N;;;;; +1D1D9;MUSICAL SYMBOL PORRECTUS;So;0;L;;;;;N;;;;; +1D1DA;MUSICAL SYMBOL PORRECTUS FLEXUS;So;0;L;;;;;N;;;;; +1D1DB;MUSICAL SYMBOL SCANDICUS FLEXUS;So;0;L;;;;;N;;;;; +1D1DC;MUSICAL SYMBOL TORCULUS RESUPINUS;So;0;L;;;;;N;;;;; +1D1DD;MUSICAL SYMBOL PES SUBPUNCTIS;So;0;L;;;;;N;;;;; +1D300;MONOGRAM FOR EARTH;So;0;ON;;;;;N;;;;; +1D301;DIGRAM FOR HEAVENLY EARTH;So;0;ON;;;;;N;;;;; +1D302;DIGRAM FOR HUMAN EARTH;So;0;ON;;;;;N;;;;; +1D303;DIGRAM FOR EARTHLY HEAVEN;So;0;ON;;;;;N;;;;; +1D304;DIGRAM FOR EARTHLY HUMAN;So;0;ON;;;;;N;;;;; +1D305;DIGRAM FOR EARTH;So;0;ON;;;;;N;;;;; +1D306;TETRAGRAM FOR CENTRE;So;0;ON;;;;;N;;;;; +1D307;TETRAGRAM FOR FULL CIRCLE;So;0;ON;;;;;N;;;;; +1D308;TETRAGRAM FOR MIRED;So;0;ON;;;;;N;;;;; +1D309;TETRAGRAM FOR BARRIER;So;0;ON;;;;;N;;;;; +1D30A;TETRAGRAM FOR KEEPING SMALL;So;0;ON;;;;;N;;;;; +1D30B;TETRAGRAM FOR CONTRARIETY;So;0;ON;;;;;N;;;;; +1D30C;TETRAGRAM FOR ASCENT;So;0;ON;;;;;N;;;;; +1D30D;TETRAGRAM FOR OPPOSITION;So;0;ON;;;;;N;;;;; +1D30E;TETRAGRAM FOR BRANCHING OUT;So;0;ON;;;;;N;;;;; +1D30F;TETRAGRAM FOR DEFECTIVENESS OR DISTORTION;So;0;ON;;;;;N;;;;; +1D310;TETRAGRAM FOR DIVERGENCE;So;0;ON;;;;;N;;;;; +1D311;TETRAGRAM FOR YOUTHFULNESS;So;0;ON;;;;;N;;;;; +1D312;TETRAGRAM FOR INCREASE;So;0;ON;;;;;N;;;;; +1D313;TETRAGRAM FOR PENETRATION;So;0;ON;;;;;N;;;;; +1D314;TETRAGRAM FOR REACH;So;0;ON;;;;;N;;;;; +1D315;TETRAGRAM FOR CONTACT;So;0;ON;;;;;N;;;;; +1D316;TETRAGRAM FOR HOLDING BACK;So;0;ON;;;;;N;;;;; +1D317;TETRAGRAM FOR WAITING;So;0;ON;;;;;N;;;;; +1D318;TETRAGRAM FOR FOLLOWING;So;0;ON;;;;;N;;;;; +1D319;TETRAGRAM FOR ADVANCE;So;0;ON;;;;;N;;;;; +1D31A;TETRAGRAM FOR RELEASE;So;0;ON;;;;;N;;;;; +1D31B;TETRAGRAM FOR RESISTANCE;So;0;ON;;;;;N;;;;; +1D31C;TETRAGRAM FOR EASE;So;0;ON;;;;;N;;;;; +1D31D;TETRAGRAM FOR JOY;So;0;ON;;;;;N;;;;; +1D31E;TETRAGRAM FOR CONTENTION;So;0;ON;;;;;N;;;;; +1D31F;TETRAGRAM FOR ENDEAVOUR;So;0;ON;;;;;N;;;;; +1D320;TETRAGRAM FOR DUTIES;So;0;ON;;;;;N;;;;; +1D321;TETRAGRAM FOR CHANGE;So;0;ON;;;;;N;;;;; +1D322;TETRAGRAM FOR DECISIVENESS;So;0;ON;;;;;N;;;;; +1D323;TETRAGRAM FOR BOLD RESOLUTION;So;0;ON;;;;;N;;;;; +1D324;TETRAGRAM FOR PACKING;So;0;ON;;;;;N;;;;; +1D325;TETRAGRAM FOR LEGION;So;0;ON;;;;;N;;;;; +1D326;TETRAGRAM FOR CLOSENESS;So;0;ON;;;;;N;;;;; +1D327;TETRAGRAM FOR KINSHIP;So;0;ON;;;;;N;;;;; +1D328;TETRAGRAM FOR GATHERING;So;0;ON;;;;;N;;;;; +1D329;TETRAGRAM FOR STRENGTH;So;0;ON;;;;;N;;;;; +1D32A;TETRAGRAM FOR PURITY;So;0;ON;;;;;N;;;;; +1D32B;TETRAGRAM FOR FULLNESS;So;0;ON;;;;;N;;;;; +1D32C;TETRAGRAM FOR RESIDENCE;So;0;ON;;;;;N;;;;; +1D32D;TETRAGRAM FOR LAW OR MODEL;So;0;ON;;;;;N;;;;; +1D32E;TETRAGRAM FOR RESPONSE;So;0;ON;;;;;N;;;;; +1D32F;TETRAGRAM FOR GOING TO MEET;So;0;ON;;;;;N;;;;; +1D330;TETRAGRAM FOR ENCOUNTERS;So;0;ON;;;;;N;;;;; +1D331;TETRAGRAM FOR STOVE;So;0;ON;;;;;N;;;;; +1D332;TETRAGRAM FOR GREATNESS;So;0;ON;;;;;N;;;;; +1D333;TETRAGRAM FOR ENLARGEMENT;So;0;ON;;;;;N;;;;; +1D334;TETRAGRAM FOR PATTERN;So;0;ON;;;;;N;;;;; +1D335;TETRAGRAM FOR RITUAL;So;0;ON;;;;;N;;;;; +1D336;TETRAGRAM FOR FLIGHT;So;0;ON;;;;;N;;;;; +1D337;TETRAGRAM FOR VASTNESS OR WASTING;So;0;ON;;;;;N;;;;; +1D338;TETRAGRAM FOR CONSTANCY;So;0;ON;;;;;N;;;;; +1D339;TETRAGRAM FOR MEASURE;So;0;ON;;;;;N;;;;; +1D33A;TETRAGRAM FOR ETERNITY;So;0;ON;;;;;N;;;;; +1D33B;TETRAGRAM FOR UNITY;So;0;ON;;;;;N;;;;; +1D33C;TETRAGRAM FOR DIMINISHMENT;So;0;ON;;;;;N;;;;; +1D33D;TETRAGRAM FOR CLOSED MOUTH;So;0;ON;;;;;N;;;;; +1D33E;TETRAGRAM FOR GUARDEDNESS;So;0;ON;;;;;N;;;;; +1D33F;TETRAGRAM FOR GATHERING IN;So;0;ON;;;;;N;;;;; +1D340;TETRAGRAM FOR MASSING;So;0;ON;;;;;N;;;;; +1D341;TETRAGRAM FOR ACCUMULATION;So;0;ON;;;;;N;;;;; +1D342;TETRAGRAM FOR EMBELLISHMENT;So;0;ON;;;;;N;;;;; +1D343;TETRAGRAM FOR DOUBT;So;0;ON;;;;;N;;;;; +1D344;TETRAGRAM FOR WATCH;So;0;ON;;;;;N;;;;; +1D345;TETRAGRAM FOR SINKING;So;0;ON;;;;;N;;;;; +1D346;TETRAGRAM FOR INNER;So;0;ON;;;;;N;;;;; +1D347;TETRAGRAM FOR DEPARTURE;So;0;ON;;;;;N;;;;; +1D348;TETRAGRAM FOR DARKENING;So;0;ON;;;;;N;;;;; +1D349;TETRAGRAM FOR DIMMING;So;0;ON;;;;;N;;;;; +1D34A;TETRAGRAM FOR EXHAUSTION;So;0;ON;;;;;N;;;;; +1D34B;TETRAGRAM FOR SEVERANCE;So;0;ON;;;;;N;;;;; +1D34C;TETRAGRAM FOR STOPPAGE;So;0;ON;;;;;N;;;;; +1D34D;TETRAGRAM FOR HARDNESS;So;0;ON;;;;;N;;;;; +1D34E;TETRAGRAM FOR COMPLETION;So;0;ON;;;;;N;;;;; +1D34F;TETRAGRAM FOR CLOSURE;So;0;ON;;;;;N;;;;; +1D350;TETRAGRAM FOR FAILURE;So;0;ON;;;;;N;;;;; +1D351;TETRAGRAM FOR AGGRAVATION;So;0;ON;;;;;N;;;;; +1D352;TETRAGRAM FOR COMPLIANCE;So;0;ON;;;;;N;;;;; +1D353;TETRAGRAM FOR ON THE VERGE;So;0;ON;;;;;N;;;;; +1D354;TETRAGRAM FOR DIFFICULTIES;So;0;ON;;;;;N;;;;; +1D355;TETRAGRAM FOR LABOURING;So;0;ON;;;;;N;;;;; +1D356;TETRAGRAM FOR FOSTERING;So;0;ON;;;;;N;;;;; +1D400;MATHEMATICAL BOLD CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D401;MATHEMATICAL BOLD CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D402;MATHEMATICAL BOLD CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D403;MATHEMATICAL BOLD CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D404;MATHEMATICAL BOLD CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D405;MATHEMATICAL BOLD CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D406;MATHEMATICAL BOLD CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D407;MATHEMATICAL BOLD CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D408;MATHEMATICAL BOLD CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D409;MATHEMATICAL BOLD CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D40A;MATHEMATICAL BOLD CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D40B;MATHEMATICAL BOLD CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D40C;MATHEMATICAL BOLD CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D40D;MATHEMATICAL BOLD CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D40E;MATHEMATICAL BOLD CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D40F;MATHEMATICAL BOLD CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D410;MATHEMATICAL BOLD CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D411;MATHEMATICAL BOLD CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D412;MATHEMATICAL BOLD CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D413;MATHEMATICAL BOLD CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D414;MATHEMATICAL BOLD CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D415;MATHEMATICAL BOLD CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D416;MATHEMATICAL BOLD CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D417;MATHEMATICAL BOLD CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D418;MATHEMATICAL BOLD CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D419;MATHEMATICAL BOLD CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D41A;MATHEMATICAL BOLD SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D41B;MATHEMATICAL BOLD SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D41C;MATHEMATICAL BOLD SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D41D;MATHEMATICAL BOLD SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D41E;MATHEMATICAL BOLD SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D41F;MATHEMATICAL BOLD SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D420;MATHEMATICAL BOLD SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D421;MATHEMATICAL BOLD SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D422;MATHEMATICAL BOLD SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D423;MATHEMATICAL BOLD SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D424;MATHEMATICAL BOLD SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D425;MATHEMATICAL BOLD SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D426;MATHEMATICAL BOLD SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D427;MATHEMATICAL BOLD SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D428;MATHEMATICAL BOLD SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D429;MATHEMATICAL BOLD SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D42A;MATHEMATICAL BOLD SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D42B;MATHEMATICAL BOLD SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D42C;MATHEMATICAL BOLD SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D42D;MATHEMATICAL BOLD SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D42E;MATHEMATICAL BOLD SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D42F;MATHEMATICAL BOLD SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D430;MATHEMATICAL BOLD SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D431;MATHEMATICAL BOLD SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D432;MATHEMATICAL BOLD SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D433;MATHEMATICAL BOLD SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D434;MATHEMATICAL ITALIC CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D435;MATHEMATICAL ITALIC CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D436;MATHEMATICAL ITALIC CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D437;MATHEMATICAL ITALIC CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D438;MATHEMATICAL ITALIC CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D439;MATHEMATICAL ITALIC CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D43A;MATHEMATICAL ITALIC CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D43B;MATHEMATICAL ITALIC CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D43C;MATHEMATICAL ITALIC CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D43D;MATHEMATICAL ITALIC CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D43E;MATHEMATICAL ITALIC CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D43F;MATHEMATICAL ITALIC CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D440;MATHEMATICAL ITALIC CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D441;MATHEMATICAL ITALIC CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D442;MATHEMATICAL ITALIC CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D443;MATHEMATICAL ITALIC CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D444;MATHEMATICAL ITALIC CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D445;MATHEMATICAL ITALIC CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D446;MATHEMATICAL ITALIC CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D447;MATHEMATICAL ITALIC CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D448;MATHEMATICAL ITALIC CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D449;MATHEMATICAL ITALIC CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D44A;MATHEMATICAL ITALIC CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D44B;MATHEMATICAL ITALIC CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D44C;MATHEMATICAL ITALIC CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D44D;MATHEMATICAL ITALIC CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D44E;MATHEMATICAL ITALIC SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D44F;MATHEMATICAL ITALIC SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D450;MATHEMATICAL ITALIC SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D451;MATHEMATICAL ITALIC SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D452;MATHEMATICAL ITALIC SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D453;MATHEMATICAL ITALIC SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D454;MATHEMATICAL ITALIC SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D456;MATHEMATICAL ITALIC SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D457;MATHEMATICAL ITALIC SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D458;MATHEMATICAL ITALIC SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D459;MATHEMATICAL ITALIC SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D45A;MATHEMATICAL ITALIC SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D45B;MATHEMATICAL ITALIC SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D45C;MATHEMATICAL ITALIC SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D45D;MATHEMATICAL ITALIC SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D45E;MATHEMATICAL ITALIC SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D45F;MATHEMATICAL ITALIC SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D460;MATHEMATICAL ITALIC SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D461;MATHEMATICAL ITALIC SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D462;MATHEMATICAL ITALIC SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D463;MATHEMATICAL ITALIC SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D464;MATHEMATICAL ITALIC SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D465;MATHEMATICAL ITALIC SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D466;MATHEMATICAL ITALIC SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D467;MATHEMATICAL ITALIC SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D468;MATHEMATICAL BOLD ITALIC CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D469;MATHEMATICAL BOLD ITALIC CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D46A;MATHEMATICAL BOLD ITALIC CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D46B;MATHEMATICAL BOLD ITALIC CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D46C;MATHEMATICAL BOLD ITALIC CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D46D;MATHEMATICAL BOLD ITALIC CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D46E;MATHEMATICAL BOLD ITALIC CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D46F;MATHEMATICAL BOLD ITALIC CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D470;MATHEMATICAL BOLD ITALIC CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D471;MATHEMATICAL BOLD ITALIC CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D472;MATHEMATICAL BOLD ITALIC CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D473;MATHEMATICAL BOLD ITALIC CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D474;MATHEMATICAL BOLD ITALIC CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D475;MATHEMATICAL BOLD ITALIC CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D476;MATHEMATICAL BOLD ITALIC CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D477;MATHEMATICAL BOLD ITALIC CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D478;MATHEMATICAL BOLD ITALIC CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D479;MATHEMATICAL BOLD ITALIC CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D47A;MATHEMATICAL BOLD ITALIC CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D47B;MATHEMATICAL BOLD ITALIC CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D47C;MATHEMATICAL BOLD ITALIC CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D47D;MATHEMATICAL BOLD ITALIC CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D47E;MATHEMATICAL BOLD ITALIC CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D47F;MATHEMATICAL BOLD ITALIC CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D480;MATHEMATICAL BOLD ITALIC CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D481;MATHEMATICAL BOLD ITALIC CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D482;MATHEMATICAL BOLD ITALIC SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D483;MATHEMATICAL BOLD ITALIC SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D484;MATHEMATICAL BOLD ITALIC SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D485;MATHEMATICAL BOLD ITALIC SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D486;MATHEMATICAL BOLD ITALIC SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D487;MATHEMATICAL BOLD ITALIC SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D488;MATHEMATICAL BOLD ITALIC SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D489;MATHEMATICAL BOLD ITALIC SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D48A;MATHEMATICAL BOLD ITALIC SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D48B;MATHEMATICAL BOLD ITALIC SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D48C;MATHEMATICAL BOLD ITALIC SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D48D;MATHEMATICAL BOLD ITALIC SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D48E;MATHEMATICAL BOLD ITALIC SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D48F;MATHEMATICAL BOLD ITALIC SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D490;MATHEMATICAL BOLD ITALIC SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D491;MATHEMATICAL BOLD ITALIC SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D492;MATHEMATICAL BOLD ITALIC SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D493;MATHEMATICAL BOLD ITALIC SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D494;MATHEMATICAL BOLD ITALIC SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D495;MATHEMATICAL BOLD ITALIC SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D496;MATHEMATICAL BOLD ITALIC SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D497;MATHEMATICAL BOLD ITALIC SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D498;MATHEMATICAL BOLD ITALIC SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D499;MATHEMATICAL BOLD ITALIC SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D49A;MATHEMATICAL BOLD ITALIC SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D49B;MATHEMATICAL BOLD ITALIC SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D49C;MATHEMATICAL SCRIPT CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D49E;MATHEMATICAL SCRIPT CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D49F;MATHEMATICAL SCRIPT CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D4A2;MATHEMATICAL SCRIPT CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D4A5;MATHEMATICAL SCRIPT CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D4A6;MATHEMATICAL SCRIPT CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D4A9;MATHEMATICAL SCRIPT CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D4AA;MATHEMATICAL SCRIPT CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D4AB;MATHEMATICAL SCRIPT CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D4AC;MATHEMATICAL SCRIPT CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D4AE;MATHEMATICAL SCRIPT CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D4AF;MATHEMATICAL SCRIPT CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D4B0;MATHEMATICAL SCRIPT CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D4B1;MATHEMATICAL SCRIPT CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D4B2;MATHEMATICAL SCRIPT CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D4B3;MATHEMATICAL SCRIPT CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D4B4;MATHEMATICAL SCRIPT CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D4B5;MATHEMATICAL SCRIPT CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D4B6;MATHEMATICAL SCRIPT SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D4B7;MATHEMATICAL SCRIPT SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D4B8;MATHEMATICAL SCRIPT SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D4B9;MATHEMATICAL SCRIPT SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D4BB;MATHEMATICAL SCRIPT SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D4BD;MATHEMATICAL SCRIPT SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D4BE;MATHEMATICAL SCRIPT SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D4BF;MATHEMATICAL SCRIPT SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D4C0;MATHEMATICAL SCRIPT SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D4C1;MATHEMATICAL SCRIPT SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D4C2;MATHEMATICAL SCRIPT SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D4C3;MATHEMATICAL SCRIPT SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D4C5;MATHEMATICAL SCRIPT SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D4C6;MATHEMATICAL SCRIPT SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D4C7;MATHEMATICAL SCRIPT SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D4C8;MATHEMATICAL SCRIPT SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D4C9;MATHEMATICAL SCRIPT SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D4CA;MATHEMATICAL SCRIPT SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D4CB;MATHEMATICAL SCRIPT SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D4CC;MATHEMATICAL SCRIPT SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D4CD;MATHEMATICAL SCRIPT SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D4CE;MATHEMATICAL SCRIPT SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D4CF;MATHEMATICAL SCRIPT SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D4D0;MATHEMATICAL BOLD SCRIPT CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D4D1;MATHEMATICAL BOLD SCRIPT CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D4D2;MATHEMATICAL BOLD SCRIPT CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D4D3;MATHEMATICAL BOLD SCRIPT CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D4D4;MATHEMATICAL BOLD SCRIPT CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D4D5;MATHEMATICAL BOLD SCRIPT CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D4D6;MATHEMATICAL BOLD SCRIPT CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D4D7;MATHEMATICAL BOLD SCRIPT CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D4D8;MATHEMATICAL BOLD SCRIPT CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D4D9;MATHEMATICAL BOLD SCRIPT CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D4DA;MATHEMATICAL BOLD SCRIPT CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D4DB;MATHEMATICAL BOLD SCRIPT CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D4DC;MATHEMATICAL BOLD SCRIPT CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D4DD;MATHEMATICAL BOLD SCRIPT CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D4DE;MATHEMATICAL BOLD SCRIPT CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D4DF;MATHEMATICAL BOLD SCRIPT CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D4E0;MATHEMATICAL BOLD SCRIPT CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D4E1;MATHEMATICAL BOLD SCRIPT CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D4E2;MATHEMATICAL BOLD SCRIPT CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D4E3;MATHEMATICAL BOLD SCRIPT CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D4E4;MATHEMATICAL BOLD SCRIPT CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D4E5;MATHEMATICAL BOLD SCRIPT CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D4E6;MATHEMATICAL BOLD SCRIPT CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D4E7;MATHEMATICAL BOLD SCRIPT CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D4E8;MATHEMATICAL BOLD SCRIPT CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D4E9;MATHEMATICAL BOLD SCRIPT CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D4EA;MATHEMATICAL BOLD SCRIPT SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D4EB;MATHEMATICAL BOLD SCRIPT SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D4EC;MATHEMATICAL BOLD SCRIPT SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D4ED;MATHEMATICAL BOLD SCRIPT SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D4EE;MATHEMATICAL BOLD SCRIPT SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D4EF;MATHEMATICAL BOLD SCRIPT SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D4F0;MATHEMATICAL BOLD SCRIPT SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D4F1;MATHEMATICAL BOLD SCRIPT SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D4F2;MATHEMATICAL BOLD SCRIPT SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D4F3;MATHEMATICAL BOLD SCRIPT SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D4F4;MATHEMATICAL BOLD SCRIPT SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D4F5;MATHEMATICAL BOLD SCRIPT SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D4F6;MATHEMATICAL BOLD SCRIPT SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D4F7;MATHEMATICAL BOLD SCRIPT SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D4F8;MATHEMATICAL BOLD SCRIPT SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D4F9;MATHEMATICAL BOLD SCRIPT SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D4FA;MATHEMATICAL BOLD SCRIPT SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D4FB;MATHEMATICAL BOLD SCRIPT SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D4FC;MATHEMATICAL BOLD SCRIPT SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D4FD;MATHEMATICAL BOLD SCRIPT SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D4FE;MATHEMATICAL BOLD SCRIPT SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D4FF;MATHEMATICAL BOLD SCRIPT SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D500;MATHEMATICAL BOLD SCRIPT SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D501;MATHEMATICAL BOLD SCRIPT SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D502;MATHEMATICAL BOLD SCRIPT SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D503;MATHEMATICAL BOLD SCRIPT SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D504;MATHEMATICAL FRAKTUR CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D505;MATHEMATICAL FRAKTUR CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D507;MATHEMATICAL FRAKTUR CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D508;MATHEMATICAL FRAKTUR CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D509;MATHEMATICAL FRAKTUR CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D50A;MATHEMATICAL FRAKTUR CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D50D;MATHEMATICAL FRAKTUR CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D50E;MATHEMATICAL FRAKTUR CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D50F;MATHEMATICAL FRAKTUR CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D510;MATHEMATICAL FRAKTUR CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D511;MATHEMATICAL FRAKTUR CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D512;MATHEMATICAL FRAKTUR CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D513;MATHEMATICAL FRAKTUR CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D514;MATHEMATICAL FRAKTUR CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D516;MATHEMATICAL FRAKTUR CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D517;MATHEMATICAL FRAKTUR CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D518;MATHEMATICAL FRAKTUR CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D519;MATHEMATICAL FRAKTUR CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D51A;MATHEMATICAL FRAKTUR CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D51B;MATHEMATICAL FRAKTUR CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D51C;MATHEMATICAL FRAKTUR CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D51E;MATHEMATICAL FRAKTUR SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D51F;MATHEMATICAL FRAKTUR SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D520;MATHEMATICAL FRAKTUR SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D521;MATHEMATICAL FRAKTUR SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D522;MATHEMATICAL FRAKTUR SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D523;MATHEMATICAL FRAKTUR SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D524;MATHEMATICAL FRAKTUR SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D525;MATHEMATICAL FRAKTUR SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D526;MATHEMATICAL FRAKTUR SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D527;MATHEMATICAL FRAKTUR SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D528;MATHEMATICAL FRAKTUR SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D529;MATHEMATICAL FRAKTUR SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D52A;MATHEMATICAL FRAKTUR SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D52B;MATHEMATICAL FRAKTUR SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D52C;MATHEMATICAL FRAKTUR SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D52D;MATHEMATICAL FRAKTUR SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D52E;MATHEMATICAL FRAKTUR SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D52F;MATHEMATICAL FRAKTUR SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D530;MATHEMATICAL FRAKTUR SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D531;MATHEMATICAL FRAKTUR SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D532;MATHEMATICAL FRAKTUR SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D533;MATHEMATICAL FRAKTUR SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D534;MATHEMATICAL FRAKTUR SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D535;MATHEMATICAL FRAKTUR SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D536;MATHEMATICAL FRAKTUR SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D537;MATHEMATICAL FRAKTUR SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D538;MATHEMATICAL DOUBLE-STRUCK CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D539;MATHEMATICAL DOUBLE-STRUCK CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D53B;MATHEMATICAL DOUBLE-STRUCK CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D53C;MATHEMATICAL DOUBLE-STRUCK CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D53D;MATHEMATICAL DOUBLE-STRUCK CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D53E;MATHEMATICAL DOUBLE-STRUCK CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D540;MATHEMATICAL DOUBLE-STRUCK CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D541;MATHEMATICAL DOUBLE-STRUCK CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D542;MATHEMATICAL DOUBLE-STRUCK CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D543;MATHEMATICAL DOUBLE-STRUCK CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D544;MATHEMATICAL DOUBLE-STRUCK CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D546;MATHEMATICAL DOUBLE-STRUCK CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D54A;MATHEMATICAL DOUBLE-STRUCK CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D54B;MATHEMATICAL DOUBLE-STRUCK CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D54C;MATHEMATICAL DOUBLE-STRUCK CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D54D;MATHEMATICAL DOUBLE-STRUCK CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D54E;MATHEMATICAL DOUBLE-STRUCK CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D54F;MATHEMATICAL DOUBLE-STRUCK CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D550;MATHEMATICAL DOUBLE-STRUCK CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D552;MATHEMATICAL DOUBLE-STRUCK SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D553;MATHEMATICAL DOUBLE-STRUCK SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D554;MATHEMATICAL DOUBLE-STRUCK SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D555;MATHEMATICAL DOUBLE-STRUCK SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D556;MATHEMATICAL DOUBLE-STRUCK SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D557;MATHEMATICAL DOUBLE-STRUCK SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D558;MATHEMATICAL DOUBLE-STRUCK SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D559;MATHEMATICAL DOUBLE-STRUCK SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D55A;MATHEMATICAL DOUBLE-STRUCK SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D55B;MATHEMATICAL DOUBLE-STRUCK SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D55C;MATHEMATICAL DOUBLE-STRUCK SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D55D;MATHEMATICAL DOUBLE-STRUCK SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D55E;MATHEMATICAL DOUBLE-STRUCK SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D55F;MATHEMATICAL DOUBLE-STRUCK SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D560;MATHEMATICAL DOUBLE-STRUCK SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D561;MATHEMATICAL DOUBLE-STRUCK SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D562;MATHEMATICAL DOUBLE-STRUCK SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D563;MATHEMATICAL DOUBLE-STRUCK SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D564;MATHEMATICAL DOUBLE-STRUCK SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D565;MATHEMATICAL DOUBLE-STRUCK SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D566;MATHEMATICAL DOUBLE-STRUCK SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D567;MATHEMATICAL DOUBLE-STRUCK SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D568;MATHEMATICAL DOUBLE-STRUCK SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D569;MATHEMATICAL DOUBLE-STRUCK SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D56A;MATHEMATICAL DOUBLE-STRUCK SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D56B;MATHEMATICAL DOUBLE-STRUCK SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D56C;MATHEMATICAL BOLD FRAKTUR CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D56D;MATHEMATICAL BOLD FRAKTUR CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D56E;MATHEMATICAL BOLD FRAKTUR CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D56F;MATHEMATICAL BOLD FRAKTUR CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D570;MATHEMATICAL BOLD FRAKTUR CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D571;MATHEMATICAL BOLD FRAKTUR CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D572;MATHEMATICAL BOLD FRAKTUR CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D573;MATHEMATICAL BOLD FRAKTUR CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D574;MATHEMATICAL BOLD FRAKTUR CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D575;MATHEMATICAL BOLD FRAKTUR CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D576;MATHEMATICAL BOLD FRAKTUR CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D577;MATHEMATICAL BOLD FRAKTUR CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D578;MATHEMATICAL BOLD FRAKTUR CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D579;MATHEMATICAL BOLD FRAKTUR CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D57A;MATHEMATICAL BOLD FRAKTUR CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D57B;MATHEMATICAL BOLD FRAKTUR CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D57C;MATHEMATICAL BOLD FRAKTUR CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D57D;MATHEMATICAL BOLD FRAKTUR CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D57E;MATHEMATICAL BOLD FRAKTUR CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D57F;MATHEMATICAL BOLD FRAKTUR CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D580;MATHEMATICAL BOLD FRAKTUR CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D581;MATHEMATICAL BOLD FRAKTUR CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D582;MATHEMATICAL BOLD FRAKTUR CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D583;MATHEMATICAL BOLD FRAKTUR CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D584;MATHEMATICAL BOLD FRAKTUR CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D585;MATHEMATICAL BOLD FRAKTUR CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D586;MATHEMATICAL BOLD FRAKTUR SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D587;MATHEMATICAL BOLD FRAKTUR SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D588;MATHEMATICAL BOLD FRAKTUR SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D589;MATHEMATICAL BOLD FRAKTUR SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D58A;MATHEMATICAL BOLD FRAKTUR SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D58B;MATHEMATICAL BOLD FRAKTUR SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D58C;MATHEMATICAL BOLD FRAKTUR SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D58D;MATHEMATICAL BOLD FRAKTUR SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D58E;MATHEMATICAL BOLD FRAKTUR SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D58F;MATHEMATICAL BOLD FRAKTUR SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D590;MATHEMATICAL BOLD FRAKTUR SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D591;MATHEMATICAL BOLD FRAKTUR SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D592;MATHEMATICAL BOLD FRAKTUR SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D593;MATHEMATICAL BOLD FRAKTUR SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D594;MATHEMATICAL BOLD FRAKTUR SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D595;MATHEMATICAL BOLD FRAKTUR SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D596;MATHEMATICAL BOLD FRAKTUR SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D597;MATHEMATICAL BOLD FRAKTUR SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D598;MATHEMATICAL BOLD FRAKTUR SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D599;MATHEMATICAL BOLD FRAKTUR SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D59A;MATHEMATICAL BOLD FRAKTUR SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D59B;MATHEMATICAL BOLD FRAKTUR SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D59C;MATHEMATICAL BOLD FRAKTUR SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D59D;MATHEMATICAL BOLD FRAKTUR SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D59E;MATHEMATICAL BOLD FRAKTUR SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D59F;MATHEMATICAL BOLD FRAKTUR SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D5A0;MATHEMATICAL SANS-SERIF CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D5A1;MATHEMATICAL SANS-SERIF CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D5A2;MATHEMATICAL SANS-SERIF CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D5A3;MATHEMATICAL SANS-SERIF CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D5A4;MATHEMATICAL SANS-SERIF CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D5A5;MATHEMATICAL SANS-SERIF CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D5A6;MATHEMATICAL SANS-SERIF CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D5A7;MATHEMATICAL SANS-SERIF CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D5A8;MATHEMATICAL SANS-SERIF CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D5A9;MATHEMATICAL SANS-SERIF CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D5AA;MATHEMATICAL SANS-SERIF CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D5AB;MATHEMATICAL SANS-SERIF CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D5AC;MATHEMATICAL SANS-SERIF CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D5AD;MATHEMATICAL SANS-SERIF CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D5AE;MATHEMATICAL SANS-SERIF CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D5AF;MATHEMATICAL SANS-SERIF CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D5B0;MATHEMATICAL SANS-SERIF CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D5B1;MATHEMATICAL SANS-SERIF CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D5B2;MATHEMATICAL SANS-SERIF CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D5B3;MATHEMATICAL SANS-SERIF CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D5B4;MATHEMATICAL SANS-SERIF CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D5B5;MATHEMATICAL SANS-SERIF CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D5B6;MATHEMATICAL SANS-SERIF CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D5B7;MATHEMATICAL SANS-SERIF CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D5B8;MATHEMATICAL SANS-SERIF CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D5B9;MATHEMATICAL SANS-SERIF CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D5BA;MATHEMATICAL SANS-SERIF SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D5BB;MATHEMATICAL SANS-SERIF SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D5BC;MATHEMATICAL SANS-SERIF SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D5BD;MATHEMATICAL SANS-SERIF SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D5BE;MATHEMATICAL SANS-SERIF SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D5BF;MATHEMATICAL SANS-SERIF SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D5C0;MATHEMATICAL SANS-SERIF SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D5C1;MATHEMATICAL SANS-SERIF SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D5C2;MATHEMATICAL SANS-SERIF SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D5C3;MATHEMATICAL SANS-SERIF SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D5C4;MATHEMATICAL SANS-SERIF SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D5C5;MATHEMATICAL SANS-SERIF SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D5C6;MATHEMATICAL SANS-SERIF SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D5C7;MATHEMATICAL SANS-SERIF SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D5C8;MATHEMATICAL SANS-SERIF SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D5C9;MATHEMATICAL SANS-SERIF SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D5CA;MATHEMATICAL SANS-SERIF SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D5CB;MATHEMATICAL SANS-SERIF SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D5CC;MATHEMATICAL SANS-SERIF SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D5CD;MATHEMATICAL SANS-SERIF SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D5CE;MATHEMATICAL SANS-SERIF SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D5CF;MATHEMATICAL SANS-SERIF SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D5D0;MATHEMATICAL SANS-SERIF SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D5D1;MATHEMATICAL SANS-SERIF SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D5D2;MATHEMATICAL SANS-SERIF SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D5D3;MATHEMATICAL SANS-SERIF SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D5D4;MATHEMATICAL SANS-SERIF BOLD CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D5D5;MATHEMATICAL SANS-SERIF BOLD CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D5D6;MATHEMATICAL SANS-SERIF BOLD CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D5D7;MATHEMATICAL SANS-SERIF BOLD CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D5D8;MATHEMATICAL SANS-SERIF BOLD CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D5D9;MATHEMATICAL SANS-SERIF BOLD CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D5DA;MATHEMATICAL SANS-SERIF BOLD CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D5DB;MATHEMATICAL SANS-SERIF BOLD CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D5DC;MATHEMATICAL SANS-SERIF BOLD CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D5DD;MATHEMATICAL SANS-SERIF BOLD CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D5DE;MATHEMATICAL SANS-SERIF BOLD CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D5DF;MATHEMATICAL SANS-SERIF BOLD CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D5E0;MATHEMATICAL SANS-SERIF BOLD CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D5E1;MATHEMATICAL SANS-SERIF BOLD CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D5E2;MATHEMATICAL SANS-SERIF BOLD CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D5E3;MATHEMATICAL SANS-SERIF BOLD CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D5E4;MATHEMATICAL SANS-SERIF BOLD CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D5E5;MATHEMATICAL SANS-SERIF BOLD CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D5E6;MATHEMATICAL SANS-SERIF BOLD CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D5E7;MATHEMATICAL SANS-SERIF BOLD CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D5E8;MATHEMATICAL SANS-SERIF BOLD CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D5E9;MATHEMATICAL SANS-SERIF BOLD CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D5EA;MATHEMATICAL SANS-SERIF BOLD CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D5EB;MATHEMATICAL SANS-SERIF BOLD CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D5EC;MATHEMATICAL SANS-SERIF BOLD CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D5ED;MATHEMATICAL SANS-SERIF BOLD CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D5EE;MATHEMATICAL SANS-SERIF BOLD SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D5EF;MATHEMATICAL SANS-SERIF BOLD SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D5F0;MATHEMATICAL SANS-SERIF BOLD SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D5F1;MATHEMATICAL SANS-SERIF BOLD SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D5F2;MATHEMATICAL SANS-SERIF BOLD SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D5F3;MATHEMATICAL SANS-SERIF BOLD SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D5F4;MATHEMATICAL SANS-SERIF BOLD SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D5F5;MATHEMATICAL SANS-SERIF BOLD SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D5F6;MATHEMATICAL SANS-SERIF BOLD SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D5F7;MATHEMATICAL SANS-SERIF BOLD SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D5F8;MATHEMATICAL SANS-SERIF BOLD SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D5F9;MATHEMATICAL SANS-SERIF BOLD SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D5FA;MATHEMATICAL SANS-SERIF BOLD SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D5FB;MATHEMATICAL SANS-SERIF BOLD SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D5FC;MATHEMATICAL SANS-SERIF BOLD SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D5FD;MATHEMATICAL SANS-SERIF BOLD SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D5FE;MATHEMATICAL SANS-SERIF BOLD SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D5FF;MATHEMATICAL SANS-SERIF BOLD SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D600;MATHEMATICAL SANS-SERIF BOLD SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D601;MATHEMATICAL SANS-SERIF BOLD SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D602;MATHEMATICAL SANS-SERIF BOLD SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D603;MATHEMATICAL SANS-SERIF BOLD SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D604;MATHEMATICAL SANS-SERIF BOLD SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D605;MATHEMATICAL SANS-SERIF BOLD SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D606;MATHEMATICAL SANS-SERIF BOLD SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D607;MATHEMATICAL SANS-SERIF BOLD SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D608;MATHEMATICAL SANS-SERIF ITALIC CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D609;MATHEMATICAL SANS-SERIF ITALIC CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D60A;MATHEMATICAL SANS-SERIF ITALIC CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D60B;MATHEMATICAL SANS-SERIF ITALIC CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D60C;MATHEMATICAL SANS-SERIF ITALIC CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D60D;MATHEMATICAL SANS-SERIF ITALIC CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D60E;MATHEMATICAL SANS-SERIF ITALIC CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D60F;MATHEMATICAL SANS-SERIF ITALIC CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D610;MATHEMATICAL SANS-SERIF ITALIC CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D611;MATHEMATICAL SANS-SERIF ITALIC CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D612;MATHEMATICAL SANS-SERIF ITALIC CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D613;MATHEMATICAL SANS-SERIF ITALIC CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D614;MATHEMATICAL SANS-SERIF ITALIC CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D615;MATHEMATICAL SANS-SERIF ITALIC CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D616;MATHEMATICAL SANS-SERIF ITALIC CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D617;MATHEMATICAL SANS-SERIF ITALIC CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D618;MATHEMATICAL SANS-SERIF ITALIC CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D619;MATHEMATICAL SANS-SERIF ITALIC CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D61A;MATHEMATICAL SANS-SERIF ITALIC CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D61B;MATHEMATICAL SANS-SERIF ITALIC CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D61C;MATHEMATICAL SANS-SERIF ITALIC CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D61D;MATHEMATICAL SANS-SERIF ITALIC CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D61E;MATHEMATICAL SANS-SERIF ITALIC CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D61F;MATHEMATICAL SANS-SERIF ITALIC CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D620;MATHEMATICAL SANS-SERIF ITALIC CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D621;MATHEMATICAL SANS-SERIF ITALIC CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D622;MATHEMATICAL SANS-SERIF ITALIC SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D623;MATHEMATICAL SANS-SERIF ITALIC SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D624;MATHEMATICAL SANS-SERIF ITALIC SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D625;MATHEMATICAL SANS-SERIF ITALIC SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D626;MATHEMATICAL SANS-SERIF ITALIC SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D627;MATHEMATICAL SANS-SERIF ITALIC SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D628;MATHEMATICAL SANS-SERIF ITALIC SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D629;MATHEMATICAL SANS-SERIF ITALIC SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D62A;MATHEMATICAL SANS-SERIF ITALIC SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D62B;MATHEMATICAL SANS-SERIF ITALIC SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D62C;MATHEMATICAL SANS-SERIF ITALIC SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D62D;MATHEMATICAL SANS-SERIF ITALIC SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D62E;MATHEMATICAL SANS-SERIF ITALIC SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D62F;MATHEMATICAL SANS-SERIF ITALIC SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D630;MATHEMATICAL SANS-SERIF ITALIC SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D631;MATHEMATICAL SANS-SERIF ITALIC SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D632;MATHEMATICAL SANS-SERIF ITALIC SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D633;MATHEMATICAL SANS-SERIF ITALIC SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D634;MATHEMATICAL SANS-SERIF ITALIC SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D635;MATHEMATICAL SANS-SERIF ITALIC SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D636;MATHEMATICAL SANS-SERIF ITALIC SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D637;MATHEMATICAL SANS-SERIF ITALIC SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D638;MATHEMATICAL SANS-SERIF ITALIC SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D639;MATHEMATICAL SANS-SERIF ITALIC SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D63A;MATHEMATICAL SANS-SERIF ITALIC SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D63B;MATHEMATICAL SANS-SERIF ITALIC SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D63C;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D63D;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D63E;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D63F;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D640;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D641;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D642;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D643;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D644;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D645;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D646;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D647;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D648;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D649;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D64A;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D64B;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D64C;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D64D;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D64E;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D64F;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D650;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D651;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D652;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D653;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D654;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D655;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D656;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D657;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D658;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D659;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D65A;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D65B;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D65C;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D65D;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D65E;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D65F;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D660;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D661;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D662;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D663;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D664;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D665;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D666;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D667;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D668;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D669;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D66A;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D66B;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D66C;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D66D;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D66E;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D66F;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D670;MATHEMATICAL MONOSPACE CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D671;MATHEMATICAL MONOSPACE CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D672;MATHEMATICAL MONOSPACE CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D673;MATHEMATICAL MONOSPACE CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D674;MATHEMATICAL MONOSPACE CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D675;MATHEMATICAL MONOSPACE CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D676;MATHEMATICAL MONOSPACE CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D677;MATHEMATICAL MONOSPACE CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D678;MATHEMATICAL MONOSPACE CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D679;MATHEMATICAL MONOSPACE CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D67A;MATHEMATICAL MONOSPACE CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D67B;MATHEMATICAL MONOSPACE CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D67C;MATHEMATICAL MONOSPACE CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D67D;MATHEMATICAL MONOSPACE CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D67E;MATHEMATICAL MONOSPACE CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D67F;MATHEMATICAL MONOSPACE CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D680;MATHEMATICAL MONOSPACE CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D681;MATHEMATICAL MONOSPACE CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D682;MATHEMATICAL MONOSPACE CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D683;MATHEMATICAL MONOSPACE CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D684;MATHEMATICAL MONOSPACE CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D685;MATHEMATICAL MONOSPACE CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D686;MATHEMATICAL MONOSPACE CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D687;MATHEMATICAL MONOSPACE CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D688;MATHEMATICAL MONOSPACE CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D689;MATHEMATICAL MONOSPACE CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D68A;MATHEMATICAL MONOSPACE SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D68B;MATHEMATICAL MONOSPACE SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D68C;MATHEMATICAL MONOSPACE SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D68D;MATHEMATICAL MONOSPACE SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D68E;MATHEMATICAL MONOSPACE SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D68F;MATHEMATICAL MONOSPACE SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D690;MATHEMATICAL MONOSPACE SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D691;MATHEMATICAL MONOSPACE SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D692;MATHEMATICAL MONOSPACE SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D693;MATHEMATICAL MONOSPACE SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D694;MATHEMATICAL MONOSPACE SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D695;MATHEMATICAL MONOSPACE SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D696;MATHEMATICAL MONOSPACE SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D697;MATHEMATICAL MONOSPACE SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D698;MATHEMATICAL MONOSPACE SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D699;MATHEMATICAL MONOSPACE SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D69A;MATHEMATICAL MONOSPACE SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D69B;MATHEMATICAL MONOSPACE SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D69C;MATHEMATICAL MONOSPACE SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D69D;MATHEMATICAL MONOSPACE SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D69E;MATHEMATICAL MONOSPACE SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D69F;MATHEMATICAL MONOSPACE SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D6A0;MATHEMATICAL MONOSPACE SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D6A1;MATHEMATICAL MONOSPACE SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D6A2;MATHEMATICAL MONOSPACE SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D6A3;MATHEMATICAL MONOSPACE SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D6A8;MATHEMATICAL BOLD CAPITAL ALPHA;Lu;0;L; 0391;;;;N;;;;; +1D6A9;MATHEMATICAL BOLD CAPITAL BETA;Lu;0;L; 0392;;;;N;;;;; +1D6AA;MATHEMATICAL BOLD CAPITAL GAMMA;Lu;0;L; 0393;;;;N;;;;; +1D6AB;MATHEMATICAL BOLD CAPITAL DELTA;Lu;0;L; 0394;;;;N;;;;; +1D6AC;MATHEMATICAL BOLD CAPITAL EPSILON;Lu;0;L; 0395;;;;N;;;;; +1D6AD;MATHEMATICAL BOLD CAPITAL ZETA;Lu;0;L; 0396;;;;N;;;;; +1D6AE;MATHEMATICAL BOLD CAPITAL ETA;Lu;0;L; 0397;;;;N;;;;; +1D6AF;MATHEMATICAL BOLD CAPITAL THETA;Lu;0;L; 0398;;;;N;;;;; +1D6B0;MATHEMATICAL BOLD CAPITAL IOTA;Lu;0;L; 0399;;;;N;;;;; +1D6B1;MATHEMATICAL BOLD CAPITAL KAPPA;Lu;0;L; 039A;;;;N;;;;; +1D6B2;MATHEMATICAL BOLD CAPITAL LAMDA;Lu;0;L; 039B;;;;N;;;;; +1D6B3;MATHEMATICAL BOLD CAPITAL MU;Lu;0;L; 039C;;;;N;;;;; +1D6B4;MATHEMATICAL BOLD CAPITAL NU;Lu;0;L; 039D;;;;N;;;;; +1D6B5;MATHEMATICAL BOLD CAPITAL XI;Lu;0;L; 039E;;;;N;;;;; +1D6B6;MATHEMATICAL BOLD CAPITAL OMICRON;Lu;0;L; 039F;;;;N;;;;; +1D6B7;MATHEMATICAL BOLD CAPITAL PI;Lu;0;L; 03A0;;;;N;;;;; +1D6B8;MATHEMATICAL BOLD CAPITAL RHO;Lu;0;L; 03A1;;;;N;;;;; +1D6B9;MATHEMATICAL BOLD CAPITAL THETA SYMBOL;Lu;0;L; 03F4;;;;N;;;;; +1D6BA;MATHEMATICAL BOLD CAPITAL SIGMA;Lu;0;L; 03A3;;;;N;;;;; +1D6BB;MATHEMATICAL BOLD CAPITAL TAU;Lu;0;L; 03A4;;;;N;;;;; +1D6BC;MATHEMATICAL BOLD CAPITAL UPSILON;Lu;0;L; 03A5;;;;N;;;;; +1D6BD;MATHEMATICAL BOLD CAPITAL PHI;Lu;0;L; 03A6;;;;N;;;;; +1D6BE;MATHEMATICAL BOLD CAPITAL CHI;Lu;0;L; 03A7;;;;N;;;;; +1D6BF;MATHEMATICAL BOLD CAPITAL PSI;Lu;0;L; 03A8;;;;N;;;;; +1D6C0;MATHEMATICAL BOLD CAPITAL OMEGA;Lu;0;L; 03A9;;;;N;;;;; +1D6C1;MATHEMATICAL BOLD NABLA;Sm;0;L; 2207;;;;N;;;;; +1D6C2;MATHEMATICAL BOLD SMALL ALPHA;Ll;0;L; 03B1;;;;N;;;;; +1D6C3;MATHEMATICAL BOLD SMALL BETA;Ll;0;L; 03B2;;;;N;;;;; +1D6C4;MATHEMATICAL BOLD SMALL GAMMA;Ll;0;L; 03B3;;;;N;;;;; +1D6C5;MATHEMATICAL BOLD SMALL DELTA;Ll;0;L; 03B4;;;;N;;;;; +1D6C6;MATHEMATICAL BOLD SMALL EPSILON;Ll;0;L; 03B5;;;;N;;;;; +1D6C7;MATHEMATICAL BOLD SMALL ZETA;Ll;0;L; 03B6;;;;N;;;;; +1D6C8;MATHEMATICAL BOLD SMALL ETA;Ll;0;L; 03B7;;;;N;;;;; +1D6C9;MATHEMATICAL BOLD SMALL THETA;Ll;0;L; 03B8;;;;N;;;;; +1D6CA;MATHEMATICAL BOLD SMALL IOTA;Ll;0;L; 03B9;;;;N;;;;; +1D6CB;MATHEMATICAL BOLD SMALL KAPPA;Ll;0;L; 03BA;;;;N;;;;; +1D6CC;MATHEMATICAL BOLD SMALL LAMDA;Ll;0;L; 03BB;;;;N;;;;; +1D6CD;MATHEMATICAL BOLD SMALL MU;Ll;0;L; 03BC;;;;N;;;;; +1D6CE;MATHEMATICAL BOLD SMALL NU;Ll;0;L; 03BD;;;;N;;;;; +1D6CF;MATHEMATICAL BOLD SMALL XI;Ll;0;L; 03BE;;;;N;;;;; +1D6D0;MATHEMATICAL BOLD SMALL OMICRON;Ll;0;L; 03BF;;;;N;;;;; +1D6D1;MATHEMATICAL BOLD SMALL PI;Ll;0;L; 03C0;;;;N;;;;; +1D6D2;MATHEMATICAL BOLD SMALL RHO;Ll;0;L; 03C1;;;;N;;;;; +1D6D3;MATHEMATICAL BOLD SMALL FINAL SIGMA;Ll;0;L; 03C2;;;;N;;;;; +1D6D4;MATHEMATICAL BOLD SMALL SIGMA;Ll;0;L; 03C3;;;;N;;;;; +1D6D5;MATHEMATICAL BOLD SMALL TAU;Ll;0;L; 03C4;;;;N;;;;; +1D6D6;MATHEMATICAL BOLD SMALL UPSILON;Ll;0;L; 03C5;;;;N;;;;; +1D6D7;MATHEMATICAL BOLD SMALL PHI;Ll;0;L; 03C6;;;;N;;;;; +1D6D8;MATHEMATICAL BOLD SMALL CHI;Ll;0;L; 03C7;;;;N;;;;; +1D6D9;MATHEMATICAL BOLD SMALL PSI;Ll;0;L; 03C8;;;;N;;;;; +1D6DA;MATHEMATICAL BOLD SMALL OMEGA;Ll;0;L; 03C9;;;;N;;;;; +1D6DB;MATHEMATICAL BOLD PARTIAL DIFFERENTIAL;Sm;0;L; 2202;;;;N;;;;; +1D6DC;MATHEMATICAL BOLD EPSILON SYMBOL;Ll;0;L; 03F5;;;;N;;;;; +1D6DD;MATHEMATICAL BOLD THETA SYMBOL;Ll;0;L; 03D1;;;;N;;;;; +1D6DE;MATHEMATICAL BOLD KAPPA SYMBOL;Ll;0;L; 03F0;;;;N;;;;; +1D6DF;MATHEMATICAL BOLD PHI SYMBOL;Ll;0;L; 03D5;;;;N;;;;; +1D6E0;MATHEMATICAL BOLD RHO SYMBOL;Ll;0;L; 03F1;;;;N;;;;; +1D6E1;MATHEMATICAL BOLD PI SYMBOL;Ll;0;L; 03D6;;;;N;;;;; +1D6E2;MATHEMATICAL ITALIC CAPITAL ALPHA;Lu;0;L; 0391;;;;N;;;;; +1D6E3;MATHEMATICAL ITALIC CAPITAL BETA;Lu;0;L; 0392;;;;N;;;;; +1D6E4;MATHEMATICAL ITALIC CAPITAL GAMMA;Lu;0;L; 0393;;;;N;;;;; +1D6E5;MATHEMATICAL ITALIC CAPITAL DELTA;Lu;0;L; 0394;;;;N;;;;; +1D6E6;MATHEMATICAL ITALIC CAPITAL EPSILON;Lu;0;L; 0395;;;;N;;;;; +1D6E7;MATHEMATICAL ITALIC CAPITAL ZETA;Lu;0;L; 0396;;;;N;;;;; +1D6E8;MATHEMATICAL ITALIC CAPITAL ETA;Lu;0;L; 0397;;;;N;;;;; +1D6E9;MATHEMATICAL ITALIC CAPITAL THETA;Lu;0;L; 0398;;;;N;;;;; +1D6EA;MATHEMATICAL ITALIC CAPITAL IOTA;Lu;0;L; 0399;;;;N;;;;; +1D6EB;MATHEMATICAL ITALIC CAPITAL KAPPA;Lu;0;L; 039A;;;;N;;;;; +1D6EC;MATHEMATICAL ITALIC CAPITAL LAMDA;Lu;0;L; 039B;;;;N;;;;; +1D6ED;MATHEMATICAL ITALIC CAPITAL MU;Lu;0;L; 039C;;;;N;;;;; +1D6EE;MATHEMATICAL ITALIC CAPITAL NU;Lu;0;L; 039D;;;;N;;;;; +1D6EF;MATHEMATICAL ITALIC CAPITAL XI;Lu;0;L; 039E;;;;N;;;;; +1D6F0;MATHEMATICAL ITALIC CAPITAL OMICRON;Lu;0;L; 039F;;;;N;;;;; +1D6F1;MATHEMATICAL ITALIC CAPITAL PI;Lu;0;L; 03A0;;;;N;;;;; +1D6F2;MATHEMATICAL ITALIC CAPITAL RHO;Lu;0;L; 03A1;;;;N;;;;; +1D6F3;MATHEMATICAL ITALIC CAPITAL THETA SYMBOL;Lu;0;L; 03F4;;;;N;;;;; +1D6F4;MATHEMATICAL ITALIC CAPITAL SIGMA;Lu;0;L; 03A3;;;;N;;;;; +1D6F5;MATHEMATICAL ITALIC CAPITAL TAU;Lu;0;L; 03A4;;;;N;;;;; +1D6F6;MATHEMATICAL ITALIC CAPITAL UPSILON;Lu;0;L; 03A5;;;;N;;;;; +1D6F7;MATHEMATICAL ITALIC CAPITAL PHI;Lu;0;L; 03A6;;;;N;;;;; +1D6F8;MATHEMATICAL ITALIC CAPITAL CHI;Lu;0;L; 03A7;;;;N;;;;; +1D6F9;MATHEMATICAL ITALIC CAPITAL PSI;Lu;0;L; 03A8;;;;N;;;;; +1D6FA;MATHEMATICAL ITALIC CAPITAL OMEGA;Lu;0;L; 03A9;;;;N;;;;; +1D6FB;MATHEMATICAL ITALIC NABLA;Sm;0;L; 2207;;;;N;;;;; +1D6FC;MATHEMATICAL ITALIC SMALL ALPHA;Ll;0;L; 03B1;;;;N;;;;; +1D6FD;MATHEMATICAL ITALIC SMALL BETA;Ll;0;L; 03B2;;;;N;;;;; +1D6FE;MATHEMATICAL ITALIC SMALL GAMMA;Ll;0;L; 03B3;;;;N;;;;; +1D6FF;MATHEMATICAL ITALIC SMALL DELTA;Ll;0;L; 03B4;;;;N;;;;; +1D700;MATHEMATICAL ITALIC SMALL EPSILON;Ll;0;L; 03B5;;;;N;;;;; +1D701;MATHEMATICAL ITALIC SMALL ZETA;Ll;0;L; 03B6;;;;N;;;;; +1D702;MATHEMATICAL ITALIC SMALL ETA;Ll;0;L; 03B7;;;;N;;;;; +1D703;MATHEMATICAL ITALIC SMALL THETA;Ll;0;L; 03B8;;;;N;;;;; +1D704;MATHEMATICAL ITALIC SMALL IOTA;Ll;0;L; 03B9;;;;N;;;;; +1D705;MATHEMATICAL ITALIC SMALL KAPPA;Ll;0;L; 03BA;;;;N;;;;; +1D706;MATHEMATICAL ITALIC SMALL LAMDA;Ll;0;L; 03BB;;;;N;;;;; +1D707;MATHEMATICAL ITALIC SMALL MU;Ll;0;L; 03BC;;;;N;;;;; +1D708;MATHEMATICAL ITALIC SMALL NU;Ll;0;L; 03BD;;;;N;;;;; +1D709;MATHEMATICAL ITALIC SMALL XI;Ll;0;L; 03BE;;;;N;;;;; +1D70A;MATHEMATICAL ITALIC SMALL OMICRON;Ll;0;L; 03BF;;;;N;;;;; +1D70B;MATHEMATICAL ITALIC SMALL PI;Ll;0;L; 03C0;;;;N;;;;; +1D70C;MATHEMATICAL ITALIC SMALL RHO;Ll;0;L; 03C1;;;;N;;;;; +1D70D;MATHEMATICAL ITALIC SMALL FINAL SIGMA;Ll;0;L; 03C2;;;;N;;;;; +1D70E;MATHEMATICAL ITALIC SMALL SIGMA;Ll;0;L; 03C3;;;;N;;;;; +1D70F;MATHEMATICAL ITALIC SMALL TAU;Ll;0;L; 03C4;;;;N;;;;; +1D710;MATHEMATICAL ITALIC SMALL UPSILON;Ll;0;L; 03C5;;;;N;;;;; +1D711;MATHEMATICAL ITALIC SMALL PHI;Ll;0;L; 03C6;;;;N;;;;; +1D712;MATHEMATICAL ITALIC SMALL CHI;Ll;0;L; 03C7;;;;N;;;;; +1D713;MATHEMATICAL ITALIC SMALL PSI;Ll;0;L; 03C8;;;;N;;;;; +1D714;MATHEMATICAL ITALIC SMALL OMEGA;Ll;0;L; 03C9;;;;N;;;;; +1D715;MATHEMATICAL ITALIC PARTIAL DIFFERENTIAL;Sm;0;L; 2202;;;;N;;;;; +1D716;MATHEMATICAL ITALIC EPSILON SYMBOL;Ll;0;L; 03F5;;;;N;;;;; +1D717;MATHEMATICAL ITALIC THETA SYMBOL;Ll;0;L; 03D1;;;;N;;;;; +1D718;MATHEMATICAL ITALIC KAPPA SYMBOL;Ll;0;L; 03F0;;;;N;;;;; +1D719;MATHEMATICAL ITALIC PHI SYMBOL;Ll;0;L; 03D5;;;;N;;;;; +1D71A;MATHEMATICAL ITALIC RHO SYMBOL;Ll;0;L; 03F1;;;;N;;;;; +1D71B;MATHEMATICAL ITALIC PI SYMBOL;Ll;0;L; 03D6;;;;N;;;;; +1D71C;MATHEMATICAL BOLD ITALIC CAPITAL ALPHA;Lu;0;L; 0391;;;;N;;;;; +1D71D;MATHEMATICAL BOLD ITALIC CAPITAL BETA;Lu;0;L; 0392;;;;N;;;;; +1D71E;MATHEMATICAL BOLD ITALIC CAPITAL GAMMA;Lu;0;L; 0393;;;;N;;;;; +1D71F;MATHEMATICAL BOLD ITALIC CAPITAL DELTA;Lu;0;L; 0394;;;;N;;;;; +1D720;MATHEMATICAL BOLD ITALIC CAPITAL EPSILON;Lu;0;L; 0395;;;;N;;;;; +1D721;MATHEMATICAL BOLD ITALIC CAPITAL ZETA;Lu;0;L; 0396;;;;N;;;;; +1D722;MATHEMATICAL BOLD ITALIC CAPITAL ETA;Lu;0;L; 0397;;;;N;;;;; +1D723;MATHEMATICAL BOLD ITALIC CAPITAL THETA;Lu;0;L; 0398;;;;N;;;;; +1D724;MATHEMATICAL BOLD ITALIC CAPITAL IOTA;Lu;0;L; 0399;;;;N;;;;; +1D725;MATHEMATICAL BOLD ITALIC CAPITAL KAPPA;Lu;0;L; 039A;;;;N;;;;; +1D726;MATHEMATICAL BOLD ITALIC CAPITAL LAMDA;Lu;0;L; 039B;;;;N;;;;; +1D727;MATHEMATICAL BOLD ITALIC CAPITAL MU;Lu;0;L; 039C;;;;N;;;;; +1D728;MATHEMATICAL BOLD ITALIC CAPITAL NU;Lu;0;L; 039D;;;;N;;;;; +1D729;MATHEMATICAL BOLD ITALIC CAPITAL XI;Lu;0;L; 039E;;;;N;;;;; +1D72A;MATHEMATICAL BOLD ITALIC CAPITAL OMICRON;Lu;0;L; 039F;;;;N;;;;; +1D72B;MATHEMATICAL BOLD ITALIC CAPITAL PI;Lu;0;L; 03A0;;;;N;;;;; +1D72C;MATHEMATICAL BOLD ITALIC CAPITAL RHO;Lu;0;L; 03A1;;;;N;;;;; +1D72D;MATHEMATICAL BOLD ITALIC CAPITAL THETA SYMBOL;Lu;0;L; 03F4;;;;N;;;;; +1D72E;MATHEMATICAL BOLD ITALIC CAPITAL SIGMA;Lu;0;L; 03A3;;;;N;;;;; +1D72F;MATHEMATICAL BOLD ITALIC CAPITAL TAU;Lu;0;L; 03A4;;;;N;;;;; +1D730;MATHEMATICAL BOLD ITALIC CAPITAL UPSILON;Lu;0;L; 03A5;;;;N;;;;; +1D731;MATHEMATICAL BOLD ITALIC CAPITAL PHI;Lu;0;L; 03A6;;;;N;;;;; +1D732;MATHEMATICAL BOLD ITALIC CAPITAL CHI;Lu;0;L; 03A7;;;;N;;;;; +1D733;MATHEMATICAL BOLD ITALIC CAPITAL PSI;Lu;0;L; 03A8;;;;N;;;;; +1D734;MATHEMATICAL BOLD ITALIC CAPITAL OMEGA;Lu;0;L; 03A9;;;;N;;;;; +1D735;MATHEMATICAL BOLD ITALIC NABLA;Sm;0;L; 2207;;;;N;;;;; +1D736;MATHEMATICAL BOLD ITALIC SMALL ALPHA;Ll;0;L; 03B1;;;;N;;;;; +1D737;MATHEMATICAL BOLD ITALIC SMALL BETA;Ll;0;L; 03B2;;;;N;;;;; +1D738;MATHEMATICAL BOLD ITALIC SMALL GAMMA;Ll;0;L; 03B3;;;;N;;;;; +1D739;MATHEMATICAL BOLD ITALIC SMALL DELTA;Ll;0;L; 03B4;;;;N;;;;; +1D73A;MATHEMATICAL BOLD ITALIC SMALL EPSILON;Ll;0;L; 03B5;;;;N;;;;; +1D73B;MATHEMATICAL BOLD ITALIC SMALL ZETA;Ll;0;L; 03B6;;;;N;;;;; +1D73C;MATHEMATICAL BOLD ITALIC SMALL ETA;Ll;0;L; 03B7;;;;N;;;;; +1D73D;MATHEMATICAL BOLD ITALIC SMALL THETA;Ll;0;L; 03B8;;;;N;;;;; +1D73E;MATHEMATICAL BOLD ITALIC SMALL IOTA;Ll;0;L; 03B9;;;;N;;;;; +1D73F;MATHEMATICAL BOLD ITALIC SMALL KAPPA;Ll;0;L; 03BA;;;;N;;;;; +1D740;MATHEMATICAL BOLD ITALIC SMALL LAMDA;Ll;0;L; 03BB;;;;N;;;;; +1D741;MATHEMATICAL BOLD ITALIC SMALL MU;Ll;0;L; 03BC;;;;N;;;;; +1D742;MATHEMATICAL BOLD ITALIC SMALL NU;Ll;0;L; 03BD;;;;N;;;;; +1D743;MATHEMATICAL BOLD ITALIC SMALL XI;Ll;0;L; 03BE;;;;N;;;;; +1D744;MATHEMATICAL BOLD ITALIC SMALL OMICRON;Ll;0;L; 03BF;;;;N;;;;; +1D745;MATHEMATICAL BOLD ITALIC SMALL PI;Ll;0;L; 03C0;;;;N;;;;; +1D746;MATHEMATICAL BOLD ITALIC SMALL RHO;Ll;0;L; 03C1;;;;N;;;;; +1D747;MATHEMATICAL BOLD ITALIC SMALL FINAL SIGMA;Ll;0;L; 03C2;;;;N;;;;; +1D748;MATHEMATICAL BOLD ITALIC SMALL SIGMA;Ll;0;L; 03C3;;;;N;;;;; +1D749;MATHEMATICAL BOLD ITALIC SMALL TAU;Ll;0;L; 03C4;;;;N;;;;; +1D74A;MATHEMATICAL BOLD ITALIC SMALL UPSILON;Ll;0;L; 03C5;;;;N;;;;; +1D74B;MATHEMATICAL BOLD ITALIC SMALL PHI;Ll;0;L; 03C6;;;;N;;;;; +1D74C;MATHEMATICAL BOLD ITALIC SMALL CHI;Ll;0;L; 03C7;;;;N;;;;; +1D74D;MATHEMATICAL BOLD ITALIC SMALL PSI;Ll;0;L; 03C8;;;;N;;;;; +1D74E;MATHEMATICAL BOLD ITALIC SMALL OMEGA;Ll;0;L; 03C9;;;;N;;;;; +1D74F;MATHEMATICAL BOLD ITALIC PARTIAL DIFFERENTIAL;Sm;0;L; 2202;;;;N;;;;; +1D750;MATHEMATICAL BOLD ITALIC EPSILON SYMBOL;Ll;0;L; 03F5;;;;N;;;;; +1D751;MATHEMATICAL BOLD ITALIC THETA SYMBOL;Ll;0;L; 03D1;;;;N;;;;; +1D752;MATHEMATICAL BOLD ITALIC KAPPA SYMBOL;Ll;0;L; 03F0;;;;N;;;;; +1D753;MATHEMATICAL BOLD ITALIC PHI SYMBOL;Ll;0;L; 03D5;;;;N;;;;; +1D754;MATHEMATICAL BOLD ITALIC RHO SYMBOL;Ll;0;L; 03F1;;;;N;;;;; +1D755;MATHEMATICAL BOLD ITALIC PI SYMBOL;Ll;0;L; 03D6;;;;N;;;;; +1D756;MATHEMATICAL SANS-SERIF BOLD CAPITAL ALPHA;Lu;0;L; 0391;;;;N;;;;; +1D757;MATHEMATICAL SANS-SERIF BOLD CAPITAL BETA;Lu;0;L; 0392;;;;N;;;;; +1D758;MATHEMATICAL SANS-SERIF BOLD CAPITAL GAMMA;Lu;0;L; 0393;;;;N;;;;; +1D759;MATHEMATICAL SANS-SERIF BOLD CAPITAL DELTA;Lu;0;L; 0394;;;;N;;;;; +1D75A;MATHEMATICAL SANS-SERIF BOLD CAPITAL EPSILON;Lu;0;L; 0395;;;;N;;;;; +1D75B;MATHEMATICAL SANS-SERIF BOLD CAPITAL ZETA;Lu;0;L; 0396;;;;N;;;;; +1D75C;MATHEMATICAL SANS-SERIF BOLD CAPITAL ETA;Lu;0;L; 0397;;;;N;;;;; +1D75D;MATHEMATICAL SANS-SERIF BOLD CAPITAL THETA;Lu;0;L; 0398;;;;N;;;;; +1D75E;MATHEMATICAL SANS-SERIF BOLD CAPITAL IOTA;Lu;0;L; 0399;;;;N;;;;; +1D75F;MATHEMATICAL SANS-SERIF BOLD CAPITAL KAPPA;Lu;0;L; 039A;;;;N;;;;; +1D760;MATHEMATICAL SANS-SERIF BOLD CAPITAL LAMDA;Lu;0;L; 039B;;;;N;;;;; +1D761;MATHEMATICAL SANS-SERIF BOLD CAPITAL MU;Lu;0;L; 039C;;;;N;;;;; +1D762;MATHEMATICAL SANS-SERIF BOLD CAPITAL NU;Lu;0;L; 039D;;;;N;;;;; +1D763;MATHEMATICAL SANS-SERIF BOLD CAPITAL XI;Lu;0;L; 039E;;;;N;;;;; +1D764;MATHEMATICAL SANS-SERIF BOLD CAPITAL OMICRON;Lu;0;L; 039F;;;;N;;;;; +1D765;MATHEMATICAL SANS-SERIF BOLD CAPITAL PI;Lu;0;L; 03A0;;;;N;;;;; +1D766;MATHEMATICAL SANS-SERIF BOLD CAPITAL RHO;Lu;0;L; 03A1;;;;N;;;;; +1D767;MATHEMATICAL SANS-SERIF BOLD CAPITAL THETA SYMBOL;Lu;0;L; 03F4;;;;N;;;;; +1D768;MATHEMATICAL SANS-SERIF BOLD CAPITAL SIGMA;Lu;0;L; 03A3;;;;N;;;;; +1D769;MATHEMATICAL SANS-SERIF BOLD CAPITAL TAU;Lu;0;L; 03A4;;;;N;;;;; +1D76A;MATHEMATICAL SANS-SERIF BOLD CAPITAL UPSILON;Lu;0;L; 03A5;;;;N;;;;; +1D76B;MATHEMATICAL SANS-SERIF BOLD CAPITAL PHI;Lu;0;L; 03A6;;;;N;;;;; +1D76C;MATHEMATICAL SANS-SERIF BOLD CAPITAL CHI;Lu;0;L; 03A7;;;;N;;;;; +1D76D;MATHEMATICAL SANS-SERIF BOLD CAPITAL PSI;Lu;0;L; 03A8;;;;N;;;;; +1D76E;MATHEMATICAL SANS-SERIF BOLD CAPITAL OMEGA;Lu;0;L; 03A9;;;;N;;;;; +1D76F;MATHEMATICAL SANS-SERIF BOLD NABLA;Sm;0;L; 2207;;;;N;;;;; +1D770;MATHEMATICAL SANS-SERIF BOLD SMALL ALPHA;Ll;0;L; 03B1;;;;N;;;;; +1D771;MATHEMATICAL SANS-SERIF BOLD SMALL BETA;Ll;0;L; 03B2;;;;N;;;;; +1D772;MATHEMATICAL SANS-SERIF BOLD SMALL GAMMA;Ll;0;L; 03B3;;;;N;;;;; +1D773;MATHEMATICAL SANS-SERIF BOLD SMALL DELTA;Ll;0;L; 03B4;;;;N;;;;; +1D774;MATHEMATICAL SANS-SERIF BOLD SMALL EPSILON;Ll;0;L; 03B5;;;;N;;;;; +1D775;MATHEMATICAL SANS-SERIF BOLD SMALL ZETA;Ll;0;L; 03B6;;;;N;;;;; +1D776;MATHEMATICAL SANS-SERIF BOLD SMALL ETA;Ll;0;L; 03B7;;;;N;;;;; +1D777;MATHEMATICAL SANS-SERIF BOLD SMALL THETA;Ll;0;L; 03B8;;;;N;;;;; +1D778;MATHEMATICAL SANS-SERIF BOLD SMALL IOTA;Ll;0;L; 03B9;;;;N;;;;; +1D779;MATHEMATICAL SANS-SERIF BOLD SMALL KAPPA;Ll;0;L; 03BA;;;;N;;;;; +1D77A;MATHEMATICAL SANS-SERIF BOLD SMALL LAMDA;Ll;0;L; 03BB;;;;N;;;;; +1D77B;MATHEMATICAL SANS-SERIF BOLD SMALL MU;Ll;0;L; 03BC;;;;N;;;;; +1D77C;MATHEMATICAL SANS-SERIF BOLD SMALL NU;Ll;0;L; 03BD;;;;N;;;;; +1D77D;MATHEMATICAL SANS-SERIF BOLD SMALL XI;Ll;0;L; 03BE;;;;N;;;;; +1D77E;MATHEMATICAL SANS-SERIF BOLD SMALL OMICRON;Ll;0;L; 03BF;;;;N;;;;; +1D77F;MATHEMATICAL SANS-SERIF BOLD SMALL PI;Ll;0;L; 03C0;;;;N;;;;; +1D780;MATHEMATICAL SANS-SERIF BOLD SMALL RHO;Ll;0;L; 03C1;;;;N;;;;; +1D781;MATHEMATICAL SANS-SERIF BOLD SMALL FINAL SIGMA;Ll;0;L; 03C2;;;;N;;;;; +1D782;MATHEMATICAL SANS-SERIF BOLD SMALL SIGMA;Ll;0;L; 03C3;;;;N;;;;; +1D783;MATHEMATICAL SANS-SERIF BOLD SMALL TAU;Ll;0;L; 03C4;;;;N;;;;; +1D784;MATHEMATICAL SANS-SERIF BOLD SMALL UPSILON;Ll;0;L; 03C5;;;;N;;;;; +1D785;MATHEMATICAL SANS-SERIF BOLD SMALL PHI;Ll;0;L; 03C6;;;;N;;;;; +1D786;MATHEMATICAL SANS-SERIF BOLD SMALL CHI;Ll;0;L; 03C7;;;;N;;;;; +1D787;MATHEMATICAL SANS-SERIF BOLD SMALL PSI;Ll;0;L; 03C8;;;;N;;;;; +1D788;MATHEMATICAL SANS-SERIF BOLD SMALL OMEGA;Ll;0;L; 03C9;;;;N;;;;; +1D789;MATHEMATICAL SANS-SERIF BOLD PARTIAL DIFFERENTIAL;Sm;0;L; 2202;;;;N;;;;; +1D78A;MATHEMATICAL SANS-SERIF BOLD EPSILON SYMBOL;Ll;0;L; 03F5;;;;N;;;;; +1D78B;MATHEMATICAL SANS-SERIF BOLD THETA SYMBOL;Ll;0;L; 03D1;;;;N;;;;; +1D78C;MATHEMATICAL SANS-SERIF BOLD KAPPA SYMBOL;Ll;0;L; 03F0;;;;N;;;;; +1D78D;MATHEMATICAL SANS-SERIF BOLD PHI SYMBOL;Ll;0;L; 03D5;;;;N;;;;; +1D78E;MATHEMATICAL SANS-SERIF BOLD RHO SYMBOL;Ll;0;L; 03F1;;;;N;;;;; +1D78F;MATHEMATICAL SANS-SERIF BOLD PI SYMBOL;Ll;0;L; 03D6;;;;N;;;;; +1D790;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ALPHA;Lu;0;L; 0391;;;;N;;;;; +1D791;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL BETA;Lu;0;L; 0392;;;;N;;;;; +1D792;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL GAMMA;Lu;0;L; 0393;;;;N;;;;; +1D793;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL DELTA;Lu;0;L; 0394;;;;N;;;;; +1D794;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL EPSILON;Lu;0;L; 0395;;;;N;;;;; +1D795;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ZETA;Lu;0;L; 0396;;;;N;;;;; +1D796;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ETA;Lu;0;L; 0397;;;;N;;;;; +1D797;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL THETA;Lu;0;L; 0398;;;;N;;;;; +1D798;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL IOTA;Lu;0;L; 0399;;;;N;;;;; +1D799;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL KAPPA;Lu;0;L; 039A;;;;N;;;;; +1D79A;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL LAMDA;Lu;0;L; 039B;;;;N;;;;; +1D79B;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL MU;Lu;0;L; 039C;;;;N;;;;; +1D79C;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL NU;Lu;0;L; 039D;;;;N;;;;; +1D79D;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL XI;Lu;0;L; 039E;;;;N;;;;; +1D79E;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMICRON;Lu;0;L; 039F;;;;N;;;;; +1D79F;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PI;Lu;0;L; 03A0;;;;N;;;;; +1D7A0;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL RHO;Lu;0;L; 03A1;;;;N;;;;; +1D7A1;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL THETA SYMBOL;Lu;0;L; 03F4;;;;N;;;;; +1D7A2;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL SIGMA;Lu;0;L; 03A3;;;;N;;;;; +1D7A3;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL TAU;Lu;0;L; 03A4;;;;N;;;;; +1D7A4;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL UPSILON;Lu;0;L; 03A5;;;;N;;;;; +1D7A5;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PHI;Lu;0;L; 03A6;;;;N;;;;; +1D7A6;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL CHI;Lu;0;L; 03A7;;;;N;;;;; +1D7A7;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PSI;Lu;0;L; 03A8;;;;N;;;;; +1D7A8;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMEGA;Lu;0;L; 03A9;;;;N;;;;; +1D7A9;MATHEMATICAL SANS-SERIF BOLD ITALIC NABLA;Sm;0;L; 2207;;;;N;;;;; +1D7AA;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ALPHA;Ll;0;L; 03B1;;;;N;;;;; +1D7AB;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL BETA;Ll;0;L; 03B2;;;;N;;;;; +1D7AC;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL GAMMA;Ll;0;L; 03B3;;;;N;;;;; +1D7AD;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL DELTA;Ll;0;L; 03B4;;;;N;;;;; +1D7AE;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL EPSILON;Ll;0;L; 03B5;;;;N;;;;; +1D7AF;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ZETA;Ll;0;L; 03B6;;;;N;;;;; +1D7B0;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ETA;Ll;0;L; 03B7;;;;N;;;;; +1D7B1;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL THETA;Ll;0;L; 03B8;;;;N;;;;; +1D7B2;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL IOTA;Ll;0;L; 03B9;;;;N;;;;; +1D7B3;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL KAPPA;Ll;0;L; 03BA;;;;N;;;;; +1D7B4;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL LAMDA;Ll;0;L; 03BB;;;;N;;;;; +1D7B5;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL MU;Ll;0;L; 03BC;;;;N;;;;; +1D7B6;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL NU;Ll;0;L; 03BD;;;;N;;;;; +1D7B7;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL XI;Ll;0;L; 03BE;;;;N;;;;; +1D7B8;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMICRON;Ll;0;L; 03BF;;;;N;;;;; +1D7B9;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PI;Ll;0;L; 03C0;;;;N;;;;; +1D7BA;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL RHO;Ll;0;L; 03C1;;;;N;;;;; +1D7BB;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL FINAL SIGMA;Ll;0;L; 03C2;;;;N;;;;; +1D7BC;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL SIGMA;Ll;0;L; 03C3;;;;N;;;;; +1D7BD;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL TAU;Ll;0;L; 03C4;;;;N;;;;; +1D7BE;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL UPSILON;Ll;0;L; 03C5;;;;N;;;;; +1D7BF;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PHI;Ll;0;L; 03C6;;;;N;;;;; +1D7C0;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL CHI;Ll;0;L; 03C7;;;;N;;;;; +1D7C1;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PSI;Ll;0;L; 03C8;;;;N;;;;; +1D7C2;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMEGA;Ll;0;L; 03C9;;;;N;;;;; +1D7C3;MATHEMATICAL SANS-SERIF BOLD ITALIC PARTIAL DIFFERENTIAL;Sm;0;L; 2202;;;;N;;;;; +1D7C4;MATHEMATICAL SANS-SERIF BOLD ITALIC EPSILON SYMBOL;Ll;0;L; 03F5;;;;N;;;;; +1D7C5;MATHEMATICAL SANS-SERIF BOLD ITALIC THETA SYMBOL;Ll;0;L; 03D1;;;;N;;;;; +1D7C6;MATHEMATICAL SANS-SERIF BOLD ITALIC KAPPA SYMBOL;Ll;0;L; 03F0;;;;N;;;;; +1D7C7;MATHEMATICAL SANS-SERIF BOLD ITALIC PHI SYMBOL;Ll;0;L; 03D5;;;;N;;;;; +1D7C8;MATHEMATICAL SANS-SERIF BOLD ITALIC RHO SYMBOL;Ll;0;L; 03F1;;;;N;;;;; +1D7C9;MATHEMATICAL SANS-SERIF BOLD ITALIC PI SYMBOL;Ll;0;L; 03D6;;;;N;;;;; +1D7CE;MATHEMATICAL BOLD DIGIT ZERO;Nd;0;EN; 0030;0;0;0;N;;;;; +1D7CF;MATHEMATICAL BOLD DIGIT ONE;Nd;0;EN; 0031;1;1;1;N;;;;; +1D7D0;MATHEMATICAL BOLD DIGIT TWO;Nd;0;EN; 0032;2;2;2;N;;;;; +1D7D1;MATHEMATICAL BOLD DIGIT THREE;Nd;0;EN; 0033;3;3;3;N;;;;; +1D7D2;MATHEMATICAL BOLD DIGIT FOUR;Nd;0;EN; 0034;4;4;4;N;;;;; +1D7D3;MATHEMATICAL BOLD DIGIT FIVE;Nd;0;EN; 0035;5;5;5;N;;;;; +1D7D4;MATHEMATICAL BOLD DIGIT SIX;Nd;0;EN; 0036;6;6;6;N;;;;; +1D7D5;MATHEMATICAL BOLD DIGIT SEVEN;Nd;0;EN; 0037;7;7;7;N;;;;; +1D7D6;MATHEMATICAL BOLD DIGIT EIGHT;Nd;0;EN; 0038;8;8;8;N;;;;; +1D7D7;MATHEMATICAL BOLD DIGIT NINE;Nd;0;EN; 0039;9;9;9;N;;;;; +1D7D8;MATHEMATICAL DOUBLE-STRUCK DIGIT ZERO;Nd;0;EN; 0030;0;0;0;N;;;;; +1D7D9;MATHEMATICAL DOUBLE-STRUCK DIGIT ONE;Nd;0;EN; 0031;1;1;1;N;;;;; +1D7DA;MATHEMATICAL DOUBLE-STRUCK DIGIT TWO;Nd;0;EN; 0032;2;2;2;N;;;;; +1D7DB;MATHEMATICAL DOUBLE-STRUCK DIGIT THREE;Nd;0;EN; 0033;3;3;3;N;;;;; +1D7DC;MATHEMATICAL DOUBLE-STRUCK DIGIT FOUR;Nd;0;EN; 0034;4;4;4;N;;;;; +1D7DD;MATHEMATICAL DOUBLE-STRUCK DIGIT FIVE;Nd;0;EN; 0035;5;5;5;N;;;;; +1D7DE;MATHEMATICAL DOUBLE-STRUCK DIGIT SIX;Nd;0;EN; 0036;6;6;6;N;;;;; +1D7DF;MATHEMATICAL DOUBLE-STRUCK DIGIT SEVEN;Nd;0;EN; 0037;7;7;7;N;;;;; +1D7E0;MATHEMATICAL DOUBLE-STRUCK DIGIT EIGHT;Nd;0;EN; 0038;8;8;8;N;;;;; +1D7E1;MATHEMATICAL DOUBLE-STRUCK DIGIT NINE;Nd;0;EN; 0039;9;9;9;N;;;;; +1D7E2;MATHEMATICAL SANS-SERIF DIGIT ZERO;Nd;0;EN; 0030;0;0;0;N;;;;; +1D7E3;MATHEMATICAL SANS-SERIF DIGIT ONE;Nd;0;EN; 0031;1;1;1;N;;;;; +1D7E4;MATHEMATICAL SANS-SERIF DIGIT TWO;Nd;0;EN; 0032;2;2;2;N;;;;; +1D7E5;MATHEMATICAL SANS-SERIF DIGIT THREE;Nd;0;EN; 0033;3;3;3;N;;;;; +1D7E6;MATHEMATICAL SANS-SERIF DIGIT FOUR;Nd;0;EN; 0034;4;4;4;N;;;;; +1D7E7;MATHEMATICAL SANS-SERIF DIGIT FIVE;Nd;0;EN; 0035;5;5;5;N;;;;; +1D7E8;MATHEMATICAL SANS-SERIF DIGIT SIX;Nd;0;EN; 0036;6;6;6;N;;;;; +1D7E9;MATHEMATICAL SANS-SERIF DIGIT SEVEN;Nd;0;EN; 0037;7;7;7;N;;;;; +1D7EA;MATHEMATICAL SANS-SERIF DIGIT EIGHT;Nd;0;EN; 0038;8;8;8;N;;;;; +1D7EB;MATHEMATICAL SANS-SERIF DIGIT NINE;Nd;0;EN; 0039;9;9;9;N;;;;; +1D7EC;MATHEMATICAL SANS-SERIF BOLD DIGIT ZERO;Nd;0;EN; 0030;0;0;0;N;;;;; +1D7ED;MATHEMATICAL SANS-SERIF BOLD DIGIT ONE;Nd;0;EN; 0031;1;1;1;N;;;;; +1D7EE;MATHEMATICAL SANS-SERIF BOLD DIGIT TWO;Nd;0;EN; 0032;2;2;2;N;;;;; +1D7EF;MATHEMATICAL SANS-SERIF BOLD DIGIT THREE;Nd;0;EN; 0033;3;3;3;N;;;;; +1D7F0;MATHEMATICAL SANS-SERIF BOLD DIGIT FOUR;Nd;0;EN; 0034;4;4;4;N;;;;; +1D7F1;MATHEMATICAL SANS-SERIF BOLD DIGIT FIVE;Nd;0;EN; 0035;5;5;5;N;;;;; +1D7F2;MATHEMATICAL SANS-SERIF BOLD DIGIT SIX;Nd;0;EN; 0036;6;6;6;N;;;;; +1D7F3;MATHEMATICAL SANS-SERIF BOLD DIGIT SEVEN;Nd;0;EN; 0037;7;7;7;N;;;;; +1D7F4;MATHEMATICAL SANS-SERIF BOLD DIGIT EIGHT;Nd;0;EN; 0038;8;8;8;N;;;;; +1D7F5;MATHEMATICAL SANS-SERIF BOLD DIGIT NINE;Nd;0;EN; 0039;9;9;9;N;;;;; +1D7F6;MATHEMATICAL MONOSPACE DIGIT ZERO;Nd;0;EN; 0030;0;0;0;N;;;;; +1D7F7;MATHEMATICAL MONOSPACE DIGIT ONE;Nd;0;EN; 0031;1;1;1;N;;;;; +1D7F8;MATHEMATICAL MONOSPACE DIGIT TWO;Nd;0;EN; 0032;2;2;2;N;;;;; +1D7F9;MATHEMATICAL MONOSPACE DIGIT THREE;Nd;0;EN; 0033;3;3;3;N;;;;; +1D7FA;MATHEMATICAL MONOSPACE DIGIT FOUR;Nd;0;EN; 0034;4;4;4;N;;;;; +1D7FB;MATHEMATICAL MONOSPACE DIGIT FIVE;Nd;0;EN; 0035;5;5;5;N;;;;; +1D7FC;MATHEMATICAL MONOSPACE DIGIT SIX;Nd;0;EN; 0036;6;6;6;N;;;;; +1D7FD;MATHEMATICAL MONOSPACE DIGIT SEVEN;Nd;0;EN; 0037;7;7;7;N;;;;; +1D7FE;MATHEMATICAL MONOSPACE DIGIT EIGHT;Nd;0;EN; 0038;8;8;8;N;;;;; +1D7FF;MATHEMATICAL MONOSPACE DIGIT NINE;Nd;0;EN; 0039;9;9;9;N;;;;; +20000;;Lo;0;L;;;;;N;;;;; +2A6D6;;Lo;0;L;;;;;N;;;;; +2F800;CJK COMPATIBILITY IDEOGRAPH-2F800;Lo;0;L;4E3D;;;;N;;;;; +2F801;CJK COMPATIBILITY IDEOGRAPH-2F801;Lo;0;L;4E38;;;;N;;;;; +2F802;CJK COMPATIBILITY IDEOGRAPH-2F802;Lo;0;L;4E41;;;;N;;;;; +2F803;CJK COMPATIBILITY IDEOGRAPH-2F803;Lo;0;L;20122;;;;N;;;;; +2F804;CJK COMPATIBILITY IDEOGRAPH-2F804;Lo;0;L;4F60;;;;N;;;;; +2F805;CJK COMPATIBILITY IDEOGRAPH-2F805;Lo;0;L;4FAE;;;;N;;;;; +2F806;CJK COMPATIBILITY IDEOGRAPH-2F806;Lo;0;L;4FBB;;;;N;;;;; +2F807;CJK COMPATIBILITY IDEOGRAPH-2F807;Lo;0;L;5002;;;;N;;;;; +2F808;CJK COMPATIBILITY IDEOGRAPH-2F808;Lo;0;L;507A;;;;N;;;;; +2F809;CJK COMPATIBILITY IDEOGRAPH-2F809;Lo;0;L;5099;;;;N;;;;; +2F80A;CJK COMPATIBILITY IDEOGRAPH-2F80A;Lo;0;L;50E7;;;;N;;;;; +2F80B;CJK COMPATIBILITY IDEOGRAPH-2F80B;Lo;0;L;50CF;;;;N;;;;; +2F80C;CJK COMPATIBILITY IDEOGRAPH-2F80C;Lo;0;L;349E;;;;N;;;;; +2F80D;CJK COMPATIBILITY IDEOGRAPH-2F80D;Lo;0;L;2063A;;;;N;;;;; +2F80E;CJK COMPATIBILITY IDEOGRAPH-2F80E;Lo;0;L;514D;;;;N;;;;; +2F80F;CJK COMPATIBILITY IDEOGRAPH-2F80F;Lo;0;L;5154;;;;N;;;;; +2F810;CJK COMPATIBILITY IDEOGRAPH-2F810;Lo;0;L;5164;;;;N;;;;; +2F811;CJK COMPATIBILITY IDEOGRAPH-2F811;Lo;0;L;5177;;;;N;;;;; +2F812;CJK COMPATIBILITY IDEOGRAPH-2F812;Lo;0;L;2051C;;;;N;;;;; +2F813;CJK COMPATIBILITY IDEOGRAPH-2F813;Lo;0;L;34B9;;;;N;;;;; +2F814;CJK COMPATIBILITY IDEOGRAPH-2F814;Lo;0;L;5167;;;;N;;;;; +2F815;CJK COMPATIBILITY IDEOGRAPH-2F815;Lo;0;L;518D;;;;N;;;;; +2F816;CJK COMPATIBILITY IDEOGRAPH-2F816;Lo;0;L;2054B;;;;N;;;;; +2F817;CJK COMPATIBILITY IDEOGRAPH-2F817;Lo;0;L;5197;;;;N;;;;; +2F818;CJK COMPATIBILITY IDEOGRAPH-2F818;Lo;0;L;51A4;;;;N;;;;; +2F819;CJK COMPATIBILITY IDEOGRAPH-2F819;Lo;0;L;4ECC;;;;N;;;;; +2F81A;CJK COMPATIBILITY IDEOGRAPH-2F81A;Lo;0;L;51AC;;;;N;;;;; +2F81B;CJK COMPATIBILITY IDEOGRAPH-2F81B;Lo;0;L;51B5;;;;N;;;;; +2F81C;CJK COMPATIBILITY IDEOGRAPH-2F81C;Lo;0;L;291DF;;;;N;;;;; +2F81D;CJK COMPATIBILITY IDEOGRAPH-2F81D;Lo;0;L;51F5;;;;N;;;;; +2F81E;CJK COMPATIBILITY IDEOGRAPH-2F81E;Lo;0;L;5203;;;;N;;;;; +2F81F;CJK COMPATIBILITY IDEOGRAPH-2F81F;Lo;0;L;34DF;;;;N;;;;; +2F820;CJK COMPATIBILITY IDEOGRAPH-2F820;Lo;0;L;523B;;;;N;;;;; +2F821;CJK COMPATIBILITY IDEOGRAPH-2F821;Lo;0;L;5246;;;;N;;;;; +2F822;CJK COMPATIBILITY IDEOGRAPH-2F822;Lo;0;L;5272;;;;N;;;;; +2F823;CJK COMPATIBILITY IDEOGRAPH-2F823;Lo;0;L;5277;;;;N;;;;; +2F824;CJK COMPATIBILITY IDEOGRAPH-2F824;Lo;0;L;3515;;;;N;;;;; +2F825;CJK COMPATIBILITY IDEOGRAPH-2F825;Lo;0;L;52C7;;;;N;;;;; +2F826;CJK COMPATIBILITY IDEOGRAPH-2F826;Lo;0;L;52C9;;;;N;;;;; +2F827;CJK COMPATIBILITY IDEOGRAPH-2F827;Lo;0;L;52E4;;;;N;;;;; +2F828;CJK COMPATIBILITY IDEOGRAPH-2F828;Lo;0;L;52FA;;;;N;;;;; +2F829;CJK COMPATIBILITY IDEOGRAPH-2F829;Lo;0;L;5305;;;;N;;;;; +2F82A;CJK COMPATIBILITY IDEOGRAPH-2F82A;Lo;0;L;5306;;;;N;;;;; +2F82B;CJK COMPATIBILITY IDEOGRAPH-2F82B;Lo;0;L;5317;;;;N;;;;; +2F82C;CJK COMPATIBILITY IDEOGRAPH-2F82C;Lo;0;L;5349;;;;N;;;;; +2F82D;CJK COMPATIBILITY IDEOGRAPH-2F82D;Lo;0;L;5351;;;;N;;;;; +2F82E;CJK COMPATIBILITY IDEOGRAPH-2F82E;Lo;0;L;535A;;;;N;;;;; +2F82F;CJK COMPATIBILITY IDEOGRAPH-2F82F;Lo;0;L;5373;;;;N;;;;; +2F830;CJK COMPATIBILITY IDEOGRAPH-2F830;Lo;0;L;537D;;;;N;;;;; +2F831;CJK COMPATIBILITY IDEOGRAPH-2F831;Lo;0;L;537F;;;;N;;;;; +2F832;CJK COMPATIBILITY IDEOGRAPH-2F832;Lo;0;L;537F;;;;N;;;;; +2F833;CJK COMPATIBILITY IDEOGRAPH-2F833;Lo;0;L;537F;;;;N;;;;; +2F834;CJK COMPATIBILITY IDEOGRAPH-2F834;Lo;0;L;20A2C;;;;N;;;;; +2F835;CJK COMPATIBILITY IDEOGRAPH-2F835;Lo;0;L;7070;;;;N;;;;; +2F836;CJK COMPATIBILITY IDEOGRAPH-2F836;Lo;0;L;53CA;;;;N;;;;; +2F837;CJK COMPATIBILITY IDEOGRAPH-2F837;Lo;0;L;53DF;;;;N;;;;; +2F838;CJK COMPATIBILITY IDEOGRAPH-2F838;Lo;0;L;20B63;;;;N;;;;; +2F839;CJK COMPATIBILITY IDEOGRAPH-2F839;Lo;0;L;53EB;;;;N;;;;; +2F83A;CJK COMPATIBILITY IDEOGRAPH-2F83A;Lo;0;L;53F1;;;;N;;;;; +2F83B;CJK COMPATIBILITY IDEOGRAPH-2F83B;Lo;0;L;5406;;;;N;;;;; +2F83C;CJK COMPATIBILITY IDEOGRAPH-2F83C;Lo;0;L;549E;;;;N;;;;; +2F83D;CJK COMPATIBILITY IDEOGRAPH-2F83D;Lo;0;L;5438;;;;N;;;;; +2F83E;CJK COMPATIBILITY IDEOGRAPH-2F83E;Lo;0;L;5448;;;;N;;;;; +2F83F;CJK COMPATIBILITY IDEOGRAPH-2F83F;Lo;0;L;5468;;;;N;;;;; +2F840;CJK COMPATIBILITY IDEOGRAPH-2F840;Lo;0;L;54A2;;;;N;;;;; +2F841;CJK COMPATIBILITY IDEOGRAPH-2F841;Lo;0;L;54F6;;;;N;;;;; +2F842;CJK COMPATIBILITY IDEOGRAPH-2F842;Lo;0;L;5510;;;;N;;;;; +2F843;CJK COMPATIBILITY IDEOGRAPH-2F843;Lo;0;L;5553;;;;N;;;;; +2F844;CJK COMPATIBILITY IDEOGRAPH-2F844;Lo;0;L;5563;;;;N;;;;; +2F845;CJK COMPATIBILITY IDEOGRAPH-2F845;Lo;0;L;5584;;;;N;;;;; +2F846;CJK COMPATIBILITY IDEOGRAPH-2F846;Lo;0;L;5584;;;;N;;;;; +2F847;CJK COMPATIBILITY IDEOGRAPH-2F847;Lo;0;L;5599;;;;N;;;;; +2F848;CJK COMPATIBILITY IDEOGRAPH-2F848;Lo;0;L;55AB;;;;N;;;;; +2F849;CJK COMPATIBILITY IDEOGRAPH-2F849;Lo;0;L;55B3;;;;N;;;;; +2F84A;CJK COMPATIBILITY IDEOGRAPH-2F84A;Lo;0;L;55C2;;;;N;;;;; +2F84B;CJK COMPATIBILITY IDEOGRAPH-2F84B;Lo;0;L;5716;;;;N;;;;; +2F84C;CJK COMPATIBILITY IDEOGRAPH-2F84C;Lo;0;L;5606;;;;N;;;;; +2F84D;CJK COMPATIBILITY IDEOGRAPH-2F84D;Lo;0;L;5717;;;;N;;;;; +2F84E;CJK COMPATIBILITY IDEOGRAPH-2F84E;Lo;0;L;5651;;;;N;;;;; +2F84F;CJK COMPATIBILITY IDEOGRAPH-2F84F;Lo;0;L;5674;;;;N;;;;; +2F850;CJK COMPATIBILITY IDEOGRAPH-2F850;Lo;0;L;5207;;;;N;;;;; +2F851;CJK COMPATIBILITY IDEOGRAPH-2F851;Lo;0;L;58EE;;;;N;;;;; +2F852;CJK COMPATIBILITY IDEOGRAPH-2F852;Lo;0;L;57CE;;;;N;;;;; +2F853;CJK COMPATIBILITY IDEOGRAPH-2F853;Lo;0;L;57F4;;;;N;;;;; +2F854;CJK COMPATIBILITY IDEOGRAPH-2F854;Lo;0;L;580D;;;;N;;;;; +2F855;CJK COMPATIBILITY IDEOGRAPH-2F855;Lo;0;L;578B;;;;N;;;;; +2F856;CJK COMPATIBILITY IDEOGRAPH-2F856;Lo;0;L;5832;;;;N;;;;; +2F857;CJK COMPATIBILITY IDEOGRAPH-2F857;Lo;0;L;5831;;;;N;;;;; +2F858;CJK COMPATIBILITY IDEOGRAPH-2F858;Lo;0;L;58AC;;;;N;;;;; +2F859;CJK COMPATIBILITY IDEOGRAPH-2F859;Lo;0;L;214E4;;;;N;;;;; +2F85A;CJK COMPATIBILITY IDEOGRAPH-2F85A;Lo;0;L;58F2;;;;N;;;;; +2F85B;CJK COMPATIBILITY IDEOGRAPH-2F85B;Lo;0;L;58F7;;;;N;;;;; +2F85C;CJK COMPATIBILITY IDEOGRAPH-2F85C;Lo;0;L;5906;;;;N;;;;; +2F85D;CJK COMPATIBILITY IDEOGRAPH-2F85D;Lo;0;L;591A;;;;N;;;;; +2F85E;CJK COMPATIBILITY IDEOGRAPH-2F85E;Lo;0;L;5922;;;;N;;;;; +2F85F;CJK COMPATIBILITY IDEOGRAPH-2F85F;Lo;0;L;5962;;;;N;;;;; +2F860;CJK COMPATIBILITY IDEOGRAPH-2F860;Lo;0;L;216A8;;;;N;;;;; +2F861;CJK COMPATIBILITY IDEOGRAPH-2F861;Lo;0;L;216EA;;;;N;;;;; +2F862;CJK COMPATIBILITY IDEOGRAPH-2F862;Lo;0;L;59EC;;;;N;;;;; +2F863;CJK COMPATIBILITY IDEOGRAPH-2F863;Lo;0;L;5A1B;;;;N;;;;; +2F864;CJK COMPATIBILITY IDEOGRAPH-2F864;Lo;0;L;5A27;;;;N;;;;; +2F865;CJK COMPATIBILITY IDEOGRAPH-2F865;Lo;0;L;59D8;;;;N;;;;; +2F866;CJK COMPATIBILITY IDEOGRAPH-2F866;Lo;0;L;5A66;;;;N;;;;; +2F867;CJK COMPATIBILITY IDEOGRAPH-2F867;Lo;0;L;36EE;;;;N;;;;; +2F868;CJK COMPATIBILITY IDEOGRAPH-2F868;Lo;0;L;36FC;;;;N;;;;; +2F869;CJK COMPATIBILITY IDEOGRAPH-2F869;Lo;0;L;5B08;;;;N;;;;; +2F86A;CJK COMPATIBILITY IDEOGRAPH-2F86A;Lo;0;L;5B3E;;;;N;;;;; +2F86B;CJK COMPATIBILITY IDEOGRAPH-2F86B;Lo;0;L;5B3E;;;;N;;;;; +2F86C;CJK COMPATIBILITY IDEOGRAPH-2F86C;Lo;0;L;219C8;;;;N;;;;; +2F86D;CJK COMPATIBILITY IDEOGRAPH-2F86D;Lo;0;L;5BC3;;;;N;;;;; +2F86E;CJK COMPATIBILITY IDEOGRAPH-2F86E;Lo;0;L;5BD8;;;;N;;;;; +2F86F;CJK COMPATIBILITY IDEOGRAPH-2F86F;Lo;0;L;5BE7;;;;N;;;;; +2F870;CJK COMPATIBILITY IDEOGRAPH-2F870;Lo;0;L;5BF3;;;;N;;;;; +2F871;CJK COMPATIBILITY IDEOGRAPH-2F871;Lo;0;L;21B18;;;;N;;;;; +2F872;CJK COMPATIBILITY IDEOGRAPH-2F872;Lo;0;L;5BFF;;;;N;;;;; +2F873;CJK COMPATIBILITY IDEOGRAPH-2F873;Lo;0;L;5C06;;;;N;;;;; +2F874;CJK COMPATIBILITY IDEOGRAPH-2F874;Lo;0;L;5F53;;;;N;;;;; +2F875;CJK COMPATIBILITY IDEOGRAPH-2F875;Lo;0;L;5C22;;;;N;;;;; +2F876;CJK COMPATIBILITY IDEOGRAPH-2F876;Lo;0;L;3781;;;;N;;;;; +2F877;CJK COMPATIBILITY IDEOGRAPH-2F877;Lo;0;L;5C60;;;;N;;;;; +2F878;CJK COMPATIBILITY IDEOGRAPH-2F878;Lo;0;L;5C6E;;;;N;;;;; +2F879;CJK COMPATIBILITY IDEOGRAPH-2F879;Lo;0;L;5CC0;;;;N;;;;; +2F87A;CJK COMPATIBILITY IDEOGRAPH-2F87A;Lo;0;L;5C8D;;;;N;;;;; +2F87B;CJK COMPATIBILITY IDEOGRAPH-2F87B;Lo;0;L;21DE4;;;;N;;;;; +2F87C;CJK COMPATIBILITY IDEOGRAPH-2F87C;Lo;0;L;5D43;;;;N;;;;; +2F87D;CJK COMPATIBILITY IDEOGRAPH-2F87D;Lo;0;L;21DE6;;;;N;;;;; +2F87E;CJK COMPATIBILITY IDEOGRAPH-2F87E;Lo;0;L;5D6E;;;;N;;;;; +2F87F;CJK COMPATIBILITY IDEOGRAPH-2F87F;Lo;0;L;5D6B;;;;N;;;;; +2F880;CJK COMPATIBILITY IDEOGRAPH-2F880;Lo;0;L;5D7C;;;;N;;;;; +2F881;CJK COMPATIBILITY IDEOGRAPH-2F881;Lo;0;L;5DE1;;;;N;;;;; +2F882;CJK COMPATIBILITY IDEOGRAPH-2F882;Lo;0;L;5DE2;;;;N;;;;; +2F883;CJK COMPATIBILITY IDEOGRAPH-2F883;Lo;0;L;382F;;;;N;;;;; +2F884;CJK COMPATIBILITY IDEOGRAPH-2F884;Lo;0;L;5DFD;;;;N;;;;; +2F885;CJK COMPATIBILITY IDEOGRAPH-2F885;Lo;0;L;5E28;;;;N;;;;; +2F886;CJK COMPATIBILITY IDEOGRAPH-2F886;Lo;0;L;5E3D;;;;N;;;;; +2F887;CJK COMPATIBILITY IDEOGRAPH-2F887;Lo;0;L;5E69;;;;N;;;;; +2F888;CJK COMPATIBILITY IDEOGRAPH-2F888;Lo;0;L;3862;;;;N;;;;; +2F889;CJK COMPATIBILITY IDEOGRAPH-2F889;Lo;0;L;22183;;;;N;;;;; +2F88A;CJK COMPATIBILITY IDEOGRAPH-2F88A;Lo;0;L;387C;;;;N;;;;; +2F88B;CJK COMPATIBILITY IDEOGRAPH-2F88B;Lo;0;L;5EB0;;;;N;;;;; +2F88C;CJK COMPATIBILITY IDEOGRAPH-2F88C;Lo;0;L;5EB3;;;;N;;;;; +2F88D;CJK COMPATIBILITY IDEOGRAPH-2F88D;Lo;0;L;5EB6;;;;N;;;;; +2F88E;CJK COMPATIBILITY IDEOGRAPH-2F88E;Lo;0;L;5ECA;;;;N;;;;; +2F88F;CJK COMPATIBILITY IDEOGRAPH-2F88F;Lo;0;L;2A392;;;;N;;;;; +2F890;CJK COMPATIBILITY IDEOGRAPH-2F890;Lo;0;L;5EFE;;;;N;;;;; +2F891;CJK COMPATIBILITY IDEOGRAPH-2F891;Lo;0;L;22331;;;;N;;;;; +2F892;CJK COMPATIBILITY IDEOGRAPH-2F892;Lo;0;L;22331;;;;N;;;;; +2F893;CJK COMPATIBILITY IDEOGRAPH-2F893;Lo;0;L;8201;;;;N;;;;; +2F894;CJK COMPATIBILITY IDEOGRAPH-2F894;Lo;0;L;5F22;;;;N;;;;; +2F895;CJK COMPATIBILITY IDEOGRAPH-2F895;Lo;0;L;5F22;;;;N;;;;; +2F896;CJK COMPATIBILITY IDEOGRAPH-2F896;Lo;0;L;38C7;;;;N;;;;; +2F897;CJK COMPATIBILITY IDEOGRAPH-2F897;Lo;0;L;232B8;;;;N;;;;; +2F898;CJK COMPATIBILITY IDEOGRAPH-2F898;Lo;0;L;261DA;;;;N;;;;; +2F899;CJK COMPATIBILITY IDEOGRAPH-2F899;Lo;0;L;5F62;;;;N;;;;; +2F89A;CJK COMPATIBILITY IDEOGRAPH-2F89A;Lo;0;L;5F6B;;;;N;;;;; +2F89B;CJK COMPATIBILITY IDEOGRAPH-2F89B;Lo;0;L;38E3;;;;N;;;;; +2F89C;CJK COMPATIBILITY IDEOGRAPH-2F89C;Lo;0;L;5F9A;;;;N;;;;; +2F89D;CJK COMPATIBILITY IDEOGRAPH-2F89D;Lo;0;L;5FCD;;;;N;;;;; +2F89E;CJK COMPATIBILITY IDEOGRAPH-2F89E;Lo;0;L;5FD7;;;;N;;;;; +2F89F;CJK COMPATIBILITY IDEOGRAPH-2F89F;Lo;0;L;5FF9;;;;N;;;;; +2F8A0;CJK COMPATIBILITY IDEOGRAPH-2F8A0;Lo;0;L;6081;;;;N;;;;; +2F8A1;CJK COMPATIBILITY IDEOGRAPH-2F8A1;Lo;0;L;393A;;;;N;;;;; +2F8A2;CJK COMPATIBILITY IDEOGRAPH-2F8A2;Lo;0;L;391C;;;;N;;;;; +2F8A3;CJK COMPATIBILITY IDEOGRAPH-2F8A3;Lo;0;L;6094;;;;N;;;;; +2F8A4;CJK COMPATIBILITY IDEOGRAPH-2F8A4;Lo;0;L;226D4;;;;N;;;;; +2F8A5;CJK COMPATIBILITY IDEOGRAPH-2F8A5;Lo;0;L;60C7;;;;N;;;;; +2F8A6;CJK COMPATIBILITY IDEOGRAPH-2F8A6;Lo;0;L;6148;;;;N;;;;; +2F8A7;CJK COMPATIBILITY IDEOGRAPH-2F8A7;Lo;0;L;614C;;;;N;;;;; +2F8A8;CJK COMPATIBILITY IDEOGRAPH-2F8A8;Lo;0;L;614E;;;;N;;;;; +2F8A9;CJK COMPATIBILITY IDEOGRAPH-2F8A9;Lo;0;L;614C;;;;N;;;;; +2F8AA;CJK COMPATIBILITY IDEOGRAPH-2F8AA;Lo;0;L;617A;;;;N;;;;; +2F8AB;CJK COMPATIBILITY IDEOGRAPH-2F8AB;Lo;0;L;618E;;;;N;;;;; +2F8AC;CJK COMPATIBILITY IDEOGRAPH-2F8AC;Lo;0;L;61B2;;;;N;;;;; +2F8AD;CJK COMPATIBILITY IDEOGRAPH-2F8AD;Lo;0;L;61A4;;;;N;;;;; +2F8AE;CJK COMPATIBILITY IDEOGRAPH-2F8AE;Lo;0;L;61AF;;;;N;;;;; +2F8AF;CJK COMPATIBILITY IDEOGRAPH-2F8AF;Lo;0;L;61DE;;;;N;;;;; +2F8B0;CJK COMPATIBILITY IDEOGRAPH-2F8B0;Lo;0;L;61F2;;;;N;;;;; +2F8B1;CJK COMPATIBILITY IDEOGRAPH-2F8B1;Lo;0;L;61F6;;;;N;;;;; +2F8B2;CJK COMPATIBILITY IDEOGRAPH-2F8B2;Lo;0;L;6210;;;;N;;;;; +2F8B3;CJK COMPATIBILITY IDEOGRAPH-2F8B3;Lo;0;L;621B;;;;N;;;;; +2F8B4;CJK COMPATIBILITY IDEOGRAPH-2F8B4;Lo;0;L;625D;;;;N;;;;; +2F8B5;CJK COMPATIBILITY IDEOGRAPH-2F8B5;Lo;0;L;62B1;;;;N;;;;; +2F8B6;CJK COMPATIBILITY IDEOGRAPH-2F8B6;Lo;0;L;62D4;;;;N;;;;; +2F8B7;CJK COMPATIBILITY IDEOGRAPH-2F8B7;Lo;0;L;6350;;;;N;;;;; +2F8B8;CJK COMPATIBILITY IDEOGRAPH-2F8B8;Lo;0;L;22B0C;;;;N;;;;; +2F8B9;CJK COMPATIBILITY IDEOGRAPH-2F8B9;Lo;0;L;633D;;;;N;;;;; +2F8BA;CJK COMPATIBILITY IDEOGRAPH-2F8BA;Lo;0;L;62FC;;;;N;;;;; +2F8BB;CJK COMPATIBILITY IDEOGRAPH-2F8BB;Lo;0;L;6368;;;;N;;;;; +2F8BC;CJK COMPATIBILITY IDEOGRAPH-2F8BC;Lo;0;L;6383;;;;N;;;;; +2F8BD;CJK COMPATIBILITY IDEOGRAPH-2F8BD;Lo;0;L;63E4;;;;N;;;;; +2F8BE;CJK COMPATIBILITY IDEOGRAPH-2F8BE;Lo;0;L;22BF1;;;;N;;;;; +2F8BF;CJK COMPATIBILITY IDEOGRAPH-2F8BF;Lo;0;L;6422;;;;N;;;;; +2F8C0;CJK COMPATIBILITY IDEOGRAPH-2F8C0;Lo;0;L;63C5;;;;N;;;;; +2F8C1;CJK COMPATIBILITY IDEOGRAPH-2F8C1;Lo;0;L;63A9;;;;N;;;;; +2F8C2;CJK COMPATIBILITY IDEOGRAPH-2F8C2;Lo;0;L;3A2E;;;;N;;;;; +2F8C3;CJK COMPATIBILITY IDEOGRAPH-2F8C3;Lo;0;L;6469;;;;N;;;;; +2F8C4;CJK COMPATIBILITY IDEOGRAPH-2F8C4;Lo;0;L;647E;;;;N;;;;; +2F8C5;CJK COMPATIBILITY IDEOGRAPH-2F8C5;Lo;0;L;649D;;;;N;;;;; +2F8C6;CJK COMPATIBILITY IDEOGRAPH-2F8C6;Lo;0;L;6477;;;;N;;;;; +2F8C7;CJK COMPATIBILITY IDEOGRAPH-2F8C7;Lo;0;L;3A6C;;;;N;;;;; +2F8C8;CJK COMPATIBILITY IDEOGRAPH-2F8C8;Lo;0;L;654F;;;;N;;;;; +2F8C9;CJK COMPATIBILITY IDEOGRAPH-2F8C9;Lo;0;L;656C;;;;N;;;;; +2F8CA;CJK COMPATIBILITY IDEOGRAPH-2F8CA;Lo;0;L;2300A;;;;N;;;;; +2F8CB;CJK COMPATIBILITY IDEOGRAPH-2F8CB;Lo;0;L;65E3;;;;N;;;;; +2F8CC;CJK COMPATIBILITY IDEOGRAPH-2F8CC;Lo;0;L;66F8;;;;N;;;;; +2F8CD;CJK COMPATIBILITY IDEOGRAPH-2F8CD;Lo;0;L;6649;;;;N;;;;; +2F8CE;CJK COMPATIBILITY IDEOGRAPH-2F8CE;Lo;0;L;3B19;;;;N;;;;; +2F8CF;CJK COMPATIBILITY IDEOGRAPH-2F8CF;Lo;0;L;6691;;;;N;;;;; +2F8D0;CJK COMPATIBILITY IDEOGRAPH-2F8D0;Lo;0;L;3B08;;;;N;;;;; +2F8D1;CJK COMPATIBILITY IDEOGRAPH-2F8D1;Lo;0;L;3AE4;;;;N;;;;; +2F8D2;CJK COMPATIBILITY IDEOGRAPH-2F8D2;Lo;0;L;5192;;;;N;;;;; +2F8D3;CJK COMPATIBILITY IDEOGRAPH-2F8D3;Lo;0;L;5195;;;;N;;;;; +2F8D4;CJK COMPATIBILITY IDEOGRAPH-2F8D4;Lo;0;L;6700;;;;N;;;;; +2F8D5;CJK COMPATIBILITY IDEOGRAPH-2F8D5;Lo;0;L;669C;;;;N;;;;; +2F8D6;CJK COMPATIBILITY IDEOGRAPH-2F8D6;Lo;0;L;80AD;;;;N;;;;; +2F8D7;CJK COMPATIBILITY IDEOGRAPH-2F8D7;Lo;0;L;43D9;;;;N;;;;; +2F8D8;CJK COMPATIBILITY IDEOGRAPH-2F8D8;Lo;0;L;6717;;;;N;;;;; +2F8D9;CJK COMPATIBILITY IDEOGRAPH-2F8D9;Lo;0;L;671B;;;;N;;;;; +2F8DA;CJK COMPATIBILITY IDEOGRAPH-2F8DA;Lo;0;L;6721;;;;N;;;;; +2F8DB;CJK COMPATIBILITY IDEOGRAPH-2F8DB;Lo;0;L;675E;;;;N;;;;; +2F8DC;CJK COMPATIBILITY IDEOGRAPH-2F8DC;Lo;0;L;6753;;;;N;;;;; +2F8DD;CJK COMPATIBILITY IDEOGRAPH-2F8DD;Lo;0;L;233C3;;;;N;;;;; +2F8DE;CJK COMPATIBILITY IDEOGRAPH-2F8DE;Lo;0;L;3B49;;;;N;;;;; +2F8DF;CJK COMPATIBILITY IDEOGRAPH-2F8DF;Lo;0;L;67FA;;;;N;;;;; +2F8E0;CJK COMPATIBILITY IDEOGRAPH-2F8E0;Lo;0;L;6785;;;;N;;;;; +2F8E1;CJK COMPATIBILITY IDEOGRAPH-2F8E1;Lo;0;L;6852;;;;N;;;;; +2F8E2;CJK COMPATIBILITY IDEOGRAPH-2F8E2;Lo;0;L;6885;;;;N;;;;; +2F8E3;CJK COMPATIBILITY IDEOGRAPH-2F8E3;Lo;0;L;2346D;;;;N;;;;; +2F8E4;CJK COMPATIBILITY IDEOGRAPH-2F8E4;Lo;0;L;688E;;;;N;;;;; +2F8E5;CJK COMPATIBILITY IDEOGRAPH-2F8E5;Lo;0;L;681F;;;;N;;;;; +2F8E6;CJK COMPATIBILITY IDEOGRAPH-2F8E6;Lo;0;L;6914;;;;N;;;;; +2F8E7;CJK COMPATIBILITY IDEOGRAPH-2F8E7;Lo;0;L;3B9D;;;;N;;;;; +2F8E8;CJK COMPATIBILITY IDEOGRAPH-2F8E8;Lo;0;L;6942;;;;N;;;;; +2F8E9;CJK COMPATIBILITY IDEOGRAPH-2F8E9;Lo;0;L;69A3;;;;N;;;;; +2F8EA;CJK COMPATIBILITY IDEOGRAPH-2F8EA;Lo;0;L;69EA;;;;N;;;;; +2F8EB;CJK COMPATIBILITY IDEOGRAPH-2F8EB;Lo;0;L;6AA8;;;;N;;;;; +2F8EC;CJK COMPATIBILITY IDEOGRAPH-2F8EC;Lo;0;L;236A3;;;;N;;;;; +2F8ED;CJK COMPATIBILITY IDEOGRAPH-2F8ED;Lo;0;L;6ADB;;;;N;;;;; +2F8EE;CJK COMPATIBILITY IDEOGRAPH-2F8EE;Lo;0;L;3C18;;;;N;;;;; +2F8EF;CJK COMPATIBILITY IDEOGRAPH-2F8EF;Lo;0;L;6B21;;;;N;;;;; +2F8F0;CJK COMPATIBILITY IDEOGRAPH-2F8F0;Lo;0;L;238A7;;;;N;;;;; +2F8F1;CJK COMPATIBILITY IDEOGRAPH-2F8F1;Lo;0;L;6B54;;;;N;;;;; +2F8F2;CJK COMPATIBILITY IDEOGRAPH-2F8F2;Lo;0;L;3C4E;;;;N;;;;; +2F8F3;CJK COMPATIBILITY IDEOGRAPH-2F8F3;Lo;0;L;6B72;;;;N;;;;; +2F8F4;CJK COMPATIBILITY IDEOGRAPH-2F8F4;Lo;0;L;6B9F;;;;N;;;;; +2F8F5;CJK COMPATIBILITY IDEOGRAPH-2F8F5;Lo;0;L;6BBA;;;;N;;;;; +2F8F6;CJK COMPATIBILITY IDEOGRAPH-2F8F6;Lo;0;L;6BBB;;;;N;;;;; +2F8F7;CJK COMPATIBILITY IDEOGRAPH-2F8F7;Lo;0;L;23A8D;;;;N;;;;; +2F8F8;CJK COMPATIBILITY IDEOGRAPH-2F8F8;Lo;0;L;21D0B;;;;N;;;;; +2F8F9;CJK COMPATIBILITY IDEOGRAPH-2F8F9;Lo;0;L;23AFA;;;;N;;;;; +2F8FA;CJK COMPATIBILITY IDEOGRAPH-2F8FA;Lo;0;L;6C4E;;;;N;;;;; +2F8FB;CJK COMPATIBILITY IDEOGRAPH-2F8FB;Lo;0;L;23CBC;;;;N;;;;; +2F8FC;CJK COMPATIBILITY IDEOGRAPH-2F8FC;Lo;0;L;6CBF;;;;N;;;;; +2F8FD;CJK COMPATIBILITY IDEOGRAPH-2F8FD;Lo;0;L;6CCD;;;;N;;;;; +2F8FE;CJK COMPATIBILITY IDEOGRAPH-2F8FE;Lo;0;L;6C67;;;;N;;;;; +2F8FF;CJK COMPATIBILITY IDEOGRAPH-2F8FF;Lo;0;L;6D16;;;;N;;;;; +2F900;CJK COMPATIBILITY IDEOGRAPH-2F900;Lo;0;L;6D3E;;;;N;;;;; +2F901;CJK COMPATIBILITY IDEOGRAPH-2F901;Lo;0;L;6D77;;;;N;;;;; +2F902;CJK COMPATIBILITY IDEOGRAPH-2F902;Lo;0;L;6D41;;;;N;;;;; +2F903;CJK COMPATIBILITY IDEOGRAPH-2F903;Lo;0;L;6D69;;;;N;;;;; +2F904;CJK COMPATIBILITY IDEOGRAPH-2F904;Lo;0;L;6D78;;;;N;;;;; +2F905;CJK COMPATIBILITY IDEOGRAPH-2F905;Lo;0;L;6D85;;;;N;;;;; +2F906;CJK COMPATIBILITY IDEOGRAPH-2F906;Lo;0;L;23D1E;;;;N;;;;; +2F907;CJK COMPATIBILITY IDEOGRAPH-2F907;Lo;0;L;6D34;;;;N;;;;; +2F908;CJK COMPATIBILITY IDEOGRAPH-2F908;Lo;0;L;6E2F;;;;N;;;;; +2F909;CJK COMPATIBILITY IDEOGRAPH-2F909;Lo;0;L;6E6E;;;;N;;;;; +2F90A;CJK COMPATIBILITY IDEOGRAPH-2F90A;Lo;0;L;3D33;;;;N;;;;; +2F90B;CJK COMPATIBILITY IDEOGRAPH-2F90B;Lo;0;L;6ECB;;;;N;;;;; +2F90C;CJK COMPATIBILITY IDEOGRAPH-2F90C;Lo;0;L;6EC7;;;;N;;;;; +2F90D;CJK COMPATIBILITY IDEOGRAPH-2F90D;Lo;0;L;23ED1;;;;N;;;;; +2F90E;CJK COMPATIBILITY IDEOGRAPH-2F90E;Lo;0;L;6DF9;;;;N;;;;; +2F90F;CJK COMPATIBILITY IDEOGRAPH-2F90F;Lo;0;L;6F6E;;;;N;;;;; +2F910;CJK COMPATIBILITY IDEOGRAPH-2F910;Lo;0;L;23F5E;;;;N;;;;; +2F911;CJK COMPATIBILITY IDEOGRAPH-2F911;Lo;0;L;23F8E;;;;N;;;;; +2F912;CJK COMPATIBILITY IDEOGRAPH-2F912;Lo;0;L;6FC6;;;;N;;;;; +2F913;CJK COMPATIBILITY IDEOGRAPH-2F913;Lo;0;L;7039;;;;N;;;;; +2F914;CJK COMPATIBILITY IDEOGRAPH-2F914;Lo;0;L;701E;;;;N;;;;; +2F915;CJK COMPATIBILITY IDEOGRAPH-2F915;Lo;0;L;701B;;;;N;;;;; +2F916;CJK COMPATIBILITY IDEOGRAPH-2F916;Lo;0;L;3D96;;;;N;;;;; +2F917;CJK COMPATIBILITY IDEOGRAPH-2F917;Lo;0;L;704A;;;;N;;;;; +2F918;CJK COMPATIBILITY IDEOGRAPH-2F918;Lo;0;L;707D;;;;N;;;;; +2F919;CJK COMPATIBILITY IDEOGRAPH-2F919;Lo;0;L;7077;;;;N;;;;; +2F91A;CJK COMPATIBILITY IDEOGRAPH-2F91A;Lo;0;L;70AD;;;;N;;;;; +2F91B;CJK COMPATIBILITY IDEOGRAPH-2F91B;Lo;0;L;20525;;;;N;;;;; +2F91C;CJK COMPATIBILITY IDEOGRAPH-2F91C;Lo;0;L;7145;;;;N;;;;; +2F91D;CJK COMPATIBILITY IDEOGRAPH-2F91D;Lo;0;L;24263;;;;N;;;;; +2F91E;CJK COMPATIBILITY IDEOGRAPH-2F91E;Lo;0;L;719C;;;;N;;;;; +2F91F;CJK COMPATIBILITY IDEOGRAPH-2F91F;Lo;0;L;243AB;;;;N;;;;; +2F920;CJK COMPATIBILITY IDEOGRAPH-2F920;Lo;0;L;7228;;;;N;;;;; +2F921;CJK COMPATIBILITY IDEOGRAPH-2F921;Lo;0;L;7235;;;;N;;;;; +2F922;CJK COMPATIBILITY IDEOGRAPH-2F922;Lo;0;L;7250;;;;N;;;;; +2F923;CJK COMPATIBILITY IDEOGRAPH-2F923;Lo;0;L;24608;;;;N;;;;; +2F924;CJK COMPATIBILITY IDEOGRAPH-2F924;Lo;0;L;7280;;;;N;;;;; +2F925;CJK COMPATIBILITY IDEOGRAPH-2F925;Lo;0;L;7295;;;;N;;;;; +2F926;CJK COMPATIBILITY IDEOGRAPH-2F926;Lo;0;L;24735;;;;N;;;;; +2F927;CJK COMPATIBILITY IDEOGRAPH-2F927;Lo;0;L;24814;;;;N;;;;; +2F928;CJK COMPATIBILITY IDEOGRAPH-2F928;Lo;0;L;737A;;;;N;;;;; +2F929;CJK COMPATIBILITY IDEOGRAPH-2F929;Lo;0;L;738B;;;;N;;;;; +2F92A;CJK COMPATIBILITY IDEOGRAPH-2F92A;Lo;0;L;3EAC;;;;N;;;;; +2F92B;CJK COMPATIBILITY IDEOGRAPH-2F92B;Lo;0;L;73A5;;;;N;;;;; +2F92C;CJK COMPATIBILITY IDEOGRAPH-2F92C;Lo;0;L;3EB8;;;;N;;;;; +2F92D;CJK COMPATIBILITY IDEOGRAPH-2F92D;Lo;0;L;3EB8;;;;N;;;;; +2F92E;CJK COMPATIBILITY IDEOGRAPH-2F92E;Lo;0;L;7447;;;;N;;;;; +2F92F;CJK COMPATIBILITY IDEOGRAPH-2F92F;Lo;0;L;745C;;;;N;;;;; +2F930;CJK COMPATIBILITY IDEOGRAPH-2F930;Lo;0;L;7471;;;;N;;;;; +2F931;CJK COMPATIBILITY IDEOGRAPH-2F931;Lo;0;L;7485;;;;N;;;;; +2F932;CJK COMPATIBILITY IDEOGRAPH-2F932;Lo;0;L;74CA;;;;N;;;;; +2F933;CJK COMPATIBILITY IDEOGRAPH-2F933;Lo;0;L;3F1B;;;;N;;;;; +2F934;CJK COMPATIBILITY IDEOGRAPH-2F934;Lo;0;L;7524;;;;N;;;;; +2F935;CJK COMPATIBILITY IDEOGRAPH-2F935;Lo;0;L;24C36;;;;N;;;;; +2F936;CJK COMPATIBILITY IDEOGRAPH-2F936;Lo;0;L;753E;;;;N;;;;; +2F937;CJK COMPATIBILITY IDEOGRAPH-2F937;Lo;0;L;24C92;;;;N;;;;; +2F938;CJK COMPATIBILITY IDEOGRAPH-2F938;Lo;0;L;7570;;;;N;;;;; +2F939;CJK COMPATIBILITY IDEOGRAPH-2F939;Lo;0;L;2219F;;;;N;;;;; +2F93A;CJK COMPATIBILITY IDEOGRAPH-2F93A;Lo;0;L;7610;;;;N;;;;; +2F93B;CJK COMPATIBILITY IDEOGRAPH-2F93B;Lo;0;L;24FA1;;;;N;;;;; +2F93C;CJK COMPATIBILITY IDEOGRAPH-2F93C;Lo;0;L;24FB8;;;;N;;;;; +2F93D;CJK COMPATIBILITY IDEOGRAPH-2F93D;Lo;0;L;25044;;;;N;;;;; +2F93E;CJK COMPATIBILITY IDEOGRAPH-2F93E;Lo;0;L;3FFC;;;;N;;;;; +2F93F;CJK COMPATIBILITY IDEOGRAPH-2F93F;Lo;0;L;4008;;;;N;;;;; +2F940;CJK COMPATIBILITY IDEOGRAPH-2F940;Lo;0;L;76F4;;;;N;;;;; +2F941;CJK COMPATIBILITY IDEOGRAPH-2F941;Lo;0;L;250F3;;;;N;;;;; +2F942;CJK COMPATIBILITY IDEOGRAPH-2F942;Lo;0;L;250F2;;;;N;;;;; +2F943;CJK COMPATIBILITY IDEOGRAPH-2F943;Lo;0;L;25119;;;;N;;;;; +2F944;CJK COMPATIBILITY IDEOGRAPH-2F944;Lo;0;L;25133;;;;N;;;;; +2F945;CJK COMPATIBILITY IDEOGRAPH-2F945;Lo;0;L;771E;;;;N;;;;; +2F946;CJK COMPATIBILITY IDEOGRAPH-2F946;Lo;0;L;771F;;;;N;;;;; +2F947;CJK COMPATIBILITY IDEOGRAPH-2F947;Lo;0;L;771F;;;;N;;;;; +2F948;CJK COMPATIBILITY IDEOGRAPH-2F948;Lo;0;L;774A;;;;N;;;;; +2F949;CJK COMPATIBILITY IDEOGRAPH-2F949;Lo;0;L;4039;;;;N;;;;; +2F94A;CJK COMPATIBILITY IDEOGRAPH-2F94A;Lo;0;L;778B;;;;N;;;;; +2F94B;CJK COMPATIBILITY IDEOGRAPH-2F94B;Lo;0;L;4046;;;;N;;;;; +2F94C;CJK COMPATIBILITY IDEOGRAPH-2F94C;Lo;0;L;4096;;;;N;;;;; +2F94D;CJK COMPATIBILITY IDEOGRAPH-2F94D;Lo;0;L;2541D;;;;N;;;;; +2F94E;CJK COMPATIBILITY IDEOGRAPH-2F94E;Lo;0;L;784E;;;;N;;;;; +2F94F;CJK COMPATIBILITY IDEOGRAPH-2F94F;Lo;0;L;788C;;;;N;;;;; +2F950;CJK COMPATIBILITY IDEOGRAPH-2F950;Lo;0;L;78CC;;;;N;;;;; +2F951;CJK COMPATIBILITY IDEOGRAPH-2F951;Lo;0;L;40E3;;;;N;;;;; +2F952;CJK COMPATIBILITY IDEOGRAPH-2F952;Lo;0;L;25626;;;;N;;;;; +2F953;CJK COMPATIBILITY IDEOGRAPH-2F953;Lo;0;L;7956;;;;N;;;;; +2F954;CJK COMPATIBILITY IDEOGRAPH-2F954;Lo;0;L;2569A;;;;N;;;;; +2F955;CJK COMPATIBILITY IDEOGRAPH-2F955;Lo;0;L;256C5;;;;N;;;;; +2F956;CJK COMPATIBILITY IDEOGRAPH-2F956;Lo;0;L;798F;;;;N;;;;; +2F957;CJK COMPATIBILITY IDEOGRAPH-2F957;Lo;0;L;79EB;;;;N;;;;; +2F958;CJK COMPATIBILITY IDEOGRAPH-2F958;Lo;0;L;412F;;;;N;;;;; +2F959;CJK COMPATIBILITY IDEOGRAPH-2F959;Lo;0;L;7A40;;;;N;;;;; +2F95A;CJK COMPATIBILITY IDEOGRAPH-2F95A;Lo;0;L;7A4A;;;;N;;;;; +2F95B;CJK COMPATIBILITY IDEOGRAPH-2F95B;Lo;0;L;7A4F;;;;N;;;;; +2F95C;CJK COMPATIBILITY IDEOGRAPH-2F95C;Lo;0;L;2597C;;;;N;;;;; +2F95D;CJK COMPATIBILITY IDEOGRAPH-2F95D;Lo;0;L;25AA7;;;;N;;;;; +2F95E;CJK COMPATIBILITY IDEOGRAPH-2F95E;Lo;0;L;25AA7;;;;N;;;;; +2F95F;CJK COMPATIBILITY IDEOGRAPH-2F95F;Lo;0;L;7AEE;;;;N;;;;; +2F960;CJK COMPATIBILITY IDEOGRAPH-2F960;Lo;0;L;4202;;;;N;;;;; +2F961;CJK COMPATIBILITY IDEOGRAPH-2F961;Lo;0;L;25BAB;;;;N;;;;; +2F962;CJK COMPATIBILITY IDEOGRAPH-2F962;Lo;0;L;7BC6;;;;N;;;;; +2F963;CJK COMPATIBILITY IDEOGRAPH-2F963;Lo;0;L;7BC9;;;;N;;;;; +2F964;CJK COMPATIBILITY IDEOGRAPH-2F964;Lo;0;L;4227;;;;N;;;;; +2F965;CJK COMPATIBILITY IDEOGRAPH-2F965;Lo;0;L;25C80;;;;N;;;;; +2F966;CJK COMPATIBILITY IDEOGRAPH-2F966;Lo;0;L;7CD2;;;;N;;;;; +2F967;CJK COMPATIBILITY IDEOGRAPH-2F967;Lo;0;L;42A0;;;;N;;;;; +2F968;CJK COMPATIBILITY IDEOGRAPH-2F968;Lo;0;L;7CE8;;;;N;;;;; +2F969;CJK COMPATIBILITY IDEOGRAPH-2F969;Lo;0;L;7CE3;;;;N;;;;; +2F96A;CJK COMPATIBILITY IDEOGRAPH-2F96A;Lo;0;L;7D00;;;;N;;;;; +2F96B;CJK COMPATIBILITY IDEOGRAPH-2F96B;Lo;0;L;25F86;;;;N;;;;; +2F96C;CJK COMPATIBILITY IDEOGRAPH-2F96C;Lo;0;L;7D63;;;;N;;;;; +2F96D;CJK COMPATIBILITY IDEOGRAPH-2F96D;Lo;0;L;4301;;;;N;;;;; +2F96E;CJK COMPATIBILITY IDEOGRAPH-2F96E;Lo;0;L;7DC7;;;;N;;;;; +2F96F;CJK COMPATIBILITY IDEOGRAPH-2F96F;Lo;0;L;7E02;;;;N;;;;; +2F970;CJK COMPATIBILITY IDEOGRAPH-2F970;Lo;0;L;7E45;;;;N;;;;; +2F971;CJK COMPATIBILITY IDEOGRAPH-2F971;Lo;0;L;4334;;;;N;;;;; +2F972;CJK COMPATIBILITY IDEOGRAPH-2F972;Lo;0;L;26228;;;;N;;;;; +2F973;CJK COMPATIBILITY IDEOGRAPH-2F973;Lo;0;L;26247;;;;N;;;;; +2F974;CJK COMPATIBILITY IDEOGRAPH-2F974;Lo;0;L;4359;;;;N;;;;; +2F975;CJK COMPATIBILITY IDEOGRAPH-2F975;Lo;0;L;262D9;;;;N;;;;; +2F976;CJK COMPATIBILITY IDEOGRAPH-2F976;Lo;0;L;7F7A;;;;N;;;;; +2F977;CJK COMPATIBILITY IDEOGRAPH-2F977;Lo;0;L;2633E;;;;N;;;;; +2F978;CJK COMPATIBILITY IDEOGRAPH-2F978;Lo;0;L;7F95;;;;N;;;;; +2F979;CJK COMPATIBILITY IDEOGRAPH-2F979;Lo;0;L;7FFA;;;;N;;;;; +2F97A;CJK COMPATIBILITY IDEOGRAPH-2F97A;Lo;0;L;8005;;;;N;;;;; +2F97B;CJK COMPATIBILITY IDEOGRAPH-2F97B;Lo;0;L;264DA;;;;N;;;;; +2F97C;CJK COMPATIBILITY IDEOGRAPH-2F97C;Lo;0;L;26523;;;;N;;;;; +2F97D;CJK COMPATIBILITY IDEOGRAPH-2F97D;Lo;0;L;8060;;;;N;;;;; +2F97E;CJK COMPATIBILITY IDEOGRAPH-2F97E;Lo;0;L;265A8;;;;N;;;;; +2F97F;CJK COMPATIBILITY IDEOGRAPH-2F97F;Lo;0;L;8070;;;;N;;;;; +2F980;CJK COMPATIBILITY IDEOGRAPH-2F980;Lo;0;L;2335F;;;;N;;;;; +2F981;CJK COMPATIBILITY IDEOGRAPH-2F981;Lo;0;L;43D5;;;;N;;;;; +2F982;CJK COMPATIBILITY IDEOGRAPH-2F982;Lo;0;L;80B2;;;;N;;;;; +2F983;CJK COMPATIBILITY IDEOGRAPH-2F983;Lo;0;L;8103;;;;N;;;;; +2F984;CJK COMPATIBILITY IDEOGRAPH-2F984;Lo;0;L;440B;;;;N;;;;; +2F985;CJK COMPATIBILITY IDEOGRAPH-2F985;Lo;0;L;813E;;;;N;;;;; +2F986;CJK COMPATIBILITY IDEOGRAPH-2F986;Lo;0;L;5AB5;;;;N;;;;; +2F987;CJK COMPATIBILITY IDEOGRAPH-2F987;Lo;0;L;267A7;;;;N;;;;; +2F988;CJK COMPATIBILITY IDEOGRAPH-2F988;Lo;0;L;267B5;;;;N;;;;; +2F989;CJK COMPATIBILITY IDEOGRAPH-2F989;Lo;0;L;23393;;;;N;;;;; +2F98A;CJK COMPATIBILITY IDEOGRAPH-2F98A;Lo;0;L;2339C;;;;N;;;;; +2F98B;CJK COMPATIBILITY IDEOGRAPH-2F98B;Lo;0;L;8201;;;;N;;;;; +2F98C;CJK COMPATIBILITY IDEOGRAPH-2F98C;Lo;0;L;8204;;;;N;;;;; +2F98D;CJK COMPATIBILITY IDEOGRAPH-2F98D;Lo;0;L;8F9E;;;;N;;;;; +2F98E;CJK COMPATIBILITY IDEOGRAPH-2F98E;Lo;0;L;446B;;;;N;;;;; +2F98F;CJK COMPATIBILITY IDEOGRAPH-2F98F;Lo;0;L;8291;;;;N;;;;; +2F990;CJK COMPATIBILITY IDEOGRAPH-2F990;Lo;0;L;828B;;;;N;;;;; +2F991;CJK COMPATIBILITY IDEOGRAPH-2F991;Lo;0;L;829D;;;;N;;;;; +2F992;CJK COMPATIBILITY IDEOGRAPH-2F992;Lo;0;L;52B3;;;;N;;;;; +2F993;CJK COMPATIBILITY IDEOGRAPH-2F993;Lo;0;L;82B1;;;;N;;;;; +2F994;CJK COMPATIBILITY IDEOGRAPH-2F994;Lo;0;L;82B3;;;;N;;;;; +2F995;CJK COMPATIBILITY IDEOGRAPH-2F995;Lo;0;L;82BD;;;;N;;;;; +2F996;CJK COMPATIBILITY IDEOGRAPH-2F996;Lo;0;L;82E6;;;;N;;;;; +2F997;CJK COMPATIBILITY IDEOGRAPH-2F997;Lo;0;L;26B3C;;;;N;;;;; +2F998;CJK COMPATIBILITY IDEOGRAPH-2F998;Lo;0;L;82E5;;;;N;;;;; +2F999;CJK COMPATIBILITY IDEOGRAPH-2F999;Lo;0;L;831D;;;;N;;;;; +2F99A;CJK COMPATIBILITY IDEOGRAPH-2F99A;Lo;0;L;8363;;;;N;;;;; +2F99B;CJK COMPATIBILITY IDEOGRAPH-2F99B;Lo;0;L;83AD;;;;N;;;;; +2F99C;CJK COMPATIBILITY IDEOGRAPH-2F99C;Lo;0;L;8323;;;;N;;;;; +2F99D;CJK COMPATIBILITY IDEOGRAPH-2F99D;Lo;0;L;83BD;;;;N;;;;; +2F99E;CJK COMPATIBILITY IDEOGRAPH-2F99E;Lo;0;L;83E7;;;;N;;;;; +2F99F;CJK COMPATIBILITY IDEOGRAPH-2F99F;Lo;0;L;8457;;;;N;;;;; +2F9A0;CJK COMPATIBILITY IDEOGRAPH-2F9A0;Lo;0;L;8353;;;;N;;;;; +2F9A1;CJK COMPATIBILITY IDEOGRAPH-2F9A1;Lo;0;L;83CA;;;;N;;;;; +2F9A2;CJK COMPATIBILITY IDEOGRAPH-2F9A2;Lo;0;L;83CC;;;;N;;;;; +2F9A3;CJK COMPATIBILITY IDEOGRAPH-2F9A3;Lo;0;L;83DC;;;;N;;;;; +2F9A4;CJK COMPATIBILITY IDEOGRAPH-2F9A4;Lo;0;L;26C36;;;;N;;;;; +2F9A5;CJK COMPATIBILITY IDEOGRAPH-2F9A5;Lo;0;L;26D6B;;;;N;;;;; +2F9A6;CJK COMPATIBILITY IDEOGRAPH-2F9A6;Lo;0;L;26CD5;;;;N;;;;; +2F9A7;CJK COMPATIBILITY IDEOGRAPH-2F9A7;Lo;0;L;452B;;;;N;;;;; +2F9A8;CJK COMPATIBILITY IDEOGRAPH-2F9A8;Lo;0;L;84F1;;;;N;;;;; +2F9A9;CJK COMPATIBILITY IDEOGRAPH-2F9A9;Lo;0;L;84F3;;;;N;;;;; +2F9AA;CJK COMPATIBILITY IDEOGRAPH-2F9AA;Lo;0;L;8516;;;;N;;;;; +2F9AB;CJK COMPATIBILITY IDEOGRAPH-2F9AB;Lo;0;L;273CA;;;;N;;;;; +2F9AC;CJK COMPATIBILITY IDEOGRAPH-2F9AC;Lo;0;L;8564;;;;N;;;;; +2F9AD;CJK COMPATIBILITY IDEOGRAPH-2F9AD;Lo;0;L;26F2C;;;;N;;;;; +2F9AE;CJK COMPATIBILITY IDEOGRAPH-2F9AE;Lo;0;L;455D;;;;N;;;;; +2F9AF;CJK COMPATIBILITY IDEOGRAPH-2F9AF;Lo;0;L;4561;;;;N;;;;; +2F9B0;CJK COMPATIBILITY IDEOGRAPH-2F9B0;Lo;0;L;26FB1;;;;N;;;;; +2F9B1;CJK COMPATIBILITY IDEOGRAPH-2F9B1;Lo;0;L;270D2;;;;N;;;;; +2F9B2;CJK COMPATIBILITY IDEOGRAPH-2F9B2;Lo;0;L;456B;;;;N;;;;; +2F9B3;CJK COMPATIBILITY IDEOGRAPH-2F9B3;Lo;0;L;8650;;;;N;;;;; +2F9B4;CJK COMPATIBILITY IDEOGRAPH-2F9B4;Lo;0;L;865C;;;;N;;;;; +2F9B5;CJK COMPATIBILITY IDEOGRAPH-2F9B5;Lo;0;L;8667;;;;N;;;;; +2F9B6;CJK COMPATIBILITY IDEOGRAPH-2F9B6;Lo;0;L;8669;;;;N;;;;; +2F9B7;CJK COMPATIBILITY IDEOGRAPH-2F9B7;Lo;0;L;86A9;;;;N;;;;; +2F9B8;CJK COMPATIBILITY IDEOGRAPH-2F9B8;Lo;0;L;8688;;;;N;;;;; +2F9B9;CJK COMPATIBILITY IDEOGRAPH-2F9B9;Lo;0;L;870E;;;;N;;;;; +2F9BA;CJK COMPATIBILITY IDEOGRAPH-2F9BA;Lo;0;L;86E2;;;;N;;;;; +2F9BB;CJK COMPATIBILITY IDEOGRAPH-2F9BB;Lo;0;L;8779;;;;N;;;;; +2F9BC;CJK COMPATIBILITY IDEOGRAPH-2F9BC;Lo;0;L;8728;;;;N;;;;; +2F9BD;CJK COMPATIBILITY IDEOGRAPH-2F9BD;Lo;0;L;876B;;;;N;;;;; +2F9BE;CJK COMPATIBILITY IDEOGRAPH-2F9BE;Lo;0;L;8786;;;;N;;;;; +2F9BF;CJK COMPATIBILITY IDEOGRAPH-2F9BF;Lo;0;L;45D7;;;;N;;;;; +2F9C0;CJK COMPATIBILITY IDEOGRAPH-2F9C0;Lo;0;L;87E1;;;;N;;;;; +2F9C1;CJK COMPATIBILITY IDEOGRAPH-2F9C1;Lo;0;L;8801;;;;N;;;;; +2F9C2;CJK COMPATIBILITY IDEOGRAPH-2F9C2;Lo;0;L;45F9;;;;N;;;;; +2F9C3;CJK COMPATIBILITY IDEOGRAPH-2F9C3;Lo;0;L;8860;;;;N;;;;; +2F9C4;CJK COMPATIBILITY IDEOGRAPH-2F9C4;Lo;0;L;8863;;;;N;;;;; +2F9C5;CJK COMPATIBILITY IDEOGRAPH-2F9C5;Lo;0;L;27667;;;;N;;;;; +2F9C6;CJK COMPATIBILITY IDEOGRAPH-2F9C6;Lo;0;L;88D7;;;;N;;;;; +2F9C7;CJK COMPATIBILITY IDEOGRAPH-2F9C7;Lo;0;L;88DE;;;;N;;;;; +2F9C8;CJK COMPATIBILITY IDEOGRAPH-2F9C8;Lo;0;L;4635;;;;N;;;;; +2F9C9;CJK COMPATIBILITY IDEOGRAPH-2F9C9;Lo;0;L;88FA;;;;N;;;;; +2F9CA;CJK COMPATIBILITY IDEOGRAPH-2F9CA;Lo;0;L;34BB;;;;N;;;;; +2F9CB;CJK COMPATIBILITY IDEOGRAPH-2F9CB;Lo;0;L;278AE;;;;N;;;;; +2F9CC;CJK COMPATIBILITY IDEOGRAPH-2F9CC;Lo;0;L;27966;;;;N;;;;; +2F9CD;CJK COMPATIBILITY IDEOGRAPH-2F9CD;Lo;0;L;46BE;;;;N;;;;; +2F9CE;CJK COMPATIBILITY IDEOGRAPH-2F9CE;Lo;0;L;46C7;;;;N;;;;; +2F9CF;CJK COMPATIBILITY IDEOGRAPH-2F9CF;Lo;0;L;8AA0;;;;N;;;;; +2F9D0;CJK COMPATIBILITY IDEOGRAPH-2F9D0;Lo;0;L;8AED;;;;N;;;;; +2F9D1;CJK COMPATIBILITY IDEOGRAPH-2F9D1;Lo;0;L;8B8A;;;;N;;;;; +2F9D2;CJK COMPATIBILITY IDEOGRAPH-2F9D2;Lo;0;L;8C55;;;;N;;;;; +2F9D3;CJK COMPATIBILITY IDEOGRAPH-2F9D3;Lo;0;L;27CA8;;;;N;;;;; +2F9D4;CJK COMPATIBILITY IDEOGRAPH-2F9D4;Lo;0;L;8CAB;;;;N;;;;; +2F9D5;CJK COMPATIBILITY IDEOGRAPH-2F9D5;Lo;0;L;8CC1;;;;N;;;;; +2F9D6;CJK COMPATIBILITY IDEOGRAPH-2F9D6;Lo;0;L;8D1B;;;;N;;;;; +2F9D7;CJK COMPATIBILITY IDEOGRAPH-2F9D7;Lo;0;L;8D77;;;;N;;;;; +2F9D8;CJK COMPATIBILITY IDEOGRAPH-2F9D8;Lo;0;L;27F2F;;;;N;;;;; +2F9D9;CJK COMPATIBILITY IDEOGRAPH-2F9D9;Lo;0;L;20804;;;;N;;;;; +2F9DA;CJK COMPATIBILITY IDEOGRAPH-2F9DA;Lo;0;L;8DCB;;;;N;;;;; +2F9DB;CJK COMPATIBILITY IDEOGRAPH-2F9DB;Lo;0;L;8DBC;;;;N;;;;; +2F9DC;CJK COMPATIBILITY IDEOGRAPH-2F9DC;Lo;0;L;8DF0;;;;N;;;;; +2F9DD;CJK COMPATIBILITY IDEOGRAPH-2F9DD;Lo;0;L;208DE;;;;N;;;;; +2F9DE;CJK COMPATIBILITY IDEOGRAPH-2F9DE;Lo;0;L;8ED4;;;;N;;;;; +2F9DF;CJK COMPATIBILITY IDEOGRAPH-2F9DF;Lo;0;L;8F38;;;;N;;;;; +2F9E0;CJK COMPATIBILITY IDEOGRAPH-2F9E0;Lo;0;L;285D2;;;;N;;;;; +2F9E1;CJK COMPATIBILITY IDEOGRAPH-2F9E1;Lo;0;L;285ED;;;;N;;;;; +2F9E2;CJK COMPATIBILITY IDEOGRAPH-2F9E2;Lo;0;L;9094;;;;N;;;;; +2F9E3;CJK COMPATIBILITY IDEOGRAPH-2F9E3;Lo;0;L;90F1;;;;N;;;;; +2F9E4;CJK COMPATIBILITY IDEOGRAPH-2F9E4;Lo;0;L;9111;;;;N;;;;; +2F9E5;CJK COMPATIBILITY IDEOGRAPH-2F9E5;Lo;0;L;2872E;;;;N;;;;; +2F9E6;CJK COMPATIBILITY IDEOGRAPH-2F9E6;Lo;0;L;911B;;;;N;;;;; +2F9E7;CJK COMPATIBILITY IDEOGRAPH-2F9E7;Lo;0;L;9238;;;;N;;;;; +2F9E8;CJK COMPATIBILITY IDEOGRAPH-2F9E8;Lo;0;L;92D7;;;;N;;;;; +2F9E9;CJK COMPATIBILITY IDEOGRAPH-2F9E9;Lo;0;L;92D8;;;;N;;;;; +2F9EA;CJK COMPATIBILITY IDEOGRAPH-2F9EA;Lo;0;L;927C;;;;N;;;;; +2F9EB;CJK COMPATIBILITY IDEOGRAPH-2F9EB;Lo;0;L;93F9;;;;N;;;;; +2F9EC;CJK COMPATIBILITY IDEOGRAPH-2F9EC;Lo;0;L;9415;;;;N;;;;; +2F9ED;CJK COMPATIBILITY IDEOGRAPH-2F9ED;Lo;0;L;28BFA;;;;N;;;;; +2F9EE;CJK COMPATIBILITY IDEOGRAPH-2F9EE;Lo;0;L;958B;;;;N;;;;; +2F9EF;CJK COMPATIBILITY IDEOGRAPH-2F9EF;Lo;0;L;4995;;;;N;;;;; +2F9F0;CJK COMPATIBILITY IDEOGRAPH-2F9F0;Lo;0;L;95B7;;;;N;;;;; +2F9F1;CJK COMPATIBILITY IDEOGRAPH-2F9F1;Lo;0;L;28D77;;;;N;;;;; +2F9F2;CJK COMPATIBILITY IDEOGRAPH-2F9F2;Lo;0;L;49E6;;;;N;;;;; +2F9F3;CJK COMPATIBILITY IDEOGRAPH-2F9F3;Lo;0;L;96C3;;;;N;;;;; +2F9F4;CJK COMPATIBILITY IDEOGRAPH-2F9F4;Lo;0;L;5DB2;;;;N;;;;; +2F9F5;CJK COMPATIBILITY IDEOGRAPH-2F9F5;Lo;0;L;9723;;;;N;;;;; +2F9F6;CJK COMPATIBILITY IDEOGRAPH-2F9F6;Lo;0;L;29145;;;;N;;;;; +2F9F7;CJK COMPATIBILITY IDEOGRAPH-2F9F7;Lo;0;L;2921A;;;;N;;;;; +2F9F8;CJK COMPATIBILITY IDEOGRAPH-2F9F8;Lo;0;L;4A6E;;;;N;;;;; +2F9F9;CJK COMPATIBILITY IDEOGRAPH-2F9F9;Lo;0;L;4A76;;;;N;;;;; +2F9FA;CJK COMPATIBILITY IDEOGRAPH-2F9FA;Lo;0;L;97E0;;;;N;;;;; +2F9FB;CJK COMPATIBILITY IDEOGRAPH-2F9FB;Lo;0;L;2940A;;;;N;;;;; +2F9FC;CJK COMPATIBILITY IDEOGRAPH-2F9FC;Lo;0;L;4AB2;;;;N;;;;; +2F9FD;CJK COMPATIBILITY IDEOGRAPH-2F9FD;Lo;0;L;29496;;;;N;;;;; +2F9FE;CJK COMPATIBILITY IDEOGRAPH-2F9FE;Lo;0;L;980B;;;;N;;;;; +2F9FF;CJK COMPATIBILITY IDEOGRAPH-2F9FF;Lo;0;L;980B;;;;N;;;;; +2FA00;CJK COMPATIBILITY IDEOGRAPH-2FA00;Lo;0;L;9829;;;;N;;;;; +2FA01;CJK COMPATIBILITY IDEOGRAPH-2FA01;Lo;0;L;295B6;;;;N;;;;; +2FA02;CJK COMPATIBILITY IDEOGRAPH-2FA02;Lo;0;L;98E2;;;;N;;;;; +2FA03;CJK COMPATIBILITY IDEOGRAPH-2FA03;Lo;0;L;4B33;;;;N;;;;; +2FA04;CJK COMPATIBILITY IDEOGRAPH-2FA04;Lo;0;L;9929;;;;N;;;;; +2FA05;CJK COMPATIBILITY IDEOGRAPH-2FA05;Lo;0;L;99A7;;;;N;;;;; +2FA06;CJK COMPATIBILITY IDEOGRAPH-2FA06;Lo;0;L;99C2;;;;N;;;;; +2FA07;CJK COMPATIBILITY IDEOGRAPH-2FA07;Lo;0;L;99FE;;;;N;;;;; +2FA08;CJK COMPATIBILITY IDEOGRAPH-2FA08;Lo;0;L;4BCE;;;;N;;;;; +2FA09;CJK COMPATIBILITY IDEOGRAPH-2FA09;Lo;0;L;29B30;;;;N;;;;; +2FA0A;CJK COMPATIBILITY IDEOGRAPH-2FA0A;Lo;0;L;9B12;;;;N;;;;; +2FA0B;CJK COMPATIBILITY IDEOGRAPH-2FA0B;Lo;0;L;9C40;;;;N;;;;; +2FA0C;CJK COMPATIBILITY IDEOGRAPH-2FA0C;Lo;0;L;9CFD;;;;N;;;;; +2FA0D;CJK COMPATIBILITY IDEOGRAPH-2FA0D;Lo;0;L;4CCE;;;;N;;;;; +2FA0E;CJK COMPATIBILITY IDEOGRAPH-2FA0E;Lo;0;L;4CED;;;;N;;;;; +2FA0F;CJK COMPATIBILITY IDEOGRAPH-2FA0F;Lo;0;L;9D67;;;;N;;;;; +2FA10;CJK COMPATIBILITY IDEOGRAPH-2FA10;Lo;0;L;2A0CE;;;;N;;;;; +2FA11;CJK COMPATIBILITY IDEOGRAPH-2FA11;Lo;0;L;4CF8;;;;N;;;;; +2FA12;CJK COMPATIBILITY IDEOGRAPH-2FA12;Lo;0;L;2A105;;;;N;;;;; +2FA13;CJK COMPATIBILITY IDEOGRAPH-2FA13;Lo;0;L;2A20E;;;;N;;;;; +2FA14;CJK COMPATIBILITY IDEOGRAPH-2FA14;Lo;0;L;2A291;;;;N;;;;; +2FA15;CJK COMPATIBILITY IDEOGRAPH-2FA15;Lo;0;L;9EBB;;;;N;;;;; +2FA16;CJK COMPATIBILITY IDEOGRAPH-2FA16;Lo;0;L;4D56;;;;N;;;;; +2FA17;CJK COMPATIBILITY IDEOGRAPH-2FA17;Lo;0;L;9EF9;;;;N;;;;; +2FA18;CJK COMPATIBILITY IDEOGRAPH-2FA18;Lo;0;L;9EFE;;;;N;;;;; +2FA19;CJK COMPATIBILITY IDEOGRAPH-2FA19;Lo;0;L;9F05;;;;N;;;;; +2FA1A;CJK COMPATIBILITY IDEOGRAPH-2FA1A;Lo;0;L;9F0F;;;;N;;;;; +2FA1B;CJK COMPATIBILITY IDEOGRAPH-2FA1B;Lo;0;L;9F16;;;;N;;;;; +2FA1C;CJK COMPATIBILITY IDEOGRAPH-2FA1C;Lo;0;L;9F3B;;;;N;;;;; +2FA1D;CJK COMPATIBILITY IDEOGRAPH-2FA1D;Lo;0;L;2A600;;;;N;;;;; +E0001;LANGUAGE TAG;Cf;0;BN;;;;;N;;;;; +E0020;TAG SPACE;Cf;0;BN;;;;;N;;;;; +E0021;TAG EXCLAMATION MARK;Cf;0;BN;;;;;N;;;;; +E0022;TAG QUOTATION MARK;Cf;0;BN;;;;;N;;;;; +E0023;TAG NUMBER SIGN;Cf;0;BN;;;;;N;;;;; +E0024;TAG DOLLAR SIGN;Cf;0;BN;;;;;N;;;;; +E0025;TAG PERCENT SIGN;Cf;0;BN;;;;;N;;;;; +E0026;TAG AMPERSAND;Cf;0;BN;;;;;N;;;;; +E0027;TAG APOSTROPHE;Cf;0;BN;;;;;N;;;;; +E0028;TAG LEFT PARENTHESIS;Cf;0;BN;;;;;N;;;;; +E0029;TAG RIGHT PARENTHESIS;Cf;0;BN;;;;;N;;;;; +E002A;TAG ASTERISK;Cf;0;BN;;;;;N;;;;; +E002B;TAG PLUS SIGN;Cf;0;BN;;;;;N;;;;; +E002C;TAG COMMA;Cf;0;BN;;;;;N;;;;; +E002D;TAG HYPHEN-MINUS;Cf;0;BN;;;;;N;;;;; +E002E;TAG FULL STOP;Cf;0;BN;;;;;N;;;;; +E002F;TAG SOLIDUS;Cf;0;BN;;;;;N;;;;; +E0030;TAG DIGIT ZERO;Cf;0;BN;;;;;N;;;;; +E0031;TAG DIGIT ONE;Cf;0;BN;;;;;N;;;;; +E0032;TAG DIGIT TWO;Cf;0;BN;;;;;N;;;;; +E0033;TAG DIGIT THREE;Cf;0;BN;;;;;N;;;;; +E0034;TAG DIGIT FOUR;Cf;0;BN;;;;;N;;;;; +E0035;TAG DIGIT FIVE;Cf;0;BN;;;;;N;;;;; +E0036;TAG DIGIT SIX;Cf;0;BN;;;;;N;;;;; +E0037;TAG DIGIT SEVEN;Cf;0;BN;;;;;N;;;;; +E0038;TAG DIGIT EIGHT;Cf;0;BN;;;;;N;;;;; +E0039;TAG DIGIT NINE;Cf;0;BN;;;;;N;;;;; +E003A;TAG COLON;Cf;0;BN;;;;;N;;;;; +E003B;TAG SEMICOLON;Cf;0;BN;;;;;N;;;;; +E003C;TAG LESS-THAN SIGN;Cf;0;BN;;;;;N;;;;; +E003D;TAG EQUALS SIGN;Cf;0;BN;;;;;N;;;;; +E003E;TAG GREATER-THAN SIGN;Cf;0;BN;;;;;N;;;;; +E003F;TAG QUESTION MARK;Cf;0;BN;;;;;N;;;;; +E0040;TAG COMMERCIAL AT;Cf;0;BN;;;;;N;;;;; +E0041;TAG LATIN CAPITAL LETTER A;Cf;0;BN;;;;;N;;;;; +E0042;TAG LATIN CAPITAL LETTER B;Cf;0;BN;;;;;N;;;;; +E0043;TAG LATIN CAPITAL LETTER C;Cf;0;BN;;;;;N;;;;; +E0044;TAG LATIN CAPITAL LETTER D;Cf;0;BN;;;;;N;;;;; +E0045;TAG LATIN CAPITAL LETTER E;Cf;0;BN;;;;;N;;;;; +E0046;TAG LATIN CAPITAL LETTER F;Cf;0;BN;;;;;N;;;;; +E0047;TAG LATIN CAPITAL LETTER G;Cf;0;BN;;;;;N;;;;; +E0048;TAG LATIN CAPITAL LETTER H;Cf;0;BN;;;;;N;;;;; +E0049;TAG LATIN CAPITAL LETTER I;Cf;0;BN;;;;;N;;;;; +E004A;TAG LATIN CAPITAL LETTER J;Cf;0;BN;;;;;N;;;;; +E004B;TAG LATIN CAPITAL LETTER K;Cf;0;BN;;;;;N;;;;; +E004C;TAG LATIN CAPITAL LETTER L;Cf;0;BN;;;;;N;;;;; +E004D;TAG LATIN CAPITAL LETTER M;Cf;0;BN;;;;;N;;;;; +E004E;TAG LATIN CAPITAL LETTER N;Cf;0;BN;;;;;N;;;;; +E004F;TAG LATIN CAPITAL LETTER O;Cf;0;BN;;;;;N;;;;; +E0050;TAG LATIN CAPITAL LETTER P;Cf;0;BN;;;;;N;;;;; +E0051;TAG LATIN CAPITAL LETTER Q;Cf;0;BN;;;;;N;;;;; +E0052;TAG LATIN CAPITAL LETTER R;Cf;0;BN;;;;;N;;;;; +E0053;TAG LATIN CAPITAL LETTER S;Cf;0;BN;;;;;N;;;;; +E0054;TAG LATIN CAPITAL LETTER T;Cf;0;BN;;;;;N;;;;; +E0055;TAG LATIN CAPITAL LETTER U;Cf;0;BN;;;;;N;;;;; +E0056;TAG LATIN CAPITAL LETTER V;Cf;0;BN;;;;;N;;;;; +E0057;TAG LATIN CAPITAL LETTER W;Cf;0;BN;;;;;N;;;;; +E0058;TAG LATIN CAPITAL LETTER X;Cf;0;BN;;;;;N;;;;; +E0059;TAG LATIN CAPITAL LETTER Y;Cf;0;BN;;;;;N;;;;; +E005A;TAG LATIN CAPITAL LETTER Z;Cf;0;BN;;;;;N;;;;; +E005B;TAG LEFT SQUARE BRACKET;Cf;0;BN;;;;;N;;;;; +E005C;TAG REVERSE SOLIDUS;Cf;0;BN;;;;;N;;;;; +E005D;TAG RIGHT SQUARE BRACKET;Cf;0;BN;;;;;N;;;;; +E005E;TAG CIRCUMFLEX ACCENT;Cf;0;BN;;;;;N;;;;; +E005F;TAG LOW LINE;Cf;0;BN;;;;;N;;;;; +E0060;TAG GRAVE ACCENT;Cf;0;BN;;;;;N;;;;; +E0061;TAG LATIN SMALL LETTER A;Cf;0;BN;;;;;N;;;;; +E0062;TAG LATIN SMALL LETTER B;Cf;0;BN;;;;;N;;;;; +E0063;TAG LATIN SMALL LETTER C;Cf;0;BN;;;;;N;;;;; +E0064;TAG LATIN SMALL LETTER D;Cf;0;BN;;;;;N;;;;; +E0065;TAG LATIN SMALL LETTER E;Cf;0;BN;;;;;N;;;;; +E0066;TAG LATIN SMALL LETTER F;Cf;0;BN;;;;;N;;;;; +E0067;TAG LATIN SMALL LETTER G;Cf;0;BN;;;;;N;;;;; +E0068;TAG LATIN SMALL LETTER H;Cf;0;BN;;;;;N;;;;; +E0069;TAG LATIN SMALL LETTER I;Cf;0;BN;;;;;N;;;;; +E006A;TAG LATIN SMALL LETTER J;Cf;0;BN;;;;;N;;;;; +E006B;TAG LATIN SMALL LETTER K;Cf;0;BN;;;;;N;;;;; +E006C;TAG LATIN SMALL LETTER L;Cf;0;BN;;;;;N;;;;; +E006D;TAG LATIN SMALL LETTER M;Cf;0;BN;;;;;N;;;;; +E006E;TAG LATIN SMALL LETTER N;Cf;0;BN;;;;;N;;;;; +E006F;TAG LATIN SMALL LETTER O;Cf;0;BN;;;;;N;;;;; +E0070;TAG LATIN SMALL LETTER P;Cf;0;BN;;;;;N;;;;; +E0071;TAG LATIN SMALL LETTER Q;Cf;0;BN;;;;;N;;;;; +E0072;TAG LATIN SMALL LETTER R;Cf;0;BN;;;;;N;;;;; +E0073;TAG LATIN SMALL LETTER S;Cf;0;BN;;;;;N;;;;; +E0074;TAG LATIN SMALL LETTER T;Cf;0;BN;;;;;N;;;;; +E0075;TAG LATIN SMALL LETTER U;Cf;0;BN;;;;;N;;;;; +E0076;TAG LATIN SMALL LETTER V;Cf;0;BN;;;;;N;;;;; +E0077;TAG LATIN SMALL LETTER W;Cf;0;BN;;;;;N;;;;; +E0078;TAG LATIN SMALL LETTER X;Cf;0;BN;;;;;N;;;;; +E0079;TAG LATIN SMALL LETTER Y;Cf;0;BN;;;;;N;;;;; +E007A;TAG LATIN SMALL LETTER Z;Cf;0;BN;;;;;N;;;;; +E007B;TAG LEFT CURLY BRACKET;Cf;0;BN;;;;;N;;;;; +E007C;TAG VERTICAL LINE;Cf;0;BN;;;;;N;;;;; +E007D;TAG RIGHT CURLY BRACKET;Cf;0;BN;;;;;N;;;;; +E007E;TAG TILDE;Cf;0;BN;;;;;N;;;;; +E007F;CANCEL TAG;Cf;0;BN;;;;;N;;;;; +E0100;VARIATION SELECTOR-17;Mn;0;NSM;;;;;N;;;;; +E0101;VARIATION SELECTOR-18;Mn;0;NSM;;;;;N;;;;; +E0102;VARIATION SELECTOR-19;Mn;0;NSM;;;;;N;;;;; +E0103;VARIATION SELECTOR-20;Mn;0;NSM;;;;;N;;;;; +E0104;VARIATION SELECTOR-21;Mn;0;NSM;;;;;N;;;;; +E0105;VARIATION SELECTOR-22;Mn;0;NSM;;;;;N;;;;; +E0106;VARIATION SELECTOR-23;Mn;0;NSM;;;;;N;;;;; +E0107;VARIATION SELECTOR-24;Mn;0;NSM;;;;;N;;;;; +E0108;VARIATION SELECTOR-25;Mn;0;NSM;;;;;N;;;;; +E0109;VARIATION SELECTOR-26;Mn;0;NSM;;;;;N;;;;; +E010A;VARIATION SELECTOR-27;Mn;0;NSM;;;;;N;;;;; +E010B;VARIATION SELECTOR-28;Mn;0;NSM;;;;;N;;;;; +E010C;VARIATION SELECTOR-29;Mn;0;NSM;;;;;N;;;;; +E010D;VARIATION SELECTOR-30;Mn;0;NSM;;;;;N;;;;; +E010E;VARIATION SELECTOR-31;Mn;0;NSM;;;;;N;;;;; +E010F;VARIATION SELECTOR-32;Mn;0;NSM;;;;;N;;;;; +E0110;VARIATION SELECTOR-33;Mn;0;NSM;;;;;N;;;;; +E0111;VARIATION SELECTOR-34;Mn;0;NSM;;;;;N;;;;; +E0112;VARIATION SELECTOR-35;Mn;0;NSM;;;;;N;;;;; +E0113;VARIATION SELECTOR-36;Mn;0;NSM;;;;;N;;;;; +E0114;VARIATION SELECTOR-37;Mn;0;NSM;;;;;N;;;;; +E0115;VARIATION SELECTOR-38;Mn;0;NSM;;;;;N;;;;; +E0116;VARIATION SELECTOR-39;Mn;0;NSM;;;;;N;;;;; +E0117;VARIATION SELECTOR-40;Mn;0;NSM;;;;;N;;;;; +E0118;VARIATION SELECTOR-41;Mn;0;NSM;;;;;N;;;;; +E0119;VARIATION SELECTOR-42;Mn;0;NSM;;;;;N;;;;; +E011A;VARIATION SELECTOR-43;Mn;0;NSM;;;;;N;;;;; +E011B;VARIATION SELECTOR-44;Mn;0;NSM;;;;;N;;;;; +E011C;VARIATION SELECTOR-45;Mn;0;NSM;;;;;N;;;;; +E011D;VARIATION SELECTOR-46;Mn;0;NSM;;;;;N;;;;; +E011E;VARIATION SELECTOR-47;Mn;0;NSM;;;;;N;;;;; +E011F;VARIATION SELECTOR-48;Mn;0;NSM;;;;;N;;;;; +E0120;VARIATION SELECTOR-49;Mn;0;NSM;;;;;N;;;;; +E0121;VARIATION SELECTOR-50;Mn;0;NSM;;;;;N;;;;; +E0122;VARIATION SELECTOR-51;Mn;0;NSM;;;;;N;;;;; +E0123;VARIATION SELECTOR-52;Mn;0;NSM;;;;;N;;;;; +E0124;VARIATION SELECTOR-53;Mn;0;NSM;;;;;N;;;;; +E0125;VARIATION SELECTOR-54;Mn;0;NSM;;;;;N;;;;; +E0126;VARIATION SELECTOR-55;Mn;0;NSM;;;;;N;;;;; +E0127;VARIATION SELECTOR-56;Mn;0;NSM;;;;;N;;;;; +E0128;VARIATION SELECTOR-57;Mn;0;NSM;;;;;N;;;;; +E0129;VARIATION SELECTOR-58;Mn;0;NSM;;;;;N;;;;; +E012A;VARIATION SELECTOR-59;Mn;0;NSM;;;;;N;;;;; +E012B;VARIATION SELECTOR-60;Mn;0;NSM;;;;;N;;;;; +E012C;VARIATION SELECTOR-61;Mn;0;NSM;;;;;N;;;;; +E012D;VARIATION SELECTOR-62;Mn;0;NSM;;;;;N;;;;; +E012E;VARIATION SELECTOR-63;Mn;0;NSM;;;;;N;;;;; +E012F;VARIATION SELECTOR-64;Mn;0;NSM;;;;;N;;;;; +E0130;VARIATION SELECTOR-65;Mn;0;NSM;;;;;N;;;;; +E0131;VARIATION SELECTOR-66;Mn;0;NSM;;;;;N;;;;; +E0132;VARIATION SELECTOR-67;Mn;0;NSM;;;;;N;;;;; +E0133;VARIATION SELECTOR-68;Mn;0;NSM;;;;;N;;;;; +E0134;VARIATION SELECTOR-69;Mn;0;NSM;;;;;N;;;;; +E0135;VARIATION SELECTOR-70;Mn;0;NSM;;;;;N;;;;; +E0136;VARIATION SELECTOR-71;Mn;0;NSM;;;;;N;;;;; +E0137;VARIATION SELECTOR-72;Mn;0;NSM;;;;;N;;;;; +E0138;VARIATION SELECTOR-73;Mn;0;NSM;;;;;N;;;;; +E0139;VARIATION SELECTOR-74;Mn;0;NSM;;;;;N;;;;; +E013A;VARIATION SELECTOR-75;Mn;0;NSM;;;;;N;;;;; +E013B;VARIATION SELECTOR-76;Mn;0;NSM;;;;;N;;;;; +E013C;VARIATION SELECTOR-77;Mn;0;NSM;;;;;N;;;;; +E013D;VARIATION SELECTOR-78;Mn;0;NSM;;;;;N;;;;; +E013E;VARIATION SELECTOR-79;Mn;0;NSM;;;;;N;;;;; +E013F;VARIATION SELECTOR-80;Mn;0;NSM;;;;;N;;;;; +E0140;VARIATION SELECTOR-81;Mn;0;NSM;;;;;N;;;;; +E0141;VARIATION SELECTOR-82;Mn;0;NSM;;;;;N;;;;; +E0142;VARIATION SELECTOR-83;Mn;0;NSM;;;;;N;;;;; +E0143;VARIATION SELECTOR-84;Mn;0;NSM;;;;;N;;;;; +E0144;VARIATION SELECTOR-85;Mn;0;NSM;;;;;N;;;;; +E0145;VARIATION SELECTOR-86;Mn;0;NSM;;;;;N;;;;; +E0146;VARIATION SELECTOR-87;Mn;0;NSM;;;;;N;;;;; +E0147;VARIATION SELECTOR-88;Mn;0;NSM;;;;;N;;;;; +E0148;VARIATION SELECTOR-89;Mn;0;NSM;;;;;N;;;;; +E0149;VARIATION SELECTOR-90;Mn;0;NSM;;;;;N;;;;; +E014A;VARIATION SELECTOR-91;Mn;0;NSM;;;;;N;;;;; +E014B;VARIATION SELECTOR-92;Mn;0;NSM;;;;;N;;;;; +E014C;VARIATION SELECTOR-93;Mn;0;NSM;;;;;N;;;;; +E014D;VARIATION SELECTOR-94;Mn;0;NSM;;;;;N;;;;; +E014E;VARIATION SELECTOR-95;Mn;0;NSM;;;;;N;;;;; +E014F;VARIATION SELECTOR-96;Mn;0;NSM;;;;;N;;;;; +E0150;VARIATION SELECTOR-97;Mn;0;NSM;;;;;N;;;;; +E0151;VARIATION SELECTOR-98;Mn;0;NSM;;;;;N;;;;; +E0152;VARIATION SELECTOR-99;Mn;0;NSM;;;;;N;;;;; +E0153;VARIATION SELECTOR-100;Mn;0;NSM;;;;;N;;;;; +E0154;VARIATION SELECTOR-101;Mn;0;NSM;;;;;N;;;;; +E0155;VARIATION SELECTOR-102;Mn;0;NSM;;;;;N;;;;; +E0156;VARIATION SELECTOR-103;Mn;0;NSM;;;;;N;;;;; +E0157;VARIATION SELECTOR-104;Mn;0;NSM;;;;;N;;;;; +E0158;VARIATION SELECTOR-105;Mn;0;NSM;;;;;N;;;;; +E0159;VARIATION SELECTOR-106;Mn;0;NSM;;;;;N;;;;; +E015A;VARIATION SELECTOR-107;Mn;0;NSM;;;;;N;;;;; +E015B;VARIATION SELECTOR-108;Mn;0;NSM;;;;;N;;;;; +E015C;VARIATION SELECTOR-109;Mn;0;NSM;;;;;N;;;;; +E015D;VARIATION SELECTOR-110;Mn;0;NSM;;;;;N;;;;; +E015E;VARIATION SELECTOR-111;Mn;0;NSM;;;;;N;;;;; +E015F;VARIATION SELECTOR-112;Mn;0;NSM;;;;;N;;;;; +E0160;VARIATION SELECTOR-113;Mn;0;NSM;;;;;N;;;;; +E0161;VARIATION SELECTOR-114;Mn;0;NSM;;;;;N;;;;; +E0162;VARIATION SELECTOR-115;Mn;0;NSM;;;;;N;;;;; +E0163;VARIATION SELECTOR-116;Mn;0;NSM;;;;;N;;;;; +E0164;VARIATION SELECTOR-117;Mn;0;NSM;;;;;N;;;;; +E0165;VARIATION SELECTOR-118;Mn;0;NSM;;;;;N;;;;; +E0166;VARIATION SELECTOR-119;Mn;0;NSM;;;;;N;;;;; +E0167;VARIATION SELECTOR-120;Mn;0;NSM;;;;;N;;;;; +E0168;VARIATION SELECTOR-121;Mn;0;NSM;;;;;N;;;;; +E0169;VARIATION SELECTOR-122;Mn;0;NSM;;;;;N;;;;; +E016A;VARIATION SELECTOR-123;Mn;0;NSM;;;;;N;;;;; +E016B;VARIATION SELECTOR-124;Mn;0;NSM;;;;;N;;;;; +E016C;VARIATION SELECTOR-125;Mn;0;NSM;;;;;N;;;;; +E016D;VARIATION SELECTOR-126;Mn;0;NSM;;;;;N;;;;; +E016E;VARIATION SELECTOR-127;Mn;0;NSM;;;;;N;;;;; +E016F;VARIATION SELECTOR-128;Mn;0;NSM;;;;;N;;;;; +E0170;VARIATION SELECTOR-129;Mn;0;NSM;;;;;N;;;;; +E0171;VARIATION SELECTOR-130;Mn;0;NSM;;;;;N;;;;; +E0172;VARIATION SELECTOR-131;Mn;0;NSM;;;;;N;;;;; +E0173;VARIATION SELECTOR-132;Mn;0;NSM;;;;;N;;;;; +E0174;VARIATION SELECTOR-133;Mn;0;NSM;;;;;N;;;;; +E0175;VARIATION SELECTOR-134;Mn;0;NSM;;;;;N;;;;; +E0176;VARIATION SELECTOR-135;Mn;0;NSM;;;;;N;;;;; +E0177;VARIATION SELECTOR-136;Mn;0;NSM;;;;;N;;;;; +E0178;VARIATION SELECTOR-137;Mn;0;NSM;;;;;N;;;;; +E0179;VARIATION SELECTOR-138;Mn;0;NSM;;;;;N;;;;; +E017A;VARIATION SELECTOR-139;Mn;0;NSM;;;;;N;;;;; +E017B;VARIATION SELECTOR-140;Mn;0;NSM;;;;;N;;;;; +E017C;VARIATION SELECTOR-141;Mn;0;NSM;;;;;N;;;;; +E017D;VARIATION SELECTOR-142;Mn;0;NSM;;;;;N;;;;; +E017E;VARIATION SELECTOR-143;Mn;0;NSM;;;;;N;;;;; +E017F;VARIATION SELECTOR-144;Mn;0;NSM;;;;;N;;;;; +E0180;VARIATION SELECTOR-145;Mn;0;NSM;;;;;N;;;;; +E0181;VARIATION SELECTOR-146;Mn;0;NSM;;;;;N;;;;; +E0182;VARIATION SELECTOR-147;Mn;0;NSM;;;;;N;;;;; +E0183;VARIATION SELECTOR-148;Mn;0;NSM;;;;;N;;;;; +E0184;VARIATION SELECTOR-149;Mn;0;NSM;;;;;N;;;;; +E0185;VARIATION SELECTOR-150;Mn;0;NSM;;;;;N;;;;; +E0186;VARIATION SELECTOR-151;Mn;0;NSM;;;;;N;;;;; +E0187;VARIATION SELECTOR-152;Mn;0;NSM;;;;;N;;;;; +E0188;VARIATION SELECTOR-153;Mn;0;NSM;;;;;N;;;;; +E0189;VARIATION SELECTOR-154;Mn;0;NSM;;;;;N;;;;; +E018A;VARIATION SELECTOR-155;Mn;0;NSM;;;;;N;;;;; +E018B;VARIATION SELECTOR-156;Mn;0;NSM;;;;;N;;;;; +E018C;VARIATION SELECTOR-157;Mn;0;NSM;;;;;N;;;;; +E018D;VARIATION SELECTOR-158;Mn;0;NSM;;;;;N;;;;; +E018E;VARIATION SELECTOR-159;Mn;0;NSM;;;;;N;;;;; +E018F;VARIATION SELECTOR-160;Mn;0;NSM;;;;;N;;;;; +E0190;VARIATION SELECTOR-161;Mn;0;NSM;;;;;N;;;;; +E0191;VARIATION SELECTOR-162;Mn;0;NSM;;;;;N;;;;; +E0192;VARIATION SELECTOR-163;Mn;0;NSM;;;;;N;;;;; +E0193;VARIATION SELECTOR-164;Mn;0;NSM;;;;;N;;;;; +E0194;VARIATION SELECTOR-165;Mn;0;NSM;;;;;N;;;;; +E0195;VARIATION SELECTOR-166;Mn;0;NSM;;;;;N;;;;; +E0196;VARIATION SELECTOR-167;Mn;0;NSM;;;;;N;;;;; +E0197;VARIATION SELECTOR-168;Mn;0;NSM;;;;;N;;;;; +E0198;VARIATION SELECTOR-169;Mn;0;NSM;;;;;N;;;;; +E0199;VARIATION SELECTOR-170;Mn;0;NSM;;;;;N;;;;; +E019A;VARIATION SELECTOR-171;Mn;0;NSM;;;;;N;;;;; +E019B;VARIATION SELECTOR-172;Mn;0;NSM;;;;;N;;;;; +E019C;VARIATION SELECTOR-173;Mn;0;NSM;;;;;N;;;;; +E019D;VARIATION SELECTOR-174;Mn;0;NSM;;;;;N;;;;; +E019E;VARIATION SELECTOR-175;Mn;0;NSM;;;;;N;;;;; +E019F;VARIATION SELECTOR-176;Mn;0;NSM;;;;;N;;;;; +E01A0;VARIATION SELECTOR-177;Mn;0;NSM;;;;;N;;;;; +E01A1;VARIATION SELECTOR-178;Mn;0;NSM;;;;;N;;;;; +E01A2;VARIATION SELECTOR-179;Mn;0;NSM;;;;;N;;;;; +E01A3;VARIATION SELECTOR-180;Mn;0;NSM;;;;;N;;;;; +E01A4;VARIATION SELECTOR-181;Mn;0;NSM;;;;;N;;;;; +E01A5;VARIATION SELECTOR-182;Mn;0;NSM;;;;;N;;;;; +E01A6;VARIATION SELECTOR-183;Mn;0;NSM;;;;;N;;;;; +E01A7;VARIATION SELECTOR-184;Mn;0;NSM;;;;;N;;;;; +E01A8;VARIATION SELECTOR-185;Mn;0;NSM;;;;;N;;;;; +E01A9;VARIATION SELECTOR-186;Mn;0;NSM;;;;;N;;;;; +E01AA;VARIATION SELECTOR-187;Mn;0;NSM;;;;;N;;;;; +E01AB;VARIATION SELECTOR-188;Mn;0;NSM;;;;;N;;;;; +E01AC;VARIATION SELECTOR-189;Mn;0;NSM;;;;;N;;;;; +E01AD;VARIATION SELECTOR-190;Mn;0;NSM;;;;;N;;;;; +E01AE;VARIATION SELECTOR-191;Mn;0;NSM;;;;;N;;;;; +E01AF;VARIATION SELECTOR-192;Mn;0;NSM;;;;;N;;;;; +E01B0;VARIATION SELECTOR-193;Mn;0;NSM;;;;;N;;;;; +E01B1;VARIATION SELECTOR-194;Mn;0;NSM;;;;;N;;;;; +E01B2;VARIATION SELECTOR-195;Mn;0;NSM;;;;;N;;;;; +E01B3;VARIATION SELECTOR-196;Mn;0;NSM;;;;;N;;;;; +E01B4;VARIATION SELECTOR-197;Mn;0;NSM;;;;;N;;;;; +E01B5;VARIATION SELECTOR-198;Mn;0;NSM;;;;;N;;;;; +E01B6;VARIATION SELECTOR-199;Mn;0;NSM;;;;;N;;;;; +E01B7;VARIATION SELECTOR-200;Mn;0;NSM;;;;;N;;;;; +E01B8;VARIATION SELECTOR-201;Mn;0;NSM;;;;;N;;;;; +E01B9;VARIATION SELECTOR-202;Mn;0;NSM;;;;;N;;;;; +E01BA;VARIATION SELECTOR-203;Mn;0;NSM;;;;;N;;;;; +E01BB;VARIATION SELECTOR-204;Mn;0;NSM;;;;;N;;;;; +E01BC;VARIATION SELECTOR-205;Mn;0;NSM;;;;;N;;;;; +E01BD;VARIATION SELECTOR-206;Mn;0;NSM;;;;;N;;;;; +E01BE;VARIATION SELECTOR-207;Mn;0;NSM;;;;;N;;;;; +E01BF;VARIATION SELECTOR-208;Mn;0;NSM;;;;;N;;;;; +E01C0;VARIATION SELECTOR-209;Mn;0;NSM;;;;;N;;;;; +E01C1;VARIATION SELECTOR-210;Mn;0;NSM;;;;;N;;;;; +E01C2;VARIATION SELECTOR-211;Mn;0;NSM;;;;;N;;;;; +E01C3;VARIATION SELECTOR-212;Mn;0;NSM;;;;;N;;;;; +E01C4;VARIATION SELECTOR-213;Mn;0;NSM;;;;;N;;;;; +E01C5;VARIATION SELECTOR-214;Mn;0;NSM;;;;;N;;;;; +E01C6;VARIATION SELECTOR-215;Mn;0;NSM;;;;;N;;;;; +E01C7;VARIATION SELECTOR-216;Mn;0;NSM;;;;;N;;;;; +E01C8;VARIATION SELECTOR-217;Mn;0;NSM;;;;;N;;;;; +E01C9;VARIATION SELECTOR-218;Mn;0;NSM;;;;;N;;;;; +E01CA;VARIATION SELECTOR-219;Mn;0;NSM;;;;;N;;;;; +E01CB;VARIATION SELECTOR-220;Mn;0;NSM;;;;;N;;;;; +E01CC;VARIATION SELECTOR-221;Mn;0;NSM;;;;;N;;;;; +E01CD;VARIATION SELECTOR-222;Mn;0;NSM;;;;;N;;;;; +E01CE;VARIATION SELECTOR-223;Mn;0;NSM;;;;;N;;;;; +E01CF;VARIATION SELECTOR-224;Mn;0;NSM;;;;;N;;;;; +E01D0;VARIATION SELECTOR-225;Mn;0;NSM;;;;;N;;;;; +E01D1;VARIATION SELECTOR-226;Mn;0;NSM;;;;;N;;;;; +E01D2;VARIATION SELECTOR-227;Mn;0;NSM;;;;;N;;;;; +E01D3;VARIATION SELECTOR-228;Mn;0;NSM;;;;;N;;;;; +E01D4;VARIATION SELECTOR-229;Mn;0;NSM;;;;;N;;;;; +E01D5;VARIATION SELECTOR-230;Mn;0;NSM;;;;;N;;;;; +E01D6;VARIATION SELECTOR-231;Mn;0;NSM;;;;;N;;;;; +E01D7;VARIATION SELECTOR-232;Mn;0;NSM;;;;;N;;;;; +E01D8;VARIATION SELECTOR-233;Mn;0;NSM;;;;;N;;;;; +E01D9;VARIATION SELECTOR-234;Mn;0;NSM;;;;;N;;;;; +E01DA;VARIATION SELECTOR-235;Mn;0;NSM;;;;;N;;;;; +E01DB;VARIATION SELECTOR-236;Mn;0;NSM;;;;;N;;;;; +E01DC;VARIATION SELECTOR-237;Mn;0;NSM;;;;;N;;;;; +E01DD;VARIATION SELECTOR-238;Mn;0;NSM;;;;;N;;;;; +E01DE;VARIATION SELECTOR-239;Mn;0;NSM;;;;;N;;;;; +E01DF;VARIATION SELECTOR-240;Mn;0;NSM;;;;;N;;;;; +E01E0;VARIATION SELECTOR-241;Mn;0;NSM;;;;;N;;;;; +E01E1;VARIATION SELECTOR-242;Mn;0;NSM;;;;;N;;;;; +E01E2;VARIATION SELECTOR-243;Mn;0;NSM;;;;;N;;;;; +E01E3;VARIATION SELECTOR-244;Mn;0;NSM;;;;;N;;;;; +E01E4;VARIATION SELECTOR-245;Mn;0;NSM;;;;;N;;;;; +E01E5;VARIATION SELECTOR-246;Mn;0;NSM;;;;;N;;;;; +E01E6;VARIATION SELECTOR-247;Mn;0;NSM;;;;;N;;;;; +E01E7;VARIATION SELECTOR-248;Mn;0;NSM;;;;;N;;;;; +E01E8;VARIATION SELECTOR-249;Mn;0;NSM;;;;;N;;;;; +E01E9;VARIATION SELECTOR-250;Mn;0;NSM;;;;;N;;;;; +E01EA;VARIATION SELECTOR-251;Mn;0;NSM;;;;;N;;;;; +E01EB;VARIATION SELECTOR-252;Mn;0;NSM;;;;;N;;;;; +E01EC;VARIATION SELECTOR-253;Mn;0;NSM;;;;;N;;;;; +E01ED;VARIATION SELECTOR-254;Mn;0;NSM;;;;;N;;;;; +E01EE;VARIATION SELECTOR-255;Mn;0;NSM;;;;;N;;;;; +E01EF;VARIATION SELECTOR-256;Mn;0;NSM;;;;;N;;;;; +F0000;;Co;0;L;;;;;N;;;;; +FFFFD;;Co;0;L;;;;;N;;;;; +100000;;Co;0;L;;;;;N;;;;; +10FFFD;;Co;0;L;;;;;N;;;;; diff --git a/source4/heimdal/lib/wind/bidi_table.c b/source4/heimdal/lib/wind/bidi_table.c deleted file mode 100644 index 34530b933d..0000000000 --- a/source4/heimdal/lib/wind/bidi_table.c +++ /dev/null @@ -1,410 +0,0 @@ -/* bidi_table.c */ -/* Automatically generated at 2008-03-18T11:38:07.839291 */ - - -#include "bidi_table.h" - -const struct range_entry _wind_ral_table[] = { - {0x5be, 1}, - {0x5c0, 1}, - {0x5c3, 1}, - {0x5d0, 0x1b}, - {0x5f0, 0x5}, - {0x61b, 1}, - {0x61f, 1}, - {0x621, 0x1a}, - {0x640, 0xb}, - {0x66d, 0x3}, - {0x671, 0x65}, - {0x6dd, 1}, - {0x6e5, 0x2}, - {0x6fa, 0x5}, - {0x700, 0xe}, - {0x710, 1}, - {0x712, 0x1b}, - {0x780, 0x26}, - {0x7b1, 1}, - {0x200f, 1}, - {0xfb1d, 1}, - {0xfb1f, 0xa}, - {0xfb2a, 0xd}, - {0xfb38, 0x5}, - {0xfb3e, 1}, - {0xfb40, 0x2}, - {0xfb43, 0x2}, - {0xfb46, 0x6c}, - {0xfbd3, 0x16b}, - {0xfd50, 0x40}, - {0xfd92, 0x36}, - {0xfdf0, 0xd}, - {0xfe70, 0x5}, - {0xfe76, 0x87}, -}; - -const size_t _wind_ral_table_size = 34; - -const struct range_entry _wind_l_table[] = { - {0x41, 0x1a}, - {0x61, 0x1a}, - {0xaa, 1}, - {0xb5, 1}, - {0xba, 1}, - {0xc0, 0x17}, - {0xd8, 0x1f}, - {0xf8, 0x129}, - {0x222, 0x12}, - {0x250, 0x5e}, - {0x2b0, 0x9}, - {0x2bb, 0x7}, - {0x2d0, 0x2}, - {0x2e0, 0x5}, - {0x2ee, 1}, - {0x37a, 1}, - {0x386, 1}, - {0x388, 0x3}, - {0x38c, 1}, - {0x38e, 0x14}, - {0x3a3, 0x2c}, - {0x3d0, 0x26}, - {0x400, 0x83}, - {0x48a, 0x45}, - {0x4d0, 0x26}, - {0x4f8, 0x2}, - {0x500, 0x10}, - {0x531, 0x26}, - {0x559, 0x7}, - {0x561, 0x27}, - {0x589, 1}, - {0x903, 1}, - {0x905, 0x35}, - {0x93d, 0x4}, - {0x949, 0x4}, - {0x950, 1}, - {0x958, 0xa}, - {0x964, 0xd}, - {0x982, 0x2}, - {0x985, 0x8}, - {0x98f, 0x2}, - {0x993, 0x16}, - {0x9aa, 0x7}, - {0x9b2, 1}, - {0x9b6, 0x4}, - {0x9be, 0x3}, - {0x9c7, 0x2}, - {0x9cb, 0x2}, - {0x9d7, 1}, - {0x9dc, 0x2}, - {0x9df, 0x3}, - {0x9e6, 0xc}, - {0x9f4, 0x7}, - {0xa05, 0x6}, - {0xa0f, 0x2}, - {0xa13, 0x16}, - {0xa2a, 0x7}, - {0xa32, 0x2}, - {0xa35, 0x2}, - {0xa38, 0x2}, - {0xa3e, 0x3}, - {0xa59, 0x4}, - {0xa5e, 1}, - {0xa66, 0xa}, - {0xa72, 0x3}, - {0xa83, 1}, - {0xa85, 0x7}, - {0xa8d, 1}, - {0xa8f, 0x3}, - {0xa93, 0x16}, - {0xaaa, 0x7}, - {0xab2, 0x2}, - {0xab5, 0x5}, - {0xabd, 0x4}, - {0xac9, 1}, - {0xacb, 0x2}, - {0xad0, 1}, - {0xae0, 1}, - {0xae6, 0xa}, - {0xb02, 0x2}, - {0xb05, 0x8}, - {0xb0f, 0x2}, - {0xb13, 0x16}, - {0xb2a, 0x7}, - {0xb32, 0x2}, - {0xb36, 0x4}, - {0xb3d, 0x2}, - {0xb40, 1}, - {0xb47, 0x2}, - {0xb4b, 0x2}, - {0xb57, 1}, - {0xb5c, 0x2}, - {0xb5f, 0x3}, - {0xb66, 0xb}, - {0xb83, 1}, - {0xb85, 0x6}, - {0xb8e, 0x3}, - {0xb92, 0x4}, - {0xb99, 0x2}, - {0xb9c, 1}, - {0xb9e, 0x2}, - {0xba3, 0x2}, - {0xba8, 0x3}, - {0xbae, 0x8}, - {0xbb7, 0x3}, - {0xbbe, 0x2}, - {0xbc1, 0x2}, - {0xbc6, 0x3}, - {0xbca, 0x3}, - {0xbd7, 1}, - {0xbe7, 0xc}, - {0xc01, 0x3}, - {0xc05, 0x8}, - {0xc0e, 0x3}, - {0xc12, 0x17}, - {0xc2a, 0xa}, - {0xc35, 0x5}, - {0xc41, 0x4}, - {0xc60, 0x2}, - {0xc66, 0xa}, - {0xc82, 0x2}, - {0xc85, 0x8}, - {0xc8e, 0x3}, - {0xc92, 0x17}, - {0xcaa, 0xa}, - {0xcb5, 0x5}, - {0xcbe, 1}, - {0xcc0, 0x5}, - {0xcc7, 0x2}, - {0xcca, 0x2}, - {0xcd5, 0x2}, - {0xcde, 1}, - {0xce0, 0x2}, - {0xce6, 0xa}, - {0xd02, 0x2}, - {0xd05, 0x8}, - {0xd0e, 0x3}, - {0xd12, 0x17}, - {0xd2a, 0x10}, - {0xd3e, 0x3}, - {0xd46, 0x3}, - {0xd4a, 0x3}, - {0xd57, 1}, - {0xd60, 0x2}, - {0xd66, 0xa}, - {0xd82, 0x2}, - {0xd85, 0x12}, - {0xd9a, 0x18}, - {0xdb3, 0x9}, - {0xdbd, 1}, - {0xdc0, 0x7}, - {0xdcf, 0x3}, - {0xdd8, 0x8}, - {0xdf2, 0x3}, - {0xe01, 0x30}, - {0xe32, 0x2}, - {0xe40, 0x7}, - {0xe4f, 0xd}, - {0xe81, 0x2}, - {0xe84, 1}, - {0xe87, 0x2}, - {0xe8a, 1}, - {0xe8d, 1}, - {0xe94, 0x4}, - {0xe99, 0x7}, - {0xea1, 0x3}, - {0xea5, 1}, - {0xea7, 1}, - {0xeaa, 0x2}, - {0xead, 0x4}, - {0xeb2, 0x2}, - {0xebd, 1}, - {0xec0, 0x5}, - {0xec6, 1}, - {0xed0, 0xa}, - {0xedc, 0x2}, - {0xf00, 0x18}, - {0xf1a, 0x1b}, - {0xf36, 1}, - {0xf38, 1}, - {0xf3e, 0xa}, - {0xf49, 0x22}, - {0xf7f, 1}, - {0xf85, 1}, - {0xf88, 0x4}, - {0xfbe, 0x8}, - {0xfc7, 0x6}, - {0xfcf, 1}, - {0x1000, 0x22}, - {0x1023, 0x5}, - {0x1029, 0x2}, - {0x102c, 1}, - {0x1031, 1}, - {0x1038, 1}, - {0x1040, 0x18}, - {0x10a0, 0x26}, - {0x10d0, 0x29}, - {0x10fb, 1}, - {0x1100, 0x5a}, - {0x115f, 0x44}, - {0x11a8, 0x52}, - {0x1200, 0x7}, - {0x1208, 0x3f}, - {0x1248, 1}, - {0x124a, 0x4}, - {0x1250, 0x7}, - {0x1258, 1}, - {0x125a, 0x4}, - {0x1260, 0x27}, - {0x1288, 1}, - {0x128a, 0x4}, - {0x1290, 0x1f}, - {0x12b0, 1}, - {0x12b2, 0x4}, - {0x12b8, 0x7}, - {0x12c0, 1}, - {0x12c2, 0x4}, - {0x12c8, 0x7}, - {0x12d0, 0x7}, - {0x12d8, 0x17}, - {0x12f0, 0x1f}, - {0x1310, 1}, - {0x1312, 0x4}, - {0x1318, 0x7}, - {0x1320, 0x27}, - {0x1348, 0x13}, - {0x1361, 0x1c}, - {0x13a0, 0x55}, - {0x1401, 0x276}, - {0x1681, 0x1a}, - {0x16a0, 0x51}, - {0x1700, 0xd}, - {0x170e, 0x4}, - {0x1720, 0x12}, - {0x1735, 0x2}, - {0x1740, 0x12}, - {0x1760, 0xd}, - {0x176e, 0x3}, - {0x1780, 0x37}, - {0x17be, 0x8}, - {0x17c7, 0x2}, - {0x17d4, 0x7}, - {0x17dc, 1}, - {0x17e0, 0xa}, - {0x1810, 0xa}, - {0x1820, 0x58}, - {0x1880, 0x29}, - {0x1e00, 0x9c}, - {0x1ea0, 0x5a}, - {0x1f00, 0x16}, - {0x1f18, 0x6}, - {0x1f20, 0x26}, - {0x1f48, 0x6}, - {0x1f50, 0x8}, - {0x1f59, 1}, - {0x1f5b, 1}, - {0x1f5d, 1}, - {0x1f5f, 0x1f}, - {0x1f80, 0x35}, - {0x1fb6, 0x7}, - {0x1fbe, 1}, - {0x1fc2, 0x3}, - {0x1fc6, 0x7}, - {0x1fd0, 0x4}, - {0x1fd6, 0x6}, - {0x1fe0, 0xd}, - {0x1ff2, 0x3}, - {0x1ff6, 0x7}, - {0x200e, 1}, - {0x2071, 1}, - {0x207f, 1}, - {0x2102, 1}, - {0x2107, 1}, - {0x210a, 0xa}, - {0x2115, 1}, - {0x2119, 0x5}, - {0x2124, 1}, - {0x2126, 1}, - {0x2128, 1}, - {0x212a, 0x4}, - {0x212f, 0x3}, - {0x2133, 0x7}, - {0x213d, 0x3}, - {0x2145, 0x5}, - {0x2160, 0x24}, - {0x2336, 0x45}, - {0x2395, 1}, - {0x249c, 0x4e}, - {0x3005, 0x3}, - {0x3021, 0x9}, - {0x3031, 0x5}, - {0x3038, 0x5}, - {0x3041, 0x56}, - {0x309d, 0x3}, - {0x30a1, 0x5a}, - {0x30fc, 0x4}, - {0x3105, 0x28}, - {0x3131, 0x5e}, - {0x3190, 0x28}, - {0x31f0, 0x2d}, - {0x3220, 0x24}, - {0x3260, 0x1c}, - {0x327f, 0x32}, - {0x32c0, 0xc}, - {0x32d0, 0x2f}, - {0x3300, 0x77}, - {0x337b, 0x63}, - {0x33e0, 0x1f}, - {0x3400, 0x19b6}, - {0x4e00, 0x51a6}, - {0xa000, 0x48d}, - {0xac00, 0x2ba4}, - {0xd800, 0x222e}, - {0xfa30, 0x3b}, - {0xfb00, 0x7}, - {0xfb13, 0x5}, - {0xff21, 0x1a}, - {0xff41, 0x1a}, - {0xff66, 0x59}, - {0xffc2, 0x6}, - {0xffca, 0x6}, - {0xffd2, 0x6}, - {0xffda, 0x3}, - {0x10300, 0x1f}, - {0x10320, 0x4}, - {0x10330, 0x1b}, - {0x10400, 0x26}, - {0x10428, 0x26}, - {0x1d000, 0xf6}, - {0x1d100, 0x27}, - {0x1d12a, 0x3d}, - {0x1d16a, 0x9}, - {0x1d183, 0x2}, - {0x1d18c, 0x1e}, - {0x1d1ae, 0x30}, - {0x1d400, 0x55}, - {0x1d456, 0x47}, - {0x1d49e, 0x2}, - {0x1d4a2, 1}, - {0x1d4a5, 0x2}, - {0x1d4a9, 0x4}, - {0x1d4ae, 0xc}, - {0x1d4bb, 1}, - {0x1d4bd, 0x4}, - {0x1d4c2, 0x2}, - {0x1d4c5, 0x41}, - {0x1d507, 0x4}, - {0x1d50d, 0x8}, - {0x1d516, 0x7}, - {0x1d51e, 0x1c}, - {0x1d53b, 0x4}, - {0x1d540, 0x5}, - {0x1d546, 1}, - {0x1d54a, 0x7}, - {0x1d552, 0x152}, - {0x1d6a8, 0x122}, - {0x20000, 0xa6d7}, - {0x2f800, 0x21e}, - {0xf0000, 0xfffe}, - {0x100000, 0xfffe}, -}; - -const size_t _wind_l_table_size = 360; - diff --git a/source4/heimdal/lib/wind/bidi_table.h b/source4/heimdal/lib/wind/bidi_table.h deleted file mode 100644 index 2e369f2d9a..0000000000 --- a/source4/heimdal/lib/wind/bidi_table.h +++ /dev/null @@ -1,21 +0,0 @@ -/* bidi_table.h */ -/* Automatically generated at 2008-03-18T11:38:07.839121 */ - -#ifndef BIDI_TABLE_H -#define BIDI_TABLE_H 1 - -#include -#include - -struct range_entry { - uint32_t start; - unsigned len; -}; - -extern const struct range_entry _wind_ral_table[]; -extern const struct range_entry _wind_l_table[]; - -extern const size_t _wind_ral_table_size; -extern const size_t _wind_l_table_size; - -#endif /* BIDI_TABLE_H */ diff --git a/source4/heimdal/lib/wind/combining_table.c b/source4/heimdal/lib/wind/combining_table.c deleted file mode 100644 index 7abd1cf76d..0000000000 --- a/source4/heimdal/lib/wind/combining_table.c +++ /dev/null @@ -1,362 +0,0 @@ -/* combining_table.c */ -/* Automatically generated at 2008-03-18T11:38:08.166082 */ - - -#include "combining_table.h" - -const struct translation _wind_combining_table[] = { -{0x300, 230}, /* Mn */ -{0x301, 230}, /* Mn */ -{0x302, 230}, /* Mn */ -{0x303, 230}, /* Mn */ -{0x304, 230}, /* Mn */ -{0x305, 230}, /* Mn */ -{0x306, 230}, /* Mn */ -{0x307, 230}, /* Mn */ -{0x308, 230}, /* Mn */ -{0x309, 230}, /* Mn */ -{0x30a, 230}, /* Mn */ -{0x30b, 230}, /* Mn */ -{0x30c, 230}, /* Mn */ -{0x30d, 230}, /* Mn */ -{0x30e, 230}, /* Mn */ -{0x30f, 230}, /* Mn */ -{0x310, 230}, /* Mn */ -{0x311, 230}, /* Mn */ -{0x312, 230}, /* Mn */ -{0x313, 230}, /* Mn */ -{0x314, 230}, /* Mn */ -{0x315, 232}, /* Mn */ -{0x316, 220}, /* Mn */ -{0x317, 220}, /* Mn */ -{0x318, 220}, /* Mn */ -{0x319, 220}, /* Mn */ -{0x31a, 232}, /* Mn */ -{0x31b, 216}, /* Mn */ -{0x31c, 220}, /* Mn */ -{0x31d, 220}, /* Mn */ -{0x31e, 220}, /* Mn */ -{0x31f, 220}, /* Mn */ -{0x320, 220}, /* Mn */ -{0x321, 202}, /* Mn */ -{0x322, 202}, /* Mn */ -{0x323, 220}, /* Mn */ -{0x324, 220}, /* Mn */ -{0x325, 220}, /* Mn */ -{0x326, 220}, /* Mn */ -{0x327, 202}, /* Mn */ -{0x328, 202}, /* Mn */ -{0x329, 220}, /* Mn */ -{0x32a, 220}, /* Mn */ -{0x32b, 220}, /* Mn */ -{0x32c, 220}, /* Mn */ -{0x32d, 220}, /* Mn */ -{0x32e, 220}, /* Mn */ -{0x32f, 220}, /* Mn */ -{0x330, 220}, /* Mn */ -{0x331, 220}, /* Mn */ -{0x332, 220}, /* Mn */ -{0x333, 220}, /* Mn */ -{0x334, 1}, /* Mn */ -{0x335, 1}, /* Mn */ -{0x336, 1}, /* Mn */ -{0x337, 1}, /* Mn */ -{0x338, 1}, /* Mn */ -{0x339, 220}, /* Mn */ -{0x33a, 220}, /* Mn */ -{0x33b, 220}, /* Mn */ -{0x33c, 220}, /* Mn */ -{0x33d, 230}, /* Mn */ -{0x33e, 230}, /* Mn */ -{0x33f, 230}, /* Mn */ -{0x340, 230}, /* Mn */ -{0x341, 230}, /* Mn */ -{0x342, 230}, /* Mn */ -{0x343, 230}, /* Mn */ -{0x344, 230}, /* Mn */ -{0x345, 240}, /* Mn */ -{0x346, 230}, /* Mn */ -{0x347, 220}, /* Mn */ -{0x348, 220}, /* Mn */ -{0x349, 220}, /* Mn */ -{0x34a, 230}, /* Mn */ -{0x34b, 230}, /* Mn */ -{0x34c, 230}, /* Mn */ -{0x34d, 220}, /* Mn */ -{0x34e, 220}, /* Mn */ -{0x350, 230}, /* Mn */ -{0x351, 230}, /* Mn */ -{0x352, 230}, /* Mn */ -{0x353, 220}, /* Mn */ -{0x354, 220}, /* Mn */ -{0x355, 220}, /* Mn */ -{0x356, 220}, /* Mn */ -{0x357, 230}, /* Mn */ -{0x35d, 234}, /* Mn */ -{0x35e, 234}, /* Mn */ -{0x35f, 233}, /* Mn */ -{0x360, 234}, /* Mn */ -{0x361, 234}, /* Mn */ -{0x362, 233}, /* Mn */ -{0x363, 230}, /* Mn */ -{0x364, 230}, /* Mn */ -{0x365, 230}, /* Mn */ -{0x366, 230}, /* Mn */ -{0x367, 230}, /* Mn */ -{0x368, 230}, /* Mn */ -{0x369, 230}, /* Mn */ -{0x36a, 230}, /* Mn */ -{0x36b, 230}, /* Mn */ -{0x36c, 230}, /* Mn */ -{0x36d, 230}, /* Mn */ -{0x36e, 230}, /* Mn */ -{0x36f, 230}, /* Mn */ -{0x483, 230}, /* Mn */ -{0x484, 230}, /* Mn */ -{0x485, 230}, /* Mn */ -{0x486, 230}, /* Mn */ -{0x591, 220}, /* Mn */ -{0x592, 230}, /* Mn */ -{0x593, 230}, /* Mn */ -{0x594, 230}, /* Mn */ -{0x595, 230}, /* Mn */ -{0x596, 220}, /* Mn */ -{0x597, 230}, /* Mn */ -{0x598, 230}, /* Mn */ -{0x599, 230}, /* Mn */ -{0x59a, 222}, /* Mn */ -{0x59b, 220}, /* Mn */ -{0x59c, 230}, /* Mn */ -{0x59d, 230}, /* Mn */ -{0x59e, 230}, /* Mn */ -{0x59f, 230}, /* Mn */ -{0x5a0, 230}, /* Mn */ -{0x5a1, 230}, /* Mn */ -{0x5a3, 220}, /* Mn */ -{0x5a4, 220}, /* Mn */ -{0x5a5, 220}, /* Mn */ -{0x5a6, 220}, /* Mn */ -{0x5a7, 220}, /* Mn */ -{0x5a8, 230}, /* Mn */ -{0x5a9, 230}, /* Mn */ -{0x5aa, 220}, /* Mn */ -{0x5ab, 230}, /* Mn */ -{0x5ac, 230}, /* Mn */ -{0x5ad, 222}, /* Mn */ -{0x5ae, 228}, /* Mn */ -{0x5af, 230}, /* Mn */ -{0x5b0, 10}, /* Mn */ -{0x5b1, 11}, /* Mn */ -{0x5b2, 12}, /* Mn */ -{0x5b3, 13}, /* Mn */ -{0x5b4, 14}, /* Mn */ -{0x5b5, 15}, /* Mn */ -{0x5b6, 16}, /* Mn */ -{0x5b7, 17}, /* Mn */ -{0x5b8, 18}, /* Mn */ -{0x5b9, 19}, /* Mn */ -{0x5bb, 20}, /* Mn */ -{0x5bc, 21}, /* Mn */ -{0x5bd, 22}, /* Mn */ -{0x5bf, 23}, /* Mn */ -{0x5c1, 24}, /* Mn */ -{0x5c2, 25}, /* Mn */ -{0x5c4, 230}, /* Mn */ -{0x610, 230}, /* Mn */ -{0x611, 230}, /* Mn */ -{0x612, 230}, /* Mn */ -{0x613, 230}, /* Mn */ -{0x614, 230}, /* Mn */ -{0x615, 230}, /* Mn */ -{0x64b, 27}, /* Mn */ -{0x64c, 28}, /* Mn */ -{0x64d, 29}, /* Mn */ -{0x64e, 30}, /* Mn */ -{0x64f, 31}, /* Mn */ -{0x650, 32}, /* Mn */ -{0x651, 33}, /* Mn */ -{0x652, 34}, /* Mn */ -{0x653, 230}, /* Mn */ -{0x654, 230}, /* Mn */ -{0x655, 220}, /* Mn */ -{0x656, 220}, /* Mn */ -{0x657, 230}, /* Mn */ -{0x658, 230}, /* Mn */ -{0x670, 35}, /* Mn */ -{0x6d6, 230}, /* Mn */ -{0x6d7, 230}, /* Mn */ -{0x6d8, 230}, /* Mn */ -{0x6d9, 230}, /* Mn */ -{0x6da, 230}, /* Mn */ -{0x6db, 230}, /* Mn */ -{0x6dc, 230}, /* Mn */ -{0x6df, 230}, /* Mn */ -{0x6e0, 230}, /* Mn */ -{0x6e1, 230}, /* Mn */ -{0x6e2, 230}, /* Mn */ -{0x6e3, 220}, /* Mn */ -{0x6e4, 230}, /* Mn */ -{0x6e7, 230}, /* Mn */ -{0x6e8, 230}, /* Mn */ -{0x6ea, 220}, /* Mn */ -{0x6eb, 230}, /* Mn */ -{0x6ec, 230}, /* Mn */ -{0x6ed, 220}, /* Mn */ -{0x711, 36}, /* Mn */ -{0x730, 230}, /* Mn */ -{0x731, 220}, /* Mn */ -{0x732, 230}, /* Mn */ -{0x733, 230}, /* Mn */ -{0x734, 220}, /* Mn */ -{0x735, 230}, /* Mn */ -{0x736, 230}, /* Mn */ -{0x737, 220}, /* Mn */ -{0x738, 220}, /* Mn */ -{0x739, 220}, /* Mn */ -{0x73a, 230}, /* Mn */ -{0x73b, 220}, /* Mn */ -{0x73c, 220}, /* Mn */ -{0x73d, 230}, /* Mn */ -{0x73e, 220}, /* Mn */ -{0x73f, 230}, /* Mn */ -{0x740, 230}, /* Mn */ -{0x741, 230}, /* Mn */ -{0x742, 220}, /* Mn */ -{0x743, 230}, /* Mn */ -{0x744, 220}, /* Mn */ -{0x745, 230}, /* Mn */ -{0x746, 220}, /* Mn */ -{0x747, 230}, /* Mn */ -{0x748, 220}, /* Mn */ -{0x749, 230}, /* Mn */ -{0x74a, 230}, /* Mn */ -{0x93c, 7}, /* Mn */ -{0x94d, 9}, /* Mn */ -{0x951, 230}, /* Mn */ -{0x952, 220}, /* Mn */ -{0x953, 230}, /* Mn */ -{0x954, 230}, /* Mn */ -{0x9bc, 7}, /* Mn */ -{0x9cd, 9}, /* Mn */ -{0xa3c, 7}, /* Mn */ -{0xa4d, 9}, /* Mn */ -{0xabc, 7}, /* Mn */ -{0xacd, 9}, /* Mn */ -{0xb3c, 7}, /* Mn */ -{0xb4d, 9}, /* Mn */ -{0xbcd, 9}, /* Mn */ -{0xc4d, 9}, /* Mn */ -{0xc55, 84}, /* Mn */ -{0xc56, 91}, /* Mn */ -{0xcbc, 7}, /* Mn */ -{0xccd, 9}, /* Mn */ -{0xd4d, 9}, /* Mn */ -{0xdca, 9}, /* Mn */ -{0xe38, 103}, /* Mn */ -{0xe39, 103}, /* Mn */ -{0xe3a, 9}, /* Mn */ -{0xe48, 107}, /* Mn */ -{0xe49, 107}, /* Mn */ -{0xe4a, 107}, /* Mn */ -{0xe4b, 107}, /* Mn */ -{0xeb8, 118}, /* Mn */ -{0xeb9, 118}, /* Mn */ -{0xec8, 122}, /* Mn */ -{0xec9, 122}, /* Mn */ -{0xeca, 122}, /* Mn */ -{0xecb, 122}, /* Mn */ -{0xf18, 220}, /* Mn */ -{0xf19, 220}, /* Mn */ -{0xf35, 220}, /* Mn */ -{0xf37, 220}, /* Mn */ -{0xf39, 216}, /* Mn */ -{0xf71, 129}, /* Mn */ -{0xf72, 130}, /* Mn */ -{0xf74, 132}, /* Mn */ -{0xf7a, 130}, /* Mn */ -{0xf7b, 130}, /* Mn */ -{0xf7c, 130}, /* Mn */ -{0xf7d, 130}, /* Mn */ -{0xf80, 130}, /* Mn */ -{0xf82, 230}, /* Mn */ -{0xf83, 230}, /* Mn */ -{0xf84, 9}, /* Mn */ -{0xf86, 230}, /* Mn */ -{0xf87, 230}, /* Mn */ -{0xfc6, 220}, /* Mn */ -{0x1037, 7}, /* Mn */ -{0x1039, 9}, /* Mn */ -{0x1714, 9}, /* Mn */ -{0x1734, 9}, /* Mn */ -{0x17d2, 9}, /* Mn */ -{0x17dd, 230}, /* Mn */ -{0x18a9, 228}, /* Mn */ -{0x1939, 222}, /* Mn */ -{0x193a, 230}, /* Mn */ -{0x193b, 220}, /* Mn */ -{0x20d0, 230}, /* Mn */ -{0x20d1, 230}, /* Mn */ -{0x20d2, 1}, /* Mn */ -{0x20d3, 1}, /* Mn */ -{0x20d4, 230}, /* Mn */ -{0x20d5, 230}, /* Mn */ -{0x20d6, 230}, /* Mn */ -{0x20d7, 230}, /* Mn */ -{0x20d8, 1}, /* Mn */ -{0x20d9, 1}, /* Mn */ -{0x20da, 1}, /* Mn */ -{0x20db, 230}, /* Mn */ -{0x20dc, 230}, /* Mn */ -{0x20e1, 230}, /* Mn */ -{0x20e5, 1}, /* Mn */ -{0x20e6, 1}, /* Mn */ -{0x20e7, 230}, /* Mn */ -{0x20e8, 220}, /* Mn */ -{0x20e9, 230}, /* Mn */ -{0x20ea, 1}, /* Mn */ -{0x302a, 218}, /* Mn */ -{0x302b, 228}, /* Mn */ -{0x302c, 232}, /* Mn */ -{0x302d, 222}, /* Mn */ -{0x302e, 224}, /* Mn */ -{0x302f, 224}, /* Mn */ -{0x3099, 8}, /* Mn */ -{0x309a, 8}, /* Mn */ -{0xfb1e, 26}, /* Mn */ -{0xfe20, 230}, /* Mn */ -{0xfe21, 230}, /* Mn */ -{0xfe22, 230}, /* Mn */ -{0xfe23, 230}, /* Mn */ -{0x1d165, 216}, /* Mc */ -{0x1d166, 216}, /* Mc */ -{0x1d167, 1}, /* Mn */ -{0x1d168, 1}, /* Mn */ -{0x1d169, 1}, /* Mn */ -{0x1d16d, 226}, /* Mc */ -{0x1d16e, 216}, /* Mc */ -{0x1d16f, 216}, /* Mc */ -{0x1d170, 216}, /* Mc */ -{0x1d171, 216}, /* Mc */ -{0x1d172, 216}, /* Mc */ -{0x1d17b, 220}, /* Mn */ -{0x1d17c, 220}, /* Mn */ -{0x1d17d, 220}, /* Mn */ -{0x1d17e, 220}, /* Mn */ -{0x1d17f, 220}, /* Mn */ -{0x1d180, 220}, /* Mn */ -{0x1d181, 220}, /* Mn */ -{0x1d182, 220}, /* Mn */ -{0x1d185, 230}, /* Mn */ -{0x1d186, 230}, /* Mn */ -{0x1d187, 230}, /* Mn */ -{0x1d188, 230}, /* Mn */ -{0x1d189, 230}, /* Mn */ -{0x1d18a, 220}, /* Mn */ -{0x1d18b, 220}, /* Mn */ -{0x1d1aa, 230}, /* Mn */ -{0x1d1ab, 230}, /* Mn */ -{0x1d1ac, 230}, /* Mn */ -{0x1d1ad, 230}, /* Mn */ - -}; -const size_t _wind_combining_table_size = 352; diff --git a/source4/heimdal/lib/wind/combining_table.h b/source4/heimdal/lib/wind/combining_table.h deleted file mode 100644 index 000af13ea8..0000000000 --- a/source4/heimdal/lib/wind/combining_table.h +++ /dev/null @@ -1,18 +0,0 @@ -/* combining_table.h */ -/* Automatically generated at 2008-03-18T11:38:08.165877 */ - -#ifndef COMBINING_TABLE_H -#define COMBINING_TABLE_H 1 - -#include -#include - -struct translation { - uint32_t key; - unsigned combining_class; -}; - -extern const struct translation _wind_combining_table[]; - -extern const size_t _wind_combining_table_size; -#endif /* COMBINING_TABLE_H */ diff --git a/source4/heimdal/lib/wind/errorlist_table.c b/source4/heimdal/lib/wind/errorlist_table.c deleted file mode 100644 index 5d5d8caaf2..0000000000 --- a/source4/heimdal/lib/wind/errorlist_table.c +++ /dev/null @@ -1,88 +0,0 @@ -/* errorlist_table.c */ -/* Automatically generated at 2008-03-18T11:38:08.266475 */ - - -#include "errorlist_table.h" - -const struct error_entry _wind_errorlist_table[] = { - {0x0, 0x20, WIND_PROFILE_SASL}, /* C.2.1: [CONTROL CHARACTERS] */ - {0x7f, 0x1, WIND_PROFILE_SASL}, /* C.2.1: DELETE */ - {0x80, 0x20, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: [CONTROL CHARACTERS] */ - {0xa0, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: NO-BREAK SPACE */ - {0x340, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: COMBINING GRAVE TONE MARK */ - {0x341, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: COMBINING ACUTE TONE MARK */ - {0x6dd, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: ARABIC END OF AYAH */ - {0x70f, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: SYRIAC ABBREVIATION MARK */ - {0x1680, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: OGHAM SPACE MARK */ - {0x180e, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: MONGOLIAN VOWEL SEPARATOR */ - {0x2000, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: EN QUAD */ - {0x2001, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: EM QUAD */ - {0x2002, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: EN SPACE */ - {0x2003, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: EM SPACE */ - {0x2004, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: THREE-PER-EM SPACE */ - {0x2005, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: FOUR-PER-EM SPACE */ - {0x2006, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: SIX-PER-EM SPACE */ - {0x2007, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: FIGURE SPACE */ - {0x2008, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: PUNCTUATION SPACE */ - {0x2009, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: THIN SPACE */ - {0x200a, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: HAIR SPACE */ - {0x200b, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: ZERO WIDTH SPACE */ - {0x200c, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: ZERO WIDTH NON-JOINER */ - {0x200d, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: ZERO WIDTH JOINER */ - {0x200e, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: LEFT-TO-RIGHT MARK */ - {0x200f, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: RIGHT-TO-LEFT MARK */ - {0x2028, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: LINE SEPARATOR */ - {0x2029, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: PARAGRAPH SEPARATOR */ - {0x202a, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: LEFT-TO-RIGHT EMBEDDING */ - {0x202b, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: RIGHT-TO-LEFT EMBEDDING */ - {0x202c, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: POP DIRECTIONAL FORMATTING */ - {0x202d, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: LEFT-TO-RIGHT OVERRIDE */ - {0x202e, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: RIGHT-TO-LEFT OVERRIDE */ - {0x202f, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: NARROW NO-BREAK SPACE */ - {0x205f, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: MEDIUM MATHEMATICAL SPACE */ - {0x2060, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: WORD JOINER */ - {0x2061, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: FUNCTION APPLICATION */ - {0x2062, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: INVISIBLE TIMES */ - {0x2063, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: INVISIBLE SEPARATOR */ - {0x206a, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL|WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.8,C.2.2: INHIBIT SYMMETRIC SWAPPING */ - {0x206b, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: ACTIVATE SYMMETRIC SWAPPING */ - {0x206c, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: INHIBIT ARABIC FORM SHAPING */ - {0x206d, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: ACTIVATE ARABIC FORM SHAPING */ - {0x206e, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: NATIONAL DIGIT SHAPES */ - {0x206f, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.8: NOMINAL DIGIT SHAPES */ - {0x2ff0, 0xc, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.7: [IDEOGRAPHIC DESCRIPTION CHARACTERS] */ - {0x3000, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.1.2: IDEOGRAPHIC SPACE */ - {0xd800, 0x800, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.5: [SURROGATE CODES] */ - {0xe000, 0x1900, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.3: [PRIVATE USE, PLANE 0] */ - {0xfdd0, 0x20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0xfeff, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: ZERO WIDTH NO-BREAK SPACE */ - {0xfff9, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.6,C.2.2: INTERLINEAR ANNOTATION ANCHOR */ - {0xfffa, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.6: INTERLINEAR ANNOTATION SEPARATOR */ - {0xfffb, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.6: INTERLINEAR ANNOTATION TERMINATOR */ - {0xfffc, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.6: OBJECT REPLACEMENT CHARACTER */ - {0xfffd, 0x1, WIND_PROFILE_LDAP|WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* rfc4518-error,C.6: */ - {0xfffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0x1d173, 0x8, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.2.2: [MUSICAL CONTROL CHARACTERS] */ - {0x1fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0x2fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0x3fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0x4fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0x5fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0x6fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0x7fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0x8fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0x9fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0xafffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0xbfffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0xcfffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0xdfffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0xe0001, 0x1, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.9: LANGUAGE TAG */ - {0xe0020, 0x60, WIND_PROFILE_NAME|WIND_PROFILE_SASL}, /* C.9: [TAGGING CHARACTERS] */ - {0xefffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0xf0000, 0xfffe, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.3: [PRIVATE USE, PLANE 15] */ - {0xffffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ - {0x100000, 0xfffe, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.3: [PRIVATE USE, PLANE 16] */ - {0x10fffe, 0x2, WIND_PROFILE_NAME|WIND_PROFILE_LDAP|WIND_PROFILE_SASL}, /* C.4: [NONCHARACTER CODE POINTS] */ -}; - -const size_t _wind_errorlist_table_size = 78; diff --git a/source4/heimdal/lib/wind/errorlist_table.h b/source4/heimdal/lib/wind/errorlist_table.h deleted file mode 100644 index 5fc9ddbf04..0000000000 --- a/source4/heimdal/lib/wind/errorlist_table.h +++ /dev/null @@ -1,19 +0,0 @@ -/* errorlist_table.h */ -/* Automatically generated at 2008-03-18T11:38:08.266305 */ - -#ifndef ERRORLIST_TABLE_H -#define ERRORLIST_TABLE_H 1 - -#include "windlocl.h" - -struct error_entry { - uint32_t start; - unsigned len; - wind_profile_flags flags; -}; - -extern const struct error_entry _wind_errorlist_table[]; - -extern const size_t _wind_errorlist_table_size; - -#endif /* ERRORLIST_TABLE_H */ diff --git a/source4/heimdal/lib/wind/gen-bidi.py b/source4/heimdal/lib/wind/gen-bidi.py new file mode 100755 index 0000000000..983eb618ff --- /dev/null +++ b/source4/heimdal/lib/wind/gen-bidi.py @@ -0,0 +1,101 @@ +#!/usr/local/bin/python +# -*- coding: iso-8859-1 -*- + +# $Id: gen-bidi.py 23332 2008-06-27 14:42:17Z lha $ + +# Copyright (c) 2004 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import re +import string +import sys + +import generate +import rfc3454 + +if len(sys.argv) != 3: + print "usage: %s rfc3454.txt outdir" % sys.argv[0] + sys.exit(1) + +tables = rfc3454.read(sys.argv[1]) + +bidi_h = generate.Header('%s/bidi_table.h' % sys.argv[2]) + +bidi_c = generate.Implementation('%s/bidi_table.c' % sys.argv[2]) + +bidi_h.file.write( +''' +#include + +struct range_entry { + uint32_t start; + unsigned len; +}; + +extern const struct range_entry _wind_ral_table[]; +extern const struct range_entry _wind_l_table[]; + +extern const size_t _wind_ral_table_size; +extern const size_t _wind_l_table_size; + +''') + +bidi_c.file.write( +''' +#include "bidi_table.h" + +''') + +def printTable(file, table, variable): + """print table to file named as variable""" + file.write("const struct range_entry %s[] = {\n" % variable) + count = 0 + for l in tables[table]: + m = re.search('^ *([0-9A-F]+)-([0-9A-F]+) *$', l) + if m: + start = int(m.group(1), 0x10) + end = int(m.group(2), 0x10) + file.write(" {0x%x, 0x%x},\n" % (start, end - start + 1)) + count += 1 + else: + m = re.search('^ *([0-9A-F]+) *$', l) + if m: + v = int(m.group(1), 0x10) + file.write(" {0x%x, 1},\n" % v) + count += 1 + file.write("};\n\n") + file.write("const size_t %s_size = %u;\n\n" % (variable, count)) + +printTable(bidi_c.file, 'D.1', '_wind_ral_table') +printTable(bidi_c.file, 'D.2', '_wind_l_table') + +bidi_h.close() +bidi_c.close() diff --git a/source4/heimdal/lib/wind/gen-combining.py b/source4/heimdal/lib/wind/gen-combining.py new file mode 100755 index 0000000000..33fe344772 --- /dev/null +++ b/source4/heimdal/lib/wind/gen-combining.py @@ -0,0 +1,104 @@ +#!/usr/local/bin/python +# -*- coding: iso-8859-1 -*- + +# $Id: gen-combining.py 23332 2008-06-27 14:42:17Z lha $ + +# Copyright (c) 2004 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import re +import string +import sys + +import generate +import UnicodeData + +if len(sys.argv) != 3: + print "usage: %s UnicodeData.txt out-dir" % sys.argv[0] + sys.exit(1) + +ud = UnicodeData.read(sys.argv[1]) + +trans = {} +for k,v in ud.items(): + if int(v[2]) != 0 : + trans[k] = [int(v[2]), v[1]] + +# trans = [(x[0], int(x[3]), x[1]) for x in UnicodeData.read() if int(x[3]) != 0] + +combining_h = generate.Header('%s/combining_table.h' % sys.argv[2]) +combining_c = generate.Implementation('%s/combining_table.c' % sys.argv[2]) + +combining_h.file.write( +''' +#include + +struct translation { + uint32_t key; + unsigned combining_class; +}; + +extern const struct translation _wind_combining_table[]; + +extern const size_t _wind_combining_table_size; +''') + +combining_c.file.write( +''' +#include "combining_table.h" + +const struct translation _wind_combining_table[] = { +''') + +s = trans.keys() +s.sort() +for k in s: + v = trans[k] + combining_c.file.write("{0x%x, %u}, /* %s */\n" + % (k, v[0], v[1])) + + +#trans.sort() +#for x in trans: +# combining_c.file.write("{0x%x, %u}, /* %s */\n" +# % (x[0], x[1], x[2])) + +combining_c.file.write( +''' +}; +''') + +combining_c.file.write( + "const size_t _wind_combining_table_size = %u;\n" % len(trans)) + + +combining_h.close() +combining_c.close() diff --git a/source4/heimdal/lib/wind/gen-errorlist.py b/source4/heimdal/lib/wind/gen-errorlist.py new file mode 100755 index 0000000000..f3ab907d33 --- /dev/null +++ b/source4/heimdal/lib/wind/gen-errorlist.py @@ -0,0 +1,120 @@ +#!/usr/local/bin/python +# -*- coding: iso-8859-1 -*- + +# $Id: gen-errorlist.py 23242 2008-06-01 22:27:54Z lha $ + +# Copyright (c) 2004 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import re +import string +import sys + +import generate +import rfc3454 +import rfc4518 +import stringprep + +if len(sys.argv) != 3: + print "usage: %s rfc3454.txt out-dir" % sys.argv[0] + sys.exit(1) + +tables = rfc3454.read(sys.argv[1]) +t2 = rfc4518.read() + +for x in t2.iterkeys(): + tables[x] = t2[x] + +error_list = stringprep.get_errorlist() + +errorlist_h = generate.Header('%s/errorlist_table.h' % sys.argv[2]) + +errorlist_c = generate.Implementation('%s/errorlist_table.c' % sys.argv[2]) + +errorlist_h.file.write( +''' +#include "windlocl.h" + +struct error_entry { + uint32_t start; + unsigned len; + wind_profile_flags flags; +}; + +extern const struct error_entry _wind_errorlist_table[]; + +extern const size_t _wind_errorlist_table_size; + +''') + +errorlist_c.file.write( +''' +#include "errorlist_table.h" + +const struct error_entry _wind_errorlist_table[] = { +''') + +trans=[] + +for t in error_list.iterkeys(): + for l in tables[t]: + m = re.search('^ *([0-9A-F]+)-([0-9A-F]+); *(.*) *$', l) + if m: + start = int(m.group(1), 0x10) + end = int(m.group(2), 0x10) + desc = m.group(3) + trans.append([start, end - start + 1, desc, [t]]) + else: + m = re.search('^ *([0-9A-F]+); *(.*) *$', l) + if m: + trans.append([int(m.group(1), 0x10), 1, m.group(2), [t]]) + +trans = stringprep.sort_merge_trans(trans) + +for x in trans: + (start, length, description, tables) = x + symbols = stringprep.symbols(error_list, tables) + if len(symbols) == 0: + print "no symbol for %s" % description + sys.exit(1) + errorlist_c.file.write(" {0x%x, 0x%x, %s}, /* %s: %s */\n" + % (start, length, symbols, ",".join(tables), description)) + +errorlist_c.file.write( +'''}; + +''') + +errorlist_c.file.write( + "const size_t _wind_errorlist_table_size = %u;\n" % len(trans)) + +errorlist_h.close() +errorlist_c.close() diff --git a/source4/heimdal/lib/wind/gen-map.py b/source4/heimdal/lib/wind/gen-map.py new file mode 100755 index 0000000000..08f171ad85 --- /dev/null +++ b/source4/heimdal/lib/wind/gen-map.py @@ -0,0 +1,158 @@ +#!/usr/local/bin/python +# -*- coding: iso-8859-1 -*- + +# $Id: gen-map.py 23242 2008-06-01 22:27:54Z lha $ + +# Copyright (c) 2004 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import re +import string +import sys + +import generate +import rfc3454 +import rfc4518 +import stringprep +import util + +if len(sys.argv) != 3: + print "usage: %s rfc3454.txt out-dir" % sys.argv[0] + sys.exit(1) + +tables = rfc3454.read(sys.argv[1]) +t2 = rfc4518.read() + +for x in t2.iterkeys(): + tables[x] = t2[x] + +map_list = stringprep.get_maplist() + +map_h = generate.Header('%s/map_table.h' % sys.argv[2]) + +map_c = generate.Implementation('%s/map_table.c' % sys.argv[2]) + +map_h.file.write( +''' +#include "windlocl.h" + +struct translation { + uint32_t key; + unsigned short val_len; + unsigned short val_offset; + wind_profile_flags flags; +}; + +extern const struct translation _wind_map_table[]; + +extern const size_t _wind_map_table_size; + +extern const uint32_t _wind_map_table_val[]; + +''') + +map_c.file.write( +''' +#include "map_table.h" + +const struct translation _wind_map_table[] = { +''') + +trans=[] + +for t in map_list.iterkeys(): + for l in tables[t]: + m = re.search('^ *([0-9A-F]+)-([0-9A-F]+); *([^;]+); *(.*) *$', l) + if m: + start = int(m.group(1), 0x10) + end = int(m.group(2), 0x10) + value = m.group(3) + desc = m.group(4) + for key in xrange(start,end,1): + trans.append((key, value, desc, [t])) + continue + m = re.search('^ *([^;]+); *([^;]+); *(.*) *$', l) + if m: + key = int(m.group(1), 0x10) + value = m.group(2) + desc = m.group(3) + trans.append((key, value, desc, [t])) + continue + +valTable = [] +offsetTable = {} + +trans = stringprep.sort_merge_trans(trans) + +for x in trans: + if x[0] == 0xad: + print "fooresult %s" % ",".join(x[3]) + +for x in trans: + (key, value, description, table) = x + v = value.split() + i = util.subList(valTable, v) + if i: + offsetTable[key] = i + else: + offsetTable[key] = len(valTable) + valTable.extend(v) + +for x in trans: + (key, value, description, tables) = x + symbols = stringprep.symbols(map_list, tables) + if len(symbols) == 0: + print "no symbol for %s %s (%s)" % (key, description, tables) + sys.exit(1) + v = value.split() + map_c.file.write(" {0x%x, %u, %u, %s}, /* %s: %s */\n" + % (key, len(v), offsetTable[key], symbols, ",".join(tables), description)) + +map_c.file.write( +''' +}; + +''') + +map_c.file.write( + "const size_t _wind_map_table_size = %u;\n\n" % len(trans)) + +map_c.file.write( + "const uint32_t _wind_map_table_val[] = {\n") + +for x in valTable: + map_c.file.write(" 0x%s,\n" % x) + +map_c.file.write( + "};\n\n") + +map_h.close() +map_c.close() diff --git a/source4/heimdal/lib/wind/gen-normalize.py b/source4/heimdal/lib/wind/gen-normalize.py new file mode 100755 index 0000000000..e2b987f96b --- /dev/null +++ b/source4/heimdal/lib/wind/gen-normalize.py @@ -0,0 +1,210 @@ +#!/usr/local/bin/python +# -*- coding: iso-8859-1 -*- + +# $Id: gen-normalize.py 23332 2008-06-27 14:42:17Z lha $ + +# Copyright (c) 2004 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import re +import string +import sys + +import generate +import UnicodeData +import util + +if len(sys.argv) != 4: + print "usage: %s UnicodeData.txt" + " CompositionExclusions-3.2.0.txt out-dir" % sys.argv[0] + sys.exit(1) + +ud = UnicodeData.read(sys.argv[1]) + +def sortedKeys(d): + """Return a sorted list of the keys of a dict""" + keys = d.keys() + keys.sort() + return keys + +trans = dict([(k, [re.sub('<[a-zA-Z]+>', '', v[4]), v[0]]) + for k,v in ud.items() if v[4]]) + +maxLength = 0 +for v in trans.values(): + maxLength = max(maxLength, len(v[0].split())) + +normalize_h = generate.Header('%s/normalize_table.h' % sys.argv[3]) +normalize_c = generate.Implementation('%s/normalize_table.c' % sys.argv[3]) + +normalize_h.file.write( +''' +#include + +#define MAX_LENGTH_CANON %u + +struct translation { + uint32_t key; + unsigned short val_len; + unsigned short val_offset; +}; + +extern const struct translation _wind_normalize_table[]; + +extern const uint32_t _wind_normalize_val_table[]; + +extern const size_t _wind_normalize_table_size; + +struct canon_node { + uint32_t val; + unsigned char next_start; + unsigned char next_end; + unsigned short next_offset; +}; + +extern const struct canon_node _wind_canon_table[]; + +extern const unsigned short _wind_canon_next_table[]; +''' % maxLength) + +normalize_c.file.write( +''' +#include "normalize_table.h" + +const struct translation _wind_normalize_table[] = { +''') + +normalizeValTable = [] + +for k in sortedKeys(trans) : + v = trans[k] + (key, value, description) = k, v[0], v[1] + vec = [int(x, 0x10) for x in value.split()]; + offset = util.subList(normalizeValTable, vec) + if not offset: + offset = len(normalizeValTable) + normalizeValTable.extend(vec) # [("0x%s" % i) for i in vec]) + normalize_c.file.write(" {0x%x, %u, %u}, /* %s */\n" + % (key, len(vec), offset, description)) + +normalize_c.file.write( +'''}; + +''') + +normalize_c.file.write( + "const size_t _wind_normalize_table_size = %u;\n\n" % len(trans)) + +normalize_c.file.write("const uint32_t _wind_normalize_val_table[] = {\n") + +for v in normalizeValTable: + normalize_c.file.write(" 0x%x,\n" % v) + +normalize_c.file.write("};\n\n"); + +exclusions = UnicodeData.read(sys.argv[2]) + +inv = dict([(''.join(["%05x" % int(x, 0x10) for x in v[4].split(' ')]), + [k, v[0]]) + for k,v in ud.items() + if v[4] and not re.search('<[a-zA-Z]+> *', v[4]) and not exclusions.has_key(k)]) + +table = 0 + +tables = {} + +def createTable(): + """add a new table""" + global table, tables + ret = table + table += 1 + tables[ret] = [0] + [None] * 16 + return ret + +def add(table, k, v): + """add an entry (k, v) to table (recursively)""" + if len(k) == 0: + table[0] = v[0] + else: + i = int(k[0], 0x10) + 1 + if table[i] == None: + table[i] = createTable() + add(tables[table[i]], k[1:], v) + +top = createTable() + +for k,v in inv.items(): + add(tables[top], k, v) + +next_table = [] +tableToNext = {} +tableEnd = {} +tableStart = {} + +for k in sortedKeys(tables) : + t = tables[k] + tableToNext[k] = len(next_table) + l = t[1:] + start = 0 + while start < 16 and l[start] == None: + start += 1 + end = 16 + while end > start and l[end - 1] == None: + end -= 1 + tableStart[k] = start + tableEnd[k] = end + n = [] + for i in range(start, end): + x = l[i] + if x: + n.append(x) + else: + n.append(0) + next_table.extend(n) + +normalize_c.file.write("const struct canon_node _wind_canon_table[] = {\n") + +for k in sortedKeys(tables) : + t = tables[k] + normalize_c.file.write(" {0x%x, %u, %u, %u},\n" % + (t[0], tableStart[k], tableEnd[k], tableToNext[k])) + +normalize_c.file.write("};\n\n") + +normalize_c.file.write("const unsigned short _wind_canon_next_table[] = {\n") + +for k in next_table: + normalize_c.file.write(" %u,\n" % k) + +normalize_c.file.write("};\n\n") + +normalize_h.close() +normalize_c.close() diff --git a/source4/heimdal/lib/wind/generate.py b/source4/heimdal/lib/wind/generate.py new file mode 100644 index 0000000000..4e70c16778 --- /dev/null +++ b/source4/heimdal/lib/wind/generate.py @@ -0,0 +1,81 @@ +#!/usr/local/bin/python +# -*- coding: iso-8859-1 -*- + +# $Id: generate.py 23242 2008-06-01 22:27:54Z lha $ + +# Copyright (c) 2004 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import datetime +import string +import os + +class GeneratedFile : + "Represents a generated file" + def __init__(self, name) : + "Create a new GeneratedFile with name" + self.name = os.path.basename(name) + self.file = open(name, 'w') + self.file.write('/* ' + name + ' */\n') + self.file.write('/* Automatically generated at ' + + datetime.datetime.now().isoformat() + + ' */\n\n') + + def close(self) : + """End and close the file header""" + self.file.close() + + +class Header(GeneratedFile) : + "Represents a generated header file" + guardTrans = string.maketrans('-.', '__') + def makeGuard(self) : + """Return a name to be used as ifdef guard""" + return string.upper(string.translate(self.name, self.guardTrans)) + + def __init__(self, name) : + "Create a new Header with name" + GeneratedFile.__init__(self, name) + self.guard = self.makeGuard() + self.file.write('#ifndef ' + self.guard + '\n') + self.file.write('#define ' + self.guard + ' 1\n') + + def close(self) : + """End and close the file header""" + self.file.write('#endif /* ' + self.guard + ' */\n') + GeneratedFile.close(self) + + +class Implementation(GeneratedFile) : + "Represents a generated implementation file" + def __init__(self, name) : + "Create a new Implementation with name" + GeneratedFile.__init__(self, name) diff --git a/source4/heimdal/lib/wind/map_table.c b/source4/heimdal/lib/wind/map_table.c deleted file mode 100644 index e4dba94ea6..0000000000 --- a/source4/heimdal/lib/wind/map_table.c +++ /dev/null @@ -1,2613 +0,0 @@ -/* map_table.c */ -/* Automatically generated at 2008-03-18T11:38:08.353797 */ - - -#include "map_table.h" - -const struct translation _wind_map_table[] = { - {0x0, 0, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x1, 0, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x2, 0, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x3, 0, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x4, 0, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x5, 0, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x6, 0, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x7, 0, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x9, 1, 0, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0xa, 1, 1, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0xb, 1, 2, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0xc, 1, 3, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0xd, 1, 4, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0xe, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xf, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x10, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x11, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x12, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x13, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x14, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x15, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x16, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x17, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x18, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x19, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x1a, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x1b, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x1c, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x1d, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x1e, 0, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x20, 1, 5, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x41, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x42, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x43, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x44, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x45, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x46, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x47, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x48, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x49, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4a, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4b, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4c, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4d, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4e, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4f, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x50, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x51, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x52, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x53, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x54, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x55, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x56, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x57, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x58, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x59, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x5a, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x7f, 0, 32, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x80, 0, 32, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x81, 0, 32, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x82, 0, 32, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x83, 0, 32, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x85, 1, 32, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x86, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x87, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x88, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x89, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x8a, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x8b, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x8c, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x8d, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x8e, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x8f, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x90, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x91, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x92, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x93, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x94, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x95, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x96, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x97, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x98, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x99, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x9a, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x9b, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x9c, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x9d, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x9e, 0, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xa0, 1, 33, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0xad, 0, 34, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xb5, 1, 34, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xc0, 1, 35, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xc1, 1, 36, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xc2, 1, 37, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xc3, 1, 38, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xc4, 1, 39, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xc5, 1, 40, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xc6, 1, 41, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xc7, 1, 42, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xc8, 1, 43, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xc9, 1, 44, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xca, 1, 45, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xcb, 1, 46, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xcc, 1, 47, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xcd, 1, 48, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xce, 1, 49, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xcf, 1, 50, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xd0, 1, 51, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xd1, 1, 52, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xd2, 1, 53, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xd3, 1, 54, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xd4, 1, 55, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xd5, 1, 56, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xd6, 1, 57, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xd8, 1, 58, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xd9, 1, 59, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xda, 1, 60, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xdb, 1, 61, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xdc, 1, 62, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xdd, 1, 63, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xde, 1, 64, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xdf, 2, 65, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x100, 1, 67, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x102, 1, 68, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x104, 1, 69, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x106, 1, 70, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x108, 1, 71, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10a, 1, 72, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10c, 1, 73, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10e, 1, 74, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x110, 1, 75, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x112, 1, 76, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x114, 1, 77, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x116, 1, 78, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x118, 1, 79, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x11a, 1, 80, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x11c, 1, 81, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x11e, 1, 82, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x120, 1, 83, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x122, 1, 84, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x124, 1, 85, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x126, 1, 86, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x128, 1, 87, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x12a, 1, 88, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x12c, 1, 89, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x12e, 1, 90, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x130, 2, 91, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x132, 1, 93, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x134, 1, 94, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x136, 1, 95, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x139, 1, 96, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x13b, 1, 97, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x13d, 1, 98, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x13f, 1, 99, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x141, 1, 100, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x143, 1, 101, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x145, 1, 102, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x147, 1, 103, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x149, 2, 104, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x14a, 1, 106, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x14c, 1, 107, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x14e, 1, 108, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x150, 1, 109, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x152, 1, 110, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x154, 1, 111, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x156, 1, 112, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x158, 1, 113, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x15a, 1, 114, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x15c, 1, 115, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x15e, 1, 116, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x160, 1, 117, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x162, 1, 118, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x164, 1, 119, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x166, 1, 120, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x168, 1, 121, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x16a, 1, 122, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x16c, 1, 123, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x16e, 1, 124, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x170, 1, 125, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x172, 1, 126, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x174, 1, 127, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x176, 1, 128, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x178, 1, 129, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x179, 1, 130, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x17b, 1, 131, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x17d, 1, 132, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x17f, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x181, 1, 133, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x182, 1, 134, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x184, 1, 135, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x186, 1, 136, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x187, 1, 137, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x189, 1, 138, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x18a, 1, 139, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x18b, 1, 140, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x18e, 1, 141, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x18f, 1, 142, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x190, 1, 143, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x191, 1, 144, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x193, 1, 145, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x194, 1, 146, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x196, 1, 147, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x197, 1, 148, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x198, 1, 149, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x19c, 1, 150, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x19d, 1, 151, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x19f, 1, 152, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1a0, 1, 153, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1a2, 1, 154, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1a4, 1, 155, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1a6, 1, 156, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1a7, 1, 157, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1a9, 1, 158, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ac, 1, 159, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ae, 1, 160, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1af, 1, 161, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1b1, 1, 162, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1b2, 1, 163, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1b3, 1, 164, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1b5, 1, 165, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1b7, 1, 166, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1b8, 1, 167, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1bc, 1, 168, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1c4, 1, 169, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1c5, 1, 169, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1c7, 1, 170, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1c8, 1, 170, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ca, 1, 171, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1cb, 1, 171, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1cd, 1, 172, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1cf, 1, 173, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1d1, 1, 174, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1d3, 1, 175, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1d5, 1, 176, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1d7, 1, 177, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1d9, 1, 178, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1db, 1, 179, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1de, 1, 180, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e0, 1, 181, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e2, 1, 182, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e4, 1, 183, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e6, 1, 184, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e8, 1, 185, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ea, 1, 186, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ec, 1, 187, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ee, 1, 188, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f0, 2, 189, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f1, 1, 191, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f2, 1, 191, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f4, 1, 192, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f6, 1, 193, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f7, 1, 194, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f8, 1, 195, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fa, 1, 196, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fc, 1, 197, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fe, 1, 198, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x200, 1, 199, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x202, 1, 200, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x204, 1, 201, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x206, 1, 202, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x208, 1, 203, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x20a, 1, 204, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x20c, 1, 205, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x20e, 1, 206, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x210, 1, 207, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x212, 1, 208, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x214, 1, 209, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x216, 1, 210, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x218, 1, 211, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x21a, 1, 212, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x21c, 1, 213, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x21e, 1, 214, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x220, 1, 215, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x222, 1, 216, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x224, 1, 217, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x226, 1, 218, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x228, 1, 219, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x22a, 1, 220, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x22c, 1, 221, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x22e, 1, 222, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x230, 1, 223, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x232, 1, 224, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x345, 1, 225, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x34f, 0, 226, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0x37a, 2, 226, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x386, 1, 228, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x388, 1, 229, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x389, 1, 230, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x38a, 1, 231, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x38c, 1, 232, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x38e, 1, 233, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x38f, 1, 234, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x390, 3, 235, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x391, 1, 238, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x392, 1, 239, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x393, 1, 240, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x394, 1, 241, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x395, 1, 242, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x396, 1, 243, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x397, 1, 244, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x398, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x399, 1, 225, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x39a, 1, 246, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x39b, 1, 247, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x39c, 1, 34, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x39d, 1, 248, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x39e, 1, 249, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x39f, 1, 250, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3a0, 1, 251, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3a1, 1, 252, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3a3, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3a4, 1, 254, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3a5, 1, 255, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3a6, 1, 256, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3a7, 1, 257, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3a8, 1, 258, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3a9, 1, 259, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3aa, 1, 260, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3ab, 1, 261, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3b0, 3, 262, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3c2, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3d0, 1, 239, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3d1, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3d2, 1, 255, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3d3, 1, 233, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3d4, 1, 261, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3d5, 1, 256, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3d6, 1, 251, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3d8, 1, 265, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3da, 1, 266, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3dc, 1, 267, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3de, 1, 268, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3e0, 1, 269, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3e2, 1, 270, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3e4, 1, 271, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3e6, 1, 272, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3e8, 1, 273, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3ea, 1, 274, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3ec, 1, 275, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3ee, 1, 276, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3f0, 1, 246, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3f1, 1, 252, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3f2, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3f4, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3f5, 1, 242, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x400, 1, 277, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x401, 1, 278, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x402, 1, 279, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x403, 1, 280, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x404, 1, 281, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x405, 1, 282, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x406, 1, 283, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x407, 1, 284, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x408, 1, 285, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x409, 1, 286, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x40a, 1, 287, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x40b, 1, 288, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x40c, 1, 289, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x40d, 1, 290, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x40e, 1, 291, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x40f, 1, 292, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x410, 1, 293, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x411, 1, 294, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x412, 1, 295, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x413, 1, 296, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x414, 1, 297, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x415, 1, 298, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x416, 1, 299, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x417, 1, 300, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x418, 1, 301, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x419, 1, 302, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x41a, 1, 303, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x41b, 1, 304, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x41c, 1, 305, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x41d, 1, 306, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x41e, 1, 307, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x41f, 1, 308, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x420, 1, 309, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x421, 1, 310, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x422, 1, 311, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x423, 1, 312, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x424, 1, 313, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x425, 1, 314, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x426, 1, 315, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x427, 1, 316, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x428, 1, 317, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x429, 1, 318, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x42a, 1, 319, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x42b, 1, 320, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x42c, 1, 321, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x42d, 1, 322, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x42e, 1, 323, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x42f, 1, 324, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x460, 1, 325, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x462, 1, 326, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x464, 1, 327, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x466, 1, 328, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x468, 1, 329, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x46a, 1, 330, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x46c, 1, 331, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x46e, 1, 332, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x470, 1, 333, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x472, 1, 334, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x474, 1, 335, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x476, 1, 336, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x478, 1, 337, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x47a, 1, 338, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x47c, 1, 339, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x47e, 1, 340, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x480, 1, 341, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x48a, 1, 342, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x48c, 1, 343, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x48e, 1, 344, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x490, 1, 345, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x492, 1, 346, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x494, 1, 347, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x496, 1, 348, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x498, 1, 349, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x49a, 1, 350, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x49c, 1, 351, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x49e, 1, 352, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4a0, 1, 353, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4a2, 1, 354, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4a4, 1, 355, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4a6, 1, 356, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4a8, 1, 357, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4aa, 1, 358, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4ac, 1, 359, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4ae, 1, 360, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4b0, 1, 361, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4b2, 1, 362, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4b4, 1, 363, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4b6, 1, 364, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4b8, 1, 365, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4ba, 1, 366, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4bc, 1, 367, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4be, 1, 368, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4c1, 1, 369, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4c3, 1, 370, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4c5, 1, 371, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4c7, 1, 372, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4c9, 1, 373, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4cb, 1, 374, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4cd, 1, 375, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4d0, 1, 376, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4d2, 1, 377, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4d4, 1, 378, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4d6, 1, 379, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4d8, 1, 380, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4da, 1, 381, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4dc, 1, 382, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4de, 1, 383, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4e0, 1, 384, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4e2, 1, 385, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4e4, 1, 386, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4e6, 1, 387, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4e8, 1, 388, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4ea, 1, 389, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4ec, 1, 390, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4ee, 1, 391, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4f0, 1, 392, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4f2, 1, 393, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4f4, 1, 394, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x4f8, 1, 395, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x500, 1, 396, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x502, 1, 397, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x504, 1, 398, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x506, 1, 399, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x508, 1, 400, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x50a, 1, 401, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x50c, 1, 402, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x50e, 1, 403, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x531, 1, 404, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x532, 1, 405, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x533, 1, 406, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x534, 1, 407, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x535, 1, 408, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x536, 1, 409, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x537, 1, 410, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x538, 1, 411, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x539, 1, 412, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x53a, 1, 413, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x53b, 1, 414, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x53c, 1, 415, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x53d, 1, 416, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x53e, 1, 417, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x53f, 1, 418, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x540, 1, 419, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x541, 1, 420, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x542, 1, 421, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x543, 1, 422, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x544, 1, 423, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x545, 1, 424, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x546, 1, 425, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x547, 1, 426, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x548, 1, 427, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x549, 1, 428, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x54a, 1, 429, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x54b, 1, 430, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x54c, 1, 431, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x54d, 1, 432, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x54e, 1, 433, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x54f, 1, 434, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x550, 1, 435, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x551, 1, 436, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x552, 1, 437, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x553, 1, 438, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x554, 1, 439, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x555, 1, 440, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x556, 1, 441, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x587, 2, 442, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x6dd, 0, 444, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x70f, 0, 444, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x1680, 1, 444, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x1806, 0, 445, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0x180b, 0, 445, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0x180c, 0, 445, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0x180d, 0, 445, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0x180e, 0, 445, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x1e00, 1, 445, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e02, 1, 446, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e04, 1, 447, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e06, 1, 448, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e08, 1, 449, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e0a, 1, 450, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e0c, 1, 451, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e0e, 1, 452, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e10, 1, 453, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e12, 1, 454, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e14, 1, 455, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e16, 1, 456, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e18, 1, 457, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e1a, 1, 458, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e1c, 1, 459, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e1e, 1, 460, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e20, 1, 461, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e22, 1, 462, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e24, 1, 463, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e26, 1, 464, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e28, 1, 465, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e2a, 1, 466, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e2c, 1, 467, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e2e, 1, 468, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e30, 1, 469, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e32, 1, 470, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e34, 1, 471, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e36, 1, 472, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e38, 1, 473, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e3a, 1, 474, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e3c, 1, 475, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e3e, 1, 476, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e40, 1, 477, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e42, 1, 478, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e44, 1, 479, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e46, 1, 480, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e48, 1, 481, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e4a, 1, 482, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e4c, 1, 483, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e4e, 1, 484, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e50, 1, 485, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e52, 1, 486, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e54, 1, 487, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e56, 1, 488, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e58, 1, 489, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e5a, 1, 490, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e5c, 1, 491, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e5e, 1, 492, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e60, 1, 493, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e62, 1, 494, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e64, 1, 495, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e66, 1, 496, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e68, 1, 497, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e6a, 1, 498, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e6c, 1, 499, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e6e, 1, 500, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e70, 1, 501, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e72, 1, 502, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e74, 1, 503, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e76, 1, 504, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e78, 1, 505, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e7a, 1, 506, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e7c, 1, 507, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e7e, 1, 508, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e80, 1, 509, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e82, 1, 510, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e84, 1, 511, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e86, 1, 512, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e88, 1, 513, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e8a, 1, 514, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e8c, 1, 515, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e8e, 1, 516, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e90, 1, 517, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e92, 1, 518, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e94, 1, 519, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e96, 2, 520, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e97, 2, 522, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e98, 2, 524, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e99, 2, 526, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e9a, 2, 528, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1e9b, 1, 493, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ea0, 1, 530, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ea2, 1, 531, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ea4, 1, 532, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ea6, 1, 533, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ea8, 1, 534, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1eaa, 1, 535, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1eac, 1, 536, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1eae, 1, 537, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1eb0, 1, 538, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1eb2, 1, 539, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1eb4, 1, 540, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1eb6, 1, 541, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1eb8, 1, 542, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1eba, 1, 543, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ebc, 1, 544, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ebe, 1, 545, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ec0, 1, 546, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ec2, 1, 547, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ec4, 1, 548, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ec6, 1, 549, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ec8, 1, 550, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1eca, 1, 551, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ecc, 1, 552, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ece, 1, 553, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ed0, 1, 554, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ed2, 1, 555, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ed4, 1, 556, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ed6, 1, 557, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ed8, 1, 558, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1eda, 1, 559, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1edc, 1, 560, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ede, 1, 561, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ee0, 1, 562, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ee2, 1, 563, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ee4, 1, 564, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ee6, 1, 565, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ee8, 1, 566, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1eea, 1, 567, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1eec, 1, 568, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1eee, 1, 569, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ef0, 1, 570, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ef2, 1, 571, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ef4, 1, 572, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ef6, 1, 573, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ef8, 1, 574, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f08, 1, 575, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f09, 1, 576, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f0a, 1, 577, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f0b, 1, 578, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f0c, 1, 579, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f0d, 1, 580, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f0e, 1, 581, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f0f, 1, 582, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f18, 1, 583, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f19, 1, 584, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f1a, 1, 585, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f1b, 1, 586, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f1c, 1, 587, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f1d, 1, 588, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f28, 1, 589, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f29, 1, 590, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f2a, 1, 591, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f2b, 1, 592, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f2c, 1, 593, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f2d, 1, 594, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f2e, 1, 595, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f2f, 1, 596, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f38, 1, 597, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f39, 1, 598, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f3a, 1, 599, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f3b, 1, 600, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f3c, 1, 601, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f3d, 1, 602, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f3e, 1, 603, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f3f, 1, 604, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f48, 1, 605, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f49, 1, 606, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f4a, 1, 607, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f4b, 1, 608, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f4c, 1, 609, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f4d, 1, 610, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f50, 2, 611, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f52, 3, 613, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f54, 3, 616, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f56, 3, 619, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f59, 1, 622, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f5b, 1, 623, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f5d, 1, 624, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f5f, 1, 625, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f68, 1, 626, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f69, 1, 627, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f6a, 1, 628, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f6b, 1, 629, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f6c, 1, 630, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f6d, 1, 631, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f6e, 1, 632, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f6f, 1, 633, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f80, 2, 634, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f81, 2, 636, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f82, 2, 638, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f83, 2, 640, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f84, 2, 642, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f85, 2, 644, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f86, 2, 646, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f87, 2, 648, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f88, 2, 634, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f89, 2, 636, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f8a, 2, 638, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f8b, 2, 640, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f8c, 2, 642, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f8d, 2, 644, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f8e, 2, 646, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f8f, 2, 648, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f90, 2, 650, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f91, 2, 652, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f92, 2, 654, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f93, 2, 656, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f94, 2, 658, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f95, 2, 660, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f96, 2, 662, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f97, 2, 664, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f98, 2, 650, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f99, 2, 652, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f9a, 2, 654, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f9b, 2, 656, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f9c, 2, 658, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f9d, 2, 660, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f9e, 2, 662, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1f9f, 2, 664, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fa0, 2, 666, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fa1, 2, 668, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fa2, 2, 670, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fa3, 2, 672, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fa4, 2, 674, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fa5, 2, 676, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fa6, 2, 678, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fa7, 2, 680, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fa8, 2, 666, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fa9, 2, 668, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1faa, 2, 670, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fab, 2, 672, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fac, 2, 674, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fad, 2, 676, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fae, 2, 678, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1faf, 2, 680, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fb2, 2, 682, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fb3, 2, 684, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fb4, 2, 686, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fb6, 2, 688, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fb7, 3, 690, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fb8, 1, 693, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fb9, 1, 694, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fba, 1, 682, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fbb, 1, 695, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fbc, 2, 684, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fbe, 1, 225, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fc2, 2, 696, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fc3, 2, 698, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fc4, 2, 700, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fc6, 2, 702, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fc7, 3, 704, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fc8, 1, 707, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fc9, 1, 708, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fca, 1, 696, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fcb, 1, 709, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fcc, 2, 698, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fd2, 3, 710, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fd3, 3, 235, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fd6, 2, 713, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fd7, 3, 715, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fd8, 1, 718, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fd9, 1, 719, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fda, 1, 720, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fdb, 1, 721, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fe2, 3, 722, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fe3, 3, 262, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fe4, 2, 725, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fe6, 2, 727, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fe7, 3, 729, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fe8, 1, 732, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fe9, 1, 733, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fea, 1, 734, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1feb, 1, 735, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1fec, 1, 736, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ff2, 2, 737, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ff3, 2, 739, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ff4, 2, 234, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ff6, 2, 741, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ff7, 3, 743, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ff8, 1, 746, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ff9, 1, 747, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ffa, 1, 737, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ffb, 1, 748, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1ffc, 2, 739, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x2000, 1, 749, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x2001, 1, 750, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x2002, 1, 751, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x2003, 1, 752, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x2004, 1, 753, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x2005, 1, 754, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x2006, 1, 755, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x2007, 1, 756, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x2008, 1, 757, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x2009, 1, 758, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x200b, 0, 759, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0x200c, 0, 759, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0x200d, 0, 759, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0x200e, 0, 759, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x2028, 1, 759, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x202a, 0, 760, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x202b, 0, 760, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x202c, 0, 760, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x202d, 0, 760, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x202f, 1, 760, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x205f, 1, 761, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x2060, 0, 762, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0x2061, 0, 762, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x2062, 0, 762, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x206a, 0, 762, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x206b, 0, 762, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x206c, 0, 762, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x206d, 0, 762, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x206e, 0, 762, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x20a8, 2, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2102, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2103, 2, 762, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2107, 1, 143, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2109, 2, 764, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x210b, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x210c, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x210d, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2110, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2111, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2112, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2115, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2116, 2, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2119, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x211a, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x211b, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x211c, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x211d, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2120, 2, 766, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2121, 3, 768, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2122, 2, 771, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2124, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2126, 1, 259, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x2128, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x212a, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x212b, 1, 40, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x212c, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x212d, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2130, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2131, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2133, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x213e, 1, 240, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x213f, 1, 251, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2145, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x2160, 1, 773, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x2161, 1, 774, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x2162, 1, 775, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x2163, 1, 776, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x2164, 1, 777, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x2165, 1, 778, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x2166, 1, 779, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x2167, 1, 780, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x2168, 1, 781, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x2169, 1, 782, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x216a, 1, 783, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x216b, 1, 784, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x216c, 1, 785, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x216d, 1, 786, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x216e, 1, 787, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x216f, 1, 788, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24b6, 1, 789, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24b7, 1, 790, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24b8, 1, 791, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24b9, 1, 792, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24ba, 1, 793, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24bb, 1, 794, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24bc, 1, 795, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24bd, 1, 796, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24be, 1, 797, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24bf, 1, 798, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24c0, 1, 799, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24c1, 1, 800, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24c2, 1, 801, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24c3, 1, 802, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24c4, 1, 803, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24c5, 1, 804, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24c6, 1, 805, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24c7, 1, 806, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24c8, 1, 807, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24c9, 1, 808, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24ca, 1, 809, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24cb, 1, 810, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24cc, 1, 811, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24cd, 1, 812, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24ce, 1, 813, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x24cf, 1, 814, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x3000, 1, 815, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to SPACE */ - {0x3371, 3, 816, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3373, 2, 819, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3375, 2, 821, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3380, 2, 817, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3381, 2, 823, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3382, 2, 825, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3383, 2, 827, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3384, 2, 829, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3385, 2, 831, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3386, 2, 833, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3387, 2, 835, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x338a, 2, 837, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x338b, 2, 839, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x338c, 2, 841, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3390, 2, 843, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3391, 3, 845, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3392, 3, 848, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3393, 3, 851, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x3394, 3, 854, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33a9, 2, 817, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33aa, 3, 857, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33ab, 3, 860, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33ac, 3, 863, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33b4, 2, 866, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33b5, 2, 868, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33b6, 2, 870, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33b7, 2, 872, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33b8, 2, 874, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33b9, 2, 872, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33ba, 2, 876, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33bb, 2, 878, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33bc, 2, 880, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33bd, 2, 882, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33be, 2, 884, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33bf, 2, 882, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33c0, 2, 886, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33c1, 2, 888, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33c3, 2, 890, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33c6, 4, 892, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33c7, 3, 896, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33c8, 2, 899, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33c9, 2, 901, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33cb, 2, 816, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33cd, 2, 903, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33ce, 2, 905, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33d7, 2, 907, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33d9, 3, 909, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33da, 2, 912, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33dc, 2, 914, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x33dd, 2, 916, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0xfb00, 2, 918, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xfb01, 2, 920, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xfb02, 2, 922, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xfb03, 3, 919, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xfb04, 3, 924, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xfb05, 2, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xfb06, 2, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xfb13, 2, 927, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xfb14, 2, 929, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xfb15, 2, 931, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xfb16, 2, 933, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xfb17, 2, 935, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xfe00, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xfe01, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xfe02, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xfe03, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xfe04, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xfe05, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xfe06, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xfe07, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xfe08, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xfe09, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xfe0a, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xfe0b, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xfe0c, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xfe0d, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xfe0e, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xfe0f, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xfeff, 0, 937, WIND_PROFILE_NAME|WIND_PROFILE_SASL|WIND_PROFILE_LDAP}, /* B.1,rfc4518-map: Map to nothing */ - {0xff21, 1, 937, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff22, 1, 938, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff23, 1, 939, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff24, 1, 940, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff25, 1, 941, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff26, 1, 942, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff27, 1, 943, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff28, 1, 944, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff29, 1, 945, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff2a, 1, 946, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff2b, 1, 947, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff2c, 1, 948, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff2d, 1, 949, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff2e, 1, 950, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff2f, 1, 951, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff30, 1, 952, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff31, 1, 953, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff32, 1, 954, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff33, 1, 955, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff34, 1, 956, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff35, 1, 957, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff36, 1, 958, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff37, 1, 959, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff38, 1, 960, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff39, 1, 961, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xff3a, 1, 962, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0xfff9, 0, 963, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xfffa, 0, 963, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xfffc, 0, 963, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x10400, 1, 963, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10401, 1, 964, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10402, 1, 965, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10403, 1, 966, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10404, 1, 967, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10405, 1, 968, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10406, 1, 969, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10407, 1, 970, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10408, 1, 971, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10409, 1, 972, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1040a, 1, 973, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1040b, 1, 974, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1040c, 1, 975, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1040d, 1, 976, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1040e, 1, 977, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1040f, 1, 978, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10410, 1, 979, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10411, 1, 980, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10412, 1, 981, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10413, 1, 982, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10414, 1, 983, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10415, 1, 984, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10416, 1, 985, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10417, 1, 986, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10418, 1, 987, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10419, 1, 988, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1041a, 1, 989, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1041b, 1, 990, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1041c, 1, 991, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1041d, 1, 992, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1041e, 1, 993, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1041f, 1, 994, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10420, 1, 995, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10421, 1, 996, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10422, 1, 997, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10423, 1, 998, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10424, 1, 999, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x10425, 1, 1000, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Case map */ - {0x1d173, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x1d174, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x1d175, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x1d176, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x1d177, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x1d178, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x1d179, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0x1d400, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d401, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d402, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d403, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d404, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d405, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d406, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d407, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d408, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d409, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d40a, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d40b, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d40c, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d40d, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d40e, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d40f, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d410, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d411, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d412, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d413, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d414, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d415, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d416, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d417, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d418, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d419, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d434, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d435, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d436, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d437, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d438, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d439, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d43a, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d43b, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d43c, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d43d, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d43e, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d43f, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d440, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d441, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d442, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d443, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d444, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d445, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d446, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d447, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d448, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d449, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d44a, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d44b, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d44c, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d44d, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d468, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d469, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d46a, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d46b, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d46c, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d46d, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d46e, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d46f, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d470, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d471, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d472, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d473, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d474, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d475, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d476, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d477, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d478, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d479, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d47a, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d47b, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d47c, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d47d, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d47e, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d47f, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d480, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d481, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d49c, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d49e, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d49f, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4a2, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4a5, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4a6, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4a9, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4aa, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4ab, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4ac, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4ae, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4af, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4b0, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4b1, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4b2, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4b3, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4b4, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4b5, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4d0, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4d1, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4d2, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4d3, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4d4, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4d5, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4d6, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4d7, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4d8, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4d9, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4da, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4db, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4dc, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4dd, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4de, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4df, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4e0, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4e1, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4e2, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4e3, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4e4, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4e5, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4e6, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4e7, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4e8, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d4e9, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d504, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d505, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d507, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d508, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d509, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d50a, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d50d, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d50e, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d50f, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d510, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d511, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d512, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d513, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d514, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d516, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d517, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d518, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d519, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d51a, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d51b, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d51c, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d538, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d539, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d53b, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d53c, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d53d, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d53e, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d540, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d541, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d542, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d543, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d544, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d546, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d54a, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d54b, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d54c, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d54d, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d54e, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d54f, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d550, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d56c, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d56d, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d56e, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d56f, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d570, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d571, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d572, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d573, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d574, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d575, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d576, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d577, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d578, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d579, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d57a, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d57b, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d57c, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d57d, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d57e, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d57f, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d580, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d581, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d582, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d583, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d584, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d585, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5a0, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5a1, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5a2, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5a3, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5a4, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5a5, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5a6, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5a7, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5a8, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5a9, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5aa, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5ab, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5ac, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5ad, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5ae, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5af, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5b0, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5b1, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5b2, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5b3, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5b4, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5b5, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5b6, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5b7, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5b8, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5b9, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5d4, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5d5, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5d6, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5d7, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5d8, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5d9, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5da, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5db, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5dc, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5dd, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5de, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5df, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5e0, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5e1, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5e2, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5e3, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5e4, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5e5, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5e6, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5e7, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5e8, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5e9, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5ea, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5eb, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5ec, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d5ed, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d608, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d609, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d60a, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d60b, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d60c, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d60d, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d60e, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d60f, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d610, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d611, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d612, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d613, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d614, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d615, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d616, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d617, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d618, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d619, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d61a, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d61b, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d61c, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d61d, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d61e, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d61f, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d620, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d621, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d63c, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d63d, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d63e, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d63f, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d640, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d641, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d642, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d643, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d644, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d645, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d646, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d647, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d648, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d649, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d64a, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d64b, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d64c, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d64d, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d64e, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d64f, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d650, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d651, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d652, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d653, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d654, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d655, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d670, 1, 6, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d671, 1, 7, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d672, 1, 8, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d673, 1, 9, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d674, 1, 10, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d675, 1, 11, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d676, 1, 12, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d677, 1, 13, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d678, 1, 14, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d679, 1, 15, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d67a, 1, 16, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d67b, 1, 17, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d67c, 1, 18, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d67d, 1, 19, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d67e, 1, 20, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d67f, 1, 21, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d680, 1, 22, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d681, 1, 23, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d682, 1, 24, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d683, 1, 25, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d684, 1, 26, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d685, 1, 27, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d686, 1, 28, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d687, 1, 29, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d688, 1, 30, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d689, 1, 31, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6a8, 1, 238, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6a9, 1, 239, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6aa, 1, 240, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6ab, 1, 241, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6ac, 1, 242, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6ad, 1, 243, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6ae, 1, 244, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6af, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6b0, 1, 225, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6b1, 1, 246, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6b2, 1, 247, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6b3, 1, 34, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6b4, 1, 248, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6b5, 1, 249, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6b6, 1, 250, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6b7, 1, 251, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6b8, 1, 252, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6b9, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6ba, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6bb, 1, 254, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6bc, 1, 255, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6bd, 1, 256, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6be, 1, 257, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6bf, 1, 258, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6c0, 1, 259, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6d3, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6e2, 1, 238, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6e3, 1, 239, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6e4, 1, 240, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6e5, 1, 241, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6e6, 1, 242, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6e7, 1, 243, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6e8, 1, 244, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6e9, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6ea, 1, 225, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6eb, 1, 246, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6ec, 1, 247, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6ed, 1, 34, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6ee, 1, 248, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6ef, 1, 249, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6f0, 1, 250, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6f1, 1, 251, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6f2, 1, 252, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6f3, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6f4, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6f5, 1, 254, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6f6, 1, 255, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6f7, 1, 256, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6f8, 1, 257, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6f9, 1, 258, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d6fa, 1, 259, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d70d, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d71c, 1, 238, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d71d, 1, 239, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d71e, 1, 240, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d71f, 1, 241, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d720, 1, 242, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d721, 1, 243, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d722, 1, 244, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d723, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d724, 1, 225, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d725, 1, 246, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d726, 1, 247, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d727, 1, 34, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d728, 1, 248, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d729, 1, 249, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d72a, 1, 250, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d72b, 1, 251, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d72c, 1, 252, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d72d, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d72e, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d72f, 1, 254, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d730, 1, 255, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d731, 1, 256, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d732, 1, 257, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d733, 1, 258, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d734, 1, 259, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d747, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d756, 1, 238, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d757, 1, 239, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d758, 1, 240, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d759, 1, 241, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d75a, 1, 242, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d75b, 1, 243, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d75c, 1, 244, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d75d, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d75e, 1, 225, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d75f, 1, 246, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d760, 1, 247, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d761, 1, 34, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d762, 1, 248, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d763, 1, 249, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d764, 1, 250, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d765, 1, 251, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d766, 1, 252, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d767, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d768, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d769, 1, 254, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d76a, 1, 255, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d76b, 1, 256, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d76c, 1, 257, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d76d, 1, 258, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d76e, 1, 259, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d781, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d790, 1, 238, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d791, 1, 239, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d792, 1, 240, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d793, 1, 241, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d794, 1, 242, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d795, 1, 243, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d796, 1, 244, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d797, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d798, 1, 225, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d799, 1, 246, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d79a, 1, 247, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d79b, 1, 34, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d79c, 1, 248, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d79d, 1, 249, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d79e, 1, 250, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d79f, 1, 251, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d7a0, 1, 252, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d7a1, 1, 245, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d7a2, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d7a3, 1, 254, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d7a4, 1, 255, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d7a5, 1, 256, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d7a6, 1, 257, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d7a7, 1, 258, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d7a8, 1, 259, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0x1d7bb, 1, 253, WIND_PROFILE_NAME|WIND_PROFILE_LDAP}, /* B.2: Additional folding */ - {0xe0001, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0020, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0021, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0022, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0023, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0024, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0025, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0026, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0027, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0028, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0029, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe002a, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe002b, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe002c, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe002d, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe002e, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe002f, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0030, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0031, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0032, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0033, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0034, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0035, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0036, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0037, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0038, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0039, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe003a, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe003b, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe003c, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe003d, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe003e, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe003f, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0040, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0041, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0042, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0043, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0044, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0045, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0046, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0047, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0048, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0049, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe004a, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe004b, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe004c, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe004d, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe004e, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe004f, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0050, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0051, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0052, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0053, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0054, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0055, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0056, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0057, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0058, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0059, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe005a, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe005b, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe005c, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe005d, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe005e, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe005f, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0060, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0061, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0062, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0063, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0064, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0065, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0066, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0067, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0068, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0069, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe006a, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe006b, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe006c, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe006d, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe006e, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe006f, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0070, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0071, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0072, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0073, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0074, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0075, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0076, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0077, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0078, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe0079, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe007a, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe007b, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe007c, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe007d, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - {0xe007e, 0, 1001, WIND_PROFILE_LDAP}, /* rfc4518-map: Map to nothing */ - -}; - -const size_t _wind_map_table_size = 1597; - -const uint32_t _wind_map_table_val[] = { - 0x0020, - 0x0020, - 0x0020, - 0x0020, - 0x0020, - 0x0020, - 0x0061, - 0x0062, - 0x0063, - 0x0064, - 0x0065, - 0x0066, - 0x0067, - 0x0068, - 0x0069, - 0x006A, - 0x006B, - 0x006C, - 0x006D, - 0x006E, - 0x006F, - 0x0070, - 0x0071, - 0x0072, - 0x0073, - 0x0074, - 0x0075, - 0x0076, - 0x0077, - 0x0078, - 0x0079, - 0x007A, - 0x0020, - 0x0020, - 0x03BC, - 0x00E0, - 0x00E1, - 0x00E2, - 0x00E3, - 0x00E4, - 0x00E5, - 0x00E6, - 0x00E7, - 0x00E8, - 0x00E9, - 0x00EA, - 0x00EB, - 0x00EC, - 0x00ED, - 0x00EE, - 0x00EF, - 0x00F0, - 0x00F1, - 0x00F2, - 0x00F3, - 0x00F4, - 0x00F5, - 0x00F6, - 0x00F8, - 0x00F9, - 0x00FA, - 0x00FB, - 0x00FC, - 0x00FD, - 0x00FE, - 0x0073, - 0x0073, - 0x0101, - 0x0103, - 0x0105, - 0x0107, - 0x0109, - 0x010B, - 0x010D, - 0x010F, - 0x0111, - 0x0113, - 0x0115, - 0x0117, - 0x0119, - 0x011B, - 0x011D, - 0x011F, - 0x0121, - 0x0123, - 0x0125, - 0x0127, - 0x0129, - 0x012B, - 0x012D, - 0x012F, - 0x0069, - 0x0307, - 0x0133, - 0x0135, - 0x0137, - 0x013A, - 0x013C, - 0x013E, - 0x0140, - 0x0142, - 0x0144, - 0x0146, - 0x0148, - 0x02BC, - 0x006E, - 0x014B, - 0x014D, - 0x014F, - 0x0151, - 0x0153, - 0x0155, - 0x0157, - 0x0159, - 0x015B, - 0x015D, - 0x015F, - 0x0161, - 0x0163, - 0x0165, - 0x0167, - 0x0169, - 0x016B, - 0x016D, - 0x016F, - 0x0171, - 0x0173, - 0x0175, - 0x0177, - 0x00FF, - 0x017A, - 0x017C, - 0x017E, - 0x0253, - 0x0183, - 0x0185, - 0x0254, - 0x0188, - 0x0256, - 0x0257, - 0x018C, - 0x01DD, - 0x0259, - 0x025B, - 0x0192, - 0x0260, - 0x0263, - 0x0269, - 0x0268, - 0x0199, - 0x026F, - 0x0272, - 0x0275, - 0x01A1, - 0x01A3, - 0x01A5, - 0x0280, - 0x01A8, - 0x0283, - 0x01AD, - 0x0288, - 0x01B0, - 0x028A, - 0x028B, - 0x01B4, - 0x01B6, - 0x0292, - 0x01B9, - 0x01BD, - 0x01C6, - 0x01C9, - 0x01CC, - 0x01CE, - 0x01D0, - 0x01D2, - 0x01D4, - 0x01D6, - 0x01D8, - 0x01DA, - 0x01DC, - 0x01DF, - 0x01E1, - 0x01E3, - 0x01E5, - 0x01E7, - 0x01E9, - 0x01EB, - 0x01ED, - 0x01EF, - 0x006A, - 0x030C, - 0x01F3, - 0x01F5, - 0x0195, - 0x01BF, - 0x01F9, - 0x01FB, - 0x01FD, - 0x01FF, - 0x0201, - 0x0203, - 0x0205, - 0x0207, - 0x0209, - 0x020B, - 0x020D, - 0x020F, - 0x0211, - 0x0213, - 0x0215, - 0x0217, - 0x0219, - 0x021B, - 0x021D, - 0x021F, - 0x019E, - 0x0223, - 0x0225, - 0x0227, - 0x0229, - 0x022B, - 0x022D, - 0x022F, - 0x0231, - 0x0233, - 0x03B9, - 0x0020, - 0x03B9, - 0x03AC, - 0x03AD, - 0x03AE, - 0x03AF, - 0x03CC, - 0x03CD, - 0x03CE, - 0x03B9, - 0x0308, - 0x0301, - 0x03B1, - 0x03B2, - 0x03B3, - 0x03B4, - 0x03B5, - 0x03B6, - 0x03B7, - 0x03B8, - 0x03BA, - 0x03BB, - 0x03BD, - 0x03BE, - 0x03BF, - 0x03C0, - 0x03C1, - 0x03C3, - 0x03C4, - 0x03C5, - 0x03C6, - 0x03C7, - 0x03C8, - 0x03C9, - 0x03CA, - 0x03CB, - 0x03C5, - 0x0308, - 0x0301, - 0x03D9, - 0x03DB, - 0x03DD, - 0x03DF, - 0x03E1, - 0x03E3, - 0x03E5, - 0x03E7, - 0x03E9, - 0x03EB, - 0x03ED, - 0x03EF, - 0x0450, - 0x0451, - 0x0452, - 0x0453, - 0x0454, - 0x0455, - 0x0456, - 0x0457, - 0x0458, - 0x0459, - 0x045A, - 0x045B, - 0x045C, - 0x045D, - 0x045E, - 0x045F, - 0x0430, - 0x0431, - 0x0432, - 0x0433, - 0x0434, - 0x0435, - 0x0436, - 0x0437, - 0x0438, - 0x0439, - 0x043A, - 0x043B, - 0x043C, - 0x043D, - 0x043E, - 0x043F, - 0x0440, - 0x0441, - 0x0442, - 0x0443, - 0x0444, - 0x0445, - 0x0446, - 0x0447, - 0x0448, - 0x0449, - 0x044A, - 0x044B, - 0x044C, - 0x044D, - 0x044E, - 0x044F, - 0x0461, - 0x0463, - 0x0465, - 0x0467, - 0x0469, - 0x046B, - 0x046D, - 0x046F, - 0x0471, - 0x0473, - 0x0475, - 0x0477, - 0x0479, - 0x047B, - 0x047D, - 0x047F, - 0x0481, - 0x048B, - 0x048D, - 0x048F, - 0x0491, - 0x0493, - 0x0495, - 0x0497, - 0x0499, - 0x049B, - 0x049D, - 0x049F, - 0x04A1, - 0x04A3, - 0x04A5, - 0x04A7, - 0x04A9, - 0x04AB, - 0x04AD, - 0x04AF, - 0x04B1, - 0x04B3, - 0x04B5, - 0x04B7, - 0x04B9, - 0x04BB, - 0x04BD, - 0x04BF, - 0x04C2, - 0x04C4, - 0x04C6, - 0x04C8, - 0x04CA, - 0x04CC, - 0x04CE, - 0x04D1, - 0x04D3, - 0x04D5, - 0x04D7, - 0x04D9, - 0x04DB, - 0x04DD, - 0x04DF, - 0x04E1, - 0x04E3, - 0x04E5, - 0x04E7, - 0x04E9, - 0x04EB, - 0x04ED, - 0x04EF, - 0x04F1, - 0x04F3, - 0x04F5, - 0x04F9, - 0x0501, - 0x0503, - 0x0505, - 0x0507, - 0x0509, - 0x050B, - 0x050D, - 0x050F, - 0x0561, - 0x0562, - 0x0563, - 0x0564, - 0x0565, - 0x0566, - 0x0567, - 0x0568, - 0x0569, - 0x056A, - 0x056B, - 0x056C, - 0x056D, - 0x056E, - 0x056F, - 0x0570, - 0x0571, - 0x0572, - 0x0573, - 0x0574, - 0x0575, - 0x0576, - 0x0577, - 0x0578, - 0x0579, - 0x057A, - 0x057B, - 0x057C, - 0x057D, - 0x057E, - 0x057F, - 0x0580, - 0x0581, - 0x0582, - 0x0583, - 0x0584, - 0x0585, - 0x0586, - 0x0565, - 0x0582, - 0x0020, - 0x1E01, - 0x1E03, - 0x1E05, - 0x1E07, - 0x1E09, - 0x1E0B, - 0x1E0D, - 0x1E0F, - 0x1E11, - 0x1E13, - 0x1E15, - 0x1E17, - 0x1E19, - 0x1E1B, - 0x1E1D, - 0x1E1F, - 0x1E21, - 0x1E23, - 0x1E25, - 0x1E27, - 0x1E29, - 0x1E2B, - 0x1E2D, - 0x1E2F, - 0x1E31, - 0x1E33, - 0x1E35, - 0x1E37, - 0x1E39, - 0x1E3B, - 0x1E3D, - 0x1E3F, - 0x1E41, - 0x1E43, - 0x1E45, - 0x1E47, - 0x1E49, - 0x1E4B, - 0x1E4D, - 0x1E4F, - 0x1E51, - 0x1E53, - 0x1E55, - 0x1E57, - 0x1E59, - 0x1E5B, - 0x1E5D, - 0x1E5F, - 0x1E61, - 0x1E63, - 0x1E65, - 0x1E67, - 0x1E69, - 0x1E6B, - 0x1E6D, - 0x1E6F, - 0x1E71, - 0x1E73, - 0x1E75, - 0x1E77, - 0x1E79, - 0x1E7B, - 0x1E7D, - 0x1E7F, - 0x1E81, - 0x1E83, - 0x1E85, - 0x1E87, - 0x1E89, - 0x1E8B, - 0x1E8D, - 0x1E8F, - 0x1E91, - 0x1E93, - 0x1E95, - 0x0068, - 0x0331, - 0x0074, - 0x0308, - 0x0077, - 0x030A, - 0x0079, - 0x030A, - 0x0061, - 0x02BE, - 0x1EA1, - 0x1EA3, - 0x1EA5, - 0x1EA7, - 0x1EA9, - 0x1EAB, - 0x1EAD, - 0x1EAF, - 0x1EB1, - 0x1EB3, - 0x1EB5, - 0x1EB7, - 0x1EB9, - 0x1EBB, - 0x1EBD, - 0x1EBF, - 0x1EC1, - 0x1EC3, - 0x1EC5, - 0x1EC7, - 0x1EC9, - 0x1ECB, - 0x1ECD, - 0x1ECF, - 0x1ED1, - 0x1ED3, - 0x1ED5, - 0x1ED7, - 0x1ED9, - 0x1EDB, - 0x1EDD, - 0x1EDF, - 0x1EE1, - 0x1EE3, - 0x1EE5, - 0x1EE7, - 0x1EE9, - 0x1EEB, - 0x1EED, - 0x1EEF, - 0x1EF1, - 0x1EF3, - 0x1EF5, - 0x1EF7, - 0x1EF9, - 0x1F00, - 0x1F01, - 0x1F02, - 0x1F03, - 0x1F04, - 0x1F05, - 0x1F06, - 0x1F07, - 0x1F10, - 0x1F11, - 0x1F12, - 0x1F13, - 0x1F14, - 0x1F15, - 0x1F20, - 0x1F21, - 0x1F22, - 0x1F23, - 0x1F24, - 0x1F25, - 0x1F26, - 0x1F27, - 0x1F30, - 0x1F31, - 0x1F32, - 0x1F33, - 0x1F34, - 0x1F35, - 0x1F36, - 0x1F37, - 0x1F40, - 0x1F41, - 0x1F42, - 0x1F43, - 0x1F44, - 0x1F45, - 0x03C5, - 0x0313, - 0x03C5, - 0x0313, - 0x0300, - 0x03C5, - 0x0313, - 0x0301, - 0x03C5, - 0x0313, - 0x0342, - 0x1F51, - 0x1F53, - 0x1F55, - 0x1F57, - 0x1F60, - 0x1F61, - 0x1F62, - 0x1F63, - 0x1F64, - 0x1F65, - 0x1F66, - 0x1F67, - 0x1F00, - 0x03B9, - 0x1F01, - 0x03B9, - 0x1F02, - 0x03B9, - 0x1F03, - 0x03B9, - 0x1F04, - 0x03B9, - 0x1F05, - 0x03B9, - 0x1F06, - 0x03B9, - 0x1F07, - 0x03B9, - 0x1F20, - 0x03B9, - 0x1F21, - 0x03B9, - 0x1F22, - 0x03B9, - 0x1F23, - 0x03B9, - 0x1F24, - 0x03B9, - 0x1F25, - 0x03B9, - 0x1F26, - 0x03B9, - 0x1F27, - 0x03B9, - 0x1F60, - 0x03B9, - 0x1F61, - 0x03B9, - 0x1F62, - 0x03B9, - 0x1F63, - 0x03B9, - 0x1F64, - 0x03B9, - 0x1F65, - 0x03B9, - 0x1F66, - 0x03B9, - 0x1F67, - 0x03B9, - 0x1F70, - 0x03B9, - 0x03B1, - 0x03B9, - 0x03AC, - 0x03B9, - 0x03B1, - 0x0342, - 0x03B1, - 0x0342, - 0x03B9, - 0x1FB0, - 0x1FB1, - 0x1F71, - 0x1F74, - 0x03B9, - 0x03B7, - 0x03B9, - 0x03AE, - 0x03B9, - 0x03B7, - 0x0342, - 0x03B7, - 0x0342, - 0x03B9, - 0x1F72, - 0x1F73, - 0x1F75, - 0x03B9, - 0x0308, - 0x0300, - 0x03B9, - 0x0342, - 0x03B9, - 0x0308, - 0x0342, - 0x1FD0, - 0x1FD1, - 0x1F76, - 0x1F77, - 0x03C5, - 0x0308, - 0x0300, - 0x03C1, - 0x0313, - 0x03C5, - 0x0342, - 0x03C5, - 0x0308, - 0x0342, - 0x1FE0, - 0x1FE1, - 0x1F7A, - 0x1F7B, - 0x1FE5, - 0x1F7C, - 0x03B9, - 0x03C9, - 0x03B9, - 0x03C9, - 0x0342, - 0x03C9, - 0x0342, - 0x03B9, - 0x1F78, - 0x1F79, - 0x1F7D, - 0x0020, - 0x0020, - 0x0020, - 0x0020, - 0x0020, - 0x0020, - 0x0020, - 0x0020, - 0x0020, - 0x0020, - 0x0020, - 0x0020, - 0x0020, - 0x00B0, - 0x0063, - 0x00B0, - 0x0066, - 0x0073, - 0x006D, - 0x0074, - 0x0065, - 0x006C, - 0x0074, - 0x006D, - 0x2170, - 0x2171, - 0x2172, - 0x2173, - 0x2174, - 0x2175, - 0x2176, - 0x2177, - 0x2178, - 0x2179, - 0x217A, - 0x217B, - 0x217C, - 0x217D, - 0x217E, - 0x217F, - 0x24D0, - 0x24D1, - 0x24D2, - 0x24D3, - 0x24D4, - 0x24D5, - 0x24D6, - 0x24D7, - 0x24D8, - 0x24D9, - 0x24DA, - 0x24DB, - 0x24DC, - 0x24DD, - 0x24DE, - 0x24DF, - 0x24E0, - 0x24E1, - 0x24E2, - 0x24E3, - 0x24E4, - 0x24E5, - 0x24E6, - 0x24E7, - 0x24E8, - 0x24E9, - 0x0020, - 0x0068, - 0x0070, - 0x0061, - 0x0061, - 0x0075, - 0x006F, - 0x0076, - 0x006E, - 0x0061, - 0x03BC, - 0x0061, - 0x006D, - 0x0061, - 0x006B, - 0x0061, - 0x006B, - 0x0062, - 0x006D, - 0x0062, - 0x0067, - 0x0062, - 0x0070, - 0x0066, - 0x006E, - 0x0066, - 0x03BC, - 0x0066, - 0x0068, - 0x007A, - 0x006B, - 0x0068, - 0x007A, - 0x006D, - 0x0068, - 0x007A, - 0x0067, - 0x0068, - 0x007A, - 0x0074, - 0x0068, - 0x007A, - 0x006B, - 0x0070, - 0x0061, - 0x006D, - 0x0070, - 0x0061, - 0x0067, - 0x0070, - 0x0061, - 0x0070, - 0x0076, - 0x006E, - 0x0076, - 0x03BC, - 0x0076, - 0x006D, - 0x0076, - 0x006B, - 0x0076, - 0x0070, - 0x0077, - 0x006E, - 0x0077, - 0x03BC, - 0x0077, - 0x006D, - 0x0077, - 0x006B, - 0x0077, - 0x006B, - 0x03C9, - 0x006D, - 0x03C9, - 0x0062, - 0x0071, - 0x0063, - 0x2215, - 0x006B, - 0x0067, - 0x0063, - 0x006F, - 0x002E, - 0x0064, - 0x0062, - 0x0067, - 0x0079, - 0x006B, - 0x006B, - 0x006B, - 0x006D, - 0x0070, - 0x0068, - 0x0070, - 0x0070, - 0x006D, - 0x0070, - 0x0072, - 0x0073, - 0x0076, - 0x0077, - 0x0062, - 0x0066, - 0x0066, - 0x0066, - 0x0069, - 0x0066, - 0x006C, - 0x0066, - 0x0066, - 0x006C, - 0x0574, - 0x0576, - 0x0574, - 0x0565, - 0x0574, - 0x056B, - 0x057E, - 0x0576, - 0x0574, - 0x056D, - 0xFF41, - 0xFF42, - 0xFF43, - 0xFF44, - 0xFF45, - 0xFF46, - 0xFF47, - 0xFF48, - 0xFF49, - 0xFF4A, - 0xFF4B, - 0xFF4C, - 0xFF4D, - 0xFF4E, - 0xFF4F, - 0xFF50, - 0xFF51, - 0xFF52, - 0xFF53, - 0xFF54, - 0xFF55, - 0xFF56, - 0xFF57, - 0xFF58, - 0xFF59, - 0xFF5A, - 0x10428, - 0x10429, - 0x1042A, - 0x1042B, - 0x1042C, - 0x1042D, - 0x1042E, - 0x1042F, - 0x10430, - 0x10431, - 0x10432, - 0x10433, - 0x10434, - 0x10435, - 0x10436, - 0x10437, - 0x10438, - 0x10439, - 0x1043A, - 0x1043B, - 0x1043C, - 0x1043D, - 0x1043E, - 0x1043F, - 0x10440, - 0x10441, - 0x10442, - 0x10443, - 0x10444, - 0x10445, - 0x10446, - 0x10447, - 0x10448, - 0x10449, - 0x1044A, - 0x1044B, - 0x1044C, - 0x1044D, -}; - diff --git a/source4/heimdal/lib/wind/map_table.h b/source4/heimdal/lib/wind/map_table.h deleted file mode 100644 index 4b4565472d..0000000000 --- a/source4/heimdal/lib/wind/map_table.h +++ /dev/null @@ -1,22 +0,0 @@ -/* map_table.h */ -/* Automatically generated at 2008-03-18T11:38:08.353625 */ - -#ifndef MAP_TABLE_H -#define MAP_TABLE_H 1 - -#include "windlocl.h" - -struct translation { - uint32_t key; - unsigned short val_len; - unsigned short val_offset; - wind_profile_flags flags; -}; - -extern const struct translation _wind_map_table[]; - -extern const size_t _wind_map_table_size; - -extern const uint32_t _wind_map_table_val[]; - -#endif /* MAP_TABLE_H */ diff --git a/source4/heimdal/lib/wind/normalize_table.c b/source4/heimdal/lib/wind/normalize_table.c deleted file mode 100644 index c8893193a7..0000000000 --- a/source4/heimdal/lib/wind/normalize_table.c +++ /dev/null @@ -1,22976 +0,0 @@ -/* normalize_table.c */ -/* Automatically generated at 2008-03-18T11:38:08.923861 */ - - -#include "normalize_table.h" - -const struct translation _wind_normalize_table[] = { - {0xa0, 1, 0}, /* NO-BREAK SPACE */ - {0xa8, 2, 1}, /* DIAERESIS */ - {0xaa, 1, 3}, /* FEMININE ORDINAL INDICATOR */ - {0xaf, 2, 4}, /* MACRON */ - {0xb2, 1, 6}, /* SUPERSCRIPT TWO */ - {0xb3, 1, 7}, /* SUPERSCRIPT THREE */ - {0xb4, 2, 8}, /* ACUTE ACCENT */ - {0xb5, 1, 10}, /* MICRO SIGN */ - {0xb8, 2, 11}, /* CEDILLA */ - {0xb9, 1, 13}, /* SUPERSCRIPT ONE */ - {0xba, 1, 14}, /* MASCULINE ORDINAL INDICATOR */ - {0xbc, 3, 15}, /* VULGAR FRACTION ONE QUARTER */ - {0xbd, 3, 18}, /* VULGAR FRACTION ONE HALF */ - {0xbe, 3, 21}, /* VULGAR FRACTION THREE QUARTERS */ - {0xc0, 2, 24}, /* LATIN CAPITAL LETTER A WITH GRAVE */ - {0xc1, 2, 26}, /* LATIN CAPITAL LETTER A WITH ACUTE */ - {0xc2, 2, 28}, /* LATIN CAPITAL LETTER A WITH CIRCUMFLEX */ - {0xc3, 2, 30}, /* LATIN CAPITAL LETTER A WITH TILDE */ - {0xc4, 2, 32}, /* LATIN CAPITAL LETTER A WITH DIAERESIS */ - {0xc5, 2, 34}, /* LATIN CAPITAL LETTER A WITH RING ABOVE */ - {0xc7, 2, 36}, /* LATIN CAPITAL LETTER C WITH CEDILLA */ - {0xc8, 2, 38}, /* LATIN CAPITAL LETTER E WITH GRAVE */ - {0xc9, 2, 40}, /* LATIN CAPITAL LETTER E WITH ACUTE */ - {0xca, 2, 42}, /* LATIN CAPITAL LETTER E WITH CIRCUMFLEX */ - {0xcb, 2, 44}, /* LATIN CAPITAL LETTER E WITH DIAERESIS */ - {0xcc, 2, 46}, /* LATIN CAPITAL LETTER I WITH GRAVE */ - {0xcd, 2, 48}, /* LATIN CAPITAL LETTER I WITH ACUTE */ - {0xce, 2, 50}, /* LATIN CAPITAL LETTER I WITH CIRCUMFLEX */ - {0xcf, 2, 52}, /* LATIN CAPITAL LETTER I WITH DIAERESIS */ - {0xd1, 2, 54}, /* LATIN CAPITAL LETTER N WITH TILDE */ - {0xd2, 2, 56}, /* LATIN CAPITAL LETTER O WITH GRAVE */ - {0xd3, 2, 58}, /* LATIN CAPITAL LETTER O WITH ACUTE */ - {0xd4, 2, 60}, /* LATIN CAPITAL LETTER O WITH CIRCUMFLEX */ - {0xd5, 2, 62}, /* LATIN CAPITAL LETTER O WITH TILDE */ - {0xd6, 2, 64}, /* LATIN CAPITAL LETTER O WITH DIAERESIS */ - {0xd9, 2, 66}, /* LATIN CAPITAL LETTER U WITH GRAVE */ - {0xda, 2, 68}, /* LATIN CAPITAL LETTER U WITH ACUTE */ - {0xdb, 2, 70}, /* LATIN CAPITAL LETTER U WITH CIRCUMFLEX */ - {0xdc, 2, 72}, /* LATIN CAPITAL LETTER U WITH DIAERESIS */ - {0xdd, 2, 74}, /* LATIN CAPITAL LETTER Y WITH ACUTE */ - {0xe0, 2, 76}, /* LATIN SMALL LETTER A WITH GRAVE */ - {0xe1, 2, 78}, /* LATIN SMALL LETTER A WITH ACUTE */ - {0xe2, 2, 80}, /* LATIN SMALL LETTER A WITH CIRCUMFLEX */ - {0xe3, 2, 82}, /* LATIN SMALL LETTER A WITH TILDE */ - {0xe4, 2, 84}, /* LATIN SMALL LETTER A WITH DIAERESIS */ - {0xe5, 2, 86}, /* LATIN SMALL LETTER A WITH RING ABOVE */ - {0xe7, 2, 88}, /* LATIN SMALL LETTER C WITH CEDILLA */ - {0xe8, 2, 90}, /* LATIN SMALL LETTER E WITH GRAVE */ - {0xe9, 2, 92}, /* LATIN SMALL LETTER E WITH ACUTE */ - {0xea, 2, 94}, /* LATIN SMALL LETTER E WITH CIRCUMFLEX */ - {0xeb, 2, 96}, /* LATIN SMALL LETTER E WITH DIAERESIS */ - {0xec, 2, 98}, /* LATIN SMALL LETTER I WITH GRAVE */ - {0xed, 2, 100}, /* LATIN SMALL LETTER I WITH ACUTE */ - {0xee, 2, 102}, /* LATIN SMALL LETTER I WITH CIRCUMFLEX */ - {0xef, 2, 104}, /* LATIN SMALL LETTER I WITH DIAERESIS */ - {0xf1, 2, 106}, /* LATIN SMALL LETTER N WITH TILDE */ - {0xf2, 2, 108}, /* LATIN SMALL LETTER O WITH GRAVE */ - {0xf3, 2, 110}, /* LATIN SMALL LETTER O WITH ACUTE */ - {0xf4, 2, 112}, /* LATIN SMALL LETTER O WITH CIRCUMFLEX */ - {0xf5, 2, 114}, /* LATIN SMALL LETTER O WITH TILDE */ - {0xf6, 2, 116}, /* LATIN SMALL LETTER O WITH DIAERESIS */ - {0xf9, 2, 118}, /* LATIN SMALL LETTER U WITH GRAVE */ - {0xfa, 2, 120}, /* LATIN SMALL LETTER U WITH ACUTE */ - {0xfb, 2, 122}, /* LATIN SMALL LETTER U WITH CIRCUMFLEX */ - {0xfc, 2, 124}, /* LATIN SMALL LETTER U WITH DIAERESIS */ - {0xfd, 2, 126}, /* LATIN SMALL LETTER Y WITH ACUTE */ - {0xff, 2, 128}, /* LATIN SMALL LETTER Y WITH DIAERESIS */ - {0x100, 2, 130}, /* LATIN CAPITAL LETTER A WITH MACRON */ - {0x101, 2, 132}, /* LATIN SMALL LETTER A WITH MACRON */ - {0x102, 2, 134}, /* LATIN CAPITAL LETTER A WITH BREVE */ - {0x103, 2, 136}, /* LATIN SMALL LETTER A WITH BREVE */ - {0x104, 2, 138}, /* LATIN CAPITAL LETTER A WITH OGONEK */ - {0x105, 2, 140}, /* LATIN SMALL LETTER A WITH OGONEK */ - {0x106, 2, 142}, /* LATIN CAPITAL LETTER C WITH ACUTE */ - {0x107, 2, 144}, /* LATIN SMALL LETTER C WITH ACUTE */ - {0x108, 2, 146}, /* LATIN CAPITAL LETTER C WITH CIRCUMFLEX */ - {0x109, 2, 148}, /* LATIN SMALL LETTER C WITH CIRCUMFLEX */ - {0x10a, 2, 150}, /* LATIN CAPITAL LETTER C WITH DOT ABOVE */ - {0x10b, 2, 152}, /* LATIN SMALL LETTER C WITH DOT ABOVE */ - {0x10c, 2, 154}, /* LATIN CAPITAL LETTER C WITH CARON */ - {0x10d, 2, 156}, /* LATIN SMALL LETTER C WITH CARON */ - {0x10e, 2, 158}, /* LATIN CAPITAL LETTER D WITH CARON */ - {0x10f, 2, 160}, /* LATIN SMALL LETTER D WITH CARON */ - {0x112, 2, 162}, /* LATIN CAPITAL LETTER E WITH MACRON */ - {0x113, 2, 164}, /* LATIN SMALL LETTER E WITH MACRON */ - {0x114, 2, 166}, /* LATIN CAPITAL LETTER E WITH BREVE */ - {0x115, 2, 168}, /* LATIN SMALL LETTER E WITH BREVE */ - {0x116, 2, 170}, /* LATIN CAPITAL LETTER E WITH DOT ABOVE */ - {0x117, 2, 172}, /* LATIN SMALL LETTER E WITH DOT ABOVE */ - {0x118, 2, 174}, /* LATIN CAPITAL LETTER E WITH OGONEK */ - {0x119, 2, 176}, /* LATIN SMALL LETTER E WITH OGONEK */ - {0x11a, 2, 178}, /* LATIN CAPITAL LETTER E WITH CARON */ - {0x11b, 2, 180}, /* LATIN SMALL LETTER E WITH CARON */ - {0x11c, 2, 182}, /* LATIN CAPITAL LETTER G WITH CIRCUMFLEX */ - {0x11d, 2, 184}, /* LATIN SMALL LETTER G WITH CIRCUMFLEX */ - {0x11e, 2, 186}, /* LATIN CAPITAL LETTER G WITH BREVE */ - {0x11f, 2, 188}, /* LATIN SMALL LETTER G WITH BREVE */ - {0x120, 2, 190}, /* LATIN CAPITAL LETTER G WITH DOT ABOVE */ - {0x121, 2, 192}, /* LATIN SMALL LETTER G WITH DOT ABOVE */ - {0x122, 2, 194}, /* LATIN CAPITAL LETTER G WITH CEDILLA */ - {0x123, 2, 196}, /* LATIN SMALL LETTER G WITH CEDILLA */ - {0x124, 2, 198}, /* LATIN CAPITAL LETTER H WITH CIRCUMFLEX */ - {0x125, 2, 200}, /* LATIN SMALL LETTER H WITH CIRCUMFLEX */ - {0x128, 2, 202}, /* LATIN CAPITAL LETTER I WITH TILDE */ - {0x129, 2, 204}, /* LATIN SMALL LETTER I WITH TILDE */ - {0x12a, 2, 206}, /* LATIN CAPITAL LETTER I WITH MACRON */ - {0x12b, 2, 208}, /* LATIN SMALL LETTER I WITH MACRON */ - {0x12c, 2, 210}, /* LATIN CAPITAL LETTER I WITH BREVE */ - {0x12d, 2, 212}, /* LATIN SMALL LETTER I WITH BREVE */ - {0x12e, 2, 214}, /* LATIN CAPITAL LETTER I WITH OGONEK */ - {0x12f, 2, 216}, /* LATIN SMALL LETTER I WITH OGONEK */ - {0x130, 2, 218}, /* LATIN CAPITAL LETTER I WITH DOT ABOVE */ - {0x132, 2, 220}, /* LATIN CAPITAL LIGATURE IJ */ - {0x133, 2, 222}, /* LATIN SMALL LIGATURE IJ */ - {0x134, 2, 224}, /* LATIN CAPITAL LETTER J WITH CIRCUMFLEX */ - {0x135, 2, 226}, /* LATIN SMALL LETTER J WITH CIRCUMFLEX */ - {0x136, 2, 228}, /* LATIN CAPITAL LETTER K WITH CEDILLA */ - {0x137, 2, 230}, /* LATIN SMALL LETTER K WITH CEDILLA */ - {0x139, 2, 232}, /* LATIN CAPITAL LETTER L WITH ACUTE */ - {0x13a, 2, 234}, /* LATIN SMALL LETTER L WITH ACUTE */ - {0x13b, 2, 236}, /* LATIN CAPITAL LETTER L WITH CEDILLA */ - {0x13c, 2, 238}, /* LATIN SMALL LETTER L WITH CEDILLA */ - {0x13d, 2, 240}, /* LATIN CAPITAL LETTER L WITH CARON */ - {0x13e, 2, 242}, /* LATIN SMALL LETTER L WITH CARON */ - {0x13f, 2, 244}, /* LATIN CAPITAL LETTER L WITH MIDDLE DOT */ - {0x140, 2, 246}, /* LATIN SMALL LETTER L WITH MIDDLE DOT */ - {0x143, 2, 248}, /* LATIN CAPITAL LETTER N WITH ACUTE */ - {0x144, 2, 250}, /* LATIN SMALL LETTER N WITH ACUTE */ - {0x145, 2, 252}, /* LATIN CAPITAL LETTER N WITH CEDILLA */ - {0x146, 2, 254}, /* LATIN SMALL LETTER N WITH CEDILLA */ - {0x147, 2, 256}, /* LATIN CAPITAL LETTER N WITH CARON */ - {0x148, 2, 258}, /* LATIN SMALL LETTER N WITH CARON */ - {0x149, 2, 260}, /* LATIN SMALL LETTER N PRECEDED BY APOSTROPHE */ - {0x14c, 2, 262}, /* LATIN CAPITAL LETTER O WITH MACRON */ - {0x14d, 2, 264}, /* LATIN SMALL LETTER O WITH MACRON */ - {0x14e, 2, 266}, /* LATIN CAPITAL LETTER O WITH BREVE */ - {0x14f, 2, 268}, /* LATIN SMALL LETTER O WITH BREVE */ - {0x150, 2, 270}, /* LATIN CAPITAL LETTER O WITH DOUBLE ACUTE */ - {0x151, 2, 272}, /* LATIN SMALL LETTER O WITH DOUBLE ACUTE */ - {0x154, 2, 274}, /* LATIN CAPITAL LETTER R WITH ACUTE */ - {0x155, 2, 276}, /* LATIN SMALL LETTER R WITH ACUTE */ - {0x156, 2, 278}, /* LATIN CAPITAL LETTER R WITH CEDILLA */ - {0x157, 2, 280}, /* LATIN SMALL LETTER R WITH CEDILLA */ - {0x158, 2, 282}, /* LATIN CAPITAL LETTER R WITH CARON */ - {0x159, 2, 284}, /* LATIN SMALL LETTER R WITH CARON */ - {0x15a, 2, 286}, /* LATIN CAPITAL LETTER S WITH ACUTE */ - {0x15b, 2, 288}, /* LATIN SMALL LETTER S WITH ACUTE */ - {0x15c, 2, 290}, /* LATIN CAPITAL LETTER S WITH CIRCUMFLEX */ - {0x15d, 2, 292}, /* LATIN SMALL LETTER S WITH CIRCUMFLEX */ - {0x15e, 2, 294}, /* LATIN CAPITAL LETTER S WITH CEDILLA */ - {0x15f, 2, 296}, /* LATIN SMALL LETTER S WITH CEDILLA */ - {0x160, 2, 298}, /* LATIN CAPITAL LETTER S WITH CARON */ - {0x161, 2, 300}, /* LATIN SMALL LETTER S WITH CARON */ - {0x162, 2, 302}, /* LATIN CAPITAL LETTER T WITH CEDILLA */ - {0x163, 2, 304}, /* LATIN SMALL LETTER T WITH CEDILLA */ - {0x164, 2, 306}, /* LATIN CAPITAL LETTER T WITH CARON */ - {0x165, 2, 308}, /* LATIN SMALL LETTER T WITH CARON */ - {0x168, 2, 310}, /* LATIN CAPITAL LETTER U WITH TILDE */ - {0x169, 2, 312}, /* LATIN SMALL LETTER U WITH TILDE */ - {0x16a, 2, 314}, /* LATIN CAPITAL LETTER U WITH MACRON */ - {0x16b, 2, 316}, /* LATIN SMALL LETTER U WITH MACRON */ - {0x16c, 2, 318}, /* LATIN CAPITAL LETTER U WITH BREVE */ - {0x16d, 2, 320}, /* LATIN SMALL LETTER U WITH BREVE */ - {0x16e, 2, 322}, /* LATIN CAPITAL LETTER U WITH RING ABOVE */ - {0x16f, 2, 324}, /* LATIN SMALL LETTER U WITH RING ABOVE */ - {0x170, 2, 326}, /* LATIN CAPITAL LETTER U WITH DOUBLE ACUTE */ - {0x171, 2, 328}, /* LATIN SMALL LETTER U WITH DOUBLE ACUTE */ - {0x172, 2, 330}, /* LATIN CAPITAL LETTER U WITH OGONEK */ - {0x173, 2, 332}, /* LATIN SMALL LETTER U WITH OGONEK */ - {0x174, 2, 334}, /* LATIN CAPITAL LETTER W WITH CIRCUMFLEX */ - {0x175, 2, 336}, /* LATIN SMALL LETTER W WITH CIRCUMFLEX */ - {0x176, 2, 338}, /* LATIN CAPITAL LETTER Y WITH CIRCUMFLEX */ - {0x177, 2, 340}, /* LATIN SMALL LETTER Y WITH CIRCUMFLEX */ - {0x178, 2, 342}, /* LATIN CAPITAL LETTER Y WITH DIAERESIS */ - {0x179, 2, 344}, /* LATIN CAPITAL LETTER Z WITH ACUTE */ - {0x17a, 2, 346}, /* LATIN SMALL LETTER Z WITH ACUTE */ - {0x17b, 2, 348}, /* LATIN CAPITAL LETTER Z WITH DOT ABOVE */ - {0x17c, 2, 350}, /* LATIN SMALL LETTER Z WITH DOT ABOVE */ - {0x17d, 2, 352}, /* LATIN CAPITAL LETTER Z WITH CARON */ - {0x17e, 2, 354}, /* LATIN SMALL LETTER Z WITH CARON */ - {0x17f, 1, 288}, /* LATIN SMALL LETTER LONG S */ - {0x1a0, 2, 356}, /* LATIN CAPITAL LETTER O WITH HORN */ - {0x1a1, 2, 358}, /* LATIN SMALL LETTER O WITH HORN */ - {0x1af, 2, 360}, /* LATIN CAPITAL LETTER U WITH HORN */ - {0x1b0, 2, 362}, /* LATIN SMALL LETTER U WITH HORN */ - {0x1c4, 2, 364}, /* LATIN CAPITAL LETTER DZ WITH CARON */ - {0x1c5, 2, 366}, /* LATIN CAPITAL LETTER D WITH SMALL LETTER Z WITH CARON */ - {0x1c6, 2, 368}, /* LATIN SMALL LETTER DZ WITH CARON */ - {0x1c7, 2, 370}, /* LATIN CAPITAL LETTER LJ */ - {0x1c8, 2, 372}, /* LATIN CAPITAL LETTER L WITH SMALL LETTER J */ - {0x1c9, 2, 374}, /* LATIN SMALL LETTER LJ */ - {0x1ca, 2, 376}, /* LATIN CAPITAL LETTER NJ */ - {0x1cb, 2, 378}, /* LATIN CAPITAL LETTER N WITH SMALL LETTER J */ - {0x1cc, 2, 380}, /* LATIN SMALL LETTER NJ */ - {0x1cd, 2, 382}, /* LATIN CAPITAL LETTER A WITH CARON */ - {0x1ce, 2, 384}, /* LATIN SMALL LETTER A WITH CARON */ - {0x1cf, 2, 386}, /* LATIN CAPITAL LETTER I WITH CARON */ - {0x1d0, 2, 388}, /* LATIN SMALL LETTER I WITH CARON */ - {0x1d1, 2, 390}, /* LATIN CAPITAL LETTER O WITH CARON */ - {0x1d2, 2, 392}, /* LATIN SMALL LETTER O WITH CARON */ - {0x1d3, 2, 394}, /* LATIN CAPITAL LETTER U WITH CARON */ - {0x1d4, 2, 396}, /* LATIN SMALL LETTER U WITH CARON */ - {0x1d5, 2, 398}, /* LATIN CAPITAL LETTER U WITH DIAERESIS AND MACRON */ - {0x1d6, 2, 400}, /* LATIN SMALL LETTER U WITH DIAERESIS AND MACRON */ - {0x1d7, 2, 402}, /* LATIN CAPITAL LETTER U WITH DIAERESIS AND ACUTE */ - {0x1d8, 2, 404}, /* LATIN SMALL LETTER U WITH DIAERESIS AND ACUTE */ - {0x1d9, 2, 406}, /* LATIN CAPITAL LETTER U WITH DIAERESIS AND CARON */ - {0x1da, 2, 408}, /* LATIN SMALL LETTER U WITH DIAERESIS AND CARON */ - {0x1db, 2, 410}, /* LATIN CAPITAL LETTER U WITH DIAERESIS AND GRAVE */ - {0x1dc, 2, 412}, /* LATIN SMALL LETTER U WITH DIAERESIS AND GRAVE */ - {0x1de, 2, 414}, /* LATIN CAPITAL LETTER A WITH DIAERESIS AND MACRON */ - {0x1df, 2, 416}, /* LATIN SMALL LETTER A WITH DIAERESIS AND MACRON */ - {0x1e0, 2, 418}, /* LATIN CAPITAL LETTER A WITH DOT ABOVE AND MACRON */ - {0x1e1, 2, 420}, /* LATIN SMALL LETTER A WITH DOT ABOVE AND MACRON */ - {0x1e2, 2, 422}, /* LATIN CAPITAL LETTER AE WITH MACRON */ - {0x1e3, 2, 424}, /* LATIN SMALL LETTER AE WITH MACRON */ - {0x1e6, 2, 426}, /* LATIN CAPITAL LETTER G WITH CARON */ - {0x1e7, 2, 428}, /* LATIN SMALL LETTER G WITH CARON */ - {0x1e8, 2, 430}, /* LATIN CAPITAL LETTER K WITH CARON */ - {0x1e9, 2, 432}, /* LATIN SMALL LETTER K WITH CARON */ - {0x1ea, 2, 434}, /* LATIN CAPITAL LETTER O WITH OGONEK */ - {0x1eb, 2, 436}, /* LATIN SMALL LETTER O WITH OGONEK */ - {0x1ec, 2, 438}, /* LATIN CAPITAL LETTER O WITH OGONEK AND MACRON */ - {0x1ed, 2, 440}, /* LATIN SMALL LETTER O WITH OGONEK AND MACRON */ - {0x1ee, 2, 442}, /* LATIN CAPITAL LETTER EZH WITH CARON */ - {0x1ef, 2, 444}, /* LATIN SMALL LETTER EZH WITH CARON */ - {0x1f0, 2, 446}, /* LATIN SMALL LETTER J WITH CARON */ - {0x1f1, 2, 448}, /* LATIN CAPITAL LETTER DZ */ - {0x1f2, 2, 450}, /* LATIN CAPITAL LETTER D WITH SMALL LETTER Z */ - {0x1f3, 2, 452}, /* LATIN SMALL LETTER DZ */ - {0x1f4, 2, 454}, /* LATIN CAPITAL LETTER G WITH ACUTE */ - {0x1f5, 2, 456}, /* LATIN SMALL LETTER G WITH ACUTE */ - {0x1f8, 2, 458}, /* LATIN CAPITAL LETTER N WITH GRAVE */ - {0x1f9, 2, 460}, /* LATIN SMALL LETTER N WITH GRAVE */ - {0x1fa, 2, 462}, /* LATIN CAPITAL LETTER A WITH RING ABOVE AND ACUTE */ - {0x1fb, 2, 464}, /* LATIN SMALL LETTER A WITH RING ABOVE AND ACUTE */ - {0x1fc, 2, 466}, /* LATIN CAPITAL LETTER AE WITH ACUTE */ - {0x1fd, 2, 468}, /* LATIN SMALL LETTER AE WITH ACUTE */ - {0x1fe, 2, 470}, /* LATIN CAPITAL LETTER O WITH STROKE AND ACUTE */ - {0x1ff, 2, 472}, /* LATIN SMALL LETTER O WITH STROKE AND ACUTE */ - {0x200, 2, 474}, /* LATIN CAPITAL LETTER A WITH DOUBLE GRAVE */ - {0x201, 2, 476}, /* LATIN SMALL LETTER A WITH DOUBLE GRAVE */ - {0x202, 2, 478}, /* LATIN CAPITAL LETTER A WITH INVERTED BREVE */ - {0x203, 2, 480}, /* LATIN SMALL LETTER A WITH INVERTED BREVE */ - {0x204, 2, 482}, /* LATIN CAPITAL LETTER E WITH DOUBLE GRAVE */ - {0x205, 2, 484}, /* LATIN SMALL LETTER E WITH DOUBLE GRAVE */ - {0x206, 2, 486}, /* LATIN CAPITAL LETTER E WITH INVERTED BREVE */ - {0x207, 2, 488}, /* LATIN SMALL LETTER E WITH INVERTED BREVE */ - {0x208, 2, 490}, /* LATIN CAPITAL LETTER I WITH DOUBLE GRAVE */ - {0x209, 2, 492}, /* LATIN SMALL LETTER I WITH DOUBLE GRAVE */ - {0x20a, 2, 494}, /* LATIN CAPITAL LETTER I WITH INVERTED BREVE */ - {0x20b, 2, 496}, /* LATIN SMALL LETTER I WITH INVERTED BREVE */ - {0x20c, 2, 498}, /* LATIN CAPITAL LETTER O WITH DOUBLE GRAVE */ - {0x20d, 2, 500}, /* LATIN SMALL LETTER O WITH DOUBLE GRAVE */ - {0x20e, 2, 502}, /* LATIN CAPITAL LETTER O WITH INVERTED BREVE */ - {0x20f, 2, 504}, /* LATIN SMALL LETTER O WITH INVERTED BREVE */ - {0x210, 2, 506}, /* LATIN CAPITAL LETTER R WITH DOUBLE GRAVE */ - {0x211, 2, 508}, /* LATIN SMALL LETTER R WITH DOUBLE GRAVE */ - {0x212, 2, 510}, /* LATIN CAPITAL LETTER R WITH INVERTED BREVE */ - {0x213, 2, 512}, /* LATIN SMALL LETTER R WITH INVERTED BREVE */ - {0x214, 2, 514}, /* LATIN CAPITAL LETTER U WITH DOUBLE GRAVE */ - {0x215, 2, 516}, /* LATIN SMALL LETTER U WITH DOUBLE GRAVE */ - {0x216, 2, 518}, /* LATIN CAPITAL LETTER U WITH INVERTED BREVE */ - {0x217, 2, 520}, /* LATIN SMALL LETTER U WITH INVERTED BREVE */ - {0x218, 2, 522}, /* LATIN CAPITAL LETTER S WITH COMMA BELOW */ - {0x219, 2, 524}, /* LATIN SMALL LETTER S WITH COMMA BELOW */ - {0x21a, 2, 526}, /* LATIN CAPITAL LETTER T WITH COMMA BELOW */ - {0x21b, 2, 528}, /* LATIN SMALL LETTER T WITH COMMA BELOW */ - {0x21e, 2, 530}, /* LATIN CAPITAL LETTER H WITH CARON */ - {0x21f, 2, 532}, /* LATIN SMALL LETTER H WITH CARON */ - {0x226, 2, 534}, /* LATIN CAPITAL LETTER A WITH DOT ABOVE */ - {0x227, 2, 536}, /* LATIN SMALL LETTER A WITH DOT ABOVE */ - {0x228, 2, 538}, /* LATIN CAPITAL LETTER E WITH CEDILLA */ - {0x229, 2, 540}, /* LATIN SMALL LETTER E WITH CEDILLA */ - {0x22a, 2, 542}, /* LATIN CAPITAL LETTER O WITH DIAERESIS AND MACRON */ - {0x22b, 2, 544}, /* LATIN SMALL LETTER O WITH DIAERESIS AND MACRON */ - {0x22c, 2, 546}, /* LATIN CAPITAL LETTER O WITH TILDE AND MACRON */ - {0x22d, 2, 548}, /* LATIN SMALL LETTER O WITH TILDE AND MACRON */ - {0x22e, 2, 550}, /* LATIN CAPITAL LETTER O WITH DOT ABOVE */ - {0x22f, 2, 552}, /* LATIN SMALL LETTER O WITH DOT ABOVE */ - {0x230, 2, 554}, /* LATIN CAPITAL LETTER O WITH DOT ABOVE AND MACRON */ - {0x231, 2, 556}, /* LATIN SMALL LETTER O WITH DOT ABOVE AND MACRON */ - {0x232, 2, 558}, /* LATIN CAPITAL LETTER Y WITH MACRON */ - {0x233, 2, 560}, /* LATIN SMALL LETTER Y WITH MACRON */ - {0x2b0, 1, 200}, /* MODIFIER LETTER SMALL H */ - {0x2b1, 1, 562}, /* MODIFIER LETTER SMALL H WITH HOOK */ - {0x2b2, 1, 223}, /* MODIFIER LETTER SMALL J */ - {0x2b3, 1, 276}, /* MODIFIER LETTER SMALL R */ - {0x2b4, 1, 563}, /* MODIFIER LETTER SMALL TURNED R */ - {0x2b5, 1, 564}, /* MODIFIER LETTER SMALL TURNED R WITH HOOK */ - {0x2b6, 1, 565}, /* MODIFIER LETTER SMALL CAPITAL INVERTED R */ - {0x2b7, 1, 336}, /* MODIFIER LETTER SMALL W */ - {0x2b8, 1, 126}, /* MODIFIER LETTER SMALL Y */ - {0x2d8, 2, 566}, /* BREVE */ - {0x2d9, 2, 568}, /* DOT ABOVE */ - {0x2da, 2, 570}, /* RING ABOVE */ - {0x2db, 2, 572}, /* OGONEK */ - {0x2dc, 2, 574}, /* SMALL TILDE */ - {0x2dd, 2, 576}, /* DOUBLE ACUTE ACCENT */ - {0x2e0, 1, 578}, /* MODIFIER LETTER SMALL GAMMA */ - {0x2e1, 1, 234}, /* MODIFIER LETTER SMALL L */ - {0x2e2, 1, 288}, /* MODIFIER LETTER SMALL S */ - {0x2e3, 1, 579}, /* MODIFIER LETTER SMALL X */ - {0x2e4, 1, 580}, /* MODIFIER LETTER SMALL REVERSED GLOTTAL STOP */ - {0x340, 1, 25}, /* COMBINING GRAVE TONE MARK */ - {0x341, 1, 9}, /* COMBINING ACUTE TONE MARK */ - {0x343, 1, 581}, /* COMBINING GREEK KORONIS */ - {0x344, 2, 582}, /* COMBINING GREEK DIALYTIKA TONOS */ - {0x374, 1, 584}, /* GREEK NUMERAL SIGN */ - {0x37a, 2, 585}, /* GREEK YPOGEGRAMMENI */ - {0x37e, 1, 587}, /* GREEK QUESTION MARK */ - {0x384, 2, 8}, /* GREEK TONOS */ - {0x385, 2, 588}, /* GREEK DIALYTIKA TONOS */ - {0x386, 2, 590}, /* GREEK CAPITAL LETTER ALPHA WITH TONOS */ - {0x387, 1, 245}, /* GREEK ANO TELEIA */ - {0x388, 2, 592}, /* GREEK CAPITAL LETTER EPSILON WITH TONOS */ - {0x389, 2, 594}, /* GREEK CAPITAL LETTER ETA WITH TONOS */ - {0x38a, 2, 596}, /* GREEK CAPITAL LETTER IOTA WITH TONOS */ - {0x38c, 2, 598}, /* GREEK CAPITAL LETTER OMICRON WITH TONOS */ - {0x38e, 2, 600}, /* GREEK CAPITAL LETTER UPSILON WITH TONOS */ - {0x38f, 2, 602}, /* GREEK CAPITAL LETTER OMEGA WITH TONOS */ - {0x390, 2, 604}, /* GREEK SMALL LETTER IOTA WITH DIALYTIKA AND TONOS */ - {0x3aa, 2, 606}, /* GREEK CAPITAL LETTER IOTA WITH DIALYTIKA */ - {0x3ab, 2, 608}, /* GREEK CAPITAL LETTER UPSILON WITH DIALYTIKA */ - {0x3ac, 2, 610}, /* GREEK SMALL LETTER ALPHA WITH TONOS */ - {0x3ad, 2, 612}, /* GREEK SMALL LETTER EPSILON WITH TONOS */ - {0x3ae, 2, 614}, /* GREEK SMALL LETTER ETA WITH TONOS */ - {0x3af, 2, 616}, /* GREEK SMALL LETTER IOTA WITH TONOS */ - {0x3b0, 2, 618}, /* GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND TONOS */ - {0x3ca, 2, 620}, /* GREEK SMALL LETTER IOTA WITH DIALYTIKA */ - {0x3cb, 2, 622}, /* GREEK SMALL LETTER UPSILON WITH DIALYTIKA */ - {0x3cc, 2, 624}, /* GREEK SMALL LETTER OMICRON WITH TONOS */ - {0x3cd, 2, 626}, /* GREEK SMALL LETTER UPSILON WITH TONOS */ - {0x3ce, 2, 628}, /* GREEK SMALL LETTER OMEGA WITH TONOS */ - {0x3d0, 1, 630}, /* GREEK BETA SYMBOL */ - {0x3d1, 1, 631}, /* GREEK THETA SYMBOL */ - {0x3d2, 1, 600}, /* GREEK UPSILON WITH HOOK SYMBOL */ - {0x3d3, 2, 632}, /* GREEK UPSILON WITH ACUTE AND HOOK SYMBOL */ - {0x3d4, 2, 634}, /* GREEK UPSILON WITH DIAERESIS AND HOOK SYMBOL */ - {0x3d5, 1, 636}, /* GREEK PHI SYMBOL */ - {0x3d6, 1, 637}, /* GREEK PI SYMBOL */ - {0x3f0, 1, 638}, /* GREEK KAPPA SYMBOL */ - {0x3f1, 1, 639}, /* GREEK RHO SYMBOL */ - {0x3f2, 1, 640}, /* GREEK LUNATE SIGMA SYMBOL */ - {0x3f4, 1, 641}, /* GREEK CAPITAL THETA SYMBOL */ - {0x3f5, 1, 612}, /* GREEK LUNATE EPSILON SYMBOL */ - {0x3f9, 1, 642}, /* GREEK CAPITAL LUNATE SIGMA SYMBOL */ - {0x400, 2, 643}, /* CYRILLIC CAPITAL LETTER IE WITH GRAVE */ - {0x401, 2, 645}, /* CYRILLIC CAPITAL LETTER IO */ - {0x403, 2, 647}, /* CYRILLIC CAPITAL LETTER GJE */ - {0x407, 2, 649}, /* CYRILLIC CAPITAL LETTER YI */ - {0x40c, 2, 651}, /* CYRILLIC CAPITAL LETTER KJE */ - {0x40d, 2, 653}, /* CYRILLIC CAPITAL LETTER I WITH GRAVE */ - {0x40e, 2, 655}, /* CYRILLIC CAPITAL LETTER SHORT U */ - {0x419, 2, 657}, /* CYRILLIC CAPITAL LETTER SHORT I */ - {0x439, 2, 659}, /* CYRILLIC SMALL LETTER SHORT I */ - {0x450, 2, 661}, /* CYRILLIC SMALL LETTER IE WITH GRAVE */ - {0x451, 2, 663}, /* CYRILLIC SMALL LETTER IO */ - {0x453, 2, 665}, /* CYRILLIC SMALL LETTER GJE */ - {0x457, 2, 667}, /* CYRILLIC SMALL LETTER YI */ - {0x45c, 2, 669}, /* CYRILLIC SMALL LETTER KJE */ - {0x45d, 2, 671}, /* CYRILLIC SMALL LETTER I WITH GRAVE */ - {0x45e, 2, 673}, /* CYRILLIC SMALL LETTER SHORT U */ - {0x476, 2, 675}, /* CYRILLIC CAPITAL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT */ - {0x477, 2, 677}, /* CYRILLIC SMALL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT */ - {0x4c1, 2, 679}, /* CYRILLIC CAPITAL LETTER ZHE WITH BREVE */ - {0x4c2, 2, 681}, /* CYRILLIC SMALL LETTER ZHE WITH BREVE */ - {0x4d0, 2, 683}, /* CYRILLIC CAPITAL LETTER A WITH BREVE */ - {0x4d1, 2, 685}, /* CYRILLIC SMALL LETTER A WITH BREVE */ - {0x4d2, 2, 687}, /* CYRILLIC CAPITAL LETTER A WITH DIAERESIS */ - {0x4d3, 2, 689}, /* CYRILLIC SMALL LETTER A WITH DIAERESIS */ - {0x4d6, 2, 691}, /* CYRILLIC CAPITAL LETTER IE WITH BREVE */ - {0x4d7, 2, 693}, /* CYRILLIC SMALL LETTER IE WITH BREVE */ - {0x4da, 2, 695}, /* CYRILLIC CAPITAL LETTER SCHWA WITH DIAERESIS */ - {0x4db, 2, 697}, /* CYRILLIC SMALL LETTER SCHWA WITH DIAERESIS */ - {0x4dc, 2, 699}, /* CYRILLIC CAPITAL LETTER ZHE WITH DIAERESIS */ - {0x4dd, 2, 701}, /* CYRILLIC SMALL LETTER ZHE WITH DIAERESIS */ - {0x4de, 2, 703}, /* CYRILLIC CAPITAL LETTER ZE WITH DIAERESIS */ - {0x4df, 2, 705}, /* CYRILLIC SMALL LETTER ZE WITH DIAERESIS */ - {0x4e2, 2, 707}, /* CYRILLIC CAPITAL LETTER I WITH MACRON */ - {0x4e3, 2, 709}, /* CYRILLIC SMALL LETTER I WITH MACRON */ - {0x4e4, 2, 711}, /* CYRILLIC CAPITAL LETTER I WITH DIAERESIS */ - {0x4e5, 2, 713}, /* CYRILLIC SMALL LETTER I WITH DIAERESIS */ - {0x4e6, 2, 715}, /* CYRILLIC CAPITAL LETTER O WITH DIAERESIS */ - {0x4e7, 2, 717}, /* CYRILLIC SMALL LETTER O WITH DIAERESIS */ - {0x4ea, 2, 719}, /* CYRILLIC CAPITAL LETTER BARRED O WITH DIAERESIS */ - {0x4eb, 2, 721}, /* CYRILLIC SMALL LETTER BARRED O WITH DIAERESIS */ - {0x4ec, 2, 723}, /* CYRILLIC CAPITAL LETTER E WITH DIAERESIS */ - {0x4ed, 2, 725}, /* CYRILLIC SMALL LETTER E WITH DIAERESIS */ - {0x4ee, 2, 727}, /* CYRILLIC CAPITAL LETTER U WITH MACRON */ - {0x4ef, 2, 729}, /* CYRILLIC SMALL LETTER U WITH MACRON */ - {0x4f0, 2, 731}, /* CYRILLIC CAPITAL LETTER U WITH DIAERESIS */ - {0x4f1, 2, 733}, /* CYRILLIC SMALL LETTER U WITH DIAERESIS */ - {0x4f2, 2, 735}, /* CYRILLIC CAPITAL LETTER U WITH DOUBLE ACUTE */ - {0x4f3, 2, 737}, /* CYRILLIC SMALL LETTER U WITH DOUBLE ACUTE */ - {0x4f4, 2, 739}, /* CYRILLIC CAPITAL LETTER CHE WITH DIAERESIS */ - {0x4f5, 2, 741}, /* CYRILLIC SMALL LETTER CHE WITH DIAERESIS */ - {0x4f8, 2, 743}, /* CYRILLIC CAPITAL LETTER YERU WITH DIAERESIS */ - {0x4f9, 2, 745}, /* CYRILLIC SMALL LETTER YERU WITH DIAERESIS */ - {0x587, 2, 747}, /* ARMENIAN SMALL LIGATURE ECH YIWN */ - {0x622, 2, 749}, /* ARABIC LETTER ALEF WITH MADDA ABOVE */ - {0x623, 2, 751}, /* ARABIC LETTER ALEF WITH HAMZA ABOVE */ - {0x624, 2, 753}, /* ARABIC LETTER WAW WITH HAMZA ABOVE */ - {0x625, 2, 755}, /* ARABIC LETTER ALEF WITH HAMZA BELOW */ - {0x626, 2, 757}, /* ARABIC LETTER YEH WITH HAMZA ABOVE */ - {0x675, 2, 759}, /* ARABIC LETTER HIGH HAMZA ALEF */ - {0x676, 2, 761}, /* ARABIC LETTER HIGH HAMZA WAW */ - {0x677, 2, 763}, /* ARABIC LETTER U WITH HAMZA ABOVE */ - {0x678, 2, 765}, /* ARABIC LETTER HIGH HAMZA YEH */ - {0x6c0, 2, 767}, /* ARABIC LETTER HEH WITH YEH ABOVE */ - {0x6c2, 2, 769}, /* ARABIC LETTER HEH GOAL WITH HAMZA ABOVE */ - {0x6d3, 2, 771}, /* ARABIC LETTER YEH BARREE WITH HAMZA ABOVE */ - {0x929, 2, 773}, /* DEVANAGARI LETTER NNNA */ - {0x931, 2, 775}, /* DEVANAGARI LETTER RRA */ - {0x934, 2, 777}, /* DEVANAGARI LETTER LLLA */ - {0x958, 2, 779}, /* DEVANAGARI LETTER QA */ - {0x959, 2, 781}, /* DEVANAGARI LETTER KHHA */ - {0x95a, 2, 783}, /* DEVANAGARI LETTER GHHA */ - {0x95b, 2, 785}, /* DEVANAGARI LETTER ZA */ - {0x95c, 2, 787}, /* DEVANAGARI LETTER DDDHA */ - {0x95d, 2, 789}, /* DEVANAGARI LETTER RHA */ - {0x95e, 2, 791}, /* DEVANAGARI LETTER FA */ - {0x95f, 2, 793}, /* DEVANAGARI LETTER YYA */ - {0x9cb, 2, 795}, /* BENGALI VOWEL SIGN O */ - {0x9cc, 2, 797}, /* BENGALI VOWEL SIGN AU */ - {0x9dc, 2, 799}, /* BENGALI LETTER RRA */ - {0x9dd, 2, 801}, /* BENGALI LETTER RHA */ - {0x9df, 2, 803}, /* BENGALI LETTER YYA */ - {0xa33, 2, 805}, /* GURMUKHI LETTER LLA */ - {0xa36, 2, 807}, /* GURMUKHI LETTER SHA */ - {0xa59, 2, 809}, /* GURMUKHI LETTER KHHA */ - {0xa5a, 2, 811}, /* GURMUKHI LETTER GHHA */ - {0xa5b, 2, 813}, /* GURMUKHI LETTER ZA */ - {0xa5e, 2, 815}, /* GURMUKHI LETTER FA */ - {0xb48, 2, 817}, /* ORIYA VOWEL SIGN AI */ - {0xb4b, 2, 819}, /* ORIYA VOWEL SIGN O */ - {0xb4c, 2, 821}, /* ORIYA VOWEL SIGN AU */ - {0xb5c, 2, 823}, /* ORIYA LETTER RRA */ - {0xb5d, 2, 825}, /* ORIYA LETTER RHA */ - {0xb94, 2, 827}, /* TAMIL LETTER AU */ - {0xbca, 2, 829}, /* TAMIL VOWEL SIGN O */ - {0xbcb, 2, 831}, /* TAMIL VOWEL SIGN OO */ - {0xbcc, 2, 833}, /* TAMIL VOWEL SIGN AU */ - {0xc48, 2, 835}, /* TELUGU VOWEL SIGN AI */ - {0xcc0, 2, 837}, /* KANNADA VOWEL SIGN II */ - {0xcc7, 2, 839}, /* KANNADA VOWEL SIGN EE */ - {0xcc8, 2, 841}, /* KANNADA VOWEL SIGN AI */ - {0xcca, 2, 843}, /* KANNADA VOWEL SIGN O */ - {0xccb, 2, 845}, /* KANNADA VOWEL SIGN OO */ - {0xd4a, 2, 847}, /* MALAYALAM VOWEL SIGN O */ - {0xd4b, 2, 849}, /* MALAYALAM VOWEL SIGN OO */ - {0xd4c, 2, 851}, /* MALAYALAM VOWEL SIGN AU */ - {0xdda, 2, 853}, /* SINHALA VOWEL SIGN DIGA KOMBUVA */ - {0xddc, 2, 855}, /* SINHALA VOWEL SIGN KOMBUVA HAA AELA-PILLA */ - {0xddd, 2, 857}, /* SINHALA VOWEL SIGN KOMBUVA HAA DIGA AELA-PILLA */ - {0xdde, 2, 859}, /* SINHALA VOWEL SIGN KOMBUVA HAA GAYANUKITTA */ - {0xe33, 2, 861}, /* THAI CHARACTER SARA AM */ - {0xeb3, 2, 863}, /* LAO VOWEL SIGN AM */ - {0xedc, 2, 865}, /* LAO HO NO */ - {0xedd, 2, 867}, /* LAO HO MO */ - {0xf0c, 1, 869}, /* TIBETAN MARK DELIMITER TSHEG BSTAR */ - {0xf43, 2, 870}, /* TIBETAN LETTER GHA */ - {0xf4d, 2, 872}, /* TIBETAN LETTER DDHA */ - {0xf52, 2, 874}, /* TIBETAN LETTER DHA */ - {0xf57, 2, 876}, /* TIBETAN LETTER BHA */ - {0xf5c, 2, 878}, /* TIBETAN LETTER DZHA */ - {0xf69, 2, 880}, /* TIBETAN LETTER KSSA */ - {0xf73, 2, 882}, /* TIBETAN VOWEL SIGN II */ - {0xf75, 2, 884}, /* TIBETAN VOWEL SIGN UU */ - {0xf76, 2, 886}, /* TIBETAN VOWEL SIGN VOCALIC R */ - {0xf77, 2, 888}, /* TIBETAN VOWEL SIGN VOCALIC RR */ - {0xf78, 2, 890}, /* TIBETAN VOWEL SIGN VOCALIC L */ - {0xf79, 2, 892}, /* TIBETAN VOWEL SIGN VOCALIC LL */ - {0xf81, 2, 894}, /* TIBETAN VOWEL SIGN REVERSED II */ - {0xf93, 2, 896}, /* TIBETAN SUBJOINED LETTER GHA */ - {0xf9d, 2, 898}, /* TIBETAN SUBJOINED LETTER DDHA */ - {0xfa2, 2, 900}, /* TIBETAN SUBJOINED LETTER DHA */ - {0xfa7, 2, 902}, /* TIBETAN SUBJOINED LETTER BHA */ - {0xfac, 2, 904}, /* TIBETAN SUBJOINED LETTER DZHA */ - {0xfb9, 2, 906}, /* TIBETAN SUBJOINED LETTER KSSA */ - {0x1026, 2, 908}, /* MYANMAR LETTER UU */ - {0x1d2c, 1, 24}, /* MODIFIER LETTER CAPITAL A */ - {0x1d2d, 1, 422}, /* MODIFIER LETTER CAPITAL AE */ - {0x1d2e, 1, 910}, /* MODIFIER LETTER CAPITAL B */ - {0x1d30, 1, 158}, /* MODIFIER LETTER CAPITAL D */ - {0x1d31, 1, 38}, /* MODIFIER LETTER CAPITAL E */ - {0x1d32, 1, 911}, /* MODIFIER LETTER CAPITAL REVERSED E */ - {0x1d33, 1, 182}, /* MODIFIER LETTER CAPITAL G */ - {0x1d34, 1, 198}, /* MODIFIER LETTER CAPITAL H */ - {0x1d35, 1, 46}, /* MODIFIER LETTER CAPITAL I */ - {0x1d36, 1, 221}, /* MODIFIER LETTER CAPITAL J */ - {0x1d37, 1, 228}, /* MODIFIER LETTER CAPITAL K */ - {0x1d38, 1, 232}, /* MODIFIER LETTER CAPITAL L */ - {0x1d39, 1, 912}, /* MODIFIER LETTER CAPITAL M */ - {0x1d3a, 1, 54}, /* MODIFIER LETTER CAPITAL N */ - {0x1d3c, 1, 56}, /* MODIFIER LETTER CAPITAL O */ - {0x1d3d, 1, 913}, /* MODIFIER LETTER CAPITAL OU */ - {0x1d3e, 1, 914}, /* MODIFIER LETTER CAPITAL P */ - {0x1d3f, 1, 274}, /* MODIFIER LETTER CAPITAL R */ - {0x1d40, 1, 302}, /* MODIFIER LETTER CAPITAL T */ - {0x1d41, 1, 66}, /* MODIFIER LETTER CAPITAL U */ - {0x1d42, 1, 334}, /* MODIFIER LETTER CAPITAL W */ - {0x1d43, 1, 3}, /* MODIFIER LETTER SMALL A */ - {0x1d44, 1, 915}, /* MODIFIER LETTER SMALL TURNED A */ - {0x1d45, 1, 916}, /* MODIFIER LETTER SMALL ALPHA */ - {0x1d46, 1, 917}, /* MODIFIER LETTER SMALL TURNED AE */ - {0x1d47, 1, 918}, /* MODIFIER LETTER SMALL B */ - {0x1d48, 1, 160}, /* MODIFIER LETTER SMALL D */ - {0x1d49, 1, 90}, /* MODIFIER LETTER SMALL E */ - {0x1d4a, 1, 919}, /* MODIFIER LETTER SMALL SCHWA */ - {0x1d4b, 1, 920}, /* MODIFIER LETTER SMALL OPEN E */ - {0x1d4c, 1, 921}, /* MODIFIER LETTER SMALL TURNED OPEN E */ - {0x1d4d, 1, 184}, /* MODIFIER LETTER SMALL G */ - {0x1d4f, 1, 230}, /* MODIFIER LETTER SMALL K */ - {0x1d50, 1, 922}, /* MODIFIER LETTER SMALL M */ - {0x1d51, 1, 923}, /* MODIFIER LETTER SMALL ENG */ - {0x1d52, 1, 14}, /* MODIFIER LETTER SMALL O */ - {0x1d53, 1, 924}, /* MODIFIER LETTER SMALL OPEN O */ - {0x1d54, 1, 925}, /* MODIFIER LETTER SMALL TOP HALF O */ - {0x1d55, 1, 926}, /* MODIFIER LETTER SMALL BOTTOM HALF O */ - {0x1d56, 1, 927}, /* MODIFIER LETTER SMALL P */ - {0x1d57, 1, 304}, /* MODIFIER LETTER SMALL T */ - {0x1d58, 1, 118}, /* MODIFIER LETTER SMALL U */ - {0x1d59, 1, 928}, /* MODIFIER LETTER SMALL SIDEWAYS U */ - {0x1d5a, 1, 929}, /* MODIFIER LETTER SMALL TURNED M */ - {0x1d5b, 1, 930}, /* MODIFIER LETTER SMALL V */ - {0x1d5c, 1, 931}, /* MODIFIER LETTER SMALL AIN */ - {0x1d5d, 1, 630}, /* MODIFIER LETTER SMALL BETA */ - {0x1d5e, 1, 932}, /* MODIFIER LETTER SMALL GREEK GAMMA */ - {0x1d5f, 1, 933}, /* MODIFIER LETTER SMALL DELTA */ - {0x1d60, 1, 636}, /* MODIFIER LETTER SMALL GREEK PHI */ - {0x1d61, 1, 934}, /* MODIFIER LETTER SMALL CHI */ - {0x1d62, 1, 98}, /* LATIN SUBSCRIPT SMALL LETTER I */ - {0x1d63, 1, 276}, /* LATIN SUBSCRIPT SMALL LETTER R */ - {0x1d64, 1, 118}, /* LATIN SUBSCRIPT SMALL LETTER U */ - {0x1d65, 1, 930}, /* LATIN SUBSCRIPT SMALL LETTER V */ - {0x1d66, 1, 630}, /* GREEK SUBSCRIPT SMALL LETTER BETA */ - {0x1d67, 1, 932}, /* GREEK SUBSCRIPT SMALL LETTER GAMMA */ - {0x1d68, 1, 639}, /* GREEK SUBSCRIPT SMALL LETTER RHO */ - {0x1d69, 1, 636}, /* GREEK SUBSCRIPT SMALL LETTER PHI */ - {0x1d6a, 1, 934}, /* GREEK SUBSCRIPT SMALL LETTER CHI */ - {0x1e00, 2, 935}, /* LATIN CAPITAL LETTER A WITH RING BELOW */ - {0x1e01, 2, 937}, /* LATIN SMALL LETTER A WITH RING BELOW */ - {0x1e02, 2, 939}, /* LATIN CAPITAL LETTER B WITH DOT ABOVE */ - {0x1e03, 2, 941}, /* LATIN SMALL LETTER B WITH DOT ABOVE */ - {0x1e04, 2, 943}, /* LATIN CAPITAL LETTER B WITH DOT BELOW */ - {0x1e05, 2, 945}, /* LATIN SMALL LETTER B WITH DOT BELOW */ - {0x1e06, 2, 947}, /* LATIN CAPITAL LETTER B WITH LINE BELOW */ - {0x1e07, 2, 949}, /* LATIN SMALL LETTER B WITH LINE BELOW */ - {0x1e08, 2, 951}, /* LATIN CAPITAL LETTER C WITH CEDILLA AND ACUTE */ - {0x1e09, 2, 953}, /* LATIN SMALL LETTER C WITH CEDILLA AND ACUTE */ - {0x1e0a, 2, 955}, /* LATIN CAPITAL LETTER D WITH DOT ABOVE */ - {0x1e0b, 2, 957}, /* LATIN SMALL LETTER D WITH DOT ABOVE */ - {0x1e0c, 2, 959}, /* LATIN CAPITAL LETTER D WITH DOT BELOW */ - {0x1e0d, 2, 961}, /* LATIN SMALL LETTER D WITH DOT BELOW */ - {0x1e0e, 2, 963}, /* LATIN CAPITAL LETTER D WITH LINE BELOW */ - {0x1e0f, 2, 965}, /* LATIN SMALL LETTER D WITH LINE BELOW */ - {0x1e10, 2, 967}, /* LATIN CAPITAL LETTER D WITH CEDILLA */ - {0x1e11, 2, 969}, /* LATIN SMALL LETTER D WITH CEDILLA */ - {0x1e12, 2, 971}, /* LATIN CAPITAL LETTER D WITH CIRCUMFLEX BELOW */ - {0x1e13, 2, 973}, /* LATIN SMALL LETTER D WITH CIRCUMFLEX BELOW */ - {0x1e14, 2, 975}, /* LATIN CAPITAL LETTER E WITH MACRON AND GRAVE */ - {0x1e15, 2, 977}, /* LATIN SMALL LETTER E WITH MACRON AND GRAVE */ - {0x1e16, 2, 979}, /* LATIN CAPITAL LETTER E WITH MACRON AND ACUTE */ - {0x1e17, 2, 981}, /* LATIN SMALL LETTER E WITH MACRON AND ACUTE */ - {0x1e18, 2, 983}, /* LATIN CAPITAL LETTER E WITH CIRCUMFLEX BELOW */ - {0x1e19, 2, 985}, /* LATIN SMALL LETTER E WITH CIRCUMFLEX BELOW */ - {0x1e1a, 2, 987}, /* LATIN CAPITAL LETTER E WITH TILDE BELOW */ - {0x1e1b, 2, 989}, /* LATIN SMALL LETTER E WITH TILDE BELOW */ - {0x1e1c, 2, 991}, /* LATIN CAPITAL LETTER E WITH CEDILLA AND BREVE */ - {0x1e1d, 2, 993}, /* LATIN SMALL LETTER E WITH CEDILLA AND BREVE */ - {0x1e1e, 2, 995}, /* LATIN CAPITAL LETTER F WITH DOT ABOVE */ - {0x1e1f, 2, 997}, /* LATIN SMALL LETTER F WITH DOT ABOVE */ - {0x1e20, 2, 999}, /* LATIN CAPITAL LETTER G WITH MACRON */ - {0x1e21, 2, 1001}, /* LATIN SMALL LETTER G WITH MACRON */ - {0x1e22, 2, 1003}, /* LATIN CAPITAL LETTER H WITH DOT ABOVE */ - {0x1e23, 2, 1005}, /* LATIN SMALL LETTER H WITH DOT ABOVE */ - {0x1e24, 2, 1007}, /* LATIN CAPITAL LETTER H WITH DOT BELOW */ - {0x1e25, 2, 1009}, /* LATIN SMALL LETTER H WITH DOT BELOW */ - {0x1e26, 2, 1011}, /* LATIN CAPITAL LETTER H WITH DIAERESIS */ - {0x1e27, 2, 1013}, /* LATIN SMALL LETTER H WITH DIAERESIS */ - {0x1e28, 2, 1015}, /* LATIN CAPITAL LETTER H WITH CEDILLA */ - {0x1e29, 2, 1017}, /* LATIN SMALL LETTER H WITH CEDILLA */ - {0x1e2a, 2, 1019}, /* LATIN CAPITAL LETTER H WITH BREVE BELOW */ - {0x1e2b, 2, 1021}, /* LATIN SMALL LETTER H WITH BREVE BELOW */ - {0x1e2c, 2, 1023}, /* LATIN CAPITAL LETTER I WITH TILDE BELOW */ - {0x1e2d, 2, 1025}, /* LATIN SMALL LETTER I WITH TILDE BELOW */ - {0x1e2e, 2, 1027}, /* LATIN CAPITAL LETTER I WITH DIAERESIS AND ACUTE */ - {0x1e2f, 2, 1029}, /* LATIN SMALL LETTER I WITH DIAERESIS AND ACUTE */ - {0x1e30, 2, 1031}, /* LATIN CAPITAL LETTER K WITH ACUTE */ - {0x1e31, 2, 1033}, /* LATIN SMALL LETTER K WITH ACUTE */ - {0x1e32, 2, 1035}, /* LATIN CAPITAL LETTER K WITH DOT BELOW */ - {0x1e33, 2, 1037}, /* LATIN SMALL LETTER K WITH DOT BELOW */ - {0x1e34, 2, 1039}, /* LATIN CAPITAL LETTER K WITH LINE BELOW */ - {0x1e35, 2, 1041}, /* LATIN SMALL LETTER K WITH LINE BELOW */ - {0x1e36, 2, 1043}, /* LATIN CAPITAL LETTER L WITH DOT BELOW */ - {0x1e37, 2, 1045}, /* LATIN SMALL LETTER L WITH DOT BELOW */ - {0x1e38, 2, 1047}, /* LATIN CAPITAL LETTER L WITH DOT BELOW AND MACRON */ - {0x1e39, 2, 1049}, /* LATIN SMALL LETTER L WITH DOT BELOW AND MACRON */ - {0x1e3a, 2, 1051}, /* LATIN CAPITAL LETTER L WITH LINE BELOW */ - {0x1e3b, 2, 1053}, /* LATIN SMALL LETTER L WITH LINE BELOW */ - {0x1e3c, 2, 1055}, /* LATIN CAPITAL LETTER L WITH CIRCUMFLEX BELOW */ - {0x1e3d, 2, 1057}, /* LATIN SMALL LETTER L WITH CIRCUMFLEX BELOW */ - {0x1e3e, 2, 1059}, /* LATIN CAPITAL LETTER M WITH ACUTE */ - {0x1e3f, 2, 1061}, /* LATIN SMALL LETTER M WITH ACUTE */ - {0x1e40, 2, 1063}, /* LATIN CAPITAL LETTER M WITH DOT ABOVE */ - {0x1e41, 2, 1065}, /* LATIN SMALL LETTER M WITH DOT ABOVE */ - {0x1e42, 2, 1067}, /* LATIN CAPITAL LETTER M WITH DOT BELOW */ - {0x1e43, 2, 1069}, /* LATIN SMALL LETTER M WITH DOT BELOW */ - {0x1e44, 2, 1071}, /* LATIN CAPITAL LETTER N WITH DOT ABOVE */ - {0x1e45, 2, 1073}, /* LATIN SMALL LETTER N WITH DOT ABOVE */ - {0x1e46, 2, 1075}, /* LATIN CAPITAL LETTER N WITH DOT BELOW */ - {0x1e47, 2, 1077}, /* LATIN SMALL LETTER N WITH DOT BELOW */ - {0x1e48, 2, 1079}, /* LATIN CAPITAL LETTER N WITH LINE BELOW */ - {0x1e49, 2, 1081}, /* LATIN SMALL LETTER N WITH LINE BELOW */ - {0x1e4a, 2, 1083}, /* LATIN CAPITAL LETTER N WITH CIRCUMFLEX BELOW */ - {0x1e4b, 2, 1085}, /* LATIN SMALL LETTER N WITH CIRCUMFLEX BELOW */ - {0x1e4c, 2, 1087}, /* LATIN CAPITAL LETTER O WITH TILDE AND ACUTE */ - {0x1e4d, 2, 1089}, /* LATIN SMALL LETTER O WITH TILDE AND ACUTE */ - {0x1e4e, 2, 1091}, /* LATIN CAPITAL LETTER O WITH TILDE AND DIAERESIS */ - {0x1e4f, 2, 1093}, /* LATIN SMALL LETTER O WITH TILDE AND DIAERESIS */ - {0x1e50, 2, 1095}, /* LATIN CAPITAL LETTER O WITH MACRON AND GRAVE */ - {0x1e51, 2, 1097}, /* LATIN SMALL LETTER O WITH MACRON AND GRAVE */ - {0x1e52, 2, 1099}, /* LATIN CAPITAL LETTER O WITH MACRON AND ACUTE */ - {0x1e53, 2, 1101}, /* LATIN SMALL LETTER O WITH MACRON AND ACUTE */ - {0x1e54, 2, 1103}, /* LATIN CAPITAL LETTER P WITH ACUTE */ - {0x1e55, 2, 1105}, /* LATIN SMALL LETTER P WITH ACUTE */ - {0x1e56, 2, 1107}, /* LATIN CAPITAL LETTER P WITH DOT ABOVE */ - {0x1e57, 2, 1109}, /* LATIN SMALL LETTER P WITH DOT ABOVE */ - {0x1e58, 2, 1111}, /* LATIN CAPITAL LETTER R WITH DOT ABOVE */ - {0x1e59, 2, 1113}, /* LATIN SMALL LETTER R WITH DOT ABOVE */ - {0x1e5a, 2, 1115}, /* LATIN CAPITAL LETTER R WITH DOT BELOW */ - {0x1e5b, 2, 1117}, /* LATIN SMALL LETTER R WITH DOT BELOW */ - {0x1e5c, 2, 1119}, /* LATIN CAPITAL LETTER R WITH DOT BELOW AND MACRON */ - {0x1e5d, 2, 1121}, /* LATIN SMALL LETTER R WITH DOT BELOW AND MACRON */ - {0x1e5e, 2, 1123}, /* LATIN CAPITAL LETTER R WITH LINE BELOW */ - {0x1e5f, 2, 1125}, /* LATIN SMALL LETTER R WITH LINE BELOW */ - {0x1e60, 2, 1127}, /* LATIN CAPITAL LETTER S WITH DOT ABOVE */ - {0x1e61, 2, 1129}, /* LATIN SMALL LETTER S WITH DOT ABOVE */ - {0x1e62, 2, 1131}, /* LATIN CAPITAL LETTER S WITH DOT BELOW */ - {0x1e63, 2, 1133}, /* LATIN SMALL LETTER S WITH DOT BELOW */ - {0x1e64, 2, 1135}, /* LATIN CAPITAL LETTER S WITH ACUTE AND DOT ABOVE */ - {0x1e65, 2, 1137}, /* LATIN SMALL LETTER S WITH ACUTE AND DOT ABOVE */ - {0x1e66, 2, 1139}, /* LATIN CAPITAL LETTER S WITH CARON AND DOT ABOVE */ - {0x1e67, 2, 1141}, /* LATIN SMALL LETTER S WITH CARON AND DOT ABOVE */ - {0x1e68, 2, 1143}, /* LATIN CAPITAL LETTER S WITH DOT BELOW AND DOT ABOVE */ - {0x1e69, 2, 1145}, /* LATIN SMALL LETTER S WITH DOT BELOW AND DOT ABOVE */ - {0x1e6a, 2, 1147}, /* LATIN CAPITAL LETTER T WITH DOT ABOVE */ - {0x1e6b, 2, 1149}, /* LATIN SMALL LETTER T WITH DOT ABOVE */ - {0x1e6c, 2, 1151}, /* LATIN CAPITAL LETTER T WITH DOT BELOW */ - {0x1e6d, 2, 1153}, /* LATIN SMALL LETTER T WITH DOT BELOW */ - {0x1e6e, 2, 1155}, /* LATIN CAPITAL LETTER T WITH LINE BELOW */ - {0x1e6f, 2, 1157}, /* LATIN SMALL LETTER T WITH LINE BELOW */ - {0x1e70, 2, 1159}, /* LATIN CAPITAL LETTER T WITH CIRCUMFLEX BELOW */ - {0x1e71, 2, 1161}, /* LATIN SMALL LETTER T WITH CIRCUMFLEX BELOW */ - {0x1e72, 2, 1163}, /* LATIN CAPITAL LETTER U WITH DIAERESIS BELOW */ - {0x1e73, 2, 1165}, /* LATIN SMALL LETTER U WITH DIAERESIS BELOW */ - {0x1e74, 2, 1167}, /* LATIN CAPITAL LETTER U WITH TILDE BELOW */ - {0x1e75, 2, 1169}, /* LATIN SMALL LETTER U WITH TILDE BELOW */ - {0x1e76, 2, 1171}, /* LATIN CAPITAL LETTER U WITH CIRCUMFLEX BELOW */ - {0x1e77, 2, 1173}, /* LATIN SMALL LETTER U WITH CIRCUMFLEX BELOW */ - {0x1e78, 2, 1175}, /* LATIN CAPITAL LETTER U WITH TILDE AND ACUTE */ - {0x1e79, 2, 1177}, /* LATIN SMALL LETTER U WITH TILDE AND ACUTE */ - {0x1e7a, 2, 1179}, /* LATIN CAPITAL LETTER U WITH MACRON AND DIAERESIS */ - {0x1e7b, 2, 1181}, /* LATIN SMALL LETTER U WITH MACRON AND DIAERESIS */ - {0x1e7c, 2, 1183}, /* LATIN CAPITAL LETTER V WITH TILDE */ - {0x1e7d, 2, 1185}, /* LATIN SMALL LETTER V WITH TILDE */ - {0x1e7e, 2, 1187}, /* LATIN CAPITAL LETTER V WITH DOT BELOW */ - {0x1e7f, 2, 1189}, /* LATIN SMALL LETTER V WITH DOT BELOW */ - {0x1e80, 2, 1191}, /* LATIN CAPITAL LETTER W WITH GRAVE */ - {0x1e81, 2, 1193}, /* LATIN SMALL LETTER W WITH GRAVE */ - {0x1e82, 2, 1195}, /* LATIN CAPITAL LETTER W WITH ACUTE */ - {0x1e83, 2, 1197}, /* LATIN SMALL LETTER W WITH ACUTE */ - {0x1e84, 2, 1199}, /* LATIN CAPITAL LETTER W WITH DIAERESIS */ - {0x1e85, 2, 1201}, /* LATIN SMALL LETTER W WITH DIAERESIS */ - {0x1e86, 2, 1203}, /* LATIN CAPITAL LETTER W WITH DOT ABOVE */ - {0x1e87, 2, 1205}, /* LATIN SMALL LETTER W WITH DOT ABOVE */ - {0x1e88, 2, 1207}, /* LATIN CAPITAL LETTER W WITH DOT BELOW */ - {0x1e89, 2, 1209}, /* LATIN SMALL LETTER W WITH DOT BELOW */ - {0x1e8a, 2, 1211}, /* LATIN CAPITAL LETTER X WITH DOT ABOVE */ - {0x1e8b, 2, 1213}, /* LATIN SMALL LETTER X WITH DOT ABOVE */ - {0x1e8c, 2, 1215}, /* LATIN CAPITAL LETTER X WITH DIAERESIS */ - {0x1e8d, 2, 1217}, /* LATIN SMALL LETTER X WITH DIAERESIS */ - {0x1e8e, 2, 1219}, /* LATIN CAPITAL LETTER Y WITH DOT ABOVE */ - {0x1e8f, 2, 1221}, /* LATIN SMALL LETTER Y WITH DOT ABOVE */ - {0x1e90, 2, 1223}, /* LATIN CAPITAL LETTER Z WITH CIRCUMFLEX */ - {0x1e91, 2, 1225}, /* LATIN SMALL LETTER Z WITH CIRCUMFLEX */ - {0x1e92, 2, 1227}, /* LATIN CAPITAL LETTER Z WITH DOT BELOW */ - {0x1e93, 2, 1229}, /* LATIN SMALL LETTER Z WITH DOT BELOW */ - {0x1e94, 2, 1231}, /* LATIN CAPITAL LETTER Z WITH LINE BELOW */ - {0x1e95, 2, 1233}, /* LATIN SMALL LETTER Z WITH LINE BELOW */ - {0x1e96, 2, 1235}, /* LATIN SMALL LETTER H WITH LINE BELOW */ - {0x1e97, 2, 1237}, /* LATIN SMALL LETTER T WITH DIAERESIS */ - {0x1e98, 2, 1239}, /* LATIN SMALL LETTER W WITH RING ABOVE */ - {0x1e99, 2, 1241}, /* LATIN SMALL LETTER Y WITH RING ABOVE */ - {0x1e9a, 2, 1243}, /* LATIN SMALL LETTER A WITH RIGHT HALF RING */ - {0x1e9b, 2, 1245}, /* LATIN SMALL LETTER LONG S WITH DOT ABOVE */ - {0x1ea0, 2, 1247}, /* LATIN CAPITAL LETTER A WITH DOT BELOW */ - {0x1ea1, 2, 1249}, /* LATIN SMALL LETTER A WITH DOT BELOW */ - {0x1ea2, 2, 1251}, /* LATIN CAPITAL LETTER A WITH HOOK ABOVE */ - {0x1ea3, 2, 1253}, /* LATIN SMALL LETTER A WITH HOOK ABOVE */ - {0x1ea4, 2, 1255}, /* LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND ACUTE */ - {0x1ea5, 2, 1257}, /* LATIN SMALL LETTER A WITH CIRCUMFLEX AND ACUTE */ - {0x1ea6, 2, 1259}, /* LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND GRAVE */ - {0x1ea7, 2, 1261}, /* LATIN SMALL LETTER A WITH CIRCUMFLEX AND GRAVE */ - {0x1ea8, 2, 1263}, /* LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND HOOK ABOVE */ - {0x1ea9, 2, 1265}, /* LATIN SMALL LETTER A WITH CIRCUMFLEX AND HOOK ABOVE */ - {0x1eaa, 2, 1267}, /* LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND TILDE */ - {0x1eab, 2, 1269}, /* LATIN SMALL LETTER A WITH CIRCUMFLEX AND TILDE */ - {0x1eac, 2, 1271}, /* LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND DOT BELOW */ - {0x1ead, 2, 1273}, /* LATIN SMALL LETTER A WITH CIRCUMFLEX AND DOT BELOW */ - {0x1eae, 2, 1275}, /* LATIN CAPITAL LETTER A WITH BREVE AND ACUTE */ - {0x1eaf, 2, 1277}, /* LATIN SMALL LETTER A WITH BREVE AND ACUTE */ - {0x1eb0, 2, 1279}, /* LATIN CAPITAL LETTER A WITH BREVE AND GRAVE */ - {0x1eb1, 2, 1281}, /* LATIN SMALL LETTER A WITH BREVE AND GRAVE */ - {0x1eb2, 2, 1283}, /* LATIN CAPITAL LETTER A WITH BREVE AND HOOK ABOVE */ - {0x1eb3, 2, 1285}, /* LATIN SMALL LETTER A WITH BREVE AND HOOK ABOVE */ - {0x1eb4, 2, 1287}, /* LATIN CAPITAL LETTER A WITH BREVE AND TILDE */ - {0x1eb5, 2, 1289}, /* LATIN SMALL LETTER A WITH BREVE AND TILDE */ - {0x1eb6, 2, 1291}, /* LATIN CAPITAL LETTER A WITH BREVE AND DOT BELOW */ - {0x1eb7, 2, 1293}, /* LATIN SMALL LETTER A WITH BREVE AND DOT BELOW */ - {0x1eb8, 2, 1295}, /* LATIN CAPITAL LETTER E WITH DOT BELOW */ - {0x1eb9, 2, 1297}, /* LATIN SMALL LETTER E WITH DOT BELOW */ - {0x1eba, 2, 1299}, /* LATIN CAPITAL LETTER E WITH HOOK ABOVE */ - {0x1ebb, 2, 1301}, /* LATIN SMALL LETTER E WITH HOOK ABOVE */ - {0x1ebc, 2, 1303}, /* LATIN CAPITAL LETTER E WITH TILDE */ - {0x1ebd, 2, 1305}, /* LATIN SMALL LETTER E WITH TILDE */ - {0x1ebe, 2, 1307}, /* LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND ACUTE */ - {0x1ebf, 2, 1309}, /* LATIN SMALL LETTER E WITH CIRCUMFLEX AND ACUTE */ - {0x1ec0, 2, 1311}, /* LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND GRAVE */ - {0x1ec1, 2, 1313}, /* LATIN SMALL LETTER E WITH CIRCUMFLEX AND GRAVE */ - {0x1ec2, 2, 1315}, /* LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND HOOK ABOVE */ - {0x1ec3, 2, 1317}, /* LATIN SMALL LETTER E WITH CIRCUMFLEX AND HOOK ABOVE */ - {0x1ec4, 2, 1319}, /* LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND TILDE */ - {0x1ec5, 2, 1321}, /* LATIN SMALL LETTER E WITH CIRCUMFLEX AND TILDE */ - {0x1ec6, 2, 1323}, /* LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND DOT BELOW */ - {0x1ec7, 2, 1325}, /* LATIN SMALL LETTER E WITH CIRCUMFLEX AND DOT BELOW */ - {0x1ec8, 2, 1327}, /* LATIN CAPITAL LETTER I WITH HOOK ABOVE */ - {0x1ec9, 2, 1329}, /* LATIN SMALL LETTER I WITH HOOK ABOVE */ - {0x1eca, 2, 1331}, /* LATIN CAPITAL LETTER I WITH DOT BELOW */ - {0x1ecb, 2, 1333}, /* LATIN SMALL LETTER I WITH DOT BELOW */ - {0x1ecc, 2, 1335}, /* LATIN CAPITAL LETTER O WITH DOT BELOW */ - {0x1ecd, 2, 1337}, /* LATIN SMALL LETTER O WITH DOT BELOW */ - {0x1ece, 2, 1339}, /* LATIN CAPITAL LETTER O WITH HOOK ABOVE */ - {0x1ecf, 2, 1341}, /* LATIN SMALL LETTER O WITH HOOK ABOVE */ - {0x1ed0, 2, 1343}, /* LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND ACUTE */ - {0x1ed1, 2, 1345}, /* LATIN SMALL LETTER O WITH CIRCUMFLEX AND ACUTE */ - {0x1ed2, 2, 1347}, /* LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND GRAVE */ - {0x1ed3, 2, 1349}, /* LATIN SMALL LETTER O WITH CIRCUMFLEX AND GRAVE */ - {0x1ed4, 2, 1351}, /* LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND HOOK ABOVE */ - {0x1ed5, 2, 1353}, /* LATIN SMALL LETTER O WITH CIRCUMFLEX AND HOOK ABOVE */ - {0x1ed6, 2, 1355}, /* LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND TILDE */ - {0x1ed7, 2, 1357}, /* LATIN SMALL LETTER O WITH CIRCUMFLEX AND TILDE */ - {0x1ed8, 2, 1359}, /* LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND DOT BELOW */ - {0x1ed9, 2, 1361}, /* LATIN SMALL LETTER O WITH CIRCUMFLEX AND DOT BELOW */ - {0x1eda, 2, 1363}, /* LATIN CAPITAL LETTER O WITH HORN AND ACUTE */ - {0x1edb, 2, 1365}, /* LATIN SMALL LETTER O WITH HORN AND ACUTE */ - {0x1edc, 2, 1367}, /* LATIN CAPITAL LETTER O WITH HORN AND GRAVE */ - {0x1edd, 2, 1369}, /* LATIN SMALL LETTER O WITH HORN AND GRAVE */ - {0x1ede, 2, 1371}, /* LATIN CAPITAL LETTER O WITH HORN AND HOOK ABOVE */ - {0x1edf, 2, 1373}, /* LATIN SMALL LETTER O WITH HORN AND HOOK ABOVE */ - {0x1ee0, 2, 1375}, /* LATIN CAPITAL LETTER O WITH HORN AND TILDE */ - {0x1ee1, 2, 1377}, /* LATIN SMALL LETTER O WITH HORN AND TILDE */ - {0x1ee2, 2, 1379}, /* LATIN CAPITAL LETTER O WITH HORN AND DOT BELOW */ - {0x1ee3, 2, 1381}, /* LATIN SMALL LETTER O WITH HORN AND DOT BELOW */ - {0x1ee4, 2, 1383}, /* LATIN CAPITAL LETTER U WITH DOT BELOW */ - {0x1ee5, 2, 1385}, /* LATIN SMALL LETTER U WITH DOT BELOW */ - {0x1ee6, 2, 1387}, /* LATIN CAPITAL LETTER U WITH HOOK ABOVE */ - {0x1ee7, 2, 1389}, /* LATIN SMALL LETTER U WITH HOOK ABOVE */ - {0x1ee8, 2, 1391}, /* LATIN CAPITAL LETTER U WITH HORN AND ACUTE */ - {0x1ee9, 2, 1393}, /* LATIN SMALL LETTER U WITH HORN AND ACUTE */ - {0x1eea, 2, 1395}, /* LATIN CAPITAL LETTER U WITH HORN AND GRAVE */ - {0x1eeb, 2, 1397}, /* LATIN SMALL LETTER U WITH HORN AND GRAVE */ - {0x1eec, 2, 1399}, /* LATIN CAPITAL LETTER U WITH HORN AND HOOK ABOVE */ - {0x1eed, 2, 1401}, /* LATIN SMALL LETTER U WITH HORN AND HOOK ABOVE */ - {0x1eee, 2, 1403}, /* LATIN CAPITAL LETTER U WITH HORN AND TILDE */ - {0x1eef, 2, 1405}, /* LATIN SMALL LETTER U WITH HORN AND TILDE */ - {0x1ef0, 2, 1407}, /* LATIN CAPITAL LETTER U WITH HORN AND DOT BELOW */ - {0x1ef1, 2, 1409}, /* LATIN SMALL LETTER U WITH HORN AND DOT BELOW */ - {0x1ef2, 2, 1411}, /* LATIN CAPITAL LETTER Y WITH GRAVE */ - {0x1ef3, 2, 1413}, /* LATIN SMALL LETTER Y WITH GRAVE */ - {0x1ef4, 2, 1415}, /* LATIN CAPITAL LETTER Y WITH DOT BELOW */ - {0x1ef5, 2, 1417}, /* LATIN SMALL LETTER Y WITH DOT BELOW */ - {0x1ef6, 2, 1419}, /* LATIN CAPITAL LETTER Y WITH HOOK ABOVE */ - {0x1ef7, 2, 1421}, /* LATIN SMALL LETTER Y WITH HOOK ABOVE */ - {0x1ef8, 2, 1423}, /* LATIN CAPITAL LETTER Y WITH TILDE */ - {0x1ef9, 2, 1425}, /* LATIN SMALL LETTER Y WITH TILDE */ - {0x1f00, 2, 1427}, /* GREEK SMALL LETTER ALPHA WITH PSILI */ - {0x1f01, 2, 1429}, /* GREEK SMALL LETTER ALPHA WITH DASIA */ - {0x1f02, 2, 1431}, /* GREEK SMALL LETTER ALPHA WITH PSILI AND VARIA */ - {0x1f03, 2, 1433}, /* GREEK SMALL LETTER ALPHA WITH DASIA AND VARIA */ - {0x1f04, 2, 1435}, /* GREEK SMALL LETTER ALPHA WITH PSILI AND OXIA */ - {0x1f05, 2, 1437}, /* GREEK SMALL LETTER ALPHA WITH DASIA AND OXIA */ - {0x1f06, 2, 1439}, /* GREEK SMALL LETTER ALPHA WITH PSILI AND PERISPOMENI */ - {0x1f07, 2, 1441}, /* GREEK SMALL LETTER ALPHA WITH DASIA AND PERISPOMENI */ - {0x1f08, 2, 1443}, /* GREEK CAPITAL LETTER ALPHA WITH PSILI */ - {0x1f09, 2, 1445}, /* GREEK CAPITAL LETTER ALPHA WITH DASIA */ - {0x1f0a, 2, 1447}, /* GREEK CAPITAL LETTER ALPHA WITH PSILI AND VARIA */ - {0x1f0b, 2, 1449}, /* GREEK CAPITAL LETTER ALPHA WITH DASIA AND VARIA */ - {0x1f0c, 2, 1451}, /* GREEK CAPITAL LETTER ALPHA WITH PSILI AND OXIA */ - {0x1f0d, 2, 1453}, /* GREEK CAPITAL LETTER ALPHA WITH DASIA AND OXIA */ - {0x1f0e, 2, 1455}, /* GREEK CAPITAL LETTER ALPHA WITH PSILI AND PERISPOMENI */ - {0x1f0f, 2, 1457}, /* GREEK CAPITAL LETTER ALPHA WITH DASIA AND PERISPOMENI */ - {0x1f10, 2, 1459}, /* GREEK SMALL LETTER EPSILON WITH PSILI */ - {0x1f11, 2, 1461}, /* GREEK SMALL LETTER EPSILON WITH DASIA */ - {0x1f12, 2, 1463}, /* GREEK SMALL LETTER EPSILON WITH PSILI AND VARIA */ - {0x1f13, 2, 1465}, /* GREEK SMALL LETTER EPSILON WITH DASIA AND VARIA */ - {0x1f14, 2, 1467}, /* GREEK SMALL LETTER EPSILON WITH PSILI AND OXIA */ - {0x1f15, 2, 1469}, /* GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA */ - {0x1f18, 2, 1471}, /* GREEK CAPITAL LETTER EPSILON WITH PSILI */ - {0x1f19, 2, 1473}, /* GREEK CAPITAL LETTER EPSILON WITH DASIA */ - {0x1f1a, 2, 1475}, /* GREEK CAPITAL LETTER EPSILON WITH PSILI AND VARIA */ - {0x1f1b, 2, 1477}, /* GREEK CAPITAL LETTER EPSILON WITH DASIA AND VARIA */ - {0x1f1c, 2, 1479}, /* GREEK CAPITAL LETTER EPSILON WITH PSILI AND OXIA */ - {0x1f1d, 2, 1481}, /* GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA */ - {0x1f20, 2, 1483}, /* GREEK SMALL LETTER ETA WITH PSILI */ - {0x1f21, 2, 1485}, /* GREEK SMALL LETTER ETA WITH DASIA */ - {0x1f22, 2, 1487}, /* GREEK SMALL LETTER ETA WITH PSILI AND VARIA */ - {0x1f23, 2, 1489}, /* GREEK SMALL LETTER ETA WITH DASIA AND VARIA */ - {0x1f24, 2, 1491}, /* GREEK SMALL LETTER ETA WITH PSILI AND OXIA */ - {0x1f25, 2, 1493}, /* GREEK SMALL LETTER ETA WITH DASIA AND OXIA */ - {0x1f26, 2, 1495}, /* GREEK SMALL LETTER ETA WITH PSILI AND PERISPOMENI */ - {0x1f27, 2, 1497}, /* GREEK SMALL LETTER ETA WITH DASIA AND PERISPOMENI */ - {0x1f28, 2, 1499}, /* GREEK CAPITAL LETTER ETA WITH PSILI */ - {0x1f29, 2, 1501}, /* GREEK CAPITAL LETTER ETA WITH DASIA */ - {0x1f2a, 2, 1503}, /* GREEK CAPITAL LETTER ETA WITH PSILI AND VARIA */ - {0x1f2b, 2, 1505}, /* GREEK CAPITAL LETTER ETA WITH DASIA AND VARIA */ - {0x1f2c, 2, 1507}, /* GREEK CAPITAL LETTER ETA WITH PSILI AND OXIA */ - {0x1f2d, 2, 1509}, /* GREEK CAPITAL LETTER ETA WITH DASIA AND OXIA */ - {0x1f2e, 2, 1511}, /* GREEK CAPITAL LETTER ETA WITH PSILI AND PERISPOMENI */ - {0x1f2f, 2, 1513}, /* GREEK CAPITAL LETTER ETA WITH DASIA AND PERISPOMENI */ - {0x1f30, 2, 1515}, /* GREEK SMALL LETTER IOTA WITH PSILI */ - {0x1f31, 2, 1517}, /* GREEK SMALL LETTER IOTA WITH DASIA */ - {0x1f32, 2, 1519}, /* GREEK SMALL LETTER IOTA WITH PSILI AND VARIA */ - {0x1f33, 2, 1521}, /* GREEK SMALL LETTER IOTA WITH DASIA AND VARIA */ - {0x1f34, 2, 1523}, /* GREEK SMALL LETTER IOTA WITH PSILI AND OXIA */ - {0x1f35, 2, 1525}, /* GREEK SMALL LETTER IOTA WITH DASIA AND OXIA */ - {0x1f36, 2, 1527}, /* GREEK SMALL LETTER IOTA WITH PSILI AND PERISPOMENI */ - {0x1f37, 2, 1529}, /* GREEK SMALL LETTER IOTA WITH DASIA AND PERISPOMENI */ - {0x1f38, 2, 1531}, /* GREEK CAPITAL LETTER IOTA WITH PSILI */ - {0x1f39, 2, 1533}, /* GREEK CAPITAL LETTER IOTA WITH DASIA */ - {0x1f3a, 2, 1535}, /* GREEK CAPITAL LETTER IOTA WITH PSILI AND VARIA */ - {0x1f3b, 2, 1537}, /* GREEK CAPITAL LETTER IOTA WITH DASIA AND VARIA */ - {0x1f3c, 2, 1539}, /* GREEK CAPITAL LETTER IOTA WITH PSILI AND OXIA */ - {0x1f3d, 2, 1541}, /* GREEK CAPITAL LETTER IOTA WITH DASIA AND OXIA */ - {0x1f3e, 2, 1543}, /* GREEK CAPITAL LETTER IOTA WITH PSILI AND PERISPOMENI */ - {0x1f3f, 2, 1545}, /* GREEK CAPITAL LETTER IOTA WITH DASIA AND PERISPOMENI */ - {0x1f40, 2, 1547}, /* GREEK SMALL LETTER OMICRON WITH PSILI */ - {0x1f41, 2, 1549}, /* GREEK SMALL LETTER OMICRON WITH DASIA */ - {0x1f42, 2, 1551}, /* GREEK SMALL LETTER OMICRON WITH PSILI AND VARIA */ - {0x1f43, 2, 1553}, /* GREEK SMALL LETTER OMICRON WITH DASIA AND VARIA */ - {0x1f44, 2, 1555}, /* GREEK SMALL LETTER OMICRON WITH PSILI AND OXIA */ - {0x1f45, 2, 1557}, /* GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA */ - {0x1f48, 2, 1559}, /* GREEK CAPITAL LETTER OMICRON WITH PSILI */ - {0x1f49, 2, 1561}, /* GREEK CAPITAL LETTER OMICRON WITH DASIA */ - {0x1f4a, 2, 1563}, /* GREEK CAPITAL LETTER OMICRON WITH PSILI AND VARIA */ - {0x1f4b, 2, 1565}, /* GREEK CAPITAL LETTER OMICRON WITH DASIA AND VARIA */ - {0x1f4c, 2, 1567}, /* GREEK CAPITAL LETTER OMICRON WITH PSILI AND OXIA */ - {0x1f4d, 2, 1569}, /* GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA */ - {0x1f50, 2, 1571}, /* GREEK SMALL LETTER UPSILON WITH PSILI */ - {0x1f51, 2, 1573}, /* GREEK SMALL LETTER UPSILON WITH DASIA */ - {0x1f52, 2, 1575}, /* GREEK SMALL LETTER UPSILON WITH PSILI AND VARIA */ - {0x1f53, 2, 1577}, /* GREEK SMALL LETTER UPSILON WITH DASIA AND VARIA */ - {0x1f54, 2, 1579}, /* GREEK SMALL LETTER UPSILON WITH PSILI AND OXIA */ - {0x1f55, 2, 1581}, /* GREEK SMALL LETTER UPSILON WITH DASIA AND OXIA */ - {0x1f56, 2, 1583}, /* GREEK SMALL LETTER UPSILON WITH PSILI AND PERISPOMENI */ - {0x1f57, 2, 1585}, /* GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI */ - {0x1f59, 2, 1587}, /* GREEK CAPITAL LETTER UPSILON WITH DASIA */ - {0x1f5b, 2, 1589}, /* GREEK CAPITAL LETTER UPSILON WITH DASIA AND VARIA */ - {0x1f5d, 2, 1591}, /* GREEK CAPITAL LETTER UPSILON WITH DASIA AND OXIA */ - {0x1f5f, 2, 1593}, /* GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI */ - {0x1f60, 2, 1595}, /* GREEK SMALL LETTER OMEGA WITH PSILI */ - {0x1f61, 2, 1597}, /* GREEK SMALL LETTER OMEGA WITH DASIA */ - {0x1f62, 2, 1599}, /* GREEK SMALL LETTER OMEGA WITH PSILI AND VARIA */ - {0x1f63, 2, 1601}, /* GREEK SMALL LETTER OMEGA WITH DASIA AND VARIA */ - {0x1f64, 2, 1603}, /* GREEK SMALL LETTER OMEGA WITH PSILI AND OXIA */ - {0x1f65, 2, 1605}, /* GREEK SMALL LETTER OMEGA WITH DASIA AND OXIA */ - {0x1f66, 2, 1607}, /* GREEK SMALL LETTER OMEGA WITH PSILI AND PERISPOMENI */ - {0x1f67, 2, 1609}, /* GREEK SMALL LETTER OMEGA WITH DASIA AND PERISPOMENI */ - {0x1f68, 2, 1611}, /* GREEK CAPITAL LETTER OMEGA WITH PSILI */ - {0x1f69, 2, 1613}, /* GREEK CAPITAL LETTER OMEGA WITH DASIA */ - {0x1f6a, 2, 1615}, /* GREEK CAPITAL LETTER OMEGA WITH PSILI AND VARIA */ - {0x1f6b, 2, 1617}, /* GREEK CAPITAL LETTER OMEGA WITH DASIA AND VARIA */ - {0x1f6c, 2, 1619}, /* GREEK CAPITAL LETTER OMEGA WITH PSILI AND OXIA */ - {0x1f6d, 2, 1621}, /* GREEK CAPITAL LETTER OMEGA WITH DASIA AND OXIA */ - {0x1f6e, 2, 1623}, /* GREEK CAPITAL LETTER OMEGA WITH PSILI AND PERISPOMENI */ - {0x1f6f, 2, 1625}, /* GREEK CAPITAL LETTER OMEGA WITH DASIA AND PERISPOMENI */ - {0x1f70, 2, 1627}, /* GREEK SMALL LETTER ALPHA WITH VARIA */ - {0x1f71, 1, 1629}, /* GREEK SMALL LETTER ALPHA WITH OXIA */ - {0x1f72, 2, 1630}, /* GREEK SMALL LETTER EPSILON WITH VARIA */ - {0x1f73, 1, 1632}, /* GREEK SMALL LETTER EPSILON WITH OXIA */ - {0x1f74, 2, 1633}, /* GREEK SMALL LETTER ETA WITH VARIA */ - {0x1f75, 1, 1635}, /* GREEK SMALL LETTER ETA WITH OXIA */ - {0x1f76, 2, 1636}, /* GREEK SMALL LETTER IOTA WITH VARIA */ - {0x1f77, 1, 1638}, /* GREEK SMALL LETTER IOTA WITH OXIA */ - {0x1f78, 2, 1639}, /* GREEK SMALL LETTER OMICRON WITH VARIA */ - {0x1f79, 1, 1641}, /* GREEK SMALL LETTER OMICRON WITH OXIA */ - {0x1f7a, 2, 1642}, /* GREEK SMALL LETTER UPSILON WITH VARIA */ - {0x1f7b, 1, 1644}, /* GREEK SMALL LETTER UPSILON WITH OXIA */ - {0x1f7c, 2, 1645}, /* GREEK SMALL LETTER OMEGA WITH VARIA */ - {0x1f7d, 1, 1647}, /* GREEK SMALL LETTER OMEGA WITH OXIA */ - {0x1f80, 2, 1648}, /* GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI */ - {0x1f81, 2, 1650}, /* GREEK SMALL LETTER ALPHA WITH DASIA AND YPOGEGRAMMENI */ - {0x1f82, 2, 1652}, /* GREEK SMALL LETTER ALPHA WITH PSILI AND VARIA AND YPOGEGRAMMENI */ - {0x1f83, 2, 1654}, /* GREEK SMALL LETTER ALPHA WITH DASIA AND VARIA AND YPOGEGRAMMENI */ - {0x1f84, 2, 1656}, /* GREEK SMALL LETTER ALPHA WITH PSILI AND OXIA AND YPOGEGRAMMENI */ - {0x1f85, 2, 1658}, /* GREEK SMALL LETTER ALPHA WITH DASIA AND OXIA AND YPOGEGRAMMENI */ - {0x1f86, 2, 1660}, /* GREEK SMALL LETTER ALPHA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI */ - {0x1f87, 2, 1662}, /* GREEK SMALL LETTER ALPHA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI */ - {0x1f88, 2, 1664}, /* GREEK CAPITAL LETTER ALPHA WITH PSILI AND PROSGEGRAMMENI */ - {0x1f89, 2, 1666}, /* GREEK CAPITAL LETTER ALPHA WITH DASIA AND PROSGEGRAMMENI */ - {0x1f8a, 2, 1668}, /* GREEK CAPITAL LETTER ALPHA WITH PSILI AND VARIA AND PROSGEGRAMMENI */ - {0x1f8b, 2, 1670}, /* GREEK CAPITAL LETTER ALPHA WITH DASIA AND VARIA AND PROSGEGRAMMENI */ - {0x1f8c, 2, 1672}, /* GREEK CAPITAL LETTER ALPHA WITH PSILI AND OXIA AND PROSGEGRAMMENI */ - {0x1f8d, 2, 1674}, /* GREEK CAPITAL LETTER ALPHA WITH DASIA AND OXIA AND PROSGEGRAMMENI */ - {0x1f8e, 2, 1676}, /* GREEK CAPITAL LETTER ALPHA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI */ - {0x1f8f, 2, 1678}, /* GREEK CAPITAL LETTER ALPHA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI */ - {0x1f90, 2, 1680}, /* GREEK SMALL LETTER ETA WITH PSILI AND YPOGEGRAMMENI */ - {0x1f91, 2, 1682}, /* GREEK SMALL LETTER ETA WITH DASIA AND YPOGEGRAMMENI */ - {0x1f92, 2, 1684}, /* GREEK SMALL LETTER ETA WITH PSILI AND VARIA AND YPOGEGRAMMENI */ - {0x1f93, 2, 1686}, /* GREEK SMALL LETTER ETA WITH DASIA AND VARIA AND YPOGEGRAMMENI */ - {0x1f94, 2, 1688}, /* GREEK SMALL LETTER ETA WITH PSILI AND OXIA AND YPOGEGRAMMENI */ - {0x1f95, 2, 1690}, /* GREEK SMALL LETTER ETA WITH DASIA AND OXIA AND YPOGEGRAMMENI */ - {0x1f96, 2, 1692}, /* GREEK SMALL LETTER ETA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI */ - {0x1f97, 2, 1694}, /* GREEK SMALL LETTER ETA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI */ - {0x1f98, 2, 1696}, /* GREEK CAPITAL LETTER ETA WITH PSILI AND PROSGEGRAMMENI */ - {0x1f99, 2, 1698}, /* GREEK CAPITAL LETTER ETA WITH DASIA AND PROSGEGRAMMENI */ - {0x1f9a, 2, 1700}, /* GREEK CAPITAL LETTER ETA WITH PSILI AND VARIA AND PROSGEGRAMMENI */ - {0x1f9b, 2, 1702}, /* GREEK CAPITAL LETTER ETA WITH DASIA AND VARIA AND PROSGEGRAMMENI */ - {0x1f9c, 2, 1704}, /* GREEK CAPITAL LETTER ETA WITH PSILI AND OXIA AND PROSGEGRAMMENI */ - {0x1f9d, 2, 1706}, /* GREEK CAPITAL LETTER ETA WITH DASIA AND OXIA AND PROSGEGRAMMENI */ - {0x1f9e, 2, 1708}, /* GREEK CAPITAL LETTER ETA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI */ - {0x1f9f, 2, 1710}, /* GREEK CAPITAL LETTER ETA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI */ - {0x1fa0, 2, 1712}, /* GREEK SMALL LETTER OMEGA WITH PSILI AND YPOGEGRAMMENI */ - {0x1fa1, 2, 1714}, /* GREEK SMALL LETTER OMEGA WITH DASIA AND YPOGEGRAMMENI */ - {0x1fa2, 2, 1716}, /* GREEK SMALL LETTER OMEGA WITH PSILI AND VARIA AND YPOGEGRAMMENI */ - {0x1fa3, 2, 1718}, /* GREEK SMALL LETTER OMEGA WITH DASIA AND VARIA AND YPOGEGRAMMENI */ - {0x1fa4, 2, 1720}, /* GREEK SMALL LETTER OMEGA WITH PSILI AND OXIA AND YPOGEGRAMMENI */ - {0x1fa5, 2, 1722}, /* GREEK SMALL LETTER OMEGA WITH DASIA AND OXIA AND YPOGEGRAMMENI */ - {0x1fa6, 2, 1724}, /* GREEK SMALL LETTER OMEGA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI */ - {0x1fa7, 2, 1726}, /* GREEK SMALL LETTER OMEGA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI */ - {0x1fa8, 2, 1728}, /* GREEK CAPITAL LETTER OMEGA WITH PSILI AND PROSGEGRAMMENI */ - {0x1fa9, 2, 1730}, /* GREEK CAPITAL LETTER OMEGA WITH DASIA AND PROSGEGRAMMENI */ - {0x1faa, 2, 1732}, /* GREEK CAPITAL LETTER OMEGA WITH PSILI AND VARIA AND PROSGEGRAMMENI */ - {0x1fab, 2, 1734}, /* GREEK CAPITAL LETTER OMEGA WITH DASIA AND VARIA AND PROSGEGRAMMENI */ - {0x1fac, 2, 1736}, /* GREEK CAPITAL LETTER OMEGA WITH PSILI AND OXIA AND PROSGEGRAMMENI */ - {0x1fad, 2, 1738}, /* GREEK CAPITAL LETTER OMEGA WITH DASIA AND OXIA AND PROSGEGRAMMENI */ - {0x1fae, 2, 1740}, /* GREEK CAPITAL LETTER OMEGA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI */ - {0x1faf, 2, 1742}, /* GREEK CAPITAL LETTER OMEGA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI */ - {0x1fb0, 2, 1744}, /* GREEK SMALL LETTER ALPHA WITH VRACHY */ - {0x1fb1, 2, 1746}, /* GREEK SMALL LETTER ALPHA WITH MACRON */ - {0x1fb2, 2, 1748}, /* GREEK SMALL LETTER ALPHA WITH VARIA AND YPOGEGRAMMENI */ - {0x1fb3, 2, 1750}, /* GREEK SMALL LETTER ALPHA WITH YPOGEGRAMMENI */ - {0x1fb4, 2, 1752}, /* GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI */ - {0x1fb6, 2, 1754}, /* GREEK SMALL LETTER ALPHA WITH PERISPOMENI */ - {0x1fb7, 2, 1756}, /* GREEK SMALL LETTER ALPHA WITH PERISPOMENI AND YPOGEGRAMMENI */ - {0x1fb8, 2, 1758}, /* GREEK CAPITAL LETTER ALPHA WITH VRACHY */ - {0x1fb9, 2, 1760}, /* GREEK CAPITAL LETTER ALPHA WITH MACRON */ - {0x1fba, 2, 1762}, /* GREEK CAPITAL LETTER ALPHA WITH VARIA */ - {0x1fbb, 1, 1764}, /* GREEK CAPITAL LETTER ALPHA WITH OXIA */ - {0x1fbc, 2, 1765}, /* GREEK CAPITAL LETTER ALPHA WITH PROSGEGRAMMENI */ - {0x1fbd, 2, 1767}, /* GREEK KORONIS */ - {0x1fbe, 1, 616}, /* GREEK PROSGEGRAMMENI */ - {0x1fbf, 2, 1767}, /* GREEK PSILI */ - {0x1fc0, 2, 1769}, /* GREEK PERISPOMENI */ - {0x1fc1, 2, 1771}, /* GREEK DIALYTIKA AND PERISPOMENI */ - {0x1fc2, 2, 1773}, /* GREEK SMALL LETTER ETA WITH VARIA AND YPOGEGRAMMENI */ - {0x1fc3, 2, 1775}, /* GREEK SMALL LETTER ETA WITH YPOGEGRAMMENI */ - {0x1fc4, 2, 1777}, /* GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI */ - {0x1fc6, 2, 1779}, /* GREEK SMALL LETTER ETA WITH PERISPOMENI */ - {0x1fc7, 2, 1781}, /* GREEK SMALL LETTER ETA WITH PERISPOMENI AND YPOGEGRAMMENI */ - {0x1fc8, 2, 1783}, /* GREEK CAPITAL LETTER EPSILON WITH VARIA */ - {0x1fc9, 1, 1785}, /* GREEK CAPITAL LETTER EPSILON WITH OXIA */ - {0x1fca, 2, 1786}, /* GREEK CAPITAL LETTER ETA WITH VARIA */ - {0x1fcb, 1, 1788}, /* GREEK CAPITAL LETTER ETA WITH OXIA */ - {0x1fcc, 2, 1789}, /* GREEK CAPITAL LETTER ETA WITH PROSGEGRAMMENI */ - {0x1fcd, 2, 1791}, /* GREEK PSILI AND VARIA */ - {0x1fce, 2, 1793}, /* GREEK PSILI AND OXIA */ - {0x1fcf, 2, 1795}, /* GREEK PSILI AND PERISPOMENI */ - {0x1fd0, 2, 1797}, /* GREEK SMALL LETTER IOTA WITH VRACHY */ - {0x1fd1, 2, 1799}, /* GREEK SMALL LETTER IOTA WITH MACRON */ - {0x1fd2, 2, 1801}, /* GREEK SMALL LETTER IOTA WITH DIALYTIKA AND VARIA */ - {0x1fd3, 1, 1803}, /* GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA */ - {0x1fd6, 2, 1804}, /* GREEK SMALL LETTER IOTA WITH PERISPOMENI */ - {0x1fd7, 2, 1806}, /* GREEK SMALL LETTER IOTA WITH DIALYTIKA AND PERISPOMENI */ - {0x1fd8, 2, 1808}, /* GREEK CAPITAL LETTER IOTA WITH VRACHY */ - {0x1fd9, 2, 1810}, /* GREEK CAPITAL LETTER IOTA WITH MACRON */ - {0x1fda, 2, 1812}, /* GREEK CAPITAL LETTER IOTA WITH VARIA */ - {0x1fdb, 1, 1814}, /* GREEK CAPITAL LETTER IOTA WITH OXIA */ - {0x1fdd, 2, 1815}, /* GREEK DASIA AND VARIA */ - {0x1fde, 2, 1817}, /* GREEK DASIA AND OXIA */ - {0x1fdf, 2, 1819}, /* GREEK DASIA AND PERISPOMENI */ - {0x1fe0, 2, 1821}, /* GREEK SMALL LETTER UPSILON WITH VRACHY */ - {0x1fe1, 2, 1823}, /* GREEK SMALL LETTER UPSILON WITH MACRON */ - {0x1fe2, 2, 1825}, /* GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND VARIA */ - {0x1fe3, 1, 1827}, /* GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND OXIA */ - {0x1fe4, 2, 1828}, /* GREEK SMALL LETTER RHO WITH PSILI */ - {0x1fe5, 2, 1830}, /* GREEK SMALL LETTER RHO WITH DASIA */ - {0x1fe6, 2, 1832}, /* GREEK SMALL LETTER UPSILON WITH PERISPOMENI */ - {0x1fe7, 2, 1834}, /* GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND PERISPOMENI */ - {0x1fe8, 2, 1836}, /* GREEK CAPITAL LETTER UPSILON WITH VRACHY */ - {0x1fe9, 2, 1838}, /* GREEK CAPITAL LETTER UPSILON WITH MACRON */ - {0x1fea, 2, 1840}, /* GREEK CAPITAL LETTER UPSILON WITH VARIA */ - {0x1feb, 1, 1842}, /* GREEK CAPITAL LETTER UPSILON WITH OXIA */ - {0x1fec, 2, 1843}, /* GREEK CAPITAL LETTER RHO WITH DASIA */ - {0x1fed, 2, 1845}, /* GREEK DIALYTIKA AND VARIA */ - {0x1fee, 1, 1847}, /* GREEK DIALYTIKA AND OXIA */ - {0x1fef, 1, 1848}, /* GREEK VARIA */ - {0x1ff2, 2, 1849}, /* GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI */ - {0x1ff3, 2, 1851}, /* GREEK SMALL LETTER OMEGA WITH YPOGEGRAMMENI */ - {0x1ff4, 2, 1853}, /* GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI */ - {0x1ff6, 2, 1855}, /* GREEK SMALL LETTER OMEGA WITH PERISPOMENI */ - {0x1ff7, 2, 1857}, /* GREEK SMALL LETTER OMEGA WITH PERISPOMENI AND YPOGEGRAMMENI */ - {0x1ff8, 2, 1859}, /* GREEK CAPITAL LETTER OMICRON WITH VARIA */ - {0x1ff9, 1, 1861}, /* GREEK CAPITAL LETTER OMICRON WITH OXIA */ - {0x1ffa, 2, 1862}, /* GREEK CAPITAL LETTER OMEGA WITH VARIA */ - {0x1ffb, 1, 1864}, /* GREEK CAPITAL LETTER OMEGA WITH OXIA */ - {0x1ffc, 2, 1865}, /* GREEK CAPITAL LETTER OMEGA WITH PROSGEGRAMMENI */ - {0x1ffd, 1, 1867}, /* GREEK OXIA */ - {0x1ffe, 2, 1868}, /* GREEK DASIA */ - {0x2000, 1, 1870}, /* EN QUAD */ - {0x2001, 1, 1871}, /* EM QUAD */ - {0x2002, 1, 1872}, /* EN SPACE */ - {0x2003, 1, 1873}, /* EM SPACE */ - {0x2004, 1, 1874}, /* THREE-PER-EM SPACE */ - {0x2005, 1, 1875}, /* FOUR-PER-EM SPACE */ - {0x2006, 1, 1876}, /* SIX-PER-EM SPACE */ - {0x2007, 1, 1877}, /* FIGURE SPACE */ - {0x2008, 1, 1878}, /* PUNCTUATION SPACE */ - {0x2009, 1, 1879}, /* THIN SPACE */ - {0x200a, 1, 1880}, /* HAIR SPACE */ - {0x2011, 1, 1881}, /* NON-BREAKING HYPHEN */ - {0x2017, 2, 1882}, /* DOUBLE LOW LINE */ - {0x2024, 1, 1884}, /* ONE DOT LEADER */ - {0x2025, 2, 1885}, /* TWO DOT LEADER */ - {0x2026, 3, 1884}, /* HORIZONTAL ELLIPSIS */ - {0x202f, 1, 1887}, /* NARROW NO-BREAK SPACE */ - {0x2033, 2, 1888}, /* DOUBLE PRIME */ - {0x2034, 3, 1890}, /* TRIPLE PRIME */ - {0x2036, 2, 1893}, /* REVERSED DOUBLE PRIME */ - {0x2037, 3, 1895}, /* REVERSED TRIPLE PRIME */ - {0x203c, 2, 1898}, /* DOUBLE EXCLAMATION MARK */ - {0x203e, 2, 1900}, /* OVERLINE */ - {0x2047, 2, 1902}, /* DOUBLE QUESTION MARK */ - {0x2048, 2, 1904}, /* QUESTION EXCLAMATION MARK */ - {0x2049, 2, 1906}, /* EXCLAMATION QUESTION MARK */ - {0x2057, 4, 1888}, /* QUADRUPLE PRIME */ - {0x205f, 1, 1908}, /* MEDIUM MATHEMATICAL SPACE */ - {0x2070, 1, 1909}, /* SUPERSCRIPT ZERO */ - {0x2071, 1, 98}, /* SUPERSCRIPT LATIN SMALL LETTER I */ - {0x2074, 1, 17}, /* SUPERSCRIPT FOUR */ - {0x2075, 1, 1910}, /* SUPERSCRIPT FIVE */ - {0x2076, 1, 1911}, /* SUPERSCRIPT SIX */ - {0x2077, 1, 1912}, /* SUPERSCRIPT SEVEN */ - {0x2078, 1, 1913}, /* SUPERSCRIPT EIGHT */ - {0x2079, 1, 1914}, /* SUPERSCRIPT NINE */ - {0x207a, 1, 1915}, /* SUPERSCRIPT PLUS SIGN */ - {0x207b, 1, 1916}, /* SUPERSCRIPT MINUS */ - {0x207c, 1, 1917}, /* SUPERSCRIPT EQUALS SIGN */ - {0x207d, 1, 1918}, /* SUPERSCRIPT LEFT PARENTHESIS */ - {0x207e, 1, 1919}, /* SUPERSCRIPT RIGHT PARENTHESIS */ - {0x207f, 1, 106}, /* SUPERSCRIPT LATIN SMALL LETTER N */ - {0x2080, 1, 1909}, /* SUBSCRIPT ZERO */ - {0x2081, 1, 13}, /* SUBSCRIPT ONE */ - {0x2082, 1, 6}, /* SUBSCRIPT TWO */ - {0x2083, 1, 7}, /* SUBSCRIPT THREE */ - {0x2084, 1, 17}, /* SUBSCRIPT FOUR */ - {0x2085, 1, 1910}, /* SUBSCRIPT FIVE */ - {0x2086, 1, 1911}, /* SUBSCRIPT SIX */ - {0x2087, 1, 1912}, /* SUBSCRIPT SEVEN */ - {0x2088, 1, 1913}, /* SUBSCRIPT EIGHT */ - {0x2089, 1, 1914}, /* SUBSCRIPT NINE */ - {0x208a, 1, 1915}, /* SUBSCRIPT PLUS SIGN */ - {0x208b, 1, 1916}, /* SUBSCRIPT MINUS */ - {0x208c, 1, 1917}, /* SUBSCRIPT EQUALS SIGN */ - {0x208d, 1, 1918}, /* SUBSCRIPT LEFT PARENTHESIS */ - {0x208e, 1, 1919}, /* SUBSCRIPT RIGHT PARENTHESIS */ - {0x20a8, 2, 1920}, /* RUPEE SIGN */ - {0x2100, 3, 1922}, /* ACCOUNT OF */ - {0x2101, 3, 1925}, /* ADDRESSED TO THE SUBJECT */ - {0x2102, 1, 36}, /* DOUBLE-STRUCK CAPITAL C */ - {0x2103, 2, 1928}, /* DEGREE CELSIUS */ - {0x2105, 3, 1930}, /* CARE OF */ - {0x2106, 3, 1933}, /* CADA UNA */ - {0x2107, 1, 1936}, /* EULER CONSTANT */ - {0x2109, 2, 1937}, /* DEGREE FAHRENHEIT */ - {0x210a, 1, 184}, /* SCRIPT SMALL G */ - {0x210b, 1, 198}, /* SCRIPT CAPITAL H */ - {0x210c, 1, 198}, /* BLACK-LETTER CAPITAL H */ - {0x210d, 1, 198}, /* DOUBLE-STRUCK CAPITAL H */ - {0x210e, 1, 200}, /* PLANCK CONSTANT */ - {0x210f, 1, 1939}, /* PLANCK CONSTANT OVER TWO PI */ - {0x2110, 1, 46}, /* SCRIPT CAPITAL I */ - {0x2111, 1, 46}, /* BLACK-LETTER CAPITAL I */ - {0x2112, 1, 232}, /* SCRIPT CAPITAL L */ - {0x2113, 1, 234}, /* SCRIPT SMALL L */ - {0x2115, 1, 54}, /* DOUBLE-STRUCK CAPITAL N */ - {0x2116, 2, 1940}, /* NUMERO SIGN */ - {0x2119, 1, 914}, /* DOUBLE-STRUCK CAPITAL P */ - {0x211a, 1, 1942}, /* DOUBLE-STRUCK CAPITAL Q */ - {0x211b, 1, 274}, /* SCRIPT CAPITAL R */ - {0x211c, 1, 274}, /* BLACK-LETTER CAPITAL R */ - {0x211d, 1, 274}, /* DOUBLE-STRUCK CAPITAL R */ - {0x2120, 2, 1943}, /* SERVICE MARK */ - {0x2121, 3, 1945}, /* TELEPHONE SIGN */ - {0x2122, 2, 1948}, /* TRADE MARK SIGN */ - {0x2124, 1, 344}, /* DOUBLE-STRUCK CAPITAL Z */ - {0x2126, 1, 602}, /* OHM SIGN */ - {0x2128, 1, 344}, /* BLACK-LETTER CAPITAL Z */ - {0x212a, 1, 228}, /* KELVIN SIGN */ - {0x212b, 1, 462}, /* ANGSTROM SIGN */ - {0x212c, 1, 910}, /* SCRIPT CAPITAL B */ - {0x212d, 1, 36}, /* BLACK-LETTER CAPITAL C */ - {0x212f, 1, 90}, /* SCRIPT SMALL E */ - {0x2130, 1, 38}, /* SCRIPT CAPITAL E */ - {0x2131, 1, 995}, /* SCRIPT CAPITAL F */ - {0x2133, 1, 912}, /* SCRIPT CAPITAL M */ - {0x2134, 1, 14}, /* SCRIPT SMALL O */ - {0x2135, 1, 1950}, /* ALEF SYMBOL */ - {0x2136, 1, 1951}, /* BET SYMBOL */ - {0x2137, 1, 1952}, /* GIMEL SYMBOL */ - {0x2138, 1, 1953}, /* DALET SYMBOL */ - {0x2139, 1, 98}, /* INFORMATION SOURCE */ - {0x213b, 3, 1954}, /* FACSIMILE SIGN */ - {0x213d, 1, 932}, /* DOUBLE-STRUCK SMALL GAMMA */ - {0x213e, 1, 1957}, /* DOUBLE-STRUCK CAPITAL GAMMA */ - {0x213f, 1, 1958}, /* DOUBLE-STRUCK CAPITAL PI */ - {0x2140, 1, 1959}, /* DOUBLE-STRUCK N-ARY SUMMATION */ - {0x2145, 1, 158}, /* DOUBLE-STRUCK ITALIC CAPITAL D */ - {0x2146, 1, 160}, /* DOUBLE-STRUCK ITALIC SMALL D */ - {0x2147, 1, 90}, /* DOUBLE-STRUCK ITALIC SMALL E */ - {0x2148, 1, 98}, /* DOUBLE-STRUCK ITALIC SMALL I */ - {0x2149, 1, 223}, /* DOUBLE-STRUCK ITALIC SMALL J */ - {0x2153, 3, 1960}, /* VULGAR FRACTION ONE THIRD */ - {0x2154, 3, 1963}, /* VULGAR FRACTION TWO THIRDS */ - {0x2155, 3, 1966}, /* VULGAR FRACTION ONE FIFTH */ - {0x2156, 3, 1969}, /* VULGAR FRACTION TWO FIFTHS */ - {0x2157, 3, 1972}, /* VULGAR FRACTION THREE FIFTHS */ - {0x2158, 3, 1975}, /* VULGAR FRACTION FOUR FIFTHS */ - {0x2159, 3, 1978}, /* VULGAR FRACTION ONE SIXTH */ - {0x215a, 3, 1981}, /* VULGAR FRACTION FIVE SIXTHS */ - {0x215b, 3, 1984}, /* VULGAR FRACTION ONE EIGHTH */ - {0x215c, 3, 1987}, /* VULGAR FRACTION THREE EIGHTHS */ - {0x215d, 3, 1990}, /* VULGAR FRACTION FIVE EIGHTHS */ - {0x215e, 3, 1993}, /* VULGAR FRACTION SEVEN EIGHTHS */ - {0x215f, 2, 15}, /* FRACTION NUMERATOR ONE */ - {0x2160, 1, 46}, /* ROMAN NUMERAL ONE */ - {0x2161, 2, 1996}, /* ROMAN NUMERAL TWO */ - {0x2162, 3, 1998}, /* ROMAN NUMERAL THREE */ - {0x2163, 2, 2001}, /* ROMAN NUMERAL FOUR */ - {0x2164, 1, 1183}, /* ROMAN NUMERAL FIVE */ - {0x2165, 2, 2003}, /* ROMAN NUMERAL SIX */ - {0x2166, 3, 2005}, /* ROMAN NUMERAL SEVEN */ - {0x2167, 4, 2008}, /* ROMAN NUMERAL EIGHT */ - {0x2168, 2, 2012}, /* ROMAN NUMERAL NINE */ - {0x2169, 1, 1211}, /* ROMAN NUMERAL TEN */ - {0x216a, 2, 2014}, /* ROMAN NUMERAL ELEVEN */ - {0x216b, 3, 2016}, /* ROMAN NUMERAL TWELVE */ - {0x216c, 1, 232}, /* ROMAN NUMERAL FIFTY */ - {0x216d, 1, 36}, /* ROMAN NUMERAL ONE HUNDRED */ - {0x216e, 1, 158}, /* ROMAN NUMERAL FIVE HUNDRED */ - {0x216f, 1, 912}, /* ROMAN NUMERAL ONE THOUSAND */ - {0x2170, 1, 98}, /* SMALL ROMAN NUMERAL ONE */ - {0x2171, 2, 2019}, /* SMALL ROMAN NUMERAL TWO */ - {0x2172, 3, 2021}, /* SMALL ROMAN NUMERAL THREE */ - {0x2173, 2, 2024}, /* SMALL ROMAN NUMERAL FOUR */ - {0x2174, 1, 930}, /* SMALL ROMAN NUMERAL FIVE */ - {0x2175, 2, 2026}, /* SMALL ROMAN NUMERAL SIX */ - {0x2176, 3, 2028}, /* SMALL ROMAN NUMERAL SEVEN */ - {0x2177, 4, 2031}, /* SMALL ROMAN NUMERAL EIGHT */ - {0x2178, 2, 2035}, /* SMALL ROMAN NUMERAL NINE */ - {0x2179, 1, 579}, /* SMALL ROMAN NUMERAL TEN */ - {0x217a, 2, 2037}, /* SMALL ROMAN NUMERAL ELEVEN */ - {0x217b, 3, 2039}, /* SMALL ROMAN NUMERAL TWELVE */ - {0x217c, 1, 234}, /* SMALL ROMAN NUMERAL FIFTY */ - {0x217d, 1, 88}, /* SMALL ROMAN NUMERAL ONE HUNDRED */ - {0x217e, 1, 160}, /* SMALL ROMAN NUMERAL FIVE HUNDRED */ - {0x217f, 1, 922}, /* SMALL ROMAN NUMERAL ONE THOUSAND */ - {0x219a, 2, 2042}, /* LEFTWARDS ARROW WITH STROKE */ - {0x219b, 2, 2044}, /* RIGHTWARDS ARROW WITH STROKE */ - {0x21ae, 2, 2046}, /* LEFT RIGHT ARROW WITH STROKE */ - {0x21cd, 2, 2048}, /* LEFTWARDS DOUBLE ARROW WITH STROKE */ - {0x21ce, 2, 2050}, /* LEFT RIGHT DOUBLE ARROW WITH STROKE */ - {0x21cf, 2, 2052}, /* RIGHTWARDS DOUBLE ARROW WITH STROKE */ - {0x2204, 2, 2054}, /* THERE DOES NOT EXIST */ - {0x2209, 2, 2056}, /* NOT AN ELEMENT OF */ - {0x220c, 2, 2058}, /* DOES NOT CONTAIN AS MEMBER */ - {0x2224, 2, 2060}, /* DOES NOT DIVIDE */ - {0x2226, 2, 2062}, /* NOT PARALLEL TO */ - {0x222c, 2, 2064}, /* DOUBLE INTEGRAL */ - {0x222d, 3, 2066}, /* TRIPLE INTEGRAL */ - {0x222f, 2, 2069}, /* SURFACE INTEGRAL */ - {0x2230, 3, 2071}, /* VOLUME INTEGRAL */ - {0x2241, 2, 2074}, /* NOT TILDE */ - {0x2244, 2, 2076}, /* NOT ASYMPTOTICALLY EQUAL TO */ - {0x2247, 2, 2078}, /* NEITHER APPROXIMATELY NOR ACTUALLY EQUAL TO */ - {0x2249, 2, 2080}, /* NOT ALMOST EQUAL TO */ - {0x2260, 2, 2082}, /* NOT EQUAL TO */ - {0x2262, 2, 2084}, /* NOT IDENTICAL TO */ - {0x226d, 2, 2086}, /* NOT EQUIVALENT TO */ - {0x226e, 2, 2088}, /* NOT LESS-THAN */ - {0x226f, 2, 2090}, /* NOT GREATER-THAN */ - {0x2270, 2, 2092}, /* NEITHER LESS-THAN NOR EQUAL TO */ - {0x2271, 2, 2094}, /* NEITHER GREATER-THAN NOR EQUAL TO */ - {0x2274, 2, 2096}, /* NEITHER LESS-THAN NOR EQUIVALENT TO */ - {0x2275, 2, 2098}, /* NEITHER GREATER-THAN NOR EQUIVALENT TO */ - {0x2278, 2, 2100}, /* NEITHER LESS-THAN NOR GREATER-THAN */ - {0x2279, 2, 2102}, /* NEITHER GREATER-THAN NOR LESS-THAN */ - {0x2280, 2, 2104}, /* DOES NOT PRECEDE */ - {0x2281, 2, 2106}, /* DOES NOT SUCCEED */ - {0x2284, 2, 2108}, /* NOT A SUBSET OF */ - {0x2285, 2, 2110}, /* NOT A SUPERSET OF */ - {0x2288, 2, 2112}, /* NEITHER A SUBSET OF NOR EQUAL TO */ - {0x2289, 2, 2114}, /* NEITHER A SUPERSET OF NOR EQUAL TO */ - {0x22ac, 2, 2116}, /* DOES NOT PROVE */ - {0x22ad, 2, 2118}, /* NOT TRUE */ - {0x22ae, 2, 2120}, /* DOES NOT FORCE */ - {0x22af, 2, 2122}, /* NEGATED DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE */ - {0x22e0, 2, 2124}, /* DOES NOT PRECEDE OR EQUAL */ - {0x22e1, 2, 2126}, /* DOES NOT SUCCEED OR EQUAL */ - {0x22e2, 2, 2128}, /* NOT SQUARE IMAGE OF OR EQUAL TO */ - {0x22e3, 2, 2130}, /* NOT SQUARE ORIGINAL OF OR EQUAL TO */ - {0x22ea, 2, 2132}, /* NOT NORMAL SUBGROUP OF */ - {0x22eb, 2, 2134}, /* DOES NOT CONTAIN AS NORMAL SUBGROUP */ - {0x22ec, 2, 2136}, /* NOT NORMAL SUBGROUP OF OR EQUAL TO */ - {0x22ed, 2, 2138}, /* DOES NOT CONTAIN AS NORMAL SUBGROUP OR EQUAL */ - {0x2329, 1, 2140}, /* LEFT-POINTING ANGLE BRACKET */ - {0x232a, 1, 2141}, /* RIGHT-POINTING ANGLE BRACKET */ - {0x2460, 1, 13}, /* CIRCLED DIGIT ONE */ - {0x2461, 1, 6}, /* CIRCLED DIGIT TWO */ - {0x2462, 1, 7}, /* CIRCLED DIGIT THREE */ - {0x2463, 1, 17}, /* CIRCLED DIGIT FOUR */ - {0x2464, 1, 1910}, /* CIRCLED DIGIT FIVE */ - {0x2465, 1, 1911}, /* CIRCLED DIGIT SIX */ - {0x2466, 1, 1912}, /* CIRCLED DIGIT SEVEN */ - {0x2467, 1, 1913}, /* CIRCLED DIGIT EIGHT */ - {0x2468, 1, 1914}, /* CIRCLED DIGIT NINE */ - {0x2469, 2, 2142}, /* CIRCLED NUMBER TEN */ - {0x246a, 2, 2144}, /* CIRCLED NUMBER ELEVEN */ - {0x246b, 2, 2146}, /* CIRCLED NUMBER TWELVE */ - {0x246c, 2, 2148}, /* CIRCLED NUMBER THIRTEEN */ - {0x246d, 2, 2150}, /* CIRCLED NUMBER FOURTEEN */ - {0x246e, 2, 2152}, /* CIRCLED NUMBER FIFTEEN */ - {0x246f, 2, 2154}, /* CIRCLED NUMBER SIXTEEN */ - {0x2470, 2, 2156}, /* CIRCLED NUMBER SEVENTEEN */ - {0x2471, 2, 2158}, /* CIRCLED NUMBER EIGHTEEN */ - {0x2472, 2, 2160}, /* CIRCLED NUMBER NINETEEN */ - {0x2473, 2, 2162}, /* CIRCLED NUMBER TWENTY */ - {0x2474, 3, 2164}, /* PARENTHESIZED DIGIT ONE */ - {0x2475, 3, 2167}, /* PARENTHESIZED DIGIT TWO */ - {0x2476, 3, 2170}, /* PARENTHESIZED DIGIT THREE */ - {0x2477, 3, 2173}, /* PARENTHESIZED DIGIT FOUR */ - {0x2478, 3, 2176}, /* PARENTHESIZED DIGIT FIVE */ - {0x2479, 3, 2179}, /* PARENTHESIZED DIGIT SIX */ - {0x247a, 3, 2182}, /* PARENTHESIZED DIGIT SEVEN */ - {0x247b, 3, 2185}, /* PARENTHESIZED DIGIT EIGHT */ - {0x247c, 3, 2188}, /* PARENTHESIZED DIGIT NINE */ - {0x247d, 4, 2191}, /* PARENTHESIZED NUMBER TEN */ - {0x247e, 4, 2195}, /* PARENTHESIZED NUMBER ELEVEN */ - {0x247f, 4, 2199}, /* PARENTHESIZED NUMBER TWELVE */ - {0x2480, 4, 2203}, /* PARENTHESIZED NUMBER THIRTEEN */ - {0x2481, 4, 2207}, /* PARENTHESIZED NUMBER FOURTEEN */ - {0x2482, 4, 2211}, /* PARENTHESIZED NUMBER FIFTEEN */ - {0x2483, 4, 2215}, /* PARENTHESIZED NUMBER SIXTEEN */ - {0x2484, 4, 2219}, /* PARENTHESIZED NUMBER SEVENTEEN */ - {0x2485, 4, 2223}, /* PARENTHESIZED NUMBER EIGHTEEN */ - {0x2486, 4, 2227}, /* PARENTHESIZED NUMBER NINETEEN */ - {0x2487, 4, 2231}, /* PARENTHESIZED NUMBER TWENTY */ - {0x2488, 2, 2235}, /* DIGIT ONE FULL STOP */ - {0x2489, 2, 2237}, /* DIGIT TWO FULL STOP */ - {0x248a, 2, 2239}, /* DIGIT THREE FULL STOP */ - {0x248b, 2, 2241}, /* DIGIT FOUR FULL STOP */ - {0x248c, 2, 2243}, /* DIGIT FIVE FULL STOP */ - {0x248d, 2, 2245}, /* DIGIT SIX FULL STOP */ - {0x248e, 2, 2247}, /* DIGIT SEVEN FULL STOP */ - {0x248f, 2, 2249}, /* DIGIT EIGHT FULL STOP */ - {0x2490, 2, 2251}, /* DIGIT NINE FULL STOP */ - {0x2491, 3, 2253}, /* NUMBER TEN FULL STOP */ - {0x2492, 3, 2256}, /* NUMBER ELEVEN FULL STOP */ - {0x2493, 3, 2259}, /* NUMBER TWELVE FULL STOP */ - {0x2494, 3, 2262}, /* NUMBER THIRTEEN FULL STOP */ - {0x2495, 3, 2265}, /* NUMBER FOURTEEN FULL STOP */ - {0x2496, 3, 2268}, /* NUMBER FIFTEEN FULL STOP */ - {0x2497, 3, 2271}, /* NUMBER SIXTEEN FULL STOP */ - {0x2498, 3, 2274}, /* NUMBER SEVENTEEN FULL STOP */ - {0x2499, 3, 2277}, /* NUMBER EIGHTEEN FULL STOP */ - {0x249a, 3, 2280}, /* NUMBER NINETEEN FULL STOP */ - {0x249b, 3, 2283}, /* NUMBER TWENTY FULL STOP */ - {0x249c, 3, 2286}, /* PARENTHESIZED LATIN SMALL LETTER A */ - {0x249d, 3, 2289}, /* PARENTHESIZED LATIN SMALL LETTER B */ - {0x249e, 3, 2292}, /* PARENTHESIZED LATIN SMALL LETTER C */ - {0x249f, 3, 2295}, /* PARENTHESIZED LATIN SMALL LETTER D */ - {0x24a0, 3, 2298}, /* PARENTHESIZED LATIN SMALL LETTER E */ - {0x24a1, 3, 2301}, /* PARENTHESIZED LATIN SMALL LETTER F */ - {0x24a2, 3, 2304}, /* PARENTHESIZED LATIN SMALL LETTER G */ - {0x24a3, 3, 2307}, /* PARENTHESIZED LATIN SMALL LETTER H */ - {0x24a4, 3, 2310}, /* PARENTHESIZED LATIN SMALL LETTER I */ - {0x24a5, 3, 2313}, /* PARENTHESIZED LATIN SMALL LETTER J */ - {0x24a6, 3, 2316}, /* PARENTHESIZED LATIN SMALL LETTER K */ - {0x24a7, 3, 2319}, /* PARENTHESIZED LATIN SMALL LETTER L */ - {0x24a8, 3, 2322}, /* PARENTHESIZED LATIN SMALL LETTER M */ - {0x24a9, 3, 2325}, /* PARENTHESIZED LATIN SMALL LETTER N */ - {0x24aa, 3, 2328}, /* PARENTHESIZED LATIN SMALL LETTER O */ - {0x24ab, 3, 2331}, /* PARENTHESIZED LATIN SMALL LETTER P */ - {0x24ac, 3, 2334}, /* PARENTHESIZED LATIN SMALL LETTER Q */ - {0x24ad, 3, 2337}, /* PARENTHESIZED LATIN SMALL LETTER R */ - {0x24ae, 3, 2340}, /* PARENTHESIZED LATIN SMALL LETTER S */ - {0x24af, 3, 2343}, /* PARENTHESIZED LATIN SMALL LETTER T */ - {0x24b0, 3, 2346}, /* PARENTHESIZED LATIN SMALL LETTER U */ - {0x24b1, 3, 2349}, /* PARENTHESIZED LATIN SMALL LETTER V */ - {0x24b2, 3, 2352}, /* PARENTHESIZED LATIN SMALL LETTER W */ - {0x24b3, 3, 2355}, /* PARENTHESIZED LATIN SMALL LETTER X */ - {0x24b4, 3, 2358}, /* PARENTHESIZED LATIN SMALL LETTER Y */ - {0x24b5, 3, 2361}, /* PARENTHESIZED LATIN SMALL LETTER Z */ - {0x24b6, 1, 24}, /* CIRCLED LATIN CAPITAL LETTER A */ - {0x24b7, 1, 910}, /* CIRCLED LATIN CAPITAL LETTER B */ - {0x24b8, 1, 36}, /* CIRCLED LATIN CAPITAL LETTER C */ - {0x24b9, 1, 158}, /* CIRCLED LATIN CAPITAL LETTER D */ - {0x24ba, 1, 38}, /* CIRCLED LATIN CAPITAL LETTER E */ - {0x24bb, 1, 995}, /* CIRCLED LATIN CAPITAL LETTER F */ - {0x24bc, 1, 182}, /* CIRCLED LATIN CAPITAL LETTER G */ - {0x24bd, 1, 198}, /* CIRCLED LATIN CAPITAL LETTER H */ - {0x24be, 1, 46}, /* CIRCLED LATIN CAPITAL LETTER I */ - {0x24bf, 1, 221}, /* CIRCLED LATIN CAPITAL LETTER J */ - {0x24c0, 1, 228}, /* CIRCLED LATIN CAPITAL LETTER K */ - {0x24c1, 1, 232}, /* CIRCLED LATIN CAPITAL LETTER L */ - {0x24c2, 1, 912}, /* CIRCLED LATIN CAPITAL LETTER M */ - {0x24c3, 1, 54}, /* CIRCLED LATIN CAPITAL LETTER N */ - {0x24c4, 1, 56}, /* CIRCLED LATIN CAPITAL LETTER O */ - {0x24c5, 1, 914}, /* CIRCLED LATIN CAPITAL LETTER P */ - {0x24c6, 1, 1942}, /* CIRCLED LATIN CAPITAL LETTER Q */ - {0x24c7, 1, 274}, /* CIRCLED LATIN CAPITAL LETTER R */ - {0x24c8, 1, 286}, /* CIRCLED LATIN CAPITAL LETTER S */ - {0x24c9, 1, 302}, /* CIRCLED LATIN CAPITAL LETTER T */ - {0x24ca, 1, 66}, /* CIRCLED LATIN CAPITAL LETTER U */ - {0x24cb, 1, 1183}, /* CIRCLED LATIN CAPITAL LETTER V */ - {0x24cc, 1, 334}, /* CIRCLED LATIN CAPITAL LETTER W */ - {0x24cd, 1, 1211}, /* CIRCLED LATIN CAPITAL LETTER X */ - {0x24ce, 1, 74}, /* CIRCLED LATIN CAPITAL LETTER Y */ - {0x24cf, 1, 344}, /* CIRCLED LATIN CAPITAL LETTER Z */ - {0x24d0, 1, 3}, /* CIRCLED LATIN SMALL LETTER A */ - {0x24d1, 1, 918}, /* CIRCLED LATIN SMALL LETTER B */ - {0x24d2, 1, 88}, /* CIRCLED LATIN SMALL LETTER C */ - {0x24d3, 1, 160}, /* CIRCLED LATIN SMALL LETTER D */ - {0x24d4, 1, 90}, /* CIRCLED LATIN SMALL LETTER E */ - {0x24d5, 1, 997}, /* CIRCLED LATIN SMALL LETTER F */ - {0x24d6, 1, 184}, /* CIRCLED LATIN SMALL LETTER G */ - {0x24d7, 1, 200}, /* CIRCLED LATIN SMALL LETTER H */ - {0x24d8, 1, 98}, /* CIRCLED LATIN SMALL LETTER I */ - {0x24d9, 1, 223}, /* CIRCLED LATIN SMALL LETTER J */ - {0x24da, 1, 230}, /* CIRCLED LATIN SMALL LETTER K */ - {0x24db, 1, 234}, /* CIRCLED LATIN SMALL LETTER L */ - {0x24dc, 1, 922}, /* CIRCLED LATIN SMALL LETTER M */ - {0x24dd, 1, 106}, /* CIRCLED LATIN SMALL LETTER N */ - {0x24de, 1, 14}, /* CIRCLED LATIN SMALL LETTER O */ - {0x24df, 1, 927}, /* CIRCLED LATIN SMALL LETTER P */ - {0x24e0, 1, 2335}, /* CIRCLED LATIN SMALL LETTER Q */ - {0x24e1, 1, 276}, /* CIRCLED LATIN SMALL LETTER R */ - {0x24e2, 1, 288}, /* CIRCLED LATIN SMALL LETTER S */ - {0x24e3, 1, 304}, /* CIRCLED LATIN SMALL LETTER T */ - {0x24e4, 1, 118}, /* CIRCLED LATIN SMALL LETTER U */ - {0x24e5, 1, 930}, /* CIRCLED LATIN SMALL LETTER V */ - {0x24e6, 1, 336}, /* CIRCLED LATIN SMALL LETTER W */ - {0x24e7, 1, 579}, /* CIRCLED LATIN SMALL LETTER X */ - {0x24e8, 1, 126}, /* CIRCLED LATIN SMALL LETTER Y */ - {0x24e9, 1, 346}, /* CIRCLED LATIN SMALL LETTER Z */ - {0x24ea, 1, 1909}, /* CIRCLED DIGIT ZERO */ - {0x2a0c, 4, 2064}, /* QUADRUPLE INTEGRAL OPERATOR */ - {0x2a74, 3, 2364}, /* DOUBLE COLON EQUAL */ - {0x2a75, 2, 2367}, /* TWO CONSECUTIVE EQUALS SIGNS */ - {0x2a76, 3, 2366}, /* THREE CONSECUTIVE EQUALS SIGNS */ - {0x2adc, 2, 2369}, /* FORKING */ - {0x2e9f, 1, 2371}, /* CJK RADICAL MOTHER */ - {0x2ef3, 1, 2372}, /* CJK RADICAL C-SIMPLIFIED TURTLE */ - {0x2f00, 1, 2373}, /* KANGXI RADICAL ONE */ - {0x2f01, 1, 2374}, /* KANGXI RADICAL LINE */ - {0x2f02, 1, 2375}, /* KANGXI RADICAL DOT */ - {0x2f03, 1, 2376}, /* KANGXI RADICAL SLASH */ - {0x2f04, 1, 2377}, /* KANGXI RADICAL SECOND */ - {0x2f05, 1, 2378}, /* KANGXI RADICAL HOOK */ - {0x2f06, 1, 2379}, /* KANGXI RADICAL TWO */ - {0x2f07, 1, 2380}, /* KANGXI RADICAL LID */ - {0x2f08, 1, 2381}, /* KANGXI RADICAL MAN */ - {0x2f09, 1, 2382}, /* KANGXI RADICAL LEGS */ - {0x2f0a, 1, 2383}, /* KANGXI RADICAL ENTER */ - {0x2f0b, 1, 2384}, /* KANGXI RADICAL EIGHT */ - {0x2f0c, 1, 2385}, /* KANGXI RADICAL DOWN BOX */ - {0x2f0d, 1, 2386}, /* KANGXI RADICAL COVER */ - {0x2f0e, 1, 2387}, /* KANGXI RADICAL ICE */ - {0x2f0f, 1, 2388}, /* KANGXI RADICAL TABLE */ - {0x2f10, 1, 2389}, /* KANGXI RADICAL OPEN BOX */ - {0x2f11, 1, 2390}, /* KANGXI RADICAL KNIFE */ - {0x2f12, 1, 2391}, /* KANGXI RADICAL POWER */ - {0x2f13, 1, 2392}, /* KANGXI RADICAL WRAP */ - {0x2f14, 1, 2393}, /* KANGXI RADICAL SPOON */ - {0x2f15, 1, 2394}, /* KANGXI RADICAL RIGHT OPEN BOX */ - {0x2f16, 1, 2395}, /* KANGXI RADICAL HIDING ENCLOSURE */ - {0x2f17, 1, 2396}, /* KANGXI RADICAL TEN */ - {0x2f18, 1, 2397}, /* KANGXI RADICAL DIVINATION */ - {0x2f19, 1, 2398}, /* KANGXI RADICAL SEAL */ - {0x2f1a, 1, 2399}, /* KANGXI RADICAL CLIFF */ - {0x2f1b, 1, 2400}, /* KANGXI RADICAL PRIVATE */ - {0x2f1c, 1, 2401}, /* KANGXI RADICAL AGAIN */ - {0x2f1d, 1, 2402}, /* KANGXI RADICAL MOUTH */ - {0x2f1e, 1, 2403}, /* KANGXI RADICAL ENCLOSURE */ - {0x2f1f, 1, 2404}, /* KANGXI RADICAL EARTH */ - {0x2f20, 1, 2405}, /* KANGXI RADICAL SCHOLAR */ - {0x2f21, 1, 2406}, /* KANGXI RADICAL GO */ - {0x2f22, 1, 2407}, /* KANGXI RADICAL GO SLOWLY */ - {0x2f23, 1, 2408}, /* KANGXI RADICAL EVENING */ - {0x2f24, 1, 2409}, /* KANGXI RADICAL BIG */ - {0x2f25, 1, 2410}, /* KANGXI RADICAL WOMAN */ - {0x2f26, 1, 2411}, /* KANGXI RADICAL CHILD */ - {0x2f27, 1, 2412}, /* KANGXI RADICAL ROOF */ - {0x2f28, 1, 2413}, /* KANGXI RADICAL INCH */ - {0x2f29, 1, 2414}, /* KANGXI RADICAL SMALL */ - {0x2f2a, 1, 2415}, /* KANGXI RADICAL LAME */ - {0x2f2b, 1, 2416}, /* KANGXI RADICAL CORPSE */ - {0x2f2c, 1, 2417}, /* KANGXI RADICAL SPROUT */ - {0x2f2d, 1, 2418}, /* KANGXI RADICAL MOUNTAIN */ - {0x2f2e, 1, 2419}, /* KANGXI RADICAL RIVER */ - {0x2f2f, 1, 2420}, /* KANGXI RADICAL WORK */ - {0x2f30, 1, 2421}, /* KANGXI RADICAL ONESELF */ - {0x2f31, 1, 2422}, /* KANGXI RADICAL TURBAN */ - {0x2f32, 1, 2423}, /* KANGXI RADICAL DRY */ - {0x2f33, 1, 2424}, /* KANGXI RADICAL SHORT THREAD */ - {0x2f34, 1, 2425}, /* KANGXI RADICAL DOTTED CLIFF */ - {0x2f35, 1, 2426}, /* KANGXI RADICAL LONG STRIDE */ - {0x2f36, 1, 2427}, /* KANGXI RADICAL TWO HANDS */ - {0x2f37, 1, 2428}, /* KANGXI RADICAL SHOOT */ - {0x2f38, 1, 2429}, /* KANGXI RADICAL BOW */ - {0x2f39, 1, 2430}, /* KANGXI RADICAL SNOUT */ - {0x2f3a, 1, 2431}, /* KANGXI RADICAL BRISTLE */ - {0x2f3b, 1, 2432}, /* KANGXI RADICAL STEP */ - {0x2f3c, 1, 2433}, /* KANGXI RADICAL HEART */ - {0x2f3d, 1, 2434}, /* KANGXI RADICAL HALBERD */ - {0x2f3e, 1, 2435}, /* KANGXI RADICAL DOOR */ - {0x2f3f, 1, 2436}, /* KANGXI RADICAL HAND */ - {0x2f40, 1, 2437}, /* KANGXI RADICAL BRANCH */ - {0x2f41, 1, 2438}, /* KANGXI RADICAL RAP */ - {0x2f42, 1, 2439}, /* KANGXI RADICAL SCRIPT */ - {0x2f43, 1, 2440}, /* KANGXI RADICAL DIPPER */ - {0x2f44, 1, 2441}, /* KANGXI RADICAL AXE */ - {0x2f45, 1, 2442}, /* KANGXI RADICAL SQUARE */ - {0x2f46, 1, 2443}, /* KANGXI RADICAL NOT */ - {0x2f47, 1, 2444}, /* KANGXI RADICAL SUN */ - {0x2f48, 1, 2445}, /* KANGXI RADICAL SAY */ - {0x2f49, 1, 2446}, /* KANGXI RADICAL MOON */ - {0x2f4a, 1, 2447}, /* KANGXI RADICAL TREE */ - {0x2f4b, 1, 2448}, /* KANGXI RADICAL LACK */ - {0x2f4c, 1, 2449}, /* KANGXI RADICAL STOP */ - {0x2f4d, 1, 2450}, /* KANGXI RADICAL DEATH */ - {0x2f4e, 1, 2451}, /* KANGXI RADICAL WEAPON */ - {0x2f4f, 1, 2452}, /* KANGXI RADICAL DO NOT */ - {0x2f50, 1, 2453}, /* KANGXI RADICAL COMPARE */ - {0x2f51, 1, 2454}, /* KANGXI RADICAL FUR */ - {0x2f52, 1, 2455}, /* KANGXI RADICAL CLAN */ - {0x2f53, 1, 2456}, /* KANGXI RADICAL STEAM */ - {0x2f54, 1, 2457}, /* KANGXI RADICAL WATER */ - {0x2f55, 1, 2458}, /* KANGXI RADICAL FIRE */ - {0x2f56, 1, 2459}, /* KANGXI RADICAL CLAW */ - {0x2f57, 1, 2460}, /* KANGXI RADICAL FATHER */ - {0x2f58, 1, 2461}, /* KANGXI RADICAL DOUBLE X */ - {0x2f59, 1, 2462}, /* KANGXI RADICAL HALF TREE TRUNK */ - {0x2f5a, 1, 2463}, /* KANGXI RADICAL SLICE */ - {0x2f5b, 1, 2464}, /* KANGXI RADICAL FANG */ - {0x2f5c, 1, 2465}, /* KANGXI RADICAL COW */ - {0x2f5d, 1, 2466}, /* KANGXI RADICAL DOG */ - {0x2f5e, 1, 2467}, /* KANGXI RADICAL PROFOUND */ - {0x2f5f, 1, 2468}, /* KANGXI RADICAL JADE */ - {0x2f60, 1, 2469}, /* KANGXI RADICAL MELON */ - {0x2f61, 1, 2470}, /* KANGXI RADICAL TILE */ - {0x2f62, 1, 2471}, /* KANGXI RADICAL SWEET */ - {0x2f63, 1, 2472}, /* KANGXI RADICAL LIFE */ - {0x2f64, 1, 2473}, /* KANGXI RADICAL USE */ - {0x2f65, 1, 2474}, /* KANGXI RADICAL FIELD */ - {0x2f66, 1, 2475}, /* KANGXI RADICAL BOLT OF CLOTH */ - {0x2f67, 1, 2476}, /* KANGXI RADICAL SICKNESS */ - {0x2f68, 1, 2477}, /* KANGXI RADICAL DOTTED TENT */ - {0x2f69, 1, 2478}, /* KANGXI RADICAL WHITE */ - {0x2f6a, 1, 2479}, /* KANGXI RADICAL SKIN */ - {0x2f6b, 1, 2480}, /* KANGXI RADICAL DISH */ - {0x2f6c, 1, 2481}, /* KANGXI RADICAL EYE */ - {0x2f6d, 1, 2482}, /* KANGXI RADICAL SPEAR */ - {0x2f6e, 1, 2483}, /* KANGXI RADICAL ARROW */ - {0x2f6f, 1, 2484}, /* KANGXI RADICAL STONE */ - {0x2f70, 1, 2485}, /* KANGXI RADICAL SPIRIT */ - {0x2f71, 1, 2486}, /* KANGXI RADICAL TRACK */ - {0x2f72, 1, 2487}, /* KANGXI RADICAL GRAIN */ - {0x2f73, 1, 2488}, /* KANGXI RADICAL CAVE */ - {0x2f74, 1, 2489}, /* KANGXI RADICAL STAND */ - {0x2f75, 1, 2490}, /* KANGXI RADICAL BAMBOO */ - {0x2f76, 1, 2491}, /* KANGXI RADICAL RICE */ - {0x2f77, 1, 2492}, /* KANGXI RADICAL SILK */ - {0x2f78, 1, 2493}, /* KANGXI RADICAL JAR */ - {0x2f79, 1, 2494}, /* KANGXI RADICAL NET */ - {0x2f7a, 1, 2495}, /* KANGXI RADICAL SHEEP */ - {0x2f7b, 1, 2496}, /* KANGXI RADICAL FEATHER */ - {0x2f7c, 1, 2497}, /* KANGXI RADICAL OLD */ - {0x2f7d, 1, 2498}, /* KANGXI RADICAL AND */ - {0x2f7e, 1, 2499}, /* KANGXI RADICAL PLOW */ - {0x2f7f, 1, 2500}, /* KANGXI RADICAL EAR */ - {0x2f80, 1, 2501}, /* KANGXI RADICAL BRUSH */ - {0x2f81, 1, 2502}, /* KANGXI RADICAL MEAT */ - {0x2f82, 1, 2503}, /* KANGXI RADICAL MINISTER */ - {0x2f83, 1, 2504}, /* KANGXI RADICAL SELF */ - {0x2f84, 1, 2505}, /* KANGXI RADICAL ARRIVE */ - {0x2f85, 1, 2506}, /* KANGXI RADICAL MORTAR */ - {0x2f86, 1, 2507}, /* KANGXI RADICAL TONGUE */ - {0x2f87, 1, 2508}, /* KANGXI RADICAL OPPOSE */ - {0x2f88, 1, 2509}, /* KANGXI RADICAL BOAT */ - {0x2f89, 1, 2510}, /* KANGXI RADICAL STOPPING */ - {0x2f8a, 1, 2511}, /* KANGXI RADICAL COLOR */ - {0x2f8b, 1, 2512}, /* KANGXI RADICAL GRASS */ - {0x2f8c, 1, 2513}, /* KANGXI RADICAL TIGER */ - {0x2f8d, 1, 2514}, /* KANGXI RADICAL INSECT */ - {0x2f8e, 1, 2515}, /* KANGXI RADICAL BLOOD */ - {0x2f8f, 1, 2516}, /* KANGXI RADICAL WALK ENCLOSURE */ - {0x2f90, 1, 2517}, /* KANGXI RADICAL CLOTHES */ - {0x2f91, 1, 2518}, /* KANGXI RADICAL WEST */ - {0x2f92, 1, 2519}, /* KANGXI RADICAL SEE */ - {0x2f93, 1, 2520}, /* KANGXI RADICAL HORN */ - {0x2f94, 1, 2521}, /* KANGXI RADICAL SPEECH */ - {0x2f95, 1, 2522}, /* KANGXI RADICAL VALLEY */ - {0x2f96, 1, 2523}, /* KANGXI RADICAL BEAN */ - {0x2f97, 1, 2524}, /* KANGXI RADICAL PIG */ - {0x2f98, 1, 2525}, /* KANGXI RADICAL BADGER */ - {0x2f99, 1, 2526}, /* KANGXI RADICAL SHELL */ - {0x2f9a, 1, 2527}, /* KANGXI RADICAL RED */ - {0x2f9b, 1, 2528}, /* KANGXI RADICAL RUN */ - {0x2f9c, 1, 2529}, /* KANGXI RADICAL FOOT */ - {0x2f9d, 1, 2530}, /* KANGXI RADICAL BODY */ - {0x2f9e, 1, 2531}, /* KANGXI RADICAL CART */ - {0x2f9f, 1, 2532}, /* KANGXI RADICAL BITTER */ - {0x2fa0, 1, 2533}, /* KANGXI RADICAL MORNING */ - {0x2fa1, 1, 2534}, /* KANGXI RADICAL WALK */ - {0x2fa2, 1, 2535}, /* KANGXI RADICAL CITY */ - {0x2fa3, 1, 2536}, /* KANGXI RADICAL WINE */ - {0x2fa4, 1, 2537}, /* KANGXI RADICAL DISTINGUISH */ - {0x2fa5, 1, 2538}, /* KANGXI RADICAL VILLAGE */ - {0x2fa6, 1, 2539}, /* KANGXI RADICAL GOLD */ - {0x2fa7, 1, 2540}, /* KANGXI RADICAL LONG */ - {0x2fa8, 1, 2541}, /* KANGXI RADICAL GATE */ - {0x2fa9, 1, 2542}, /* KANGXI RADICAL MOUND */ - {0x2faa, 1, 2543}, /* KANGXI RADICAL SLAVE */ - {0x2fab, 1, 2544}, /* KANGXI RADICAL SHORT TAILED BIRD */ - {0x2fac, 1, 2545}, /* KANGXI RADICAL RAIN */ - {0x2fad, 1, 2546}, /* KANGXI RADICAL BLUE */ - {0x2fae, 1, 2547}, /* KANGXI RADICAL WRONG */ - {0x2faf, 1, 2548}, /* KANGXI RADICAL FACE */ - {0x2fb0, 1, 2549}, /* KANGXI RADICAL LEATHER */ - {0x2fb1, 1, 2550}, /* KANGXI RADICAL TANNED LEATHER */ - {0x2fb2, 1, 2551}, /* KANGXI RADICAL LEEK */ - {0x2fb3, 1, 2552}, /* KANGXI RADICAL SOUND */ - {0x2fb4, 1, 2553}, /* KANGXI RADICAL LEAF */ - {0x2fb5, 1, 2554}, /* KANGXI RADICAL WIND */ - {0x2fb6, 1, 2555}, /* KANGXI RADICAL FLY */ - {0x2fb7, 1, 2556}, /* KANGXI RADICAL EAT */ - {0x2fb8, 1, 2557}, /* KANGXI RADICAL HEAD */ - {0x2fb9, 1, 2558}, /* KANGXI RADICAL FRAGRANT */ - {0x2fba, 1, 2559}, /* KANGXI RADICAL HORSE */ - {0x2fbb, 1, 2560}, /* KANGXI RADICAL BONE */ - {0x2fbc, 1, 2561}, /* KANGXI RADICAL TALL */ - {0x2fbd, 1, 2562}, /* KANGXI RADICAL HAIR */ - {0x2fbe, 1, 2563}, /* KANGXI RADICAL FIGHT */ - {0x2fbf, 1, 2564}, /* KANGXI RADICAL SACRIFICIAL WINE */ - {0x2fc0, 1, 2565}, /* KANGXI RADICAL CAULDRON */ - {0x2fc1, 1, 2566}, /* KANGXI RADICAL GHOST */ - {0x2fc2, 1, 2567}, /* KANGXI RADICAL FISH */ - {0x2fc3, 1, 2568}, /* KANGXI RADICAL BIRD */ - {0x2fc4, 1, 2569}, /* KANGXI RADICAL SALT */ - {0x2fc5, 1, 2570}, /* KANGXI RADICAL DEER */ - {0x2fc6, 1, 2571}, /* KANGXI RADICAL WHEAT */ - {0x2fc7, 1, 2572}, /* KANGXI RADICAL HEMP */ - {0x2fc8, 1, 2573}, /* KANGXI RADICAL YELLOW */ - {0x2fc9, 1, 2574}, /* KANGXI RADICAL MILLET */ - {0x2fca, 1, 2575}, /* KANGXI RADICAL BLACK */ - {0x2fcb, 1, 2576}, /* KANGXI RADICAL EMBROIDERY */ - {0x2fcc, 1, 2577}, /* KANGXI RADICAL FROG */ - {0x2fcd, 1, 2578}, /* KANGXI RADICAL TRIPOD */ - {0x2fce, 1, 2579}, /* KANGXI RADICAL DRUM */ - {0x2fcf, 1, 2580}, /* KANGXI RADICAL RAT */ - {0x2fd0, 1, 2581}, /* KANGXI RADICAL NOSE */ - {0x2fd1, 1, 2582}, /* KANGXI RADICAL EVEN */ - {0x2fd2, 1, 2583}, /* KANGXI RADICAL TOOTH */ - {0x2fd3, 1, 2584}, /* KANGXI RADICAL DRAGON */ - {0x2fd4, 1, 2585}, /* KANGXI RADICAL TURTLE */ - {0x2fd5, 1, 2586}, /* KANGXI RADICAL FLUTE */ - {0x3000, 1, 2587}, /* IDEOGRAPHIC SPACE */ - {0x3036, 1, 2588}, /* CIRCLED POSTAL MARK */ - {0x3038, 1, 2396}, /* HANGZHOU NUMERAL TEN */ - {0x3039, 1, 2589}, /* HANGZHOU NUMERAL TWENTY */ - {0x303a, 1, 2590}, /* HANGZHOU NUMERAL THIRTY */ - {0x304c, 2, 2591}, /* HIRAGANA LETTER GA */ - {0x304e, 2, 2593}, /* HIRAGANA LETTER GI */ - {0x3050, 2, 2595}, /* HIRAGANA LETTER GU */ - {0x3052, 2, 2597}, /* HIRAGANA LETTER GE */ - {0x3054, 2, 2599}, /* HIRAGANA LETTER GO */ - {0x3056, 2, 2601}, /* HIRAGANA LETTER ZA */ - {0x3058, 2, 2603}, /* HIRAGANA LETTER ZI */ - {0x305a, 2, 2605}, /* HIRAGANA LETTER ZU */ - {0x305c, 2, 2607}, /* HIRAGANA LETTER ZE */ - {0x305e, 2, 2609}, /* HIRAGANA LETTER ZO */ - {0x3060, 2, 2611}, /* HIRAGANA LETTER DA */ - {0x3062, 2, 2613}, /* HIRAGANA LETTER DI */ - {0x3065, 2, 2615}, /* HIRAGANA LETTER DU */ - {0x3067, 2, 2617}, /* HIRAGANA LETTER DE */ - {0x3069, 2, 2619}, /* HIRAGANA LETTER DO */ - {0x3070, 2, 2621}, /* HIRAGANA LETTER BA */ - {0x3071, 2, 2623}, /* HIRAGANA LETTER PA */ - {0x3073, 2, 2625}, /* HIRAGANA LETTER BI */ - {0x3074, 2, 2627}, /* HIRAGANA LETTER PI */ - {0x3076, 2, 2629}, /* HIRAGANA LETTER BU */ - {0x3077, 2, 2631}, /* HIRAGANA LETTER PU */ - {0x3079, 2, 2633}, /* HIRAGANA LETTER BE */ - {0x307a, 2, 2635}, /* HIRAGANA LETTER PE */ - {0x307c, 2, 2637}, /* HIRAGANA LETTER BO */ - {0x307d, 2, 2639}, /* HIRAGANA LETTER PO */ - {0x3094, 2, 2641}, /* HIRAGANA LETTER VU */ - {0x309b, 2, 2643}, /* KATAKANA-HIRAGANA VOICED SOUND MARK */ - {0x309c, 2, 2645}, /* KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK */ - {0x309e, 2, 2647}, /* HIRAGANA VOICED ITERATION MARK */ - {0x309f, 2, 2649}, /* HIRAGANA DIGRAPH YORI */ - {0x30ac, 2, 2651}, /* KATAKANA LETTER GA */ - {0x30ae, 2, 2653}, /* KATAKANA LETTER GI */ - {0x30b0, 2, 2655}, /* KATAKANA LETTER GU */ - {0x30b2, 2, 2657}, /* KATAKANA LETTER GE */ - {0x30b4, 2, 2659}, /* KATAKANA LETTER GO */ - {0x30b6, 2, 2661}, /* KATAKANA LETTER ZA */ - {0x30b8, 2, 2663}, /* KATAKANA LETTER ZI */ - {0x30ba, 2, 2665}, /* KATAKANA LETTER ZU */ - {0x30bc, 2, 2667}, /* KATAKANA LETTER ZE */ - {0x30be, 2, 2669}, /* KATAKANA LETTER ZO */ - {0x30c0, 2, 2671}, /* KATAKANA LETTER DA */ - {0x30c2, 2, 2673}, /* KATAKANA LETTER DI */ - {0x30c5, 2, 2675}, /* KATAKANA LETTER DU */ - {0x30c7, 2, 2677}, /* KATAKANA LETTER DE */ - {0x30c9, 2, 2679}, /* KATAKANA LETTER DO */ - {0x30d0, 2, 2681}, /* KATAKANA LETTER BA */ - {0x30d1, 2, 2683}, /* KATAKANA LETTER PA */ - {0x30d3, 2, 2685}, /* KATAKANA LETTER BI */ - {0x30d4, 2, 2687}, /* KATAKANA LETTER PI */ - {0x30d6, 2, 2689}, /* KATAKANA LETTER BU */ - {0x30d7, 2, 2691}, /* KATAKANA LETTER PU */ - {0x30d9, 2, 2693}, /* KATAKANA LETTER BE */ - {0x30da, 2, 2695}, /* KATAKANA LETTER PE */ - {0x30dc, 2, 2697}, /* KATAKANA LETTER BO */ - {0x30dd, 2, 2699}, /* KATAKANA LETTER PO */ - {0x30f4, 2, 2701}, /* KATAKANA LETTER VU */ - {0x30f7, 2, 2703}, /* KATAKANA LETTER VA */ - {0x30f8, 2, 2705}, /* KATAKANA LETTER VI */ - {0x30f9, 2, 2707}, /* KATAKANA LETTER VE */ - {0x30fa, 2, 2709}, /* KATAKANA LETTER VO */ - {0x30fe, 2, 2711}, /* KATAKANA VOICED ITERATION MARK */ - {0x30ff, 2, 2713}, /* KATAKANA DIGRAPH KOTO */ - {0x3131, 1, 2715}, /* HANGUL LETTER KIYEOK */ - {0x3132, 1, 2716}, /* HANGUL LETTER SSANGKIYEOK */ - {0x3133, 1, 2717}, /* HANGUL LETTER KIYEOK-SIOS */ - {0x3134, 1, 2718}, /* HANGUL LETTER NIEUN */ - {0x3135, 1, 2719}, /* HANGUL LETTER NIEUN-CIEUC */ - {0x3136, 1, 2720}, /* HANGUL LETTER NIEUN-HIEUH */ - {0x3137, 1, 2721}, /* HANGUL LETTER TIKEUT */ - {0x3138, 1, 2722}, /* HANGUL LETTER SSANGTIKEUT */ - {0x3139, 1, 2723}, /* HANGUL LETTER RIEUL */ - {0x313a, 1, 2724}, /* HANGUL LETTER RIEUL-KIYEOK */ - {0x313b, 1, 2725}, /* HANGUL LETTER RIEUL-MIEUM */ - {0x313c, 1, 2726}, /* HANGUL LETTER RIEUL-PIEUP */ - {0x313d, 1, 2727}, /* HANGUL LETTER RIEUL-SIOS */ - {0x313e, 1, 2728}, /* HANGUL LETTER RIEUL-THIEUTH */ - {0x313f, 1, 2729}, /* HANGUL LETTER RIEUL-PHIEUPH */ - {0x3140, 1, 2730}, /* HANGUL LETTER RIEUL-HIEUH */ - {0x3141, 1, 2731}, /* HANGUL LETTER MIEUM */ - {0x3142, 1, 2732}, /* HANGUL LETTER PIEUP */ - {0x3143, 1, 2733}, /* HANGUL LETTER SSANGPIEUP */ - {0x3144, 1, 2734}, /* HANGUL LETTER PIEUP-SIOS */ - {0x3145, 1, 2735}, /* HANGUL LETTER SIOS */ - {0x3146, 1, 2736}, /* HANGUL LETTER SSANGSIOS */ - {0x3147, 1, 2737}, /* HANGUL LETTER IEUNG */ - {0x3148, 1, 2738}, /* HANGUL LETTER CIEUC */ - {0x3149, 1, 2739}, /* HANGUL LETTER SSANGCIEUC */ - {0x314a, 1, 2740}, /* HANGUL LETTER CHIEUCH */ - {0x314b, 1, 2741}, /* HANGUL LETTER KHIEUKH */ - {0x314c, 1, 2742}, /* HANGUL LETTER THIEUTH */ - {0x314d, 1, 2743}, /* HANGUL LETTER PHIEUPH */ - {0x314e, 1, 2744}, /* HANGUL LETTER HIEUH */ - {0x314f, 1, 2745}, /* HANGUL LETTER A */ - {0x3150, 1, 2746}, /* HANGUL LETTER AE */ - {0x3151, 1, 2747}, /* HANGUL LETTER YA */ - {0x3152, 1, 2748}, /* HANGUL LETTER YAE */ - {0x3153, 1, 2749}, /* HANGUL LETTER EO */ - {0x3154, 1, 2750}, /* HANGUL LETTER E */ - {0x3155, 1, 2751}, /* HANGUL LETTER YEO */ - {0x3156, 1, 2752}, /* HANGUL LETTER YE */ - {0x3157, 1, 2753}, /* HANGUL LETTER O */ - {0x3158, 1, 2754}, /* HANGUL LETTER WA */ - {0x3159, 1, 2755}, /* HANGUL LETTER WAE */ - {0x315a, 1, 2756}, /* HANGUL LETTER OE */ - {0x315b, 1, 2757}, /* HANGUL LETTER YO */ - {0x315c, 1, 2758}, /* HANGUL LETTER U */ - {0x315d, 1, 2759}, /* HANGUL LETTER WEO */ - {0x315e, 1, 2760}, /* HANGUL LETTER WE */ - {0x315f, 1, 2761}, /* HANGUL LETTER WI */ - {0x3160, 1, 2762}, /* HANGUL LETTER YU */ - {0x3161, 1, 2763}, /* HANGUL LETTER EU */ - {0x3162, 1, 2764}, /* HANGUL LETTER YI */ - {0x3163, 1, 2765}, /* HANGUL LETTER I */ - {0x3164, 1, 2766}, /* HANGUL FILLER */ - {0x3165, 1, 2767}, /* HANGUL LETTER SSANGNIEUN */ - {0x3166, 1, 2768}, /* HANGUL LETTER NIEUN-TIKEUT */ - {0x3167, 1, 2769}, /* HANGUL LETTER NIEUN-SIOS */ - {0x3168, 1, 2770}, /* HANGUL LETTER NIEUN-PANSIOS */ - {0x3169, 1, 2771}, /* HANGUL LETTER RIEUL-KIYEOK-SIOS */ - {0x316a, 1, 2772}, /* HANGUL LETTER RIEUL-TIKEUT */ - {0x316b, 1, 2773}, /* HANGUL LETTER RIEUL-PIEUP-SIOS */ - {0x316c, 1, 2774}, /* HANGUL LETTER RIEUL-PANSIOS */ - {0x316d, 1, 2775}, /* HANGUL LETTER RIEUL-YEORINHIEUH */ - {0x316e, 1, 2776}, /* HANGUL LETTER MIEUM-PIEUP */ - {0x316f, 1, 2777}, /* HANGUL LETTER MIEUM-SIOS */ - {0x3170, 1, 2778}, /* HANGUL LETTER MIEUM-PANSIOS */ - {0x3171, 1, 2779}, /* HANGUL LETTER KAPYEOUNMIEUM */ - {0x3172, 1, 2780}, /* HANGUL LETTER PIEUP-KIYEOK */ - {0x3173, 1, 2781}, /* HANGUL LETTER PIEUP-TIKEUT */ - {0x3174, 1, 2782}, /* HANGUL LETTER PIEUP-SIOS-KIYEOK */ - {0x3175, 1, 2783}, /* HANGUL LETTER PIEUP-SIOS-TIKEUT */ - {0x3176, 1, 2784}, /* HANGUL LETTER PIEUP-CIEUC */ - {0x3177, 1, 2785}, /* HANGUL LETTER PIEUP-THIEUTH */ - {0x3178, 1, 2786}, /* HANGUL LETTER KAPYEOUNPIEUP */ - {0x3179, 1, 2787}, /* HANGUL LETTER KAPYEOUNSSANGPIEUP */ - {0x317a, 1, 2788}, /* HANGUL LETTER SIOS-KIYEOK */ - {0x317b, 1, 2789}, /* HANGUL LETTER SIOS-NIEUN */ - {0x317c, 1, 2790}, /* HANGUL LETTER SIOS-TIKEUT */ - {0x317d, 1, 2791}, /* HANGUL LETTER SIOS-PIEUP */ - {0x317e, 1, 2792}, /* HANGUL LETTER SIOS-CIEUC */ - {0x317f, 1, 2793}, /* HANGUL LETTER PANSIOS */ - {0x3180, 1, 2794}, /* HANGUL LETTER SSANGIEUNG */ - {0x3181, 1, 2795}, /* HANGUL LETTER YESIEUNG */ - {0x3182, 1, 2796}, /* HANGUL LETTER YESIEUNG-SIOS */ - {0x3183, 1, 2797}, /* HANGUL LETTER YESIEUNG-PANSIOS */ - {0x3184, 1, 2798}, /* HANGUL LETTER KAPYEOUNPHIEUPH */ - {0x3185, 1, 2799}, /* HANGUL LETTER SSANGHIEUH */ - {0x3186, 1, 2800}, /* HANGUL LETTER YEORINHIEUH */ - {0x3187, 1, 2801}, /* HANGUL LETTER YO-YA */ - {0x3188, 1, 2802}, /* HANGUL LETTER YO-YAE */ - {0x3189, 1, 2803}, /* HANGUL LETTER YO-I */ - {0x318a, 1, 2804}, /* HANGUL LETTER YU-YEO */ - {0x318b, 1, 2805}, /* HANGUL LETTER YU-YE */ - {0x318c, 1, 2806}, /* HANGUL LETTER YU-I */ - {0x318d, 1, 2807}, /* HANGUL LETTER ARAEA */ - {0x318e, 1, 2808}, /* HANGUL LETTER ARAEAE */ - {0x3192, 1, 2373}, /* IDEOGRAPHIC ANNOTATION ONE MARK */ - {0x3193, 1, 2379}, /* IDEOGRAPHIC ANNOTATION TWO MARK */ - {0x3194, 1, 2809}, /* IDEOGRAPHIC ANNOTATION THREE MARK */ - {0x3195, 1, 2810}, /* IDEOGRAPHIC ANNOTATION FOUR MARK */ - {0x3196, 1, 2811}, /* IDEOGRAPHIC ANNOTATION TOP MARK */ - {0x3197, 1, 2812}, /* IDEOGRAPHIC ANNOTATION MIDDLE MARK */ - {0x3198, 1, 2813}, /* IDEOGRAPHIC ANNOTATION BOTTOM MARK */ - {0x3199, 1, 2814}, /* IDEOGRAPHIC ANNOTATION FIRST MARK */ - {0x319a, 1, 2377}, /* IDEOGRAPHIC ANNOTATION SECOND MARK */ - {0x319b, 1, 2815}, /* IDEOGRAPHIC ANNOTATION THIRD MARK */ - {0x319c, 1, 2816}, /* IDEOGRAPHIC ANNOTATION FOURTH MARK */ - {0x319d, 1, 2817}, /* IDEOGRAPHIC ANNOTATION HEAVEN MARK */ - {0x319e, 1, 2818}, /* IDEOGRAPHIC ANNOTATION EARTH MARK */ - {0x319f, 1, 2381}, /* IDEOGRAPHIC ANNOTATION MAN MARK */ - {0x3200, 3, 2819}, /* PARENTHESIZED HANGUL KIYEOK */ - {0x3201, 3, 2822}, /* PARENTHESIZED HANGUL NIEUN */ - {0x3202, 3, 2825}, /* PARENTHESIZED HANGUL TIKEUT */ - {0x3203, 3, 2828}, /* PARENTHESIZED HANGUL RIEUL */ - {0x3204, 3, 2831}, /* PARENTHESIZED HANGUL MIEUM */ - {0x3205, 3, 2834}, /* PARENTHESIZED HANGUL PIEUP */ - {0x3206, 3, 2837}, /* PARENTHESIZED HANGUL SIOS */ - {0x3207, 3, 2840}, /* PARENTHESIZED HANGUL IEUNG */ - {0x3208, 3, 2843}, /* PARENTHESIZED HANGUL CIEUC */ - {0x3209, 3, 2846}, /* PARENTHESIZED HANGUL CHIEUCH */ - {0x320a, 3, 2849}, /* PARENTHESIZED HANGUL KHIEUKH */ - {0x320b, 3, 2852}, /* PARENTHESIZED HANGUL THIEUTH */ - {0x320c, 3, 2855}, /* PARENTHESIZED HANGUL PHIEUPH */ - {0x320d, 3, 2858}, /* PARENTHESIZED HANGUL HIEUH */ - {0x320e, 4, 2861}, /* PARENTHESIZED HANGUL KIYEOK A */ - {0x320f, 4, 2865}, /* PARENTHESIZED HANGUL NIEUN A */ - {0x3210, 4, 2869}, /* PARENTHESIZED HANGUL TIKEUT A */ - {0x3211, 4, 2873}, /* PARENTHESIZED HANGUL RIEUL A */ - {0x3212, 4, 2877}, /* PARENTHESIZED HANGUL MIEUM A */ - {0x3213, 4, 2881}, /* PARENTHESIZED HANGUL PIEUP A */ - {0x3214, 4, 2885}, /* PARENTHESIZED HANGUL SIOS A */ - {0x3215, 4, 2889}, /* PARENTHESIZED HANGUL IEUNG A */ - {0x3216, 4, 2893}, /* PARENTHESIZED HANGUL CIEUC A */ - {0x3217, 4, 2897}, /* PARENTHESIZED HANGUL CHIEUCH A */ - {0x3218, 4, 2901}, /* PARENTHESIZED HANGUL KHIEUKH A */ - {0x3219, 4, 2905}, /* PARENTHESIZED HANGUL THIEUTH A */ - {0x321a, 4, 2909}, /* PARENTHESIZED HANGUL PHIEUPH A */ - {0x321b, 4, 2913}, /* PARENTHESIZED HANGUL HIEUH A */ - {0x321c, 4, 2917}, /* PARENTHESIZED HANGUL CIEUC U */ - {0x321d, 7, 2921}, /* PARENTHESIZED KOREAN CHARACTER OJEON */ - {0x321e, 6, 2928}, /* PARENTHESIZED KOREAN CHARACTER O HU */ - {0x3220, 3, 2934}, /* PARENTHESIZED IDEOGRAPH ONE */ - {0x3221, 3, 2937}, /* PARENTHESIZED IDEOGRAPH TWO */ - {0x3222, 3, 2940}, /* PARENTHESIZED IDEOGRAPH THREE */ - {0x3223, 3, 2943}, /* PARENTHESIZED IDEOGRAPH FOUR */ - {0x3224, 3, 2946}, /* PARENTHESIZED IDEOGRAPH FIVE */ - {0x3225, 3, 2949}, /* PARENTHESIZED IDEOGRAPH SIX */ - {0x3226, 3, 2952}, /* PARENTHESIZED IDEOGRAPH SEVEN */ - {0x3227, 3, 2955}, /* PARENTHESIZED IDEOGRAPH EIGHT */ - {0x3228, 3, 2958}, /* PARENTHESIZED IDEOGRAPH NINE */ - {0x3229, 3, 2961}, /* PARENTHESIZED IDEOGRAPH TEN */ - {0x322a, 3, 2964}, /* PARENTHESIZED IDEOGRAPH MOON */ - {0x322b, 3, 2967}, /* PARENTHESIZED IDEOGRAPH FIRE */ - {0x322c, 3, 2970}, /* PARENTHESIZED IDEOGRAPH WATER */ - {0x322d, 3, 2973}, /* PARENTHESIZED IDEOGRAPH WOOD */ - {0x322e, 3, 2976}, /* PARENTHESIZED IDEOGRAPH METAL */ - {0x322f, 3, 2979}, /* PARENTHESIZED IDEOGRAPH EARTH */ - {0x3230, 3, 2982}, /* PARENTHESIZED IDEOGRAPH SUN */ - {0x3231, 3, 2985}, /* PARENTHESIZED IDEOGRAPH STOCK */ - {0x3232, 3, 2988}, /* PARENTHESIZED IDEOGRAPH HAVE */ - {0x3233, 3, 2991}, /* PARENTHESIZED IDEOGRAPH SOCIETY */ - {0x3234, 3, 2994}, /* PARENTHESIZED IDEOGRAPH NAME */ - {0x3235, 3, 2997}, /* PARENTHESIZED IDEOGRAPH SPECIAL */ - {0x3236, 3, 3000}, /* PARENTHESIZED IDEOGRAPH FINANCIAL */ - {0x3237, 3, 3003}, /* PARENTHESIZED IDEOGRAPH CONGRATULATION */ - {0x3238, 3, 3006}, /* PARENTHESIZED IDEOGRAPH LABOR */ - {0x3239, 3, 3009}, /* PARENTHESIZED IDEOGRAPH REPRESENT */ - {0x323a, 3, 3012}, /* PARENTHESIZED IDEOGRAPH CALL */ - {0x323b, 3, 3015}, /* PARENTHESIZED IDEOGRAPH STUDY */ - {0x323c, 3, 3018}, /* PARENTHESIZED IDEOGRAPH SUPERVISE */ - {0x323d, 3, 3021}, /* PARENTHESIZED IDEOGRAPH ENTERPRISE */ - {0x323e, 3, 3024}, /* PARENTHESIZED IDEOGRAPH RESOURCE */ - {0x323f, 3, 3027}, /* PARENTHESIZED IDEOGRAPH ALLIANCE */ - {0x3240, 3, 3030}, /* PARENTHESIZED IDEOGRAPH FESTIVAL */ - {0x3241, 3, 3033}, /* PARENTHESIZED IDEOGRAPH REST */ - {0x3242, 3, 3036}, /* PARENTHESIZED IDEOGRAPH SELF */ - {0x3243, 3, 3039}, /* PARENTHESIZED IDEOGRAPH REACH */ - {0x3250, 3, 3042}, /* PARTNERSHIP SIGN */ - {0x3251, 2, 2147}, /* CIRCLED NUMBER TWENTY ONE */ - {0x3252, 2, 3045}, /* CIRCLED NUMBER TWENTY TWO */ - {0x3253, 2, 6}, /* CIRCLED NUMBER TWENTY THREE */ - {0x3254, 2, 3047}, /* CIRCLED NUMBER TWENTY FOUR */ - {0x3255, 2, 3049}, /* CIRCLED NUMBER TWENTY FIVE */ - {0x3256, 2, 3051}, /* CIRCLED NUMBER TWENTY SIX */ - {0x3257, 2, 3053}, /* CIRCLED NUMBER TWENTY SEVEN */ - {0x3258, 2, 3055}, /* CIRCLED NUMBER TWENTY EIGHT */ - {0x3259, 2, 3057}, /* CIRCLED NUMBER TWENTY NINE */ - {0x325a, 2, 3059}, /* CIRCLED NUMBER THIRTY */ - {0x325b, 2, 1965}, /* CIRCLED NUMBER THIRTY ONE */ - {0x325c, 2, 1962}, /* CIRCLED NUMBER THIRTY TWO */ - {0x325d, 2, 3061}, /* CIRCLED NUMBER THIRTY THREE */ - {0x325e, 2, 3063}, /* CIRCLED NUMBER THIRTY FOUR */ - {0x325f, 2, 3065}, /* CIRCLED NUMBER THIRTY FIVE */ - {0x3260, 1, 2715}, /* CIRCLED HANGUL KIYEOK */ - {0x3261, 1, 2718}, /* CIRCLED HANGUL NIEUN */ - {0x3262, 1, 2721}, /* CIRCLED HANGUL TIKEUT */ - {0x3263, 1, 2723}, /* CIRCLED HANGUL RIEUL */ - {0x3264, 1, 2731}, /* CIRCLED HANGUL MIEUM */ - {0x3265, 1, 2732}, /* CIRCLED HANGUL PIEUP */ - {0x3266, 1, 2735}, /* CIRCLED HANGUL SIOS */ - {0x3267, 1, 2737}, /* CIRCLED HANGUL IEUNG */ - {0x3268, 1, 2738}, /* CIRCLED HANGUL CIEUC */ - {0x3269, 1, 2740}, /* CIRCLED HANGUL CHIEUCH */ - {0x326a, 1, 2741}, /* CIRCLED HANGUL KHIEUKH */ - {0x326b, 1, 2742}, /* CIRCLED HANGUL THIEUTH */ - {0x326c, 1, 2743}, /* CIRCLED HANGUL PHIEUPH */ - {0x326d, 1, 2744}, /* CIRCLED HANGUL HIEUH */ - {0x326e, 2, 2862}, /* CIRCLED HANGUL KIYEOK A */ - {0x326f, 2, 2866}, /* CIRCLED HANGUL NIEUN A */ - {0x3270, 2, 2870}, /* CIRCLED HANGUL TIKEUT A */ - {0x3271, 2, 2874}, /* CIRCLED HANGUL RIEUL A */ - {0x3272, 2, 2878}, /* CIRCLED HANGUL MIEUM A */ - {0x3273, 2, 2882}, /* CIRCLED HANGUL PIEUP A */ - {0x3274, 2, 2886}, /* CIRCLED HANGUL SIOS A */ - {0x3275, 2, 2890}, /* CIRCLED HANGUL IEUNG A */ - {0x3276, 2, 2894}, /* CIRCLED HANGUL CIEUC A */ - {0x3277, 2, 2898}, /* CIRCLED HANGUL CHIEUCH A */ - {0x3278, 2, 2902}, /* CIRCLED HANGUL KHIEUKH A */ - {0x3279, 2, 2906}, /* CIRCLED HANGUL THIEUTH A */ - {0x327a, 2, 2910}, /* CIRCLED HANGUL PHIEUPH A */ - {0x327b, 2, 2744}, /* CIRCLED HANGUL HIEUH A */ - {0x327c, 5, 3067}, /* CIRCLED KOREAN CHARACTER CHAMKO */ - {0x327d, 4, 3072}, /* CIRCLED KOREAN CHARACTER JUEUI */ - {0x3280, 1, 2373}, /* CIRCLED IDEOGRAPH ONE */ - {0x3281, 1, 2379}, /* CIRCLED IDEOGRAPH TWO */ - {0x3282, 1, 2809}, /* CIRCLED IDEOGRAPH THREE */ - {0x3283, 1, 2810}, /* CIRCLED IDEOGRAPH FOUR */ - {0x3284, 1, 2947}, /* CIRCLED IDEOGRAPH FIVE */ - {0x3285, 1, 2950}, /* CIRCLED IDEOGRAPH SIX */ - {0x3286, 1, 2953}, /* CIRCLED IDEOGRAPH SEVEN */ - {0x3287, 1, 2384}, /* CIRCLED IDEOGRAPH EIGHT */ - {0x3288, 1, 2959}, /* CIRCLED IDEOGRAPH NINE */ - {0x3289, 1, 2396}, /* CIRCLED IDEOGRAPH TEN */ - {0x328a, 1, 2446}, /* CIRCLED IDEOGRAPH MOON */ - {0x328b, 1, 2458}, /* CIRCLED IDEOGRAPH FIRE */ - {0x328c, 1, 2457}, /* CIRCLED IDEOGRAPH WATER */ - {0x328d, 1, 2447}, /* CIRCLED IDEOGRAPH WOOD */ - {0x328e, 1, 2539}, /* CIRCLED IDEOGRAPH METAL */ - {0x328f, 1, 2404}, /* CIRCLED IDEOGRAPH EARTH */ - {0x3290, 1, 2444}, /* CIRCLED IDEOGRAPH SUN */ - {0x3291, 1, 2986}, /* CIRCLED IDEOGRAPH STOCK */ - {0x3292, 1, 2989}, /* CIRCLED IDEOGRAPH HAVE */ - {0x3293, 1, 2992}, /* CIRCLED IDEOGRAPH SOCIETY */ - {0x3294, 1, 2995}, /* CIRCLED IDEOGRAPH NAME */ - {0x3295, 1, 2998}, /* CIRCLED IDEOGRAPH SPECIAL */ - {0x3296, 1, 3001}, /* CIRCLED IDEOGRAPH FINANCIAL */ - {0x3297, 1, 3004}, /* CIRCLED IDEOGRAPH CONGRATULATION */ - {0x3298, 1, 3007}, /* CIRCLED IDEOGRAPH LABOR */ - {0x3299, 1, 3076}, /* CIRCLED IDEOGRAPH SECRET */ - {0x329a, 1, 3077}, /* CIRCLED IDEOGRAPH MALE */ - {0x329b, 1, 2410}, /* CIRCLED IDEOGRAPH FEMALE */ - {0x329c, 1, 3078}, /* CIRCLED IDEOGRAPH SUITABLE */ - {0x329d, 1, 3079}, /* CIRCLED IDEOGRAPH EXCELLENT */ - {0x329e, 1, 3080}, /* CIRCLED IDEOGRAPH PRINT */ - {0x329f, 1, 3081}, /* CIRCLED IDEOGRAPH ATTENTION */ - {0x32a0, 1, 3082}, /* CIRCLED IDEOGRAPH ITEM */ - {0x32a1, 1, 3034}, /* CIRCLED IDEOGRAPH REST */ - {0x32a2, 1, 3083}, /* CIRCLED IDEOGRAPH COPY */ - {0x32a3, 1, 3084}, /* CIRCLED IDEOGRAPH CORRECT */ - {0x32a4, 1, 2811}, /* CIRCLED IDEOGRAPH HIGH */ - {0x32a5, 1, 2812}, /* CIRCLED IDEOGRAPH CENTRE */ - {0x32a6, 1, 2813}, /* CIRCLED IDEOGRAPH LOW */ - {0x32a7, 1, 3085}, /* CIRCLED IDEOGRAPH LEFT */ - {0x32a8, 1, 3086}, /* CIRCLED IDEOGRAPH RIGHT */ - {0x32a9, 1, 3087}, /* CIRCLED IDEOGRAPH MEDICINE */ - {0x32aa, 1, 3088}, /* CIRCLED IDEOGRAPH RELIGION */ - {0x32ab, 1, 3016}, /* CIRCLED IDEOGRAPH STUDY */ - {0x32ac, 1, 3019}, /* CIRCLED IDEOGRAPH SUPERVISE */ - {0x32ad, 1, 3022}, /* CIRCLED IDEOGRAPH ENTERPRISE */ - {0x32ae, 1, 3025}, /* CIRCLED IDEOGRAPH RESOURCE */ - {0x32af, 1, 3028}, /* CIRCLED IDEOGRAPH ALLIANCE */ - {0x32b0, 1, 3089}, /* CIRCLED IDEOGRAPH NIGHT */ - {0x32b1, 2, 3090}, /* CIRCLED NUMBER THIRTY SIX */ - {0x32b2, 2, 3092}, /* CIRCLED NUMBER THIRTY SEVEN */ - {0x32b3, 2, 3094}, /* CIRCLED NUMBER THIRTY EIGHT */ - {0x32b4, 2, 3096}, /* CIRCLED NUMBER THIRTY NINE */ - {0x32b5, 2, 3098}, /* CIRCLED NUMBER FORTY */ - {0x32b6, 2, 17}, /* CIRCLED NUMBER FORTY ONE */ - {0x32b7, 2, 3048}, /* CIRCLED NUMBER FORTY TWO */ - {0x32b8, 2, 3064}, /* CIRCLED NUMBER FORTY THREE */ - {0x32b9, 2, 3100}, /* CIRCLED NUMBER FORTY FOUR */ - {0x32ba, 2, 3102}, /* CIRCLED NUMBER FORTY FIVE */ - {0x32bb, 2, 3104}, /* CIRCLED NUMBER FORTY SIX */ - {0x32bc, 2, 3106}, /* CIRCLED NUMBER FORTY SEVEN */ - {0x32bd, 2, 3108}, /* CIRCLED NUMBER FORTY EIGHT */ - {0x32be, 2, 3110}, /* CIRCLED NUMBER FORTY NINE */ - {0x32bf, 2, 3112}, /* CIRCLED NUMBER FIFTY */ - {0x32c0, 2, 3114}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR JANUARY */ - {0x32c1, 2, 3116}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR FEBRUARY */ - {0x32c2, 2, 3118}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR MARCH */ - {0x32c3, 2, 3120}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR APRIL */ - {0x32c4, 2, 3122}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR MAY */ - {0x32c5, 2, 3124}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR JUNE */ - {0x32c6, 2, 3126}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR JULY */ - {0x32c7, 2, 3128}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR AUGUST */ - {0x32c8, 2, 3130}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR SEPTEMBER */ - {0x32c9, 3, 3132}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR OCTOBER */ - {0x32ca, 3, 3135}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR NOVEMBER */ - {0x32cb, 3, 3138}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DECEMBER */ - {0x32cc, 2, 3141}, /* SQUARE HG */ - {0x32cd, 3, 3143}, /* SQUARE ERG */ - {0x32ce, 2, 3146}, /* SQUARE EV */ - {0x32cf, 3, 3148}, /* LIMITED LIABILITY SIGN */ - {0x32d0, 1, 3151}, /* CIRCLED KATAKANA A */ - {0x32d1, 1, 3152}, /* CIRCLED KATAKANA I */ - {0x32d2, 1, 2701}, /* CIRCLED KATAKANA U */ - {0x32d3, 1, 3153}, /* CIRCLED KATAKANA E */ - {0x32d4, 1, 3154}, /* CIRCLED KATAKANA O */ - {0x32d5, 1, 2651}, /* CIRCLED KATAKANA KA */ - {0x32d6, 1, 2653}, /* CIRCLED KATAKANA KI */ - {0x32d7, 1, 2655}, /* CIRCLED KATAKANA KU */ - {0x32d8, 1, 2657}, /* CIRCLED KATAKANA KE */ - {0x32d9, 1, 2659}, /* CIRCLED KATAKANA KO */ - {0x32da, 1, 2661}, /* CIRCLED KATAKANA SA */ - {0x32db, 1, 2663}, /* CIRCLED KATAKANA SI */ - {0x32dc, 1, 2665}, /* CIRCLED KATAKANA SU */ - {0x32dd, 1, 2667}, /* CIRCLED KATAKANA SE */ - {0x32de, 1, 2669}, /* CIRCLED KATAKANA SO */ - {0x32df, 1, 2671}, /* CIRCLED KATAKANA TA */ - {0x32e0, 1, 2673}, /* CIRCLED KATAKANA TI */ - {0x32e1, 1, 2675}, /* CIRCLED KATAKANA TU */ - {0x32e2, 1, 2677}, /* CIRCLED KATAKANA TE */ - {0x32e3, 1, 2679}, /* CIRCLED KATAKANA TO */ - {0x32e4, 1, 3155}, /* CIRCLED KATAKANA NA */ - {0x32e5, 1, 3156}, /* CIRCLED KATAKANA NI */ - {0x32e6, 1, 3157}, /* CIRCLED KATAKANA NU */ - {0x32e7, 1, 3158}, /* CIRCLED KATAKANA NE */ - {0x32e8, 1, 3159}, /* CIRCLED KATAKANA NO */ - {0x32e9, 1, 2681}, /* CIRCLED KATAKANA HA */ - {0x32ea, 1, 2685}, /* CIRCLED KATAKANA HI */ - {0x32eb, 1, 2689}, /* CIRCLED KATAKANA HU */ - {0x32ec, 1, 2693}, /* CIRCLED KATAKANA HE */ - {0x32ed, 1, 2697}, /* CIRCLED KATAKANA HO */ - {0x32ee, 1, 3160}, /* CIRCLED KATAKANA MA */ - {0x32ef, 1, 3161}, /* CIRCLED KATAKANA MI */ - {0x32f0, 1, 3162}, /* CIRCLED KATAKANA MU */ - {0x32f1, 1, 3163}, /* CIRCLED KATAKANA ME */ - {0x32f2, 1, 3164}, /* CIRCLED KATAKANA MO */ - {0x32f3, 1, 3165}, /* CIRCLED KATAKANA YA */ - {0x32f4, 1, 3166}, /* CIRCLED KATAKANA YU */ - {0x32f5, 1, 3167}, /* CIRCLED KATAKANA YO */ - {0x32f6, 1, 3168}, /* CIRCLED KATAKANA RA */ - {0x32f7, 1, 3169}, /* CIRCLED KATAKANA RI */ - {0x32f8, 1, 3170}, /* CIRCLED KATAKANA RU */ - {0x32f9, 1, 3171}, /* CIRCLED KATAKANA RE */ - {0x32fa, 1, 3172}, /* CIRCLED KATAKANA RO */ - {0x32fb, 1, 2703}, /* CIRCLED KATAKANA WA */ - {0x32fc, 1, 2705}, /* CIRCLED KATAKANA WI */ - {0x32fd, 1, 2707}, /* CIRCLED KATAKANA WE */ - {0x32fe, 1, 2709}, /* CIRCLED KATAKANA WO */ - {0x3300, 4, 3173}, /* SQUARE APAATO */ - {0x3301, 4, 3177}, /* SQUARE ARUHUA */ - {0x3302, 4, 3181}, /* SQUARE ANPEA */ - {0x3303, 3, 3185}, /* SQUARE AARU */ - {0x3304, 4, 3188}, /* SQUARE ININGU */ - {0x3305, 3, 3192}, /* SQUARE INTI */ - {0x3306, 3, 3195}, /* SQUARE UON */ - {0x3307, 5, 3198}, /* SQUARE ESUKUUDO */ - {0x3308, 4, 3203}, /* SQUARE EEKAA */ - {0x3309, 3, 3207}, /* SQUARE ONSU */ - {0x330a, 3, 3210}, /* SQUARE OOMU */ - {0x330b, 3, 3213}, /* SQUARE KAIRI */ - {0x330c, 4, 3216}, /* SQUARE KARATTO */ - {0x330d, 4, 3220}, /* SQUARE KARORII */ - {0x330e, 3, 3224}, /* SQUARE GARON */ - {0x330f, 3, 3227}, /* SQUARE GANMA */ - {0x3310, 2, 3230}, /* SQUARE GIGA */ - {0x3311, 3, 3232}, /* SQUARE GINII */ - {0x3312, 4, 3235}, /* SQUARE KYURII */ - {0x3313, 4, 3239}, /* SQUARE GIRUDAA */ - {0x3314, 2, 3243}, /* SQUARE KIRO */ - {0x3315, 5, 3245}, /* SQUARE KIROGURAMU */ - {0x3316, 6, 3250}, /* SQUARE KIROMEETORU */ - {0x3317, 5, 3256}, /* SQUARE KIROWATTO */ - {0x3318, 3, 3247}, /* SQUARE GURAMU */ - {0x3319, 5, 3261}, /* SQUARE GURAMUTON */ - {0x331a, 5, 3266}, /* SQUARE KURUZEIRO */ - {0x331b, 4, 3271}, /* SQUARE KUROONE */ - {0x331c, 3, 3275}, /* SQUARE KEESU */ - {0x331d, 3, 3278}, /* SQUARE KORUNA */ - {0x331e, 3, 3281}, /* SQUARE KOOPO */ - {0x331f, 4, 3284}, /* SQUARE SAIKURU */ - {0x3320, 5, 3288}, /* SQUARE SANTIIMU */ - {0x3321, 4, 3293}, /* SQUARE SIRINGU */ - {0x3322, 3, 3297}, /* SQUARE SENTI */ - {0x3323, 3, 3300}, /* SQUARE SENTO */ - {0x3324, 3, 3303}, /* SQUARE DAASU */ - {0x3325, 2, 3306}, /* SQUARE DESI */ - {0x3326, 2, 3308}, /* SQUARE DORU */ - {0x3327, 2, 3264}, /* SQUARE TON */ - {0x3328, 2, 3310}, /* SQUARE NANO */ - {0x3329, 3, 3312}, /* SQUARE NOTTO */ - {0x332a, 3, 3315}, /* SQUARE HAITU */ - {0x332b, 5, 3318}, /* SQUARE PAASENTO */ - {0x332c, 3, 3323}, /* SQUARE PAATU */ - {0x332d, 4, 3326}, /* SQUARE BAARERU */ - {0x332e, 5, 3330}, /* SQUARE PIASUTORU */ - {0x332f, 3, 3335}, /* SQUARE PIKURU */ - {0x3330, 2, 3338}, /* SQUARE PIKO */ - {0x3331, 2, 3340}, /* SQUARE BIRU */ - {0x3332, 5, 3342}, /* SQUARE HUARADDO */ - {0x3333, 4, 3347}, /* SQUARE HUIITO */ - {0x3334, 5, 3351}, /* SQUARE BUSSYERU */ - {0x3335, 3, 3356}, /* SQUARE HURAN */ - {0x3336, 5, 3359}, /* SQUARE HEKUTAARU */ - {0x3337, 2, 3364}, /* SQUARE PESO */ - {0x3338, 3, 3366}, /* SQUARE PENIHI */ - {0x3339, 3, 3369}, /* SQUARE HERUTU */ - {0x333a, 3, 3372}, /* SQUARE PENSU */ - {0x333b, 3, 3375}, /* SQUARE PEEZI */ - {0x333c, 3, 3378}, /* SQUARE BEETA */ - {0x333d, 4, 3381}, /* SQUARE POINTO */ - {0x333e, 3, 3385}, /* SQUARE BORUTO */ - {0x333f, 2, 3388}, /* SQUARE HON */ - {0x3340, 3, 3390}, /* SQUARE PONDO */ - {0x3341, 3, 3393}, /* SQUARE HOORU */ - {0x3342, 3, 3396}, /* SQUARE HOON */ - {0x3343, 4, 3399}, /* SQUARE MAIKURO */ - {0x3344, 3, 3403}, /* SQUARE MAIRU */ - {0x3345, 3, 3406}, /* SQUARE MAHHA */ - {0x3346, 3, 3409}, /* SQUARE MARUKU */ - {0x3347, 5, 3412}, /* SQUARE MANSYON */ - {0x3348, 4, 3417}, /* SQUARE MIKURON */ - {0x3349, 2, 3421}, /* SQUARE MIRI */ - {0x334a, 5, 3423}, /* SQUARE MIRIBAARU */ - {0x334b, 2, 3428}, /* SQUARE MEGA */ - {0x334c, 4, 3430}, /* SQUARE MEGATON */ - {0x334d, 4, 3252}, /* SQUARE MEETORU */ - {0x334e, 3, 3434}, /* SQUARE YAADO */ - {0x334f, 3, 3437}, /* SQUARE YAARU */ - {0x3350, 3, 3440}, /* SQUARE YUAN */ - {0x3351, 4, 3443}, /* SQUARE RITTORU */ - {0x3352, 2, 3447}, /* SQUARE RIRA */ - {0x3353, 3, 3449}, /* SQUARE RUPII */ - {0x3354, 4, 3452}, /* SQUARE RUUBURU */ - {0x3355, 2, 3456}, /* SQUARE REMU */ - {0x3356, 5, 3458}, /* SQUARE RENTOGEN */ - {0x3357, 3, 3258}, /* SQUARE WATTO */ - {0x3358, 2, 3463}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ZERO */ - {0x3359, 2, 3465}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ONE */ - {0x335a, 2, 3467}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWO */ - {0x335b, 2, 3469}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR THREE */ - {0x335c, 2, 3471}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FOUR */ - {0x335d, 2, 3473}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FIVE */ - {0x335e, 2, 3475}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SIX */ - {0x335f, 2, 3477}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SEVEN */ - {0x3360, 2, 3479}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR EIGHT */ - {0x3361, 2, 3481}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR NINE */ - {0x3362, 3, 3483}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TEN */ - {0x3363, 3, 3486}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ELEVEN */ - {0x3364, 3, 3489}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWELVE */ - {0x3365, 3, 3492}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR THIRTEEN */ - {0x3366, 3, 3495}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FOURTEEN */ - {0x3367, 3, 3498}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FIFTEEN */ - {0x3368, 3, 3501}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SIXTEEN */ - {0x3369, 3, 3504}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SEVENTEEN */ - {0x336a, 3, 3507}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR EIGHTEEN */ - {0x336b, 3, 3510}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR NINETEEN */ - {0x336c, 3, 3513}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY */ - {0x336d, 3, 3516}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-ONE */ - {0x336e, 3, 3519}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-TWO */ - {0x336f, 3, 3522}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-THREE */ - {0x3370, 3, 3525}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-FOUR */ - {0x3371, 3, 3528}, /* SQUARE HPA */ - {0x3372, 2, 3531}, /* SQUARE DA */ - {0x3373, 2, 3533}, /* SQUARE AU */ - {0x3374, 3, 3535}, /* SQUARE BAR */ - {0x3375, 2, 3538}, /* SQUARE OV */ - {0x3376, 2, 3540}, /* SQUARE PC */ - {0x3377, 2, 3542}, /* SQUARE DM */ - {0x3378, 3, 3544}, /* SQUARE DM SQUARED */ - {0x3379, 3, 3547}, /* SQUARE DM CUBED */ - {0x337a, 2, 3550}, /* SQUARE IU */ - {0x337b, 2, 3552}, /* SQUARE ERA NAME HEISEI */ - {0x337c, 2, 3554}, /* SQUARE ERA NAME SYOUWA */ - {0x337d, 2, 3556}, /* SQUARE ERA NAME TAISYOU */ - {0x337e, 2, 3558}, /* SQUARE ERA NAME MEIZI */ - {0x337f, 4, 3560}, /* SQUARE CORPORATION */ - {0x3380, 2, 3564}, /* SQUARE PA AMPS */ - {0x3381, 2, 3566}, /* SQUARE NA */ - {0x3382, 2, 3568}, /* SQUARE MU A */ - {0x3383, 2, 3570}, /* SQUARE MA */ - {0x3384, 2, 3572}, /* SQUARE KA */ - {0x3385, 2, 3574}, /* SQUARE KB */ - {0x3386, 2, 3576}, /* SQUARE MB */ - {0x3387, 2, 3578}, /* SQUARE GB */ - {0x3388, 3, 3580}, /* SQUARE CAL */ - {0x3389, 4, 3583}, /* SQUARE KCAL */ - {0x338a, 2, 3587}, /* SQUARE PF */ - {0x338b, 2, 3589}, /* SQUARE NF */ - {0x338c, 2, 3591}, /* SQUARE MU F */ - {0x338d, 2, 3593}, /* SQUARE MU G */ - {0x338e, 2, 3595}, /* SQUARE MG */ - {0x338f, 2, 3597}, /* SQUARE KG */ - {0x3390, 2, 3599}, /* SQUARE HZ */ - {0x3391, 3, 3601}, /* SQUARE KHZ */ - {0x3392, 3, 3604}, /* SQUARE MHZ */ - {0x3393, 3, 3607}, /* SQUARE GHZ */ - {0x3394, 3, 3610}, /* SQUARE THZ */ - {0x3395, 2, 3613}, /* SQUARE MU L */ - {0x3396, 2, 3615}, /* SQUARE ML */ - {0x3397, 2, 3617}, /* SQUARE DL */ - {0x3398, 2, 3619}, /* SQUARE KL */ - {0x3399, 2, 3621}, /* SQUARE FM */ - {0x339a, 2, 3623}, /* SQUARE NM */ - {0x339b, 2, 3625}, /* SQUARE MU M */ - {0x339c, 2, 3627}, /* SQUARE MM */ - {0x339d, 2, 3629}, /* SQUARE CM */ - {0x339e, 2, 3631}, /* SQUARE KM */ - {0x339f, 3, 3633}, /* SQUARE MM SQUARED */ - {0x33a0, 3, 3636}, /* SQUARE CM SQUARED */ - {0x33a1, 2, 3545}, /* SQUARE M SQUARED */ - {0x33a2, 3, 3639}, /* SQUARE KM SQUARED */ - {0x33a3, 3, 3642}, /* SQUARE MM CUBED */ - {0x33a4, 3, 3645}, /* SQUARE CM CUBED */ - {0x33a5, 2, 3548}, /* SQUARE M CUBED */ - {0x33a6, 3, 3648}, /* SQUARE KM CUBED */ - {0x33a7, 3, 3651}, /* SQUARE M OVER S */ - {0x33a8, 4, 3654}, /* SQUARE M OVER S SQUARED */ - {0x33a9, 2, 3529}, /* SQUARE PA */ - {0x33aa, 3, 3658}, /* SQUARE KPA */ - {0x33ab, 3, 3661}, /* SQUARE MPA */ - {0x33ac, 3, 3664}, /* SQUARE GPA */ - {0x33ad, 3, 3667}, /* SQUARE RAD */ - {0x33ae, 5, 3670}, /* SQUARE RAD OVER S */ - {0x33af, 6, 3675}, /* SQUARE RAD OVER S SQUARED */ - {0x33b0, 2, 3681}, /* SQUARE PS */ - {0x33b1, 2, 3683}, /* SQUARE NS */ - {0x33b2, 2, 3685}, /* SQUARE MU S */ - {0x33b3, 2, 3687}, /* SQUARE MS */ - {0x33b4, 2, 3689}, /* SQUARE PV */ - {0x33b5, 2, 3691}, /* SQUARE NV */ - {0x33b6, 2, 3693}, /* SQUARE MU V */ - {0x33b7, 2, 3695}, /* SQUARE MV */ - {0x33b8, 2, 3697}, /* SQUARE KV */ - {0x33b9, 2, 3699}, /* SQUARE MV MEGA */ - {0x33ba, 2, 3701}, /* SQUARE PW */ - {0x33bb, 2, 3703}, /* SQUARE NW */ - {0x33bc, 2, 3705}, /* SQUARE MU W */ - {0x33bd, 2, 3707}, /* SQUARE MW */ - {0x33be, 2, 3709}, /* SQUARE KW */ - {0x33bf, 2, 3711}, /* SQUARE MW MEGA */ - {0x33c0, 2, 3713}, /* SQUARE K OHM */ - {0x33c1, 2, 3715}, /* SQUARE M OHM */ - {0x33c2, 4, 3717}, /* SQUARE AM */ - {0x33c3, 2, 3721}, /* SQUARE BQ */ - {0x33c4, 2, 3723}, /* SQUARE CC */ - {0x33c5, 2, 3541}, /* SQUARE CD */ - {0x33c6, 4, 3725}, /* SQUARE C OVER KG */ - {0x33c7, 3, 3729}, /* SQUARE CO */ - {0x33c8, 2, 3732}, /* SQUARE DB */ - {0x33c9, 2, 3734}, /* SQUARE GY */ - {0x33ca, 2, 3736}, /* SQUARE HA */ - {0x33cb, 2, 3738}, /* SQUARE HP */ - {0x33cc, 2, 3740}, /* SQUARE IN */ - {0x33cd, 2, 3742}, /* SQUARE KK */ - {0x33ce, 2, 3744}, /* SQUARE KM CAPITAL */ - {0x33cf, 2, 3746}, /* SQUARE KT */ - {0x33d0, 2, 3748}, /* SQUARE LM */ - {0x33d1, 2, 3750}, /* SQUARE LN */ - {0x33d2, 3, 3752}, /* SQUARE LOG */ - {0x33d3, 2, 3755}, /* SQUARE LX */ - {0x33d4, 2, 3757}, /* SQUARE MB SMALL */ - {0x33d5, 3, 3759}, /* SQUARE MIL */ - {0x33d6, 3, 3762}, /* SQUARE MOL */ - {0x33d7, 2, 3765}, /* SQUARE PH */ - {0x33d8, 4, 3767}, /* SQUARE PM */ - {0x33d9, 3, 3771}, /* SQUARE PPM */ - {0x33da, 2, 3774}, /* SQUARE PR */ - {0x33db, 2, 3674}, /* SQUARE SR */ - {0x33dc, 2, 3776}, /* SQUARE SV */ - {0x33dd, 2, 3778}, /* SQUARE WB */ - {0x33de, 3, 3780}, /* SQUARE V OVER M */ - {0x33df, 3, 3783}, /* SQUARE A OVER M */ - {0x33e0, 2, 3786}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY ONE */ - {0x33e1, 2, 3788}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWO */ - {0x33e2, 2, 3790}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THREE */ - {0x33e3, 2, 3792}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FOUR */ - {0x33e4, 2, 3794}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FIVE */ - {0x33e5, 2, 3796}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SIX */ - {0x33e6, 2, 3798}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SEVEN */ - {0x33e7, 2, 3800}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY EIGHT */ - {0x33e8, 2, 3802}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY NINE */ - {0x33e9, 3, 3804}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TEN */ - {0x33ea, 3, 3807}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY ELEVEN */ - {0x33eb, 3, 3810}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWELVE */ - {0x33ec, 3, 3813}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTEEN */ - {0x33ed, 3, 3816}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FOURTEEN */ - {0x33ee, 3, 3819}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FIFTEEN */ - {0x33ef, 3, 3822}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SIXTEEN */ - {0x33f0, 3, 3825}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SEVENTEEN */ - {0x33f1, 3, 3828}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY EIGHTEEN */ - {0x33f2, 3, 3831}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY NINETEEN */ - {0x33f3, 3, 3834}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY */ - {0x33f4, 3, 3837}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-ONE */ - {0x33f5, 3, 3840}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-TWO */ - {0x33f6, 3, 3843}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-THREE */ - {0x33f7, 3, 3846}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-FOUR */ - {0x33f8, 3, 3849}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-FIVE */ - {0x33f9, 3, 3852}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-SIX */ - {0x33fa, 3, 3855}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-SEVEN */ - {0x33fb, 3, 3858}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-EIGHT */ - {0x33fc, 3, 3861}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-NINE */ - {0x33fd, 3, 3864}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTY */ - {0x33fe, 3, 3867}, /* IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTY-ONE */ - {0x33ff, 3, 3870}, /* SQUARE GAL */ - {0xf900, 1, 3873}, /* CJK COMPATIBILITY IDEOGRAPH-F900 */ - {0xf901, 1, 3874}, /* CJK COMPATIBILITY IDEOGRAPH-F901 */ - {0xf902, 1, 2531}, /* CJK COMPATIBILITY IDEOGRAPH-F902 */ - {0xf903, 1, 3875}, /* CJK COMPATIBILITY IDEOGRAPH-F903 */ - {0xf904, 1, 3876}, /* CJK COMPATIBILITY IDEOGRAPH-F904 */ - {0xf905, 1, 3877}, /* CJK COMPATIBILITY IDEOGRAPH-F905 */ - {0xf906, 1, 3878}, /* CJK COMPATIBILITY IDEOGRAPH-F906 */ - {0xf907, 1, 2585}, /* CJK COMPATIBILITY IDEOGRAPH-F907 */ - {0xf908, 1, 2585}, /* CJK COMPATIBILITY IDEOGRAPH-F908 */ - {0xf909, 1, 3879}, /* CJK COMPATIBILITY IDEOGRAPH-F909 */ - {0xf90a, 1, 2539}, /* CJK COMPATIBILITY IDEOGRAPH-F90A */ - {0xf90b, 1, 3880}, /* CJK COMPATIBILITY IDEOGRAPH-F90B */ - {0xf90c, 1, 3881}, /* CJK COMPATIBILITY IDEOGRAPH-F90C */ - {0xf90d, 1, 3882}, /* CJK COMPATIBILITY IDEOGRAPH-F90D */ - {0xf90e, 1, 3883}, /* CJK COMPATIBILITY IDEOGRAPH-F90E */ - {0xf90f, 1, 3884}, /* CJK COMPATIBILITY IDEOGRAPH-F90F */ - {0xf910, 1, 3885}, /* CJK COMPATIBILITY IDEOGRAPH-F910 */ - {0xf911, 1, 3886}, /* CJK COMPATIBILITY IDEOGRAPH-F911 */ - {0xf912, 1, 3887}, /* CJK COMPATIBILITY IDEOGRAPH-F912 */ - {0xf913, 1, 3888}, /* CJK COMPATIBILITY IDEOGRAPH-F913 */ - {0xf914, 1, 3889}, /* CJK COMPATIBILITY IDEOGRAPH-F914 */ - {0xf915, 1, 3890}, /* CJK COMPATIBILITY IDEOGRAPH-F915 */ - {0xf916, 1, 3891}, /* CJK COMPATIBILITY IDEOGRAPH-F916 */ - {0xf917, 1, 3892}, /* CJK COMPATIBILITY IDEOGRAPH-F917 */ - {0xf918, 1, 3893}, /* CJK COMPATIBILITY IDEOGRAPH-F918 */ - {0xf919, 1, 3894}, /* CJK COMPATIBILITY IDEOGRAPH-F919 */ - {0xf91a, 1, 3895}, /* CJK COMPATIBILITY IDEOGRAPH-F91A */ - {0xf91b, 1, 3896}, /* CJK COMPATIBILITY IDEOGRAPH-F91B */ - {0xf91c, 1, 3897}, /* CJK COMPATIBILITY IDEOGRAPH-F91C */ - {0xf91d, 1, 3898}, /* CJK COMPATIBILITY IDEOGRAPH-F91D */ - {0xf91e, 1, 3899}, /* CJK COMPATIBILITY IDEOGRAPH-F91E */ - {0xf91f, 1, 3900}, /* CJK COMPATIBILITY IDEOGRAPH-F91F */ - {0xf920, 1, 3901}, /* CJK COMPATIBILITY IDEOGRAPH-F920 */ - {0xf921, 1, 3902}, /* CJK COMPATIBILITY IDEOGRAPH-F921 */ - {0xf922, 1, 3903}, /* CJK COMPATIBILITY IDEOGRAPH-F922 */ - {0xf923, 1, 3904}, /* CJK COMPATIBILITY IDEOGRAPH-F923 */ - {0xf924, 1, 3905}, /* CJK COMPATIBILITY IDEOGRAPH-F924 */ - {0xf925, 1, 3906}, /* CJK COMPATIBILITY IDEOGRAPH-F925 */ - {0xf926, 1, 3907}, /* CJK COMPATIBILITY IDEOGRAPH-F926 */ - {0xf927, 1, 3908}, /* CJK COMPATIBILITY IDEOGRAPH-F927 */ - {0xf928, 1, 3909}, /* CJK COMPATIBILITY IDEOGRAPH-F928 */ - {0xf929, 1, 3910}, /* CJK COMPATIBILITY IDEOGRAPH-F929 */ - {0xf92a, 1, 3911}, /* CJK COMPATIBILITY IDEOGRAPH-F92A */ - {0xf92b, 1, 3912}, /* CJK COMPATIBILITY IDEOGRAPH-F92B */ - {0xf92c, 1, 3913}, /* CJK COMPATIBILITY IDEOGRAPH-F92C */ - {0xf92d, 1, 3914}, /* CJK COMPATIBILITY IDEOGRAPH-F92D */ - {0xf92e, 1, 3915}, /* CJK COMPATIBILITY IDEOGRAPH-F92E */ - {0xf92f, 1, 3916}, /* CJK COMPATIBILITY IDEOGRAPH-F92F */ - {0xf930, 1, 3917}, /* CJK COMPATIBILITY IDEOGRAPH-F930 */ - {0xf931, 1, 3918}, /* CJK COMPATIBILITY IDEOGRAPH-F931 */ - {0xf932, 1, 3919}, /* CJK COMPATIBILITY IDEOGRAPH-F932 */ - {0xf933, 1, 3920}, /* CJK COMPATIBILITY IDEOGRAPH-F933 */ - {0xf934, 1, 2497}, /* CJK COMPATIBILITY IDEOGRAPH-F934 */ - {0xf935, 1, 3921}, /* CJK COMPATIBILITY IDEOGRAPH-F935 */ - {0xf936, 1, 3922}, /* CJK COMPATIBILITY IDEOGRAPH-F936 */ - {0xf937, 1, 3923}, /* CJK COMPATIBILITY IDEOGRAPH-F937 */ - {0xf938, 1, 3924}, /* CJK COMPATIBILITY IDEOGRAPH-F938 */ - {0xf939, 1, 3925}, /* CJK COMPATIBILITY IDEOGRAPH-F939 */ - {0xf93a, 1, 3926}, /* CJK COMPATIBILITY IDEOGRAPH-F93A */ - {0xf93b, 1, 3927}, /* CJK COMPATIBILITY IDEOGRAPH-F93B */ - {0xf93c, 1, 3928}, /* CJK COMPATIBILITY IDEOGRAPH-F93C */ - {0xf93d, 1, 3929}, /* CJK COMPATIBILITY IDEOGRAPH-F93D */ - {0xf93e, 1, 3930}, /* CJK COMPATIBILITY IDEOGRAPH-F93E */ - {0xf93f, 1, 3931}, /* CJK COMPATIBILITY IDEOGRAPH-F93F */ - {0xf940, 1, 2570}, /* CJK COMPATIBILITY IDEOGRAPH-F940 */ - {0xf941, 1, 3932}, /* CJK COMPATIBILITY IDEOGRAPH-F941 */ - {0xf942, 1, 3933}, /* CJK COMPATIBILITY IDEOGRAPH-F942 */ - {0xf943, 1, 3934}, /* CJK COMPATIBILITY IDEOGRAPH-F943 */ - {0xf944, 1, 3935}, /* CJK COMPATIBILITY IDEOGRAPH-F944 */ - {0xf945, 1, 3936}, /* CJK COMPATIBILITY IDEOGRAPH-F945 */ - {0xf946, 1, 3937}, /* CJK COMPATIBILITY IDEOGRAPH-F946 */ - {0xf947, 1, 3938}, /* CJK COMPATIBILITY IDEOGRAPH-F947 */ - {0xf948, 1, 3939}, /* CJK COMPATIBILITY IDEOGRAPH-F948 */ - {0xf949, 1, 3940}, /* CJK COMPATIBILITY IDEOGRAPH-F949 */ - {0xf94a, 1, 3941}, /* CJK COMPATIBILITY IDEOGRAPH-F94A */ - {0xf94b, 1, 3942}, /* CJK COMPATIBILITY IDEOGRAPH-F94B */ - {0xf94c, 1, 3943}, /* CJK COMPATIBILITY IDEOGRAPH-F94C */ - {0xf94d, 1, 3944}, /* CJK COMPATIBILITY IDEOGRAPH-F94D */ - {0xf94e, 1, 3945}, /* CJK COMPATIBILITY IDEOGRAPH-F94E */ - {0xf94f, 1, 3946}, /* CJK COMPATIBILITY IDEOGRAPH-F94F */ - {0xf950, 1, 3947}, /* CJK COMPATIBILITY IDEOGRAPH-F950 */ - {0xf951, 1, 3948}, /* CJK COMPATIBILITY IDEOGRAPH-F951 */ - {0xf952, 1, 3949}, /* CJK COMPATIBILITY IDEOGRAPH-F952 */ - {0xf953, 1, 3950}, /* CJK COMPATIBILITY IDEOGRAPH-F953 */ - {0xf954, 1, 3951}, /* CJK COMPATIBILITY IDEOGRAPH-F954 */ - {0xf955, 1, 3952}, /* CJK COMPATIBILITY IDEOGRAPH-F955 */ - {0xf956, 1, 3953}, /* CJK COMPATIBILITY IDEOGRAPH-F956 */ - {0xf957, 1, 3954}, /* CJK COMPATIBILITY IDEOGRAPH-F957 */ - {0xf958, 1, 3955}, /* CJK COMPATIBILITY IDEOGRAPH-F958 */ - {0xf959, 1, 3956}, /* CJK COMPATIBILITY IDEOGRAPH-F959 */ - {0xf95a, 1, 3957}, /* CJK COMPATIBILITY IDEOGRAPH-F95A */ - {0xf95b, 1, 3958}, /* CJK COMPATIBILITY IDEOGRAPH-F95B */ - {0xf95c, 1, 3889}, /* CJK COMPATIBILITY IDEOGRAPH-F95C */ - {0xf95d, 1, 3959}, /* CJK COMPATIBILITY IDEOGRAPH-F95D */ - {0xf95e, 1, 3960}, /* CJK COMPATIBILITY IDEOGRAPH-F95E */ - {0xf95f, 1, 3961}, /* CJK COMPATIBILITY IDEOGRAPH-F95F */ - {0xf960, 1, 3962}, /* CJK COMPATIBILITY IDEOGRAPH-F960 */ - {0xf961, 1, 3963}, /* CJK COMPATIBILITY IDEOGRAPH-F961 */ - {0xf962, 1, 3964}, /* CJK COMPATIBILITY IDEOGRAPH-F962 */ - {0xf963, 1, 3965}, /* CJK COMPATIBILITY IDEOGRAPH-F963 */ - {0xf964, 1, 3966}, /* CJK COMPATIBILITY IDEOGRAPH-F964 */ - {0xf965, 1, 3967}, /* CJK COMPATIBILITY IDEOGRAPH-F965 */ - {0xf966, 1, 3968}, /* CJK COMPATIBILITY IDEOGRAPH-F966 */ - {0xf967, 1, 3969}, /* CJK COMPATIBILITY IDEOGRAPH-F967 */ - {0xf968, 1, 3970}, /* CJK COMPATIBILITY IDEOGRAPH-F968 */ - {0xf969, 1, 3971}, /* CJK COMPATIBILITY IDEOGRAPH-F969 */ - {0xf96a, 1, 3972}, /* CJK COMPATIBILITY IDEOGRAPH-F96A */ - {0xf96b, 1, 3973}, /* CJK COMPATIBILITY IDEOGRAPH-F96B */ - {0xf96c, 1, 3974}, /* CJK COMPATIBILITY IDEOGRAPH-F96C */ - {0xf96d, 1, 3975}, /* CJK COMPATIBILITY IDEOGRAPH-F96D */ - {0xf96e, 1, 3976}, /* CJK COMPATIBILITY IDEOGRAPH-F96E */ - {0xf96f, 1, 3977}, /* CJK COMPATIBILITY IDEOGRAPH-F96F */ - {0xf970, 1, 3978}, /* CJK COMPATIBILITY IDEOGRAPH-F970 */ - {0xf971, 1, 2533}, /* CJK COMPATIBILITY IDEOGRAPH-F971 */ - {0xf972, 1, 3979}, /* CJK COMPATIBILITY IDEOGRAPH-F972 */ - {0xf973, 1, 3980}, /* CJK COMPATIBILITY IDEOGRAPH-F973 */ - {0xf974, 1, 3981}, /* CJK COMPATIBILITY IDEOGRAPH-F974 */ - {0xf975, 1, 3982}, /* CJK COMPATIBILITY IDEOGRAPH-F975 */ - {0xf976, 1, 3983}, /* CJK COMPATIBILITY IDEOGRAPH-F976 */ - {0xf977, 1, 3984}, /* CJK COMPATIBILITY IDEOGRAPH-F977 */ - {0xf978, 1, 3985}, /* CJK COMPATIBILITY IDEOGRAPH-F978 */ - {0xf979, 1, 3986}, /* CJK COMPATIBILITY IDEOGRAPH-F979 */ - {0xf97a, 1, 3987}, /* CJK COMPATIBILITY IDEOGRAPH-F97A */ - {0xf97b, 1, 3988}, /* CJK COMPATIBILITY IDEOGRAPH-F97B */ - {0xf97c, 1, 3989}, /* CJK COMPATIBILITY IDEOGRAPH-F97C */ - {0xf97d, 1, 3990}, /* CJK COMPATIBILITY IDEOGRAPH-F97D */ - {0xf97e, 1, 3991}, /* CJK COMPATIBILITY IDEOGRAPH-F97E */ - {0xf97f, 1, 3992}, /* CJK COMPATIBILITY IDEOGRAPH-F97F */ - {0xf980, 1, 3993}, /* CJK COMPATIBILITY IDEOGRAPH-F980 */ - {0xf981, 1, 2410}, /* CJK COMPATIBILITY IDEOGRAPH-F981 */ - {0xf982, 1, 3994}, /* CJK COMPATIBILITY IDEOGRAPH-F982 */ - {0xf983, 1, 3995}, /* CJK COMPATIBILITY IDEOGRAPH-F983 */ - {0xf984, 1, 3996}, /* CJK COMPATIBILITY IDEOGRAPH-F984 */ - {0xf985, 1, 3997}, /* CJK COMPATIBILITY IDEOGRAPH-F985 */ - {0xf986, 1, 3998}, /* CJK COMPATIBILITY IDEOGRAPH-F986 */ - {0xf987, 1, 3999}, /* CJK COMPATIBILITY IDEOGRAPH-F987 */ - {0xf988, 1, 4000}, /* CJK COMPATIBILITY IDEOGRAPH-F988 */ - {0xf989, 1, 4001}, /* CJK COMPATIBILITY IDEOGRAPH-F989 */ - {0xf98a, 1, 2391}, /* CJK COMPATIBILITY IDEOGRAPH-F98A */ - {0xf98b, 1, 4002}, /* CJK COMPATIBILITY IDEOGRAPH-F98B */ - {0xf98c, 1, 4003}, /* CJK COMPATIBILITY IDEOGRAPH-F98C */ - {0xf98d, 1, 4004}, /* CJK COMPATIBILITY IDEOGRAPH-F98D */ - {0xf98e, 1, 4005}, /* CJK COMPATIBILITY IDEOGRAPH-F98E */ - {0xf98f, 1, 4006}, /* CJK COMPATIBILITY IDEOGRAPH-F98F */ - {0xf990, 1, 4007}, /* CJK COMPATIBILITY IDEOGRAPH-F990 */ - {0xf991, 1, 4008}, /* CJK COMPATIBILITY IDEOGRAPH-F991 */ - {0xf992, 1, 4009}, /* CJK COMPATIBILITY IDEOGRAPH-F992 */ - {0xf993, 1, 4010}, /* CJK COMPATIBILITY IDEOGRAPH-F993 */ - {0xf994, 1, 4011}, /* CJK COMPATIBILITY IDEOGRAPH-F994 */ - {0xf995, 1, 4012}, /* CJK COMPATIBILITY IDEOGRAPH-F995 */ - {0xf996, 1, 4013}, /* CJK COMPATIBILITY IDEOGRAPH-F996 */ - {0xf997, 1, 4014}, /* CJK COMPATIBILITY IDEOGRAPH-F997 */ - {0xf998, 1, 4015}, /* CJK COMPATIBILITY IDEOGRAPH-F998 */ - {0xf999, 1, 4016}, /* CJK COMPATIBILITY IDEOGRAPH-F999 */ - {0xf99a, 1, 4017}, /* CJK COMPATIBILITY IDEOGRAPH-F99A */ - {0xf99b, 1, 4018}, /* CJK COMPATIBILITY IDEOGRAPH-F99B */ - {0xf99c, 1, 4019}, /* CJK COMPATIBILITY IDEOGRAPH-F99C */ - {0xf99d, 1, 4020}, /* CJK COMPATIBILITY IDEOGRAPH-F99D */ - {0xf99e, 1, 4021}, /* CJK COMPATIBILITY IDEOGRAPH-F99E */ - {0xf99f, 1, 4022}, /* CJK COMPATIBILITY IDEOGRAPH-F99F */ - {0xf9a0, 1, 4023}, /* CJK COMPATIBILITY IDEOGRAPH-F9A0 */ - {0xf9a1, 1, 3977}, /* CJK COMPATIBILITY IDEOGRAPH-F9A1 */ - {0xf9a2, 1, 4024}, /* CJK COMPATIBILITY IDEOGRAPH-F9A2 */ - {0xf9a3, 1, 4025}, /* CJK COMPATIBILITY IDEOGRAPH-F9A3 */ - {0xf9a4, 1, 4026}, /* CJK COMPATIBILITY IDEOGRAPH-F9A4 */ - {0xf9a5, 1, 4027}, /* CJK COMPATIBILITY IDEOGRAPH-F9A5 */ - {0xf9a6, 1, 4028}, /* CJK COMPATIBILITY IDEOGRAPH-F9A6 */ - {0xf9a7, 1, 4029}, /* CJK COMPATIBILITY IDEOGRAPH-F9A7 */ - {0xf9a8, 1, 4030}, /* CJK COMPATIBILITY IDEOGRAPH-F9A8 */ - {0xf9a9, 1, 4031}, /* CJK COMPATIBILITY IDEOGRAPH-F9A9 */ - {0xf9aa, 1, 3961}, /* CJK COMPATIBILITY IDEOGRAPH-F9AA */ - {0xf9ab, 1, 4032}, /* CJK COMPATIBILITY IDEOGRAPH-F9AB */ - {0xf9ac, 1, 4033}, /* CJK COMPATIBILITY IDEOGRAPH-F9AC */ - {0xf9ad, 1, 4034}, /* CJK COMPATIBILITY IDEOGRAPH-F9AD */ - {0xf9ae, 1, 4035}, /* CJK COMPATIBILITY IDEOGRAPH-F9AE */ - {0xf9af, 1, 4036}, /* CJK COMPATIBILITY IDEOGRAPH-F9AF */ - {0xf9b0, 1, 4037}, /* CJK COMPATIBILITY IDEOGRAPH-F9B0 */ - {0xf9b1, 1, 4038}, /* CJK COMPATIBILITY IDEOGRAPH-F9B1 */ - {0xf9b2, 1, 4039}, /* CJK COMPATIBILITY IDEOGRAPH-F9B2 */ - {0xf9b3, 1, 4040}, /* CJK COMPATIBILITY IDEOGRAPH-F9B3 */ - {0xf9b4, 1, 4041}, /* CJK COMPATIBILITY IDEOGRAPH-F9B4 */ - {0xf9b5, 1, 4042}, /* CJK COMPATIBILITY IDEOGRAPH-F9B5 */ - {0xf9b6, 1, 4043}, /* CJK COMPATIBILITY IDEOGRAPH-F9B6 */ - {0xf9b7, 1, 4044}, /* CJK COMPATIBILITY IDEOGRAPH-F9B7 */ - {0xf9b8, 1, 4045}, /* CJK COMPATIBILITY IDEOGRAPH-F9B8 */ - {0xf9b9, 1, 4046}, /* CJK COMPATIBILITY IDEOGRAPH-F9B9 */ - {0xf9ba, 1, 4047}, /* CJK COMPATIBILITY IDEOGRAPH-F9BA */ - {0xf9bb, 1, 4048}, /* CJK COMPATIBILITY IDEOGRAPH-F9BB */ - {0xf9bc, 1, 4049}, /* CJK COMPATIBILITY IDEOGRAPH-F9BC */ - {0xf9bd, 1, 4050}, /* CJK COMPATIBILITY IDEOGRAPH-F9BD */ - {0xf9be, 1, 4051}, /* CJK COMPATIBILITY IDEOGRAPH-F9BE */ - {0xf9bf, 1, 3889}, /* CJK COMPATIBILITY IDEOGRAPH-F9BF */ - {0xf9c0, 1, 4052}, /* CJK COMPATIBILITY IDEOGRAPH-F9C0 */ - {0xf9c1, 1, 4053}, /* CJK COMPATIBILITY IDEOGRAPH-F9C1 */ - {0xf9c2, 1, 4054}, /* CJK COMPATIBILITY IDEOGRAPH-F9C2 */ - {0xf9c3, 1, 4055}, /* CJK COMPATIBILITY IDEOGRAPH-F9C3 */ - {0xf9c4, 1, 2584}, /* CJK COMPATIBILITY IDEOGRAPH-F9C4 */ - {0xf9c5, 1, 4056}, /* CJK COMPATIBILITY IDEOGRAPH-F9C5 */ - {0xf9c6, 1, 4057}, /* CJK COMPATIBILITY IDEOGRAPH-F9C6 */ - {0xf9c7, 1, 4058}, /* CJK COMPATIBILITY IDEOGRAPH-F9C7 */ - {0xf9c8, 1, 4059}, /* CJK COMPATIBILITY IDEOGRAPH-F9C8 */ - {0xf9c9, 1, 4060}, /* CJK COMPATIBILITY IDEOGRAPH-F9C9 */ - {0xf9ca, 1, 4061}, /* CJK COMPATIBILITY IDEOGRAPH-F9CA */ - {0xf9cb, 1, 4062}, /* CJK COMPATIBILITY IDEOGRAPH-F9CB */ - {0xf9cc, 1, 4063}, /* CJK COMPATIBILITY IDEOGRAPH-F9CC */ - {0xf9cd, 1, 4064}, /* CJK COMPATIBILITY IDEOGRAPH-F9CD */ - {0xf9ce, 1, 4065}, /* CJK COMPATIBILITY IDEOGRAPH-F9CE */ - {0xf9cf, 1, 4066}, /* CJK COMPATIBILITY IDEOGRAPH-F9CF */ - {0xf9d0, 1, 4067}, /* CJK COMPATIBILITY IDEOGRAPH-F9D0 */ - {0xf9d1, 1, 2950}, /* CJK COMPATIBILITY IDEOGRAPH-F9D1 */ - {0xf9d2, 1, 4068}, /* CJK COMPATIBILITY IDEOGRAPH-F9D2 */ - {0xf9d3, 1, 4069}, /* CJK COMPATIBILITY IDEOGRAPH-F9D3 */ - {0xf9d4, 1, 4070}, /* CJK COMPATIBILITY IDEOGRAPH-F9D4 */ - {0xf9d5, 1, 4071}, /* CJK COMPATIBILITY IDEOGRAPH-F9D5 */ - {0xf9d6, 1, 4072}, /* CJK COMPATIBILITY IDEOGRAPH-F9D6 */ - {0xf9d7, 1, 4073}, /* CJK COMPATIBILITY IDEOGRAPH-F9D7 */ - {0xf9d8, 1, 4074}, /* CJK COMPATIBILITY IDEOGRAPH-F9D8 */ - {0xf9d9, 1, 4075}, /* CJK COMPATIBILITY IDEOGRAPH-F9D9 */ - {0xf9da, 1, 4076}, /* CJK COMPATIBILITY IDEOGRAPH-F9DA */ - {0xf9db, 1, 3963}, /* CJK COMPATIBILITY IDEOGRAPH-F9DB */ - {0xf9dc, 1, 4077}, /* CJK COMPATIBILITY IDEOGRAPH-F9DC */ - {0xf9dd, 1, 4078}, /* CJK COMPATIBILITY IDEOGRAPH-F9DD */ - {0xf9de, 1, 4079}, /* CJK COMPATIBILITY IDEOGRAPH-F9DE */ - {0xf9df, 1, 4080}, /* CJK COMPATIBILITY IDEOGRAPH-F9DF */ - {0xf9e0, 1, 4081}, /* CJK COMPATIBILITY IDEOGRAPH-F9E0 */ - {0xf9e1, 1, 4082}, /* CJK COMPATIBILITY IDEOGRAPH-F9E1 */ - {0xf9e2, 1, 4083}, /* CJK COMPATIBILITY IDEOGRAPH-F9E2 */ - {0xf9e3, 1, 4084}, /* CJK COMPATIBILITY IDEOGRAPH-F9E3 */ - {0xf9e4, 1, 4085}, /* CJK COMPATIBILITY IDEOGRAPH-F9E4 */ - {0xf9e5, 1, 4086}, /* CJK COMPATIBILITY IDEOGRAPH-F9E5 */ - {0xf9e6, 1, 4087}, /* CJK COMPATIBILITY IDEOGRAPH-F9E6 */ - {0xf9e7, 1, 4088}, /* CJK COMPATIBILITY IDEOGRAPH-F9E7 */ - {0xf9e8, 1, 4089}, /* CJK COMPATIBILITY IDEOGRAPH-F9E8 */ - {0xf9e9, 1, 2538}, /* CJK COMPATIBILITY IDEOGRAPH-F9E9 */ - {0xf9ea, 1, 4090}, /* CJK COMPATIBILITY IDEOGRAPH-F9EA */ - {0xf9eb, 1, 4091}, /* CJK COMPATIBILITY IDEOGRAPH-F9EB */ - {0xf9ec, 1, 4092}, /* CJK COMPATIBILITY IDEOGRAPH-F9EC */ - {0xf9ed, 1, 4093}, /* CJK COMPATIBILITY IDEOGRAPH-F9ED */ - {0xf9ee, 1, 4094}, /* CJK COMPATIBILITY IDEOGRAPH-F9EE */ - {0xf9ef, 1, 4095}, /* CJK COMPATIBILITY IDEOGRAPH-F9EF */ - {0xf9f0, 1, 4096}, /* CJK COMPATIBILITY IDEOGRAPH-F9F0 */ - {0xf9f1, 1, 4097}, /* CJK COMPATIBILITY IDEOGRAPH-F9F1 */ - {0xf9f2, 1, 4098}, /* CJK COMPATIBILITY IDEOGRAPH-F9F2 */ - {0xf9f3, 1, 4099}, /* CJK COMPATIBILITY IDEOGRAPH-F9F3 */ - {0xf9f4, 1, 4100}, /* CJK COMPATIBILITY IDEOGRAPH-F9F4 */ - {0xf9f5, 1, 4101}, /* CJK COMPATIBILITY IDEOGRAPH-F9F5 */ - {0xf9f6, 1, 4102}, /* CJK COMPATIBILITY IDEOGRAPH-F9F6 */ - {0xf9f7, 1, 2489}, /* CJK COMPATIBILITY IDEOGRAPH-F9F7 */ - {0xf9f8, 1, 4103}, /* CJK COMPATIBILITY IDEOGRAPH-F9F8 */ - {0xf9f9, 1, 4104}, /* CJK COMPATIBILITY IDEOGRAPH-F9F9 */ - {0xf9fa, 1, 4105}, /* CJK COMPATIBILITY IDEOGRAPH-F9FA */ - {0xf9fb, 1, 4106}, /* CJK COMPATIBILITY IDEOGRAPH-F9FB */ - {0xf9fc, 1, 4107}, /* CJK COMPATIBILITY IDEOGRAPH-F9FC */ - {0xf9fd, 1, 4108}, /* CJK COMPATIBILITY IDEOGRAPH-F9FD */ - {0xf9fe, 1, 4109}, /* CJK COMPATIBILITY IDEOGRAPH-F9FE */ - {0xf9ff, 1, 4110}, /* CJK COMPATIBILITY IDEOGRAPH-F9FF */ - {0xfa00, 1, 4111}, /* CJK COMPATIBILITY IDEOGRAPH-FA00 */ - {0xfa01, 1, 4112}, /* CJK COMPATIBILITY IDEOGRAPH-FA01 */ - {0xfa02, 1, 4113}, /* CJK COMPATIBILITY IDEOGRAPH-FA02 */ - {0xfa03, 1, 4114}, /* CJK COMPATIBILITY IDEOGRAPH-FA03 */ - {0xfa04, 1, 4115}, /* CJK COMPATIBILITY IDEOGRAPH-FA04 */ - {0xfa05, 1, 4116}, /* CJK COMPATIBILITY IDEOGRAPH-FA05 */ - {0xfa06, 1, 4117}, /* CJK COMPATIBILITY IDEOGRAPH-FA06 */ - {0xfa07, 1, 4118}, /* CJK COMPATIBILITY IDEOGRAPH-FA07 */ - {0xfa08, 1, 2516}, /* CJK COMPATIBILITY IDEOGRAPH-FA08 */ - {0xfa09, 1, 4119}, /* CJK COMPATIBILITY IDEOGRAPH-FA09 */ - {0xfa0a, 1, 2519}, /* CJK COMPATIBILITY IDEOGRAPH-FA0A */ - {0xfa0b, 1, 4120}, /* CJK COMPATIBILITY IDEOGRAPH-FA0B */ - {0xfa0c, 1, 4121}, /* CJK COMPATIBILITY IDEOGRAPH-FA0C */ - {0xfa0d, 1, 4122}, /* CJK COMPATIBILITY IDEOGRAPH-FA0D */ - {0xfa10, 1, 4123}, /* CJK COMPATIBILITY IDEOGRAPH-FA10 */ - {0xfa12, 1, 4124}, /* CJK COMPATIBILITY IDEOGRAPH-FA12 */ - {0xfa15, 1, 4125}, /* CJK COMPATIBILITY IDEOGRAPH-FA15 */ - {0xfa16, 1, 4126}, /* CJK COMPATIBILITY IDEOGRAPH-FA16 */ - {0xfa17, 1, 4127}, /* CJK COMPATIBILITY IDEOGRAPH-FA17 */ - {0xfa18, 1, 4128}, /* CJK COMPATIBILITY IDEOGRAPH-FA18 */ - {0xfa19, 1, 4129}, /* CJK COMPATIBILITY IDEOGRAPH-FA19 */ - {0xfa1a, 1, 4130}, /* CJK COMPATIBILITY IDEOGRAPH-FA1A */ - {0xfa1b, 1, 4131}, /* CJK COMPATIBILITY IDEOGRAPH-FA1B */ - {0xfa1c, 1, 4132}, /* CJK COMPATIBILITY IDEOGRAPH-FA1C */ - {0xfa1d, 1, 4133}, /* CJK COMPATIBILITY IDEOGRAPH-FA1D */ - {0xfa1e, 1, 2496}, /* CJK COMPATIBILITY IDEOGRAPH-FA1E */ - {0xfa20, 1, 4134}, /* CJK COMPATIBILITY IDEOGRAPH-FA20 */ - {0xfa22, 1, 4135}, /* CJK COMPATIBILITY IDEOGRAPH-FA22 */ - {0xfa25, 1, 4136}, /* CJK COMPATIBILITY IDEOGRAPH-FA25 */ - {0xfa26, 1, 4137}, /* CJK COMPATIBILITY IDEOGRAPH-FA26 */ - {0xfa2a, 1, 4138}, /* CJK COMPATIBILITY IDEOGRAPH-FA2A */ - {0xfa2b, 1, 4139}, /* CJK COMPATIBILITY IDEOGRAPH-FA2B */ - {0xfa2c, 1, 4140}, /* CJK COMPATIBILITY IDEOGRAPH-FA2C */ - {0xfa2d, 1, 4141}, /* CJK COMPATIBILITY IDEOGRAPH-FA2D */ - {0xfa30, 1, 4142}, /* CJK COMPATIBILITY IDEOGRAPH-FA30 */ - {0xfa31, 1, 4143}, /* CJK COMPATIBILITY IDEOGRAPH-FA31 */ - {0xfa32, 1, 4144}, /* CJK COMPATIBILITY IDEOGRAPH-FA32 */ - {0xfa33, 1, 4145}, /* CJK COMPATIBILITY IDEOGRAPH-FA33 */ - {0xfa34, 1, 4146}, /* CJK COMPATIBILITY IDEOGRAPH-FA34 */ - {0xfa35, 1, 4147}, /* CJK COMPATIBILITY IDEOGRAPH-FA35 */ - {0xfa36, 1, 4148}, /* CJK COMPATIBILITY IDEOGRAPH-FA36 */ - {0xfa37, 1, 4149}, /* CJK COMPATIBILITY IDEOGRAPH-FA37 */ - {0xfa38, 1, 4150}, /* CJK COMPATIBILITY IDEOGRAPH-FA38 */ - {0xfa39, 1, 4151}, /* CJK COMPATIBILITY IDEOGRAPH-FA39 */ - {0xfa3a, 1, 4152}, /* CJK COMPATIBILITY IDEOGRAPH-FA3A */ - {0xfa3b, 1, 4153}, /* CJK COMPATIBILITY IDEOGRAPH-FA3B */ - {0xfa3c, 1, 2417}, /* CJK COMPATIBILITY IDEOGRAPH-FA3C */ - {0xfa3d, 1, 4154}, /* CJK COMPATIBILITY IDEOGRAPH-FA3D */ - {0xfa3e, 1, 4155}, /* CJK COMPATIBILITY IDEOGRAPH-FA3E */ - {0xfa3f, 1, 4156}, /* CJK COMPATIBILITY IDEOGRAPH-FA3F */ - {0xfa40, 1, 4157}, /* CJK COMPATIBILITY IDEOGRAPH-FA40 */ - {0xfa41, 1, 4158}, /* CJK COMPATIBILITY IDEOGRAPH-FA41 */ - {0xfa42, 1, 4159}, /* CJK COMPATIBILITY IDEOGRAPH-FA42 */ - {0xfa43, 1, 4160}, /* CJK COMPATIBILITY IDEOGRAPH-FA43 */ - {0xfa44, 1, 4161}, /* CJK COMPATIBILITY IDEOGRAPH-FA44 */ - {0xfa45, 1, 4162}, /* CJK COMPATIBILITY IDEOGRAPH-FA45 */ - {0xfa46, 1, 4163}, /* CJK COMPATIBILITY IDEOGRAPH-FA46 */ - {0xfa47, 1, 4164}, /* CJK COMPATIBILITY IDEOGRAPH-FA47 */ - {0xfa48, 1, 4165}, /* CJK COMPATIBILITY IDEOGRAPH-FA48 */ - {0xfa49, 1, 4166}, /* CJK COMPATIBILITY IDEOGRAPH-FA49 */ - {0xfa4a, 1, 4167}, /* CJK COMPATIBILITY IDEOGRAPH-FA4A */ - {0xfa4b, 1, 4168}, /* CJK COMPATIBILITY IDEOGRAPH-FA4B */ - {0xfa4c, 1, 2992}, /* CJK COMPATIBILITY IDEOGRAPH-FA4C */ - {0xfa4d, 1, 4169}, /* CJK COMPATIBILITY IDEOGRAPH-FA4D */ - {0xfa4e, 1, 4170}, /* CJK COMPATIBILITY IDEOGRAPH-FA4E */ - {0xfa4f, 1, 4171}, /* CJK COMPATIBILITY IDEOGRAPH-FA4F */ - {0xfa50, 1, 4172}, /* CJK COMPATIBILITY IDEOGRAPH-FA50 */ - {0xfa51, 1, 3004}, /* CJK COMPATIBILITY IDEOGRAPH-FA51 */ - {0xfa52, 1, 4173}, /* CJK COMPATIBILITY IDEOGRAPH-FA52 */ - {0xfa53, 1, 4174}, /* CJK COMPATIBILITY IDEOGRAPH-FA53 */ - {0xfa54, 1, 4175}, /* CJK COMPATIBILITY IDEOGRAPH-FA54 */ - {0xfa55, 1, 4176}, /* CJK COMPATIBILITY IDEOGRAPH-FA55 */ - {0xfa56, 1, 4177}, /* CJK COMPATIBILITY IDEOGRAPH-FA56 */ - {0xfa57, 1, 4013}, /* CJK COMPATIBILITY IDEOGRAPH-FA57 */ - {0xfa58, 1, 4178}, /* CJK COMPATIBILITY IDEOGRAPH-FA58 */ - {0xfa59, 1, 4179}, /* CJK COMPATIBILITY IDEOGRAPH-FA59 */ - {0xfa5a, 1, 4180}, /* CJK COMPATIBILITY IDEOGRAPH-FA5A */ - {0xfa5b, 1, 4181}, /* CJK COMPATIBILITY IDEOGRAPH-FA5B */ - {0xfa5c, 1, 4182}, /* CJK COMPATIBILITY IDEOGRAPH-FA5C */ - {0xfa5d, 1, 4183}, /* CJK COMPATIBILITY IDEOGRAPH-FA5D */ - {0xfa5e, 1, 4183}, /* CJK COMPATIBILITY IDEOGRAPH-FA5E */ - {0xfa5f, 1, 4184}, /* CJK COMPATIBILITY IDEOGRAPH-FA5F */ - {0xfa60, 1, 4185}, /* CJK COMPATIBILITY IDEOGRAPH-FA60 */ - {0xfa61, 1, 4186}, /* CJK COMPATIBILITY IDEOGRAPH-FA61 */ - {0xfa62, 1, 4187}, /* CJK COMPATIBILITY IDEOGRAPH-FA62 */ - {0xfa63, 1, 4188}, /* CJK COMPATIBILITY IDEOGRAPH-FA63 */ - {0xfa64, 1, 4189}, /* CJK COMPATIBILITY IDEOGRAPH-FA64 */ - {0xfa65, 1, 4190}, /* CJK COMPATIBILITY IDEOGRAPH-FA65 */ - {0xfa66, 1, 4191}, /* CJK COMPATIBILITY IDEOGRAPH-FA66 */ - {0xfa67, 1, 4136}, /* CJK COMPATIBILITY IDEOGRAPH-FA67 */ - {0xfa68, 1, 4192}, /* CJK COMPATIBILITY IDEOGRAPH-FA68 */ - {0xfa69, 1, 4193}, /* CJK COMPATIBILITY IDEOGRAPH-FA69 */ - {0xfa6a, 1, 4194}, /* CJK COMPATIBILITY IDEOGRAPH-FA6A */ - {0xfb00, 2, 4195}, /* LATIN SMALL LIGATURE FF */ - {0xfb01, 2, 4197}, /* LATIN SMALL LIGATURE FI */ - {0xfb02, 2, 4199}, /* LATIN SMALL LIGATURE FL */ - {0xfb03, 3, 4196}, /* LATIN SMALL LIGATURE FFI */ - {0xfb04, 3, 4201}, /* LATIN SMALL LIGATURE FFL */ - {0xfb05, 2, 4204}, /* LATIN SMALL LIGATURE LONG S T */ - {0xfb06, 2, 4206}, /* LATIN SMALL LIGATURE ST */ - {0xfb13, 2, 4208}, /* ARMENIAN SMALL LIGATURE MEN NOW */ - {0xfb14, 2, 4210}, /* ARMENIAN SMALL LIGATURE MEN ECH */ - {0xfb15, 2, 4212}, /* ARMENIAN SMALL LIGATURE MEN INI */ - {0xfb16, 2, 4214}, /* ARMENIAN SMALL LIGATURE VEW NOW */ - {0xfb17, 2, 4216}, /* ARMENIAN SMALL LIGATURE MEN XEH */ - {0xfb1d, 2, 4218}, /* HEBREW LETTER YOD WITH HIRIQ */ - {0xfb1f, 2, 4220}, /* HEBREW LIGATURE YIDDISH YOD YOD PATAH */ - {0xfb20, 1, 4222}, /* HEBREW LETTER ALTERNATIVE AYIN */ - {0xfb21, 1, 1950}, /* HEBREW LETTER WIDE ALEF */ - {0xfb22, 1, 1953}, /* HEBREW LETTER WIDE DALET */ - {0xfb23, 1, 4223}, /* HEBREW LETTER WIDE HE */ - {0xfb24, 1, 4224}, /* HEBREW LETTER WIDE KAF */ - {0xfb25, 1, 4225}, /* HEBREW LETTER WIDE LAMED */ - {0xfb26, 1, 4226}, /* HEBREW LETTER WIDE FINAL MEM */ - {0xfb27, 1, 4227}, /* HEBREW LETTER WIDE RESH */ - {0xfb28, 1, 4228}, /* HEBREW LETTER WIDE TAV */ - {0xfb29, 1, 1915}, /* HEBREW LETTER ALTERNATIVE PLUS SIGN */ - {0xfb2a, 2, 4229}, /* HEBREW LETTER SHIN WITH SHIN DOT */ - {0xfb2b, 2, 4231}, /* HEBREW LETTER SHIN WITH SIN DOT */ - {0xfb2c, 2, 4233}, /* HEBREW LETTER SHIN WITH DAGESH AND SHIN DOT */ - {0xfb2d, 2, 4235}, /* HEBREW LETTER SHIN WITH DAGESH AND SIN DOT */ - {0xfb2e, 2, 4237}, /* HEBREW LETTER ALEF WITH PATAH */ - {0xfb2f, 2, 4239}, /* HEBREW LETTER ALEF WITH QAMATS */ - {0xfb30, 2, 4241}, /* HEBREW LETTER ALEF WITH MAPIQ */ - {0xfb31, 2, 4243}, /* HEBREW LETTER BET WITH DAGESH */ - {0xfb32, 2, 4245}, /* HEBREW LETTER GIMEL WITH DAGESH */ - {0xfb33, 2, 4247}, /* HEBREW LETTER DALET WITH DAGESH */ - {0xfb34, 2, 4249}, /* HEBREW LETTER HE WITH MAPIQ */ - {0xfb35, 2, 4251}, /* HEBREW LETTER VAV WITH DAGESH */ - {0xfb36, 2, 4253}, /* HEBREW LETTER ZAYIN WITH DAGESH */ - {0xfb38, 2, 4255}, /* HEBREW LETTER TET WITH DAGESH */ - {0xfb39, 2, 4257}, /* HEBREW LETTER YOD WITH DAGESH */ - {0xfb3a, 2, 4259}, /* HEBREW LETTER FINAL KAF WITH DAGESH */ - {0xfb3b, 2, 4261}, /* HEBREW LETTER KAF WITH DAGESH */ - {0xfb3c, 2, 4263}, /* HEBREW LETTER LAMED WITH DAGESH */ - {0xfb3e, 2, 4265}, /* HEBREW LETTER MEM WITH DAGESH */ - {0xfb40, 2, 4267}, /* HEBREW LETTER NUN WITH DAGESH */ - {0xfb41, 2, 4269}, /* HEBREW LETTER SAMEKH WITH DAGESH */ - {0xfb43, 2, 4271}, /* HEBREW LETTER FINAL PE WITH DAGESH */ - {0xfb44, 2, 4273}, /* HEBREW LETTER PE WITH DAGESH */ - {0xfb46, 2, 4275}, /* HEBREW LETTER TSADI WITH DAGESH */ - {0xfb47, 2, 4277}, /* HEBREW LETTER QOF WITH DAGESH */ - {0xfb48, 2, 4279}, /* HEBREW LETTER RESH WITH DAGESH */ - {0xfb49, 2, 4281}, /* HEBREW LETTER SHIN WITH DAGESH */ - {0xfb4a, 2, 4283}, /* HEBREW LETTER TAV WITH DAGESH */ - {0xfb4b, 2, 4285}, /* HEBREW LETTER VAV WITH HOLAM */ - {0xfb4c, 2, 4287}, /* HEBREW LETTER BET WITH RAFE */ - {0xfb4d, 2, 4289}, /* HEBREW LETTER KAF WITH RAFE */ - {0xfb4e, 2, 4291}, /* HEBREW LETTER PE WITH RAFE */ - {0xfb4f, 2, 4293}, /* HEBREW LIGATURE ALEF LAMED */ - {0xfb50, 1, 4295}, /* ARABIC LETTER ALEF WASLA ISOLATED FORM */ - {0xfb51, 1, 4295}, /* ARABIC LETTER ALEF WASLA FINAL FORM */ - {0xfb52, 1, 4296}, /* ARABIC LETTER BEEH ISOLATED FORM */ - {0xfb53, 1, 4296}, /* ARABIC LETTER BEEH FINAL FORM */ - {0xfb54, 1, 4296}, /* ARABIC LETTER BEEH INITIAL FORM */ - {0xfb55, 1, 4296}, /* ARABIC LETTER BEEH MEDIAL FORM */ - {0xfb56, 1, 4297}, /* ARABIC LETTER PEH ISOLATED FORM */ - {0xfb57, 1, 4297}, /* ARABIC LETTER PEH FINAL FORM */ - {0xfb58, 1, 4297}, /* ARABIC LETTER PEH INITIAL FORM */ - {0xfb59, 1, 4297}, /* ARABIC LETTER PEH MEDIAL FORM */ - {0xfb5a, 1, 4298}, /* ARABIC LETTER BEHEH ISOLATED FORM */ - {0xfb5b, 1, 4298}, /* ARABIC LETTER BEHEH FINAL FORM */ - {0xfb5c, 1, 4298}, /* ARABIC LETTER BEHEH INITIAL FORM */ - {0xfb5d, 1, 4298}, /* ARABIC LETTER BEHEH MEDIAL FORM */ - {0xfb5e, 1, 4299}, /* ARABIC LETTER TTEHEH ISOLATED FORM */ - {0xfb5f, 1, 4299}, /* ARABIC LETTER TTEHEH FINAL FORM */ - {0xfb60, 1, 4299}, /* ARABIC LETTER TTEHEH INITIAL FORM */ - {0xfb61, 1, 4299}, /* ARABIC LETTER TTEHEH MEDIAL FORM */ - {0xfb62, 1, 4300}, /* ARABIC LETTER TEHEH ISOLATED FORM */ - {0xfb63, 1, 4300}, /* ARABIC LETTER TEHEH FINAL FORM */ - {0xfb64, 1, 4300}, /* ARABIC LETTER TEHEH INITIAL FORM */ - {0xfb65, 1, 4300}, /* ARABIC LETTER TEHEH MEDIAL FORM */ - {0xfb66, 1, 4301}, /* ARABIC LETTER TTEH ISOLATED FORM */ - {0xfb67, 1, 4301}, /* ARABIC LETTER TTEH FINAL FORM */ - {0xfb68, 1, 4301}, /* ARABIC LETTER TTEH INITIAL FORM */ - {0xfb69, 1, 4301}, /* ARABIC LETTER TTEH MEDIAL FORM */ - {0xfb6a, 1, 4302}, /* ARABIC LETTER VEH ISOLATED FORM */ - {0xfb6b, 1, 4302}, /* ARABIC LETTER VEH FINAL FORM */ - {0xfb6c, 1, 4302}, /* ARABIC LETTER VEH INITIAL FORM */ - {0xfb6d, 1, 4302}, /* ARABIC LETTER VEH MEDIAL FORM */ - {0xfb6e, 1, 4303}, /* ARABIC LETTER PEHEH ISOLATED FORM */ - {0xfb6f, 1, 4303}, /* ARABIC LETTER PEHEH FINAL FORM */ - {0xfb70, 1, 4303}, /* ARABIC LETTER PEHEH INITIAL FORM */ - {0xfb71, 1, 4303}, /* ARABIC LETTER PEHEH MEDIAL FORM */ - {0xfb72, 1, 4304}, /* ARABIC LETTER DYEH ISOLATED FORM */ - {0xfb73, 1, 4304}, /* ARABIC LETTER DYEH FINAL FORM */ - {0xfb74, 1, 4304}, /* ARABIC LETTER DYEH INITIAL FORM */ - {0xfb75, 1, 4304}, /* ARABIC LETTER DYEH MEDIAL FORM */ - {0xfb76, 1, 4305}, /* ARABIC LETTER NYEH ISOLATED FORM */ - {0xfb77, 1, 4305}, /* ARABIC LETTER NYEH FINAL FORM */ - {0xfb78, 1, 4305}, /* ARABIC LETTER NYEH INITIAL FORM */ - {0xfb79, 1, 4305}, /* ARABIC LETTER NYEH MEDIAL FORM */ - {0xfb7a, 1, 4306}, /* ARABIC LETTER TCHEH ISOLATED FORM */ - {0xfb7b, 1, 4306}, /* ARABIC LETTER TCHEH FINAL FORM */ - {0xfb7c, 1, 4306}, /* ARABIC LETTER TCHEH INITIAL FORM */ - {0xfb7d, 1, 4306}, /* ARABIC LETTER TCHEH MEDIAL FORM */ - {0xfb7e, 1, 4307}, /* ARABIC LETTER TCHEHEH ISOLATED FORM */ - {0xfb7f, 1, 4307}, /* ARABIC LETTER TCHEHEH FINAL FORM */ - {0xfb80, 1, 4307}, /* ARABIC LETTER TCHEHEH INITIAL FORM */ - {0xfb81, 1, 4307}, /* ARABIC LETTER TCHEHEH MEDIAL FORM */ - {0xfb82, 1, 4308}, /* ARABIC LETTER DDAHAL ISOLATED FORM */ - {0xfb83, 1, 4308}, /* ARABIC LETTER DDAHAL FINAL FORM */ - {0xfb84, 1, 4309}, /* ARABIC LETTER DAHAL ISOLATED FORM */ - {0xfb85, 1, 4309}, /* ARABIC LETTER DAHAL FINAL FORM */ - {0xfb86, 1, 4310}, /* ARABIC LETTER DUL ISOLATED FORM */ - {0xfb87, 1, 4310}, /* ARABIC LETTER DUL FINAL FORM */ - {0xfb88, 1, 4311}, /* ARABIC LETTER DDAL ISOLATED FORM */ - {0xfb89, 1, 4311}, /* ARABIC LETTER DDAL FINAL FORM */ - {0xfb8a, 1, 4312}, /* ARABIC LETTER JEH ISOLATED FORM */ - {0xfb8b, 1, 4312}, /* ARABIC LETTER JEH FINAL FORM */ - {0xfb8c, 1, 4313}, /* ARABIC LETTER RREH ISOLATED FORM */ - {0xfb8d, 1, 4313}, /* ARABIC LETTER RREH FINAL FORM */ - {0xfb8e, 1, 4314}, /* ARABIC LETTER KEHEH ISOLATED FORM */ - {0xfb8f, 1, 4314}, /* ARABIC LETTER KEHEH FINAL FORM */ - {0xfb90, 1, 4314}, /* ARABIC LETTER KEHEH INITIAL FORM */ - {0xfb91, 1, 4314}, /* ARABIC LETTER KEHEH MEDIAL FORM */ - {0xfb92, 1, 4315}, /* ARABIC LETTER GAF ISOLATED FORM */ - {0xfb93, 1, 4315}, /* ARABIC LETTER GAF FINAL FORM */ - {0xfb94, 1, 4315}, /* ARABIC LETTER GAF INITIAL FORM */ - {0xfb95, 1, 4315}, /* ARABIC LETTER GAF MEDIAL FORM */ - {0xfb96, 1, 4316}, /* ARABIC LETTER GUEH ISOLATED FORM */ - {0xfb97, 1, 4316}, /* ARABIC LETTER GUEH FINAL FORM */ - {0xfb98, 1, 4316}, /* ARABIC LETTER GUEH INITIAL FORM */ - {0xfb99, 1, 4316}, /* ARABIC LETTER GUEH MEDIAL FORM */ - {0xfb9a, 1, 4317}, /* ARABIC LETTER NGOEH ISOLATED FORM */ - {0xfb9b, 1, 4317}, /* ARABIC LETTER NGOEH FINAL FORM */ - {0xfb9c, 1, 4317}, /* ARABIC LETTER NGOEH INITIAL FORM */ - {0xfb9d, 1, 4317}, /* ARABIC LETTER NGOEH MEDIAL FORM */ - {0xfb9e, 1, 4318}, /* ARABIC LETTER NOON GHUNNA ISOLATED FORM */ - {0xfb9f, 1, 4318}, /* ARABIC LETTER NOON GHUNNA FINAL FORM */ - {0xfba0, 1, 4319}, /* ARABIC LETTER RNOON ISOLATED FORM */ - {0xfba1, 1, 4319}, /* ARABIC LETTER RNOON FINAL FORM */ - {0xfba2, 1, 4319}, /* ARABIC LETTER RNOON INITIAL FORM */ - {0xfba3, 1, 4319}, /* ARABIC LETTER RNOON MEDIAL FORM */ - {0xfba4, 1, 4320}, /* ARABIC LETTER HEH WITH YEH ABOVE ISOLATED FORM */ - {0xfba5, 1, 4320}, /* ARABIC LETTER HEH WITH YEH ABOVE FINAL FORM */ - {0xfba6, 1, 769}, /* ARABIC LETTER HEH GOAL ISOLATED FORM */ - {0xfba7, 1, 769}, /* ARABIC LETTER HEH GOAL FINAL FORM */ - {0xfba8, 1, 769}, /* ARABIC LETTER HEH GOAL INITIAL FORM */ - {0xfba9, 1, 769}, /* ARABIC LETTER HEH GOAL MEDIAL FORM */ - {0xfbaa, 1, 4321}, /* ARABIC LETTER HEH DOACHASHMEE ISOLATED FORM */ - {0xfbab, 1, 4321}, /* ARABIC LETTER HEH DOACHASHMEE FINAL FORM */ - {0xfbac, 1, 4321}, /* ARABIC LETTER HEH DOACHASHMEE INITIAL FORM */ - {0xfbad, 1, 4321}, /* ARABIC LETTER HEH DOACHASHMEE MEDIAL FORM */ - {0xfbae, 1, 771}, /* ARABIC LETTER YEH BARREE ISOLATED FORM */ - {0xfbaf, 1, 771}, /* ARABIC LETTER YEH BARREE FINAL FORM */ - {0xfbb0, 1, 4322}, /* ARABIC LETTER YEH BARREE WITH HAMZA ABOVE ISOLATED FORM */ - {0xfbb1, 1, 4322}, /* ARABIC LETTER YEH BARREE WITH HAMZA ABOVE FINAL FORM */ - {0xfbd3, 1, 4323}, /* ARABIC LETTER NG ISOLATED FORM */ - {0xfbd4, 1, 4323}, /* ARABIC LETTER NG FINAL FORM */ - {0xfbd5, 1, 4323}, /* ARABIC LETTER NG INITIAL FORM */ - {0xfbd6, 1, 4323}, /* ARABIC LETTER NG MEDIAL FORM */ - {0xfbd7, 1, 763}, /* ARABIC LETTER U ISOLATED FORM */ - {0xfbd8, 1, 763}, /* ARABIC LETTER U FINAL FORM */ - {0xfbd9, 1, 4324}, /* ARABIC LETTER OE ISOLATED FORM */ - {0xfbda, 1, 4324}, /* ARABIC LETTER OE FINAL FORM */ - {0xfbdb, 1, 4325}, /* ARABIC LETTER YU ISOLATED FORM */ - {0xfbdc, 1, 4325}, /* ARABIC LETTER YU FINAL FORM */ - {0xfbdd, 1, 4326}, /* ARABIC LETTER U WITH HAMZA ABOVE ISOLATED FORM */ - {0xfbde, 1, 4327}, /* ARABIC LETTER VE ISOLATED FORM */ - {0xfbdf, 1, 4327}, /* ARABIC LETTER VE FINAL FORM */ - {0xfbe0, 1, 4328}, /* ARABIC LETTER KIRGHIZ OE ISOLATED FORM */ - {0xfbe1, 1, 4328}, /* ARABIC LETTER KIRGHIZ OE FINAL FORM */ - {0xfbe2, 1, 4329}, /* ARABIC LETTER KIRGHIZ YU ISOLATED FORM */ - {0xfbe3, 1, 4329}, /* ARABIC LETTER KIRGHIZ YU FINAL FORM */ - {0xfbe4, 1, 4330}, /* ARABIC LETTER E ISOLATED FORM */ - {0xfbe5, 1, 4330}, /* ARABIC LETTER E FINAL FORM */ - {0xfbe6, 1, 4330}, /* ARABIC LETTER E INITIAL FORM */ - {0xfbe7, 1, 4330}, /* ARABIC LETTER E MEDIAL FORM */ - {0xfbe8, 1, 4331}, /* ARABIC LETTER UIGHUR KAZAKH KIRGHIZ ALEF MAKSURA INITIAL FORM */ - {0xfbe9, 1, 4331}, /* ARABIC LETTER UIGHUR KAZAKH KIRGHIZ ALEF MAKSURA MEDIAL FORM */ - {0xfbea, 2, 4332}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF ISOLATED FORM */ - {0xfbeb, 2, 4332}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF FINAL FORM */ - {0xfbec, 2, 4334}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH AE ISOLATED FORM */ - {0xfbed, 2, 4334}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH AE FINAL FORM */ - {0xfbee, 2, 4336}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH WAW ISOLATED FORM */ - {0xfbef, 2, 4336}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH WAW FINAL FORM */ - {0xfbf0, 2, 4338}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH U ISOLATED FORM */ - {0xfbf1, 2, 4338}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH U FINAL FORM */ - {0xfbf2, 2, 4340}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH OE ISOLATED FORM */ - {0xfbf3, 2, 4340}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH OE FINAL FORM */ - {0xfbf4, 2, 4342}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YU ISOLATED FORM */ - {0xfbf5, 2, 4342}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YU FINAL FORM */ - {0xfbf6, 2, 4344}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E ISOLATED FORM */ - {0xfbf7, 2, 4344}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E FINAL FORM */ - {0xfbf8, 2, 4344}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E INITIAL FORM */ - {0xfbf9, 2, 4346}, /* ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA ISOLATED FORM */ - {0xfbfa, 2, 4346}, /* ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA FINAL FORM */ - {0xfbfb, 2, 4346}, /* ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA INITIAL FORM */ - {0xfbfc, 1, 4348}, /* ARABIC LETTER FARSI YEH ISOLATED FORM */ - {0xfbfd, 1, 4348}, /* ARABIC LETTER FARSI YEH FINAL FORM */ - {0xfbfe, 1, 4348}, /* ARABIC LETTER FARSI YEH INITIAL FORM */ - {0xfbff, 1, 4348}, /* ARABIC LETTER FARSI YEH MEDIAL FORM */ - {0xfc00, 2, 4349}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH JEEM ISOLATED FORM */ - {0xfc01, 2, 4351}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HAH ISOLATED FORM */ - {0xfc02, 2, 4353}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM ISOLATED FORM */ - {0xfc03, 2, 4346}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF MAKSURA ISOLATED FORM */ - {0xfc04, 2, 4355}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YEH ISOLATED FORM */ - {0xfc05, 2, 4357}, /* ARABIC LIGATURE BEH WITH JEEM ISOLATED FORM */ - {0xfc06, 2, 4359}, /* ARABIC LIGATURE BEH WITH HAH ISOLATED FORM */ - {0xfc07, 2, 4361}, /* ARABIC LIGATURE BEH WITH KHAH ISOLATED FORM */ - {0xfc08, 2, 4363}, /* ARABIC LIGATURE BEH WITH MEEM ISOLATED FORM */ - {0xfc09, 2, 4365}, /* ARABIC LIGATURE BEH WITH ALEF MAKSURA ISOLATED FORM */ - {0xfc0a, 2, 4367}, /* ARABIC LIGATURE BEH WITH YEH ISOLATED FORM */ - {0xfc0b, 2, 4369}, /* ARABIC LIGATURE TEH WITH JEEM ISOLATED FORM */ - {0xfc0c, 2, 4371}, /* ARABIC LIGATURE TEH WITH HAH ISOLATED FORM */ - {0xfc0d, 2, 4373}, /* ARABIC LIGATURE TEH WITH KHAH ISOLATED FORM */ - {0xfc0e, 2, 4375}, /* ARABIC LIGATURE TEH WITH MEEM ISOLATED FORM */ - {0xfc0f, 2, 4377}, /* ARABIC LIGATURE TEH WITH ALEF MAKSURA ISOLATED FORM */ - {0xfc10, 2, 4379}, /* ARABIC LIGATURE TEH WITH YEH ISOLATED FORM */ - {0xfc11, 2, 4381}, /* ARABIC LIGATURE THEH WITH JEEM ISOLATED FORM */ - {0xfc12, 2, 4383}, /* ARABIC LIGATURE THEH WITH MEEM ISOLATED FORM */ - {0xfc13, 2, 4385}, /* ARABIC LIGATURE THEH WITH ALEF MAKSURA ISOLATED FORM */ - {0xfc14, 2, 4387}, /* ARABIC LIGATURE THEH WITH YEH ISOLATED FORM */ - {0xfc15, 2, 4389}, /* ARABIC LIGATURE JEEM WITH HAH ISOLATED FORM */ - {0xfc16, 2, 4391}, /* ARABIC LIGATURE JEEM WITH MEEM ISOLATED FORM */ - {0xfc17, 2, 4390}, /* ARABIC LIGATURE HAH WITH JEEM ISOLATED FORM */ - {0xfc18, 2, 4393}, /* ARABIC LIGATURE HAH WITH MEEM ISOLATED FORM */ - {0xfc19, 2, 4395}, /* ARABIC LIGATURE KHAH WITH JEEM ISOLATED FORM */ - {0xfc1a, 2, 4397}, /* ARABIC LIGATURE KHAH WITH HAH ISOLATED FORM */ - {0xfc1b, 2, 4399}, /* ARABIC LIGATURE KHAH WITH MEEM ISOLATED FORM */ - {0xfc1c, 2, 4401}, /* ARABIC LIGATURE SEEN WITH JEEM ISOLATED FORM */ - {0xfc1d, 2, 4403}, /* ARABIC LIGATURE SEEN WITH HAH ISOLATED FORM */ - {0xfc1e, 2, 4405}, /* ARABIC LIGATURE SEEN WITH KHAH ISOLATED FORM */ - {0xfc1f, 2, 4407}, /* ARABIC LIGATURE SEEN WITH MEEM ISOLATED FORM */ - {0xfc20, 2, 4409}, /* ARABIC LIGATURE SAD WITH HAH ISOLATED FORM */ - {0xfc21, 2, 4411}, /* ARABIC LIGATURE SAD WITH MEEM ISOLATED FORM */ - {0xfc22, 2, 4413}, /* ARABIC LIGATURE DAD WITH JEEM ISOLATED FORM */ - {0xfc23, 2, 4415}, /* ARABIC LIGATURE DAD WITH HAH ISOLATED FORM */ - {0xfc24, 2, 4417}, /* ARABIC LIGATURE DAD WITH KHAH ISOLATED FORM */ - {0xfc25, 2, 4419}, /* ARABIC LIGATURE DAD WITH MEEM ISOLATED FORM */ - {0xfc26, 2, 4421}, /* ARABIC LIGATURE TAH WITH HAH ISOLATED FORM */ - {0xfc27, 2, 4423}, /* ARABIC LIGATURE TAH WITH MEEM ISOLATED FORM */ - {0xfc28, 2, 4425}, /* ARABIC LIGATURE ZAH WITH MEEM ISOLATED FORM */ - {0xfc29, 2, 4427}, /* ARABIC LIGATURE AIN WITH JEEM ISOLATED FORM */ - {0xfc2a, 2, 4429}, /* ARABIC LIGATURE AIN WITH MEEM ISOLATED FORM */ - {0xfc2b, 2, 4431}, /* ARABIC LIGATURE GHAIN WITH JEEM ISOLATED FORM */ - {0xfc2c, 2, 4433}, /* ARABIC LIGATURE GHAIN WITH MEEM ISOLATED FORM */ - {0xfc2d, 2, 4435}, /* ARABIC LIGATURE FEH WITH JEEM ISOLATED FORM */ - {0xfc2e, 2, 4437}, /* ARABIC LIGATURE FEH WITH HAH ISOLATED FORM */ - {0xfc2f, 2, 4439}, /* ARABIC LIGATURE FEH WITH KHAH ISOLATED FORM */ - {0xfc30, 2, 4441}, /* ARABIC LIGATURE FEH WITH MEEM ISOLATED FORM */ - {0xfc31, 2, 4443}, /* ARABIC LIGATURE FEH WITH ALEF MAKSURA ISOLATED FORM */ - {0xfc32, 2, 4445}, /* ARABIC LIGATURE FEH WITH YEH ISOLATED FORM */ - {0xfc33, 2, 4447}, /* ARABIC LIGATURE QAF WITH HAH ISOLATED FORM */ - {0xfc34, 2, 4449}, /* ARABIC LIGATURE QAF WITH MEEM ISOLATED FORM */ - {0xfc35, 2, 4451}, /* ARABIC LIGATURE QAF WITH ALEF MAKSURA ISOLATED FORM */ - {0xfc36, 2, 4453}, /* ARABIC LIGATURE QAF WITH YEH ISOLATED FORM */ - {0xfc37, 2, 4455}, /* ARABIC LIGATURE KAF WITH ALEF ISOLATED FORM */ - {0xfc38, 2, 4457}, /* ARABIC LIGATURE KAF WITH JEEM ISOLATED FORM */ - {0xfc39, 2, 4459}, /* ARABIC LIGATURE KAF WITH HAH ISOLATED FORM */ - {0xfc3a, 2, 4461}, /* ARABIC LIGATURE KAF WITH KHAH ISOLATED FORM */ - {0xfc3b, 2, 4463}, /* ARABIC LIGATURE KAF WITH LAM ISOLATED FORM */ - {0xfc3c, 2, 4465}, /* ARABIC LIGATURE KAF WITH MEEM ISOLATED FORM */ - {0xfc3d, 2, 4467}, /* ARABIC LIGATURE KAF WITH ALEF MAKSURA ISOLATED FORM */ - {0xfc3e, 2, 4469}, /* ARABIC LIGATURE KAF WITH YEH ISOLATED FORM */ - {0xfc3f, 2, 4471}, /* ARABIC LIGATURE LAM WITH JEEM ISOLATED FORM */ - {0xfc40, 2, 4473}, /* ARABIC LIGATURE LAM WITH HAH ISOLATED FORM */ - {0xfc41, 2, 4475}, /* ARABIC LIGATURE LAM WITH KHAH ISOLATED FORM */ - {0xfc42, 2, 4477}, /* ARABIC LIGATURE LAM WITH MEEM ISOLATED FORM */ - {0xfc43, 2, 4479}, /* ARABIC LIGATURE LAM WITH ALEF MAKSURA ISOLATED FORM */ - {0xfc44, 2, 4481}, /* ARABIC LIGATURE LAM WITH YEH ISOLATED FORM */ - {0xfc45, 2, 4483}, /* ARABIC LIGATURE MEEM WITH JEEM ISOLATED FORM */ - {0xfc46, 2, 4392}, /* ARABIC LIGATURE MEEM WITH HAH ISOLATED FORM */ - {0xfc47, 2, 4394}, /* ARABIC LIGATURE MEEM WITH KHAH ISOLATED FORM */ - {0xfc48, 2, 4485}, /* ARABIC LIGATURE MEEM WITH MEEM ISOLATED FORM */ - {0xfc49, 2, 4487}, /* ARABIC LIGATURE MEEM WITH ALEF MAKSURA ISOLATED FORM */ - {0xfc4a, 2, 4489}, /* ARABIC LIGATURE MEEM WITH YEH ISOLATED FORM */ - {0xfc4b, 2, 4491}, /* ARABIC LIGATURE NOON WITH JEEM ISOLATED FORM */ - {0xfc4c, 2, 4493}, /* ARABIC LIGATURE NOON WITH HAH ISOLATED FORM */ - {0xfc4d, 2, 4495}, /* ARABIC LIGATURE NOON WITH KHAH ISOLATED FORM */ - {0xfc4e, 2, 4497}, /* ARABIC LIGATURE NOON WITH MEEM ISOLATED FORM */ - {0xfc4f, 2, 4499}, /* ARABIC LIGATURE NOON WITH ALEF MAKSURA ISOLATED FORM */ - {0xfc50, 2, 4501}, /* ARABIC LIGATURE NOON WITH YEH ISOLATED FORM */ - {0xfc51, 2, 4503}, /* ARABIC LIGATURE HEH WITH JEEM ISOLATED FORM */ - {0xfc52, 2, 4505}, /* ARABIC LIGATURE HEH WITH MEEM ISOLATED FORM */ - {0xfc53, 2, 4507}, /* ARABIC LIGATURE HEH WITH ALEF MAKSURA ISOLATED FORM */ - {0xfc54, 2, 4509}, /* ARABIC LIGATURE HEH WITH YEH ISOLATED FORM */ - {0xfc55, 2, 4388}, /* ARABIC LIGATURE YEH WITH JEEM ISOLATED FORM */ - {0xfc56, 2, 4511}, /* ARABIC LIGATURE YEH WITH HAH ISOLATED FORM */ - {0xfc57, 2, 4513}, /* ARABIC LIGATURE YEH WITH KHAH ISOLATED FORM */ - {0xfc58, 2, 4482}, /* ARABIC LIGATURE YEH WITH MEEM ISOLATED FORM */ - {0xfc59, 2, 4515}, /* ARABIC LIGATURE YEH WITH ALEF MAKSURA ISOLATED FORM */ - {0xfc5a, 2, 4510}, /* ARABIC LIGATURE YEH WITH YEH ISOLATED FORM */ - {0xfc5b, 2, 4517}, /* ARABIC LIGATURE THAL WITH SUPERSCRIPT ALEF ISOLATED FORM */ - {0xfc5c, 2, 4519}, /* ARABIC LIGATURE REH WITH SUPERSCRIPT ALEF ISOLATED FORM */ - {0xfc5d, 2, 4521}, /* ARABIC LIGATURE ALEF MAKSURA WITH SUPERSCRIPT ALEF ISOLATED FORM */ - {0xfc5e, 3, 4523}, /* ARABIC LIGATURE SHADDA WITH DAMMATAN ISOLATED FORM */ - {0xfc5f, 3, 4526}, /* ARABIC LIGATURE SHADDA WITH KASRATAN ISOLATED FORM */ - {0xfc60, 3, 4529}, /* ARABIC LIGATURE SHADDA WITH FATHA ISOLATED FORM */ - {0xfc61, 3, 4532}, /* ARABIC LIGATURE SHADDA WITH DAMMA ISOLATED FORM */ - {0xfc62, 3, 4535}, /* ARABIC LIGATURE SHADDA WITH KASRA ISOLATED FORM */ - {0xfc63, 3, 4538}, /* ARABIC LIGATURE SHADDA WITH SUPERSCRIPT ALEF ISOLATED FORM */ - {0xfc64, 2, 4541}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH REH FINAL FORM */ - {0xfc65, 2, 4543}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ZAIN FINAL FORM */ - {0xfc66, 2, 4353}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM FINAL FORM */ - {0xfc67, 2, 4545}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH NOON FINAL FORM */ - {0xfc68, 2, 4346}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF MAKSURA FINAL FORM */ - {0xfc69, 2, 4355}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YEH FINAL FORM */ - {0xfc6a, 2, 4547}, /* ARABIC LIGATURE BEH WITH REH FINAL FORM */ - {0xfc6b, 2, 4549}, /* ARABIC LIGATURE BEH WITH ZAIN FINAL FORM */ - {0xfc6c, 2, 4363}, /* ARABIC LIGATURE BEH WITH MEEM FINAL FORM */ - {0xfc6d, 2, 4551}, /* ARABIC LIGATURE BEH WITH NOON FINAL FORM */ - {0xfc6e, 2, 4365}, /* ARABIC LIGATURE BEH WITH ALEF MAKSURA FINAL FORM */ - {0xfc6f, 2, 4367}, /* ARABIC LIGATURE BEH WITH YEH FINAL FORM */ - {0xfc70, 2, 4553}, /* ARABIC LIGATURE TEH WITH REH FINAL FORM */ - {0xfc71, 2, 4555}, /* ARABIC LIGATURE TEH WITH ZAIN FINAL FORM */ - {0xfc72, 2, 4375}, /* ARABIC LIGATURE TEH WITH MEEM FINAL FORM */ - {0xfc73, 2, 4557}, /* ARABIC LIGATURE TEH WITH NOON FINAL FORM */ - {0xfc74, 2, 4377}, /* ARABIC LIGATURE TEH WITH ALEF MAKSURA FINAL FORM */ - {0xfc75, 2, 4379}, /* ARABIC LIGATURE TEH WITH YEH FINAL FORM */ - {0xfc76, 2, 4559}, /* ARABIC LIGATURE THEH WITH REH FINAL FORM */ - {0xfc77, 2, 4561}, /* ARABIC LIGATURE THEH WITH ZAIN FINAL FORM */ - {0xfc78, 2, 4383}, /* ARABIC LIGATURE THEH WITH MEEM FINAL FORM */ - {0xfc79, 2, 4563}, /* ARABIC LIGATURE THEH WITH NOON FINAL FORM */ - {0xfc7a, 2, 4385}, /* ARABIC LIGATURE THEH WITH ALEF MAKSURA FINAL FORM */ - {0xfc7b, 2, 4387}, /* ARABIC LIGATURE THEH WITH YEH FINAL FORM */ - {0xfc7c, 2, 4443}, /* ARABIC LIGATURE FEH WITH ALEF MAKSURA FINAL FORM */ - {0xfc7d, 2, 4445}, /* ARABIC LIGATURE FEH WITH YEH FINAL FORM */ - {0xfc7e, 2, 4451}, /* ARABIC LIGATURE QAF WITH ALEF MAKSURA FINAL FORM */ - {0xfc7f, 2, 4453}, /* ARABIC LIGATURE QAF WITH YEH FINAL FORM */ - {0xfc80, 2, 4455}, /* ARABIC LIGATURE KAF WITH ALEF FINAL FORM */ - {0xfc81, 2, 4463}, /* ARABIC LIGATURE KAF WITH LAM FINAL FORM */ - {0xfc82, 2, 4465}, /* ARABIC LIGATURE KAF WITH MEEM FINAL FORM */ - {0xfc83, 2, 4467}, /* ARABIC LIGATURE KAF WITH ALEF MAKSURA FINAL FORM */ - {0xfc84, 2, 4469}, /* ARABIC LIGATURE KAF WITH YEH FINAL FORM */ - {0xfc85, 2, 4477}, /* ARABIC LIGATURE LAM WITH MEEM FINAL FORM */ - {0xfc86, 2, 4479}, /* ARABIC LIGATURE LAM WITH ALEF MAKSURA FINAL FORM */ - {0xfc87, 2, 4481}, /* ARABIC LIGATURE LAM WITH YEH FINAL FORM */ - {0xfc88, 2, 4565}, /* ARABIC LIGATURE MEEM WITH ALEF FINAL FORM */ - {0xfc89, 2, 4485}, /* ARABIC LIGATURE MEEM WITH MEEM FINAL FORM */ - {0xfc8a, 2, 4567}, /* ARABIC LIGATURE NOON WITH REH FINAL FORM */ - {0xfc8b, 2, 4569}, /* ARABIC LIGATURE NOON WITH ZAIN FINAL FORM */ - {0xfc8c, 2, 4497}, /* ARABIC LIGATURE NOON WITH MEEM FINAL FORM */ - {0xfc8d, 2, 4571}, /* ARABIC LIGATURE NOON WITH NOON FINAL FORM */ - {0xfc8e, 2, 4499}, /* ARABIC LIGATURE NOON WITH ALEF MAKSURA FINAL FORM */ - {0xfc8f, 2, 4501}, /* ARABIC LIGATURE NOON WITH YEH FINAL FORM */ - {0xfc90, 2, 4521}, /* ARABIC LIGATURE ALEF MAKSURA WITH SUPERSCRIPT ALEF FINAL FORM */ - {0xfc91, 2, 4573}, /* ARABIC LIGATURE YEH WITH REH FINAL FORM */ - {0xfc92, 2, 4575}, /* ARABIC LIGATURE YEH WITH ZAIN FINAL FORM */ - {0xfc93, 2, 4482}, /* ARABIC LIGATURE YEH WITH MEEM FINAL FORM */ - {0xfc94, 2, 4490}, /* ARABIC LIGATURE YEH WITH NOON FINAL FORM */ - {0xfc95, 2, 4515}, /* ARABIC LIGATURE YEH WITH ALEF MAKSURA FINAL FORM */ - {0xfc96, 2, 4510}, /* ARABIC LIGATURE YEH WITH YEH FINAL FORM */ - {0xfc97, 2, 4349}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH JEEM INITIAL FORM */ - {0xfc98, 2, 4351}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HAH INITIAL FORM */ - {0xfc99, 2, 4577}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH KHAH INITIAL FORM */ - {0xfc9a, 2, 4353}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM INITIAL FORM */ - {0xfc9b, 2, 4579}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HEH INITIAL FORM */ - {0xfc9c, 2, 4357}, /* ARABIC LIGATURE BEH WITH JEEM INITIAL FORM */ - {0xfc9d, 2, 4359}, /* ARABIC LIGATURE BEH WITH HAH INITIAL FORM */ - {0xfc9e, 2, 4361}, /* ARABIC LIGATURE BEH WITH KHAH INITIAL FORM */ - {0xfc9f, 2, 4363}, /* ARABIC LIGATURE BEH WITH MEEM INITIAL FORM */ - {0xfca0, 2, 4581}, /* ARABIC LIGATURE BEH WITH HEH INITIAL FORM */ - {0xfca1, 2, 4369}, /* ARABIC LIGATURE TEH WITH JEEM INITIAL FORM */ - {0xfca2, 2, 4371}, /* ARABIC LIGATURE TEH WITH HAH INITIAL FORM */ - {0xfca3, 2, 4373}, /* ARABIC LIGATURE TEH WITH KHAH INITIAL FORM */ - {0xfca4, 2, 4375}, /* ARABIC LIGATURE TEH WITH MEEM INITIAL FORM */ - {0xfca5, 2, 4583}, /* ARABIC LIGATURE TEH WITH HEH INITIAL FORM */ - {0xfca6, 2, 4383}, /* ARABIC LIGATURE THEH WITH MEEM INITIAL FORM */ - {0xfca7, 2, 4389}, /* ARABIC LIGATURE JEEM WITH HAH INITIAL FORM */ - {0xfca8, 2, 4391}, /* ARABIC LIGATURE JEEM WITH MEEM INITIAL FORM */ - {0xfca9, 2, 4390}, /* ARABIC LIGATURE HAH WITH JEEM INITIAL FORM */ - {0xfcaa, 2, 4393}, /* ARABIC LIGATURE HAH WITH MEEM INITIAL FORM */ - {0xfcab, 2, 4395}, /* ARABIC LIGATURE KHAH WITH JEEM INITIAL FORM */ - {0xfcac, 2, 4399}, /* ARABIC LIGATURE KHAH WITH MEEM INITIAL FORM */ - {0xfcad, 2, 4401}, /* ARABIC LIGATURE SEEN WITH JEEM INITIAL FORM */ - {0xfcae, 2, 4403}, /* ARABIC LIGATURE SEEN WITH HAH INITIAL FORM */ - {0xfcaf, 2, 4405}, /* ARABIC LIGATURE SEEN WITH KHAH INITIAL FORM */ - {0xfcb0, 2, 4407}, /* ARABIC LIGATURE SEEN WITH MEEM INITIAL FORM */ - {0xfcb1, 2, 4409}, /* ARABIC LIGATURE SAD WITH HAH INITIAL FORM */ - {0xfcb2, 2, 4585}, /* ARABIC LIGATURE SAD WITH KHAH INITIAL FORM */ - {0xfcb3, 2, 4411}, /* ARABIC LIGATURE SAD WITH MEEM INITIAL FORM */ - {0xfcb4, 2, 4413}, /* ARABIC LIGATURE DAD WITH JEEM INITIAL FORM */ - {0xfcb5, 2, 4415}, /* ARABIC LIGATURE DAD WITH HAH INITIAL FORM */ - {0xfcb6, 2, 4417}, /* ARABIC LIGATURE DAD WITH KHAH INITIAL FORM */ - {0xfcb7, 2, 4419}, /* ARABIC LIGATURE DAD WITH MEEM INITIAL FORM */ - {0xfcb8, 2, 4421}, /* ARABIC LIGATURE TAH WITH HAH INITIAL FORM */ - {0xfcb9, 2, 4425}, /* ARABIC LIGATURE ZAH WITH MEEM INITIAL FORM */ - {0xfcba, 2, 4427}, /* ARABIC LIGATURE AIN WITH JEEM INITIAL FORM */ - {0xfcbb, 2, 4429}, /* ARABIC LIGATURE AIN WITH MEEM INITIAL FORM */ - {0xfcbc, 2, 4431}, /* ARABIC LIGATURE GHAIN WITH JEEM INITIAL FORM */ - {0xfcbd, 2, 4433}, /* ARABIC LIGATURE GHAIN WITH MEEM INITIAL FORM */ - {0xfcbe, 2, 4435}, /* ARABIC LIGATURE FEH WITH JEEM INITIAL FORM */ - {0xfcbf, 2, 4437}, /* ARABIC LIGATURE FEH WITH HAH INITIAL FORM */ - {0xfcc0, 2, 4439}, /* ARABIC LIGATURE FEH WITH KHAH INITIAL FORM */ - {0xfcc1, 2, 4441}, /* ARABIC LIGATURE FEH WITH MEEM INITIAL FORM */ - {0xfcc2, 2, 4447}, /* ARABIC LIGATURE QAF WITH HAH INITIAL FORM */ - {0xfcc3, 2, 4449}, /* ARABIC LIGATURE QAF WITH MEEM INITIAL FORM */ - {0xfcc4, 2, 4457}, /* ARABIC LIGATURE KAF WITH JEEM INITIAL FORM */ - {0xfcc5, 2, 4459}, /* ARABIC LIGATURE KAF WITH HAH INITIAL FORM */ - {0xfcc6, 2, 4461}, /* ARABIC LIGATURE KAF WITH KHAH INITIAL FORM */ - {0xfcc7, 2, 4463}, /* ARABIC LIGATURE KAF WITH LAM INITIAL FORM */ - {0xfcc8, 2, 4465}, /* ARABIC LIGATURE KAF WITH MEEM INITIAL FORM */ - {0xfcc9, 2, 4471}, /* ARABIC LIGATURE LAM WITH JEEM INITIAL FORM */ - {0xfcca, 2, 4473}, /* ARABIC LIGATURE LAM WITH HAH INITIAL FORM */ - {0xfccb, 2, 4475}, /* ARABIC LIGATURE LAM WITH KHAH INITIAL FORM */ - {0xfccc, 2, 4477}, /* ARABIC LIGATURE LAM WITH MEEM INITIAL FORM */ - {0xfccd, 2, 4587}, /* ARABIC LIGATURE LAM WITH HEH INITIAL FORM */ - {0xfcce, 2, 4483}, /* ARABIC LIGATURE MEEM WITH JEEM INITIAL FORM */ - {0xfccf, 2, 4392}, /* ARABIC LIGATURE MEEM WITH HAH INITIAL FORM */ - {0xfcd0, 2, 4394}, /* ARABIC LIGATURE MEEM WITH KHAH INITIAL FORM */ - {0xfcd1, 2, 4485}, /* ARABIC LIGATURE MEEM WITH MEEM INITIAL FORM */ - {0xfcd2, 2, 4491}, /* ARABIC LIGATURE NOON WITH JEEM INITIAL FORM */ - {0xfcd3, 2, 4493}, /* ARABIC LIGATURE NOON WITH HAH INITIAL FORM */ - {0xfcd4, 2, 4495}, /* ARABIC LIGATURE NOON WITH KHAH INITIAL FORM */ - {0xfcd5, 2, 4497}, /* ARABIC LIGATURE NOON WITH MEEM INITIAL FORM */ - {0xfcd6, 2, 4589}, /* ARABIC LIGATURE NOON WITH HEH INITIAL FORM */ - {0xfcd7, 2, 4503}, /* ARABIC LIGATURE HEH WITH JEEM INITIAL FORM */ - {0xfcd8, 2, 4505}, /* ARABIC LIGATURE HEH WITH MEEM INITIAL FORM */ - {0xfcd9, 2, 4591}, /* ARABIC LIGATURE HEH WITH SUPERSCRIPT ALEF INITIAL FORM */ - {0xfcda, 2, 4388}, /* ARABIC LIGATURE YEH WITH JEEM INITIAL FORM */ - {0xfcdb, 2, 4511}, /* ARABIC LIGATURE YEH WITH HAH INITIAL FORM */ - {0xfcdc, 2, 4513}, /* ARABIC LIGATURE YEH WITH KHAH INITIAL FORM */ - {0xfcdd, 2, 4482}, /* ARABIC LIGATURE YEH WITH MEEM INITIAL FORM */ - {0xfcde, 2, 4502}, /* ARABIC LIGATURE YEH WITH HEH INITIAL FORM */ - {0xfcdf, 2, 4353}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM MEDIAL FORM */ - {0xfce0, 2, 4579}, /* ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HEH MEDIAL FORM */ - {0xfce1, 2, 4363}, /* ARABIC LIGATURE BEH WITH MEEM MEDIAL FORM */ - {0xfce2, 2, 4581}, /* ARABIC LIGATURE BEH WITH HEH MEDIAL FORM */ - {0xfce3, 2, 4375}, /* ARABIC LIGATURE TEH WITH MEEM MEDIAL FORM */ - {0xfce4, 2, 4583}, /* ARABIC LIGATURE TEH WITH HEH MEDIAL FORM */ - {0xfce5, 2, 4383}, /* ARABIC LIGATURE THEH WITH MEEM MEDIAL FORM */ - {0xfce6, 2, 4593}, /* ARABIC LIGATURE THEH WITH HEH MEDIAL FORM */ - {0xfce7, 2, 4407}, /* ARABIC LIGATURE SEEN WITH MEEM MEDIAL FORM */ - {0xfce8, 2, 4595}, /* ARABIC LIGATURE SEEN WITH HEH MEDIAL FORM */ - {0xfce9, 2, 4597}, /* ARABIC LIGATURE SHEEN WITH MEEM MEDIAL FORM */ - {0xfcea, 2, 4599}, /* ARABIC LIGATURE SHEEN WITH HEH MEDIAL FORM */ - {0xfceb, 2, 4463}, /* ARABIC LIGATURE KAF WITH LAM MEDIAL FORM */ - {0xfcec, 2, 4465}, /* ARABIC LIGATURE KAF WITH MEEM MEDIAL FORM */ - {0xfced, 2, 4477}, /* ARABIC LIGATURE LAM WITH MEEM MEDIAL FORM */ - {0xfcee, 2, 4497}, /* ARABIC LIGATURE NOON WITH MEEM MEDIAL FORM */ - {0xfcef, 2, 4589}, /* ARABIC LIGATURE NOON WITH HEH MEDIAL FORM */ - {0xfcf0, 2, 4482}, /* ARABIC LIGATURE YEH WITH MEEM MEDIAL FORM */ - {0xfcf1, 2, 4502}, /* ARABIC LIGATURE YEH WITH HEH MEDIAL FORM */ - {0xfcf2, 3, 4601}, /* ARABIC LIGATURE SHADDA WITH FATHA MEDIAL FORM */ - {0xfcf3, 3, 4604}, /* ARABIC LIGATURE SHADDA WITH DAMMA MEDIAL FORM */ - {0xfcf4, 3, 4607}, /* ARABIC LIGATURE SHADDA WITH KASRA MEDIAL FORM */ - {0xfcf5, 2, 4610}, /* ARABIC LIGATURE TAH WITH ALEF MAKSURA ISOLATED FORM */ - {0xfcf6, 2, 4612}, /* ARABIC LIGATURE TAH WITH YEH ISOLATED FORM */ - {0xfcf7, 2, 4614}, /* ARABIC LIGATURE AIN WITH ALEF MAKSURA ISOLATED FORM */ - {0xfcf8, 2, 4616}, /* ARABIC LIGATURE AIN WITH YEH ISOLATED FORM */ - {0xfcf9, 2, 4618}, /* ARABIC LIGATURE GHAIN WITH ALEF MAKSURA ISOLATED FORM */ - {0xfcfa, 2, 4620}, /* ARABIC LIGATURE GHAIN WITH YEH ISOLATED FORM */ - {0xfcfb, 2, 4622}, /* ARABIC LIGATURE SEEN WITH ALEF MAKSURA ISOLATED FORM */ - {0xfcfc, 2, 4624}, /* ARABIC LIGATURE SEEN WITH YEH ISOLATED FORM */ - {0xfcfd, 2, 4626}, /* ARABIC LIGATURE SHEEN WITH ALEF MAKSURA ISOLATED FORM */ - {0xfcfe, 2, 4628}, /* ARABIC LIGATURE SHEEN WITH YEH ISOLATED FORM */ - {0xfcff, 2, 4630}, /* ARABIC LIGATURE HAH WITH ALEF MAKSURA ISOLATED FORM */ - {0xfd00, 2, 4512}, /* ARABIC LIGATURE HAH WITH YEH ISOLATED FORM */ - {0xfd01, 2, 4632}, /* ARABIC LIGATURE JEEM WITH ALEF MAKSURA ISOLATED FORM */ - {0xfd02, 2, 4634}, /* ARABIC LIGATURE JEEM WITH YEH ISOLATED FORM */ - {0xfd03, 2, 4636}, /* ARABIC LIGATURE KHAH WITH ALEF MAKSURA ISOLATED FORM */ - {0xfd04, 2, 4514}, /* ARABIC LIGATURE KHAH WITH YEH ISOLATED FORM */ - {0xfd05, 2, 4638}, /* ARABIC LIGATURE SAD WITH ALEF MAKSURA ISOLATED FORM */ - {0xfd06, 2, 4640}, /* ARABIC LIGATURE SAD WITH YEH ISOLATED FORM */ - {0xfd07, 2, 4642}, /* ARABIC LIGATURE DAD WITH ALEF MAKSURA ISOLATED FORM */ - {0xfd08, 2, 4644}, /* ARABIC LIGATURE DAD WITH YEH ISOLATED FORM */ - {0xfd09, 2, 4646}, /* ARABIC LIGATURE SHEEN WITH JEEM ISOLATED FORM */ - {0xfd0a, 2, 4648}, /* ARABIC LIGATURE SHEEN WITH HAH ISOLATED FORM */ - {0xfd0b, 2, 4650}, /* ARABIC LIGATURE SHEEN WITH KHAH ISOLATED FORM */ - {0xfd0c, 2, 4597}, /* ARABIC LIGATURE SHEEN WITH MEEM ISOLATED FORM */ - {0xfd0d, 2, 4652}, /* ARABIC LIGATURE SHEEN WITH REH ISOLATED FORM */ - {0xfd0e, 2, 4654}, /* ARABIC LIGATURE SEEN WITH REH ISOLATED FORM */ - {0xfd0f, 2, 4656}, /* ARABIC LIGATURE SAD WITH REH ISOLATED FORM */ - {0xfd10, 2, 4658}, /* ARABIC LIGATURE DAD WITH REH ISOLATED FORM */ - {0xfd11, 2, 4610}, /* ARABIC LIGATURE TAH WITH ALEF MAKSURA FINAL FORM */ - {0xfd12, 2, 4612}, /* ARABIC LIGATURE TAH WITH YEH FINAL FORM */ - {0xfd13, 2, 4614}, /* ARABIC LIGATURE AIN WITH ALEF MAKSURA FINAL FORM */ - {0xfd14, 2, 4616}, /* ARABIC LIGATURE AIN WITH YEH FINAL FORM */ - {0xfd15, 2, 4618}, /* ARABIC LIGATURE GHAIN WITH ALEF MAKSURA FINAL FORM */ - {0xfd16, 2, 4620}, /* ARABIC LIGATURE GHAIN WITH YEH FINAL FORM */ - {0xfd17, 2, 4622}, /* ARABIC LIGATURE SEEN WITH ALEF MAKSURA FINAL FORM */ - {0xfd18, 2, 4624}, /* ARABIC LIGATURE SEEN WITH YEH FINAL FORM */ - {0xfd19, 2, 4626}, /* ARABIC LIGATURE SHEEN WITH ALEF MAKSURA FINAL FORM */ - {0xfd1a, 2, 4628}, /* ARABIC LIGATURE SHEEN WITH YEH FINAL FORM */ - {0xfd1b, 2, 4630}, /* ARABIC LIGATURE HAH WITH ALEF MAKSURA FINAL FORM */ - {0xfd1c, 2, 4512}, /* ARABIC LIGATURE HAH WITH YEH FINAL FORM */ - {0xfd1d, 2, 4632}, /* ARABIC LIGATURE JEEM WITH ALEF MAKSURA FINAL FORM */ - {0xfd1e, 2, 4634}, /* ARABIC LIGATURE JEEM WITH YEH FINAL FORM */ - {0xfd1f, 2, 4636}, /* ARABIC LIGATURE KHAH WITH ALEF MAKSURA FINAL FORM */ - {0xfd20, 2, 4514}, /* ARABIC LIGATURE KHAH WITH YEH FINAL FORM */ - {0xfd21, 2, 4638}, /* ARABIC LIGATURE SAD WITH ALEF MAKSURA FINAL FORM */ - {0xfd22, 2, 4640}, /* ARABIC LIGATURE SAD WITH YEH FINAL FORM */ - {0xfd23, 2, 4642}, /* ARABIC LIGATURE DAD WITH ALEF MAKSURA FINAL FORM */ - {0xfd24, 2, 4644}, /* ARABIC LIGATURE DAD WITH YEH FINAL FORM */ - {0xfd25, 2, 4646}, /* ARABIC LIGATURE SHEEN WITH JEEM FINAL FORM */ - {0xfd26, 2, 4648}, /* ARABIC LIGATURE SHEEN WITH HAH FINAL FORM */ - {0xfd27, 2, 4650}, /* ARABIC LIGATURE SHEEN WITH KHAH FINAL FORM */ - {0xfd28, 2, 4597}, /* ARABIC LIGATURE SHEEN WITH MEEM FINAL FORM */ - {0xfd29, 2, 4652}, /* ARABIC LIGATURE SHEEN WITH REH FINAL FORM */ - {0xfd2a, 2, 4654}, /* ARABIC LIGATURE SEEN WITH REH FINAL FORM */ - {0xfd2b, 2, 4656}, /* ARABIC LIGATURE SAD WITH REH FINAL FORM */ - {0xfd2c, 2, 4658}, /* ARABIC LIGATURE DAD WITH REH FINAL FORM */ - {0xfd2d, 2, 4646}, /* ARABIC LIGATURE SHEEN WITH JEEM INITIAL FORM */ - {0xfd2e, 2, 4648}, /* ARABIC LIGATURE SHEEN WITH HAH INITIAL FORM */ - {0xfd2f, 2, 4650}, /* ARABIC LIGATURE SHEEN WITH KHAH INITIAL FORM */ - {0xfd30, 2, 4597}, /* ARABIC LIGATURE SHEEN WITH MEEM INITIAL FORM */ - {0xfd31, 2, 4595}, /* ARABIC LIGATURE SEEN WITH HEH INITIAL FORM */ - {0xfd32, 2, 4599}, /* ARABIC LIGATURE SHEEN WITH HEH INITIAL FORM */ - {0xfd33, 2, 4423}, /* ARABIC LIGATURE TAH WITH MEEM INITIAL FORM */ - {0xfd34, 2, 4401}, /* ARABIC LIGATURE SEEN WITH JEEM MEDIAL FORM */ - {0xfd35, 2, 4403}, /* ARABIC LIGATURE SEEN WITH HAH MEDIAL FORM */ - {0xfd36, 2, 4405}, /* ARABIC LIGATURE SEEN WITH KHAH MEDIAL FORM */ - {0xfd37, 2, 4646}, /* ARABIC LIGATURE SHEEN WITH JEEM MEDIAL FORM */ - {0xfd38, 2, 4648}, /* ARABIC LIGATURE SHEEN WITH HAH MEDIAL FORM */ - {0xfd39, 2, 4650}, /* ARABIC LIGATURE SHEEN WITH KHAH MEDIAL FORM */ - {0xfd3a, 2, 4423}, /* ARABIC LIGATURE TAH WITH MEEM MEDIAL FORM */ - {0xfd3b, 2, 4425}, /* ARABIC LIGATURE ZAH WITH MEEM MEDIAL FORM */ - {0xfd3c, 2, 4660}, /* ARABIC LIGATURE ALEF WITH FATHATAN FINAL FORM */ - {0xfd3d, 2, 4660}, /* ARABIC LIGATURE ALEF WITH FATHATAN ISOLATED FORM */ - {0xfd50, 3, 4662}, /* ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM */ - {0xfd51, 3, 4665}, /* ARABIC LIGATURE TEH WITH HAH WITH JEEM FINAL FORM */ - {0xfd52, 3, 4665}, /* ARABIC LIGATURE TEH WITH HAH WITH JEEM INITIAL FORM */ - {0xfd53, 3, 4668}, /* ARABIC LIGATURE TEH WITH HAH WITH MEEM INITIAL FORM */ - {0xfd54, 3, 4671}, /* ARABIC LIGATURE TEH WITH KHAH WITH MEEM INITIAL FORM */ - {0xfd55, 3, 4674}, /* ARABIC LIGATURE TEH WITH MEEM WITH JEEM INITIAL FORM */ - {0xfd56, 3, 4677}, /* ARABIC LIGATURE TEH WITH MEEM WITH HAH INITIAL FORM */ - {0xfd57, 3, 4680}, /* ARABIC LIGATURE TEH WITH MEEM WITH KHAH INITIAL FORM */ - {0xfd58, 3, 4391}, /* ARABIC LIGATURE JEEM WITH MEEM WITH HAH FINAL FORM */ - {0xfd59, 3, 4391}, /* ARABIC LIGATURE JEEM WITH MEEM WITH HAH INITIAL FORM */ - {0xfd5a, 3, 4683}, /* ARABIC LIGATURE HAH WITH MEEM WITH YEH FINAL FORM */ - {0xfd5b, 3, 4686}, /* ARABIC LIGATURE HAH WITH MEEM WITH ALEF MAKSURA FINAL FORM */ - {0xfd5c, 3, 4689}, /* ARABIC LIGATURE SEEN WITH HAH WITH JEEM INITIAL FORM */ - {0xfd5d, 3, 4692}, /* ARABIC LIGATURE SEEN WITH JEEM WITH HAH INITIAL FORM */ - {0xfd5e, 3, 4695}, /* ARABIC LIGATURE SEEN WITH JEEM WITH ALEF MAKSURA FINAL FORM */ - {0xfd5f, 3, 4698}, /* ARABIC LIGATURE SEEN WITH MEEM WITH HAH FINAL FORM */ - {0xfd60, 3, 4698}, /* ARABIC LIGATURE SEEN WITH MEEM WITH HAH INITIAL FORM */ - {0xfd61, 3, 4701}, /* ARABIC LIGATURE SEEN WITH MEEM WITH JEEM INITIAL FORM */ - {0xfd62, 3, 4704}, /* ARABIC LIGATURE SEEN WITH MEEM WITH MEEM FINAL FORM */ - {0xfd63, 3, 4704}, /* ARABIC LIGATURE SEEN WITH MEEM WITH MEEM INITIAL FORM */ - {0xfd64, 3, 4707}, /* ARABIC LIGATURE SAD WITH HAH WITH HAH FINAL FORM */ - {0xfd65, 3, 4707}, /* ARABIC LIGATURE SAD WITH HAH WITH HAH INITIAL FORM */ - {0xfd66, 3, 4710}, /* ARABIC LIGATURE SAD WITH MEEM WITH MEEM FINAL FORM */ - {0xfd67, 3, 4713}, /* ARABIC LIGATURE SHEEN WITH HAH WITH MEEM FINAL FORM */ - {0xfd68, 3, 4713}, /* ARABIC LIGATURE SHEEN WITH HAH WITH MEEM INITIAL FORM */ - {0xfd69, 3, 4716}, /* ARABIC LIGATURE SHEEN WITH JEEM WITH YEH FINAL FORM */ - {0xfd6a, 3, 4719}, /* ARABIC LIGATURE SHEEN WITH MEEM WITH KHAH FINAL FORM */ - {0xfd6b, 3, 4719}, /* ARABIC LIGATURE SHEEN WITH MEEM WITH KHAH INITIAL FORM */ - {0xfd6c, 3, 4722}, /* ARABIC LIGATURE SHEEN WITH MEEM WITH MEEM FINAL FORM */ - {0xfd6d, 3, 4722}, /* ARABIC LIGATURE SHEEN WITH MEEM WITH MEEM INITIAL FORM */ - {0xfd6e, 3, 4725}, /* ARABIC LIGATURE DAD WITH HAH WITH ALEF MAKSURA FINAL FORM */ - {0xfd6f, 3, 4728}, /* ARABIC LIGATURE DAD WITH KHAH WITH MEEM FINAL FORM */ - {0xfd70, 3, 4728}, /* ARABIC LIGATURE DAD WITH KHAH WITH MEEM INITIAL FORM */ - {0xfd71, 3, 4731}, /* ARABIC LIGATURE TAH WITH MEEM WITH HAH FINAL FORM */ - {0xfd72, 3, 4731}, /* ARABIC LIGATURE TAH WITH MEEM WITH HAH INITIAL FORM */ - {0xfd73, 3, 4734}, /* ARABIC LIGATURE TAH WITH MEEM WITH MEEM INITIAL FORM */ - {0xfd74, 3, 4737}, /* ARABIC LIGATURE TAH WITH MEEM WITH YEH FINAL FORM */ - {0xfd75, 3, 4740}, /* ARABIC LIGATURE AIN WITH JEEM WITH MEEM FINAL FORM */ - {0xfd76, 3, 4743}, /* ARABIC LIGATURE AIN WITH MEEM WITH MEEM FINAL FORM */ - {0xfd77, 3, 4743}, /* ARABIC LIGATURE AIN WITH MEEM WITH MEEM INITIAL FORM */ - {0xfd78, 3, 4746}, /* ARABIC LIGATURE AIN WITH MEEM WITH ALEF MAKSURA FINAL FORM */ - {0xfd79, 3, 4749}, /* ARABIC LIGATURE GHAIN WITH MEEM WITH MEEM FINAL FORM */ - {0xfd7a, 3, 4752}, /* ARABIC LIGATURE GHAIN WITH MEEM WITH YEH FINAL FORM */ - {0xfd7b, 3, 4755}, /* ARABIC LIGATURE GHAIN WITH MEEM WITH ALEF MAKSURA FINAL FORM */ - {0xfd7c, 3, 4758}, /* ARABIC LIGATURE FEH WITH KHAH WITH MEEM FINAL FORM */ - {0xfd7d, 3, 4758}, /* ARABIC LIGATURE FEH WITH KHAH WITH MEEM INITIAL FORM */ - {0xfd7e, 3, 4761}, /* ARABIC LIGATURE QAF WITH MEEM WITH HAH FINAL FORM */ - {0xfd7f, 3, 4764}, /* ARABIC LIGATURE QAF WITH MEEM WITH MEEM FINAL FORM */ - {0xfd80, 3, 4767}, /* ARABIC LIGATURE LAM WITH HAH WITH MEEM FINAL FORM */ - {0xfd81, 3, 4770}, /* ARABIC LIGATURE LAM WITH HAH WITH YEH FINAL FORM */ - {0xfd82, 3, 4773}, /* ARABIC LIGATURE LAM WITH HAH WITH ALEF MAKSURA FINAL FORM */ - {0xfd83, 3, 4776}, /* ARABIC LIGATURE LAM WITH JEEM WITH JEEM INITIAL FORM */ - {0xfd84, 3, 4776}, /* ARABIC LIGATURE LAM WITH JEEM WITH JEEM FINAL FORM */ - {0xfd85, 3, 4779}, /* ARABIC LIGATURE LAM WITH KHAH WITH MEEM FINAL FORM */ - {0xfd86, 3, 4779}, /* ARABIC LIGATURE LAM WITH KHAH WITH MEEM INITIAL FORM */ - {0xfd87, 3, 4782}, /* ARABIC LIGATURE LAM WITH MEEM WITH HAH FINAL FORM */ - {0xfd88, 3, 4782}, /* ARABIC LIGATURE LAM WITH MEEM WITH HAH INITIAL FORM */ - {0xfd89, 3, 4785}, /* ARABIC LIGATURE MEEM WITH HAH WITH JEEM INITIAL FORM */ - {0xfd8a, 3, 4392}, /* ARABIC LIGATURE MEEM WITH HAH WITH MEEM INITIAL FORM */ - {0xfd8b, 3, 4788}, /* ARABIC LIGATURE MEEM WITH HAH WITH YEH FINAL FORM */ - {0xfd8c, 3, 4791}, /* ARABIC LIGATURE MEEM WITH JEEM WITH HAH INITIAL FORM */ - {0xfd8d, 3, 4483}, /* ARABIC LIGATURE MEEM WITH JEEM WITH MEEM INITIAL FORM */ - {0xfd8e, 3, 4394}, /* ARABIC LIGATURE MEEM WITH KHAH WITH JEEM INITIAL FORM */ - {0xfd8f, 3, 4794}, /* ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM */ - {0xfd92, 3, 4797}, /* ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM */ - {0xfd93, 3, 4800}, /* ARABIC LIGATURE HEH WITH MEEM WITH JEEM INITIAL FORM */ - {0xfd94, 3, 4803}, /* ARABIC LIGATURE HEH WITH MEEM WITH MEEM INITIAL FORM */ - {0xfd95, 3, 4806}, /* ARABIC LIGATURE NOON WITH HAH WITH MEEM INITIAL FORM */ - {0xfd96, 3, 4809}, /* ARABIC LIGATURE NOON WITH HAH WITH ALEF MAKSURA FINAL FORM */ - {0xfd97, 3, 4812}, /* ARABIC LIGATURE NOON WITH JEEM WITH MEEM FINAL FORM */ - {0xfd98, 3, 4812}, /* ARABIC LIGATURE NOON WITH JEEM WITH MEEM INITIAL FORM */ - {0xfd99, 3, 4815}, /* ARABIC LIGATURE NOON WITH JEEM WITH ALEF MAKSURA FINAL FORM */ - {0xfd9a, 3, 4818}, /* ARABIC LIGATURE NOON WITH MEEM WITH YEH FINAL FORM */ - {0xfd9b, 3, 4821}, /* ARABIC LIGATURE NOON WITH MEEM WITH ALEF MAKSURA FINAL FORM */ - {0xfd9c, 3, 4824}, /* ARABIC LIGATURE YEH WITH MEEM WITH MEEM FINAL FORM */ - {0xfd9d, 3, 4824}, /* ARABIC LIGATURE YEH WITH MEEM WITH MEEM INITIAL FORM */ - {0xfd9e, 3, 4827}, /* ARABIC LIGATURE BEH WITH KHAH WITH YEH FINAL FORM */ - {0xfd9f, 3, 4830}, /* ARABIC LIGATURE TEH WITH JEEM WITH YEH FINAL FORM */ - {0xfda0, 3, 4833}, /* ARABIC LIGATURE TEH WITH JEEM WITH ALEF MAKSURA FINAL FORM */ - {0xfda1, 3, 4836}, /* ARABIC LIGATURE TEH WITH KHAH WITH YEH FINAL FORM */ - {0xfda2, 3, 4839}, /* ARABIC LIGATURE TEH WITH KHAH WITH ALEF MAKSURA FINAL FORM */ - {0xfda3, 3, 4842}, /* ARABIC LIGATURE TEH WITH MEEM WITH YEH FINAL FORM */ - {0xfda4, 3, 4845}, /* ARABIC LIGATURE TEH WITH MEEM WITH ALEF MAKSURA FINAL FORM */ - {0xfda5, 3, 4848}, /* ARABIC LIGATURE JEEM WITH MEEM WITH YEH FINAL FORM */ - {0xfda6, 3, 4851}, /* ARABIC LIGATURE JEEM WITH HAH WITH ALEF MAKSURA FINAL FORM */ - {0xfda7, 3, 4854}, /* ARABIC LIGATURE JEEM WITH MEEM WITH ALEF MAKSURA FINAL FORM */ - {0xfda8, 3, 4857}, /* ARABIC LIGATURE SEEN WITH KHAH WITH ALEF MAKSURA FINAL FORM */ - {0xfda9, 3, 4860}, /* ARABIC LIGATURE SAD WITH HAH WITH YEH FINAL FORM */ - {0xfdaa, 3, 4863}, /* ARABIC LIGATURE SHEEN WITH HAH WITH YEH FINAL FORM */ - {0xfdab, 3, 4866}, /* ARABIC LIGATURE DAD WITH HAH WITH YEH FINAL FORM */ - {0xfdac, 3, 4869}, /* ARABIC LIGATURE LAM WITH JEEM WITH YEH FINAL FORM */ - {0xfdad, 3, 4872}, /* ARABIC LIGATURE LAM WITH MEEM WITH YEH FINAL FORM */ - {0xfdae, 3, 4511}, /* ARABIC LIGATURE YEH WITH HAH WITH YEH FINAL FORM */ - {0xfdaf, 3, 4875}, /* ARABIC LIGATURE YEH WITH JEEM WITH YEH FINAL FORM */ - {0xfdb0, 3, 4878}, /* ARABIC LIGATURE YEH WITH MEEM WITH YEH FINAL FORM */ - {0xfdb1, 3, 4881}, /* ARABIC LIGATURE MEEM WITH MEEM WITH YEH FINAL FORM */ - {0xfdb2, 3, 4884}, /* ARABIC LIGATURE QAF WITH MEEM WITH YEH FINAL FORM */ - {0xfdb3, 3, 4887}, /* ARABIC LIGATURE NOON WITH HAH WITH YEH FINAL FORM */ - {0xfdb4, 3, 4761}, /* ARABIC LIGATURE QAF WITH MEEM WITH HAH INITIAL FORM */ - {0xfdb5, 3, 4767}, /* ARABIC LIGATURE LAM WITH HAH WITH MEEM INITIAL FORM */ - {0xfdb6, 3, 4890}, /* ARABIC LIGATURE AIN WITH MEEM WITH YEH FINAL FORM */ - {0xfdb7, 3, 4893}, /* ARABIC LIGATURE KAF WITH MEEM WITH YEH FINAL FORM */ - {0xfdb8, 3, 4896}, /* ARABIC LIGATURE NOON WITH JEEM WITH HAH INITIAL FORM */ - {0xfdb9, 3, 4899}, /* ARABIC LIGATURE MEEM WITH KHAH WITH YEH FINAL FORM */ - {0xfdba, 3, 4902}, /* ARABIC LIGATURE LAM WITH JEEM WITH MEEM INITIAL FORM */ - {0xfdbb, 3, 4905}, /* ARABIC LIGATURE KAF WITH MEEM WITH MEEM FINAL FORM */ - {0xfdbc, 3, 4902}, /* ARABIC LIGATURE LAM WITH JEEM WITH MEEM FINAL FORM */ - {0xfdbd, 3, 4896}, /* ARABIC LIGATURE NOON WITH JEEM WITH HAH FINAL FORM */ - {0xfdbe, 3, 4908}, /* ARABIC LIGATURE JEEM WITH HAH WITH YEH FINAL FORM */ - {0xfdbf, 3, 4911}, /* ARABIC LIGATURE HAH WITH JEEM WITH YEH FINAL FORM */ - {0xfdc0, 3, 4914}, /* ARABIC LIGATURE MEEM WITH JEEM WITH YEH FINAL FORM */ - {0xfdc1, 3, 4917}, /* ARABIC LIGATURE FEH WITH MEEM WITH YEH FINAL FORM */ - {0xfdc2, 3, 4920}, /* ARABIC LIGATURE BEH WITH HAH WITH YEH FINAL FORM */ - {0xfdc3, 3, 4905}, /* ARABIC LIGATURE KAF WITH MEEM WITH MEEM INITIAL FORM */ - {0xfdc4, 3, 4740}, /* ARABIC LIGATURE AIN WITH JEEM WITH MEEM INITIAL FORM */ - {0xfdc5, 3, 4710}, /* ARABIC LIGATURE SAD WITH MEEM WITH MEEM INITIAL FORM */ - {0xfdc6, 3, 4923}, /* ARABIC LIGATURE SEEN WITH KHAH WITH YEH FINAL FORM */ - {0xfdc7, 3, 4926}, /* ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM */ - {0xfdf0, 3, 4929}, /* ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM */ - {0xfdf1, 3, 4932}, /* ARABIC LIGATURE QALA USED AS KORANIC STOP SIGN ISOLATED FORM */ - {0xfdf2, 4, 4935}, /* ARABIC LIGATURE ALLAH ISOLATED FORM */ - {0xfdf3, 4, 4939}, /* ARABIC LIGATURE AKBAR ISOLATED FORM */ - {0xfdf4, 4, 4943}, /* ARABIC LIGATURE MOHAMMAD ISOLATED FORM */ - {0xfdf5, 4, 4947}, /* ARABIC LIGATURE SALAM ISOLATED FORM */ - {0xfdf6, 4, 4951}, /* ARABIC LIGATURE RASOUL ISOLATED FORM */ - {0xfdf7, 4, 4955}, /* ARABIC LIGATURE ALAYHE ISOLATED FORM */ - {0xfdf8, 4, 4959}, /* ARABIC LIGATURE WASALLAM ISOLATED FORM */ - {0xfdf9, 3, 4963}, /* ARABIC LIGATURE SALLA ISOLATED FORM */ - {0xfdfa, 18, 4966}, /* ARABIC LIGATURE SALLALLAHOU ALAYHE WASALLAM */ - {0xfdfb, 8, 4984}, /* ARABIC LIGATURE JALLAJALALOUHOU */ - {0xfdfc, 4, 4992}, /* RIAL SIGN */ - {0xfe30, 1, 4996}, /* PRESENTATION FORM FOR VERTICAL TWO DOT LEADER */ - {0xfe31, 1, 4997}, /* PRESENTATION FORM FOR VERTICAL EM DASH */ - {0xfe32, 1, 4998}, /* PRESENTATION FORM FOR VERTICAL EN DASH */ - {0xfe33, 1, 4999}, /* PRESENTATION FORM FOR VERTICAL LOW LINE */ - {0xfe34, 1, 4999}, /* PRESENTATION FORM FOR VERTICAL WAVY LOW LINE */ - {0xfe35, 1, 1918}, /* PRESENTATION FORM FOR VERTICAL LEFT PARENTHESIS */ - {0xfe36, 1, 1919}, /* PRESENTATION FORM FOR VERTICAL RIGHT PARENTHESIS */ - {0xfe37, 1, 5000}, /* PRESENTATION FORM FOR VERTICAL LEFT CURLY BRACKET */ - {0xfe38, 1, 5001}, /* PRESENTATION FORM FOR VERTICAL RIGHT CURLY BRACKET */ - {0xfe39, 1, 5002}, /* PRESENTATION FORM FOR VERTICAL LEFT TORTOISE SHELL BRACKET */ - {0xfe3a, 1, 5003}, /* PRESENTATION FORM FOR VERTICAL RIGHT TORTOISE SHELL BRACKET */ - {0xfe3b, 1, 5004}, /* PRESENTATION FORM FOR VERTICAL LEFT BLACK LENTICULAR BRACKET */ - {0xfe3c, 1, 5005}, /* PRESENTATION FORM FOR VERTICAL RIGHT BLACK LENTICULAR BRACKET */ - {0xfe3d, 1, 5006}, /* PRESENTATION FORM FOR VERTICAL LEFT DOUBLE ANGLE BRACKET */ - {0xfe3e, 1, 5007}, /* PRESENTATION FORM FOR VERTICAL RIGHT DOUBLE ANGLE BRACKET */ - {0xfe3f, 1, 2140}, /* PRESENTATION FORM FOR VERTICAL LEFT ANGLE BRACKET */ - {0xfe40, 1, 2141}, /* PRESENTATION FORM FOR VERTICAL RIGHT ANGLE BRACKET */ - {0xfe41, 1, 5008}, /* PRESENTATION FORM FOR VERTICAL LEFT CORNER BRACKET */ - {0xfe42, 1, 5009}, /* PRESENTATION FORM FOR VERTICAL RIGHT CORNER BRACKET */ - {0xfe43, 1, 5010}, /* PRESENTATION FORM FOR VERTICAL LEFT WHITE CORNER BRACKET */ - {0xfe44, 1, 5011}, /* PRESENTATION FORM FOR VERTICAL RIGHT WHITE CORNER BRACKET */ - {0xfe47, 1, 5012}, /* PRESENTATION FORM FOR VERTICAL LEFT SQUARE BRACKET */ - {0xfe48, 1, 5013}, /* PRESENTATION FORM FOR VERTICAL RIGHT SQUARE BRACKET */ - {0xfe49, 1, 5014}, /* DASHED OVERLINE */ - {0xfe4a, 1, 5014}, /* CENTRELINE OVERLINE */ - {0xfe4b, 1, 5014}, /* WAVY OVERLINE */ - {0xfe4c, 1, 5014}, /* DOUBLE WAVY OVERLINE */ - {0xfe4d, 1, 4999}, /* DASHED LOW LINE */ - {0xfe4e, 1, 4999}, /* CENTRELINE LOW LINE */ - {0xfe4f, 1, 4999}, /* WAVY LOW LINE */ - {0xfe50, 1, 5015}, /* SMALL COMMA */ - {0xfe51, 1, 5016}, /* SMALL IDEOGRAPHIC COMMA */ - {0xfe52, 1, 1884}, /* SMALL FULL STOP */ - {0xfe54, 1, 587}, /* SMALL SEMICOLON */ - {0xfe55, 1, 2364}, /* SMALL COLON */ - {0xfe56, 1, 1902}, /* SMALL QUESTION MARK */ - {0xfe57, 1, 1898}, /* SMALL EXCLAMATION MARK */ - {0xfe58, 1, 4997}, /* SMALL EM DASH */ - {0xfe59, 1, 1918}, /* SMALL LEFT PARENTHESIS */ - {0xfe5a, 1, 1919}, /* SMALL RIGHT PARENTHESIS */ - {0xfe5b, 1, 5000}, /* SMALL LEFT CURLY BRACKET */ - {0xfe5c, 1, 5001}, /* SMALL RIGHT CURLY BRACKET */ - {0xfe5d, 1, 5002}, /* SMALL LEFT TORTOISE SHELL BRACKET */ - {0xfe5e, 1, 5003}, /* SMALL RIGHT TORTOISE SHELL BRACKET */ - {0xfe5f, 1, 5017}, /* SMALL NUMBER SIGN */ - {0xfe60, 1, 5018}, /* SMALL AMPERSAND */ - {0xfe61, 1, 5019}, /* SMALL ASTERISK */ - {0xfe62, 1, 1915}, /* SMALL PLUS SIGN */ - {0xfe63, 1, 5020}, /* SMALL HYPHEN-MINUS */ - {0xfe64, 1, 2088}, /* SMALL LESS-THAN SIGN */ - {0xfe65, 1, 2090}, /* SMALL GREATER-THAN SIGN */ - {0xfe66, 1, 1917}, /* SMALL EQUALS SIGN */ - {0xfe68, 1, 5021}, /* SMALL REVERSE SOLIDUS */ - {0xfe69, 1, 5022}, /* SMALL DOLLAR SIGN */ - {0xfe6a, 1, 5023}, /* SMALL PERCENT SIGN */ - {0xfe6b, 1, 5024}, /* SMALL COMMERCIAL AT */ - {0xfe70, 2, 5025}, /* ARABIC FATHATAN ISOLATED FORM */ - {0xfe71, 2, 5027}, /* ARABIC TATWEEL WITH FATHATAN ABOVE */ - {0xfe72, 2, 4523}, /* ARABIC DAMMATAN ISOLATED FORM */ - {0xfe74, 2, 4526}, /* ARABIC KASRATAN ISOLATED FORM */ - {0xfe76, 2, 4529}, /* ARABIC FATHA ISOLATED FORM */ - {0xfe77, 2, 4601}, /* ARABIC FATHA MEDIAL FORM */ - {0xfe78, 2, 4532}, /* ARABIC DAMMA ISOLATED FORM */ - {0xfe79, 2, 4604}, /* ARABIC DAMMA MEDIAL FORM */ - {0xfe7a, 2, 4535}, /* ARABIC KASRA ISOLATED FORM */ - {0xfe7b, 2, 4607}, /* ARABIC KASRA MEDIAL FORM */ - {0xfe7c, 2, 4538}, /* ARABIC SHADDA ISOLATED FORM */ - {0xfe7d, 2, 5029}, /* ARABIC SHADDA MEDIAL FORM */ - {0xfe7e, 2, 5031}, /* ARABIC SUKUN ISOLATED FORM */ - {0xfe7f, 2, 5033}, /* ARABIC SUKUN MEDIAL FORM */ - {0xfe80, 1, 5035}, /* ARABIC LETTER HAMZA ISOLATED FORM */ - {0xfe81, 1, 5036}, /* ARABIC LETTER ALEF WITH MADDA ABOVE ISOLATED FORM */ - {0xfe82, 1, 5036}, /* ARABIC LETTER ALEF WITH MADDA ABOVE FINAL FORM */ - {0xfe83, 1, 5037}, /* ARABIC LETTER ALEF WITH HAMZA ABOVE ISOLATED FORM */ - {0xfe84, 1, 5037}, /* ARABIC LETTER ALEF WITH HAMZA ABOVE FINAL FORM */ - {0xfe85, 1, 5038}, /* ARABIC LETTER WAW WITH HAMZA ABOVE ISOLATED FORM */ - {0xfe86, 1, 5038}, /* ARABIC LETTER WAW WITH HAMZA ABOVE FINAL FORM */ - {0xfe87, 1, 5039}, /* ARABIC LETTER ALEF WITH HAMZA BELOW ISOLATED FORM */ - {0xfe88, 1, 5039}, /* ARABIC LETTER ALEF WITH HAMZA BELOW FINAL FORM */ - {0xfe89, 1, 4332}, /* ARABIC LETTER YEH WITH HAMZA ABOVE ISOLATED FORM */ - {0xfe8a, 1, 4332}, /* ARABIC LETTER YEH WITH HAMZA ABOVE FINAL FORM */ - {0xfe8b, 1, 4332}, /* ARABIC LETTER YEH WITH HAMZA ABOVE INITIAL FORM */ - {0xfe8c, 1, 4332}, /* ARABIC LETTER YEH WITH HAMZA ABOVE MEDIAL FORM */ - {0xfe8d, 1, 749}, /* ARABIC LETTER ALEF ISOLATED FORM */ - {0xfe8e, 1, 749}, /* ARABIC LETTER ALEF FINAL FORM */ - {0xfe8f, 1, 4357}, /* ARABIC LETTER BEH ISOLATED FORM */ - {0xfe90, 1, 4357}, /* ARABIC LETTER BEH FINAL FORM */ - {0xfe91, 1, 4357}, /* ARABIC LETTER BEH INITIAL FORM */ - {0xfe92, 1, 4357}, /* ARABIC LETTER BEH MEDIAL FORM */ - {0xfe93, 1, 5040}, /* ARABIC LETTER TEH MARBUTA ISOLATED FORM */ - {0xfe94, 1, 5040}, /* ARABIC LETTER TEH MARBUTA FINAL FORM */ - {0xfe95, 1, 4369}, /* ARABIC LETTER TEH ISOLATED FORM */ - {0xfe96, 1, 4369}, /* ARABIC LETTER TEH FINAL FORM */ - {0xfe97, 1, 4369}, /* ARABIC LETTER TEH INITIAL FORM */ - {0xfe98, 1, 4369}, /* ARABIC LETTER TEH MEDIAL FORM */ - {0xfe99, 1, 4381}, /* ARABIC LETTER THEH ISOLATED FORM */ - {0xfe9a, 1, 4381}, /* ARABIC LETTER THEH FINAL FORM */ - {0xfe9b, 1, 4381}, /* ARABIC LETTER THEH INITIAL FORM */ - {0xfe9c, 1, 4381}, /* ARABIC LETTER THEH MEDIAL FORM */ - {0xfe9d, 1, 4350}, /* ARABIC LETTER JEEM ISOLATED FORM */ - {0xfe9e, 1, 4350}, /* ARABIC LETTER JEEM FINAL FORM */ - {0xfe9f, 1, 4350}, /* ARABIC LETTER JEEM INITIAL FORM */ - {0xfea0, 1, 4350}, /* ARABIC LETTER JEEM MEDIAL FORM */ - {0xfea1, 1, 4352}, /* ARABIC LETTER HAH ISOLATED FORM */ - {0xfea2, 1, 4352}, /* ARABIC LETTER HAH FINAL FORM */ - {0xfea3, 1, 4352}, /* ARABIC LETTER HAH INITIAL FORM */ - {0xfea4, 1, 4352}, /* ARABIC LETTER HAH MEDIAL FORM */ - {0xfea5, 1, 4362}, /* ARABIC LETTER KHAH ISOLATED FORM */ - {0xfea6, 1, 4362}, /* ARABIC LETTER KHAH FINAL FORM */ - {0xfea7, 1, 4362}, /* ARABIC LETTER KHAH INITIAL FORM */ - {0xfea8, 1, 4362}, /* ARABIC LETTER KHAH MEDIAL FORM */ - {0xfea9, 1, 4946}, /* ARABIC LETTER DAL ISOLATED FORM */ - {0xfeaa, 1, 4946}, /* ARABIC LETTER DAL FINAL FORM */ - {0xfeab, 1, 4517}, /* ARABIC LETTER THAL ISOLATED FORM */ - {0xfeac, 1, 4517}, /* ARABIC LETTER THAL FINAL FORM */ - {0xfead, 1, 4519}, /* ARABIC LETTER REH ISOLATED FORM */ - {0xfeae, 1, 4519}, /* ARABIC LETTER REH FINAL FORM */ - {0xfeaf, 1, 4544}, /* ARABIC LETTER ZAIN ISOLATED FORM */ - {0xfeb0, 1, 4544}, /* ARABIC LETTER ZAIN FINAL FORM */ - {0xfeb1, 1, 4401}, /* ARABIC LETTER SEEN ISOLATED FORM */ - {0xfeb2, 1, 4401}, /* ARABIC LETTER SEEN FINAL FORM */ - {0xfeb3, 1, 4401}, /* ARABIC LETTER SEEN INITIAL FORM */ - {0xfeb4, 1, 4401}, /* ARABIC LETTER SEEN MEDIAL FORM */ - {0xfeb5, 1, 4597}, /* ARABIC LETTER SHEEN ISOLATED FORM */ - {0xfeb6, 1, 4597}, /* ARABIC LETTER SHEEN FINAL FORM */ - {0xfeb7, 1, 4597}, /* ARABIC LETTER SHEEN INITIAL FORM */ - {0xfeb8, 1, 4597}, /* ARABIC LETTER SHEEN MEDIAL FORM */ - {0xfeb9, 1, 4409}, /* ARABIC LETTER SAD ISOLATED FORM */ - {0xfeba, 1, 4409}, /* ARABIC LETTER SAD FINAL FORM */ - {0xfebb, 1, 4409}, /* ARABIC LETTER SAD INITIAL FORM */ - {0xfebc, 1, 4409}, /* ARABIC LETTER SAD MEDIAL FORM */ - {0xfebd, 1, 4413}, /* ARABIC LETTER DAD ISOLATED FORM */ - {0xfebe, 1, 4413}, /* ARABIC LETTER DAD FINAL FORM */ - {0xfebf, 1, 4413}, /* ARABIC LETTER DAD INITIAL FORM */ - {0xfec0, 1, 4413}, /* ARABIC LETTER DAD MEDIAL FORM */ - {0xfec1, 1, 4421}, /* ARABIC LETTER TAH ISOLATED FORM */ - {0xfec2, 1, 4421}, /* ARABIC LETTER TAH FINAL FORM */ - {0xfec3, 1, 4421}, /* ARABIC LETTER TAH INITIAL FORM */ - {0xfec4, 1, 4421}, /* ARABIC LETTER TAH MEDIAL FORM */ - {0xfec5, 1, 4425}, /* ARABIC LETTER ZAH ISOLATED FORM */ - {0xfec6, 1, 4425}, /* ARABIC LETTER ZAH FINAL FORM */ - {0xfec7, 1, 4425}, /* ARABIC LETTER ZAH INITIAL FORM */ - {0xfec8, 1, 4425}, /* ARABIC LETTER ZAH MEDIAL FORM */ - {0xfec9, 1, 4427}, /* ARABIC LETTER AIN ISOLATED FORM */ - {0xfeca, 1, 4427}, /* ARABIC LETTER AIN FINAL FORM */ - {0xfecb, 1, 4427}, /* ARABIC LETTER AIN INITIAL FORM */ - {0xfecc, 1, 4427}, /* ARABIC LETTER AIN MEDIAL FORM */ - {0xfecd, 1, 4431}, /* ARABIC LETTER GHAIN ISOLATED FORM */ - {0xfece, 1, 4431}, /* ARABIC LETTER GHAIN FINAL FORM */ - {0xfecf, 1, 4431}, /* ARABIC LETTER GHAIN INITIAL FORM */ - {0xfed0, 1, 4431}, /* ARABIC LETTER GHAIN MEDIAL FORM */ - {0xfed1, 1, 4435}, /* ARABIC LETTER FEH ISOLATED FORM */ - {0xfed2, 1, 4435}, /* ARABIC LETTER FEH FINAL FORM */ - {0xfed3, 1, 4435}, /* ARABIC LETTER FEH INITIAL FORM */ - {0xfed4, 1, 4435}, /* ARABIC LETTER FEH MEDIAL FORM */ - {0xfed5, 1, 4447}, /* ARABIC LETTER QAF ISOLATED FORM */ - {0xfed6, 1, 4447}, /* ARABIC LETTER QAF FINAL FORM */ - {0xfed7, 1, 4447}, /* ARABIC LETTER QAF INITIAL FORM */ - {0xfed8, 1, 4447}, /* ARABIC LETTER QAF MEDIAL FORM */ - {0xfed9, 1, 4455}, /* ARABIC LETTER KAF ISOLATED FORM */ - {0xfeda, 1, 4455}, /* ARABIC LETTER KAF FINAL FORM */ - {0xfedb, 1, 4455}, /* ARABIC LETTER KAF INITIAL FORM */ - {0xfedc, 1, 4455}, /* ARABIC LETTER KAF MEDIAL FORM */ - {0xfedd, 1, 4464}, /* ARABIC LETTER LAM ISOLATED FORM */ - {0xfede, 1, 4464}, /* ARABIC LETTER LAM FINAL FORM */ - {0xfedf, 1, 4464}, /* ARABIC LETTER LAM INITIAL FORM */ - {0xfee0, 1, 4464}, /* ARABIC LETTER LAM MEDIAL FORM */ - {0xfee1, 1, 4354}, /* ARABIC LETTER MEEM ISOLATED FORM */ - {0xfee2, 1, 4354}, /* ARABIC LETTER MEEM FINAL FORM */ - {0xfee3, 1, 4354}, /* ARABIC LETTER MEEM INITIAL FORM */ - {0xfee4, 1, 4354}, /* ARABIC LETTER MEEM MEDIAL FORM */ - {0xfee5, 1, 4491}, /* ARABIC LETTER NOON ISOLATED FORM */ - {0xfee6, 1, 4491}, /* ARABIC LETTER NOON FINAL FORM */ - {0xfee7, 1, 4491}, /* ARABIC LETTER NOON INITIAL FORM */ - {0xfee8, 1, 4491}, /* ARABIC LETTER NOON MEDIAL FORM */ - {0xfee9, 1, 4503}, /* ARABIC LETTER HEH ISOLATED FORM */ - {0xfeea, 1, 4503}, /* ARABIC LETTER HEH FINAL FORM */ - {0xfeeb, 1, 4503}, /* ARABIC LETTER HEH INITIAL FORM */ - {0xfeec, 1, 4503}, /* ARABIC LETTER HEH MEDIAL FORM */ - {0xfeed, 1, 753}, /* ARABIC LETTER WAW ISOLATED FORM */ - {0xfeee, 1, 753}, /* ARABIC LETTER WAW FINAL FORM */ - {0xfeef, 1, 4331}, /* ARABIC LETTER ALEF MAKSURA ISOLATED FORM */ - {0xfef0, 1, 4331}, /* ARABIC LETTER ALEF MAKSURA FINAL FORM */ - {0xfef1, 1, 757}, /* ARABIC LETTER YEH ISOLATED FORM */ - {0xfef2, 1, 757}, /* ARABIC LETTER YEH FINAL FORM */ - {0xfef3, 1, 757}, /* ARABIC LETTER YEH INITIAL FORM */ - {0xfef4, 1, 757}, /* ARABIC LETTER YEH MEDIAL FORM */ - {0xfef5, 2, 5041}, /* ARABIC LIGATURE LAM WITH ALEF WITH MADDA ABOVE ISOLATED FORM */ - {0xfef6, 2, 5041}, /* ARABIC LIGATURE LAM WITH ALEF WITH MADDA ABOVE FINAL FORM */ - {0xfef7, 2, 5043}, /* ARABIC LIGATURE LAM WITH ALEF WITH HAMZA ABOVE ISOLATED FORM */ - {0xfef8, 2, 5043}, /* ARABIC LIGATURE LAM WITH ALEF WITH HAMZA ABOVE FINAL FORM */ - {0xfef9, 2, 5045}, /* ARABIC LIGATURE LAM WITH ALEF WITH HAMZA BELOW ISOLATED FORM */ - {0xfefa, 2, 5045}, /* ARABIC LIGATURE LAM WITH ALEF WITH HAMZA BELOW FINAL FORM */ - {0xfefb, 2, 4988}, /* ARABIC LIGATURE LAM WITH ALEF ISOLATED FORM */ - {0xfefc, 2, 4988}, /* ARABIC LIGATURE LAM WITH ALEF FINAL FORM */ - {0xff01, 1, 1898}, /* FULLWIDTH EXCLAMATION MARK */ - {0xff02, 1, 5047}, /* FULLWIDTH QUOTATION MARK */ - {0xff03, 1, 5017}, /* FULLWIDTH NUMBER SIGN */ - {0xff04, 1, 5022}, /* FULLWIDTH DOLLAR SIGN */ - {0xff05, 1, 5023}, /* FULLWIDTH PERCENT SIGN */ - {0xff06, 1, 5018}, /* FULLWIDTH AMPERSAND */ - {0xff07, 1, 5048}, /* FULLWIDTH APOSTROPHE */ - {0xff08, 1, 1918}, /* FULLWIDTH LEFT PARENTHESIS */ - {0xff09, 1, 1919}, /* FULLWIDTH RIGHT PARENTHESIS */ - {0xff0a, 1, 5019}, /* FULLWIDTH ASTERISK */ - {0xff0b, 1, 1915}, /* FULLWIDTH PLUS SIGN */ - {0xff0c, 1, 5015}, /* FULLWIDTH COMMA */ - {0xff0d, 1, 5020}, /* FULLWIDTH HYPHEN-MINUS */ - {0xff0e, 1, 1884}, /* FULLWIDTH FULL STOP */ - {0xff0f, 1, 1923}, /* FULLWIDTH SOLIDUS */ - {0xff10, 1, 1909}, /* FULLWIDTH DIGIT ZERO */ - {0xff11, 1, 13}, /* FULLWIDTH DIGIT ONE */ - {0xff12, 1, 6}, /* FULLWIDTH DIGIT TWO */ - {0xff13, 1, 7}, /* FULLWIDTH DIGIT THREE */ - {0xff14, 1, 17}, /* FULLWIDTH DIGIT FOUR */ - {0xff15, 1, 1910}, /* FULLWIDTH DIGIT FIVE */ - {0xff16, 1, 1911}, /* FULLWIDTH DIGIT SIX */ - {0xff17, 1, 1912}, /* FULLWIDTH DIGIT SEVEN */ - {0xff18, 1, 1913}, /* FULLWIDTH DIGIT EIGHT */ - {0xff19, 1, 1914}, /* FULLWIDTH DIGIT NINE */ - {0xff1a, 1, 2364}, /* FULLWIDTH COLON */ - {0xff1b, 1, 587}, /* FULLWIDTH SEMICOLON */ - {0xff1c, 1, 2088}, /* FULLWIDTH LESS-THAN SIGN */ - {0xff1d, 1, 1917}, /* FULLWIDTH EQUALS SIGN */ - {0xff1e, 1, 2090}, /* FULLWIDTH GREATER-THAN SIGN */ - {0xff1f, 1, 1902}, /* FULLWIDTH QUESTION MARK */ - {0xff20, 1, 5024}, /* FULLWIDTH COMMERCIAL AT */ - {0xff21, 1, 24}, /* FULLWIDTH LATIN CAPITAL LETTER A */ - {0xff22, 1, 910}, /* FULLWIDTH LATIN CAPITAL LETTER B */ - {0xff23, 1, 36}, /* FULLWIDTH LATIN CAPITAL LETTER C */ - {0xff24, 1, 158}, /* FULLWIDTH LATIN CAPITAL LETTER D */ - {0xff25, 1, 38}, /* FULLWIDTH LATIN CAPITAL LETTER E */ - {0xff26, 1, 995}, /* FULLWIDTH LATIN CAPITAL LETTER F */ - {0xff27, 1, 182}, /* FULLWIDTH LATIN CAPITAL LETTER G */ - {0xff28, 1, 198}, /* FULLWIDTH LATIN CAPITAL LETTER H */ - {0xff29, 1, 46}, /* FULLWIDTH LATIN CAPITAL LETTER I */ - {0xff2a, 1, 221}, /* FULLWIDTH LATIN CAPITAL LETTER J */ - {0xff2b, 1, 228}, /* FULLWIDTH LATIN CAPITAL LETTER K */ - {0xff2c, 1, 232}, /* FULLWIDTH LATIN CAPITAL LETTER L */ - {0xff2d, 1, 912}, /* FULLWIDTH LATIN CAPITAL LETTER M */ - {0xff2e, 1, 54}, /* FULLWIDTH LATIN CAPITAL LETTER N */ - {0xff2f, 1, 56}, /* FULLWIDTH LATIN CAPITAL LETTER O */ - {0xff30, 1, 914}, /* FULLWIDTH LATIN CAPITAL LETTER P */ - {0xff31, 1, 1942}, /* FULLWIDTH LATIN CAPITAL LETTER Q */ - {0xff32, 1, 274}, /* FULLWIDTH LATIN CAPITAL LETTER R */ - {0xff33, 1, 286}, /* FULLWIDTH LATIN CAPITAL LETTER S */ - {0xff34, 1, 302}, /* FULLWIDTH LATIN CAPITAL LETTER T */ - {0xff35, 1, 66}, /* FULLWIDTH LATIN CAPITAL LETTER U */ - {0xff36, 1, 1183}, /* FULLWIDTH LATIN CAPITAL LETTER V */ - {0xff37, 1, 334}, /* FULLWIDTH LATIN CAPITAL LETTER W */ - {0xff38, 1, 1211}, /* FULLWIDTH LATIN CAPITAL LETTER X */ - {0xff39, 1, 74}, /* FULLWIDTH LATIN CAPITAL LETTER Y */ - {0xff3a, 1, 344}, /* FULLWIDTH LATIN CAPITAL LETTER Z */ - {0xff3b, 1, 5012}, /* FULLWIDTH LEFT SQUARE BRACKET */ - {0xff3c, 1, 5021}, /* FULLWIDTH REVERSE SOLIDUS */ - {0xff3d, 1, 5013}, /* FULLWIDTH RIGHT SQUARE BRACKET */ - {0xff3e, 1, 5049}, /* FULLWIDTH CIRCUMFLEX ACCENT */ - {0xff3f, 1, 4999}, /* FULLWIDTH LOW LINE */ - {0xff40, 1, 1848}, /* FULLWIDTH GRAVE ACCENT */ - {0xff41, 1, 3}, /* FULLWIDTH LATIN SMALL LETTER A */ - {0xff42, 1, 918}, /* FULLWIDTH LATIN SMALL LETTER B */ - {0xff43, 1, 88}, /* FULLWIDTH LATIN SMALL LETTER C */ - {0xff44, 1, 160}, /* FULLWIDTH LATIN SMALL LETTER D */ - {0xff45, 1, 90}, /* FULLWIDTH LATIN SMALL LETTER E */ - {0xff46, 1, 997}, /* FULLWIDTH LATIN SMALL LETTER F */ - {0xff47, 1, 184}, /* FULLWIDTH LATIN SMALL LETTER G */ - {0xff48, 1, 200}, /* FULLWIDTH LATIN SMALL LETTER H */ - {0xff49, 1, 98}, /* FULLWIDTH LATIN SMALL LETTER I */ - {0xff4a, 1, 223}, /* FULLWIDTH LATIN SMALL LETTER J */ - {0xff4b, 1, 230}, /* FULLWIDTH LATIN SMALL LETTER K */ - {0xff4c, 1, 234}, /* FULLWIDTH LATIN SMALL LETTER L */ - {0xff4d, 1, 922}, /* FULLWIDTH LATIN SMALL LETTER M */ - {0xff4e, 1, 106}, /* FULLWIDTH LATIN SMALL LETTER N */ - {0xff4f, 1, 14}, /* FULLWIDTH LATIN SMALL LETTER O */ - {0xff50, 1, 927}, /* FULLWIDTH LATIN SMALL LETTER P */ - {0xff51, 1, 2335}, /* FULLWIDTH LATIN SMALL LETTER Q */ - {0xff52, 1, 276}, /* FULLWIDTH LATIN SMALL LETTER R */ - {0xff53, 1, 288}, /* FULLWIDTH LATIN SMALL LETTER S */ - {0xff54, 1, 304}, /* FULLWIDTH LATIN SMALL LETTER T */ - {0xff55, 1, 118}, /* FULLWIDTH LATIN SMALL LETTER U */ - {0xff56, 1, 930}, /* FULLWIDTH LATIN SMALL LETTER V */ - {0xff57, 1, 336}, /* FULLWIDTH LATIN SMALL LETTER W */ - {0xff58, 1, 579}, /* FULLWIDTH LATIN SMALL LETTER X */ - {0xff59, 1, 126}, /* FULLWIDTH LATIN SMALL LETTER Y */ - {0xff5a, 1, 346}, /* FULLWIDTH LATIN SMALL LETTER Z */ - {0xff5b, 1, 5000}, /* FULLWIDTH LEFT CURLY BRACKET */ - {0xff5c, 1, 5050}, /* FULLWIDTH VERTICAL LINE */ - {0xff5d, 1, 5001}, /* FULLWIDTH RIGHT CURLY BRACKET */ - {0xff5e, 1, 5051}, /* FULLWIDTH TILDE */ - {0xff5f, 1, 5052}, /* FULLWIDTH LEFT WHITE PARENTHESIS */ - {0xff60, 1, 5053}, /* FULLWIDTH RIGHT WHITE PARENTHESIS */ - {0xff61, 1, 5054}, /* HALFWIDTH IDEOGRAPHIC FULL STOP */ - {0xff62, 1, 5008}, /* HALFWIDTH LEFT CORNER BRACKET */ - {0xff63, 1, 5009}, /* HALFWIDTH RIGHT CORNER BRACKET */ - {0xff64, 1, 5016}, /* HALFWIDTH IDEOGRAPHIC COMMA */ - {0xff65, 1, 5055}, /* HALFWIDTH KATAKANA MIDDLE DOT */ - {0xff66, 1, 2709}, /* HALFWIDTH KATAKANA LETTER WO */ - {0xff67, 1, 3180}, /* HALFWIDTH KATAKANA LETTER SMALL A */ - {0xff68, 1, 3348}, /* HALFWIDTH KATAKANA LETTER SMALL I */ - {0xff69, 1, 5056}, /* HALFWIDTH KATAKANA LETTER SMALL U */ - {0xff6a, 1, 3354}, /* HALFWIDTH KATAKANA LETTER SMALL E */ - {0xff6b, 1, 3196}, /* HALFWIDTH KATAKANA LETTER SMALL O */ - {0xff6c, 1, 5057}, /* HALFWIDTH KATAKANA LETTER SMALL YA */ - {0xff6d, 1, 3236}, /* HALFWIDTH KATAKANA LETTER SMALL YU */ - {0xff6e, 1, 3415}, /* HALFWIDTH KATAKANA LETTER SMALL YO */ - {0xff6f, 1, 3218}, /* HALFWIDTH KATAKANA LETTER SMALL TU */ - {0xff70, 1, 3175}, /* HALFWIDTH KATAKANA-HIRAGANA PROLONGED SOUND MARK */ - {0xff71, 1, 3151}, /* HALFWIDTH KATAKANA LETTER A */ - {0xff72, 1, 3152}, /* HALFWIDTH KATAKANA LETTER I */ - {0xff73, 1, 2701}, /* HALFWIDTH KATAKANA LETTER U */ - {0xff74, 1, 3153}, /* HALFWIDTH KATAKANA LETTER E */ - {0xff75, 1, 3154}, /* HALFWIDTH KATAKANA LETTER O */ - {0xff76, 1, 2651}, /* HALFWIDTH KATAKANA LETTER KA */ - {0xff77, 1, 2653}, /* HALFWIDTH KATAKANA LETTER KI */ - {0xff78, 1, 2655}, /* HALFWIDTH KATAKANA LETTER KU */ - {0xff79, 1, 2657}, /* HALFWIDTH KATAKANA LETTER KE */ - {0xff7a, 1, 2659}, /* HALFWIDTH KATAKANA LETTER KO */ - {0xff7b, 1, 2661}, /* HALFWIDTH KATAKANA LETTER SA */ - {0xff7c, 1, 2663}, /* HALFWIDTH KATAKANA LETTER SI */ - {0xff7d, 1, 2665}, /* HALFWIDTH KATAKANA LETTER SU */ - {0xff7e, 1, 2667}, /* HALFWIDTH KATAKANA LETTER SE */ - {0xff7f, 1, 2669}, /* HALFWIDTH KATAKANA LETTER SO */ - {0xff80, 1, 2671}, /* HALFWIDTH KATAKANA LETTER TA */ - {0xff81, 1, 2673}, /* HALFWIDTH KATAKANA LETTER TI */ - {0xff82, 1, 2675}, /* HALFWIDTH KATAKANA LETTER TU */ - {0xff83, 1, 2677}, /* HALFWIDTH KATAKANA LETTER TE */ - {0xff84, 1, 2679}, /* HALFWIDTH KATAKANA LETTER TO */ - {0xff85, 1, 3155}, /* HALFWIDTH KATAKANA LETTER NA */ - {0xff86, 1, 3156}, /* HALFWIDTH KATAKANA LETTER NI */ - {0xff87, 1, 3157}, /* HALFWIDTH KATAKANA LETTER NU */ - {0xff88, 1, 3158}, /* HALFWIDTH KATAKANA LETTER NE */ - {0xff89, 1, 3159}, /* HALFWIDTH KATAKANA LETTER NO */ - {0xff8a, 1, 2681}, /* HALFWIDTH KATAKANA LETTER HA */ - {0xff8b, 1, 2685}, /* HALFWIDTH KATAKANA LETTER HI */ - {0xff8c, 1, 2689}, /* HALFWIDTH KATAKANA LETTER HU */ - {0xff8d, 1, 2693}, /* HALFWIDTH KATAKANA LETTER HE */ - {0xff8e, 1, 2697}, /* HALFWIDTH KATAKANA LETTER HO */ - {0xff8f, 1, 3160}, /* HALFWIDTH KATAKANA LETTER MA */ - {0xff90, 1, 3161}, /* HALFWIDTH KATAKANA LETTER MI */ - {0xff91, 1, 3162}, /* HALFWIDTH KATAKANA LETTER MU */ - {0xff92, 1, 3163}, /* HALFWIDTH KATAKANA LETTER ME */ - {0xff93, 1, 3164}, /* HALFWIDTH KATAKANA LETTER MO */ - {0xff94, 1, 3165}, /* HALFWIDTH KATAKANA LETTER YA */ - {0xff95, 1, 3166}, /* HALFWIDTH KATAKANA LETTER YU */ - {0xff96, 1, 3167}, /* HALFWIDTH KATAKANA LETTER YO */ - {0xff97, 1, 3168}, /* HALFWIDTH KATAKANA LETTER RA */ - {0xff98, 1, 3169}, /* HALFWIDTH KATAKANA LETTER RI */ - {0xff99, 1, 3170}, /* HALFWIDTH KATAKANA LETTER RU */ - {0xff9a, 1, 3171}, /* HALFWIDTH KATAKANA LETTER RE */ - {0xff9b, 1, 3172}, /* HALFWIDTH KATAKANA LETTER RO */ - {0xff9c, 1, 2703}, /* HALFWIDTH KATAKANA LETTER WA */ - {0xff9d, 1, 3182}, /* HALFWIDTH KATAKANA LETTER N */ - {0xff9e, 1, 2592}, /* HALFWIDTH KATAKANA VOICED SOUND MARK */ - {0xff9f, 1, 2624}, /* HALFWIDTH KATAKANA SEMI-VOICED SOUND MARK */ - {0xffa0, 1, 5058}, /* HALFWIDTH HANGUL FILLER */ - {0xffa1, 1, 5059}, /* HALFWIDTH HANGUL LETTER KIYEOK */ - {0xffa2, 1, 5060}, /* HALFWIDTH HANGUL LETTER SSANGKIYEOK */ - {0xffa3, 1, 5061}, /* HALFWIDTH HANGUL LETTER KIYEOK-SIOS */ - {0xffa4, 1, 5062}, /* HALFWIDTH HANGUL LETTER NIEUN */ - {0xffa5, 1, 5063}, /* HALFWIDTH HANGUL LETTER NIEUN-CIEUC */ - {0xffa6, 1, 5064}, /* HALFWIDTH HANGUL LETTER NIEUN-HIEUH */ - {0xffa7, 1, 5065}, /* HALFWIDTH HANGUL LETTER TIKEUT */ - {0xffa8, 1, 5066}, /* HALFWIDTH HANGUL LETTER SSANGTIKEUT */ - {0xffa9, 1, 5067}, /* HALFWIDTH HANGUL LETTER RIEUL */ - {0xffaa, 1, 5068}, /* HALFWIDTH HANGUL LETTER RIEUL-KIYEOK */ - {0xffab, 1, 5069}, /* HALFWIDTH HANGUL LETTER RIEUL-MIEUM */ - {0xffac, 1, 5070}, /* HALFWIDTH HANGUL LETTER RIEUL-PIEUP */ - {0xffad, 1, 5071}, /* HALFWIDTH HANGUL LETTER RIEUL-SIOS */ - {0xffae, 1, 5072}, /* HALFWIDTH HANGUL LETTER RIEUL-THIEUTH */ - {0xffaf, 1, 5073}, /* HALFWIDTH HANGUL LETTER RIEUL-PHIEUPH */ - {0xffb0, 1, 5074}, /* HALFWIDTH HANGUL LETTER RIEUL-HIEUH */ - {0xffb1, 1, 5075}, /* HALFWIDTH HANGUL LETTER MIEUM */ - {0xffb2, 1, 5076}, /* HALFWIDTH HANGUL LETTER PIEUP */ - {0xffb3, 1, 5077}, /* HALFWIDTH HANGUL LETTER SSANGPIEUP */ - {0xffb4, 1, 5078}, /* HALFWIDTH HANGUL LETTER PIEUP-SIOS */ - {0xffb5, 1, 5079}, /* HALFWIDTH HANGUL LETTER SIOS */ - {0xffb6, 1, 5080}, /* HALFWIDTH HANGUL LETTER SSANGSIOS */ - {0xffb7, 1, 5081}, /* HALFWIDTH HANGUL LETTER IEUNG */ - {0xffb8, 1, 5082}, /* HALFWIDTH HANGUL LETTER CIEUC */ - {0xffb9, 1, 5083}, /* HALFWIDTH HANGUL LETTER SSANGCIEUC */ - {0xffba, 1, 5084}, /* HALFWIDTH HANGUL LETTER CHIEUCH */ - {0xffbb, 1, 5085}, /* HALFWIDTH HANGUL LETTER KHIEUKH */ - {0xffbc, 1, 5086}, /* HALFWIDTH HANGUL LETTER THIEUTH */ - {0xffbd, 1, 5087}, /* HALFWIDTH HANGUL LETTER PHIEUPH */ - {0xffbe, 1, 5088}, /* HALFWIDTH HANGUL LETTER HIEUH */ - {0xffc2, 1, 5089}, /* HALFWIDTH HANGUL LETTER A */ - {0xffc3, 1, 5090}, /* HALFWIDTH HANGUL LETTER AE */ - {0xffc4, 1, 5091}, /* HALFWIDTH HANGUL LETTER YA */ - {0xffc5, 1, 5092}, /* HALFWIDTH HANGUL LETTER YAE */ - {0xffc6, 1, 5093}, /* HALFWIDTH HANGUL LETTER EO */ - {0xffc7, 1, 5094}, /* HALFWIDTH HANGUL LETTER E */ - {0xffca, 1, 5095}, /* HALFWIDTH HANGUL LETTER YEO */ - {0xffcb, 1, 5096}, /* HALFWIDTH HANGUL LETTER YE */ - {0xffcc, 1, 5097}, /* HALFWIDTH HANGUL LETTER O */ - {0xffcd, 1, 5098}, /* HALFWIDTH HANGUL LETTER WA */ - {0xffce, 1, 5099}, /* HALFWIDTH HANGUL LETTER WAE */ - {0xffcf, 1, 5100}, /* HALFWIDTH HANGUL LETTER OE */ - {0xffd2, 1, 5101}, /* HALFWIDTH HANGUL LETTER YO */ - {0xffd3, 1, 5102}, /* HALFWIDTH HANGUL LETTER U */ - {0xffd4, 1, 5103}, /* HALFWIDTH HANGUL LETTER WEO */ - {0xffd5, 1, 5104}, /* HALFWIDTH HANGUL LETTER WE */ - {0xffd6, 1, 5105}, /* HALFWIDTH HANGUL LETTER WI */ - {0xffd7, 1, 5106}, /* HALFWIDTH HANGUL LETTER YU */ - {0xffda, 1, 5107}, /* HALFWIDTH HANGUL LETTER EU */ - {0xffdb, 1, 5108}, /* HALFWIDTH HANGUL LETTER YI */ - {0xffdc, 1, 5109}, /* HALFWIDTH HANGUL LETTER I */ - {0xffe0, 1, 5110}, /* FULLWIDTH CENT SIGN */ - {0xffe1, 1, 5111}, /* FULLWIDTH POUND SIGN */ - {0xffe2, 1, 5112}, /* FULLWIDTH NOT SIGN */ - {0xffe3, 1, 5113}, /* FULLWIDTH MACRON */ - {0xffe4, 1, 5114}, /* FULLWIDTH BROKEN BAR */ - {0xffe5, 1, 5115}, /* FULLWIDTH YEN SIGN */ - {0xffe6, 1, 5116}, /* FULLWIDTH WON SIGN */ - {0xffe8, 1, 5117}, /* HALFWIDTH FORMS LIGHT VERTICAL */ - {0xffe9, 1, 2042}, /* HALFWIDTH LEFTWARDS ARROW */ - {0xffea, 1, 5118}, /* HALFWIDTH UPWARDS ARROW */ - {0xffeb, 1, 2044}, /* HALFWIDTH RIGHTWARDS ARROW */ - {0xffec, 1, 5119}, /* HALFWIDTH DOWNWARDS ARROW */ - {0xffed, 1, 5120}, /* HALFWIDTH BLACK SQUARE */ - {0xffee, 1, 5121}, /* HALFWIDTH WHITE CIRCLE */ - {0x1d15e, 2, 5122}, /* MUSICAL SYMBOL HALF NOTE */ - {0x1d15f, 2, 5124}, /* MUSICAL SYMBOL QUARTER NOTE */ - {0x1d160, 2, 5126}, /* MUSICAL SYMBOL EIGHTH NOTE */ - {0x1d161, 2, 5128}, /* MUSICAL SYMBOL SIXTEENTH NOTE */ - {0x1d162, 2, 5130}, /* MUSICAL SYMBOL THIRTY-SECOND NOTE */ - {0x1d163, 2, 5132}, /* MUSICAL SYMBOL SIXTY-FOURTH NOTE */ - {0x1d164, 2, 5134}, /* MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE */ - {0x1d1bb, 2, 5136}, /* MUSICAL SYMBOL MINIMA */ - {0x1d1bc, 2, 5138}, /* MUSICAL SYMBOL MINIMA BLACK */ - {0x1d1bd, 2, 5140}, /* MUSICAL SYMBOL SEMIMINIMA WHITE */ - {0x1d1be, 2, 5142}, /* MUSICAL SYMBOL SEMIMINIMA BLACK */ - {0x1d1bf, 2, 5144}, /* MUSICAL SYMBOL FUSA WHITE */ - {0x1d1c0, 2, 5146}, /* MUSICAL SYMBOL FUSA BLACK */ - {0x1d400, 1, 24}, /* MATHEMATICAL BOLD CAPITAL A */ - {0x1d401, 1, 910}, /* MATHEMATICAL BOLD CAPITAL B */ - {0x1d402, 1, 36}, /* MATHEMATICAL BOLD CAPITAL C */ - {0x1d403, 1, 158}, /* MATHEMATICAL BOLD CAPITAL D */ - {0x1d404, 1, 38}, /* MATHEMATICAL BOLD CAPITAL E */ - {0x1d405, 1, 995}, /* MATHEMATICAL BOLD CAPITAL F */ - {0x1d406, 1, 182}, /* MATHEMATICAL BOLD CAPITAL G */ - {0x1d407, 1, 198}, /* MATHEMATICAL BOLD CAPITAL H */ - {0x1d408, 1, 46}, /* MATHEMATICAL BOLD CAPITAL I */ - {0x1d409, 1, 221}, /* MATHEMATICAL BOLD CAPITAL J */ - {0x1d40a, 1, 228}, /* MATHEMATICAL BOLD CAPITAL K */ - {0x1d40b, 1, 232}, /* MATHEMATICAL BOLD CAPITAL L */ - {0x1d40c, 1, 912}, /* MATHEMATICAL BOLD CAPITAL M */ - {0x1d40d, 1, 54}, /* MATHEMATICAL BOLD CAPITAL N */ - {0x1d40e, 1, 56}, /* MATHEMATICAL BOLD CAPITAL O */ - {0x1d40f, 1, 914}, /* MATHEMATICAL BOLD CAPITAL P */ - {0x1d410, 1, 1942}, /* MATHEMATICAL BOLD CAPITAL Q */ - {0x1d411, 1, 274}, /* MATHEMATICAL BOLD CAPITAL R */ - {0x1d412, 1, 286}, /* MATHEMATICAL BOLD CAPITAL S */ - {0x1d413, 1, 302}, /* MATHEMATICAL BOLD CAPITAL T */ - {0x1d414, 1, 66}, /* MATHEMATICAL BOLD CAPITAL U */ - {0x1d415, 1, 1183}, /* MATHEMATICAL BOLD CAPITAL V */ - {0x1d416, 1, 334}, /* MATHEMATICAL BOLD CAPITAL W */ - {0x1d417, 1, 1211}, /* MATHEMATICAL BOLD CAPITAL X */ - {0x1d418, 1, 74}, /* MATHEMATICAL BOLD CAPITAL Y */ - {0x1d419, 1, 344}, /* MATHEMATICAL BOLD CAPITAL Z */ - {0x1d41a, 1, 3}, /* MATHEMATICAL BOLD SMALL A */ - {0x1d41b, 1, 918}, /* MATHEMATICAL BOLD SMALL B */ - {0x1d41c, 1, 88}, /* MATHEMATICAL BOLD SMALL C */ - {0x1d41d, 1, 160}, /* MATHEMATICAL BOLD SMALL D */ - {0x1d41e, 1, 90}, /* MATHEMATICAL BOLD SMALL E */ - {0x1d41f, 1, 997}, /* MATHEMATICAL BOLD SMALL F */ - {0x1d420, 1, 184}, /* MATHEMATICAL BOLD SMALL G */ - {0x1d421, 1, 200}, /* MATHEMATICAL BOLD SMALL H */ - {0x1d422, 1, 98}, /* MATHEMATICAL BOLD SMALL I */ - {0x1d423, 1, 223}, /* MATHEMATICAL BOLD SMALL J */ - {0x1d424, 1, 230}, /* MATHEMATICAL BOLD SMALL K */ - {0x1d425, 1, 234}, /* MATHEMATICAL BOLD SMALL L */ - {0x1d426, 1, 922}, /* MATHEMATICAL BOLD SMALL M */ - {0x1d427, 1, 106}, /* MATHEMATICAL BOLD SMALL N */ - {0x1d428, 1, 14}, /* MATHEMATICAL BOLD SMALL O */ - {0x1d429, 1, 927}, /* MATHEMATICAL BOLD SMALL P */ - {0x1d42a, 1, 2335}, /* MATHEMATICAL BOLD SMALL Q */ - {0x1d42b, 1, 276}, /* MATHEMATICAL BOLD SMALL R */ - {0x1d42c, 1, 288}, /* MATHEMATICAL BOLD SMALL S */ - {0x1d42d, 1, 304}, /* MATHEMATICAL BOLD SMALL T */ - {0x1d42e, 1, 118}, /* MATHEMATICAL BOLD SMALL U */ - {0x1d42f, 1, 930}, /* MATHEMATICAL BOLD SMALL V */ - {0x1d430, 1, 336}, /* MATHEMATICAL BOLD SMALL W */ - {0x1d431, 1, 579}, /* MATHEMATICAL BOLD SMALL X */ - {0x1d432, 1, 126}, /* MATHEMATICAL BOLD SMALL Y */ - {0x1d433, 1, 346}, /* MATHEMATICAL BOLD SMALL Z */ - {0x1d434, 1, 24}, /* MATHEMATICAL ITALIC CAPITAL A */ - {0x1d435, 1, 910}, /* MATHEMATICAL ITALIC CAPITAL B */ - {0x1d436, 1, 36}, /* MATHEMATICAL ITALIC CAPITAL C */ - {0x1d437, 1, 158}, /* MATHEMATICAL ITALIC CAPITAL D */ - {0x1d438, 1, 38}, /* MATHEMATICAL ITALIC CAPITAL E */ - {0x1d439, 1, 995}, /* MATHEMATICAL ITALIC CAPITAL F */ - {0x1d43a, 1, 182}, /* MATHEMATICAL ITALIC CAPITAL G */ - {0x1d43b, 1, 198}, /* MATHEMATICAL ITALIC CAPITAL H */ - {0x1d43c, 1, 46}, /* MATHEMATICAL ITALIC CAPITAL I */ - {0x1d43d, 1, 221}, /* MATHEMATICAL ITALIC CAPITAL J */ - {0x1d43e, 1, 228}, /* MATHEMATICAL ITALIC CAPITAL K */ - {0x1d43f, 1, 232}, /* MATHEMATICAL ITALIC CAPITAL L */ - {0x1d440, 1, 912}, /* MATHEMATICAL ITALIC CAPITAL M */ - {0x1d441, 1, 54}, /* MATHEMATICAL ITALIC CAPITAL N */ - {0x1d442, 1, 56}, /* MATHEMATICAL ITALIC CAPITAL O */ - {0x1d443, 1, 914}, /* MATHEMATICAL ITALIC CAPITAL P */ - {0x1d444, 1, 1942}, /* MATHEMATICAL ITALIC CAPITAL Q */ - {0x1d445, 1, 274}, /* MATHEMATICAL ITALIC CAPITAL R */ - {0x1d446, 1, 286}, /* MATHEMATICAL ITALIC CAPITAL S */ - {0x1d447, 1, 302}, /* MATHEMATICAL ITALIC CAPITAL T */ - {0x1d448, 1, 66}, /* MATHEMATICAL ITALIC CAPITAL U */ - {0x1d449, 1, 1183}, /* MATHEMATICAL ITALIC CAPITAL V */ - {0x1d44a, 1, 334}, /* MATHEMATICAL ITALIC CAPITAL W */ - {0x1d44b, 1, 1211}, /* MATHEMATICAL ITALIC CAPITAL X */ - {0x1d44c, 1, 74}, /* MATHEMATICAL ITALIC CAPITAL Y */ - {0x1d44d, 1, 344}, /* MATHEMATICAL ITALIC CAPITAL Z */ - {0x1d44e, 1, 3}, /* MATHEMATICAL ITALIC SMALL A */ - {0x1d44f, 1, 918}, /* MATHEMATICAL ITALIC SMALL B */ - {0x1d450, 1, 88}, /* MATHEMATICAL ITALIC SMALL C */ - {0x1d451, 1, 160}, /* MATHEMATICAL ITALIC SMALL D */ - {0x1d452, 1, 90}, /* MATHEMATICAL ITALIC SMALL E */ - {0x1d453, 1, 997}, /* MATHEMATICAL ITALIC SMALL F */ - {0x1d454, 1, 184}, /* MATHEMATICAL ITALIC SMALL G */ - {0x1d456, 1, 98}, /* MATHEMATICAL ITALIC SMALL I */ - {0x1d457, 1, 223}, /* MATHEMATICAL ITALIC SMALL J */ - {0x1d458, 1, 230}, /* MATHEMATICAL ITALIC SMALL K */ - {0x1d459, 1, 234}, /* MATHEMATICAL ITALIC SMALL L */ - {0x1d45a, 1, 922}, /* MATHEMATICAL ITALIC SMALL M */ - {0x1d45b, 1, 106}, /* MATHEMATICAL ITALIC SMALL N */ - {0x1d45c, 1, 14}, /* MATHEMATICAL ITALIC SMALL O */ - {0x1d45d, 1, 927}, /* MATHEMATICAL ITALIC SMALL P */ - {0x1d45e, 1, 2335}, /* MATHEMATICAL ITALIC SMALL Q */ - {0x1d45f, 1, 276}, /* MATHEMATICAL ITALIC SMALL R */ - {0x1d460, 1, 288}, /* MATHEMATICAL ITALIC SMALL S */ - {0x1d461, 1, 304}, /* MATHEMATICAL ITALIC SMALL T */ - {0x1d462, 1, 118}, /* MATHEMATICAL ITALIC SMALL U */ - {0x1d463, 1, 930}, /* MATHEMATICAL ITALIC SMALL V */ - {0x1d464, 1, 336}, /* MATHEMATICAL ITALIC SMALL W */ - {0x1d465, 1, 579}, /* MATHEMATICAL ITALIC SMALL X */ - {0x1d466, 1, 126}, /* MATHEMATICAL ITALIC SMALL Y */ - {0x1d467, 1, 346}, /* MATHEMATICAL ITALIC SMALL Z */ - {0x1d468, 1, 24}, /* MATHEMATICAL BOLD ITALIC CAPITAL A */ - {0x1d469, 1, 910}, /* MATHEMATICAL BOLD ITALIC CAPITAL B */ - {0x1d46a, 1, 36}, /* MATHEMATICAL BOLD ITALIC CAPITAL C */ - {0x1d46b, 1, 158}, /* MATHEMATICAL BOLD ITALIC CAPITAL D */ - {0x1d46c, 1, 38}, /* MATHEMATICAL BOLD ITALIC CAPITAL E */ - {0x1d46d, 1, 995}, /* MATHEMATICAL BOLD ITALIC CAPITAL F */ - {0x1d46e, 1, 182}, /* MATHEMATICAL BOLD ITALIC CAPITAL G */ - {0x1d46f, 1, 198}, /* MATHEMATICAL BOLD ITALIC CAPITAL H */ - {0x1d470, 1, 46}, /* MATHEMATICAL BOLD ITALIC CAPITAL I */ - {0x1d471, 1, 221}, /* MATHEMATICAL BOLD ITALIC CAPITAL J */ - {0x1d472, 1, 228}, /* MATHEMATICAL BOLD ITALIC CAPITAL K */ - {0x1d473, 1, 232}, /* MATHEMATICAL BOLD ITALIC CAPITAL L */ - {0x1d474, 1, 912}, /* MATHEMATICAL BOLD ITALIC CAPITAL M */ - {0x1d475, 1, 54}, /* MATHEMATICAL BOLD ITALIC CAPITAL N */ - {0x1d476, 1, 56}, /* MATHEMATICAL BOLD ITALIC CAPITAL O */ - {0x1d477, 1, 914}, /* MATHEMATICAL BOLD ITALIC CAPITAL P */ - {0x1d478, 1, 1942}, /* MATHEMATICAL BOLD ITALIC CAPITAL Q */ - {0x1d479, 1, 274}, /* MATHEMATICAL BOLD ITALIC CAPITAL R */ - {0x1d47a, 1, 286}, /* MATHEMATICAL BOLD ITALIC CAPITAL S */ - {0x1d47b, 1, 302}, /* MATHEMATICAL BOLD ITALIC CAPITAL T */ - {0x1d47c, 1, 66}, /* MATHEMATICAL BOLD ITALIC CAPITAL U */ - {0x1d47d, 1, 1183}, /* MATHEMATICAL BOLD ITALIC CAPITAL V */ - {0x1d47e, 1, 334}, /* MATHEMATICAL BOLD ITALIC CAPITAL W */ - {0x1d47f, 1, 1211}, /* MATHEMATICAL BOLD ITALIC CAPITAL X */ - {0x1d480, 1, 74}, /* MATHEMATICAL BOLD ITALIC CAPITAL Y */ - {0x1d481, 1, 344}, /* MATHEMATICAL BOLD ITALIC CAPITAL Z */ - {0x1d482, 1, 3}, /* MATHEMATICAL BOLD ITALIC SMALL A */ - {0x1d483, 1, 918}, /* MATHEMATICAL BOLD ITALIC SMALL B */ - {0x1d484, 1, 88}, /* MATHEMATICAL BOLD ITALIC SMALL C */ - {0x1d485, 1, 160}, /* MATHEMATICAL BOLD ITALIC SMALL D */ - {0x1d486, 1, 90}, /* MATHEMATICAL BOLD ITALIC SMALL E */ - {0x1d487, 1, 997}, /* MATHEMATICAL BOLD ITALIC SMALL F */ - {0x1d488, 1, 184}, /* MATHEMATICAL BOLD ITALIC SMALL G */ - {0x1d489, 1, 200}, /* MATHEMATICAL BOLD ITALIC SMALL H */ - {0x1d48a, 1, 98}, /* MATHEMATICAL BOLD ITALIC SMALL I */ - {0x1d48b, 1, 223}, /* MATHEMATICAL BOLD ITALIC SMALL J */ - {0x1d48c, 1, 230}, /* MATHEMATICAL BOLD ITALIC SMALL K */ - {0x1d48d, 1, 234}, /* MATHEMATICAL BOLD ITALIC SMALL L */ - {0x1d48e, 1, 922}, /* MATHEMATICAL BOLD ITALIC SMALL M */ - {0x1d48f, 1, 106}, /* MATHEMATICAL BOLD ITALIC SMALL N */ - {0x1d490, 1, 14}, /* MATHEMATICAL BOLD ITALIC SMALL O */ - {0x1d491, 1, 927}, /* MATHEMATICAL BOLD ITALIC SMALL P */ - {0x1d492, 1, 2335}, /* MATHEMATICAL BOLD ITALIC SMALL Q */ - {0x1d493, 1, 276}, /* MATHEMATICAL BOLD ITALIC SMALL R */ - {0x1d494, 1, 288}, /* MATHEMATICAL BOLD ITALIC SMALL S */ - {0x1d495, 1, 304}, /* MATHEMATICAL BOLD ITALIC SMALL T */ - {0x1d496, 1, 118}, /* MATHEMATICAL BOLD ITALIC SMALL U */ - {0x1d497, 1, 930}, /* MATHEMATICAL BOLD ITALIC SMALL V */ - {0x1d498, 1, 336}, /* MATHEMATICAL BOLD ITALIC SMALL W */ - {0x1d499, 1, 579}, /* MATHEMATICAL BOLD ITALIC SMALL X */ - {0x1d49a, 1, 126}, /* MATHEMATICAL BOLD ITALIC SMALL Y */ - {0x1d49b, 1, 346}, /* MATHEMATICAL BOLD ITALIC SMALL Z */ - {0x1d49c, 1, 24}, /* MATHEMATICAL SCRIPT CAPITAL A */ - {0x1d49e, 1, 36}, /* MATHEMATICAL SCRIPT CAPITAL C */ - {0x1d49f, 1, 158}, /* MATHEMATICAL SCRIPT CAPITAL D */ - {0x1d4a2, 1, 182}, /* MATHEMATICAL SCRIPT CAPITAL G */ - {0x1d4a5, 1, 221}, /* MATHEMATICAL SCRIPT CAPITAL J */ - {0x1d4a6, 1, 228}, /* MATHEMATICAL SCRIPT CAPITAL K */ - {0x1d4a9, 1, 54}, /* MATHEMATICAL SCRIPT CAPITAL N */ - {0x1d4aa, 1, 56}, /* MATHEMATICAL SCRIPT CAPITAL O */ - {0x1d4ab, 1, 914}, /* MATHEMATICAL SCRIPT CAPITAL P */ - {0x1d4ac, 1, 1942}, /* MATHEMATICAL SCRIPT CAPITAL Q */ - {0x1d4ae, 1, 286}, /* MATHEMATICAL SCRIPT CAPITAL S */ - {0x1d4af, 1, 302}, /* MATHEMATICAL SCRIPT CAPITAL T */ - {0x1d4b0, 1, 66}, /* MATHEMATICAL SCRIPT CAPITAL U */ - {0x1d4b1, 1, 1183}, /* MATHEMATICAL SCRIPT CAPITAL V */ - {0x1d4b2, 1, 334}, /* MATHEMATICAL SCRIPT CAPITAL W */ - {0x1d4b3, 1, 1211}, /* MATHEMATICAL SCRIPT CAPITAL X */ - {0x1d4b4, 1, 74}, /* MATHEMATICAL SCRIPT CAPITAL Y */ - {0x1d4b5, 1, 344}, /* MATHEMATICAL SCRIPT CAPITAL Z */ - {0x1d4b6, 1, 3}, /* MATHEMATICAL SCRIPT SMALL A */ - {0x1d4b7, 1, 918}, /* MATHEMATICAL SCRIPT SMALL B */ - {0x1d4b8, 1, 88}, /* MATHEMATICAL SCRIPT SMALL C */ - {0x1d4b9, 1, 160}, /* MATHEMATICAL SCRIPT SMALL D */ - {0x1d4bb, 1, 997}, /* MATHEMATICAL SCRIPT SMALL F */ - {0x1d4bd, 1, 200}, /* MATHEMATICAL SCRIPT SMALL H */ - {0x1d4be, 1, 98}, /* MATHEMATICAL SCRIPT SMALL I */ - {0x1d4bf, 1, 223}, /* MATHEMATICAL SCRIPT SMALL J */ - {0x1d4c0, 1, 230}, /* MATHEMATICAL SCRIPT SMALL K */ - {0x1d4c1, 1, 234}, /* MATHEMATICAL SCRIPT SMALL L */ - {0x1d4c2, 1, 922}, /* MATHEMATICAL SCRIPT SMALL M */ - {0x1d4c3, 1, 106}, /* MATHEMATICAL SCRIPT SMALL N */ - {0x1d4c5, 1, 927}, /* MATHEMATICAL SCRIPT SMALL P */ - {0x1d4c6, 1, 2335}, /* MATHEMATICAL SCRIPT SMALL Q */ - {0x1d4c7, 1, 276}, /* MATHEMATICAL SCRIPT SMALL R */ - {0x1d4c8, 1, 288}, /* MATHEMATICAL SCRIPT SMALL S */ - {0x1d4c9, 1, 304}, /* MATHEMATICAL SCRIPT SMALL T */ - {0x1d4ca, 1, 118}, /* MATHEMATICAL SCRIPT SMALL U */ - {0x1d4cb, 1, 930}, /* MATHEMATICAL SCRIPT SMALL V */ - {0x1d4cc, 1, 336}, /* MATHEMATICAL SCRIPT SMALL W */ - {0x1d4cd, 1, 579}, /* MATHEMATICAL SCRIPT SMALL X */ - {0x1d4ce, 1, 126}, /* MATHEMATICAL SCRIPT SMALL Y */ - {0x1d4cf, 1, 346}, /* MATHEMATICAL SCRIPT SMALL Z */ - {0x1d4d0, 1, 24}, /* MATHEMATICAL BOLD SCRIPT CAPITAL A */ - {0x1d4d1, 1, 910}, /* MATHEMATICAL BOLD SCRIPT CAPITAL B */ - {0x1d4d2, 1, 36}, /* MATHEMATICAL BOLD SCRIPT CAPITAL C */ - {0x1d4d3, 1, 158}, /* MATHEMATICAL BOLD SCRIPT CAPITAL D */ - {0x1d4d4, 1, 38}, /* MATHEMATICAL BOLD SCRIPT CAPITAL E */ - {0x1d4d5, 1, 995}, /* MATHEMATICAL BOLD SCRIPT CAPITAL F */ - {0x1d4d6, 1, 182}, /* MATHEMATICAL BOLD SCRIPT CAPITAL G */ - {0x1d4d7, 1, 198}, /* MATHEMATICAL BOLD SCRIPT CAPITAL H */ - {0x1d4d8, 1, 46}, /* MATHEMATICAL BOLD SCRIPT CAPITAL I */ - {0x1d4d9, 1, 221}, /* MATHEMATICAL BOLD SCRIPT CAPITAL J */ - {0x1d4da, 1, 228}, /* MATHEMATICAL BOLD SCRIPT CAPITAL K */ - {0x1d4db, 1, 232}, /* MATHEMATICAL BOLD SCRIPT CAPITAL L */ - {0x1d4dc, 1, 912}, /* MATHEMATICAL BOLD SCRIPT CAPITAL M */ - {0x1d4dd, 1, 54}, /* MATHEMATICAL BOLD SCRIPT CAPITAL N */ - {0x1d4de, 1, 56}, /* MATHEMATICAL BOLD SCRIPT CAPITAL O */ - {0x1d4df, 1, 914}, /* MATHEMATICAL BOLD SCRIPT CAPITAL P */ - {0x1d4e0, 1, 1942}, /* MATHEMATICAL BOLD SCRIPT CAPITAL Q */ - {0x1d4e1, 1, 274}, /* MATHEMATICAL BOLD SCRIPT CAPITAL R */ - {0x1d4e2, 1, 286}, /* MATHEMATICAL BOLD SCRIPT CAPITAL S */ - {0x1d4e3, 1, 302}, /* MATHEMATICAL BOLD SCRIPT CAPITAL T */ - {0x1d4e4, 1, 66}, /* MATHEMATICAL BOLD SCRIPT CAPITAL U */ - {0x1d4e5, 1, 1183}, /* MATHEMATICAL BOLD SCRIPT CAPITAL V */ - {0x1d4e6, 1, 334}, /* MATHEMATICAL BOLD SCRIPT CAPITAL W */ - {0x1d4e7, 1, 1211}, /* MATHEMATICAL BOLD SCRIPT CAPITAL X */ - {0x1d4e8, 1, 74}, /* MATHEMATICAL BOLD SCRIPT CAPITAL Y */ - {0x1d4e9, 1, 344}, /* MATHEMATICAL BOLD SCRIPT CAPITAL Z */ - {0x1d4ea, 1, 3}, /* MATHEMATICAL BOLD SCRIPT SMALL A */ - {0x1d4eb, 1, 918}, /* MATHEMATICAL BOLD SCRIPT SMALL B */ - {0x1d4ec, 1, 88}, /* MATHEMATICAL BOLD SCRIPT SMALL C */ - {0x1d4ed, 1, 160}, /* MATHEMATICAL BOLD SCRIPT SMALL D */ - {0x1d4ee, 1, 90}, /* MATHEMATICAL BOLD SCRIPT SMALL E */ - {0x1d4ef, 1, 997}, /* MATHEMATICAL BOLD SCRIPT SMALL F */ - {0x1d4f0, 1, 184}, /* MATHEMATICAL BOLD SCRIPT SMALL G */ - {0x1d4f1, 1, 200}, /* MATHEMATICAL BOLD SCRIPT SMALL H */ - {0x1d4f2, 1, 98}, /* MATHEMATICAL BOLD SCRIPT SMALL I */ - {0x1d4f3, 1, 223}, /* MATHEMATICAL BOLD SCRIPT SMALL J */ - {0x1d4f4, 1, 230}, /* MATHEMATICAL BOLD SCRIPT SMALL K */ - {0x1d4f5, 1, 234}, /* MATHEMATICAL BOLD SCRIPT SMALL L */ - {0x1d4f6, 1, 922}, /* MATHEMATICAL BOLD SCRIPT SMALL M */ - {0x1d4f7, 1, 106}, /* MATHEMATICAL BOLD SCRIPT SMALL N */ - {0x1d4f8, 1, 14}, /* MATHEMATICAL BOLD SCRIPT SMALL O */ - {0x1d4f9, 1, 927}, /* MATHEMATICAL BOLD SCRIPT SMALL P */ - {0x1d4fa, 1, 2335}, /* MATHEMATICAL BOLD SCRIPT SMALL Q */ - {0x1d4fb, 1, 276}, /* MATHEMATICAL BOLD SCRIPT SMALL R */ - {0x1d4fc, 1, 288}, /* MATHEMATICAL BOLD SCRIPT SMALL S */ - {0x1d4fd, 1, 304}, /* MATHEMATICAL BOLD SCRIPT SMALL T */ - {0x1d4fe, 1, 118}, /* MATHEMATICAL BOLD SCRIPT SMALL U */ - {0x1d4ff, 1, 930}, /* MATHEMATICAL BOLD SCRIPT SMALL V */ - {0x1d500, 1, 336}, /* MATHEMATICAL BOLD SCRIPT SMALL W */ - {0x1d501, 1, 579}, /* MATHEMATICAL BOLD SCRIPT SMALL X */ - {0x1d502, 1, 126}, /* MATHEMATICAL BOLD SCRIPT SMALL Y */ - {0x1d503, 1, 346}, /* MATHEMATICAL BOLD SCRIPT SMALL Z */ - {0x1d504, 1, 24}, /* MATHEMATICAL FRAKTUR CAPITAL A */ - {0x1d505, 1, 910}, /* MATHEMATICAL FRAKTUR CAPITAL B */ - {0x1d507, 1, 158}, /* MATHEMATICAL FRAKTUR CAPITAL D */ - {0x1d508, 1, 38}, /* MATHEMATICAL FRAKTUR CAPITAL E */ - {0x1d509, 1, 995}, /* MATHEMATICAL FRAKTUR CAPITAL F */ - {0x1d50a, 1, 182}, /* MATHEMATICAL FRAKTUR CAPITAL G */ - {0x1d50d, 1, 221}, /* MATHEMATICAL FRAKTUR CAPITAL J */ - {0x1d50e, 1, 228}, /* MATHEMATICAL FRAKTUR CAPITAL K */ - {0x1d50f, 1, 232}, /* MATHEMATICAL FRAKTUR CAPITAL L */ - {0x1d510, 1, 912}, /* MATHEMATICAL FRAKTUR CAPITAL M */ - {0x1d511, 1, 54}, /* MATHEMATICAL FRAKTUR CAPITAL N */ - {0x1d512, 1, 56}, /* MATHEMATICAL FRAKTUR CAPITAL O */ - {0x1d513, 1, 914}, /* MATHEMATICAL FRAKTUR CAPITAL P */ - {0x1d514, 1, 1942}, /* MATHEMATICAL FRAKTUR CAPITAL Q */ - {0x1d516, 1, 286}, /* MATHEMATICAL FRAKTUR CAPITAL S */ - {0x1d517, 1, 302}, /* MATHEMATICAL FRAKTUR CAPITAL T */ - {0x1d518, 1, 66}, /* MATHEMATICAL FRAKTUR CAPITAL U */ - {0x1d519, 1, 1183}, /* MATHEMATICAL FRAKTUR CAPITAL V */ - {0x1d51a, 1, 334}, /* MATHEMATICAL FRAKTUR CAPITAL W */ - {0x1d51b, 1, 1211}, /* MATHEMATICAL FRAKTUR CAPITAL X */ - {0x1d51c, 1, 74}, /* MATHEMATICAL FRAKTUR CAPITAL Y */ - {0x1d51e, 1, 3}, /* MATHEMATICAL FRAKTUR SMALL A */ - {0x1d51f, 1, 918}, /* MATHEMATICAL FRAKTUR SMALL B */ - {0x1d520, 1, 88}, /* MATHEMATICAL FRAKTUR SMALL C */ - {0x1d521, 1, 160}, /* MATHEMATICAL FRAKTUR SMALL D */ - {0x1d522, 1, 90}, /* MATHEMATICAL FRAKTUR SMALL E */ - {0x1d523, 1, 997}, /* MATHEMATICAL FRAKTUR SMALL F */ - {0x1d524, 1, 184}, /* MATHEMATICAL FRAKTUR SMALL G */ - {0x1d525, 1, 200}, /* MATHEMATICAL FRAKTUR SMALL H */ - {0x1d526, 1, 98}, /* MATHEMATICAL FRAKTUR SMALL I */ - {0x1d527, 1, 223}, /* MATHEMATICAL FRAKTUR SMALL J */ - {0x1d528, 1, 230}, /* MATHEMATICAL FRAKTUR SMALL K */ - {0x1d529, 1, 234}, /* MATHEMATICAL FRAKTUR SMALL L */ - {0x1d52a, 1, 922}, /* MATHEMATICAL FRAKTUR SMALL M */ - {0x1d52b, 1, 106}, /* MATHEMATICAL FRAKTUR SMALL N */ - {0x1d52c, 1, 14}, /* MATHEMATICAL FRAKTUR SMALL O */ - {0x1d52d, 1, 927}, /* MATHEMATICAL FRAKTUR SMALL P */ - {0x1d52e, 1, 2335}, /* MATHEMATICAL FRAKTUR SMALL Q */ - {0x1d52f, 1, 276}, /* MATHEMATICAL FRAKTUR SMALL R */ - {0x1d530, 1, 288}, /* MATHEMATICAL FRAKTUR SMALL S */ - {0x1d531, 1, 304}, /* MATHEMATICAL FRAKTUR SMALL T */ - {0x1d532, 1, 118}, /* MATHEMATICAL FRAKTUR SMALL U */ - {0x1d533, 1, 930}, /* MATHEMATICAL FRAKTUR SMALL V */ - {0x1d534, 1, 336}, /* MATHEMATICAL FRAKTUR SMALL W */ - {0x1d535, 1, 579}, /* MATHEMATICAL FRAKTUR SMALL X */ - {0x1d536, 1, 126}, /* MATHEMATICAL FRAKTUR SMALL Y */ - {0x1d537, 1, 346}, /* MATHEMATICAL FRAKTUR SMALL Z */ - {0x1d538, 1, 24}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL A */ - {0x1d539, 1, 910}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL B */ - {0x1d53b, 1, 158}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL D */ - {0x1d53c, 1, 38}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL E */ - {0x1d53d, 1, 995}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL F */ - {0x1d53e, 1, 182}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL G */ - {0x1d540, 1, 46}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL I */ - {0x1d541, 1, 221}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL J */ - {0x1d542, 1, 228}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL K */ - {0x1d543, 1, 232}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL L */ - {0x1d544, 1, 912}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL M */ - {0x1d546, 1, 56}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL O */ - {0x1d54a, 1, 286}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL S */ - {0x1d54b, 1, 302}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL T */ - {0x1d54c, 1, 66}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL U */ - {0x1d54d, 1, 1183}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL V */ - {0x1d54e, 1, 334}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL W */ - {0x1d54f, 1, 1211}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL X */ - {0x1d550, 1, 74}, /* MATHEMATICAL DOUBLE-STRUCK CAPITAL Y */ - {0x1d552, 1, 3}, /* MATHEMATICAL DOUBLE-STRUCK SMALL A */ - {0x1d553, 1, 918}, /* MATHEMATICAL DOUBLE-STRUCK SMALL B */ - {0x1d554, 1, 88}, /* MATHEMATICAL DOUBLE-STRUCK SMALL C */ - {0x1d555, 1, 160}, /* MATHEMATICAL DOUBLE-STRUCK SMALL D */ - {0x1d556, 1, 90}, /* MATHEMATICAL DOUBLE-STRUCK SMALL E */ - {0x1d557, 1, 997}, /* MATHEMATICAL DOUBLE-STRUCK SMALL F */ - {0x1d558, 1, 184}, /* MATHEMATICAL DOUBLE-STRUCK SMALL G */ - {0x1d559, 1, 200}, /* MATHEMATICAL DOUBLE-STRUCK SMALL H */ - {0x1d55a, 1, 98}, /* MATHEMATICAL DOUBLE-STRUCK SMALL I */ - {0x1d55b, 1, 223}, /* MATHEMATICAL DOUBLE-STRUCK SMALL J */ - {0x1d55c, 1, 230}, /* MATHEMATICAL DOUBLE-STRUCK SMALL K */ - {0x1d55d, 1, 234}, /* MATHEMATICAL DOUBLE-STRUCK SMALL L */ - {0x1d55e, 1, 922}, /* MATHEMATICAL DOUBLE-STRUCK SMALL M */ - {0x1d55f, 1, 106}, /* MATHEMATICAL DOUBLE-STRUCK SMALL N */ - {0x1d560, 1, 14}, /* MATHEMATICAL DOUBLE-STRUCK SMALL O */ - {0x1d561, 1, 927}, /* MATHEMATICAL DOUBLE-STRUCK SMALL P */ - {0x1d562, 1, 2335}, /* MATHEMATICAL DOUBLE-STRUCK SMALL Q */ - {0x1d563, 1, 276}, /* MATHEMATICAL DOUBLE-STRUCK SMALL R */ - {0x1d564, 1, 288}, /* MATHEMATICAL DOUBLE-STRUCK SMALL S */ - {0x1d565, 1, 304}, /* MATHEMATICAL DOUBLE-STRUCK SMALL T */ - {0x1d566, 1, 118}, /* MATHEMATICAL DOUBLE-STRUCK SMALL U */ - {0x1d567, 1, 930}, /* MATHEMATICAL DOUBLE-STRUCK SMALL V */ - {0x1d568, 1, 336}, /* MATHEMATICAL DOUBLE-STRUCK SMALL W */ - {0x1d569, 1, 579}, /* MATHEMATICAL DOUBLE-STRUCK SMALL X */ - {0x1d56a, 1, 126}, /* MATHEMATICAL DOUBLE-STRUCK SMALL Y */ - {0x1d56b, 1, 346}, /* MATHEMATICAL DOUBLE-STRUCK SMALL Z */ - {0x1d56c, 1, 24}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL A */ - {0x1d56d, 1, 910}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL B */ - {0x1d56e, 1, 36}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL C */ - {0x1d56f, 1, 158}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL D */ - {0x1d570, 1, 38}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL E */ - {0x1d571, 1, 995}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL F */ - {0x1d572, 1, 182}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL G */ - {0x1d573, 1, 198}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL H */ - {0x1d574, 1, 46}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL I */ - {0x1d575, 1, 221}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL J */ - {0x1d576, 1, 228}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL K */ - {0x1d577, 1, 232}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL L */ - {0x1d578, 1, 912}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL M */ - {0x1d579, 1, 54}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL N */ - {0x1d57a, 1, 56}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL O */ - {0x1d57b, 1, 914}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL P */ - {0x1d57c, 1, 1942}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL Q */ - {0x1d57d, 1, 274}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL R */ - {0x1d57e, 1, 286}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL S */ - {0x1d57f, 1, 302}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL T */ - {0x1d580, 1, 66}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL U */ - {0x1d581, 1, 1183}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL V */ - {0x1d582, 1, 334}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL W */ - {0x1d583, 1, 1211}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL X */ - {0x1d584, 1, 74}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL Y */ - {0x1d585, 1, 344}, /* MATHEMATICAL BOLD FRAKTUR CAPITAL Z */ - {0x1d586, 1, 3}, /* MATHEMATICAL BOLD FRAKTUR SMALL A */ - {0x1d587, 1, 918}, /* MATHEMATICAL BOLD FRAKTUR SMALL B */ - {0x1d588, 1, 88}, /* MATHEMATICAL BOLD FRAKTUR SMALL C */ - {0x1d589, 1, 160}, /* MATHEMATICAL BOLD FRAKTUR SMALL D */ - {0x1d58a, 1, 90}, /* MATHEMATICAL BOLD FRAKTUR SMALL E */ - {0x1d58b, 1, 997}, /* MATHEMATICAL BOLD FRAKTUR SMALL F */ - {0x1d58c, 1, 184}, /* MATHEMATICAL BOLD FRAKTUR SMALL G */ - {0x1d58d, 1, 200}, /* MATHEMATICAL BOLD FRAKTUR SMALL H */ - {0x1d58e, 1, 98}, /* MATHEMATICAL BOLD FRAKTUR SMALL I */ - {0x1d58f, 1, 223}, /* MATHEMATICAL BOLD FRAKTUR SMALL J */ - {0x1d590, 1, 230}, /* MATHEMATICAL BOLD FRAKTUR SMALL K */ - {0x1d591, 1, 234}, /* MATHEMATICAL BOLD FRAKTUR SMALL L */ - {0x1d592, 1, 922}, /* MATHEMATICAL BOLD FRAKTUR SMALL M */ - {0x1d593, 1, 106}, /* MATHEMATICAL BOLD FRAKTUR SMALL N */ - {0x1d594, 1, 14}, /* MATHEMATICAL BOLD FRAKTUR SMALL O */ - {0x1d595, 1, 927}, /* MATHEMATICAL BOLD FRAKTUR SMALL P */ - {0x1d596, 1, 2335}, /* MATHEMATICAL BOLD FRAKTUR SMALL Q */ - {0x1d597, 1, 276}, /* MATHEMATICAL BOLD FRAKTUR SMALL R */ - {0x1d598, 1, 288}, /* MATHEMATICAL BOLD FRAKTUR SMALL S */ - {0x1d599, 1, 304}, /* MATHEMATICAL BOLD FRAKTUR SMALL T */ - {0x1d59a, 1, 118}, /* MATHEMATICAL BOLD FRAKTUR SMALL U */ - {0x1d59b, 1, 930}, /* MATHEMATICAL BOLD FRAKTUR SMALL V */ - {0x1d59c, 1, 336}, /* MATHEMATICAL BOLD FRAKTUR SMALL W */ - {0x1d59d, 1, 579}, /* MATHEMATICAL BOLD FRAKTUR SMALL X */ - {0x1d59e, 1, 126}, /* MATHEMATICAL BOLD FRAKTUR SMALL Y */ - {0x1d59f, 1, 346}, /* MATHEMATICAL BOLD FRAKTUR SMALL Z */ - {0x1d5a0, 1, 24}, /* MATHEMATICAL SANS-SERIF CAPITAL A */ - {0x1d5a1, 1, 910}, /* MATHEMATICAL SANS-SERIF CAPITAL B */ - {0x1d5a2, 1, 36}, /* MATHEMATICAL SANS-SERIF CAPITAL C */ - {0x1d5a3, 1, 158}, /* MATHEMATICAL SANS-SERIF CAPITAL D */ - {0x1d5a4, 1, 38}, /* MATHEMATICAL SANS-SERIF CAPITAL E */ - {0x1d5a5, 1, 995}, /* MATHEMATICAL SANS-SERIF CAPITAL F */ - {0x1d5a6, 1, 182}, /* MATHEMATICAL SANS-SERIF CAPITAL G */ - {0x1d5a7, 1, 198}, /* MATHEMATICAL SANS-SERIF CAPITAL H */ - {0x1d5a8, 1, 46}, /* MATHEMATICAL SANS-SERIF CAPITAL I */ - {0x1d5a9, 1, 221}, /* MATHEMATICAL SANS-SERIF CAPITAL J */ - {0x1d5aa, 1, 228}, /* MATHEMATICAL SANS-SERIF CAPITAL K */ - {0x1d5ab, 1, 232}, /* MATHEMATICAL SANS-SERIF CAPITAL L */ - {0x1d5ac, 1, 912}, /* MATHEMATICAL SANS-SERIF CAPITAL M */ - {0x1d5ad, 1, 54}, /* MATHEMATICAL SANS-SERIF CAPITAL N */ - {0x1d5ae, 1, 56}, /* MATHEMATICAL SANS-SERIF CAPITAL O */ - {0x1d5af, 1, 914}, /* MATHEMATICAL SANS-SERIF CAPITAL P */ - {0x1d5b0, 1, 1942}, /* MATHEMATICAL SANS-SERIF CAPITAL Q */ - {0x1d5b1, 1, 274}, /* MATHEMATICAL SANS-SERIF CAPITAL R */ - {0x1d5b2, 1, 286}, /* MATHEMATICAL SANS-SERIF CAPITAL S */ - {0x1d5b3, 1, 302}, /* MATHEMATICAL SANS-SERIF CAPITAL T */ - {0x1d5b4, 1, 66}, /* MATHEMATICAL SANS-SERIF CAPITAL U */ - {0x1d5b5, 1, 1183}, /* MATHEMATICAL SANS-SERIF CAPITAL V */ - {0x1d5b6, 1, 334}, /* MATHEMATICAL SANS-SERIF CAPITAL W */ - {0x1d5b7, 1, 1211}, /* MATHEMATICAL SANS-SERIF CAPITAL X */ - {0x1d5b8, 1, 74}, /* MATHEMATICAL SANS-SERIF CAPITAL Y */ - {0x1d5b9, 1, 344}, /* MATHEMATICAL SANS-SERIF CAPITAL Z */ - {0x1d5ba, 1, 3}, /* MATHEMATICAL SANS-SERIF SMALL A */ - {0x1d5bb, 1, 918}, /* MATHEMATICAL SANS-SERIF SMALL B */ - {0x1d5bc, 1, 88}, /* MATHEMATICAL SANS-SERIF SMALL C */ - {0x1d5bd, 1, 160}, /* MATHEMATICAL SANS-SERIF SMALL D */ - {0x1d5be, 1, 90}, /* MATHEMATICAL SANS-SERIF SMALL E */ - {0x1d5bf, 1, 997}, /* MATHEMATICAL SANS-SERIF SMALL F */ - {0x1d5c0, 1, 184}, /* MATHEMATICAL SANS-SERIF SMALL G */ - {0x1d5c1, 1, 200}, /* MATHEMATICAL SANS-SERIF SMALL H */ - {0x1d5c2, 1, 98}, /* MATHEMATICAL SANS-SERIF SMALL I */ - {0x1d5c3, 1, 223}, /* MATHEMATICAL SANS-SERIF SMALL J */ - {0x1d5c4, 1, 230}, /* MATHEMATICAL SANS-SERIF SMALL K */ - {0x1d5c5, 1, 234}, /* MATHEMATICAL SANS-SERIF SMALL L */ - {0x1d5c6, 1, 922}, /* MATHEMATICAL SANS-SERIF SMALL M */ - {0x1d5c7, 1, 106}, /* MATHEMATICAL SANS-SERIF SMALL N */ - {0x1d5c8, 1, 14}, /* MATHEMATICAL SANS-SERIF SMALL O */ - {0x1d5c9, 1, 927}, /* MATHEMATICAL SANS-SERIF SMALL P */ - {0x1d5ca, 1, 2335}, /* MATHEMATICAL SANS-SERIF SMALL Q */ - {0x1d5cb, 1, 276}, /* MATHEMATICAL SANS-SERIF SMALL R */ - {0x1d5cc, 1, 288}, /* MATHEMATICAL SANS-SERIF SMALL S */ - {0x1d5cd, 1, 304}, /* MATHEMATICAL SANS-SERIF SMALL T */ - {0x1d5ce, 1, 118}, /* MATHEMATICAL SANS-SERIF SMALL U */ - {0x1d5cf, 1, 930}, /* MATHEMATICAL SANS-SERIF SMALL V */ - {0x1d5d0, 1, 336}, /* MATHEMATICAL SANS-SERIF SMALL W */ - {0x1d5d1, 1, 579}, /* MATHEMATICAL SANS-SERIF SMALL X */ - {0x1d5d2, 1, 126}, /* MATHEMATICAL SANS-SERIF SMALL Y */ - {0x1d5d3, 1, 346}, /* MATHEMATICAL SANS-SERIF SMALL Z */ - {0x1d5d4, 1, 24}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL A */ - {0x1d5d5, 1, 910}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL B */ - {0x1d5d6, 1, 36}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL C */ - {0x1d5d7, 1, 158}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL D */ - {0x1d5d8, 1, 38}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL E */ - {0x1d5d9, 1, 995}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL F */ - {0x1d5da, 1, 182}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL G */ - {0x1d5db, 1, 198}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL H */ - {0x1d5dc, 1, 46}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL I */ - {0x1d5dd, 1, 221}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL J */ - {0x1d5de, 1, 228}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL K */ - {0x1d5df, 1, 232}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL L */ - {0x1d5e0, 1, 912}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL M */ - {0x1d5e1, 1, 54}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL N */ - {0x1d5e2, 1, 56}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL O */ - {0x1d5e3, 1, 914}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL P */ - {0x1d5e4, 1, 1942}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL Q */ - {0x1d5e5, 1, 274}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL R */ - {0x1d5e6, 1, 286}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL S */ - {0x1d5e7, 1, 302}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL T */ - {0x1d5e8, 1, 66}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL U */ - {0x1d5e9, 1, 1183}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL V */ - {0x1d5ea, 1, 334}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL W */ - {0x1d5eb, 1, 1211}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL X */ - {0x1d5ec, 1, 74}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL Y */ - {0x1d5ed, 1, 344}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL Z */ - {0x1d5ee, 1, 3}, /* MATHEMATICAL SANS-SERIF BOLD SMALL A */ - {0x1d5ef, 1, 918}, /* MATHEMATICAL SANS-SERIF BOLD SMALL B */ - {0x1d5f0, 1, 88}, /* MATHEMATICAL SANS-SERIF BOLD SMALL C */ - {0x1d5f1, 1, 160}, /* MATHEMATICAL SANS-SERIF BOLD SMALL D */ - {0x1d5f2, 1, 90}, /* MATHEMATICAL SANS-SERIF BOLD SMALL E */ - {0x1d5f3, 1, 997}, /* MATHEMATICAL SANS-SERIF BOLD SMALL F */ - {0x1d5f4, 1, 184}, /* MATHEMATICAL SANS-SERIF BOLD SMALL G */ - {0x1d5f5, 1, 200}, /* MATHEMATICAL SANS-SERIF BOLD SMALL H */ - {0x1d5f6, 1, 98}, /* MATHEMATICAL SANS-SERIF BOLD SMALL I */ - {0x1d5f7, 1, 223}, /* MATHEMATICAL SANS-SERIF BOLD SMALL J */ - {0x1d5f8, 1, 230}, /* MATHEMATICAL SANS-SERIF BOLD SMALL K */ - {0x1d5f9, 1, 234}, /* MATHEMATICAL SANS-SERIF BOLD SMALL L */ - {0x1d5fa, 1, 922}, /* MATHEMATICAL SANS-SERIF BOLD SMALL M */ - {0x1d5fb, 1, 106}, /* MATHEMATICAL SANS-SERIF BOLD SMALL N */ - {0x1d5fc, 1, 14}, /* MATHEMATICAL SANS-SERIF BOLD SMALL O */ - {0x1d5fd, 1, 927}, /* MATHEMATICAL SANS-SERIF BOLD SMALL P */ - {0x1d5fe, 1, 2335}, /* MATHEMATICAL SANS-SERIF BOLD SMALL Q */ - {0x1d5ff, 1, 276}, /* MATHEMATICAL SANS-SERIF BOLD SMALL R */ - {0x1d600, 1, 288}, /* MATHEMATICAL SANS-SERIF BOLD SMALL S */ - {0x1d601, 1, 304}, /* MATHEMATICAL SANS-SERIF BOLD SMALL T */ - {0x1d602, 1, 118}, /* MATHEMATICAL SANS-SERIF BOLD SMALL U */ - {0x1d603, 1, 930}, /* MATHEMATICAL SANS-SERIF BOLD SMALL V */ - {0x1d604, 1, 336}, /* MATHEMATICAL SANS-SERIF BOLD SMALL W */ - {0x1d605, 1, 579}, /* MATHEMATICAL SANS-SERIF BOLD SMALL X */ - {0x1d606, 1, 126}, /* MATHEMATICAL SANS-SERIF BOLD SMALL Y */ - {0x1d607, 1, 346}, /* MATHEMATICAL SANS-SERIF BOLD SMALL Z */ - {0x1d608, 1, 24}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL A */ - {0x1d609, 1, 910}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL B */ - {0x1d60a, 1, 36}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL C */ - {0x1d60b, 1, 158}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL D */ - {0x1d60c, 1, 38}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL E */ - {0x1d60d, 1, 995}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL F */ - {0x1d60e, 1, 182}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL G */ - {0x1d60f, 1, 198}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL H */ - {0x1d610, 1, 46}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL I */ - {0x1d611, 1, 221}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL J */ - {0x1d612, 1, 228}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL K */ - {0x1d613, 1, 232}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL L */ - {0x1d614, 1, 912}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL M */ - {0x1d615, 1, 54}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL N */ - {0x1d616, 1, 56}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL O */ - {0x1d617, 1, 914}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL P */ - {0x1d618, 1, 1942}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL Q */ - {0x1d619, 1, 274}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL R */ - {0x1d61a, 1, 286}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL S */ - {0x1d61b, 1, 302}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL T */ - {0x1d61c, 1, 66}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL U */ - {0x1d61d, 1, 1183}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL V */ - {0x1d61e, 1, 334}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL W */ - {0x1d61f, 1, 1211}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL X */ - {0x1d620, 1, 74}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL Y */ - {0x1d621, 1, 344}, /* MATHEMATICAL SANS-SERIF ITALIC CAPITAL Z */ - {0x1d622, 1, 3}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL A */ - {0x1d623, 1, 918}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL B */ - {0x1d624, 1, 88}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL C */ - {0x1d625, 1, 160}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL D */ - {0x1d626, 1, 90}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL E */ - {0x1d627, 1, 997}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL F */ - {0x1d628, 1, 184}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL G */ - {0x1d629, 1, 200}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL H */ - {0x1d62a, 1, 98}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL I */ - {0x1d62b, 1, 223}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL J */ - {0x1d62c, 1, 230}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL K */ - {0x1d62d, 1, 234}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL L */ - {0x1d62e, 1, 922}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL M */ - {0x1d62f, 1, 106}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL N */ - {0x1d630, 1, 14}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL O */ - {0x1d631, 1, 927}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL P */ - {0x1d632, 1, 2335}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL Q */ - {0x1d633, 1, 276}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL R */ - {0x1d634, 1, 288}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL S */ - {0x1d635, 1, 304}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL T */ - {0x1d636, 1, 118}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL U */ - {0x1d637, 1, 930}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL V */ - {0x1d638, 1, 336}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL W */ - {0x1d639, 1, 579}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL X */ - {0x1d63a, 1, 126}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL Y */ - {0x1d63b, 1, 346}, /* MATHEMATICAL SANS-SERIF ITALIC SMALL Z */ - {0x1d63c, 1, 24}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL A */ - {0x1d63d, 1, 910}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL B */ - {0x1d63e, 1, 36}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL C */ - {0x1d63f, 1, 158}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL D */ - {0x1d640, 1, 38}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL E */ - {0x1d641, 1, 995}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL F */ - {0x1d642, 1, 182}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL G */ - {0x1d643, 1, 198}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL H */ - {0x1d644, 1, 46}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL I */ - {0x1d645, 1, 221}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL J */ - {0x1d646, 1, 228}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL K */ - {0x1d647, 1, 232}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL L */ - {0x1d648, 1, 912}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL M */ - {0x1d649, 1, 54}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL N */ - {0x1d64a, 1, 56}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL O */ - {0x1d64b, 1, 914}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL P */ - {0x1d64c, 1, 1942}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Q */ - {0x1d64d, 1, 274}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL R */ - {0x1d64e, 1, 286}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL S */ - {0x1d64f, 1, 302}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL T */ - {0x1d650, 1, 66}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL U */ - {0x1d651, 1, 1183}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL V */ - {0x1d652, 1, 334}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL W */ - {0x1d653, 1, 1211}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL X */ - {0x1d654, 1, 74}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Y */ - {0x1d655, 1, 344}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Z */ - {0x1d656, 1, 3}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL A */ - {0x1d657, 1, 918}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL B */ - {0x1d658, 1, 88}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL C */ - {0x1d659, 1, 160}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL D */ - {0x1d65a, 1, 90}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL E */ - {0x1d65b, 1, 997}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL F */ - {0x1d65c, 1, 184}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL G */ - {0x1d65d, 1, 200}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL H */ - {0x1d65e, 1, 98}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL I */ - {0x1d65f, 1, 223}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL J */ - {0x1d660, 1, 230}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL K */ - {0x1d661, 1, 234}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL L */ - {0x1d662, 1, 922}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL M */ - {0x1d663, 1, 106}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL N */ - {0x1d664, 1, 14}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL O */ - {0x1d665, 1, 927}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL P */ - {0x1d666, 1, 2335}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Q */ - {0x1d667, 1, 276}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL R */ - {0x1d668, 1, 288}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL S */ - {0x1d669, 1, 304}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL T */ - {0x1d66a, 1, 118}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL U */ - {0x1d66b, 1, 930}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL V */ - {0x1d66c, 1, 336}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL W */ - {0x1d66d, 1, 579}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL X */ - {0x1d66e, 1, 126}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Y */ - {0x1d66f, 1, 346}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Z */ - {0x1d670, 1, 24}, /* MATHEMATICAL MONOSPACE CAPITAL A */ - {0x1d671, 1, 910}, /* MATHEMATICAL MONOSPACE CAPITAL B */ - {0x1d672, 1, 36}, /* MATHEMATICAL MONOSPACE CAPITAL C */ - {0x1d673, 1, 158}, /* MATHEMATICAL MONOSPACE CAPITAL D */ - {0x1d674, 1, 38}, /* MATHEMATICAL MONOSPACE CAPITAL E */ - {0x1d675, 1, 995}, /* MATHEMATICAL MONOSPACE CAPITAL F */ - {0x1d676, 1, 182}, /* MATHEMATICAL MONOSPACE CAPITAL G */ - {0x1d677, 1, 198}, /* MATHEMATICAL MONOSPACE CAPITAL H */ - {0x1d678, 1, 46}, /* MATHEMATICAL MONOSPACE CAPITAL I */ - {0x1d679, 1, 221}, /* MATHEMATICAL MONOSPACE CAPITAL J */ - {0x1d67a, 1, 228}, /* MATHEMATICAL MONOSPACE CAPITAL K */ - {0x1d67b, 1, 232}, /* MATHEMATICAL MONOSPACE CAPITAL L */ - {0x1d67c, 1, 912}, /* MATHEMATICAL MONOSPACE CAPITAL M */ - {0x1d67d, 1, 54}, /* MATHEMATICAL MONOSPACE CAPITAL N */ - {0x1d67e, 1, 56}, /* MATHEMATICAL MONOSPACE CAPITAL O */ - {0x1d67f, 1, 914}, /* MATHEMATICAL MONOSPACE CAPITAL P */ - {0x1d680, 1, 1942}, /* MATHEMATICAL MONOSPACE CAPITAL Q */ - {0x1d681, 1, 274}, /* MATHEMATICAL MONOSPACE CAPITAL R */ - {0x1d682, 1, 286}, /* MATHEMATICAL MONOSPACE CAPITAL S */ - {0x1d683, 1, 302}, /* MATHEMATICAL MONOSPACE CAPITAL T */ - {0x1d684, 1, 66}, /* MATHEMATICAL MONOSPACE CAPITAL U */ - {0x1d685, 1, 1183}, /* MATHEMATICAL MONOSPACE CAPITAL V */ - {0x1d686, 1, 334}, /* MATHEMATICAL MONOSPACE CAPITAL W */ - {0x1d687, 1, 1211}, /* MATHEMATICAL MONOSPACE CAPITAL X */ - {0x1d688, 1, 74}, /* MATHEMATICAL MONOSPACE CAPITAL Y */ - {0x1d689, 1, 344}, /* MATHEMATICAL MONOSPACE CAPITAL Z */ - {0x1d68a, 1, 3}, /* MATHEMATICAL MONOSPACE SMALL A */ - {0x1d68b, 1, 918}, /* MATHEMATICAL MONOSPACE SMALL B */ - {0x1d68c, 1, 88}, /* MATHEMATICAL MONOSPACE SMALL C */ - {0x1d68d, 1, 160}, /* MATHEMATICAL MONOSPACE SMALL D */ - {0x1d68e, 1, 90}, /* MATHEMATICAL MONOSPACE SMALL E */ - {0x1d68f, 1, 997}, /* MATHEMATICAL MONOSPACE SMALL F */ - {0x1d690, 1, 184}, /* MATHEMATICAL MONOSPACE SMALL G */ - {0x1d691, 1, 200}, /* MATHEMATICAL MONOSPACE SMALL H */ - {0x1d692, 1, 98}, /* MATHEMATICAL MONOSPACE SMALL I */ - {0x1d693, 1, 223}, /* MATHEMATICAL MONOSPACE SMALL J */ - {0x1d694, 1, 230}, /* MATHEMATICAL MONOSPACE SMALL K */ - {0x1d695, 1, 234}, /* MATHEMATICAL MONOSPACE SMALL L */ - {0x1d696, 1, 922}, /* MATHEMATICAL MONOSPACE SMALL M */ - {0x1d697, 1, 106}, /* MATHEMATICAL MONOSPACE SMALL N */ - {0x1d698, 1, 14}, /* MATHEMATICAL MONOSPACE SMALL O */ - {0x1d699, 1, 927}, /* MATHEMATICAL MONOSPACE SMALL P */ - {0x1d69a, 1, 2335}, /* MATHEMATICAL MONOSPACE SMALL Q */ - {0x1d69b, 1, 276}, /* MATHEMATICAL MONOSPACE SMALL R */ - {0x1d69c, 1, 288}, /* MATHEMATICAL MONOSPACE SMALL S */ - {0x1d69d, 1, 304}, /* MATHEMATICAL MONOSPACE SMALL T */ - {0x1d69e, 1, 118}, /* MATHEMATICAL MONOSPACE SMALL U */ - {0x1d69f, 1, 930}, /* MATHEMATICAL MONOSPACE SMALL V */ - {0x1d6a0, 1, 336}, /* MATHEMATICAL MONOSPACE SMALL W */ - {0x1d6a1, 1, 579}, /* MATHEMATICAL MONOSPACE SMALL X */ - {0x1d6a2, 1, 126}, /* MATHEMATICAL MONOSPACE SMALL Y */ - {0x1d6a3, 1, 346}, /* MATHEMATICAL MONOSPACE SMALL Z */ - {0x1d6a8, 1, 590}, /* MATHEMATICAL BOLD CAPITAL ALPHA */ - {0x1d6a9, 1, 5148}, /* MATHEMATICAL BOLD CAPITAL BETA */ - {0x1d6aa, 1, 1957}, /* MATHEMATICAL BOLD CAPITAL GAMMA */ - {0x1d6ab, 1, 5149}, /* MATHEMATICAL BOLD CAPITAL DELTA */ - {0x1d6ac, 1, 592}, /* MATHEMATICAL BOLD CAPITAL EPSILON */ - {0x1d6ad, 1, 5150}, /* MATHEMATICAL BOLD CAPITAL ZETA */ - {0x1d6ae, 1, 594}, /* MATHEMATICAL BOLD CAPITAL ETA */ - {0x1d6af, 1, 641}, /* MATHEMATICAL BOLD CAPITAL THETA */ - {0x1d6b0, 1, 596}, /* MATHEMATICAL BOLD CAPITAL IOTA */ - {0x1d6b1, 1, 5151}, /* MATHEMATICAL BOLD CAPITAL KAPPA */ - {0x1d6b2, 1, 5152}, /* MATHEMATICAL BOLD CAPITAL LAMDA */ - {0x1d6b3, 1, 5153}, /* MATHEMATICAL BOLD CAPITAL MU */ - {0x1d6b4, 1, 5154}, /* MATHEMATICAL BOLD CAPITAL NU */ - {0x1d6b5, 1, 5155}, /* MATHEMATICAL BOLD CAPITAL XI */ - {0x1d6b6, 1, 598}, /* MATHEMATICAL BOLD CAPITAL OMICRON */ - {0x1d6b7, 1, 1958}, /* MATHEMATICAL BOLD CAPITAL PI */ - {0x1d6b8, 1, 1843}, /* MATHEMATICAL BOLD CAPITAL RHO */ - {0x1d6b9, 1, 5156}, /* MATHEMATICAL BOLD CAPITAL THETA SYMBOL */ - {0x1d6ba, 1, 642}, /* MATHEMATICAL BOLD CAPITAL SIGMA */ - {0x1d6bb, 1, 5157}, /* MATHEMATICAL BOLD CAPITAL TAU */ - {0x1d6bc, 1, 600}, /* MATHEMATICAL BOLD CAPITAL UPSILON */ - {0x1d6bd, 1, 5158}, /* MATHEMATICAL BOLD CAPITAL PHI */ - {0x1d6be, 1, 5159}, /* MATHEMATICAL BOLD CAPITAL CHI */ - {0x1d6bf, 1, 5160}, /* MATHEMATICAL BOLD CAPITAL PSI */ - {0x1d6c0, 1, 602}, /* MATHEMATICAL BOLD CAPITAL OMEGA */ - {0x1d6c1, 1, 5161}, /* MATHEMATICAL BOLD NABLA */ - {0x1d6c2, 1, 610}, /* MATHEMATICAL BOLD SMALL ALPHA */ - {0x1d6c3, 1, 630}, /* MATHEMATICAL BOLD SMALL BETA */ - {0x1d6c4, 1, 932}, /* MATHEMATICAL BOLD SMALL GAMMA */ - {0x1d6c5, 1, 933}, /* MATHEMATICAL BOLD SMALL DELTA */ - {0x1d6c6, 1, 612}, /* MATHEMATICAL BOLD SMALL EPSILON */ - {0x1d6c7, 1, 5162}, /* MATHEMATICAL BOLD SMALL ZETA */ - {0x1d6c8, 1, 614}, /* MATHEMATICAL BOLD SMALL ETA */ - {0x1d6c9, 1, 631}, /* MATHEMATICAL BOLD SMALL THETA */ - {0x1d6ca, 1, 616}, /* MATHEMATICAL BOLD SMALL IOTA */ - {0x1d6cb, 1, 638}, /* MATHEMATICAL BOLD SMALL KAPPA */ - {0x1d6cc, 1, 5163}, /* MATHEMATICAL BOLD SMALL LAMDA */ - {0x1d6cd, 1, 10}, /* MATHEMATICAL BOLD SMALL MU */ - {0x1d6ce, 1, 5164}, /* MATHEMATICAL BOLD SMALL NU */ - {0x1d6cf, 1, 5165}, /* MATHEMATICAL BOLD SMALL XI */ - {0x1d6d0, 1, 624}, /* MATHEMATICAL BOLD SMALL OMICRON */ - {0x1d6d1, 1, 637}, /* MATHEMATICAL BOLD SMALL PI */ - {0x1d6d2, 1, 639}, /* MATHEMATICAL BOLD SMALL RHO */ - {0x1d6d3, 1, 640}, /* MATHEMATICAL BOLD SMALL FINAL SIGMA */ - {0x1d6d4, 1, 5166}, /* MATHEMATICAL BOLD SMALL SIGMA */ - {0x1d6d5, 1, 5167}, /* MATHEMATICAL BOLD SMALL TAU */ - {0x1d6d6, 1, 622}, /* MATHEMATICAL BOLD SMALL UPSILON */ - {0x1d6d7, 1, 636}, /* MATHEMATICAL BOLD SMALL PHI */ - {0x1d6d8, 1, 934}, /* MATHEMATICAL BOLD SMALL CHI */ - {0x1d6d9, 1, 5168}, /* MATHEMATICAL BOLD SMALL PSI */ - {0x1d6da, 1, 628}, /* MATHEMATICAL BOLD SMALL OMEGA */ - {0x1d6db, 1, 5169}, /* MATHEMATICAL BOLD PARTIAL DIFFERENTIAL */ - {0x1d6dc, 1, 5170}, /* MATHEMATICAL BOLD EPSILON SYMBOL */ - {0x1d6dd, 1, 5171}, /* MATHEMATICAL BOLD THETA SYMBOL */ - {0x1d6de, 1, 5172}, /* MATHEMATICAL BOLD KAPPA SYMBOL */ - {0x1d6df, 1, 5173}, /* MATHEMATICAL BOLD PHI SYMBOL */ - {0x1d6e0, 1, 5174}, /* MATHEMATICAL BOLD RHO SYMBOL */ - {0x1d6e1, 1, 5175}, /* MATHEMATICAL BOLD PI SYMBOL */ - {0x1d6e2, 1, 590}, /* MATHEMATICAL ITALIC CAPITAL ALPHA */ - {0x1d6e3, 1, 5148}, /* MATHEMATICAL ITALIC CAPITAL BETA */ - {0x1d6e4, 1, 1957}, /* MATHEMATICAL ITALIC CAPITAL GAMMA */ - {0x1d6e5, 1, 5149}, /* MATHEMATICAL ITALIC CAPITAL DELTA */ - {0x1d6e6, 1, 592}, /* MATHEMATICAL ITALIC CAPITAL EPSILON */ - {0x1d6e7, 1, 5150}, /* MATHEMATICAL ITALIC CAPITAL ZETA */ - {0x1d6e8, 1, 594}, /* MATHEMATICAL ITALIC CAPITAL ETA */ - {0x1d6e9, 1, 641}, /* MATHEMATICAL ITALIC CAPITAL THETA */ - {0x1d6ea, 1, 596}, /* MATHEMATICAL ITALIC CAPITAL IOTA */ - {0x1d6eb, 1, 5151}, /* MATHEMATICAL ITALIC CAPITAL KAPPA */ - {0x1d6ec, 1, 5152}, /* MATHEMATICAL ITALIC CAPITAL LAMDA */ - {0x1d6ed, 1, 5153}, /* MATHEMATICAL ITALIC CAPITAL MU */ - {0x1d6ee, 1, 5154}, /* MATHEMATICAL ITALIC CAPITAL NU */ - {0x1d6ef, 1, 5155}, /* MATHEMATICAL ITALIC CAPITAL XI */ - {0x1d6f0, 1, 598}, /* MATHEMATICAL ITALIC CAPITAL OMICRON */ - {0x1d6f1, 1, 1958}, /* MATHEMATICAL ITALIC CAPITAL PI */ - {0x1d6f2, 1, 1843}, /* MATHEMATICAL ITALIC CAPITAL RHO */ - {0x1d6f3, 1, 5156}, /* MATHEMATICAL ITALIC CAPITAL THETA SYMBOL */ - {0x1d6f4, 1, 642}, /* MATHEMATICAL ITALIC CAPITAL SIGMA */ - {0x1d6f5, 1, 5157}, /* MATHEMATICAL ITALIC CAPITAL TAU */ - {0x1d6f6, 1, 600}, /* MATHEMATICAL ITALIC CAPITAL UPSILON */ - {0x1d6f7, 1, 5158}, /* MATHEMATICAL ITALIC CAPITAL PHI */ - {0x1d6f8, 1, 5159}, /* MATHEMATICAL ITALIC CAPITAL CHI */ - {0x1d6f9, 1, 5160}, /* MATHEMATICAL ITALIC CAPITAL PSI */ - {0x1d6fa, 1, 602}, /* MATHEMATICAL ITALIC CAPITAL OMEGA */ - {0x1d6fb, 1, 5161}, /* MATHEMATICAL ITALIC NABLA */ - {0x1d6fc, 1, 610}, /* MATHEMATICAL ITALIC SMALL ALPHA */ - {0x1d6fd, 1, 630}, /* MATHEMATICAL ITALIC SMALL BETA */ - {0x1d6fe, 1, 932}, /* MATHEMATICAL ITALIC SMALL GAMMA */ - {0x1d6ff, 1, 933}, /* MATHEMATICAL ITALIC SMALL DELTA */ - {0x1d700, 1, 612}, /* MATHEMATICAL ITALIC SMALL EPSILON */ - {0x1d701, 1, 5162}, /* MATHEMATICAL ITALIC SMALL ZETA */ - {0x1d702, 1, 614}, /* MATHEMATICAL ITALIC SMALL ETA */ - {0x1d703, 1, 631}, /* MATHEMATICAL ITALIC SMALL THETA */ - {0x1d704, 1, 616}, /* MATHEMATICAL ITALIC SMALL IOTA */ - {0x1d705, 1, 638}, /* MATHEMATICAL ITALIC SMALL KAPPA */ - {0x1d706, 1, 5163}, /* MATHEMATICAL ITALIC SMALL LAMDA */ - {0x1d707, 1, 10}, /* MATHEMATICAL ITALIC SMALL MU */ - {0x1d708, 1, 5164}, /* MATHEMATICAL ITALIC SMALL NU */ - {0x1d709, 1, 5165}, /* MATHEMATICAL ITALIC SMALL XI */ - {0x1d70a, 1, 624}, /* MATHEMATICAL ITALIC SMALL OMICRON */ - {0x1d70b, 1, 637}, /* MATHEMATICAL ITALIC SMALL PI */ - {0x1d70c, 1, 639}, /* MATHEMATICAL ITALIC SMALL RHO */ - {0x1d70d, 1, 640}, /* MATHEMATICAL ITALIC SMALL FINAL SIGMA */ - {0x1d70e, 1, 5166}, /* MATHEMATICAL ITALIC SMALL SIGMA */ - {0x1d70f, 1, 5167}, /* MATHEMATICAL ITALIC SMALL TAU */ - {0x1d710, 1, 622}, /* MATHEMATICAL ITALIC SMALL UPSILON */ - {0x1d711, 1, 636}, /* MATHEMATICAL ITALIC SMALL PHI */ - {0x1d712, 1, 934}, /* MATHEMATICAL ITALIC SMALL CHI */ - {0x1d713, 1, 5168}, /* MATHEMATICAL ITALIC SMALL PSI */ - {0x1d714, 1, 628}, /* MATHEMATICAL ITALIC SMALL OMEGA */ - {0x1d715, 1, 5169}, /* MATHEMATICAL ITALIC PARTIAL DIFFERENTIAL */ - {0x1d716, 1, 5170}, /* MATHEMATICAL ITALIC EPSILON SYMBOL */ - {0x1d717, 1, 5171}, /* MATHEMATICAL ITALIC THETA SYMBOL */ - {0x1d718, 1, 5172}, /* MATHEMATICAL ITALIC KAPPA SYMBOL */ - {0x1d719, 1, 5173}, /* MATHEMATICAL ITALIC PHI SYMBOL */ - {0x1d71a, 1, 5174}, /* MATHEMATICAL ITALIC RHO SYMBOL */ - {0x1d71b, 1, 5175}, /* MATHEMATICAL ITALIC PI SYMBOL */ - {0x1d71c, 1, 590}, /* MATHEMATICAL BOLD ITALIC CAPITAL ALPHA */ - {0x1d71d, 1, 5148}, /* MATHEMATICAL BOLD ITALIC CAPITAL BETA */ - {0x1d71e, 1, 1957}, /* MATHEMATICAL BOLD ITALIC CAPITAL GAMMA */ - {0x1d71f, 1, 5149}, /* MATHEMATICAL BOLD ITALIC CAPITAL DELTA */ - {0x1d720, 1, 592}, /* MATHEMATICAL BOLD ITALIC CAPITAL EPSILON */ - {0x1d721, 1, 5150}, /* MATHEMATICAL BOLD ITALIC CAPITAL ZETA */ - {0x1d722, 1, 594}, /* MATHEMATICAL BOLD ITALIC CAPITAL ETA */ - {0x1d723, 1, 641}, /* MATHEMATICAL BOLD ITALIC CAPITAL THETA */ - {0x1d724, 1, 596}, /* MATHEMATICAL BOLD ITALIC CAPITAL IOTA */ - {0x1d725, 1, 5151}, /* MATHEMATICAL BOLD ITALIC CAPITAL KAPPA */ - {0x1d726, 1, 5152}, /* MATHEMATICAL BOLD ITALIC CAPITAL LAMDA */ - {0x1d727, 1, 5153}, /* MATHEMATICAL BOLD ITALIC CAPITAL MU */ - {0x1d728, 1, 5154}, /* MATHEMATICAL BOLD ITALIC CAPITAL NU */ - {0x1d729, 1, 5155}, /* MATHEMATICAL BOLD ITALIC CAPITAL XI */ - {0x1d72a, 1, 598}, /* MATHEMATICAL BOLD ITALIC CAPITAL OMICRON */ - {0x1d72b, 1, 1958}, /* MATHEMATICAL BOLD ITALIC CAPITAL PI */ - {0x1d72c, 1, 1843}, /* MATHEMATICAL BOLD ITALIC CAPITAL RHO */ - {0x1d72d, 1, 5156}, /* MATHEMATICAL BOLD ITALIC CAPITAL THETA SYMBOL */ - {0x1d72e, 1, 642}, /* MATHEMATICAL BOLD ITALIC CAPITAL SIGMA */ - {0x1d72f, 1, 5157}, /* MATHEMATICAL BOLD ITALIC CAPITAL TAU */ - {0x1d730, 1, 600}, /* MATHEMATICAL BOLD ITALIC CAPITAL UPSILON */ - {0x1d731, 1, 5158}, /* MATHEMATICAL BOLD ITALIC CAPITAL PHI */ - {0x1d732, 1, 5159}, /* MATHEMATICAL BOLD ITALIC CAPITAL CHI */ - {0x1d733, 1, 5160}, /* MATHEMATICAL BOLD ITALIC CAPITAL PSI */ - {0x1d734, 1, 602}, /* MATHEMATICAL BOLD ITALIC CAPITAL OMEGA */ - {0x1d735, 1, 5161}, /* MATHEMATICAL BOLD ITALIC NABLA */ - {0x1d736, 1, 610}, /* MATHEMATICAL BOLD ITALIC SMALL ALPHA */ - {0x1d737, 1, 630}, /* MATHEMATICAL BOLD ITALIC SMALL BETA */ - {0x1d738, 1, 932}, /* MATHEMATICAL BOLD ITALIC SMALL GAMMA */ - {0x1d739, 1, 933}, /* MATHEMATICAL BOLD ITALIC SMALL DELTA */ - {0x1d73a, 1, 612}, /* MATHEMATICAL BOLD ITALIC SMALL EPSILON */ - {0x1d73b, 1, 5162}, /* MATHEMATICAL BOLD ITALIC SMALL ZETA */ - {0x1d73c, 1, 614}, /* MATHEMATICAL BOLD ITALIC SMALL ETA */ - {0x1d73d, 1, 631}, /* MATHEMATICAL BOLD ITALIC SMALL THETA */ - {0x1d73e, 1, 616}, /* MATHEMATICAL BOLD ITALIC SMALL IOTA */ - {0x1d73f, 1, 638}, /* MATHEMATICAL BOLD ITALIC SMALL KAPPA */ - {0x1d740, 1, 5163}, /* MATHEMATICAL BOLD ITALIC SMALL LAMDA */ - {0x1d741, 1, 10}, /* MATHEMATICAL BOLD ITALIC SMALL MU */ - {0x1d742, 1, 5164}, /* MATHEMATICAL BOLD ITALIC SMALL NU */ - {0x1d743, 1, 5165}, /* MATHEMATICAL BOLD ITALIC SMALL XI */ - {0x1d744, 1, 624}, /* MATHEMATICAL BOLD ITALIC SMALL OMICRON */ - {0x1d745, 1, 637}, /* MATHEMATICAL BOLD ITALIC SMALL PI */ - {0x1d746, 1, 639}, /* MATHEMATICAL BOLD ITALIC SMALL RHO */ - {0x1d747, 1, 640}, /* MATHEMATICAL BOLD ITALIC SMALL FINAL SIGMA */ - {0x1d748, 1, 5166}, /* MATHEMATICAL BOLD ITALIC SMALL SIGMA */ - {0x1d749, 1, 5167}, /* MATHEMATICAL BOLD ITALIC SMALL TAU */ - {0x1d74a, 1, 622}, /* MATHEMATICAL BOLD ITALIC SMALL UPSILON */ - {0x1d74b, 1, 636}, /* MATHEMATICAL BOLD ITALIC SMALL PHI */ - {0x1d74c, 1, 934}, /* MATHEMATICAL BOLD ITALIC SMALL CHI */ - {0x1d74d, 1, 5168}, /* MATHEMATICAL BOLD ITALIC SMALL PSI */ - {0x1d74e, 1, 628}, /* MATHEMATICAL BOLD ITALIC SMALL OMEGA */ - {0x1d74f, 1, 5169}, /* MATHEMATICAL BOLD ITALIC PARTIAL DIFFERENTIAL */ - {0x1d750, 1, 5170}, /* MATHEMATICAL BOLD ITALIC EPSILON SYMBOL */ - {0x1d751, 1, 5171}, /* MATHEMATICAL BOLD ITALIC THETA SYMBOL */ - {0x1d752, 1, 5172}, /* MATHEMATICAL BOLD ITALIC KAPPA SYMBOL */ - {0x1d753, 1, 5173}, /* MATHEMATICAL BOLD ITALIC PHI SYMBOL */ - {0x1d754, 1, 5174}, /* MATHEMATICAL BOLD ITALIC RHO SYMBOL */ - {0x1d755, 1, 5175}, /* MATHEMATICAL BOLD ITALIC PI SYMBOL */ - {0x1d756, 1, 590}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL ALPHA */ - {0x1d757, 1, 5148}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL BETA */ - {0x1d758, 1, 1957}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL GAMMA */ - {0x1d759, 1, 5149}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL DELTA */ - {0x1d75a, 1, 592}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL EPSILON */ - {0x1d75b, 1, 5150}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL ZETA */ - {0x1d75c, 1, 594}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL ETA */ - {0x1d75d, 1, 641}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL THETA */ - {0x1d75e, 1, 596}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL IOTA */ - {0x1d75f, 1, 5151}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL KAPPA */ - {0x1d760, 1, 5152}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL LAMDA */ - {0x1d761, 1, 5153}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL MU */ - {0x1d762, 1, 5154}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL NU */ - {0x1d763, 1, 5155}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL XI */ - {0x1d764, 1, 598}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL OMICRON */ - {0x1d765, 1, 1958}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL PI */ - {0x1d766, 1, 1843}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL RHO */ - {0x1d767, 1, 5156}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL THETA SYMBOL */ - {0x1d768, 1, 642}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL SIGMA */ - {0x1d769, 1, 5157}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL TAU */ - {0x1d76a, 1, 600}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL UPSILON */ - {0x1d76b, 1, 5158}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL PHI */ - {0x1d76c, 1, 5159}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL CHI */ - {0x1d76d, 1, 5160}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL PSI */ - {0x1d76e, 1, 602}, /* MATHEMATICAL SANS-SERIF BOLD CAPITAL OMEGA */ - {0x1d76f, 1, 5161}, /* MATHEMATICAL SANS-SERIF BOLD NABLA */ - {0x1d770, 1, 610}, /* MATHEMATICAL SANS-SERIF BOLD SMALL ALPHA */ - {0x1d771, 1, 630}, /* MATHEMATICAL SANS-SERIF BOLD SMALL BETA */ - {0x1d772, 1, 932}, /* MATHEMATICAL SANS-SERIF BOLD SMALL GAMMA */ - {0x1d773, 1, 933}, /* MATHEMATICAL SANS-SERIF BOLD SMALL DELTA */ - {0x1d774, 1, 612}, /* MATHEMATICAL SANS-SERIF BOLD SMALL EPSILON */ - {0x1d775, 1, 5162}, /* MATHEMATICAL SANS-SERIF BOLD SMALL ZETA */ - {0x1d776, 1, 614}, /* MATHEMATICAL SANS-SERIF BOLD SMALL ETA */ - {0x1d777, 1, 631}, /* MATHEMATICAL SANS-SERIF BOLD SMALL THETA */ - {0x1d778, 1, 616}, /* MATHEMATICAL SANS-SERIF BOLD SMALL IOTA */ - {0x1d779, 1, 638}, /* MATHEMATICAL SANS-SERIF BOLD SMALL KAPPA */ - {0x1d77a, 1, 5163}, /* MATHEMATICAL SANS-SERIF BOLD SMALL LAMDA */ - {0x1d77b, 1, 10}, /* MATHEMATICAL SANS-SERIF BOLD SMALL MU */ - {0x1d77c, 1, 5164}, /* MATHEMATICAL SANS-SERIF BOLD SMALL NU */ - {0x1d77d, 1, 5165}, /* MATHEMATICAL SANS-SERIF BOLD SMALL XI */ - {0x1d77e, 1, 624}, /* MATHEMATICAL SANS-SERIF BOLD SMALL OMICRON */ - {0x1d77f, 1, 637}, /* MATHEMATICAL SANS-SERIF BOLD SMALL PI */ - {0x1d780, 1, 639}, /* MATHEMATICAL SANS-SERIF BOLD SMALL RHO */ - {0x1d781, 1, 640}, /* MATHEMATICAL SANS-SERIF BOLD SMALL FINAL SIGMA */ - {0x1d782, 1, 5166}, /* MATHEMATICAL SANS-SERIF BOLD SMALL SIGMA */ - {0x1d783, 1, 5167}, /* MATHEMATICAL SANS-SERIF BOLD SMALL TAU */ - {0x1d784, 1, 622}, /* MATHEMATICAL SANS-SERIF BOLD SMALL UPSILON */ - {0x1d785, 1, 636}, /* MATHEMATICAL SANS-SERIF BOLD SMALL PHI */ - {0x1d786, 1, 934}, /* MATHEMATICAL SANS-SERIF BOLD SMALL CHI */ - {0x1d787, 1, 5168}, /* MATHEMATICAL SANS-SERIF BOLD SMALL PSI */ - {0x1d788, 1, 628}, /* MATHEMATICAL SANS-SERIF BOLD SMALL OMEGA */ - {0x1d789, 1, 5169}, /* MATHEMATICAL SANS-SERIF BOLD PARTIAL DIFFERENTIAL */ - {0x1d78a, 1, 5170}, /* MATHEMATICAL SANS-SERIF BOLD EPSILON SYMBOL */ - {0x1d78b, 1, 5171}, /* MATHEMATICAL SANS-SERIF BOLD THETA SYMBOL */ - {0x1d78c, 1, 5172}, /* MATHEMATICAL SANS-SERIF BOLD KAPPA SYMBOL */ - {0x1d78d, 1, 5173}, /* MATHEMATICAL SANS-SERIF BOLD PHI SYMBOL */ - {0x1d78e, 1, 5174}, /* MATHEMATICAL SANS-SERIF BOLD RHO SYMBOL */ - {0x1d78f, 1, 5175}, /* MATHEMATICAL SANS-SERIF BOLD PI SYMBOL */ - {0x1d790, 1, 590}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ALPHA */ - {0x1d791, 1, 5148}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL BETA */ - {0x1d792, 1, 1957}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL GAMMA */ - {0x1d793, 1, 5149}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL DELTA */ - {0x1d794, 1, 592}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL EPSILON */ - {0x1d795, 1, 5150}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ZETA */ - {0x1d796, 1, 594}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ETA */ - {0x1d797, 1, 641}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL THETA */ - {0x1d798, 1, 596}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL IOTA */ - {0x1d799, 1, 5151}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL KAPPA */ - {0x1d79a, 1, 5152}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL LAMDA */ - {0x1d79b, 1, 5153}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL MU */ - {0x1d79c, 1, 5154}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL NU */ - {0x1d79d, 1, 5155}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL XI */ - {0x1d79e, 1, 598}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMICRON */ - {0x1d79f, 1, 1958}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PI */ - {0x1d7a0, 1, 1843}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL RHO */ - {0x1d7a1, 1, 5156}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL THETA SYMBOL */ - {0x1d7a2, 1, 642}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL SIGMA */ - {0x1d7a3, 1, 5157}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL TAU */ - {0x1d7a4, 1, 600}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL UPSILON */ - {0x1d7a5, 1, 5158}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PHI */ - {0x1d7a6, 1, 5159}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL CHI */ - {0x1d7a7, 1, 5160}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PSI */ - {0x1d7a8, 1, 602}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMEGA */ - {0x1d7a9, 1, 5161}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC NABLA */ - {0x1d7aa, 1, 610}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ALPHA */ - {0x1d7ab, 1, 630}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL BETA */ - {0x1d7ac, 1, 932}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL GAMMA */ - {0x1d7ad, 1, 933}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL DELTA */ - {0x1d7ae, 1, 612}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL EPSILON */ - {0x1d7af, 1, 5162}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ZETA */ - {0x1d7b0, 1, 614}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ETA */ - {0x1d7b1, 1, 631}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL THETA */ - {0x1d7b2, 1, 616}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL IOTA */ - {0x1d7b3, 1, 638}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL KAPPA */ - {0x1d7b4, 1, 5163}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL LAMDA */ - {0x1d7b5, 1, 10}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL MU */ - {0x1d7b6, 1, 5164}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL NU */ - {0x1d7b7, 1, 5165}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL XI */ - {0x1d7b8, 1, 624}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMICRON */ - {0x1d7b9, 1, 637}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PI */ - {0x1d7ba, 1, 639}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL RHO */ - {0x1d7bb, 1, 640}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL FINAL SIGMA */ - {0x1d7bc, 1, 5166}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL SIGMA */ - {0x1d7bd, 1, 5167}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL TAU */ - {0x1d7be, 1, 622}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL UPSILON */ - {0x1d7bf, 1, 636}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PHI */ - {0x1d7c0, 1, 934}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL CHI */ - {0x1d7c1, 1, 5168}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PSI */ - {0x1d7c2, 1, 628}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMEGA */ - {0x1d7c3, 1, 5169}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC PARTIAL DIFFERENTIAL */ - {0x1d7c4, 1, 5170}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC EPSILON SYMBOL */ - {0x1d7c5, 1, 5171}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC THETA SYMBOL */ - {0x1d7c6, 1, 5172}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC KAPPA SYMBOL */ - {0x1d7c7, 1, 5173}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC PHI SYMBOL */ - {0x1d7c8, 1, 5174}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC RHO SYMBOL */ - {0x1d7c9, 1, 5175}, /* MATHEMATICAL SANS-SERIF BOLD ITALIC PI SYMBOL */ - {0x1d7ce, 1, 1909}, /* MATHEMATICAL BOLD DIGIT ZERO */ - {0x1d7cf, 1, 13}, /* MATHEMATICAL BOLD DIGIT ONE */ - {0x1d7d0, 1, 6}, /* MATHEMATICAL BOLD DIGIT TWO */ - {0x1d7d1, 1, 7}, /* MATHEMATICAL BOLD DIGIT THREE */ - {0x1d7d2, 1, 17}, /* MATHEMATICAL BOLD DIGIT FOUR */ - {0x1d7d3, 1, 1910}, /* MATHEMATICAL BOLD DIGIT FIVE */ - {0x1d7d4, 1, 1911}, /* MATHEMATICAL BOLD DIGIT SIX */ - {0x1d7d5, 1, 1912}, /* MATHEMATICAL BOLD DIGIT SEVEN */ - {0x1d7d6, 1, 1913}, /* MATHEMATICAL BOLD DIGIT EIGHT */ - {0x1d7d7, 1, 1914}, /* MATHEMATICAL BOLD DIGIT NINE */ - {0x1d7d8, 1, 1909}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT ZERO */ - {0x1d7d9, 1, 13}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT ONE */ - {0x1d7da, 1, 6}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT TWO */ - {0x1d7db, 1, 7}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT THREE */ - {0x1d7dc, 1, 17}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT FOUR */ - {0x1d7dd, 1, 1910}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT FIVE */ - {0x1d7de, 1, 1911}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT SIX */ - {0x1d7df, 1, 1912}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT SEVEN */ - {0x1d7e0, 1, 1913}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT EIGHT */ - {0x1d7e1, 1, 1914}, /* MATHEMATICAL DOUBLE-STRUCK DIGIT NINE */ - {0x1d7e2, 1, 1909}, /* MATHEMATICAL SANS-SERIF DIGIT ZERO */ - {0x1d7e3, 1, 13}, /* MATHEMATICAL SANS-SERIF DIGIT ONE */ - {0x1d7e4, 1, 6}, /* MATHEMATICAL SANS-SERIF DIGIT TWO */ - {0x1d7e5, 1, 7}, /* MATHEMATICAL SANS-SERIF DIGIT THREE */ - {0x1d7e6, 1, 17}, /* MATHEMATICAL SANS-SERIF DIGIT FOUR */ - {0x1d7e7, 1, 1910}, /* MATHEMATICAL SANS-SERIF DIGIT FIVE */ - {0x1d7e8, 1, 1911}, /* MATHEMATICAL SANS-SERIF DIGIT SIX */ - {0x1d7e9, 1, 1912}, /* MATHEMATICAL SANS-SERIF DIGIT SEVEN */ - {0x1d7ea, 1, 1913}, /* MATHEMATICAL SANS-SERIF DIGIT EIGHT */ - {0x1d7eb, 1, 1914}, /* MATHEMATICAL SANS-SERIF DIGIT NINE */ - {0x1d7ec, 1, 1909}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT ZERO */ - {0x1d7ed, 1, 13}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT ONE */ - {0x1d7ee, 1, 6}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT TWO */ - {0x1d7ef, 1, 7}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT THREE */ - {0x1d7f0, 1, 17}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT FOUR */ - {0x1d7f1, 1, 1910}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT FIVE */ - {0x1d7f2, 1, 1911}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT SIX */ - {0x1d7f3, 1, 1912}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT SEVEN */ - {0x1d7f4, 1, 1913}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT EIGHT */ - {0x1d7f5, 1, 1914}, /* MATHEMATICAL SANS-SERIF BOLD DIGIT NINE */ - {0x1d7f6, 1, 1909}, /* MATHEMATICAL MONOSPACE DIGIT ZERO */ - {0x1d7f7, 1, 13}, /* MATHEMATICAL MONOSPACE DIGIT ONE */ - {0x1d7f8, 1, 6}, /* MATHEMATICAL MONOSPACE DIGIT TWO */ - {0x1d7f9, 1, 7}, /* MATHEMATICAL MONOSPACE DIGIT THREE */ - {0x1d7fa, 1, 17}, /* MATHEMATICAL MONOSPACE DIGIT FOUR */ - {0x1d7fb, 1, 1910}, /* MATHEMATICAL MONOSPACE DIGIT FIVE */ - {0x1d7fc, 1, 1911}, /* MATHEMATICAL MONOSPACE DIGIT SIX */ - {0x1d7fd, 1, 1912}, /* MATHEMATICAL MONOSPACE DIGIT SEVEN */ - {0x1d7fe, 1, 1913}, /* MATHEMATICAL MONOSPACE DIGIT EIGHT */ - {0x1d7ff, 1, 1914}, /* MATHEMATICAL MONOSPACE DIGIT NINE */ - {0x2f800, 1, 5176}, /* CJK COMPATIBILITY IDEOGRAPH-2F800 */ - {0x2f801, 1, 5177}, /* CJK COMPATIBILITY IDEOGRAPH-2F801 */ - {0x2f802, 1, 5178}, /* CJK COMPATIBILITY IDEOGRAPH-2F802 */ - {0x2f803, 1, 5179}, /* CJK COMPATIBILITY IDEOGRAPH-2F803 */ - {0x2f804, 1, 5180}, /* CJK COMPATIBILITY IDEOGRAPH-2F804 */ - {0x2f805, 1, 4142}, /* CJK COMPATIBILITY IDEOGRAPH-2F805 */ - {0x2f806, 1, 5181}, /* CJK COMPATIBILITY IDEOGRAPH-2F806 */ - {0x2f807, 1, 5182}, /* CJK COMPATIBILITY IDEOGRAPH-2F807 */ - {0x2f808, 1, 5183}, /* CJK COMPATIBILITY IDEOGRAPH-2F808 */ - {0x2f809, 1, 5184}, /* CJK COMPATIBILITY IDEOGRAPH-2F809 */ - {0x2f80a, 1, 4143}, /* CJK COMPATIBILITY IDEOGRAPH-2F80A */ - {0x2f80b, 1, 5185}, /* CJK COMPATIBILITY IDEOGRAPH-2F80B */ - {0x2f80c, 1, 5186}, /* CJK COMPATIBILITY IDEOGRAPH-2F80C */ - {0x2f80d, 1, 5187}, /* CJK COMPATIBILITY IDEOGRAPH-2F80D */ - {0x2f80e, 1, 4144}, /* CJK COMPATIBILITY IDEOGRAPH-2F80E */ - {0x2f80f, 1, 5188}, /* CJK COMPATIBILITY IDEOGRAPH-2F80F */ - {0x2f810, 1, 5189}, /* CJK COMPATIBILITY IDEOGRAPH-2F810 */ - {0x2f811, 1, 5190}, /* CJK COMPATIBILITY IDEOGRAPH-2F811 */ - {0x2f812, 1, 5191}, /* CJK COMPATIBILITY IDEOGRAPH-2F812 */ - {0x2f813, 1, 5192}, /* CJK COMPATIBILITY IDEOGRAPH-2F813 */ - {0x2f814, 1, 5193}, /* CJK COMPATIBILITY IDEOGRAPH-2F814 */ - {0x2f815, 1, 5194}, /* CJK COMPATIBILITY IDEOGRAPH-2F815 */ - {0x2f816, 1, 5195}, /* CJK COMPATIBILITY IDEOGRAPH-2F816 */ - {0x2f817, 1, 5196}, /* CJK COMPATIBILITY IDEOGRAPH-2F817 */ - {0x2f818, 1, 5197}, /* CJK COMPATIBILITY IDEOGRAPH-2F818 */ - {0x2f819, 1, 5198}, /* CJK COMPATIBILITY IDEOGRAPH-2F819 */ - {0x2f81a, 1, 5199}, /* CJK COMPATIBILITY IDEOGRAPH-2F81A */ - {0x2f81b, 1, 5200}, /* CJK COMPATIBILITY IDEOGRAPH-2F81B */ - {0x2f81c, 1, 5201}, /* CJK COMPATIBILITY IDEOGRAPH-2F81C */ - {0x2f81d, 1, 2389}, /* CJK COMPATIBILITY IDEOGRAPH-2F81D */ - {0x2f81e, 1, 5202}, /* CJK COMPATIBILITY IDEOGRAPH-2F81E */ - {0x2f81f, 1, 5203}, /* CJK COMPATIBILITY IDEOGRAPH-2F81F */ - {0x2f820, 1, 5204}, /* CJK COMPATIBILITY IDEOGRAPH-2F820 */ - {0x2f821, 1, 5205}, /* CJK COMPATIBILITY IDEOGRAPH-2F821 */ - {0x2f822, 1, 5206}, /* CJK COMPATIBILITY IDEOGRAPH-2F822 */ - {0x2f823, 1, 5207}, /* CJK COMPATIBILITY IDEOGRAPH-2F823 */ - {0x2f824, 1, 5208}, /* CJK COMPATIBILITY IDEOGRAPH-2F824 */ - {0x2f825, 1, 5209}, /* CJK COMPATIBILITY IDEOGRAPH-2F825 */ - {0x2f826, 1, 4145}, /* CJK COMPATIBILITY IDEOGRAPH-2F826 */ - {0x2f827, 1, 4146}, /* CJK COMPATIBILITY IDEOGRAPH-2F827 */ - {0x2f828, 1, 5210}, /* CJK COMPATIBILITY IDEOGRAPH-2F828 */ - {0x2f829, 1, 5211}, /* CJK COMPATIBILITY IDEOGRAPH-2F829 */ - {0x2f82a, 1, 5212}, /* CJK COMPATIBILITY IDEOGRAPH-2F82A */ - {0x2f82b, 1, 3965}, /* CJK COMPATIBILITY IDEOGRAPH-2F82B */ - {0x2f82c, 1, 5213}, /* CJK COMPATIBILITY IDEOGRAPH-2F82C */ - {0x2f82d, 1, 4147}, /* CJK COMPATIBILITY IDEOGRAPH-2F82D */ - {0x2f82e, 1, 5214}, /* CJK COMPATIBILITY IDEOGRAPH-2F82E */ - {0x2f82f, 1, 5215}, /* CJK COMPATIBILITY IDEOGRAPH-2F82F */ - {0x2f830, 1, 5216}, /* CJK COMPATIBILITY IDEOGRAPH-2F830 */ - {0x2f831, 1, 5217}, /* CJK COMPATIBILITY IDEOGRAPH-2F831 */ - {0x2f832, 1, 5217}, /* CJK COMPATIBILITY IDEOGRAPH-2F832 */ - {0x2f833, 1, 5217}, /* CJK COMPATIBILITY IDEOGRAPH-2F833 */ - {0x2f834, 1, 5218}, /* CJK COMPATIBILITY IDEOGRAPH-2F834 */ - {0x2f835, 1, 5219}, /* CJK COMPATIBILITY IDEOGRAPH-2F835 */ - {0x2f836, 1, 5220}, /* CJK COMPATIBILITY IDEOGRAPH-2F836 */ - {0x2f837, 1, 5221}, /* CJK COMPATIBILITY IDEOGRAPH-2F837 */ - {0x2f838, 1, 5222}, /* CJK COMPATIBILITY IDEOGRAPH-2F838 */ - {0x2f839, 1, 5223}, /* CJK COMPATIBILITY IDEOGRAPH-2F839 */ - {0x2f83a, 1, 5224}, /* CJK COMPATIBILITY IDEOGRAPH-2F83A */ - {0x2f83b, 1, 5225}, /* CJK COMPATIBILITY IDEOGRAPH-2F83B */ - {0x2f83c, 1, 5226}, /* CJK COMPATIBILITY IDEOGRAPH-2F83C */ - {0x2f83d, 1, 5227}, /* CJK COMPATIBILITY IDEOGRAPH-2F83D */ - {0x2f83e, 1, 5228}, /* CJK COMPATIBILITY IDEOGRAPH-2F83E */ - {0x2f83f, 1, 5229}, /* CJK COMPATIBILITY IDEOGRAPH-2F83F */ - {0x2f840, 1, 5230}, /* CJK COMPATIBILITY IDEOGRAPH-2F840 */ - {0x2f841, 1, 5231}, /* CJK COMPATIBILITY IDEOGRAPH-2F841 */ - {0x2f842, 1, 5232}, /* CJK COMPATIBILITY IDEOGRAPH-2F842 */ - {0x2f843, 1, 5233}, /* CJK COMPATIBILITY IDEOGRAPH-2F843 */ - {0x2f844, 1, 5234}, /* CJK COMPATIBILITY IDEOGRAPH-2F844 */ - {0x2f845, 1, 5235}, /* CJK COMPATIBILITY IDEOGRAPH-2F845 */ - {0x2f846, 1, 5235}, /* CJK COMPATIBILITY IDEOGRAPH-2F846 */ - {0x2f847, 1, 5236}, /* CJK COMPATIBILITY IDEOGRAPH-2F847 */ - {0x2f848, 1, 5237}, /* CJK COMPATIBILITY IDEOGRAPH-2F848 */ - {0x2f849, 1, 5238}, /* CJK COMPATIBILITY IDEOGRAPH-2F849 */ - {0x2f84a, 1, 5239}, /* CJK COMPATIBILITY IDEOGRAPH-2F84A */ - {0x2f84b, 1, 5240}, /* CJK COMPATIBILITY IDEOGRAPH-2F84B */ - {0x2f84c, 1, 4149}, /* CJK COMPATIBILITY IDEOGRAPH-2F84C */ - {0x2f84d, 1, 5241}, /* CJK COMPATIBILITY IDEOGRAPH-2F84D */ - {0x2f84e, 1, 5242}, /* CJK COMPATIBILITY IDEOGRAPH-2F84E */ - {0x2f84f, 1, 5243}, /* CJK COMPATIBILITY IDEOGRAPH-2F84F */ - {0x2f850, 1, 4111}, /* CJK COMPATIBILITY IDEOGRAPH-2F850 */ - {0x2f851, 1, 5244}, /* CJK COMPATIBILITY IDEOGRAPH-2F851 */ - {0x2f852, 1, 5245}, /* CJK COMPATIBILITY IDEOGRAPH-2F852 */ - {0x2f853, 1, 5246}, /* CJK COMPATIBILITY IDEOGRAPH-2F853 */ - {0x2f854, 1, 5247}, /* CJK COMPATIBILITY IDEOGRAPH-2F854 */ - {0x2f855, 1, 5248}, /* CJK COMPATIBILITY IDEOGRAPH-2F855 */ - {0x2f856, 1, 5249}, /* CJK COMPATIBILITY IDEOGRAPH-2F856 */ - {0x2f857, 1, 5250}, /* CJK COMPATIBILITY IDEOGRAPH-2F857 */ - {0x2f858, 1, 5251}, /* CJK COMPATIBILITY IDEOGRAPH-2F858 */ - {0x2f859, 1, 5252}, /* CJK COMPATIBILITY IDEOGRAPH-2F859 */ - {0x2f85a, 1, 5253}, /* CJK COMPATIBILITY IDEOGRAPH-2F85A */ - {0x2f85b, 1, 5254}, /* CJK COMPATIBILITY IDEOGRAPH-2F85B */ - {0x2f85c, 1, 5255}, /* CJK COMPATIBILITY IDEOGRAPH-2F85C */ - {0x2f85d, 1, 5256}, /* CJK COMPATIBILITY IDEOGRAPH-2F85D */ - {0x2f85e, 1, 5257}, /* CJK COMPATIBILITY IDEOGRAPH-2F85E */ - {0x2f85f, 1, 5258}, /* CJK COMPATIBILITY IDEOGRAPH-2F85F */ - {0x2f860, 1, 5259}, /* CJK COMPATIBILITY IDEOGRAPH-2F860 */ - {0x2f861, 1, 5260}, /* CJK COMPATIBILITY IDEOGRAPH-2F861 */ - {0x2f862, 1, 5261}, /* CJK COMPATIBILITY IDEOGRAPH-2F862 */ - {0x2f863, 1, 5262}, /* CJK COMPATIBILITY IDEOGRAPH-2F863 */ - {0x2f864, 1, 5263}, /* CJK COMPATIBILITY IDEOGRAPH-2F864 */ - {0x2f865, 1, 5264}, /* CJK COMPATIBILITY IDEOGRAPH-2F865 */ - {0x2f866, 1, 5265}, /* CJK COMPATIBILITY IDEOGRAPH-2F866 */ - {0x2f867, 1, 5266}, /* CJK COMPATIBILITY IDEOGRAPH-2F867 */ - {0x2f868, 1, 5267}, /* CJK COMPATIBILITY IDEOGRAPH-2F868 */ - {0x2f869, 1, 5268}, /* CJK COMPATIBILITY IDEOGRAPH-2F869 */ - {0x2f86a, 1, 5269}, /* CJK COMPATIBILITY IDEOGRAPH-2F86A */ - {0x2f86b, 1, 5269}, /* CJK COMPATIBILITY IDEOGRAPH-2F86B */ - {0x2f86c, 1, 5270}, /* CJK COMPATIBILITY IDEOGRAPH-2F86C */ - {0x2f86d, 1, 5271}, /* CJK COMPATIBILITY IDEOGRAPH-2F86D */ - {0x2f86e, 1, 5272}, /* CJK COMPATIBILITY IDEOGRAPH-2F86E */ - {0x2f86f, 1, 3961}, /* CJK COMPATIBILITY IDEOGRAPH-2F86F */ - {0x2f870, 1, 5273}, /* CJK COMPATIBILITY IDEOGRAPH-2F870 */ - {0x2f871, 1, 5274}, /* CJK COMPATIBILITY IDEOGRAPH-2F871 */ - {0x2f872, 1, 5275}, /* CJK COMPATIBILITY IDEOGRAPH-2F872 */ - {0x2f873, 1, 5276}, /* CJK COMPATIBILITY IDEOGRAPH-2F873 */ - {0x2f874, 1, 5277}, /* CJK COMPATIBILITY IDEOGRAPH-2F874 */ - {0x2f875, 1, 2415}, /* CJK COMPATIBILITY IDEOGRAPH-2F875 */ - {0x2f876, 1, 5278}, /* CJK COMPATIBILITY IDEOGRAPH-2F876 */ - {0x2f877, 1, 5279}, /* CJK COMPATIBILITY IDEOGRAPH-2F877 */ - {0x2f878, 1, 2417}, /* CJK COMPATIBILITY IDEOGRAPH-2F878 */ - {0x2f879, 1, 5280}, /* CJK COMPATIBILITY IDEOGRAPH-2F879 */ - {0x2f87a, 1, 5281}, /* CJK COMPATIBILITY IDEOGRAPH-2F87A */ - {0x2f87b, 1, 5282}, /* CJK COMPATIBILITY IDEOGRAPH-2F87B */ - {0x2f87c, 1, 5283}, /* CJK COMPATIBILITY IDEOGRAPH-2F87C */ - {0x2f87d, 1, 5284}, /* CJK COMPATIBILITY IDEOGRAPH-2F87D */ - {0x2f87e, 1, 5285}, /* CJK COMPATIBILITY IDEOGRAPH-2F87E */ - {0x2f87f, 1, 5286}, /* CJK COMPATIBILITY IDEOGRAPH-2F87F */ - {0x2f880, 1, 5287}, /* CJK COMPATIBILITY IDEOGRAPH-2F880 */ - {0x2f881, 1, 5288}, /* CJK COMPATIBILITY IDEOGRAPH-2F881 */ - {0x2f882, 1, 5289}, /* CJK COMPATIBILITY IDEOGRAPH-2F882 */ - {0x2f883, 1, 5290}, /* CJK COMPATIBILITY IDEOGRAPH-2F883 */ - {0x2f884, 1, 5291}, /* CJK COMPATIBILITY IDEOGRAPH-2F884 */ - {0x2f885, 1, 5292}, /* CJK COMPATIBILITY IDEOGRAPH-2F885 */ - {0x2f886, 1, 5293}, /* CJK COMPATIBILITY IDEOGRAPH-2F886 */ - {0x2f887, 1, 5294}, /* CJK COMPATIBILITY IDEOGRAPH-2F887 */ - {0x2f888, 1, 5295}, /* CJK COMPATIBILITY IDEOGRAPH-2F888 */ - {0x2f889, 1, 5296}, /* CJK COMPATIBILITY IDEOGRAPH-2F889 */ - {0x2f88a, 1, 5297}, /* CJK COMPATIBILITY IDEOGRAPH-2F88A */ - {0x2f88b, 1, 5298}, /* CJK COMPATIBILITY IDEOGRAPH-2F88B */ - {0x2f88c, 1, 5299}, /* CJK COMPATIBILITY IDEOGRAPH-2F88C */ - {0x2f88d, 1, 5300}, /* CJK COMPATIBILITY IDEOGRAPH-2F88D */ - {0x2f88e, 1, 3909}, /* CJK COMPATIBILITY IDEOGRAPH-2F88E */ - {0x2f88f, 1, 5301}, /* CJK COMPATIBILITY IDEOGRAPH-2F88F */ - {0x2f890, 1, 2427}, /* CJK COMPATIBILITY IDEOGRAPH-2F890 */ - {0x2f891, 1, 5302}, /* CJK COMPATIBILITY IDEOGRAPH-2F891 */ - {0x2f892, 1, 5302}, /* CJK COMPATIBILITY IDEOGRAPH-2F892 */ - {0x2f893, 1, 5303}, /* CJK COMPATIBILITY IDEOGRAPH-2F893 */ - {0x2f894, 1, 5304}, /* CJK COMPATIBILITY IDEOGRAPH-2F894 */ - {0x2f895, 1, 5304}, /* CJK COMPATIBILITY IDEOGRAPH-2F895 */ - {0x2f896, 1, 5305}, /* CJK COMPATIBILITY IDEOGRAPH-2F896 */ - {0x2f897, 1, 5306}, /* CJK COMPATIBILITY IDEOGRAPH-2F897 */ - {0x2f898, 1, 5307}, /* CJK COMPATIBILITY IDEOGRAPH-2F898 */ - {0x2f899, 1, 5308}, /* CJK COMPATIBILITY IDEOGRAPH-2F899 */ - {0x2f89a, 1, 5309}, /* CJK COMPATIBILITY IDEOGRAPH-2F89A */ - {0x2f89b, 1, 5310}, /* CJK COMPATIBILITY IDEOGRAPH-2F89B */ - {0x2f89c, 1, 5311}, /* CJK COMPATIBILITY IDEOGRAPH-2F89C */ - {0x2f89d, 1, 5312}, /* CJK COMPATIBILITY IDEOGRAPH-2F89D */ - {0x2f89e, 1, 5313}, /* CJK COMPATIBILITY IDEOGRAPH-2F89E */ - {0x2f89f, 1, 5314}, /* CJK COMPATIBILITY IDEOGRAPH-2F89F */ - {0x2f8a0, 1, 5315}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A0 */ - {0x2f8a1, 1, 5316}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A1 */ - {0x2f8a2, 1, 5317}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A2 */ - {0x2f8a3, 1, 4154}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A3 */ - {0x2f8a4, 1, 5318}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A4 */ - {0x2f8a5, 1, 5319}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A5 */ - {0x2f8a6, 1, 5320}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A6 */ - {0x2f8a7, 1, 5321}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A7 */ - {0x2f8a8, 1, 5322}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A8 */ - {0x2f8a9, 1, 5321}, /* CJK COMPATIBILITY IDEOGRAPH-2F8A9 */ - {0x2f8aa, 1, 5323}, /* CJK COMPATIBILITY IDEOGRAPH-2F8AA */ - {0x2f8ab, 1, 4156}, /* CJK COMPATIBILITY IDEOGRAPH-2F8AB */ - {0x2f8ac, 1, 5324}, /* CJK COMPATIBILITY IDEOGRAPH-2F8AC */ - {0x2f8ad, 1, 5325}, /* CJK COMPATIBILITY IDEOGRAPH-2F8AD */ - {0x2f8ae, 1, 5326}, /* CJK COMPATIBILITY IDEOGRAPH-2F8AE */ - {0x2f8af, 1, 5327}, /* CJK COMPATIBILITY IDEOGRAPH-2F8AF */ - {0x2f8b0, 1, 4157}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B0 */ - {0x2f8b1, 1, 3882}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B1 */ - {0x2f8b2, 1, 3553}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B2 */ - {0x2f8b3, 1, 5328}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B3 */ - {0x2f8b4, 1, 5329}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B4 */ - {0x2f8b5, 1, 5330}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B5 */ - {0x2f8b6, 1, 5331}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B6 */ - {0x2f8b7, 1, 5332}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B7 */ - {0x2f8b8, 1, 5333}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B8 */ - {0x2f8b9, 1, 5334}, /* CJK COMPATIBILITY IDEOGRAPH-2F8B9 */ - {0x2f8ba, 1, 5335}, /* CJK COMPATIBILITY IDEOGRAPH-2F8BA */ - {0x2f8bb, 1, 5336}, /* CJK COMPATIBILITY IDEOGRAPH-2F8BB */ - {0x2f8bc, 1, 5337}, /* CJK COMPATIBILITY IDEOGRAPH-2F8BC */ - {0x2f8bd, 1, 5338}, /* CJK COMPATIBILITY IDEOGRAPH-2F8BD */ - {0x2f8be, 1, 5339}, /* CJK COMPATIBILITY IDEOGRAPH-2F8BE */ - {0x2f8bf, 1, 5340}, /* CJK COMPATIBILITY IDEOGRAPH-2F8BF */ - {0x2f8c0, 1, 5341}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C0 */ - {0x2f8c1, 1, 5342}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C1 */ - {0x2f8c2, 1, 5343}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C2 */ - {0x2f8c3, 1, 5344}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C3 */ - {0x2f8c4, 1, 5345}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C4 */ - {0x2f8c5, 1, 5346}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C5 */ - {0x2f8c6, 1, 5347}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C6 */ - {0x2f8c7, 1, 5348}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C7 */ - {0x2f8c8, 1, 4158}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C8 */ - {0x2f8c9, 1, 5349}, /* CJK COMPATIBILITY IDEOGRAPH-2F8C9 */ - {0x2f8ca, 1, 5350}, /* CJK COMPATIBILITY IDEOGRAPH-2F8CA */ - {0x2f8cb, 1, 5351}, /* CJK COMPATIBILITY IDEOGRAPH-2F8CB */ - {0x2f8cc, 1, 5352}, /* CJK COMPATIBILITY IDEOGRAPH-2F8CC */ - {0x2f8cd, 1, 5353}, /* CJK COMPATIBILITY IDEOGRAPH-2F8CD */ - {0x2f8ce, 1, 5354}, /* CJK COMPATIBILITY IDEOGRAPH-2F8CE */ - {0x2f8cf, 1, 4160}, /* CJK COMPATIBILITY IDEOGRAPH-2F8CF */ - {0x2f8d0, 1, 5355}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D0 */ - {0x2f8d1, 1, 5356}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D1 */ - {0x2f8d2, 1, 5357}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D2 */ - {0x2f8d3, 1, 5358}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D3 */ - {0x2f8d4, 1, 5359}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D4 */ - {0x2f8d5, 1, 5360}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D5 */ - {0x2f8d6, 1, 5361}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D6 */ - {0x2f8d7, 1, 5362}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D7 */ - {0x2f8d8, 1, 3910}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D8 */ - {0x2f8d9, 1, 5363}, /* CJK COMPATIBILITY IDEOGRAPH-2F8D9 */ - {0x2f8da, 1, 5364}, /* CJK COMPATIBILITY IDEOGRAPH-2F8DA */ - {0x2f8db, 1, 5365}, /* CJK COMPATIBILITY IDEOGRAPH-2F8DB */ - {0x2f8dc, 1, 5366}, /* CJK COMPATIBILITY IDEOGRAPH-2F8DC */ - {0x2f8dd, 1, 5367}, /* CJK COMPATIBILITY IDEOGRAPH-2F8DD */ - {0x2f8de, 1, 5368}, /* CJK COMPATIBILITY IDEOGRAPH-2F8DE */ - {0x2f8df, 1, 5369}, /* CJK COMPATIBILITY IDEOGRAPH-2F8DF */ - {0x2f8e0, 1, 5370}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E0 */ - {0x2f8e1, 1, 5371}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E1 */ - {0x2f8e2, 1, 4161}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E2 */ - {0x2f8e3, 1, 5372}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E3 */ - {0x2f8e4, 1, 5373}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E4 */ - {0x2f8e5, 1, 5374}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E5 */ - {0x2f8e6, 1, 5375}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E6 */ - {0x2f8e7, 1, 5376}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E7 */ - {0x2f8e8, 1, 5377}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E8 */ - {0x2f8e9, 1, 5378}, /* CJK COMPATIBILITY IDEOGRAPH-2F8E9 */ - {0x2f8ea, 1, 5379}, /* CJK COMPATIBILITY IDEOGRAPH-2F8EA */ - {0x2f8eb, 1, 5380}, /* CJK COMPATIBILITY IDEOGRAPH-2F8EB */ - {0x2f8ec, 1, 5381}, /* CJK COMPATIBILITY IDEOGRAPH-2F8EC */ - {0x2f8ed, 1, 5382}, /* CJK COMPATIBILITY IDEOGRAPH-2F8ED */ - {0x2f8ee, 1, 5383}, /* CJK COMPATIBILITY IDEOGRAPH-2F8EE */ - {0x2f8ef, 1, 5384}, /* CJK COMPATIBILITY IDEOGRAPH-2F8EF */ - {0x2f8f0, 1, 5385}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F0 */ - {0x2f8f1, 1, 5386}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F1 */ - {0x2f8f2, 1, 5387}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F2 */ - {0x2f8f3, 1, 5388}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F3 */ - {0x2f8f4, 1, 5389}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F4 */ - {0x2f8f5, 1, 3978}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F5 */ - {0x2f8f6, 1, 5390}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F6 */ - {0x2f8f7, 1, 5391}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F7 */ - {0x2f8f8, 1, 5392}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F8 */ - {0x2f8f9, 1, 5393}, /* CJK COMPATIBILITY IDEOGRAPH-2F8F9 */ - {0x2f8fa, 1, 5394}, /* CJK COMPATIBILITY IDEOGRAPH-2F8FA */ - {0x2f8fb, 1, 5395}, /* CJK COMPATIBILITY IDEOGRAPH-2F8FB */ - {0x2f8fc, 1, 5396}, /* CJK COMPATIBILITY IDEOGRAPH-2F8FC */ - {0x2f8fd, 1, 5397}, /* CJK COMPATIBILITY IDEOGRAPH-2F8FD */ - {0x2f8fe, 1, 5398}, /* CJK COMPATIBILITY IDEOGRAPH-2F8FE */ - {0x2f8ff, 1, 5399}, /* CJK COMPATIBILITY IDEOGRAPH-2F8FF */ - {0x2f900, 1, 5400}, /* CJK COMPATIBILITY IDEOGRAPH-2F900 */ - {0x2f901, 1, 4162}, /* CJK COMPATIBILITY IDEOGRAPH-2F901 */ - {0x2f902, 1, 4061}, /* CJK COMPATIBILITY IDEOGRAPH-2F902 */ - {0x2f903, 1, 5401}, /* CJK COMPATIBILITY IDEOGRAPH-2F903 */ - {0x2f904, 1, 5402}, /* CJK COMPATIBILITY IDEOGRAPH-2F904 */ - {0x2f905, 1, 5403}, /* CJK COMPATIBILITY IDEOGRAPH-2F905 */ - {0x2f906, 1, 5404}, /* CJK COMPATIBILITY IDEOGRAPH-2F906 */ - {0x2f907, 1, 5405}, /* CJK COMPATIBILITY IDEOGRAPH-2F907 */ - {0x2f908, 1, 5406}, /* CJK COMPATIBILITY IDEOGRAPH-2F908 */ - {0x2f909, 1, 5407}, /* CJK COMPATIBILITY IDEOGRAPH-2F909 */ - {0x2f90a, 1, 5408}, /* CJK COMPATIBILITY IDEOGRAPH-2F90A */ - {0x2f90b, 1, 5409}, /* CJK COMPATIBILITY IDEOGRAPH-2F90B */ - {0x2f90c, 1, 5410}, /* CJK COMPATIBILITY IDEOGRAPH-2F90C */ - {0x2f90d, 1, 5411}, /* CJK COMPATIBILITY IDEOGRAPH-2F90D */ - {0x2f90e, 1, 5412}, /* CJK COMPATIBILITY IDEOGRAPH-2F90E */ - {0x2f90f, 1, 5413}, /* CJK COMPATIBILITY IDEOGRAPH-2F90F */ - {0x2f910, 1, 5414}, /* CJK COMPATIBILITY IDEOGRAPH-2F910 */ - {0x2f911, 1, 5415}, /* CJK COMPATIBILITY IDEOGRAPH-2F911 */ - {0x2f912, 1, 5416}, /* CJK COMPATIBILITY IDEOGRAPH-2F912 */ - {0x2f913, 1, 5417}, /* CJK COMPATIBILITY IDEOGRAPH-2F913 */ - {0x2f914, 1, 5418}, /* CJK COMPATIBILITY IDEOGRAPH-2F914 */ - {0x2f915, 1, 5419}, /* CJK COMPATIBILITY IDEOGRAPH-2F915 */ - {0x2f916, 1, 5420}, /* CJK COMPATIBILITY IDEOGRAPH-2F916 */ - {0x2f917, 1, 5421}, /* CJK COMPATIBILITY IDEOGRAPH-2F917 */ - {0x2f918, 1, 5422}, /* CJK COMPATIBILITY IDEOGRAPH-2F918 */ - {0x2f919, 1, 5423}, /* CJK COMPATIBILITY IDEOGRAPH-2F919 */ - {0x2f91a, 1, 5424}, /* CJK COMPATIBILITY IDEOGRAPH-2F91A */ - {0x2f91b, 1, 5425}, /* CJK COMPATIBILITY IDEOGRAPH-2F91B */ - {0x2f91c, 1, 5426}, /* CJK COMPATIBILITY IDEOGRAPH-2F91C */ - {0x2f91d, 1, 5427}, /* CJK COMPATIBILITY IDEOGRAPH-2F91D */ - {0x2f91e, 1, 5428}, /* CJK COMPATIBILITY IDEOGRAPH-2F91E */ - {0x2f91f, 1, 5429}, /* CJK COMPATIBILITY IDEOGRAPH-2F91F */ - {0x2f920, 1, 5430}, /* CJK COMPATIBILITY IDEOGRAPH-2F920 */ - {0x2f921, 1, 5431}, /* CJK COMPATIBILITY IDEOGRAPH-2F921 */ - {0x2f922, 1, 5432}, /* CJK COMPATIBILITY IDEOGRAPH-2F922 */ - {0x2f923, 1, 5433}, /* CJK COMPATIBILITY IDEOGRAPH-2F923 */ - {0x2f924, 1, 5434}, /* CJK COMPATIBILITY IDEOGRAPH-2F924 */ - {0x2f925, 1, 5435}, /* CJK COMPATIBILITY IDEOGRAPH-2F925 */ - {0x2f926, 1, 5436}, /* CJK COMPATIBILITY IDEOGRAPH-2F926 */ - {0x2f927, 1, 5437}, /* CJK COMPATIBILITY IDEOGRAPH-2F927 */ - {0x2f928, 1, 5438}, /* CJK COMPATIBILITY IDEOGRAPH-2F928 */ - {0x2f929, 1, 5439}, /* CJK COMPATIBILITY IDEOGRAPH-2F929 */ - {0x2f92a, 1, 5440}, /* CJK COMPATIBILITY IDEOGRAPH-2F92A */ - {0x2f92b, 1, 5441}, /* CJK COMPATIBILITY IDEOGRAPH-2F92B */ - {0x2f92c, 1, 5442}, /* CJK COMPATIBILITY IDEOGRAPH-2F92C */ - {0x2f92d, 1, 5442}, /* CJK COMPATIBILITY IDEOGRAPH-2F92D */ - {0x2f92e, 1, 5443}, /* CJK COMPATIBILITY IDEOGRAPH-2F92E */ - {0x2f92f, 1, 5444}, /* CJK COMPATIBILITY IDEOGRAPH-2F92F */ - {0x2f930, 1, 5445}, /* CJK COMPATIBILITY IDEOGRAPH-2F930 */ - {0x2f931, 1, 5446}, /* CJK COMPATIBILITY IDEOGRAPH-2F931 */ - {0x2f932, 1, 5447}, /* CJK COMPATIBILITY IDEOGRAPH-2F932 */ - {0x2f933, 1, 5448}, /* CJK COMPATIBILITY IDEOGRAPH-2F933 */ - {0x2f934, 1, 5449}, /* CJK COMPATIBILITY IDEOGRAPH-2F934 */ - {0x2f935, 1, 5450}, /* CJK COMPATIBILITY IDEOGRAPH-2F935 */ - {0x2f936, 1, 5451}, /* CJK COMPATIBILITY IDEOGRAPH-2F936 */ - {0x2f937, 1, 5452}, /* CJK COMPATIBILITY IDEOGRAPH-2F937 */ - {0x2f938, 1, 3964}, /* CJK COMPATIBILITY IDEOGRAPH-2F938 */ - {0x2f939, 1, 5453}, /* CJK COMPATIBILITY IDEOGRAPH-2F939 */ - {0x2f93a, 1, 5454}, /* CJK COMPATIBILITY IDEOGRAPH-2F93A */ - {0x2f93b, 1, 5455}, /* CJK COMPATIBILITY IDEOGRAPH-2F93B */ - {0x2f93c, 1, 5456}, /* CJK COMPATIBILITY IDEOGRAPH-2F93C */ - {0x2f93d, 1, 5457}, /* CJK COMPATIBILITY IDEOGRAPH-2F93D */ - {0x2f93e, 1, 5458}, /* CJK COMPATIBILITY IDEOGRAPH-2F93E */ - {0x2f93f, 1, 5459}, /* CJK COMPATIBILITY IDEOGRAPH-2F93F */ - {0x2f940, 1, 5460}, /* CJK COMPATIBILITY IDEOGRAPH-2F940 */ - {0x2f941, 1, 5461}, /* CJK COMPATIBILITY IDEOGRAPH-2F941 */ - {0x2f942, 1, 5462}, /* CJK COMPATIBILITY IDEOGRAPH-2F942 */ - {0x2f943, 1, 5463}, /* CJK COMPATIBILITY IDEOGRAPH-2F943 */ - {0x2f944, 1, 5464}, /* CJK COMPATIBILITY IDEOGRAPH-2F944 */ - {0x2f945, 1, 5465}, /* CJK COMPATIBILITY IDEOGRAPH-2F945 */ - {0x2f946, 1, 5466}, /* CJK COMPATIBILITY IDEOGRAPH-2F946 */ - {0x2f947, 1, 5466}, /* CJK COMPATIBILITY IDEOGRAPH-2F947 */ - {0x2f948, 1, 5467}, /* CJK COMPATIBILITY IDEOGRAPH-2F948 */ - {0x2f949, 1, 5468}, /* CJK COMPATIBILITY IDEOGRAPH-2F949 */ - {0x2f94a, 1, 5469}, /* CJK COMPATIBILITY IDEOGRAPH-2F94A */ - {0x2f94b, 1, 5470}, /* CJK COMPATIBILITY IDEOGRAPH-2F94B */ - {0x2f94c, 1, 5471}, /* CJK COMPATIBILITY IDEOGRAPH-2F94C */ - {0x2f94d, 1, 5472}, /* CJK COMPATIBILITY IDEOGRAPH-2F94D */ - {0x2f94e, 1, 5473}, /* CJK COMPATIBILITY IDEOGRAPH-2F94E */ - {0x2f94f, 1, 3927}, /* CJK COMPATIBILITY IDEOGRAPH-2F94F */ - {0x2f950, 1, 5474}, /* CJK COMPATIBILITY IDEOGRAPH-2F950 */ - {0x2f951, 1, 5475}, /* CJK COMPATIBILITY IDEOGRAPH-2F951 */ - {0x2f952, 1, 5476}, /* CJK COMPATIBILITY IDEOGRAPH-2F952 */ - {0x2f953, 1, 4172}, /* CJK COMPATIBILITY IDEOGRAPH-2F953 */ - {0x2f954, 1, 5477}, /* CJK COMPATIBILITY IDEOGRAPH-2F954 */ - {0x2f955, 1, 5478}, /* CJK COMPATIBILITY IDEOGRAPH-2F955 */ - {0x2f956, 1, 4131}, /* CJK COMPATIBILITY IDEOGRAPH-2F956 */ - {0x2f957, 1, 5479}, /* CJK COMPATIBILITY IDEOGRAPH-2F957 */ - {0x2f958, 1, 5480}, /* CJK COMPATIBILITY IDEOGRAPH-2F958 */ - {0x2f959, 1, 4175}, /* CJK COMPATIBILITY IDEOGRAPH-2F959 */ - {0x2f95a, 1, 5481}, /* CJK COMPATIBILITY IDEOGRAPH-2F95A */ - {0x2f95b, 1, 5482}, /* CJK COMPATIBILITY IDEOGRAPH-2F95B */ - {0x2f95c, 1, 5483}, /* CJK COMPATIBILITY IDEOGRAPH-2F95C */ - {0x2f95d, 1, 5484}, /* CJK COMPATIBILITY IDEOGRAPH-2F95D */ - {0x2f95e, 1, 5484}, /* CJK COMPATIBILITY IDEOGRAPH-2F95E */ - {0x2f95f, 1, 5485}, /* CJK COMPATIBILITY IDEOGRAPH-2F95F */ - {0x2f960, 1, 5486}, /* CJK COMPATIBILITY IDEOGRAPH-2F960 */ - {0x2f961, 1, 5487}, /* CJK COMPATIBILITY IDEOGRAPH-2F961 */ - {0x2f962, 1, 5488}, /* CJK COMPATIBILITY IDEOGRAPH-2F962 */ - {0x2f963, 1, 5489}, /* CJK COMPATIBILITY IDEOGRAPH-2F963 */ - {0x2f964, 1, 5490}, /* CJK COMPATIBILITY IDEOGRAPH-2F964 */ - {0x2f965, 1, 5491}, /* CJK COMPATIBILITY IDEOGRAPH-2F965 */ - {0x2f966, 1, 5492}, /* CJK COMPATIBILITY IDEOGRAPH-2F966 */ - {0x2f967, 1, 5493}, /* CJK COMPATIBILITY IDEOGRAPH-2F967 */ - {0x2f968, 1, 5494}, /* CJK COMPATIBILITY IDEOGRAPH-2F968 */ - {0x2f969, 1, 5495}, /* CJK COMPATIBILITY IDEOGRAPH-2F969 */ - {0x2f96a, 1, 5496}, /* CJK COMPATIBILITY IDEOGRAPH-2F96A */ - {0x2f96b, 1, 5497}, /* CJK COMPATIBILITY IDEOGRAPH-2F96B */ - {0x2f96c, 1, 5498}, /* CJK COMPATIBILITY IDEOGRAPH-2F96C */ - {0x2f96d, 1, 5499}, /* CJK COMPATIBILITY IDEOGRAPH-2F96D */ - {0x2f96e, 1, 5500}, /* CJK COMPATIBILITY IDEOGRAPH-2F96E */ - {0x2f96f, 1, 5501}, /* CJK COMPATIBILITY IDEOGRAPH-2F96F */ - {0x2f970, 1, 5502}, /* CJK COMPATIBILITY IDEOGRAPH-2F970 */ - {0x2f971, 1, 5503}, /* CJK COMPATIBILITY IDEOGRAPH-2F971 */ - {0x2f972, 1, 5504}, /* CJK COMPATIBILITY IDEOGRAPH-2F972 */ - {0x2f973, 1, 5505}, /* CJK COMPATIBILITY IDEOGRAPH-2F973 */ - {0x2f974, 1, 5506}, /* CJK COMPATIBILITY IDEOGRAPH-2F974 */ - {0x2f975, 1, 5507}, /* CJK COMPATIBILITY IDEOGRAPH-2F975 */ - {0x2f976, 1, 5508}, /* CJK COMPATIBILITY IDEOGRAPH-2F976 */ - {0x2f977, 1, 5509}, /* CJK COMPATIBILITY IDEOGRAPH-2F977 */ - {0x2f978, 1, 5510}, /* CJK COMPATIBILITY IDEOGRAPH-2F978 */ - {0x2f979, 1, 5511}, /* CJK COMPATIBILITY IDEOGRAPH-2F979 */ - {0x2f97a, 1, 4181}, /* CJK COMPATIBILITY IDEOGRAPH-2F97A */ - {0x2f97b, 1, 5512}, /* CJK COMPATIBILITY IDEOGRAPH-2F97B */ - {0x2f97c, 1, 5513}, /* CJK COMPATIBILITY IDEOGRAPH-2F97C */ - {0x2f97d, 1, 5514}, /* CJK COMPATIBILITY IDEOGRAPH-2F97D */ - {0x2f97e, 1, 5515}, /* CJK COMPATIBILITY IDEOGRAPH-2F97E */ - {0x2f97f, 1, 5516}, /* CJK COMPATIBILITY IDEOGRAPH-2F97F */ - {0x2f980, 1, 5517}, /* CJK COMPATIBILITY IDEOGRAPH-2F980 */ - {0x2f981, 1, 5518}, /* CJK COMPATIBILITY IDEOGRAPH-2F981 */ - {0x2f982, 1, 5519}, /* CJK COMPATIBILITY IDEOGRAPH-2F982 */ - {0x2f983, 1, 5520}, /* CJK COMPATIBILITY IDEOGRAPH-2F983 */ - {0x2f984, 1, 5521}, /* CJK COMPATIBILITY IDEOGRAPH-2F984 */ - {0x2f985, 1, 5522}, /* CJK COMPATIBILITY IDEOGRAPH-2F985 */ - {0x2f986, 1, 5523}, /* CJK COMPATIBILITY IDEOGRAPH-2F986 */ - {0x2f987, 1, 5524}, /* CJK COMPATIBILITY IDEOGRAPH-2F987 */ - {0x2f988, 1, 5525}, /* CJK COMPATIBILITY IDEOGRAPH-2F988 */ - {0x2f989, 1, 5526}, /* CJK COMPATIBILITY IDEOGRAPH-2F989 */ - {0x2f98a, 1, 5527}, /* CJK COMPATIBILITY IDEOGRAPH-2F98A */ - {0x2f98b, 1, 5303}, /* CJK COMPATIBILITY IDEOGRAPH-2F98B */ - {0x2f98c, 1, 5528}, /* CJK COMPATIBILITY IDEOGRAPH-2F98C */ - {0x2f98d, 1, 5529}, /* CJK COMPATIBILITY IDEOGRAPH-2F98D */ - {0x2f98e, 1, 5530}, /* CJK COMPATIBILITY IDEOGRAPH-2F98E */ - {0x2f98f, 1, 5531}, /* CJK COMPATIBILITY IDEOGRAPH-2F98F */ - {0x2f990, 1, 5532}, /* CJK COMPATIBILITY IDEOGRAPH-2F990 */ - {0x2f991, 1, 5533}, /* CJK COMPATIBILITY IDEOGRAPH-2F991 */ - {0x2f992, 1, 5534}, /* CJK COMPATIBILITY IDEOGRAPH-2F992 */ - {0x2f993, 1, 5535}, /* CJK COMPATIBILITY IDEOGRAPH-2F993 */ - {0x2f994, 1, 5536}, /* CJK COMPATIBILITY IDEOGRAPH-2F994 */ - {0x2f995, 1, 5537}, /* CJK COMPATIBILITY IDEOGRAPH-2F995 */ - {0x2f996, 1, 5538}, /* CJK COMPATIBILITY IDEOGRAPH-2F996 */ - {0x2f997, 1, 5539}, /* CJK COMPATIBILITY IDEOGRAPH-2F997 */ - {0x2f998, 1, 3981}, /* CJK COMPATIBILITY IDEOGRAPH-2F998 */ - {0x2f999, 1, 5540}, /* CJK COMPATIBILITY IDEOGRAPH-2F999 */ - {0x2f99a, 1, 5541}, /* CJK COMPATIBILITY IDEOGRAPH-2F99A */ - {0x2f99b, 1, 5542}, /* CJK COMPATIBILITY IDEOGRAPH-2F99B */ - {0x2f99c, 1, 5543}, /* CJK COMPATIBILITY IDEOGRAPH-2F99C */ - {0x2f99d, 1, 5544}, /* CJK COMPATIBILITY IDEOGRAPH-2F99D */ - {0x2f99e, 1, 5545}, /* CJK COMPATIBILITY IDEOGRAPH-2F99E */ - {0x2f99f, 1, 4184}, /* CJK COMPATIBILITY IDEOGRAPH-2F99F */ - {0x2f9a0, 1, 5546}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A0 */ - {0x2f9a1, 1, 5547}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A1 */ - {0x2f9a2, 1, 5548}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A2 */ - {0x2f9a3, 1, 5549}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A3 */ - {0x2f9a4, 1, 5550}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A4 */ - {0x2f9a5, 1, 5551}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A5 */ - {0x2f9a6, 1, 5552}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A6 */ - {0x2f9a7, 1, 5553}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A7 */ - {0x2f9a8, 1, 5554}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A8 */ - {0x2f9a9, 1, 5555}, /* CJK COMPATIBILITY IDEOGRAPH-2F9A9 */ - {0x2f9aa, 1, 5556}, /* CJK COMPATIBILITY IDEOGRAPH-2F9AA */ - {0x2f9ab, 1, 5557}, /* CJK COMPATIBILITY IDEOGRAPH-2F9AB */ - {0x2f9ac, 1, 5558}, /* CJK COMPATIBILITY IDEOGRAPH-2F9AC */ - {0x2f9ad, 1, 5559}, /* CJK COMPATIBILITY IDEOGRAPH-2F9AD */ - {0x2f9ae, 1, 5560}, /* CJK COMPATIBILITY IDEOGRAPH-2F9AE */ - {0x2f9af, 1, 5561}, /* CJK COMPATIBILITY IDEOGRAPH-2F9AF */ - {0x2f9b0, 1, 5562}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B0 */ - {0x2f9b1, 1, 5563}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B1 */ - {0x2f9b2, 1, 5564}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B2 */ - {0x2f9b3, 1, 5565}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B3 */ - {0x2f9b4, 1, 3922}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B4 */ - {0x2f9b5, 1, 5566}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B5 */ - {0x2f9b6, 1, 5567}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B6 */ - {0x2f9b7, 1, 5568}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B7 */ - {0x2f9b8, 1, 5569}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B8 */ - {0x2f9b9, 1, 5570}, /* CJK COMPATIBILITY IDEOGRAPH-2F9B9 */ - {0x2f9ba, 1, 5571}, /* CJK COMPATIBILITY IDEOGRAPH-2F9BA */ - {0x2f9bb, 1, 5572}, /* CJK COMPATIBILITY IDEOGRAPH-2F9BB */ - {0x2f9bc, 1, 5573}, /* CJK COMPATIBILITY IDEOGRAPH-2F9BC */ - {0x2f9bd, 1, 5574}, /* CJK COMPATIBILITY IDEOGRAPH-2F9BD */ - {0x2f9be, 1, 5575}, /* CJK COMPATIBILITY IDEOGRAPH-2F9BE */ - {0x2f9bf, 1, 5576}, /* CJK COMPATIBILITY IDEOGRAPH-2F9BF */ - {0x2f9c0, 1, 5577}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C0 */ - {0x2f9c1, 1, 5578}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C1 */ - {0x2f9c2, 1, 5579}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C2 */ - {0x2f9c3, 1, 5580}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C3 */ - {0x2f9c4, 1, 2517}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C4 */ - {0x2f9c5, 1, 5581}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C5 */ - {0x2f9c6, 1, 5582}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C6 */ - {0x2f9c7, 1, 5583}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C7 */ - {0x2f9c8, 1, 5584}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C8 */ - {0x2f9c9, 1, 5585}, /* CJK COMPATIBILITY IDEOGRAPH-2F9C9 */ - {0x2f9ca, 1, 5586}, /* CJK COMPATIBILITY IDEOGRAPH-2F9CA */ - {0x2f9cb, 1, 5587}, /* CJK COMPATIBILITY IDEOGRAPH-2F9CB */ - {0x2f9cc, 1, 5588}, /* CJK COMPATIBILITY IDEOGRAPH-2F9CC */ - {0x2f9cd, 1, 5589}, /* CJK COMPATIBILITY IDEOGRAPH-2F9CD */ - {0x2f9ce, 1, 5590}, /* CJK COMPATIBILITY IDEOGRAPH-2F9CE */ - {0x2f9cf, 1, 5591}, /* CJK COMPATIBILITY IDEOGRAPH-2F9CF */ - {0x2f9d0, 1, 5592}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D0 */ - {0x2f9d1, 1, 5593}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D1 */ - {0x2f9d2, 1, 2524}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D2 */ - {0x2f9d3, 1, 5594}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D3 */ - {0x2f9d4, 1, 5595}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D4 */ - {0x2f9d5, 1, 5596}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D5 */ - {0x2f9d6, 1, 5597}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D6 */ - {0x2f9d7, 1, 5598}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D7 */ - {0x2f9d8, 1, 5599}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D8 */ - {0x2f9d9, 1, 5600}, /* CJK COMPATIBILITY IDEOGRAPH-2F9D9 */ - {0x2f9da, 1, 5601}, /* CJK COMPATIBILITY IDEOGRAPH-2F9DA */ - {0x2f9db, 1, 5602}, /* CJK COMPATIBILITY IDEOGRAPH-2F9DB */ - {0x2f9dc, 1, 5603}, /* CJK COMPATIBILITY IDEOGRAPH-2F9DC */ - {0x2f9dd, 1, 5604}, /* CJK COMPATIBILITY IDEOGRAPH-2F9DD */ - {0x2f9de, 1, 5605}, /* CJK COMPATIBILITY IDEOGRAPH-2F9DE */ - {0x2f9df, 1, 5606}, /* CJK COMPATIBILITY IDEOGRAPH-2F9DF */ - {0x2f9e0, 1, 5607}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E0 */ - {0x2f9e1, 1, 5608}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E1 */ - {0x2f9e2, 1, 5609}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E2 */ - {0x2f9e3, 1, 5610}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E3 */ - {0x2f9e4, 1, 5611}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E4 */ - {0x2f9e5, 1, 5612}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E5 */ - {0x2f9e6, 1, 5613}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E6 */ - {0x2f9e7, 1, 5614}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E7 */ - {0x2f9e8, 1, 5615}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E8 */ - {0x2f9e9, 1, 5616}, /* CJK COMPATIBILITY IDEOGRAPH-2F9E9 */ - {0x2f9ea, 1, 5617}, /* CJK COMPATIBILITY IDEOGRAPH-2F9EA */ - {0x2f9eb, 1, 5618}, /* CJK COMPATIBILITY IDEOGRAPH-2F9EB */ - {0x2f9ec, 1, 5619}, /* CJK COMPATIBILITY IDEOGRAPH-2F9EC */ - {0x2f9ed, 1, 5620}, /* CJK COMPATIBILITY IDEOGRAPH-2F9ED */ - {0x2f9ee, 1, 5621}, /* CJK COMPATIBILITY IDEOGRAPH-2F9EE */ - {0x2f9ef, 1, 5622}, /* CJK COMPATIBILITY IDEOGRAPH-2F9EF */ - {0x2f9f0, 1, 5623}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F0 */ - {0x2f9f1, 1, 5624}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F1 */ - {0x2f9f2, 1, 5625}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F2 */ - {0x2f9f3, 1, 5626}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F3 */ - {0x2f9f4, 1, 5627}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F4 */ - {0x2f9f5, 1, 5628}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F5 */ - {0x2f9f6, 1, 5629}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F6 */ - {0x2f9f7, 1, 5630}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F7 */ - {0x2f9f8, 1, 5631}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F8 */ - {0x2f9f9, 1, 5632}, /* CJK COMPATIBILITY IDEOGRAPH-2F9F9 */ - {0x2f9fa, 1, 5633}, /* CJK COMPATIBILITY IDEOGRAPH-2F9FA */ - {0x2f9fb, 1, 5634}, /* CJK COMPATIBILITY IDEOGRAPH-2F9FB */ - {0x2f9fc, 1, 5635}, /* CJK COMPATIBILITY IDEOGRAPH-2F9FC */ - {0x2f9fd, 1, 5636}, /* CJK COMPATIBILITY IDEOGRAPH-2F9FD */ - {0x2f9fe, 1, 5637}, /* CJK COMPATIBILITY IDEOGRAPH-2F9FE */ - {0x2f9ff, 1, 5637}, /* CJK COMPATIBILITY IDEOGRAPH-2F9FF */ - {0x2fa00, 1, 5638}, /* CJK COMPATIBILITY IDEOGRAPH-2FA00 */ - {0x2fa01, 1, 5639}, /* CJK COMPATIBILITY IDEOGRAPH-2FA01 */ - {0x2fa02, 1, 5640}, /* CJK COMPATIBILITY IDEOGRAPH-2FA02 */ - {0x2fa03, 1, 5641}, /* CJK COMPATIBILITY IDEOGRAPH-2FA03 */ - {0x2fa04, 1, 5642}, /* CJK COMPATIBILITY IDEOGRAPH-2FA04 */ - {0x2fa05, 1, 5643}, /* CJK COMPATIBILITY IDEOGRAPH-2FA05 */ - {0x2fa06, 1, 5644}, /* CJK COMPATIBILITY IDEOGRAPH-2FA06 */ - {0x2fa07, 1, 5645}, /* CJK COMPATIBILITY IDEOGRAPH-2FA07 */ - {0x2fa08, 1, 5646}, /* CJK COMPATIBILITY IDEOGRAPH-2FA08 */ - {0x2fa09, 1, 5647}, /* CJK COMPATIBILITY IDEOGRAPH-2FA09 */ - {0x2fa0a, 1, 5648}, /* CJK COMPATIBILITY IDEOGRAPH-2FA0A */ - {0x2fa0b, 1, 5649}, /* CJK COMPATIBILITY IDEOGRAPH-2FA0B */ - {0x2fa0c, 1, 5650}, /* CJK COMPATIBILITY IDEOGRAPH-2FA0C */ - {0x2fa0d, 1, 5651}, /* CJK COMPATIBILITY IDEOGRAPH-2FA0D */ - {0x2fa0e, 1, 5652}, /* CJK COMPATIBILITY IDEOGRAPH-2FA0E */ - {0x2fa0f, 1, 5653}, /* CJK COMPATIBILITY IDEOGRAPH-2FA0F */ - {0x2fa10, 1, 5654}, /* CJK COMPATIBILITY IDEOGRAPH-2FA10 */ - {0x2fa11, 1, 5655}, /* CJK COMPATIBILITY IDEOGRAPH-2FA11 */ - {0x2fa12, 1, 5656}, /* CJK COMPATIBILITY IDEOGRAPH-2FA12 */ - {0x2fa13, 1, 5657}, /* CJK COMPATIBILITY IDEOGRAPH-2FA13 */ - {0x2fa14, 1, 5658}, /* CJK COMPATIBILITY IDEOGRAPH-2FA14 */ - {0x2fa15, 1, 2572}, /* CJK COMPATIBILITY IDEOGRAPH-2FA15 */ - {0x2fa16, 1, 5659}, /* CJK COMPATIBILITY IDEOGRAPH-2FA16 */ - {0x2fa17, 1, 2576}, /* CJK COMPATIBILITY IDEOGRAPH-2FA17 */ - {0x2fa18, 1, 5660}, /* CJK COMPATIBILITY IDEOGRAPH-2FA18 */ - {0x2fa19, 1, 5661}, /* CJK COMPATIBILITY IDEOGRAPH-2FA19 */ - {0x2fa1a, 1, 5662}, /* CJK COMPATIBILITY IDEOGRAPH-2FA1A */ - {0x2fa1b, 1, 5663}, /* CJK COMPATIBILITY IDEOGRAPH-2FA1B */ - {0x2fa1c, 1, 2581}, /* CJK COMPATIBILITY IDEOGRAPH-2FA1C */ - {0x2fa1d, 1, 5664}, /* CJK COMPATIBILITY IDEOGRAPH-2FA1D */ -}; - -const size_t _wind_normalize_table_size = 5224; - -const uint32_t _wind_normalize_val_table[] = { - 0x20, - 0x20, - 0x308, - 0x61, - 0x20, - 0x304, - 0x32, - 0x33, - 0x20, - 0x301, - 0x3bc, - 0x20, - 0x327, - 0x31, - 0x6f, - 0x31, - 0x2044, - 0x34, - 0x31, - 0x2044, - 0x32, - 0x33, - 0x2044, - 0x34, - 0x41, - 0x300, - 0x41, - 0x301, - 0x41, - 0x302, - 0x41, - 0x303, - 0x41, - 0x308, - 0x41, - 0x30a, - 0x43, - 0x327, - 0x45, - 0x300, - 0x45, - 0x301, - 0x45, - 0x302, - 0x45, - 0x308, - 0x49, - 0x300, - 0x49, - 0x301, - 0x49, - 0x302, - 0x49, - 0x308, - 0x4e, - 0x303, - 0x4f, - 0x300, - 0x4f, - 0x301, - 0x4f, - 0x302, - 0x4f, - 0x303, - 0x4f, - 0x308, - 0x55, - 0x300, - 0x55, - 0x301, - 0x55, - 0x302, - 0x55, - 0x308, - 0x59, - 0x301, - 0x61, - 0x300, - 0x61, - 0x301, - 0x61, - 0x302, - 0x61, - 0x303, - 0x61, - 0x308, - 0x61, - 0x30a, - 0x63, - 0x327, - 0x65, - 0x300, - 0x65, - 0x301, - 0x65, - 0x302, - 0x65, - 0x308, - 0x69, - 0x300, - 0x69, - 0x301, - 0x69, - 0x302, - 0x69, - 0x308, - 0x6e, - 0x303, - 0x6f, - 0x300, - 0x6f, - 0x301, - 0x6f, - 0x302, - 0x6f, - 0x303, - 0x6f, - 0x308, - 0x75, - 0x300, - 0x75, - 0x301, - 0x75, - 0x302, - 0x75, - 0x308, - 0x79, - 0x301, - 0x79, - 0x308, - 0x41, - 0x304, - 0x61, - 0x304, - 0x41, - 0x306, - 0x61, - 0x306, - 0x41, - 0x328, - 0x61, - 0x328, - 0x43, - 0x301, - 0x63, - 0x301, - 0x43, - 0x302, - 0x63, - 0x302, - 0x43, - 0x307, - 0x63, - 0x307, - 0x43, - 0x30c, - 0x63, - 0x30c, - 0x44, - 0x30c, - 0x64, - 0x30c, - 0x45, - 0x304, - 0x65, - 0x304, - 0x45, - 0x306, - 0x65, - 0x306, - 0x45, - 0x307, - 0x65, - 0x307, - 0x45, - 0x328, - 0x65, - 0x328, - 0x45, - 0x30c, - 0x65, - 0x30c, - 0x47, - 0x302, - 0x67, - 0x302, - 0x47, - 0x306, - 0x67, - 0x306, - 0x47, - 0x307, - 0x67, - 0x307, - 0x47, - 0x327, - 0x67, - 0x327, - 0x48, - 0x302, - 0x68, - 0x302, - 0x49, - 0x303, - 0x69, - 0x303, - 0x49, - 0x304, - 0x69, - 0x304, - 0x49, - 0x306, - 0x69, - 0x306, - 0x49, - 0x328, - 0x69, - 0x328, - 0x49, - 0x307, - 0x49, - 0x4a, - 0x69, - 0x6a, - 0x4a, - 0x302, - 0x6a, - 0x302, - 0x4b, - 0x327, - 0x6b, - 0x327, - 0x4c, - 0x301, - 0x6c, - 0x301, - 0x4c, - 0x327, - 0x6c, - 0x327, - 0x4c, - 0x30c, - 0x6c, - 0x30c, - 0x4c, - 0xb7, - 0x6c, - 0xb7, - 0x4e, - 0x301, - 0x6e, - 0x301, - 0x4e, - 0x327, - 0x6e, - 0x327, - 0x4e, - 0x30c, - 0x6e, - 0x30c, - 0x2bc, - 0x6e, - 0x4f, - 0x304, - 0x6f, - 0x304, - 0x4f, - 0x306, - 0x6f, - 0x306, - 0x4f, - 0x30b, - 0x6f, - 0x30b, - 0x52, - 0x301, - 0x72, - 0x301, - 0x52, - 0x327, - 0x72, - 0x327, - 0x52, - 0x30c, - 0x72, - 0x30c, - 0x53, - 0x301, - 0x73, - 0x301, - 0x53, - 0x302, - 0x73, - 0x302, - 0x53, - 0x327, - 0x73, - 0x327, - 0x53, - 0x30c, - 0x73, - 0x30c, - 0x54, - 0x327, - 0x74, - 0x327, - 0x54, - 0x30c, - 0x74, - 0x30c, - 0x55, - 0x303, - 0x75, - 0x303, - 0x55, - 0x304, - 0x75, - 0x304, - 0x55, - 0x306, - 0x75, - 0x306, - 0x55, - 0x30a, - 0x75, - 0x30a, - 0x55, - 0x30b, - 0x75, - 0x30b, - 0x55, - 0x328, - 0x75, - 0x328, - 0x57, - 0x302, - 0x77, - 0x302, - 0x59, - 0x302, - 0x79, - 0x302, - 0x59, - 0x308, - 0x5a, - 0x301, - 0x7a, - 0x301, - 0x5a, - 0x307, - 0x7a, - 0x307, - 0x5a, - 0x30c, - 0x7a, - 0x30c, - 0x4f, - 0x31b, - 0x6f, - 0x31b, - 0x55, - 0x31b, - 0x75, - 0x31b, - 0x44, - 0x17d, - 0x44, - 0x17e, - 0x64, - 0x17e, - 0x4c, - 0x4a, - 0x4c, - 0x6a, - 0x6c, - 0x6a, - 0x4e, - 0x4a, - 0x4e, - 0x6a, - 0x6e, - 0x6a, - 0x41, - 0x30c, - 0x61, - 0x30c, - 0x49, - 0x30c, - 0x69, - 0x30c, - 0x4f, - 0x30c, - 0x6f, - 0x30c, - 0x55, - 0x30c, - 0x75, - 0x30c, - 0xdc, - 0x304, - 0xfc, - 0x304, - 0xdc, - 0x301, - 0xfc, - 0x301, - 0xdc, - 0x30c, - 0xfc, - 0x30c, - 0xdc, - 0x300, - 0xfc, - 0x300, - 0xc4, - 0x304, - 0xe4, - 0x304, - 0x226, - 0x304, - 0x227, - 0x304, - 0xc6, - 0x304, - 0xe6, - 0x304, - 0x47, - 0x30c, - 0x67, - 0x30c, - 0x4b, - 0x30c, - 0x6b, - 0x30c, - 0x4f, - 0x328, - 0x6f, - 0x328, - 0x1ea, - 0x304, - 0x1eb, - 0x304, - 0x1b7, - 0x30c, - 0x292, - 0x30c, - 0x6a, - 0x30c, - 0x44, - 0x5a, - 0x44, - 0x7a, - 0x64, - 0x7a, - 0x47, - 0x301, - 0x67, - 0x301, - 0x4e, - 0x300, - 0x6e, - 0x300, - 0xc5, - 0x301, - 0xe5, - 0x301, - 0xc6, - 0x301, - 0xe6, - 0x301, - 0xd8, - 0x301, - 0xf8, - 0x301, - 0x41, - 0x30f, - 0x61, - 0x30f, - 0x41, - 0x311, - 0x61, - 0x311, - 0x45, - 0x30f, - 0x65, - 0x30f, - 0x45, - 0x311, - 0x65, - 0x311, - 0x49, - 0x30f, - 0x69, - 0x30f, - 0x49, - 0x311, - 0x69, - 0x311, - 0x4f, - 0x30f, - 0x6f, - 0x30f, - 0x4f, - 0x311, - 0x6f, - 0x311, - 0x52, - 0x30f, - 0x72, - 0x30f, - 0x52, - 0x311, - 0x72, - 0x311, - 0x55, - 0x30f, - 0x75, - 0x30f, - 0x55, - 0x311, - 0x75, - 0x311, - 0x53, - 0x326, - 0x73, - 0x326, - 0x54, - 0x326, - 0x74, - 0x326, - 0x48, - 0x30c, - 0x68, - 0x30c, - 0x41, - 0x307, - 0x61, - 0x307, - 0x45, - 0x327, - 0x65, - 0x327, - 0xd6, - 0x304, - 0xf6, - 0x304, - 0xd5, - 0x304, - 0xf5, - 0x304, - 0x4f, - 0x307, - 0x6f, - 0x307, - 0x22e, - 0x304, - 0x22f, - 0x304, - 0x59, - 0x304, - 0x79, - 0x304, - 0x266, - 0x279, - 0x27b, - 0x281, - 0x20, - 0x306, - 0x20, - 0x307, - 0x20, - 0x30a, - 0x20, - 0x328, - 0x20, - 0x303, - 0x20, - 0x30b, - 0x263, - 0x78, - 0x295, - 0x313, - 0x308, - 0x301, - 0x2b9, - 0x20, - 0x345, - 0x3b, - 0xa8, - 0x301, - 0x391, - 0x301, - 0x395, - 0x301, - 0x397, - 0x301, - 0x399, - 0x301, - 0x39f, - 0x301, - 0x3a5, - 0x301, - 0x3a9, - 0x301, - 0x3ca, - 0x301, - 0x399, - 0x308, - 0x3a5, - 0x308, - 0x3b1, - 0x301, - 0x3b5, - 0x301, - 0x3b7, - 0x301, - 0x3b9, - 0x301, - 0x3cb, - 0x301, - 0x3b9, - 0x308, - 0x3c5, - 0x308, - 0x3bf, - 0x301, - 0x3c5, - 0x301, - 0x3c9, - 0x301, - 0x3b2, - 0x3b8, - 0x3d2, - 0x301, - 0x3d2, - 0x308, - 0x3c6, - 0x3c0, - 0x3ba, - 0x3c1, - 0x3c2, - 0x398, - 0x3a3, - 0x415, - 0x300, - 0x415, - 0x308, - 0x413, - 0x301, - 0x406, - 0x308, - 0x41a, - 0x301, - 0x418, - 0x300, - 0x423, - 0x306, - 0x418, - 0x306, - 0x438, - 0x306, - 0x435, - 0x300, - 0x435, - 0x308, - 0x433, - 0x301, - 0x456, - 0x308, - 0x43a, - 0x301, - 0x438, - 0x300, - 0x443, - 0x306, - 0x474, - 0x30f, - 0x475, - 0x30f, - 0x416, - 0x306, - 0x436, - 0x306, - 0x410, - 0x306, - 0x430, - 0x306, - 0x410, - 0x308, - 0x430, - 0x308, - 0x415, - 0x306, - 0x435, - 0x306, - 0x4d8, - 0x308, - 0x4d9, - 0x308, - 0x416, - 0x308, - 0x436, - 0x308, - 0x417, - 0x308, - 0x437, - 0x308, - 0x418, - 0x304, - 0x438, - 0x304, - 0x418, - 0x308, - 0x438, - 0x308, - 0x41e, - 0x308, - 0x43e, - 0x308, - 0x4e8, - 0x308, - 0x4e9, - 0x308, - 0x42d, - 0x308, - 0x44d, - 0x308, - 0x423, - 0x304, - 0x443, - 0x304, - 0x423, - 0x308, - 0x443, - 0x308, - 0x423, - 0x30b, - 0x443, - 0x30b, - 0x427, - 0x308, - 0x447, - 0x308, - 0x42b, - 0x308, - 0x44b, - 0x308, - 0x565, - 0x582, - 0x627, - 0x653, - 0x627, - 0x654, - 0x648, - 0x654, - 0x627, - 0x655, - 0x64a, - 0x654, - 0x627, - 0x674, - 0x648, - 0x674, - 0x6c7, - 0x674, - 0x64a, - 0x674, - 0x6d5, - 0x654, - 0x6c1, - 0x654, - 0x6d2, - 0x654, - 0x928, - 0x93c, - 0x930, - 0x93c, - 0x933, - 0x93c, - 0x915, - 0x93c, - 0x916, - 0x93c, - 0x917, - 0x93c, - 0x91c, - 0x93c, - 0x921, - 0x93c, - 0x922, - 0x93c, - 0x92b, - 0x93c, - 0x92f, - 0x93c, - 0x9c7, - 0x9be, - 0x9c7, - 0x9d7, - 0x9a1, - 0x9bc, - 0x9a2, - 0x9bc, - 0x9af, - 0x9bc, - 0xa32, - 0xa3c, - 0xa38, - 0xa3c, - 0xa16, - 0xa3c, - 0xa17, - 0xa3c, - 0xa1c, - 0xa3c, - 0xa2b, - 0xa3c, - 0xb47, - 0xb56, - 0xb47, - 0xb3e, - 0xb47, - 0xb57, - 0xb21, - 0xb3c, - 0xb22, - 0xb3c, - 0xb92, - 0xbd7, - 0xbc6, - 0xbbe, - 0xbc7, - 0xbbe, - 0xbc6, - 0xbd7, - 0xc46, - 0xc56, - 0xcbf, - 0xcd5, - 0xcc6, - 0xcd5, - 0xcc6, - 0xcd6, - 0xcc6, - 0xcc2, - 0xcca, - 0xcd5, - 0xd46, - 0xd3e, - 0xd47, - 0xd3e, - 0xd46, - 0xd57, - 0xdd9, - 0xdca, - 0xdd9, - 0xdcf, - 0xddc, - 0xdca, - 0xdd9, - 0xddf, - 0xe4d, - 0xe32, - 0xecd, - 0xeb2, - 0xeab, - 0xe99, - 0xeab, - 0xea1, - 0xf0b, - 0xf42, - 0xfb7, - 0xf4c, - 0xfb7, - 0xf51, - 0xfb7, - 0xf56, - 0xfb7, - 0xf5b, - 0xfb7, - 0xf40, - 0xfb5, - 0xf71, - 0xf72, - 0xf71, - 0xf74, - 0xfb2, - 0xf80, - 0xfb2, - 0xf81, - 0xfb3, - 0xf80, - 0xfb3, - 0xf81, - 0xf71, - 0xf80, - 0xf92, - 0xfb7, - 0xf9c, - 0xfb7, - 0xfa1, - 0xfb7, - 0xfa6, - 0xfb7, - 0xfab, - 0xfb7, - 0xf90, - 0xfb5, - 0x1025, - 0x102e, - 0x42, - 0x18e, - 0x4d, - 0x222, - 0x50, - 0x250, - 0x251, - 0x1d02, - 0x62, - 0x259, - 0x25b, - 0x25c, - 0x6d, - 0x14b, - 0x254, - 0x1d16, - 0x1d17, - 0x70, - 0x1d1d, - 0x26f, - 0x76, - 0x1d25, - 0x3b3, - 0x3b4, - 0x3c7, - 0x41, - 0x325, - 0x61, - 0x325, - 0x42, - 0x307, - 0x62, - 0x307, - 0x42, - 0x323, - 0x62, - 0x323, - 0x42, - 0x331, - 0x62, - 0x331, - 0xc7, - 0x301, - 0xe7, - 0x301, - 0x44, - 0x307, - 0x64, - 0x307, - 0x44, - 0x323, - 0x64, - 0x323, - 0x44, - 0x331, - 0x64, - 0x331, - 0x44, - 0x327, - 0x64, - 0x327, - 0x44, - 0x32d, - 0x64, - 0x32d, - 0x112, - 0x300, - 0x113, - 0x300, - 0x112, - 0x301, - 0x113, - 0x301, - 0x45, - 0x32d, - 0x65, - 0x32d, - 0x45, - 0x330, - 0x65, - 0x330, - 0x228, - 0x306, - 0x229, - 0x306, - 0x46, - 0x307, - 0x66, - 0x307, - 0x47, - 0x304, - 0x67, - 0x304, - 0x48, - 0x307, - 0x68, - 0x307, - 0x48, - 0x323, - 0x68, - 0x323, - 0x48, - 0x308, - 0x68, - 0x308, - 0x48, - 0x327, - 0x68, - 0x327, - 0x48, - 0x32e, - 0x68, - 0x32e, - 0x49, - 0x330, - 0x69, - 0x330, - 0xcf, - 0x301, - 0xef, - 0x301, - 0x4b, - 0x301, - 0x6b, - 0x301, - 0x4b, - 0x323, - 0x6b, - 0x323, - 0x4b, - 0x331, - 0x6b, - 0x331, - 0x4c, - 0x323, - 0x6c, - 0x323, - 0x1e36, - 0x304, - 0x1e37, - 0x304, - 0x4c, - 0x331, - 0x6c, - 0x331, - 0x4c, - 0x32d, - 0x6c, - 0x32d, - 0x4d, - 0x301, - 0x6d, - 0x301, - 0x4d, - 0x307, - 0x6d, - 0x307, - 0x4d, - 0x323, - 0x6d, - 0x323, - 0x4e, - 0x307, - 0x6e, - 0x307, - 0x4e, - 0x323, - 0x6e, - 0x323, - 0x4e, - 0x331, - 0x6e, - 0x331, - 0x4e, - 0x32d, - 0x6e, - 0x32d, - 0xd5, - 0x301, - 0xf5, - 0x301, - 0xd5, - 0x308, - 0xf5, - 0x308, - 0x14c, - 0x300, - 0x14d, - 0x300, - 0x14c, - 0x301, - 0x14d, - 0x301, - 0x50, - 0x301, - 0x70, - 0x301, - 0x50, - 0x307, - 0x70, - 0x307, - 0x52, - 0x307, - 0x72, - 0x307, - 0x52, - 0x323, - 0x72, - 0x323, - 0x1e5a, - 0x304, - 0x1e5b, - 0x304, - 0x52, - 0x331, - 0x72, - 0x331, - 0x53, - 0x307, - 0x73, - 0x307, - 0x53, - 0x323, - 0x73, - 0x323, - 0x15a, - 0x307, - 0x15b, - 0x307, - 0x160, - 0x307, - 0x161, - 0x307, - 0x1e62, - 0x307, - 0x1e63, - 0x307, - 0x54, - 0x307, - 0x74, - 0x307, - 0x54, - 0x323, - 0x74, - 0x323, - 0x54, - 0x331, - 0x74, - 0x331, - 0x54, - 0x32d, - 0x74, - 0x32d, - 0x55, - 0x324, - 0x75, - 0x324, - 0x55, - 0x330, - 0x75, - 0x330, - 0x55, - 0x32d, - 0x75, - 0x32d, - 0x168, - 0x301, - 0x169, - 0x301, - 0x16a, - 0x308, - 0x16b, - 0x308, - 0x56, - 0x303, - 0x76, - 0x303, - 0x56, - 0x323, - 0x76, - 0x323, - 0x57, - 0x300, - 0x77, - 0x300, - 0x57, - 0x301, - 0x77, - 0x301, - 0x57, - 0x308, - 0x77, - 0x308, - 0x57, - 0x307, - 0x77, - 0x307, - 0x57, - 0x323, - 0x77, - 0x323, - 0x58, - 0x307, - 0x78, - 0x307, - 0x58, - 0x308, - 0x78, - 0x308, - 0x59, - 0x307, - 0x79, - 0x307, - 0x5a, - 0x302, - 0x7a, - 0x302, - 0x5a, - 0x323, - 0x7a, - 0x323, - 0x5a, - 0x331, - 0x7a, - 0x331, - 0x68, - 0x331, - 0x74, - 0x308, - 0x77, - 0x30a, - 0x79, - 0x30a, - 0x61, - 0x2be, - 0x17f, - 0x307, - 0x41, - 0x323, - 0x61, - 0x323, - 0x41, - 0x309, - 0x61, - 0x309, - 0xc2, - 0x301, - 0xe2, - 0x301, - 0xc2, - 0x300, - 0xe2, - 0x300, - 0xc2, - 0x309, - 0xe2, - 0x309, - 0xc2, - 0x303, - 0xe2, - 0x303, - 0x1ea0, - 0x302, - 0x1ea1, - 0x302, - 0x102, - 0x301, - 0x103, - 0x301, - 0x102, - 0x300, - 0x103, - 0x300, - 0x102, - 0x309, - 0x103, - 0x309, - 0x102, - 0x303, - 0x103, - 0x303, - 0x1ea0, - 0x306, - 0x1ea1, - 0x306, - 0x45, - 0x323, - 0x65, - 0x323, - 0x45, - 0x309, - 0x65, - 0x309, - 0x45, - 0x303, - 0x65, - 0x303, - 0xca, - 0x301, - 0xea, - 0x301, - 0xca, - 0x300, - 0xea, - 0x300, - 0xca, - 0x309, - 0xea, - 0x309, - 0xca, - 0x303, - 0xea, - 0x303, - 0x1eb8, - 0x302, - 0x1eb9, - 0x302, - 0x49, - 0x309, - 0x69, - 0x309, - 0x49, - 0x323, - 0x69, - 0x323, - 0x4f, - 0x323, - 0x6f, - 0x323, - 0x4f, - 0x309, - 0x6f, - 0x309, - 0xd4, - 0x301, - 0xf4, - 0x301, - 0xd4, - 0x300, - 0xf4, - 0x300, - 0xd4, - 0x309, - 0xf4, - 0x309, - 0xd4, - 0x303, - 0xf4, - 0x303, - 0x1ecc, - 0x302, - 0x1ecd, - 0x302, - 0x1a0, - 0x301, - 0x1a1, - 0x301, - 0x1a0, - 0x300, - 0x1a1, - 0x300, - 0x1a0, - 0x309, - 0x1a1, - 0x309, - 0x1a0, - 0x303, - 0x1a1, - 0x303, - 0x1a0, - 0x323, - 0x1a1, - 0x323, - 0x55, - 0x323, - 0x75, - 0x323, - 0x55, - 0x309, - 0x75, - 0x309, - 0x1af, - 0x301, - 0x1b0, - 0x301, - 0x1af, - 0x300, - 0x1b0, - 0x300, - 0x1af, - 0x309, - 0x1b0, - 0x309, - 0x1af, - 0x303, - 0x1b0, - 0x303, - 0x1af, - 0x323, - 0x1b0, - 0x323, - 0x59, - 0x300, - 0x79, - 0x300, - 0x59, - 0x323, - 0x79, - 0x323, - 0x59, - 0x309, - 0x79, - 0x309, - 0x59, - 0x303, - 0x79, - 0x303, - 0x3b1, - 0x313, - 0x3b1, - 0x314, - 0x1f00, - 0x300, - 0x1f01, - 0x300, - 0x1f00, - 0x301, - 0x1f01, - 0x301, - 0x1f00, - 0x342, - 0x1f01, - 0x342, - 0x391, - 0x313, - 0x391, - 0x314, - 0x1f08, - 0x300, - 0x1f09, - 0x300, - 0x1f08, - 0x301, - 0x1f09, - 0x301, - 0x1f08, - 0x342, - 0x1f09, - 0x342, - 0x3b5, - 0x313, - 0x3b5, - 0x314, - 0x1f10, - 0x300, - 0x1f11, - 0x300, - 0x1f10, - 0x301, - 0x1f11, - 0x301, - 0x395, - 0x313, - 0x395, - 0x314, - 0x1f18, - 0x300, - 0x1f19, - 0x300, - 0x1f18, - 0x301, - 0x1f19, - 0x301, - 0x3b7, - 0x313, - 0x3b7, - 0x314, - 0x1f20, - 0x300, - 0x1f21, - 0x300, - 0x1f20, - 0x301, - 0x1f21, - 0x301, - 0x1f20, - 0x342, - 0x1f21, - 0x342, - 0x397, - 0x313, - 0x397, - 0x314, - 0x1f28, - 0x300, - 0x1f29, - 0x300, - 0x1f28, - 0x301, - 0x1f29, - 0x301, - 0x1f28, - 0x342, - 0x1f29, - 0x342, - 0x3b9, - 0x313, - 0x3b9, - 0x314, - 0x1f30, - 0x300, - 0x1f31, - 0x300, - 0x1f30, - 0x301, - 0x1f31, - 0x301, - 0x1f30, - 0x342, - 0x1f31, - 0x342, - 0x399, - 0x313, - 0x399, - 0x314, - 0x1f38, - 0x300, - 0x1f39, - 0x300, - 0x1f38, - 0x301, - 0x1f39, - 0x301, - 0x1f38, - 0x342, - 0x1f39, - 0x342, - 0x3bf, - 0x313, - 0x3bf, - 0x314, - 0x1f40, - 0x300, - 0x1f41, - 0x300, - 0x1f40, - 0x301, - 0x1f41, - 0x301, - 0x39f, - 0x313, - 0x39f, - 0x314, - 0x1f48, - 0x300, - 0x1f49, - 0x300, - 0x1f48, - 0x301, - 0x1f49, - 0x301, - 0x3c5, - 0x313, - 0x3c5, - 0x314, - 0x1f50, - 0x300, - 0x1f51, - 0x300, - 0x1f50, - 0x301, - 0x1f51, - 0x301, - 0x1f50, - 0x342, - 0x1f51, - 0x342, - 0x3a5, - 0x314, - 0x1f59, - 0x300, - 0x1f59, - 0x301, - 0x1f59, - 0x342, - 0x3c9, - 0x313, - 0x3c9, - 0x314, - 0x1f60, - 0x300, - 0x1f61, - 0x300, - 0x1f60, - 0x301, - 0x1f61, - 0x301, - 0x1f60, - 0x342, - 0x1f61, - 0x342, - 0x3a9, - 0x313, - 0x3a9, - 0x314, - 0x1f68, - 0x300, - 0x1f69, - 0x300, - 0x1f68, - 0x301, - 0x1f69, - 0x301, - 0x1f68, - 0x342, - 0x1f69, - 0x342, - 0x3b1, - 0x300, - 0x3ac, - 0x3b5, - 0x300, - 0x3ad, - 0x3b7, - 0x300, - 0x3ae, - 0x3b9, - 0x300, - 0x3af, - 0x3bf, - 0x300, - 0x3cc, - 0x3c5, - 0x300, - 0x3cd, - 0x3c9, - 0x300, - 0x3ce, - 0x1f00, - 0x345, - 0x1f01, - 0x345, - 0x1f02, - 0x345, - 0x1f03, - 0x345, - 0x1f04, - 0x345, - 0x1f05, - 0x345, - 0x1f06, - 0x345, - 0x1f07, - 0x345, - 0x1f08, - 0x345, - 0x1f09, - 0x345, - 0x1f0a, - 0x345, - 0x1f0b, - 0x345, - 0x1f0c, - 0x345, - 0x1f0d, - 0x345, - 0x1f0e, - 0x345, - 0x1f0f, - 0x345, - 0x1f20, - 0x345, - 0x1f21, - 0x345, - 0x1f22, - 0x345, - 0x1f23, - 0x345, - 0x1f24, - 0x345, - 0x1f25, - 0x345, - 0x1f26, - 0x345, - 0x1f27, - 0x345, - 0x1f28, - 0x345, - 0x1f29, - 0x345, - 0x1f2a, - 0x345, - 0x1f2b, - 0x345, - 0x1f2c, - 0x345, - 0x1f2d, - 0x345, - 0x1f2e, - 0x345, - 0x1f2f, - 0x345, - 0x1f60, - 0x345, - 0x1f61, - 0x345, - 0x1f62, - 0x345, - 0x1f63, - 0x345, - 0x1f64, - 0x345, - 0x1f65, - 0x345, - 0x1f66, - 0x345, - 0x1f67, - 0x345, - 0x1f68, - 0x345, - 0x1f69, - 0x345, - 0x1f6a, - 0x345, - 0x1f6b, - 0x345, - 0x1f6c, - 0x345, - 0x1f6d, - 0x345, - 0x1f6e, - 0x345, - 0x1f6f, - 0x345, - 0x3b1, - 0x306, - 0x3b1, - 0x304, - 0x1f70, - 0x345, - 0x3b1, - 0x345, - 0x3ac, - 0x345, - 0x3b1, - 0x342, - 0x1fb6, - 0x345, - 0x391, - 0x306, - 0x391, - 0x304, - 0x391, - 0x300, - 0x386, - 0x391, - 0x345, - 0x20, - 0x313, - 0x20, - 0x342, - 0xa8, - 0x342, - 0x1f74, - 0x345, - 0x3b7, - 0x345, - 0x3ae, - 0x345, - 0x3b7, - 0x342, - 0x1fc6, - 0x345, - 0x395, - 0x300, - 0x388, - 0x397, - 0x300, - 0x389, - 0x397, - 0x345, - 0x1fbf, - 0x300, - 0x1fbf, - 0x301, - 0x1fbf, - 0x342, - 0x3b9, - 0x306, - 0x3b9, - 0x304, - 0x3ca, - 0x300, - 0x390, - 0x3b9, - 0x342, - 0x3ca, - 0x342, - 0x399, - 0x306, - 0x399, - 0x304, - 0x399, - 0x300, - 0x38a, - 0x1ffe, - 0x300, - 0x1ffe, - 0x301, - 0x1ffe, - 0x342, - 0x3c5, - 0x306, - 0x3c5, - 0x304, - 0x3cb, - 0x300, - 0x3b0, - 0x3c1, - 0x313, - 0x3c1, - 0x314, - 0x3c5, - 0x342, - 0x3cb, - 0x342, - 0x3a5, - 0x306, - 0x3a5, - 0x304, - 0x3a5, - 0x300, - 0x38e, - 0x3a1, - 0x314, - 0xa8, - 0x300, - 0x385, - 0x60, - 0x1f7c, - 0x345, - 0x3c9, - 0x345, - 0x3ce, - 0x345, - 0x3c9, - 0x342, - 0x1ff6, - 0x345, - 0x39f, - 0x300, - 0x38c, - 0x3a9, - 0x300, - 0x38f, - 0x3a9, - 0x345, - 0xb4, - 0x20, - 0x314, - 0x2002, - 0x2003, - 0x20, - 0x20, - 0x20, - 0x20, - 0x20, - 0x20, - 0x20, - 0x20, - 0x20, - 0x2010, - 0x20, - 0x333, - 0x2e, - 0x2e, - 0x2e, - 0x20, - 0x2032, - 0x2032, - 0x2032, - 0x2032, - 0x2032, - 0x2035, - 0x2035, - 0x2035, - 0x2035, - 0x2035, - 0x21, - 0x21, - 0x20, - 0x305, - 0x3f, - 0x3f, - 0x3f, - 0x21, - 0x21, - 0x3f, - 0x20, - 0x30, - 0x35, - 0x36, - 0x37, - 0x38, - 0x39, - 0x2b, - 0x2212, - 0x3d, - 0x28, - 0x29, - 0x52, - 0x73, - 0x61, - 0x2f, - 0x63, - 0x61, - 0x2f, - 0x73, - 0xb0, - 0x43, - 0x63, - 0x2f, - 0x6f, - 0x63, - 0x2f, - 0x75, - 0x190, - 0xb0, - 0x46, - 0x127, - 0x4e, - 0x6f, - 0x51, - 0x53, - 0x4d, - 0x54, - 0x45, - 0x4c, - 0x54, - 0x4d, - 0x5d0, - 0x5d1, - 0x5d2, - 0x5d3, - 0x46, - 0x41, - 0x58, - 0x393, - 0x3a0, - 0x2211, - 0x31, - 0x2044, - 0x33, - 0x32, - 0x2044, - 0x33, - 0x31, - 0x2044, - 0x35, - 0x32, - 0x2044, - 0x35, - 0x33, - 0x2044, - 0x35, - 0x34, - 0x2044, - 0x35, - 0x31, - 0x2044, - 0x36, - 0x35, - 0x2044, - 0x36, - 0x31, - 0x2044, - 0x38, - 0x33, - 0x2044, - 0x38, - 0x35, - 0x2044, - 0x38, - 0x37, - 0x2044, - 0x38, - 0x49, - 0x49, - 0x49, - 0x49, - 0x49, - 0x49, - 0x56, - 0x56, - 0x49, - 0x56, - 0x49, - 0x49, - 0x56, - 0x49, - 0x49, - 0x49, - 0x49, - 0x58, - 0x58, - 0x49, - 0x58, - 0x49, - 0x49, - 0x69, - 0x69, - 0x69, - 0x69, - 0x69, - 0x69, - 0x76, - 0x76, - 0x69, - 0x76, - 0x69, - 0x69, - 0x76, - 0x69, - 0x69, - 0x69, - 0x69, - 0x78, - 0x78, - 0x69, - 0x78, - 0x69, - 0x69, - 0x2190, - 0x338, - 0x2192, - 0x338, - 0x2194, - 0x338, - 0x21d0, - 0x338, - 0x21d4, - 0x338, - 0x21d2, - 0x338, - 0x2203, - 0x338, - 0x2208, - 0x338, - 0x220b, - 0x338, - 0x2223, - 0x338, - 0x2225, - 0x338, - 0x222b, - 0x222b, - 0x222b, - 0x222b, - 0x222b, - 0x222e, - 0x222e, - 0x222e, - 0x222e, - 0x222e, - 0x223c, - 0x338, - 0x2243, - 0x338, - 0x2245, - 0x338, - 0x2248, - 0x338, - 0x3d, - 0x338, - 0x2261, - 0x338, - 0x224d, - 0x338, - 0x3c, - 0x338, - 0x3e, - 0x338, - 0x2264, - 0x338, - 0x2265, - 0x338, - 0x2272, - 0x338, - 0x2273, - 0x338, - 0x2276, - 0x338, - 0x2277, - 0x338, - 0x227a, - 0x338, - 0x227b, - 0x338, - 0x2282, - 0x338, - 0x2283, - 0x338, - 0x2286, - 0x338, - 0x2287, - 0x338, - 0x22a2, - 0x338, - 0x22a8, - 0x338, - 0x22a9, - 0x338, - 0x22ab, - 0x338, - 0x227c, - 0x338, - 0x227d, - 0x338, - 0x2291, - 0x338, - 0x2292, - 0x338, - 0x22b2, - 0x338, - 0x22b3, - 0x338, - 0x22b4, - 0x338, - 0x22b5, - 0x338, - 0x3008, - 0x3009, - 0x31, - 0x30, - 0x31, - 0x31, - 0x31, - 0x32, - 0x31, - 0x33, - 0x31, - 0x34, - 0x31, - 0x35, - 0x31, - 0x36, - 0x31, - 0x37, - 0x31, - 0x38, - 0x31, - 0x39, - 0x32, - 0x30, - 0x28, - 0x31, - 0x29, - 0x28, - 0x32, - 0x29, - 0x28, - 0x33, - 0x29, - 0x28, - 0x34, - 0x29, - 0x28, - 0x35, - 0x29, - 0x28, - 0x36, - 0x29, - 0x28, - 0x37, - 0x29, - 0x28, - 0x38, - 0x29, - 0x28, - 0x39, - 0x29, - 0x28, - 0x31, - 0x30, - 0x29, - 0x28, - 0x31, - 0x31, - 0x29, - 0x28, - 0x31, - 0x32, - 0x29, - 0x28, - 0x31, - 0x33, - 0x29, - 0x28, - 0x31, - 0x34, - 0x29, - 0x28, - 0x31, - 0x35, - 0x29, - 0x28, - 0x31, - 0x36, - 0x29, - 0x28, - 0x31, - 0x37, - 0x29, - 0x28, - 0x31, - 0x38, - 0x29, - 0x28, - 0x31, - 0x39, - 0x29, - 0x28, - 0x32, - 0x30, - 0x29, - 0x31, - 0x2e, - 0x32, - 0x2e, - 0x33, - 0x2e, - 0x34, - 0x2e, - 0x35, - 0x2e, - 0x36, - 0x2e, - 0x37, - 0x2e, - 0x38, - 0x2e, - 0x39, - 0x2e, - 0x31, - 0x30, - 0x2e, - 0x31, - 0x31, - 0x2e, - 0x31, - 0x32, - 0x2e, - 0x31, - 0x33, - 0x2e, - 0x31, - 0x34, - 0x2e, - 0x31, - 0x35, - 0x2e, - 0x31, - 0x36, - 0x2e, - 0x31, - 0x37, - 0x2e, - 0x31, - 0x38, - 0x2e, - 0x31, - 0x39, - 0x2e, - 0x32, - 0x30, - 0x2e, - 0x28, - 0x61, - 0x29, - 0x28, - 0x62, - 0x29, - 0x28, - 0x63, - 0x29, - 0x28, - 0x64, - 0x29, - 0x28, - 0x65, - 0x29, - 0x28, - 0x66, - 0x29, - 0x28, - 0x67, - 0x29, - 0x28, - 0x68, - 0x29, - 0x28, - 0x69, - 0x29, - 0x28, - 0x6a, - 0x29, - 0x28, - 0x6b, - 0x29, - 0x28, - 0x6c, - 0x29, - 0x28, - 0x6d, - 0x29, - 0x28, - 0x6e, - 0x29, - 0x28, - 0x6f, - 0x29, - 0x28, - 0x70, - 0x29, - 0x28, - 0x71, - 0x29, - 0x28, - 0x72, - 0x29, - 0x28, - 0x73, - 0x29, - 0x28, - 0x74, - 0x29, - 0x28, - 0x75, - 0x29, - 0x28, - 0x76, - 0x29, - 0x28, - 0x77, - 0x29, - 0x28, - 0x78, - 0x29, - 0x28, - 0x79, - 0x29, - 0x28, - 0x7a, - 0x29, - 0x3a, - 0x3a, - 0x3d, - 0x3d, - 0x3d, - 0x2add, - 0x338, - 0x6bcd, - 0x9f9f, - 0x4e00, - 0x4e28, - 0x4e36, - 0x4e3f, - 0x4e59, - 0x4e85, - 0x4e8c, - 0x4ea0, - 0x4eba, - 0x513f, - 0x5165, - 0x516b, - 0x5182, - 0x5196, - 0x51ab, - 0x51e0, - 0x51f5, - 0x5200, - 0x529b, - 0x52f9, - 0x5315, - 0x531a, - 0x5338, - 0x5341, - 0x535c, - 0x5369, - 0x5382, - 0x53b6, - 0x53c8, - 0x53e3, - 0x56d7, - 0x571f, - 0x58eb, - 0x5902, - 0x590a, - 0x5915, - 0x5927, - 0x5973, - 0x5b50, - 0x5b80, - 0x5bf8, - 0x5c0f, - 0x5c22, - 0x5c38, - 0x5c6e, - 0x5c71, - 0x5ddb, - 0x5de5, - 0x5df1, - 0x5dfe, - 0x5e72, - 0x5e7a, - 0x5e7f, - 0x5ef4, - 0x5efe, - 0x5f0b, - 0x5f13, - 0x5f50, - 0x5f61, - 0x5f73, - 0x5fc3, - 0x6208, - 0x6236, - 0x624b, - 0x652f, - 0x6534, - 0x6587, - 0x6597, - 0x65a4, - 0x65b9, - 0x65e0, - 0x65e5, - 0x66f0, - 0x6708, - 0x6728, - 0x6b20, - 0x6b62, - 0x6b79, - 0x6bb3, - 0x6bcb, - 0x6bd4, - 0x6bdb, - 0x6c0f, - 0x6c14, - 0x6c34, - 0x706b, - 0x722a, - 0x7236, - 0x723b, - 0x723f, - 0x7247, - 0x7259, - 0x725b, - 0x72ac, - 0x7384, - 0x7389, - 0x74dc, - 0x74e6, - 0x7518, - 0x751f, - 0x7528, - 0x7530, - 0x758b, - 0x7592, - 0x7676, - 0x767d, - 0x76ae, - 0x76bf, - 0x76ee, - 0x77db, - 0x77e2, - 0x77f3, - 0x793a, - 0x79b8, - 0x79be, - 0x7a74, - 0x7acb, - 0x7af9, - 0x7c73, - 0x7cf8, - 0x7f36, - 0x7f51, - 0x7f8a, - 0x7fbd, - 0x8001, - 0x800c, - 0x8012, - 0x8033, - 0x807f, - 0x8089, - 0x81e3, - 0x81ea, - 0x81f3, - 0x81fc, - 0x820c, - 0x821b, - 0x821f, - 0x826e, - 0x8272, - 0x8278, - 0x864d, - 0x866b, - 0x8840, - 0x884c, - 0x8863, - 0x897e, - 0x898b, - 0x89d2, - 0x8a00, - 0x8c37, - 0x8c46, - 0x8c55, - 0x8c78, - 0x8c9d, - 0x8d64, - 0x8d70, - 0x8db3, - 0x8eab, - 0x8eca, - 0x8f9b, - 0x8fb0, - 0x8fb5, - 0x9091, - 0x9149, - 0x91c6, - 0x91cc, - 0x91d1, - 0x9577, - 0x9580, - 0x961c, - 0x96b6, - 0x96b9, - 0x96e8, - 0x9751, - 0x975e, - 0x9762, - 0x9769, - 0x97cb, - 0x97ed, - 0x97f3, - 0x9801, - 0x98a8, - 0x98db, - 0x98df, - 0x9996, - 0x9999, - 0x99ac, - 0x9aa8, - 0x9ad8, - 0x9adf, - 0x9b25, - 0x9b2f, - 0x9b32, - 0x9b3c, - 0x9b5a, - 0x9ce5, - 0x9e75, - 0x9e7f, - 0x9ea5, - 0x9ebb, - 0x9ec3, - 0x9ecd, - 0x9ed1, - 0x9ef9, - 0x9efd, - 0x9f0e, - 0x9f13, - 0x9f20, - 0x9f3b, - 0x9f4a, - 0x9f52, - 0x9f8d, - 0x9f9c, - 0x9fa0, - 0x20, - 0x3012, - 0x5344, - 0x5345, - 0x304b, - 0x3099, - 0x304d, - 0x3099, - 0x304f, - 0x3099, - 0x3051, - 0x3099, - 0x3053, - 0x3099, - 0x3055, - 0x3099, - 0x3057, - 0x3099, - 0x3059, - 0x3099, - 0x305b, - 0x3099, - 0x305d, - 0x3099, - 0x305f, - 0x3099, - 0x3061, - 0x3099, - 0x3064, - 0x3099, - 0x3066, - 0x3099, - 0x3068, - 0x3099, - 0x306f, - 0x3099, - 0x306f, - 0x309a, - 0x3072, - 0x3099, - 0x3072, - 0x309a, - 0x3075, - 0x3099, - 0x3075, - 0x309a, - 0x3078, - 0x3099, - 0x3078, - 0x309a, - 0x307b, - 0x3099, - 0x307b, - 0x309a, - 0x3046, - 0x3099, - 0x20, - 0x3099, - 0x20, - 0x309a, - 0x309d, - 0x3099, - 0x3088, - 0x308a, - 0x30ab, - 0x3099, - 0x30ad, - 0x3099, - 0x30af, - 0x3099, - 0x30b1, - 0x3099, - 0x30b3, - 0x3099, - 0x30b5, - 0x3099, - 0x30b7, - 0x3099, - 0x30b9, - 0x3099, - 0x30bb, - 0x3099, - 0x30bd, - 0x3099, - 0x30bf, - 0x3099, - 0x30c1, - 0x3099, - 0x30c4, - 0x3099, - 0x30c6, - 0x3099, - 0x30c8, - 0x3099, - 0x30cf, - 0x3099, - 0x30cf, - 0x309a, - 0x30d2, - 0x3099, - 0x30d2, - 0x309a, - 0x30d5, - 0x3099, - 0x30d5, - 0x309a, - 0x30d8, - 0x3099, - 0x30d8, - 0x309a, - 0x30db, - 0x3099, - 0x30db, - 0x309a, - 0x30a6, - 0x3099, - 0x30ef, - 0x3099, - 0x30f0, - 0x3099, - 0x30f1, - 0x3099, - 0x30f2, - 0x3099, - 0x30fd, - 0x3099, - 0x30b3, - 0x30c8, - 0x1100, - 0x1101, - 0x11aa, - 0x1102, - 0x11ac, - 0x11ad, - 0x1103, - 0x1104, - 0x1105, - 0x11b0, - 0x11b1, - 0x11b2, - 0x11b3, - 0x11b4, - 0x11b5, - 0x111a, - 0x1106, - 0x1107, - 0x1108, - 0x1121, - 0x1109, - 0x110a, - 0x110b, - 0x110c, - 0x110d, - 0x110e, - 0x110f, - 0x1110, - 0x1111, - 0x1112, - 0x1161, - 0x1162, - 0x1163, - 0x1164, - 0x1165, - 0x1166, - 0x1167, - 0x1168, - 0x1169, - 0x116a, - 0x116b, - 0x116c, - 0x116d, - 0x116e, - 0x116f, - 0x1170, - 0x1171, - 0x1172, - 0x1173, - 0x1174, - 0x1175, - 0x1160, - 0x1114, - 0x1115, - 0x11c7, - 0x11c8, - 0x11cc, - 0x11ce, - 0x11d3, - 0x11d7, - 0x11d9, - 0x111c, - 0x11dd, - 0x11df, - 0x111d, - 0x111e, - 0x1120, - 0x1122, - 0x1123, - 0x1127, - 0x1129, - 0x112b, - 0x112c, - 0x112d, - 0x112e, - 0x112f, - 0x1132, - 0x1136, - 0x1140, - 0x1147, - 0x114c, - 0x11f1, - 0x11f2, - 0x1157, - 0x1158, - 0x1159, - 0x1184, - 0x1185, - 0x1188, - 0x1191, - 0x1192, - 0x1194, - 0x119e, - 0x11a1, - 0x4e09, - 0x56db, - 0x4e0a, - 0x4e2d, - 0x4e0b, - 0x7532, - 0x4e19, - 0x4e01, - 0x5929, - 0x5730, - 0x28, - 0x1100, - 0x29, - 0x28, - 0x1102, - 0x29, - 0x28, - 0x1103, - 0x29, - 0x28, - 0x1105, - 0x29, - 0x28, - 0x1106, - 0x29, - 0x28, - 0x1107, - 0x29, - 0x28, - 0x1109, - 0x29, - 0x28, - 0x110b, - 0x29, - 0x28, - 0x110c, - 0x29, - 0x28, - 0x110e, - 0x29, - 0x28, - 0x110f, - 0x29, - 0x28, - 0x1110, - 0x29, - 0x28, - 0x1111, - 0x29, - 0x28, - 0x1112, - 0x29, - 0x28, - 0x1100, - 0x1161, - 0x29, - 0x28, - 0x1102, - 0x1161, - 0x29, - 0x28, - 0x1103, - 0x1161, - 0x29, - 0x28, - 0x1105, - 0x1161, - 0x29, - 0x28, - 0x1106, - 0x1161, - 0x29, - 0x28, - 0x1107, - 0x1161, - 0x29, - 0x28, - 0x1109, - 0x1161, - 0x29, - 0x28, - 0x110b, - 0x1161, - 0x29, - 0x28, - 0x110c, - 0x1161, - 0x29, - 0x28, - 0x110e, - 0x1161, - 0x29, - 0x28, - 0x110f, - 0x1161, - 0x29, - 0x28, - 0x1110, - 0x1161, - 0x29, - 0x28, - 0x1111, - 0x1161, - 0x29, - 0x28, - 0x1112, - 0x1161, - 0x29, - 0x28, - 0x110c, - 0x116e, - 0x29, - 0x28, - 0x110b, - 0x1169, - 0x110c, - 0x1165, - 0x11ab, - 0x29, - 0x28, - 0x110b, - 0x1169, - 0x1112, - 0x116e, - 0x29, - 0x28, - 0x4e00, - 0x29, - 0x28, - 0x4e8c, - 0x29, - 0x28, - 0x4e09, - 0x29, - 0x28, - 0x56db, - 0x29, - 0x28, - 0x4e94, - 0x29, - 0x28, - 0x516d, - 0x29, - 0x28, - 0x4e03, - 0x29, - 0x28, - 0x516b, - 0x29, - 0x28, - 0x4e5d, - 0x29, - 0x28, - 0x5341, - 0x29, - 0x28, - 0x6708, - 0x29, - 0x28, - 0x706b, - 0x29, - 0x28, - 0x6c34, - 0x29, - 0x28, - 0x6728, - 0x29, - 0x28, - 0x91d1, - 0x29, - 0x28, - 0x571f, - 0x29, - 0x28, - 0x65e5, - 0x29, - 0x28, - 0x682a, - 0x29, - 0x28, - 0x6709, - 0x29, - 0x28, - 0x793e, - 0x29, - 0x28, - 0x540d, - 0x29, - 0x28, - 0x7279, - 0x29, - 0x28, - 0x8ca1, - 0x29, - 0x28, - 0x795d, - 0x29, - 0x28, - 0x52b4, - 0x29, - 0x28, - 0x4ee3, - 0x29, - 0x28, - 0x547c, - 0x29, - 0x28, - 0x5b66, - 0x29, - 0x28, - 0x76e3, - 0x29, - 0x28, - 0x4f01, - 0x29, - 0x28, - 0x8cc7, - 0x29, - 0x28, - 0x5354, - 0x29, - 0x28, - 0x796d, - 0x29, - 0x28, - 0x4f11, - 0x29, - 0x28, - 0x81ea, - 0x29, - 0x28, - 0x81f3, - 0x29, - 0x50, - 0x54, - 0x45, - 0x32, - 0x32, - 0x32, - 0x34, - 0x32, - 0x35, - 0x32, - 0x36, - 0x32, - 0x37, - 0x32, - 0x38, - 0x32, - 0x39, - 0x33, - 0x30, - 0x33, - 0x33, - 0x33, - 0x34, - 0x33, - 0x35, - 0x110e, - 0x1161, - 0x11b7, - 0x1100, - 0x1169, - 0x110c, - 0x116e, - 0x110b, - 0x1174, - 0x79d8, - 0x7537, - 0x9069, - 0x512a, - 0x5370, - 0x6ce8, - 0x9805, - 0x5199, - 0x6b63, - 0x5de6, - 0x53f3, - 0x533b, - 0x5b97, - 0x591c, - 0x33, - 0x36, - 0x33, - 0x37, - 0x33, - 0x38, - 0x33, - 0x39, - 0x34, - 0x30, - 0x34, - 0x34, - 0x34, - 0x35, - 0x34, - 0x36, - 0x34, - 0x37, - 0x34, - 0x38, - 0x34, - 0x39, - 0x35, - 0x30, - 0x31, - 0x6708, - 0x32, - 0x6708, - 0x33, - 0x6708, - 0x34, - 0x6708, - 0x35, - 0x6708, - 0x36, - 0x6708, - 0x37, - 0x6708, - 0x38, - 0x6708, - 0x39, - 0x6708, - 0x31, - 0x30, - 0x6708, - 0x31, - 0x31, - 0x6708, - 0x31, - 0x32, - 0x6708, - 0x48, - 0x67, - 0x65, - 0x72, - 0x67, - 0x65, - 0x56, - 0x4c, - 0x54, - 0x44, - 0x30a2, - 0x30a4, - 0x30a8, - 0x30aa, - 0x30ca, - 0x30cb, - 0x30cc, - 0x30cd, - 0x30ce, - 0x30de, - 0x30df, - 0x30e0, - 0x30e1, - 0x30e2, - 0x30e4, - 0x30e6, - 0x30e8, - 0x30e9, - 0x30ea, - 0x30eb, - 0x30ec, - 0x30ed, - 0x30a2, - 0x30d1, - 0x30fc, - 0x30c8, - 0x30a2, - 0x30eb, - 0x30d5, - 0x30a1, - 0x30a2, - 0x30f3, - 0x30da, - 0x30a2, - 0x30a2, - 0x30fc, - 0x30eb, - 0x30a4, - 0x30cb, - 0x30f3, - 0x30b0, - 0x30a4, - 0x30f3, - 0x30c1, - 0x30a6, - 0x30a9, - 0x30f3, - 0x30a8, - 0x30b9, - 0x30af, - 0x30fc, - 0x30c9, - 0x30a8, - 0x30fc, - 0x30ab, - 0x30fc, - 0x30aa, - 0x30f3, - 0x30b9, - 0x30aa, - 0x30fc, - 0x30e0, - 0x30ab, - 0x30a4, - 0x30ea, - 0x30ab, - 0x30e9, - 0x30c3, - 0x30c8, - 0x30ab, - 0x30ed, - 0x30ea, - 0x30fc, - 0x30ac, - 0x30ed, - 0x30f3, - 0x30ac, - 0x30f3, - 0x30de, - 0x30ae, - 0x30ac, - 0x30ae, - 0x30cb, - 0x30fc, - 0x30ad, - 0x30e5, - 0x30ea, - 0x30fc, - 0x30ae, - 0x30eb, - 0x30c0, - 0x30fc, - 0x30ad, - 0x30ed, - 0x30ad, - 0x30ed, - 0x30b0, - 0x30e9, - 0x30e0, - 0x30ad, - 0x30ed, - 0x30e1, - 0x30fc, - 0x30c8, - 0x30eb, - 0x30ad, - 0x30ed, - 0x30ef, - 0x30c3, - 0x30c8, - 0x30b0, - 0x30e9, - 0x30e0, - 0x30c8, - 0x30f3, - 0x30af, - 0x30eb, - 0x30bc, - 0x30a4, - 0x30ed, - 0x30af, - 0x30ed, - 0x30fc, - 0x30cd, - 0x30b1, - 0x30fc, - 0x30b9, - 0x30b3, - 0x30eb, - 0x30ca, - 0x30b3, - 0x30fc, - 0x30dd, - 0x30b5, - 0x30a4, - 0x30af, - 0x30eb, - 0x30b5, - 0x30f3, - 0x30c1, - 0x30fc, - 0x30e0, - 0x30b7, - 0x30ea, - 0x30f3, - 0x30b0, - 0x30bb, - 0x30f3, - 0x30c1, - 0x30bb, - 0x30f3, - 0x30c8, - 0x30c0, - 0x30fc, - 0x30b9, - 0x30c7, - 0x30b7, - 0x30c9, - 0x30eb, - 0x30ca, - 0x30ce, - 0x30ce, - 0x30c3, - 0x30c8, - 0x30cf, - 0x30a4, - 0x30c4, - 0x30d1, - 0x30fc, - 0x30bb, - 0x30f3, - 0x30c8, - 0x30d1, - 0x30fc, - 0x30c4, - 0x30d0, - 0x30fc, - 0x30ec, - 0x30eb, - 0x30d4, - 0x30a2, - 0x30b9, - 0x30c8, - 0x30eb, - 0x30d4, - 0x30af, - 0x30eb, - 0x30d4, - 0x30b3, - 0x30d3, - 0x30eb, - 0x30d5, - 0x30a1, - 0x30e9, - 0x30c3, - 0x30c9, - 0x30d5, - 0x30a3, - 0x30fc, - 0x30c8, - 0x30d6, - 0x30c3, - 0x30b7, - 0x30a7, - 0x30eb, - 0x30d5, - 0x30e9, - 0x30f3, - 0x30d8, - 0x30af, - 0x30bf, - 0x30fc, - 0x30eb, - 0x30da, - 0x30bd, - 0x30da, - 0x30cb, - 0x30d2, - 0x30d8, - 0x30eb, - 0x30c4, - 0x30da, - 0x30f3, - 0x30b9, - 0x30da, - 0x30fc, - 0x30b8, - 0x30d9, - 0x30fc, - 0x30bf, - 0x30dd, - 0x30a4, - 0x30f3, - 0x30c8, - 0x30dc, - 0x30eb, - 0x30c8, - 0x30db, - 0x30f3, - 0x30dd, - 0x30f3, - 0x30c9, - 0x30db, - 0x30fc, - 0x30eb, - 0x30db, - 0x30fc, - 0x30f3, - 0x30de, - 0x30a4, - 0x30af, - 0x30ed, - 0x30de, - 0x30a4, - 0x30eb, - 0x30de, - 0x30c3, - 0x30cf, - 0x30de, - 0x30eb, - 0x30af, - 0x30de, - 0x30f3, - 0x30b7, - 0x30e7, - 0x30f3, - 0x30df, - 0x30af, - 0x30ed, - 0x30f3, - 0x30df, - 0x30ea, - 0x30df, - 0x30ea, - 0x30d0, - 0x30fc, - 0x30eb, - 0x30e1, - 0x30ac, - 0x30e1, - 0x30ac, - 0x30c8, - 0x30f3, - 0x30e4, - 0x30fc, - 0x30c9, - 0x30e4, - 0x30fc, - 0x30eb, - 0x30e6, - 0x30a2, - 0x30f3, - 0x30ea, - 0x30c3, - 0x30c8, - 0x30eb, - 0x30ea, - 0x30e9, - 0x30eb, - 0x30d4, - 0x30fc, - 0x30eb, - 0x30fc, - 0x30d6, - 0x30eb, - 0x30ec, - 0x30e0, - 0x30ec, - 0x30f3, - 0x30c8, - 0x30b2, - 0x30f3, - 0x30, - 0x70b9, - 0x31, - 0x70b9, - 0x32, - 0x70b9, - 0x33, - 0x70b9, - 0x34, - 0x70b9, - 0x35, - 0x70b9, - 0x36, - 0x70b9, - 0x37, - 0x70b9, - 0x38, - 0x70b9, - 0x39, - 0x70b9, - 0x31, - 0x30, - 0x70b9, - 0x31, - 0x31, - 0x70b9, - 0x31, - 0x32, - 0x70b9, - 0x31, - 0x33, - 0x70b9, - 0x31, - 0x34, - 0x70b9, - 0x31, - 0x35, - 0x70b9, - 0x31, - 0x36, - 0x70b9, - 0x31, - 0x37, - 0x70b9, - 0x31, - 0x38, - 0x70b9, - 0x31, - 0x39, - 0x70b9, - 0x32, - 0x30, - 0x70b9, - 0x32, - 0x31, - 0x70b9, - 0x32, - 0x32, - 0x70b9, - 0x32, - 0x33, - 0x70b9, - 0x32, - 0x34, - 0x70b9, - 0x68, - 0x50, - 0x61, - 0x64, - 0x61, - 0x41, - 0x55, - 0x62, - 0x61, - 0x72, - 0x6f, - 0x56, - 0x70, - 0x63, - 0x64, - 0x6d, - 0x64, - 0x6d, - 0xb2, - 0x64, - 0x6d, - 0xb3, - 0x49, - 0x55, - 0x5e73, - 0x6210, - 0x662d, - 0x548c, - 0x5927, - 0x6b63, - 0x660e, - 0x6cbb, - 0x682a, - 0x5f0f, - 0x4f1a, - 0x793e, - 0x70, - 0x41, - 0x6e, - 0x41, - 0x3bc, - 0x41, - 0x6d, - 0x41, - 0x6b, - 0x41, - 0x4b, - 0x42, - 0x4d, - 0x42, - 0x47, - 0x42, - 0x63, - 0x61, - 0x6c, - 0x6b, - 0x63, - 0x61, - 0x6c, - 0x70, - 0x46, - 0x6e, - 0x46, - 0x3bc, - 0x46, - 0x3bc, - 0x67, - 0x6d, - 0x67, - 0x6b, - 0x67, - 0x48, - 0x7a, - 0x6b, - 0x48, - 0x7a, - 0x4d, - 0x48, - 0x7a, - 0x47, - 0x48, - 0x7a, - 0x54, - 0x48, - 0x7a, - 0x3bc, - 0x2113, - 0x6d, - 0x2113, - 0x64, - 0x2113, - 0x6b, - 0x2113, - 0x66, - 0x6d, - 0x6e, - 0x6d, - 0x3bc, - 0x6d, - 0x6d, - 0x6d, - 0x63, - 0x6d, - 0x6b, - 0x6d, - 0x6d, - 0x6d, - 0xb2, - 0x63, - 0x6d, - 0xb2, - 0x6b, - 0x6d, - 0xb2, - 0x6d, - 0x6d, - 0xb3, - 0x63, - 0x6d, - 0xb3, - 0x6b, - 0x6d, - 0xb3, - 0x6d, - 0x2215, - 0x73, - 0x6d, - 0x2215, - 0x73, - 0xb2, - 0x6b, - 0x50, - 0x61, - 0x4d, - 0x50, - 0x61, - 0x47, - 0x50, - 0x61, - 0x72, - 0x61, - 0x64, - 0x72, - 0x61, - 0x64, - 0x2215, - 0x73, - 0x72, - 0x61, - 0x64, - 0x2215, - 0x73, - 0xb2, - 0x70, - 0x73, - 0x6e, - 0x73, - 0x3bc, - 0x73, - 0x6d, - 0x73, - 0x70, - 0x56, - 0x6e, - 0x56, - 0x3bc, - 0x56, - 0x6d, - 0x56, - 0x6b, - 0x56, - 0x4d, - 0x56, - 0x70, - 0x57, - 0x6e, - 0x57, - 0x3bc, - 0x57, - 0x6d, - 0x57, - 0x6b, - 0x57, - 0x4d, - 0x57, - 0x6b, - 0x3a9, - 0x4d, - 0x3a9, - 0x61, - 0x2e, - 0x6d, - 0x2e, - 0x42, - 0x71, - 0x63, - 0x63, - 0x43, - 0x2215, - 0x6b, - 0x67, - 0x43, - 0x6f, - 0x2e, - 0x64, - 0x42, - 0x47, - 0x79, - 0x68, - 0x61, - 0x48, - 0x50, - 0x69, - 0x6e, - 0x4b, - 0x4b, - 0x4b, - 0x4d, - 0x6b, - 0x74, - 0x6c, - 0x6d, - 0x6c, - 0x6e, - 0x6c, - 0x6f, - 0x67, - 0x6c, - 0x78, - 0x6d, - 0x62, - 0x6d, - 0x69, - 0x6c, - 0x6d, - 0x6f, - 0x6c, - 0x50, - 0x48, - 0x70, - 0x2e, - 0x6d, - 0x2e, - 0x50, - 0x50, - 0x4d, - 0x50, - 0x52, - 0x53, - 0x76, - 0x57, - 0x62, - 0x56, - 0x2215, - 0x6d, - 0x41, - 0x2215, - 0x6d, - 0x31, - 0x65e5, - 0x32, - 0x65e5, - 0x33, - 0x65e5, - 0x34, - 0x65e5, - 0x35, - 0x65e5, - 0x36, - 0x65e5, - 0x37, - 0x65e5, - 0x38, - 0x65e5, - 0x39, - 0x65e5, - 0x31, - 0x30, - 0x65e5, - 0x31, - 0x31, - 0x65e5, - 0x31, - 0x32, - 0x65e5, - 0x31, - 0x33, - 0x65e5, - 0x31, - 0x34, - 0x65e5, - 0x31, - 0x35, - 0x65e5, - 0x31, - 0x36, - 0x65e5, - 0x31, - 0x37, - 0x65e5, - 0x31, - 0x38, - 0x65e5, - 0x31, - 0x39, - 0x65e5, - 0x32, - 0x30, - 0x65e5, - 0x32, - 0x31, - 0x65e5, - 0x32, - 0x32, - 0x65e5, - 0x32, - 0x33, - 0x65e5, - 0x32, - 0x34, - 0x65e5, - 0x32, - 0x35, - 0x65e5, - 0x32, - 0x36, - 0x65e5, - 0x32, - 0x37, - 0x65e5, - 0x32, - 0x38, - 0x65e5, - 0x32, - 0x39, - 0x65e5, - 0x33, - 0x30, - 0x65e5, - 0x33, - 0x31, - 0x65e5, - 0x67, - 0x61, - 0x6c, - 0x8c48, - 0x66f4, - 0x8cc8, - 0x6ed1, - 0x4e32, - 0x53e5, - 0x5951, - 0x5587, - 0x5948, - 0x61f6, - 0x7669, - 0x7f85, - 0x863f, - 0x87ba, - 0x88f8, - 0x908f, - 0x6a02, - 0x6d1b, - 0x70d9, - 0x73de, - 0x843d, - 0x916a, - 0x99f1, - 0x4e82, - 0x5375, - 0x6b04, - 0x721b, - 0x862d, - 0x9e1e, - 0x5d50, - 0x6feb, - 0x85cd, - 0x8964, - 0x62c9, - 0x81d8, - 0x881f, - 0x5eca, - 0x6717, - 0x6d6a, - 0x72fc, - 0x90ce, - 0x4f86, - 0x51b7, - 0x52de, - 0x64c4, - 0x6ad3, - 0x7210, - 0x76e7, - 0x8606, - 0x865c, - 0x8def, - 0x9732, - 0x9b6f, - 0x9dfa, - 0x788c, - 0x797f, - 0x7da0, - 0x83c9, - 0x9304, - 0x8ad6, - 0x58df, - 0x5f04, - 0x7c60, - 0x807e, - 0x7262, - 0x78ca, - 0x8cc2, - 0x96f7, - 0x58d8, - 0x5c62, - 0x6a13, - 0x6dda, - 0x6f0f, - 0x7d2f, - 0x7e37, - 0x964b, - 0x52d2, - 0x808b, - 0x51dc, - 0x51cc, - 0x7a1c, - 0x7dbe, - 0x83f1, - 0x9675, - 0x8b80, - 0x62cf, - 0x8afe, - 0x4e39, - 0x5be7, - 0x6012, - 0x7387, - 0x7570, - 0x5317, - 0x78fb, - 0x4fbf, - 0x5fa9, - 0x4e0d, - 0x6ccc, - 0x6578, - 0x7d22, - 0x53c3, - 0x585e, - 0x7701, - 0x8449, - 0x8aaa, - 0x6bba, - 0x6c88, - 0x62fe, - 0x82e5, - 0x63a0, - 0x7565, - 0x4eae, - 0x5169, - 0x51c9, - 0x6881, - 0x7ce7, - 0x826f, - 0x8ad2, - 0x91cf, - 0x52f5, - 0x5442, - 0x5eec, - 0x65c5, - 0x6ffe, - 0x792a, - 0x95ad, - 0x9a6a, - 0x9e97, - 0x9ece, - 0x66c6, - 0x6b77, - 0x8f62, - 0x5e74, - 0x6190, - 0x6200, - 0x649a, - 0x6f23, - 0x7149, - 0x7489, - 0x79ca, - 0x7df4, - 0x806f, - 0x8f26, - 0x84ee, - 0x9023, - 0x934a, - 0x5217, - 0x52a3, - 0x54bd, - 0x70c8, - 0x88c2, - 0x5ec9, - 0x5ff5, - 0x637b, - 0x6bae, - 0x7c3e, - 0x7375, - 0x4ee4, - 0x56f9, - 0x5dba, - 0x601c, - 0x73b2, - 0x7469, - 0x7f9a, - 0x8046, - 0x9234, - 0x96f6, - 0x9748, - 0x9818, - 0x4f8b, - 0x79ae, - 0x91b4, - 0x96b8, - 0x60e1, - 0x4e86, - 0x50da, - 0x5bee, - 0x5c3f, - 0x6599, - 0x71ce, - 0x7642, - 0x84fc, - 0x907c, - 0x6688, - 0x962e, - 0x5289, - 0x677b, - 0x67f3, - 0x6d41, - 0x6e9c, - 0x7409, - 0x7559, - 0x786b, - 0x7d10, - 0x985e, - 0x622e, - 0x9678, - 0x502b, - 0x5d19, - 0x6dea, - 0x8f2a, - 0x5f8b, - 0x6144, - 0x6817, - 0x9686, - 0x5229, - 0x540f, - 0x5c65, - 0x6613, - 0x674e, - 0x68a8, - 0x6ce5, - 0x7406, - 0x75e2, - 0x7f79, - 0x88cf, - 0x88e1, - 0x96e2, - 0x533f, - 0x6eba, - 0x541d, - 0x71d0, - 0x7498, - 0x85fa, - 0x96a3, - 0x9c57, - 0x9e9f, - 0x6797, - 0x6dcb, - 0x81e8, - 0x7b20, - 0x7c92, - 0x72c0, - 0x7099, - 0x8b58, - 0x4ec0, - 0x8336, - 0x523a, - 0x5207, - 0x5ea6, - 0x62d3, - 0x7cd6, - 0x5b85, - 0x6d1e, - 0x66b4, - 0x8f3b, - 0x964d, - 0x5ed3, - 0x5140, - 0x55c0, - 0x585a, - 0x6674, - 0x51de, - 0x732a, - 0x76ca, - 0x793c, - 0x795e, - 0x7965, - 0x798f, - 0x9756, - 0x7cbe, - 0x8612, - 0x8af8, - 0x9038, - 0x90fd, - 0x98ef, - 0x98fc, - 0x9928, - 0x9db4, - 0x4fae, - 0x50e7, - 0x514d, - 0x52c9, - 0x52e4, - 0x5351, - 0x559d, - 0x5606, - 0x5668, - 0x5840, - 0x58a8, - 0x5c64, - 0x6094, - 0x6168, - 0x618e, - 0x61f2, - 0x654f, - 0x65e2, - 0x6691, - 0x6885, - 0x6d77, - 0x6e1a, - 0x6f22, - 0x716e, - 0x722b, - 0x7422, - 0x7891, - 0x7949, - 0x7948, - 0x7950, - 0x7956, - 0x798d, - 0x798e, - 0x7a40, - 0x7a81, - 0x7bc0, - 0x7e09, - 0x7e41, - 0x7f72, - 0x8005, - 0x81ed, - 0x8279, - 0x8457, - 0x8910, - 0x8996, - 0x8b01, - 0x8b39, - 0x8cd3, - 0x8d08, - 0x8fb6, - 0x96e3, - 0x97ff, - 0x983b, - 0x66, - 0x66, - 0x66, - 0x69, - 0x66, - 0x6c, - 0x66, - 0x66, - 0x6c, - 0x17f, - 0x74, - 0x73, - 0x74, - 0x574, - 0x576, - 0x574, - 0x565, - 0x574, - 0x56b, - 0x57e, - 0x576, - 0x574, - 0x56d, - 0x5d9, - 0x5b4, - 0x5f2, - 0x5b7, - 0x5e2, - 0x5d4, - 0x5db, - 0x5dc, - 0x5dd, - 0x5e8, - 0x5ea, - 0x5e9, - 0x5c1, - 0x5e9, - 0x5c2, - 0xfb49, - 0x5c1, - 0xfb49, - 0x5c2, - 0x5d0, - 0x5b7, - 0x5d0, - 0x5b8, - 0x5d0, - 0x5bc, - 0x5d1, - 0x5bc, - 0x5d2, - 0x5bc, - 0x5d3, - 0x5bc, - 0x5d4, - 0x5bc, - 0x5d5, - 0x5bc, - 0x5d6, - 0x5bc, - 0x5d8, - 0x5bc, - 0x5d9, - 0x5bc, - 0x5da, - 0x5bc, - 0x5db, - 0x5bc, - 0x5dc, - 0x5bc, - 0x5de, - 0x5bc, - 0x5e0, - 0x5bc, - 0x5e1, - 0x5bc, - 0x5e3, - 0x5bc, - 0x5e4, - 0x5bc, - 0x5e6, - 0x5bc, - 0x5e7, - 0x5bc, - 0x5e8, - 0x5bc, - 0x5e9, - 0x5bc, - 0x5ea, - 0x5bc, - 0x5d5, - 0x5b9, - 0x5d1, - 0x5bf, - 0x5db, - 0x5bf, - 0x5e4, - 0x5bf, - 0x5d0, - 0x5dc, - 0x671, - 0x67b, - 0x67e, - 0x680, - 0x67a, - 0x67f, - 0x679, - 0x6a4, - 0x6a6, - 0x684, - 0x683, - 0x686, - 0x687, - 0x68d, - 0x68c, - 0x68e, - 0x688, - 0x698, - 0x691, - 0x6a9, - 0x6af, - 0x6b3, - 0x6b1, - 0x6ba, - 0x6bb, - 0x6c0, - 0x6be, - 0x6d3, - 0x6ad, - 0x6c6, - 0x6c8, - 0x677, - 0x6cb, - 0x6c5, - 0x6c9, - 0x6d0, - 0x649, - 0x626, - 0x627, - 0x626, - 0x6d5, - 0x626, - 0x648, - 0x626, - 0x6c7, - 0x626, - 0x6c6, - 0x626, - 0x6c8, - 0x626, - 0x6d0, - 0x626, - 0x649, - 0x6cc, - 0x626, - 0x62c, - 0x626, - 0x62d, - 0x626, - 0x645, - 0x626, - 0x64a, - 0x628, - 0x62c, - 0x628, - 0x62d, - 0x628, - 0x62e, - 0x628, - 0x645, - 0x628, - 0x649, - 0x628, - 0x64a, - 0x62a, - 0x62c, - 0x62a, - 0x62d, - 0x62a, - 0x62e, - 0x62a, - 0x645, - 0x62a, - 0x649, - 0x62a, - 0x64a, - 0x62b, - 0x62c, - 0x62b, - 0x645, - 0x62b, - 0x649, - 0x62b, - 0x64a, - 0x62c, - 0x62d, - 0x62c, - 0x645, - 0x62d, - 0x645, - 0x62e, - 0x62c, - 0x62e, - 0x62d, - 0x62e, - 0x645, - 0x633, - 0x62c, - 0x633, - 0x62d, - 0x633, - 0x62e, - 0x633, - 0x645, - 0x635, - 0x62d, - 0x635, - 0x645, - 0x636, - 0x62c, - 0x636, - 0x62d, - 0x636, - 0x62e, - 0x636, - 0x645, - 0x637, - 0x62d, - 0x637, - 0x645, - 0x638, - 0x645, - 0x639, - 0x62c, - 0x639, - 0x645, - 0x63a, - 0x62c, - 0x63a, - 0x645, - 0x641, - 0x62c, - 0x641, - 0x62d, - 0x641, - 0x62e, - 0x641, - 0x645, - 0x641, - 0x649, - 0x641, - 0x64a, - 0x642, - 0x62d, - 0x642, - 0x645, - 0x642, - 0x649, - 0x642, - 0x64a, - 0x643, - 0x627, - 0x643, - 0x62c, - 0x643, - 0x62d, - 0x643, - 0x62e, - 0x643, - 0x644, - 0x643, - 0x645, - 0x643, - 0x649, - 0x643, - 0x64a, - 0x644, - 0x62c, - 0x644, - 0x62d, - 0x644, - 0x62e, - 0x644, - 0x645, - 0x644, - 0x649, - 0x644, - 0x64a, - 0x645, - 0x62c, - 0x645, - 0x645, - 0x645, - 0x649, - 0x645, - 0x64a, - 0x646, - 0x62c, - 0x646, - 0x62d, - 0x646, - 0x62e, - 0x646, - 0x645, - 0x646, - 0x649, - 0x646, - 0x64a, - 0x647, - 0x62c, - 0x647, - 0x645, - 0x647, - 0x649, - 0x647, - 0x64a, - 0x64a, - 0x62d, - 0x64a, - 0x62e, - 0x64a, - 0x649, - 0x630, - 0x670, - 0x631, - 0x670, - 0x649, - 0x670, - 0x20, - 0x64c, - 0x651, - 0x20, - 0x64d, - 0x651, - 0x20, - 0x64e, - 0x651, - 0x20, - 0x64f, - 0x651, - 0x20, - 0x650, - 0x651, - 0x20, - 0x651, - 0x670, - 0x626, - 0x631, - 0x626, - 0x632, - 0x626, - 0x646, - 0x628, - 0x631, - 0x628, - 0x632, - 0x628, - 0x646, - 0x62a, - 0x631, - 0x62a, - 0x632, - 0x62a, - 0x646, - 0x62b, - 0x631, - 0x62b, - 0x632, - 0x62b, - 0x646, - 0x645, - 0x627, - 0x646, - 0x631, - 0x646, - 0x632, - 0x646, - 0x646, - 0x64a, - 0x631, - 0x64a, - 0x632, - 0x626, - 0x62e, - 0x626, - 0x647, - 0x628, - 0x647, - 0x62a, - 0x647, - 0x635, - 0x62e, - 0x644, - 0x647, - 0x646, - 0x647, - 0x647, - 0x670, - 0x62b, - 0x647, - 0x633, - 0x647, - 0x634, - 0x645, - 0x634, - 0x647, - 0x640, - 0x64e, - 0x651, - 0x640, - 0x64f, - 0x651, - 0x640, - 0x650, - 0x651, - 0x637, - 0x649, - 0x637, - 0x64a, - 0x639, - 0x649, - 0x639, - 0x64a, - 0x63a, - 0x649, - 0x63a, - 0x64a, - 0x633, - 0x649, - 0x633, - 0x64a, - 0x634, - 0x649, - 0x634, - 0x64a, - 0x62d, - 0x649, - 0x62c, - 0x649, - 0x62c, - 0x64a, - 0x62e, - 0x649, - 0x635, - 0x649, - 0x635, - 0x64a, - 0x636, - 0x649, - 0x636, - 0x64a, - 0x634, - 0x62c, - 0x634, - 0x62d, - 0x634, - 0x62e, - 0x634, - 0x631, - 0x633, - 0x631, - 0x635, - 0x631, - 0x636, - 0x631, - 0x627, - 0x64b, - 0x62a, - 0x62c, - 0x645, - 0x62a, - 0x62d, - 0x62c, - 0x62a, - 0x62d, - 0x645, - 0x62a, - 0x62e, - 0x645, - 0x62a, - 0x645, - 0x62c, - 0x62a, - 0x645, - 0x62d, - 0x62a, - 0x645, - 0x62e, - 0x62d, - 0x645, - 0x64a, - 0x62d, - 0x645, - 0x649, - 0x633, - 0x62d, - 0x62c, - 0x633, - 0x62c, - 0x62d, - 0x633, - 0x62c, - 0x649, - 0x633, - 0x645, - 0x62d, - 0x633, - 0x645, - 0x62c, - 0x633, - 0x645, - 0x645, - 0x635, - 0x62d, - 0x62d, - 0x635, - 0x645, - 0x645, - 0x634, - 0x62d, - 0x645, - 0x634, - 0x62c, - 0x64a, - 0x634, - 0x645, - 0x62e, - 0x634, - 0x645, - 0x645, - 0x636, - 0x62d, - 0x649, - 0x636, - 0x62e, - 0x645, - 0x637, - 0x645, - 0x62d, - 0x637, - 0x645, - 0x645, - 0x637, - 0x645, - 0x64a, - 0x639, - 0x62c, - 0x645, - 0x639, - 0x645, - 0x645, - 0x639, - 0x645, - 0x649, - 0x63a, - 0x645, - 0x645, - 0x63a, - 0x645, - 0x64a, - 0x63a, - 0x645, - 0x649, - 0x641, - 0x62e, - 0x645, - 0x642, - 0x645, - 0x62d, - 0x642, - 0x645, - 0x645, - 0x644, - 0x62d, - 0x645, - 0x644, - 0x62d, - 0x64a, - 0x644, - 0x62d, - 0x649, - 0x644, - 0x62c, - 0x62c, - 0x644, - 0x62e, - 0x645, - 0x644, - 0x645, - 0x62d, - 0x645, - 0x62d, - 0x62c, - 0x645, - 0x62d, - 0x64a, - 0x645, - 0x62c, - 0x62d, - 0x645, - 0x62e, - 0x645, - 0x645, - 0x62c, - 0x62e, - 0x647, - 0x645, - 0x62c, - 0x647, - 0x645, - 0x645, - 0x646, - 0x62d, - 0x645, - 0x646, - 0x62d, - 0x649, - 0x646, - 0x62c, - 0x645, - 0x646, - 0x62c, - 0x649, - 0x646, - 0x645, - 0x64a, - 0x646, - 0x645, - 0x649, - 0x64a, - 0x645, - 0x645, - 0x628, - 0x62e, - 0x64a, - 0x62a, - 0x62c, - 0x64a, - 0x62a, - 0x62c, - 0x649, - 0x62a, - 0x62e, - 0x64a, - 0x62a, - 0x62e, - 0x649, - 0x62a, - 0x645, - 0x64a, - 0x62a, - 0x645, - 0x649, - 0x62c, - 0x645, - 0x64a, - 0x62c, - 0x62d, - 0x649, - 0x62c, - 0x645, - 0x649, - 0x633, - 0x62e, - 0x649, - 0x635, - 0x62d, - 0x64a, - 0x634, - 0x62d, - 0x64a, - 0x636, - 0x62d, - 0x64a, - 0x644, - 0x62c, - 0x64a, - 0x644, - 0x645, - 0x64a, - 0x64a, - 0x62c, - 0x64a, - 0x64a, - 0x645, - 0x64a, - 0x645, - 0x645, - 0x64a, - 0x642, - 0x645, - 0x64a, - 0x646, - 0x62d, - 0x64a, - 0x639, - 0x645, - 0x64a, - 0x643, - 0x645, - 0x64a, - 0x646, - 0x62c, - 0x62d, - 0x645, - 0x62e, - 0x64a, - 0x644, - 0x62c, - 0x645, - 0x643, - 0x645, - 0x645, - 0x62c, - 0x62d, - 0x64a, - 0x62d, - 0x62c, - 0x64a, - 0x645, - 0x62c, - 0x64a, - 0x641, - 0x645, - 0x64a, - 0x628, - 0x62d, - 0x64a, - 0x633, - 0x62e, - 0x64a, - 0x646, - 0x62c, - 0x64a, - 0x635, - 0x644, - 0x6d2, - 0x642, - 0x644, - 0x6d2, - 0x627, - 0x644, - 0x644, - 0x647, - 0x627, - 0x643, - 0x628, - 0x631, - 0x645, - 0x62d, - 0x645, - 0x62f, - 0x635, - 0x644, - 0x639, - 0x645, - 0x631, - 0x633, - 0x648, - 0x644, - 0x639, - 0x644, - 0x64a, - 0x647, - 0x648, - 0x633, - 0x644, - 0x645, - 0x635, - 0x644, - 0x649, - 0x635, - 0x644, - 0x649, - 0x20, - 0x627, - 0x644, - 0x644, - 0x647, - 0x20, - 0x639, - 0x644, - 0x64a, - 0x647, - 0x20, - 0x648, - 0x633, - 0x644, - 0x645, - 0x62c, - 0x644, - 0x20, - 0x62c, - 0x644, - 0x627, - 0x644, - 0x647, - 0x631, - 0x6cc, - 0x627, - 0x644, - 0x2025, - 0x2014, - 0x2013, - 0x5f, - 0x7b, - 0x7d, - 0x3014, - 0x3015, - 0x3010, - 0x3011, - 0x300a, - 0x300b, - 0x300c, - 0x300d, - 0x300e, - 0x300f, - 0x5b, - 0x5d, - 0x203e, - 0x2c, - 0x3001, - 0x23, - 0x26, - 0x2a, - 0x2d, - 0x5c, - 0x24, - 0x25, - 0x40, - 0x20, - 0x64b, - 0x640, - 0x64b, - 0x640, - 0x651, - 0x20, - 0x652, - 0x640, - 0x652, - 0x621, - 0x622, - 0x623, - 0x624, - 0x625, - 0x629, - 0x644, - 0x622, - 0x644, - 0x623, - 0x644, - 0x625, - 0x22, - 0x27, - 0x5e, - 0x7c, - 0x7e, - 0x2985, - 0x2986, - 0x3002, - 0x30fb, - 0x30a5, - 0x30e3, - 0x3164, - 0x3131, - 0x3132, - 0x3133, - 0x3134, - 0x3135, - 0x3136, - 0x3137, - 0x3138, - 0x3139, - 0x313a, - 0x313b, - 0x313c, - 0x313d, - 0x313e, - 0x313f, - 0x3140, - 0x3141, - 0x3142, - 0x3143, - 0x3144, - 0x3145, - 0x3146, - 0x3147, - 0x3148, - 0x3149, - 0x314a, - 0x314b, - 0x314c, - 0x314d, - 0x314e, - 0x314f, - 0x3150, - 0x3151, - 0x3152, - 0x3153, - 0x3154, - 0x3155, - 0x3156, - 0x3157, - 0x3158, - 0x3159, - 0x315a, - 0x315b, - 0x315c, - 0x315d, - 0x315e, - 0x315f, - 0x3160, - 0x3161, - 0x3162, - 0x3163, - 0xa2, - 0xa3, - 0xac, - 0xaf, - 0xa6, - 0xa5, - 0x20a9, - 0x2502, - 0x2191, - 0x2193, - 0x25a0, - 0x25cb, - 0x1d157, - 0x1d165, - 0x1d158, - 0x1d165, - 0x1d15f, - 0x1d16e, - 0x1d15f, - 0x1d16f, - 0x1d15f, - 0x1d170, - 0x1d15f, - 0x1d171, - 0x1d15f, - 0x1d172, - 0x1d1b9, - 0x1d165, - 0x1d1ba, - 0x1d165, - 0x1d1bb, - 0x1d16e, - 0x1d1bc, - 0x1d16e, - 0x1d1bb, - 0x1d16f, - 0x1d1bc, - 0x1d16f, - 0x392, - 0x394, - 0x396, - 0x39a, - 0x39b, - 0x39c, - 0x39d, - 0x39e, - 0x3f4, - 0x3a4, - 0x3a6, - 0x3a7, - 0x3a8, - 0x2207, - 0x3b6, - 0x3bb, - 0x3bd, - 0x3be, - 0x3c3, - 0x3c4, - 0x3c8, - 0x2202, - 0x3f5, - 0x3d1, - 0x3f0, - 0x3d5, - 0x3f1, - 0x3d6, - 0x4e3d, - 0x4e38, - 0x4e41, - 0x20122, - 0x4f60, - 0x4fbb, - 0x5002, - 0x507a, - 0x5099, - 0x50cf, - 0x349e, - 0x2063a, - 0x5154, - 0x5164, - 0x5177, - 0x2051c, - 0x34b9, - 0x5167, - 0x518d, - 0x2054b, - 0x5197, - 0x51a4, - 0x4ecc, - 0x51ac, - 0x51b5, - 0x291df, - 0x5203, - 0x34df, - 0x523b, - 0x5246, - 0x5272, - 0x5277, - 0x3515, - 0x52c7, - 0x52fa, - 0x5305, - 0x5306, - 0x5349, - 0x535a, - 0x5373, - 0x537d, - 0x537f, - 0x20a2c, - 0x7070, - 0x53ca, - 0x53df, - 0x20b63, - 0x53eb, - 0x53f1, - 0x5406, - 0x549e, - 0x5438, - 0x5448, - 0x5468, - 0x54a2, - 0x54f6, - 0x5510, - 0x5553, - 0x5563, - 0x5584, - 0x5599, - 0x55ab, - 0x55b3, - 0x55c2, - 0x5716, - 0x5717, - 0x5651, - 0x5674, - 0x58ee, - 0x57ce, - 0x57f4, - 0x580d, - 0x578b, - 0x5832, - 0x5831, - 0x58ac, - 0x214e4, - 0x58f2, - 0x58f7, - 0x5906, - 0x591a, - 0x5922, - 0x5962, - 0x216a8, - 0x216ea, - 0x59ec, - 0x5a1b, - 0x5a27, - 0x59d8, - 0x5a66, - 0x36ee, - 0x36fc, - 0x5b08, - 0x5b3e, - 0x219c8, - 0x5bc3, - 0x5bd8, - 0x5bf3, - 0x21b18, - 0x5bff, - 0x5c06, - 0x5f53, - 0x3781, - 0x5c60, - 0x5cc0, - 0x5c8d, - 0x21de4, - 0x5d43, - 0x21de6, - 0x5d6e, - 0x5d6b, - 0x5d7c, - 0x5de1, - 0x5de2, - 0x382f, - 0x5dfd, - 0x5e28, - 0x5e3d, - 0x5e69, - 0x3862, - 0x22183, - 0x387c, - 0x5eb0, - 0x5eb3, - 0x5eb6, - 0x2a392, - 0x22331, - 0x8201, - 0x5f22, - 0x38c7, - 0x232b8, - 0x261da, - 0x5f62, - 0x5f6b, - 0x38e3, - 0x5f9a, - 0x5fcd, - 0x5fd7, - 0x5ff9, - 0x6081, - 0x393a, - 0x391c, - 0x226d4, - 0x60c7, - 0x6148, - 0x614c, - 0x614e, - 0x617a, - 0x61b2, - 0x61a4, - 0x61af, - 0x61de, - 0x621b, - 0x625d, - 0x62b1, - 0x62d4, - 0x6350, - 0x22b0c, - 0x633d, - 0x62fc, - 0x6368, - 0x6383, - 0x63e4, - 0x22bf1, - 0x6422, - 0x63c5, - 0x63a9, - 0x3a2e, - 0x6469, - 0x647e, - 0x649d, - 0x6477, - 0x3a6c, - 0x656c, - 0x2300a, - 0x65e3, - 0x66f8, - 0x6649, - 0x3b19, - 0x3b08, - 0x3ae4, - 0x5192, - 0x5195, - 0x6700, - 0x669c, - 0x80ad, - 0x43d9, - 0x671b, - 0x6721, - 0x675e, - 0x6753, - 0x233c3, - 0x3b49, - 0x67fa, - 0x6785, - 0x6852, - 0x2346d, - 0x688e, - 0x681f, - 0x6914, - 0x3b9d, - 0x6942, - 0x69a3, - 0x69ea, - 0x6aa8, - 0x236a3, - 0x6adb, - 0x3c18, - 0x6b21, - 0x238a7, - 0x6b54, - 0x3c4e, - 0x6b72, - 0x6b9f, - 0x6bbb, - 0x23a8d, - 0x21d0b, - 0x23afa, - 0x6c4e, - 0x23cbc, - 0x6cbf, - 0x6ccd, - 0x6c67, - 0x6d16, - 0x6d3e, - 0x6d69, - 0x6d78, - 0x6d85, - 0x23d1e, - 0x6d34, - 0x6e2f, - 0x6e6e, - 0x3d33, - 0x6ecb, - 0x6ec7, - 0x23ed1, - 0x6df9, - 0x6f6e, - 0x23f5e, - 0x23f8e, - 0x6fc6, - 0x7039, - 0x701e, - 0x701b, - 0x3d96, - 0x704a, - 0x707d, - 0x7077, - 0x70ad, - 0x20525, - 0x7145, - 0x24263, - 0x719c, - 0x243ab, - 0x7228, - 0x7235, - 0x7250, - 0x24608, - 0x7280, - 0x7295, - 0x24735, - 0x24814, - 0x737a, - 0x738b, - 0x3eac, - 0x73a5, - 0x3eb8, - 0x7447, - 0x745c, - 0x7471, - 0x7485, - 0x74ca, - 0x3f1b, - 0x7524, - 0x24c36, - 0x753e, - 0x24c92, - 0x2219f, - 0x7610, - 0x24fa1, - 0x24fb8, - 0x25044, - 0x3ffc, - 0x4008, - 0x76f4, - 0x250f3, - 0x250f2, - 0x25119, - 0x25133, - 0x771e, - 0x771f, - 0x774a, - 0x4039, - 0x778b, - 0x4046, - 0x4096, - 0x2541d, - 0x784e, - 0x78cc, - 0x40e3, - 0x25626, - 0x2569a, - 0x256c5, - 0x79eb, - 0x412f, - 0x7a4a, - 0x7a4f, - 0x2597c, - 0x25aa7, - 0x7aee, - 0x4202, - 0x25bab, - 0x7bc6, - 0x7bc9, - 0x4227, - 0x25c80, - 0x7cd2, - 0x42a0, - 0x7ce8, - 0x7ce3, - 0x7d00, - 0x25f86, - 0x7d63, - 0x4301, - 0x7dc7, - 0x7e02, - 0x7e45, - 0x4334, - 0x26228, - 0x26247, - 0x4359, - 0x262d9, - 0x7f7a, - 0x2633e, - 0x7f95, - 0x7ffa, - 0x264da, - 0x26523, - 0x8060, - 0x265a8, - 0x8070, - 0x2335f, - 0x43d5, - 0x80b2, - 0x8103, - 0x440b, - 0x813e, - 0x5ab5, - 0x267a7, - 0x267b5, - 0x23393, - 0x2339c, - 0x8204, - 0x8f9e, - 0x446b, - 0x8291, - 0x828b, - 0x829d, - 0x52b3, - 0x82b1, - 0x82b3, - 0x82bd, - 0x82e6, - 0x26b3c, - 0x831d, - 0x8363, - 0x83ad, - 0x8323, - 0x83bd, - 0x83e7, - 0x8353, - 0x83ca, - 0x83cc, - 0x83dc, - 0x26c36, - 0x26d6b, - 0x26cd5, - 0x452b, - 0x84f1, - 0x84f3, - 0x8516, - 0x273ca, - 0x8564, - 0x26f2c, - 0x455d, - 0x4561, - 0x26fb1, - 0x270d2, - 0x456b, - 0x8650, - 0x8667, - 0x8669, - 0x86a9, - 0x8688, - 0x870e, - 0x86e2, - 0x8779, - 0x8728, - 0x876b, - 0x8786, - 0x45d7, - 0x87e1, - 0x8801, - 0x45f9, - 0x8860, - 0x27667, - 0x88d7, - 0x88de, - 0x4635, - 0x88fa, - 0x34bb, - 0x278ae, - 0x27966, - 0x46be, - 0x46c7, - 0x8aa0, - 0x8aed, - 0x8b8a, - 0x27ca8, - 0x8cab, - 0x8cc1, - 0x8d1b, - 0x8d77, - 0x27f2f, - 0x20804, - 0x8dcb, - 0x8dbc, - 0x8df0, - 0x208de, - 0x8ed4, - 0x8f38, - 0x285d2, - 0x285ed, - 0x9094, - 0x90f1, - 0x9111, - 0x2872e, - 0x911b, - 0x9238, - 0x92d7, - 0x92d8, - 0x927c, - 0x93f9, - 0x9415, - 0x28bfa, - 0x958b, - 0x4995, - 0x95b7, - 0x28d77, - 0x49e6, - 0x96c3, - 0x5db2, - 0x9723, - 0x29145, - 0x2921a, - 0x4a6e, - 0x4a76, - 0x97e0, - 0x2940a, - 0x4ab2, - 0x29496, - 0x980b, - 0x9829, - 0x295b6, - 0x98e2, - 0x4b33, - 0x9929, - 0x99a7, - 0x99c2, - 0x99fe, - 0x4bce, - 0x29b30, - 0x9b12, - 0x9c40, - 0x9cfd, - 0x4cce, - 0x4ced, - 0x9d67, - 0x2a0ce, - 0x4cf8, - 0x2a105, - 0x2a20e, - 0x2a291, - 0x4d56, - 0x9efe, - 0x9f05, - 0x9f0f, - 0x9f16, - 0x2a600, -}; - -const struct canon_node _wind_canon_table[] = { - {0x0, 0, 3, 0}, - {0x0, 0, 10, 3}, - {0x0, 0, 16, 13}, - {0x0, 0, 15, 29}, - {0x0, 1, 14, 44}, - {0x2f993, 16, 16, 57}, - {0x0, 0, 16, 57}, - {0x0, 0, 16, 73}, - {0x0, 8, 16, 89}, - {0xf942, 16, 16, 97}, - {0x2f994, 16, 16, 97}, - {0x0, 0, 16, 97}, - {0x0, 9, 15, 113}, - {0x0, 5, 6, 119}, - {0x2f9ef, 16, 16, 120}, - {0x0, 0, 16, 120}, - {0x0, 0, 16, 136}, - {0x0, 0, 16, 152}, - {0x0, 0, 1, 168}, - {0x0, 0, 1, 169}, - {0x0, 3, 4, 170}, - {0x0, 4, 5, 171}, - {0x0, 5, 6, 172}, - {0x1f94, 16, 16, 173}, - {0x0, 0, 16, 173}, - {0x0, 0, 12, 189}, - {0x0, 10, 12, 201}, - {0x2f8f6, 16, 16, 203}, - {0xf970, 16, 16, 203}, - {0x0, 0, 16, 203}, - {0x0, 2, 14, 219}, - {0x0, 2, 6, 231}, - {0x0, 0, 1, 235}, - {0x0, 0, 1, 236}, - {0x0, 6, 7, 237}, - {0x0, 5, 6, 238}, - {0x0, 4, 5, 239}, - {0x6c0, 16, 16, 240}, - {0x0, 0, 16, 240}, - {0x0, 0, 13, 256}, - {0x0, 9, 10, 269}, - {0xf9ae, 16, 16, 270}, - {0x0, 0, 16, 270}, - {0x0, 2, 16, 286}, - {0x0, 15, 16, 300}, - {0xfa69, 16, 16, 301}, - {0x0, 0, 11, 301}, - {0x0, 1, 16, 312}, - {0x0, 3, 14, 327}, - {0x0, 6, 7, 338}, - {0x2f9a4, 16, 16, 339}, - {0x0, 4, 15, 339}, - {0x0, 9, 10, 350}, - {0xf9be, 16, 16, 351}, - {0x0, 1, 12, 351}, - {0x0, 7, 8, 362}, - {0x2f864, 16, 16, 363}, - {0x0, 0, 13, 363}, - {0x0, 0, 1, 376}, - {0x0, 0, 1, 377}, - {0x0, 3, 4, 378}, - {0x0, 4, 5, 379}, - {0x0, 5, 6, 380}, - {0x1fc2, 16, 16, 381}, - {0x0, 0, 16, 381}, - {0x0, 0, 16, 397}, - {0x0, 1, 16, 413}, - {0x0, 0, 1, 428}, - {0x0, 3, 4, 429}, - {0x0, 0, 1, 430}, - {0x0, 9, 10, 431}, - {0x0, 9, 10, 432}, - {0x3065, 16, 16, 433}, - {0x0, 0, 3, 433}, - {0x0, 0, 12, 436}, - {0x0, 3, 14, 448}, - {0x0, 0, 1, 459}, - {0x0, 0, 1, 460}, - {0x0, 3, 4, 461}, - {0x0, 3, 4, 462}, - {0x0, 8, 9, 463}, - {0x2244, 16, 16, 464}, - {0x0, 0, 15, 464}, - {0x0, 0, 12, 479}, - {0x0, 0, 1, 491}, - {0x0, 0, 1, 492}, - {0x0, 3, 4, 493}, - {0x0, 0, 1, 494}, - {0x0, 8, 9, 495}, - {0x1e7b, 16, 16, 496}, - {0x0, 1, 16, 496}, - {0x0, 0, 1, 511}, - {0x0, 3, 4, 512}, - {0x0, 0, 1, 513}, - {0x0, 9, 10, 514}, - {0x0, 9, 10, 515}, - {0x30ba, 16, 16, 516}, - {0x2f995, 16, 16, 516}, - {0x0, 0, 15, 516}, - {0x0, 0, 15, 531}, - {0x0, 0, 1, 546}, - {0x0, 0, 1, 547}, - {0x0, 3, 4, 548}, - {0x0, 0, 1, 549}, - {0x0, 8, 9, 550}, - {0x4df, 16, 16, 551}, - {0x0, 0, 16, 551}, - {0x0, 7, 8, 567}, - {0x2f9d7, 16, 16, 568}, - {0x0, 0, 16, 568}, - {0x0, 14, 15, 584}, - {0x2f86b, 16, 16, 585}, - {0xf94a, 16, 16, 585}, - {0x0, 4, 14, 585}, - {0x0, 9, 13, 595}, - {0x0, 0, 1, 599}, - {0x0, 0, 1, 600}, - {0x0, 13, 14, 601}, - {0x0, 12, 13, 602}, - {0x0, 10, 11, 603}, - {0xddd, 16, 16, 604}, - {0x0, 2, 16, 604}, - {0x0, 1, 15, 618}, - {0xf91a, 16, 16, 632}, - {0x0, 0, 16, 632}, - {0x0, 1, 4, 648}, - {0x0, 9, 10, 651}, - {0x2f943, 16, 16, 652}, - {0x0, 0, 16, 652}, - {0x0, 10, 11, 668}, - {0x0, 8, 9, 669}, - {0x2f9d3, 16, 16, 670}, - {0x0, 3, 16, 670}, - {0x0, 1, 16, 683}, - {0x0, 0, 1, 698}, - {0x0, 0, 1, 699}, - {0x0, 3, 4, 700}, - {0x0, 0, 3, 701}, - {0x0, 1, 13, 704}, - {0x10c, 16, 16, 716}, - {0x0, 1, 16, 716}, - {0x0, 1, 2, 731}, - {0xf958, 16, 16, 732}, - {0x0, 0, 1, 732}, - {0x0, 0, 1, 733}, - {0x0, 3, 4, 734}, - {0x0, 0, 1, 735}, - {0x0, 0, 9, 736}, - {0x4e5, 16, 16, 745}, - {0x439, 16, 16, 745}, - {0x4e3, 16, 16, 745}, - {0x0, 2, 15, 745}, - {0x0, 12, 13, 758}, - {0x2f8c7, 16, 16, 759}, - {0x0, 0, 1, 759}, - {0x0, 3, 4, 760}, - {0x0, 0, 1, 761}, - {0x0, 9, 10, 762}, - {0x0, 9, 10, 763}, - {0x30b4, 16, 16, 764}, - {0x45d, 16, 16, 764}, - {0x0, 0, 16, 764}, - {0x0, 0, 1, 780}, - {0x0, 0, 1, 781}, - {0x0, 3, 4, 782}, - {0x0, 0, 3, 783}, - {0x0, 0, 10, 786}, - {0x1ee8, 16, 16, 796}, - {0x0, 0, 16, 796}, - {0x0, 0, 1, 812}, - {0x0, 0, 1, 813}, - {0x0, 3, 4, 814}, - {0x0, 0, 4, 815}, - {0x0, 3, 14, 819}, - {0x1eb9, 16, 16, 830}, - {0x1eee, 16, 16, 830}, - {0x229, 16, 16, 830}, - {0x1eec, 16, 16, 830}, - {0x119, 16, 16, 830}, - {0x2fa07, 16, 16, 830}, - {0x10a, 16, 16, 830}, - {0x106, 16, 16, 830}, - {0x108, 16, 16, 830}, - {0x0, 1, 16, 830}, - {0x0, 9, 10, 845}, - {0x2f90e, 16, 16, 846}, - {0x0, 0, 14, 846}, - {0x0, 1, 16, 860}, - {0x0, 0, 1, 875}, - {0x0, 0, 1, 876}, - {0x0, 3, 4, 877}, - {0x0, 0, 2, 878}, - {0x0, 4, 5, 880}, - {0x1f59, 16, 16, 881}, - {0x0, 6, 12, 881}, - {0x0, 14, 15, 887}, - {0x2f9f8, 16, 16, 888}, - {0x0, 0, 11, 888}, - {0x0, 0, 1, 899}, - {0x0, 0, 1, 900}, - {0x0, 3, 4, 901}, - {0x0, 0, 4, 902}, - {0x0, 1, 2, 906}, - {0x212, 16, 16, 907}, - {0x0, 0, 1, 907}, - {0x0, 0, 1, 908}, - {0x0, 3, 4, 909}, - {0x0, 0, 3, 910}, - {0x0, 1, 12, 913}, - {0x20f, 16, 16, 924}, - {0x0, 2, 14, 924}, - {0x0, 0, 1, 936}, - {0x0, 0, 1, 937}, - {0x0, 3, 4, 938}, - {0x0, 3, 4, 939}, - {0x0, 8, 9, 940}, - {0x22e1, 16, 16, 941}, - {0x0, 0, 15, 941}, - {0x0, 13, 14, 956}, - {0xf967, 16, 16, 957}, - {0x1e19, 16, 16, 957}, - {0x0, 1, 16, 957}, - {0x0, 10, 11, 972}, - {0xf9f0, 16, 16, 973}, - {0x0, 0, 15, 973}, - {0x0, 2, 3, 988}, - {0x2f807, 16, 16, 989}, - {0x0, 3, 15, 989}, - {0x0, 13, 14, 1001}, - {0x2f8b9, 16, 16, 1002}, - {0x0, 0, 1, 1002}, - {0x0, 0, 1, 1003}, - {0x0, 3, 4, 1004}, - {0x0, 0, 4, 1005}, - {0x0, 0, 16, 1009}, - {0x1d0, 16, 16, 1025}, - {0x0, 0, 14, 1025}, - {0x0, 9, 10, 1039}, - {0x2f974, 16, 16, 1040}, - {0x0, 1, 12, 1040}, - {0x0, 1, 5, 1051}, - {0x0, 5, 6, 1055}, - {0x2f91b, 16, 16, 1056}, - {0x0, 0, 1, 1056}, - {0x0, 0, 1, 1057}, - {0x0, 3, 4, 1058}, - {0x0, 3, 4, 1059}, - {0x0, 8, 9, 1060}, - {0x22e0, 16, 16, 1061}, - {0x0, 0, 16, 1061}, - {0x0, 1, 11, 1077}, - {0x2f82e, 16, 16, 1087}, - {0x0, 0, 16, 1087}, - {0x0, 0, 1, 1103}, - {0x0, 0, 1, 1104}, - {0x0, 3, 4, 1105}, - {0x0, 0, 2, 1106}, - {0x0, 3, 5, 1108}, - {0x1f19, 16, 16, 1110}, - {0x0, 0, 10, 1110}, - {0x0, 9, 10, 1120}, - {0x2f8ce, 16, 16, 1121}, - {0x1f18, 16, 16, 1121}, - {0x0, 1, 15, 1121}, - {0x1f7d, 0, 1, 1135}, - {0x0, 0, 1, 1136}, - {0x0, 3, 4, 1137}, - {0x0, 4, 5, 1138}, - {0x0, 5, 6, 1139}, - {0x1ff4, 16, 16, 1140}, - {0x0, 0, 16, 1140}, - {0x0, 9, 10, 1156}, - {0xf9dd, 16, 16, 1157}, - {0x0, 1, 14, 1157}, - {0x2f991, 16, 16, 1170}, - {0x0, 2, 16, 1170}, - {0x0, 3, 4, 1184}, - {0xfa0b, 16, 16, 1185}, - {0x0, 6, 16, 1185}, - {0x0, 0, 1, 1195}, - {0x0, 0, 1, 1196}, - {0x0, 3, 4, 1197}, - {0x0, 0, 5, 1198}, - {0x0, 2, 3, 1203}, - {0x1fcf, 16, 16, 1204}, - {0x0, 0, 15, 1204}, - {0x0, 8, 9, 1219}, - {0x2f9bc, 16, 16, 1220}, - {0x0, 6, 7, 1220}, - {0x0, 3, 4, 1221}, - {0x2f838, 16, 16, 1222}, - {0x0, 0, 7, 1222}, - {0x0, 9, 10, 1229}, - {0x0, 2, 3, 1230}, - {0x2f88f, 16, 16, 1231}, - {0x0, 2, 6, 1231}, - {0x0, 0, 1, 1235}, - {0x0, 0, 1, 1236}, - {0x0, 3, 4, 1237}, - {0x0, 3, 4, 1238}, - {0x0, 8, 9, 1239}, - {0x22ec, 16, 16, 1240}, - {0x0, 0, 7, 1240}, - {0x2f88d, 16, 16, 1247}, - {0x0, 4, 16, 1247}, - {0x0, 14, 15, 1259}, - {0xfa3f, 16, 16, 1260}, - {0x2f98f, 16, 16, 1260}, - {0x0, 8, 12, 1260}, - {0x0, 11, 12, 1264}, - {0x2f9ee, 16, 16, 1265}, - {0xfa35, 16, 16, 1265}, - {0x0, 0, 1, 1265}, - {0x0, 0, 1, 1266}, - {0x0, 3, 4, 1267}, - {0x0, 0, 3, 1268}, - {0x0, 1, 2, 1271}, - {0x203, 16, 16, 1272}, - {0x0, 6, 8, 1272}, - {0x0, 0, 1, 1274}, - {0x0, 0, 1, 1275}, - {0x0, 13, 14, 1276}, - {0x0, 3, 6, 1277}, - {0x0, 7, 8, 1280}, - {0xd4c, 16, 16, 1281}, - {0x0, 0, 15, 1281}, - {0x0, 2, 3, 1296}, - {0xfa20, 16, 16, 1297}, - {0x0, 3, 13, 1297}, - {0x0, 0, 2, 1307}, - {0x0, 0, 1, 1309}, - {0x0, 0, 1, 1310}, - {0x0, 3, 4, 1311}, - {0x0, 0, 1, 1312}, - {0x0, 2, 7, 1313}, - {0x1eac, 16, 16, 1318}, - {0x0, 0, 16, 1318}, - {0x0, 3, 4, 1334}, - {0x2f874, 16, 16, 1335}, - {0x1eb6, 16, 16, 1335}, - {0x0, 0, 1, 1335}, - {0x0, 0, 1, 1336}, - {0x0, 3, 4, 1337}, - {0x0, 4, 5, 1338}, - {0x0, 5, 6, 1339}, - {0x1f9c, 16, 16, 1340}, - {0x0, 2, 12, 1340}, - {0x0, 6, 16, 1350}, - {0x0, 0, 1, 1360}, - {0x0, 0, 1, 1361}, - {0x0, 3, 4, 1362}, - {0x0, 0, 1, 1363}, - {0x0, 6, 7, 1364}, - {0x1e1d, 16, 16, 1365}, - {0x0, 1, 14, 1365}, - {0x0, 0, 14, 1378}, - {0x2f918, 16, 16, 1392}, - {0x0, 2, 14, 1392}, - {0x0, 9, 10, 1404}, - {0x2f975, 16, 16, 1405}, - {0x0, 1, 10, 1405}, - {0x0, 11, 12, 1414}, - {0xfa0a, 16, 16, 1415}, - {0x0, 0, 16, 1415}, - {0x0, 2, 4, 1431}, - {0xf992, 16, 16, 1433}, - {0xfa47, 16, 16, 1433}, - {0x0, 2, 15, 1433}, - {0x0, 13, 16, 1446}, - {0xfa53, 16, 16, 1449}, - {0xfa52, 16, 16, 1449}, - {0xfa1b, 16, 16, 1449}, - {0x0, 0, 1, 1449}, - {0x0, 3, 4, 1450}, - {0x0, 0, 1, 1451}, - {0x0, 9, 10, 1452}, - {0x0, 9, 10, 1453}, - {0x30b2, 16, 16, 1454}, - {0x0, 0, 1, 1454}, - {0x0, 0, 1, 1455}, - {0x0, 3, 4, 1456}, - {0x0, 0, 5, 1457}, - {0x0, 0, 2, 1462}, - {0x1fca, 16, 16, 1464}, - {0x389, 16, 16, 1464}, - {0x0, 1, 16, 1464}, - {0x0, 12, 13, 1479}, - {0x2f93e, 16, 16, 1480}, - {0x0, 3, 15, 1480}, - {0x0, 3, 9, 1492}, - {0x2f968, 16, 16, 1498}, - {0x0, 0, 1, 1498}, - {0x0, 0, 1, 1499}, - {0x0, 3, 4, 1500}, - {0x0, 0, 5, 1501}, - {0x0, 2, 6, 1506}, - {0x1f2e, 16, 16, 1510}, - {0x1f98, 16, 16, 1510}, - {0x0, 6, 12, 1510}, - {0x0, 0, 1, 1516}, - {0x2f804, 16, 16, 1517}, - {0x2f919, 16, 16, 1517}, - {0x2f835, 16, 16, 1517}, - {0x0, 1, 2, 1517}, - {0x0, 5, 6, 1518}, - {0x2f824, 16, 16, 1519}, - {0x0, 0, 16, 1519}, - {0x1fe3, 16, 16, 1535}, - {0x0, 2, 4, 1535}, - {0x0, 0, 1, 1537}, - {0x0, 0, 1, 1538}, - {0x0, 3, 4, 1539}, - {0x0, 0, 1, 1540}, - {0x0, 7, 8, 1541}, - {0x1e69, 16, 16, 1542}, - {0x1fbe, 0, 1, 1542}, - {0x0, 0, 16, 1543}, - {0x0, 3, 4, 1559}, - {0x2f96c, 16, 16, 1560}, - {0x0, 0, 15, 1560}, - {0x0, 10, 11, 1575}, - {0x2f85d, 16, 16, 1576}, - {0x0, 3, 11, 1576}, - {0x2f836, 16, 16, 1584}, - {0x0, 12, 13, 1584}, - {0x2f92f, 16, 16, 1585}, - {0x0, 0, 10, 1585}, - {0x0, 0, 1, 1595}, - {0x0, 0, 1, 1596}, - {0x0, 3, 4, 1597}, - {0x0, 0, 5, 1598}, - {0x0, 2, 3, 1603}, - {0x1f5f, 16, 16, 1604}, - {0x0, 2, 3, 1604}, - {0x0, 15, 16, 1605}, - {0x2f9d8, 16, 16, 1606}, - {0x0, 1, 16, 1606}, - {0x0, 0, 12, 1621}, - {0xf932, 16, 16, 1633}, - {0x0, 0, 16, 1633}, - {0x0, 11, 12, 1649}, - {0xfa6a, 16, 16, 1650}, - {0x0, 2, 16, 1650}, - {0x0, 2, 4, 1664}, - {0xfa68, 16, 16, 1666}, - {0x0, 2, 16, 1666}, - {0x212b, 0, 1, 1680}, - {0x0, 0, 1, 1681}, - {0x0, 3, 4, 1682}, - {0x0, 0, 1, 1683}, - {0x0, 1, 2, 1684}, - {0x1fa, 16, 16, 1685}, - {0x0, 1, 16, 1685}, - {0x0, 0, 1, 1700}, - {0x0, 3, 4, 1701}, - {0x0, 0, 1, 1702}, - {0x0, 9, 10, 1703}, - {0x0, 9, 10, 1704}, - {0x30c9, 16, 16, 1705}, - {0xf9ea, 16, 16, 1705}, - {0x0, 2, 16, 1705}, - {0x0, 0, 1, 1719}, - {0x0, 0, 1, 1720}, - {0x0, 3, 4, 1721}, - {0x0, 0, 1, 1722}, - {0x0, 1, 2, 1723}, - {0x1e09, 16, 16, 1724}, - {0x0, 1, 11, 1724}, - {0x0, 2, 3, 1734}, - {0x2f8e1, 16, 16, 1735}, - {0x0, 0, 14, 1735}, - {0x0, 0, 1, 1749}, - {0x0, 3, 4, 1750}, - {0x0, 0, 1, 1751}, - {0x0, 9, 10, 1752}, - {0x0, 9, 10, 1753}, - {0x30f9, 16, 16, 1754}, - {0x0, 13, 14, 1754}, - {0xf986, 16, 16, 1755}, - {0x0, 0, 1, 1755}, - {0x0, 0, 1, 1756}, - {0x0, 3, 4, 1757}, - {0x0, 0, 4, 1758}, - {0x0, 7, 8, 1762}, - {0x1e03, 16, 16, 1763}, - {0x0, 0, 1, 1763}, - {0x0, 0, 1, 1764}, - {0x0, 3, 4, 1765}, - {0x0, 0, 1, 1766}, - {0x0, 1, 5, 1767}, - {0x1fd, 16, 16, 1771}, - {0x0, 0, 1, 1771}, - {0x0, 0, 1, 1772}, - {0x0, 3, 4, 1773}, - {0x0, 3, 4, 1774}, - {0x0, 8, 9, 1775}, - {0x2281, 16, 16, 1776}, - {0x1e3, 16, 16, 1776}, - {0x0, 2, 12, 1776}, - {0x0, 0, 1, 1786}, - {0x0, 0, 1, 1787}, - {0x0, 3, 4, 1788}, - {0x0, 3, 4, 1789}, - {0x0, 8, 9, 1790}, - {0x22af, 16, 16, 1791}, - {0xf96b, 16, 16, 1791}, - {0x0, 2, 16, 1791}, - {0x0, 3, 10, 1805}, - {0x0, 2, 3, 1812}, - {0x2f937, 16, 16, 1813}, - {0x0, 2, 12, 1813}, - {0x0, 2, 3, 1823}, - {0xf98d, 16, 16, 1824}, - {0x0, 6, 16, 1824}, - {0x0, 0, 1, 1834}, - {0x0, 3, 4, 1835}, - {0x0, 0, 1, 1836}, - {0x0, 9, 10, 1837}, - {0x0, 9, 10, 1838}, - {0x30b0, 16, 16, 1839}, - {0x0, 0, 1, 1839}, - {0x0, 0, 1, 1840}, - {0x0, 3, 4, 1841}, - {0x0, 0, 3, 1842}, - {0x0, 1, 8, 1845}, - {0x1e3e, 16, 16, 1852}, - {0x1e40, 16, 16, 1852}, - {0x0, 8, 9, 1852}, - {0xfa65, 16, 16, 1853}, - {0x0, 6, 16, 1853}, - {0x0, 10, 11, 1863}, - {0xf93a, 16, 16, 1864}, - {0x0, 0, 16, 1864}, - {0x0, 0, 1, 1880}, - {0x0, 0, 1, 1881}, - {0x0, 3, 4, 1882}, - {0x0, 4, 5, 1883}, - {0x0, 5, 6, 1884}, - {0x1faa, 16, 16, 1885}, - {0x0, 0, 1, 1885}, - {0x0, 2, 4, 1886}, - {0x2001, 16, 16, 1888}, - {0x2000, 16, 16, 1888}, - {0x0, 0, 16, 1888}, - {0x0, 11, 12, 1904}, - {0x0, 8, 9, 1905}, - {0x2f897, 16, 16, 1906}, - {0x0, 2, 15, 1906}, - {0x0, 4, 5, 1919}, - {0x2f934, 16, 16, 1920}, - {0x0, 1, 13, 1920}, - {0x0, 11, 12, 1932}, - {0x2f848, 16, 16, 1933}, - {0x0, 0, 16, 1933}, - {0x0, 0, 1, 1949}, - {0x0, 0, 1, 1950}, - {0x0, 3, 4, 1951}, - {0x0, 0, 5, 1952}, - {0x0, 2, 6, 1957}, - {0x1f07, 16, 16, 1961}, - {0x1f81, 16, 16, 1961}, - {0x0, 0, 1, 1961}, - {0x0, 0, 1, 1962}, - {0x0, 3, 4, 1963}, - {0x0, 0, 4, 1964}, - {0x0, 7, 13, 1968}, - {0x1e0b, 16, 16, 1974}, - {0x0, 0, 1, 1974}, - {0x0, 0, 1, 1975}, - {0x0, 3, 4, 1976}, - {0x0, 4, 5, 1977}, - {0x0, 5, 6, 1978}, - {0x1f9b, 16, 16, 1979}, - {0x0, 0, 1, 1979}, - {0x0, 0, 1, 1980}, - {0x0, 3, 4, 1981}, - {0x0, 0, 3, 1982}, - {0x0, 3, 4, 1985}, - {0x1e43, 16, 16, 1986}, - {0x0, 8, 9, 1986}, - {0x0, 0, 1, 1987}, - {0x0, 0, 1, 1988}, - {0x0, 3, 4, 1989}, - {0x0, 0, 5, 1990}, - {0x0, 0, 2, 1995}, - {0x1fed, 16, 16, 1997}, - {0x385, 16, 16, 1997}, - {0x0, 2, 4, 1997}, - {0x0, 0, 1, 1999}, - {0x0, 0, 1, 2000}, - {0x0, 3, 4, 2001}, - {0x0, 0, 1, 2002}, - {0x0, 0, 2, 2003}, - {0x1e17, 16, 16, 2005}, - {0x0, 1, 15, 2005}, - {0x0, 14, 15, 2019}, - {0x2f95f, 16, 16, 2020}, - {0x0, 0, 1, 2020}, - {0x0, 0, 1, 2021}, - {0x0, 3, 4, 2022}, - {0x0, 0, 5, 2023}, - {0x0, 0, 2, 2028}, - {0x1f53, 16, 16, 2030}, - {0x1f55, 16, 16, 2030}, - {0x0, 0, 1, 2030}, - {0x0, 0, 1, 2031}, - {0x0, 3, 4, 2032}, - {0x0, 3, 4, 2033}, - {0x0, 8, 9, 2034}, - {0x22ad, 16, 16, 2035}, - {0x0, 2, 12, 2035}, - {0x0, 0, 1, 2045}, - {0x0, 3, 4, 2046}, - {0x0, 0, 1, 2047}, - {0x0, 9, 10, 2048}, - {0x0, 9, 11, 2049}, - {0x3079, 16, 16, 2051}, - {0x0, 0, 1, 2051}, - {0x0, 3, 4, 2052}, - {0x0, 0, 1, 2053}, - {0x0, 9, 10, 2054}, - {0x0, 9, 11, 2055}, - {0x307d, 16, 16, 2057}, - {0x0, 3, 8, 2057}, - {0x1e5a, 16, 16, 2062}, - {0x156, 16, 16, 2062}, - {0x0, 12, 13, 2062}, - {0xf982, 16, 16, 2063}, - {0x0, 10, 12, 2063}, - {0x0, 0, 1, 2065}, - {0x0, 0, 1, 2066}, - {0x0, 3, 4, 2067}, - {0x0, 0, 1, 2068}, - {0x0, 4, 5, 2069}, - {0x1ec, 16, 16, 2070}, - {0x0, 4, 14, 2070}, - {0x0, 3, 4, 2080}, - {0xfa64, 16, 16, 2081}, - {0x0, 0, 1, 2081}, - {0x0, 0, 1, 2082}, - {0x0, 3, 4, 2083}, - {0x0, 4, 5, 2084}, - {0x0, 5, 6, 2085}, - {0x1f8e, 16, 16, 2086}, - {0x0, 7, 8, 2086}, - {0xf99c, 16, 16, 2087}, - {0x0, 0, 10, 2087}, - {0x0, 0, 1, 2097}, - {0x0, 0, 1, 2098}, - {0x0, 3, 4, 2099}, - {0x0, 0, 5, 2100}, - {0x0, 0, 2, 2105}, - {0x1f3d, 16, 16, 2107}, - {0x0, 0, 1, 2107}, - {0x0, 3, 4, 2108}, - {0x0, 0, 5, 2109}, - {0x0, 2, 3, 2114}, - {0x1fd6, 16, 16, 2115}, - {0x0, 6, 15, 2115}, - {0x0, 0, 1, 2124}, - {0x0, 0, 1, 2125}, - {0x0, 3, 4, 2126}, - {0x0, 0, 5, 2127}, - {0x0, 0, 2, 2132}, - {0x1fde, 16, 16, 2134}, - {0x1fdd, 16, 16, 2134}, - {0x0, 0, 1, 2134}, - {0x0, 0, 1, 2135}, - {0x0, 3, 4, 2136}, - {0x0, 4, 5, 2137}, - {0x0, 5, 6, 2138}, - {0x1f95, 16, 16, 2139}, - {0x0, 4, 8, 2139}, - {0xf90b, 16, 16, 2143}, - {0x2f846, 16, 16, 2143}, - {0x0, 3, 6, 2143}, - {0x0, 0, 1, 2146}, - {0x0, 0, 1, 2147}, - {0x0, 3, 4, 2148}, - {0x0, 3, 4, 2149}, - {0x0, 8, 9, 2150}, - {0x2224, 16, 16, 2151}, - {0x0, 0, 16, 2151}, - {0x0, 12, 13, 2167}, - {0xfa08, 16, 16, 2168}, - {0x0, 5, 6, 2168}, - {0x2f905, 16, 16, 2169}, - {0x0, 10, 11, 2169}, - {0xf995, 16, 16, 2170}, - {0x0, 0, 1, 2170}, - {0x0, 3, 4, 2171}, - {0x0, 0, 1, 2172}, - {0x0, 9, 10, 2173}, - {0x0, 9, 10, 2174}, - {0x30c7, 16, 16, 2175}, - {0x0, 0, 1, 2175}, - {0x0, 0, 1, 2176}, - {0x0, 3, 4, 2177}, - {0x0, 0, 5, 2178}, - {0x0, 0, 2, 2183}, - {0x1f22, 16, 16, 2185}, - {0x0, 5, 11, 2185}, - {0xf97f, 16, 16, 2191}, - {0x0, 9, 10, 2191}, - {0x2fa00, 16, 16, 2192}, - {0x0, 7, 16, 2192}, - {0x0, 2, 11, 2201}, - {0xf9e6, 16, 16, 2210}, - {0x0, 1, 16, 2210}, - {0x0, 10, 11, 2225}, - {0xfa17, 16, 16, 2226}, - {0xfa5a, 16, 16, 2226}, - {0x0, 10, 12, 2226}, - {0x0, 0, 1, 2228}, - {0x0, 0, 1, 2229}, - {0x0, 3, 4, 2230}, - {0x0, 0, 1, 2231}, - {0x0, 4, 5, 2232}, - {0x1e5d, 16, 16, 2233}, - {0x0, 7, 10, 2233}, - {0x2f9b5, 16, 16, 2236}, - {0x2f9b6, 16, 16, 2236}, - {0x0, 0, 12, 2236}, - {0x0, 0, 16, 2248}, - {0xf997, 16, 16, 2264}, - {0x0, 1, 12, 2264}, - {0x0, 11, 12, 2275}, - {0x0, 6, 7, 2276}, - {0x2fa01, 16, 16, 2277}, - {0x0, 10, 16, 2277}, - {0x0, 8, 15, 2283}, - {0xfa22, 16, 16, 2290}, - {0x0, 0, 10, 2290}, - {0x0, 0, 1, 2300}, - {0x0, 0, 1, 2301}, - {0x0, 3, 4, 2302}, - {0x0, 0, 1, 2303}, - {0x0, 0, 2, 2304}, - {0x1f4a, 16, 16, 2306}, - {0x0, 4, 13, 2306}, - {0x0, 6, 7, 2315}, - {0x0, 0, 1, 2316}, - {0x0, 0, 1, 2317}, - {0x0, 12, 13, 2318}, - {0x0, 5, 6, 2319}, - {0x0, 6, 7, 2320}, - {0xc48, 16, 16, 2321}, - {0x2f976, 16, 16, 2321}, - {0x0, 15, 16, 2321}, - {0xf97c, 16, 16, 2322}, - {0x0, 2, 13, 2322}, - {0x0, 4, 5, 2333}, - {0xf930, 16, 16, 2334}, - {0x212a, 0, 1, 2334}, - {0x0, 0, 1, 2335}, - {0x0, 3, 4, 2336}, - {0x0, 0, 4, 2337}, - {0x0, 1, 2, 2341}, - {0x1e34, 16, 16, 2342}, - {0x0, 2, 11, 2342}, - {0x0, 3, 4, 2351}, - {0x2f97c, 16, 16, 2352}, - {0x0, 2, 3, 2352}, - {0x2f85f, 16, 16, 2353}, - {0x0, 0, 1, 2353}, - {0x0, 0, 1, 2354}, - {0x0, 3, 4, 2355}, - {0x0, 0, 1, 2356}, - {0x0, 6, 9, 2357}, - {0x4d1, 16, 16, 2360}, - {0x0, 1, 2, 2360}, - {0xfa55, 16, 16, 2361}, - {0x0, 5, 14, 2361}, - {0x0, 15, 16, 2370}, - {0x0, 10, 11, 2371}, - {0x2f9ed, 16, 16, 2372}, - {0x2f97d, 16, 16, 2372}, - {0x0, 9, 10, 2372}, - {0xf90e, 16, 16, 2373}, - {0x0, 0, 1, 2373}, - {0x0, 0, 1, 2374}, - {0x0, 3, 4, 2375}, - {0x0, 0, 5, 2376}, - {0x0, 0, 2, 2381}, - {0x1f0a, 16, 16, 2383}, - {0x1f0c, 16, 16, 2383}, - {0x0, 0, 1, 2383}, - {0x0, 0, 1, 2384}, - {0x0, 3, 4, 2385}, - {0x0, 0, 5, 2386}, - {0x0, 2, 6, 2391}, - {0x1f67, 16, 16, 2395}, - {0x0, 0, 1, 2395}, - {0x0, 0, 1, 2396}, - {0x0, 3, 4, 2397}, - {0x0, 0, 3, 2398}, - {0x0, 7, 8, 2401}, - {0xe7, 16, 16, 2402}, - {0x1fa1, 16, 16, 2402}, - {0x1eea, 16, 16, 2402}, - {0x0, 5, 11, 2402}, - {0x2f978, 16, 16, 2408}, - {0x0, 2, 3, 2408}, - {0x0, 0, 1, 2409}, - {0x0, 0, 1, 2410}, - {0x0, 3, 4, 2411}, - {0x0, 0, 1, 2412}, - {0x0, 1, 9, 2413}, - {0x3d4, 16, 16, 2421}, - {0x0, 4, 14, 2421}, - {0x0, 12, 13, 2431}, - {0x2f91e, 16, 16, 2432}, - {0x3d3, 16, 16, 2432}, - {0x0, 3, 14, 2432}, - {0x0, 7, 9, 2443}, - {0x2f9e9, 16, 16, 2445}, - {0x0, 0, 1, 2445}, - {0x0, 0, 1, 2446}, - {0x0, 3, 4, 2447}, - {0x0, 0, 3, 2448}, - {0x0, 0, 10, 2451}, - {0x176, 16, 16, 2461}, - {0xdd, 16, 16, 2461}, - {0x1ef2, 16, 16, 2461}, - {0x1e8e, 16, 16, 2461}, - {0x232, 16, 16, 2461}, - {0x0, 6, 16, 2461}, - {0x0, 0, 1, 2471}, - {0x0, 3, 4, 2472}, - {0x0, 0, 1, 2473}, - {0x0, 9, 10, 2474}, - {0x0, 9, 10, 2475}, - {0x3094, 16, 16, 2476}, - {0x1ef6, 16, 16, 2476}, - {0x178, 16, 16, 2476}, - {0x0, 0, 1, 2476}, - {0x0, 0, 1, 2477}, - {0x0, 3, 4, 2478}, - {0x0, 0, 1, 2479}, - {0x0, 7, 8, 2480}, - {0x1e68, 16, 16, 2481}, - {0x2f9e8, 16, 16, 2481}, - {0x0, 13, 14, 2481}, - {0x2f999, 16, 16, 2482}, - {0x0, 0, 1, 2482}, - {0x0, 0, 1, 2483}, - {0x0, 3, 4, 2484}, - {0x0, 0, 3, 2485}, - {0x0, 0, 9, 2488}, - {0x1e82, 16, 16, 2497}, - {0x0, 4, 16, 2497}, - {0x0, 14, 15, 2509}, - {0x2f94e, 16, 16, 2510}, - {0x174, 16, 16, 2510}, - {0x1e86, 16, 16, 2510}, - {0x0, 0, 1, 2510}, - {0x0, 0, 1, 2511}, - {0x0, 3, 4, 2512}, - {0x0, 0, 1, 2513}, - {0x0, 4, 5, 2514}, - {0x1de, 16, 16, 2515}, - {0xf9af, 16, 16, 2515}, - {0x0, 2, 15, 2515}, - {0x0, 3, 4, 2528}, - {0x2f89b, 16, 16, 2529}, - {0x0, 3, 5, 2529}, - {0x1f28, 16, 16, 2531}, - {0x1f29, 16, 16, 2531}, - {0x0, 8, 16, 2531}, - {0x0, 10, 11, 2539}, - {0x2f8f9, 16, 16, 2540}, - {0x0, 10, 11, 2540}, - {0x2f89c, 16, 16, 2541}, - {0x0, 1, 2, 2541}, - {0x1e07, 16, 16, 2542}, - {0x0, 0, 1, 2542}, - {0x0, 3, 4, 2543}, - {0x0, 0, 1, 2544}, - {0x0, 9, 10, 2545}, - {0x0, 9, 11, 2546}, - {0x30d0, 16, 16, 2548}, - {0x0, 11, 12, 2548}, - {0x2f9d6, 16, 16, 2549}, - {0x0, 0, 13, 2549}, - {0x0, 0, 15, 2562}, - {0xfa3c, 16, 16, 2577}, - {0x0, 7, 8, 2577}, - {0x2f92e, 16, 16, 2578}, - {0x0, 0, 1, 2578}, - {0x0, 3, 4, 2579}, - {0x0, 0, 1, 2580}, - {0x0, 9, 10, 2581}, - {0x0, 9, 10, 2582}, - {0x30ae, 16, 16, 2583}, - {0x0, 1, 16, 2583}, - {0x0, 0, 1, 2598}, - {0x0, 3, 4, 2599}, - {0x0, 0, 1, 2600}, - {0x0, 9, 10, 2601}, - {0x0, 9, 10, 2602}, - {0x3058, 16, 16, 2603}, - {0x0, 0, 1, 2603}, - {0x0, 0, 1, 2604}, - {0x0, 3, 4, 2605}, - {0x0, 0, 4, 2606}, - {0x0, 0, 16, 2610}, - {0xcb, 16, 16, 2626}, - {0x1eba, 16, 16, 2626}, - {0xca, 16, 16, 2626}, - {0x1ebc, 16, 16, 2626}, - {0xc8, 16, 16, 2626}, - {0xc9, 16, 16, 2626}, - {0x114, 16, 16, 2626}, - {0x116, 16, 16, 2626}, - {0x112, 16, 16, 2626}, - {0xf94b, 16, 16, 2626}, - {0x2f877, 16, 16, 2626}, - {0xf9df, 16, 16, 2626}, - {0xfa3b, 16, 16, 2626}, - {0x0, 0, 1, 2626}, - {0x0, 0, 1, 2627}, - {0x0, 3, 4, 2628}, - {0x0, 0, 1, 2629}, - {0x0, 6, 7, 2630}, - {0x1e1c, 16, 16, 2631}, - {0x0, 4, 16, 2631}, - {0x0, 4, 5, 2643}, - {0x2f93d, 16, 16, 2644}, - {0x0, 0, 1, 2644}, - {0x0, 0, 1, 2645}, - {0x0, 3, 4, 2646}, - {0x0, 0, 1, 2647}, - {0x0, 1, 2, 2648}, - {0x1fb, 16, 16, 2649}, - {0x0, 6, 7, 2649}, - {0x0, 13, 14, 2650}, - {0x2f8e3, 16, 16, 2651}, - {0x0, 2, 8, 2651}, - {0x2f85b, 16, 16, 2657}, - {0x2f85a, 16, 16, 2657}, - {0x307c, 16, 16, 2657}, - {0x0, 0, 1, 2657}, - {0x0, 0, 1, 2658}, - {0x0, 3, 4, 2659}, - {0x0, 0, 5, 2660}, - {0x0, 2, 6, 2665}, - {0x1f06, 16, 16, 2669}, - {0x11a, 16, 16, 2669}, - {0x204, 16, 16, 2669}, - {0x1f80, 16, 16, 2669}, - {0x307a, 16, 16, 2669}, - {0x0, 0, 1, 2669}, - {0x0, 8, 9, 2670}, - {0x2f923, 16, 16, 2671}, - {0x0, 3, 4, 2671}, - {0x2f944, 16, 16, 2672}, - {0x0, 10, 11, 2672}, - {0xf94d, 16, 16, 2673}, - {0x0, 3, 4, 2673}, - {0x1ef0, 16, 16, 2674}, - {0x0, 11, 12, 2674}, - {0xf9d4, 16, 16, 2675}, - {0x0, 0, 16, 2675}, - {0x113, 16, 16, 2691}, - {0x115, 16, 16, 2691}, - {0x117, 16, 16, 2691}, - {0xe8, 16, 16, 2691}, - {0xe9, 16, 16, 2691}, - {0xea, 16, 16, 2691}, - {0x1ebd, 16, 16, 2691}, - {0x0, 0, 1, 2691}, - {0x0, 0, 1, 2692}, - {0x0, 3, 4, 2693}, - {0x0, 0, 1, 2694}, - {0x0, 1, 2, 2695}, - {0x1e08, 16, 16, 2696}, - {0xeb, 16, 16, 2696}, - {0x1ebb, 16, 16, 2696}, - {0x0, 12, 14, 2696}, - {0x0, 0, 1, 2698}, - {0x0, 0, 1, 2699}, - {0x0, 3, 4, 2700}, - {0x0, 0, 1, 2701}, - {0x0, 0, 2, 2702}, - {0x1e52, 16, 16, 2704}, - {0x0, 9, 14, 2704}, - {0x0, 0, 5, 2709}, - {0x0, 0, 1, 2714}, - {0x0, 0, 1, 2715}, - {0x0, 3, 4, 2716}, - {0x0, 3, 4, 2717}, - {0x0, 8, 9, 2718}, - {0x21cf, 16, 16, 2719}, - {0x0, 0, 1, 2719}, - {0x0, 0, 1, 2720}, - {0x0, 3, 4, 2721}, - {0x0, 0, 1, 2722}, - {0x0, 2, 3, 2723}, - {0x134, 16, 16, 2724}, - {0x0, 0, 1, 2724}, - {0x0, 0, 1, 2725}, - {0x0, 3, 4, 2726}, - {0x0, 0, 5, 2727}, - {0x0, 0, 2, 2732}, - {0x1f54, 16, 16, 2734}, - {0x1f52, 16, 16, 2734}, - {0x0, 1, 2, 2734}, - {0x1e5e, 16, 16, 2735}, - {0x0, 8, 9, 2735}, - {0xf99f, 16, 16, 2736}, - {0x0, 1, 5, 2736}, - {0x0, 14, 15, 2740}, - {0x2f8f2, 16, 16, 2741}, - {0x205, 16, 16, 2741}, - {0x11b, 16, 16, 2741}, - {0x2f88b, 16, 16, 2741}, - {0x2f88c, 16, 16, 2741}, - {0x0, 3, 8, 2741}, - {0x2f81e, 16, 16, 2746}, - {0x0, 0, 1, 2746}, - {0x0, 0, 1, 2747}, - {0x0, 3, 4, 2748}, - {0x0, 0, 5, 2749}, - {0x0, 3, 5, 2754}, - {0x1f01, 16, 16, 2756}, - {0xfa00, 16, 16, 2756}, - {0x0, 3, 16, 2756}, - {0x2f830, 16, 16, 2769}, - {0x0, 2, 13, 2769}, - {0x0, 0, 4, 2780}, - {0x0, 0, 1, 2784}, - {0x0, 0, 1, 2785}, - {0x0, 9, 10, 2786}, - {0x0, 3, 4, 2787}, - {0x0, 12, 13, 2788}, - {0x931, 16, 16, 2789}, - {0x2f833, 16, 16, 2789}, - {0x0, 0, 1, 2789}, - {0x0, 0, 1, 2790}, - {0x0, 3, 4, 2791}, - {0x0, 0, 1, 2792}, - {0x0, 8, 9, 2793}, - {0x1e7a, 16, 16, 2794}, - {0x0, 14, 15, 2794}, - {0xf9d0, 16, 16, 2795}, - {0x0, 9, 14, 2795}, - {0x2f847, 16, 16, 2800}, - {0x0, 13, 14, 2800}, - {0x0, 2, 3, 2801}, - {0x2f9b1, 16, 16, 2802}, - {0x0, 4, 13, 2802}, - {0x0, 7, 8, 2811}, - {0x0, 0, 1, 2812}, - {0x0, 0, 1, 2813}, - {0x0, 11, 12, 2814}, - {0x0, 3, 6, 2815}, - {0x0, 14, 15, 2818}, - {0xb4b, 16, 16, 2819}, - {0x0, 6, 8, 2819}, - {0x0, 0, 1, 2821}, - {0x0, 0, 1, 2822}, - {0x0, 3, 4, 2823}, - {0x0, 0, 1, 2824}, - {0x0, 4, 5, 2825}, - {0x1e39, 16, 16, 2826}, - {0x0, 0, 1, 2826}, - {0x0, 0, 1, 2827}, - {0x0, 3, 4, 2828}, - {0x0, 0, 1, 2829}, - {0x0, 2, 13, 2830}, - {0x135, 16, 16, 2841}, - {0x0, 13, 14, 2841}, - {0x2f9d0, 16, 16, 2842}, - {0x0, 4, 14, 2842}, - {0x0, 0, 15, 2852}, - {0x0, 4, 7, 2867}, - {0x2f87d, 16, 16, 2870}, - {0x2f87b, 16, 16, 2870}, - {0x0, 7, 8, 2870}, - {0x0, 0, 1, 2871}, - {0x0, 0, 1, 2872}, - {0x0, 9, 10, 2873}, - {0x0, 11, 14, 2874}, - {0x0, 14, 15, 2877}, - {0x9cb, 16, 16, 2878}, - {0x0, 1, 6, 2878}, - {0x0, 0, 1, 2883}, - {0x0, 0, 1, 2884}, - {0x0, 3, 4, 2885}, - {0x0, 3, 4, 2886}, - {0x0, 8, 9, 2887}, - {0x2270, 16, 16, 2888}, - {0x0, 5, 9, 2888}, - {0xf959, 16, 16, 2892}, - {0xfa36, 16, 16, 2892}, - {0x0, 0, 1, 2892}, - {0x0, 0, 1, 2893}, - {0x0, 3, 4, 2894}, - {0x0, 3, 4, 2895}, - {0x0, 8, 9, 2896}, - {0x2271, 16, 16, 2897}, - {0x0, 9, 10, 2897}, - {0xfa5e, 16, 16, 2898}, - {0x0, 0, 1, 2898}, - {0x0, 0, 1, 2899}, - {0x0, 3, 4, 2900}, - {0x0, 0, 1, 2901}, - {0x0, 1, 2, 2902}, - {0x453, 16, 16, 2903}, - {0xf9d3, 16, 16, 2903}, - {0x0, 12, 14, 2903}, - {0x0, 0, 1, 2905}, - {0x0, 0, 1, 2906}, - {0x0, 3, 4, 2907}, - {0x0, 0, 1, 2908}, - {0x0, 2, 3, 2909}, - {0x1ed8, 16, 16, 2910}, - {0x0, 2, 16, 2910}, - {0xf9e7, 16, 16, 2924}, - {0xf91c, 16, 16, 2924}, - {0x0, 1, 16, 2924}, - {0x0, 4, 9, 2939}, - {0xf901, 16, 16, 2944}, - {0x2f82f, 16, 16, 2944}, - {0x0, 15, 16, 2944}, - {0x2f883, 16, 16, 2945}, - {0x0, 0, 5, 2945}, - {0x0, 0, 1, 2950}, - {0x0, 0, 1, 2951}, - {0x0, 3, 4, 2952}, - {0x0, 3, 4, 2953}, - {0x0, 8, 9, 2954}, - {0x21ae, 16, 16, 2955}, - {0x0, 11, 12, 2955}, - {0x0, 12, 13, 2956}, - {0x2f8fb, 16, 16, 2957}, - {0x0, 0, 1, 2957}, - {0x0, 0, 1, 2958}, - {0x0, 3, 4, 2959}, - {0x0, 0, 5, 2960}, - {0x0, 3, 5, 2965}, - {0x1f21, 16, 16, 2967}, - {0x1f0, 16, 16, 2967}, - {0x1f20, 16, 16, 2967}, - {0x0, 0, 11, 2967}, - {0x0, 0, 1, 2978}, - {0x2f967, 16, 16, 2979}, - {0x0, 3, 9, 2979}, - {0x12f, 16, 16, 2985}, - {0x0, 7, 15, 2985}, - {0x2f9c7, 16, 16, 2993}, - {0x1ecb, 16, 16, 2993}, - {0x0, 2, 12, 2993}, - {0x0, 0, 1, 3003}, - {0x0, 3, 4, 3004}, - {0x0, 0, 1, 3005}, - {0x0, 9, 10, 3006}, - {0x0, 9, 11, 3007}, - {0x30dc, 16, 16, 3009}, - {0x0, 6, 11, 3009}, - {0x0, 0, 1, 3014}, - {0x0, 0, 1, 3015}, - {0x0, 12, 13, 3016}, - {0x0, 13, 14, 3017}, - {0x0, 5, 6, 3018}, - {0xccb, 16, 16, 3019}, - {0x0, 4, 9, 3019}, - {0x2f9e7, 16, 16, 3024}, - {0x0, 3, 8, 3024}, - {0x1e32, 16, 16, 3029}, - {0x0, 0, 1, 3029}, - {0x0, 0, 1, 3030}, - {0x0, 3, 4, 3031}, - {0x0, 0, 5, 3032}, - {0x0, 2, 3, 3037}, - {0x1f36, 16, 16, 3038}, - {0x0, 3, 14, 3038}, - {0x0, 0, 1, 3049}, - {0x0, 0, 1, 3050}, - {0x0, 3, 4, 3051}, - {0x0, 0, 1, 3052}, - {0x0, 4, 12, 3053}, - {0x45e, 16, 16, 3061}, - {0x136, 16, 16, 3061}, - {0x0, 6, 8, 3061}, - {0x0, 0, 1, 3063}, - {0x0, 0, 1, 3064}, - {0x0, 11, 12, 3065}, - {0x0, 11, 14, 3066}, - {0x0, 7, 8, 3069}, - {0xbcc, 16, 16, 3070}, - {0x0, 3, 4, 3070}, - {0xf981, 16, 16, 3071}, - {0x0, 0, 1, 3071}, - {0x0, 0, 1, 3072}, - {0x0, 3, 4, 3073}, - {0x0, 0, 4, 3074}, - {0x0, 0, 16, 3078}, - {0x1ec8, 16, 16, 3094}, - {0x0, 3, 4, 3094}, - {0x343, 16, 16, 3095}, - {0x12c, 16, 16, 3095}, - {0x0, 3, 16, 3095}, - {0x2f870, 16, 16, 3108}, - {0xf9b1, 16, 16, 3108}, - {0x0, 0, 15, 3108}, - {0x2f97f, 16, 16, 3123}, - {0x2f8cc, 16, 16, 3123}, - {0x0, 0, 1, 3123}, - {0x0, 0, 1, 3124}, - {0x0, 3, 4, 3125}, - {0x0, 0, 1, 3126}, - {0x0, 4, 5, 3127}, - {0x1ed, 16, 16, 3128}, - {0x30dd, 16, 16, 3128}, - {0x0, 0, 7, 3128}, - {0x0, 11, 12, 3135}, - {0x2f984, 16, 16, 3136}, - {0x0, 1, 12, 3136}, - {0x0, 13, 14, 3147}, - {0x0, 4, 5, 3148}, - {0x2f8a4, 16, 16, 3149}, - {0x2f9c6, 16, 16, 3149}, - {0x2f872, 16, 16, 3149}, - {0x0, 2, 16, 3149}, - {0x0, 12, 13, 3163}, - {0xf9c3, 16, 16, 3164}, - {0xf945, 16, 16, 3164}, - {0x0, 5, 6, 3164}, - {0xf90f, 16, 16, 3165}, - {0x0, 1, 16, 3165}, - {0x0, 13, 14, 3180}, - {0x2f884, 16, 16, 3181}, - {0x0, 0, 1, 3181}, - {0x0, 0, 1, 3182}, - {0x0, 3, 4, 3183}, - {0x0, 0, 1, 3184}, - {0x0, 8, 9, 3185}, - {0x4f9, 16, 16, 3186}, - {0x0, 5, 6, 3186}, - {0x2f921, 16, 16, 3187}, - {0x0, 8, 10, 3187}, - {0xfa4d, 16, 16, 3189}, - {0xfa4e, 16, 16, 3189}, - {0x0, 1, 16, 3189}, - {0x0, 11, 12, 3204}, - {0x2fa15, 16, 16, 3205}, - {0x0, 7, 16, 3205}, - {0xf988, 16, 16, 3214}, - {0x0, 11, 12, 3214}, - {0x2f863, 16, 16, 3215}, - {0x0, 0, 5, 3215}, - {0x0, 7, 8, 3220}, - {0xf950, 16, 16, 3221}, - {0x0, 0, 16, 3221}, - {0x0, 9, 16, 3237}, - {0xf95b, 16, 16, 3244}, - {0x0, 0, 1, 3244}, - {0x0, 0, 1, 3245}, - {0x0, 3, 4, 3246}, - {0x0, 0, 1, 3247}, - {0x0, 7, 9, 3248}, - {0x1e8a, 16, 16, 3250}, - {0x0, 0, 1, 3250}, - {0x0, 0, 1, 3251}, - {0x0, 3, 4, 3252}, - {0x0, 0, 5, 3253}, - {0x0, 0, 2, 3258}, - {0x3b0, 16, 16, 3260}, - {0x1fe2, 16, 16, 3260}, - {0x0, 1, 15, 3260}, - {0x0, 2, 3, 3274}, - {0x2f8e8, 16, 16, 3275}, - {0xf9f3, 16, 16, 3275}, - {0x1e8c, 16, 16, 3275}, - {0x0, 0, 1, 3275}, - {0x0, 3, 4, 3276}, - {0x0, 0, 1, 3277}, - {0x0, 9, 10, 3278}, - {0x0, 9, 10, 3279}, - {0x30bc, 16, 16, 3280}, - {0x0, 0, 1, 3280}, - {0x0, 0, 1, 3281}, - {0x0, 3, 4, 3282}, - {0x0, 0, 1, 3283}, - {0x0, 4, 5, 3284}, - {0x1e38, 16, 16, 3285}, - {0x0, 9, 10, 3285}, - {0xf966, 16, 16, 3286}, - {0x0, 2, 3, 3286}, - {0x0, 14, 15, 3287}, - {0x2f9e5, 16, 16, 3288}, - {0x0, 1, 2, 3288}, - {0x206, 16, 16, 3289}, - {0x0, 5, 16, 3289}, - {0x1fcb, 16, 16, 3300}, - {0x0, 3, 4, 3300}, - {0x1e42, 16, 16, 3301}, - {0x0, 4, 16, 3301}, - {0x0, 0, 1, 3313}, - {0x2fa0b, 16, 16, 3314}, - {0x0, 13, 14, 3314}, - {0x2f89d, 16, 16, 3315}, - {0x0, 1, 15, 3315}, - {0xfa44, 16, 16, 3329}, - {0x0, 8, 13, 3329}, - {0xfa3a, 16, 16, 3334}, - {0x0, 1, 15, 3334}, - {0x0, 2, 13, 3348}, - {0xf960, 16, 16, 3359}, - {0x0, 1, 2, 3359}, - {0x0, 13, 14, 3360}, - {0x2f94d, 16, 16, 3361}, - {0x0, 13, 14, 3361}, - {0xf923, 16, 16, 3362}, - {0x0, 4, 5, 3362}, - {0xf91d, 16, 16, 3363}, - {0x0, 12, 13, 3363}, - {0x0, 14, 15, 3364}, - {0x2fa10, 16, 16, 3365}, - {0x0, 0, 1, 3365}, - {0x0, 0, 1, 3366}, - {0x0, 3, 4, 3367}, - {0x0, 0, 5, 3368}, - {0x0, 0, 2, 3373}, - {0x1f33, 16, 16, 3375}, - {0x0, 0, 1, 3375}, - {0x0, 0, 1, 3376}, - {0x0, 3, 4, 3377}, - {0x0, 0, 1, 3378}, - {0x0, 7, 8, 3379}, - {0x1e1e, 16, 16, 3380}, - {0x1f35, 16, 16, 3380}, - {0x0, 15, 16, 3380}, - {0xfa41, 16, 16, 3381}, - {0xf9ac, 16, 16, 3381}, - {0x2f858, 16, 16, 3381}, - {0x0, 0, 1, 3381}, - {0x0, 0, 1, 3382}, - {0x0, 3, 4, 3383}, - {0x0, 4, 5, 3384}, - {0x0, 5, 6, 3385}, - {0x1f82, 16, 16, 3386}, - {0x0, 11, 12, 3386}, - {0xf9d8, 16, 16, 3387}, - {0x0, 0, 15, 3387}, - {0x0, 0, 1, 3402}, - {0x0, 0, 1, 3403}, - {0x0, 3, 4, 3404}, - {0x0, 0, 1, 3405}, - {0x0, 0, 9, 3406}, - {0x4d6, 16, 16, 3415}, - {0x0, 5, 6, 3415}, - {0xf983, 16, 16, 3416}, - {0x400, 16, 16, 3416}, - {0x0, 0, 1, 3416}, - {0x0, 0, 1, 3417}, - {0x0, 3, 4, 3418}, - {0x0, 0, 5, 3419}, - {0x0, 0, 2, 3424}, - {0x1f0d, 16, 16, 3426}, - {0x1f0b, 16, 16, 3426}, - {0x401, 16, 16, 3426}, - {0x0, 10, 14, 3426}, - {0x2f8c5, 16, 16, 3430}, - {0xf991, 16, 16, 3430}, - {0x0, 1, 2, 3430}, - {0x207, 16, 16, 3431}, - {0x0, 10, 12, 3431}, - {0x0, 0, 1, 3433}, - {0x0, 0, 1, 3434}, - {0x0, 3, 4, 3435}, - {0x0, 0, 1, 3436}, - {0x0, 7, 8, 3437}, - {0x1e64, 16, 16, 3438}, - {0x0, 5, 6, 3438}, - {0x2f9a6, 16, 16, 3439}, - {0x0, 4, 8, 3439}, - {0x387, 16, 16, 3443}, - {0x1ffd, 16, 16, 3443}, - {0x0, 9, 11, 3443}, - {0xf928, 16, 16, 3445}, - {0x0, 0, 1, 3445}, - {0x0, 0, 1, 3446}, - {0x0, 3, 4, 3447}, - {0x0, 0, 3, 3448}, - {0x0, 3, 4, 3451}, - {0x1ee2, 16, 16, 3452}, - {0x0, 4, 16, 3452}, - {0x0, 4, 14, 3464}, - {0xf9d1, 16, 16, 3474}, - {0x0, 1, 14, 3474}, - {0x0, 1, 12, 3487}, - {0x2f9e6, 16, 16, 3498}, - {0x0, 13, 14, 3498}, - {0x2fa0c, 16, 16, 3499}, - {0x0, 0, 1, 3499}, - {0x0, 0, 1, 3500}, - {0x0, 3, 4, 3501}, - {0x0, 0, 1, 3502}, - {0x0, 4, 5, 3503}, - {0x230, 16, 16, 3504}, - {0x0, 0, 1, 3504}, - {0x0, 0, 1, 3505}, - {0x0, 3, 4, 3506}, - {0x0, 4, 5, 3507}, - {0x0, 5, 6, 3508}, - {0x1faf, 16, 16, 3509}, - {0x0, 14, 15, 3509}, - {0xf9a6, 16, 16, 3510}, - {0x0, 13, 14, 3510}, - {0x2f87a, 16, 16, 3511}, - {0x0, 0, 7, 3511}, - {0x3ac, 16, 16, 3518}, - {0x1f70, 16, 16, 3518}, - {0x0, 7, 8, 3518}, - {0x0, 0, 1, 3519}, - {0x0, 0, 1, 3520}, - {0x0, 6, 7, 3521}, - {0x0, 5, 6, 3522}, - {0x0, 3, 6, 3523}, - {0x623, 16, 16, 3526}, - {0x625, 16, 16, 3526}, - {0x1fb1, 16, 16, 3526}, - {0x1fb0, 16, 16, 3526}, - {0xf9a2, 16, 16, 3526}, - {0x0, 10, 11, 3526}, - {0xf9d6, 16, 16, 3527}, - {0x0, 3, 4, 3527}, - {0x2f844, 16, 16, 3528}, - {0x0, 1, 2, 3528}, - {0x1e0f, 16, 16, 3529}, - {0x0, 14, 15, 3529}, - {0xf9c0, 16, 16, 3530}, - {0x0, 6, 7, 3530}, - {0xf9dc, 16, 16, 3531}, - {0x2f810, 16, 16, 3531}, - {0x2f814, 16, 16, 3531}, - {0xf978, 16, 16, 3531}, - {0x2f9e4, 16, 16, 3531}, - {0x0, 0, 16, 3531}, - {0x0, 13, 14, 3547}, - {0xf9ed, 16, 16, 3548}, - {0x0, 0, 1, 3548}, - {0x0, 3, 4, 3549}, - {0x0, 0, 1, 3550}, - {0x0, 9, 10, 3551}, - {0x0, 9, 11, 3552}, - {0x3071, 16, 16, 3554}, - {0x0, 2, 16, 3554}, - {0x0, 1, 12, 3568}, - {0x2f9af, 16, 16, 3579}, - {0x0, 0, 1, 3579}, - {0x0, 0, 1, 3580}, - {0x0, 3, 4, 3581}, - {0x0, 0, 4, 3582}, - {0x0, 3, 14, 3586}, - {0x1e4b, 16, 16, 3597}, - {0x0, 0, 1, 3597}, - {0x0, 0, 1, 3598}, - {0x0, 3, 4, 3599}, - {0x0, 4, 5, 3600}, - {0x0, 5, 6, 3601}, - {0x1f9a, 16, 16, 3602}, - {0x0, 5, 7, 3602}, - {0x2f829, 16, 16, 3604}, - {0x2f82a, 16, 16, 3604}, - {0x0, 3, 16, 3604}, - {0x0, 14, 15, 3617}, - {0xf999, 16, 16, 3618}, - {0x0, 7, 15, 3618}, - {0xf9bc, 16, 16, 3626}, - {0x0, 0, 1, 3626}, - {0x0, 0, 1, 3627}, - {0x0, 3, 4, 3628}, - {0x0, 3, 4, 3629}, - {0x0, 8, 9, 3630}, - {0x21cd, 16, 16, 3631}, - {0x0, 0, 1, 3631}, - {0x0, 0, 1, 3632}, - {0x0, 3, 4, 3633}, - {0x0, 3, 4, 3634}, - {0x0, 8, 9, 3635}, - {0x2262, 16, 16, 3636}, - {0x0, 0, 2, 3636}, - {0x3ae, 16, 16, 3638}, - {0x1f74, 16, 16, 3638}, - {0x0, 0, 1, 3638}, - {0x0, 0, 1, 3639}, - {0x0, 3, 4, 3640}, - {0x0, 0, 4, 3641}, - {0x0, 1, 2, 3645}, - {0x1e96, 16, 16, 3646}, - {0x0, 0, 1, 3646}, - {0x0, 3, 4, 3647}, - {0x0, 0, 1, 3648}, - {0x0, 9, 10, 3649}, - {0x0, 9, 10, 3650}, - {0x30b8, 16, 16, 3651}, - {0x0, 2, 7, 3651}, - {0xf97d, 16, 16, 3656}, - {0xf941, 16, 16, 3656}, - {0x1e47, 16, 16, 3656}, - {0x146, 16, 16, 3656}, - {0x0, 0, 1, 3656}, - {0x1e2d, 16, 16, 3657}, - {0x2f9b2, 16, 16, 3657}, - {0x0, 0, 1, 3657}, - {0xf9fa, 16, 16, 3658}, - {0x3070, 16, 16, 3658}, - {0x0, 8, 9, 3658}, - {0xf90c, 16, 16, 3659}, - {0x0, 0, 1, 3659}, - {0x0, 0, 1, 3660}, - {0x0, 3, 4, 3661}, - {0x0, 0, 1, 3662}, - {0x0, 0, 10, 3663}, - {0x1ea6, 16, 16, 3673}, - {0x1ea4, 16, 16, 3673}, - {0x1eaa, 16, 16, 3673}, - {0x0, 14, 15, 3673}, - {0xf92c, 16, 16, 3674}, - {0x1ea8, 16, 16, 3674}, - {0x0, 0, 1, 3674}, - {0x0, 3, 4, 3675}, - {0x0, 0, 1, 3676}, - {0x0, 9, 10, 3677}, - {0x0, 9, 10, 3678}, - {0x30c2, 16, 16, 3679}, - {0x0, 0, 9, 3679}, - {0x340, 16, 16, 3688}, - {0x341, 16, 16, 3688}, - {0x0, 0, 15, 3688}, - {0x0, 6, 7, 3703}, - {0x2f94c, 16, 16, 3704}, - {0x0, 3, 4, 3704}, - {0x2f8e9, 16, 16, 3705}, - {0x0, 6, 7, 3705}, - {0xf9fe, 16, 16, 3706}, - {0x0, 8, 9, 3706}, - {0x0, 0, 1, 3707}, - {0x2f965, 16, 16, 3708}, - {0x0, 12, 13, 3708}, - {0x0, 0, 1, 3709}, - {0x0, 0, 1, 3710}, - {0x0, 3, 4, 3711}, - {0x0, 3, 4, 3712}, - {0x0, 8, 9, 3713}, - {0x2241, 16, 16, 3714}, - {0x1f75, 0, 1, 3714}, - {0x0, 0, 1, 3715}, - {0x0, 3, 4, 3716}, - {0x0, 4, 5, 3717}, - {0x0, 5, 6, 3718}, - {0x1fc4, 16, 16, 3719}, - {0x0, 8, 9, 3719}, - {0x0, 1, 2, 3720}, - {0x2f876, 16, 16, 3721}, - {0x0, 0, 15, 3721}, - {0xfa19, 16, 16, 3736}, - {0x0, 15, 16, 3736}, - {0x0, 0, 1, 3737}, - {0x0, 3, 4, 3738}, - {0x0, 0, 1, 3739}, - {0x0, 9, 10, 3740}, - {0x0, 9, 10, 3741}, - {0x30f7, 16, 16, 3742}, - {0x0, 1, 2, 3742}, - {0xf9e8, 16, 16, 3743}, - {0x0, 1, 16, 3743}, - {0x154, 16, 16, 3758}, - {0x0, 7, 8, 3758}, - {0x0, 12, 13, 3759}, - {0x2f95c, 16, 16, 3760}, - {0x0, 7, 8, 3760}, - {0xf933, 16, 16, 3761}, - {0x0, 0, 16, 3761}, - {0x0, 3, 11, 3777}, - {0x2f8df, 16, 16, 3785}, - {0xfa50, 16, 16, 3785}, - {0xfa4f, 16, 16, 3785}, - {0x0, 8, 12, 3785}, - {0x2f920, 16, 16, 3789}, - {0x0, 3, 4, 3789}, - {0x1e88, 16, 16, 3790}, - {0x0, 0, 1, 3790}, - {0x0, 3, 4, 3791}, - {0x0, 0, 1, 3792}, - {0x0, 9, 10, 3793}, - {0x0, 9, 11, 3794}, - {0x3077, 16, 16, 3796}, - {0x0, 10, 11, 3796}, - {0x2f917, 16, 16, 3797}, - {0x0, 14, 16, 3797}, - {0x0, 12, 13, 3799}, - {0x2f868, 16, 16, 3800}, - {0x0, 1, 7, 3800}, - {0x0, 2, 3, 3806}, - {0x2fa0a, 16, 16, 3807}, - {0x0, 0, 1, 3807}, - {0x0, 0, 1, 3808}, - {0x0, 3, 4, 3809}, - {0x0, 4, 5, 3810}, - {0x0, 5, 6, 3811}, - {0x1f86, 16, 16, 3812}, - {0x0, 1, 6, 3812}, - {0xfa59, 16, 16, 3817}, - {0x2f970, 16, 16, 3817}, - {0x0, 9, 10, 3817}, - {0x2f887, 16, 16, 3818}, - {0x0, 0, 9, 3818}, - {0x0, 8, 9, 3827}, - {0xf9fc, 16, 16, 3828}, - {0x0, 7, 8, 3828}, - {0xf9f4, 16, 16, 3829}, - {0x0, 8, 10, 3829}, - {0x0, 0, 1, 3831}, - {0x0, 0, 1, 3832}, - {0x0, 3, 4, 3833}, - {0x0, 0, 1, 3834}, - {0x0, 8, 9, 3835}, - {0x4da, 16, 16, 3836}, - {0x0, 1, 2, 3836}, - {0xf9b9, 16, 16, 3837}, - {0x0, 3, 13, 3837}, - {0x0, 14, 15, 3847}, - {0x2f9cd, 16, 16, 3848}, - {0x0, 6, 7, 3848}, - {0x2f866, 16, 16, 3849}, - {0x0, 8, 10, 3849}, - {0x0, 0, 1, 3851}, - {0x0, 0, 1, 3852}, - {0x0, 3, 4, 3853}, - {0x0, 0, 1, 3854}, - {0x0, 2, 3, 3855}, - {0x1ec7, 16, 16, 3856}, - {0x0, 14, 15, 3856}, - {0x2f867, 16, 16, 3857}, - {0x0, 3, 14, 3857}, - {0x118, 16, 16, 3868}, - {0x0, 0, 1, 3868}, - {0x0, 0, 1, 3869}, - {0x0, 3, 4, 3870}, - {0x0, 0, 5, 3871}, - {0x0, 0, 2, 3876}, - {0x1f2d, 16, 16, 3878}, - {0x228, 16, 16, 3878}, - {0x0, 4, 15, 3878}, - {0x0, 7, 8, 3889}, - {0x2f8fe, 16, 16, 3890}, - {0x1eb8, 16, 16, 3890}, - {0x0, 2, 13, 3890}, - {0x0, 0, 1, 3901}, - {0xf9f8, 16, 16, 3902}, - {0x0, 14, 15, 3902}, - {0xf989, 16, 16, 3903}, - {0x0, 2, 8, 3903}, - {0x2f8f3, 16, 16, 3909}, - {0x0, 6, 7, 3909}, - {0x2f873, 16, 16, 3910}, - {0x0, 0, 16, 3910}, - {0x0, 1, 2, 3926}, - {0x2f8be, 16, 16, 3927}, - {0x0, 12, 15, 3927}, - {0xfa18, 16, 16, 3930}, - {0x0, 8, 9, 3930}, - {0xf969, 16, 16, 3931}, - {0x0, 5, 13, 3931}, - {0x0, 3, 13, 3939}, - {0x2f98a, 16, 16, 3949}, - {0x0, 9, 10, 3949}, - {0xf9cd, 16, 16, 3950}, - {0x1e18, 16, 16, 3950}, - {0x0, 0, 1, 3950}, - {0x0, 0, 1, 3951}, - {0x0, 3, 4, 3952}, - {0x0, 0, 1, 3953}, - {0x0, 4, 5, 3954}, - {0x1e5c, 16, 16, 3955}, - {0xf98c, 16, 16, 3955}, - {0x0, 12, 16, 3955}, - {0x0, 13, 14, 3959}, - {0x2fa0e, 16, 16, 3960}, - {0x0, 9, 14, 3960}, - {0x0, 15, 16, 3965}, - {0x2f81f, 16, 16, 3966}, - {0x0, 2, 13, 3966}, - {0x0, 6, 7, 3977}, - {0x2f952, 16, 16, 3978}, - {0x0, 0, 1, 3978}, - {0x0, 0, 1, 3979}, - {0x0, 3, 4, 3980}, - {0x0, 0, 3, 3981}, - {0x0, 1, 13, 3984}, - {0x160, 16, 16, 3996}, - {0x0, 0, 1, 3996}, - {0x0, 3, 4, 3997}, - {0x0, 0, 1, 3998}, - {0x0, 9, 10, 3999}, - {0x0, 9, 10, 4000}, - {0x30ac, 16, 16, 4001}, - {0x0, 9, 10, 4001}, - {0xf9d5, 16, 16, 4002}, - {0x0, 0, 1, 4002}, - {0x0, 0, 1, 4003}, - {0x0, 3, 4, 4004}, - {0x0, 0, 5, 4005}, - {0x0, 0, 2, 4010}, - {0x3ce, 16, 16, 4012}, - {0x0, 11, 12, 4012}, - {0x2f8f8, 16, 16, 4013}, - {0x0, 0, 1, 4013}, - {0x0, 0, 1, 4014}, - {0x0, 3, 4, 4015}, - {0x0, 0, 1, 4016}, - {0x0, 0, 9, 4017}, - {0x451, 16, 16, 4026}, - {0x450, 16, 16, 4026}, - {0x0, 3, 13, 4026}, - {0x0, 3, 4, 4036}, - {0x2fa03, 16, 16, 4037}, - {0x4d7, 16, 16, 4037}, - {0xf9c9, 16, 16, 4037}, - {0x1e60, 16, 16, 4037}, - {0x15a, 16, 16, 4037}, - {0x15c, 16, 16, 4037}, - {0xf91e, 16, 16, 4037}, - {0x0, 0, 1, 4037}, - {0x0, 0, 1, 4038}, - {0x0, 3, 4, 4039}, - {0x0, 0, 1, 4040}, - {0x0, 0, 10, 4041}, - {0x1eab, 16, 16, 4051}, - {0x1ea7, 16, 16, 4051}, - {0x1ea5, 16, 16, 4051}, - {0x1ea9, 16, 16, 4051}, - {0x0, 2, 14, 4051}, - {0x0, 10, 11, 4063}, - {0xfa16, 16, 16, 4064}, - {0x0, 11, 12, 4064}, - {0xf9a4, 16, 16, 4065}, - {0x0, 0, 1, 4065}, - {0x0, 0, 1, 4066}, - {0x0, 3, 4, 4067}, - {0x0, 3, 4, 4068}, - {0x0, 8, 9, 4069}, - {0x226d, 16, 16, 4070}, - {0x0, 0, 1, 4070}, - {0x0, 0, 1, 4071}, - {0x0, 3, 4, 4072}, - {0x0, 4, 5, 4073}, - {0x0, 5, 6, 4074}, - {0x1f9f, 16, 16, 4075}, - {0x0, 0, 1, 4075}, - {0x0, 0, 1, 4076}, - {0x0, 3, 4, 4077}, - {0x0, 4, 5, 4078}, - {0x0, 5, 6, 4079}, - {0x1fad, 16, 16, 4080}, - {0x0, 0, 1, 4080}, - {0x0, 0, 1, 4081}, - {0x0, 3, 4, 4082}, - {0x0, 0, 3, 4083}, - {0x0, 3, 4, 4086}, - {0x1ee3, 16, 16, 4087}, - {0x0, 13, 14, 4087}, - {0x2f9ae, 16, 16, 4088}, - {0x0, 3, 15, 4088}, - {0x1e2b, 16, 16, 4100}, - {0x0, 12, 13, 4100}, - {0x2f9ea, 16, 16, 4101}, - {0x0, 12, 13, 4101}, - {0x0, 10, 11, 4102}, - {0x2f9ab, 16, 16, 4103}, - {0x0, 0, 1, 4103}, - {0x0, 0, 1, 4104}, - {0x0, 3, 4, 4105}, - {0x0, 0, 5, 4106}, - {0x0, 0, 7, 4111}, - {0x1fba, 16, 16, 4118}, - {0x386, 16, 16, 4118}, - {0x1fb8, 16, 16, 4118}, - {0x0, 7, 8, 4118}, - {0x2f811, 16, 16, 4119}, - {0x1fb9, 16, 16, 4119}, - {0x0, 1, 14, 4119}, - {0x0, 14, 15, 4132}, - {0x2f909, 16, 16, 4133}, - {0x0, 0, 13, 4133}, - {0xf936, 16, 16, 4146}, - {0x0, 6, 7, 4146}, - {0x0, 0, 1, 4147}, - {0x0, 0, 1, 4148}, - {0x0, 3, 4, 4149}, - {0x0, 4, 5, 4150}, - {0x0, 5, 6, 4151}, - {0x1fc7, 16, 16, 4152}, - {0x0, 0, 11, 4152}, - {0x0, 0, 1, 4163}, - {0x0, 0, 1, 4164}, - {0x0, 3, 4, 4165}, - {0x0, 0, 1, 4166}, - {0x0, 7, 9, 4167}, - {0x1e8b, 16, 16, 4169}, - {0x0, 1, 8, 4169}, - {0x1e3f, 16, 16, 4176}, - {0x1e41, 16, 16, 4176}, - {0x0, 0, 16, 4176}, - {0x0, 4, 5, 4192}, - {0xf93f, 16, 16, 4193}, - {0x0, 7, 8, 4193}, - {0x2f964, 16, 16, 4194}, - {0x0, 6, 7, 4194}, - {0x2f9be, 16, 16, 4195}, - {0x1e8d, 16, 16, 4195}, - {0x0, 0, 1, 4195}, - {0x0, 0, 1, 4196}, - {0x0, 3, 4, 4197}, - {0x0, 0, 1, 4198}, - {0x0, 0, 2, 4199}, - {0x1e14, 16, 16, 4201}, - {0x0, 7, 8, 4201}, - {0xfa31, 16, 16, 4202}, - {0x0, 0, 1, 4202}, - {0x0, 0, 1, 4203}, - {0x0, 3, 4, 4204}, - {0x0, 0, 1, 4205}, - {0x0, 1, 2, 4206}, - {0x1e2f, 16, 16, 4207}, - {0x0, 7, 8, 4207}, - {0xf963, 16, 16, 4208}, - {0x2f9b3, 16, 16, 4208}, - {0x0, 0, 1, 4208}, - {0x0, 0, 1, 4209}, - {0x0, 3, 4, 4210}, - {0x0, 0, 5, 4211}, - {0x0, 2, 3, 4216}, - {0x1f3e, 16, 16, 4217}, - {0x0, 0, 1, 4217}, - {0x0, 0, 1, 4218}, - {0x0, 3, 4, 4219}, - {0x0, 0, 1, 4220}, - {0x0, 1, 2, 4221}, - {0x1e2e, 16, 16, 4222}, - {0x1e29, 16, 16, 4222}, - {0x0, 0, 1, 4222}, - {0x0, 0, 1, 4223}, - {0x0, 3, 4, 4224}, - {0x0, 0, 4, 4225}, - {0x0, 1, 2, 4229}, - {0x1e06, 16, 16, 4230}, - {0x1e25, 16, 16, 4230}, - {0xec, 16, 16, 4230}, - {0xed, 16, 16, 4230}, - {0xee, 16, 16, 4230}, - {0x129, 16, 16, 4230}, - {0x12b, 16, 16, 4230}, - {0x12d, 16, 16, 4230}, - {0xef, 16, 16, 4230}, - {0x1ec9, 16, 16, 4230}, - {0x0, 6, 16, 4230}, - {0x2f83b, 16, 16, 4240}, - {0x0, 1, 2, 4240}, - {0xf909, 16, 16, 4241}, - {0x2f969, 16, 16, 4241}, - {0x0, 8, 11, 4241}, - {0x2f9c9, 16, 16, 4244}, - {0x0, 1, 13, 4244}, - {0x1e30, 16, 16, 4256}, - {0x1a1, 16, 16, 4256}, - {0x0, 3, 12, 4256}, - {0x0, 0, 1, 4265}, - {0x0, 0, 1, 4266}, - {0x0, 3, 4, 4267}, - {0x0, 3, 4, 4268}, - {0x0, 8, 9, 4269}, - {0x2209, 16, 16, 4270}, - {0x0, 13, 14, 4270}, - {0xf918, 16, 16, 4271}, - {0xf97b, 16, 16, 4271}, - {0x0, 1, 13, 4271}, - {0x2f9a9, 16, 16, 4283}, - {0x2f9a8, 16, 16, 4283}, - {0x0, 8, 9, 4283}, - {0x2f86e, 16, 16, 4284}, - {0x0, 4, 5, 4284}, - {0x2f9e2, 16, 16, 4285}, - {0xf9de, 16, 16, 4285}, - {0x1e8, 16, 16, 4285}, - {0x0, 3, 4, 4285}, - {0x2f99c, 16, 16, 4286}, - {0x0, 6, 7, 4286}, - {0x2f94b, 16, 16, 4287}, - {0x209, 16, 16, 4287}, - {0x0, 2, 3, 4287}, - {0xfa4a, 16, 16, 4288}, - {0xf9c2, 16, 16, 4288}, - {0x0, 0, 1, 4288}, - {0x0, 0, 1, 4289}, - {0x0, 3, 4, 4290}, - {0x0, 0, 1, 4291}, - {0x0, 8, 9, 4292}, - {0x4db, 16, 16, 4293}, - {0x0, 5, 6, 4293}, - {0xfa1a, 16, 16, 4294}, - {0x0, 4, 15, 4294}, - {0x2f8a9, 16, 16, 4305}, - {0x0, 3, 14, 4305}, - {0x0, 0, 1, 4316}, - {0x0, 0, 1, 4317}, - {0x0, 3, 4, 4318}, - {0x0, 0, 1, 4319}, - {0x0, 4, 12, 4320}, - {0x4f0, 16, 16, 4328}, - {0x0, 5, 10, 4328}, - {0xf993, 16, 16, 4333}, - {0x2f8a8, 16, 16, 4333}, - {0x2f91c, 16, 16, 4333}, - {0x40e, 16, 16, 4333}, - {0x4ee, 16, 16, 4333}, - {0x0, 5, 6, 4333}, - {0x2f986, 16, 16, 4334}, - {0x0, 11, 12, 4334}, - {0xf922, 16, 16, 4335}, - {0x0, 5, 6, 4335}, - {0x1fcc, 16, 16, 4336}, - {0x0, 0, 1, 4336}, - {0x0, 3, 4, 4337}, - {0x0, 0, 1, 4338}, - {0x0, 9, 10, 4339}, - {0x0, 9, 10, 4340}, - {0x3056, 16, 16, 4341}, - {0x0, 7, 16, 4341}, - {0xf9da, 16, 16, 4350}, - {0x0, 7, 8, 4350}, - {0x2f96e, 16, 16, 4351}, - {0xf9d9, 16, 16, 4351}, - {0x4f2, 16, 16, 4351}, - {0x2f8a6, 16, 16, 4351}, - {0x0, 8, 9, 4351}, - {0x2f869, 16, 16, 4352}, - {0x0, 8, 9, 4352}, - {0xf9ef, 16, 16, 4353}, - {0x0, 5, 6, 4353}, - {0x2f8e0, 16, 16, 4354}, - {0x0, 0, 9, 4354}, - {0x0, 11, 12, 4363}, - {0x2f94a, 16, 16, 4364}, - {0x0, 0, 10, 4364}, - {0x0, 13, 14, 4374}, - {0xf9c4, 16, 16, 4375}, - {0x2f8e5, 16, 16, 4375}, - {0x0, 0, 1, 4375}, - {0x1e1a, 16, 16, 4376}, - {0x0, 10, 11, 4376}, - {0x0, 11, 12, 4377}, - {0x2f91f, 16, 16, 4378}, - {0x0, 0, 1, 4378}, - {0x0, 0, 1, 4379}, - {0x0, 3, 4, 4380}, - {0x0, 0, 3, 4381}, - {0x0, 0, 16, 4384}, - {0x200, 16, 16, 4400}, - {0x1cd, 16, 16, 4400}, - {0xc5, 16, 16, 4400}, - {0x0, 13, 14, 4400}, - {0x2f8d6, 16, 16, 4401}, - {0x0, 5, 6, 4401}, - {0xf976, 16, 16, 4402}, - {0x0, 6, 12, 4402}, - {0xf9b5, 16, 16, 4408}, - {0x0, 0, 1, 4408}, - {0x0, 0, 1, 4409}, - {0x0, 3, 4, 4410}, - {0x0, 0, 4, 4411}, - {0x0, 3, 14, 4415}, - {0x21a, 16, 16, 4426}, - {0x162, 16, 16, 4426}, - {0x1e6c, 16, 16, 4426}, - {0x0, 0, 2, 4426}, - {0x1f05, 16, 16, 4428}, - {0x1f03, 16, 16, 4428}, - {0x0, 1, 2, 4428}, - {0x2f8ef, 16, 16, 4429}, - {0x0, 7, 8, 4429}, - {0x2f9ce, 16, 16, 4430}, - {0xf92d, 16, 16, 4430}, - {0x0, 10, 15, 4430}, - {0x0, 8, 9, 4435}, - {0x2f860, 16, 16, 4436}, - {0x1e70, 16, 16, 4436}, - {0x0, 4, 5, 4436}, - {0xfa2d, 16, 16, 4437}, - {0x0, 12, 13, 4437}, - {0x2f8c9, 16, 16, 4438}, - {0x102, 16, 16, 4438}, - {0x226, 16, 16, 4438}, - {0x100, 16, 16, 4438}, - {0xc2, 16, 16, 4438}, - {0xc3, 16, 16, 4438}, - {0xc0, 16, 16, 4438}, - {0xc1, 16, 16, 4438}, - {0x0, 2, 3, 4438}, - {0x2fa06, 16, 16, 4439}, - {0x0, 2, 3, 4439}, - {0x1f57, 16, 16, 4440}, - {0x0, 5, 6, 4440}, - {0x2f9d2, 16, 16, 4441}, - {0xc4, 16, 16, 4441}, - {0x1ea2, 16, 16, 4441}, - {0x0, 8, 9, 4441}, - {0x2f8bb, 16, 16, 4442}, - {0x0, 15, 16, 4442}, - {0xf910, 16, 16, 4443}, - {0x0, 0, 1, 4443}, - {0x0, 0, 1, 4444}, - {0x0, 3, 4, 4445}, - {0x0, 0, 1, 4446}, - {0x0, 1, 8, 4447}, - {0x1e57, 16, 16, 4454}, - {0x1e55, 16, 16, 4454}, - {0x0, 3, 4, 4454}, - {0xf9e0, 16, 16, 4455}, - {0x0, 0, 1, 4455}, - {0x0, 0, 1, 4456}, - {0x0, 3, 4, 4457}, - {0x0, 0, 3, 4458}, - {0x0, 0, 16, 4461}, - {0xd5, 16, 16, 4477}, - {0x0, 0, 10, 4477}, - {0x1ee0, 16, 16, 4487}, - {0x1eda, 16, 16, 4487}, - {0x1edc, 16, 16, 4487}, - {0x0, 0, 1, 4487}, - {0x0, 0, 1, 4488}, - {0x0, 3, 4, 4489}, - {0x0, 3, 4, 4490}, - {0x0, 8, 9, 4491}, - {0x22ea, 16, 16, 4492}, - {0x1ede, 16, 16, 4492}, - {0x0, 1, 16, 4492}, - {0x0, 14, 15, 4507}, - {0x2f852, 16, 16, 4508}, - {0x0, 0, 12, 4508}, - {0x2f8b2, 16, 16, 4520}, - {0x0, 12, 14, 4520}, - {0x0, 4, 5, 4522}, - {0x2f9de, 16, 16, 4523}, - {0x0, 12, 13, 4523}, - {0x2f88a, 16, 16, 4524}, - {0x0, 0, 14, 4524}, - {0xfa32, 16, 16, 4538}, - {0x0, 0, 1, 4538}, - {0x0, 0, 1, 4539}, - {0x0, 3, 4, 4540}, - {0x0, 0, 1, 4541}, - {0x0, 7, 8, 4542}, - {0x1e67, 16, 16, 4543}, - {0x0, 8, 9, 4543}, - {0x2f9b8, 16, 16, 4544}, - {0x0, 9, 10, 4544}, - {0x2f8de, 16, 16, 4545}, - {0x1f7c, 16, 16, 4545}, - {0x0, 2, 3, 4545}, - {0x1fdf, 16, 16, 4546}, - {0x0, 6, 7, 4546}, - {0x0, 11, 12, 4547}, - {0x2f9a5, 16, 16, 4548}, - {0x0, 6, 7, 4548}, - {0xfa01, 16, 16, 4549}, - {0x0, 9, 10, 4549}, - {0x2f809, 16, 16, 4550}, - {0x0, 4, 14, 4550}, - {0x0, 15, 16, 4560}, - {0x2f81c, 16, 16, 4561}, - {0x0, 9, 10, 4561}, - {0x2f9b7, 16, 16, 4562}, - {0x0, 12, 15, 4562}, - {0xf973, 16, 16, 4565}, - {0x0, 0, 1, 4565}, - {0x0, 3, 4, 4566}, - {0x0, 0, 1, 4567}, - {0x0, 9, 10, 4568}, - {0x0, 9, 10, 4569}, - {0x30c0, 16, 16, 4570}, - {0x0, 3, 5, 4570}, - {0x1f08, 16, 16, 4572}, - {0x2f8b3, 16, 16, 4572}, - {0x1f09, 16, 16, 4572}, - {0x2f8ba, 16, 16, 4572}, - {0x0, 0, 1, 4572}, - {0x0, 0, 1, 4573}, - {0x0, 3, 4, 4574}, - {0x0, 0, 5, 4575}, - {0x0, 0, 2, 4580}, - {0x1fd2, 16, 16, 4582}, - {0x390, 16, 16, 4582}, - {0xfa0c, 16, 16, 4582}, - {0x0, 0, 1, 4582}, - {0x0, 0, 1, 4583}, - {0x0, 3, 4, 4584}, - {0x0, 0, 1, 4585}, - {0x0, 1, 2, 4586}, - {0x1e79, 16, 16, 4587}, - {0x0, 4, 16, 4587}, - {0x2f8ad, 16, 16, 4599}, - {0x0, 2, 3, 4599}, - {0x0, 15, 16, 4600}, - {0x2f958, 16, 16, 4601}, - {0x0, 5, 8, 4601}, - {0x2f81b, 16, 16, 4604}, - {0x0, 0, 1, 4604}, - {0x0, 0, 1, 4605}, - {0x0, 3, 4, 4606}, - {0x0, 3, 4, 4607}, - {0x0, 8, 9, 4608}, - {0x2275, 16, 16, 4609}, - {0x0, 0, 13, 4609}, - {0x148, 16, 16, 4622}, - {0x0, 0, 15, 4622}, - {0x0, 14, 15, 4637}, - {0x2f985, 16, 16, 4638}, - {0x0, 0, 7, 4638}, - {0xfa66, 16, 16, 4645}, - {0xf971, 16, 16, 4645}, - {0x0, 1, 2, 4645}, - {0x20b, 16, 16, 4646}, - {0x0, 0, 1, 4646}, - {0x0, 0, 1, 4647}, - {0x0, 3, 4, 4648}, - {0x0, 0, 5, 4649}, - {0x0, 2, 3, 4654}, - {0x1fe6, 16, 16, 4655}, - {0x0, 2, 3, 4655}, - {0x1f3f, 16, 16, 4656}, - {0x0, 7, 8, 4656}, - {0x0, 1, 2, 4657}, - {0x0, 0, 1, 4658}, - {0x0, 0, 1, 4659}, - {0x0, 15, 16, 4660}, - {0x0, 7, 9, 4661}, - {0x0, 0, 1, 4663}, - {0xf81, 16, 16, 4664}, - {0x0, 0, 1, 4664}, - {0x0, 0, 1, 4665}, - {0x0, 3, 4, 4666}, - {0x0, 4, 5, 4667}, - {0x0, 5, 6, 4668}, - {0x1fb2, 16, 16, 4669}, - {0x0, 3, 4, 4669}, - {0x1e04, 16, 16, 4670}, - {0x0, 1, 2, 4670}, - {0x2f96d, 16, 16, 4671}, - {0x0, 0, 16, 4671}, - {0x2f95b, 16, 16, 4687}, - {0x2f95a, 16, 16, 4687}, - {0x1e45, 16, 16, 4687}, - {0x1f9, 16, 16, 4687}, - {0x144, 16, 16, 4687}, - {0x0, 9, 10, 4687}, - {0x2f9eb, 16, 16, 4688}, - {0xf1, 16, 16, 4688}, - {0x0, 0, 1, 4688}, - {0x0, 0, 1, 4689}, - {0x0, 3, 4, 4690}, - {0x0, 0, 1, 4691}, - {0x0, 2, 7, 4692}, - {0x1ead, 16, 16, 4697}, - {0x0, 9, 10, 4697}, - {0x2f913, 16, 16, 4698}, - {0x1eb7, 16, 16, 4698}, - {0x0, 0, 1, 4698}, - {0x0, 0, 1, 4699}, - {0x0, 3, 4, 4700}, - {0x0, 0, 4, 4701}, - {0x0, 0, 13, 4705}, - {0x147, 16, 16, 4718}, - {0x0, 11, 14, 4718}, - {0xfa09, 16, 16, 4721}, - {0x0, 8, 9, 4721}, - {0x2f83d, 16, 16, 4722}, - {0x0, 10, 12, 4722}, - {0x0, 7, 8, 4724}, - {0x2f987, 16, 16, 4725}, - {0x0, 3, 4, 4725}, - {0x2f951, 16, 16, 4726}, - {0x0, 5, 9, 4726}, - {0x0, 14, 15, 4730}, - {0x2f910, 16, 16, 4731}, - {0xfa54, 16, 16, 4731}, - {0x0, 10, 11, 4731}, - {0xfa46, 16, 16, 4732}, - {0x0, 3, 4, 4732}, - {0x2f86d, 16, 16, 4733}, - {0x0, 0, 16, 4733}, - {0x1ecf, 16, 16, 4749}, - {0xf6, 16, 16, 4749}, - {0x14d, 16, 16, 4749}, - {0x0, 3, 4, 4749}, - {0x2f9a0, 16, 16, 4750}, - {0x14f, 16, 16, 4750}, - {0xf3, 16, 16, 4750}, - {0xf2, 16, 16, 4750}, - {0xf5, 16, 16, 4750}, - {0xf4, 16, 16, 4750}, - {0x0, 5, 6, 4750}, - {0x2f8c0, 16, 16, 4751}, - {0x0, 6, 7, 4751}, - {0x2f841, 16, 16, 4752}, - {0x0, 0, 1, 4752}, - {0x0, 0, 1, 4753}, - {0x0, 3, 4, 4754}, - {0x0, 4, 5, 4755}, - {0x0, 5, 6, 4756}, - {0x1f9d, 16, 16, 4757}, - {0x0, 15, 16, 4757}, - {0xf93c, 16, 16, 4758}, - {0x0, 0, 13, 4758}, - {0xf9fd, 16, 16, 4771}, - {0x0, 0, 2, 4771}, - {0x1f65, 16, 16, 4773}, - {0x1f63, 16, 16, 4773}, - {0x2f8ae, 16, 16, 4773}, - {0x0, 0, 1, 4773}, - {0x0, 0, 1, 4774}, - {0x0, 3, 4, 4775}, - {0x0, 0, 1, 4776}, - {0x0, 4, 5, 4777}, - {0x231, 16, 16, 4778}, - {0x0, 2, 4, 4778}, - {0x2f942, 16, 16, 4780}, - {0x2f941, 16, 16, 4780}, - {0xf951, 16, 16, 4780}, - {0x0, 8, 9, 4780}, - {0x2f8ee, 16, 16, 4781}, - {0x2f819, 16, 16, 4781}, - {0x20d, 16, 16, 4781}, - {0x1d2, 16, 16, 4781}, - {0x151, 16, 16, 4781}, - {0x0, 0, 1, 4781}, - {0x0, 0, 1, 4782}, - {0x0, 3, 4, 4783}, - {0x0, 0, 3, 4784}, - {0x0, 3, 4, 4787}, - {0x1e7f, 16, 16, 4788}, - {0x0, 14, 15, 4788}, - {0x2f80c, 16, 16, 4789}, - {0x2f828, 16, 16, 4789}, - {0x0, 15, 16, 4789}, - {0x2f980, 16, 16, 4790}, - {0x0, 5, 10, 4790}, - {0x2f931, 16, 16, 4795}, - {0x0, 14, 15, 4795}, - {0x2f98d, 16, 16, 4796}, - {0x0, 9, 10, 4796}, - {0xfa63, 16, 16, 4797}, - {0xf994, 16, 16, 4797}, - {0x0, 14, 16, 4797}, - {0x2f947, 16, 16, 4799}, - {0x0, 2, 8, 4799}, - {0x0, 0, 1, 4805}, - {0x0, 0, 1, 4806}, - {0x0, 3, 4, 4807}, - {0x0, 3, 4, 4808}, - {0x0, 8, 9, 4809}, - {0x2289, 16, 16, 4810}, - {0x0, 13, 14, 4810}, - {0x0, 1, 2, 4811}, - {0x2f90d, 16, 16, 4812}, - {0x0, 7, 8, 4812}, - {0x2f8a5, 16, 16, 4813}, - {0x0, 5, 11, 4813}, - {0xf9a7, 16, 16, 4819}, - {0x0, 9, 12, 4819}, - {0x2f813, 16, 16, 4822}, - {0x0, 8, 10, 4822}, - {0x0, 15, 16, 4824}, - {0x2f939, 16, 16, 4825}, - {0x0, 0, 1, 4825}, - {0x0, 0, 1, 4826}, - {0x0, 3, 4, 4827}, - {0x0, 0, 1, 4828}, - {0x0, 0, 10, 4829}, - {0x1ec1, 16, 16, 4839}, - {0x0, 10, 11, 4839}, - {0xf911, 16, 16, 4840}, - {0x2f928, 16, 16, 4840}, - {0x0, 11, 12, 4840}, - {0xf9c8, 16, 16, 4841}, - {0x0, 0, 1, 4841}, - {0xf962, 16, 16, 4842}, - {0x0, 14, 15, 4842}, - {0xf957, 16, 16, 4843}, - {0x0, 0, 1, 4843}, - {0x0, 0, 1, 4844}, - {0x0, 3, 4, 4845}, - {0x0, 0, 1, 4846}, - {0x0, 4, 5, 4847}, - {0x1e1, 16, 16, 4848}, - {0x0, 1, 2, 4848}, - {0x1e6e, 16, 16, 4849}, - {0x0, 10, 11, 4849}, - {0x2f8aa, 16, 16, 4850}, - {0x0, 8, 9, 4850}, - {0xf9c5, 16, 16, 4851}, - {0x0, 0, 1, 4851}, - {0x0, 0, 1, 4852}, - {0x0, 3, 4, 4853}, - {0x0, 0, 1, 4854}, - {0x0, 4, 5, 4855}, - {0x1df, 16, 16, 4856}, - {0x0, 0, 2, 4856}, - {0x1f02, 16, 16, 4858}, - {0x1f04, 16, 16, 4858}, - {0x0, 14, 15, 4858}, - {0xf984, 16, 16, 4859}, - {0x0, 2, 3, 4859}, - {0x0, 5, 6, 4860}, - {0x0, 0, 1, 4861}, - {0x0, 1, 2, 4862}, - {0x0, 0, 1, 4863}, - {0x0, 2, 3, 4864}, - {0x0, 14, 15, 4865}, - {0x1026, 16, 16, 4866}, - {0x0, 14, 15, 4866}, - {0x2f8fa, 16, 16, 4867}, - {0x2f9ca, 16, 16, 4867}, - {0x0, 0, 1, 4867}, - {0x0, 0, 1, 4868}, - {0x0, 3, 4, 4869}, - {0x0, 0, 5, 4870}, - {0x0, 0, 2, 4875}, - {0x1f25, 16, 16, 4877}, - {0x0, 11, 16, 4877}, - {0x2f806, 16, 16, 4882}, - {0x0, 1, 2, 4882}, - {0x202, 16, 16, 4883}, - {0x0, 0, 1, 4883}, - {0x2f8b7, 16, 16, 4884}, - {0x0, 2, 3, 4884}, - {0x2f982, 16, 16, 4885}, - {0x0, 8, 10, 4885}, - {0x0, 0, 1, 4887}, - {0x0, 0, 1, 4888}, - {0x0, 3, 4, 4889}, - {0x0, 0, 1, 4890}, - {0x0, 8, 9, 4891}, - {0x4ea, 16, 16, 4892}, - {0x0, 0, 1, 4892}, - {0xf98f, 16, 16, 4893}, - {0x0, 13, 15, 4893}, - {0x0, 13, 14, 4895}, - {0x2f9e1, 16, 16, 4896}, - {0x0, 0, 1, 4896}, - {0x0, 0, 1, 4897}, - {0x0, 3, 4, 4898}, - {0x0, 0, 2, 4899}, - {0x0, 0, 2, 4901}, - {0x38c, 16, 16, 4903}, - {0x0, 2, 7, 4903}, - {0xf90d, 16, 16, 4908}, - {0x0, 2, 3, 4908}, - {0x2f875, 16, 16, 4909}, - {0x0, 14, 15, 4909}, - {0xf9d2, 16, 16, 4910}, - {0x0, 10, 11, 4910}, - {0xf902, 16, 16, 4911}, - {0x22f, 16, 16, 4911}, - {0x0, 2, 3, 4911}, - {0x1f56, 16, 16, 4912}, - {0x0, 3, 8, 4912}, - {0x15e, 16, 16, 4917}, - {0x218, 16, 16, 4917}, - {0x1e62, 16, 16, 4917}, - {0x0, 2, 7, 4917}, - {0xf9ba, 16, 16, 4922}, - {0xf91b, 16, 16, 4922}, - {0x0, 3, 10, 4922}, - {0x0, 6, 7, 4929}, - {0x2f916, 16, 16, 4930}, - {0x0, 0, 1, 4930}, - {0x0, 0, 1, 4931}, - {0x0, 3, 4, 4932}, - {0x0, 3, 4, 4933}, - {0x0, 8, 9, 4934}, - {0x22ae, 16, 16, 4935}, - {0x0, 7, 8, 4935}, - {0x2f973, 16, 16, 4936}, - {0x0, 0, 1, 4936}, - {0x0, 0, 1, 4937}, - {0x0, 3, 4, 4938}, - {0x0, 4, 5, 4939}, - {0x0, 5, 6, 4940}, - {0x1fa6, 16, 16, 4941}, - {0x0, 0, 1, 4941}, - {0x0, 0, 1, 4942}, - {0x0, 3, 4, 4943}, - {0x0, 0, 1, 4944}, - {0x0, 0, 2, 4945}, - {0x1f42, 16, 16, 4947}, - {0x1f44, 16, 16, 4947}, - {0x0, 3, 4, 4947}, - {0x2f843, 16, 16, 4948}, - {0x0, 10, 11, 4948}, - {0x0, 3, 4, 4949}, - {0x2f8ec, 16, 16, 4950}, - {0x0, 0, 10, 4950}, - {0x1edd, 16, 16, 4960}, - {0x1edb, 16, 16, 4960}, - {0x0, 15, 16, 4960}, - {0xf9eb, 16, 16, 4961}, - {0x1ee1, 16, 16, 4961}, - {0x1edf, 16, 16, 4961}, - {0x622, 16, 16, 4961}, - {0x0, 0, 1, 4961}, - {0x0, 3, 4, 4962}, - {0x0, 0, 1, 4963}, - {0x0, 9, 10, 4964}, - {0x0, 9, 11, 4965}, - {0x30d3, 16, 16, 4967}, - {0x0, 1, 4, 4967}, - {0x0, 12, 13, 4970}, - {0x2f8a2, 16, 16, 4971}, - {0x0, 0, 1, 4971}, - {0xf944, 16, 16, 4972}, - {0x0, 0, 1, 4972}, - {0x1e2c, 16, 16, 4973}, - {0x0, 0, 1, 4973}, - {0x0, 0, 1, 4974}, - {0x0, 3, 4, 4975}, - {0x0, 0, 4, 4976}, - {0x0, 3, 8, 4980}, - {0x1e33, 16, 16, 4985}, - {0x0, 2, 3, 4985}, - {0x2f888, 16, 16, 4986}, - {0x0, 4, 5, 4986}, - {0x2f80f, 16, 16, 4987}, - {0x0, 0, 10, 4987}, - {0x0, 14, 15, 4997}, - {0x2fa13, 16, 16, 4998}, - {0x0, 2, 3, 4998}, - {0x2f960, 16, 16, 4999}, - {0x0, 8, 9, 4999}, - {0x0, 0, 1, 5000}, - {0x0, 0, 1, 5001}, - {0x0, 9, 10, 5002}, - {0x0, 3, 4, 5003}, - {0x0, 12, 13, 5004}, - {0x929, 16, 16, 5005}, - {0x0, 0, 1, 5005}, - {0x0, 10, 11, 5006}, - {0x2f8ca, 16, 16, 5007}, - {0x0, 0, 1, 5007}, - {0x0, 0, 1, 5008}, - {0x0, 3, 4, 5009}, - {0x0, 0, 5, 5010}, - {0x0, 2, 6, 5015}, - {0x1fa8, 16, 16, 5019}, - {0x0, 0, 1, 5019}, - {0x0, 0, 1, 5020}, - {0x0, 3, 4, 5021}, - {0x0, 4, 5, 5022}, - {0x0, 5, 6, 5023}, - {0x1f9e, 16, 16, 5024}, - {0x0, 0, 1, 5024}, - {0x0, 3, 4, 5025}, - {0x0, 0, 1, 5026}, - {0x0, 9, 10, 5027}, - {0x0, 9, 10, 5028}, - {0x30fe, 16, 16, 5029}, - {0x0, 2, 13, 5029}, - {0x1e27, 16, 16, 5040}, - {0x1e23, 16, 16, 5040}, - {0x125, 16, 16, 5040}, - {0x0, 4, 5, 5040}, - {0x2f8f1, 16, 16, 5041}, - {0x0, 3, 5, 5041}, - {0x1f60, 16, 16, 5043}, - {0x0, 4, 5, 5043}, - {0x2f971, 16, 16, 5044}, - {0x30d4, 16, 16, 5044}, - {0x1f61, 16, 16, 5044}, - {0x0, 0, 1, 5044}, - {0x0, 3, 4, 5045}, - {0x0, 0, 1, 5046}, - {0x0, 9, 10, 5047}, - {0x0, 9, 10, 5048}, - {0x304c, 16, 16, 5049}, - {0x0, 0, 1, 5049}, - {0x0, 0, 1, 5050}, - {0x0, 3, 4, 5051}, - {0x0, 0, 1, 5052}, - {0x0, 1, 2, 5053}, - {0x1e78, 16, 16, 5054}, - {0x0, 0, 1, 5054}, - {0x0, 3, 4, 5055}, - {0x0, 0, 1, 5056}, - {0x0, 9, 10, 5057}, - {0x0, 9, 11, 5058}, - {0x30d9, 16, 16, 5060}, - {0x0, 8, 9, 5060}, - {0xf9b3, 16, 16, 5061}, - {0x0, 11, 15, 5061}, - {0x2f914, 16, 16, 5065}, - {0x0, 8, 14, 5065}, - {0xfa5c, 16, 16, 5071}, - {0x0, 0, 2, 5071}, - {0x1f34, 16, 16, 5073}, - {0x2f915, 16, 16, 5073}, - {0x0, 0, 1, 5073}, - {0x0, 0, 1, 5074}, - {0x0, 3, 4, 5075}, - {0x0, 4, 5, 5076}, - {0x0, 5, 6, 5077}, - {0x1f85, 16, 16, 5078}, - {0x0, 4, 15, 5078}, - {0x2f907, 16, 16, 5089}, - {0x0, 2, 3, 5089}, - {0x2f8bf, 16, 16, 5090}, - {0x0, 15, 16, 5090}, - {0xf937, 16, 16, 5091}, - {0x2126, 0, 1, 5091}, - {0x0, 0, 1, 5092}, - {0x0, 3, 4, 5093}, - {0x0, 0, 5, 5094}, - {0x0, 0, 2, 5099}, - {0x1ffa, 16, 16, 5101}, - {0x38f, 16, 16, 5101}, - {0x0, 4, 13, 5101}, - {0x0, 0, 1, 5110}, - {0x0, 0, 1, 5111}, - {0x0, 3, 4, 5112}, - {0x0, 0, 1, 5113}, - {0x0, 1, 2, 5114}, - {0x1ff, 16, 16, 5115}, - {0x0, 0, 1, 5115}, - {0x0, 0, 1, 5116}, - {0x0, 3, 4, 5117}, - {0x0, 4, 5, 5118}, - {0x0, 5, 6, 5119}, - {0x1f84, 16, 16, 5120}, - {0xf9f6, 16, 16, 5120}, - {0x0, 8, 10, 5120}, - {0x2329, 16, 16, 5122}, - {0x232a, 16, 16, 5122}, - {0x0, 0, 1, 5122}, - {0x0, 0, 1, 5123}, - {0x0, 3, 4, 5124}, - {0x0, 3, 4, 5125}, - {0x0, 8, 9, 5126}, - {0x2274, 16, 16, 5127}, - {0x30da, 16, 16, 5127}, - {0x0, 4, 13, 5127}, - {0x0, 0, 1, 5136}, - {0x0, 0, 1, 5137}, - {0x0, 3, 4, 5138}, - {0x0, 0, 1, 5139}, - {0x0, 0, 10, 5140}, - {0x1ed4, 16, 16, 5150}, - {0x0, 4, 5, 5150}, - {0xfa34, 16, 16, 5151}, - {0x1ed0, 16, 16, 5151}, - {0x1ed2, 16, 16, 5151}, - {0x1ed6, 16, 16, 5151}, - {0x2f900, 16, 16, 5151}, - {0x0, 4, 5, 5151}, - {0x2f940, 16, 16, 5152}, - {0x0, 0, 1, 5152}, - {0x0, 0, 1, 5153}, - {0x0, 3, 4, 5154}, - {0x0, 0, 1, 5155}, - {0x0, 1, 9, 5156}, - {0x1e4e, 16, 16, 5164}, - {0x1e4c, 16, 16, 5164}, - {0x22c, 16, 16, 5164}, - {0x0, 9, 15, 5164}, - {0x2fa18, 16, 16, 5170}, - {0x0, 12, 13, 5170}, - {0x0, 8, 9, 5171}, - {0x2f86c, 16, 16, 5172}, - {0x0, 7, 8, 5172}, - {0x2fa0f, 16, 16, 5173}, - {0x0, 1, 3, 5173}, - {0x0, 0, 1, 5175}, - {0x0, 0, 1, 5176}, - {0x0, 3, 4, 5177}, - {0x0, 3, 4, 5178}, - {0x0, 8, 9, 5179}, - {0x22e2, 16, 16, 5180}, - {0x0, 4, 5, 5180}, - {0xfa06, 16, 16, 5181}, - {0x0, 0, 1, 5181}, - {0x0, 0, 1, 5182}, - {0x0, 3, 4, 5183}, - {0x0, 0, 4, 5184}, - {0x0, 1, 16, 5188}, - {0x155, 16, 16, 5203}, - {0x0, 8, 9, 5203}, - {0xfa3e, 16, 16, 5204}, - {0x0, 0, 1, 5204}, - {0xf93d, 16, 16, 5205}, - {0x0, 0, 8, 5205}, - {0x0, 0, 1, 5213}, - {0x0, 0, 1, 5214}, - {0x0, 3, 4, 5215}, - {0x0, 0, 3, 5216}, - {0x0, 3, 4, 5219}, - {0x1ef1, 16, 16, 5220}, - {0x0, 6, 7, 5220}, - {0x2f935, 16, 16, 5221}, - {0x2fa17, 16, 16, 5221}, - {0x0, 14, 15, 5221}, - {0xfa48, 16, 16, 5222}, - {0x0, 15, 16, 5222}, - {0xf939, 16, 16, 5223}, - {0x0, 0, 1, 5223}, - {0x0, 0, 1, 5224}, - {0x0, 3, 4, 5225}, - {0x0, 0, 1, 5226}, - {0x0, 12, 13, 5227}, - {0x1ee, 16, 16, 5228}, - {0x0, 8, 9, 5228}, - {0x2fa11, 16, 16, 5229}, - {0x0, 8, 9, 5229}, - {0x2f97e, 16, 16, 5230}, - {0x0, 4, 5, 5230}, - {0xfa12, 16, 16, 5231}, - {0x0, 0, 1, 5231}, - {0x0, 3, 4, 5232}, - {0x0, 0, 1, 5233}, - {0x0, 9, 10, 5234}, - {0x0, 9, 10, 5235}, - {0x305c, 16, 16, 5236}, - {0x0, 10, 11, 5236}, - {0x2f954, 16, 16, 5237}, - {0x0, 7, 13, 5237}, - {0x1e6a, 16, 16, 5243}, - {0x0, 0, 1, 5243}, - {0x0, 0, 1, 5244}, - {0x0, 3, 4, 5245}, - {0x0, 0, 1, 5246}, - {0x0, 1, 2, 5247}, - {0x344, 16, 16, 5248}, - {0x0, 0, 1, 5248}, - {0x0, 0, 1, 5249}, - {0x0, 3, 4, 5250}, - {0x0, 0, 1, 5251}, - {0x0, 0, 2, 5252}, - {0x1f45, 16, 16, 5254}, - {0x1f43, 16, 16, 5254}, - {0x0, 0, 1, 5254}, - {0x0, 0, 1, 5255}, - {0x0, 3, 4, 5256}, - {0x0, 0, 4, 5257}, - {0x0, 1, 2, 5261}, - {0x1e94, 16, 16, 5262}, - {0x0, 15, 16, 5262}, - {0xf9bd, 16, 16, 5263}, - {0x0, 1, 13, 5263}, - {0xfa43, 16, 16, 5275}, - {0x0, 0, 1, 5275}, - {0x0, 0, 1, 5276}, - {0x0, 3, 4, 5277}, - {0x0, 0, 1, 5278}, - {0x0, 0, 2, 5279}, - {0x1e51, 16, 16, 5281}, - {0x1e53, 16, 16, 5281}, - {0x0, 3, 4, 5281}, - {0x2f889, 16, 16, 5282}, - {0x0, 3, 9, 5282}, - {0x104, 16, 16, 5288}, - {0x164, 16, 16, 5288}, - {0x0, 7, 8, 5288}, - {0x2fa05, 16, 16, 5289}, - {0x1ea0, 16, 16, 5289}, - {0x1e00, 16, 16, 5289}, - {0x0, 13, 14, 5289}, - {0x0, 0, 1, 5290}, - {0x0, 3, 4, 5291}, - {0x0, 0, 1, 5292}, - {0x0, 9, 10, 5293}, - {0x0, 9, 10, 5294}, - {0x309e, 16, 16, 5295}, - {0x0, 2, 3, 5295}, - {0x2f840, 16, 16, 5296}, - {0x0, 10, 11, 5296}, - {0x2f948, 16, 16, 5297}, - {0x2f8d5, 16, 16, 5297}, - {0x0, 11, 12, 5297}, - {0xf9f7, 16, 16, 5298}, - {0x0, 0, 1, 5298}, - {0x0, 0, 1, 5299}, - {0x0, 3, 4, 5300}, - {0x0, 0, 1, 5301}, - {0x0, 6, 9, 5302}, - {0x4c1, 16, 16, 5305}, - {0x1f24, 16, 16, 5305}, - {0x0, 0, 1, 5305}, - {0x0, 0, 1, 5306}, - {0x0, 3, 4, 5307}, - {0x0, 0, 5, 5308}, - {0x0, 2, 6, 5313}, - {0x1f6f, 16, 16, 5317}, - {0x4dc, 16, 16, 5317}, - {0x0, 0, 1, 5317}, - {0x0, 0, 1, 5318}, - {0x0, 3, 4, 5319}, - {0x0, 0, 1, 5320}, - {0x0, 1, 2, 5321}, - {0x1fe, 16, 16, 5322}, - {0x1fa9, 16, 16, 5322}, - {0x0, 13, 14, 5322}, - {0x2f99b, 16, 16, 5323}, - {0x0, 0, 1, 5323}, - {0x0, 0, 1, 5324}, - {0x0, 3, 4, 5325}, - {0x0, 3, 4, 5326}, - {0x0, 8, 9, 5327}, - {0x2204, 16, 16, 5328}, - {0x0, 10, 12, 5328}, - {0x0, 8, 9, 5330}, - {0x2f92d, 16, 16, 5331}, - {0x0, 0, 1, 5331}, - {0x0, 0, 1, 5332}, - {0x0, 3, 4, 5333}, - {0x0, 0, 1, 5334}, - {0x0, 0, 10, 5335}, - {0x1ec2, 16, 16, 5345}, - {0x1ebe, 16, 16, 5345}, - {0x1ec0, 16, 16, 5345}, - {0x1ec4, 16, 16, 5345}, - {0x0, 2, 3, 5345}, - {0x2f9e0, 16, 16, 5346}, - {0x0, 2, 3, 5346}, - {0x0, 12, 13, 5347}, - {0x2f834, 16, 16, 5348}, - {0x0, 7, 9, 5348}, - {0x2f904, 16, 16, 5350}, - {0x0, 6, 7, 5350}, - {0x0, 0, 1, 5351}, - {0x0, 0, 1, 5352}, - {0x0, 3, 4, 5353}, - {0x0, 0, 1, 5354}, - {0x0, 8, 9, 5355}, - {0x457, 16, 16, 5356}, - {0x0, 0, 1, 5356}, - {0x0, 0, 1, 5357}, - {0x0, 3, 4, 5358}, - {0x0, 0, 2, 5359}, - {0x0, 0, 2, 5361}, - {0x3ad, 16, 16, 5363}, - {0x0, 0, 14, 5363}, - {0x0, 8, 9, 5377}, - {0x2f8eb, 16, 16, 5378}, - {0x0, 0, 1, 5378}, - {0x0, 0, 1, 5379}, - {0x0, 3, 4, 5380}, - {0x0, 0, 3, 5381}, - {0x0, 3, 8, 5384}, - {0x1e63, 16, 16, 5389}, - {0x15f, 16, 16, 5389}, - {0x219, 16, 16, 5389}, - {0x0, 0, 1, 5389}, - {0x0, 0, 1, 5390}, - {0x0, 3, 4, 5391}, - {0x0, 3, 4, 5392}, - {0x0, 8, 9, 5393}, - {0x2285, 16, 16, 5394}, - {0x4ef, 16, 16, 5394}, - {0xcf, 16, 16, 5394}, - {0x0, 0, 1, 5394}, - {0x0, 0, 1, 5395}, - {0x0, 13, 14, 5396}, - {0x0, 12, 14, 5397}, - {0x0, 15, 16, 5399}, - {0xdde, 16, 16, 5400}, - {0x4f1, 16, 16, 5400}, - {0x130, 16, 16, 5400}, - {0x12a, 16, 16, 5400}, - {0xce, 16, 16, 5400}, - {0x128, 16, 16, 5400}, - {0xcc, 16, 16, 5400}, - {0xcd, 16, 16, 5400}, - {0x0, 10, 11, 5400}, - {0x2f8ea, 16, 16, 5401}, - {0x0, 2, 6, 5401}, - {0x1fc3, 16, 16, 5405}, - {0x0, 7, 8, 5405}, - {0x1e02, 16, 16, 5406}, - {0x1fc6, 16, 16, 5406}, - {0x0, 2, 4, 5406}, - {0x0, 0, 1, 5408}, - {0x0, 0, 1, 5409}, - {0x0, 3, 4, 5410}, - {0x0, 0, 1, 5411}, - {0x0, 0, 10, 5412}, - {0x1eaf, 16, 16, 5422}, - {0x0, 2, 16, 5422}, - {0x2fa02, 16, 16, 5436}, - {0x0, 2, 6, 5436}, - {0x1fb3, 16, 16, 5440}, - {0x0, 0, 1, 5440}, - {0x0, 0, 1, 5441}, - {0x0, 3, 4, 5442}, - {0x0, 0, 1, 5443}, - {0x0, 8, 9, 5444}, - {0x4f4, 16, 16, 5445}, - {0x1fb6, 16, 16, 5445}, - {0x0, 6, 7, 5445}, - {0xfa1c, 16, 16, 5446}, - {0x0, 2, 3, 5446}, - {0x1f37, 16, 16, 5447}, - {0x0, 13, 14, 5447}, - {0x2f815, 16, 16, 5448}, - {0x0, 11, 12, 5448}, - {0x2f855, 16, 16, 5449}, - {0x0, 12, 14, 5449}, - {0x2f8fd, 16, 16, 5451}, - {0x4f3, 16, 16, 5451}, - {0xf968, 16, 16, 5451}, - {0x208, 16, 16, 5451}, - {0x0, 1, 2, 5451}, - {0xf90a, 16, 16, 5452}, - {0x1cf, 16, 16, 5452}, - {0x0, 14, 15, 5452}, - {0xf9c6, 16, 16, 5453}, - {0xfa2a, 16, 16, 5453}, - {0x0, 3, 5, 5453}, - {0x1f68, 16, 16, 5455}, - {0x1f69, 16, 16, 5455}, - {0x0, 1, 5, 5455}, - {0x2f98c, 16, 16, 5459}, - {0x2f893, 16, 16, 5459}, - {0x0, 8, 9, 5459}, - {0xf926, 16, 16, 5460}, - {0x0, 3, 9, 5460}, - {0x1ecd, 16, 16, 5466}, - {0x0, 0, 1, 5466}, - {0x0, 3, 4, 5467}, - {0x0, 0, 1, 5468}, - {0x0, 9, 10, 5469}, - {0x0, 9, 10, 5470}, - {0x3052, 16, 16, 5471}, - {0x1eb, 16, 16, 5471}, - {0x0, 0, 10, 5471}, - {0xf975, 16, 16, 5481}, - {0x2f8c1, 16, 16, 5481}, - {0x0, 0, 1, 5481}, - {0x0, 0, 1, 5482}, - {0x0, 3, 4, 5483}, - {0x0, 0, 4, 5484}, - {0x0, 7, 13, 5488}, - {0x1e0a, 16, 16, 5494}, - {0x0, 0, 1, 5494}, - {0x2f9dc, 16, 16, 5495}, - {0x0, 0, 1, 5495}, - {0x1e1b, 16, 16, 5496}, - {0x0, 2, 15, 5496}, - {0xf952, 16, 16, 5509}, - {0x0, 13, 14, 5509}, - {0xfa1e, 16, 16, 5510}, - {0x0, 4, 5, 5510}, - {0x2f8d1, 16, 16, 5511}, - {0x10e, 16, 16, 5511}, - {0x0, 14, 15, 5511}, - {0xf977, 16, 16, 5512}, - {0x0, 0, 1, 5512}, - {0xfa60, 16, 16, 5513}, - {0x0, 10, 12, 5513}, - {0x0, 1, 2, 5515}, - {0x2f93b, 16, 16, 5516}, - {0x0, 3, 4, 5516}, - {0x1e7d, 16, 16, 5517}, - {0x0, 0, 1, 5517}, - {0x0, 0, 1, 5518}, - {0x0, 3, 4, 5519}, - {0x0, 4, 5, 5520}, - {0x0, 5, 6, 5521}, - {0x1fac, 16, 16, 5522}, - {0x0, 1, 2, 5522}, - {0x0, 8, 9, 5523}, - {0x2f871, 16, 16, 5524}, - {0x0, 10, 13, 5524}, - {0xf947, 16, 16, 5527}, - {0x2f950, 16, 16, 5527}, - {0x0, 0, 1, 5527}, - {0x0, 0, 1, 5528}, - {0x0, 3, 4, 5529}, - {0x0, 4, 5, 5530}, - {0x0, 5, 6, 5531}, - {0x1ff7, 16, 16, 5532}, - {0x0, 10, 15, 5532}, - {0xf96c, 16, 16, 5537}, - {0x0, 0, 1, 5537}, - {0x0, 0, 1, 5538}, - {0x0, 3, 4, 5539}, - {0x0, 0, 1, 5540}, - {0x0, 8, 9, 5541}, - {0x4ec, 16, 16, 5542}, - {0xfa10, 16, 16, 5542}, - {0x0, 0, 10, 5542}, - {0x0, 10, 11, 5552}, - {0x2f9fb, 16, 16, 5553}, - {0xf92f, 16, 16, 5553}, - {0x0, 6, 7, 5553}, - {0xf98b, 16, 16, 5554}, - {0x0, 4, 5, 5554}, - {0x2f8e6, 16, 16, 5555}, - {0x0, 0, 1, 5555}, - {0x0, 0, 1, 5556}, - {0x0, 3, 4, 5557}, - {0x0, 4, 5, 5558}, - {0x0, 5, 6, 5559}, - {0x1fab, 16, 16, 5560}, - {0x0, 7, 8, 5560}, - {0x0, 7, 8, 5561}, - {0x2f9f1, 16, 16, 5562}, - {0x0, 0, 1, 5562}, - {0x0, 0, 1, 5563}, - {0x0, 3, 4, 5564}, - {0x0, 0, 1, 5565}, - {0x0, 4, 5, 5566}, - {0x22a, 16, 16, 5567}, - {0x0, 0, 1, 5567}, - {0x0, 0, 1, 5568}, - {0x0, 3, 4, 5569}, - {0x0, 3, 4, 5570}, - {0x0, 8, 9, 5571}, - {0x219a, 16, 16, 5572}, - {0xf92e, 16, 16, 5572}, - {0xf965, 16, 16, 5572}, - {0x0, 0, 1, 5572}, - {0x0, 0, 1, 5573}, - {0x0, 3, 4, 5574}, - {0x0, 0, 4, 5575}, - {0x0, 7, 13, 5579}, - {0x165, 16, 16, 5585}, - {0x0, 2, 6, 5585}, - {0x1f99, 16, 16, 5589}, - {0x1f2f, 16, 16, 5589}, - {0x0, 0, 1, 5589}, - {0x0, 0, 1, 5590}, - {0x0, 3, 4, 5591}, - {0x0, 0, 1, 5592}, - {0x0, 8, 9, 5593}, - {0x4de, 16, 16, 5594}, - {0x0, 14, 15, 5594}, - {0xfa1d, 16, 16, 5595}, - {0x1ec3, 16, 16, 5595}, - {0x0, 0, 1, 5595}, - {0x0, 0, 1, 5596}, - {0x0, 3, 4, 5597}, - {0x0, 0, 2, 5598}, - {0x0, 0, 2, 5600}, - {0x1f78, 16, 16, 5602}, - {0x3cc, 16, 16, 5602}, - {0x1ec5, 16, 16, 5602}, - {0x1ebf, 16, 16, 5602}, - {0x0, 11, 12, 5602}, - {0x2fa1c, 16, 16, 5603}, - {0x0, 3, 15, 5603}, - {0x2f8db, 16, 16, 5615}, - {0x0, 1, 2, 5615}, - {0xf904, 16, 16, 5616}, - {0x0, 3, 4, 5616}, - {0x1e92, 16, 16, 5617}, - {0x0, 1, 2, 5617}, - {0x2f9c1, 16, 16, 5618}, - {0x1e6b, 16, 16, 5618}, - {0x1e97, 16, 16, 5618}, - {0x0, 0, 1, 5618}, - {0x0, 0, 1, 5619}, - {0x0, 3, 4, 5620}, - {0x0, 4, 5, 5621}, - {0x0, 5, 6, 5622}, - {0x1ff2, 16, 16, 5623}, - {0x0, 0, 1, 5623}, - {0x0, 0, 1, 5624}, - {0x0, 3, 4, 5625}, - {0x0, 0, 2, 5626}, - {0x0, 0, 9, 5628}, - {0x3aa, 16, 16, 5637}, - {0x0, 0, 1, 5637}, - {0x0, 0, 1, 5638}, - {0x0, 3, 4, 5639}, - {0x0, 0, 1, 5640}, - {0x0, 6, 9, 5641}, - {0x4c2, 16, 16, 5644}, - {0x4dd, 16, 16, 5644}, - {0x0, 8, 9, 5644}, - {0x2f885, 16, 16, 5645}, - {0x1fda, 16, 16, 5645}, - {0x38a, 16, 16, 5645}, - {0x1fd8, 16, 16, 5645}, - {0x1fd9, 16, 16, 5645}, - {0x0, 5, 10, 5645}, - {0xf9a3, 16, 16, 5650}, - {0x0, 0, 1, 5650}, - {0xf921, 16, 16, 5651}, - {0x2f89f, 16, 16, 5651}, - {0x0, 0, 1, 5651}, - {0x0, 0, 1, 5652}, - {0x0, 3, 4, 5653}, - {0x0, 3, 4, 5654}, - {0x0, 8, 9, 5655}, - {0x2288, 16, 16, 5656}, - {0x0, 0, 1, 5656}, - {0x0, 0, 1, 5657}, - {0x0, 3, 4, 5658}, - {0x0, 0, 4, 5659}, - {0x0, 1, 12, 5663}, - {0x1b0, 16, 16, 5674}, - {0xf9aa, 16, 16, 5674}, - {0x0, 2, 3, 5674}, - {0x0, 0, 1, 5675}, - {0x0, 0, 1, 5676}, - {0x0, 3, 4, 5677}, - {0x0, 0, 1, 5678}, - {0x0, 12, 13, 5679}, - {0x1ef, 16, 16, 5680}, - {0x217, 16, 16, 5680}, - {0x0, 11, 12, 5680}, - {0x2f9bd, 16, 16, 5681}, - {0x0, 0, 1, 5681}, - {0x0, 0, 1, 5682}, - {0x0, 3, 4, 5683}, - {0x0, 0, 4, 5684}, - {0x0, 0, 1, 5688}, - {0x1e74, 16, 16, 5689}, - {0x0, 0, 1, 5689}, - {0x0, 0, 1, 5690}, - {0x0, 3, 4, 5691}, - {0x0, 0, 1, 5692}, - {0x0, 0, 10, 5693}, - {0x1eb0, 16, 16, 5703}, - {0x1eae, 16, 16, 5703}, - {0x1eb4, 16, 16, 5703}, - {0x1eb2, 16, 16, 5703}, - {0x0, 8, 9, 5703}, - {0x2f972, 16, 16, 5704}, - {0x0, 15, 16, 5704}, - {0x2f837, 16, 16, 5705}, - {0x0, 0, 1, 5705}, - {0x0, 0, 1, 5706}, - {0x0, 3, 4, 5707}, - {0x0, 4, 5, 5708}, - {0x0, 5, 6, 5709}, - {0x1fa7, 16, 16, 5710}, - {0x0, 0, 1, 5710}, - {0x0, 3, 4, 5711}, - {0x0, 0, 1, 5712}, - {0x0, 9, 10, 5713}, - {0x0, 9, 10, 5714}, - {0x305a, 16, 16, 5715}, - {0x0, 1, 13, 5715}, - {0x1e9, 16, 16, 5727}, - {0x0, 15, 16, 5727}, - {0x2f908, 16, 16, 5728}, - {0x0, 15, 16, 5728}, - {0x2f8fc, 16, 16, 5729}, - {0xfa51, 16, 16, 5729}, - {0x0, 13, 14, 5729}, - {0x2f8e7, 16, 16, 5730}, - {0x0, 5, 6, 5730}, - {0x1fbc, 16, 16, 5731}, - {0x0, 10, 11, 5731}, - {0x2f8a1, 16, 16, 5732}, - {0x0, 1, 14, 5732}, - {0xfa26, 16, 16, 5745}, - {0x0, 11, 15, 5745}, - {0x0, 0, 1, 5749}, - {0x0, 0, 1, 5750}, - {0x0, 3, 4, 5751}, - {0x0, 3, 4, 5752}, - {0x0, 8, 9, 5753}, - {0x2260, 16, 16, 5754}, - {0x0, 3, 4, 5754}, - {0x0, 12, 13, 5755}, - {0x2f997, 16, 16, 5756}, - {0x0, 4, 5, 5756}, - {0x2f853, 16, 16, 5757}, - {0x3076, 16, 16, 5757}, - {0x0, 12, 13, 5757}, - {0xf92b, 16, 16, 5758}, - {0x0, 2, 3, 5758}, - {0x0, 2, 3, 5759}, - {0x2f803, 16, 16, 5760}, - {0x0, 1, 2, 5760}, - {0x20a, 16, 16, 5761}, - {0x0, 0, 1, 5761}, - {0x0, 0, 1, 5762}, - {0x0, 12, 13, 5763}, - {0x0, 12, 14, 5764}, - {0x0, 2, 3, 5766}, - {0xcca, 16, 16, 5767}, - {0x0, 8, 9, 5767}, - {0x2f865, 16, 16, 5768}, - {0x1e31, 16, 16, 5768}, - {0x0, 3, 4, 5768}, - {0x0, 10, 11, 5769}, - {0x2f80d, 16, 16, 5770}, - {0x0, 2, 8, 5770}, - {0x2f817, 16, 16, 5776}, - {0x2f8d2, 16, 16, 5776}, - {0x2f9e3, 16, 16, 5776}, - {0x0, 0, 2, 5776}, - {0x1f3c, 16, 16, 5778}, - {0x1f3a, 16, 16, 5778}, - {0x0, 6, 8, 5778}, - {0xb48, 16, 16, 5780}, - {0xb4c, 16, 16, 5780}, - {0x0, 0, 1, 5780}, - {0x0, 0, 1, 5781}, - {0x0, 3, 4, 5782}, - {0x0, 3, 4, 5783}, - {0x0, 8, 9, 5784}, - {0x2280, 16, 16, 5785}, - {0x0, 0, 1, 5785}, - {0x0, 3, 4, 5786}, - {0x0, 0, 1, 5787}, - {0x0, 9, 10, 5788}, - {0x0, 9, 10, 5789}, - {0x30f4, 16, 16, 5790}, - {0x0, 6, 8, 5790}, - {0xf9b2, 16, 16, 5792}, - {0x0, 3, 8, 5792}, - {0x1e5b, 16, 16, 5797}, - {0x0, 0, 1, 5797}, - {0x0, 0, 1, 5798}, - {0x0, 3, 4, 5799}, - {0x0, 0, 1, 5800}, - {0x0, 8, 9, 5801}, - {0x4f5, 16, 16, 5802}, - {0x157, 16, 16, 5802}, - {0x0, 9, 10, 5802}, - {0x2f9c2, 16, 16, 5803}, - {0x0, 5, 6, 5803}, - {0x2f988, 16, 16, 5804}, - {0x0, 0, 1, 5804}, - {0x0, 0, 1, 5805}, - {0x0, 3, 4, 5806}, - {0x0, 0, 1, 5807}, - {0x0, 0, 9, 5808}, - {0x40d, 16, 16, 5817}, - {0x0, 0, 1, 5817}, - {0x0, 0, 1, 5818}, - {0x0, 3, 4, 5819}, - {0x0, 0, 1, 5820}, - {0x0, 1, 8, 5821}, - {0x1e56, 16, 16, 5828}, - {0x1e54, 16, 16, 5828}, - {0x0, 2, 9, 5828}, - {0x2f83e, 16, 16, 5835}, - {0x0, 0, 1, 5835}, - {0x0, 0, 1, 5836}, - {0x0, 3, 4, 5837}, - {0x0, 4, 5, 5838}, - {0x0, 5, 6, 5839}, - {0x1fa2, 16, 16, 5840}, - {0xf980, 16, 16, 5840}, - {0x0, 10, 11, 5840}, - {0x0, 7, 8, 5841}, - {0x2f8f0, 16, 16, 5842}, - {0x0, 14, 15, 5842}, - {0xd4a, 16, 16, 5843}, - {0x0, 6, 15, 5843}, - {0x2f8ff, 16, 16, 5852}, - {0x0, 0, 1, 5852}, - {0x0, 0, 1, 5853}, - {0x0, 3, 4, 5854}, - {0x0, 0, 3, 5855}, - {0x0, 3, 4, 5858}, - {0x1e89, 16, 16, 5859}, - {0x0, 0, 1, 5859}, - {0x0, 0, 1, 5860}, - {0x0, 9, 10, 5861}, - {0x0, 3, 4, 5862}, - {0x0, 12, 13, 5863}, - {0x934, 16, 16, 5864}, - {0x0, 2, 3, 5864}, - {0x2f8ac, 16, 16, 5865}, - {0x0, 4, 5, 5865}, - {0x2f9ac, 16, 16, 5866}, - {0x0, 11, 12, 5866}, - {0x2f816, 16, 16, 5867}, - {0x0, 14, 15, 5867}, - {0x2f911, 16, 16, 5868}, - {0x0, 8, 9, 5868}, - {0x0, 6, 7, 5869}, - {0x2f96b, 16, 16, 5870}, - {0x1e15, 16, 16, 5870}, - {0x0, 3, 4, 5870}, - {0x1e05, 16, 16, 5871}, - {0x0, 8, 9, 5871}, - {0x2f93f, 16, 16, 5872}, - {0x0, 8, 9, 5872}, - {0x2f8d0, 16, 16, 5873}, - {0x0, 0, 1, 5873}, - {0x0, 0, 1, 5874}, - {0x0, 6, 7, 5875}, - {0x0, 5, 6, 5876}, - {0x0, 4, 5, 5877}, - {0x6d3, 16, 16, 5878}, - {0x0, 1, 2, 5878}, - {0x1e0e, 16, 16, 5879}, - {0x0, 7, 10, 5879}, - {0xfa33, 16, 16, 5882}, - {0x0, 0, 1, 5882}, - {0x0, 0, 1, 5883}, - {0x0, 3, 4, 5884}, - {0x0, 3, 4, 5885}, - {0x0, 8, 9, 5886}, - {0x2279, 16, 16, 5887}, - {0x0, 2, 12, 5887}, - {0x0, 1, 2, 5897}, - {0x2f9b0, 16, 16, 5898}, - {0x0, 0, 1, 5898}, - {0xfa39, 16, 16, 5899}, - {0x2f825, 16, 16, 5899}, - {0x0, 3, 4, 5899}, - {0x2f983, 16, 16, 5900}, - {0xfa05, 16, 16, 5900}, - {0x0, 9, 10, 5900}, - {0xf916, 16, 16, 5901}, - {0xf915, 16, 16, 5901}, - {0x0, 12, 13, 5901}, - {0xf908, 16, 16, 5902}, - {0x0, 9, 13, 5902}, - {0xf955, 16, 16, 5906}, - {0x0, 14, 15, 5906}, - {0xf9e1, 16, 16, 5907}, - {0x2f8d3, 16, 16, 5907}, - {0x0, 8, 9, 5907}, - {0x2f93c, 16, 16, 5908}, - {0x0, 0, 1, 5908}, - {0x0, 0, 1, 5909}, - {0x0, 3, 4, 5910}, - {0x0, 0, 3, 5911}, - {0x0, 2, 13, 5914}, - {0x21e, 16, 16, 5925}, - {0x0, 0, 1, 5925}, - {0x0, 0, 1, 5926}, - {0x0, 3, 4, 5927}, - {0x0, 0, 1, 5928}, - {0x0, 6, 9, 5929}, - {0x4d0, 16, 16, 5932}, - {0x0, 6, 7, 5932}, - {0x0, 6, 7, 5933}, - {0x2f9cc, 16, 16, 5934}, - {0x0, 10, 11, 5934}, - {0xf985, 16, 16, 5935}, - {0x4d2, 16, 16, 5935}, - {0x0, 3, 4, 5935}, - {0x2f99a, 16, 16, 5936}, - {0x1fd3, 16, 16, 5936}, - {0x0, 4, 6, 5936}, - {0x0, 0, 1, 5938}, - {0x0, 0, 1, 5939}, - {0x0, 3, 4, 5940}, - {0x0, 0, 1, 5941}, - {0x0, 15, 16, 5942}, - {0x477, 16, 16, 5943}, - {0x1e26, 16, 16, 5943}, - {0x1e22, 16, 16, 5943}, - {0x124, 16, 16, 5943}, - {0xf979, 16, 16, 5943}, - {0x0, 0, 1, 5943}, - {0x2f93a, 16, 16, 5944}, - {0xfa49, 16, 16, 5944}, - {0x0, 8, 9, 5944}, - {0xf900, 16, 16, 5945}, - {0x0, 4, 5, 5945}, - {0xf924, 16, 16, 5946}, - {0x1f23, 16, 16, 5946}, - {0x0, 5, 6, 5946}, - {0x2f925, 16, 16, 5947}, - {0x0, 4, 13, 5947}, - {0x2f818, 16, 16, 5956}, - {0x0, 10, 11, 5956}, - {0x2f979, 16, 16, 5957}, - {0x0, 0, 1, 5957}, - {0x0, 0, 1, 5958}, - {0x0, 3, 4, 5959}, - {0x0, 0, 1, 5960}, - {0x0, 2, 3, 5961}, - {0x1ec6, 16, 16, 5962}, - {0x0, 2, 3, 5962}, - {0x2f895, 16, 16, 5963}, - {0x0, 6, 7, 5963}, - {0x0, 0, 1, 5964}, - {0x0, 0, 1, 5965}, - {0x0, 3, 4, 5966}, - {0x0, 0, 1, 5967}, - {0x0, 8, 9, 5968}, - {0x407, 16, 16, 5969}, - {0xf949, 16, 16, 5969}, - {0x0, 0, 10, 5969}, - {0x1eed, 16, 16, 5979}, - {0x0, 5, 12, 5979}, - {0x2f839, 16, 16, 5986}, - {0x1eeb, 16, 16, 5986}, - {0x1ee9, 16, 16, 5986}, - {0x0, 3, 5, 5986}, - {0x1f38, 16, 16, 5988}, - {0x1eef, 16, 16, 5988}, - {0x1f39, 16, 16, 5988}, - {0x0, 0, 10, 5988}, - {0x2f962, 16, 16, 5998}, - {0xfa56, 16, 16, 5998}, - {0x0, 3, 4, 5998}, - {0x2f87c, 16, 16, 5999}, - {0x2f963, 16, 16, 5999}, - {0x0, 0, 1, 5999}, - {0x0, 0, 1, 6000}, - {0x0, 3, 4, 6001}, - {0x0, 0, 1, 6002}, - {0x0, 1, 5, 6003}, - {0x1e2, 16, 16, 6007}, - {0x1fc, 16, 16, 6007}, - {0x0, 7, 8, 6007}, - {0xf9f2, 16, 16, 6008}, - {0xf906, 16, 16, 6008}, - {0x0, 13, 14, 6008}, - {0x2f886, 16, 16, 6009}, - {0x0, 15, 16, 6009}, - {0xf927, 16, 16, 6010}, - {0x0, 12, 13, 6010}, - {0x2f92a, 16, 16, 6011}, - {0x0, 3, 5, 6011}, - {0x1f40, 16, 16, 6013}, - {0x1f41, 16, 16, 6013}, - {0x0, 0, 16, 6013}, - {0xfa, 16, 16, 6029}, - {0xf9, 16, 16, 6029}, - {0x169, 16, 16, 6029}, - {0xfb, 16, 16, 6029}, - {0x16b, 16, 16, 6029}, - {0x0, 3, 14, 6029}, - {0x1ee4, 16, 16, 6040}, - {0x16d, 16, 16, 6040}, - {0x1ee7, 16, 16, 6040}, - {0xfc, 16, 16, 6040}, - {0x0, 0, 1, 6040}, - {0x0, 3, 4, 6041}, - {0x0, 0, 1, 6042}, - {0x0, 9, 10, 6043}, - {0x0, 9, 10, 6044}, - {0x3062, 16, 16, 6045}, - {0x172, 16, 16, 6045}, - {0x0, 0, 1, 6045}, - {0x0, 0, 1, 6046}, - {0x0, 3, 4, 6047}, - {0x0, 0, 1, 6048}, - {0x0, 7, 8, 6049}, - {0x1e65, 16, 16, 6050}, - {0x0, 1, 13, 6050}, - {0x161, 16, 16, 6062}, - {0x0, 9, 13, 6062}, - {0x2f9a1, 16, 16, 6066}, - {0x0, 0, 1, 6066}, - {0x0, 0, 1, 6067}, - {0x0, 3, 4, 6068}, - {0x0, 0, 1, 6069}, - {0x0, 0, 13, 6070}, - {0x1da, 16, 16, 6083}, - {0x0, 0, 1, 6083}, - {0x0, 0, 1, 6084}, - {0x0, 3, 4, 6085}, - {0x0, 0, 4, 6086}, - {0x0, 1, 13, 6090}, - {0x13a, 16, 16, 6102}, - {0x16f, 16, 16, 6102}, - {0x1e76, 16, 16, 6102}, - {0x0, 0, 1, 6102}, - {0x0, 0, 1, 6103}, - {0x0, 3, 4, 6104}, - {0x0, 3, 4, 6105}, - {0x0, 8, 9, 6106}, - {0x219b, 16, 16, 6107}, - {0x171, 16, 16, 6107}, - {0x215, 16, 16, 6107}, - {0x0, 0, 1, 6107}, - {0x0, 3, 4, 6108}, - {0x0, 0, 1, 6109}, - {0x0, 9, 10, 6110}, - {0x0, 9, 10, 6111}, - {0x3050, 16, 16, 6112}, - {0x0, 10, 11, 6112}, - {0x0, 7, 8, 6113}, - {0x2f95e, 16, 16, 6114}, - {0x0, 2, 3, 6114}, - {0x2f9ba, 16, 16, 6115}, - {0x0, 14, 15, 6115}, - {0xfa30, 16, 16, 6116}, - {0x0, 10, 11, 6116}, - {0x2f861, 16, 16, 6117}, - {0x13e, 16, 16, 6117}, - {0x1dc, 16, 16, 6117}, - {0x1d8, 16, 16, 6117}, - {0x1d6, 16, 16, 6117}, - {0x0, 2, 3, 6117}, - {0x1fd7, 16, 16, 6118}, - {0x0, 1, 2, 6118}, - {0x0, 4, 5, 6119}, - {0x2f927, 16, 16, 6120}, - {0x15d, 16, 16, 6120}, - {0x15b, 16, 16, 6120}, - {0x1e61, 16, 16, 6120}, - {0x0, 3, 5, 6120}, - {0x1f49, 16, 16, 6122}, - {0x0, 0, 1, 6122}, - {0x0, 3, 4, 6123}, - {0x0, 0, 1, 6124}, - {0x0, 9, 10, 6125}, - {0x0, 9, 10, 6126}, - {0x30c5, 16, 16, 6127}, - {0xf93e, 16, 16, 6127}, - {0x0, 0, 14, 6127}, - {0x0, 4, 5, 6141}, - {0x2f9d9, 16, 16, 6142}, - {0x0, 13, 14, 6142}, - {0x2f8b4, 16, 16, 6143}, - {0x1f48, 16, 16, 6143}, - {0x0, 8, 9, 6143}, - {0xf9e2, 16, 16, 6144}, - {0x0, 3, 9, 6144}, - {0x1eca, 16, 16, 6150}, - {0x12e, 16, 16, 6150}, - {0x0, 0, 9, 6150}, - {0x1f7a, 16, 16, 6159}, - {0x3cd, 16, 16, 6159}, - {0x1fe1, 16, 16, 6159}, - {0x0, 1, 2, 6159}, - {0x1e35, 16, 16, 6160}, - {0x1fe0, 16, 16, 6160}, - {0x0, 0, 1, 6160}, - {0x0, 3, 4, 6161}, - {0x0, 0, 1, 6162}, - {0x0, 9, 10, 6163}, - {0x0, 9, 11, 6164}, - {0x3074, 16, 16, 6166}, - {0x3cb, 16, 16, 6166}, - {0x0, 3, 4, 6166}, - {0xf99d, 16, 16, 6167}, - {0x0, 0, 1, 6167}, - {0x0, 0, 1, 6168}, - {0x0, 3, 4, 6169}, - {0x0, 0, 1, 6170}, - {0x0, 8, 9, 6171}, - {0x4e7, 16, 16, 6172}, - {0x1f3b, 16, 16, 6172}, - {0x0, 0, 1, 6172}, - {0x0, 0, 1, 6173}, - {0x0, 3, 4, 6174}, - {0x0, 4, 5, 6175}, - {0x0, 5, 6, 6176}, - {0x1f92, 16, 16, 6177}, - {0x0, 2, 4, 6177}, - {0xfa42, 16, 16, 6179}, - {0x0, 1, 2, 6179}, - {0x1e5f, 16, 16, 6180}, - {0x0, 0, 1, 6180}, - {0x0, 0, 1, 6181}, - {0x0, 3, 4, 6182}, - {0x0, 3, 4, 6183}, - {0x0, 8, 9, 6184}, - {0x22ed, 16, 16, 6185}, - {0x0, 2, 6, 6185}, - {0x1ff6, 16, 16, 6189}, - {0x1ff3, 16, 16, 6189}, - {0x0, 9, 11, 6189}, - {0xf92a, 16, 16, 6191}, - {0x0, 0, 1, 6191}, - {0x0, 0, 1, 6192}, - {0x0, 3, 4, 6193}, - {0x0, 0, 5, 6194}, - {0x0, 2, 6, 6199}, - {0x1fa0, 16, 16, 6203}, - {0x0, 4, 5, 6203}, - {0xf9b7, 16, 16, 6204}, - {0x1f66, 16, 16, 6204}, - {0x3073, 16, 16, 6204}, - {0x0, 2, 8, 6204}, - {0x2f823, 16, 16, 6210}, - {0x0, 12, 13, 6210}, - {0x2f862, 16, 16, 6211}, - {0x2f822, 16, 16, 6211}, - {0x0, 2, 3, 6211}, - {0xf9e5, 16, 16, 6212}, - {0x2f903, 16, 16, 6212}, - {0x0, 11, 12, 6212}, - {0x2f957, 16, 16, 6213}, - {0x0, 11, 12, 6213}, - {0xf98a, 16, 16, 6214}, - {0x0, 9, 10, 6214}, - {0x2f9bb, 16, 16, 6215}, - {0x0, 0, 1, 6215}, - {0x0, 0, 1, 6216}, - {0x0, 3, 4, 6217}, - {0x0, 0, 1, 6218}, - {0x0, 15, 16, 6219}, - {0x476, 16, 16, 6220}, - {0x0, 0, 1, 6220}, - {0x0, 0, 1, 6221}, - {0x0, 3, 4, 6222}, - {0x0, 0, 1, 6223}, - {0x0, 8, 9, 6224}, - {0x4eb, 16, 16, 6225}, - {0x0, 1, 6, 6225}, - {0xfa5b, 16, 16, 6230}, - {0xf934, 16, 16, 6230}, - {0x0, 0, 10, 6230}, - {0x0, 0, 1, 6240}, - {0x0, 0, 1, 6241}, - {0x0, 3, 4, 6242}, - {0x0, 0, 1, 6243}, - {0x0, 0, 2, 6244}, - {0x1f14, 16, 16, 6246}, - {0x1f12, 16, 16, 6246}, - {0x0, 3, 14, 6246}, - {0x1e0c, 16, 16, 6257}, - {0x1e10, 16, 16, 6257}, - {0x1ffb, 16, 16, 6257}, - {0x1feb, 16, 16, 6257}, - {0x1ff9, 16, 16, 6257}, - {0x1fdb, 16, 16, 6257}, - {0x0, 3, 4, 6257}, - {0x2f992, 16, 16, 6258}, - {0x0, 0, 1, 6258}, - {0x0, 3, 4, 6259}, - {0x0, 0, 1, 6260}, - {0x0, 9, 10, 6261}, - {0x0, 9, 10, 6262}, - {0x30b6, 16, 16, 6263}, - {0x0, 0, 1, 6263}, - {0x0, 0, 1, 6264}, - {0x0, 3, 4, 6265}, - {0x0, 0, 4, 6266}, - {0x0, 3, 14, 6270}, - {0x1e36, 16, 16, 6281}, - {0x13b, 16, 16, 6281}, - {0x1e12, 16, 16, 6281}, - {0x0, 1, 2, 6281}, - {0x0, 14, 15, 6282}, - {0x2f906, 16, 16, 6283}, - {0x0, 0, 1, 6283}, - {0x0, 0, 1, 6284}, - {0x0, 3, 4, 6285}, - {0x0, 0, 1, 6286}, - {0x0, 8, 9, 6287}, - {0x4ed, 16, 16, 6288}, - {0x2f8dc, 16, 16, 6288}, - {0x0, 6, 7, 6288}, - {0x0, 3, 4, 6289}, - {0x2f91d, 16, 16, 6290}, - {0x1e3c, 16, 16, 6290}, - {0x1fbb, 16, 16, 6290}, - {0x1fee, 16, 16, 6290}, - {0x0, 14, 15, 6290}, - {0x2fa08, 16, 16, 6291}, - {0x1fc9, 16, 16, 6291}, - {0x0, 0, 1, 6291}, - {0x0, 0, 1, 6292}, - {0x0, 13, 14, 6293}, - {0x0, 3, 4, 6294}, - {0x0, 14, 15, 6295}, - {0xd4b, 16, 16, 6296}, - {0x0, 6, 7, 6296}, - {0x2fa1b, 16, 16, 6297}, - {0x0, 7, 8, 6297}, - {0x2f896, 16, 16, 6298}, - {0xf97a, 16, 16, 6298}, - {0x0, 1, 13, 6298}, - {0x17d, 16, 16, 6310}, - {0x0, 4, 5, 6310}, - {0xfa57, 16, 16, 6311}, - {0x0, 8, 9, 6311}, - {0xf972, 16, 16, 6312}, - {0x0, 0, 1, 6312}, - {0x0, 0, 1, 6313}, - {0x0, 3, 4, 6314}, - {0x0, 3, 4, 6315}, - {0x0, 8, 9, 6316}, - {0x226f, 16, 16, 6317}, - {0x0, 0, 1, 6317}, - {0x0, 0, 1, 6318}, - {0x0, 3, 4, 6319}, - {0x0, 0, 1, 6320}, - {0x0, 0, 13, 6321}, - {0x1d5, 16, 16, 6334}, - {0x0, 6, 7, 6334}, - {0x0, 7, 8, 6335}, - {0x2f9c5, 16, 16, 6336}, - {0x0, 0, 1, 6336}, - {0x0, 0, 1, 6337}, - {0x0, 3, 4, 6338}, - {0x0, 4, 5, 6339}, - {0x0, 5, 6, 6340}, - {0x1fb7, 16, 16, 6341}, - {0x1db, 16, 16, 6341}, - {0x1d7, 16, 16, 6341}, - {0x0, 3, 14, 6341}, - {0x1e71, 16, 16, 6352}, - {0x0, 0, 1, 6352}, - {0x2f924, 16, 16, 6353}, - {0x0, 0, 1, 6353}, - {0x0, 0, 1, 6354}, - {0x0, 3, 4, 6355}, - {0x0, 3, 4, 6356}, - {0x0, 8, 9, 6357}, - {0x2247, 16, 16, 6358}, - {0x0, 5, 6, 6358}, - {0x0, 6, 7, 6359}, - {0x2fa16, 16, 16, 6360}, - {0x0, 0, 1, 6360}, - {0x0, 0, 1, 6361}, - {0x0, 3, 4, 6362}, - {0x0, 4, 5, 6363}, - {0x0, 5, 6, 6364}, - {0x1f8a, 16, 16, 6365}, - {0x0, 14, 15, 6365}, - {0x2fa0d, 16, 16, 6366}, - {0x0, 1, 2, 6366}, - {0x2f8a0, 16, 16, 6367}, - {0x2f8e4, 16, 16, 6367}, - {0x0, 9, 10, 6367}, - {0x2f8cd, 16, 16, 6368}, - {0x0, 5, 10, 6368}, - {0x2f8d7, 16, 16, 6373}, - {0x1e90, 16, 16, 6373}, - {0x179, 16, 16, 6373}, - {0x2f981, 16, 16, 6373}, - {0x17b, 16, 16, 6373}, - {0x21b, 16, 16, 6373}, - {0x163, 16, 16, 6373}, - {0xfa4c, 16, 16, 6373}, - {0x1e6d, 16, 16, 6373}, - {0x37e, 16, 16, 6373}, - {0x1d9, 16, 16, 6373}, - {0x0, 0, 1, 6373}, - {0x0, 3, 4, 6374}, - {0x0, 0, 1, 6375}, - {0x0, 9, 10, 6376}, - {0x0, 9, 11, 6377}, - {0x30d7, 16, 16, 6379}, - {0x0, 0, 1, 6379}, - {0x0, 3, 4, 6380}, - {0x0, 0, 1, 6381}, - {0x0, 9, 10, 6382}, - {0x0, 9, 10, 6383}, - {0x3060, 16, 16, 6384}, - {0x0, 2, 6, 6384}, - {0x1f91, 16, 16, 6388}, - {0x1e16, 16, 16, 6388}, - {0x1f27, 16, 16, 6388}, - {0x0, 7, 8, 6388}, - {0x2f89e, 16, 16, 6389}, - {0x0, 9, 10, 6389}, - {0x2f8c3, 16, 16, 6390}, - {0x0, 1, 2, 6390}, - {0x2f83a, 16, 16, 6391}, - {0x0, 12, 13, 6391}, - {0x2f880, 16, 16, 6392}, - {0x2f989, 16, 16, 6392}, - {0xd1, 16, 16, 6392}, - {0x1f8, 16, 16, 6392}, - {0x143, 16, 16, 6392}, - {0x1e44, 16, 16, 6392}, - {0x0, 11, 12, 6392}, - {0x2f98e, 16, 16, 6393}, - {0x0, 11, 12, 6393}, - {0x2f933, 16, 16, 6394}, - {0x0, 10, 11, 6394}, - {0xf99b, 16, 16, 6395}, - {0x0, 0, 1, 6395}, - {0x1e75, 16, 16, 6396}, - {0x0, 0, 1, 6396}, - {0x0, 0, 1, 6397}, - {0x0, 3, 4, 6398}, - {0x0, 4, 5, 6399}, - {0x0, 5, 6, 6400}, - {0x1f8d, 16, 16, 6401}, - {0x30d6, 16, 16, 6401}, - {0x1f2b, 16, 16, 6401}, - {0x0, 2, 3, 6401}, - {0xf9ad, 16, 16, 6402}, - {0xf95d, 16, 16, 6402}, - {0x0, 0, 1, 6402}, - {0x0, 0, 1, 6403}, - {0x0, 3, 4, 6404}, - {0x0, 0, 3, 6405}, - {0x0, 3, 4, 6408}, - {0x1e7c, 16, 16, 6409}, - {0x0, 3, 4, 6409}, - {0x0, 14, 15, 6410}, - {0x2f977, 16, 16, 6411}, - {0x0, 0, 1, 6411}, - {0x0, 3, 4, 6412}, - {0x0, 0, 1, 6413}, - {0x0, 9, 10, 6414}, - {0x0, 9, 10, 6415}, - {0x305e, 16, 16, 6416}, - {0x0, 0, 1, 6416}, - {0x2f842, 16, 16, 6417}, - {0x0, 3, 4, 6417}, - {0x2f90a, 16, 16, 6418}, - {0x0, 0, 9, 6418}, - {0x38e, 16, 16, 6427}, - {0x0, 0, 1, 6427}, - {0xf9ee, 16, 16, 6428}, - {0x0, 15, 16, 6428}, - {0x2f80b, 16, 16, 6429}, - {0x0, 10, 11, 6429}, - {0xf919, 16, 16, 6430}, - {0xf912, 16, 16, 6430}, - {0x0, 13, 14, 6430}, - {0x0, 10, 11, 6431}, - {0x2f898, 16, 16, 6432}, - {0x211, 16, 16, 6432}, - {0x159, 16, 16, 6432}, - {0x0, 12, 13, 6432}, - {0xfa2b, 16, 16, 6433}, - {0x0, 10, 11, 6433}, - {0xf9bb, 16, 16, 6434}, - {0x0, 0, 1, 6434}, - {0x0, 0, 1, 6435}, - {0x0, 3, 4, 6436}, - {0x0, 4, 5, 6437}, - {0x0, 5, 6, 6438}, - {0x1f83, 16, 16, 6439}, - {0x1ff8, 16, 16, 6439}, - {0x0, 11, 12, 6439}, - {0x2f9d4, 16, 16, 6440}, - {0x0, 1, 12, 6440}, - {0x216, 16, 16, 6451}, - {0x0, 0, 1, 6451}, - {0x0, 0, 1, 6452}, - {0x0, 3, 4, 6453}, - {0x0, 0, 1, 6454}, - {0x0, 4, 5, 6455}, - {0x1e0, 16, 16, 6456}, - {0x0, 0, 16, 6456}, - {0x0, 6, 7, 6472}, - {0xfa37, 16, 16, 6473}, - {0x0, 0, 1, 6473}, - {0x0, 0, 1, 6474}, - {0x0, 3, 4, 6475}, - {0x0, 3, 4, 6476}, - {0x0, 8, 9, 6477}, - {0x22e3, 16, 16, 6478}, - {0x0, 0, 2, 6478}, - {0x1f6a, 16, 16, 6480}, - {0x1f6c, 16, 16, 6480}, - {0x137, 16, 16, 6480}, - {0x0, 3, 5, 6480}, - {0x1f51, 16, 16, 6482}, - {0x1f50, 16, 16, 6482}, - {0x0, 1, 2, 6482}, - {0x0, 5, 6, 6483}, - {0x2f9ec, 16, 16, 6484}, - {0x0, 14, 15, 6484}, - {0x2f8c2, 16, 16, 6485}, - {0x0, 13, 14, 6485}, - {0x2f99d, 16, 16, 6486}, - {0x1af, 16, 16, 6486}, - {0x0, 9, 10, 6486}, - {0xf9c7, 16, 16, 6487}, - {0x1e59, 16, 16, 6487}, - {0x4d3, 16, 16, 6487}, - {0x0, 0, 1, 6487}, - {0x0, 0, 1, 6488}, - {0x0, 3, 4, 6489}, - {0x0, 0, 1, 6490}, - {0x0, 7, 8, 6491}, - {0x1e1f, 16, 16, 6492}, - {0x0, 7, 8, 6492}, - {0x2f9bf, 16, 16, 6493}, - {0x0, 2, 5, 6493}, - {0xf73, 16, 16, 6496}, - {0xf75, 16, 16, 6496}, - {0x0, 8, 9, 6496}, - {0x2f83f, 16, 16, 6497}, - {0x0, 3, 5, 6497}, - {0x1f30, 16, 16, 6499}, - {0x1f31, 16, 16, 6499}, - {0x0, 15, 16, 6499}, - {0xf913, 16, 16, 6500}, - {0x0, 0, 11, 6500}, - {0x1e87, 16, 16, 6511}, - {0x0, 0, 2, 6511}, - {0x1fcd, 16, 16, 6513}, - {0x1fce, 16, 16, 6513}, - {0x175, 16, 16, 6513}, - {0x1e83, 16, 16, 6513}, - {0x1e81, 16, 16, 6513}, - {0x0, 12, 13, 6513}, - {0x2f8b8, 16, 16, 6514}, - {0x0, 5, 6, 6514}, - {0x1ffc, 16, 16, 6515}, - {0xfa45, 16, 16, 6515}, - {0x1e85, 16, 16, 6515}, - {0x0, 3, 9, 6515}, - {0x1ecc, 16, 16, 6521}, - {0x0, 0, 1, 6521}, - {0x0, 0, 1, 6522}, - {0x0, 11, 12, 6523}, - {0x0, 11, 12, 6524}, - {0x0, 14, 15, 6525}, - {0xbcb, 16, 16, 6526}, - {0x1ea, 16, 16, 6526}, - {0x0, 0, 1, 6526}, - {0x0, 0, 1, 6527}, - {0x0, 3, 4, 6528}, - {0x0, 3, 4, 6529}, - {0x0, 8, 9, 6530}, - {0x22ac, 16, 16, 6531}, - {0x0, 1, 2, 6531}, - {0x0, 10, 11, 6532}, - {0x2f9f7, 16, 16, 6533}, - {0x0, 12, 13, 6533}, - {0xf956, 16, 16, 6534}, - {0x0, 0, 1, 6534}, - {0x0, 0, 1, 6535}, - {0x0, 3, 4, 6536}, - {0x0, 0, 1, 6537}, - {0x0, 8, 9, 6538}, - {0x4f8, 16, 16, 6539}, - {0x0, 12, 16, 6539}, - {0xf9e9, 16, 16, 6543}, - {0xf97e, 16, 16, 6543}, - {0x0, 14, 15, 6543}, - {0x2f8af, 16, 16, 6544}, - {0x21f, 16, 16, 6544}, - {0x1e98, 16, 16, 6544}, - {0x0, 1, 2, 6544}, - {0x1e3a, 16, 16, 6545}, - {0x0, 7, 8, 6545}, - {0x9cc, 16, 16, 6546}, - {0x0, 3, 15, 6546}, - {0x1e2a, 16, 16, 6558}, - {0x0, 5, 16, 6558}, - {0x2fa1a, 16, 16, 6569}, - {0x2f81a, 16, 16, 6569}, - {0x0, 7, 12, 6569}, - {0x2f929, 16, 16, 6574}, - {0x0, 2, 16, 6574}, - {0xf94f, 16, 16, 6588}, - {0x0, 14, 15, 6588}, - {0xf920, 16, 16, 6589}, - {0x0, 10, 11, 6589}, - {0x0, 14, 15, 6590}, - {0x2f9cb, 16, 16, 6591}, - {0xf9a0, 16, 16, 6591}, - {0x1e28, 16, 16, 6591}, - {0x0, 1, 2, 6591}, - {0x2f8da, 16, 16, 6592}, - {0x1e24, 16, 16, 6592}, - {0x2fa19, 16, 16, 6592}, - {0xf9db, 16, 16, 6592}, - {0x0, 0, 1, 6592}, - {0x0, 0, 1, 6593}, - {0x0, 3, 4, 6594}, - {0x0, 0, 3, 6595}, - {0x0, 7, 8, 6598}, - {0x122, 16, 16, 6599}, - {0x0, 0, 2, 6599}, - {0x1f2a, 16, 16, 6601}, - {0x1f2c, 16, 16, 6601}, - {0x0, 0, 1, 6601}, - {0x0, 0, 1, 6602}, - {0x0, 3, 4, 6603}, - {0x0, 4, 5, 6604}, - {0x0, 5, 6, 6605}, - {0x1f93, 16, 16, 6606}, - {0x0, 14, 15, 6606}, - {0xbca, 16, 16, 6607}, - {0x0, 6, 7, 6607}, - {0x2f912, 16, 16, 6608}, - {0x0, 5, 6, 6608}, - {0x2f9f6, 16, 16, 6609}, - {0x0, 3, 4, 6609}, - {0x2f8dd, 16, 16, 6610}, - {0xf96a, 16, 16, 6610}, - {0x0, 14, 15, 6610}, - {0x2f90f, 16, 16, 6611}, - {0x0, 9, 10, 6611}, - {0x374, 16, 16, 6612}, - {0x0, 6, 11, 6612}, - {0xf998, 16, 16, 6617}, - {0x0, 4, 5, 6617}, - {0xfa3d, 16, 16, 6618}, - {0x0, 2, 6, 6618}, - {0x1f26, 16, 16, 6622}, - {0x0, 7, 15, 6622}, - {0x2f8c4, 16, 16, 6630}, - {0x0, 0, 1, 6630}, - {0x2f922, 16, 16, 6631}, - {0x0, 1, 2, 6631}, - {0xf96d, 16, 16, 6632}, - {0x0, 1, 2, 6632}, - {0x1e6f, 16, 16, 6633}, - {0x0, 0, 1, 6633}, - {0x0, 0, 1, 6634}, - {0x0, 3, 4, 6635}, - {0x0, 4, 5, 6636}, - {0x0, 5, 6, 6637}, - {0x1fa4, 16, 16, 6638}, - {0x0, 0, 1, 6638}, - {0x0, 0, 1, 6639}, - {0x0, 3, 4, 6640}, - {0x0, 0, 4, 6641}, - {0x0, 1, 13, 6645}, - {0x17e, 16, 16, 6657}, - {0x1f90, 16, 16, 6657}, - {0x0, 0, 2, 6657}, - {0x1f5b, 16, 16, 6659}, - {0x1f5d, 16, 16, 6659}, - {0x0, 5, 6, 6659}, - {0xfa04, 16, 16, 6660}, - {0x1f6e, 16, 16, 6660}, - {0x0, 0, 1, 6660}, - {0x0, 0, 1, 6661}, - {0x0, 3, 4, 6662}, - {0x0, 0, 3, 6663}, - {0x0, 1, 13, 6666}, - {0x11f, 16, 16, 6678}, - {0x121, 16, 16, 6678}, - {0x1e21, 16, 16, 6678}, - {0x11d, 16, 16, 6678}, - {0x1f5, 16, 16, 6678}, - {0x0, 3, 4, 6678}, - {0x2f8bc, 16, 16, 6679}, - {0x17c, 16, 16, 6679}, - {0x17a, 16, 16, 6679}, - {0x1e91, 16, 16, 6679}, - {0x0, 1, 2, 6679}, - {0x2f8b5, 16, 16, 6680}, - {0xf9d7, 16, 16, 6680}, - {0x2f8c6, 16, 16, 6680}, - {0x1e7, 16, 16, 6680}, - {0x0, 4, 5, 6680}, - {0xf943, 16, 16, 6681}, - {0x0, 0, 1, 6681}, - {0x0, 0, 1, 6682}, - {0x0, 3, 4, 6683}, - {0x0, 0, 1, 6684}, - {0x0, 0, 10, 6685}, - {0x1ed7, 16, 16, 6695}, - {0x0, 0, 1, 6695}, - {0x0, 0, 1, 6696}, - {0x0, 3, 4, 6697}, - {0x0, 4, 5, 6698}, - {0x0, 5, 6, 6699}, - {0x1f8f, 16, 16, 6700}, - {0x1ed1, 16, 16, 6700}, - {0x1ed3, 16, 16, 6700}, - {0x0, 2, 14, 6700}, - {0xf95e, 16, 16, 6712}, - {0x2f801, 16, 16, 6712}, - {0x1ed5, 16, 16, 6712}, - {0xf905, 16, 16, 6712}, - {0x0, 0, 2, 6712}, - {0x1f6d, 16, 16, 6714}, - {0x1f6b, 16, 16, 6714}, - {0x0, 10, 11, 6714}, - {0x2f808, 16, 16, 6715}, - {0x0, 15, 16, 6715}, - {0x0, 0, 1, 6716}, - {0x0, 0, 1, 6717}, - {0x0, 12, 13, 6718}, - {0x0, 13, 14, 6719}, - {0x0, 5, 6, 6720}, - {0xcc0, 16, 16, 6721}, - {0x0, 0, 16, 6721}, - {0x214, 16, 16, 6737}, - {0x0, 11, 12, 6737}, - {0xf953, 16, 16, 6738}, - {0x1d3, 16, 16, 6738}, - {0x170, 16, 16, 6738}, - {0x16e, 16, 16, 6738}, - {0x0, 3, 14, 6738}, - {0x1e77, 16, 16, 6749}, - {0x0, 3, 14, 6749}, - {0x13c, 16, 16, 6760}, - {0x1e37, 16, 16, 6760}, - {0x0, 0, 1, 6760}, - {0x0, 0, 1, 6761}, - {0x0, 3, 4, 6762}, - {0x0, 1, 2, 6763}, - {0x0, 4, 5, 6764}, - {0x1fec, 16, 16, 6765}, - {0x0, 14, 15, 6765}, - {0x0, 4, 5, 6766}, - {0x2f859, 16, 16, 6767}, - {0x2f800, 16, 16, 6767}, - {0x1e3d, 16, 16, 6767}, - {0x0, 0, 1, 6767}, - {0x0, 3, 4, 6768}, - {0x0, 0, 1, 6769}, - {0x0, 9, 10, 6770}, - {0x0, 9, 10, 6771}, - {0x304e, 16, 16, 6772}, - {0x0, 11, 15, 6772}, - {0x2f87e, 16, 16, 6776}, - {0x2f8cb, 16, 16, 6776}, - {0x1e84, 16, 16, 6776}, - {0x0, 0, 1, 6776}, - {0x0, 0, 1, 6777}, - {0x0, 3, 4, 6778}, - {0x0, 0, 1, 6779}, - {0x0, 1, 2, 6780}, - {0x403, 16, 16, 6781}, - {0x173, 16, 16, 6781}, - {0x1ee6, 16, 16, 6781}, - {0xdc, 16, 16, 6781}, - {0x1ee5, 16, 16, 6781}, - {0x16c, 16, 16, 6781}, - {0x16a, 16, 16, 6781}, - {0x168, 16, 16, 6781}, - {0xdb, 16, 16, 6781}, - {0x0, 8, 11, 6781}, - {0x0, 0, 1, 6784}, - {0x0, 0, 1, 6785}, - {0x0, 6, 7, 6786}, - {0x0, 5, 6, 6787}, - {0x0, 4, 5, 6788}, - {0x626, 16, 16, 6789}, - {0x1e73, 16, 16, 6789}, - {0x0, 5, 7, 6789}, - {0xcc7, 16, 16, 6791}, - {0x0, 0, 1, 6791}, - {0x0, 0, 1, 6792}, - {0x0, 3, 4, 6793}, - {0x0, 0, 3, 6794}, - {0x0, 0, 11, 6797}, - {0x233, 16, 16, 6808}, - {0x1e8f, 16, 16, 6808}, - {0xcc8, 16, 16, 6808}, - {0xfd, 16, 16, 6808}, - {0x1ef3, 16, 16, 6808}, - {0x1ef9, 16, 16, 6808}, - {0x177, 16, 16, 6808}, - {0x0, 12, 13, 6808}, - {0x2f812, 16, 16, 6809}, - {0x1ef7, 16, 16, 6809}, - {0xff, 16, 16, 6809}, - {0x1e80, 16, 16, 6809}, - {0x0, 14, 15, 6809}, - {0x2f83c, 16, 16, 6810}, - {0x0, 2, 3, 6810}, - {0x0, 0, 1, 6811}, - {0x0, 0, 1, 6812}, - {0x0, 11, 12, 6813}, - {0x0, 13, 14, 6814}, - {0x0, 7, 8, 6815}, - {0xb94, 16, 16, 6816}, - {0x0, 10, 11, 6816}, - {0x0, 11, 12, 6817}, - {0x2f961, 16, 16, 6818}, - {0x0, 1, 2, 6818}, - {0x213, 16, 16, 6819}, - {0x0, 1, 12, 6819}, - {0x1a0, 16, 16, 6830}, - {0x0, 0, 9, 6830}, - {0x3ca, 16, 16, 6839}, - {0x0, 11, 12, 6839}, - {0xf9f5, 16, 16, 6840}, - {0x3af, 16, 16, 6840}, - {0x1f76, 16, 16, 6840}, - {0x1fd1, 16, 16, 6840}, - {0x1fd0, 16, 16, 6840}, - {0x1e99, 16, 16, 6840}, - {0x0, 1, 2, 6840}, - {0xf9ca, 16, 16, 6841}, - {0x0, 1, 2, 6841}, - {0x2f802, 16, 16, 6842}, - {0x0, 0, 1, 6842}, - {0x0, 0, 1, 6843}, - {0x0, 6, 7, 6844}, - {0x0, 5, 6, 6845}, - {0x0, 4, 5, 6846}, - {0x624, 16, 16, 6847}, - {0x20e, 16, 16, 6847}, - {0x0, 0, 1, 6847}, - {0x0, 0, 1, 6848}, - {0x0, 3, 4, 6849}, - {0x0, 4, 5, 6850}, - {0x0, 5, 6, 6851}, - {0x1fae, 16, 16, 6852}, - {0x0, 4, 5, 6852}, - {0x2f8bd, 16, 16, 6853}, - {0x0, 9, 10, 6853}, - {0x2f949, 16, 16, 6854}, - {0x0, 4, 5, 6854}, - {0xf9a8, 16, 16, 6855}, - {0x0, 3, 9, 6855}, - {0x1e01, 16, 16, 6861}, - {0x1ea1, 16, 16, 6861}, - {0x1ef8, 16, 16, 6861}, - {0x0, 0, 16, 6861}, - {0x101, 16, 16, 6877}, - {0x105, 16, 16, 6877}, - {0x1f32, 16, 16, 6877}, - {0x0, 0, 1, 6877}, - {0x0, 3, 4, 6878}, - {0x0, 0, 1, 6879}, - {0x0, 9, 10, 6880}, - {0x0, 9, 10, 6881}, - {0x3069, 16, 16, 6882}, - {0x0, 1, 13, 6882}, - {0x139, 16, 16, 6894}, - {0x0, 12, 13, 6894}, - {0x2f9db, 16, 16, 6895}, - {0x0, 9, 10, 6895}, - {0xf96e, 16, 16, 6896}, - {0x0, 3, 4, 6896}, - {0x0, 0, 1, 6897}, - {0x2fa09, 16, 16, 6898}, - {0x0, 13, 14, 6898}, - {0xf99e, 16, 16, 6899}, - {0x0, 2, 3, 6899}, - {0x2f85e, 16, 16, 6900}, - {0x0, 13, 14, 6900}, - {0xf91f, 16, 16, 6901}, - {0x0, 13, 14, 6901}, - {0x2f91a, 16, 16, 6902}, - {0x13d, 16, 16, 6902}, - {0x0, 0, 1, 6902}, - {0x0, 3, 4, 6903}, - {0x0, 0, 1, 6904}, - {0x0, 9, 10, 6905}, - {0x0, 9, 10, 6906}, - {0x30f8, 16, 16, 6907}, - {0x0, 5, 6, 6907}, - {0x2f81d, 16, 16, 6908}, - {0x2f945, 16, 16, 6908}, - {0x0, 0, 1, 6908}, - {0x0, 3, 4, 6909}, - {0x0, 0, 1, 6910}, - {0x0, 9, 10, 6911}, - {0x0, 9, 10, 6912}, - {0x30fa, 16, 16, 6913}, - {0x0, 7, 12, 6913}, - {0xf929, 16, 16, 6918}, - {0x0, 14, 15, 6918}, - {0xf917, 16, 16, 6919}, - {0x0, 8, 12, 6919}, - {0xfa07, 16, 16, 6923}, - {0x0, 2, 6, 6923}, - {0x1f0e, 16, 16, 6927}, - {0x0, 0, 1, 6927}, - {0x0, 0, 1, 6928}, - {0x0, 3, 4, 6929}, - {0x0, 0, 1, 6930}, - {0x0, 1, 2, 6931}, - {0x45c, 16, 16, 6932}, - {0x1f88, 16, 16, 6932}, - {0x0, 0, 1, 6932}, - {0x0, 0, 1, 6933}, - {0x0, 3, 4, 6934}, - {0x0, 0, 1, 6935}, - {0x0, 0, 2, 6936}, - {0x1f4d, 16, 16, 6938}, - {0x1f4b, 16, 16, 6938}, - {0x0, 0, 1, 6938}, - {0x0, 0, 1, 6939}, - {0x0, 3, 4, 6940}, - {0x0, 3, 4, 6941}, - {0x0, 8, 9, 6942}, - {0x22eb, 16, 16, 6943}, - {0x0, 0, 1, 6943}, - {0x0, 0, 1, 6944}, - {0x0, 3, 4, 6945}, - {0x0, 3, 4, 6946}, - {0x0, 8, 9, 6947}, - {0x226e, 16, 16, 6948}, - {0x0, 0, 1, 6948}, - {0xf9cf, 16, 16, 6949}, - {0x0, 15, 16, 6949}, - {0x2f8f4, 16, 16, 6950}, - {0x0, 3, 5, 6950}, - {0x1f11, 16, 16, 6952}, - {0x1f10, 16, 16, 6952}, - {0x0, 0, 1, 6952}, - {0x0, 0, 1, 6953}, - {0x0, 3, 4, 6954}, - {0x0, 1, 2, 6955}, - {0x0, 3, 5, 6956}, - {0x1fe4, 16, 16, 6958}, - {0x2f9df, 16, 16, 6958}, - {0x1fe5, 16, 16, 6958}, - {0x0, 0, 1, 6958}, - {0x0, 3, 4, 6959}, - {0x0, 0, 1, 6960}, - {0x0, 9, 10, 6961}, - {0x0, 9, 10, 6962}, - {0x3067, 16, 16, 6963}, - {0x1f4c, 16, 16, 6963}, - {0x0, 6, 7, 6963}, - {0x0, 10, 11, 6964}, - {0xf987, 16, 16, 6965}, - {0x2f87f, 16, 16, 6965}, - {0x2f8d9, 16, 16, 6965}, - {0x0, 0, 1, 6965}, - {0xf990, 16, 16, 6966}, - {0x0, 0, 1, 6966}, - {0x2f879, 16, 16, 6967}, - {0x1f73, 16, 16, 6967}, - {0x0, 7, 8, 6967}, - {0x2f9f0, 16, 16, 6968}, - {0x1f77, 16, 16, 6968}, - {0x1f71, 0, 1, 6968}, - {0x0, 3, 4, 6969}, - {0x0, 1, 2, 6970}, - {0x2f892, 16, 16, 6971}, - {0x0, 1, 2, 6971}, - {0x1e95, 16, 16, 6972}, - {0x0, 0, 1, 6972}, - {0x0, 0, 1, 6973}, - {0x0, 3, 4, 6974}, - {0x0, 4, 5, 6975}, - {0x0, 5, 6, 6976}, - {0x1fa5, 16, 16, 6977}, - {0x0, 0, 1, 6977}, - {0x0, 3, 4, 6978}, - {0x0, 4, 5, 6979}, - {0x0, 5, 6, 6980}, - {0x1fb4, 16, 16, 6981}, - {0xf925, 16, 16, 6981}, - {0xda, 16, 16, 6981}, - {0x0, 6, 10, 6981}, - {0xf9cc, 16, 16, 6985}, - {0xf9e4, 16, 16, 6985}, - {0x0, 3, 14, 6985}, - {0x145, 16, 16, 6996}, - {0x1e46, 16, 16, 6996}, - {0x0, 3, 4, 6996}, - {0x0, 5, 6, 6997}, - {0x2f926, 16, 16, 6998}, - {0x0, 2, 3, 6998}, - {0x1fc1, 16, 16, 6999}, - {0x0, 11, 12, 6999}, - {0x2f9ff, 16, 16, 7000}, - {0x0, 5, 6, 7000}, - {0x2f955, 16, 16, 7001}, - {0x0, 0, 1, 7001}, - {0x0, 0, 1, 7002}, - {0x0, 3, 4, 7003}, - {0x0, 0, 1, 7004}, - {0x0, 7, 8, 7005}, - {0x1e66, 16, 16, 7006}, - {0x0, 0, 1, 7006}, - {0x0, 0, 1, 7007}, - {0x0, 3, 4, 7008}, - {0x0, 0, 1, 7009}, - {0x0, 8, 9, 7010}, - {0x4e6, 16, 16, 7011}, - {0x0, 1, 2, 7011}, - {0x1e3b, 16, 16, 7012}, - {0x0, 7, 8, 7012}, - {0x2f99e, 16, 16, 7013}, - {0x1e4a, 16, 16, 7013}, - {0xd9, 16, 16, 7013}, - {0x0, 3, 4, 7013}, - {0x1e7e, 16, 16, 7014}, - {0x0, 0, 1, 7014}, - {0x0, 0, 1, 7015}, - {0x0, 3, 4, 7016}, - {0x0, 0, 1, 7017}, - {0x0, 1, 9, 7018}, - {0x22d, 16, 16, 7026}, - {0x0, 0, 1, 7026}, - {0x0, 3, 4, 7027}, - {0x0, 0, 1, 7028}, - {0x0, 9, 10, 7029}, - {0x0, 9, 10, 7030}, - {0x30be, 16, 16, 7031}, - {0x1e4d, 16, 16, 7031}, - {0x1e4f, 16, 16, 7031}, - {0x0, 0, 1, 7031}, - {0x0, 0, 1, 7032}, - {0x0, 3, 4, 7033}, - {0x0, 3, 4, 7034}, - {0x0, 8, 9, 7035}, - {0x220c, 16, 16, 7036}, - {0x0, 4, 5, 7036}, - {0x2f84f, 16, 16, 7037}, - {0x0, 3, 12, 7037}, - {0xf931, 16, 16, 7046}, - {0x0, 3, 4, 7046}, - {0x2f849, 16, 16, 7047}, - {0x0, 0, 1, 7047}, - {0x0, 0, 1, 7048}, - {0x0, 3, 4, 7049}, - {0x0, 0, 1, 7050}, - {0x0, 0, 2, 7051}, - {0x1f1b, 16, 16, 7053}, - {0x1f1d, 16, 16, 7053}, - {0x0, 0, 1, 7053}, - {0x0, 0, 1, 7054}, - {0x0, 3, 4, 7055}, - {0x0, 0, 1, 7056}, - {0x0, 4, 5, 7057}, - {0x22b, 16, 16, 7058}, - {0x0, 8, 9, 7058}, - {0xfa38, 16, 16, 7059}, - {0x0, 7, 8, 7059}, - {0xc7, 16, 16, 7060}, - {0x0, 14, 15, 7060}, - {0x2f936, 16, 16, 7061}, - {0x0, 1, 9, 7061}, - {0xf948, 16, 16, 7069}, - {0x2f9d5, 16, 16, 7069}, - {0x0, 12, 13, 7069}, - {0x2f9a3, 16, 16, 7070}, - {0xf903, 16, 16, 7070}, - {0x2f8ed, 16, 16, 7070}, - {0x0, 8, 9, 7070}, - {0xf9b8, 16, 16, 7071}, - {0x0, 11, 12, 7071}, - {0x2f9da, 16, 16, 7072}, - {0x0, 0, 11, 7072}, - {0x2f9cf, 16, 16, 7083}, - {0x0, 0, 1, 7083}, - {0x0, 0, 1, 7084}, - {0x0, 3, 4, 7085}, - {0x0, 3, 4, 7086}, - {0x0, 8, 9, 7087}, - {0x2249, 16, 16, 7088}, - {0x0, 6, 8, 7088}, - {0x2f84b, 16, 16, 7090}, - {0x2f84d, 16, 16, 7090}, - {0x0, 6, 7, 7090}, - {0x2f821, 16, 16, 7091}, - {0x1ece, 16, 16, 7091}, - {0xd6, 16, 16, 7091}, - {0x22e, 16, 16, 7091}, - {0x14e, 16, 16, 7091}, - {0x14c, 16, 16, 7091}, - {0x0, 13, 14, 7091}, - {0x0, 10, 11, 7092}, - {0x2f97b, 16, 16, 7093}, - {0xd4, 16, 16, 7093}, - {0xd3, 16, 16, 7093}, - {0xd2, 16, 16, 7093}, - {0x1eb3, 16, 16, 7093}, - {0xfa40, 16, 16, 7093}, - {0x1eb5, 16, 16, 7093}, - {0x0, 13, 14, 7093}, - {0x2f854, 16, 16, 7094}, - {0x1eb1, 16, 16, 7094}, - {0x0, 14, 15, 7094}, - {0x2f890, 16, 16, 7095}, - {0x0, 8, 9, 7095}, - {0xfa67, 16, 16, 7096}, - {0x0, 10, 16, 7096}, - {0xdda, 16, 16, 7102}, - {0x0, 8, 9, 7102}, - {0xf9b4, 16, 16, 7103}, - {0xddc, 16, 16, 7103}, - {0xf9a1, 16, 16, 7103}, - {0x0, 0, 1, 7103}, - {0x0, 0, 1, 7104}, - {0x0, 3, 4, 7105}, - {0x0, 4, 5, 7106}, - {0x0, 5, 6, 7107}, - {0x1f8b, 16, 16, 7108}, - {0x0, 3, 4, 7108}, - {0x2f9f5, 16, 16, 7109}, - {0x0, 14, 15, 7109}, - {0x2f9b9, 16, 16, 7110}, - {0x20c, 16, 16, 7110}, - {0x0, 0, 1, 7110}, - {0x0, 0, 1, 7111}, - {0x0, 3, 4, 7112}, - {0x0, 3, 4, 7113}, - {0x0, 8, 9, 7114}, - {0x2284, 16, 16, 7115}, - {0x1d1, 16, 16, 7115}, - {0x150, 16, 16, 7115}, - {0x0, 7, 8, 7115}, - {0xfa5f, 16, 16, 7116}, - {0x0, 1, 13, 7116}, - {0x1e6, 16, 16, 7128}, - {0x0, 6, 7, 7128}, - {0x2f9fd, 16, 16, 7129}, - {0x0, 0, 1, 7129}, - {0x0, 5, 6, 7130}, - {0x2fa12, 16, 16, 7131}, - {0x0, 8, 10, 7131}, - {0x2fa04, 16, 16, 7133}, - {0xfa2c, 16, 16, 7133}, - {0x0, 15, 16, 7133}, - {0xf940, 16, 16, 7134}, - {0x0, 1, 2, 7134}, - {0xfa4b, 16, 16, 7135}, - {0x30d1, 16, 16, 7135}, - {0x0, 2, 11, 7135}, - {0x2f9f4, 16, 16, 7144}, - {0x0, 15, 16, 7144}, - {0xf94e, 16, 16, 7145}, - {0x0, 0, 1, 7145}, - {0x2f8d4, 16, 16, 7146}, - {0x1f00, 16, 16, 7146}, - {0x1f4, 16, 16, 7146}, - {0x11c, 16, 16, 7146}, - {0x1e20, 16, 16, 7146}, - {0x11e, 16, 16, 7146}, - {0x120, 16, 16, 7146}, - {0x0, 3, 4, 7146}, - {0x2f9f3, 16, 16, 7147}, - {0x0, 9, 10, 7147}, - {0xf9fb, 16, 16, 7148}, - {0x1fef, 16, 16, 7148}, - {0xf9ab, 16, 16, 7148}, - {0x0, 3, 4, 7148}, - {0xf94c, 16, 16, 7149}, - {0x0, 0, 1, 7149}, - {0x0, 0, 1, 7150}, - {0x0, 3, 4, 7151}, - {0x0, 4, 5, 7152}, - {0x0, 5, 6, 7153}, - {0x1f96, 16, 16, 7154}, - {0x0, 0, 1, 7154}, - {0x2f96a, 16, 16, 7155}, - {0x1f72, 16, 16, 7155}, - {0x0, 7, 12, 7155}, - {0x2f90c, 16, 16, 7160}, - {0x0, 0, 11, 7160}, - {0x2f9d1, 16, 16, 7171}, - {0x0, 0, 1, 7171}, - {0x0, 0, 1, 7172}, - {0x0, 3, 4, 7173}, - {0x0, 0, 1, 7174}, - {0x0, 1, 2, 7175}, - {0x40c, 16, 16, 7176}, - {0x0, 2, 12, 7176}, - {0x2f89a, 16, 16, 7186}, - {0x0, 7, 8, 7186}, - {0x123, 16, 16, 7187}, - {0x0, 5, 7, 7187}, - {0xf974, 16, 16, 7189}, - {0x2f996, 16, 16, 7189}, - {0x0, 3, 4, 7189}, - {0x1e93, 16, 16, 7190}, - {0x0, 2, 3, 7190}, - {0x1fe7, 16, 16, 7191}, - {0x0, 2, 3, 7191}, - {0x2f9fc, 16, 16, 7192}, - {0x2f90b, 16, 16, 7192}, - {0xf95a, 16, 16, 7192}, - {0x0, 3, 5, 7192}, - {0xfa02, 16, 16, 7194}, - {0x2f8b6, 16, 16, 7194}, - {0x0, 1, 2, 7194}, - {0x1e48, 16, 16, 7195}, - {0x4e4, 16, 16, 7195}, - {0x4e2, 16, 16, 7195}, - {0x0, 0, 1, 7195}, - {0x0, 0, 1, 7196}, - {0x0, 3, 4, 7197}, - {0x0, 3, 4, 7198}, - {0x0, 8, 9, 7199}, - {0x2278, 16, 16, 7200}, - {0x419, 16, 16, 7200}, - {0x0, 1, 2, 7200}, - {0x2f9c0, 16, 16, 7201}, - {0x2f899, 16, 16, 7201}, - {0x1e72, 16, 16, 7201}, - {0x0, 4, 5, 7201}, - {0xf98e, 16, 16, 7202}, - {0x0, 5, 6, 7202}, - {0x2f92b, 16, 16, 7203}, - {0x0, 0, 1, 7203}, - {0x2f9fa, 16, 16, 7204}, - {0x0, 3, 14, 7204}, - {0x1e0d, 16, 16, 7215}, - {0x0, 6, 7, 7215}, - {0x2f9f2, 16, 16, 7216}, - {0x1e11, 16, 16, 7216}, - {0x0, 14, 15, 7216}, - {0x2f851, 16, 16, 7217}, - {0x0, 6, 7, 7217}, - {0x2f9f9, 16, 16, 7218}, - {0x0, 2, 3, 7218}, - {0xf9f9, 16, 16, 7219}, - {0x0, 14, 15, 7219}, - {0xf9a5, 16, 16, 7220}, - {0x10f, 16, 16, 7220}, - {0x0, 2, 6, 7220}, - {0x1f0f, 16, 16, 7224}, - {0x1f89, 16, 16, 7224}, - {0x0, 15, 16, 7224}, - {0x0, 0, 1, 7225}, - {0x0, 0, 1, 7226}, - {0x0, 3, 4, 7227}, - {0x0, 0, 1, 7228}, - {0x0, 7, 8, 7229}, - {0x1e9b, 16, 16, 7230}, - {0x1e13, 16, 16, 7230}, - {0x0, 0, 3, 7230}, - {0x2f84a, 16, 16, 7233}, - {0xfa0d, 16, 16, 7233}, - {0x0, 1, 2, 7233}, - {0x2fa14, 16, 16, 7234}, - {0x0, 12, 13, 7234}, - {0x2f9ad, 16, 16, 7235}, - {0x0, 10, 12, 7235}, - {0xf9ff, 16, 16, 7237}, - {0x2f820, 16, 16, 7237}, - {0x0, 1, 2, 7237}, - {0x2f84e, 16, 16, 7238}, - {0x1fe8, 16, 16, 7238}, - {0x1e58, 16, 16, 7238}, - {0x1fe9, 16, 16, 7238}, - {0x1fea, 16, 16, 7238}, - {0x0, 13, 14, 7238}, - {0x2f8f7, 16, 16, 7239}, - {0x0, 0, 1, 7239}, - {0x0, 0, 1, 7240}, - {0x0, 3, 4, 7241}, - {0x0, 4, 5, 7242}, - {0x0, 5, 6, 7243}, - {0x1f97, 16, 16, 7244}, - {0x3ab, 16, 16, 7244}, - {0x0, 3, 4, 7244}, - {0xf9f1, 16, 16, 7245}, - {0x210, 16, 16, 7245}, - {0x2f9a2, 16, 16, 7245}, - {0x158, 16, 16, 7245}, - {0x0, 5, 6, 7245}, - {0x2f9c8, 16, 16, 7246}, - {0x0, 0, 2, 7246}, - {0x1fc8, 16, 16, 7248}, - {0x388, 16, 16, 7248}, - {0x0, 12, 13, 7248}, - {0xf9cb, 16, 16, 7249}, - {0x0, 1, 2, 7249}, - {0xfa62, 16, 16, 7250}, - {0x0, 9, 10, 7250}, - {0xf9a9, 16, 16, 7251}, - {0x0, 14, 15, 7251}, - {0xf9b6, 16, 16, 7252}, - {0x0, 5, 6, 7252}, - {0xf9e3, 16, 16, 7253}, - {0x0, 11, 12, 7253}, - {0xf9ce, 16, 16, 7254}, - {0x0, 3, 4, 7254}, - {0x1ef5, 16, 16, 7255}, - {0x0, 1, 2, 7255}, - {0x1e49, 16, 16, 7256}, - {0x0, 0, 1, 7256}, - {0x0, 0, 1, 7257}, - {0x0, 3, 4, 7258}, - {0x0, 0, 1, 7259}, - {0x0, 0, 2, 7260}, - {0x1f1c, 16, 16, 7262}, - {0x1f1a, 16, 16, 7262}, - {0x0, 3, 4, 7262}, - {0xf99a, 16, 16, 7263}, - {0xe4, 16, 16, 7263}, - {0x1ea3, 16, 16, 7263}, - {0x0, 0, 1, 7263}, - {0x0, 3, 4, 7264}, - {0x0, 0, 1, 7265}, - {0x0, 9, 10, 7266}, - {0x0, 9, 10, 7267}, - {0x3054, 16, 16, 7268}, - {0x0, 1, 3, 7268}, - {0x2f856, 16, 16, 7270}, - {0x2f857, 16, 16, 7270}, - {0xe0, 16, 16, 7270}, - {0xe1, 16, 16, 7270}, - {0xe2, 16, 16, 7270}, - {0xe3, 16, 16, 7270}, - {0x0, 9, 10, 7270}, - {0x2f82c, 16, 16, 7271}, - {0x103, 16, 16, 7271}, - {0x227, 16, 16, 7271}, - {0x0, 0, 1, 7271}, - {0x0, 0, 1, 7272}, - {0x0, 3, 4, 7273}, - {0x0, 0, 1, 7274}, - {0x0, 0, 2, 7275}, - {0x1f13, 16, 16, 7277}, - {0x1f15, 16, 16, 7277}, - {0x0, 1, 2, 7277}, - {0x2f930, 16, 16, 7278}, - {0x0, 0, 2, 7278}, - {0x1f62, 16, 16, 7280}, - {0x1f64, 16, 16, 7280}, - {0x0, 2, 3, 7280}, - {0xf938, 16, 16, 7281}, - {0x0, 12, 13, 7281}, - {0xf93b, 16, 16, 7282}, - {0x0, 6, 7, 7282}, - {0xf935, 16, 16, 7283}, - {0x0, 0, 1, 7283}, - {0x0, 0, 1, 7284}, - {0x0, 3, 4, 7285}, - {0x0, 4, 5, 7286}, - {0x0, 5, 6, 7287}, - {0x1f8c, 16, 16, 7288}, - {0x0, 0, 1, 7288}, - {0x0, 0, 1, 7289}, - {0x0, 3, 4, 7290}, - {0x0, 0, 1, 7291}, - {0x0, 2, 3, 7292}, - {0x1ed9, 16, 16, 7293}, - {0xe5, 16, 16, 7293}, - {0x1ce, 16, 16, 7293}, - {0x0, 11, 12, 7293}, - {0x2f9a7, 16, 16, 7294}, - {0x201, 16, 16, 7294}, - {0x0, 11, 12, 7294}, - {0x2f990, 16, 16, 7295}, - {0x0, 6, 7, 7295}, - {0x2f85c, 16, 16, 7296}, - {0x0, 0, 1, 7296}, - {0x0, 0, 1, 7297}, - {0x0, 3, 4, 7298}, - {0x0, 4, 5, 7299}, - {0x0, 5, 6, 7300}, - {0x1fa3, 16, 16, 7301}, - {0x0, 6, 7, 7301}, - {0x2f9aa, 16, 16, 7302}, - {0x0, 6, 7, 7302}, - {0xf9b0, 16, 16, 7303}, - {0x0, 1, 3, 7303}, - {0x2f881, 16, 16, 7305}, - {0x2f882, 16, 16, 7305}, - {0x0, 2, 3, 7305}, - {0xf9c1, 16, 16, 7306}, - {0x0, 2, 7, 7306}, - {0xfa03, 16, 16, 7311}, - {0x0, 10, 11, 7311}, - {0x2f932, 16, 16, 7312}, - {0x2f966, 16, 16, 7312}, - {0x0, 10, 11, 7312}, - {0xf9ec, 16, 16, 7313}, - {0x1e50, 16, 16, 7313}, - {0x0, 6, 7, 7313}, - {0xfa61, 16, 16, 7314}, - {0x0, 1, 13, 7314}, - {0x109, 16, 16, 7326}, - {0x107, 16, 16, 7326}, - {0x10b, 16, 16, 7326}, - {0x0, 1, 2, 7326}, - {0x0, 0, 1, 7327}, - {0x0, 0, 1, 7328}, - {0x0, 6, 7, 7329}, - {0x0, 5, 6, 7330}, - {0x0, 4, 5, 7331}, - {0x6c2, 16, 16, 7332}, - {0x0, 2, 3, 7332}, - {0xf9bf, 16, 16, 7333}, - {0x0, 0, 1, 7333}, - {0x0, 0, 1, 7334}, - {0x2fa1d, 16, 16, 7335}, - {0x0, 3, 4, 7335}, - {0x1ef4, 16, 16, 7336}, - {0x0, 14, 15, 7336}, - {0x2f9dd, 16, 16, 7337}, - {0x0, 0, 4, 7337}, - {0x2f9c4, 16, 16, 7341}, - {0x0, 0, 1, 7341}, - {0x0, 0, 1, 7342}, - {0x0, 3, 4, 7343}, - {0x0, 4, 5, 7344}, - {0x0, 5, 6, 7345}, - {0x1f87, 16, 16, 7346}, - {0x2f9c3, 16, 16, 7346}, - {0x0, 11, 12, 7346}, - {0xf964, 16, 16, 7347}, - {0x0, 12, 15, 7347}, - {0xfa15, 16, 16, 7350}, - {0xf954, 16, 16, 7350}, - {0x0, 2, 3, 7350}, - {0xf946, 16, 16, 7351}, - {0x0, 0, 1, 7351}, - {0x0, 0, 1, 7352}, - {0x0, 3, 4, 7353}, - {0x0, 3, 4, 7354}, - {0x0, 8, 9, 7355}, - {0x2226, 16, 16, 7356}, - {0x1f79, 16, 16, 7356}, - {0x0, 0, 1, 7356}, - {0x0, 0, 1, 7357}, - {0x0, 3, 4, 7358}, - {0x0, 3, 4, 7359}, - {0x0, 8, 9, 7360}, - {0x21ce, 16, 16, 7361}, - {0x1d4, 16, 16, 7361}, - {0x1f7b, 16, 16, 7361}, - {0x10d, 16, 16, 7361}, - {0x0, 2, 10, 7361}, - {0x2f96f, 16, 16, 7369}, - {0xfa58, 16, 16, 7369}, -}; - -const unsigned short _wind_canon_next_table[] = { - 1, - 0, - 46, - 29, - 15, - 73, - 64, - 11, - 6, - 24, - 38, - 2, - 42, - 722, - 2119, - 3, - 140, - 1467, - 221, - 325, - 285, - 682, - 360, - 729, - 1610, - 635, - 106, - 2045, - 510, - 2830, - 0, - 0, - 0, - 0, - 0, - 748, - 1101, - 4614, - 273, - 0, - 4, - 0, - 0, - 4440, - 5, - 0, - 10, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 97, - 224, - 1388, - 270, - 249, - 1440, - 550, - 3741, - 2040, - 7, - 419, - 54, - 109, - 883, - 1230, - 275, - 336, - 4348, - 0, - 0, - 4568, - 3216, - 2891, - 0, - 0, - 0, - 0, - 1305, - 0, - 0, - 8, - 4480, - 937, - 112, - 0, - 0, - 0, - 0, - 0, - 0, - 9, - 1532, - 2106, - 1144, - 236, - 1215, - 1449, - 1624, - 0, - 0, - 12, - 194, - 1718, - 1680, - 3611, - 217, - 398, - 13, - 0, - 0, - 0, - 0, - 4477, - 14, - 2316, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 328, - 16, - 553, - 3511, - 17, - 646, - 732, - 426, - 532, - 57, - 0, - 0, - 0, - 278, - 1790, - 0, - 0, - 658, - 695, - 2327, - 3451, - 3868, - 18, - 666, - 4417, - 4518, - 391, - 1640, - 1458, - 567, - 340, - 2209, - 2458, - 1747, - 19, - 20, - 21, - 22, - 23, - 1307, - 304, - 1254, - 227, - 750, - 51, - 1120, - 1576, - 467, - 1270, - 2751, - 25, - 1647, - 183, - 1785, - 363, - 1315, - 0, - 1982, - 0, - 0, - 2474, - 0, - 1656, - 0, - 4178, - 4486, - 26, - 28, - 27, - 132, - 82, - 346, - 186, - 98, - 0, - 30, - 0, - 0, - 1028, - 0, - 1050, - 739, - 113, - 0, - 2135, - 1415, - 0, - 4020, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 4647, - 31, - 3197, - 0, - 0, - 32, - 33, - 34, - 35, - 36, - 37, - 354, - 809, - 436, - 1736, - 39, - 547, - 708, - 1945, - 850, - 367, - 594, - 1651, - 388, - 416, - 1251, - 705, - 4230, - 0, - 1894, - 0, - 886, - 424, - 40, - 4586, - 2250, - 1941, - 0, - 0, - 4635, - 41, - 1224, - 1391, - 813, - 1807, - 3757, - 308, - 442, - 43, - 439, - 121, - 4198, - 1596, - 1298, - 529, - 1244, - 1948, - 4367, - 4591, - 2500, - 2808, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 4473, - 44, - 45, - 239, - 1073, - 1218, - 543, - 506, - 124, - 47, - 128, - 772, - 725, - 291, - 3715, - 357, - 3693, - 4339, - 759, - 0, - 2181, - 0, - 0, - 0, - 3076, - 48, - 2065, - 0, - 3213, - 49, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1375, - 50, - 1333, - 0, - 1993, - 1665, - 0, - 52, - 0, - 0, - 1352, - 0, - 3457, - 53, - 1249, - 55, - 0, - 0, - 0, - 1627, - 0, - 0, - 0, - 0, - 1920, - 56, - 2143, - 0, - 0, - 0, - 58, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2970, - 59, - 60, - 61, - 62, - 63, - 65, - 0, - 0, - 0, - 1683, - 403, - 1593, - 1555, - 862, - 2420, - 151, - 259, - 1010, - 2377, - 2719, - 385, - 2542, - 0, - 0, - 0, - 826, - 894, - 66, - 610, - 0, - 2676, - 513, - 90, - 452, - 1152, - 1560, - 470, - 3342, - 0, - 0, - 67, - 0, - 4191, - 0, - 4103, - 0, - 0, - 0, - 0, - 0, - 0, - 1443, - 68, - 69, - 70, - 71, - 72, - 539, - 985, - 74, - 1870, - 0, - 675, - 1542, - 75, - 0, - 1085, - 210, - 2259, - 2582, - 498, - 295, - 76, - 0, - 3605, - 0, - 0, - 4323, - 0, - 0, - 0, - 0, - 1741, - 77, - 78, - 79, - 80, - 81, - 2790, - 587, - 0, - 0, - 978, - 1368, - 83, - 4492, - 0, - 0, - 161, - 2601, - 0, - 0, - 628, - 4245, - 2052, - 0, - 0, - 0, - 0, - 0, - 0, - 2488, - 2098, - 1037, - 84, - 85, - 86, - 87, - 88, - 89, - 372, - 0, - 154, - 0, - 3528, - 0, - 1493, - 0, - 91, - 0, - 1275, - 0, - 4271, - 0, - 2079, - 92, - 93, - 94, - 95, - 96, - 3288, - 1345, - 1907, - 99, - 1176, - 2738, - 0, - 3255, - 0, - 0, - 0, - 0, - 0, - 1615, - 2341, - 764, - 0, - 0, - 1103, - 0, - 1711, - 2982, - 100, - 143, - 0, - 4150, - 0, - 0, - 0, - 3444, - 101, - 102, - 103, - 104, - 105, - 527, - 881, - 0, - 0, - 0, - 0, - 0, - 107, - 0, - 0, - 0, - 4111, - 4319, - 0, - 2519, - 2853, - 108, - 1939, - 0, - 0, - 110, - 0, - 0, - 0, - 0, - 3917, - 0, - 0, - 0, - 2192, - 1883, - 1470, - 1202, - 111, - 318, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 114, - 2770, - 0, - 0, - 115, - 116, - 117, - 118, - 119, - 120, - 4389, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2672, - 0, - 2002, - 0, - 0, - 122, - 123, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 179, - 925, - 125, - 0, - 0, - 1310, - 0, - 1686, - 0, - 0, - 1571, - 3387, - 4056, - 1539, - 0, - 0, - 3187, - 126, - 0, - 954, - 127, - 1047, - 0, - 0, - 1771, - 0, - 0, - 3590, - 0, - 3849, - 3246, - 0, - 0, - 129, - 0, - 0, - 433, - 130, - 131, - 3069, - 133, - 197, - 168, - 1797, - 0, - 0, - 579, - 1377, - 445, - 2552, - 460, - 2528, - 1957, - 1845, - 134, - 2847, - 901, - 1326, - 3859, - 3234, - 1193, - 993, - 753, - 3534, - 520, - 2171, - 2023, - 135, - 136, - 137, - 138, - 0, - 4306, - 181, - 182, - 0, - 0, - 0, - 0, - 180, - 0, - 0, - 0, - 0, - 139, - 842, - 1889, - 1537, - 0, - 2198, - 3252, - 0, - 0, - 0, - 2711, - 3762, - 3357, - 4313, - 4259, - 141, - 142, - 144, - 145, - 146, - 147, - 160, - 0, - 0, - 0, - 150, - 0, - 149, - 0, - 148, - 3760, - 0, - 0, - 0, - 152, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2861, - 153, - 155, - 156, - 157, - 158, - 159, - 1382, - 1759, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 162, - 163, - 164, - 165, - 166, - 0, - 958, - 799, - 167, - 0, - 175, - 0, - 0, - 0, - 0, - 0, - 177, - 4413, - 312, - 479, - 792, - 561, - 169, - 3769, - 3920, - 1487, - 230, - 1065, - 2427, - 3365, - 573, - 1452, - 204, - 170, - 171, - 172, - 962, - 1366, - 173, - 2855, - 174, - 0, - 0, - 0, - 176, - 178, - 0, - 0, - 0, - 0, - 220, - 3165, - 0, - 2515, - 4072, - 0, - 3470, - 2736, - 685, - 0, - 0, - 0, - 4065, - 956, - 1426, - 184, - 185, - 1529, - 1199, - 0, - 0, - 0, - 0, - 0, - 0, - 1294, - 252, - 187, - 406, - 263, - 802, - 3985, - 0, - 0, - 0, - 188, - 0, - 0, - 0, - 2521, - 0, - 0, - 4211, - 4207, - 1549, - 4210, - 189, - 190, - 191, - 3706, - 192, - 193, - 195, - 4482, - 0, - 0, - 0, - 4447, - 196, - 3144, - 0, - 198, - 1689, - 1971, - 3023, - 3687, - 844, - 1257, - 816, - 2650, - 199, - 200, - 201, - 1569, - 202, - 623, - 1006, - 203, - 205, - 206, - 207, - 2194, - 208, - 2835, - 209, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1869, - 2545, - 2111, - 0, - 0, - 4458, - 3207, - 0, - 0, - 3111, - 491, - 243, - 211, - 212, - 213, - 214, - 215, - 216, - 218, - 0, - 0, - 3956, - 4074, - 0, - 0, - 0, - 2374, - 0, - 2864, - 0, - 2217, - 0, - 4093, - 219, - 4624, - 0, - 0, - 0, - 0, - 3181, - 0, - 0, - 0, - 0, - 0, - 1313, - 0, - 0, - 222, - 223, - 225, - 0, - 960, - 0, - 0, - 0, - 0, - 3964, - 0, - 2070, - 0, - 0, - 3710, - 3722, - 1821, - 226, - 228, - 0, - 2337, - 2010, - 1739, - 3930, - 0, - 2844, - 0, - 2205, - 0, - 4089, - 229, - 231, - 232, - 233, - 234, - 2125, - 1147, - 1504, - 1852, - 1853, - 1854, - 1855, - 1856, - 0, - 1857, - 0, - 1858, - 1859, - 0, - 0, - 235, - 0, - 0, - 1893, - 2151, - 0, - 0, - 2478, - 0, - 237, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 3627, - 238, - 3084, - 0, - 0, - 0, - 240, - 3098, - 0, - 3417, - 0, - 2733, - 288, - 4042, - 241, - 0, - 3183, - 242, - 244, - 245, - 246, - 247, - 248, - 1464, - 1829, - 0, - 2409, - 4575, - 250, - 0, - 1026, - 0, - 0, - 0, - 0, - 422, - 3040, - 3298, - 3659, - 311, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 251, - 3254, - 1774, - 0, - 0, - 0, - 253, - 0, - 378, - 0, - 2976, - 0, - 0, - 0, - 0, - 0, - 2353, - 254, - 255, - 256, - 4532, - 257, - 262, - 258, - 3195, - 260, - 0, - 0, - 2060, - 0, - 0, - 0, - 0, - 3061, - 261, - 4183, - 0, - 0, - 0, - 2127, - 0, - 0, - 0, - 1703, - 2090, - 1263, - 4685, - 4693, - 264, - 265, - 266, - 267, - 268, - 269, - 1017, - 644, - 271, - 4507, - 4332, - 0, - 0, - 3482, - 3765, - 3492, - 3442, - 3526, - 3205, - 2857, - 2559, - 701, - 272, - 307, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 274, - 2989, - 3322, - 0, - 0, - 1608, - 4469, - 0, - 0, - 2068, - 302, - 1380, - 276, - 626, - 4351, - 277, - 3593, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 279, - 280, - 281, - 282, - 3789, - 0, - 0, - 0, - 283, - 284, - 4369, - 0, - 286, - 0, - 0, - 0, - 3021, - 3494, - 1812, - 0, - 0, - 2284, - 0, - 0, - 4465, - 287, - 289, - 290, - 1317, - 4386, - 2437, - 292, - 0, - 0, - 4656, - 293, - 294, - 2033, - 4164, - 296, - 3461, - 297, - 298, - 299, - 300, - 301, - 1015, - 0, - 0, - 1016, - 0, - 0, - 303, - 1905, - 0, - 2597, - 2301, - 305, - 2348, - 2104, - 3179, - 0, - 3830, - 0, - 2359, - 306, - 309, - 0, - 477, - 4208, - 310, - 313, - 314, - 315, - 4099, - 316, - 4095, - 317, - 319, - 3561, - 320, - 321, - 322, - 3163, - 0, - 323, - 324, - 4595, - 326, - 4122, - 2012, - 0, - 1788, - 719, - 0, - 2058, - 0, - 2075, - 0, - 0, - 0, - 3390, - 327, - 1058, - 0, - 712, - 408, - 0, - 0, - 0, - 329, - 1629, - 1110, - 330, - 2162, - 331, - 332, - 333, - 334, - 335, - 0, - 0, - 0, - 339, - 3940, - 0, - 3286, - 0, - 0, - 337, - 4436, - 0, - 1343, - 871, - 1287, - 0, - 1301, - 3655, - 0, - 2995, - 338, - 341, - 342, - 343, - 344, - 345, - 347, - 0, - 0, - 0, - 0, - 0, - 0, - 3013, - 0, - 3885, - 3735, - 2293, - 919, - 348, - 0, - 0, - 0, - 0, - 1396, - 2223, - 349, - 350, - 351, - 352, - 353, - 2502, - 0, - 2168, - 1591, - 0, - 0, - 355, - 0, - 4411, - 4124, - 0, - 1008, - 3222, - 402, - 0, - 0, - 0, - 0, - 0, - 0, - 401, - 0, - 0, - 0, - 0, - 0, - 356, - 3038, - 0, - 2386, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 358, - 359, - 2866, - 0, - 0, - 0, - 0, - 3271, - 0, - 361, - 4641, - 362, - 4399, - 0, - 364, - 0, - 0, - 0, - 3883, - 0, - 0, - 0, - 0, - 0, - 3876, - 0, - 1922, - 2314, - 366, - 365, - 3249, - 1663, - 1241, - 1558, - 1903, - 2215, - 368, - 0, - 4541, - 0, - 687, - 0, - 3490, - 370, - 369, - 371, - 373, - 374, - 375, - 376, - 377, - 379, - 380, - 381, - 382, - 865, - 0, - 0, - 1924, - 383, - 384, - 3670, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 386, - 387, - 1408, - 0, - 0, - 2423, - 0, - 0, - 4484, - 0, - 2946, - 0, - 4633, - 389, - 1864, - 0, - 0, - 0, - 1879, - 390, - 392, - 393, - 394, - 3865, - 0, - 0, - 0, - 395, - 396, - 0, - 0, - 397, - 399, - 0, - 1969, - 0, - 3392, - 2333, - 400, - 404, - 405, - 407, - 1019, - 0, - 0, - 0, - 2745, - 0, - 1136, - 0, - 415, - 0, - 0, - 0, - 0, - 0, - 2949, - 835, - 409, - 410, - 411, - 412, - 413, - 414, - 653, - 4423, - 4176, - 3845, - 0, - 0, - 0, - 417, - 0, - 0, - 0, - 2599, - 2291, - 1934, - 0, - 0, - 3574, - 418, - 4616, - 420, - 4120, - 0, - 1510, - 1862, - 762, - 1191, - 0, - 0, - 0, - 0, - 0, - 3095, - 3484, - 421, - 505, - 0, - 0, - 0, - 0, - 0, - 0, - 423, - 425, - 999, - 597, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 427, - 428, - 429, - 430, - 3914, - 0, - 0, - 0, - 431, - 432, - 434, - 435, - 437, - 1581, - 1239, - 0, - 3895, - 4677, - 0, - 3603, - 3274, - 0, - 0, - 1507, - 0, - 0, - 3082, - 438, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1726, - 4241, - 4357, - 703, - 440, - 0, - 1043, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2797, - 3720, - 441, - 2824, - 0, - 2177, - 0, - 0, - 1092, - 1434, - 0, - 4525, - 4317, - 4409, - 0, - 443, - 3123, - 459, - 444, - 1512, - 0, - 855, - 446, - 3312, - 970, - 0, - 0, - 2722, - 0, - 0, - 0, - 0, - 1838, - 447, - 448, - 449, - 450, - 451, - 1523, - 0, - 0, - 3410, - 0, - 689, - 0, - 453, - 0, - 0, - 0, - 0, - 0, - 0, - 875, - 454, - 455, - 456, - 457, - 458, - 1727, - 0, - 2305, - 928, - 485, - 461, - 0, - 0, - 2278, - 0, - 0, - 0, - 0, - 1823, - 462, - 463, - 464, - 465, - 466, - 1932, - 0, - 0, - 0, - 468, - 0, - 0, - 1303, - 0, - 3423, - 469, - 4127, - 471, - 4136, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2464, - 472, - 473, - 474, - 475, - 476, - 478, - 480, - 481, - 482, - 483, - 0, - 3191, - 873, - 484, - 486, - 487, - 488, - 489, - 490, - 0, - 0, - 497, - 492, - 493, - 494, - 495, - 496, - 3810, - 0, - 0, - 0, - 0, - 0, - 604, - 2380, - 0, - 499, - 500, - 501, - 502, - 503, - 504, - 3552, - 1954, - 0, - 0, - 951, - 4236, - 3402, - 0, - 0, - 0, - 507, - 0, - 0, - 2868, - 2608, - 0, - 0, - 0, - 0, - 0, - 508, - 509, - 3887, - 4146, - 0, - 0, - 511, - 0, - 0, - 2252, - 0, - 2122, - 512, - 3117, - 0, - 0, - 0, - 0, - 1695, - 0, - 888, - 0, - 514, - 515, - 516, - 517, - 518, - 519, - 521, - 522, - 523, - 524, - 0, - 1296, - 525, - 0, - 0, - 0, - 0, - 0, - 526, - 528, - 2580, - 0, - 0, - 0, - 0, - 1991, - 0, - 0, - 0, - 530, - 531, - 3472, - 786, - 3153, - 4618, - 3901, - 4217, - 2388, - 3042, - 2452, - 2697, - 533, - 2908, - 2873, - 1753, - 4083, - 1402, - 534, - 535, - 536, - 537, - 538, - 540, - 542, - 541, - 2449, - 0, - 544, - 1667, - 934, - 0, - 2403, - 0, - 3160, - 0, - 868, - 0, - 1133, - 3542, - 2266, - 2186, - 545, - 546, - 548, - 4308, - 0, - 1670, - 1967, - 2289, - 0, - 0, - 0, - 0, - 0, - 0, - 3487, - 549, - 3702, - 0, - 0, - 0, - 2401, - 1428, - 0, - 672, - 1045, - 551, - 4289, - 4500, - 552, - 941, - 554, - 1337, - 3724, - 2535, - 2509, - 1599, - 4665, - 779, - 1355, - 3614, - 4361, - 4597, - 3676, - 638, - 3948, - 555, - 556, - 557, - 1979, - 0, - 0, - 0, - 558, - 559, - 0, - 0, - 560, - 562, - 563, - 564, - 565, - 0, - 4475, - 1430, - 566, - 0, - 0, - 0, - 0, - 4488, - 568, - 569, - 570, - 571, - 572, - 574, - 575, - 576, - 1804, - 0, - 577, - 578, - 580, - 581, - 582, - 583, - 584, - 0, - 0, - 0, - 4239, - 585, - 586, - 1815, - 588, - 589, - 590, - 591, - 592, - 3190, - 593, - 3819, - 0, - 0, - 2153, - 0, - 0, - 0, - 770, - 0, - 0, - 0, - 2688, - 0, - 595, - 596, - 598, - 599, - 600, - 601, - 0, - 0, - 0, - 2004, - 602, - 603, - 605, - 606, - 607, - 608, - 609, - 3435, - 0, - 0, - 1585, - 0, - 0, - 611, - 0, - 0, - 617, - 612, - 613, - 614, - 615, - 616, - 950, - 618, - 619, - 620, - 621, - 940, - 622, - 624, - 0, - 0, - 0, - 625, - 627, - 629, - 1208, - 630, - 631, - 632, - 633, - 634, - 3269, - 2006, - 0, - 0, - 0, - 0, - 3731, - 0, - 4310, - 636, - 637, - 639, - 640, - 641, - 642, - 643, - 645, - 1170, - 1320, - 0, - 0, - 0, - 0, - 0, - 0, - 1832, - 647, - 648, - 649, - 650, - 651, - 0, - 0, - 0, - 2133, - 3450, - 652, - 654, - 655, - 4063, - 3782, - 0, - 0, - 656, - 657, - 2885, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 659, - 660, - 661, - 662, - 663, - 0, - 0, - 0, - 2063, - 665, - 664, - 667, - 668, - 669, - 670, - 671, - 674, - 0, - 0, - 673, - 676, - 0, - 4679, - 677, - 678, - 679, - 680, - 681, - 2966, - 3324, - 0, - 0, - 683, - 0, - 4663, - 0, - 0, - 0, - 0, - 0, - 1117, - 1149, - 1567, - 1865, - 684, - 686, - 688, - 690, - 691, - 692, - 693, - 694, - 696, - 697, - 698, - 699, - 0, - 0, - 0, - 3891, - 700, - 2696, - 702, - 0, - 0, - 0, - 0, - 2247, - 704, - 706, - 1228, - 800, - 0, - 2859, - 0, - 0, - 0, - 3278, - 711, - 0, - 0, - 0, - 0, - 0, - 0, - 707, - 747, - 3266, - 0, - 0, - 4631, - 0, - 777, - 0, - 0, - 0, - 0, - 0, - 709, - 0, - 1574, - 2565, - 710, - 1673, - 713, - 714, - 715, - 716, - 717, - 718, - 720, - 0, - 721, - 3508, - 0, - 0, - 0, - 4626, - 0, - 723, - 1205, - 3975, - 0, - 1965, - 2339, - 776, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 724, - 2072, - 3816, - 0, - 2900, - 726, - 0, - 0, - 0, - 0, - 0, - 4115, - 727, - 728, - 4321, - 0, - 0, - 1499, - 1071, - 730, - 731, - 0, - 0, - 0, - 0, - 0, - 3686, - 2394, - 2643, - 0, - 0, - 0, - 0, - 0, - 0, - 733, - 4157, - 734, - 735, - 736, - 737, - 738, - 4197, - 740, - 0, - 0, - 0, - 0, - 0, - 0, - 3966, - 1159, - 741, - 742, - 743, - 744, - 745, - 746, - 749, - 2517, - 0, - 0, - 0, - 3657, - 3893, - 0, - 1363, - 0, - 0, - 751, - 752, - 754, - 755, - 756, - 1867, - 0, - 1168, - 757, - 758, - 760, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2623, - 761, - 763, - 765, - 766, - 767, - 768, - 769, - 0, - 3768, - 771, - 2350, - 0, - 1289, - 0, - 0, - 0, - 773, - 0, - 2914, - 774, - 775, - 778, - 780, - 781, - 782, - 783, - 0, - 0, - 0, - 4148, - 784, - 785, - 787, - 788, - 789, - 2219, - 0, - 0, - 0, - 790, - 791, - 0, - 0, - 798, - 793, - 794, - 795, - 4643, - 0, - 796, - 797, - 801, - 0, - 0, - 0, - 0, - 861, - 803, - 804, - 805, - 806, - 807, - 812, - 0, - 0, - 0, - 0, - 0, - 0, - 808, - 1914, - 0, - 2611, - 0, - 0, - 810, - 0, - 0, - 1432, - 3708, - 811, - 1166, - 0, - 0, - 0, - 1769, - 0, - 0, - 0, - 0, - 0, - 814, - 841, - 815, - 817, - 818, - 819, - 820, - 0, - 4659, - 823, - 822, - 821, - 4098, - 825, - 0, - 0, - 824, - 834, - 833, - 827, - 0, - 0, - 0, - 0, - 2482, - 0, - 3996, - 0, - 3381, - 828, - 829, - 830, - 831, - 832, - 836, - 837, - 838, - 839, - 840, - 843, - 845, - 846, - 847, - 848, - 0, - 1583, - 4046, - 849, - 853, - 0, - 0, - 0, - 0, - 854, - 4005, - 851, - 0, - 4545, - 0, - 4593, - 4394, - 0, - 0, - 2882, - 0, - 0, - 4672, - 852, - 856, - 857, - 858, - 859, - 860, - 1124, - 0, - 0, - 0, - 2433, - 2048, - 0, - 0, - 0, - 0, - 3569, - 0, - 863, - 864, - 866, - 867, - 4516, - 0, - 0, - 0, - 0, - 0, - 0, - 869, - 870, - 872, - 874, - 876, - 877, - 878, - 879, - 880, - 4396, - 882, - 1658, - 0, - 2361, - 2656, - 0, - 0, - 884, - 0, - 1410, - 0, - 0, - 0, - 4205, - 916, - 0, - 915, - 0, - 918, - 917, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 885, - 887, - 889, - 890, - 891, - 892, - 893, - 2837, - 0, - 4562, - 0, - 1926, - 0, - 895, - 0, - 3048, - 0, - 2627, - 0, - 3696, - 0, - 3645, - 896, - 897, - 898, - 899, - 900, - 902, - 903, - 904, - 905, - 1292, - 1638, - 1952, - 910, - 911, - 908, - 909, - 914, - 0, - 912, - 913, - 906, - 907, - 0, - 0, - 947, - 0, - 0, - 948, - 920, - 921, - 922, - 923, - 924, - 926, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2229, - 927, - 929, - 930, - 931, - 932, - 933, - 935, - 936, - 939, - 0, - 0, - 0, - 0, - 938, - 942, - 943, - 944, - 2311, - 0, - 0, - 0, - 945, - 946, - 0, - 0, - 949, - 952, - 953, - 955, - 957, - 959, - 961, - 966, - 967, - 968, - 969, - 963, - 0, - 964, - 965, - 976, - 977, - 0, - 0, - 1014, - 0, - 0, - 1013, - 971, - 972, - 973, - 974, - 975, - 979, - 2660, - 980, - 981, - 982, - 983, - 4640, - 984, - 1126, - 0, - 0, - 0, - 986, - 1472, - 0, - 987, - 0, - 4686, - 988, - 989, - 990, - 991, - 992, - 994, - 995, - 996, - 997, - 998, - 1000, - 1001, - 1002, - 1003, - 0, - 0, - 0, - 2368, - 1005, - 1004, - 1007, - 1009, - 2233, - 0, - 0, - 1011, - 1012, - 1018, - 0, - 0, - 0, - 1025, - 1020, - 1021, - 1022, - 1412, - 1023, - 0, - 0, - 2799, - 4403, - 1024, - 1123, - 0, - 1119, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1027, - 0, - 1036, - 2442, - 1029, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1078, - 1030, - 0, - 0, - 3173, - 1031, - 1032, - 1033, - 1034, - 1035, - 1038, - 1039, - 1040, - 1041, - 1042, - 1044, - 1046, - 0, - 0, - 0, - 1094, - 1048, - 1049, - 1051, - 0, - 0, - 0, - 0, - 4049, - 0, - 0, - 1184, - 1052, - 1053, - 1054, - 1055, - 1056, - 0, - 3108, - 1057, - 1281, - 1059, - 1060, - 1061, - 1062, - 1063, - 1064, - 1066, - 1067, - 1068, - 1069, - 1070, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1142, - 1072, - 3991, - 0, - 1987, - 0, - 0, - 2577, - 0, - 2879, - 0, - 1074, - 1709, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1075, - 1077, - 0, - 1076, - 1079, - 1080, - 1081, - 1082, - 1083, - 0, - 3836, - 1084, - 1478, - 0, - 0, - 1086, - 1095, - 1087, - 1088, - 1089, - 1090, - 1091, - 1093, - 0, - 0, - 1109, - 1096, - 1097, - 1098, - 1099, - 1100, - 1102, - 1104, - 1105, - 1106, - 1107, - 1108, - 1111, - 4603, - 1112, - 1113, - 1114, - 1115, - 1116, - 3852, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1118, - 2021, - 0, - 0, - 3625, - 0, - 0, - 2625, - 2303, - 2658, - 0, - 2589, - 2904, - 0, - 0, - 1121, - 1122, - 0, - 0, - 0, - 1207, - 1125, - 2923, - 0, - 3373, - 0, - 1127, - 1128, - 1129, - 1130, - 1131, - 1132, - 1134, - 1135, - 1137, - 1138, - 1139, - 1484, - 1140, - 0, - 0, - 2785, - 1143, - 1141, - 2440, - 0, - 1810, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1145, - 1146, - 1151, - 0, - 0, - 0, - 0, - 1148, - 1222, - 0, - 0, - 0, - 0, - 0, - 0, - 1150, - 2414, - 0, - 0, - 3639, - 0, - 0, - 2494, - 0, - 0, - 1153, - 1154, - 1155, - 1156, - 1157, - 1158, - 1214, - 3089, - 0, - 0, - 0, - 1160, - 1161, - 1162, - 1163, - 1164, - 1165, - 1204, - 0, - 0, - 0, - 1167, - 1169, - 0, - 0, - 0, - 1183, - 1171, - 1172, - 1173, - 2506, - 0, - 0, - 0, - 1174, - 1175, - 1177, - 0, - 0, - 0, - 3127, - 0, - 0, - 0, - 1233, - 0, - 3545, - 1178, - 1179, - 1180, - 1181, - 2768, - 0, - 1182, - 0, - 2776, - 0, - 0, - 2818, - 1185, - 3803, - 1186, - 1187, - 1188, - 3874, - 0, - 1189, - 1190, - 1192, - 1194, - 1195, - 1196, - 1197, - 3087, - 3425, - 2425, - 2781, - 2782, - 2779, - 2780, - 2778, - 0, - 1201, - 2777, - 2769, - 1198, - 0, - 0, - 2823, - 0, - 0, - 2820, - 1200, - 1203, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1223, - 1206, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1227, - 1209, - 1210, - 1211, - 1212, - 1213, - 1216, - 0, - 0, - 0, - 0, - 0, - 3668, - 1217, - 2275, - 0, - 4212, - 0, - 0, - 1219, - 0, - 0, - 0, - 0, - 1660, - 1220, - 1221, - 4558, - 4353, - 0, - 0, - 0, - 1225, - 3785, - 1885, - 0, - 0, - 1520, - 0, - 0, - 3067, - 1226, - 1229, - 1701, - 0, - 0, - 3309, - 2997, - 4002, - 3661, - 0, - 0, - 0, - 4397, - 0, - 0, - 4628, - 1231, - 1232, - 1234, - 1235, - 1236, - 1237, - 1238, - 1240, - 1243, - 1242, - 3847, - 0, - 0, - 0, - 0, - 0, - 4392, - 0, - 1247, - 0, - 1245, - 1654, - 0, - 0, - 2575, - 1246, - 1248, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1273, - 1250, - 4695, - 0, - 0, - 1252, - 1605, - 1253, - 4203, - 2043, - 2363, - 0, - 0, - 3420, - 0, - 0, - 0, - 0, - 0, - 3935, - 1255, - 4451, - 0, - 2077, - 4228, - 0, - 0, - 0, - 0, - 0, - 1256, - 1258, - 1259, - 1260, - 1261, - 1262, - 1274, - 1264, - 1265, - 1266, - 1267, - 0, - 0, - 0, - 4445, - 1269, - 1268, - 2906, - 0, - 0, - 1271, - 0, - 0, - 0, - 0, - 0, - 1535, - 0, - 0, - 0, - 2783, - 1272, - 1276, - 1277, - 1278, - 1279, - 1280, - 1282, - 1283, - 1284, - 1285, - 1286, - 1288, - 1290, - 1291, - 1293, - 3557, - 3556, - 0, - 3560, - 1295, - 3525, - 0, - 3524, - 0, - 3523, - 3522, - 1297, - 1299, - 3319, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1394, - 1300, - 1302, - 3571, - 0, - 0, - 0, - 1304, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 3624, - 1306, - 0, - 0, - 0, - 1336, - 1308, - 0, - 0, - 0, - 0, - 0, - 0, - 3622, - 3889, - 0, - 0, - 2269, - 0, - 1622, - 1309, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1335, - 1311, - 1312, - 1314, - 1316, - 1318, - 1319, - 1321, - 1322, - 1323, - 1324, - 0, - 0, - 0, - 2810, - 1325, - 1332, - 1327, - 1328, - 1329, - 1330, - 1331, - 1334, - 1338, - 1339, - 1340, - 1341, - 1342, - 1344, - 3240, - 0, - 0, - 4006, - 0, - 1346, - 2690, - 2940, - 3138, - 0, - 4430, - 0, - 0, - 0, - 4251, - 1347, - 1348, - 1349, - 1350, - 1354, - 0, - 0, - 0, - 0, - 0, - 1351, - 0, - 1362, - 1353, - 1356, - 1357, - 1358, - 1359, - 0, - 0, - 0, - 4489, - 1361, - 1360, - 1365, - 0, - 0, - 1364, - 1367, - 1369, - 3349, - 1370, - 1371, - 1372, - 1373, - 1374, - 1376, - 1379, - 0, - 0, - 1378, - 1425, - 1381, - 1383, - 1384, - 1385, - 2029, - 0, - 1386, - 1387, - 2050, - 2435, - 1389, - 1782, - 2812, - 3101, - 3276, - 2109, - 3227, - 4674, - 0, - 4133, - 1436, - 0, - 0, - 1437, - 0, - 1438, - 0, - 0, - 0, - 1390, - 1392, - 0, - 0, - 0, - 0, - 3712, - 0, - 0, - 0, - 0, - 3478, - 3827, - 2821, - 1439, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1393, - 1395, - 1397, - 1398, - 1399, - 1400, - 1401, - 1403, - 1404, - 1405, - 1406, - 1407, - 1409, - 1411, - 1414, - 1413, - 0, - 0, - 1423, - 0, - 1424, - 1416, - 1417, - 1418, - 1419, - 1420, - 2413, - 1421, - 1422, - 1427, - 1429, - 1431, - 1433, - 1435, - 1860, - 1441, - 0, - 2179, - 3151, - 0, - 3780, - 0, - 0, - 4047, - 2683, - 4118, - 0, - 0, - 0, - 2207, - 1442, - 1444, - 1445, - 1446, - 1447, - 1509, - 1448, - 4611, - 0, - 0, - 1765, - 1450, - 0, - 0, - 0, - 0, - 0, - 0, - 3775, - 0, - 3134, - 1451, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1506, - 1453, - 1454, - 1455, - 2117, - 0, - 1456, - 4549, - 1502, - 0, - 0, - 0, - 1503, - 0, - 0, - 0, - 0, - 0, - 1457, - 1459, - 1460, - 1461, - 1462, - 1463, - 1465, - 1466, - 1877, - 4113, - 4380, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1468, - 1880, - 1469, - 3012, - 0, - 0, - 0, - 0, - 0, - 0, - 1471, - 1473, - 1474, - 1475, - 1476, - 1477, - 1479, - 1480, - 1481, - 1482, - 1483, - 1486, - 1485, - 1488, - 1489, - 1490, - 2470, - 0, - 1767, - 1491, - 1492, - 1494, - 1495, - 1496, - 1497, - 1498, - 1500, - 0, - 0, - 0, - 1501, - 1505, - 1508, - 1511, - 1513, - 1514, - 1515, - 1516, - 1517, - 1518, - 0, - 1519, - 0, - 0, - 0, - 0, - 0, - 1522, - 1521, - 1524, - 1525, - 1526, - 1527, - 1528, - 1530, - 1531, - 0, - 0, - 0, - 0, - 0, - 0, - 2637, - 3193, - 0, - 0, - 4091, - 1891, - 0, - 0, - 0, - 0, - 1533, - 0, - 0, - 0, - 0, - 2184, - 1534, - 1536, - 1538, - 1540, - 1541, - 1543, - 1544, - 1545, - 1546, - 1547, - 1548, - 1550, - 1551, - 1552, - 1553, - 1554, - 1556, - 1557, - 1580, - 0, - 0, - 0, - 0, - 0, - 1579, - 0, - 0, - 0, - 0, - 0, - 0, - 3060, - 1559, - 1561, - 1562, - 1563, - 1564, - 1565, - 1566, - 1568, - 1570, - 0, - 0, - 0, - 0, - 0, - 4513, - 0, - 0, - 0, - 0, - 4529, - 0, - 0, - 4527, - 1572, - 1573, - 1575, - 4401, - 4142, - 3854, - 0, - 3229, - 2960, - 0, - 2287, - 1943, - 1613, - 0, - 0, - 0, - 0, - 0, - 1577, - 1722, - 0, - 0, - 0, - 0, - 0, - 0, - 1578, - 1582, - 0, - 0, - 3268, - 1584, - 1586, - 1587, - 1588, - 1589, - 3081, - 1590, - 1592, - 1636, - 1594, - 1595, - 1597, - 0, - 0, - 0, - 0, - 2613, - 1598, - 1600, - 1601, - 1602, - 1603, - 1604, - 1606, - 0, - 0, - 0, - 1607, - 1609, - 4537, - 0, - 0, - 2254, - 0, - 1611, - 0, - 0, - 4428, - 1612, - 1614, - 1616, - 1897, - 1617, - 1618, - 1619, - 1620, - 1621, - 1623, - 4530, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1625, - 1984, - 1626, - 1628, - 3280, - 1630, - 1631, - 1632, - 1633, - 1634, - 1635, - 1637, - 1650, - 0, - 0, - 0, - 1646, - 1639, - 0, - 0, - 0, - 0, - 1672, - 1641, - 1642, - 1643, - 1644, - 0, - 0, - 0, - 2937, - 3683, - 1645, - 2324, - 0, - 1648, - 0, - 3576, - 0, - 0, - 3058, - 2816, - 0, - 4543, - 1649, - 1652, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 3306, - 1653, - 1655, - 1657, - 0, - 0, - 0, - 0, - 1679, - 1659, - 3795, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1661, - 1662, - 1664, - 0, - 3635, - 1666, - 2248, - 0, - 0, - 0, - 1668, - 0, - 0, - 3880, - 3663, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1669, - 1671, - 1674, - 1675, - 1676, - 1677, - 1678, - 3620, - 0, - 1681, - 2621, - 1682, - 2245, - 0, - 2273, - 0, - 1684, - 1685, - 1687, - 0, - 0, - 0, - 0, - 0, - 0, - 2633, - 0, - 0, - 4243, - 1688, - 1690, - 1691, - 1692, - 1693, - 0, - 2370, - 1724, - 1725, - 0, - 0, - 0, - 0, - 1723, - 0, - 0, - 0, - 0, - 1694, - 1696, - 1697, - 1698, - 1699, - 1700, - 1702, - 1704, - 1705, - 1706, - 1707, - 2476, - 0, - 0, - 3467, - 2062, - 1708, - 1710, - 1712, - 1713, - 1714, - 1715, - 1717, - 0, - 0, - 0, - 0, - 0, - 1721, - 0, - 1716, - 1719, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 3558, - 1720, - 1728, - 1729, - 1730, - 1731, - 1733, - 1734, - 0, - 1732, - 0, - 0, - 0, - 0, - 0, - 1735, - 1737, - 0, - 0, - 0, - 0, - 2271, - 3843, - 0, - 4471, - 3684, - 0, - 4144, - 1738, - 1740, - 1742, - 1743, - 1744, - 1745, - 1746, - 1748, - 1749, - 1750, - 1751, - 1752, - 1754, - 1755, - 1756, - 1757, - 1758, - 1760, - 1761, - 1762, - 2406, - 0, - 1763, - 1764, - 1766, - 1851, - 0, - 0, - 0, - 1844, - 0, - 0, - 0, - 0, - 0, - 0, - 1768, - 1770, - 1772, - 1773, - 1775, - 1776, - 1777, - 1778, - 2085, - 0, - 0, - 3063, - 1779, - 1780, - 0, - 0, - 1784, - 0, - 1781, - 1783, - 2190, - 3056, - 0, - 0, - 0, - 1786, - 0, - 0, - 4535, - 0, - 4638, - 4426, - 2962, - 1787, - 1831, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1789, - 1791, - 1792, - 1793, - 1794, - 1795, - 1796, - 2014, - 0, - 2591, - 2754, - 2931, - 3006, - 2239, - 3167, - 1798, - 4030, - 3907, - 1799, - 1800, - 1801, - 1802, - 1803, - 1814, - 1805, - 0, - 0, - 0, - 0, - 0, - 1806, - 1808, - 0, - 0, - 0, - 3672, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2159, - 1809, - 1811, - 1813, - 1816, - 1817, - 1818, - 1819, - 1820, - 3653, - 1822, - 1824, - 1825, - 1826, - 1827, - 1828, - 1830, - 1833, - 1834, - 1835, - 3105, - 0, - 0, - 0, - 1836, - 1837, - 1839, - 1840, - 1841, - 1842, - 1843, - 1846, - 1847, - 1848, - 2787, - 0, - 2149, - 1849, - 1850, - 1861, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1887, - 1863, - 3714, - 0, - 1866, - 1868, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1888, - 2713, - 0, - 0, - 0, - 0, - 1871, - 0, - 0, - 4279, - 1872, - 1873, - 1874, - 1875, - 1876, - 1878, - 1882, - 0, - 1881, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1896, - 1884, - 1886, - 1890, - 1892, - 1895, - 1898, - 1899, - 1900, - 1901, - 1902, - 1904, - 1936, - 0, - 0, - 0, - 1938, - 0, - 0, - 0, - 1906, - 0, - 1916, - 1908, - 0, - 0, - 0, - 2801, - 0, - 0, - 0, - 3821, - 0, - 2893, - 1909, - 1910, - 1911, - 1912, - 1919, - 0, - 1918, - 0, - 1913, - 0, - 0, - 1937, - 1917, - 0, - 0, - 0, - 1915, - 1921, - 1923, - 1925, - 1927, - 1928, - 1929, - 1930, - 1931, - 1933, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 1951, - 1935, - 1940, - 1942, - 1944, - 3897, - 2257, - 0, - 0, - 2685, - 0, - 0, - 0, - 1946, - 1947, - 3840, - 3567, - 0, - 2958, - 0, - 0, - 0, - 0, - 1949, - 3225, - 1950, - 1953, - 1955, - 1956, - 1958, - 1959, - 1960, - 1961, - 2335, - 2669, - 2000, - 2001, - 1998, - 1999, - 1997, - 0, - 1995, - 1996, - 2008, - 2009, - 1964, - 0, - 1963, - 0, - 0, - 1962, - 1966, - 1968, - 1986, - 0, - 0, - 0, - 0, - 1970, - 1972, - 1973, - 1974, - 2635, - 0, - 1975, - 2299, - 1978, - 0, - 0, - 1976, - 1977, - 0, - 0, - 0, - 0, - 0, - 1990, - 1981, - 1980, - 1983, - 1985, - 1988, - 0, - 0, - 0, - 3394, - 1989, - 1992, - 1994, - 2003, - 2005, - 2007, - 2011, - 2013, - 2015, - 2016, - 2017, - 2018, - 2020, - 0, - 0, - 0, - 0, - 0, - 2019, - 2022, - 2024, - 2025, - 2026, - 2027, - 4061, - 3801, - 4344, - 4343, - 4342, - 2028, - 4338, - 0, - 4337, - 4336, - 4335, - 4334, - 0, - 4379, - 4378, - 0, - 0, - 4371, - 2032, - 2031, - 0, - 2030, - 0, - 0, - 0, - 0, - 0, - 2039, - 2034, - 2035, - 2036, - 2037, - 2038, - 4329, - 0, - 0, - 0, - 0, - 0, - 0, - 2814, - 0, - 0, - 0, - 2041, - 0, - 0, - 3079, - 2042, - 2044, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2087, - 2365, - 2046, - 2047, - 2049, - 2097, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2051, - 2053, - 2054, - 2055, - 2056, - 2057, - 2059, - 2061, - 2064, - 2066, - 2067, - 2069, - 2071, - 3878, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2073, - 2074, - 2076, - 2089, - 0, - 2078, - 2080, - 2081, - 2082, - 2083, - 2084, - 2086, - 2088, - 2091, - 2092, - 2093, - 2094, - 0, - 0, - 0, - 3400, - 2095, - 2096, - 2099, - 2100, - 2101, - 2102, - 2103, - 2105, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2222, - 2107, - 2108, - 2110, - 0, - 2929, - 2112, - 2113, - 2114, - 2115, - 2116, - 2157, - 2158, - 0, - 2161, - 0, - 0, - 0, - 2156, - 0, - 0, - 0, - 0, - 2118, - 3219, - 0, - 0, - 2120, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2833, - 2504, - 2121, - 2124, - 0, - 0, - 0, - 0, - 0, - 2123, - 2126, - 2128, - 2129, - 2130, - 3428, - 3754, - 0, - 0, - 2131, - 2132, - 2134, - 2136, - 2137, - 2138, - 2139, - 2140, - 3777, - 2141, - 2142, - 2144, - 2145, - 2146, - 2147, - 2148, - 2150, - 2152, - 2189, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2155, - 0, - 0, - 0, - 0, - 2154, - 2160, - 2163, - 2164, - 2165, - 2166, - 2167, - 0, - 0, - 0, - 2170, - 2169, - 2172, - 2173, - 2174, - 2175, - 0, - 4233, - 4454, - 3665, - 3666, - 0, - 3664, - 0, - 0, - 0, - 3667, - 0, - 0, - 0, - 0, - 2176, - 2232, - 0, - 2178, - 2180, - 2182, - 3136, - 2183, - 2185, - 2187, - 0, - 0, - 3185, - 2188, - 2191, - 2193, - 2202, - 2201, - 2204, - 2203, - 2197, - 0, - 2200, - 2367, - 2196, - 2195, - 0, - 2238, - 2237, - 0, - 0, - 2236, - 2199, - 2206, - 2208, - 2210, - 2211, - 2212, - 2213, - 2214, - 2216, - 2218, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2235, - 2221, - 2220, - 2224, - 2225, - 2226, - 2227, - 2228, - 2230, - 2231, - 2234, - 2240, - 2241, - 2242, - 2871, - 0, - 2243, - 2244, - 2246, - 2249, - 2251, - 0, - 0, - 0, - 2256, - 2253, - 2255, - 4135, - 2258, - 4372, - 2762, - 0, - 0, - 3000, - 2260, - 2261, - 2262, - 2263, - 2264, - 2265, - 2267, - 2268, - 2270, - 2272, - 0, - 0, - 0, - 0, - 2286, - 2274, - 0, - 2326, - 2667, - 2276, - 2277, - 2279, - 2280, - 2281, - 2282, - 2283, - 2957, - 0, - 2956, - 0, - 0, - 0, - 0, - 0, - 2948, - 2285, - 2288, - 2290, - 2292, - 2294, - 2295, - 2296, - 2297, - 2298, - 2300, - 2302, - 2304, - 2306, - 2307, - 2308, - 2309, - 2310, - 2312, - 2313, - 2315, - 2317, - 2318, - 2319, - 2320, - 2321, - 2322, - 2323, - 2325, - 2328, - 2329, - 2330, - 2331, - 0, - 0, - 0, - 3651, - 3273, - 2332, - 2334, - 0, - 0, - 0, - 2930, - 2336, - 2338, - 2340, - 2342, - 3502, - 2343, - 2344, - 2345, - 2346, - 2347, - 2349, - 2731, - 2351, - 2352, - 2354, - 2355, - 2356, - 2357, - 3408, - 3730, - 2358, - 4346, - 0, - 0, - 0, - 2360, - 2362, - 2364, - 2366, - 2369, - 2373, - 0, - 0, - 2372, - 2371, - 2376, - 0, - 0, - 0, - 2375, - 3704, - 0, - 0, - 0, - 0, - 0, - 2378, - 2379, - 2381, - 2382, - 2383, - 2384, - 2385, - 2387, - 2389, - 2390, - 2391, - 2392, - 2393, - 2395, - 2396, - 2397, - 2398, - 2399, - 2400, - 2402, - 2404, - 2405, - 2407, - 2408, - 0, - 2411, - 0, - 0, - 0, - 0, - 0, - 2412, - 2410, - 2415, - 2416, - 2417, - 2418, - 2419, - 2480, - 2421, - 0, - 3065, - 2422, - 2424, - 2426, - 2428, - 2429, - 2430, - 3054, - 0, - 2431, - 3432, - 2432, - 0, - 0, - 0, - 3753, - 2434, - 2436, - 2438, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 4503, - 2439, - 2441, - 2443, - 2444, - 2445, - 2446, - 2447, - 2448, - 2450, - 2451, - 2453, - 2454, - 2455, - 3750, - 0, - 0, - 0, - 2456, - 3919, - 0, - 0, - 2457, - 2459, - 2460, - 2461, - 2462, - 2463, - 2465, - 2466, - 2467, - 2468, - 2469, - 2473, - 0, - 0, - 0, - 0, - 2472, - 2471, - 0, - 0, - 0, - 3832, - 2475, - 2477, - 2481, - 2479, - 2483, - 2484, - 2485, - 2486, - 2487, - 2489, - 2490, - 2491, - 2492, - 2493, - 2495, - 2496, - 2497, - 2498, - 2499, - 2551, - 2501, - 2508, - 0, - 0, - 2503, - 2541, - 0, - 0, - 0, - 0, - 2505, - 4102, - 2507, - 2510, - 2511, - 2512, - 2513, - 2514, - 2516, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2564, - 2518, - 2520, - 2522, - 2523, - 2524, - 2525, - 2827, - 0, - 0, - 3797, - 2526, - 2527, - 3942, - 4265, - 4298, - 0, - 2529, - 0, - 0, - 0, - 3359, - 2530, - 2531, - 2532, - 2533, - 2534, - 2536, - 2537, - 2538, - 2539, - 2540, - 2543, - 2544, - 2546, - 2547, - 2548, - 2549, - 2550, - 2553, - 2567, - 2917, - 0, - 2704, - 0, - 0, - 0, - 3584, - 2554, - 2555, - 2556, - 2557, - 2562, - 2561, - 0, - 2563, - 0, - 0, - 0, - 0, - 0, - 2558, - 2560, - 2566, - 2568, - 2569, - 2570, - 2571, - 2573, - 0, - 0, - 2574, - 0, - 0, - 0, - 2572, - 2610, - 0, - 0, - 0, - 0, - 2576, - 2578, - 2579, - 2581, - 2583, - 3744, - 2584, - 2585, - 2586, - 2587, - 2588, - 2590, - 2592, - 2593, - 2594, - 2595, - 4059, - 3125, - 3459, - 2596, - 0, - 0, - 0, - 0, - 0, - 3767, - 0, - 0, - 0, - 0, - 3719, - 0, - 0, - 3718, - 2598, - 2600, - 2602, - 0, - 0, - 0, - 0, - 0, - 0, - 2615, - 2603, - 2604, - 2605, - 3296, - 0, - 2606, - 2607, - 2609, - 2612, - 2614, - 2616, - 2617, - 2618, - 2619, - 2620, - 2622, - 2624, - 2626, - 2628, - 2629, - 2630, - 2631, - 2632, - 2634, - 2636, - 0, - 0, - 0, - 0, - 2671, - 2638, - 2639, - 2640, - 2641, - 2642, - 2644, - 2645, - 2646, - 2647, - 2649, - 2648, - 2651, - 2652, - 2653, - 3572, - 0, - 2964, - 2654, - 2655, - 2657, - 2659, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2687, - 2661, - 2662, - 2663, - 2664, - 2665, - 2666, - 2668, - 2674, - 0, - 2675, - 0, - 0, - 2670, - 2673, - 2677, - 2678, - 2679, - 2680, - 2681, - 2682, - 2684, - 2686, - 2689, - 2691, - 2692, - 2693, - 2694, - 2695, - 0, - 2703, - 2698, - 2699, - 2700, - 3961, - 0, - 0, - 0, - 2701, - 2702, - 0, - 0, - 2710, - 2705, - 2706, - 2707, - 2708, - 2709, - 2712, - 2714, - 2715, - 2716, - 2717, - 2718, - 3326, - 2720, - 2721, - 2723, - 2724, - 2725, - 2726, - 2729, - 2728, - 0, - 2730, - 0, - 0, - 0, - 0, - 0, - 2727, - 2732, - 2734, - 2735, - 3799, - 2737, - 2739, - 2740, - 2741, - 2742, - 2743, - 2744, - 2746, - 2747, - 2748, - 2749, - 4180, - 4425, - 2750, - 4654, - 4415, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2752, - 0, - 0, - 4287, - 2753, - 2755, - 2756, - 2757, - 3355, - 0, - 2758, - 2759, - 0, - 0, - 2761, - 2760, - 2763, - 2764, - 2765, - 2766, - 2767, - 2771, - 2772, - 2773, - 4355, - 2774, - 2775, - 2784, - 2789, - 0, - 0, - 2786, - 2788, - 3029, - 2791, - 2792, - 2793, - 2794, - 2795, - 4350, - 2796, - 0, - 4347, - 0, - 0, - 0, - 0, - 0, - 4345, - 2798, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2826, - 2807, - 0, - 0, - 2800, - 2802, - 2803, - 2804, - 2805, - 2806, - 2809, - 2811, - 2813, - 2815, - 2819, - 2817, - 2822, - 2825, - 2828, - 2829, - 2832, - 0, - 0, - 2831, - 2834, - 2836, - 0, - 0, - 0, - 0, - 2843, - 2838, - 2839, - 2840, - 2841, - 2842, - 2845, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2846, - 2848, - 2849, - 2850, - 2851, - 0, - 3519, - 3203, - 2852, - 0, - 0, - 0, - 0, - 2863, - 2854, - 2856, - 2858, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2903, - 2860, - 2862, - 2865, - 2867, - 2869, - 3232, - 2870, - 2872, - 2874, - 2875, - 2876, - 2877, - 2878, - 2880, - 2881, - 2883, - 0, - 2884, - 2886, - 2887, - 2888, - 2889, - 2890, - 2899, - 0, - 0, - 0, - 2892, - 2894, - 2895, - 2896, - 2897, - 2898, - 2901, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 4384, - 2902, - 2905, - 2907, - 2909, - 2910, - 2911, - 2912, - 2913, - 2915, - 2916, - 2918, - 2919, - 2920, - 2921, - 2922, - 2924, - 2925, - 2926, - 2927, - 2928, - 2932, - 2933, - 2934, - 2935, - 0, - 3601, - 3899, - 2968, - 2969, - 0, - 0, - 0, - 2936, - 2939, - 0, - 0, - 2938, - 2941, - 2942, - 2943, - 2944, - 2945, - 2947, - 2950, - 2951, - 2952, - 2953, - 3328, - 2954, - 2955, - 2959, - 3551, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 2961, - 2963, - 2965, - 2967, - 2971, - 2972, - 2973, - 2974, - 2975, - 2977, - 2978, - 2979, - 2980, - 3302, - 2991, - 2992, - 0, - 0, - 2994, - 0, - 2993, - 0, - 2981, - 2983, - 2984, - 2985, - 2986, - 2987, - 0, - 2988, - 2990, - 2996, - 0, - 0, - 0, - 2999, - 2998, - 3001, - 3002, - 3003, - 3004, - 3005, - 3007, - 3008, - 3009, - 3331, - 3010, - 3980, - 3674, - 3020, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 3011, - 3014, - 3015, - 3016, - 3017, - 3018, - 3019, - 3022, - 3024, - 3025, - 3026, - 3973, - 3733, - 3337, - 3027, - 3028, - 3030, - 3031, - 3032, - 3033, - 3034, - 3035, - 0, - 3036, - 0, - 0, - 0, - 0, - 0, - 3037, - 3039, - 3041, - 3043, - 3044, - 3045, - 3046, - 3047, - 3049, - 3050, - 3051, - 3052, - 3053, - 3097, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 3055, - 3057, - 3059, - 3062, - 3064, - 3066, - 3104, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 3068, - 3637, - 4170, - 3070, - 3578, - 3071, - 3072, - 3073, - 3074, - 3075, - 3077, - 3078, - 3080, - 3083, - 3085, - 3086, - 3088, - 3090, - 3091, - 3092, - 3093, - 4028, - 3094, - 3096, - 3099, - 3100, - 3103, - 0, - 0, - 3231, - 0, - 3102, - 3107, - 3106, - 3109, - 3110, - 3112, - 3113, - 3114, - 3115, - 3116, - 3118, - 3119, - 3120, - 3121, - 3122, - 3124, - 3295, - 3126, - 0, - 0, - 0, - 3133, - 3128, - 3129, - 3130, - 3131, - 3132, - 3135, - 3137, - 3139, - 3140, - 3141, - 3142, - 3143, - 0, - 0, - 0, - 4457, - 0, - 4464, - 0, - 4456, - 3145, - 3146, - 3147, - 3148, - 3150, - 0, - 0, - 0, - 0, - 0, - 3149, - 3159, - 0, - 0, - 0, - 0, - 0, - 3152, - 3154, - 3155, - 3156, - 3157, - 3158, - 3161, - 3162, - 3164, - 3166, - 0, - 0, - 0, - 0, - 3224, - 0, - 0, - 3221, - 3168, - 3169, - 3170, - 3787, - 0, - 3171, - 3172, - 3174, - 3175, - 3176, - 3177, - 3178, - 3180, - 3182, - 3184, - 3186, - 3188, - 3189, - 3192, - 3194, - 3196, - 3198, - 3199, - 3200, - 3201, - 3202, - 3204, - 3218, - 0, - 3206, - 3208, - 3209, - 3210, - 3211, - 3212, - 4505, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 3214, - 3215, - 3217, - 3220, - 3223, - 3226, - 3265, - 0, - 0, - 3228, - 3230, - 3233, - 3235, - 3236, - 3237, - 3238, - 0, - 3838, - 3264, - 0, - 0, - 0, - 0, - 3263, - 3262, - 0, - 0, - 0, - 3239, - 3241, - 3242, - 3243, - 3244, - 3245, - 0, - 3251, - 3247, - 3248, - 3250, - 3253, - 3496, - 3256, - 3257, - 3258, - 3259, - 3260, - 3261, - 3267, - 3270, - 3272, - 3275, - 3277, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 3842, - 3279, - 3281, - 3282, - 3283, - 3284, - 3285, - 3287, - 3289, - 3290, - 3291, - 3292, - 3293, - 3294, - 3300, - 3301, - 0, - 3304, - 0, - 0, - 0, - 0, - 0, - 3297, - 3321, - 0, - 0, - 0, - 0, - 0, - 3299, - 3303, - 3305, - 3308, - 0, - 0, - 0, - 0, - 0, - 3307, - 0, - 0, - 3311, - 3310, - 3313, - 3314, - 3315, - 3316, - 3318, - 0, - 0, - 3317, - 3320, - 3323, - 3325, - 3327, - 3329, - 3330, - 3333, - 3332, - 3335, - 3334, - 3336, - 0, - 3339, - 0, - 3341, - 3340, - 3371, - 3379, - 4692, - 0, - 0, - 3380, - 3338, - 4468, - 0, - 0, - 0, - 3348, - 0, - 0, - 0, - 0, - 3372, - 3343, - 3344, - 3345, - 3346, - 3347, - 3350, - 3351, - 3352, - 3353, - 3354, - 3406, - 3405, - 0, - 0, - 0, - 0, - 3407, - 0, - 0, - 0, - 0, - 3356, - 3416, - 3358, - 0, - 4528, - 3360, - 3361, - 3362, - 3363, - 3397, - 3398, - 0, - 0, - 3399, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 3364, - 3366, - 3367, - 3368, - 3369, - 0, - 3982, - 4257, - 3370, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 3396, - 3374, - 3375, - 3376, - 3377, - 3378, - 3382, - 3383, - 3384, - 3385, - 3386, - 3388, - 3389, - 3391, - 3393, - 3395, - 3401, - 3403, - 3404, - 3422, - 3409, - 3411, - 3412, - 3413, - 3414, - 3415, - 3418, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 4661, - 3419, - 3421, - 3424, - 3426, - 0, - 0, - 0, - 0, - 3427, - 3429, - 3430, - 0, - 0, - 3431, - 0, - 3434, - 0, - 3441, - 3433, - 3436, - 3437, - 3438, - 3439, - 3481, - 3440, - 3443, - 3445, - 3446, - 3447, - 3448, - 3449, - 3452, - 3453, - 3454, - 3455, - 3456, - 3458, - 4004, - 3460, - 3462, - 3463, - 3464, - 3465, - 3466, - 3468, - 0, - 0, - 3469, - 3489, - 3471, - 3473, - 3474, - 3475, - 4588, - 0, - 0, - 0, - 3476, - 3480, - 0, - 0, - 3477, - 3479, - 3486, - 0, - 0, - 0, - 0, - 3483, - 3485, - 3488, - 3491, - 3493, - 3495, - 3497, - 3498, - 3499, - 3500, - 3501, - 3503, - 3504, - 3505, - 3506, - 3507, - 3510, - 0, - 0, - 0, - 3509, - 3512, - 4579, - 0, - 0, - 0, - 0, - 0, - 0, - 4551, - 4291, - 3513, - 3514, - 3515, - 3516, - 3518, - 3517, - 3520, - 0, - 0, - 0, - 3521, - 0, - 0, - 0, - 0, - 0, - 3541, - 3527, - 3529, - 3530, - 3531, - 3532, - 3533, - 3535, - 3536, - 3537, - 4109, - 0, - 3538, - 3834, - 3539, - 0, - 0, - 0, - 3540, - 0, - 0, - 0, - 0, - 0, - 3555, - 3543, - 3544, - 3546, - 3547, - 3548, - 3549, - 3550, - 3553, - 3554, - 3559, - 3562, - 3563, - 3564, - 3565, - 3566, - 3568, - 3570, - 3630, - 3629, - 0, - 0, - 0, - 0, - 3632, - 0, - 0, - 0, - 0, - 3573, - 3575, - 3577, - 3579, - 3580, - 3581, - 3582, - 3583, - 3585, - 3586, - 3587, - 3588, - 3599, - 3600, - 0, - 0, - 3589, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 3638, - 3591, - 3592, - 3594, - 3595, - 3596, - 3597, - 3598, - 3636, - 0, - 0, - 3633, - 3634, - 0, - 0, - 0, - 0, - 0, - 3602, - 3604, - 3606, - 3607, - 3608, - 3609, - 3610, - 3612, - 3613, - 3615, - 3616, - 3617, - 3618, - 3619, - 3621, - 3623, - 3626, - 3631, - 0, - 0, - 0, - 3628, - 3640, - 3641, - 3642, - 3643, - 3682, - 3644, - 3646, - 3647, - 3648, - 3649, - 3650, - 3654, - 0, - 0, - 3652, - 3656, - 3658, - 3660, - 3662, - 3669, - 3671, - 3673, - 3675, - 3677, - 3678, - 3679, - 3680, - 3681, - 3685, - 3688, - 3689, - 3690, - 3691, - 0, - 4263, - 3692, - 3694, - 3695, - 3697, - 3698, - 3699, - 3700, - 3701, - 3703, - 3705, - 4515, - 3707, - 0, - 0, - 4514, - 0, - 4512, - 0, - 4524, - 3709, - 3711, - 3713, - 3716, - 3717, - 3721, - 3723, - 3725, - 3726, - 3727, - 3728, - 3729, - 3732, - 3734, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 3764, - 3736, - 3737, - 3738, - 3739, - 3740, - 3742, - 0, - 0, - 0, - 0, - 4510, - 4304, - 4285, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 4539, - 3743, - 3745, - 3746, - 3747, - 3748, - 3749, - 3751, - 3752, - 3756, - 3755, - 3758, - 3759, - 3761, - 3763, - 3766, - 3770, - 3771, - 3772, - 3773, - 3774, - 3776, - 3778, - 0, - 3779, - 3781, - 3783, - 3784, - 3786, - 3794, - 3793, - 3792, - 0, - 0, - 0, - 0, - 3788, - 3800, - 0, - 3833, - 3790, - 3791, - 3796, - 3798, - 3802, - 0, - 0, - 0, - 0, - 3809, - 3804, - 3805, - 3806, - 3807, - 3808, - 3811, - 3812, - 3813, - 3814, - 3815, - 3817, - 3818, - 3820, - 3822, - 3823, - 3824, - 3825, - 3826, - 3828, - 0, - 0, - 3829, - 3831, - 3835, - 3837, - 3856, - 0, - 0, - 0, - 3853, - 0, - 0, - 0, - 0, - 0, - 0, - 3839, - 3857, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 3841, - 3858, - 0, - 0, - 0, - 3844, - 3882, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 3846, - 3848, - 3850, - 3851, - 3855, - 3860, - 3861, - 3862, - 4382, - 0, - 3863, - 3864, - 3866, - 3867, - 3869, - 3870, - 3871, - 3872, - 3873, - 3875, - 3877, - 3879, - 3881, - 3884, - 3886, - 3888, - 0, - 0, - 0, - 3937, - 3890, - 3892, - 0, - 0, - 3913, - 3938, - 0, - 0, - 0, - 0, - 0, - 0, - 3894, - 3896, - 3898, - 3900, - 3902, - 3903, - 3904, - 3905, - 3906, - 3908, - 3909, - 3910, - 3911, - 0, - 4443, - 4215, - 3933, - 3934, - 0, - 0, - 0, - 0, - 3932, - 0, - 0, - 0, - 0, - 3912, - 3915, - 3916, - 3918, - 3921, - 3922, - 3923, - 3924, - 0, - 4438, - 3929, - 3928, - 0, - 3927, - 0, - 3925, - 3926, - 0, - 0, - 0, - 0, - 3939, - 3931, - 3936, - 3941, - 3943, - 3944, - 3945, - 3946, - 3955, - 3954, - 0, - 3947, - 0, - 0, - 0, - 0, - 0, - 3959, - 3949, - 3950, - 3951, - 3952, - 3953, - 3960, - 0, - 0, - 0, - 0, - 0, - 3958, - 3957, - 0, - 0, - 0, - 3994, - 3963, - 3962, - 3965, - 3967, - 3968, - 3969, - 3970, - 3971, - 3972, - 4262, - 4229, - 4019, - 4018, - 4017, - 0, - 4016, - 0, - 4014, - 4013, - 3979, - 3978, - 3977, - 0, - 0, - 3974, - 3976, - 4015, - 4027, - 0, - 0, - 0, - 4012, - 0, - 0, - 0, - 0, - 3981, - 3984, - 0, - 0, - 0, - 3983, - 0, - 0, - 0, - 0, - 0, - 3995, - 3986, - 3987, - 3988, - 3989, - 3990, - 3992, - 3993, - 3997, - 3998, - 3999, - 4000, - 4001, - 4201, - 0, - 0, - 4003, - 4007, - 4008, - 4009, - 4010, - 4011, - 4076, - 0, - 4021, - 4022, - 4023, - 4024, - 4025, - 4026, - 4029, - 4037, - 4031, - 4032, - 4033, - 4034, - 0, - 4547, - 4039, - 4038, - 4041, - 4040, - 4035, - 0, - 0, - 4036, - 4045, - 4044, - 4071, - 4043, - 4048, - 4050, - 4051, - 4052, - 4053, - 4054, - 4055, - 4057, - 4058, - 4060, - 4082, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 4062, - 4068, - 4067, - 0, - 0, - 4069, - 0, - 4070, - 0, - 4064, - 4066, - 4073, - 4075, - 4077, - 4078, - 4079, - 4080, - 4081, - 4084, - 4085, - 4086, - 4087, - 4088, - 4090, - 4092, - 4094, - 4097, - 0, - 4096, - 0, - 0, - 4101, - 4571, - 4572, - 4573, - 4574, - 4100, - 0, - 4577, - 4578, - 4560, - 4561, - 4609, - 0, - 4610, - 0, - 0, - 4613, - 4104, - 4105, - 4106, - 4107, - 4108, - 4110, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 4126, - 4112, - 4114, - 4116, - 4117, - 4119, - 4121, - 4123, - 4125, - 4128, - 4129, - 4130, - 4131, - 4132, - 4134, - 4137, - 4138, - 4139, - 4140, - 4141, - 4143, - 0, - 0, - 0, - 4202, - 4145, - 4189, - 0, - 0, - 4147, - 4149, - 0, - 0, - 4156, - 4151, - 4152, - 4153, - 4154, - 4155, - 4158, - 4159, - 4160, - 4161, - 4163, - 4162, - 4165, - 4166, - 4167, - 4168, - 4169, - 4171, - 4172, - 4173, - 4174, - 4175, - 4177, - 4179, - 4182, - 4181, - 4184, - 4185, - 4186, - 4187, - 4188, - 4190, - 4192, - 4193, - 4194, - 4195, - 4196, - 4199, - 4200, - 4204, - 4206, - 4209, - 4223, - 4213, - 4214, - 4216, - 4218, - 4219, - 4220, - 4221, - 4222, - 4224, - 4225, - 4226, - 4227, - 4232, - 0, - 0, - 4231, - 4235, - 0, - 0, - 0, - 4234, - 0, - 0, - 0, - 0, - 0, - 4261, - 4237, - 4238, - 4240, - 4242, - 4244, - 4246, - 4247, - 4248, - 4249, - 4250, - 4252, - 4253, - 4254, - 4255, - 4256, - 4258, - 4260, - 4264, - 4266, - 4267, - 4268, - 4269, - 4277, - 0, - 0, - 4270, - 0, - 0, - 0, - 4278, - 4272, - 4273, - 4274, - 4275, - 4276, - 4280, - 4281, - 4282, - 4283, - 4284, - 4286, - 4288, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 4316, - 4290, - 4292, - 4293, - 4294, - 4295, - 4296, - 4297, - 4299, - 4300, - 4301, - 4302, - 4303, - 4305, - 4307, - 4309, - 4312, - 4311, - 0, - 0, - 0, - 0, - 0, - 4315, - 4314, - 4318, - 4320, - 4322, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 4360, - 4324, - 4325, - 4326, - 4327, - 4328, - 4330, - 4331, - 4333, - 4340, - 4341, - 4349, - 4352, - 4354, - 4356, - 0, - 0, - 0, - 0, - 4359, - 4358, - 4362, - 4363, - 4364, - 4365, - 4366, - 4368, - 4370, - 4373, - 4374, - 4375, - 4376, - 4377, - 4381, - 4404, - 4405, - 0, - 4406, - 0, - 4407, - 4408, - 0, - 0, - 0, - 0, - 4383, - 4385, - 4387, - 4388, - 4391, - 4390, - 4393, - 4395, - 4398, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 4414, - 4400, - 4402, - 4410, - 4412, - 4416, - 4418, - 4419, - 4420, - 4421, - 4422, - 4424, - 4427, - 0, - 0, - 0, - 4449, - 4450, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 4429, - 4431, - 4432, - 4433, - 4434, - 4435, - 4467, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 4437, - 4439, - 4441, - 4442, - 4444, - 4446, - 4448, - 4452, - 4453, - 4455, - 4459, - 4460, - 4461, - 4462, - 4463, - 4466, - 4470, - 4472, - 4474, - 4476, - 0, - 0, - 0, - 4479, - 0, - 0, - 0, - 0, - 0, - 4499, - 4478, - 4481, - 4483, - 4485, - 4487, - 4490, - 0, - 0, - 4491, - 4493, - 4494, - 4495, - 4496, - 4497, - 4498, - 4502, - 0, - 4501, - 4504, - 4506, - 4508, - 4509, - 4511, - 4517, - 4519, - 4520, - 4521, - 4522, - 4523, - 4526, - 4531, - 4533, - 4534, - 4536, - 4538, - 4540, - 4542, - 4544, - 4546, - 4548, - 4550, - 4552, - 4553, - 4554, - 4555, - 4557, - 4556, - 4559, - 4563, - 4564, - 4565, - 4566, - 4567, - 4570, - 4569, - 4576, - 4580, - 4581, - 4582, - 4583, - 4584, - 4585, - 4587, - 4589, - 4590, - 4592, - 4594, - 4596, - 4598, - 4599, - 4600, - 4601, - 4602, - 4604, - 4605, - 4606, - 4607, - 4608, - 4612, - 4615, - 4617, - 4619, - 4620, - 4621, - 4622, - 4623, - 4625, - 4627, - 4629, - 4630, - 4632, - 4637, - 0, - 0, - 0, - 4634, - 4636, - 4639, - 4642, - 4645, - 4644, - 0, - 0, - 0, - 0, - 4646, - 0, - 0, - 0, - 0, - 4694, - 4648, - 4649, - 4650, - 4651, - 4652, - 4653, - 4655, - 4657, - 4658, - 4660, - 4662, - 4671, - 0, - 0, - 4664, - 4666, - 4667, - 4668, - 4669, - 4670, - 4673, - 4676, - 0, - 4675, - 4678, - 4680, - 4681, - 4682, - 4683, - 4684, - 4687, - 4688, - 4689, - 4690, - 4691, - 4696, - 0, - 0, - 0, - 0, - 0, - 0, - 4697, -}; - diff --git a/source4/heimdal/lib/wind/normalize_table.h b/source4/heimdal/lib/wind/normalize_table.h deleted file mode 100644 index 90b62e645d..0000000000 --- a/source4/heimdal/lib/wind/normalize_table.h +++ /dev/null @@ -1,34 +0,0 @@ -/* normalize_table.h */ -/* Automatically generated at 2008-03-18T11:38:08.923674 */ - -#ifndef NORMALIZE_TABLE_H -#define NORMALIZE_TABLE_H 1 - -#include -#include - -#define MAX_LENGTH_CANON 18 - -struct translation { - uint32_t key; - unsigned short val_len; - unsigned short val_offset; -}; - -extern const struct translation _wind_normalize_table[]; - -extern const uint32_t _wind_normalize_val_table[]; - -extern const size_t _wind_normalize_table_size; - -struct canon_node { - uint32_t val; - unsigned char next_start; - unsigned char next_end; - unsigned short next_offset; -}; - -extern const struct canon_node _wind_canon_table[]; - -extern const unsigned short _wind_canon_next_table[]; -#endif /* NORMALIZE_TABLE_H */ diff --git a/source4/heimdal/lib/wind/rfc3454.py b/source4/heimdal/lib/wind/rfc3454.py new file mode 100644 index 0000000000..32dc0c5492 --- /dev/null +++ b/source4/heimdal/lib/wind/rfc3454.py @@ -0,0 +1,60 @@ +#!/usr/local/bin/python +# -*- coding: iso-8859-1 -*- + +# $Id: rfc3454.py 22551 2008-02-01 16:22:22Z lha $ + +# Copyright (c) 2004 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import re +import string + +def read(filename): + """return a dict of tables from rfc3454""" + f = open(filename, 'r') + inTable = False + ret = {} + while True: + l = f.readline() + if not l: + break + if inTable: + m = re.search('^ *----- End Table ([A-Z0-9\.]+) ----- *$', l) + if m: + ret[m.group(1)] = t + inTable = False + else: + t.append(l) + if re.search('^ *----- Start Table ([A-Z0-9\.]+) ----- *$', l): + inTable = True + t = [] + f.close() + return ret diff --git a/source4/heimdal/lib/wind/rfc3454.txt b/source4/heimdal/lib/wind/rfc3454.txt new file mode 100644 index 0000000000..26a1e6c74d --- /dev/null +++ b/source4/heimdal/lib/wind/rfc3454.txt @@ -0,0 +1,5099 @@ + + + + + + +Network Working Group P. Hoffman +Request for Comments: 3454 IMC & VPNC +Category: Standards Track M. Blanchet + Viagenie + December 2002 + + + Preparation of Internationalized Strings ("stringprep") + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2002). All Rights Reserved. + +Abstract + + This document describes a framework for preparing Unicode text + strings in order to increase the likelihood that string input and + string comparison work in ways that make sense for typical users + throughout the world. The stringprep protocol is useful for protocol + identifier values, company and personal names, internationalized + domain names, and other text strings. + + This document does not specify how protocols should prepare text + strings. Protocols must create profiles of stringprep in order to + fully specify the processing options. + +Table of Contents + + 1. Introduction....................................................3 + 1.1 Terminology..................................................4 + 1.2 Using stringprep in protocols................................4 + 2. Preparation Overview............................................6 + 3. Mapping.........................................................7 + 3.1 Commonly mapped to nothing...................................7 + 3.2 Case folding.................................................8 + 4. Normalization...................................................9 + 5. Prohibited Output..............................................10 + 5.1 Space characters............................................11 + 5.2 Control characters..........................................11 + 5.3 Private use.................................................12 + + + +Hoffman & Blanchet Standards Track [Page 1] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 5.4 Non-character code points...................................12 + 5.5 Surrogate codes.............................................13 + 5.6 Inappropriate for plain text................................13 + 5.7 Inappropriate for canonical representation..................13 + 5.8 Change display properties or deprecated.....................13 + 5.9 Tagging characters..........................................14 + 6. Bidirectional Characters.......................................14 + 7. Unassigned Code Points in Stringprep Profiles..................15 + 7.1 Categories of code points...................................16 + 7.2 Reasons for difference between stored strings and queries...17 + 7.3 Versions of applications and stored strings.................18 + 8. References.....................................................19 + 8.1 Normative references........................................19 + 8.2 Informative references......................................19 + 9. Security Considerations........................................19 + 9.1 Stringprep-specific security considerations.................19 + 9.2 Generic Unicode security considerations.....................20 + 10. IANA Considerations...........................................21 + 11. Acknowledgements..............................................22 + A. Unicode repertoires............................................23 + A.1 Unassigned code points in Unicode 3.2.......................23 + B. Mapping Tables.................................................31 + B.1 Commonly mapped to nothing..................................31 + B.2 Mapping for case-folding used with NFKC.....................32 + B.3 Mapping for case-folding used with no normalization.........61 + C. Prohibition tables.............................................78 + C.1 Space characters............................................78 + C.1.1 ASCII space characters..................................78 + C.1.2 Non-ASCII space characters..............................79 + C.2 Control characters..........................................79 + C.2.1 ASCII control characters................................79 + C.2.2 Non-ASCII control characters............................79 + C.3 Private use.................................................80 + C.4 Non-character code points...................................80 + C.5 Surrogate codes.............................................80 + C.6 Inappropriate for plain text................................80 + C.7 Inappropriate for canonical representation..................81 + C.8 Change display properties or are deprecated.................81 + C.9 Tagging characters..........................................81 + D. Bidirectional tables...........................................81 + D.1 Characters with bidirectional property "R" or "AL"..........81 + D.2 Characters with bidirectional property "L"..................82 + Authors' Addresses................................................90 + Full Copyright Statement..........................................91 + + + + + + + +Hoffman & Blanchet Standards Track [Page 2] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + +1. Introduction + + Application programs can display text in many different ways. + Similarly, a user can enter text into an application program in a + myriad of fashions. Internationalized text (that is, text that is + not restricted to the narrow set of US-ASCII characters) has many + input and display behaviors that make it difficult to compare text in + a consistent fashion. + + This document specifies a framework of processing rules for Unicode + text. Other protocols can create profiles of these rules; these + profiles will allow users to enter internationalized text strings in + applications and have the highest chance of getting the content of + the strings correct. In this case, "correct" means that if two + different people enter what they think is the same string into two + different input mechanisms, the strings should match on a character- + by-character basis. + + This framework does not describe how data is transcoded from other + character sets into Unicode. In systems that uses non-Unicode + character sets, the transcoding algorithm is a critical part of + enabling secure and "correct" operation of internationalized text + strings. + + In addition to helping string matching, profiles of stringprep can + also exclude characters that should not normally appear in text that + is used in the protocol. The profile can prevent such characters by + changing the characters to be excluded to other characters, by + removing those characters, or by causing an error if the characters + would appear in the output. For example, because the backspace + character can cause unpredictable display results, a profile can + specify that a string containing a backspace character would cause an + error. + + A profile of stringprep converts a single string of input characters + to a string of output characters, or returns an error if the output + string would contain a prohibited character. Stringprep profiles + cannot both emit a string and return an error. + + Stringprep profiles cannot account for all of the variations that + might occur or that a user might expect. In particular, a profile + will not be able to account for choice of spellings in all languages + for all scripts because the number of alternative spellings of words + and phrases is immense. Users would probably expect all spelling + equivalents to be made equivalent, or none of them to be. Examples + of spelling equivalents include "theater" vs. "theatre", and + "hemoglobin" vs. "hmoglobin" in American vs. British English. + Other examples are simplified Chinese spellings of names (for + + + +Hoffman & Blanchet Standards Track [Page 3] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + example,"") vs. the equivalent traditional + Chinese spelling (for example, ""). + Language-specific equivalences such as "Aepfel" vs. "pfel", + which are sometimes considered equivalent in German, may not be + considered equivalent in other languages. + +1.1 Terminology + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in BCP 14, RFC 2119 + [RFC2119]. + + Note: A glossary of terms used in Unicode and ISO/IEC 10646 can be + found in [Glossary]. Information on the 10646/Unicode character + encoding model can be found in [CharModel]. + + Character names in this document use the notation for code points and + names from the Unicode Standard [Unicode3.2] and ISO/IEC 10646 + [ISO10646]. For example, the letter "a" may be represented as either + "U+0061" or "LATIN SMALL LETTER A". In the lists of mappings and the + prohibited characters, the "U+" is left off to make the lists easier + to read. The comments for character ranges are shown in square + brackets (such as "[CONTROL CHARACTERS]") and do not come from the + standards. + +1.2 Using stringprep in protocols + + The stringprep protocol does not stand on its own; it has to be used + by other protocols at precisely-defined places in those other + protocols. For example, a protocol that has strings that come from + the entire ISO/IEC 10646 [ISO10646] character repertoire might + specify that only strings that have been processed with a particular + profile of stringprep are legal. Another example would be a protocol + that does string comparison as a step in the protocol; that protocol + might specify that such comparison is done only after processing the + strings with a specific profile of stringprep. + + When two protocols that use different profiles of stringprep + interoperate, there may be conflict about what characters are and are + not allowed in the final string. Thus, protocol developers should + strongly consider re-using existing profiles of stringprep. + + When developers wish to allow users as wide of a range of characters + as possible in input text strings, they should, where possible, cause + stringprep to convert characters from the input string to a canonical + form instead of prohibiting them. + + + + +Hoffman & Blanchet Standards Track [Page 4] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + Although it would be easy to use the stringprep process to "correct" + perceived mis-features or bugs in the current character standards, + stringprep profiles SHOULD NOT do so. + + A profile of stringprep can create tables different from those in the + appendixes of this document, but it will be an exception when they + do. The intention of stringprep is to define the tables and have the + profiles of stringprep select among those defined tables. + + A profile of stringprep MUST include all of the following: + + - The intended applicability of the profile + + - The character repertoire that is the input and output to stringprep + (which is Unicode 3.2 for this version of stringprep) + + - The mapping tables from this document used (as described in section + 3) + + - Any additional mapping tables specific to the profile + + - The Unicode normalization used, if any (as described in section 4) + + - The tables from this document of characters that are prohibited as + output (as described in section 5) + + - The bidirectional string testing used, if any (as described in + section 6) + + - Any additional characters that are prohibited as output specific to + the profile + + Each profile MUST state the character repertoire on which the profile + will operate. Appendix A lists the Unicode repertoires that can be + selected. No repertoire is ever complete, and it is expected that + characters will be added to the Unicode repertoire for the + foreseeable future. Section 7 of this document describes how to + handle characters that are assigned in later versions of the Unicode + repertories. Subsections of appendix A also list unassigned code + points for each repertoire. + + This document is for Unicode version 3.2, and should not be + considered to automatically apply to later Unicode versions. The + IETF, through an explicit standards action, may update this document + as appropriate to handle later Unicode versions. + + + + + + +Hoffman & Blanchet Standards Track [Page 5] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + This document lists the unassigned code points in the range 0 to + 10FFFF for Unicode 3.2 in appendix A. The list in appendix A MUST be + used by implementations of this specification. If there are any + discrepancies between the list in appendix A and the Unicode 3.2 + specification, the list in appendix A always takes precedence. + + Each profile of stringprep MUST be registered with IANA. The + registration procedure is described in the IANA Considerations + appendix; basically, the IESG must review each profile of stringprep. + Protocol developers are strongly encouraged to look through the IANA + profile registry when creating new profiles for stringprep, and to + re-use logic from earlier profiles where possible in new profiles. + In some cases, an existing profile can be reused by a different + protocol. + +2. Preparation Overview + + The steps for preparing strings are: + + 1) Map -- For each character in the input, check if it has a mapping + and, if so, replace it with its mapping. This is described in + section 3. + + 2) Normalize -- Possibly normalize the result of step 1 using Unicode + normalization. This is described in section 4. + + 3) Prohibit -- Check for any characters that are not allowed in the + output. If any are found, return an error. This is described in + section 5. + + 4) Check bidi -- Possibly check for right-to-left characters, and if + any are found, make sure that the whole string satisfies the + requirements for bidirectional strings. If the string does not + satisfy the requirements for bidirectional strings, return an + error. This is described in section 6. + + The above steps MUST be performed in the order given to comply with + this specification. + + The mappings described in section 3, and the optional Unicode + normalization described in section 4, can be one-to-none, one-to-one, + one-to-many, many-to-one, or many-to-many. That is, some characters + might be eliminated or replaced by more than one character, and the + output of this step might be shorter or longer than the input. + Because of this, the system using stringprep MUST be prepared to + receive a longer or shorter string than the one input in the + stringprep algorithm. + + + + +Hoffman & Blanchet Standards Track [Page 6] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + +3. Mapping + + Each character in the input stream MUST be checked against a mapping + table. The mapping table SHOULD come from this document, although + the mapping table MAY be added to or altered by the profile. The + mapping tables are subsections of appendix B. + + The lists in appendix B MUST be used by implementations of this + specification. If there are any discrepancies between the lists in + appendix B and subsections below, the lists in appendix B always + takes precedence. + + For any individual character, the mapping table MAY specify that a + character be mapped to nothing, or mapped to one other character, or + mapped to a string of other characters. + + Mapped characters are not re-scanned during the mapping step. That + is, if character A at position X is mapped to character B, character + B which is now at position X is not checked against the mapping + table. + +3.1 Commonly mapped to nothing + + The following characters are simply deleted from the input (that is, + they are mapped to nothing) because their presence or absence in + protocol identifiers should not make two strings different. They are + listed in Table B.1. + + Some characters are only useful in line-based text, and are otherwise + invisible and ignored. + + 00AD; SOFT HYPHEN + 1806; MONGOLIAN TODO SOFT HYPHEN + 200B; ZERO WIDTH SPACE + 2060; WORD JOINER + FEFF; ZERO WIDTH NO-BREAK SPACE + + Some characters affect glyph choice and glyph placement, but do not + bear semantics. + + 034F; COMBINING GRAPHEME JOINER + 180B; MONGOLIAN FREE VARIATION SELECTOR ONE + 180C; MONGOLIAN FREE VARIATION SELECTOR TWO + 180D; MONGOLIAN FREE VARIATION SELECTOR THREE + 200C; ZERO WIDTH NON-JOINER + 200D; ZERO WIDTH JOINER + FE00; VARIATION SELECTOR-1 + FE01; VARIATION SELECTOR-2 + + + +Hoffman & Blanchet Standards Track [Page 7] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + FE02; VARIATION SELECTOR-3 + FE03; VARIATION SELECTOR-4 + FE04; VARIATION SELECTOR-5 + FE05; VARIATION SELECTOR-6 + FE06; VARIATION SELECTOR-7 + FE07; VARIATION SELECTOR-8 + FE08; VARIATION SELECTOR-9 + FE09; VARIATION SELECTOR-10 + FE0A; VARIATION SELECTOR-11 + FE0B; VARIATION SELECTOR-12 + FE0C; VARIATION SELECTOR-13 + FE0D; VARIATION SELECTOR-14 + FE0E; VARIATION SELECTOR-15 + FE0F; VARIATION SELECTOR-16 + +3.2 Case folding + + If a profile is going to map characters for case-insensitive + comparison, that profile SHOULD map using either appendix B.2 or + appendix B.3. appendix B.2 is for profiles that also use Unicode + normalization form KC, while appendix B.3 is for profiles that do + not use Unicode normalization. These tables map from uppercase to + lowercase characters. Note that this could have been "change all + lowercase characters into uppercase characters". However, the + upper-to-lower folding was chosen because there is a tradition of + using lowercase in current Internet applications and protocols. + + If a profile creates its own mapping tables for case folding, they + SHOULD be based on [UTR21], and SHOULD map from uppercase characters + to lowercase. The "CaseFolding.txt" file from the Unicode database + SHOULD be used to prepare the mapping table. The profile SHOULD do + full case mapping (that is, using statuses C, F, and I). + + If the profile is using Unicode normalization form KC (as described + in section 4 of this document), it is important to note that there + are some characters that do not have mappings in [UTR21] but still + need processing. These characters include a few Greek characters and + many symbols that contain Latin characters. The list of characters + to add to the mapping table can determined by the following + algorithm: + + b = NormalizeWithKC(Fold(a)); + c = NormalizeWithKC(Fold(b)); + if c is not the same as b, add a mapping for "a to c". + + Because NormalizeWithKC(Fold(c)) always equals c, the table is stable + from that point on. + + + + +Hoffman & Blanchet Standards Track [Page 8] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + Appendix B.3 is derived from the CaseFolding-3.txt file associated + with Unicode 3.2; appendix B.2 is based on appendix B.3 with the + additional characters added from the algorithm above. + + Authors of profiles of this document need to consider the effects of + changing the mapping of any currently-assigned character when + updating their profiles. Adding a new mapping for a currently- + assigned character, or changing an existing mapping, could cause a + variance between the behavior of systems that have been updated and + systems that have not been updated. + +4. Normalization + + The output of the mapping step is optionally normalized using one of + the Unicode normalization forms, as described in [UAX15]. A profile + can specify one of two options for Unicode normalization: + + - no normalization + + - Unicode normalization with form KC + + A profile MAY choose to do no normalization. However, such a profile + can easily yield results that will be surprising to typical users, + depending on the input mechanism they use. For example, some input + mechanisms enter compatibility characters that look exactly like the + underlying characters, but have different code points. Another + example of where Unicode normalization helps create predictable + results is with characters that have multiple combining diacritics: + normalization orders those diacritics in a predictable fashion. + + On the other hand, Unicode normalization requires fairly large tables + and somewhat complicated character reordering logic. The size and + complexity should not be considered daunting except in the most + restricted of environments, and needs to be weighed against the + problems of user surprise from comparing unnormalized strings. Note + that the tables used for normalization are not given in this + document, but instead must be derived from the Unicode database, as + described in [UAX15]. + + There is a third form of normalization, Unicode normalization with + form C. If a profile is going to use a Unicode normalization, it + MUST use Unicode normalization form KC. Form KC maps many + "compatibility characters" to their equivalents. Some user interface + systems make it possible to enter compatibility characters instead of + the base equivalents. Thus, using form KC instead of form C will + cause more strings that users would expect to match to actually + match. + + + + +Hoffman & Blanchet Standards Track [Page 9] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + A profile that specifies Unicode normalization MUST use the + normalization in [UAX15] that is associated with the version of the + Unicode character set specified for the profile. + + The composition process described in [UAX15] requires a fixed + composition version of Unicode to ensure that strings normalized + under one version of Unicode remain normalized under all future + versions of Unicode. + + The IETF is relying on Unicode not to change the normalization of + currently-assigned characters in future versions of normalization. + If a future version of the normalization tables changes the + normalized value of an existing character, authors of profiles of + this document have to look at the changes very carefully before they + update their normalization tables. Such a change could cause a + variance between the behavior of systems that have been updated and + systems that have not been updated. + +5. Prohibited Output + + Before the text can be emitted, it MUST be checked for prohibited + code points. There are a variety of prohibited code points, as + described in this section. A profile of this document MAY use all or + some of the tables in appendix C. + + The stringprep process never emits both an error and a string. If an + error is detected during the checking for prohibited code points, + only an error is returned. + + Note that the subsections below describe how the tables in appendix C + were formed. They are here for people who want to understand more, + but they should be ignored by implementors. Implementations that use + tables MUST map based on the tables themselves, not based on the + descriptions in this section of how the tables were created. + + The lists in appendix C MUST be used by implementations of this + specification. If there are any discrepancies between the lists in + appendix C and subsections below, the lists in appendix C always take + precedence. + + Some code points listed in one section may also appear in other + sections. + + It is important to note that a profile of this document MAY prohibit + additional characters. + + + + + + +Hoffman & Blanchet Standards Track [Page 10] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + Each subsection of this section has a matching subsection in appendix + C. For example, the characters listed in section 5.1 are listed in + appendix C.1. + +5.1 Space characters + + Space characters can make accurate visual transcription of strings + nearly impossible and could lead to user entry errors in many ways. + Note that the list below is split into two tables in appendix C: + Table C.1.1 contains the ASCII code points, while Table C.1.2 + contains the non-ASCII code points. Most profiles of this document + that want to prohibit space characters will want to include both + tables. + + 0020; SPACE + 00A0; NO-BREAK SPACE + 1680; OGHAM SPACE MARK + 2000; EN QUAD + 2001; EM QUAD + 2002; EN SPACE + 2003; EM SPACE + 2004; THREE-PER-EM SPACE + 2005; FOUR-PER-EM SPACE + 2006; SIX-PER-EM SPACE + 2007; FIGURE SPACE + 2008; PUNCTUATION SPACE + 2009; THIN SPACE + 200A; HAIR SPACE + 200B; ZERO WIDTH SPACE + 202F; NARROW NO-BREAK SPACE + 205F; MEDIUM MATHEMATICAL SPACE + 3000; IDEOGRAPHIC SPACE + +5.2 Control characters + + Control characters (or characters with control function) cannot be + seen and can cause unpredictable results when displayed. Note that + the list below is split into two tables in appendix C: Table C.2.1 + contains the ASCII code points, while Table C.2.2 contains the non- + ASCII code points. Most profiles of this document that want to + prohibit control characters will want to include both tables. + + 0000-001F; [CONTROL CHARACTERS] + 007F; DELETE + 0080-009F; [CONTROL CHARACTERS] + 06DD; ARABIC END OF AYAH + 070F; SYRIAC ABBREVIATION MARK + 180E; MONGOLIAN VOWEL SEPARATOR + + + +Hoffman & Blanchet Standards Track [Page 11] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 200C; ZERO WIDTH NON-JOINER + 200D; ZERO WIDTH JOINER + 2028; LINE SEPARATOR + 2029; PARAGRAPH SEPARATOR + 2060; WORD JOINER + 2061; FUNCTION APPLICATION + 2062; INVISIBLE TIMES + 2063; INVISIBLE SEPARATOR + 206A-206F; [CONTROL CHARACTERS] + FEFF; ZERO WIDTH NO-BREAK SPACE + FFF9-FFFC; [CONTROL CHARACTERS] + 1D173-1D17A; [MUSICAL CONTROL CHARACTERS] + +5.3 Private use + + Because private-use characters do not have defined meanings, they are + likely to be prohibited. The private-use characters are: + + E000-F8FF; [PRIVATE USE, PLANE 0] + F0000-FFFFD; [PRIVATE USE, PLANE 15] + 100000-10FFFD; [PRIVATE USE, PLANE 16] + +5.4 Non-character code points + + Non-character code points are code points that have been allocated in + ISO/IEC 10646 but are not characters. Because they are already + assigned, they are guaranteed not to later change into characters. + + FDD0-FDEF; [NONCHARACTER CODE POINTS] + FFFE-FFFF; [NONCHARACTER CODE POINTS] + 1FFFE-1FFFF; [NONCHARACTER CODE POINTS] + 2FFFE-2FFFF; [NONCHARACTER CODE POINTS] + 3FFFE-3FFFF; [NONCHARACTER CODE POINTS] + 4FFFE-4FFFF; [NONCHARACTER CODE POINTS] + 5FFFE-5FFFF; [NONCHARACTER CODE POINTS] + 6FFFE-6FFFF; [NONCHARACTER CODE POINTS] + 7FFFE-7FFFF; [NONCHARACTER CODE POINTS] + 8FFFE-8FFFF; [NONCHARACTER CODE POINTS] + 9FFFE-9FFFF; [NONCHARACTER CODE POINTS] + AFFFE-AFFFF; [NONCHARACTER CODE POINTS] + BFFFE-BFFFF; [NONCHARACTER CODE POINTS] + CFFFE-CFFFF; [NONCHARACTER CODE POINTS] + DFFFE-DFFFF; [NONCHARACTER CODE POINTS] + EFFFE-EFFFF; [NONCHARACTER CODE POINTS] + FFFFE-FFFFF; [NONCHARACTER CODE POINTS] + 10FFFE-10FFFF; [NONCHARACTER CODE POINTS] + + + + + +Hoffman & Blanchet Standards Track [Page 12] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + The non-character code points are listed in the PropList.txt file + from the Unicode database. + +5.5 Surrogate codes + + The following code points are permanently reserved for use as + surrogate code values in the UTF-16 encoding, will never be assigned + to characters in the Unicode repertoire, and are therefore + prohibited: + + D800-DFFF; [SURROGATE CODES] + +5.6 Inappropriate for plain text + + The following characters do not appear in regular text. + + FFF9; INTERLINEAR ANNOTATION ANCHOR + FFFA; INTERLINEAR ANNOTATION SEPARATOR + FFFB; INTERLINEAR ANNOTATION TERMINATOR + FFFC; OBJECT REPLACEMENT CHARACTER + + Although the replacement character (U+FFFD) might be used when a + string is displayed, it doesn't make sense for it to be part of the + string itself. It is often displayed by renderers to indicate "there + would be some character here, but it cannot be rendered". For + example, on a computer with no Asian fonts, a string with three + ideographs might be rendered with three replacement characters. + + FFFD; REPLACEMENT CHARACTER + +5.7 Inappropriate for canonical representation + + The ideographic description characters allow different sequences of + characters to be rendered the same way, which makes them + inappropriate for strings that have to have a single canonical + representation. + + 2FF0-2FFB; [IDEOGRAPHIC DESCRIPTION CHARACTERS] + +5.8 Change display properties or are deprecated + + The following characters can cause changes in display or the order in + which characters appear when rendered, or are deprecated in Unicode. + + 0340; COMBINING GRAVE TONE MARK + 0341; COMBINING ACUTE TONE MARK + 200E; LEFT-TO-RIGHT MARK + 200F; RIGHT-TO-LEFT MARK + + + +Hoffman & Blanchet Standards Track [Page 13] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 202A; LEFT-TO-RIGHT EMBEDDING + 202B; RIGHT-TO-LEFT EMBEDDING + 202C; POP DIRECTIONAL FORMATTING + 202D; LEFT-TO-RIGHT OVERRIDE + 202E; RIGHT-TO-LEFT OVERRIDE + 206A; INHIBIT SYMMETRIC SWAPPING + 206B; ACTIVATE SYMMETRIC SWAPPING + 206C; INHIBIT ARABIC FORM SHAPING + 206D; ACTIVATE ARABIC FORM SHAPING + 206E; NATIONAL DIGIT SHAPES + 206F; NOMINAL DIGIT SHAPES + +5.9 Tagging characters + + The following characters are used for tagging text and are invisible. + + E0001; LANGUAGE TAG + E0020-E007F; [TAGGING CHARACTERS] + +6. Bidirectional Characters + + Most characters are displayed from left to right, but some are + displayed from right to left. This feature of Unicode is called + "bidirectional text", or "bidi" for short. The Unicode standard has + an extensive discussion of how to reorder glyphs for display when + dealing with bidirectional text such as Arabic or Hebrew. See [UAX9] + for more information. In particular, all Unicode text is stored in + logical order. + + A profile MAY choose to ignore bidirectional text. However, ignoring + bidirectional text can cause display ambiguities. For example, it is + quite easy to create two different strings with the same characters + (but in different order) that are correctly displayed identically. + Therefore, in order to avoid most problems with ambiguous + bidirectional text display, profile creators should strongly consider + including the bidirectional character handling described in this + section in their profile. + + The stringprep process never emits both an error and a string. If an + error is detected during the checking of bidirectional strings, only + an error is returned. + + [Unicode3.2] defines several bidirectional categories; each character + has one bidirectional category assigned to it. For the purposes of + the requirements below, an "RandALCat character" is a character that + has Unicode bidirectional categories "R" or "AL"; an "LCat character" + is a character that has Unicode bidirectional category "L". Note + + + + +Hoffman & Blanchet Standards Track [Page 14] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + that there are many characters which fall in neither of the above + definitions; Latin digits ( through ) are examples of + this because they have bidirectional category "EN". + + In any profile that specifies bidirectional character handling, all + three of the following requirements MUST be met: + + 1) The characters in section 5.8 MUST be prohibited. + + 2) If a string contains any RandALCat character, the string MUST NOT + contain any LCat character. + + 3) If a string contains any RandALCat character, a RandALCat + character MUST be the first character of the string, and a + RandALCat character MUST be the last character of the string. + + Note that requirement 3 prohibits strings such as + ("aleph 1") but allows strings such as + ("aleph 1 beh"). [UAX9] goes into great detail about the display + order of strings that contain particular categories of characters in + particular sequences. + + Table D.1 lists the characters that belong to Unicode bidirectional + categories "R" and "AL". Table D.2 lists all the characters that + belong to Unicode bidirectonal category "L". These tables are + derived from [Unicode3.2]. + +7. Unassigned Code Points in Stringprep Profiles + + This section describes two different types of strings in typical + protocols where internationalized strings are used: "stored strings" + and "queries". Of course, different Internet protocols use strings + very differently, so these terms cannot be used exactly in every + protocol that needs to use stringprep. In general, "stored strings" + are strings that are used in protocol identifiers and named entities, + such as names in digital certificates and DNS domain name parts. + "Queries" are strings that are used to match against strings that are + stored identifiers, such as user-entered names for digital + certificate authorities and DNS lookups. + + All code points not assigned in the character repertoire named in a + stringprep profile are called "unassigned code points". Stored + strings using the profile MUST NOT contain any unassigned code + points. Queries for matching strings MAY contain unassigned code + points. Note that this is the only part of this document where the + requirements for queries differs from the requirements for stored + strings. + + + + +Hoffman & Blanchet Standards Track [Page 15] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + Using two different policies for where unassigned code points can + appear removes the need for versioning in protocols that use + stringprep profiles. This is very useful since it makes the overall + processing simpler and does not impose a "protocol" to handle + versioning. It is expected that the ISO/IEC 10646 and Unicode + repertoires will be updated fairly frequently; at the time that this + document is being written, it has happened approximately once a year. + Each time a new version of a repertoire appears, a new version of a + profile MAY be created. Some end users will want to use the new code + points as soon as they are defined. + + The list of unassigned code points MUST be given in a profile, and + that list MUST be used by implementations of the profile. + + The goal of the requirements in this section is to prevent + comparisons between two strings that were both permitted to contain + unassigned code points. When two strings X and Y are compared and + string Y was prepared in a way that permits unassigned code points, a + negative result to the comparison is not definitive; it's possible + that the strings don't match even though they would match if a more + recent version of the profile were used for Y. However, if both X + and Y were prepared in a way that permits unassigned code points, + something worse can happen: even a positive result for the comparison + is not definitive. It is possible that the strings do match even + though they would not match if a more recent version of the profile + were used (one that prohibits a code point appearing in both X and + Y). + + Due to the way that versioning is handled in this section, stored + strings that are embedded in structures that cannot be changed (such + as the signed parts of digital certificates) MUST NOT contain any + unassigned code points. + +7.1 Categories of code points + + Each code point in a repertoire named by a profile of stringprep can + be categorized by how it acts in the process described in earlier + sections of this document: + + AO Code points that can be in the output + + MN Code points that cannot be in the output because they + never appear as output from mapping or normalization + + D Code points that cannot be in the output because they are + disallowed in the prohibition step + + U Unassigned code points + + + +Hoffman & Blanchet Standards Track [Page 16] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + A subsequent version of a profile that references a newer version of + a repertoire with new code points will inherently have some code + points move from category U to either D, MN, or AO. For backwards + compatibility, a subsequent version of a profile MUST NOT move code + points from any other category. That is, current AO, MN, or D code + points MUST NOT ever change to a different category. + + Stored strings MUST NOT contain any code points outside of AO for the + latest version of a profile. That is, they are forbidden to contain + code points from the MN, D, or U categories. + + Applications creating queries MUST treat U code points as if they + were AO when preparing the query to be entered in the process + described by a profile of stringprep. Those applications MAY + optionally have a preprocessor that provide stricter checks: treating + unassigned code points in the input as errors, or warning the user + about the fact that the code point is unassigned in the version of a + profile that the software is based on; such a choice is a local + matter for the software. + +7.2 Reasons for the difference between stored strings and queries + + Different software using different versions of a stringprep profile + need to interoperate with maximal compatibility. The scheme + described in this section (stored strings MUST NOT contain unassigned + code points, queries MAY include unassigned code points) allows that + compatibility without introducing any known security or + interoperability issues. + + The list below shows what happens if a query contains a code point + from category U that is allowed in a newer version of a profile. The + query either matches the string that was intended, or matches no + string at all. In this list, the query comes from an application + using version "oldVersion" of a profile, the stored string was + created using version "newVersion" of the same profile, and the code + point X was in category U in oldVersion, and has changed category to + AO, MN, or D. There are 3 possible scenarios: + + 1. X is assigned to AO -- In newVersion, X is in category AO. + Because the application passed X through, it gets back a positive + match with the stored string. There is one exceptional case, + where X is a combining mark. + + The order of combining marks is normalized, so if another + combining mark Y has a lower combining class than X then XY will + be put in the canonical order YX. (Unassigned code points are + never reordered, so this doesn't happen in oldVersion). If the + query contains YX, the query will get positive match with the + + + +Hoffman & Blanchet Standards Track [Page 17] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + stored string. However, no string can be stored with XY, so a + query with XY will get a negative answer to the test for matching. + + 2. X is assigned to MN -- In newVersion, X is normalized to code + point "nX" and therefore X is now put in category MN. This cannot + exist in any stored string, so any query containing X will get a + negative answer to the test for matching. Note, however, if the + query had contained the letter nX, it would have positively + matched. + + 3. X is assigned to D -- In newVersion, X is in category D. This + cannot exist in any stored string, so any query containing X will + get a negative answer to the test for matching. + + In none of the cases does the query get data for a stored string + other than the one it actually tried to match against. + + Profiles are stable between versions in the following sense: If a + string S has been prepared using newVersion, then it will not change + if it is subsequently prepared using oldVersion. + +7.3 Versions of applications and stored strings + + Another way to see that this versioning system works is to compare + what happens when an application uses a newer or older version of a + profile. + + Newer query application -- Suppose that a querying application is + using version newVersion and the stored string was created using + version oldVersion. This case is simple: there will be no characters + in the stored string that cannot be queried by the application + because the new profile uses a superset of the code points used for + making the stored string. + + Newer stored string -- Suppose that a querying application is using + oldVersion and the stored string was created using a profile that + uses newVersion. Because the querying application let unassigned + code points pass through, the user can query on stored strings that + use code points in newVersion. No stored strings can have code + points that are unassigned in newVersion, since that is illegal. In + order to get a match, the querying application has to enter the + unassigned code points in the proper order, and has to use unassigned + code points that would make it through both the mapping and the + normalization steps. + + + + + + + +Hoffman & Blanchet Standards Track [Page 18] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + +8. References + +8.1 Normative references + + [UAX15] Mark Davis and Martin Duerst. Unicode Standard Annex + #15: Unicode Normalization Forms, Version 3.2.0. + . + + [Unicode3.2] The Unicode Consortium. The Unicode Standard, Version + 3.2.0 is defined by The Unicode Standard, Version 3.0 + (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5), + as amended by the Unicode Standard Annex #27: Unicode + 3.1 (http://www.unicode.org/reports/tr27/) and by the + Unicode Standard Annex #28: Unicode 3.2 + (http://www.unicode.org/reports/tr28/). + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + +8.2 Informative references + + [CharModel] Unicode Technical Report;17, Character Encoding Model. + . + + [Glossary] Unicode Glossary, . + + [ISO10646] ISO/IEC, "Information Technology - Universal Multiple- + Octet Coded Character Set (UCS) - Part 1: Architecture + and Basic Multilingual Plane", ISO/IEC 10646-1:2000, + October 2000. + + [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for IANA + Considerations", BCP 26, RFC 2434, October 1998. + + [UAX9] The Unicode Consortium. Unicode Standard Annex #9, The + Bidirectional Algorithm, + . + + [UTR21] Mark Davis. Case Mappings. Unicode Technical Report 21. + . + +9. Security Considerations + + Stringprep is used with Unicode characters. There are security + considerations that are specific to stringprep, and others that are + generic to using Unicode. + + + + +Hoffman & Blanchet Standards Track [Page 19] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + +9.1 Stringprep-specific security considerations + + The Unicode and ISO/IEC 10646 repertoires have many characters that + look similar. In many cases, users of security protocols might do + visual matching, such as when comparing the names of trusted third + parties. Because it is impossible to map similar-looking characters + without a great deal of context such as knowing the fonts used, + stringprep does nothing to map similar-looking characters together + nor to prohibit some characters because they look like others. User + applications can help disambiguate some similar-looking characters by + showing the user when a string changes between scripts. + + Most profiles of stringprep can cause changes in strings that are + input to stringprep. Because of this, protocols that have sets of + non-allowed characters or sequences MUST check for the non-allowed + characters or sequences after the stringprep processing. + + This document does not mandate the checking of bidirectional + characters in section 6. If the requirements in section 6 are not + used in a profile of stringprep, it is easy to create many strings + whose characters are in different order but are displayed + identically. This can cause security-related user confusion similar + to look-alike characters, as described above. + + Stringprep does not do anything to assure that any algorithms + translating characters from non-Unicode into Unicode produce the same + output in all implementations. + + Some Unicode codepoints are invisible. Protocols that allow these + characters (that is, do not map them out or prohibit them in + stringprep) can cause users confusion when two identical-looking + strings do not match. + +9.2 Generic Unicode security considerations + + Using Unicode characters explicitly forces applications to use + multi-octet characters. Converting an application from one that uses + single-octet characters to one that uses multi-octet characters must + be done very carefully, particularly in an application that checks + for values of characters or sorts characters. + + Protocols that use stringprep usually also use encodings of Unicode, + such as UTF-8 or UTF-16. Some applications using those encodings + have been known to not check for illegal or ill-formed sequences in + the encodings, and thereby have not detected sequences of octets that + would have been detected if they used just ASCII. For example, in + + + + + +Hoffman & Blanchet Standards Track [Page 20] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + UTF-8 the octet sequence "0xC0 0xAB" is an illegal formation of + U+002B (plus sign). All programs should reject any string that is an + illegal or ill-formed octet sequence for the encoding being used. + + Both Unicode normalization and conversion between Unicode encodings + can cause strings to grow or shrink. Programs that used fixed-size + buffers, or that make assumptions that buffers will always be greater + than or less than particular sizes, are likely to fail in insecure + fashions when using Unicode normalization or encoding conversions. + + Covering an extensive list of security threats and considerations on + the use of current and future versions of Unicode is outside of the + scope of this document. + +10. IANA Considerations + + Stringprep profiles MUST have IETF consensus as described in + [RFC2434]. Each profile MUST be reviewed by the IESG before it is + registered. The IESG MAY change a profile before registration. + + IANA has set up a registry of stringprep profiles. This registry is + a single text file that lists the known profiles. Each entry in the + registry has three fields: + + - Profile name + + - RFC in which the profile is defined + + - Indicator whether or not this is the newest version of the profile + + Each version of a profile will remain listed in the registry forever. + That is, if a new version of a profile supersedes an earlier version, + both versions will continue to be listed in the registry, but the + current version indicator will be turned off for the earlier version + and turned on for the newer version. + + It is probably harmful if a large number of profiles of stringprep + proliferate. Therefore, the IESG may reject proposals for new + profiles and instead suggest that protocols reuse existing profiles. + + + + + + + + + + + + +Hoffman & Blanchet Standards Track [Page 21] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + +11. Acknowledgements + + Many people from the IETF IDN Working Group and the Unicode Technical + Committee contributed ideas that went into the first document of this + document. Mark Davis and Patrik Faltstrom were particularly helpful + in some of the ideas, such as the versioning description. + + The IDN nameprep design team made many useful changes to the first + document. That team and its advisors include: + + Asmus Freytag + Cathy Wissink + Francois Yergeau + James Seng + Marc Blanchet + Mark Davis + Martin Duerst + Patrik Faltstrom + Paul Hoffman + + Additional significant improvements were proposed by: + + Jonathan Rosenne + Kent Karlsson + Scott Hollenbeck + Dave Crocker + Erik Nordmark + Matitiahu Allouche + + + + + + + + + + + + + + + + + + + + + + + +Hoffman & Blanchet Standards Track [Page 22] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + +A. Unicode repertoires + + The following is the only repertoire covered in this document: + + Unicode 3.2, as defined in [Unicode3.2]. + +A.1 Unassigned code points in Unicode 3.2 + + ----- Start Table A.1 ----- + 0221 + 0234-024F + 02AE-02AF + 02EF-02FF + 0350-035F + 0370-0373 + 0376-0379 + 037B-037D + 037F-0383 + 038B + 038D + 03A2 + 03CF + 03F7-03FF + 0487 + 04CF + 04F6-04F7 + 04FA-04FF + 0510-0530 + 0557-0558 + 0560 + 0588 + 058B-0590 + 05A2 + 05BA + 05C5-05CF + 05EB-05EF + 05F5-060B + 060D-061A + 061C-061E + 0620 + 063B-063F + 0656-065F + 06EE-06EF + 06FF + 070E + 072D-072F + 074B-077F + 07B2-0900 + + + +Hoffman & Blanchet Standards Track [Page 23] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 0904 + 093A-093B + 094E-094F + 0955-0957 + 0971-0980 + 0984 + 098D-098E + 0991-0992 + 09A9 + 09B1 + 09B3-09B5 + 09BA-09BB + 09BD + 09C5-09C6 + 09C9-09CA + 09CE-09D6 + 09D8-09DB + 09DE + 09E4-09E5 + 09FB-0A01 + 0A03-0A04 + 0A0B-0A0E + 0A11-0A12 + 0A29 + 0A31 + 0A34 + 0A37 + 0A3A-0A3B + 0A3D + 0A43-0A46 + 0A49-0A4A + 0A4E-0A58 + 0A5D + 0A5F-0A65 + 0A75-0A80 + 0A84 + 0A8C + 0A8E + 0A92 + 0AA9 + 0AB1 + 0AB4 + 0ABA-0ABB + 0AC6 + 0ACA + 0ACE-0ACF + 0AD1-0ADF + 0AE1-0AE5 + + + +Hoffman & Blanchet Standards Track [Page 24] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 0AF0-0B00 + 0B04 + 0B0D-0B0E + 0B11-0B12 + 0B29 + 0B31 + 0B34-0B35 + 0B3A-0B3B + 0B44-0B46 + 0B49-0B4A + 0B4E-0B55 + 0B58-0B5B + 0B5E + 0B62-0B65 + 0B71-0B81 + 0B84 + 0B8B-0B8D + 0B91 + 0B96-0B98 + 0B9B + 0B9D + 0BA0-0BA2 + 0BA5-0BA7 + 0BAB-0BAD + 0BB6 + 0BBA-0BBD + 0BC3-0BC5 + 0BC9 + 0BCE-0BD6 + 0BD8-0BE6 + 0BF3-0C00 + 0C04 + 0C0D + 0C11 + 0C29 + 0C34 + 0C3A-0C3D + 0C45 + 0C49 + 0C4E-0C54 + 0C57-0C5F + 0C62-0C65 + 0C70-0C81 + 0C84 + 0C8D + 0C91 + 0CA9 + 0CB4 + + + +Hoffman & Blanchet Standards Track [Page 25] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 0CBA-0CBD + 0CC5 + 0CC9 + 0CCE-0CD4 + 0CD7-0CDD + 0CDF + 0CE2-0CE5 + 0CF0-0D01 + 0D04 + 0D0D + 0D11 + 0D29 + 0D3A-0D3D + 0D44-0D45 + 0D49 + 0D4E-0D56 + 0D58-0D5F + 0D62-0D65 + 0D70-0D81 + 0D84 + 0D97-0D99 + 0DB2 + 0DBC + 0DBE-0DBF + 0DC7-0DC9 + 0DCB-0DCE + 0DD5 + 0DD7 + 0DE0-0DF1 + 0DF5-0E00 + 0E3B-0E3E + 0E5C-0E80 + 0E83 + 0E85-0E86 + 0E89 + 0E8B-0E8C + 0E8E-0E93 + 0E98 + 0EA0 + 0EA4 + 0EA6 + 0EA8-0EA9 + 0EAC + 0EBA + 0EBE-0EBF + 0EC5 + 0EC7 + 0ECE-0ECF + + + +Hoffman & Blanchet Standards Track [Page 26] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 0EDA-0EDB + 0EDE-0EFF + 0F48 + 0F6B-0F70 + 0F8C-0F8F + 0F98 + 0FBD + 0FCD-0FCE + 0FD0-0FFF + 1022 + 1028 + 102B + 1033-1035 + 103A-103F + 105A-109F + 10C6-10CF + 10F9-10FA + 10FC-10FF + 115A-115E + 11A3-11A7 + 11FA-11FF + 1207 + 1247 + 1249 + 124E-124F + 1257 + 1259 + 125E-125F + 1287 + 1289 + 128E-128F + 12AF + 12B1 + 12B6-12B7 + 12BF + 12C1 + 12C6-12C7 + 12CF + 12D7 + 12EF + 130F + 1311 + 1316-1317 + 131F + 1347 + 135B-1360 + 137D-139F + 13F5-1400 + + + +Hoffman & Blanchet Standards Track [Page 27] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1677-167F + 169D-169F + 16F1-16FF + 170D + 1715-171F + 1737-173F + 1754-175F + 176D + 1771 + 1774-177F + 17DD-17DF + 17EA-17FF + 180F + 181A-181F + 1878-187F + 18AA-1DFF + 1E9C-1E9F + 1EFA-1EFF + 1F16-1F17 + 1F1E-1F1F + 1F46-1F47 + 1F4E-1F4F + 1F58 + 1F5A + 1F5C + 1F5E + 1F7E-1F7F + 1FB5 + 1FC5 + 1FD4-1FD5 + 1FDC + 1FF0-1FF1 + 1FF5 + 1FFF + 2053-2056 + 2058-205E + 2064-2069 + 2072-2073 + 208F-209F + 20B2-20CF + 20EB-20FF + 213B-213C + 214C-2152 + 2184-218F + 23CF-23FF + 2427-243F + 244B-245F + 24FF + + + +Hoffman & Blanchet Standards Track [Page 28] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 2614-2615 + 2618 + 267E-267F + 268A-2700 + 2705 + 270A-270B + 2728 + 274C + 274E + 2753-2755 + 2757 + 275F-2760 + 2795-2797 + 27B0 + 27BF-27CF + 27EC-27EF + 2B00-2E7F + 2E9A + 2EF4-2EFF + 2FD6-2FEF + 2FFC-2FFF + 3040 + 3097-3098 + 3100-3104 + 312D-3130 + 318F + 31B8-31EF + 321D-321F + 3244-3250 + 327C-327E + 32CC-32CF + 32FF + 3377-337A + 33DE-33DF + 33FF + 4DB6-4DFF + 9FA6-9FFF + A48D-A48F + A4C7-ABFF + D7A4-D7FF + FA2E-FA2F + FA6B-FAFF + FB07-FB12 + FB18-FB1C + FB37 + FB3D + FB3F + FB42 + + + +Hoffman & Blanchet Standards Track [Page 29] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + FB45 + FBB2-FBD2 + FD40-FD4F + FD90-FD91 + FDC8-FDCF + FDFD-FDFF + FE10-FE1F + FE24-FE2F + FE47-FE48 + FE53 + FE67 + FE6C-FE6F + FE75 + FEFD-FEFE + FF00 + FFBF-FFC1 + FFC8-FFC9 + FFD0-FFD1 + FFD8-FFD9 + FFDD-FFDF + FFE7 + FFEF-FFF8 + 10000-102FF + 1031F + 10324-1032F + 1034B-103FF + 10426-10427 + 1044E-1CFFF + 1D0F6-1D0FF + 1D127-1D129 + 1D1DE-1D3FF + 1D455 + 1D49D + 1D4A0-1D4A1 + 1D4A3-1D4A4 + 1D4A7-1D4A8 + 1D4AD + 1D4BA + 1D4BC + 1D4C1 + 1D4C4 + 1D506 + 1D50B-1D50C + 1D515 + 1D51D + 1D53A + 1D53F + 1D545 + + + +Hoffman & Blanchet Standards Track [Page 30] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1D547-1D549 + 1D551 + 1D6A4-1D6A7 + 1D7CA-1D7CD + 1D800-1FFFD + 2A6D7-2F7FF + 2FA1E-2FFFD + 30000-3FFFD + 40000-4FFFD + 50000-5FFFD + 60000-6FFFD + 70000-7FFFD + 80000-8FFFD + 90000-9FFFD + A0000-AFFFD + B0000-BFFFD + C0000-CFFFD + D0000-DFFFD + E0000 + E0002-E001F + E0080-EFFFD + ----- End Table A.1 ----- + +B. Mapping Tables + + The following is the mapping table from section 3. The table has + three columns: + + - the code point that is mapped from + - the zero or more code points that it is mapped to + - the reason for the mapping + + The columns are separated by semicolons. Note that the second column + may be empty, or it may have one code point, or it may have more than + one code point, with each code point separated by a space. + +B.1 Commonly mapped to nothing + + ----- Start Table B.1 ----- + 00AD; ; Map to nothing + 034F; ; Map to nothing + 1806; ; Map to nothing + 180B; ; Map to nothing + 180C; ; Map to nothing + 180D; ; Map to nothing + 200B; ; Map to nothing + 200C; ; Map to nothing + 200D; ; Map to nothing + + + +Hoffman & Blanchet Standards Track [Page 31] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 2060; ; Map to nothing + FE00; ; Map to nothing + FE01; ; Map to nothing + FE02; ; Map to nothing + FE03; ; Map to nothing + FE04; ; Map to nothing + FE05; ; Map to nothing + FE06; ; Map to nothing + FE07; ; Map to nothing + FE08; ; Map to nothing + FE09; ; Map to nothing + FE0A; ; Map to nothing + FE0B; ; Map to nothing + FE0C; ; Map to nothing + FE0D; ; Map to nothing + FE0E; ; Map to nothing + FE0F; ; Map to nothing + FEFF; ; Map to nothing + ----- End Table B.1 ----- + +B.2 Mapping for case-folding used with NFKC + + ----- Start Table B.2 ----- + 0041; 0061; Case map + 0042; 0062; Case map + 0043; 0063; Case map + 0044; 0064; Case map + 0045; 0065; Case map + 0046; 0066; Case map + 0047; 0067; Case map + 0048; 0068; Case map + 0049; 0069; Case map + 004A; 006A; Case map + 004B; 006B; Case map + 004C; 006C; Case map + 004D; 006D; Case map + 004E; 006E; Case map + 004F; 006F; Case map + 0050; 0070; Case map + 0051; 0071; Case map + 0052; 0072; Case map + 0053; 0073; Case map + 0054; 0074; Case map + 0055; 0075; Case map + 0056; 0076; Case map + 0057; 0077; Case map + 0058; 0078; Case map + 0059; 0079; Case map + + + +Hoffman & Blanchet Standards Track [Page 32] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 005A; 007A; Case map + 00B5; 03BC; Case map + 00C0; 00E0; Case map + 00C1; 00E1; Case map + 00C2; 00E2; Case map + 00C3; 00E3; Case map + 00C4; 00E4; Case map + 00C5; 00E5; Case map + 00C6; 00E6; Case map + 00C7; 00E7; Case map + 00C8; 00E8; Case map + 00C9; 00E9; Case map + 00CA; 00EA; Case map + 00CB; 00EB; Case map + 00CC; 00EC; Case map + 00CD; 00ED; Case map + 00CE; 00EE; Case map + 00CF; 00EF; Case map + 00D0; 00F0; Case map + 00D1; 00F1; Case map + 00D2; 00F2; Case map + 00D3; 00F3; Case map + 00D4; 00F4; Case map + 00D5; 00F5; Case map + 00D6; 00F6; Case map + 00D8; 00F8; Case map + 00D9; 00F9; Case map + 00DA; 00FA; Case map + 00DB; 00FB; Case map + 00DC; 00FC; Case map + 00DD; 00FD; Case map + 00DE; 00FE; Case map + 00DF; 0073 0073; Case map + 0100; 0101; Case map + 0102; 0103; Case map + 0104; 0105; Case map + 0106; 0107; Case map + 0108; 0109; Case map + 010A; 010B; Case map + 010C; 010D; Case map + 010E; 010F; Case map + 0110; 0111; Case map + 0112; 0113; Case map + 0114; 0115; Case map + 0116; 0117; Case map + 0118; 0119; Case map + 011A; 011B; Case map + 011C; 011D; Case map + + + +Hoffman & Blanchet Standards Track [Page 33] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 011E; 011F; Case map + 0120; 0121; Case map + 0122; 0123; Case map + 0124; 0125; Case map + 0126; 0127; Case map + 0128; 0129; Case map + 012A; 012B; Case map + 012C; 012D; Case map + 012E; 012F; Case map + 0130; 0069 0307; Case map + 0132; 0133; Case map + 0134; 0135; Case map + 0136; 0137; Case map + 0139; 013A; Case map + 013B; 013C; Case map + 013D; 013E; Case map + 013F; 0140; Case map + 0141; 0142; Case map + 0143; 0144; Case map + 0145; 0146; Case map + 0147; 0148; Case map + 0149; 02BC 006E; Case map + 014A; 014B; Case map + 014C; 014D; Case map + 014E; 014F; Case map + 0150; 0151; Case map + 0152; 0153; Case map + 0154; 0155; Case map + 0156; 0157; Case map + 0158; 0159; Case map + 015A; 015B; Case map + 015C; 015D; Case map + 015E; 015F; Case map + 0160; 0161; Case map + 0162; 0163; Case map + 0164; 0165; Case map + 0166; 0167; Case map + 0168; 0169; Case map + 016A; 016B; Case map + 016C; 016D; Case map + 016E; 016F; Case map + 0170; 0171; Case map + 0172; 0173; Case map + 0174; 0175; Case map + 0176; 0177; Case map + 0178; 00FF; Case map + 0179; 017A; Case map + 017B; 017C; Case map + + + +Hoffman & Blanchet Standards Track [Page 34] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 017D; 017E; Case map + 017F; 0073; Case map + 0181; 0253; Case map + 0182; 0183; Case map + 0184; 0185; Case map + 0186; 0254; Case map + 0187; 0188; Case map + 0189; 0256; Case map + 018A; 0257; Case map + 018B; 018C; Case map + 018E; 01DD; Case map + 018F; 0259; Case map + 0190; 025B; Case map + 0191; 0192; Case map + 0193; 0260; Case map + 0194; 0263; Case map + 0196; 0269; Case map + 0197; 0268; Case map + 0198; 0199; Case map + 019C; 026F; Case map + 019D; 0272; Case map + 019F; 0275; Case map + 01A0; 01A1; Case map + 01A2; 01A3; Case map + 01A4; 01A5; Case map + 01A6; 0280; Case map + 01A7; 01A8; Case map + 01A9; 0283; Case map + 01AC; 01AD; Case map + 01AE; 0288; Case map + 01AF; 01B0; Case map + 01B1; 028A; Case map + 01B2; 028B; Case map + 01B3; 01B4; Case map + 01B5; 01B6; Case map + 01B7; 0292; Case map + 01B8; 01B9; Case map + 01BC; 01BD; Case map + 01C4; 01C6; Case map + 01C5; 01C6; Case map + 01C7; 01C9; Case map + 01C8; 01C9; Case map + 01CA; 01CC; Case map + 01CB; 01CC; Case map + 01CD; 01CE; Case map + 01CF; 01D0; Case map + 01D1; 01D2; Case map + 01D3; 01D4; Case map + + + +Hoffman & Blanchet Standards Track [Page 35] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 01D5; 01D6; Case map + 01D7; 01D8; Case map + 01D9; 01DA; Case map + 01DB; 01DC; Case map + 01DE; 01DF; Case map + 01E0; 01E1; Case map + 01E2; 01E3; Case map + 01E4; 01E5; Case map + 01E6; 01E7; Case map + 01E8; 01E9; Case map + 01EA; 01EB; Case map + 01EC; 01ED; Case map + 01EE; 01EF; Case map + 01F0; 006A 030C; Case map + 01F1; 01F3; Case map + 01F2; 01F3; Case map + 01F4; 01F5; Case map + 01F6; 0195; Case map + 01F7; 01BF; Case map + 01F8; 01F9; Case map + 01FA; 01FB; Case map + 01FC; 01FD; Case map + 01FE; 01FF; Case map + 0200; 0201; Case map + 0202; 0203; Case map + 0204; 0205; Case map + 0206; 0207; Case map + 0208; 0209; Case map + 020A; 020B; Case map + 020C; 020D; Case map + 020E; 020F; Case map + 0210; 0211; Case map + 0212; 0213; Case map + 0214; 0215; Case map + 0216; 0217; Case map + 0218; 0219; Case map + 021A; 021B; Case map + 021C; 021D; Case map + 021E; 021F; Case map + 0220; 019E; Case map + 0222; 0223; Case map + 0224; 0225; Case map + 0226; 0227; Case map + 0228; 0229; Case map + 022A; 022B; Case map + 022C; 022D; Case map + 022E; 022F; Case map + 0230; 0231; Case map + + + +Hoffman & Blanchet Standards Track [Page 36] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 0232; 0233; Case map + 0345; 03B9; Case map + 037A; 0020 03B9; Additional folding + 0386; 03AC; Case map + 0388; 03AD; Case map + 0389; 03AE; Case map + 038A; 03AF; Case map + 038C; 03CC; Case map + 038E; 03CD; Case map + 038F; 03CE; Case map + 0390; 03B9 0308 0301; Case map + 0391; 03B1; Case map + 0392; 03B2; Case map + 0393; 03B3; Case map + 0394; 03B4; Case map + 0395; 03B5; Case map + 0396; 03B6; Case map + 0397; 03B7; Case map + 0398; 03B8; Case map + 0399; 03B9; Case map + 039A; 03BA; Case map + 039B; 03BB; Case map + 039C; 03BC; Case map + 039D; 03BD; Case map + 039E; 03BE; Case map + 039F; 03BF; Case map + 03A0; 03C0; Case map + 03A1; 03C1; Case map + 03A3; 03C3; Case map + 03A4; 03C4; Case map + 03A5; 03C5; Case map + 03A6; 03C6; Case map + 03A7; 03C7; Case map + 03A8; 03C8; Case map + 03A9; 03C9; Case map + 03AA; 03CA; Case map + 03AB; 03CB; Case map + 03B0; 03C5 0308 0301; Case map + 03C2; 03C3; Case map + 03D0; 03B2; Case map + 03D1; 03B8; Case map + 03D2; 03C5; Additional folding + 03D3; 03CD; Additional folding + 03D4; 03CB; Additional folding + 03D5; 03C6; Case map + 03D6; 03C0; Case map + 03D8; 03D9; Case map + 03DA; 03DB; Case map + + + +Hoffman & Blanchet Standards Track [Page 37] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 03DC; 03DD; Case map + 03DE; 03DF; Case map + 03E0; 03E1; Case map + 03E2; 03E3; Case map + 03E4; 03E5; Case map + 03E6; 03E7; Case map + 03E8; 03E9; Case map + 03EA; 03EB; Case map + 03EC; 03ED; Case map + 03EE; 03EF; Case map + 03F0; 03BA; Case map + 03F1; 03C1; Case map + 03F2; 03C3; Case map + 03F4; 03B8; Case map + 03F5; 03B5; Case map + 0400; 0450; Case map + 0401; 0451; Case map + 0402; 0452; Case map + 0403; 0453; Case map + 0404; 0454; Case map + 0405; 0455; Case map + 0406; 0456; Case map + 0407; 0457; Case map + 0408; 0458; Case map + 0409; 0459; Case map + 040A; 045A; Case map + 040B; 045B; Case map + 040C; 045C; Case map + 040D; 045D; Case map + 040E; 045E; Case map + 040F; 045F; Case map + 0410; 0430; Case map + 0411; 0431; Case map + 0412; 0432; Case map + 0413; 0433; Case map + 0414; 0434; Case map + 0415; 0435; Case map + 0416; 0436; Case map + 0417; 0437; Case map + 0418; 0438; Case map + 0419; 0439; Case map + 041A; 043A; Case map + 041B; 043B; Case map + 041C; 043C; Case map + 041D; 043D; Case map + 041E; 043E; Case map + 041F; 043F; Case map + 0420; 0440; Case map + + + +Hoffman & Blanchet Standards Track [Page 38] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 0421; 0441; Case map + 0422; 0442; Case map + 0423; 0443; Case map + 0424; 0444; Case map + 0425; 0445; Case map + 0426; 0446; Case map + 0427; 0447; Case map + 0428; 0448; Case map + 0429; 0449; Case map + 042A; 044A; Case map + 042B; 044B; Case map + 042C; 044C; Case map + 042D; 044D; Case map + 042E; 044E; Case map + 042F; 044F; Case map + 0460; 0461; Case map + 0462; 0463; Case map + 0464; 0465; Case map + 0466; 0467; Case map + 0468; 0469; Case map + 046A; 046B; Case map + 046C; 046D; Case map + 046E; 046F; Case map + 0470; 0471; Case map + 0472; 0473; Case map + 0474; 0475; Case map + 0476; 0477; Case map + 0478; 0479; Case map + 047A; 047B; Case map + 047C; 047D; Case map + 047E; 047F; Case map + 0480; 0481; Case map + 048A; 048B; Case map + 048C; 048D; Case map + 048E; 048F; Case map + 0490; 0491; Case map + 0492; 0493; Case map + 0494; 0495; Case map + 0496; 0497; Case map + 0498; 0499; Case map + 049A; 049B; Case map + 049C; 049D; Case map + 049E; 049F; Case map + 04A0; 04A1; Case map + 04A2; 04A3; Case map + 04A4; 04A5; Case map + 04A6; 04A7; Case map + 04A8; 04A9; Case map + + + +Hoffman & Blanchet Standards Track [Page 39] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 04AA; 04AB; Case map + 04AC; 04AD; Case map + 04AE; 04AF; Case map + 04B0; 04B1; Case map + 04B2; 04B3; Case map + 04B4; 04B5; Case map + 04B6; 04B7; Case map + 04B8; 04B9; Case map + 04BA; 04BB; Case map + 04BC; 04BD; Case map + 04BE; 04BF; Case map + 04C1; 04C2; Case map + 04C3; 04C4; Case map + 04C5; 04C6; Case map + 04C7; 04C8; Case map + 04C9; 04CA; Case map + 04CB; 04CC; Case map + 04CD; 04CE; Case map + 04D0; 04D1; Case map + 04D2; 04D3; Case map + 04D4; 04D5; Case map + 04D6; 04D7; Case map + 04D8; 04D9; Case map + 04DA; 04DB; Case map + 04DC; 04DD; Case map + 04DE; 04DF; Case map + 04E0; 04E1; Case map + 04E2; 04E3; Case map + 04E4; 04E5; Case map + 04E6; 04E7; Case map + 04E8; 04E9; Case map + 04EA; 04EB; Case map + 04EC; 04ED; Case map + 04EE; 04EF; Case map + 04F0; 04F1; Case map + 04F2; 04F3; Case map + 04F4; 04F5; Case map + 04F8; 04F9; Case map + 0500; 0501; Case map + 0502; 0503; Case map + 0504; 0505; Case map + 0506; 0507; Case map + 0508; 0509; Case map + 050A; 050B; Case map + 050C; 050D; Case map + 050E; 050F; Case map + 0531; 0561; Case map + 0532; 0562; Case map + + + +Hoffman & Blanchet Standards Track [Page 40] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 0533; 0563; Case map + 0534; 0564; Case map + 0535; 0565; Case map + 0536; 0566; Case map + 0537; 0567; Case map + 0538; 0568; Case map + 0539; 0569; Case map + 053A; 056A; Case map + 053B; 056B; Case map + 053C; 056C; Case map + 053D; 056D; Case map + 053E; 056E; Case map + 053F; 056F; Case map + 0540; 0570; Case map + 0541; 0571; Case map + 0542; 0572; Case map + 0543; 0573; Case map + 0544; 0574; Case map + 0545; 0575; Case map + 0546; 0576; Case map + 0547; 0577; Case map + 0548; 0578; Case map + 0549; 0579; Case map + 054A; 057A; Case map + 054B; 057B; Case map + 054C; 057C; Case map + 054D; 057D; Case map + 054E; 057E; Case map + 054F; 057F; Case map + 0550; 0580; Case map + 0551; 0581; Case map + 0552; 0582; Case map + 0553; 0583; Case map + 0554; 0584; Case map + 0555; 0585; Case map + 0556; 0586; Case map + 0587; 0565 0582; Case map + 1E00; 1E01; Case map + 1E02; 1E03; Case map + 1E04; 1E05; Case map + 1E06; 1E07; Case map + 1E08; 1E09; Case map + 1E0A; 1E0B; Case map + 1E0C; 1E0D; Case map + 1E0E; 1E0F; Case map + 1E10; 1E11; Case map + 1E12; 1E13; Case map + 1E14; 1E15; Case map + + + +Hoffman & Blanchet Standards Track [Page 41] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1E16; 1E17; Case map + 1E18; 1E19; Case map + 1E1A; 1E1B; Case map + 1E1C; 1E1D; Case map + 1E1E; 1E1F; Case map + 1E20; 1E21; Case map + 1E22; 1E23; Case map + 1E24; 1E25; Case map + 1E26; 1E27; Case map + 1E28; 1E29; Case map + 1E2A; 1E2B; Case map + 1E2C; 1E2D; Case map + 1E2E; 1E2F; Case map + 1E30; 1E31; Case map + 1E32; 1E33; Case map + 1E34; 1E35; Case map + 1E36; 1E37; Case map + 1E38; 1E39; Case map + 1E3A; 1E3B; Case map + 1E3C; 1E3D; Case map + 1E3E; 1E3F; Case map + 1E40; 1E41; Case map + 1E42; 1E43; Case map + 1E44; 1E45; Case map + 1E46; 1E47; Case map + 1E48; 1E49; Case map + 1E4A; 1E4B; Case map + 1E4C; 1E4D; Case map + 1E4E; 1E4F; Case map + 1E50; 1E51; Case map + 1E52; 1E53; Case map + 1E54; 1E55; Case map + 1E56; 1E57; Case map + 1E58; 1E59; Case map + 1E5A; 1E5B; Case map + 1E5C; 1E5D; Case map + 1E5E; 1E5F; Case map + 1E60; 1E61; Case map + 1E62; 1E63; Case map + 1E64; 1E65; Case map + 1E66; 1E67; Case map + 1E68; 1E69; Case map + 1E6A; 1E6B; Case map + 1E6C; 1E6D; Case map + 1E6E; 1E6F; Case map + 1E70; 1E71; Case map + 1E72; 1E73; Case map + 1E74; 1E75; Case map + + + +Hoffman & Blanchet Standards Track [Page 42] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1E76; 1E77; Case map + 1E78; 1E79; Case map + 1E7A; 1E7B; Case map + 1E7C; 1E7D; Case map + 1E7E; 1E7F; Case map + 1E80; 1E81; Case map + 1E82; 1E83; Case map + 1E84; 1E85; Case map + 1E86; 1E87; Case map + 1E88; 1E89; Case map + 1E8A; 1E8B; Case map + 1E8C; 1E8D; Case map + 1E8E; 1E8F; Case map + 1E90; 1E91; Case map + 1E92; 1E93; Case map + 1E94; 1E95; Case map + 1E96; 0068 0331; Case map + 1E97; 0074 0308; Case map + 1E98; 0077 030A; Case map + 1E99; 0079 030A; Case map + 1E9A; 0061 02BE; Case map + 1E9B; 1E61; Case map + 1EA0; 1EA1; Case map + 1EA2; 1EA3; Case map + 1EA4; 1EA5; Case map + 1EA6; 1EA7; Case map + 1EA8; 1EA9; Case map + 1EAA; 1EAB; Case map + 1EAC; 1EAD; Case map + 1EAE; 1EAF; Case map + 1EB0; 1EB1; Case map + 1EB2; 1EB3; Case map + 1EB4; 1EB5; Case map + 1EB6; 1EB7; Case map + 1EB8; 1EB9; Case map + 1EBA; 1EBB; Case map + 1EBC; 1EBD; Case map + 1EBE; 1EBF; Case map + 1EC0; 1EC1; Case map + 1EC2; 1EC3; Case map + 1EC4; 1EC5; Case map + 1EC6; 1EC7; Case map + 1EC8; 1EC9; Case map + 1ECA; 1ECB; Case map + 1ECC; 1ECD; Case map + 1ECE; 1ECF; Case map + 1ED0; 1ED1; Case map + 1ED2; 1ED3; Case map + + + +Hoffman & Blanchet Standards Track [Page 43] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1ED4; 1ED5; Case map + 1ED6; 1ED7; Case map + 1ED8; 1ED9; Case map + 1EDA; 1EDB; Case map + 1EDC; 1EDD; Case map + 1EDE; 1EDF; Case map + 1EE0; 1EE1; Case map + 1EE2; 1EE3; Case map + 1EE4; 1EE5; Case map + 1EE6; 1EE7; Case map + 1EE8; 1EE9; Case map + 1EEA; 1EEB; Case map + 1EEC; 1EED; Case map + 1EEE; 1EEF; Case map + 1EF0; 1EF1; Case map + 1EF2; 1EF3; Case map + 1EF4; 1EF5; Case map + 1EF6; 1EF7; Case map + 1EF8; 1EF9; Case map + 1F08; 1F00; Case map + 1F09; 1F01; Case map + 1F0A; 1F02; Case map + 1F0B; 1F03; Case map + 1F0C; 1F04; Case map + 1F0D; 1F05; Case map + 1F0E; 1F06; Case map + 1F0F; 1F07; Case map + 1F18; 1F10; Case map + 1F19; 1F11; Case map + 1F1A; 1F12; Case map + 1F1B; 1F13; Case map + 1F1C; 1F14; Case map + 1F1D; 1F15; Case map + 1F28; 1F20; Case map + 1F29; 1F21; Case map + 1F2A; 1F22; Case map + 1F2B; 1F23; Case map + 1F2C; 1F24; Case map + 1F2D; 1F25; Case map + 1F2E; 1F26; Case map + 1F2F; 1F27; Case map + 1F38; 1F30; Case map + 1F39; 1F31; Case map + 1F3A; 1F32; Case map + 1F3B; 1F33; Case map + 1F3C; 1F34; Case map + 1F3D; 1F35; Case map + 1F3E; 1F36; Case map + + + +Hoffman & Blanchet Standards Track [Page 44] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1F3F; 1F37; Case map + 1F48; 1F40; Case map + 1F49; 1F41; Case map + 1F4A; 1F42; Case map + 1F4B; 1F43; Case map + 1F4C; 1F44; Case map + 1F4D; 1F45; Case map + 1F50; 03C5 0313; Case map + 1F52; 03C5 0313 0300; Case map + 1F54; 03C5 0313 0301; Case map + 1F56; 03C5 0313 0342; Case map + 1F59; 1F51; Case map + 1F5B; 1F53; Case map + 1F5D; 1F55; Case map + 1F5F; 1F57; Case map + 1F68; 1F60; Case map + 1F69; 1F61; Case map + 1F6A; 1F62; Case map + 1F6B; 1F63; Case map + 1F6C; 1F64; Case map + 1F6D; 1F65; Case map + 1F6E; 1F66; Case map + 1F6F; 1F67; Case map + 1F80; 1F00 03B9; Case map + 1F81; 1F01 03B9; Case map + 1F82; 1F02 03B9; Case map + 1F83; 1F03 03B9; Case map + 1F84; 1F04 03B9; Case map + 1F85; 1F05 03B9; Case map + 1F86; 1F06 03B9; Case map + 1F87; 1F07 03B9; Case map + 1F88; 1F00 03B9; Case map + 1F89; 1F01 03B9; Case map + 1F8A; 1F02 03B9; Case map + 1F8B; 1F03 03B9; Case map + 1F8C; 1F04 03B9; Case map + 1F8D; 1F05 03B9; Case map + 1F8E; 1F06 03B9; Case map + 1F8F; 1F07 03B9; Case map + 1F90; 1F20 03B9; Case map + 1F91; 1F21 03B9; Case map + 1F92; 1F22 03B9; Case map + 1F93; 1F23 03B9; Case map + 1F94; 1F24 03B9; Case map + 1F95; 1F25 03B9; Case map + 1F96; 1F26 03B9; Case map + 1F97; 1F27 03B9; Case map + 1F98; 1F20 03B9; Case map + + + +Hoffman & Blanchet Standards Track [Page 45] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1F99; 1F21 03B9; Case map + 1F9A; 1F22 03B9; Case map + 1F9B; 1F23 03B9; Case map + 1F9C; 1F24 03B9; Case map + 1F9D; 1F25 03B9; Case map + 1F9E; 1F26 03B9; Case map + 1F9F; 1F27 03B9; Case map + 1FA0; 1F60 03B9; Case map + 1FA1; 1F61 03B9; Case map + 1FA2; 1F62 03B9; Case map + 1FA3; 1F63 03B9; Case map + 1FA4; 1F64 03B9; Case map + 1FA5; 1F65 03B9; Case map + 1FA6; 1F66 03B9; Case map + 1FA7; 1F67 03B9; Case map + 1FA8; 1F60 03B9; Case map + 1FA9; 1F61 03B9; Case map + 1FAA; 1F62 03B9; Case map + 1FAB; 1F63 03B9; Case map + 1FAC; 1F64 03B9; Case map + 1FAD; 1F65 03B9; Case map + 1FAE; 1F66 03B9; Case map + 1FAF; 1F67 03B9; Case map + 1FB2; 1F70 03B9; Case map + 1FB3; 03B1 03B9; Case map + 1FB4; 03AC 03B9; Case map + 1FB6; 03B1 0342; Case map + 1FB7; 03B1 0342 03B9; Case map + 1FB8; 1FB0; Case map + 1FB9; 1FB1; Case map + 1FBA; 1F70; Case map + 1FBB; 1F71; Case map + 1FBC; 03B1 03B9; Case map + 1FBE; 03B9; Case map + 1FC2; 1F74 03B9; Case map + 1FC3; 03B7 03B9; Case map + 1FC4; 03AE 03B9; Case map + 1FC6; 03B7 0342; Case map + 1FC7; 03B7 0342 03B9; Case map + 1FC8; 1F72; Case map + 1FC9; 1F73; Case map + 1FCA; 1F74; Case map + 1FCB; 1F75; Case map + 1FCC; 03B7 03B9; Case map + 1FD2; 03B9 0308 0300; Case map + 1FD3; 03B9 0308 0301; Case map + 1FD6; 03B9 0342; Case map + 1FD7; 03B9 0308 0342; Case map + + + +Hoffman & Blanchet Standards Track [Page 46] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1FD8; 1FD0; Case map + 1FD9; 1FD1; Case map + 1FDA; 1F76; Case map + 1FDB; 1F77; Case map + 1FE2; 03C5 0308 0300; Case map + 1FE3; 03C5 0308 0301; Case map + 1FE4; 03C1 0313; Case map + 1FE6; 03C5 0342; Case map + 1FE7; 03C5 0308 0342; Case map + 1FE8; 1FE0; Case map + 1FE9; 1FE1; Case map + 1FEA; 1F7A; Case map + 1FEB; 1F7B; Case map + 1FEC; 1FE5; Case map + 1FF2; 1F7C 03B9; Case map + 1FF3; 03C9 03B9; Case map + 1FF4; 03CE 03B9; Case map + 1FF6; 03C9 0342; Case map + 1FF7; 03C9 0342 03B9; Case map + 1FF8; 1F78; Case map + 1FF9; 1F79; Case map + 1FFA; 1F7C; Case map + 1FFB; 1F7D; Case map + 1FFC; 03C9 03B9; Case map + 20A8; 0072 0073; Additional folding + 2102; 0063; Additional folding + 2103; 00B0 0063; Additional folding + 2107; 025B; Additional folding + 2109; 00B0 0066; Additional folding + 210B; 0068; Additional folding + 210C; 0068; Additional folding + 210D; 0068; Additional folding + 2110; 0069; Additional folding + 2111; 0069; Additional folding + 2112; 006C; Additional folding + 2115; 006E; Additional folding + 2116; 006E 006F; Additional folding + 2119; 0070; Additional folding + 211A; 0071; Additional folding + 211B; 0072; Additional folding + 211C; 0072; Additional folding + 211D; 0072; Additional folding + 2120; 0073 006D; Additional folding + 2121; 0074 0065 006C; Additional folding + 2122; 0074 006D; Additional folding + 2124; 007A; Additional folding + 2126; 03C9; Case map + 2128; 007A; Additional folding + + + +Hoffman & Blanchet Standards Track [Page 47] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 212A; 006B; Case map + 212B; 00E5; Case map + 212C; 0062; Additional folding + 212D; 0063; Additional folding + 2130; 0065; Additional folding + 2131; 0066; Additional folding + 2133; 006D; Additional folding + 213E; 03B3; Additional folding + 213F; 03C0; Additional folding + 2145; 0064; Additional folding + 2160; 2170; Case map + 2161; 2171; Case map + 2162; 2172; Case map + 2163; 2173; Case map + 2164; 2174; Case map + 2165; 2175; Case map + 2166; 2176; Case map + 2167; 2177; Case map + 2168; 2178; Case map + 2169; 2179; Case map + 216A; 217A; Case map + 216B; 217B; Case map + 216C; 217C; Case map + 216D; 217D; Case map + 216E; 217E; Case map + 216F; 217F; Case map + 24B6; 24D0; Case map + 24B7; 24D1; Case map + 24B8; 24D2; Case map + 24B9; 24D3; Case map + 24BA; 24D4; Case map + 24BB; 24D5; Case map + 24BC; 24D6; Case map + 24BD; 24D7; Case map + 24BE; 24D8; Case map + 24BF; 24D9; Case map + 24C0; 24DA; Case map + 24C1; 24DB; Case map + 24C2; 24DC; Case map + 24C3; 24DD; Case map + 24C4; 24DE; Case map + 24C5; 24DF; Case map + 24C6; 24E0; Case map + 24C7; 24E1; Case map + 24C8; 24E2; Case map + 24C9; 24E3; Case map + 24CA; 24E4; Case map + 24CB; 24E5; Case map + + + +Hoffman & Blanchet Standards Track [Page 48] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 24CC; 24E6; Case map + 24CD; 24E7; Case map + 24CE; 24E8; Case map + 24CF; 24E9; Case map + 3371; 0068 0070 0061; Additional folding + 3373; 0061 0075; Additional folding + 3375; 006F 0076; Additional folding + 3380; 0070 0061; Additional folding + 3381; 006E 0061; Additional folding + 3382; 03BC 0061; Additional folding + 3383; 006D 0061; Additional folding + 3384; 006B 0061; Additional folding + 3385; 006B 0062; Additional folding + 3386; 006D 0062; Additional folding + 3387; 0067 0062; Additional folding + 338A; 0070 0066; Additional folding + 338B; 006E 0066; Additional folding + 338C; 03BC 0066; Additional folding + 3390; 0068 007A; Additional folding + 3391; 006B 0068 007A; Additional folding + 3392; 006D 0068 007A; Additional folding + 3393; 0067 0068 007A; Additional folding + 3394; 0074 0068 007A; Additional folding + 33A9; 0070 0061; Additional folding + 33AA; 006B 0070 0061; Additional folding + 33AB; 006D 0070 0061; Additional folding + 33AC; 0067 0070 0061; Additional folding + 33B4; 0070 0076; Additional folding + 33B5; 006E 0076; Additional folding + 33B6; 03BC 0076; Additional folding + 33B7; 006D 0076; Additional folding + 33B8; 006B 0076; Additional folding + 33B9; 006D 0076; Additional folding + 33BA; 0070 0077; Additional folding + 33BB; 006E 0077; Additional folding + 33BC; 03BC 0077; Additional folding + 33BD; 006D 0077; Additional folding + 33BE; 006B 0077; Additional folding + 33BF; 006D 0077; Additional folding + 33C0; 006B 03C9; Additional folding + 33C1; 006D 03C9; Additional folding + 33C3; 0062 0071; Additional folding + 33C6; 0063 2215 006B 0067; Additional folding + 33C7; 0063 006F 002E; Additional folding + 33C8; 0064 0062; Additional folding + 33C9; 0067 0079; Additional folding + 33CB; 0068 0070; Additional folding + 33CD; 006B 006B; Additional folding + + + +Hoffman & Blanchet Standards Track [Page 49] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 33CE; 006B 006D; Additional folding + 33D7; 0070 0068; Additional folding + 33D9; 0070 0070 006D; Additional folding + 33DA; 0070 0072; Additional folding + 33DC; 0073 0076; Additional folding + 33DD; 0077 0062; Additional folding + FB00; 0066 0066; Case map + FB01; 0066 0069; Case map + FB02; 0066 006C; Case map + FB03; 0066 0066 0069; Case map + FB04; 0066 0066 006C; Case map + FB05; 0073 0074; Case map + FB06; 0073 0074; Case map + FB13; 0574 0576; Case map + FB14; 0574 0565; Case map + FB15; 0574 056B; Case map + FB16; 057E 0576; Case map + FB17; 0574 056D; Case map + FF21; FF41; Case map + FF22; FF42; Case map + FF23; FF43; Case map + FF24; FF44; Case map + FF25; FF45; Case map + FF26; FF46; Case map + FF27; FF47; Case map + FF28; FF48; Case map + FF29; FF49; Case map + FF2A; FF4A; Case map + FF2B; FF4B; Case map + FF2C; FF4C; Case map + FF2D; FF4D; Case map + FF2E; FF4E; Case map + FF2F; FF4F; Case map + FF30; FF50; Case map + FF31; FF51; Case map + FF32; FF52; Case map + FF33; FF53; Case map + FF34; FF54; Case map + FF35; FF55; Case map + FF36; FF56; Case map + FF37; FF57; Case map + FF38; FF58; Case map + FF39; FF59; Case map + FF3A; FF5A; Case map + 10400; 10428; Case map + 10401; 10429; Case map + 10402; 1042A; Case map + 10403; 1042B; Case map + + + +Hoffman & Blanchet Standards Track [Page 50] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 10404; 1042C; Case map + 10405; 1042D; Case map + 10406; 1042E; Case map + 10407; 1042F; Case map + 10408; 10430; Case map + 10409; 10431; Case map + 1040A; 10432; Case map + 1040B; 10433; Case map + 1040C; 10434; Case map + 1040D; 10435; Case map + 1040E; 10436; Case map + 1040F; 10437; Case map + 10410; 10438; Case map + 10411; 10439; Case map + 10412; 1043A; Case map + 10413; 1043B; Case map + 10414; 1043C; Case map + 10415; 1043D; Case map + 10416; 1043E; Case map + 10417; 1043F; Case map + 10418; 10440; Case map + 10419; 10441; Case map + 1041A; 10442; Case map + 1041B; 10443; Case map + 1041C; 10444; Case map + 1041D; 10445; Case map + 1041E; 10446; Case map + 1041F; 10447; Case map + 10420; 10448; Case map + 10421; 10449; Case map + 10422; 1044A; Case map + 10423; 1044B; Case map + 10424; 1044C; Case map + 10425; 1044D; Case map + 1D400; 0061; Additional folding + 1D401; 0062; Additional folding + 1D402; 0063; Additional folding + 1D403; 0064; Additional folding + 1D404; 0065; Additional folding + 1D405; 0066; Additional folding + 1D406; 0067; Additional folding + 1D407; 0068; Additional folding + 1D408; 0069; Additional folding + 1D409; 006A; Additional folding + 1D40A; 006B; Additional folding + 1D40B; 006C; Additional folding + 1D40C; 006D; Additional folding + 1D40D; 006E; Additional folding + + + +Hoffman & Blanchet Standards Track [Page 51] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1D40E; 006F; Additional folding + 1D40F; 0070; Additional folding + 1D410; 0071; Additional folding + 1D411; 0072; Additional folding + 1D412; 0073; Additional folding + 1D413; 0074; Additional folding + 1D414; 0075; Additional folding + 1D415; 0076; Additional folding + 1D416; 0077; Additional folding + 1D417; 0078; Additional folding + 1D418; 0079; Additional folding + 1D419; 007A; Additional folding + 1D434; 0061; Additional folding + 1D435; 0062; Additional folding + 1D436; 0063; Additional folding + 1D437; 0064; Additional folding + 1D438; 0065; Additional folding + 1D439; 0066; Additional folding + 1D43A; 0067; Additional folding + 1D43B; 0068; Additional folding + 1D43C; 0069; Additional folding + 1D43D; 006A; Additional folding + 1D43E; 006B; Additional folding + 1D43F; 006C; Additional folding + 1D440; 006D; Additional folding + 1D441; 006E; Additional folding + 1D442; 006F; Additional folding + 1D443; 0070; Additional folding + 1D444; 0071; Additional folding + 1D445; 0072; Additional folding + 1D446; 0073; Additional folding + 1D447; 0074; Additional folding + 1D448; 0075; Additional folding + 1D449; 0076; Additional folding + 1D44A; 0077; Additional folding + 1D44B; 0078; Additional folding + 1D44C; 0079; Additional folding + 1D44D; 007A; Additional folding + 1D468; 0061; Additional folding + 1D469; 0062; Additional folding + 1D46A; 0063; Additional folding + 1D46B; 0064; Additional folding + 1D46C; 0065; Additional folding + 1D46D; 0066; Additional folding + 1D46E; 0067; Additional folding + 1D46F; 0068; Additional folding + 1D470; 0069; Additional folding + 1D471; 006A; Additional folding + + + +Hoffman & Blanchet Standards Track [Page 52] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1D472; 006B; Additional folding + 1D473; 006C; Additional folding + 1D474; 006D; Additional folding + 1D475; 006E; Additional folding + 1D476; 006F; Additional folding + 1D477; 0070; Additional folding + 1D478; 0071; Additional folding + 1D479; 0072; Additional folding + 1D47A; 0073; Additional folding + 1D47B; 0074; Additional folding + 1D47C; 0075; Additional folding + 1D47D; 0076; Additional folding + 1D47E; 0077; Additional folding + 1D47F; 0078; Additional folding + 1D480; 0079; Additional folding + 1D481; 007A; Additional folding + 1D49C; 0061; Additional folding + 1D49E; 0063; Additional folding + 1D49F; 0064; Additional folding + 1D4A2; 0067; Additional folding + 1D4A5; 006A; Additional folding + 1D4A6; 006B; Additional folding + 1D4A9; 006E; Additional folding + 1D4AA; 006F; Additional folding + 1D4AB; 0070; Additional folding + 1D4AC; 0071; Additional folding + 1D4AE; 0073; Additional folding + 1D4AF; 0074; Additional folding + 1D4B0; 0075; Additional folding + 1D4B1; 0076; Additional folding + 1D4B2; 0077; Additional folding + 1D4B3; 0078; Additional folding + 1D4B4; 0079; Additional folding + 1D4B5; 007A; Additional folding + 1D4D0; 0061; Additional folding + 1D4D1; 0062; Additional folding + 1D4D2; 0063; Additional folding + 1D4D3; 0064; Additional folding + 1D4D4; 0065; Additional folding + 1D4D5; 0066; Additional folding + 1D4D6; 0067; Additional folding + 1D4D7; 0068; Additional folding + 1D4D8; 0069; Additional folding + 1D4D9; 006A; Additional folding + 1D4DA; 006B; Additional folding + 1D4DB; 006C; Additional folding + 1D4DC; 006D; Additional folding + 1D4DD; 006E; Additional folding + + + +Hoffman & Blanchet Standards Track [Page 53] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1D4DE; 006F; Additional folding + 1D4DF; 0070; Additional folding + 1D4E0; 0071; Additional folding + 1D4E1; 0072; Additional folding + 1D4E2; 0073; Additional folding + 1D4E3; 0074; Additional folding + 1D4E4; 0075; Additional folding + 1D4E5; 0076; Additional folding + 1D4E6; 0077; Additional folding + 1D4E7; 0078; Additional folding + 1D4E8; 0079; Additional folding + 1D4E9; 007A; Additional folding + 1D504; 0061; Additional folding + 1D505; 0062; Additional folding + 1D507; 0064; Additional folding + 1D508; 0065; Additional folding + 1D509; 0066; Additional folding + 1D50A; 0067; Additional folding + 1D50D; 006A; Additional folding + 1D50E; 006B; Additional folding + 1D50F; 006C; Additional folding + 1D510; 006D; Additional folding + 1D511; 006E; Additional folding + 1D512; 006F; Additional folding + 1D513; 0070; Additional folding + 1D514; 0071; Additional folding + 1D516; 0073; Additional folding + 1D517; 0074; Additional folding + 1D518; 0075; Additional folding + 1D519; 0076; Additional folding + 1D51A; 0077; Additional folding + 1D51B; 0078; Additional folding + 1D51C; 0079; Additional folding + 1D538; 0061; Additional folding + 1D539; 0062; Additional folding + 1D53B; 0064; Additional folding + 1D53C; 0065; Additional folding + 1D53D; 0066; Additional folding + 1D53E; 0067; Additional folding + 1D540; 0069; Additional folding + 1D541; 006A; Additional folding + 1D542; 006B; Additional folding + 1D543; 006C; Additional folding + 1D544; 006D; Additional folding + 1D546; 006F; Additional folding + 1D54A; 0073; Additional folding + 1D54B; 0074; Additional folding + 1D54C; 0075; Additional folding + + + +Hoffman & Blanchet Standards Track [Page 54] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1D54D; 0076; Additional folding + 1D54E; 0077; Additional folding + 1D54F; 0078; Additional folding + 1D550; 0079; Additional folding + 1D56C; 0061; Additional folding + 1D56D; 0062; Additional folding + 1D56E; 0063; Additional folding + 1D56F; 0064; Additional folding + 1D570; 0065; Additional folding + 1D571; 0066; Additional folding + 1D572; 0067; Additional folding + 1D573; 0068; Additional folding + 1D574; 0069; Additional folding + 1D575; 006A; Additional folding + 1D576; 006B; Additional folding + 1D577; 006C; Additional folding + 1D578; 006D; Additional folding + 1D579; 006E; Additional folding + 1D57A; 006F; Additional folding + 1D57B; 0070; Additional folding + 1D57C; 0071; Additional folding + 1D57D; 0072; Additional folding + 1D57E; 0073; Additional folding + 1D57F; 0074; Additional folding + 1D580; 0075; Additional folding + 1D581; 0076; Additional folding + 1D582; 0077; Additional folding + 1D583; 0078; Additional folding + 1D584; 0079; Additional folding + 1D585; 007A; Additional folding + 1D5A0; 0061; Additional folding + 1D5A1; 0062; Additional folding + 1D5A2; 0063; Additional folding + 1D5A3; 0064; Additional folding + 1D5A4; 0065; Additional folding + 1D5A5; 0066; Additional folding + 1D5A6; 0067; Additional folding + 1D5A7; 0068; Additional folding + 1D5A8; 0069; Additional folding + 1D5A9; 006A; Additional folding + 1D5AA; 006B; Additional folding + 1D5AB; 006C; Additional folding + 1D5AC; 006D; Additional folding + 1D5AD; 006E; Additional folding + 1D5AE; 006F; Additional folding + 1D5AF; 0070; Additional folding + 1D5B0; 0071; Additional folding + 1D5B1; 0072; Additional folding + + + +Hoffman & Blanchet Standards Track [Page 55] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1D5B2; 0073; Additional folding + 1D5B3; 0074; Additional folding + 1D5B4; 0075; Additional folding + 1D5B5; 0076; Additional folding + 1D5B6; 0077; Additional folding + 1D5B7; 0078; Additional folding + 1D5B8; 0079; Additional folding + 1D5B9; 007A; Additional folding + 1D5D4; 0061; Additional folding + 1D5D5; 0062; Additional folding + 1D5D6; 0063; Additional folding + 1D5D7; 0064; Additional folding + 1D5D8; 0065; Additional folding + 1D5D9; 0066; Additional folding + 1D5DA; 0067; Additional folding + 1D5DB; 0068; Additional folding + 1D5DC; 0069; Additional folding + 1D5DD; 006A; Additional folding + 1D5DE; 006B; Additional folding + 1D5DF; 006C; Additional folding + 1D5E0; 006D; Additional folding + 1D5E1; 006E; Additional folding + 1D5E2; 006F; Additional folding + 1D5E3; 0070; Additional folding + 1D5E4; 0071; Additional folding + 1D5E5; 0072; Additional folding + 1D5E6; 0073; Additional folding + 1D5E7; 0074; Additional folding + 1D5E8; 0075; Additional folding + 1D5E9; 0076; Additional folding + 1D5EA; 0077; Additional folding + 1D5EB; 0078; Additional folding + 1D5EC; 0079; Additional folding + 1D5ED; 007A; Additional folding + 1D608; 0061; Additional folding + 1D609; 0062; Additional folding + 1D60A; 0063; Additional folding + 1D60B; 0064; Additional folding + 1D60C; 0065; Additional folding + 1D60D; 0066; Additional folding + 1D60E; 0067; Additional folding + 1D60F; 0068; Additional folding + 1D610; 0069; Additional folding + 1D611; 006A; Additional folding + 1D612; 006B; Additional folding + 1D613; 006C; Additional folding + 1D614; 006D; Additional folding + 1D615; 006E; Additional folding + + + +Hoffman & Blanchet Standards Track [Page 56] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1D616; 006F; Additional folding + 1D617; 0070; Additional folding + 1D618; 0071; Additional folding + 1D619; 0072; Additional folding + 1D61A; 0073; Additional folding + 1D61B; 0074; Additional folding + 1D61C; 0075; Additional folding + 1D61D; 0076; Additional folding + 1D61E; 0077; Additional folding + 1D61F; 0078; Additional folding + 1D620; 0079; Additional folding + 1D621; 007A; Additional folding + 1D63C; 0061; Additional folding + 1D63D; 0062; Additional folding + 1D63E; 0063; Additional folding + 1D63F; 0064; Additional folding + 1D640; 0065; Additional folding + 1D641; 0066; Additional folding + 1D642; 0067; Additional folding + 1D643; 0068; Additional folding + 1D644; 0069; Additional folding + 1D645; 006A; Additional folding + 1D646; 006B; Additional folding + 1D647; 006C; Additional folding + 1D648; 006D; Additional folding + 1D649; 006E; Additional folding + 1D64A; 006F; Additional folding + 1D64B; 0070; Additional folding + 1D64C; 0071; Additional folding + 1D64D; 0072; Additional folding + 1D64E; 0073; Additional folding + 1D64F; 0074; Additional folding + 1D650; 0075; Additional folding + 1D651; 0076; Additional folding + 1D652; 0077; Additional folding + 1D653; 0078; Additional folding + 1D654; 0079; Additional folding + 1D655; 007A; Additional folding + 1D670; 0061; Additional folding + 1D671; 0062; Additional folding + 1D672; 0063; Additional folding + 1D673; 0064; Additional folding + 1D674; 0065; Additional folding + 1D675; 0066; Additional folding + 1D676; 0067; Additional folding + 1D677; 0068; Additional folding + 1D678; 0069; Additional folding + 1D679; 006A; Additional folding + + + +Hoffman & Blanchet Standards Track [Page 57] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1D67A; 006B; Additional folding + 1D67B; 006C; Additional folding + 1D67C; 006D; Additional folding + 1D67D; 006E; Additional folding + 1D67E; 006F; Additional folding + 1D67F; 0070; Additional folding + 1D680; 0071; Additional folding + 1D681; 0072; Additional folding + 1D682; 0073; Additional folding + 1D683; 0074; Additional folding + 1D684; 0075; Additional folding + 1D685; 0076; Additional folding + 1D686; 0077; Additional folding + 1D687; 0078; Additional folding + 1D688; 0079; Additional folding + 1D689; 007A; Additional folding + 1D6A8; 03B1; Additional folding + 1D6A9; 03B2; Additional folding + 1D6AA; 03B3; Additional folding + 1D6AB; 03B4; Additional folding + 1D6AC; 03B5; Additional folding + 1D6AD; 03B6; Additional folding + 1D6AE; 03B7; Additional folding + 1D6AF; 03B8; Additional folding + 1D6B0; 03B9; Additional folding + 1D6B1; 03BA; Additional folding + 1D6B2; 03BB; Additional folding + 1D6B3; 03BC; Additional folding + 1D6B4; 03BD; Additional folding + 1D6B5; 03BE; Additional folding + 1D6B6; 03BF; Additional folding + 1D6B7; 03C0; Additional folding + 1D6B8; 03C1; Additional folding + 1D6B9; 03B8; Additional folding + 1D6BA; 03C3; Additional folding + 1D6BB; 03C4; Additional folding + 1D6BC; 03C5; Additional folding + 1D6BD; 03C6; Additional folding + 1D6BE; 03C7; Additional folding + 1D6BF; 03C8; Additional folding + 1D6C0; 03C9; Additional folding + 1D6D3; 03C3; Additional folding + 1D6E2; 03B1; Additional folding + 1D6E3; 03B2; Additional folding + 1D6E4; 03B3; Additional folding + 1D6E5; 03B4; Additional folding + 1D6E6; 03B5; Additional folding + 1D6E7; 03B6; Additional folding + + + +Hoffman & Blanchet Standards Track [Page 58] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1D6E8; 03B7; Additional folding + 1D6E9; 03B8; Additional folding + 1D6EA; 03B9; Additional folding + 1D6EB; 03BA; Additional folding + 1D6EC; 03BB; Additional folding + 1D6ED; 03BC; Additional folding + 1D6EE; 03BD; Additional folding + 1D6EF; 03BE; Additional folding + 1D6F0; 03BF; Additional folding + 1D6F1; 03C0; Additional folding + 1D6F2; 03C1; Additional folding + 1D6F3; 03B8; Additional folding + 1D6F4; 03C3; Additional folding + 1D6F5; 03C4; Additional folding + 1D6F6; 03C5; Additional folding + 1D6F7; 03C6; Additional folding + 1D6F8; 03C7; Additional folding + 1D6F9; 03C8; Additional folding + 1D6FA; 03C9; Additional folding + 1D70D; 03C3; Additional folding + 1D71C; 03B1; Additional folding + 1D71D; 03B2; Additional folding + 1D71E; 03B3; Additional folding + 1D71F; 03B4; Additional folding + 1D720; 03B5; Additional folding + 1D721; 03B6; Additional folding + 1D722; 03B7; Additional folding + 1D723; 03B8; Additional folding + 1D724; 03B9; Additional folding + 1D725; 03BA; Additional folding + 1D726; 03BB; Additional folding + 1D727; 03BC; Additional folding + 1D728; 03BD; Additional folding + 1D729; 03BE; Additional folding + 1D72A; 03BF; Additional folding + 1D72B; 03C0; Additional folding + 1D72C; 03C1; Additional folding + 1D72D; 03B8; Additional folding + 1D72E; 03C3; Additional folding + 1D72F; 03C4; Additional folding + 1D730; 03C5; Additional folding + 1D731; 03C6; Additional folding + 1D732; 03C7; Additional folding + 1D733; 03C8; Additional folding + 1D734; 03C9; Additional folding + 1D747; 03C3; Additional folding + 1D756; 03B1; Additional folding + 1D757; 03B2; Additional folding + + + +Hoffman & Blanchet Standards Track [Page 59] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1D758; 03B3; Additional folding + 1D759; 03B4; Additional folding + 1D75A; 03B5; Additional folding + 1D75B; 03B6; Additional folding + 1D75C; 03B7; Additional folding + 1D75D; 03B8; Additional folding + 1D75E; 03B9; Additional folding + 1D75F; 03BA; Additional folding + 1D760; 03BB; Additional folding + 1D761; 03BC; Additional folding + 1D762; 03BD; Additional folding + 1D763; 03BE; Additional folding + 1D764; 03BF; Additional folding + 1D765; 03C0; Additional folding + 1D766; 03C1; Additional folding + 1D767; 03B8; Additional folding + 1D768; 03C3; Additional folding + 1D769; 03C4; Additional folding + 1D76A; 03C5; Additional folding + 1D76B; 03C6; Additional folding + 1D76C; 03C7; Additional folding + 1D76D; 03C8; Additional folding + 1D76E; 03C9; Additional folding + 1D781; 03C3; Additional folding + 1D790; 03B1; Additional folding + 1D791; 03B2; Additional folding + 1D792; 03B3; Additional folding + 1D793; 03B4; Additional folding + 1D794; 03B5; Additional folding + 1D795; 03B6; Additional folding + 1D796; 03B7; Additional folding + 1D797; 03B8; Additional folding + 1D798; 03B9; Additional folding + 1D799; 03BA; Additional folding + 1D79A; 03BB; Additional folding + 1D79B; 03BC; Additional folding + 1D79C; 03BD; Additional folding + 1D79D; 03BE; Additional folding + 1D79E; 03BF; Additional folding + 1D79F; 03C0; Additional folding + 1D7A0; 03C1; Additional folding + 1D7A1; 03B8; Additional folding + 1D7A2; 03C3; Additional folding + 1D7A3; 03C4; Additional folding + 1D7A4; 03C5; Additional folding + 1D7A5; 03C6; Additional folding + 1D7A6; 03C7; Additional folding + 1D7A7; 03C8; Additional folding + + + +Hoffman & Blanchet Standards Track [Page 60] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1D7A8; 03C9; Additional folding + 1D7BB; 03C3; Additional folding + ----- End Table B.2 ----- + +B.3 Mapping for case-folding used with no normalization + + ----- Start Table B.3 ----- + 0041; 0061; Case map + 0042; 0062; Case map + 0043; 0063; Case map + 0044; 0064; Case map + 0045; 0065; Case map + 0046; 0066; Case map + 0047; 0067; Case map + 0048; 0068; Case map + 0049; 0069; Case map + 004A; 006A; Case map + 004B; 006B; Case map + 004C; 006C; Case map + 004D; 006D; Case map + 004E; 006E; Case map + 004F; 006F; Case map + 0050; 0070; Case map + 0051; 0071; Case map + 0052; 0072; Case map + 0053; 0073; Case map + 0054; 0074; Case map + 0055; 0075; Case map + 0056; 0076; Case map + 0057; 0077; Case map + 0058; 0078; Case map + 0059; 0079; Case map + 005A; 007A; Case map + 00B5; 03BC; Case map + 00C0; 00E0; Case map + 00C1; 00E1; Case map + 00C2; 00E2; Case map + 00C3; 00E3; Case map + 00C4; 00E4; Case map + 00C5; 00E5; Case map + 00C6; 00E6; Case map + 00C7; 00E7; Case map + 00C8; 00E8; Case map + 00C9; 00E9; Case map + 00CA; 00EA; Case map + 00CB; 00EB; Case map + 00CC; 00EC; Case map + 00CD; 00ED; Case map + + + +Hoffman & Blanchet Standards Track [Page 61] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 00CE; 00EE; Case map + 00CF; 00EF; Case map + 00D0; 00F0; Case map + 00D1; 00F1; Case map + 00D2; 00F2; Case map + 00D3; 00F3; Case map + 00D4; 00F4; Case map + 00D5; 00F5; Case map + 00D6; 00F6; Case map + 00D8; 00F8; Case map + 00D9; 00F9; Case map + 00DA; 00FA; Case map + 00DB; 00FB; Case map + 00DC; 00FC; Case map + 00DD; 00FD; Case map + 00DE; 00FE; Case map + 00DF; 0073 0073; Case map + 0100; 0101; Case map + 0102; 0103; Case map + 0104; 0105; Case map + 0106; 0107; Case map + 0108; 0109; Case map + 010A; 010B; Case map + 010C; 010D; Case map + 010E; 010F; Case map + 0110; 0111; Case map + 0112; 0113; Case map + 0114; 0115; Case map + 0116; 0117; Case map + 0118; 0119; Case map + 011A; 011B; Case map + 011C; 011D; Case map + 011E; 011F; Case map + 0120; 0121; Case map + 0122; 0123; Case map + 0124; 0125; Case map + 0126; 0127; Case map + 0128; 0129; Case map + 012A; 012B; Case map + 012C; 012D; Case map + 012E; 012F; Case map + 0130; 0069 0307; Case map + 0132; 0133; Case map + 0134; 0135; Case map + 0136; 0137; Case map + 0139; 013A; Case map + 013B; 013C; Case map + 013D; 013E; Case map + + + +Hoffman & Blanchet Standards Track [Page 62] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 013F; 0140; Case map + 0141; 0142; Case map + 0143; 0144; Case map + 0145; 0146; Case map + 0147; 0148; Case map + 0149; 02BC 006E; Case map + 014A; 014B; Case map + 014C; 014D; Case map + 014E; 014F; Case map + 0150; 0151; Case map + 0152; 0153; Case map + 0154; 0155; Case map + 0156; 0157; Case map + 0158; 0159; Case map + 015A; 015B; Case map + 015C; 015D; Case map + 015E; 015F; Case map + 0160; 0161; Case map + 0162; 0163; Case map + 0164; 0165; Case map + 0166; 0167; Case map + 0168; 0169; Case map + 016A; 016B; Case map + 016C; 016D; Case map + 016E; 016F; Case map + 0170; 0171; Case map + 0172; 0173; Case map + 0174; 0175; Case map + 0176; 0177; Case map + 0178; 00FF; Case map + 0179; 017A; Case map + 017B; 017C; Case map + 017D; 017E; Case map + 017F; 0073; Case map + 0181; 0253; Case map + 0182; 0183; Case map + 0184; 0185; Case map + 0186; 0254; Case map + 0187; 0188; Case map + 0189; 0256; Case map + 018A; 0257; Case map + 018B; 018C; Case map + 018E; 01DD; Case map + 018F; 0259; Case map + 0190; 025B; Case map + 0191; 0192; Case map + 0193; 0260; Case map + 0194; 0263; Case map + + + +Hoffman & Blanchet Standards Track [Page 63] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 0196; 0269; Case map + 0197; 0268; Case map + 0198; 0199; Case map + 019C; 026F; Case map + 019D; 0272; Case map + 019F; 0275; Case map + 01A0; 01A1; Case map + 01A2; 01A3; Case map + 01A4; 01A5; Case map + 01A6; 0280; Case map + 01A7; 01A8; Case map + 01A9; 0283; Case map + 01AC; 01AD; Case map + 01AE; 0288; Case map + 01AF; 01B0; Case map + 01B1; 028A; Case map + 01B2; 028B; Case map + 01B3; 01B4; Case map + 01B5; 01B6; Case map + 01B7; 0292; Case map + 01B8; 01B9; Case map + 01BC; 01BD; Case map + 01C4; 01C6; Case map + 01C5; 01C6; Case map + 01C7; 01C9; Case map + 01C8; 01C9; Case map + 01CA; 01CC; Case map + 01CB; 01CC; Case map + 01CD; 01CE; Case map + 01CF; 01D0; Case map + 01D1; 01D2; Case map + 01D3; 01D4; Case map + 01D5; 01D6; Case map + 01D7; 01D8; Case map + 01D9; 01DA; Case map + 01DB; 01DC; Case map + 01DE; 01DF; Case map + 01E0; 01E1; Case map + 01E2; 01E3; Case map + 01E4; 01E5; Case map + 01E6; 01E7; Case map + 01E8; 01E9; Case map + 01EA; 01EB; Case map + 01EC; 01ED; Case map + 01EE; 01EF; Case map + 01F0; 006A 030C; Case map + 01F1; 01F3; Case map + 01F2; 01F3; Case map + + + +Hoffman & Blanchet Standards Track [Page 64] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 01F4; 01F5; Case map + 01F6; 0195; Case map + 01F7; 01BF; Case map + 01F8; 01F9; Case map + 01FA; 01FB; Case map + 01FC; 01FD; Case map + 01FE; 01FF; Case map + 0200; 0201; Case map + 0202; 0203; Case map + 0204; 0205; Case map + 0206; 0207; Case map + 0208; 0209; Case map + 020A; 020B; Case map + 020C; 020D; Case map + 020E; 020F; Case map + 0210; 0211; Case map + 0212; 0213; Case map + 0214; 0215; Case map + 0216; 0217; Case map + 0218; 0219; Case map + 021A; 021B; Case map + 021C; 021D; Case map + 021E; 021F; Case map + 0220; 019E; Case map + 0222; 0223; Case map + 0224; 0225; Case map + 0226; 0227; Case map + 0228; 0229; Case map + 022A; 022B; Case map + 022C; 022D; Case map + 022E; 022F; Case map + 0230; 0231; Case map + 0232; 0233; Case map + 0345; 03B9; Case map + 0386; 03AC; Case map + 0388; 03AD; Case map + 0389; 03AE; Case map + 038A; 03AF; Case map + 038C; 03CC; Case map + 038E; 03CD; Case map + 038F; 03CE; Case map + 0390; 03B9 0308 0301; Case map + 0391; 03B1; Case map + 0392; 03B2; Case map + 0393; 03B3; Case map + 0394; 03B4; Case map + 0395; 03B5; Case map + 0396; 03B6; Case map + + + +Hoffman & Blanchet Standards Track [Page 65] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 0397; 03B7; Case map + 0398; 03B8; Case map + 0399; 03B9; Case map + 039A; 03BA; Case map + 039B; 03BB; Case map + 039C; 03BC; Case map + 039D; 03BD; Case map + 039E; 03BE; Case map + 039F; 03BF; Case map + 03A0; 03C0; Case map + 03A1; 03C1; Case map + 03A3; 03C3; Case map + 03A4; 03C4; Case map + 03A5; 03C5; Case map + 03A6; 03C6; Case map + 03A7; 03C7; Case map + 03A8; 03C8; Case map + 03A9; 03C9; Case map + 03AA; 03CA; Case map + 03AB; 03CB; Case map + 03B0; 03C5 0308 0301; Case map + 03C2; 03C3; Case map + 03D0; 03B2; Case map + 03D1; 03B8; Case map + 03D5; 03C6; Case map + 03D6; 03C0; Case map + 03D8; 03D9; Case map + 03DA; 03DB; Case map + 03DC; 03DD; Case map + 03DE; 03DF; Case map + 03E0; 03E1; Case map + 03E2; 03E3; Case map + 03E4; 03E5; Case map + 03E6; 03E7; Case map + 03E8; 03E9; Case map + 03EA; 03EB; Case map + 03EC; 03ED; Case map + 03EE; 03EF; Case map + 03F0; 03BA; Case map + 03F1; 03C1; Case map + 03F2; 03C3; Case map + 03F4; 03B8; Case map + 03F5; 03B5; Case map + 0400; 0450; Case map + 0401; 0451; Case map + 0402; 0452; Case map + 0403; 0453; Case map + 0404; 0454; Case map + + + +Hoffman & Blanchet Standards Track [Page 66] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 0405; 0455; Case map + 0406; 0456; Case map + 0407; 0457; Case map + 0408; 0458; Case map + 0409; 0459; Case map + 040A; 045A; Case map + 040B; 045B; Case map + 040C; 045C; Case map + 040D; 045D; Case map + 040E; 045E; Case map + 040F; 045F; Case map + 0410; 0430; Case map + 0411; 0431; Case map + 0412; 0432; Case map + 0413; 0433; Case map + 0414; 0434; Case map + 0415; 0435; Case map + 0416; 0436; Case map + 0417; 0437; Case map + 0418; 0438; Case map + 0419; 0439; Case map + 041A; 043A; Case map + 041B; 043B; Case map + 041C; 043C; Case map + 041D; 043D; Case map + 041E; 043E; Case map + 041F; 043F; Case map + 0420; 0440; Case map + 0421; 0441; Case map + 0422; 0442; Case map + 0423; 0443; Case map + 0424; 0444; Case map + 0425; 0445; Case map + 0426; 0446; Case map + 0427; 0447; Case map + 0428; 0448; Case map + 0429; 0449; Case map + 042A; 044A; Case map + 042B; 044B; Case map + 042C; 044C; Case map + 042D; 044D; Case map + 042E; 044E; Case map + 042F; 044F; Case map + 0460; 0461; Case map + 0462; 0463; Case map + 0464; 0465; Case map + 0466; 0467; Case map + 0468; 0469; Case map + + + +Hoffman & Blanchet Standards Track [Page 67] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 046A; 046B; Case map + 046C; 046D; Case map + 046E; 046F; Case map + 0470; 0471; Case map + 0472; 0473; Case map + 0474; 0475; Case map + 0476; 0477; Case map + 0478; 0479; Case map + 047A; 047B; Case map + 047C; 047D; Case map + 047E; 047F; Case map + 0480; 0481; Case map + 048A; 048B; Case map + 048C; 048D; Case map + 048E; 048F; Case map + 0490; 0491; Case map + 0492; 0493; Case map + 0494; 0495; Case map + 0496; 0497; Case map + 0498; 0499; Case map + 049A; 049B; Case map + 049C; 049D; Case map + 049E; 049F; Case map + 04A0; 04A1; Case map + 04A2; 04A3; Case map + 04A4; 04A5; Case map + 04A6; 04A7; Case map + 04A8; 04A9; Case map + 04AA; 04AB; Case map + 04AC; 04AD; Case map + 04AE; 04AF; Case map + 04B0; 04B1; Case map + 04B2; 04B3; Case map + 04B4; 04B5; Case map + 04B6; 04B7; Case map + 04B8; 04B9; Case map + 04BA; 04BB; Case map + 04BC; 04BD; Case map + 04BE; 04BF; Case map + 04C1; 04C2; Case map + 04C3; 04C4; Case map + 04C5; 04C6; Case map + 04C7; 04C8; Case map + 04C9; 04CA; Case map + 04CB; 04CC; Case map + 04CD; 04CE; Case map + 04D0; 04D1; Case map + 04D2; 04D3; Case map + + + +Hoffman & Blanchet Standards Track [Page 68] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 04D4; 04D5; Case map + 04D6; 04D7; Case map + 04D8; 04D9; Case map + 04DA; 04DB; Case map + 04DC; 04DD; Case map + 04DE; 04DF; Case map + 04E0; 04E1; Case map + 04E2; 04E3; Case map + 04E4; 04E5; Case map + 04E6; 04E7; Case map + 04E8; 04E9; Case map + 04EA; 04EB; Case map + 04EC; 04ED; Case map + 04EE; 04EF; Case map + 04F0; 04F1; Case map + 04F2; 04F3; Case map + 04F4; 04F5; Case map + 04F8; 04F9; Case map + 0500; 0501; Case map + 0502; 0503; Case map + 0504; 0505; Case map + 0506; 0507; Case map + 0508; 0509; Case map + 050A; 050B; Case map + 050C; 050D; Case map + 050E; 050F; Case map + 0531; 0561; Case map + 0532; 0562; Case map + 0533; 0563; Case map + 0534; 0564; Case map + 0535; 0565; Case map + 0536; 0566; Case map + 0537; 0567; Case map + 0538; 0568; Case map + 0539; 0569; Case map + 053A; 056A; Case map + 053B; 056B; Case map + 053C; 056C; Case map + 053D; 056D; Case map + 053E; 056E; Case map + 053F; 056F; Case map + 0540; 0570; Case map + 0541; 0571; Case map + 0542; 0572; Case map + 0543; 0573; Case map + 0544; 0574; Case map + 0545; 0575; Case map + 0546; 0576; Case map + + + +Hoffman & Blanchet Standards Track [Page 69] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 0547; 0577; Case map + 0548; 0578; Case map + 0549; 0579; Case map + 054A; 057A; Case map + 054B; 057B; Case map + 054C; 057C; Case map + 054D; 057D; Case map + 054E; 057E; Case map + 054F; 057F; Case map + 0550; 0580; Case map + 0551; 0581; Case map + 0552; 0582; Case map + 0553; 0583; Case map + 0554; 0584; Case map + 0555; 0585; Case map + 0556; 0586; Case map + 0587; 0565 0582; Case map + 1E00; 1E01; Case map + 1E02; 1E03; Case map + 1E04; 1E05; Case map + 1E06; 1E07; Case map + 1E08; 1E09; Case map + 1E0A; 1E0B; Case map + 1E0C; 1E0D; Case map + 1E0E; 1E0F; Case map + 1E10; 1E11; Case map + 1E12; 1E13; Case map + 1E14; 1E15; Case map + 1E16; 1E17; Case map + 1E18; 1E19; Case map + 1E1A; 1E1B; Case map + 1E1C; 1E1D; Case map + 1E1E; 1E1F; Case map + 1E20; 1E21; Case map + 1E22; 1E23; Case map + 1E24; 1E25; Case map + 1E26; 1E27; Case map + 1E28; 1E29; Case map + 1E2A; 1E2B; Case map + 1E2C; 1E2D; Case map + 1E2E; 1E2F; Case map + 1E30; 1E31; Case map + 1E32; 1E33; Case map + 1E34; 1E35; Case map + 1E36; 1E37; Case map + 1E38; 1E39; Case map + 1E3A; 1E3B; Case map + 1E3C; 1E3D; Case map + + + +Hoffman & Blanchet Standards Track [Page 70] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1E3E; 1E3F; Case map + 1E40; 1E41; Case map + 1E42; 1E43; Case map + 1E44; 1E45; Case map + 1E46; 1E47; Case map + 1E48; 1E49; Case map + 1E4A; 1E4B; Case map + 1E4C; 1E4D; Case map + 1E4E; 1E4F; Case map + 1E50; 1E51; Case map + 1E52; 1E53; Case map + 1E54; 1E55; Case map + 1E56; 1E57; Case map + 1E58; 1E59; Case map + 1E5A; 1E5B; Case map + 1E5C; 1E5D; Case map + 1E5E; 1E5F; Case map + 1E60; 1E61; Case map + 1E62; 1E63; Case map + 1E64; 1E65; Case map + 1E66; 1E67; Case map + 1E68; 1E69; Case map + 1E6A; 1E6B; Case map + 1E6C; 1E6D; Case map + 1E6E; 1E6F; Case map + 1E70; 1E71; Case map + 1E72; 1E73; Case map + 1E74; 1E75; Case map + 1E76; 1E77; Case map + 1E78; 1E79; Case map + 1E7A; 1E7B; Case map + 1E7C; 1E7D; Case map + 1E7E; 1E7F; Case map + 1E80; 1E81; Case map + 1E82; 1E83; Case map + 1E84; 1E85; Case map + 1E86; 1E87; Case map + 1E88; 1E89; Case map + 1E8A; 1E8B; Case map + 1E8C; 1E8D; Case map + 1E8E; 1E8F; Case map + 1E90; 1E91; Case map + 1E92; 1E93; Case map + 1E94; 1E95; Case map + 1E96; 0068 0331; Case map + 1E97; 0074 0308; Case map + 1E98; 0077 030A; Case map + 1E99; 0079 030A; Case map + + + +Hoffman & Blanchet Standards Track [Page 71] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1E9A; 0061 02BE; Case map + 1E9B; 1E61; Case map + 1EA0; 1EA1; Case map + 1EA2; 1EA3; Case map + 1EA4; 1EA5; Case map + 1EA6; 1EA7; Case map + 1EA8; 1EA9; Case map + 1EAA; 1EAB; Case map + 1EAC; 1EAD; Case map + 1EAE; 1EAF; Case map + 1EB0; 1EB1; Case map + 1EB2; 1EB3; Case map + 1EB4; 1EB5; Case map + 1EB6; 1EB7; Case map + 1EB8; 1EB9; Case map + 1EBA; 1EBB; Case map + 1EBC; 1EBD; Case map + 1EBE; 1EBF; Case map + 1EC0; 1EC1; Case map + 1EC2; 1EC3; Case map + 1EC4; 1EC5; Case map + 1EC6; 1EC7; Case map + 1EC8; 1EC9; Case map + 1ECA; 1ECB; Case map + 1ECC; 1ECD; Case map + 1ECE; 1ECF; Case map + 1ED0; 1ED1; Case map + 1ED2; 1ED3; Case map + 1ED4; 1ED5; Case map + 1ED6; 1ED7; Case map + 1ED8; 1ED9; Case map + 1EDA; 1EDB; Case map + 1EDC; 1EDD; Case map + 1EDE; 1EDF; Case map + 1EE0; 1EE1; Case map + 1EE2; 1EE3; Case map + 1EE4; 1EE5; Case map + 1EE6; 1EE7; Case map + 1EE8; 1EE9; Case map + 1EEA; 1EEB; Case map + 1EEC; 1EED; Case map + 1EEE; 1EEF; Case map + 1EF0; 1EF1; Case map + 1EF2; 1EF3; Case map + 1EF4; 1EF5; Case map + 1EF6; 1EF7; Case map + 1EF8; 1EF9; Case map + 1F08; 1F00; Case map + + + +Hoffman & Blanchet Standards Track [Page 72] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1F09; 1F01; Case map + 1F0A; 1F02; Case map + 1F0B; 1F03; Case map + 1F0C; 1F04; Case map + 1F0D; 1F05; Case map + 1F0E; 1F06; Case map + 1F0F; 1F07; Case map + 1F18; 1F10; Case map + 1F19; 1F11; Case map + 1F1A; 1F12; Case map + 1F1B; 1F13; Case map + 1F1C; 1F14; Case map + 1F1D; 1F15; Case map + 1F28; 1F20; Case map + 1F29; 1F21; Case map + 1F2A; 1F22; Case map + 1F2B; 1F23; Case map + 1F2C; 1F24; Case map + 1F2D; 1F25; Case map + 1F2E; 1F26; Case map + 1F2F; 1F27; Case map + 1F38; 1F30; Case map + 1F39; 1F31; Case map + 1F3A; 1F32; Case map + 1F3B; 1F33; Case map + 1F3C; 1F34; Case map + 1F3D; 1F35; Case map + 1F3E; 1F36; Case map + 1F3F; 1F37; Case map + 1F48; 1F40; Case map + 1F49; 1F41; Case map + 1F4A; 1F42; Case map + 1F4B; 1F43; Case map + 1F4C; 1F44; Case map + 1F4D; 1F45; Case map + 1F50; 03C5 0313; Case map + 1F52; 03C5 0313 0300; Case map + 1F54; 03C5 0313 0301; Case map + 1F56; 03C5 0313 0342; Case map + 1F59; 1F51; Case map + 1F5B; 1F53; Case map + 1F5D; 1F55; Case map + 1F5F; 1F57; Case map + 1F68; 1F60; Case map + 1F69; 1F61; Case map + 1F6A; 1F62; Case map + 1F6B; 1F63; Case map + 1F6C; 1F64; Case map + + + +Hoffman & Blanchet Standards Track [Page 73] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1F6D; 1F65; Case map + 1F6E; 1F66; Case map + 1F6F; 1F67; Case map + 1F80; 1F00 03B9; Case map + 1F81; 1F01 03B9; Case map + 1F82; 1F02 03B9; Case map + 1F83; 1F03 03B9; Case map + 1F84; 1F04 03B9; Case map + 1F85; 1F05 03B9; Case map + 1F86; 1F06 03B9; Case map + 1F87; 1F07 03B9; Case map + 1F88; 1F00 03B9; Case map + 1F89; 1F01 03B9; Case map + 1F8A; 1F02 03B9; Case map + 1F8B; 1F03 03B9; Case map + 1F8C; 1F04 03B9; Case map + 1F8D; 1F05 03B9; Case map + 1F8E; 1F06 03B9; Case map + 1F8F; 1F07 03B9; Case map + 1F90; 1F20 03B9; Case map + 1F91; 1F21 03B9; Case map + 1F92; 1F22 03B9; Case map + 1F93; 1F23 03B9; Case map + 1F94; 1F24 03B9; Case map + 1F95; 1F25 03B9; Case map + 1F96; 1F26 03B9; Case map + 1F97; 1F27 03B9; Case map + 1F98; 1F20 03B9; Case map + 1F99; 1F21 03B9; Case map + 1F9A; 1F22 03B9; Case map + 1F9B; 1F23 03B9; Case map + 1F9C; 1F24 03B9; Case map + 1F9D; 1F25 03B9; Case map + 1F9E; 1F26 03B9; Case map + 1F9F; 1F27 03B9; Case map + 1FA0; 1F60 03B9; Case map + 1FA1; 1F61 03B9; Case map + 1FA2; 1F62 03B9; Case map + 1FA3; 1F63 03B9; Case map + 1FA4; 1F64 03B9; Case map + 1FA5; 1F65 03B9; Case map + 1FA6; 1F66 03B9; Case map + 1FA7; 1F67 03B9; Case map + 1FA8; 1F60 03B9; Case map + 1FA9; 1F61 03B9; Case map + 1FAA; 1F62 03B9; Case map + 1FAB; 1F63 03B9; Case map + 1FAC; 1F64 03B9; Case map + + + +Hoffman & Blanchet Standards Track [Page 74] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1FAD; 1F65 03B9; Case map + 1FAE; 1F66 03B9; Case map + 1FAF; 1F67 03B9; Case map + 1FB2; 1F70 03B9; Case map + 1FB3; 03B1 03B9; Case map + 1FB4; 03AC 03B9; Case map + 1FB6; 03B1 0342; Case map + 1FB7; 03B1 0342 03B9; Case map + 1FB8; 1FB0; Case map + 1FB9; 1FB1; Case map + 1FBA; 1F70; Case map + 1FBB; 1F71; Case map + 1FBC; 03B1 03B9; Case map + 1FBE; 03B9; Case map + 1FC2; 1F74 03B9; Case map + 1FC3; 03B7 03B9; Case map + 1FC4; 03AE 03B9; Case map + 1FC6; 03B7 0342; Case map + 1FC7; 03B7 0342 03B9; Case map + 1FC8; 1F72; Case map + 1FC9; 1F73; Case map + 1FCA; 1F74; Case map + 1FCB; 1F75; Case map + 1FCC; 03B7 03B9; Case map + 1FD2; 03B9 0308 0300; Case map + 1FD3; 03B9 0308 0301; Case map + 1FD6; 03B9 0342; Case map + 1FD7; 03B9 0308 0342; Case map + 1FD8; 1FD0; Case map + 1FD9; 1FD1; Case map + 1FDA; 1F76; Case map + 1FDB; 1F77; Case map + 1FE2; 03C5 0308 0300; Case map + 1FE3; 03C5 0308 0301; Case map + 1FE4; 03C1 0313; Case map + 1FE6; 03C5 0342; Case map + 1FE7; 03C5 0308 0342; Case map + 1FE8; 1FE0; Case map + 1FE9; 1FE1; Case map + 1FEA; 1F7A; Case map + 1FEB; 1F7B; Case map + 1FEC; 1FE5; Case map + 1FF2; 1F7C 03B9; Case map + 1FF3; 03C9 03B9; Case map + 1FF4; 03CE 03B9; Case map + 1FF6; 03C9 0342; Case map + 1FF7; 03C9 0342 03B9; Case map + 1FF8; 1F78; Case map + + + +Hoffman & Blanchet Standards Track [Page 75] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1FF9; 1F79; Case map + 1FFA; 1F7C; Case map + 1FFB; 1F7D; Case map + 1FFC; 03C9 03B9; Case map + 2126; 03C9; Case map + 212A; 006B; Case map + 212B; 00E5; Case map + 2160; 2170; Case map + 2161; 2171; Case map + 2162; 2172; Case map + 2163; 2173; Case map + 2164; 2174; Case map + 2165; 2175; Case map + 2166; 2176; Case map + 2167; 2177; Case map + 2168; 2178; Case map + 2169; 2179; Case map + 216A; 217A; Case map + 216B; 217B; Case map + 216C; 217C; Case map + 216D; 217D; Case map + 216E; 217E; Case map + 216F; 217F; Case map + 24B6; 24D0; Case map + 24B7; 24D1; Case map + 24B8; 24D2; Case map + 24B9; 24D3; Case map + 24BA; 24D4; Case map + 24BB; 24D5; Case map + 24BC; 24D6; Case map + 24BD; 24D7; Case map + 24BE; 24D8; Case map + 24BF; 24D9; Case map + 24C0; 24DA; Case map + 24C1; 24DB; Case map + 24C2; 24DC; Case map + 24C3; 24DD; Case map + 24C4; 24DE; Case map + 24C5; 24DF; Case map + 24C6; 24E0; Case map + 24C7; 24E1; Case map + 24C8; 24E2; Case map + 24C9; 24E3; Case map + 24CA; 24E4; Case map + 24CB; 24E5; Case map + 24CC; 24E6; Case map + 24CD; 24E7; Case map + 24CE; 24E8; Case map + + + +Hoffman & Blanchet Standards Track [Page 76] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 24CF; 24E9; Case map + FB00; 0066 0066; Case map + FB01; 0066 0069; Case map + FB02; 0066 006C; Case map + FB03; 0066 0066 0069; Case map + FB04; 0066 0066 006C; Case map + FB05; 0073 0074; Case map + FB06; 0073 0074; Case map + FB13; 0574 0576; Case map + FB14; 0574 0565; Case map + FB15; 0574 056B; Case map + FB16; 057E 0576; Case map + FB17; 0574 056D; Case map + FF21; FF41; Case map + FF22; FF42; Case map + FF23; FF43; Case map + FF24; FF44; Case map + FF25; FF45; Case map + FF26; FF46; Case map + FF27; FF47; Case map + FF28; FF48; Case map + FF29; FF49; Case map + FF2A; FF4A; Case map + FF2B; FF4B; Case map + FF2C; FF4C; Case map + FF2D; FF4D; Case map + FF2E; FF4E; Case map + FF2F; FF4F; Case map + FF30; FF50; Case map + FF31; FF51; Case map + FF32; FF52; Case map + FF33; FF53; Case map + FF34; FF54; Case map + FF35; FF55; Case map + FF36; FF56; Case map + FF37; FF57; Case map + FF38; FF58; Case map + FF39; FF59; Case map + FF3A; FF5A; Case map + 10400; 10428; Case map + 10401; 10429; Case map + 10402; 1042A; Case map + 10403; 1042B; Case map + 10404; 1042C; Case map + 10405; 1042D; Case map + 10406; 1042E; Case map + 10407; 1042F; Case map + 10408; 10430; Case map + + + +Hoffman & Blanchet Standards Track [Page 77] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 10409; 10431; Case map + 1040A; 10432; Case map + 1040B; 10433; Case map + 1040C; 10434; Case map + 1040D; 10435; Case map + 1040E; 10436; Case map + 1040F; 10437; Case map + 10410; 10438; Case map + 10411; 10439; Case map + 10412; 1043A; Case map + 10413; 1043B; Case map + 10414; 1043C; Case map + 10415; 1043D; Case map + 10416; 1043E; Case map + 10417; 1043F; Case map + 10418; 10440; Case map + 10419; 10441; Case map + 1041A; 10442; Case map + 1041B; 10443; Case map + 1041C; 10444; Case map + 1041D; 10445; Case map + 1041E; 10446; Case map + 1041F; 10447; Case map + 10420; 10448; Case map + 10421; 10449; Case map + 10422; 1044A; Case map + 10423; 1044B; Case map + 10424; 1044C; Case map + 10425; 1044D; Case map + ----- End Table B.3 ----- + +C. Prohibition tables + + The tables in this appendix consist of lines with one prohibited code + point per line. The format of the lines are the value of the code + point, a semicolon, and a comment which is the name of the code + point. + +C.1 Space characters + +C.1.1 ASCII space characters + + ----- Start Table C.1.1 ----- + 0020; SPACE + ----- End Table C.1.1 ----- + + + + + + +Hoffman & Blanchet Standards Track [Page 78] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + +C.1.2 Non-ASCII space characters + ----- Start Table C.1.2 ----- + 00A0; NO-BREAK SPACE + 1680; OGHAM SPACE MARK + 2000; EN QUAD + 2001; EM QUAD + 2002; EN SPACE + 2003; EM SPACE + 2004; THREE-PER-EM SPACE + 2005; FOUR-PER-EM SPACE + 2006; SIX-PER-EM SPACE + 2007; FIGURE SPACE + 2008; PUNCTUATION SPACE + 2009; THIN SPACE + 200A; HAIR SPACE + 200B; ZERO WIDTH SPACE + 202F; NARROW NO-BREAK SPACE + 205F; MEDIUM MATHEMATICAL SPACE + 3000; IDEOGRAPHIC SPACE + ----- End Table C.1.2 ----- + +C.2 Control characters + +C.2.1 ASCII control characters + + ----- Start Table C.2.1 ----- + 0000-001F; [CONTROL CHARACTERS] + 007F; DELETE + ----- End Table C.2.1 ----- + +C.2.2 Non-ASCII control characters + + ----- Start Table C.2.2 ----- + 0080-009F; [CONTROL CHARACTERS] + 06DD; ARABIC END OF AYAH + 070F; SYRIAC ABBREVIATION MARK + 180E; MONGOLIAN VOWEL SEPARATOR + 200C; ZERO WIDTH NON-JOINER + 200D; ZERO WIDTH JOINER + 2028; LINE SEPARATOR + 2029; PARAGRAPH SEPARATOR + 2060; WORD JOINER + 2061; FUNCTION APPLICATION + 2062; INVISIBLE TIMES + 2063; INVISIBLE SEPARATOR + 206A-206F; [CONTROL CHARACTERS] + FEFF; ZERO WIDTH NO-BREAK SPACE + FFF9-FFFC; [CONTROL CHARACTERS] + + + +Hoffman & Blanchet Standards Track [Page 79] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1D173-1D17A; [MUSICAL CONTROL CHARACTERS] + ----- End Table C.2.2 ----- + +C.3 Private use + + ----- Start Table C.3 ----- + E000-F8FF; [PRIVATE USE, PLANE 0] + F0000-FFFFD; [PRIVATE USE, PLANE 15] + 100000-10FFFD; [PRIVATE USE, PLANE 16] + ----- End Table C.3 ----- + +C.4 Non-character code points + + ----- Start Table C.4 ----- + FDD0-FDEF; [NONCHARACTER CODE POINTS] + FFFE-FFFF; [NONCHARACTER CODE POINTS] + 1FFFE-1FFFF; [NONCHARACTER CODE POINTS] + 2FFFE-2FFFF; [NONCHARACTER CODE POINTS] + 3FFFE-3FFFF; [NONCHARACTER CODE POINTS] + 4FFFE-4FFFF; [NONCHARACTER CODE POINTS] + 5FFFE-5FFFF; [NONCHARACTER CODE POINTS] + 6FFFE-6FFFF; [NONCHARACTER CODE POINTS] + 7FFFE-7FFFF; [NONCHARACTER CODE POINTS] + 8FFFE-8FFFF; [NONCHARACTER CODE POINTS] + 9FFFE-9FFFF; [NONCHARACTER CODE POINTS] + AFFFE-AFFFF; [NONCHARACTER CODE POINTS] + BFFFE-BFFFF; [NONCHARACTER CODE POINTS] + CFFFE-CFFFF; [NONCHARACTER CODE POINTS] + DFFFE-DFFFF; [NONCHARACTER CODE POINTS] + EFFFE-EFFFF; [NONCHARACTER CODE POINTS] + FFFFE-FFFFF; [NONCHARACTER CODE POINTS] + 10FFFE-10FFFF; [NONCHARACTER CODE POINTS] + ----- End Table C.4 ----- + +C.5 Surrogate codes + + ----- Start Table C.5 ----- + D800-DFFF; [SURROGATE CODES] + ----- End Table C.5 ----- + +C.6 Inappropriate for plain text + + ----- Start Table C.6 ----- + FFF9; INTERLINEAR ANNOTATION ANCHOR + FFFA; INTERLINEAR ANNOTATION SEPARATOR + FFFB; INTERLINEAR ANNOTATION TERMINATOR + FFFC; OBJECT REPLACEMENT CHARACTER + FFFD; REPLACEMENT CHARACTER + + + +Hoffman & Blanchet Standards Track [Page 80] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + ----- End Table C.6 ----- + +C.7 Inappropriate for canonical representation + + ----- Start Table C.7 ----- + 2FF0-2FFB; [IDEOGRAPHIC DESCRIPTION CHARACTERS] + ----- End Table C.7 ----- + +C.8 Change display properties or are deprecated + + ----- Start Table C.8 ----- + 0340; COMBINING GRAVE TONE MARK + 0341; COMBINING ACUTE TONE MARK + 200E; LEFT-TO-RIGHT MARK + 200F; RIGHT-TO-LEFT MARK + 202A; LEFT-TO-RIGHT EMBEDDING + 202B; RIGHT-TO-LEFT EMBEDDING + 202C; POP DIRECTIONAL FORMATTING + 202D; LEFT-TO-RIGHT OVERRIDE + 202E; RIGHT-TO-LEFT OVERRIDE + 206A; INHIBIT SYMMETRIC SWAPPING + 206B; ACTIVATE SYMMETRIC SWAPPING + 206C; INHIBIT ARABIC FORM SHAPING + 206D; ACTIVATE ARABIC FORM SHAPING + 206E; NATIONAL DIGIT SHAPES + 206F; NOMINAL DIGIT SHAPES + ----- End Table C.8 ----- + +C.9 Tagging characters + + ----- Start Table C.9 ----- + E0001; LANGUAGE TAG + E0020-E007F; [TAGGING CHARACTERS] + ----- End Table C.9 ----- + +D. Bidirectional tables + +D.1 Characters with bidirectional property "R" or "AL" + + ----- Start Table D.1 ----- + 05BE + 05C0 + 05C3 + 05D0-05EA + 05F0-05F4 + 061B + 061F + 0621-063A + + + +Hoffman & Blanchet Standards Track [Page 81] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 0640-064A + 066D-066F + 0671-06D5 + 06DD + 06E5-06E6 + 06FA-06FE + 0700-070D + 0710 + 0712-072C + 0780-07A5 + 07B1 + 200F + FB1D + FB1F-FB28 + FB2A-FB36 + FB38-FB3C + FB3E + FB40-FB41 + FB43-FB44 + FB46-FBB1 + FBD3-FD3D + FD50-FD8F + FD92-FDC7 + FDF0-FDFC + FE70-FE74 + FE76-FEFC + ----- End Table D.1 ----- + +D.2 Characters with bidirectional property "L" + + ----- Start Table D.2 ----- + 0041-005A + 0061-007A + 00AA + 00B5 + 00BA + 00C0-00D6 + 00D8-00F6 + 00F8-0220 + 0222-0233 + 0250-02AD + 02B0-02B8 + 02BB-02C1 + 02D0-02D1 + 02E0-02E4 + 02EE + 037A + 0386 + + + +Hoffman & Blanchet Standards Track [Page 82] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 0388-038A + 038C + 038E-03A1 + 03A3-03CE + 03D0-03F5 + 0400-0482 + 048A-04CE + 04D0-04F5 + 04F8-04F9 + 0500-050F + 0531-0556 + 0559-055F + 0561-0587 + 0589 + 0903 + 0905-0939 + 093D-0940 + 0949-094C + 0950 + 0958-0961 + 0964-0970 + 0982-0983 + 0985-098C + 098F-0990 + 0993-09A8 + 09AA-09B0 + 09B2 + 09B6-09B9 + 09BE-09C0 + 09C7-09C8 + 09CB-09CC + 09D7 + 09DC-09DD + 09DF-09E1 + 09E6-09F1 + 09F4-09FA + 0A05-0A0A + 0A0F-0A10 + 0A13-0A28 + 0A2A-0A30 + 0A32-0A33 + 0A35-0A36 + 0A38-0A39 + 0A3E-0A40 + 0A59-0A5C + 0A5E + 0A66-0A6F + 0A72-0A74 + + + +Hoffman & Blanchet Standards Track [Page 83] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 0A83 + 0A85-0A8B + 0A8D + 0A8F-0A91 + 0A93-0AA8 + 0AAA-0AB0 + 0AB2-0AB3 + 0AB5-0AB9 + 0ABD-0AC0 + 0AC9 + 0ACB-0ACC + 0AD0 + 0AE0 + 0AE6-0AEF + 0B02-0B03 + 0B05-0B0C + 0B0F-0B10 + 0B13-0B28 + 0B2A-0B30 + 0B32-0B33 + 0B36-0B39 + 0B3D-0B3E + 0B40 + 0B47-0B48 + 0B4B-0B4C + 0B57 + 0B5C-0B5D + 0B5F-0B61 + 0B66-0B70 + 0B83 + 0B85-0B8A + 0B8E-0B90 + 0B92-0B95 + 0B99-0B9A + 0B9C + 0B9E-0B9F + 0BA3-0BA4 + 0BA8-0BAA + 0BAE-0BB5 + 0BB7-0BB9 + 0BBE-0BBF + 0BC1-0BC2 + 0BC6-0BC8 + 0BCA-0BCC + 0BD7 + 0BE7-0BF2 + 0C01-0C03 + 0C05-0C0C + + + +Hoffman & Blanchet Standards Track [Page 84] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 0C0E-0C10 + 0C12-0C28 + 0C2A-0C33 + 0C35-0C39 + 0C41-0C44 + 0C60-0C61 + 0C66-0C6F + 0C82-0C83 + 0C85-0C8C + 0C8E-0C90 + 0C92-0CA8 + 0CAA-0CB3 + 0CB5-0CB9 + 0CBE + 0CC0-0CC4 + 0CC7-0CC8 + 0CCA-0CCB + 0CD5-0CD6 + 0CDE + 0CE0-0CE1 + 0CE6-0CEF + 0D02-0D03 + 0D05-0D0C + 0D0E-0D10 + 0D12-0D28 + 0D2A-0D39 + 0D3E-0D40 + 0D46-0D48 + 0D4A-0D4C + 0D57 + 0D60-0D61 + 0D66-0D6F + 0D82-0D83 + 0D85-0D96 + 0D9A-0DB1 + 0DB3-0DBB + 0DBD + 0DC0-0DC6 + 0DCF-0DD1 + 0DD8-0DDF + 0DF2-0DF4 + 0E01-0E30 + 0E32-0E33 + 0E40-0E46 + 0E4F-0E5B + 0E81-0E82 + 0E84 + 0E87-0E88 + + + +Hoffman & Blanchet Standards Track [Page 85] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 0E8A + 0E8D + 0E94-0E97 + 0E99-0E9F + 0EA1-0EA3 + 0EA5 + 0EA7 + 0EAA-0EAB + 0EAD-0EB0 + 0EB2-0EB3 + 0EBD + 0EC0-0EC4 + 0EC6 + 0ED0-0ED9 + 0EDC-0EDD + 0F00-0F17 + 0F1A-0F34 + 0F36 + 0F38 + 0F3E-0F47 + 0F49-0F6A + 0F7F + 0F85 + 0F88-0F8B + 0FBE-0FC5 + 0FC7-0FCC + 0FCF + 1000-1021 + 1023-1027 + 1029-102A + 102C + 1031 + 1038 + 1040-1057 + 10A0-10C5 + 10D0-10F8 + 10FB + 1100-1159 + 115F-11A2 + 11A8-11F9 + 1200-1206 + 1208-1246 + 1248 + 124A-124D + 1250-1256 + 1258 + 125A-125D + 1260-1286 + + + +Hoffman & Blanchet Standards Track [Page 86] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1288 + 128A-128D + 1290-12AE + 12B0 + 12B2-12B5 + 12B8-12BE + 12C0 + 12C2-12C5 + 12C8-12CE + 12D0-12D6 + 12D8-12EE + 12F0-130E + 1310 + 1312-1315 + 1318-131E + 1320-1346 + 1348-135A + 1361-137C + 13A0-13F4 + 1401-1676 + 1681-169A + 16A0-16F0 + 1700-170C + 170E-1711 + 1720-1731 + 1735-1736 + 1740-1751 + 1760-176C + 176E-1770 + 1780-17B6 + 17BE-17C5 + 17C7-17C8 + 17D4-17DA + 17DC + 17E0-17E9 + 1810-1819 + 1820-1877 + 1880-18A8 + 1E00-1E9B + 1EA0-1EF9 + 1F00-1F15 + 1F18-1F1D + 1F20-1F45 + 1F48-1F4D + 1F50-1F57 + 1F59 + 1F5B + 1F5D + + + +Hoffman & Blanchet Standards Track [Page 87] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1F5F-1F7D + 1F80-1FB4 + 1FB6-1FBC + 1FBE + 1FC2-1FC4 + 1FC6-1FCC + 1FD0-1FD3 + 1FD6-1FDB + 1FE0-1FEC + 1FF2-1FF4 + 1FF6-1FFC + 200E + 2071 + 207F + 2102 + 2107 + 210A-2113 + 2115 + 2119-211D + 2124 + 2126 + 2128 + 212A-212D + 212F-2131 + 2133-2139 + 213D-213F + 2145-2149 + 2160-2183 + 2336-237A + 2395 + 249C-24E9 + 3005-3007 + 3021-3029 + 3031-3035 + 3038-303C + 3041-3096 + 309D-309F + 30A1-30FA + 30FC-30FF + 3105-312C + 3131-318E + 3190-31B7 + 31F0-321C + 3220-3243 + 3260-327B + 327F-32B0 + 32C0-32CB + 32D0-32FE + + + +Hoffman & Blanchet Standards Track [Page 88] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 3300-3376 + 337B-33DD + 33E0-33FE + 3400-4DB5 + 4E00-9FA5 + A000-A48C + AC00-D7A3 + D800-FA2D + FA30-FA6A + FB00-FB06 + FB13-FB17 + FF21-FF3A + FF41-FF5A + FF66-FFBE + FFC2-FFC7 + FFCA-FFCF + FFD2-FFD7 + FFDA-FFDC + 10300-1031E + 10320-10323 + 10330-1034A + 10400-10425 + 10428-1044D + 1D000-1D0F5 + 1D100-1D126 + 1D12A-1D166 + 1D16A-1D172 + 1D183-1D184 + 1D18C-1D1A9 + 1D1AE-1D1DD + 1D400-1D454 + 1D456-1D49C + 1D49E-1D49F + 1D4A2 + 1D4A5-1D4A6 + 1D4A9-1D4AC + 1D4AE-1D4B9 + 1D4BB + 1D4BD-1D4C0 + 1D4C2-1D4C3 + 1D4C5-1D505 + 1D507-1D50A + 1D50D-1D514 + 1D516-1D51C + 1D51E-1D539 + 1D53B-1D53E + 1D540-1D544 + 1D546 + + + +Hoffman & Blanchet Standards Track [Page 89] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + + 1D54A-1D550 + 1D552-1D6A3 + 1D6A8-1D7C9 + 20000-2A6D6 + 2F800-2FA1D + F0000-FFFFD + 100000-10FFFD + ----- End Table D.2 ----- + +Authors' Addresses + + Paul Hoffman + Internet Mail Consortium and VPN Consortium + 127 Segre Place + Santa Cruz, CA 95060 USA + + EMail: paul.hoffman@imc.org and paul.hoffman@vpnc.org + + + Marc Blanchet + Viagenie inc. + 2875 boul. Laurier, bur. 300 + Ste-Foy, Quebec, Canada, G1V 2M2 + + EMail: Marc.Blanchet@viagenie.qc.ca + + + + + + + + + + + + + + + + + + + + + + + + + + +Hoffman & Blanchet Standards Track [Page 90] + +RFC 3454 Preparation of Internationalized Strings December 2002 + + +Full Copyright Statement + + Copyright (C) The Internet Society (2002). All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph are + included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + This document and the information contained herein is provided on an + "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING + TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION + HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF + MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + + + + + + + + + + + + + +Hoffman & Blanchet Standards Track [Page 91] + diff --git a/source4/heimdal/lib/wind/rfc3490.txt b/source4/heimdal/lib/wind/rfc3490.txt new file mode 100644 index 0000000000..d2e0b3b75a --- /dev/null +++ b/source4/heimdal/lib/wind/rfc3490.txt @@ -0,0 +1,1235 @@ + + + + + + +Network Working Group P. Faltstrom +Request for Comments: 3490 Cisco +Category: Standards Track P. Hoffman + IMC & VPNC + A. Costello + UC Berkeley + March 2003 + + + Internationalizing Domain Names in Applications (IDNA) + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2003). All Rights Reserved. + +Abstract + + Until now, there has been no standard method for domain names to use + characters outside the ASCII repertoire. This document defines + internationalized domain names (IDNs) and a mechanism called + Internationalizing Domain Names in Applications (IDNA) for handling + them in a standard fashion. IDNs use characters drawn from a large + repertoire (Unicode), but IDNA allows the non-ASCII characters to be + represented using only the ASCII characters already allowed in so- + called host names today. This backward-compatible representation is + required in existing protocols like DNS, so that IDNs can be + introduced with no changes to the existing infrastructure. IDNA is + only meant for processing domain names, not free text. + +Table of Contents + + 1. Introduction.................................................. 2 + 1.1 Problem Statement......................................... 3 + 1.2 Limitations of IDNA....................................... 3 + 1.3 Brief overview for application developers................. 4 + 2. Terminology................................................... 5 + 3. Requirements and applicability................................ 7 + 3.1 Requirements.............................................. 7 + 3.2 Applicability............................................. 8 + 3.2.1. DNS resource records................................ 8 + + + +Faltstrom, et al. Standards Track [Page 1] + +RFC 3490 IDNA March 2003 + + + 3.2.2. Non-domain-name data types stored in domain names... 9 + 4. Conversion operations......................................... 9 + 4.1 ToASCII................................................... 10 + 4.2 ToUnicode................................................. 11 + 5. ACE prefix.................................................... 12 + 6. Implications for typical applications using DNS............... 13 + 6.1 Entry and display in applications......................... 14 + 6.2 Applications and resolver libraries....................... 15 + 6.3 DNS servers............................................... 15 + 6.4 Avoiding exposing users to the raw ACE encoding........... 16 + 6.5 DNSSEC authentication of IDN domain names................ 16 + 7. Name server considerations.................................... 17 + 8. Root server considerations.................................... 17 + 9. References.................................................... 18 + 9.1 Normative References...................................... 18 + 9.2 Informative References.................................... 18 + 10. Security Considerations...................................... 19 + 11. IANA Considerations.......................................... 20 + 12. Authors' Addresses........................................... 21 + 13. Full Copyright Statement..................................... 22 + +1. Introduction + + IDNA works by allowing applications to use certain ASCII name labels + (beginning with a special prefix) to represent non-ASCII name labels. + Lower-layer protocols need not be aware of this; therefore IDNA does + not depend on changes to any infrastructure. In particular, IDNA + does not depend on any changes to DNS servers, resolvers, or protocol + elements, because the ASCII name service provided by the existing DNS + is entirely sufficient for IDNA. + + This document does not require any applications to conform to IDNA, + but applications can elect to use IDNA in order to support IDN while + maintaining interoperability with existing infrastructure. If an + application wants to use non-ASCII characters in domain names, IDNA + is the only currently-defined option. Adding IDNA support to an + existing application entails changes to the application only, and + leaves room for flexibility in the user interface. + + A great deal of the discussion of IDN solutions has focused on + transition issues and how IDN will work in a world where not all of + the components have been updated. Proposals that were not chosen by + the IDN Working Group would depend on user applications, resolvers, + and DNS servers being updated in order for a user to use an + internationalized domain name. Rather than rely on widespread + updating of all components, IDNA depends on updates to user + applications only; no changes are needed to the DNS protocol or any + DNS servers or the resolvers on user's computers. + + + +Faltstrom, et al. Standards Track [Page 2] + +RFC 3490 IDNA March 2003 + + +1.1 Problem Statement + + The IDNA specification solves the problem of extending the repertoire + of characters that can be used in domain names to include the Unicode + repertoire (with some restrictions). + + IDNA does not extend the service offered by DNS to the applications. + Instead, the applications (and, by implication, the users) continue + to see an exact-match lookup service. Either there is a single + exactly-matching name or there is no match. This model has served + the existing applications well, but it requires, with or without + internationalized domain names, that users know the exact spelling of + the domain names that the users type into applications such as web + browsers and mail user agents. The introduction of the larger + repertoire of characters potentially makes the set of misspellings + larger, especially given that in some cases the same appearance, for + example on a business card, might visually match several Unicode code + points or several sequences of code points. + + IDNA allows the graceful introduction of IDNs not only by avoiding + upgrades to existing infrastructure (such as DNS servers and mail + transport agents), but also by allowing some rudimentary use of IDNs + in applications by using the ASCII representation of the non-ASCII + name labels. While such names are very user-unfriendly to read and + type, and hence are not suitable for user input, they allow (for + instance) replying to email and clicking on URLs even though the + domain name displayed is incomprehensible to the user. In order to + allow user-friendly input and output of the IDNs, the applications + need to be modified to conform to this specification. + + IDNA uses the Unicode character repertoire, which avoids the + significant delays that would be inherent in waiting for a different + and specific character set be defined for IDN purposes by some other + standards developing organization. + +1.2 Limitations of IDNA + + The IDNA protocol does not solve all linguistic issues with users + inputting names in different scripts. Many important language-based + and script-based mappings are not covered in IDNA and need to be + handled outside the protocol. For example, names that are entered in + a mix of traditional and simplified Chinese characters will not be + mapped to a single canonical name. Another example is Scandinavian + names that are entered with U+00F6 (LATIN SMALL LETTER O WITH + DIAERESIS) will not be mapped to U+00F8 (LATIN SMALL LETTER O WITH + STROKE). + + + + + +Faltstrom, et al. Standards Track [Page 3] + +RFC 3490 IDNA March 2003 + + + An example of an important issue that is not considered in detail in + IDNA is how to provide a high probability that a user who is entering + a domain name based on visual information (such as from a business + card or billboard) or aural information (such as from a telephone or + radio) would correctly enter the IDN. Similar issues exist for ASCII + domain names, for example the possible visual confusion between the + letter 'O' and the digit zero, but the introduction of the larger + repertoire of characters creates more opportunities of similar + looking and similar sounding names. Note that this is a complex + issue relating to languages, input methods on computers, and so on. + Furthermore, the kind of matching and searching necessary for a high + probability of success would not fit the role of the DNS and its + exact matching function. + +1.3 Brief overview for application developers + + Applications can use IDNA to support internationalized domain names + anywhere that ASCII domain names are already supported, including DNS + master files and resolver interfaces. (Applications can also define + protocols and interfaces that support IDNs directly using non-ASCII + representations. IDNA does not prescribe any particular + representation for new protocols, but it still defines which names + are valid and how they are compared.) + + The IDNA protocol is contained completely within applications. It is + not a client-server or peer-to-peer protocol: everything is done + inside the application itself. When used with a DNS resolver + library, IDNA is inserted as a "shim" between the application and the + resolver library. When used for writing names into a DNS zone, IDNA + is used just before the name is committed to the zone. + + There are two operations described in section 4 of this document: + + - The ToASCII operation is used before sending an IDN to something + that expects ASCII names (such as a resolver) or writing an IDN + into a place that expects ASCII names (such as a DNS master file). + + - The ToUnicode operation is used when displaying names to users, + for example names obtained from a DNS zone. + + It is important to note that the ToASCII operation can fail. If it + fails when processing a domain name, that domain name cannot be used + as an internationalized domain name and the application has to have + some method of dealing with this failure. + + IDNA requires that implementations process input strings with + Nameprep [NAMEPREP], which is a profile of Stringprep [STRINGPREP], + and then with Punycode [PUNYCODE]. Implementations of IDNA MUST + + + +Faltstrom, et al. Standards Track [Page 4] + +RFC 3490 IDNA March 2003 + + + fully implement Nameprep and Punycode; neither Nameprep nor Punycode + are optional. + +2. Terminology + + The key words "MUST", "SHALL", "REQUIRED", "SHOULD", "RECOMMENDED", + and "MAY" in this document are to be interpreted as described in BCP + 14, RFC 2119 [RFC2119]. + + A code point is an integer value associated with a character in a + coded character set. + + Unicode [UNICODE] is a coded character set containing tens of + thousands of characters. A single Unicode code point is denoted by + "U+" followed by four to six hexadecimal digits, while a range of + Unicode code points is denoted by two hexadecimal numbers separated + by "..", with no prefixes. + + ASCII means US-ASCII [USASCII], a coded character set containing 128 + characters associated with code points in the range 0..7F. Unicode + is an extension of ASCII: it includes all the ASCII characters and + associates them with the same code points. + + The term "LDH code points" is defined in this document to mean the + code points associated with ASCII letters, digits, and the hyphen- + minus; that is, U+002D, 30..39, 41..5A, and 61..7A. "LDH" is an + abbreviation for "letters, digits, hyphen". + + [STD13] talks about "domain names" and "host names", but many people + use the terms interchangeably. Further, because [STD13] was not + terribly clear, many people who are sure they know the exact + definitions of each of these terms disagree on the definitions. In + this document the term "domain name" is used in general. This + document explicitly cites [STD3] whenever referring to the host name + syntax restrictions defined therein. + + A label is an individual part of a domain name. Labels are usually + shown separated by dots; for example, the domain name + "www.example.com" is composed of three labels: "www", "example", and + "com". (The zero-length root label described in [STD13], which can + be explicit as in "www.example.com." or implicit as in + "www.example.com", is not considered a label in this specification.) + IDNA extends the set of usable characters in labels that are text. + For the rest of this document, the term "label" is shorthand for + "text label", and "every label" means "every text label". + + + + + + +Faltstrom, et al. Standards Track [Page 5] + +RFC 3490 IDNA March 2003 + + + An "internationalized label" is a label to which the ToASCII + operation (see section 4) can be applied without failing (with the + UseSTD3ASCIIRules flag unset). This implies that every ASCII label + that satisfies the [STD13] length restriction is an internationalized + label. Therefore the term "internationalized label" is a + generalization, embracing both old ASCII labels and new non-ASCII + labels. Although most Unicode characters can appear in + internationalized labels, ToASCII will fail for some input strings, + and such strings are not valid internationalized labels. + + An "internationalized domain name" (IDN) is a domain name in which + every label is an internationalized label. This implies that every + ASCII domain name is an IDN (which implies that it is possible for a + name to be an IDN without it containing any non-ASCII characters). + This document does not attempt to define an "internationalized host + name". Just as has been the case with ASCII names, some DNS zone + administrators may impose restrictions, beyond those imposed by DNS + or IDNA, on the characters or strings that may be registered as + labels in their zones. Such restrictions have no impact on the + syntax or semantics of DNS protocol messages; a query for a name that + matches no records will yield the same response regardless of the + reason why it is not in the zone. Clients issuing queries or + interpreting responses cannot be assumed to have any knowledge of + zone-specific restrictions or conventions. + + In IDNA, equivalence of labels is defined in terms of the ToASCII + operation, which constructs an ASCII form for a given label, whether + or not the label was already an ASCII label. Labels are defined to + be equivalent if and only if their ASCII forms produced by ToASCII + match using a case-insensitive ASCII comparison. ASCII labels + already have a notion of equivalence: upper case and lower case are + considered equivalent. The IDNA notion of equivalence is an + extension of that older notion. Equivalent labels in IDNA are + treated as alternate forms of the same label, just as "foo" and "Foo" + are treated as alternate forms of the same label. + + To allow internationalized labels to be handled by existing + applications, IDNA uses an "ACE label" (ACE stands for ASCII + Compatible Encoding). An ACE label is an internationalized label + that can be rendered in ASCII and is equivalent to an + internationalized label that cannot be rendered in ASCII. Given any + internationalized label that cannot be rendered in ASCII, the ToASCII + operation will convert it to an equivalent ACE label (whereas an + ASCII label will be left unaltered by ToASCII). ACE labels are + unsuitable for display to users. The ToUnicode operation will + convert any label to an equivalent non-ACE label. In fact, an ACE + label is formally defined to be any label that the ToUnicode + operation would alter (whereas non-ACE labels are left unaltered by + + + +Faltstrom, et al. Standards Track [Page 6] + +RFC 3490 IDNA March 2003 + + + ToUnicode). Every ACE label begins with the ACE prefix specified in + section 5. The ToASCII and ToUnicode operations are specified in + section 4. + + The "ACE prefix" is defined in this document to be a string of ASCII + characters that appears at the beginning of every ACE label. It is + specified in section 5. + + A "domain name slot" is defined in this document to be a protocol + element or a function argument or a return value (and so on) + explicitly designated for carrying a domain name. Examples of domain + name slots include: the QNAME field of a DNS query; the name argument + of the gethostbyname() library function; the part of an email address + following the at-sign (@) in the From: field of an email message + header; and the host portion of the URI in the src attribute of an + HTML tag. General text that just happens to contain a domain + name is not a domain name slot; for example, a domain name appearing + in the plain text body of an email message is not occupying a domain + name slot. + + An "IDN-aware domain name slot" is defined in this document to be a + domain name slot explicitly designated for carrying an + internationalized domain name as defined in this document. The + designation may be static (for example, in the specification of the + protocol or interface) or dynamic (for example, as a result of + negotiation in an interactive session). + + An "IDN-unaware domain name slot" is defined in this document to be + any domain name slot that is not an IDN-aware domain name slot. + Obviously, this includes any domain name slot whose specification + predates IDNA. + +3. Requirements and applicability + +3.1 Requirements + + IDNA conformance means adherence to the following four requirements: + + 1) Whenever dots are used as label separators, the following + characters MUST be recognized as dots: U+002E (full stop), U+3002 + (ideographic full stop), U+FF0E (fullwidth full stop), U+FF61 + (halfwidth ideographic full stop). + + 2) Whenever a domain name is put into an IDN-unaware domain name slot + (see section 2), it MUST contain only ASCII characters. Given an + internationalized domain name (IDN), an equivalent domain name + satisfying this requirement can be obtained by applying the + + + + +Faltstrom, et al. Standards Track [Page 7] + +RFC 3490 IDNA March 2003 + + + ToASCII operation (see section 4) to each label and, if dots are + used as label separators, changing all the label separators to + U+002E. + + 3) ACE labels obtained from domain name slots SHOULD be hidden from + users when it is known that the environment can handle the non-ACE + form, except when the ACE form is explicitly requested. When it + is not known whether or not the environment can handle the non-ACE + form, the application MAY use the non-ACE form (which might fail, + such as by not being displayed properly), or it MAY use the ACE + form (which will look unintelligle to the user). Given an + internationalized domain name, an equivalent domain name + containing no ACE labels can be obtained by applying the ToUnicode + operation (see section 4) to each label. When requirements 2 and + 3 both apply, requirement 2 takes precedence. + + 4) Whenever two labels are compared, they MUST be considered to match + if and only if they are equivalent, that is, their ASCII forms + (obtained by applying ToASCII) match using a case-insensitive + ASCII comparison. Whenever two names are compared, they MUST be + considered to match if and only if their corresponding labels + match, regardless of whether the names use the same forms of label + separators. + +3.2 Applicability + + IDNA is applicable to all domain names in all domain name slots + except where it is explicitly excluded. + + This implies that IDNA is applicable to many protocols that predate + IDNA. Note that IDNs occupying domain name slots in those protocols + MUST be in ASCII form (see section 3.1, requirement 2). + +3.2.1. DNS resource records + + IDNA does not apply to domain names in the NAME and RDATA fields of + DNS resource records whose CLASS is not IN. This exclusion applies + to every non-IN class, present and future, except where future + standards override this exclusion by explicitly inviting the use of + IDNA. + + There are currently no other exclusions on the applicability of IDNA + to DNS resource records; it depends entirely on the CLASS, and not on + the TYPE. This will remain true, even as new types are defined, + unless there is a compelling reason for a new type to complicate + matters by imposing type-specific rules. + + + + + +Faltstrom, et al. Standards Track [Page 8] + +RFC 3490 IDNA March 2003 + + +3.2.2. Non-domain-name data types stored in domain names + + Although IDNA enables the representation of non-ASCII characters in + domain names, that does not imply that IDNA enables the + representation of non-ASCII characters in other data types that are + stored in domain names. For example, an email address local part is + sometimes stored in a domain label (hostmaster@example.com would be + represented as hostmaster.example.com in the RDATA field of an SOA + record). IDNA does not update the existing email standards, which + allow only ASCII characters in local parts. Therefore, unless the + email standards are revised to invite the use of IDNA for local + parts, a domain label that holds the local part of an email address + SHOULD NOT begin with the ACE prefix, and even if it does, it is to + be interpreted literally as a local part that happens to begin with + the ACE prefix. + +4. Conversion operations + + An application converts a domain name put into an IDN-unaware slot or + displayed to a user. This section specifies the steps to perform in + the conversion, and the ToASCII and ToUnicode operations. + + The input to ToASCII or ToUnicode is a single label that is a + sequence of Unicode code points (remember that all ASCII code points + are also Unicode code points). If a domain name is represented using + a character set other than Unicode or US-ASCII, it will first need to + be transcoded to Unicode. + + Starting from a whole domain name, the steps that an application + takes to do the conversions are: + + 1) Decide whether the domain name is a "stored string" or a "query + string" as described in [STRINGPREP]. If this conversion follows + the "queries" rule from [STRINGPREP], set the flag called + "AllowUnassigned". + + 2) Split the domain name into individual labels as described in + section 3.1. The labels do not include the separator. + + 3) For each label, decide whether or not to enforce the restrictions + on ASCII characters in host names [STD3]. (Applications already + faced this choice before the introduction of IDNA, and can + continue to make the decision the same way they always have; IDNA + makes no new recommendations regarding this choice.) If the + restrictions are to be enforced, set the flag called + "UseSTD3ASCIIRules" for that label. + + + + + +Faltstrom, et al. Standards Track [Page 9] + +RFC 3490 IDNA March 2003 + + + 4) Process each label with either the ToASCII or the ToUnicode + operation as appropriate. Typically, you use the ToASCII + operation if you are about to put the name into an IDN-unaware + slot, and you use the ToUnicode operation if you are displaying + the name to a user; section 3.1 gives greater detail on the + applicable requirements. + + 5) If ToASCII was applied in step 4 and dots are used as label + separators, change all the label separators to U+002E (full stop). + + The following two subsections define the ToASCII and ToUnicode + operations that are used in step 4. + + This description of the protocol uses specific procedure names, names + of flags, and so on, in order to facilitate the specification of the + protocol. These names, as well as the actual steps of the + procedures, are not required of an implementation. In fact, any + implementation which has the same external behavior as specified in + this document conforms to this specification. + +4.1 ToASCII + + The ToASCII operation takes a sequence of Unicode code points that + make up one label and transforms it into a sequence of code points in + the ASCII range (0..7F). If ToASCII succeeds, the original sequence + and the resulting sequence are equivalent labels. + + It is important to note that the ToASCII operation can fail. ToASCII + fails if any step of it fails. If any step of the ToASCII operation + fails on any label in a domain name, that domain name MUST NOT be + used as an internationalized domain name. The method for dealing + with this failure is application-specific. + + The inputs to ToASCII are a sequence of code points, the + AllowUnassigned flag, and the UseSTD3ASCIIRules flag. The output of + ToASCII is either a sequence of ASCII code points or a failure + condition. + + ToASCII never alters a sequence of code points that are all in the + ASCII range to begin with (although it could fail). Applying the + ToASCII operation multiple times has exactly the same effect as + applying it just once. + + ToASCII consists of the following steps: + + 1. If the sequence contains any code points outside the ASCII range + (0..7F) then proceed to step 2, otherwise skip to step 3. + + + + +Faltstrom, et al. Standards Track [Page 10] + +RFC 3490 IDNA March 2003 + + + 2. Perform the steps specified in [NAMEPREP] and fail if there is an + error. The AllowUnassigned flag is used in [NAMEPREP]. + + 3. If the UseSTD3ASCIIRules flag is set, then perform these checks: + + (a) Verify the absence of non-LDH ASCII code points; that is, the + absence of 0..2C, 2E..2F, 3A..40, 5B..60, and 7B..7F. + + (b) Verify the absence of leading and trailing hyphen-minus; that + is, the absence of U+002D at the beginning and end of the + sequence. + + 4. If the sequence contains any code points outside the ASCII range + (0..7F) then proceed to step 5, otherwise skip to step 8. + + 5. Verify that the sequence does NOT begin with the ACE prefix. + + 6. Encode the sequence using the encoding algorithm in [PUNYCODE] and + fail if there is an error. + + 7. Prepend the ACE prefix. + + 8. Verify that the number of code points is in the range 1 to 63 + inclusive. + +4.2 ToUnicode + + The ToUnicode operation takes a sequence of Unicode code points that + make up one label and returns a sequence of Unicode code points. If + the input sequence is a label in ACE form, then the result is an + equivalent internationalized label that is not in ACE form, otherwise + the original sequence is returned unaltered. + + ToUnicode never fails. If any step fails, then the original input + sequence is returned immediately in that step. + + The ToUnicode output never contains more code points than its input. + Note that the number of octets needed to represent a sequence of code + points depends on the particular character encoding used. + + The inputs to ToUnicode are a sequence of code points, the + AllowUnassigned flag, and the UseSTD3ASCIIRules flag. The output of + ToUnicode is always a sequence of Unicode code points. + + 1. If all code points in the sequence are in the ASCII range (0..7F) + then skip to step 3. + + + + + +Faltstrom, et al. Standards Track [Page 11] + +RFC 3490 IDNA March 2003 + + + 2. Perform the steps specified in [NAMEPREP] and fail if there is an + error. (If step 3 of ToASCII is also performed here, it will not + affect the overall behavior of ToUnicode, but it is not + necessary.) The AllowUnassigned flag is used in [NAMEPREP]. + + 3. Verify that the sequence begins with the ACE prefix, and save a + copy of the sequence. + + 4. Remove the ACE prefix. + + 5. Decode the sequence using the decoding algorithm in [PUNYCODE] and + fail if there is an error. Save a copy of the result of this + step. + + 6. Apply ToASCII. + + 7. Verify that the result of step 6 matches the saved copy from step + 3, using a case-insensitive ASCII comparison. + + 8. Return the saved copy from step 5. + +5. ACE prefix + + The ACE prefix, used in the conversion operations (section 4), is two + alphanumeric ASCII characters followed by two hyphen-minuses. It + cannot be any of the prefixes already used in earlier documents, + which includes the following: "bl--", "bq--", "dq--", "lq--", "mq--", + "ra--", "wq--" and "zq--". The ToASCII and ToUnicode operations MUST + recognize the ACE prefix in a case-insensitive manner. + + The ACE prefix for IDNA is "xn--" or any capitalization thereof. + + This means that an ACE label might be "xn--de-jg4avhby1noc0d", where + "de-jg4avhby1noc0d" is the part of the ACE label that is generated by + the encoding steps in [PUNYCODE]. + + While all ACE labels begin with the ACE prefix, not all labels + beginning with the ACE prefix are necessarily ACE labels. Non-ACE + labels that begin with the ACE prefix will confuse users and SHOULD + NOT be allowed in DNS zones. + + + + + + + + + + + +Faltstrom, et al. Standards Track [Page 12] + +RFC 3490 IDNA March 2003 + + +6. Implications for typical applications using DNS + + In IDNA, applications perform the processing needed to input + internationalized domain names from users, display internationalized + domain names to users, and process the inputs and outputs from DNS + and other protocols that carry domain names. + + The components and interfaces between them can be represented + pictorially as: + + +------+ + | User | + +------+ + ^ + | Input and display: local interface methods + | (pen, keyboard, glowing phosphorus, ...) + +-------------------|-------------------------------+ + | v | + | +-----------------------------+ | + | | Application | | + | | (ToASCII and ToUnicode | | + | | operations may be | | + | | called here) | | + | +-----------------------------+ | + | ^ ^ | End system + | | | | + | Call to resolver: | | Application-specific | + | ACE | | protocol: | + | v | ACE unless the | + | +----------+ | protocol is updated | + | | Resolver | | to handle other | + | +----------+ | encodings | + | ^ | | + +-----------------|----------|----------------------+ + DNS protocol: | | + ACE | | + v v + +-------------+ +---------------------+ + | DNS servers | | Application servers | + +-------------+ +---------------------+ + + The box labeled "Application" is where the application splits a + domain name into labels, sets the appropriate flags, and performs the + ToASCII and ToUnicode operations. This is described in section 4. + + + + + + + +Faltstrom, et al. Standards Track [Page 13] + +RFC 3490 IDNA March 2003 + + +6.1 Entry and display in applications + + Applications can accept domain names using any character set or sets + desired by the application developer, and can display domain names in + any charset. That is, the IDNA protocol does not affect the + interface between users and applications. + + An IDNA-aware application can accept and display internationalized + domain names in two formats: the internationalized character set(s) + supported by the application, and as an ACE label. ACE labels that + are displayed or input MUST always include the ACE prefix. + Applications MAY allow input and display of ACE labels, but are not + encouraged to do so except as an interface for special purposes, + possibly for debugging, or to cope with display limitations as + described in section 6.4.. ACE encoding is opaque and ugly, and + should thus only be exposed to users who absolutely need it. Because + name labels encoded as ACE name labels can be rendered either as the + encoded ASCII characters or the proper decoded characters, the + application MAY have an option for the user to select the preferred + method of display; if it does, rendering the ACE SHOULD NOT be the + default. + + Domain names are often stored and transported in many places. For + example, they are part of documents such as mail messages and web + pages. They are transported in many parts of many protocols, such as + both the control commands and the RFC 2822 body parts of SMTP, and + the headers and the body content in HTTP. It is important to + remember that domain names appear both in domain name slots and in + the content that is passed over protocols. + + In protocols and document formats that define how to handle + specification or negotiation of charsets, labels can be encoded in + any charset allowed by the protocol or document format. If a + protocol or document format only allows one charset, the labels MUST + be given in that charset. + + In any place where a protocol or document format allows transmission + of the characters in internationalized labels, internationalized + labels SHOULD be transmitted using whatever character encoding and + escape mechanism that the protocol or document format uses at that + place. + + All protocols that use domain name slots already have the capacity + for handling domain names in the ASCII charset. Thus, ACE labels + (internationalized labels that have been processed with the ToASCII + operation) can inherently be handled by those protocols. + + + + + +Faltstrom, et al. Standards Track [Page 14] + +RFC 3490 IDNA March 2003 + + +6.2 Applications and resolver libraries + + Applications normally use functions in the operating system when they + resolve DNS queries. Those functions in the operating system are + often called "the resolver library", and the applications communicate + with the resolver libraries through a programming interface (API). + + Because these resolver libraries today expect only domain names in + ASCII, applications MUST prepare labels that are passed to the + resolver library using the ToASCII operation. Labels received from + the resolver library contain only ASCII characters; internationalized + labels that cannot be represented directly in ASCII use the ACE form. + ACE labels always include the ACE prefix. + + An operating system might have a set of libraries for performing the + ToASCII operation. The input to such a library might be in one or + more charsets that are used in applications (UTF-8 and UTF-16 are + likely candidates for almost any operating system, and script- + specific charsets are likely for localized operating systems). + + IDNA-aware applications MUST be able to work with both non- + internationalized labels (those that conform to [STD13] and [STD3]) + and internationalized labels. + + It is expected that new versions of the resolver libraries in the + future will be able to accept domain names in other charsets than + ASCII, and application developers might one day pass not only domain + names in Unicode, but also in local script to a new API for the + resolver libraries in the operating system. Thus the ToASCII and + ToUnicode operations might be performed inside these new versions of + the resolver libraries. + + Domain names passed to resolvers or put into the question section of + DNS requests follow the rules for "queries" from [STRINGPREP]. + +6.3 DNS servers + + Domain names stored in zones follow the rules for "stored strings" + from [STRINGPREP]. + + For internationalized labels that cannot be represented directly in + ASCII, DNS servers MUST use the ACE form produced by the ToASCII + operation. All IDNs served by DNS servers MUST contain only ASCII + characters. + + If a signaling system which makes negotiation possible between old + and new DNS clients and servers is standardized in the future, the + encoding of the query in the DNS protocol itself can be changed from + + + +Faltstrom, et al. Standards Track [Page 15] + +RFC 3490 IDNA March 2003 + + + ACE to something else, such as UTF-8. The question whether or not + this should be used is, however, a separate problem and is not + discussed in this memo. + +6.4 Avoiding exposing users to the raw ACE encoding + + Any application that might show the user a domain name obtained from + a domain name slot, such as from gethostbyaddr or part of a mail + header, will need to be updated if it is to prevent users from seeing + the ACE. + + If an application decodes an ACE name using ToUnicode but cannot show + all of the characters in the decoded name, such as if the name + contains characters that the output system cannot display, the + application SHOULD show the name in ACE format (which always includes + the ACE prefix) instead of displaying the name with the replacement + character (U+FFFD). This is to make it easier for the user to + transfer the name correctly to other programs. Programs that by + default show the ACE form when they cannot show all the characters in + a name label SHOULD also have a mechanism to show the name that is + produced by the ToUnicode operation with as many characters as + possible and replacement characters in the positions where characters + cannot be displayed. + + The ToUnicode operation does not alter labels that are not valid ACE + labels, even if they begin with the ACE prefix. After ToUnicode has + been applied, if a label still begins with the ACE prefix, then it is + not a valid ACE label, and is not equivalent to any of the + intermediate Unicode strings constructed by ToUnicode. + +6.5 DNSSEC authentication of IDN domain names + + DNS Security [RFC2535] is a method for supplying cryptographic + verification information along with DNS messages. Public Key + Cryptography is used in conjunction with digital signatures to + provide a means for a requester of domain information to authenticate + the source of the data. This ensures that it can be traced back to a + trusted source, either directly, or via a chain of trust linking the + source of the information to the top of the DNS hierarchy. + + IDNA specifies that all internationalized domain names served by DNS + servers that cannot be represented directly in ASCII must use the ACE + form produced by the ToASCII operation. This operation must be + performed prior to a zone being signed by the private key for that + zone. Because of this ordering, it is important to recognize that + DNSSEC authenticates the ASCII domain name, not the Unicode form or + + + + + +Faltstrom, et al. Standards Track [Page 16] + +RFC 3490 IDNA March 2003 + + + the mapping between the Unicode form and the ASCII form. In the + presence of DNSSEC, this is the name that MUST be signed in the zone + and MUST be validated against. + + One consequence of this for sites deploying IDNA in the presence of + DNSSEC is that any special purpose proxies or forwarders used to + transform user input into IDNs must be earlier in the resolution flow + than DNSSEC authenticating nameservers for DNSSEC to work. + +7. Name server considerations + + Existing DNS servers do not know the IDNA rules for handling non- + ASCII forms of IDNs, and therefore need to be shielded from them. + All existing channels through which names can enter a DNS server + database (for example, master files [STD13] and DNS update messages + [RFC2136]) are IDN-unaware because they predate IDNA, and therefore + requirement 2 of section 3.1 of this document provides the needed + shielding, by ensuring that internationalized domain names entering + DNS server databases through such channels have already been + converted to their equivalent ASCII forms. + + It is imperative that there be only one ASCII encoding for a + particular domain name. Because of the design of the ToASCII and + ToUnicode operations, there are no ACE labels that decode to ASCII + labels, and therefore name servers cannot contain multiple ASCII + encodings of the same domain name. + + [RFC2181] explicitly allows domain labels to contain octets beyond + the ASCII range (0..7F), and this document does not change that. + Note, however, that there is no defined interpretation of octets + 80..FF as characters. If labels containing these octets are returned + to applications, unpredictable behavior could result. The ASCII form + defined by ToASCII is the only standard representation for + internationalized labels in the current DNS protocol. + +8. Root server considerations + + IDNs are likely to be somewhat longer than current domain names, so + the bandwidth needed by the root servers is likely to go up by a + small amount. Also, queries and responses for IDNs will probably be + somewhat longer than typical queries today, so more queries and + responses may be forced to go to TCP instead of UDP. + + + + + + + + + +Faltstrom, et al. Standards Track [Page 17] + +RFC 3490 IDNA March 2003 + + +9. References + +9.1 Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [STRINGPREP] Hoffman, P. and M. Blanchet, "Preparation of + Internationalized Strings ("stringprep")", RFC 3454, + December 2002. + + [NAMEPREP] Hoffman, P. and M. Blanchet, "Nameprep: A Stringprep + Profile for Internationalized Domain Names (IDN)", RFC + 3491, March 2003. + + [PUNYCODE] Costello, A., "Punycode: A Bootstring encoding of + Unicode for use with Internationalized Domain Names in + Applications (IDNA)", RFC 3492, March 2003. + + [STD3] Braden, R., "Requirements for Internet Hosts -- + Communication Layers", STD 3, RFC 1122, and + "Requirements for Internet Hosts -- Application and + Support", STD 3, RFC 1123, October 1989. + + [STD13] Mockapetris, P., "Domain names - concepts and + facilities", STD 13, RFC 1034 and "Domain names - + implementation and specification", STD 13, RFC 1035, + November 1987. + +9.2 Informative References + + [RFC2535] Eastlake, D., "Domain Name System Security Extensions", + RFC 2535, March 1999. + + [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS + Specification", RFC 2181, July 1997. + + [UAX9] Unicode Standard Annex #9, The Bidirectional Algorithm, + . + + [UNICODE] The Unicode Consortium. The Unicode Standard, Version + 3.2.0 is defined by The Unicode Standard, Version 3.0 + (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-61633-5), + as amended by the Unicode Standard Annex #27: Unicode + 3.1 (http://www.unicode.org/reports/tr27/) and by the + Unicode Standard Annex #28: Unicode 3.2 + (http://www.unicode.org/reports/tr28/). + + + + +Faltstrom, et al. Standards Track [Page 18] + +RFC 3490 IDNA March 2003 + + + [USASCII] Cerf, V., "ASCII format for Network Interchange", RFC + 20, October 1969. + +10. Security Considerations + + Security on the Internet partly relies on the DNS. Thus, any change + to the characteristics of the DNS can change the security of much of + the Internet. + + This memo describes an algorithm which encodes characters that are + not valid according to STD3 and STD13 into octet values that are + valid. No security issues such as string length increases or new + allowed values are introduced by the encoding process or the use of + these encoded values, apart from those introduced by the ACE encoding + itself. + + Domain names are used by users to identify and connect to Internet + servers. The security of the Internet is compromised if a user + entering a single internationalized name is connected to different + servers based on different interpretations of the internationalized + domain name. + + When systems use local character sets other than ASCII and Unicode, + this specification leaves the the problem of transcoding between the + local character set and Unicode up to the application. If different + applications (or different versions of one application) implement + different transcoding rules, they could interpret the same name + differently and contact different servers. This problem is not + solved by security protocols like TLS that do not take local + character sets into account. + + Because this document normatively refers to [NAMEPREP], [PUNYCODE], + and [STRINGPREP], it includes the security considerations from those + documents as well. + + If or when this specification is updated to use a more recent Unicode + normalization table, the new normalization table will need to be + compared with the old to spot backwards incompatible changes. If + there are such changes, they will need to be handled somehow, or + there will be security as well as operational implications. Methods + to handle the conflicts could include keeping the old normalization, + or taking care of the conflicting characters by operational means, or + some other method. + + Implementations MUST NOT use more recent normalization tables than + the one referenced from this document, even though more recent tables + may be provided by operating systems. If an application is unsure of + which version of the normalization tables are in the operating + + + +Faltstrom, et al. Standards Track [Page 19] + +RFC 3490 IDNA March 2003 + + + system, the application needs to include the normalization tables + itself. Using normalization tables other than the one referenced + from this specification could have security and operational + implications. + + To help prevent confusion between characters that are visually + similar, it is suggested that implementations provide visual + indications where a domain name contains multiple scripts. Such + mechanisms can also be used to show when a name contains a mixture of + simplified and traditional Chinese characters, or to distinguish zero + and one from O and l. DNS zone adminstrators may impose restrictions + (subject to the limitations in section 2) that try to minimize + homographs. + + Domain names (or portions of them) are sometimes compared against a + set of privileged or anti-privileged domains. In such situations it + is especially important that the comparisons be done properly, as + specified in section 3.1 requirement 4. For labels already in ASCII + form, the proper comparison reduces to the same case-insensitive + ASCII comparison that has always been used for ASCII labels. + + The introduction of IDNA means that any existing labels that start + with the ACE prefix and would be altered by ToUnicode will + automatically be ACE labels, and will be considered equivalent to + non-ASCII labels, whether or not that was the intent of the zone + adminstrator or registrant. + +11. IANA Considerations + + IANA has assigned the ACE prefix in consultation with the IESG. + + + + + + + + + + + + + + + + + + + + + +Faltstrom, et al. Standards Track [Page 20] + +RFC 3490 IDNA March 2003 + + +12. Authors' Addresses + + Patrik Faltstrom + Cisco Systems + Arstaangsvagen 31 J + S-117 43 Stockholm Sweden + + EMail: paf@cisco.com + + + Paul Hoffman + Internet Mail Consortium and VPN Consortium + 127 Segre Place + Santa Cruz, CA 95060 USA + + EMail: phoffman@imc.org + + + Adam M. Costello + University of California, Berkeley + + URL: http://www.nicemice.net/amc/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Faltstrom, et al. Standards Track [Page 21] + +RFC 3490 IDNA March 2003 + + +13. Full Copyright Statement + + Copyright (C) The Internet Society (2003). All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph are + included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + This document and the information contained herein is provided on an + "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING + TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION + HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF + MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + + + + + + + + + + + + + +Faltstrom, et al. Standards Track [Page 22] + diff --git a/source4/heimdal/lib/wind/rfc3491.txt b/source4/heimdal/lib/wind/rfc3491.txt new file mode 100644 index 0000000000..dbc86c7fe4 --- /dev/null +++ b/source4/heimdal/lib/wind/rfc3491.txt @@ -0,0 +1,395 @@ + + + + + + +Network Working Group P. Hoffman +Request for Comments: 3491 IMC & VPNC +Category: Standards Track M. Blanchet + Viagenie + March 2003 + + + Nameprep: A Stringprep Profile for + Internationalized Domain Names (IDN) + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2003). All Rights Reserved. + +Abstract + + This document describes how to prepare internationalized domain name + (IDN) labels in order to increase the likelihood that name input and + name comparison work in ways that make sense for typical users + throughout the world. This profile of the stringprep protocol is + used as part of a suite of on-the-wire protocols for + internationalizing the Domain Name System (DNS). + +1. Introduction + + This document specifies processing rules that will allow users to + enter internationalized domain names (IDNs) into applications and + have the highest chance of getting the content of the strings + correct. It is a profile of stringprep [STRINGPREP]. These + processing rules are only intended for internationalized domain + names, not for arbitrary text. + + This profile defines the following, as required by [STRINGPREP]. + + - The intended applicability of the profile: internationalized + domain names processed by IDNA. + + - The character repertoire that is the input and output to + stringprep: Unicode 3.2, specified in section 2. + + + + +Hoffman & Blanchet Standards Track [Page 1] + +RFC 3491 IDN Nameprep March 2003 + + + - The mappings used: specified in section 3. + + - The Unicode normalization used: specified in section 4. + + - The characters that are prohibited as output: specified in section + 5. + + - Bidirectional character handling: specified in section 6. + +1.1 Interaction of protocol parts + + Nameprep is used by the IDNA [IDNA] protocol for preparing domain + names; it is not designed for any other purpose. It is explicitly + not designed for processing arbitrary free text and SHOULD NOT be + used for that purpose. Nameprep is a profile of Stringprep + [STRINGPREP]. Implementations of Nameprep MUST fully implement + Stringprep. + + Nameprep is used to process domain name labels, not domain names. + IDNA calls nameprep for each label in a domain name, not for the + whole domain name. + +1.2 Terminology + + The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY" + in this document are to be interpreted as described in BCP 14, RFC + 2119 [RFC2119]. + +2. Character Repertoire + + This profile uses Unicode 3.2, as defined in [STRINGPREP] Appendix A. + +3. Mapping + + This profile specifies mapping using the following tables from + [STRINGPREP]: + + Table B.1 + Table B.2 + +4. Normalization + + This profile specifies using Unicode normalization form KC, as + described in [STRINGPREP]. + + + + + + + +Hoffman & Blanchet Standards Track [Page 2] + +RFC 3491 IDN Nameprep March 2003 + + +5. Prohibited Output + + This profile specifies prohibiting using the following tables from + [STRINGPREP]: + + Table C.1.2 + Table C.2.2 + Table C.3 + Table C.4 + Table C.5 + Table C.6 + Table C.7 + Table C.8 + Table C.9 + + IMPORTANT NOTE: This profile MUST be used with the IDNA protocol. + The IDNA protocol has additional prohibitions that are checked + outside of this profile. + +6. Bidirectional characters + + This profile specifies checking bidirectional strings as described in + [STRINGPREP] section 6. + +7. Unassigned Code Points in Internationalized Domain Names + + If the processing in [IDNA] specifies that a list of unassigned code + points be used, the system uses table A.1 from [STRINGPREP] as its + list of unassigned code points. + +8. References + +8.1 Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [STRINGPREP] Hoffman, P. and M. Blanchet, "Preparation of + Internationalized Strings ("stringprep")", RFC 3454, + December 2002. + + [IDNA] Faltstrom, P., Hoffman, P. and A. Costello, + "Internationalizing Domain Names in Applications + (IDNA)", RFC 3490, March 2003. + + + + + + + +Hoffman & Blanchet Standards Track [Page 3] + +RFC 3491 IDN Nameprep March 2003 + + +8.2 Informative references + + [STD13] Mockapetris, P., "Domain names - concepts and + facilities", STD 13, RFC 1034, and "Domain names - + implementation and specification", STD 13, RFC 1035, + November 1987. + +9. Security Considerations + + The Unicode and ISO/IEC 10646 repertoires have many characters that + look similar. In many cases, users of security protocols might do + visual matching, such as when comparing the names of trusted third + parties. Because it is impossible to map similar-looking characters + without a great deal of context such as knowing the fonts used, + stringprep does nothing to map similar-looking characters together + nor to prohibit some characters because they look like others. + + Security on the Internet partly relies on the DNS. Thus, any change + to the characteristics of the DNS can change the security of much of + the Internet. + + Domain names are used by users to connect to Internet servers. The + security of the Internet would be compromised if a user entering a + single internationalized name could be connected to different servers + based on different interpretations of the internationalized domain + name. + + Current applications might assume that the characters allowed in + domain names will always be the same as they are in [STD13]. This + document vastly increases the number of characters available in + domain names. Every program that uses "special" characters in + conjunction with domain names may be vulnerable to attack based on + the new characters allowed by this specification. + + + + + + + + + + + + + + + + + + +Hoffman & Blanchet Standards Track [Page 4] + +RFC 3491 IDN Nameprep March 2003 + + +10. IANA Considerations + + This is a profile of stringprep. It has been registered by the IANA + in the stringprep profile registry + (www.iana.org/assignments/stringprep-profiles). + + Name of this profile: + Nameprep + + RFC in which the profile is defined: + This document. + + Indicator whether or not this is the newest version of the + profile: + This is the first version of Nameprep. + +11. Acknowledgements + + Many people from the IETF IDN Working Group and the Unicode Technical + Committee contributed ideas that went into this document. + + The IDN Nameprep design team made many useful changes to the + document. That team and its advisors include: + + Asmus Freytag + Cathy Wissink + Francois Yergeau + James Seng + Marc Blanchet + Mark Davis + Martin Duerst + Patrik Faltstrom + Paul Hoffman + + Additional significant improvements were proposed by: + + Jonathan Rosenne + Kent Karlsson + Scott Hollenbeck + Dave Crocker + Erik Nordmark + Matitiahu Allouche + + + + + + + + + +Hoffman & Blanchet Standards Track [Page 5] + +RFC 3491 IDN Nameprep March 2003 + + +12. Authors' Addresses + + Paul Hoffman + Internet Mail Consortium and VPN Consortium + 127 Segre Place + Santa Cruz, CA 95060 USA + + EMail: paul.hoffman@imc.org and paul.hoffman@vpnc.org + + + Marc Blanchet + Viagenie inc. + 2875 boul. Laurier, bur. 300 + Ste-Foy, Quebec, Canada, G1V 2M2 + + EMail: Marc.Blanchet@viagenie.qc.ca + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Hoffman & Blanchet Standards Track [Page 6] + +RFC 3491 IDN Nameprep March 2003 + + +13. Full Copyright Statement + + Copyright (C) The Internet Society (2003). All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph are + included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + This document and the information contained herein is provided on an + "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING + TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION + HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF + MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + + + + + + + + + + + + + +Hoffman & Blanchet Standards Track [Page 7] + diff --git a/source4/heimdal/lib/wind/rfc3492.txt b/source4/heimdal/lib/wind/rfc3492.txt new file mode 100644 index 0000000000..e72ad81a27 --- /dev/null +++ b/source4/heimdal/lib/wind/rfc3492.txt @@ -0,0 +1,1963 @@ + + + + + + +Network Working Group A. Costello +Request for Comments: 3492 Univ. of California, Berkeley +Category: Standards Track March 2003 + + + Punycode: A Bootstring encoding of Unicode + for Internationalized Domain Names in Applications (IDNA) + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2003). All Rights Reserved. + +Abstract + + Punycode is a simple and efficient transfer encoding syntax designed + for use with Internationalized Domain Names in Applications (IDNA). + It uniquely and reversibly transforms a Unicode string into an ASCII + string. ASCII characters in the Unicode string are represented + literally, and non-ASCII characters are represented by ASCII + characters that are allowed in host name labels (letters, digits, and + hyphens). This document defines a general algorithm called + Bootstring that allows a string of basic code points to uniquely + represent any string of code points drawn from a larger set. + Punycode is an instance of Bootstring that uses particular parameter + values specified by this document, appropriate for IDNA. + +Table of Contents + + 1. Introduction...............................................2 + 1.1 Features..............................................2 + 1.2 Interaction of protocol parts.........................3 + 2. Terminology................................................3 + 3. Bootstring description.....................................4 + 3.1 Basic code point segregation..........................4 + 3.2 Insertion unsort coding...............................4 + 3.3 Generalized variable-length integers..................5 + 3.4 Bias adaptation.......................................7 + 4. Bootstring parameters......................................8 + 5. Parameter values for Punycode..............................8 + 6. Bootstring algorithms......................................9 + + + +Costello Standards Track [Page 1] + +RFC 3492 IDNA Punycode March 2003 + + + 6.1 Bias adaptation function.............................10 + 6.2 Decoding procedure...................................11 + 6.3 Encoding procedure...................................12 + 6.4 Overflow handling....................................13 + 7. Punycode examples.........................................14 + 7.1 Sample strings.......................................14 + 7.2 Decoding traces......................................17 + 7.3 Encoding traces......................................19 + 8. Security Considerations...................................20 + 9. References................................................21 + 9.1 Normative References.................................21 + 9.2 Informative References...............................21 + A. Mixed-case annotation.....................................22 + B. Disclaimer and license....................................22 + C. Punycode sample implementation............................23 + Author's Address.............................................34 + Full Copyright Statement.....................................35 + +1. Introduction + + [IDNA] describes an architecture for supporting internationalized + domain names. Labels containing non-ASCII characters can be + represented by ACE labels, which begin with a special ACE prefix and + contain only ASCII characters. The remainder of the label after the + prefix is a Punycode encoding of a Unicode string satisfying certain + constraints. For the details of the prefix and constraints, see + [IDNA] and [NAMEPREP]. + + Punycode is an instance of a more general algorithm called + Bootstring, which allows strings composed from a small set of "basic" + code points to uniquely represent any string of code points drawn + from a larger set. Punycode is Bootstring with particular parameter + values appropriate for IDNA. + +1.1 Features + + Bootstring has been designed to have the following features: + + * Completeness: Every extended string (sequence of arbitrary code + points) can be represented by a basic string (sequence of basic + code points). Restrictions on what strings are allowed, and on + length, can be imposed by higher layers. + + * Uniqueness: There is at most one basic string that represents a + given extended string. + + * Reversibility: Any extended string mapped to a basic string can + be recovered from that basic string. + + + +Costello Standards Track [Page 2] + +RFC 3492 IDNA Punycode March 2003 + + + * Efficient encoding: The ratio of basic string length to extended + string length is small. This is important in the context of + domain names because RFC 1034 [RFC1034] restricts the length of a + domain label to 63 characters. + + * Simplicity: The encoding and decoding algorithms are reasonably + simple to implement. The goals of efficiency and simplicity are + at odds; Bootstring aims at a good balance between them. + + * Readability: Basic code points appearing in the extended string + are represented as themselves in the basic string (although the + main purpose is to improve efficiency, not readability). + + Punycode can also support an additional feature that is not used by + the ToASCII and ToUnicode operations of [IDNA]. When extended + strings are case-folded prior to encoding, the basic string can use + mixed case to tell how to convert the folded string into a mixed-case + string. See appendix A "Mixed-case annotation". + +1.2 Interaction of protocol parts + + Punycode is used by the IDNA protocol [IDNA] for converting domain + labels into ASCII; it is not designed for any other purpose. It is + explicitly not designed for processing arbitrary free text. + +2. Terminology + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in BCP 14, RFC 2119 + [RFC2119]. + + A code point is an integral value associated with a character in a + coded character set. + + As in the Unicode Standard [UNICODE], Unicode code points are denoted + by "U+" followed by four to six hexadecimal digits, while a range of + code points is denoted by two hexadecimal numbers separated by "..", + with no prefixes. + + The operators div and mod perform integer division; (x div y) is the + quotient of x divided by y, discarding the remainder, and (x mod y) + is the remainder, so (x div y) * y + (x mod y) == x. Bootstring uses + these operators only with nonnegative operands, so the quotient and + remainder are always nonnegative. + + The break statement jumps out of the innermost loop (as in C). + + + + +Costello Standards Track [Page 3] + +RFC 3492 IDNA Punycode March 2003 + + + An overflow is an attempt to compute a value that exceeds the maximum + value of an integer variable. + +3. Bootstring description + + Bootstring represents an arbitrary sequence of code points (the + "extended string") as a sequence of basic code points (the "basic + string"). This section describes the representation. Section 6 + "Bootstring algorithms" presents the algorithms as pseudocode. + Sections 7.1 "Decoding traces" and 7.2 "Encoding traces" trace the + algorithms for sample inputs. + + The following sections describe the four techniques used in + Bootstring. "Basic code point segregation" is a very simple and + efficient encoding for basic code points occurring in the extended + string: they are simply copied all at once. "Insertion unsort + coding" encodes the non-basic code points as deltas, and processes + the code points in numerical order rather than in order of + appearance, which typically results in smaller deltas. The deltas + are represented as "generalized variable-length integers", which use + basic code points to represent nonnegative integers. The parameters + of this integer representation are dynamically adjusted using "bias + adaptation", to improve efficiency when consecutive deltas have + similar magnitudes. + +3.1 Basic code point segregation + + All basic code points appearing in the extended string are + represented literally at the beginning of the basic string, in their + original order, followed by a delimiter if (and only if) the number + of basic code points is nonzero. The delimiter is a particular basic + code point, which never appears in the remainder of the basic string. + The decoder can therefore find the end of the literal portion (if + there is one) by scanning for the last delimiter. + +3.2 Insertion unsort coding + + The remainder of the basic string (after the last delimiter if there + is one) represents a sequence of nonnegative integral deltas as + generalized variable-length integers, described in section 3.3. The + meaning of the deltas is best understood in terms of the decoder. + + The decoder builds the extended string incrementally. Initially, the + extended string is a copy of the literal portion of the basic string + (excluding the last delimiter). The decoder inserts non-basic code + points, one for each delta, into the extended string, ultimately + arriving at the final decoded string. + + + + +Costello Standards Track [Page 4] + +RFC 3492 IDNA Punycode March 2003 + + + At the heart of this process is a state machine with two state + variables: an index i and a counter n. The index i refers to a + position in the extended string; it ranges from 0 (the first + position) to the current length of the extended string (which refers + to a potential position beyond the current end). If the current + state is , the next state is if i is less than the + length of the extended string, or if i equals the length of + the extended string. In other words, each state change causes i to + increment, wrapping around to zero if necessary, and n counts the + number of wrap-arounds. + + Notice that the state always advances monotonically (there is no way + for the decoder to return to an earlier state). At each state, an + insertion is either performed or not performed. At most one + insertion is performed in a given state. An insertion inserts the + value of n at position i in the extended string. The deltas are a + run-length encoding of this sequence of events: they are the lengths + of the runs of non-insertion states preceeding the insertion states. + Hence, for each delta, the decoder performs delta state changes, then + an insertion, and then one more state change. (An implementation + need not perform each state change individually, but can instead use + division and remainder calculations to compute the next insertion + state directly.) It is an error if the inserted code point is a + basic code point (because basic code points were supposed to be + segregated as described in section 3.1). + + The encoder's main task is to derive the sequence of deltas that will + cause the decoder to construct the desired string. It can do this by + repeatedly scanning the extended string for the next code point that + the decoder would need to insert, and counting the number of state + changes the decoder would need to perform, mindful of the fact that + the decoder's extended string will include only those code points + that have already been inserted. Section 6.3 "Encoding procedure" + gives a precise algorithm. + +3.3 Generalized variable-length integers + + In a conventional integer representation the base is the number of + distinct symbols for digits, whose values are 0 through base-1. Let + digit_0 denote the least significant digit, digit_1 the next least + significant, and so on. The value represented is the sum over j of + digit_j * w(j), where w(j) = base^j is the weight (scale factor) for + position j. For example, in the base 8 integer 437, the digits are + 7, 3, and 4, and the weights are 1, 8, and 64, so the value is 7 + + 3*8 + 4*64 = 287. This representation has two disadvantages: First, + there are multiple encodings of each value (because there can be + extra zeros in the most significant positions), which is inconvenient + + + + +Costello Standards Track [Page 5] + +RFC 3492 IDNA Punycode March 2003 + + + when unique encodings are needed. Second, the integer is not self- + delimiting, so if multiple integers are concatenated the boundaries + between them are lost. + + The generalized variable-length representation solves these two + problems. The digit values are still 0 through base-1, but now the + integer is self-delimiting by means of thresholds t(j), each of which + is in the range 0 through base-1. Exactly one digit, the most + significant, satisfies digit_j < t(j). Therefore, if several + integers are concatenated, it is easy to separate them, starting with + the first if they are little-endian (least significant digit first), + or starting with the last if they are big-endian (most significant + digit first). As before, the value is the sum over j of digit_j * + w(j), but the weights are different: + + w(0) = 1 + w(j) = w(j-1) * (base - t(j-1)) for j > 0 + + For example, consider the little-endian sequence of base 8 digits + 734251... Suppose the thresholds are 2, 3, 5, 5, 5, 5... This + implies that the weights are 1, 1*(8-2) = 6, 6*(8-3) = 30, 30*(8-5) = + 90, 90*(8-5) = 270, and so on. 7 is not less than 2, and 3 is not + less than 3, but 4 is less than 5, so 4 is the last digit. The value + of 734 is 7*1 + 3*6 + 4*30 = 145. The next integer is 251, with + value 2*1 + 5*6 + 1*30 = 62. Decoding this representation is very + similar to decoding a conventional integer: Start with a current + value of N = 0 and a weight w = 1. Fetch the next digit d and + increase N by d * w. If d is less than the current threshold (t) + then stop, otherwise increase w by a factor of (base - t), update t + for the next position, and repeat. + + Encoding this representation is similar to encoding a conventional + integer: If N < t then output one digit for N and stop, otherwise + output the digit for t + ((N - t) mod (base - t)), then replace N + with (N - t) div (base - t), update t for the next position, and + repeat. + + For any particular set of values of t(j), there is exactly one + generalized variable-length representation of each nonnegative + integral value. + + Bootstring uses little-endian ordering so that the deltas can be + separated starting with the first. The t(j) values are defined in + terms of the constants base, tmin, and tmax, and a state variable + called bias: + + t(j) = base * (j + 1) - bias, + clamped to the range tmin through tmax + + + +Costello Standards Track [Page 6] + +RFC 3492 IDNA Punycode March 2003 + + + The clamping means that if the formula yields a value less than tmin + or greater than tmax, then t(j) = tmin or tmax, respectively. (In + the pseudocode in section 6 "Bootstring algorithms", the expression + base * (j + 1) is denoted by k for performance reasons.) These t(j) + values cause the representation to favor integers within a particular + range determined by the bias. + +3.4 Bias adaptation + + After each delta is encoded or decoded, bias is set for the next + delta as follows: + + 1. Delta is scaled in order to avoid overflow in the next step: + + let delta = delta div 2 + + But when this is the very first delta, the divisor is not 2, but + instead a constant called damp. This compensates for the fact + that the second delta is usually much smaller than the first. + + 2. Delta is increased to compensate for the fact that the next delta + will be inserting into a longer string: + + let delta = delta + (delta div numpoints) + + numpoints is the total number of code points encoded/decoded so + far (including the one corresponding to this delta itself, and + including the basic code points). + + 3. Delta is repeatedly divided until it falls within a threshold, to + predict the minimum number of digits needed to represent the next + delta: + + while delta > ((base - tmin) * tmax) div 2 + do let delta = delta div (base - tmin) + + 4. The bias is set: + + let bias = + (base * the number of divisions performed in step 3) + + (((base - tmin + 1) * delta) div (delta + skew)) + + The motivation for this procedure is that the current delta + provides a hint about the likely size of the next delta, and so + t(j) is set to tmax for the more significant digits starting with + the one expected to be last, tmin for the less significant digits + up through the one expected to be third-last, and somewhere + between tmin and tmax for the digit expected to be second-last + + + +Costello Standards Track [Page 7] + +RFC 3492 IDNA Punycode March 2003 + + + (balancing the hope of the expected-last digit being unnecessary + against the danger of it being insufficient). + +4. Bootstring parameters + + Given a set of basic code points, one needs to be designated as the + delimiter. The base cannot be greater than the number of + distinguishable basic code points remaining. The digit-values in the + range 0 through base-1 need to be associated with distinct non- + delimiter basic code points. In some cases multiple code points need + to have the same digit-value; for example, uppercase and lowercase + versions of the same letter need to be equivalent if basic strings + are case-insensitive. + + The initial value of n cannot be greater than the minimum non-basic + code point that could appear in extended strings. + + The remaining five parameters (tmin, tmax, skew, damp, and the + initial value of bias) need to satisfy the following constraints: + + 0 <= tmin <= tmax <= base-1 + skew >= 1 + damp >= 2 + initial_bias mod base <= base - tmin + + Provided the constraints are satisfied, these five parameters affect + efficiency but not correctness. They are best chosen empirically. + + If support for mixed-case annotation is desired (see appendix A), + make sure that the code points corresponding to 0 through tmax-1 all + have both uppercase and lowercase forms. + +5. Parameter values for Punycode + + Punycode uses the following Bootstring parameter values: + + base = 36 + tmin = 1 + tmax = 26 + skew = 38 + damp = 700 + initial_bias = 72 + initial_n = 128 = 0x80 + + Although the only restriction Punycode imposes on the input integers + is that they be nonnegative, these parameters are especially designed + to work well with Unicode [UNICODE] code points, which are integers + in the range 0..10FFFF (but not D800..DFFF, which are reserved for + + + +Costello Standards Track [Page 8] + +RFC 3492 IDNA Punycode March 2003 + + + use by the UTF-16 encoding of Unicode). The basic code points are + the ASCII [ASCII] code points (0..7F), of which U+002D (-) is the + delimiter, and some of the others have digit-values as follows: + + code points digit-values + ------------ ---------------------- + 41..5A (A-Z) = 0 to 25, respectively + 61..7A (a-z) = 0 to 25, respectively + 30..39 (0-9) = 26 to 35, respectively + + Using hyphen-minus as the delimiter implies that the encoded string + can end with a hyphen-minus only if the Unicode string consists + entirely of basic code points, but IDNA forbids such strings from + being encoded. The encoded string can begin with a hyphen-minus, but + IDNA prepends a prefix. Therefore IDNA using Punycode conforms to + the RFC 952 rule that host name labels neither begin nor end with a + hyphen-minus [RFC952]. + + A decoder MUST recognize the letters in both uppercase and lowercase + forms (including mixtures of both forms). An encoder SHOULD output + only uppercase forms or only lowercase forms, unless it uses mixed- + case annotation (see appendix A). + + Presumably most users will not manually write or type encoded strings + (as opposed to cutting and pasting them), but those who do will need + to be alert to the potential visual ambiguity between the following + sets of characters: + + G 6 + I l 1 + O 0 + S 5 + U V + Z 2 + + Such ambiguities are usually resolved by context, but in a Punycode + encoded string there is no context apparent to humans. + +6. Bootstring algorithms + + Some parts of the pseudocode can be omitted if the parameters satisfy + certain conditions (for which Punycode qualifies). These parts are + enclosed in {braces}, and notes immediately following the pseudocode + explain the conditions under which they can be omitted. + + + + + + + +Costello Standards Track [Page 9] + +RFC 3492 IDNA Punycode March 2003 + + + Formally, code points are integers, and hence the pseudocode assumes + that arithmetic operations can be performed directly on code points. + In some programming languages, explicit conversion between code + points and integers might be necessary. + +6.1 Bias adaptation function + + function adapt(delta,numpoints,firsttime): + if firsttime then let delta = delta div damp + else let delta = delta div 2 + let delta = delta + (delta div numpoints) + let k = 0 + while delta > ((base - tmin) * tmax) div 2 do begin + let delta = delta div (base - tmin) + let k = k + base + end + return k + (((base - tmin + 1) * delta) div (delta + skew)) + + It does not matter whether the modifications to delta and k inside + adapt() affect variables of the same name inside the + encoding/decoding procedures, because after calling adapt() the + caller does not read those variables before overwriting them. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Costello Standards Track [Page 10] + +RFC 3492 IDNA Punycode March 2003 + + +6.2 Decoding procedure + + let n = initial_n + let i = 0 + let bias = initial_bias + let output = an empty string indexed from 0 + consume all code points before the last delimiter (if there is one) + and copy them to output, fail on any non-basic code point + if more than zero code points were consumed then consume one more + (which will be the last delimiter) + while the input is not exhausted do begin + let oldi = i + let w = 1 + for k = base to infinity in steps of base do begin + consume a code point, or fail if there was none to consume + let digit = the code point's digit-value, fail if it has none + let i = i + digit * w, fail on overflow + let t = tmin if k <= bias {+ tmin}, or + tmax if k >= bias + tmax, or k - bias otherwise + if digit < t then break + let w = w * (base - t), fail on overflow + end + let bias = adapt(i - oldi, length(output) + 1, test oldi is 0?) + let n = n + i div (length(output) + 1), fail on overflow + let i = i mod (length(output) + 1) + {if n is a basic code point then fail} + insert n into output at position i + increment i + end + + The full statement enclosed in braces (checking whether n is a basic + code point) can be omitted if initial_n exceeds all basic code points + (which is true for Punycode), because n is never less than initial_n. + + In the assignment of t, where t is clamped to the range tmin through + tmax, "+ tmin" can always be omitted. This makes the clamping + calculation incorrect when bias < k < bias + tmin, but that cannot + happen because of the way bias is computed and because of the + constraints on the parameters. + + Because the decoder state can only advance monotonically, and there + is only one representation of any delta, there is therefore only one + encoded string that can represent a given sequence of integers. The + only error conditions are invalid code points, unexpected end-of- + input, overflow, and basic code points encoded using deltas instead + of appearing literally. If the decoder fails on these errors as + shown above, then it cannot produce the same output for two distinct + inputs. Without this property it would have been necessary to re- + + + +Costello Standards Track [Page 11] + +RFC 3492 IDNA Punycode March 2003 + + + encode the output and verify that it matches the input in order to + guarantee the uniqueness of the encoding. + +6.3 Encoding procedure + + let n = initial_n + let delta = 0 + let bias = initial_bias + let h = b = the number of basic code points in the input + copy them to the output in order, followed by a delimiter if b > 0 + {if the input contains a non-basic code point < n then fail} + while h < length(input) do begin + let m = the minimum {non-basic} code point >= n in the input + let delta = delta + (m - n) * (h + 1), fail on overflow + let n = m + for each code point c in the input (in order) do begin + if c < n {or c is basic} then increment delta, fail on overflow + if c == n then begin + let q = delta + for k = base to infinity in steps of base do begin + let t = tmin if k <= bias {+ tmin}, or + tmax if k >= bias + tmax, or k - bias otherwise + if q < t then break + output the code point for digit t + ((q - t) mod (base - t)) + let q = (q - t) div (base - t) + end + output the code point for digit q + let bias = adapt(delta, h + 1, test h equals b?) + let delta = 0 + increment h + end + end + increment delta and n + end + + The full statement enclosed in braces (checking whether the input + contains a non-basic code point less than n) can be omitted if all + code points less than initial_n are basic code points (which is true + for Punycode if code points are unsigned). + + The brace-enclosed conditions "non-basic" and "or c is basic" can be + omitted if initial_n exceeds all basic code points (which is true for + Punycode), because the code point being tested is never less than + initial_n. + + In the assignment of t, where t is clamped to the range tmin through + tmax, "+ tmin" can always be omitted. This makes the clamping + calculation incorrect when bias < k < bias + tmin, but that cannot + + + +Costello Standards Track [Page 12] + +RFC 3492 IDNA Punycode March 2003 + + + happen because of the way bias is computed and because of the + constraints on the parameters. + + The checks for overflow are necessary to avoid producing invalid + output when the input contains very large values or is very long. + + The increment of delta at the bottom of the outer loop cannot + overflow because delta < length(input) before the increment, and + length(input) is already assumed to be representable. The increment + of n could overflow, but only if h == length(input), in which case + the procedure is finished anyway. + +6.4 Overflow handling + + For IDNA, 26-bit unsigned integers are sufficient to handle all valid + IDNA labels without overflow, because any string that needed a 27-bit + delta would have to exceed either the code point limit (0..10FFFF) or + the label length limit (63 characters). However, overflow handling + is necessary because the inputs are not necessarily valid IDNA + labels. + + If the programming language does not provide overflow detection, the + following technique can be used. Suppose A, B, and C are + representable nonnegative integers and C is nonzero. Then A + B + overflows if and only if B > maxint - A, and A + (B * C) overflows if + and only if B > (maxint - A) div C, where maxint is the greatest + integer for which maxint + 1 cannot be represented. Refer to + appendix C "Punycode sample implementation" for demonstrations of + this technique in the C language. + + The decoding and encoding algorithms shown in sections 6.2 and 6.3 + handle overflow by detecting it whenever it happens. Another + approach is to enforce limits on the inputs that prevent overflow + from happening. For example, if the encoder were to verify that no + input code points exceed M and that the input length does not exceed + L, then no delta could ever exceed (M - initial_n) * (L + 1), and + hence no overflow could occur if integer variables were capable of + representing values that large. This prevention approach would + impose more restrictions on the input than the detection approach + does, but might be considered simpler in some programming languages. + + In theory, the decoder could use an analogous approach, limiting the + number of digits in a variable-length integer (that is, limiting the + number of iterations in the innermost loop). However, the number of + digits that suffice to represent a given delta can sometimes + represent much larger deltas (because of the adaptation), and hence + this approach would probably need integers wider than 32 bits. + + + + +Costello Standards Track [Page 13] + +RFC 3492 IDNA Punycode March 2003 + + + Yet another approach for the decoder is to allow overflow to occur, + but to check the final output string by re-encoding it and comparing + to the decoder input. If and only if they do not match (using a + case-insensitive ASCII comparison) overflow has occurred. This + delayed-detection approach would not impose any more restrictions on + the input than the immediate-detection approach does, and might be + considered simpler in some programming languages. + + In fact, if the decoder is used only inside the IDNA ToUnicode + operation [IDNA], then it need not check for overflow at all, because + ToUnicode performs a higher level re-encoding and comparison, and a + mismatch has the same consequence as if the Punycode decoder had + failed. + +7. Punycode examples + +7.1 Sample strings + + In the Punycode encodings below, the ACE prefix is not shown. + Backslashes show where line breaks have been inserted in strings too + long for one line. + + The first several examples are all translations of the sentence "Why + can't they just speak in ?" (courtesy of Michael Kaplan's + "provincial" page [PROVINCIAL]). Word breaks and punctuation have + been removed, as is often done in domain names. + + (A) Arabic (Egyptian): + u+0644 u+064A u+0647 u+0645 u+0627 u+0628 u+062A u+0643 u+0644 + u+0645 u+0648 u+0634 u+0639 u+0631 u+0628 u+064A u+061F + Punycode: egbpdaj6bu4bxfgehfvwxn + + (B) Chinese (simplified): + u+4ED6 u+4EEC u+4E3A u+4EC0 u+4E48 u+4E0D u+8BF4 u+4E2D u+6587 + Punycode: ihqwcrb4cv8a8dqg056pqjye + + (C) Chinese (traditional): + u+4ED6 u+5011 u+7232 u+4EC0 u+9EBD u+4E0D u+8AAA u+4E2D u+6587 + Punycode: ihqwctvzc91f659drss3x8bo0yb + + (D) Czech: Proprostnemluvesky + U+0050 u+0072 u+006F u+010D u+0070 u+0072 u+006F u+0073 u+0074 + u+011B u+006E u+0065 u+006D u+006C u+0075 u+0076 u+00ED u+010D + u+0065 u+0073 u+006B u+0079 + Punycode: Proprostnemluvesky-uyb24dma41a + + + + + + +Costello Standards Track [Page 14] + +RFC 3492 IDNA Punycode March 2003 + + + (E) Hebrew: + u+05DC u+05DE u+05D4 u+05D4 u+05DD u+05E4 u+05E9 u+05D5 u+05D8 + u+05DC u+05D0 u+05DE u+05D3 u+05D1 u+05E8 u+05D9 u+05DD u+05E2 + u+05D1 u+05E8 u+05D9 u+05EA + Punycode: 4dbcagdahymbxekheh6e0a7fei0b + + (F) Hindi (Devanagari): + u+092F u+0939 u+0932 u+094B u+0917 u+0939 u+093F u+0928 u+094D + u+0926 u+0940 u+0915 u+094D u+092F u+094B u+0902 u+0928 u+0939 + u+0940 u+0902 u+092C u+094B u+0932 u+0938 u+0915 u+0924 u+0947 + u+0939 u+0948 u+0902 + Punycode: i1baa7eci9glrd9b2ae1bj0hfcgg6iyaf8o0a1dig0cd + + (G) Japanese (kanji and hiragana): + u+306A u+305C u+307F u+3093 u+306A u+65E5 u+672C u+8A9E u+3092 + u+8A71 u+3057 u+3066 u+304F u+308C u+306A u+3044 u+306E u+304B + Punycode: n8jok5ay5dzabd5bym9f0cm5685rrjetr6pdxa + + (H) Korean (Hangul syllables): + u+C138 u+ACC4 u+C758 u+BAA8 u+B4E0 u+C0AC u+B78C u+B4E4 u+C774 + u+D55C u+AD6D u+C5B4 u+B97C u+C774 u+D574 u+D55C u+B2E4 u+BA74 + u+C5BC u+B9C8 u+B098 u+C88B u+C744 u+AE4C + Punycode: 989aomsvi5e83db1d2a355cv1e0vak1dwrv93d5xbh15a0dt30a5j\ + psd879ccm6fea98c + + (I) Russian (Cyrillic): + U+043F u+043E u+0447 u+0435 u+043C u+0443 u+0436 u+0435 u+043E + u+043D u+0438 u+043D u+0435 u+0433 u+043E u+0432 u+043E u+0440 + u+044F u+0442 u+043F u+043E u+0440 u+0443 u+0441 u+0441 u+043A + u+0438 + Punycode: b1abfaaepdrnnbgefbaDotcwatmq2g4l + + (J) Spanish: PorqunopuedensimplementehablarenEspaol + U+0050 u+006F u+0072 u+0071 u+0075 u+00E9 u+006E u+006F u+0070 + u+0075 u+0065 u+0064 u+0065 u+006E u+0073 u+0069 u+006D u+0070 + u+006C u+0065 u+006D u+0065 u+006E u+0074 u+0065 u+0068 u+0061 + u+0062 u+006C u+0061 u+0072 u+0065 u+006E U+0045 u+0073 u+0070 + u+0061 u+00F1 u+006F u+006C + Punycode: PorqunopuedensimplementehablarenEspaol-fmd56a + + (K) Vietnamese: + Tisaohkhngthch\ + nitingVit + U+0054 u+1EA1 u+0069 u+0073 u+0061 u+006F u+0068 u+1ECD u+006B + u+0068 u+00F4 u+006E u+0067 u+0074 u+0068 u+1EC3 u+0063 u+0068 + u+1EC9 u+006E u+00F3 u+0069 u+0074 u+0069 u+1EBF u+006E u+0067 + U+0056 u+0069 u+1EC7 u+0074 + Punycode: TisaohkhngthchnitingVit-kjcr8268qyxafd2f1b9g + + + +Costello Standards Track [Page 15] + +RFC 3492 IDNA Punycode March 2003 + + + The next several examples are all names of Japanese music artists, + song titles, and TV programs, just because the author happens to have + them handy (but Japanese is useful for providing examples of single- + row text, two-row text, ideographic text, and various mixtures + thereof). + + (L) 3B + u+0033 u+5E74 U+0042 u+7D44 u+91D1 u+516B u+5148 u+751F + Punycode: 3B-ww4c5e180e575a65lsy2b + + (M) -with-SUPER-MONKEYS + u+5B89 u+5BA4 u+5948 u+7F8E u+6075 u+002D u+0077 u+0069 u+0074 + u+0068 u+002D U+0053 U+0055 U+0050 U+0045 U+0052 u+002D U+004D + U+004F U+004E U+004B U+0045 U+0059 U+0053 + Punycode: -with-SUPER-MONKEYS-pc58ag80a8qai00g7n9n + + (N) Hello-Another-Way- + U+0048 u+0065 u+006C u+006C u+006F u+002D U+0041 u+006E u+006F + u+0074 u+0068 u+0065 u+0072 u+002D U+0057 u+0061 u+0079 u+002D + u+305D u+308C u+305E u+308C u+306E u+5834 u+6240 + Punycode: Hello-Another-Way--fc4qua05auwb3674vfr0b + + (O) 2 + u+3072 u+3068 u+3064 u+5C4B u+6839 u+306E u+4E0B u+0032 + Punycode: 2-u9tlzr9756bt3uc0v + + (P) MajiKoi5 + U+004D u+0061 u+006A u+0069 u+3067 U+004B u+006F u+0069 u+3059 + u+308B u+0035 u+79D2 u+524D + Punycode: MajiKoi5-783gue6qz075azm5e + + (Q) de + u+30D1 u+30D5 u+30A3 u+30FC u+0064 u+0065 u+30EB u+30F3 u+30D0 + Punycode: de-jg4avhby1noc0d + + (R) + u+305D u+306E u+30B9 u+30D4 u+30FC u+30C9 u+3067 + Punycode: d9juau41awczczp + + The last example is an ASCII string that breaks the existing rules + for host name labels. (It is not a realistic example for IDNA, + because IDNA never encodes pure ASCII labels.) + + (S) -> $1.00 <- + u+002D u+003E u+0020 u+0024 u+0031 u+002E u+0030 u+0030 u+0020 + u+003C u+002D + Punycode: -> $1.00 <-- + + + + +Costello Standards Track [Page 16] + +RFC 3492 IDNA Punycode March 2003 + + +7.2 Decoding traces + + In the following traces, the evolving state of the decoder is shown + as a sequence of hexadecimal values, representing the code points in + the extended string. An asterisk appears just after the most + recently inserted code point, indicating both n (the value preceeding + the asterisk) and i (the position of the value just after the + asterisk). Other numerical values are decimal. + + Decoding trace of example B from section 7.1: + + n is 128, i is 0, bias is 72 + input is "ihqwcrb4cv8a8dqg056pqjye" + there is no delimiter, so extended string starts empty + delta "ihq" decodes to 19853 + bias becomes 21 + 4E0D * + delta "wc" decodes to 64 + bias becomes 20 + 4E0D 4E2D * + delta "rb" decodes to 37 + bias becomes 13 + 4E3A * 4E0D 4E2D + delta "4c" decodes to 56 + bias becomes 17 + 4E3A 4E48 * 4E0D 4E2D + delta "v8a" decodes to 599 + bias becomes 32 + 4E3A 4EC0 * 4E48 4E0D 4E2D + delta "8d" decodes to 130 + bias becomes 23 + 4ED6 * 4E3A 4EC0 4E48 4E0D 4E2D + delta "qg" decodes to 154 + bias becomes 25 + 4ED6 4EEC * 4E3A 4EC0 4E48 4E0D 4E2D + delta "056p" decodes to 46301 + bias becomes 84 + 4ED6 4EEC 4E3A 4EC0 4E48 4E0D 4E2D 6587 * + delta "qjye" decodes to 88531 + bias becomes 90 + 4ED6 4EEC 4E3A 4EC0 4E48 4E0D 8BF4 * 4E2D 6587 + + + + + + + + + + +Costello Standards Track [Page 17] + +RFC 3492 IDNA Punycode March 2003 + + + Decoding trace of example L from section 7.1: + + n is 128, i is 0, bias is 72 + input is "3B-ww4c5e180e575a65lsy2b" + literal portion is "3B-", so extended string starts as: + 0033 0042 + delta "ww4c" decodes to 62042 + bias becomes 27 + 0033 0042 5148 * + delta "5e" decodes to 139 + bias becomes 24 + 0033 0042 516B * 5148 + delta "180e" decodes to 16683 + bias becomes 67 + 0033 5E74 * 0042 516B 5148 + delta "575a" decodes to 34821 + bias becomes 82 + 0033 5E74 0042 516B 5148 751F * + delta "65l" decodes to 14592 + bias becomes 67 + 0033 5E74 0042 7D44 * 516B 5148 751F + delta "sy2b" decodes to 42088 + bias becomes 84 + 0033 5E74 0042 7D44 91D1 * 516B 5148 751F + + + + + + + + + + + + + + + + + + + + + + + + + + + +Costello Standards Track [Page 18] + +RFC 3492 IDNA Punycode March 2003 + + +7.3 Encoding traces + + In the following traces, code point values are hexadecimal, while + other numerical values are decimal. + + Encoding trace of example B from section 7.1: + + bias is 72 + input is: + 4ED6 4EEC 4E3A 4EC0 4E48 4E0D 8BF4 4E2D 6587 + there are no basic code points, so no literal portion + next code point to insert is 4E0D + needed delta is 19853, encodes as "ihq" + bias becomes 21 + next code point to insert is 4E2D + needed delta is 64, encodes as "wc" + bias becomes 20 + next code point to insert is 4E3A + needed delta is 37, encodes as "rb" + bias becomes 13 + next code point to insert is 4E48 + needed delta is 56, encodes as "4c" + bias becomes 17 + next code point to insert is 4EC0 + needed delta is 599, encodes as "v8a" + bias becomes 32 + next code point to insert is 4ED6 + needed delta is 130, encodes as "8d" + bias becomes 23 + next code point to insert is 4EEC + needed delta is 154, encodes as "qg" + bias becomes 25 + next code point to insert is 6587 + needed delta is 46301, encodes as "056p" + bias becomes 84 + next code point to insert is 8BF4 + needed delta is 88531, encodes as "qjye" + bias becomes 90 + output is "ihqwcrb4cv8a8dqg056pqjye" + + + + + + + + + + + + +Costello Standards Track [Page 19] + +RFC 3492 IDNA Punycode March 2003 + + + Encoding trace of example L from section 7.1: + + bias is 72 + input is: + 0033 5E74 0042 7D44 91D1 516B 5148 751F + basic code points (0033, 0042) are copied to literal portion: "3B-" + next code point to insert is 5148 + needed delta is 62042, encodes as "ww4c" + bias becomes 27 + next code point to insert is 516B + needed delta is 139, encodes as "5e" + bias becomes 24 + next code point to insert is 5E74 + needed delta is 16683, encodes as "180e" + bias becomes 67 + next code point to insert is 751F + needed delta is 34821, encodes as "575a" + bias becomes 82 + next code point to insert is 7D44 + needed delta is 14592, encodes as "65l" + bias becomes 67 + next code point to insert is 91D1 + needed delta is 42088, encodes as "sy2b" + bias becomes 84 + output is "3B-ww4c5e180e575a65lsy2b" + +8. Security Considerations + + Users expect each domain name in DNS to be controlled by a single + authority. If a Unicode string intended for use as a domain label + could map to multiple ACE labels, then an internationalized domain + name could map to multiple ASCII domain names, each controlled by a + different authority, some of which could be spoofs that hijack + service requests intended for another. Therefore Punycode is + designed so that each Unicode string has a unique encoding. + + However, there can still be multiple Unicode representations of the + "same" text, for various definitions of "same". This problem is + addressed to some extent by the Unicode standard under the topic of + canonicalization, and this work is leveraged for domain names by + Nameprep [NAMEPREP]. + + + + + + + + + + +Costello Standards Track [Page 20] + +RFC 3492 IDNA Punycode March 2003 + + +9. References + +9.1 Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + +9.2 Informative References + + [RFC952] Harrenstien, K., Stahl, M. and E. Feinler, "DOD Internet + Host Table Specification", RFC 952, October 1985. + + [RFC1034] Mockapetris, P., "Domain Names - Concepts and + Facilities", STD 13, RFC 1034, November 1987. + + [IDNA] Faltstrom, P., Hoffman, P. and A. Costello, + "Internationalizing Domain Names in Applications + (IDNA)", RFC 3490, March 2003. + + [NAMEPREP] Hoffman, P. and M. Blanchet, "Nameprep: A Stringprep + Profile for Internationalized Domain Names (IDN)", RFC + 3491, March 2003. + + [ASCII] Cerf, V., "ASCII format for Network Interchange", RFC + 20, October 1969. + + [PROVINCIAL] Kaplan, M., "The 'anyone can be provincial!' page", + http://www.trigeminal.com/samples/provincial.html. + + [UNICODE] The Unicode Consortium, "The Unicode Standard", + http://www.unicode.org/unicode/standard/standard.html. + + + + + + + + + + + + + + + + + + + + +Costello Standards Track [Page 21] + +RFC 3492 IDNA Punycode March 2003 + + +A. Mixed-case annotation + + In order to use Punycode to represent case-insensitive strings, + higher layers need to case-fold the strings prior to Punycode + encoding. The encoded string can use mixed case as an annotation + telling how to convert the folded string into a mixed-case string for + display purposes. Note, however, that mixed-case annotation is not + used by the ToASCII and ToUnicode operations specified in [IDNA], and + therefore implementors of IDNA can disregard this appendix. + + Basic code points can use mixed case directly, because the decoder + copies them verbatim, leaving lowercase code points lowercase, and + leaving uppercase code points uppercase. Each non-basic code point + is represented by a delta, which is represented by a sequence of + basic code points, the last of which provides the annotation. If it + is uppercase, it is a suggestion to map the non-basic code point to + uppercase (if possible); if it is lowercase, it is a suggestion to + map the non-basic code point to lowercase (if possible). + + These annotations do not alter the code points returned by decoders; + the annotations are returned separately, for the caller to use or + ignore. Encoders can accept annotations in addition to code points, + but the annotations do not alter the output, except to influence the + uppercase/lowercase form of ASCII letters. + + Punycode encoders and decoders need not support these annotations, + and higher layers need not use them. + +B. Disclaimer and license + + Regarding this entire document or any portion of it (including the + pseudocode and C code), the author makes no guarantees and is not + responsible for any damage resulting from its use. The author grants + irrevocable permission to anyone to use, modify, and distribute it in + any way that does not diminish the rights of anyone else to use, + modify, and distribute it, provided that redistributed derivative + works do not contain misleading author or version information. + Derivative works need not be licensed under similar terms. + + + + + + + + + + + + + +Costello Standards Track [Page 22] + +RFC 3492 IDNA Punycode March 2003 + + +C. Punycode sample implementation + +/* +punycode.c from RFC 3492 +http://www.nicemice.net/idn/ +Adam M. Costello +http://www.nicemice.net/amc/ + +This is ANSI C code (C89) implementing Punycode (RFC 3492). + +*/ + + +/************************************************************/ +/* Public interface (would normally go in its own .h file): */ + +#include + +enum punycode_status { + punycode_success, + punycode_bad_input, /* Input is invalid. */ + punycode_big_output, /* Output would exceed the space provided. */ + punycode_overflow /* Input needs wider integers to process. */ +}; + +#if UINT_MAX >= (1 << 26) - 1 +typedef unsigned int punycode_uint; +#else +typedef unsigned long punycode_uint; +#endif + +enum punycode_status punycode_encode( + punycode_uint input_length, + const punycode_uint input[], + const unsigned char case_flags[], + punycode_uint *output_length, + char output[] ); + + /* punycode_encode() converts Unicode to Punycode. The input */ + /* is represented as an array of Unicode code points (not code */ + /* units; surrogate pairs are not allowed), and the output */ + /* will be represented as an array of ASCII code points. The */ + /* output string is *not* null-terminated; it will contain */ + /* zeros if and only if the input contains zeros. (Of course */ + /* the caller can leave room for a terminator and add one if */ + /* needed.) The input_length is the number of code points in */ + /* the input. The output_length is an in/out argument: the */ + /* caller passes in the maximum number of code points that it */ + + + +Costello Standards Track [Page 23] + +RFC 3492 IDNA Punycode March 2003 + + + /* can receive, and on successful return it will contain the */ + /* number of code points actually output. The case_flags array */ + /* holds input_length boolean values, where nonzero suggests that */ + /* the corresponding Unicode character be forced to uppercase */ + /* after being decoded (if possible), and zero suggests that */ + /* it be forced to lowercase (if possible). ASCII code points */ + /* are encoded literally, except that ASCII letters are forced */ + /* to uppercase or lowercase according to the corresponding */ + /* uppercase flags. If case_flags is a null pointer then ASCII */ + /* letters are left as they are, and other code points are */ + /* treated as if their uppercase flags were zero. The return */ + /* value can be any of the punycode_status values defined above */ + /* except punycode_bad_input; if not punycode_success, then */ + /* output_size and output might contain garbage. */ + +enum punycode_status punycode_decode( + punycode_uint input_length, + const char input[], + punycode_uint *output_length, + punycode_uint output[], + unsigned char case_flags[] ); + + /* punycode_decode() converts Punycode to Unicode. The input is */ + /* represented as an array of ASCII code points, and the output */ + /* will be represented as an array of Unicode code points. The */ + /* input_length is the number of code points in the input. The */ + /* output_length is an in/out argument: the caller passes in */ + /* the maximum number of code points that it can receive, and */ + /* on successful return it will contain the actual number of */ + /* code points output. The case_flags array needs room for at */ + /* least output_length values, or it can be a null pointer if the */ + /* case information is not needed. A nonzero flag suggests that */ + /* the corresponding Unicode character be forced to uppercase */ + /* by the caller (if possible), while zero suggests that it be */ + /* forced to lowercase (if possible). ASCII code points are */ + /* output already in the proper case, but their flags will be set */ + /* appropriately so that applying the flags would be harmless. */ + /* The return value can be any of the punycode_status values */ + /* defined above; if not punycode_success, then output_length, */ + /* output, and case_flags might contain garbage. On success, the */ + /* decoder will never need to write an output_length greater than */ + /* input_length, because of how the encoding is defined. */ + +/**********************************************************/ +/* Implementation (would normally go in its own .c file): */ + +#include + + + + +Costello Standards Track [Page 24] + +RFC 3492 IDNA Punycode March 2003 + + +/*** Bootstring parameters for Punycode ***/ + +enum { base = 36, tmin = 1, tmax = 26, skew = 38, damp = 700, + initial_bias = 72, initial_n = 0x80, delimiter = 0x2D }; + +/* basic(cp) tests whether cp is a basic code point: */ +#define basic(cp) ((punycode_uint)(cp) < 0x80) + +/* delim(cp) tests whether cp is a delimiter: */ +#define delim(cp) ((cp) == delimiter) + +/* decode_digit(cp) returns the numeric value of a basic code */ +/* point (for use in representing integers) in the range 0 to */ +/* base-1, or base if cp is does not represent a value. */ + +static punycode_uint decode_digit(punycode_uint cp) +{ + return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : + cp - 97 < 26 ? cp - 97 : base; +} + +/* encode_digit(d,flag) returns the basic code point whose value */ +/* (when used for representing integers) is d, which needs to be in */ +/* the range 0 to base-1. The lowercase form is used unless flag is */ +/* nonzero, in which case the uppercase form is used. The behavior */ +/* is undefined if flag is nonzero and digit d has no uppercase form. */ + +static char encode_digit(punycode_uint d, int flag) +{ + return d + 22 + 75 * (d < 26) - ((flag != 0) << 5); + /* 0..25 map to ASCII a..z or A..Z */ + /* 26..35 map to ASCII 0..9 */ +} + +/* flagged(bcp) tests whether a basic code point is flagged */ +/* (uppercase). The behavior is undefined if bcp is not a */ +/* basic code point. */ + +#define flagged(bcp) ((punycode_uint)(bcp) - 65 < 26) + +/* encode_basic(bcp,flag) forces a basic code point to lowercase */ +/* if flag is zero, uppercase if flag is nonzero, and returns */ +/* the resulting code point. The code point is unchanged if it */ +/* is caseless. The behavior is undefined if bcp is not a basic */ +/* code point. */ + +static char encode_basic(punycode_uint bcp, int flag) +{ + + + +Costello Standards Track [Page 25] + +RFC 3492 IDNA Punycode March 2003 + + + bcp -= (bcp - 97 < 26) << 5; + return bcp + ((!flag && (bcp - 65 < 26)) << 5); +} + +/*** Platform-specific constants ***/ + +/* maxint is the maximum value of a punycode_uint variable: */ +static const punycode_uint maxint = -1; +/* Because maxint is unsigned, -1 becomes the maximum value. */ + +/*** Bias adaptation function ***/ + +static punycode_uint adapt( + punycode_uint delta, punycode_uint numpoints, int firsttime ) +{ + punycode_uint k; + + delta = firsttime ? delta / damp : delta >> 1; + /* delta >> 1 is a faster way of doing delta / 2 */ + delta += delta / numpoints; + + for (k = 0; delta > ((base - tmin) * tmax) / 2; k += base) { + delta /= base - tmin; + } + + return k + (base - tmin + 1) * delta / (delta + skew); +} + +/*** Main encode function ***/ + +enum punycode_status punycode_encode( + punycode_uint input_length, + const punycode_uint input[], + const unsigned char case_flags[], + punycode_uint *output_length, + char output[] ) +{ + punycode_uint n, delta, h, b, out, max_out, bias, j, m, q, k, t; + + /* Initialize the state: */ + + n = initial_n; + delta = out = 0; + max_out = *output_length; + bias = initial_bias; + + /* Handle the basic code points: */ + + + + +Costello Standards Track [Page 26] + +RFC 3492 IDNA Punycode March 2003 + + + for (j = 0; j < input_length; ++j) { + if (basic(input[j])) { + if (max_out - out < 2) return punycode_big_output; + output[out++] = + case_flags ? encode_basic(input[j], case_flags[j]) : input[j]; + } + /* else if (input[j] < n) return punycode_bad_input; */ + /* (not needed for Punycode with unsigned code points) */ + } + + h = b = out; + + /* h is the number of code points that have been handled, b is the */ + /* number of basic code points, and out is the number of characters */ + /* that have been output. */ + + if (b > 0) output[out++] = delimiter; + + /* Main encoding loop: */ + + while (h < input_length) { + /* All non-basic code points < n have been */ + /* handled already. Find the next larger one: */ + + for (m = maxint, j = 0; j < input_length; ++j) { + /* if (basic(input[j])) continue; */ + /* (not needed for Punycode) */ + if (input[j] >= n && input[j] < m) m = input[j]; + } + + /* Increase delta enough to advance the decoder's */ + /* state to , but guard against overflow: */ + + if (m - n > (maxint - delta) / (h + 1)) return punycode_overflow; + delta += (m - n) * (h + 1); + n = m; + + for (j = 0; j < input_length; ++j) { + /* Punycode does not need to check whether input[j] is basic: */ + if (input[j] < n /* || basic(input[j]) */ ) { + if (++delta == 0) return punycode_overflow; + } + + if (input[j] == n) { + /* Represent delta as a generalized variable-length integer: */ + + for (q = delta, k = base; ; k += base) { + if (out >= max_out) return punycode_big_output; + + + +Costello Standards Track [Page 27] + +RFC 3492 IDNA Punycode March 2003 + + + t = k <= bias /* + tmin */ ? tmin : /* +tmin not needed */ + k >= bias + tmax ? tmax : k - bias; + if (q < t) break; + output[out++] = encode_digit(t + (q - t) % (base - t), 0); + q = (q - t) / (base - t); + } + + output[out++] = encode_digit(q, case_flags && case_flags[j]); + bias = adapt(delta, h + 1, h == b); + delta = 0; + ++h; + } + } + + ++delta, ++n; + } + + *output_length = out; + return punycode_success; +} + +/*** Main decode function ***/ + +enum punycode_status punycode_decode( + punycode_uint input_length, + const char input[], + punycode_uint *output_length, + punycode_uint output[], + unsigned char case_flags[] ) +{ + punycode_uint n, out, i, max_out, bias, + b, j, in, oldi, w, k, digit, t; + + /* Initialize the state: */ + + n = initial_n; + out = i = 0; + max_out = *output_length; + bias = initial_bias; + + /* Handle the basic code points: Let b be the number of input code */ + /* points before the last delimiter, or 0 if there is none, then */ + /* copy the first b code points to the output. */ + + for (b = j = 0; j < input_length; ++j) if (delim(input[j])) b = j; + if (b > max_out) return punycode_big_output; + + for (j = 0; j < b; ++j) { + + + +Costello Standards Track [Page 28] + +RFC 3492 IDNA Punycode March 2003 + + + if (case_flags) case_flags[out] = flagged(input[j]); + if (!basic(input[j])) return punycode_bad_input; + output[out++] = input[j]; + } + + /* Main decoding loop: Start just after the last delimiter if any */ + /* basic code points were copied; start at the beginning otherwise. */ + + for (in = b > 0 ? b + 1 : 0; in < input_length; ++out) { + + /* in is the index of the next character to be consumed, and */ + /* out is the number of code points in the output array. */ + + /* Decode a generalized variable-length integer into delta, */ + /* which gets added to i. The overflow checking is easier */ + /* if we increase i as we go, then subtract off its starting */ + /* value at the end to obtain delta. */ + + for (oldi = i, w = 1, k = base; ; k += base) { + if (in >= input_length) return punycode_bad_input; + digit = decode_digit(input[in++]); + if (digit >= base) return punycode_bad_input; + if (digit > (maxint - i) / w) return punycode_overflow; + i += digit * w; + t = k <= bias /* + tmin */ ? tmin : /* +tmin not needed */ + k >= bias + tmax ? tmax : k - bias; + if (digit < t) break; + if (w > maxint / (base - t)) return punycode_overflow; + w *= (base - t); + } + + bias = adapt(i - oldi, out + 1, oldi == 0); + + /* i was supposed to wrap around from out+1 to 0, */ + /* incrementing n each time, so we'll fix that now: */ + + if (i / (out + 1) > maxint - n) return punycode_overflow; + n += i / (out + 1); + i %= (out + 1); + + /* Insert n at position i of the output: */ + + /* not needed for Punycode: */ + /* if (decode_digit(n) <= base) return punycode_invalid_input; */ + if (out >= max_out) return punycode_big_output; + + if (case_flags) { + memmove(case_flags + i + 1, case_flags + i, out - i); + + + +Costello Standards Track [Page 29] + +RFC 3492 IDNA Punycode March 2003 + + + /* Case of last character determines uppercase flag: */ + case_flags[i] = flagged(input[in - 1]); + } + + memmove(output + i + 1, output + i, (out - i) * sizeof *output); + output[i++] = n; + } + + *output_length = out; + return punycode_success; +} + +/******************************************************************/ +/* Wrapper for testing (would normally go in a separate .c file): */ + +#include +#include +#include +#include + +/* For testing, we'll just set some compile-time limits rather than */ +/* use malloc(), and set a compile-time option rather than using a */ +/* command-line option. */ + +enum { + unicode_max_length = 256, + ace_max_length = 256 +}; + +static void usage(char **argv) +{ + fprintf(stderr, + "\n" + "%s -e reads code points and writes a Punycode string.\n" + "%s -d reads a Punycode string and writes code points.\n" + "\n" + "Input and output are plain text in the native character set.\n" + "Code points are in the form u+hex separated by whitespace.\n" + "Although the specification allows Punycode strings to contain\n" + "any characters from the ASCII repertoire, this test code\n" + "supports only the printable characters, and needs the Punycode\n" + "string to be followed by a newline.\n" + "The case of the u in u+hex is the force-to-uppercase flag.\n" + , argv[0], argv[0]); + exit(EXIT_FAILURE); +} + +static void fail(const char *msg) + + + +Costello Standards Track [Page 30] + +RFC 3492 IDNA Punycode March 2003 + + +{ + fputs(msg,stderr); + exit(EXIT_FAILURE); +} + +static const char too_big[] = + "input or output is too large, recompile with larger limits\n"; +static const char invalid_input[] = "invalid input\n"; +static const char overflow[] = "arithmetic overflow\n"; +static const char io_error[] = "I/O error\n"; + +/* The following string is used to convert printable */ +/* characters between ASCII and the native charset: */ + +static const char print_ascii[] = + "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" + "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" + " !\"#$%&'()*+,-./" + "0123456789:;<=>?" + "@ABCDEFGHIJKLMNO" + "PQRSTUVWXYZ[\\]^_" + "`abcdefghijklmno" + "pqrstuvwxyz{|}~\n"; + +int main(int argc, char **argv) +{ + enum punycode_status status; + int r; + unsigned int input_length, output_length, j; + unsigned char case_flags[unicode_max_length]; + + if (argc != 2) usage(argv); + if (argv[1][0] != '-') usage(argv); + if (argv[1][2] != 0) usage(argv); + + if (argv[1][1] == 'e') { + punycode_uint input[unicode_max_length]; + unsigned long codept; + char output[ace_max_length+1], uplus[3]; + int c; + + /* Read the input code points: */ + + input_length = 0; + + for (;;) { + r = scanf("%2s%lx", uplus, &codept); + if (ferror(stdin)) fail(io_error); + + + +Costello Standards Track [Page 31] + +RFC 3492 IDNA Punycode March 2003 + + + if (r == EOF || r == 0) break; + + if (r != 2 || uplus[1] != '+' || codept > (punycode_uint)-1) { + fail(invalid_input); + } + + if (input_length == unicode_max_length) fail(too_big); + + if (uplus[0] == 'u') case_flags[input_length] = 0; + else if (uplus[0] == 'U') case_flags[input_length] = 1; + else fail(invalid_input); + + input[input_length++] = codept; + } + + /* Encode: */ + + output_length = ace_max_length; + status = punycode_encode(input_length, input, case_flags, + &output_length, output); + if (status == punycode_bad_input) fail(invalid_input); + if (status == punycode_big_output) fail(too_big); + if (status == punycode_overflow) fail(overflow); + assert(status == punycode_success); + + /* Convert to native charset and output: */ + + for (j = 0; j < output_length; ++j) { + c = output[j]; + assert(c >= 0 && c <= 127); + if (print_ascii[c] == 0) fail(invalid_input); + output[j] = print_ascii[c]; + } + + output[j] = 0; + r = puts(output); + if (r == EOF) fail(io_error); + return EXIT_SUCCESS; + } + + if (argv[1][1] == 'd') { + char input[ace_max_length+2], *p, *pp; + punycode_uint output[unicode_max_length]; + + /* Read the Punycode input string and convert to ASCII: */ + + fgets(input, ace_max_length+2, stdin); + if (ferror(stdin)) fail(io_error); + + + +Costello Standards Track [Page 32] + +RFC 3492 IDNA Punycode March 2003 + + + if (feof(stdin)) fail(invalid_input); + input_length = strlen(input) - 1; + if (input[input_length] != '\n') fail(too_big); + input[input_length] = 0; + + for (p = input; *p != 0; ++p) { + pp = strchr(print_ascii, *p); + if (pp == 0) fail(invalid_input); + *p = pp - print_ascii; + } + + /* Decode: */ + + output_length = unicode_max_length; + status = punycode_decode(input_length, input, &output_length, + output, case_flags); + if (status == punycode_bad_input) fail(invalid_input); + if (status == punycode_big_output) fail(too_big); + if (status == punycode_overflow) fail(overflow); + assert(status == punycode_success); + + /* Output the result: */ + + for (j = 0; j < output_length; ++j) { + r = printf("%s+%04lX\n", + case_flags[j] ? "U" : "u", + (unsigned long) output[j] ); + if (r < 0) fail(io_error); + } + + return EXIT_SUCCESS; + } + + usage(argv); + return EXIT_SUCCESS; /* not reached, but quiets compiler warning */ +} + + + + + + + + + + + + + + + +Costello Standards Track [Page 33] + +RFC 3492 IDNA Punycode March 2003 + + +Author's Address + + Adam M. Costello + University of California, Berkeley + http://www.nicemice.net/amc/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Costello Standards Track [Page 34] + +RFC 3492 IDNA Punycode March 2003 + + +Full Copyright Statement + + Copyright (C) The Internet Society (2003). All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph are + included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + This document and the information contained herein is provided on an + "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING + TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION + HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF + MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + + + + + + + + + + + + + +Costello Standards Track [Page 35] + diff --git a/source4/heimdal/lib/wind/rfc4013.txt b/source4/heimdal/lib/wind/rfc4013.txt new file mode 100644 index 0000000000..54a1d31581 --- /dev/null +++ b/source4/heimdal/lib/wind/rfc4013.txt @@ -0,0 +1,339 @@ + + + + + + +Network Working Group K. Zeilenga +Request for Comments: 4013 OpenLDAP Foundation +Category: Standards Track February 2005 + + + SASLprep: Stringprep Profile for User Names and Passwords + +Status of This Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2005). + +Abstract + + This document describes how to prepare Unicode strings representing + user names and passwords for comparison. The document defines the + "SASLprep" profile of the "stringprep" algorithm to be used for both + user names and passwords. This profile is intended to be used by + Simple Authentication and Security Layer (SASL) mechanisms (such as + PLAIN, CRAM-MD5, and DIGEST-MD5), as well as other protocols + exchanging simple user names and/or passwords. + +1. Introduction + + The use of simple user names and passwords in authentication and + authorization is pervasive on the Internet. To increase the + likelihood that user name and password input and comparison work in + ways that make sense for typical users throughout the world, this + document defines rules for preparing internationalized user names and + passwords for comparison. For simplicity and implementation ease, a + single algorithm is defined for both user names and passwords. + + The algorithm assumes all strings are comprised of characters from + the Unicode [Unicode] character set. + + This document defines the "SASLprep" profile of the "stringprep" + algorithm [StringPrep]. + + The profile is designed for use in Simple Authentication and Security + Layer ([SASL]) mechanisms, such as [PLAIN], [CRAM-MD5], and + [DIGEST-MD5]. It may be applicable where simple user names and + + + +Zeilenga Standards Track [Page 1] + +RFC 4013 SASLprep February 2005 + + + passwords are used. This profile is not intended for use in + preparing identity strings that are not simple user names (e.g., + email addresses, domain names, distinguished names), or where + identity or password strings that are not character data, or require + different handling (e.g., case folding). + + This document does not alter the technical specification of any + existing protocols. Any specification that wishes to use the + algorithm described in this document needs to explicitly incorporate + this document and provide precise details as to where and how this + algorithm is used by implementations of that specification. + +2. The SASLprep Profile + + This section defines the "SASLprep" profile of the "stringprep" + algorithm [StringPrep]. This profile is intended for use in + preparing strings representing simple user names and passwords. + + This profile uses Unicode 3.2 [Unicode]. + + Character names in this document use the notation for code points and + names from the Unicode Standard [Unicode]. For example, the letter + "a" may be represented as either or . + In the lists of mappings and the prohibited characters, the "U+" is + left off to make the lists easier to read. The comments for + character ranges are shown in square brackets (such as "[CONTROL + CHARACTERS]") and do not come from the standard. + + Note: A glossary of terms used in Unicode can be found in [Glossary]. + Information on the Unicode character encoding model can be found in + [CharModel]. + +2.1. Mapping + + This profile specifies: + + - non-ASCII space characters [StringPrep, C.1.2] that can be + mapped to SPACE (U+0020), and + + - the "commonly mapped to nothing" characters [StringPrep, B.1] + that can be mapped to nothing. + +2.2. Normalization + + This profile specifies using Unicode normalization form KC, as + described in Section 4 of [StringPrep]. + + + + + +Zeilenga Standards Track [Page 2] + +RFC 4013 SASLprep February 2005 + + +2.3. Prohibited Output + + This profile specifies the following characters as prohibited input: + + - Non-ASCII space characters [StringPrep, C.1.2] + - ASCII control characters [StringPrep, C.2.1] + - Non-ASCII control characters [StringPrep, C.2.2] + - Private Use characters [StringPrep, C.3] + - Non-character code points [StringPrep, C.4] + - Surrogate code points [StringPrep, C.5] + - Inappropriate for plain text characters [StringPrep, C.6] + - Inappropriate for canonical representation characters + [StringPrep, C.7] + - Change display properties or deprecated characters + [StringPrep, C.8] + - Tagging characters [StringPrep, C.9] + +2.4. Bidirectional Characters + + This profile specifies checking bidirectional strings as described in + [StringPrep, Section 6]. + +2.5. Unassigned Code Points + + This profile specifies the [StringPrep, A.1] table as its list of + unassigned code points. + +3. Examples + + The following table provides examples of how various character data + is transformed by the SASLprep string preparation algorithm + + # Input Output Comments + - ----- ------ -------- + 1 IX IX SOFT HYPHEN mapped to nothing + 2 user user no transformation + 3 USER USER case preserved, will not match #2 + 4 a output is NFKC, input in ISO 8859-1 + 5 IX output is NFKC, will match #1 + 6 Error - prohibited character + 7 Error - bidirectional check + +4. Security Considerations + + This profile is intended to prepare simple user name and password + strings for comparison or use in cryptographic functions (e.g., + message digests). The preparation algorithm was specifically + designed such that its output is canonical, and it is well-formed. + + + +Zeilenga Standards Track [Page 3] + +RFC 4013 SASLprep February 2005 + + + However, due to an anomaly [PR29] in the specification of Unicode + normalization, canonical equivalence is not guaranteed for a select + few character sequences. These sequences, however, do not appear in + well-formed text. This specification was published despite this + known technical problem. It is expected that this specification will + be revised before further progression on the Standards Track (after + [Unicode] and/or [StringPrep] specifications have been updated to + address this problem). + + It is not intended for preparing identity strings that are not simple + user names (e.g., distinguished names, domain names), nor is the + profile intended for use of simple user names that require different + handling (such as case folding). Protocols (or applications of those + protocols) that have application-specific identity forms and/or + comparison algorithms should use mechanisms specifically designed for + these forms and algorithms. + + Application of string preparation may have an impact upon the + feasibility of brute force and dictionary attacks. While the number + of possible prepared strings is less than the number of possible + Unicode strings, the number of usable names and passwords is greater + than as if only ASCII was used. Though SASLprep eliminates some + Unicode code point sequences as possible prepared strings, that + elimination generally makes the (canonical) output forms practicable + and prohibits nonsensical inputs. + + User names and passwords should be protected from eavesdropping. + + General "stringprep" and Unicode security considerations apply. Both + are discussed in [StringPrep]. + +5. IANA Considerations + + This document details the "SASLprep" profile of the [StringPrep] + protocol. This profile has been registered in the stringprep profile + registry. + + Name of this profile: SASLprep + RFC in which the profile is defined: RFC 4013 + Indicator whether or not this is the newest version of the + profile: This is the first version of the SASPprep profile. + +6. Acknowledgement + + This document borrows text from "Preparation of Internationalized + Strings ('stringprep')" and "Nameprep: A Stringprep Profile for + Internationalized Domain Names", both by Paul Hoffman and Marc + Blanchet. This document is a product of the IETF SASL WG. + + + +Zeilenga Standards Track [Page 4] + +RFC 4013 SASLprep February 2005 + + +7. Normative References + + [StringPrep] Hoffman, P. and M. Blanchet, "Preparation of + Internationalized Strings ("stringprep")", RFC 3454, + December 2002. + + [Unicode] The Unicode Consortium, "The Unicode Standard, Version + 3.2.0" is defined by "The Unicode Standard, Version + 3.0" (Reading, MA, Addison-Wesley, 2000. ISBN 0-201- + 61633-5), as amended by the "Unicode Standard Annex + #27: Unicode 3.1" + (http://www.unicode.org/reports/tr27/) and by the + "Unicode Standard Annex #28: Unicode 3.2" + (http://www.unicode.org/reports/tr28/). + +8. Informative References + + [Glossary] The Unicode Consortium, "Unicode Glossary", + . + + [CharModel] Whistler, K. and M. Davis, "Unicode Technical Report + #17, Character Encoding Model", UTR17, + , August + 2000. + + [SASL] Melnikov, A., Ed., "Simple Authentication and Security + Layer (SASL)", Work in Progress. + + [CRAM-MD5] Nerenberg, L., "The CRAM-MD5 SASL Mechanism", Work in + Progress. + + [DIGEST-MD5] Leach, P., Newman, C., and A. Melnikov, "Using Digest + Authentication as a SASL Mechanism", Work in Progress. + + [PLAIN] Zeilenga, K., Ed., "The Plain SASL Mechanism", Work in + Progress. + + [PR29] "Public Review Issue #29: Normalization Issue", + , February + 2004. + +Author's Address + + Kurt D. Zeilenga + OpenLDAP Foundation + + EMail: Kurt@OpenLDAP.org + + + + +Zeilenga Standards Track [Page 5] + +RFC 4013 SASLprep February 2005 + + +Full Copyright Statement + + Copyright (C) The Internet Society (2005). + + This document is subject to the rights, licenses and restrictions + contained in BCP 78, and except as set forth therein, the authors + retain all their rights. + + This document and the information contained herein are provided on an + "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS + OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET + ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE + INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED + WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Intellectual Property + + The IETF takes no position regarding the validity or scope of any + Intellectual Property Rights or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; nor does it represent that it has + made any independent effort to identify any such rights. Information + on the IETF's procedures with respect to rights in IETF Documents can + be found in BCP 78 and BCP 79. + + Copies of IPR disclosures made to the IETF Secretariat and any + assurances of licenses to be made available, or the result of an + attempt made to obtain a general license or permission for the use of + such proprietary rights by implementers or users of this + specification can be obtained from the IETF on-line IPR repository at + http://www.ietf.org/ipr. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights that may cover technology that may be required to implement + this standard. Please address the information to the IETF at ietf- + ipr@ietf.org. + + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + +Zeilenga Standards Track [Page 6] + diff --git a/source4/heimdal/lib/wind/rfc4518.py b/source4/heimdal/lib/wind/rfc4518.py new file mode 100644 index 0000000000..b3946f5aa6 --- /dev/null +++ b/source4/heimdal/lib/wind/rfc4518.py @@ -0,0 +1,150 @@ +#!/usr/local/bin/python +# -*- coding: iso-8859-1 -*- + +# $Id: rfc4518.py 22551 2008-02-01 16:22:22Z lha $ + +# Copyright (c) 2004, 2008 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import re +import string + +def read(): + """return a dict of tables from rfc4518""" + + ret = {} + +#2.2. Map +# +# SOFT HYPHEN (U+00AD) and MONGOLIAN TODO SOFT HYPHEN (U+1806) code +# points are mapped to nothing. COMBINING GRAPHEME JOINER (U+034F) and +# VARIATION SELECTORs (U+180B-180D, FF00-FE0F) code points are also +# mapped to nothing. The OBJECT REPLACEMENT CHARACTER (U+FFFC) is +# mapped to nothing. + + t = [] + t.append(" 00AD; ; Map to nothing") + t.append(" 1806; ; Map to nothing") + t.append(" 034F; ; Map to nothing") + + t.append(" 180B; ; Map to nothing") + t.append(" 180C; ; Map to nothing") + t.append(" 180D; ; Map to nothing") + + t.append(" FE00; ; Map to nothing") + t.append(" FE01; ; Map to nothing") + t.append(" FE02; ; Map to nothing") + t.append(" FE03; ; Map to nothing") + t.append(" FE04; ; Map to nothing") + t.append(" FE05; ; Map to nothing") + t.append(" FE06; ; Map to nothing") + t.append(" FE07; ; Map to nothing") + t.append(" FE08; ; Map to nothing") + t.append(" FE09; ; Map to nothing") + t.append(" FE0A; ; Map to nothing") + t.append(" FE0B; ; Map to nothing") + t.append(" FE0C; ; Map to nothing") + t.append(" FE0D; ; Map to nothing") + t.append(" FE0E; ; Map to nothing") + t.append(" FE0F; ; Map to nothing") + + t.append(" FFFC; ; Map to nothing") + +# CHARACTER TABULATION (U+0009), LINE FEED (LF) (U+000A), LINE +# TABULATION (U+000B), FORM FEED (FF) (U+000C), CARRIAGE RETURN (CR) +# (U+000D), and NEXT LINE (NEL) (U+0085) are mapped to SPACE (U+0020). + + t.append(" 0009; 0020 ; Map to SPACE") + t.append(" 000A; 0020 ; Map to SPACE") + t.append(" 000B; 0020 ; Map to SPACE") + t.append(" 000C; 0020 ; Map to SPACE") + t.append(" 000D; 0020 ; Map to SPACE") + t.append(" 0085; 0020 ; Map to SPACE") + +# All other control code (e.g., Cc) points or code points with a +# control function (e.g., Cf) are mapped to nothing. The following is +# a complete list of these code points: U+0000-0008, 000E-001F, 007F- +# 0084, 0086-009F, 06DD, 070F, 180E, 200C-200F, 202A-202E, 2060-2063, +# 206A-206F, FEFF, FFF9-FFFB, 1D173-1D17A, E0001, E0020-E007F. + + t.append(" 0000-0008; ; Map to nothing") + t.append(" 000E-001F; ; Map to nothing") + t.append(" 007F-0084; ; Map to nothing") + t.append(" 0086-009F; ; Map to nothing") + t.append(" 06DD; ; Map to nothing") + t.append(" 070F; ; Map to nothing") + t.append(" 180E; ; Map to nothing") + t.append(" 200C-200F; ; Map to nothing") + t.append(" 202A-202E; ; Map to nothing") + t.append(" 2060-2063; ; Map to nothing") + t.append(" 206A-206F; ; Map to nothing") + t.append(" FEFF; ; Map to nothing") + t.append(" FFF9-FFFB; ; Map to nothing") + t.append(" 1D173-1D17A; ; Map to nothing") + t.append(" E0001; ; Map to nothing") + t.append(" E0020-E007F; ; Map to nothing") + +# ZERO WIDTH SPACE (U+200B) is mapped to nothing. All other code +# points with Separator (space, line, or paragraph) property (e.g., Zs, +# Zl, or Zp) are mapped to SPACE (U+0020). The following is a complete +# list of these code points: U+0020, 00A0, 1680, 2000-200A, 2028-2029, +# 202F, 205F, 3000. + + t.append(" 200B; ; Map to nothing") + t.append(" 0020; 0020; Map to SPACE") + t.append(" 00A0; 0020; Map to SPACE") + t.append(" 1680; 0020; Map to SPACE") + t.append(" 2000-200A; 0020; Map to SPACE") + t.append(" 2028-2029; 0020; Map to SPACE") + t.append(" 202F; 0020; Map to SPACE") + t.append(" 205F; 0020; Map to SPACE") + t.append(" 3000; 0020; Map to SPACE") + + ret["rfc4518-map"] = t + +# For case ignore, numeric, and stored prefix string matching rules, +# characters are case folded per B.2 of [RFC3454]. + + t = [] + +#2.4. Prohibit + +# The REPLACEMENT CHARACTER (U+FFFD) code point is prohibited. + + t.append(" FFFD;") + + ret["rfc4518-error"] = t + + t = [] + + + + return ret diff --git a/source4/heimdal/lib/wind/rfc4518.txt b/source4/heimdal/lib/wind/rfc4518.txt new file mode 100644 index 0000000000..f886bdfb5d --- /dev/null +++ b/source4/heimdal/lib/wind/rfc4518.txt @@ -0,0 +1,787 @@ + + + + + + +Network Working Group K. Zeilenga +Request for Comments: 4518 OpenLDAP Foundation +Category: Standards Track June 2006 + + + Lightweight Directory Access Protocol (LDAP): + Internationalized String Preparation + +Status of This Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2006). + +Abstract + + The previous Lightweight Directory Access Protocol (LDAP) technical + specifications did not precisely define how character string matching + is to be performed. This led to a number of usability and + interoperability problems. This document defines string preparation + algorithms for character-based matching rules defined for use in + LDAP. + +1. Introduction + +1.1. Background + + A Lightweight Directory Access Protocol (LDAP) [RFC4510] matching + rule [RFC4517] defines an algorithm for determining whether a + presented value matches an attribute value in accordance with the + criteria defined for the rule. The proposition may be evaluated to + True, False, or Undefined. + + True - the attribute contains a matching value, + + False - the attribute contains no matching value, + + Undefined - it cannot be determined whether the attribute contains + a matching value. + + + + + + +Zeilenga Standards Track [Page 1] + +RFC 4518 LDAP: Internationalized String Preparation June 2006 + + + For instance, the caseIgnoreMatch matching rule may be used to + compare whether the commonName attribute contains a particular value + without regard for case and insignificant spaces. + +1.2. X.500 String Matching Rules + + "X.520: Selected attribute types" [X.520] provides (among other + things) value syntaxes and matching rules for comparing values + commonly used in the directory [X.500]. These specifications are + inadequate for strings composed of Unicode [Unicode] characters. + + The caseIgnoreMatch matching rule [X.520], for example, is simply + defined as being a case-insensitive comparison where insignificant + spaces are ignored. For printableString, there is only one space + character and case mapping is bijective, hence this definition is + sufficient. However, for Unicode string types such as + universalString, this is not sufficient. For example, a case- + insensitive matching implementation that folded lowercase characters + to uppercase would yield different results than an implementation + that used uppercase to lowercase folding. Or one implementation may + view space as referring to only SPACE (U+0020), a second + implementation may view any character with the space separator (Zs) + property as a space, and another implementation may view any + character with the whitespace (WS) category as a space. + + The lack of precise specification for character string matching has + led to significant interoperability problems. When used in + certificate chain validation, security vulnerabilities can arise. To + address these problems, this document defines precise algorithms for + preparing character strings for matching. + +1.3. Relationship to "stringprep" + + The character string preparation algorithms described in this + document are based upon the "stringprep" approach [RFC3454]. In + "stringprep", presented and stored values are first prepared for + comparison so that a character-by-character comparison yields the + "correct" result. + + The approach used here is a refinement of the "stringprep" [RFC3454] + approach. Each algorithm involves two additional preparation steps. + + a) Prior to applying the Unicode string preparation steps outlined in + "stringprep", the string is transcoded to Unicode. + + b) After applying the Unicode string preparation steps outlined in + "stringprep", the string is modified to appropriately handle + characters insignificant to the matching rule. + + + +Zeilenga Standards Track [Page 2] + +RFC 4518 LDAP: Internationalized String Preparation June 2006 + + + Hence, preparation of character strings for X.500 [X.500] matching + [X.501] involves the following steps: + + 1) Transcode + 2) Map + 3) Normalize + 4) Prohibit + 5) Check Bidi (Bidirectional) + 6) Insignificant Character Handling + + These steps are described in Section 2. + + It is noted that while various tables of Unicode characters included + or referenced by this specification are derived from Unicode + [Unicode] data, these tables are to be considered definitive for the + purpose of implementing this specification. + +1.4. Relationship to the LDAP Technical Specification + + This document is an integral part of the LDAP technical specification + [RFC4510], which obsoletes the previously defined LDAP technical + specification [RFC3377] in its entirety. + + This document details new LDAP internationalized character string + preparation algorithms used by [RFC4517] and possible other technical + specifications defining LDAP syntaxes and/or matching rules. + +1.5. Relationship to X.500 + + LDAP is defined [RFC4510] in X.500 terms as an X.500 access + mechanism. As such, there is a strong desire for alignment between + LDAP and X.500 syntax and semantics. The character string + preparation algorithms described in this document are based upon + "Internationalized String Matching Rules for X.500" [XMATCH] proposal + to ITU/ISO Joint Study Group 2. + +1.6. Conventions and Terms + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in BCP 14 [RFC2119]. + + Character names in this document use the notation for code points and + names from the Unicode Standard [Unicode]. For example, the letter + "a" may be represented as either or . + In the lists of mappings and the prohibited characters, the "U+" is + + + + + +Zeilenga Standards Track [Page 3] + +RFC 4518 LDAP: Internationalized String Preparation June 2006 + + + left off to make the lists easier to read. The comments for + character ranges are shown in square brackets (such as "[CONTROL + CHARACTERS]") and do not come from the standard. + + Note: a glossary of terms used in Unicode can be found in [Glossary]. + Information on the Unicode character encoding model can be found in + [CharModel]. + + The term "combining mark", as used in this specification, refers to + any Unicode [Unicode] code point that has a mark property (Mn, Mc, + Me). Appendix A provides a definitive list of combining marks. + +2. String Preparation + + The following six-step process SHALL be applied to each presented and + attribute value in preparation for character string matching rule + evaluation. + + 1) Transcode + 2) Map + 3) Normalize + 4) Prohibit + 5) Check bidi + 6) Insignificant Character Handling + + Failure in any step causes the assertion to evaluate to Undefined. + + The character repertoire of this process is Unicode 3.2 [Unicode]. + + Note that this six-step process specification is intended to describe + expected matching behavior. Implementations are free to use + alternative processes so long as the matching rule evaluation + behavior provided is consistent with the behavior described by this + specification. + +2.1. Transcode + + Each non-Unicode string value is transcoded to Unicode. + + PrintableString [X.680] values are transcoded directly to Unicode. + + UniversalString, UTF8String, and bmpString [X.680] values need not be + transcoded as they are Unicode-based strings (in the case of + bmpString, a subset of Unicode). + + TeletexString [X.680] values are transcoded to Unicode. As there is + no standard for mapping TeletexString values to Unicode, the mapping + is left a local matter. + + + +Zeilenga Standards Track [Page 4] + +RFC 4518 LDAP: Internationalized String Preparation June 2006 + + + For these and other reasons, use of TeletexString is NOT RECOMMENDED. + + The output is the transcoded string. + +2.2. Map + + SOFT HYPHEN (U+00AD) and MONGOLIAN TODO SOFT HYPHEN (U+1806) code + points are mapped to nothing. COMBINING GRAPHEME JOINER (U+034F) and + VARIATION SELECTORs (U+180B-180D, FF00-FE0F) code points are also + mapped to nothing. The OBJECT REPLACEMENT CHARACTER (U+FFFC) is + mapped to nothing. + + CHARACTER TABULATION (U+0009), LINE FEED (LF) (U+000A), LINE + TABULATION (U+000B), FORM FEED (FF) (U+000C), CARRIAGE RETURN (CR) + (U+000D), and NEXT LINE (NEL) (U+0085) are mapped to SPACE (U+0020). + + All other control code (e.g., Cc) points or code points with a + control function (e.g., Cf) are mapped to nothing. The following is + a complete list of these code points: U+0000-0008, 000E-001F, 007F- + 0084, 0086-009F, 06DD, 070F, 180E, 200C-200F, 202A-202E, 2060-2063, + 206A-206F, FEFF, FFF9-FFFB, 1D173-1D17A, E0001, E0020-E007F. + + ZERO WIDTH SPACE (U+200B) is mapped to nothing. All other code + points with Separator (space, line, or paragraph) property (e.g., Zs, + Zl, or Zp) are mapped to SPACE (U+0020). The following is a complete + list of these code points: U+0020, 00A0, 1680, 2000-200A, 2028-2029, + 202F, 205F, 3000. + + For case ignore, numeric, and stored prefix string matching rules, + characters are case folded per B.2 of [RFC3454]. + + The output is the mapped string. + +2.3. Normalize + + The input string is to be normalized to Unicode Form KC + (compatibility composed) as described in [UAX15]. The output is the + normalized string. + +2.4. Prohibit + + All Unassigned code points are prohibited. Unassigned code points + are listed in Table A.1 of [RFC3454]. + + Characters that, per Section 5.8 of [RFC3454], change display + properties or are deprecated are prohibited. These characters are + listed in Table C.8 of [RFC3454]. + + + + +Zeilenga Standards Track [Page 5] + +RFC 4518 LDAP: Internationalized String Preparation June 2006 + + + Private Use code points are prohibited. These characters are listed + in Table C.3 of [RFC3454]. + + All non-character code points are prohibited. These code points are + listed in Table C.4 of [RFC3454]. + + Surrogate codes are prohibited. These characters are listed in Table + C.5 of [RFC3454]. + + The REPLACEMENT CHARACTER (U+FFFD) code point is prohibited. + + The step fails if the input string contains any prohibited code + point. Otherwise, the output is the input string. + +2.5. Check bidi + + Bidirectional characters are ignored. + +2.6. Insignificant Character Handling + + In this step, the string is modified to ensure proper handling of + characters insignificant to the matching rule. This modification + differs from matching rule to matching rule. + + Section 2.6.1 applies to case ignore and exact string matching. + Section 2.6.2 applies to numericString matching. + Section 2.6.3 applies to telephoneNumber matching. + +2.6.1. Insignificant Space Handling + + For the purposes of this section, a space is defined to be the SPACE + (U+0020) code point followed by no combining marks. + + NOTE - The previous steps ensure that the string cannot contain + any code points in the separator class, other than SPACE + (U+0020). + + For input strings that are attribute values or non-substring + assertion values: If the input string contains no non-space + character, then the output is exactly two SPACEs. Otherwise (the + input string contains at least one non-space character), the string + is modified such that the string starts with exactly one space + character, ends with exactly one SPACE character, and any inner + (non-empty) sequence of space characters is replaced with exactly two + SPACE characters. For instance, the input strings + "foobar", result in the output + "foobar". + + + + +Zeilenga Standards Track [Page 6] + +RFC 4518 LDAP: Internationalized String Preparation June 2006 + + + For input strings that are substring assertion values: If the string + being prepared contains no non-space characters, then the output + string is exactly one SPACE. Otherwise, the following steps are + taken: + + - If the input string is an initial substring, it is modified to + start with exactly one SPACE character; + + - If the input string is an initial or an any substring that ends in + one or more space characters, it is modified to end with exactly + one SPACE character; + + - If the input string is an any or a final substring that starts in + one or more space characters, it is modified to start with exactly + one SPACE character; and + + - If the input string is a final substring, it is modified to end + with exactly one SPACE character. + + For instance, for the input string "foobar" as + an initial substring, the output would be + "foobar". As an any or final substring, + the same input would result in "foobar". + + Appendix B discusses the rationale for the behavior. + +2.6.2. numericString Insignificant Character Handling + + For the purposes of this section, a space is defined to be the SPACE + (U+0020) code point followed by no combining marks. + + All spaces are regarded as insignificant and are to be removed. + + For example, removal of spaces from the Form KC string: + "123456" + would result in the output string: + "123456" + and the Form KC string: + "" + would result in the output string: + "" (an empty string). + +2.6.3. telephoneNumber Insignificant Character Handling + + For the purposes of this section, a hyphen is defined to be a + HYPHEN-MINUS (U+002D), ARMENIAN HYPHEN (U+058A), HYPHEN (U+2010), + NON-BREAKING HYPHEN (U+2011), MINUS SIGN (U+2212), SMALL HYPHEN-MINUS + (U+FE63), or FULLWIDTH HYPHEN-MINUS (U+FF0D) code point followed by + + + +Zeilenga Standards Track [Page 7] + +RFC 4518 LDAP: Internationalized String Preparation June 2006 + + + no combining marks and a space is defined to be the SPACE (U+0020) + code point followed by no combining marks. + + All hyphens and spaces are considered insignificant and are to be + removed. + + For example, removal of hyphens and spaces from the Form KC string: + "123456" + would result in the output string: + "123456" + and the Form KC string: + "" + would result in the (empty) output string: + "". + +3. Security Considerations + + "Preparation of Internationalized Strings ("stringprep")" [RFC3454] + security considerations generally apply to the algorithms described + here. + +4. Acknowledgements + + The approach used in this document is based upon design principles + and algorithms described in "Preparation of Internationalized Strings + ('stringprep')" [RFC3454] by Paul Hoffman and Marc Blanchet. Some + additional guidance was drawn from Unicode Technical Standards, + Technical Reports, and Notes. + + This document is a product of the IETF LDAP Revision (LDAPBIS) + Working Group. + +5. References + +5.1. Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [RFC3454] Hoffman, P. and M. Blanchet, "Preparation of + Internationalized Strings ("stringprep")", RFC 3454, + December 2002. + + [RFC4510] Zeilenga, K., "Lightweight Directory Access Protocol + (LDAP): Technical Specification Road Map", RFC 4510, + June 2006. + + + + + +Zeilenga Standards Track [Page 8] + +RFC 4518 LDAP: Internationalized String Preparation June 2006 + + + [RFC4517] Legg, S., Ed., "Lightweight Directory Access Protocol + (LDAP): Syntaxes and Matching Rules", RFC 4517, June + 2006. + + [Unicode] The Unicode Consortium, "The Unicode Standard, Version + 3.2.0" is defined by "The Unicode Standard, Version + 3.0" (Reading, MA, Addison-Wesley, 2000. ISBN 0-201- + 61633-5), as amended by the "Unicode Standard Annex + #27: Unicode 3.1" + (http://www.unicode.org/reports/tr27/) and by the + "Unicode Standard Annex #28: Unicode 3.2" + (http://www.unicode.org/reports/tr28/). + + [UAX15] Davis, M. and M. Duerst, "Unicode Standard Annex #15: + Unicode Normalization Forms, Version 3.2.0". + , March 2002. + + [X.680] International Telecommunication Union - + Telecommunication Standardization Sector, "Abstract + Syntax Notation One (ASN.1) - Specification of Basic + Notation", X.680(2002) (also ISO/IEC 8824-1:2002). + +5.2. Informative References + + [X.500] International Telecommunication Union - + Telecommunication Standardization Sector, "The + Directory -- Overview of concepts, models and + services," X.500(1993) (also ISO/IEC 9594-1:1994). + + [X.501] International Telecommunication Union - + Telecommunication Standardization Sector, "The + Directory -- Models," X.501(1993) (also ISO/IEC 9594- + 2:1994). + + [X.520] International Telecommunication Union - + Telecommunication Standardization Sector, "The + Directory: Selected Attribute Types", X.520(1993) (also + ISO/IEC 9594-6:1994). + + [Glossary] The Unicode Consortium, "Unicode Glossary", + . + + [CharModel] Whistler, K. and M. Davis, "Unicode Technical Report + #17, Character Encoding Model", UTR17, + , August + 2000. + + + + +Zeilenga Standards Track [Page 9] + +RFC 4518 LDAP: Internationalized String Preparation June 2006 + + + [RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access + Protocol (v3): Technical Specification", RFC 3377, + September 2002. + + [RFC4515] Smith, M., Ed. and T. Howes, "Lightweight Directory + Access Protocol (LDAP): String Representation of Search + Filters", RFC 4515, June 2006. + + [XMATCH] Zeilenga, K., "Internationalized String Matching Rules + for X.500", Work in Progress. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Zeilenga Standards Track [Page 10] + +RFC 4518 LDAP: Internationalized String Preparation June 2006 + + +Appendix A. Combining Marks + + This appendix is normative. + + This table was derived from Unicode [Unicode] data files; it lists + all code points with the Mn, Mc, or Me properties. This table is to + be considered definitive for the purposes of implementation of this + specification. + + 0300-034F 0360-036F 0483-0486 0488-0489 0591-05A1 + 05A3-05B9 05BB-05BC 05BF 05C1-05C2 05C4 064B-0655 0670 + 06D6-06DC 06DE-06E4 06E7-06E8 06EA-06ED 0711 0730-074A + 07A6-07B0 0901-0903 093C 093E-094F 0951-0954 0962-0963 + 0981-0983 09BC 09BE-09C4 09C7-09C8 09CB-09CD 09D7 + 09E2-09E3 0A02 0A3C 0A3E-0A42 0A47-0A48 0A4B-0A4D + 0A70-0A71 0A81-0A83 0ABC 0ABE-0AC5 0AC7-0AC9 0ACB-0ACD + 0B01-0B03 0B3C 0B3E-0B43 0B47-0B48 0B4B-0B4D 0B56-0B57 + 0B82 0BBE-0BC2 0BC6-0BC8 0BCA-0BCD 0BD7 0C01-0C03 + 0C3E-0C44 0C46-0C48 0C4A-0C4D 0C55-0C56 0C82-0C83 + 0CBE-0CC4 0CC6-0CC8 0CCA-0CCD 0CD5-0CD6 0D02-0D03 + 0D3E-0D43 0D46-0D48 0D4A-0D4D 0D57 0D82-0D83 0DCA + 0DCF-0DD4 0DD6 0DD8-0DDF 0DF2-0DF3 0E31 0E34-0E3A + 0E47-0E4E 0EB1 0EB4-0EB9 0EBB-0EBC 0EC8-0ECD 0F18-0F19 + 0F35 0F37 0F39 0F3E-0F3F 0F71-0F84 0F86-0F87 0F90-0F97 + 0F99-0FBC 0FC6 102C-1032 1036-1039 1056-1059 1712-1714 + 1732-1734 1752-1753 1772-1773 17B4-17D3 180B-180D 18A9 + 20D0-20EA 302A-302F 3099-309A FB1E FE00-FE0F FE20-FE23 + 1D165-1D169 1D16D-1D172 1D17B-1D182 1D185-1D18B + 1D1AA-1D1AD + +Appendix B. Substrings Matching + + This appendix is non-normative. + + In the absence of substrings matching, the insignificant space + handling for case ignore/exact matching could be simplified. + Specifically, the handling could be to require that all sequences of + one or more spaces be replaced with one space and, if the string + contains non-space characters, removal of all leading spaces and + trailing spaces. + + In the presence of substrings matching, this simplified space + handling would lead to unexpected and undesirable matching behavior. + For instance: + + 1) (CN=foo\20*\20bar) would match the CN value "foobar"; + + + + + +Zeilenga Standards Track [Page 11] + +RFC 4518 LDAP: Internationalized String Preparation June 2006 + + + 2) (CN=*\20foobar\20*) would match "foobar", but + (CN=*\20*foobar*\20*) would not. + + Note to readers not familiar with LDAP substrings matching: the LDAP + filter [RFC4515] assertion (CN=A*B*C) says to "match any value (of + the attribute CN) that begins with A, contains B after A, ends with C + where C is also after B." + + The first case illustrates that this simplified space handling would + cause leading and trailing spaces in substrings of the string to be + regarded as insignificant. However, only leading and trailing (as + well as multiple consecutive spaces) of the string (as a whole) are + insignificant. + + The second case illustrates that this simplified space handling would + cause sub-partitioning failures. That is, if a prepared any + substring matches a partition of the attribute value, then an + assertion constructed by subdividing that substring into multiple + substrings should also match. + + In designing an appropriate approach for space handling for + substrings matching, one must study key aspects of X.500 case + exact/ignore matching. X.520 [X.520] says: + + The [substrings] rule returns TRUE if there is a partitioning of + the attribute value (into portions) such that: + + - the specified substrings (initial, any, final) match + different portions of the value in the order of the strings + sequence; + + - initial, if present, matches the first portion of the value; + + - final, if present, matches the last portion of the value; + + - any, if present, matches some arbitrary portion of the + value. + + That is, the substrings assertion (CN=foo\20*\20bar) matches the + attribute value "foobar" as the value can be + partitioned into the portions "foo" and "bar" meeting + the above requirements. + + + + + + + + + +Zeilenga Standards Track [Page 12] + +RFC 4518 LDAP: Internationalized String Preparation June 2006 + + + X.520 also says: + + [T]he following spaces are regarded as not significant: + + - leading spaces (i.e., those preceding the first character + that is not a space); + + - trailing spaces (i.e., those following the last character + that is not a space); + + - multiple consecutive spaces (these are taken as equivalent + to a single space character). + + This statement applies to the assertion values and attribute values + as whole strings, and not individually to substrings of an assertion + value. In particular, the statements should be taken to mean that if + an assertion value and attribute value match without any + consideration to insignificant characters, then that assertion value + should also match any attribute value that differs only by inclusion + nor removal of insignificant characters. + + Hence the assertion (CN=foo\20*\20bar) matches + "foobar" and "foobar" as these values + only differ from "foobar" by the inclusion or removal + of insignificant spaces. + + Astute readers of this text will also note that there are special + cases where the specified space handling does not ignore spaces that + could be considered insignificant. For instance, the assertion + (CN=\20*\20*\20) does not match "" + (insignificant spaces present in value) or " " (insignificant spaces + not present in value). However, as these cases have no practical + application that cannot be met by simple assertions, e.g., (cn=\20), + and this minor anomaly can only be fully addressed by a preparation + algorithm to be used in conjunction with character-by-character + partitioning and matching, the anomaly is considered acceptable. + +Author's Address + + Kurt D. Zeilenga + OpenLDAP Foundation + + EMail: Kurt@OpenLDAP.org + + + + + + + + +Zeilenga Standards Track [Page 13] + +RFC 4518 LDAP: Internationalized String Preparation June 2006 + + +Full Copyright Statement + + Copyright (C) The Internet Society (2006). + + This document is subject to the rights, licenses and restrictions + contained in BCP 78, and except as set forth therein, the authors + retain all their rights. + + This document and the information contained herein are provided on an + "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS + OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET + ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE + INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED + WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Intellectual Property + + The IETF takes no position regarding the validity or scope of any + Intellectual Property Rights or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; nor does it represent that it has + made any independent effort to identify any such rights. Information + on the procedures with respect to rights in RFC documents can be + found in BCP 78 and BCP 79. + + Copies of IPR disclosures made to the IETF Secretariat and any + assurances of licenses to be made available, or the result of an + attempt made to obtain a general license or permission for the use of + such proprietary rights by implementers or users of this + specification can be obtained from the IETF on-line IPR repository at + http://www.ietf.org/ipr. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights that may cover technology that may be required to implement + this standard. Please address the information to the IETF at + ietf-ipr@ietf.org. + +Acknowledgement + + Funding for the RFC Editor function is provided by the IETF + Administrative Support Activity (IASA). + + + + + + + +Zeilenga Standards Track [Page 14] + diff --git a/source4/heimdal/lib/wind/stringprep.py b/source4/heimdal/lib/wind/stringprep.py new file mode 100644 index 0000000000..d897691a0f --- /dev/null +++ b/source4/heimdal/lib/wind/stringprep.py @@ -0,0 +1,90 @@ +#!/usr/local/bin/python +# -*- coding: iso-8859-1 -*- + +# $Id: stringprep.py 22551 2008-02-01 16:22:22Z lha $ + +# Copyright (c) 2008 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import re +import string + +def _merge_table(res, source): + for table in source.keys(): + res[table] = res.get(table, []) + source.get(table, []) + +name_error = ['C.1.2', 'C.2.2', 'C.3', 'C.4', 'C.5', 'C.6', 'C.7', 'C.8', 'C.9'] +ldap_error = ['A.1', 'C.3', 'C.4', 'C.5', 'C.8', 'rfc4518-error' ] +sasl_error = ['C.1.2', 'C.2.1', 'C.2.2', 'C.3', 'C.4', 'C.5', 'C.6', 'C.7', 'C.8', 'C.9'] + +name_map = ['B.1', 'B.2'] +ldap_map = ['rfc4518-map', 'B.2'] +sasl_map = ['C.1.2', 'B.1'] + +def symbols(tabledict, tables): + """return CPP symbols to use for this symbols""" + list = [] + for x in tables: + list = list + tabledict.get(x, []) + if len(list) == 0: + return "" + return "|".join(map(lambda x: "WIND_PROFILE_%s" % (string.upper(x)), list)) + +def get_errorlist(): + d = dict() + _merge_table(d, dict(map(lambda x: [x, ['name']], name_error))) + _merge_table(d, dict(map(lambda x: [x, ['ldap']], ldap_error))) + _merge_table(d, dict(map(lambda x: [x, ['sasl']], sasl_error))) + return d + +def get_maplist(): + d = dict() + _merge_table(d, dict(map(lambda x: [x, ['name']], name_map))) + _merge_table(d, dict(map(lambda x: [x, ['ldap']], ldap_map))) + _merge_table(d, dict(map(lambda x: [x, ['sasl']], sasl_map))) + return d + +def sort_merge_trans(trans): + trans.sort() + ret = [] + last = 0 + for x in trans: + if last: + if last[0] == x[0]: + last = (last[0], last[1], last[2], last[3] + x[3]) + else: + ret.append(last) + last = x + else: + last = x + if last: + ret.append(last) + return ret diff --git a/source4/heimdal/lib/wind/util.py b/source4/heimdal/lib/wind/util.py new file mode 100644 index 0000000000..3aee3eaf68 --- /dev/null +++ b/source4/heimdal/lib/wind/util.py @@ -0,0 +1,48 @@ +#!/usr/local/bin/python +# -*- coding: iso-8859-1 -*- + +# $Id: util.py 22551 2008-02-01 16:22:22Z lha $ + +# Copyright (c) 2004 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +def subList(l, sl) : + """return the index of sl in l or None""" + lLen = len(l) + slLen = len(sl) + for i in range(lLen - slLen + 1): + j = 0 + while j < slLen and l[i + j] == sl[j]: + j += 1 + if j == slLen: + return i + return None + -- cgit From 9080b5d979e2af4de1022513bdaa303306b1ca9b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 26 Aug 2008 11:20:54 +0200 Subject: heimdal_build: autogenerate the heimdal private/proto headers Now it's possible to just use a plain heimdal tree in source/heimdal/ without any pregenerated files. metze (This used to be commit da333ca7113f78eeacab4f93b401f075114c7d88) --- source4/heimdal/cf/make-proto.pl | 351 ++ source4/heimdal/kdc/kdc-private.h | 287 -- source4/heimdal/kdc/kdc-protos.h | 92 - source4/heimdal/lib/asn1/der-protos.h | 567 --- source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h | 704 ---- source4/heimdal/lib/gssapi/spnego/spnego-private.h | 337 -- source4/heimdal/lib/hdb/hdb-private.h | 54 - source4/heimdal/lib/hdb/hdb-protos.h | 400 -- source4/heimdal/lib/hx509/hx509-private.h | 548 --- source4/heimdal/lib/hx509/hx509-protos.h | 1080 ----- source4/heimdal/lib/krb5/krb5-private.h | 455 --- source4/heimdal/lib/krb5/krb5-protos.h | 4169 -------------------- source4/heimdal/lib/ntlm/heimntlm-protos.h | 131 - 13 files changed, 351 insertions(+), 8824 deletions(-) create mode 100644 source4/heimdal/cf/make-proto.pl delete mode 100644 source4/heimdal/kdc/kdc-private.h delete mode 100644 source4/heimdal/kdc/kdc-protos.h delete mode 100644 source4/heimdal/lib/asn1/der-protos.h delete mode 100644 source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h delete mode 100644 source4/heimdal/lib/gssapi/spnego/spnego-private.h delete mode 100644 source4/heimdal/lib/hdb/hdb-private.h delete mode 100644 source4/heimdal/lib/hdb/hdb-protos.h delete mode 100644 source4/heimdal/lib/hx509/hx509-private.h delete mode 100644 source4/heimdal/lib/hx509/hx509-protos.h delete mode 100644 source4/heimdal/lib/krb5/krb5-private.h delete mode 100644 source4/heimdal/lib/krb5/krb5-protos.h delete mode 100644 source4/heimdal/lib/ntlm/heimntlm-protos.h (limited to 'source4/heimdal') diff --git a/source4/heimdal/cf/make-proto.pl b/source4/heimdal/cf/make-proto.pl new file mode 100644 index 0000000000..8c7b54ae78 --- /dev/null +++ b/source4/heimdal/cf/make-proto.pl @@ -0,0 +1,351 @@ +# Make prototypes from .c files +# $Id: make-proto.pl 23023 2008-04-17 10:01:46Z lha $ + +##use Getopt::Std; +require 'getopts.pl'; + +my $comment = 0; +my $if_0 = 0; +my $brace = 0; +my $line = ""; +my $debug = 0; +my $oproto = 1; +my $private_func_re = "^_"; + +do Getopts('x:m:o:p:dqE:R:P:') || die "foo"; + +if($opt_d) { + $debug = 1; +} + +if($opt_q) { + $oproto = 0; +} + +if($opt_R) { + $private_func_re = $opt_R; +} +%flags = ( + 'multiline-proto' => 1, + 'header' => 1, + 'function-blocking' => 0, + 'gnuc-attribute' => 1, + 'cxx' => 1 + ); +if($opt_m) { + foreach $i (split(/,/, $opt_m)) { + if($i eq "roken") { + $flags{"multiline-proto"} = 0; + $flags{"header"} = 0; + $flags{"function-blocking"} = 0; + $flags{"gnuc-attribute"} = 0; + $flags{"cxx"} = 0; + } else { + if(substr($i, 0, 3) eq "no-") { + $flags{substr($i, 3)} = 0; + } else { + $flags{$i} = 1; + } + } + } +} + +if($opt_x) { + open(EXP, $opt_x); + while() { + chomp; + s/\#.*//g; + s/\s+/ /g; + if(/^([a-zA-Z0-9_]+)\s?(.*)$/) { + $exported{$1} = $2; + } else { + print $_, "\n"; + } + } + close EXP; +} + +while(<>) { + print $brace, " ", $_ if($debug); + + # Handle C comments + s@/\*.*\*/@@; + s@//.*/@@; + if ( s@/\*.*@@) { $comment = 1; + } elsif ($comment && s@.*\*/@@) { $comment = 0; + } elsif ($comment) { next; } + + if(/^\#if 0/) { + $if_0 = 1; + } + if($if_0 && /^\#endif/) { + $if_0 = 0; + } + if($if_0) { next } + if(/^\s*\#/) { + next; + } + if(/^\s*$/) { + $line = ""; + next; + } + if(/\{/){ + if (!/\}/) { + $brace++; + } + $_ = $line; + while(s/\*\//\ca/){ + s/\/\*(.|\n)*\ca//; + } + s/^\s*//; + s/\s*$//; + s/\s+/ /g; + if($_ =~ /\)$/){ + if(!/^static/ && !/^PRIVATE/){ + if(/(.*)(__attribute__\s?\(.*\))/) { + $attr = $2; + $_ = $1; + } else { + $attr = ""; + } + # remove outer () + s/\s*\(//; + # remove , within () + while(s/\(([^()]*),(.*)\)/($1\$$2)/g){} + s/\<\s*void\s*\>/<>/; + # remove parameter names + if($opt_P eq "remove") { + s/(\s*)([a-zA-Z0-9_]+)([,>])/$3/g; + s/\s+\*/*/g; + s/\(\*(\s*)([a-zA-Z0-9_]+)\)/(*)/g; + } elsif($opt_P eq "comment") { + s/([a-zA-Z0-9_]+)([,>])/\/\*$1\*\/$2/g; + s/\(\*([a-zA-Z0-9_]+)\)/(*\/\*$1\*\/)/g; + } + s/\<\>//; + # add newlines before parameters + if($flags{"multiline-proto"}) { + s/,\s*/,\n\t/g; + } else { + s/,\s*/, /g; + } + # fix removed , + s/\$/,/g; + # match function name + /([a-zA-Z0-9_]+)\s*\/$RP/; + # insert newline before function name + if($flags{"multiline-proto"}) { + s/(.*)\s([a-zA-Z0-9_]+ \Q$LP\E)/$1\n$2/; + } + if($attr ne "") { + $_ .= "\n $attr"; + } + $_ = $_ . ";"; + $funcs{$f} = $_; + } + } + $line = ""; + } + if(/\}/){ + $brace--; + } + if(/^\}/){ + $brace = 0; + } + if($brace == 0) { + $line = $line . " " . $_; + } +} + +sub foo { + local ($arg) = @_; + $_ = $arg; + s/.*\/([^\/]*)/$1/; + s/[^a-zA-Z0-9]/_/g; + "__" . $_ . "__"; +} + +if($opt_o) { + open(OUT, ">$opt_o"); + $block = &foo($opt_o); +} else { + $block = "__public_h__"; +} + +if($opt_p) { + open(PRIV, ">$opt_p"); + $private = &foo($opt_p); +} else { + $private = "__private_h__"; +} + +$public_h = ""; +$private_h = ""; + +$public_h_header .= "/* This is a generated file */ +#ifndef $block +#define $block + +"; +if ($oproto) { + $public_h_header .= "#ifdef __STDC__ +#include +#ifndef __P +#define __P(x) x +#endif +#else +#ifndef __P +#define __P(x) () +#endif +#endif + +"; +} else { + $public_h_header .= "#include + +"; +} +$public_h_trailer = ""; + +$private_h_header = "/* This is a generated file */ +#ifndef $private +#define $private + +"; +if($oproto) { + $private_h_header .= "#ifdef __STDC__ +#include +#ifndef __P +#define __P(x) x +#endif +#else +#ifndef __P +#define __P(x) () +#endif +#endif + +"; +} else { + $private_h_header .= "#include + +"; +} +$private_h_trailer = ""; + +foreach(sort keys %funcs){ + if(/^(main)$/) { next } + if(!defined($exported{$_}) && /$private_func_re/) { + $private_h .= $funcs{$_} . "\n\n"; + if($funcs{$_} =~ /__attribute__/) { + $private_attribute_seen = 1; + } + } else { + if($flags{"function-blocking"}) { + $fupper = uc $_; + if($exported{$_} =~ /proto/) { + $public_h .= "#if !defined(HAVE_$fupper) || defined(NEED_${fupper}_PROTO)\n"; + } else { + $public_h .= "#ifndef HAVE_$fupper\n"; + } + } + $public_h .= $funcs{$_} . "\n"; + if($funcs{$_} =~ /__attribute__/) { + $public_attribute_seen = 1; + } + if($flags{"function-blocking"}) { + $public_h .= "#endif\n"; + } + $public_h .= "\n"; + } +} + +if($flags{"gnuc-attribute"}) { + if ($public_attribute_seen) { + $public_h_header .= "#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +"; + } + + if ($private_attribute_seen) { + $private_h_header .= "#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +"; + } +} +if($flags{"cxx"}) { + $public_h_header .= "#ifdef __cplusplus +extern \"C\" { +#endif + +"; + $public_h_trailer .= "#ifdef __cplusplus +} +#endif + +"; + +} +if ($opt_E) { + $public_h_header .= "#ifndef $opt_E +#if defined(_WIN32) +#define ${opt_E}_FUNCTION _stdcall __declspec(dllimport) +#define ${opt_E}_VARIABLE __declspec(dllimport) +#else +#define ${opt_E}_FUNCTION +#define ${opt_E}_VARIABLE +#endif +#endif + +"; + + $private_h_header .= "#ifndef $opt_E +#if defined(_WIN32) +#define ${opt_E}_FUNCTION _stdcall __declspec(dllimport) +#define ${opt_E}_VARIABLE __declspec(dllimport) +#else +#define ${opt_E}_FUNCTION +#define ${opt_E}_VARIABLE +#endif +#endif + +"; +} + +if ($public_h ne "" && $flags{"header"}) { + $public_h = $public_h_header . $public_h . + $public_h_trailer . "#endif /* $block */\n"; +} +if ($private_h ne "" && $flags{"header"}) { + $private_h = $private_h_header . $private_h . + $private_h_trailer . "#endif /* $private */\n"; +} + +if($opt_o) { + print OUT $public_h; +} +if($opt_p) { + print PRIV $private_h; +} + +close OUT; +close PRIV; diff --git a/source4/heimdal/kdc/kdc-private.h b/source4/heimdal/kdc/kdc-private.h deleted file mode 100644 index 4052e9b509..0000000000 --- a/source4/heimdal/kdc/kdc-private.h +++ /dev/null @@ -1,287 +0,0 @@ -/* This is a generated file */ -#ifndef __kdc_private_h__ -#define __kdc_private_h__ - -#include - -krb5_error_code -_kdc_add_KRB5SignedPath ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - hdb_entry_ex */*krbtgt*/, - krb5_enctype /*enctype*/, - krb5_const_principal /*server*/, - KRB5SignedPathPrincipals */*principals*/, - EncTicketPart */*tkt*/); - -krb5_error_code -_kdc_add_inital_verified_cas ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - pk_client_params */*params*/, - EncTicketPart */*tkt*/); - -krb5_error_code -_kdc_as_rep ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - KDC_REQ */*req*/, - const krb5_data */*req_buffer*/, - krb5_data */*reply*/, - const char */*from*/, - struct sockaddr */*from_addr*/, - int /*datagram_reply*/); - -krb5_boolean -_kdc_check_addresses ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - HostAddresses */*addresses*/, - const struct sockaddr */*from*/); - -krb5_error_code -_kdc_check_flags ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - hdb_entry_ex */*client_ex*/, - const char */*client_name*/, - hdb_entry_ex */*server_ex*/, - const char */*server_name*/, - krb5_boolean /*is_as_req*/); - -krb5_error_code -_kdc_db_fetch ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - krb5_const_principal /*principal*/, - unsigned /*flags*/, - HDB **/*db*/, - hdb_entry_ex **/*h*/); - -krb5_error_code -_kdc_db_fetch4 ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - const char */*name*/, - const char */*instance*/, - const char */*realm*/, - unsigned /*flags*/, - hdb_entry_ex **/*ent*/); - -krb5_error_code -_kdc_do_524 ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - const Ticket */*t*/, - krb5_data */*reply*/, - const char */*from*/, - struct sockaddr */*addr*/); - -krb5_error_code -_kdc_do_digest ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - const DigestREQ */*req*/, - krb5_data */*reply*/, - const char */*from*/, - struct sockaddr */*addr*/); - -krb5_error_code -_kdc_do_kaserver ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - unsigned char */*buf*/, - size_t /*len*/, - krb5_data */*reply*/, - const char */*from*/, - struct sockaddr_in */*addr*/); - -krb5_error_code -_kdc_do_kx509 ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - const Kx509Request */*req*/, - krb5_data */*reply*/, - const char */*from*/, - struct sockaddr */*addr*/); - -krb5_error_code -_kdc_do_version4 ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - unsigned char */*buf*/, - size_t /*len*/, - krb5_data */*reply*/, - const char */*from*/, - struct sockaddr_in */*addr*/); - -krb5_error_code -_kdc_encode_reply ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - KDC_REP */*rep*/, - const EncTicketPart */*et*/, - EncKDCRepPart */*ek*/, - krb5_enctype /*etype*/, - int /*skvno*/, - const EncryptionKey */*skey*/, - int /*ckvno*/, - const EncryptionKey */*ckey*/, - const char **/*e_text*/, - krb5_data */*reply*/); - -krb5_error_code -_kdc_encode_v4_ticket ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - void */*buf*/, - size_t /*len*/, - const EncTicketPart */*et*/, - const PrincipalName */*service*/, - size_t */*size*/); - -krb5_error_code -_kdc_find_etype ( - krb5_context /*context*/, - const hdb_entry_ex */*princ*/, - krb5_enctype */*etypes*/, - unsigned /*len*/, - Key **/*ret_key*/, - krb5_enctype */*ret_etype*/); - -const PA_DATA* -_kdc_find_padata ( - const KDC_REQ */*req*/, - int */*start*/, - int /*type*/); - -void -_kdc_fix_time (time_t **/*t*/); - -void -_kdc_free_ent ( - krb5_context /*context*/, - hdb_entry_ex */*ent*/); - -krb5_error_code -_kdc_get_des_key ( - krb5_context /*context*/, - hdb_entry_ex */*principal*/, - krb5_boolean /*is_server*/, - krb5_boolean /*prefer_afs_key*/, - Key **/*ret_key*/); - -krb5_error_code -_kdc_get_preferred_key ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - hdb_entry_ex */*h*/, - const char */*name*/, - krb5_enctype */*enctype*/, - Key **/*key*/); - -void -_kdc_log_timestamp ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - const char */*type*/, - KerberosTime /*authtime*/, - KerberosTime */*starttime*/, - KerberosTime /*endtime*/, - KerberosTime */*renew_till*/); - -krb5_error_code -_kdc_make_anonymous_principalname (PrincipalName */*pn*/); - -int -_kdc_maybe_version4 ( - unsigned char */*buf*/, - int /*len*/); - -krb5_error_code -_kdc_pac_generate ( - krb5_context /*context*/, - hdb_entry_ex */*client*/, - krb5_pac */*pac*/); - -krb5_error_code -_kdc_pac_verify ( - krb5_context /*context*/, - const krb5_principal /*client_principal*/, - hdb_entry_ex */*client*/, - hdb_entry_ex */*server*/, - krb5_pac */*pac*/); - -krb5_error_code -_kdc_pk_check_client ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - const hdb_entry_ex */*client*/, - pk_client_params */*client_params*/, - char **/*subject_name*/); - -void -_kdc_pk_free_client_param ( - krb5_context /*context*/, - pk_client_params */*client_params*/); - -krb5_error_code -_kdc_pk_initialize ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - const char */*user_id*/, - const char */*anchors*/, - char **/*pool*/, - char **/*revoke_list*/); - -krb5_error_code -_kdc_pk_mk_pa_reply ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - pk_client_params */*client_params*/, - const hdb_entry_ex */*client*/, - const KDC_REQ */*req*/, - const krb5_data */*req_buffer*/, - krb5_keyblock **/*reply_key*/, - METHOD_DATA */*md*/); - -krb5_error_code -_kdc_pk_rd_padata ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - const KDC_REQ */*req*/, - const PA_DATA */*pa*/, - pk_client_params **/*ret_params*/); - -krb5_error_code -_kdc_tgs_rep ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - KDC_REQ */*req*/, - krb5_data */*data*/, - const char */*from*/, - struct sockaddr */*from_addr*/, - int /*datagram_reply*/); - -krb5_error_code -_kdc_tkt_add_if_relevant_ad ( - krb5_context /*context*/, - EncTicketPart */*tkt*/, - int /*type*/, - const krb5_data */*data*/); - -krb5_error_code -_kdc_try_kx509_request ( - void */*ptr*/, - size_t /*len*/, - Kx509Request */*req*/, - size_t */*size*/); - -krb5_error_code -_kdc_windc_client_access ( - krb5_context /*context*/, - struct hdb_entry_ex */*client*/, - KDC_REQ */*req*/, - krb5_data */*e_data*/); - -#endif /* __kdc_private_h__ */ diff --git a/source4/heimdal/kdc/kdc-protos.h b/source4/heimdal/kdc/kdc-protos.h deleted file mode 100644 index 15e8c29f4c..0000000000 --- a/source4/heimdal/kdc/kdc-protos.h +++ /dev/null @@ -1,92 +0,0 @@ -/* This is a generated file */ -#ifndef __kdc_protos_h__ -#define __kdc_protos_h__ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -void -kdc_log ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - int /*level*/, - const char */*fmt*/, - ...); - -char* -kdc_log_msg ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - int /*level*/, - const char */*fmt*/, - ...); - -char* -kdc_log_msg_va ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - int /*level*/, - const char */*fmt*/, - va_list /*ap*/); - -void -kdc_openlog ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/); - -krb5_error_code -krb5_kdc_get_config ( - krb5_context /*context*/, - krb5_kdc_configuration **/*config*/); - -int -krb5_kdc_process_krb5_request ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - unsigned char */*buf*/, - size_t /*len*/, - krb5_data */*reply*/, - const char */*from*/, - struct sockaddr */*addr*/, - int /*datagram_reply*/); - -int -krb5_kdc_process_request ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - unsigned char */*buf*/, - size_t /*len*/, - krb5_data */*reply*/, - krb5_boolean */*prependlength*/, - const char */*from*/, - struct sockaddr */*addr*/, - int /*datagram_reply*/); - -int -krb5_kdc_save_request ( - krb5_context /*context*/, - const char */*fn*/, - const unsigned char */*buf*/, - size_t /*len*/, - const krb5_data */*reply*/, - const struct sockaddr */*sa*/); - -krb5_error_code -krb5_kdc_set_dbinfo ( - krb5_context /*context*/, - struct krb5_kdc_configuration */*c*/); - -void -krb5_kdc_update_time (struct timeval */*tv*/); - -krb5_error_code -krb5_kdc_windc_init (krb5_context /*context*/); - -#ifdef __cplusplus -} -#endif - -#endif /* __kdc_protos_h__ */ diff --git a/source4/heimdal/lib/asn1/der-protos.h b/source4/heimdal/lib/asn1/der-protos.h deleted file mode 100644 index 7bfe02ebb4..0000000000 --- a/source4/heimdal/lib/asn1/der-protos.h +++ /dev/null @@ -1,567 +0,0 @@ -/* This is a generated file */ -#ifndef __der_protos_h__ -#define __der_protos_h__ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -int -copy_heim_any ( - const heim_any */*from*/, - heim_any */*to*/); - -int -copy_heim_any_set ( - const heim_any_set */*from*/, - heim_any_set */*to*/); - -int -decode_heim_any ( - const unsigned char */*p*/, - size_t /*len*/, - heim_any */*data*/, - size_t */*size*/); - -int -decode_heim_any_set ( - const unsigned char */*p*/, - size_t /*len*/, - heim_any_set */*data*/, - size_t */*size*/); - -int -der_copy_bit_string ( - const heim_bit_string */*from*/, - heim_bit_string */*to*/); - -int -der_copy_bmp_string ( - const heim_bmp_string */*from*/, - heim_bmp_string */*to*/); - -int -der_copy_general_string ( - const heim_general_string */*from*/, - heim_general_string */*to*/); - -int -der_copy_heim_integer ( - const heim_integer */*from*/, - heim_integer */*to*/); - -int -der_copy_ia5_string ( - const heim_printable_string */*from*/, - heim_printable_string */*to*/); - -int -der_copy_octet_string ( - const heim_octet_string */*from*/, - heim_octet_string */*to*/); - -int -der_copy_oid ( - const heim_oid */*from*/, - heim_oid */*to*/); - -int -der_copy_printable_string ( - const heim_printable_string */*from*/, - heim_printable_string */*to*/); - -int -der_copy_universal_string ( - const heim_universal_string */*from*/, - heim_universal_string */*to*/); - -int -der_copy_utf8string ( - const heim_utf8_string */*from*/, - heim_utf8_string */*to*/); - -int -der_copy_visible_string ( - const heim_visible_string */*from*/, - heim_visible_string */*to*/); - -void -der_free_bit_string (heim_bit_string */*k*/); - -void -der_free_bmp_string (heim_bmp_string */*k*/); - -void -der_free_general_string (heim_general_string */*str*/); - -void -der_free_heim_integer (heim_integer */*k*/); - -void -der_free_ia5_string (heim_ia5_string */*str*/); - -void -der_free_octet_string (heim_octet_string */*k*/); - -void -der_free_oid (heim_oid */*k*/); - -void -der_free_printable_string (heim_printable_string */*str*/); - -void -der_free_universal_string (heim_universal_string */*k*/); - -void -der_free_utf8string (heim_utf8_string */*str*/); - -void -der_free_visible_string (heim_visible_string */*str*/); - -int -der_get_bit_string ( - const unsigned char */*p*/, - size_t /*len*/, - heim_bit_string */*data*/, - size_t */*size*/); - -int -der_get_bmp_string ( - const unsigned char */*p*/, - size_t /*len*/, - heim_bmp_string */*data*/, - size_t */*size*/); - -int -der_get_boolean ( - const unsigned char */*p*/, - size_t /*len*/, - int */*data*/, - size_t */*size*/); - -const char * -der_get_class_name (unsigned /*num*/); - -int -der_get_class_num (const char */*name*/); - -int -der_get_general_string ( - const unsigned char */*p*/, - size_t /*len*/, - heim_general_string */*str*/, - size_t */*size*/); - -int -der_get_generalized_time ( - const unsigned char */*p*/, - size_t /*len*/, - time_t */*data*/, - size_t */*size*/); - -int -der_get_heim_integer ( - const unsigned char */*p*/, - size_t /*len*/, - heim_integer */*data*/, - size_t */*size*/); - -int -der_get_ia5_string ( - const unsigned char */*p*/, - size_t /*len*/, - heim_ia5_string */*str*/, - size_t */*size*/); - -int -der_get_integer ( - const unsigned char */*p*/, - size_t /*len*/, - int */*ret*/, - size_t */*size*/); - -int -der_get_length ( - const unsigned char */*p*/, - size_t /*len*/, - size_t */*val*/, - size_t */*size*/); - -int -der_get_octet_string ( - const unsigned char */*p*/, - size_t /*len*/, - heim_octet_string */*data*/, - size_t */*size*/); - -int -der_get_oid ( - const unsigned char */*p*/, - size_t /*len*/, - heim_oid */*data*/, - size_t */*size*/); - -int -der_get_printable_string ( - const unsigned char */*p*/, - size_t /*len*/, - heim_printable_string */*str*/, - size_t */*size*/); - -int -der_get_tag ( - const unsigned char */*p*/, - size_t /*len*/, - Der_class */*class*/, - Der_type */*type*/, - unsigned int */*tag*/, - size_t */*size*/); - -const char * -der_get_tag_name (unsigned /*num*/); - -int -der_get_tag_num (const char */*name*/); - -const char * -der_get_type_name (unsigned /*num*/); - -int -der_get_type_num (const char */*name*/); - -int -der_get_universal_string ( - const unsigned char */*p*/, - size_t /*len*/, - heim_universal_string */*data*/, - size_t */*size*/); - -int -der_get_unsigned ( - const unsigned char */*p*/, - size_t /*len*/, - unsigned */*ret*/, - size_t */*size*/); - -int -der_get_utctime ( - const unsigned char */*p*/, - size_t /*len*/, - time_t */*data*/, - size_t */*size*/); - -int -der_get_utf8string ( - const unsigned char */*p*/, - size_t /*len*/, - heim_utf8_string */*str*/, - size_t */*size*/); - -int -der_get_visible_string ( - const unsigned char */*p*/, - size_t /*len*/, - heim_visible_string */*str*/, - size_t */*size*/); - -int -der_heim_bit_string_cmp ( - const heim_bit_string */*p*/, - const heim_bit_string */*q*/); - -int -der_heim_bmp_string_cmp ( - const heim_bmp_string */*p*/, - const heim_bmp_string */*q*/); - -int -der_heim_integer_cmp ( - const heim_integer */*p*/, - const heim_integer */*q*/); - -int -der_heim_octet_string_cmp ( - const heim_octet_string */*p*/, - const heim_octet_string */*q*/); - -int -der_heim_oid_cmp ( - const heim_oid */*p*/, - const heim_oid */*q*/); - -int -der_heim_universal_string_cmp ( - const heim_universal_string */*p*/, - const heim_universal_string */*q*/); - -size_t -der_length_bit_string (const heim_bit_string */*k*/); - -size_t -der_length_bmp_string (const heim_bmp_string */*data*/); - -size_t -der_length_boolean (const int */*k*/); - -size_t -der_length_enumerated (const unsigned */*data*/); - -size_t -der_length_general_string (const heim_general_string */*data*/); - -size_t -der_length_generalized_time (const time_t */*t*/); - -size_t -der_length_heim_integer (const heim_integer */*k*/); - -size_t -der_length_ia5_string (const heim_ia5_string */*data*/); - -size_t -der_length_integer (const int */*data*/); - -size_t -der_length_len (size_t /*len*/); - -size_t -der_length_octet_string (const heim_octet_string */*k*/); - -size_t -der_length_oid (const heim_oid */*k*/); - -size_t -der_length_printable_string (const heim_printable_string */*data*/); - -size_t -der_length_universal_string (const heim_universal_string */*data*/); - -size_t -der_length_unsigned (const unsigned */*data*/); - -size_t -der_length_utctime (const time_t */*t*/); - -size_t -der_length_utf8string (const heim_utf8_string */*data*/); - -size_t -der_length_visible_string (const heim_visible_string */*data*/); - -int -der_match_tag ( - const unsigned char */*p*/, - size_t /*len*/, - Der_class /*class*/, - Der_type /*type*/, - unsigned int /*tag*/, - size_t */*size*/); - -int -der_match_tag_and_length ( - const unsigned char */*p*/, - size_t /*len*/, - Der_class /*class*/, - Der_type /*type*/, - unsigned int /*tag*/, - size_t */*length_ret*/, - size_t */*size*/); - -int -der_parse_heim_oid ( - const char */*str*/, - const char */*sep*/, - heim_oid */*data*/); - -int -der_parse_hex_heim_integer ( - const char */*p*/, - heim_integer */*data*/); - -int -der_print_heim_oid ( - const heim_oid */*oid*/, - char /*delim*/, - char **/*str*/); - -int -der_print_hex_heim_integer ( - const heim_integer */*data*/, - char **/*p*/); - -int -der_put_bit_string ( - unsigned char */*p*/, - size_t /*len*/, - const heim_bit_string */*data*/, - size_t */*size*/); - -int -der_put_bmp_string ( - unsigned char */*p*/, - size_t /*len*/, - const heim_bmp_string */*data*/, - size_t */*size*/); - -int -der_put_boolean ( - unsigned char */*p*/, - size_t /*len*/, - const int */*data*/, - size_t */*size*/); - -int -der_put_general_string ( - unsigned char */*p*/, - size_t /*len*/, - const heim_general_string */*str*/, - size_t */*size*/); - -int -der_put_generalized_time ( - unsigned char */*p*/, - size_t /*len*/, - const time_t */*data*/, - size_t */*size*/); - -int -der_put_heim_integer ( - unsigned char */*p*/, - size_t /*len*/, - const heim_integer */*data*/, - size_t */*size*/); - -int -der_put_ia5_string ( - unsigned char */*p*/, - size_t /*len*/, - const heim_ia5_string */*str*/, - size_t */*size*/); - -int -der_put_integer ( - unsigned char */*p*/, - size_t /*len*/, - const int */*v*/, - size_t */*size*/); - -int -der_put_length ( - unsigned char */*p*/, - size_t /*len*/, - size_t /*val*/, - size_t */*size*/); - -int -der_put_length_and_tag ( - unsigned char */*p*/, - size_t /*len*/, - size_t /*len_val*/, - Der_class /*class*/, - Der_type /*type*/, - unsigned int /*tag*/, - size_t */*size*/); - -int -der_put_octet_string ( - unsigned char */*p*/, - size_t /*len*/, - const heim_octet_string */*data*/, - size_t */*size*/); - -int -der_put_oid ( - unsigned char */*p*/, - size_t /*len*/, - const heim_oid */*data*/, - size_t */*size*/); - -int -der_put_printable_string ( - unsigned char */*p*/, - size_t /*len*/, - const heim_printable_string */*str*/, - size_t */*size*/); - -int -der_put_tag ( - unsigned char */*p*/, - size_t /*len*/, - Der_class /*class*/, - Der_type /*type*/, - unsigned int /*tag*/, - size_t */*size*/); - -int -der_put_universal_string ( - unsigned char */*p*/, - size_t /*len*/, - const heim_universal_string */*data*/, - size_t */*size*/); - -int -der_put_unsigned ( - unsigned char */*p*/, - size_t /*len*/, - const unsigned */*v*/, - size_t */*size*/); - -int -der_put_utctime ( - unsigned char */*p*/, - size_t /*len*/, - const time_t */*data*/, - size_t */*size*/); - -int -der_put_utf8string ( - unsigned char */*p*/, - size_t /*len*/, - const heim_utf8_string */*str*/, - size_t */*size*/); - -int -der_put_visible_string ( - unsigned char */*p*/, - size_t /*len*/, - const heim_visible_string */*str*/, - size_t */*size*/); - -int -encode_heim_any ( - unsigned char */*p*/, - size_t /*len*/, - const heim_any */*data*/, - size_t */*size*/); - -int -encode_heim_any_set ( - unsigned char */*p*/, - size_t /*len*/, - const heim_any_set */*data*/, - size_t */*size*/); - -void -free_heim_any (heim_any */*data*/); - -void -free_heim_any_set (heim_any_set */*data*/); - -int -heim_any_cmp ( - const heim_any_set */*p*/, - const heim_any_set */*q*/); - -size_t -length_heim_any (const heim_any */*data*/); - -size_t -length_heim_any_set (const heim_any */*data*/); - -#ifdef __cplusplus -} -#endif - -#endif /* __der_protos_h__ */ diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h deleted file mode 100644 index f6edb8b247..0000000000 --- a/source4/heimdal/lib/gssapi/krb5/gsskrb5-private.h +++ /dev/null @@ -1,704 +0,0 @@ -/* This is a generated file */ -#ifndef __gsskrb5_private_h__ -#define __gsskrb5_private_h__ - -#include - -gssapi_mech_interface -__gss_krb5_initialize (void); - -OM_uint32 -__gsskrb5_ccache_lifetime ( - OM_uint32 */*minor_status*/, - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_principal /*principal*/, - OM_uint32 */*lifetime*/); - -OM_uint32 -_gss_DES3_get_mic_compat ( - OM_uint32 */*minor_status*/, - gsskrb5_ctx /*ctx*/, - krb5_context /*context*/); - -OM_uint32 -_gssapi_decapsulate ( - OM_uint32 */*minor_status*/, - gss_buffer_t /*input_token_buffer*/, - krb5_data */*out_data*/, - const gss_OID mech ); - -void -_gssapi_encap_length ( - size_t /*data_len*/, - size_t */*len*/, - size_t */*total_len*/, - const gss_OID /*mech*/); - -OM_uint32 -_gssapi_encapsulate ( - OM_uint32 */*minor_status*/, - const krb5_data */*in_data*/, - gss_buffer_t /*output_token*/, - const gss_OID mech ); - -OM_uint32 -_gssapi_get_mic_arcfour ( - OM_uint32 * /*minor_status*/, - const gsskrb5_ctx /*context_handle*/, - krb5_context /*context*/, - gss_qop_t /*qop_req*/, - const gss_buffer_t /*message_buffer*/, - gss_buffer_t /*message_token*/, - krb5_keyblock */*key*/); - -void * -_gssapi_make_mech_header ( - void */*ptr*/, - size_t /*len*/, - const gss_OID /*mech*/); - -OM_uint32 -_gssapi_mic_cfx ( - OM_uint32 */*minor_status*/, - const gsskrb5_ctx /*context_handle*/, - krb5_context /*context*/, - gss_qop_t /*qop_req*/, - const gss_buffer_t /*message_buffer*/, - gss_buffer_t /*message_token*/, - krb5_keyblock */*key*/); - -OM_uint32 -_gssapi_msg_order_check ( - struct gss_msg_order */*o*/, - OM_uint32 /*seq_num*/); - -OM_uint32 -_gssapi_msg_order_create ( - OM_uint32 */*minor_status*/, - struct gss_msg_order **/*o*/, - OM_uint32 /*flags*/, - OM_uint32 /*seq_num*/, - OM_uint32 /*jitter_window*/, - int /*use_64*/); - -OM_uint32 -_gssapi_msg_order_destroy (struct gss_msg_order **/*m*/); - -krb5_error_code -_gssapi_msg_order_export ( - krb5_storage */*sp*/, - struct gss_msg_order */*o*/); - -OM_uint32 -_gssapi_msg_order_f (OM_uint32 /*flags*/); - -OM_uint32 -_gssapi_msg_order_import ( - OM_uint32 */*minor_status*/, - krb5_storage */*sp*/, - struct gss_msg_order **/*o*/); - -OM_uint32 -_gssapi_unwrap_arcfour ( - OM_uint32 */*minor_status*/, - const gsskrb5_ctx /*context_handle*/, - krb5_context /*context*/, - const gss_buffer_t /*input_message_buffer*/, - gss_buffer_t /*output_message_buffer*/, - int */*conf_state*/, - gss_qop_t */*qop_state*/, - krb5_keyblock */*key*/); - -OM_uint32 -_gssapi_unwrap_cfx ( - OM_uint32 */*minor_status*/, - const gsskrb5_ctx /*context_handle*/, - krb5_context /*context*/, - const gss_buffer_t /*input_message_buffer*/, - gss_buffer_t /*output_message_buffer*/, - int */*conf_state*/, - gss_qop_t */*qop_state*/, - krb5_keyblock */*key*/); - -OM_uint32 -_gssapi_verify_mech_header ( - u_char **/*str*/, - size_t /*total_len*/, - gss_OID /*mech*/); - -OM_uint32 -_gssapi_verify_mic_arcfour ( - OM_uint32 * /*minor_status*/, - const gsskrb5_ctx /*context_handle*/, - krb5_context /*context*/, - const gss_buffer_t /*message_buffer*/, - const gss_buffer_t /*token_buffer*/, - gss_qop_t * /*qop_state*/, - krb5_keyblock */*key*/, - char */*type*/); - -OM_uint32 -_gssapi_verify_mic_cfx ( - OM_uint32 */*minor_status*/, - const gsskrb5_ctx /*context_handle*/, - krb5_context /*context*/, - const gss_buffer_t /*message_buffer*/, - const gss_buffer_t /*token_buffer*/, - gss_qop_t */*qop_state*/, - krb5_keyblock */*key*/); - -OM_uint32 -_gssapi_verify_pad ( - gss_buffer_t /*wrapped_token*/, - size_t /*datalen*/, - size_t */*padlen*/); - -OM_uint32 -_gssapi_wrap_arcfour ( - OM_uint32 * /*minor_status*/, - const gsskrb5_ctx /*context_handle*/, - krb5_context /*context*/, - int /*conf_req_flag*/, - gss_qop_t /*qop_req*/, - const gss_buffer_t /*input_message_buffer*/, - int * /*conf_state*/, - gss_buffer_t /*output_message_buffer*/, - krb5_keyblock */*key*/); - -OM_uint32 -_gssapi_wrap_cfx ( - OM_uint32 */*minor_status*/, - const gsskrb5_ctx /*context_handle*/, - krb5_context /*context*/, - int /*conf_req_flag*/, - gss_qop_t /*qop_req*/, - const gss_buffer_t /*input_message_buffer*/, - int */*conf_state*/, - gss_buffer_t /*output_message_buffer*/, - krb5_keyblock */*key*/); - -OM_uint32 -_gssapi_wrap_size_arcfour ( - OM_uint32 */*minor_status*/, - const gsskrb5_ctx /*ctx*/, - krb5_context /*context*/, - int /*conf_req_flag*/, - gss_qop_t /*qop_req*/, - OM_uint32 /*req_output_size*/, - OM_uint32 */*max_input_size*/, - krb5_keyblock */*key*/); - -OM_uint32 -_gssapi_wrap_size_cfx ( - OM_uint32 */*minor_status*/, - const gsskrb5_ctx /*context_handle*/, - krb5_context /*context*/, - int /*conf_req_flag*/, - gss_qop_t /*qop_req*/, - OM_uint32 /*req_output_size*/, - OM_uint32 */*max_input_size*/, - krb5_keyblock */*key*/); - -OM_uint32 -_gsskrb5_accept_sec_context ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t * /*context_handle*/, - const gss_cred_id_t /*acceptor_cred_handle*/, - const gss_buffer_t /*input_token_buffer*/, - const gss_channel_bindings_t /*input_chan_bindings*/, - gss_name_t * /*src_name*/, - gss_OID * /*mech_type*/, - gss_buffer_t /*output_token*/, - OM_uint32 * /*ret_flags*/, - OM_uint32 * /*time_rec*/, - gss_cred_id_t * /*delegated_cred_handle*/); - -OM_uint32 -_gsskrb5_acquire_cred ( - OM_uint32 * /*minor_status*/, - const gss_name_t /*desired_name*/, - OM_uint32 /*time_req*/, - const gss_OID_set /*desired_mechs*/, - gss_cred_usage_t /*cred_usage*/, - gss_cred_id_t * /*output_cred_handle*/, - gss_OID_set * /*actual_mechs*/, - OM_uint32 * time_rec ); - -OM_uint32 -_gsskrb5_add_cred ( - OM_uint32 */*minor_status*/, - const gss_cred_id_t /*input_cred_handle*/, - const gss_name_t /*desired_name*/, - const gss_OID /*desired_mech*/, - gss_cred_usage_t /*cred_usage*/, - OM_uint32 /*initiator_time_req*/, - OM_uint32 /*acceptor_time_req*/, - gss_cred_id_t */*output_cred_handle*/, - gss_OID_set */*actual_mechs*/, - OM_uint32 */*initiator_time_rec*/, - OM_uint32 */*acceptor_time_rec*/); - -OM_uint32 -_gsskrb5_canonicalize_name ( - OM_uint32 * /*minor_status*/, - const gss_name_t /*input_name*/, - const gss_OID /*mech_type*/, - gss_name_t * output_name ); - -void -_gsskrb5_clear_status (void); - -OM_uint32 -_gsskrb5_compare_name ( - OM_uint32 * /*minor_status*/, - const gss_name_t /*name1*/, - const gss_name_t /*name2*/, - int * name_equal ); - -OM_uint32 -_gsskrb5_context_time ( - OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - OM_uint32 * time_rec ); - -OM_uint32 -_gsskrb5_create_8003_checksum ( - OM_uint32 */*minor_status*/, - const gss_channel_bindings_t /*input_chan_bindings*/, - OM_uint32 /*flags*/, - const krb5_data */*fwd_data*/, - Checksum */*result*/); - -OM_uint32 -_gsskrb5_create_ctx ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t * /*context_handle*/, - krb5_context /*context*/, - const gss_channel_bindings_t /*input_chan_bindings*/, - enum gss_ctx_id_t_state /*state*/); - -OM_uint32 -_gsskrb5_decapsulate ( - OM_uint32 */*minor_status*/, - gss_buffer_t /*input_token_buffer*/, - krb5_data */*out_data*/, - const void */*type*/, - gss_OID /*oid*/); - -krb5_error_code -_gsskrb5_decode_be_om_uint32 ( - const void */*ptr*/, - OM_uint32 */*n*/); - -krb5_error_code -_gsskrb5_decode_om_uint32 ( - const void */*ptr*/, - OM_uint32 */*n*/); - -OM_uint32 -_gsskrb5_delete_sec_context ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t * /*context_handle*/, - gss_buffer_t /*output_token*/); - -OM_uint32 -_gsskrb5_display_name ( - OM_uint32 * /*minor_status*/, - const gss_name_t /*input_name*/, - gss_buffer_t /*output_name_buffer*/, - gss_OID * output_name_type ); - -OM_uint32 -_gsskrb5_display_status ( - OM_uint32 */*minor_status*/, - OM_uint32 /*status_value*/, - int /*status_type*/, - const gss_OID /*mech_type*/, - OM_uint32 */*message_context*/, - gss_buffer_t /*status_string*/); - -OM_uint32 -_gsskrb5_duplicate_name ( - OM_uint32 * /*minor_status*/, - const gss_name_t /*src_name*/, - gss_name_t * dest_name ); - -void -_gsskrb5_encap_length ( - size_t /*data_len*/, - size_t */*len*/, - size_t */*total_len*/, - const gss_OID /*mech*/); - -OM_uint32 -_gsskrb5_encapsulate ( - OM_uint32 */*minor_status*/, - const krb5_data */*in_data*/, - gss_buffer_t /*output_token*/, - const void */*type*/, - const gss_OID mech ); - -krb5_error_code -_gsskrb5_encode_be_om_uint32 ( - OM_uint32 /*n*/, - u_char */*p*/); - -krb5_error_code -_gsskrb5_encode_om_uint32 ( - OM_uint32 /*n*/, - u_char */*p*/); - -OM_uint32 -_gsskrb5_export_name ( - OM_uint32 * /*minor_status*/, - const gss_name_t /*input_name*/, - gss_buffer_t exported_name ); - -OM_uint32 -_gsskrb5_export_sec_context ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t * /*context_handle*/, - gss_buffer_t interprocess_token ); - -ssize_t -_gsskrb5_get_mech ( - const u_char */*ptr*/, - size_t /*total_len*/, - const u_char **/*mech_ret*/); - -OM_uint32 -_gsskrb5_get_mic ( - OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - gss_qop_t /*qop_req*/, - const gss_buffer_t /*message_buffer*/, - gss_buffer_t message_token ); - -OM_uint32 -_gsskrb5_get_tkt_flags ( - OM_uint32 */*minor_status*/, - gsskrb5_ctx /*ctx*/, - OM_uint32 */*tkt_flags*/); - -OM_uint32 -_gsskrb5_import_cred ( - OM_uint32 */*minor_status*/, - krb5_ccache /*id*/, - krb5_principal /*keytab_principal*/, - krb5_keytab /*keytab*/, - gss_cred_id_t */*cred*/); - -OM_uint32 -_gsskrb5_import_name ( - OM_uint32 * /*minor_status*/, - const gss_buffer_t /*input_name_buffer*/, - const gss_OID /*input_name_type*/, - gss_name_t * output_name ); - -OM_uint32 -_gsskrb5_import_sec_context ( - OM_uint32 * /*minor_status*/, - const gss_buffer_t /*interprocess_token*/, - gss_ctx_id_t * context_handle ); - -OM_uint32 -_gsskrb5_indicate_mechs ( - OM_uint32 * /*minor_status*/, - gss_OID_set * mech_set ); - -krb5_error_code -_gsskrb5_init (krb5_context */*context*/); - -OM_uint32 -_gsskrb5_init_sec_context ( - OM_uint32 * /*minor_status*/, - const gss_cred_id_t /*cred_handle*/, - gss_ctx_id_t * /*context_handle*/, - const gss_name_t /*target_name*/, - const gss_OID /*mech_type*/, - OM_uint32 /*req_flags*/, - OM_uint32 /*time_req*/, - const gss_channel_bindings_t /*input_chan_bindings*/, - const gss_buffer_t /*input_token*/, - gss_OID * /*actual_mech_type*/, - gss_buffer_t /*output_token*/, - OM_uint32 * /*ret_flags*/, - OM_uint32 * time_rec ); - -OM_uint32 -_gsskrb5_inquire_context ( - OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - gss_name_t * /*src_name*/, - gss_name_t * /*targ_name*/, - OM_uint32 * /*lifetime_rec*/, - gss_OID * /*mech_type*/, - OM_uint32 * /*ctx_flags*/, - int * /*locally_initiated*/, - int * open_context ); - -OM_uint32 -_gsskrb5_inquire_cred ( - OM_uint32 * /*minor_status*/, - const gss_cred_id_t /*cred_handle*/, - gss_name_t * /*output_name*/, - OM_uint32 * /*lifetime*/, - gss_cred_usage_t * /*cred_usage*/, - gss_OID_set * mechanisms ); - -OM_uint32 -_gsskrb5_inquire_cred_by_mech ( - OM_uint32 * /*minor_status*/, - const gss_cred_id_t /*cred_handle*/, - const gss_OID /*mech_type*/, - gss_name_t * /*name*/, - OM_uint32 * /*initiator_lifetime*/, - OM_uint32 * /*acceptor_lifetime*/, - gss_cred_usage_t * cred_usage ); - -OM_uint32 -_gsskrb5_inquire_cred_by_oid ( - OM_uint32 * /*minor_status*/, - const gss_cred_id_t /*cred_handle*/, - const gss_OID /*desired_object*/, - gss_buffer_set_t */*data_set*/); - -OM_uint32 -_gsskrb5_inquire_mechs_for_name ( - OM_uint32 * /*minor_status*/, - const gss_name_t /*input_name*/, - gss_OID_set * mech_types ); - -OM_uint32 -_gsskrb5_inquire_names_for_mech ( - OM_uint32 * /*minor_status*/, - const gss_OID /*mechanism*/, - gss_OID_set * name_types ); - -OM_uint32 -_gsskrb5_inquire_sec_context_by_oid ( - OM_uint32 */*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - const gss_OID /*desired_object*/, - gss_buffer_set_t */*data_set*/); - -OM_uint32 -_gsskrb5_krb5_ccache_name ( - OM_uint32 */*minor_status*/, - const char */*name*/, - const char **/*out_name*/); - -OM_uint32 -_gsskrb5_lifetime_left ( - OM_uint32 */*minor_status*/, - krb5_context /*context*/, - OM_uint32 /*lifetime*/, - OM_uint32 */*lifetime_rec*/); - -void * -_gsskrb5_make_header ( - void */*ptr*/, - size_t /*len*/, - const void */*type*/, - const gss_OID /*mech*/); - -OM_uint32 -_gsskrb5_process_context_token ( - OM_uint32 */*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - const gss_buffer_t token_buffer ); - -OM_uint32 -_gsskrb5_pseudo_random ( - OM_uint32 */*minor_status*/, - gss_ctx_id_t /*context_handle*/, - int /*prf_key*/, - const gss_buffer_t /*prf_in*/, - ssize_t /*desired_output_len*/, - gss_buffer_t /*prf_out*/); - -OM_uint32 -_gsskrb5_register_acceptor_identity (const char */*identity*/); - -OM_uint32 -_gsskrb5_release_buffer ( - OM_uint32 * /*minor_status*/, - gss_buffer_t buffer ); - -OM_uint32 -_gsskrb5_release_cred ( - OM_uint32 * /*minor_status*/, - gss_cred_id_t * cred_handle ); - -OM_uint32 -_gsskrb5_release_name ( - OM_uint32 * /*minor_status*/, - gss_name_t * input_name ); - -OM_uint32 -_gsskrb5_seal ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - int /*conf_req_flag*/, - int /*qop_req*/, - gss_buffer_t /*input_message_buffer*/, - int * /*conf_state*/, - gss_buffer_t output_message_buffer ); - -OM_uint32 -_gsskrb5_set_cred_option ( - OM_uint32 */*minor_status*/, - gss_cred_id_t */*cred_handle*/, - const gss_OID /*desired_object*/, - const gss_buffer_t /*value*/); - -OM_uint32 -_gsskrb5_set_sec_context_option ( - OM_uint32 */*minor_status*/, - gss_ctx_id_t */*context_handle*/, - const gss_OID /*desired_object*/, - const gss_buffer_t /*value*/); - -void -_gsskrb5_set_status ( - const char */*fmt*/, - ...); - -OM_uint32 -_gsskrb5_sign ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - int /*qop_req*/, - gss_buffer_t /*message_buffer*/, - gss_buffer_t message_token ); - -OM_uint32 -_gsskrb5_unseal ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - gss_buffer_t /*input_message_buffer*/, - gss_buffer_t /*output_message_buffer*/, - int * /*conf_state*/, - int * qop_state ); - -OM_uint32 -_gsskrb5_unwrap ( - OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - const gss_buffer_t /*input_message_buffer*/, - gss_buffer_t /*output_message_buffer*/, - int * /*conf_state*/, - gss_qop_t * qop_state ); - -OM_uint32 -_gsskrb5_verify ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - gss_buffer_t /*message_buffer*/, - gss_buffer_t /*token_buffer*/, - int * qop_state ); - -OM_uint32 -_gsskrb5_verify_8003_checksum ( - OM_uint32 */*minor_status*/, - const gss_channel_bindings_t /*input_chan_bindings*/, - const Checksum */*cksum*/, - OM_uint32 */*flags*/, - krb5_data */*fwd_data*/); - -OM_uint32 -_gsskrb5_verify_header ( - u_char **/*str*/, - size_t /*total_len*/, - const void */*type*/, - gss_OID /*oid*/); - -OM_uint32 -_gsskrb5_verify_mic ( - OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - const gss_buffer_t /*message_buffer*/, - const gss_buffer_t /*token_buffer*/, - gss_qop_t * qop_state ); - -OM_uint32 -_gsskrb5_verify_mic_internal ( - OM_uint32 * /*minor_status*/, - const gsskrb5_ctx /*context_handle*/, - krb5_context /*context*/, - const gss_buffer_t /*message_buffer*/, - const gss_buffer_t /*token_buffer*/, - gss_qop_t * /*qop_state*/, - char * type ); - -OM_uint32 -_gsskrb5_wrap ( - OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - int /*conf_req_flag*/, - gss_qop_t /*qop_req*/, - const gss_buffer_t /*input_message_buffer*/, - int * /*conf_state*/, - gss_buffer_t output_message_buffer ); - -OM_uint32 -_gsskrb5_wrap_size_limit ( - OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - int /*conf_req_flag*/, - gss_qop_t /*qop_req*/, - OM_uint32 /*req_output_size*/, - OM_uint32 * max_input_size ); - -krb5_error_code -_gsskrb5cfx_max_wrap_length_cfx ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - int /*conf_req_flag*/, - size_t /*input_length*/, - OM_uint32 */*output_length*/); - -krb5_error_code -_gsskrb5cfx_wrap_length_cfx ( - const gsskrb5_ctx /*context_handle*/, - krb5_context /*context*/, - krb5_crypto /*crypto*/, - int /*conf_req_flag*/, - size_t /*input_length*/, - size_t */*output_length*/, - size_t */*cksumsize*/, - uint16_t */*padlength*/); - -krb5_error_code -_gsskrb5i_address_to_krb5addr ( - krb5_context /*context*/, - OM_uint32 /*gss_addr_type*/, - gss_buffer_desc */*gss_addr*/, - int16_t /*port*/, - krb5_address */*address*/); - -krb5_error_code -_gsskrb5i_get_acceptor_subkey ( - const gsskrb5_ctx /*ctx*/, - krb5_context /*context*/, - krb5_keyblock **/*key*/); - -krb5_error_code -_gsskrb5i_get_initiator_subkey ( - const gsskrb5_ctx /*ctx*/, - krb5_context /*context*/, - krb5_keyblock **/*key*/); - -OM_uint32 -_gsskrb5i_get_token_key ( - const gsskrb5_ctx /*ctx*/, - krb5_context /*context*/, - krb5_keyblock **/*key*/); - -void -_gsskrb5i_is_cfx ( - gsskrb5_ctx /*ctx*/, - int */*is_cfx*/); - -#endif /* __gsskrb5_private_h__ */ diff --git a/source4/heimdal/lib/gssapi/spnego/spnego-private.h b/source4/heimdal/lib/gssapi/spnego/spnego-private.h deleted file mode 100644 index 3b20d737b7..0000000000 --- a/source4/heimdal/lib/gssapi/spnego/spnego-private.h +++ /dev/null @@ -1,337 +0,0 @@ -/* This is a generated file */ -#ifndef __spnego_private_h__ -#define __spnego_private_h__ - -#include - -gssapi_mech_interface -__gss_spnego_initialize (void); - -OM_uint32 -_gss_spnego_accept_sec_context ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t * /*context_handle*/, - const gss_cred_id_t /*acceptor_cred_handle*/, - const gss_buffer_t /*input_token_buffer*/, - const gss_channel_bindings_t /*input_chan_bindings*/, - gss_name_t * /*src_name*/, - gss_OID * /*mech_type*/, - gss_buffer_t /*output_token*/, - OM_uint32 * /*ret_flags*/, - OM_uint32 * /*time_rec*/, - gss_cred_id_t *delegated_cred_handle ); - -OM_uint32 -_gss_spnego_acquire_cred ( - OM_uint32 */*minor_status*/, - const gss_name_t /*desired_name*/, - OM_uint32 /*time_req*/, - const gss_OID_set /*desired_mechs*/, - gss_cred_usage_t /*cred_usage*/, - gss_cred_id_t * /*output_cred_handle*/, - gss_OID_set * /*actual_mechs*/, - OM_uint32 * time_rec ); - -OM_uint32 -_gss_spnego_add_cred ( - OM_uint32 * /*minor_status*/, - const gss_cred_id_t /*input_cred_handle*/, - const gss_name_t /*desired_name*/, - const gss_OID /*desired_mech*/, - gss_cred_usage_t /*cred_usage*/, - OM_uint32 /*initiator_time_req*/, - OM_uint32 /*acceptor_time_req*/, - gss_cred_id_t * /*output_cred_handle*/, - gss_OID_set * /*actual_mechs*/, - OM_uint32 * /*initiator_time_rec*/, - OM_uint32 * acceptor_time_rec ); - -OM_uint32 -_gss_spnego_alloc_cred ( - OM_uint32 */*minor_status*/, - gss_cred_id_t /*mech_cred_handle*/, - gss_cred_id_t */*cred_handle*/); - -OM_uint32 -_gss_spnego_alloc_sec_context ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t */*context_handle*/); - -OM_uint32 -_gss_spnego_canonicalize_name ( - OM_uint32 * /*minor_status*/, - const gss_name_t /*input_name*/, - const gss_OID /*mech_type*/, - gss_name_t * output_name ); - -OM_uint32 -_gss_spnego_compare_name ( - OM_uint32 */*minor_status*/, - const gss_name_t /*name1*/, - const gss_name_t /*name2*/, - int * name_equal ); - -OM_uint32 -_gss_spnego_context_time ( - OM_uint32 */*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - OM_uint32 *time_rec ); - -OM_uint32 -_gss_spnego_delete_sec_context ( - OM_uint32 */*minor_status*/, - gss_ctx_id_t */*context_handle*/, - gss_buffer_t output_token ); - -OM_uint32 -_gss_spnego_display_name ( - OM_uint32 * /*minor_status*/, - const gss_name_t /*input_name*/, - gss_buffer_t /*output_name_buffer*/, - gss_OID * output_name_type ); - -OM_uint32 -_gss_spnego_duplicate_name ( - OM_uint32 * /*minor_status*/, - const gss_name_t /*src_name*/, - gss_name_t * dest_name ); - -OM_uint32 -_gss_spnego_export_name ( - OM_uint32 * /*minor_status*/, - const gss_name_t /*input_name*/, - gss_buffer_t exported_name ); - -OM_uint32 -_gss_spnego_export_sec_context ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t * /*context_handle*/, - gss_buffer_t interprocess_token ); - -OM_uint32 -_gss_spnego_get_mic ( - OM_uint32 */*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - gss_qop_t /*qop_req*/, - const gss_buffer_t /*message_buffer*/, - gss_buffer_t message_token ); - -OM_uint32 -_gss_spnego_import_name ( - OM_uint32 * /*minor_status*/, - const gss_buffer_t /*name_buffer*/, - const gss_OID /*name_type*/, - gss_name_t * output_name ); - -OM_uint32 -_gss_spnego_import_sec_context ( - OM_uint32 * /*minor_status*/, - const gss_buffer_t /*interprocess_token*/, - gss_ctx_id_t *context_handle ); - -OM_uint32 -_gss_spnego_indicate_mechtypelist ( - OM_uint32 */*minor_status*/, - gss_name_t /*target_name*/, - OM_uint32 (*/*func*/)(gss_name_t, gss_OID), - int /*includeMSCompatOID*/, - const gssspnego_cred /*cred_handle*/, - MechTypeList */*mechtypelist*/, - gss_OID */*preferred_mech*/); - -OM_uint32 -_gss_spnego_init_sec_context ( - OM_uint32 * /*minor_status*/, - const gss_cred_id_t /*initiator_cred_handle*/, - gss_ctx_id_t * /*context_handle*/, - const gss_name_t /*target_name*/, - const gss_OID /*mech_type*/, - OM_uint32 /*req_flags*/, - OM_uint32 /*time_req*/, - const gss_channel_bindings_t /*input_chan_bindings*/, - const gss_buffer_t /*input_token*/, - gss_OID * /*actual_mech_type*/, - gss_buffer_t /*output_token*/, - OM_uint32 * /*ret_flags*/, - OM_uint32 * time_rec ); - -OM_uint32 -_gss_spnego_inquire_context ( - OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - gss_name_t * /*src_name*/, - gss_name_t * /*targ_name*/, - OM_uint32 * /*lifetime_rec*/, - gss_OID * /*mech_type*/, - OM_uint32 * /*ctx_flags*/, - int * /*locally_initiated*/, - int * open_context ); - -OM_uint32 -_gss_spnego_inquire_cred ( - OM_uint32 * /*minor_status*/, - const gss_cred_id_t /*cred_handle*/, - gss_name_t * /*name*/, - OM_uint32 * /*lifetime*/, - gss_cred_usage_t * /*cred_usage*/, - gss_OID_set * mechanisms ); - -OM_uint32 -_gss_spnego_inquire_cred_by_mech ( - OM_uint32 * /*minor_status*/, - const gss_cred_id_t /*cred_handle*/, - const gss_OID /*mech_type*/, - gss_name_t * /*name*/, - OM_uint32 * /*initiator_lifetime*/, - OM_uint32 * /*acceptor_lifetime*/, - gss_cred_usage_t * cred_usage ); - -OM_uint32 -_gss_spnego_inquire_cred_by_oid ( - OM_uint32 * /*minor_status*/, - const gss_cred_id_t /*cred_handle*/, - const gss_OID /*desired_object*/, - gss_buffer_set_t */*data_set*/); - -OM_uint32 -_gss_spnego_inquire_mechs_for_name ( - OM_uint32 * /*minor_status*/, - const gss_name_t /*input_name*/, - gss_OID_set * mech_types ); - -OM_uint32 -_gss_spnego_inquire_names_for_mech ( - OM_uint32 * /*minor_status*/, - const gss_OID /*mechanism*/, - gss_OID_set * name_types ); - -OM_uint32 -_gss_spnego_inquire_sec_context_by_oid ( - OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - const gss_OID /*desired_object*/, - gss_buffer_set_t */*data_set*/); - -OM_uint32 -_gss_spnego_internal_delete_sec_context ( - OM_uint32 */*minor_status*/, - gss_ctx_id_t */*context_handle*/, - gss_buffer_t output_token ); - -OM_uint32 -_gss_spnego_process_context_token ( - OM_uint32 */*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - const gss_buffer_t token_buffer ); - -OM_uint32 -_gss_spnego_pseudo_random ( - OM_uint32 */*minor_status*/, - gss_ctx_id_t /*context_handle*/, - int /*prf_key*/, - const gss_buffer_t /*prf_in*/, - ssize_t /*desired_output_len*/, - gss_buffer_t /*prf_out*/); - -OM_uint32 -_gss_spnego_release_cred ( - OM_uint32 */*minor_status*/, - gss_cred_id_t */*cred_handle*/); - -OM_uint32 -_gss_spnego_release_name ( - OM_uint32 * /*minor_status*/, - gss_name_t * input_name ); - -OM_uint32 -_gss_spnego_require_mechlist_mic ( - OM_uint32 */*minor_status*/, - gssspnego_ctx /*ctx*/, - int */*require_mic*/); - -OM_uint32 -_gss_spnego_seal ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - int /*conf_req_flag*/, - int /*qop_req*/, - gss_buffer_t /*input_message_buffer*/, - int * /*conf_state*/, - gss_buffer_t output_message_buffer ); - -OM_uint32 -_gss_spnego_set_cred_option ( - OM_uint32 */*minor_status*/, - gss_cred_id_t */*cred_handle*/, - const gss_OID /*object*/, - const gss_buffer_t /*value*/); - -OM_uint32 -_gss_spnego_set_sec_context_option ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t * /*context_handle*/, - const gss_OID /*desired_object*/, - const gss_buffer_t /*value*/); - -OM_uint32 -_gss_spnego_sign ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - int /*qop_req*/, - gss_buffer_t /*message_buffer*/, - gss_buffer_t message_token ); - -OM_uint32 -_gss_spnego_unseal ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - gss_buffer_t /*input_message_buffer*/, - gss_buffer_t /*output_message_buffer*/, - int * /*conf_state*/, - int * qop_state ); - -OM_uint32 -_gss_spnego_unwrap ( - OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - const gss_buffer_t /*input_message_buffer*/, - gss_buffer_t /*output_message_buffer*/, - int * /*conf_state*/, - gss_qop_t * qop_state ); - -OM_uint32 -_gss_spnego_verify ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - gss_buffer_t /*message_buffer*/, - gss_buffer_t /*token_buffer*/, - int * qop_state ); - -OM_uint32 -_gss_spnego_verify_mic ( - OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - const gss_buffer_t /*message_buffer*/, - const gss_buffer_t /*token_buffer*/, - gss_qop_t * qop_state ); - -OM_uint32 -_gss_spnego_wrap ( - OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - int /*conf_req_flag*/, - gss_qop_t /*qop_req*/, - const gss_buffer_t /*input_message_buffer*/, - int * /*conf_state*/, - gss_buffer_t output_message_buffer ); - -OM_uint32 -_gss_spnego_wrap_size_limit ( - OM_uint32 * /*minor_status*/, - const gss_ctx_id_t /*context_handle*/, - int /*conf_req_flag*/, - gss_qop_t /*qop_req*/, - OM_uint32 /*req_output_size*/, - OM_uint32 * max_input_size ); - -#endif /* __spnego_private_h__ */ diff --git a/source4/heimdal/lib/hdb/hdb-private.h b/source4/heimdal/lib/hdb/hdb-private.h deleted file mode 100644 index 5147d8b90b..0000000000 --- a/source4/heimdal/lib/hdb/hdb-private.h +++ /dev/null @@ -1,54 +0,0 @@ -/* This is a generated file */ -#ifndef __hdb_private_h__ -#define __hdb_private_h__ - -#include - -krb5_error_code -_hdb_fetch ( - krb5_context /*context*/, - HDB */*db*/, - krb5_const_principal /*principal*/, - unsigned /*flags*/, - hdb_entry_ex */*entry*/); - -hdb_master_key -_hdb_find_master_key ( - uint32_t */*mkvno*/, - hdb_master_key /*mkey*/); - -int -_hdb_mkey_decrypt ( - krb5_context /*context*/, - hdb_master_key /*key*/, - krb5_key_usage /*usage*/, - void */*ptr*/, - size_t /*size*/, - krb5_data */*res*/); - -int -_hdb_mkey_encrypt ( - krb5_context /*context*/, - hdb_master_key /*key*/, - krb5_key_usage /*usage*/, - const void */*ptr*/, - size_t /*size*/, - krb5_data */*res*/); - -int -_hdb_mkey_version (hdb_master_key /*mkey*/); - -krb5_error_code -_hdb_remove ( - krb5_context /*context*/, - HDB */*db*/, - krb5_const_principal /*principal*/); - -krb5_error_code -_hdb_store ( - krb5_context /*context*/, - HDB */*db*/, - unsigned /*flags*/, - hdb_entry_ex */*entry*/); - -#endif /* __hdb_private_h__ */ diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h deleted file mode 100644 index 4c3d3eb1ab..0000000000 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ /dev/null @@ -1,400 +0,0 @@ -/* This is a generated file */ -#ifndef __hdb_protos_h__ -#define __hdb_protos_h__ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -krb5_error_code -hdb_add_master_key ( - krb5_context /*context*/, - krb5_keyblock */*key*/, - hdb_master_key */*inout*/); - -krb5_error_code -hdb_check_db_format ( - krb5_context /*context*/, - HDB */*db*/); - -krb5_error_code -hdb_clear_extension ( - krb5_context /*context*/, - hdb_entry */*entry*/, - int /*type*/); - -krb5_error_code -hdb_clear_master_key ( - krb5_context /*context*/, - HDB */*db*/); - -krb5_error_code -hdb_create ( - krb5_context /*context*/, - HDB **/*db*/, - const char */*filename*/); - -krb5_error_code -hdb_db_create ( - krb5_context /*context*/, - HDB **/*db*/, - const char */*filename*/); - -const char * -hdb_db_dir (krb5_context /*context*/); - -const char * -hdb_dbinfo_get_acl_file ( - krb5_context /*context*/, - struct hdb_dbinfo */*dbp*/); - -const krb5_config_binding * -hdb_dbinfo_get_binding ( - krb5_context /*context*/, - struct hdb_dbinfo */*dbp*/); - -const char * -hdb_dbinfo_get_dbname ( - krb5_context /*context*/, - struct hdb_dbinfo */*dbp*/); - -const char * -hdb_dbinfo_get_label ( - krb5_context /*context*/, - struct hdb_dbinfo */*dbp*/); - -const char * -hdb_dbinfo_get_log_file ( - krb5_context /*context*/, - struct hdb_dbinfo */*dbp*/); - -const char * -hdb_dbinfo_get_mkey_file ( - krb5_context /*context*/, - struct hdb_dbinfo */*dbp*/); - -struct hdb_dbinfo * -hdb_dbinfo_get_next ( - struct hdb_dbinfo */*dbp*/, - struct hdb_dbinfo */*dbprevp*/); - -const char * -hdb_dbinfo_get_realm ( - krb5_context /*context*/, - struct hdb_dbinfo */*dbp*/); - -const char * -hdb_default_db (krb5_context /*context*/); - -krb5_error_code -hdb_enctype2key ( - krb5_context /*context*/, - hdb_entry */*e*/, - krb5_enctype /*enctype*/, - Key **/*key*/); - -krb5_error_code -hdb_entry2string ( - krb5_context /*context*/, - hdb_entry */*ent*/, - char **/*str*/); - -int -hdb_entry2value ( - krb5_context /*context*/, - const hdb_entry */*ent*/, - krb5_data */*value*/); - -int -hdb_entry_alias2value ( - krb5_context /*context*/, - const hdb_entry_alias */*alias*/, - krb5_data */*value*/); - -krb5_error_code -hdb_entry_check_mandatory ( - krb5_context /*context*/, - const hdb_entry */*ent*/); - -int -hdb_entry_clear_password ( - krb5_context /*context*/, - hdb_entry */*entry*/); - -krb5_error_code -hdb_entry_get_ConstrainedDelegACL ( - const hdb_entry */*entry*/, - const HDB_Ext_Constrained_delegation_acl **/*a*/); - -krb5_error_code -hdb_entry_get_aliases ( - const hdb_entry */*entry*/, - const HDB_Ext_Aliases **/*a*/); - -int -hdb_entry_get_password ( - krb5_context /*context*/, - HDB */*db*/, - const hdb_entry */*entry*/, - char **/*p*/); - -krb5_error_code -hdb_entry_get_pkinit_acl ( - const hdb_entry */*entry*/, - const HDB_Ext_PKINIT_acl **/*a*/); - -krb5_error_code -hdb_entry_get_pkinit_hash ( - const hdb_entry */*entry*/, - const HDB_Ext_PKINIT_hash **/*a*/); - -krb5_error_code -hdb_entry_get_pw_change_time ( - const hdb_entry */*entry*/, - time_t */*t*/); - -int -hdb_entry_set_password ( - krb5_context /*context*/, - HDB */*db*/, - hdb_entry */*entry*/, - const char */*p*/); - -krb5_error_code -hdb_entry_set_pw_change_time ( - krb5_context /*context*/, - hdb_entry */*entry*/, - time_t /*t*/); - -HDB_extension * -hdb_find_extension ( - const hdb_entry */*entry*/, - int /*type*/); - -krb5_error_code -hdb_foreach ( - krb5_context /*context*/, - HDB */*db*/, - unsigned /*flags*/, - hdb_foreach_func_t /*func*/, - void */*data*/); - -void -hdb_free_dbinfo ( - krb5_context /*context*/, - struct hdb_dbinfo **/*dbp*/); - -void -hdb_free_entry ( - krb5_context /*context*/, - hdb_entry_ex */*ent*/); - -void -hdb_free_key (Key */*key*/); - -void -hdb_free_keys ( - krb5_context /*context*/, - int /*len*/, - Key */*keys*/); - -void -hdb_free_master_key ( - krb5_context /*context*/, - hdb_master_key /*mkey*/); - -krb5_error_code -hdb_generate_key_set ( - krb5_context /*context*/, - krb5_principal /*principal*/, - Key **/*ret_key_set*/, - size_t */*nkeyset*/, - int /*no_salt*/); - -krb5_error_code -hdb_generate_key_set_password ( - krb5_context /*context*/, - krb5_principal /*principal*/, - const char */*password*/, - Key **/*keys*/, - size_t */*num_keys*/); - -int -hdb_get_dbinfo ( - krb5_context /*context*/, - struct hdb_dbinfo **/*dbp*/); - -krb5_error_code -hdb_init_db ( - krb5_context /*context*/, - HDB */*db*/); - -int -hdb_key2principal ( - krb5_context /*context*/, - krb5_data */*key*/, - krb5_principal /*p*/); - -krb5_error_code -hdb_ldap_common ( - krb5_context /*context*/, - HDB ** /*db*/, - const char */*search_base*/, - const char */*url*/); - -krb5_error_code -hdb_ldap_create ( - krb5_context /*context*/, - HDB ** /*db*/, - const char */*arg*/); - -krb5_error_code -hdb_ldapi_create ( - krb5_context /*context*/, - HDB ** /*db*/, - const char */*arg*/); - -krb5_error_code -hdb_list_builtin ( - krb5_context /*context*/, - char **/*list*/); - -krb5_error_code -hdb_lock ( - int /*fd*/, - int /*operation*/); - -krb5_error_code -hdb_ndbm_create ( - krb5_context /*context*/, - HDB **/*db*/, - const char */*filename*/); - -krb5_error_code -hdb_next_enctype2key ( - krb5_context /*context*/, - const hdb_entry */*e*/, - krb5_enctype /*enctype*/, - Key **/*key*/); - -int -hdb_principal2key ( - krb5_context /*context*/, - krb5_const_principal /*p*/, - krb5_data */*key*/); - -krb5_error_code -hdb_print_entry ( - krb5_context /*context*/, - HDB */*db*/, - hdb_entry_ex */*entry*/, - void */*data*/); - -krb5_error_code -hdb_process_master_key ( - krb5_context /*context*/, - int /*kvno*/, - krb5_keyblock */*key*/, - krb5_enctype /*etype*/, - hdb_master_key */*mkey*/); - -krb5_error_code -hdb_read_master_key ( - krb5_context /*context*/, - const char */*filename*/, - hdb_master_key */*mkey*/); - -krb5_error_code -hdb_replace_extension ( - krb5_context /*context*/, - hdb_entry */*entry*/, - const HDB_extension */*ext*/); - -krb5_error_code -hdb_seal_key ( - krb5_context /*context*/, - HDB */*db*/, - Key */*k*/); - -krb5_error_code -hdb_seal_key_mkey ( - krb5_context /*context*/, - Key */*k*/, - hdb_master_key /*mkey*/); - -krb5_error_code -hdb_seal_keys ( - krb5_context /*context*/, - HDB */*db*/, - hdb_entry */*ent*/); - -krb5_error_code -hdb_seal_keys_mkey ( - krb5_context /*context*/, - hdb_entry */*ent*/, - hdb_master_key /*mkey*/); - -krb5_error_code -hdb_set_master_key ( - krb5_context /*context*/, - HDB */*db*/, - krb5_keyblock */*key*/); - -krb5_error_code -hdb_set_master_keyfile ( - krb5_context /*context*/, - HDB */*db*/, - const char */*keyfile*/); - -krb5_error_code -hdb_unlock (int /*fd*/); - -krb5_error_code -hdb_unseal_key ( - krb5_context /*context*/, - HDB */*db*/, - Key */*k*/); - -krb5_error_code -hdb_unseal_key_mkey ( - krb5_context /*context*/, - Key */*k*/, - hdb_master_key /*mkey*/); - -krb5_error_code -hdb_unseal_keys ( - krb5_context /*context*/, - HDB */*db*/, - hdb_entry */*ent*/); - -krb5_error_code -hdb_unseal_keys_mkey ( - krb5_context /*context*/, - hdb_entry */*ent*/, - hdb_master_key /*mkey*/); - -int -hdb_value2entry ( - krb5_context /*context*/, - krb5_data */*value*/, - hdb_entry */*ent*/); - -int -hdb_value2entry_alias ( - krb5_context /*context*/, - krb5_data */*value*/, - hdb_entry_alias */*ent*/); - -krb5_error_code -hdb_write_master_key ( - krb5_context /*context*/, - const char */*filename*/, - hdb_master_key /*mkey*/); - -#ifdef __cplusplus -} -#endif - -#endif /* __hdb_protos_h__ */ diff --git a/source4/heimdal/lib/hx509/hx509-private.h b/source4/heimdal/lib/hx509/hx509-private.h deleted file mode 100644 index de1fcfa7e6..0000000000 --- a/source4/heimdal/lib/hx509/hx509-private.h +++ /dev/null @@ -1,548 +0,0 @@ -/* This is a generated file */ -#ifndef __hx509_private_h__ -#define __hx509_private_h__ - -#include - -#if !defined(__GNUC__) && !defined(__attribute__) -#define __attribute__(x) -#endif - -int -_hx509_AlgorithmIdentifier_cmp ( - const AlgorithmIdentifier */*p*/, - const AlgorithmIdentifier */*q*/); - -int -_hx509_Certificate_cmp ( - const Certificate */*p*/, - const Certificate */*q*/); - -int -_hx509_Name_to_string ( - const Name */*n*/, - char **/*str*/); - -time_t -_hx509_Time2time_t (const Time */*t*/); - -void -_hx509_abort ( - const char */*fmt*/, - ...) - __attribute__ ((noreturn, format (printf, 1, 2))); - -int -_hx509_calculate_path ( - hx509_context /*context*/, - int /*flags*/, - time_t /*time_now*/, - hx509_certs /*anchors*/, - unsigned int /*max_depth*/, - hx509_cert /*cert*/, - hx509_certs /*pool*/, - hx509_path */*path*/); - -int -_hx509_cert_assign_key ( - hx509_cert /*cert*/, - hx509_private_key /*private_key*/); - -int -_hx509_cert_get_eku ( - hx509_context /*context*/, - hx509_cert /*cert*/, - ExtKeyUsage */*e*/); - -int -_hx509_cert_get_keyusage ( - hx509_context /*context*/, - hx509_cert /*c*/, - KeyUsage */*ku*/); - -int -_hx509_cert_get_version (const Certificate */*t*/); - -int -_hx509_cert_is_parent_cmp ( - const Certificate */*subject*/, - const Certificate */*issuer*/, - int /*allow_self_signed*/); - -int -_hx509_cert_private_decrypt ( - hx509_context /*context*/, - const heim_octet_string */*ciphertext*/, - const heim_oid */*encryption_oid*/, - hx509_cert /*p*/, - heim_octet_string */*cleartext*/); - -hx509_private_key -_hx509_cert_private_key (hx509_cert /*p*/); - -int -_hx509_cert_private_key_exportable (hx509_cert /*p*/); - -int -_hx509_cert_public_encrypt ( - hx509_context /*context*/, - const heim_octet_string */*cleartext*/, - const hx509_cert /*p*/, - heim_oid */*encryption_oid*/, - heim_octet_string */*ciphertext*/); - -void -_hx509_cert_set_release ( - hx509_cert /*cert*/, - _hx509_cert_release_func /*release*/, - void */*ctx*/); - -int -_hx509_cert_to_env ( - hx509_context /*context*/, - hx509_cert /*cert*/, - hx509_env */*env*/); - -int -_hx509_certs_keys_add ( - hx509_context /*context*/, - hx509_certs /*certs*/, - hx509_private_key /*key*/); - -void -_hx509_certs_keys_free ( - hx509_context /*context*/, - hx509_private_key */*keys*/); - -int -_hx509_certs_keys_get ( - hx509_context /*context*/, - hx509_certs /*certs*/, - hx509_private_key **/*keys*/); - -hx509_certs -_hx509_certs_ref (hx509_certs /*certs*/); - -int -_hx509_check_key_usage ( - hx509_context /*context*/, - hx509_cert /*cert*/, - unsigned /*flags*/, - int /*req_present*/); - -int -_hx509_collector_alloc ( - hx509_context /*context*/, - hx509_lock /*lock*/, - struct hx509_collector **/*collector*/); - -int -_hx509_collector_certs_add ( - hx509_context /*context*/, - struct hx509_collector */*c*/, - hx509_cert /*cert*/); - -int -_hx509_collector_collect_certs ( - hx509_context /*context*/, - struct hx509_collector */*c*/, - hx509_certs */*ret_certs*/); - -int -_hx509_collector_collect_private_keys ( - hx509_context /*context*/, - struct hx509_collector */*c*/, - hx509_private_key **/*keys*/); - -void -_hx509_collector_free (struct hx509_collector */*c*/); - -hx509_lock -_hx509_collector_get_lock (struct hx509_collector */*c*/); - -int -_hx509_collector_private_key_add ( - hx509_context /*context*/, - struct hx509_collector */*c*/, - const AlgorithmIdentifier */*alg*/, - hx509_private_key /*private_key*/, - const heim_octet_string */*key_data*/, - const heim_octet_string */*localKeyId*/); - -int -_hx509_create_signature ( - hx509_context /*context*/, - const hx509_private_key /*signer*/, - const AlgorithmIdentifier */*alg*/, - const heim_octet_string */*data*/, - AlgorithmIdentifier */*signatureAlgorithm*/, - heim_octet_string */*sig*/); - -int -_hx509_create_signature_bitstring ( - hx509_context /*context*/, - const hx509_private_key /*signer*/, - const AlgorithmIdentifier */*alg*/, - const heim_octet_string */*data*/, - AlgorithmIdentifier */*signatureAlgorithm*/, - heim_bit_string */*sig*/); - -int -_hx509_expr_eval ( - hx509_context /*context*/, - hx509_env /*env*/, - struct hx_expr */*expr*/); - -void -_hx509_expr_free (struct hx_expr */*expr*/); - -struct hx_expr * -_hx509_expr_parse (const char */*buf*/); - -int -_hx509_find_extension_subject_key_id ( - const Certificate */*issuer*/, - SubjectKeyIdentifier */*si*/); - -int -_hx509_generate_private_key ( - hx509_context /*context*/, - struct hx509_generate_private_context */*ctx*/, - hx509_private_key */*private_key*/); - -int -_hx509_generate_private_key_bits ( - hx509_context /*context*/, - struct hx509_generate_private_context */*ctx*/, - unsigned long /*bits*/); - -void -_hx509_generate_private_key_free (struct hx509_generate_private_context **/*ctx*/); - -int -_hx509_generate_private_key_init ( - hx509_context /*context*/, - const heim_oid */*oid*/, - struct hx509_generate_private_context **/*ctx*/); - -int -_hx509_generate_private_key_is_ca ( - hx509_context /*context*/, - struct hx509_generate_private_context */*ctx*/); - -Certificate * -_hx509_get_cert (hx509_cert /*cert*/); - -void -_hx509_ks_dir_register (hx509_context /*context*/); - -void -_hx509_ks_file_register (hx509_context /*context*/); - -void -_hx509_ks_keychain_register (hx509_context /*context*/); - -void -_hx509_ks_mem_register (hx509_context /*context*/); - -void -_hx509_ks_null_register (hx509_context /*context*/); - -void -_hx509_ks_pkcs11_register (hx509_context /*context*/); - -void -_hx509_ks_pkcs12_register (hx509_context /*context*/); - -void -_hx509_ks_register ( - hx509_context /*context*/, - struct hx509_keyset_ops */*ops*/); - -int -_hx509_lock_find_cert ( - hx509_lock /*lock*/, - const hx509_query */*q*/, - hx509_cert */*c*/); - -const struct _hx509_password * -_hx509_lock_get_passwords (hx509_lock /*lock*/); - -hx509_certs -_hx509_lock_unlock_certs (hx509_lock /*lock*/); - -struct hx_expr * -_hx509_make_expr ( - enum hx_expr_op /*op*/, - void */*arg1*/, - void */*arg2*/); - -int -_hx509_map_file_os ( - const char */*fn*/, - heim_octet_string */*os*/); - -int -_hx509_match_keys ( - hx509_cert /*c*/, - hx509_private_key /*private_key*/); - -int -_hx509_name_cmp ( - const Name */*n1*/, - const Name */*n2*/, - int */*c*/); - -int -_hx509_name_ds_cmp ( - const DirectoryString */*ds1*/, - const DirectoryString */*ds2*/, - int */*diff*/); - -int -_hx509_name_from_Name ( - const Name */*n*/, - hx509_name */*name*/); - -int -_hx509_name_modify ( - hx509_context /*context*/, - Name */*name*/, - int /*append*/, - const heim_oid */*oid*/, - const char */*str*/); - -int -_hx509_parse_private_key ( - hx509_context /*context*/, - const heim_oid */*key_oid*/, - const void */*data*/, - size_t /*len*/, - hx509_private_key */*private_key*/); - -int -_hx509_path_append ( - hx509_context /*context*/, - hx509_path */*path*/, - hx509_cert /*cert*/); - -void -_hx509_path_free (hx509_path */*path*/); - -int -_hx509_pbe_decrypt ( - hx509_context /*context*/, - hx509_lock /*lock*/, - const AlgorithmIdentifier */*ai*/, - const heim_octet_string */*econtent*/, - heim_octet_string */*content*/); - -int -_hx509_pbe_encrypt ( - hx509_context /*context*/, - hx509_lock /*lock*/, - const AlgorithmIdentifier */*ai*/, - const heim_octet_string */*content*/, - heim_octet_string */*econtent*/); - -void -_hx509_pi_printf ( - int (*/*func*/)(void *, const char *), - void */*ctx*/, - const char */*fmt*/, - ...); - -int -_hx509_private_key2SPKI ( - hx509_context /*context*/, - hx509_private_key /*private_key*/, - SubjectPublicKeyInfo */*spki*/); - -void -_hx509_private_key_assign_rsa ( - hx509_private_key /*key*/, - void */*ptr*/); - -int -_hx509_private_key_export ( - hx509_context /*context*/, - const hx509_private_key /*key*/, - heim_octet_string */*data*/); - -int -_hx509_private_key_exportable (hx509_private_key /*key*/); - -int -_hx509_private_key_free (hx509_private_key */*key*/); - -BIGNUM * -_hx509_private_key_get_internal ( - hx509_context /*context*/, - hx509_private_key /*key*/, - const char */*type*/); - -int -_hx509_private_key_init ( - hx509_private_key */*key*/, - hx509_private_key_ops */*ops*/, - void */*keydata*/); - -int -_hx509_private_key_oid ( - hx509_context /*context*/, - const hx509_private_key /*key*/, - heim_oid */*data*/); - -int -_hx509_private_key_private_decrypt ( - hx509_context /*context*/, - const heim_octet_string */*ciphertext*/, - const heim_oid */*encryption_oid*/, - hx509_private_key /*p*/, - heim_octet_string */*cleartext*/); - -hx509_private_key -_hx509_private_key_ref (hx509_private_key /*key*/); - -const char * -_hx509_private_pem_name (hx509_private_key /*key*/); - -int -_hx509_public_encrypt ( - hx509_context /*context*/, - const heim_octet_string */*cleartext*/, - const Certificate */*cert*/, - heim_oid */*encryption_oid*/, - heim_octet_string */*ciphertext*/); - -void -_hx509_query_clear (hx509_query */*q*/); - -int -_hx509_query_match_cert ( - hx509_context /*context*/, - const hx509_query */*q*/, - hx509_cert /*cert*/); - -void -_hx509_query_statistic ( - hx509_context /*context*/, - int /*type*/, - const hx509_query */*q*/); - -int -_hx509_request_add_dns_name ( - hx509_context /*context*/, - hx509_request /*req*/, - const char */*hostname*/); - -int -_hx509_request_add_eku ( - hx509_context /*context*/, - hx509_request /*req*/, - const heim_oid */*oid*/); - -int -_hx509_request_add_email ( - hx509_context /*context*/, - hx509_request /*req*/, - const char */*email*/); - -void -_hx509_request_free (hx509_request */*req*/); - -int -_hx509_request_get_SubjectPublicKeyInfo ( - hx509_context /*context*/, - hx509_request /*req*/, - SubjectPublicKeyInfo */*key*/); - -int -_hx509_request_get_name ( - hx509_context /*context*/, - hx509_request /*req*/, - hx509_name */*name*/); - -int -_hx509_request_init ( - hx509_context /*context*/, - hx509_request */*req*/); - -int -_hx509_request_parse ( - hx509_context /*context*/, - const char */*path*/, - hx509_request */*req*/); - -int -_hx509_request_print ( - hx509_context /*context*/, - hx509_request /*req*/, - FILE */*f*/); - -int -_hx509_request_set_SubjectPublicKeyInfo ( - hx509_context /*context*/, - hx509_request /*req*/, - const SubjectPublicKeyInfo */*key*/); - -int -_hx509_request_set_name ( - hx509_context /*context*/, - hx509_request /*req*/, - hx509_name /*name*/); - -int -_hx509_request_to_pkcs10 ( - hx509_context /*context*/, - const hx509_request /*req*/, - const hx509_private_key /*signer*/, - heim_octet_string */*request*/); - -hx509_revoke_ctx -_hx509_revoke_ref (hx509_revoke_ctx /*ctx*/); - -void -_hx509_sel_yyerror (char */*s*/); - -int -_hx509_set_cert_attribute ( - hx509_context /*context*/, - hx509_cert /*cert*/, - const heim_oid */*oid*/, - const heim_octet_string */*attr*/); - -void -_hx509_unmap_file_os (heim_octet_string */*os*/); - -int -_hx509_unparse_Name ( - const Name */*aname*/, - char **/*str*/); - -time_t -_hx509_verify_get_time (hx509_verify_ctx /*ctx*/); - -int -_hx509_verify_signature ( - hx509_context /*context*/, - const Certificate */*signer*/, - const AlgorithmIdentifier */*alg*/, - const heim_octet_string */*data*/, - const heim_octet_string */*sig*/); - -int -_hx509_verify_signature_bitstring ( - hx509_context /*context*/, - const Certificate */*signer*/, - const AlgorithmIdentifier */*alg*/, - const heim_octet_string */*data*/, - const heim_bit_string */*sig*/); - -int -_hx509_write_file ( - const char */*fn*/, - const void */*data*/, - size_t /*length*/); - -#endif /* __hx509_private_h__ */ diff --git a/source4/heimdal/lib/hx509/hx509-protos.h b/source4/heimdal/lib/hx509/hx509-protos.h deleted file mode 100644 index f8e6bc19a4..0000000000 --- a/source4/heimdal/lib/hx509/hx509-protos.h +++ /dev/null @@ -1,1080 +0,0 @@ -/* This is a generated file */ -#ifndef __hx509_protos_h__ -#define __hx509_protos_h__ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef HX509_LIB -#if defined(_WIN32) -#define HX509_LIB_FUNCTION _stdcall __declspec(dllimport) -#define HX509_LIB_VARIABLE __declspec(dllimport) -#else -#define HX509_LIB_FUNCTION -#define HX509_LIB_VARIABLE -#endif -#endif - -void -hx509_bitstring_print ( - const heim_bit_string */*b*/, - hx509_vprint_func /*func*/, - void */*ctx*/); - -int -hx509_ca_sign ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - hx509_cert /*signer*/, - hx509_cert */*certificate*/); - -int -hx509_ca_sign_self ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - hx509_private_key /*signer*/, - hx509_cert */*certificate*/); - -int -hx509_ca_tbs_add_crl_dp_uri ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - const char */*uri*/, - hx509_name /*issuername*/); - -int -hx509_ca_tbs_add_eku ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - const heim_oid */*oid*/); - -int -hx509_ca_tbs_add_san_hostname ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - const char */*dnsname*/); - -int -hx509_ca_tbs_add_san_jid ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - const char */*jid*/); - -int -hx509_ca_tbs_add_san_ms_upn ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - const char */*principal*/); - -int -hx509_ca_tbs_add_san_otherName ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - const heim_oid */*oid*/, - const heim_octet_string */*os*/); - -int -hx509_ca_tbs_add_san_pkinit ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - const char */*principal*/); - -int -hx509_ca_tbs_add_san_rfc822name ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - const char */*rfc822Name*/); - -void -hx509_ca_tbs_free (hx509_ca_tbs */*tbs*/); - -int -hx509_ca_tbs_init ( - hx509_context /*context*/, - hx509_ca_tbs */*tbs*/); - -int -hx509_ca_tbs_set_ca ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - int /*pathLenConstraint*/); - -int -hx509_ca_tbs_set_domaincontroller ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/); - -int -hx509_ca_tbs_set_notAfter ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - time_t /*t*/); - -int -hx509_ca_tbs_set_notAfter_lifetime ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - time_t /*delta*/); - -int -hx509_ca_tbs_set_notBefore ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - time_t /*t*/); - -int -hx509_ca_tbs_set_proxy ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - int /*pathLenConstraint*/); - -int -hx509_ca_tbs_set_serialnumber ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - const heim_integer */*serialNumber*/); - -int -hx509_ca_tbs_set_spki ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - const SubjectPublicKeyInfo */*spki*/); - -int -hx509_ca_tbs_set_subject ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - hx509_name /*subject*/); - -int -hx509_ca_tbs_set_template ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - int /*flags*/, - hx509_cert /*cert*/); - -int -hx509_ca_tbs_subject_expand ( - hx509_context /*context*/, - hx509_ca_tbs /*tbs*/, - hx509_env /*env*/); - -const struct units * -hx509_ca_tbs_template_units (void); - -int -hx509_cert_binary ( - hx509_context /*context*/, - hx509_cert /*c*/, - heim_octet_string */*os*/); - -int -hx509_cert_check_eku ( - hx509_context /*context*/, - hx509_cert /*cert*/, - const heim_oid */*eku*/, - int /*allow_any_eku*/); - -int -hx509_cert_cmp ( - hx509_cert /*p*/, - hx509_cert /*q*/); - -int -hx509_cert_find_subjectAltName_otherName ( - hx509_context /*context*/, - hx509_cert /*cert*/, - const heim_oid */*oid*/, - hx509_octet_string_list */*list*/); - -void -hx509_cert_free (hx509_cert /*cert*/); - -int -hx509_cert_get_SPKI ( - hx509_context /*context*/, - hx509_cert /*p*/, - SubjectPublicKeyInfo */*spki*/); - -int -hx509_cert_get_SPKI_AlgorithmIdentifier ( - hx509_context /*context*/, - hx509_cert /*p*/, - AlgorithmIdentifier */*alg*/); - -hx509_cert_attribute -hx509_cert_get_attribute ( - hx509_cert /*cert*/, - const heim_oid */*oid*/); - -int -hx509_cert_get_base_subject ( - hx509_context /*context*/, - hx509_cert /*c*/, - hx509_name */*name*/); - -const char * -hx509_cert_get_friendly_name (hx509_cert /*cert*/); - -int -hx509_cert_get_issuer ( - hx509_cert /*p*/, - hx509_name */*name*/); - -time_t -hx509_cert_get_notAfter (hx509_cert /*p*/); - -time_t -hx509_cert_get_notBefore (hx509_cert /*p*/); - -int -hx509_cert_get_serialnumber ( - hx509_cert /*p*/, - heim_integer */*i*/); - -int -hx509_cert_get_subject ( - hx509_cert /*p*/, - hx509_name */*name*/); - -int -hx509_cert_have_private_key (hx509_cert /*p*/); - -int -hx509_cert_init ( - hx509_context /*context*/, - const Certificate */*c*/, - hx509_cert */*cert*/); - -int -hx509_cert_init_data ( - hx509_context /*context*/, - const void */*ptr*/, - size_t /*len*/, - hx509_cert */*cert*/); - -int -hx509_cert_keyusage_print ( - hx509_context /*context*/, - hx509_cert /*c*/, - char **/*s*/); - -hx509_cert -hx509_cert_ref (hx509_cert /*cert*/); - -int -hx509_cert_set_friendly_name ( - hx509_cert /*cert*/, - const char */*name*/); - -int -hx509_certs_add ( - hx509_context /*context*/, - hx509_certs /*certs*/, - hx509_cert /*cert*/); - -int -hx509_certs_append ( - hx509_context /*context*/, - hx509_certs /*to*/, - hx509_lock /*lock*/, - const char */*name*/); - -int -hx509_certs_end_seq ( - hx509_context /*context*/, - hx509_certs /*certs*/, - hx509_cursor /*cursor*/); - -int -hx509_certs_find ( - hx509_context /*context*/, - hx509_certs /*certs*/, - const hx509_query */*q*/, - hx509_cert */*r*/); - -void -hx509_certs_free (hx509_certs */*certs*/); - -int -hx509_certs_info ( - hx509_context /*context*/, - hx509_certs /*certs*/, - int (*/*func*/)(void *, const char *), - void */*ctx*/); - -int -hx509_certs_init ( - hx509_context /*context*/, - const char */*name*/, - int /*flags*/, - hx509_lock /*lock*/, - hx509_certs */*certs*/); - -int -hx509_certs_iter ( - hx509_context /*context*/, - hx509_certs /*certs*/, - int (*/*func*/)(hx509_context, void *, hx509_cert), - void */*ctx*/); - -int -hx509_certs_merge ( - hx509_context /*context*/, - hx509_certs /*to*/, - hx509_certs /*from*/); - -int -hx509_certs_next_cert ( - hx509_context /*context*/, - hx509_certs /*certs*/, - hx509_cursor /*cursor*/, - hx509_cert */*cert*/); - -int -hx509_certs_start_seq ( - hx509_context /*context*/, - hx509_certs /*certs*/, - hx509_cursor */*cursor*/); - -int -hx509_certs_store ( - hx509_context /*context*/, - hx509_certs /*certs*/, - int /*flags*/, - hx509_lock /*lock*/); - -int -hx509_ci_print_names ( - hx509_context /*context*/, - void */*ctx*/, - hx509_cert /*c*/); - -void -hx509_clear_error_string (hx509_context /*context*/); - -int -hx509_cms_create_signed_1 ( - hx509_context /*context*/, - int /*flags*/, - const heim_oid */*eContentType*/, - const void */*data*/, - size_t /*length*/, - const AlgorithmIdentifier */*digest_alg*/, - hx509_cert /*cert*/, - hx509_peer_info /*peer*/, - hx509_certs /*anchors*/, - hx509_certs /*pool*/, - heim_octet_string */*signed_data*/); - -int -hx509_cms_decrypt_encrypted ( - hx509_context /*context*/, - hx509_lock /*lock*/, - const void */*data*/, - size_t /*length*/, - heim_oid */*contentType*/, - heim_octet_string */*content*/); - -int -hx509_cms_envelope_1 ( - hx509_context /*context*/, - int /*flags*/, - hx509_cert /*cert*/, - const void */*data*/, - size_t /*length*/, - const heim_oid */*encryption_type*/, - const heim_oid */*contentType*/, - heim_octet_string */*content*/); - -int -hx509_cms_unenvelope ( - hx509_context /*context*/, - hx509_certs /*certs*/, - int /*flags*/, - const void */*data*/, - size_t /*length*/, - const heim_octet_string */*encryptedContent*/, - time_t /*time_now*/, - heim_oid */*contentType*/, - heim_octet_string */*content*/); - -int -hx509_cms_unwrap_ContentInfo ( - const heim_octet_string */*in*/, - heim_oid */*oid*/, - heim_octet_string */*out*/, - int */*have_data*/); - -int -hx509_cms_verify_signed ( - hx509_context /*context*/, - hx509_verify_ctx /*ctx*/, - const void */*data*/, - size_t /*length*/, - const heim_octet_string */*signedContent*/, - hx509_certs /*pool*/, - heim_oid */*contentType*/, - heim_octet_string */*content*/, - hx509_certs */*signer_certs*/); - -int -hx509_cms_wrap_ContentInfo ( - const heim_oid */*oid*/, - const heim_octet_string */*buf*/, - heim_octet_string */*res*/); - -void -hx509_context_free (hx509_context */*context*/); - -int -hx509_context_init (hx509_context */*context*/); - -void -hx509_context_set_missing_revoke ( - hx509_context /*context*/, - int /*flag*/); - -int -hx509_crl_add_revoked_certs ( - hx509_context /*context*/, - hx509_crl /*crl*/, - hx509_certs /*certs*/); - -int -hx509_crl_alloc ( - hx509_context /*context*/, - hx509_crl */*crl*/); - -void -hx509_crl_free ( - hx509_context /*context*/, - hx509_crl */*crl*/); - -int -hx509_crl_lifetime ( - hx509_context /*context*/, - hx509_crl /*crl*/, - int /*delta*/); - -int -hx509_crl_sign ( - hx509_context /*context*/, - hx509_cert /*signer*/, - hx509_crl /*crl*/, - heim_octet_string */*os*/); - -const AlgorithmIdentifier * -hx509_crypto_aes128_cbc (void); - -const AlgorithmIdentifier * -hx509_crypto_aes256_cbc (void); - -int -hx509_crypto_available ( - hx509_context /*context*/, - int /*type*/, - hx509_cert /*source*/, - AlgorithmIdentifier **/*val*/, - unsigned int */*plen*/); - -int -hx509_crypto_decrypt ( - hx509_crypto /*crypto*/, - const void */*data*/, - const size_t /*length*/, - heim_octet_string */*ivec*/, - heim_octet_string */*clear*/); - -const AlgorithmIdentifier * -hx509_crypto_des_rsdi_ede3_cbc (void); - -void -hx509_crypto_destroy (hx509_crypto /*crypto*/); - -int -hx509_crypto_encrypt ( - hx509_crypto /*crypto*/, - const void */*data*/, - const size_t /*length*/, - const heim_octet_string */*ivec*/, - heim_octet_string **/*ciphertext*/); - -const heim_oid * -hx509_crypto_enctype_by_name (const char */*name*/); - -void -hx509_crypto_free_algs ( - AlgorithmIdentifier */*val*/, - unsigned int /*len*/); - -int -hx509_crypto_get_params ( - hx509_context /*context*/, - hx509_crypto /*crypto*/, - const heim_octet_string */*ivec*/, - heim_octet_string */*param*/); - -int -hx509_crypto_init ( - hx509_context /*context*/, - const char */*provider*/, - const heim_oid */*enctype*/, - hx509_crypto */*crypto*/); - -const char * -hx509_crypto_provider (hx509_crypto /*crypto*/); - -int -hx509_crypto_random_iv ( - hx509_crypto /*crypto*/, - heim_octet_string */*ivec*/); - -int -hx509_crypto_select ( - const hx509_context /*context*/, - int /*type*/, - const hx509_private_key /*source*/, - hx509_peer_info /*peer*/, - AlgorithmIdentifier */*selected*/); - -int -hx509_crypto_set_key_data ( - hx509_crypto /*crypto*/, - const void */*data*/, - size_t /*length*/); - -int -hx509_crypto_set_key_name ( - hx509_crypto /*crypto*/, - const char */*name*/); - -int -hx509_crypto_set_params ( - hx509_context /*context*/, - hx509_crypto /*crypto*/, - const heim_octet_string */*param*/, - heim_octet_string */*ivec*/); - -int -hx509_crypto_set_random_key ( - hx509_crypto /*crypto*/, - heim_octet_string */*key*/); - -int -hx509_env_add ( - hx509_context /*context*/, - hx509_env */*env*/, - const char */*key*/, - const char */*value*/); - -int -hx509_env_add_binding ( - hx509_context /*context*/, - hx509_env */*env*/, - const char */*key*/, - hx509_env /*list*/); - -const char * -hx509_env_find ( - hx509_context /*context*/, - hx509_env /*env*/, - const char */*key*/); - -hx509_env -hx509_env_find_binding ( - hx509_context /*context*/, - hx509_env /*env*/, - const char */*key*/); - -void -hx509_env_free (hx509_env */*env*/); - -const char * -hx509_env_lfind ( - hx509_context /*context*/, - hx509_env /*env*/, - const char */*key*/, - size_t /*len*/); - -void -hx509_err ( - hx509_context /*context*/, - int /*exit_code*/, - int /*error_code*/, - const char */*fmt*/, - ...); - -void -hx509_free_error_string (char */*str*/); - -void -hx509_free_octet_string_list (hx509_octet_string_list */*list*/); - -int -hx509_general_name_unparse ( - GeneralName */*name*/, - char **/*str*/); - -char * -hx509_get_error_string ( - hx509_context /*context*/, - int /*error_code*/); - -int -hx509_get_one_cert ( - hx509_context /*context*/, - hx509_certs /*certs*/, - hx509_cert */*c*/); - -int -hx509_lock_add_cert ( - hx509_context /*context*/, - hx509_lock /*lock*/, - hx509_cert /*cert*/); - -int -hx509_lock_add_certs ( - hx509_context /*context*/, - hx509_lock /*lock*/, - hx509_certs /*certs*/); - -int -hx509_lock_add_password ( - hx509_lock /*lock*/, - const char */*password*/); - -int -hx509_lock_command_string ( - hx509_lock /*lock*/, - const char */*string*/); - -void -hx509_lock_free (hx509_lock /*lock*/); - -int -hx509_lock_init ( - hx509_context /*context*/, - hx509_lock */*lock*/); - -int -hx509_lock_prompt ( - hx509_lock /*lock*/, - hx509_prompt */*prompt*/); - -void -hx509_lock_reset_certs ( - hx509_context /*context*/, - hx509_lock /*lock*/); - -void -hx509_lock_reset_passwords (hx509_lock /*lock*/); - -void -hx509_lock_reset_promper (hx509_lock /*lock*/); - -int -hx509_lock_set_prompter ( - hx509_lock /*lock*/, - hx509_prompter_fct /*prompt*/, - void */*data*/); - -int -hx509_name_binary ( - const hx509_name /*name*/, - heim_octet_string */*os*/); - -int -hx509_name_cmp ( - hx509_name /*n1*/, - hx509_name /*n2*/); - -int -hx509_name_copy ( - hx509_context /*context*/, - const hx509_name /*from*/, - hx509_name */*to*/); - -int -hx509_name_expand ( - hx509_context /*context*/, - hx509_name /*name*/, - hx509_env /*env*/); - -void -hx509_name_free (hx509_name */*name*/); - -int -hx509_name_is_null_p (const hx509_name /*name*/); - -int -hx509_name_normalize ( - hx509_context /*context*/, - hx509_name /*name*/); - -int -hx509_name_to_Name ( - const hx509_name /*from*/, - Name */*to*/); - -int -hx509_name_to_string ( - const hx509_name /*name*/, - char **/*str*/); - -int -hx509_ocsp_request ( - hx509_context /*context*/, - hx509_certs /*reqcerts*/, - hx509_certs /*pool*/, - hx509_cert /*signer*/, - const AlgorithmIdentifier */*digest*/, - heim_octet_string */*request*/, - heim_octet_string */*nonce*/); - -int -hx509_ocsp_verify ( - hx509_context /*context*/, - time_t /*now*/, - hx509_cert /*cert*/, - int /*flags*/, - const void */*data*/, - size_t /*length*/, - time_t */*expiration*/); - -void -hx509_oid_print ( - const heim_oid */*oid*/, - hx509_vprint_func /*func*/, - void */*ctx*/); - -int -hx509_oid_sprint ( - const heim_oid */*oid*/, - char **/*str*/); - -int -hx509_parse_name ( - hx509_context /*context*/, - const char */*str*/, - hx509_name */*name*/); - -int -hx509_peer_info_alloc ( - hx509_context /*context*/, - hx509_peer_info */*peer*/); - -void -hx509_peer_info_free (hx509_peer_info /*peer*/); - -int -hx509_peer_info_set_cert ( - hx509_peer_info /*peer*/, - hx509_cert /*cert*/); - -int -hx509_peer_info_set_cms_algs ( - hx509_context /*context*/, - hx509_peer_info /*peer*/, - const AlgorithmIdentifier */*val*/, - size_t /*len*/); - -int -hx509_pem_add_header ( - hx509_pem_header **/*headers*/, - const char */*header*/, - const char */*value*/); - -const char * -hx509_pem_find_header ( - const hx509_pem_header */*h*/, - const char */*header*/); - -void -hx509_pem_free_header (hx509_pem_header */*headers*/); - -int -hx509_pem_read ( - hx509_context /*context*/, - FILE */*f*/, - hx509_pem_read_func /*func*/, - void */*ctx*/); - -int -hx509_pem_write ( - hx509_context /*context*/, - const char */*type*/, - hx509_pem_header */*headers*/, - FILE */*f*/, - const void */*data*/, - size_t /*size*/); - -void -hx509_print_stdout ( - void */*ctx*/, - const char */*fmt*/, - va_list /*va*/); - -int -hx509_prompt_hidden (hx509_prompt_type /*type*/); - -int -hx509_query_alloc ( - hx509_context /*context*/, - hx509_query **/*q*/); - -void -hx509_query_free ( - hx509_context /*context*/, - hx509_query */*q*/); - -int -hx509_query_match_cmp_func ( - hx509_query */*q*/, - int (*/*func*/)(void *, hx509_cert), - void */*ctx*/); - -int -hx509_query_match_eku ( - hx509_query */*q*/, - const heim_oid */*eku*/); - -int -hx509_query_match_expr ( - hx509_context /*context*/, - hx509_query */*q*/, - const char */*expr*/); - -int -hx509_query_match_friendly_name ( - hx509_query */*q*/, - const char */*name*/); - -int -hx509_query_match_issuer_serial ( - hx509_query */*q*/, - const Name */*issuer*/, - const heim_integer */*serialNumber*/); - -void -hx509_query_match_option ( - hx509_query */*q*/, - hx509_query_option /*option*/); - -void -hx509_query_statistic_file ( - hx509_context /*context*/, - const char */*fn*/); - -void -hx509_query_unparse_stats ( - hx509_context /*context*/, - int /*printtype*/, - FILE */*out*/); - -int -hx509_revoke_add_crl ( - hx509_context /*context*/, - hx509_revoke_ctx /*ctx*/, - const char */*path*/); - -int -hx509_revoke_add_ocsp ( - hx509_context /*context*/, - hx509_revoke_ctx /*ctx*/, - const char */*path*/); - -void -hx509_revoke_free (hx509_revoke_ctx */*ctx*/); - -int -hx509_revoke_init ( - hx509_context /*context*/, - hx509_revoke_ctx */*ctx*/); - -int -hx509_revoke_ocsp_print ( - hx509_context /*context*/, - const char */*path*/, - FILE */*out*/); - -int -hx509_revoke_verify ( - hx509_context /*context*/, - hx509_revoke_ctx /*ctx*/, - hx509_certs /*certs*/, - time_t /*now*/, - hx509_cert /*cert*/, - hx509_cert /*parent_cert*/); - -void -hx509_set_error_string ( - hx509_context /*context*/, - int /*flags*/, - int /*code*/, - const char */*fmt*/, - ...); - -void -hx509_set_error_stringv ( - hx509_context /*context*/, - int /*flags*/, - int /*code*/, - const char */*fmt*/, - va_list /*ap*/); - -const AlgorithmIdentifier * -hx509_signature_md2 (void); - -const AlgorithmIdentifier * -hx509_signature_md5 (void); - -const AlgorithmIdentifier * -hx509_signature_rsa (void); - -const AlgorithmIdentifier * -hx509_signature_rsa_pkcs1_x509 (void); - -const AlgorithmIdentifier * -hx509_signature_rsa_with_md2 (void); - -const AlgorithmIdentifier * -hx509_signature_rsa_with_md5 (void); - -const AlgorithmIdentifier * -hx509_signature_rsa_with_sha1 (void); - -const AlgorithmIdentifier * -hx509_signature_rsa_with_sha256 (void); - -const AlgorithmIdentifier * -hx509_signature_rsa_with_sha384 (void); - -const AlgorithmIdentifier * -hx509_signature_rsa_with_sha512 (void); - -const AlgorithmIdentifier * -hx509_signature_sha1 (void); - -const AlgorithmIdentifier * -hx509_signature_sha256 (void); - -const AlgorithmIdentifier * -hx509_signature_sha384 (void); - -const AlgorithmIdentifier * -hx509_signature_sha512 (void); - -int -hx509_unparse_der_name ( - const void */*data*/, - size_t /*length*/, - char **/*str*/); - -int -hx509_validate_cert ( - hx509_context /*context*/, - hx509_validate_ctx /*ctx*/, - hx509_cert /*cert*/); - -void -hx509_validate_ctx_add_flags ( - hx509_validate_ctx /*ctx*/, - int /*flags*/); - -void -hx509_validate_ctx_free (hx509_validate_ctx /*ctx*/); - -int -hx509_validate_ctx_init ( - hx509_context /*context*/, - hx509_validate_ctx */*ctx*/); - -void -hx509_validate_ctx_set_print ( - hx509_validate_ctx /*ctx*/, - hx509_vprint_func /*func*/, - void */*c*/); - -void -hx509_verify_attach_anchors ( - hx509_verify_ctx /*ctx*/, - hx509_certs /*set*/); - -void -hx509_verify_attach_revoke ( - hx509_verify_ctx /*ctx*/, - hx509_revoke_ctx /*revoke_ctx*/); - -void -hx509_verify_ctx_f_allow_default_trustanchors ( - hx509_verify_ctx /*ctx*/, - int /*boolean*/); - -void -hx509_verify_destroy_ctx (hx509_verify_ctx /*ctx*/); - -int -hx509_verify_hostname ( - hx509_context /*context*/, - const hx509_cert /*cert*/, - int /*flags*/, - hx509_hostname_type /*type*/, - const char */*hostname*/, - const struct sockaddr */*sa*/, - int /*sa_size*/); - -int -hx509_verify_init_ctx ( - hx509_context /*context*/, - hx509_verify_ctx */*ctx*/); - -int -hx509_verify_path ( - hx509_context /*context*/, - hx509_verify_ctx /*ctx*/, - hx509_cert /*cert*/, - hx509_certs /*pool*/); - -void -hx509_verify_set_max_depth ( - hx509_verify_ctx /*ctx*/, - unsigned int /*max_depth*/); - -void -hx509_verify_set_proxy_certificate ( - hx509_verify_ctx /*ctx*/, - int /*boolean*/); - -void -hx509_verify_set_strict_rfc3280_verification ( - hx509_verify_ctx /*ctx*/, - int /*boolean*/); - -void -hx509_verify_set_time ( - hx509_verify_ctx /*ctx*/, - time_t /*t*/); - -int -hx509_verify_signature ( - hx509_context /*context*/, - const hx509_cert /*signer*/, - const AlgorithmIdentifier */*alg*/, - const heim_octet_string */*data*/, - const heim_octet_string */*sig*/); - -void -hx509_xfree (void */*ptr*/); - -int -yywrap (void); - -#ifdef __cplusplus -} -#endif - -#endif /* __hx509_protos_h__ */ diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h deleted file mode 100644 index 867d08e3e5..0000000000 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ /dev/null @@ -1,455 +0,0 @@ -/* This is a generated file */ -#ifndef __krb5_private_h__ -#define __krb5_private_h__ - -#include - -void KRB5_LIB_FUNCTION -_krb5_aes_cts_encrypt ( - const unsigned char */*in*/, - unsigned char */*out*/, - size_t /*len*/, - const AES_KEY */*key*/, - unsigned char */*ivec*/, - const int /*encryptp*/); - -krb5_error_code -_krb5_cc_allocate ( - krb5_context /*context*/, - const krb5_cc_ops */*ops*/, - krb5_ccache */*id*/); - -void -_krb5_crc_init_table (void); - -uint32_t -_krb5_crc_update ( - const char */*p*/, - size_t /*len*/, - uint32_t /*res*/); - -krb5_error_code -_krb5_dh_group_ok ( - krb5_context /*context*/, - unsigned long /*bits*/, - heim_integer */*p*/, - heim_integer */*g*/, - heim_integer */*q*/, - struct krb5_dh_moduli **/*moduli*/, - char **/*name*/); - -krb5_error_code -_krb5_expand_default_cc_name ( - krb5_context /*context*/, - const char */*str*/, - char **/*res*/); - -int -_krb5_extract_ticket ( - krb5_context /*context*/, - krb5_kdc_rep */*rep*/, - krb5_creds */*creds*/, - krb5_keyblock */*key*/, - krb5_const_pointer /*keyseed*/, - krb5_key_usage /*key_usage*/, - krb5_addresses */*addrs*/, - unsigned /*nonce*/, - unsigned /*flags*/, - krb5_decrypt_proc /*decrypt_proc*/, - krb5_const_pointer /*decryptarg*/); - -void -_krb5_free_krbhst_info (krb5_krbhst_info */*hi*/); - -void -_krb5_free_moduli (struct krb5_dh_moduli **/*moduli*/); - -krb5_error_code -_krb5_get_default_principal_local ( - krb5_context /*context*/, - krb5_principal */*princ*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_get_host_realm_int ( - krb5_context /*context*/, - const char */*host*/, - krb5_boolean /*use_dns*/, - krb5_realm **/*realms*/); - -krb5_error_code -_krb5_get_init_creds_opt_copy ( - krb5_context /*context*/, - const krb5_get_init_creds_opt */*in*/, - krb5_get_init_creds_opt **/*out*/); - -void KRB5_LIB_FUNCTION -_krb5_get_init_creds_opt_free_krb5_error (krb5_get_init_creds_opt */*opt*/); - -void KRB5_LIB_FUNCTION -_krb5_get_init_creds_opt_free_pkinit (krb5_get_init_creds_opt */*opt*/); - -void KRB5_LIB_FUNCTION -_krb5_get_init_creds_opt_set_krb5_error ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - const KRB_ERROR */*error*/); - -krb5_ssize_t KRB5_LIB_FUNCTION -_krb5_get_int ( - void */*buffer*/, - unsigned long */*value*/, - size_t /*size*/); - -krb5_error_code -_krb5_get_krbtgt ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_realm /*realm*/, - krb5_creds **/*cred*/); - -krb5_error_code -_krb5_kcm_chmod ( - krb5_context /*context*/, - krb5_ccache /*id*/, - uint16_t /*mode*/); - -krb5_error_code -_krb5_kcm_chown ( - krb5_context /*context*/, - krb5_ccache /*id*/, - uint32_t /*uid*/, - uint32_t /*gid*/); - -krb5_error_code -_krb5_kcm_get_initial_ticket ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_principal /*server*/, - krb5_keyblock */*key*/); - -krb5_error_code -_krb5_kcm_get_ticket ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_kdc_flags /*flags*/, - krb5_enctype /*enctype*/, - krb5_principal /*server*/); - -krb5_boolean -_krb5_kcm_is_running (krb5_context /*context*/); - -krb5_error_code -_krb5_kcm_noop ( - krb5_context /*context*/, - krb5_ccache /*id*/); - -krb5_error_code -_krb5_kdc_retry ( - krb5_context /*context*/, - krb5_sendto_ctx /*ctx*/, - void */*data*/, - const krb5_data */*reply*/, - int */*action*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_cr_err_reply ( - krb5_context /*context*/, - const char */*name*/, - const char */*inst*/, - const char */*realm*/, - uint32_t /*time_ws*/, - uint32_t /*e*/, - const char */*e_string*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_create_auth_reply ( - krb5_context /*context*/, - const char */*pname*/, - const char */*pinst*/, - const char */*prealm*/, - int32_t /*time_ws*/, - int /*n*/, - uint32_t /*x_date*/, - unsigned char /*kvno*/, - const krb5_data */*cipher*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_create_ciph ( - krb5_context /*context*/, - const krb5_keyblock */*session*/, - const char */*service*/, - const char */*instance*/, - const char */*realm*/, - uint32_t /*life*/, - unsigned char /*kvno*/, - const krb5_data */*ticket*/, - uint32_t /*kdc_time*/, - const krb5_keyblock */*key*/, - krb5_data */*enc_data*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_create_ticket ( - krb5_context /*context*/, - unsigned char /*flags*/, - const char */*pname*/, - const char */*pinstance*/, - const char */*prealm*/, - int32_t /*paddress*/, - const krb5_keyblock */*session*/, - int16_t /*life*/, - int32_t /*life_sec*/, - const char */*sname*/, - const char */*sinstance*/, - const krb5_keyblock */*key*/, - krb5_data */*enc_data*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_decomp_ticket ( - krb5_context /*context*/, - const krb5_data */*enc_ticket*/, - const krb5_keyblock */*key*/, - const char */*local_realm*/, - char **/*sname*/, - char **/*sinstance*/, - struct _krb5_krb_auth_data */*ad*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_dest_tkt ( - krb5_context /*context*/, - const char */*tkfile*/); - -void KRB5_LIB_FUNCTION -_krb5_krb_free_auth_data ( - krb5_context /*context*/, - struct _krb5_krb_auth_data */*ad*/); - -time_t KRB5_LIB_FUNCTION -_krb5_krb_life_to_time ( - int /*start*/, - int /*life_*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_rd_req ( - krb5_context /*context*/, - krb5_data */*authent*/, - const char */*service*/, - const char */*instance*/, - const char */*local_realm*/, - int32_t /*from_addr*/, - const krb5_keyblock */*key*/, - struct _krb5_krb_auth_data */*ad*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_tf_setup ( - krb5_context /*context*/, - struct credentials */*v4creds*/, - const char */*tkfile*/, - int /*append*/); - -int KRB5_LIB_FUNCTION -_krb5_krb_time_to_life ( - time_t /*start*/, - time_t /*end*/); - -krb5_error_code -_krb5_krbhost_info_move ( - krb5_context /*context*/, - krb5_krbhst_info */*from*/, - krb5_krbhst_info **/*to*/); - -krb5_error_code -_krb5_mk_req_internal ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - const krb5_flags /*ap_req_options*/, - krb5_data */*in_data*/, - krb5_creds */*in_creds*/, - krb5_data */*outbuf*/, - krb5_key_usage /*checksum_usage*/, - krb5_key_usage /*encrypt_usage*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_n_fold ( - const void */*str*/, - size_t /*len*/, - void */*key*/, - size_t /*size*/); - -krb5_error_code -_krb5_pac_sign ( - krb5_context /*context*/, - krb5_pac /*p*/, - time_t /*authtime*/, - krb5_principal /*principal*/, - const krb5_keyblock */*server_key*/, - const krb5_keyblock */*priv_key*/, - krb5_data */*data*/); - -krb5_error_code -_krb5_parse_moduli ( - krb5_context /*context*/, - const char */*file*/, - struct krb5_dh_moduli ***/*moduli*/); - -krb5_error_code -_krb5_parse_moduli_line ( - krb5_context /*context*/, - const char */*file*/, - int /*lineno*/, - char */*p*/, - struct krb5_dh_moduli **/*m*/); - -void KRB5_LIB_FUNCTION -_krb5_pk_allow_proxy_certificate ( - struct krb5_pk_identity */*id*/, - int /*boolean*/); - -void KRB5_LIB_FUNCTION -_krb5_pk_cert_free (struct krb5_pk_cert */*cert*/); - -krb5_error_code -_krb5_pk_kdf ( - krb5_context /*context*/, - const struct AlgorithmIdentifier */*ai*/, - const void */*dhdata*/, - size_t /*dhsize*/, - krb5_const_principal /*client*/, - krb5_const_principal /*server*/, - krb5_enctype /*enctype*/, - const krb5_data */*as_req*/, - const krb5_data */*pk_as_rep*/, - const Ticket */*ticket*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_load_id ( - krb5_context /*context*/, - struct krb5_pk_identity **/*ret_id*/, - const char */*user_id*/, - const char */*anchor_id*/, - char * const */*chain_list*/, - char * const */*revoke_list*/, - krb5_prompter_fct /*prompter*/, - void */*prompter_data*/, - char */*password*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_mk_ContentInfo ( - krb5_context /*context*/, - const krb5_data */*buf*/, - const heim_oid */*oid*/, - struct ContentInfo */*content_info*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_mk_padata ( - krb5_context /*context*/, - void */*c*/, - const KDC_REQ_BODY */*req_body*/, - unsigned /*nonce*/, - METHOD_DATA */*md*/); - -krb5_error_code -_krb5_pk_octetstring2key ( - krb5_context /*context*/, - krb5_enctype /*type*/, - const void */*dhdata*/, - size_t /*dhsize*/, - const heim_octet_string */*c_n*/, - const heim_octet_string */*k_n*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_rd_pa_reply ( - krb5_context /*context*/, - const char */*realm*/, - void */*c*/, - krb5_enctype /*etype*/, - const krb5_krbhst_info */*hi*/, - unsigned /*nonce*/, - const krb5_data */*req_buffer*/, - PA_DATA */*pa*/, - krb5_keyblock **/*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_verify_sign ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - struct krb5_pk_identity */*id*/, - heim_oid */*contentType*/, - krb5_data */*content*/, - struct krb5_pk_cert **/*signer*/); - -krb5_error_code -_krb5_plugin_find ( - krb5_context /*context*/, - enum krb5_plugin_type /*type*/, - const char */*name*/, - struct krb5_plugin **/*list*/); - -void -_krb5_plugin_free (struct krb5_plugin */*list*/); - -struct krb5_plugin * -_krb5_plugin_get_next (struct krb5_plugin */*p*/); - -void * -_krb5_plugin_get_symbol (struct krb5_plugin */*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_principal2principalname ( - PrincipalName */*p*/, - const krb5_principal /*from*/); - -krb5_boolean KRB5_LIB_FUNCTION -_krb5_principal_compare_PrincipalName ( - krb5_context /*context*/, - krb5_const_principal /*princ1*/, - PrincipalName */*princ2*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_principalname2krb5_principal ( - krb5_context /*context*/, - krb5_principal */*principal*/, - const PrincipalName /*from*/, - const Realm /*realm*/); - -krb5_ssize_t KRB5_LIB_FUNCTION -_krb5_put_int ( - void */*buffer*/, - unsigned long /*value*/, - size_t /*size*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_rd_req_out_ctx_alloc ( - krb5_context /*context*/, - krb5_rd_req_out_ctx */*ctx*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_s4u2self_to_checksumdata ( - krb5_context /*context*/, - const PA_S4U2Self */*self*/, - krb5_data */*data*/); - -int -_krb5_send_and_recv_tcp ( - int /*fd*/, - time_t /*tmout*/, - const krb5_data */*req*/, - krb5_data */*rep*/); - -int -_krb5_xlock ( - krb5_context /*context*/, - int /*fd*/, - krb5_boolean /*exclusive*/, - const char */*filename*/); - -int -_krb5_xunlock ( - krb5_context /*context*/, - int /*fd*/); - -#endif /* __krb5_private_h__ */ diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h deleted file mode 100644 index ead66565e7..0000000000 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ /dev/null @@ -1,4169 +0,0 @@ -/* This is a generated file */ -#ifndef __krb5_protos_h__ -#define __krb5_protos_h__ - -#include - -#if !defined(__GNUC__) && !defined(__attribute__) -#define __attribute__(x) -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef KRB5_LIB -#if defined(_WIN32) -#define KRB5_LIB_FUNCTION _stdcall __declspec(dllimport) -#define KRB5_LIB_VARIABLE __declspec(dllimport) -#else -#define KRB5_LIB_FUNCTION -#define KRB5_LIB_VARIABLE -#endif -#endif - -krb5_error_code KRB5_LIB_FUNCTION -krb524_convert_creds_kdc ( - krb5_context /*context*/, - krb5_creds */*in_cred*/, - struct credentials */*v4creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb524_convert_creds_kdc_ccache ( - krb5_context /*context*/, - krb5_ccache /*ccache*/, - krb5_creds */*in_cred*/, - struct credentials */*v4creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_425_conv_principal ( - krb5_context /*context*/, - const char */*name*/, - const char */*instance*/, - const char */*realm*/, - krb5_principal */*princ*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_425_conv_principal_ext ( - krb5_context /*context*/, - const char */*name*/, - const char */*instance*/, - const char */*realm*/, - krb5_boolean (*/*func*/)(krb5_context, krb5_principal), - krb5_boolean /*resolve*/, - krb5_principal */*principal*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_425_conv_principal_ext2 ( - krb5_context /*context*/, - const char */*name*/, - const char */*instance*/, - const char */*realm*/, - krb5_boolean (*/*func*/)(krb5_context, void *, krb5_principal), - void */*funcctx*/, - krb5_boolean /*resolve*/, - krb5_principal */*princ*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_524_conv_principal ( - krb5_context /*context*/, - const krb5_principal /*principal*/, - char */*name*/, - char */*instance*/, - char */*realm*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_abort ( - krb5_context /*context*/, - krb5_error_code /*code*/, - const char */*fmt*/, - ...) - __attribute__ ((noreturn, format (printf, 3, 4))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_abortx ( - krb5_context /*context*/, - const char */*fmt*/, - ...) - __attribute__ ((noreturn, format (printf, 2, 3))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_acl_match_file ( - krb5_context /*context*/, - const char */*file*/, - const char */*format*/, - ...); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_acl_match_string ( - krb5_context /*context*/, - const char */*string*/, - const char */*format*/, - ...); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_add_et_list ( - krb5_context /*context*/, - void (*/*func*/)(struct et_list **)); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_add_extra_addresses ( - krb5_context /*context*/, - krb5_addresses */*addresses*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_add_ignore_addresses ( - krb5_context /*context*/, - krb5_addresses */*addresses*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_addlog_dest ( - krb5_context /*context*/, - krb5_log_facility */*f*/, - const char */*orig*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_addlog_func ( - krb5_context /*context*/, - krb5_log_facility */*fac*/, - int /*min*/, - int /*max*/, - krb5_log_log_func_t /*log_func*/, - krb5_log_close_func_t /*close_func*/, - void */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_addr2sockaddr ( - krb5_context /*context*/, - const krb5_address */*addr*/, - struct sockaddr */*sa*/, - krb5_socklen_t */*sa_size*/, - int /*port*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_address_compare ( - krb5_context /*context*/, - const krb5_address */*addr1*/, - const krb5_address */*addr2*/); - -int KRB5_LIB_FUNCTION -krb5_address_order ( - krb5_context /*context*/, - const krb5_address */*addr1*/, - const krb5_address */*addr2*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_address_prefixlen_boundary ( - krb5_context /*context*/, - const krb5_address */*inaddr*/, - unsigned long /*prefixlen*/, - krb5_address */*low*/, - krb5_address */*high*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_address_search ( - krb5_context /*context*/, - const krb5_address */*addr*/, - const krb5_addresses */*addrlist*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_aname_to_localname ( - krb5_context /*context*/, - krb5_const_principal /*aname*/, - size_t /*lnsize*/, - char */*lname*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_anyaddr ( - krb5_context /*context*/, - int /*af*/, - struct sockaddr */*sa*/, - krb5_socklen_t */*sa_size*/, - int /*port*/); - -void KRB5_LIB_FUNCTION -krb5_appdefault_boolean ( - krb5_context /*context*/, - const char */*appname*/, - krb5_const_realm /*realm*/, - const char */*option*/, - krb5_boolean /*def_val*/, - krb5_boolean */*ret_val*/); - -void KRB5_LIB_FUNCTION -krb5_appdefault_string ( - krb5_context /*context*/, - const char */*appname*/, - krb5_const_realm /*realm*/, - const char */*option*/, - const char */*def_val*/, - char **/*ret_val*/); - -void KRB5_LIB_FUNCTION -krb5_appdefault_time ( - krb5_context /*context*/, - const char */*appname*/, - krb5_const_realm /*realm*/, - const char */*option*/, - time_t /*def_val*/, - time_t */*ret_val*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_append_addresses ( - krb5_context /*context*/, - krb5_addresses */*dest*/, - const krb5_addresses */*source*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_addflags ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int32_t /*addflags*/, - int32_t */*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_free ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_genaddrs ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int /*fd*/, - int /*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_generatelocalsubkey ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getaddrs ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_address **/*local_addr*/, - krb5_address **/*remote_addr*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getauthenticator ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_authenticator */*authenticator*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getcksumtype ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_cksumtype */*cksumtype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getflags ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int32_t */*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getkey ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keyblock **/*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getkeytype ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keytype */*keytype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getlocalseqnumber ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int32_t */*seqnumber*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getlocalsubkey ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keyblock **/*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getrcache ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_rcache */*rcache*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getremotesubkey ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keyblock **/*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_init ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_removeflags ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int32_t /*removeflags*/, - int32_t */*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setaddrs ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_address */*local_addr*/, - krb5_address */*remote_addr*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setaddrs_from_fd ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - void */*p_fd*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setcksumtype ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_cksumtype /*cksumtype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setflags ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int32_t /*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setkey ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keyblock */*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setkeytype ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keytype /*keytype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setlocalseqnumber ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int32_t /*seqnumber*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setlocalsubkey ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keyblock */*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setrcache ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_rcache /*rcache*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setremoteseqnumber ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int32_t /*seqnumber*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setremotesubkey ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keyblock */*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setuserkey ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keyblock */*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_getremoteseqnumber ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int32_t */*seqnumber*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_build_ap_req ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - krb5_creds */*cred*/, - krb5_flags /*ap_options*/, - krb5_data /*authenticator*/, - krb5_data */*retdata*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_build_authenticator ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_enctype /*enctype*/, - krb5_creds */*cred*/, - Checksum */*cksum*/, - Authenticator **/*auth_result*/, - krb5_data */*result*/, - krb5_key_usage /*usage*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_build_principal ( - krb5_context /*context*/, - krb5_principal */*principal*/, - int /*rlen*/, - krb5_const_realm /*realm*/, - ...); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_build_principal_ext ( - krb5_context /*context*/, - krb5_principal */*principal*/, - int /*rlen*/, - krb5_const_realm /*realm*/, - ...); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_build_principal_va ( - krb5_context /*context*/, - krb5_principal */*principal*/, - int /*rlen*/, - krb5_const_realm /*realm*/, - va_list /*ap*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_build_principal_va_ext ( - krb5_context /*context*/, - krb5_principal */*principal*/, - int /*rlen*/, - krb5_const_realm /*realm*/, - va_list /*ap*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_block_size ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - size_t */*blocksize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_checksum_length ( - krb5_context /*context*/, - krb5_cksumtype /*cksumtype*/, - size_t */*length*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_decrypt ( - krb5_context /*context*/, - const krb5_keyblock /*key*/, - krb5_keyusage /*usage*/, - const krb5_data */*ivec*/, - krb5_enc_data */*input*/, - krb5_data */*output*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_encrypt ( - krb5_context /*context*/, - const krb5_keyblock */*key*/, - krb5_keyusage /*usage*/, - const krb5_data */*ivec*/, - const krb5_data */*input*/, - krb5_enc_data */*output*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_encrypt_length ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - size_t /*inputlen*/, - size_t */*length*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_enctype_compare ( - krb5_context /*context*/, - krb5_enctype /*e1*/, - krb5_enctype /*e2*/, - krb5_boolean */*similar*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_get_checksum ( - krb5_context /*context*/, - const krb5_checksum */*cksum*/, - krb5_cksumtype */*type*/, - krb5_data **/*data*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_c_is_coll_proof_cksum (krb5_cksumtype /*ctype*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_c_is_keyed_cksum (krb5_cksumtype /*ctype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_keylengths ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - size_t */*ilen*/, - size_t */*keylen*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_make_checksum ( - krb5_context /*context*/, - krb5_cksumtype /*cksumtype*/, - const krb5_keyblock */*key*/, - krb5_keyusage /*usage*/, - const krb5_data */*input*/, - krb5_checksum */*cksum*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_make_random_key ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - krb5_keyblock */*random_key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_prf ( - krb5_context /*context*/, - const krb5_keyblock */*key*/, - const krb5_data */*input*/, - krb5_data */*output*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_prf_length ( - krb5_context /*context*/, - krb5_enctype /*type*/, - size_t */*length*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_set_checksum ( - krb5_context /*context*/, - krb5_checksum */*cksum*/, - krb5_cksumtype /*type*/, - const krb5_data */*data*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_c_valid_cksumtype (krb5_cksumtype /*ctype*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_c_valid_enctype (krb5_enctype /*etype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_verify_checksum ( - krb5_context /*context*/, - const krb5_keyblock */*key*/, - krb5_keyusage /*usage*/, - const krb5_data */*data*/, - const krb5_checksum */*cksum*/, - krb5_boolean */*valid*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_cache_end_seq_get ( - krb5_context /*context*/, - krb5_cc_cache_cursor /*cursor*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_cache_get_first ( - krb5_context /*context*/, - const char */*type*/, - krb5_cc_cache_cursor */*cursor*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_cache_match ( - krb5_context /*context*/, - krb5_principal /*client*/, - const char */*type*/, - krb5_ccache */*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_cache_next ( - krb5_context /*context*/, - krb5_cc_cache_cursor /*cursor*/, - krb5_ccache */*id*/); - -void KRB5_LIB_FUNCTION -krb5_cc_clear_mcred (krb5_creds */*mcred*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_close ( - krb5_context /*context*/, - krb5_ccache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_copy_cache ( - krb5_context /*context*/, - const krb5_ccache /*from*/, - krb5_ccache /*to*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_copy_cache_match ( - krb5_context /*context*/, - const krb5_ccache /*from*/, - krb5_ccache /*to*/, - krb5_flags /*whichfields*/, - const krb5_creds * /*mcreds*/, - unsigned int */*matched*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_default ( - krb5_context /*context*/, - krb5_ccache */*id*/); - -const char* KRB5_LIB_FUNCTION -krb5_cc_default_name (krb5_context /*context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_destroy ( - krb5_context /*context*/, - krb5_ccache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_end_seq_get ( - krb5_context /*context*/, - const krb5_ccache /*id*/, - krb5_cc_cursor */*cursor*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_gen_new ( - krb5_context /*context*/, - const krb5_cc_ops */*ops*/, - krb5_ccache */*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_get_config ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_const_principal /*principal*/, - const char */*name*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_get_full_name ( - krb5_context /*context*/, - krb5_ccache /*id*/, - char **/*str*/); - -const char* KRB5_LIB_FUNCTION -krb5_cc_get_name ( - krb5_context /*context*/, - krb5_ccache /*id*/); - -const krb5_cc_ops * -krb5_cc_get_ops ( - krb5_context /*context*/, - krb5_ccache /*id*/); - -const krb5_cc_ops * -krb5_cc_get_prefix_ops ( - krb5_context /*context*/, - const char */*prefix*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_get_principal ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_principal */*principal*/); - -const char* KRB5_LIB_FUNCTION -krb5_cc_get_type ( - krb5_context /*context*/, - krb5_ccache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_get_version ( - krb5_context /*context*/, - const krb5_ccache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_initialize ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_principal /*primary_principal*/); - -krb5_error_code -krb5_cc_move ( - krb5_context /*context*/, - krb5_ccache /*from*/, - krb5_ccache /*to*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_new_unique ( - krb5_context /*context*/, - const char */*type*/, - const char */*hint*/, - krb5_ccache */*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_next_cred ( - krb5_context /*context*/, - const krb5_ccache /*id*/, - krb5_cc_cursor */*cursor*/, - krb5_creds */*creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_next_cred_match ( - krb5_context /*context*/, - const krb5_ccache /*id*/, - krb5_cc_cursor * /*cursor*/, - krb5_creds * /*creds*/, - krb5_flags /*whichfields*/, - const krb5_creds * /*mcreds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_register ( - krb5_context /*context*/, - const krb5_cc_ops */*ops*/, - krb5_boolean /*override*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_remove_cred ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_flags /*which*/, - krb5_creds */*cred*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_resolve ( - krb5_context /*context*/, - const char */*name*/, - krb5_ccache */*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_retrieve_cred ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_flags /*whichfields*/, - const krb5_creds */*mcreds*/, - krb5_creds */*creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_set_config ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_const_principal /*principal*/, - const char */*name*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_set_default_name ( - krb5_context /*context*/, - const char */*name*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_set_flags ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_flags /*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_start_seq_get ( - krb5_context /*context*/, - const krb5_ccache /*id*/, - krb5_cc_cursor */*cursor*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_store_cred ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_creds */*creds*/); - -krb5_error_code -krb5_cc_switch ( - krb5_context /*context*/, - krb5_ccache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_change_password ( - krb5_context /*context*/, - krb5_creds */*creds*/, - const char */*newpw*/, - int */*result_code*/, - krb5_data */*result_code_string*/, - krb5_data */*result_string*/) - __attribute__((deprecated)); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_check_transited ( - krb5_context /*context*/, - krb5_const_realm /*client_realm*/, - krb5_const_realm /*server_realm*/, - krb5_realm */*realms*/, - unsigned int /*num_realms*/, - int */*bad_realm*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_check_transited_realms ( - krb5_context /*context*/, - const char *const */*realms*/, - unsigned int /*num_realms*/, - int */*bad_realm*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_checksum_disable ( - krb5_context /*context*/, - krb5_cksumtype /*type*/); - -void KRB5_LIB_FUNCTION -krb5_checksum_free ( - krb5_context /*context*/, - krb5_checksum */*cksum*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_checksum_is_collision_proof ( - krb5_context /*context*/, - krb5_cksumtype /*type*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_checksum_is_keyed ( - krb5_context /*context*/, - krb5_cksumtype /*type*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_checksumsize ( - krb5_context /*context*/, - krb5_cksumtype /*type*/, - size_t */*size*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cksumtype_valid ( - krb5_context /*context*/, - krb5_cksumtype /*ctype*/); - -void KRB5_LIB_FUNCTION -krb5_clear_error_string (krb5_context /*context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_closelog ( - krb5_context /*context*/, - krb5_log_facility */*fac*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_compare_creds ( - krb5_context /*context*/, - krb5_flags /*whichfields*/, - const krb5_creds * /*mcreds*/, - const krb5_creds * /*creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_config_file_free ( - krb5_context /*context*/, - krb5_config_section */*s*/); - -void KRB5_LIB_FUNCTION -krb5_config_free_strings (char **/*strings*/); - -const void * -krb5_config_get ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - int /*type*/, - ...); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_config_get_bool ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - ...); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_config_get_bool_default ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - krb5_boolean /*def_value*/, - ...); - -int KRB5_LIB_FUNCTION -krb5_config_get_int ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - ...); - -int KRB5_LIB_FUNCTION -krb5_config_get_int_default ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - int /*def_value*/, - ...); - -const krb5_config_binding * -krb5_config_get_list ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - ...); - -const void * -krb5_config_get_next ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - const krb5_config_binding **/*pointer*/, - int /*type*/, - ...); - -const char* KRB5_LIB_FUNCTION -krb5_config_get_string ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - ...); - -const char* KRB5_LIB_FUNCTION -krb5_config_get_string_default ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - const char */*def_value*/, - ...); - -char** -krb5_config_get_strings ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - ...); - -int KRB5_LIB_FUNCTION -krb5_config_get_time ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - ...); - -int KRB5_LIB_FUNCTION -krb5_config_get_time_default ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - int /*def_value*/, - ...); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_config_parse_file ( - krb5_context /*context*/, - const char */*fname*/, - krb5_config_section **/*res*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_config_parse_file_multi ( - krb5_context /*context*/, - const char */*fname*/, - krb5_config_section **/*res*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_config_parse_string_multi ( - krb5_context /*context*/, - const char */*string*/, - krb5_config_section **/*res*/); - -const void * -krb5_config_vget ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - int /*type*/, - va_list /*args*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_config_vget_bool ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - va_list /*args*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_config_vget_bool_default ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - krb5_boolean /*def_value*/, - va_list /*args*/); - -int KRB5_LIB_FUNCTION -krb5_config_vget_int ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - va_list /*args*/); - -int KRB5_LIB_FUNCTION -krb5_config_vget_int_default ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - int /*def_value*/, - va_list /*args*/); - -const krb5_config_binding * -krb5_config_vget_list ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - va_list /*args*/); - -const void * -krb5_config_vget_next ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - const krb5_config_binding **/*pointer*/, - int /*type*/, - va_list /*args*/); - -const char* KRB5_LIB_FUNCTION -krb5_config_vget_string ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - va_list /*args*/); - -const char* KRB5_LIB_FUNCTION -krb5_config_vget_string_default ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - const char */*def_value*/, - va_list /*args*/); - -char ** KRB5_LIB_FUNCTION -krb5_config_vget_strings ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - va_list /*args*/); - -int KRB5_LIB_FUNCTION -krb5_config_vget_time ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - va_list /*args*/); - -int KRB5_LIB_FUNCTION -krb5_config_vget_time_default ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - int /*def_value*/, - va_list /*args*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_address ( - krb5_context /*context*/, - const krb5_address */*inaddr*/, - krb5_address */*outaddr*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_addresses ( - krb5_context /*context*/, - const krb5_addresses */*inaddr*/, - krb5_addresses */*outaddr*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_checksum ( - krb5_context /*context*/, - const krb5_checksum */*old*/, - krb5_checksum **/*new*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_creds ( - krb5_context /*context*/, - const krb5_creds */*incred*/, - krb5_creds **/*outcred*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_creds_contents ( - krb5_context /*context*/, - const krb5_creds */*incred*/, - krb5_creds */*c*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_data ( - krb5_context /*context*/, - const krb5_data */*indata*/, - krb5_data **/*outdata*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_host_realm ( - krb5_context /*context*/, - const krb5_realm */*from*/, - krb5_realm **/*to*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_keyblock ( - krb5_context /*context*/, - const krb5_keyblock */*inblock*/, - krb5_keyblock **/*to*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_keyblock_contents ( - krb5_context /*context*/, - const krb5_keyblock */*inblock*/, - krb5_keyblock */*to*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_principal ( - krb5_context /*context*/, - krb5_const_principal /*inprinc*/, - krb5_principal */*outprinc*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_ticket ( - krb5_context /*context*/, - const krb5_ticket */*from*/, - krb5_ticket **/*to*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_create_checksum ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - krb5_key_usage /*usage*/, - int /*type*/, - void */*data*/, - size_t /*len*/, - Checksum */*result*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_destroy ( - krb5_context /*context*/, - krb5_crypto /*crypto*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_get_checksum_type ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - krb5_cksumtype */*type*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_getblocksize ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - size_t */*blocksize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_getconfoundersize ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - size_t */*confoundersize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_getenctype ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - krb5_enctype */*enctype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_getpadsize ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - size_t */*padsize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_init ( - krb5_context /*context*/, - const krb5_keyblock */*key*/, - krb5_enctype /*etype*/, - krb5_crypto */*crypto*/); - -size_t -krb5_crypto_overhead ( - krb5_context /*context*/, - krb5_crypto /*crypto*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_prf ( - krb5_context /*context*/, - const krb5_crypto /*crypto*/, - const krb5_data */*input*/, - krb5_data */*output*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_prf_length ( - krb5_context /*context*/, - krb5_enctype /*type*/, - size_t */*length*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_data_alloc ( - krb5_data */*p*/, - int /*len*/); - -int KRB5_LIB_FUNCTION -krb5_data_cmp ( - const krb5_data */*data1*/, - const krb5_data */*data2*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_data_copy ( - krb5_data */*p*/, - const void */*data*/, - size_t /*len*/); - -void KRB5_LIB_FUNCTION -krb5_data_free (krb5_data */*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_data_realloc ( - krb5_data */*p*/, - int /*len*/); - -void KRB5_LIB_FUNCTION -krb5_data_zero (krb5_data */*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_Authenticator ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - Authenticator */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_ETYPE_INFO ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - ETYPE_INFO */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_ETYPE_INFO2 ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - ETYPE_INFO2 */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_EncAPRepPart ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - EncAPRepPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_EncASRepPart ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - EncASRepPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_EncKrbCredPart ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - EncKrbCredPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_EncTGSRepPart ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - EncTGSRepPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_EncTicketPart ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - EncTicketPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_ap_req ( - krb5_context /*context*/, - const krb5_data */*inbuf*/, - krb5_ap_req */*ap_req*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decrypt ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - unsigned /*usage*/, - void */*data*/, - size_t /*len*/, - krb5_data */*result*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decrypt_EncryptedData ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - unsigned /*usage*/, - const EncryptedData */*e*/, - krb5_data */*result*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decrypt_ivec ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - unsigned /*usage*/, - void */*data*/, - size_t /*len*/, - krb5_data */*result*/, - void */*ivec*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decrypt_ticket ( - krb5_context /*context*/, - Ticket */*ticket*/, - krb5_keyblock */*key*/, - EncTicketPart */*out*/, - krb5_flags /*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_derive_key ( - krb5_context /*context*/, - const krb5_keyblock */*key*/, - krb5_enctype /*etype*/, - const void */*constant*/, - size_t /*constant_len*/, - krb5_keyblock **/*derived_key*/); - -krb5_error_code -krb5_digest_alloc ( - krb5_context /*context*/, - krb5_digest */*digest*/); - -void -krb5_digest_free (krb5_digest /*digest*/); - -krb5_error_code -krb5_digest_get_client_binding ( - krb5_context /*context*/, - krb5_digest /*digest*/, - char **/*type*/, - char **/*binding*/); - -const char * -krb5_digest_get_identifier ( - krb5_context /*context*/, - krb5_digest /*digest*/); - -const char * -krb5_digest_get_opaque ( - krb5_context /*context*/, - krb5_digest /*digest*/); - -const char * -krb5_digest_get_rsp ( - krb5_context /*context*/, - krb5_digest /*digest*/); - -const char * -krb5_digest_get_server_nonce ( - krb5_context /*context*/, - krb5_digest /*digest*/); - -krb5_error_code -krb5_digest_get_session_key ( - krb5_context /*context*/, - krb5_digest /*digest*/, - krb5_data */*data*/); - -krb5_error_code -krb5_digest_get_tickets ( - krb5_context /*context*/, - krb5_digest /*digest*/, - Ticket **/*tickets*/); - -krb5_error_code -krb5_digest_init_request ( - krb5_context /*context*/, - krb5_digest /*digest*/, - krb5_realm /*realm*/, - krb5_ccache /*ccache*/); - -krb5_error_code -krb5_digest_probe ( - krb5_context /*context*/, - krb5_realm /*realm*/, - krb5_ccache /*ccache*/, - unsigned */*flags*/); - -krb5_boolean -krb5_digest_rep_get_status ( - krb5_context /*context*/, - krb5_digest /*digest*/); - -krb5_error_code -krb5_digest_request ( - krb5_context /*context*/, - krb5_digest /*digest*/, - krb5_realm /*realm*/, - krb5_ccache /*ccache*/); - -krb5_error_code -krb5_digest_set_authentication_user ( - krb5_context /*context*/, - krb5_digest /*digest*/, - krb5_principal /*authentication_user*/); - -krb5_error_code -krb5_digest_set_authid ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*authid*/); - -krb5_error_code -krb5_digest_set_client_nonce ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*nonce*/); - -krb5_error_code -krb5_digest_set_digest ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*dgst*/); - -krb5_error_code -krb5_digest_set_hostname ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*hostname*/); - -krb5_error_code -krb5_digest_set_identifier ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*id*/); - -krb5_error_code -krb5_digest_set_method ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*method*/); - -krb5_error_code -krb5_digest_set_nonceCount ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*nonce_count*/); - -krb5_error_code -krb5_digest_set_opaque ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*opaque*/); - -krb5_error_code -krb5_digest_set_qop ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*qop*/); - -krb5_error_code -krb5_digest_set_realm ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*realm*/); - -int -krb5_digest_set_responseData ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*response*/); - -krb5_error_code -krb5_digest_set_server_cb ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*type*/, - const char */*binding*/); - -krb5_error_code -krb5_digest_set_server_nonce ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*nonce*/); - -krb5_error_code -krb5_digest_set_type ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*type*/); - -krb5_error_code -krb5_digest_set_uri ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*uri*/); - -krb5_error_code -krb5_digest_set_username ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*username*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_domain_x500_decode ( - krb5_context /*context*/, - krb5_data /*tr*/, - char ***/*realms*/, - unsigned int */*num_realms*/, - const char */*client_realm*/, - const char */*server_realm*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_domain_x500_encode ( - char **/*realms*/, - unsigned int /*num_realms*/, - krb5_data */*encoding*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_eai_to_heim_errno ( - int /*eai_errno*/, - int /*system_error*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encode_Authenticator ( - krb5_context /*context*/, - void */*data*/, - size_t /*length*/, - Authenticator */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encode_ETYPE_INFO ( - krb5_context /*context*/, - void */*data*/, - size_t /*length*/, - ETYPE_INFO */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encode_ETYPE_INFO2 ( - krb5_context /*context*/, - void */*data*/, - size_t /*length*/, - ETYPE_INFO2 */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encode_EncAPRepPart ( - krb5_context /*context*/, - void */*data*/, - size_t /*length*/, - EncAPRepPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encode_EncASRepPart ( - krb5_context /*context*/, - void */*data*/, - size_t /*length*/, - EncASRepPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encode_EncKrbCredPart ( - krb5_context /*context*/, - void */*data*/, - size_t /*length*/, - EncKrbCredPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encode_EncTGSRepPart ( - krb5_context /*context*/, - void */*data*/, - size_t /*length*/, - EncTGSRepPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encode_EncTicketPart ( - krb5_context /*context*/, - void */*data*/, - size_t /*length*/, - EncTicketPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encrypt ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - unsigned /*usage*/, - const void */*data*/, - size_t /*len*/, - krb5_data */*result*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encrypt_EncryptedData ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - unsigned /*usage*/, - void */*data*/, - size_t /*len*/, - int /*kvno*/, - EncryptedData */*result*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encrypt_ivec ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - unsigned /*usage*/, - const void */*data*/, - size_t /*len*/, - krb5_data */*result*/, - void */*ivec*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_enctype_disable ( - krb5_context /*context*/, - krb5_enctype /*enctype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_enctype_keybits ( - krb5_context /*context*/, - krb5_enctype /*type*/, - size_t */*keybits*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_enctype_keysize ( - krb5_context /*context*/, - krb5_enctype /*type*/, - size_t */*keysize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_enctype_to_keytype ( - krb5_context /*context*/, - krb5_enctype /*etype*/, - krb5_keytype */*keytype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_enctype_to_string ( - krb5_context /*context*/, - krb5_enctype /*etype*/, - char **/*string*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_enctype_valid ( - krb5_context /*context*/, - krb5_enctype /*etype*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_enctypes_compatible_keys ( - krb5_context /*context*/, - krb5_enctype /*etype1*/, - krb5_enctype /*etype2*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_err ( - krb5_context /*context*/, - int /*eval*/, - krb5_error_code /*code*/, - const char */*fmt*/, - ...) - __attribute__ ((noreturn, format (printf, 4, 5))); - -krb5_error_code KRB5_LIB_FUNCTION - __attribute__((deprecated)) krb5_free_creds_contents (krb5_context context, krb5_creds *c); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_error_from_rd_error ( - krb5_context /*context*/, - const krb5_error */*error*/, - const krb5_creds */*creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_errx ( - krb5_context /*context*/, - int /*eval*/, - const char */*fmt*/, - ...) - __attribute__ ((noreturn, format (printf, 3, 4))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_expand_hostname ( - krb5_context /*context*/, - const char */*orig_hostname*/, - char **/*new_hostname*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_expand_hostname_realms ( - krb5_context /*context*/, - const char */*orig_hostname*/, - char **/*new_hostname*/, - char ***/*realms*/); - -PA_DATA * -krb5_find_padata ( - PA_DATA */*val*/, - unsigned /*len*/, - int /*type*/, - int */*idx*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_format_time ( - krb5_context /*context*/, - time_t /*t*/, - char */*s*/, - size_t /*len*/, - krb5_boolean /*include_time*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_address ( - krb5_context /*context*/, - krb5_address */*address*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_addresses ( - krb5_context /*context*/, - krb5_addresses */*addresses*/); - -void KRB5_LIB_FUNCTION -krb5_free_ap_rep_enc_part ( - krb5_context /*context*/, - krb5_ap_rep_enc_part */*val*/); - -void KRB5_LIB_FUNCTION -krb5_free_authenticator ( - krb5_context /*context*/, - krb5_authenticator */*authenticator*/); - -void KRB5_LIB_FUNCTION -krb5_free_checksum ( - krb5_context /*context*/, - krb5_checksum */*cksum*/); - -void KRB5_LIB_FUNCTION -krb5_free_checksum_contents ( - krb5_context /*context*/, - krb5_checksum */*cksum*/); - -void KRB5_LIB_FUNCTION -krb5_free_config_files (char **/*filenames*/); - -void KRB5_LIB_FUNCTION -krb5_free_context (krb5_context /*context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_cred_contents ( - krb5_context /*context*/, - krb5_creds */*c*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_creds ( - krb5_context /*context*/, - krb5_creds */*c*/); - -void KRB5_LIB_FUNCTION -krb5_free_data ( - krb5_context /*context*/, - krb5_data */*p*/); - -void KRB5_LIB_FUNCTION -krb5_free_data_contents ( - krb5_context /*context*/, - krb5_data */*data*/); - -void KRB5_LIB_FUNCTION -krb5_free_error ( - krb5_context /*context*/, - krb5_error */*error*/); - -void KRB5_LIB_FUNCTION -krb5_free_error_contents ( - krb5_context /*context*/, - krb5_error */*error*/); - -void KRB5_LIB_FUNCTION -krb5_free_error_message ( - krb5_context /*context*/, - const char */*msg*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_host_realm ( - krb5_context /*context*/, - krb5_realm */*realmlist*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_kdc_rep ( - krb5_context /*context*/, - krb5_kdc_rep */*rep*/); - -void KRB5_LIB_FUNCTION -krb5_free_keyblock ( - krb5_context /*context*/, - krb5_keyblock */*keyblock*/); - -void KRB5_LIB_FUNCTION -krb5_free_keyblock_contents ( - krb5_context /*context*/, - krb5_keyblock */*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_krbhst ( - krb5_context /*context*/, - char **/*hostlist*/); - -void KRB5_LIB_FUNCTION -krb5_free_principal ( - krb5_context /*context*/, - krb5_principal /*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_salt ( - krb5_context /*context*/, - krb5_salt /*salt*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_ticket ( - krb5_context /*context*/, - krb5_ticket */*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_fwd_tgt_creds ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - const char */*hostname*/, - krb5_principal /*client*/, - krb5_principal /*server*/, - krb5_ccache /*ccache*/, - int /*forwardable*/, - krb5_data */*out_data*/); - -void KRB5_LIB_FUNCTION -krb5_generate_random_block ( - void */*buf*/, - size_t /*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_generate_random_keyblock ( - krb5_context /*context*/, - krb5_enctype /*type*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_generate_seq_number ( - krb5_context /*context*/, - const krb5_keyblock */*key*/, - uint32_t */*seqno*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_generate_subkey ( - krb5_context /*context*/, - const krb5_keyblock */*key*/, - krb5_keyblock **/*subkey*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_generate_subkey_extended ( - krb5_context /*context*/, - const krb5_keyblock */*key*/, - krb5_enctype /*etype*/, - krb5_keyblock **/*subkey*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_all_client_addrs ( - krb5_context /*context*/, - krb5_addresses */*res*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_all_server_addrs ( - krb5_context /*context*/, - krb5_addresses */*res*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_cred_from_kdc ( - krb5_context /*context*/, - krb5_ccache /*ccache*/, - krb5_creds */*in_creds*/, - krb5_creds **/*out_creds*/, - krb5_creds ***/*ret_tgts*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_cred_from_kdc_opt ( - krb5_context /*context*/, - krb5_ccache /*ccache*/, - krb5_creds */*in_creds*/, - krb5_creds **/*out_creds*/, - krb5_creds ***/*ret_tgts*/, - krb5_flags /*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_credentials ( - krb5_context /*context*/, - krb5_flags /*options*/, - krb5_ccache /*ccache*/, - krb5_creds */*in_creds*/, - krb5_creds **/*out_creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_credentials_with_flags ( - krb5_context /*context*/, - krb5_flags /*options*/, - krb5_kdc_flags /*flags*/, - krb5_ccache /*ccache*/, - krb5_creds */*in_creds*/, - krb5_creds **/*out_creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_creds ( - krb5_context /*context*/, - krb5_get_creds_opt /*opt*/, - krb5_ccache /*ccache*/, - krb5_const_principal /*inprinc*/, - krb5_creds **/*out_creds*/); - -void KRB5_LIB_FUNCTION -krb5_get_creds_opt_add_options ( - krb5_context /*context*/, - krb5_get_creds_opt /*opt*/, - krb5_flags /*options*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_creds_opt_alloc ( - krb5_context /*context*/, - krb5_get_creds_opt */*opt*/); - -void KRB5_LIB_FUNCTION -krb5_get_creds_opt_free ( - krb5_context /*context*/, - krb5_get_creds_opt /*opt*/); - -void KRB5_LIB_FUNCTION -krb5_get_creds_opt_set_enctype ( - krb5_context /*context*/, - krb5_get_creds_opt /*opt*/, - krb5_enctype /*enctype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_creds_opt_set_impersonate ( - krb5_context /*context*/, - krb5_get_creds_opt /*opt*/, - krb5_const_principal /*self*/); - -void KRB5_LIB_FUNCTION -krb5_get_creds_opt_set_options ( - krb5_context /*context*/, - krb5_get_creds_opt /*opt*/, - krb5_flags /*options*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_creds_opt_set_ticket ( - krb5_context /*context*/, - krb5_get_creds_opt /*opt*/, - const Ticket */*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_default_config_files (char ***/*pfilenames*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_default_in_tkt_etypes ( - krb5_context /*context*/, - krb5_enctype **/*etypes*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_default_principal ( - krb5_context /*context*/, - krb5_principal */*princ*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_default_realm ( - krb5_context /*context*/, - krb5_realm */*realm*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_default_realms ( - krb5_context /*context*/, - krb5_realm **/*realms*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_get_dns_canonicalize_hostname (krb5_context /*context*/); - -const char* KRB5_LIB_FUNCTION -krb5_get_err_text ( - krb5_context /*context*/, - krb5_error_code /*code*/); - -const char * KRB5_LIB_FUNCTION -krb5_get_error_message ( - krb5_context /*context*/, - krb5_error_code /*code*/); - -char * KRB5_LIB_FUNCTION -krb5_get_error_string (krb5_context /*context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_extra_addresses ( - krb5_context /*context*/, - krb5_addresses */*addresses*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_fcache_version ( - krb5_context /*context*/, - int */*version*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_forwarded_creds ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_ccache /*ccache*/, - krb5_flags /*flags*/, - const char */*hostname*/, - krb5_creds */*in_creds*/, - krb5_data */*out_data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_host_realm ( - krb5_context /*context*/, - const char */*targethost*/, - krb5_realm **/*realms*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_ignore_addresses ( - krb5_context /*context*/, - krb5_addresses */*addresses*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_in_cred ( - krb5_context /*context*/, - krb5_flags /*options*/, - const krb5_addresses */*addrs*/, - const krb5_enctype */*etypes*/, - const krb5_preauthtype */*ptypes*/, - const krb5_preauthdata */*preauth*/, - krb5_key_proc /*key_proc*/, - krb5_const_pointer /*keyseed*/, - krb5_decrypt_proc /*decrypt_proc*/, - krb5_const_pointer /*decryptarg*/, - krb5_creds */*creds*/, - krb5_kdc_rep */*ret_as_reply*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_in_tkt ( - krb5_context /*context*/, - krb5_flags /*options*/, - const krb5_addresses */*addrs*/, - const krb5_enctype */*etypes*/, - const krb5_preauthtype */*ptypes*/, - krb5_key_proc /*key_proc*/, - krb5_const_pointer /*keyseed*/, - krb5_decrypt_proc /*decrypt_proc*/, - krb5_const_pointer /*decryptarg*/, - krb5_creds */*creds*/, - krb5_ccache /*ccache*/, - krb5_kdc_rep */*ret_as_reply*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_in_tkt_with_keytab ( - krb5_context /*context*/, - krb5_flags /*options*/, - krb5_addresses */*addrs*/, - const krb5_enctype */*etypes*/, - const krb5_preauthtype */*pre_auth_types*/, - krb5_keytab /*keytab*/, - krb5_ccache /*ccache*/, - krb5_creds */*creds*/, - krb5_kdc_rep */*ret_as_reply*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_in_tkt_with_password ( - krb5_context /*context*/, - krb5_flags /*options*/, - krb5_addresses */*addrs*/, - const krb5_enctype */*etypes*/, - const krb5_preauthtype */*pre_auth_types*/, - const char */*password*/, - krb5_ccache /*ccache*/, - krb5_creds */*creds*/, - krb5_kdc_rep */*ret_as_reply*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_in_tkt_with_skey ( - krb5_context /*context*/, - krb5_flags /*options*/, - krb5_addresses */*addrs*/, - const krb5_enctype */*etypes*/, - const krb5_preauthtype */*pre_auth_types*/, - const krb5_keyblock */*key*/, - krb5_ccache /*ccache*/, - krb5_creds */*creds*/, - krb5_kdc_rep */*ret_as_reply*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds ( - krb5_context /*context*/, - krb5_creds */*creds*/, - krb5_principal /*client*/, - krb5_prompter_fct /*prompter*/, - void */*data*/, - krb5_deltat /*start_time*/, - const char */*in_tkt_service*/, - krb5_get_init_creds_opt */*options*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_keyblock ( - krb5_context /*context*/, - krb5_creds */*creds*/, - krb5_principal /*client*/, - krb5_keyblock */*keyblock*/, - krb5_deltat /*start_time*/, - const char */*in_tkt_service*/, - krb5_get_init_creds_opt */*options*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_keytab ( - krb5_context /*context*/, - krb5_creds */*creds*/, - krb5_principal /*client*/, - krb5_keytab /*keytab*/, - krb5_deltat /*start_time*/, - const char */*in_tkt_service*/, - krb5_get_init_creds_opt */*options*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_alloc ( - krb5_context /*context*/, - krb5_get_init_creds_opt **/*opt*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_free ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_get_error ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - KRB_ERROR **/*error*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_init (krb5_get_init_creds_opt */*opt*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_address_list ( - krb5_get_init_creds_opt */*opt*/, - krb5_addresses */*addresses*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_addressless ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - krb5_boolean /*addressless*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_anonymous ( - krb5_get_init_creds_opt */*opt*/, - int /*anonymous*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_canonicalize ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - krb5_boolean /*req*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_default_flags ( - krb5_context /*context*/, - const char */*appname*/, - krb5_const_realm /*realm*/, - krb5_get_init_creds_opt */*opt*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_etype_list ( - krb5_get_init_creds_opt */*opt*/, - krb5_enctype */*etype_list*/, - int /*etype_list_length*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_forwardable ( - krb5_get_init_creds_opt */*opt*/, - int /*forwardable*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_pa_password ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - const char */*password*/, - krb5_s2k_proc /*key_proc*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_pac_request ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - krb5_boolean /*req_pac*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_pkinit ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - krb5_principal /*principal*/, - const char */*user_id*/, - const char */*x509_anchors*/, - char * const * /*pool*/, - char * const * /*pki_revoke*/, - int /*flags*/, - krb5_prompter_fct /*prompter*/, - void */*prompter_data*/, - char */*password*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_preauth_list ( - krb5_get_init_creds_opt */*opt*/, - krb5_preauthtype */*preauth_list*/, - int /*preauth_list_length*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_proxiable ( - krb5_get_init_creds_opt */*opt*/, - int /*proxiable*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_renew_life ( - krb5_get_init_creds_opt */*opt*/, - krb5_deltat /*renew_life*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_salt ( - krb5_get_init_creds_opt */*opt*/, - krb5_data */*salt*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_tkt_life ( - krb5_get_init_creds_opt */*opt*/, - krb5_deltat /*tkt_life*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_win2k ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - krb5_boolean /*req*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_password ( - krb5_context /*context*/, - krb5_creds */*creds*/, - krb5_principal /*client*/, - const char */*password*/, - krb5_prompter_fct /*prompter*/, - void */*data*/, - krb5_deltat /*start_time*/, - const char */*in_tkt_service*/, - krb5_get_init_creds_opt */*in_options*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_kdc_cred ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_kdc_flags /*flags*/, - krb5_addresses */*addresses*/, - Ticket */*second_ticket*/, - krb5_creds */*in_creds*/, - krb5_creds **out_creds ); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_kdc_sec_offset ( - krb5_context /*context*/, - int32_t */*sec*/, - int32_t */*usec*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_krb524hst ( - krb5_context /*context*/, - const krb5_realm */*realm*/, - char ***/*hostlist*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_krb_admin_hst ( - krb5_context /*context*/, - const krb5_realm */*realm*/, - char ***/*hostlist*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_krb_changepw_hst ( - krb5_context /*context*/, - const krb5_realm */*realm*/, - char ***/*hostlist*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_krbhst ( - krb5_context /*context*/, - const krb5_realm */*realm*/, - char ***/*hostlist*/); - -time_t KRB5_LIB_FUNCTION -krb5_get_max_time_skew (krb5_context /*context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_pw_salt ( - krb5_context /*context*/, - krb5_const_principal /*principal*/, - krb5_salt */*salt*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_renewed_creds ( - krb5_context /*context*/, - krb5_creds */*creds*/, - krb5_const_principal /*client*/, - krb5_ccache /*ccache*/, - const char */*in_tkt_service*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_server_rcache ( - krb5_context /*context*/, - const krb5_data */*piece*/, - krb5_rcache */*id*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_get_use_admin_kdc (krb5_context /*context*/); - -krb5_log_facility * KRB5_LIB_FUNCTION -krb5_get_warn_dest (krb5_context /*context*/); - -size_t -krb5_get_wrapped_length ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - size_t /*data_len*/); - -int KRB5_LIB_FUNCTION -krb5_getportbyname ( - krb5_context /*context*/, - const char */*service*/, - const char */*proto*/, - int /*default_port*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_h_addr2addr ( - krb5_context /*context*/, - int /*af*/, - const char */*haddr*/, - krb5_address */*addr*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_h_addr2sockaddr ( - krb5_context /*context*/, - int /*af*/, - const char */*addr*/, - struct sockaddr */*sa*/, - krb5_socklen_t */*sa_size*/, - int /*port*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_h_errno_to_heim_errno (int /*eai_errno*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_have_error_string (krb5_context /*context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_hmac ( - krb5_context /*context*/, - krb5_cksumtype /*cktype*/, - const void */*data*/, - size_t /*len*/, - unsigned /*usage*/, - krb5_keyblock */*key*/, - Checksum */*result*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_init_context (krb5_context */*context*/); - -void KRB5_LIB_FUNCTION -krb5_init_ets (krb5_context /*context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_init_etype ( - krb5_context /*context*/, - unsigned */*len*/, - krb5_enctype **/*val*/, - const krb5_enctype */*etypes*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_initlog ( - krb5_context /*context*/, - const char */*program*/, - krb5_log_facility **/*fac*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_is_thread_safe (void); - -const krb5_enctype * KRB5_LIB_FUNCTION -krb5_kerberos_enctypes (krb5_context /*context*/); - -krb5_enctype -krb5_keyblock_get_enctype (const krb5_keyblock */*block*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keyblock_init ( - krb5_context /*context*/, - krb5_enctype /*type*/, - const void */*data*/, - size_t /*size*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keyblock_key_proc ( - krb5_context /*context*/, - krb5_keytype /*type*/, - krb5_data */*salt*/, - krb5_const_pointer /*keyseed*/, - krb5_keyblock **/*key*/); - -void KRB5_LIB_FUNCTION -krb5_keyblock_zero (krb5_keyblock */*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytab_key_proc ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - krb5_salt /*salt*/, - krb5_const_pointer /*keyseed*/, - krb5_keyblock **/*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_enctypes ( - krb5_context /*context*/, - krb5_keytype /*keytype*/, - unsigned */*len*/, - krb5_enctype **/*val*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_enctypes_default ( - krb5_context /*context*/, - krb5_keytype /*keytype*/, - unsigned */*len*/, - krb5_enctype **/*val*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_string ( - krb5_context /*context*/, - krb5_keytype /*keytype*/, - char **/*string*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_krbhst_format_string ( - krb5_context /*context*/, - const krb5_krbhst_info */*host*/, - char */*hostname*/, - size_t /*hostlen*/); - -void KRB5_LIB_FUNCTION -krb5_krbhst_free ( - krb5_context /*context*/, - krb5_krbhst_handle /*handle*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_krbhst_get_addrinfo ( - krb5_context /*context*/, - krb5_krbhst_info */*host*/, - struct addrinfo **/*ai*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_krbhst_init ( - krb5_context /*context*/, - const char */*realm*/, - unsigned int /*type*/, - krb5_krbhst_handle */*handle*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_krbhst_init_flags ( - krb5_context /*context*/, - const char */*realm*/, - unsigned int /*type*/, - int /*flags*/, - krb5_krbhst_handle */*handle*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_krbhst_next ( - krb5_context /*context*/, - krb5_krbhst_handle /*handle*/, - krb5_krbhst_info **/*host*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_krbhst_next_as_string ( - krb5_context /*context*/, - krb5_krbhst_handle /*handle*/, - char */*hostname*/, - size_t /*hostlen*/); - -void KRB5_LIB_FUNCTION -krb5_krbhst_reset ( - krb5_context /*context*/, - krb5_krbhst_handle /*handle*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_add_entry ( - krb5_context /*context*/, - krb5_keytab /*id*/, - krb5_keytab_entry */*entry*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_close ( - krb5_context /*context*/, - krb5_keytab /*id*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_kt_compare ( - krb5_context /*context*/, - krb5_keytab_entry */*entry*/, - krb5_const_principal /*principal*/, - krb5_kvno /*vno*/, - krb5_enctype /*enctype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_copy_entry_contents ( - krb5_context /*context*/, - const krb5_keytab_entry */*in*/, - krb5_keytab_entry */*out*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_default ( - krb5_context /*context*/, - krb5_keytab */*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_default_modify_name ( - krb5_context /*context*/, - char */*name*/, - size_t /*namesize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_default_name ( - krb5_context /*context*/, - char */*name*/, - size_t /*namesize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_end_seq_get ( - krb5_context /*context*/, - krb5_keytab /*id*/, - krb5_kt_cursor */*cursor*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_free_entry ( - krb5_context /*context*/, - krb5_keytab_entry */*entry*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_get_entry ( - krb5_context /*context*/, - krb5_keytab /*id*/, - krb5_const_principal /*principal*/, - krb5_kvno /*kvno*/, - krb5_enctype /*enctype*/, - krb5_keytab_entry */*entry*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_get_full_name ( - krb5_context /*context*/, - krb5_keytab /*keytab*/, - char **/*str*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_get_name ( - krb5_context /*context*/, - krb5_keytab /*keytab*/, - char */*name*/, - size_t /*namesize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_get_type ( - krb5_context /*context*/, - krb5_keytab /*keytab*/, - char */*prefix*/, - size_t /*prefixsize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_next_entry ( - krb5_context /*context*/, - krb5_keytab /*id*/, - krb5_keytab_entry */*entry*/, - krb5_kt_cursor */*cursor*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_read_service_key ( - krb5_context /*context*/, - krb5_pointer /*keyprocarg*/, - krb5_principal /*principal*/, - krb5_kvno /*vno*/, - krb5_enctype /*enctype*/, - krb5_keyblock **/*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_register ( - krb5_context /*context*/, - const krb5_kt_ops */*ops*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_remove_entry ( - krb5_context /*context*/, - krb5_keytab /*id*/, - krb5_keytab_entry */*entry*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_resolve ( - krb5_context /*context*/, - const char */*name*/, - krb5_keytab */*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_start_seq_get ( - krb5_context /*context*/, - krb5_keytab /*id*/, - krb5_kt_cursor */*cursor*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_kuserok ( - krb5_context /*context*/, - krb5_principal /*principal*/, - const char */*luser*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_log ( - krb5_context /*context*/, - krb5_log_facility */*fac*/, - int /*level*/, - const char */*fmt*/, - ...) - __attribute__((format (printf, 4, 5))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_log_msg ( - krb5_context /*context*/, - krb5_log_facility */*fac*/, - int /*level*/, - char **/*reply*/, - const char */*fmt*/, - ...) - __attribute__((format (printf, 5, 6))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_make_addrport ( - krb5_context /*context*/, - krb5_address **/*res*/, - const krb5_address */*addr*/, - int16_t /*port*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_make_principal ( - krb5_context /*context*/, - krb5_principal */*principal*/, - krb5_const_realm /*realm*/, - ...); - -size_t KRB5_LIB_FUNCTION -krb5_max_sockaddr_size (void); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_mk_error ( - krb5_context /*context*/, - krb5_error_code /*error_code*/, - const char */*e_text*/, - const krb5_data */*e_data*/, - const krb5_principal /*client*/, - const krb5_principal /*server*/, - time_t */*client_time*/, - int */*client_usec*/, - krb5_data */*reply*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_mk_priv ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - const krb5_data */*userdata*/, - krb5_data */*outbuf*/, - krb5_replay_data */*outdata*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_mk_rep ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_data */*outbuf*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_mk_req ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - const krb5_flags /*ap_req_options*/, - const char */*service*/, - const char */*hostname*/, - krb5_data */*in_data*/, - krb5_ccache /*ccache*/, - krb5_data */*outbuf*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_mk_req_exact ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - const krb5_flags /*ap_req_options*/, - const krb5_principal /*server*/, - krb5_data */*in_data*/, - krb5_ccache /*ccache*/, - krb5_data */*outbuf*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_mk_req_extended ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - const krb5_flags /*ap_req_options*/, - krb5_data */*in_data*/, - krb5_creds */*in_creds*/, - krb5_data */*outbuf*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_mk_safe ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - const krb5_data */*userdata*/, - krb5_data */*outbuf*/, - krb5_replay_data */*outdata*/); - -krb5_ssize_t KRB5_LIB_FUNCTION -krb5_net_read ( - krb5_context /*context*/, - void */*p_fd*/, - void */*buf*/, - size_t /*len*/); - -krb5_ssize_t KRB5_LIB_FUNCTION -krb5_net_write ( - krb5_context /*context*/, - void */*p_fd*/, - const void */*buf*/, - size_t /*len*/); - -krb5_ssize_t KRB5_LIB_FUNCTION -krb5_net_write_block ( - krb5_context /*context*/, - void */*p_fd*/, - const void */*buf*/, - size_t /*len*/, - time_t /*timeout*/); - -krb5_error_code -krb5_ntlm_alloc ( - krb5_context /*context*/, - krb5_ntlm */*ntlm*/); - -krb5_error_code -krb5_ntlm_free ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/); - -krb5_error_code -krb5_ntlm_init_get_challange ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - krb5_data */*challange*/); - -krb5_error_code -krb5_ntlm_init_get_flags ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - uint32_t */*flags*/); - -krb5_error_code -krb5_ntlm_init_get_opaque ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - krb5_data */*opaque*/); - -krb5_error_code -krb5_ntlm_init_get_targetinfo ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - krb5_data */*data*/); - -krb5_error_code -krb5_ntlm_init_get_targetname ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - char **/*name*/); - -krb5_error_code -krb5_ntlm_init_request ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - krb5_realm /*realm*/, - krb5_ccache /*ccache*/, - uint32_t /*flags*/, - const char */*hostname*/, - const char */*domainname*/); - -krb5_error_code -krb5_ntlm_rep_get_sessionkey ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - krb5_data */*data*/); - -krb5_boolean -krb5_ntlm_rep_get_status ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/); - -krb5_error_code -krb5_ntlm_req_set_flags ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - uint32_t /*flags*/); - -krb5_error_code -krb5_ntlm_req_set_lm ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - void */*hash*/, - size_t /*len*/); - -krb5_error_code -krb5_ntlm_req_set_ntlm ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - void */*hash*/, - size_t /*len*/); - -krb5_error_code -krb5_ntlm_req_set_opaque ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - krb5_data */*opaque*/); - -krb5_error_code -krb5_ntlm_req_set_session ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - void */*sessionkey*/, - size_t /*length*/); - -krb5_error_code -krb5_ntlm_req_set_targetname ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - const char */*targetname*/); - -krb5_error_code -krb5_ntlm_req_set_username ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - const char */*username*/); - -krb5_error_code -krb5_ntlm_request ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - krb5_realm /*realm*/, - krb5_ccache /*ccache*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_openlog ( - krb5_context /*context*/, - const char */*program*/, - krb5_log_facility **/*fac*/); - -krb5_error_code -krb5_pac_add_buffer ( - krb5_context /*context*/, - krb5_pac /*p*/, - uint32_t /*type*/, - const krb5_data */*data*/); - -void -krb5_pac_free ( - krb5_context /*context*/, - krb5_pac /*pac*/); - -krb5_error_code -krb5_pac_get_buffer ( - krb5_context /*context*/, - krb5_pac /*p*/, - uint32_t /*type*/, - krb5_data */*data*/); - -krb5_error_code -krb5_pac_get_types ( - krb5_context /*context*/, - krb5_pac /*p*/, - size_t */*len*/, - uint32_t **/*types*/); - -krb5_error_code -krb5_pac_init ( - krb5_context /*context*/, - krb5_pac */*pac*/); - -krb5_error_code -krb5_pac_parse ( - krb5_context /*context*/, - const void */*ptr*/, - size_t /*len*/, - krb5_pac */*pac*/); - -krb5_error_code -krb5_pac_verify ( - krb5_context /*context*/, - const krb5_pac /*pac*/, - time_t /*authtime*/, - krb5_const_principal /*principal*/, - const krb5_keyblock */*server*/, - const krb5_keyblock */*privsvr*/); - -int KRB5_LIB_FUNCTION -krb5_padata_add ( - krb5_context /*context*/, - METHOD_DATA */*md*/, - int /*type*/, - void */*buf*/, - size_t /*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_parse_address ( - krb5_context /*context*/, - const char */*string*/, - krb5_addresses */*addresses*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_parse_name ( - krb5_context /*context*/, - const char */*name*/, - krb5_principal */*principal*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_parse_name_flags ( - krb5_context /*context*/, - const char */*name*/, - int /*flags*/, - krb5_principal */*principal*/); - -krb5_error_code -krb5_parse_nametype ( - krb5_context /*context*/, - const char */*str*/, - int32_t */*nametype*/); - -const char* KRB5_LIB_FUNCTION -krb5_passwd_result_to_string ( - krb5_context /*context*/, - int /*result*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_password_key_proc ( - krb5_context /*context*/, - krb5_enctype /*type*/, - krb5_salt /*salt*/, - krb5_const_pointer /*keyseed*/, - krb5_keyblock **/*key*/); - -krb5_error_code -krb5_plugin_register ( - krb5_context /*context*/, - enum krb5_plugin_type /*type*/, - const char */*name*/, - void */*symbol*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_prepend_config_files ( - const char */*filelist*/, - char **/*pq*/, - char ***/*ret_pp*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_prepend_config_files_default ( - const char */*filelist*/, - char ***/*pfilenames*/); - -krb5_realm * KRB5_LIB_FUNCTION -krb5_princ_realm ( - krb5_context /*context*/, - krb5_principal /*principal*/); - -void KRB5_LIB_FUNCTION -krb5_princ_set_realm ( - krb5_context /*context*/, - krb5_principal /*principal*/, - krb5_realm */*realm*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_principal_compare ( - krb5_context /*context*/, - krb5_const_principal /*princ1*/, - krb5_const_principal /*princ2*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_principal_compare_any_realm ( - krb5_context /*context*/, - krb5_const_principal /*princ1*/, - krb5_const_principal /*princ2*/); - -const char* KRB5_LIB_FUNCTION -krb5_principal_get_comp_string ( - krb5_context /*context*/, - krb5_const_principal /*principal*/, - unsigned int /*component*/); - -const char* KRB5_LIB_FUNCTION -krb5_principal_get_realm ( - krb5_context /*context*/, - krb5_const_principal /*principal*/); - -int KRB5_LIB_FUNCTION -krb5_principal_get_type ( - krb5_context /*context*/, - krb5_const_principal /*principal*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_principal_match ( - krb5_context /*context*/, - krb5_const_principal /*princ*/, - krb5_const_principal /*pattern*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_principal_set_realm ( - krb5_context /*context*/, - krb5_principal /*principal*/, - krb5_const_realm /*realm*/); - -void KRB5_LIB_FUNCTION -krb5_principal_set_type ( - krb5_context /*context*/, - krb5_principal /*principal*/, - int /*type*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_print_address ( - const krb5_address */*addr*/, - char */*str*/, - size_t /*len*/, - size_t */*ret_len*/); - -int KRB5_LIB_FUNCTION -krb5_program_setup ( - krb5_context */*context*/, - int /*argc*/, - char **/*argv*/, - struct getargs */*args*/, - int /*num_args*/, - void (*/*usage*/)(int, struct getargs*, int)); - -int KRB5_LIB_FUNCTION -krb5_prompter_posix ( - krb5_context /*context*/, - void */*data*/, - const char */*name*/, - const char */*banner*/, - int /*num_prompts*/, - krb5_prompt prompts[]); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_random_to_key ( - krb5_context /*context*/, - krb5_enctype /*type*/, - const void */*data*/, - size_t /*size*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_close ( - krb5_context /*context*/, - krb5_rcache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_default ( - krb5_context /*context*/, - krb5_rcache */*id*/); - -const char* KRB5_LIB_FUNCTION -krb5_rc_default_name (krb5_context /*context*/); - -const char* KRB5_LIB_FUNCTION -krb5_rc_default_type (krb5_context /*context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_destroy ( - krb5_context /*context*/, - krb5_rcache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_expunge ( - krb5_context /*context*/, - krb5_rcache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_get_lifespan ( - krb5_context /*context*/, - krb5_rcache /*id*/, - krb5_deltat */*auth_lifespan*/); - -const char* KRB5_LIB_FUNCTION -krb5_rc_get_name ( - krb5_context /*context*/, - krb5_rcache /*id*/); - -const char* KRB5_LIB_FUNCTION -krb5_rc_get_type ( - krb5_context /*context*/, - krb5_rcache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_initialize ( - krb5_context /*context*/, - krb5_rcache /*id*/, - krb5_deltat /*auth_lifespan*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_recover ( - krb5_context /*context*/, - krb5_rcache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_resolve ( - krb5_context /*context*/, - krb5_rcache /*id*/, - const char */*name*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_resolve_full ( - krb5_context /*context*/, - krb5_rcache */*id*/, - const char */*string_name*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_resolve_type ( - krb5_context /*context*/, - krb5_rcache */*id*/, - const char */*type*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_store ( - krb5_context /*context*/, - krb5_rcache /*id*/, - krb5_donot_replay */*rep*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_cred ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_data */*in_data*/, - krb5_creds ***/*ret_creds*/, - krb5_replay_data */*outdata*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_cred2 ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_ccache /*ccache*/, - krb5_data */*in_data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_error ( - krb5_context /*context*/, - const krb5_data */*msg*/, - KRB_ERROR */*result*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_priv ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - const krb5_data */*inbuf*/, - krb5_data */*outbuf*/, - krb5_replay_data */*outdata*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_rep ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - const krb5_data */*inbuf*/, - krb5_ap_rep_enc_part **/*repl*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - const krb5_data */*inbuf*/, - krb5_const_principal /*server*/, - krb5_keytab /*keytab*/, - krb5_flags */*ap_req_options*/, - krb5_ticket **/*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_ctx ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - const krb5_data */*inbuf*/, - krb5_const_principal /*server*/, - krb5_rd_req_in_ctx /*inctx*/, - krb5_rd_req_out_ctx */*outctx*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_in_ctx_alloc ( - krb5_context /*context*/, - krb5_rd_req_in_ctx */*ctx*/); - -void KRB5_LIB_FUNCTION -krb5_rd_req_in_ctx_free ( - krb5_context /*context*/, - krb5_rd_req_in_ctx /*ctx*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_in_set_keyblock ( - krb5_context /*context*/, - krb5_rd_req_in_ctx /*in*/, - krb5_keyblock */*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_in_set_keytab ( - krb5_context /*context*/, - krb5_rd_req_in_ctx /*in*/, - krb5_keytab /*keytab*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_in_set_pac_check ( - krb5_context /*context*/, - krb5_rd_req_in_ctx /*in*/, - krb5_boolean /*flag*/); - -void KRB5_LIB_FUNCTION -krb5_rd_req_out_ctx_free ( - krb5_context /*context*/, - krb5_rd_req_out_ctx /*ctx*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_out_get_ap_req_options ( - krb5_context /*context*/, - krb5_rd_req_out_ctx /*out*/, - krb5_flags */*ap_req_options*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_out_get_keyblock ( - krb5_context /*context*/, - krb5_rd_req_out_ctx /*out*/, - krb5_keyblock **/*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_out_get_ticket ( - krb5_context /*context*/, - krb5_rd_req_out_ctx /*out*/, - krb5_ticket **/*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_with_keyblock ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - const krb5_data */*inbuf*/, - krb5_const_principal /*server*/, - krb5_keyblock */*keyblock*/, - krb5_flags */*ap_req_options*/, - krb5_ticket **/*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_safe ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - const krb5_data */*inbuf*/, - krb5_data */*outbuf*/, - krb5_replay_data */*outdata*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_read_message ( - krb5_context /*context*/, - krb5_pointer /*p_fd*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_read_priv_message ( - krb5_context /*context*/, - krb5_auth_context /*ac*/, - krb5_pointer /*p_fd*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_read_safe_message ( - krb5_context /*context*/, - krb5_auth_context /*ac*/, - krb5_pointer /*p_fd*/, - krb5_data */*data*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_realm_compare ( - krb5_context /*context*/, - krb5_const_principal /*princ1*/, - krb5_const_principal /*princ2*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_recvauth ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - krb5_pointer /*p_fd*/, - const char */*appl_version*/, - krb5_principal /*server*/, - int32_t /*flags*/, - krb5_keytab /*keytab*/, - krb5_ticket **/*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_recvauth_match_version ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - krb5_pointer /*p_fd*/, - krb5_boolean (*/*match_appl_version*/)(const void *, const char*), - const void */*match_data*/, - krb5_principal /*server*/, - int32_t /*flags*/, - krb5_keytab /*keytab*/, - krb5_ticket **/*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_address ( - krb5_storage */*sp*/, - krb5_address */*adr*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_addrs ( - krb5_storage */*sp*/, - krb5_addresses */*adr*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_authdata ( - krb5_storage */*sp*/, - krb5_authdata */*auth*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_creds ( - krb5_storage */*sp*/, - krb5_creds */*creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_creds_tag ( - krb5_storage */*sp*/, - krb5_creds */*creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_data ( - krb5_storage */*sp*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_int16 ( - krb5_storage */*sp*/, - int16_t */*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_int32 ( - krb5_storage */*sp*/, - int32_t */*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_int8 ( - krb5_storage */*sp*/, - int8_t */*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_keyblock ( - krb5_storage */*sp*/, - krb5_keyblock */*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_principal ( - krb5_storage */*sp*/, - krb5_principal */*princ*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_string ( - krb5_storage */*sp*/, - char **/*string*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_stringnl ( - krb5_storage */*sp*/, - char **/*string*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_stringz ( - krb5_storage */*sp*/, - char **/*string*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_times ( - krb5_storage */*sp*/, - krb5_times */*times*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_uint16 ( - krb5_storage */*sp*/, - uint16_t */*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_uint32 ( - krb5_storage */*sp*/, - uint32_t */*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_uint8 ( - krb5_storage */*sp*/, - uint8_t */*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_salttype_to_string ( - krb5_context /*context*/, - krb5_enctype /*etype*/, - krb5_salttype /*stype*/, - char **/*string*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sendauth ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - krb5_pointer /*p_fd*/, - const char */*appl_version*/, - krb5_principal /*client*/, - krb5_principal /*server*/, - krb5_flags /*ap_req_options*/, - krb5_data */*in_data*/, - krb5_creds */*in_creds*/, - krb5_ccache /*ccache*/, - krb5_error **/*ret_error*/, - krb5_ap_rep_enc_part **/*rep_result*/, - krb5_creds **/*out_creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sendto ( - krb5_context /*context*/, - const krb5_data */*send_data*/, - krb5_krbhst_handle /*handle*/, - krb5_data */*receive*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sendto_context ( - krb5_context /*context*/, - krb5_sendto_ctx /*ctx*/, - const krb5_data */*send_data*/, - const krb5_realm /*realm*/, - krb5_data */*receive*/); - -void KRB5_LIB_FUNCTION -krb5_sendto_ctx_add_flags ( - krb5_sendto_ctx /*ctx*/, - int /*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sendto_ctx_alloc ( - krb5_context /*context*/, - krb5_sendto_ctx */*ctx*/); - -void KRB5_LIB_FUNCTION -krb5_sendto_ctx_free ( - krb5_context /*context*/, - krb5_sendto_ctx /*ctx*/); - -int KRB5_LIB_FUNCTION -krb5_sendto_ctx_get_flags (krb5_sendto_ctx /*ctx*/); - -void KRB5_LIB_FUNCTION -krb5_sendto_ctx_set_func ( - krb5_sendto_ctx /*ctx*/, - krb5_sendto_ctx_func /*func*/, - void */*data*/); - -void KRB5_LIB_FUNCTION -krb5_sendto_ctx_set_type ( - krb5_sendto_ctx /*ctx*/, - int /*type*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sendto_kdc ( - krb5_context /*context*/, - const krb5_data */*send_data*/, - const krb5_realm */*realm*/, - krb5_data */*receive*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sendto_kdc_flags ( - krb5_context /*context*/, - const krb5_data */*send_data*/, - const krb5_realm */*realm*/, - krb5_data */*receive*/, - int /*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_config_files ( - krb5_context /*context*/, - char **/*filenames*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_default_in_tkt_etypes ( - krb5_context /*context*/, - const krb5_enctype */*etypes*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_default_realm ( - krb5_context /*context*/, - const char */*realm*/); - -void KRB5_LIB_FUNCTION -krb5_set_dns_canonicalize_hostname ( - krb5_context /*context*/, - krb5_boolean /*flag*/); - -void KRB5_LIB_FUNCTION -krb5_set_error_message ( - krb5_context /*context*/, - krb5_error_code /*ret*/, - const char */*fmt*/, - ...) - __attribute__ ((format (printf, 3, 4))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_error_string ( - krb5_context /*context*/, - const char */*fmt*/, - ...) __attribute__((format (printf, 2, 3))) - __attribute__((deprecated)); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_extra_addresses ( - krb5_context /*context*/, - const krb5_addresses */*addresses*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_fcache_version ( - krb5_context /*context*/, - int /*version*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_ignore_addresses ( - krb5_context /*context*/, - const krb5_addresses */*addresses*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_kdc_sec_offset ( - krb5_context /*context*/, - int32_t /*sec*/, - int32_t /*usec*/); - -void KRB5_LIB_FUNCTION -krb5_set_max_time_skew ( - krb5_context /*context*/, - time_t /*t*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_password ( - krb5_context /*context*/, - krb5_creds */*creds*/, - const char */*newpw*/, - krb5_principal /*targprinc*/, - int */*result_code*/, - krb5_data */*result_code_string*/, - krb5_data */*result_string*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_password_using_ccache ( - krb5_context /*context*/, - krb5_ccache /*ccache*/, - const char */*newpw*/, - krb5_principal /*targprinc*/, - int */*result_code*/, - krb5_data */*result_code_string*/, - krb5_data */*result_string*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_real_time ( - krb5_context /*context*/, - krb5_timestamp /*sec*/, - int32_t /*usec*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_send_to_kdc_func ( - krb5_context /*context*/, - krb5_send_to_kdc_func /*func*/, - void */*data*/); - -void KRB5_LIB_FUNCTION -krb5_set_use_admin_kdc ( - krb5_context /*context*/, - krb5_boolean /*flag*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_warn_dest ( - krb5_context /*context*/, - krb5_log_facility */*fac*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sname_to_principal ( - krb5_context /*context*/, - const char */*hostname*/, - const char */*sname*/, - int32_t /*type*/, - krb5_principal */*ret_princ*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sock_to_principal ( - krb5_context /*context*/, - int /*sock*/, - const char */*sname*/, - int32_t /*type*/, - krb5_principal */*ret_princ*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sockaddr2address ( - krb5_context /*context*/, - const struct sockaddr */*sa*/, - krb5_address */*addr*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sockaddr2port ( - krb5_context /*context*/, - const struct sockaddr */*sa*/, - int16_t */*port*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_sockaddr_uninteresting (const struct sockaddr */*sa*/); - -void KRB5_LIB_FUNCTION -krb5_std_usage ( - int /*code*/, - struct getargs */*args*/, - int /*num_args*/); - -void KRB5_LIB_FUNCTION -krb5_storage_clear_flags ( - krb5_storage */*sp*/, - krb5_flags /*flags*/); - -krb5_storage * KRB5_LIB_FUNCTION -krb5_storage_emem (void); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_storage_free (krb5_storage */*sp*/); - -krb5_storage * KRB5_LIB_FUNCTION -krb5_storage_from_data (krb5_data */*data*/); - -krb5_storage * KRB5_LIB_FUNCTION -krb5_storage_from_fd (int /*fd*/); - -krb5_storage * KRB5_LIB_FUNCTION -krb5_storage_from_mem ( - void */*buf*/, - size_t /*len*/); - -krb5_storage * KRB5_LIB_FUNCTION -krb5_storage_from_readonly_mem ( - const void */*buf*/, - size_t /*len*/); - -krb5_flags KRB5_LIB_FUNCTION -krb5_storage_get_byteorder ( - krb5_storage */*sp*/, - krb5_flags /*byteorder*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_storage_is_flags ( - krb5_storage */*sp*/, - krb5_flags /*flags*/); - -krb5_ssize_t KRB5_LIB_FUNCTION -krb5_storage_read ( - krb5_storage */*sp*/, - void */*buf*/, - size_t /*len*/); - -off_t KRB5_LIB_FUNCTION -krb5_storage_seek ( - krb5_storage */*sp*/, - off_t /*offset*/, - int /*whence*/); - -void KRB5_LIB_FUNCTION -krb5_storage_set_byteorder ( - krb5_storage */*sp*/, - krb5_flags /*byteorder*/); - -void KRB5_LIB_FUNCTION -krb5_storage_set_eof_code ( - krb5_storage */*sp*/, - int /*code*/); - -void KRB5_LIB_FUNCTION -krb5_storage_set_flags ( - krb5_storage */*sp*/, - krb5_flags /*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_storage_to_data ( - krb5_storage */*sp*/, - krb5_data */*data*/); - -krb5_ssize_t KRB5_LIB_FUNCTION -krb5_storage_write ( - krb5_storage */*sp*/, - const void */*buf*/, - size_t /*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_address ( - krb5_storage */*sp*/, - krb5_address /*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_addrs ( - krb5_storage */*sp*/, - krb5_addresses /*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_authdata ( - krb5_storage */*sp*/, - krb5_authdata /*auth*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_creds ( - krb5_storage */*sp*/, - krb5_creds */*creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_creds_tag ( - krb5_storage */*sp*/, - krb5_creds */*creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_data ( - krb5_storage */*sp*/, - krb5_data /*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_int16 ( - krb5_storage */*sp*/, - int16_t /*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_int32 ( - krb5_storage */*sp*/, - int32_t /*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_int8 ( - krb5_storage */*sp*/, - int8_t /*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_keyblock ( - krb5_storage */*sp*/, - krb5_keyblock /*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_principal ( - krb5_storage */*sp*/, - krb5_const_principal /*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_string ( - krb5_storage */*sp*/, - const char */*s*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_stringnl ( - krb5_storage */*sp*/, - const char */*s*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_stringz ( - krb5_storage */*sp*/, - const char */*s*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_times ( - krb5_storage */*sp*/, - krb5_times /*times*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_uint16 ( - krb5_storage */*sp*/, - uint16_t /*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_uint32 ( - krb5_storage */*sp*/, - uint32_t /*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_uint8 ( - krb5_storage */*sp*/, - uint8_t /*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_deltat ( - const char */*string*/, - krb5_deltat */*deltat*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_enctype ( - krb5_context /*context*/, - const char */*string*/, - krb5_enctype */*etype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - const char */*password*/, - krb5_principal /*principal*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_data ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - krb5_data /*password*/, - krb5_principal /*principal*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_data_salt ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - krb5_data /*password*/, - krb5_salt /*salt*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_data_salt_opaque ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - krb5_data /*password*/, - krb5_salt /*salt*/, - krb5_data /*opaque*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_derived ( - krb5_context /*context*/, - const void */*str*/, - size_t /*len*/, - krb5_enctype /*etype*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_salt ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - const char */*password*/, - krb5_salt /*salt*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_salt_opaque ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - const char */*password*/, - krb5_salt /*salt*/, - krb5_data /*opaque*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_keytype ( - krb5_context /*context*/, - const char */*string*/, - krb5_keytype */*keytype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_salttype ( - krb5_context /*context*/, - krb5_enctype /*etype*/, - const char */*string*/, - krb5_salttype */*salttype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ticket_get_authorization_data_type ( - krb5_context /*context*/, - krb5_ticket */*ticket*/, - int /*type*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ticket_get_client ( - krb5_context /*context*/, - const krb5_ticket */*ticket*/, - krb5_principal */*client*/); - -time_t KRB5_LIB_FUNCTION -krb5_ticket_get_endtime ( - krb5_context /*context*/, - const krb5_ticket */*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ticket_get_server ( - krb5_context /*context*/, - const krb5_ticket */*ticket*/, - krb5_principal */*server*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_timeofday ( - krb5_context /*context*/, - krb5_timestamp */*timeret*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name ( - krb5_context /*context*/, - krb5_const_principal /*principal*/, - char **/*name*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_fixed ( - krb5_context /*context*/, - krb5_const_principal /*principal*/, - char */*name*/, - size_t /*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_fixed_flags ( - krb5_context /*context*/, - krb5_const_principal /*principal*/, - int /*flags*/, - char */*name*/, - size_t /*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_fixed_short ( - krb5_context /*context*/, - krb5_const_principal /*principal*/, - char */*name*/, - size_t /*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_flags ( - krb5_context /*context*/, - krb5_const_principal /*principal*/, - int /*flags*/, - char **/*name*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_short ( - krb5_context /*context*/, - krb5_const_principal /*principal*/, - char **/*name*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_us_timeofday ( - krb5_context /*context*/, - krb5_timestamp */*sec*/, - int32_t */*usec*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_vabort ( - krb5_context /*context*/, - krb5_error_code /*code*/, - const char */*fmt*/, - va_list /*ap*/) - __attribute__ ((noreturn, format (printf, 3, 0))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_vabortx ( - krb5_context /*context*/, - const char */*fmt*/, - va_list /*ap*/) - __attribute__ ((noreturn, format (printf, 2, 0))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_ap_req ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - krb5_ap_req */*ap_req*/, - krb5_const_principal /*server*/, - krb5_keyblock */*keyblock*/, - krb5_flags /*flags*/, - krb5_flags */*ap_req_options*/, - krb5_ticket **/*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_ap_req2 ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - krb5_ap_req */*ap_req*/, - krb5_const_principal /*server*/, - krb5_keyblock */*keyblock*/, - krb5_flags /*flags*/, - krb5_flags */*ap_req_options*/, - krb5_ticket **/*ticket*/, - krb5_key_usage /*usage*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_authenticator_checksum ( - krb5_context /*context*/, - krb5_auth_context /*ac*/, - void */*data*/, - size_t /*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_checksum ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - krb5_key_usage /*usage*/, - void */*data*/, - size_t /*len*/, - Checksum */*cksum*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_init_creds ( - krb5_context /*context*/, - krb5_creds */*creds*/, - krb5_principal /*ap_req_server*/, - krb5_keytab /*ap_req_keytab*/, - krb5_ccache */*ccache*/, - krb5_verify_init_creds_opt */*options*/); - -void KRB5_LIB_FUNCTION -krb5_verify_init_creds_opt_init (krb5_verify_init_creds_opt */*options*/); - -void KRB5_LIB_FUNCTION -krb5_verify_init_creds_opt_set_ap_req_nofail ( - krb5_verify_init_creds_opt */*options*/, - int /*ap_req_nofail*/); - -int KRB5_LIB_FUNCTION -krb5_verify_opt_alloc ( - krb5_context /*context*/, - krb5_verify_opt **/*opt*/); - -void KRB5_LIB_FUNCTION -krb5_verify_opt_free (krb5_verify_opt */*opt*/); - -void KRB5_LIB_FUNCTION -krb5_verify_opt_init (krb5_verify_opt */*opt*/); - -void KRB5_LIB_FUNCTION -krb5_verify_opt_set_ccache ( - krb5_verify_opt */*opt*/, - krb5_ccache /*ccache*/); - -void KRB5_LIB_FUNCTION -krb5_verify_opt_set_flags ( - krb5_verify_opt */*opt*/, - unsigned int /*flags*/); - -void KRB5_LIB_FUNCTION -krb5_verify_opt_set_keytab ( - krb5_verify_opt */*opt*/, - krb5_keytab /*keytab*/); - -void KRB5_LIB_FUNCTION -krb5_verify_opt_set_secure ( - krb5_verify_opt */*opt*/, - krb5_boolean /*secure*/); - -void KRB5_LIB_FUNCTION -krb5_verify_opt_set_service ( - krb5_verify_opt */*opt*/, - const char */*service*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_user ( - krb5_context /*context*/, - krb5_principal /*principal*/, - krb5_ccache /*ccache*/, - const char */*password*/, - krb5_boolean /*secure*/, - const char */*service*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_user_lrealm ( - krb5_context /*context*/, - krb5_principal /*principal*/, - krb5_ccache /*ccache*/, - const char */*password*/, - krb5_boolean /*secure*/, - const char */*service*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_user_opt ( - krb5_context /*context*/, - krb5_principal /*principal*/, - const char */*password*/, - krb5_verify_opt */*opt*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verr ( - krb5_context /*context*/, - int /*eval*/, - krb5_error_code /*code*/, - const char */*fmt*/, - va_list /*ap*/) - __attribute__ ((noreturn, format (printf, 4, 0))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verrx ( - krb5_context /*context*/, - int /*eval*/, - const char */*fmt*/, - va_list /*ap*/) - __attribute__ ((noreturn, format (printf, 3, 0))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_vlog ( - krb5_context /*context*/, - krb5_log_facility */*fac*/, - int /*level*/, - const char */*fmt*/, - va_list /*ap*/) - __attribute__((format (printf, 4, 0))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_vlog_msg ( - krb5_context /*context*/, - krb5_log_facility */*fac*/, - char **/*reply*/, - int /*level*/, - const char */*fmt*/, - va_list /*ap*/) - __attribute__((format (printf, 5, 0))); - -void KRB5_LIB_FUNCTION -krb5_vset_error_message ( - krb5_context /*context*/, - krb5_error_code /*ret*/, - const char */*fmt*/, - va_list /*args*/) - __attribute__ ((format (printf, 3, 0))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_vset_error_string ( - krb5_context /*context*/, - const char */*fmt*/, - va_list args) __attribute__ ((format (printf, 2, 0))) - __attribute__((deprecated)); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_vwarn ( - krb5_context /*context*/, - krb5_error_code /*code*/, - const char */*fmt*/, - va_list /*ap*/) - __attribute__ ((format (printf, 3, 0))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_vwarnx ( - krb5_context /*context*/, - const char */*fmt*/, - va_list /*ap*/) - __attribute__ ((format (printf, 2, 0))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_warn ( - krb5_context /*context*/, - krb5_error_code /*code*/, - const char */*fmt*/, - ...) - __attribute__ ((format (printf, 3, 4))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_warnx ( - krb5_context /*context*/, - const char */*fmt*/, - ...) - __attribute__ ((format (printf, 2, 3))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_write_message ( - krb5_context /*context*/, - krb5_pointer /*p_fd*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_write_priv_message ( - krb5_context /*context*/, - krb5_auth_context /*ac*/, - krb5_pointer /*p_fd*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_write_safe_message ( - krb5_context /*context*/, - krb5_auth_context /*ac*/, - krb5_pointer /*p_fd*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_xfree (void */*ptr*/); - -void KRB5_LIB_FUNCTION - __attribute__((deprecated)) krb5_free_error_string(krb5_context context, char *str); - -#ifdef __cplusplus -} -#endif - -#endif /* __krb5_protos_h__ */ diff --git a/source4/heimdal/lib/ntlm/heimntlm-protos.h b/source4/heimdal/lib/ntlm/heimntlm-protos.h deleted file mode 100644 index bc64791b43..0000000000 --- a/source4/heimdal/lib/ntlm/heimntlm-protos.h +++ /dev/null @@ -1,131 +0,0 @@ -/* This is a generated file */ -#ifndef __heimntlm_protos_h__ -#define __heimntlm_protos_h__ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -int -heim_ntlm_build_ntlm1_master ( - void */*key*/, - size_t /*len*/, - struct ntlm_buf */*session*/, - struct ntlm_buf */*master*/); - -int -heim_ntlm_calculate_ntlm1 ( - void */*key*/, - size_t /*len*/, - unsigned char challange[8], - struct ntlm_buf */*answer*/); - -int -heim_ntlm_calculate_ntlm2 ( - const void */*key*/, - size_t /*len*/, - const char */*username*/, - const char */*target*/, - const unsigned char serverchallange[8], - const struct ntlm_buf */*infotarget*/, - unsigned char ntlmv2[16], - struct ntlm_buf */*answer*/); - -int -heim_ntlm_calculate_ntlm2_sess ( - const unsigned char clnt_nonce[8], - const unsigned char svr_chal[8], - const unsigned char ntlm_hash[16], - struct ntlm_buf */*lm*/, - struct ntlm_buf */*ntlm*/); - -int -heim_ntlm_decode_targetinfo ( - const struct ntlm_buf */*data*/, - int /*ucs2*/, - struct ntlm_targetinfo */*ti*/); - -int -heim_ntlm_decode_type1 ( - const struct ntlm_buf */*buf*/, - struct ntlm_type1 */*data*/); - -int -heim_ntlm_decode_type2 ( - const struct ntlm_buf */*buf*/, - struct ntlm_type2 */*type2*/); - -int -heim_ntlm_decode_type3 ( - const struct ntlm_buf */*buf*/, - int /*ucs2*/, - struct ntlm_type3 */*type3*/); - -int -heim_ntlm_encode_targetinfo ( - const struct ntlm_targetinfo */*ti*/, - int /*ucs2*/, - struct ntlm_buf */*data*/); - -int -heim_ntlm_encode_type1 ( - const struct ntlm_type1 */*type1*/, - struct ntlm_buf */*data*/); - -int -heim_ntlm_encode_type2 ( - const struct ntlm_type2 */*type2*/, - struct ntlm_buf */*data*/); - -int -heim_ntlm_encode_type3 ( - const struct ntlm_type3 */*type3*/, - struct ntlm_buf */*data*/); - -void -heim_ntlm_free_buf (struct ntlm_buf */*p*/); - -void -heim_ntlm_free_targetinfo (struct ntlm_targetinfo */*ti*/); - -void -heim_ntlm_free_type1 (struct ntlm_type1 */*data*/); - -void -heim_ntlm_free_type2 (struct ntlm_type2 */*data*/); - -void -heim_ntlm_free_type3 (struct ntlm_type3 */*data*/); - -int -heim_ntlm_nt_key ( - const char */*password*/, - struct ntlm_buf */*key*/); - -void -heim_ntlm_ntlmv2_key ( - const void */*key*/, - size_t /*len*/, - const char */*username*/, - const char */*target*/, - unsigned char ntlmv2[16]); - -int -heim_ntlm_verify_ntlm2 ( - const void */*key*/, - size_t /*len*/, - const char */*username*/, - const char */*target*/, - time_t /*now*/, - const unsigned char serverchallange[8], - const struct ntlm_buf */*answer*/, - struct ntlm_buf */*infotarget*/, - unsigned char ntlmv2[16]); - -#ifdef __cplusplus -} -#endif - -#endif /* __heimntlm_protos_h__ */ -- cgit From 243321b4bbe273cf3a9105ca132caa2b53e2f263 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 26 Aug 2008 19:35:52 +0200 Subject: heimdal: import heimdal's trunk svn rev 23697 + lorikeet-heimdal patches This is based on f56a3b1846c7d462542f2e9527f4d0ed8a34748d in my heimdal-wip repo. metze (This used to be commit 467a1f2163a63cdf1a4c83a69473db50e8794f53) --- source4/heimdal/README | 4 +- source4/heimdal/cf/check-var.m4 | 2 +- source4/heimdal/cf/find-func-no-libs.m4 | 2 +- source4/heimdal/cf/find-func-no-libs2.m4 | 2 +- source4/heimdal/cf/find-func.m4 | 2 +- source4/heimdal/cf/make-proto.pl | 2 +- source4/heimdal/cf/resolv.m4 | 2 +- source4/heimdal/kdc/524.c | 2 +- source4/heimdal/kdc/default_config.c | 2 +- source4/heimdal/kdc/digest.c | 2 +- source4/heimdal/kdc/headers.h | 2 +- source4/heimdal/kdc/kaserver.c | 2 +- source4/heimdal/kdc/kdc.h | 2 +- source4/heimdal/kdc/kdc_locl.h | 2 +- source4/heimdal/kdc/kerberos4.c | 23 +- source4/heimdal/kdc/kerberos5.c | 23 +- source4/heimdal/kdc/krb5tgs.c | 26 +- source4/heimdal/kdc/kx509.c | 2 +- source4/heimdal/kdc/log.c | 2 +- source4/heimdal/kdc/misc.c | 2 +- source4/heimdal/kdc/pkinit.c | 2 +- source4/heimdal/kdc/process.c | 8 +- source4/heimdal/kdc/rx.h | 2 +- source4/heimdal/kdc/windc.c | 2 +- source4/heimdal/kdc/windc_plugin.h | 2 +- source4/heimdal/kuser/kinit.c | 16 +- source4/heimdal/kuser/kuser_locl.h | 2 +- source4/heimdal/lib/asn1/CMS.asn1 | 2 +- source4/heimdal/lib/asn1/asn1-common.h | 2 +- source4/heimdal/lib/asn1/asn1_err.et | 2 +- source4/heimdal/lib/asn1/asn1_gen.c | 2 +- source4/heimdal/lib/asn1/asn1_queue.h | 2 +- source4/heimdal/lib/asn1/canthandle.asn1 | 2 +- source4/heimdal/lib/asn1/der.c | 2 +- source4/heimdal/lib/asn1/der.h | 2 +- source4/heimdal/lib/asn1/der_cmp.c | 0 source4/heimdal/lib/asn1/der_copy.c | 2 +- source4/heimdal/lib/asn1/der_format.c | 2 +- source4/heimdal/lib/asn1/der_free.c | 2 +- source4/heimdal/lib/asn1/der_get.c | 2 +- source4/heimdal/lib/asn1/der_length.c | 2 +- source4/heimdal/lib/asn1/der_locl.h | 2 +- source4/heimdal/lib/asn1/der_put.c | 2 +- source4/heimdal/lib/asn1/digest.asn1 | 2 +- source4/heimdal/lib/asn1/extra.c | 2 +- source4/heimdal/lib/asn1/gen.c | 2 +- source4/heimdal/lib/asn1/gen_copy.c | 2 +- source4/heimdal/lib/asn1/gen_decode.c | 2 +- source4/heimdal/lib/asn1/gen_encode.c | 2 +- source4/heimdal/lib/asn1/gen_free.c | 2 +- source4/heimdal/lib/asn1/gen_glue.c | 2 +- source4/heimdal/lib/asn1/gen_length.c | 2 +- source4/heimdal/lib/asn1/gen_locl.h | 2 +- source4/heimdal/lib/asn1/gen_seq.c | 2 +- source4/heimdal/lib/asn1/hash.c | 2 +- source4/heimdal/lib/asn1/hash.h | 2 +- source4/heimdal/lib/asn1/k5.asn1 | 6 +- source4/heimdal/lib/asn1/kx509.asn1 | 2 +- source4/heimdal/lib/asn1/lex.c | 2 +- source4/heimdal/lib/asn1/lex.h | 2 +- source4/heimdal/lib/asn1/lex.l | 2 +- source4/heimdal/lib/asn1/main.c | 2 +- source4/heimdal/lib/asn1/parse.c | 186 +-- source4/heimdal/lib/asn1/parse.h | 4 +- source4/heimdal/lib/asn1/parse.y | 4 +- source4/heimdal/lib/asn1/pkcs12.asn1 | 2 +- source4/heimdal/lib/asn1/pkcs8.asn1 | 2 +- source4/heimdal/lib/asn1/pkcs9.asn1 | 2 +- source4/heimdal/lib/asn1/symbol.c | 2 +- source4/heimdal/lib/asn1/symbol.h | 2 +- source4/heimdal/lib/asn1/test.asn1 | 2 +- source4/heimdal/lib/asn1/test.gen | 2 +- source4/heimdal/lib/asn1/timegm.c | 2 +- source4/heimdal/lib/com_err/com_err.c | 2 +- source4/heimdal/lib/com_err/com_err.h | 2 +- source4/heimdal/lib/com_err/com_right.h | 2 +- source4/heimdal/lib/com_err/compile_et.c | 2 +- source4/heimdal/lib/com_err/compile_et.h | 2 +- source4/heimdal/lib/com_err/error.c | 2 +- source4/heimdal/lib/com_err/lex.c | 2 +- source4/heimdal/lib/com_err/lex.h | 2 +- source4/heimdal/lib/com_err/lex.l | 2 +- source4/heimdal/lib/com_err/parse.c | 30 +- source4/heimdal/lib/com_err/parse.h | 4 +- source4/heimdal/lib/com_err/parse.y | 2 +- source4/heimdal/lib/gssapi/gssapi/gssapi.h | 3 +- source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h | 2 +- source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h | 2 +- source4/heimdal/lib/gssapi/krb5/8003.c | 2 +- .../heimdal/lib/gssapi/krb5/accept_sec_context.c | 46 +- source4/heimdal/lib/gssapi/krb5/acquire_cred.c | 20 +- source4/heimdal/lib/gssapi/krb5/add_cred.c | 2 +- source4/heimdal/lib/gssapi/krb5/arcfour.c | 2 +- .../heimdal/lib/gssapi/krb5/canonicalize_name.c | 18 +- source4/heimdal/lib/gssapi/krb5/cfx.c | 2 +- source4/heimdal/lib/gssapi/krb5/cfx.h | 2 +- source4/heimdal/lib/gssapi/krb5/compare_name.c | 2 +- source4/heimdal/lib/gssapi/krb5/compat.c | 2 +- source4/heimdal/lib/gssapi/krb5/context_time.c | 2 +- source4/heimdal/lib/gssapi/krb5/copy_ccache.c | 2 +- source4/heimdal/lib/gssapi/krb5/decapsulate.c | 2 +- .../heimdal/lib/gssapi/krb5/delete_sec_context.c | 2 +- source4/heimdal/lib/gssapi/krb5/display_name.c | 2 +- source4/heimdal/lib/gssapi/krb5/display_status.c | 21 +- source4/heimdal/lib/gssapi/krb5/duplicate_name.c | 9 +- source4/heimdal/lib/gssapi/krb5/encapsulate.c | 2 +- source4/heimdal/lib/gssapi/krb5/export_name.c | 2 +- .../heimdal/lib/gssapi/krb5/export_sec_context.c | 2 +- source4/heimdal/lib/gssapi/krb5/external.c | 2 +- source4/heimdal/lib/gssapi/krb5/get_mic.c | 2 +- source4/heimdal/lib/gssapi/krb5/gkrb5_err.et | 2 +- source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h | 5 +- source4/heimdal/lib/gssapi/krb5/import_name.c | 75 +- .../heimdal/lib/gssapi/krb5/import_sec_context.c | 2 +- source4/heimdal/lib/gssapi/krb5/indicate_mechs.c | 2 +- source4/heimdal/lib/gssapi/krb5/init.c | 2 +- source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 79 +- source4/heimdal/lib/gssapi/krb5/inquire_context.c | 2 +- source4/heimdal/lib/gssapi/krb5/inquire_cred.c | 2 +- .../heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c | 2 +- .../heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c | 2 +- .../lib/gssapi/krb5/inquire_mechs_for_name.c | 2 +- .../lib/gssapi/krb5/inquire_names_for_mech.c | 2 +- .../lib/gssapi/krb5/inquire_sec_context_by_oid.c | 18 +- source4/heimdal/lib/gssapi/krb5/prf.c | 14 +- .../lib/gssapi/krb5/process_context_token.c | 2 +- source4/heimdal/lib/gssapi/krb5/release_buffer.c | 2 +- source4/heimdal/lib/gssapi/krb5/release_cred.c | 2 +- source4/heimdal/lib/gssapi/krb5/release_name.c | 2 +- source4/heimdal/lib/gssapi/krb5/sequence.c | 10 +- source4/heimdal/lib/gssapi/krb5/set_cred_option.c | 2 +- .../lib/gssapi/krb5/set_sec_context_option.c | 2 +- source4/heimdal/lib/gssapi/krb5/unwrap.c | 54 +- source4/heimdal/lib/gssapi/krb5/verify_mic.c | 2 +- source4/heimdal/lib/gssapi/krb5/wrap.c | 36 +- source4/heimdal/lib/gssapi/mech/context.c | 8 +- source4/heimdal/lib/gssapi/mech/context.h | 2 +- source4/heimdal/lib/gssapi/mech/cred.h | 2 +- .../lib/gssapi/mech/gss_accept_sec_context.c | 19 +- source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_add_cred.c | 2 +- .../lib/gssapi/mech/gss_add_oid_set_member.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_buffer_set.c | 2 +- .../lib/gssapi/mech/gss_canonicalize_name.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_compare_name.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_context_time.c | 2 +- .../lib/gssapi/mech/gss_create_empty_oid_set.c | 2 +- .../lib/gssapi/mech/gss_decapsulate_token.c | 2 +- .../lib/gssapi/mech/gss_delete_sec_context.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_display_name.c | 2 +- .../heimdal/lib/gssapi/mech/gss_display_status.c | 2 +- .../heimdal/lib/gssapi/mech/gss_duplicate_name.c | 2 +- .../heimdal/lib/gssapi/mech/gss_duplicate_oid.c | 2 +- .../lib/gssapi/mech/gss_encapsulate_token.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_export_name.c | 2 +- .../lib/gssapi/mech/gss_export_sec_context.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_get_mic.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_import_name.c | 2 +- .../lib/gssapi/mech/gss_import_sec_context.c | 2 +- .../heimdal/lib/gssapi/mech/gss_indicate_mechs.c | 2 +- .../heimdal/lib/gssapi/mech/gss_init_sec_context.c | 2 +- .../heimdal/lib/gssapi/mech/gss_inquire_context.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c | 2 +- .../lib/gssapi/mech/gss_inquire_cred_by_mech.c | 2 +- .../lib/gssapi/mech/gss_inquire_cred_by_oid.c | 2 +- .../lib/gssapi/mech/gss_inquire_mechs_for_name.c | 2 +- .../lib/gssapi/mech/gss_inquire_names_for_mech.c | 2 +- .../gssapi/mech/gss_inquire_sec_context_by_oid.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_krb5.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 4 +- source4/heimdal/lib/gssapi/mech/gss_names.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_oid_equal.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c | 2 +- .../lib/gssapi/mech/gss_process_context_token.c | 2 +- .../heimdal/lib/gssapi/mech/gss_pseudo_random.c | 4 +- .../heimdal/lib/gssapi/mech/gss_release_buffer.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_release_cred.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_release_name.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_release_oid.c | 2 +- .../heimdal/lib/gssapi/mech/gss_release_oid_set.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_seal.c | 2 +- .../heimdal/lib/gssapi/mech/gss_set_cred_option.c | 2 +- .../lib/gssapi/mech/gss_set_sec_context_option.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_sign.c | 2 +- .../lib/gssapi/mech/gss_test_oid_set_member.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_unseal.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_unwrap.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_utils.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_verify.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_verify_mic.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_wrap.c | 2 +- .../heimdal/lib/gssapi/mech/gss_wrap_size_limit.c | 2 +- source4/heimdal/lib/gssapi/mech/gssapi.asn1 | 2 +- source4/heimdal/lib/gssapi/mech/mech_locl.h | 2 +- source4/heimdal/lib/gssapi/mech/mech_switch.h | 2 +- source4/heimdal/lib/gssapi/mech/name.h | 2 +- source4/heimdal/lib/gssapi/mech/utils.h | 2 +- .../heimdal/lib/gssapi/spnego/accept_sec_context.c | 4 +- source4/heimdal/lib/gssapi/spnego/compat.c | 2 +- source4/heimdal/lib/gssapi/spnego/context_stubs.c | 2 +- source4/heimdal/lib/gssapi/spnego/cred_stubs.c | 2 +- source4/heimdal/lib/gssapi/spnego/external.c | 2 +- .../heimdal/lib/gssapi/spnego/init_sec_context.c | 2 +- source4/heimdal/lib/gssapi/spnego/spnego.asn1 | 2 +- source4/heimdal/lib/gssapi/spnego/spnego_locl.h | 2 +- source4/heimdal/lib/hcrypto/aes.c | 2 +- source4/heimdal/lib/hcrypto/aes.h | 2 +- source4/heimdal/lib/hcrypto/bn.c | 2 +- source4/heimdal/lib/hcrypto/bn.h | 2 +- source4/heimdal/lib/hcrypto/des.c | 2 +- source4/heimdal/lib/hcrypto/des.h | 2 +- source4/heimdal/lib/hcrypto/dh-imath.c | 2 +- source4/heimdal/lib/hcrypto/dh.c | 2 +- source4/heimdal/lib/hcrypto/dh.h | 2 +- source4/heimdal/lib/hcrypto/dsa.c | 2 +- source4/heimdal/lib/hcrypto/dsa.h | 2 +- source4/heimdal/lib/hcrypto/engine.c | 2 +- source4/heimdal/lib/hcrypto/engine.h | 2 +- source4/heimdal/lib/hcrypto/evp.c | 358 +++-- source4/heimdal/lib/hcrypto/evp.h | 56 +- source4/heimdal/lib/hcrypto/hash.h | 2 +- source4/heimdal/lib/hcrypto/hmac.h | 2 +- source4/heimdal/lib/hcrypto/imath/LICENSE | 2 +- source4/heimdal/lib/hcrypto/imath/imath.c | 283 ++-- source4/heimdal/lib/hcrypto/imath/imath.h | 53 +- source4/heimdal/lib/hcrypto/imath/iprime.c | 15 +- source4/heimdal/lib/hcrypto/imath/iprime.h | 6 +- source4/heimdal/lib/hcrypto/md2.c | 2 +- source4/heimdal/lib/hcrypto/md2.h | 2 +- source4/heimdal/lib/hcrypto/md4.c | 2 +- source4/heimdal/lib/hcrypto/md4.h | 2 +- source4/heimdal/lib/hcrypto/md5.c | 2 +- source4/heimdal/lib/hcrypto/md5.h | 2 +- source4/heimdal/lib/hcrypto/pkcs12.c | 2 +- source4/heimdal/lib/hcrypto/pkcs12.h | 2 +- source4/heimdal/lib/hcrypto/pkcs5.c | 2 +- source4/heimdal/lib/hcrypto/rand-egd.c | 2 +- source4/heimdal/lib/hcrypto/rand-fortuna.c | 2 +- source4/heimdal/lib/hcrypto/rand-unix.c | 2 +- source4/heimdal/lib/hcrypto/rand.c | 2 +- source4/heimdal/lib/hcrypto/rand.h | 2 +- source4/heimdal/lib/hcrypto/randi.h | 2 +- source4/heimdal/lib/hcrypto/rc2.c | 2 +- source4/heimdal/lib/hcrypto/rc2.h | 2 +- source4/heimdal/lib/hcrypto/rc4.c | 2 +- source4/heimdal/lib/hcrypto/rc4.h | 2 +- source4/heimdal/lib/hcrypto/rijndael-alg-fst.c | 2 +- source4/heimdal/lib/hcrypto/rnd_keys.c | 2 +- source4/heimdal/lib/hcrypto/rsa-imath.c | 2 +- source4/heimdal/lib/hcrypto/rsa.c | 2 +- source4/heimdal/lib/hcrypto/rsa.h | 2 +- source4/heimdal/lib/hcrypto/sha.c | 2 +- source4/heimdal/lib/hcrypto/sha.h | 2 +- source4/heimdal/lib/hcrypto/sha256.c | 2 +- source4/heimdal/lib/hcrypto/ui.c | 2 +- source4/heimdal/lib/hcrypto/ui.h | 2 +- source4/heimdal/lib/hdb/db.c | 2 +- source4/heimdal/lib/hdb/dbinfo.c | 2 +- source4/heimdal/lib/hdb/ext.c | 2 +- source4/heimdal/lib/hdb/hdb.asn1 | 2 +- source4/heimdal/lib/hdb/hdb.c | 5 +- source4/heimdal/lib/hdb/hdb.h | 2 +- source4/heimdal/lib/hdb/hdb_err.et | 2 +- source4/heimdal/lib/hdb/hdb_locl.h | 9 +- source4/heimdal/lib/hdb/keys.c | 18 +- source4/heimdal/lib/hdb/keytab.c | 2 +- source4/heimdal/lib/hdb/mkey.c | 2 +- source4/heimdal/lib/hdb/ndbm.c | 2 +- source4/heimdal/lib/hx509/ca.c | 2 +- source4/heimdal/lib/hx509/cert.c | 2 +- source4/heimdal/lib/hx509/cms.c | 2 +- source4/heimdal/lib/hx509/collector.c | 2 +- source4/heimdal/lib/hx509/crmf.asn1 | 2 +- source4/heimdal/lib/hx509/crypto.c | 2 +- source4/heimdal/lib/hx509/env.c | 2 +- source4/heimdal/lib/hx509/error.c | 2 +- source4/heimdal/lib/hx509/hx509.h | 2 +- source4/heimdal/lib/hx509/hx509_err.et | 2 +- source4/heimdal/lib/hx509/hx_locl.h | 3 +- source4/heimdal/lib/hx509/keyset.c | 2 +- source4/heimdal/lib/hx509/ks_dir.c | 2 +- source4/heimdal/lib/hx509/ks_file.c | 2 +- source4/heimdal/lib/hx509/ks_keychain.c | 2 +- source4/heimdal/lib/hx509/ks_mem.c | 4 +- source4/heimdal/lib/hx509/ks_null.c | 2 +- source4/heimdal/lib/hx509/ks_p11.c | 13 +- source4/heimdal/lib/hx509/ks_p12.c | 2 +- source4/heimdal/lib/hx509/lock.c | 2 +- source4/heimdal/lib/hx509/name.c | 2 +- source4/heimdal/lib/hx509/ocsp.asn1 | 2 +- source4/heimdal/lib/hx509/peer.c | 2 +- source4/heimdal/lib/hx509/pkcs10.asn1 | 2 +- source4/heimdal/lib/hx509/print.c | 2 +- source4/heimdal/lib/hx509/req.c | 2 +- source4/heimdal/lib/hx509/revoke.c | 9 +- source4/heimdal/lib/hx509/test_name.c | 2 +- source4/heimdal/lib/krb5/acache.c | 2 +- source4/heimdal/lib/krb5/add_et_list.c | 2 +- source4/heimdal/lib/krb5/addr_families.c | 2 +- source4/heimdal/lib/krb5/appdefault.c | 2 +- source4/heimdal/lib/krb5/asn1_glue.c | 2 +- source4/heimdal/lib/krb5/auth_context.c | 2 +- source4/heimdal/lib/krb5/build_ap_req.c | 2 +- source4/heimdal/lib/krb5/build_auth.c | 2 +- source4/heimdal/lib/krb5/cache.c | 2 +- source4/heimdal/lib/krb5/changepw.c | 4 +- source4/heimdal/lib/krb5/codec.c | 2 +- source4/heimdal/lib/krb5/config_file.c | 2 +- source4/heimdal/lib/krb5/config_file_netinfo.c | 2 +- source4/heimdal/lib/krb5/constants.c | 2 +- source4/heimdal/lib/krb5/context.c | 15 +- source4/heimdal/lib/krb5/convert_creds.c | 2 +- source4/heimdal/lib/krb5/copy_host_realm.c | 2 +- source4/heimdal/lib/krb5/crc.c | 2 +- source4/heimdal/lib/krb5/creds.c | 2 +- source4/heimdal/lib/krb5/crypto.c | 1607 +++++++++++--------- source4/heimdal/lib/krb5/data.c | 2 +- source4/heimdal/lib/krb5/eai_to_heim_errno.c | 2 +- source4/heimdal/lib/krb5/error_string.c | 24 +- source4/heimdal/lib/krb5/expand_hostname.c | 2 +- source4/heimdal/lib/krb5/fcache.c | 12 +- source4/heimdal/lib/krb5/free.c | 2 +- source4/heimdal/lib/krb5/free_host_realm.c | 2 +- source4/heimdal/lib/krb5/generate_seq_number.c | 2 +- source4/heimdal/lib/krb5/generate_subkey.c | 2 +- source4/heimdal/lib/krb5/get_cred.c | 2 +- source4/heimdal/lib/krb5/get_default_principal.c | 2 +- source4/heimdal/lib/krb5/get_default_realm.c | 2 +- source4/heimdal/lib/krb5/get_for_creds.c | 2 +- source4/heimdal/lib/krb5/get_host_realm.c | 2 +- source4/heimdal/lib/krb5/get_in_tkt.c | 5 +- source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c | 2 +- source4/heimdal/lib/krb5/get_port.c | 2 +- source4/heimdal/lib/krb5/heim_err.et | 2 +- source4/heimdal/lib/krb5/heim_threads.h | 2 +- source4/heimdal/lib/krb5/init_creds.c | 2 +- source4/heimdal/lib/krb5/init_creds_pw.c | 2 +- source4/heimdal/lib/krb5/k524_err.et | 2 +- source4/heimdal/lib/krb5/kcm.c | 4 +- source4/heimdal/lib/krb5/keyblock.c | 2 +- source4/heimdal/lib/krb5/keytab.c | 3 +- source4/heimdal/lib/krb5/keytab_any.c | 2 +- source4/heimdal/lib/krb5/keytab_file.c | 10 +- source4/heimdal/lib/krb5/keytab_keyfile.c | 8 +- source4/heimdal/lib/krb5/keytab_memory.c | 2 +- source4/heimdal/lib/krb5/krb5-v4compat.h | 2 +- source4/heimdal/lib/krb5/krb5.h | 24 +- source4/heimdal/lib/krb5/krb5_ccapi.h | 2 +- source4/heimdal/lib/krb5/krb5_err.et | 4 +- source4/heimdal/lib/krb5/krb5_locl.h | 12 +- source4/heimdal/lib/krb5/krbhst.c | 2 +- source4/heimdal/lib/krb5/locate_plugin.h | 2 +- source4/heimdal/lib/krb5/log.c | 6 +- source4/heimdal/lib/krb5/mcache.c | 2 +- source4/heimdal/lib/krb5/misc.c | 2 +- source4/heimdal/lib/krb5/mit_glue.c | 2 +- source4/heimdal/lib/krb5/mk_error.c | 2 +- source4/heimdal/lib/krb5/mk_priv.c | 2 +- source4/heimdal/lib/krb5/mk_rep.c | 2 +- source4/heimdal/lib/krb5/mk_req.c | 2 +- source4/heimdal/lib/krb5/mk_req_ext.c | 2 +- source4/heimdal/lib/krb5/n-fold.c | 2 +- source4/heimdal/lib/krb5/pac.c | 4 +- source4/heimdal/lib/krb5/padata.c | 2 +- source4/heimdal/lib/krb5/pkinit.c | 4 +- source4/heimdal/lib/krb5/plugin.c | 2 +- source4/heimdal/lib/krb5/principal.c | 11 +- source4/heimdal/lib/krb5/prompter_posix.c | 2 +- source4/heimdal/lib/krb5/rd_cred.c | 2 +- source4/heimdal/lib/krb5/rd_error.c | 2 +- source4/heimdal/lib/krb5/rd_priv.c | 21 +- source4/heimdal/lib/krb5/rd_rep.c | 2 +- source4/heimdal/lib/krb5/rd_req.c | 2 +- source4/heimdal/lib/krb5/replay.c | 2 +- source4/heimdal/lib/krb5/send_to_kdc.c | 6 +- source4/heimdal/lib/krb5/set_default_realm.c | 2 +- source4/heimdal/lib/krb5/store.c | 2 +- source4/heimdal/lib/krb5/store_emem.c | 2 +- source4/heimdal/lib/krb5/store_fd.c | 2 +- source4/heimdal/lib/krb5/store_mem.c | 2 +- source4/heimdal/lib/krb5/ticket.c | 2 +- source4/heimdal/lib/krb5/time.c | 2 +- source4/heimdal/lib/krb5/transited.c | 2 +- source4/heimdal/lib/krb5/v4_glue.c | 6 +- source4/heimdal/lib/krb5/version.c | 2 +- source4/heimdal/lib/krb5/warn.c | 2 +- source4/heimdal/lib/ntlm/heimntlm.h | 2 +- source4/heimdal/lib/ntlm/ntlm.c | 8 +- source4/heimdal/lib/roken/base64.c | 4 +- source4/heimdal/lib/roken/base64.h | 2 +- source4/heimdal/lib/roken/bswap.c | 4 +- source4/heimdal/lib/roken/cloexec.c | 2 +- source4/heimdal/lib/roken/closefrom.c | 4 +- source4/heimdal/lib/roken/copyhostent.c | 4 +- source4/heimdal/lib/roken/dumpdata.c | 4 +- source4/heimdal/lib/roken/ecalloc.c | 4 +- source4/heimdal/lib/roken/emalloc.c | 4 +- source4/heimdal/lib/roken/erealloc.c | 4 +- source4/heimdal/lib/roken/err.hin | 2 +- source4/heimdal/lib/roken/estrdup.c | 4 +- source4/heimdal/lib/roken/freeaddrinfo.c | 4 +- source4/heimdal/lib/roken/freehostent.c | 4 +- source4/heimdal/lib/roken/gai_strerror.c | 4 +- source4/heimdal/lib/roken/get_window_size.c | 4 +- source4/heimdal/lib/roken/getaddrinfo.c | 4 +- source4/heimdal/lib/roken/getarg.c | 6 +- source4/heimdal/lib/roken/getarg.h | 2 +- source4/heimdal/lib/roken/getipnodebyaddr.c | 4 +- source4/heimdal/lib/roken/getipnodebyname.c | 4 +- source4/heimdal/lib/roken/getnameinfo.c | 4 +- source4/heimdal/lib/roken/getprogname.c | 4 +- source4/heimdal/lib/roken/h_errno.c | 2 +- source4/heimdal/lib/roken/hex.c | 4 +- source4/heimdal/lib/roken/hex.h | 2 +- source4/heimdal/lib/roken/hostent_find_fqdn.c | 4 +- source4/heimdal/lib/roken/inet_aton.c | 4 +- source4/heimdal/lib/roken/inet_ntop.c | 4 +- source4/heimdal/lib/roken/inet_pton.c | 4 +- source4/heimdal/lib/roken/issuid.c | 4 +- source4/heimdal/lib/roken/net_read.c | 4 +- source4/heimdal/lib/roken/net_write.c | 4 +- source4/heimdal/lib/roken/parse_bytes.h | 2 +- source4/heimdal/lib/roken/parse_time.c | 2 +- source4/heimdal/lib/roken/parse_time.h | 2 +- source4/heimdal/lib/roken/parse_units.c | 6 +- source4/heimdal/lib/roken/parse_units.h | 2 +- source4/heimdal/lib/roken/resolve.c | 4 +- source4/heimdal/lib/roken/resolve.h | 2 +- source4/heimdal/lib/roken/roken-common.h | 2 +- source4/heimdal/lib/roken/roken.h.in | 2 +- source4/heimdal/lib/roken/roken_gethostby.c | 4 +- source4/heimdal/lib/roken/rtbl.c | 4 +- source4/heimdal/lib/roken/rtbl.h | 2 +- source4/heimdal/lib/roken/setprogname.c | 4 +- source4/heimdal/lib/roken/signal.c | 4 +- source4/heimdal/lib/roken/simple_exec.c | 4 +- source4/heimdal/lib/roken/socket.c | 4 +- source4/heimdal/lib/roken/strcollect.c | 4 +- source4/heimdal/lib/roken/strlwr.c | 4 +- source4/heimdal/lib/roken/strpool.c | 4 +- source4/heimdal/lib/roken/strsep.c | 4 +- source4/heimdal/lib/roken/strsep_copy.c | 4 +- source4/heimdal/lib/roken/strupr.c | 4 +- source4/heimdal/lib/roken/vis.c | 377 +++-- source4/heimdal/lib/roken/vis.hin | 32 +- source4/heimdal/lib/roken/xfree.c | 2 +- source4/heimdal/lib/vers/print_version.c | 2 +- source4/heimdal/lib/wind/UnicodeData.py | 2 +- source4/heimdal/lib/wind/gen-bidi.py | 2 +- source4/heimdal/lib/wind/gen-combining.py | 2 +- source4/heimdal/lib/wind/gen-errorlist.py | 2 +- source4/heimdal/lib/wind/gen-map.py | 2 +- source4/heimdal/lib/wind/gen-normalize.py | 2 +- source4/heimdal/lib/wind/generate.py | 2 +- source4/heimdal/lib/wind/map.c | 2 +- source4/heimdal/lib/wind/normalize.c | 2 +- source4/heimdal/lib/wind/rfc3454.py | 2 +- source4/heimdal/lib/wind/rfc4518.py | 2 +- source4/heimdal/lib/wind/stringprep.c | 2 +- source4/heimdal/lib/wind/stringprep.py | 2 +- source4/heimdal/lib/wind/utf8.c | 2 +- source4/heimdal/lib/wind/util.py | 2 +- source4/heimdal/lib/wind/wind.h | 2 +- source4/heimdal/lib/wind/wind_err.et | 2 +- source4/heimdal/lib/wind/windlocl.h | 2 +- 465 files changed, 2749 insertions(+), 1955 deletions(-) mode change 100755 => 100644 source4/heimdal/kdc/pkinit.c mode change 100755 => 100644 source4/heimdal/lib/asn1/der_cmp.c mode change 100755 => 100644 source4/heimdal/lib/gssapi/krb5/cfx.h mode change 100755 => 100644 source4/heimdal/lib/gssapi/krb5/sequence.c mode change 100755 => 100644 source4/heimdal/lib/hcrypto/imath/imath.c mode change 100755 => 100644 source4/heimdal/lib/hcrypto/imath/imath.h mode change 100755 => 100644 source4/heimdal/lib/hcrypto/imath/iprime.c mode change 100755 => 100644 source4/heimdal/lib/hcrypto/imath/iprime.h mode change 100755 => 100644 source4/heimdal/lib/krb5/heim_threads.h mode change 100755 => 100644 source4/heimdal/lib/krb5/mit_glue.c mode change 100755 => 100644 source4/heimdal/lib/krb5/pkinit.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/README b/source4/heimdal/README index 88ab7fd121..3b938248fc 100644 --- a/source4/heimdal/README +++ b/source4/heimdal/README @@ -1,4 +1,4 @@ -$Id: README 8839 2000-07-27 02:33:54Z assar $ +$Id$ Heimdal is a Kerberos 5 implementation. @@ -10,7 +10,7 @@ Bug reports and bugs are appreciated, see more under Bug reports in the manual on how we prefer them. For more information see the web-page at - or the mailing lists: + or the mailing lists: heimdal-announce@sics.se low-volume announcement heimdal-discuss@sics.se high-volume discussion diff --git a/source4/heimdal/cf/check-var.m4 b/source4/heimdal/cf/check-var.m4 index 1e6846593b..f81f3524c1 100644 --- a/source4/heimdal/cf/check-var.m4 +++ b/source4/heimdal/cf/check-var.m4 @@ -1,4 +1,4 @@ -dnl $Id: check-var.m4 15422 2005-06-16 18:59:29Z lha $ +dnl $Id$ dnl dnl rk_CHECK_VAR(variable, includes) AC_DEFUN([rk_CHECK_VAR], [ diff --git a/source4/heimdal/cf/find-func-no-libs.m4 b/source4/heimdal/cf/find-func-no-libs.m4 index 76965a84ee..f3413409f6 100644 --- a/source4/heimdal/cf/find-func-no-libs.m4 +++ b/source4/heimdal/cf/find-func-no-libs.m4 @@ -1,4 +1,4 @@ -dnl $Id: find-func-no-libs.m4 13338 2004-02-12 14:21:14Z lha $ +dnl $Id$ dnl dnl dnl Look for function in any of the specified libraries diff --git a/source4/heimdal/cf/find-func-no-libs2.m4 b/source4/heimdal/cf/find-func-no-libs2.m4 index 617a09e8da..692001c103 100644 --- a/source4/heimdal/cf/find-func-no-libs2.m4 +++ b/source4/heimdal/cf/find-func-no-libs2.m4 @@ -1,4 +1,4 @@ -dnl $Id: find-func-no-libs2.m4 14166 2004-08-26 12:35:42Z joda $ +dnl $Id$ dnl dnl dnl Look for function in any of the specified libraries diff --git a/source4/heimdal/cf/find-func.m4 b/source4/heimdal/cf/find-func.m4 index 2354f38e5e..865772a700 100644 --- a/source4/heimdal/cf/find-func.m4 +++ b/source4/heimdal/cf/find-func.m4 @@ -1,4 +1,4 @@ -dnl $Id: find-func.m4 13338 2004-02-12 14:21:14Z lha $ +dnl $Id$ dnl dnl AC_FIND_FUNC(func, libraries, includes, arguments) AC_DEFUN([AC_FIND_FUNC], [ diff --git a/source4/heimdal/cf/make-proto.pl b/source4/heimdal/cf/make-proto.pl index 8c7b54ae78..b89ef79067 100644 --- a/source4/heimdal/cf/make-proto.pl +++ b/source4/heimdal/cf/make-proto.pl @@ -1,5 +1,5 @@ # Make prototypes from .c files -# $Id: make-proto.pl 23023 2008-04-17 10:01:46Z lha $ +# $Id$ ##use Getopt::Std; require 'getopts.pl'; diff --git a/source4/heimdal/cf/resolv.m4 b/source4/heimdal/cf/resolv.m4 index 8bb5e4ecbb..b4045094d8 100644 --- a/source4/heimdal/cf/resolv.m4 +++ b/source4/heimdal/cf/resolv.m4 @@ -1,6 +1,6 @@ dnl stuff used by DNS resolv code in roken dnl -dnl $Id: resolv.m4 16009 2005-09-02 10:17:38Z lha $ +dnl $Id$ dnl AC_DEFUN([rk_RESOLV],[ diff --git a/source4/heimdal/kdc/524.c b/source4/heimdal/kdc/524.c index 3e4ad29253..a46c9175b0 100644 --- a/source4/heimdal/kdc/524.c +++ b/source4/heimdal/kdc/524.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: 524.c 18270 2006-10-06 17:06:30Z lha $"); +RCSID("$Id$"); #include diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c index 33a2c297fa..87952ca6eb 100644 --- a/source4/heimdal/kdc/default_config.c +++ b/source4/heimdal/kdc/default_config.c @@ -36,7 +36,7 @@ #include #include -RCSID("$Id: default_config.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); krb5_error_code krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c index bf1e45b328..401ca1db11 100644 --- a/source4/heimdal/kdc/digest.c +++ b/source4/heimdal/kdc/digest.c @@ -34,7 +34,7 @@ #include "kdc_locl.h" #include -RCSID("$Id: digest.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); #define MS_CHAP_V2 0x20 #define CHAP_MD5 0x10 diff --git a/source4/heimdal/kdc/headers.h b/source4/heimdal/kdc/headers.h index 64f6b6e438..c2bd4c5b4f 100644 --- a/source4/heimdal/kdc/headers.h +++ b/source4/heimdal/kdc/headers.h @@ -32,7 +32,7 @@ */ /* - * $Id: headers.h 19658 2007-01-04 00:15:34Z lha $ + * $Id$ */ #ifndef __HEADERS_H__ diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c index 4f257d717e..8f3c3e02ea 100644 --- a/source4/heimdal/kdc/kaserver.c +++ b/source4/heimdal/kdc/kaserver.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kaserver.c 23110 2008-04-27 18:51:17Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source4/heimdal/kdc/kdc.h b/source4/heimdal/kdc/kdc.h index 6c129f38f5..f0edae721f 100644 --- a/source4/heimdal/kdc/kdc.h +++ b/source4/heimdal/kdc/kdc.h @@ -35,7 +35,7 @@ */ /* - * $Id: kdc.h 21287 2007-06-25 14:09:03Z lha $ + * $Id$ */ #ifndef __KDC_H__ diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h index fe0523665a..6ce4a9f40f 100644 --- a/source4/heimdal/kdc/kdc_locl.h +++ b/source4/heimdal/kdc/kdc_locl.h @@ -32,7 +32,7 @@ */ /* - * $Id: kdc_locl.h 22247 2007-12-08 23:49:41Z lha $ + * $Id$ */ #ifndef __KDC_LOCL_H__ diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c index cbba64945b..3e9a70057e 100644 --- a/source4/heimdal/kdc/kerberos4.c +++ b/source4/heimdal/kdc/kerberos4.c @@ -35,7 +35,7 @@ #include -RCSID("$Id: kerberos4.c 21577 2007-07-16 08:14:06Z lha $"); +RCSID("$Id$"); #ifndef swap32 static uint32_t @@ -134,7 +134,7 @@ _kdc_do_version4(krb5_context context, struct sockaddr_in *addr) { krb5_storage *sp; - krb5_error_code ret; + krb5_error_code ret = EINVAL; hdb_entry_ex *client = NULL, *server = NULL; Key *ckey, *skey; int8_t pvno; @@ -162,6 +162,7 @@ _kdc_do_version4(krb5_context context, kdc_log(context, config, 0, "Protocol version mismatch (krb4) (%d)", pvno); make_err_reply(context, reply, KRB4ET_KDC_PKT_VER, "protocol mismatch"); + ret = KRB4ET_KDC_PKT_VER; goto out; } RCHECK(krb5_ret_int8(sp, &msg_type), out); @@ -258,20 +259,6 @@ _kdc_do_version4(krb5_context context, goto out1; } -#if 0 - /* this is not necessary with the new code in libkrb */ - /* find a properly salted key */ - while(ckey->salt == NULL || ckey->salt->salt.length != 0) - ret = hdb_next_keytype2key(context, &client->entry, KEYTYPE_DES, &ckey); - if(ret){ - kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s", - name, inst, realm); - make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, - "No version-4 salted key in database"); - goto out1; - } -#endif - ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey); if(ret){ kdc_log(context, config, 0, "no suitable DES key for server"); @@ -624,12 +611,14 @@ _kdc_do_version4(krb5_context context, break; } case AUTH_MSG_ERR_REPLY: + ret = EINVAL; break; default: kdc_log(context, config, 0, "Unknown message type (krb4): %d from %s", msg_type, from); make_err_reply(context, reply, KFAILURE, "Unknown message type"); + ret = EINVAL; } out: if(name) @@ -647,7 +636,7 @@ _kdc_do_version4(krb5_context context, if(server) _kdc_free_ent(context, server); krb5_storage_free(sp); - return 0; + return ret; } krb5_error_code diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 2a2c48c233..7930ef42e4 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -84,6 +84,24 @@ _kdc_find_padata(const KDC_REQ *req, int *start, int type) return NULL; } +/* + * This is a hack to allow predefined weak services, like afs to + * still use weak types + */ + +krb5_boolean +_kdc_is_weak_expection(krb5_principal principal, krb5_enctype etype) +{ + if (principal->name.name_string.len > 0 && + strcmp(principal->name.name_string.val[0], "afs") == 0 && + (etype == ETYPE_DES_CBC_CRC + || etype == ETYPE_DES_CBC_MD4 + || etype == ETYPE_DES_CBC_MD5)) + return TRUE; + return FALSE; +} + + /* * Detect if `key' is the using the the precomputed `default_salt'. */ @@ -120,7 +138,8 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ, for(i = 0; ret != 0 && i < len ; i++) { Key *key = NULL; - if (krb5_enctype_valid(context, etypes[i]) != 0) + if (krb5_enctype_valid(context, etypes[i]) != 0 && + !_kdc_is_weak_expection(princ->entry.principal, etypes[i])) continue; while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) { diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 071a30d5a7..19dff5e01d 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: krb5tgs.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* * return the realm of a krbtgt-ticket or NULL @@ -662,6 +662,7 @@ tgs_make_reply(krb5_context context, krb5_kvno kvno, AuthorizationData *auth_data, hdb_entry_ex *server, + krb5_principal server_principal, const char *server_name, hdb_entry_ex *client, krb5_principal client_principal, @@ -678,6 +679,7 @@ tgs_make_reply(krb5_context context, EncTicketPart et; KDCOptions f = b->kdc_options; krb5_error_code ret; + int is_weak = 0; memset(&rep, 0, sizeof(rep)); memset(&et, 0, sizeof(et)); @@ -729,9 +731,9 @@ tgs_make_reply(krb5_context context, if(ret) goto out; - copy_Realm(krb5_princ_realm(context, server->entry.principal), + copy_Realm(krb5_princ_realm(context, server_principal), &rep.ticket.realm); - _krb5_principal2principalname(&rep.ticket.sname, server->entry.principal); + _krb5_principal2principalname(&rep.ticket.sname, server_principal); copy_Realm(&tgt_name->realm, &rep.crealm); /* if (f.request_anonymous) @@ -885,6 +887,14 @@ tgs_make_reply(krb5_context context, goto out; } + if (krb5_enctype_valid(context, et.key.keytype) != 0 + && _kdc_is_weak_expection(server->entry.principal, et.key.keytype)) + { + krb5_enctype_enable(context, et.key.keytype); + is_weak = 1; + } + + /* It is somewhat unclear where the etype in the following encryption should come from. What we have is a session key in the passed tgt, and a list of preferred etypes @@ -899,6 +909,9 @@ tgs_make_reply(krb5_context context, &rep, &et, &ek, et.key.keytype, kvno, serverkey, 0, &tgt->key, e_text, reply); + if (is_weak) + krb5_enctype_disable(context, et.key.keytype); + out: free_TGS_REP(&rep); free_TransitedEncoding(&et.transited); @@ -1462,7 +1475,8 @@ tgs_build_reply(krb5_context context, */ server_lookup: - ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER, NULL, &server); + ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER | HDB_F_CANON, + NULL, &server); if(ret){ const char *new_rlm; @@ -1521,7 +1535,8 @@ server_lookup: goto out; } - ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT, NULL, &client); + ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT | HDB_F_CANON, + NULL, &client); if(ret) { const char *krbtgt_realm; @@ -1927,6 +1942,7 @@ server_lookup: kvno, *auth_data, server, + sp, spn, client, cp, diff --git a/source4/heimdal/kdc/kx509.c b/source4/heimdal/kdc/kx509.c index 8f117cebc0..33991d1907 100644 --- a/source4/heimdal/kdc/kx509.c +++ b/source4/heimdal/kdc/kx509.c @@ -36,7 +36,7 @@ #include #include -RCSID("$Id: kx509.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* * diff --git a/source4/heimdal/kdc/log.c b/source4/heimdal/kdc/log.c index 8cf967fbfb..98b25b92db 100644 --- a/source4/heimdal/kdc/log.c +++ b/source4/heimdal/kdc/log.c @@ -32,7 +32,7 @@ */ #include "kdc_locl.h" -RCSID("$Id: log.c 22254 2007-12-09 06:01:05Z lha $"); +RCSID("$Id$"); void kdc_openlog(krb5_context context, diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c index 528b9e6a3b..0c64dd568e 100644 --- a/source4/heimdal/kdc/misc.c +++ b/source4/heimdal/kdc/misc.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: misc.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct timeval _kdc_now; diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c old mode 100755 new mode 100644 index 9f6d57f588..57767c4f48 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: pkinit.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); #ifdef PKINIT diff --git a/source4/heimdal/kdc/process.c b/source4/heimdal/kdc/process.c index 550bfb04b2..1a0c7c72ce 100644 --- a/source4/heimdal/kdc/process.c +++ b/source4/heimdal/kdc/process.c @@ -34,7 +34,7 @@ #include "kdc_locl.h" -RCSID("$Id: process.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* * @@ -100,9 +100,9 @@ krb5_kdc_process_request(krb5_context context, return ret; } else if(_kdc_maybe_version4(buf, len)){ *prependlength = FALSE; /* elbitapmoc sdrawkcab XXX */ - _kdc_do_version4(context, config, buf, len, reply, from, - (struct sockaddr_in*)addr); - return 0; + ret = _kdc_do_version4(context, config, buf, len, reply, from, + (struct sockaddr_in*)addr); + return ret; } else if (config->enable_kaserver) { ret = _kdc_do_kaserver(context, config, buf, len, reply, from, (struct sockaddr_in*)addr); diff --git a/source4/heimdal/kdc/rx.h b/source4/heimdal/kdc/rx.h index 18806d79da..a84e5ec5f5 100644 --- a/source4/heimdal/kdc/rx.h +++ b/source4/heimdal/kdc/rx.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: rx.h 17447 2006-05-05 10:52:01Z lha $ */ +/* $Id$ */ #ifndef __RX_H__ #define __RX_H__ diff --git a/source4/heimdal/kdc/windc.c b/source4/heimdal/kdc/windc.c index 621757f6dc..e057a3e6fb 100644 --- a/source4/heimdal/kdc/windc.c +++ b/source4/heimdal/kdc/windc.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: windc.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); static krb5plugin_windc_ftable *windcft; static void *windcctx; diff --git a/source4/heimdal/kdc/windc_plugin.h b/source4/heimdal/kdc/windc_plugin.h index 44aab9e22b..3780258ad0 100644 --- a/source4/heimdal/kdc/windc_plugin.h +++ b/source4/heimdal/kdc/windc_plugin.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: windc_plugin.h 22693 2008-03-19 08:57:49Z lha $ */ +/* $Id$ */ #ifndef HEIMDAL_KRB5_PAC_PLUGIN_H #define HEIMDAL_KRB5_PAC_PLUGIN_H 1 diff --git a/source4/heimdal/kuser/kinit.c b/source4/heimdal/kuser/kinit.c index 0e03dc4d37..7880c9e010 100644 --- a/source4/heimdal/kuser/kinit.c +++ b/source4/heimdal/kuser/kinit.c @@ -32,7 +32,7 @@ */ #include "kuser_locl.h" -RCSID("$Id: kinit.c 23418 2008-07-26 18:36:48Z lha $"); +RCSID("$Id$"); #include "krb5-v4compat.h" @@ -67,6 +67,7 @@ char *pk_x509_anchors = NULL; int pk_use_enckey = 0; static int canonicalize_flag = 0; static int ok_as_delegate_flag = 0; +static int use_referrals_flag = 0; static int windows_flag = 0; static char *ntlm_domain; @@ -166,6 +167,9 @@ static struct getargs args[] = { { "ok-as-delegate", 0, arg_flag, &ok_as_delegate_flag, "honor ok-as-delegate on tickets" }, + { "use-referrals", 0, arg_flag, &use_referrals_flag, + "only use referrals, no dns canalisation" }, + { "windows", 0, arg_flag, &windows_flag, "get windows behavior" }, @@ -597,11 +601,17 @@ get_new_tickets(krb5_context context, if (ntlm_domain && ntlmkey.data) store_ntlmkey(context, ccache, ntlm_domain, &ntlmkey); - if (ok_as_delegate_flag || windows_flag) { + if (ok_as_delegate_flag || windows_flag || use_referrals_flag) { + unsigned char d = 0; krb5_data data; + if (ok_as_delegate_flag || windows_flag) + d |= 1; + if (use_referrals_flag || windows_flag) + d |= 2; + data.length = 1; - data.data = "\x01"; + data.data = &d; krb5_cc_set_config(context, ccache, NULL, "realm-config", &data); } diff --git a/source4/heimdal/kuser/kuser_locl.h b/source4/heimdal/kuser/kuser_locl.h index 36ea01a9a5..ad48a0c99c 100644 --- a/source4/heimdal/kuser/kuser_locl.h +++ b/source4/heimdal/kuser/kuser_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: kuser_locl.h 20458 2007-04-19 20:41:27Z lha $ */ +/* $Id$ */ #ifndef __KUSER_LOCL_H__ #define __KUSER_LOCL_H__ diff --git a/source4/heimdal/lib/asn1/CMS.asn1 b/source4/heimdal/lib/asn1/CMS.asn1 index 685f0b1898..65a467521d 100644 --- a/source4/heimdal/lib/asn1/CMS.asn1 +++ b/source4/heimdal/lib/asn1/CMS.asn1 @@ -1,5 +1,5 @@ -- From RFC 3369 -- --- $Id: CMS.asn1 18054 2006-09-07 12:20:42Z lha $ -- +-- $Id$ -- CMS DEFINITIONS ::= BEGIN diff --git a/source4/heimdal/lib/asn1/asn1-common.h b/source4/heimdal/lib/asn1/asn1-common.h index 5789e0f22d..4c6af8b45e 100644 --- a/source4/heimdal/lib/asn1/asn1-common.h +++ b/source4/heimdal/lib/asn1/asn1-common.h @@ -1,4 +1,4 @@ -/* $Id: asn1-common.h 22429 2008-01-13 10:25:50Z lha $ */ +/* $Id$ */ #include #include diff --git a/source4/heimdal/lib/asn1/asn1_err.et b/source4/heimdal/lib/asn1/asn1_err.et index c624e218e7..26bda55c19 100644 --- a/source4/heimdal/lib/asn1/asn1_err.et +++ b/source4/heimdal/lib/asn1/asn1_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: asn1_err.et 21394 2007-07-02 10:14:43Z lha $" +id "$Id$" error_table asn1 prefix ASN1 diff --git a/source4/heimdal/lib/asn1/asn1_gen.c b/source4/heimdal/lib/asn1/asn1_gen.c index 65b382e6da..50eb598c22 100644 --- a/source4/heimdal/lib/asn1/asn1_gen.c +++ b/source4/heimdal/lib/asn1/asn1_gen.c @@ -40,7 +40,7 @@ #include #include -RCSID("$Id: asn1_gen.c 16666 2006-01-30 15:06:03Z lha $"); +RCSID("$Id$"); static int doit(const char *fn) diff --git a/source4/heimdal/lib/asn1/asn1_queue.h b/source4/heimdal/lib/asn1/asn1_queue.h index 3659b3859d..73eb50f8b8 100644 --- a/source4/heimdal/lib/asn1/asn1_queue.h +++ b/source4/heimdal/lib/asn1/asn1_queue.h @@ -1,5 +1,5 @@ /* $NetBSD: queue.h,v 1.38 2004/04/18 14:12:05 lukem Exp $ */ -/* $Id: asn1_queue.h 15617 2005-07-12 06:27:42Z lha $ */ +/* $Id$ */ /* * Copyright (c) 1991, 1993 diff --git a/source4/heimdal/lib/asn1/canthandle.asn1 b/source4/heimdal/lib/asn1/canthandle.asn1 index 5ba3e3880c..5c2690f9b6 100644 --- a/source4/heimdal/lib/asn1/canthandle.asn1 +++ b/source4/heimdal/lib/asn1/canthandle.asn1 @@ -1,4 +1,4 @@ --- $Id: canthandle.asn1 22071 2007-11-14 20:04:50Z lha $ -- +-- $Id$ -- CANTHANDLE DEFINITIONS ::= BEGIN diff --git a/source4/heimdal/lib/asn1/der.c b/source4/heimdal/lib/asn1/der.c index 120dc086af..159d358fcb 100644 --- a/source4/heimdal/lib/asn1/der.c +++ b/source4/heimdal/lib/asn1/der.c @@ -38,7 +38,7 @@ #include #include -RCSID("$Id: der.c 22429 2008-01-13 10:25:50Z lha $"); +RCSID("$Id$"); static const char *class_names[] = { diff --git a/source4/heimdal/lib/asn1/der.h b/source4/heimdal/lib/asn1/der.h index 0484137192..cef92aa07f 100644 --- a/source4/heimdal/lib/asn1/der.h +++ b/source4/heimdal/lib/asn1/der.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: der.h 23183 2008-05-22 09:56:51Z lha $ */ +/* $Id$ */ #ifndef __DER_H__ #define __DER_H__ diff --git a/source4/heimdal/lib/asn1/der_cmp.c b/source4/heimdal/lib/asn1/der_cmp.c old mode 100755 new mode 100644 diff --git a/source4/heimdal/lib/asn1/der_copy.c b/source4/heimdal/lib/asn1/der_copy.c index 04c4531ca5..ba1aa36c02 100644 --- a/source4/heimdal/lib/asn1/der_copy.c +++ b/source4/heimdal/lib/asn1/der_copy.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_copy.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id$"); int der_copy_general_string (const heim_general_string *from, diff --git a/source4/heimdal/lib/asn1/der_format.c b/source4/heimdal/lib/asn1/der_format.c index 6908bddcc2..37e5bd7f27 100644 --- a/source4/heimdal/lib/asn1/der_format.c +++ b/source4/heimdal/lib/asn1/der_format.c @@ -34,7 +34,7 @@ #include "der_locl.h" #include -RCSID("$Id: der_format.c 20861 2007-06-03 20:18:29Z lha $"); +RCSID("$Id$"); int der_parse_hex_heim_integer (const char *p, heim_integer *data) diff --git a/source4/heimdal/lib/asn1/der_free.c b/source4/heimdal/lib/asn1/der_free.c index f59ec72eb7..8658dc7d15 100644 --- a/source4/heimdal/lib/asn1/der_free.c +++ b/source4/heimdal/lib/asn1/der_free.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_free.c 23182 2008-05-22 02:59:04Z lha $"); +RCSID("$Id$"); void der_free_general_string (heim_general_string *str) diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c index f232ce9a29..297823f8f0 100644 --- a/source4/heimdal/lib/asn1/der_get.c +++ b/source4/heimdal/lib/asn1/der_get.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_get.c 21369 2007-06-27 10:14:39Z lha $"); +RCSID("$Id$"); #include diff --git a/source4/heimdal/lib/asn1/der_length.c b/source4/heimdal/lib/asn1/der_length.c index a7f8f593a2..f0091bd50b 100644 --- a/source4/heimdal/lib/asn1/der_length.c +++ b/source4/heimdal/lib/asn1/der_length.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_length.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id$"); size_t _heim_len_unsigned (unsigned val) diff --git a/source4/heimdal/lib/asn1/der_locl.h b/source4/heimdal/lib/asn1/der_locl.h index 5b97557d74..cdcb5c09a5 100644 --- a/source4/heimdal/lib/asn1/der_locl.h +++ b/source4/heimdal/lib/asn1/der_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: der_locl.h 18608 2006-10-19 16:24:02Z lha $ */ +/* $Id$ */ #ifndef __DER_LOCL_H__ #define __DER_LOCL_H__ diff --git a/source4/heimdal/lib/asn1/der_put.c b/source4/heimdal/lib/asn1/der_put.c index 1fdbfe1305..54fc0cb5f8 100644 --- a/source4/heimdal/lib/asn1/der_put.c +++ b/source4/heimdal/lib/asn1/der_put.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_put.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id$"); /* * All encoding functions take a pointer `p' to first position in diff --git a/source4/heimdal/lib/asn1/digest.asn1 b/source4/heimdal/lib/asn1/digest.asn1 index eafe48ea5a..1cf58b4638 100644 --- a/source4/heimdal/lib/asn1/digest.asn1 +++ b/source4/heimdal/lib/asn1/digest.asn1 @@ -1,4 +1,4 @@ --- $Id: digest.asn1 22152 2007-12-04 19:59:18Z lha $ +-- $Id$ DIGEST DEFINITIONS ::= BEGIN diff --git a/source4/heimdal/lib/asn1/extra.c b/source4/heimdal/lib/asn1/extra.c index e29a437878..90f98d8c25 100644 --- a/source4/heimdal/lib/asn1/extra.c +++ b/source4/heimdal/lib/asn1/extra.c @@ -34,7 +34,7 @@ #include "der_locl.h" #include "heim_asn1.h" -RCSID("$Id: extra.c 16672 2006-01-31 09:44:54Z lha $"); +RCSID("$Id$"); int encode_heim_any(unsigned char *p, size_t len, diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c index 39dba89e4e..ddacf7a1c8 100644 --- a/source4/heimdal/lib/asn1/gen.c +++ b/source4/heimdal/lib/asn1/gen.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c 22896 2008-04-07 18:52:24Z lha $"); +RCSID("$Id$"); FILE *headerfile, *codefile, *logfile; diff --git a/source4/heimdal/lib/asn1/gen_copy.c b/source4/heimdal/lib/asn1/gen_copy.c index abf11859d5..8d41e704c3 100644 --- a/source4/heimdal/lib/asn1/gen_copy.c +++ b/source4/heimdal/lib/asn1/gen_copy.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_copy.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id$"); static int used_fail; diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c index face9ba47a..40751cd077 100644 --- a/source4/heimdal/lib/asn1/gen_decode.c +++ b/source4/heimdal/lib/asn1/gen_decode.c @@ -34,7 +34,7 @@ #include "gen_locl.h" #include "lex.h" -RCSID("$Id: gen_decode.c 21503 2007-07-12 11:57:19Z lha $"); +RCSID("$Id$"); static void decode_primitive (const char *typename, const char *name, const char *forwstr) diff --git a/source4/heimdal/lib/asn1/gen_encode.c b/source4/heimdal/lib/asn1/gen_encode.c index 08f1a9449f..bf26a965a9 100644 --- a/source4/heimdal/lib/asn1/gen_encode.c +++ b/source4/heimdal/lib/asn1/gen_encode.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_encode.c 22429 2008-01-13 10:25:50Z lha $"); +RCSID("$Id$"); static void encode_primitive (const char *typename, const char *name) diff --git a/source4/heimdal/lib/asn1/gen_free.c b/source4/heimdal/lib/asn1/gen_free.c index d667c5d31a..1cec79a911 100644 --- a/source4/heimdal/lib/asn1/gen_free.c +++ b/source4/heimdal/lib/asn1/gen_free.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_free.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id$"); static void free_primitive (const char *typename, const char *name) diff --git a/source4/heimdal/lib/asn1/gen_glue.c b/source4/heimdal/lib/asn1/gen_glue.c index 8d8bd152a3..b01012be83 100644 --- a/source4/heimdal/lib/asn1/gen_glue.c +++ b/source4/heimdal/lib/asn1/gen_glue.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_glue.c 15617 2005-07-12 06:27:42Z lha $"); +RCSID("$Id$"); static void generate_2int (const Type *t, const char *gen_name) diff --git a/source4/heimdal/lib/asn1/gen_length.c b/source4/heimdal/lib/asn1/gen_length.c index 4cb5d45089..a10604a09c 100644 --- a/source4/heimdal/lib/asn1/gen_length.c +++ b/source4/heimdal/lib/asn1/gen_length.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_length.c 21503 2007-07-12 11:57:19Z lha $"); +RCSID("$Id$"); static void length_primitive (const char *typename, diff --git a/source4/heimdal/lib/asn1/gen_locl.h b/source4/heimdal/lib/asn1/gen_locl.h index 8cd4dbad5a..eaf87390f2 100644 --- a/source4/heimdal/lib/asn1/gen_locl.h +++ b/source4/heimdal/lib/asn1/gen_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gen_locl.h 18008 2006-09-05 12:29:18Z lha $ */ +/* $Id$ */ #ifndef __GEN_LOCL_H__ #define __GEN_LOCL_H__ diff --git a/source4/heimdal/lib/asn1/gen_seq.c b/source4/heimdal/lib/asn1/gen_seq.c index 54776752c2..d7d4fa5d7d 100644 --- a/source4/heimdal/lib/asn1/gen_seq.c +++ b/source4/heimdal/lib/asn1/gen_seq.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen_seq.c 20561 2007-04-24 16:14:30Z lha $"); +RCSID("$Id$"); void generate_type_seq (const Symbol *s) diff --git a/source4/heimdal/lib/asn1/hash.c b/source4/heimdal/lib/asn1/hash.c index eeb6b6d63d..f61a3eeb24 100644 --- a/source4/heimdal/lib/asn1/hash.c +++ b/source4/heimdal/lib/asn1/hash.c @@ -37,7 +37,7 @@ #include "gen_locl.h" -RCSID("$Id: hash.c 17016 2006-04-07 22:16:00Z lha $"); +RCSID("$Id$"); static Hashentry *_search(Hashtab * htab, /* The hash table */ void *ptr); /* And key */ diff --git a/source4/heimdal/lib/asn1/hash.h b/source4/heimdal/lib/asn1/hash.h index 10d8ce99b0..41ecc9de0c 100644 --- a/source4/heimdal/lib/asn1/hash.h +++ b/source4/heimdal/lib/asn1/hash.h @@ -35,7 +35,7 @@ * hash.h. Header file for hash table functions */ -/* $Id: hash.h 7464 1999-12-02 17:05:13Z joda $ */ +/* $Id$ */ struct hashentry { /* Entry in bucket */ struct hashentry **prev; diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1 index ea20eb99d2..9b36498161 100644 --- a/source4/heimdal/lib/asn1/k5.asn1 +++ b/source4/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1 22745 2008-03-24 12:07:54Z lha $ +-- $Id$ KERBEROS5 DEFINITIONS ::= BEGIN @@ -72,6 +72,7 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER KRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com KRB5-PADATA-S4U2SELF(129), + KRB5-PADATA-EPAC(130), -- EPAK KRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to -- tell KDC that is supports -- the asCheckSum in the @@ -94,7 +95,8 @@ AUTHDATA-TYPE ::= INTEGER { KRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66), KRB5-AUTHDATA-WIN2K-PAC(128), KRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129), -- Authenticator only - KRB5-AUTHDATA-SIGNTICKET(-17) + KRB5-AUTHDATA-SIGNTICKET-OLD(-17), + KRB5-AUTHDATA-SIGNTICKET(142) } -- checksumtypes diff --git a/source4/heimdal/lib/asn1/kx509.asn1 b/source4/heimdal/lib/asn1/kx509.asn1 index fc6a696dab..820abc8106 100644 --- a/source4/heimdal/lib/asn1/kx509.asn1 +++ b/source4/heimdal/lib/asn1/kx509.asn1 @@ -1,4 +1,4 @@ --- $Id: kx509.asn1 19546 2006-12-28 21:05:23Z lha $ +-- $Id$ KX509 DEFINITIONS ::= BEGIN diff --git a/source4/heimdal/lib/asn1/lex.c b/source4/heimdal/lib/asn1/lex.c index 175760be44..5efec619ee 100644 --- a/source4/heimdal/lib/asn1/lex.c +++ b/source4/heimdal/lib/asn1/lex.c @@ -830,7 +830,7 @@ char *yytext; * SUCH DAMAGE. */ -/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include diff --git a/source4/heimdal/lib/asn1/lex.h b/source4/heimdal/lib/asn1/lex.h index 7aececf6d7..34cef1716a 100644 --- a/source4/heimdal/lib/asn1/lex.h +++ b/source4/heimdal/lib/asn1/lex.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: lex.h 15617 2005-07-12 06:27:42Z lha $ */ +/* $Id$ */ #include diff --git a/source4/heimdal/lib/asn1/lex.l b/source4/heimdal/lib/asn1/lex.l index ec744220e9..e1452c3b04 100644 --- a/source4/heimdal/lib/asn1/lex.l +++ b/source4/heimdal/lib/asn1/lex.l @@ -32,7 +32,7 @@ * SUCH DAMAGE. */ -/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include diff --git a/source4/heimdal/lib/asn1/main.c b/source4/heimdal/lib/asn1/main.c index 3b4a8122ca..3e15b39e6a 100644 --- a/source4/heimdal/lib/asn1/main.c +++ b/source4/heimdal/lib/asn1/main.c @@ -35,7 +35,7 @@ #include #include "lex.h" -RCSID("$Id: main.c 20858 2007-06-03 18:56:41Z lha $"); +RCSID("$Id$"); extern FILE *yyin; diff --git a/source4/heimdal/lib/asn1/parse.c b/source4/heimdal/lib/asn1/parse.c index 6a3e524e93..edd3bba463 100644 --- a/source4/heimdal/lib/asn1/parse.c +++ b/source4/heimdal/lib/asn1/parse.c @@ -248,7 +248,7 @@ /* Copy the first part of user declarations. */ -#line 36 "parse.y" +#line 36 "heimdal/lib/asn1/parse.y" #ifdef HAVE_CONFIG_H #include @@ -261,7 +261,7 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y 21597 2007-07-16 18:48:58Z lha $"); +RCSID("$Id$"); static Type *new_type (Typetype t); static struct constraint_spec *new_constraint_spec(enum ctype); @@ -280,7 +280,7 @@ struct string_list { /* Enabling traces. */ #ifndef YYDEBUG -# define YYDEBUG 1 +# define YYDEBUG 0 #endif /* Enabling verbose error messages. */ @@ -298,7 +298,7 @@ struct string_list { #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 65 "parse.y" +#line 65 "heimdal/lib/asn1/parse.y" { int constant; struct value *value; @@ -314,7 +314,7 @@ typedef union YYSTYPE struct constraint_spec *constraint_spec; } /* Line 187 of yacc.c. */ -#line 318 "parse.c" +#line 318 "heimdal/lib/asn1/parse.y" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -327,7 +327,7 @@ typedef union YYSTYPE /* Line 216 of yacc.c. */ -#line 331 "parse.c" +#line 331 "heimdal/lib/asn1/parse.y" #ifdef short # undef short @@ -1762,29 +1762,29 @@ yyreduce: switch (yyn) { case 2: -#line 235 "parse.y" +#line 235 "heimdal/lib/asn1/parse.y" { checkundefined(); } break; case 4: -#line 242 "parse.y" +#line 242 "heimdal/lib/asn1/parse.y" { error_message("implicit tagging is not supported"); } break; case 5: -#line 244 "parse.y" +#line 244 "heimdal/lib/asn1/parse.y" { error_message("automatic tagging is not supported"); } break; case 7: -#line 249 "parse.y" +#line 249 "heimdal/lib/asn1/parse.y" { error_message("no extensibility options supported"); } break; case 17: -#line 270 "parse.y" +#line 270 "heimdal/lib/asn1/parse.y" { struct string_list *sl; for(sl = (yyvsp[(1) - (4)].sl); sl != NULL; sl = sl->next) { @@ -1796,7 +1796,7 @@ yyreduce: break; case 22: -#line 289 "parse.y" +#line 289 "heimdal/lib/asn1/parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[(1) - (3)].name); @@ -1805,7 +1805,7 @@ yyreduce: break; case 23: -#line 295 "parse.y" +#line 295 "heimdal/lib/asn1/parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[(1) - (1)].name); @@ -1814,7 +1814,7 @@ yyreduce: break; case 24: -#line 303 "parse.y" +#line 303 "heimdal/lib/asn1/parse.y" { Symbol *s = addsym ((yyvsp[(1) - (3)].name)); s->stype = Stype; @@ -1825,7 +1825,7 @@ yyreduce: break; case 42: -#line 334 "parse.y" +#line 334 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean, TE_EXPLICIT, new_type(TBoolean)); @@ -1833,7 +1833,7 @@ yyreduce: break; case 43: -#line 341 "parse.y" +#line 341 "heimdal/lib/asn1/parse.y" { if((yyvsp[(2) - (5)].value)->type != integervalue) error_message("Non-integer used in first part of range"); @@ -1846,7 +1846,7 @@ yyreduce: break; case 44: -#line 351 "parse.y" +#line 351 "heimdal/lib/asn1/parse.y" { if((yyvsp[(2) - (5)].value)->type != integervalue) error_message("Non-integer in first part of range"); @@ -1857,7 +1857,7 @@ yyreduce: break; case 45: -#line 359 "parse.y" +#line 359 "heimdal/lib/asn1/parse.y" { if((yyvsp[(4) - (5)].value)->type != integervalue) error_message("Non-integer in second part of range"); @@ -1868,7 +1868,7 @@ yyreduce: break; case 46: -#line 367 "parse.y" +#line 367 "heimdal/lib/asn1/parse.y" { if((yyvsp[(2) - (3)].value)->type != integervalue) error_message("Non-integer used in limit"); @@ -1879,7 +1879,7 @@ yyreduce: break; case 47: -#line 378 "parse.y" +#line 378 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, new_type(TInteger)); @@ -1887,7 +1887,7 @@ yyreduce: break; case 48: -#line 383 "parse.y" +#line 383 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->range = (yyvsp[(2) - (2)].range); @@ -1896,7 +1896,7 @@ yyreduce: break; case 49: -#line 389 "parse.y" +#line 389 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1905,7 +1905,7 @@ yyreduce: break; case 50: -#line 397 "parse.y" +#line 397 "heimdal/lib/asn1/parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -1914,7 +1914,7 @@ yyreduce: break; case 51: -#line 403 "parse.y" +#line 403 "heimdal/lib/asn1/parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); @@ -1922,12 +1922,12 @@ yyreduce: break; case 52: -#line 408 "parse.y" +#line 408 "heimdal/lib/asn1/parse.y" { (yyval.members) = (yyvsp[(1) - (3)].members); } break; case 53: -#line 412 "parse.y" +#line 412 "heimdal/lib/asn1/parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (4)].name); @@ -1941,7 +1941,7 @@ yyreduce: break; case 54: -#line 425 "parse.y" +#line 425 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1950,7 +1950,7 @@ yyreduce: break; case 56: -#line 436 "parse.y" +#line 436 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = emalloc(sizeof(*(yyval.type)->members)); @@ -1960,7 +1960,7 @@ yyreduce: break; case 57: -#line 443 "parse.y" +#line 443 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = (yyvsp[(4) - (5)].members); @@ -1969,7 +1969,7 @@ yyreduce: break; case 58: -#line 451 "parse.y" +#line 451 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_OID, TE_EXPLICIT, new_type(TOID)); @@ -1977,7 +1977,7 @@ yyreduce: break; case 59: -#line 457 "parse.y" +#line 457 "heimdal/lib/asn1/parse.y" { Type *t = new_type(TOctetString); t->range = (yyvsp[(3) - (3)].range); @@ -1987,7 +1987,7 @@ yyreduce: break; case 60: -#line 466 "parse.y" +#line 466 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_Null, TE_EXPLICIT, new_type(TNull)); @@ -1995,17 +1995,17 @@ yyreduce: break; case 61: -#line 473 "parse.y" +#line 473 "heimdal/lib/asn1/parse.y" { (yyval.range) = NULL; } break; case 62: -#line 475 "parse.y" +#line 475 "heimdal/lib/asn1/parse.y" { (yyval.range) = (yyvsp[(2) - (2)].range); } break; case 63: -#line 480 "parse.y" +#line 480 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -2014,7 +2014,7 @@ yyreduce: break; case 64: -#line 486 "parse.y" +#line 486 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = NULL; @@ -2023,7 +2023,7 @@ yyreduce: break; case 65: -#line 494 "parse.y" +#line 494 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSequenceOf); (yyval.type)->range = (yyvsp[(2) - (4)].range); @@ -2033,7 +2033,7 @@ yyreduce: break; case 66: -#line 503 "parse.y" +#line 503 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -2042,7 +2042,7 @@ yyreduce: break; case 67: -#line 509 "parse.y" +#line 509 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = NULL; @@ -2051,7 +2051,7 @@ yyreduce: break; case 68: -#line 517 "parse.y" +#line 517 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TSetOf); (yyval.type)->subtype = (yyvsp[(3) - (3)].type); @@ -2060,7 +2060,7 @@ yyreduce: break; case 69: -#line 525 "parse.y" +#line 525 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TChoice); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -2068,7 +2068,7 @@ yyreduce: break; case 72: -#line 536 "parse.y" +#line 536 "heimdal/lib/asn1/parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); (yyval.type) = new_type(TType); @@ -2080,7 +2080,7 @@ yyreduce: break; case 73: -#line 547 "parse.y" +#line 547 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, TE_EXPLICIT, new_type(TGeneralizedTime)); @@ -2088,7 +2088,7 @@ yyreduce: break; case 74: -#line 552 "parse.y" +#line 552 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime, TE_EXPLICIT, new_type(TUTCTime)); @@ -2096,7 +2096,7 @@ yyreduce: break; case 75: -#line 559 "parse.y" +#line 559 "heimdal/lib/asn1/parse.y" { /* if (Constraint.type == contentConstrant) { assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too @@ -2112,14 +2112,14 @@ yyreduce: break; case 76: -#line 575 "parse.y" +#line 575 "heimdal/lib/asn1/parse.y" { (yyval.constraint_spec) = (yyvsp[(2) - (3)].constraint_spec); } break; case 80: -#line 588 "parse.y" +#line 588 "heimdal/lib/asn1/parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); (yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (2)].type); @@ -2128,7 +2128,7 @@ yyreduce: break; case 81: -#line 594 "parse.y" +#line 594 "heimdal/lib/asn1/parse.y" { if ((yyvsp[(3) - (3)].value)->type != objectidentifiervalue) error_message("Non-OID used in ENCODED BY constraint"); @@ -2139,7 +2139,7 @@ yyreduce: break; case 82: -#line 602 "parse.y" +#line 602 "heimdal/lib/asn1/parse.y" { if ((yyvsp[(5) - (5)].value)->type != objectidentifiervalue) error_message("Non-OID used in ENCODED BY constraint"); @@ -2150,14 +2150,14 @@ yyreduce: break; case 83: -#line 612 "parse.y" +#line 612 "heimdal/lib/asn1/parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_USER); } break; case 84: -#line 618 "parse.y" +#line 618 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_type(TTag); (yyval.type)->tag = (yyvsp[(1) - (3)].tag); @@ -2171,7 +2171,7 @@ yyreduce: break; case 85: -#line 631 "parse.y" +#line 631 "heimdal/lib/asn1/parse.y" { (yyval.tag).tagclass = (yyvsp[(2) - (4)].constant); (yyval.tag).tagvalue = (yyvsp[(3) - (4)].constant); @@ -2180,56 +2180,56 @@ yyreduce: break; case 86: -#line 639 "parse.y" +#line 639 "heimdal/lib/asn1/parse.y" { (yyval.constant) = ASN1_C_CONTEXT; } break; case 87: -#line 643 "parse.y" +#line 643 "heimdal/lib/asn1/parse.y" { (yyval.constant) = ASN1_C_UNIV; } break; case 88: -#line 647 "parse.y" +#line 647 "heimdal/lib/asn1/parse.y" { (yyval.constant) = ASN1_C_APPL; } break; case 89: -#line 651 "parse.y" +#line 651 "heimdal/lib/asn1/parse.y" { (yyval.constant) = ASN1_C_PRIVATE; } break; case 90: -#line 657 "parse.y" +#line 657 "heimdal/lib/asn1/parse.y" { (yyval.constant) = TE_EXPLICIT; } break; case 91: -#line 661 "parse.y" +#line 661 "heimdal/lib/asn1/parse.y" { (yyval.constant) = TE_EXPLICIT; } break; case 92: -#line 665 "parse.y" +#line 665 "heimdal/lib/asn1/parse.y" { (yyval.constant) = TE_IMPLICIT; } break; case 93: -#line 672 "parse.y" +#line 672 "heimdal/lib/asn1/parse.y" { Symbol *s; s = addsym ((yyvsp[(1) - (4)].name)); @@ -2241,7 +2241,7 @@ yyreduce: break; case 95: -#line 686 "parse.y" +#line 686 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString, TE_EXPLICIT, new_type(TGeneralString)); @@ -2249,7 +2249,7 @@ yyreduce: break; case 96: -#line 691 "parse.y" +#line 691 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String, TE_EXPLICIT, new_type(TUTF8String)); @@ -2257,7 +2257,7 @@ yyreduce: break; case 97: -#line 696 "parse.y" +#line 696 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString, TE_EXPLICIT, new_type(TPrintableString)); @@ -2265,7 +2265,7 @@ yyreduce: break; case 98: -#line 701 "parse.y" +#line 701 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_VisibleString, TE_EXPLICIT, new_type(TVisibleString)); @@ -2273,7 +2273,7 @@ yyreduce: break; case 99: -#line 706 "parse.y" +#line 706 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, TE_EXPLICIT, new_type(TIA5String)); @@ -2281,7 +2281,7 @@ yyreduce: break; case 100: -#line 711 "parse.y" +#line 711 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, TE_EXPLICIT, new_type(TBMPString)); @@ -2289,7 +2289,7 @@ yyreduce: break; case 101: -#line 716 "parse.y" +#line 716 "heimdal/lib/asn1/parse.y" { (yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString, TE_EXPLICIT, new_type(TUniversalString)); @@ -2297,7 +2297,7 @@ yyreduce: break; case 102: -#line 724 "parse.y" +#line 724 "heimdal/lib/asn1/parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -2306,7 +2306,7 @@ yyreduce: break; case 103: -#line 730 "parse.y" +#line 730 "heimdal/lib/asn1/parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); @@ -2314,7 +2314,7 @@ yyreduce: break; case 104: -#line 735 "parse.y" +#line 735 "heimdal/lib/asn1/parse.y" { struct member *m = ecalloc(1, sizeof(*m)); m->name = estrdup("..."); @@ -2326,7 +2326,7 @@ yyreduce: break; case 105: -#line 746 "parse.y" +#line 746 "heimdal/lib/asn1/parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (2)].name); @@ -2338,7 +2338,7 @@ yyreduce: break; case 106: -#line 757 "parse.y" +#line 757 "heimdal/lib/asn1/parse.y" { (yyval.member) = (yyvsp[(1) - (1)].member); (yyval.member)->optional = 0; @@ -2347,7 +2347,7 @@ yyreduce: break; case 107: -#line 763 "parse.y" +#line 763 "heimdal/lib/asn1/parse.y" { (yyval.member) = (yyvsp[(1) - (2)].member); (yyval.member)->optional = 1; @@ -2356,7 +2356,7 @@ yyreduce: break; case 108: -#line 769 "parse.y" +#line 769 "heimdal/lib/asn1/parse.y" { (yyval.member) = (yyvsp[(1) - (3)].member); (yyval.member)->optional = 0; @@ -2365,7 +2365,7 @@ yyreduce: break; case 109: -#line 777 "parse.y" +#line 777 "heimdal/lib/asn1/parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -2374,7 +2374,7 @@ yyreduce: break; case 110: -#line 783 "parse.y" +#line 783 "heimdal/lib/asn1/parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); @@ -2382,7 +2382,7 @@ yyreduce: break; case 111: -#line 790 "parse.y" +#line 790 "heimdal/lib/asn1/parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (4)].name); @@ -2396,26 +2396,26 @@ yyreduce: break; case 113: -#line 803 "parse.y" +#line 803 "heimdal/lib/asn1/parse.y" { (yyval.objid) = NULL; } break; case 114: -#line 807 "parse.y" +#line 807 "heimdal/lib/asn1/parse.y" { (yyval.objid) = (yyvsp[(2) - (3)].objid); } break; case 115: -#line 813 "parse.y" +#line 813 "heimdal/lib/asn1/parse.y" { (yyval.objid) = NULL; } break; case 116: -#line 817 "parse.y" +#line 817 "heimdal/lib/asn1/parse.y" { if ((yyvsp[(2) - (2)].objid)) { (yyval.objid) = (yyvsp[(2) - (2)].objid); @@ -2427,14 +2427,14 @@ yyreduce: break; case 117: -#line 828 "parse.y" +#line 828 "heimdal/lib/asn1/parse.y" { (yyval.objid) = new_objid((yyvsp[(1) - (4)].name), (yyvsp[(3) - (4)].constant)); } break; case 118: -#line 832 "parse.y" +#line 832 "heimdal/lib/asn1/parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); if(s->stype != SValue || @@ -2448,14 +2448,14 @@ yyreduce: break; case 119: -#line 843 "parse.y" +#line 843 "heimdal/lib/asn1/parse.y" { (yyval.objid) = new_objid(NULL, (yyvsp[(1) - (1)].constant)); } break; case 129: -#line 866 "parse.y" +#line 866 "heimdal/lib/asn1/parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); if(s->stype != SValue) @@ -2467,7 +2467,7 @@ yyreduce: break; case 130: -#line 877 "parse.y" +#line 877 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = stringvalue; @@ -2476,7 +2476,7 @@ yyreduce: break; case 131: -#line 885 "parse.y" +#line 885 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2485,7 +2485,7 @@ yyreduce: break; case 132: -#line 891 "parse.y" +#line 891 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2494,7 +2494,7 @@ yyreduce: break; case 133: -#line 899 "parse.y" +#line 899 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = integervalue; @@ -2503,13 +2503,13 @@ yyreduce: break; case 135: -#line 910 "parse.y" +#line 910 "heimdal/lib/asn1/parse.y" { } break; case 136: -#line 915 "parse.y" +#line 915 "heimdal/lib/asn1/parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = objectidentifiervalue; @@ -2519,7 +2519,7 @@ yyreduce: /* Line 1267 of yacc.c. */ -#line 2523 "parse.c" +#line 2523 "heimdal/lib/asn1/parse.y" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -2733,7 +2733,7 @@ yyreturn: } -#line 922 "parse.y" +#line 922 "heimdal/lib/asn1/parse.y" void diff --git a/source4/heimdal/lib/asn1/parse.h b/source4/heimdal/lib/asn1/parse.h index 5e73094f9e..bea506ca7b 100644 --- a/source4/heimdal/lib/asn1/parse.h +++ b/source4/heimdal/lib/asn1/parse.h @@ -222,7 +222,7 @@ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 65 "parse.y" +#line 65 "heimdal/lib/asn1/parse.y" { int constant; struct value *value; @@ -238,7 +238,7 @@ typedef union YYSTYPE struct constraint_spec *constraint_spec; } /* Line 1489 of yacc.c. */ -#line 242 "parse.h" +#line 242 "heimdal/lib/asn1/parse.y" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 diff --git a/source4/heimdal/lib/asn1/parse.y b/source4/heimdal/lib/asn1/parse.y index 772f2b1bc1..956386820f 100644 --- a/source4/heimdal/lib/asn1/parse.y +++ b/source4/heimdal/lib/asn1/parse.y @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse.y 21597 2007-07-16 18:48:58Z lha $ */ +/* $Id$ */ %{ #ifdef HAVE_CONFIG_H @@ -45,7 +45,7 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y 21597 2007-07-16 18:48:58Z lha $"); +RCSID("$Id$"); static Type *new_type (Typetype t); static struct constraint_spec *new_constraint_spec(enum ctype); diff --git a/source4/heimdal/lib/asn1/pkcs12.asn1 b/source4/heimdal/lib/asn1/pkcs12.asn1 index 37fe03e58e..4d6454a08f 100644 --- a/source4/heimdal/lib/asn1/pkcs12.asn1 +++ b/source4/heimdal/lib/asn1/pkcs12.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs12.asn1 15715 2005-07-23 11:08:47Z lha $ -- +-- $Id$ -- PKCS12 DEFINITIONS ::= diff --git a/source4/heimdal/lib/asn1/pkcs8.asn1 b/source4/heimdal/lib/asn1/pkcs8.asn1 index 911e727c70..203d91eef8 100644 --- a/source4/heimdal/lib/asn1/pkcs8.asn1 +++ b/source4/heimdal/lib/asn1/pkcs8.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs8.asn1 16060 2005-09-13 19:41:29Z lha $ -- +-- $Id$ -- PKCS8 DEFINITIONS ::= diff --git a/source4/heimdal/lib/asn1/pkcs9.asn1 b/source4/heimdal/lib/asn1/pkcs9.asn1 index d985e91f3c..50bf9dd1cd 100644 --- a/source4/heimdal/lib/asn1/pkcs9.asn1 +++ b/source4/heimdal/lib/asn1/pkcs9.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs9.asn1 17202 2006-04-24 08:59:10Z lha $ -- +-- $Id$ -- PKCS9 DEFINITIONS ::= diff --git a/source4/heimdal/lib/asn1/symbol.c b/source4/heimdal/lib/asn1/symbol.c index 9407915c19..4972e265e7 100644 --- a/source4/heimdal/lib/asn1/symbol.c +++ b/source4/heimdal/lib/asn1/symbol.c @@ -34,7 +34,7 @@ #include "gen_locl.h" #include "lex.h" -RCSID("$Id: symbol.c 15617 2005-07-12 06:27:42Z lha $"); +RCSID("$Id$"); static Hashtab *htab; diff --git a/source4/heimdal/lib/asn1/symbol.h b/source4/heimdal/lib/asn1/symbol.h index d07caf5590..8282e700ba 100644 --- a/source4/heimdal/lib/asn1/symbol.h +++ b/source4/heimdal/lib/asn1/symbol.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: symbol.h 19539 2006-12-28 17:15:05Z lha $ */ +/* $Id$ */ #ifndef _SYMBOL_H #define _SYMBOL_H diff --git a/source4/heimdal/lib/asn1/test.asn1 b/source4/heimdal/lib/asn1/test.asn1 index b2f58a20c2..d07bba6185 100644 --- a/source4/heimdal/lib/asn1/test.asn1 +++ b/source4/heimdal/lib/asn1/test.asn1 @@ -1,4 +1,4 @@ --- $Id: test.asn1 21455 2007-07-10 12:51:19Z lha $ -- +-- $Id$ -- TEST DEFINITIONS ::= diff --git a/source4/heimdal/lib/asn1/test.gen b/source4/heimdal/lib/asn1/test.gen index d0fc7d98a4..bfb0486481 100644 --- a/source4/heimdal/lib/asn1/test.gen +++ b/source4/heimdal/lib/asn1/test.gen @@ -1,4 +1,4 @@ -# $Id: test.gen 15617 2005-07-12 06:27:42Z lha $ +# $Id$ # Sample for TESTSeq in test.asn1 # diff --git a/source4/heimdal/lib/asn1/timegm.c b/source4/heimdal/lib/asn1/timegm.c index 33b9684a5d..5119ee887e 100644 --- a/source4/heimdal/lib/asn1/timegm.c +++ b/source4/heimdal/lib/asn1/timegm.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: timegm.c 21366 2007-06-27 10:06:22Z lha $"); +RCSID("$Id$"); static int is_leap(unsigned y) diff --git a/source4/heimdal/lib/com_err/com_err.c b/source4/heimdal/lib/com_err/com_err.c index faf4294cdd..3dec3b2acc 100644 --- a/source4/heimdal/lib/com_err/com_err.c +++ b/source4/heimdal/lib/com_err/com_err.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: com_err.c 14930 2005-04-24 19:43:06Z lha $"); +RCSID("$Id$"); #endif #include #include diff --git a/source4/heimdal/lib/com_err/com_err.h b/source4/heimdal/lib/com_err/com_err.h index bdd764f7e9..d7b0912168 100644 --- a/source4/heimdal/lib/com_err/com_err.h +++ b/source4/heimdal/lib/com_err/com_err.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: com_err.h 15566 2005-07-07 14:58:07Z lha $ */ +/* $Id$ */ /* MIT compatible com_err library */ diff --git a/source4/heimdal/lib/com_err/com_right.h b/source4/heimdal/lib/com_err/com_right.h index 4d929da866..f8cd2b6121 100644 --- a/source4/heimdal/lib/com_err/com_right.h +++ b/source4/heimdal/lib/com_err/com_right.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: com_right.h 14551 2005-02-03 08:45:13Z lha $ */ +/* $Id$ */ #ifndef __COM_RIGHT_H__ #define __COM_RIGHT_H__ diff --git a/source4/heimdal/lib/com_err/compile_et.c b/source4/heimdal/lib/com_err/compile_et.c index 1057654822..c5a4f4fbcc 100644 --- a/source4/heimdal/lib/com_err/compile_et.c +++ b/source4/heimdal/lib/com_err/compile_et.c @@ -35,7 +35,7 @@ #include "compile_et.h" #include -RCSID("$Id: compile_et.c 15426 2005-06-16 19:21:42Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source4/heimdal/lib/com_err/compile_et.h b/source4/heimdal/lib/com_err/compile_et.h index 1c7de5a08b..5563f40e48 100644 --- a/source4/heimdal/lib/com_err/compile_et.h +++ b/source4/heimdal/lib/com_err/compile_et.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: compile_et.h 15426 2005-06-16 19:21:42Z lha $ */ +/* $Id$ */ #ifndef __COMPILE_ET_H__ #define __COMPILE_ET_H__ diff --git a/source4/heimdal/lib/com_err/error.c b/source4/heimdal/lib/com_err/error.c index 051078025c..51a28b7f48 100644 --- a/source4/heimdal/lib/com_err/error.c +++ b/source4/heimdal/lib/com_err/error.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: error.c 9724 2001-02-28 20:00:13Z joda $"); +RCSID("$Id$"); #endif #include #include diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index b70ef4749f..f030831d72 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -527,7 +527,7 @@ char *yytext; #include "parse.h" #include "lex.h" -RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $"); +RCSID("$Id$"); static unsigned lineno = 1; static int getstring(void); diff --git a/source4/heimdal/lib/com_err/lex.h b/source4/heimdal/lib/com_err/lex.h index 89f0387655..c97324a1a5 100644 --- a/source4/heimdal/lib/com_err/lex.h +++ b/source4/heimdal/lib/com_err/lex.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: lex.h 8451 2000-06-22 00:42:52Z assar $ */ +/* $Id$ */ void error_message (const char *, ...) __attribute__ ((format (printf, 1, 2))); diff --git a/source4/heimdal/lib/com_err/lex.l b/source4/heimdal/lib/com_err/lex.l index 08aef516b3..4d56be4da0 100644 --- a/source4/heimdal/lib/com_err/lex.l +++ b/source4/heimdal/lib/com_err/lex.l @@ -44,7 +44,7 @@ #include "parse.h" #include "lex.h" -RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $"); +RCSID("$Id$"); static unsigned lineno = 1; static int getstring(void); diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c index 4bacb721ca..868e3f39f3 100644 --- a/source4/heimdal/lib/com_err/parse.c +++ b/source4/heimdal/lib/com_err/parse.c @@ -90,7 +90,7 @@ /* Copy the first part of user declarations. */ -#line 1 "parse.y" +#line 1 "heimdal/lib/com_err/parse.y" /* * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan @@ -128,7 +128,7 @@ #include "compile_et.h" #include "lex.h" -RCSID("$Id: parse.y 15426 2005-06-16 19:21:42Z lha $"); +RCSID("$Id$"); void yyerror (char *s); static long name2number(const char *str); @@ -163,13 +163,13 @@ extern char *yytext; #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 53 "parse.y" +#line 53 "heimdal/lib/com_err/parse.y" { char *string; int number; } /* Line 187 of yacc.c. */ -#line 173 "parse.c" +#line 173 "heimdal/lib/com_err/parse.y" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -182,7 +182,7 @@ typedef union YYSTYPE /* Line 216 of yacc.c. */ -#line 186 "parse.c" +#line 186 "heimdal/lib/com_err/parse.y" #ifdef short # undef short @@ -1381,14 +1381,14 @@ yyreduce: switch (yyn) { case 6: -#line 73 "parse.y" +#line 73 "heimdal/lib/com_err/parse.y" { id_str = (yyvsp[(2) - (2)].string); } break; case 7: -#line 79 "parse.y" +#line 79 "heimdal/lib/com_err/parse.y" { base_id = name2number((yyvsp[(2) - (2)].string)); strlcpy(name, (yyvsp[(2) - (2)].string), sizeof(name)); @@ -1397,7 +1397,7 @@ yyreduce: break; case 8: -#line 85 "parse.y" +#line 85 "heimdal/lib/com_err/parse.y" { base_id = name2number((yyvsp[(2) - (3)].string)); strlcpy(name, (yyvsp[(3) - (3)].string), sizeof(name)); @@ -1407,14 +1407,14 @@ yyreduce: break; case 11: -#line 98 "parse.y" +#line 98 "heimdal/lib/com_err/parse.y" { number = (yyvsp[(2) - (2)].number); } break; case 12: -#line 102 "parse.y" +#line 102 "heimdal/lib/com_err/parse.y" { free(prefix); asprintf (&prefix, "%s_", (yyvsp[(2) - (2)].string)); @@ -1425,7 +1425,7 @@ yyreduce: break; case 13: -#line 110 "parse.y" +#line 110 "heimdal/lib/com_err/parse.y" { prefix = realloc(prefix, 1); if (prefix == NULL) @@ -1435,7 +1435,7 @@ yyreduce: break; case 14: -#line 117 "parse.y" +#line 117 "heimdal/lib/com_err/parse.y" { struct error_code *ec = malloc(sizeof(*ec)); @@ -1458,7 +1458,7 @@ yyreduce: break; case 15: -#line 137 "parse.y" +#line 137 "heimdal/lib/com_err/parse.y" { YYACCEPT; } @@ -1466,7 +1466,7 @@ yyreduce: /* Line 1267 of yacc.c. */ -#line 1470 "parse.c" +#line 1470 "heimdal/lib/com_err/parse.y" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -1680,7 +1680,7 @@ yyreturn: } -#line 142 "parse.y" +#line 142 "heimdal/lib/com_err/parse.y" static long diff --git a/source4/heimdal/lib/com_err/parse.h b/source4/heimdal/lib/com_err/parse.h index 4c9681ff34..9aabca9023 100644 --- a/source4/heimdal/lib/com_err/parse.h +++ b/source4/heimdal/lib/com_err/parse.h @@ -64,13 +64,13 @@ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 53 "parse.y" +#line 53 "heimdal/lib/com_err/parse.y" { char *string; int number; } /* Line 1489 of yacc.c. */ -#line 74 "parse.h" +#line 74 "heimdal/lib/com_err/parse.y" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 diff --git a/source4/heimdal/lib/com_err/parse.y b/source4/heimdal/lib/com_err/parse.y index 315931389f..e9b2837051 100644 --- a/source4/heimdal/lib/com_err/parse.y +++ b/source4/heimdal/lib/com_err/parse.y @@ -35,7 +35,7 @@ #include "compile_et.h" #include "lex.h" -RCSID("$Id: parse.y 15426 2005-06-16 19:21:42Z lha $"); +RCSID("$Id$"); void yyerror (char *s); static long name2number(const char *str); diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h index 63f66f7313..d6417cdf0c 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi.h 23025 2008-04-17 10:01:57Z lha $ */ +/* $Id$ */ #ifndef GSSAPI_GSSAPI_H_ #define GSSAPI_GSSAPI_H_ @@ -123,6 +123,7 @@ typedef OM_uint32 gss_qop_t; #define GSS_C_DCE_STYLE 4096 #define GSS_C_IDENTIFY_FLAG 8192 #define GSS_C_EXTENDED_ERROR_FLAG 16384 +#define GSS_C_DELEG_POLICY_FLAG 32768 /* * Credential usage options diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h index 55f7886658..bab719019d 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_krb5.h 23420 2008-07-26 18:37:48Z lha $ */ +/* $Id$ */ #ifndef GSSAPI_KRB5_H_ #define GSSAPI_KRB5_H_ diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h index 3358863a80..6587acd7d0 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_spnego.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_spnego.h 23025 2008-04-17 10:01:57Z lha $ */ +/* $Id$ */ #ifndef GSSAPI_SPNEGO_H_ #define GSSAPI_SPNEGO_H_ diff --git a/source4/heimdal/lib/gssapi/krb5/8003.c b/source4/heimdal/lib/gssapi/krb5/8003.c index 619cbf97fc..a9b93d32a6 100644 --- a/source4/heimdal/lib/gssapi/krb5/8003.c +++ b/source4/heimdal/lib/gssapi/krb5/8003.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: 8003.c 18334 2006-10-07 22:16:04Z lha $"); +RCSID("$Id$"); krb5_error_code _gsskrb5_encode_om_uint32(OM_uint32 n, u_char *p) diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index 8dbd087da6..84110b7a82 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: accept_sec_context.c 23433 2008-07-26 18:44:26Z lha $"); +RCSID("$Id$"); HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER; krb5_keytab _gsskrb5_keytab; @@ -371,9 +371,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, if (kret) { if (in) krb5_rd_req_in_ctx_free(context, in); - ret = GSS_S_FAILURE; *minor_status = kret; - return ret; + return GSS_S_FAILURE; } kret = krb5_rd_req_ctx(context, @@ -382,13 +381,18 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, server, in, &out); krb5_rd_req_in_ctx_free(context, in); - if (kret) { + if (kret == KRB5KRB_AP_ERR_SKEW) { /* * No reply in non-MUTUAL mode, but we don't know that its - * non-MUTUAL mode yet, thats inside the 8003 checksum. + * non-MUTUAL mode yet, thats inside the 8003 checksum, so + * lets only send the error token on clock skew, that + * limit when send error token for non-MUTUAL. */ return send_error_token(minor_status, context, kret, server, &indata, output_token); + } else if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; } /* @@ -520,16 +524,36 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, if(ctx->flags & GSS_C_MUTUAL_FLAG) { krb5_data outbuf; + int use_subkey = 0; _gsskrb5i_is_cfx(ctx, &is_cfx); - if (is_cfx != 0 - || (ap_options & AP_OPTS_USE_SUBKEY)) { - kret = krb5_auth_con_addflags(context, - ctx->auth_context, - KRB5_AUTH_CONTEXT_USE_SUBKEY, - NULL); + if (is_cfx || (ap_options & AP_OPTS_USE_SUBKEY)) { + use_subkey = 1; + } else { + krb5_keyblock *rkey; + + /* + * If there is a initiator subkey, copy that to acceptor + * subkey to match Windows behavior + */ + kret = krb5_auth_con_getremotesubkey(context, + ctx->auth_context, + &rkey); + if (kret == 0) { + kret = krb5_auth_con_setlocalsubkey(context, + ctx->auth_context, + rkey); + if (kret == 0) + use_subkey = 1; + krb5_free_keyblock(context, rkey); + } + } + if (use_subkey) { ctx->more_flags |= ACCEPTOR_SUBKEY; + krb5_auth_con_addflags(context, ctx->auth_context, + KRB5_AUTH_CONTEXT_USE_SUBKEY, + NULL); } kret = krb5_mk_rep(context, diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c index 051446c19b..a7caf1a32e 100644 --- a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: acquire_cred.c 22596 2008-02-18 18:05:55Z lha $"); +RCSID("$Id$"); OM_uint32 __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, @@ -134,11 +134,16 @@ static OM_uint32 acquire_initiator_cred * errors while searching. */ - if (handle->principal) + if (handle->principal) { kret = krb5_cc_cache_match (context, handle->principal, NULL, &ccache); + if (kret == 0) { + ret = GSS_S_COMPLETE; + goto found; + } + } if (ccache == NULL) { kret = krb5_cc_default(context, &ccache); @@ -211,7 +216,7 @@ static OM_uint32 acquire_initiator_cred } kret = 0; } - + found: handle->ccache = ccache; ret = GSS_S_COMPLETE; @@ -242,7 +247,6 @@ static OM_uint32 acquire_acceptor_cred OM_uint32 ret; krb5_error_code kret; - kret = 0; ret = GSS_S_FAILURE; kret = get_keytab(context, &handle->keytab); if (kret) @@ -336,13 +340,13 @@ OM_uint32 _gsskrb5_acquire_cred HEIMDAL_MUTEX_init(&handle->cred_id_mutex); if (desired_name != GSS_C_NO_NAME) { - krb5_principal name = (krb5_principal)desired_name; - ret = krb5_copy_principal(context, name, &handle->principal); + + ret = _gsskrb5_canon_name(minor_status, context, 0, desired_name, + &handle->principal); if (ret) { HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); - *minor_status = ret; free(handle); - return GSS_S_FAILURE; + return ret; } } if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) { diff --git a/source4/heimdal/lib/gssapi/krb5/add_cred.c b/source4/heimdal/lib/gssapi/krb5/add_cred.c index 9a1045a889..5cd17eb35d 100644 --- a/source4/heimdal/lib/gssapi/krb5/add_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/add_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: add_cred.c 20688 2007-05-17 18:44:31Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_add_cred ( OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/arcfour.c b/source4/heimdal/lib/gssapi/krb5/arcfour.c index 032da36ebc..2f39a4e400 100644 --- a/source4/heimdal/lib/gssapi/krb5/arcfour.c +++ b/source4/heimdal/lib/gssapi/krb5/arcfour.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: arcfour.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); /* * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt diff --git a/source4/heimdal/lib/gssapi/krb5/canonicalize_name.c b/source4/heimdal/lib/gssapi/krb5/canonicalize_name.c index c1744abd3b..f2143560d0 100644 --- a/source4/heimdal/lib/gssapi/krb5/canonicalize_name.c +++ b/source4/heimdal/lib/gssapi/krb5/canonicalize_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: canonicalize_name.c 18334 2006-10-07 22:16:04Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_canonicalize_name ( OM_uint32 * minor_status, @@ -42,5 +42,19 @@ OM_uint32 _gsskrb5_canonicalize_name ( gss_name_t * output_name ) { - return _gsskrb5_duplicate_name (minor_status, input_name, output_name); + krb5_context context; + krb5_principal name; + OM_uint32 ret; + + *output_name = NULL; + + GSSAPI_KRB5_INIT (&context); + + ret = _gsskrb5_canon_name(minor_status, context, 1, input_name, &name); + if (ret) + return ret; + + *output_name = (gss_name_t)name; + + return GSS_S_COMPLETE; } diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.c b/source4/heimdal/lib/gssapi/krb5/cfx.c index bc0d736e81..188344fb26 100755 --- a/source4/heimdal/lib/gssapi/krb5/cfx.c +++ b/source4/heimdal/lib/gssapi/krb5/cfx.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: cfx.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); /* * Implementation of draft-ietf-krb-wg-gssapi-cfx-06.txt diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.h b/source4/heimdal/lib/gssapi/krb5/cfx.h old mode 100755 new mode 100644 index 672704a841..c30ed07840 --- a/source4/heimdal/lib/gssapi/krb5/cfx.h +++ b/source4/heimdal/lib/gssapi/krb5/cfx.h @@ -30,7 +30,7 @@ * SUCH DAMAGE. */ -/* $Id: cfx.h 19031 2006-11-13 18:02:57Z lha $ */ +/* $Id$ */ #ifndef GSSAPI_CFX_H_ #define GSSAPI_CFX_H_ 1 diff --git a/source4/heimdal/lib/gssapi/krb5/compare_name.c b/source4/heimdal/lib/gssapi/krb5/compare_name.c index 3f3b59d116..a5406a7f2a 100644 --- a/source4/heimdal/lib/gssapi/krb5/compare_name.c +++ b/source4/heimdal/lib/gssapi/krb5/compare_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: compare_name.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_compare_name (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/compat.c b/source4/heimdal/lib/gssapi/krb5/compat.c index a0f075621a..0caada04f6 100644 --- a/source4/heimdal/lib/gssapi/krb5/compat.c +++ b/source4/heimdal/lib/gssapi/krb5/compat.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: compat.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); static krb5_error_code diff --git a/source4/heimdal/lib/gssapi/krb5/context_time.c b/source4/heimdal/lib/gssapi/krb5/context_time.c index b57ac7854e..7f70be733e 100644 --- a/source4/heimdal/lib/gssapi/krb5/context_time.c +++ b/source4/heimdal/lib/gssapi/krb5/context_time.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: context_time.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_lifetime_left(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c index 66d797c199..fd348e841b 100644 --- a/source4/heimdal/lib/gssapi/krb5/copy_ccache.c +++ b/source4/heimdal/lib/gssapi/krb5/copy_ccache.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: copy_ccache.c 20688 2007-05-17 18:44:31Z lha $"); +RCSID("$Id$"); #if 0 OM_uint32 diff --git a/source4/heimdal/lib/gssapi/krb5/decapsulate.c b/source4/heimdal/lib/gssapi/krb5/decapsulate.c index 39176faff4..419e61a436 100644 --- a/source4/heimdal/lib/gssapi/krb5/decapsulate.c +++ b/source4/heimdal/lib/gssapi/krb5/decapsulate.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: decapsulate.c 18334 2006-10-07 22:16:04Z lha $"); +RCSID("$Id$"); /* * return the length of the mechanism in token or -1 diff --git a/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c b/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c index 9c618ac6a6..ec680d7378 100644 --- a/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/delete_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: delete_sec_context.c 23420 2008-07-26 18:37:48Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_delete_sec_context(OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/display_name.c b/source4/heimdal/lib/gssapi/krb5/display_name.c index 727c447d2a..a902ff7ea5 100644 --- a/source4/heimdal/lib/gssapi/krb5/display_name.c +++ b/source4/heimdal/lib/gssapi/krb5/display_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: display_name.c 21077 2007-06-12 22:42:56Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_display_name (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/display_status.c b/source4/heimdal/lib/gssapi/krb5/display_status.c index f932261ffa..52a651c506 100644 --- a/source4/heimdal/lib/gssapi/krb5/display_status.c +++ b/source4/heimdal/lib/gssapi/krb5/display_status.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: display_status.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); static const char * calling_error(OM_uint32 v) @@ -122,7 +122,7 @@ _gsskrb5_clear_status (void) } void -_gsskrb5_set_status (const char *fmt, ...) +_gsskrb5_set_status (int ret, const char *fmt, ...) { krb5_context context; va_list args; @@ -135,7 +135,7 @@ _gsskrb5_set_status (const char *fmt, ...) vasprintf(&str, fmt, args); va_end(args); if (str) { - krb5_set_error_message(context, 0, str); + krb5_set_error_message(context, ret, str); free(str); } } @@ -171,14 +171,13 @@ OM_uint32 _gsskrb5_display_status calling_error(GSS_CALLING_ERROR(status_value)), routine_error(GSS_ROUTINE_ERROR(status_value))); } else if (status_type == GSS_C_MECH_CODE) { - buf = krb5_get_error_string(context); - if (buf == NULL) { - const char *tmp = krb5_get_err_text (context, status_value); - if (tmp == NULL) - asprintf(&buf, "unknown mech error-code %u", - (unsigned)status_value); - else - buf = strdup(tmp); + const char *buf2 = krb5_get_error_message(context, status_value); + if (buf2) { + buf = strdup(buf2); + krb5_free_error_message(context, buf2); + } else { + asprintf(&buf, "unknown mech error-code %u", + (unsigned)status_value); } } else { *minor_status = EINVAL; diff --git a/source4/heimdal/lib/gssapi/krb5/duplicate_name.c b/source4/heimdal/lib/gssapi/krb5/duplicate_name.c index 7337f1ab72..eeb777ed5f 100644 --- a/source4/heimdal/lib/gssapi/krb5/duplicate_name.c +++ b/source4/heimdal/lib/gssapi/krb5/duplicate_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: duplicate_name.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_duplicate_name ( OM_uint32 * minor_status, @@ -41,18 +41,19 @@ OM_uint32 _gsskrb5_duplicate_name ( gss_name_t * dest_name ) { - krb5_context context; krb5_const_principal src = (krb5_const_principal)src_name; - krb5_principal *dest = (krb5_principal *)dest_name; + krb5_context context; + krb5_principal dest; krb5_error_code kret; GSSAPI_KRB5_INIT (&context); - kret = krb5_copy_principal (context, src, dest); + kret = krb5_copy_principal (context, src, &dest); if (kret) { *minor_status = kret; return GSS_S_FAILURE; } else { + *dest_name = (gss_name_t)dest; *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/source4/heimdal/lib/gssapi/krb5/encapsulate.c b/source4/heimdal/lib/gssapi/krb5/encapsulate.c index 58dcb5c9c4..3f42899a40 100644 --- a/source4/heimdal/lib/gssapi/krb5/encapsulate.c +++ b/source4/heimdal/lib/gssapi/krb5/encapsulate.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: encapsulate.c 18459 2006-10-14 10:12:16Z lha $"); +RCSID("$Id$"); void _gssapi_encap_length (size_t data_len, diff --git a/source4/heimdal/lib/gssapi/krb5/export_name.c b/source4/heimdal/lib/gssapi/krb5/export_name.c index efa45a2638..92ee101b0d 100644 --- a/source4/heimdal/lib/gssapi/krb5/export_name.c +++ b/source4/heimdal/lib/gssapi/krb5/export_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: export_name.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_export_name (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/export_sec_context.c b/source4/heimdal/lib/gssapi/krb5/export_sec_context.c index 00218617a0..2bc50a04ee 100644 --- a/source4/heimdal/lib/gssapi/krb5/export_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/export_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: export_sec_context.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_export_sec_context ( diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c index 2ee018708a..87e4aa01df 100644 --- a/source4/heimdal/lib/gssapi/krb5/external.c +++ b/source4/heimdal/lib/gssapi/krb5/external.c @@ -34,7 +34,7 @@ #include "krb5/gsskrb5_locl.h" #include -RCSID("$Id: external.c 23420 2008-07-26 18:37:48Z lha $"); +RCSID("$Id$"); /* * The implementation must reserve static storage for a diff --git a/source4/heimdal/lib/gssapi/krb5/get_mic.c b/source4/heimdal/lib/gssapi/krb5/get_mic.c index f689e624a8..98a3f7e225 100644 --- a/source4/heimdal/lib/gssapi/krb5/get_mic.c +++ b/source4/heimdal/lib/gssapi/krb5/get_mic.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: get_mic.c 23112 2008-04-27 18:51:26Z lha $"); +RCSID("$Id$"); static OM_uint32 mic_des diff --git a/source4/heimdal/lib/gssapi/krb5/gkrb5_err.et b/source4/heimdal/lib/gssapi/krb5/gkrb5_err.et index dbfdbdf2f1..3c23412a6a 100644 --- a/source4/heimdal/lib/gssapi/krb5/gkrb5_err.et +++ b/source4/heimdal/lib/gssapi/krb5/gkrb5_err.et @@ -2,7 +2,7 @@ # extended gss krb5 error messages # -id "$Id: gkrb5_err.et 20049 2007-01-24 00:14:24Z lha $" +id "$Id$" error_table gk5 diff --git a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h index d9af44f960..dc7adec68f 100644 --- a/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h +++ b/source4/heimdal/lib/gssapi/krb5/gsskrb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gsskrb5_locl.h 23435 2008-07-26 20:49:35Z lha $ */ +/* $Id$ */ #ifndef GSSKRB5_LOCL_H #define GSSKRB5_LOCL_H @@ -137,4 +137,7 @@ struct gssapi_thr_context { #define SC_LOCAL_SUBKEY 0x08 #define SC_REMOTE_SUBKEY 0x10 +/* type to signal that that dns canon maybe should be done */ +#define MAGIC_HOSTBASED_NAME_TYPE 4711 + #endif diff --git a/source4/heimdal/lib/gssapi/krb5/import_name.c b/source4/heimdal/lib/gssapi/krb5/import_name.c index bf31db9232..9589979ee8 100644 --- a/source4/heimdal/lib/gssapi/krb5/import_name.c +++ b/source4/heimdal/lib/gssapi/krb5/import_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: import_name.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); static OM_uint32 parse_krb5_name (OM_uint32 *minor_status, @@ -83,18 +83,56 @@ import_krb5_name (OM_uint32 *minor_status, return ret; } +OM_uint32 +_gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context, + int use_dns, gss_name_t name, krb5_principal *out) +{ + krb5_principal p = (krb5_principal)name; + krb5_error_code ret; + char *hostname = NULL, *service; + + *minor_status = 0; + + /* If its not a hostname */ + if (krb5_principal_get_type(context, p) != MAGIC_HOSTBASED_NAME_TYPE) { + ret = krb5_copy_principal(context, p, out); + } else if (!use_dns) { + ret = krb5_copy_principal(context, p, out); + if (ret == 0) + krb5_principal_set_type(context, *out, KRB5_NT_SRV_HST); + } else { + if (p->name.name_string.len == 0) + return GSS_S_BAD_NAME; + else if (p->name.name_string.len > 1) + hostname = p->name.name_string.val[1]; + + service = p->name.name_string.val[0]; + + ret = krb5_sname_to_principal(context, + hostname, + service, + KRB5_NT_SRV_HST, + out); + } + + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + return 0; +} + + static OM_uint32 import_hostbased_name (OM_uint32 *minor_status, krb5_context context, const gss_buffer_t input_name_buffer, gss_name_t *output_name) { - krb5_error_code kerr; - char *tmp; - char *p; - char *host; - char local_hostname[MAXHOSTNAMELEN]; krb5_principal princ = NULL; + krb5_error_code kerr; + char *tmp, *p, *host = NULL; tmp = malloc (input_name_buffer->length + 1); if (tmp == NULL) { @@ -110,31 +148,20 @@ import_hostbased_name (OM_uint32 *minor_status, if (p != NULL) { *p = '\0'; host = p + 1; - } else { - if (gethostname(local_hostname, sizeof(local_hostname)) < 0) { - *minor_status = errno; - free (tmp); - return GSS_S_FAILURE; - } - host = local_hostname; } - kerr = krb5_sname_to_principal (context, - host, - tmp, - KRB5_NT_SRV_HST, - &princ); + kerr = krb5_make_principal(context, &princ, NULL, tmp, host, NULL); free (tmp); *minor_status = kerr; - if (kerr == 0) { - *output_name = (gss_name_t)princ; - return GSS_S_COMPLETE; - } - if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) return GSS_S_BAD_NAME; + else if (kerr) + return GSS_S_FAILURE; - return GSS_S_FAILURE; + krb5_principal_set_type(context, princ, MAGIC_HOSTBASED_NAME_TYPE); + *output_name = (gss_name_t)princ; + + return 0; } static OM_uint32 diff --git a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c index 5fd8c94104..1b709657f4 100644 --- a/source4/heimdal/lib/gssapi/krb5/import_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/import_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: import_sec_context.c 22997 2008-04-15 19:36:25Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_import_sec_context ( diff --git a/source4/heimdal/lib/gssapi/krb5/indicate_mechs.c b/source4/heimdal/lib/gssapi/krb5/indicate_mechs.c index eb886c24d3..b0219fc7ce 100644 --- a/source4/heimdal/lib/gssapi/krb5/indicate_mechs.c +++ b/source4/heimdal/lib/gssapi/krb5/indicate_mechs.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: indicate_mechs.c 20688 2007-05-17 18:44:31Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_indicate_mechs (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/init.c b/source4/heimdal/lib/gssapi/krb5/init.c index 3bbdcc8ff1..ea32fce061 100644 --- a/source4/heimdal/lib/gssapi/krb5/init.c +++ b/source4/heimdal/lib/gssapi/krb5/init.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: init.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); static HEIMDAL_MUTEX context_mutex = HEIMDAL_MUTEX_INITIALIZER; static int created_key; diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c index c9b9e15588..3d5e3b71c5 100644 --- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: init_sec_context.c 23422 2008-07-26 18:38:29Z lha $"); +RCSID("$Id$"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -271,6 +271,7 @@ do_delegation (krb5_context context, krb5_creds *cred, krb5_const_principal name, krb5_data *fwd_data, + uint32_t flagmask, uint32_t *flags) { krb5_creds creds; @@ -314,9 +315,9 @@ do_delegation (krb5_context context, out: if (kret) - *flags &= ~GSS_C_DELEG_FLAG; + *flags &= ~flagmask; else - *flags |= GSS_C_DELEG_FLAG; + *flags |= flagmask; if (creds.client) krb5_free_principal(context, creds.client); @@ -334,7 +335,7 @@ init_auth gsskrb5_cred cred, gsskrb5_ctx ctx, krb5_context context, - krb5_const_principal name, + gss_name_t name, const gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, @@ -350,6 +351,7 @@ init_auth krb5_data outbuf; krb5_data fwd_data; OM_uint32 lifetime_rec; + int use_dns = 1; krb5_data_zero(&outbuf); krb5_data_zero(&fwd_data); @@ -377,13 +379,21 @@ init_auth goto failure; } - kret = krb5_copy_principal (context, name, &ctx->target); - if (kret) { - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; + /* canon name if needed for client + target realm */ + kret = krb5_cc_get_config(context, ctx->ccache, NULL, + "realm-config", &outbuf); + if (kret == 0) { + /* XXX 2 is no server canon */ + if (outbuf.length < 1 || ((((unsigned char *)outbuf.data)[0]) & 2)) + use_dns = 0; + krb5_data_free(&outbuf); } + ret = _gsskrb5_canon_name(minor_status, context, use_dns, + name, &ctx->target); + if (ret) + goto failure; + ret = _gss_DES3_get_mic_compat(minor_status, ctx, context); if (ret) goto failure; @@ -479,6 +489,7 @@ init_auth_restart krb5_enctype enctype; krb5_data fwd_data, timedata; int32_t offset = 0, oldoffset; + uint32_t flagmask; krb5_data_zero(&outbuf); krb5_data_zero(&fwd_data); @@ -486,41 +497,41 @@ init_auth_restart *minor_status = 0; /* - * If the credential doesn't have ok-as-delegate, check what local - * policy say about ok-as-delegate, default is FALSE that makes - * code ignore the KDC setting and follow what the application - * requested. If it is TRUE, strip of the GSS_C_DELEG_FLAG if the - * KDC doesn't set ok-as-delegate. + * If the credential doesn't have ok-as-delegate, check if there + * is a realm setting and use that. */ if (!ctx->kcred->flags.b.ok_as_delegate) { - krb5_boolean delegate, realm_setting; krb5_data data; - - realm_setting = FALSE; - + ret = krb5_cc_get_config(context, ctx->ccache, NULL, "realm-config", &data); if (ret == 0) { /* XXX 1 is use ok-as-delegate */ - if (data.length > 0 && (((unsigned char *)data.data)[0]) & 1) - realm_setting = TRUE; + if (data.length < 1 || ((((unsigned char *)data.data)[0]) & 1) == 0) + req_flags &= ~(GSS_C_DELEG_FLAG|GSS_C_DELEG_POLICY_FLAG); krb5_data_free(&data); } - - krb5_appdefault_boolean(context, "gssapi", ctx->target->realm, - "ok-as-delegate", realm_setting, - &delegate); - if (delegate) - req_flags &= ~GSS_C_DELEG_FLAG; } + flagmask = 0; + + /* if we used GSS_C_DELEG_POLICY_FLAG, trust KDC */ + if ((req_flags & GSS_C_DELEG_POLICY_FLAG) + && ctx->kcred->flags.b.ok_as_delegate) + flagmask |= GSS_C_DELEG_FLAG | GSS_C_DELEG_POLICY_FLAG; + /* if there still is a GSS_C_DELEG_FLAG, use that */ + if (req_flags & GSS_C_DELEG_FLAG) + flagmask |= GSS_C_DELEG_FLAG; + + flags = 0; ap_options = 0; - if (req_flags & GSS_C_DELEG_FLAG) + if (flagmask & GSS_C_DELEG_FLAG) { do_delegation (context, ctx->auth_context, ctx->ccache, ctx->kcred, ctx->target, - &fwd_data, &flags); + &fwd_data, flagmask, &flags); + } if (req_flags & GSS_C_MUTUAL_FLAG) { flags |= GSS_C_MUTUAL_FLAG; @@ -817,7 +828,6 @@ OM_uint32 _gsskrb5_init_sec_context { krb5_context context; gsskrb5_cred cred = (gsskrb5_cred)cred_handle; - krb5_const_principal name = (krb5_const_principal)target_name; gsskrb5_ctx ctx; OM_uint32 ret; @@ -880,7 +890,7 @@ OM_uint32 _gsskrb5_init_sec_context cred, ctx, context, - name, + target_name, mech_type, req_flags, time_req, @@ -926,11 +936,16 @@ OM_uint32 _gsskrb5_init_sec_context * If we get there, the caller have called * gss_init_sec_context() one time too many. */ - *minor_status = 0; + _gsskrb5_set_status(EINVAL, "init_sec_context " + "called one time too many"); + *minor_status = EINVAL; ret = GSS_S_BAD_STATUS; break; default: - *minor_status = 0; + _gsskrb5_set_status(EINVAL, "init_sec_context " + "invalid state %d for client", + (int)ctx->state); + *minor_status = EINVAL; ret = GSS_S_BAD_STATUS; break; } diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_context.c b/source4/heimdal/lib/gssapi/krb5/inquire_context.c index 41430568b0..f2e01b464a 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_context.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_context.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_context.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_inquire_context ( OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_cred.c b/source4/heimdal/lib/gssapi/krb5/inquire_cred.c index 47bf71e686..42488c718c 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_cred.c 20688 2007-05-17 18:44:31Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_inquire_cred (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c index a8af2145be..de7ec6cd75 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_cred_by_mech.c 20634 2007-05-09 15:33:01Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_inquire_cred_by_mech ( OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c index da50b11d93..2bcc17683b 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_cred_by_oid.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_inquire_cred_by_oid (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c b/source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c index 0ce051f19c..2384c29656 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_mechs_for_name.c 20688 2007-05-17 18:44:31Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_inquire_mechs_for_name ( OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c b/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c index 64abd3c34a..c07eb60108 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_names_for_mech.c 20688 2007-05-17 18:44:31Z lha $"); +RCSID("$Id$"); static gss_OID *name_list[] = { diff --git a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c index 5ca7536e6a..24b640f4b5 100644 --- a/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c +++ b/source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: inquire_sec_context_by_oid.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); static int oid_prefix_equal(gss_OID oid_enc, gss_OID prefix_enc, unsigned *suffix) @@ -84,7 +84,7 @@ static OM_uint32 inquire_sec_context_tkt_flags if (context_handle->ticket == NULL) { HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - _gsskrb5_set_status("No ticket from which to obtain flags"); + _gsskrb5_set_status(EINVAL, "No ticket from which to obtain flags"); *minor_status = EINVAL; return GSS_S_BAD_MECH; } @@ -137,7 +137,7 @@ static OM_uint32 inquire_sec_context_get_subkey ret = _gsskrb5i_get_token_key(context_handle, context, &key); break; default: - _gsskrb5_set_status("%d is not a valid subkey type", keytype); + _gsskrb5_set_status(EINVAL, "%d is not a valid subkey type", keytype); ret = EINVAL; break; } @@ -145,7 +145,7 @@ static OM_uint32 inquire_sec_context_get_subkey if (ret) goto out; if (key == NULL) { - _gsskrb5_set_status("have no subkey of type %d", keytype); + _gsskrb5_set_status(EINVAL, "have no subkey of type %d", keytype); ret = EINVAL; goto out; } @@ -199,7 +199,7 @@ static OM_uint32 inquire_sec_context_authz_data if (context_handle->ticket == NULL) { HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); *minor_status = EINVAL; - _gsskrb5_set_status("No ticket to obtain authz data from"); + _gsskrb5_set_status(EINVAL, "No ticket to obtain authz data from"); return GSS_S_NO_CONTEXT; } @@ -301,12 +301,16 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status, context_handle->auth_context, &number); ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */ + if (ret) goto out; ret = krb5_store_uint32(sp, (uint32_t)number); + if (ret) goto out; krb5_auth_getremoteseqnumber (context, context_handle->auth_context, &number); ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */ + if (ret) goto out; ret = krb5_store_uint32(sp, (uint32_t)number); + if (ret) goto out; ret = krb5_store_int32(sp, (is_cfx) ? 1 : 0); if (ret) goto out; @@ -401,7 +405,7 @@ get_authtime(OM_uint32 *minor_status, HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); if (ctx->ticket == NULL) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - _gsskrb5_set_status("No ticket to obtain auth time from"); + _gsskrb5_set_status(EINVAL, "No ticket to obtain auth time from"); *minor_status = EINVAL; return GSS_S_FAILURE; } @@ -441,7 +445,7 @@ get_service_keyblock HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); if (ctx->service_keyblock == NULL) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - _gsskrb5_set_status("No service keyblock on gssapi context"); + _gsskrb5_set_status(EINVAL, "No service keyblock on gssapi context"); *minor_status = EINVAL; return GSS_S_FAILURE; } diff --git a/source4/heimdal/lib/gssapi/krb5/prf.c b/source4/heimdal/lib/gssapi/krb5/prf.c index f79c9374a9..a7372d87cc 100644 --- a/source4/heimdal/lib/gssapi/krb5/prf.c +++ b/source4/heimdal/lib/gssapi/krb5/prf.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: prf.c 21129 2007-06-18 20:28:44Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_pseudo_random(OM_uint32 *minor_status, @@ -72,14 +72,14 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, _gsskrb5i_get_initiator_subkey(ctx, context, &key); break; default: - _gsskrb5_set_status("unknown kerberos prf_key"); - *minor_status = 0; + _gsskrb5_set_status(EINVAL, "unknown kerberos prf_key"); + *minor_status = EINVAL; return GSS_S_FAILURE; } if (key == NULL) { - _gsskrb5_set_status("no prf_key found"); - *minor_status = 0; + _gsskrb5_set_status(EINVAL, "no prf_key found"); + *minor_status = EINVAL; return GSS_S_FAILURE; } @@ -92,7 +92,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, prf_out->value = malloc(desired_output_len); if (prf_out->value == NULL) { - _gsskrb5_set_status("Out of memory"); + _gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory"); *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG; krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; @@ -105,7 +105,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, input.data = malloc(prf_in->length + 4); if (input.data == NULL) { OM_uint32 junk; - _gsskrb5_set_status("Out of memory"); + _gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory"); *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG; gss_release_buffer(&junk, prf_out); krb5_crypto_destroy(context, crypto); diff --git a/source4/heimdal/lib/gssapi/krb5/process_context_token.c b/source4/heimdal/lib/gssapi/krb5/process_context_token.c index 15638f57fc..80d96f5ce4 100644 --- a/source4/heimdal/lib/gssapi/krb5/process_context_token.c +++ b/source4/heimdal/lib/gssapi/krb5/process_context_token.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: process_context_token.c 19031 2006-11-13 18:02:57Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_process_context_token ( OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/release_buffer.c b/source4/heimdal/lib/gssapi/krb5/release_buffer.c index 5dff62631a..e2f1f4ec14 100644 --- a/source4/heimdal/lib/gssapi/krb5/release_buffer.c +++ b/source4/heimdal/lib/gssapi/krb5/release_buffer.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: release_buffer.c 18334 2006-10-07 22:16:04Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_release_buffer (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/release_cred.c b/source4/heimdal/lib/gssapi/krb5/release_cred.c index ab5695b097..1becd1c6b1 100644 --- a/source4/heimdal/lib/gssapi/krb5/release_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/release_cred.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: release_cred.c 20753 2007-05-31 22:50:06Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_release_cred (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/release_name.c b/source4/heimdal/lib/gssapi/krb5/release_name.c index 80b91930fd..e2ff9dde31 100644 --- a/source4/heimdal/lib/gssapi/krb5/release_name.c +++ b/source4/heimdal/lib/gssapi/krb5/release_name.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: release_name.c 21128 2007-06-18 20:26:50Z lha $"); +RCSID("$Id$"); OM_uint32 _gsskrb5_release_name (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/sequence.c b/source4/heimdal/lib/gssapi/krb5/sequence.c old mode 100755 new mode 100644 index 677a3c8d07..b40fe52578 --- a/source4/heimdal/lib/gssapi/krb5/sequence.c +++ b/source4/heimdal/lib/gssapi/krb5/sequence.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: sequence.c 18334 2006-10-07 22:16:04Z lha $"); +RCSID("$Id$"); #define DEFAULT_JITTER_WINDOW 20 @@ -255,16 +255,16 @@ _gssapi_msg_order_import(OM_uint32 *minor_status, kret = krb5_ret_int32(sp, &flags); if (kret) goto failed; - ret = krb5_ret_int32(sp, &start); + kret = krb5_ret_int32(sp, &start); if (kret) goto failed; - ret = krb5_ret_int32(sp, &length); + kret = krb5_ret_int32(sp, &length); if (kret) goto failed; - ret = krb5_ret_int32(sp, &jitter_window); + kret = krb5_ret_int32(sp, &jitter_window); if (kret) goto failed; - ret = krb5_ret_int32(sp, &first_seq); + kret = krb5_ret_int32(sp, &first_seq); if (kret) goto failed; diff --git a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c index 8c554fb8e0..e47e6fdb6c 100644 --- a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c +++ b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c @@ -32,7 +32,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: set_cred_option.c 23331 2008-06-27 12:01:48Z lha $"); +RCSID("$Id$"); /* 1.2.752.43.13.17 */ static gss_OID_desc gss_krb5_cred_no_ci_flags_x_oid_desc = diff --git a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c index fd76838af5..f28d2397be 100644 --- a/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c +++ b/source4/heimdal/lib/gssapi/krb5/set_sec_context_option.c @@ -36,7 +36,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: set_sec_context_option.c 23420 2008-07-26 18:37:48Z lha $"); +RCSID("$Id$"); static OM_uint32 get_bool(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/krb5/unwrap.c b/source4/heimdal/lib/gssapi/krb5/unwrap.c index eec4078a70..727bbf7403 100644 --- a/source4/heimdal/lib/gssapi/krb5/unwrap.c +++ b/source4/heimdal/lib/gssapi/krb5/unwrap.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: unwrap.c 23112 2008-04-27 18:51:26Z lha $"); +RCSID("$Id$"); static OM_uint32 unwrap_des @@ -59,10 +59,17 @@ unwrap_des OM_uint32 ret; int cstate; int cmp; + int token_len; + + if (IS_DCE_STYLE(context_handle)) { + token_len = 22 + 8 + 15; /* 45 */ + } else { + token_len = input_message_buffer->length; + } p = input_message_buffer->value; ret = _gsskrb5_verify_header (&p, - input_message_buffer->length, + token_len, "\x02\x01", GSS_KRB5_MECHANISM); if (ret) @@ -105,12 +112,17 @@ unwrap_des memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); } - /* check pad */ - ret = _gssapi_verify_pad(input_message_buffer, - input_message_buffer->length - len, - &padlength); - if (ret) - return ret; + + if (IS_DCE_STYLE(context_handle)) { + padlength = 0; + } else { + /* check pad */ + ret = _gssapi_verify_pad(input_message_buffer, + input_message_buffer->length - len, + &padlength); + if (ret) + return ret; + } MD5_Init (&md5); MD5_Update (&md5, p - 24, 8); @@ -195,10 +207,17 @@ unwrap_des3 krb5_crypto crypto; Checksum csum; int cmp; + int token_len; + + if (IS_DCE_STYLE(context_handle)) { + token_len = 34 + 8 + 15; /* 57 */ + } else { + token_len = input_message_buffer->length; + } p = input_message_buffer->value; ret = _gsskrb5_verify_header (&p, - input_message_buffer->length, + token_len, "\x02\x01", GSS_KRB5_MECHANISM); if (ret) @@ -245,12 +264,17 @@ unwrap_des3 memcpy (p, tmp.data, tmp.length); krb5_data_free(&tmp); } - /* check pad */ - ret = _gssapi_verify_pad(input_message_buffer, - input_message_buffer->length - len, - &padlength); - if (ret) - return ret; + + if (IS_DCE_STYLE(context_handle)) { + padlength = 0; + } else { + /* check pad */ + ret = _gssapi_verify_pad(input_message_buffer, + input_message_buffer->length - len, + &padlength); + if (ret) + return ret; + } /* verify sequence number */ diff --git a/source4/heimdal/lib/gssapi/krb5/verify_mic.c b/source4/heimdal/lib/gssapi/krb5/verify_mic.c index 560c14bc89..df71f8f7d1 100644 --- a/source4/heimdal/lib/gssapi/krb5/verify_mic.c +++ b/source4/heimdal/lib/gssapi/krb5/verify_mic.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: verify_mic.c 23112 2008-04-27 18:51:26Z lha $"); +RCSID("$Id$"); static OM_uint32 verify_mic_des diff --git a/source4/heimdal/lib/gssapi/krb5/wrap.c b/source4/heimdal/lib/gssapi/krb5/wrap.c index 6d00f2adcf..ecd4f7cd54 100644 --- a/source4/heimdal/lib/gssapi/krb5/wrap.c +++ b/source4/heimdal/lib/gssapi/krb5/wrap.c @@ -33,7 +33,7 @@ #include "krb5/gsskrb5_locl.h" -RCSID("$Id: wrap.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* * Return initiator subkey, or if that doesn't exists, the subkey. @@ -210,10 +210,19 @@ wrap_des int32_t seq_number; size_t len, total_len, padlength, datalen; - padlength = 8 - (input_message_buffer->length % 8); - datalen = input_message_buffer->length + padlength + 8; - len = datalen + 22; - _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + if (IS_DCE_STYLE(ctx)) { + padlength = 0; + datalen = input_message_buffer->length; + len = 22 + 8; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + total_len += datalen; + datalen += 8; + } else { + padlength = 8 - (input_message_buffer->length % 8); + datalen = input_message_buffer->length + padlength + 8; + len = datalen + 22; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + } output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); @@ -336,10 +345,19 @@ wrap_des3 Checksum cksum; krb5_data encdata; - padlength = 8 - (input_message_buffer->length % 8); - datalen = input_message_buffer->length + padlength + 8; - len = datalen + 34; - _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + if (IS_DCE_STYLE(ctx)) { + padlength = 0; + datalen = input_message_buffer->length; + len = 34 + 8; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + total_len += datalen; + datalen += 8; + } else { + padlength = 8 - (input_message_buffer->length % 8); + datalen = input_message_buffer->length + padlength + 8; + len = datalen + 34; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + } output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); diff --git a/source4/heimdal/lib/gssapi/mech/context.c b/source4/heimdal/lib/gssapi/mech/context.c index 926630c42d..bfb303ac8e 100644 --- a/source4/heimdal/lib/gssapi/mech/context.c +++ b/source4/heimdal/lib/gssapi/mech/context.c @@ -1,7 +1,7 @@ #include "mech/mech_locl.h" #include "heim_threads.h" -RCSID("$Id: context.c 22600 2008-02-21 12:46:24Z lha $"); +RCSID("$Id$"); struct mg_thread_ctx { gss_OID mech; @@ -74,8 +74,14 @@ _gss_mg_get_error(const gss_OID mech, OM_uint32 type, if (mg == NULL) return GSS_S_BAD_STATUS; +#if 0 + /* + * We cant check the mech here since a pseudo-mech might have + * called an lower layer and then the mech info is all broken + */ if (mech != NULL && gss_oid_equal(mg->mech, mech) == 0) return GSS_S_BAD_STATUS; +#endif switch (type) { case GSS_C_GSS_CODE: { diff --git a/source4/heimdal/lib/gssapi/mech/context.h b/source4/heimdal/lib/gssapi/mech/context.h index 24e529864d..f2a7009cda 100644 --- a/source4/heimdal/lib/gssapi/mech/context.h +++ b/source4/heimdal/lib/gssapi/mech/context.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/context.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: context.h 19925 2007-01-16 10:19:27Z lha $ + * $Id$ */ #include diff --git a/source4/heimdal/lib/gssapi/mech/cred.h b/source4/heimdal/lib/gssapi/mech/cred.h index 7f77b8a68e..01bd882dda 100644 --- a/source4/heimdal/lib/gssapi/mech/cred.h +++ b/source4/heimdal/lib/gssapi/mech/cred.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/cred.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: cred.h 20626 2007-05-08 13:56:49Z lha $ + * $Id$ */ struct _gss_mechanism_cred { diff --git a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c index a6b1ded5ca..5fa102193e 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_accept_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_accept_sec_context.c 22071 2007-11-14 20:04:50Z lha $"); +RCSID("$Id$"); static OM_uint32 parse_header(const gss_buffer_t input_token, gss_OID mech_oid) @@ -151,14 +151,13 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle) { - OM_uint32 major_status, mech_ret_flags; + OM_uint32 major_status, mech_ret_flags, junk; gssapi_mech_interface m; struct _gss_context *ctx = (struct _gss_context *) *context_handle; struct _gss_cred *cred = (struct _gss_cred *) acceptor_cred_handle; struct _gss_mechanism_cred *mc; gss_cred_id_t acceptor_mc, delegated_mc; gss_name_t src_mn; - int allocated_ctx; *minor_status = 0; if (src_name) @@ -200,18 +199,19 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, free(ctx); return (GSS_S_BAD_MECH); } - allocated_ctx = 1; + *context_handle = (gss_ctx_id_t) ctx; } else { m = ctx->gc_mech; - allocated_ctx = 0; } if (cred) { SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) if (mc->gmc_mech == m) break; - if (!mc) + if (!mc) { + gss_delete_sec_context(&junk, context_handle, NULL); return (GSS_S_BAD_MECH); + } acceptor_mc = mc->gmc_cred; } else { acceptor_mc = GSS_C_NO_CREDENTIAL; @@ -234,6 +234,7 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, major_status != GSS_S_CONTINUE_NEEDED) { _gss_mg_error(m, major_status, *minor_status); + gss_delete_sec_context(&junk, context_handle, NULL); return (major_status); } @@ -245,11 +246,12 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, if (!name) { m->gm_release_name(minor_status, &src_mn); + gss_delete_sec_context(&junk, context_handle, NULL); return (GSS_S_FAILURE); } *src_name = (gss_name_t) name; } else if (src_mn) { - m->gm_release_name(minor_status, &src_mn); + m->gm_release_name(minor_status, &src_mn); } if (mech_ret_flags & GSS_C_DELEG_FLAG) { @@ -263,6 +265,7 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, dcred = malloc(sizeof(struct _gss_cred)); if (!dcred) { *minor_status = ENOMEM; + gss_delete_sec_context(&junk, context_handle, NULL); return (GSS_S_FAILURE); } SLIST_INIT(&dcred->gc_mc); @@ -270,6 +273,7 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, if (!dmc) { free(dcred); *minor_status = ENOMEM; + gss_delete_sec_context(&junk, context_handle, NULL); return (GSS_S_FAILURE); } dmc->gmc_mech = m; @@ -283,6 +287,5 @@ OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, if (ret_flags) *ret_flags = mech_ret_flags; - *context_handle = (gss_ctx_id_t) ctx; return (major_status); } diff --git a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c index a2757140ae..b21b3f62e8 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c +++ b/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_acquire_cred.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_acquire_cred(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c index 49efa20c8b..d190852884 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_add_cred.c +++ b/source4/heimdal/lib/gssapi/mech/gss_add_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_add_cred.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); static struct _gss_mechanism_cred * _gss_copy_cred(struct _gss_mechanism_cred *mc) diff --git a/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c b/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c index d89adbf63a..1214e72fa9 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c +++ b/source4/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_add_oid_set_member.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_add_oid_set_member (OM_uint32 * minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c b/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c index 091e219367..9f0bb4cce3 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c +++ b/source4/heimdal/lib/gssapi/mech/gss_buffer_set.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_buffer_set.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_create_empty_buffer_set diff --git a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c index d242c56a90..91a08fb2bc 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_canonicalize_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_canonicalize_name.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_canonicalize_name(OM_uint32 *minor_status, @@ -38,7 +38,7 @@ gss_canonicalize_name(OM_uint32 *minor_status, OM_uint32 major_status; struct _gss_name *name = (struct _gss_name *) input_name; struct _gss_mechanism_name *mn; - gssapi_mech_interface m = __gss_get_mechanism(mech_type); + gssapi_mech_interface m; gss_name_t new_canonical_name; *minor_status = 0; diff --git a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c index 1eb7625ee2..3f2d0013c5 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_compare_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_compare_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_compare_name.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_compare_name(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_context_time.c b/source4/heimdal/lib/gssapi/mech/gss_context_time.c index 8dce822a9f..df89612060 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_context_time.c +++ b/source4/heimdal/lib/gssapi/mech/gss_context_time.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_context_time.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_context_time(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c b/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c index 8dd3527349..8858f28498 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c +++ b/source4/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_create_empty_oid_set.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_create_empty_oid_set(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c b/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c index 8f93925585..6dba77e410 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c +++ b/source4/heimdal/lib/gssapi/mech/gss_decapsulate_token.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_decapsulate_token.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_decapsulate_token(gss_buffer_t input_token, diff --git a/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c index 91273bcf56..96abae6b33 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_delete_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_delete_sec_context.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_delete_sec_context(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_display_name.c b/source4/heimdal/lib/gssapi/mech/gss_display_name.c index 0d82400246..d720ffe880 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_display_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_display_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_display_name.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_display_name(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_display_status.c b/source4/heimdal/lib/gssapi/mech/gss_display_status.c index 5bbc89b1ec..7a91af2abc 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_display_status.c +++ b/source4/heimdal/lib/gssapi/mech/gss_display_status.c @@ -59,7 +59,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_display_status.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); static const char * calling_error(OM_uint32 v) diff --git a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c index f38c840b31..6912e3329f 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_duplicate_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_duplicate_name.c 21480 2007-07-10 16:32:32Z lha $"); +RCSID("$Id$"); OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, const gss_name_t src_name, diff --git a/source4/heimdal/lib/gssapi/mech/gss_duplicate_oid.c b/source4/heimdal/lib/gssapi/mech/gss_duplicate_oid.c index d111a0ed61..59bd797766 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_duplicate_oid.c +++ b/source4/heimdal/lib/gssapi/mech/gss_duplicate_oid.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_duplicate_oid.c 19954 2007-01-17 11:50:23Z lha $"); +RCSID("$Id$"); OM_uint32 gss_duplicate_oid ( OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c b/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c index 32ecbbacb2..b9d06c28fa 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c +++ b/source4/heimdal/lib/gssapi/mech/gss_encapsulate_token.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_encapsulate_token.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_encapsulate_token(gss_buffer_t input_token, diff --git a/source4/heimdal/lib/gssapi/mech/gss_export_name.c b/source4/heimdal/lib/gssapi/mech/gss_export_name.c index 22053202aa..7c1e6791da 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_export_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_export_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_export_name.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_export_name(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c index 053d203ba1..f3a6dc4fb5 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_export_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_export_sec_context.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_export_sec_context(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_get_mic.c b/source4/heimdal/lib/gssapi/mech/gss_get_mic.c index 7b33ac0ed9..9cd5060fc9 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_get_mic.c +++ b/source4/heimdal/lib/gssapi/mech/gss_get_mic.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_get_mic.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_get_mic(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_import_name.c b/source4/heimdal/lib/gssapi/mech/gss_import_name.c index 104452f5b9..040e228410 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_import_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_import_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_import_name.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); static OM_uint32 _gss_import_export_name(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c index c68849ce00..01ca9f10df 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_import_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_import_sec_context.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_import_sec_context(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c b/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c index cafb660991..34c0bb55d8 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c +++ b/source4/heimdal/lib/gssapi/mech/gss_indicate_mechs.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_indicate_mechs.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_indicate_mechs(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c index d0e92f41ce..579000a7ec 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_init_sec_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_init_sec_context.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); static gss_cred_id_t _gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type) diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c index 26f4038071..8872f121d0 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_context.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_context.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_context(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c index 1610be5538..3587572672 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_cred.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); #define AUSAGE 1 #define IUSAGE 2 diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c index fedd963ffa..47a2eaf279 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_cred_by_mech.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_cred_by_mech(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c index c1bbf3a724..d22231d96b 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_cred_by_oid.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_cred_by_oid (OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c index 6b06a33053..8df7f88a0a 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_mechs_for_name.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_mechs_for_name(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c index 1ba1ee0563..a630d76216 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_names_for_mech.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_names_for_mech(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c b/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c index b06a3e10f0..9ba892dc0e 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c +++ b/source4/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_inquire_sec_context_by_oid.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_krb5.c b/source4/heimdal/lib/gssapi/mech/gss_krb5.c index d6b89e3e23..e224dffe05 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_krb5.c +++ b/source4/heimdal/lib/gssapi/mech/gss_krb5.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_krb5.c 23420 2008-07-26 18:37:48Z lha $"); +RCSID("$Id$"); #include #include @@ -52,7 +52,7 @@ gss_krb5_copy_ccache(OM_uint32 *minor_status, if (ret) return ret; - if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count < 1) { gss_release_buffer_set(minor_status, &data_set); *minor_status = EINVAL; return GSS_S_FAILURE; diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c index 8abbb7d0cc..5b8d35c3dd 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c +++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -28,7 +28,7 @@ #include "mech_locl.h" #include -RCSID("$Id: gss_mech_switch.c 23471 2008-07-27 12:17:49Z lha $"); +RCSID("$Id$"); #ifndef _PATH_GSS_MECH #define _PATH_GSS_MECH "/etc/gss/mech" @@ -249,7 +249,7 @@ _gss_load_mech(void) #define RTLD_LOCAL 0 #endif - so = dlopen(lib, RTLD_LOCAL); + so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL); if (!so) { /* fprintf(stderr, "dlopen: %s\n", dlerror()); */ continue; diff --git a/source4/heimdal/lib/gssapi/mech/gss_names.c b/source4/heimdal/lib/gssapi/mech/gss_names.c index f78672d837..a1b858d938 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_names.c +++ b/source4/heimdal/lib/gssapi/mech/gss_names.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_names.c 21473 2007-07-10 16:29:53Z lha $"); +RCSID("$Id$"); OM_uint32 _gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech, diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c index b272316115..0ec6a9b5cc 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c +++ b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_oid_equal.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); int GSSAPI_LIB_FUNCTION gss_oid_equal(const gss_OID a, const gss_OID b) diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c index 4678a3e710..69a723adb1 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c +++ b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c @@ -32,7 +32,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_oid_to_str.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str) diff --git a/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c b/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c index db55bc24be..9dc3f5b904 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c +++ b/source4/heimdal/lib/gssapi/mech/gss_process_context_token.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_process_context_token.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_process_context_token(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_pseudo_random.c b/source4/heimdal/lib/gssapi/mech/gss_pseudo_random.c index ba027cb95a..5807ee9d9b 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_pseudo_random.c +++ b/source4/heimdal/lib/gssapi/mech/gss_pseudo_random.c @@ -31,10 +31,10 @@ * SUCH DAMAGE. */ -/* $Id: gss_pseudo_random.c 23025 2008-04-17 10:01:57Z lha $ */ +/* $Id$ */ #include "mech_locl.h" -RCSID("$Id: gss_pseudo_random.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_pseudo_random(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c b/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c index eb1bf34985..1af5289157 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c +++ b/source4/heimdal/lib/gssapi/mech/gss_release_buffer.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_buffer.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_release_buffer(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_cred.c b/source4/heimdal/lib/gssapi/mech/gss_release_cred.c index 9648929c91..40777fa2a1 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_release_cred.c +++ b/source4/heimdal/lib/gssapi/mech/gss_release_cred.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_cred.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_name.c b/source4/heimdal/lib/gssapi/mech/gss_release_name.c index d8c36c10a7..ad07c60bda 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_release_name.c +++ b/source4/heimdal/lib/gssapi/mech/gss_release_name.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_name.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_release_name(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_oid.c b/source4/heimdal/lib/gssapi/mech/gss_release_oid.c index ccc59638fb..dda8efb650 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_release_oid.c +++ b/source4/heimdal/lib/gssapi/mech/gss_release_oid.c @@ -33,7 +33,7 @@ #include "mech_locl.h" -RCSID("$Id: gss_release_oid.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_release_oid(OM_uint32 *minor_status, gss_OID *oid) diff --git a/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c b/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c index 00b1f4656d..0ccb9e4dc6 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c +++ b/source4/heimdal/lib/gssapi/mech/gss_release_oid_set.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_release_oid_set.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_release_oid_set(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_seal.c b/source4/heimdal/lib/gssapi/mech/gss_seal.c index 7979455430..f6636456ea 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_seal.c +++ b/source4/heimdal/lib/gssapi/mech/gss_seal.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_seal.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_seal(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c index bbd75c9849..20eaa14d9e 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c +++ b/source4/heimdal/lib/gssapi/mech/gss_set_cred_option.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_set_cred_option.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_set_cred_option (OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c b/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c index 48377fd6bc..735d59322e 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c +++ b/source4/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c @@ -31,7 +31,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_set_sec_context_option.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_set_sec_context_option (OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_sign.c b/source4/heimdal/lib/gssapi/mech/gss_sign.c index c91b6490d2..1d73641355 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_sign.c +++ b/source4/heimdal/lib/gssapi/mech/gss_sign.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_sign.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_sign(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c b/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c index ee42cc5d1a..ca1dca8fad 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c +++ b/source4/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_test_oid_set_member.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_test_oid_set_member(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_unseal.c b/source4/heimdal/lib/gssapi/mech/gss_unseal.c index d6f73c5522..539e65a01c 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_unseal.c +++ b/source4/heimdal/lib/gssapi/mech/gss_unseal.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_unseal.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_unseal(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_unwrap.c b/source4/heimdal/lib/gssapi/mech/gss_unwrap.c index 4866bacbe5..693bbe020b 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_unwrap.c +++ b/source4/heimdal/lib/gssapi/mech/gss_unwrap.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_unwrap.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_unwrap(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_utils.c b/source4/heimdal/lib/gssapi/mech/gss_utils.c index 22217a9d62..6e05acff03 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_utils.c +++ b/source4/heimdal/lib/gssapi/mech/gss_utils.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_utils.c 19965 2007-01-17 16:23:47Z lha $"); +RCSID("$Id$"); OM_uint32 _gss_copy_oid(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_verify.c b/source4/heimdal/lib/gssapi/mech/gss_verify.c index d82ceee984..f287cb4816 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_verify.c +++ b/source4/heimdal/lib/gssapi/mech/gss_verify.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_verify.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_verify(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c b/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c index c58c63ac0f..1a411729c6 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c +++ b/source4/heimdal/lib/gssapi/mech/gss_verify_mic.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_verify_mic.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_verify_mic(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_wrap.c b/source4/heimdal/lib/gssapi/mech/gss_wrap.c index f6b5077d0e..b3363d3f20 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_wrap.c +++ b/source4/heimdal/lib/gssapi/mech/gss_wrap.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_wrap.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c b/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c index 14f373dada..15b86a9367 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c +++ b/source4/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c @@ -27,7 +27,7 @@ */ #include "mech_locl.h" -RCSID("$Id: gss_wrap_size_limit.c 23025 2008-04-17 10:01:57Z lha $"); +RCSID("$Id$"); OM_uint32 GSSAPI_LIB_FUNCTION gss_wrap_size_limit(OM_uint32 *minor_status, diff --git a/source4/heimdal/lib/gssapi/mech/gssapi.asn1 b/source4/heimdal/lib/gssapi/mech/gssapi.asn1 index 44b30bfa7e..1ba7b40637 100644 --- a/source4/heimdal/lib/gssapi/mech/gssapi.asn1 +++ b/source4/heimdal/lib/gssapi/mech/gssapi.asn1 @@ -1,4 +1,4 @@ --- $Id: gssapi.asn1 18565 2006-10-18 21:08:19Z lha $ +-- $Id$ GSS-API DEFINITIONS ::= BEGIN diff --git a/source4/heimdal/lib/gssapi/mech/mech_locl.h b/source4/heimdal/lib/gssapi/mech/mech_locl.h index 4399fa78a6..8887692e08 100644 --- a/source4/heimdal/lib/gssapi/mech/mech_locl.h +++ b/source4/heimdal/lib/gssapi/mech/mech_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: mech_locl.h 19948 2007-01-17 10:03:07Z lha $ */ +/* $Id$ */ #include diff --git a/source4/heimdal/lib/gssapi/mech/mech_switch.h b/source4/heimdal/lib/gssapi/mech/mech_switch.h index 14e6d7978c..e83a4c8a5a 100644 --- a/source4/heimdal/lib/gssapi/mech/mech_switch.h +++ b/source4/heimdal/lib/gssapi/mech/mech_switch.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/mech_switch.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: mech_switch.h 18246 2006-10-05 18:36:07Z lha $ + * $Id$ */ #include diff --git a/source4/heimdal/lib/gssapi/mech/name.h b/source4/heimdal/lib/gssapi/mech/name.h index 7c9ba33d85..49b412dd73 100644 --- a/source4/heimdal/lib/gssapi/mech/name.h +++ b/source4/heimdal/lib/gssapi/mech/name.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/name.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: name.h 21477 2007-07-10 16:31:44Z lha $ + * $Id$ */ struct _gss_mechanism_name { diff --git a/source4/heimdal/lib/gssapi/mech/utils.h b/source4/heimdal/lib/gssapi/mech/utils.h index 908203557e..7b27d38f3c 100644 --- a/source4/heimdal/lib/gssapi/mech/utils.h +++ b/source4/heimdal/lib/gssapi/mech/utils.h @@ -24,7 +24,7 @@ * SUCH DAMAGE. * * $FreeBSD: src/lib/libgssapi/utils.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ - * $Id: utils.h 19398 2006-12-18 13:01:40Z lha $ + * $Id$ */ OM_uint32 _gss_free_oid(OM_uint32 *, gss_OID); diff --git a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c index 6b618092fe..2afeaf080e 100644 --- a/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/spnego/accept_sec_context.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: accept_sec_context.c 23158 2008-05-02 09:45:28Z lha $"); +RCSID("$Id$"); static OM_uint32 send_reject (OM_uint32 *minor_status, @@ -524,7 +524,7 @@ acceptor_complete(OM_uint32 * minor_status, free(buf.value); } else - *get_mic = verify_mic = 0; + *get_mic = 0; return GSS_S_COMPLETE; } diff --git a/source4/heimdal/lib/gssapi/spnego/compat.c b/source4/heimdal/lib/gssapi/spnego/compat.c index 36de854784..67d9b202a7 100644 --- a/source4/heimdal/lib/gssapi/spnego/compat.c +++ b/source4/heimdal/lib/gssapi/spnego/compat.c @@ -32,7 +32,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: compat.c 22688 2008-03-16 11:33:58Z lha $"); +RCSID("$Id$"); /* * Apparently Microsoft got the OID wrong, and used diff --git a/source4/heimdal/lib/gssapi/spnego/context_stubs.c b/source4/heimdal/lib/gssapi/spnego/context_stubs.c index 6f1c3eb4b6..60c53058b8 100644 --- a/source4/heimdal/lib/gssapi/spnego/context_stubs.c +++ b/source4/heimdal/lib/gssapi/spnego/context_stubs.c @@ -32,7 +32,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: context_stubs.c 22688 2008-03-16 11:33:58Z lha $"); +RCSID("$Id$"); static OM_uint32 spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs) diff --git a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c index d87d7d618e..836b63f437 100644 --- a/source4/heimdal/lib/gssapi/spnego/cred_stubs.c +++ b/source4/heimdal/lib/gssapi/spnego/cred_stubs.c @@ -32,7 +32,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: cred_stubs.c 22688 2008-03-16 11:33:58Z lha $"); +RCSID("$Id$"); OM_uint32 _gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) diff --git a/source4/heimdal/lib/gssapi/spnego/external.c b/source4/heimdal/lib/gssapi/spnego/external.c index 317d358707..d5718c3fd3 100644 --- a/source4/heimdal/lib/gssapi/spnego/external.c +++ b/source4/heimdal/lib/gssapi/spnego/external.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" #include -RCSID("$Id: external.c 22688 2008-03-16 11:33:58Z lha $"); +RCSID("$Id$"); /* * RFC2478, SPNEGO: diff --git a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c index bee4895898..f032757fdd 100644 --- a/source4/heimdal/lib/gssapi/spnego/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/spnego/init_sec_context.c @@ -33,7 +33,7 @@ #include "spnego/spnego_locl.h" -RCSID("$Id: init_sec_context.c 22600 2008-02-21 12:46:24Z lha $"); +RCSID("$Id$"); /* * Is target_name an sane target for `mech´. diff --git a/source4/heimdal/lib/gssapi/spnego/spnego.asn1 b/source4/heimdal/lib/gssapi/spnego/spnego.asn1 index 058f10ba3a..048e86bb43 100644 --- a/source4/heimdal/lib/gssapi/spnego/spnego.asn1 +++ b/source4/heimdal/lib/gssapi/spnego/spnego.asn1 @@ -1,4 +1,4 @@ --- $Id: spnego.asn1 21403 2007-07-04 08:13:12Z lha $ +-- $Id$ SPNEGO DEFINITIONS ::= BEGIN diff --git a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h index 6eb808efbc..8344e750ae 100644 --- a/source4/heimdal/lib/gssapi/spnego/spnego_locl.h +++ b/source4/heimdal/lib/gssapi/spnego/spnego_locl.h @@ -30,7 +30,7 @@ * SUCH DAMAGE. */ -/* $Id: spnego_locl.h 23161 2008-05-05 09:56:20Z lha $ */ +/* $Id$ */ #ifndef SPNEGO_LOCL_H #define SPNEGO_LOCL_H diff --git a/source4/heimdal/lib/hcrypto/aes.c b/source4/heimdal/lib/hcrypto/aes.c index a36459a457..668b4f269f 100644 --- a/source4/heimdal/lib/hcrypto/aes.c +++ b/source4/heimdal/lib/hcrypto/aes.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: aes.c 15495 2005-06-18 22:47:33Z lha $"); +RCSID("$Id$"); #endif #ifdef KRB5 diff --git a/source4/heimdal/lib/hcrypto/aes.h b/source4/heimdal/lib/hcrypto/aes.h index eeba5c9e51..9550f61e9f 100644 --- a/source4/heimdal/lib/hcrypto/aes.h +++ b/source4/heimdal/lib/hcrypto/aes.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: aes.h 22958 2008-04-11 11:33:22Z lha $ */ +/* $Id$ */ #ifndef HEIM_AES_H #define HEIM_AES_H 1 diff --git a/source4/heimdal/lib/hcrypto/bn.c b/source4/heimdal/lib/hcrypto/bn.c index 1f8c1d5471..eb2e1c37a5 100644 --- a/source4/heimdal/lib/hcrypto/bn.c +++ b/source4/heimdal/lib/hcrypto/bn.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: bn.c 22850 2008-04-07 18:49:01Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source4/heimdal/lib/hcrypto/bn.h b/source4/heimdal/lib/hcrypto/bn.h index 92cacec2a6..924ccf9cec 100644 --- a/source4/heimdal/lib/hcrypto/bn.h +++ b/source4/heimdal/lib/hcrypto/bn.h @@ -32,7 +32,7 @@ */ /* - * $Id: bn.h 22260 2007-12-09 06:23:47Z lha $ + * $Id$ */ #ifndef _HEIM_BN_H diff --git a/source4/heimdal/lib/hcrypto/des.c b/source4/heimdal/lib/hcrypto/des.c index 9e533dd708..8be9d649cd 100644 --- a/source4/heimdal/lib/hcrypto/des.c +++ b/source4/heimdal/lib/hcrypto/des.c @@ -84,7 +84,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: des.c 23117 2008-04-28 10:29:36Z lha $"); +RCSID("$Id$"); #endif #define HC_DEPRECATED diff --git a/source4/heimdal/lib/hcrypto/des.h b/source4/heimdal/lib/hcrypto/des.h index 3c52f59e28..f1a6798851 100644 --- a/source4/heimdal/lib/hcrypto/des.h +++ b/source4/heimdal/lib/hcrypto/des.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: des.h 23148 2008-04-29 05:53:27Z biorn $ */ +/* $Id$ */ #ifndef _DESperate_H #define _DESperate_H 1 diff --git a/source4/heimdal/lib/hcrypto/dh-imath.c b/source4/heimdal/lib/hcrypto/dh-imath.c index 494d436d13..f4e5e118a0 100644 --- a/source4/heimdal/lib/hcrypto/dh-imath.c +++ b/source4/heimdal/lib/hcrypto/dh-imath.c @@ -43,7 +43,7 @@ #include "imath/imath.h" -RCSID("$Id: dh-imath.c 22368 2007-12-28 15:27:52Z lha $"); +RCSID("$Id$"); static void BN2mpz(mpz_t *s, const BIGNUM *bn) diff --git a/source4/heimdal/lib/hcrypto/dh.c b/source4/heimdal/lib/hcrypto/dh.c index 9f1af0b3b1..b2aa890e55 100644 --- a/source4/heimdal/lib/hcrypto/dh.c +++ b/source4/heimdal/lib/hcrypto/dh.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: dh.c 22397 2008-01-01 20:20:31Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source4/heimdal/lib/hcrypto/dh.h b/source4/heimdal/lib/hcrypto/dh.h index e34390dc99..533d832a3d 100644 --- a/source4/heimdal/lib/hcrypto/dh.h +++ b/source4/heimdal/lib/hcrypto/dh.h @@ -32,7 +32,7 @@ */ /* - * $Id: dh.h 17483 2006-05-06 13:11:15Z lha $ + * $Id$ */ #ifndef _HEIM_DH_H diff --git a/source4/heimdal/lib/hcrypto/dsa.c b/source4/heimdal/lib/hcrypto/dsa.c index 0dc59dac61..637963a591 100644 --- a/source4/heimdal/lib/hcrypto/dsa.c +++ b/source4/heimdal/lib/hcrypto/dsa.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: dsa.c 17496 2006-05-07 11:31:58Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source4/heimdal/lib/hcrypto/dsa.h b/source4/heimdal/lib/hcrypto/dsa.h index 0544b80118..94d8206589 100644 --- a/source4/heimdal/lib/hcrypto/dsa.h +++ b/source4/heimdal/lib/hcrypto/dsa.h @@ -32,7 +32,7 @@ */ /* - * $Id: dsa.h 16564 2006-01-13 15:26:52Z lha $ + * $Id$ */ #ifndef _HEIM_DSA_H diff --git a/source4/heimdal/lib/hcrypto/engine.c b/source4/heimdal/lib/hcrypto/engine.c index 1a754909c5..b26987884d 100644 --- a/source4/heimdal/lib/hcrypto/engine.c +++ b/source4/heimdal/lib/hcrypto/engine.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: engine.c 20828 2007-06-03 05:10:20Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source4/heimdal/lib/hcrypto/engine.h b/source4/heimdal/lib/hcrypto/engine.h index 547a2d1324..d317a77e0d 100644 --- a/source4/heimdal/lib/hcrypto/engine.h +++ b/source4/heimdal/lib/hcrypto/engine.h @@ -32,7 +32,7 @@ */ /* - * $Id: engine.h 17475 2006-05-06 12:34:36Z lha $ + * $Id$ */ #ifndef _HEIM_ENGINE_H diff --git a/source4/heimdal/lib/hcrypto/evp.c b/source4/heimdal/lib/hcrypto/evp.c index b4fb8a7f23..42b7c6da0b 100644 --- a/source4/heimdal/lib/hcrypto/evp.c +++ b/source4/heimdal/lib/hcrypto/evp.c @@ -35,9 +35,10 @@ #include #endif -RCSID("$Id: evp.c 23144 2008-04-29 05:47:16Z lha $"); +RCSID("$Id$"); #define HC_DEPRECATED +#define HC_DEPRECATED_CRYPTO #include #include @@ -49,7 +50,6 @@ RCSID("$Id: evp.c 23144 2008-04-29 05:47:16Z lha $"); #include -#include #include "camellia.h" #include #include @@ -63,24 +63,20 @@ RCSID("$Id: evp.c 23144 2008-04-29 05:47:16Z lha $"); * @page page_evp EVP - generic crypto interface * * See the library functions here: @ref hcrypto_evp + * + * @section evp_cipher EVP Cipher + * + * The use of EVP_CipherInit_ex() and EVP_Cipher() is pretty easy to + * understand forward, then EVP_CipherUpdate() and + * EVP_CipherFinal_ex() really needs an example to explain @ref + * example_evp_cipher.c . + * + * @example example_evp_cipher.c + * + * This is an example how to use EVP_CipherInit_ex(), + * EVP_CipherUpdate() and EVP_CipherFinal_ex(). */ - -typedef int (*evp_md_init)(EVP_MD_CTX *); -typedef int (*evp_md_update)(EVP_MD_CTX *,const void *, size_t); -typedef int (*evp_md_final)(void *, EVP_MD_CTX *); -typedef int (*evp_md_cleanup)(EVP_MD_CTX *); - -struct hc_evp_md { - int hash_size; - int block_size; - int ctx_size; - evp_md_init init; - evp_md_update update; - evp_md_final final; - evp_md_cleanup cleanup; -}; - struct hc_EVP_MD_CTX { const EVP_MD *md; ENGINE *engine; @@ -361,9 +357,9 @@ EVP_sha256(void) 32, 64, sizeof(SHA256_CTX), - (evp_md_init)SHA256_Init, - (evp_md_update)SHA256_Update, - (evp_md_final)SHA256_Final, + (hc_evp_md_init)SHA256_Init, + (hc_evp_md_update)SHA256_Update, + (hc_evp_md_final)SHA256_Final, NULL }; return &sha256; @@ -373,9 +369,9 @@ static const struct hc_evp_md sha1 = { 20, 64, sizeof(SHA_CTX), - (evp_md_init)SHA1_Init, - (evp_md_update)SHA1_Update, - (evp_md_final)SHA1_Final, + (hc_evp_md_init)SHA1_Init, + (hc_evp_md_update)SHA1_Update, + (hc_evp_md_final)SHA1_Final, NULL }; @@ -422,9 +418,9 @@ EVP_md5(void) 16, 64, sizeof(MD5_CTX), - (evp_md_init)MD5_Init, - (evp_md_update)MD5_Update, - (evp_md_final)MD5_Final, + (hc_evp_md_init)MD5_Init, + (hc_evp_md_update)MD5_Update, + (hc_evp_md_final)MD5_Final, NULL }; return &md5; @@ -445,9 +441,9 @@ EVP_md4(void) 16, 64, sizeof(MD4_CTX), - (evp_md_init)MD4_Init, - (evp_md_update)MD4_Update, - (evp_md_final)MD4_Final, + (hc_evp_md_init)MD4_Init, + (hc_evp_md_update)MD4_Update, + (hc_evp_md_final)MD4_Final, NULL }; return &md4; @@ -468,9 +464,9 @@ EVP_md2(void) 16, 16, sizeof(MD2_CTX), - (evp_md_init)MD2_Init, - (evp_md_update)MD2_Update, - (evp_md_final)MD2_Final, + (hc_evp_md_init)MD2_Init, + (hc_evp_md_update)MD2_Update, + (hc_evp_md_final)MD2_Final, NULL }; return &md2; @@ -508,9 +504,9 @@ EVP_md_null(void) 0, 0, 0, - (evp_md_init)null_Init, - (evp_md_update)null_Update, - (evp_md_final)null_Final, + (hc_evp_md_init)null_Init, + (hc_evp_md_update)null_Update, + (hc_evp_md_final)null_Final, NULL }; return &null; @@ -769,6 +765,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, const void *key, const void *iv, int encp) { + ctx->buf_len = 0; + if (encp == -1) encp = ctx->encrypt; else @@ -783,6 +781,9 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, if (ctx->cipher_data == NULL && c->ctx_size != 0) return 0; + /* assume block size is a multiple of 2 */ + ctx->block_mask = EVP_CIPHER_block_size(c) - 1; + } else if (ctx->cipher == NULL) { /* reuse of cipher, but not any cipher ever set! */ return 0; @@ -808,7 +809,138 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, } /** - * Encypher/decypher data + * Encipher/decipher partial data + * + * @param ctx the cipher context. + * @param out output data from the operation. + * @param outlen output length + * @param in input data to the operation. + * @param inlen length of data. + * + * The output buffer length should at least be EVP_CIPHER_block_size() + * byte longer then the input length. + * + * See @ref evp_cipher for an example how to use this function. + * + * @return 1 on success. + * + * @ingroup hcrypto_evp + */ + +int +EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen, + void *in, size_t inlen) +{ + int ret, left, blocksize; + + *outlen = 0; + + /** + * If there in no spare bytes in the left from last Update and the + * input length is on the block boundery, the EVP_CipherUpdate() + * function can take a shortcut (and preformance gain) and + * directly encrypt the data, otherwise we hav to fix it up and + * store extra it the EVP_CIPHER_CTX. + */ + if (ctx->buf_len == 0 && (inlen & ctx->block_mask) == 0) { + ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen); + if (ret == 1) + *outlen = inlen; + else + *outlen = 0; + return ret; + } + + + blocksize = EVP_CIPHER_CTX_block_size(ctx); + left = blocksize - ctx->buf_len; + assert(left > 0); + + if (ctx->buf_len) { + + /* if total buffer is smaller then input, store locally */ + if (inlen < left) { + memcpy(ctx->buf + ctx->buf_len, in, inlen); + ctx->buf_len += inlen; + return 1; + } + + /* fill in local buffer and encrypt */ + memcpy(ctx->buf + ctx->buf_len, in, left); + ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize); + memset(ctx->buf, 0, blocksize); + if (ret != 1) + return ret; + + *outlen += blocksize; + inlen -= left; + in = ((unsigned char *)in) + left; + out = ((unsigned char *)out) + blocksize; + ctx->buf_len = 0; + } + + if (inlen) { + ctx->buf_len = (inlen & ctx->block_mask); + inlen &= ~ctx->block_mask; + + ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen); + if (ret != 1) + return ret; + + *outlen += inlen; + + in = ((unsigned char *)in) + inlen; + memcpy(ctx->buf, in, ctx->buf_len); + } + + return 1; +} + +/** + * Encipher/decipher final data + * + * @param ctx the cipher context. + * @param out output data from the operation. + * @param outlen output length + * + * The input length needs to be at least EVP_CIPHER_block_size() bytes + * long. + * + * See @ref evp_cipher for an example how to use this function. + * + * @return 1 on success. + * + * @ingroup hcrypto_evp + */ + +int +EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, void *out, int *outlen) +{ + *outlen = 0; + + if (ctx->buf_len) { + int ret, left, blocksize; + + blocksize = EVP_CIPHER_CTX_block_size(ctx); + + left = blocksize - ctx->buf_len; + assert(left > 0); + + /* zero fill local buffer */ + memset(ctx->buf + ctx->buf_len, 0, left); + ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize); + memset(ctx->buf, 0, blocksize); + if (ret != 1) + return ret; + + *outlen += blocksize; + } + + return 1; +} + +/** + * Encipher/decipher data * * @param ctx the cipher context. * @param out out data from the operation. @@ -1043,6 +1175,71 @@ EVP_rc4_40(void) return NULL; } +/* + * + */ + +static int +des_cbc_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + DES_key_schedule *k = ctx->cipher_data; + DES_cblock deskey; + memcpy(&deskey, key, sizeof(deskey)); + DES_set_key_unchecked(&deskey, k); + return 1; +} + +static int +des_cbc_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + DES_key_schedule *k = ctx->cipher_data; + DES_cbc_encrypt(in, out, size, + k, (DES_cblock *)ctx->iv, ctx->encrypt); + return 1; +} + +static int +des_cbc_cleanup(EVP_CIPHER_CTX *ctx) +{ + memset(ctx->cipher_data, 0, sizeof(struct DES_key_schedule)); + return 1; +} + +/** + * The DES cipher type + * + * @return the DES-CBC EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_des_cbc(void) +{ + static const EVP_CIPHER des_ede3_cbc = { + 0, + 8, + 8, + 8, + EVP_CIPH_CBC_MODE, + des_cbc_init, + des_cbc_do_cipher, + des_cbc_cleanup, + sizeof(DES_key_schedule), + NULL, + NULL, + NULL, + NULL + }; + return &des_ede3_cbc; +} + /* * */ @@ -1124,42 +1321,6 @@ EVP_des_ede3_cbc(void) return &des_ede3_cbc; } -/* - * - */ - -static int -aes_init(EVP_CIPHER_CTX *ctx, - const unsigned char * key, - const unsigned char * iv, - int encp) -{ - AES_KEY *k = ctx->cipher_data; - if (ctx->encrypt) - AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k); - else - AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k); - return 1; -} - -static int -aes_do_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - unsigned int size) -{ - AES_KEY *k = ctx->cipher_data; - AES_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); - return 1; -} - -static int -aes_cleanup(EVP_CIPHER_CTX *ctx) -{ - memset(ctx->cipher_data, 0, sizeof(AES_KEY)); - return 1; -} - /** * The AES-128 cipher type * @@ -1171,22 +1332,7 @@ aes_cleanup(EVP_CIPHER_CTX *ctx) const EVP_CIPHER * EVP_aes_128_cbc(void) { - static const EVP_CIPHER aes_128_cbc = { - 0, - 16, - 16, - 16, - EVP_CIPH_CBC_MODE, - aes_init, - aes_do_cipher, - aes_cleanup, - sizeof(AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - return &aes_128_cbc; + return EVP_hcrypto_aes_128_cbc(); } /** @@ -1200,22 +1346,7 @@ EVP_aes_128_cbc(void) const EVP_CIPHER * EVP_aes_192_cbc(void) { - static const EVP_CIPHER aes_192_cbc = { - 0, - 16, - 24, - 16, - EVP_CIPH_CBC_MODE, - aes_init, - aes_do_cipher, - aes_cleanup, - sizeof(AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - return &aes_192_cbc; + return EVP_hcrypto_aes_192_cbc(); } /** @@ -1229,22 +1360,7 @@ EVP_aes_192_cbc(void) const EVP_CIPHER * EVP_aes_256_cbc(void) { - static const EVP_CIPHER aes_256_cbc = { - 0, - 16, - 32, - 16, - EVP_CIPH_CBC_MODE, - aes_init, - aes_do_cipher, - aes_cleanup, - sizeof(AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - return &aes_256_cbc; + return EVP_hcrypto_aes_256_cbc(); } static int diff --git a/source4/heimdal/lib/hcrypto/evp.h b/source4/heimdal/lib/hcrypto/evp.h index c8f8f80f80..e2c95b929e 100644 --- a/source4/heimdal/lib/hcrypto/evp.h +++ b/source4/heimdal/lib/hcrypto/evp.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: evp.h 23141 2008-04-29 05:47:04Z lha $ */ +/* $Id$ */ #ifndef HEIM_EVP_H #define HEIM_EVP_H 1 @@ -56,6 +56,8 @@ #define EVP_CIPHER_key_length hc_EVP_CIPHER_key_length #define EVP_Cipher hc_EVP_Cipher #define EVP_CipherInit_ex hc_EVP_CipherInit_ex +#define EVP_CipherUpdate hc_EVP_CipherUpdate +#define EVP_CipherFinal_ex hc_EVP_CipherFinal_ex #define EVP_Digest hc_EVP_Digest #define EVP_DigestFinal_ex hc_EVP_DigestFinal_ex #define EVP_DigestInit_ex hc_EVP_DigestInit_ex @@ -72,6 +74,13 @@ #define EVP_aes_128_cbc hc_EVP_aes_128_cbc #define EVP_aes_192_cbc hc_EVP_aes_192_cbc #define EVP_aes_256_cbc hc_EVP_aes_256_cbc +#define EVP_hcrypto_aes_128_cbc hc_EVP_hcrypto_aes_128_cbc +#define EVP_hcrypto_aes_192_cbc hc_EVP_hcrypto_aes_192_cbc +#define EVP_hcrypto_aes_256_cbc hc_EVP_hcrypto_aes_256_cbc +#define EVP_hcrypto_aes_128_cts hc_EVP_hcrypto_aes_128_cts +#define EVP_hcrypto_aes_192_cts hc_EVP_hcrypto_aes_192_cts +#define EVP_hcrypto_aes_256_cts hc_EVP_hcrypto_aes_256_cts +#define EVP_des_cbc hc_EVP_des_cbc #define EVP_des_ede3_cbc hc_EVP_des_ede3_cbc #define EVP_enc_null hc_EVP_enc_null #define EVP_md2 hc_EVP_md2 @@ -121,6 +130,7 @@ struct hc_CIPHER { * cipher is used in (use EVP_CIPHER.._mode() to extract the * mode). The rest of the flag field is a bitfield. */ +#define EVP_CIPH_STREAM_CIPHER 0 #define EVP_CIPH_CBC_MODE 2 #define EVP_CIPH_MODE 0x7 @@ -141,7 +151,7 @@ struct hc_CIPHER_CTX { const EVP_CIPHER *cipher; ENGINE *engine; int encrypt; - int buf_len; + int buf_len; /* bytes stored in buf for EVP_CipherUpdate */ unsigned char oiv[EVP_MAX_IV_LENGTH]; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char buf[EVP_MAX_BLOCK_LENGTH]; @@ -155,6 +165,21 @@ struct hc_CIPHER_CTX { unsigned char final[EVP_MAX_BLOCK_LENGTH]; }; +typedef int (*hc_evp_md_init)(EVP_MD_CTX *); +typedef int (*hc_evp_md_update)(EVP_MD_CTX *,const void *, size_t); +typedef int (*hc_evp_md_final)(void *, EVP_MD_CTX *); +typedef int (*hc_evp_md_cleanup)(EVP_MD_CTX *); + +struct hc_evp_md { + int hash_size; + int block_size; + int ctx_size; + hc_evp_md_init init; + hc_evp_md_update update; + hc_evp_md_final final; + hc_evp_md_cleanup cleanup; +}; + #if !defined(__GNUC__) && !defined(__attribute__) #define __attribute__(x) #endif @@ -162,6 +187,10 @@ struct hc_CIPHER_CTX { #ifndef HC_DEPRECATED #define HC_DEPRECATED __attribute__((deprecated)) #endif +#ifndef HC_DEPRECATED_CRYPTO +#define HC_DEPRECATED_CRYPTO __attribute__((deprecated)) +#endif + #ifdef __cplusplus extern "C" { @@ -172,9 +201,9 @@ extern "C" { */ const EVP_MD *EVP_md_null(void); -const EVP_MD *EVP_md2(void); -const EVP_MD *EVP_md4(void); -const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_md2(void) HC_DEPRECATED_CRYPTO; +const EVP_MD *EVP_md4(void) HC_DEPRECATED_CRYPTO; +const EVP_MD *EVP_md5(void) HC_DEPRECATED_CRYPTO; const EVP_MD *EVP_sha(void); const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_sha256(void); @@ -182,13 +211,20 @@ const EVP_MD *EVP_sha256(void); const EVP_CIPHER * EVP_aes_128_cbc(void); const EVP_CIPHER * EVP_aes_192_cbc(void); const EVP_CIPHER * EVP_aes_256_cbc(void); +const EVP_CIPHER * EVP_hcrypto_aes_128_cbc(void); +const EVP_CIPHER * EVP_hcrypto_aes_192_cbc(void); +const EVP_CIPHER * EVP_hcrypto_aes_256_cbc(void); +const EVP_CIPHER * EVP_hcrypto_aes_128_cts(void); +const EVP_CIPHER * EVP_hcrypto_aes_192_cts(void); +const EVP_CIPHER * EVP_hcrypto_aes_256_cts(void); +const EVP_CIPHER * EVP_des_cbc(void) HC_DEPRECATED_CRYPTO; const EVP_CIPHER * EVP_des_ede3_cbc(void); const EVP_CIPHER * EVP_enc_null(void); -const EVP_CIPHER * EVP_rc2_40_cbc(void); -const EVP_CIPHER * EVP_rc2_64_cbc(void); -const EVP_CIPHER * EVP_rc2_cbc(void); +const EVP_CIPHER * EVP_rc2_40_cbc(void) HC_DEPRECATED_CRYPTO; +const EVP_CIPHER * EVP_rc2_64_cbc(void) HC_DEPRECATED_CRYPTO; +const EVP_CIPHER * EVP_rc2_cbc(void) HC_DEPRECATED_CRYPTO; const EVP_CIPHER * EVP_rc4(void); -const EVP_CIPHER * EVP_rc4_40(void); +const EVP_CIPHER * EVP_rc4_40(void) HC_DEPRECATED_CRYPTO; const EVP_CIPHER * EVP_camellia_128_cbc(void); const EVP_CIPHER * EVP_camellia_192_cbc(void); const EVP_CIPHER * EVP_camellia_256_cbc(void); @@ -245,6 +281,8 @@ void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *, void *); int EVP_CipherInit_ex(EVP_CIPHER_CTX *,const EVP_CIPHER *, ENGINE *, const void *, const void *, int); +int EVP_CipherUpdate(EVP_CIPHER_CTX *, void *, int *, void *, size_t); +int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, void *, int *); int EVP_Cipher(EVP_CIPHER_CTX *,void *,const void *,size_t); diff --git a/source4/heimdal/lib/hcrypto/hash.h b/source4/heimdal/lib/hcrypto/hash.h index d19f0c0ae1..0b12bddbb7 100644 --- a/source4/heimdal/lib/hcrypto/hash.h +++ b/source4/heimdal/lib/hcrypto/hash.h @@ -30,7 +30,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: hash.h 17450 2006-05-05 11:11:43Z lha $ */ +/* $Id$ */ /* stuff in common between md4, md5, and sha1 */ diff --git a/source4/heimdal/lib/hcrypto/hmac.h b/source4/heimdal/lib/hcrypto/hmac.h index 5bdae0a369..345016db27 100644 --- a/source4/heimdal/lib/hcrypto/hmac.h +++ b/source4/heimdal/lib/hcrypto/hmac.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hmac.h 16564 2006-01-13 15:26:52Z lha $ */ +/* $Id$ */ #ifndef HEIM_HMAC_H #define HEIM_HMAC_H 1 diff --git a/source4/heimdal/lib/hcrypto/imath/LICENSE b/source4/heimdal/lib/hcrypto/imath/LICENSE index 53dd364c2b..96b231720d 100644 --- a/source4/heimdal/lib/hcrypto/imath/LICENSE +++ b/source4/heimdal/lib/hcrypto/imath/LICENSE @@ -1,4 +1,4 @@ -IMath is Copyright 2002-2007 Michael J. Fromberger +IMath is Copyright © 2002-2008 Michael J. Fromberger You may use it subject to the following Licensing Terms: Permission is hereby granted, free of charge, to any person obtaining diff --git a/source4/heimdal/lib/hcrypto/imath/imath.c b/source4/heimdal/lib/hcrypto/imath/imath.c old mode 100755 new mode 100644 index 4487029f78..d8e170aedd --- a/source4/heimdal/lib/hcrypto/imath/imath.c +++ b/source4/heimdal/lib/hcrypto/imath/imath.c @@ -1,8 +1,8 @@ /* Name: imath.c Purpose: Arbitrary precision integer arithmetic routines. - Author: M. J. Fromberger - Info: $Id: imath.c 22648 2008-02-25 07:37:57Z lha $ + Author: M. J. Fromberger + Info: $Id: imath.c 645 2008-08-03 04:00:30Z sting $ Copyright (C) 2002-2007 Michael J. Fromberger, All Rights Reserved. @@ -53,6 +53,7 @@ const mp_result MP_RANGE = -3; /* argument out of range */ const mp_result MP_UNDEF = -4; /* result undefined */ const mp_result MP_TRUNC = -5; /* output truncated */ const mp_result MP_BADARG = -6; /* invalid null argument */ +const mp_result MP_MINERR = -6; const mp_sign MP_NEG = 1; /* value is strictly negative */ const mp_sign MP_ZPOS = 0; /* value is non-negative */ @@ -65,7 +66,7 @@ static const char *s_error_msg[] = { "argument out of range", "result undefined", "output truncated", - "invalid null argument", + "invalid argument", NULL }; @@ -97,14 +98,7 @@ static const double s_log2[] = { 0.218104292, 0.215338279, 0.212746054, 0.210309918, /* 24 25 26 27 */ 0.208014598, 0.205846832, 0.203795047, 0.201849087, /* 28 29 30 31 */ 0.200000000, 0.198239863, 0.196561632, 0.194959022, /* 32 33 34 35 */ - 0.193426404, 0.191958720, 0.190551412, 0.189200360, /* 36 37 38 39 */ - 0.187901825, 0.186652411, 0.185449023, 0.184288833, /* 40 41 42 43 */ - 0.183169251, 0.182087900, 0.181042597, 0.180031327, /* 44 45 46 47 */ - 0.179052232, 0.178103594, 0.177183820, 0.176291434, /* 48 49 50 51 */ - 0.175425064, 0.174583430, 0.173765343, 0.172969690, /* 52 53 54 55 */ - 0.172195434, 0.171441601, 0.170707280, 0.169991616, /* 56 57 58 59 */ - 0.169293808, 0.168613099, 0.167948779, 0.167300179, /* 60 61 62 63 */ - 0.166666667 + 0.193426404, /* 36 */ }; /* }}} */ @@ -130,31 +124,38 @@ memcpy(q__,p__,i__);}while(0) #define REV(T, A, N) \ do{T *u_=(A),*v_=u_+(N)-1;while(u_ 1 && (*dz_-- == 0)) --uz_;MP_USED(z_)=uz_;}while(0) -#endif +/* Select min/max. Do not provide expressions for which multiple + evaluation would be problematic, e.g. x++ */ #define MIN(A, B) ((B)<(A)?(B):(A)) #define MAX(A, B) ((B)>(A)?(B):(A)) + +/* Exchange lvalues A and B of type T, e.g. + SWAP(int, x, y) where x and y are variables of type int. */ #define SWAP(T, A, B) do{T t_=(A);A=(B);B=t_;}while(0) +/* Used to set up and access simple temp stacks within functions. */ #define TEMP(K) (temp + (K)) #define SETUP(E, C) \ do{if((res = (E)) != MP_OK) goto CLEANUP; ++(C);}while(0) +/* Compare value to zero. */ #define CMPZ(Z) \ (((Z)->used==1&&(Z)->digits[0]==0)?0:((Z)->sign==MP_NEG)?-1:1) +/* Multiply X by Y into Z, ignoring signs. Requires that Z have + enough storage preallocated to hold the result. */ #define UMUL(X, Y, Z) \ do{mp_size ua_=MP_USED(X),ub_=MP_USED(Y);mp_size o_=ua_+ub_;\ ZERO(MP_DIGITS(Z),o_);\ (void) s_kmul(MP_DIGITS(X),MP_DIGITS(Y),MP_DIGITS(Z),ua_,ub_);\ MP_USED(Z)=o_;CLAMP(Z);}while(0) +/* Square X into Z. Requires that Z have enough storage to hold the + result. */ #define USQR(X, Z) \ do{mp_size ua_=MP_USED(X),o_=ua_+ua_;ZERO(MP_DIGITS(Z),o_);\ (void) s_ksqr(MP_DIGITS(X),MP_DIGITS(Z),ua_);MP_USED(Z)=o_;CLAMP(Z);}while(0) @@ -194,25 +195,20 @@ static void s_free(void *ptr); necessary. Returns true if successful, false if out of memory. */ static int s_pad(mp_int z, mp_size min); -/* Normalize by removing leading zeroes (except when z = 0) */ -#if TRACEABLE_CLAMP -static void s_clamp(mp_int z); -#endif - /* Fill in a "fake" mp_int on the stack with a given value */ -static void s_fake(mp_int z, int value, mp_digit vbuf[]); +static void s_fake(mp_int z, mp_small value, mp_digit vbuf[]); /* Compare two runs of digits of given length, returns <0, 0, >0 */ static int s_cdig(mp_digit *da, mp_digit *db, mp_size len); /* Pack the unsigned digits of v into array t */ -static int s_vpack(int v, mp_digit t[]); +static int s_vpack(mp_small v, mp_digit t[]); /* Compare magnitudes of a and b, returns <0, 0, >0 */ static int s_ucmp(mp_int a, mp_int b); /* Compare magnitudes of a and v, returns <0, 0, >0 */ -static int s_vcmp(mp_int a, int v); +static int s_vcmp(mp_int a, mp_small v); /* Unsigned magnitude addition; assumes dc is big enough. Carry out is returned (no memory allocated). */ @@ -272,7 +268,7 @@ static int s_dp2k(mp_int z); static int s_isp2(mp_int z); /* Set z to 2^k. May allocate; returns false in case this fails. */ -static int s_2expt(mp_int z, int k); +static int s_2expt(mp_int z, mp_small k); /* Normalize a and b for division, returns normalization constant */ static int s_norm(mp_int a, mp_int b); @@ -410,7 +406,7 @@ mp_result mp_int_init_copy(mp_int z, mp_int old) /* {{{ mp_int_init_value(z, value) */ -mp_result mp_int_init_value(mp_int z, int value) +mp_result mp_int_init_value(mp_int z, mp_small value) { mpz_t vtmp; mp_digit vbuf[MP_VALUE_DIGITS(value)]; @@ -423,7 +419,7 @@ mp_result mp_int_init_value(mp_int z, int value) /* {{{ mp_int_set_value(z, value) */ -mp_result mp_int_set_value(mp_int z, int value) +mp_result mp_int_set_value(mp_int z, mp_small value) { mpz_t vtmp; mp_digit vbuf[MP_VALUE_DIGITS(value)]; @@ -589,12 +585,18 @@ mp_result mp_int_add(mp_int a, mp_int b, mp_int c) mp_int x, y; int cmp = s_ucmp(a, b); /* magnitude comparision, sign ignored */ - /* Set x to max(a, b), y to min(a, b) to simplify later code */ - if(cmp >= 0) { - x = a; y = b; - } + /* Set x to max(a, b), y to min(a, b) to simplify later code. + A special case yields zero for equal magnitudes. + */ + if(cmp == 0) { + mp_int_zero(c); + return MP_OK; + } + else if(cmp < 0) { + x = b; y = a; + } else { - x = b; y = a; + x = a; y = b; } if(!s_pad(c, MP_USED(x))) @@ -616,7 +618,7 @@ mp_result mp_int_add(mp_int a, mp_int b, mp_int c) /* {{{ mp_int_add_value(a, value, c) */ -mp_result mp_int_add_value(mp_int a, int value, mp_int c) +mp_result mp_int_add_value(mp_int a, mp_small value, mp_int c) { mpz_t vtmp; mp_digit vbuf[MP_VALUE_DIGITS(value)]; @@ -694,7 +696,7 @@ mp_result mp_int_sub(mp_int a, mp_int b, mp_int c) /* {{{ mp_int_sub_value(a, value, c) */ -mp_result mp_int_sub_value(mp_int a, int value, mp_int c) +mp_result mp_int_sub_value(mp_int a, mp_small value, mp_int c) { mpz_t vtmp; mp_digit vbuf[MP_VALUE_DIGITS(value)]; @@ -770,7 +772,7 @@ mp_result mp_int_mul(mp_int a, mp_int b, mp_int c) /* {{{ mp_int_mul_value(a, value, c) */ -mp_result mp_int_mul_value(mp_int a, int value, mp_int c) +mp_result mp_int_mul_value(mp_int a, mp_small value, mp_int c) { mpz_t vtmp; mp_digit vbuf[MP_VALUE_DIGITS(value)]; @@ -784,7 +786,7 @@ mp_result mp_int_mul_value(mp_int a, int value, mp_int c) /* {{{ mp_int_mul_pow2(a, p2, c) */ -mp_result mp_int_mul_pow2(mp_int a, int p2, mp_int c) +mp_result mp_int_mul_pow2(mp_int a, mp_small p2, mp_int c) { mp_result res; CHECK(a != NULL && c != NULL && p2 >= 0); @@ -896,16 +898,22 @@ mp_result mp_int_div(mp_int a, mp_int b, mp_int q, mp_int r) or to overlap with the inputs. */ if((lg = s_isp2(b)) < 0) { - if(q && b != q && (res = mp_int_copy(a, q)) == MP_OK) { - qout = q; + if(q && b != q) { + if((res = mp_int_copy(a, q)) != MP_OK) + goto CLEANUP; + else + qout = q; } else { qout = TEMP(last); SETUP(mp_int_init_copy(TEMP(last), a), last); } - if(r && a != r && (res = mp_int_copy(b, r)) == MP_OK) { - rout = r; + if(r && a != r) { + if((res = mp_int_copy(b, r)) != MP_OK) + goto CLEANUP; + else + rout = r; } else { rout = TEMP(last); @@ -981,7 +989,7 @@ mp_result mp_int_mod(mp_int a, mp_int m, mp_int c) /* {{{ mp_int_div_value(a, value, q, r) */ -mp_result mp_int_div_value(mp_int a, int value, mp_int q, int *r) +mp_result mp_int_div_value(mp_int a, mp_small value, mp_int q, mp_small *r) { mpz_t vtmp, rtmp; mp_digit vbuf[MP_VALUE_DIGITS(value)]; @@ -1005,7 +1013,7 @@ mp_result mp_int_div_value(mp_int a, int value, mp_int q, int *r) /* {{{ mp_int_div_pow2(a, p2, q, r) */ -mp_result mp_int_div_pow2(mp_int a, int p2, mp_int q, mp_int r) +mp_result mp_int_div_pow2(mp_int a, mp_small p2, mp_int q, mp_int r) { mp_result res = MP_OK; @@ -1024,7 +1032,7 @@ mp_result mp_int_div_pow2(mp_int a, int p2, mp_int q, mp_int r) /* {{{ mp_int_expt(a, b, c) */ -mp_result mp_int_expt(mp_int a, int b, mp_int c) +mp_result mp_int_expt(mp_int a, mp_small b, mp_int c) { mpz_t t; mp_result res; @@ -1058,7 +1066,7 @@ mp_result mp_int_expt(mp_int a, int b, mp_int c) /* {{{ mp_int_expt_value(a, b, c) */ -mp_result mp_int_expt_value(int a, int b, mp_int c) +mp_result mp_int_expt_value(mp_small a, mp_small b, mp_int c) { mpz_t t; mp_result res; @@ -1149,7 +1157,7 @@ int mp_int_compare_zero(mp_int z) /* {{{ mp_int_compare_value(z, value) */ -int mp_int_compare_value(mp_int z, int value) +int mp_int_compare_value(mp_int z, mp_small value) { mp_sign vsign = (value < 0) ? MP_NEG : MP_ZPOS; int cmp; @@ -1224,7 +1232,7 @@ mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m, mp_int c) /* {{{ mp_int_exptmod_evalue(a, value, m, c) */ -mp_result mp_int_exptmod_evalue(mp_int a, int value, mp_int m, mp_int c) +mp_result mp_int_exptmod_evalue(mp_int a, mp_small value, mp_int m, mp_int c) { mpz_t vtmp; mp_digit vbuf[MP_VALUE_DIGITS(value)]; @@ -1238,7 +1246,7 @@ mp_result mp_int_exptmod_evalue(mp_int a, int value, mp_int m, mp_int c) /* {{{ mp_int_exptmod_bvalue(v, b, m, c) */ -mp_result mp_int_exptmod_bvalue(int value, mp_int b, +mp_result mp_int_exptmod_bvalue(mp_small value, mp_int b, mp_int m, mp_int c) { mpz_t vtmp; @@ -1555,11 +1563,45 @@ mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, /* }}} */ +/* {{{ mp_int_lcm(a, b, c) */ + +mp_result mp_int_lcm(mp_int a, mp_int b, mp_int c) +{ + mpz_t lcm; + mp_result res; + + CHECK(a != NULL && b != NULL && c != NULL); + + /* Since a * b = gcd(a, b) * lcm(a, b), we can compute + lcm(a, b) = (a / gcd(a, b)) * b. + + This formulation insures everything works even if the input + variables share space. + */ + if((res = mp_int_init(&lcm)) != MP_OK) + return res; + if((res = mp_int_gcd(a, b, &lcm)) != MP_OK) + goto CLEANUP; + if((res = mp_int_div(a, &lcm, &lcm, NULL)) != MP_OK) + goto CLEANUP; + if((res = mp_int_mul(&lcm, b, &lcm)) != MP_OK) + goto CLEANUP; + + res = mp_int_copy(&lcm, c); + + CLEANUP: + mp_int_clear(&lcm); + + return res; +} + +/* }}} */ + /* {{{ mp_int_divisible_value(a, v) */ -int mp_int_divisible_value(mp_int a, int v) +int mp_int_divisible_value(mp_int a, mp_small v) { - int rem = 0; + mp_small rem = 0; if(mp_int_div_value(a, v, NULL, &rem) != MP_OK) return 0; @@ -1580,61 +1622,87 @@ int mp_int_is_pow2(mp_int z) /* }}} */ -/* {{{ mp_int_sqrt(a, c) */ +/* {{{ mp_int_root(a, b, c) */ -mp_result mp_int_sqrt(mp_int a, mp_int c) +/* Implementation of Newton's root finding method, based loosely on a + patch contributed by Hal Finkel + modified by M. J. Fromberger. + */ +mp_result mp_int_root(mp_int a, mp_small b, mp_int c) { mp_result res = MP_OK; - mpz_t temp[2]; + mpz_t temp[5]; int last = 0; + int flips = 0; - CHECK(a != NULL && c != NULL); + CHECK(a != NULL && c != NULL && b > 0); - /* The square root of a negative value does not exist in the integers. */ - if(MP_SIGN(a) == MP_NEG) - return MP_UNDEF; + if(b == 1) { + return mp_int_copy(a, c); + } + if(MP_SIGN(a) == MP_NEG) { + if(b % 2 == 0) + return MP_UNDEF; /* root does not exist for negative a with even b */ + else + flips = 1; + } SETUP(mp_int_init_copy(TEMP(last), a), last); + SETUP(mp_int_init_copy(TEMP(last), a), last); + SETUP(mp_int_init(TEMP(last)), last); + SETUP(mp_int_init(TEMP(last)), last); SETUP(mp_int_init(TEMP(last)), last); + (void) mp_int_abs(TEMP(0), TEMP(0)); + (void) mp_int_abs(TEMP(1), TEMP(1)); + for(;;) { - if((res = mp_int_sqr(TEMP(0), TEMP(1))) != MP_OK) + if((res = mp_int_expt(TEMP(1), b, TEMP(2))) != MP_OK) goto CLEANUP; - if(mp_int_compare_unsigned(a, TEMP(1)) == 0) break; + if(mp_int_compare_unsigned(TEMP(2), TEMP(0)) <= 0) + break; - if((res = mp_int_copy(a, TEMP(1))) != MP_OK) + if((res = mp_int_sub(TEMP(2), TEMP(0), TEMP(2))) != MP_OK) goto CLEANUP; - if((res = mp_int_div(TEMP(1), TEMP(0), TEMP(1), NULL)) != MP_OK) + if((res = mp_int_expt(TEMP(1), b - 1, TEMP(3))) != MP_OK) goto CLEANUP; - if((res = mp_int_add(TEMP(0), TEMP(1), TEMP(1))) != MP_OK) + if((res = mp_int_mul_value(TEMP(3), b, TEMP(3))) != MP_OK) goto CLEANUP; - if((res = mp_int_div_pow2(TEMP(1), 1, TEMP(1), NULL)) != MP_OK) + if((res = mp_int_div(TEMP(2), TEMP(3), TEMP(4), NULL)) != MP_OK) + goto CLEANUP; + if((res = mp_int_sub(TEMP(1), TEMP(4), TEMP(4))) != MP_OK) goto CLEANUP; - if(mp_int_compare_unsigned(TEMP(0), TEMP(1)) == 0) break; - if((res = mp_int_sub_value(TEMP(0), 1, TEMP(0))) != MP_OK) goto CLEANUP; - if(mp_int_compare_unsigned(TEMP(0), TEMP(1)) == 0) break; - - if((res = mp_int_copy(TEMP(1), TEMP(0))) != MP_OK) goto CLEANUP; + if(mp_int_compare_unsigned(TEMP(1), TEMP(4)) == 0) { + if((res = mp_int_sub_value(TEMP(4), 1, TEMP(4))) != MP_OK) + goto CLEANUP; + } + if((res = mp_int_copy(TEMP(4), TEMP(1))) != MP_OK) + goto CLEANUP; } - res = mp_int_copy(TEMP(0), c); + if((res = mp_int_copy(TEMP(1), c)) != MP_OK) + goto CLEANUP; + + /* If the original value of a was negative, flip the output sign. */ + if(flips) + (void) mp_int_neg(c, c); /* cannot fail */ CLEANUP: while(--last >= 0) mp_int_clear(TEMP(last)); - - return res; + + return res; } /* }}} */ /* {{{ mp_int_to_int(z, out) */ -mp_result mp_int_to_int(mp_int z, int *out) +mp_result mp_int_to_int(mp_int z, mp_small *out) { - unsigned int uv = 0; + mp_usmall uv = 0; mp_size uz; mp_digit *dz; mp_sign sz; @@ -1643,8 +1711,8 @@ mp_result mp_int_to_int(mp_int z, int *out) /* Make sure the value is representable as an int */ sz = MP_SIGN(z); - if((sz == MP_ZPOS && mp_int_compare_value(z, INT_MAX) > 0) || - mp_int_compare_value(z, INT_MIN) < 0) + if((sz == MP_ZPOS && mp_int_compare_value(z, MP_SMALL_MAX) > 0) || + mp_int_compare_value(z, MP_SMALL_MIN) < 0) return MP_RANGE; uz = MP_USED(z); @@ -1657,13 +1725,46 @@ mp_result mp_int_to_int(mp_int z, int *out) } if(out) - *out = (sz == MP_NEG) ? -(int)uv : (int)uv; + *out = (sz == MP_NEG) ? -(mp_small)uv : (mp_small)uv; return MP_OK; } /* }}} */ +/* {{{ mp_int_to_uint(z, *out) */ + +mp_result mp_int_to_uint(mp_int z, mp_usmall *out) +{ + mp_usmall uv = 0; + mp_size uz; + mp_digit *dz; + mp_sign sz; + + CHECK(z != NULL); + + /* Make sure the value is representable as an int */ + sz = MP_SIGN(z); + if(!(sz == MP_ZPOS && mp_int_compare_value(z, UINT_MAX) <= 0)) + return MP_RANGE; + + uz = MP_USED(z); + dz = MP_DIGITS(z) + uz - 1; + + while(uz > 0) { + uv <<= MP_DIGIT_BIT/2; + uv = (uv << (MP_DIGIT_BIT/2)) | *dz--; + --uz; + } + + if(out) + *out = uv; + + return MP_OK; +} + +/* }}} */ + /* {{{ mp_int_to_string(z, radix, str, limit) */ mp_result mp_int_to_string(mp_int z, mp_size radix, @@ -1769,7 +1870,7 @@ mp_result mp_int_read_cstring(mp_int z, mp_size radix, const char *str, char **e return MP_RANGE; /* Skip leading whitespace */ - while(isspace((unsigned char)*str)) + while(isspace((int)*str)) ++str; /* Handle leading sign tag (+/-, positive default) */ @@ -2091,26 +2192,9 @@ static int s_pad(mp_int z, mp_size min) /* }}} */ -/* {{{ s_clamp(z) */ - -#if TRACEABLE_CLAMP -static void s_clamp(mp_int z) -{ - mp_size uz = MP_USED(z); - mp_digit *zd = MP_DIGITS(z) + uz - 1; - - while(uz > 1 && (*zd-- == 0)) - --uz; - - MP_USED(z) = uz; -} -#endif - -/* }}} */ - /* {{{ s_fake(z, value, vbuf) */ -static void s_fake(mp_int z, int value, mp_digit vbuf[]) +static void s_fake(mp_int z, mp_small value, mp_digit vbuf[]) { mp_size uv = (mp_size) s_vpack(value, vbuf); @@ -2142,9 +2226,9 @@ static int s_cdig(mp_digit *da, mp_digit *db, mp_size len) /* {{{ s_vpack(v, t[]) */ -static int s_vpack(int v, mp_digit t[]) +static int s_vpack(mp_small v, mp_digit t[]) { - unsigned int uv = (unsigned int)((v < 0) ? -v : v); + mp_usmall uv = (mp_usmall) ((v < 0) ? -v : v); int ndig = 0; if(uv == 0) @@ -2180,7 +2264,7 @@ static int s_ucmp(mp_int a, mp_int b) /* {{{ s_vcmp(a, v) */ -static int s_vcmp(mp_int a, int v) +static int s_vcmp(mp_int a, mp_small v) { mp_digit vdig[MP_VALUE_DIGITS(v)]; int ndig = 0; @@ -2814,7 +2898,7 @@ static int s_isp2(mp_int z) /* {{{ s_2expt(z, k) */ -static int s_2expt(mp_int z, int k) +static int s_2expt(mp_int z, mp_small k) { mp_size ndig, rest; mp_digit *dz; @@ -3100,12 +3184,13 @@ static mp_result s_udiv(mp_int a, mp_int b) /* {{{ s_outlen(z, r) */ -/* Precondition: 2 <= r < 64 */ static int s_outlen(mp_int z, mp_size r) { mp_result bits; double raw; + assert(r >= MP_MIN_RADIX && r <= MP_MAX_RADIX); + bits = mp_int_count_bits(z); raw = (double)bits * s_log2[r]; @@ -3135,7 +3220,7 @@ static int s_ch2val(char c, int r) if(isdigit((unsigned char) c)) out = c - '0'; else if(r > 10 && isalpha((unsigned char) c)) - out = toupper((unsigned char)c) - 'A' + 10; + out = toupper(c) - 'A' + 10; else return -1; diff --git a/source4/heimdal/lib/hcrypto/imath/imath.h b/source4/heimdal/lib/hcrypto/imath/imath.h old mode 100755 new mode 100644 index f13c09d1a2..cb877959e9 --- a/source4/heimdal/lib/hcrypto/imath/imath.h +++ b/source4/heimdal/lib/hcrypto/imath/imath.h @@ -1,8 +1,8 @@ /* Name: imath.h Purpose: Arbitrary precision integer arithmetic routines. - Author: M. J. Fromberger - Info: $Id: imath.h 20764 2007-06-01 03:55:14Z lha $ + Author: M. J. Fromberger + Info: $Id: imath.h 635 2008-01-08 18:19:40Z sting $ Copyright (C) 2002-2007 Michael J. Fromberger, All Rights Reserved. @@ -39,6 +39,8 @@ extern "C" { typedef unsigned char mp_sign; typedef unsigned int mp_size; typedef int mp_result; +typedef long mp_small; /* must be a signed type */ +typedef unsigned long mp_usmall; /* must be an unsigned type */ #ifdef USE_LONG_LONG typedef unsigned int mp_digit; typedef unsigned long long mp_word; @@ -68,9 +70,14 @@ extern const mp_result MP_RANGE; extern const mp_result MP_UNDEF; extern const mp_result MP_TRUNC; extern const mp_result MP_BADARG; +extern const mp_result MP_MINERR; #define MP_DIGIT_BIT (sizeof(mp_digit) * CHAR_BIT) #define MP_WORD_BIT (sizeof(mp_word) * CHAR_BIT) +#define MP_SMALL_MIN LONG_MIN +#define MP_SMALL_MAX LONG_MAX +#define MP_USMALL_MIN ULONG_MIN +#define MP_USMALL_MAX ULONG_MAX #ifdef USE_LONG_LONG # ifndef ULONG_LONG_MAX @@ -108,8 +115,8 @@ mp_result mp_int_init(mp_int z); mp_int mp_int_alloc(void); mp_result mp_int_init_size(mp_int z, mp_size prec); mp_result mp_int_init_copy(mp_int z, mp_int old); -mp_result mp_int_init_value(mp_int z, int value); -mp_result mp_int_set_value(mp_int z, int value); +mp_result mp_int_init_value(mp_int z, mp_small value); +mp_result mp_int_set_value(mp_int z, mp_small value); void mp_int_clear(mp_int z); void mp_int_free(mp_int z); @@ -119,40 +126,40 @@ void mp_int_zero(mp_int z); /* z = 0 */ mp_result mp_int_abs(mp_int a, mp_int c); /* c = |a| */ mp_result mp_int_neg(mp_int a, mp_int c); /* c = -a */ mp_result mp_int_add(mp_int a, mp_int b, mp_int c); /* c = a + b */ -mp_result mp_int_add_value(mp_int a, int value, mp_int c); +mp_result mp_int_add_value(mp_int a, mp_small value, mp_int c); mp_result mp_int_sub(mp_int a, mp_int b, mp_int c); /* c = a - b */ -mp_result mp_int_sub_value(mp_int a, int value, mp_int c); +mp_result mp_int_sub_value(mp_int a, mp_small value, mp_int c); mp_result mp_int_mul(mp_int a, mp_int b, mp_int c); /* c = a * b */ -mp_result mp_int_mul_value(mp_int a, int value, mp_int c); -mp_result mp_int_mul_pow2(mp_int a, int p2, mp_int c); +mp_result mp_int_mul_value(mp_int a, mp_small value, mp_int c); +mp_result mp_int_mul_pow2(mp_int a, mp_small p2, mp_int c); mp_result mp_int_sqr(mp_int a, mp_int c); /* c = a * a */ mp_result mp_int_div(mp_int a, mp_int b, /* q = a / b */ mp_int q, mp_int r); /* r = a % b */ -mp_result mp_int_div_value(mp_int a, int value, /* q = a / value */ - mp_int q, int *r); /* r = a % value */ -mp_result mp_int_div_pow2(mp_int a, int p2, /* q = a / 2^p2 */ +mp_result mp_int_div_value(mp_int a, mp_small value, /* q = a / value */ + mp_int q, mp_small *r); /* r = a % value */ +mp_result mp_int_div_pow2(mp_int a, mp_small p2, /* q = a / 2^p2 */ mp_int q, mp_int r); /* r = q % 2^p2 */ mp_result mp_int_mod(mp_int a, mp_int m, mp_int c); /* c = a % m */ #define mp_int_mod_value(A, V, R) mp_int_div_value((A), (V), 0, (R)) -mp_result mp_int_expt(mp_int a, int b, mp_int c); /* c = a^b */ -mp_result mp_int_expt_value(int a, int b, mp_int c); /* c = a^b */ +mp_result mp_int_expt(mp_int a, mp_small b, mp_int c); /* c = a^b */ +mp_result mp_int_expt_value(mp_small a, mp_small b, mp_int c); /* c = a^b */ int mp_int_compare(mp_int a, mp_int b); /* a <=> b */ int mp_int_compare_unsigned(mp_int a, mp_int b); /* |a| <=> |b| */ -int mp_int_compare_zero(mp_int z); /* a <=> 0 */ -int mp_int_compare_value(mp_int z, int value); /* a <=> v */ +int mp_int_compare_zero(mp_int z); /* a <=> 0 */ +int mp_int_compare_value(mp_int z, mp_small value); /* a <=> v */ /* Returns true if v|a, false otherwise (including errors) */ -int mp_int_divisible_value(mp_int a, int v); +int mp_int_divisible_value(mp_int a, mp_small v); /* Returns k >= 0 such that z = 2^k, if one exists; otherwise < 0 */ int mp_int_is_pow2(mp_int z); mp_result mp_int_exptmod(mp_int a, mp_int b, mp_int m, mp_int c); /* c = a^b (mod m) */ -mp_result mp_int_exptmod_evalue(mp_int a, int value, +mp_result mp_int_exptmod_evalue(mp_int a, mp_small value, mp_int m, mp_int c); /* c = a^v (mod m) */ -mp_result mp_int_exptmod_bvalue(int value, mp_int b, +mp_result mp_int_exptmod_bvalue(mp_small value, mp_int b, mp_int m, mp_int c); /* c = v^b (mod m) */ mp_result mp_int_exptmod_known(mp_int a, mp_int b, mp_int m, mp_int mu, @@ -166,10 +173,14 @@ mp_result mp_int_gcd(mp_int a, mp_int b, mp_int c); /* c = gcd(a, b) */ mp_result mp_int_egcd(mp_int a, mp_int b, mp_int c, /* c = gcd(a, b) */ mp_int x, mp_int y); /* c = ax + by */ -mp_result mp_int_sqrt(mp_int a, mp_int c); /* c = floor(sqrt(q)) */ +mp_result mp_int_lcm(mp_int a, mp_int b, mp_int c); /* c = lcm(a, b) */ -/* Convert to an int, if representable (returns MP_RANGE if not). */ -mp_result mp_int_to_int(mp_int z, int *out); +mp_result mp_int_root(mp_int a, mp_small b, mp_int c); /* c = floor(a^{1/b}) */ +#define mp_int_sqrt(a, c) mp_int_root(a, 2, c) /* c = floor(sqrt(a)) */ + +/* Convert to a small int, if representable; else MP_RANGE */ +mp_result mp_int_to_int(mp_int z, mp_small *out); +mp_result mp_int_to_uint(mp_int z, mp_usmall *out); /* Convert to nul-terminated string with the specified radix, writing at most limit characters including the nul terminator */ diff --git a/source4/heimdal/lib/hcrypto/imath/iprime.c b/source4/heimdal/lib/hcrypto/imath/iprime.c old mode 100755 new mode 100644 index 6313bab1b7..2bc9e7a6d1 --- a/source4/heimdal/lib/hcrypto/imath/iprime.c +++ b/source4/heimdal/lib/hcrypto/imath/iprime.c @@ -1,10 +1,10 @@ /* Name: iprime.c Purpose: Pseudoprimality testing routines - Author: M. J. Fromberger - Info: $Id: iprime.c 19737 2007-01-05 21:01:48Z lha $ + Author: M. J. Fromberger + Info: $Id: iprime.c 635 2008-01-08 18:19:40Z sting $ - Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved. + Copyright (C) 2002-2008 Michael J. Fromberger, All Rights Reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files @@ -47,7 +47,9 @@ static const int s_ptab[] = { 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, - 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, + 991, 997 +#ifdef IMATH_LARGE_PRIME_TABLE + , 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, @@ -110,10 +112,10 @@ static const int s_ptab[] = { 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, 4969, 4973, 4987, 4993, 4999 +#endif }; static const int s_ptab_size = sizeof(s_ptab)/sizeof(s_ptab[0]); - /* {{{ mp_int_is_prime(z) */ /* Test whether z is likely to be prime: @@ -122,7 +124,8 @@ static const int s_ptab_size = sizeof(s_ptab)/sizeof(s_ptab[0]); */ mp_result mp_int_is_prime(mp_int z) { - int i, rem; + int i; + mp_small rem; mp_result res; /* First check for divisibility by small primes; this eliminates a diff --git a/source4/heimdal/lib/hcrypto/imath/iprime.h b/source4/heimdal/lib/hcrypto/imath/iprime.h old mode 100755 new mode 100644 index c935cdc111..6110dccb55 --- a/source4/heimdal/lib/hcrypto/imath/iprime.h +++ b/source4/heimdal/lib/hcrypto/imath/iprime.h @@ -1,10 +1,10 @@ /* Name: iprime.h Purpose: Pseudoprimality testing routines - Author: M. J. Fromberger - Info: $Id: iprime.h 18759 2006-10-21 16:32:36Z lha $ + Author: M. J. Fromberger + Info: $Id: iprime.h 635 2008-01-08 18:19:40Z sting $ - Copyright (C) 2002 Michael J. Fromberger, All Rights Reserved. + Copyright (C) 2002-2008 Michael J. Fromberger, All Rights Reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files diff --git a/source4/heimdal/lib/hcrypto/md2.c b/source4/heimdal/lib/hcrypto/md2.c index 84b66c225f..8e4dd6169f 100644 --- a/source4/heimdal/lib/hcrypto/md2.c +++ b/source4/heimdal/lib/hcrypto/md2.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: md2.c 16480 2006-01-08 21:47:29Z lha $"); +RCSID("$Id$"); #endif #include "hash.h" diff --git a/source4/heimdal/lib/hcrypto/md2.h b/source4/heimdal/lib/hcrypto/md2.h index cf3960b935..5fd832d5f0 100644 --- a/source4/heimdal/lib/hcrypto/md2.h +++ b/source4/heimdal/lib/hcrypto/md2.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: md2.h 16480 2006-01-08 21:47:29Z lha $ */ +/* $Id$ */ #ifndef HEIM_MD2_H #define HEIM_MD2_H 1 diff --git a/source4/heimdal/lib/hcrypto/md4.c b/source4/heimdal/lib/hcrypto/md4.c index 95ab340b48..dfdd78c849 100644 --- a/source4/heimdal/lib/hcrypto/md4.c +++ b/source4/heimdal/lib/hcrypto/md4.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: md4.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); #endif #include "hash.h" diff --git a/source4/heimdal/lib/hcrypto/md4.h b/source4/heimdal/lib/hcrypto/md4.h index 8725209d02..089c329a29 100644 --- a/source4/heimdal/lib/hcrypto/md4.h +++ b/source4/heimdal/lib/hcrypto/md4.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: md4.h 17450 2006-05-05 11:11:43Z lha $ */ +/* $Id$ */ #ifndef HEIM_MD4_H #define HEIM_MD4_H 1 diff --git a/source4/heimdal/lib/hcrypto/md5.c b/source4/heimdal/lib/hcrypto/md5.c index b145fd2ac7..d6149cdc73 100644 --- a/source4/heimdal/lib/hcrypto/md5.c +++ b/source4/heimdal/lib/hcrypto/md5.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: md5.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); #endif #include "hash.h" diff --git a/source4/heimdal/lib/hcrypto/md5.h b/source4/heimdal/lib/hcrypto/md5.h index de6bd3a0a6..0689113685 100644 --- a/source4/heimdal/lib/hcrypto/md5.h +++ b/source4/heimdal/lib/hcrypto/md5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: md5.h 17450 2006-05-05 11:11:43Z lha $ */ +/* $Id$ */ #ifndef HEIM_MD5_H #define HEIM_MD5_H 1 diff --git a/source4/heimdal/lib/hcrypto/pkcs12.c b/source4/heimdal/lib/hcrypto/pkcs12.c index fcf04a73c1..2de482ccc8 100644 --- a/source4/heimdal/lib/hcrypto/pkcs12.c +++ b/source4/heimdal/lib/hcrypto/pkcs12.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: pkcs12.c 23137 2008-04-29 05:46:48Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source4/heimdal/lib/hcrypto/pkcs12.h b/source4/heimdal/lib/hcrypto/pkcs12.h index eb28b05467..71ee6ee49f 100644 --- a/source4/heimdal/lib/hcrypto/pkcs12.h +++ b/source4/heimdal/lib/hcrypto/pkcs12.h @@ -32,7 +32,7 @@ */ /* - * $Id: pkcs12.h 16564 2006-01-13 15:26:52Z lha $ + * $Id$ */ #ifndef _HEIM_PKCS12_H diff --git a/source4/heimdal/lib/hcrypto/pkcs5.c b/source4/heimdal/lib/hcrypto/pkcs5.c index 8a8f948abb..c44c76df5f 100644 --- a/source4/heimdal/lib/hcrypto/pkcs5.c +++ b/source4/heimdal/lib/hcrypto/pkcs5.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: pkcs5.c 23059 2008-04-18 13:04:08Z lha $"); +RCSID("$Id$"); #ifdef KRB5 #include diff --git a/source4/heimdal/lib/hcrypto/rand-egd.c b/source4/heimdal/lib/hcrypto/rand-egd.c index c1f306bcc3..0ed06d83db 100644 --- a/source4/heimdal/lib/hcrypto/rand-egd.c +++ b/source4/heimdal/lib/hcrypto/rand-egd.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rand-egd.c 23461 2008-07-27 12:14:20Z lha $"); +RCSID("$Id$"); #include #ifdef HAVE_SYS_UN_H diff --git a/source4/heimdal/lib/hcrypto/rand-fortuna.c b/source4/heimdal/lib/hcrypto/rand-fortuna.c index da59a433b1..f75ba575cf 100644 --- a/source4/heimdal/lib/hcrypto/rand-fortuna.c +++ b/source4/heimdal/lib/hcrypto/rand-fortuna.c @@ -33,7 +33,7 @@ #include #endif -RCSID("$Id: rand-fortuna.c 23463 2008-07-27 12:15:06Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source4/heimdal/lib/hcrypto/rand-unix.c b/source4/heimdal/lib/hcrypto/rand-unix.c index 5fb099d724..eaa81b0f1d 100644 --- a/source4/heimdal/lib/hcrypto/rand-unix.c +++ b/source4/heimdal/lib/hcrypto/rand-unix.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rand-unix.c 23462 2008-07-27 12:14:42Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source4/heimdal/lib/hcrypto/rand.c b/source4/heimdal/lib/hcrypto/rand.c index 1561f2ad39..4278300325 100644 --- a/source4/heimdal/lib/hcrypto/rand.c +++ b/source4/heimdal/lib/hcrypto/rand.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rand.c 23464 2008-07-27 12:15:21Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source4/heimdal/lib/hcrypto/rand.h b/source4/heimdal/lib/hcrypto/rand.h index c8ba2d9a7b..06e9ba4203 100644 --- a/source4/heimdal/lib/hcrypto/rand.h +++ b/source4/heimdal/lib/hcrypto/rand.h @@ -33,7 +33,7 @@ */ /* - * $Id: rand.h 20063 2007-01-30 18:30:36Z lha $ + * $Id$ */ #ifndef _HEIM_RAND_H diff --git a/source4/heimdal/lib/hcrypto/randi.h b/source4/heimdal/lib/hcrypto/randi.h index 6ae75f262b..7a5eb82c41 100644 --- a/source4/heimdal/lib/hcrypto/randi.h +++ b/source4/heimdal/lib/hcrypto/randi.h @@ -32,7 +32,7 @@ */ /* - * $Id: randi.h 21101 2007-06-18 03:53:46Z lha $ + * $Id$ */ #ifndef _HEIM_RANDI_H diff --git a/source4/heimdal/lib/hcrypto/rc2.c b/source4/heimdal/lib/hcrypto/rc2.c index 63992be9a9..e377ca7909 100644 --- a/source4/heimdal/lib/hcrypto/rc2.c +++ b/source4/heimdal/lib/hcrypto/rc2.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: rc2.c 17022 2006-04-09 17:03:21Z lha $"); +RCSID("$Id$"); #endif #include "rc2.h" diff --git a/source4/heimdal/lib/hcrypto/rc2.h b/source4/heimdal/lib/hcrypto/rc2.h index 5a2dd2d705..82b1e5eb3a 100644 --- a/source4/heimdal/lib/hcrypto/rc2.h +++ b/source4/heimdal/lib/hcrypto/rc2.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: rc2.h 16480 2006-01-08 21:47:29Z lha $ */ +/* $Id$ */ /* symbol renaming */ #define RC2_set_key hc_RC2_set_key diff --git a/source4/heimdal/lib/hcrypto/rc4.c b/source4/heimdal/lib/hcrypto/rc4.c index edaf37ddc4..7b97ab1947 100644 --- a/source4/heimdal/lib/hcrypto/rc4.c +++ b/source4/heimdal/lib/hcrypto/rc4.c @@ -36,7 +36,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: rc4.c 13640 2004-03-25 16:40:59Z lha $"); +RCSID("$Id$"); #endif #include diff --git a/source4/heimdal/lib/hcrypto/rc4.h b/source4/heimdal/lib/hcrypto/rc4.h index 1ab25f59e6..c7cbc0df33 100644 --- a/source4/heimdal/lib/hcrypto/rc4.h +++ b/source4/heimdal/lib/hcrypto/rc4.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: rc4.h 16480 2006-01-08 21:47:29Z lha $ */ +/* $Id$ */ /* symbol renaming */ #define RC4_set_key hc_RC4_set_key diff --git a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c index c6330d27e4..57f13177df 100644 --- a/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c +++ b/source4/heimdal/lib/hcrypto/rijndael-alg-fst.c @@ -31,7 +31,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: rijndael-alg-fst.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); #endif #ifdef KRB5 diff --git a/source4/heimdal/lib/hcrypto/rnd_keys.c b/source4/heimdal/lib/hcrypto/rnd_keys.c index 0fd64af3b5..57dc7c373f 100644 --- a/source4/heimdal/lib/hcrypto/rnd_keys.c +++ b/source4/heimdal/lib/hcrypto/rnd_keys.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: rnd_keys.c 23093 2008-04-27 18:49:51Z lha $"); +RCSID("$Id$"); #endif #define HC_DEPRECATED diff --git a/source4/heimdal/lib/hcrypto/rsa-imath.c b/source4/heimdal/lib/hcrypto/rsa-imath.c index 74093ff7ba..4926a0c4e0 100644 --- a/source4/heimdal/lib/hcrypto/rsa-imath.c +++ b/source4/heimdal/lib/hcrypto/rsa-imath.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rsa-imath.c 21154 2007-06-18 21:58:12Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source4/heimdal/lib/hcrypto/rsa.c b/source4/heimdal/lib/hcrypto/rsa.c index 270857d175..da773a44b3 100644 --- a/source4/heimdal/lib/hcrypto/rsa.c +++ b/source4/heimdal/lib/hcrypto/rsa.c @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: rsa.c 22422 2008-01-13 09:43:59Z lha $"); +RCSID("$Id$"); #include #include diff --git a/source4/heimdal/lib/hcrypto/rsa.h b/source4/heimdal/lib/hcrypto/rsa.h index 0f54ca0a4d..3fa82fce7d 100644 --- a/source4/heimdal/lib/hcrypto/rsa.h +++ b/source4/heimdal/lib/hcrypto/rsa.h @@ -32,7 +32,7 @@ */ /* - * $Id: rsa.h 22269 2007-12-11 10:59:22Z lha $ + * $Id$ */ #ifndef _HEIM_RSA_H diff --git a/source4/heimdal/lib/hcrypto/sha.c b/source4/heimdal/lib/hcrypto/sha.c index a264f53f33..24b3e42f9b 100644 --- a/source4/heimdal/lib/hcrypto/sha.c +++ b/source4/heimdal/lib/hcrypto/sha.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: sha.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); #endif #include "hash.h" diff --git a/source4/heimdal/lib/hcrypto/sha.h b/source4/heimdal/lib/hcrypto/sha.h index 70fc20e222..50650f50fa 100644 --- a/source4/heimdal/lib/hcrypto/sha.h +++ b/source4/heimdal/lib/hcrypto/sha.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: sha.h 17450 2006-05-05 11:11:43Z lha $ */ +/* $Id$ */ #ifndef HEIM_SHA_H #define HEIM_SHA_H 1 diff --git a/source4/heimdal/lib/hcrypto/sha256.c b/source4/heimdal/lib/hcrypto/sha256.c index b95442eff6..ba662393a8 100644 --- a/source4/heimdal/lib/hcrypto/sha256.c +++ b/source4/heimdal/lib/hcrypto/sha256.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$Id: sha256.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); #endif #include "hash.h" diff --git a/source4/heimdal/lib/hcrypto/ui.c b/source4/heimdal/lib/hcrypto/ui.c index 8c3ea1fa15..05f44bc669 100644 --- a/source4/heimdal/lib/hcrypto/ui.c +++ b/source4/heimdal/lib/hcrypto/ui.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: ui.c 23466 2008-07-27 12:16:15Z lha $"); +RCSID("$Id$"); #endif #include diff --git a/source4/heimdal/lib/hcrypto/ui.h b/source4/heimdal/lib/hcrypto/ui.h index 53926cc1f7..f13f75c759 100644 --- a/source4/heimdal/lib/hcrypto/ui.h +++ b/source4/heimdal/lib/hcrypto/ui.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: ui.h 16480 2006-01-08 21:47:29Z lha $ */ +/* $Id$ */ #ifndef _HEIM_UI_H #define _HEIM_UI_H 1 diff --git a/source4/heimdal/lib/hdb/db.c b/source4/heimdal/lib/hdb/db.c index cb28226431..a598e9e1a4 100644 --- a/source4/heimdal/lib/hdb/db.c +++ b/source4/heimdal/lib/hdb/db.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: db.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); #if HAVE_DB1 diff --git a/source4/heimdal/lib/hdb/dbinfo.c b/source4/heimdal/lib/hdb/dbinfo.c index e99f72050d..67b9fc6ecf 100644 --- a/source4/heimdal/lib/hdb/dbinfo.c +++ b/source4/heimdal/lib/hdb/dbinfo.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: dbinfo.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct hdb_dbinfo { char *label; diff --git a/source4/heimdal/lib/hdb/ext.c b/source4/heimdal/lib/hdb/ext.c index 30e15efb27..92147254ee 100644 --- a/source4/heimdal/lib/hdb/ext.c +++ b/source4/heimdal/lib/hdb/ext.c @@ -34,7 +34,7 @@ #include "hdb_locl.h" #include -RCSID("$Id: ext.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); krb5_error_code hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) diff --git a/source4/heimdal/lib/hdb/hdb.asn1 b/source4/heimdal/lib/hdb/hdb.asn1 index acd8f61d7e..5cddf8f1d0 100644 --- a/source4/heimdal/lib/hdb/hdb.asn1 +++ b/source4/heimdal/lib/hdb/hdb.asn1 @@ -1,4 +1,4 @@ --- $Id: hdb.asn1 20236 2007-02-16 23:52:29Z lha $ +-- $Id$ HDB DEFINITIONS ::= BEGIN diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index 3da980a81f..3fddabb2d0 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: hdb.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); #ifdef HAVE_DLFCN_H #include @@ -55,9 +55,6 @@ static struct hdb_method methods[] = { {"ldap:", hdb_ldap_create}, {"ldapi:", hdb_ldapi_create}, #endif -#ifdef _SAMBA_BUILD_ - {"ldb:", hdb_ldb_create}, -#endif #ifdef HAVE_LDB /* Used for integrated samba build */ {"ldb:", hdb_ldb_create}, #endif diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index 742b92405d..bc1b744015 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hdb.h 22198 2007-12-07 13:09:25Z lha $ */ +/* $Id$ */ #ifndef __HDB_H__ #define __HDB_H__ diff --git a/source4/heimdal/lib/hdb/hdb_err.et b/source4/heimdal/lib/hdb/hdb_err.et index 5c5b80bb36..64f79fc84e 100644 --- a/source4/heimdal/lib/hdb/hdb_err.et +++ b/source4/heimdal/lib/hdb/hdb_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: hdb_err.et 15878 2005-08-11 13:17:22Z lha $" +id "$Id$" error_table hdb diff --git a/source4/heimdal/lib/hdb/hdb_locl.h b/source4/heimdal/lib/hdb/hdb_locl.h index 8f9d6fc4c2..9229146d04 100644 --- a/source4/heimdal/lib/hdb/hdb_locl.h +++ b/source4/heimdal/lib/hdb/hdb_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hdb_locl.h 22209 2007-12-07 19:03:41Z lha $ */ +/* $Id$ */ #ifndef __HDB_LOCL_H__ #define __HDB_LOCL_H__ @@ -67,11 +67,4 @@ #define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal" #define HDB_DB_FORMAT_ENTRY "hdb/db-format" -krb5_error_code -hdb_ldb_create ( - krb5_context /*context*/, - HDB ** /*db*/, - const char */*arg*/); - - #endif /* __HDB_LOCL_H__ */ diff --git a/source4/heimdal/lib/hdb/keys.c b/source4/heimdal/lib/hdb/keys.c index e689ae1020..e649f445e0 100644 --- a/source4/heimdal/lib/hdb/keys.c +++ b/source4/heimdal/lib/hdb/keys.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: keys.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* * free all the memory used by (len, keys) @@ -68,11 +68,13 @@ hdb_free_keys (krb5_context context, int len, Key *keys) * afs or afs3 == des:afs3-salt */ -/* the 3 DES types must be first */ -static const krb5_enctype all_etypes[] = { +static const krb5_enctype des_etypes[] = { ETYPE_DES_CBC_MD5, ETYPE_DES_CBC_MD4, - ETYPE_DES_CBC_CRC, + ETYPE_DES_CBC_CRC +}; + +static const krb5_enctype all_etypes[] = { ETYPE_AES256_CTS_HMAC_SHA1_96, ETYPE_ARCFOUR_HMAC_MD5, ETYPE_DES3_CBC_SHA1 @@ -110,8 +112,8 @@ parse_key_set(krb5_context context, const char *key, /* XXX there should be a string_to_etypes handling special cases like `des' and `all' */ if(strcmp(buf[i], "des") == 0) { - enctypes = all_etypes; - num_enctypes = 3; + enctypes = des_etypes; + num_enctypes = sizeof(des_etypes)/sizeof(des_etypes[0]); } else if(strcmp(buf[i], "des3") == 0) { e = ETYPE_DES3_CBC_SHA1; enctypes = &e; @@ -139,8 +141,8 @@ parse_key_set(krb5_context context, const char *key, salt->salttype = KRB5_PW_SALT; } else if(strcmp(buf[i], "afs3-salt") == 0) { if(enctypes == NULL) { - enctypes = all_etypes; - num_enctypes = 3; + enctypes = des_etypes; + num_enctypes = sizeof(des_etypes)/sizeof(des_etypes[0]); } salt->salttype = KRB5_AFS3_SALT; } diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index dc4ccf7678..b2d1fec3d2 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -35,7 +35,7 @@ /* keytab backend for HDB databases */ -RCSID("$Id: keytab.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct hdb_data { char *dbname; diff --git a/source4/heimdal/lib/hdb/mkey.c b/source4/heimdal/lib/hdb/mkey.c index 04cb423889..7d2958b4ac 100644 --- a/source4/heimdal/lib/hdb/mkey.c +++ b/source4/heimdal/lib/hdb/mkey.c @@ -36,7 +36,7 @@ #define O_BINARY 0 #endif -RCSID("$Id: mkey.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct hdb_master_key_data { krb5_keytab_entry keytab; diff --git a/source4/heimdal/lib/hdb/ndbm.c b/source4/heimdal/lib/hdb/ndbm.c index e1e8aacf87..c4fc52e17f 100644 --- a/source4/heimdal/lib/hdb/ndbm.c +++ b/source4/heimdal/lib/hdb/ndbm.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: ndbm.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); #if HAVE_NDBM diff --git a/source4/heimdal/lib/hx509/ca.c b/source4/heimdal/lib/hx509/ca.c index 55374321ea..5b4d7711e7 100644 --- a/source4/heimdal/lib/hx509/ca.c +++ b/source4/heimdal/lib/hx509/ca.c @@ -33,7 +33,7 @@ #include "hx_locl.h" #include -RCSID("$Id: ca.c 22995 2008-04-15 19:31:29Z lha $"); +RCSID("$Id$"); /** * @page page_ca Hx509 CA functions diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c index 3194526e34..3597896c0c 100644 --- a/source4/heimdal/lib/hx509/cert.c +++ b/source4/heimdal/lib/hx509/cert.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: cert.c 23457 2008-07-27 12:12:56Z lha $"); +RCSID("$Id$"); #include "crypto-headers.h" #include diff --git a/source4/heimdal/lib/hx509/cms.c b/source4/heimdal/lib/hx509/cms.c index 69e7730f3c..629060a253 100644 --- a/source4/heimdal/lib/hx509/cms.c +++ b/source4/heimdal/lib/hx509/cms.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: cms.c 23268 2008-06-23 03:23:47Z lha $"); +RCSID("$Id$"); /** * @page page_cms CMS/PKCS7 message functions. diff --git a/source4/heimdal/lib/hx509/collector.c b/source4/heimdal/lib/hx509/collector.c index 8b6ffcb945..d8212927e6 100644 --- a/source4/heimdal/lib/hx509/collector.c +++ b/source4/heimdal/lib/hx509/collector.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: collector.c 20778 2007-06-01 22:04:13Z lha $"); +RCSID("$Id$"); struct private_key { AlgorithmIdentifier alg; diff --git a/source4/heimdal/lib/hx509/crmf.asn1 b/source4/heimdal/lib/hx509/crmf.asn1 index 97ade264ae..3d8403c8e8 100644 --- a/source4/heimdal/lib/hx509/crmf.asn1 +++ b/source4/heimdal/lib/hx509/crmf.asn1 @@ -1,4 +1,4 @@ --- $Id: crmf.asn1 17102 2006-04-18 13:05:21Z lha $ +-- $Id$ PKCS10 DEFINITIONS ::= BEGIN diff --git a/source4/heimdal/lib/hx509/crypto.c b/source4/heimdal/lib/hx509/crypto.c index 9334a4a847..e16977c6bf 100644 --- a/source4/heimdal/lib/hx509/crypto.c +++ b/source4/heimdal/lib/hx509/crypto.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: crypto.c 22855 2008-04-07 18:49:24Z lha $"); +RCSID("$Id$"); struct hx509_crypto; diff --git a/source4/heimdal/lib/hx509/env.c b/source4/heimdal/lib/hx509/env.c index a124e6ea1c..9d771c506f 100644 --- a/source4/heimdal/lib/hx509/env.c +++ b/source4/heimdal/lib/hx509/env.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: env.c 22677 2008-03-13 17:35:49Z lha $"); +RCSID("$Id$"); /** * @page page_env Hx509 enviroment functions diff --git a/source4/heimdal/lib/hx509/error.c b/source4/heimdal/lib/hx509/error.c index 25119ed288..9eeecb227c 100644 --- a/source4/heimdal/lib/hx509/error.c +++ b/source4/heimdal/lib/hx509/error.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: error.c 22332 2007-12-17 01:03:22Z lha $"); +RCSID("$Id$"); /** * @page page_error Hx509 error reporting functions diff --git a/source4/heimdal/lib/hx509/hx509.h b/source4/heimdal/lib/hx509/hx509.h index d2a6b06e0c..289f8d04a7 100644 --- a/source4/heimdal/lib/hx509/hx509.h +++ b/source4/heimdal/lib/hx509/hx509.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hx509.h 22908 2008-04-08 08:16:32Z lha $ */ +/* $Id$ */ #ifndef HEIMDAL_HX509_H #define HEIMDAL_HX509_H 1 diff --git a/source4/heimdal/lib/hx509/hx509_err.et b/source4/heimdal/lib/hx509/hx509_err.et index 8fc5cb8f2f..c1dfaf587e 100644 --- a/source4/heimdal/lib/hx509/hx509_err.et +++ b/source4/heimdal/lib/hx509/hx509_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: hx509_err.et 22329 2007-12-15 05:13:14Z lha $" +id "$Id$" error_table hx prefix HX509 diff --git a/source4/heimdal/lib/hx509/hx_locl.h b/source4/heimdal/lib/hx509/hx_locl.h index d2db3354c7..4cf7a54e13 100644 --- a/source4/heimdal/lib/hx509/hx_locl.h +++ b/source4/heimdal/lib/hx509/hx_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hx_locl.h 23189 2008-05-23 15:04:27Z lha $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include @@ -69,6 +69,7 @@ #include +#define HC_DEPRECATED_CRYPTO #include "crypto-headers.h" struct hx509_keyset_ops; diff --git a/source4/heimdal/lib/hx509/keyset.c b/source4/heimdal/lib/hx509/keyset.c index 1fceb849ec..bb36221aff 100644 --- a/source4/heimdal/lib/hx509/keyset.c +++ b/source4/heimdal/lib/hx509/keyset.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: keyset.c 22851 2008-04-07 18:49:07Z lha $"); +RCSID("$Id$"); /** * @page page_keyset Certificate store operations diff --git a/source4/heimdal/lib/hx509/ks_dir.c b/source4/heimdal/lib/hx509/ks_dir.c index 0dabc78c52..17a3ae4745 100644 --- a/source4/heimdal/lib/hx509/ks_dir.c +++ b/source4/heimdal/lib/hx509/ks_dir.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_dir.c 23460 2008-07-27 12:14:03Z lha $"); +RCSID("$Id$"); #include /* diff --git a/source4/heimdal/lib/hx509/ks_file.c b/source4/heimdal/lib/hx509/ks_file.c index 25ceb1c64f..bb8dce3a4e 100644 --- a/source4/heimdal/lib/hx509/ks_file.c +++ b/source4/heimdal/lib/hx509/ks_file.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_file.c 23459 2008-07-27 12:13:31Z lha $"); +RCSID("$Id$"); typedef enum { USE_PEM, USE_DER } outformat; diff --git a/source4/heimdal/lib/hx509/ks_keychain.c b/source4/heimdal/lib/hx509/ks_keychain.c index f8181975d9..e51b0ab6a0 100644 --- a/source4/heimdal/lib/hx509/ks_keychain.c +++ b/source4/heimdal/lib/hx509/ks_keychain.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_keychain.c 22084 2007-11-16 20:12:30Z lha $"); +RCSID("$Id$"); #ifdef HAVE_FRAMEWORK_SECURITY diff --git a/source4/heimdal/lib/hx509/ks_mem.c b/source4/heimdal/lib/hx509/ks_mem.c index efa19eb19c..043f19b3e4 100644 --- a/source4/heimdal/lib/hx509/ks_mem.c +++ b/source4/heimdal/lib/hx509/ks_mem.c @@ -195,8 +195,8 @@ mem_addkey(hx509_context context, return ENOMEM; } mem->keys = ptr; - mem->keys[i++] = _hx509_private_key_ref(key); - mem->keys[i++] = NULL; + mem->keys[i] = _hx509_private_key_ref(key); + mem->keys[i + 1] = NULL; return 0; } diff --git a/source4/heimdal/lib/hx509/ks_null.c b/source4/heimdal/lib/hx509/ks_null.c index 3be259fc60..0b571c8406 100644 --- a/source4/heimdal/lib/hx509/ks_null.c +++ b/source4/heimdal/lib/hx509/ks_null.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_null.c 20901 2007-06-04 23:14:08Z lha $"); +RCSID("$Id$"); static int diff --git a/source4/heimdal/lib/hx509/ks_p11.c b/source4/heimdal/lib/hx509/ks_p11.c index bf46e6604e..19db6004ce 100644 --- a/source4/heimdal/lib/hx509/ks_p11.c +++ b/source4/heimdal/lib/hx509/ks_p11.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_p11.c 22899 2008-04-07 18:52:36Z lha $"); +RCSID("$Id$"); #ifdef HAVE_DLFCN_H #include #endif @@ -503,7 +503,7 @@ iterate_entries(hx509_context context, { CK_OBJECT_HANDLE object; CK_ULONG object_count; - int ret, i; + int ret, ret2, i; ret = P11FUNC(p, FindObjectsInit, (session, search_data, num_search_data)); if (ret != CKR_OK) { @@ -557,13 +557,12 @@ iterate_entries(hx509_context context, query[i].pValue = NULL; } - ret = P11FUNC(p, FindObjectsFinal, (session)); - if (ret != CKR_OK) { - return -2; + ret2 = P11FUNC(p, FindObjectsFinal, (session)); + if (ret2 != CKR_OK) { + return ret2; } - - return 0; + return ret; } static BIGNUM * diff --git a/source4/heimdal/lib/hx509/ks_p12.c b/source4/heimdal/lib/hx509/ks_p12.c index 3ab824a330..53590c768c 100644 --- a/source4/heimdal/lib/hx509/ks_p12.c +++ b/source4/heimdal/lib/hx509/ks_p12.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_p12.c 23413 2008-07-26 18:34:53Z lha $"); +RCSID("$Id$"); struct ks_pkcs12 { hx509_certs certs; diff --git a/source4/heimdal/lib/hx509/lock.c b/source4/heimdal/lib/hx509/lock.c index e835aee35a..df1acea042 100644 --- a/source4/heimdal/lib/hx509/lock.c +++ b/source4/heimdal/lib/hx509/lock.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: lock.c 22327 2007-12-15 04:49:37Z lha $"); +RCSID("$Id$"); /** * @page page_lock Locking and unlocking certificates and encrypted data. diff --git a/source4/heimdal/lib/hx509/name.c b/source4/heimdal/lib/hx509/name.c index ccc33a3e55..a34e09e847 100644 --- a/source4/heimdal/lib/hx509/name.c +++ b/source4/heimdal/lib/hx509/name.c @@ -33,7 +33,7 @@ #include "hx_locl.h" #include -RCSID("$Id: name.c 22677 2008-03-13 17:35:49Z lha $"); +RCSID("$Id$"); /** * @page page_name PKIX/X.509 Names diff --git a/source4/heimdal/lib/hx509/ocsp.asn1 b/source4/heimdal/lib/hx509/ocsp.asn1 index d8ecd66ccf..eb090a4cc7 100644 --- a/source4/heimdal/lib/hx509/ocsp.asn1 +++ b/source4/heimdal/lib/hx509/ocsp.asn1 @@ -1,5 +1,5 @@ -- From rfc2560 --- $Id: ocsp.asn1 19576 2006-12-30 12:40:43Z lha $ +-- $Id$ OCSP DEFINITIONS EXPLICIT TAGS::= BEGIN diff --git a/source4/heimdal/lib/hx509/peer.c b/source4/heimdal/lib/hx509/peer.c index eb0ecd2bde..9845ce051f 100644 --- a/source4/heimdal/lib/hx509/peer.c +++ b/source4/heimdal/lib/hx509/peer.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: peer.c 22345 2007-12-26 19:03:51Z lha $"); +RCSID("$Id$"); /** * @page page_peer Hx509 crypto selecting functions diff --git a/source4/heimdal/lib/hx509/pkcs10.asn1 b/source4/heimdal/lib/hx509/pkcs10.asn1 index 518fe3bfa3..f3fe37b1bf 100644 --- a/source4/heimdal/lib/hx509/pkcs10.asn1 +++ b/source4/heimdal/lib/hx509/pkcs10.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs10.asn1 16918 2006-04-01 09:46:57Z lha $ +-- $Id$ PKCS10 DEFINITIONS ::= BEGIN diff --git a/source4/heimdal/lib/hx509/print.c b/source4/heimdal/lib/hx509/print.c index c1594ff047..92d7811909 100644 --- a/source4/heimdal/lib/hx509/print.c +++ b/source4/heimdal/lib/hx509/print.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: print.c 22538 2008-01-27 13:05:47Z lha $"); +RCSID("$Id$"); /** * @page page_print Hx509 printing functions diff --git a/source4/heimdal/lib/hx509/req.c b/source4/heimdal/lib/hx509/req.c index f374044ca6..1ffa0a53cf 100644 --- a/source4/heimdal/lib/hx509/req.c +++ b/source4/heimdal/lib/hx509/req.c @@ -33,7 +33,7 @@ #include "hx_locl.h" #include -RCSID("$Id: req.c 23413 2008-07-26 18:34:53Z lha $"); +RCSID("$Id$"); struct hx509_request_data { hx509_name name; diff --git a/source4/heimdal/lib/hx509/revoke.c b/source4/heimdal/lib/hx509/revoke.c index 8325c4723d..a36ec964d2 100644 --- a/source4/heimdal/lib/hx509/revoke.c +++ b/source4/heimdal/lib/hx509/revoke.c @@ -50,7 +50,7 @@ */ #include "hx_locl.h" -RCSID("$Id: revoke.c 23413 2008-07-26 18:34:53Z lha $"); +RCSID("$Id$"); struct revoke_crl { char *path; @@ -1515,10 +1515,13 @@ hx509_crl_sign(hx509_context context, &c.signatureAlgorithm, &c.signatureValue); free(os->data); + if (ret) { + hx509_set_error_string(context, 0, ret, "Failed to sign CRL"); + goto out; + } ASN1_MALLOC_ENCODE(CRLCertificateList, os->data, os->length, &c, &size, ret); - free_CRLCertificateList(&c); if (ret) { hx509_set_error_string(context, 0, ret, "failed to encode CRL"); goto out; @@ -1526,6 +1529,8 @@ hx509_crl_sign(hx509_context context, if (size != os->length) _hx509_abort("internal ASN.1 encoder error"); + free_CRLCertificateList(&c); + return 0; out: diff --git a/source4/heimdal/lib/hx509/test_name.c b/source4/heimdal/lib/hx509/test_name.c index 6dcf542d01..7326fe632a 100644 --- a/source4/heimdal/lib/hx509/test_name.c +++ b/source4/heimdal/lib/hx509/test_name.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: test_name.c 22677 2008-03-13 17:35:49Z lha $"); +RCSID("$Id$"); static int test_name(hx509_context context, const char *name) diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c index 8dd8687005..fb38abedfd 100644 --- a/source4/heimdal/lib/krb5/acache.c +++ b/source4/heimdal/lib/krb5/acache.c @@ -37,7 +37,7 @@ #include #endif -RCSID("$Id: acache.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* XXX should we fetch these for each open ? */ static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; diff --git a/source4/heimdal/lib/krb5/add_et_list.c b/source4/heimdal/lib/krb5/add_et_list.c index 5455d8ac99..e61f775eef 100644 --- a/source4/heimdal/lib/krb5/add_et_list.c +++ b/source4/heimdal/lib/krb5/add_et_list.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: add_et_list.c 22603 2008-02-21 18:44:57Z lha $"); +RCSID("$Id$"); /** * Add a specified list of error messages to the et list in context. diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c index 40abd874cc..dcb9a97154 100644 --- a/source4/heimdal/lib/krb5/addr_families.c +++ b/source4/heimdal/lib/krb5/addr_families.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct addr_operations { int af; diff --git a/source4/heimdal/lib/krb5/appdefault.c b/source4/heimdal/lib/krb5/appdefault.c index b0bb171f4a..a5b6e67e30 100644 --- a/source4/heimdal/lib/krb5/appdefault.c +++ b/source4/heimdal/lib/krb5/appdefault.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: appdefault.c 14465 2005-01-05 05:40:59Z lukeh $"); +RCSID("$Id$"); void KRB5_LIB_FUNCTION krb5_appdefault_boolean(krb5_context context, const char *appname, diff --git a/source4/heimdal/lib/krb5/asn1_glue.c b/source4/heimdal/lib/krb5/asn1_glue.c index b3f775b4be..84c9cd8b68 100644 --- a/source4/heimdal/lib/krb5/asn1_glue.c +++ b/source4/heimdal/lib/krb5/asn1_glue.c @@ -37,7 +37,7 @@ #include "krb5_locl.h" -RCSID("$Id: asn1_glue.c 21745 2007-07-31 16:11:25Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION _krb5_principal2principalname (PrincipalName *p, diff --git a/source4/heimdal/lib/krb5/auth_context.c b/source4/heimdal/lib/krb5/auth_context.c index e4fb50e5b8..cbb186d6c3 100644 --- a/source4/heimdal/lib/krb5/auth_context.c +++ b/source4/heimdal/lib/krb5/auth_context.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: auth_context.c 23273 2008-06-23 03:25:00Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_auth_con_init(krb5_context context, diff --git a/source4/heimdal/lib/krb5/build_ap_req.c b/source4/heimdal/lib/krb5/build_ap_req.c index b1968fe817..92051ba68a 100644 --- a/source4/heimdal/lib/krb5/build_ap_req.c +++ b/source4/heimdal/lib/krb5/build_ap_req.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: build_ap_req.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_build_ap_req (krb5_context context, diff --git a/source4/heimdal/lib/krb5/build_auth.c b/source4/heimdal/lib/krb5/build_auth.c index fe3a5f523c..eb106dc23f 100644 --- a/source4/heimdal/lib/krb5/build_auth.c +++ b/source4/heimdal/lib/krb5/build_auth.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: build_auth.c 23273 2008-06-23 03:25:00Z lha $"); +RCSID("$Id$"); static krb5_error_code make_etypelist(krb5_context context, diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index 34bfb4a350..02db405f7e 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c 23417 2008-07-26 18:36:33Z lha $"); +RCSID("$Id$"); /** * Add a new ccache type with operations `ops', overwriting any diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c index ac1a2d312e..d57ed9e3b8 100644 --- a/source4/heimdal/lib/krb5/changepw.c +++ b/source4/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: changepw.c 23445 2008-07-27 12:08:03Z lha $"); +RCSID("$Id$"); #undef __attribute__ #define __attribute__(X) @@ -577,7 +577,7 @@ change_password_loop (krb5_context context, for (a = ai; !done && a != NULL; a = a->ai_next) { int replied = 0; - sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + sock = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); if (sock < 0) continue; rk_cloexec(sock); diff --git a/source4/heimdal/lib/krb5/codec.c b/source4/heimdal/lib/krb5/codec.c index 0d36b4b442..478f77ecef 100644 --- a/source4/heimdal/lib/krb5/codec.c +++ b/source4/heimdal/lib/krb5/codec.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: codec.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_decode_EncTicketPart (krb5_context context, diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c index bf3c432397..f7f7957b04 100644 --- a/source4/heimdal/lib/krb5/config_file.c +++ b/source4/heimdal/lib/krb5/config_file.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); #ifndef HAVE_NETINFO diff --git a/source4/heimdal/lib/krb5/config_file_netinfo.c b/source4/heimdal/lib/krb5/config_file_netinfo.c index 1e01e7c5ff..d51739ae37 100644 --- a/source4/heimdal/lib/krb5/config_file_netinfo.c +++ b/source4/heimdal/lib/krb5/config_file_netinfo.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file_netinfo.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); /* * Netinfo implementation from Luke Howard diff --git a/source4/heimdal/lib/krb5/constants.c b/source4/heimdal/lib/krb5/constants.c index 8fffb0f402..dc96bcb632 100644 --- a/source4/heimdal/lib/krb5/constants.c +++ b/source4/heimdal/lib/krb5/constants.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: constants.c 23026 2008-04-17 10:02:03Z lha $"); +RCSID("$Id$"); KRB5_LIB_VARIABLE const char *krb5_config_file = #ifdef __APPLE__ diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index 9f17b8c205..358ab20349 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: context.c 23420 2008-07-26 18:37:48Z lha $"); +RCSID("$Id$"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -192,6 +192,19 @@ init_context_from_config_file(krb5_context context) INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac"); context->default_cc_name = NULL; context->default_cc_name_set = 0; + + ret = krb5_config_get_bool_default(context, NULL, FALSE, + "libdefaults", + "allow_weak_crypto", NULL); + if (ret) { + krb5_enctype_enable(context, ETYPE_DES_CBC_CRC); + krb5_enctype_enable(context, ETYPE_DES_CBC_MD4); + krb5_enctype_enable(context, ETYPE_DES_CBC_MD5); + krb5_enctype_enable(context, ETYPE_DES_CBC_NONE); + krb5_enctype_enable(context, ETYPE_DES_CFB64_NONE); + krb5_enctype_enable(context, ETYPE_DES_PCBC_NONE); + } + return 0; } diff --git a/source4/heimdal/lib/krb5/convert_creds.c b/source4/heimdal/lib/krb5/convert_creds.c index 07943efb28..d74f121207 100644 --- a/source4/heimdal/lib/krb5/convert_creds.c +++ b/source4/heimdal/lib/krb5/convert_creds.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: convert_creds.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); #include "krb5-v4compat.h" diff --git a/source4/heimdal/lib/krb5/copy_host_realm.c b/source4/heimdal/lib/krb5/copy_host_realm.c index cbe333850c..db06e56fb6 100644 --- a/source4/heimdal/lib/krb5/copy_host_realm.c +++ b/source4/heimdal/lib/krb5/copy_host_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: copy_host_realm.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); /** * Copy the list of realms from `from' to `to'. diff --git a/source4/heimdal/lib/krb5/crc.c b/source4/heimdal/lib/krb5/crc.c index e8ddecf7ba..cdb40b8110 100644 --- a/source4/heimdal/lib/krb5/crc.c +++ b/source4/heimdal/lib/krb5/crc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: crc.c 22862 2008-04-07 18:49:55Z lha $"); +RCSID("$Id$"); static u_long table[256]; diff --git a/source4/heimdal/lib/krb5/creds.c b/source4/heimdal/lib/krb5/creds.c index 938ec294a4..d194041766 100644 --- a/source4/heimdal/lib/krb5/creds.c +++ b/source4/heimdal/lib/krb5/creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: creds.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); #undef __attribute__ #define __attribute__(X) diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index e91cb9391a..6675647736 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,15 +32,25 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c 23454 2008-07-27 12:11:44Z lha $"); +RCSID("$Id$"); #include -#undef CRYPTO_DEBUG -#ifdef CRYPTO_DEBUG -static void krb5_crypto_debug(krb5_context, int, size_t, krb5_keyblock*); +#undef __attribute__ +#define __attribute__(X) + +#ifndef HEIMDAL_SMALLER +#define WEAK_ENCTYPES 1 +#define DES3_OLD_ENCTYPE 1 #endif +#ifdef HAVE_OPENSSL /* XXX forward decl for hcrypto glue */ +const EVP_CIPHER * _krb5_EVP_hcrypto_aes_128_cts(void); +const EVP_CIPHER * _krb5_EVP_hcrypto_aes_256_cts(void); +#define EVP_hcrypto_aes_128_cts _krb5_EVP_hcrypto_aes_128_cts +#define EVP_hcrypto_aes_256_cts _krb5_EVP_hcrypto_aes_256_cts +#endif + struct key_data { krb5_keyblock *key; krb5_data *schedule; @@ -82,13 +92,12 @@ struct key_type { size_t bits; size_t size; size_t schedule_size; -#if 0 - krb5_enctype best_etype; -#endif void (*random_key)(krb5_context, krb5_keyblock*); - void (*schedule)(krb5_context, struct key_data *); + void (*schedule)(krb5_context, struct key_type *, struct key_data *); struct salt_type *string_to_key; void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t); + void (*cleanup)(krb5_context, struct key_data *); + const EVP_CIPHER *(*evp)(void); }; struct checksum_type { @@ -97,11 +106,11 @@ struct checksum_type { size_t blocksize; size_t checksumsize; unsigned flags; - void (*checksum)(krb5_context context, - struct key_data *key, - const void *buf, size_t len, - unsigned usage, - Checksum *csum); + krb5_enctype (*checksum)(krb5_context context, + struct key_data *key, + const void *buf, size_t len, + unsigned usage, + Checksum *csum); krb5_error_code (*verify)(krb5_context context, struct key_data *key, const void *buf, size_t len, @@ -152,7 +161,9 @@ static krb5_error_code hmac(krb5_context context, unsigned usage, struct key_data *keyblock, Checksum *result); -static void free_key_data(krb5_context context, struct key_data *key); +static void free_key_data(krb5_context, + struct key_data *, + struct encryption_type *); static krb5_error_code usage2arcfour (krb5_context, unsigned *); static void xor (DES_cblock *, const unsigned char *); @@ -160,9 +171,14 @@ static void xor (DES_cblock *, const unsigned char *); * * ************************************************************/ -static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER; +struct evp_schedule { + EVP_CIPHER_CTX ectx; + EVP_CIPHER_CTX dctx; +}; +static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER; + static void krb5_DES_random_key(krb5_context context, krb5_keyblock *key) @@ -174,12 +190,16 @@ krb5_DES_random_key(krb5_context context, } while(DES_is_weak_key(k)); } +#ifdef WEAK_ENCTYPES static void -krb5_DES_schedule(krb5_context context, - struct key_data *key) +krb5_DES_schedule_old(krb5_context context, + struct key_type *kt, + struct key_data *key) { DES_set_key_unchecked(key->key->keyvalue.data, key->schedule->data); } +#endif /* WEAK_ENCTYPES */ + #ifdef ENABLE_AFS_STRING_TO_KEY @@ -384,17 +404,6 @@ DES3_random_key(krb5_context context, DES_is_weak_key(&k[2])); } -static void -DES3_schedule(krb5_context context, - struct key_data *key) -{ - DES_cblock *k = key->key->keyvalue.data; - DES_key_schedule *s = key->schedule->data; - DES_set_key_unchecked(&k[0], &s[0]); - DES_set_key_unchecked(&k[1], &s[1]); - DES_set_key_unchecked(&k[2], &s[2]); -} - /* * A = A xor B. A & B are 8 bytes. */ @@ -413,6 +422,7 @@ xor (DES_cblock *key, const unsigned char *b) a[7] ^= b[7]; } +#ifdef DES3_OLD_ENCTYPE static krb5_error_code DES3_string_to_key(krb5_context context, krb5_enctype enctype, @@ -476,6 +486,7 @@ DES3_string_to_key(krb5_context context, free(str); return 0; } +#endif static krb5_error_code DES3_string_to_key_derived(krb5_context context, @@ -546,6 +557,7 @@ DES3_random_to_key(krb5_context context, static void ARCFOUR_schedule(krb5_context context, + struct key_type *kt, struct key_data *kd) { RC4_set_key (kd->schedule->data, @@ -561,20 +573,30 @@ ARCFOUR_string_to_key(krb5_context context, krb5_keyblock *key) { krb5_error_code ret; - uint16_t *s; + uint16_t *s = NULL; size_t len, i; - MD4_CTX m; + EVP_MD_CTX *m; + + m = EVP_MD_CTX_create(); + if (m == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, "Malloc: out of memory"); + goto out; + } + + EVP_DigestInit_ex(m, EVP_md4(), NULL); ret = wind_utf8ucs2_length(password.data, &len); if (ret) { krb5_set_error_message (context, ret, "Password not an UCS2 string"); - return ret; + goto out; } s = malloc (len * sizeof(s[0])); if (len != 0 && s == NULL) { krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); - return ENOMEM; + ret = ENOMEM; + goto out; } ret = wind_utf8ucs2(password.data, s, &len); @@ -584,13 +606,12 @@ ARCFOUR_string_to_key(krb5_context context, } /* LE encoding */ - MD4_Init (&m); for (i = 0; i < len; i++) { unsigned char p; p = (s[i] & 0xff); - MD4_Update (&m, &p, 1); + EVP_DigestUpdate (m, &p, 1); p = (s[i] >> 8) & 0xff; - MD4_Update (&m, &p, 1); + EVP_DigestUpdate (m, &p, 1); } key->keytype = enctype; @@ -599,10 +620,12 @@ ARCFOUR_string_to_key(krb5_context context, krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); goto out; } - MD4_Final (key->keyvalue.data, &m); - ret = 0; + EVP_DigestFinal_ex (m, key->keyvalue.data, NULL); + out: - memset (s, 0, len); + EVP_MD_CTX_destroy(m); + if (s) + memset (s, 0, len); free (s); return ret; } @@ -657,7 +680,7 @@ AES_string_to_key(krb5_context context, iter, et->keytype->size, kd.key->keyvalue.data); if (ret != 1) { - free_key_data(context, &kd); + free_key_data(context, &kd, et); krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, "Error calculating s2k"); return KRB5_PROG_KEYTYPE_NOSUPP; @@ -666,26 +689,30 @@ AES_string_to_key(krb5_context context, ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos")); if (ret == 0) ret = krb5_copy_keyblock_contents(context, kd.key, key); - free_key_data(context, &kd); + free_key_data(context, &kd, et); return ret; } -struct krb5_aes_schedule { - AES_KEY ekey; - AES_KEY dkey; -}; - static void -AES_schedule(krb5_context context, - struct key_data *kd) +evp_schedule(krb5_context context, struct key_type *kt, struct key_data *kd) { - struct krb5_aes_schedule *key = kd->schedule->data; - int bits = kd->key->keyvalue.length * 8; + struct evp_schedule *key = kd->schedule->data; + const EVP_CIPHER *c = (*kt->evp)(); + + EVP_CIPHER_CTX_init(&key->ectx); + EVP_CIPHER_CTX_init(&key->dctx); + + EVP_CipherInit_ex(&key->ectx, c, NULL, kd->key->keyvalue.data, NULL, 1); + EVP_CipherInit_ex(&key->dctx, c, NULL, kd->key->keyvalue.data, NULL, 0); +} - memset(key, 0, sizeof(*key)); - AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key->ekey); - AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key->dkey); +static void +evp_cleanup(krb5_context context, struct key_data *kd) +{ + struct evp_schedule *key = kd->schedule->data; + EVP_CIPHER_CTX_cleanup(&key->ectx); + EVP_CIPHER_CTX_cleanup(&key->dctx); } /* @@ -708,6 +735,7 @@ static struct salt_type des_salt[] = { { 0 } }; +#ifdef DES3_OLD_ENCTYPE static struct salt_type des3_salt[] = { { KRB5_PW_SALT, @@ -716,6 +744,7 @@ static struct salt_type des3_salt[] = { }, { 0 } }; +#endif static struct salt_type des3_salt_derived[] = { { @@ -759,40 +788,62 @@ static struct key_type keytype_null = { NULL }; -static struct key_type keytype_des = { +#ifdef WEAK_ENCTYPES +static struct key_type keytype_des_old = { KEYTYPE_DES, - "des", + "des-old", 56, - sizeof(DES_cblock), + 8, sizeof(DES_key_schedule), krb5_DES_random_key, - krb5_DES_schedule, + krb5_DES_schedule_old, des_salt, krb5_DES_random_to_key }; +#endif /* WEAK_ENCTYPES */ + +static struct key_type keytype_des = { + KEYTYPE_DES, + "des", + 56, + 8, + sizeof(struct evp_schedule), + krb5_DES_random_key, + evp_schedule, + des_salt, + krb5_DES_random_to_key, + evp_cleanup, + EVP_des_cbc +}; +#ifdef DES3_OLD_ENCTYPE static struct key_type keytype_des3 = { KEYTYPE_DES3, "des3", 168, - 3 * sizeof(DES_cblock), - 3 * sizeof(DES_key_schedule), + 24, + sizeof(struct evp_schedule), DES3_random_key, - DES3_schedule, + evp_schedule, des3_salt, - DES3_random_to_key + DES3_random_to_key, + evp_cleanup, + EVP_des_ede3_cbc }; +#endif static struct key_type keytype_des3_derived = { KEYTYPE_DES3, "des3", 168, - 3 * sizeof(DES_cblock), - 3 * sizeof(DES_key_schedule), + 24, + sizeof(struct evp_schedule), DES3_random_key, - DES3_schedule, + evp_schedule, des3_salt_derived, - DES3_random_to_key + DES3_random_to_key, + evp_cleanup, + EVP_des_ede3_cbc }; static struct key_type keytype_aes128 = { @@ -800,10 +851,13 @@ static struct key_type keytype_aes128 = { "aes-128", 128, 16, - sizeof(struct krb5_aes_schedule), + sizeof(struct evp_schedule), + NULL, + evp_schedule, + AES_salt, NULL, - AES_schedule, - AES_salt + evp_cleanup, + EVP_hcrypto_aes_128_cts }; static struct key_type keytype_aes256 = { @@ -811,10 +865,13 @@ static struct key_type keytype_aes256 = { "aes-256", 256, 32, - sizeof(struct krb5_aes_schedule), + sizeof(struct evp_schedule), NULL, - AES_schedule, - AES_salt + evp_schedule, + AES_salt, + NULL, + evp_cleanup, + EVP_hcrypto_aes_256_cts }; static struct key_type keytype_arcfour = { @@ -832,7 +889,9 @@ static struct key_type *keytypes[] = { &keytype_null, &keytype_des, &keytype_des3_derived, +#ifdef DES3_OLD_ENCTYPE &keytype_des3, +#endif &keytype_aes128, &keytype_aes256, &keytype_arcfour @@ -1057,51 +1116,6 @@ krb5_string_to_key_salt_opaque (krb5_context context, pw, salt, opaque, key); } -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_string(krb5_context context, - krb5_keytype keytype, - char **string) -{ - struct key_type *kt = _find_keytype(keytype); - if(kt == NULL) { - krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, - "key type %d not supported", keytype); - return KRB5_PROG_KEYTYPE_NOSUPP; - } - *string = strdup(kt->name); - if(*string == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); - return ENOMEM; - } - return 0; -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_keytype(krb5_context context, - const char *string, - krb5_keytype *keytype) -{ - char *end; - int i; - - for(i = 0; i < num_keytypes; i++) - if(strcasecmp(keytypes[i]->name, string) == 0){ - *keytype = keytypes[i]->type; - return 0; - } - - /* check if the enctype is a number */ - *keytype = strtol(string, &end, 0); - if(*end == '\0' && *keytype != 0) { - if (krb5_enctype_valid(context, *keytype) == 0) - return 0; - } - - krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, - "key type %s not supported", string); - return KRB5_PROG_KEYTYPE_NOSUPP; -} - krb5_error_code KRB5_LIB_FUNCTION krb5_enctype_keysize(krb5_context context, krb5_enctype type, @@ -1182,7 +1196,7 @@ _key_schedule(krb5_context context, key->schedule = NULL; return ret; } - (*kt->schedule)(context, key); + (*kt->schedule)(context, kt, key); return 0; } @@ -1190,7 +1204,7 @@ _key_schedule(krb5_context context, * * ************************************************************/ -static void +static krb5_error_code NONE_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1198,9 +1212,10 @@ NONE_checksum(krb5_context context, unsigned usage, Checksum *C) { + return 0; } -static void +static krb5_error_code CRC32_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1216,9 +1231,10 @@ CRC32_checksum(krb5_context context, r[1] = (crc >> 8) & 0xff; r[2] = (crc >> 16) & 0xff; r[3] = (crc >> 24) & 0xff; + return 0; } -static void +static krb5_error_code RSA_MD4_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1226,64 +1242,74 @@ RSA_MD4_checksum(krb5_context context, unsigned usage, Checksum *C) { - MD4_CTX m; - - MD4_Init (&m); - MD4_Update (&m, data, len); - MD4_Final (C->checksum.data, &m); + if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md4(), NULL) != 1) + krb5_abortx(context, "md4 checksum failed"); + return 0; } -static void -RSA_MD4_DES_checksum(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *cksum) +static krb5_error_code +des_checksum(krb5_context context, + const EVP_MD *evp_md, + struct key_data *key, + const void *data, + size_t len, + Checksum *cksum) { - MD4_CTX md4; + struct evp_schedule *ctx = key->schedule->data; + EVP_MD_CTX *m; DES_cblock ivec; unsigned char *p = cksum->checksum.data; krb5_generate_random_block(p, 8); - MD4_Init (&md4); - MD4_Update (&md4, p, 8); - MD4_Update (&md4, data, len); - MD4_Final (p + 8, &md4); + + m = EVP_MD_CTX_create(); + if (m == NULL) { + krb5_set_error_message(context, ENOMEM, "Malloc: out of memory"); + return ENOMEM; + } + + EVP_DigestInit_ex(m, evp_md, NULL); + EVP_DigestUpdate(m, p, 8); + EVP_DigestUpdate(m, data, len); + EVP_DigestFinal_ex (m, p + 8, NULL); + EVP_MD_CTX_destroy(m); memset (&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(p, - p, - 24, - key->schedule->data, - &ivec, - DES_ENCRYPT); + EVP_CipherInit_ex(&ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1); + EVP_Cipher(&ctx->ectx, p, p, 24); + + return 0; } static krb5_error_code -RSA_MD4_DES_verify(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *C) +des_verify(krb5_context context, + const EVP_MD *evp_md, + struct key_data *key, + const void *data, + size_t len, + Checksum *C) { - MD4_CTX md4; + struct evp_schedule *ctx = key->schedule->data; + EVP_MD_CTX *m; unsigned char tmp[24]; unsigned char res[16]; DES_cblock ivec; krb5_error_code ret = 0; + m = EVP_MD_CTX_create(); + if (m == NULL) { + krb5_set_error_message(context, ENOMEM, "Malloc: out of memory"); + return ENOMEM; + } + memset(&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(C->checksum.data, - (void*)tmp, - C->checksum.length, - key->schedule->data, - &ivec, - DES_DECRYPT); - MD4_Init (&md4); - MD4_Update (&md4, tmp, 8); /* confounder */ - MD4_Update (&md4, data, len); - MD4_Final (res, &md4); + EVP_CipherInit_ex(&ctx->dctx, NULL, NULL, NULL, (void *)&ivec, -1); + EVP_Cipher(&ctx->dctx, tmp, C->checksum.data, 24); + + EVP_DigestInit_ex(m, evp_md, NULL); + EVP_DigestUpdate(m, tmp, 8); /* confounder */ + EVP_DigestUpdate(m, data, len); + EVP_DigestFinal_ex (m, res, NULL); + EVP_MD_CTX_destroy(m); if(memcmp(res, tmp + 8, sizeof(res)) != 0) { krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; @@ -1293,7 +1319,29 @@ RSA_MD4_DES_verify(krb5_context context, return ret; } -static void +static krb5_error_code +RSA_MD4_DES_checksum(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *cksum) +{ + return des_checksum(context, EVP_md4(), key, data, len, cksum); +} + +static krb5_error_code +RSA_MD4_DES_verify(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + return des_verify(context, EVP_md5(), key, data, len, C); +} + +static krb5_error_code RSA_MD5_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1301,14 +1349,12 @@ RSA_MD5_checksum(krb5_context context, unsigned usage, Checksum *C) { - MD5_CTX m; - - MD5_Init (&m); - MD5_Update(&m, data, len); - MD5_Final (C->checksum.data, &m); + if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md5(), NULL) != 1) + krb5_abortx(context, "md5 checksum failed"); + return 0; } -static void +static krb5_error_code RSA_MD5_DES_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1316,22 +1362,7 @@ RSA_MD5_DES_checksum(krb5_context context, unsigned usage, Checksum *C) { - MD5_CTX md5; - DES_cblock ivec; - unsigned char *p = C->checksum.data; - - krb5_generate_random_block(p, 8); - MD5_Init (&md5); - MD5_Update (&md5, p, 8); - MD5_Update (&md5, data, len); - MD5_Final (p + 8, &md5); - memset (&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(p, - p, - 24, - key->schedule->data, - &ivec, - DES_ENCRYPT); + return des_checksum(context, EVP_md5(), key, data, len, C); } static krb5_error_code @@ -1342,34 +1373,10 @@ RSA_MD5_DES_verify(krb5_context context, unsigned usage, Checksum *C) { - MD5_CTX md5; - unsigned char tmp[24]; - unsigned char res[16]; - DES_cblock ivec; - DES_key_schedule *sched = key->schedule->data; - krb5_error_code ret = 0; - - memset(&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(C->checksum.data, - (void*)tmp, - C->checksum.length, - &sched[0], - &ivec, - DES_DECRYPT); - MD5_Init (&md5); - MD5_Update (&md5, tmp, 8); /* confounder */ - MD5_Update (&md5, data, len); - MD5_Final (res, &md5); - if(memcmp(res, tmp + 8, sizeof(res)) != 0) { - krb5_clear_error_string (context); - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - memset(tmp, 0, sizeof(tmp)); - memset(res, 0, sizeof(res)); - return ret; + return des_verify(context, EVP_md5(), key, data, len, C); } -static void +static krb5_error_code RSA_MD5_DES3_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1377,23 +1384,7 @@ RSA_MD5_DES3_checksum(krb5_context context, unsigned usage, Checksum *C) { - MD5_CTX md5; - DES_cblock ivec; - unsigned char *p = C->checksum.data; - DES_key_schedule *sched = key->schedule->data; - - krb5_generate_random_block(p, 8); - MD5_Init (&md5); - MD5_Update (&md5, p, 8); - MD5_Update (&md5, data, len); - MD5_Final (p + 8, &md5); - memset (&ivec, 0, sizeof(ivec)); - DES_ede3_cbc_encrypt(p, - p, - 24, - &sched[0], &sched[1], &sched[2], - &ivec, - DES_ENCRYPT); + return des_checksum(context, EVP_md5(), key, data, len, C); } static krb5_error_code @@ -1404,34 +1395,10 @@ RSA_MD5_DES3_verify(krb5_context context, unsigned usage, Checksum *C) { - MD5_CTX md5; - unsigned char tmp[24]; - unsigned char res[16]; - DES_cblock ivec; - DES_key_schedule *sched = key->schedule->data; - krb5_error_code ret = 0; - - memset(&ivec, 0, sizeof(ivec)); - DES_ede3_cbc_encrypt(C->checksum.data, - (void*)tmp, - C->checksum.length, - &sched[0], &sched[1], &sched[2], - &ivec, - DES_DECRYPT); - MD5_Init (&md5); - MD5_Update (&md5, tmp, 8); /* confounder */ - MD5_Update (&md5, data, len); - MD5_Final (res, &md5); - if(memcmp(res, tmp + 8, sizeof(res)) != 0) { - krb5_clear_error_string (context); - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - memset(tmp, 0, sizeof(tmp)); - memset(res, 0, sizeof(res)); - return ret; + return des_verify(context, EVP_md5(), key, data, len, C); } -static void +static krb5_error_code SHA1_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1439,11 +1406,9 @@ SHA1_checksum(krb5_context context, unsigned usage, Checksum *C) { - SHA_CTX m; - - SHA1_Init(&m); - SHA1_Update(&m, data, len); - SHA1_Final(C->checksum.data, &m); + if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_sha1(), NULL) != 1) + krb5_abortx(context, "sha1 checksum failed"); + return 0; } /* HMAC according to RFC2104 */ @@ -1535,7 +1500,7 @@ krb5_hmac(krb5_context context, return ret; } -static void +static krb5_error_code SP_HMAC_SHA1_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1555,13 +1520,14 @@ SP_HMAC_SHA1_checksum(krb5_context context, if (ret) krb5_abortx(context, "hmac failed"); memcpy(result->checksum.data, res.checksum.data, result->checksum.length); + return 0; } /* * checksum according to section 5. of draft-brezak-win2k-krb-rc4-hmac-03.txt */ -static void +static krb5_error_code HMAC_MD5_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1569,7 +1535,7 @@ HMAC_MD5_checksum(krb5_context context, unsigned usage, Checksum *result) { - MD5_CTX md5; + EVP_MD_CTX *m; struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); const char signature[] = "signaturekey"; Checksum ksign_c; @@ -1580,61 +1546,34 @@ HMAC_MD5_checksum(krb5_context context, unsigned char ksign_c_data[16]; krb5_error_code ret; + m = EVP_MD_CTX_create(); + if (m == NULL) { + krb5_set_error_message(context, ENOMEM, "Malloc: out of memory"); + return ENOMEM; + } ksign_c.checksum.length = sizeof(ksign_c_data); ksign_c.checksum.data = ksign_c_data; ret = hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c); - if (ret) - krb5_abortx(context, "hmac failed"); + if (ret) { + EVP_MD_CTX_destroy(m); + return ret; + } ksign.key = &kb; kb.keyvalue = ksign_c.checksum; - MD5_Init (&md5); - t[0] = (usage >> 0) & 0xFF; - t[1] = (usage >> 8) & 0xFF; - t[2] = (usage >> 16) & 0xFF; - t[3] = (usage >> 24) & 0xFF; - MD5_Update (&md5, t, 4); - MD5_Update (&md5, data, len); - MD5_Final (tmp, &md5); - ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result); - if (ret) - krb5_abortx(context, "hmac failed"); -} - -/* - * same as previous but being used while encrypting. - */ - -static void -HMAC_MD5_checksum_enc(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *result) -{ - struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); - Checksum ksign_c; - struct key_data ksign; - krb5_keyblock kb; - unsigned char t[4]; - unsigned char ksign_c_data[16]; - krb5_error_code ret; - + EVP_DigestInit_ex(m, EVP_md5(), NULL); t[0] = (usage >> 0) & 0xFF; t[1] = (usage >> 8) & 0xFF; t[2] = (usage >> 16) & 0xFF; t[3] = (usage >> 24) & 0xFF; + EVP_DigestUpdate(m, t, 4); + EVP_DigestUpdate(m, data, len); + EVP_DigestFinal_ex (m, tmp, NULL); + EVP_MD_CTX_destroy(m); - ksign_c.checksum.length = sizeof(ksign_c_data); - ksign_c.checksum.data = ksign_c_data; - ret = hmac(context, c, t, sizeof(t), 0, key, &ksign_c); - if (ret) - krb5_abortx(context, "hmac failed"); - ksign.key = &kb; - kb.keyvalue = ksign_c.checksum; - ret = hmac(context, c, data, len, 0, &ksign, result); + ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result); if (ret) - krb5_abortx(context, "hmac failed"); + return ret; + return 0; } static struct checksum_type checksum_none = { @@ -1673,33 +1612,6 @@ static struct checksum_type checksum_rsa_md4_des = { RSA_MD4_DES_checksum, RSA_MD4_DES_verify }; -#if 0 -static struct checksum_type checksum_des_mac = { - CKSUMTYPE_DES_MAC, - "des-mac", - 0, - 0, - 0, - DES_MAC_checksum -}; -static struct checksum_type checksum_des_mac_k = { - CKSUMTYPE_DES_MAC_K, - "des-mac-k", - 0, - 0, - 0, - DES_MAC_K_checksum -}; -static struct checksum_type checksum_rsa_md4_des_k = { - CKSUMTYPE_RSA_MD4_DES_K, - "rsa-md4-des-k", - 0, - 0, - 0, - RSA_MD4_DES_K_checksum, - RSA_MD4_DES_K_verify -}; -#endif static struct checksum_type checksum_rsa_md5 = { CKSUMTYPE_RSA_MD5, "rsa-md5", @@ -1718,6 +1630,7 @@ static struct checksum_type checksum_rsa_md5_des = { RSA_MD5_DES_checksum, RSA_MD5_DES_verify }; +#ifdef DES3_OLD_ENCTYPE static struct checksum_type checksum_rsa_md5_des3 = { CKSUMTYPE_RSA_MD5_DES3, "rsa-md5-des3", @@ -1727,6 +1640,7 @@ static struct checksum_type checksum_rsa_md5_des3 = { RSA_MD5_DES3_checksum, RSA_MD5_DES3_verify }; +#endif static struct checksum_type checksum_sha1 = { CKSUMTYPE_SHA1, "sha1", @@ -1776,35 +1690,21 @@ static struct checksum_type checksum_hmac_md5 = { NULL }; -static struct checksum_type checksum_hmac_md5_enc = { - CKSUMTYPE_HMAC_MD5_ENC, - "hmac-md5-enc", - 64, - 16, - F_KEYED | F_CPROOF | F_PSEUDO, - HMAC_MD5_checksum_enc, - NULL -}; - static struct checksum_type *checksum_types[] = { &checksum_none, &checksum_crc32, &checksum_rsa_md4, &checksum_rsa_md4_des, -#if 0 - &checksum_des_mac, - &checksum_des_mac_k, - &checksum_rsa_md4_des_k, -#endif &checksum_rsa_md5, &checksum_rsa_md5_des, +#ifdef DES3_OLD_ENCTYPE &checksum_rsa_md5_des3, +#endif &checksum_sha1, &checksum_hmac_sha1_des3, &checksum_hmac_sha1_aes128, &checksum_hmac_sha1_aes256, - &checksum_hmac_md5, - &checksum_hmac_md5_enc + &checksum_hmac_md5 }; static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]); @@ -1886,8 +1786,7 @@ create_checksum (krb5_context context, ret = krb5_data_alloc(&result->checksum, ct->checksumsize); if (ret) return (ret); - (*ct->checksum)(context, dkey, data, len, usage, result); - return 0; + return (*ct->checksum)(context, dkey, data, len, usage, result); } static int @@ -1968,9 +1867,11 @@ verify_checksum(krb5_context context, ct->name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } - if(keyed_checksum) + if(keyed_checksum) { ret = get_checksum_key(context, crypto, usage, ct, &dkey); - else + if (ret) + return ret; + } else dkey = NULL; if(ct->verify) return (*ct->verify)(context, dkey, data, len, usage, cksum); @@ -1979,7 +1880,11 @@ verify_checksum(krb5_context context, if (ret) return ret; - (*ct->checksum)(context, dkey, data, len, usage, &c); + ret = (*ct->checksum)(context, dkey, data, len, usage, &c); + if (ret) { + krb5_data_free(&c.checksum); + return ret; + } if(c.checksum.length != cksum->checksum.length || memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) { @@ -2125,7 +2030,37 @@ NULL_encrypt(krb5_context context, } static krb5_error_code -DES_CBC_encrypt_null_ivec(krb5_context context, +evp_encrypt(krb5_context context, + struct key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ivec) +{ + struct evp_schedule *ctx = key->schedule->data; + EVP_CIPHER_CTX *c; + c = encryptp ? &ctx->ectx : &ctx->dctx; + if (ivec == NULL) { + /* alloca ? */ + size_t len = EVP_CIPHER_CTX_iv_length(c); + void *loiv = malloc(len); + if (loiv == NULL) { + krb5_clear_error_string(context); + return ENOMEM; + } + memset(loiv, 0, len); + EVP_CipherInit_ex(c, NULL, NULL, NULL, loiv, -1); + free(loiv); + } else + EVP_CipherInit_ex(c, NULL, NULL, NULL, ivec, -1); + EVP_Cipher(c, data, data, len); + return 0; +} + +#ifdef WEAK_ENCTYPES +static krb5_error_code +evp_des_encrypt_null_ivec(krb5_context context, struct key_data *key, void *data, size_t len, @@ -2133,15 +2068,18 @@ DES_CBC_encrypt_null_ivec(krb5_context context, int usage, void *ignore_ivec) { + struct evp_schedule *ctx = key->schedule->data; + EVP_CIPHER_CTX *c; DES_cblock ivec; - DES_key_schedule *s = key->schedule->data; memset(&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(data, data, len, s, &ivec, encryptp); + c = encryptp ? &ctx->ectx : &ctx->dctx; + EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1); + EVP_Cipher(c, data, data, len); return 0; } static krb5_error_code -DES_CBC_encrypt_key_ivec(krb5_context context, +evp_des_encrypt_key_ivec(krb5_context context, struct key_data *key, void *data, size_t len, @@ -2149,29 +2087,13 @@ DES_CBC_encrypt_key_ivec(krb5_context context, int usage, void *ignore_ivec) { + struct evp_schedule *ctx = key->schedule->data; + EVP_CIPHER_CTX *c; DES_cblock ivec; - DES_key_schedule *s = key->schedule->data; memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); - DES_cbc_encrypt(data, data, len, s, &ivec, encryptp); - return 0; -} - -static krb5_error_code -DES3_CBC_encrypt(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encryptp, - int usage, - void *ivec) -{ - DES_cblock local_ivec; - DES_key_schedule *s = key->schedule->data; - if(ivec == NULL) { - ivec = &local_ivec; - memset(local_ivec, 0, sizeof(local_ivec)); - } - DES_ede3_cbc_encrypt(data, data, len, &s[0], &s[1], &s[2], ivec, encryptp); + c = encryptp ? &ctx->ectx : &ctx->dctx; + EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1); + EVP_Cipher(c, data, data, len); return 0; } @@ -2209,114 +2131,7 @@ DES_PCBC_encrypt_key_ivec(krb5_context context, DES_pcbc_encrypt(data, data, len, s, &ivec, encryptp); return 0; } - -/* - * AES draft-raeburn-krb-rijndael-krb-02 - */ - -void KRB5_LIB_FUNCTION -_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec, const int encryptp) -{ - unsigned char tmp[AES_BLOCK_SIZE]; - int i; - - /* - * In the framework of kerberos, the length can never be shorter - * then at least one blocksize. - */ - - if (encryptp) { - - while(len > AES_BLOCK_SIZE) { - for (i = 0; i < AES_BLOCK_SIZE; i++) - tmp[i] = in[i] ^ ivec[i]; - AES_encrypt(tmp, out, key); - memcpy(ivec, out, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - - for (i = 0; i < len; i++) - tmp[i] = in[i] ^ ivec[i]; - for (; i < AES_BLOCK_SIZE; i++) - tmp[i] = 0 ^ ivec[i]; - - AES_encrypt(tmp, out - AES_BLOCK_SIZE, key); - - memcpy(out, ivec, len); - memcpy(ivec, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - - } else { - unsigned char tmp2[AES_BLOCK_SIZE]; - unsigned char tmp3[AES_BLOCK_SIZE]; - - while(len > AES_BLOCK_SIZE * 2) { - memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(in, out, key); - for (i = 0; i < AES_BLOCK_SIZE; i++) - out[i] ^= ivec[i]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - - len -= AES_BLOCK_SIZE; - - memcpy(tmp, in, AES_BLOCK_SIZE); /* save last iv */ - AES_decrypt(in, tmp2, key); - - memcpy(tmp3, in + AES_BLOCK_SIZE, len); - memcpy(tmp3 + len, tmp2 + len, AES_BLOCK_SIZE - len); /* xor 0 */ - - for (i = 0; i < len; i++) - out[i + AES_BLOCK_SIZE] = tmp2[i] ^ tmp3[i]; - - AES_decrypt(tmp3, out, key); - for (i = 0; i < AES_BLOCK_SIZE; i++) - out[i] ^= ivec[i]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); - } -} - -static krb5_error_code -AES_CTS_encrypt(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encryptp, - int usage, - void *ivec) -{ - struct krb5_aes_schedule *aeskey = key->schedule->data; - char local_ivec[AES_BLOCK_SIZE]; - AES_KEY *k; - - if (encryptp) - k = &aeskey->ekey; - else - k = &aeskey->dkey; - - if (len < AES_BLOCK_SIZE) - krb5_abortx(context, "invalid use of AES_CTS_encrypt"); - if (len == AES_BLOCK_SIZE) { - if (encryptp) - AES_encrypt(data, data, k); - else - AES_decrypt(data, data, k); - } else { - if(ivec == NULL) { - memset(local_ivec, 0, sizeof(local_ivec)); - ivec = local_ivec; - } - _krb5_aes_cts_encrypt(data, data, len, k, ivec, encryptp); - } - - return 0; -} +#endif /* * section 6 of draft-brezak-win2k-krb-rc4-hmac-03 @@ -2530,7 +2345,11 @@ AES_PRF(krb5_context context, return ret; } - (*ct->checksum)(context, NULL, in->data, in->length, 0, &result); + ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result); + if (ret) { + krb5_data_free(&result.checksum); + return ret; + } if (result.checksum.length < crypto->et->blocksize) krb5_abortx(context, "internal prf error"); @@ -2546,12 +2365,13 @@ AES_PRF(krb5_context context, krb5_abortx(context, "malloc failed"); { - AES_KEY key; - - AES_set_encrypt_key(derived->keyvalue.data, - crypto->et->keytype->bits, &key); - AES_encrypt(result.checksum.data, out->data, &key); - memset(&key, 0, sizeof(key)); + const EVP_CIPHER *c = (*crypto->et->keytype->evp)(); + EVP_CIPHER_CTX ctx; + /* XXX blksz 1 for cts, so we can't use that */ + EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */ + EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1); + EVP_Cipher(&ctx, out->data, result.checksum.data, 16); + EVP_CIPHER_CTX_cleanup(&ctx); } krb5_data_free(&result.checksum); @@ -2578,48 +2398,6 @@ static struct encryption_type enctype_null = { 0, NULL }; -static struct encryption_type enctype_des_cbc_crc = { - ETYPE_DES_CBC_CRC, - "des-cbc-crc", - 8, - 8, - 8, - &keytype_des, - &checksum_crc32, - NULL, - 0, - DES_CBC_encrypt_key_ivec, - 0, - NULL -}; -static struct encryption_type enctype_des_cbc_md4 = { - ETYPE_DES_CBC_MD4, - "des-cbc-md4", - 8, - 8, - 8, - &keytype_des, - &checksum_rsa_md4, - &checksum_rsa_md4_des, - 0, - DES_CBC_encrypt_null_ivec, - 0, - NULL -}; -static struct encryption_type enctype_des_cbc_md5 = { - ETYPE_DES_CBC_MD5, - "des-cbc-md5", - 8, - 8, - 8, - &keytype_des, - &checksum_rsa_md5, - &checksum_rsa_md5_des, - 0, - DES_CBC_encrypt_null_ivec, - 0, - NULL -}; static struct encryption_type enctype_arcfour_hmac_md5 = { ETYPE_ARCFOUR_HMAC_MD5, "arcfour-hmac-md5", @@ -2634,6 +2412,7 @@ static struct encryption_type enctype_arcfour_hmac_md5 = { 0, NULL }; +#ifdef DES3_OLD_ENCTYPE static struct encryption_type enctype_des3_cbc_md5 = { ETYPE_DES3_CBC_MD5, "des3-cbc-md5", @@ -2644,10 +2423,11 @@ static struct encryption_type enctype_des3_cbc_md5 = { &checksum_rsa_md5, &checksum_rsa_md5_des3, 0, - DES3_CBC_encrypt, + evp_encrypt, 0, NULL }; +#endif static struct encryption_type enctype_des3_cbc_sha1 = { ETYPE_DES3_CBC_SHA1, "des3-cbc-sha1", @@ -2658,10 +2438,11 @@ static struct encryption_type enctype_des3_cbc_sha1 = { &checksum_sha1, &checksum_hmac_sha1_des3, F_DERIVED, - DES3_CBC_encrypt, + evp_encrypt, 0, NULL }; +#ifdef DES3_OLD_ENCTYPE static struct encryption_type enctype_old_des3_cbc_sha1 = { ETYPE_OLD_DES3_CBC_SHA1, "old-des3-cbc-sha1", @@ -2672,10 +2453,11 @@ static struct encryption_type enctype_old_des3_cbc_sha1 = { &checksum_sha1, &checksum_hmac_sha1_des3, 0, - DES3_CBC_encrypt, + evp_encrypt, 0, NULL }; +#endif static struct encryption_type enctype_aes128_cts_hmac_sha1 = { ETYPE_AES128_CTS_HMAC_SHA1_96, "aes128-cts-hmac-sha1-96", @@ -2686,7 +2468,7 @@ static struct encryption_type enctype_aes128_cts_hmac_sha1 = { &checksum_sha1, &checksum_hmac_sha1_aes128, F_DERIVED, - AES_CTS_encrypt, + evp_encrypt, 16, AES_PRF }; @@ -2700,10 +2482,67 @@ static struct encryption_type enctype_aes256_cts_hmac_sha1 = { &checksum_sha1, &checksum_hmac_sha1_aes256, F_DERIVED, - AES_CTS_encrypt, + evp_encrypt, 16, AES_PRF }; +static struct encryption_type enctype_des3_cbc_none = { + ETYPE_DES3_CBC_NONE, + "des3-cbc-none", + 8, + 8, + 0, + &keytype_des3_derived, + &checksum_none, + NULL, + F_PSEUDO, + evp_encrypt, + 0, + NULL +}; +#ifdef WEAK_ENCTYPES +static struct encryption_type enctype_des_cbc_crc = { + ETYPE_DES_CBC_CRC, + "des-cbc-crc", + 8, + 8, + 8, + &keytype_des, + &checksum_crc32, + NULL, + F_DISABLED, + evp_des_encrypt_key_ivec, + 0, + NULL +}; +static struct encryption_type enctype_des_cbc_md4 = { + ETYPE_DES_CBC_MD4, + "des-cbc-md4", + 8, + 8, + 8, + &keytype_des, + &checksum_rsa_md4, + &checksum_rsa_md4_des, + F_DISABLED, + evp_des_encrypt_null_ivec, + 0, + NULL +}; +static struct encryption_type enctype_des_cbc_md5 = { + ETYPE_DES_CBC_MD5, + "des-cbc-md5", + 8, + 8, + 8, + &keytype_des, + &checksum_rsa_md5, + &checksum_rsa_md5_des, + F_DISABLED, + evp_des_encrypt_null_ivec, + 0, + NULL +}; static struct encryption_type enctype_des_cbc_none = { ETYPE_DES_CBC_NONE, "des-cbc-none", @@ -2713,8 +2552,8 @@ static struct encryption_type enctype_des_cbc_none = { &keytype_des, &checksum_none, NULL, - F_PSEUDO, - DES_CBC_encrypt_null_ivec, + F_PSEUDO|F_DISABLED, + evp_des_encrypt_null_ivec, 0, NULL }; @@ -2724,10 +2563,10 @@ static struct encryption_type enctype_des_cfb64_none = { 1, 1, 0, - &keytype_des, + &keytype_des_old, &checksum_none, NULL, - F_PSEUDO, + F_PSEUDO|F_DISABLED, DES_CFB64_encrypt_null_ivec, 0, NULL @@ -2738,44 +2577,35 @@ static struct encryption_type enctype_des_pcbc_none = { 8, 8, 0, - &keytype_des, + &keytype_des_old, &checksum_none, NULL, - F_PSEUDO, + F_PSEUDO|F_DISABLED, DES_PCBC_encrypt_key_ivec, 0, NULL }; -static struct encryption_type enctype_des3_cbc_none = { - ETYPE_DES3_CBC_NONE, - "des3-cbc-none", - 8, - 8, - 0, - &keytype_des3_derived, - &checksum_none, - NULL, - F_PSEUDO, - DES3_CBC_encrypt, - 0, - NULL -}; +#endif /* WEAK_ENCTYPES */ static struct encryption_type *etypes[] = { - &enctype_null, - &enctype_des_cbc_crc, - &enctype_des_cbc_md4, - &enctype_des_cbc_md5, + &enctype_aes256_cts_hmac_sha1, + &enctype_aes128_cts_hmac_sha1, + &enctype_des3_cbc_sha1, + &enctype_des3_cbc_none, /* used by the gss-api mech */ &enctype_arcfour_hmac_md5, +#ifdef DES3_OLD_ENCTYPE &enctype_des3_cbc_md5, - &enctype_des3_cbc_sha1, &enctype_old_des3_cbc_sha1, - &enctype_aes128_cts_hmac_sha1, - &enctype_aes256_cts_hmac_sha1, +#endif +#ifdef WEAK_ENCTYPES + &enctype_des_cbc_crc, + &enctype_des_cbc_md4, + &enctype_des_cbc_md5, &enctype_des_cbc_none, &enctype_des_cfb64_none, &enctype_des_pcbc_none, - &enctype_des3_cbc_none +#endif + &enctype_null }; static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]); @@ -2878,37 +2708,6 @@ krb5_keytype_to_enctypes (krb5_context context, return 0; } -/* - * First take the configured list of etypes for `keytype' if available, - * else, do `krb5_keytype_to_enctypes'. - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_enctypes_default (krb5_context context, - krb5_keytype keytype, - unsigned *len, - krb5_enctype **val) -{ - unsigned int i, n; - krb5_enctype *ret; - - if (keytype != KEYTYPE_DES || context->etypes_des == NULL) - return krb5_keytype_to_enctypes (context, keytype, len, val); - - for (n = 0; context->etypes_des[n]; ++n) - ; - ret = malloc (n * sizeof(*ret)); - if (ret == NULL && n != 0) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); - return ENOMEM; - } - for (i = 0; i < n; ++i) - ret[i] = context->etypes_des[i]; - *len = n; - *val = ret; - return 0; -} - krb5_error_code KRB5_LIB_FUNCTION krb5_enctype_valid(krb5_context context, krb5_enctype etype) @@ -3032,9 +2831,6 @@ encrypt_internal_derived(krb5_context context, ret = _key_schedule(context, dkey); if(ret) goto fail; -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 1, block_sz, dkey->key); -#endif ret = (*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec); if (ret) goto fail; @@ -3098,9 +2894,6 @@ encrypt_internal(krb5_context context, ret = _key_schedule(context, &crypto->key); if(ret) goto fail; -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 1, block_sz, crypto->key.key); -#endif ret = (*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec); if (ret) { memset(p, 0, block_sz); @@ -3202,9 +2995,6 @@ decrypt_internal_derived(krb5_context context, free(p); return ret; } -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 0, len, dkey->key); -#endif ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec); if (ret) { free(p); @@ -3269,9 +3059,6 @@ decrypt_internal(krb5_context context, free(p); return ret; } -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 0, len, crypto->key.key); -#endif ret = (*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec); if (ret) { free(p); @@ -3346,9 +3133,389 @@ decrypt_internal_special(krb5_context context, return 0; } +/** + * Inline encrypt a kerberos message + * + * @param context Kerberos context + * @param crypto Kerberos crypto context + * @param usage Key usage for this buffer + * @param data array of buffers to process + * @param num_data length of array + * @param ivec initial cbc/cts vector + * + * @return Return an error code or 0. + * @ingroup krb5_crypto + * + * Kerberos encrypted data look like this: + * + * 1. KRB5_CRYPTO_TYPE_HEADER + * 2. array KRB5_CRYPTO_TYPE_DATA and KRB5_CRYPTO_TYPE_SIGN_ONLY in + * any order, however the receiver have to aware of the + * order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used headers and + * trailers. + * 3. KRB5_CRYPTO_TYPE_TRAILER + */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_encrypt_ivec(krb5_context context, +static krb5_crypto_iov * +find_iv(krb5_crypto_iov *data, int num_data, int type) +{ + int i; + for (i = 0; i < num_data; i++) + if (data[i].flags == type) + return &data[i]; + return NULL; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encrypt_iov_ivec(krb5_context context, + krb5_crypto crypto, + unsigned usage, + krb5_crypto_iov *data, + size_t num_data, + void *ivec) +{ + size_t headersz, trailersz, len; + size_t i, sz, block_sz, pad_sz; + Checksum cksum; + unsigned char *p, *q; + krb5_error_code ret; + struct key_data *dkey; + const struct encryption_type *et = crypto->et; + krb5_crypto_iov *tiv, *piv, *hiv; + + if(!derived_crypto(context, crypto)) { + krb5_clear_error_string(context); + return KRB5_CRYPTO_INTERNAL; + } + + headersz = et->confoundersize; + trailersz = CHECKSUMSIZE(et->keyed_checksum); + + for (len = 0, i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER && + data[i].flags == KRB5_CRYPTO_TYPE_DATA) { + len += data[i].data.length; + } + } + + sz = headersz + len; + block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ + + pad_sz = block_sz - sz; + trailersz += pad_sz; + + /* header */ + + hiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_HEADER); + if (hiv == NULL || hiv->data.length != headersz) + return KRB5_BAD_MSIZE; + + krb5_generate_random_block(hiv->data.data, hiv->data.length); + + /* padding */ + + piv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_PADDING); + /* its ok to have no TYPE_PADDING if there is no padding */ + if (piv == NULL && pad_sz != 0) + return KRB5_BAD_MSIZE; + if (piv) { + if (piv->data.length < pad_sz) + return KRB5_BAD_MSIZE; + piv->data.length = pad_sz; + } + + + /* trailer */ + + tiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_TRAILER); + if (tiv == NULL || tiv->data.length != trailersz) + return KRB5_BAD_MSIZE; + + + /* + * XXX replace with EVP_Sign? at least make create_checksum an iov + * function. + * XXX CTS EVP is broken, can't handle multi buffers :( + */ + + len = hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + + memcpy(q, hiv->data.data, hiv->data.length); + q += hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + ret = create_checksum(context, + et->keyed_checksum, + crypto, + INTEGRITY_USAGE(usage), + p, + len, + &cksum); + free(p); + if(ret == 0 && cksum.checksum.length != trailersz) { + free_Checksum (&cksum); + krb5_clear_error_string (context); + ret = KRB5_CRYPTO_INTERNAL; + } + if(ret) + return ret; + + /* save cksum at end */ + memcpy(tiv->data.data, cksum.checksum.data, cksum.checksum.length); + free_Checksum (&cksum); + + /* now encrypt data */ + + ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); + if(ret) + return ret; + ret = _key_schedule(context, dkey); + if(ret) + return ret; + + /* XXX replace with EVP_Cipher */ + + len = hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_PADDING) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + if(p == NULL) + return ENOMEM; + + memcpy(q, hiv->data.data, hiv->data.length); + q += hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_PADDING) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); + if(ret) { + free(p); + return ret; + } + ret = _key_schedule(context, dkey); + if(ret) { + free(p); + return ret; + } + + ret = (*et->encrypt)(context, dkey, p, len, 1, usage, ivec); + if (ret) { + free(p); + return ret; + } + + /* now copy data back to buffers */ + q = p; + memcpy(hiv->data.data, q, hiv->data.length); + q += hiv->data.length; + + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_PADDING) + continue; + memcpy(data[i].data.data, q, data[i].data.length); + q += data[i].data.length; + } + free(p); + + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decrypt_iov_ivec(krb5_context context, + krb5_crypto crypto, + unsigned usage, + krb5_crypto_iov *data, + size_t num_data, + void *ivec) +{ + size_t headersz, trailersz, len; + size_t i, sz, block_sz, pad_sz; + Checksum cksum; + unsigned char *p, *q; + krb5_error_code ret; + struct key_data *dkey; + struct encryption_type *et = crypto->et; + krb5_crypto_iov *tiv, *hiv; + + if(!derived_crypto(context, crypto)) { + krb5_clear_error_string(context); + return KRB5_CRYPTO_INTERNAL; + } + + headersz = et->confoundersize; + trailersz = CHECKSUMSIZE(et->keyed_checksum); + + for (len = 0, i = 0; i < num_data; i++) + if (data[i].flags == KRB5_CRYPTO_TYPE_DATA) + len += data[i].data.length; + + sz = headersz + len; + block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ + + pad_sz = block_sz - sz; + trailersz += pad_sz; + + /* header */ + + hiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_HEADER); + if (hiv == NULL || hiv->data.length < headersz) + return KRB5_BAD_MSIZE; + hiv->data.length = headersz; + + /* trailer */ + + tiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_TRAILER); + if (tiv == NULL || tiv->data.length < trailersz) + return KRB5_BAD_MSIZE; + tiv->data.length = trailersz; + + /* body */ + + /* XXX replace with EVP_Cipher */ + + for (len = 0, i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER && + data[i].flags != KRB5_CRYPTO_TYPE_DATA) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + if (p == NULL) + return ENOMEM; + + memcpy(q, hiv->data.data, hiv->data.length); + q += hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); + if(ret) { + free(p); + return ret; + } + ret = _key_schedule(context, dkey); + if(ret) { + free(p); + return ret; + } + + ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec); + if (ret) { + free(p); + return ret; + } + + /* XXX now copy data back to buffers */ + q = p; + memcpy(hiv->data.data, q, hiv->data.length); + q += hiv->data.length; + len -= hiv->data.length; + + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA) + continue; + if (len < data[i].data.length) + data[i].data.length = len; + memcpy(data[i].data.data, q, data[i].data.length); + q += data[i].data.length; + len -= data[i].data.length; + } + free(p); + if (len) + krb5_abortx(context, "data still in the buffer"); + + len = hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + + memcpy(q, hiv->data.data, hiv->data.length); + q += hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + cksum.checksum.data = tiv->data.data; + cksum.checksum.length = tiv->data.length; + cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum); + + ret = verify_checksum(context, + crypto, + INTEGRITY_USAGE(usage), + p, + len, + &cksum); + free(p); + if(ret) + return ret; + + return 0; +} + + +size_t KRB5_LIB_FUNCTION +krb5_crypto_length(krb5_context context, + krb5_crypto crypto, + int type) +{ + if (!derived_crypto(context, crypto)) + return (size_t)-1; + switch(type) { + case KRB5_CRYPTO_TYPE_EMPTY: + return 0; + case KRB5_CRYPTO_TYPE_HEADER: + return crypto->et->blocksize; + case KRB5_CRYPTO_TYPE_PADDING: + if (crypto->et->padsize > 1) + return crypto->et->padsize; + return 0; + case KRB5_CRYPTO_TYPE_TRAILER: + return CHECKSUMSIZE(crypto->et->keyed_checksum); + } + return (size_t)-1; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encrypt_ivec(krb5_context context, krb5_crypto crypto, unsigned usage, const void *data, @@ -3452,7 +3619,7 @@ seed_something(void) so use 0 for the entropy estimate */ if (RAND_file_name(seedfile, sizeof(seedfile))) { int fd; - fd = open(seedfile, O_RDONLY); + fd = open(seedfile, O_RDONLY | O_BINARY | O_CLOEXEC); if (fd >= 0) { ssize_t ret; rk_cloexec(fd); @@ -3652,7 +3819,7 @@ krb5_derive_key(krb5_context context, ret = derive_key(context, et, &d, constant, constant_len); if (ret == 0) ret = krb5_copy_keyblock(context, d.key, derived_key); - free_key_data(context, &d); + free_key_data(context, &d, et); return ret; } @@ -3727,19 +3894,23 @@ krb5_crypto_init(krb5_context context, } static void -free_key_data(krb5_context context, struct key_data *key) +free_key_data(krb5_context context, struct key_data *key, + struct encryption_type *et) { krb5_free_keyblock(context, key->key); if(key->schedule) { + if (et->keytype->cleanup) + (*et->keytype->cleanup)(context, key); memset(key->schedule->data, 0, key->schedule->length); krb5_free_data(context, key->schedule); } } static void -free_key_usage(krb5_context context, struct key_usage *ku) +free_key_usage(krb5_context context, struct key_usage *ku, + struct encryption_type *et) { - free_key_data(context, &ku->key); + free_key_data(context, &ku->key, et); } krb5_error_code KRB5_LIB_FUNCTION @@ -3749,9 +3920,9 @@ krb5_crypto_destroy(krb5_context context, int i; for(i = 0; i < crypto->num_key_usage; i++) - free_key_usage(context, &crypto->key_usage[i]); + free_key_usage(context, &crypto->key_usage[i], crypto->et); free(crypto->key_usage); - free_key_data(context, &crypto->key); + free_key_data(context, &crypto->key, crypto->et); free (crypto); return 0; } @@ -3792,6 +3963,18 @@ krb5_crypto_getconfoundersize(krb5_context context, return 0; } + +/** + * Disable encryption type + * + * @param context Kerberos 5 context + * @param enctype encryption type to disable + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_enctype_disable(krb5_context context, krb5_enctype enctype) @@ -3808,6 +3991,34 @@ krb5_enctype_disable(krb5_context context, return 0; } +/** + * Enable encryption type + * + * @param context Kerberos 5 context + * @param enctype encryption type to enable + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_enable(krb5_context context, + krb5_enctype enctype) +{ + struct encryption_type *et = _find_enctype(enctype); + if(et == NULL) { + if (context) + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + enctype); + return KRB5_PROG_ETYPE_NOSUPP; + } + et->flags &= ~F_DISABLED; + return 0; +} + + krb5_error_code KRB5_LIB_FUNCTION krb5_string_to_key_derived(krb5_context context, const void *str, @@ -3862,8 +4073,12 @@ krb5_string_to_key_derived(krb5_context context, &kd, "kerberos", /* XXX well known constant */ strlen("kerberos")); + if (ret) { + free_key_data(context, &kd, et); + return ret; + } ret = krb5_copy_keyblock_contents(context, kd.key, key); - free_key_data(context, &kd); + free_key_data(context, &kd, et); return ret; } @@ -4265,108 +4480,86 @@ krb5_crypto_prf(krb5_context context, return (*et->prf)(context, crypto, input, output); } - +#ifndef HEIMDAL_SMALLER +/* + * First take the configured list of etypes for `keytype' if available, + * else, do `krb5_keytype_to_enctypes'. + */ -#ifdef CRYPTO_DEBUG - -static krb5_error_code -krb5_get_keyid(krb5_context context, - krb5_keyblock *key, - uint32_t *keyid) +krb5_error_code KRB5_LIB_FUNCTION +krb5_keytype_to_enctypes_default (krb5_context context, + krb5_keytype keytype, + unsigned *len, + krb5_enctype **val) + __attribute__((deprecated)) { - MD5_CTX md5; - unsigned char tmp[16]; + unsigned int i, n; + krb5_enctype *ret; - MD5_Init (&md5); - MD5_Update (&md5, key->keyvalue.data, key->keyvalue.length); - MD5_Final (tmp, &md5); - *keyid = (tmp[12] << 24) | (tmp[13] << 16) | (tmp[14] << 8) | tmp[15]; + if (keytype != KEYTYPE_DES || context->etypes_des == NULL) + return krb5_keytype_to_enctypes (context, keytype, len, val); + + for (n = 0; context->etypes_des[n]; ++n) + ; + ret = malloc (n * sizeof(*ret)); + if (ret == NULL && n != 0) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + for (i = 0; i < n; ++i) + ret[i] = context->etypes_des[i]; + *len = n; + *val = ret; return 0; } -static void -krb5_crypto_debug(krb5_context context, - int encryptp, - size_t len, - krb5_keyblock *key) +krb5_error_code KRB5_LIB_FUNCTION +krb5_keytype_to_string(krb5_context context, + krb5_keytype keytype, + char **string) + __attribute__((deprecated)) { - uint32_t keyid; - char *kt; - krb5_get_keyid(context, key, &keyid); - krb5_enctype_to_string(context, key->keytype, &kt); - krb5_warnx(context, "%s %lu bytes with key-id %#x (%s)", - encryptp ? "encrypting" : "decrypting", - (unsigned long)len, - keyid, - kt); - free(kt); + struct key_type *kt = _find_keytype(keytype); + if(kt == NULL) { + krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, + "key type %d not supported", keytype); + return KRB5_PROG_KEYTYPE_NOSUPP; + } + *string = strdup(kt->name); + if(*string == NULL) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + return 0; } -#endif /* CRYPTO_DEBUG */ -#if 0 -int -main() +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_keytype(krb5_context context, + const char *string, + krb5_keytype *keytype) + __attribute__((deprecated)) { -#if 0 - int i; - krb5_context context; - krb5_crypto crypto; - struct key_data *d; - krb5_keyblock key; - char constant[4]; - unsigned usage = ENCRYPTION_USAGE(3); - krb5_error_code ret; - - ret = krb5_init_context(&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); - - key.keytype = ETYPE_NEW_DES3_CBC_SHA1; - key.keyvalue.data = "\xb3\x85\x58\x94\xd9\xdc\x7c\xc8" - "\x25\xe9\x85\xab\x3e\xb5\xfb\x0e" - "\xc8\xdf\xab\x26\x86\x64\x15\x25"; - key.keyvalue.length = 24; - - krb5_crypto_init(context, &key, 0, &crypto); - - d = _new_derived_key(crypto, usage); - if(d == NULL) - krb5_errx(context, 1, "_new_derived_key failed"); - krb5_copy_keyblock(context, crypto->key.key, &d->key); - _krb5_put_int(constant, usage, 4); - derive_key(context, crypto->et, d, constant, sizeof(constant)); - return 0; -#else + char *end; int i; - krb5_context context; - krb5_crypto crypto; - struct key_data *d; - krb5_keyblock key; - krb5_error_code ret; - Checksum res; - - char *data = "what do ya want for nothing?"; - ret = krb5_init_context(&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); - - key.keytype = ETYPE_NEW_DES3_CBC_SHA1; - key.keyvalue.data = "Jefe"; - /* "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */ - key.keyvalue.length = 4; + for(i = 0; i < num_keytypes; i++) + if(strcasecmp(keytypes[i]->name, string) == 0){ + *keytype = keytypes[i]->type; + return 0; + } - d = ecalloc(1, sizeof(*d)); - d->key = &key; - res.checksum.length = 20; - res.checksum.data = emalloc(res.checksum.length); - SP_HMAC_SHA1_checksum(context, d, data, 28, &res); + /* check if the enctype is a number */ + *keytype = strtol(string, &end, 0); + if(*end == '\0' && *keytype != 0) { + if (krb5_enctype_valid(context, *keytype) == 0) + return 0; + } - return 0; -#endif + krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, + "key type %s not supported", string); + return KRB5_PROG_KEYTYPE_NOSUPP; } #endif diff --git a/source4/heimdal/lib/krb5/data.c b/source4/heimdal/lib/krb5/data.c index 2b78bfb32b..0286316214 100644 --- a/source4/heimdal/lib/krb5/data.c +++ b/source4/heimdal/lib/krb5/data.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: data.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); /** * Reset the (potentially uninitalized) krb5_data structure. diff --git a/source4/heimdal/lib/krb5/eai_to_heim_errno.c b/source4/heimdal/lib/krb5/eai_to_heim_errno.c index 19315cea86..c06e8fb9bb 100644 --- a/source4/heimdal/lib/krb5/eai_to_heim_errno.c +++ b/source4/heimdal/lib/krb5/eai_to_heim_errno.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: eai_to_heim_errno.c 22065 2007-11-11 16:41:06Z lha $"); +RCSID("$Id$"); /** * Convert the getaddrinfo() error code to a Kerberos et error code. diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c index 6679b76749..17bc30572b 100644 --- a/source4/heimdal/lib/krb5/error_string.c +++ b/source4/heimdal/lib/krb5/error_string.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: error_string.c 23274 2008-06-23 03:25:08Z lha $"); +RCSID("$Id$"); #undef __attribute__ #define __attribute__(X) @@ -199,7 +199,7 @@ krb5_free_error_message(krb5_context context, const char *msg) * @param context Kerberos context * @param msg error message to free * - * @ingroup krb5_error + * @ingroup krb5_deprecated */ void KRB5_LIB_FUNCTION __attribute__((deprecated)) @@ -208,6 +208,16 @@ krb5_free_error_string(krb5_context context, char *str) krb5_free_error_message(context, str); } +/** + * Set the error message returned by krb5_get_error_string(), + * deprecated, use krb5_set_error_message(). + * + * @param context Kerberos context + * @param msg error message to free + * + * @ingroup krb5_deprecated + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_set_error_string(krb5_context context, const char *fmt, ...) __attribute__((format (printf, 2, 3))) __attribute__((deprecated)) @@ -220,6 +230,16 @@ krb5_set_error_string(krb5_context context, const char *fmt, ...) return 0; } +/** + * Set the error message returned by krb5_get_error_string(), + * deprecated, use krb5_set_error_message(). + * + * @param context Kerberos context + * @param msg error message to free + * + * @ingroup krb5_deprecated + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_vset_error_string(krb5_context context, const char *fmt, va_list args) __attribute__ ((format (printf, 2, 0))) __attribute__((deprecated)) diff --git a/source4/heimdal/lib/krb5/expand_hostname.c b/source4/heimdal/lib/krb5/expand_hostname.c index d06d576432..4ada4b8110 100644 --- a/source4/heimdal/lib/krb5/expand_hostname.c +++ b/source4/heimdal/lib/krb5/expand_hostname.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: expand_hostname.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); static krb5_error_code copy_hostname(krb5_context context, diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c index 8951bdb24e..fc11893452 100644 --- a/source4/heimdal/lib/krb5/fcache.c +++ b/source4/heimdal/lib/krb5/fcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: fcache.c 23444 2008-07-27 12:07:47Z lha $"); +RCSID("$Id$"); typedef struct krb5_fcache{ char *filename; @@ -395,7 +395,7 @@ fcc_initialize(krb5_context context, unlink (filename); - ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); + ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if(ret) return ret; { @@ -462,7 +462,7 @@ fcc_store_cred(krb5_context context, int ret; int fd; - ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY, 0); + ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY | O_CLOEXEC, 0); if(ret) return ret; { @@ -503,7 +503,7 @@ init_fcc (krb5_context context, krb5_storage *sp; krb5_error_code ret; - ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY, 0); + ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0); if(ret) return ret; @@ -851,14 +851,14 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) int fd1, fd2; char buf[BUFSIZ]; - ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY, 0); + ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY | O_CLOEXEC, 0); if(ret) return ret; unlink(FILENAME(to)); ret = fcc_open(context, to, &fd2, - O_WRONLY | O_CREAT | O_EXCL | O_BINARY, 0600); + O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if(ret) goto out1; diff --git a/source4/heimdal/lib/krb5/free.c b/source4/heimdal/lib/krb5/free.c index 1b0bd05412..d0eac84ca1 100644 --- a/source4/heimdal/lib/krb5/free.c +++ b/source4/heimdal/lib/krb5/free.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: free.c 15175 2005-05-18 10:06:16Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep) diff --git a/source4/heimdal/lib/krb5/free_host_realm.c b/source4/heimdal/lib/krb5/free_host_realm.c index 6b13ce7d0e..a9287de5fd 100644 --- a/source4/heimdal/lib/krb5/free_host_realm.c +++ b/source4/heimdal/lib/krb5/free_host_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: free_host_realm.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); /* * Free all memory allocated by `realmlist' diff --git a/source4/heimdal/lib/krb5/generate_seq_number.c b/source4/heimdal/lib/krb5/generate_seq_number.c index 8a04f048c8..472fff7fd5 100644 --- a/source4/heimdal/lib/krb5/generate_seq_number.c +++ b/source4/heimdal/lib/krb5/generate_seq_number.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: generate_seq_number.c 17442 2006-05-05 09:31:15Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_generate_seq_number(krb5_context context, diff --git a/source4/heimdal/lib/krb5/generate_subkey.c b/source4/heimdal/lib/krb5/generate_subkey.c index fb7efbcd29..aa68d14df6 100644 --- a/source4/heimdal/lib/krb5/generate_subkey.c +++ b/source4/heimdal/lib/krb5/generate_subkey.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: generate_subkey.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_generate_subkey(krb5_context context, diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index 268550b229..c19a5e4abc 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_cred.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); /* * Take the `body' and encode it into `padata' using the credentials diff --git a/source4/heimdal/lib/krb5/get_default_principal.c b/source4/heimdal/lib/krb5/get_default_principal.c index 5a7a7829fc..6a56218ed7 100644 --- a/source4/heimdal/lib/krb5/get_default_principal.c +++ b/source4/heimdal/lib/krb5/get_default_principal.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_default_principal.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); /* * Try to find out what's a reasonable default principal. diff --git a/source4/heimdal/lib/krb5/get_default_realm.c b/source4/heimdal/lib/krb5/get_default_realm.c index 1c996031e8..8e8c1ef974 100644 --- a/source4/heimdal/lib/krb5/get_default_realm.c +++ b/source4/heimdal/lib/krb5/get_default_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_default_realm.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); /* * Return a NULL-terminated list of default realms in `realms'. diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index a8aac950ec..f005460e3f 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_for_creds.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); static krb5_error_code add_addrs(krb5_context context, diff --git a/source4/heimdal/lib/krb5/get_host_realm.c b/source4/heimdal/lib/krb5/get_host_realm.c index f4c875b347..e226598101 100644 --- a/source4/heimdal/lib/krb5/get_host_realm.c +++ b/source4/heimdal/lib/krb5/get_host_realm.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: get_host_realm.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* To automagically find the correct realm of a host (without * [domain_realm] in krb5.conf) add a text record for your domain with diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c index 8bdc8c0eb2..c835a9a29e 100644 --- a/source4/heimdal/lib/krb5/get_in_tkt.c +++ b/source4/heimdal/lib/krb5/get_in_tkt.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_init_etype (krb5_context context, @@ -383,8 +383,7 @@ _krb5_extract_ticket(krb5_context context, * based on the DNS Name. */ flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; - flags |=EXTRACT_TICKET_ALLOW_CNAME_MISMATCH ; - + flags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH; /* compare client and save */ ret = _krb5_principalname2krb5_principal (context, diff --git a/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c b/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c index 52f95c4bc4..78a1c340ac 100644 --- a/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c +++ b/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt_with_keytab.c 15477 2005-06-17 04:56:44Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_keytab_key_proc (krb5_context context, diff --git a/source4/heimdal/lib/krb5/get_port.c b/source4/heimdal/lib/krb5/get_port.c index 85587ea766..895c21a433 100644 --- a/source4/heimdal/lib/krb5/get_port.c +++ b/source4/heimdal/lib/krb5/get_port.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: get_port.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); int KRB5_LIB_FUNCTION krb5_getportbyname (krb5_context context, diff --git a/source4/heimdal/lib/krb5/heim_err.et b/source4/heimdal/lib/krb5/heim_err.et index 1b8ab49bc1..547a14e04c 100644 --- a/source4/heimdal/lib/krb5/heim_err.et +++ b/source4/heimdal/lib/krb5/heim_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: heim_err.et 13352 2004-02-13 16:23:40Z lha $" +id "$Id$" error_table heim diff --git a/source4/heimdal/lib/krb5/heim_threads.h b/source4/heimdal/lib/krb5/heim_threads.h old mode 100755 new mode 100644 index 3c27d13d81..c550499499 --- a/source4/heimdal/lib/krb5/heim_threads.h +++ b/source4/heimdal/lib/krb5/heim_threads.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: heim_threads.h 14409 2004-12-18 16:03:38Z lha $ */ +/* $Id$ */ /* * Provide wrapper macros for thread synchronization primitives so we diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c index 74c9ff78e5..b2b3b6550d 100644 --- a/source4/heimdal/lib/krb5/init_creds.c +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index e3098b0a92..f56d069b37 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); typedef struct krb5_get_init_creds_ctx { KDCOptions flags; diff --git a/source4/heimdal/lib/krb5/k524_err.et b/source4/heimdal/lib/krb5/k524_err.et index 0ca25f74d4..4827b397af 100644 --- a/source4/heimdal/lib/krb5/k524_err.et +++ b/source4/heimdal/lib/krb5/k524_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: k524_err.et 10141 2001-06-20 02:45:58Z joda $" +id "$Id$" error_table k524 diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c index 0c91fbb3a0..d5f38c5aaf 100644 --- a/source4/heimdal/lib/krb5/kcm.c +++ b/source4/heimdal/lib/krb5/kcm.c @@ -43,7 +43,7 @@ #include "kcm.h" -RCSID("$Id: kcm.c 23446 2008-07-27 12:08:37Z lha $"); +RCSID("$Id$"); typedef struct krb5_kcmcache { char *name; @@ -105,7 +105,7 @@ try_unix_socket(krb5_context context, krb5_error_code ret; int fd; - fd = socket(AF_UNIX, SOCK_STREAM, 0); + fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0); if (fd < 0) return KRB5_CC_IO; rk_cloexec(fd); diff --git a/source4/heimdal/lib/krb5/keyblock.c b/source4/heimdal/lib/krb5/keyblock.c index fa19e1e726..38a856624e 100644 --- a/source4/heimdal/lib/krb5/keyblock.c +++ b/source4/heimdal/lib/krb5/keyblock.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keyblock.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); void KRB5_LIB_FUNCTION krb5_keyblock_zero(krb5_keyblock *keyblock) diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c index 09e130d850..f3e6b9e8f4 100644 --- a/source4/heimdal/lib/krb5/keytab.c +++ b/source4/heimdal/lib/krb5/keytab.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* * Register a new keytab in `ops' @@ -341,6 +341,7 @@ krb5_kt_get_entry(krb5_context context, if (ret) { /* This is needed for krb5_verify_init_creds, but keep error * string from previous error for the human. */ + context->error_code = KRB5_KT_NOTFOUND; return KRB5_KT_NOTFOUND; } diff --git a/source4/heimdal/lib/krb5/keytab_any.c b/source4/heimdal/lib/krb5/keytab_any.c index 9e93191045..a4b15394a5 100644 --- a/source4/heimdal/lib/krb5/keytab_any.c +++ b/source4/heimdal/lib/krb5/keytab_any.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_any.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct any_data { krb5_keytab kt; diff --git a/source4/heimdal/lib/krb5/keytab_file.c b/source4/heimdal/lib/krb5/keytab_file.c index e830ab3412..17f2d57742 100644 --- a/source4/heimdal/lib/krb5/keytab_file.c +++ b/source4/heimdal/lib/krb5/keytab_file.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_file.c 23469 2008-07-27 12:17:12Z lha $"); +RCSID("$Id$"); #define KRB5_KT_VNO_1 1 #define KRB5_KT_VNO_2 2 @@ -385,7 +385,7 @@ fkt_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *c) { - return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY, 0, c); + return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY | O_CLOEXEC, 0, c); } static krb5_error_code @@ -488,9 +488,9 @@ fkt_add_entry(krb5_context context, krb5_data keytab; int32_t len; - fd = open (d->filename, O_RDWR | O_BINARY); + fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC); if (fd < 0) { - fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); + fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if (fd < 0) { ret = errno; krb5_set_error_message(context, ret, "open(%s): %s", d->filename, @@ -632,7 +632,7 @@ fkt_remove_entry(krb5_context context, int found = 0; krb5_error_code ret; - ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY, 1, &cursor); + ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY | O_CLOEXEC, 1, &cursor); if(ret != 0) goto out; /* return other error here? */ while(fkt_next_entry_int(context, id, &e, &cursor, diff --git a/source4/heimdal/lib/krb5/keytab_keyfile.c b/source4/heimdal/lib/krb5/keytab_keyfile.c index 7e14cbd329..3339a96319 100644 --- a/source4/heimdal/lib/krb5/keytab_keyfile.c +++ b/source4/heimdal/lib/krb5/keytab_keyfile.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* afs keyfile operations --------------------------------------- */ @@ -194,7 +194,7 @@ akf_start_seq_get(krb5_context context, int32_t ret; struct akf_data *d = id->data; - c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600); + c->fd = open (d->filename, O_RDONLY | O_BINARY | O_CLOEXEC, 0600); if (c->fd < 0) { ret = errno; krb5_set_error_message(context, ret, "keytab afs keyfil open %s failed: %s", @@ -301,10 +301,10 @@ akf_add_entry(krb5_context context, return 0; } - fd = open (d->filename, O_RDWR | O_BINARY); + fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC); if (fd < 0) { fd = open (d->filename, - O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600); + O_RDWR | O_BINARY | O_CREAT | O_EXCL | O_CLOEXEC, 0600); if (fd < 0) { ret = errno; krb5_set_error_message(context, ret, "open(%s): %s", d->filename, diff --git a/source4/heimdal/lib/krb5/keytab_memory.c b/source4/heimdal/lib/krb5/keytab_memory.c index eabee7c693..5f648d9bce 100644 --- a/source4/heimdal/lib/krb5/keytab_memory.c +++ b/source4/heimdal/lib/krb5/keytab_memory.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_memory.c 23293 2008-06-23 03:28:22Z lha $"); +RCSID("$Id$"); /* memory operations -------------------------------------------- */ diff --git a/source4/heimdal/lib/krb5/krb5-v4compat.h b/source4/heimdal/lib/krb5/krb5-v4compat.h index dfd7e94460..9470f10337 100644 --- a/source4/heimdal/lib/krb5/krb5-v4compat.h +++ b/source4/heimdal/lib/krb5/krb5-v4compat.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5-v4compat.h 21575 2007-07-16 07:44:54Z lha $ */ +/* $Id$ */ #ifndef __KRB5_V4COMPAT_H__ #define __KRB5_V4COMPAT_H__ diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index b1e2781d52..aedabcc350 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h 23026 2008-04-17 10:02:03Z lha $ */ +/* $Id$ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -761,6 +761,28 @@ struct credentials; /* this is to keep the compiler happy */ struct getargs; struct sockaddr; +/** + * Semi private, not stable yet + */ + +typedef struct krb5_crypto_iov { + unsigned int flags; + /* ignored */ +#define KRB5_CRYPTO_TYPE_EMPTY 0 + /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */ +#define KRB5_CRYPTO_TYPE_HEADER 1 + /* IN and OUT */ +#define KRB5_CRYPTO_TYPE_DATA 2 + /* IN */ +#define KRB5_CRYPTO_TYPE_SIGN_ONLY 3 + /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ +#define KRB5_CRYPTO_TYPE_PADDING 4 + /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ +#define KRB5_CRYPTO_TYPE_TRAILER 5 + krb5_data data; +} krb5_crypto_iov; + + #include /* variables */ diff --git a/source4/heimdal/lib/krb5/krb5_ccapi.h b/source4/heimdal/lib/krb5/krb5_ccapi.h index 59a38425c2..7a8ac584a1 100644 --- a/source4/heimdal/lib/krb5/krb5_ccapi.h +++ b/source4/heimdal/lib/krb5/krb5_ccapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_ccapi.h 22090 2007-12-02 23:23:43Z lha $ */ +/* $Id$ */ #ifndef KRB5_CCAPI_H #define KRB5_CCAPI_H 1 diff --git a/source4/heimdal/lib/krb5/krb5_err.et b/source4/heimdal/lib/krb5/krb5_err.et index 8e49ffcc4a..c076992d0b 100644 --- a/source4/heimdal/lib/krb5/krb5_err.et +++ b/source4/heimdal/lib/krb5/krb5_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: krb5_err.et 23354 2008-07-15 11:23:34Z lha $" +id "$Id$" error_table krb5 @@ -110,7 +110,7 @@ error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not suppo index 128 prefix -error_code KRB5_ERR_RCSID, "$Id: krb5_err.et 23354 2008-07-15 11:23:34Z lha $" +error_code KRB5_ERR_RCSID, "$Id$" error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode" error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password" diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index aaabd4541b..73075bf56c 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h 23324 2008-06-26 03:54:45Z lha $ */ +/* $Id$ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ @@ -133,6 +133,7 @@ struct sockaddr_dl; #include +#define HC_DEPRECATED_CRYPTO #include "crypto-headers.h" @@ -176,6 +177,15 @@ struct _krb5_krb_auth_data; #define O_BINARY 0 #endif +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + +#ifndef SOCK_CLOEXEC +#define SOCK_CLOEXEC 0 +#endif + + #define KRB5_BUFSIZ 1024 typedef enum { diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c index 3514a026b7..8e49818c50 100644 --- a/source4/heimdal/lib/krb5/krbhst.c +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -35,7 +35,7 @@ #include #include "locate_plugin.h" -RCSID("$Id: krbhst.c 23447 2008-07-27 12:09:05Z lha $"); +RCSID("$Id$"); static int string_to_proto(const char *string) diff --git a/source4/heimdal/lib/krb5/locate_plugin.h b/source4/heimdal/lib/krb5/locate_plugin.h index a342617d38..baca037ebc 100644 --- a/source4/heimdal/lib/krb5/locate_plugin.h +++ b/source4/heimdal/lib/krb5/locate_plugin.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: locate_plugin.h 23351 2008-07-15 11:22:39Z lha $ */ +/* $Id$ */ #ifndef HEIMDAL_KRB5_LOCATE_PLUGIN_H #define HEIMDAL_KRB5_LOCATE_PLUGIN_H 1 diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c index 721e3691ca..2ed061c80b 100644 --- a/source4/heimdal/lib/krb5/log.c +++ b/source4/heimdal/lib/krb5/log.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: log.c 23443 2008-07-27 12:07:25Z lha $"); +RCSID("$Id$"); struct facility { int min; @@ -358,12 +358,12 @@ krb5_openlog(krb5_context context, if(p == NULL) p = krb5_config_get_strings(context, NULL, "logging", "default", NULL); if(p){ - for(q = p; *q; q++) + for(q = p; *q && ret == 0; q++) ret = krb5_addlog_dest(context, *fac, *q); krb5_config_free_strings(p); }else ret = krb5_addlog_dest(context, *fac, "SYSLOG"); - return 0; + return ret; } krb5_error_code KRB5_LIB_FUNCTION diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c index 682f9f6abd..3f26b27a46 100644 --- a/source4/heimdal/lib/krb5/mcache.c +++ b/source4/heimdal/lib/krb5/mcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mcache.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); typedef struct krb5_mcache { char *name; diff --git a/source4/heimdal/lib/krb5/misc.c b/source4/heimdal/lib/krb5/misc.c index 8050bdb9b4..1ed4f08d77 100644 --- a/source4/heimdal/lib/krb5/misc.c +++ b/source4/heimdal/lib/krb5/misc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: misc.c 21174 2007-06-19 10:10:58Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION _krb5_s4u2self_to_checksumdata(krb5_context context, diff --git a/source4/heimdal/lib/krb5/mit_glue.c b/source4/heimdal/lib/krb5/mit_glue.c old mode 100755 new mode 100644 index 7440d54762..c157c5d365 --- a/source4/heimdal/lib/krb5/mit_glue.c +++ b/source4/heimdal/lib/krb5/mit_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: mit_glue.c 20042 2007-01-23 20:37:43Z lha $"); +RCSID("$Id$"); /* * Glue for MIT API diff --git a/source4/heimdal/lib/krb5/mk_error.c b/source4/heimdal/lib/krb5/mk_error.c index 7046649934..d4c3867edd 100644 --- a/source4/heimdal/lib/krb5/mk_error.c +++ b/source4/heimdal/lib/krb5/mk_error.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mk_error.c 15457 2005-06-16 21:16:40Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_mk_error(krb5_context context, diff --git a/source4/heimdal/lib/krb5/mk_priv.c b/source4/heimdal/lib/krb5/mk_priv.c index 3b4b6e30b7..a1a9ea4dff 100644 --- a/source4/heimdal/lib/krb5/mk_priv.c +++ b/source4/heimdal/lib/krb5/mk_priv.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_priv.c 23297 2008-06-23 03:28:53Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION diff --git a/source4/heimdal/lib/krb5/mk_rep.c b/source4/heimdal/lib/krb5/mk_rep.c index 069df42e26..65c97b5803 100644 --- a/source4/heimdal/lib/krb5/mk_rep.c +++ b/source4/heimdal/lib/krb5/mk_rep.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_rep.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_mk_rep(krb5_context context, diff --git a/source4/heimdal/lib/krb5/mk_req.c b/source4/heimdal/lib/krb5/mk_req.c index 5f64f01e95..1068aaa668 100644 --- a/source4/heimdal/lib/krb5/mk_req.c +++ b/source4/heimdal/lib/krb5/mk_req.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_req.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_mk_req_exact(krb5_context context, diff --git a/source4/heimdal/lib/krb5/mk_req_ext.c b/source4/heimdal/lib/krb5/mk_req_ext.c index b6d55c8815..645dadee22 100644 --- a/source4/heimdal/lib/krb5/mk_req_ext.c +++ b/source4/heimdal/lib/krb5/mk_req_ext.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: mk_req_ext.c 19511 2006-12-27 12:07:22Z lha $"); +RCSID("$Id$"); krb5_error_code _krb5_mk_req_internal(krb5_context context, diff --git a/source4/heimdal/lib/krb5/n-fold.c b/source4/heimdal/lib/krb5/n-fold.c index 287f8cf64f..147f6aeac7 100644 --- a/source4/heimdal/lib/krb5/n-fold.c +++ b/source4/heimdal/lib/krb5/n-fold.c @@ -32,7 +32,7 @@ #include "krb5_locl.h" -RCSID("$Id: n-fold.c 22923 2008-04-08 14:51:33Z lha $"); +RCSID("$Id$"); static krb5_error_code rr13(unsigned char *buf, size_t len) diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c index fbc754efda..ac7e3eda9b 100644 --- a/source4/heimdal/lib/krb5/pac.c +++ b/source4/heimdal/lib/krb5/pac.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: pac.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct PAC_INFO_BUFFER { uint32_t type; @@ -819,7 +819,7 @@ pac_checksum(krb5_context context, return ret; ret = krb5_crypto_get_checksum_type(context, crypto, &cktype); - ret = krb5_crypto_destroy(context, crypto); + krb5_crypto_destroy(context, crypto); if (ret) return ret; diff --git a/source4/heimdal/lib/krb5/padata.c b/source4/heimdal/lib/krb5/padata.c index 9dc3fe69a5..2cd3c18287 100644 --- a/source4/heimdal/lib/krb5/padata.c +++ b/source4/heimdal/lib/krb5/padata.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: padata.c 23300 2008-06-23 03:29:22Z lha $"); +RCSID("$Id$"); PA_DATA * krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx) diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c old mode 100755 new mode 100644 index 1e82971c6e..634ef26c7f --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c 23450 2008-07-27 12:10:10Z lha $"); +RCSID("$Id$"); struct krb5_dh_moduli { char *name; @@ -381,7 +381,7 @@ build_auth_pack(krb5_context context, ret = krb5_data_alloc(a->clientDHNonce, 40); if (a->clientDHNonce == NULL) { krb5_clear_error_string(context); - return ENOMEM; + return ret; } memset(a->clientDHNonce->data, 0, a->clientDHNonce->length); ret = krb5_copy_data(context, a->clientDHNonce, diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c index 8dda27fa59..fb1ee32285 100644 --- a/source4/heimdal/lib/krb5/plugin.c +++ b/source4/heimdal/lib/krb5/plugin.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: plugin.c 23451 2008-07-27 12:10:30Z lha $"); +RCSID("$Id$"); #ifdef HAVE_DLFCN_H #include #endif diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index 0d6d72dbcf..3a1d184c3d 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -57,7 +57,7 @@ host/admin@H5L.ORG #include #include "resolve.h" -RCSID("$Id: principal.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) @@ -1259,7 +1259,14 @@ krb5_sname_to_principal (krb5_context context, return KRB5_SNAME_UNSUPP_NAMETYPE; } if(hostname == NULL) { - gethostname(localhost, sizeof(localhost)); + ret = gethostname(localhost, sizeof(localhost) - 1); + if (ret != 0) { + ret = errno; + krb5_set_error_message(context, ret, + "Failed to get local hostname"); + return ret; + } + localhost[sizeof(localhost) - 1] = '\0'; hostname = localhost; } if(sname == NULL) diff --git a/source4/heimdal/lib/krb5/prompter_posix.c b/source4/heimdal/lib/krb5/prompter_posix.c index e0f407fb24..840bb328ca 100644 --- a/source4/heimdal/lib/krb5/prompter_posix.c +++ b/source4/heimdal/lib/krb5/prompter_posix.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: prompter_posix.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); int KRB5_LIB_FUNCTION krb5_prompter_posix (krb5_context context, diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c index 26aa3f2d79..e2807c20d0 100644 --- a/source4/heimdal/lib/krb5/rd_cred.c +++ b/source4/heimdal/lib/krb5/rd_cred.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_cred.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); static krb5_error_code compare_addrs(krb5_context context, diff --git a/source4/heimdal/lib/krb5/rd_error.c b/source4/heimdal/lib/krb5/rd_error.c index 9e50af539a..9f23d8df29 100644 --- a/source4/heimdal/lib/krb5/rd_error.c +++ b/source4/heimdal/lib/krb5/rd_error.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: rd_error.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_error(krb5_context context, diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c index ed7a2ccc52..da8f44febb 100644 --- a/source4/heimdal/lib/krb5/rd_priv.c +++ b/source4/heimdal/lib/krb5/rd_priv.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_priv.c 21751 2007-07-31 20:42:20Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_priv(krb5_context context, @@ -50,14 +50,18 @@ krb5_rd_priv(krb5_context context, krb5_keyblock *key; krb5_crypto crypto; - if (outbuf) - krb5_data_zero(outbuf); + krb5_data_zero(outbuf); if ((auth_context->flags & - (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && - outdata == NULL) { - krb5_clear_error_string (context); - return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ + (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) + { + if (outdata == NULL) { + krb5_clear_error_string (context); + return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ + } + /* if these fields are not present in the priv-part, silently + return zero */ + memset(outdata, 0, sizeof(*outdata)); } memset(&priv, 0, sizeof(priv)); @@ -165,9 +169,6 @@ krb5_rd_priv(krb5_context context, if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) { - /* if these fields are not present in the priv-part, silently - return zero */ - memset(outdata, 0, sizeof(*outdata)); if(part.timestamp) outdata->timestamp = *part.timestamp; if(part.usec) diff --git a/source4/heimdal/lib/krb5/rd_rep.c b/source4/heimdal/lib/krb5/rd_rep.c index 0e6e3d09af..846de26c60 100644 --- a/source4/heimdal/lib/krb5/rd_rep.c +++ b/source4/heimdal/lib/krb5/rd_rep.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_rep.c 23304 2008-06-23 03:29:56Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_rep(krb5_context context, diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index ddf1f69ae4..ef91f9fdd6 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_req.c 23415 2008-07-26 18:35:44Z lha $"); +RCSID("$Id$"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, diff --git a/source4/heimdal/lib/krb5/replay.c b/source4/heimdal/lib/krb5/replay.c index 7639bfa2ce..cd717f27ac 100644 --- a/source4/heimdal/lib/krb5/replay.c +++ b/source4/heimdal/lib/krb5/replay.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: replay.c 23467 2008-07-27 12:16:37Z lha $"); +RCSID("$Id$"); struct krb5_rcache_data { char *name; diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c index 1ddb5afd1f..45b728aa6c 100644 --- a/source4/heimdal/lib/krb5/send_to_kdc.c +++ b/source4/heimdal/lib/krb5/send_to_kdc.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "send_to_kdc_plugin.h" -RCSID("$Id: send_to_kdc.c 23448 2008-07-27 12:09:22Z lha $"); +RCSID("$Id$"); struct send_to_kdc { krb5_send_to_kdc_func func; @@ -288,7 +288,7 @@ send_via_proxy (krb5_context context, return krb5_eai_to_heim_errno(ret, errno); for (a = ai; a != NULL; a = a->ai_next) { - s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + s = socket (a->ai_family, a->ai_socktype, a->ai_protocol | SOCK_CLOEXEC); if (s < 0) continue; rk_cloexec(s); @@ -411,7 +411,7 @@ krb5_sendto (krb5_context context, continue; for (a = ai; a != NULL; a = a->ai_next) { - fd = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + fd = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); if (fd < 0) continue; rk_cloexec(fd); diff --git a/source4/heimdal/lib/krb5/set_default_realm.c b/source4/heimdal/lib/krb5/set_default_realm.c index 55abf2ea7d..c21ac453a2 100644 --- a/source4/heimdal/lib/krb5/set_default_realm.c +++ b/source4/heimdal/lib/krb5/set_default_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: set_default_realm.c 23309 2008-06-23 03:30:41Z lha $"); +RCSID("$Id$"); /* * Convert the simple string `s' into a NULL-terminated and freshly allocated diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c index c9cbbb5cef..321ca633a6 100644 --- a/source4/heimdal/lib/krb5/store.c +++ b/source4/heimdal/lib/krb5/store.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store.c 22071 2007-11-14 20:04:50Z lha $"); +RCSID("$Id$"); #define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V)) #define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE) diff --git a/source4/heimdal/lib/krb5/store_emem.c b/source4/heimdal/lib/krb5/store_emem.c index c38c1b53c3..3cb561ec77 100644 --- a/source4/heimdal/lib/krb5/store_emem.c +++ b/source4/heimdal/lib/krb5/store_emem.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_emem.c 22574 2008-02-05 20:31:55Z lha $"); +RCSID("$Id$"); typedef struct emem_storage{ unsigned char *base; diff --git a/source4/heimdal/lib/krb5/store_fd.c b/source4/heimdal/lib/krb5/store_fd.c index 15f86fcac3..21fa171c28 100644 --- a/source4/heimdal/lib/krb5/store_fd.c +++ b/source4/heimdal/lib/krb5/store_fd.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_fd.c 17779 2006-06-30 21:23:19Z lha $"); +RCSID("$Id$"); typedef struct fd_storage { int fd; diff --git a/source4/heimdal/lib/krb5/store_mem.c b/source4/heimdal/lib/krb5/store_mem.c index e6e62b5a62..6d8306051a 100644 --- a/source4/heimdal/lib/krb5/store_mem.c +++ b/source4/heimdal/lib/krb5/store_mem.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_mem.c 20307 2007-04-11 11:16:28Z lha $"); +RCSID("$Id$"); typedef struct mem_storage{ unsigned char *base; diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c index 5eff64e12d..77ce8cb221 100644 --- a/source4/heimdal/lib/krb5/ticket.c +++ b/source4/heimdal/lib/krb5/ticket.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: ticket.c 23310 2008-06-23 03:30:49Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_free_ticket(krb5_context context, diff --git a/source4/heimdal/lib/krb5/time.c b/source4/heimdal/lib/krb5/time.c index 46f88a86cd..7a9b36372c 100644 --- a/source4/heimdal/lib/krb5/time.c +++ b/source4/heimdal/lib/krb5/time.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: time.c 23260 2008-06-21 15:22:37Z lha $"); +RCSID("$Id$"); /** * Set the absolute time that the caller knows the kdc has so the diff --git a/source4/heimdal/lib/krb5/transited.c b/source4/heimdal/lib/krb5/transited.c index 58b00a4b7a..c9db832348 100644 --- a/source4/heimdal/lib/krb5/transited.c +++ b/source4/heimdal/lib/krb5/transited.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c index 55570c44dd..baa4bd6892 100644 --- a/source4/heimdal/lib/krb5/v4_glue.c +++ b/source4/heimdal/lib/krb5/v4_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: v4_glue.c 23452 2008-07-27 12:10:54Z lha $"); +RCSID("$Id$"); #include "krb5-v4compat.h" @@ -348,12 +348,12 @@ storage_to_etext(krb5_context context, krb5_ssize_t size; krb5_data data; - /* multiple of eight bytes */ + /* multiple of eight bytes, don't round up */ size = krb5_storage_seek(sp, 0, SEEK_END); if (size < 0) return KRB4ET_RD_AP_UNDEC; - size = 8 - (size & 7); + size = ((size+7) & ~7) - size; ret = krb5_storage_write(sp, eightzeros, size); if (ret != size) diff --git a/source4/heimdal/lib/krb5/version.c b/source4/heimdal/lib/krb5/version.c index f7ccff5bc8..cbc4f8c3e1 100644 --- a/source4/heimdal/lib/krb5/version.c +++ b/source4/heimdal/lib/krb5/version.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: version.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); /* this is just to get a version stamp in the library file */ diff --git a/source4/heimdal/lib/krb5/warn.c b/source4/heimdal/lib/krb5/warn.c index 97a6cc9e0a..c7fe5640b5 100644 --- a/source4/heimdal/lib/krb5/warn.c +++ b/source4/heimdal/lib/krb5/warn.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include -RCSID("$Id: warn.c 23206 2008-05-29 02:13:41Z lha $"); +RCSID("$Id$"); static krb5_error_code _warnerr(krb5_context context, int do_errtext, krb5_error_code code, int level, const char *fmt, va_list ap) diff --git a/source4/heimdal/lib/ntlm/heimntlm.h b/source4/heimdal/lib/ntlm/heimntlm.h index 09d2205fd2..e26cf950ee 100644 --- a/source4/heimdal/lib/ntlm/heimntlm.h +++ b/source4/heimdal/lib/ntlm/heimntlm.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: heimntlm.h 22376 2007-12-28 18:38:23Z lha $ */ +/* $Id$ */ #ifndef HEIM_NTLM_H #define HEIM_NTLM_H diff --git a/source4/heimdal/lib/ntlm/ntlm.c b/source4/heimdal/lib/ntlm/ntlm.c index d3309824b5..244df54bb6 100644 --- a/source4/heimdal/lib/ntlm/ntlm.c +++ b/source4/heimdal/lib/ntlm/ntlm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include -RCSID("$Id: ntlm.c 23169 2008-05-22 02:52:07Z lha $"); +RCSID("$Id$"); #include #include @@ -46,6 +46,8 @@ RCSID("$Id: ntlm.c 23169 2008-05-22 02:52:07Z lha $"); #include #include +#define HC_DEPRECATED_CRYPTO + #include "krb5-types.h" #include "crypto-headers.h" @@ -1046,7 +1048,7 @@ heim_ntlm_ntlmv2_key(const void *key, size_t len, HMAC_Init_ex(&c, key, len, EVP_md5(), NULL); { struct ntlm_buf buf; - /* uppercase username and turn it inte ucs2-le */ + /* uppercase username and turn it into ucs2-le */ ascii2ucs2le(username, 1, &buf); HMAC_Update(&c, buf.data, buf.length); free(buf.data); diff --git a/source4/heimdal/lib/roken/base64.c b/source4/heimdal/lib/roken/base64.c index daf7fc5671..ce3bf015e7 100644 --- a/source4/heimdal/lib/roken/base64.c +++ b/source4/heimdal/lib/roken/base64.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: base64.c 15506 2005-06-23 10:47:57Z lha $"); +RCSID("$Id$"); #endif #include #include @@ -64,7 +64,7 @@ base64_encode(const void *data, int size, char **str) if (p == NULL) return -1; q = (const unsigned char *) data; - i = 0; + for (i = 0; i < size;) { c = q[i++]; c *= 256; diff --git a/source4/heimdal/lib/roken/base64.h b/source4/heimdal/lib/roken/base64.h index 09aadffe7c..33918d3548 100644 --- a/source4/heimdal/lib/roken/base64.h +++ b/source4/heimdal/lib/roken/base64.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: base64.h 15535 2005-06-30 07:13:33Z lha $ */ +/* $Id$ */ #ifndef _BASE64_H_ #define _BASE64_H_ diff --git a/source4/heimdal/lib/roken/bswap.c b/source4/heimdal/lib/roken/bswap.c index 1e7a7abc11..0f42fc3168 100644 --- a/source4/heimdal/lib/roken/bswap.c +++ b/source4/heimdal/lib/roken/bswap.c @@ -34,9 +34,9 @@ #ifdef HAVE_CONFIG_H #include #endif -#include +#include "roken.h" -RCSID("$Id: bswap.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #ifndef HAVE_BSWAP32 diff --git a/source4/heimdal/lib/roken/cloexec.c b/source4/heimdal/lib/roken/cloexec.c index 6308daa1db..136868624c 100644 --- a/source4/heimdal/lib/roken/cloexec.c +++ b/source4/heimdal/lib/roken/cloexec.c @@ -39,7 +39,7 @@ RCSID("$Id$"); #include #include -#include +#include "roken.h" void ROKEN_LIB_FUNCTION rk_cloexec(int fd) diff --git a/source4/heimdal/lib/roken/closefrom.c b/source4/heimdal/lib/roken/closefrom.c index 697566561c..8bf99f8603 100644 --- a/source4/heimdal/lib/roken/closefrom.c +++ b/source4/heimdal/lib/roken/closefrom.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: closefrom.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #ifdef HAVE_SYS_TYPES_H @@ -43,7 +43,7 @@ RCSID("$Id: closefrom.c 21005 2007-06-08 01:54:35Z lha $"); #include #endif -#include +#include "roken.h" int ROKEN_LIB_FUNCTION closefrom(int fd) diff --git a/source4/heimdal/lib/roken/copyhostent.c b/source4/heimdal/lib/roken/copyhostent.c index 73e20ed039..4999bbab82 100644 --- a/source4/heimdal/lib/roken/copyhostent.c +++ b/source4/heimdal/lib/roken/copyhostent.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: copyhostent.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" /* * return a malloced copy of `h' diff --git a/source4/heimdal/lib/roken/dumpdata.c b/source4/heimdal/lib/roken/dumpdata.c index 81fd127296..4dbb02abe7 100644 --- a/source4/heimdal/lib/roken/dumpdata.c +++ b/source4/heimdal/lib/roken/dumpdata.c @@ -33,12 +33,12 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: dumpdata.c 23412 2008-07-26 18:34:23Z lha $"); +RCSID("$Id$"); #endif #include -#include +#include "roken.h" /* * Write datablob to a filename, don't care about errors. diff --git a/source4/heimdal/lib/roken/ecalloc.c b/source4/heimdal/lib/roken/ecalloc.c index c9e6b9c6af..767d383878 100644 --- a/source4/heimdal/lib/roken/ecalloc.c +++ b/source4/heimdal/lib/roken/ecalloc.c @@ -33,13 +33,13 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: ecalloc.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include -#include +#include "roken.h" /* * Like calloc but never fails. diff --git a/source4/heimdal/lib/roken/emalloc.c b/source4/heimdal/lib/roken/emalloc.c index 0807da6105..2384f4c1c9 100644 --- a/source4/heimdal/lib/roken/emalloc.c +++ b/source4/heimdal/lib/roken/emalloc.c @@ -33,13 +33,13 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: emalloc.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include -#include +#include "roken.h" /* * Like malloc but never fails. diff --git a/source4/heimdal/lib/roken/erealloc.c b/source4/heimdal/lib/roken/erealloc.c index cbcfb1b469..596f4c6bef 100644 --- a/source4/heimdal/lib/roken/erealloc.c +++ b/source4/heimdal/lib/roken/erealloc.c @@ -33,13 +33,13 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: erealloc.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include -#include +#include "roken.h" /* * Like realloc but never fails. diff --git a/source4/heimdal/lib/roken/err.hin b/source4/heimdal/lib/roken/err.hin index 2f1232d3e7..7abf4a9e16 100644 --- a/source4/heimdal/lib/roken/err.hin +++ b/source4/heimdal/lib/roken/err.hin @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: err.hin 14773 2005-04-12 11:29:18Z lha $ */ +/* $Id$ */ #ifndef __ERR_H__ #define __ERR_H__ diff --git a/source4/heimdal/lib/roken/estrdup.c b/source4/heimdal/lib/roken/estrdup.c index a53c1f7b9d..541bb7a335 100644 --- a/source4/heimdal/lib/roken/estrdup.c +++ b/source4/heimdal/lib/roken/estrdup.c @@ -33,13 +33,13 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: estrdup.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include -#include +#include "roken.h" /* * Like strdup but never fails. diff --git a/source4/heimdal/lib/roken/freeaddrinfo.c b/source4/heimdal/lib/roken/freeaddrinfo.c index 71b5abb38f..a350edcca2 100644 --- a/source4/heimdal/lib/roken/freeaddrinfo.c +++ b/source4/heimdal/lib/roken/freeaddrinfo.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: freeaddrinfo.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" /* * free the list of `struct addrinfo' starting at `ai' diff --git a/source4/heimdal/lib/roken/freehostent.c b/source4/heimdal/lib/roken/freehostent.c index e773f07a22..ca43cf10f1 100644 --- a/source4/heimdal/lib/roken/freehostent.c +++ b/source4/heimdal/lib/roken/freehostent.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: freehostent.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" /* * free a malloced hostent diff --git a/source4/heimdal/lib/roken/gai_strerror.c b/source4/heimdal/lib/roken/gai_strerror.c index 1e563ae288..061ed0898a 100644 --- a/source4/heimdal/lib/roken/gai_strerror.c +++ b/source4/heimdal/lib/roken/gai_strerror.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: gai_strerror.c 15837 2005-08-05 09:31:35Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" static struct gai_error { int code; diff --git a/source4/heimdal/lib/roken/get_window_size.c b/source4/heimdal/lib/roken/get_window_size.c index fd4e81fd74..f75b42e2fc 100644 --- a/source4/heimdal/lib/roken/get_window_size.c +++ b/source4/heimdal/lib/roken/get_window_size.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: get_window_size.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include @@ -58,7 +58,7 @@ RCSID("$Id: get_window_size.c 21005 2007-06-08 01:54:35Z lha $"); #include #endif -#include +#include "roken.h" int ROKEN_LIB_FUNCTION get_window_size(int fd, struct winsize *wp) diff --git a/source4/heimdal/lib/roken/getaddrinfo.c b/source4/heimdal/lib/roken/getaddrinfo.c index 2c232e3a59..773fddc80a 100644 --- a/source4/heimdal/lib/roken/getaddrinfo.c +++ b/source4/heimdal/lib/roken/getaddrinfo.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getaddrinfo.c 15417 2005-06-16 17:49:29Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" /* * uses hints->ai_socktype and hints->ai_protocol diff --git a/source4/heimdal/lib/roken/getarg.c b/source4/heimdal/lib/roken/getarg.c index 840febbf21..db28012767 100644 --- a/source4/heimdal/lib/roken/getarg.c +++ b/source4/heimdal/lib/roken/getarg.c @@ -33,13 +33,13 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getarg.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include #include -#include +#include "roken.h" #include "getarg.h" #define ISFLAG(X) ((X).type == arg_flag || (X).type == arg_negative_flag) @@ -277,7 +277,7 @@ arg_printusage (struct getargs *args, max_len = max(max_len, len); } if (extra_string) { - col = check_column(stderr, col, strlen(extra_string) + 1, columns); + check_column(stderr, col, strlen(extra_string) + 1, columns); fprintf (stderr, " %s\n", extra_string); } else fprintf (stderr, "\n"); diff --git a/source4/heimdal/lib/roken/getarg.h b/source4/heimdal/lib/roken/getarg.h index 62d1b6687c..e559524600 100644 --- a/source4/heimdal/lib/roken/getarg.h +++ b/source4/heimdal/lib/roken/getarg.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: getarg.h 14776 2005-04-13 05:52:27Z lha $ */ +/* $Id$ */ #ifndef __GETARG_H__ #define __GETARG_H__ diff --git a/source4/heimdal/lib/roken/getipnodebyaddr.c b/source4/heimdal/lib/roken/getipnodebyaddr.c index 7e370d5f58..69195d3053 100644 --- a/source4/heimdal/lib/roken/getipnodebyaddr.c +++ b/source4/heimdal/lib/roken/getipnodebyaddr.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getipnodebyaddr.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" /* * lookup `src, len' (address family `af') in DNS and return a pointer diff --git a/source4/heimdal/lib/roken/getipnodebyname.c b/source4/heimdal/lib/roken/getipnodebyname.c index 04f12509ab..e8f6a1fdbd 100644 --- a/source4/heimdal/lib/roken/getipnodebyname.c +++ b/source4/heimdal/lib/roken/getipnodebyname.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getipnodebyname.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" #ifndef HAVE_H_ERRNO static int h_errno = NO_RECOVERY; diff --git a/source4/heimdal/lib/roken/getnameinfo.c b/source4/heimdal/lib/roken/getnameinfo.c index 04c5e1cdc9..b0545be509 100644 --- a/source4/heimdal/lib/roken/getnameinfo.c +++ b/source4/heimdal/lib/roken/getnameinfo.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getnameinfo.c 15412 2005-06-16 16:53:09Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" static int doit (int af, diff --git a/source4/heimdal/lib/roken/getprogname.c b/source4/heimdal/lib/roken/getprogname.c index 19f161831c..1f365fc845 100644 --- a/source4/heimdal/lib/roken/getprogname.c +++ b/source4/heimdal/lib/roken/getprogname.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: getprogname.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" #ifndef HAVE___PROGNAME const char *__progname; diff --git a/source4/heimdal/lib/roken/h_errno.c b/source4/heimdal/lib/roken/h_errno.c index 11dcb08ac2..96fda0fc6a 100644 --- a/source4/heimdal/lib/roken/h_errno.c +++ b/source4/heimdal/lib/roken/h_errno.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: h_errno.c 10442 2001-08-08 03:47:23Z assar $"); +RCSID("$Id$"); #endif #ifndef HAVE_H_ERRNO diff --git a/source4/heimdal/lib/roken/hex.c b/source4/heimdal/lib/roken/hex.c index 994d89484e..2daf247e90 100644 --- a/source4/heimdal/lib/roken/hex.c +++ b/source4/heimdal/lib/roken/hex.c @@ -33,9 +33,9 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: hex.c 16504 2006-01-09 17:09:29Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" #include #include "hex.h" diff --git a/source4/heimdal/lib/roken/hex.h b/source4/heimdal/lib/roken/hex.h index 4c4b8508ed..037bf650d6 100644 --- a/source4/heimdal/lib/roken/hex.h +++ b/source4/heimdal/lib/roken/hex.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hex.h 14773 2005-04-12 11:29:18Z lha $ */ +/* $Id$ */ #ifndef _rk_HEX_H_ #define _rk_HEX_H_ 1 diff --git a/source4/heimdal/lib/roken/hostent_find_fqdn.c b/source4/heimdal/lib/roken/hostent_find_fqdn.c index 4e583a1d20..60d9428ccd 100644 --- a/source4/heimdal/lib/roken/hostent_find_fqdn.c +++ b/source4/heimdal/lib/roken/hostent_find_fqdn.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: hostent_find_fqdn.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" /* * Try to find a fqdn (with `.') in he if possible, else return h_name diff --git a/source4/heimdal/lib/roken/inet_aton.c b/source4/heimdal/lib/roken/inet_aton.c index 176aed1f2b..79af5e57be 100644 --- a/source4/heimdal/lib/roken/inet_aton.c +++ b/source4/heimdal/lib/roken/inet_aton.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: inet_aton.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" /* Minimal implementation of inet_aton. * Cannot distinguish between failure and a local broadcast address. */ diff --git a/source4/heimdal/lib/roken/inet_ntop.c b/source4/heimdal/lib/roken/inet_ntop.c index 430c0044c3..f2d81d93a5 100644 --- a/source4/heimdal/lib/roken/inet_ntop.c +++ b/source4/heimdal/lib/roken/inet_ntop.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: inet_ntop.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" /* * diff --git a/source4/heimdal/lib/roken/inet_pton.c b/source4/heimdal/lib/roken/inet_pton.c index e0e5ca74b2..e55630aea0 100644 --- a/source4/heimdal/lib/roken/inet_pton.c +++ b/source4/heimdal/lib/roken/inet_pton.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: inet_pton.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" int ROKEN_LIB_FUNCTION inet_pton(int af, const char *src, void *dst) diff --git a/source4/heimdal/lib/roken/issuid.c b/source4/heimdal/lib/roken/issuid.c index ea09d3a9ad..bcd478c8e8 100644 --- a/source4/heimdal/lib/roken/issuid.c +++ b/source4/heimdal/lib/roken/issuid.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: issuid.c 15131 2005-05-13 07:42:03Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" int ROKEN_LIB_FUNCTION issuid(void) diff --git a/source4/heimdal/lib/roken/net_read.c b/source4/heimdal/lib/roken/net_read.c index ef01f018d8..f1c96d116a 100644 --- a/source4/heimdal/lib/roken/net_read.c +++ b/source4/heimdal/lib/roken/net_read.c @@ -33,14 +33,14 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: net_read.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include #include -#include +#include "roken.h" /* * Like read but never return partial data. diff --git a/source4/heimdal/lib/roken/net_write.c b/source4/heimdal/lib/roken/net_write.c index e379caa750..e557332a72 100644 --- a/source4/heimdal/lib/roken/net_write.c +++ b/source4/heimdal/lib/roken/net_write.c @@ -33,14 +33,14 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: net_write.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include #include -#include +#include "roken.h" /* * Like write but never return partial data. diff --git a/source4/heimdal/lib/roken/parse_bytes.h b/source4/heimdal/lib/roken/parse_bytes.h index 1998f70736..391925467d 100644 --- a/source4/heimdal/lib/roken/parse_bytes.h +++ b/source4/heimdal/lib/roken/parse_bytes.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse_bytes.h 14787 2005-04-13 13:19:07Z lha $ */ +/* $Id$ */ #ifndef __PARSE_BYTES_H__ #define __PARSE_BYTES_H__ diff --git a/source4/heimdal/lib/roken/parse_time.c b/source4/heimdal/lib/roken/parse_time.c index 1c39bde4e8..4ae448135a 100644 --- a/source4/heimdal/lib/roken/parse_time.c +++ b/source4/heimdal/lib/roken/parse_time.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: parse_time.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif #include diff --git a/source4/heimdal/lib/roken/parse_time.h b/source4/heimdal/lib/roken/parse_time.h index 4dc2da08bc..dce50772f5 100644 --- a/source4/heimdal/lib/roken/parse_time.h +++ b/source4/heimdal/lib/roken/parse_time.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse_time.h 14773 2005-04-12 11:29:18Z lha $ */ +/* $Id$ */ #ifndef __PARSE_TIME_H__ #define __PARSE_TIME_H__ diff --git a/source4/heimdal/lib/roken/parse_units.c b/source4/heimdal/lib/roken/parse_units.c index 8cc6850c1f..28d357ee46 100644 --- a/source4/heimdal/lib/roken/parse_units.c +++ b/source4/heimdal/lib/roken/parse_units.c @@ -33,13 +33,13 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: parse_units.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include #include -#include +#include "roken.h" #include "parse_units.h" /* @@ -270,7 +270,7 @@ void ROKEN_LIB_FUNCTION print_units_table (const struct units *units, FILE *f) { const struct units *u, *u2; - unsigned max_sz = 0; + int max_sz = 0; for (u = units; u->name; ++u) { max_sz = max(max_sz, strlen(u->name)); diff --git a/source4/heimdal/lib/roken/parse_units.h b/source4/heimdal/lib/roken/parse_units.h index a42154d486..2f903072cc 100644 --- a/source4/heimdal/lib/roken/parse_units.h +++ b/source4/heimdal/lib/roken/parse_units.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse_units.h 14773 2005-04-12 11:29:18Z lha $ */ +/* $Id$ */ #ifndef __PARSE_UNITS_H__ #define __PARSE_UNITS_H__ diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c index bf064e8aae..4a121216da 100644 --- a/source4/heimdal/lib/roken/resolve.c +++ b/source4/heimdal/lib/roken/resolve.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include #endif -#include +#include "roken.h" #ifdef HAVE_ARPA_NAMESER_H #include #endif @@ -45,7 +45,7 @@ #include -RCSID("$Id: resolve.c 22873 2008-04-07 18:50:39Z lha $"); +RCSID("$Id$"); #ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */ #undef HAVE_RES_NSEARCH diff --git a/source4/heimdal/lib/roken/resolve.h b/source4/heimdal/lib/roken/resolve.h index fe83115b1e..bf8829b361 100644 --- a/source4/heimdal/lib/roken/resolve.h +++ b/source4/heimdal/lib/roken/resolve.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: resolve.h 14773 2005-04-12 11:29:18Z lha $ */ +/* $Id$ */ #ifndef __RESOLVE_H__ #define __RESOLVE_H__ diff --git a/source4/heimdal/lib/roken/roken-common.h b/source4/heimdal/lib/roken/roken-common.h index f943202c45..18c510f7f4 100644 --- a/source4/heimdal/lib/roken/roken-common.h +++ b/source4/heimdal/lib/roken/roken-common.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: roken-common.h 23468 2008-07-27 12:16:56Z lha $ */ +/* $Id$ */ #ifndef __ROKEN_COMMON_H__ #define __ROKEN_COMMON_H__ diff --git a/source4/heimdal/lib/roken/roken.h.in b/source4/heimdal/lib/roken/roken.h.in index cf2ee9ed7b..04392fe2f0 100644 --- a/source4/heimdal/lib/roken/roken.h.in +++ b/source4/heimdal/lib/roken/roken.h.in @@ -32,7 +32,7 @@ * SUCH DAMAGE. */ -/* $Id: roken.h.in 18612 2006-10-19 16:35:16Z lha $ */ +/* $Id$ */ #include #include diff --git a/source4/heimdal/lib/roken/roken_gethostby.c b/source4/heimdal/lib/roken/roken_gethostby.c index 0b25fbdb3d..562834b6ef 100644 --- a/source4/heimdal/lib/roken/roken_gethostby.c +++ b/source4/heimdal/lib/roken/roken_gethostby.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: roken_gethostby.c 21157 2007-06-18 22:03:13Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" #undef roken_gethostbyname #undef roken_gethostbyaddr diff --git a/source4/heimdal/lib/roken/rtbl.c b/source4/heimdal/lib/roken/rtbl.c index 50ab50903f..cac886870f 100644 --- a/source4/heimdal/lib/roken/rtbl.c +++ b/source4/heimdal/lib/roken/rtbl.c @@ -33,9 +33,9 @@ #ifdef HAVE_CONFIG_H #include -RCSID ("$Id: rtbl.c 17758 2006-06-30 13:41:40Z lha $"); +RCSID ("$Id$"); #endif -#include +#include "roken.h" #include "rtbl.h" struct column_entry { diff --git a/source4/heimdal/lib/roken/rtbl.h b/source4/heimdal/lib/roken/rtbl.h index 9b168c7e73..ddc1c9b475 100644 --- a/source4/heimdal/lib/roken/rtbl.h +++ b/source4/heimdal/lib/roken/rtbl.h @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: rtbl.h 17760 2006-06-30 13:42:39Z lha $ */ +/* $Id$ */ #ifndef __rtbl_h__ #define __rtbl_h__ diff --git a/source4/heimdal/lib/roken/setprogname.c b/source4/heimdal/lib/roken/setprogname.c index 3213c1c7a5..4544ea664b 100644 --- a/source4/heimdal/lib/roken/setprogname.c +++ b/source4/heimdal/lib/roken/setprogname.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: setprogname.c 15955 2005-08-23 10:19:20Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" #ifndef HAVE___PROGNAME extern const char *__progname; diff --git a/source4/heimdal/lib/roken/signal.c b/source4/heimdal/lib/roken/signal.c index d5ea6fb86a..f38de50f65 100644 --- a/source4/heimdal/lib/roken/signal.c +++ b/source4/heimdal/lib/roken/signal.c @@ -33,11 +33,11 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: signal.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif #include -#include +#include "roken.h" /* * We would like to always use this signal but there is a link error diff --git a/source4/heimdal/lib/roken/simple_exec.c b/source4/heimdal/lib/roken/simple_exec.c index c4359f421e..e45ba6b6b9 100644 --- a/source4/heimdal/lib/roken/simple_exec.c +++ b/source4/heimdal/lib/roken/simple_exec.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: simple_exec.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include @@ -49,7 +49,7 @@ RCSID("$Id: simple_exec.c 21005 2007-06-08 01:54:35Z lha $"); #endif #include -#include +#include "roken.h" #define EX_NOEXEC 126 #define EX_NOTFOUND 127 diff --git a/source4/heimdal/lib/roken/socket.c b/source4/heimdal/lib/roken/socket.c index 91316dfbd8..61e3fe1f68 100644 --- a/source4/heimdal/lib/roken/socket.c +++ b/source4/heimdal/lib/roken/socket.c @@ -33,10 +33,10 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: socket.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" #include /* diff --git a/source4/heimdal/lib/roken/strcollect.c b/source4/heimdal/lib/roken/strcollect.c index c431e18f3d..e17befd000 100644 --- a/source4/heimdal/lib/roken/strcollect.c +++ b/source4/heimdal/lib/roken/strcollect.c @@ -33,14 +33,14 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strcollect.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include #include #include -#include +#include "roken.h" enum { initial = 10, increment = 5 }; diff --git a/source4/heimdal/lib/roken/strlwr.c b/source4/heimdal/lib/roken/strlwr.c index 356c8d2e9a..1214241152 100644 --- a/source4/heimdal/lib/roken/strlwr.c +++ b/source4/heimdal/lib/roken/strlwr.c @@ -33,12 +33,12 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strlwr.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include -#include +#include "roken.h" #ifndef HAVE_STRLWR char * ROKEN_LIB_FUNCTION diff --git a/source4/heimdal/lib/roken/strpool.c b/source4/heimdal/lib/roken/strpool.c index d47580ff8d..9b86970893 100644 --- a/source4/heimdal/lib/roken/strpool.c +++ b/source4/heimdal/lib/roken/strpool.c @@ -33,12 +33,12 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strpool.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include -#include +#include "roken.h" struct rk_strpool { char *str; diff --git a/source4/heimdal/lib/roken/strsep.c b/source4/heimdal/lib/roken/strsep.c index b1ad87de27..93acf0c801 100644 --- a/source4/heimdal/lib/roken/strsep.c +++ b/source4/heimdal/lib/roken/strsep.c @@ -33,12 +33,12 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strsep.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif #include -#include +#include "roken.h" #ifndef HAVE_STRSEP diff --git a/source4/heimdal/lib/roken/strsep_copy.c b/source4/heimdal/lib/roken/strsep_copy.c index aeade2957f..34117d2c0d 100644 --- a/source4/heimdal/lib/roken/strsep_copy.c +++ b/source4/heimdal/lib/roken/strsep_copy.c @@ -33,12 +33,12 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strsep_copy.c 14773 2005-04-12 11:29:18Z lha $"); +RCSID("$Id$"); #endif #include -#include +#include "roken.h" #ifndef HAVE_STRSEP_COPY diff --git a/source4/heimdal/lib/roken/strupr.c b/source4/heimdal/lib/roken/strupr.c index fadfacbb37..b40b768be2 100644 --- a/source4/heimdal/lib/roken/strupr.c +++ b/source4/heimdal/lib/roken/strupr.c @@ -33,12 +33,12 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: strupr.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif #include #include -#include +#include "roken.h" #ifndef HAVE_STRUPR char * ROKEN_LIB_FUNCTION diff --git a/source4/heimdal/lib/roken/vis.c b/source4/heimdal/lib/roken/vis.c index 5dedb793cc..43705e4d50 100644 --- a/source4/heimdal/lib/roken/vis.c +++ b/source4/heimdal/lib/roken/vis.c @@ -1,4 +1,4 @@ -/* $NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $ */ +/* $NetBSD: vis.c,v 1.37 2008/07/25 22:29:23 dsl Exp $ */ /*- * Copyright (c) 1989, 1993 @@ -30,7 +30,8 @@ */ /*- - * Copyright (c) 1999 The NetBSD Foundation, Inc. + * Copyright (c) 1999, 2005 The NetBSD Foundation, Inc. + * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -40,47 +41,38 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ - #if 1 #ifdef HAVE_CONFIG_H #include -RCSID("$Id: vis.c 21005 2007-06-08 01:54:35Z lha $"); +RCSID("$Id$"); #endif -#include +#include "roken.h" #ifndef _DIAGASSERT #define _DIAGASSERT(X) #endif -#else +#else /* heimdal */ #include -#if !defined(lint) -__RCSID("$NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $"); -#endif /* not lint */ -#endif +#if defined(LIBC_SCCS) && !defined(lint) +__RCSID("$NetBSD: vis.c,v 1.37 2008/07/25 22:29:23 dsl Exp $"); +#endif /* LIBC_SCCS and not lint */ -#if 0 #include "namespace.h" -#endif +#endif /* heimdal */ + #include #include @@ -89,6 +81,7 @@ __RCSID("$NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $"); #include #include #include +#include #if 0 #ifdef __weak_alias @@ -101,6 +94,14 @@ __weak_alias(vis,_vis) #endif #endif +#if !HAVE_VIS || !HAVE_SVIS +#include +#include +#include +#include + +static char *do_svis(char *, int, int, int, const char *); + #undef BELL #if defined(__STDC__) #define BELL '\a' @@ -108,10 +109,10 @@ __weak_alias(vis,_vis) #define BELL '\007' #endif -char ROKEN_LIB_FUNCTION - *rk_vis (char *, int, int, int); -char ROKEN_LIB_FUNCTION - *rk_svis (char *, int, int, int, const char *); +char * ROKEN_LIB_FUNCTION + rk_vis (char *, int, int, int); +char * ROKEN_LIB_FUNCTION + rk_svis (char *, int, int, int, const char *); int ROKEN_LIB_FUNCTION rk_strvis (char *, const char *, int); int ROKEN_LIB_FUNCTION @@ -125,22 +126,47 @@ int ROKEN_LIB_FUNCTION #define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7') #define iswhite(c) (c == ' ' || c == '\t' || c == '\n') #define issafe(c) (c == '\b' || c == BELL || c == '\r') +#define xtoa(c) "0123456789abcdef"[c] -#define MAXEXTRAS 5 - +#define MAXEXTRAS 5 -#define MAKEEXTRALIST(flag, extra) \ +#define MAKEEXTRALIST(flag, extra, orig_str) \ do { \ - char *pextra = extra; \ - if (flag & VIS_SP) *pextra++ = ' '; \ - if (flag & VIS_TAB) *pextra++ = '\t'; \ - if (flag & VIS_NL) *pextra++ = '\n'; \ - if ((flag & VIS_NOSLASH) == 0) *pextra++ = '\\'; \ - *pextra = '\0'; \ + const char *orig = orig_str; \ + const char *o = orig; \ + char *e; \ + while (*o++) \ + continue; \ + extra = malloc((size_t)((o - orig) + MAXEXTRAS)); \ + if (!extra) break; \ + for (o = orig, e = extra; (*e++ = *o++) != '\0';) \ + continue; \ + e--; \ + if (flag & VIS_SP) *e++ = ' '; \ + if (flag & VIS_TAB) *e++ = '\t'; \ + if (flag & VIS_NL) *e++ = '\n'; \ + if ((flag & VIS_NOSLASH) == 0) *e++ = '\\'; \ + *e = '\0'; \ } while (/*CONSTCOND*/0) /* - * This is SVIS, the central macro of vis. + * This is do_hvis, for HTTP style (RFC 1808) + */ +static char * +do_hvis(char *dst, int c, int flag, int nextc, const char *extra) +{ + if (!isascii(c) || !isalnum(c) || strchr("$-_.+!*'(),", c) != NULL) { + *dst++ = '%'; + *dst++ = xtoa(((unsigned int)c >> 4) & 0xf); + *dst++ = xtoa((unsigned int)c & 0xf); + } else { + dst = do_svis(dst, c, flag, nextc, extra); + } + return dst; +} + +/* + * This is do_vis, the central code of vis. * dst: Pointer to the destination buffer * c: Character to encode * flag: Flag word @@ -148,90 +174,103 @@ do { \ * extra: Pointer to the list of extra characters to be * backslash-protected. */ -#define SVIS(dst, c, flag, nextc, extra) \ -do { \ - int isextra, isc; \ - isextra = strchr(extra, c) != NULL; \ - if (!isextra && \ - isascii((unsigned char)c) && \ - (isgraph((unsigned char)c) || iswhite(c) || \ - ((flag & VIS_SAFE) && issafe(c)))) { \ - *dst++ = c; \ - break; \ - } \ - isc = 0; \ - if (flag & VIS_CSTYLE) { \ - switch (c) { \ - case '\n': \ - isc = 1; *dst++ = '\\'; *dst++ = 'n'; \ - break; \ - case '\r': \ - isc = 1; *dst++ = '\\'; *dst++ = 'r'; \ - break; \ - case '\b': \ - isc = 1; *dst++ = '\\'; *dst++ = 'b'; \ - break; \ - case BELL: \ - isc = 1; *dst++ = '\\'; *dst++ = 'a'; \ - break; \ - case '\v': \ - isc = 1; *dst++ = '\\'; *dst++ = 'v'; \ - break; \ - case '\t': \ - isc = 1; *dst++ = '\\'; *dst++ = 't'; \ - break; \ - case '\f': \ - isc = 1; *dst++ = '\\'; *dst++ = 'f'; \ - break; \ - case ' ': \ - isc = 1; *dst++ = '\\'; *dst++ = 's'; \ - break; \ - case '\0': \ - isc = 1; *dst++ = '\\'; *dst++ = '0'; \ - if (isoctal(nextc)) { \ - *dst++ = '0'; \ - *dst++ = '0'; \ - } \ - } \ - } \ - if (isc) break; \ - if (isextra || ((c & 0177) == ' ') || (flag & VIS_OCTAL)) { \ - *dst++ = '\\'; \ - *dst++ = (u_char)(((unsigned)(u_char)c >> 6) & 03) + '0'; \ - *dst++ = (u_char)(((unsigned)(u_char)c >> 3) & 07) + '0'; \ - *dst++ = (c & 07) + '0'; \ - } else { \ - if ((flag & VIS_NOSLASH) == 0) *dst++ = '\\'; \ - if (c & 0200) { \ - c &= 0177; *dst++ = 'M'; \ - } \ - if (iscntrl((unsigned char)c)) { \ - *dst++ = '^'; \ - if (c == 0177) \ - *dst++ = '?'; \ - else \ - *dst++ = c + '@'; \ - } else { \ - *dst++ = '-'; *dst++ = c; \ - } \ - } \ -} while (/*CONSTCOND*/0) +static char * +do_svis(char *dst, int c, int flag, int nextc, const char *extra) +{ + int isextra; + isextra = strchr(extra, c) != NULL; + if (!isextra && isascii(c) && (isgraph(c) || iswhite(c) || + ((flag & VIS_SAFE) && issafe(c)))) { + *dst++ = c; + return dst; + } + if (flag & VIS_CSTYLE) { + switch (c) { + case '\n': + *dst++ = '\\'; *dst++ = 'n'; + return dst; + case '\r': + *dst++ = '\\'; *dst++ = 'r'; + return dst; + case '\b': + *dst++ = '\\'; *dst++ = 'b'; + return dst; + case BELL: + *dst++ = '\\'; *dst++ = 'a'; + return dst; + case '\v': + *dst++ = '\\'; *dst++ = 'v'; + return dst; + case '\t': + *dst++ = '\\'; *dst++ = 't'; + return dst; + case '\f': + *dst++ = '\\'; *dst++ = 'f'; + return dst; + case ' ': + *dst++ = '\\'; *dst++ = 's'; + return dst; + case '\0': + *dst++ = '\\'; *dst++ = '0'; + if (isoctal(nextc)) { + *dst++ = '0'; + *dst++ = '0'; + } + return dst; + default: + if (isgraph(c)) { + *dst++ = '\\'; *dst++ = c; + return dst; + } + } + } + if (isextra || ((c & 0177) == ' ') || (flag & VIS_OCTAL)) { + *dst++ = '\\'; + *dst++ = (u_char)(((u_int32_t)(u_char)c >> 6) & 03) + '0'; + *dst++ = (u_char)(((u_int32_t)(u_char)c >> 3) & 07) + '0'; + *dst++ = (c & 07) + '0'; + } else { + if ((flag & VIS_NOSLASH) == 0) *dst++ = '\\'; + if (c & 0200) { + c &= 0177; *dst++ = 'M'; + } + if (iscntrl(c)) { + *dst++ = '^'; + if (c == 0177) + *dst++ = '?'; + else + *dst++ = c + '@'; + } else { + *dst++ = '-'; *dst++ = c; + } + } + return dst; +} /* * svis - visually encode characters, also encoding the characters - * pointed to by `extra' + * pointed to by `extra' */ - char * ROKEN_LIB_FUNCTION rk_svis(char *dst, int c, int flag, int nextc, const char *extra) { + char *nextra = NULL; + _DIAGASSERT(dst != NULL); _DIAGASSERT(extra != NULL); - - SVIS(dst, c, flag, nextc, extra); + MAKEEXTRALIST(flag, nextra, extra); + if (!nextra) { + *dst = '\0'; /* can't create nextra, return "" */ + return dst; + } + if (flag & VIS_HTTPSTYLE) + dst = do_hvis(dst, c, flag, nextc, nextra); + else + dst = do_svis(dst, c, flag, nextc, nextra); + free(nextra); *dst = '\0'; - return(dst); + return dst; } @@ -242,94 +281,144 @@ rk_svis(char *dst, int c, int flag, int nextc, const char *extra) * be encoded, too. These functions are useful e. g. to * encode strings in such a way so that they are not interpreted * by a shell. - * + * * Dst must be 4 times the size of src to account for possible * expansion. The length of dst, not including the trailing NULL, - * is returned. + * is returned. * * Strsvisx encodes exactly len bytes from src into dst. * This is useful for encoding a block of data. */ - int ROKEN_LIB_FUNCTION -rk_strsvis(char *dst, const char *src, int flag, const char *extra) +rk_strsvis(char *dst, const char *csrc, int flag, const char *extra) { - char c; + int c; char *start; + char *nextra = NULL; + const unsigned char *src = (const unsigned char *)csrc; _DIAGASSERT(dst != NULL); _DIAGASSERT(src != NULL); _DIAGASSERT(extra != NULL); - - for (start = dst; (c = *src++) != '\0'; /* empty */) - SVIS(dst, c, flag, *src, extra); + MAKEEXTRALIST(flag, nextra, extra); + if (!nextra) { + *dst = '\0'; /* can't create nextra, return "" */ + return 0; + } + if (flag & VIS_HTTPSTYLE) { + for (start = dst; (c = *src++) != '\0'; /* empty */) + dst = do_hvis(dst, c, flag, *src, nextra); + } else { + for (start = dst; (c = *src++) != '\0'; /* empty */) + dst = do_svis(dst, c, flag, *src, nextra); + } + free(nextra); *dst = '\0'; return (dst - start); } int ROKEN_LIB_FUNCTION -rk_strsvisx(char *dst, const char *src, size_t len, int flag, const char *extra) +rk_strsvisx(char *dst, const char *csrc, size_t len, int flag, const char *extra) { - char c; + unsigned char c; char *start; + char *nextra = NULL; + const unsigned char *src = (const unsigned char *)csrc; _DIAGASSERT(dst != NULL); _DIAGASSERT(src != NULL); _DIAGASSERT(extra != NULL); + MAKEEXTRALIST(flag, nextra, extra); + if (! nextra) { + *dst = '\0'; /* can't create nextra, return "" */ + return 0; + } - for (start = dst; len > 0; len--) { - c = *src++; - SVIS(dst, c, flag, len ? *src : '\0', extra); + if (flag & VIS_HTTPSTYLE) { + for (start = dst; len > 0; len--) { + c = *src++; + dst = do_hvis(dst, c, flag, len ? *src : '\0', nextra); + } + } else { + for (start = dst; len > 0; len--) { + c = *src++; + dst = do_svis(dst, c, flag, len ? *src : '\0', nextra); + } } + free(nextra); *dst = '\0'; return (dst - start); } +#endif - +#if !HAVE_VIS /* * vis - visually encode characters */ char * ROKEN_LIB_FUNCTION rk_vis(char *dst, int c, int flag, int nextc) { - char extra[MAXEXTRAS]; + char *extra = NULL; + unsigned char uc = (unsigned char)c; _DIAGASSERT(dst != NULL); - MAKEEXTRALIST(flag, extra); - SVIS(dst, c, flag, nextc, extra); + MAKEEXTRALIST(flag, extra, ""); + if (! extra) { + *dst = '\0'; /* can't create extra, return "" */ + return dst; + } + if (flag & VIS_HTTPSTYLE) + dst = do_hvis(dst, uc, flag, nextc, extra); + else + dst = do_svis(dst, uc, flag, nextc, extra); + free(extra); *dst = '\0'; - return (dst); + return dst; } /* * strvis, strvisx - visually encode characters from src into dst - * + * * Dst must be 4 times the size of src to account for possible * expansion. The length of dst, not including the trailing NULL, - * is returned. + * is returned. * * Strvisx encodes exactly len bytes from src into dst. * This is useful for encoding a block of data. */ - int ROKEN_LIB_FUNCTION rk_strvis(char *dst, const char *src, int flag) { - char extra[MAXEXTRAS]; + char *extra = NULL; + int rv; - MAKEEXTRALIST(flag, extra); - return (rk_strsvis(dst, src, flag, extra)); + MAKEEXTRALIST(flag, extra, ""); + if (!extra) { + *dst = '\0'; /* can't create extra, return "" */ + return 0; + } + rv = strsvis(dst, src, flag, extra); + free(extra); + return rv; } int ROKEN_LIB_FUNCTION rk_strvisx(char *dst, const char *src, size_t len, int flag) { - char extra[MAXEXTRAS]; + char *extra = NULL; + int rv; - MAKEEXTRALIST(flag, extra); - return (rk_strsvisx(dst, src, len, flag, extra)); + MAKEEXTRALIST(flag, extra, ""); + if (!extra) { + *dst = '\0'; /* can't create extra, return "" */ + return 0; + } + rv = strsvisx(dst, src, len, flag, extra); + free(extra); + return rv; } +#endif diff --git a/source4/heimdal/lib/roken/vis.hin b/source4/heimdal/lib/roken/vis.hin index 224870b00a..64274526e4 100644 --- a/source4/heimdal/lib/roken/vis.hin +++ b/source4/heimdal/lib/roken/vis.hin @@ -1,5 +1,4 @@ -/* $NetBSD: vis.h,v 1.11 1999/11/25 16:55:50 wennmach Exp $ */ -/* $Id: vis.hin 19341 2006-12-15 11:53:09Z lha $ */ +/* $NetBSD: vis.h,v 1.16 2005/09/13 01:44:32 christos Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -43,6 +42,8 @@ #endif #endif +#include + /* * to select alternate encoding format */ @@ -63,6 +64,7 @@ * other */ #define VIS_NOSLASH 0x40 /* inhibit printing '\' */ +#define VIS_HTTPSTYLE 0x80 /* http-style escape % HEX HEX */ /* * unvis return codes @@ -78,22 +80,28 @@ */ #define UNVIS_END 1 /* no more characters */ -char ROKEN_LIB_FUNCTION - *rk_vis (char *, int, int, int); -char ROKEN_LIB_FUNCTION - *rk_svis (char *, int, int, int, const char *); +#include + +__BEGIN_DECLS +char * ROKEN_LIB_FUNCTION + rk_vis(char *, int, int, int); +char * ROKEN_LIB_FUNCTION + rk_svis(char *, int, int, int, const char *); +int ROKEN_LIB_FUNCTION + rk_strvis(char *, const char *, int); int ROKEN_LIB_FUNCTION - rk_strvis (char *, const char *, int); + rk_strsvis(char *, const char *, int, const char *); int ROKEN_LIB_FUNCTION - rk_strsvis (char *, const char *, int, const char *); + rk_strvisx(char *, const char *, size_t, int); int ROKEN_LIB_FUNCTION - rk_strvisx (char *, const char *, size_t, int); + rk_strsvisx(char *, const char *, size_t, int, const char *); int ROKEN_LIB_FUNCTION - rk_strsvisx (char *, const char *, size_t, int, const char *); + rk_strunvis(char *, const char *); int ROKEN_LIB_FUNCTION - rk_strunvis (char *, const char *); + rk_strunvisx(char *, const char *, int); int ROKEN_LIB_FUNCTION - rk_unvis (char *, int, int *, int); + rk_unvis(char *, int, int *, int); +__END_DECLS #undef vis #define vis(a,b,c,d) rk_vis(a,b,c,d) diff --git a/source4/heimdal/lib/roken/xfree.c b/source4/heimdal/lib/roken/xfree.c index 7bc21af0b8..c4f62f954b 100644 --- a/source4/heimdal/lib/roken/xfree.c +++ b/source4/heimdal/lib/roken/xfree.c @@ -38,7 +38,7 @@ RCSID("$Id$"); #include -#include +#include "roken.h" void ROKEN_LIB_FUNCTION rk_xfree (void *buf) diff --git a/source4/heimdal/lib/vers/print_version.c b/source4/heimdal/lib/vers/print_version.c index 325f3fa046..5b2009c811 100644 --- a/source4/heimdal/lib/vers/print_version.c +++ b/source4/heimdal/lib/vers/print_version.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: print_version.c 22428 2008-01-13 09:58:05Z lha $"); +RCSID("$Id$"); #endif #include "roken.h" diff --git a/source4/heimdal/lib/wind/UnicodeData.py b/source4/heimdal/lib/wind/UnicodeData.py index fcb9f1dc9e..2040e8bc4c 100644 --- a/source4/heimdal/lib/wind/UnicodeData.py +++ b/source4/heimdal/lib/wind/UnicodeData.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: UnicodeData.py 22551 2008-02-01 16:22:22Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source4/heimdal/lib/wind/gen-bidi.py b/source4/heimdal/lib/wind/gen-bidi.py index 983eb618ff..c1473d7df8 100755 --- a/source4/heimdal/lib/wind/gen-bidi.py +++ b/source4/heimdal/lib/wind/gen-bidi.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: gen-bidi.py 23332 2008-06-27 14:42:17Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source4/heimdal/lib/wind/gen-combining.py b/source4/heimdal/lib/wind/gen-combining.py index 33fe344772..9875465689 100755 --- a/source4/heimdal/lib/wind/gen-combining.py +++ b/source4/heimdal/lib/wind/gen-combining.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: gen-combining.py 23332 2008-06-27 14:42:17Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source4/heimdal/lib/wind/gen-errorlist.py b/source4/heimdal/lib/wind/gen-errorlist.py index f3ab907d33..8ccbcfdaf7 100755 --- a/source4/heimdal/lib/wind/gen-errorlist.py +++ b/source4/heimdal/lib/wind/gen-errorlist.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: gen-errorlist.py 23242 2008-06-01 22:27:54Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source4/heimdal/lib/wind/gen-map.py b/source4/heimdal/lib/wind/gen-map.py index 08f171ad85..9a9904217d 100755 --- a/source4/heimdal/lib/wind/gen-map.py +++ b/source4/heimdal/lib/wind/gen-map.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: gen-map.py 23242 2008-06-01 22:27:54Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source4/heimdal/lib/wind/gen-normalize.py b/source4/heimdal/lib/wind/gen-normalize.py index e2b987f96b..d771db30fa 100755 --- a/source4/heimdal/lib/wind/gen-normalize.py +++ b/source4/heimdal/lib/wind/gen-normalize.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: gen-normalize.py 23332 2008-06-27 14:42:17Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source4/heimdal/lib/wind/generate.py b/source4/heimdal/lib/wind/generate.py index 4e70c16778..68ed583082 100644 --- a/source4/heimdal/lib/wind/generate.py +++ b/source4/heimdal/lib/wind/generate.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: generate.py 23242 2008-06-01 22:27:54Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source4/heimdal/lib/wind/map.c b/source4/heimdal/lib/wind/map.c index ae6d10e512..2bbb74d76f 100644 --- a/source4/heimdal/lib/wind/map.c +++ b/source4/heimdal/lib/wind/map.c @@ -40,7 +40,7 @@ #include "map_table.h" -RCSID("$Id: map.c 22556 2008-02-01 16:38:46Z lha $"); +RCSID("$Id$"); static int translation_cmp(const void *key, const void *data) diff --git a/source4/heimdal/lib/wind/normalize.c b/source4/heimdal/lib/wind/normalize.c index d1b440513a..bee9a9e5d8 100644 --- a/source4/heimdal/lib/wind/normalize.c +++ b/source4/heimdal/lib/wind/normalize.c @@ -42,7 +42,7 @@ #include "normalize_table.h" -RCSID("$Id: normalize.c 22581 2008-02-11 20:42:25Z lha $"); +RCSID("$Id$"); static int translation_cmp(const void *key, const void *data) diff --git a/source4/heimdal/lib/wind/rfc3454.py b/source4/heimdal/lib/wind/rfc3454.py index 32dc0c5492..3c16f9475d 100644 --- a/source4/heimdal/lib/wind/rfc3454.py +++ b/source4/heimdal/lib/wind/rfc3454.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: rfc3454.py 22551 2008-02-01 16:22:22Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source4/heimdal/lib/wind/rfc4518.py b/source4/heimdal/lib/wind/rfc4518.py index b3946f5aa6..2dac91bcc7 100644 --- a/source4/heimdal/lib/wind/rfc4518.py +++ b/source4/heimdal/lib/wind/rfc4518.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: rfc4518.py 22551 2008-02-01 16:22:22Z lha $ +# $Id$ # Copyright (c) 2004, 2008 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source4/heimdal/lib/wind/stringprep.c b/source4/heimdal/lib/wind/stringprep.c index 7c28fdae1f..7be5b2c510 100644 --- a/source4/heimdal/lib/wind/stringprep.c +++ b/source4/heimdal/lib/wind/stringprep.c @@ -39,7 +39,7 @@ #include #include -RCSID("$Id: stringprep.c 23063 2008-04-21 11:18:04Z lha $"); +RCSID("$Id$"); /** * Process a input UCS4 string according a string-prep profile. diff --git a/source4/heimdal/lib/wind/stringprep.py b/source4/heimdal/lib/wind/stringprep.py index d897691a0f..f2423fee96 100644 --- a/source4/heimdal/lib/wind/stringprep.py +++ b/source4/heimdal/lib/wind/stringprep.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: stringprep.py 22551 2008-02-01 16:22:22Z lha $ +# $Id$ # Copyright (c) 2008 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source4/heimdal/lib/wind/utf8.c b/source4/heimdal/lib/wind/utf8.c index 544e0fe00d..e9e63421f3 100644 --- a/source4/heimdal/lib/wind/utf8.c +++ b/source4/heimdal/lib/wind/utf8.c @@ -36,7 +36,7 @@ #endif #include "windlocl.h" -RCSID("$Id: utf8.c 23246 2008-06-01 22:29:04Z lha $"); +RCSID("$Id$"); static int utf8toutf32(const unsigned char **pp, uint32_t *out) diff --git a/source4/heimdal/lib/wind/util.py b/source4/heimdal/lib/wind/util.py index 3aee3eaf68..fb59539538 100644 --- a/source4/heimdal/lib/wind/util.py +++ b/source4/heimdal/lib/wind/util.py @@ -1,7 +1,7 @@ #!/usr/local/bin/python # -*- coding: iso-8859-1 -*- -# $Id: util.py 22551 2008-02-01 16:22:22Z lha $ +# $Id$ # Copyright (c) 2004 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). diff --git a/source4/heimdal/lib/wind/wind.h b/source4/heimdal/lib/wind/wind.h index 3120e87da5..23528c85cf 100644 --- a/source4/heimdal/lib/wind/wind.h +++ b/source4/heimdal/lib/wind/wind.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: wind.h 23233 2008-06-01 22:25:25Z lha $ */ +/* $Id$ */ #ifndef _WIND_H_ #define _WIND_H_ diff --git a/source4/heimdal/lib/wind/wind_err.et b/source4/heimdal/lib/wind/wind_err.et index 65bdff992f..f90c252e7d 100644 --- a/source4/heimdal/lib/wind/wind_err.et +++ b/source4/heimdal/lib/wind/wind_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: wind_err.et 23233 2008-06-01 22:25:25Z lha $" +id "$Id$" error_table wind diff --git a/source4/heimdal/lib/wind/windlocl.h b/source4/heimdal/lib/wind/windlocl.h index 009a4ae94a..5d5a165032 100644 --- a/source4/heimdal/lib/wind/windlocl.h +++ b/source4/heimdal/lib/wind/windlocl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: windlocl.h 23187 2008-05-23 15:04:07Z lha $ */ +/* $Id$ */ #ifndef _WINDLOCL_H_ #define _WINDLOCL_H_ -- cgit From 9430420ba246c26489ad51e8b52e13d891436bb3 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 26 Aug 2008 21:36:09 +0200 Subject: heimdal: add missing heimdal/lib/hcrypto/{evp-aes-cts.c,evp-hcrypto.c}, sorry... metze (This used to be commit 0c4227e45d6b8e31a0219358042318e9d2a0b36d) --- source4/heimdal/lib/hcrypto/evp-aes-cts.c | 277 ++++++++++++++++++++++++++++++ source4/heimdal/lib/hcrypto/evp-hcrypto.c | 176 +++++++++++++++++++ 2 files changed, 453 insertions(+) create mode 100644 source4/heimdal/lib/hcrypto/evp-aes-cts.c create mode 100644 source4/heimdal/lib/hcrypto/evp-hcrypto.c (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/hcrypto/evp-aes-cts.c b/source4/heimdal/lib/hcrypto/evp-aes-cts.c new file mode 100644 index 0000000000..60a538b7de --- /dev/null +++ b/source4/heimdal/lib/hcrypto/evp-aes-cts.c @@ -0,0 +1,277 @@ +/* + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id$"); + +#define HC_DEPRECATED + +#include +#include +#include +#include +#include + + +#include + +#if defined(BUILD_KRB5_LIB) && defined(HAVE_OPENSSL) +#include +#include + +#define _hc_EVP_hcrypto_aes_128_cts _krb5_EVP_hcrypto_aes_128_cts +#define _hc_EVP_hcrypto_aes_192_cts _krb5_EVP_hcrypto_aes_192_cts +#define _hc_EVP_hcrypto_aes_256_cts _krb5_EVP_hcrypto_aes_256_cts + +const EVP_CIPHER * _krb5_EVP_hcrypto_aes_128_cts(void); +const EVP_CIPHER * _krb5_EVP_hcrypto_aes_192_cts(void); +const EVP_CIPHER * _krb5_EVP_hcrypto_aes_256_cts(void); + +#else +#include +#include + +#define _hc_EVP_hcrypto_aes_128_cts hc_EVP_hcrypto_aes_128_cts +#define _hc_EVP_hcrypto_aes_192_cts hc_EVP_hcrypto_aes_192_cts +#define _hc_EVP_hcrypto_aes_256_cts hc_EVP_hcrypto_aes_256_cts + +#endif + +/* + * + */ + +static int +aes_cts_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + AES_KEY *k = ctx->cipher_data; + if (ctx->encrypt) + AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k); + else + AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k); + return 1; +} + +static void +_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + unsigned char *ivec, const int encryptp) +{ + unsigned char tmp[AES_BLOCK_SIZE]; + int i; + + /* + * In the framework of kerberos, the length can never be shorter + * then at least one blocksize. + */ + + if (encryptp) { + + while(len > AES_BLOCK_SIZE) { + for (i = 0; i < AES_BLOCK_SIZE; i++) + tmp[i] = in[i] ^ ivec[i]; + AES_encrypt(tmp, out, key); + memcpy(ivec, out, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + + for (i = 0; i < len; i++) + tmp[i] = in[i] ^ ivec[i]; + for (; i < AES_BLOCK_SIZE; i++) + tmp[i] = 0 ^ ivec[i]; + + AES_encrypt(tmp, out - AES_BLOCK_SIZE, key); + + memcpy(out, ivec, len); + memcpy(ivec, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + + } else { + unsigned char tmp2[AES_BLOCK_SIZE]; + unsigned char tmp3[AES_BLOCK_SIZE]; + + while(len > AES_BLOCK_SIZE * 2) { + memcpy(tmp, in, AES_BLOCK_SIZE); + AES_decrypt(in, out, key); + for (i = 0; i < AES_BLOCK_SIZE; i++) + out[i] ^= ivec[i]; + memcpy(ivec, tmp, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + + len -= AES_BLOCK_SIZE; + + memcpy(tmp, in, AES_BLOCK_SIZE); /* save last iv */ + AES_decrypt(in, tmp2, key); + + memcpy(tmp3, in + AES_BLOCK_SIZE, len); + memcpy(tmp3 + len, tmp2 + len, AES_BLOCK_SIZE - len); /* xor 0 */ + + for (i = 0; i < len; i++) + out[i + AES_BLOCK_SIZE] = tmp2[i] ^ tmp3[i]; + + AES_decrypt(tmp3, out, key); + for (i = 0; i < AES_BLOCK_SIZE; i++) + out[i] ^= ivec[i]; + memcpy(ivec, tmp, AES_BLOCK_SIZE); + } +} + +static int +aes_cts_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int len) +{ + AES_KEY *k = ctx->cipher_data; + + if (len < AES_BLOCK_SIZE) + abort(); /* krb5_abortx(context, "invalid use of AES_CTS_encrypt"); */ + if (len == AES_BLOCK_SIZE) { + if (ctx->encrypt) + AES_encrypt(in, out, k); + else + AES_decrypt(in, out, k); + } else { + _krb5_aes_cts_encrypt(in, out, len, k, ctx->iv, ctx->encrypt); + } + + return 1; +} + + +static int +aes_cts_cleanup(EVP_CIPHER_CTX *ctx) +{ + memset(ctx->cipher_data, 0, sizeof(AES_KEY)); + return 1; +} + +/** + * The AES-128 cts cipher type (hcrypto) + * + * @return the AES-128 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +_hc_EVP_hcrypto_aes_128_cts(void) +{ + static const EVP_CIPHER aes_128_cts = { + 0, + 1, + 16, + 16, + EVP_CIPH_CBC_MODE, + aes_cts_init, + aes_cts_do_cipher, + aes_cts_cleanup, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + + return &aes_128_cts; +} + +/** + * The AES-192 cts cipher type (hcrypto) + * + * @return the AES-192 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +_hc_EVP_hcrypto_aes_192_cts(void) +{ + static const EVP_CIPHER aes_192_cts = { + 0, + 1, + 24, + 16, + EVP_CIPH_CBC_MODE, + aes_cts_init, + aes_cts_do_cipher, + aes_cts_cleanup, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + + return &aes_192_cts; +} + +/** + * The AES-256 cts cipher type (hcrypto) + * + * @return the AES-256 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +_hc_EVP_hcrypto_aes_256_cts(void) +{ + static const EVP_CIPHER aes_256_cts = { + 0, + 1, + 32, + 16, + EVP_CIPH_CBC_MODE, + aes_cts_init, + aes_cts_do_cipher, + aes_cts_cleanup, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + + return &aes_256_cts; +} diff --git a/source4/heimdal/lib/hcrypto/evp-hcrypto.c b/source4/heimdal/lib/hcrypto/evp-hcrypto.c new file mode 100644 index 0000000000..6737fd817e --- /dev/null +++ b/source4/heimdal/lib/hcrypto/evp-hcrypto.c @@ -0,0 +1,176 @@ +/* + * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id$"); + +#define HC_DEPRECATED + +#include +#include +#include +#include +#include + +#include + +#include + +#include + +/* + * + */ + +static int +aes_init(EVP_CIPHER_CTX *ctx, + const unsigned char * key, + const unsigned char * iv, + int encp) +{ + AES_KEY *k = ctx->cipher_data; + if (ctx->encrypt) + AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k); + else + AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k); + return 1; +} + +static int +aes_do_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, + const unsigned char *in, + unsigned int size) +{ + AES_KEY *k = ctx->cipher_data; + AES_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); + return 1; +} + +static int +aes_cleanup(EVP_CIPHER_CTX *ctx) +{ + memset(ctx->cipher_data, 0, sizeof(AES_KEY)); + return 1; +} + +/** + * The AES-128 cipher type (hcrypto) + * + * @return the AES-128 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_hcrypto_aes_128_cbc(void) +{ + static const EVP_CIPHER aes_128_cbc = { + 0, + 16, + 16, + 16, + EVP_CIPH_CBC_MODE, + aes_init, + aes_do_cipher, + aes_cleanup, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + + return &aes_128_cbc; +} + +/** + * The AES-192 cipher type (hcrypto) + * + * @return the AES-192 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_hcrypto_aes_192_cbc(void) +{ + static const EVP_CIPHER aes_192_cbc = { + 0, + 16, + 24, + 16, + EVP_CIPH_CBC_MODE, + aes_init, + aes_do_cipher, + aes_cleanup, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &aes_192_cbc; +} + +/** + * The AES-256 cipher type (hcrypto) + * + * @return the AES-256 EVP_CIPHER pointer. + * + * @ingroup hcrypto_evp + */ + +const EVP_CIPHER * +EVP_hcrypto_aes_256_cbc(void) +{ + static const EVP_CIPHER aes_256_cbc = { + 0, + 16, + 32, + 16, + EVP_CIPH_CBC_MODE, + aes_init, + aes_do_cipher, + aes_cleanup, + sizeof(AES_KEY), + NULL, + NULL, + NULL, + NULL + }; + return &aes_256_cbc; +} -- cgit From 0b16d70f3941712ed7889d57ecbc45fe0fa68916 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 28 Aug 2008 16:19:16 +1000 Subject: Don't wipe the PAC checksums, the caller may actually need them. (This used to be commit 9db5a966fce0b71a0d2167b4aff70cc081abc1cc) --- source4/heimdal/lib/krb5/pac.c | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c index ac7e3eda9b..9a145c48e6 100644 --- a/source4/heimdal/lib/krb5/pac.c +++ b/source4/heimdal/lib/krb5/pac.c @@ -324,20 +324,6 @@ krb5_pac_get_buffer(krb5_context context, krb5_pac p, krb5_error_code ret; uint32_t i; - /* - * Hide the checksums from external consumers - */ - - if (type == PAC_PRIVSVR_CHECKSUM || type == PAC_SERVER_CHECKSUM) { - ret = krb5_data_alloc(data, 16); - if (ret) { - krb5_set_error_message(context, ret, "malloc: out of memory"); - return ret; - } - memset(data->data, 0, data->length); - return 0; - } - for (i = 0; i < p->pac->numbuffers; i++) { size_t len = p->pac->buffers[i].buffersize; size_t offset = p->pac->buffers[i].offset_lo; -- cgit From baf0b360812dc8532f9420e224bf3ee3a51fb04a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 3 Sep 2008 14:20:30 +1000 Subject: Merge krb5_cksumtype_to_enctype from Heimdal svn -r 23719 (This used to be commit cc1df3c002e6af25add3c8ae20e7efc2ab6f2fa8) --- source4/heimdal/lib/krb5/crypto.c | 102 ++++++++++++++++++++++++++------------ 1 file changed, 70 insertions(+), 32 deletions(-) (limited to 'source4/heimdal') diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 6675647736..9379c6fdf1 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -2677,37 +2677,6 @@ krb5_enctype_to_keytype(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_enctypes (krb5_context context, - krb5_keytype keytype, - unsigned *len, - krb5_enctype **val) -{ - int i; - unsigned n = 0; - krb5_enctype *ret; - - for (i = num_etypes - 1; i >= 0; --i) { - if (etypes[i]->keytype->type == keytype - && !(etypes[i]->flags & F_PSEUDO)) - ++n; - } - ret = malloc(n * sizeof(*ret)); - if (ret == NULL && n != 0) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); - return ENOMEM; - } - n = 0; - for (i = num_etypes - 1; i >= 0; --i) { - if (etypes[i]->keytype->type == keytype - && !(etypes[i]->flags & F_PSEUDO)) - ret[n++] = etypes[i]->type; - } - *len = n; - *val = ret; - return 0; -} - krb5_error_code KRB5_LIB_FUNCTION krb5_enctype_valid(krb5_context context, krb5_enctype etype) @@ -2728,6 +2697,44 @@ krb5_enctype_valid(krb5_context context, return 0; } +/** + * Return the coresponding encryption type for a checksum type. + * + * @param context Kerberos context + * @param ctype The checksum type to get the result enctype for + * @param etype The returned encryption, when the matching etype is + * not found, etype is set to ETYPE_NULL. + * + * @return Return an error code for an failure or 0 on success. + * @ingroup krb5_crypto + */ + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cksumtype_to_enctype(krb5_context context, + krb5_cksumtype ctype, + krb5_enctype *etype) +{ + int i; + + *etype = ETYPE_NULL; + + for(i = 0; i < num_etypes; i++) { + if(etypes[i]->keyed_checksum && + etypes[i]->keyed_checksum->type == ctype) + { + *etype = etypes[i]->type; + return 0; + } + } + + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + "ckecksum type %d not supported", + (int)ctype); + return KRB5_PROG_SUMTYPE_NOSUPP; +} + + krb5_error_code KRB5_LIB_FUNCTION krb5_cksumtype_valid(krb5_context context, krb5_cksumtype ctype) @@ -3491,7 +3498,6 @@ krb5_decrypt_iov_ivec(krb5_context context, return 0; } - size_t KRB5_LIB_FUNCTION krb5_crypto_length(krb5_context context, krb5_crypto crypto, @@ -4562,4 +4568,36 @@ krb5_string_to_keytype(krb5_context context, "key type %s not supported", string); return KRB5_PROG_KEYTYPE_NOSUPP; } + +krb5_error_code KRB5_LIB_FUNCTION +krb5_keytype_to_enctypes (krb5_context context, + krb5_keytype keytype, + unsigned *len, + krb5_enctype **val) +{ + int i; + unsigned n = 0; + krb5_enctype *ret; + + for (i = num_etypes - 1; i >= 0; --i) { + if (etypes[i]->keytype->type == keytype + && !(etypes[i]->flags & F_PSEUDO)) + ++n; + } + ret = malloc(n * sizeof(*ret)); + if (ret == NULL && n != 0) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + n = 0; + for (i = num_etypes - 1; i >= 0; --i) { + if (etypes[i]->keytype->type == keytype + && !(etypes[i]->flags & F_PSEUDO)) + ret[n++] = etypes[i]->type; + } + *len = n; + *val = ret; + return 0; +} + #endif -- cgit